Marcus Updateinfo to OVAL Converter 5.5 2024-01-23T06:09:47 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the DirectFB-1.7.1-6.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-2977 CVE-2014-2978 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the ImageMagick-6.8.8.1-71.85.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2012-0247 CVE-2012-0248 CVE-2012-1185 CVE-2012-1186 CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716 CVE-2014-9805 CVE-2014-9806 CVE-2014-9807 CVE-2014-9808 CVE-2014-9809 CVE-2014-9810 CVE-2014-9811 CVE-2014-9812 CVE-2014-9813 CVE-2014-9814 CVE-2014-9815 CVE-2014-9816 CVE-2014-9817 CVE-2014-9818 CVE-2014-9819 CVE-2014-9820 CVE-2014-9821 CVE-2014-9822 CVE-2014-9823 CVE-2014-9824 CVE-2014-9825 CVE-2014-9826 CVE-2014-9828 CVE-2014-9829 CVE-2014-9830 CVE-2014-9831 CVE-2014-9832 CVE-2014-9833 CVE-2014-9834 CVE-2014-9835 CVE-2014-9836 CVE-2014-9837 CVE-2014-9838 CVE-2014-9839 CVE-2014-9840 CVE-2014-9841 CVE-2014-9842 CVE-2014-9843 CVE-2014-9844 CVE-2014-9845 CVE-2014-9846 CVE-2014-9847 CVE-2014-9848 CVE-2014-9849 CVE-2014-9850 CVE-2014-9851 CVE-2014-9852 CVE-2014-9853 CVE-2014-9854 CVE-2014-9907 CVE-2015-8894 CVE-2015-8895 CVE-2015-8896 CVE-2015-8897 CVE-2015-8898 CVE-2015-8900 CVE-2015-8901 CVE-2015-8902 CVE-2015-8903 CVE-2015-8957 CVE-2015-8958 CVE-2015-8959 CVE-2016-10046 CVE-2016-10048 CVE-2016-10049 CVE-2016-10050 CVE-2016-10051 CVE-2016-10052 CVE-2016-10059 CVE-2016-10060 CVE-2016-10061 CVE-2016-10062 CVE-2016-10063 CVE-2016-10064 CVE-2016-10065 CVE-2016-10068 CVE-2016-10069 CVE-2016-10070 CVE-2016-10071 CVE-2016-10144 CVE-2016-10145 CVE-2016-10146 CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 CVE-2016-4562 CVE-2016-4563 CVE-2016-4564 CVE-2016-5010 CVE-2016-5118 CVE-2016-5687 CVE-2016-5688 CVE-2016-5689 CVE-2016-5690 CVE-2016-5691 CVE-2016-5841 CVE-2016-5842 CVE-2016-6491 CVE-2016-6520 CVE-2016-6823 CVE-2016-7101 CVE-2016-7513 CVE-2016-7514 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7520 CVE-2016-7521 CVE-2016-7522 CVE-2016-7523 CVE-2016-7524 CVE-2016-7525 CVE-2016-7526 CVE-2016-7527 CVE-2016-7528 CVE-2016-7529 CVE-2016-7530 CVE-2016-7531 CVE-2016-7532 CVE-2016-7533 CVE-2016-7534 CVE-2016-7535 CVE-2016-7537 CVE-2016-7538 CVE-2016-7539 CVE-2016-7540 CVE-2016-7799 CVE-2016-7800 CVE-2016-7996 CVE-2016-7997 CVE-2016-8677 CVE-2016-8682 CVE-2016-8683 CVE-2016-8684 CVE-2016-8707 CVE-2016-8862 CVE-2016-8866 CVE-2016-9556 CVE-2016-9559 CVE-2016-9773 CVE-2017-1000445 CVE-2017-1000476 CVE-2017-10800 CVE-2017-10928 CVE-2017-10995 CVE-2017-11141 CVE-2017-11166 CVE-2017-11170 CVE-2017-11188 CVE-2017-11403 CVE-2017-11446 CVE-2017-11448 CVE-2017-11449 CVE-2017-11450 CVE-2017-11478 CVE-2017-11505 CVE-2017-11523 CVE-2017-11524 CVE-2017-11525 CVE-2017-11526 CVE-2017-11527 CVE-2017-11528 CVE-2017-11529 CVE-2017-11530 CVE-2017-11531 CVE-2017-11532 CVE-2017-11533 CVE-2017-11534 CVE-2017-11535 CVE-2017-11537 CVE-2017-11539 CVE-2017-11638 CVE-2017-11639 CVE-2017-11640 CVE-2017-11642 CVE-2017-11644 CVE-2017-11724 CVE-2017-11750 CVE-2017-11751 CVE-2017-11752 CVE-2017-12140 CVE-2017-12418 CVE-2017-12427 CVE-2017-12428 CVE-2017-12429 CVE-2017-12430 CVE-2017-12431 CVE-2017-12432 CVE-2017-12433 CVE-2017-12434 CVE-2017-12435 CVE-2017-12563 CVE-2017-12564 CVE-2017-12565 CVE-2017-12566 CVE-2017-12587 CVE-2017-12640 CVE-2017-12641 CVE-2017-12642 CVE-2017-12643 CVE-2017-12644 CVE-2017-12654 CVE-2017-12662 CVE-2017-12663 CVE-2017-12664 CVE-2017-12665 CVE-2017-12667 CVE-2017-12668 CVE-2017-12669 CVE-2017-12670 CVE-2017-12671 CVE-2017-12672 CVE-2017-12673 CVE-2017-12674 CVE-2017-12675 CVE-2017-12676 CVE-2017-12691 CVE-2017-12692 CVE-2017-12693 CVE-2017-12935 CVE-2017-12983 CVE-2017-13058 CVE-2017-13059 CVE-2017-13060 CVE-2017-13061 CVE-2017-13062 CVE-2017-13131 CVE-2017-13133 CVE-2017-13134 CVE-2017-13139 CVE-2017-13141 CVE-2017-13142 CVE-2017-13146 CVE-2017-13147 CVE-2017-13648 CVE-2017-13658 CVE-2017-13758 CVE-2017-13768 CVE-2017-13769 CVE-2017-14042 CVE-2017-14060 CVE-2017-14103 CVE-2017-14138 CVE-2017-14139 CVE-2017-14172 CVE-2017-14173 CVE-2017-14174 CVE-2017-14175 CVE-2017-14224 CVE-2017-14249 CVE-2017-14314 CVE-2017-14325 CVE-2017-14326 CVE-2017-14341 CVE-2017-14342 CVE-2017-14343 CVE-2017-14505 CVE-2017-14531 CVE-2017-14533 CVE-2017-14607 CVE-2017-14649 CVE-2017-14682 CVE-2017-14733 CVE-2017-14739 CVE-2017-14989 CVE-2017-14997 CVE-2017-15016 CVE-2017-15017 CVE-2017-15033 CVE-2017-15217 CVE-2017-15218 CVE-2017-15277 CVE-2017-15281 CVE-2017-15930 CVE-2017-16352 CVE-2017-16353 CVE-2017-16545 CVE-2017-16546 CVE-2017-16669 CVE-2017-17504 CVE-2017-17680 CVE-2017-17681 CVE-2017-17682 CVE-2017-17879 CVE-2017-17881 CVE-2017-17882 CVE-2017-17884 CVE-2017-17885 CVE-2017-17887 CVE-2017-17914 CVE-2017-17934 CVE-2017-18008 CVE-2017-18022 CVE-2017-18027 CVE-2017-18028 CVE-2017-18029 CVE-2017-18209 CVE-2017-18211 CVE-2017-18250 CVE-2017-18251 CVE-2017-18252 CVE-2017-18254 CVE-2017-18271 CVE-2017-5506 CVE-2017-5507 CVE-2017-5508 CVE-2017-5510 CVE-2017-5511 CVE-2017-6502 CVE-2017-7606 CVE-2017-7941 CVE-2017-7942 CVE-2017-7943 CVE-2017-8343 CVE-2017-8344 CVE-2017-8345 CVE-2017-8346 CVE-2017-8347 CVE-2017-8348 CVE-2017-8349 CVE-2017-8350 CVE-2017-8351 CVE-2017-8352 CVE-2017-8353 CVE-2017-8354 CVE-2017-8355 CVE-2017-8356 CVE-2017-8357 CVE-2017-8765 CVE-2017-8830 CVE-2017-9098 CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 CVE-2017-9144 CVE-2017-9261 CVE-2017-9262 CVE-2017-9405 CVE-2017-9407 CVE-2017-9409 CVE-2017-9439 CVE-2017-9440 CVE-2017-9500 CVE-2017-9501 CVE-2018-10177 CVE-2018-10804 CVE-2018-10805 CVE-2018-11251 CVE-2018-11655 CVE-2018-11656 CVE-2018-12599 CVE-2018-12600 CVE-2018-14434 CVE-2018-14435 CVE-2018-14436 CVE-2018-14437 CVE-2018-16323 CVE-2018-16329 CVE-2018-16413 CVE-2018-16640 CVE-2018-16642 CVE-2018-16643 CVE-2018-16644 CVE-2018-16645 CVE-2018-16749 CVE-2018-16750 CVE-2018-17965 CVE-2018-17966 CVE-2018-18016 CVE-2018-18024 CVE-2018-5246 CVE-2018-5247 CVE-2018-5357 CVE-2018-5685 CVE-2018-6405 CVE-2018-7443 CVE-2018-7470 CVE-2018-8804 CVE-2018-8960 CVE-2018-9018 CVE-2018-9133 CVE-2018-9135 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the MozillaFirefox-52.9.0esr-109.38.2 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2008-5913 CVE-2009-0040 CVE-2009-0652 CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0775 CVE-2009-0776 CVE-2009-0777 CVE-2009-1044 CVE-2009-1169 CVE-2009-1302 CVE-2009-1303 CVE-2009-1304 CVE-2009-1305 CVE-2009-1306 CVE-2009-1307 CVE-2009-1308 CVE-2009-1309 CVE-2009-1310 CVE-2009-1311 CVE-2009-1312 CVE-2009-1313 CVE-2009-1563 CVE-2009-2470 CVE-2009-2654 CVE-2009-3069 CVE-2009-3070 CVE-2009-3071 CVE-2009-3072 CVE-2009-3073 CVE-2009-3074 CVE-2009-3075 CVE-2009-3077 CVE-2009-3078 CVE-2009-3079 CVE-2009-3274 CVE-2009-3370 CVE-2009-3371 CVE-2009-3372 CVE-2009-3373 CVE-2009-3374 CVE-2009-3375 CVE-2009-3376 CVE-2009-3377 CVE-2009-3378 CVE-2009-3379 CVE-2009-3380 CVE-2009-3381 CVE-2009-3383 CVE-2009-3388 CVE-2009-3389 CVE-2009-3555 CVE-2009-3979 CVE-2009-3980 CVE-2009-3982 CVE-2009-3983 CVE-2009-3984 CVE-2009-3985 CVE-2010-0164 CVE-2010-0165 CVE-2010-0166 CVE-2010-0167 CVE-2010-0168 CVE-2010-0169 CVE-2010-0170 CVE-2010-0171 CVE-2010-0172 CVE-2010-0173 CVE-2010-0174 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0181 CVE-2010-0182 CVE-2010-0654 CVE-2010-1028 CVE-2010-1121 CVE-2010-1125 CVE-2010-1196 CVE-2010-1197 CVE-2010-1198 CVE-2010-1199 CVE-2010-1200 CVE-2010-1201 CVE-2010-1202 CVE-2010-1203 CVE-2010-1205 CVE-2010-1206 CVE-2010-1207 CVE-2010-1208 CVE-2010-1209 CVE-2010-1210 CVE-2010-1211 CVE-2010-1212 CVE-2010-1213 CVE-2010-1214 CVE-2010-1215 CVE-2010-2751 CVE-2010-2752 CVE-2010-2753 CVE-2010-2754 CVE-2010-2755 CVE-2010-2760 CVE-2010-2762 CVE-2010-2764 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3166 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 CVE-2010-3170 CVE-2010-3173 CVE-2010-3174 CVE-2010-3175 CVE-2010-3176 CVE-2010-3177 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3182 CVE-2010-3183 CVE-2010-3765 CVE-2011-0068 CVE-2011-0069 CVE-2011-0070 CVE-2011-0079 CVE-2011-0080 CVE-2011-0081 CVE-2011-0084 CVE-2011-1187 CVE-2011-1202 CVE-2011-2366 CVE-2011-2367 CVE-2011-2368 CVE-2011-2369 CVE-2011-2370 CVE-2011-2371 CVE-2011-2372 CVE-2011-2373 CVE-2011-2374 CVE-2011-2375 CVE-2011-2377 CVE-2011-2985 CVE-2011-2986 CVE-2011-2988 CVE-2011-2989 CVE-2011-2990 CVE-2011-2991 CVE-2011-2992 CVE-2011-2993 CVE-2011-2995 CVE-2011-2996 CVE-2011-2997 CVE-2011-3000 CVE-2011-3001 CVE-2011-3002 CVE-2011-3003 CVE-2011-3004 CVE-2011-3005 CVE-2011-3026 CVE-2011-3062 CVE-2011-3101 CVE-2011-3232 CVE-2011-3648 CVE-2011-3650 CVE-2011-3651 CVE-2011-3652 CVE-2011-3654 CVE-2011-3655 CVE-2011-3658 CVE-2011-3659 CVE-2011-3660 CVE-2011-3661 CVE-2011-3663 CVE-2012-0441 CVE-2012-0442 CVE-2012-0443 CVE-2012-0444 CVE-2012-0445 CVE-2012-0446 CVE-2012-0447 CVE-2012-0449 CVE-2012-0451 CVE-2012-0452 CVE-2012-0455 CVE-2012-0456 CVE-2012-0457 CVE-2012-0458 CVE-2012-0459 CVE-2012-0460 CVE-2012-0461 CVE-2012-0462 CVE-2012-0463 CVE-2012-0464 CVE-2012-0467 CVE-2012-0468 CVE-2012-0469 CVE-2012-0470 CVE-2012-0471 CVE-2012-0472 CVE-2012-0473 CVE-2012-0474 CVE-2012-0475 CVE-2012-0477 CVE-2012-0478 CVE-2012-0479 CVE-2012-0759 CVE-2012-1937 CVE-2012-1938 CVE-2012-1940 CVE-2012-1941 CVE-2012-1944 CVE-2012-1945 CVE-2012-1946 CVE-2012-1947 CVE-2012-1948 CVE-2012-1949 CVE-2012-1950 CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 CVE-2012-1955 CVE-2012-1956 CVE-2012-1957 CVE-2012-1958 CVE-2012-1959 CVE-2012-1960 CVE-2012-1961 CVE-2012-1962 CVE-2012-1963 CVE-2012-1965 CVE-2012-1966 CVE-2012-1967 CVE-2012-1970 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3956 CVE-2012-3957 CVE-2012-3958 CVE-2012-3959 CVE-2012-3960 CVE-2012-3961 CVE-2012-3962 CVE-2012-3963 CVE-2012-3964 CVE-2012-3965 CVE-2012-3966 CVE-2012-3967 CVE-2012-3968 CVE-2012-3969 CVE-2012-3970 CVE-2012-3971 CVE-2012-3972 CVE-2012-3973 CVE-2012-3975 CVE-2012-3976 CVE-2012-3978 CVE-2012-3980 CVE-2012-3982 CVE-2012-3983 CVE-2012-3984 CVE-2012-3985 CVE-2012-3986 CVE-2012-3988 CVE-2012-3989 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 CVE-2012-4191 CVE-2012-4192 CVE-2012-4193 CVE-2012-4194 CVE-2012-4195 CVE-2012-4196 CVE-2012-4201 CVE-2012-4202 CVE-2012-4203 CVE-2012-4204 CVE-2012-4205 CVE-2012-4207 CVE-2012-4208 CVE-2012-4209 CVE-2012-4210 CVE-2012-4212 CVE-2012-4213 CVE-2012-4214 CVE-2012-4215 CVE-2012-4216 CVE-2012-4217 CVE-2012-4218 CVE-2012-5829 CVE-2012-5830 CVE-2012-5833 CVE-2012-5835 CVE-2012-5836 CVE-2012-5837 CVE-2012-5838 CVE-2012-5839 CVE-2012-5840 CVE-2012-5841 CVE-2012-5842 CVE-2012-5843 CVE-2013-0743 CVE-2013-0744 CVE-2013-0745 CVE-2013-0746 CVE-2013-0747 CVE-2013-0748 CVE-2013-0749 CVE-2013-0750 CVE-2013-0751 CVE-2013-0752 CVE-2013-0753 CVE-2013-0754 CVE-2013-0755 CVE-2013-0756 CVE-2013-0757 CVE-2013-0758 CVE-2013-0760 CVE-2013-0761 CVE-2013-0762 CVE-2013-0763 CVE-2013-0764 CVE-2013-0765 CVE-2013-0766 CVE-2013-0767 CVE-2013-0768 CVE-2013-0769 CVE-2013-0770 CVE-2013-0771 CVE-2013-0772 CVE-2013-0773 CVE-2013-0774 CVE-2013-0775 CVE-2013-0776 CVE-2013-0777 CVE-2013-0778 CVE-2013-0779 CVE-2013-0780 CVE-2013-0781 CVE-2013-0782 CVE-2013-0783 CVE-2013-0787 CVE-2013-0788 CVE-2013-0789 CVE-2013-0792 CVE-2013-0793 CVE-2013-0794 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 CVE-2013-0801 CVE-2013-1669 CVE-2013-1670 CVE-2013-1671 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 CVE-2013-1682 CVE-2013-1683 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1688 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1694 CVE-2013-1695 CVE-2013-1696 CVE-2013-1697 CVE-2013-1698 CVE-2013-1699 CVE-2013-1701 CVE-2013-1702 CVE-2013-1704 CVE-2013-1705 CVE-2013-1708 CVE-2013-1709 CVE-2013-1710 CVE-2013-1711 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 CVE-2013-1718 CVE-2013-1719 CVE-2013-1720 CVE-2013-1721 CVE-2013-1722 CVE-2013-1723 CVE-2013-1724 CVE-2013-1725 CVE-2013-1728 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 CVE-2013-1738 CVE-2013-5590 CVE-2013-5591 CVE-2013-5592 CVE-2013-5593 CVE-2013-5595 CVE-2013-5596 CVE-2013-5597 CVE-2013-5598 CVE-2013-5599 CVE-2013-5600 CVE-2013-5601 CVE-2013-5602 CVE-2013-5603 CVE-2013-5604 CVE-2013-5609 CVE-2013-5610 CVE-2013-5611 CVE-2013-5612 CVE-2013-5613 CVE-2013-5614 CVE-2013-5615 CVE-2013-5616 CVE-2013-5618 CVE-2013-5619 CVE-2013-6629 CVE-2013-6630 CVE-2013-6671 CVE-2013-6672 CVE-2013-6673 CVE-2014-1477 CVE-2014-1478 CVE-2014-1479 CVE-2014-1480 CVE-2014-1481 CVE-2014-1482 CVE-2014-1483 CVE-2014-1484 CVE-2014-1485 CVE-2014-1486 CVE-2014-1487 CVE-2014-1488 CVE-2014-1489 CVE-2014-1490 CVE-2014-1491 CVE-2014-1544 CVE-2014-1547 CVE-2014-1548 CVE-2014-1553 CVE-2014-1554 CVE-2014-1555 CVE-2014-1556 CVE-2014-1557 CVE-2014-1562 CVE-2014-1563 CVE-2014-1564 CVE-2014-1565 CVE-2014-1567 CVE-2014-1574 CVE-2014-1575 CVE-2014-1576 CVE-2014-1577 CVE-2014-1578 CVE-2014-1581 CVE-2014-1583 CVE-2014-1585 CVE-2014-1586 CVE-2014-1587 CVE-2014-1588 CVE-2014-1590 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 CVE-2014-8634 CVE-2014-8635 CVE-2014-8638 CVE-2014-8639 CVE-2014-8641 CVE-2015-0797 CVE-2015-0801 CVE-2015-0807 CVE-2015-0813 CVE-2015-0814 CVE-2015-0815 CVE-2015-0816 CVE-2015-0817 CVE-2015-0818 CVE-2015-0822 CVE-2015-0827 CVE-2015-0831 CVE-2015-0835 CVE-2015-0836 CVE-2015-2708 CVE-2015-2709 CVE-2015-2710 CVE-2015-2713 CVE-2015-2716 CVE-2015-2721 CVE-2015-2722 CVE-2015-2724 CVE-2015-2725 CVE-2015-2726 CVE-2015-2728 CVE-2015-2730 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2743 CVE-2015-4000 CVE-2015-4473 CVE-2015-4474 CVE-2015-4475 CVE-2015-4478 CVE-2015-4479 CVE-2015-4484 CVE-2015-4485 CVE-2015-4486 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 CVE-2015-4491 CVE-2015-4492 CVE-2015-4495 CVE-2015-4497 CVE-2015-4498 CVE-2015-4500 CVE-2015-4501 CVE-2015-4506 CVE-2015-4509 CVE-2015-4511 CVE-2015-4513 CVE-2015-4517 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7180 CVE-2015-7181 CVE-2015-7182 CVE-2015-7183 CVE-2015-7188 CVE-2015-7189 CVE-2015-7193 CVE-2015-7194 CVE-2015-7196 CVE-2015-7197 CVE-2015-7198 CVE-2015-7199 CVE-2015-7200 CVE-2015-7201 CVE-2015-7202 CVE-2015-7205 CVE-2015-7210 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 CVE-2015-7222 CVE-2016-10196 CVE-2016-1523 CVE-2016-1930 CVE-2016-1931 CVE-2016-1935 CVE-2016-1950 CVE-2016-1952 CVE-2016-1953 CVE-2016-1954 CVE-2016-1957 CVE-2016-1958 CVE-2016-1960 CVE-2016-1961 CVE-2016-1962 CVE-2016-1964 CVE-2016-1965 CVE-2016-1966 CVE-2016-1974 CVE-2016-1977 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802 CVE-2016-2805 CVE-2016-2807 CVE-2016-2808 CVE-2016-2814 CVE-2016-2815 CVE-2016-2818 CVE-2016-2819 CVE-2016-2821 CVE-2016-2822 CVE-2016-2824 CVE-2016-2828 CVE-2016-2830 CVE-2016-2831 CVE-2016-2835 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-2839 CVE-2016-5250 CVE-2016-5252 CVE-2016-5254 CVE-2016-5257 CVE-2016-5258 CVE-2016-5259 CVE-2016-5261 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-5270 CVE-2016-5272 CVE-2016-5274 CVE-2016-5276 CVE-2016-5277 CVE-2016-5278 CVE-2016-5280 CVE-2016-5281 CVE-2016-5284 CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297 CVE-2016-6354 CVE-2016-9064 CVE-2016-9066 CVE-2016-9079 CVE-2016-9893 CVE-2016-9895 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9901 CVE-2016-9902 CVE-2016-9904 CVE-2016-9905 CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378 CVE-2017-5380 CVE-2017-5383 CVE-2017-5386 CVE-2017-5390 CVE-2017-5396 CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5404 CVE-2017-5405 CVE-2017-5407 CVE-2017-5408 CVE-2017-5409 CVE-2017-5410 CVE-2017-5429 CVE-2017-5430 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5437 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5449 CVE-2017-5451 CVE-2017-5454 CVE-2017-5455 CVE-2017-5456 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5466 CVE-2017-5467 CVE-2017-5469 CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7753 CVE-2017-7754 CVE-2017-7755 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7761 CVE-2017-7763 CVE-2017-7764 CVE-2017-7765 CVE-2017-7768 CVE-2017-7778 CVE-2017-7779 CVE-2017-7782 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7793 CVE-2017-7798 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7804 CVE-2017-7805 CVE-2017-7807 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 CVE-2017-7825 CVE-2017-7826 CVE-2017-7828 CVE-2017-7830 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12368 CVE-2018-5089 CVE-2018-5091 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5117 CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5130 CVE-2018-5131 CVE-2018-5144 CVE-2018-5145 CVE-2018-5146 CVE-2018-5147 CVE-2018-5148 CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5156 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5168 CVE-2018-5174 CVE-2018-5178 CVE-2018-5183 CVE-2018-5188 CVE-2018-6126 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the NetworkManager-1.0.12-13.6.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2015-2924 CVE-2016-0764 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the SuSEfirewall2-3.6.312.333-3.13.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2017-15638 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the aaa_base-13.2+git20140911.61c1681-38.8.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-0461 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the accountsservice-0.6.42-16.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2012-2737 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the alsa-1.0.27.2-15.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2009-0035 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the apparmor-docs-2.8.2-49.21 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2017-6507 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the argyllcms-1.6.3-3.3 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2012-1616 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the at-3.1.14-8.6.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2016-6354 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the audiofile-0.3.6-10.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2015-7747 CVE-2017-6827 CVE-2017-6828 CVE-2017-6829 CVE-2017-6830 CVE-2017-6831 CVE-2017-6832 CVE-2017-6833 CVE-2017-6834 CVE-2017-6835 CVE-2017-6836 CVE-2017-6837 CVE-2017-6838 CVE-2017-6839 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the augeas-1.2.0-17.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2012-0786 CVE-2014-8119 CVE-2017-7555 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the autofs-5.0.9-28.3.5 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-8169 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the avahi-0.6.32-30.36 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2009-0758 CVE-2010-2244 CVE-2011-1002 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the bash-4.3-83.15.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-2524 CVE-2014-6271 CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 CVE-2016-0634 CVE-2016-7543 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the bind-utils-9.11.2-1.24 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2009-0696 CVE-2009-4022 CVE-2010-3613 CVE-2010-3614 CVE-2010-3615 CVE-2011-0414 CVE-2011-1907 CVE-2011-1910 CVE-2011-2464 CVE-2011-4313 CVE-2012-1667 CVE-2012-3817 CVE-2012-3868 CVE-2012-4244 CVE-2012-5166 CVE-2012-5688 CVE-2012-5689 CVE-2013-2266 CVE-2013-4854 CVE-2014-0591 CVE-2014-8500 CVE-2015-1349 CVE-2015-4620 CVE-2015-5477 CVE-2015-5722 CVE-2015-8000 CVE-2015-8704 CVE-2016-1285 CVE-2016-1286 CVE-2016-2775 CVE-2016-2776 CVE-2016-6170 CVE-2016-8864 CVE-2016-9131 CVE-2016-9147 CVE-2016-9444 CVE-2017-3135 CVE-2017-3136 CVE-2017-3137 CVE-2017-3138 CVE-2017-3142 CVE-2017-3143 CVE-2017-3145 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the binutils-2.31-9.26.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-9939 CVE-2017-12448 CVE-2017-12450 CVE-2017-12452 CVE-2017-12453 CVE-2017-12454 CVE-2017-12456 CVE-2017-12799 CVE-2017-13757 CVE-2017-14128 CVE-2017-14129 CVE-2017-14130 CVE-2017-14333 CVE-2017-14529 CVE-2017-14729 CVE-2017-14745 CVE-2017-14974 CVE-2017-15938 CVE-2017-15939 CVE-2017-15996 CVE-2017-16826 CVE-2017-16827 CVE-2017-16828 CVE-2017-16829 CVE-2017-16830 CVE-2017-16831 CVE-2017-16832 CVE-2017-6965 CVE-2017-6966 CVE-2017-6969 CVE-2017-7209 CVE-2017-7210 CVE-2017-7223 CVE-2017-7224 CVE-2017-7225 CVE-2017-7226 CVE-2017-7299 CVE-2017-7300 CVE-2017-7301 CVE-2017-7302 CVE-2017-7303 CVE-2017-7304 CVE-2017-8392 CVE-2017-8393 CVE-2017-8394 CVE-2017-8396 CVE-2017-8421 CVE-2017-9746 CVE-2017-9747 CVE-2017-9748 CVE-2017-9750 CVE-2017-9755 CVE-2017-9756 CVE-2018-10372 CVE-2018-10373 CVE-2018-10534 CVE-2018-10535 CVE-2018-6323 CVE-2018-6543 CVE-2018-6759 CVE-2018-6872 CVE-2018-7208 CVE-2018-7568 CVE-2018-7569 CVE-2018-7570 CVE-2018-7642 CVE-2018-7643 CVE-2018-8945 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the bluez-5.13-5.4.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2016-7837 CVE-2016-9800 CVE-2016-9804 CVE-2017-1000250 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the bogofilter-1.2.4-5.3 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2010-2494 CVE-2012-5468 CVE-2016-6354 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the busybox-1.21.1-3.3 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-9645 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the bzip2-1.0.6-29.2 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2010-0405 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the ceph-common-12.2.8+git.1536505967.080f2248ff-2.15.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2017-16818 CVE-2018-10861 CVE-2018-1128 CVE-2018-1129 CVE-2018-7262 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the cifs-utils-6.5-9.3.2 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2009-1886 CVE-2009-1888 CVE-2009-2813 CVE-2009-2906 CVE-2009-2948 CVE-2010-0547 CVE-2010-0728 CVE-2010-0787 CVE-2012-1586 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the clamav-0.100.2-33.18.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2010-0405 CVE-2011-2721 CVE-2011-3627 CVE-2012-1457 CVE-2012-1458 CVE-2012-1459 CVE-2012-6706 CVE-2013-6497 CVE-2014-9050 CVE-2014-9328 CVE-2015-1461 CVE-2015-1462 CVE-2015-1463 CVE-2015-2170 CVE-2015-2221 CVE-2015-2222 CVE-2015-2305 CVE-2015-2668 CVE-2017-11423 CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380 CVE-2017-6418 CVE-2017-6419 CVE-2017-6420 CVE-2018-0202 CVE-2018-0360 CVE-2018-0361 CVE-2018-1000085 CVE-2018-14680 CVE-2018-14681 CVE-2018-14682 CVE-2018-15378 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the colord-1.3.3-12.13 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-4349 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the coolkey-1.1.0-148.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2007-4129 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the coreutils-8.25-13.7.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-0221 CVE-2013-0222 CVE-2013-0223 CVE-2015-4041 CVE-2015-4042 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the cpio-2.11-36.3.4 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2010-0624 CVE-2014-9112 CVE-2016-2037 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the cpp48-4.8.5-31.17.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-5044 CVE-2015-5276 CVE-2017-11671 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the cracklib-2.9.0-7.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2016-6318 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the cron-4.2-58.3 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2006-2607 CVE-2010-0424 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the ctags-5.8-7.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-7204 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the cups-1.7.5-20.17.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2009-0163 CVE-2009-2820 CVE-2009-3553 CVE-2010-0393 CVE-2010-0540 CVE-2010-0542 CVE-2010-1748 CVE-2010-2941 CVE-2012-5519 CVE-2012-6094 CVE-2014-2856 CVE-2014-3537 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031 CVE-2014-9679 CVE-2015-1158 CVE-2015-1159 CVE-2017-18190 CVE-2017-18248 CVE-2018-4180 CVE-2018-4181 CVE-2018-4182 CVE-2018-4183 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the cups-filters-1.0.58-19.2.3 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-6473 CVE-2013-6474 CVE-2013-6475 CVE-2013-6476 CVE-2014-2707 CVE-2014-4336 CVE-2014-4337 CVE-2014-4338 CVE-2015-2265 CVE-2015-3258 CVE-2015-3279 CVE-2015-8327 CVE-2015-8560 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the cups-pk-helper-0.2.5-5.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2012-4510 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the curl-7.60.0-2.11 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2009-0037 CVE-2009-2417 CVE-2013-0249 CVE-2013-1944 CVE-2013-2174 CVE-2013-4545 CVE-2014-0015 CVE-2014-0138 CVE-2014-0139 CVE-2014-3613 CVE-2014-3620 CVE-2014-3707 CVE-2014-8150 CVE-2015-3143 CVE-2015-3144 CVE-2015-3145 CVE-2015-3148 CVE-2015-3153 CVE-2015-3236 CVE-2015-3237 CVE-2016-0755 CVE-2016-5419 CVE-2016-5420 CVE-2016-5421 CVE-2016-7141 CVE-2016-7167 CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 CVE-2016-8625 CVE-2016-9586 CVE-2016-9594 CVE-2017-1000099 CVE-2017-1000100 CVE-2017-1000101 CVE-2017-1000254 CVE-2017-1000257 CVE-2017-2629 CVE-2017-7407 CVE-2017-7468 CVE-2017-8816 CVE-2017-8817 CVE-2017-8818 CVE-2017-9502 CVE-2018-0500 CVE-2018-1000005 CVE-2018-1000007 CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 CVE-2018-1000300 CVE-2018-1000301 CVE-2018-14618 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the cvs-1.12.12-182.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2012-0804 CVE-2017-12836 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the cyrus-sasl-2.1.26-8.7.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2009-0688 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the dbus-1-1.8.22-29.10.2 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2010-4352 CVE-2012-3524 CVE-2013-2168 CVE-2014-3477 CVE-2014-3532 CVE-2014-3533 CVE-2014-3635 CVE-2014-3636 CVE-2014-3637 CVE-2014-3638 CVE-2014-3639 CVE-2014-7824 CVE-2014-8148 CVE-2015-0245 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the dbus-1-glib-0.100.2-3.58 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2010-1172 CVE-2013-0292 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the dhcp-4.3.3-10.14.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2009-1892 CVE-2010-2156 CVE-2010-3611 CVE-2010-3616 CVE-2011-0413 CVE-2011-0997 CVE-2011-2748 CVE-2011-2749 CVE-2011-4539 CVE-2011-4868 CVE-2012-3570 CVE-2012-3571 CVE-2012-3954 CVE-2012-3955 CVE-2013-2266 CVE-2015-8605 CVE-2017-3144 CVE-2018-5732 CVE-2018-5733 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the dia-0.97.3-15.63 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2008-5984 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the dnsmasq-2.78-18.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2015-3294 CVE-2015-8899 CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the dosfstools-3.0.26-6.5 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2015-8872 CVE-2016-4804 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the dracut-044.1-9.5 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2012-4453 CVE-2016-8637 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the e2fsprogs-1.43.8-1.19 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2015-0247 CVE-2015-1572 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the ecryptfs-utils-103-8.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-1831 CVE-2011-1832 CVE-2011-1833 CVE-2011-1834 CVE-2011-1835 CVE-2011-1836 CVE-2011-1837 CVE-2014-9687 CVE-2015-8946 CVE-2016-1572 CVE-2016-6224 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the elfutils-0.158-6.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-0172 CVE-2014-9447 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the emacs-24.3-25.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2012-0035 CVE-2014-3421 CVE-2014-3422 CVE-2014-3423 CVE-2014-3424 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the empathy-3.12.13-8.3.28 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-3635 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the eog-3.20.4-7.7 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-7447 CVE-2016-6855 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the evince-3.20.2-6.22.9 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2010-2640 CVE-2010-2641 CVE-2010-2642 CVE-2010-2643 CVE-2017-1000083 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the expat-2.1.0-21.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2009-2625 CVE-2009-3560 CVE-2009-3720 CVE-2012-0876 CVE-2012-1147 CVE-2012-1148 CVE-2012-6702 CVE-2015-1283 CVE-2016-0718 CVE-2016-5300 CVE-2016-9063 CVE-2017-9233 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the facter-2.4.6-12.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-3248 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the fetchmail-6.3.26-12.3 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2009-2666 CVE-2010-1167 CVE-2011-1947 CVE-2011-3389 CVE-2012-3482 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the file-5.22-10.6.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2012-1571 CVE-2014-3710 CVE-2014-8116 CVE-2014-8117 CVE-2014-9620 CVE-2014-9621 CVE-2014-9653 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the finch-2.12.0-3.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2009-2694 CVE-2009-2703 CVE-2009-3026 CVE-2009-3083 CVE-2009-3084 CVE-2009-3085 CVE-2009-3615 CVE-2010-0013 CVE-2010-0277 CVE-2010-0420 CVE-2010-0423 CVE-2010-1624 CVE-2010-2528 CVE-2010-3711 CVE-2011-1091 CVE-2011-3594 CVE-2012-2214 CVE-2012-3374 CVE-2012-6152 CVE-2013-0271 CVE-2013-0272 CVE-2013-0273 CVE-2013-0274 CVE-2013-6477 CVE-2013-6478 CVE-2013-6479 CVE-2013-6481 CVE-2013-6482 CVE-2013-6483 CVE-2013-6484 CVE-2013-6485 CVE-2013-6486 CVE-2013-6487 CVE-2014-0020 CVE-2014-3694 CVE-2014-3695 CVE-2014-3696 CVE-2014-3697 CVE-2014-3698 CVE-2017-2640 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the fontconfig-2.11.1-7.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2016-5384 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the freerdp-2.0.0~git.1463131968.4e66df7-12.3.2 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-0250 CVE-2014-0791 CVE-2017-2834 CVE-2017-2835 CVE-2017-2836 CVE-2017-2837 CVE-2017-2838 CVE-2017-2839 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the ft2demos-2.6.3-7.15.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2009-0946 CVE-2010-2497 CVE-2010-2805 CVE-2010-3053 CVE-2010-3054 CVE-2010-3311 CVE-2010-3814 CVE-2011-0226 CVE-2012-5668 CVE-2012-5669 CVE-2012-5670 CVE-2014-2240 CVE-2014-9656 CVE-2014-9657 CVE-2014-9658 CVE-2014-9659 CVE-2014-9660 CVE-2014-9661 CVE-2014-9662 CVE-2014-9663 CVE-2014-9664 CVE-2014-9665 CVE-2014-9666 CVE-2014-9667 CVE-2014-9668 CVE-2014-9669 CVE-2014-9670 CVE-2014-9671 CVE-2014-9672 CVE-2014-9673 CVE-2014-9674 CVE-2014-9675 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the fuse-2.9.3-6.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2009-3297 CVE-2011-0541 CVE-2015-3202 CVE-2018-10906 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the g3utils-1.1.36-58.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2018-16741 CVE-2018-16742 CVE-2018-16743 CVE-2018-16744 CVE-2018-16745 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the gd-2.1.0-24.9.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-2497 CVE-2014-9709 CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-5116 CVE-2016-6128 CVE-2016-6132 CVE-2016-6161 CVE-2016-6207 CVE-2016-6214 CVE-2016-6905 CVE-2016-6906 CVE-2016-6911 CVE-2016-6912 CVE-2016-7568 CVE-2016-8670 CVE-2016-9317 CVE-2016-9933 CVE-2017-6362 CVE-2018-1000222 CVE-2018-5711 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the gdk-pixbuf-lang-2.34.0-19.17.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-2485 CVE-2015-4491 CVE-2015-7552 CVE-2015-7673 CVE-2015-7674 CVE-2016-6352 CVE-2017-1000422 CVE-2017-2862 CVE-2017-2870 CVE-2017-6312 CVE-2017-6313 CVE-2017-6314 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the gdk-pixbuf-loader-rsvg-2.40.20-5.6.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-3146 CVE-2013-1881 CVE-2017-11464 CVE-2018-1000041 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the gdm-3.10.0.1-54.6.3 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-1709 CVE-2018-14424 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the gegl-0_2-0.2.0-14.3 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2012-4433 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the ghostscript-9.25-23.13.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-5653 CVE-2015-3228 CVE-2016-10217 CVE-2016-10218 CVE-2016-10219 CVE-2016-10220 CVE-2016-10317 CVE-2016-7976 CVE-2016-7977 CVE-2016-7978 CVE-2016-7979 CVE-2016-8602 CVE-2016-9601 CVE-2017-11714 CVE-2017-5951 CVE-2017-7207 CVE-2017-8291 CVE-2017-9216 CVE-2017-9612 CVE-2017-9726 CVE-2017-9727 CVE-2017-9739 CVE-2017-9835 CVE-2018-10194 CVE-2018-15908 CVE-2018-15909 CVE-2018-15910 CVE-2018-15911 CVE-2018-16509 CVE-2018-16510 CVE-2018-16511 CVE-2018-16513 CVE-2018-16539 CVE-2018-16540 CVE-2018-16541 CVE-2018-16542 CVE-2018-16543 CVE-2018-16585 CVE-2018-16802 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the gimp-2.8.18-9.3.26 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2007-3126 CVE-2010-4540 CVE-2010-4541 CVE-2010-4542 CVE-2010-4543 CVE-2011-2896 CVE-2012-3236 CVE-2012-5576 CVE-2016-4994 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the glib2-lang-2.48.2-10.2 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2008-4316 CVE-2012-3524 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the glibc-2.22-15.3 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2009-5029 CVE-2012-3406 CVE-2012-4412 CVE-2013-0242 CVE-2013-1914 CVE-2013-2207 CVE-2013-4237 CVE-2013-4332 CVE-2013-4458 CVE-2013-7423 CVE-2014-0475 CVE-2014-4043 CVE-2014-5119 CVE-2014-6040 CVE-2014-7817 CVE-2014-8121 CVE-2014-9402 CVE-2014-9761 CVE-2015-1472 CVE-2015-1473 CVE-2015-1781 CVE-2015-7547 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778 CVE-2015-8779 CVE-2016-1234 CVE-2016-3075 CVE-2016-3706 CVE-2016-4429 CVE-2017-1000366 CVE-2017-1000408 CVE-2017-1000409 CVE-2017-12132 CVE-2017-12133 CVE-2017-15670 CVE-2017-15671 CVE-2017-15804 CVE-2017-16997 CVE-2017-18269 CVE-2017-8804 CVE-2018-1000001 CVE-2018-11236 CVE-2018-11237 CVE-2018-6485 CVE-2018-6551 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the gnome-keyring-3.20.0-28.3.18 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2012-3466 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the gnome-online-accounts-3.20.5-9.6 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-0240 CVE-2013-1799 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the gnome-settings-daemon-3.20.1-50.5.8 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-7300 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the gnome-shell-3.20.4-77.17.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2010-4000 CVE-2017-8288 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the gnome-shell-search-provider-nautilus-3.20.3-23.6.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2017-14604 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the gnutls-3.3.27-3.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2008-4989 CVE-2011-4128 CVE-2012-0390 CVE-2012-1569 CVE-2012-1573 CVE-2014-0092 CVE-2014-1959 CVE-2014-3466 CVE-2014-8564 CVE-2015-0294 CVE-2015-3622 CVE-2015-6251 CVE-2016-7444 CVE-2016-8610 CVE-2017-10790 CVE-2017-5335 CVE-2017-5336 CVE-2017-5337 CVE-2018-10844 CVE-2018-10845 CVE-2018-10846 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the gpg2-2.0.24-9.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2010-2547 CVE-2013-4351 CVE-2013-4402 CVE-2014-4617 CVE-2015-1606 CVE-2015-1607 CVE-2018-12020 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the gpgme-1.5.1-1.12 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-3564 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the groff-1.22.2-5.429 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2009-5044 CVE-2009-5080 CVE-2009-5081 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the grub2-2.02-11.8 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2015-8370 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the gstreamer-0_10-plugins-bad-0.10.23-25.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2015-0797 CVE-2016-9445 CVE-2016-9446 CVE-2016-9447 CVE-2016-9809 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the gstreamer-0_10-plugins-base-0.10.36-17.13 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2016-9811 CVE-2017-5837 CVE-2017-5844 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the gstreamer-0_10-plugins-good-0.10.31-16.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 CVE-2016-9807 CVE-2016-9808 CVE-2016-9810 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the gstreamer-1.8.3-9.5 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2017-5838 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the gstreamer-plugins-bad-1.8.3-17.2 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2016-9445 CVE-2016-9446 CVE-2016-9809 CVE-2016-9812 CVE-2016-9813 CVE-2017-5843 CVE-2017-5848 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the gstreamer-plugins-base-1.8.3-12.11 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2016-9811 CVE-2017-5837 CVE-2017-5839 CVE-2017-5842 CVE-2017-5844 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the gstreamer-plugins-good-1.8.3-15.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2016-10198 CVE-2016-10199 CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 CVE-2016-9807 CVE-2016-9808 CVE-2016-9810 CVE-2017-5840 CVE-2017-5841 CVE-2017-5845 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the gtk2-data-2.24.31-7.11 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-7447 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the guile-2.0.9-8.3 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2016-8605 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the gvim-7.4.326-16.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2009-0316 CVE-2016-1248 CVE-2017-5953 CVE-2017-6349 CVE-2017-6350 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the gwenhywfar-lang-4.9.0beta-3.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2015-7542 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the gzip-1.6-9.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2009-2624 CVE-2010-0001 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the hardlink-1.0-6.45 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-3630 CVE-2011-3631 CVE-2011-3632 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the hplip-3.16.11-1.33 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2004-0801 CVE-2010-4267 CVE-2011-2697 CVE-2011-2722 CVE-2013-4325 CVE-2013-6402 CVE-2013-6427 CVE-2015-0839 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the hyper-v-7-7.5 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2012-2669 CVE-2012-5532 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the ibus-chewing-1.4.14-4.11 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-4509 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the icu-52.1-8.7.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-8146 CVE-2014-8147 CVE-2014-9654 CVE-2016-6293 CVE-2017-14952 CVE-2017-15422 CVE-2017-17484 CVE-2017-7867 CVE-2017-7868 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the imobiledevice-tools-1.2.0-7.31 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-2142 CVE-2016-5104 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the iputils-s20121221-2.19 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2010-2529 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the java-1_7_0-openjdk-1.7.0.181-43.15.2 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-3563 CVE-2011-3571 CVE-2011-5035 CVE-2012-0497 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 CVE-2012-0547 CVE-2012-1682 CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1723 CVE-2012-1724 CVE-2012-1725 CVE-2012-1726 CVE-2012-3136 CVE-2012-3174 CVE-2012-3216 CVE-2012-4416 CVE-2012-4681 CVE-2012-5068 CVE-2012-5069 CVE-2012-5070 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5074 CVE-2012-5075 CVE-2012-5076 CVE-2012-5077 CVE-2012-5079 CVE-2012-5081 CVE-2012-5084 CVE-2012-5085 CVE-2012-5086 CVE-2012-5087 CVE-2012-5088 CVE-2012-5089 CVE-2013-0169 CVE-2013-0401 CVE-2013-0422 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0431 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0444 CVE-2013-0450 CVE-2013-0809 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 CVE-2013-1484 CVE-2013-1485 CVE-2013-1486 CVE-2013-1488 CVE-2013-1493 CVE-2013-1500 CVE-2013-1518 CVE-2013-1537 CVE-2013-1557 CVE-2013-1569 CVE-2013-1571 CVE-2013-2383 CVE-2013-2384 CVE-2013-2407 CVE-2013-2412 CVE-2013-2415 CVE-2013-2417 CVE-2013-2419 CVE-2013-2420 CVE-2013-2421 CVE-2013-2422 CVE-2013-2423 CVE-2013-2424 CVE-2013-2426 CVE-2013-2429 CVE-2013-2430 CVE-2013-2431 CVE-2013-2436 CVE-2013-2443 CVE-2013-2444 CVE-2013-2445 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2449 CVE-2013-2450 CVE-2013-2451 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2458 CVE-2013-2459 CVE-2013-2460 CVE-2013-2461 CVE-2013-2463 CVE-2013-2465 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 CVE-2013-3829 CVE-2013-4002 CVE-2013-5772 CVE-2013-5774 CVE-2013-5778 CVE-2013-5780 CVE-2013-5782 CVE-2013-5783 CVE-2013-5784 CVE-2013-5790 CVE-2013-5797 CVE-2013-5800 CVE-2013-5802 CVE-2013-5803 CVE-2013-5804 CVE-2013-5805 CVE-2013-5806 CVE-2013-5809 CVE-2013-5814 CVE-2013-5817 CVE-2013-5820 CVE-2013-5823 CVE-2013-5825 CVE-2013-5829 CVE-2013-5830 CVE-2013-5840 CVE-2013-5842 CVE-2013-5849 CVE-2013-5850 CVE-2013-5851 CVE-2013-5878 CVE-2013-5884 CVE-2013-5893 CVE-2013-5896 CVE-2013-5907 CVE-2013-5910 CVE-2013-6629 CVE-2013-6954 CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0408 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 CVE-2014-2483 CVE-2014-2490 CVE-2014-3566 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4221 CVE-2014-4223 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4264 CVE-2014-4266 CVE-2014-4268 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6513 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593 CVE-2014-6601 CVE-2015-0383 CVE-2015-0395 CVE-2015-0400 CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412 CVE-2015-0460 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 CVE-2015-2590 CVE-2015-2601 CVE-2015-2613 CVE-2015-2621 CVE-2015-2625 CVE-2015-2628 CVE-2015-2632 CVE-2015-2808 CVE-2015-4000 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4734 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4903 CVE-2015-4911 CVE-2015-7575 CVE-2015-8126 CVE-2015-8472 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 CVE-2016-0636 CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-10165 CVE-2016-2183 CVE-2016-3425 CVE-2016-3427 CVE-2016-3458 CVE-2016-3485 CVE-2016-3498 CVE-2016-3500 CVE-2016-3503 CVE-2016-3508 CVE-2016-3511 CVE-2016-3550 CVE-2016-3598 CVE-2016-3606 CVE-2016-3610 CVE-2016-5542 CVE-2016-5546 CVE-2016-5547 CVE-2016-5548 CVE-2016-5549 CVE-2016-5552 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5582 CVE-2016-5597 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10081 CVE-2017-10086 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10114 CVE-2017-10115 CVE-2017-10116 CVE-2017-10118 CVE-2017-10125 CVE-2017-10135 CVE-2017-10176 CVE-2017-10193 CVE-2017-10198 CVE-2017-10243 CVE-2017-10274 CVE-2017-10281 CVE-2017-10285 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3260 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289 CVE-2017-3509 CVE-2017-3511 CVE-2017-3512 CVE-2017-3514 CVE-2017-3526 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 CVE-2018-2579 CVE-2018-2588 CVE-2018-2599 CVE-2018-2602 CVE-2018-2603 CVE-2018-2618 CVE-2018-2629 CVE-2018-2633 CVE-2018-2634 CVE-2018-2637 CVE-2018-2641 CVE-2018-2663 CVE-2018-2677 CVE-2018-2678 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the java-1_7_0-openjdk-plugin-1.6.2-2.8.3 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-2513 CVE-2011-2514 CVE-2011-3377 CVE-2012-3422 CVE-2012-3423 CVE-2012-4540 CVE-2013-1926 CVE-2013-1927 CVE-2013-4349 CVE-2015-5234 CVE-2015-5235 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the java-1_8_0-openjdk-1.8.0.181-27.26.2 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2015-2590 CVE-2015-2597 CVE-2015-2601 CVE-2015-2613 CVE-2015-2619 CVE-2015-2621 CVE-2015-2625 CVE-2015-2627 CVE-2015-2628 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2659 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4734 CVE-2015-4736 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4868 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4901 CVE-2015-4902 CVE-2015-4903 CVE-2015-4906 CVE-2015-4908 CVE-2015-4911 CVE-2015-4916 CVE-2015-7575 CVE-2015-8126 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0475 CVE-2016-0483 CVE-2016-0494 CVE-2016-0636 CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-10165 CVE-2016-2183 CVE-2016-3425 CVE-2016-3426 CVE-2016-3427 CVE-2016-3458 CVE-2016-3485 CVE-2016-3498 CVE-2016-3500 CVE-2016-3503 CVE-2016-3508 CVE-2016-3511 CVE-2016-3550 CVE-2016-3552 CVE-2016-3587 CVE-2016-3598 CVE-2016-3606 CVE-2016-3610 CVE-2016-5542 CVE-2016-5546 CVE-2016-5547 CVE-2016-5548 CVE-2016-5549 CVE-2016-5552 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5582 CVE-2016-5597 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10078 CVE-2017-10081 CVE-2017-10086 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10114 CVE-2017-10115 CVE-2017-10116 CVE-2017-10118 CVE-2017-10125 CVE-2017-10135 CVE-2017-10176 CVE-2017-10193 CVE-2017-10198 CVE-2017-10243 CVE-2017-10274 CVE-2017-10281 CVE-2017-10285 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3260 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289 CVE-2017-3509 CVE-2017-3511 CVE-2017-3512 CVE-2017-3514 CVE-2017-3526 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 CVE-2018-2579 CVE-2018-2582 CVE-2018-2588 CVE-2018-2599 CVE-2018-2602 CVE-2018-2603 CVE-2018-2618 CVE-2018-2629 CVE-2018-2633 CVE-2018-2634 CVE-2018-2637 CVE-2018-2641 CVE-2018-2663 CVE-2018-2677 CVE-2018-2678 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815 CVE-2018-2938 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-3639 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the kbd-2.0.4-8.10.2 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-0460 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the kdump-0.8.16-9.2 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2016-5759 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the kernel-default-4.12.14-94.41.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2009-3939 CVE-2009-4026 CVE-2009-4027 CVE-2009-4131 CVE-2009-4138 CVE-2009-4536 CVE-2009-4538 CVE-2010-1146 CVE-2010-1436 CVE-2010-1641 CVE-2010-2066 CVE-2010-2942 CVE-2010-2954 CVE-2010-2955 CVE-2010-3081 CVE-2010-3296 CVE-2010-3297 CVE-2010-3298 CVE-2010-3301 CVE-2010-3310 CVE-2011-0711 CVE-2011-0712 CVE-2011-1020 CVE-2011-1180 CVE-2011-1577 CVE-2011-1581 CVE-2011-2203 CVE-2011-4604 CVE-2012-0056 CVE-2012-3412 CVE-2012-3520 CVE-2013-0160 CVE-2013-0231 CVE-2013-0913 CVE-2013-2850 CVE-2014-0038 CVE-2014-0196 CVE-2014-0691 CVE-2014-8133 CVE-2015-1333 CVE-2015-7550 CVE-2015-7884 CVE-2015-7885 CVE-2015-8539 CVE-2015-8660 CVE-2016-0723 CVE-2016-0728 CVE-2016-1237 CVE-2016-1583 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2384 CVE-2016-3134 CVE-2016-3135 CVE-2016-3136 CVE-2016-3140 CVE-2016-3689 CVE-2016-3713 CVE-2016-4470 CVE-2016-4485 CVE-2016-4486 CVE-2016-4557 CVE-2016-4558 CVE-2016-4569 CVE-2016-4578 CVE-2016-4951 CVE-2016-4997 CVE-2016-4998 CVE-2016-5195 CVE-2016-5244 CVE-2016-5829 CVE-2016-6187 CVE-2016-6480 CVE-2016-6516 CVE-2016-6828 CVE-2016-7039 CVE-2016-7042 CVE-2016-7425 CVE-2016-7913 CVE-2016-8655 CVE-2016-9555 CVE-2016-9576 CVE-2017-1000251 CVE-2017-1000252 CVE-2017-1000255 CVE-2017-1000380 CVE-2017-1000410 CVE-2017-11473 CVE-2017-11600 CVE-2017-12153 CVE-2017-12154 CVE-2017-12190 CVE-2017-12193 CVE-2017-13080 CVE-2017-13166 CVE-2017-14051 CVE-2017-14489 CVE-2017-15115 CVE-2017-15127 CVE-2017-15128 CVE-2017-15129 CVE-2017-15265 CVE-2017-15537 CVE-2017-15649 CVE-2017-15951 CVE-2017-16525 CVE-2017-16527 CVE-2017-16528 CVE-2017-16529 CVE-2017-16531 CVE-2017-16534 CVE-2017-16535 CVE-2017-16536 CVE-2017-16537 CVE-2017-16538 CVE-2017-16644 CVE-2017-16645 CVE-2017-16646 CVE-2017-16647 CVE-2017-16649 CVE-2017-16650 CVE-2017-16911 CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-16939 CVE-2017-16994 CVE-2017-16995 CVE-2017-16996 CVE-2017-17052 CVE-2017-17448 CVE-2017-17449 CVE-2017-17450 CVE-2017-17558 CVE-2017-17712 CVE-2017-17741 CVE-2017-17805 CVE-2017-17806 CVE-2017-17852 CVE-2017-17853 CVE-2017-17854 CVE-2017-17855 CVE-2017-17856 CVE-2017-17857 CVE-2017-17862 CVE-2017-17864 CVE-2017-17975 CVE-2017-18075 CVE-2017-18202 CVE-2017-18203 CVE-2017-18204 CVE-2017-18208 CVE-2017-18344 CVE-2017-2636 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2017-5897 CVE-2017-5970 CVE-2017-5986 CVE-2017-6347 CVE-2017-6353 CVE-2017-7184 CVE-2017-7187 CVE-2017-7261 CVE-2017-7277 CVE-2017-7294 CVE-2017-7308 CVE-2017-7346 CVE-2017-7477 CVE-2017-7487 CVE-2017-7541 CVE-2017-7542 CVE-2017-8824 CVE-2017-8831 CVE-2017-8890 CVE-2017-9059 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9211 CVE-2017-9242 CVE-2018-1000004 CVE-2018-1000028 CVE-2018-1000200 CVE-2018-1000204 CVE-2018-10087 CVE-2018-10124 CVE-2018-10323 CVE-2018-1065 CVE-2018-1068 CVE-2018-10853 CVE-2018-10902 CVE-2018-1091 CVE-2018-10938 CVE-2018-1094 CVE-2018-10940 CVE-2018-1108 CVE-2018-1118 CVE-2018-1120 CVE-2018-1128 CVE-2018-1129 CVE-2018-1130 CVE-2018-12233 CVE-2018-12896 CVE-2018-13053 CVE-2018-13093 CVE-2018-13094 CVE-2018-13095 CVE-2018-13405 CVE-2018-13406 CVE-2018-14613 CVE-2018-14617 CVE-2018-14633 CVE-2018-15572 CVE-2018-16658 CVE-2018-17182 CVE-2018-3620 CVE-2018-3639 CVE-2018-3646 CVE-2018-5332 CVE-2018-5333 CVE-2018-5390 CVE-2018-5391 CVE-2018-5803 CVE-2018-5848 CVE-2018-6554 CVE-2018-6555 CVE-2018-6927 CVE-2018-7492 CVE-2018-7566 CVE-2018-7740 CVE-2018-8043 CVE-2018-8087 CVE-2018-8781 CVE-2018-8822 CVE-2018-9363 CVE-2018-9385 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the kernel-firmware-20180525-3.11 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2017-13080 CVE-2017-13081 CVE-2017-5715 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the krb5-1.12.5-40.28.2 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2002-2443 CVE-2009-0844 CVE-2009-0845 CVE-2009-0846 CVE-2009-0847 CVE-2009-3295 CVE-2009-4212 CVE-2010-0283 CVE-2010-0628 CVE-2010-1320 CVE-2010-1321 CVE-2010-1322 CVE-2010-1323 CVE-2010-1324 CVE-2010-4020 CVE-2010-4021 CVE-2010-4022 CVE-2011-0281 CVE-2011-0282 CVE-2011-0284 CVE-2011-0285 CVE-2011-1527 CVE-2011-1528 CVE-2011-1529 CVE-2011-1530 CVE-2012-1012 CVE-2012-1013 CVE-2012-1016 CVE-2013-1415 CVE-2013-1417 CVE-2013-1418 CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344 CVE-2014-4345 CVE-2014-5351 CVE-2014-5352 CVE-2014-5353 CVE-2014-5354 CVE-2014-5355 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423 CVE-2015-2694 CVE-2015-2695 CVE-2015-2696 CVE-2015-2697 CVE-2015-2698 CVE-2015-8629 CVE-2015-8630 CVE-2015-8631 CVE-2016-3119 CVE-2016-3120 CVE-2017-11462 CVE-2017-15088 CVE-2018-5729 CVE-2018-5730 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the krb5-appl-clients-1.0.3-1.5 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-1526 CVE-2011-4862 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the lcms-1.19-17.31 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2009-0793 CVE-2013-4276 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the lcms2-2.7-9.7.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2016-10165 CVE-2018-16435 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the lftp-4.7.4-3.3.20 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-0139 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the lhasa-0.2.0-5.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2016-2347 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libFLAC++6-1.3.0-11.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-8962 CVE-2014-9028 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libHX28-3.18-1.19 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2010-2947 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libICE6-1.0.8-12.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2017-2626 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libIlmImf-Imf_2_1-21-2.1.0-6.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2009-1720 CVE-2009-1721 CVE-2017-12596 CVE-2017-9110 CVE-2017-9114 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libQt5Concurrent5-5.6.2-6.12.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2015-0295 CVE-2015-1858 CVE-2015-1859 CVE-2015-1860 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libQt5WebKit5-5.6.2-1.31 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2015-8079 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libSoundTouch0-1.7.1-5.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2018-1000223 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libX11-6-1.6.2-12.5.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-1981 CVE-2013-1997 CVE-2013-2004 CVE-2016-7942 CVE-2018-14598 CVE-2018-14599 CVE-2018-14600 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libXRes1-1.0.7-3.54 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-1988 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libXcursor1-1.1.14-4.6.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-2003 CVE-2015-9262 CVE-2017-16612 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libXdmcp6-1.1.1-12.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2017-2625 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libXext6-1.3.2-4.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-1982 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libXfixes3-32bit-5.0.1-7.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-1983 CVE-2016-7944 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libXfont1-1.5.1-11.3.12 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-2895 CVE-2013-6462 CVE-2014-0209 CVE-2014-0210 CVE-2014-0211 CVE-2015-1802 CVE-2015-1803 CVE-2015-1804 CVE-2017-13720 CVE-2017-13722 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libXfont2-2-2.0.3-1.19 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2017-16611 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libXi6-1.7.4-17.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-1984 CVE-2013-1995 CVE-2013-1998 CVE-2016-7945 CVE-2016-7946 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libXinerama1-1.1.3-3.55 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-1985 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libXp6-1.0.2-3.58 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-2062 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libXpm4-3.5.11-5.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2016-10164 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libXrandr2-1.5.0-6.2 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-1986 CVE-2016-7947 CVE-2016-7948 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libXrender1-0.9.8-7.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-1987 CVE-2016-7949 CVE-2016-7950 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libXt6-1.1.4-3.59 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-2002 CVE-2013-2005 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libXtst6-1.2.2-7.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-2063 CVE-2016-7951 CVE-2016-7952 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libXv1-1.0.10-7.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-1989 CVE-2013-2066 CVE-2016-5407 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libXvMC1-1.0.8-7.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-1990 CVE-2013-1999 CVE-2016-7953 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libXvnc1-1.6.0-18.23.72 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-0011 CVE-2014-8240 CVE-2015-0255 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libXxf86dga1-1.1.4-3.59 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-1991 CVE-2013-2000 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libXxf86vm1-1.1.3-3.54 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-2001 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libarchive13-3.1.2-25.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-0211 CVE-2015-2304 CVE-2015-8915 CVE-2015-8916 CVE-2015-8918 CVE-2015-8919 CVE-2015-8920 CVE-2015-8921 CVE-2015-8922 CVE-2015-8923 CVE-2015-8924 CVE-2015-8925 CVE-2015-8926 CVE-2015-8928 CVE-2015-8929 CVE-2015-8930 CVE-2015-8931 CVE-2015-8932 CVE-2015-8933 CVE-2015-8934 CVE-2016-1541 CVE-2016-4300 CVE-2016-4301 CVE-2016-4302 CVE-2016-4809 CVE-2016-5418 CVE-2016-5844 CVE-2016-6250 CVE-2016-8687 CVE-2016-8688 CVE-2016-8689 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libasan2-32bit-5.3.1+r233831-12.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2015-5276 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libass5-0.10.2-3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2016-7969 CVE-2016-7972 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libblkid1-2.29.2-7.14 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-0157 CVE-2014-9114 CVE-2015-5218 CVE-2016-2779 CVE-2016-5011 CVE-2017-2616 CVE-2018-7738 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libcairo-gobject2-1.15.2-25.3.2 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2016-9082 CVE-2017-7475 CVE-2017-9814 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libcares2-1.9.1-9.4.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2016-5180 CVE-2017-1000381 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libcdio14-0.90-6.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2017-18201 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libdcerpc-binding0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2009-1886 CVE-2009-1888 CVE-2009-2813 CVE-2009-2906 CVE-2009-2948 CVE-2010-0547 CVE-2010-0728 CVE-2010-0787 CVE-2010-0926 CVE-2010-1635 CVE-2010-1642 CVE-2010-2063 CVE-2010-3069 CVE-2011-0719 CVE-2011-2522 CVE-2011-2694 CVE-2012-0817 CVE-2012-0870 CVE-2012-1182 CVE-2012-2111 CVE-2012-6150 CVE-2013-0172 CVE-2013-0213 CVE-2013-0214 CVE-2013-0454 CVE-2013-1863 CVE-2013-4124 CVE-2013-4408 CVE-2013-4475 CVE-2013-4476 CVE-2013-4496 CVE-2013-6442 CVE-2014-0178 CVE-2014-0239 CVE-2014-0244 CVE-2014-3493 CVE-2014-3560 CVE-2014-8143 CVE-2015-0240 CVE-2015-3223 CVE-2015-5252 CVE-2015-5296 CVE-2015-5299 CVE-2015-5330 CVE-2015-5370 CVE-2015-7560 CVE-2015-8467 CVE-2015-8543 CVE-2016-0771 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2115 CVE-2016-2118 CVE-2016-2119 CVE-2016-2123 CVE-2016-2125 CVE-2016-2126 CVE-2017-11103 CVE-2017-12150 CVE-2017-12151 CVE-2017-12163 CVE-2017-14746 CVE-2017-15275 CVE-2017-2619 CVE-2017-7494 CVE-2018-1050 CVE-2018-1057 CVE-2018-10858 CVE-2018-10919 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libdmx1-1.1.3-3.52 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-1992 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libecpg6-10.5-1.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2007-4772 CVE-2007-6600 CVE-2009-4034 CVE-2009-4136 CVE-2010-1169 CVE-2010-1170 CVE-2010-3433 CVE-2012-0866 CVE-2012-0867 CVE-2012-0868 CVE-2012-2143 CVE-2012-2655 CVE-2012-3488 CVE-2012-3489 CVE-2013-0255 CVE-2013-1899 CVE-2013-1900 CVE-2013-1901 CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 CVE-2014-0067 CVE-2015-3165 CVE-2015-3166 CVE-2015-3167 CVE-2015-5288 CVE-2015-5289 CVE-2016-0766 CVE-2016-0773 CVE-2016-2193 CVE-2016-3065 CVE-2017-15098 CVE-2017-15099 CVE-2017-7484 CVE-2017-7485 CVE-2017-7486 CVE-2017-7546 CVE-2017-7547 CVE-2017-7548 CVE-2018-1053 CVE-2018-1058 CVE-2018-10915 CVE-2018-10925 CVE-2018-1115 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libevent-2_0-5-2.0.21-6.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-6272 CVE-2016-10195 CVE-2016-10196 CVE-2016-10197 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libexempi3-2.2.1-5.7.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2017-18233 CVE-2017-18234 CVE-2017-18236 CVE-2017-18238 CVE-2018-7728 CVE-2018-7730 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libexif12-0.6.21-8.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841 CVE-2016-6328 CVE-2017-7544 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libfbembed2_5-2.5.2.26539-15.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-2492 CVE-2017-6369 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libfreebl3-3.29.5-58.12.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2010-3170 CVE-2011-3389 CVE-2011-3640 CVE-2013-0743 CVE-2013-0791 CVE-2013-1620 CVE-2013-1739 CVE-2013-1740 CVE-2013-5605 CVE-2014-1492 CVE-2014-1568 CVE-2014-1569 CVE-2015-4000 CVE-2015-7181 CVE-2015-7182 CVE-2015-7575 CVE-2016-1938 CVE-2016-1950 CVE-2016-1978 CVE-2016-1979 CVE-2016-2834 CVE-2016-5285 CVE-2016-8635 CVE-2016-9074 CVE-2016-9574 CVE-2017-7805 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libfreetype6-2.6.3-7.15.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2009-0946 CVE-2010-2497 CVE-2010-2805 CVE-2010-3053 CVE-2010-3054 CVE-2010-3311 CVE-2010-3814 CVE-2010-3855 CVE-2011-0226 CVE-2011-3256 CVE-2011-3439 CVE-2012-1126 CVE-2012-1127 CVE-2012-1128 CVE-2012-1129 CVE-2012-1130 CVE-2012-1131 CVE-2012-1132 CVE-2012-1133 CVE-2012-1134 CVE-2012-1135 CVE-2012-1136 CVE-2012-1137 CVE-2012-1138 CVE-2012-1139 CVE-2012-1140 CVE-2012-1141 CVE-2012-1142 CVE-2012-1143 CVE-2012-1144 CVE-2012-5668 CVE-2012-5669 CVE-2012-5670 CVE-2014-2240 CVE-2014-2241 CVE-2014-9656 CVE-2014-9657 CVE-2014-9658 CVE-2014-9659 CVE-2014-9660 CVE-2014-9661 CVE-2014-9662 CVE-2014-9663 CVE-2014-9664 CVE-2014-9665 CVE-2014-9666 CVE-2014-9667 CVE-2014-9668 CVE-2014-9669 CVE-2014-9670 CVE-2014-9671 CVE-2014-9672 CVE-2014-9673 CVE-2014-9674 CVE-2014-9675 CVE-2016-10244 CVE-2017-8105 CVE-2017-8287 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libgadu3-1.11.4-1.12 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-6487 CVE-2014-3775 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libgc1-7.2d-5.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2012-2673 CVE-2016-9427 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libgcrypt20-1.6.1-16.61.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-4242 CVE-2014-3591 CVE-2015-0837 CVE-2015-7511 CVE-2016-6313 CVE-2017-7526 CVE-2018-0495 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libgif6-32bit-5.0.5-12.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2015-7555 CVE-2016-3977 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libgme0-0.6.0-5.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2016-9957 CVE-2016-9958 CVE-2016-9959 CVE-2016-9960 CVE-2016-9961 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libgnomesu-2.0.0-353.6.2 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-1946 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libgraphite2-3-1.3.1-10.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2016-1521 CVE-2016-1523 CVE-2016-1526 CVE-2017-5436 CVE-2018-7999 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libgssglue1-0.4-3.83 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-2709 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libgypsy0-0.9-6.24 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-0523 CVE-2011-0524 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libhogweed2-2.7.1-12.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 CVE-2016-6489 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libical1-1.0.1-16.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2016-5824 CVE-2016-5827 CVE-2016-9584 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libid3tag0-0.15.1b-184.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2004-2779 CVE-2008-2109 CVE-2017-11550 CVE-2017-11551 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libidn11-1.28-5.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2015-2059 CVE-2015-8948 CVE-2016-6261 CVE-2016-6262 CVE-2016-6263 CVE-2017-14062 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libipa_hbac0-1.16.1-2.8 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2010-4341 CVE-2011-1758 CVE-2013-0219 CVE-2013-0220 CVE-2013-0287 CVE-2017-12173 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libjasper1-1.900.14-195.8.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2008-3522 CVE-2011-4516 CVE-2011-4517 CVE-2014-8137 CVE-2014-8138 CVE-2014-8157 CVE-2014-8158 CVE-2014-9029 CVE-2015-5203 CVE-2015-5221 CVE-2016-10251 CVE-2016-1577 CVE-2016-1867 CVE-2016-2089 CVE-2016-2116 CVE-2016-8654 CVE-2016-8690 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8884 CVE-2016-8885 CVE-2016-8886 CVE-2016-8887 CVE-2016-9262 CVE-2016-9388 CVE-2016-9389 CVE-2016-9390 CVE-2016-9391 CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 CVE-2016-9395 CVE-2016-9398 CVE-2016-9560 CVE-2016-9583 CVE-2016-9591 CVE-2016-9600 CVE-2017-1000050 CVE-2017-5498 CVE-2017-6850 CVE-2018-9055 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libjavascriptcoregtk-1_0-0-2.4.11-23.20 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2012-5112 CVE-2012-5133 CVE-2014-1344 CVE-2014-1384 CVE-2014-1385 CVE-2014-1386 CVE-2014-1387 CVE-2014-1388 CVE-2014-1389 CVE-2014-1390 CVE-2014-1748 CVE-2015-1071 CVE-2015-1076 CVE-2015-1081 CVE-2015-1083 CVE-2015-1120 CVE-2015-1122 CVE-2015-1127 CVE-2015-1153 CVE-2015-1155 CVE-2015-2330 CVE-2015-3658 CVE-2015-3659 CVE-2015-3727 CVE-2015-3731 CVE-2015-3741 CVE-2015-3743 CVE-2015-3745 CVE-2015-3747 CVE-2015-3748 CVE-2015-3749 CVE-2015-3752 CVE-2015-5788 CVE-2015-5794 CVE-2015-5801 CVE-2015-5809 CVE-2015-5822 CVE-2015-5928 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libjavascriptcoregtk-4_0-18-2.20.3-2.23.8 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2016-1856 CVE-2016-1857 CVE-2016-4590 CVE-2016-4591 CVE-2016-4622 CVE-2016-4624 CVE-2016-4692 CVE-2016-4743 CVE-2016-7586 CVE-2016-7587 CVE-2016-7589 CVE-2016-7592 CVE-2016-7598 CVE-2016-7599 CVE-2016-7610 CVE-2016-7623 CVE-2016-7632 CVE-2016-7635 CVE-2016-7639 CVE-2016-7641 CVE-2016-7645 CVE-2016-7652 CVE-2016-7654 CVE-2016-7656 CVE-2017-1000121 CVE-2017-1000122 CVE-2017-13788 CVE-2017-13798 CVE-2017-13803 CVE-2017-13856 CVE-2017-13866 CVE-2017-13870 CVE-2017-13884 CVE-2017-13885 CVE-2017-2350 CVE-2017-2354 CVE-2017-2355 CVE-2017-2356 CVE-2017-2362 CVE-2017-2363 CVE-2017-2364 CVE-2017-2365 CVE-2017-2366 CVE-2017-2369 CVE-2017-2371 CVE-2017-2373 CVE-2017-2496 CVE-2017-2510 CVE-2017-2538 CVE-2017-2539 CVE-2017-5715 CVE-2017-5753 CVE-2017-7006 CVE-2017-7011 CVE-2017-7012 CVE-2017-7018 CVE-2017-7019 CVE-2017-7020 CVE-2017-7030 CVE-2017-7034 CVE-2017-7037 CVE-2017-7038 CVE-2017-7039 CVE-2017-7040 CVE-2017-7041 CVE-2017-7042 CVE-2017-7043 CVE-2017-7046 CVE-2017-7048 CVE-2017-7049 CVE-2017-7052 CVE-2017-7055 CVE-2017-7056 CVE-2017-7059 CVE-2017-7061 CVE-2017-7064 CVE-2017-7081 CVE-2017-7087 CVE-2017-7089 CVE-2017-7090 CVE-2017-7091 CVE-2017-7092 CVE-2017-7093 CVE-2017-7094 CVE-2017-7095 CVE-2017-7096 CVE-2017-7098 CVE-2017-7099 CVE-2017-7100 CVE-2017-7102 CVE-2017-7104 CVE-2017-7107 CVE-2017-7109 CVE-2017-7111 CVE-2017-7117 CVE-2017-7120 CVE-2017-7142 CVE-2017-7153 CVE-2017-7156 CVE-2017-7157 CVE-2017-7160 CVE-2017-7161 CVE-2017-7165 CVE-2018-11646 CVE-2018-11712 CVE-2018-11713 CVE-2018-12911 CVE-2018-4088 CVE-2018-4096 CVE-2018-4101 CVE-2018-4113 CVE-2018-4114 CVE-2018-4117 CVE-2018-4118 CVE-2018-4119 CVE-2018-4120 CVE-2018-4121 CVE-2018-4122 CVE-2018-4125 CVE-2018-4127 CVE-2018-4128 CVE-2018-4129 CVE-2018-4133 CVE-2018-4146 CVE-2018-4161 CVE-2018-4162 CVE-2018-4163 CVE-2018-4165 CVE-2018-4190 CVE-2018-4199 CVE-2018-4200 CVE-2018-4204 CVE-2018-4218 CVE-2018-4222 CVE-2018-4232 CVE-2018-4233 CVE-2018-4246 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libjbig2-2.0-12.13 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-6369 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libjpeg-turbo-1.5.3-31.7.4 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-9092 CVE-2017-15232 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libjson-c2-0.11-2.22 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-6370 CVE-2013-6371 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libkde4-32bit-4.12.0-10.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2016-6354 CVE-2017-8422 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libkpathsea6-6.2.0dev-22.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2018-17407 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libksba8-1.3.0-23.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-9087 CVE-2016-4574 CVE-2016-4579 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libldap-2_4-2-2.4.41-18.40.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2015-1545 CVE-2015-1546 CVE-2015-6908 CVE-2017-9287 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libldb1-1.1.29-3.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2015-3223 CVE-2015-5330 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the liblouis-data-2.6.4-6.6.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2017-13738 CVE-2017-13739 CVE-2017-13740 CVE-2017-13741 CVE-2017-13743 CVE-2017-13744 CVE-2018-11440 CVE-2018-11577 CVE-2018-11683 CVE-2018-11684 CVE-2018-11685 CVE-2018-12085 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libltdl7-2.4.2-17.4.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2009-3736 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the liblua5_2-5.2.4-6.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-5461 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the liblzo2-2-2.08-1.13 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-4607 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libmikmod3-3.2.0-4.59 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2007-6720 CVE-2009-0179 CVE-2009-3995 CVE-2009-3996 CVE-2010-2546 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libmms0-0.6.2-15.8 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-2892 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libmodplug1-0.8.9.0+git20170610.f6dd59a-15.4.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-1761 CVE-2013-4233 CVE-2013-4234 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libmpfr4-3.1.2-7.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-9474 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libmspack0-0.4-14.4 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2010-2800 CVE-2010-2801 CVE-2014-9556 CVE-2014-9732 CVE-2015-4467 CVE-2015-4468 CVE-2015-4469 CVE-2015-4470 CVE-2015-4471 CVE-2015-4472 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libmusicbrainz4-2.1.5-27.86 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2006-4197 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libmwaw-0_3-3-0.3.13-7.9.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2017-9433 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libmysqlclient18-10.0.35-1.7 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2007-5970 CVE-2008-7247 CVE-2009-4019 CVE-2009-4028 CVE-2009-4030 CVE-2010-5298 CVE-2012-5615 CVE-2013-1976 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-2494 CVE-2014-3470 CVE-2014-4207 CVE-2014-4258 CVE-2014-4260 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6474 CVE-2014-6478 CVE-2014-6484 CVE-2014-6489 CVE-2014-6491 CVE-2014-6494 CVE-2014-6495 CVE-2014-6496 CVE-2014-6500 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 CVE-2014-6564 CVE-2014-6568 CVE-2014-8964 CVE-2015-0374 CVE-2015-0381 CVE-2015-0382 CVE-2015-0391 CVE-2015-0411 CVE-2015-0432 CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501 CVE-2015-0505 CVE-2015-2325 CVE-2015-2326 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573 CVE-2015-3152 CVE-2015-4792 CVE-2015-4802 CVE-2015-4807 CVE-2015-4815 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4870 CVE-2015-4913 CVE-2015-5969 CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616 CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0651 CVE-2016-0655 CVE-2016-0666 CVE-2016-0668 CVE-2016-2047 CVE-2016-3477 CVE-2016-3492 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440 CVE-2016-5584 CVE-2016-5624 CVE-2016-5626 CVE-2016-5629 CVE-2016-6662 CVE-2016-6663 CVE-2016-6664 CVE-2016-7440 CVE-2016-8283 CVE-2017-10268 CVE-2017-10378 CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3257 CVE-2017-3258 CVE-2017-3265 CVE-2017-3291 CVE-2017-3302 CVE-2017-3308 CVE-2017-3309 CVE-2017-3312 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 CVE-2018-2562 CVE-2018-2612 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 CVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2767 CVE-2018-2771 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817 CVE-2018-2819 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libncurses5-32bit-5.9-58.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2017-10684 CVE-2017-10685 CVE-2017-11112 CVE-2017-11113 CVE-2017-13728 CVE-2017-13729 CVE-2017-13730 CVE-2017-13731 CVE-2017-13732 CVE-2017-13733 CVE-2017-13734 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libndp0-1.6-2.2 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2016-3698 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libneon27-0.30.0-3.65 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2009-2473 CVE-2009-2474 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libnetpbm11-10.66.3-7.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2016-6354 CVE-2017-2581 CVE-2017-2586 CVE-2017-2587 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libnewt0_52-0.52.16-1.83 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2009-2905 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libnghttp2-14-1.7.1-1.84 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2016-1544 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libofx-0.9.9-3.7.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2017-14731 CVE-2017-2816 CVE-2017-2920 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libopenjp2-7-2.1.0-4.9.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2015-1239 CVE-2015-8871 CVE-2016-10507 CVE-2016-7163 CVE-2016-7445 CVE-2016-8332 CVE-2016-9112 CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 CVE-2016-9572 CVE-2016-9573 CVE-2016-9580 CVE-2016-9581 CVE-2017-14039 CVE-2017-14040 CVE-2017-14041 CVE-2017-14164 CVE-2017-17479 CVE-2017-17480 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libopenssl-1_0_0-devel-1.0.2p-2.11 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2006-7250 CVE-2008-5077 CVE-2009-0590 CVE-2009-0591 CVE-2009-0789 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 CVE-2010-0740 CVE-2010-0742 CVE-2010-1633 CVE-2010-2939 CVE-2010-3864 CVE-2010-5298 CVE-2011-0014 CVE-2011-3207 CVE-2011-3210 CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 CVE-2012-0027 CVE-2012-0050 CVE-2012-0884 CVE-2012-1165 CVE-2012-2110 CVE-2012-2686 CVE-2012-4929 CVE-2013-0166 CVE-2013-0169 CVE-2013-4353 CVE-2013-6449 CVE-2013-6450 CVE-2014-0076 CVE-2014-0160 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 CVE-2014-3512 CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-5139 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0293 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 CVE-2015-3197 CVE-2015-3216 CVE-2015-4000 CVE-2016-0702 CVE-2016-0705 CVE-2016-0797 CVE-2016-0798 CVE-2016-0799 CVE-2016-0800 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2109 CVE-2016-2176 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 CVE-2016-7052 CVE-2016-7055 CVE-2017-3731 CVE-2017-3732 CVE-2017-3735 CVE-2017-3736 CVE-2017-3737 CVE-2017-3738 CVE-2018-0732 CVE-2018-0737 CVE-2018-0739 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libopenssl-devel-1.0.2p-1.13 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2006-7250 CVE-2008-5077 CVE-2009-0590 CVE-2009-0591 CVE-2009-0789 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 CVE-2010-0740 CVE-2010-0742 CVE-2010-1633 CVE-2010-2939 CVE-2010-3864 CVE-2010-5298 CVE-2011-0014 CVE-2011-3207 CVE-2011-3210 CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 CVE-2012-0027 CVE-2012-0050 CVE-2012-0884 CVE-2012-1165 CVE-2012-2110 CVE-2012-2686 CVE-2012-4929 CVE-2013-0166 CVE-2013-0169 CVE-2013-4353 CVE-2013-6449 CVE-2013-6450 CVE-2014-0076 CVE-2014-0160 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 CVE-2014-3512 CVE-2014-3513 CVE-2014-3567 CVE-2014-3568 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-5139 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0293 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-1793 CVE-2015-1794 CVE-2015-3193 CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 CVE-2015-3197 CVE-2016-0701 CVE-2016-0702 CVE-2016-0705 CVE-2016-0797 CVE-2016-0798 CVE-2016-0800 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2109 CVE-2016-2176 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 CVE-2016-7052 CVE-2016-7055 CVE-2016-7056 CVE-2017-3731 CVE-2017-3732 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libopenssl0_9_8-0.9.8j-106.6.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2006-7250 CVE-2009-0590 CVE-2009-0591 CVE-2009-0789 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 CVE-2009-3245 CVE-2009-3555 CVE-2009-4355 CVE-2009-5146 CVE-2010-0740 CVE-2010-2939 CVE-2010-3864 CVE-2010-4180 CVE-2010-4252 CVE-2011-0014 CVE-2011-3210 CVE-2011-4108 CVE-2011-4109 CVE-2011-4354 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 CVE-2011-5095 CVE-2012-0050 CVE-2012-0884 CVE-2012-1165 CVE-2012-2110 CVE-2012-2131 CVE-2012-2333 CVE-2012-4929 CVE-2013-0166 CVE-2013-0169 CVE-2014-0076 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3510 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0292 CVE-2015-0293 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-3195 CVE-2015-3197 CVE-2015-3216 CVE-2015-4000 CVE-2016-0702 CVE-2016-0797 CVE-2016-0799 CVE-2016-0800 CVE-2016-2105 CVE-2016-2106 CVE-2016-2108 CVE-2016-2109 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 CVE-2016-7056 CVE-2016-8610 CVE-2018-0732 CVE-2018-0737 CVE-2018-0739 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libopenssl1_1-1.1.1-1.9 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2006-7250 CVE-2008-5077 CVE-2009-0590 CVE-2009-0591 CVE-2009-0789 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 CVE-2010-0740 CVE-2010-0742 CVE-2010-1633 CVE-2010-2939 CVE-2010-3864 CVE-2010-5298 CVE-2011-0014 CVE-2011-3207 CVE-2011-3210 CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 CVE-2012-0027 CVE-2012-0050 CVE-2012-0884 CVE-2012-1165 CVE-2012-2110 CVE-2012-2686 CVE-2012-4929 CVE-2013-0166 CVE-2013-0169 CVE-2013-4353 CVE-2013-6449 CVE-2013-6450 CVE-2014-0076 CVE-2014-0160 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 CVE-2014-3512 CVE-2014-3513 CVE-2014-3567 CVE-2014-3568 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-5139 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0293 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-1793 CVE-2015-1794 CVE-2015-3193 CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 CVE-2015-3197 CVE-2016-0701 CVE-2016-0702 CVE-2016-0705 CVE-2016-0797 CVE-2016-0798 CVE-2016-0800 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2109 CVE-2016-2176 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 CVE-2016-7052 CVE-2016-7055 CVE-2016-7056 CVE-2017-3731 CVE-2017-3732 CVE-2017-3735 CVE-2017-3736 CVE-2017-3738 CVE-2018-0732 CVE-2018-0737 CVE-2018-0739 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libopus0-1.1-3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2017-0381 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libosip2-3.5.0-20.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2016-10324 CVE-2016-10325 CVE-2016-10326 CVE-2017-7853 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libotr5-4.0.0-9.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2016-2851 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libpango-1_0-0-1.40.1-9.5 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-0020 CVE-2011-0064 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libpcre1-32bit-8.39-8.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-8964 CVE-2015-2325 CVE-2015-2327 CVE-2015-2328 CVE-2015-3210 CVE-2015-3217 CVE-2015-5073 CVE-2015-8380 CVE-2016-1283 CVE-2016-3191 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libpcsclite1-1.8.10-7.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2010-0407 CVE-2010-4531 CVE-2016-10109 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libplist++3-1.12-20.3.2 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2017-5209 CVE-2017-5545 CVE-2017-5834 CVE-2017-5835 CVE-2017-5836 CVE-2017-6435 CVE-2017-6436 CVE-2017-6437 CVE-2017-6438 CVE-2017-6439 CVE-2017-6440 CVE-2017-7982 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libpng12-0-1.2.50-19.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2010-1205 CVE-2011-2501 CVE-2011-3026 CVE-2011-3045 CVE-2011-3048 CVE-2012-3386 CVE-2013-7353 CVE-2013-7354 CVE-2015-7981 CVE-2015-8126 CVE-2015-8540 CVE-2016-10087 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libpng15-15-1.5.22-9.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2010-1205 CVE-2011-2501 CVE-2011-2690 CVE-2011-2691 CVE-2011-2692 CVE-2011-3026 CVE-2011-3048 CVE-2011-3328 CVE-2011-3464 CVE-2012-3386 CVE-2015-8126 CVE-2015-8540 CVE-2016-10087 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libpng16-16-1.6.8-14.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2010-1205 CVE-2011-2501 CVE-2011-2690 CVE-2011-2691 CVE-2011-2692 CVE-2011-3328 CVE-2013-6954 CVE-2014-0333 CVE-2014-9495 CVE-2015-0973 CVE-2015-8126 CVE-2016-10087 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libpodofo0_9_2-0.9.2-3.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2017-5852 CVE-2017-5853 CVE-2017-5854 CVE-2017-5855 CVE-2017-5886 CVE-2017-6840 CVE-2017-6844 CVE-2017-6847 CVE-2017-7378 CVE-2017-7379 CVE-2017-7380 CVE-2017-7994 CVE-2017-8054 CVE-2017-8787 CVE-2018-5308 CVE-2018-8001 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libpolkit0-0.113-5.12.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2010-0750 CVE-2011-1485 CVE-2013-4288 CVE-2015-3218 CVE-2015-3255 CVE-2015-3256 CVE-2015-4625 CVE-2018-1116 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libpoppler-glib8-0.43.0-16.15.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 CVE-2009-1187 CVE-2009-1188 CVE-2009-3607 CVE-2009-3608 CVE-2013-1788 CVE-2013-1789 CVE-2013-1790 CVE-2013-4473 CVE-2013-4474 CVE-2017-1000456 CVE-2017-14517 CVE-2017-14518 CVE-2017-14520 CVE-2017-14617 CVE-2017-14928 CVE-2017-14975 CVE-2017-14976 CVE-2017-14977 CVE-2017-15565 CVE-2017-7511 CVE-2017-7515 CVE-2017-9406 CVE-2017-9408 CVE-2017-9775 CVE-2017-9776 CVE-2017-9865 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libprocps3-3.3.9-11.14.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libproxy1-0.4.13-16.3 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2012-4504 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libpulse-mainloop-glib0-32bit-5.0-4.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-3970 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libpython2_7-1_0-2.7.13-28.11.2 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-1521 CVE-2011-3389 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 CVE-2013-1752 CVE-2013-1753 CVE-2013-4238 CVE-2014-1912 CVE-2014-4650 CVE-2014-7185 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 CVE-2017-1000158 CVE-2017-18207 CVE-2018-1000030 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libpython3_4m1_0-3.4.6-25.16.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-3389 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 CVE-2013-1752 CVE-2013-4238 CVE-2014-2667 CVE-2014-4650 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 CVE-2017-18207 CVE-2018-1060 CVE-2018-1061 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libqpdf18-7.1.1-3.3.4 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2017-11624 CVE-2017-11625 CVE-2017-11626 CVE-2017-11627 CVE-2017-12595 CVE-2017-9208 CVE-2017-9209 CVE-2017-9210 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libqt4-32bit-4.8.7-8.8.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2009-0945 CVE-2011-3193 CVE-2011-3922 CVE-2012-4929 CVE-2012-6093 CVE-2013-0254 CVE-2013-4549 CVE-2014-0190 CVE-2015-0295 CVE-2015-1858 CVE-2015-1859 CVE-2015-1860 CVE-2016-10040 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libquicktime0-1.2.4-14.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2016-2399 CVE-2017-9122 CVE-2017-9123 CVE-2017-9124 CVE-2017-9125 CVE-2017-9126 CVE-2017-9127 CVE-2017-9128 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libraptor2-0-2.0.10-3.67 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2012-0037 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libraw9-0.15.4-21.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-2126 CVE-2013-2127 CVE-2015-3885 CVE-2015-8367 CVE-2017-13735 CVE-2017-14608 CVE-2017-16909 CVE-2017-6886 CVE-2017-6887 CVE-2017-6890 CVE-2017-6899 CVE-2018-5800 CVE-2018-5801 CVE-2018-5802 CVE-2018-5810 CVE-2018-5813 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libreoffice-6.0.5.2-43.38.5 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2010-2935 CVE-2010-2936 CVE-2014-0247 CVE-2014-3524 CVE-2014-3575 CVE-2014-3693 CVE-2014-8146 CVE-2014-8147 CVE-2014-9093 CVE-2015-4551 CVE-2015-5212 CVE-2015-5213 CVE-2015-5214 CVE-2016-0794 CVE-2016-0795 CVE-2016-10327 CVE-2016-4324 CVE-2017-3157 CVE-2017-7870 CVE-2017-7882 CVE-2017-8358 CVE-2018-10119 CVE-2018-10120 CVE-2018-1055 CVE-2018-10583 CVE-2018-6871 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libruby2_1-2_1-2.1.9-18.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-3566 CVE-2014-4975 CVE-2014-8080 CVE-2014-8090 CVE-2015-1855 CVE-2015-3900 CVE-2015-7551 CVE-2016-2339 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libsilc-1_1-2-1.1.10-24.128 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2008-1227 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libsmi-0.4.8-18.63 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2010-2891 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libsndfile1-1.0.25-36.16.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2009-0186 CVE-2011-2696 CVE-2014-9496 CVE-2014-9756 CVE-2015-7805 CVE-2015-8075 CVE-2017-14245 CVE-2017-14246 CVE-2017-14634 CVE-2017-16942 CVE-2017-17456 CVE-2017-17457 CVE-2017-6892 CVE-2017-7585 CVE-2017-7586 CVE-2017-7741 CVE-2017-7742 CVE-2017-8361 CVE-2017-8362 CVE-2017-8363 CVE-2017-8365 CVE-2018-13139 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libsnmp30-32bit-5.7.3-6.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2012-2141 CVE-2014-2284 CVE-2014-2285 CVE-2014-3565 CVE-2015-5621 CVE-2018-18065 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libsoup-2_4-1-2.62.2-5.7.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-2054 CVE-2017-2885 CVE-2018-12910 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libspice-client-glib-2_0-8-0.33-3.6.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2012-4425 CVE-2017-12194 CVE-2018-10873 CVE-2018-10893 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libspice-server1-0.12.8-6.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-4282 CVE-2015-3247 CVE-2015-5260 CVE-2015-5261 CVE-2016-0749 CVE-2016-2150 CVE-2016-9577 CVE-2016-9578 CVE-2017-7506 CVE-2018-10873 CVE-2018-10893 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libsqlite3-0-3.8.10.2-8.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2016-6153 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libsrtp1-1.5.2-3.2.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-2139 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libssh2-1-1.4.3-19.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2015-1782 CVE-2016-0787 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libssh4-0.6.3-12.6.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2012-4559 CVE-2012-4560 CVE-2012-4561 CVE-2013-0176 CVE-2014-0017 CVE-2014-8132 CVE-2015-3146 CVE-2016-0739 CVE-2018-10933 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libstaroffice-0_0-0-0.0.5-7.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2017-9432 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libsystemd0-228-150.49.2 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2012-1174 CVE-2013-4288 CVE-2016-10156 CVE-2016-7795 CVE-2017-15908 CVE-2017-18078 CVE-2017-9217 CVE-2017-9445 CVE-2018-1049 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libtag1-1.9.1-1.265 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2012-2396 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libtasn1-4.9-3.5.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-3467 CVE-2014-3468 CVE-2014-3469 CVE-2015-2806 CVE-2015-3622 CVE-2016-4008 CVE-2018-6003 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libthai-data-0.1.25-4.2 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2009-4012 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libtiff5-32bit-4.0.9-44.24.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2009-2285 CVE-2009-2347 CVE-2010-2065 CVE-2010-2067 CVE-2010-2233 CVE-2010-4665 CVE-2011-0192 CVE-2011-1167 CVE-2012-1173 CVE-2012-2113 CVE-2012-3401 CVE-2012-4564 CVE-2013-1960 CVE-2013-1961 CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130 CVE-2014-9655 CVE-2015-1547 CVE-2015-7554 CVE-2015-8665 CVE-2015-8683 CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2016-10095 CVE-2016-10266 CVE-2016-10267 CVE-2016-10268 CVE-2016-10269 CVE-2016-10270 CVE-2016-10271 CVE-2016-10272 CVE-2016-10371 CVE-2016-3186 CVE-2016-3622 CVE-2016-3623 CVE-2016-3632 CVE-2016-3658 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5314 CVE-2016-5316 CVE-2016-5317 CVE-2016-5318 CVE-2016-5319 CVE-2016-5320 CVE-2016-5321 CVE-2016-5323 CVE-2016-5652 CVE-2016-5875 CVE-2016-8331 CVE-2016-9273 CVE-2016-9297 CVE-2016-9448 CVE-2016-9453 CVE-2016-9538 CVE-2017-11613 CVE-2017-16232 CVE-2017-17942 CVE-2017-17973 CVE-2017-18013 CVE-2017-5225 CVE-2017-7592 CVE-2017-7593 CVE-2017-7594 CVE-2017-7595 CVE-2017-7596 CVE-2017-7597 CVE-2017-7598 CVE-2017-7599 CVE-2017-7600 CVE-2017-7601 CVE-2017-7602 CVE-2017-9403 CVE-2017-9404 CVE-2017-9935 CVE-2017-9936 CVE-2018-10779 CVE-2018-10963 CVE-2018-16335 CVE-2018-17100 CVE-2018-17101 CVE-2018-17795 CVE-2018-5784 CVE-2018-7456 CVE-2018-8905 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libtirpc-netconfig-1.0.1-17.6.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2017-8779 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libudisks2-0-2.1.3-1.14 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-0004 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libusbmuxd4-1.0.10-2.3 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2016-5104 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libvdpau1-1.1.1-6.73 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2015-5198 CVE-2015-5199 CVE-2015-5200 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libvirglrenderer0-0.5.0-11.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2016-10163 CVE-2016-10214 CVE-2017-5580 CVE-2017-5937 CVE-2017-5956 CVE-2017-5957 CVE-2017-5993 CVE-2017-5994 CVE-2017-6209 CVE-2017-6210 CVE-2017-6317 CVE-2017-6355 CVE-2017-6386 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libvirt-4.0.0-6.13 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2010-2242 CVE-2011-1146 CVE-2011-2511 CVE-2011-4600 CVE-2012-3445 CVE-2013-0170 CVE-2013-1962 CVE-2013-2218 CVE-2013-2230 CVE-2013-4153 CVE-2013-4154 CVE-2013-4239 CVE-2013-4296 CVE-2013-4297 CVE-2013-4311 CVE-2013-4399 CVE-2013-4400 CVE-2013-4401 CVE-2013-6436 CVE-2013-6456 CVE-2013-6457 CVE-2013-6458 CVE-2014-0028 CVE-2014-0179 CVE-2014-1447 CVE-2014-3633 CVE-2014-3657 CVE-2014-7823 CVE-2014-8131 CVE-2015-0236 CVE-2015-5247 CVE-2015-5313 CVE-2017-1000256 CVE-2017-2635 CVE-2017-5715 CVE-2018-1064 CVE-2018-3639 CVE-2018-5748 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libvmtools0-10.3.0-2.6 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2015-5191 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libvorbis0-1.3.3-10.14.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2008-1420 CVE-2009-3379 CVE-2012-0444 CVE-2017-14160 CVE-2017-14632 CVE-2017-14633 CVE-2018-10392 CVE-2018-10393 CVE-2018-5146 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libvpx1-1.3.0-3.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2017-13194 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libvte9-0.28.2-19.7 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2012-2738 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libwavpack1-4.60.99-5.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2016-10169 CVE-2016-10170 CVE-2016-10171 CVE-2016-10172 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libwireshark9-2.4.9-48.29.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2009-1210 CVE-2009-1267 CVE-2009-1268 CVE-2009-1269 CVE-2009-3241 CVE-2009-3242 CVE-2009-3243 CVE-2010-1455 CVE-2010-2993 CVE-2010-3445 CVE-2010-4300 CVE-2010-4301 CVE-2010-4538 CVE-2011-0024 CVE-2011-0538 CVE-2011-0713 CVE-2011-1138 CVE-2011-1139 CVE-2011-1140 CVE-2011-1143 CVE-2011-1590 CVE-2011-1591 CVE-2011-1592 CVE-2011-1957 CVE-2011-1958 CVE-2011-1959 CVE-2011-2174 CVE-2011-2175 CVE-2011-2597 CVE-2011-2698 CVE-2011-3266 CVE-2011-3360 CVE-2011-3483 CVE-2012-2392 CVE-2012-2393 CVE-2012-2394 CVE-2012-3548 CVE-2012-4048 CVE-2012-4049 CVE-2012-4285 CVE-2012-4286 CVE-2012-4287 CVE-2012-4288 CVE-2012-4289 CVE-2012-4290 CVE-2012-4291 CVE-2012-4292 CVE-2012-4293 CVE-2012-4294 CVE-2012-4295 CVE-2012-4296 CVE-2012-4297 CVE-2012-4298 CVE-2012-5237 CVE-2012-5238 CVE-2012-5239 CVE-2012-5240 CVE-2012-5592 CVE-2012-5593 CVE-2012-5594 CVE-2012-5595 CVE-2012-5596 CVE-2012-5597 CVE-2012-5598 CVE-2012-5599 CVE-2012-5600 CVE-2012-5601 CVE-2012-5602 CVE-2013-1572 CVE-2013-1573 CVE-2013-1574 CVE-2013-1575 CVE-2013-1576 CVE-2013-1577 CVE-2013-1578 CVE-2013-1579 CVE-2013-1580 CVE-2013-1581 CVE-2013-1582 CVE-2013-1583 CVE-2013-1584 CVE-2013-1585 CVE-2013-1586 CVE-2013-1587 CVE-2013-1588 CVE-2013-1589 CVE-2013-1590 CVE-2013-2475 CVE-2013-2476 CVE-2013-2477 CVE-2013-2478 CVE-2013-2479 CVE-2013-2480 CVE-2013-2481 CVE-2013-2482 CVE-2013-2483 CVE-2013-2484 CVE-2013-2485 CVE-2013-2486 CVE-2013-2487 CVE-2013-2488 CVE-2013-3555 CVE-2013-3556 CVE-2013-3557 CVE-2013-3558 CVE-2013-3559 CVE-2013-3560 CVE-2013-3561 CVE-2013-3562 CVE-2013-4083 CVE-2013-4920 CVE-2013-4921 CVE-2013-4922 CVE-2013-4923 CVE-2013-4924 CVE-2013-4925 CVE-2013-4926 CVE-2013-4927 CVE-2013-4928 CVE-2013-4929 CVE-2013-4930 CVE-2013-4931 CVE-2013-4932 CVE-2013-4933 CVE-2013-4934 CVE-2013-4935 CVE-2013-4936 CVE-2013-5717 CVE-2013-5718 CVE-2013-5719 CVE-2013-5720 CVE-2013-5721 CVE-2013-5722 CVE-2013-6336 CVE-2013-6337 CVE-2013-6338 CVE-2013-6339 CVE-2013-6340 CVE-2013-7112 CVE-2013-7113 CVE-2013-7114 CVE-2014-2281 CVE-2014-2282 CVE-2014-2283 CVE-2014-2299 CVE-2014-2907 CVE-2014-4020 CVE-2014-5161 CVE-2014-5162 CVE-2014-5163 CVE-2014-5164 CVE-2014-5165 CVE-2015-0559 CVE-2015-0560 CVE-2015-0561 CVE-2015-0562 CVE-2015-0563 CVE-2015-0564 CVE-2015-2188 CVE-2015-2189 CVE-2015-2191 CVE-2015-3811 CVE-2015-3812 CVE-2015-3813 CVE-2015-3814 CVE-2015-7830 CVE-2015-8711 CVE-2015-8712 CVE-2015-8713 CVE-2015-8714 CVE-2015-8715 CVE-2015-8716 CVE-2015-8717 CVE-2015-8718 CVE-2015-8719 CVE-2015-8720 CVE-2015-8721 CVE-2015-8722 CVE-2015-8723 CVE-2015-8724 CVE-2015-8725 CVE-2015-8726 CVE-2015-8727 CVE-2015-8728 CVE-2015-8729 CVE-2015-8730 CVE-2015-8731 CVE-2015-8732 CVE-2015-8733 CVE-2016-2523 CVE-2016-2530 CVE-2016-2531 CVE-2016-2532 CVE-2016-5350 CVE-2016-5351 CVE-2016-5352 CVE-2016-5353 CVE-2016-5354 CVE-2016-5355 CVE-2016-5356 CVE-2016-5357 CVE-2016-5358 CVE-2016-5359 CVE-2016-6354 CVE-2016-6504 CVE-2016-6505 CVE-2016-6506 CVE-2016-6507 CVE-2016-6508 CVE-2016-6509 CVE-2016-6510 CVE-2016-6511 CVE-2016-7175 CVE-2016-7176 CVE-2016-7177 CVE-2016-7178 CVE-2016-7179 CVE-2016-7180 CVE-2016-9373 CVE-2016-9374 CVE-2016-9375 CVE-2016-9376 CVE-2017-11406 CVE-2017-11407 CVE-2017-11408 CVE-2017-11410 CVE-2017-11411 CVE-2017-13765 CVE-2017-13766 CVE-2017-13767 CVE-2017-15191 CVE-2017-15192 CVE-2017-15193 CVE-2017-17083 CVE-2017-17084 CVE-2017-17085 CVE-2017-17935 CVE-2017-17997 CVE-2017-5596 CVE-2017-5597 CVE-2017-5753 CVE-2017-6014 CVE-2017-7700 CVE-2017-7701 CVE-2017-7702 CVE-2017-7703 CVE-2017-7704 CVE-2017-7705 CVE-2017-7745 CVE-2017-7746 CVE-2017-7747 CVE-2017-7748 CVE-2017-9343 CVE-2017-9344 CVE-2017-9345 CVE-2017-9346 CVE-2017-9347 CVE-2017-9348 CVE-2017-9349 CVE-2017-9350 CVE-2017-9351 CVE-2017-9352 CVE-2017-9353 CVE-2017-9354 CVE-2017-9617 CVE-2017-9766 CVE-2018-11354 CVE-2018-11355 CVE-2018-11356 CVE-2018-11357 CVE-2018-11358 CVE-2018-11359 CVE-2018-11360 CVE-2018-11361 CVE-2018-11362 CVE-2018-14339 CVE-2018-14340 CVE-2018-14341 CVE-2018-14342 CVE-2018-14343 CVE-2018-14344 CVE-2018-14367 CVE-2018-14368 CVE-2018-14369 CVE-2018-14370 CVE-2018-16056 CVE-2018-16057 CVE-2018-16058 CVE-2018-5334 CVE-2018-5335 CVE-2018-5336 CVE-2018-7320 CVE-2018-7321 CVE-2018-7322 CVE-2018-7323 CVE-2018-7324 CVE-2018-7325 CVE-2018-7326 CVE-2018-7327 CVE-2018-7328 CVE-2018-7329 CVE-2018-7330 CVE-2018-7331 CVE-2018-7332 CVE-2018-7333 CVE-2018-7334 CVE-2018-7335 CVE-2018-7336 CVE-2018-7337 CVE-2018-7417 CVE-2018-7418 CVE-2018-7419 CVE-2018-7420 CVE-2018-7421 CVE-2018-9256 CVE-2018-9259 CVE-2018-9260 CVE-2018-9261 CVE-2018-9262 CVE-2018-9263 CVE-2018-9264 CVE-2018-9265 CVE-2018-9266 CVE-2018-9267 CVE-2018-9268 CVE-2018-9269 CVE-2018-9270 CVE-2018-9271 CVE-2018-9272 CVE-2018-9273 CVE-2018-9274 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libwmf-0_2-7-0.2.8.4-242.3 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2015-0848 CVE-2015-4588 CVE-2015-4695 CVE-2015-4696 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libwpd-0_10-10-0.10.2-2.4.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2017-14226 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libxcb-dri2-0-1.10-4.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-2064 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libxerces-c-3_1-3.1.1-12.3 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2009-1885 CVE-2015-0252 CVE-2016-0729 CVE-2016-2099 CVE-2016-4463 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libxml2-2-2.9.4-46.15.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2008-4225 CVE-2008-4226 CVE-2008-4409 CVE-2010-4494 CVE-2011-1944 CVE-2012-5134 CVE-2013-0338 CVE-2013-1969 CVE-2014-0191 CVE-2014-3660 CVE-2015-1819 CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942 CVE-2015-8035 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317 CVE-2015-8710 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-3627 CVE-2016-3705 CVE-2016-4483 CVE-2016-4658 CVE-2016-5131 CVE-2016-9318 CVE-2016-9597 CVE-2017-0663 CVE-2017-15412 CVE-2017-18258 CVE-2017-5130 CVE-2017-5969 CVE-2017-7375 CVE-2017-7376 CVE-2017-8872 CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050 CVE-2018-14404 CVE-2018-14567 CVE-2018-9251 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libxslt-tools-1.1.28-16.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2015-7995 CVE-2015-9019 CVE-2016-4738 CVE-2017-5029 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libyaml-0-2-0.1.6-7.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-6393 CVE-2014-2525 CVE-2014-9130 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libyaml-cpp0_5-0.5.3-3.3.2 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2017-5950 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libykcs11-1-1.5.0-3.16 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2018-14779 CVE-2018-14780 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libz1-1.2.11-1.27 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2016-9843 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libzip2-0.11.1-13.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-0421 CVE-2012-1162 CVE-2012-1163 CVE-2015-2331 CVE-2017-14107 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libzmq3-4.0.4-14.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-7202 CVE-2014-7203 CVE-2014-9721 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libzypp-16.19.0-2.36.3 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2017-7435 CVE-2017-7436 CVE-2017-9269 CVE-2018-7685 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the libzzip-0-13-0.13.67-10.14.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2017-5974 CVE-2017-5975 CVE-2017-5976 CVE-2017-5977 CVE-2017-5978 CVE-2017-5979 CVE-2017-5981 CVE-2018-17828 CVE-2018-6381 CVE-2018-6484 CVE-2018-6540 CVE-2018-6542 CVE-2018-7725 CVE-2018-7726 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the logrotate-3.11.0-2.11.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-1098 CVE-2011-1154 CVE-2011-1155 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the m4-1.4.16-15.74 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2009-4029 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the mailx-12.5-28.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2004-2771 CVE-2014-7844 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the mariadb-10.2.18-1.7 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2007-5970 CVE-2008-7247 CVE-2009-4019 CVE-2009-4028 CVE-2009-4030 CVE-2010-5298 CVE-2012-5615 CVE-2013-1976 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-2494 CVE-2014-3470 CVE-2014-4207 CVE-2014-4258 CVE-2014-4260 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6474 CVE-2014-6478 CVE-2014-6484 CVE-2014-6489 CVE-2014-6491 CVE-2014-6494 CVE-2014-6495 CVE-2014-6496 CVE-2014-6500 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 CVE-2014-6564 CVE-2014-6568 CVE-2014-8964 CVE-2015-0374 CVE-2015-0381 CVE-2015-0382 CVE-2015-0391 CVE-2015-0411 CVE-2015-0432 CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501 CVE-2015-0505 CVE-2015-2325 CVE-2015-2326 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573 CVE-2015-3152 CVE-2015-4792 CVE-2015-4802 CVE-2015-4807 CVE-2015-4815 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4870 CVE-2015-4913 CVE-2015-5969 CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616 CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0651 CVE-2016-0655 CVE-2016-0666 CVE-2016-0668 CVE-2016-2047 CVE-2016-3477 CVE-2016-3492 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440 CVE-2016-5584 CVE-2016-5624 CVE-2016-5626 CVE-2016-5629 CVE-2016-6662 CVE-2016-6663 CVE-2016-6664 CVE-2016-7440 CVE-2016-8283 CVE-2017-10268 CVE-2017-10320 CVE-2017-10365 CVE-2017-10378 CVE-2017-15365 CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3257 CVE-2017-3258 CVE-2017-3265 CVE-2017-3291 CVE-2017-3302 CVE-2017-3308 CVE-2017-3309 CVE-2017-3312 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 CVE-2018-2562 CVE-2018-2612 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 CVE-2018-2755 CVE-2018-2759 CVE-2018-2761 CVE-2018-2766 CVE-2018-2767 CVE-2018-2771 CVE-2018-2777 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2786 CVE-2018-2787 CVE-2018-2810 CVE-2018-2813 CVE-2018-2817 CVE-2018-2819 CVE-2018-3058 CVE-2018-3060 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the minicom-2.7-3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2017-7467 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the mipv6d-2.0.2.umip.0.4-19.77 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2010-2522 CVE-2010-2523 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the mozilla-nspr-32bit-4.13.1-18.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-1545 CVE-2015-7183 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the mutt-1.10.1-55.6.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-0467 CVE-2014-9116 CVE-2018-14349 CVE-2018-14350 CVE-2018-14351 CVE-2018-14352 CVE-2018-14353 CVE-2018-14354 CVE-2018-14355 CVE-2018-14356 CVE-2018-14357 CVE-2018-14358 CVE-2018-14359 CVE-2018-14360 CVE-2018-14361 CVE-2018-14362 CVE-2018-14363 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the ntp-4.2.8p12-64.8.2 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2009-0159 CVE-2009-1252 CVE-2013-5211 CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 CVE-2014-9297 CVE-2014-9298 CVE-2015-1798 CVE-2015-1799 CVE-2015-3405 CVE-2015-5219 CVE-2015-5300 CVE-2015-7691 CVE-2015-7692 CVE-2015-7701 CVE-2015-7702 CVE-2015-7703 CVE-2015-7704 CVE-2015-7705 CVE-2015-7848 CVE-2015-7849 CVE-2015-7850 CVE-2015-7851 CVE-2015-7852 CVE-2015-7853 CVE-2015-7854 CVE-2015-7855 CVE-2015-7871 CVE-2015-7973 CVE-2015-7974 CVE-2015-7975 CVE-2015-7976 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 CVE-2015-8138 CVE-2015-8139 CVE-2015-8140 CVE-2015-8158 CVE-2016-1547 CVE-2016-1548 CVE-2016-1549 CVE-2016-1550 CVE-2016-1551 CVE-2016-2516 CVE-2016-2517 CVE-2016-2518 CVE-2016-2519 CVE-2016-4953 CVE-2016-4954 CVE-2016-4955 CVE-2016-4956 CVE-2016-4957 CVE-2016-7426 CVE-2016-7427 CVE-2016-7428 CVE-2016-7429 CVE-2016-7431 CVE-2016-7433 CVE-2016-7434 CVE-2016-9042 CVE-2016-9310 CVE-2016-9311 CVE-2017-6451 CVE-2017-6458 CVE-2017-6460 CVE-2017-6462 CVE-2017-6463 CVE-2017-6464 CVE-2018-12327 CVE-2018-7170 CVE-2018-7182 CVE-2018-7183 CVE-2018-7184 CVE-2018-7185 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the openconnect-7.08-1.27 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2012-3291 CVE-2012-6128 CVE-2013-7098 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the opensc-0.13.0-1.122 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2009-0368 CVE-2010-4523 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the openslp-2.0.0-18.17.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2010-3609 CVE-2016-4912 CVE-2016-6354 CVE-2016-7567 CVE-2017-17833 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the openssh-7.2p2-74.25.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2008-1483 CVE-2014-2653 CVE-2015-5352 CVE-2015-5600 CVE-2015-6563 CVE-2015-6564 CVE-2015-8325 CVE-2016-0777 CVE-2016-0778 CVE-2016-10009 CVE-2016-10010 CVE-2016-10011 CVE-2016-10012 CVE-2016-10708 CVE-2016-1908 CVE-2016-3115 CVE-2016-6210 CVE-2016-6515 CVE-2016-8858 CVE-2017-15906 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the openvpn-2.3.8-16.20.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-8104 CVE-2016-6329 CVE-2017-12166 CVE-2017-7478 CVE-2017-7479 CVE-2017-7508 CVE-2017-7520 CVE-2017-7521 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the p7zip-9.20.1-7.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2015-1038 CVE-2016-1372 CVE-2016-2335 CVE-2017-17969 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the pam-1.1.8-24.14.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2010-3430 CVE-2010-3431 CVE-2010-3853 CVE-2011-3148 CVE-2011-3149 CVE-2014-2583 CVE-2015-3238 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the pam-modules-12.1-23.12 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-3172 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the pam_krb5-2.4.4-4.5 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2008-3825 CVE-2009-1384 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the pam_ssh-2.0-1.40 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2009-1273 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the pam_yubico-2.26-1.25 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2018-9275 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the patch-2.7.5-8.5.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2010-4651 CVE-2015-1196 CVE-2015-1395 CVE-2015-1396 CVE-2016-10713 CVE-2018-1000156 CVE-2018-6951 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the pcsc-ccid-1.4.25-4.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2010-4530 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the perl-32bit-5.18.2-12.17.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2010-2761 CVE-2010-4410 CVE-2010-4411 CVE-2010-4777 CVE-2015-8853 CVE-2016-1238 CVE-2016-2381 CVE-2016-6185 CVE-2017-12837 CVE-2017-12883 CVE-2017-6512 CVE-2018-12015 CVE-2018-6797 CVE-2018-6798 CVE-2018-6913 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the perl-Archive-Zip-1.34-3.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2018-10860 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the perl-Config-IniFiles-2.82-3.14 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2012-2451 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the perl-HTML-Parser-3.71-1.178 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2009-3627 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the perl-LWP-Protocol-https-6.04-5.4 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-3230 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the perl-Tk-804.031-3.82 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2006-4484 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the perl-XML-LibXML-2.0019-6.3.5 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2015-3451 CVE-2017-10672 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the perl-YAML-LibYAML-0.38-10.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2012-1152 CVE-2013-6393 CVE-2014-2525 CVE-2014-9130 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the pidgin-plugin-otr-4.0.2-1.29 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2012-2369 CVE-2015-8833 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the pigz-2.3-5.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2015-1191 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the ppp-2.4.7-3.4 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-3158 CVE-2015-3310 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the procmail-3.22-269.3.5 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-3618 CVE-2017-16844 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the puppet-3.8.5-15.9.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-3848 CVE-2011-3872 CVE-2012-3864 CVE-2012-3865 CVE-2012-3866 CVE-2012-3867 CVE-2013-3567 CVE-2013-4761 CVE-2013-4956 CVE-2014-3248 CVE-2014-3253 CVE-2017-10689 CVE-2017-2295 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the python-2.7.13-28.11.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-4238 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 CVE-2017-1000158 CVE-2017-18207 CVE-2018-1000030 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the python-cupshelpers-1.5.7-7.5 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-4405 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the python-imaging-1.1.7-21.15 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-1932 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the python-libxml2-2.9.4-46.15.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2008-4225 CVE-2008-4226 CVE-2008-4409 CVE-2012-5134 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-3627 CVE-2016-3705 CVE-2016-4483 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the python-pyOpenSSL-16.0.0-4.6.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-4314 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the python-pywbem-0.7.0-4.7 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-6418 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the python-requests-2.11.1-6.28.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-1829 CVE-2014-1830 CVE-2015-2296 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the python3-3.4.6-25.16.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-4238 CVE-2014-4650 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 CVE-2017-18207 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the python3-requests-2.7.0-2.3 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-1829 CVE-2014-1830 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the qemu-2.11.2-4.14 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2008-0928 CVE-2008-1945 CVE-2008-2382 CVE-2008-4539 CVE-2012-3515 CVE-2013-4148 CVE-2013-4149 CVE-2013-4150 CVE-2013-4151 CVE-2013-4526 CVE-2013-4527 CVE-2013-4529 CVE-2013-4530 CVE-2013-4531 CVE-2013-4533 CVE-2013-4534 CVE-2013-4535 CVE-2013-4536 CVE-2013-4537 CVE-2013-4538 CVE-2013-4539 CVE-2013-4540 CVE-2013-4541 CVE-2013-4542 CVE-2013-4544 CVE-2013-6399 CVE-2014-0142 CVE-2014-0143 CVE-2014-0144 CVE-2014-0145 CVE-2014-0146 CVE-2014-0147 CVE-2014-0150 CVE-2014-0182 CVE-2014-0222 CVE-2014-0223 CVE-2014-3461 CVE-2014-3640 CVE-2014-7840 CVE-2014-8106 CVE-2015-1779 CVE-2015-3209 CVE-2015-3456 CVE-2015-4037 CVE-2015-5154 CVE-2015-5225 CVE-2015-5278 CVE-2015-5279 CVE-2015-5745 CVE-2015-6815 CVE-2015-6855 CVE-2015-7295 CVE-2015-7512 CVE-2015-7549 CVE-2015-8345 CVE-2015-8504 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2016-10028 CVE-2016-10155 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2198 CVE-2016-3710 CVE-2016-3712 CVE-2016-4002 CVE-2016-4020 CVE-2016-4439 CVE-2016-4441 CVE-2016-4453 CVE-2016-4454 CVE-2016-4952 CVE-2016-4964 CVE-2016-5105 CVE-2016-5106 CVE-2016-5107 CVE-2016-5126 CVE-2016-5238 CVE-2016-5337 CVE-2016-5338 CVE-2016-5403 CVE-2016-6351 CVE-2016-6490 CVE-2016-6833 CVE-2016-6836 CVE-2016-6888 CVE-2016-7116 CVE-2016-7155 CVE-2016-7156 CVE-2016-7157 CVE-2016-7161 CVE-2016-7170 CVE-2016-7421 CVE-2016-7422 CVE-2016-7423 CVE-2016-7466 CVE-2016-7907 CVE-2016-7908 CVE-2016-7909 CVE-2016-7994 CVE-2016-7995 CVE-2016-8576 CVE-2016-8577 CVE-2016-8578 CVE-2016-8667 CVE-2016-8668 CVE-2016-8669 CVE-2016-8909 CVE-2016-8910 CVE-2016-9101 CVE-2016-9102 CVE-2016-9103 CVE-2016-9104 CVE-2016-9105 CVE-2016-9106 CVE-2016-9381 CVE-2016-9602 CVE-2016-9776 CVE-2016-9845 CVE-2016-9846 CVE-2016-9907 CVE-2016-9908 CVE-2016-9911 CVE-2016-9912 CVE-2016-9913 CVE-2016-9921 CVE-2016-9922 CVE-2016-9923 CVE-2017-10664 CVE-2017-10806 CVE-2017-10911 CVE-2017-11334 CVE-2017-11434 CVE-2017-12809 CVE-2017-13672 CVE-2017-13711 CVE-2017-14167 CVE-2017-15038 CVE-2017-15119 CVE-2017-15124 CVE-2017-15268 CVE-2017-15289 CVE-2017-16845 CVE-2017-17381 CVE-2017-18043 CVE-2017-2615 CVE-2017-2620 CVE-2017-2630 CVE-2017-2633 CVE-2017-5525 CVE-2017-5526 CVE-2017-5552 CVE-2017-5578 CVE-2017-5579 CVE-2017-5667 CVE-2017-5715 CVE-2017-5856 CVE-2017-5857 CVE-2017-5898 CVE-2017-5931 CVE-2017-5973 CVE-2017-5987 CVE-2017-6058 CVE-2017-6505 CVE-2017-7471 CVE-2017-7493 CVE-2017-8112 CVE-2017-8309 CVE-2017-8379 CVE-2017-8380 CVE-2017-9503 CVE-2017-9524 CVE-2018-11806 CVE-2018-12617 CVE-2018-3639 CVE-2018-5683 CVE-2018-7550 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-2.18 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2018-0739 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the radvd-1.9.7-2.17 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-3602 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the rhythmbox-3.4-6.14 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2012-3355 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the rpcbind-0.2.3-23.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2015-7236 CVE-2017-8779 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the rpm-32bit-4.11.2-16.16.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-6435 CVE-2014-8118 CVE-2017-7500 CVE-2017-7501 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the rrdtool-1.4.7-20.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-2131 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the rsync-3.1.0-13.13.3 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-1097 CVE-2014-2855 CVE-2014-8242 CVE-2014-9512 CVE-2017-16548 CVE-2017-17433 CVE-2017-17434 CVE-2018-5764 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the rsyslog-8.24.0-3.16.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-3200 CVE-2013-4758 CVE-2013-6370 CVE-2013-6371 CVE-2014-3634 CVE-2014-3683 CVE-2015-3243 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the rtkit-0.11_git201205151338-8.17 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-4326 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the ruby-2.1-1.6 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2009-4492 CVE-2010-0541 CVE-2011-1004 CVE-2011-1005 CVE-2011-4815 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the rzsz-0.12.21~rc-1001.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2018-10195 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the sane-backends-1.0.24-3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2017-6318 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the sblim-sfcb-1.4.8-17.3.4 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2015-5185 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the shadow-4.2.1-27.19.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2016-6252 CVE-2017-12424 CVE-2018-7169 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the shim-0.9-23.14 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-3675 CVE-2014-3676 CVE-2014-3677 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the shotwell-0.22.0+git.20160103-15.6.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2017-1000024 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the socat-1.7.2.4-3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-3571 CVE-2014-0019 CVE-2015-4000 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the spice-vdagent-0.16.0-8.5.15 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2017-15108 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the squashfs-4.3-6.2 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2012-4024 CVE-2012-4025 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the strongswan-5.1.3-26.5.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2009-0790 CVE-2012-2388 CVE-2013-2944 CVE-2013-5018 CVE-2013-6075 CVE-2013-6076 CVE-2014-2338 CVE-2014-9221 CVE-2015-4171 CVE-2015-8023 CVE-2017-11185 CVE-2017-9022 CVE-2017-9023 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the sudo-1.8.20p2-3.7.10 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2010-1163 CVE-2010-1646 CVE-2011-0010 CVE-2012-2337 CVE-2013-1775 CVE-2013-1776 CVE-2014-9680 CVE-2016-7032 CVE-2016-7076 CVE-2017-1000367 CVE-2017-1000368 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the supportutils-3.0-95.18.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2016-1602 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the sysconfig-0.84.0-13.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-4182 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the syslog-service-2.0-778.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-3634 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the sysvinit-tools-2.88+-99.15 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-2483 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the tar-1.27.1-15.3.7 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2010-0624 CVE-2016-6321 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the tcpdump-4.9.2-14.5.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-8767 CVE-2014-8768 CVE-2014-8769 CVE-2014-9140 CVE-2015-0261 CVE-2015-2153 CVE-2015-2154 CVE-2015-2155 CVE-2015-3138 CVE-2016-7922 CVE-2016-7923 CVE-2016-7924 CVE-2016-7925 CVE-2016-7926 CVE-2016-7927 CVE-2016-7928 CVE-2016-7929 CVE-2016-7930 CVE-2016-7931 CVE-2016-7932 CVE-2016-7933 CVE-2016-7934 CVE-2016-7935 CVE-2016-7936 CVE-2016-7937 CVE-2016-7938 CVE-2016-7939 CVE-2016-7940 CVE-2016-7973 CVE-2016-7974 CVE-2016-7975 CVE-2016-7983 CVE-2016-7984 CVE-2016-7985 CVE-2016-7986 CVE-2016-7992 CVE-2016-7993 CVE-2016-8574 CVE-2016-8575 CVE-2017-11108 CVE-2017-11541 CVE-2017-11542 CVE-2017-11543 CVE-2017-12893 CVE-2017-12894 CVE-2017-12895 CVE-2017-12896 CVE-2017-12897 CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901 CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987 CVE-2017-12988 CVE-2017-12989 CVE-2017-12990 CVE-2017-12991 CVE-2017-12992 CVE-2017-12993 CVE-2017-12994 CVE-2017-12995 CVE-2017-12996 CVE-2017-12997 CVE-2017-12998 CVE-2017-12999 CVE-2017-13000 CVE-2017-13001 CVE-2017-13002 CVE-2017-13003 CVE-2017-13004 CVE-2017-13005 CVE-2017-13006 CVE-2017-13007 CVE-2017-13008 CVE-2017-13009 CVE-2017-13010 CVE-2017-13011 CVE-2017-13012 CVE-2017-13013 CVE-2017-13014 CVE-2017-13015 CVE-2017-13016 CVE-2017-13017 CVE-2017-13018 CVE-2017-13019 CVE-2017-13020 CVE-2017-13021 CVE-2017-13022 CVE-2017-13023 CVE-2017-13024 CVE-2017-13025 CVE-2017-13026 CVE-2017-13027 CVE-2017-13028 CVE-2017-13029 CVE-2017-13030 CVE-2017-13031 CVE-2017-13032 CVE-2017-13033 CVE-2017-13034 CVE-2017-13035 CVE-2017-13036 CVE-2017-13037 CVE-2017-13038 CVE-2017-13039 CVE-2017-13040 CVE-2017-13041 CVE-2017-13042 CVE-2017-13043 CVE-2017-13044 CVE-2017-13045 CVE-2017-13046 CVE-2017-13047 CVE-2017-13048 CVE-2017-13049 CVE-2017-13050 CVE-2017-13051 CVE-2017-13052 CVE-2017-13053 CVE-2017-13054 CVE-2017-13055 CVE-2017-13687 CVE-2017-13688 CVE-2017-13689 CVE-2017-13690 CVE-2017-13725 CVE-2017-5202 CVE-2017-5203 CVE-2017-5204 CVE-2017-5205 CVE-2017-5341 CVE-2017-5342 CVE-2017-5482 CVE-2017-5483 CVE-2017-5484 CVE-2017-5485 CVE-2017-5486 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the telepathy-gabble-0.18.3-5.7 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-1000 CVE-2013-1431 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the telepathy-idle-0.2.0-1.62 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2007-6746 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the tftp-5.2-11.6.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-2199 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the transfig-3.2.5e-2.3.2 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2017-16899 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the ucode-intel-20180807a-13.35.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2017-5715 CVE-2018-3639 CVE-2018-3640 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the unixODBC-2.3.6-7.9.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-1145 CVE-2018-7409 CVE-2018-7485 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the unrar-5.0.14-3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2012-6706 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the unzip-6.00-33.8.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-8139 CVE-2014-8140 CVE-2014-8141 CVE-2014-9636 CVE-2014-9913 CVE-2015-7696 CVE-2015-7697 CVE-2016-9844 CVE-2018-1000035 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the update-alternatives-1.18.4-14.216 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2015-0840 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the vino-3.20.2-5.8 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-0904 CVE-2011-0905 CVE-2011-1164 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the vorbis-tools-1.4.0-26.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2008-1686 CVE-2014-9638 CVE-2014-9639 CVE-2014-9640 CVE-2015-6749 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the w3m-0.5.3.git20161120-160.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2010-2074 CVE-2012-4929 CVE-2016-9434 CVE-2016-9435 CVE-2016-9436 CVE-2016-9437 CVE-2016-9438 CVE-2016-9439 CVE-2016-9440 CVE-2016-9441 CVE-2016-9442 CVE-2016-9443 CVE-2016-9621 CVE-2016-9622 CVE-2016-9623 CVE-2016-9624 CVE-2016-9625 CVE-2016-9626 CVE-2016-9627 CVE-2016-9628 CVE-2016-9629 CVE-2016-9630 CVE-2016-9631 CVE-2016-9632 CVE-2016-9633 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the wdiff-1.2.1-3.64 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2012-3386 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the wget-1.14-21.7.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2010-2252 CVE-2012-4929 CVE-2014-4877 CVE-2015-2059 CVE-2016-4971 CVE-2016-7098 CVE-2017-13089 CVE-2017-13090 CVE-2017-6508 CVE-2018-0494 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the wpa_supplicant-2.2-15.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-3686 CVE-2015-0210 CVE-2015-1863 CVE-2015-4141 CVE-2015-4142 CVE-2015-4143 CVE-2015-5130 CVE-2015-5310 CVE-2015-8041 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13087 CVE-2017-13088 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the xalan-j2-2.7.0-264.133 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-0107 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the xdg-utils-20140630-6.3.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-9622 CVE-2017-18266 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the xen-4.11.0_08-1.11 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-1898 CVE-2012-0029 CVE-2012-0217 CVE-2012-2625 CVE-2012-3432 CVE-2012-3433 CVE-2012-4411 CVE-2012-4535 CVE-2012-4536 CVE-2012-4537 CVE-2012-4538 CVE-2012-4539 CVE-2012-4544 CVE-2012-5510 CVE-2012-5511 CVE-2012-5513 CVE-2012-5514 CVE-2012-5515 CVE-2012-5525 CVE-2012-5634 CVE-2012-6075 CVE-2013-0151 CVE-2013-0152 CVE-2013-0153 CVE-2013-1442 CVE-2013-1917 CVE-2013-1918 CVE-2013-1919 CVE-2013-1922 CVE-2013-1952 CVE-2013-2007 CVE-2013-3495 CVE-2013-4355 CVE-2013-4356 CVE-2013-4361 CVE-2013-4375 CVE-2013-4416 CVE-2013-4494 CVE-2013-4533 CVE-2013-4534 CVE-2013-4537 CVE-2013-4538 CVE-2013-4539 CVE-2013-4540 CVE-2013-4551 CVE-2013-4553 CVE-2013-4554 CVE-2014-0222 CVE-2014-3124 CVE-2014-3640 CVE-2014-3672 CVE-2014-5146 CVE-2014-5149 CVE-2014-6268 CVE-2014-7154 CVE-2014-7155 CVE-2014-7156 CVE-2014-7188 CVE-2014-7815 CVE-2015-1779 CVE-2015-3259 CVE-2015-3340 CVE-2015-3456 CVE-2015-4037 CVE-2015-4103 CVE-2015-4104 CVE-2015-4105 CVE-2015-4106 CVE-2015-5154 CVE-2015-5239 CVE-2015-5278 CVE-2015-5307 CVE-2015-6815 CVE-2015-6855 CVE-2015-7311 CVE-2015-7504 CVE-2015-7512 CVE-2015-7549 CVE-2015-7835 CVE-2015-7969 CVE-2015-7970 CVE-2015-7971 CVE-2015-7972 CVE-2015-8104 CVE-2015-8339 CVE-2015-8340 CVE-2015-8341 CVE-2015-8345 CVE-2015-8504 CVE-2015-8550 CVE-2015-8554 CVE-2015-8555 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8615 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2016-10013 CVE-2016-10024 CVE-2016-10025 CVE-2016-1568 CVE-2016-1570 CVE-2016-1571 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2198 CVE-2016-2270 CVE-2016-2271 CVE-2016-2391 CVE-2016-2392 CVE-2016-2538 CVE-2016-2841 CVE-2016-4439 CVE-2016-4441 CVE-2016-5238 CVE-2016-5338 CVE-2016-6258 CVE-2016-6259 CVE-2016-6351 CVE-2016-7092 CVE-2016-7093 CVE-2016-7094 CVE-2016-7777 CVE-2016-7908 CVE-2016-7909 CVE-2016-8667 CVE-2016-8669 CVE-2016-8910 CVE-2016-9377 CVE-2016-9378 CVE-2016-9379 CVE-2016-9380 CVE-2016-9381 CVE-2016-9382 CVE-2016-9383 CVE-2016-9384 CVE-2016-9385 CVE-2016-9386 CVE-2016-9637 CVE-2016-9921 CVE-2016-9922 CVE-2016-9932 CVE-2017-10664 CVE-2017-11434 CVE-2017-12135 CVE-2017-12136 CVE-2017-12137 CVE-2017-12855 CVE-2017-14316 CVE-2017-14317 CVE-2017-14318 CVE-2017-14319 CVE-2017-15289 CVE-2017-15588 CVE-2017-15589 CVE-2017-15590 CVE-2017-15591 CVE-2017-15592 CVE-2017-15593 CVE-2017-15594 CVE-2017-15595 CVE-2017-15597 CVE-2017-17563 CVE-2017-17564 CVE-2017-17565 CVE-2017-17566 CVE-2017-18030 CVE-2017-2615 CVE-2017-2620 CVE-2017-5526 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2017-6505 CVE-2017-8309 CVE-2017-9330 CVE-2018-10471 CVE-2018-10472 CVE-2018-10981 CVE-2018-10982 CVE-2018-11806 CVE-2018-12891 CVE-2018-12892 CVE-2018-12893 CVE-2018-15469 CVE-2018-15470 CVE-2018-3639 CVE-2018-3646 CVE-2018-3665 CVE-2018-5683 CVE-2018-7540 CVE-2018-7541 CVE-2018-7542 CVE-2018-8897 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the xf86-video-intel-2.99.917+git781.c8990575-1.27 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-4910 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the xfsprogs-4.15.0-1.12 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2012-2150 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the xinetd-2.3.15-8.8.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2012-0862 CVE-2013-4342 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the xlockmore-5.43-5.33 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2013-4143 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the xorg-x11-7.6_1-14.17 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-0465 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the xorg-x11-libs-7.6-45.14 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-2895 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the xorg-x11-server-1.19.6-2.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2010-2240 CVE-2013-1940 CVE-2013-4396 CVE-2013-6424 CVE-2014-8091 CVE-2014-8092 CVE-2014-8093 CVE-2014-8094 CVE-2014-8095 CVE-2014-8096 CVE-2014-8097 CVE-2014-8098 CVE-2014-8099 CVE-2014-8100 CVE-2014-8101 CVE-2014-8102 CVE-2014-8103 CVE-2015-0255 CVE-2015-3164 CVE-2015-3418 CVE-2017-12176 CVE-2017-12183 CVE-2017-12187 CVE-2017-13721 CVE-2017-13723 CVE-2017-2624 CVE-2018-14665 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the xscreensaver-5.22-7.1 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2015-8025 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the yast2-3.2.48-3.29.20 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-3177 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the yast2-core-3.3.1-1.7 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2011-2483 CVE-2011-3177 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the yast2-users-3.2.17-1.5 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2016-1601 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the yubikey-manager-0.6.0-1.27 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2017-15631 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the zoo-2.10-1020.62 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2006-0855 CVE-2007-1669 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the zsh-5.0.5-6.7.2 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2014-10070 CVE-2014-10071 CVE-2014-10072 CVE-2016-10714 CVE-2017-18205 CVE-2018-1071 CVE-2018-1083 CVE-2018-7549 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 These are all security issues fixed in the zypper-1.13.45-21.23.4 package on the GA media of SUSE Linux Enterprise Desktop 12 SP4. Moderate CVE-2017-7436 CVE-2017-9269 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the DirectFB-1.7.1-6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-2977 CVE-2014-2978 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the MozillaFirefox-52.9.0esr-109.38.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2008-5913 CVE-2009-0040 CVE-2009-0652 CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0775 CVE-2009-0776 CVE-2009-0777 CVE-2009-1044 CVE-2009-1169 CVE-2009-1302 CVE-2009-1303 CVE-2009-1304 CVE-2009-1305 CVE-2009-1306 CVE-2009-1307 CVE-2009-1308 CVE-2009-1309 CVE-2009-1310 CVE-2009-1311 CVE-2009-1312 CVE-2009-1313 CVE-2009-1563 CVE-2009-2470 CVE-2009-2654 CVE-2009-3069 CVE-2009-3070 CVE-2009-3071 CVE-2009-3072 CVE-2009-3073 CVE-2009-3074 CVE-2009-3075 CVE-2009-3077 CVE-2009-3078 CVE-2009-3079 CVE-2009-3274 CVE-2009-3370 CVE-2009-3371 CVE-2009-3372 CVE-2009-3373 CVE-2009-3374 CVE-2009-3375 CVE-2009-3376 CVE-2009-3377 CVE-2009-3378 CVE-2009-3379 CVE-2009-3380 CVE-2009-3381 CVE-2009-3383 CVE-2009-3388 CVE-2009-3389 CVE-2009-3555 CVE-2009-3979 CVE-2009-3980 CVE-2009-3982 CVE-2009-3983 CVE-2009-3984 CVE-2009-3985 CVE-2010-0164 CVE-2010-0165 CVE-2010-0166 CVE-2010-0167 CVE-2010-0168 CVE-2010-0169 CVE-2010-0170 CVE-2010-0171 CVE-2010-0172 CVE-2010-0173 CVE-2010-0174 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0181 CVE-2010-0182 CVE-2010-0654 CVE-2010-1028 CVE-2010-1121 CVE-2010-1125 CVE-2010-1196 CVE-2010-1197 CVE-2010-1198 CVE-2010-1199 CVE-2010-1200 CVE-2010-1201 CVE-2010-1202 CVE-2010-1203 CVE-2010-1205 CVE-2010-1206 CVE-2010-1207 CVE-2010-1208 CVE-2010-1209 CVE-2010-1210 CVE-2010-1211 CVE-2010-1212 CVE-2010-1213 CVE-2010-1214 CVE-2010-1215 CVE-2010-2751 CVE-2010-2752 CVE-2010-2753 CVE-2010-2754 CVE-2010-2755 CVE-2010-2760 CVE-2010-2762 CVE-2010-2764 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3166 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 CVE-2010-3170 CVE-2010-3173 CVE-2010-3174 CVE-2010-3175 CVE-2010-3176 CVE-2010-3177 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3182 CVE-2010-3183 CVE-2010-3765 CVE-2011-0068 CVE-2011-0069 CVE-2011-0070 CVE-2011-0079 CVE-2011-0080 CVE-2011-0081 CVE-2011-0084 CVE-2011-1187 CVE-2011-1202 CVE-2011-2366 CVE-2011-2367 CVE-2011-2368 CVE-2011-2369 CVE-2011-2370 CVE-2011-2371 CVE-2011-2372 CVE-2011-2373 CVE-2011-2374 CVE-2011-2375 CVE-2011-2377 CVE-2011-2985 CVE-2011-2986 CVE-2011-2988 CVE-2011-2989 CVE-2011-2990 CVE-2011-2991 CVE-2011-2992 CVE-2011-2993 CVE-2011-2995 CVE-2011-2996 CVE-2011-2997 CVE-2011-3000 CVE-2011-3001 CVE-2011-3002 CVE-2011-3003 CVE-2011-3004 CVE-2011-3005 CVE-2011-3026 CVE-2011-3062 CVE-2011-3101 CVE-2011-3232 CVE-2011-3648 CVE-2011-3650 CVE-2011-3651 CVE-2011-3652 CVE-2011-3654 CVE-2011-3655 CVE-2011-3658 CVE-2011-3659 CVE-2011-3660 CVE-2011-3661 CVE-2011-3663 CVE-2012-0441 CVE-2012-0442 CVE-2012-0443 CVE-2012-0444 CVE-2012-0445 CVE-2012-0446 CVE-2012-0447 CVE-2012-0449 CVE-2012-0451 CVE-2012-0452 CVE-2012-0455 CVE-2012-0456 CVE-2012-0457 CVE-2012-0458 CVE-2012-0459 CVE-2012-0460 CVE-2012-0461 CVE-2012-0462 CVE-2012-0463 CVE-2012-0464 CVE-2012-0467 CVE-2012-0468 CVE-2012-0469 CVE-2012-0470 CVE-2012-0471 CVE-2012-0472 CVE-2012-0473 CVE-2012-0474 CVE-2012-0475 CVE-2012-0477 CVE-2012-0478 CVE-2012-0479 CVE-2012-0759 CVE-2012-1937 CVE-2012-1938 CVE-2012-1940 CVE-2012-1941 CVE-2012-1944 CVE-2012-1945 CVE-2012-1946 CVE-2012-1947 CVE-2012-1948 CVE-2012-1949 CVE-2012-1950 CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 CVE-2012-1955 CVE-2012-1956 CVE-2012-1957 CVE-2012-1958 CVE-2012-1959 CVE-2012-1960 CVE-2012-1961 CVE-2012-1962 CVE-2012-1963 CVE-2012-1965 CVE-2012-1966 CVE-2012-1967 CVE-2012-1970 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3956 CVE-2012-3957 CVE-2012-3958 CVE-2012-3959 CVE-2012-3960 CVE-2012-3961 CVE-2012-3962 CVE-2012-3963 CVE-2012-3964 CVE-2012-3965 CVE-2012-3966 CVE-2012-3967 CVE-2012-3968 CVE-2012-3969 CVE-2012-3970 CVE-2012-3971 CVE-2012-3972 CVE-2012-3973 CVE-2012-3975 CVE-2012-3976 CVE-2012-3978 CVE-2012-3980 CVE-2012-3982 CVE-2012-3983 CVE-2012-3984 CVE-2012-3985 CVE-2012-3986 CVE-2012-3988 CVE-2012-3989 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 CVE-2012-4191 CVE-2012-4192 CVE-2012-4193 CVE-2012-4194 CVE-2012-4195 CVE-2012-4196 CVE-2012-4201 CVE-2012-4202 CVE-2012-4203 CVE-2012-4204 CVE-2012-4205 CVE-2012-4207 CVE-2012-4208 CVE-2012-4209 CVE-2012-4210 CVE-2012-4212 CVE-2012-4213 CVE-2012-4214 CVE-2012-4215 CVE-2012-4216 CVE-2012-4217 CVE-2012-4218 CVE-2012-5829 CVE-2012-5830 CVE-2012-5833 CVE-2012-5835 CVE-2012-5836 CVE-2012-5837 CVE-2012-5838 CVE-2012-5839 CVE-2012-5840 CVE-2012-5841 CVE-2012-5842 CVE-2012-5843 CVE-2013-0743 CVE-2013-0744 CVE-2013-0745 CVE-2013-0746 CVE-2013-0747 CVE-2013-0748 CVE-2013-0749 CVE-2013-0750 CVE-2013-0751 CVE-2013-0752 CVE-2013-0753 CVE-2013-0754 CVE-2013-0755 CVE-2013-0756 CVE-2013-0757 CVE-2013-0758 CVE-2013-0760 CVE-2013-0761 CVE-2013-0762 CVE-2013-0763 CVE-2013-0764 CVE-2013-0765 CVE-2013-0766 CVE-2013-0767 CVE-2013-0768 CVE-2013-0769 CVE-2013-0770 CVE-2013-0771 CVE-2013-0772 CVE-2013-0773 CVE-2013-0774 CVE-2013-0775 CVE-2013-0776 CVE-2013-0777 CVE-2013-0778 CVE-2013-0779 CVE-2013-0780 CVE-2013-0781 CVE-2013-0782 CVE-2013-0783 CVE-2013-0787 CVE-2013-0788 CVE-2013-0789 CVE-2013-0792 CVE-2013-0793 CVE-2013-0794 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 CVE-2013-0801 CVE-2013-1669 CVE-2013-1670 CVE-2013-1671 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 CVE-2013-1682 CVE-2013-1683 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1688 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1694 CVE-2013-1695 CVE-2013-1696 CVE-2013-1697 CVE-2013-1698 CVE-2013-1699 CVE-2013-1701 CVE-2013-1702 CVE-2013-1704 CVE-2013-1705 CVE-2013-1708 CVE-2013-1709 CVE-2013-1710 CVE-2013-1711 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 CVE-2013-1718 CVE-2013-1719 CVE-2013-1720 CVE-2013-1721 CVE-2013-1722 CVE-2013-1723 CVE-2013-1724 CVE-2013-1725 CVE-2013-1728 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 CVE-2013-1738 CVE-2013-5590 CVE-2013-5591 CVE-2013-5592 CVE-2013-5593 CVE-2013-5595 CVE-2013-5596 CVE-2013-5597 CVE-2013-5598 CVE-2013-5599 CVE-2013-5600 CVE-2013-5601 CVE-2013-5602 CVE-2013-5603 CVE-2013-5604 CVE-2013-5609 CVE-2013-5610 CVE-2013-5611 CVE-2013-5612 CVE-2013-5613 CVE-2013-5614 CVE-2013-5615 CVE-2013-5616 CVE-2013-5618 CVE-2013-5619 CVE-2013-6629 CVE-2013-6630 CVE-2013-6671 CVE-2013-6672 CVE-2013-6673 CVE-2014-1477 CVE-2014-1478 CVE-2014-1479 CVE-2014-1480 CVE-2014-1481 CVE-2014-1482 CVE-2014-1483 CVE-2014-1484 CVE-2014-1485 CVE-2014-1486 CVE-2014-1487 CVE-2014-1488 CVE-2014-1489 CVE-2014-1490 CVE-2014-1491 CVE-2014-1544 CVE-2014-1547 CVE-2014-1548 CVE-2014-1553 CVE-2014-1554 CVE-2014-1555 CVE-2014-1556 CVE-2014-1557 CVE-2014-1562 CVE-2014-1563 CVE-2014-1564 CVE-2014-1565 CVE-2014-1567 CVE-2014-1574 CVE-2014-1575 CVE-2014-1576 CVE-2014-1577 CVE-2014-1578 CVE-2014-1581 CVE-2014-1583 CVE-2014-1585 CVE-2014-1586 CVE-2014-1587 CVE-2014-1588 CVE-2014-1590 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 CVE-2014-8634 CVE-2014-8635 CVE-2014-8638 CVE-2014-8639 CVE-2014-8641 CVE-2015-0797 CVE-2015-0801 CVE-2015-0807 CVE-2015-0813 CVE-2015-0814 CVE-2015-0815 CVE-2015-0816 CVE-2015-0817 CVE-2015-0818 CVE-2015-0822 CVE-2015-0827 CVE-2015-0831 CVE-2015-0835 CVE-2015-0836 CVE-2015-2708 CVE-2015-2709 CVE-2015-2710 CVE-2015-2713 CVE-2015-2716 CVE-2015-2721 CVE-2015-2722 CVE-2015-2724 CVE-2015-2725 CVE-2015-2726 CVE-2015-2728 CVE-2015-2730 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2743 CVE-2015-4000 CVE-2015-4473 CVE-2015-4474 CVE-2015-4475 CVE-2015-4478 CVE-2015-4479 CVE-2015-4484 CVE-2015-4485 CVE-2015-4486 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 CVE-2015-4491 CVE-2015-4492 CVE-2015-4495 CVE-2015-4497 CVE-2015-4498 CVE-2015-4500 CVE-2015-4501 CVE-2015-4506 CVE-2015-4509 CVE-2015-4511 CVE-2015-4513 CVE-2015-4517 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7180 CVE-2015-7181 CVE-2015-7182 CVE-2015-7183 CVE-2015-7188 CVE-2015-7189 CVE-2015-7193 CVE-2015-7194 CVE-2015-7196 CVE-2015-7197 CVE-2015-7198 CVE-2015-7199 CVE-2015-7200 CVE-2015-7201 CVE-2015-7202 CVE-2015-7205 CVE-2015-7210 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 CVE-2015-7222 CVE-2016-10196 CVE-2016-1523 CVE-2016-1930 CVE-2016-1931 CVE-2016-1935 CVE-2016-1950 CVE-2016-1952 CVE-2016-1953 CVE-2016-1954 CVE-2016-1957 CVE-2016-1958 CVE-2016-1960 CVE-2016-1961 CVE-2016-1962 CVE-2016-1964 CVE-2016-1965 CVE-2016-1966 CVE-2016-1974 CVE-2016-1977 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802 CVE-2016-2805 CVE-2016-2807 CVE-2016-2808 CVE-2016-2814 CVE-2016-2815 CVE-2016-2818 CVE-2016-2819 CVE-2016-2821 CVE-2016-2822 CVE-2016-2824 CVE-2016-2828 CVE-2016-2830 CVE-2016-2831 CVE-2016-2835 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-2839 CVE-2016-5250 CVE-2016-5252 CVE-2016-5254 CVE-2016-5257 CVE-2016-5258 CVE-2016-5259 CVE-2016-5261 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-5270 CVE-2016-5272 CVE-2016-5274 CVE-2016-5276 CVE-2016-5277 CVE-2016-5278 CVE-2016-5280 CVE-2016-5281 CVE-2016-5284 CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297 CVE-2016-6354 CVE-2016-9064 CVE-2016-9066 CVE-2016-9079 CVE-2016-9893 CVE-2016-9895 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9901 CVE-2016-9902 CVE-2016-9904 CVE-2016-9905 CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378 CVE-2017-5380 CVE-2017-5383 CVE-2017-5386 CVE-2017-5390 CVE-2017-5396 CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5404 CVE-2017-5405 CVE-2017-5407 CVE-2017-5408 CVE-2017-5409 CVE-2017-5410 CVE-2017-5429 CVE-2017-5430 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5437 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5449 CVE-2017-5451 CVE-2017-5454 CVE-2017-5455 CVE-2017-5456 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5466 CVE-2017-5467 CVE-2017-5469 CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7753 CVE-2017-7754 CVE-2017-7755 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7761 CVE-2017-7763 CVE-2017-7764 CVE-2017-7765 CVE-2017-7768 CVE-2017-7778 CVE-2017-7779 CVE-2017-7782 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7793 CVE-2017-7798 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7804 CVE-2017-7805 CVE-2017-7807 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 CVE-2017-7825 CVE-2017-7826 CVE-2017-7828 CVE-2017-7830 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12368 CVE-2018-5089 CVE-2018-5091 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5117 CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5130 CVE-2018-5131 CVE-2018-5144 CVE-2018-5145 CVE-2018-5146 CVE-2018-5147 CVE-2018-5148 CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5156 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5168 CVE-2018-5174 CVE-2018-5178 CVE-2018-5183 CVE-2018-5188 CVE-2018-6126 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the SuSEfirewall2-3.6.312.333-3.13.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2017-15638 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the aaa_base-13.2+git20140911.61c1681-38.8.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-0461 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the accountsservice-0.6.42-16.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2012-2737 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the alsa-1.0.27.2-15.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-0035 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the ant-1.9.4-3.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-1571 CVE-2018-10886 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the apache-commons-beanutils-1.9.2-1.149 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-3540 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the apache-commons-daemon-1.0.15-6.10 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-2729 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the apache-commons-httpclient-3.1-4.364 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2012-5783 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the apache2-2.4.23-29.24.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-0023 CVE-2009-1191 CVE-2009-1195 CVE-2009-1890 CVE-2009-1891 CVE-2009-1955 CVE-2009-1956 CVE-2009-2412 CVE-2009-2699 CVE-2009-3094 CVE-2009-3095 CVE-2009-3555 CVE-2009-3560 CVE-2009-3720 CVE-2010-0408 CVE-2010-0425 CVE-2010-0434 CVE-2010-1452 CVE-2010-1623 CVE-2010-2068 CVE-2011-1176 CVE-2011-3192 CVE-2011-3368 CVE-2011-3607 CVE-2011-4317 CVE-2012-0021 CVE-2012-0031 CVE-2012-0053 CVE-2012-2687 CVE-2012-3499 CVE-2012-3502 CVE-2013-1896 CVE-2013-2249 CVE-2013-5704 CVE-2013-6438 CVE-2014-0098 CVE-2014-0117 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-3523 CVE-2014-3581 CVE-2014-3583 CVE-2014-8109 CVE-2015-0228 CVE-2015-0253 CVE-2015-4000 CVE-2016-0736 CVE-2016-1546 CVE-2016-2161 CVE-2016-4975 CVE-2016-4979 CVE-2016-5387 CVE-2016-8740 CVE-2016-8743 CVE-2017-15710 CVE-2017-15715 CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7679 CVE-2017-9788 CVE-2017-9789 CVE-2017-9798 CVE-2018-1283 CVE-2018-1301 CVE-2018-1302 CVE-2018-1303 CVE-2018-1312 CVE-2018-1333 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the apache2-mod_apparmor-2.8.2-49.21 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2017-6507 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the apache2-mod_jk-1.2.40-5.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2008-5519 CVE-2014-8111 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the apache2-mod_nss-1.0.14-19.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-4566 CVE-2014-3566 CVE-2015-5244 CVE-2016-3099 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the apache2-mod_perl-2.0.8-11.43 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-1667 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the at-3.1.14-8.6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2016-6354 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the audiofile-0.3.6-10.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2015-7747 CVE-2017-6827 CVE-2017-6828 CVE-2017-6829 CVE-2017-6830 CVE-2017-6831 CVE-2017-6832 CVE-2017-6833 CVE-2017-6834 CVE-2017-6835 CVE-2017-6836 CVE-2017-6837 CVE-2017-6838 CVE-2017-6839 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the augeas-1.2.0-17.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2012-0786 CVE-2014-8119 CVE-2017-7555 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the autofs-5.0.9-28.3.5 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-8169 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the automake-1.13.4-6.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-4029 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the avahi-0.6.32-30.36 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-0758 CVE-2010-2244 CVE-2011-1002 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the axis-1.4-290.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2018-8032 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the bash-4.3-83.15.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-2524 CVE-2014-6271 CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 CVE-2016-0634 CVE-2016-7543 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the bind-9.11.2-1.24 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-0696 CVE-2009-4022 CVE-2010-3613 CVE-2010-3614 CVE-2010-3615 CVE-2011-0414 CVE-2011-1907 CVE-2011-1910 CVE-2011-2464 CVE-2011-4313 CVE-2012-1667 CVE-2012-3817 CVE-2012-3868 CVE-2012-4244 CVE-2012-5166 CVE-2012-5688 CVE-2012-5689 CVE-2013-2266 CVE-2013-4854 CVE-2014-0591 CVE-2014-8500 CVE-2015-1349 CVE-2015-4620 CVE-2015-5477 CVE-2015-5722 CVE-2015-8000 CVE-2015-8704 CVE-2016-1285 CVE-2016-1286 CVE-2016-2775 CVE-2016-2776 CVE-2016-6170 CVE-2016-8864 CVE-2016-9131 CVE-2016-9147 CVE-2016-9444 CVE-2017-3135 CVE-2017-3136 CVE-2017-3137 CVE-2017-3138 CVE-2017-3142 CVE-2017-3143 CVE-2017-3145 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the binutils-2.31-9.26.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-9939 CVE-2017-12448 CVE-2017-12450 CVE-2017-12452 CVE-2017-12453 CVE-2017-12454 CVE-2017-12456 CVE-2017-12799 CVE-2017-13757 CVE-2017-14128 CVE-2017-14129 CVE-2017-14130 CVE-2017-14333 CVE-2017-14529 CVE-2017-14729 CVE-2017-14745 CVE-2017-14974 CVE-2017-15938 CVE-2017-15939 CVE-2017-15996 CVE-2017-16826 CVE-2017-16827 CVE-2017-16828 CVE-2017-16829 CVE-2017-16830 CVE-2017-16831 CVE-2017-16832 CVE-2017-6965 CVE-2017-6966 CVE-2017-6969 CVE-2017-7209 CVE-2017-7210 CVE-2017-7223 CVE-2017-7224 CVE-2017-7225 CVE-2017-7226 CVE-2017-7299 CVE-2017-7300 CVE-2017-7301 CVE-2017-7302 CVE-2017-7303 CVE-2017-7304 CVE-2017-8392 CVE-2017-8393 CVE-2017-8394 CVE-2017-8396 CVE-2017-8421 CVE-2017-9746 CVE-2017-9747 CVE-2017-9748 CVE-2017-9750 CVE-2017-9755 CVE-2017-9756 CVE-2018-10372 CVE-2018-10373 CVE-2018-10534 CVE-2018-10535 CVE-2018-6323 CVE-2018-6543 CVE-2018-6759 CVE-2018-6872 CVE-2018-7208 CVE-2018-7568 CVE-2018-7569 CVE-2018-7570 CVE-2018-7642 CVE-2018-7643 CVE-2018-8945 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the bluez-5.13-5.4.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2016-7837 CVE-2016-9800 CVE-2016-9804 CVE-2017-1000250 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the busybox-1.21.1-3.3 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-9645 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the bzip2-1.0.6-29.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2010-0405 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the ceph-common-12.2.8+git.1536505967.080f2248ff-2.15.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2017-16818 CVE-2018-10861 CVE-2018-1128 CVE-2018-1129 CVE-2018-7262 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the chrony-2.3-3.110 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2012-4502 CVE-2012-4503 CVE-2014-0021 CVE-2016-1567 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the cifs-utils-6.5-9.3.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-1886 CVE-2009-1888 CVE-2009-2813 CVE-2009-2906 CVE-2009-2948 CVE-2010-0547 CVE-2010-0728 CVE-2010-0787 CVE-2012-1586 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the clamav-0.100.2-33.18.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2010-0405 CVE-2011-2721 CVE-2011-3627 CVE-2012-1457 CVE-2012-1458 CVE-2012-1459 CVE-2012-6706 CVE-2013-6497 CVE-2014-9050 CVE-2014-9328 CVE-2015-1461 CVE-2015-1462 CVE-2015-1463 CVE-2015-2170 CVE-2015-2221 CVE-2015-2222 CVE-2015-2305 CVE-2015-2668 CVE-2017-11423 CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380 CVE-2017-6418 CVE-2017-6419 CVE-2017-6420 CVE-2018-0202 CVE-2018-0360 CVE-2018-0361 CVE-2018-1000085 CVE-2018-14680 CVE-2018-14681 CVE-2018-14682 CVE-2018-15378 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the colord-gtk-lang-0.1.26-6.3 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-4349 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the coolkey-1.1.0-148.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2007-4129 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the coreutils-8.25-13.7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-0221 CVE-2013-0222 CVE-2013-0223 CVE-2015-4041 CVE-2015-4042 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the cpio-2.11-36.3.4 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2010-0624 CVE-2014-9112 CVE-2016-2037 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the cpp48-4.8.5-31.17.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-5044 CVE-2015-5276 CVE-2017-11671 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the cracklib-2.9.0-7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2016-6318 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the crash-7.2.1-2.19 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-2524 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the cron-4.2-58.3 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2006-2607 CVE-2010-0424 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the ctags-5.8-7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-7204 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the cups-1.7.5-20.17.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-0163 CVE-2009-2820 CVE-2009-3553 CVE-2010-0393 CVE-2010-0540 CVE-2010-0542 CVE-2010-1748 CVE-2010-2941 CVE-2012-5519 CVE-2012-6094 CVE-2014-2856 CVE-2014-3537 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031 CVE-2014-9679 CVE-2015-1158 CVE-2015-1159 CVE-2017-18190 CVE-2017-18248 CVE-2018-4180 CVE-2018-4181 CVE-2018-4182 CVE-2018-4183 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the cups-filters-1.0.58-19.2.3 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-6473 CVE-2013-6474 CVE-2013-6475 CVE-2013-6476 CVE-2014-2707 CVE-2014-4336 CVE-2014-4337 CVE-2014-4338 CVE-2015-2265 CVE-2015-3258 CVE-2015-3279 CVE-2015-8327 CVE-2015-8560 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the cups-pk-helper-0.2.5-5.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2012-4510 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the curl-7.60.0-2.11 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-0037 CVE-2009-2417 CVE-2013-0249 CVE-2013-1944 CVE-2013-2174 CVE-2013-4545 CVE-2014-0015 CVE-2014-0138 CVE-2014-0139 CVE-2014-3613 CVE-2014-3620 CVE-2014-3707 CVE-2014-8150 CVE-2015-3143 CVE-2015-3144 CVE-2015-3145 CVE-2015-3148 CVE-2015-3153 CVE-2015-3236 CVE-2015-3237 CVE-2016-0755 CVE-2016-5419 CVE-2016-5420 CVE-2016-5421 CVE-2016-7141 CVE-2016-7167 CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 CVE-2016-8625 CVE-2016-9586 CVE-2016-9594 CVE-2017-1000099 CVE-2017-1000100 CVE-2017-1000101 CVE-2017-1000254 CVE-2017-1000257 CVE-2017-2629 CVE-2017-7407 CVE-2017-7468 CVE-2017-8816 CVE-2017-8817 CVE-2017-8818 CVE-2017-9502 CVE-2018-0500 CVE-2018-1000005 CVE-2018-1000007 CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 CVE-2018-1000300 CVE-2018-1000301 CVE-2018-14618 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the cvs-1.12.12-182.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2012-0804 CVE-2017-12836 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the cyrus-sasl-2.1.26-8.7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-0688 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the davfs2-1.5.2-2.3 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-4362 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the dbus-1-1.8.22-29.10.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2010-4352 CVE-2012-3524 CVE-2013-2168 CVE-2014-3477 CVE-2014-3532 CVE-2014-3533 CVE-2014-3635 CVE-2014-3636 CVE-2014-3637 CVE-2014-3638 CVE-2014-3639 CVE-2014-7824 CVE-2014-8148 CVE-2015-0245 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the dbus-1-glib-0.100.2-3.58 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2010-1172 CVE-2013-0292 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the dhcp-4.3.3-10.14.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-1892 CVE-2010-2156 CVE-2010-3611 CVE-2010-3616 CVE-2011-0413 CVE-2011-0997 CVE-2011-2748 CVE-2011-2749 CVE-2011-4539 CVE-2011-4868 CVE-2012-3570 CVE-2012-3571 CVE-2012-3954 CVE-2012-3955 CVE-2013-2266 CVE-2015-8605 CVE-2016-2774 CVE-2017-3144 CVE-2018-5732 CVE-2018-5733 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the dnsmasq-2.78-18.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2015-3294 CVE-2015-8899 CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the dosfstools-3.0.26-6.5 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2015-8872 CVE-2016-4804 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the dovecot22-2.2.31-19.11.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-3430 CVE-2016-4983 CVE-2017-14461 CVE-2017-15130 CVE-2017-15132 CVE-2017-2669 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the dpdk-17.11.4-3.6 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2018-1059 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the dracut-044.1-9.5 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2012-4453 CVE-2016-8637 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the dstat-0.7.3-1.11 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-3894 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the e2fsprogs-1.43.8-1.19 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2015-0247 CVE-2015-1572 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the ecryptfs-utils-103-8.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-1831 CVE-2011-1832 CVE-2011-1833 CVE-2011-1834 CVE-2011-1835 CVE-2011-1836 CVE-2011-1837 CVE-2014-9687 CVE-2015-8946 CVE-2016-1572 CVE-2016-6224 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the elfutils-0.158-6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-0172 CVE-2014-9447 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the emacs-24.3-25.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2012-0035 CVE-2014-3421 CVE-2014-3422 CVE-2014-3423 CVE-2014-3424 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the eog-3.20.4-7.7 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-7447 CVE-2016-6855 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the evince-3.20.2-6.22.9 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2010-2640 CVE-2010-2641 CVE-2010-2642 CVE-2010-2643 CVE-2017-1000083 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the expat-2.1.0-21.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-2625 CVE-2009-3560 CVE-2009-3720 CVE-2012-0876 CVE-2012-1147 CVE-2012-1148 CVE-2012-6702 CVE-2015-1283 CVE-2016-0718 CVE-2016-5300 CVE-2016-9063 CVE-2017-9233 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the fetchmail-6.3.26-12.3 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-2666 CVE-2010-1167 CVE-2011-1947 CVE-2011-3389 CVE-2012-3482 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the file-5.22-10.6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2012-1571 CVE-2014-3710 CVE-2014-8116 CVE-2014-8117 CVE-2014-9620 CVE-2014-9621 CVE-2014-9653 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the fontconfig-2.11.1-7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2016-5384 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the freeradius-server-3.0.15-2.8.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2012-3547 CVE-2014-2015 CVE-2015-4680 CVE-2015-8763 CVE-2017-10978 CVE-2017-10983 CVE-2017-10984 CVE-2017-10985 CVE-2017-10986 CVE-2017-10987 CVE-2017-10988 CVE-2017-9148 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the ft2demos-2.6.3-7.15.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-0946 CVE-2010-2497 CVE-2010-2805 CVE-2010-3053 CVE-2010-3054 CVE-2010-3311 CVE-2010-3814 CVE-2011-0226 CVE-2012-5668 CVE-2012-5669 CVE-2012-5670 CVE-2014-2240 CVE-2014-9656 CVE-2014-9657 CVE-2014-9658 CVE-2014-9659 CVE-2014-9660 CVE-2014-9661 CVE-2014-9662 CVE-2014-9663 CVE-2014-9664 CVE-2014-9665 CVE-2014-9666 CVE-2014-9667 CVE-2014-9668 CVE-2014-9669 CVE-2014-9670 CVE-2014-9671 CVE-2014-9672 CVE-2014-9673 CVE-2014-9674 CVE-2014-9675 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the fuse-2.9.3-6.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-3297 CVE-2011-0541 CVE-2015-3202 CVE-2018-10906 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the g3utils-1.1.36-58.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2018-16741 CVE-2018-16742 CVE-2018-16743 CVE-2018-16744 CVE-2018-16745 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the gd-2.1.0-24.9.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-2497 CVE-2014-9709 CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-5116 CVE-2016-6128 CVE-2016-6132 CVE-2016-6161 CVE-2016-6207 CVE-2016-6214 CVE-2016-6905 CVE-2016-6906 CVE-2016-6911 CVE-2016-6912 CVE-2016-7568 CVE-2016-8670 CVE-2016-9317 CVE-2016-9933 CVE-2017-6362 CVE-2018-1000222 CVE-2018-5711 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the gdk-pixbuf-lang-2.34.0-19.17.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-2485 CVE-2015-4491 CVE-2015-7552 CVE-2015-7673 CVE-2015-7674 CVE-2016-6352 CVE-2017-1000422 CVE-2017-2862 CVE-2017-2870 CVE-2017-6312 CVE-2017-6313 CVE-2017-6314 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the gdk-pixbuf-loader-rsvg-2.40.20-5.6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-3146 CVE-2013-1881 CVE-2017-11464 CVE-2018-1000041 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the gdm-3.10.0.1-54.6.3 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-1709 CVE-2018-14424 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the ghostscript-9.25-23.13.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-5653 CVE-2015-3228 CVE-2016-10217 CVE-2016-10218 CVE-2016-10219 CVE-2016-10220 CVE-2016-10317 CVE-2016-7976 CVE-2016-7977 CVE-2016-7978 CVE-2016-7979 CVE-2016-8602 CVE-2016-9601 CVE-2017-11714 CVE-2017-5951 CVE-2017-7207 CVE-2017-8291 CVE-2017-9216 CVE-2017-9612 CVE-2017-9726 CVE-2017-9727 CVE-2017-9739 CVE-2017-9835 CVE-2018-10194 CVE-2018-15908 CVE-2018-15909 CVE-2018-15910 CVE-2018-15911 CVE-2018-16509 CVE-2018-16510 CVE-2018-16511 CVE-2018-16513 CVE-2018-16539 CVE-2018-16540 CVE-2018-16541 CVE-2018-16542 CVE-2018-16543 CVE-2018-16585 CVE-2018-16802 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the giflib-progs-5.0.5-12.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2015-7555 CVE-2016-3977 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the git-core-2.12.3-27.14.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-2186 CVE-2014-9390 CVE-2016-2315 CVE-2016-2324 CVE-2017-1000117 CVE-2017-14867 CVE-2017-15298 CVE-2017-8386 CVE-2018-11233 CVE-2018-11235 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the glib2-lang-2.48.2-10.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2008-4316 CVE-2012-3524 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the glibc-2.22-15.3 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-5029 CVE-2012-3406 CVE-2012-4412 CVE-2013-0242 CVE-2013-1914 CVE-2013-2207 CVE-2013-4237 CVE-2013-4332 CVE-2013-4458 CVE-2013-7423 CVE-2014-0475 CVE-2014-4043 CVE-2014-5119 CVE-2014-6040 CVE-2014-7817 CVE-2014-8121 CVE-2014-9402 CVE-2014-9761 CVE-2015-1472 CVE-2015-1473 CVE-2015-1781 CVE-2015-7547 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778 CVE-2015-8779 CVE-2016-1234 CVE-2016-3075 CVE-2016-3706 CVE-2016-4429 CVE-2017-1000366 CVE-2017-1000408 CVE-2017-1000409 CVE-2017-12132 CVE-2017-12133 CVE-2017-15670 CVE-2017-15671 CVE-2017-15804 CVE-2017-16997 CVE-2017-18269 CVE-2017-8804 CVE-2018-1000001 CVE-2018-11236 CVE-2018-11237 CVE-2018-6485 CVE-2018-6551 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the gnome-keyring-3.20.0-28.3.18 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2012-3466 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the gnome-settings-daemon-3.20.1-50.5.8 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-7300 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the gnome-shell-3.20.4-77.17.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2010-4000 CVE-2017-8288 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the gnome-shell-search-provider-nautilus-3.20.3-23.6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2017-14604 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the gnutls-3.3.27-3.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2008-4989 CVE-2011-4128 CVE-2012-0390 CVE-2012-1569 CVE-2012-1573 CVE-2014-0092 CVE-2014-1959 CVE-2014-3466 CVE-2014-8564 CVE-2015-0294 CVE-2015-3622 CVE-2015-6251 CVE-2016-7444 CVE-2016-8610 CVE-2017-10790 CVE-2017-5335 CVE-2017-5336 CVE-2017-5337 CVE-2018-10844 CVE-2018-10845 CVE-2018-10846 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the gpg2-2.0.24-9.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2010-2547 CVE-2013-4351 CVE-2013-4402 CVE-2014-4617 CVE-2015-1606 CVE-2015-1607 CVE-2018-12020 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the gpgme-1.5.1-1.11 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-3564 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the groff-1.22.2-5.287 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-5044 CVE-2009-5080 CVE-2009-5081 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the grub2-2.02-11.8 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2015-8370 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the gstreamer-1.8.3-9.5 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2017-5838 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the gstreamer-plugins-bad-1.8.3-17.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2016-9445 CVE-2016-9446 CVE-2016-9809 CVE-2016-9812 CVE-2016-9813 CVE-2017-5843 CVE-2017-5848 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the gstreamer-plugins-base-1.8.3-12.11 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2016-9811 CVE-2017-5837 CVE-2017-5839 CVE-2017-5842 CVE-2017-5844 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the gstreamer-plugins-good-1.8.3-15.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2016-10198 CVE-2016-10199 CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 CVE-2016-9807 CVE-2016-9808 CVE-2016-9810 CVE-2017-5840 CVE-2017-5841 CVE-2017-5845 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the gtk2-data-2.24.31-7.11 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-7447 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the guestfs-data-1.32.4-21.3.10 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-2124 CVE-2013-4419 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the guile-2.0.9-8.3 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2016-8605 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the gv-3.7.4-1.36 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2012-3386 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the gvim-7.4.326-16.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-0316 CVE-2016-1248 CVE-2017-5953 CVE-2017-6349 CVE-2017-6350 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the gzip-1.6-9.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-2624 CVE-2010-0001 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the hardlink-1.0-6.38 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-3630 CVE-2011-3631 CVE-2011-3632 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the hplip-3.16.11-1.33 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2004-0801 CVE-2010-4267 CVE-2011-2697 CVE-2011-2722 CVE-2013-4325 CVE-2013-6402 CVE-2013-6427 CVE-2015-0839 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the hyper-v-7-7.5 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2012-2669 CVE-2012-5532 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the ibus-chewing-1.4.14-4.11 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-4509 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the ipsec-tools-0.8.0-19.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2015-4047 CVE-2016-10396 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the iputils-s20121221-2.17 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2010-2529 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the jakarta-commons-fileupload-1.1.1-120.113 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-2186 CVE-2014-0050 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the jakarta-taglibs-standard-1.1.1-255.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2015-0254 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the java-1_7_0-openjdk-1.7.0.181-43.15.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-3563 CVE-2011-3571 CVE-2011-5035 CVE-2012-0497 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 CVE-2012-0547 CVE-2012-1682 CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1723 CVE-2012-1724 CVE-2012-1725 CVE-2012-1726 CVE-2012-3136 CVE-2012-3174 CVE-2012-3216 CVE-2012-4416 CVE-2012-4681 CVE-2012-5068 CVE-2012-5069 CVE-2012-5070 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5074 CVE-2012-5075 CVE-2012-5076 CVE-2012-5077 CVE-2012-5079 CVE-2012-5081 CVE-2012-5084 CVE-2012-5085 CVE-2012-5086 CVE-2012-5087 CVE-2012-5088 CVE-2012-5089 CVE-2013-0169 CVE-2013-0401 CVE-2013-0422 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0431 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0444 CVE-2013-0450 CVE-2013-0809 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 CVE-2013-1484 CVE-2013-1485 CVE-2013-1486 CVE-2013-1488 CVE-2013-1493 CVE-2013-1500 CVE-2013-1518 CVE-2013-1537 CVE-2013-1557 CVE-2013-1569 CVE-2013-1571 CVE-2013-2383 CVE-2013-2384 CVE-2013-2407 CVE-2013-2412 CVE-2013-2415 CVE-2013-2417 CVE-2013-2419 CVE-2013-2420 CVE-2013-2421 CVE-2013-2422 CVE-2013-2423 CVE-2013-2424 CVE-2013-2426 CVE-2013-2429 CVE-2013-2430 CVE-2013-2431 CVE-2013-2436 CVE-2013-2443 CVE-2013-2444 CVE-2013-2445 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2449 CVE-2013-2450 CVE-2013-2451 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2458 CVE-2013-2459 CVE-2013-2460 CVE-2013-2461 CVE-2013-2463 CVE-2013-2465 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 CVE-2013-3829 CVE-2013-4002 CVE-2013-5772 CVE-2013-5774 CVE-2013-5778 CVE-2013-5780 CVE-2013-5782 CVE-2013-5783 CVE-2013-5784 CVE-2013-5790 CVE-2013-5797 CVE-2013-5800 CVE-2013-5802 CVE-2013-5803 CVE-2013-5804 CVE-2013-5805 CVE-2013-5806 CVE-2013-5809 CVE-2013-5814 CVE-2013-5817 CVE-2013-5820 CVE-2013-5823 CVE-2013-5825 CVE-2013-5829 CVE-2013-5830 CVE-2013-5840 CVE-2013-5842 CVE-2013-5849 CVE-2013-5850 CVE-2013-5851 CVE-2013-5878 CVE-2013-5884 CVE-2013-5893 CVE-2013-5896 CVE-2013-5907 CVE-2013-5910 CVE-2013-6629 CVE-2013-6954 CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0408 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 CVE-2014-2483 CVE-2014-2490 CVE-2014-3566 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4221 CVE-2014-4223 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4264 CVE-2014-4266 CVE-2014-4268 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6513 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593 CVE-2014-6601 CVE-2015-0383 CVE-2015-0395 CVE-2015-0400 CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412 CVE-2015-0460 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 CVE-2015-2590 CVE-2015-2601 CVE-2015-2613 CVE-2015-2621 CVE-2015-2625 CVE-2015-2628 CVE-2015-2632 CVE-2015-2808 CVE-2015-4000 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4734 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4903 CVE-2015-4911 CVE-2015-7575 CVE-2015-8126 CVE-2015-8472 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 CVE-2016-0636 CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-10165 CVE-2016-2183 CVE-2016-3425 CVE-2016-3427 CVE-2016-3458 CVE-2016-3485 CVE-2016-3498 CVE-2016-3500 CVE-2016-3503 CVE-2016-3508 CVE-2016-3511 CVE-2016-3550 CVE-2016-3598 CVE-2016-3606 CVE-2016-3610 CVE-2016-5542 CVE-2016-5546 CVE-2016-5547 CVE-2016-5548 CVE-2016-5549 CVE-2016-5552 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5582 CVE-2016-5597 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10081 CVE-2017-10086 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10114 CVE-2017-10115 CVE-2017-10116 CVE-2017-10118 CVE-2017-10125 CVE-2017-10135 CVE-2017-10176 CVE-2017-10193 CVE-2017-10198 CVE-2017-10243 CVE-2017-10274 CVE-2017-10281 CVE-2017-10285 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3260 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289 CVE-2017-3509 CVE-2017-3511 CVE-2017-3512 CVE-2017-3514 CVE-2017-3526 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 CVE-2018-2579 CVE-2018-2588 CVE-2018-2599 CVE-2018-2602 CVE-2018-2603 CVE-2018-2618 CVE-2018-2629 CVE-2018-2633 CVE-2018-2634 CVE-2018-2637 CVE-2018-2641 CVE-2018-2663 CVE-2018-2677 CVE-2018-2678 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the java-1_7_1-ibm-1.7.1_sr4.30-38.26.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-3065 CVE-2014-3566 CVE-2014-4288 CVE-2014-6456 CVE-2014-6457 CVE-2014-6458 CVE-2014-6466 CVE-2014-6476 CVE-2014-6492 CVE-2014-6493 CVE-2014-6502 CVE-2014-6503 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6513 CVE-2014-6515 CVE-2014-6527 CVE-2014-6531 CVE-2014-6532 CVE-2014-6558 CVE-2014-8891 CVE-2014-8892 CVE-2015-0138 CVE-2015-0192 CVE-2015-0204 CVE-2015-0458 CVE-2015-0459 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 CVE-2015-0491 CVE-2015-1914 CVE-2015-1931 CVE-2015-2590 CVE-2015-2601 CVE-2015-2613 CVE-2015-2619 CVE-2015-2621 CVE-2015-2625 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4734 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 CVE-2015-5041 CVE-2015-7575 CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 CVE-2015-8540 CVE-2016-0264 CVE-2016-0363 CVE-2016-0376 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 CVE-2016-0686 CVE-2016-0687 CVE-2016-10165 CVE-2016-2183 CVE-2016-3422 CVE-2016-3426 CVE-2016-3427 CVE-2016-3443 CVE-2016-3449 CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5597 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10081 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10115 CVE-2017-10116 CVE-2017-10125 CVE-2017-10243 CVE-2017-10281 CVE-2017-10285 CVE-2017-10293 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 CVE-2017-1289 CVE-2017-3509 CVE-2017-3511 CVE-2017-3512 CVE-2017-3514 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 CVE-2018-12539 CVE-2018-1417 CVE-2018-1517 CVE-2018-1656 CVE-2018-2579 CVE-2018-2582 CVE-2018-2588 CVE-2018-2599 CVE-2018-2602 CVE-2018-2603 CVE-2018-2618 CVE-2018-2633 CVE-2018-2634 CVE-2018-2637 CVE-2018-2641 CVE-2018-2657 CVE-2018-2663 CVE-2018-2677 CVE-2018-2678 CVE-2018-2783 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the java-1_8_0-ibm-1.8.0_sr5.20-30.36.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-3065 CVE-2014-3566 CVE-2014-4288 CVE-2014-6456 CVE-2014-6457 CVE-2014-6458 CVE-2014-6466 CVE-2014-6476 CVE-2014-6492 CVE-2014-6493 CVE-2014-6502 CVE-2014-6503 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6513 CVE-2014-6515 CVE-2014-6527 CVE-2014-6531 CVE-2014-6532 CVE-2014-6558 CVE-2014-8891 CVE-2014-8892 CVE-2015-0204 CVE-2015-0458 CVE-2015-0459 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0486 CVE-2015-0488 CVE-2015-0491 CVE-2015-1931 CVE-2015-2590 CVE-2015-2601 CVE-2015-2613 CVE-2015-2619 CVE-2015-2621 CVE-2015-2625 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4734 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 CVE-2015-5041 CVE-2015-7575 CVE-2015-8126 CVE-2015-8472 CVE-2016-0264 CVE-2016-0363 CVE-2016-0376 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0475 CVE-2016-0483 CVE-2016-0494 CVE-2016-0686 CVE-2016-0687 CVE-2016-0705 CVE-2016-10165 CVE-2016-2183 CVE-2016-3422 CVE-2016-3426 CVE-2016-3427 CVE-2016-3443 CVE-2016-3449 CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 CVE-2016-5542 CVE-2016-5547 CVE-2016-5548 CVE-2016-5549 CVE-2016-5552 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5597 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10078 CVE-2017-10081 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10115 CVE-2017-10116 CVE-2017-10125 CVE-2017-10243 CVE-2017-10281 CVE-2017-10285 CVE-2017-10293 CVE-2017-10295 CVE-2017-10309 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 CVE-2017-1289 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3259 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289 CVE-2017-3509 CVE-2017-3511 CVE-2017-3512 CVE-2017-3514 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 CVE-2017-3732 CVE-2017-3736 CVE-2018-12539 CVE-2018-1417 CVE-2018-1517 CVE-2018-1656 CVE-2018-2579 CVE-2018-2582 CVE-2018-2588 CVE-2018-2599 CVE-2018-2602 CVE-2018-2603 CVE-2018-2618 CVE-2018-2633 CVE-2018-2634 CVE-2018-2637 CVE-2018-2638 CVE-2018-2639 CVE-2018-2641 CVE-2018-2663 CVE-2018-2677 CVE-2018-2678 CVE-2018-2783 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2825 CVE-2018-2826 CVE-2018-2940 CVE-2018-2952 CVE-2018-2964 CVE-2018-2973 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the java-1_8_0-openjdk-1.8.0.181-27.26.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2015-2590 CVE-2015-2597 CVE-2015-2601 CVE-2015-2613 CVE-2015-2619 CVE-2015-2621 CVE-2015-2625 CVE-2015-2627 CVE-2015-2628 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2659 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4734 CVE-2015-4736 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4868 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4901 CVE-2015-4902 CVE-2015-4903 CVE-2015-4906 CVE-2015-4908 CVE-2015-4911 CVE-2015-4916 CVE-2015-7575 CVE-2015-8126 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0475 CVE-2016-0483 CVE-2016-0494 CVE-2016-0636 CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-10165 CVE-2016-2183 CVE-2016-3425 CVE-2016-3426 CVE-2016-3427 CVE-2016-3458 CVE-2016-3485 CVE-2016-3498 CVE-2016-3500 CVE-2016-3503 CVE-2016-3508 CVE-2016-3511 CVE-2016-3550 CVE-2016-3552 CVE-2016-3587 CVE-2016-3598 CVE-2016-3606 CVE-2016-3610 CVE-2016-5542 CVE-2016-5546 CVE-2016-5547 CVE-2016-5548 CVE-2016-5549 CVE-2016-5552 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5582 CVE-2016-5597 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10078 CVE-2017-10081 CVE-2017-10086 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10114 CVE-2017-10115 CVE-2017-10116 CVE-2017-10118 CVE-2017-10125 CVE-2017-10135 CVE-2017-10176 CVE-2017-10193 CVE-2017-10198 CVE-2017-10243 CVE-2017-10274 CVE-2017-10281 CVE-2017-10285 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3260 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289 CVE-2017-3509 CVE-2017-3511 CVE-2017-3512 CVE-2017-3514 CVE-2017-3526 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 CVE-2018-2579 CVE-2018-2582 CVE-2018-2588 CVE-2018-2599 CVE-2018-2602 CVE-2018-2603 CVE-2018-2618 CVE-2018-2629 CVE-2018-2633 CVE-2018-2634 CVE-2018-2637 CVE-2018-2641 CVE-2018-2663 CVE-2018-2677 CVE-2018-2678 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815 CVE-2018-2938 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-3639 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the kbd-2.0.4-8.10.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-0460 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the kdump-0.8.16-9.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2016-5759 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the kernel-default-4.12.14-94.41.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-3939 CVE-2009-4026 CVE-2009-4027 CVE-2009-4131 CVE-2009-4138 CVE-2009-4536 CVE-2009-4538 CVE-2010-1146 CVE-2010-1436 CVE-2010-1641 CVE-2010-2066 CVE-2010-2942 CVE-2010-2954 CVE-2010-2955 CVE-2010-3081 CVE-2010-3296 CVE-2010-3297 CVE-2010-3298 CVE-2010-3301 CVE-2010-3310 CVE-2011-0711 CVE-2011-0712 CVE-2011-1020 CVE-2011-1180 CVE-2011-1577 CVE-2011-1581 CVE-2011-2203 CVE-2011-4604 CVE-2012-0056 CVE-2012-3412 CVE-2012-3520 CVE-2013-0160 CVE-2013-0231 CVE-2013-0913 CVE-2013-2850 CVE-2014-0038 CVE-2014-0196 CVE-2014-0691 CVE-2014-8133 CVE-2015-1333 CVE-2015-7550 CVE-2015-7884 CVE-2015-7885 CVE-2015-8539 CVE-2015-8660 CVE-2016-0723 CVE-2016-0728 CVE-2016-1237 CVE-2016-1583 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2384 CVE-2016-3134 CVE-2016-3135 CVE-2016-3136 CVE-2016-3140 CVE-2016-3689 CVE-2016-3713 CVE-2016-4470 CVE-2016-4485 CVE-2016-4486 CVE-2016-4557 CVE-2016-4558 CVE-2016-4569 CVE-2016-4578 CVE-2016-4951 CVE-2016-4997 CVE-2016-4998 CVE-2016-5195 CVE-2016-5244 CVE-2016-5829 CVE-2016-6187 CVE-2016-6480 CVE-2016-6516 CVE-2016-6828 CVE-2016-7039 CVE-2016-7042 CVE-2016-7425 CVE-2016-7913 CVE-2016-8655 CVE-2016-9555 CVE-2016-9576 CVE-2017-1000251 CVE-2017-1000252 CVE-2017-1000255 CVE-2017-1000380 CVE-2017-1000410 CVE-2017-11473 CVE-2017-11600 CVE-2017-12153 CVE-2017-12154 CVE-2017-12190 CVE-2017-12193 CVE-2017-13080 CVE-2017-13166 CVE-2017-14051 CVE-2017-14489 CVE-2017-15115 CVE-2017-15127 CVE-2017-15128 CVE-2017-15129 CVE-2017-15265 CVE-2017-15537 CVE-2017-15649 CVE-2017-15951 CVE-2017-16525 CVE-2017-16527 CVE-2017-16528 CVE-2017-16529 CVE-2017-16531 CVE-2017-16534 CVE-2017-16535 CVE-2017-16536 CVE-2017-16537 CVE-2017-16538 CVE-2017-16644 CVE-2017-16645 CVE-2017-16646 CVE-2017-16647 CVE-2017-16649 CVE-2017-16650 CVE-2017-16911 CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-16939 CVE-2017-16994 CVE-2017-16995 CVE-2017-16996 CVE-2017-17052 CVE-2017-17448 CVE-2017-17449 CVE-2017-17450 CVE-2017-17558 CVE-2017-17712 CVE-2017-17741 CVE-2017-17805 CVE-2017-17806 CVE-2017-17852 CVE-2017-17853 CVE-2017-17854 CVE-2017-17855 CVE-2017-17856 CVE-2017-17857 CVE-2017-17862 CVE-2017-17864 CVE-2017-17975 CVE-2017-18075 CVE-2017-18202 CVE-2017-18203 CVE-2017-18204 CVE-2017-18208 CVE-2017-18344 CVE-2017-2636 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2017-5897 CVE-2017-5970 CVE-2017-5986 CVE-2017-6347 CVE-2017-6353 CVE-2017-7184 CVE-2017-7187 CVE-2017-7261 CVE-2017-7277 CVE-2017-7294 CVE-2017-7308 CVE-2017-7346 CVE-2017-7477 CVE-2017-7487 CVE-2017-7541 CVE-2017-7542 CVE-2017-8824 CVE-2017-8831 CVE-2017-8890 CVE-2017-9059 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9211 CVE-2017-9242 CVE-2018-1000004 CVE-2018-1000028 CVE-2018-1000200 CVE-2018-1000204 CVE-2018-10087 CVE-2018-10124 CVE-2018-10323 CVE-2018-1065 CVE-2018-1068 CVE-2018-10853 CVE-2018-10902 CVE-2018-1091 CVE-2018-10938 CVE-2018-1094 CVE-2018-10940 CVE-2018-1108 CVE-2018-1118 CVE-2018-1120 CVE-2018-1128 CVE-2018-1129 CVE-2018-1130 CVE-2018-12233 CVE-2018-12896 CVE-2018-13053 CVE-2018-13093 CVE-2018-13094 CVE-2018-13095 CVE-2018-13405 CVE-2018-13406 CVE-2018-14613 CVE-2018-14617 CVE-2018-14633 CVE-2018-15572 CVE-2018-16658 CVE-2018-17182 CVE-2018-3620 CVE-2018-3639 CVE-2018-3646 CVE-2018-5332 CVE-2018-5333 CVE-2018-5390 CVE-2018-5391 CVE-2018-5803 CVE-2018-5848 CVE-2018-6554 CVE-2018-6555 CVE-2018-6927 CVE-2018-7492 CVE-2018-7566 CVE-2018-7740 CVE-2018-8043 CVE-2018-8087 CVE-2018-8781 CVE-2018-8822 CVE-2018-9363 CVE-2018-9385 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the kernel-firmware-20180525-3.11 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2017-13080 CVE-2017-13081 CVE-2017-5715 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the krb5-1.12.5-40.28.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2002-2443 CVE-2009-0844 CVE-2009-0845 CVE-2009-0846 CVE-2009-0847 CVE-2009-3295 CVE-2009-4212 CVE-2010-0283 CVE-2010-0628 CVE-2010-1320 CVE-2010-1321 CVE-2010-1322 CVE-2010-1323 CVE-2010-1324 CVE-2010-4020 CVE-2010-4021 CVE-2010-4022 CVE-2011-0281 CVE-2011-0282 CVE-2011-0284 CVE-2011-0285 CVE-2011-1527 CVE-2011-1528 CVE-2011-1529 CVE-2011-1530 CVE-2012-1012 CVE-2012-1013 CVE-2012-1016 CVE-2013-1415 CVE-2013-1417 CVE-2013-1418 CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344 CVE-2014-4345 CVE-2014-5351 CVE-2014-5352 CVE-2014-5353 CVE-2014-5354 CVE-2014-5355 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423 CVE-2015-2694 CVE-2015-2695 CVE-2015-2696 CVE-2015-2697 CVE-2015-2698 CVE-2015-8629 CVE-2015-8630 CVE-2015-8631 CVE-2016-3119 CVE-2016-3120 CVE-2017-11462 CVE-2017-15088 CVE-2018-5729 CVE-2018-5730 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the krb5-appl-clients-1.0.3-1.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-1526 CVE-2011-4862 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the lcms2-2.7-9.7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2016-10165 CVE-2018-16435 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the lftp-4.7.4-3.3.20 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-0139 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libFLAC++6-1.3.0-11.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-8962 CVE-2014-9028 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libHX28-3.18-1.18 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2010-2947 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libICE6-1.0.8-12.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2017-2626 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libIlmImf-Imf_2_1-21-2.1.0-6.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-1720 CVE-2009-1721 CVE-2017-12596 CVE-2017-9110 CVE-2017-9114 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libMagickCore-6_Q16-1-6.8.8.1-71.85.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2012-0247 CVE-2012-0248 CVE-2012-1185 CVE-2012-1186 CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716 CVE-2014-9805 CVE-2014-9806 CVE-2014-9807 CVE-2014-9808 CVE-2014-9809 CVE-2014-9810 CVE-2014-9811 CVE-2014-9812 CVE-2014-9813 CVE-2014-9814 CVE-2014-9815 CVE-2014-9816 CVE-2014-9817 CVE-2014-9818 CVE-2014-9819 CVE-2014-9820 CVE-2014-9821 CVE-2014-9822 CVE-2014-9823 CVE-2014-9824 CVE-2014-9825 CVE-2014-9826 CVE-2014-9828 CVE-2014-9829 CVE-2014-9830 CVE-2014-9831 CVE-2014-9832 CVE-2014-9833 CVE-2014-9834 CVE-2014-9835 CVE-2014-9836 CVE-2014-9837 CVE-2014-9838 CVE-2014-9839 CVE-2014-9840 CVE-2014-9841 CVE-2014-9842 CVE-2014-9843 CVE-2014-9844 CVE-2014-9845 CVE-2014-9846 CVE-2014-9847 CVE-2014-9848 CVE-2014-9849 CVE-2014-9850 CVE-2014-9851 CVE-2014-9852 CVE-2014-9853 CVE-2014-9854 CVE-2014-9907 CVE-2015-8894 CVE-2015-8895 CVE-2015-8896 CVE-2015-8897 CVE-2015-8898 CVE-2015-8900 CVE-2015-8901 CVE-2015-8902 CVE-2015-8903 CVE-2015-8957 CVE-2015-8958 CVE-2015-8959 CVE-2016-10046 CVE-2016-10048 CVE-2016-10049 CVE-2016-10050 CVE-2016-10051 CVE-2016-10052 CVE-2016-10059 CVE-2016-10060 CVE-2016-10061 CVE-2016-10062 CVE-2016-10063 CVE-2016-10064 CVE-2016-10065 CVE-2016-10068 CVE-2016-10069 CVE-2016-10070 CVE-2016-10071 CVE-2016-10144 CVE-2016-10145 CVE-2016-10146 CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 CVE-2016-4562 CVE-2016-4563 CVE-2016-4564 CVE-2016-5010 CVE-2016-5118 CVE-2016-5687 CVE-2016-5688 CVE-2016-5689 CVE-2016-5690 CVE-2016-5691 CVE-2016-5841 CVE-2016-5842 CVE-2016-6491 CVE-2016-6520 CVE-2016-6823 CVE-2016-7101 CVE-2016-7513 CVE-2016-7514 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7520 CVE-2016-7521 CVE-2016-7522 CVE-2016-7523 CVE-2016-7524 CVE-2016-7525 CVE-2016-7526 CVE-2016-7527 CVE-2016-7528 CVE-2016-7529 CVE-2016-7530 CVE-2016-7531 CVE-2016-7532 CVE-2016-7533 CVE-2016-7534 CVE-2016-7535 CVE-2016-7537 CVE-2016-7538 CVE-2016-7539 CVE-2016-7540 CVE-2016-7799 CVE-2016-7800 CVE-2016-7996 CVE-2016-7997 CVE-2016-8677 CVE-2016-8682 CVE-2016-8683 CVE-2016-8684 CVE-2016-8707 CVE-2016-8862 CVE-2016-8866 CVE-2016-9556 CVE-2016-9559 CVE-2016-9773 CVE-2017-1000445 CVE-2017-1000476 CVE-2017-10800 CVE-2017-10928 CVE-2017-10995 CVE-2017-11141 CVE-2017-11166 CVE-2017-11170 CVE-2017-11188 CVE-2017-11403 CVE-2017-11446 CVE-2017-11448 CVE-2017-11449 CVE-2017-11450 CVE-2017-11478 CVE-2017-11505 CVE-2017-11523 CVE-2017-11524 CVE-2017-11525 CVE-2017-11526 CVE-2017-11527 CVE-2017-11528 CVE-2017-11529 CVE-2017-11530 CVE-2017-11531 CVE-2017-11532 CVE-2017-11533 CVE-2017-11534 CVE-2017-11535 CVE-2017-11537 CVE-2017-11539 CVE-2017-11638 CVE-2017-11639 CVE-2017-11640 CVE-2017-11642 CVE-2017-11644 CVE-2017-11724 CVE-2017-11750 CVE-2017-11751 CVE-2017-11752 CVE-2017-12140 CVE-2017-12418 CVE-2017-12427 CVE-2017-12428 CVE-2017-12429 CVE-2017-12430 CVE-2017-12431 CVE-2017-12432 CVE-2017-12433 CVE-2017-12434 CVE-2017-12435 CVE-2017-12563 CVE-2017-12564 CVE-2017-12565 CVE-2017-12566 CVE-2017-12587 CVE-2017-12640 CVE-2017-12641 CVE-2017-12642 CVE-2017-12643 CVE-2017-12644 CVE-2017-12654 CVE-2017-12662 CVE-2017-12663 CVE-2017-12664 CVE-2017-12665 CVE-2017-12667 CVE-2017-12668 CVE-2017-12669 CVE-2017-12670 CVE-2017-12671 CVE-2017-12672 CVE-2017-12673 CVE-2017-12674 CVE-2017-12675 CVE-2017-12676 CVE-2017-12691 CVE-2017-12692 CVE-2017-12693 CVE-2017-12935 CVE-2017-12983 CVE-2017-13058 CVE-2017-13059 CVE-2017-13060 CVE-2017-13061 CVE-2017-13062 CVE-2017-13131 CVE-2017-13133 CVE-2017-13134 CVE-2017-13139 CVE-2017-13141 CVE-2017-13142 CVE-2017-13146 CVE-2017-13147 CVE-2017-13648 CVE-2017-13658 CVE-2017-13758 CVE-2017-13768 CVE-2017-13769 CVE-2017-14042 CVE-2017-14060 CVE-2017-14103 CVE-2017-14138 CVE-2017-14139 CVE-2017-14172 CVE-2017-14173 CVE-2017-14174 CVE-2017-14175 CVE-2017-14224 CVE-2017-14249 CVE-2017-14314 CVE-2017-14325 CVE-2017-14326 CVE-2017-14341 CVE-2017-14342 CVE-2017-14343 CVE-2017-14505 CVE-2017-14531 CVE-2017-14533 CVE-2017-14607 CVE-2017-14649 CVE-2017-14682 CVE-2017-14733 CVE-2017-14739 CVE-2017-14989 CVE-2017-14997 CVE-2017-15016 CVE-2017-15017 CVE-2017-15033 CVE-2017-15217 CVE-2017-15218 CVE-2017-15277 CVE-2017-15281 CVE-2017-15930 CVE-2017-16352 CVE-2017-16353 CVE-2017-16545 CVE-2017-16546 CVE-2017-16669 CVE-2017-17504 CVE-2017-17680 CVE-2017-17681 CVE-2017-17682 CVE-2017-17879 CVE-2017-17881 CVE-2017-17882 CVE-2017-17884 CVE-2017-17885 CVE-2017-17887 CVE-2017-17914 CVE-2017-17934 CVE-2017-18008 CVE-2017-18022 CVE-2017-18027 CVE-2017-18028 CVE-2017-18029 CVE-2017-18209 CVE-2017-18211 CVE-2017-18250 CVE-2017-18251 CVE-2017-18252 CVE-2017-18254 CVE-2017-18271 CVE-2017-5506 CVE-2017-5507 CVE-2017-5508 CVE-2017-5510 CVE-2017-5511 CVE-2017-6502 CVE-2017-7606 CVE-2017-7941 CVE-2017-7942 CVE-2017-7943 CVE-2017-8343 CVE-2017-8344 CVE-2017-8345 CVE-2017-8346 CVE-2017-8347 CVE-2017-8348 CVE-2017-8349 CVE-2017-8350 CVE-2017-8351 CVE-2017-8352 CVE-2017-8353 CVE-2017-8354 CVE-2017-8355 CVE-2017-8356 CVE-2017-8357 CVE-2017-8765 CVE-2017-8830 CVE-2017-9098 CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 CVE-2017-9144 CVE-2017-9261 CVE-2017-9262 CVE-2017-9405 CVE-2017-9407 CVE-2017-9409 CVE-2017-9439 CVE-2017-9440 CVE-2017-9500 CVE-2017-9501 CVE-2018-10177 CVE-2018-10804 CVE-2018-10805 CVE-2018-11251 CVE-2018-11655 CVE-2018-11656 CVE-2018-12599 CVE-2018-12600 CVE-2018-14434 CVE-2018-14435 CVE-2018-14436 CVE-2018-14437 CVE-2018-16323 CVE-2018-16329 CVE-2018-16413 CVE-2018-16640 CVE-2018-16642 CVE-2018-16643 CVE-2018-16644 CVE-2018-16645 CVE-2018-16749 CVE-2018-16750 CVE-2018-17965 CVE-2018-17966 CVE-2018-18016 CVE-2018-18024 CVE-2018-5246 CVE-2018-5247 CVE-2018-5357 CVE-2018-5685 CVE-2018-6405 CVE-2018-7443 CVE-2018-7470 CVE-2018-8804 CVE-2018-8960 CVE-2018-9018 CVE-2018-9133 CVE-2018-9135 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libQt5Concurrent5-5.6.2-6.12.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2015-0295 CVE-2015-1858 CVE-2015-1859 CVE-2015-1860 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libQt5WebKit5-5.6.2-1.31 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2015-8079 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libSoundTouch0-1.7.1-5.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2018-1000223 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libX11-6-1.6.2-12.5.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-1981 CVE-2013-1997 CVE-2013-2004 CVE-2016-7942 CVE-2018-14598 CVE-2018-14599 CVE-2018-14600 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libXRes1-1.0.7-3.53 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-1988 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libXcursor1-1.1.14-4.6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-2003 CVE-2015-9262 CVE-2017-16612 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libXdmcp6-1.1.1-12.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2017-2625 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libXext6-1.3.2-4.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-1982 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libXfixes3-32bit-5.0.1-7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-1983 CVE-2016-7944 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libXfont1-1.5.1-11.3.12 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-2895 CVE-2013-6462 CVE-2014-0209 CVE-2014-0210 CVE-2014-0211 CVE-2015-1802 CVE-2015-1803 CVE-2015-1804 CVE-2017-13720 CVE-2017-13722 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libXfont2-2-2.0.3-1.19 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2017-16611 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libXi6-1.7.4-17.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-1984 CVE-2013-1995 CVE-2013-1998 CVE-2016-7945 CVE-2016-7946 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libXinerama1-1.1.3-3.54 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-1985 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libXp6-1.0.2-3.57 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-2062 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libXpm4-3.5.11-5.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2016-10164 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libXrandr2-1.5.0-6.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-1986 CVE-2016-7947 CVE-2016-7948 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libXrender1-0.9.8-7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-1987 CVE-2016-7949 CVE-2016-7950 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libXt6-1.1.4-3.57 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-2002 CVE-2013-2005 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libXtst6-1.2.2-7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-2063 CVE-2016-7951 CVE-2016-7952 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libXv1-1.0.10-7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-1989 CVE-2013-2066 CVE-2016-5407 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libXvMC1-1.0.8-7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-1990 CVE-2013-1999 CVE-2016-7953 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libXvnc1-1.6.0-18.23.72 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-0011 CVE-2014-8240 CVE-2015-0255 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libXxf86dga1-1.1.4-3.58 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-1991 CVE-2013-2000 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libXxf86vm1-1.1.3-3.53 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-2001 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libapr-util1-1.5.3-2.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-0023 CVE-2009-2412 CVE-2009-3560 CVE-2009-3720 CVE-2010-1623 CVE-2017-12618 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libapr1-1.5.1-4.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-2412 CVE-2011-0419 CVE-2011-1928 CVE-2017-12613 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libarchive13-3.1.2-25.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-0211 CVE-2015-2304 CVE-2015-8915 CVE-2015-8916 CVE-2015-8918 CVE-2015-8919 CVE-2015-8920 CVE-2015-8921 CVE-2015-8922 CVE-2015-8923 CVE-2015-8924 CVE-2015-8925 CVE-2015-8926 CVE-2015-8928 CVE-2015-8929 CVE-2015-8930 CVE-2015-8931 CVE-2015-8932 CVE-2015-8933 CVE-2015-8934 CVE-2016-1541 CVE-2016-4300 CVE-2016-4301 CVE-2016-4302 CVE-2016-4809 CVE-2016-5418 CVE-2016-5844 CVE-2016-6250 CVE-2016-8687 CVE-2016-8688 CVE-2016-8689 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libasan2-32bit-5.3.1+r233831-12.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2015-5276 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libass5-0.10.2-3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2016-7969 CVE-2016-7972 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libblkid1-2.29.2-7.14 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-0157 CVE-2014-9114 CVE-2015-5218 CVE-2016-2779 CVE-2016-5011 CVE-2017-2616 CVE-2018-7738 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libcairo-gobject2-1.15.2-25.3.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2016-9082 CVE-2017-7475 CVE-2017-9814 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libcares2-1.9.1-9.4.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2016-5180 CVE-2017-1000381 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libcdio14-0.90-6.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2017-18201 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libdcerpc-binding0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-1886 CVE-2009-1888 CVE-2009-2813 CVE-2009-2906 CVE-2009-2948 CVE-2010-0547 CVE-2010-0728 CVE-2010-0787 CVE-2010-0926 CVE-2010-1635 CVE-2010-1642 CVE-2010-2063 CVE-2010-3069 CVE-2011-0719 CVE-2011-2522 CVE-2011-2694 CVE-2012-0817 CVE-2012-0870 CVE-2012-1182 CVE-2012-2111 CVE-2012-6150 CVE-2013-0172 CVE-2013-0213 CVE-2013-0214 CVE-2013-0454 CVE-2013-1863 CVE-2013-4124 CVE-2013-4408 CVE-2013-4475 CVE-2013-4476 CVE-2013-4496 CVE-2013-6442 CVE-2014-0178 CVE-2014-0239 CVE-2014-0244 CVE-2014-3493 CVE-2014-3560 CVE-2014-8143 CVE-2015-0240 CVE-2015-3223 CVE-2015-5252 CVE-2015-5296 CVE-2015-5299 CVE-2015-5330 CVE-2015-5370 CVE-2015-7560 CVE-2015-8467 CVE-2015-8543 CVE-2016-0771 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2115 CVE-2016-2118 CVE-2016-2119 CVE-2016-2123 CVE-2016-2125 CVE-2016-2126 CVE-2017-11103 CVE-2017-12150 CVE-2017-12151 CVE-2017-12163 CVE-2017-14746 CVE-2017-15275 CVE-2017-2619 CVE-2017-7494 CVE-2018-1050 CVE-2018-1057 CVE-2018-10858 CVE-2018-10919 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libdmx1-1.1.3-3.51 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-1992 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libecpg6-10.5-1.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2007-4772 CVE-2007-6600 CVE-2009-4034 CVE-2009-4136 CVE-2010-1169 CVE-2010-1170 CVE-2010-3433 CVE-2012-0866 CVE-2012-0867 CVE-2012-0868 CVE-2012-2143 CVE-2012-2655 CVE-2012-3488 CVE-2012-3489 CVE-2013-0255 CVE-2013-1899 CVE-2013-1900 CVE-2013-1901 CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 CVE-2014-0067 CVE-2015-3165 CVE-2015-3166 CVE-2015-3167 CVE-2015-5288 CVE-2015-5289 CVE-2016-0766 CVE-2016-0773 CVE-2016-2193 CVE-2016-3065 CVE-2017-15098 CVE-2017-15099 CVE-2017-7484 CVE-2017-7485 CVE-2017-7486 CVE-2017-7546 CVE-2017-7547 CVE-2017-7548 CVE-2018-1053 CVE-2018-1058 CVE-2018-10915 CVE-2018-10925 CVE-2018-1115 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libevent-2_0-5-2.0.21-6.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-6272 CVE-2016-10195 CVE-2016-10196 CVE-2016-10197 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libexempi3-2.2.1-5.7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2017-18233 CVE-2017-18234 CVE-2017-18236 CVE-2017-18238 CVE-2018-7728 CVE-2018-7730 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libexif12-0.6.21-8.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841 CVE-2016-6328 CVE-2017-7544 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libfreebl3-3.29.5-58.12.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2010-3170 CVE-2011-3389 CVE-2011-3640 CVE-2013-0743 CVE-2013-0791 CVE-2013-1620 CVE-2013-1739 CVE-2013-1740 CVE-2013-5605 CVE-2014-1492 CVE-2014-1568 CVE-2014-1569 CVE-2015-4000 CVE-2015-7181 CVE-2015-7182 CVE-2015-7575 CVE-2016-1938 CVE-2016-1950 CVE-2016-1978 CVE-2016-1979 CVE-2016-2834 CVE-2016-5285 CVE-2016-8635 CVE-2016-9074 CVE-2016-9574 CVE-2017-7805 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libfreetype6-2.6.3-7.15.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-0946 CVE-2010-2497 CVE-2010-2805 CVE-2010-3053 CVE-2010-3054 CVE-2010-3311 CVE-2010-3814 CVE-2010-3855 CVE-2011-0226 CVE-2011-3256 CVE-2011-3439 CVE-2012-1126 CVE-2012-1127 CVE-2012-1128 CVE-2012-1129 CVE-2012-1130 CVE-2012-1131 CVE-2012-1132 CVE-2012-1133 CVE-2012-1134 CVE-2012-1135 CVE-2012-1136 CVE-2012-1137 CVE-2012-1138 CVE-2012-1139 CVE-2012-1140 CVE-2012-1141 CVE-2012-1142 CVE-2012-1143 CVE-2012-1144 CVE-2012-5668 CVE-2012-5669 CVE-2012-5670 CVE-2014-2240 CVE-2014-2241 CVE-2014-9656 CVE-2014-9657 CVE-2014-9658 CVE-2014-9659 CVE-2014-9660 CVE-2014-9661 CVE-2014-9662 CVE-2014-9663 CVE-2014-9664 CVE-2014-9665 CVE-2014-9666 CVE-2014-9667 CVE-2014-9668 CVE-2014-9669 CVE-2014-9670 CVE-2014-9671 CVE-2014-9672 CVE-2014-9673 CVE-2014-9674 CVE-2014-9675 CVE-2016-10244 CVE-2017-8105 CVE-2017-8287 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libgc1-7.2d-5.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2012-2673 CVE-2016-9427 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libgcrypt20-1.6.1-16.61.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-4242 CVE-2014-3591 CVE-2015-0837 CVE-2015-7511 CVE-2016-6313 CVE-2017-7526 CVE-2018-0495 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libgme0-0.6.0-5.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2016-9957 CVE-2016-9958 CVE-2016-9959 CVE-2016-9960 CVE-2016-9961 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libgnomesu-2.0.0-353.6.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-1946 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libgoa-1_0-0-3.20.5-9.6 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-0240 CVE-2013-1799 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libgraphite2-3-1.3.1-10.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2016-1521 CVE-2016-1523 CVE-2016-1526 CVE-2017-5436 CVE-2018-7999 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libgssglue1-0.4-3.76 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-2709 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libgypsy0-0.9-6.22 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-0523 CVE-2011-0524 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libhivex0-1.3.10-4.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-9273 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libhogweed2-2.7.1-12.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 CVE-2016-6489 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libical1-1.0.1-16.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2016-5824 CVE-2016-5827 CVE-2016-9584 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libicu-doc-52.1-8.7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-8146 CVE-2014-8147 CVE-2014-9654 CVE-2016-6293 CVE-2017-14952 CVE-2017-15422 CVE-2017-17484 CVE-2017-7867 CVE-2017-7868 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libidn-tools-1.28-5.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2015-2059 CVE-2015-8948 CVE-2016-6261 CVE-2016-6262 CVE-2016-6263 CVE-2017-14062 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libimobiledevice6-1.2.0-7.31 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-2142 CVE-2016-5104 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libipa_hbac0-1.16.1-2.8 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2010-4341 CVE-2011-1758 CVE-2013-0219 CVE-2013-0220 CVE-2013-0287 CVE-2017-12173 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libjansson4-2.7-1.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-6401 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libjasper1-1.900.14-195.8.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2008-3522 CVE-2011-4516 CVE-2011-4517 CVE-2014-8137 CVE-2014-8138 CVE-2014-8157 CVE-2014-8158 CVE-2014-9029 CVE-2015-5203 CVE-2015-5221 CVE-2016-10251 CVE-2016-1577 CVE-2016-1867 CVE-2016-2089 CVE-2016-2116 CVE-2016-8654 CVE-2016-8690 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8884 CVE-2016-8885 CVE-2016-8886 CVE-2016-8887 CVE-2016-9262 CVE-2016-9388 CVE-2016-9389 CVE-2016-9390 CVE-2016-9391 CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 CVE-2016-9395 CVE-2016-9398 CVE-2016-9560 CVE-2016-9583 CVE-2016-9591 CVE-2016-9600 CVE-2017-1000050 CVE-2017-5498 CVE-2017-6850 CVE-2018-9055 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libjavascriptcoregtk-3_0-0-2.4.11-23.20 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2012-5112 CVE-2012-5133 CVE-2014-1344 CVE-2014-1384 CVE-2014-1385 CVE-2014-1386 CVE-2014-1387 CVE-2014-1388 CVE-2014-1389 CVE-2014-1390 CVE-2014-1748 CVE-2015-1071 CVE-2015-1076 CVE-2015-1081 CVE-2015-1083 CVE-2015-1120 CVE-2015-1122 CVE-2015-1127 CVE-2015-1153 CVE-2015-1155 CVE-2015-2330 CVE-2015-3658 CVE-2015-3659 CVE-2015-3727 CVE-2015-3731 CVE-2015-3741 CVE-2015-3743 CVE-2015-3745 CVE-2015-3747 CVE-2015-3748 CVE-2015-3749 CVE-2015-3752 CVE-2015-5788 CVE-2015-5794 CVE-2015-5801 CVE-2015-5809 CVE-2015-5822 CVE-2015-5928 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libjavascriptcoregtk-4_0-18-2.20.3-2.23.8 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2016-1856 CVE-2016-1857 CVE-2016-4590 CVE-2016-4591 CVE-2016-4622 CVE-2016-4624 CVE-2016-4692 CVE-2016-4743 CVE-2016-7586 CVE-2016-7587 CVE-2016-7589 CVE-2016-7592 CVE-2016-7598 CVE-2016-7599 CVE-2016-7610 CVE-2016-7623 CVE-2016-7632 CVE-2016-7635 CVE-2016-7639 CVE-2016-7641 CVE-2016-7645 CVE-2016-7652 CVE-2016-7654 CVE-2016-7656 CVE-2017-1000121 CVE-2017-1000122 CVE-2017-13788 CVE-2017-13798 CVE-2017-13803 CVE-2017-13856 CVE-2017-13866 CVE-2017-13870 CVE-2017-13884 CVE-2017-13885 CVE-2017-2350 CVE-2017-2354 CVE-2017-2355 CVE-2017-2356 CVE-2017-2362 CVE-2017-2363 CVE-2017-2364 CVE-2017-2365 CVE-2017-2366 CVE-2017-2369 CVE-2017-2371 CVE-2017-2373 CVE-2017-2496 CVE-2017-2510 CVE-2017-2538 CVE-2017-2539 CVE-2017-5715 CVE-2017-5753 CVE-2017-7006 CVE-2017-7011 CVE-2017-7012 CVE-2017-7018 CVE-2017-7019 CVE-2017-7020 CVE-2017-7030 CVE-2017-7034 CVE-2017-7037 CVE-2017-7038 CVE-2017-7039 CVE-2017-7040 CVE-2017-7041 CVE-2017-7042 CVE-2017-7043 CVE-2017-7046 CVE-2017-7048 CVE-2017-7049 CVE-2017-7052 CVE-2017-7055 CVE-2017-7056 CVE-2017-7059 CVE-2017-7061 CVE-2017-7064 CVE-2017-7081 CVE-2017-7087 CVE-2017-7089 CVE-2017-7090 CVE-2017-7091 CVE-2017-7092 CVE-2017-7093 CVE-2017-7094 CVE-2017-7095 CVE-2017-7096 CVE-2017-7098 CVE-2017-7099 CVE-2017-7100 CVE-2017-7102 CVE-2017-7104 CVE-2017-7107 CVE-2017-7109 CVE-2017-7111 CVE-2017-7117 CVE-2017-7120 CVE-2017-7142 CVE-2017-7153 CVE-2017-7156 CVE-2017-7157 CVE-2017-7160 CVE-2017-7161 CVE-2017-7165 CVE-2018-11646 CVE-2018-11712 CVE-2018-11713 CVE-2018-12911 CVE-2018-4088 CVE-2018-4096 CVE-2018-4101 CVE-2018-4113 CVE-2018-4114 CVE-2018-4117 CVE-2018-4118 CVE-2018-4119 CVE-2018-4120 CVE-2018-4121 CVE-2018-4122 CVE-2018-4125 CVE-2018-4127 CVE-2018-4128 CVE-2018-4129 CVE-2018-4133 CVE-2018-4146 CVE-2018-4161 CVE-2018-4162 CVE-2018-4163 CVE-2018-4165 CVE-2018-4190 CVE-2018-4199 CVE-2018-4200 CVE-2018-4204 CVE-2018-4218 CVE-2018-4222 CVE-2018-4232 CVE-2018-4233 CVE-2018-4246 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libjbig2-2.0-12.13 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-6369 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libjpeg-turbo-1.5.3-31.7.4 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-9092 CVE-2017-15232 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libjson-c2-0.11-2.15 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-6370 CVE-2013-6371 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libkde4-32bit-4.12.0-10.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2016-6354 CVE-2017-8422 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libkpathsea6-6.2.0dev-22.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2018-17407 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libksba8-1.3.0-23.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-9087 CVE-2016-4574 CVE-2016-4579 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the liblcms1-1.19-17.28 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-0793 CVE-2013-4276 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libldap-2_4-2-2.4.41-18.40.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2015-1545 CVE-2015-1546 CVE-2015-6908 CVE-2017-9287 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libldb1-1.1.29-3.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2015-3223 CVE-2015-5330 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the liblouis-data-2.6.4-6.6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2017-13738 CVE-2017-13739 CVE-2017-13740 CVE-2017-13741 CVE-2017-13743 CVE-2017-13744 CVE-2018-11440 CVE-2018-11577 CVE-2018-11683 CVE-2018-11684 CVE-2018-11685 CVE-2018-12085 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libltdl7-2.4.2-17.4.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-3736 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the liblua5_2-32bit-5.2.4-6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-5461 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the liblzo2-2-2.08-1.13 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-4607 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libmicrohttpd10-0.9.30-5.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-7038 CVE-2013-7039 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libmms0-0.6.2-15.8 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-2892 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libmodplug1-0.8.9.0+git20170610.f6dd59a-15.4.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-1761 CVE-2013-4233 CVE-2013-4234 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libmpfr4-3.1.2-7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-9474 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libmspack0-0.4-14.4 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2010-2800 CVE-2010-2801 CVE-2014-9556 CVE-2014-9732 CVE-2015-4467 CVE-2015-4468 CVE-2015-4469 CVE-2015-4470 CVE-2015-4471 CVE-2015-4472 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libmusicbrainz4-2.1.5-27.79 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2006-4197 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libmysqlclient18-10.0.35-1.7 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2007-5970 CVE-2008-7247 CVE-2009-4019 CVE-2009-4028 CVE-2009-4030 CVE-2010-5298 CVE-2012-5615 CVE-2013-1976 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-2494 CVE-2014-3470 CVE-2014-4207 CVE-2014-4258 CVE-2014-4260 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6474 CVE-2014-6478 CVE-2014-6484 CVE-2014-6489 CVE-2014-6491 CVE-2014-6494 CVE-2014-6495 CVE-2014-6496 CVE-2014-6500 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 CVE-2014-6564 CVE-2014-6568 CVE-2014-8964 CVE-2015-0374 CVE-2015-0381 CVE-2015-0382 CVE-2015-0391 CVE-2015-0411 CVE-2015-0432 CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501 CVE-2015-0505 CVE-2015-2325 CVE-2015-2326 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573 CVE-2015-3152 CVE-2015-4792 CVE-2015-4802 CVE-2015-4807 CVE-2015-4815 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4870 CVE-2015-4913 CVE-2015-5969 CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616 CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0651 CVE-2016-0655 CVE-2016-0666 CVE-2016-0668 CVE-2016-2047 CVE-2016-3477 CVE-2016-3492 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440 CVE-2016-5584 CVE-2016-5624 CVE-2016-5626 CVE-2016-5629 CVE-2016-6662 CVE-2016-6663 CVE-2016-6664 CVE-2016-7440 CVE-2016-8283 CVE-2017-10268 CVE-2017-10378 CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3257 CVE-2017-3258 CVE-2017-3265 CVE-2017-3291 CVE-2017-3302 CVE-2017-3308 CVE-2017-3309 CVE-2017-3312 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 CVE-2018-2562 CVE-2018-2612 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 CVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2767 CVE-2018-2771 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817 CVE-2018-2819 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libncurses5-32bit-5.9-58.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2017-10684 CVE-2017-10685 CVE-2017-11112 CVE-2017-11113 CVE-2017-13728 CVE-2017-13729 CVE-2017-13730 CVE-2017-13731 CVE-2017-13732 CVE-2017-13733 CVE-2017-13734 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libneon27-0.30.0-3.64 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-2473 CVE-2009-2474 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libnetpbm11-10.66.3-7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2016-6354 CVE-2017-2581 CVE-2017-2586 CVE-2017-2587 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libnghttp2-14-1.7.1-1.84 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2016-1544 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libnm-glib-vpn1-1.0.12-13.6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2015-2924 CVE-2016-0764 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libopenjp2-7-2.1.0-4.9.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2015-1239 CVE-2015-8871 CVE-2016-10507 CVE-2016-7163 CVE-2016-7445 CVE-2016-8332 CVE-2016-9112 CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 CVE-2016-9572 CVE-2016-9573 CVE-2016-9580 CVE-2016-9581 CVE-2017-14039 CVE-2017-14040 CVE-2017-14041 CVE-2017-14164 CVE-2017-17479 CVE-2017-17480 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libopenssl-1_0_0-devel-1.0.2p-2.11 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2006-7250 CVE-2008-5077 CVE-2009-0590 CVE-2009-0591 CVE-2009-0789 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 CVE-2010-0740 CVE-2010-0742 CVE-2010-1633 CVE-2010-2939 CVE-2010-3864 CVE-2010-5298 CVE-2011-0014 CVE-2011-3207 CVE-2011-3210 CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 CVE-2012-0027 CVE-2012-0050 CVE-2012-0884 CVE-2012-1165 CVE-2012-2110 CVE-2012-2686 CVE-2012-4929 CVE-2013-0166 CVE-2013-0169 CVE-2013-4353 CVE-2013-6449 CVE-2013-6450 CVE-2014-0076 CVE-2014-0160 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 CVE-2014-3512 CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-5139 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0293 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 CVE-2015-3197 CVE-2015-3216 CVE-2015-4000 CVE-2016-0702 CVE-2016-0705 CVE-2016-0797 CVE-2016-0798 CVE-2016-0799 CVE-2016-0800 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2109 CVE-2016-2176 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 CVE-2016-7052 CVE-2016-7055 CVE-2017-3731 CVE-2017-3732 CVE-2017-3735 CVE-2017-3736 CVE-2017-3737 CVE-2017-3738 CVE-2018-0732 CVE-2018-0737 CVE-2018-0739 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libopenssl-devel-1.0.2p-1.13 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2006-7250 CVE-2008-5077 CVE-2009-0590 CVE-2009-0591 CVE-2009-0789 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 CVE-2010-0740 CVE-2010-0742 CVE-2010-1633 CVE-2010-2939 CVE-2010-3864 CVE-2010-5298 CVE-2011-0014 CVE-2011-3207 CVE-2011-3210 CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 CVE-2012-0027 CVE-2012-0050 CVE-2012-0884 CVE-2012-1165 CVE-2012-2110 CVE-2012-2686 CVE-2012-4929 CVE-2013-0166 CVE-2013-0169 CVE-2013-4353 CVE-2013-6449 CVE-2013-6450 CVE-2014-0076 CVE-2014-0160 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 CVE-2014-3512 CVE-2014-3513 CVE-2014-3567 CVE-2014-3568 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-5139 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0293 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-1793 CVE-2015-1794 CVE-2015-3193 CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 CVE-2015-3197 CVE-2016-0701 CVE-2016-0702 CVE-2016-0705 CVE-2016-0797 CVE-2016-0798 CVE-2016-0800 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2109 CVE-2016-2176 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 CVE-2016-7052 CVE-2016-7055 CVE-2016-7056 CVE-2017-3731 CVE-2017-3732 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libopenssl1_1-1.1.1-1.9 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2006-7250 CVE-2008-5077 CVE-2009-0590 CVE-2009-0591 CVE-2009-0789 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 CVE-2010-0740 CVE-2010-0742 CVE-2010-1633 CVE-2010-2939 CVE-2010-3864 CVE-2010-5298 CVE-2011-0014 CVE-2011-3207 CVE-2011-3210 CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 CVE-2012-0027 CVE-2012-0050 CVE-2012-0884 CVE-2012-1165 CVE-2012-2110 CVE-2012-2686 CVE-2012-4929 CVE-2013-0166 CVE-2013-0169 CVE-2013-4353 CVE-2013-6449 CVE-2013-6450 CVE-2014-0076 CVE-2014-0160 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 CVE-2014-3512 CVE-2014-3513 CVE-2014-3567 CVE-2014-3568 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-5139 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0293 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-1793 CVE-2015-1794 CVE-2015-3193 CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 CVE-2015-3197 CVE-2016-0701 CVE-2016-0702 CVE-2016-0705 CVE-2016-0797 CVE-2016-0798 CVE-2016-0800 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2109 CVE-2016-2176 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 CVE-2016-7052 CVE-2016-7055 CVE-2016-7056 CVE-2017-3731 CVE-2017-3732 CVE-2017-3735 CVE-2017-3736 CVE-2017-3738 CVE-2018-0732 CVE-2018-0737 CVE-2018-0739 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libopenvswitch-2_8-0-2.8.4-3.36 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2012-3449 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libopus0-1.1-3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2017-0381 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libospf0-1.1.1-17.7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2010-1674 CVE-2010-1675 CVE-2016-1245 CVE-2016-2342 CVE-2016-4049 CVE-2017-16227 CVE-2017-5495 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libotr5-4.0.0-9.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2016-2851 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libpango-1_0-0-1.40.1-9.5 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-0020 CVE-2011-0064 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libpcre1-32bit-8.39-8.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-8964 CVE-2015-2325 CVE-2015-2327 CVE-2015-2328 CVE-2015-3210 CVE-2015-3217 CVE-2015-5073 CVE-2015-8380 CVE-2016-1283 CVE-2016-3191 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libpcsclite1-1.8.10-7.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2010-0407 CVE-2010-4531 CVE-2016-10109 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libplist3-1.12-20.3.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2017-5209 CVE-2017-5545 CVE-2017-5834 CVE-2017-5835 CVE-2017-5836 CVE-2017-6435 CVE-2017-6436 CVE-2017-6437 CVE-2017-6438 CVE-2017-6439 CVE-2017-6440 CVE-2017-7982 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libpng12-0-1.2.50-19.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2010-1205 CVE-2011-2501 CVE-2011-3026 CVE-2011-3045 CVE-2011-3048 CVE-2012-3386 CVE-2013-7353 CVE-2013-7354 CVE-2015-7981 CVE-2015-8126 CVE-2015-8540 CVE-2016-10087 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libpng15-15-1.5.22-9.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2010-1205 CVE-2011-2501 CVE-2011-2690 CVE-2011-2691 CVE-2011-2692 CVE-2011-3026 CVE-2011-3048 CVE-2011-3328 CVE-2011-3464 CVE-2012-3386 CVE-2015-8126 CVE-2015-8540 CVE-2016-10087 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libpng16-16-1.6.8-14.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2010-1205 CVE-2011-2501 CVE-2011-2690 CVE-2011-2691 CVE-2011-2692 CVE-2011-3328 CVE-2013-6954 CVE-2014-0333 CVE-2014-9495 CVE-2015-0973 CVE-2015-8126 CVE-2016-10087 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libpolkit0-0.113-5.12.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2010-0750 CVE-2011-1485 CVE-2013-4288 CVE-2015-3218 CVE-2015-3255 CVE-2015-3256 CVE-2015-4625 CVE-2018-1116 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libpoppler-glib8-0.43.0-16.15.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 CVE-2009-1187 CVE-2009-1188 CVE-2009-3607 CVE-2009-3608 CVE-2013-1788 CVE-2013-1789 CVE-2013-1790 CVE-2013-4473 CVE-2013-4474 CVE-2017-1000456 CVE-2017-14517 CVE-2017-14518 CVE-2017-14520 CVE-2017-14617 CVE-2017-14928 CVE-2017-14975 CVE-2017-14976 CVE-2017-14977 CVE-2017-15565 CVE-2017-7511 CVE-2017-7515 CVE-2017-9406 CVE-2017-9408 CVE-2017-9775 CVE-2017-9776 CVE-2017-9865 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libprocps3-3.3.9-11.14.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libproxy1-0.4.13-16.3 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2012-4504 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libpulse-mainloop-glib0-32bit-5.0-4.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-3970 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libpython2_7-1_0-2.7.13-28.11.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-1521 CVE-2011-3389 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 CVE-2013-1752 CVE-2013-1753 CVE-2013-4238 CVE-2014-1912 CVE-2014-4650 CVE-2014-7185 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 CVE-2017-1000158 CVE-2017-18207 CVE-2018-1000030 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libpython3_4m1_0-3.4.6-25.16.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-3389 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 CVE-2013-1752 CVE-2013-4238 CVE-2014-2667 CVE-2014-4650 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 CVE-2017-18207 CVE-2018-1060 CVE-2018-1061 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libqpdf18-7.1.1-3.3.4 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2017-11624 CVE-2017-11625 CVE-2017-11626 CVE-2017-11627 CVE-2017-12595 CVE-2017-9208 CVE-2017-9209 CVE-2017-9210 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libqt4-32bit-4.8.7-8.8.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-0945 CVE-2011-3193 CVE-2011-3922 CVE-2012-4929 CVE-2012-6093 CVE-2013-0254 CVE-2013-4549 CVE-2014-0190 CVE-2015-0295 CVE-2015-1858 CVE-2015-1859 CVE-2015-1860 CVE-2016-10040 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libquicktime0-1.2.4-14.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2016-2399 CVE-2017-9122 CVE-2017-9123 CVE-2017-9124 CVE-2017-9125 CVE-2017-9126 CVE-2017-9127 CVE-2017-9128 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libraptor2-0-2.0.10-3.63 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2012-0037 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the librelp0-1.2.12-3.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2018-1000140 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libruby2_1-2_1-2.1.9-18.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-3566 CVE-2014-4975 CVE-2014-8080 CVE-2014-8090 CVE-2015-1855 CVE-2015-3900 CVE-2015-7551 CVE-2016-2339 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libsaml8-2.5.5-3.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2017-16853 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libshibsp-lite6-2.5.5-6.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2017-16852 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libsmi-0.4.8-18.55 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2010-2891 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libsndfile1-1.0.25-36.16.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-0186 CVE-2011-2696 CVE-2014-9496 CVE-2014-9756 CVE-2015-7805 CVE-2015-8075 CVE-2017-14245 CVE-2017-14246 CVE-2017-14634 CVE-2017-16942 CVE-2017-17456 CVE-2017-17457 CVE-2017-6892 CVE-2017-7585 CVE-2017-7586 CVE-2017-7741 CVE-2017-7742 CVE-2017-8361 CVE-2017-8362 CVE-2017-8363 CVE-2017-8365 CVE-2018-13139 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libsnmp30-32bit-5.7.3-6.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2012-2141 CVE-2014-2284 CVE-2014-2285 CVE-2014-3565 CVE-2015-5621 CVE-2018-18065 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libsoup-2_4-1-2.62.2-5.7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-2054 CVE-2017-2885 CVE-2018-12910 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libspice-client-glib-2_0-8-0.33-3.6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2012-4425 CVE-2017-12194 CVE-2018-10873 CVE-2018-10893 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libspice-server1-0.12.8-6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-4282 CVE-2015-3247 CVE-2015-5260 CVE-2015-5261 CVE-2016-0749 CVE-2016-2150 CVE-2016-9577 CVE-2016-9578 CVE-2017-7506 CVE-2018-10873 CVE-2018-10893 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libsqlite3-0-3.8.10.2-8.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2016-6153 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libsrtp1-1.5.2-3.2.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-2139 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libssh2-1-1.4.3-19.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2015-1782 CVE-2016-0787 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libssh4-0.6.3-12.6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2012-4559 CVE-2012-4560 CVE-2012-4561 CVE-2013-0176 CVE-2014-0017 CVE-2014-8132 CVE-2015-3146 CVE-2016-0739 CVE-2018-10933 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libsystemd0-228-150.49.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2012-1174 CVE-2013-4288 CVE-2016-10156 CVE-2016-7795 CVE-2017-15908 CVE-2017-18078 CVE-2017-9217 CVE-2017-9445 CVE-2018-1049 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libtag1-1.9.1-1.218 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2012-2396 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libtasn1-4.9-3.5.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-3467 CVE-2014-3468 CVE-2014-3469 CVE-2015-2806 CVE-2015-3622 CVE-2016-4008 CVE-2018-6003 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libtcnative-1-0-1.2.17-1.12 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2015-4000 CVE-2017-15698 CVE-2018-8019 CVE-2018-8020 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libthai-data-0.1.25-4.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-4012 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libtiff5-32bit-4.0.9-44.24.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-2285 CVE-2009-2347 CVE-2010-2065 CVE-2010-2067 CVE-2010-2233 CVE-2010-4665 CVE-2011-0192 CVE-2011-1167 CVE-2012-1173 CVE-2012-2113 CVE-2012-3401 CVE-2012-4564 CVE-2013-1960 CVE-2013-1961 CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130 CVE-2014-9655 CVE-2015-1547 CVE-2015-7554 CVE-2015-8665 CVE-2015-8683 CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2016-10095 CVE-2016-10266 CVE-2016-10267 CVE-2016-10268 CVE-2016-10269 CVE-2016-10270 CVE-2016-10271 CVE-2016-10272 CVE-2016-10371 CVE-2016-3186 CVE-2016-3622 CVE-2016-3623 CVE-2016-3632 CVE-2016-3658 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5314 CVE-2016-5316 CVE-2016-5317 CVE-2016-5318 CVE-2016-5319 CVE-2016-5320 CVE-2016-5321 CVE-2016-5323 CVE-2016-5652 CVE-2016-5875 CVE-2016-8331 CVE-2016-9273 CVE-2016-9297 CVE-2016-9448 CVE-2016-9453 CVE-2016-9538 CVE-2017-11613 CVE-2017-16232 CVE-2017-17942 CVE-2017-17973 CVE-2017-18013 CVE-2017-5225 CVE-2017-7592 CVE-2017-7593 CVE-2017-7594 CVE-2017-7595 CVE-2017-7596 CVE-2017-7597 CVE-2017-7598 CVE-2017-7599 CVE-2017-7600 CVE-2017-7601 CVE-2017-7602 CVE-2017-9403 CVE-2017-9404 CVE-2017-9935 CVE-2017-9936 CVE-2018-10779 CVE-2018-10963 CVE-2018-16335 CVE-2018-17100 CVE-2018-17101 CVE-2018-17795 CVE-2018-5784 CVE-2018-7456 CVE-2018-8905 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libtirpc-netconfig-1.0.1-17.6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2017-8779 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libudisks2-0-2.1.3-1.13 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-0004 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libupsclient1-2.7.1-1.30 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2012-2944 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libusbmuxd4-1.0.10-2.3 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2016-5104 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libvdpau1-1.1.1-6.73 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2015-5198 CVE-2015-5199 CVE-2015-5200 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libvirglrenderer0-0.5.0-11.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2016-10163 CVE-2016-10214 CVE-2017-5580 CVE-2017-5937 CVE-2017-5956 CVE-2017-5957 CVE-2017-5993 CVE-2017-5994 CVE-2017-6209 CVE-2017-6210 CVE-2017-6317 CVE-2017-6355 CVE-2017-6386 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libvirt-4.0.0-6.13 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2010-2242 CVE-2011-1146 CVE-2011-2511 CVE-2011-4600 CVE-2012-3445 CVE-2013-0170 CVE-2013-1962 CVE-2013-2218 CVE-2013-2230 CVE-2013-4153 CVE-2013-4154 CVE-2013-4239 CVE-2013-4296 CVE-2013-4297 CVE-2013-4311 CVE-2013-4399 CVE-2013-4400 CVE-2013-4401 CVE-2013-6436 CVE-2013-6456 CVE-2013-6457 CVE-2013-6458 CVE-2014-0028 CVE-2014-0179 CVE-2014-1447 CVE-2014-3633 CVE-2014-3657 CVE-2014-7823 CVE-2014-8131 CVE-2015-0236 CVE-2015-5247 CVE-2015-5313 CVE-2017-1000256 CVE-2017-2635 CVE-2017-5715 CVE-2018-1064 CVE-2018-3639 CVE-2018-5748 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libvmtools0-10.3.0-2.6 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2015-5191 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libvncclient0-0.9.9-17.5.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-6051 CVE-2014-6052 CVE-2014-6053 CVE-2014-6054 CVE-2014-6055 CVE-2016-9941 CVE-2016-9942 CVE-2018-7225 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libvorbis-doc-1.3.3-10.14.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2008-1420 CVE-2009-3379 CVE-2012-0444 CVE-2017-14160 CVE-2017-14632 CVE-2017-14633 CVE-2018-10392 CVE-2018-10393 CVE-2018-5146 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libvpx1-1.3.0-3.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2017-13194 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libvte9-0.28.2-19.7 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2012-2738 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libwavpack1-4.60.99-5.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2016-10169 CVE-2016-10170 CVE-2016-10171 CVE-2016-10172 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libwireshark9-2.4.9-48.29.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-1210 CVE-2009-1267 CVE-2009-1268 CVE-2009-1269 CVE-2009-3241 CVE-2009-3242 CVE-2009-3243 CVE-2010-1455 CVE-2010-2993 CVE-2010-3445 CVE-2010-4300 CVE-2010-4301 CVE-2010-4538 CVE-2011-0024 CVE-2011-0538 CVE-2011-0713 CVE-2011-1138 CVE-2011-1139 CVE-2011-1140 CVE-2011-1143 CVE-2011-1590 CVE-2011-1591 CVE-2011-1592 CVE-2011-1957 CVE-2011-1958 CVE-2011-1959 CVE-2011-2174 CVE-2011-2175 CVE-2011-2597 CVE-2011-2698 CVE-2011-3266 CVE-2011-3360 CVE-2011-3483 CVE-2012-2392 CVE-2012-2393 CVE-2012-2394 CVE-2012-3548 CVE-2012-4048 CVE-2012-4049 CVE-2012-4285 CVE-2012-4286 CVE-2012-4287 CVE-2012-4288 CVE-2012-4289 CVE-2012-4290 CVE-2012-4291 CVE-2012-4292 CVE-2012-4293 CVE-2012-4294 CVE-2012-4295 CVE-2012-4296 CVE-2012-4297 CVE-2012-4298 CVE-2012-5237 CVE-2012-5238 CVE-2012-5239 CVE-2012-5240 CVE-2012-5592 CVE-2012-5593 CVE-2012-5594 CVE-2012-5595 CVE-2012-5596 CVE-2012-5597 CVE-2012-5598 CVE-2012-5599 CVE-2012-5600 CVE-2012-5601 CVE-2012-5602 CVE-2013-1572 CVE-2013-1573 CVE-2013-1574 CVE-2013-1575 CVE-2013-1576 CVE-2013-1577 CVE-2013-1578 CVE-2013-1579 CVE-2013-1580 CVE-2013-1581 CVE-2013-1582 CVE-2013-1583 CVE-2013-1584 CVE-2013-1585 CVE-2013-1586 CVE-2013-1587 CVE-2013-1588 CVE-2013-1589 CVE-2013-1590 CVE-2013-2475 CVE-2013-2476 CVE-2013-2477 CVE-2013-2478 CVE-2013-2479 CVE-2013-2480 CVE-2013-2481 CVE-2013-2482 CVE-2013-2483 CVE-2013-2484 CVE-2013-2485 CVE-2013-2486 CVE-2013-2487 CVE-2013-2488 CVE-2013-3555 CVE-2013-3556 CVE-2013-3557 CVE-2013-3558 CVE-2013-3559 CVE-2013-3560 CVE-2013-3561 CVE-2013-3562 CVE-2013-4083 CVE-2013-4920 CVE-2013-4921 CVE-2013-4922 CVE-2013-4923 CVE-2013-4924 CVE-2013-4925 CVE-2013-4926 CVE-2013-4927 CVE-2013-4928 CVE-2013-4929 CVE-2013-4930 CVE-2013-4931 CVE-2013-4932 CVE-2013-4933 CVE-2013-4934 CVE-2013-4935 CVE-2013-4936 CVE-2013-5717 CVE-2013-5718 CVE-2013-5719 CVE-2013-5720 CVE-2013-5721 CVE-2013-5722 CVE-2013-6336 CVE-2013-6337 CVE-2013-6338 CVE-2013-6339 CVE-2013-6340 CVE-2013-7112 CVE-2013-7113 CVE-2013-7114 CVE-2014-2281 CVE-2014-2282 CVE-2014-2283 CVE-2014-2299 CVE-2014-2907 CVE-2014-4020 CVE-2014-5161 CVE-2014-5162 CVE-2014-5163 CVE-2014-5164 CVE-2014-5165 CVE-2015-0559 CVE-2015-0560 CVE-2015-0561 CVE-2015-0562 CVE-2015-0563 CVE-2015-0564 CVE-2015-2188 CVE-2015-2189 CVE-2015-2191 CVE-2015-3811 CVE-2015-3812 CVE-2015-3813 CVE-2015-3814 CVE-2015-7830 CVE-2015-8711 CVE-2015-8712 CVE-2015-8713 CVE-2015-8714 CVE-2015-8715 CVE-2015-8716 CVE-2015-8717 CVE-2015-8718 CVE-2015-8719 CVE-2015-8720 CVE-2015-8721 CVE-2015-8722 CVE-2015-8723 CVE-2015-8724 CVE-2015-8725 CVE-2015-8726 CVE-2015-8727 CVE-2015-8728 CVE-2015-8729 CVE-2015-8730 CVE-2015-8731 CVE-2015-8732 CVE-2015-8733 CVE-2016-2523 CVE-2016-2530 CVE-2016-2531 CVE-2016-2532 CVE-2016-5350 CVE-2016-5351 CVE-2016-5352 CVE-2016-5353 CVE-2016-5354 CVE-2016-5355 CVE-2016-5356 CVE-2016-5357 CVE-2016-5358 CVE-2016-5359 CVE-2016-6354 CVE-2016-6504 CVE-2016-6505 CVE-2016-6506 CVE-2016-6507 CVE-2016-6508 CVE-2016-6509 CVE-2016-6510 CVE-2016-6511 CVE-2016-7175 CVE-2016-7176 CVE-2016-7177 CVE-2016-7178 CVE-2016-7179 CVE-2016-7180 CVE-2016-9373 CVE-2016-9374 CVE-2016-9375 CVE-2016-9376 CVE-2017-11406 CVE-2017-11407 CVE-2017-11408 CVE-2017-11410 CVE-2017-11411 CVE-2017-13765 CVE-2017-13766 CVE-2017-13767 CVE-2017-15191 CVE-2017-15192 CVE-2017-15193 CVE-2017-17083 CVE-2017-17084 CVE-2017-17085 CVE-2017-17935 CVE-2017-17997 CVE-2017-5596 CVE-2017-5597 CVE-2017-5753 CVE-2017-6014 CVE-2017-7700 CVE-2017-7701 CVE-2017-7702 CVE-2017-7703 CVE-2017-7704 CVE-2017-7705 CVE-2017-7745 CVE-2017-7746 CVE-2017-7747 CVE-2017-7748 CVE-2017-9343 CVE-2017-9344 CVE-2017-9345 CVE-2017-9346 CVE-2017-9347 CVE-2017-9348 CVE-2017-9349 CVE-2017-9350 CVE-2017-9351 CVE-2017-9352 CVE-2017-9353 CVE-2017-9354 CVE-2017-9617 CVE-2017-9766 CVE-2018-11354 CVE-2018-11355 CVE-2018-11356 CVE-2018-11357 CVE-2018-11358 CVE-2018-11359 CVE-2018-11360 CVE-2018-11361 CVE-2018-11362 CVE-2018-14339 CVE-2018-14340 CVE-2018-14341 CVE-2018-14342 CVE-2018-14343 CVE-2018-14344 CVE-2018-14367 CVE-2018-14368 CVE-2018-14369 CVE-2018-14370 CVE-2018-16056 CVE-2018-16057 CVE-2018-16058 CVE-2018-5334 CVE-2018-5335 CVE-2018-5336 CVE-2018-7320 CVE-2018-7321 CVE-2018-7322 CVE-2018-7323 CVE-2018-7324 CVE-2018-7325 CVE-2018-7326 CVE-2018-7327 CVE-2018-7328 CVE-2018-7329 CVE-2018-7330 CVE-2018-7331 CVE-2018-7332 CVE-2018-7333 CVE-2018-7334 CVE-2018-7335 CVE-2018-7336 CVE-2018-7337 CVE-2018-7417 CVE-2018-7418 CVE-2018-7419 CVE-2018-7420 CVE-2018-7421 CVE-2018-9256 CVE-2018-9259 CVE-2018-9260 CVE-2018-9261 CVE-2018-9262 CVE-2018-9263 CVE-2018-9264 CVE-2018-9265 CVE-2018-9266 CVE-2018-9267 CVE-2018-9268 CVE-2018-9269 CVE-2018-9270 CVE-2018-9271 CVE-2018-9272 CVE-2018-9273 CVE-2018-9274 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libxcb-dri2-0-1.10-4.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-2064 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libxerces-c-3_1-3.1.1-12.3 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-1885 CVE-2015-0252 CVE-2016-0729 CVE-2016-2099 CVE-2016-4463 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libxml2-2-2.9.4-46.15.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2008-4225 CVE-2008-4226 CVE-2008-4409 CVE-2010-4494 CVE-2011-1944 CVE-2012-5134 CVE-2013-0338 CVE-2013-1969 CVE-2014-0191 CVE-2014-3660 CVE-2015-1819 CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942 CVE-2015-8035 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317 CVE-2015-8710 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-3627 CVE-2016-3705 CVE-2016-4483 CVE-2016-4658 CVE-2016-5131 CVE-2016-9318 CVE-2016-9597 CVE-2017-0663 CVE-2017-15412 CVE-2017-18258 CVE-2017-5130 CVE-2017-5969 CVE-2017-7375 CVE-2017-7376 CVE-2017-8872 CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050 CVE-2018-14404 CVE-2018-14567 CVE-2018-9251 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libxmltooling6-1.5.6-3.6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2018-0486 CVE-2018-0489 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libxslt-tools-1.1.28-16.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2015-7995 CVE-2015-9019 CVE-2016-4738 CVE-2017-5029 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libyaml-0-2-0.1.6-7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-6393 CVE-2014-2525 CVE-2014-9130 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libykcs11-1-1.5.0-3.16 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2018-14779 CVE-2018-14780 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libz1-1.2.11-1.27 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2016-9843 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libzip2-0.11.1-13.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-0421 CVE-2012-1162 CVE-2012-1163 CVE-2015-2331 CVE-2017-14107 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the libzypp-16.19.0-2.36.3 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2017-7435 CVE-2017-7436 CVE-2017-9269 CVE-2018-7685 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the logrotate-3.11.0-2.11.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-1098 CVE-2011-1154 CVE-2011-1155 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the logwatch-7.4.3-15.65 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-1018 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the mailman-2.1.17-1.18 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-0707 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the mailx-12.5-28.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2004-2771 CVE-2014-7844 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the mariadb-10.2.18-1.7 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2007-5970 CVE-2008-7247 CVE-2009-4019 CVE-2009-4028 CVE-2009-4030 CVE-2010-5298 CVE-2012-5615 CVE-2013-1976 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-2494 CVE-2014-3470 CVE-2014-4207 CVE-2014-4258 CVE-2014-4260 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6474 CVE-2014-6478 CVE-2014-6484 CVE-2014-6489 CVE-2014-6491 CVE-2014-6494 CVE-2014-6495 CVE-2014-6496 CVE-2014-6500 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 CVE-2014-6564 CVE-2014-6568 CVE-2014-8964 CVE-2015-0374 CVE-2015-0381 CVE-2015-0382 CVE-2015-0391 CVE-2015-0411 CVE-2015-0432 CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501 CVE-2015-0505 CVE-2015-2325 CVE-2015-2326 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573 CVE-2015-3152 CVE-2015-4792 CVE-2015-4802 CVE-2015-4807 CVE-2015-4815 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4870 CVE-2015-4913 CVE-2015-5969 CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616 CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0651 CVE-2016-0655 CVE-2016-0666 CVE-2016-0668 CVE-2016-2047 CVE-2016-3477 CVE-2016-3492 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440 CVE-2016-5584 CVE-2016-5624 CVE-2016-5626 CVE-2016-5629 CVE-2016-6662 CVE-2016-6663 CVE-2016-6664 CVE-2016-7440 CVE-2016-8283 CVE-2017-10268 CVE-2017-10320 CVE-2017-10365 CVE-2017-10378 CVE-2017-15365 CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3257 CVE-2017-3258 CVE-2017-3265 CVE-2017-3291 CVE-2017-3302 CVE-2017-3308 CVE-2017-3309 CVE-2017-3312 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 CVE-2018-2562 CVE-2018-2612 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 CVE-2018-2755 CVE-2018-2759 CVE-2018-2761 CVE-2018-2766 CVE-2018-2767 CVE-2018-2771 CVE-2018-2777 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2786 CVE-2018-2787 CVE-2018-2810 CVE-2018-2813 CVE-2018-2817 CVE-2018-2819 CVE-2018-3058 CVE-2018-3060 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the memcached-1.4.39-4.6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-1494 CVE-2011-4971 CVE-2013-0179 CVE-2013-7239 CVE-2013-7290 CVE-2013-7291 CVE-2016-8704 CVE-2016-8705 CVE-2016-8706 CVE-2017-9951 CVE-2018-1000115 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the minicom-2.7-3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2017-7467 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the mipv6d-2.0.2.umip.0.4-19.63 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2010-2522 CVE-2010-2523 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the mozilla-nspr-32bit-4.13.1-18.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-1545 CVE-2015-7183 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the mutt-1.10.1-55.6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-0467 CVE-2014-9116 CVE-2018-14349 CVE-2018-14350 CVE-2018-14351 CVE-2018-14352 CVE-2018-14353 CVE-2018-14354 CVE-2018-14355 CVE-2018-14356 CVE-2018-14357 CVE-2018-14358 CVE-2018-14359 CVE-2018-14360 CVE-2018-14361 CVE-2018-14362 CVE-2018-14363 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the ntp-4.2.8p12-64.8.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-0159 CVE-2009-1252 CVE-2013-5211 CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 CVE-2014-9297 CVE-2014-9298 CVE-2015-1798 CVE-2015-1799 CVE-2015-3405 CVE-2015-5219 CVE-2015-5300 CVE-2015-7691 CVE-2015-7692 CVE-2015-7701 CVE-2015-7702 CVE-2015-7703 CVE-2015-7704 CVE-2015-7705 CVE-2015-7848 CVE-2015-7849 CVE-2015-7850 CVE-2015-7851 CVE-2015-7852 CVE-2015-7853 CVE-2015-7854 CVE-2015-7855 CVE-2015-7871 CVE-2015-7973 CVE-2015-7974 CVE-2015-7975 CVE-2015-7976 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 CVE-2015-8138 CVE-2015-8139 CVE-2015-8140 CVE-2015-8158 CVE-2016-1547 CVE-2016-1548 CVE-2016-1549 CVE-2016-1550 CVE-2016-1551 CVE-2016-2516 CVE-2016-2517 CVE-2016-2518 CVE-2016-2519 CVE-2016-4953 CVE-2016-4954 CVE-2016-4955 CVE-2016-4956 CVE-2016-4957 CVE-2016-7426 CVE-2016-7427 CVE-2016-7428 CVE-2016-7429 CVE-2016-7431 CVE-2016-7433 CVE-2016-7434 CVE-2016-9042 CVE-2016-9310 CVE-2016-9311 CVE-2017-6451 CVE-2017-6458 CVE-2017-6460 CVE-2017-6462 CVE-2017-6463 CVE-2017-6464 CVE-2018-12327 CVE-2018-7170 CVE-2018-7182 CVE-2018-7183 CVE-2018-7184 CVE-2018-7185 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the opensc-0.13.0-1.107 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-0368 CVE-2010-4523 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the openslp-2.0.0-18.17.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2010-3609 CVE-2016-4912 CVE-2016-6354 CVE-2016-7567 CVE-2017-17833 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the openssh-7.2p2-74.25.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2008-1483 CVE-2014-2653 CVE-2015-5352 CVE-2015-5600 CVE-2015-6563 CVE-2015-6564 CVE-2015-8325 CVE-2016-0777 CVE-2016-0778 CVE-2016-10009 CVE-2016-10010 CVE-2016-10011 CVE-2016-10012 CVE-2016-10708 CVE-2016-1908 CVE-2016-3115 CVE-2016-6210 CVE-2016-6515 CVE-2016-8858 CVE-2017-15906 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the openvpn-2.3.8-16.20.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-8104 CVE-2016-6329 CVE-2017-12166 CVE-2017-7478 CVE-2017-7479 CVE-2017-7508 CVE-2017-7520 CVE-2017-7521 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the opie-2.4-724.56 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-2489 CVE-2011-2490 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the ovmf-2017+git1510945757.b2662641d5-2.18 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2018-0739 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the p7zip-9.20.1-7.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2015-1038 CVE-2016-1372 CVE-2016-2335 CVE-2017-17969 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the pam-1.1.8-24.14.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2010-3430 CVE-2010-3431 CVE-2010-3853 CVE-2011-3148 CVE-2011-3149 CVE-2014-2583 CVE-2015-3238 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the pam-modules-12.1-23.12 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-3172 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the pam_krb5-2.4.4-4.4 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2008-3825 CVE-2009-1384 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the pam_ssh-2.0-1.39 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-1273 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the pam_yubico-2.26-1.25 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2018-9275 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the patch-2.7.5-8.5.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2010-4651 CVE-2015-1196 CVE-2015-1395 CVE-2015-1396 CVE-2016-10713 CVE-2018-1000156 CVE-2018-6951 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the pcsc-ccid-1.4.25-4.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2010-4530 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the perl-32bit-5.18.2-12.17.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2010-2761 CVE-2010-4410 CVE-2010-4411 CVE-2010-4777 CVE-2015-8853 CVE-2016-1238 CVE-2016-2381 CVE-2016-6185 CVE-2017-12837 CVE-2017-12883 CVE-2017-6512 CVE-2018-12015 CVE-2018-6797 CVE-2018-6798 CVE-2018-6913 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the perl-Archive-Zip-1.34-3.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2018-10860 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the perl-Config-IniFiles-2.82-3.12 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2012-2451 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the perl-DBD-mysql-4.021-12.5.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2016-1246 CVE-2016-1249 CVE-2016-1251 CVE-2017-10788 CVE-2017-10789 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the perl-HTML-Parser-3.71-1.145 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-3627 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the perl-LWP-Protocol-https-6.04-5.4 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-3230 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the perl-Tk-804.031-3.76 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2006-4484 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the perl-XML-LibXML-2.0019-6.3.5 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2015-3451 CVE-2017-10672 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the perl-YAML-LibYAML-0.38-10.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2012-1152 CVE-2013-6393 CVE-2014-2525 CVE-2014-9130 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the pigz-2.3-5.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2015-1191 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the policycoreutils-2.5-10.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2016-7545 CVE-2018-1063 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the powerpc-utils-1.3.5-3.8 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-4040 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the ppc64-diag-2.7.4-1.18 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-4038 CVE-2014-4039 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the ppp-2.4.7-3.4 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-3158 CVE-2015-3310 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the procmail-3.22-269.3.5 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-3618 CVE-2017-16844 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the python-2.7.13-28.11.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-4238 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 CVE-2017-1000158 CVE-2017-18207 CVE-2018-1000030 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the python-PyYAML-3.12-26.6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-9130 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the python-cupshelpers-1.5.7-7.5 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-4405 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the python-doc-2.7.13-28.11.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2016-0772 CVE-2016-5636 CVE-2016-5699 CVE-2017-1000158 CVE-2017-18207 CVE-2018-1000030 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the python-imaging-1.1.7-21.15 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-1932 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the python-libxml2-2.9.4-46.15.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2008-4225 CVE-2008-4226 CVE-2008-4409 CVE-2012-5134 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-3627 CVE-2016-3705 CVE-2016-4483 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the python-pyOpenSSL-16.0.0-4.6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-4314 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the python-pywbem-0.7.0-4.3 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-6418 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the python-requests-2.11.1-6.28.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-1829 CVE-2014-1830 CVE-2015-2296 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the python3-3.4.6-25.16.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-4238 CVE-2014-4650 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 CVE-2017-18207 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the python3-requests-2.7.0-2.3 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-1829 CVE-2014-1830 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the qemu-2.11.2-4.14 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2008-0928 CVE-2008-1945 CVE-2008-2382 CVE-2008-4539 CVE-2012-3515 CVE-2013-4148 CVE-2013-4149 CVE-2013-4150 CVE-2013-4151 CVE-2013-4526 CVE-2013-4527 CVE-2013-4529 CVE-2013-4530 CVE-2013-4531 CVE-2013-4533 CVE-2013-4534 CVE-2013-4535 CVE-2013-4536 CVE-2013-4537 CVE-2013-4538 CVE-2013-4539 CVE-2013-4540 CVE-2013-4541 CVE-2013-4542 CVE-2013-4544 CVE-2013-6399 CVE-2014-0142 CVE-2014-0143 CVE-2014-0144 CVE-2014-0145 CVE-2014-0146 CVE-2014-0147 CVE-2014-0150 CVE-2014-0182 CVE-2014-0222 CVE-2014-0223 CVE-2014-3461 CVE-2014-3640 CVE-2014-7840 CVE-2014-8106 CVE-2015-1779 CVE-2015-3209 CVE-2015-3456 CVE-2015-4037 CVE-2015-5154 CVE-2015-5225 CVE-2015-5278 CVE-2015-5279 CVE-2015-5745 CVE-2015-6815 CVE-2015-6855 CVE-2015-7295 CVE-2015-7512 CVE-2015-7549 CVE-2015-8345 CVE-2015-8504 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2016-10028 CVE-2016-10155 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2198 CVE-2016-3710 CVE-2016-3712 CVE-2016-4002 CVE-2016-4020 CVE-2016-4439 CVE-2016-4441 CVE-2016-4453 CVE-2016-4454 CVE-2016-4952 CVE-2016-4964 CVE-2016-5105 CVE-2016-5106 CVE-2016-5107 CVE-2016-5126 CVE-2016-5238 CVE-2016-5337 CVE-2016-5338 CVE-2016-5403 CVE-2016-6351 CVE-2016-6490 CVE-2016-6833 CVE-2016-6836 CVE-2016-6888 CVE-2016-7116 CVE-2016-7155 CVE-2016-7156 CVE-2016-7157 CVE-2016-7161 CVE-2016-7170 CVE-2016-7421 CVE-2016-7422 CVE-2016-7423 CVE-2016-7466 CVE-2016-7907 CVE-2016-7908 CVE-2016-7909 CVE-2016-7994 CVE-2016-7995 CVE-2016-8576 CVE-2016-8577 CVE-2016-8578 CVE-2016-8667 CVE-2016-8668 CVE-2016-8669 CVE-2016-8909 CVE-2016-8910 CVE-2016-9101 CVE-2016-9102 CVE-2016-9103 CVE-2016-9104 CVE-2016-9105 CVE-2016-9106 CVE-2016-9381 CVE-2016-9602 CVE-2016-9776 CVE-2016-9845 CVE-2016-9846 CVE-2016-9907 CVE-2016-9908 CVE-2016-9911 CVE-2016-9912 CVE-2016-9913 CVE-2016-9921 CVE-2016-9922 CVE-2016-9923 CVE-2017-10664 CVE-2017-10806 CVE-2017-10911 CVE-2017-11334 CVE-2017-11434 CVE-2017-12809 CVE-2017-13672 CVE-2017-13711 CVE-2017-14167 CVE-2017-15038 CVE-2017-15119 CVE-2017-15124 CVE-2017-15268 CVE-2017-15289 CVE-2017-16845 CVE-2017-17381 CVE-2017-18043 CVE-2017-2615 CVE-2017-2620 CVE-2017-2630 CVE-2017-2633 CVE-2017-5525 CVE-2017-5526 CVE-2017-5552 CVE-2017-5578 CVE-2017-5579 CVE-2017-5667 CVE-2017-5715 CVE-2017-5856 CVE-2017-5857 CVE-2017-5898 CVE-2017-5931 CVE-2017-5973 CVE-2017-5987 CVE-2017-6058 CVE-2017-6505 CVE-2017-7471 CVE-2017-7493 CVE-2017-8112 CVE-2017-8309 CVE-2017-8379 CVE-2017-8380 CVE-2017-9503 CVE-2017-9524 CVE-2018-11806 CVE-2018-12617 CVE-2018-3639 CVE-2018-5683 CVE-2018-7550 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the radvd-1.9.7-2.12 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-3602 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the res-signingkeys-3.0.38-52.26.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-3566 CVE-2018-12470 CVE-2018-12471 CVE-2018-12472 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the rpcbind-0.2.3-23.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2015-7236 CVE-2017-8779 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the rpm-32bit-4.11.2-16.16.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-6435 CVE-2014-8118 CVE-2017-7500 CVE-2017-7501 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the rrdtool-1.4.7-20.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-2131 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the rsync-3.1.0-13.13.3 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-1097 CVE-2014-2855 CVE-2014-8242 CVE-2014-9512 CVE-2017-16548 CVE-2017-17433 CVE-2017-17434 CVE-2018-5764 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the rsyslog-8.24.0-3.16.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-3200 CVE-2013-4758 CVE-2013-6370 CVE-2013-6371 CVE-2014-3634 CVE-2014-3683 CVE-2015-3243 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the rtkit-0.11_git201205151338-8.14 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-4326 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the ruby-2.1-1.4 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-4492 CVE-2010-0541 CVE-2011-1004 CVE-2011-1005 CVE-2011-4815 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the rzsz-0.12.21~rc-1001.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2018-10195 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the sane-backends-1.0.24-3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2017-6318 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the sblim-sfcb-1.4.8-17.3.4 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2015-5185 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the shadow-4.2.1-27.19.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2016-6252 CVE-2017-12424 CVE-2018-7169 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the shim-0.9-23.14 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-3675 CVE-2014-3676 CVE-2014-3677 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the socat-1.7.2.4-3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-3571 CVE-2014-0019 CVE-2015-4000 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the spice-vdagent-0.16.0-8.5.15 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2017-15108 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the squashfs-4.3-6.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2012-4024 CVE-2012-4025 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the squid-3.5.21-26.9.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2012-5643 CVE-2014-7141 CVE-2014-7142 CVE-2014-9749 CVE-2015-5400 CVE-2016-10002 CVE-2016-10003 CVE-2016-2390 CVE-2016-2569 CVE-2016-2570 CVE-2016-2571 CVE-2016-2572 CVE-2016-3947 CVE-2016-3948 CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 CVE-2016-4553 CVE-2016-4554 CVE-2016-4555 CVE-2016-4556 CVE-2018-1000024 CVE-2018-1000027 CVE-2018-1172 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the squidGuard-1.4-30.6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-3700 CVE-2009-3826 CVE-2015-8936 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the strongswan-5.1.3-26.5.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-0790 CVE-2012-2388 CVE-2013-2944 CVE-2013-5018 CVE-2013-6075 CVE-2013-6076 CVE-2014-2338 CVE-2014-9221 CVE-2015-4171 CVE-2015-8023 CVE-2017-11185 CVE-2017-9022 CVE-2017-9023 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the stunnel-5.00-4.3.4 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-1762 CVE-2014-0016 CVE-2015-3644 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the sudo-1.8.20p2-3.7.10 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2010-1163 CVE-2010-1646 CVE-2011-0010 CVE-2012-2337 CVE-2013-1775 CVE-2013-1776 CVE-2014-9680 CVE-2016-7032 CVE-2016-7076 CVE-2017-1000367 CVE-2017-1000368 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the supportutils-3.0-95.18.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2016-1602 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the sysconfig-0.84.0-13.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-4182 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the syslog-service-2.0-778.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-3634 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the systemtap-3.0-15.13 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2009-2911 CVE-2009-4273 CVE-2010-0411 CVE-2010-0412 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the sysvinit-tools-2.88+-99.15 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-2483 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the tar-1.27.1-15.3.7 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2010-0624 CVE-2016-6321 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the tboot-20170711_1.9.7-1.10 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2017-16837 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the tcpdump-4.9.2-14.5.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-8767 CVE-2014-8768 CVE-2014-8769 CVE-2014-9140 CVE-2015-0261 CVE-2015-2153 CVE-2015-2154 CVE-2015-2155 CVE-2015-3138 CVE-2016-7922 CVE-2016-7923 CVE-2016-7924 CVE-2016-7925 CVE-2016-7926 CVE-2016-7927 CVE-2016-7928 CVE-2016-7929 CVE-2016-7930 CVE-2016-7931 CVE-2016-7932 CVE-2016-7933 CVE-2016-7934 CVE-2016-7935 CVE-2016-7936 CVE-2016-7937 CVE-2016-7938 CVE-2016-7939 CVE-2016-7940 CVE-2016-7973 CVE-2016-7974 CVE-2016-7975 CVE-2016-7983 CVE-2016-7984 CVE-2016-7985 CVE-2016-7986 CVE-2016-7992 CVE-2016-7993 CVE-2016-8574 CVE-2016-8575 CVE-2017-11108 CVE-2017-11541 CVE-2017-11542 CVE-2017-11543 CVE-2017-12893 CVE-2017-12894 CVE-2017-12895 CVE-2017-12896 CVE-2017-12897 CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901 CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987 CVE-2017-12988 CVE-2017-12989 CVE-2017-12990 CVE-2017-12991 CVE-2017-12992 CVE-2017-12993 CVE-2017-12994 CVE-2017-12995 CVE-2017-12996 CVE-2017-12997 CVE-2017-12998 CVE-2017-12999 CVE-2017-13000 CVE-2017-13001 CVE-2017-13002 CVE-2017-13003 CVE-2017-13004 CVE-2017-13005 CVE-2017-13006 CVE-2017-13007 CVE-2017-13008 CVE-2017-13009 CVE-2017-13010 CVE-2017-13011 CVE-2017-13012 CVE-2017-13013 CVE-2017-13014 CVE-2017-13015 CVE-2017-13016 CVE-2017-13017 CVE-2017-13018 CVE-2017-13019 CVE-2017-13020 CVE-2017-13021 CVE-2017-13022 CVE-2017-13023 CVE-2017-13024 CVE-2017-13025 CVE-2017-13026 CVE-2017-13027 CVE-2017-13028 CVE-2017-13029 CVE-2017-13030 CVE-2017-13031 CVE-2017-13032 CVE-2017-13033 CVE-2017-13034 CVE-2017-13035 CVE-2017-13036 CVE-2017-13037 CVE-2017-13038 CVE-2017-13039 CVE-2017-13040 CVE-2017-13041 CVE-2017-13042 CVE-2017-13043 CVE-2017-13044 CVE-2017-13045 CVE-2017-13046 CVE-2017-13047 CVE-2017-13048 CVE-2017-13049 CVE-2017-13050 CVE-2017-13051 CVE-2017-13052 CVE-2017-13053 CVE-2017-13054 CVE-2017-13055 CVE-2017-13687 CVE-2017-13688 CVE-2017-13689 CVE-2017-13690 CVE-2017-13725 CVE-2017-5202 CVE-2017-5203 CVE-2017-5204 CVE-2017-5205 CVE-2017-5341 CVE-2017-5342 CVE-2017-5482 CVE-2017-5483 CVE-2017-5484 CVE-2017-5485 CVE-2017-5486 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the tftp-5.2-11.6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-2199 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the tomcat-9.0.12-1.7 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-1976 CVE-2014-0050 CVE-2015-5174 CVE-2015-5345 CVE-2015-5346 CVE-2015-5351 CVE-2016-0706 CVE-2016-0714 CVE-2016-0762 CVE-2016-0763 CVE-2016-3092 CVE-2016-5018 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 CVE-2016-6816 CVE-2016-8735 CVE-2016-8745 CVE-2017-12617 CVE-2017-15706 CVE-2017-5647 CVE-2017-5648 CVE-2017-5664 CVE-2017-7674 CVE-2018-11784 CVE-2018-1304 CVE-2018-1305 CVE-2018-1336 CVE-2018-8014 CVE-2018-8034 CVE-2018-8037 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the tpm2.0-tools-3.1.1-1.16 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2017-7524 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the transfig-3.2.5e-2.3.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2017-16899 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the ucode-intel-20180807a-13.35.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2017-5715 CVE-2018-3639 CVE-2018-3640 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the unixODBC-2.3.6-7.9.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-1145 CVE-2018-7409 CVE-2018-7485 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the unrar-5.0.14-3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2012-6706 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the unzip-6.00-33.8.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-8139 CVE-2014-8140 CVE-2014-8141 CVE-2014-9636 CVE-2014-9913 CVE-2015-7696 CVE-2015-7697 CVE-2016-9844 CVE-2018-1000035 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the update-alternatives-1.18.4-14.216 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2015-0840 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the vino-3.20.2-5.8 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-0904 CVE-2011-0905 CVE-2011-1164 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the vorbis-tools-1.4.0-26.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2008-1686 CVE-2014-9638 CVE-2014-9639 CVE-2014-9640 CVE-2015-6749 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the vsftpd-3.0.2-40.11.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2015-1419 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the w3m-0.5.3.git20161120-160.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2010-2074 CVE-2012-4929 CVE-2016-9434 CVE-2016-9435 CVE-2016-9436 CVE-2016-9437 CVE-2016-9438 CVE-2016-9439 CVE-2016-9440 CVE-2016-9441 CVE-2016-9442 CVE-2016-9443 CVE-2016-9621 CVE-2016-9622 CVE-2016-9623 CVE-2016-9624 CVE-2016-9625 CVE-2016-9626 CVE-2016-9627 CVE-2016-9628 CVE-2016-9629 CVE-2016-9630 CVE-2016-9631 CVE-2016-9632 CVE-2016-9633 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the wget-1.14-21.7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2010-2252 CVE-2012-4929 CVE-2014-4877 CVE-2015-2059 CVE-2016-4971 CVE-2016-7098 CVE-2017-13089 CVE-2017-13090 CVE-2017-6508 CVE-2018-0494 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the wpa_supplicant-2.2-15.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-3686 CVE-2015-0210 CVE-2015-1863 CVE-2015-4141 CVE-2015-4142 CVE-2015-4143 CVE-2015-5130 CVE-2015-5310 CVE-2015-8041 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13087 CVE-2017-13088 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the xalan-j2-2.7.0-264.133 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-0107 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the xdg-utils-20140630-6.3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-9622 CVE-2017-18266 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the xen-4.11.0_08-1.11 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-1898 CVE-2012-0029 CVE-2012-0217 CVE-2012-2625 CVE-2012-3432 CVE-2012-3433 CVE-2012-4411 CVE-2012-4535 CVE-2012-4536 CVE-2012-4537 CVE-2012-4538 CVE-2012-4539 CVE-2012-4544 CVE-2012-5510 CVE-2012-5511 CVE-2012-5513 CVE-2012-5514 CVE-2012-5515 CVE-2012-5525 CVE-2012-5634 CVE-2012-6075 CVE-2013-0151 CVE-2013-0152 CVE-2013-0153 CVE-2013-1442 CVE-2013-1917 CVE-2013-1918 CVE-2013-1919 CVE-2013-1922 CVE-2013-1952 CVE-2013-2007 CVE-2013-3495 CVE-2013-4355 CVE-2013-4356 CVE-2013-4361 CVE-2013-4375 CVE-2013-4416 CVE-2013-4494 CVE-2013-4533 CVE-2013-4534 CVE-2013-4537 CVE-2013-4538 CVE-2013-4539 CVE-2013-4540 CVE-2013-4551 CVE-2013-4553 CVE-2013-4554 CVE-2014-0222 CVE-2014-3124 CVE-2014-3640 CVE-2014-3672 CVE-2014-5146 CVE-2014-5149 CVE-2014-6268 CVE-2014-7154 CVE-2014-7155 CVE-2014-7156 CVE-2014-7188 CVE-2014-7815 CVE-2015-1779 CVE-2015-3259 CVE-2015-3340 CVE-2015-3456 CVE-2015-4037 CVE-2015-4103 CVE-2015-4104 CVE-2015-4105 CVE-2015-4106 CVE-2015-5154 CVE-2015-5239 CVE-2015-5278 CVE-2015-5307 CVE-2015-6815 CVE-2015-6855 CVE-2015-7311 CVE-2015-7504 CVE-2015-7512 CVE-2015-7549 CVE-2015-7835 CVE-2015-7969 CVE-2015-7970 CVE-2015-7971 CVE-2015-7972 CVE-2015-8104 CVE-2015-8339 CVE-2015-8340 CVE-2015-8341 CVE-2015-8345 CVE-2015-8504 CVE-2015-8550 CVE-2015-8554 CVE-2015-8555 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8615 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2016-10013 CVE-2016-10024 CVE-2016-10025 CVE-2016-1568 CVE-2016-1570 CVE-2016-1571 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2198 CVE-2016-2270 CVE-2016-2271 CVE-2016-2391 CVE-2016-2392 CVE-2016-2538 CVE-2016-2841 CVE-2016-4439 CVE-2016-4441 CVE-2016-5238 CVE-2016-5338 CVE-2016-6258 CVE-2016-6259 CVE-2016-6351 CVE-2016-7092 CVE-2016-7093 CVE-2016-7094 CVE-2016-7777 CVE-2016-7908 CVE-2016-7909 CVE-2016-8667 CVE-2016-8669 CVE-2016-8910 CVE-2016-9377 CVE-2016-9378 CVE-2016-9379 CVE-2016-9380 CVE-2016-9381 CVE-2016-9382 CVE-2016-9383 CVE-2016-9384 CVE-2016-9385 CVE-2016-9386 CVE-2016-9637 CVE-2016-9921 CVE-2016-9922 CVE-2016-9932 CVE-2017-10664 CVE-2017-11434 CVE-2017-12135 CVE-2017-12136 CVE-2017-12137 CVE-2017-12855 CVE-2017-14316 CVE-2017-14317 CVE-2017-14318 CVE-2017-14319 CVE-2017-15289 CVE-2017-15588 CVE-2017-15589 CVE-2017-15590 CVE-2017-15591 CVE-2017-15592 CVE-2017-15593 CVE-2017-15594 CVE-2017-15595 CVE-2017-15597 CVE-2017-17563 CVE-2017-17564 CVE-2017-17565 CVE-2017-17566 CVE-2017-18030 CVE-2017-2615 CVE-2017-2620 CVE-2017-5526 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2017-6505 CVE-2017-8309 CVE-2017-9330 CVE-2018-10471 CVE-2018-10472 CVE-2018-10981 CVE-2018-10982 CVE-2018-11806 CVE-2018-12891 CVE-2018-12892 CVE-2018-12893 CVE-2018-15469 CVE-2018-15470 CVE-2018-3639 CVE-2018-3646 CVE-2018-3665 CVE-2018-5683 CVE-2018-7540 CVE-2018-7541 CVE-2018-7542 CVE-2018-8897 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the xf86-video-intel-2.99.917+git781.c8990575-1.27 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-4910 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the xfsprogs-4.15.0-1.12 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2012-2150 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the xinetd-2.3.15-8.8.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2012-0862 CVE-2013-4342 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the xlockmore-5.43-5.30 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2013-4143 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the xorg-x11-7.6_1-14.17 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-0465 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the xorg-x11-libs-7.6-45.14 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-2895 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the xorg-x11-server-1.19.6-2.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2010-2240 CVE-2013-1940 CVE-2013-4396 CVE-2013-6424 CVE-2014-8091 CVE-2014-8092 CVE-2014-8093 CVE-2014-8094 CVE-2014-8095 CVE-2014-8096 CVE-2014-8097 CVE-2014-8098 CVE-2014-8099 CVE-2014-8100 CVE-2014-8101 CVE-2014-8102 CVE-2014-8103 CVE-2015-0255 CVE-2015-3164 CVE-2015-3418 CVE-2017-12176 CVE-2017-12183 CVE-2017-12187 CVE-2017-13721 CVE-2017-13723 CVE-2017-2624 CVE-2018-14665 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the xscreensaver-5.22-7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2015-8025 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the yast2-3.2.48-3.29.20 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-3177 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the yast2-core-3.3.1-1.7 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2011-2483 CVE-2011-3177 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the yast2-users-3.2.17-1.5 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2016-1601 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the yubikey-manager-0.6.0-1.27 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2017-15631 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the zoo-2.10-1020.56 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2006-0855 CVE-2007-1669 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the zsh-5.0.5-6.7.2 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2014-10070 CVE-2014-10071 CVE-2014-10072 CVE-2016-10714 CVE-2017-18205 CVE-2018-1071 CVE-2018-1083 CVE-2018-7549 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Server 12 SP4 These are all security issues fixed in the zypper-1.13.45-21.23.4 package on the GA media of SUSE Linux Enterprise Server 12 SP4. Moderate CVE-2017-7436 CVE-2017-9269 cpe:/o:suse:sles:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the DirectFB-devel-1.7.1-6.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2014-2977 CVE-2014-2978 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the FastCGI-2.4.0-168.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2011-2766 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the ImageMagick-6.8.8.1-71.85.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2012-0247 CVE-2012-0248 CVE-2012-1185 CVE-2012-1186 CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716 CVE-2014-9805 CVE-2014-9806 CVE-2014-9807 CVE-2014-9808 CVE-2014-9809 CVE-2014-9810 CVE-2014-9811 CVE-2014-9812 CVE-2014-9813 CVE-2014-9814 CVE-2014-9815 CVE-2014-9816 CVE-2014-9817 CVE-2014-9818 CVE-2014-9819 CVE-2014-9820 CVE-2014-9821 CVE-2014-9822 CVE-2014-9823 CVE-2014-9824 CVE-2014-9825 CVE-2014-9826 CVE-2014-9828 CVE-2014-9829 CVE-2014-9830 CVE-2014-9831 CVE-2014-9832 CVE-2014-9833 CVE-2014-9834 CVE-2014-9835 CVE-2014-9836 CVE-2014-9837 CVE-2014-9838 CVE-2014-9839 CVE-2014-9840 CVE-2014-9841 CVE-2014-9842 CVE-2014-9843 CVE-2014-9844 CVE-2014-9845 CVE-2014-9846 CVE-2014-9847 CVE-2014-9848 CVE-2014-9849 CVE-2014-9850 CVE-2014-9851 CVE-2014-9852 CVE-2014-9853 CVE-2014-9854 CVE-2014-9907 CVE-2015-8894 CVE-2015-8895 CVE-2015-8896 CVE-2015-8897 CVE-2015-8898 CVE-2015-8900 CVE-2015-8901 CVE-2015-8902 CVE-2015-8903 CVE-2015-8957 CVE-2015-8958 CVE-2015-8959 CVE-2016-10046 CVE-2016-10048 CVE-2016-10049 CVE-2016-10050 CVE-2016-10051 CVE-2016-10052 CVE-2016-10059 CVE-2016-10060 CVE-2016-10061 CVE-2016-10062 CVE-2016-10063 CVE-2016-10064 CVE-2016-10065 CVE-2016-10068 CVE-2016-10069 CVE-2016-10070 CVE-2016-10071 CVE-2016-10144 CVE-2016-10145 CVE-2016-10146 CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 CVE-2016-4562 CVE-2016-4563 CVE-2016-4564 CVE-2016-5010 CVE-2016-5118 CVE-2016-5687 CVE-2016-5688 CVE-2016-5689 CVE-2016-5690 CVE-2016-5691 CVE-2016-5841 CVE-2016-5842 CVE-2016-6491 CVE-2016-6520 CVE-2016-6823 CVE-2016-7101 CVE-2016-7513 CVE-2016-7514 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7520 CVE-2016-7521 CVE-2016-7522 CVE-2016-7523 CVE-2016-7524 CVE-2016-7525 CVE-2016-7526 CVE-2016-7527 CVE-2016-7528 CVE-2016-7529 CVE-2016-7530 CVE-2016-7531 CVE-2016-7532 CVE-2016-7533 CVE-2016-7534 CVE-2016-7535 CVE-2016-7537 CVE-2016-7538 CVE-2016-7539 CVE-2016-7540 CVE-2016-7799 CVE-2016-7800 CVE-2016-7996 CVE-2016-7997 CVE-2016-8677 CVE-2016-8682 CVE-2016-8683 CVE-2016-8684 CVE-2016-8707 CVE-2016-8862 CVE-2016-8866 CVE-2016-9556 CVE-2016-9559 CVE-2016-9773 CVE-2017-1000445 CVE-2017-1000476 CVE-2017-10800 CVE-2017-10928 CVE-2017-10995 CVE-2017-11141 CVE-2017-11166 CVE-2017-11170 CVE-2017-11188 CVE-2017-11403 CVE-2017-11446 CVE-2017-11448 CVE-2017-11449 CVE-2017-11450 CVE-2017-11478 CVE-2017-11505 CVE-2017-11523 CVE-2017-11524 CVE-2017-11525 CVE-2017-11526 CVE-2017-11527 CVE-2017-11528 CVE-2017-11529 CVE-2017-11530 CVE-2017-11531 CVE-2017-11532 CVE-2017-11533 CVE-2017-11534 CVE-2017-11535 CVE-2017-11537 CVE-2017-11539 CVE-2017-11638 CVE-2017-11639 CVE-2017-11640 CVE-2017-11642 CVE-2017-11644 CVE-2017-11724 CVE-2017-11750 CVE-2017-11751 CVE-2017-11752 CVE-2017-12140 CVE-2017-12418 CVE-2017-12427 CVE-2017-12428 CVE-2017-12429 CVE-2017-12430 CVE-2017-12431 CVE-2017-12432 CVE-2017-12433 CVE-2017-12434 CVE-2017-12435 CVE-2017-12563 CVE-2017-12564 CVE-2017-12565 CVE-2017-12566 CVE-2017-12587 CVE-2017-12640 CVE-2017-12641 CVE-2017-12642 CVE-2017-12643 CVE-2017-12644 CVE-2017-12654 CVE-2017-12662 CVE-2017-12663 CVE-2017-12664 CVE-2017-12665 CVE-2017-12667 CVE-2017-12668 CVE-2017-12669 CVE-2017-12670 CVE-2017-12671 CVE-2017-12672 CVE-2017-12673 CVE-2017-12674 CVE-2017-12675 CVE-2017-12676 CVE-2017-12691 CVE-2017-12692 CVE-2017-12693 CVE-2017-12935 CVE-2017-12983 CVE-2017-13058 CVE-2017-13059 CVE-2017-13060 CVE-2017-13061 CVE-2017-13062 CVE-2017-13131 CVE-2017-13133 CVE-2017-13134 CVE-2017-13139 CVE-2017-13141 CVE-2017-13142 CVE-2017-13146 CVE-2017-13147 CVE-2017-13648 CVE-2017-13658 CVE-2017-13758 CVE-2017-13768 CVE-2017-13769 CVE-2017-14042 CVE-2017-14060 CVE-2017-14103 CVE-2017-14138 CVE-2017-14139 CVE-2017-14172 CVE-2017-14173 CVE-2017-14174 CVE-2017-14175 CVE-2017-14224 CVE-2017-14249 CVE-2017-14314 CVE-2017-14325 CVE-2017-14326 CVE-2017-14341 CVE-2017-14342 CVE-2017-14343 CVE-2017-14505 CVE-2017-14531 CVE-2017-14533 CVE-2017-14607 CVE-2017-14649 CVE-2017-14682 CVE-2017-14733 CVE-2017-14739 CVE-2017-14989 CVE-2017-14997 CVE-2017-15016 CVE-2017-15017 CVE-2017-15033 CVE-2017-15217 CVE-2017-15218 CVE-2017-15277 CVE-2017-15281 CVE-2017-15930 CVE-2017-16352 CVE-2017-16353 CVE-2017-16545 CVE-2017-16546 CVE-2017-16669 CVE-2017-17504 CVE-2017-17680 CVE-2017-17681 CVE-2017-17682 CVE-2017-17879 CVE-2017-17881 CVE-2017-17882 CVE-2017-17884 CVE-2017-17885 CVE-2017-17887 CVE-2017-17914 CVE-2017-17934 CVE-2017-18008 CVE-2017-18022 CVE-2017-18027 CVE-2017-18028 CVE-2017-18029 CVE-2017-18209 CVE-2017-18211 CVE-2017-18250 CVE-2017-18251 CVE-2017-18252 CVE-2017-18254 CVE-2017-18271 CVE-2017-5506 CVE-2017-5507 CVE-2017-5508 CVE-2017-5510 CVE-2017-5511 CVE-2017-6502 CVE-2017-7606 CVE-2017-7941 CVE-2017-7942 CVE-2017-7943 CVE-2017-8343 CVE-2017-8344 CVE-2017-8345 CVE-2017-8346 CVE-2017-8347 CVE-2017-8348 CVE-2017-8349 CVE-2017-8350 CVE-2017-8351 CVE-2017-8352 CVE-2017-8353 CVE-2017-8354 CVE-2017-8355 CVE-2017-8356 CVE-2017-8357 CVE-2017-8765 CVE-2017-8830 CVE-2017-9098 CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 CVE-2017-9144 CVE-2017-9261 CVE-2017-9262 CVE-2017-9405 CVE-2017-9407 CVE-2017-9409 CVE-2017-9439 CVE-2017-9440 CVE-2017-9500 CVE-2017-9501 CVE-2018-10177 CVE-2018-10804 CVE-2018-10805 CVE-2018-11251 CVE-2018-11655 CVE-2018-11656 CVE-2018-12599 CVE-2018-12600 CVE-2018-14434 CVE-2018-14435 CVE-2018-14436 CVE-2018-14437 CVE-2018-16323 CVE-2018-16329 CVE-2018-16413 CVE-2018-16640 CVE-2018-16642 CVE-2018-16643 CVE-2018-16644 CVE-2018-16645 CVE-2018-16749 CVE-2018-16750 CVE-2018-17965 CVE-2018-17966 CVE-2018-18016 CVE-2018-18024 CVE-2018-5246 CVE-2018-5247 CVE-2018-5357 CVE-2018-5685 CVE-2018-6405 CVE-2018-7443 CVE-2018-7470 CVE-2018-8804 CVE-2018-8960 CVE-2018-9018 CVE-2018-9133 CVE-2018-9135 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the LibVNCServer-devel-0.9.9-17.5.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2014-6051 CVE-2014-6052 CVE-2014-6053 CVE-2014-6054 CVE-2014-6055 CVE-2016-9941 CVE-2016-9942 CVE-2018-7225 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the MozillaFirefox-devel-52.9.0esr-109.38.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2008-5913 CVE-2009-0040 CVE-2009-0652 CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0775 CVE-2009-0776 CVE-2009-0777 CVE-2009-1044 CVE-2009-1169 CVE-2009-1302 CVE-2009-1303 CVE-2009-1304 CVE-2009-1305 CVE-2009-1306 CVE-2009-1307 CVE-2009-1308 CVE-2009-1309 CVE-2009-1310 CVE-2009-1311 CVE-2009-1312 CVE-2009-1313 CVE-2009-1563 CVE-2009-2470 CVE-2009-2654 CVE-2009-3069 CVE-2009-3070 CVE-2009-3071 CVE-2009-3072 CVE-2009-3073 CVE-2009-3074 CVE-2009-3075 CVE-2009-3077 CVE-2009-3078 CVE-2009-3079 CVE-2009-3274 CVE-2009-3370 CVE-2009-3371 CVE-2009-3372 CVE-2009-3373 CVE-2009-3374 CVE-2009-3375 CVE-2009-3376 CVE-2009-3377 CVE-2009-3378 CVE-2009-3379 CVE-2009-3380 CVE-2009-3381 CVE-2009-3383 CVE-2009-3388 CVE-2009-3389 CVE-2009-3555 CVE-2009-3979 CVE-2009-3980 CVE-2009-3982 CVE-2009-3983 CVE-2009-3984 CVE-2009-3985 CVE-2010-0164 CVE-2010-0165 CVE-2010-0166 CVE-2010-0167 CVE-2010-0168 CVE-2010-0169 CVE-2010-0170 CVE-2010-0171 CVE-2010-0172 CVE-2010-0173 CVE-2010-0174 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0181 CVE-2010-0182 CVE-2010-0654 CVE-2010-1028 CVE-2010-1121 CVE-2010-1125 CVE-2010-1196 CVE-2010-1197 CVE-2010-1198 CVE-2010-1199 CVE-2010-1200 CVE-2010-1201 CVE-2010-1202 CVE-2010-1203 CVE-2010-1205 CVE-2010-1206 CVE-2010-1207 CVE-2010-1208 CVE-2010-1209 CVE-2010-1210 CVE-2010-1211 CVE-2010-1212 CVE-2010-1213 CVE-2010-1214 CVE-2010-1215 CVE-2010-2751 CVE-2010-2752 CVE-2010-2753 CVE-2010-2754 CVE-2010-2755 CVE-2010-2760 CVE-2010-2762 CVE-2010-2764 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3166 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 CVE-2010-3170 CVE-2010-3173 CVE-2010-3174 CVE-2010-3175 CVE-2010-3176 CVE-2010-3177 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3182 CVE-2010-3183 CVE-2010-3765 CVE-2011-0068 CVE-2011-0069 CVE-2011-0070 CVE-2011-0079 CVE-2011-0080 CVE-2011-0081 CVE-2011-0084 CVE-2011-1187 CVE-2011-1202 CVE-2011-2366 CVE-2011-2367 CVE-2011-2368 CVE-2011-2369 CVE-2011-2370 CVE-2011-2371 CVE-2011-2372 CVE-2011-2373 CVE-2011-2374 CVE-2011-2375 CVE-2011-2377 CVE-2011-2985 CVE-2011-2986 CVE-2011-2988 CVE-2011-2989 CVE-2011-2990 CVE-2011-2991 CVE-2011-2992 CVE-2011-2993 CVE-2011-2995 CVE-2011-2996 CVE-2011-2997 CVE-2011-3000 CVE-2011-3001 CVE-2011-3002 CVE-2011-3003 CVE-2011-3004 CVE-2011-3005 CVE-2011-3026 CVE-2011-3062 CVE-2011-3101 CVE-2011-3232 CVE-2011-3648 CVE-2011-3650 CVE-2011-3651 CVE-2011-3652 CVE-2011-3654 CVE-2011-3655 CVE-2011-3658 CVE-2011-3659 CVE-2011-3660 CVE-2011-3661 CVE-2011-3663 CVE-2012-0441 CVE-2012-0442 CVE-2012-0443 CVE-2012-0444 CVE-2012-0445 CVE-2012-0446 CVE-2012-0447 CVE-2012-0449 CVE-2012-0451 CVE-2012-0452 CVE-2012-0455 CVE-2012-0456 CVE-2012-0457 CVE-2012-0458 CVE-2012-0459 CVE-2012-0460 CVE-2012-0461 CVE-2012-0462 CVE-2012-0463 CVE-2012-0464 CVE-2012-0467 CVE-2012-0468 CVE-2012-0469 CVE-2012-0470 CVE-2012-0471 CVE-2012-0472 CVE-2012-0473 CVE-2012-0474 CVE-2012-0475 CVE-2012-0477 CVE-2012-0478 CVE-2012-0479 CVE-2012-0759 CVE-2012-1937 CVE-2012-1938 CVE-2012-1940 CVE-2012-1941 CVE-2012-1944 CVE-2012-1945 CVE-2012-1946 CVE-2012-1947 CVE-2012-1948 CVE-2012-1949 CVE-2012-1950 CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 CVE-2012-1955 CVE-2012-1956 CVE-2012-1957 CVE-2012-1958 CVE-2012-1959 CVE-2012-1960 CVE-2012-1961 CVE-2012-1962 CVE-2012-1963 CVE-2012-1965 CVE-2012-1966 CVE-2012-1967 CVE-2012-1970 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3956 CVE-2012-3957 CVE-2012-3958 CVE-2012-3959 CVE-2012-3960 CVE-2012-3961 CVE-2012-3962 CVE-2012-3963 CVE-2012-3964 CVE-2012-3965 CVE-2012-3966 CVE-2012-3967 CVE-2012-3968 CVE-2012-3969 CVE-2012-3970 CVE-2012-3971 CVE-2012-3972 CVE-2012-3973 CVE-2012-3975 CVE-2012-3976 CVE-2012-3978 CVE-2012-3980 CVE-2012-3982 CVE-2012-3983 CVE-2012-3984 CVE-2012-3985 CVE-2012-3986 CVE-2012-3988 CVE-2012-3989 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 CVE-2012-4191 CVE-2012-4192 CVE-2012-4193 CVE-2012-4194 CVE-2012-4195 CVE-2012-4196 CVE-2012-4201 CVE-2012-4202 CVE-2012-4203 CVE-2012-4204 CVE-2012-4205 CVE-2012-4207 CVE-2012-4208 CVE-2012-4209 CVE-2012-4210 CVE-2012-4212 CVE-2012-4213 CVE-2012-4214 CVE-2012-4215 CVE-2012-4216 CVE-2012-4217 CVE-2012-4218 CVE-2012-5829 CVE-2012-5830 CVE-2012-5833 CVE-2012-5835 CVE-2012-5836 CVE-2012-5837 CVE-2012-5838 CVE-2012-5839 CVE-2012-5840 CVE-2012-5841 CVE-2012-5842 CVE-2012-5843 CVE-2013-0743 CVE-2013-0744 CVE-2013-0745 CVE-2013-0746 CVE-2013-0747 CVE-2013-0748 CVE-2013-0749 CVE-2013-0750 CVE-2013-0751 CVE-2013-0752 CVE-2013-0753 CVE-2013-0754 CVE-2013-0755 CVE-2013-0756 CVE-2013-0757 CVE-2013-0758 CVE-2013-0760 CVE-2013-0761 CVE-2013-0762 CVE-2013-0763 CVE-2013-0764 CVE-2013-0765 CVE-2013-0766 CVE-2013-0767 CVE-2013-0768 CVE-2013-0769 CVE-2013-0770 CVE-2013-0771 CVE-2013-0772 CVE-2013-0773 CVE-2013-0774 CVE-2013-0775 CVE-2013-0776 CVE-2013-0777 CVE-2013-0778 CVE-2013-0779 CVE-2013-0780 CVE-2013-0781 CVE-2013-0782 CVE-2013-0783 CVE-2013-0787 CVE-2013-0788 CVE-2013-0789 CVE-2013-0792 CVE-2013-0793 CVE-2013-0794 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 CVE-2013-0801 CVE-2013-1669 CVE-2013-1670 CVE-2013-1671 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 CVE-2013-1682 CVE-2013-1683 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1688 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1694 CVE-2013-1695 CVE-2013-1696 CVE-2013-1697 CVE-2013-1698 CVE-2013-1699 CVE-2013-1701 CVE-2013-1702 CVE-2013-1704 CVE-2013-1705 CVE-2013-1708 CVE-2013-1709 CVE-2013-1710 CVE-2013-1711 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 CVE-2013-1718 CVE-2013-1719 CVE-2013-1720 CVE-2013-1721 CVE-2013-1722 CVE-2013-1723 CVE-2013-1724 CVE-2013-1725 CVE-2013-1728 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 CVE-2013-1738 CVE-2013-5590 CVE-2013-5591 CVE-2013-5592 CVE-2013-5593 CVE-2013-5595 CVE-2013-5596 CVE-2013-5597 CVE-2013-5598 CVE-2013-5599 CVE-2013-5600 CVE-2013-5601 CVE-2013-5602 CVE-2013-5603 CVE-2013-5604 CVE-2013-5609 CVE-2013-5610 CVE-2013-5611 CVE-2013-5612 CVE-2013-5613 CVE-2013-5614 CVE-2013-5615 CVE-2013-5616 CVE-2013-5618 CVE-2013-5619 CVE-2013-6629 CVE-2013-6630 CVE-2013-6671 CVE-2013-6672 CVE-2013-6673 CVE-2014-1477 CVE-2014-1478 CVE-2014-1479 CVE-2014-1480 CVE-2014-1481 CVE-2014-1482 CVE-2014-1483 CVE-2014-1484 CVE-2014-1485 CVE-2014-1486 CVE-2014-1487 CVE-2014-1488 CVE-2014-1489 CVE-2014-1490 CVE-2014-1491 CVE-2014-1544 CVE-2014-1547 CVE-2014-1548 CVE-2014-1553 CVE-2014-1554 CVE-2014-1555 CVE-2014-1556 CVE-2014-1557 CVE-2014-1562 CVE-2014-1563 CVE-2014-1564 CVE-2014-1565 CVE-2014-1567 CVE-2014-1574 CVE-2014-1575 CVE-2014-1576 CVE-2014-1577 CVE-2014-1578 CVE-2014-1581 CVE-2014-1583 CVE-2014-1585 CVE-2014-1586 CVE-2014-1587 CVE-2014-1588 CVE-2014-1590 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 CVE-2014-8634 CVE-2014-8635 CVE-2014-8638 CVE-2014-8639 CVE-2014-8641 CVE-2015-0797 CVE-2015-0801 CVE-2015-0807 CVE-2015-0813 CVE-2015-0814 CVE-2015-0815 CVE-2015-0816 CVE-2015-0817 CVE-2015-0818 CVE-2015-0822 CVE-2015-0827 CVE-2015-0831 CVE-2015-0835 CVE-2015-0836 CVE-2015-2708 CVE-2015-2709 CVE-2015-2710 CVE-2015-2713 CVE-2015-2716 CVE-2015-2721 CVE-2015-2722 CVE-2015-2724 CVE-2015-2725 CVE-2015-2726 CVE-2015-2728 CVE-2015-2730 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2743 CVE-2015-4000 CVE-2015-4473 CVE-2015-4474 CVE-2015-4475 CVE-2015-4478 CVE-2015-4479 CVE-2015-4484 CVE-2015-4485 CVE-2015-4486 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 CVE-2015-4491 CVE-2015-4492 CVE-2015-4495 CVE-2015-4497 CVE-2015-4498 CVE-2015-4500 CVE-2015-4501 CVE-2015-4506 CVE-2015-4509 CVE-2015-4511 CVE-2015-4513 CVE-2015-4517 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7180 CVE-2015-7181 CVE-2015-7182 CVE-2015-7183 CVE-2015-7188 CVE-2015-7189 CVE-2015-7193 CVE-2015-7194 CVE-2015-7196 CVE-2015-7197 CVE-2015-7198 CVE-2015-7199 CVE-2015-7200 CVE-2015-7201 CVE-2015-7202 CVE-2015-7205 CVE-2015-7210 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 CVE-2015-7222 CVE-2016-10196 CVE-2016-1523 CVE-2016-1930 CVE-2016-1931 CVE-2016-1935 CVE-2016-1950 CVE-2016-1952 CVE-2016-1953 CVE-2016-1954 CVE-2016-1957 CVE-2016-1958 CVE-2016-1960 CVE-2016-1961 CVE-2016-1962 CVE-2016-1964 CVE-2016-1965 CVE-2016-1966 CVE-2016-1974 CVE-2016-1977 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802 CVE-2016-2805 CVE-2016-2807 CVE-2016-2808 CVE-2016-2814 CVE-2016-2815 CVE-2016-2818 CVE-2016-2819 CVE-2016-2821 CVE-2016-2822 CVE-2016-2824 CVE-2016-2828 CVE-2016-2830 CVE-2016-2831 CVE-2016-2835 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-2839 CVE-2016-5250 CVE-2016-5252 CVE-2016-5254 CVE-2016-5257 CVE-2016-5258 CVE-2016-5259 CVE-2016-5261 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-5270 CVE-2016-5272 CVE-2016-5274 CVE-2016-5276 CVE-2016-5277 CVE-2016-5278 CVE-2016-5280 CVE-2016-5281 CVE-2016-5284 CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297 CVE-2016-6354 CVE-2016-9064 CVE-2016-9066 CVE-2016-9079 CVE-2016-9893 CVE-2016-9895 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9901 CVE-2016-9902 CVE-2016-9904 CVE-2016-9905 CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378 CVE-2017-5380 CVE-2017-5383 CVE-2017-5386 CVE-2017-5390 CVE-2017-5396 CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5404 CVE-2017-5405 CVE-2017-5407 CVE-2017-5408 CVE-2017-5409 CVE-2017-5410 CVE-2017-5429 CVE-2017-5430 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5437 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5449 CVE-2017-5451 CVE-2017-5454 CVE-2017-5455 CVE-2017-5456 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5466 CVE-2017-5467 CVE-2017-5469 CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7753 CVE-2017-7754 CVE-2017-7755 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7761 CVE-2017-7763 CVE-2017-7764 CVE-2017-7765 CVE-2017-7768 CVE-2017-7778 CVE-2017-7779 CVE-2017-7782 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7793 CVE-2017-7798 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7804 CVE-2017-7805 CVE-2017-7807 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 CVE-2017-7825 CVE-2017-7826 CVE-2017-7828 CVE-2017-7830 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12368 CVE-2018-5089 CVE-2018-5091 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5117 CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5130 CVE-2018-5131 CVE-2018-5144 CVE-2018-5145 CVE-2018-5146 CVE-2018-5147 CVE-2018-5148 CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5156 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5168 CVE-2018-5174 CVE-2018-5178 CVE-2018-5183 CVE-2018-5188 CVE-2018-6126 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the NetworkManager-1.0.12-13.6.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2015-2924 CVE-2016-0764 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the aaa_base-malloccheck-13.2+git20140911.61c1681-38.8.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2011-0461 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the accountsservice-devel-0.6.42-16.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2012-2737 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the alsa-devel-1.0.27.2-15.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2009-0035 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the ant-1.9.4-3.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-1571 CVE-2018-10886 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the apache-pdfbox-1.8.12-3.5.4 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2016-2175 CVE-2018-11797 CVE-2018-8036 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the apache2-devel-2.4.23-29.24.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2009-0023 CVE-2009-1191 CVE-2009-1195 CVE-2009-1890 CVE-2009-1891 CVE-2009-1955 CVE-2009-1956 CVE-2009-2412 CVE-2009-2699 CVE-2009-3094 CVE-2009-3095 CVE-2009-3555 CVE-2009-3560 CVE-2009-3720 CVE-2010-0408 CVE-2010-0425 CVE-2010-0434 CVE-2010-1452 CVE-2010-1623 CVE-2010-2068 CVE-2011-1176 CVE-2011-3192 CVE-2011-3368 CVE-2011-3607 CVE-2011-4317 CVE-2012-0021 CVE-2012-0031 CVE-2012-0053 CVE-2012-2687 CVE-2012-3499 CVE-2012-3502 CVE-2013-1896 CVE-2013-2249 CVE-2013-5704 CVE-2013-6438 CVE-2014-0098 CVE-2014-0117 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-3523 CVE-2014-3581 CVE-2014-3583 CVE-2014-8109 CVE-2015-0228 CVE-2015-0253 CVE-2015-4000 CVE-2016-0736 CVE-2016-1546 CVE-2016-2161 CVE-2016-4975 CVE-2016-4979 CVE-2016-5387 CVE-2016-8740 CVE-2016-8743 CVE-2017-15710 CVE-2017-15715 CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7679 CVE-2017-9788 CVE-2017-9789 CVE-2017-9798 CVE-2018-1283 CVE-2018-1301 CVE-2018-1302 CVE-2018-1303 CVE-2018-1312 CVE-2018-1333 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the apache2-mod_perl-devel-2.0.8-11.43 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-1667 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the audiofile-devel-0.3.6-10.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2015-7747 CVE-2017-6827 CVE-2017-6828 CVE-2017-6829 CVE-2017-6830 CVE-2017-6831 CVE-2017-6832 CVE-2017-6833 CVE-2017-6834 CVE-2017-6835 CVE-2017-6836 CVE-2017-6837 CVE-2017-6838 CVE-2017-6839 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the augeas-devel-1.2.0-17.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2012-0786 CVE-2014-8119 CVE-2017-7555 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the automake-1.13.4-6.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2009-4029 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the avahi-compat-howl-devel-0.6.32-30.36 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2009-0758 CVE-2010-2244 CVE-2011-1002 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the bash-devel-4.3-83.15.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2014-2524 CVE-2014-6271 CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 CVE-2016-0634 CVE-2016-7543 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the bind-devel-9.11.2-1.24 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2009-0696 CVE-2009-4022 CVE-2010-3613 CVE-2010-3614 CVE-2010-3615 CVE-2011-0414 CVE-2011-1907 CVE-2011-1910 CVE-2011-2464 CVE-2011-4313 CVE-2012-1667 CVE-2012-3817 CVE-2012-3868 CVE-2012-4244 CVE-2012-5166 CVE-2012-5688 CVE-2012-5689 CVE-2013-2266 CVE-2013-4854 CVE-2014-0591 CVE-2014-8500 CVE-2015-1349 CVE-2015-4620 CVE-2015-5477 CVE-2015-5722 CVE-2015-8000 CVE-2015-8704 CVE-2016-1285 CVE-2016-1286 CVE-2016-2775 CVE-2016-2776 CVE-2016-6170 CVE-2016-8864 CVE-2016-9131 CVE-2016-9147 CVE-2016-9444 CVE-2017-3135 CVE-2017-3136 CVE-2017-3137 CVE-2017-3138 CVE-2017-3142 CVE-2017-3143 CVE-2017-3145 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the binutils-devel-2.31-9.26.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2014-9939 CVE-2017-12448 CVE-2017-12450 CVE-2017-12452 CVE-2017-12453 CVE-2017-12454 CVE-2017-12456 CVE-2017-12799 CVE-2017-13757 CVE-2017-14128 CVE-2017-14129 CVE-2017-14130 CVE-2017-14333 CVE-2017-14529 CVE-2017-14729 CVE-2017-14745 CVE-2017-14974 CVE-2017-15938 CVE-2017-15939 CVE-2017-15996 CVE-2017-16826 CVE-2017-16827 CVE-2017-16828 CVE-2017-16829 CVE-2017-16830 CVE-2017-16831 CVE-2017-16832 CVE-2017-6965 CVE-2017-6966 CVE-2017-6969 CVE-2017-7209 CVE-2017-7210 CVE-2017-7223 CVE-2017-7224 CVE-2017-7225 CVE-2017-7226 CVE-2017-7299 CVE-2017-7300 CVE-2017-7301 CVE-2017-7302 CVE-2017-7303 CVE-2017-7304 CVE-2017-8392 CVE-2017-8393 CVE-2017-8394 CVE-2017-8396 CVE-2017-8421 CVE-2017-9746 CVE-2017-9747 CVE-2017-9748 CVE-2017-9750 CVE-2017-9755 CVE-2017-9756 CVE-2018-10372 CVE-2018-10373 CVE-2018-10534 CVE-2018-10535 CVE-2018-6323 CVE-2018-6543 CVE-2018-6759 CVE-2018-6872 CVE-2018-7208 CVE-2018-7568 CVE-2018-7569 CVE-2018-7570 CVE-2018-7642 CVE-2018-7643 CVE-2018-8945 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the bluez-devel-5.13-5.4.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2016-7837 CVE-2016-9800 CVE-2016-9804 CVE-2017-1000250 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the bsh2-2.0.0.b5-3.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2016-2510 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the build-20171128-9.3.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2010-4226 CVE-2017-14804 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the cairo-devel-1.15.2-25.3.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2016-9082 CVE-2017-7475 CVE-2017-9814 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the checkbashisms-2.12.6-3.21 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2012-2240 CVE-2012-2241 CVE-2012-3500 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the cifs-utils-devel-6.5-9.3.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2009-1886 CVE-2009-1888 CVE-2009-2813 CVE-2009-2906 CVE-2009-2948 CVE-2010-0547 CVE-2010-0728 CVE-2010-0787 CVE-2012-1586 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the coolkey-devel-1.1.0-148.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2007-4129 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the cracklib-devel-2.9.0-7.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2016-6318 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the crash-devel-7.2.1-2.19 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2014-2524 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the cups-ddk-1.7.5-20.17.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2009-0163 CVE-2009-2820 CVE-2009-3553 CVE-2010-0393 CVE-2010-0540 CVE-2010-0542 CVE-2010-1748 CVE-2010-2941 CVE-2012-5519 CVE-2012-6094 CVE-2014-2856 CVE-2014-3537 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031 CVE-2014-9679 CVE-2015-1158 CVE-2015-1159 CVE-2017-18190 CVE-2017-18248 CVE-2018-4180 CVE-2018-4181 CVE-2018-4182 CVE-2018-4183 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the cyrus-sasl-devel-2.1.26-8.7.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2009-0688 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the dbus-1-devel-1.8.22-29.10.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2010-4352 CVE-2012-3524 CVE-2013-2168 CVE-2014-3477 CVE-2014-3532 CVE-2014-3533 CVE-2014-3635 CVE-2014-3636 CVE-2014-3637 CVE-2014-3638 CVE-2014-3639 CVE-2014-7824 CVE-2014-8148 CVE-2015-0245 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the dbus-1-glib-devel-0.100.2-3.58 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2010-1172 CVE-2013-0292 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the dhcp-devel-4.3.3-10.14.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2009-1892 CVE-2010-2156 CVE-2010-3611 CVE-2010-3616 CVE-2011-0413 CVE-2011-0997 CVE-2011-2748 CVE-2011-2749 CVE-2011-4539 CVE-2011-4868 CVE-2012-3570 CVE-2012-3571 CVE-2012-3954 CVE-2012-3955 CVE-2013-2266 CVE-2015-8605 CVE-2017-3144 CVE-2018-5732 CVE-2018-5733 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the dia-0.97.3-15.63 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2008-5984 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the dovecot22-devel-2.2.31-19.11.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2014-3430 CVE-2016-4983 CVE-2017-14461 CVE-2017-15130 CVE-2017-15132 CVE-2017-2669 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the dpdk-devel-17.11.4-3.6 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2018-1059 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the e2fsprogs-devel-1.43.8-1.19 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2015-0247 CVE-2015-1572 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the eog-devel-3.20.4-7.7 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-7447 CVE-2016-6855 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the evince-devel-3.20.2-6.22.9 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2010-2640 CVE-2010-2641 CVE-2010-2642 CVE-2010-2643 CVE-2017-1000083 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the file-devel-5.22-10.6.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2012-1571 CVE-2014-3710 CVE-2014-8116 CVE-2014-8117 CVE-2014-9620 CVE-2014-9621 CVE-2014-9653 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the finch-devel-2.12.0-3.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2009-2694 CVE-2009-2703 CVE-2009-3026 CVE-2009-3083 CVE-2009-3084 CVE-2009-3085 CVE-2009-3615 CVE-2010-0013 CVE-2010-0277 CVE-2010-0420 CVE-2010-0423 CVE-2010-1624 CVE-2010-2528 CVE-2010-3711 CVE-2011-1091 CVE-2011-3594 CVE-2012-2214 CVE-2012-3374 CVE-2012-6152 CVE-2013-0271 CVE-2013-0272 CVE-2013-0273 CVE-2013-0274 CVE-2013-6477 CVE-2013-6478 CVE-2013-6479 CVE-2013-6481 CVE-2013-6482 CVE-2013-6483 CVE-2013-6484 CVE-2013-6485 CVE-2013-6486 CVE-2013-6487 CVE-2014-0020 CVE-2014-3694 CVE-2014-3695 CVE-2014-3696 CVE-2014-3697 CVE-2014-3698 CVE-2017-2640 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the flac-devel-1.3.0-11.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2014-8962 CVE-2014-9028 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the flex-2.5.37-8.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2016-6354 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the fontconfig-devel-2.11.1-7.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2016-5384 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the freeradius-server-devel-3.0.15-2.8.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2012-3547 CVE-2014-2015 CVE-2015-4680 CVE-2015-8763 CVE-2017-10978 CVE-2017-10983 CVE-2017-10984 CVE-2017-10985 CVE-2017-10986 CVE-2017-10987 CVE-2017-10988 CVE-2017-9148 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the freerdp-devel-2.0.0~git.1463131968.4e66df7-12.3.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2014-0250 CVE-2014-0791 CVE-2017-2834 CVE-2017-2835 CVE-2017-2836 CVE-2017-2837 CVE-2017-2838 CVE-2017-2839 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the freetype2-devel-2.6.3-7.15.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2009-0946 CVE-2010-2497 CVE-2010-2805 CVE-2010-3053 CVE-2010-3054 CVE-2010-3311 CVE-2010-3814 CVE-2010-3855 CVE-2011-0226 CVE-2011-3256 CVE-2011-3439 CVE-2012-1126 CVE-2012-1127 CVE-2012-1128 CVE-2012-1129 CVE-2012-1130 CVE-2012-1131 CVE-2012-1132 CVE-2012-1133 CVE-2012-1134 CVE-2012-1135 CVE-2012-1136 CVE-2012-1137 CVE-2012-1138 CVE-2012-1139 CVE-2012-1140 CVE-2012-1141 CVE-2012-1142 CVE-2012-1143 CVE-2012-1144 CVE-2012-5668 CVE-2012-5669 CVE-2012-5670 CVE-2014-2240 CVE-2014-2241 CVE-2014-9656 CVE-2014-9657 CVE-2014-9658 CVE-2014-9659 CVE-2014-9660 CVE-2014-9661 CVE-2014-9662 CVE-2014-9663 CVE-2014-9664 CVE-2014-9665 CVE-2014-9666 CVE-2014-9667 CVE-2014-9668 CVE-2014-9669 CVE-2014-9670 CVE-2014-9671 CVE-2014-9672 CVE-2014-9673 CVE-2014-9674 CVE-2014-9675 CVE-2016-10244 CVE-2017-8105 CVE-2017-8287 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the fuse-devel-2.9.3-6.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2009-3297 CVE-2011-0541 CVE-2015-3202 CVE-2018-10906 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the gc-devel-7.2d-5.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2012-2673 CVE-2016-9427 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the gcc48-4.8.5-31.17.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2014-5044 CVE-2015-5276 CVE-2017-11671 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the gd-devel-2.1.0-24.9.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2014-2497 CVE-2014-9709 CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-5116 CVE-2016-6128 CVE-2016-6132 CVE-2016-6161 CVE-2016-6207 CVE-2016-6214 CVE-2016-6905 CVE-2016-6906 CVE-2016-6911 CVE-2016-6912 CVE-2016-7568 CVE-2016-8670 CVE-2016-9317 CVE-2016-9933 CVE-2017-6362 CVE-2018-1000222 CVE-2018-5711 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the gdk-pixbuf-devel-2.34.0-19.17.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2011-2485 CVE-2015-4491 CVE-2015-7552 CVE-2015-7673 CVE-2015-7674 CVE-2016-6352 CVE-2017-1000422 CVE-2017-2862 CVE-2017-2870 CVE-2017-6312 CVE-2017-6313 CVE-2017-6314 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the gdm-devel-3.10.0.1-54.6.3 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2011-1709 CVE-2018-14424 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the gegl-devel-0.2.0-14.3 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2012-4433 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the ghostscript-devel-9.25-23.13.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-5653 CVE-2015-3228 CVE-2016-10217 CVE-2016-10218 CVE-2016-10219 CVE-2016-10220 CVE-2016-10317 CVE-2016-7976 CVE-2016-7977 CVE-2016-7978 CVE-2016-7979 CVE-2016-8602 CVE-2016-9601 CVE-2017-11714 CVE-2017-5951 CVE-2017-7207 CVE-2017-8291 CVE-2017-9216 CVE-2017-9612 CVE-2017-9726 CVE-2017-9727 CVE-2017-9739 CVE-2017-9835 CVE-2018-10194 CVE-2018-15908 CVE-2018-15909 CVE-2018-15910 CVE-2018-15911 CVE-2018-16509 CVE-2018-16510 CVE-2018-16511 CVE-2018-16513 CVE-2018-16539 CVE-2018-16540 CVE-2018-16541 CVE-2018-16542 CVE-2018-16543 CVE-2018-16585 CVE-2018-16802 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the giflib-devel-5.0.5-12.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2015-7555 CVE-2016-3977 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the gimp-devel-2.8.18-9.3.26 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2007-3126 CVE-2010-4540 CVE-2010-4541 CVE-2010-4542 CVE-2010-4543 CVE-2011-2896 CVE-2012-3236 CVE-2012-5576 CVE-2016-4994 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the git-2.12.3-27.14.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2011-2186 CVE-2014-9390 CVE-2016-2315 CVE-2016-2324 CVE-2017-1000117 CVE-2017-14867 CVE-2017-15298 CVE-2017-8386 CVE-2018-11233 CVE-2018-11235 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the glib2-devel-2.48.2-10.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2008-4316 CVE-2012-3524 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the glibc-devel-static-2.22-15.3 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2009-5029 CVE-2012-3406 CVE-2012-4412 CVE-2013-0242 CVE-2013-1914 CVE-2013-2207 CVE-2013-4237 CVE-2013-4332 CVE-2013-4458 CVE-2013-7423 CVE-2014-0475 CVE-2014-4043 CVE-2014-5119 CVE-2014-6040 CVE-2014-7817 CVE-2014-8121 CVE-2014-9402 CVE-2014-9761 CVE-2015-1472 CVE-2015-1473 CVE-2015-1781 CVE-2015-7547 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778 CVE-2015-8779 CVE-2016-1234 CVE-2016-3075 CVE-2016-3706 CVE-2016-4429 CVE-2017-1000366 CVE-2017-1000408 CVE-2017-1000409 CVE-2017-12132 CVE-2017-12133 CVE-2017-15670 CVE-2017-15671 CVE-2017-15804 CVE-2017-16997 CVE-2017-18269 CVE-2017-8804 CVE-2018-1000001 CVE-2018-11236 CVE-2018-11237 CVE-2018-6485 CVE-2018-6551 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the gnome-online-accounts-devel-3.20.5-9.6 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-0240 CVE-2013-1799 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the gnome-settings-daemon-devel-3.20.1-50.5.8 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2014-7300 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the gnome-shell-devel-3.20.4-77.17.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2010-4000 CVE-2017-8288 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the graphite2-devel-1.3.1-10.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2016-1521 CVE-2016-1523 CVE-2016-1526 CVE-2017-5436 CVE-2018-7999 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the gstreamer-0_10-plugins-bad-devel-0.10.23-25.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2015-0797 CVE-2016-9445 CVE-2016-9446 CVE-2016-9447 CVE-2016-9809 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the gstreamer-0_10-plugins-base-devel-0.10.36-17.13 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2016-9811 CVE-2017-5837 CVE-2017-5844 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the gstreamer-devel-1.8.3-9.5 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2017-5838 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the gstreamer-plugins-bad-devel-1.8.3-17.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2016-9445 CVE-2016-9446 CVE-2016-9809 CVE-2016-9812 CVE-2016-9813 CVE-2017-5843 CVE-2017-5848 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the gstreamer-plugins-base-devel-1.8.3-12.11 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2016-9811 CVE-2017-5837 CVE-2017-5839 CVE-2017-5842 CVE-2017-5844 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the gtk2-devel-2.24.31-7.11 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-7447 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the guile-devel-2.0.9-8.3 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2016-8605 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the gwenhywfar-devel-4.9.0beta-3.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2015-7542 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the hivex-devel-1.3.10-4.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2014-9273 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the hplip-devel-3.16.11-1.33 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2004-0801 CVE-2010-4267 CVE-2011-2697 CVE-2011-2722 CVE-2013-4325 CVE-2013-6402 CVE-2013-6427 CVE-2015-0839 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the icecream-1.0.1-5.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2014-4607 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the id3lib-3.8.3-261.119 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2007-4460 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the java-1_7_1-ibm-devel-1.7.1_sr4.30-38.26.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2014-3065 CVE-2014-3566 CVE-2014-4288 CVE-2014-6456 CVE-2014-6457 CVE-2014-6458 CVE-2014-6466 CVE-2014-6476 CVE-2014-6492 CVE-2014-6493 CVE-2014-6502 CVE-2014-6503 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6513 CVE-2014-6515 CVE-2014-6527 CVE-2014-6531 CVE-2014-6532 CVE-2014-6558 CVE-2014-8891 CVE-2014-8892 CVE-2015-0138 CVE-2015-0192 CVE-2015-0204 CVE-2015-0458 CVE-2015-0459 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 CVE-2015-0491 CVE-2015-1914 CVE-2015-1931 CVE-2015-2590 CVE-2015-2601 CVE-2015-2613 CVE-2015-2619 CVE-2015-2621 CVE-2015-2625 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4734 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 CVE-2015-5041 CVE-2015-7575 CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 CVE-2015-8540 CVE-2016-0264 CVE-2016-0363 CVE-2016-0376 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 CVE-2016-0686 CVE-2016-0687 CVE-2016-10165 CVE-2016-2183 CVE-2016-3422 CVE-2016-3426 CVE-2016-3427 CVE-2016-3443 CVE-2016-3449 CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5597 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10081 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10115 CVE-2017-10116 CVE-2017-10125 CVE-2017-10243 CVE-2017-10281 CVE-2017-10285 CVE-2017-10293 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 CVE-2017-1289 CVE-2017-3509 CVE-2017-3511 CVE-2017-3512 CVE-2017-3514 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 CVE-2018-12539 CVE-2018-1417 CVE-2018-1517 CVE-2018-1656 CVE-2018-2579 CVE-2018-2582 CVE-2018-2588 CVE-2018-2599 CVE-2018-2602 CVE-2018-2603 CVE-2018-2618 CVE-2018-2633 CVE-2018-2634 CVE-2018-2637 CVE-2018-2641 CVE-2018-2657 CVE-2018-2663 CVE-2018-2677 CVE-2018-2678 CVE-2018-2783 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the java-1_8_0-ibm-devel-1.8.0_sr5.20-30.36.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2014-3065 CVE-2014-3566 CVE-2014-4288 CVE-2014-6456 CVE-2014-6457 CVE-2014-6458 CVE-2014-6466 CVE-2014-6476 CVE-2014-6492 CVE-2014-6493 CVE-2014-6502 CVE-2014-6503 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6513 CVE-2014-6515 CVE-2014-6527 CVE-2014-6531 CVE-2014-6532 CVE-2014-6558 CVE-2014-8891 CVE-2014-8892 CVE-2015-0204 CVE-2015-0458 CVE-2015-0459 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0486 CVE-2015-0488 CVE-2015-0491 CVE-2015-1931 CVE-2015-2590 CVE-2015-2601 CVE-2015-2613 CVE-2015-2619 CVE-2015-2621 CVE-2015-2625 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4734 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 CVE-2015-5041 CVE-2015-7575 CVE-2015-8126 CVE-2015-8472 CVE-2016-0264 CVE-2016-0363 CVE-2016-0376 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0475 CVE-2016-0483 CVE-2016-0494 CVE-2016-0686 CVE-2016-0687 CVE-2016-0705 CVE-2016-10165 CVE-2016-2183 CVE-2016-3422 CVE-2016-3426 CVE-2016-3427 CVE-2016-3443 CVE-2016-3449 CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 CVE-2016-5542 CVE-2016-5547 CVE-2016-5548 CVE-2016-5549 CVE-2016-5552 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5597 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10078 CVE-2017-10081 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10115 CVE-2017-10116 CVE-2017-10125 CVE-2017-10243 CVE-2017-10281 CVE-2017-10285 CVE-2017-10293 CVE-2017-10295 CVE-2017-10309 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 CVE-2017-1289 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3259 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289 CVE-2017-3509 CVE-2017-3511 CVE-2017-3512 CVE-2017-3514 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 CVE-2017-3732 CVE-2017-3736 CVE-2018-12539 CVE-2018-1417 CVE-2018-1517 CVE-2018-1656 CVE-2018-2579 CVE-2018-2582 CVE-2018-2588 CVE-2018-2599 CVE-2018-2602 CVE-2018-2603 CVE-2018-2618 CVE-2018-2633 CVE-2018-2634 CVE-2018-2637 CVE-2018-2638 CVE-2018-2639 CVE-2018-2641 CVE-2018-2663 CVE-2018-2677 CVE-2018-2678 CVE-2018-2783 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2825 CVE-2018-2826 CVE-2018-2940 CVE-2018-2952 CVE-2018-2964 CVE-2018-2973 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the kernel-docs-4.12.14-94.41.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2009-3939 CVE-2009-4026 CVE-2009-4027 CVE-2009-4131 CVE-2009-4138 CVE-2009-4536 CVE-2009-4538 CVE-2010-1146 CVE-2010-1436 CVE-2010-1641 CVE-2010-2066 CVE-2010-2942 CVE-2010-2954 CVE-2010-2955 CVE-2010-3081 CVE-2010-3296 CVE-2010-3297 CVE-2010-3298 CVE-2010-3301 CVE-2010-3310 CVE-2011-0711 CVE-2011-0712 CVE-2011-1020 CVE-2011-1180 CVE-2011-1577 CVE-2011-1581 CVE-2011-2203 CVE-2011-4604 CVE-2012-0056 CVE-2012-3412 CVE-2012-3520 CVE-2013-0160 CVE-2013-0231 CVE-2013-0913 CVE-2013-2850 CVE-2014-0038 CVE-2014-0196 CVE-2014-0691 CVE-2014-8133 CVE-2015-1333 CVE-2015-7550 CVE-2015-7884 CVE-2015-7885 CVE-2015-8539 CVE-2015-8660 CVE-2016-0723 CVE-2016-0728 CVE-2016-1237 CVE-2016-1583 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2384 CVE-2016-3134 CVE-2016-3135 CVE-2016-3136 CVE-2016-3140 CVE-2016-3689 CVE-2016-3713 CVE-2016-4470 CVE-2016-4485 CVE-2016-4486 CVE-2016-4557 CVE-2016-4558 CVE-2016-4569 CVE-2016-4578 CVE-2016-4951 CVE-2016-4997 CVE-2016-4998 CVE-2016-5195 CVE-2016-5244 CVE-2016-5829 CVE-2016-6187 CVE-2016-6480 CVE-2016-6516 CVE-2016-6828 CVE-2016-7039 CVE-2016-7042 CVE-2016-7425 CVE-2016-7913 CVE-2016-8655 CVE-2016-9555 CVE-2016-9576 CVE-2017-1000251 CVE-2017-1000252 CVE-2017-1000255 CVE-2017-1000380 CVE-2017-1000410 CVE-2017-11473 CVE-2017-11600 CVE-2017-12153 CVE-2017-12154 CVE-2017-12190 CVE-2017-12193 CVE-2017-13080 CVE-2017-13166 CVE-2017-14051 CVE-2017-14489 CVE-2017-15115 CVE-2017-15127 CVE-2017-15128 CVE-2017-15129 CVE-2017-15265 CVE-2017-15537 CVE-2017-15649 CVE-2017-15951 CVE-2017-16525 CVE-2017-16527 CVE-2017-16528 CVE-2017-16529 CVE-2017-16531 CVE-2017-16534 CVE-2017-16535 CVE-2017-16536 CVE-2017-16537 CVE-2017-16538 CVE-2017-16644 CVE-2017-16645 CVE-2017-16646 CVE-2017-16647 CVE-2017-16649 CVE-2017-16650 CVE-2017-16911 CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-16939 CVE-2017-16994 CVE-2017-16995 CVE-2017-16996 CVE-2017-17052 CVE-2017-17448 CVE-2017-17449 CVE-2017-17450 CVE-2017-17558 CVE-2017-17712 CVE-2017-17741 CVE-2017-17805 CVE-2017-17806 CVE-2017-17852 CVE-2017-17853 CVE-2017-17854 CVE-2017-17855 CVE-2017-17856 CVE-2017-17857 CVE-2017-17862 CVE-2017-17864 CVE-2017-17975 CVE-2017-18075 CVE-2017-18202 CVE-2017-18203 CVE-2017-18204 CVE-2017-18208 CVE-2017-18344 CVE-2017-2636 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2017-5897 CVE-2017-5970 CVE-2017-5986 CVE-2017-6347 CVE-2017-6353 CVE-2017-7184 CVE-2017-7187 CVE-2017-7261 CVE-2017-7277 CVE-2017-7294 CVE-2017-7308 CVE-2017-7346 CVE-2017-7477 CVE-2017-7487 CVE-2017-7541 CVE-2017-7542 CVE-2017-8824 CVE-2017-8831 CVE-2017-8890 CVE-2017-9059 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9211 CVE-2017-9242 CVE-2018-1000004 CVE-2018-1000028 CVE-2018-1000200 CVE-2018-1000204 CVE-2018-10087 CVE-2018-10124 CVE-2018-10323 CVE-2018-1065 CVE-2018-1068 CVE-2018-10853 CVE-2018-10902 CVE-2018-1091 CVE-2018-10938 CVE-2018-1094 CVE-2018-10940 CVE-2018-1108 CVE-2018-1118 CVE-2018-1120 CVE-2018-1128 CVE-2018-1129 CVE-2018-1130 CVE-2018-12233 CVE-2018-12896 CVE-2018-13053 CVE-2018-13093 CVE-2018-13094 CVE-2018-13095 CVE-2018-13405 CVE-2018-13406 CVE-2018-14613 CVE-2018-14617 CVE-2018-14633 CVE-2018-15572 CVE-2018-16658 CVE-2018-17182 CVE-2018-3620 CVE-2018-3639 CVE-2018-3646 CVE-2018-5332 CVE-2018-5333 CVE-2018-5390 CVE-2018-5391 CVE-2018-5803 CVE-2018-5848 CVE-2018-6554 CVE-2018-6555 CVE-2018-6927 CVE-2018-7492 CVE-2018-7566 CVE-2018-7740 CVE-2018-8043 CVE-2018-8087 CVE-2018-8781 CVE-2018-8822 CVE-2018-9363 CVE-2018-9385 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the krb5-devel-1.12.5-40.28.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2002-2443 CVE-2009-0844 CVE-2009-0845 CVE-2009-0846 CVE-2009-0847 CVE-2009-3295 CVE-2009-4212 CVE-2010-0283 CVE-2010-0628 CVE-2010-1320 CVE-2010-1321 CVE-2010-1322 CVE-2010-1323 CVE-2010-1324 CVE-2010-4020 CVE-2010-4021 CVE-2010-4022 CVE-2011-0281 CVE-2011-0282 CVE-2011-0284 CVE-2011-0285 CVE-2011-1527 CVE-2011-1528 CVE-2011-1529 CVE-2011-1530 CVE-2012-1012 CVE-2012-1013 CVE-2012-1016 CVE-2013-1415 CVE-2013-1417 CVE-2013-1418 CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344 CVE-2014-4345 CVE-2014-5351 CVE-2014-5352 CVE-2014-5353 CVE-2014-5354 CVE-2014-5355 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423 CVE-2015-2694 CVE-2015-2695 CVE-2015-2696 CVE-2015-2697 CVE-2015-2698 CVE-2015-8629 CVE-2015-8630 CVE-2015-8631 CVE-2016-3119 CVE-2016-3120 CVE-2017-11462 CVE-2017-15088 CVE-2018-5729 CVE-2018-5730 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the lhasa-devel-0.2.0-5.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2016-2347 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the lib3ds-1-3-1.3.0-25.3 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2010-0280 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libHX-devel-3.18-1.18 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2010-2947 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libICE-devel-1.0.8-12.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2017-2626 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libQt5Bootstrap-devel-static-5.6.2-6.12.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2015-0295 CVE-2015-1858 CVE-2015-1859 CVE-2015-1860 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libQt5WebKit-private-headers-devel-5.6.2-1.31 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2015-8079 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libX11-devel-1.6.2-12.5.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-1981 CVE-2013-1997 CVE-2013-2004 CVE-2016-7942 CVE-2018-14598 CVE-2018-14599 CVE-2018-14600 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libXcursor-devel-1.1.14-4.6.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-2003 CVE-2015-9262 CVE-2017-16612 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libXdmcp-devel-1.1.1-12.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2017-2625 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libXext-devel-1.3.2-4.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-1982 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libXfixes-devel-5.0.1-7.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-1983 CVE-2016-7944 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libXfont-devel-1.5.1-11.3.12 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2011-2895 CVE-2013-6462 CVE-2014-0209 CVE-2014-0210 CVE-2014-0211 CVE-2015-1802 CVE-2015-1803 CVE-2015-1804 CVE-2017-13720 CVE-2017-13722 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libXi-devel-1.7.4-17.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-1984 CVE-2013-1995 CVE-2013-1998 CVE-2016-7945 CVE-2016-7946 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libXinerama-devel-1.1.3-3.54 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-1985 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libXp-devel-1.0.2-3.57 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-2062 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libXpm-devel-3.5.11-5.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2016-10164 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libXrandr-devel-1.5.0-6.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-1986 CVE-2016-7947 CVE-2016-7948 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libXrender-devel-0.9.8-7.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-1987 CVE-2016-7949 CVE-2016-7950 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libXres-devel-1.0.7-3.53 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-1988 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libXt-devel-1.1.4-3.57 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-2002 CVE-2013-2005 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libXtst-devel-1.2.2-7.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-2063 CVE-2016-7951 CVE-2016-7952 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libXv-devel-1.0.10-7.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-1989 CVE-2013-2066 CVE-2016-5407 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libXvMC-devel-1.0.8-7.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-1990 CVE-2013-1999 CVE-2016-7953 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libXxf86dga-devel-1.1.4-3.58 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-1991 CVE-2013-2000 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libXxf86vm-devel-1.1.3-3.53 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-2001 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libapparmor-devel-2.8.2-49.21 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2017-6507 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libapr-util1-1.5.3-2.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2009-0023 CVE-2009-2412 CVE-2009-3560 CVE-2009-3720 CVE-2010-1623 CVE-2017-12618 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libapr1-1.5.1-4.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2009-2412 CVE-2011-0419 CVE-2011-1928 CVE-2017-12613 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libarchive-devel-3.1.2-25.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-0211 CVE-2015-2304 CVE-2015-8915 CVE-2015-8916 CVE-2015-8918 CVE-2015-8919 CVE-2015-8920 CVE-2015-8921 CVE-2015-8922 CVE-2015-8923 CVE-2015-8924 CVE-2015-8925 CVE-2015-8926 CVE-2015-8928 CVE-2015-8929 CVE-2015-8930 CVE-2015-8931 CVE-2015-8932 CVE-2015-8933 CVE-2015-8934 CVE-2016-1541 CVE-2016-4300 CVE-2016-4301 CVE-2016-4302 CVE-2016-4809 CVE-2016-5418 CVE-2016-5844 CVE-2016-6250 CVE-2016-8687 CVE-2016-8688 CVE-2016-8689 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libasm-devel-0.158-6.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2014-0172 CVE-2014-9447 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libass-devel-0.10.2-3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2016-7969 CVE-2016-7972 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libblkid-devel-2.29.2-7.14 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-0157 CVE-2014-9114 CVE-2015-5218 CVE-2016-2779 CVE-2016-5011 CVE-2017-2616 CVE-2018-7738 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libbotan-1_10-0-1.10.9-4.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2014-9742 CVE-2015-5726 CVE-2015-5727 CVE-2015-7827 CVE-2016-2194 CVE-2016-2195 CVE-2016-2849 CVE-2016-9132 CVE-2017-14737 CVE-2017-2801 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libbz2-devel-1.0.6-29.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2010-0405 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libcares-devel-1.9.1-9.4.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2016-5180 CVE-2017-1000381 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libcdio++0-0.90-6.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2017-18201 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libcephfs-devel-12.2.8+git.1536505967.080f2248ff-2.15.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2017-16818 CVE-2018-10861 CVE-2018-1128 CVE-2018-1129 CVE-2018-7262 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libcolord-devel-1.3.3-12.13 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2011-4349 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libcorosync-devel-2.3.6-9.13.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2018-1084 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libcurl-devel-7.60.0-2.11 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2009-0037 CVE-2009-2417 CVE-2013-0249 CVE-2013-1944 CVE-2013-2174 CVE-2013-4545 CVE-2014-0015 CVE-2014-0138 CVE-2014-0139 CVE-2014-3613 CVE-2014-3620 CVE-2014-3707 CVE-2014-8150 CVE-2015-3143 CVE-2015-3144 CVE-2015-3145 CVE-2015-3148 CVE-2015-3153 CVE-2015-3236 CVE-2015-3237 CVE-2016-0755 CVE-2016-5419 CVE-2016-5420 CVE-2016-5421 CVE-2016-7141 CVE-2016-7167 CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 CVE-2016-8625 CVE-2016-9586 CVE-2016-9594 CVE-2017-1000099 CVE-2017-1000100 CVE-2017-1000101 CVE-2017-1000254 CVE-2017-1000257 CVE-2017-2629 CVE-2017-7407 CVE-2017-7468 CVE-2017-8816 CVE-2017-8817 CVE-2017-8818 CVE-2017-9502 CVE-2018-0500 CVE-2018-1000005 CVE-2018-1000007 CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 CVE-2018-1000300 CVE-2018-1000301 CVE-2018-14618 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libdmx-devel-1.1.3-3.51 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-1992 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libevent-devel-2.0.21-6.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2014-6272 CVE-2016-10195 CVE-2016-10196 CVE-2016-10197 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libexempi-devel-2.2.1-5.7.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2017-18233 CVE-2017-18234 CVE-2017-18236 CVE-2017-18238 CVE-2018-7728 CVE-2018-7730 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libexif-devel-0.6.21-8.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841 CVE-2016-6328 CVE-2017-7544 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libexpat-devel-2.1.0-21.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2009-2625 CVE-2009-3560 CVE-2009-3720 CVE-2012-0876 CVE-2012-1147 CVE-2012-1148 CVE-2012-6702 CVE-2015-1283 CVE-2016-0718 CVE-2016-5300 CVE-2016-9063 CVE-2017-9233 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libfbembed-devel-2.5.2.26539-15.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-2492 CVE-2017-6369 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libgadu-devel-1.11.4-1.12 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-6487 CVE-2014-3775 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libgcrypt-devel-1.6.1-16.61.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-4242 CVE-2014-3591 CVE-2015-0837 CVE-2015-7511 CVE-2016-6313 CVE-2017-7526 CVE-2018-0495 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libgit2-24-0.24.1-7.6.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2016-10128 CVE-2016-10129 CVE-2016-10130 CVE-2016-8568 CVE-2016-8569 CVE-2017-5338 CVE-2017-5339 CVE-2018-10887 CVE-2018-10888 CVE-2018-11235 CVE-2018-15501 CVE-2018-8099 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libgme-devel-0.6.0-5.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2016-9957 CVE-2016-9958 CVE-2016-9959 CVE-2016-9960 CVE-2016-9961 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libgnomesu-devel-2.0.0-353.6.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2011-1946 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libgnutls-devel-3.3.27-3.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2008-4989 CVE-2011-4128 CVE-2012-0390 CVE-2012-1569 CVE-2012-1573 CVE-2014-0092 CVE-2014-1959 CVE-2014-3466 CVE-2014-8564 CVE-2015-0294 CVE-2015-3622 CVE-2015-6251 CVE-2016-7444 CVE-2016-8610 CVE-2017-10790 CVE-2017-5335 CVE-2017-5336 CVE-2017-5337 CVE-2018-10844 CVE-2018-10845 CVE-2018-10846 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libgpgme-devel-1.5.1-1.11 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2014-3564 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libgssglue-devel-0.4-3.76 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2011-2709 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libguestfs-devel-1.32.4-21.3.10 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-2124 CVE-2013-4419 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libgypsy-devel-0.9-6.22 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2011-0523 CVE-2011-0524 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libical-devel-1.0.1-16.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2016-5824 CVE-2016-5827 CVE-2016-9584 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libicu-devel-52.1-8.7.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2014-8146 CVE-2014-8147 CVE-2014-9654 CVE-2016-6293 CVE-2017-14952 CVE-2017-15422 CVE-2017-17484 CVE-2017-7867 CVE-2017-7868 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libid3tag-devel-0.15.1b-184.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2004-2779 CVE-2008-2109 CVE-2017-11550 CVE-2017-11551 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libidn-devel-1.28-5.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2015-2059 CVE-2015-8948 CVE-2016-6261 CVE-2016-6262 CVE-2016-6263 CVE-2017-14062 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libimobiledevice-devel-1.2.0-7.31 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-2142 CVE-2016-5104 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libipa_hbac-devel-1.16.1-2.8 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2010-4341 CVE-2011-1758 CVE-2013-0219 CVE-2013-0220 CVE-2013-0287 CVE-2017-12173 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libjasper-devel-1.900.14-195.8.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2008-3522 CVE-2011-4516 CVE-2011-4517 CVE-2014-8137 CVE-2014-8138 CVE-2014-8157 CVE-2014-8158 CVE-2014-9029 CVE-2015-5203 CVE-2015-5221 CVE-2016-10251 CVE-2016-1577 CVE-2016-1867 CVE-2016-2089 CVE-2016-2116 CVE-2016-8654 CVE-2016-8690 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8884 CVE-2016-8885 CVE-2016-8886 CVE-2016-8887 CVE-2016-9262 CVE-2016-9388 CVE-2016-9389 CVE-2016-9390 CVE-2016-9391 CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 CVE-2016-9395 CVE-2016-9398 CVE-2016-9560 CVE-2016-9583 CVE-2016-9591 CVE-2016-9600 CVE-2017-1000050 CVE-2017-5498 CVE-2017-6850 CVE-2018-9055 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libjavascriptcoregtk-1_0-0-2.4.11-23.20 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2012-5112 CVE-2012-5133 CVE-2014-1344 CVE-2014-1384 CVE-2014-1385 CVE-2014-1386 CVE-2014-1387 CVE-2014-1388 CVE-2014-1389 CVE-2014-1390 CVE-2014-1748 CVE-2015-1071 CVE-2015-1076 CVE-2015-1081 CVE-2015-1083 CVE-2015-1120 CVE-2015-1122 CVE-2015-1127 CVE-2015-1153 CVE-2015-1155 CVE-2015-2330 CVE-2015-3658 CVE-2015-3659 CVE-2015-3727 CVE-2015-3731 CVE-2015-3741 CVE-2015-3743 CVE-2015-3745 CVE-2015-3747 CVE-2015-3748 CVE-2015-3749 CVE-2015-3752 CVE-2015-5788 CVE-2015-5794 CVE-2015-5801 CVE-2015-5809 CVE-2015-5822 CVE-2015-5928 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libjbig-devel-2.0-12.13 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-6369 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libjpeg62-devel-62.2.0-31.7.4 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2014-9092 CVE-2017-15232 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libjson-c-devel-0.11-2.15 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-6370 CVE-2013-6371 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libksba-devel-1.3.0-23.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2014-9087 CVE-2016-4574 CVE-2016-4579 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the liblcms-devel-1.19-17.28 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2009-0793 CVE-2013-4276 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the liblcms2-devel-2.7-9.7.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2016-10165 CVE-2018-16435 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libldb-devel-1.1.29-3.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2015-3223 CVE-2015-5330 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the liblouis-devel-2.6.4-6.6.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2017-13738 CVE-2017-13739 CVE-2017-13740 CVE-2017-13741 CVE-2017-13743 CVE-2017-13744 CVE-2018-11440 CVE-2018-11577 CVE-2018-11683 CVE-2018-11684 CVE-2018-11685 CVE-2018-12085 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libmicrohttpd-devel-0.9.30-5.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-7038 CVE-2013-7039 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libmikmod-devel-3.2.0-4.54 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2007-6720 CVE-2009-0179 CVE-2009-3995 CVE-2009-3996 CVE-2010-2546 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libmms-devel-0.6.2-15.8 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2014-2892 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libmodplug-devel-0.8.9.0+git20170610.f6dd59a-15.4.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2011-1761 CVE-2013-4233 CVE-2013-4234 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libmspack-devel-0.4-14.4 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2010-2800 CVE-2010-2801 CVE-2014-9556 CVE-2014-9732 CVE-2015-4467 CVE-2015-4468 CVE-2015-4469 CVE-2015-4470 CVE-2015-4471 CVE-2015-4472 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libmusicbrainz-devel-2.1.5-27.79 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2006-4197 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libmwaw-devel-0.3.13-7.9.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2017-9433 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libmysqlclient-devel-10.0.35-1.7 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2007-5970 CVE-2008-7247 CVE-2009-4019 CVE-2009-4028 CVE-2009-4030 CVE-2010-5298 CVE-2012-5615 CVE-2013-1976 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-2494 CVE-2014-3470 CVE-2014-4207 CVE-2014-4258 CVE-2014-4260 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6474 CVE-2014-6478 CVE-2014-6484 CVE-2014-6489 CVE-2014-6491 CVE-2014-6494 CVE-2014-6495 CVE-2014-6496 CVE-2014-6500 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 CVE-2014-6564 CVE-2014-6568 CVE-2014-8964 CVE-2015-0374 CVE-2015-0381 CVE-2015-0382 CVE-2015-0391 CVE-2015-0411 CVE-2015-0432 CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501 CVE-2015-0505 CVE-2015-2325 CVE-2015-2326 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573 CVE-2015-3152 CVE-2015-4792 CVE-2015-4802 CVE-2015-4807 CVE-2015-4815 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4870 CVE-2015-4913 CVE-2015-5969 CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616 CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0651 CVE-2016-0655 CVE-2016-0666 CVE-2016-0668 CVE-2016-2047 CVE-2016-3477 CVE-2016-3492 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440 CVE-2016-5584 CVE-2016-5624 CVE-2016-5626 CVE-2016-5629 CVE-2016-6662 CVE-2016-6663 CVE-2016-6664 CVE-2016-7440 CVE-2016-8283 CVE-2017-10268 CVE-2017-10378 CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3257 CVE-2017-3258 CVE-2017-3265 CVE-2017-3291 CVE-2017-3302 CVE-2017-3308 CVE-2017-3309 CVE-2017-3312 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 CVE-2018-2562 CVE-2018-2612 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 CVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2767 CVE-2018-2771 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817 CVE-2018-2819 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libndr-devel-4.6.16+git.124.aee309c5c18-3.32.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2009-1886 CVE-2009-1888 CVE-2009-2813 CVE-2009-2906 CVE-2009-2948 CVE-2010-0547 CVE-2010-0728 CVE-2010-0787 CVE-2010-0926 CVE-2010-1635 CVE-2010-1642 CVE-2010-2063 CVE-2010-3069 CVE-2011-0719 CVE-2011-2522 CVE-2011-2694 CVE-2012-0817 CVE-2012-0870 CVE-2012-1182 CVE-2012-2111 CVE-2012-6150 CVE-2013-0172 CVE-2013-0213 CVE-2013-0214 CVE-2013-0454 CVE-2013-1863 CVE-2013-4124 CVE-2013-4408 CVE-2013-4475 CVE-2013-4476 CVE-2013-4496 CVE-2013-6442 CVE-2014-0178 CVE-2014-0239 CVE-2014-0244 CVE-2014-3493 CVE-2014-3560 CVE-2014-8143 CVE-2015-0240 CVE-2015-3223 CVE-2015-5252 CVE-2015-5296 CVE-2015-5299 CVE-2015-5330 CVE-2015-5370 CVE-2015-7560 CVE-2015-8467 CVE-2015-8543 CVE-2016-0771 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2115 CVE-2016-2118 CVE-2016-2119 CVE-2016-2123 CVE-2016-2125 CVE-2016-2126 CVE-2017-11103 CVE-2017-12150 CVE-2017-12151 CVE-2017-12163 CVE-2017-14746 CVE-2017-15275 CVE-2017-2619 CVE-2017-7494 CVE-2018-1050 CVE-2018-1057 CVE-2018-10858 CVE-2018-10919 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libneon-devel-0.30.0-3.64 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2009-2473 CVE-2009-2474 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libnetpbm-devel-10.66.3-7.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2016-6354 CVE-2017-2581 CVE-2017-2586 CVE-2017-2587 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libnettle-devel-2.7.1-12.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 CVE-2016-6489 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libofx-0.9.9-3.7.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2017-14731 CVE-2017-2816 CVE-2017-2920 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libopenssl-1_0_0-devel-1.0.2p-2.11 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2006-7250 CVE-2008-5077 CVE-2009-0590 CVE-2009-0591 CVE-2009-0789 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 CVE-2010-0740 CVE-2010-0742 CVE-2010-1633 CVE-2010-2939 CVE-2010-3864 CVE-2010-5298 CVE-2011-0014 CVE-2011-3207 CVE-2011-3210 CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 CVE-2012-0027 CVE-2012-0050 CVE-2012-0884 CVE-2012-1165 CVE-2012-2110 CVE-2012-2686 CVE-2012-4929 CVE-2013-0166 CVE-2013-0169 CVE-2013-4353 CVE-2013-6449 CVE-2013-6450 CVE-2014-0076 CVE-2014-0160 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 CVE-2014-3512 CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-5139 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0293 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 CVE-2015-3197 CVE-2015-3216 CVE-2015-4000 CVE-2016-0702 CVE-2016-0705 CVE-2016-0797 CVE-2016-0798 CVE-2016-0799 CVE-2016-0800 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2109 CVE-2016-2176 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 CVE-2016-7052 CVE-2016-7055 CVE-2017-3731 CVE-2017-3732 CVE-2017-3735 CVE-2017-3736 CVE-2017-3737 CVE-2017-3738 CVE-2018-0732 CVE-2018-0737 CVE-2018-0739 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libopenssl-1_1-devel-1.1.1-1.9 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2006-7250 CVE-2008-5077 CVE-2009-0590 CVE-2009-0591 CVE-2009-0789 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 CVE-2010-0740 CVE-2010-0742 CVE-2010-1633 CVE-2010-2939 CVE-2010-3864 CVE-2010-5298 CVE-2011-0014 CVE-2011-3207 CVE-2011-3210 CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 CVE-2012-0027 CVE-2012-0050 CVE-2012-0884 CVE-2012-1165 CVE-2012-2110 CVE-2012-2686 CVE-2012-4929 CVE-2013-0166 CVE-2013-0169 CVE-2013-4353 CVE-2013-6449 CVE-2013-6450 CVE-2014-0076 CVE-2014-0160 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 CVE-2014-3512 CVE-2014-3513 CVE-2014-3567 CVE-2014-3568 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-5139 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0293 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-1793 CVE-2015-1794 CVE-2015-3193 CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 CVE-2015-3197 CVE-2016-0701 CVE-2016-0702 CVE-2016-0705 CVE-2016-0797 CVE-2016-0798 CVE-2016-0800 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2109 CVE-2016-2176 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 CVE-2016-7052 CVE-2016-7055 CVE-2016-7056 CVE-2017-3731 CVE-2017-3732 CVE-2017-3735 CVE-2017-3736 CVE-2017-3738 CVE-2018-0732 CVE-2018-0737 CVE-2018-0739 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libopenssl-devel-1.0.2p-1.13 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2006-7250 CVE-2008-5077 CVE-2009-0590 CVE-2009-0591 CVE-2009-0789 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 CVE-2010-0740 CVE-2010-0742 CVE-2010-1633 CVE-2010-2939 CVE-2010-3864 CVE-2010-5298 CVE-2011-0014 CVE-2011-3207 CVE-2011-3210 CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 CVE-2012-0027 CVE-2012-0050 CVE-2012-0884 CVE-2012-1165 CVE-2012-2110 CVE-2012-2686 CVE-2012-4929 CVE-2013-0166 CVE-2013-0169 CVE-2013-4353 CVE-2013-6449 CVE-2013-6450 CVE-2014-0076 CVE-2014-0160 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 CVE-2014-3512 CVE-2014-3513 CVE-2014-3567 CVE-2014-3568 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-5139 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0293 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-1793 CVE-2015-1794 CVE-2015-3193 CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 CVE-2015-3197 CVE-2016-0701 CVE-2016-0702 CVE-2016-0705 CVE-2016-0797 CVE-2016-0798 CVE-2016-0800 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2109 CVE-2016-2176 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 CVE-2016-7052 CVE-2016-7055 CVE-2016-7056 CVE-2017-3731 CVE-2017-3732 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libopus-devel-1.1-3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2017-0381 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libosip2-3.5.0-20.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2016-10324 CVE-2016-10325 CVE-2016-10326 CVE-2017-7853 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libotr-devel-4.0.0-9.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2016-2851 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libpacemaker-devel-1.1.19+20180928.0d2680780-1.8 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2010-2496 CVE-2015-1867 CVE-2016-7035 CVE-2016-7797 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libpcp-devel-3.11.9-6.7.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2012-3418 CVE-2012-3419 CVE-2012-3420 CVE-2012-3421 CVE-2012-5530 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libpcrecpp0-8.39-8.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2014-8964 CVE-2015-2325 CVE-2015-2327 CVE-2015-2328 CVE-2015-3210 CVE-2015-3217 CVE-2015-5073 CVE-2015-8380 CVE-2016-1283 CVE-2016-3191 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libpcscspy0-1.8.10-7.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2010-0407 CVE-2010-4531 CVE-2016-10109 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libplist++-devel-1.12-20.3.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2017-5209 CVE-2017-5545 CVE-2017-5834 CVE-2017-5835 CVE-2017-5836 CVE-2017-6435 CVE-2017-6436 CVE-2017-6437 CVE-2017-6438 CVE-2017-6439 CVE-2017-6440 CVE-2017-7982 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libpng12-compat-devel-1.2.50-19.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2010-1205 CVE-2011-2501 CVE-2011-3026 CVE-2011-3045 CVE-2011-3048 CVE-2012-3386 CVE-2013-7353 CVE-2013-7354 CVE-2015-7981 CVE-2015-8126 CVE-2015-8540 CVE-2016-10087 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libpng16-compat-devel-1.6.8-14.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2010-1205 CVE-2011-2501 CVE-2011-2690 CVE-2011-2691 CVE-2011-2692 CVE-2011-3328 CVE-2013-6954 CVE-2014-0333 CVE-2014-9495 CVE-2015-0973 CVE-2015-8126 CVE-2016-10087 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libpodofo-devel-0.9.2-3.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2017-5852 CVE-2017-5853 CVE-2017-5854 CVE-2017-5855 CVE-2017-5886 CVE-2017-6840 CVE-2017-6844 CVE-2017-6847 CVE-2017-7378 CVE-2017-7379 CVE-2017-7380 CVE-2017-7994 CVE-2017-8054 CVE-2017-8787 CVE-2018-5308 CVE-2018-8001 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libpoppler-cpp0-0.43.0-16.15.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 CVE-2009-1187 CVE-2009-1188 CVE-2009-3607 CVE-2009-3608 CVE-2013-1788 CVE-2013-1789 CVE-2013-1790 CVE-2013-4473 CVE-2013-4474 CVE-2017-1000456 CVE-2017-14517 CVE-2017-14518 CVE-2017-14520 CVE-2017-14617 CVE-2017-14928 CVE-2017-14975 CVE-2017-14976 CVE-2017-14977 CVE-2017-15565 CVE-2017-7511 CVE-2017-7515 CVE-2017-9406 CVE-2017-9408 CVE-2017-9775 CVE-2017-9776 CVE-2017-9865 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libpoppler44-0.24.4-14.13.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 CVE-2009-1187 CVE-2009-1188 CVE-2009-3607 CVE-2009-3608 CVE-2013-1788 CVE-2013-1789 CVE-2013-1790 CVE-2013-4473 CVE-2013-4474 CVE-2015-8868 CVE-2017-14517 CVE-2017-14518 CVE-2017-14520 CVE-2017-14977 CVE-2017-9406 CVE-2017-9408 CVE-2017-9775 CVE-2017-9776 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libproxy-devel-0.4.13-16.3 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2012-4504 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libptexenc1-1.3.2dev-22.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2018-17407 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libpulse-devel-5.0-4.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2014-3970 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libqt4-devel-4.8.7-8.8.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2009-0945 CVE-2011-3193 CVE-2011-3922 CVE-2012-4929 CVE-2012-6093 CVE-2013-0254 CVE-2013-4549 CVE-2014-0190 CVE-2015-0295 CVE-2015-1858 CVE-2015-1859 CVE-2015-1860 CVE-2016-10040 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libquicktime-devel-1.2.4-14.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2016-2399 CVE-2017-9122 CVE-2017-9123 CVE-2017-9124 CVE-2017-9125 CVE-2017-9126 CVE-2017-9127 CVE-2017-9128 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libraptor-devel-2.0.10-3.63 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2012-0037 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libraw-devel-0.15.4-21.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-2126 CVE-2013-2127 CVE-2015-3885 CVE-2015-8367 CVE-2017-13735 CVE-2017-14608 CVE-2017-16909 CVE-2017-6886 CVE-2017-6887 CVE-2017-6890 CVE-2017-6899 CVE-2018-5800 CVE-2018-5801 CVE-2018-5802 CVE-2018-5810 CVE-2018-5813 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the librelp-devel-1.2.12-3.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2018-1000140 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libreoffice-sdk-5.4.5.1-43.19.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2010-2935 CVE-2010-2936 CVE-2014-0247 CVE-2014-3524 CVE-2014-3575 CVE-2014-3693 CVE-2014-8146 CVE-2014-8147 CVE-2014-9093 CVE-2015-4551 CVE-2015-5212 CVE-2015-5213 CVE-2015-5214 CVE-2016-0794 CVE-2016-0795 CVE-2016-10327 CVE-2016-4324 CVE-2017-3157 CVE-2017-7870 CVE-2017-7882 CVE-2017-8358 CVE-2018-1055 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libreoffice-sdk-6.0.5.2-43.38.5 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2010-2935 CVE-2010-2936 CVE-2014-0247 CVE-2014-3524 CVE-2014-3575 CVE-2014-3693 CVE-2014-8146 CVE-2014-8147 CVE-2014-9093 CVE-2015-4551 CVE-2015-5212 CVE-2015-5213 CVE-2015-5214 CVE-2016-0794 CVE-2016-0795 CVE-2016-10327 CVE-2016-4324 CVE-2017-3157 CVE-2017-7870 CVE-2017-7882 CVE-2017-8358 CVE-2018-10119 CVE-2018-10120 CVE-2018-1055 CVE-2018-10583 CVE-2018-6871 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the librsvg-devel-2.40.20-5.6.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2011-3146 CVE-2013-1881 CVE-2017-11464 CVE-2018-1000041 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libsaml-devel-2.5.5-3.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2017-16853 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libserf-1-1-1.3.7-1.37 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2014-3504 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libsilc-1_1-2-1.1.10-24.115 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2008-1227 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libsmi-devel-0.4.8-18.55 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2010-2891 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libsndfile-devel-1.0.25-36.16.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2009-0186 CVE-2011-2696 CVE-2014-9496 CVE-2014-9756 CVE-2015-7805 CVE-2015-8075 CVE-2017-14245 CVE-2017-14246 CVE-2017-14634 CVE-2017-16942 CVE-2017-17456 CVE-2017-17457 CVE-2017-6892 CVE-2017-7585 CVE-2017-7586 CVE-2017-7741 CVE-2017-7742 CVE-2017-8361 CVE-2017-8362 CVE-2017-8363 CVE-2017-8365 CVE-2018-13139 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libsoup-devel-2.62.2-5.7.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2011-2054 CVE-2017-2885 CVE-2018-12910 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libspice-server-devel-0.12.8-6.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-4282 CVE-2015-3247 CVE-2015-5260 CVE-2015-5261 CVE-2016-0749 CVE-2016-2150 CVE-2016-9577 CVE-2016-9578 CVE-2017-7506 CVE-2018-10873 CVE-2018-10893 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libsrtp-devel-1.5.2-3.2.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-2139 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libssh-devel-0.6.3-12.6.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2012-4559 CVE-2012-4560 CVE-2012-4561 CVE-2013-0176 CVE-2014-0017 CVE-2014-8132 CVE-2015-3146 CVE-2016-0739 CVE-2018-10933 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libssh2-devel-1.4.3-19.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2015-1782 CVE-2016-0787 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libsvn_auth_gnome_keyring-1-0-1.8.19-25.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2009-2411 CVE-2010-3315 CVE-2010-4539 CVE-2010-4644 CVE-2011-0715 CVE-2011-1752 CVE-2011-1783 CVE-2011-1921 CVE-2013-1845 CVE-2013-1846 CVE-2013-1847 CVE-2013-1849 CVE-2013-1884 CVE-2013-1968 CVE-2013-2088 CVE-2013-2112 CVE-2013-4131 CVE-2013-4246 CVE-2013-4262 CVE-2013-4277 CVE-2013-4505 CVE-2013-4558 CVE-2014-0032 CVE-2014-3522 CVE-2014-3528 CVE-2014-3580 CVE-2014-8108 CVE-2015-0202 CVE-2015-0248 CVE-2015-0251 CVE-2015-3184 CVE-2015-3187 CVE-2015-5343 CVE-2016-2167 CVE-2016-2168 CVE-2016-8734 CVE-2017-9800 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libsvn_auth_kwallet-1-0-1.8.10-24.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2009-2411 CVE-2010-3315 CVE-2010-4539 CVE-2010-4644 CVE-2011-0715 CVE-2011-1752 CVE-2011-1783 CVE-2011-1921 CVE-2013-1845 CVE-2013-1846 CVE-2013-1847 CVE-2013-1849 CVE-2013-1884 CVE-2013-1968 CVE-2013-2088 CVE-2013-2112 CVE-2013-4131 CVE-2013-4246 CVE-2013-4262 CVE-2013-4277 CVE-2013-4505 CVE-2013-4558 CVE-2014-0032 CVE-2014-3522 CVE-2014-3528 CVE-2014-3580 CVE-2014-8108 CVE-2015-0202 CVE-2015-0248 CVE-2015-0251 CVE-2015-3184 CVE-2015-3187 CVE-2015-5343 CVE-2016-2167 CVE-2016-2168 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libtag-devel-1.9.1-1.218 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2012-2396 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libtasn1-devel-4.9-3.5.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2014-3467 CVE-2014-3468 CVE-2014-3469 CVE-2015-2806 CVE-2015-3622 CVE-2016-4008 CVE-2018-6003 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libtcnative-1-0-devel-1.2.17-1.12 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2015-4000 CVE-2017-15698 CVE-2018-8019 CVE-2018-8020 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libtidy-0_99-0-1.0.20100204cvs-25.3 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2015-5522 CVE-2015-5523 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libtiff-devel-4.0.9-44.24.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2009-2285 CVE-2009-2347 CVE-2010-2065 CVE-2010-2067 CVE-2010-2233 CVE-2010-4665 CVE-2011-0192 CVE-2011-1167 CVE-2012-1173 CVE-2012-2113 CVE-2012-3401 CVE-2012-4564 CVE-2013-1960 CVE-2013-1961 CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130 CVE-2014-9655 CVE-2015-1547 CVE-2015-7554 CVE-2015-8665 CVE-2015-8683 CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2016-10095 CVE-2016-10266 CVE-2016-10267 CVE-2016-10268 CVE-2016-10269 CVE-2016-10270 CVE-2016-10271 CVE-2016-10272 CVE-2016-10371 CVE-2016-3186 CVE-2016-3622 CVE-2016-3623 CVE-2016-3632 CVE-2016-3658 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5314 CVE-2016-5316 CVE-2016-5317 CVE-2016-5318 CVE-2016-5319 CVE-2016-5320 CVE-2016-5321 CVE-2016-5323 CVE-2016-5652 CVE-2016-5875 CVE-2016-8331 CVE-2016-9273 CVE-2016-9297 CVE-2016-9448 CVE-2016-9453 CVE-2016-9538 CVE-2017-11613 CVE-2017-16232 CVE-2017-17942 CVE-2017-17973 CVE-2017-18013 CVE-2017-5225 CVE-2017-7592 CVE-2017-7593 CVE-2017-7594 CVE-2017-7595 CVE-2017-7596 CVE-2017-7597 CVE-2017-7598 CVE-2017-7599 CVE-2017-7600 CVE-2017-7601 CVE-2017-7602 CVE-2017-9403 CVE-2017-9404 CVE-2017-9935 CVE-2017-9936 CVE-2018-10779 CVE-2018-10963 CVE-2018-16335 CVE-2018-17100 CVE-2018-17101 CVE-2018-17795 CVE-2018-5784 CVE-2018-7456 CVE-2018-8905 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libtirpc-devel-1.0.1-17.6.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2017-8779 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libtool-2.4.2-17.4.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2009-3736 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libudev-devel-228-150.49.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2012-1174 CVE-2013-4288 CVE-2016-10156 CVE-2016-7795 CVE-2017-15908 CVE-2017-18078 CVE-2017-9217 CVE-2017-9445 CVE-2018-1049 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libunrar-devel-5.0.14-3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2012-6706 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libusbmuxd-devel-1.0.10-2.3 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2016-5104 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libvdpau-devel-1.1.1-6.73 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2015-5198 CVE-2015-5199 CVE-2015-5200 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libvirt-devel-4.0.0-6.13 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2010-2242 CVE-2011-1146 CVE-2011-2511 CVE-2011-4600 CVE-2012-3445 CVE-2013-0170 CVE-2013-1962 CVE-2013-2218 CVE-2013-2230 CVE-2013-4153 CVE-2013-4154 CVE-2013-4239 CVE-2013-4296 CVE-2013-4297 CVE-2013-4311 CVE-2013-4399 CVE-2013-4400 CVE-2013-4401 CVE-2013-6436 CVE-2013-6456 CVE-2013-6457 CVE-2013-6458 CVE-2014-0028 CVE-2014-0179 CVE-2014-1447 CVE-2014-3633 CVE-2014-3657 CVE-2014-7823 CVE-2014-8131 CVE-2015-0236 CVE-2015-5247 CVE-2015-5313 CVE-2017-1000256 CVE-2017-2635 CVE-2017-5715 CVE-2018-1064 CVE-2018-3639 CVE-2018-5748 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libvorbis-devel-1.3.3-10.14.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2008-1420 CVE-2009-3379 CVE-2012-0444 CVE-2017-14160 CVE-2017-14632 CVE-2017-14633 CVE-2018-10392 CVE-2018-10393 CVE-2018-5146 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libvpx-devel-1.3.0-3.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2017-13194 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libwmf-0_2-7-0.2.8.4-242.3 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2015-0848 CVE-2015-4588 CVE-2015-4695 CVE-2015-4696 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libwpd-0_10-10-0.10.2-2.4.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2017-14226 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libxcb-composite0-1.10-4.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-2064 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libxerces-c-devel-3.1.1-12.3 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2009-1885 CVE-2015-0252 CVE-2016-0729 CVE-2016-2099 CVE-2016-4463 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libxml2-devel-2.9.4-46.15.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2008-4225 CVE-2008-4226 CVE-2008-4409 CVE-2010-4494 CVE-2011-1944 CVE-2012-5134 CVE-2013-0338 CVE-2013-1969 CVE-2014-0191 CVE-2014-3660 CVE-2015-1819 CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942 CVE-2015-8035 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317 CVE-2015-8710 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-3627 CVE-2016-3705 CVE-2016-4483 CVE-2016-4658 CVE-2016-5131 CVE-2016-9318 CVE-2016-9597 CVE-2017-0663 CVE-2017-15412 CVE-2017-18258 CVE-2017-5130 CVE-2017-5969 CVE-2017-7375 CVE-2017-7376 CVE-2017-8872 CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050 CVE-2018-14404 CVE-2018-14567 CVE-2018-9251 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libxmltooling-devel-1.5.6-3.6.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2018-0486 CVE-2018-0489 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libxslt-devel-1.1.28-16.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2015-7995 CVE-2015-9019 CVE-2016-4738 CVE-2017-5029 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libyaml-devel-0.1.6-7.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-6393 CVE-2014-2525 CVE-2014-9130 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libzip-devel-0.11.1-13.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2011-0421 CVE-2012-1162 CVE-2012-1163 CVE-2015-2331 CVE-2017-14107 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libzmq3-4.0.4-14.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2014-7202 CVE-2014-7203 CVE-2014-9721 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libzypp-devel-16.19.0-2.36.3 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2017-7435 CVE-2017-7436 CVE-2017-9269 CVE-2018-7685 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the libzzip-0-13-0.13.67-10.14.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2017-5974 CVE-2017-5975 CVE-2017-5976 CVE-2017-5977 CVE-2017-5978 CVE-2017-5979 CVE-2017-5981 CVE-2018-17828 CVE-2018-6381 CVE-2018-6484 CVE-2018-6540 CVE-2018-6542 CVE-2018-7725 CVE-2018-7726 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the lua-devel-5.2.4-6.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2014-5461 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the memcached-devel-1.4.39-4.6.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2009-1494 CVE-2011-4971 CVE-2013-0179 CVE-2013-7239 CVE-2013-7290 CVE-2013-7291 CVE-2016-8704 CVE-2016-8705 CVE-2016-8706 CVE-2017-9951 CVE-2018-1000115 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the mercurial-2.8.2-15.13.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2014-9462 CVE-2016-3068 CVE-2016-3069 CVE-2016-3105 CVE-2016-3630 CVE-2017-1000115 CVE-2017-1000116 CVE-2017-17458 CVE-2017-9462 CVE-2018-1000132 CVE-2018-13346 CVE-2018-13347 CVE-2018-13348 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the mozilla-nspr-devel-4.13.1-18.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2014-1545 CVE-2015-7183 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the mozilla-nss-devel-3.29.5-58.12.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2010-3170 CVE-2011-3389 CVE-2011-3640 CVE-2013-0743 CVE-2013-0791 CVE-2013-1620 CVE-2013-1739 CVE-2013-1740 CVE-2013-5605 CVE-2014-1492 CVE-2014-1568 CVE-2014-1569 CVE-2015-4000 CVE-2015-7181 CVE-2015-7182 CVE-2015-7575 CVE-2016-1938 CVE-2016-1950 CVE-2016-1978 CVE-2016-1979 CVE-2016-2834 CVE-2016-5285 CVE-2016-8635 CVE-2016-9074 CVE-2016-9574 CVE-2017-7805 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the mpfr-devel-3.1.2-7.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2014-9474 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the mysql-connector-java-5.1.42-5.4.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2015-2575 CVE-2017-3523 CVE-2017-3586 CVE-2017-3589 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the nasm-2.10.09-4.5.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2017-10686 CVE-2017-11111 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the nautilus-devel-3.20.3-23.6.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2017-14604 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the ncurses-devel-5.9-58.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2017-10684 CVE-2017-10685 CVE-2017-11112 CVE-2017-11113 CVE-2017-13728 CVE-2017-13729 CVE-2017-13730 CVE-2017-13731 CVE-2017-13732 CVE-2017-13733 CVE-2017-13734 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the net-snmp-devel-5.7.3-6.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2012-2141 CVE-2014-2284 CVE-2014-2285 CVE-2014-3565 CVE-2015-5621 CVE-2018-18065 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the nut-cgi-2.7.1-1.30 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2012-2944 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the obs-service-source_validator-0.7-9.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2017-9274 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the ocaml-4.03.0-8.6.8 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2015-8869 CVE-2018-9838 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the openexr-devel-2.1.0-6.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2009-1720 CVE-2009-1721 CVE-2017-12596 CVE-2017-9110 CVE-2017-9114 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the openldap2-back-perl-2.4.41-18.40.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2015-1545 CVE-2015-1546 CVE-2015-6908 CVE-2017-9287 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the openslp-devel-2.0.0-18.17.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2010-3609 CVE-2016-4912 CVE-2016-6354 CVE-2016-7567 CVE-2017-17833 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the osc-0.162.1-15.6.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2012-1095 CVE-2015-0778 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the pam-devel-1.1.8-24.14.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2010-3430 CVE-2010-3431 CVE-2010-3853 CVE-2011-3148 CVE-2011-3149 CVE-2014-2583 CVE-2015-3238 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the pango-devel-1.40.1-9.5 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2011-0020 CVE-2011-0064 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the perl-Tk-devel-804.031-3.76 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2006-4484 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the php5-devel-5.5.14-109.41.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2006-7243 CVE-2010-2225 CVE-2010-2950 CVE-2010-3436 CVE-2010-3709 CVE-2010-3710 CVE-2010-4150 CVE-2010-4645 CVE-2011-0420 CVE-2011-0421 CVE-2011-0708 CVE-2011-1092 CVE-2011-1153 CVE-2011-1466 CVE-2011-2202 CVE-2011-3379 CVE-2011-4153 CVE-2011-4566 CVE-2011-4718 CVE-2011-4885 CVE-2012-0830 CVE-2012-1823 CVE-2012-2311 CVE-2012-2335 CVE-2012-2336 CVE-2012-2688 CVE-2012-3365 CVE-2013-1635 CVE-2013-1643 CVE-2013-1824 CVE-2013-4113 CVE-2013-4248 CVE-2013-6420 CVE-2013-6712 CVE-2013-7327 CVE-2013-7345 CVE-2013-7456 CVE-2014-0185 CVE-2014-0237 CVE-2014-0238 CVE-2014-1943 CVE-2014-2270 CVE-2014-2497 CVE-2014-3587 CVE-2014-3597 CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 CVE-2014-4049 CVE-2014-4670 CVE-2014-4698 CVE-2014-5120 CVE-2014-5459 CVE-2014-8142 CVE-2014-9427 CVE-2014-9652 CVE-2014-9705 CVE-2014-9709 CVE-2014-9767 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-2301 CVE-2015-2305 CVE-2015-2348 CVE-2015-2783 CVE-2015-2787 CVE-2015-3329 CVE-2015-3330 CVE-2015-3411 CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4026 CVE-2015-4116 CVE-2015-4148 CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 CVE-2015-4643 CVE-2015-4644 CVE-2015-5589 CVE-2015-5590 CVE-2015-6831 CVE-2015-6832 CVE-2015-6833 CVE-2015-6834 CVE-2015-6835 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838 CVE-2015-7803 CVE-2015-8835 CVE-2015-8838 CVE-2015-8866 CVE-2015-8867 CVE-2015-8873 CVE-2015-8874 CVE-2015-8876 CVE-2015-8877 CVE-2015-8879 CVE-2015-8935 CVE-2015-8994 CVE-2016-10158 CVE-2016-10159 CVE-2016-10160 CVE-2016-10161 CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-10397 CVE-2016-10712 CVE-2016-1903 CVE-2016-2554 CVE-2016-3141 CVE-2016-3142 CVE-2016-3185 CVE-2016-3587 CVE-2016-4070 CVE-2016-4071 CVE-2016-4073 CVE-2016-4342 CVE-2016-4346 CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 CVE-2016-5093 CVE-2016-5094 CVE-2016-5095 CVE-2016-5096 CVE-2016-5385 CVE-2016-5399 CVE-2016-5766 CVE-2016-5767 CVE-2016-5768 CVE-2016-5769 CVE-2016-5770 CVE-2016-5771 CVE-2016-5772 CVE-2016-5773 CVE-2016-6128 CVE-2016-6161 CVE-2016-6207 CVE-2016-6288 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6292 CVE-2016-6294 CVE-2016-6295 CVE-2016-6296 CVE-2016-6297 CVE-2016-6911 CVE-2016-7124 CVE-2016-7125 CVE-2016-7126 CVE-2016-7127 CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 CVE-2016-7132 CVE-2016-7134 CVE-2016-7411 CVE-2016-7412 CVE-2016-7413 CVE-2016-7414 CVE-2016-7416 CVE-2016-7417 CVE-2016-7418 CVE-2016-7478 CVE-2016-7568 CVE-2016-8670 CVE-2016-9137 CVE-2016-9933 CVE-2016-9934 CVE-2016-9935 CVE-2017-11143 CVE-2017-11144 CVE-2017-11145 CVE-2017-11146 CVE-2017-11147 CVE-2017-11628 CVE-2017-12933 CVE-2017-16642 CVE-2017-4025 CVE-2017-7272 CVE-2017-7890 CVE-2017-9118 CVE-2017-9224 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 CVE-2018-10360 CVE-2018-10545 CVE-2018-10546 CVE-2018-10547 CVE-2018-10548 CVE-2018-12882 CVE-2018-14851 CVE-2018-17082 CVE-2018-5711 CVE-2018-5712 CVE-2018-7584 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the php7-devel-7.0.7-50.52.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2006-7243 CVE-2010-2225 CVE-2010-2950 CVE-2010-3436 CVE-2010-3709 CVE-2010-3710 CVE-2010-4150 CVE-2010-4645 CVE-2011-0420 CVE-2011-0421 CVE-2011-0708 CVE-2011-1092 CVE-2011-1153 CVE-2011-1466 CVE-2011-2202 CVE-2011-3379 CVE-2011-4153 CVE-2011-4566 CVE-2011-4718 CVE-2011-4885 CVE-2012-0830 CVE-2012-1823 CVE-2012-2311 CVE-2012-2335 CVE-2012-2336 CVE-2012-2688 CVE-2012-3365 CVE-2013-1635 CVE-2013-1643 CVE-2013-1824 CVE-2013-4113 CVE-2013-4248 CVE-2013-6420 CVE-2013-6712 CVE-2013-7327 CVE-2013-7345 CVE-2014-0185 CVE-2014-0237 CVE-2014-0238 CVE-2014-1943 CVE-2014-2270 CVE-2014-2497 CVE-2014-3538 CVE-2014-3587 CVE-2014-3597 CVE-2014-3622 CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 CVE-2014-4049 CVE-2014-4670 CVE-2014-4698 CVE-2014-5120 CVE-2014-5459 CVE-2014-9426 CVE-2014-9427 CVE-2015-0231 CVE-2015-0232 CVE-2015-0235 CVE-2015-0273 CVE-2015-1351 CVE-2015-1352 CVE-2015-2305 CVE-2015-2325 CVE-2015-2326 CVE-2015-2331 CVE-2015-3152 CVE-2015-3414 CVE-2015-3415 CVE-2015-3416 CVE-2015-8994 CVE-2016-10158 CVE-2016-10159 CVE-2016-10160 CVE-2016-10161 CVE-2016-10162 CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-10397 CVE-2016-4473 CVE-2016-5385 CVE-2016-5399 CVE-2016-5766 CVE-2016-5769 CVE-2016-5770 CVE-2016-5772 CVE-2016-5773 CVE-2016-6128 CVE-2016-6161 CVE-2016-6207 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6292 CVE-2016-6294 CVE-2016-6295 CVE-2016-6296 CVE-2016-6297 CVE-2016-6911 CVE-2016-7124 CVE-2016-7125 CVE-2016-7126 CVE-2016-7127 CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 CVE-2016-7132 CVE-2016-7133 CVE-2016-7134 CVE-2016-7412 CVE-2016-7413 CVE-2016-7414 CVE-2016-7416 CVE-2016-7417 CVE-2016-7418 CVE-2016-7478 CVE-2016-7479 CVE-2016-7480 CVE-2016-7568 CVE-2016-8670 CVE-2016-9137 CVE-2016-9138 CVE-2016-9933 CVE-2016-9934 CVE-2016-9935 CVE-2016-9936 CVE-2017-11142 CVE-2017-11144 CVE-2017-11145 CVE-2017-11146 CVE-2017-11147 CVE-2017-11628 CVE-2017-12932 CVE-2017-12933 CVE-2017-12934 CVE-2017-16642 CVE-2017-5340 CVE-2017-6441 CVE-2017-7272 CVE-2017-7890 CVE-2017-9118 CVE-2017-9120 CVE-2017-9224 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 CVE-2018-10545 CVE-2018-10546 CVE-2018-10547 CVE-2018-10548 CVE-2018-12882 CVE-2018-14851 CVE-2018-17082 CVE-2018-5711 CVE-2018-5712 CVE-2018-7584 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the polkit-devel-0.113-5.12.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2010-0750 CVE-2011-1485 CVE-2013-4288 CVE-2015-3218 CVE-2015-3255 CVE-2015-3256 CVE-2015-4625 CVE-2018-1116 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the postgresql10-devel-10.5-1.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2007-4772 CVE-2007-6600 CVE-2009-4034 CVE-2009-4136 CVE-2010-1169 CVE-2010-1170 CVE-2010-3433 CVE-2012-0866 CVE-2012-0867 CVE-2012-0868 CVE-2012-2143 CVE-2012-2655 CVE-2012-3488 CVE-2012-3489 CVE-2013-0255 CVE-2013-1899 CVE-2013-1900 CVE-2013-1901 CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 CVE-2014-0067 CVE-2015-3165 CVE-2015-3166 CVE-2015-3167 CVE-2015-5288 CVE-2015-5289 CVE-2016-0766 CVE-2016-0773 CVE-2016-2193 CVE-2016-3065 CVE-2017-15098 CVE-2017-15099 CVE-2017-7484 CVE-2017-7485 CVE-2017-7486 CVE-2017-7546 CVE-2017-7547 CVE-2017-7548 CVE-2018-1053 CVE-2018-1058 CVE-2018-10915 CVE-2018-10925 CVE-2018-1115 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the ppp-devel-2.4.7-3.4 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2014-3158 CVE-2015-3310 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the procps-devel-3.3.9-11.14.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the python-devel-2.7.13-28.11.2 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2011-1521 CVE-2011-3389 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 CVE-2013-1752 CVE-2013-1753 CVE-2013-4238 CVE-2014-1912 CVE-2014-4650 CVE-2014-7185 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 CVE-2017-1000158 CVE-2017-18207 CVE-2018-1000030 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the python3-dbm-3.4.6-25.16.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-4238 CVE-2014-4650 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 CVE-2017-18207 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the python3-devel-3.4.6-25.16.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2011-3389 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 CVE-2013-1752 CVE-2013-4238 CVE-2014-2667 CVE-2014-4650 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 CVE-2017-18207 CVE-2018-1060 CVE-2018-1061 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the qpdf-devel-7.1.1-3.3.4 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2017-11624 CVE-2017-11625 CVE-2017-11626 CVE-2017-11627 CVE-2017-12595 CVE-2017-9208 CVE-2017-9209 CVE-2017-9210 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the quagga-devel-1.1.1-17.7.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2010-1674 CVE-2010-1675 CVE-2016-1245 CVE-2016-2342 CVE-2016-4049 CVE-2017-16227 CVE-2017-5495 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the rhythmbox-3.4-6.14 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2012-3355 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the rpm-devel-4.11.2-16.16.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-6435 CVE-2014-8118 CVE-2017-7500 CVE-2017-7501 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the rrdtool-devel-1.4.7-20.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-2131 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the ruby-devel-2.1-1.4 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2009-4492 CVE-2010-0541 CVE-2011-1004 CVE-2011-1005 CVE-2011-4815 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the ruby2.1-devel-2.1.9-18.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2014-3566 CVE-2014-4975 CVE-2014-8080 CVE-2014-8090 CVE-2015-1855 CVE-2015-3900 CVE-2015-7551 CVE-2016-2339 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the ruby2.1-rubygem-bundler-1.7.3-3.7 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2013-0334 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the ruby2.1-rubygem-yard-0.8.7.3-7.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2017-17042 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the sane-backends-devel-1.0.24-3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2017-6318 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the shibboleth-sp-devel-2.5.5-6.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2017-16852 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the slf4j-1.7.12-3.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2018-8088 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the soundtouch-1.7.1-5.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2018-1000223 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the spice-gtk-devel-0.33-3.6.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2012-4425 CVE-2017-12194 CVE-2018-10873 CVE-2018-10893 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the sqlite3-devel-3.8.10.2-8.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2016-6153 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the sudo-devel-1.8.20p2-3.7.10 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2010-1163 CVE-2010-1646 CVE-2011-0010 CVE-2012-2337 CVE-2013-1775 CVE-2013-1776 CVE-2014-9680 CVE-2016-7032 CVE-2016-7076 CVE-2017-1000367 CVE-2017-1000368 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the systemtap-sdt-devel-3.0-15.13 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2009-2911 CVE-2009-4273 CVE-2010-0411 CVE-2010-0412 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the typelib-1_0-WebKit2WebExtension-4_0-2.20.3-2.23.8 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2016-1856 CVE-2016-1857 CVE-2016-4590 CVE-2016-4591 CVE-2016-4622 CVE-2016-4624 CVE-2016-4692 CVE-2016-4743 CVE-2016-7586 CVE-2016-7587 CVE-2016-7589 CVE-2016-7592 CVE-2016-7598 CVE-2016-7599 CVE-2016-7610 CVE-2016-7623 CVE-2016-7632 CVE-2016-7635 CVE-2016-7639 CVE-2016-7641 CVE-2016-7645 CVE-2016-7652 CVE-2016-7654 CVE-2016-7656 CVE-2017-1000121 CVE-2017-1000122 CVE-2017-13788 CVE-2017-13798 CVE-2017-13803 CVE-2017-13856 CVE-2017-13866 CVE-2017-13870 CVE-2017-13884 CVE-2017-13885 CVE-2017-2350 CVE-2017-2354 CVE-2017-2355 CVE-2017-2356 CVE-2017-2362 CVE-2017-2363 CVE-2017-2364 CVE-2017-2365 CVE-2017-2366 CVE-2017-2369 CVE-2017-2371 CVE-2017-2373 CVE-2017-2496 CVE-2017-2510 CVE-2017-2538 CVE-2017-2539 CVE-2017-5715 CVE-2017-5753 CVE-2017-7006 CVE-2017-7011 CVE-2017-7012 CVE-2017-7018 CVE-2017-7019 CVE-2017-7020 CVE-2017-7030 CVE-2017-7034 CVE-2017-7037 CVE-2017-7038 CVE-2017-7039 CVE-2017-7040 CVE-2017-7041 CVE-2017-7042 CVE-2017-7043 CVE-2017-7046 CVE-2017-7048 CVE-2017-7049 CVE-2017-7052 CVE-2017-7055 CVE-2017-7056 CVE-2017-7059 CVE-2017-7061 CVE-2017-7064 CVE-2017-7081 CVE-2017-7087 CVE-2017-7089 CVE-2017-7090 CVE-2017-7091 CVE-2017-7092 CVE-2017-7093 CVE-2017-7094 CVE-2017-7095 CVE-2017-7096 CVE-2017-7098 CVE-2017-7099 CVE-2017-7100 CVE-2017-7102 CVE-2017-7104 CVE-2017-7107 CVE-2017-7109 CVE-2017-7111 CVE-2017-7117 CVE-2017-7120 CVE-2017-7142 CVE-2017-7153 CVE-2017-7156 CVE-2017-7157 CVE-2017-7160 CVE-2017-7161 CVE-2017-7165 CVE-2018-11646 CVE-2018-11712 CVE-2018-11713 CVE-2018-12911 CVE-2018-4088 CVE-2018-4096 CVE-2018-4101 CVE-2018-4113 CVE-2018-4114 CVE-2018-4117 CVE-2018-4118 CVE-2018-4119 CVE-2018-4120 CVE-2018-4121 CVE-2018-4122 CVE-2018-4125 CVE-2018-4127 CVE-2018-4128 CVE-2018-4129 CVE-2018-4133 CVE-2018-4146 CVE-2018-4161 CVE-2018-4162 CVE-2018-4163 CVE-2018-4165 CVE-2018-4190 CVE-2018-4199 CVE-2018-4200 CVE-2018-4204 CVE-2018-4218 CVE-2018-4222 CVE-2018-4232 CVE-2018-4233 CVE-2018-4246 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the udisks2-devel-2.1.3-1.13 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2014-0004 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the unixODBC-devel-2.3.6-7.9.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2011-1145 CVE-2018-7409 CVE-2018-7485 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the virglrenderer-devel-0.5.0-11.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2016-10163 CVE-2016-10214 CVE-2017-5580 CVE-2017-5937 CVE-2017-5956 CVE-2017-5957 CVE-2017-5993 CVE-2017-5994 CVE-2017-6209 CVE-2017-6210 CVE-2017-6317 CVE-2017-6355 CVE-2017-6386 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the vte2-devel-0.28.2-19.7 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2012-2738 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the wavpack-4.60.99-5.3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2016-10169 CVE-2016-10170 CVE-2016-10171 CVE-2016-10172 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the wireshark-devel-2.4.9-48.29.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2009-1210 CVE-2009-1267 CVE-2009-1268 CVE-2009-1269 CVE-2009-3241 CVE-2009-3242 CVE-2009-3243 CVE-2010-1455 CVE-2010-2993 CVE-2010-3445 CVE-2010-4300 CVE-2010-4301 CVE-2010-4538 CVE-2011-0024 CVE-2011-0538 CVE-2011-0713 CVE-2011-1138 CVE-2011-1139 CVE-2011-1140 CVE-2011-1143 CVE-2011-1590 CVE-2011-1591 CVE-2011-1592 CVE-2011-1957 CVE-2011-1958 CVE-2011-1959 CVE-2011-2174 CVE-2011-2175 CVE-2011-2597 CVE-2011-2698 CVE-2011-3266 CVE-2011-3360 CVE-2011-3483 CVE-2012-2392 CVE-2012-2393 CVE-2012-2394 CVE-2012-3548 CVE-2012-4048 CVE-2012-4049 CVE-2012-4285 CVE-2012-4286 CVE-2012-4287 CVE-2012-4288 CVE-2012-4289 CVE-2012-4290 CVE-2012-4291 CVE-2012-4292 CVE-2012-4293 CVE-2012-4294 CVE-2012-4295 CVE-2012-4296 CVE-2012-4297 CVE-2012-4298 CVE-2012-5237 CVE-2012-5238 CVE-2012-5239 CVE-2012-5240 CVE-2012-5592 CVE-2012-5593 CVE-2012-5594 CVE-2012-5595 CVE-2012-5596 CVE-2012-5597 CVE-2012-5598 CVE-2012-5599 CVE-2012-5600 CVE-2012-5601 CVE-2012-5602 CVE-2013-1572 CVE-2013-1573 CVE-2013-1574 CVE-2013-1575 CVE-2013-1576 CVE-2013-1577 CVE-2013-1578 CVE-2013-1579 CVE-2013-1580 CVE-2013-1581 CVE-2013-1582 CVE-2013-1583 CVE-2013-1584 CVE-2013-1585 CVE-2013-1586 CVE-2013-1587 CVE-2013-1588 CVE-2013-1589 CVE-2013-1590 CVE-2013-2475 CVE-2013-2476 CVE-2013-2477 CVE-2013-2478 CVE-2013-2479 CVE-2013-2480 CVE-2013-2481 CVE-2013-2482 CVE-2013-2483 CVE-2013-2484 CVE-2013-2485 CVE-2013-2486 CVE-2013-2487 CVE-2013-2488 CVE-2013-3555 CVE-2013-3556 CVE-2013-3557 CVE-2013-3558 CVE-2013-3559 CVE-2013-3560 CVE-2013-3561 CVE-2013-3562 CVE-2013-4083 CVE-2013-4920 CVE-2013-4921 CVE-2013-4922 CVE-2013-4923 CVE-2013-4924 CVE-2013-4925 CVE-2013-4926 CVE-2013-4927 CVE-2013-4928 CVE-2013-4929 CVE-2013-4930 CVE-2013-4931 CVE-2013-4932 CVE-2013-4933 CVE-2013-4934 CVE-2013-4935 CVE-2013-4936 CVE-2013-5717 CVE-2013-5718 CVE-2013-5719 CVE-2013-5720 CVE-2013-5721 CVE-2013-5722 CVE-2013-6336 CVE-2013-6337 CVE-2013-6338 CVE-2013-6339 CVE-2013-6340 CVE-2013-7112 CVE-2013-7113 CVE-2013-7114 CVE-2014-2281 CVE-2014-2282 CVE-2014-2283 CVE-2014-2299 CVE-2014-2907 CVE-2014-4020 CVE-2014-5161 CVE-2014-5162 CVE-2014-5163 CVE-2014-5164 CVE-2014-5165 CVE-2015-0559 CVE-2015-0560 CVE-2015-0561 CVE-2015-0562 CVE-2015-0563 CVE-2015-0564 CVE-2015-2188 CVE-2015-2189 CVE-2015-2191 CVE-2015-3811 CVE-2015-3812 CVE-2015-3813 CVE-2015-3814 CVE-2015-7830 CVE-2015-8711 CVE-2015-8712 CVE-2015-8713 CVE-2015-8714 CVE-2015-8715 CVE-2015-8716 CVE-2015-8717 CVE-2015-8718 CVE-2015-8719 CVE-2015-8720 CVE-2015-8721 CVE-2015-8722 CVE-2015-8723 CVE-2015-8724 CVE-2015-8725 CVE-2015-8726 CVE-2015-8727 CVE-2015-8728 CVE-2015-8729 CVE-2015-8730 CVE-2015-8731 CVE-2015-8732 CVE-2015-8733 CVE-2016-2523 CVE-2016-2530 CVE-2016-2531 CVE-2016-2532 CVE-2016-5350 CVE-2016-5351 CVE-2016-5352 CVE-2016-5353 CVE-2016-5354 CVE-2016-5355 CVE-2016-5356 CVE-2016-5357 CVE-2016-5358 CVE-2016-5359 CVE-2016-6354 CVE-2016-6504 CVE-2016-6505 CVE-2016-6506 CVE-2016-6507 CVE-2016-6508 CVE-2016-6509 CVE-2016-6510 CVE-2016-6511 CVE-2016-7175 CVE-2016-7176 CVE-2016-7177 CVE-2016-7178 CVE-2016-7179 CVE-2016-7180 CVE-2016-9373 CVE-2016-9374 CVE-2016-9375 CVE-2016-9376 CVE-2017-11406 CVE-2017-11407 CVE-2017-11408 CVE-2017-11410 CVE-2017-11411 CVE-2017-13765 CVE-2017-13766 CVE-2017-13767 CVE-2017-15191 CVE-2017-15192 CVE-2017-15193 CVE-2017-17083 CVE-2017-17084 CVE-2017-17085 CVE-2017-17935 CVE-2017-17997 CVE-2017-5596 CVE-2017-5597 CVE-2017-5753 CVE-2017-6014 CVE-2017-7700 CVE-2017-7701 CVE-2017-7702 CVE-2017-7703 CVE-2017-7704 CVE-2017-7705 CVE-2017-7745 CVE-2017-7746 CVE-2017-7747 CVE-2017-7748 CVE-2017-9343 CVE-2017-9344 CVE-2017-9345 CVE-2017-9346 CVE-2017-9347 CVE-2017-9348 CVE-2017-9349 CVE-2017-9350 CVE-2017-9351 CVE-2017-9352 CVE-2017-9353 CVE-2017-9354 CVE-2017-9617 CVE-2017-9766 CVE-2018-11354 CVE-2018-11355 CVE-2018-11356 CVE-2018-11357 CVE-2018-11358 CVE-2018-11359 CVE-2018-11360 CVE-2018-11361 CVE-2018-11362 CVE-2018-14339 CVE-2018-14340 CVE-2018-14341 CVE-2018-14342 CVE-2018-14343 CVE-2018-14344 CVE-2018-14367 CVE-2018-14368 CVE-2018-14369 CVE-2018-14370 CVE-2018-16056 CVE-2018-16057 CVE-2018-16058 CVE-2018-5334 CVE-2018-5335 CVE-2018-5336 CVE-2018-7320 CVE-2018-7321 CVE-2018-7322 CVE-2018-7323 CVE-2018-7324 CVE-2018-7325 CVE-2018-7326 CVE-2018-7327 CVE-2018-7328 CVE-2018-7329 CVE-2018-7330 CVE-2018-7331 CVE-2018-7332 CVE-2018-7333 CVE-2018-7334 CVE-2018-7335 CVE-2018-7336 CVE-2018-7337 CVE-2018-7417 CVE-2018-7418 CVE-2018-7419 CVE-2018-7420 CVE-2018-7421 CVE-2018-9256 CVE-2018-9259 CVE-2018-9260 CVE-2018-9261 CVE-2018-9262 CVE-2018-9263 CVE-2018-9264 CVE-2018-9265 CVE-2018-9266 CVE-2018-9267 CVE-2018-9268 CVE-2018-9269 CVE-2018-9270 CVE-2018-9271 CVE-2018-9272 CVE-2018-9273 CVE-2018-9274 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the xalan-j2-demo-2.7.0-264.133 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2014-0107 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the xen-devel-4.11.0_08-1.11 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2011-1898 CVE-2012-0029 CVE-2012-0217 CVE-2012-2625 CVE-2012-3432 CVE-2012-3433 CVE-2012-4411 CVE-2012-4535 CVE-2012-4536 CVE-2012-4537 CVE-2012-4538 CVE-2012-4539 CVE-2012-4544 CVE-2012-5510 CVE-2012-5511 CVE-2012-5513 CVE-2012-5514 CVE-2012-5515 CVE-2012-5525 CVE-2012-5634 CVE-2012-6075 CVE-2013-0151 CVE-2013-0152 CVE-2013-0153 CVE-2013-1442 CVE-2013-1917 CVE-2013-1918 CVE-2013-1919 CVE-2013-1922 CVE-2013-1952 CVE-2013-2007 CVE-2013-3495 CVE-2013-4355 CVE-2013-4356 CVE-2013-4361 CVE-2013-4375 CVE-2013-4416 CVE-2013-4494 CVE-2013-4533 CVE-2013-4534 CVE-2013-4537 CVE-2013-4538 CVE-2013-4539 CVE-2013-4540 CVE-2013-4551 CVE-2013-4553 CVE-2013-4554 CVE-2014-0222 CVE-2014-3124 CVE-2014-3640 CVE-2014-3672 CVE-2014-5146 CVE-2014-5149 CVE-2014-6268 CVE-2014-7154 CVE-2014-7155 CVE-2014-7156 CVE-2014-7188 CVE-2014-7815 CVE-2015-1779 CVE-2015-3259 CVE-2015-3340 CVE-2015-3456 CVE-2015-4037 CVE-2015-4103 CVE-2015-4104 CVE-2015-4105 CVE-2015-4106 CVE-2015-5154 CVE-2015-5239 CVE-2015-5278 CVE-2015-5307 CVE-2015-6815 CVE-2015-6855 CVE-2015-7311 CVE-2015-7504 CVE-2015-7512 CVE-2015-7549 CVE-2015-7835 CVE-2015-7969 CVE-2015-7970 CVE-2015-7971 CVE-2015-7972 CVE-2015-8104 CVE-2015-8339 CVE-2015-8340 CVE-2015-8341 CVE-2015-8345 CVE-2015-8504 CVE-2015-8550 CVE-2015-8554 CVE-2015-8555 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8615 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2016-10013 CVE-2016-10024 CVE-2016-10025 CVE-2016-1568 CVE-2016-1570 CVE-2016-1571 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2198 CVE-2016-2270 CVE-2016-2271 CVE-2016-2391 CVE-2016-2392 CVE-2016-2538 CVE-2016-2841 CVE-2016-4439 CVE-2016-4441 CVE-2016-5238 CVE-2016-5338 CVE-2016-6258 CVE-2016-6259 CVE-2016-6351 CVE-2016-7092 CVE-2016-7093 CVE-2016-7094 CVE-2016-7777 CVE-2016-7908 CVE-2016-7909 CVE-2016-8667 CVE-2016-8669 CVE-2016-8910 CVE-2016-9377 CVE-2016-9378 CVE-2016-9379 CVE-2016-9380 CVE-2016-9381 CVE-2016-9382 CVE-2016-9383 CVE-2016-9384 CVE-2016-9385 CVE-2016-9386 CVE-2016-9637 CVE-2016-9921 CVE-2016-9922 CVE-2016-9932 CVE-2017-10664 CVE-2017-11434 CVE-2017-12135 CVE-2017-12136 CVE-2017-12137 CVE-2017-12855 CVE-2017-14316 CVE-2017-14317 CVE-2017-14318 CVE-2017-14319 CVE-2017-15289 CVE-2017-15588 CVE-2017-15589 CVE-2017-15590 CVE-2017-15591 CVE-2017-15592 CVE-2017-15593 CVE-2017-15594 CVE-2017-15595 CVE-2017-15597 CVE-2017-17563 CVE-2017-17564 CVE-2017-17565 CVE-2017-17566 CVE-2017-18030 CVE-2017-2615 CVE-2017-2620 CVE-2017-5526 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2017-6505 CVE-2017-8309 CVE-2017-9330 CVE-2018-10471 CVE-2018-10472 CVE-2018-10981 CVE-2018-10982 CVE-2018-11806 CVE-2018-12891 CVE-2018-12892 CVE-2018-12893 CVE-2018-15469 CVE-2018-15470 CVE-2018-3639 CVE-2018-3646 CVE-2018-3665 CVE-2018-5683 CVE-2018-7540 CVE-2018-7541 CVE-2018-7542 CVE-2018-8897 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the xfig-3.2.5c-2.4 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2009-1962 CVE-2009-4227 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the xfsprogs-devel-4.15.0-1.12 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2012-2150 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the xorg-x11-devel-7.6-45.14 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2011-2895 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the xorg-x11-server-sdk-1.19.6-2.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2010-2240 CVE-2013-1940 CVE-2013-4396 CVE-2013-6424 CVE-2014-8091 CVE-2014-8092 CVE-2014-8093 CVE-2014-8094 CVE-2014-8095 CVE-2014-8096 CVE-2014-8097 CVE-2014-8098 CVE-2014-8099 CVE-2014-8100 CVE-2014-8101 CVE-2014-8102 CVE-2014-8103 CVE-2015-0255 CVE-2015-3164 CVE-2015-3418 CVE-2017-12176 CVE-2017-12183 CVE-2017-12187 CVE-2017-13721 CVE-2017-13723 CVE-2017-2624 CVE-2018-14665 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the yast2-core-devel-3.3.1-1.7 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2011-2483 CVE-2011-3177 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the yodl-3.03.0-3.1 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2016-10375 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 These are all security issues fixed in the zlib-devel-1.2.11-1.27 package on the GA media of SUSE Linux Enterprise Software Development Kit 12 SP4. Moderate CVE-2016-9843 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the ImageMagick-6.8.8.1-71.85.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2012-0247 CVE-2012-0248 CVE-2012-1185 CVE-2012-1186 CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716 CVE-2014-9805 CVE-2014-9806 CVE-2014-9807 CVE-2014-9808 CVE-2014-9809 CVE-2014-9810 CVE-2014-9811 CVE-2014-9812 CVE-2014-9813 CVE-2014-9814 CVE-2014-9815 CVE-2014-9816 CVE-2014-9817 CVE-2014-9818 CVE-2014-9819 CVE-2014-9820 CVE-2014-9821 CVE-2014-9822 CVE-2014-9823 CVE-2014-9824 CVE-2014-9825 CVE-2014-9826 CVE-2014-9828 CVE-2014-9829 CVE-2014-9830 CVE-2014-9831 CVE-2014-9832 CVE-2014-9833 CVE-2014-9834 CVE-2014-9835 CVE-2014-9836 CVE-2014-9837 CVE-2014-9838 CVE-2014-9839 CVE-2014-9840 CVE-2014-9841 CVE-2014-9842 CVE-2014-9843 CVE-2014-9844 CVE-2014-9845 CVE-2014-9846 CVE-2014-9847 CVE-2014-9848 CVE-2014-9849 CVE-2014-9850 CVE-2014-9851 CVE-2014-9852 CVE-2014-9853 CVE-2014-9854 CVE-2014-9907 CVE-2015-8894 CVE-2015-8895 CVE-2015-8896 CVE-2015-8897 CVE-2015-8898 CVE-2015-8900 CVE-2015-8901 CVE-2015-8902 CVE-2015-8903 CVE-2015-8957 CVE-2015-8958 CVE-2015-8959 CVE-2016-10046 CVE-2016-10048 CVE-2016-10049 CVE-2016-10050 CVE-2016-10051 CVE-2016-10052 CVE-2016-10059 CVE-2016-10060 CVE-2016-10061 CVE-2016-10062 CVE-2016-10063 CVE-2016-10064 CVE-2016-10065 CVE-2016-10068 CVE-2016-10069 CVE-2016-10070 CVE-2016-10071 CVE-2016-10144 CVE-2016-10145 CVE-2016-10146 CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 CVE-2016-4562 CVE-2016-4563 CVE-2016-4564 CVE-2016-5010 CVE-2016-5118 CVE-2016-5687 CVE-2016-5688 CVE-2016-5689 CVE-2016-5690 CVE-2016-5691 CVE-2016-5841 CVE-2016-5842 CVE-2016-6491 CVE-2016-6520 CVE-2016-6823 CVE-2016-7101 CVE-2016-7513 CVE-2016-7514 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7520 CVE-2016-7521 CVE-2016-7522 CVE-2016-7523 CVE-2016-7524 CVE-2016-7525 CVE-2016-7526 CVE-2016-7527 CVE-2016-7528 CVE-2016-7529 CVE-2016-7530 CVE-2016-7531 CVE-2016-7532 CVE-2016-7533 CVE-2016-7534 CVE-2016-7535 CVE-2016-7537 CVE-2016-7538 CVE-2016-7539 CVE-2016-7540 CVE-2016-7799 CVE-2016-7800 CVE-2016-7996 CVE-2016-7997 CVE-2016-8677 CVE-2016-8682 CVE-2016-8683 CVE-2016-8684 CVE-2016-8707 CVE-2016-8862 CVE-2016-8866 CVE-2016-9556 CVE-2016-9559 CVE-2016-9773 CVE-2017-1000445 CVE-2017-1000476 CVE-2017-10800 CVE-2017-10928 CVE-2017-10995 CVE-2017-11141 CVE-2017-11166 CVE-2017-11170 CVE-2017-11188 CVE-2017-11403 CVE-2017-11446 CVE-2017-11448 CVE-2017-11449 CVE-2017-11450 CVE-2017-11478 CVE-2017-11505 CVE-2017-11523 CVE-2017-11524 CVE-2017-11525 CVE-2017-11526 CVE-2017-11527 CVE-2017-11528 CVE-2017-11529 CVE-2017-11530 CVE-2017-11531 CVE-2017-11532 CVE-2017-11533 CVE-2017-11534 CVE-2017-11535 CVE-2017-11537 CVE-2017-11539 CVE-2017-11638 CVE-2017-11639 CVE-2017-11640 CVE-2017-11642 CVE-2017-11644 CVE-2017-11724 CVE-2017-11750 CVE-2017-11751 CVE-2017-11752 CVE-2017-12140 CVE-2017-12418 CVE-2017-12427 CVE-2017-12428 CVE-2017-12429 CVE-2017-12430 CVE-2017-12431 CVE-2017-12432 CVE-2017-12433 CVE-2017-12434 CVE-2017-12435 CVE-2017-12563 CVE-2017-12564 CVE-2017-12565 CVE-2017-12566 CVE-2017-12587 CVE-2017-12640 CVE-2017-12641 CVE-2017-12642 CVE-2017-12643 CVE-2017-12644 CVE-2017-12654 CVE-2017-12662 CVE-2017-12663 CVE-2017-12664 CVE-2017-12665 CVE-2017-12667 CVE-2017-12668 CVE-2017-12669 CVE-2017-12670 CVE-2017-12671 CVE-2017-12672 CVE-2017-12673 CVE-2017-12674 CVE-2017-12675 CVE-2017-12676 CVE-2017-12691 CVE-2017-12692 CVE-2017-12693 CVE-2017-12935 CVE-2017-12983 CVE-2017-13058 CVE-2017-13059 CVE-2017-13060 CVE-2017-13061 CVE-2017-13062 CVE-2017-13131 CVE-2017-13133 CVE-2017-13134 CVE-2017-13139 CVE-2017-13141 CVE-2017-13142 CVE-2017-13146 CVE-2017-13147 CVE-2017-13648 CVE-2017-13658 CVE-2017-13758 CVE-2017-13768 CVE-2017-13769 CVE-2017-14042 CVE-2017-14060 CVE-2017-14103 CVE-2017-14138 CVE-2017-14139 CVE-2017-14172 CVE-2017-14173 CVE-2017-14174 CVE-2017-14175 CVE-2017-14224 CVE-2017-14249 CVE-2017-14314 CVE-2017-14325 CVE-2017-14326 CVE-2017-14341 CVE-2017-14342 CVE-2017-14343 CVE-2017-14505 CVE-2017-14531 CVE-2017-14533 CVE-2017-14607 CVE-2017-14649 CVE-2017-14682 CVE-2017-14733 CVE-2017-14739 CVE-2017-14989 CVE-2017-14997 CVE-2017-15016 CVE-2017-15017 CVE-2017-15033 CVE-2017-15217 CVE-2017-15218 CVE-2017-15277 CVE-2017-15281 CVE-2017-15930 CVE-2017-16352 CVE-2017-16353 CVE-2017-16545 CVE-2017-16546 CVE-2017-16669 CVE-2017-17504 CVE-2017-17680 CVE-2017-17681 CVE-2017-17682 CVE-2017-17879 CVE-2017-17881 CVE-2017-17882 CVE-2017-17884 CVE-2017-17885 CVE-2017-17887 CVE-2017-17914 CVE-2017-17934 CVE-2017-18008 CVE-2017-18022 CVE-2017-18027 CVE-2017-18028 CVE-2017-18029 CVE-2017-18209 CVE-2017-18211 CVE-2017-18250 CVE-2017-18251 CVE-2017-18252 CVE-2017-18254 CVE-2017-18271 CVE-2017-5506 CVE-2017-5507 CVE-2017-5508 CVE-2017-5510 CVE-2017-5511 CVE-2017-6502 CVE-2017-7606 CVE-2017-7941 CVE-2017-7942 CVE-2017-7943 CVE-2017-8343 CVE-2017-8344 CVE-2017-8345 CVE-2017-8346 CVE-2017-8347 CVE-2017-8348 CVE-2017-8349 CVE-2017-8350 CVE-2017-8351 CVE-2017-8352 CVE-2017-8353 CVE-2017-8354 CVE-2017-8355 CVE-2017-8356 CVE-2017-8357 CVE-2017-8765 CVE-2017-8830 CVE-2017-9098 CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 CVE-2017-9144 CVE-2017-9261 CVE-2017-9262 CVE-2017-9405 CVE-2017-9407 CVE-2017-9409 CVE-2017-9439 CVE-2017-9440 CVE-2017-9500 CVE-2017-9501 CVE-2018-10177 CVE-2018-10804 CVE-2018-10805 CVE-2018-11251 CVE-2018-11655 CVE-2018-11656 CVE-2018-12599 CVE-2018-12600 CVE-2018-14434 CVE-2018-14435 CVE-2018-14436 CVE-2018-14437 CVE-2018-16323 CVE-2018-16329 CVE-2018-16413 CVE-2018-16640 CVE-2018-16642 CVE-2018-16643 CVE-2018-16644 CVE-2018-16645 CVE-2018-16749 CVE-2018-16750 CVE-2018-17965 CVE-2018-17966 CVE-2018-18016 CVE-2018-18024 CVE-2018-5246 CVE-2018-5247 CVE-2018-5357 CVE-2018-5685 CVE-2018-6405 CVE-2018-7443 CVE-2018-7470 CVE-2018-8804 CVE-2018-8960 CVE-2018-9018 CVE-2018-9133 CVE-2018-9135 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the NetworkManager-1.0.12-13.6.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2015-2924 CVE-2016-0764 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the argyllcms-1.6.3-3.3 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2012-1616 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the bash-lang-4.3-83.15.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2014-2524 CVE-2014-6271 CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 CVE-2016-0634 CVE-2016-7543 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the bluez-cups-5.13-5.4.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2016-7837 CVE-2016-9800 CVE-2016-9804 CVE-2017-1000250 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the bogofilter-1.2.4-5.3 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2010-2494 CVE-2012-5468 CVE-2016-6354 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the colord-1.3.3-12.13 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2011-4349 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the cyrus-sasl-digestmd5-32bit-2.1.26-8.7.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2009-0688 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the dia-0.97.3-15.63 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2008-5984 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the empathy-3.12.13-8.3.28 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2011-3635 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the finch-2.12.0-3.3.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2009-2694 CVE-2009-2703 CVE-2009-3026 CVE-2009-3083 CVE-2009-3084 CVE-2009-3085 CVE-2009-3615 CVE-2010-0013 CVE-2010-0277 CVE-2010-0420 CVE-2010-0423 CVE-2010-1624 CVE-2010-2528 CVE-2010-3711 CVE-2011-1091 CVE-2011-3594 CVE-2012-2214 CVE-2012-3374 CVE-2012-6152 CVE-2013-0271 CVE-2013-0272 CVE-2013-0273 CVE-2013-0274 CVE-2013-6477 CVE-2013-6478 CVE-2013-6479 CVE-2013-6481 CVE-2013-6482 CVE-2013-6483 CVE-2013-6484 CVE-2013-6485 CVE-2013-6486 CVE-2013-6487 CVE-2014-0020 CVE-2014-3694 CVE-2014-3695 CVE-2014-3696 CVE-2014-3697 CVE-2014-3698 CVE-2017-2640 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the freerdp-2.0.0~git.1463131968.4e66df7-12.3.2 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2014-0250 CVE-2014-0791 CVE-2017-2834 CVE-2017-2835 CVE-2017-2836 CVE-2017-2837 CVE-2017-2838 CVE-2017-2839 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the gcc48-gij-32bit-4.8.5-31.17.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2014-5044 CVE-2015-5276 CVE-2017-11671 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the gd-32bit-2.1.0-24.9.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2014-2497 CVE-2014-9709 CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-5116 CVE-2016-6128 CVE-2016-6132 CVE-2016-6161 CVE-2016-6207 CVE-2016-6214 CVE-2016-6905 CVE-2016-6906 CVE-2016-6911 CVE-2016-6912 CVE-2016-7568 CVE-2016-8670 CVE-2016-9317 CVE-2016-9933 CVE-2017-6362 CVE-2018-1000222 CVE-2018-5711 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the gegl-0_2-0.2.0-14.3 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2012-4433 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the gimp-2.8.18-9.3.26 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2007-3126 CVE-2010-4540 CVE-2010-4541 CVE-2010-4542 CVE-2010-4543 CVE-2011-2896 CVE-2012-3236 CVE-2012-5576 CVE-2016-4994 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the gnome-online-accounts-3.20.5-9.6 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2013-0240 CVE-2013-1799 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the gnome-shell-calendar-3.20.4-77.17.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2010-4000 CVE-2017-8288 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the gstreamer-0_10-plugins-bad-0.10.23-25.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2015-0797 CVE-2016-9445 CVE-2016-9446 CVE-2016-9447 CVE-2016-9809 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the gstreamer-0_10-plugins-base-0.10.36-17.13 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2016-9811 CVE-2017-5837 CVE-2017-5844 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the gstreamer-0_10-plugins-good-0.10.31-16.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 CVE-2016-9807 CVE-2016-9808 CVE-2016-9810 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the gwenhywfar-lang-4.9.0beta-3.3.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2015-7542 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the icu-52.1-8.7.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2014-8146 CVE-2014-8147 CVE-2014-9654 CVE-2016-6293 CVE-2017-14952 CVE-2017-15422 CVE-2017-17484 CVE-2017-7867 CVE-2017-7868 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the imobiledevice-tools-1.2.0-7.31 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2013-2142 CVE-2016-5104 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the java-1_7_0-openjdk-plugin-1.6.2-2.8.3 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2011-2513 CVE-2011-2514 CVE-2011-3377 CVE-2012-3422 CVE-2012-3423 CVE-2012-4540 CVE-2013-1926 CVE-2013-1927 CVE-2013-4349 CVE-2015-5234 CVE-2015-5235 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the kernel-default-extra-4.12.14-94.41.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2009-3939 CVE-2009-4026 CVE-2009-4027 CVE-2009-4131 CVE-2009-4138 CVE-2009-4536 CVE-2009-4538 CVE-2010-1146 CVE-2010-1436 CVE-2010-1641 CVE-2010-2066 CVE-2010-2942 CVE-2010-2954 CVE-2010-2955 CVE-2010-3081 CVE-2010-3296 CVE-2010-3297 CVE-2010-3298 CVE-2010-3301 CVE-2010-3310 CVE-2011-0711 CVE-2011-0712 CVE-2011-1020 CVE-2011-1180 CVE-2011-1577 CVE-2011-1581 CVE-2011-2203 CVE-2011-4604 CVE-2012-0056 CVE-2012-3412 CVE-2012-3520 CVE-2013-0160 CVE-2013-0231 CVE-2013-0913 CVE-2013-2850 CVE-2014-0038 CVE-2014-0196 CVE-2014-0691 CVE-2014-8133 CVE-2015-1333 CVE-2015-7550 CVE-2015-7884 CVE-2015-7885 CVE-2015-8539 CVE-2015-8660 CVE-2016-0723 CVE-2016-0728 CVE-2016-1237 CVE-2016-1583 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2384 CVE-2016-3134 CVE-2016-3135 CVE-2016-3136 CVE-2016-3140 CVE-2016-3689 CVE-2016-3713 CVE-2016-4470 CVE-2016-4485 CVE-2016-4486 CVE-2016-4557 CVE-2016-4558 CVE-2016-4569 CVE-2016-4578 CVE-2016-4951 CVE-2016-4997 CVE-2016-4998 CVE-2016-5195 CVE-2016-5244 CVE-2016-5829 CVE-2016-6187 CVE-2016-6480 CVE-2016-6516 CVE-2016-6828 CVE-2016-7039 CVE-2016-7042 CVE-2016-7425 CVE-2016-7913 CVE-2016-8655 CVE-2016-9555 CVE-2016-9576 CVE-2017-1000251 CVE-2017-1000252 CVE-2017-1000255 CVE-2017-1000380 CVE-2017-1000410 CVE-2017-11473 CVE-2017-11600 CVE-2017-12153 CVE-2017-12154 CVE-2017-12190 CVE-2017-12193 CVE-2017-13080 CVE-2017-13166 CVE-2017-14051 CVE-2017-14489 CVE-2017-15115 CVE-2017-15127 CVE-2017-15128 CVE-2017-15129 CVE-2017-15265 CVE-2017-15537 CVE-2017-15649 CVE-2017-15951 CVE-2017-16525 CVE-2017-16527 CVE-2017-16528 CVE-2017-16529 CVE-2017-16531 CVE-2017-16534 CVE-2017-16535 CVE-2017-16536 CVE-2017-16537 CVE-2017-16538 CVE-2017-16644 CVE-2017-16645 CVE-2017-16646 CVE-2017-16647 CVE-2017-16649 CVE-2017-16650 CVE-2017-16911 CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-16939 CVE-2017-16994 CVE-2017-16995 CVE-2017-16996 CVE-2017-17052 CVE-2017-17448 CVE-2017-17449 CVE-2017-17450 CVE-2017-17558 CVE-2017-17712 CVE-2017-17741 CVE-2017-17805 CVE-2017-17806 CVE-2017-17852 CVE-2017-17853 CVE-2017-17854 CVE-2017-17855 CVE-2017-17856 CVE-2017-17857 CVE-2017-17862 CVE-2017-17864 CVE-2017-17975 CVE-2017-18075 CVE-2017-18202 CVE-2017-18203 CVE-2017-18204 CVE-2017-18208 CVE-2017-18344 CVE-2017-2636 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2017-5897 CVE-2017-5970 CVE-2017-5986 CVE-2017-6347 CVE-2017-6353 CVE-2017-7184 CVE-2017-7187 CVE-2017-7261 CVE-2017-7277 CVE-2017-7294 CVE-2017-7308 CVE-2017-7346 CVE-2017-7477 CVE-2017-7487 CVE-2017-7541 CVE-2017-7542 CVE-2017-8824 CVE-2017-8831 CVE-2017-8890 CVE-2017-9059 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9211 CVE-2017-9242 CVE-2018-1000004 CVE-2018-1000028 CVE-2018-1000200 CVE-2018-1000204 CVE-2018-10087 CVE-2018-10124 CVE-2018-10323 CVE-2018-1065 CVE-2018-1068 CVE-2018-10853 CVE-2018-10902 CVE-2018-1091 CVE-2018-10938 CVE-2018-1094 CVE-2018-10940 CVE-2018-1108 CVE-2018-1118 CVE-2018-1120 CVE-2018-1128 CVE-2018-1129 CVE-2018-1130 CVE-2018-12233 CVE-2018-12896 CVE-2018-13053 CVE-2018-13093 CVE-2018-13094 CVE-2018-13095 CVE-2018-13405 CVE-2018-13406 CVE-2018-14613 CVE-2018-14617 CVE-2018-14633 CVE-2018-15572 CVE-2018-16658 CVE-2018-17182 CVE-2018-3620 CVE-2018-3639 CVE-2018-3646 CVE-2018-5332 CVE-2018-5333 CVE-2018-5390 CVE-2018-5391 CVE-2018-5803 CVE-2018-5848 CVE-2018-6554 CVE-2018-6555 CVE-2018-6927 CVE-2018-7492 CVE-2018-7566 CVE-2018-7740 CVE-2018-8043 CVE-2018-8087 CVE-2018-8781 CVE-2018-8822 CVE-2018-9363 CVE-2018-9385 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the lcms-1.19-17.31 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2009-0793 CVE-2013-4276 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the lhasa-0.2.0-5.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2016-2347 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libFLAC++6-32bit-1.3.0-11.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2014-8962 CVE-2014-9028 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libIlmImf-Imf_2_1-21-32bit-2.1.0-6.3.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2009-1720 CVE-2009-1721 CVE-2017-12596 CVE-2017-9110 CVE-2017-9114 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libSoundTouch0-32bit-1.7.1-5.3.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2018-1000223 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libcares2-32bit-1.9.1-9.4.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2016-5180 CVE-2017-1000381 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libdirectfb-1_7-1-32bit-1.7.1-6.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2014-2977 CVE-2014-2978 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libfbembed2_5-2.5.2.26539-15.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2013-2492 CVE-2017-6369 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libgadu3-1.11.4-1.12 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2013-6487 CVE-2014-3775 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libgio-fam-2.48.2-10.2 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2008-4316 CVE-2012-3524 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libgstfft-1_0-0-32bit-1.8.3-12.11 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2016-9811 CVE-2017-5837 CVE-2017-5839 CVE-2017-5842 CVE-2017-5844 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libid3tag0-0.15.1b-184.3.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2004-2779 CVE-2008-2109 CVE-2017-11550 CVE-2017-11551 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libiso9660-8-0.90-6.3.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2017-18201 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libjavascriptcoregtk-1_0-0-2.4.11-23.20 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2012-5112 CVE-2012-5133 CVE-2014-1344 CVE-2014-1384 CVE-2014-1385 CVE-2014-1386 CVE-2014-1387 CVE-2014-1388 CVE-2014-1389 CVE-2014-1390 CVE-2014-1748 CVE-2015-1071 CVE-2015-1076 CVE-2015-1081 CVE-2015-1083 CVE-2015-1120 CVE-2015-1122 CVE-2015-1127 CVE-2015-1153 CVE-2015-1155 CVE-2015-2330 CVE-2015-3658 CVE-2015-3659 CVE-2015-3727 CVE-2015-3731 CVE-2015-3741 CVE-2015-3743 CVE-2015-3745 CVE-2015-3747 CVE-2015-3748 CVE-2015-3749 CVE-2015-3752 CVE-2015-5788 CVE-2015-5794 CVE-2015-5801 CVE-2015-5809 CVE-2015-5822 CVE-2015-5928 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libmikmod3-3.2.0-4.59 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2007-6720 CVE-2009-0179 CVE-2009-3995 CVE-2009-3996 CVE-2010-2546 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libmwaw-0_3-3-0.3.13-7.9.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2017-9433 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libmysqlclient_r18-10.0.35-1.7 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2007-5970 CVE-2008-7247 CVE-2009-4019 CVE-2009-4028 CVE-2009-4030 CVE-2010-5298 CVE-2012-5615 CVE-2013-1976 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-2494 CVE-2014-3470 CVE-2014-4207 CVE-2014-4258 CVE-2014-4260 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6474 CVE-2014-6478 CVE-2014-6484 CVE-2014-6489 CVE-2014-6491 CVE-2014-6494 CVE-2014-6495 CVE-2014-6496 CVE-2014-6500 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 CVE-2014-6564 CVE-2014-6568 CVE-2014-8964 CVE-2015-0374 CVE-2015-0381 CVE-2015-0382 CVE-2015-0391 CVE-2015-0411 CVE-2015-0432 CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501 CVE-2015-0505 CVE-2015-2325 CVE-2015-2326 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573 CVE-2015-3152 CVE-2015-4792 CVE-2015-4802 CVE-2015-4807 CVE-2015-4815 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4870 CVE-2015-4913 CVE-2015-5969 CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616 CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0651 CVE-2016-0655 CVE-2016-0666 CVE-2016-0668 CVE-2016-2047 CVE-2016-3477 CVE-2016-3492 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440 CVE-2016-5584 CVE-2016-5624 CVE-2016-5626 CVE-2016-5629 CVE-2016-6662 CVE-2016-6663 CVE-2016-6664 CVE-2016-7440 CVE-2016-8283 CVE-2017-10268 CVE-2017-10378 CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3257 CVE-2017-3258 CVE-2017-3265 CVE-2017-3291 CVE-2017-3302 CVE-2017-3308 CVE-2017-3309 CVE-2017-3312 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 CVE-2018-2562 CVE-2018-2612 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 CVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2767 CVE-2018-2771 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817 CVE-2018-2819 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libnautilus-extension1-32bit-3.20.3-23.6.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2017-14604 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libndp0-1.6-2.2 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2016-3698 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libnewt0_52-0.52.16-1.83 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2009-2905 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libofx-0.9.9-3.7.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2017-14731 CVE-2017-2816 CVE-2017-2920 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libosip2-3.5.0-20.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2016-10324 CVE-2016-10325 CVE-2016-10326 CVE-2017-7853 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libpcrecpp0-32bit-8.39-8.3.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2014-8964 CVE-2015-2325 CVE-2015-2327 CVE-2015-2328 CVE-2015-3210 CVE-2015-3217 CVE-2015-5073 CVE-2015-8380 CVE-2016-1283 CVE-2016-3191 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libpcsclite1-32bit-1.8.10-7.3.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2010-0407 CVE-2010-4531 CVE-2016-10109 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libplist++3-1.12-20.3.2 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2017-5209 CVE-2017-5545 CVE-2017-5834 CVE-2017-5835 CVE-2017-5836 CVE-2017-6435 CVE-2017-6436 CVE-2017-6437 CVE-2017-6438 CVE-2017-6439 CVE-2017-6440 CVE-2017-7982 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libpodofo0_9_2-0.9.2-3.3.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2017-5852 CVE-2017-5853 CVE-2017-5854 CVE-2017-5855 CVE-2017-5886 CVE-2017-6840 CVE-2017-6844 CVE-2017-6847 CVE-2017-7378 CVE-2017-7379 CVE-2017-7380 CVE-2017-7994 CVE-2017-8054 CVE-2017-8787 CVE-2018-5308 CVE-2018-8001 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libpolkit0-32bit-0.113-5.12.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2010-0750 CVE-2011-1485 CVE-2013-4288 CVE-2015-3218 CVE-2015-3255 CVE-2015-3256 CVE-2015-4625 CVE-2018-1116 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libproxy1-networkmanager-32bit-0.4.13-16.6 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2012-4504 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libqt4-sql-mysql-32bit-4.8.7-8.8.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2009-0945 CVE-2011-3193 CVE-2011-3922 CVE-2012-4929 CVE-2012-6093 CVE-2013-0254 CVE-2013-4549 CVE-2014-0190 CVE-2015-0295 CVE-2015-1858 CVE-2015-1859 CVE-2015-1860 CVE-2016-10040 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libraw9-0.15.4-21.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2013-2126 CVE-2013-2127 CVE-2015-3885 CVE-2015-8367 CVE-2017-13735 CVE-2017-14608 CVE-2017-16909 CVE-2017-6886 CVE-2017-6887 CVE-2017-6890 CVE-2017-6899 CVE-2018-5800 CVE-2018-5801 CVE-2018-5802 CVE-2018-5810 CVE-2018-5813 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libreoffice-6.0.5.2-43.38.5 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2010-2935 CVE-2010-2936 CVE-2014-0247 CVE-2014-3524 CVE-2014-3575 CVE-2014-3693 CVE-2014-8146 CVE-2014-8147 CVE-2014-9093 CVE-2015-4551 CVE-2015-5212 CVE-2015-5213 CVE-2015-5214 CVE-2016-0794 CVE-2016-0795 CVE-2016-10327 CVE-2016-4324 CVE-2017-3157 CVE-2017-7870 CVE-2017-7882 CVE-2017-8358 CVE-2018-10119 CVE-2018-10120 CVE-2018-1055 CVE-2018-10583 CVE-2018-6871 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libsilc-1_1-2-1.1.10-24.128 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2008-1227 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libstaroffice-0_0-0-0.0.5-7.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2017-9432 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libtag1-32bit-1.9.1-1.265 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2012-2396 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libuuid-devel-2.29.2-7.14 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2013-0157 CVE-2014-9114 CVE-2015-5218 CVE-2016-2779 CVE-2016-5011 CVE-2017-2616 CVE-2018-7738 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libvdpau1-32bit-1.1.1-6.73 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2015-5198 CVE-2015-5199 CVE-2015-5200 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libvpx1-32bit-1.3.0-3.3.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2017-13194 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libwebkit2gtk3-lang-2.20.3-2.23.8 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2016-1856 CVE-2016-1857 CVE-2016-4590 CVE-2016-4591 CVE-2016-4622 CVE-2016-4624 CVE-2016-4692 CVE-2016-4743 CVE-2016-7586 CVE-2016-7587 CVE-2016-7589 CVE-2016-7592 CVE-2016-7598 CVE-2016-7599 CVE-2016-7610 CVE-2016-7623 CVE-2016-7632 CVE-2016-7635 CVE-2016-7639 CVE-2016-7641 CVE-2016-7645 CVE-2016-7652 CVE-2016-7654 CVE-2016-7656 CVE-2017-1000121 CVE-2017-1000122 CVE-2017-13788 CVE-2017-13798 CVE-2017-13803 CVE-2017-13856 CVE-2017-13866 CVE-2017-13870 CVE-2017-13884 CVE-2017-13885 CVE-2017-2350 CVE-2017-2354 CVE-2017-2355 CVE-2017-2356 CVE-2017-2362 CVE-2017-2363 CVE-2017-2364 CVE-2017-2365 CVE-2017-2366 CVE-2017-2369 CVE-2017-2371 CVE-2017-2373 CVE-2017-2496 CVE-2017-2510 CVE-2017-2538 CVE-2017-2539 CVE-2017-5715 CVE-2017-5753 CVE-2017-7006 CVE-2017-7011 CVE-2017-7012 CVE-2017-7018 CVE-2017-7019 CVE-2017-7020 CVE-2017-7030 CVE-2017-7034 CVE-2017-7037 CVE-2017-7038 CVE-2017-7039 CVE-2017-7040 CVE-2017-7041 CVE-2017-7042 CVE-2017-7043 CVE-2017-7046 CVE-2017-7048 CVE-2017-7049 CVE-2017-7052 CVE-2017-7055 CVE-2017-7056 CVE-2017-7059 CVE-2017-7061 CVE-2017-7064 CVE-2017-7081 CVE-2017-7087 CVE-2017-7089 CVE-2017-7090 CVE-2017-7091 CVE-2017-7092 CVE-2017-7093 CVE-2017-7094 CVE-2017-7095 CVE-2017-7096 CVE-2017-7098 CVE-2017-7099 CVE-2017-7100 CVE-2017-7102 CVE-2017-7104 CVE-2017-7107 CVE-2017-7109 CVE-2017-7111 CVE-2017-7117 CVE-2017-7120 CVE-2017-7142 CVE-2017-7153 CVE-2017-7156 CVE-2017-7157 CVE-2017-7160 CVE-2017-7161 CVE-2017-7165 CVE-2018-11646 CVE-2018-11712 CVE-2018-11713 CVE-2018-12911 CVE-2018-4088 CVE-2018-4096 CVE-2018-4101 CVE-2018-4113 CVE-2018-4114 CVE-2018-4117 CVE-2018-4118 CVE-2018-4119 CVE-2018-4120 CVE-2018-4121 CVE-2018-4122 CVE-2018-4125 CVE-2018-4127 CVE-2018-4128 CVE-2018-4129 CVE-2018-4133 CVE-2018-4146 CVE-2018-4161 CVE-2018-4162 CVE-2018-4163 CVE-2018-4165 CVE-2018-4190 CVE-2018-4199 CVE-2018-4200 CVE-2018-4204 CVE-2018-4218 CVE-2018-4222 CVE-2018-4232 CVE-2018-4233 CVE-2018-4246 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libwmf-0_2-7-0.2.8.4-242.3 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2015-0848 CVE-2015-4588 CVE-2015-4695 CVE-2015-4696 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libwpd-0_10-10-0.10.2-2.4.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2017-14226 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libyaml-cpp0_5-0.5.3-3.3.2 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2017-5950 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libzmq3-4.0.4-14.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2014-7202 CVE-2014-7203 CVE-2014-9721 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the libzzip-0-13-0.13.67-10.14.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2017-5974 CVE-2017-5975 CVE-2017-5976 CVE-2017-5977 CVE-2017-5978 CVE-2017-5979 CVE-2017-5981 CVE-2018-17828 CVE-2018-6381 CVE-2018-6484 CVE-2018-6540 CVE-2018-6542 CVE-2018-7725 CVE-2018-7726 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the openconnect-7.08-1.27 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2012-3291 CVE-2012-6128 CVE-2013-7098 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the pidgin-plugin-otr-4.0.2-1.29 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2012-2369 CVE-2015-8833 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the pulseaudio-module-bluetooth-5.0-4.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2014-3970 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the python-devel-2.7.13-28.11.2 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2011-1521 CVE-2011-3389 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 CVE-2013-1752 CVE-2013-1753 CVE-2013-4238 CVE-2014-1912 CVE-2014-4650 CVE-2014-7185 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 CVE-2017-1000158 CVE-2017-18207 CVE-2018-1000030 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the raptor-2.0.10-3.67 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2012-0037 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the rhythmbox-3.4-6.14 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2012-3355 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the sane-backends-32bit-1.0.24-3.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2017-6318 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the shotwell-0.22.0+git.20160103-15.6.1 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2017-1000024 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the telepathy-gabble-0.18.3-5.7 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2011-1000 CVE-2013-1431 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the telepathy-idle-0.2.0-1.62 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2007-6746 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the typelib-1_0-EvinceDocument-3_0-3.20.2-6.22.9 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2010-2640 CVE-2010-2641 CVE-2010-2642 CVE-2010-2643 CVE-2017-1000083 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 These are all security issues fixed in the typelib-1_0-Gtk-2_0-2.24.31-7.11 package on the GA media of SUSE Linux Enterprise Workstation Extension 12 SP4. Moderate CVE-2013-7447 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libgcrypt fixes the following issues: The following security vulnerability was addressed: - CVE-2018-0495: Mitigate a novel side-channel attack by enabling blinding for ECDSA signatures (bsc#1097410). The following other issues were fixed: - Extended the fipsdrv dsa-sign and dsa-verify commands with the --algo parameter for the FIPS testing of DSA SigVer and SigGen (bsc#1064455). - Ensure libgcrypt20-hmac and libgcrypt20 are installed in the correct order. (bsc#1090766) Moderate SUSE bug 1064455 SUSE bug 1090766 SUSE bug 1097410 CVE-2018-0495 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libreoffice to 6.0.5.2 fixes the following issues: Security issues fixed: - CVE-2018-10583: An information disclosure vulnerability occurs during automatic processing and initiating an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document. (bsc#1091606) Non security issues fixed: - Bugfix: Table borders appear black in LibreOffice (while white in PowerPoint) (bsc#1088262) - Bugfix: LibreOffice extension 'Language Tool' fails after Tumbleweed update (bsc#1050305) - Bugfix: libreoffice-gnome can no longer be installed in parallel to libreoffice-gtk3 as there is a potential file conflict (bsc#1096673) - Bugfix: LibreOffice Writer: Text in boxes were not visible (bsc#1094359) - Use libreoffice-gtk3 if xfce is present (bsc#1092699) - Various other bug fixes - Exporting to PPTX results in vertical labels being shown horizontally (bsc#1095639) - Table in PPTX misplaced and partly blue (bsc#1098891) - Labels in chart change (from white and other colors) to black when saving as PPTX (bsc#1088263) - Exporting to PPTX shifts arrow shapes quite a bit bsc#1095601 Moderate SUSE bug 1050305 SUSE bug 1088262 SUSE bug 1088263 SUSE bug 1091606 SUSE bug 1091772 SUSE bug 1092699 SUSE bug 1094359 SUSE bug 1095601 SUSE bug 1095639 SUSE bug 1096673 SUSE bug 1098891 CVE-2018-10583 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for python, python-base fixes the following issues: Security issues fixed: - CVE-2018-1000802: Prevent command injection in shutil module (make_archive function) via passage of unfiltered user input (bsc#1109663). - CVE-2018-1061: Fixed DoS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (bsc#1088004). - CVE-2018-1060: Fixed DoS via regular expression catastrophic backtracking in apop() method in pop3lib (bsc#1088009). Bug fixes: - bsc#1086001: python tarfile uses random order. Moderate SUSE bug 1086001 SUSE bug 1088004 SUSE bug 1088009 SUSE bug 1109663 CVE-2018-1000802 CVE-2018-1060 CVE-2018-1061 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for audiofile fixes the following issues: - CVE-2018-17095: A heap-based buffer overflow in Expand3To4Module::run could occurred when running sfconvert leading to crashes or code execution when handling untrusted soundfiles (bsc#1111586). Moderate SUSE bug 1111586 CVE-2018-17095 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for ntfs-3g_ntfsprogs fixes the following issues: - CVE-2017-0358: Missing sanitization of the environment during a call to modprobe allowed local users to escalate fo root privilege (bsc#1022500) Low SUSE bug 1022500 CVE-2017-0358 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for wireshark fixes the following issues: Wireshark was updated to 2.4.10 (bsc#1111647). Following security issues were fixed: - CVE-2018-18227: MS-WSP dissector crash (wnpa-sec-2018-47) - CVE-2018-12086: OpcUA dissector crash (wnpa-sec-2018-50) Further bug fixes and updated protocol support that were done are listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.10.html Important SUSE bug 1111647 CVE-2018-12086 CVE-2018-18227 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for MozillaFirefox to ESR 60.2.2 fixes several issues. These general changes are part of the version 60 release. - New browser engine with speed improvements - Redesigned graphical user interface elements - Unified address and search bar for new installations - New tab page listing top visited, recently visited and recommended pages - Support for configuration policies in enterprise deployments via JSON files - Support for Web Authentication, allowing the use of USB tokens for authentication to web sites The following changes affect compatibility: - Now exclusively supports extensions built using the WebExtension API. - Unsupported legacy extensions will no longer work in Firefox 60 ESR - TLS certificates issued by Symantec before June 1st, 2016 are no longer trusted The 'security.pki.distrust_ca_policy' preference can be set to 0 to reinstate trust in those certificates The following issues affect performance: - new format for storing private keys, certificates and certificate trust If the user home or data directory is on a network file system, it is recommended that users set the following environment variable to avoid slowdowns: NSS_SDB_USE_CACHE=yes This setting is not recommended for local, fast file systems. These security issues were fixed: - CVE-2018-12381: Dragging and dropping Outlook email message results in page navigation (bsc#1107343). - CVE-2017-16541: Proxy bypass using automount and autofs (bsc#1107343). - CVE-2018-12376: Various memory safety bugs (bsc#1107343). - CVE-2018-12377: Use-after-free in refresh driver timers (bsc#1107343). - CVE-2018-12378: Use-after-free in IndexedDB (bsc#1107343). - CVE-2018-12379: Out-of-bounds write with malicious MAR file (bsc#1107343). - CVE-2018-12386: Type confusion in JavaScript allowed remote code execution (bsc#1110506) - CVE-2018-12387: Array.prototype.push stack pointer vulnerability may enable exploits in the sandboxed content process (bsc#1110507) - CVE-2018-12385: Crash in TransportSecurityInfo due to cached data (bsc#1109363) - CVE-2018-12383: Setting a master password did not delete unencrypted previously stored passwords (bsc#1107343) This update for mozilla-nspr to version 4.19 fixes the follwing issues - Added TCP Fast Open functionality - A socket without PR_NSPR_IO_LAYER will no longer trigger an assertion when polling This update for mozilla-nss to version 3.36.4 fixes the follwing issues - Connecting to a server that was recently upgraded to TLS 1.3 would result in a SSL_RX_MALFORMED_SERVER_HELLO error. - Fix a rare bug with PKCS#12 files. - Replaces existing vectorized ChaCha20 code with verified HACL* implementation. - TLS 1.3 support has been updated to draft -23. - Added formally verified implementations of non-vectorized Chacha20 and non-vectorized Poly1305 64-bit. - The following CA certificates were Removed: OU = Security Communication EV RootCA1 CN = CA Disig Root R1 CN = DST ACES CA X6 Certum CA, O=Unizeto Sp. z o.o. StartCom Certification Authority StartCom Certification Authority G2 T?BİTAK UEKAE K?k Sertifika Hizmet Sağlayıcısı - S?r?m 3 ACEDICOM Root Certinomis - Autorit? Racine T?RKTRUST Elektronik Sertifika Hizmet Sağlayıcısı PSCProcert CA 沃通根证书, O=WoSign CA Limited Certification Authority of WoSign Certification Authority of WoSign G2 CA WoSign ECC Root Subject CN = VeriSign Class 3 Secure Server CA - G2 O = Japanese Government, OU = ApplicationCA CN = WellsSecure Public Root Certificate Authority CN = T?RKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6 CN = Microsec e-Szigno Root * The following CA certificates were Removed: AddTrust Public CA Root AddTrust Qualified CA Root China Internet Network Information Center EV Certificates Root CNNIC ROOT ComSign Secured CA GeoTrust Global CA 2 Secure Certificate Services Swisscom Root CA 1 Swisscom Root EV CA 2 Trusted Certificate Services UTN-USERFirst-Hardware UTN-USERFirst-Object * The following CA certificates were Added CN = D-TRUST Root CA 3 2013 CN = TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 GDCA TrustAUTH R5 ROOT SSL.com Root Certification Authority RSA SSL.com Root Certification Authority ECC SSL.com EV Root Certification Authority RSA R2 SSL.com EV Root Certification Authority ECC TrustCor RootCert CA-1 TrustCor RootCert CA-2 TrustCor ECA-1 * The Websites (TLS/SSL) trust bit was turned off for the following CA certificates: CN = Chambers of Commerce Root CN = Global Chambersign Root * TLS servers are able to handle a ClientHello statelessly, if the client supports TLS 1.3. If the server sends a HelloRetryRequest, it is possible to discard the server socket, and make a new socket to handle any subsequent ClientHello. This better enables stateless server operation. (This feature is added in support of QUIC, but it also has utility for DTLS 1.3 servers.) Due to the update of mozilla-nss apache2-mod_nss needs to be updated to change to the SQLite certificate database, which is now the default (bsc#1108771) Important SUSE bug 1012260 SUSE bug 1021577 SUSE bug 1026191 SUSE bug 1041469 SUSE bug 1041894 SUSE bug 1049703 SUSE bug 1061204 SUSE bug 1064786 SUSE bug 1065464 SUSE bug 1066489 SUSE bug 1073210 SUSE bug 1078436 SUSE bug 1091551 SUSE bug 1092697 SUSE bug 1094767 SUSE bug 1096515 SUSE bug 1107343 SUSE bug 1108771 SUSE bug 1108986 SUSE bug 1109363 SUSE bug 1109465 SUSE bug 1110506 SUSE bug 1110507 SUSE bug 703591 SUSE bug 839074 SUSE bug 857131 SUSE bug 893359 CVE-2017-16541 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12379 CVE-2018-12381 CVE-2018-12383 CVE-2018-12385 CVE-2018-12386 CVE-2018-12387 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for soundtouch fixes the following issues: - CVE-2018-17098: The WavFileBase class allowed remote attackers to cause a denial of service (heap corruption from size inconsistency) or possibly have unspecified other impact, as demonstrated by SoundStretch. (bsc#1108632) - CVE-2018-17097: The WavFileBase class allowed remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch. (double free) (bsc#1108631) - CVE-2018-17096: The BPMDetect class allowed remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch. (bsc#1108630) Moderate SUSE bug 1108630 SUSE bug 1108631 SUSE bug 1108632 CVE-2018-17096 CVE-2018-17097 CVE-2018-17098 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for opensc fixes the following issues: - CVE-2018-16391: Fixed a denial of service when handling responses from a Muscle Card (bsc#1106998) - CVE-2018-16392: Fixed a denial of service when handling responses from a TCOS Card (bsc#1106999) - CVE-2018-16393: Fixed buffer overflows when handling responses from Gemsafe V1 Smartcards (bsc#1108318) - CVE-2018-16418: Fixed buffer overflow when handling string concatenation in util_acl_to_str (bsc#1107039) - CVE-2018-16419: Fixed several buffer overflows when handling responses from a Cryptoflex card (bsc#1107107) - CVE-2018-16420: Fixed buffer overflows when handling responses from an ePass 2003 Card (bsc#1107097) - CVE-2018-16422: Fixed single byte buffer overflow when handling responses from an esteid Card (bsc#1107038) - CVE-2018-16423: Fixed double free when handling responses from a smartcard (bsc#1107037) - CVE-2018-16426: Fixed endless recursion when handling responses from an IAS-ECC card (bsc#1107034) - CVE-2018-16427: Fixed out of bounds reads when handling responses in OpenSC (bsc#1107033) Moderate SUSE bug 1104812 SUSE bug 1106998 SUSE bug 1106999 SUSE bug 1107033 SUSE bug 1107034 SUSE bug 1107037 SUSE bug 1107038 SUSE bug 1107039 SUSE bug 1107097 SUSE bug 1107107 SUSE bug 1108318 CVE-2018-16391 CVE-2018-16392 CVE-2018-16393 CVE-2018-16418 CVE-2018-16419 CVE-2018-16420 CVE-2018-16422 CVE-2018-16423 CVE-2018-16426 CVE-2018-16427 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libarchive fixes the following issues: - CVE-2016-10209: The archive_wstring_append_from_mbs function in archive_string.c allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file. (bsc#1032089) - CVE-2016-10349: The archive_le32dec function in archive_endian.h allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (bsc#1037008) - CVE-2016-10350: The archive_read_format_cab_read_header function in archive_read_support_format_cab.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (bsc#1037009) - CVE-2017-14166: libarchive allowed remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c. (bsc#1057514) - CVE-2017-14501: An out-of-bounds read flaw existed in parse_file_info in archive_read_support_format_iso9660.c when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. (bsc#1059139) - CVE-2017-14502: read_header in archive_read_support_format_rar.c suffered from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. (bsc#1059134) - CVE-2017-14503: libarchive suffered from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. (bsc#1059100) Moderate SUSE bug 1032089 SUSE bug 1037008 SUSE bug 1037009 SUSE bug 1057514 SUSE bug 1059100 SUSE bug 1059134 SUSE bug 1059139 CVE-2016-10209 CVE-2016-10349 CVE-2016-10350 CVE-2017-14166 CVE-2017-14501 CVE-2017-14502 CVE-2017-14503 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for MozillaFirefox fixes the following issues: Security issues fixed: - Update to Mozilla Firefox 60.3.0esr: MFSA 2018-27 (bsc#1112852) - CVE-2018-12392: Crash with nested event loops. - CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript. - CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting. - CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts. - CVE-2018-12397: WebExtension local file access vulnerability. - CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3. - CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3. Important SUSE bug 1112852 CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 CVE-2018-12395 CVE-2018-12396 CVE-2018-12397 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632) - CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. (bsc#1113665) Non-security issues fixed: - dhcp6: split assert_return() to be more debuggable when hit - core: skip unit deserialization and move to the next one when unit_deserialize() fails - core: properly handle deserialization of unknown unit types (#6476) - core: don't create Requires for workdir if 'missing ok' (bsc#1113083) - logind: use manager_get_user_by_pid() where appropriate - logind: rework manager_get_{user|session}_by_pid() a bit - login: fix user@.service case, so we don't allow nested sessions (#8051) (bsc#1112024) - core: be more defensive if we can't determine per-connection socket peer (#7329) - socket-util: introduce port argument in sockaddr_port() - service: fixup ExecStop for socket-activated shutdown (#4120) - service: Continue shutdown on socket activated unit on termination (#4108) (bsc#1106923) - cryptsetup: build fixes for 'add support for sector-size= option' - udev-rules: IMPORT cmdline does not recognize keys with similar names (bsc#1111278) - core: keep the kernel coredump defaults when systemd-coredump is disabled - core: shorten main() a bit, split out coredump initialization - core: set RLIMIT_CORE to unlimited by default (bsc#1108835) - core/mount: fstype may be NULL - journald: don't ship systemd-journald-audit.socket (bsc#1109252) - core: make 'tmpfs' dependencies on swapfs a 'default' dep, not an 'implicit' (bsc#1110445) - mount: make sure we unmount tmpfs mounts before we deactivate swaps (#7076) - tmp.mount.hm4: After swap.target (#3087) - Ship systemd-sysv-install helper via the main package This script was part of systemd-sysvinit sub-package but it was wrong since systemd-sysv-install is a script used to redirect enable/disable operations to chkconfig when the unit targets are sysv init scripts. Therefore it's never been a SySV init tool. Important SUSE bug 1106923 SUSE bug 1108835 SUSE bug 1109252 SUSE bug 1110445 SUSE bug 1111278 SUSE bug 1112024 SUSE bug 1113083 SUSE bug 1113632 SUSE bug 1113665 CVE-2018-15686 CVE-2018-15688 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2018-16850: Fixed improper quoting of transition table names when pg_dump emits CREATE TRIGGER could have caused privilege escalation (bsc#1114837). Non-security issues fixed: - Update to release 10.6: * https://www.postgresql.org/docs/current/static/release-10-6.html Moderate SUSE bug 1114837 CVE-2018-16850 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libwpd fixes the following issues: Security issue fixed: - CVE-2018-19208: Fixed illegal address access inside libwpd at function WP6ContentListener:defineTable (bsc#1115713). Important SUSE bug 1115713 CVE-2018-19208 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for rpm fixes the following issues: These security issues were fixed: - CVE-2017-7500: rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination (bsc#943457). - CVE-2017-7501: rpm used temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation (bsc#943457) This is a reissue of the above security fixes for SUSE Linux Enterprise 12 GA, SP1 and SP2 LTSS, they have already been released for SUSE Linux Enterprise Server 12 SP3. Important SUSE bug 943457 CVE-2017-7500 CVE-2017-7501 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for exiv2 fixes the following issues: - CVE-2017-11591: A floating point exception in the Exiv2::ValueType function could lead to a remote denial of service attack via crafted input. (bsc#1050257) - CVE-2017-14864: An invalid memory address dereference was discovered in Exiv2::getULong in types.cpp. The vulnerability caused a segmentation fault and application crash, which lead to denial of service. (bsc#1060995) - CVE-2017-14862: An invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp. The vulnerability caused a segmentation fault and application crash, which lead to denial of service. (bsc#1060996) - CVE-2017-14859: An invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp. The vulnerability caused a segmentation fault and application crash, which lead to denial of service. (bsc#1061000) - CVE-2017-11683: There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp that could lead to a remote denial of service attack via crafted input. (bsc#1051188) - CVE-2017-17669: There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp. A crafted PNG file would lead to a remote denial of service attack. (bsc#1072928) - CVE-2018-10958: In types.cpp a large size value might have lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call. (bsc#1092952) - CVE-2018-10998: readMetadata in jp2image.cpp allowed remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call. (bsc#1093095) - CVE-2018-11531: Exiv2 had a heap-based buffer overflow in getData in preview.cpp. (bsc#1095070) Moderate SUSE bug 1050257 SUSE bug 1051188 SUSE bug 1060995 SUSE bug 1060996 SUSE bug 1061000 SUSE bug 1072928 SUSE bug 1092952 SUSE bug 1093095 SUSE bug 1095070 CVE-2017-11591 CVE-2017-11683 CVE-2017-14859 CVE-2017-14862 CVE-2017-14864 CVE-2017-17669 CVE-2018-10958 CVE-2018-10998 CVE-2018-11531 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf (bsc#1099257). - CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tif_lzw.c (bsc#1113672). - CVE-2018-18557: Fixed JBIG decode can lead to out-of-bounds write (bsc#1113094). Non-security issues fixed: - asan_build: build ASAN included - debug_build: build more suitable for debugging Moderate SUSE bug 1099257 SUSE bug 1113094 SUSE bug 1113672 CVE-2018-12900 CVE-2018-18557 CVE-2018-18661 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for openssh fixes the following issues: Following security issues have been fixed: - CVE-2018-15473: OpenSSH was prone to a user existance oracle vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. (bsc#1105010) The following non-security issues were fixed: - Stop leaking File descriptors (bsc#964336) - sftp-client.c returns wrong error code upon failure [bsc#1091396] Moderate SUSE bug 1091396 SUSE bug 1105010 SUSE bug 964336 CVE-2018-15473 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for openssl-1_1 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-0735: Fixed timing vulnerability in ECDSA signature generation (bsc#1113651). Non-security issues fixed: - Fixed infinite loop in DSA generation with incorrect parameters (bsc#1112209). Moderate SUSE bug 1112209 SUSE bug 1113651 SUSE bug 1113652 CVE-2018-0734 CVE-2018-0735 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for ncurses fixes the following issue: Security issue fixed: - CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929). Important SUSE bug 1115929 CVE-2018-19211 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for openssl-1_0_0 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534). - Add missing timing side channel patch for DSA signature generation (bsc#1113742). Non-security issues fixed: - Fixed infinite loop in DSA generation with incorrect parameters (bsc#1112209). - Set TLS version to 0 in msg_callback for record messages to avoid confusing applications (bsc#1100078). Moderate SUSE bug 1100078 SUSE bug 1112209 SUSE bug 1113534 SUSE bug 1113652 SUSE bug 1113742 CVE-2018-0734 CVE-2018-5407 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2018-18544: Fixed memory leak in the function WriteMSLImage (bsc#1113064). Non-security issues fixed: - Improve import documentation (bsc#1057246). - Allow override system security policy (bsc#1117463). - asan_build: build ASAN included - debug_build: build more suitable for debugging Moderate SUSE bug 1057246 SUSE bug 1113064 SUSE bug 1117463 CVE-2018-18544 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for python-cryptography, python-pyOpenSSL fixes the following issues: Security issues fixed: - CVE-2018-1000808: A memory leak due to missing reference checking in PKCS#12 store handling was fixed (bsc#1111634) - CVE-2018-1000807: A use-after-free in X509 object handling was fixed (bsc#1111635) - avoid bad interaction with python-cryptography package. (bsc#1021578) Important SUSE bug 1021578 SUSE bug 1111634 SUSE bug 1111635 CVE-2018-1000807 CVE-2018-1000808 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for compat-openssl098 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534). - CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018). - Fixed the 'One and Done' side-channel attack on RSA (bsc#1104789). Moderate SUSE bug 1104789 SUSE bug 1110018 SUSE bug 1113534 SUSE bug 1113652 CVE-2016-8610 CVE-2018-0734 CVE-2018-5407 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removed entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry could remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769). - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751). - CVE-2018-18445: Faulty computation of numeric bounds in the BPF verifier permitted out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandled 32-bit right shifts (bnc#1112372). - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). - CVE-2017-18224: fs/ocfs2/aops.c omitted use of a semaphore and consequently had a race condition for access to the extent tree during read operations in DIRECT mode, which allowed local users to cause a denial of service (BUG) by modifying a certain e_cpos field (bnc#1084831). - CVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674). The following non-security bugs were fixed: - ACPI/APEI: Handle GSIV and GPIO notification types (bsc#1115567). - ACPICA: Tables: Add WSMT support (bsc#1089350). - ACPI/IORT: Fix iort_get_platform_device_domain() uninitialized pointer value (bsc#1051510). - ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers (bsc#1051510). - ACPI, nfit: Fix ARS overflow continuation (bsc#1116895). - ACPI, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#1112128). - ACPI/nfit, x86/mce: Handle only uncorrectable machine checks (bsc#1114279). - ACPI/nfit, x86/mce: Validate a MCE's address before using it (bsc#1114279). - ACPI / platform: Add SMB0001 HID to forbidden_id_list (bsc#1051510). - ACPI / processor: Fix the return value of acpi_processor_ids_walk() (bsc#1051510). - ACPI / watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM (bsc#1051510). - act_ife: fix a potential use-after-free (networking-stable-18_09_11). - Add the cherry-picked dup id for PCI dwc fix - Add version information to KLP_SYMBOLS file - ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write (bsc#1051510). - ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bsc#1051510). - ALSA: control: Fix race between adding and removing a user element (bsc#1051510). - ALSA: hda: Add 2 more models to the power_save blacklist (bsc#1051510). - ALSA: hda: Add ASRock N68C-S UCC the power_save blacklist (bsc#1051510). - ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905) (bsc#1051510). - ALSA: hda - Add quirk for ASUS G751 laptop (bsc#1051510). - ALSA: hda/ca0132 - Call pci_iounmap() instead of iounmap() (bsc#1051510). - ALSA: hda - Fix headphone pin config for ASUS G751 (bsc#1051510). - ALSA: hda: fix unused variable warning (bsc#1051510). - ALSA: hda/realtek - Add auto-mute quirk for HP Spectre x360 laptop (bsc#1051510). - ALSA: hda/realtek - Add GPIO data update helper (bsc#1051510). - ALSA: hda/realtek - Allow skipping spec->init_amp detection (bsc#1051510). - ALSA: hda/realtek - fix headset mic detection for MSI MS-B171 (bsc#1051510). - ALSA: hda/realtek - Fix HP Headset Mic can't record (bsc#1051510). - ALSA: hda/realtek - fix the pop noise on headphone for lenovo laptops (bsc#1051510). - ALSA: hda/realtek - Fix the problem of the front MIC on the Lenovo M715 (bsc#1051510). - ALSA: hda/realtek - Manage GPIO bits commonly (bsc#1051510). - ALSA: hda/realtek - Simplify Dell XPS13 GPIO handling (bsc#1051510). - ALSA: hda/realtek - Support ALC300 (bsc#1051510). - ALSA: oss: Use kvzalloc() for local buffer allocations (bsc#1051510). - ALSA: sparc: Fix invalid snd_free_pages() at error path (bsc#1051510). - ALSA: usb-audio: Add vendor and product name for Dell WD19 Dock (bsc#1051510). - ALSA: usb-audio: update quirk for B&W PX to remove microphone (bsc#1051510). - ALSA: wss: Fix invalid snd_free_pages() at error path (bsc#1051510). - amd/iommu: Fix Guest Virtual APIC Log Tail Address Register (bsc#1106105). - arm64: KVM: Move CPU ID reg trap setup off the world switch path (bsc#1110998). - arm64: KVM: Sanitize PSTATE.M when being set from userspace (bsc#1110998). - arm64: KVM: Tighten guest core register access from userspace (bsc#1110998). - ARM: dts: at91: add new compatibility string for macb on sama5d3 (bsc#1051510). - ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE to dwc (bsc#1085535) - ASoC: Intel: cht_bsw_max98090: add support for Baytrail (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0 (bsc#1051510). - ASoC: intel: skylake: Add missing break in skl_tplg_get_token() (bsc#1051510). - ASoC: Intel: Skylake: Reset the controller in probe (bsc#1051510). - ASoC: rsnd: adg: care clock-frequency size (bsc#1051510). - ASoC: rsnd: do not fallback to PIO mode when -EPROBE_DEFER (bsc#1051510). - ASoC: rt5514: Fix the issue of the delay volume applied again (bsc#1051510). - ASoC: sigmadsp: safeload should not have lower byte limit (bsc#1051510). - ASoC: sun8i-codec: fix crash on module removal (bsc#1051510). - ASoC: wm8804: Add ACPI support (bsc#1051510). - ata: Fix racy link clearance (bsc#1107866). - ataflop: fix error handling during setup (bsc#1051510). - ath10k: fix kernel panic issue during pci probe (bsc#1051510). - ath10k: fix scan crash due to incorrect length calculation (bsc#1051510). - ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait (bsc#1051510). - ath10k: schedule hardware restart if WMI command times out (bsc#1051510). - autofs: fix autofs_sbi() does not check super block type (git-fixes). - autofs: fix slab out of bounds read in getname_kernel() (git-fixes). - autofs: mount point create should honour passed in mode (git-fixes). - badblocks: fix wrong return value in badblocks_set if badblocks are disabled (git-fixes). - batman-adv: Avoid probe ELP information leak (bsc#1051510). - batman-adv: Expand merged fragment buffer for full packet (bsc#1051510). - batman-adv: fix backbone_gw refcount on queue_work() failure (bsc#1051510). - batman-adv: fix hardif_neigh refcount on queue_work() failure (bsc#1051510). - batman-adv: Use explicit tvlv padding for ELP packets (bsc#1051510). - bdi: Fix another oops in wb_workfn() (bsc#1112746). - bdi: Preserve kabi when adding cgwb_release_mutex (bsc#1112746). - bitops: protect variables in bit_clear_unless() macro (bsc#1051510). - bitops: protect variables in set_mask_bits() macro (bsc#1051510). - Blacklist commit that modifies Scsi_Host/kabi (bsc#1114579) - Blacklist sd_zbc patch that is too invasive (bsc#1114583) - Blacklist virtio patch that uses bio_integrity_bytes() (bsc#1114585) - blk-mq: I/O and timer unplugs are inverted in blktrace (bsc#1112713). - block, bfq: fix wrong init of saved start time for weight raising (bsc#1112708). - block: bfq: swap puts in bfqg_and_blkg_put (bsc#1112712). - block: copy ioprio in __bio_clone_fast() (bsc#1082653). - block: respect virtual boundary mask in bvecs (bsc#1113412). - Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bsc#1051510). - Bluetooth: SMP: fix crash in unpairing (bsc#1051510). - bnxt_en: Fix TX timeout during netpoll (networking-stable-18_10_16). - bnxt_en: free hwrm resources, if driver probe fails (networking-stable-18_10_16). - bonding: avoid possible dead-lock (networking-stable-18_10_16). - bonding: fix length of actor system (networking-stable-18_11_02). - bonding: fix warning message (networking-stable-18_10_16). - bonding: pass link-local packets to bonding master also (networking-stable-18_10_16). - bpf: fix partial copy of map_ptr when dst is scalar (bsc#1083647). - bpf, net: add skb_mac_header_len helper (networking-stable-18_09_24). - bpf/verifier: disallow pointer subtraction (bsc#1083647). - bpf: wait for running BPF programs when updating map-in-map (bsc#1083647). - brcmfmac: fix for proper support of 160MHz bandwidth (bsc#1051510). - brcmfmac: fix reporting support for 160 MHz channels (bsc#1051510). - brcmutil: really fix decoding channel info for 160 MHz bandwidth (bsc#1051510). - bridge: do not add port to router list when receives query with source 0.0.0.0 (networking-stable-18_11_02). - Btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency for bsc#1113667). - Btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667). - Btrfs: fix assertion failure during fsync in no-holes mode (bsc#1118136). - Btrfs: fix assertion on fsync of regular file when using no-holes feature (bsc#1118137). - Btrfs: fix cur_offset in the error case for nocow (bsc#1118140). - Btrfs: fix data corruption due to cloning of eof block (bsc#1116878). - Btrfs: fix deadlock on tree root leaf when finding free extent (bsc#1116876). - Btrfs: fix deadlock when writing out free space caches (bsc#1116700). - Btrfs: fix infinite loop on inode eviction after deduplication of eof block (bsc#1116877). - Btrfs: fix missing error return in btrfs_drop_snapshot (Git-fixes bsc#1109919). - Btrfs: fix null pointer dereference on compressed write path error (bsc#1116698). - Btrfs: fix use-after-free during inode eviction (bsc#1116701). - Btrfs: fix use-after-free when dumping free space (bsc#1116862). - Btrfs: fix warning when replaying log after fsync of a tmpfile (bsc#1116692). - Btrfs: fix wrong dentries after fsync of file that got its parent replaced (bsc#1116693). - Btrfs: handle errors while updating refcounts in update_ref_for_cow (Git-fixes bsc#1109915). - Btrfs: make sure we create all new block groups (bsc#1116699). - Btrfs: protect space cache inode alloc with GFP_NOFS (bsc#1116863). - Btrfs: send, fix infinite loop due to directory rename dependencies (bsc#1118138). - cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) (bsc#1051510). - can: dev: __can_get_echo_skb(): Do not crash the kernel if can_priv::echo_skb is accessed out of bounds (bsc#1051510). - can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() (bsc#1051510). - can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb (bsc#1051510). - can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length (bsc#1051510). - can: hi311x: Use level-triggered interrupt (bsc#1051510). - can: raw: check for CAN FD capable netdev in raw_sendmsg() (bsc#1051510). - can: rcar_can: Fix erroneous registration (bsc#1051510). - can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions (bsc#1051510). - cdc-acm: correct counting of UART states in serial state notification (bsc#1051510). - cdc-acm: do not reset notification buffer index upon urb unlinking (bsc#1051510). - cdc-acm: fix race between reset and control messaging (bsc#1051510). - ceph: avoid a use-after-free in ceph_destroy_options() (bsc#1111983). - ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839). - ceph: quota: fix null pointer dereference in quota check (bsc#1114839). - cfg80211: Address some corner cases in scan result channel updating (bsc#1051510). - cfg80211: fix use-after-free in reg_process_hint() (bsc#1051510). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902). - cifs: fix memory leak in SMB2_open() (bsc#1112894). - cifs: Fix use after free of a mid_q_entry (bsc#1112903). - clk: at91: Fix division by zero in PLL recalc_rate() (bsc#1051510). - clk: fixed-factor: fix of_node_get-put imbalance (bsc#1051510). - clk: fixed-rate: fix of_node_get-put imbalance (bsc#1051510). - clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk (bsc#1051510). - clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call (bsc#1051510). - clk: s2mps11: Add used attribute to s2mps11_dt_match (bsc#1051510). - clk: s2mps11: Fix matching when built as module and DT node contains compatible (bsc#1051510). - clk: samsung: exynos5420: Enable PERIS clocks for suspend (bsc#1051510). - clk: x86: add 'ether_clk' alias for Bay Trail / Cherry Trail (bsc#1051510). - clk: x86: Stop marking clocks as CLK_IS_CRITICAL (bsc#1051510). - clockevents/drivers/i8253: Add support for PIT shutdown quirk (bsc#1051510). - clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs (bsc#1051510). - clocksource/drivers/timer-atmel-pit: Properly handle error cases (bsc#1051510). - coda: fix 'kernel memory exposure attempt' in fsync (bsc#1051510). - configfs: replace strncpy with memcpy (bsc#1051510). - crypto: caam - fix implicit casts in endianness helpers (bsc#1051510). - crypto: chelsio - Fix memory corruption in DMA Mapped buffers (bsc#1051510). - crypto: lrw - Fix out-of bounds access on counter overflow (bsc#1051510). - crypto: simd - correctly take reqsize of wrapped skcipher into account (bsc#1051510). - crypto: tcrypt - fix ghash-generic speed test (bsc#1051510). - dax: Fix deadlock in dax_lock_mapping_entry() (bsc#1109951). - debugobjects: Make stack check warning more informative (bsc#1051510). - Documentation/l1tf: Fix small spelling typo (bsc#1051510). - Documentation/l1tf: Fix typos (bsc#1051510). - Documentation/l1tf: Remove Yonah processors from not vulnerable list (bsc#1051510). - do d_instantiate/unlock_new_inode combinations safely (git-fixes). - Do not leak MNT_INTERNAL away from internal mounts (git-fixes). - driver/dma/ioat: Call del_timer_sync() without holding prep_lock (bsc#1051510). - drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type (bsc#1051510). - drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 (bsc#1051510). - drm/amdgpu: Fix vce work queue was not cancelled when suspend (bsc#1106110) - drm/amdgpu/powerplay: fix missing break in switch statements (bsc#1113722) - drm/ast: change resolution may cause screen blurred (boo#1112963). - drm/ast: fixed cursor may disappear sometimes (bsc#1051510). - drm/ast: Fix incorrect free on ioregs (bsc#1051510). - drm/ast: Remove existing framebuffers before loading driver (boo#1112963) - drm/dp_mst: Check if primary mstb is null (bsc#1051510). - drm/dp_mst: Skip validating ports during destruction, just ref (bsc#1051510). - drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510). - drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl (bsc#1113722) - drm/edid: VSDB yCBCr420 Deep Color mode bit definitions (bsc#1051510). - drm: fb-helper: Reject all pixel format changing requests (bsc#1113722) - drm/hisilicon: hibmc: Do not carry error code in HiBMC framebuffer (bsc#1113722) - drm/hisilicon: hibmc: Do not overwrite fb helper surface depth (bsc#1113722) - drm/i915/audio: Hook up component bindings even if displays are (bsc#1113722) - drm/i915: Do not oops during modeset shutdown after lpe audio deinit (bsc#1051510). - drm/i915: Do not unset intel_connector->mst_port (bsc#1051510). - drm/i915/dp: Link train Fallback on eDP only if fallback link BW can fit panel's native mode (bsc#1051510). - drm/i915/execlists: Force write serialisation into context image vs execution (bsc#1051510). - drm/i915: Fix ilk+ watermarks when disabling pipes (bsc#1051510). - drm/i915/gen9+: Fix initial readout for Y tiled framebuffers (bsc#1113722) - drm/i915/glk: Add Quirk for GLK NUC HDMI port issues (bsc#1051510). - drm/i915/glk: Remove 99% limitation (bsc#1051510). - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bsc#1051510). - drm/i915: Large page offsets for pread/pwrite (bsc#1051510). - drm/i915: Mark pin flags as u64 (bsc#1051510). - drm/i915: Restore vblank interrupts earlier (bsc#1051510). - drm/i915: Skip vcpi allocation for MSTB ports that are gone (bsc#1051510). - drm/i915: Write GPU relocs harder with gen3 (bsc#1051510). - drm: mali-dp: Call drm_crtc_vblank_reset on device init (bsc#1051510). - drm/mediatek: fix OF sibling-node lookup (bsc#1106110) - drm/meson: add support for 1080p25 mode (bsc#1051510). - drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config (bsc#1051510). - drm/meson: Fix OOB memory accesses in meson_viu_set_osd_lut() (bsc#1051510). - drm/msm: fix OF child-node lookup (bsc#1106110) - drm/nouveau: Check backlight IDs are >= 0, not > 0 (bsc#1051510). - drm/nouveau: Do not disable polling in fallback mode (bsc#1103356). - drm/omap: fix memory barrier bug in DMM driver (bsc#1051510). - drm/rockchip: Allow driver to be shutdown on reboot/kexec (bsc#1051510). - drm/sti: do not remove the drm_bridge that was never added (bsc#1100132) - drm/sun4i: Fix an ulong overflow in the dotclock driver (bsc#1106110) - drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset() (bsc#1113722) - e1000: check on netif_running() before calling e1000_up() (bsc#1051510). - e1000: ensure to free old tx/rx rings in set_ringparam() (bsc#1051510). - EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting (bsc#1114279). - EDAC: Raise the maximum number of memory controllers (bsc#1113780). - EDAC, skx_edac: Fix logical channel intermediate decoding (bsc#1114279). - EDAC, thunderx: Fix memory leak in thunderx_l2c_threaded_isr() (bsc#1114279). - eeprom: at24: change nvmem stride to 1 (bsc#1051510). - eeprom: at24: check at24_read/write arguments (bsc#1051510). - eeprom: at24: correctly set the size for at24mac402 (bsc#1051510). - Enable LSPCON instead of blindly disabling HDMI - enic: do not call enic_change_mtu in enic_probe (bsc#1051510). - enic: handle mtu change for vf properly (bsc#1051510). - enic: initialize enic->rfs_h.lock in enic_probe (bsc#1051510). - ethtool: fix a privilege escalation bug (bsc#1076830). - ext2, dax: set ext2_dax_aops for dax files (bsc#1112554). - ext4: add missing brelse() add_new_gdb_meta_bg()'s error path (bsc#1117795). - ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path (bsc#1117794). - ext4: add missing brelse() update_backups()'s error path (bsc#1117796). - ext4: avoid arithemetic overflow that can trigger a BUG (bsc#1112736). - ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802). - ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty() (bsc#1117801). - ext4: avoid divide by zero fault when deleting corrupted inline directories (bsc#1112735). - ext4: avoid potential extra brelse in setup_new_flex_group_blocks() (bsc#1117792). - ext4: check for NUL characters in extended attribute's name (bsc#1112732). - ext4: check to make sure the rename(2)'s destination is not freed (bsc#1112734). - ext4: do not mark mmp buffer head dirty (bsc#1112743). - ext4: fix buffer leak in __ext4_read_dirblock() on error path (bsc#1117807). - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806). - ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing (bsc#1117798). - ext4: fix online resize's handling of a too-small final block group (bsc#1112739). - ext4: fix online resizing for bigalloc file systems with a 1k block size (bsc#1112740). - ext4: fix possible inode leak in the retry loop of ext4_resize_fs() (bsc#1117799). - ext4: fix possible leak of sbi->s_group_desc_leak in error path (bsc#1117803). - ext4: fix possible leak of s_journal_flag_rwsem in error path (bsc#1117804). - ext4: fix setattr project check in fssetxattr ioctl (bsc#1117789). - ext4: fix spectre gadget in ext4_mb_regular_allocator() (bsc#1112733). - ext4: fix use-after-free race in ext4_remount()'s error path (bsc#1117791). - ext4: initialize retries variable in ext4_da_write_inline_data_begin() (bsc#1117788). - ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR (bsc#1117790). - ext4: recalucate superblock checksum after updating free blocks/inodes (bsc#1112738). - ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805). - ext4: reset error code in ext4_find_entry in fallback (bsc#1112731). - ext4: show test_dummy_encryption mount option in /proc/mounts (bsc#1112741). - fbdev: fix broken menu dependencies (bsc#1113722) - fbdev/omapfb: fix omapfb_memory_read infoleak (bsc#1051510). - firmware: dcdbas: Add support for WSMT ACPI table (bsc#1089350 ). - firmware: dcdbas: include linux/io.h (bsc#1089350). - Fix kABI for 'Ensure we commit after writeback is complete' (bsc#1111809). - floppy: fix race condition in __floppy_read_block_0() (bsc#1051510). - flow_dissector: do not dissect l4 ports for fragments (networking-stable-18_11_21). - fscache: fix race between enablement and dropping of object (bsc#1107385). - fs: dcache: Avoid livelock between d_alloc_parallel and __d_add (git-fixes). - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() (git-fixes). - fs: dcache: Use READ_ONCE when accessing i_dir_seq (git-fixes). - fs: Make extension of struct super_block transparent (bsc#1117822). - fsnotify: Fix busy inodes during unmount (bsc#1117822). - fsnotify: fix ignore mask logic in fsnotify() (bsc#1115074). - fs/quota: Fix spectre gadget in do_quotactl (bsc#1112745). - ftrace: Fix debug preempt config name in stack_tracer_{en,dis}able (bsc#1117172). - ftrace: Fix kmemleak in unregister_ftrace_graph (bsc#1117181). - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bsc#1117174). - ftrace: Remove incorrect setting of glob search field (bsc#1117184). - genirq: Fix race on spurious interrupt detection (bsc#1051510). - getname_kernel() needs to make sure that ->name != ->iname in long case (git-fixes). - gpio: do not free unallocated ida on gpiochip_add_data_with_key() error path (bsc#1051510). - grace: replace BUG_ON by WARN_ONCE in exit_net hook (git-fixes). - gso_segment: Reset skb->mac_len after modifying network header (networking-stable-18_09_24). - hfsplus: do not return 0 when fill_super() failed (bsc#1051510). - hfsplus: stop workqueue when fill_super() failed (bsc#1051510). - hfs: prevent crash on exit from failed search (bsc#1051510). - HID: hiddev: fix potential Spectre v1 (bsc#1051510). - HID: hid-sensor-hub: Force logical minimum to 1 for power and report state (bsc#1051510). - HID: quirks: fix support for Apple Magic Keyboards (bsc#1051510). - HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report (bsc#1051510). - HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges (bsc#1051510). - hv: avoid crash in vmbus sysfs files (bnc#1108377). - hv_netvsc: fix schedule in RCU context (). - hv_netvsc: ignore devices that are not PCI (networking-stable-18_09_11). - hwmon: (core) Fix double-free in __hwmon_device_register() (bsc#1051510). - hwmon: (ibmpowernv) Remove bogus __init annotations (bsc#1051510). - hwmon: (ina2xx) Fix current value calculation (bsc#1051510). - hwmon (ina2xx) Fix NULL id pointer in probe() (bsc#1051510). - hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510). - hwmon: (pmbus) Fix page count auto-detection (bsc#1051510). - hwmon: (pwm-fan) Set fan speed to 0 on suspend (bsc#1051510). - hwmon: (raspberrypi) Fix initial notify (bsc#1051510). - hwmon: (w83795) temp4_type has writable permission (bsc#1051510). - hwrng: core - document the quality field (bsc#1051510). - hypfs_kill_super(): deal with failed allocations (bsc#1051510). - i2c: i2c-scmi: fix for i2c_smbus_write_block_data (bsc#1051510). - i2c: rcar: cleanup DMA for all kinds of failure (bsc#1051510). - ibmvnic: fix accelerated VLAN handling (). - ibmvnic: fix index in release_rx_pools (bsc#1115440, bsc#1115433). - ibmvnic: remove ndo_poll_controller (). - ibmvnic: Update driver queues after change in ring size support (). - iio: accel: adxl345: convert address field usage in iio_chan_spec (bsc#1051510). - iio: ad5064: Fix regulator handling (bsc#1051510). - iio: adc: at91: fix acking DRDY irq on simple conversions (bsc#1051510). - iio: adc: at91: fix wrong channel number in triggered buffer mode (bsc#1051510). - iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs() (bsc#1051510). - iio:st_magn: Fix enable device after trigger (bsc#1051510). - ima: fix showing large 'violations' or 'runtime_measurements_count' (bsc#1051510). - include/linux/pfn_t.h: force '~' to be parsed as an unary operator (bsc#1051510). - inet: make sure to grab rcu_read_lock before using ireq->ireq_opt (networking-stable-18_10_16). - Input: atakbd - fix Atari CapsLock behaviour (bsc#1051510). - Input: atakbd - fix Atari keymap (bsc#1051510). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bsc#1051510). - Input: synaptics - avoid using uninitialized variable when probing (bsc#1051510). - Input: xpad - add PDP device id 0x02a4 (bsc#1051510). - Input: xpad - add support for Xbox1 PDP Camo series gamepad (bsc#1051510). - Input: xpad - avoid using __set_bit() for capabilities (bsc#1051510). - Input: xpad - fix some coding style issues (bsc#1051510). - intel_th: pci: Add Ice Lake PCH support (bsc#1051510). - iommu/arm-smmu: Ensure that page-table updates are visible before TLBI (bsc#1106237). - iommu/arm-smmu: Error out only if not enough context interrupts (bsc#1106237). - iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105). - iommu/vt-d: Add definitions for PFSID (bsc#1106237). - iommu/vt-d: Fix dev iotlb pfsid use (bsc#1106237). - iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() (bsc#1106105). - iommu/vt-d: Fix scatterlist offset handling (bsc#1106237). - iommu/vt-d: Use memunmap to free memremap (bsc#1106105). - ip6_tunnel: be careful when accessing the inner header (networking-stable-18_10_16). - ip6_tunnel: Fix encapsulation layout (networking-stable-18_11_02). - ip6_vti: fix a null pointer deference when destroy vti6 tunnel (networking-stable-18_09_11). - ipmi: Fix timer race with module unload (bsc#1051510). - ip_tunnel: be careful when accessing the inner header (networking-stable-18_10_16). - ip_tunnel: do not force DF when MTU is locked (networking-stable-18_11_21). - ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu (networking-stable-18_11_21). - ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state (networking-stable-18_09_11). - ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF (networking-stable-18_11_21). - ipv6: fix possible use-after-free in ip6_xmit() (networking-stable-18_09_24). - ipv6: mcast: fix a use-after-free in inet6_mc_check (networking-stable-18_11_02). - ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called (networking-stable-18_11_02). - ipv6: take rcu lock in rawv6_send_hdrinc() (networking-stable-18_10_16). - iwlwifi: dbg: allow wrt collection before ALIVE (bsc#1051510). - iwlwifi: dbg: do not crash if the firmware crashes in the middle of a debug dump (bsc#1051510). - iwlwifi: do not WARN on trying to dump dead firmware (bsc#1051510). - iwlwifi: mvm: Allow TKIP for AP mode (bsc#1051510). - iwlwifi: mvm: check for n_profiles validity in EWRD ACPI (bsc#1051510). - iwlwifi: mvm: check for short GI only for OFDM (bsc#1051510). - iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() (bsc#1051510). - iwlwifi: mvm: clear HW_RESTART_REQUESTED when stopping the interface (bsc#1051510). - iwlwifi: mvm: do not use SAR Geo if basic SAR is not used (bsc#1051510). - iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510). - iwlwifi: mvm: fix regulatory domain update when the firmware starts (bsc#1051510). - iwlwifi: mvm: open BA session only when sta is authorized (bsc#1051510). - iwlwifi: mvm: send BCAST management frames to the right station (bsc#1051510). - iwlwifi: mvm: support sta_statistics() even on older firmware (bsc#1051510). - iwlwifi: pcie: avoid empty free RB queue (bsc#1051510). - iwlwifi: pcie: gen2: build A-MSDU only for GSO (bsc#1051510). - iwlwifi: pcie gen2: check iwl_pcie_gen2_set_tb() return value (bsc#1051510). - jbd2: fix use after free in jbd2_log_do_checkpoint() (bsc#1113257). - KABI fix for 'NFSv4.1: Fix up replays of interrupted requests' (git-fixes). - kABI: Hide get_msr_feature() in kvm_x86_ops (bsc#1106240). - KABI: hide new member in struct iommu_table from genksyms (bsc#1061840). - KABI: mask raw in struct bpf_reg_state (bsc#1083647). - KABI: powerpc: export __find_linux_pte as __find_linux_pte_or_hugepte (bsc#1061840). - KABI: powerpc: Revert npu callback signature change (bsc#1055120). - KABI: protect struct fib_nh_exception (kabi). - KABI: protect struct rtable (kabi). - KABI/severities: ignore __xive_vm_h_* KVM internal symbols. - Kbuild: fix # escaping in .cmd files for future Make (git-fixes). - kbuild: fix kernel/bounds.c 'W=1' warning (bsc#1051510). - kbuild: move '_all' target out of $(KBUILD_SRC) conditional (bsc#1114279). - kernfs: update comment about kernfs_path() return value (bsc#1051510). - kgdboc: Passing ekgdboc to command line causes panic (bsc#1051510). - kprobes/x86: Fix %p uses in error messages (bsc#1110006). - KVM: arm/arm64: Introduce vcpu_el1_is_32bit (bsc#1110998). - KVM: Make VM ioctl do valloc for some archs (bsc#1111506). - KVM: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240). - KVM: nVMX: move check_vmentry_postreqs() call to nested_vmx_enter_non_root_mode() (bsc#1106240). - KVM: PPC: Add pt_regs into kvm_vcpu_arch and move vcpu->arch.gpr[] into it (bsc#1061840). - KVM: PPC: Avoid marking DMA-mapped pages dirty in real mode (bsc#1061840). - KVM: PPC: Book3S: Add MMIO emulation for VMX instructions (bsc#1061840). - KVM: PPC: Book3S: Allow backing bigger guest IOMMU pages with smaller physical pages (bsc#1061840). - KVM: PPC: Book3S: Check KVM_CREATE_SPAPR_TCE_64 parameters (bsc#1061840). - KVM: PPC: Book3S: Eliminate some unnecessary checks (bsc#1061840). - KVM: PPC: Book3S: Fix compile error that occurs with some gcc versions (bsc#1061840). - KVM: PPC: Book3S: Fix matching of hardware and emulated TCE tables (bsc#1061840). - KVM: PPC: Book3S HV: Add of_node_put() in success path (bsc#1061840). - KVM: PPC: Book3S HV: Add 'online' register to ONE_REG interface (bsc#1061840). - KVM: PPC: Book3S HV: Allow creating max number of VCPUs on POWER9 (bsc#1061840). - KVM: PPC: Book3S HV: Allow HPT and radix on the same core for POWER9 v2.2 (bsc#1061840). - KVM: PPC: Book3S HV: Avoid crash from THP collapse during radix page fault (bsc#1061840). - KVM: PPC: Book3S HV: Avoid shifts by negative amounts (bsc#1061840). - KVM: PPC: Book3S HV: Check DR not IR to chose real vs virt mode MMIOs (bsc#1061840). - KVM: PPC: Book3S HV: Do not truncate HPTE index in xlate function (bsc#1061840). - KVM: PPC: Book3S HV: Do not use compound_order to determine host mapping size (bsc#1061840). - KVM: PPC: Book3S HV: Do not use existing 'prodded' flag for XIVE escalations (bsc#1061840). - KVM: PPC: Book 3S HV: Do ptesync in radix guest exit path (bsc#1061840). - KVM: PPC: Book3S HV: Do SLB load/unload with guest LPCR value loaded (bsc#1061840). - KVM: PPC: Book3S HV: Enable migration of decrementer register (bsc#1061840). - KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm (bsc#1061840). - KVM: PPC: Book3S HV: Fix conditions for starting vcpu (bsc#1061840). - KVM: PPC: Book3S HV: Fix constant size warning (bsc#1061840). - KVM: PPC: Book3S HV: Fix duplication of host SLB entries (bsc#1061840). - KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds (bsc#1061840). - KVM: PPC: Book3S HV: Fix handling of large pages in radix page fault handler (bsc#1061840). - KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing code (bsc#1061840). - KVM: PPC: Book3S HV: Fix inaccurate comment (bsc#1061840). - KVM: PPC: Book3S HV: Fix kvmppc_bad_host_intr for real mode interrupts (bsc#1061840). - KVM: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry (bsc#1061840). - KVM: PPC: Book3S HV: Fix typo in kvmppc_hv_get_dirty_log_radix() (bsc#1061840). - KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing (bsc#1061840). - KVM: PPC: Book3S HV: Handle 1GB pages in radix page fault handler (bsc#1061840). - KVM: PPC: Book3S HV: Improve handling of debug-trigger HMIs on POWER9 (bsc#1061840). - KVM: PPC: Book3S HV: Keep XIVE escalation interrupt masked unless ceded (bsc#1061840). - KVM: PPC: Book3S HV: Lockless tlbie for HPT hcalls (bsc#1061840). - KVM: PPC: Book3S HV: Make HPT resizing work on POWER9 (bsc#1061840). - KVM: PPC: Book3S HV: Make radix clear pte when unmapping (bsc#1061840). - KVM: PPC: Book3S HV: Make radix use correct tlbie sequence in kvmppc_radix_tlbie_page (bsc#1061840). - KVM: PPC: Book3S HV: Make xive_pushed a byte, not a word (bsc#1061840). - KVM: PPC: Book3S HV: Pack VCORE IDs to access full VCPU ID space (bsc#1061840). - KVM: PPC: Book3S HV: radix: Do not clear partition PTE when RC or write bits do not match (bsc#1061840). - KVM: PPC: Book3S HV: Radix page fault handler optimizations (bsc#1061840). - KVM: PPC: Book3S HV: radix: Refine IO region partition scope attributes (bsc#1061840). - KVM: PPC: Book3S HV: Read kvm->arch.emul_smt_mode under kvm->lock (bsc#1061840). - KVM: PPC: Book3S HV: Recursively unmap all page table entries when unmapping (bsc#1061840). - KVM: PPC: Book3S HV: Remove useless statement (bsc#1061840). - KVM: PPC: Book3S HV: Remove vcpu->arch.dec usage (bsc#1061840). - KVM: PPC: Book3S HV: Send kvmppc_bad_interrupt NMIs to Linux handlers (bsc#1061840). - KVM: PPC: Book3S HV: Set RWMR on POWER8 so PURR/SPURR count correctly (bsc#1061840). - KVM: PPC: Book3S HV: Snapshot timebase offset on guest entry (bsc#1061840). - KVM: PPC: Book3S HV: Streamline setting of reference and change bits (bsc#1061840). - KVM: PPC: Book3S HV: Use a helper to unmap ptes in the radix fault path (bsc#1061840). - KVM: PPC: Book3S HV: Use __gfn_to_pfn_memslot() in page fault handler (bsc#1061840). - KVM: PPC: Book3S HV: XIVE: Resend re-routed interrupts on CPU priority change (bsc#1061840). - KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm() (bsc#1061840). - KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file (bsc#1061840). - KVM: PPC: Book3S: Use correct page shift in H_STUFF_TCE (bsc#1061840). - KVM: PPC: Fix a mmio_host_swabbed uninitialized usage issue (bsc#1061840). - KVM: PPC: Make iommu_table::it_userspace big endian (bsc#1061840). - KVM: PPC: Move nip/ctr/lr/xer registers to pt_regs in kvm_vcpu_arch (bsc#1061840). - KVM: PPC: Use seq_puts() in kvmppc_exit_timing_show() (bsc#1061840). - KVM: s390: vsie: copy wrapping keys to right place (git-fixes). - KVM: SVM: Add MSR-based feature support for serializing LFENCE (bsc#1106240). - KVM: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb (bsc#1114279). - KVM: VMX: re-add ple_gap module parameter (bsc#1106240). - KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR (bsc#1106240). - KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry (bsc#1106240). - KVM: x86: Add a framework for supporting MSR-based features (bsc#1106240). - KVM: x86: define SVM/VMX specific kvm_arch_[alloc|free]_vm (bsc#1111506). - KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall (bsc#1106240). - KVM: X86: Introduce kvm_get_msr_feature() (bsc#1106240). - KVM/x86: kABI fix for vm_alloc/vm_free changes (bsc#1111506). - KVM: x86: Set highest physical address bits in non-present/reserved SPTEs (bsc#1106240). - libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839). - libceph: fall back to sendmsg for slab pages (bsc#1118316). - libertas: call into generic suspend code before turning off power (bsc#1051510). - libertas: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510). - libnvdimm, badrange: remove a WARN for list_empty (bsc#1112128). - libnvdimm, dimm: Maximize label transfer size (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm: Hold reference on parent while scheduling async init (bsc#1116891). - libnvdimm: Introduce locked DIMM capacity support (bsc#1112128). - libnvdimm, label: change nvdimm_num_label_slots per UEFI 2.7 (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm, label: Fix sparse warning (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm: move poison list functions to a new 'badrange' file (bsc#1112128). - libnvdimm/nfit_test: add firmware download emulation (bsc#1112128). - libnvdimm/nfit_test: adding support for unit testing enable LSS status (bsc#1112128). - libnvdimm, region: Fail badblocks listing for inactive regions (bsc#1116899). - libnvdimm, testing: Add emulation for smart injection commands (bsc#1112128). - libnvdimm, testing: update the default smart ctrl_temperature (bsc#1112128). - lib/ubsan: add type mismatch handler for new GCC/Clang (bsc#1051510). - lib/ubsan.c: s/missaligned/misaligned/ (bsc#1051510). - livepatch: create and include UAPI headers (). - llc: set SOCK_RCU_FREE in llc_sap_add_socket() (networking-stable-18_11_02). - lockd: fix 'list_add double add' caused by legacy signal interface (git-fixes). - loop: add recursion validation to LOOP_CHANGE_FD (bsc#1112711). - loop: do not call into filesystem while holding lo_ctl_mutex (bsc#1112710). - loop: fix LOOP_GET_STATUS lock imbalance (bsc#1113284). - mac80211: Always report TX status (bsc#1051510). - mac80211: fix TX status reporting for ieee80211s (bsc#1051510). - mac80211_hwsim: do not omit multicast announce of first added radio (bsc#1051510). - mac80211: minstrel: fix using short preamble CCK rates on HT clients (bsc#1051510). - mac80211: TDLS: fix skb queue/priority assignment (bsc#1051510). - mach64: detect the dot clock divider correctly on sparc (bsc#1051510). - mach64: fix display corruption on big endian machines (bsc#1113722) - mach64: fix image corruption due to reading accelerator registers (bsc#1113722) - mailbox: PCC: handle parse error (bsc#1051510). - make sure that __dentry_kill() always invalidates d_seq, unhashed or not (git-fixes). - md: allow metadata updates while suspending an array - fix (git-fixes). - MD: fix invalid stored role for a disk - try2 (git-fixes). - md: fix NULL dereference of mddev->pers in remove_and_add_spares() (git-fixes). - md/raid10: fix that replacement cannot complete recovery after reassemble (git-fixes). - md/raid1: add error handling of read error from FailFast device (git-fixes). - md/raid5-cache: disable reshape completely (git-fixes). - md/raid5: fix data corruption of replacements after originals dropped (git-fixes). - media: af9035: prevent buffer overflow on write (bsc#1051510). - media: cx231xx: fix potential sign-extension overflow on large shift (bsc#1051510). - media: dvb: fix compat ioctl translation (bsc#1051510). - media: em28xx: fix input name for Terratec AV 350 (bsc#1051510). - media: em28xx: use a default format if TRY_FMT fails (bsc#1051510). - media: pci: cx23885: handle adding to list failure (bsc#1051510). - media: tvp5150: avoid going past array on v4l2_querymenu() (bsc#1051510). - media: tvp5150: fix switch exit in set control handler (bsc#1051510). - media: tvp5150: fix width alignment during set_selection() (bsc#1051510). - media: uvcvideo: Fix uvc_alloc_entity() allocation alignment (bsc#1051510). - media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD (bsc#1051510). - media: vsp1: Fix YCbCr planar formats pitch calculation (bsc#1051510). - memory_hotplug: cond_resched in __remove_pages (bnc#1114178). - mfd: arizona: Correct calling of runtime_put_sync (bsc#1051510). - mfd: menelaus: Fix possible race condition and leak (bsc#1051510). - mfd: omap-usb-host: Fix dts probe of children (bsc#1051510). - mlxsw: spectrum: Fix IP2ME CPU policer configuration (networking-stable-18_11_21). - mmc: block: avoid multiblock reads for the last sector in SPI mode (bsc#1051510). - mmc: dw_mmc-rockchip: correct property names in debug (bsc#1051510). - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 (bsc#1051510). - mm: handle no memcg case in memcg_kmem_charge() properly (bnc#1113677). - mm/migrate: Use spin_trylock() while resetting rate limit (). - mm: /proc/pid/pagemap: hide swap entries from unprivileged users (Git-fixes bsc#1109907). - mm: rework memcg kernel stack accounting (bnc#1113677). - modpost: ignore livepatch unresolved relocations (). - mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts (bsc#1117819). - mount: Prevent MNT_DETACH from disconnecting locked mounts (bsc#1117820). - mount: Retest MNT_LOCKED in do_umount (bsc#1117818). - move changes without Git-commit out of sorted section - neighbour: confirm neigh entries when ARP packet is received (networking-stable-18_09_24). - net/af_iucv: drop inbound packets with invalid flags (bnc#1113501, LTC#172679). - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1113501, LTC#172679). - net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT (networking-stable-18_09_24). - net: aquantia: memory corruption on jumbo frames (networking-stable-18_10_16). - net: bcmgenet: Poll internal PHY for GENETv5 (networking-stable-18_11_02). - net: bcmgenet: protect stop from timeout (networking-stable-18_11_21). - net: bcmgenet: use MAC link status for fixed phy (networking-stable-18_09_11). - net: bridge: remove ipv6 zero address check in mcast queries (git-fixes). - net: dsa: bcm_sf2: Call setup during switch resume (networking-stable-18_10_16). - net: dsa: bcm_sf2: Fix unbind ordering (networking-stable-18_10_16). - net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1111696 bsc#1117561). - net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1111696 bsc#1117561). - net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1111696 bsc#1117561). - net: ena: complete host info to match latest ENA spec (bsc#1111696 bsc#1117561). - net: ena: enable Low Latency Queues (bsc#1111696 bsc#1117561). - net: ena: explicit casting and initialization, and clearer error handling (bsc#1111696 bsc#1117561). - net: ena: fix auto casting to boolean (bsc#1111696 bsc#1117561). - net: ena: fix compilation error in xtensa architecture (bsc#1111696 bsc#1117561). - net: ena: fix crash during failed resume from hibernation (bsc#1111696 bsc#1117561). - net: ena: fix indentations in ena_defs for better readability (bsc#1111696 bsc#1117561). - net: ena: Fix Kconfig dependency on X86 (bsc#1111696 bsc#1117561). - net: ena: fix NULL dereference due to untimely napi initialization (bsc#1111696 bsc#1117561). - net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1111696 bsc#1117561). - net: ena: fix warning in rmmod caused by double iounmap (bsc#1111696 bsc#1117561). - net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1111696 bsc#1117561). - net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1111696 bsc#1117561). - net: ena: minor performance improvement (bsc#1111696 bsc#1117561). - net: ena: remove ndo_poll_controller (bsc#1111696 bsc#1117561). - net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1111696 bsc#1117561). - net: ena: update driver version to 2.0.1 (bsc#1111696 bsc#1117561). - net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1111696 bsc#1117561). - net: fec: do not dump RX FIFO register when not available (networking-stable-18_11_02). - net-gro: reset skb->pkt_type in napi_reuse_skb() (networking-stable-18_11_21). - net: hns: fix for unmapping problem when SMMU is on (networking-stable-18_10_16). - net: hp100: fix always-true check for link up state (networking-stable-18_09_24). - net: ibm: fix return type of ndo_start_xmit function (). - net/ibmnvic: Fix deadlock problem in reset (). - net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431). - net: ipmr: fix unresolved entry dumps (networking-stable-18_11_02). - net: ipv4: do not let PMTU updates increase route MTU (git-fixes). - net/ipv6: Display all addresses in output of /proc/net/if_inet6 (networking-stable-18_10_16). - net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs (networking-stable-18_11_02). - netlabel: check for IPV4MASK in addrinfo_get (networking-stable-18_10_16). - net: macb: do not disable MDIO bus at open/close time (networking-stable-18_09_11). - net/mlx5: Check for error in mlx5_attach_interface (networking-stable-18_09_18). - net/mlx5e: Fix selftest for small MTUs (networking-stable-18_11_21). - net/mlx5e: Set vlan masks for all offloaded TC rules (networking-stable-18_10_16). - net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables (networking-stable-18_09_18). - net/mlx5: E-Switch, Fix out of bound access when setting vport rate (networking-stable-18_10_16). - net/mlx5: Fix debugfs cleanup in the device init/remove flow (networking-stable-18_09_18). - net/mlx5: Fix use-after-free in self-healing flow (networking-stable-18_09_18). - net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type (networking-stable-18_11_02). - net: mvpp2: Extract the correct ethtype from the skb for tx csum offload (networking-stable-18_10_16). - net: mvpp2: fix a txq_done race condition (networking-stable-18_10_16). - net/packet: fix packet drop as of virtio gso (networking-stable-18_10_16). - net: phy: mdio-gpio: Fix working over slow can_sleep GPIOs (networking-stable-18_11_21). - net: qca_spi: Fix race condition in spi transfers (networking-stable-18_09_18). - net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510). - net: sched: action_ife: take reference to meta module (networking-stable-18_09_11). - net/sched: act_pedit: fix dump of extended layered op (networking-stable-18_09_11). - net/sched: act_sample: fix NULL dereference in the data path (networking-stable-18_09_24). - net: sched: Fix for duplicate class dump (networking-stable-18_11_02). - net: sched: Fix memory exposure from short TCA_U32_SEL (networking-stable-18_09_11). - net: sched: gred: pass the right attribute to gred_change_table_def() (networking-stable-18_11_02). - net: smsc95xx: Fix MTU range (networking-stable-18_11_21). - net: socket: fix a missing-check bug (networking-stable-18_11_02). - net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules (networking-stable-18_11_02). - net: stmmac: Fixup the tail addr setting in xmit path (networking-stable-18_10_16). - net: systemport: Fix wake-up interrupt race during resume (networking-stable-18_10_16). - net: systemport: Protect stop from timeout (networking-stable-18_11_21). - net: udp: fix handling of CHECKSUM_COMPLETE packets (networking-stable-18_11_02). - net/usb: cancel pending work when unbinding smsc75xx (networking-stable-18_10_16). - NFC: nfcmrvl_uart: fix OF child-node lookup (bsc#1051510). - nfit_test: add error injection DSMs (bsc#1112128). - nfit_test: fix buffer overrun, add sanity check (bsc#1112128). - nfit_test: improve structure offset handling (bsc#1112128). - nfit_test: prevent parsing error of nfit_test.0 (bsc#1112128). - nfit_test: when clearing poison, also remove badrange entries (bsc#1112128). - nfp: wait for posted reconfigs when disabling the device (networking-stable-18_09_11). - NFS: Avoid quadratic search when freeing delegations (bsc#1084760). - NFS: Avoid RCU usage in tracepoints (git-fixes). - NFS: commit direct writes even if they fail partially (git-fixes). - nfsd4: permit layoutget of executable-only files (git-fixes). - nfsd: check for use of the closed special stateid (git-fixes). - nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0) (git-fixes). - nfsd: deal with revoked delegations appropriately (git-fixes). - nfsd: Ensure we check stateid validity in the seqid operation checks (git-fixes). - nfsd: Fix another OPEN stateid race (git-fixes). - nfsd: fix corrupted reply to badly ordered compound (git-fixes). - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (git-fixes). - nfsd: Fix stateid races between OPEN and CLOSE (git-fixes). - NFS: do not wait on commit in nfs_commit_inode() if there were no commit requests (git-fixes). - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir (git-fixes). - NFS: Ensure we commit after writeback is complete (bsc#1111809). - NFS: Fix an incorrect type in struct nfs_direct_req (git-fixes). - NFS: Fix a typo in nfs_rename() (git-fixes). - NFS: Fix typo in nomigration mount option (git-fixes). - NFS: Fix unstable write completion (git-fixes). - NFSv4.0 fix client reference leak in callback (git-fixes). - NFSv4.1: Fix a potential layoutget/layoutrecall deadlock (git-fixes). - NFSv4.1 fix infinite loop on I/O (git-fixes). - NFSv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY (git-fixes). - NFSv4.1: Fix up replays of interrupted requests (git-fixes). - NFSv4: Fix a typo in nfs41_sequence_process (git-fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT (bsc#1051510). - nospec: Include <asm/barrier.h> dependency (bsc#1114279). - nvdimm: Clarify comment in sizeof_namespace_index (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Remove empty if statement (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Sanity check labeloff (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Split label init out from the logic for getting config data (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Use namespace index data to reduce number of label reads needed (bsc#1111921, bsc#1113408, bsc#1113972). - nvme: Free ctrl device name on init failure (). - ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry (bsc#1117817). - ocfs2: fix locking for res->tracking and dlm->tracking_list (bsc#1117816). - ocfs2: fix ocfs2 read block panic (bsc#1117815). - ocfs2: free up write context when direct IO failed (bsc#1117821). - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (bsc#1117808). - of: add helper to lookup compatible child node (bsc#1106110) - openvswitch: Fix push/pop ethernet validation (networking-stable-18_11_02). - orangefs: fix deadlock; do not write i_size in read_iter (bsc#1051510). - orangefs: initialize op on loop restart in orangefs_devreq_read (bsc#1051510). - orangefs_kill_sb(): deal with allocation failures (bsc#1051510). - orangefs: use list_for_each_entry_safe in purge_waiting_ops (bsc#1051510). - PCI: Add Device IDs for Intel GPU 'spurious interrupt' quirk (bsc#1051510). - PCI/ASPM: Do not initialize link state when aspm_disabled is set (bsc#1051510). - PCI/ASPM: Fix link_state teardown on device removal (bsc#1051510). - PCI: dwc: remove duplicate fix References: bsc#1115269 Patch has been already applied by the following commit: 9f73db8b7c PCI: dwc: Fix enumeration end when reaching root subordinate (bsc#1051510) - PCI: hv: Do not wait forever on a device that has disappeared (bsc#1109806). - PCI: hv: Use effective affinity mask (bsc#1109772). - PCI: imx6: Fix link training status detection in link up check (bsc#1109806). - PCI: iproc: Remove PAXC slot check to allow VF support (bsc#1109806). - PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice (bsc#1051510). - PCI: Reprogram bridge prefetch registers on resume (bsc#1051510). - PCI: vmd: Assign vector zero to all bridges (bsc#1109806). - PCI: vmd: Detach resources after stopping root bus (bsc#1109806). - PCI: vmd: White list for fast interrupt handlers (bsc#1109806). - pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges (bsc#1051510). - percpu: make this_cpu_generic_read() atomic w.r.t. interrupts (bsc#1114279). - perf: fix invalid bit in diagnostic entry (git-fixes). - pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() (bsc#1051510). - pinctrl: meson: fix pinconf bias disable (bsc#1051510). - pinctrl: qcom: spmi-mpp: Fix drive strength setting (bsc#1051510). - pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux (bsc#1051510). - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant (bsc#1051510). - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant (bsc#1051510). - pipe: match pipe_max_size data type with procfs (git-fixes). - platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 (bsc#1051510). - platform/x86: intel_telemetry: report debugfs failure (bsc#1051510). - pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception (git-fixes). - pNFS: Do not release the sequence slot until we've processed layoutget on open (git-fixes). - pNFS: Prevent the layout header refcount going to zero in pnfs_roc() (git-fixes). - powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9 (bsc#1065729). - powerpc/boot: Fix opal console in boot wrapper (bsc#1065729). - powerpc/kvm/booke: Fix altivec related build break (bsc#1061840). - powerpc/kvm: Switch kvm pmd allocator to custom allocator (bsc#1061840). - powerpc/mm: Fix typo in comments (bsc#1065729). - powerpc/mm/hugetlb: initialize the pagetable cache correctly for hugetlb (bsc#1091800). - powerpc/mm/keys: Move pte bits to correct headers (bsc#1078248). - powerpc/mm: Rename find_linux_pte_or_hugepte() (bsc#1061840). - powerpc/npu-dma.c: Fix crash after __mmu_notifier_register failure (bsc#1055120). - powerpc/perf: Update raw-event code encoding comment for power8 (bsc#1065729). - powerpc/powernv: Add indirect levels to it_userspace (bsc#1061840). - powerpc/powernv: Do not select the cpufreq governors (bsc#1065729). - powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage (bsc#1055120). - powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled (bsc#1065729). - powerpc/powernv/ioda2: Reduce upper limit for DMA window size (bsc#1055120). - powerpc/powernv/ioda: Allocate indirect TCE levels on demand (bsc#1061840). - powerpc/powernv/ioda: Finish removing explicit max window size check (bsc#1061840). - powerpc/powernv/ioda: Remove explicit max window size check (bsc#1061840). - powerpc/powernv: Move TCE manupulation code to its own file (bsc#1061840). - powerpc/powernv/npu: Add lock to prevent race in concurrent context init/destroy (bsc#1055120). - powerpc/powernv/npu: Do not explicitly flush nmmu tlb (bsc#1055120). - powerpc/powernv/npu: Fix deadlock in mmio_invalidate() (bsc#1055120). - powerpc/powernv/npu: Prevent overwriting of pnv_npu2_init_contex() callback parameters (bsc#1055120). - powerpc/powernv/npu: Use flush_all_mm() instead of flush_tlb_mm() (bsc#1055120). - powerpc/powernv/pci: Work around races in PCI bridge enabling (bsc#1055120). - powerpc/powernv: Rework TCE level allocation (bsc#1061840). - powerpc/pseries: Fix build break for SPLPAR=n and CPU hotplug (bsc#1079524, git-fixes). - powerpc/pseries: Fix CONFIG_NUMA=n build (bsc#1067906, git-fixes). - powerpc/pseries: Fix DTL buffer registration (bsc#1065729). - powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1065729). - powerpc/pseries: Fix 'OF: ERROR: Bad of_node_put() on /cpus' during DLPAR (bsc#1113295). - powerpc/pseries/mobility: Extend start/stop topology update scope (bsc#1116950, bsc#1115709). - powerpc: pseries: remove dlpar_attach_node dependency on full path (bsc#1113295). - powerpc/xive: Move definition of ESB bits (bsc#1061840). - powerpc/xmon: Add ISA v3.0 SPRs to SPR dump (bsc#1061840). - power: supply: max8998-charger: Fix platform data retrieval (bsc#1051510). - pppoe: fix reception of frames with no mac header (networking-stable-18_09_24). - printk: drop in_nmi check from printk_safe_flush_on_panic() (bsc#1112170). - printk: Fix panic caused by passing log_buf_len to command line (bsc#1117168). - printk/tracing: Do not trace printk_nmi_enter() (bsc#1112208). - provide linux/set_memory.h (bsc#1113295). - ptp: fix Spectre v1 vulnerability (bsc#1051510). - pwm: lpss: Release runtime-pm reference from the driver's remove callback (bsc#1051510). - pxa168fb: prepare the clock (bsc#1051510). - qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface (bsc#1051510). - qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID (bsc#1051510). - qmi_wwan: Support dynamic config on Quectel EP06 (bsc#1051510). - qrtr: add MODULE_ALIAS macro to smd (bsc#1051510). - r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED (bsc#1051510). - r8169: fix NAPI handling under high load (networking-stable-18_11_02). - race of lockd inetaddr notifiers vs nlmsvc_rqst change (git-fixes). - RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 (git-fixes). - random: rate limit unseeded randomness warnings (git-fixes). - rculist: add list_for_each_entry_from_rcu() (bsc#1084760). - rculist: Improve documentation for list_for_each_entry_from_rcu() (bsc#1084760). - rds: fix two RCU related problems (networking-stable-18_09_18). - README: Clean-up trailing whitespace - reiserfs: add check to detect corrupted directory entry (bsc#1109818). - reiserfs: do not panic on bad directory entries (bsc#1109818). - remoteproc: qcom: Fix potential device node leaks (bsc#1051510). - rename a hv patch to reduce conflicts in -AZURE - reset: hisilicon: fix potential NULL pointer dereference (bsc#1051510). - reset: imx7: Fix always writing bits as 0 (bsc#1051510). - resource: Include resource end in walk_*() interfaces (bsc#1114279). - Revert 'ceph: fix dentry leak in splice_dentry()' (bsc#1114839). - Revert 'powerpc/64: Fix checksum folding in csum_add()' (bsc#1065729). - Revert 'rpm/kernel-binary.spec.in: allow unsupported modules for -extra' - Revert 'usb: dwc3: gadget: skip Set/Clear Halt when invalid' (bsc#1051510). - rpmsg: Correct support for MODULE_DEVICE_TABLE() (git-fixes). - rtnetlink: Disallow FDB configuration for non-Ethernet device (networking-stable-18_11_02). - rtnetlink: fix rtnl_fdb_dump() for ndmsg header (networking-stable-18_10_16). - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 (networking-stable-18_10_16). - s390/cpum_sf: Add data entry sizes to sampling trailer entry (git-fixes). - s390/kvm: fix deadlock when killed by oom (bnc#1113501, LTC#172235). - s390/mm: Check for valid vma before zapping in gmap_discard (git-fixes). - s390/mm: correct allocate_pgste proc_handler callback (git-fixes). - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1113501, LTC#172682). - s390/qeth: fix HiperSockets sniffer (bnc#1113501, LTC#172953). - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1113501, LTC#172682). - s390/qeth: handle failure on workqueue creation (git-fixes). - s390/qeth: report 25Gbit link speed (bnc#1113501, LTC#172959). - s390: revert ELF_ET_DYN_BASE base changes (git-fixes). - s390/sclp_tty: enable line mode tty even if there is an ascii console (git-fixes). - s390/sthyi: add cache to store hypervisor info (LTC#160415, bsc#1068273). - s390/sthyi: add s390_sthyi system call (LTC#160415, bsc#1068273). - s390/sthyi: reorganize sthyi implementation (LTC#160415, bsc#1068273). - sched/numa: Limit the conditions where scan period is reset (). - scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246). - scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246). - scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bsc#1114578). - scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1104731). - scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1104731). - scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731). - scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731). - scsi: libsas: remove irq save in sas_ata_qc_issue() (bsc#1114580). - scsi: lpfc: add support to retrieve firmware logs (bsc#1114015). - scsi: lpfc: add Trunking support (bsc#1114015). - scsi: lpfc: Correct errors accessing fw log (bsc#1114015). - scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 (bsc#1114015). - scsi: lpfc: Correct irq handling via locks when taking adapter offline (bsc#1114015). - scsi: lpfc: Correct LCB RJT handling (bsc#1114015). - scsi: lpfc: Correct loss of fc4 type on remote port address change (bsc#1114015). - scsi: lpfc: Correct race with abort on completion path (bsc#1114015). - scsi: lpfc: Correct soft lockup when running mds diagnostics (bsc#1114015). - scsi: lpfc: Correct speeds on SFP swap (bsc#1114015). - scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces (bsc#1114015). - scsi: lpfc: Fix errors in log messages (bsc#1114015). - scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN (bsc#1114015). - scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event (bsc#1114015). - scsi: lpfc: Fix lpfc_sli4_read_config return value check (bsc#1114015). - scsi: lpfc: Fix odd recovery in duplicate FLOGIs in point-to-point (bsc#1114015). - scsi: lpfc: Implement GID_PT on Nameserver query to support faster failover (bsc#1114015). - scsi: lpfc: Raise nvme defaults to support a larger io and more connectivity (bsc#1114015). - scsi: lpfc: raise sg count for nvme to use available sg resources (bsc#1114015). - scsi: lpfc: reduce locking when updating statistics (bsc#1114015). - scsi: lpfc: Remove set but not used variable 'sgl_size' (bsc#1114015). - scsi: lpfc: Reset link or adapter instead of doing infinite nameserver PLOGI retry (bsc#1114015). - scsi: lpfc: Synchronize access to remoteport via rport (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.7 (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.8 (bsc#1114015). - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1114581). - scsi: scsi_transport_srp: Fix shost to rport translation (bsc#1114582). - scsi: sg: fix minor memory leak in error path (bsc#1114584). - scsi: sysfs: Introduce sysfs_{un,}break_active_protection() (bsc#1114578). - scsi: target: Fix fortify_panic kernel exception (bsc#1114576). - scsi: target/tcm_loop: Avoid that static checkers warn about dead code (bsc#1114577). - scsi: target: tcmu: add read length support (bsc#1097755). - sctp: fix race on sctp_id2asoc (networking-stable-18_11_02). - sctp: fix strchange_flags name for Stream Change Event (networking-stable-18_11_21). - sctp: hold transport before accessing its asoc in sctp_transport_get_next (networking-stable-18_09_11). - sctp: not allow to set asoc prsctp_enable by sockopt (networking-stable-18_11_21). - sctp: not increase stream's incnt before sending addstrm_in request (networking-stable-18_11_21). - sctp: update dst pmtu with the correct daddr (networking-stable-18_10_16). - serial: 8250: Fix clearing FIFOs in RS485 mode again (bsc#1051510). - signal: Properly deliver SIGSEGV from x86 uprobes (bsc#1110006). - skip LAYOUTRETURN if layout is invalid (git-fixes). - smb2: fix missing files in root share directory listing (bsc#1112907). - smb2: fix missing files in root share directory listing (bsc#1112907). - smb3: fill in statfs fsid and correct namelen (bsc#1112905). - smb3: fill in statfs fsid and correct namelen (bsc#1112905). - smb3: fix reset of bytes read and written stats (bsc#1112906). - smb3: fix reset of bytes read and written stats (bsc#1112906). - smb3: on reconnect set PreviousSessionId field (bsc#1112899). - smb3: on reconnect set PreviousSessionId field (bsc#1112899). - soc: fsl: qbman: qman: avoid allocating from non existing gen_pool (bsc#1051510). - soc/tegra: pmc: Fix child-node lookup (bsc#1051510). - soc: ti: QMSS: Fix usage of irq_set_affinity_hint (bsc#1051510). - sound: do not call skl_init_chip() to reset intel skl soc (bsc#1051510). - sound: enable interrupt after dma buffer initialization (bsc#1051510). - spi/bcm63xx-hsspi: keep pll clk enabled (bsc#1051510). - spi: bcm-qspi: switch back to reading flash using smaller chunks (bsc#1051510). - spi: sh-msiof: fix deferred probing (bsc#1051510). - staging: comedi: ni_mio_common: protect register write overflow (bsc#1051510). - staging:iio:ad7606: fix voltage scales (bsc#1051510). - staging: rtl8723bs: Fix the return value in case of error in 'rtw_wx_read32()' (bsc#1051510). - staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510). - sunrpc: Allow connect to return EHOSTUNREACH (git-fixes). - sunrpc: Do not use stack buffer with scatterlist (git-fixes). - sunrpc: Fix rpc_task_begin trace point (git-fixes). - sunrpc: Fix tracepoint storage issues with svc_recv and svc_rqst_status (git-fixes). - target: fix buffer offset in core_scsi3_pri_read_full_status (bsc1117349). - target: log Data-Out timeouts as errors (bsc#1095805). - target: log NOP ping timeouts as errors (bsc#1095805). - target: split out helper for cxn timeout error stashing (bsc#1095805). - target: stash sess_err_stats on Data-Out timeout (bsc#1095805). - target: use ISCSI_IQN_LEN in iscsi_target_stat (bsc#1095805). - tcp: do not restart timewait timer on rst reception (networking-stable-18_09_11). - test_firmware: fix error return getting clobbered (bsc#1051510). - tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths (networking-stable-18_11_21). - thermal: bcm2835: enable hwmon explicitly (bsc#1108468). - thermal: da9062/61: Prevent hardware access during system suspend (bsc#1051510). - thermal: rcar_thermal: Prevent hardware access during system suspend (bsc#1051510). - tipc: do not assume linear buffer when reading ancillary data (networking-stable-18_11_21). - tipc: fix a missing rhashtable_walk_exit() (networking-stable-18_09_11). - tipc: fix flow control accounting for implicit connect (networking-stable-18_10_16). - tools build: fix # escaping in .cmd files for future Make (git-fixes). - tools/testing/nvdimm: advertise a write cache for nfit_test (bsc#1112128). - tools/testing/nvdimm: allow custom error code injection (bsc#1112128). - tools/testing/nvdimm: disable labels for nfit_test.1 (bsc#1112128). - tools/testing/nvdimm: enable labels for nfit_test.1 dimms (bsc#1112128). - tools/testing/nvdimm: fix missing newline in nfit_test_dimm 'handle' attribute (bsc#1112128). - tools/testing/nvdimm: Fix support for emulating controller temperature (bsc#1112128). - tools/testing/nvdimm: force nfit_test to depend on instrumented modules (bsc#1112128). - tools/testing/nvdimm: improve emulation of smart injection (bsc#1112128). - tools/testing/nvdimm: kaddr and pfn can be NULL to ->direct_access() (bsc#1112128). - tools/testing/nvdimm: Make DSM failure code injection an override (bsc#1112128). - tools/testing/nvdimm: smart alarm/threshold control (bsc#1112128). - tools/testing/nvdimm: stricter bounds checking for error injection commands (bsc#1112128). - tools/testing/nvdimm: support nfit_test_dimm attributes under nfit_test.1 (bsc#1112128). - tools/testing/nvdimm: unit test clear-error commands (bsc#1112128). - tools/vm/page-types.c: fix 'defined but not used' warning (bsc#1051510). - tools/vm/slabinfo.c: fix sign-compare warning (bsc#1051510). - tpm2-cmd: allow more attempts for selftest execution (bsc#1082555). - tpm: add retry logic (bsc#1082555). - tpm: consolidate the TPM startup code (bsc#1082555). - tpm: do not suspend/resume if power stays on (bsc#1082555). - tpm: fix intermittent failure with self tests (bsc#1082555). - tpm: fix response size validation in tpm_get_random() (bsc#1082555). - tpm: move endianness conversion of ordinals to tpm_input_header (bsc#1082555). - tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to tpm_input_header (bsc#1082555). - tpm: move the delay_msec increment after sleep in tpm_transmit() (bsc#1082555). - tpm: React correctly to RC_TESTING from TPM 2.0 self tests (bsc#1082555). - tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers (bsc#1082555). - tpm: Restore functionality to xen vtpm driver (bsc#1082555). - tpm: self test failure should not cause suspend to fail (bsc#1082555). - tpm: tpm-interface: fix tpm_transmit/_cmd kdoc (bsc#1082555). - tpm: Trigger only missing TPM 2.0 self tests (bsc#1082555). - tpm: Use dynamic delay to wait for TPM 2.0 self test result (bsc#1082555). - tpm: use tpm2_pcr_read() in tpm2_do_selftest() (bsc#1082555). - tpm: use tpm_buf functions in tpm2_pcr_read() (bsc#1082555). - tracing: Add barrier to trace_printk() buffer nesting modification (bsc#1112219). - tracing: Apply trace_clock changes to instance max buffer (bsc#1117188). - tracing: Erase irqsoff trace with empty write (bsc#1117189). - tty: check name length in tty_find_polling_driver() (bsc#1051510). - tty: Do not block on IO when ldisc change is pending (bnc#1105428). - tty: fix data race between tty_init_dev and flush of buf (bnc#1105428). - tty: Hold tty_ldisc_lock() during tty_reopen() (bnc#1105428). - tty/ldsem: Add lockdep asserts for ldisc_sem (bnc#1105428). - tty/ldsem: Convert to regular lockdep annotations (bnc#1105428). - tty/ldsem: Decrement wait_readers on timeouted down_read() (bnc#1105428). - tty/ldsem: Wake up readers after timed out down_write() (bnc#1105428). - tty: Simplify tty->count math in tty_reopen() (bnc#1105428). - tty: wipe buffer (bsc#1051510). - tty: wipe buffer if not echoing data (bsc#1051510). - tun: Consistently configure generic netdev params via rtnetlink (bsc#1051510). - tuntap: fix multiqueue rx (networking-stable-18_11_21). - udp4: fix IP_CMSG_CHECKSUM for connected sockets (networking-stable-18_09_24). - udp6: add missing checks on edumux packet processing (networking-stable-18_09_24). - udp6: fix encap return code for resubmitting (git-fixes). - uio: ensure class is registered before devices (bsc#1051510). - uio: Fix an Oops on load (bsc#1051510). - uio: make symbol 'uio_class_registered' static (bsc#1051510). - Update config files. Enabled ENA (Amazon network driver) for arm64. - usb: cdc-acm: add entry for Hiro (Conexant) modem (bsc#1051510). - usb: chipidea: Prevent unbalanced IRQ disable (bsc#1051510). - usb: core: Fix hub port connection events lost (bsc#1051510). - usb: dwc2: host: do not delay retries for CONTROL IN transfers (bsc#1114385). - usb: dwc2: host: Do not retry NAKed transactions right away (bsc#1114385). - usb: dwc3: core: Clean up ULPI device (bsc#1051510). - usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers (bsc#1051510). - usb: dwc3: gadget: Properly check last unaligned/zero chain TRB (bsc#1051510). - usb: gadget: fsl_udc_core: check allocation return value and cleanup on failure (bsc#1051510). - usb: gadget: fsl_udc_core: fixup struct_udc_setup documentation (bsc#1051510). - usb: gadget: storage: Fix Spectre v1 vulnerability (bsc#1051510). - usb: gadget: udc: atmel: handle at91sam9rl PMC (bsc#1051510). - usb: gadget: u_ether: fix unsafe list iteration (bsc#1051510). - usb: host: ohci-at91: fix request of irq for optional gpio (bsc#1051510). - usbip: tools: fix atoi() on non-null terminated string (bsc#1051510). - usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten (bsc#1051510). - usb: misc: appledisplay: add 20' Apple Cinema Display (bsc#1051510). - usbnet: smsc95xx: disable carrier check while suspending (bsc#1051510). - usb: omap_udc: fix rejection of out transfers when DMA is used (bsc#1051510). - usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bsc#1051510). - usb: quirks: Add no-lpm quirk for Raydium touchscreens (bsc#1051510). - usb: remove LPM management from usb_driver_claim_interface() (bsc#1051510). - usb: serial: cypress_m8: fix interrupt-out transfer length (bsc#1051510). - usb: serial: option: add two-endpoints device-id flag (bsc#1051510). - usb: serial: option: drop redundant interface-class test (bsc#1051510). - usb: serial: option: improve Quectel EP06 detection (bsc#1051510). - usb: xhci: fix timeout for transition from RExit to U0 (bsc#1051510). - userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access (bsc#1109739). - Use upstream version of pci-hyperv patch (35a88a1) - VFS: close race between getcwd() and d_move() (git-fixes). - VFS: fix freeze protection in mnt_want_write_file() for overlayfs (git-fixes). - vhost: Fix Spectre V1 vulnerability (bsc#1051510). - vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bsc#1051510). - virtio_net: avoid using netif_tx_disable() for serializing tx routine (networking-stable-18_11_02). - VMCI: Resource wildcard match fixed (bsc#1051510). - w1: omap-hdq: fix missing bus unregister at removal (bsc#1051510). - Workaround for mysterious NVMe breakage with i915 CFL (bsc#1111040). - x86/acpi: Prevent X2APIC id 0xffffffff from being accounted (bsc#1110006). - x86/boot/KASLR: Work around firmware bugs by excluding EFI_BOOT_SERVICES_* and EFI_LOADER_* from KASLR's choice (bnc#1112878). - x86/boot: Move EISA setup to a separate file (bsc#1110006). - x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided (bsc#1110006). - x86/cpufeature: Add User-Mode Instruction Prevention definitions (bsc#1110006). - x86/cpufeatures: Add Intel Total Memory Encryption cpufeature (bsc#1110006). - x86/cpu/vmware: Do not trace vmware_sched_clock() (bsc#1114279). - x86/eisa: Add missing include (bsc#1110006). - x86/EISA: Do not probe EISA bus for Xen PV guests (bsc#1110006). - x86/fpu: Remove second definition of fpu in __fpu__restore_sig() (bsc#1110006). - x86, hibernate: Fix nosave_regions setup for hibernation (bsc#1110006). - x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772). - x86/kasan: Panic if there is not enough memory to boot (bsc#1110006). - x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error (bsc#1114279). - x86/ldt: Remove unused variable in map_ldt_struct() (bsc#1114279). - x86/ldt: Split out sanity check in map_ldt_struct() (bsc#1114279). - x86/ldt: Unmap PTEs for the slot before freeing LDT pages (bsc#1114279). - x86/MCE/AMD: Fix the thresholding machinery initialization order (bsc#1114279). - x86/MCE: Fix stack out-of-bounds write in mce-inject.c: Flags_read() (bsc#1110006). - x86/MCE: Make correctable error detection look at the Deferred bit (bsc#1114279). - x86/mm/pat: Disable preemption around __flush_tlb_all() (bsc#1114279). - x86, nfit_test: Add unit test for memcpy_mcsafe() (bsc#1112128). - x86/paravirt: Fix some warning messages (bnc#1065600). - x86/percpu: Fix this_cpu_read() (bsc#1110006). - x86/speculation: Support Enhanced IBRS on future CPUs (). - x86/time: Correct the attribute on jiffies' definition (bsc#1110006). - x86/xen: Fix boot loader version reported for PVH guests (bnc#1065600). - xen/balloon: Support xend-based toolstack (bnc#1065600). - xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062). - xen: fix race in xen_qlock_wait() (bnc#1107256). - xen: fix xen_qlock_wait() (bnc#1107256). - xen/gntdev: avoid out of bounds access in case of partial gntdev_mmap() (bnc#1065600). - xen: make xen_qlock_wait() nestable (bnc#1107256). - xen/netfront: do not bug in case of too many frags (bnc#1104824). - xen/pvh: do not try to unplug emulated devices (bnc#1065600). - xen/pvh: increase early stack size (bnc#1065600). - xen: Remove unnecessary BUG_ON from __unbind_from_irq() (bnc#1065600). - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent (bnc#1065600). - xen-swiotlb: use actually allocated size on check physical continuous (bnc#1065600). - xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfs: do not fail when converting shortform attr to long form during ATTR_REPLACE (bsc#1105025). - xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes). - xfs: Properly detect when DAX won't be used on any device (bsc#1115976). - xhci: Add check for invalid byte size error when UAS devices are connected (bsc#1051510). - xhci: Do not print a warning when setting link state for disabled ports (bsc#1051510). - xhci: Fix leaking USB3 shared_hcd at xhci removal (bsc#1051510). - xprtrdma: Do not defer fencing an async RPC's chunks (git-fixes). Important SUSE bug 1051510 SUSE bug 1055120 SUSE bug 1061840 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1066674 SUSE bug 1067906 SUSE bug 1068273 SUSE bug 1076830 SUSE bug 1078248 SUSE bug 1079524 SUSE bug 1082555 SUSE bug 1082653 SUSE bug 1083647 SUSE bug 1084760 SUSE bug 1084831 SUSE bug 1085535 SUSE bug 1086196 SUSE bug 1089350 SUSE bug 1091800 SUSE bug 1094825 SUSE bug 1095805 SUSE bug 1097755 SUSE bug 1100132 SUSE bug 1103356 SUSE bug 1103925 SUSE bug 1104124 SUSE bug 1104731 SUSE bug 1104824 SUSE bug 1105025 SUSE bug 1105428 SUSE bug 1106105 SUSE bug 1106110 SUSE bug 1106237 SUSE bug 1106240 SUSE bug 1107256 SUSE bug 1107385 SUSE bug 1107866 SUSE bug 1108377 SUSE bug 1108468 SUSE bug 1109330 SUSE bug 1109739 SUSE bug 1109772 SUSE bug 1109806 SUSE bug 1109818 SUSE bug 1109907 SUSE bug 1109911 SUSE bug 1109915 SUSE bug 1109919 SUSE bug 1109951 SUSE bug 1110006 SUSE bug 1110998 SUSE bug 1111040 SUSE bug 1111062 SUSE bug 1111174 SUSE bug 1111506 SUSE bug 1111696 SUSE bug 1111809 SUSE bug 1111921 SUSE bug 1111983 SUSE bug 1112128 SUSE bug 1112170 SUSE bug 1112173 SUSE bug 1112208 SUSE bug 1112219 SUSE bug 1112221 SUSE bug 1112246 SUSE bug 1112372 SUSE bug 1112514 SUSE bug 1112554 SUSE bug 1112708 SUSE bug 1112710 SUSE bug 1112711 SUSE bug 1112712 SUSE bug 1112713 SUSE bug 1112731 SUSE bug 1112732 SUSE bug 1112733 SUSE bug 1112734 SUSE bug 1112735 SUSE bug 1112736 SUSE bug 1112738 SUSE bug 1112739 SUSE bug 1112740 SUSE bug 1112741 SUSE bug 1112743 SUSE bug 1112745 SUSE bug 1112746 SUSE bug 1112878 SUSE bug 1112894 SUSE bug 1112899 SUSE bug 1112902 SUSE bug 1112903 SUSE bug 1112905 SUSE bug 1112906 SUSE bug 1112907 SUSE bug 1112963 SUSE bug 1113257 SUSE bug 1113284 SUSE bug 1113295 SUSE bug 1113408 SUSE bug 1113412 SUSE bug 1113501 SUSE bug 1113667 SUSE bug 1113677 SUSE bug 1113722 SUSE bug 1113751 SUSE bug 1113769 SUSE bug 1113780 SUSE bug 1113972 SUSE bug 1114015 SUSE bug 1114178 SUSE bug 1114279 SUSE bug 1114385 SUSE bug 1114576 SUSE bug 1114577 SUSE bug 1114578 SUSE bug 1114579 SUSE bug 1114580 SUSE bug 1114581 SUSE bug 1114582 SUSE bug 1114583 SUSE bug 1114584 SUSE bug 1114585 SUSE bug 1114839 SUSE bug 1115074 SUSE bug 1115269 SUSE bug 1115431 SUSE bug 1115433 SUSE bug 1115440 SUSE bug 1115567 SUSE bug 1115709 SUSE bug 1115976 SUSE bug 1116183 SUSE bug 1116692 SUSE bug 1116693 SUSE bug 1116698 SUSE bug 1116699 SUSE bug 1116700 SUSE bug 1116701 SUSE bug 1116862 SUSE bug 1116863 SUSE bug 1116876 SUSE bug 1116877 SUSE bug 1116878 SUSE bug 1116891 SUSE bug 1116895 SUSE bug 1116899 SUSE bug 1116950 SUSE bug 1117168 SUSE bug 1117172 SUSE bug 1117174 SUSE bug 1117181 SUSE bug 1117184 SUSE bug 1117188 SUSE bug 1117189 SUSE bug 1117349 SUSE bug 1117561 SUSE bug 1117788 SUSE bug 1117789 SUSE bug 1117790 SUSE bug 1117791 SUSE bug 1117792 SUSE bug 1117794 SUSE bug 1117795 SUSE bug 1117796 SUSE bug 1117798 SUSE bug 1117799 SUSE bug 1117801 SUSE bug 1117802 SUSE bug 1117803 SUSE bug 1117804 SUSE bug 1117805 SUSE bug 1117806 SUSE bug 1117807 SUSE bug 1117808 SUSE bug 1117815 SUSE bug 1117816 SUSE bug 1117817 SUSE bug 1117818 SUSE bug 1117819 SUSE bug 1117820 SUSE bug 1117821 SUSE bug 1117822 SUSE bug 1118102 SUSE bug 1118136 SUSE bug 1118137 SUSE bug 1118138 SUSE bug 1118140 SUSE bug 1118152 SUSE bug 1118316 CVE-2017-16533 CVE-2017-18224 CVE-2018-18281 CVE-2018-18386 CVE-2018-18445 CVE-2018-18710 CVE-2018-19824 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for ghostscript to version 9.26 fixes the following issues: Security issues fixed: - CVE-2018-19475: Fixed bypass of an intended access restriction in psi/zdevice2.c (bsc#1117327) - CVE-2018-19476: Fixed bypass of an intended access restriction in psi/zicc.c (bsc#1117313) - CVE-2018-19477: Fixed bypass of an intended access restriction in psi/zfjbig2.c (bsc#1117274) - CVE-2018-19409: Check if another device is used correctly in LockSafetyParams (bsc#1117022) - CVE-2018-18284: Fixed potential sandbox escape through 1Policy operator (bsc#1112229) - CVE-2018-18073: Fixed leaks through operator in saved execution stacks (bsc#1111480) - CVE-2018-17961: Fixed a -dSAFER sandbox escape by bypassing executeonly (bsc#1111479) - CVE-2018-17183: Fixed a potential code injection by specially crafted PostScript files (bsc#1109105) Version update to 9.26 (bsc#1117331): - Security issues have been the primary focus - Minor bug fixes and improvements - For release summary see: http://www.ghostscript.com/doc/9.26/News.htm Important SUSE bug 1109105 SUSE bug 1111479 SUSE bug 1111480 SUSE bug 1112229 SUSE bug 1117022 SUSE bug 1117274 SUSE bug 1117313 SUSE bug 1117327 SUSE bug 1117331 CVE-2018-17183 CVE-2018-17961 CVE-2018-18073 CVE-2018-18284 CVE-2018-19409 CVE-2018-19475 CVE-2018-19476 CVE-2018-19477 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for cups fixes the following issues: Security issue fixed: - CVE-2018-4700: Fixed extremely predictable cookie generation that is effectively breaking the CSRF protection of the CUPS web interface (bsc#1115750). Important SUSE bug 1115750 CVE-2018-4700 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for tcpdump fixes the following issues: Security issues fixed: - CVE-2018-19519: Fixed a stack-based buffer over-read in the print_prefix function (bsc#1117267) Moderate SUSE bug 1117267 CVE-2018-19519 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for openldap2 fixes the following issues: Security issue fixed: - CVE-2017-17740: When both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. (bsc#1073313) Moderate SUSE bug 1073313 CVE-2017-17740 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libqt5-qtbase fixes the following issues: Security issues fixed: - CVE-2018-15518: Fixed double free in QXmlStreamReader (bsc#1118595) - CVE-2018-19873: Fixed Denial of Service on malformed BMP file in QBmpHandler (bsc#1118596) Moderate SUSE bug 1118595 SUSE bug 1118596 CVE-2018-15518 CVE-2018-19873 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for qemu fixes the following issues: Security issues fixed: - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910). - CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222). - CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006). - CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010). - CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013) - CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422). - CVE-2018-16847: Fixed an out of bounds r/w buffer access in cmb operations (bsc#1114529). Non-security issue fixed: - Fixed a condition when retry logic does not have been executed in case of data transmit failure or connection hungup (bsc#1108474). Moderate SUSE bug 1106222 SUSE bug 1108474 SUSE bug 1110910 SUSE bug 1111006 SUSE bug 1111010 SUSE bug 1111013 SUSE bug 1114422 SUSE bug 1114529 CVE-2018-10839 CVE-2018-15746 CVE-2018-16847 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18849 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for bluez fixes the following issues: Security issues fixed: - CVE-2016-9800: Fixed a buffer overflow in the pin_code_reply_dump function (bsc#1013721) - CVE-2016-9801: Fixed a buffer overflow in the set_ext_ctrl function (bsc#1013732) Moderate SUSE bug 1013721 SUSE bug 1013732 CVE-2016-9800 CVE-2016-9801 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for ovmf fixes the following issues: Security issues fixed: - CVE-2018-3613: Fixed AuthVariable Timestamp zeroing issue on APPEND_WRITE (bsc#1115916). - CVE-2017-5731: Fixed privilege escalation via processing of malformed files in TianoCompress.c (bsc#1115917). - CVE-2017-5732: Fixed privilege escalation via processing of malformed files in BaseUefiDecompressLib.c (bsc#1115917). - CVE-2017-5733: Fixed privilege escalation via heap-based buffer overflow in MakeTable() function (bsc#1115917). - CVE-2017-5734: Fixed privilege escalation via stack-based buffer overflow in MakeTable() function (bsc#1115917). - CVE-2017-5735: Fixed privilege escalation via heap-based buffer overflow in Decode() function (bsc#1115917). Non security issues fixed: - Fixed an issue with the default owner of PK/KEK/db/dbx and make the auto-enrollment only happen at the very first time. (bsc#1117998) Moderate SUSE bug 1115916 SUSE bug 1115917 SUSE bug 1117998 CVE-2017-5731 CVE-2017-5732 CVE-2017-5733 CVE-2017-5734 CVE-2017-5735 CVE-2018-3613 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-19210: Fixed NULL pointer dereference in the TIFFWriteDirectorySec function (bsc#1115717). - CVE-2017-12944: Fixed denial of service issue in the TIFFReadDirEntryArray function (bsc#1054594). - CVE-2016-10094: Fixed heap-based buffer overflow in the _tiffWriteProc function (bsc#1017693). - CVE-2016-10093: Fixed heap-based buffer overflow in the _TIFFmemcpy function (bsc#1017693). - CVE-2016-10092: Fixed heap-based buffer overflow in the TIFFReverseBits function (bsc#1017693). - CVE-2016-6223: Fixed out-of-bounds read on memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1() (bsc#990460). Moderate SUSE bug 1017693 SUSE bug 1054594 SUSE bug 1115717 SUSE bug 990460 CVE-2016-10092 CVE-2016-10093 CVE-2016-10094 CVE-2016-6223 CVE-2017-12944 CVE-2018-19210 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for mariadb fixes the following issues: Update to MariaDB 10.0.37 GA (bsc#1116686). Security issues fixed: - CVE-2018-3282: Server Storage Engines unspecified vulnerability (CPU Oct 2018) (bsc#1112432) - CVE-2018-3251: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112397) - CVE-2018-3174: Client programs unspecified vulnerability (CPU Oct 2018) (bsc#1112368) - CVE-2018-3156: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112417) - CVE-2018-3143: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112421) - CVE-2018-3066: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Options). (bsc#1101678) - CVE-2018-3064: InnoDB unspecified vulnerability (CPU Jul 2018) (bsc#1103342) - CVE-2018-3063: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Security Privileges). (bsc#1101677) - CVE-2018-3058: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent MyISAM). (bsc#1101676) - CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) Non-security changes: - Remove PerconaFT from the package as it has AGPL licence (bsc#1118754) - do not just remove tokudb plugin but don't build it at all (missing jemalloc dependency) Release notes and changelog: - https://kb.askmonty.org/en/mariadb-10037-release-notes - https://kb.askmonty.org/en/mariadb-10037-changelog - https://kb.askmonty.org/en/mariadb-10036-release-notes - https://kb.askmonty.org/en/mariadb-10036-changelog Important SUSE bug 1013882 SUSE bug 1101676 SUSE bug 1101677 SUSE bug 1101678 SUSE bug 1103342 SUSE bug 1112368 SUSE bug 1112397 SUSE bug 1112417 SUSE bug 1112421 SUSE bug 1112432 SUSE bug 1116686 SUSE bug 1118754 CVE-2016-9843 CVE-2018-3058 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066 CVE-2018-3143 CVE-2018-3156 CVE-2018-3174 CVE-2018-3251 CVE-2018-3282 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for netatalk fixes the following issues: Security issue fixed: - CVE-2018-1160 Fixed a missing bounds check in the handling of the DSI OPEN SESSION request, which allowed an unauthenticated to overwrite memory with data of their choice leading to arbitrary code execution with root privileges. (bsc#1119540) Important SUSE bug 1119540 CVE-2018-1160 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues: Issues fixed in MozillaFirefox: - Update to Firefox ESR 60.4 (bsc#1119105) - CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Fixed a use-after-free with select element - CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia - CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs - CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images - CVE-2018-12405: Fixed a few memory safety bugs Issues fixed in mozilla-nss: - Update to NSS 3.40.1 (bsc#1119105) - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) - CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) - Fixed a decryption failure during FFDHE key exchange - Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr: - Update mozilla-nspr to 4.20 (bsc#1119105) Important SUSE bug 1097410 SUSE bug 1106873 SUSE bug 1119069 SUSE bug 1119105 CVE-2018-0495 CVE-2018-12384 CVE-2018-12404 CVE-2018-12405 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for wireshark fixes the following issues: Update to Wireshark 2.4.11 (bsc#1117740). Security issues fixed: - CVE-2018-19625: The Wireshark dissection engine could crash (wnpa-sec-2018-51) - CVE-2018-19626: The DCOM dissector could crash (wnpa-sec-2018-52) - CVE-2018-19623: The LBMPDM dissector could crash (wnpa-sec-2018-53) - CVE-2018-19622: The MMSE dissector could go into an infinite loop (wnpa-sec-2018-54) - CVE-2018-19627: The IxVeriWave file parser could crash (wnpa-sec-2018-55) - CVE-2018-19624: The PVFS dissector could crash (wnpa-sec-2018-56) Further bug fixes and updated protocol support as listed in: - https://www.wireshark.org/docs/relnotes/wireshark-2.4.11.html Moderate SUSE bug 1117740 CVE-2018-19622 CVE-2018-19623 CVE-2018-19624 CVE-2018-19625 CVE-2018-19626 CVE-2018-19627 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for ntfs-3g_ntfsprogs fixes the following issues: Security issues fixed: - CVE-2019-9755: Fixed a heap-based buffer overflow which could lead to local privilege escalation (bsc#1130165). Moderate SUSE bug 1130165 CVE-2019-9755 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for webkit2gtk3 fixes the following issues: Security issue fixed: - CVE-2019-8375: Fixed an issue in UIProcess subsystem which could allow the script dialog size to exceed the web view size leading to Buffer Overflow or other unspecified impact (bsc#1126768). Moderate SUSE bug 1126768 CVE-2019-8375 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel() (bsc#1130330). - CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage() (bsc#1131317). - CVE-2019-7175: Fixed multiple memory leaks in DecodeImage function (bsc#1128649). - CVE-2018-20467: Fixed infinite loop in coders/bmp.c (bsc#1120381). - CVE-2019-7398: Fixed a memory leak in the function WriteDIBImage (bsc#1124365). - CVE-2019-7397: Fixed a memory leak in the function WritePDFImage (bsc#1124366). - CVE-2019-7395: Fixed a memory leak in the function WritePSDChannel (bsc#1124368). - CVE-2018-16413: Fixed a heap-based buffer over-read in PushShortPixel() (bsc#1106989). - CVE-2018-16412: Fixed a heap-based buffer over-read in ParseImageResourceBlocks() (bsc#1106996). - CVE-2018-16644: Fixed a regression in dcm coder (bsc#1107609). - CVE-2019-11007: Fixed a heap-based buffer overflow in ReadMNGImage() (bsc#1132060). - CVE-2019-11008: Fixed a heap-based buffer overflow in WriteXWDImage() (bsc#1132054). - CVE-2019-11009: Fixed a heap-based buffer over-read in ReadXWDImage() (bsc#1132053). - Added extra -config- packages with Postscript/EPS/PDF readers still enabled. Removing the PS decoders is used to harden ImageMagick against security issues within ghostscript. Enabling them might impact security. (bsc#1122033) These are two packages that can be selected: - ImageMagick-config-6-SUSE: This has the PS decoders disabled. - ImageMagick-config-6-upstream: This has the PS decoders enabled. Depending on your local needs install either one of them. The default is the -SUSE configuration. Moderate SUSE bug 1106989 SUSE bug 1106996 SUSE bug 1107609 SUSE bug 1120381 SUSE bug 1122033 SUSE bug 1124365 SUSE bug 1124366 SUSE bug 1124368 SUSE bug 1128649 SUSE bug 1130330 SUSE bug 1131317 SUSE bug 1132053 SUSE bug 1132054 SUSE bug 1132060 CVE-2018-16412 CVE-2018-16413 CVE-2018-16644 CVE-2018-20467 CVE-2019-10650 CVE-2019-11007 CVE-2019-11008 CVE-2019-11009 CVE-2019-7175 CVE-2019-7395 CVE-2019-7397 CVE-2019-7398 CVE-2019-9956 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). Non-security issues fixed: - Fix vfs_ceph ftruncate and fallocate handling (bsc#1127153). - Abide by load_printers smb.conf parameter (bsc#1124223). - s3:winbindd: let normalize_name_map() call find_domain_from_name_noinit() (bsc#1123755). - s3:passdb: Do not return OK if we don't have pinfo set up (bsc#1099590). - s3:winbind: Fix regression (bsc#1123755). Moderate SUSE bug 1099590 SUSE bug 1123755 SUSE bug 1124223 SUSE bug 1127153 SUSE bug 1131060 CVE-2019-3880 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for wireshark to version 2.4.14 fixes the following issues: Security issues fixed: - CVE-2019-10895: NetScaler file parser crash. - CVE-2019-10899: SRVLOC dissector crash. - CVE-2019-10894: GSS-API dissector crash. - CVE-2019-10896: DOF dissector crash. - CVE-2019-10901: LDSS dissector crash. - CVE-2019-10903: DCERPC SPOOLSS dissector crash. Non-security issue fixed: - Update to version 2.4.14 (bsc#1131945). Moderate SUSE bug 1131945 CVE-2019-10894 CVE-2019-10895 CVE-2019-10896 CVE-2019-10899 CVE-2019-10901 CVE-2019-10903 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libssh2_org fixes the following issues: - Incorrect upstream fix for CVE-2019-3859 broke public key authentication [bsc#1133528, bsc#1130103] Important SUSE bug 1130103 SUSE bug 1133528 CVE-2019-3859 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for wpa_supplicant fixes the following issues: This security issue was fixed: - CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key messages was not checked, leading to a decryption oracle. An attacker within range of the Access Point and client could have abused the vulnerability to recover sensitive information (bsc#1104205). This non-security issue was fixed: - Enabled PWD as EAP method. This allows for password-based authentication, which is easier to setup than most of the other methods, and is used by the Eduroam network (bsc#1109209). Moderate SUSE bug 1104205 SUSE bug 1109209 CVE-2018-14526 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for atftp fixes the following issues: Security issues fixed: - CVE-2019-11366: Fixed a denial of service caused by a NULL pointer dereference because thread_list_mutex was not locked (bsc#1133145). - CVE-2019-11365: Fixed a buffer overflow which could lead to remote code execution caused by an insecure use of strncpy() (bsc#1133114). Important SUSE bug 1133114 SUSE bug 1133145 CVE-2019-11365 CVE-2019-11366 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for glibc fixes the following issues: Security issues fixed: - CVE-2019-9169: regex: fix read overrun (bsc#1127308, BZ #24114) - CVE-2016-10739: Fully parse IPv4 address strings (bsc#1122729, BZ #20018) - CVE-2009-5155: ERE '0|()0|\1|0' causes regexec undefined behavior (bsc#1127223, BZ #18986) Non-security issues fixed: - Enable TLE only if GLIBC_ELISION_ENABLE=yes is defined (bsc#1131994, fate#322271) - Add more checks for valid ld.so.cache file (bsc#1110661, BZ #18093) - Added cfi information for start routines in order to stop unwinding (bsc#1128574) - ja_JP locale: Add entry for the new Japanese era (bsc#1100396, fate#325570, BZ #22964) Moderate SUSE bug 1100396 SUSE bug 1110661 SUSE bug 1122729 SUSE bug 1127223 SUSE bug 1127308 SUSE bug 1128574 SUSE bug 1131994 CVE-2009-5155 CVE-2016-10739 CVE-2019-9169 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for krb5 fixes the following issues: Security issue fixed: - CVE-2018-20217: Fixed an assertion issue with older encryption types (bsc#1120489) Important SUSE bug 1120489 CVE-2018-20217 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libjpeg-turbo fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-14498: Fixed a heap-based buffer over read in get_8bit_row function which could allow to an attacker to cause denial of service (bsc#1128712). - CVE-2018-11813: Fixed the end-of-file mishandling in read_pixel in rdtarga.c, which allowed remote attackers to cause a denial-of-service via crafted JPG files due to a large loop (bsc#1096209) - CVE-2018-1152: Fixed a denial of service in start_input_bmp() rdbmp.c caused by a divide by zero when processing a crafted BMP image (bsc#1098155) Moderate SUSE bug 1096209 SUSE bug 1098155 SUSE bug 1128712 CVE-2018-1152 CVE-2018-11813 CVE-2018-14498 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for hostinfo, supportutils fixes the following issues: Security issues fixed for supportutils: - CVE-2018-19640: Fixed an issue where users could kill arbitrary processes (bsc#1118463). - CVE-2018-19638: Fixed an issue where users could overwrite arbitrary log files (bsc#1118460). - CVE-2018-19639: Fixed a code execution if run with -v (bsc#1118462). - CVE-2018-19637: Fixed an issue where static temporary filename could allow overwriting of files (bsc#1117776). - CVE-2018-19636: Fixed a local root exploit via inclusion of attacker controlled shell script (bsc#1117751). Other issues fixed for supportutils: - Fixed invalid exit code commands (bsc#1125666) - SUSE separation in supportconfig (bsc#1125623) - Clarified supportconfig(8) -x option (bsc#1115245) - supportconfig: 3.0.127 - btrfs filesystem usage - List products.d - Dump lsof errors - Added ha commands for corosync - Dumped find errors in ib_info Issues fixed in hostinfo: - Removed extra kernel install dates (bsc#1099498) - Resolved network bond issue (bsc#1054979) Important SUSE bug 1054979 SUSE bug 1099498 SUSE bug 1115245 SUSE bug 1117751 SUSE bug 1117776 SUSE bug 1118460 SUSE bug 1118462 SUSE bug 1118463 SUSE bug 1125623 SUSE bug 1125666 CVE-2018-19636 CVE-2018-19637 CVE-2018-19638 CVE-2018-19639 CVE-2018-19640 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for openssl-1_1 to version 1.1.1b fixes the following issues: - Changed the info callback signals for the start and end of a post-handshake message exchange in TLSv1.3. - Fixed a bug in DTLS over SCTP. This breaks interoperability with older versions of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2. - Fixed the handling of strerror_r with glibc. Moderate SUSE bug 1133925 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for webkit2gtk3 to version 2.24.1 fixes the following issues: Security issues fixed: - CVE-2019-6201, CVE-2019-6251, CVE-2019-7285, CVE-2019-7292, CVE-2019-8503, CVE-2019-8506, CVE-2019-8515, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-11070 (bsc#1132256). Important SUSE bug 1132256 CVE-2019-11070 CVE-2019-6201 CVE-2019-6251 CVE-2019-7285 CVE-2019-7292 CVE-2019-8503 CVE-2019-8506 CVE-2019-8515 CVE-2019-8524 CVE-2019-8535 CVE-2019-8536 CVE-2019-8544 CVE-2019-8551 CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for ovmf fixes the following issues: Security issue fixed: - CVE-2019-0161: Fixed a stack overflow in UsbBusDxe and UsbBusPei, which could potentially be triggered by a local unauthenticated user (bsc#1131361). Moderate SUSE bug 1131361 CVE-2019-0161 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for mariadb to version 10.2.19 fixes the following issues: (bsc#1116686) Security issues fixed: - CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) - CVE-2018-3282, CVE-2018-3174, CVE-2018-3143, CVE-2018-3156, CVE-2018-3251, CVE-2018-3185, CVE-2018-3277, CVE-2018-3162, CVE-2018-3173, CVE-2018-3200, CVE-2018-3284: Fixed multiple denial of service vulnerabilities (bsc#1112432, bsc#1112368, bsc#1112421, bsc#1112417, bsc#1112397, bsc#1112391, bsc#1112415, bsc#1112386, bsc#1112404, bsc#1112377, bsc#1112384) Non-security issues fixed: - Fixed database corruption after renaming a prefix-indexed column (bsc#1120041) - Remove PerconaFT from the package as it has a AGPL license (bsc#1118754) - Enable testing for client plugins (bsc#1111859) - Improve test coverage by keeping debug_key_management.so (bsc#1111858) Important SUSE bug 1013882 SUSE bug 1111858 SUSE bug 1111859 SUSE bug 1112368 SUSE bug 1112377 SUSE bug 1112384 SUSE bug 1112386 SUSE bug 1112391 SUSE bug 1112397 SUSE bug 1112404 SUSE bug 1112415 SUSE bug 1112417 SUSE bug 1112421 SUSE bug 1112432 SUSE bug 1116686 SUSE bug 1118754 SUSE bug 1120041 CVE-2016-9843 CVE-2018-3143 CVE-2018-3156 CVE-2018-3162 CVE-2018-3173 CVE-2018-3174 CVE-2018-3185 CVE-2018-3200 CVE-2018-3251 CVE-2018-3277 CVE-2018-3282 CVE-2018-3284 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2018-8740: Fixed a NULL pointer dereference related to corrupted databases schemas (bsc#1085790). - CVE-2017-10989: Fixed a heap-based buffer over-read in getNodeSize() (bsc#1132045). Moderate SUSE bug 1085790 SUSE bug 1132045 CVE-2017-10989 CVE-2018-8740 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for java-1_8_0-openjdk to version 8u212 fixes the following issues: Security issues fixed: - CVE-2019-2602: Better String parsing (bsc#1132728). - CVE-2019-2684: More dynamic RMI interactions (bsc#1132732). - CVE-2019-2698: Fuzzing TrueType fonts - setCurrGlyphID() (bsc#1132729). - CVE-2019-2422: Better FileChannel (bsc#1122293). - CVE-2018-11212: Improve JPEG (bsc#1122299). Non-Security issue fixed: - Disable LTO (bsc#1133135). - Added Japanese new era name. Important SUSE bug 1122293 SUSE bug 1122299 SUSE bug 1132728 SUSE bug 1132729 SUSE bug 1132732 SUSE bug 1133135 CVE-2018-11212 CVE-2018-3639 CVE-2019-2422 CVE-2019-2426 CVE-2019-2602 CVE-2019-2684 CVE-2019-2698 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libxslt fixes the following issues: - CVE-2019-11068: Fixed a protection mechanism bypass where callers of xsltCheckRead() and xsltCheckWrite() would permit access upon receiving an error (bsc#1132160). Moderate SUSE bug 1132160 CVE-2019-11068 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for ucode-intel fixes the following issues: This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331) Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the CPU Microcode adjustments for the software mitigations. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Release notes: - Processor Identifier Version Products - Model Stepping F-MO-S/PI Old->New - ---- new platforms ---------------------------------------- - CLX-SP B1 6-55-7/bf 05000021 Xeon Scalable Gen2 - ---- updated platforms ------------------------------------ - SNB D2/G1/Q0 6-2a-7/12 0000002e->0000002f Core Gen2 - IVB E1/L1 6-3a-9/12 00000020->00000021 Core Gen3 - HSW C0 6-3c-3/32 00000025->00000027 Core Gen4 - BDW-U/Y E0/F0 6-3d-4/c0 0000002b->0000002d Core Gen5 - IVB-E/EP C1/M1/S1 6-3e-4/ed 0000042e->0000042f Core Gen3 X Series; Xeon E5 v2 - IVB-EX D1 6-3e-7/ed 00000714->00000715 Xeon E7 v2 - HSX-E/EP Cx/M1 6-3f-2/6f 00000041->00000043 Core Gen4 X series; Xeon E5 v3 - HSX-EX E0 6-3f-4/80 00000013->00000014 Xeon E7 v3 - HSW-U C0/D0 6-45-1/72 00000024->00000025 Core Gen4 - HSW-H C0 6-46-1/32 0000001a->0000001b Core Gen4 - BDW-H/E3 E0/G0 6-47-1/22 0000001e->00000020 Core Gen5 - SKL-U/Y D0/K1 6-4e-3/c0 000000c6->000000cc Core Gen6 - SKX-SP H0/M0/U0 6-55-4/b7 0200005a->0000005e Xeon Scalable - SKX-D M1 6-55-4/b7 0200005a->0000005e Xeon D-21xx - BDX-DE V1 6-56-2/10 00000019->0000001a Xeon D-1520/40 - BDX-DE V2/3 6-56-3/10 07000016->07000017 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 - BDX-DE Y0 6-56-4/10 0f000014->0f000015 Xeon D-1557/59/67/71/77/81/87 - BDX-NS A0 6-56-5/10 0e00000c->0e00000d Xeon D-1513N/23/33/43/53 - APL D0 6-5c-9/03 00000036->00000038 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx - SKL-H/S R0/N0 6-5e-3/36 000000c6->000000cc Core Gen6; Xeon E3 v5 - DNV B0 6-5f-1/01 00000024->0000002e Atom Processor C Series - GLK B0 6-7a-1/01 0000002c->0000002e Pentium Silver N/J5xxx, Celeron N/J4xxx - AML-Y22 H0 6-8e-9/10 0000009e->000000b4 Core Gen8 Mobile - KBL-U/Y H0 6-8e-9/c0 0000009a->000000b4 Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 0000009e->000000b4 Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000a4->000000b8 Core Gen8 Mobile - WHL-U V0 6-8e-d/94 000000b2->000000b8 Core Gen8 Mobile - KBL-G/H/S/E3 B0 6-9e-9/2a 0000009a->000000b4 Core Gen7; Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 000000aa->000000b4 Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 000000aa->000000b4 Core Gen8 - CFL-H/S P0 6-9e-c/22 000000a2->000000ae Core Gen9 Important SUSE bug 1111331 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for qemu fixes the following issues: - CVE-2019-9824: Fixed an information leak in slirp (bsc#1129622) - CVE-2019-8934: Added method to specify whether or not to expose certain ppc64 host information, which can be considered a security issue (bsc#1126455) - CVE-2019-3812: Fixed OOB memory access and information leak in virtual monitor interface (bsc#1125721) - CVE-2018-20815: Fix DOS possibility in device tree processing (bsc#1130675) - Adjust fix for CVE-2019-8934 (bsc#1126455) to match the latest upstream adjustments for the same. Basically now the security fix is to provide a dummy host-model and host-serial value, which overrides getting that value from the host - CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091: Added x86 cpu feature 'md-clear' (bsc#1111331) Other bugs fixed: - Use a new approach to handling the file input to -smbios option, which accepts either legacy or per-spec formats regardless of the machine type. - Drop the 'ampersand 0x25 shift altgr' line in pt-br keymap file (bsc#1129962) Important SUSE bug 1111331 SUSE bug 1125721 SUSE bug 1126455 SUSE bug 1129622 SUSE bug 1129962 SUSE bug 1130675 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-20815 CVE-2019-11091 CVE-2019-3812 CVE-2019-8934 CVE-2019-9824 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) This kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 The following security bugs were fixed: - CVE-2018-16880: A flaw was found in the handle_rx() function in the vhost_net driver. A malicious virtual guest, under specific conditions, could trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (bnc#1122767). - CVE-2019-3882: A flaw was found in the vfio interface implementation that permitted violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). (bnc#1131416 bnc#1131427). - CVE-2019-9003: Attackers could trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a 'service ipmievd restart' loop (bnc#1126704). - CVE-2019-9500: A brcmfmac heap buffer overflow in brcmf_wowl_nd_results was fixed. (bnc#1132681). - CVE-2019-9503: A brcmfmac frame validation bypass was fixed. (bnc#1132828). The following non-security bugs were fixed: - 9p: do not trust pdu content for stat item size (bsc#1051510). - ACPI: acpi_pad: Do not launch acpi_pad threads on idle cpus (bsc#1113399). - acpi, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#1112128) (bsc#1132426). - ACPI / SBS: Fix GPE storm on recent MacBookPro's (bsc#1051510). - alsa: core: Fix card races between register and disconnect (bsc#1051510). - alsa: echoaudio: add a check for ioremap_nocache (bsc#1051510). - alsa: firewire: add const qualifier to identifiers for read-only symbols (bsc#1051510). - alsa: firewire-motu: add a flag for AES/EBU on XLR interface (bsc#1051510). - alsa: firewire-motu: add specification flag for position of flag for MIDI messages (bsc#1051510). - alsa: firewire-motu: add support for MOTU Audio Express (bsc#1051510). - alsa: firewire-motu: add support for Motu Traveler (bsc#1051510). - alsa: firewire-motu: use 'version' field of unit directory to identify model (bsc#1051510). - alsa: hda - add Lenovo IdeaCentre B550 to the power_save_blacklist (bsc#1051510). - alsa: hda - Add two more machines to the power_save_blacklist (bsc#1051510). - alsa: hda - Enforces runtime_resume after S3 and S4 for each codec (bsc#1051510). - alsa: hda: Initialize power_state field properly (bsc#1051510). - alsa: hda/realtek - Add new Dell platform for headset mode (bsc#1051510). - alsa: hda/realtek - Add quirk for Tuxedo XC 1509 (bsc#1131442). - alsa: hda/realtek - Add support for Acer Aspire E5-523G/ES1-432 headset mic (bsc#1051510). - alsa: hda/realtek - Add support headset mode for DELL WYSE AIO (bsc#1051510). - alsa: hda/realtek - Add support headset mode for New DELL WYSE NB (bsc#1051510). - alsa: hda/realtek - add two more pin configuration sets to quirk table (bsc#1051510). - alsa: hda/realtek - Apply the fixup for ASUS Q325UAR (bsc#1051510). - alsa: hda/realtek: Enable ASUS X441MB and X705FD headset MIC with ALC256 (bsc#1051510). - alsa: hda/realtek: Enable headset MIC of Acer AIO with ALC286 (bsc#1051510). - alsa: hda/realtek: Enable headset MIC of Acer Aspire Z24-890 with ALC286 (bsc#1051510). - alsa: hda/realtek: Enable headset mic of ASUS P5440FF with ALC256 (bsc#1051510). - alsa: hda/realtek - Fixed Dell AIO speaker noise (bsc#1051510). - alsa: hda - Record the current power state before suspend/resume calls (bsc#1051510). - alsa: info: Fix racy addition/deletion of nodes (bsc#1051510). - alsa: line6: use dynamic buffers (bsc#1051510). - alsa: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration (bsc#1051510). - alsa: PCM: check if ops are defined before suspending PCM (bsc#1051510). - alsa: pcm: Do not suspend stream in unrecoverable PCM state (bsc#1051510). - alsa: pcm: Fix possible OOB access in PCM oss plugins (bsc#1051510). - alsa: rawmidi: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: sb8: add a check for request_region (bsc#1051510). - alsa: seq: Fix OOB-reads from strlcpy (bsc#1051510). - alsa: seq: oss: Fix Spectre v1 vulnerability (bsc#1051510). - ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe (bsc#1051510). - ASoC: fsl_esai: fix channel swap issue when stream starts (bsc#1051510). - ASoC: topology: free created components in tplg load error (bsc#1051510). - assume flash part size to be 4MB, if it can't be determined (bsc#1127371). - ath10k: avoid possible string overflow (bsc#1051510). - auxdisplay: hd44780: Fix memory leak on ->remove() (bsc#1051510). - auxdisplay: ht16k33: fix potential user-after-free on module unload (bsc#1051510). - batman-adv: Reduce claim hash refcnt only for removed entry (bsc#1051510). - batman-adv: Reduce tt_global hash refcnt only for removed entry (bsc#1051510). - batman-adv: Reduce tt_local hash refcnt only for removed entry (bsc#1051510). - bcm2835 MMC issues (bsc#1070872). - blkcg: Introduce blkg_root_lookup() (bsc#1131673). - blkcg: Make blkg_root_lookup() work for queues in bypass mode (bsc#1131673). - blk-mq: adjust debugfs and sysfs register when updating nr_hw_queues (bsc#1131673). - blk-mq: Avoid that submitting a bio concurrently with device removal triggers a crash (bsc#1131673). - blk-mq: change gfp flags to GFP_NOIO in blk_mq_realloc_hw_ctxs (bsc#1131673). - blk-mq: fallback to previous nr_hw_queues when updating fails (bsc#1131673). - blk-mq: init hctx sched after update ctx and hctx mapping (bsc#1131673). - blk-mq: realloc hctx when hw queue is mapped to another node (bsc#1131673). - blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter (bsc#1131673). - block: Ensure that a request queue is dissociated from the cgroup controller (bsc#1131673). - block: Fix a race between request queue removal and the block cgroup controller (bsc#1131673). - block: Introduce blk_exit_queue() (bsc#1131673). - block: kABI fixes for bio_rewind_iter() removal (bsc#1131673). - block: remove bio_rewind_iter() (bsc#1131673). - bluetooth: btusb: request wake pin with NOAUTOEN (bsc#1051510). - bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt (bsc#1051510). - bluetooth: Fix decrementing reference count twice in releasing socket (bsc#1051510). - bluetooth: hci_ldisc: Initialize hci_dev before open() (bsc#1051510). - bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto() (bsc#1051510). - bluetooth: hci_uart: Check if socket buffer is ERR_PTR in h4_recv_buf() (bsc#1133731). - bnxt_en: Drop oversize TX packets to prevent errors (networking-stable-19_03_07). - bonding: fix PACKET_ORIGDEV regression (git-fixes). - bpf: fix use after free in bpf_evict_inode (bsc#1083647). - btrfs: Avoid possible qgroup_rsv_size overflow in btrfs_calculate_inode_block_rsv_size (git-fixes). - btrfs: check for refs on snapshot delete resume (bsc#1131335). - btrfs: fix assertion failure on fsync with NO_HOLES enabled (bsc#1131848). - btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks (git-fixes). - btrfs: fix deadlock between clone/dedupe and rename (bsc#1130518). - btrfs: fix incorrect file size after shrinking truncate and fsync (bsc#1130195). - btrfs: remove WARN_ON in log_dir_items (bsc#1131847). - btrfs: save drop_progress if we drop refs at all (bsc#1131336). - cdrom: Fix race condition in cdrom_sysctl_register (bsc#1051510). - cgroup: fix parsing empty mount option string (bsc#1133094). - cifs: allow guest mounts to work for smb3.11 (bsc#1051510). - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510). - cifs: do not dereference smb_file_target before null check (bsc#1051510). - cifs: Do not hide EINTR after sending network packets (bsc#1051510). - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510). - cifs: Do not reset lease state to NONE on lease break (bsc#1051510). - cifs: Fix adjustment of credits for MTU requests (bsc#1051510). - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510). - cifs: Fix credits calculations for reads with errors (bsc#1051510). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542). - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510). - cifs: Fix potential OOB access of lock element array (bsc#1051510). - cifs: Fix read after write for files with read caching (bsc#1051510). - clk: clk-twl6040: Fix imprecise external abort for pdmclk (bsc#1051510). - clk: fractional-divider: check parent rate only if flag is set (bsc#1051510). - clk: ingenic: Fix doc of ingenic_cgu_div_info (bsc#1051510). - clk: ingenic: Fix round_rate misbehaving with non-integer dividers (bsc#1051510). - clk: rockchip: fix frac settings of GPLL clock for rk3328 (bsc#1051510). - clk: sunxi-ng: v3s: Fix TCON reset de-assert bit (bsc#1051510). - clk: vc5: Abort clock configuration without upstream clock (bsc#1051510). - clk: x86: Add system specific quirk to mark clocks as critical (bsc#1051510). - clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown (bsc#1051510). - clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR (bsc#1051510). - cpcap-charger: generate events for userspace (bsc#1051510). - cpufreq: pxa2xx: remove incorrect __init annotation (bsc#1051510). - cpufreq: tegra124: add missing of_node_put() (bsc#1051510). - cpupowerutils: bench - Fix cpu online check (bsc#1051510). - cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178). - crypto: caam - add missing put_device() call (bsc#1129770). - crypto: crypto4xx - properly set IV after de- and encrypt (bsc#1051510). - crypto: pcbc - remove bogus memcpy()s with src == dest (bsc#1051510). - crypto: sha256/arm - fix crash bug in Thumb2 build (bsc#1051510). - crypto: sha512/arm - fix crash bug in Thumb2 build (bsc#1051510). - crypto: x86/poly1305 - fix overflow during partial reduction (bsc#1051510). - cxgb4: Add capability to get/set SGE Doorbell Queue Timer Tick (bsc#1127371). - cxgb4: Added missing break in ndo_udp_tunnel_{add/del} (bsc#1127371). - cxgb4: Add flag tc_flower_initialized (bsc#1127371). - cxgb4: Add new T5 PCI device id 0x50ae (bsc#1127371). - cxgb4: Add new T5 PCI device ids 0x50af and 0x50b0 (bsc#1127371). - cxgb4: Add new T6 PCI device ids 0x608a (bsc#1127371). - cxgb4: add per rx-queue counter for packet errors (bsc#1127371). - cxgb4: Add support for FW_ETH_TX_PKT_VM_WR (bsc#1127371). - cxgb4: add support to display DCB info (bsc#1127371). - cxgb4: Add support to read actual provisioned resources (bsc#1127371). - cxgb4: collect ASIC LA dumps from ULP TX (bsc#1127371). - cxgb4: collect hardware queue descriptors (bsc#1127371). - cxgb4: collect number of free PSTRUCT page pointers (bsc#1127371). - cxgb4: convert flower table to use rhashtable (bsc#1127371). - cxgb4: cxgb4: use FW_PORT_ACTION_L1_CFG32 for 32 bit capability (bsc#1127371). - cxgb4/cxgb4vf: Add support for SGE doorbell queue timer (bsc#1127371). - cxgb4/cxgb4vf: Fix mac_hlist initialization and free (bsc#1127374). - cxgb4/cxgb4vf: Link management changes (bsc#1127371). - cxgb4/cxgb4vf: Program hash region for {t4/t4vf}_change_mac() (bsc#1127371). - cxgb4: display number of rx and tx pages free (bsc#1127371). - cxgb4: do not return DUPLEX_UNKNOWN when link is down (bsc#1127371). - cxgb4: Export sge_host_page_size to ulds (bsc#1127371). - cxgb4: fix the error path of cxgb4_uld_register() (bsc#1127371). - cxgb4: impose mandatory VLAN usage when non-zero TAG ID (bsc#1127371). - cxgb4: Mask out interrupts that are not enabled (bsc#1127175). - cxgb4: move Tx/Rx free pages collection to common code (bsc#1127371). - cxgb4: remove redundant assignment to vlan_cmd.dropnovlan_fm (bsc#1127371). - cxgb4: Remove SGE_HOST_PAGE_SIZE dependency on page size (bsc#1127371). - cxgb4: remove the unneeded locks (bsc#1127371). - cxgb4: specify IQTYPE in fw_iq_cmd (bsc#1127371). - cxgb4: Support ethtool private flags (bsc#1127371). - cxgb4: update supported DCB version (bsc#1127371). - cxgb4: use new fw interface to get the VIN and smt index (bsc#1127371). - cxgb4vf: Few more link management changes (bsc#1127374). - cxgb4vf: fix memleak in mac_hlist initialization (bsc#1127374). - cxgb4vf: Update port information in cxgb4vf_open() (bsc#1127374). - device_cgroup: fix RCU imbalance in error case (bsc#1051510). - device property: Fix the length used in PROPERTY_ENTRY_STRING() (bsc#1051510). - Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc (bsc#1051510). - dmaengine: imx-dma: fix warning comparison of distinct pointer types (bsc#1051510). - dmaengine: qcom_hidma: assign channel cookie correctly (bsc#1051510). - dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid (bsc#1051510). - dmaengine: tegra: avoid overflow of byte tracking (bsc#1051510). - dm: disable DISCARD if the underlying storage no longer supports it (bsc#1114638). - Drivers: hv: vmbus: Offload the handling of channels to two workqueues (bsc#1130567). - Drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() (bsc#1130567). - drm: Auto-set allow_fb_modifiers when given modifiers at plane init (bsc#1051510). - drm: bridge: dw-hdmi: Fix overflow workaround for Rockchip SoCs (bsc#1113722) - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers (bsc#1051510). - drm/i915/bios: assume eDP is present on port A when there is no VBT (bsc#1051510). - drm/i915/gvt: Add in context mmio 0x20D8 to gen9 mmio list (bsc#1113722) - drm/i915/gvt: Annotate iomem usage (bsc#1051510). - drm/i915/gvt: do not deliver a workload if its creation fails (bsc#1051510). - drm/i915/gvt: do not let pin count of shadow mm go negative (bsc#1113722) - drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check (bsc#1051510). - drm/i915: Relax mmap VMA check (bsc#1051510). - drm/imx: ignore plane updates on disabled crtcs (bsc#1051510). - drm/imx: imx-ldb: add missing of_node_puts (bsc#1051510). - drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata() (bsc#1113722) - drm/meson: Fix invalid pointer in meson_drv_unbind() (bsc#1051510). - drm/meson: Uninstall IRQ handler (bsc#1051510). - drm/nouveau/debugfs: Fix check of pm_runtime_get_sync failure (bsc#1051510). - drm/nouveau: Stop using drm_crtc_force_disable (bsc#1051510). - drm/nouveau/volt/gf117: fix speedo readout register (bsc#1051510). - drm/rockchip: vop: reset scale mode when win is disabled (bsc#1113722) - drm/sun4i: Add missing drm_atomic_helper_shutdown at driver unbind (bsc#1113722) - drm/sun4i: Fix component unbinding and component master deletion (bsc#1113722) - drm/sun4i: Set device driver data at bind time for use in unbind (bsc#1113722) - drm/sun4i: Unbind components before releasing DRM and memory (bsc#1113722) - drm/udl: add a release method and delay modeset teardown (bsc#1085536) - drm/vc4: Fix memory leak during gpu reset. (bsc#1113722) - dsa: mv88e6xxx: Ensure all pending interrupts are handled prior to exit (networking-stable-19_02_20). - e1000e: fix cyclic resets at link up with active tx (bsc#1051510). - e1000e: Fix -Wformat-truncation warnings (bsc#1051510). - ext2: Fix underflow in ext2_max_size() (bsc#1131174). - ext4: add mask of ext4 flags to swap (bsc#1131170). - ext4: add missing brelse() in add_new_gdb_meta_bg() (bsc#1131176). - ext4: Avoid panic during forced reboot (bsc#1126356). - ext4: brelse all indirect buffer in ext4_ind_remove_space() (bsc#1131173). - ext4: cleanup bh release code in ext4_ind_remove_space() (bsc#1131851). - ext4: cleanup pagecache before swap i_data (bsc#1131178). - ext4: fix check of inode in swap_inode_boot_loader (bsc#1131177). - ext4: fix data corruption caused by unaligned direct AIO (bsc#1131172). - ext4: fix EXT4_IOC_SWAP_BOOT (bsc#1131180). - ext4: fix NULL pointer dereference while journal is aborted (bsc#1131171). - ext4: update quota information while swapping boot loader inode (bsc#1131179). - fbdev: fbmem: fix memory access if logo is bigger than the screen (bsc#1051510). - fix cgroup_do_mount() handling of failure exits (bsc#1133095). - Fix kabi after 'md: batch flush requests.' (bsc#1119680). - Fix struct page kABI after adding atomic for ppc (bsc#1131326, bsc#1108937). - fm10k: Fix a potential NULL pointer dereference (bsc#1051510). - fs: avoid fdput() after failed fdget() in vfs_dedupe_file_range() (bsc#1132384, bsc#1132219). - fs/dax: deposit pagetable even when installing zero page (bsc#1126740). - fs/nfs: Fix nfs_parse_devname to not modify it's argument (git-fixes). - futex: Cure exit race (bsc#1050549). - futex: Ensure that futex address is aligned in handle_futex_death() (bsc#1050549). - futex: Handle early deadlock return correctly (bsc#1050549). - gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input (bsc#1051510). - gpio: gpio-omap: fix level interrupt idling (bsc#1051510). - gpio: of: Fix of_gpiochip_add() error path (bsc#1051510). - gre6: use log_ecn_error module parameter in ip6_tnl_rcv() (git-fixes). - hid: i2c-hid: Ignore input report if there's no data present on Elan touchpanels (bsc#1133486). - hid: intel-ish-hid: avoid binding wrong ishtp_cl_device (bsc#1051510). - hid: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR busy_clear bit (bsc#1051510). - hv_netvsc: Fix IP header checksum for coalesced packets (networking-stable-19_03_07). - hv: reduce storvsc_ringbuffer_size from 1M to 128K to simplify booting with 1k vcpus (). - hv: reduce storvsc_ringbuffer_size from 1M to 128K to simplify booting with 1k vcpus (fate#323887). - hwrng: virtio - Avoid repeated init of completion (bsc#1051510). - i2c: Make i2c_unregister_device() NULL-aware (bsc#1108193). - i2c: tegra: fix maximum transfer size (bsc#1051510). - ibmvnic: Enable GRO (bsc#1132227). - ibmvnic: Fix completion structure initialization (bsc#1131659). - ibmvnic: Fix netdev feature clobbering during a reset (bsc#1132227). - iio: adc: at91: disable adc channel interrupt in timeout case (bsc#1051510). - iio: adc: fix warning in Qualcomm PM8xxx HK/XOADC driver (bsc#1051510). - iio: ad_sigma_delta: select channel when reading register (bsc#1051510). - iio: core: fix a possible circular locking dependency (bsc#1051510). - iio: cros_ec: Fix the maths for gyro scale calculation (bsc#1051510). - iio: dac: mcp4725: add missing powerdown bits in store eeprom (bsc#1051510). - iio: Fix scan mask selection (bsc#1051510). - iio/gyro/bmg160: Use millidegrees for temperature scale (bsc#1051510). - iio: gyro: mpu3050: fix chip ID reading (bsc#1051510). - input: cap11xx - switch to using set_brightness_blocking() (bsc#1051510). - input: matrix_keypad - use flush_delayed_work() (bsc#1051510). - input: snvs_pwrkey - initialize necessary driver data before enabling IRQ (bsc#1051510). - input: st-keyscan - fix potential zalloc NULL dereference (bsc#1051510). - input: synaptics-rmi4 - write config register values to the right offset (bsc#1051510). - input: uinput - fix undefined behavior in uinput_validate_absinfo() (bsc#1120902). - intel_idle: add support for Jacobsville (jsc#SLE-5394). - io: accel: kxcjk1013: restore the range after resume (bsc#1051510). - iommu/amd: Fix NULL dereference bug in match_hid_uid (bsc#1130336). - iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE (bsc#1130337). - iommu/amd: Reserve exclusion range in iova-domain (bsc#1130425). - iommu/amd: Set exclusion range correctly (bsc#1130425). - iommu: Do not print warning when IOMMU driver only supports unmanaged domains (bsc#1130130). - iommu/vt-d: Check capability before disabling protected memory (bsc#1130338). - ip6: fix PMTU discovery when using /127 subnets (git-fixes). - ip6mr: Do not call __IP6_INC_STATS() from preemptible context (git-fixes). - ip6_tunnel: fix ip6 tunnel lookup in collect_md mode (git-fixes). - ipmi: Fix I2C client removal in the SSIF driver (bsc#1108193). - ipmi_ssif: Remove duplicate NULL check (bsc#1108193). - ipv4: Return error for RTA_VIA attribute (networking-stable-19_03_07). - ipv4/route: fail early when inet dev is missing (git-fixes). - ipv6: Fix dangling pointer when ipv6 fragment (git-fixes). - ipv6: propagate genlmsg_reply return code (networking-stable-19_02_24). - ipv6: Return error for RTA_VIA attribute (networking-stable-19_03_07). - ipv6: sit: reset ip header pointer in ipip6_rcv (git-fixes). - ipvlan: disallow userns cap_net_admin to change global mode/flags (networking-stable-19_03_15). - ipvs: remove IPS_NAT_MASK check to fix passive FTP (git-fixes). - irqchip/gic-v3-its: Avoid parsing _indirect_ twice for Device table (bsc#1051510). - irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable (bsc#1051510). - iscsi_ibft: Fix missing break in switch statement (bsc#1051510). - iw_cxgb4: cq/qp mask depends on bar2 pages in a host page (bsc#1127371). - iwiwifi: fix bad monitor buffer register addresses (bsc#1129770). - iwlwifi: fix send hcmd timeout recovery flow (bsc#1129770). - iwlwifi: mvm: fix firmware statistics usage (bsc#1129770). - jbd2: clear dirty flag when revoking a buffer from an older transaction (bsc#1131167). - jbd2: fix compile warning when using JBUFFER_TRACE (bsc#1131168). - kABI: restore icmp_send (kabi). - kabi/severities: add cxgb4 and cxgb4vf shared data to the whitelis (bsc#1127372) - kabi/severities: add libcxgb to cxgb intra module symbols as well - kabi/severities: exclude cxgb4 inter-module symbols - kasan: fix shadow_size calculation error in kasan_module_alloc (bsc#1051510). - kbuild: fix false positive warning/error about missing libelf (bsc#1051510). - kbuild: modversions: Fix relative CRC byte order interpretation (bsc#1131290). - kbuild: strip whitespace in cmd_record_mcount findstring (bsc#1065729). - kcm: switch order of device registration to fix a crash (bnc#1130527). - kernfs: do not set dentry->d_fsdata (boo#1133115). - keys: always initialize keyring_index_key::desc_len (bsc#1051510). - keys: user: Align the payload buffer (bsc#1051510). - kvm: Call kvm_arch_memslots_updated() before updating memslots (bsc#1132563). - kvm: Fix kABI for AMD SMAP Errata workaround (bsc#1133149). - kvm: nVMX: Apply addr size mask to effective address for VMX instructions (bsc#1132561). - kvm: nVMX: Ignore limit checks on VMX instructions using flat segments (bsc#1132564). - kvm: nVMX: Sign extend displacements of VMX instr's mem operands (bsc#1132562). - kvm: PPC: Book3S HV: Fix race between kvm_unmap_hva_range and MMU mode switch (bsc#1061840). - kvm: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation) (bsc#1133149). - kvm: VMX: Compare only a single byte for VMCS' 'launched' in vCPU-run (bsc#1132555). - kvm: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts (bsc#1114279). - kvm: x86/mmu: Detect MMIO generation wrap in any address space (bsc#1132570). - kvm: x86/mmu: Do not cache MMIO accesses while memslots are in flux (bsc#1132571). - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID (bsc#1111331). - leds: pca9532: fix a potential NULL pointer dereference (bsc#1051510). - libceph: wait for latest osdmap in ceph_monc_blacklist_add() (bsc#1130427). - libertas_tf: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510). - lightnvm: if LUNs are already allocated fix return (bsc#1085535). - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a new <linux/bits.h> file (bsc#1111331). - mac80211: do not call driver wake_tx_queue op during reconfig (bsc#1051510). - mac80211: Fix Tx aggregation session tear down with ITXQs (bsc#1051510). - mac80211_hwsim: propagate genlmsg_reply return code (bsc#1051510). - md: batch flush requests (bsc#1119680). - md: Fix failed allocation of md_register_thread (git-fixes). - md/raid1: do not clear bitmap bits on interrupted recovery (git-fixes). - md/raid5: fix 'out of memory' during raid cache recovery (git-fixes). - media: mt9m111: set initial frame size other than 0x0 (bsc#1051510). - media: mtk-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: mx2_emmaprp: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: rc: mce_kbd decoder: fix stuck keys (bsc#1100132). - media: s5p-g2d: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: s5p-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: sh_veu: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: v4l2-ctrls.c/uvc: zero v4l2_event (bsc#1051510). - media: vb2: do not call __vb2_queue_cancel if vb2_start_streaming failed (bsc#1119086). - memremap: fix softlockup reports at teardown (bnc#1130154). - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S (bsc#1051510). - missing barriers in some of unix_sock ->addr and ->path accesses (networking-stable-19_03_15). - mmc: davinci: remove extraneous __init annotation (bsc#1051510). - mmc: pxamci: fix enum type confusion (bsc#1051510). - mmc: sdhci: Fix data command CRC error handling (bsc#1051510). - mmc: sdhci: Handle auto-command errors (bsc#1051510). - mmc: sdhci: Rename SDHCI_ACMD12_ERR and SDHCI_INT_ACMD12ERR (bsc#1051510). - mmc: tmio_mmc_core: do not claim spurious interrupts (bsc#1051510). - mm/debug.c: fix __dump_page when mapping->host is not set (bsc#1131934). - mm: Fix modifying of page protection by insert_pfn() (bsc#1126740). - mm: Fix warning in insert_pfn() (bsc#1126740). - mm/huge_memory.c: fix modifying of page protection by insert_pfn_pmd() (bsc#1126740). - mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate() (bsc#1131935). - mm/vmalloc: fix size check for remap_vmalloc_range_partial() (bsc#1133825). - mpls: Return error for RTA_GATEWAY attribute (networking-stable-19_03_07). - mt7601u: bump supported EEPROM version (bsc#1051510). - mwifiex: do not advertise IBSS features without FW support (bsc#1129770). - net: Add header for usage of fls64() (networking-stable-19_02_20). - net: Add __icmp_send helper (networking-stable-19_03_07). - net: avoid false positives in untrusted gso validation (git-fixes). - net: avoid use IPCB in cipso_v4_error (networking-stable-19_03_07). - net: bridge: add vlan_tunnel to bridge port policies (git-fixes). - net: bridge: fix per-port af_packet sockets (git-fixes). - net: bridge: multicast: use rcu to access port list from br_multicast_start_querier (git-fixes). - net: datagram: fix unbounded loop in __skb_try_recv_datagram() (git-fixes). - net: Do not allocate page fragments that are not skb aligned (networking-stable-19_02_20). - net: dsa: mv88e6xxx: Fix u64 statistics (networking-stable-19_03_07). - net: ena: update driver version from 2.0.2 to 2.0.3 (bsc#1129276 bsc#1125342). - netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING (git-fixes). - netfilter: check for seqadj ext existence before adding it in nf_nat_setup_info (git-fixes). - netfilter: ip6t_MASQUERADE: add dependency on conntrack module (git-fixes). - netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit() (git-fixes). - netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt (git-fixes). - netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target} (git-fixes). - netfilter: x_tables: fix int overflow in xt_alloc_table_info() (git-fixes). - net: Fix for_each_netdev_feature on Big endian (networking-stable-19_02_20). - net: fix IPv6 prefix route residue (networking-stable-19_02_20). - net: Fix untag for vlan packets without ethernet header (git-fixes). - net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off (git-fixes). - net/hsr: Check skb_put_padto() return value (git-fixes). - net: hsr: fix memory leak in hsr_dev_finalize() (networking-stable-19_03_15). - net/hsr: fix possible crash in add_timer() (networking-stable-19_03_15). - netlabel: fix out-of-bounds memory accesses (networking-stable-19_03_07). - netlink: fix nla_put_{u8,u16,u32} for KASAN (git-fixes). - net/mlx5e: Do not overwrite pedit action when multiple pedit used (networking-stable-19_02_24). - net/ncsi: Fix AEN HNCDSC packet length (git-fixes). - net/ncsi: Stop monitor if channel times out or is inactive (git-fixes). - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails (networking-stable-19_03_07). - net/packet: fix 4gb buffer limit due to overflow check (networking-stable-19_02_24). - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec (git-fixes). - net_sched: acquire RTNL in tc_action_net_exit() (git-fixes). - net_sched: fix two more memory leaks in cls_tcindex (networking-stable-19_02_24). - net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255 (networking-stable-19_03_15). - net: sit: fix memory leak in sit_init_net() (networking-stable-19_03_07). - net: sit: fix UBSAN Undefined behaviour in check_6rd (networking-stable-19_03_15). - net: socket: set sock->sk to NULL after calling proto_ops::release() (networking-stable-19_03_07). - net-sysfs: Fix mem leak in netdev_register_kobject (git-fixes). - net: validate untrusted gso packets without csum offload (networking-stable-19_02_20). - net/x25: fix a race in x25_bind() (networking-stable-19_03_15). - net/x25: fix use-after-free in x25_device_event() (networking-stable-19_03_15). - net/x25: reset state in x25_connect() (networking-stable-19_03_15). - net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() (git-fixes). - nfc: nci: Add some bounds checking in nci_hci_cmd_received() (bsc#1051510). - nfs: Add missing encode / decode sequence_maxsz to v4.2 operations (git-fixes). - nfsd4: catch some false session retries (git-fixes). - nfsd4: fix cached replies to solo SEQUENCE compounds (git-fixes). - nfsd: fix memory corruption caused by readdir (bsc#1127445). - nfsd: fix memory corruption caused by readdir (bsc#1127445). - nfs: Do not recoalesce on error in nfs_pageio_complete_mirror() (git-fixes). - nfs: Do not use page_file_mapping after removing the page (git-fixes). - nfs: Fix an I/O request leakage in nfs_do_recoalesce (git-fixes). - nfs: Fix a soft lockup in the delegation recovery code (git-fixes). - nfs: Fix a typo in nfs_init_timeout_values() (git-fixes). - nfs: Fix dentry revalidation on NFSv4 lookup (bsc#1132618). - nfs: Fix I/O request leakages (git-fixes). - nfs: fix mount/umount race in nlmclnt (git-fixes). - nfs/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount (git-fixes). - nfsv4.1 do not free interrupted slot on open (git-fixes). - nfsv4.1: Reinitialise sequence results before retransmitting a request (git-fixes). - nfsv4/flexfiles: Fix invalid deref in FF_LAYOUT_DEVID_NODE() (git-fixes). - nvme: add proper discard setup for the multipath device (bsc#1114638). - nvme: fix the dangerous reference of namespaces list (bsc#1131673). - nvme: make sure ns head inherits underlying device limits (bsc#1131673). - nvme-multipath: avoid crash on invalid subsystem cntlid enumeration (bsc#1129273). - nvme-multipath: split bios with the ns_head bio_set before submitting (bsc#1103259, bsc#1131673). - nvme: only reconfigure discard if necessary (bsc#1114638). - nvme: schedule requeue whenever a LIVE state is entered (bsc#1123105). - ocfs2: fix inode bh swapping mixup in ocfs2_reflink_inodes_lock (bsc#1131169). - pci: Add function 1 DMA alias quirk for Marvell 9170 SATA controller (bsc#1051510). - pci: designware-ep: dw_pcie_ep_set_msi() should only set MMC bits (bsc#1051510). - pci: designware-ep: Read-only registers need DBI_RO_WR_EN to be writable (bsc#1051510). - pci: pciehp: Convert to threaded IRQ (bsc#1133005). - pci: pciehp: Ignore Link State Changes after powering off a slot (bsc#1133005). - phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs (bsc#1051510). - pM / wakeup: Rework wakeup source timer cancellation (bsc#1051510). - powercap: intel_rapl: add support for Jacobsville (). - powercap: intel_rapl: add support for Jacobsville (FATE#327454). - powerpc/64: Call setup_barrier_nospec() from setup_arch() (bsc#1131107). - powerpc/64: Disable the speculation barrier from the command line (bsc#1131107). - powerpc64/ftrace: Include ftrace.h needed for enable/disable calls (bsc#1088804, git-fixes). - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (bsc#1131107). - powerpc/64s: Add new security feature flags for count cache flush (bsc#1131107). - powerpc/64s: Add support for software count cache flush (bsc#1131107). - powerpc/64s: Fix logic when handling unknown CPU features (bsc#1055117). - powerpc/64s: Fix page table fragment refcount race vs speculative references (bsc#1131326, bsc#1108937). - powerpc/asm: Add a patch_site macro & helpers for patching instructions (bsc#1131107). - powerpc: avoid -mno-sched-epilog on GCC 4.9 and newer (bsc#1065729). - powerpc: consolidate -mno-sched-epilog into FTRACE flags (bsc#1065729). - powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest (bsc#1061840). - powerpc/fsl: Fix spectre_v2 mitigations reporting (bsc#1131107). - powerpc/hugetlb: Handle mmap_min_addr correctly in get_unmapped_area callback (bsc#1131900). - powerpc/kvm: Save and restore host AMR/IAMR/UAMOR (bsc#1061840). - powerpc/mm: Add missing tracepoint for tlbie (bsc#1055117, git-fixes). - powerpc/mm: Check secondary hash page table (bsc#1065729). - powerpc/mm: Fix page table dump to work on Radix (bsc#1055186, fate#323286, git-fixes). - powerpc/mm: Fix page table dump to work on Radix (bsc#1055186, git-fixes). - powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown search (bsc#1131900). - powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186, fate#323286, git-fixes). - powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186, git-fixes). - powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186, fate#323286, git-fixes). - powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186, git-fixes). - powerpc/numa: document topology_updates_enabled, disable by default (bsc#1133584). - powerpc/numa: improve control of topology updates (bsc#1133584). - powerpc/perf: Fix unit_sel/cache_sel checks (bsc#1053043). - powerpc/perf: Remove l2 bus events from HW cache event array (bsc#1053043). - powerpc/powernv/cpuidle: Init all present cpus for deep states (bsc#1055121). - powerpc/powernv: Do not reprogram SLW image on every KVM guest entry/exit (bsc#1061840). - powerpc/powernv/ioda2: Remove redundant free of TCE pages (bsc#1061840). - powerpc/powernv/ioda: Allocate indirect TCE levels of cached userspace addresses on demand (bsc#1061840). - powerpc/powernv/ioda: Fix locked_vm counting for memory used by IOMMU tables (bsc#1061840). - powerpc/powernv: Make opal log only readable by root (bsc#1065729). - powerpc/powernv: Query firmware for count cache flush settings (bsc#1131107). - powerpc/powernv: Remove never used pnv_power9_force_smt4 (bsc#1061840). - powerpc/pseries/mce: Fix misleading print for TLB mutlihit (bsc#1094244, git-fixes). - powerpc/pseries: Query hypervisor for count cache flush settings (bsc#1131107). - powerpc/security: Fix spectre_v2 reporting (bsc#1131107). - powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587). - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#1131587). - power: supply: charger-manager: Fix incorrect return value (bsc#1051510). - pwm-backlight: Enable/disable the PWM before/after LCD enable toggle (bsc#1051510). - qmi_wwan: Add support for Quectel EG12/EM12 (networking-stable-19_03_07). - qmi_wwan: apply SET_DTR quirk to Sierra WP7607 (bsc#1051510). - qmi_wwan: Fix qmap header retrieval in qmimux_rx_fixup (bsc#1051510). - raid10: It's wrong to add len to sector_nr in raid10 reshape twice (git-fixes). - ras/cec: Check the correct variable in the debugfs error handling (bsc#1085535). - ravb: Decrease TxFIFO depth of Q3 and Q2 to one (networking-stable-19_03_15). - rdma/cxgb4: Add support for 64Byte cqes (bsc#1127371). - rdma/cxgb4: Add support for kernel mode SRQ's (bsc#1127371). - rdma/cxgb4: Add support for srq functions & structs (bsc#1127371). - rdma/cxgb4: fix some info leaks (bsc#1127371). - rdma/cxgb4: Make c4iw_poll_cq_one() easier to analyze (bsc#1127371). - rdma/cxgb4: Remove a set-but-not-used variable (bsc#1127371). - rdma/iw_cxgb4: Drop __GFP_NOFAIL (bsc#1127371). - rds: fix refcount bug in rds_sock_addref (git-fixes). - rds: tcp: atomically purge entries from rds_tcp_conn_list during netns delete (git-fixes). - regulator: max77620: Initialize values for DT properties (bsc#1051510). - regulator: s2mpa01: Fix step values for some LDOs (bsc#1051510). - Revert drm/i915 patches that caused regressions (bsc#1131062) - Revert 'ipv4: keep skb->dst around in presence of IP options' (git-fixes). - rhashtable: Still do rehash when we get EEXIST (bsc#1051510). - ring-buffer: Check if memory is available before allocation (bsc#1132531). - rpm/config.sh: Fix build project and bugzilla product. - rtc: 88pm80x: fix unintended sign extension (bsc#1051510). - rtc: 88pm860x: fix unintended sign extension (bsc#1051510). - rtc: cmos: ignore bogus century byte (bsc#1051510). - rtc: ds1672: fix unintended sign extension (bsc#1051510). - rtc: Fix overflow when converting time64_t to rtc_time (bsc#1051510). - rtc: pm8xxx: fix unintended sign extension (bsc#1051510). - rtnetlink: bring NETDEV_CHANGE_TX_QUEUE_LEN event process back in rtnetlink_event (git-fixes). - rtnetlink: bring NETDEV_CHANGEUPPER event process back in rtnetlink_event (git-fixes). - rtnetlink: bring NETDEV_POST_TYPE_CHANGE event process back in rtnetlink_event (git-fixes). - rtnetlink: check DO_SETLINK_NOTIFY correctly in do_setlink (git-fixes). - rxrpc: Do not release call mutex on error pointer (git-fixes). - rxrpc: Do not treat call aborts as conn aborts (git-fixes). - rxrpc: Fix client call queueing, waiting for channel (networking-stable-19_03_15). - rxrpc: Fix Tx ring annotation after initial Tx failure (git-fixes). - s390/dasd: fix panic for failed online processing (bsc#1132589). - s390/pkey: move pckmo subfunction available checks away from module init (bsc#1128544). - s390/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - scsi: libiscsi: fix possible NULL pointer dereference in case of TMF (bsc#1127378). - scsi: libsas: allocate sense buffer for bsg queue (bsc#1131467). - scsi: qla2xxx: Add new FC-NVMe enable BIT to enable FC-NVMe feature (bsc#1130579). - sctp: call gso_reset_checksum when computing checksum in sctp_gso_segment (networking-stable-19_02_24). - serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart (bsc#1051510). - serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling (bsc#1051510). - serial: imx: Update cached mctrl value when changing RTS (bsc#1051510). - serial: max310x: Fix to avoid potential NULL pointer dereference (bsc#1051510). - serial: sh-sci: Fix setting SCSCR_TIE while transferring data (bsc#1051510). - sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach() (networking-stable-19_02_24). - smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510). - soc: fsl: qbman: avoid race in clearing QMan interrupt (bsc#1051510). - SoC: imx-sgtl5000: add missing put_device() (bsc#1051510). - soc: qcom: gsbi: Fix error handling in gsbi_probe() (bsc#1051510). - soc/tegra: fuse: Fix illegal free of IO base address (bsc#1051510). - spi: pxa2xx: Setup maximum supported DMA transfer length (bsc#1051510). - spi: ti-qspi: Fix mmap read when more than one CS in use (bsc#1051510). - spi/topcliff_pch: Fix potential NULL dereference on allocation error (bsc#1051510). - staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf (bsc#1051510). - staging: comedi: ni_usb6501: Fix use of uninitialized mutex (bsc#1051510). - staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf (bsc#1051510). - staging: comedi: vmk80xx: Fix use of uninitialized semaphore (bsc#1051510). - staging: iio: ad7192: Fix ad7193 channel address (bsc#1051510). - staging: rtl8712: uninitialized memory in read_bbreg_hdl() (bsc#1051510). - staging: vt6655: Fix interrupt race condition on device start up (bsc#1051510). - staging: vt6655: Remove vif check from vnt_interrupt (bsc#1051510). - sunrpc/cache: handle missing listeners better (bsc#1126221). - sunrpc: fix 4 more call sites that were using stack memory with a scatterlist (git-fixes). - supported.conf: Add vxlan to kernel-default-base (bsc#1132083). - supported.conf: dw_mmc-bluefield is not needed in kernel-default-base (bsc#1131574). - svm/avic: Fix invalidate logical APIC id entry (bsc#1132726). - svm: Fix AVIC DFR and LDR handling (bsc#1132558). - svm: Fix improper check when deactivate AVIC (bsc#1130335). - sysctl: handle overflow for file-max (bsc#1051510). - tcp: fix TCP_REPAIR_QUEUE bound checking (git-fixes). - tcp: tcp_v4_err() should be more careful (networking-stable-19_02_20). - thermal: bcm2835: Fix crash in bcm2835_thermal_debugfs (bsc#1051510). - thermal/intel_powerclamp: fix truncated kthread name (). - thermal/intel_powerclamp: fix truncated kthread name (FATE#326597). - tipc: fix race condition causing hung sendto (networking-stable-19_03_07). - tpm: Fix some name collisions with drivers/char/tpm.h (bsc#1051510). - tpm: Fix the type of the return value in calc_tpm2_event_size() (bsc#1082555). - tpm_tis_spi: Pass the SPI IRQ down to the driver (bsc#1051510). - tpm/tpm_crb: Avoid unaligned reads in crb_recv() (bsc#1051510). - tracing: Fix a memory leak by early error exit in trace_pid_write() (bsc#1133702). - tracing: Fix buffer_ref pipe ops (bsc#1133698). - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account (bsc#1132527). - tty: atmel_serial: fix a potential NULL pointer dereference (bsc#1051510). - tun: fix blocking read (networking-stable-19_03_07). - tun: remove unnecessary memory barrier (networking-stable-19_03_07). - udf: Fix crash on IO error during truncate (bsc#1131175). - uio: Reduce return paths from uio_write() (bsc#1051510). - Update patches.kabi/kabi-cxgb4-MU.patch (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584 bsc#1127371). - usb: cdc-acm: fix race during wakeup blocking TX traffic (bsc#1129770). - usb: chipidea: Grab the (legacy) USB PHY by phandle first (bsc#1051510). - usb: common: Consider only available nodes for dr_mode (bsc#1129770). - usb: core: only clean up what we allocated (bsc#1051510). - usb: dwc3: gadget: Fix the uninitialized link_state when udc starts (bsc#1051510). - usb: dwc3: gadget: synchronize_irq dwc irq in suspend (bsc#1051510). - usb: f_fs: Avoid crash due to out-of-scope stack ptr access (bsc#1051510). - usb: gadget: f_hid: fix deadlock in f_hidg_write() (bsc#1129770). - usb: gadget: Potential NULL dereference on allocation error (bsc#1051510). - usb: host: xhci-rcar: Add XHCI_TRUST_TX_LENGTH quirk (bsc#1051510). - usb: mtu3: fix EXTCON dependency (bsc#1051510). - usb: phy: fix link errors (bsc#1051510). - usb: phy: twl6030-usb: fix possible use-after-free on remove (bsc#1051510). - usb: serial: cp210x: add ID for Ingenico 3070 (bsc#1129770). - usb: serial: cp210x: add new device id (bsc#1051510). - usb: serial: cp210x: fix GPIO in autosuspend (bsc#1120902). - usb: serial: ftdi_sio: add additional NovaTech products (bsc#1051510). - usb: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485 (bsc#1129770). - usb: serial: mos7720: fix mos_parport refcount imbalance on error path (bsc#1129770). - usb: serial: option: add Olicard 600 (bsc#1051510). - usb: serial: option: add support for Quectel EM12 (bsc#1051510). - usb: serial: option: add Telit ME910 ECM composition (bsc#1129770). - usb: serial: option: set driver_info for SIM5218 and compatibles (bsc#1129770). - vfs: allow dedupe of user owned read-only files (bsc#1133778, bsc#1132219). - vfs: avoid problematic remapping requests into partial EOF block (bsc#1133850, bsc#1132219). - vfs: dedupe: extract helper for a single dedup (bsc#1133769, bsc#1132219). - vfs: dedupe should return EPERM if permission is not granted (bsc#1133779, bsc#1132219). - vfs: exit early from zero length remap operations (bsc#1132411, bsc#1132219). - vfs: export vfs_dedupe_file_range_one() to modules (bsc#1133772, bsc#1132219). - vfs: limit size of dedupe (bsc#1132397, bsc#1132219). - vfs: rename clone_verify_area to remap_verify_area (bsc#1133852, bsc#1132219). - vfs: skip zero-length dedupe requests (bsc#1133851, bsc#1132219). - vfs: swap names of {do,vfs}_clone_file_range() (bsc#1133774, bsc#1132219). - vfs: vfs_clone_file_prep_inodes should return EINVAL for a clone from beyond EOF (bsc#1133780, bsc#1132219). - video: fbdev: Set pixclock = 0 in goldfishfb (bsc#1051510). - vxlan: test dev->flags & IFF_UP before calling netif_rx() (networking-stable-19_02_20). - wil6210: check null pointer in _wil_cfg80211_merge_extra_ies (bsc#1051510). - wlcore: Fix memory leak in case wl12xx_fetch_firmware failure (bsc#1051510). - x86/cpu: Add Atom Tremont (Jacobsville) (). - x86/cpu: Add Atom Tremont (Jacobsville) (FATE#327454). - x86/CPU/AMD: Set the CPB bit unconditionally on F17h (bsc#1114279). - x86/cpu: Sanitize FAM6_ATOM naming (bsc#1111331). - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (bsc#1111331). - x86/kvm/hyper-v: avoid spurious pending stimer on vCPU init (bsc#1132572). - x86/kvm/vmx: Add MDS protection when L1D Flush is not active (bsc#1111331). - x86/MCE/AMD, EDAC/mce_amd: Add new error descriptions for some SMCA bank types (bsc#1128415). - x86/MCE/AMD, EDAC/mce_amd: Add new McaTypes for CS, PSP, and SMU units (bsc#1128415). - x86/MCE/AMD, EDAC/mce_amd: Add new MP5, NBIO, and PCIE SMCA bank types (bsc#1128415). - x86/mce/AMD, EDAC/mce_amd: Enumerate Reserved SMCA bank type (bsc#1128415). - x86/mce/AMD: Pass the bank number to smca_get_bank_type() (bsc#1128415). - x86/MCE: Fix kABI for new AMD bank names (bsc#1128415). - x86/mce: Handle varying MCA bank counts (bsc#1128415). - x86/mce: Improve error message when kernel cannot recover, p2 (bsc#1114279). - x86/msr-index: Cleanup bit defines (bsc#1111331). - x86/PCI: Fixup RTIT_BAR of Intel Denverton Trace Hub (bsc#1120318). - x86/speculation: Consolidate CPU whitelists (bsc#1111331). - x86/speculation/mds: Add basic bug infrastructure for MDS (bsc#1111331). - x86/speculation/mds: Add BUG_MSBDS_ONLY (bsc#1111331). - x86/speculation/mds: Add mds_clear_cpu_buffers() (bsc#1111331). - x86/speculation/mds: Add mds=full,nosmt cmdline option (bsc#1111331). - x86/speculation/mds: Add mitigation control for MDS (bsc#1111331). - x86/speculation/mds: Add mitigation mode VMWERV (bsc#1111331). - x86/speculation/mds: Add 'mitigations=' support for MDS (bsc#1111331). - x86/speculation/mds: Add SMT warning message (bsc#1111331). - x86/speculation/mds: Add sysfs reporting for MDS (bsc#1111331). - x86/speculation/mds: Clear CPU buffers on exit to user (bsc#1111331). - x86/speculation/mds: Conditionally clear CPU buffers on idle entry (bsc#1111331). - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (bsc#1111331). - x86/speculation: Move arch_smt_update() call to after mitigation decisions (bsc#1111331). - x86/speculation: Prevent deadlock on ssb_state::lock (bsc#1114279). - x86/speculation: Simplify the CPU bug detection logic (bsc#1111331). - x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - x86/tsc: Force inlining of cyc2ns bits (bsc#1052904). - x86/uaccess: Do not leak the AC flag into __put_user() value evaluation (bsc#1114279). - xen-netback: do not populate the hash cache on XenBus disconnect (networking-stable-19_03_07). - xen-netback: fix occasional leak of grant ref mappings under memory pressure (networking-stable-19_03_07). - xen: Prevent buffer overflow in privcmd ioctl (bsc#1065600). - xfrm: do not call rcu_read_unlock when afinfo is NULL in xfrm_get_tos (git-fixes). - xfrm: Fix ESN sequence number handling for IPsec GSO packets (git-fixes). - xfrm: fix rcu_read_unlock usage in xfrm_local_error (git-fixes). - xfs: add the ability to join a held buffer to a defer_ops (bsc#1133674). - xfs: allow xfs_lock_two_inodes to take different EXCL/SHARED modes (bsc#1132370, bsc#1132219). - xfs: call xfs_qm_dqattach before performing reflink operations (bsc#1132368, bsc#1132219). - xfs: cap the length of deduplication requests (bsc#1132373, bsc#1132219). - xfs: clean up xfs_reflink_remap_blocks call site (bsc#1132413, bsc#1132219). - xfs: fix data corruption w/ unaligned dedupe ranges (bsc#1132405, bsc#1132219). - xfs: fix data corruption w/ unaligned reflink ranges (bsc#1132407, bsc#1132219). - xfs: fix pagecache truncation prior to reflink (bsc#1132412, bsc#1132219). - xfs: fix reporting supported extra file attributes for statx() (bsc#1133529). - xfs: flush removing page cache in xfs_reflink_remap_prep (bsc#1132414, bsc#1132219). - xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute (bsc#1133675). - xfs: only grab shared inode locks for source file during reflink (bsc#1132372, bsc#1132219). - xfs: refactor clonerange preparation into a separate helper (bsc#1132402, bsc#1132219). - xfs: refactor xfs_trans_roll (bsc#1133667). - xfs: reflink find shared should take a transaction (bsc#1132226, bsc#1132219). - xfs: reflink should break pnfs leases before sharing blocks (bsc#1132369, bsc#1132219). - xfs: remove dest file's post-eof preallocations before reflinking (bsc#1132365, bsc#1132219). - xfs: remove the ip argument to xfs_defer_finish (bsc#1133672). - xfs: rename xfs_defer_join to xfs_defer_ijoin (bsc#1133668). - xfs: update ctime and remove suid before cloning files (bsc#1132404, bsc#1132219). - xfs: zero posteof blocks when cloning above eof (bsc#1132403, bsc#1132219). - xhci: Do not let USB3 ports stuck in polling state prevent suspend (bsc#1051510). - xhci: Fix port resume done detection for SS ports with LPM enabled (bsc#1051510). Important SUSE bug 1050549 SUSE bug 1051510 SUSE bug 1052904 SUSE bug 1053043 SUSE bug 1055117 SUSE bug 1055121 SUSE bug 1055186 SUSE bug 1061840 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1070872 SUSE bug 1082555 SUSE bug 1083647 SUSE bug 1085535 SUSE bug 1085536 SUSE bug 1088804 SUSE bug 1094244 SUSE bug 1097583 SUSE bug 1097584 SUSE bug 1097585 SUSE bug 1097586 SUSE bug 1097587 SUSE bug 1097588 SUSE bug 1100132 SUSE bug 1103186 SUSE bug 1103259 SUSE bug 1108193 SUSE bug 1108937 SUSE bug 1111331 SUSE bug 1112128 SUSE bug 1112178 SUSE bug 1113399 SUSE bug 1113722 SUSE bug 1114279 SUSE bug 1114542 SUSE bug 1114638 SUSE bug 1119086 SUSE bug 1119680 SUSE bug 1120318 SUSE bug 1120902 SUSE bug 1122767 SUSE bug 1123105 SUSE bug 1125342 SUSE bug 1126221 SUSE bug 1126356 SUSE bug 1126704 SUSE bug 1126740 SUSE bug 1127175 SUSE bug 1127371 SUSE bug 1127372 SUSE bug 1127374 SUSE bug 1127378 SUSE bug 1127445 SUSE bug 1128415 SUSE bug 1128544 SUSE bug 1129273 SUSE bug 1129276 SUSE bug 1129770 SUSE bug 1130130 SUSE bug 1130154 SUSE bug 1130195 SUSE bug 1130335 SUSE bug 1130336 SUSE bug 1130337 SUSE bug 1130338 SUSE bug 1130425 SUSE bug 1130427 SUSE bug 1130518 SUSE bug 1130527 SUSE bug 1130567 SUSE bug 1130579 SUSE bug 1131062 SUSE bug 1131107 SUSE bug 1131167 SUSE bug 1131168 SUSE bug 1131169 SUSE bug 1131170 SUSE bug 1131171 SUSE bug 1131172 SUSE bug 1131173 SUSE bug 1131174 SUSE bug 1131175 SUSE bug 1131176 SUSE bug 1131177 SUSE bug 1131178 SUSE bug 1131179 SUSE bug 1131180 SUSE bug 1131290 SUSE bug 1131326 SUSE bug 1131335 SUSE bug 1131336 SUSE bug 1131416 SUSE bug 1131427 SUSE bug 1131442 SUSE bug 1131467 SUSE bug 1131574 SUSE bug 1131587 SUSE bug 1131659 SUSE bug 1131673 SUSE bug 1131847 SUSE bug 1131848 SUSE bug 1131851 SUSE bug 1131900 SUSE bug 1131934 SUSE bug 1131935 SUSE bug 1132083 SUSE bug 1132219 SUSE bug 1132226 SUSE bug 1132227 SUSE bug 1132365 SUSE bug 1132368 SUSE bug 1132369 SUSE bug 1132370 SUSE bug 1132372 SUSE bug 1132373 SUSE bug 1132384 SUSE bug 1132397 SUSE bug 1132402 SUSE bug 1132403 SUSE bug 1132404 SUSE bug 1132405 SUSE bug 1132407 SUSE bug 1132411 SUSE bug 1132412 SUSE bug 1132413 SUSE bug 1132414 SUSE bug 1132426 SUSE bug 1132527 SUSE bug 1132531 SUSE bug 1132555 SUSE bug 1132558 SUSE bug 1132561 SUSE bug 1132562 SUSE bug 1132563 SUSE bug 1132564 SUSE bug 1132570 SUSE bug 1132571 SUSE bug 1132572 SUSE bug 1132589 SUSE bug 1132618 SUSE bug 1132681 SUSE bug 1132726 SUSE bug 1132828 SUSE bug 1132943 SUSE bug 1133005 SUSE bug 1133094 SUSE bug 1133095 SUSE bug 1133115 SUSE bug 1133149 SUSE bug 1133486 SUSE bug 1133529 SUSE bug 1133584 SUSE bug 1133667 SUSE bug 1133668 SUSE bug 1133672 SUSE bug 1133674 SUSE bug 1133675 SUSE bug 1133698 SUSE bug 1133702 SUSE bug 1133731 SUSE bug 1133769 SUSE bug 1133772 SUSE bug 1133774 SUSE bug 1133778 SUSE bug 1133779 SUSE bug 1133780 SUSE bug 1133825 SUSE bug 1133850 SUSE bug 1133851 SUSE bug 1133852 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-16880 CVE-2019-11091 CVE-2019-3882 CVE-2019-9003 CVE-2019-9500 CVE-2019-9503 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for xen fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the XEN Hypervisor adjustments, that additionaly also use CPU Microcode updates. The mitigation can be controlled via the 'mds' commandline option, see the documentation. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Security issue fixed: - CVE-2018-20815: Fixed a heap buffer overflow while loading device tree blob (bsc#1130680) Other fixes: - Added code to change LIBXL_HOTPLUG_TIMEOUT at runtime. The included README has details about the impact of this change (bsc#1120095) - Fixes in Live migrating PV domUs An earlier change broke live migration of PV domUs without a device model. The migration would stall for 10 seconds while the domU was paused, which caused network connections to drop. Fix this by tracking the need for a device model within libxl. (bsc#1079730, bsc#1098403, bsc#1111025) Important SUSE bug 1027519 SUSE bug 1079730 SUSE bug 1098403 SUSE bug 1111025 SUSE bug 1111331 SUSE bug 1120095 SUSE bug 1130680 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-20815 CVE-2019-11091 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-6954: Fixed a vulnerability in the symlink handling of systemd-tmpfiles which allowed a local user to obtain ownership of arbitrary files (bsc#1080919). - CVE-2019-3842: Fixed a vulnerability in pam_systemd which allowed a local user to escalate privileges (bsc#1132348). - CVE-2019-6454: Fixed a denial of service caused by long dbus messages (bsc#1125352). Non-security issues fixed: - systemd-coredump: generate a stack trace of all core dumps (jsc#SLE-5933) - udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400) - sd-bus: bump message queue size again (bsc#1132721) - core: only watch processes when it's really necessary (bsc#955942 bsc#1128657) - rules: load drivers only on 'add' events (bsc#1126056) - sysctl: Don't pass null directive argument to '%s' (bsc#1121563) - Do not automatically online memory on s390x (bsc#1127557) Important SUSE bug 1080919 SUSE bug 1121563 SUSE bug 1125352 SUSE bug 1126056 SUSE bug 1127557 SUSE bug 1128657 SUSE bug 1130230 SUSE bug 1132348 SUSE bug 1132400 SUSE bug 1132721 SUSE bug 955942 CVE-2018-6954 CVE-2019-3842 CVE-2019-6454 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libraw fixes the following issues: Security issues fixed: - CVE-2018-20365: Fixed a heap-based buffer overflow in the raw2image function of libraw_cxx.cpp (bsc#1120500) - CVE-2018-20364: Fixed a NULL pointer dereference in the copy_bayer function of libraw_cxx.cpp (bsc#1120499) - CVE-2018-20363: Fixed a NULL pointer dereference in the raw2image function of libraw_cxx.cpp (bsc#1120498) - CVE-2018-5817: Fixed an infinite loop in the unpacked_load_raw function of dcraw_common.cpp (bsc#1120515) - CVE-2018-5818: Fixed an infinite loop in the parse_rollei function of dcraw_common.cpp (bsc#1120516) - CVE-2018-5819: Fixed a denial of service in the parse_sinar_ia function of dcraw_common.cpp (bsc#1120517) Moderate SUSE bug 1120498 SUSE bug 1120499 SUSE bug 1120500 SUSE bug 1120515 SUSE bug 1120516 SUSE bug 1120517 CVE-2018-20363 CVE-2018-20364 CVE-2018-20365 CVE-2018-5817 CVE-2018-5818 CVE-2018-5819 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for PackageKit fixes the following issues: - Fixed displaying the license agreement pop up window during package update (bsc#1038425). Moderate SUSE bug 1038425 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for ucode-intel fixes the following issues: ucode-intel was updated to official QSR 2019.1 microcode release (bsc#1111331 CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091) ---- new platforms ---------------------------------------- VLV C0 6-37-8/02 00000838 Atom Z series VLV C0 6-37-8/0C 00000838 Celeron N2xxx, Pentium N35xx VLV D0 6-37-9/0F 0000090c Atom E38xx CHV C0 6-4c-3/01 00000368 Atom X series CHV D0 6-4c-4/01 00000411 Atom X series Readded Broadwell CPU ucode that was missing in last update: BDX-ML B0/M0/R0 6-4f-1/ef 0b00002e->00000036 Xeon E5/E7 v4; Core i7-69xx/68xx Important SUSE bug 1111331 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for openssh fixes the following issues: Security issue fixed: - CVE-2018-20685: Fixed an issue where scp client allows remote SSH servers to bypass intended access restrictions (bsc#1121571) - CVE-2019-6109: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate terminal output via the object name, e.g. by inserting ANSI escape sequences (bsc#1121816) - CVE-2019-6110: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate stderr output, e.g. by inserting ANSI escape sequences (bsc#1121818) - CVE-2019-6111: Fixed an issue where the scp client would allow malicious remote SSH servers to execute directory traversal attacks and overwrite files (bsc#1121821) Important SUSE bug 1121571 SUSE bug 1121816 SUSE bug 1121818 SUSE bug 1121821 CVE-2018-20685 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for sysstat fixes the following issues: Security issues fixed: - CVE-2018-19416: Fixed out-of-bounds read during a memmove call inside the remap_struct function (bsc#1117001). - CVE-2018-19517: Fixed out-of-bounds read during a memset call inside the remap_struct function (bsc#1117260). Low SUSE bug 1117001 SUSE bug 1117260 CVE-2018-19416 CVE-2018-19517 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for bluez fixes the following issues: Security vulnerability addressed: - CVE-2016-9797: Fixed a buffer over-read in l2cap_dump() (bsc#1013708). - CVE-2016-9798: Fixed a use-after-free in conf_opt() (bsc#1013712). - CVE-2016-9917: Fixed a heap-based buffer overflow in read_n() (bsc#1015171). - CVE-2016-9802: Fixed a buffer over-read in l2cap_packet() (bsc#1013893). - CVE-2016-9918: Fixed an out-of-bounds stack read in packet_hexdump(), which could be triggered by processing a corrupted dump file and will result in a crash of the hcidump tool (bsc#1015173) Moderate SUSE bug 1013708 SUSE bug 1013712 SUSE bug 1013893 SUSE bug 1015171 SUSE bug 1015173 CVE-2016-9797 CVE-2016-9798 CVE-2016-9802 CVE-2016-9917 CVE-2016-9918 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for freerdp fixes the following issues: Security issues fixed: - CVE-2018-0886: Fix a remote code execution vulnerability (CredSSP) (bsc#1085416, bsc#1087240, bsc#1104918) - CVE-2018-8789: Fix several denial of service vulnerabilities in the in the NTLM Authentication module (bsc#1117965) - CVE-2018-8785: Fix a potential remote code execution vulnerability in the zgfx_decompress function (bsc#1117967) - CVE-2018-8786: Fix a potential remote code execution vulnerability in the update_read_bitmap_update function (bsc#1117966) - CVE-2018-8787: Fix a potential remote code execution vulnerability in the gdi_Bitmap_Decompress function (bsc#1117964) - CVE-2018-8788: Fix a potential remote code execution vulnerability in the nsc_rle_decode function (bsc#1117963) - CVE-2018-8784: Fix a potential remote code execution vulnerability in the zgfx_decompress_segment function (bsc#1116708) - CVE-2018-1000852: Fixed a remote memory access in the drdynvc_process_capability_request function (bsc#1120507) Important SUSE bug 1085416 SUSE bug 1087240 SUSE bug 1104918 SUSE bug 1116708 SUSE bug 1117963 SUSE bug 1117964 SUSE bug 1117965 SUSE bug 1117966 SUSE bug 1117967 SUSE bug 1120507 CVE-2018-0886 CVE-2018-1000852 CVE-2018-8784 CVE-2018-8785 CVE-2018-8786 CVE-2018-8787 CVE-2018-8788 CVE-2018-8789 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libvirt fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the libvirt adjustments, that pass through the new 'md-clear' CPU flag (bsc#1135273). For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Important SUSE bug 1111331 SUSE bug 1135273 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for systemd provides the following fixes: Security issues fixed: - CVE-2018-16864, CVE-2018-16865: Fixed two memory corruptions through attacker-controlled alloca()s (bsc#1120323) - CVE-2018-16866: Fixed an information leak in journald (bsc#1120323) - Fixed an issue during system startup in relation to encrypted swap disks (bsc#1119971) Non-security issues fixed: - core: Queue loading transient units after setting their properties. (bsc#1115518) - logind: Stop managing VT switches if no sessions are registered on that VT. (bsc#1101591) - terminal-util: introduce vt_release() and vt_restore() helpers. - terminal: Unify code for resetting kbd utf8 mode a bit. - terminal Reset should honour default_utf8 kernel setting. - logind: Make session_restore_vt() static. - udev: Downgrade message when settting inotify watch up fails. (bsc#1005023) - log: Never log into foreign fd #2 in PID 1 or its pre-execve() children. (bsc#1114981) - udev: Ignore the exit code of systemd-detect-virt for memory hot-add. In SLE-12-SP3, 80-hotplug-cpu-mem.rules has a memory hot-add rule that uses systemd-detect-virt to detect non-zvm environment. The systemd-detect-virt returns exit failure code when it detected _none_ state. The exit failure code causes that the hot-add memory block can not be set to online. (bsc#1076696) Moderate SUSE bug 1005023 SUSE bug 1076696 SUSE bug 1101591 SUSE bug 1114981 SUSE bug 1115518 SUSE bug 1119971 SUSE bug 1120323 CVE-2018-16864 CVE-2018-16865 CVE-2018-16866 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for screen fixes the following issues: Security issue fixed: - CVE-2015-6806: Fixed a stack overflow due to deep recursion (bsc#944458). Non-security issue fixed: - Fixed segmentation faults related to altscreen and resizing screen (bsc#1130831). Moderate SUSE bug 1130831 SUSE bug 944458 CVE-2015-6806 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libtasn1 fixes the following issues: Security issues fixed: - CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435). - CVE-2017-6891: Fixed a stack overflow in asn1_find_node() (bsc#1040621). Moderate SUSE bug 1040621 SUSE bug 1105435 CVE-2017-6891 CVE-2018-1000654 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for wireshark to version 2.4.12 fixes the following issues: Security issues fixed: - CVE-2019-5717: Fixed a denial of service in the P_MUL dissector (bsc#1121232) - CVE-2019-5718: Fixed a denial of service in the RTSE dissector and other dissectors (bsc#1121233) - CVE-2019-5719: Fixed a denial of service in the ISAKMP dissector (bsc#1121234) - CVE-2019-5721: Fixed a denial of service in the ISAKMP dissector (bsc#1121235) Moderate SUSE bug 1121232 SUSE bug 1121233 SUSE bug 1121234 SUSE bug 1121235 CVE-2019-5717 CVE-2019-5718 CVE-2019-5719 CVE-2019-5721 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for MozillaFirefox fixes the following issues: Security issues fixed: - CVE-2019-11691: Use-after-free in XMLHttpRequest - CVE-2019-11692: Use-after-free removing listeners in the event listener manager - CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux - CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox - CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks - CVE-2019-7317: Use-after-free in png_image_free of libpng library - CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 - CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS - CVE-2019-9816: Type confusion with object groups and UnboxedObjects - CVE-2019-9817: Stealing of cross-domain images using canvas - CVE-2019-9818: Use-after-free in crash generation server - CVE-2019-9819: Compartment mismatch with fetch API - CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell Non-security issues fixed: - Font and date adjustments to accommodate the new Reiwa era in Japan - Update to Firefox ESR 60.7 (bsc#1135824) Important SUSE bug 1135824 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11694 CVE-2019-11698 CVE-2019-7317 CVE-2019-9800 CVE-2019-9815 CVE-2019-9816 CVE-2019-9817 CVE-2019-9818 CVE-2019-9819 CVE-2019-9820 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for gnome-shell fixes the following issues: Security issue fixed: - CVE-2019-3820: Fixed a partial lock screen bypass (bsc#1124493). Fixed bugs: - Remove sessionList of endSessionDialog for security reasons (jsc#SLE-6660). Moderate SUSE bug 1124493 CVE-2019-3820 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for evolution fixes the following issue: Security issue fixed: - CVE-2018-15587: Fixed OpenPGP signatures spoofing via specially crafted email that contains a valid signature (bsc#1125230). Moderate SUSE bug 1125230 CVE-2018-15587 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for java-1_7_0-openjdk fixes the following issues: Update to 2.6.18 - OpenJDK 7u221 (April 2019 CPU) Security issues fixed: - CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728). - CVE-2019-2684: Fixed flaw inside the RMI registry implementation (bsc#1132732). - CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729). - CVE-2019-2422: Fixed memory disclosure in FileChannelImpl (bsc#1122293). - CVE-2018-11212: Fixed a Divide By Zero in alloc_sarray function in jmemmgr.c (bsc#1122299). - CVE-2019-2426: Improve web server connections (bsc#1134297). Bug fixes: - Please check the package Changelog for detailed information. Moderate SUSE bug 1122293 SUSE bug 1122299 SUSE bug 1132728 SUSE bug 1132729 SUSE bug 1132732 SUSE bug 1134297 CVE-2018-11212 CVE-2019-2422 CVE-2019-2426 CVE-2019-2602 CVE-2019-2684 CVE-2019-2698 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for python fixes the following issues: Security issues fixed: - CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead (bsc#1130847). - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). Important SUSE bug 1129346 SUSE bug 1130847 CVE-2019-9636 CVE-2019-9948 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for ghostscript to version 9.26a fixes the following issues: Security issue fixed: - CVE-2019-6116: subroutines within pseudo-operators must themselves be pseudo-operators (bsc#1122319) Important SUSE bug 1122319 CVE-2019-6116 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libreoffice and libraries fixes the following issues: LibreOffice was updated to 6.2.3.2 (fate#327121 bsc#1128845 bsc#1123455), bringing lots of bug and stability fixes. Additional bugfixes: - If there is no firebird engine we still need java to run hsqldb (bsc#1135189) - PPTX: Rectangle turns from green to blue and loses transparency when transparency is set (bsc#1135228) - Slide deck compression doesn't, hmm, compress too much (bsc#1127760) - Psychedelic graphics in LibreOffice (but not PowerPoint) (bsc#1124869) - Image from PPTX shown in a square, not a circle (bsc#1121874) libixion was updated to 0.14.1: * Updated for new orcus liborcus was updated to 0.14.1: * Boost 1.67 support * Various cell handling issues fixed libwps was updated to 0.4.10: * QuattroPro: add parser of .qwp files * all: support complex encoding mdds was updated to 1.4.3: * Api change to 1.4 * More multivector opreations and tweaks * Various multi vector fixes * flat_segment_tree: add segment iterator and functions * fix to handle out-of-range insertions on flat_segment_tree * Another api version -> rename to mdds-1_2 myspell-dictionaries was updated to 20190423: * Serbian dictionary updated * Update af_ZA hunspell * Update Spanish dictionary * Update Slovenian dictionary * Update Breton dictionary * Update Galician dictionary Moderate SUSE bug 1089811 SUSE bug 1116451 SUSE bug 1121874 SUSE bug 1123131 SUSE bug 1123455 SUSE bug 1124062 SUSE bug 1124869 SUSE bug 1127760 SUSE bug 1127857 SUSE bug 1128845 SUSE bug 1135189 SUSE bug 1135228 CVE-2018-16858 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for vim fixes the following issue: Security issue fixed: - CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c (bsc#1137443). Important SUSE bug 1137443 CVE-2019-12735 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for webkit2gtk3 to version 2.22.5 fixes the following issues: Security issues fixed: - CVE-2018-4438: Fixed a logic issue which lead to memory corruption (bsc#1119554) - CVE-2018-4437, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464: Fixed multiple memory corruption issues with improved memory handling (bsc#1119553, bsc#1119555, bsc#1119556, bsc#1119557, bsc#1119558) Important SUSE bug 1119553 SUSE bug 1119554 SUSE bug 1119555 SUSE bug 1119556 SUSE bug 1119557 SUSE bug 1119558 CVE-2018-4437 CVE-2018-4438 CVE-2018-4441 CVE-2018-4442 CVE-2018-4443 CVE-2018-4464 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libcroco fixes the following issues: Security issues fixed: - CVE-2017-7960: Fixed heap overflow (input: check end of input before reading a byte) (bsc#1034481). - CVE-2017-7961: Fixed undefined behavior (tknzr: support only max long rgb values) (bsc#1034482). - CVE-2017-8834: Fixed denial of service (memory allocation error) via a crafted CSS file (bsc#1043898). - CVE-2017-8871: Fixed denial of service (infinite loop and CPU consumption) via a crafted CSS file (bsc#1043899). Moderate SUSE bug 1034481 SUSE bug 1034482 SUSE bug 1043898 SUSE bug 1043899 CVE-2017-7960 CVE-2017-7961 CVE-2017-8834 CVE-2017-8871 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for sssd fixes the following issues: Security issue fixed: - CVE-2018-16838: Fixed an authentication bypass related to the Group Policy Objects implementation (bsc#1124194) Non-security issues fixed: - Missing GPOs directory could have led to login problems (bsc#1132879) - Fix a crash by adding a netgroup counter to struct nss_enum_index (bsc#1132657) - Allow defaults sudoRole without sudoUser attribute (bsc#1135247) Moderate SUSE bug 1124194 SUSE bug 1132657 SUSE bug 1132879 SUSE bug 1135247 CVE-2018-16838 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2019-10130: Prevent row-level security policies from being bypassed via selectivity estimators (bsc#1134689). Bug fixes: - For a complete list of fixes check the release notes. * https://www.postgresql.org/docs/10/release-10-8.html * https://www.postgresql.org/docs/10/release-10-7.html Moderate SUSE bug 1134689 CVE-2019-10130 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers (bsc#1121816). - CVE-2019-6111: Properly validate object names received by the scp client to prevent arbitrary file overwrites when interacting with a malicious SSH server (bsc#1121821). Other issues fixed: - Fixed two race conditions in sshd relating to SIGHUP (bsc#1119183). - Returned proper reason for port forwarding failures (bsc#1090671). - Fixed a double free() in the KDF CAVS testing tool (bsc#1065237). Moderate SUSE bug 1065237 SUSE bug 1090671 SUSE bug 1119183 SUSE bug 1121816 SUSE bug 1121821 SUSE bug 1131709 CVE-2019-6109 CVE-2019-6111 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. - CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power. - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) - CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) - CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) - CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM existed. It could have occured with FUSE requests. (bnc#1133190) - CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) - CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603) - CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access. (bnc#1135278) - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a hidPCONNADD command, because a name field may not end with a '\0' character. (bnc#1134848) - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions. (bnc#1133188) The following non-security bugs were fixed: - 9p locks: add mount option for lock retry interval (bsc#1051510). - Update config files. Debug kernel is not supported (bsc#1135492). - acpi / utils: Drop reference in test for device presence (bsc#1051510). - acpi: button: reinitialize button state upon resume (bsc#1051510). - acpi: fix menuconfig presentation of acpi submenu (bsc#1117158). - acpica: AML interpreter: add region addresses in global list during initialization (bsc#1051510). - acpica: Namespace: remove address node from global list after method termination (bsc#1051510). - alsa: core: Do not refer to snd_cards array directly (bsc#1051510). - alsa: emu10k1: Drop superfluous id-uniquification behavior (bsc#1051510). - alsa: hda - Register irq handler after the chip initialization (bsc#1051510). - alsa: hda - Use a macro for snd_array iteration loops (bsc#1051510). - alsa: hda/hdmi - Consider eld_valid when reporting jack event (bsc#1051510). - alsa: hda/hdmi - Read the pin sense from register when repolling (bsc#1051510). - alsa: hda/realtek - Avoid superfluous COEF EAPD setups (bsc#1051510). - alsa: hda/realtek - Corrected fixup for System76 Gazelle (gaze14) (bsc#1051510). - alsa: hda/realtek - EAPD turn on later (bsc#1051510). - alsa: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug (bsc#1051510). - alsa: hda/realtek - Fixup headphone noise via runtime suspend (bsc#1051510). - alsa: hda/realtek - Improve the headset mic for Acer Aspire laptops (bsc#1051510). - alsa: hdea/realtek - Headset fixup for System76 Gazelle (gaze14) (bsc#1051510). - alsa: line6: Avoid polluting led_* namespace (bsc#1051510). - alsa: seq: Align temporary re-locking with irqsave version (bsc#1051510). - alsa: seq: Correct unlock sequence at snd_seq_client_ioctl_unlock() (bsc#1051510). - alsa: seq: Cover unsubscribe_port() in list_mutex (bsc#1051510). - alsa: seq: Fix race of get-subscription call vs port-delete ioctls (bsc#1051510). - alsa: seq: Protect in-kernel ioctl calls with mutex (bsc#1051510). - alsa: seq: Protect racy pool manipulation from OSS sequencer (bsc#1051510). - alsa: seq: Remove superfluous irqsave flags (bsc#1051510). - alsa: seq: Simplify snd_seq_kernel_client_enqueue() helper (bsc#1051510). - alsa: timer: Check ack_list emptiness instead of bit flag (bsc#1051510). - alsa: timer: Coding style fixes (bsc#1051510). - alsa: timer: Make snd_timer_close() really kill pending actions (bsc#1051510). - alsa: timer: Make sure to clear pending ack list (bsc#1051510). - alsa: timer: Revert active callback sync check at close (bsc#1051510). - alsa: timer: Simplify error path in snd_timer_open() (bsc#1051510). - alsa: timer: Unify timer callback process code (bsc#1051510). - alsa: usb-audio: Fix a memory leak bug (bsc#1051510). - alsa: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk() (bsc#1051510). - alsa: usx2y: fix a double free bug (bsc#1051510). - appletalk: Fix compile regression (bsc#1051510). - appletalk: Fix use-after-free in atalk_proc_exit (bsc#1051510). - arch: arm64: acpi: KABI ginore includes (bsc#1117158 bsc#1134671). - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (bsc#1117158). - arm64/x86: Update config files. Use CONFIG_ARCH_SUPPORTS_acpi - arm64: Export save_stack_trace_tsk() (jsc#SLE-4214). - arm64: acpi: fix alignment fault in accessing acpi (bsc#1117158). - arm64: fix acpi dependencies (bsc#1117158). - arm: 8824/1: fix a migrating irq bug when hotplug cpu (bsc#1051510). - arm: 8833/1: Ensure that NEON code always compiles with Clang (bsc#1051510). - arm: 8839/1: kprobe: make patch_lock a raw_spinlock_t (bsc#1051510). - arm: 8840/1: use a raw_spinlock_t in unwind (bsc#1051510). - arm: OMAP2+: Variable 'reg' in function omap4_dsi_mux_pads() could be uninitialized (bsc#1051510). - arm: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug (bsc#1051510). - arm: avoid Cortex-A9 livelock on tight dmb loops (bsc#1051510). - arm: imx6q: cpuidle: fix bug that CPU might not wake up at expected time (bsc#1051510). - arm: iop: do not use using 64-bit DMA masks (bsc#1051510). - arm: orion: do not use using 64-bit DMA masks (bsc#1051510). - arm: pxa: ssp: unneeded to free devm_ allocated data (bsc#1051510). - arm: s3c24xx: Fix boolean expressions in osiris_dvs_notify (bsc#1051510). - arm: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms (bsc#1051510). - asoc: Intel: avoid Oops if DMA setup fails (bsc#1051510). - asoc: RT5677-SPI: Disable 16Bit SPI Transfers (bsc#1051510). - asoc: cs4270: Set auto-increment bit for register writes (bsc#1051510). - asoc: fix valid stream condition (bsc#1051510). - asoc: fsl_esai: Fix missing break in switch statement (bsc#1051510). - asoc: hdmi-codec: fix S/PDIF DAI (bsc#1051510). - asoc: max98090: Fix restore of DAPM Muxes (bsc#1051510). - asoc: nau8810: fix the issue of widget with prefixed name (bsc#1051510). - asoc: nau8824: fix the issue of the widget with prefix name (bsc#1051510). - asoc: samsung: odroid: Fix clock configuration for 44100 sample rate (bsc#1051510). - asoc: stm32: fix sai driver name initialisation (bsc#1051510). - asoc: tlv320aic32x4: Fix Common Pins (bsc#1051510). - asoc: wm_adsp: Add locking to wm_adsp2_bus_error (bsc#1051510). - asoc:soc-pcm:fix a codec fixup issue in TDM case (bsc#1051510). - at76c50x-usb: Do not register led_trigger if usb_register_driver failed (bsc#1051510). - audit: fix a memleak caused by auditing load module (bsc#1051510). - b43: shut up clang -Wuninitialized variable warning (bsc#1051510). - backlight: lm3630a: Return 0 on success in update_status functions (bsc#1051510). - bcache: Move couple of functions to sysfs.c (bsc#1130972). - bcache: Move couple of string arrays to sysfs.c (bsc#1130972). - bcache: Populate writeback_rate_minimum attribute (bsc#1130972). - bcache: Replace bch_read_string_list() by __sysfs_match_string() (bsc#1130972). - bcache: account size of buckets used in uuid write to ca->meta_sectors_written (bsc#1130972). - bcache: add MODULE_DESCRIPTION information (bsc#1130972). - bcache: add a comment in super.c (bsc#1130972). - bcache: add code comments for bset.c (bsc#1130972). - bcache: add comment for cache_set->fill_iter (bsc#1130972). - bcache: add identifier names to arguments of function definitions (bsc#1130972). - bcache: add missing SPDX header (bsc#1130972). - bcache: add separate workqueue for journal_write to avoid deadlock (bsc#1130972). - bcache: add static const prefix to char * array declarations (bsc#1130972). - bcache: add sysfs_strtoul_bool() for setting bit-field variables (bsc#1130972). - bcache: add the missing comments for smp_mb()/smp_wmb() (bsc#1130972). - bcache: cannot set writeback_running via sysfs if no writeback kthread created (bsc#1130972). - bcache: correct dirty data statistics (bsc#1130972). - bcache: do not assign in if condition in bcache_init() (bsc#1130972). - bcache: do not assign in if condition register_bcache() (bsc#1130972). - bcache: do not check NULL pointer before calling kmem_cache_destroy (bsc#1130972). - bcache: do not check if debug dentry is ERR or NULL explicitly on remove (bsc#1130972). - bcache: do not clone bio in bch_data_verify (bsc#1130972). - bcache: do not mark writeback_running too early (bsc#1130972). - bcache: export backing_dev_name via sysfs (bsc#1130972). - bcache: export backing_dev_uuid via sysfs (bsc#1130972). - bcache: fix code comments style (bsc#1130972). - bcache: fix indent by replacing blank by tabs (bsc#1130972). - bcache: fix indentation issue, remove tabs on a hunk of code (bsc#1130972). - bcache: fix input integer overflow of congested threshold (bsc#1130972). - bcache: fix input overflow to cache set io_error_limit (bsc#1130972). - bcache: fix input overflow to cache set sysfs file io_error_halflife (bsc#1130972). - bcache: fix input overflow to journal_delay_ms (bsc#1130972). - bcache: fix input overflow to sequential_cutoff (bsc#1130972). - bcache: fix input overflow to writeback_delay (bsc#1130972). - bcache: fix input overflow to writeback_rate_minimum (bsc#1130972). - bcache: fix ioctl in flash device (bsc#1130972). - bcache: fix mistaken code comments in bcache.h (bsc#1130972). - bcache: fix mistaken comments in request.c (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_i_term_inverse (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_p_term_inverse (bsc#1130972). - bcache: fix typo 'succesfully' to 'successfully' (bsc#1130972). - bcache: fix typo in code comments of closure_return_with_destructor() (bsc#1130972). - bcache: improve sysfs_strtoul_clamp() (bsc#1130972). - bcache: introduce force_wake_up_gc() (bsc#1130972). - bcache: make cutoff_writeback and cutoff_writeback_sync tunable (bsc#1130972). - bcache: move open brace at end of function definitions to next line (bsc#1130972). - bcache: never writeback a discard operation (bsc#1130972). - bcache: not use hard coded memset size in bch_cache_accounting_clear() (bsc#1130972). - bcache: option to automatically run gc thread after writeback (bsc#1130972). - bcache: panic fix for making cache device (bsc#1130972). - bcache: prefer 'help' in Kconfig (bsc#1130972). - bcache: print number of keys in trace_bcache_journal_write (bsc#1130972). - bcache: recal cached_dev_sectors on detach (bsc#1130972). - bcache: remove unnecessary space before ioctl function pointer arguments (bsc#1130972). - bcache: remove unused bch_passthrough_cache (bsc#1130972). - bcache: remove useless parameter of bch_debug_init() (bsc#1130972). - bcache: replace '%pF' by '%pS' in seq_printf() (bsc#1130972). - bcache: replace Symbolic permissions by octal permission numbers (bsc#1130972). - bcache: replace hard coded number with BUCKET_GC_GEN_MAX (bsc#1130972). - bcache: replace printk() by pr_*() routines (bsc#1130972). - bcache: set writeback_percent in a flexible range (bsc#1130972). - bcache: split combined if-condition code into separate ones (bsc#1130972). - bcache: stop bcache device when backing device is offline (bsc#1130972). - bcache: stop using the deprecated get_seconds() (bsc#1130972). - bcache: style fix to add a blank line after declarations (bsc#1130972). - bcache: style fix to replace 'unsigned' by 'unsigned int' (bsc#1130972). - bcache: style fixes for lines over 80 characters (bsc#1130972). - bcache: treat stale and dirty keys as bad keys (bsc#1130972). - bcache: trivial - remove tailing backslash in macro BTREE_FLAG (bsc#1130972). - bcache: update comment for bch_data_insert (bsc#1130972). - bcache: update comment in sysfs.c (bsc#1130972). - bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata (bsc#1130972). - bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set (bsc#1130972). - bcache: use REQ_PRIO to indicate bio for metadata (bsc#1130972). - bcache: use routines from lib/crc64.c for CRC64 calculation (bsc#1130972). - bcache: use sysfs_strtoul_bool() to set bit-field variables (bsc#1130972). - block: Do not revalidate bdev of hidden gendisk (bsc#1120091). - block: check_events: do not bother with events if unsupported (bsc#1110946, bsc#1119843). - block: disk_events: introduce event flags (bsc#1110946, bsc#1119843). - block: do not leak memory in bio_copy_user_iov() (bsc#1135309). - block: fix the return errno for direct IO (bsc#1135320). - block: fix use-after-free on gendisk (bsc#1135312). - bluetooth: Align minimum encryption key size for LE and BR/EDR connections (bsc#1051510). - bluetooth: Check key sizes only when Secure Simple Pairing is enabled (bsc#1135556). - bluetooth: hidp: fix buffer overflow (bsc#1051510). - bnxt_en: Free short FW command HWRM memory in error path in bnxt_init_one() (bsc#1050242). - bnxt_en: Improve RX consumer index validity check (networking-stable-19_04_10). - bnxt_en: Improve multicast address setup logic (networking-stable-19_05_04). - bnxt_en: Reset device on RX buffer errors (networking-stable-19_04_10). - bonding: fix event handling for stacked bonds (networking-stable-19_04_19). - bpf, lru: avoid messing with eviction heuristics upon syscall lookup (bsc#1083647). - bpf: Add missed newline in verifier verbose log (bsc#1056787). - bpf: add map_lookup_elem_sys_only for lookups from syscall side (bsc#1083647). - brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() (bsc#1051510). - btrfs: Do not panic when we can't find a root key (bsc#1112063). - btrfs: Factor out common delayed refs init code (bsc#1134813). - btrfs: Introduce init_delayed_ref_head (bsc#1134813). - btrfs: Open-code add_delayed_data_ref (bsc#1134813). - btrfs: Open-code add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_data_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_head in add_delayed_ref_head (bsc#1134813). - btrfs: add a helper to return a head ref (bsc#1134813). - btrfs: breakout empty head cleanup to a helper (bsc#1134813). - btrfs: delayed-ref: Introduce better documented delayed ref structures (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: do not allow trimming when a fs is mounted with the nologreplay option (bsc#1135758). - btrfs: do not double unlock on error in btrfs_punch_hole (bsc#1136881). - btrfs: extent-tree: Fix a bug that btrfs is unable to add pinned bytes (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Open-code process_func in __btrfs_mod_ref (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor add_pinned_bytes() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_free_extent() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_inc_extent_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: fix fsync not persisting changed attributes of a directory (bsc#1137151). - btrfs: fix race between ranged fsync and writeback of adjacent ranges (bsc#1136477). - btrfs: fix race updating log root item during fsync (bsc#1137153). - btrfs: fix wrong ctime and mtime of a directory after log replay (bsc#1137152). - btrfs: improve performance on fsync of files with multiple hardlinks (bsc#1123454). - btrfs: move all ref head cleanup to the helper function (bsc#1134813). - btrfs: move extent_op cleanup to a helper (bsc#1134813). - btrfs: move ref_mod modification into the if (ref) logic (bsc#1134813). - btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer dereference (bsc#1134806). - btrfs: qgroup: Do not scan leaf if we're modifying reloc tree (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: qgroup: Move reserved data accounting from btrfs_delayed_ref_head to btrfs_qgroup_extent_record (bsc#1134162). - btrfs: qgroup: Remove duplicated trace points for qgroup_rsv_add/release (bsc#1134160). - btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON() (bsc#1133612). - btrfs: remove delayed_ref_node from ref_head (bsc#1134813). - btrfs: send, flush dellaloc in order to avoid data loss (bsc#1133320). - btrfs: split delayed ref head initialization and addition (bsc#1134813). - btrfs: track refs in a rb_tree instead of a list (bsc#1134813). - btrfs: tree-checker: detect file extent items with overlapping ranges (bsc#1136478). - ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134461). - ceph: fix ci->i_head_snapc leak (bsc#1122776). - ceph: fix use-after-free on symlink traversal (bsc#1134459). - ceph: only use d_name directly when parent is locked (bsc#1134460). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565). - clk: rockchip: Fix video codec clocks on rk3288 (bsc#1051510). - clk: rockchip: fix wrong clock definitions for rk3328 (bsc#1051510). - configfs: Fix use-after-free when accessing sd->s_dentry (bsc#1051510). - configfs: fix possible use-after-free in configfs_register_group (bsc#1051510). - crypto: arm/aes-neonbs - do not access already-freed walk.iv (bsc#1051510). - crypto: caam - fix caam_dump_sg that iterates through scatterlist (bsc#1051510). - crypto: ccm - fix incompatibility between 'ccm' and 'ccm_base' (bsc#1051510). - crypto: ccp - Do not free psp_master when PLATFORM_INIT fails (bsc#1051510). - crypto: chacha20poly1305 - set cra_name correctly (bsc#1051510). - crypto: crct10dif-generic - fix use via crypto_shash_digest() (bsc#1051510). - crypto: fips - Grammar s/options/option/, s/to/the/ (bsc#1051510). - crypto: gcm - fix incompatibility between 'gcm' and 'gcm_base' (bsc#1051510). - crypto: skcipher - do not WARN on unprocessed data after slow walk step (bsc#1051510). - crypto: sun4i-ss - Fix invalid calculation of hash end (bsc#1051510). - crypto: vmx - CTR: always increment IV as quadword (bsc#1051510). - crypto: vmx - fix copy-paste error in CTR mode (bsc#1051510). - crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661, bsc#1137162). - crypto: vmx - return correct error code on failed setkey (bsc#1135661, bsc#1137162). - crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest() (bsc#1051510). - dccp: Fix memleak in __feat_register_sp (bsc#1051510). - dccp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28). - debugfs: fix use-after-free on symlink traversal (bsc#1051510). - devres: Align data[] to ARCH_KMALLOC_MINALIGN (bsc#1051510). - dmaengine: axi-dmac: Do not check the number of frames for alignment (bsc#1051510). - dmaengine: tegra210-dma: free dma controller in remove() (bsc#1051510). - documentation: Add MDS vulnerability documentation (bsc#1135642). - drivers: acpi: add dependency of EFI for arm64 (bsc#1117158). - drm/bridge: adv7511: Fix low refresh rate selection (bsc#1051510). - drm/etnaviv: lock MMU while dumping core (bsc#1113722) - drm/fb-helper: dpms_legacy(): Only set on connectors in use (bsc#1051510). - drm/i915/fbc: disable framebuffer compression on GeminiLake (bsc#1051510). - drm/i915/gvt: Fix cmd length of VEB_DI_IECP (bsc#1113722) - drm/i915/gvt: Fix incorrect mask of mmio 0x22028 in gen8/9 mmio list (bnc#1113722) - drm/i915/gvt: Tiled Resources mmios are in-context mmios for gen9+ (bsc#1113722) - drm/i915/gvt: add 0x4dfc to gen9 save-restore list (bsc#1113722) - drm/i915/gvt: do not let TRTTE and 0x4dfc write passthrough to hardware (bsc#1051510). - drm/i915/gvt: refine ggtt range validation (bsc#1113722) - drm/i915: Disable LP3 watermarks on all SNB machines (bsc#1051510). - drm/i915: Downgrade Gen9 Plane WM latency error (bsc#1051510). - drm/i915: Fix I915_EXEC_RING_MASK (bsc#1051510). - drm/imx: do not skip DP channel disable for background plane (bsc#1051510). - drm/mediatek: fix possible object reference leak (bsc#1051510). - drm/meson: add size and alignment requirements for dumb buffers (bnc#1113722) - drm/nouveau/i2c: Disable i2c bus access after ->fini() (bsc#1113722) - drm/rockchip: fix for mailbox read validation (bsc#1051510). - drm/rockchip: shutdown drm subsystem on shutdown (bsc#1051510). - drm/sun4i: rgb: Change the pixel clock validation check (bnc#1113722) - drm/ttm: Remove warning about inconsistent mapping information (bnc#1131488) - drm/vmwgfx: Do not send drm sysfs hotplug events on initial master set (bsc#1051510). - drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() (bsc#1113722) - drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read (bsc#1051510). - dt-bindings: clock: r8a7795: Remove CSIREF clock (bsc#1120902). - dt-bindings: clock: r8a7796: Remove CSIREF clock (bsc#1120902). - dt-bindings: net: Add binding for the external clock for TI WiLink (bsc#1085535). - dt-bindings: net: Fix a typo in the phy-mode list for ethernet bindings (bsc#1129770). - dt-bindings: rtc: sun6i-rtc: Fix register range in example (bsc#1120902). - dwc2: gadget: Fix completed transfer size calculation in DDMA (bsc#1051510). - efi/arm: Defer persistent reservations until after paging_init() (bsc#1117158). - efi/arm: Do not mark acpi reclaim memory as MEMBLOCK_NOMAP (bsc#1117158 bsc#1115688 bsc#1120566). - efi/arm: Revert 'Defer persistent reservations until after paging_init()' (bsc#1117158). - efi/arm: Revert deferred unmap of early memmap mapping (bsc#1117158). - efi/arm: libstub: add a root memreserve config table (bsc#1117158). - efi/arm: map UEFI memory map even w/o runtime services enabled (bsc#1117158). - efi/arm: preserve early mapping of UEFI memory map longer for BGRT (bsc#1117158). - efi: Permit calling efi_mem_reserve_persistent() from atomic context (bsc#1117158). - efi: Permit multiple entries in persistent memreserve data structure (bsc#1117158). - efi: Prevent GICv3 WARN() by mapping the memreserve table before first use (bsc#1117158). - efi: Reduce the amount of memblock reservations for persistent allocations (bsc#1117158). - efi: add API to reserve memory persistently across kexec reboot (bsc#1117158). - efi: honour memory reservations passed via a linux specific config table (bsc#1117158). - ext4: Do not warn when enabling DAX (bsc#1132894). - ext4: actually request zeroing of inode table after grow (bsc#1135315). - ext4: avoid panic during forced reboot due to aborted journal (bsc#1126356). - ext4: fix data corruption caused by overlapping unaligned and aligned IO (bsc#1136428). - ext4: fix ext4_show_options for file systems w/o journal (bsc#1135316). - ext4: fix use-after-free race with debug_want_extra_isize (bsc#1135314). - ext4: make sanity check in mballoc more strict (bsc#1136439). - ext4: wait for outstanding dio during truncate in nojournal mode (bsc#1136438). - fbdev: fix WARNING in __alloc_pages_nodemask bug (bsc#1113722) - fbdev: fix divide error in fb_var_to_videomode (bsc#1113722) - firmware: efi: factor out mem_reserve (bsc#1117158 bsc#1134671). - fix rtnh_ok() (git-fixes). - fs/sync.c: sync_file_range(2) may use WB_SYNC_ALL writeback (bsc#1136432). - fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount (bsc#1136435). - ftrace/x86_64: Emulate call function while updating in breakpoint handler (bsc#1099658). - genetlink: Fix a memory leak on error path (networking-stable-19_03_28). - ghes, EDAC: Fix ghes_edac registration (bsc#1133176). - gpio: aspeed: fix a potential NULL pointer dereference (bsc#1051510). - gpu: ipu-v3: dp: fix CSC handling (bsc#1051510). - hid: debug: fix race condition with between rdesc_show() and device removal (bsc#1051510). - hid: input: add mapping for 'Toggle Display' key (bsc#1051510). - hid: input: add mapping for Assistant key (bsc#1051510). - hid: input: add mapping for Expose/Overview key (bsc#1051510). - hid: input: add mapping for keyboard Brightness Up/Down/Toggle keys (bsc#1051510). - hid: logitech: check the return value of create_singlethread_workqueue (bsc#1051510). - hwmon: (f71805f) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (pc87427) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (vt1211) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses (bsc#1051510). - ibmvnic: Add device identification to requested IRQs (bsc#1137739). - ibmvnic: Do not close unopened driver during reset (bsc#1137752). - ibmvnic: Fix unchecked return codes of memory allocations (bsc#1137752). - ibmvnic: Refresh device multicast list after reset (bsc#1137752). - ibmvnic: remove set but not used variable 'netdev' (bsc#1137739). - igmp: fix incorrect unsolicit report count when join group (git-fixes). - iio: adc: xilinx: fix potential use-after-free on remove (bsc#1051510). - indirect call wrappers: helpers to speed-up indirect calls of builtin (bsc#1124503). - inetpeer: fix uninit-value in inet_getpeer (git-fixes). - input: elan_i2c - add hardware ID for multiple Lenovo laptops (bsc#1051510). - input: introduce KEY_ASSISTANT (bsc#1051510). - input: synaptics-rmi4 - fix possible double free (bsc#1051510). - intel_th: msu: Fix single mode with IOMMU (bsc#1051510). - intel_th: pci: Add Comet Lake support (bsc#1051510). - iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel (bsc#1117158). - iommu/arm-smmu-v3: Do not disable SMMU in kdump kernel (bsc#1117158 bsc#1134671). - iommu/vt-d: Do not request page request irq under dmar_global_lock (bsc#1135006). - iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU (bsc#1135007). - iommu/vt-d: Set intel_iommu_gfx_mapped correctly (bsc#1135008). - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type (networking-stable-19_04_10). - ip6_tunnel: collect_md xmit: Use ip_tunnel_key's provided src address (git-fixes). - ip_gre: fix parsing gre header in ipgre_err (git-fixes). - ip_tunnel: Fix name string concatenate in __ip_tunnel_create() (git-fixes). - ipconfig: Correctly initialise ic_nameservers (bsc#1051510). - ipmi:ssif: compare block number correctly for multi-part return messages (bsc#1051510). - ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled (git-fixes). - ipv4: add sanity checks in ipv4_link_failure() (git-fixes). - ipv4: ensure rcu_read_lock() in ipv4_link_failure() (networking-stable-19_04_19). - ipv4: ip_do_fragment: Preserve skb_iif during fragmentation (networking-stable-19_05_04). - ipv4: recompile ip options in ipv4_link_failure (networking-stable-19_04_19). - ipv4: set the tcp_min_rtt_wlen range from 0 to one day (networking-stable-19_04_30). - ipv6/flowlabel: wait rcu grace period before put_pid() (git-fixes). - ipv6: fix cleanup ordering for ip6_mr failure (git-fixes). - ipv6: fix cleanup ordering for pingv6 registration (git-fixes). - ipv6: invert flowlabel sharing check in process and user mode (git-fixes). - ipv6: mcast: fix unsolicited report interval after receiving querys (git-fixes). - ipvlan: Add the skb->mark as flow4's member to lookup route (bsc#1051510). - ipvlan: fix ipv6 outbound device (bsc#1051510). - ipvlan: use ETH_MAX_MTU as max mtu (bsc#1051510). - ipvs: Fix signed integer overflow when setsockopt timeout (bsc#1051510). - ipvs: call ip_vs_dst_notifier earlier than ipv6_dev_notf (git-fixes). - ipvs: fix buffer overflow with sync daemon and service (git-fixes). - ipvs: fix check on xmit to non-local addresses (git-fixes). - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() (bsc#1051510). - ipvs: fix rtnl_lock lockups caused by start_sync_thread (git-fixes). - ipvs: fix stats update from local clients (git-fixes). - iw_cxgb4: only allow 1 flush on user qps (bsc#1051510). - jbd2: check superblock mapped prior to committing (bsc#1136430). - kABI workaround for removed usb_interface.pm_usage_cnt field (bsc#1051510). - kABI workaround for snd_seq_kernel_client_enqueue() API changes (bsc#1051510). - kABI: protect dma-mapping.h include (kabi). - kABI: protect functions using struct net_generic (bsc#1130409 LTC#176346). - kABI: protect ip_options_rcv_srr (kabi). - kABI: protect struct mlx5_td (kabi). - kABI: protect struct pci_dev (kabi). - kABI: protect struct smc_ib_device (bsc#1130409 LTC#176346). - kABI: protect struct smc_link (bsc#1129857 LTC#176247). - kABI: protect struct smcd_dev (bsc#1130409 LTC#176346). - kabi: drop LINUX_Mib_TCPWQUEUETOOBIG snmp counter (bsc#1137586). - kabi: implement map_lookup_elem_sys_only in another way (bsc#1083647). - kabi: move sysctl_tcp_min_snd_mss to preserve struct net layout (bsc#1137586). - kernel/signal.c: trace_signal_deliver when signal_group_exit (git-fixes). - kernel/sys.c: prctl: fix false positive in validate_prctl_map() (git-fixes). - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv (bsc#1051510). - kernel/sysctl.c: fix out-of-bounds access when setting file-max (bsc#1051510). - keys: safe concurrent user->{session,uid}_keyring access (bsc#1135642). - kmsg: Update message catalog to latest ibM level (2019/03/08) (bsc#1128904 LTC#176078). - kmsg: Update message catalog to latest ibM level (2019/03/08) (bsc#1128905 LTC#176077). - kvm: Fix UAF in nested posted interrupt processing (bsc#1134199). - kvm: VMX: Zero out *all* general purpose registers after VM-Exit (bsc#1134202). - kvm: nVMX: Clear reserved bits of #DB exit qualification (bsc#1134200). - kvm: nVMX: restore host state in nested_vmx_vmexit for VMFail (bsc#1134201). - kvm: s390: fix memory overwrites when not using SCA entries (bsc#1136206). - kvm: s390: provide io interrupt kvm_stat (bsc#1136206). - kvm: s390: use created_vcpus in more places (bsc#1136206). - kvm: s390: vsie: fix 8k check for the itdba (bsc#1136206). - kvm: x86: Always use 32-bit SMRAM save state for 32-bit kernels (bsc#1134203). - kvm: x86: Do not clear EFER during SMM transitions for 32-bit vCPU (bsc#1134204). - kvm: x86: svm: make sure NMI is injected after nmi_singlestep (bsc#1134205). - l2tp: cleanup l2tp_tunnel_delete calls (bsc#1051510). - l2tp: filter out non-PPP sessions in pppol2tp_tunnel_ioctl() (git-fixes). - l2tp: fix missing refcount drop in pppol2tp_tunnel_ioctl() (git-fixes). - l2tp: only accept PPP sessions in pppol2tp_connect() (git-fixes). - l2tp: prevent pppol2tp_connect() from creating kernel sockets (git-fixes). - l2tp: revert 'l2tp: fix missing print session offset info' (bsc#1051510). - leds: avoid races with workqueue (bsc#1051510). - leds: pwm: silently error out on EPROBE_DEFER (bsc#1051510). - lib: add crc64 calculation routines (bsc#1130972). - lib: do not depend on linux headers being installed (bsc#1130972). - libata: fix using DMA buffers on stack (bsc#1051510). - linux/kernel.h: Use parentheses around argument in u64_to_user_ptr() (bsc#1051510). - livepatch: Convert error about unsupported reliable stacktrace into a warning (bsc#1071995). - livepatch: Remove custom kobject state handling (bsc#1071995). - livepatch: Remove duplicated code for early initialization (bsc#1071995). - lpfc: validate command in lpfc_sli4_scmd_to_wqidx_distr() (bsc#1129138). - mISDN: Check address length before reading address family (bsc#1051510). - mac80211: fix memory accounting with A-MSDU aggregation (bsc#1051510). - mac80211: fix unaligned access in mesh table hash function (bsc#1051510). - mac8390: Fix mmio access size probe (bsc#1051510). - md: fix invalid stored role for a disk (bsc#1051510). - media: atmel: atmel-isc: fix INIT_WORK misplacement (bsc#1051510). - media: cx18: update *pos correctly in cx18_read_pos() (bsc#1051510). - media: cx23885: check allocation return (bsc#1051510). - media: davinci-isif: avoid uninitialized variable use (bsc#1051510). - media: davinci/vpbe: array underflow in vpbe_enum_outputs() (bsc#1051510). - media: ivtv: update *pos correctly in ivtv_read_pos() (bsc#1051510). - media: omap_vout: potential buffer overflow in vidioc_dqbuf() (bsc#1051510). - media: ov2659: fix unbalanced mutex_lock/unlock (bsc#1051510). - media: pvrusb2: Prevent a buffer overflow (bsc#1129770). - media: serial_ir: Fix use-after-free in serial_ir_init_module (bsc#1051510). - media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame (bsc#1051510). - media: vivid: use vfree() instead of kfree() for dev->bitmap_cap (bsc#1051510). - media: wl128x: Fix an error code in fm_download_firmware() (bsc#1051510). - media: wl128x: prevent two potential buffer overflows (bsc#1051510). - memcg: make it work on sparse non-0-node systems (bnc#1133616). - memcg: make it work on sparse non-0-node systems kabi (bnc#1133616). - mlxsw: spectrum: Fix autoneg status in ethtool (networking-stable-19_04_30). - mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned addresses (bsc#1135330). - mm: Fix buggy backport leading to MAP_SYNC failures (bsc#1137372) - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (bnc#1012382). - mmc: block: Delete gendisk before cleaning up the request queue (bsc#1127616). - mmc: core: fix possible use after free of host (bsc#1051510). - mount: copy the port field into the cloned nfs_server structure (bsc#1136990). - mtd: docg3: Fix passing zero to 'PTR_ERR' warning in doc_probe_device (bsc#1051510). - mtd: docg3: fix a possible memory leak of mtd->name (bsc#1051510). - mtd: nand: omap: Fix comment in platform data using wrong Kconfig symbol (bsc#1051510). - mtd: part: fix incorrect format specifier for an unsigned long long (bsc#1051510). - mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary on read/write (bsc#1129770). - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935). - mwifiex: Fix mem leak in mwifiex_tm_cmd (bsc#1051510). - mwifiex: Fix possible buffer overflows at parsing bss descriptor - mwifiex: prevent an array overflow (bsc#1051510). - mwl8k: Fix rate_idx underflow (bsc#1051510). - neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit (git-fixes). - net-gro: Fix GRO flush when receiving a GSO packet (networking-stable-19_04_10). - net/ibmvnic: Remove tests of member address (bsc#1137739). - net/ibmvnic: Update MAC address settings after adapter reset (bsc#1134760). - net/ibmvnic: Update carrier state after link state change (bsc#1135100). - net/ipv4: defensive cipso option parsing (git-fixes). - net/ipv6: do not reinitialize ndev->cnf.addr_gen_mode on new inet6_dev (git-fixes). - net/ipv6: fix addrconf_sysctl_addr_gen_mode (git-fixes). - net/ipv6: propagate net.ipv6.conf.all.addr_gen_mode to devices (git-fixes). - net/ipv6: reserve room for IFLA_INET6_ADDR_GEN_MODE (git-fixes). - net/mlx5: Decrease default mr cache size (networking-stable-19_04_10). - net/mlx5e: Add a lock on tir list (networking-stable-19_04_10). - net/mlx5e: Fix error handling when refreshing TIRs (networking-stable-19_04_10). - net/mlx5e: Fix trailing semicolon (bsc#1075020). - net/mlx5e: IPoib, Reset QP after channels are closed (bsc#1075020). - net/mlx5e: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_04_30). - net/rose: fix unbound loop in rose_loopback_timer() (networking-stable-19_04_30). - net/sched: act_sample: fix divide by zero in the traffic path (networking-stable-19_04_10). - net/sched: do not dereference a->goto_chain to read the chain index (bsc#1064802 bsc#1066129). - net/sched: fix ->get helper of the matchall cls (networking-stable-19_04_10). - net/smc: add pnet table namespace support (bsc#1130409 LTC#176346). - net/smc: add smcd support to the pnet table (bsc#1130409 LTC#176346). - net/smc: allow 16 byte pnetids in netlink policy (bsc#1129857 LTC#176247). - net/smc: allow pci IDs as ib device names in the pnet table (bsc#1130409 LTC#176346). - net/smc: allow pnetid-less configuration (bsc#1130409 LTC#176346). - net/smc: call smc_cdc_msg_send() under send_lock (bsc#1129857 LTC#176247). - net/smc: check connections in smc_lgr_free_work (bsc#1129857 LTC#176247). - net/smc: check for ip prefix and subnet (bsc#1134607 LTC#177518). - net/smc: check port_idx of ib event (bsc#1129857 LTC#176247). - net/smc: cleanup for smcr_tx_sndbuf_nonempty (bsc#1130409 LTC#176346). - net/smc: cleanup of get vlan id (bsc#1134607 LTC#177518). - net/smc: code cleanup smc_listen_work (bsc#1134607 LTC#177518). - net/smc: consolidate function parameters (bsc#1134607 LTC#177518). - net/smc: correct state change for peer closing (bsc#1129857 LTC#176247). - net/smc: delete rkey first before switching to unused (bsc#1129857 LTC#176247). - net/smc: do not wait for send buffer space when data was already sent (bsc#1129857 LTC#176247). - net/smc: do not wait under send_lock (bsc#1129857 LTC#176247). - net/smc: fallback to TCP after connect problems (bsc#1134607 LTC#177518). - net/smc: fix a NULL pointer dereference (bsc#1134607 LTC#177518). - net/smc: fix another sizeof to int comparison (bsc#1129857 LTC#176247). - net/smc: fix byte_order for rx_curs_confirmed (bsc#1129848 LTC#176249). - net/smc: fix return code from FLUSH command (bsc#1134607 LTC#177518). - net/smc: fix sender_free computation (bsc#1129857 LTC#176247). - net/smc: fix smc_poll in SMC_INIT state (bsc#1129848 LTC#176249). - net/smc: fix use of variable in cleared area (bsc#1129857 LTC#176247). - net/smc: improve smc_conn_create reason codes (bsc#1134607 LTC#177518). - net/smc: improve smc_listen_work reason codes (bsc#1134607 LTC#177518). - net/smc: move code to clear the conn->lgr field (bsc#1129857 LTC#176247). - net/smc: move unhash before release of clcsock (bsc#1134607 LTC#177518). - net/smc: move wake up of close waiter (bsc#1129857 LTC#176247). - net/smc: no delay for free tx buffer wait (bsc#1129857 LTC#176247). - net/smc: nonblocking connect rework (bsc#1134607 LTC#177518). - net/smc: postpone release of clcsock (bsc#1129857 LTC#176247). - net/smc: preallocated memory for rdma work requests (bsc#1129857 LTC#176247). - net/smc: prevent races between smc_lgr_terminate() and smc_conn_free() (bsc#1129857 LTC#176247). - net/smc: propagate file from SMC to TCP socket (bsc#1134607 LTC#177518). - net/smc: recvmsg and splice_read should return 0 after shutdown (bsc#1129857 LTC#176247). - net/smc: reduce amount of status updates to peer (bsc#1129857 LTC#176247). - net/smc: reset cursor update required flag (bsc#1129857 LTC#176247). - net/smc: rework pnet table (bsc#1130409 LTC#176346). - net/smc: unlock LGR pending lock earlier for SMC-D (bsc#1129857 LTC#176247). - net/smc: use client and server LGR pending locks for SMC-R (bsc#1129857 LTC#176247). - net/smc: use device link provided in qp_context (bsc#1129857 LTC#176247). - net/smc: use smc_curs_copy() for SMC-D (bsc#1129857 LTC#176247). - net/smc: wait for pending work before clcsock release_sock (bsc#1134607 LTC#177518). - net: Fix a bug in removing queues from XPS map (git-fixes). - net: aquantia: fix rx checksum offload for UDP/TCP over IPv6 (networking-stable-19_03_28). - net: atm: Fix potential Spectre v1 vulnerabilities (networking-stable-19_04_19). - net: avoid skb_warn_bad_offload on IS_ERR (git-fixes). - net: do not keep lonely packets forever in the gro hash (git-fixes). - net: dsa: bcm_sf2: fix buffer overflow doing set_rxnfc (networking-stable-19_05_04). - net: dsa: legacy: do not unmask port bitmaps (git-fixes). - net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT (git-fixes). - net: ena: fix return value of ena_com_config_llq_info() (bsc#1111696 bsc#1117561). - net: ethtool: not call vzalloc for zero sized memory request (networking-stable-19_04_10). - net: fix uninit-value in __hw_addr_add_ex() (git-fixes). - net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv (networking-stable-19_04_19). - net: hns3: remove resetting check in hclgevf_reset_task_schedule (bsc#1104353 bsc#1135056). - net: initialize skb->peeked when cloning (git-fixes). - net: make skb_partial_csum_set() more robust against overflows (git-fixes). - net: phy: marvell: Fix buffer overrun with stats counters (networking-stable-19_05_04). - net: rds: exchange of 8K and 1M pool (networking-stable-19_04_30). - net: rose: fix a possible stack overflow (networking-stable-19_03_28). - net: socket: fix potential spectre v1 gadget in socketcall (git-fixes). - net: stmmac: fix memory corruption with large MTUs (networking-stable-19_03_28). - net: stmmac: move stmmac_check_ether_addr() to driver probe (networking-stable-19_04_30). - net: test tailroom before appending to linear skb (git-fixes). - net: thunderx: do not allow jumbo frames with XDP (networking-stable-19_04_19). - net: thunderx: raise XDP MTU to 1508 (networking-stable-19_04_19). - net: unbreak CONFIG_RETPOLINE=n builds (bsc#1124503). - net: use indirect call wrappers at GRO network layer (bsc#1124503). - net: use indirect call wrappers at GRO transport layer (bsc#1124503). - netfilter: bridge: Do not sabotage nf_hook calls from an l3mdev (git-fixes). - netfilter: bridge: ebt_among: add missing match size checks (git-fixes). - netfilter: bridge: ebt_among: add more missing match size checks (git-fixes). - netfilter: drop template ct when conntrack is skipped (git-fixes). - netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule (git-fixes). - netfilter: ebtables: handle string from userspace with care (git-fixes). - netfilter: ebtables: reject non-bridge targets (git-fixes). - netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel (git-fixes). - netfilter: nf_log: do not hold nf_log_mutex during user access (git-fixes). - netfilter: nf_log: fix uninit read in nf_log_proc_dostring (git-fixes). - netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v{4,6} (git-fixes). - netfilter: nf_tables: can't fail after linking rule into active rule list (git-fixes). - netfilter: nf_tables: check msg_type before nft_trans_set(trans) (git-fixes). - netfilter: nf_tables: fix NULL pointer dereference on nft_ct_helper_obj_dump() (git-fixes). - netfilter: nf_tables: fix leaking object reference count (git-fixes). - netfilter: nf_tables: release chain in flushing set (git-fixes). - netfilter: nft_compat: do not dump private area (git-fixes). - netfilter: x_tables: initialise match/target check parameter struct (git-fixes). - netlink: fix uninit-value in netlink_sendmsg (git-fixes). - nfs add module option to limit nfsv4 minor version (jsc#PM-231). - nfs: Enable nfsv4.2 support - jsc@PM-231 This requires a module parameter for nfsv4.2 to actually be available on SLE12 and SLE15-SP0 - nfsv4.x: always serialize open/close operations (bsc#1114893). - nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands (bsc#1051510). - nvme-rdma: fix possible free of a non-allocated async event buffer (bsc#1120423). - nvme: Do not remove namespaces during reset (bsc#1131673). - nvme: flush scan_work when resetting controller (bsc#1131673). - objtool: Fix function fallthrough detection (bsc#1058115). - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget (bsc#1136434). - ocfs2: turn on OCFS2_FS_STATS setting(bsc#1134393) We need to turn on OCFS2_FS_STATS kernel configuration setting, to fix bsc#1134393. - of: fix clang -Wunsequenced for be32_to_cpu() (bsc#1135642). - omapfb: add missing of_node_put after of_device_is_available (bsc#1051510). - openvswitch: add seqadj extension when NAT is used (bsc#1051510). - openvswitch: fix flow actions reallocation (bsc#1051510). - p54: drop device reference count if fails to enable device (bsc#1135642). - packet: fix reserve calculation (git-fixes). - packet: in packet_snd start writing at link layer allocation (git-fixes). - packet: refine ring v3 block size test to hold one frame (git-fixes). - packet: reset network header if packet shorter than ll reserved space (git-fixes). - packet: validate msg_namelen in send directly (git-fixes). - packets: Always register packet sk in the same order (networking-stable-19_03_28). - pci: Factor out pcie_retrain_link() function (git-fixes). - pci: Mark AMD Stoney Radeon R7 GPU ATS as broken (bsc#1051510). - pci: Mark Atheros AR9462 to avoid bus reset (bsc#1051510). - pci: Work around Pericom pcie-to-pci bridge Retrain Link erratum (git-fixes). - pci: endpoint: Use EPC's device in dma_alloc_coherent()/dma_free_coherent() (git-fixes). - phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode (bsc#1051510). - platform/x86: alienware-wmi: printing the wrong error code (bsc#1051510). - platform/x86: dell-rbtn: Add missing #include (bsc#1051510). - platform/x86: intel_pmc_ipc: adding error handling (bsc#1051510). - platform/x86: intel_punit_ipc: Revert 'Fix resource ioremap warning' (bsc#1051510). - platform/x86: pmc_atom: Add Lex 3I380D industrial PC to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Add several Beckhoff Automation boards to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Drop __initconst on dmi table (bsc#1051510). - platform/x86: sony-laptop: Fix unintentional fall-through (bsc#1051510). - power: supply: axp20x_usb_power: Fix typo in VBUS current limit macros (bsc#1051510). - power: supply: axp288_charger: Fix unchecked return value (bsc#1051510). - powerpc/eeh: Fix race with driver un/bind (bsc#1065729). - powerpc/msi: Fix NULL pointer access in teardown code (bsc#1065729). - powerpc/perf: Fix MMCRA corruption by bhrb_filter (bsc#1053043). - powerpc/powernv/idle: Restore IAMR after idle (bsc#1065729). - powerpc/process: Fix sparse address space warnings (bsc#1065729). - powerpc: Always initialize input array when calling epapr_hypercall() (bsc#1065729). - powerpc: Fix HMIs on big-endian with CONFIG_RELOCATABLE=y (bsc#1065729). - proc/kcore: do not bounds check against address 0 (bsc#1051510). - proc/sysctl: fix return error for proc_doulongvec_minmax() (bsc#1051510). - proc: revalidate kernel thread inodes to root:root (bsc#1051510). - ptrace: take into account saved_sigmask in PTRACE{GET,SET}SIGMASK (git-fixes). - pwm: Fix deadlock warning when removing PWM device (bsc#1051510). - pwm: meson: Consider 128 a valid pre-divider (bsc#1051510). - pwm: meson: Do not disable PWM when setting duty repeatedly (bsc#1051510). - pwm: meson: Use the spin-lock only to protect register modifications (bsc#1051510). - pwm: tiehrpwm: Update shadow register for disabling PWMs (bsc#1051510). - qla2xxx: allow irqbalance control in non-MQ mode (bsc#1128979). - qla2xxx: always allocate qla_tgt_wq (bsc#1131451). - qmi_wwan: add Olicard 600 (bsc#1051510). - rdma/hns: Fix bug that caused srq creation to fail (bsc#1104427 ). - rdma/rxe: Consider skb reserve space based on netdev of GID (bsc#1082387, bsc#1103992). - regulator: tps65086: Fix tps65086_ldoa1_ranges for selector 0xB (bsc#1051510). - rt2x00: do not increment sequence number while re-transmitting (bsc#1051510). - rtc: da9063: set uie_unsupported when relevant (bsc#1051510). - rtc: sh: Fix invalid alarm warning for non-enabled alarm (bsc#1051510). - rtlwifi: rtl8723ae: Fix missing break in switch statement (bsc#1051510). - rxrpc: Fix error reception on AF_INET6 sockets (git-fixes). - rxrpc: Fix transport sockopts to get IPv4 errors on an IPv6 socket (git-fixes). - s390/ism: ignore some errors during deregistration (bsc#1129857 LTC#176247). - s390/qdio: clear intparm during shutdown (bsc#1134597 LTC#177516). - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() (bsc#1051510). - sc16is7xx: move label 'err_spi' to correct section (bsc#1051510). - sc16is7xx: put err_spi and err_i2c into correct #ifdef (bsc#1051510). - scripts: override locale from environment when running recordmcount.pl (bsc#1134354). - scsi: qedf: fixup bit operations (bsc#1135542). - scsi: qedf: fixup locking in qedf_restart_rport() (bsc#1135542). - scsi: qedf: missing kref_put in qedf_xmit() (bsc#1135542). - scsi: qla2xxx: Declare local functions 'static' (bsc#1137444). - scsi: qla2xxx: Fix function argument descriptions (bsc#1118139). - scsi: qla2xxx: Fix memory corruption during hba reset test (bsc#1118139). - scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show (bsc#1132044). - scsi: qla2xxx: Improve several kernel-doc headers (bsc#1137444). - scsi: qla2xxx: Introduce a switch/case statement in qlt_xmit_tm_rsp() (bsc#1137444). - scsi: qla2xxx: Make qla2x00_sysfs_write_nvram() easier to analyze (bsc#1137444). - scsi: qla2xxx: Make sure that qlafx00_ioctl_iosb_entry() initializes 'res' (bsc#1137444). - scsi: qla2xxx: NULL check before some freeing functions is not needed (bsc#1137444). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1137444). - scsi: qla2xxx: Remove two arguments from qlafx00_error_entry() (bsc#1137444). - scsi: qla2xxx: Remove unused symbols (bsc#1118139). - scsi: qla2xxx: Split the __qla2x00_abort_all_cmds() function (bsc#1137444). - scsi: qla2xxx: Use %p for printing pointers (bsc#1118139). - scsi: qla2xxx: fix error message on qla2400 (bsc#1118139). - scsi: qla2xxx: fix spelling mistake: 'existant' -> 'existent' (bsc#1118139). - scsi: qla2xxx: fully convert to the generic DMA API (bsc#1137444). - scsi: qla2xxx: fx00 copypaste typo (bsc#1118139). - scsi: qla2xxx: remove the unused tcm_qla2xxx_cmd_wq (bsc#1118139). - scsi: qla2xxx: use lower_32_bits and upper_32_bits instead of reinventing them (bsc#1137444). - sctp: avoid running the sctp state machine recursively (networking-stable-19_05_04). - sctp: fix identification of new acks for SFR-CACC (git-fixes). - sctp: get sctphdr by offset in sctp_compute_cksum (networking-stable-19_03_28). - sctp: initialize _pad of sockaddr_in before copying to user memory (networking-stable-19_04_10). - sctp: only update outstanding_bytes for transmitted queue when doing prsctp_prune (git-fixes). - sctp: set frag_point in sctp_setsockopt_maxseg correctly` (git-fixes). - selinux: use kernel linux/socket.h for genheaders and mdp (bsc#1134810). - serial: 8250_pxa: honor the port number from devicetree (bsc#1051510). - serial: ar933x_uart: Fix build failure with disabled console (bsc#1051510). - serial: uartps: console_setup() can't be placed to init section (bsc#1051510). - signal: Always notice exiting tasks (git-fixes). - signal: Better detection of synchronous signals (git-fixes). - signal: Restore the stop PTRACE_EVENT_EXIT (git-fixes). - smc: move unhash as early as possible in smc_release() (bsc#1129857 LTC#176247). - soc/fsl/qe: Fix an error code in qe_pin_request() (bsc#1051510). - soc/tegra: pmc: Drop locking from tegra_powergate_is_powered() (bsc#1051510). - spi: Micrel eth switch: declare missing of table (bsc#1051510). - spi: ST ST95HF NFC: declare missing of table (bsc#1051510). - spi: a3700: Clear DATA_OUT when performing a read (bsc#1051510). - spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios (bsc#1051510). - spi: bcm2835aux: setup gpio-cs to output and correct level during setup (bsc#1051510). - spi: bcm2835aux: warn in dmesg that native cs is not really supported (bsc#1051510). - spi: rspi: Fix sequencer reset during initialization (bsc#1051510). - ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit (bsc#1051510). - staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc (bsc#1051510). - stm class: Fix an endless loop in channel allocation (bsc#1051510). - stm class: Fix channel free in stm output free path (bsc#1051510). - stm class: Prevent division by zero (bsc#1051510). - stmmac: pci: Adjust IOT2000 matching (networking-stable-19_04_30). - supported.conf: Add openvswitch to kernel-default-base (bsc#1124839). - supported.conf: Add openvswitch to kernel-default-base (bsc#1124839). - switchtec: Fix unintended mask of MRPC event (git-fixes). - tcp: Ensure DCTCP reacts to losses (networking-stable-19_04_10). - tcp: add tcp_min_snd_mss sysctl (bsc#1137586). - tcp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28). - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586). - tcp: limit payload size of sacked skbs (bsc#1137586). - tcp: purge write queue in tcp_connect_init() (git-fixes). - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586). - tcp: tcp_grow_window() needs to respect tcp_space() (networking-stable-19_04_19). - team: fix possible recursive locking when add slaves (networking-stable-19_04_30). - team: set slave to promisc if team is already in promisc mode (bsc#1051510). - thermal/int340x_thermal: Add additional UUIDs (bsc#1051510). - thermal/int340x_thermal: fix mode setting (bsc#1051510). - thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power (bsc#1051510). - thunderx: eliminate extra calls to put_page() for pages held for recycling (networking-stable-19_03_28). - thunderx: enable page recycling for non-XDP case (networking-stable-19_03_28). - tipc: fix hanging clients using poll with EPOLLOUT flag (git-fixes). - tipc: missing entries in name table of publications (networking-stable-19_04_19). - tools lib traceevent: Fix missing equality check for strcmp (bsc#1129770). - tracing: Fix partial reading of trace event's id file (bsc#1136573). - treewide: Use DEVICE_ATTR_WO (bsc#1137739). - tty: increase the default flip buffer limit to 2*640K (bsc#1051510). - tty: pty: Fix race condition between release_one_tty and pty_write (bsc#1051510). - tty: serial_core, add ->install (bnc#1129693). - tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if blankinterval == 0 (bsc#1051510). - tun: add a missing rcu_read_unlock() in error path (networking-stable-19_03_28). - tun: properly test for IFF_UP (networking-stable-19_03_28). - uas: fix alignment of scatter/gather segments (bsc#1129770). - udp: use indirect call wrappers for GRO socket lookup (bsc#1124503). - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour (bsc#1135323). - usb-storage: Set virt_boundary_mask to avoid SG overflows (bsc#1051510). - usb: cdc-acm: fix unthrottle races (bsc#1051510). - usb: core: Fix bug caused by duplicate interface PM usage counter (bsc#1051510). - usb: core: Fix unterminated string returned by usb_string() (bsc#1051510). - usb: dwc3: Fix default lpm_nyet_threshold value (bsc#1051510). - usb: gadget: net2272: Fix net2272_dequeue() (bsc#1051510). - usb: gadget: net2280: Fix net2280_dequeue() (bsc#1051510). - usb: gadget: net2280: Fix overrun of OUT messages (bsc#1051510). - usb: serial: f81232: fix interrupt worker not stop (bsc#1051510). - usb: serial: fix unthrottle races (bsc#1051510). - usb: u132-hcd: fix resource leak (bsc#1051510). - usb: usb251xb: fix to avoid potential NULL pointer dereference (bsc#1051510). - usb: usbip: fix isoc packet num validation in get_pipe (bsc#1051510). - usb: w1 ds2490: Fix bug caused by improper use of altsetting array (bsc#1051510). - usb: yurex: Fix protection fault after device removal (bsc#1051510). - userfaultfd: use RCU to free the task struct when fork fails (git-fixes). - vfio/mdev: Avoid release parent reference during error path (bsc#1051510). - vfio/mdev: Fix aborting mdev child device removal if one fails (bsc#1051510). - vfio/pci: use correct format characters (bsc#1051510). - vfio_pci: Enable memory accesses before calling pci_map_rom (bsc#1051510). - vhost/vsock: fix reset orphans race with close timeout (bsc#1051510). - vhost: reject zero size iova range (networking-stable-19_04_19). - virtio-blk: limit number of hw queues by nr_cpu_ids (bsc#1051510). - virtio: Honour 'may_reduce_num' in vring_create_virtqueue (bsc#1051510). - virtio_pci: fix a NULL pointer reference in vp_del_vqs (bsc#1051510). - vrf: check accept_source_route on the original netdevice (networking-stable-19_04_10). - vsock/virtio: Initialize core virtio vsock before registering the driver (bsc#1051510). - vsock/virtio: fix kernel panic after device hot-unplug (bsc#1051510). - vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock (bsc#1051510). - vsock/virtio: reset connected sockets on device removal (bsc#1051510). - vt: always call notifier with the console lock held (bsc#1051510). - vxlan: Do not call gro_cells_destroy() before device is unregistered (networking-stable-19_03_28). - x86/speculation/mds: Fix documentation typo (bsc#1135642). - x86_64: Add gap to int3 to allow for call emulation (bsc#1099658). - x86_64: Allow breakpoints to emulate call instructions (bsc#1099658). - xenbus: drop useless LIST_HEAD in xenbus_write_watch() and xenbus_file_write() (bsc#1065600). - xfrm6: avoid potential infinite loop in _decode_session6() (git-fixes). - xfrm6: call kfree_skb when skb is toobig (git-fixes). - xfrm: Fix stack-out-of-bounds read on socket policy lookup (git-fixes). - xfrm: Return error on unknown encap_type in init_state (git-fixes). - xfrm: Validate address prefix lengths in the xfrm selector (git-fixes). - xfrm: fix 'passing zero to ERR_PTR()' warning (git-fixes). - xfrm: fix missing dst_release() after policy blocking lbcast and multicast (git-fixes). - xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) (git-fixes). - xfrm: reset crypto_done when iterating over multiple input xfrms (git-fixes). - xfrm: reset transport header back to network header after all input transforms ahave been applied (git-fixes). - xfrm_user: prevent leaking 2 bytes of kernel memory (git-fixes). - xfs: add log item pinning error injection tag (bsc#1114427). - xfs: buffer lru reference count error injection tag (bsc#1114427). - xfs: check _btree_check_block value (bsc#1123663). - xfs: convert drop_writes to use the errortag mechanism (bsc#1114427). - xfs: create block pointer check functions (bsc#1123663). - xfs: create inode pointer verifiers (bsc#1114427). - xfs: detect and fix bad summary counts at mount (bsc#1114427). - xfs: export _inobt_btrec_to_irec and _ialloc_cluster_alignment for scrub (bsc#1114427). - xfs: export various function for the online scrubber (bsc#1123663). - xfs: expose errortag knobs via sysfs (bsc#1114427). - xfs: fix unused variable warning in xfs_buf_set_ref() (bsc#1114427). - xfs: force summary counter recalc at next mount (bsc#1114427). - xfs: kill meaningless variable 'zero' (bsc#1106011). - xfs: make errortag a per-mountpoint structure (bsc#1123663). - xfs: move error injection tags into their own file (bsc#1114427). - xfs: prepare xfs_break_layouts() for another layout type (bsc#1106011). - xfs: prepare xfs_break_layouts() to be called with XFS_MMAPLOCK_EXCL (bsc#1106011). - xfs: refactor btree block header checking functions (bsc#1123663). - xfs: refactor btree pointer checks (bsc#1123663). - xfs: refactor unmount record write (bsc#1114427). - xfs: remove unneeded parameter from XFS_TEST_ERROR (bsc#1123663). - xfs: remove xfs_zero_range (bsc#1106011). - xfs: rename MAXPATHLEN to XFS_SYMLINK_MAXLEN (bsc#1123663). - xfs: replace log_badcrc_factor knob with error injection tag (bsc#1114427). - xfs: sanity-check the unused space before trying to use it (bsc#1123663). - xfs: serialize unaligned dio writes against all other dio writes (bsc#1134936). Important SUSE bug 1012382 SUSE bug 1050242 SUSE bug 1051510 SUSE bug 1053043 SUSE bug 1056787 SUSE bug 1058115 SUSE bug 1063638 SUSE bug 1064802 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1066129 SUSE bug 1068546 SUSE bug 1071995 SUSE bug 1075020 SUSE bug 1082387 SUSE bug 1083647 SUSE bug 1085535 SUSE bug 1099658 SUSE bug 1103992 SUSE bug 1104353 SUSE bug 1104427 SUSE bug 1106011 SUSE bug 1106284 SUSE bug 1108838 SUSE bug 1110946 SUSE bug 1111696 SUSE bug 1112063 SUSE bug 1113722 SUSE bug 1114427 SUSE bug 1114893 SUSE bug 1115688 SUSE bug 1117158 SUSE bug 1117561 SUSE bug 1118139 SUSE bug 1119843 SUSE bug 1120091 SUSE bug 1120423 SUSE bug 1120566 SUSE bug 1120843 SUSE bug 1120902 SUSE bug 1122776 SUSE bug 1123454 SUSE bug 1123663 SUSE bug 1124503 SUSE bug 1124839 SUSE bug 1126356 SUSE bug 1127616 SUSE bug 1128052 SUSE bug 1128904 SUSE bug 1128905 SUSE bug 1128979 SUSE bug 1129138 SUSE bug 1129497 SUSE bug 1129693 SUSE bug 1129770 SUSE bug 1129848 SUSE bug 1129857 SUSE bug 1130409 SUSE bug 1130699 SUSE bug 1130972 SUSE bug 1131451 SUSE bug 1131488 SUSE bug 1131565 SUSE bug 1131673 SUSE bug 1132044 SUSE bug 1132894 SUSE bug 1133176 SUSE bug 1133188 SUSE bug 1133190 SUSE bug 1133320 SUSE bug 1133612 SUSE bug 1133616 SUSE bug 1134160 SUSE bug 1134162 SUSE bug 1134199 SUSE bug 1134200 SUSE bug 1134201 SUSE bug 1134202 SUSE bug 1134203 SUSE bug 1134204 SUSE bug 1134205 SUSE bug 1134354 SUSE bug 1134393 SUSE bug 1134459 SUSE bug 1134460 SUSE bug 1134461 SUSE bug 1134537 SUSE bug 1134591 SUSE bug 1134597 SUSE bug 1134607 SUSE bug 1134651 SUSE bug 1134671 SUSE bug 1134760 SUSE bug 1134806 SUSE bug 1134810 SUSE bug 1134813 SUSE bug 1134848 SUSE bug 1134936 SUSE bug 1135006 SUSE bug 1135007 SUSE bug 1135008 SUSE bug 1135056 SUSE bug 1135100 SUSE bug 1135120 SUSE bug 1135278 SUSE bug 1135281 SUSE bug 1135309 SUSE bug 1135312 SUSE bug 1135314 SUSE bug 1135315 SUSE bug 1135316 SUSE bug 1135320 SUSE bug 1135323 SUSE bug 1135330 SUSE bug 1135492 SUSE bug 1135542 SUSE bug 1135556 SUSE bug 1135603 SUSE bug 1135642 SUSE bug 1135661 SUSE bug 1135758 SUSE bug 1136206 SUSE bug 1136424 SUSE bug 1136428 SUSE bug 1136430 SUSE bug 1136432 SUSE bug 1136434 SUSE bug 1136435 SUSE bug 1136438 SUSE bug 1136439 SUSE bug 1136477 SUSE bug 1136478 SUSE bug 1136573 SUSE bug 1136586 SUSE bug 1136881 SUSE bug 1136935 SUSE bug 1136990 SUSE bug 1137151 SUSE bug 1137152 SUSE bug 1137153 SUSE bug 1137162 SUSE bug 1137372 SUSE bug 1137444 SUSE bug 1137586 SUSE bug 1137739 SUSE bug 1137752 CVE-2018-7191 CVE-2019-10124 CVE-2019-11085 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11486 CVE-2019-11487 CVE-2019-11815 CVE-2019-11833 CVE-2019-11884 CVE-2019-12382 CVE-2019-3846 CVE-2019-5489 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for doxygen fixes the following issues: - CVE-2016-10245: XSS was possible via insufficient sanitization of the query parameter in templates/html/search_opensearch.php (bsc#1136364) Moderate SUSE bug 1136364 CVE-2016-10245 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). - CVE-2019-10166: Fixed an issue with virDomainManagedSaveDefineXML which could have been used to alter the domain's config used for managedsave or execute arbitrary emulator binaries (bsc#1138302). - CVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303). Important SUSE bug 1138301 SUSE bug 1138302 SUSE bug 1138303 CVE-2019-10161 CVE-2019-10166 CVE-2019-10167 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for gstreamer-plugins-base fixes the following issue: Security issue fixed: - CVE-2019-9928: Fixed a heap-based overflow in the rtsp connection parser (bsc#1133375). Important SUSE bug 1133375 CVE-2019-9928 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2019-8457: Fixed a Heap out-of-bound read in rtreenode() when handling invalid rtree tables (bsc#1136976). Important SUSE bug 1136976 CVE-2019-8457 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for gstreamer-0_10-plugins-base fixes the following issues: Security issue fixed: - CVE-2019-9928: Fixed a heap-based overflow in the rtsp connection parser (bsc#1133375). Important SUSE bug 1133375 CVE-2019-9928 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libssh2_org fixes the following issues: - Fix the previous fix for CVE-2019-3860 (bsc#1136570, bsc#1128481) (Out-of-bounds reads with specially crafted SFTP packets) Moderate SUSE bug 1128481 SUSE bug 1136570 CVE-2019-3860 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for compat-openssl098 fixes the following issues: - CVE-2019-1559: Fix 0-byte record padding oracle via SSL_shutdown (bsc#1127080) - Reject invalid EC point coordinates (bsc#1131291) - Fixed 'The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS Implementations' (bsc#1117951) Moderate SUSE bug 1117951 SUSE bug 1127080 SUSE bug 1131291 CVE-2019-1559 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for wireshark to version 2.4.15 fixes the following issues: Security issue fixed: - Fixed a denial of service in the dissection engine (bsc#1136021). Moderate SUSE bug 1136021 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for netpbm fixes the following issues: Security issues fixed: - CVE-2018-8975: The pm_mallocarray2 function allowed remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file (bsc#1086777). - CVE-2017-2579: Fixed out-of-bounds read in expandCodeOntoStack() (bsc#1024288). - CVE-2017-2580: Fixed out-of-bounds write of heap data in addPixelToRaster() function (bsc#1024291). - create netpbm-vulnerable subpackage and move pstopnm there (bsc#1136936) Moderate SUSE bug 1024288 SUSE bug 1024291 SUSE bug 1086777 SUSE bug 1136936 CVE-2017-2579 CVE-2017-2580 CVE-2018-8975 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for MozillaFirefox fixes the following issues: - Mozilla Firefox Firefox 60.7.2 MFSA 2019-19 (bsc#1138872) - CVE-2019-11708: Fix sandbox escape using Prompt:Open. * Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes could result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. Important SUSE bug 1138872 CVE-2019-11708 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-11597: Fixed a heap-based buffer over-read in the WriteTIFFImage() (bsc#1138464). - Fixed a file content disclosure via SVG and WMF decoding (bsc#1138425).- CVE-2019-11472: Fixed a denial of service in ReadXWDImage() (bsc#1133204). - CVE-2019-11470: Fixed a denial of service in ReadCINImage() (bsc#1133205). - CVE-2019-11506: Fixed a heap-based buffer overflow in the WriteMATLABImage() (bsc#1133498). - CVE-2019-11505: Fixed a heap-based buffer overflow in the WritePDBImage() (bsc#1133501). - CVE-2019-10131: Fixed a off-by-one read in formatIPTCfromBuffer function in coders/meta.c (bsc#1134075). - CVE-2017-12806: Fixed a denial of service through memory exhaustion in format8BIM() (bsc#1135232). - CVE-2017-12805: Fixed a denial of service through memory exhaustion in ReadTIFFImage() (bsc#1135236). - CVE-2019-11598: Fixed a heap-based buffer over-read in WritePNMImage() (bsc#1136732) We also now disable PCL in the -SUSE configuration, as it also uses ghostscript for decoding (bsc#1136183) Moderate SUSE bug 1133204 SUSE bug 1133205 SUSE bug 1133498 SUSE bug 1133501 SUSE bug 1134075 SUSE bug 1135232 SUSE bug 1135236 SUSE bug 1136183 SUSE bug 1136732 SUSE bug 1138425 SUSE bug 1138464 CVE-2017-12805 CVE-2017-12806 CVE-2019-10131 CVE-2019-11470 CVE-2019-11472 CVE-2019-11505 CVE-2019-11506 CVE-2019-11597 CVE-2019-11598 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for glibc fixes the following issues: Security issue fixed: - CVE-2015-5180: Fixed a NULL pointer dereference with internal QTYPE (bsc#941234). Feature work: - IBM zSeries arch13 hardware support in glibc added (fate#327072, bsc#1132678) Other issue addressed: - Fixed a concurrency issue with ldconfig (bsc#1117993). Moderate SUSE bug 1117993 SUSE bug 1132678 SUSE bug 941234 CVE-2015-5180 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for dnsmasq fixes the following issues: Security issue fixed: - CVE-2017-15107: Fixed a vulnerability in DNSSEC implementation. Processing of wildcard synthesized NSEC records may result improper validation for non-existance. (bsc#1076958) Non-security issue fixed: - Reload system dbus to pick up policy change on install (bsc#1054429). Moderate SUSE bug 1054429 SUSE bug 1076958 CVE-2017-15107 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for glib2 provides the following fix: Security issues fixed: - CVE-2019-12450: Fixed an improper file permission when copy operation takes place (bsc#1137001). - CVE-2018-16428: Avoid a null pointer dereference that could crash glib2 users in markup processing (bnc#1107121). - CVE-2018-16429: Fixed out-of-bounds read vulnerability ing_markup_parse_context_parse() (bsc#1107116). Non-security issues fixed: - Install dummy *-mimeapps.list files to prevent dead symlinks. (bsc#1061599) Important SUSE bug 1061599 SUSE bug 1107116 SUSE bug 1107121 SUSE bug 1137001 CVE-2018-16428 CVE-2018-16429 CVE-2019-12450 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for elfutils fixes the following issues: Security issues fixed: - CVE-2018-16403: Fixed a heap-based buffer over-read that could have led to Denial of Service (bsc#1107067). - CVE-2016-10254: Fixed a memory allocation failure in alloxate_elf (bsc#1030472). - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007). - CVE-2016-10255: Fixed a memory allocation failure in libelf_set_rawdata_wrlock (bsc#1030476). - CVE-2019-7150: Added a missing check in dwfl_segment_report_module which could have allowed truncated files to be read (bsc#1123685). - CVE-2018-16062: Fixed a heap-buffer-overflow (bsc#1106390). - CVE-2017-7611: Fixed a heap-based buffer over-read that could have led to Denial of Service (bsc#1033088). - CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file (bsc#1033090). - CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084). - CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085). - CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087). - CVE-2018-18521: Fixed multiple divide-by-zero vulnerabilities in function arlib_add_symbols() (bsc#1112723). - CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089). - CVE-2018-18310: Fixed an invalid address read in dwfl_segment_report_module.c (bsc#1111973). - CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726). Low SUSE bug 1030472 SUSE bug 1030476 SUSE bug 1033084 SUSE bug 1033085 SUSE bug 1033087 SUSE bug 1033088 SUSE bug 1033089 SUSE bug 1033090 SUSE bug 1106390 SUSE bug 1107067 SUSE bug 1111973 SUSE bug 1112723 SUSE bug 1112726 SUSE bug 1123685 SUSE bug 1125007 CVE-2016-10254 CVE-2016-10255 CVE-2017-7607 CVE-2017-7608 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7150 CVE-2019-7665 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libu2f-host and pam_u2f to version 1.0.8 fixes the following issues: Security issues fixed for libu2f-host: - CVE-2019-9578: Fixed a memory leak due to a wrong parse of init's response (bsc#1128140). - CVE-2018-20340: Fixed an unchecked buffer, which could allow a buffer overflow with a custom made malicious USB device (bsc#1124781). Security issues fixed for pam_u2f: - CVE-2019-12209: Fixed an issue where symlinks in the user's directory were followed (bsc#1135729). - CVE-2019-12210: Fixed file descriptor leaks (bsc#1135727). Moderate SUSE bug 1124781 SUSE bug 1128140 SUSE bug 1135727 SUSE bug 1135729 CVE-2018-20340 CVE-2019-12209 CVE-2019-12210 CVE-2019-9578 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for postgresql10 to version 10.9 fixes the following issue: Security issue fixed: - CVE-2019-10164: Fixed buffer-overflow vulnerabilities in SCRAM verifier parsing (bsc#1138034). More information at https://www.postgresql.org/docs/10/release-10-9.html Important SUSE bug 1138034 CVE-2019-10164 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for zeromq fixes the following issues: - CVE-2019-13132: An unauthenticated remote attacker could have exploited a stack overflow vulnerability on a server that is supposed to be protected by encryption and authentication to potentially gain a remote code execution. (bsc#1140255) Important SUSE bug 1140255 CVE-2019-13132 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for avahi fixes the following issues: Security issue fixed: - CVE-2018-1000845: Fixed DNS amplification and reflection to spoofed addresses (DOS) (bsc#1120281) Moderate SUSE bug 1120281 CVE-2018-1000845 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for kernel-firmware aligns the firmware code with SUSE Linux Enterprise Server 15. The version is now at 20190618. Please refer to the kernel-firmware rpm changelog file to see the full history of changes. Moderate SUSE bug 1091203 SUSE bug 1104289 SUSE bug 1110720 SUSE bug 1122456 SUSE bug 1128292 SUSE bug 1132303 SUSE bug 1136334 SUSE bug 1136498 SUSE bug 1139383 CVE-2019-9836 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-13012: Fixed improper restriction of file permissions when creating directories (bsc#1139959). Non-security issue fixed: - Added explicit requires between libglib2 and libgio2 (bsc#1140122). Important SUSE bug 1139959 SUSE bug 1140122 CVE-2019-13012 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for expat fixes the following issues: Security issue fixed: - CVE-2018-20843: Fixed a denial of service triggered by high resource consumption in the XML parser when XML names contain a large amount of colons (bsc#1139937). Moderate SUSE bug 1139937 CVE-2018-20843 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for xrdp fixes the following issues: These security issues were fixed: - CVE-2013-1430: When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd was created. Its content was the equivalent of the user's cleartext password, DES encrypted with a known key (bsc#1015567). - CVE-2017-16927: The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp through used an untrusted integer as a write length, which could lead to a local denial of service (bsc#1069591). - CVE-2017-6967: Fixed call of the PAM function auth_start_session(). This lead to to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass (bsc#1029912). These non-security issues were fixed: - The KillDisconnected option for TigerVNC Xvnc sessions is now supported (bsc#1101506) - Fixed an issue with delayed X KeyRelease events (bsc#1100453) - Force xrdp-sesman.service to start after xrdp.service. (bsc#1014524) - Avoid use of hard-coded sesman port. (bsc#1060644) - Fixed a regression connecting from Windows 10. (bsc#1090174) Important SUSE bug 1014524 SUSE bug 1015567 SUSE bug 1029912 SUSE bug 1060644 SUSE bug 1069591 SUSE bug 1090174 SUSE bug 1100453 SUSE bug 1101506 CVE-2013-1430 CVE-2017-16927 CVE-2017-6967 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for podofo fixes the following issues: Security issues fixed: - CVE-2017-8054: Fixed a vulnerability in PdfPagesTree::GetPageNodeFromArray function which could allow remote attackers to cause Denial of Service (bsc#1035596). - CVE-2018-5783: Fixed an uncontrolled memory allocation in PdfVecObjects::Reserve function (bsc#1076962). - CVE-2018-11255: Fixed a null pointer dereference in PdfPage::GetPageNumber() function which could lead to Denial of Service (bsc#1096890). - CVE-2018-20751: Fixed a null pointer dereference in crop_page function (bsc#1124357). - CVE-2018-12982: Fixed an invalid memory read in PdfVariant::DelayedLoad() function which could allow remote attackers to cause Denial of Service (bsc#1099720). - Fixed a buffer overflow in TestEncrypt function. - Fixed a null pointer dereference in PdfTranslator-setTarget function. - Fixed a heap based buffer overflow PdfVariant:DelayedLoad function. Moderate SUSE bug 1035596 SUSE bug 1076962 SUSE bug 1096890 SUSE bug 1099720 SUSE bug 1124357 CVE-2017-8054 CVE-2018-11255 CVE-2018-12982 CVE-2018-20751 CVE-2018-5783 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for webkit2gtk3 to version 2.24.2 fixes the following issues: Security issues fixed: - CVE-2019-6237, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8615, CVE-2019-8611, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623 (bsc#1135715). Important SUSE bug 1133291 SUSE bug 1135715 CVE-2019-6237 CVE-2019-8571 CVE-2019-8583 CVE-2019-8584 CVE-2019-8586 CVE-2019-8587 CVE-2019-8594 CVE-2019-8595 CVE-2019-8596 CVE-2019-8597 CVE-2019-8601 CVE-2019-8607 CVE-2019-8608 CVE-2019-8609 CVE-2019-8610 CVE-2019-8611 CVE-2019-8615 CVE-2019-8619 CVE-2019-8622 CVE-2019-8623 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-10638: A device could have been tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. (bnc#1140575) - CVE-2019-10639: Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image was exposed. This attack could have been carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic was trivial if the server answered ICMP Echo requests (ping). For client targets, if the target visited the attacker's web page, then WebRTC or gQUIC could be used to force UDP traffic to attacker-controlled IP addresses. (bnc#1140577) - CVE-2018-20836: A race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, could have lead to a use-after-free. (bnc#1134395) - CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (bnc#1133738) - CVE-2019-12614: An unchecked kstrdup might have allowed an attacker to cause denial of service (a NULL pointer dereference and system crash). (bnc#1137194) - CVE-2019-12819: The function __mdiobus_register() in drivers/net/phy/mdio_bus.c called put_device() which would trigger a fixed_mdio_bus_init use-after-free. This would cause a denial of service. (bnc#1138291) - CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may have returned NULL. If the caller did not check for this, it would trigger a NULL pointer dereference. This would cause denial of service. (bnc#1138293) The following non-security bugs were fixed: - 6lowpan: Off by one handling ->nexthdr (bsc#1051510). - acpi / property: fix handling of data_nodes in acpi_get_next_subnode() (bsc#1051510). - acpi: Add Hygon Dhyana support - af_key: unconditionally clone on broadcast (bsc#1051510). - alsa: firewire-lib/fireworks: fix miss detection of received MIDI messages (bsc#1051510). - alsa: firewire-motu: fix destruction of data for isochronous resources (bsc#1051510). - alsa: hda - Force polling mode on CNL for fixing codec communication (bsc#1051510). - alsa: hda/realtek - Change front mic location for Lenovo M710q (bsc#1051510). - alsa: hda/realtek - Set default power save node to 0 (bsc#1051510). - alsa: hda/realtek - Update headset mode for ALC256 (bsc#1051510). - alsa: hda/realtek: Add quirks for several Clevo notebook barebones (bsc#1051510). - alsa: line6: Fix write on zero-sized buffer (bsc#1051510). - alsa: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510). - alsa: seq: fix incorrect order of dest_client/dest_ports arguments (bsc#1051510). - alsa: usb-audio: fix sign unintended sign extension on left shifts (bsc#1051510). - apparmor: enforce nullbyte at end of tag string (bsc#1051510). - asoc: cs42xx8: Add regcache mask dirty (bsc#1051510). - asoc: eukrea-tlv320: fix a leaked reference by adding missing of_node_put (bsc#1051510). - asoc: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510). - asoc: fsl_sai: Update is_slave_mode with correct value (bsc#1051510). - asoc: fsl_utils: fix a leaked reference by adding missing of_node_put (bsc#1051510). - asoc: hdmi-codec: unlock the device on startup errors (bsc#1051510). - audit: fix a memory leak bug (bsc#1051510). - ax25: fix inconsistent lock state in ax25_destroy_timer (bsc#1051510). - batman-adv: allow updating DAT entry timeouts on incoming ARP Replies (bsc#1051510). - blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432). - blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637). - block: Fix a NULL pointer dereference in generic_make_request() (bsc#1139771). - bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328). - bluetooth: Replace the bluetooth fix with the upstream commit (bsc#1135556) - brcmfmac: convert dev_init_lock mutex to completion (bsc#1051510). - brcmfmac: fix Oops when bringing up interface during USB disconnect (bsc#1051510). - brcmfmac: fix WARNING during USB disconnect in case of unempty psq (bsc#1051510). - brcmfmac: fix missing checks for kmemdup (bsc#1051510). - brcmfmac: fix race during disconnect when USB completion is in progress (bsc#1051510). - can: af_can: Fix error path of can_init() (bsc#1051510). - can: flexcan: fix timeout when set small bitrate (bsc#1051510). - can: purge socket error queue on sock destruct (bsc#1051510). - ceph: flush dirty inodes before proceeding with remount (bsc#1140405). - cfg80211: fix memory leak of wiphy device name (bsc#1051510). - chardev: add additional check for minor range overlap (bsc#1051510). - clk: rockchip: Turn on 'aclk_dmac1' for suspend on rk3288 (bsc#1051510). - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider (bsc#1051510). - coresight: etb10: Fix handling of perf mode (bsc#1051510). - coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510). - cpu/topology: Export die_id (jsc#SLE-5454). - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ (). - cpufreq: Add Hygon Dhyana support (). - crypto: algapi - guard against uninitialized spawn list in crypto_remove_spawns (bsc#1133401). - crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510). - crypto: user - prevent operating on larval algorithms (bsc#1133401). - device core: Consolidate locking and unlocking of parent and device (bsc#1106383). - dm, dax: Fix detection of DAX support (bsc#1139782). - dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510). - doc: Cope with the deprecation of AutoReporter (bsc#1051510). - docs: Fix conf.py for Sphinx 2.0 (bsc#1135642). - documentation: Correct the possible MDS sysfs values (bsc#1135642). - drbd: Avoid Clang warning about pointless switch statment (bsc#1051510). - drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bsc#1051510). - drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510). - drbd: skip spurious timeout (ping-timeo) when failing promote (bsc#1051510). - driver core: Establish order of operations for device_add and device_del via bitflag (bsc#1106383). - driver core: Probe devices asynchronously instead of the driver (bsc#1106383). - drivers/base: Introduce kill_device() (bsc#1139865). - drivers/base: kABI fixes for struct device_private (bsc#1106383). - drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' (bsc#1051510). - drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() (bsc#1051510). - drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var (bsc#1051510). - drivers: thermal: tsens: Do not print error message on -EPROBE_DEFER (bsc#1051510). - drm/amdgpu: fix old fence check in amdgpu_fence_emit (bsc#1051510). - drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510). - drm/drv: Hold ref on parent device during drm_device lifetime (bsc#1051510). - drm/gma500/cdv: Check vbt config bits when detecting lvds panels (bsc#1051510). - drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510). - drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510). - drm/i915/sdvo: Implement proper HDMI audio support for SDVO (bsc#1051510). - drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration (bsc#1051510). - drm/radeon: prefer lower reference dividers (bsc#1051510). - drm: Wake up next in drm_read() chain if we are forced to putback the event (bsc#1051510). - edac, amd64: Add Hygon Dhyana support (). - edac/mc: Fix edac_mc_find() in case no device is found (bsc#1114279). - extcon: arizona: Disable mic detect if running when driver is removed (bsc#1051510). - ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995). - fuse: fallocate: fix return with locked inode (bsc#1051510). - fuse: fix writepages on 32bit (bsc#1051510). - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate (bsc#1051510). - genirq: Prevent use-after-free and work list corruption (bsc#1051510). - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bsc#1051510). - genwqe: Prevent an integer overflow in the ioctl (bsc#1051510). - gpio: Remove obsolete comment about gpiochip_free_hogs() usage (bsc#1051510). - gpio: fix gpio-adp5588 build errors (bsc#1051510). - hid: Wacom: switch Dell canvas into highres mode (bsc#1051510). - hid: input: fix a4tech horizontal wheel custom usage (bsc#1137429). - hid: logitech-hidpp: change low battery level threshold from 31 to 30 percent (bsc#1051510). - hid: logitech-hidpp: use RAP instead of FAP to get the protocol version (bsc#1051510). - hid: wacom: Add ability to provide explicit battery status info (bsc#1051510). - hid: wacom: Add support for 3rd generation Intuos BT (bsc#1051510). - hid: wacom: Add support for Pro Pen slim (bsc#1051510). - hid: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth (bsc#1051510). - hid: wacom: Do not report anything prior to the tool entering range (bsc#1051510). - hid: wacom: Do not set tool type until we're in range (bsc#1051510). - hid: wacom: Mark expected switch fall-through (bsc#1051510). - hid: wacom: Move HID fix for AES serial number into wacom_hid_usage_quirk (bsc#1051510). - hid: wacom: Move handling of HID quirks into a dedicated function (bsc#1051510). - hid: wacom: Properly handle AES serial number and tool type (bsc#1051510). - hid: wacom: Queue events with missing type/serial data for later processing (bsc#1051510). - hid: wacom: Remove comparison of u8 mode with zero and simplify (bsc#1051510). - hid: wacom: Replace touch_max fixup code with static touch_max definitions (bsc#1051510). - hid: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact (bsc#1051510). - hid: wacom: Support 'in range' for Intuos/Bamboo tablets where possible (bsc#1051510). - hid: wacom: Sync INTUOSP2_BT touch state after each frame if necessary (bsc#1051510). - hid: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 (bsc#1051510). - hid: wacom: convert Wacom custom usages to standard HID usages (bsc#1051510). - hid: wacom: fix mistake in printk (bsc#1051510). - hid: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0 (bsc#1051510). - hid: wacom: generic: Leave tool in prox until it completely leaves sense (bsc#1051510). - hid: wacom: generic: Refactor generic battery handling (bsc#1051510). - hid: wacom: generic: Report AES battery information (bsc#1051510). - hid: wacom: generic: Reset events back to zero when pen leaves (bsc#1051510). - hid: wacom: generic: Scale battery capacity measurements to percentages (bsc#1051510). - hid: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set (bsc#1051510). - hid: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range (bsc#1051510). - hid: wacom: generic: Support multiple tools per report (bsc#1051510). - hid: wacom: generic: Use generic codepath terminology in wacom_wac_pen_report (bsc#1051510). - hid: wacom: generic: add the 'Report Valid' usage (bsc#1051510). - hid: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510). - hwmon/coretemp: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - hwmon/coretemp: Support multi-die/package (jsc#SLE-5454). - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (). - hwmon: (core) add thermal sensors only if dev->of_node is present (bsc#1051510). - hwmon: (k10temp) 27C Offset needed for Threadripper2 (). - hwmon: (k10temp) Add Hygon Dhyana support (). - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics (). - hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs (). - hwmon: (k10temp) Add support for family 17h (). - hwmon: (k10temp) Add support for temperature offsets (). - hwmon: (k10temp) Add temperature offset for Ryzen 1900X (). - hwmon: (k10temp) Add temperature offset for Ryzen 2700X (). - hwmon: (k10temp) Correct model name for Ryzen 1600X (). - hwmon: (k10temp) Display both Tctl and Tdie (). - hwmon: (k10temp) Fix reading critical temperature register (). - hwmon: (k10temp) Make function get_raw_temp static (). - hwmon: (k10temp) Move chip specific code into probe function (). - hwmon: (k10temp) Only apply temperature offset if result is positive (). - hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh processors (). - hwmon: (k10temp) Use API function to access System Management Network (). - hwmon: (pmbus/core) Treat parameters as paged if on multiple pages (bsc#1051510). - hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify offset table (). - hwrng: omap - Set default quality (bsc#1051510). - i2c-piix4: Add Hygon Dhyana SMBus support (). - i2c: acorn: fix i2c warning (bsc#1135642). - i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr (bsc#1051510). - i2c: i801: Add support for Intel Comet Lake (jsc#SLE-5331). - ibmveth: Update ethtool settings to reflect virtual properties (bsc#1136157, LTC#177197). - iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion (bsc#1051510). - iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data (bsc#1051510). - iio: hmc5843: fix potential NULL pointer dereferences (bsc#1051510). - input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510). - input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD (bsc#1051510). - iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb() (bsc#1051510). - iwlwifi: pcie: do not crash on invalid RX interrupt (bsc#1051510). - kABI workaround for the new pci_dev.skip_bus_pm field addition (bsc#1051510). - kabi: x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - kabi: x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - kernel-binary: Use -c grep option in klp project detection. - kernel-binary: fix missing \ - kernel-binary: rpm does not support multiline condition - kernel-subpackage-spec: Add dummy package to ensure subpackages are rebuilt with kernel update (bsc#1106751). In factory packages are not rebuilt automatically so a dependency is needed on the old kernel to get a rebuild with the new kernel. THe subpackage itself cannot depend on the kernel so add another empty pacakge that does depend on it. - kmps: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137). - kmps: provide and conflict a kernel version specific KMP name (bsc#1127155, bsc#1109137). - kvm: PPC: Book3S HV: Avoid lockdep debugging in TCE realmode handlers (bsc#1061840). - kvm: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough interrupts (bsc#1061840). - kvm: PPC: Book3S: Protect memslots while validating user address (bsc#1061840). - kvm: PPC: Release all hardware TCE tables attached to a group (bsc#1061840). - kvm: PPC: Remove redundand permission bits removal (bsc#1061840). - kvm: PPC: Validate TCEs against preregistered memory page sizes (bsc#1061840). - kvm: PPC: Validate all tces before updating tables (bsc#1061840). - kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID (bsc#1114279). - kvm: x86: Include multiple indices with CPUID leaf 0x8000001d (bsc#1114279). - leds: avoid flush_work in atomic context (bsc#1051510). - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk (bsc#1051510). - libnvdimm, pfn: Fix over-trim in trim_pfn_device() (bsc#1140719). - libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865). - mISDN: make sure device name is NUL terminated (bsc#1051510). - mac80211/cfg80211: update bss channel on channel switch (bsc#1051510). - mac80211: Do not use stack memory with scatterlist for GMAC (bsc#1051510). - mac80211: Fix kernel panic due to use of txq after free (bsc#1051510). - mac80211: drop robust management frames from unknown TA (bsc#1051510). - mac80211: handle deauthentication/disassociation from TDLS peer (bsc#1051510). - media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() (bsc#1051510). - media: au0828: stop video streaming only when last user stops (bsc#1051510). - media: coda: clear error return value before picture run (bsc#1051510). - media: cpia2: Fix use-after-free in cpia2_exit (bsc#1051510). - media: go7007: avoid clang frame overflow warning with KASAN (bsc#1051510). - media: m88ds3103: serialize reset messages in m88ds3103_set_frontend (bsc#1051510). - media: ov2659: make S_FMT succeed even if requested format does not match (bsc#1051510). - media: saa7146: avoid high stack usage with clang (bsc#1051510). - media: smsusb: better handle optional alignment (bsc#1051510). - media: usb: siano: Fix false-positive 'uninitialized variable' warning (bsc#1051510). - media: usb: siano: Fix general protection fault in smsusb (bsc#1051510). - media: v4l2-ioctl: clear fields in s_parm (bsc#1051510). - mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L (bsc#1051510). - mfd: intel-lpss: Set the device in reset state when init (bsc#1051510). - mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values (bsc#1051510). - mfd: tps65912-spi: Add missing of table registration (bsc#1051510). - mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510). - mm: pagechage-limit: Calculate pagecache-limit based on node state (bsc#1136811) - mmc: core: Prevent processing SDIO IRQs when the card is suspended (bsc#1051510). - mmc: core: Verify SD bus width (bsc#1051510). - mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers (bsc#1051510). - mmc: mmci: Prevent polling for busy detection in IRQ context (bsc#1051510). - mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum A-009204 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC5 support (bsc#1051510). - mmc_spi: add a status check for spi_sync_locked (bsc#1051510). - module: Fix livepatch/ftrace module text permissions race (bsc#1071995). - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633). - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633). - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633). - nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814). - nfit/ars: Avoid stale ARS results (jsc#SLE-5433). - nfit/ars: Introduce scrub_flags (jsc#SLE-5433). - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642). - nvme-rdma: fix double freeing of async event data (bsc#1120423). - nvme-rdma: fix possible double free of controller async event buffer (bsc#1120423). - nvme: copy MTFA field from identify controller (bsc#1140715). - nvme: skip nvme_update_disk_info() if the controller is not live (bsc#1128432). - nvmem: Do not let a NULL cell_id for nvmem_cell_get() crash us (bsc#1051510). - nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510). - nvmem: core: fix read buffer in place (bsc#1051510). - nvmem: correct Broadcom OTP controller driver writes (bsc#1051510). - nvmem: imx-ocotp: Add i.MX7D timing write clock setup support (bsc#1051510). - nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510). - nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510). - nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function (bsc#1051510). - nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510). - nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510). - nvmem: imx-ocotp: Update module description (bsc#1051510). - nvmem: properly handle returned value nvmem_reg_read (bsc#1051510). - ocfs2: try to reuse extent block in dealloc without meta_alloc (bsc#1128902). - parport: Fix mem leak in parport_register_dev_model (bsc#1051510). - pci: PM: Avoid possible suspend-to-idle issue (bsc#1051510). - pci: PM: Skip devices in D0 for suspend-to-idle (bsc#1051510). - pci: rpadlpar: Fix leaked device_node references in add/remove paths (bsc#1051510). - perf tools: Add Hygon Dhyana support (). - perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/rapl: Cosmetic rename internal variables in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454). - platform/chrome: cros_ec_proto: check for NULL transfer function (bsc#1051510). - platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration (bsc#1051510). - pm/core: Propagate dev->power.wakeup_path when no callbacks (bsc#1051510). - power: supply: max14656: fix potential use-before-alloc (bsc#1051510). - power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510). - powercap/intel_rapl: Simplify rapl_find_package() (jsc#SLE-5454). - powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454). - powercap/intel_rapl: Update RAPL domain name and debug messages (jsc#SLE-5454). - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374, LTC#178199). - powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list (bsc#1137728, LTC#178106). - powerpc/perf: Add POWER9 alternate PM_RUN_CYC and PM_RUN_INST_CMPL events (bsc#1137728, LTC#178106). - powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199). - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199). - powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375, LTC#178204). - powerpc/rtas: retry when cpu offline races with suspend/migration (bsc#1140428, LTC#178808). - ppp: mppe: Add softdep to arc4 (bsc#1088047). - qlcnic: Avoid potential NULL pointer dereference (bsc#1051510). - qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510). - qmi_wwan: add network device usage statistics for qmimux devices (bsc#1051510). - qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510). - qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode (bsc#1051510). - qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510). - rapidio: fix a NULL pointer dereference when create_workqueue() fails (bsc#1051510). - ras/cec: Convert the timer callback to a workqueue (bsc#1114279). - ras/cec: Fix binary search function (bsc#1114279). - rpm/dtb.spec.in.in: Fix new include path Commit 89de3db69113d58cdab14d2c777de6080eac49dc ('rpm/dtb.spec.in.in: Update include path for dt-bindings') introduced an additional include path for 4.12. The commit message had it correct, but the spec file template lacked a path component, breaking the aarch64 build while succeeding on armv7hl. Fix that. - rpm/dtb.spec.in.in: Update include path for dt-bindings Kernels before 4.12 had arch/{arm,arm64}/boot/dts/include/ directories with a symlink to include/dt-bindings/. In 4.12 those include/ directories were dropped. Therefore use include/ directly. Additionally some cross-architecture .dtsi reuse was introduced, which requires scripts/dtc/include-prefixes/ that didn't exist on older kernels. - rpm/kernel-binary.spec.in: Add back kernel-binary-base subpackage (jsc#SLE-3853). - rpm/kernel-binary.spec.in: Build livepatch support in SUSE release projects (bsc#1124167). - rpm/kernel-subpackage-build: handle arm kernel zImage. - rpm/kernel-subpackage-spec: only provide firmware actually present in subpackage. - rpm/package-descriptions: fix typo in kernel-azure - rpm/post.sh: correct typo in err msg (bsc#1137625) - rpm: Add arm64 dtb-allwinner subpackage 4.10 added arch/arm64/boot/dts/allwinner/. - rpm: Add arm64 dtb-zte subpackage 4.9 added arch/arm64/boot/dts/zte/. - rtc: 88pm860x: prevent use-after-free on device remove (bsc#1051510). - rtc: do not reference bogus function pointer in kdoc (bsc#1051510). - rtlwifi: fix a potential NULL pointer dereference (bsc#1051510). - s390: fix booting problem (bsc#1140948). - s390/dasd: fix using offset into zero size array error (bsc#1051510). - s390/jump_label: Use 'jdd' constraint on gcc9 (bsc#1138589). - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event (bsc#1051510). - s390/qeth: fix race when initializing the IP address table (bsc#1051510). - s390/setup: fix early warning messages (bsc#1051510). - s390/virtio: handle find on invalid queue gracefully (bsc#1051510). - sbitmap: fix improper use of smp_mb__before_atomic() (bsc#1140658). - sched/topology: Improve load balancing on AMD EPYC (bsc#1137366). - scripts/git_sort/git_sort.py: add djbw/nvdimm nvdimm-pending. - scripts/git_sort/git_sort.py: add nvdimm/libnvdimm-fixes - scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390). - scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555). - scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555). - scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() (bsc#1140727). - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bsc#1140728). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296). - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove (bsc#1051510). - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bsc#1051510). - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bsc#1051510). - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) (bsc#1051510). - serial: sh-sci: disable DMA for uart_console (bsc#1051510). - smb3: Fix endian warning (bsc#1137884). - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher (bsc#1051510). - soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510). - spi : spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510). - spi: Fix zero length xfer bug (bsc#1051510). - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master (bsc#1051510). - spi: pxa2xx: Add support for Intel Comet Lake (jsc#SLE-5331). - spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510). - spi: spi-fsl-spi: call spi_finalize_current_message() at the end (bsc#1051510). - spi: tegra114: reset controller on probe (bsc#1051510). - staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest (bsc#1051510). - staging: vc04_services: prevent integer overflow in create_pagelist() (bsc#1051510). - staging: wlan-ng: fix adapter initialization failure (bsc#1051510). - svm: Add warning message for AVIC IPI invalid target (bsc#1140133). - svm: Fix AVIC incomplete IPI emulation (bsc#1140133). - sysctl: handle overflow in proc_get_long (bsc#1051510). - test_firmware: Use correct snprintf() limit (bsc#1135642). - thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - thermal/x86_pkg_temp_thermal: Support multi-die/package (jsc#SLE-5454). - thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510). - thunderbolt: Fix to check for kmemdup failure (bsc#1051510). - tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510). - tmpfs: fix uninitialized return value in shmem_link (bsc#1051510). - tools/cpupower: Add Hygon Dhyana support (). - topology: Create core_cpus and die_cpus sysfs attributes (jsc#SLE-5454). - topology: Create package_cpus sysfs attribute (jsc#SLE-5454). - tracing/snapshot: Resize spare buffer if size changed (bsc#1140726). - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler (bsc#1051510). - tty: ipwireless: fix missing checks for ioremap (bsc#1051510). - tty: max310x: Fix external crystal register setup (bsc#1051510). - tty: serial: msm_serial: Fix XON/XOFF (bsc#1051510). - usb: Add LPM quirk for Surface Dock GigE adapter (bsc#1051510). - usb: Fix chipmunk-like voice when using Logitech C270 for recording audio (bsc#1051510). - usb: Fix slab-out-of-bounds write in usb_get_bos_descriptor (bsc#1051510). - usb: chipidea: udc: workaround for endpoint conflict issue (bsc#1135642). - usb: core: Add PM runtime calls to usb_hcd_platform_shutdown (bsc#1051510). - usb: core: Do not unbind interfaces following device reset failure (bsc#1051510). - usb: dwc2: Fix DMA cache alignment issues (bsc#1051510). - usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression) (bsc#1135642). - usb: rio500: fix memory leak in close after disconnect (bsc#1051510). - usb: rio500: refuse more than one device at a time (bsc#1051510). - usb: serial: fix initial-termios handling (bsc#1135642). - usb: serial: option: add Telit 0x1260 and 0x1261 compositions (bsc#1051510). - usb: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode (bsc#1051510). - usb: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510). - usb: serial: pl2303: fix tranceiver suspend mode (bsc#1135642). - usb: sisusbvga: fix oops in error path of sisusb_probe (bsc#1051510). - usb: usb-storage: Add new ID to ums-realtek (bsc#1051510). - usb: xhci: avoid null pointer deref when bos field is NULL (bsc#1135642). - usbip: usbip_host: fix BUG: sleeping function called from invalid context (bsc#1051510). - usbip: usbip_host: fix stub_dev lock context imbalance regression (bsc#1051510). - usbnet: fix kernel crash after disconnect (bsc#1051510). - usbnet: ipheth: fix racing condition (bsc#1051510). - vfio: ccw: only free cp on final interrupt (bsc#1051510). - video: hgafb: fix potential NULL pointer dereference (bsc#1051510). - video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510). - virtio_console: initialize vtermno value for ports (bsc#1051510). - vlan: disable SIOCSHWTSTAMP in container (bsc#1051510). - vxlan: trivial indenting fix (bsc#1051510). - vxlan: use __be32 type for the param vni in __vxlan_fdb_delete (bsc#1051510). - w1: fix the resume command API (bsc#1051510). - watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510). - x86/CPU/AMD: Do not force the CPB cap when running under a hypervisor (bsc#1114279). - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors (). - x86/alternative: Init ideal_nops for Hygon Dhyana (). - x86/amd_nb: Add support for Raven Ridge CPUs (). - x86/amd_nb: Check vendor in AMD-only functions (). - x86/apic: Add Hygon Dhyana support (). - x86/bugs: Add Hygon Dhyana to the respective mitigation machinery (). - x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number (). - x86/cpu: Create Hygon Dhyana architecture support file (). - x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana (). - x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382). - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (jsc#SLE-5382). This changes definitions of some bits, but they are intended to be used only by the core, so hopefully, no KMP uses the definitions. - x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions (jsc#SLE-5382). - x86/events: Add Hygon Dhyana support to PMU infrastructure (). - x86/kvm: Add Hygon Dhyana support to KVM (). - x86/mce: Add Hygon Dhyana support to the MCA infrastructure (). - x86/mce: Do not disable MCA banks when offlining a CPU on AMD (). - x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279). - x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback (bsc#1114279). - x86/microcode: Fix microcode hotplug state (bsc#1114279). - x86/microcode: Fix the ancient deprecated microcode loading method (bsc#1114279). - x86/mm/mem_encrypt: Disable all instrumentation for early SME setup (bsc#1114279). - x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and northbridge (). - x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana (). - x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454). - x86/speculation/mds: Revert CPU buffer clear on double fault exit (bsc#1114279). - x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - x86/topology: Create topology_max_die_per_package() (jsc#SLE-5454). - x86/topology: Define topology_die_id() (jsc#SLE-5454). - x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - x86/xen: Add Hygon Dhyana support to Xen (). - xen/pciback: Do not disable PCI_COMMAND on PCI device reset (bsc#1065600). - xfs: do not clear imap_valid for a non-uptodate buffers (bsc#1138018). - xfs: do not look at buffer heads in xfs_add_to_ioend (bsc#1138013). - xfs: do not set the page uptodate in xfs_writepage_map (bsc#1138003). - xfs: do not use XFS_BMAPI_ENTRIRE in xfs_get_blocks (bsc#1137999). - xfs: do not use XFS_BMAPI_IGSTATE in xfs_map_blocks (bsc#1138005). - xfs: eof trim writeback mapping as soon as it is cached (bsc#1138019). - xfs: fix s_maxbytes overflow problems (bsc#1137996). - xfs: make xfs_writepage_map extent map centric (bsc#1138009). - xfs: minor cleanup for xfs_get_blocks (bsc#1138000). - xfs: move all writeback buffer_head manipulation into xfs_map_at_offset (bsc#1138014). - xfs: refactor the tail of xfs_writepage_map (bsc#1138016). - xfs: remove XFS_IO_INVALID (bsc#1138017). - xfs: remove the imap_valid flag (bsc#1138012). - xfs: remove unused parameter from xfs_writepage_map (bsc#1137995). - xfs: remove xfs_map_cow (bsc#1138007). - xfs: remove xfs_reflink_find_cow_mapping (bsc#1138010). - xfs: remove xfs_reflink_trim_irec_to_next_cow (bsc#1138006). - xfs: remove xfs_start_page_writeback (bsc#1138015). - xfs: rename the offset variable in xfs_writepage_map (bsc#1138008). - xfs: simplify xfs_map_blocks by using xfs_iext_lookup_extent directly (bsc#1138011). - xfs: skip CoW writes past EOF when writeback races with truncate (bsc#1137998). - xfs: xfs_reflink_convert_cow() memory allocation deadlock (bsc#1138002). - xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic() (bsc#1051510). - xhci: Use %zu for printing size_t type (bsc#1051510). - xhci: update bounce buffer with correct sg num (bsc#1051510). Important SUSE bug 1051510 SUSE bug 1061840 SUSE bug 1065600 SUSE bug 1071995 SUSE bug 1088047 SUSE bug 1094555 SUSE bug 1098633 SUSE bug 1106383 SUSE bug 1106751 SUSE bug 1109137 SUSE bug 1114279 SUSE bug 1119532 SUSE bug 1120423 SUSE bug 1124167 SUSE bug 1127155 SUSE bug 1128432 SUSE bug 1128902 SUSE bug 1128910 SUSE bug 1132154 SUSE bug 1132390 SUSE bug 1133401 SUSE bug 1133738 SUSE bug 1134303 SUSE bug 1134395 SUSE bug 1135296 SUSE bug 1135556 SUSE bug 1135642 SUSE bug 1136157 SUSE bug 1136811 SUSE bug 1136922 SUSE bug 1137103 SUSE bug 1137194 SUSE bug 1137221 SUSE bug 1137366 SUSE bug 1137429 SUSE bug 1137625 SUSE bug 1137728 SUSE bug 1137884 SUSE bug 1137995 SUSE bug 1137996 SUSE bug 1137998 SUSE bug 1137999 SUSE bug 1138000 SUSE bug 1138002 SUSE bug 1138003 SUSE bug 1138005 SUSE bug 1138006 SUSE bug 1138007 SUSE bug 1138008 SUSE bug 1138009 SUSE bug 1138010 SUSE bug 1138011 SUSE bug 1138012 SUSE bug 1138013 SUSE bug 1138014 SUSE bug 1138015 SUSE bug 1138016 SUSE bug 1138017 SUSE bug 1138018 SUSE bug 1138019 SUSE bug 1138291 SUSE bug 1138293 SUSE bug 1138374 SUSE bug 1138375 SUSE bug 1138589 SUSE bug 1138719 SUSE bug 1139751 SUSE bug 1139771 SUSE bug 1139782 SUSE bug 1139865 SUSE bug 1140133 SUSE bug 1140328 SUSE bug 1140405 SUSE bug 1140424 SUSE bug 1140428 SUSE bug 1140575 SUSE bug 1140577 SUSE bug 1140637 SUSE bug 1140658 SUSE bug 1140715 SUSE bug 1140719 SUSE bug 1140726 SUSE bug 1140727 SUSE bug 1140728 SUSE bug 1140814 SUSE bug 1140948 SUSE bug 821419 SUSE bug 945811 CVE-2018-16871 CVE-2018-20836 CVE-2019-10126 CVE-2019-10638 CVE-2019-10639 CVE-2019-11478 CVE-2019-11599 CVE-2019-12456 CVE-2019-12614 CVE-2019-12818 CVE-2019-12819 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for MozillaFirefox, mozilla-nss fixes the following issues: MozillaFirefox to version ESR 60.8: - CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868). - CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868). - CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868). - CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868). - CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868). - CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868). - CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868). - CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868). - CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868). - CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868). mozilla-nss to version 3.44.1: * Added IPSEC IKE support to softoken * Many new FIPS test cases Important SUSE bug 1140868 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11719 CVE-2019-11729 CVE-2019-11730 CVE-2019-9811 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libxslt fixes the following issues: Security issues fixed: - CVE-2019-13118: Fixed a read of uninitialized stack data (bsc#1140101). - CVE-2019-13117: Fixed a uninitialized read which allowed to discern whether a byte on the stack contains certain special characters (bsc#1140095). Moderate SUSE bug 1140095 SUSE bug 1140101 CVE-2019-13117 CVE-2019-13118 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libxml2 fixes the following issues: Issue fixed: - Fixed a bug related to the fix for CVE-2016-9318 which allowed xsltproc to access the internet even when --nonet was given and also was making docbook-xsl-stylesheets to have incomplete xml catalog file (bsc#1010675, bsc#1126613 and bsc#1110146). Moderate SUSE bug 1010675 SUSE bug 1110146 SUSE bug 1126613 CVE-2016-9318 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for polkit fixes the following issues: Security issue fixed: - CVE-2018-19788: Fixed handling of UIDs over MAX_UINT (bsc#1118277) Moderate SUSE bug 1118277 CVE-2018-19788 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for ucode-intel fixes the following issues: This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331) Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the CPU Microcode adjustments for the software mitigations. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Release notes: ---- updated platforms ------------------------------------ SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061d->0000061f Xeon E3/E5, Core X SNB-E/EN/EP C2/M1 6-2d-7/6d 00000714->00000718 Xeon E3/E5, Core X Important SUSE bug 1111331 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083). - CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657). Important SUSE bug 1139083 SUSE bug 985657 CVE-2016-3189 CVE-2019-12900 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319). - CVE-2018-12232: In net/socket.c in the there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash (bnc#1097593). - CVE-2018-14625: A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (bnc#1106615). - CVE-2018-16862: A security flaw was found in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186). - CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946). - CVE-2018-18397: The userfaultfd implementation mishandled access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656). - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841). - CVE-2018-19854: An issue was discovered in the crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker did not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option) (bnc#1118428). - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). The following non-security bugs were fixed: - acpi / CPPC: Check for valid PCC subspace only if PCC is used (bsc#1117115). - acpi / CPPC: Update all pr_(debug/err) messages to log the susbspace id (bsc#1117115). - aio: fix spectre gadget in lookup_ioctx (bsc#1120594). - alsa: cs46xx: Potential NULL dereference in probe (bsc#1051510). - alsa: emu10k1: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - alsa: emux: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - alsa: fireface: fix for state to fetch PCM frames (bsc#1051510). - alsa: fireface: fix reference to wrong register for clock configuration (bsc#1051510). - alsa: firewire-lib: fix wrong assignment for 'out_packet_without_header' tracepoint (bsc#1051510). - alsa: firewire-lib: fix wrong handling payload_length as payload_quadlet (bsc#1051510). - alsa: firewire-lib: use the same print format for 'without_header' tracepoints (bsc#1051510). - alsa: hda: add mute LED support for HP EliteBook 840 G4 (bsc#1051510). - alsa: hda: Add support for AMD Stoney Ridge (bsc#1051510). - alsa: hda/ca0132 - make pci_iounmap() call conditional (bsc#1051510). - alsa: hda: fix front speakers on Huawei MBXP (bsc#1051510). - alsa: hda/realtek - Add support for Acer Aspire C24-860 headset mic (bsc#1051510). - alsa: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225 (bsc#1051510). - alsa: hda/realtek: ALC286 mic and headset-mode fixups for Acer Aspire U27-880 (bsc#1051510). - alsa: hda/realtek: ALC294 mic and headset-mode fixups for ASUS X542UN (bsc#1051510). - alsa: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX391UA with ALC294 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX433FN/UX333FA with ALC294 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX533FD with ALC294 (bsc#1051510). - alsa: hda/realtek: Enable the headset mic auto detection for ASUS laptops (bsc#1051510). - alsa: hda/realtek - Fixed headphone issue for ALC700 (bsc#1051510). - alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4660G (bsc#1051510). - alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4860G/Z6860G (bsc#1051510). - alsa: hda/realtek - Fix speaker output regression on Thinkpad T570 (bsc#1051510). - alsa: hda/realtek - Fix the mute LED regresion on Lenovo X1 Carbon (bsc#1051510). - alsa: hda/realtek - Support Dell headset mode for New AIO platform (bsc#1051510). - alsa: hda/tegra: clear pending irq handlers (bsc#1051510). - alsa: pcm: Call snd_pcm_unlink() conditionally at closing (bsc#1051510). - alsa: pcm: Fix interval evaluation with openmin/max (bsc#1051510). - alsa: pcm: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: pcm: Fix starvation on down_write_nonblock() (bsc#1051510). - alsa: rme9652: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: trident: Suppress gcc string warning (bsc#1051510). - alsa: usb-audio: Add SMSL D1 to quirks for native DSD support (bsc#1051510). - alsa: usb-audio: Add support for Encore mDSD USB DAC (bsc#1051510). - alsa: usb-audio: Avoid access before bLength check in build_audio_procunit() (bsc#1051510). - alsa: usb-audio: Fix an out-of-bound read in create_composite_quirks (bsc#1051510). - alsa: x86: Fix runtime PM for hdmi-lpe-audio (bsc#1051510). - apparmor: do not try to replace stale label in ptrace access check (git-fixes). - apparmor: do not try to replace stale label in ptraceme check (git-fixes). - apparmor: Fix uninitialized value in aa_split_fqname (git-fixes). - arm64: Add work around for Arm Cortex-A55 Erratum 1024718 (bsc#1120612). - arm64: atomics: Remove '&' from '+&' asm constraint in lse atomics (bsc#1120613). - arm64: cpu_errata: include required headers (bsc#1120615). - arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing (bsc#1120633). - arm64: Fix /proc/iomem for reserved but not memory regions (bsc#1120632). - arm64: lse: Add early clobbers to some input/output asm operands (bsc#1120614). - arm64: lse: remove -fcall-used-x0 flag (bsc#1120618). - arm64: mm: always enable CONFIG_HOLES_IN_ZONE (bsc#1120617). - arm64/numa: Report correct memblock range for the dummy node (bsc#1120620). - arm64/numa: Unify common error path in numa_init() (bsc#1120621). - arm64: remove no-op -p linker flag (bsc#1120616). - ASoC: dapm: Recalculate audio map forcely when card instantiated (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Clapper (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Gnawty (bsc#1051510). - ASoC: Intel: mrfld: fix uninitialized variable access (bsc#1051510). - ASoC: omap-abe-twl6040: Fix missing audio card caused by deferred probing (bsc#1051510). - ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE (bsc#1051510). - ASoC: omap-mcbsp: Fix latency value calculation for pm_qos (bsc#1051510). - ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE (bsc#1051510). - ASoC: rsnd: fixup clock start checker (bsc#1051510). - ASoC: wm_adsp: Fix dma-unsafe read of scratch registers (bsc#1051510). - ath10k: do not assume this is a PCI dev in generic code (bsc#1051510). - ath6kl: Only use match sets when firmware supports it (bsc#1051510). - b43: Fix error in cordic routine (bsc#1051510). - bcache: fix miss key refill->end in writeback (Git-fixes). - bcache: trace missed reading by cache_missed (Git-fixes). - Blacklist 5182f26f6f74 crypto: ccp - Make function sev_get_firmware() static - blk-mq: remove synchronize_rcu() from blk_mq_del_queue_tag_set() (Git-fixes). - block: allow max_discard_segments to be stacked (Git-fixes). - block: blk_init_allocated_queue() set q->fq as NULL in the fail case (Git-fixes). - block: really disable runtime-pm for blk-mq (Git-fixes). - block: reset bi_iter.bi_done after splitting bio (Git-fixes). - block/swim: Fix array bounds check (Git-fixes). - bnxt_en: do not try to offload VLAN 'modify' action (bsc#1050242 ). - bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request (bsc#1086282). - bnxt_en: Fix VNIC reservations on the PF (bsc#1086282 ). - bnxt_en: get the reduced max_irqs by the ones used by RDMA (bsc#1050242). - bpf: fix check of allowed specifiers in bpf_trace_printk (bsc#1083647). - bpf: use per htab salt for bucket hash (git-fixes). - btrfs: Always try all copies when reading extent buffers (git-fixes). - btrfs: delete dead code in btrfs_orphan_add() (bsc#1111469). - btrfs: delete dead code in btrfs_orphan_commit_root() (bsc#1111469). - btrfs: do not BUG_ON() in btrfs_truncate_inode_items() (bsc#1111469). - btrfs: do not check inode's runtime flags under root->orphan_lock (bsc#1111469). - btrfs: do not return ino to ino cache if inode item removal fails (bsc#1111469). - btrfs: fix ENOSPC caused by orphan items reservations (bsc#1111469). - btrfs: Fix error handling in btrfs_cleanup_ordered_extents (git-fixes). - btrfs: fix error handling in btrfs_truncate() (bsc#1111469). - btrfs: fix error handling in btrfs_truncate_inode_items() (bsc#1111469). - btrfs: fix fsync of files with multiple hard links in new directories (1120173). - btrfs: Fix memory barriers usage with device stats counters (git-fixes). - btrfs: fix use-after-free on root->orphan_block_rsv (bsc#1111469). - btrfs: get rid of BTRFS_INODE_HAS_ORPHAN_ITEM (bsc#1111469). - btrfs: get rid of unused orphan infrastructure (bsc#1111469). - btrfs: move btrfs_truncate_block out of trans handle (bsc#1111469). - btrfs: qgroup: Dirty all qgroups before rescan (bsc#1120036). - btrfs: refactor btrfs_evict_inode() reserve refill dance (bsc#1111469). - btrfs: renumber BTRFS_INODE_ runtime flags and switch to enums (bsc#1111469). - btrfs: reserve space for O_TMPFILE orphan item deletion (bsc#1111469). - btrfs: run delayed items before dropping the snapshot (bsc#1121263, bsc#1111188). - btrfs: stop creating orphan items for truncate (bsc#1111469). - btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875). - btrfs: update stale comments referencing vmtruncate() (bsc#1111469). - can: flexcan: flexcan_irq(): fix indention (bsc#1051510). - cdrom: do not attempt to fiddle with cdo->capability (bsc#1051510). - ceph: do not update importing cap's mseq when handing cap export (bsc#1121273). - char_dev: extend dynamic allocation of majors into a higher range (bsc#1121058). - char_dev: Fix off-by-one bugs in find_dynamic_major() (bsc#1121058). - clk: mmp: Off by one in mmp_clk_add() (bsc#1051510). - clk: mvebu: Off by one bugs in cp110_of_clk_get() (bsc#1051510). - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations (git-fixes). - config: arm64: enable erratum 1024718 - cpufeature: avoid warning when compiling with clang (Git-fixes). - cpufreq / CPPC: Add cpuinfo_cur_freq support for CPPC (bsc#1117115). - cpufreq: CPPC: fix build in absence of v3 support (bsc#1117115). - cpupower: remove stringop-truncation waring (git-fixes). - crypto: bcm - fix normal/non key hash algorithm failure (bsc#1051510). - crypto: ccp - Add DOWNLOAD_FIRMWARE SEV command (). - crypto: ccp - Add GET_ID SEV command (). - crypto: ccp - Add psp enabled message when initialization succeeds (). - crypto: ccp - Add support for new CCP/PSP device ID (). - crypto: ccp - Allow SEV firmware to be chosen based on Family and Model (). - crypto: ccp - Fix static checker warning (). - crypto: ccp - Remove unused #defines (). - crypto: ccp - Support register differences between PSP devices (). - dasd: fix deadlock in dasd_times_out (bsc#1121477, LTC#174111). - dax: Check page->mapping isn't NULL (bsc#1120054). - dax: Do not access a freed inode (bsc#1120055). - device property: Define type of PROPERTY_ENRTY_*() macros (bsc#1051510). - device property: fix fwnode_graph_get_next_endpoint() documentation (bsc#1051510). - disable stringop truncation warnings for now (git-fixes). - dm: allocate struct mapped_device with kvzalloc (Git-fixes). - dm cache: destroy migration_cache if cache target registration failed (Git-fixes). - dm cache: fix resize crash if user does not reload cache table (Git-fixes). - dm cache metadata: ignore hints array being too small during resize (Git-fixes). - dm cache metadata: save in-core policy_hint_size to on-disk superblock (Git-fixes). - dm cache metadata: set dirty on all cache blocks after a crash (Git-fixes). - dm cache: only allow a single io_mode cache feature to be requested (Git-fixes). - dm crypt: do not decrease device limits (Git-fixes). - dm: fix report zone remapping to account for partition offset (Git-fixes). - dm integrity: change 'suspending' variable from bool to int (Git-fixes). - dm ioctl: harden copy_params()'s copy_from_user() from malicious users (Git-fixes). - dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled (Git-fixes). - dm linear: fix linear_end_io conditional definition (Git-fixes). - dm thin: handle running out of data space vs concurrent discard (Git-fixes). - dm thin metadata: remove needless work from __commit_transaction (Git-fixes). - dm thin: stop no_space_timeout worker when switching to write-mode (Git-fixes). - dm writecache: fix a crash due to reading past end of dirty_bitmap (Git-fixes). - dm writecache: report start_sector in status line (Git-fixes). - dm zoned: fix metadata block ref counting (Git-fixes). - dm zoned: fix various dmz_get_mblock() issues (Git-fixes). - doc/README.SUSE: correct GIT url No more gitorious, github we use. - drivers/net/usb: add device id for TP-LINK UE300 USB 3.0 Ethernet (bsc#1119749). - drivers/net/usb/r8152: remove the unneeded variable 'ret' in rtl8152_system_suspend (bsc#1119749). - drivers/tty: add missing of_node_put() (bsc#1051510). - drm/amdgpu/gmc8: update MC firmware for polaris (bsc#1113722) - drm/amdgpu: update mc firmware image for polaris12 variants (bsc#1113722) - drm/amdgpu: update SMC firmware image for polaris10 variants (bsc#1113722) - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1113722) - drm/i915/execlists: Apply a full mb before execution for Braswell (bsc#1113722) - drm/ioctl: Fix Spectre v1 vulnerabilities (bsc#1113722) - drm/nouveau/kms: Fix memory leak in nv50_mstm_del() (bsc#1113722) - drm: rcar-du: Fix external clock error checks (bsc#1113722) - drm: rcar-du: Fix vblank initialization (bsc#1113722) - drm/rockchip: psr: do not dereference encoder before it is null (bsc#1113722) - drm: set is_master to 0 upon drm_new_set_master() failure (bsc#1113722) - drm/vc4: Set ->is_yuv to false when num_planes == 1 (bsc#1113722) - drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE (bsc#1113722) - dt-bindings: add compatible string for Allwinner V3s SoC (git-fixes). - dt-bindings: arm: Document SoC compatible value for Armadillo-800 EVA (git-fixes). - dt-bindings: clock: add rk3399 DDR3 standard speed bins (git-fixes). - dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4 (git-fixes). - dt-bindings: iio: update STM32 timers clock names (git-fixes). - dt-bindings: mfd: axp20x: Add AXP806 to supported list of chips (git-fixes). - dt-bindings: net: Remove duplicate NSP Ethernet MAC binding document (git-fixes). - dt-bindings: panel: lvds: Fix path to display timing bindings (git-fixes). - dt-bindings: phy: sun4i-usb-phy: Add property descriptions for H3 (git-fixes). - dt-bindings: pwm: renesas: tpu: Fix 'compatible' prop description (git-fixes). - dt-bindings: pwm: Update STM32 timers clock names (git-fixes). - dt-bindings: rcar-dmac: Document missing error interrupt (git-fixes). - efi: Move some sysfs files to be read-only by root (bsc#1051510). - ethernet: fman: fix wrong of_node_put() in probe function (bsc#1119017). - exportfs: fix 'passing zero to ERR_PTR()' warning (bsc#1118773). - ext2: fix potential use after free (bsc#1118775). - ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#1118760). - ext4: fix EXT4_IOC_GROUP_ADD ioctl (bsc#1120604). - ext4: fix possible use after free in ext4_quota_enable (bsc#1120602). - ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() (bsc#1120603). - extable: Consolidate *kernel_text_address() functions (bsc#1120092). - extable: Enable RCU if it is not watching in kernel_text_address() (bsc#1120092). - fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1113722) - fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1113722) - filesystem-dax: Fix dax_layout_busy_page() livelock (bsc#1118787). - firmware: add firmware_request_nowarn() - load firmware without warnings (). - Fix tracing sample code warning (git-fixes). - fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (Git-fixes). - fscache: Pass the correct cancelled indications to fscache_op_complete() (Git-fixes). - fs: fix lost error code in dio_complete (bsc#1118762). - fs/xfs: Use %pS printk format for direct addresses (git-fixes). - fuse: fix blocked_waitq wakeup (git-fixes). - fuse: fix leaked notify reply (git-fixes). - fuse: fix possibly missed wake-up after abort (git-fixes). - fuse: Fix use-after-free in fuse_dev_do_read() (git-fixes). - fuse: Fix use-after-free in fuse_dev_do_write() (git-fixes). - fuse: fix use-after-free in fuse_direct_IO() (git-fixes). - fuse: set FR_SENT while locked (git-fixes). - gcc-plugins: Add include required by GCC release 8 (git-fixes). - gcc-plugins: Use dynamic initializers (git-fixes). - gfs2: Do not leave s_fs_info pointing to freed memory in init_sbd (bsc#1118769). - gfs2: Fix loop in gfs2_rbm_find (bsc#1120601). - gfs2: Get rid of potential double-freeing in gfs2_create_inode (bsc#1120600). - gfs2_meta: ->mount() can get NULL dev_name (bsc#1118768). - gfs2: Put bitmap buffers in put_super (bsc#1118772). - gpio: davinci: Remove unused member of davinci_gpio_controller (git-fixes). - gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers (bsc#1051510). - gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (bsc#1051510). - gpio: max7301: fix driver for use with CONFIG_VMAP_STACK (bsc#1051510). - gpio: mvebu: only fail on missing clk if pwm is actually to be used (bsc#1051510). - hid: Add quirk for Primax PIXART OEM mice (bsc#1119410). - hid: input: Ignore battery reported by Symbol DS4308 (bsc#1051510). - hid: multitouch: Add pointstick support for Cirque Touchpad (bsc#1051510). - hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - i2c: axxia: properly handle master timeout (bsc#1051510). - i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node (bsc#1051510). - ib/hfi1: Add mtu check for operational data VLs (bsc#1060463 ). - ibmvnic: Convert reset work item mutex to spin lock (). - ibmvnic: Fix non-atomic memory allocation in IRQ context (). - ib/rxe: support for 802.1q VLAN on the listener (bsc#1082387). - ieee802154: 6lowpan: set IFLA_LINK (bsc#1051510). - ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510). - ieee802154: at86rf230: use __func__ macro for debug messages (bsc#1051510). - ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510). - Include modules.fips in kernel-binary as well as kernel-binary-base (). - initramfs: fix initramfs rebuilds w/ compression after disabling (git-fixes). - Input: add official Raspberry Pi's touchscreen driver (). - Input: cros_ec_keyb - fix button/switch capability reports (bsc#1051510). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR (bsc#1051510). - Input: elan_i2c - add ELAN0620 to the ACPI table (bsc#1051510). - Input: elan_i2c - add support for ELAN0621 touchpad (bsc#1051510). - Input: hyper-v - fix wakeup from suspend-to-idle (bsc#1051510). - Input: matrix_keypad - check for errors from of_get_named_gpio() (bsc#1051510). - Input: nomadik-ske-keypad - fix a loop timeout test (bsc#1051510). - Input: omap-keypad - fix keyboard debounce configuration (bsc#1051510). - Input: synaptics - add PNP ID for ThinkPad P50 to SMBus (bsc#1051510). - Input: synaptics - enable SMBus for HP 15-ay000 (bsc#1051510). - Input: xpad - quirk all PDP Xbox One gamepads (bsc#1051510). - integrity/security: fix digsig.c build error with header file (bsc#1051510). - intel_th: msu: Fix an off-by-one in attribute store (bsc#1051510). - iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105). - iommu/vt-d: Handle domain agaw being less than iommu agaw (bsc#1106105). - iwlwifi: add new cards for 9560, 9462, 9461 and killer series (bsc#1051510). - iwlwifi: fix LED command capability bit (bsc#1119086). - iwlwifi: fix non_shared_ant for 22000 devices (bsc#1119086). - iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE (bsc#1119086). - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT to old firmwares (bsc#1119086). - iwlwifi: nvm: get num of hw addresses from firmware (bsc#1119086). - iwlwifi: pcie: do not reset TXQ write pointer (bsc#1051510). - jffs2: free jffs2_sb_info through jffs2_kill_sb() (bsc#1118767). - jump_label: Split out code under the hotplug lock (bsc#1106913). - kabi: hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - kabi protect hnae_ae_ops (bsc#1104353). - kbuild: allow to use GCC toolchain not in Clang search path (git-fixes). - kbuild: fix linker feature test macros when cross compiling with Clang (git-fixes). - kbuild: make missing $DEPMOD a Warning instead of an Error (git-fixes). - kbuild: rpm-pkg: keep spec file until make mrproper (git-fixes). - kbuild: suppress packed-not-aligned warning for default setting only (git-fixes). - kbuild: verify that $DEPMOD is installed (git-fixes). - kdb: use memmove instead of overlapping memcpy (bsc#1120954). - kernfs: Replace strncpy with memcpy (bsc#1120053). - keys: Fix the use of the C++ keyword 'private' in uapi/linux/keyctl.h (Git-fixes). - kobject: Replace strncpy with memcpy (git-fixes). - kprobes: Make list and blacklist root user read only (git-fixes). - kvm: PPC: Book3S PR: Enable use on POWER9 inside HPT-mode guests (bsc#1118484). - libata: whitelist all SAMSUNG MZ7KM* solid-state disks (bsc#1051510). - libertas_tf: prevent underflow in process_cmdrequest() (bsc#1119086). - libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1118962). - libnvdimm, pmem: Fix badblocks population for 'raw' namespaces (bsc#1118788). - lib/raid6: Fix arm64 test build (bsc#1051510). - lib/ubsan.c: do not mark __ubsan_handle_builtin_unreachable as noreturn (bsc#1051510). - Limit max FW API version for QCA9377 (bsc#1121714, bsc#1121715). - linux/bitmap.h: fix type of nbits in bitmap_shift_right() (bsc#1051510). - locking/barriers: Convert users of lockless_dereference() to READ_ONCE() (Git-fixes). - locking/static_keys: Improve uninitialized key warning (bsc#1106913). - mac80211: Clear beacon_int in ieee80211_do_stop (bsc#1051510). - mac80211: fix reordering of buffered broadcast packets (bsc#1051510). - mac80211_hwsim: fix module init error paths for netlink (bsc#1051510). - mac80211_hwsim: Timer should be initialized before device registered (bsc#1051510). - mac80211: ignore NullFunc frames in the duplicate detection (bsc#1051510). - mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext (bsc#1051510). - Mark HI and TASKLET softirq synchronous (git-fixes). - md: fix raid10 hang issue caused by barrier (git-fixes). - media: em28xx: Fix use-after-free when disconnecting (bsc#1051510). - media: em28xx: make v4l2-compliance happier by starting sequence on zero (bsc#1051510). - media: omap3isp: Unregister media device as first (bsc#1051510). - mmc: bcm2835: reset host on timeout (bsc#1051510). - mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support (bsc#1051510). - mmc: core: Reset HPI enabled state during re-init and in case of errors (bsc#1051510). - mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl (bsc#1051510). - mmc: dw_mmc-bluefield: Add driver extension (bsc#1118752). - mmc: dw_mmc-k3: add sd support for hi3660 (bsc#1118752). - MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 (bsc#1051510). - mmc: omap_hsmmc: fix DMA API warning (bsc#1051510). - mmc: sdhci: fix the timeout check window for clock and reset (bsc#1051510). - mm: do not miss the last page because of round-off error (bnc#1118798). - mm: do not warn about large allocations for slab (git fixes (slab)). - mm/huge_memory.c: reorder operations in __split_huge_page_tail() (VM Functionality bsc#1119962). - mm/huge_memory: fix lockdep complaint on 32-bit i_size_read() (VM Functionality, bsc#1121599). - mm/huge_memory: rename freeze_page() to unmap_page() (VM Functionality, bsc#1121599). - mm/huge_memory: splitting set mapping+index before unfreeze (VM Functionality, bsc#1121599). - mm: hugetlb: yield when prepping struct pages (git fixes (memory initialisation)). - mm/khugepaged: collapse_shmem() do not crash on Compound (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() remember to clear holes (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() stop if punched or truncated (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() without freezing new_page (VM Functionality, bsc#1121599). - mm/khugepaged: fix crashes due to misaccounted holes (VM Functionality, bsc#1121599). - mm/khugepaged: minor reorderings in collapse_shmem() (VM Functionality, bsc#1121599). - mm: lower the printk loglevel for __dump_page messages (generic hotplug debugability). - mm, memory_hotplug: be more verbose for memory offline failures (generic hotplug debugability). - mm, memory_hotplug: drop pointless block alignment checks from __offline_pages (generic hotplug debugability). - mm, memory_hotplug: print reason for the offlining failure (generic hotplug debugability). - mm: migration: fix migration of huge PMD shared pages (bnc#1086423). - mm: only report isolation failures when offlining memory (generic hotplug debugability). - mm: print more information about mapping in __dump_page (generic hotplug debugability). - mm: put_and_wait_on_page_locked() while page is migrated (bnc#1109272). - mm: sections are not offlined during memory hotremove (bnc#1119968). - mm: shmem.c: Correctly annotate new inodes for lockdep (Git fixes: shmem). - mm/vmstat.c: fix NUMA statistics updates (git fixes). - Move dell_rbu fix to sorted section (bsc#1087978). - mtd: cfi: convert inline functions to macros (git-fixes). - mtd: Fix comparison in map_word_andequal() (git-fixes). - namei: allow restricted O_CREAT of FIFOs and regular files (bsc#1118766). - nbd: do not allow invalid blocksize settings (Git-fixes). - net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() (bsc#1051510). - net: dsa: mv88e6xxx: Fix binding documentation for MDIO busses (git-fixes). - net: dsa: qca8k: Add QCA8334 binding documentation (git-fixes). - net: ena: fix crash during ena_remove() (bsc#1111696 bsc#1117561). - net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1111696 bsc#1117561). - net: hns3: Add nic state check before calling netif_tx_wake_queue (bsc#1104353). - net: hns3: Add support for hns3_nic_netdev_ops.ndo_do_ioctl (bsc#1104353). - net: hns3: bugfix for buffer not free problem during resetting (bsc#1104353). - net: hns3: bugfix for handling mailbox while the command queue reinitialized (bsc#1104353). - net: hns3: bugfix for hclge_mdio_write and hclge_mdio_read (bsc#1104353). - net: hns3: bugfix for is_valid_csq_clean_head() (bsc#1104353 ). - net: hns3: bugfix for reporting unknown vector0 interrupt repeatly problem (bsc#1104353). - net: hns3: bugfix for rtnl_lock's range in the hclgevf_reset() (bsc#1104353). - net: hns3: bugfix for the initialization of command queue's spin lock (bsc#1104353). - net: hns3: Check hdev state when getting link status (bsc#1104353). - net: hns3: Clear client pointer when initialize client failed or unintialize finished (bsc#1104353). - net: hns3: Fix cmdq registers initialization issue for vf (bsc#1104353). - net: hns3: Fix error of checking used vlan id (bsc#1104353 ). - net: hns3: Fix ets validate issue (bsc#1104353). - net: hns3: Fix for netdev not up problem when setting mtu (bsc#1104353). - net: hns3: Fix for out-of-bounds access when setting pfc back pressure (bsc#1104353). - net: hns3: Fix for packet buffer setting bug (bsc#1104353 ). - net: hns3: Fix for rx vlan id handle to support Rev 0x21 hardware (bsc#1104353). - net: hns3: Fix for setting speed for phy failed problem (bsc#1104353). - net: hns3: Fix for vf vlan delete failed problem (bsc#1104353 ). - net: hns3: Fix loss of coal configuration while doing reset (bsc#1104353). - net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg() (bsc#1104353). - net: hns3: Fix ping exited problem when doing lp selftest (bsc#1104353). - net: hns3: Preserve vlan 0 in hardware table (bsc#1104353 ). - net: hns3: remove unnecessary queue reset in the hns3_uninit_all_ring() (bsc#1104353). - net: hns3: Set STATE_DOWN bit of hdev state when stopping net (bsc#1104353). - net/mlx4_core: Correctly set PFC param if global pause is turned off (bsc#1046299). - net: usb: r8152: constify usb_device_id (bsc#1119749). - net: usb: r8152: use irqsave() in USB's complete callback (bsc#1119749). - nospec: Allow index argument to have const-qualified type (git-fixes) - nospec: Kill array_index_nospec_mask_check() (git-fixes). - nvme-fc: resolve io failures during connect (bsc#1116803). - nvme-multipath: zero out ANA log buffer (bsc#1105168). - nvme: validate controller state before rescheduling keep alive (bsc#1103257). - objtool: Detect RIP-relative switch table references (bsc#1058115). - objtool: Detect RIP-relative switch table references, part 2 (bsc#1058115). - objtool: Fix another switch table detection issue (bsc#1058115). - objtool: Fix double-free in .cold detection error path (bsc#1058115). - objtool: Fix GCC 8 cold subfunction detection for aliased functions (bsc#1058115). - objtool: Fix 'noreturn' detection for recursive sibling calls (bsc#1058115). - objtool: Fix segfault in .cold detection with -ffunction-sections (bsc#1058115). - objtool: Support GCC 8's cold subfunctions (bsc#1058115). - objtool: Support GCC 8 switch tables (bsc#1058115). - panic: avoid deadlocks in re-entrant console drivers (bsc#1088386). - pci: Add ACS quirk for Ampere root ports (bsc#1120058). - pci: Add ACS quirk for APM X-Gene devices (bsc#1120058). - pci: Convert device-specific ACS quirks from NULL termination to ARRAY_SIZE (bsc#1120058). - pci: Delay after FLR of Intel DC P3700 NVMe (bsc#1120058). - pci: Disable Samsung SM961/PM961 NVMe before FLR (bsc#1120058). - pci: Export pcie_has_flr() (bsc#1120058). - pci: iproc: Activate PAXC bridge quirk for more devices (bsc#1120058). - pci: Mark Ceton InfiniTV4 INTx masking as broken (bsc#1120058). - pci: Mark fall-through switch cases before enabling -Wimplicit-fallthrough (bsc#1120058). - pci: Mark Intel XXV710 NIC INTx masking as broken (bsc#1120058). - perf tools: Fix tracing_path_mount proper path (git-fixes). - platform-msi: Free descriptors in platform_msi_domain_free() (bsc#1051510). - powerpc/64s: consolidate MCE counter increment (bsc#1094244). - powerpc/64s/radix: Fix process table entry cache invalidation (bsc#1055186, git-fixes). - powerpc/boot: Expose Kconfig symbols to wrapper (bsc#1065729). - powerpc/boot: Fix build failures with -j 1 (bsc#1065729). - powerpc/pkeys: Fix handling of pkey state across fork() (bsc#1078248, git-fixes). - powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle) (bsc#1055121). - powerpc/pseries: Track LMB nid instead of using device tree (bsc#1108270). - powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244). - power: supply: olpc_battery: correct the temperature units (bsc#1051510). - ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS (bsc#1106913). - qed: Add driver support for 20G link speed (bsc#1110558). - qed: Add support for virtual link (bsc#1111795). - qede: Add driver support for 20G link speed (bsc#1110558). - r8152: add byte_enable for ocp_read_word function (bsc#1119749). - r8152: add Linksys USB3GIGV1 id (bsc#1119749). - r8152: add r8153_phy_status function (bsc#1119749). - r8152: adjust lpm settings for RTL8153 (bsc#1119749). - r8152: adjust rtl8153_runtime_enable function (bsc#1119749). - r8152: adjust the settings about MAC clock speed down for RTL8153 (bsc#1119749). - r8152: adjust U2P3 for RTL8153 (bsc#1119749). - r8152: avoid rx queue more than 1000 packets (bsc#1119749). - r8152: check if disabling ALDPS is finished (bsc#1119749). - r8152: correct the definition (bsc#1119749). - r8152: disable RX aggregation on Dell TB16 dock (bsc#1119749). - r8152: disable RX aggregation on new Dell TB16 dock (bsc#1119749). - r8152: fix wrong checksum status for received IPv4 packets (bsc#1119749). - r8152: move calling delay_autosuspend function (bsc#1119749). - r8152: move the default coalesce setting for RTL8153 (bsc#1119749). - r8152: move the initialization to reset_resume function (bsc#1119749). - r8152: move the setting of rx aggregation (bsc#1119749). - r8152: replace napi_complete with napi_complete_done (bsc#1119749). - r8152: set rx mode early when linking on (bsc#1119749). - r8152: split rtl8152_resume function (bsc#1119749). - r8152: support new chip 8050 (bsc#1119749). - r8152: support RTL8153B (bsc#1119749). - rbd: whitelist RBD_FEATURE_OPERATIONS feature bit (Git-fixes). - rcu: Allow for page faults in NMI handlers (bsc#1120092). - rdma/bnxt_re: Add missing spin lock initialization (bsc#1050244 ). - rdma/bnxt_re: Avoid accessing the device structure after it is freed (bsc#1050244). - rdma/bnxt_re: Avoid NULL check after accessing the pointer (bsc#1086283). - rdma/bnxt_re: Fix system hang when registration with L2 driver fails (bsc#1086283). - rdma/hns: Bugfix pbl configuration for rereg mr (bsc#1104427 ). - rdma_rxe: make rxe work over 802.1q VLAN devices (bsc#1082387). - reset: remove remaining WARN_ON() in <linux/reset.h> (Git-fixes). - Revert commit ef9209b642f 'staging: rtl8723bs: Fix indenting errors and an off-by-one mistake in core/rtw_mlme_ext.c' (bsc#1051510). - Revert 'iommu/io-pgtable-arm: Check for v7s-incapable systems' (bsc#1106105). - Revert 'PCI/ASPM: Do not initialize link state when aspm_disabled is set' (bsc#1051510). - Revert 'scsi: lpfc: ls_rjt erroneus FLOGIs' (bsc#1119322). - ring-buffer: Allow for rescheduling when removing pages (bsc#1120238). - ring-buffer: Do no reuse reader page if still in use (bsc#1120096). - ring-buffer: Mask out the info bits when returning buffer page length (bsc#1120094). - rtc: hctosys: Add missing range error reporting (bsc#1051510). - rtc: m41t80: Correct alarm month range with RTC reads (bsc#1051510). - rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write (bsc#1051510). - rtc: snvs: Add timeouts to avoid kernel lockups (bsc#1051510). - rtl8xxxu: Fix missing break in switch (bsc#1051510). - s390/dasd: simplify locking in dasd_times_out (bsc#1104967,). - s390/kdump: Fix elfcorehdr size calculation (bsc#1117953, LTC#171112). - s390/kdump: Make elfcorehdr size calculation ABI compliant (bsc#1117953, LTC#171112). - s390/qeth: fix length check in SNMP processing (bsc#1117953, LTC#173657). - s390/qeth: remove outdated portname debug msg (bsc#1117953, LTC#172960). - s390/qeth: sanitize strings in debug messages (bsc#1117953, LTC#172960). - sbitmap: fix race in wait batch accounting (Git-fixes). - sched/core: Fix cpu.max vs. cpuhotplug deadlock (bsc#1106913). - sched/smt: Expose sched_smt_present static key (bsc#1106913). - sched/smt: Make sched_smt_present track topology (bsc#1106913). - sched, tracing: Fix trace_sched_pi_setprio() for deboosting (bsc#1120228). - scsi: lpfc: Cap NPIV vports to 256 (bsc#1118215). - scsi: lpfc: Correct code setting non existent bits in sli4 ABORT WQE (bsc#1118215). - scsi: lpfc: Correct topology type reporting on G7 adapters (bsc#1118215). - scsi: lpfc: Defer LS_ACC to FLOGI on point to point logins (bsc#1118215). - scsi: lpfc: Enable Management features for IF_TYPE=6 (bsc#1119322). - scsi: lpfc: Fix a duplicate 0711 log message number (bsc#1118215). - scsi: lpfc: fix block guard enablement on SLI3 adapters (bsc#1079935). - scsi: lpfc: Fix dif and first burst use in write commands (bsc#1118215). - scsi: lpfc: Fix discovery failures during port failovers with lots of vports (bsc#1118215). - scsi: lpfc: Fix driver release of fw-logging buffers (bsc#1118215). - scsi: lpfc: Fix kernel Oops due to null pring pointers (bsc#1118215). - scsi: lpfc: Fix panic when FW-log buffsize is not initialized (bsc#1118215). - scsi: lpfc: ls_rjt erroneus FLOGIs (bsc#1118215). - scsi: lpfc: refactor mailbox structure context fields (bsc#1118215). - scsi: lpfc: rport port swap discovery issue (bsc#1118215). - scsi: lpfc: update driver version to 12.0.0.9 (bsc#1118215). - scsi: lpfc: update manufacturer attribute to reflect Broadcom (bsc#1118215). - scsi: target: add emulate_pr backstore attr to toggle PR support (bsc#1091405). - scsi: target: drop unused pi_prot_format attribute storage (bsc#1091405). - scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bsc#1121483, LTC#174588). - shmem: introduce shmem_inode_acct_block (VM Functionality, bsc#1121599). - shmem: shmem_charge: verify max_block is not exceeded before inode update (VM Functionality, bsc#1121599). - skd: Avoid that module unloading triggers a use-after-free (Git-fixes). - skd: Submit requests to firmware before triggering the doorbell (Git-fixes). - soc: bcm2835: sync firmware properties with downstream () - spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode (bsc#1051510). - spi: bcm2835: Fix book-keeping of DMA termination (bsc#1051510). - spi: bcm2835: Fix race on DMA termination (bsc#1051510). - spi: bcm2835: Unbreak the build of esoteric configs (bsc#1051510). - splice: do not read more than available pipe space (bsc#1119212). - staging: bcm2835-camera: Abort probe if there is no camera (bsc#1051510). - staging: rtl8712: Fix possible buffer overrun (bsc#1051510). - staging: rtl8723bs: Add missing return for cfg80211_rtw_get_station (bsc#1051510). - staging: rts5208: fix gcc-8 logic error warning (bsc#1051510). - staging: wilc1000: fix missing read_write setting when reading data (bsc#1051510). - supported.conf: add raspberrypi-ts driver - supported.conf: whitelist bluefield eMMC driver - target/iscsi: avoid NULL dereference in CHAP auth error path (bsc#1117165). - target: se_dev_attrib.emulate_pr ABI stability (bsc#1091405). - team: no need to do team_notify_peers or team_mcast_rejoin when disabling port (bsc#1051510). - termios, tty/tty_baudrate.c: fix buffer overrun (bsc#1051510). - test_hexdump: use memcpy instead of strncpy (bsc#1051510). - tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset (bsc#1051510). - tools: hv: fcopy: set 'error' in case an unknown operation was requested (git-fixes). - Tools: hv: Fix a bug in the key delete code (git-fixes). - tools: hv: include string.h in hv_fcopy_daemon (git-fixes). - tools/lib/lockdep: Rename 'trywlock' into 'trywrlock' (bsc#1121973). - tools/power/cpupower: fix compilation with STATIC=true (git-fixes). - tools/power turbostat: fix possible sprintf buffer overflow (git-fixes). - tracing/blktrace: Fix to allow setting same value (Git-fixes). - tracing: Fix bad use of igrab in trace_uprobe.c (bsc#1120046). - tracing: Fix crash when freeing instances with event triggers (bsc#1120230). - tracing: Fix crash when it fails to alloc ring buffer (bsc#1120097). - tracing: Fix double free of event_trigger_data (bsc#1120234). - tracing: Fix missing return symbol in function_graph output (bsc#1120232). - tracing: Fix possible double free in event_enable_trigger_func() (bsc#1120235). - tracing: Fix possible double free on failure of allocating trace buffer (bsc#1120214). - tracing: Fix regex_match_front() to not over compare the test string (bsc#1120223). - tracing: Fix trace_pipe behavior for instance traces (bsc#1120088). - tracing: Remove RCU work arounds from stack tracer (bsc#1120092). - tracing/samples: Fix creation and deletion of simple_thread_fn creation (git-fixes). - tty: Do not hold ldisc lock in tty_reopen() if ldisc present (bsc#1051510). - tty: Do not return -EAGAIN in blocking read (bsc#1116040). - tty: do not set TTY_IO_ERROR flag if console port (bsc#1051510). - tty: serial: 8250_mtk: always resume the device in probe (bsc#1051510). - ubifs: Handle re-linking of inodes correctly while recovery (bsc#1120598). - ubifs-Handle-re-linking-of-inodes-correctly-while-re.patch: Fixup compilation failure due to different ubifs_assert() prototype. - udf: Allow mounting volumes with incorrect identification strings (bsc#1118774). - unifdef: use memcpy instead of strncpy (bsc#1051510). - usb: appledisplay: Add 27' Apple Cinema Display (bsc#1051510). - usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series (bsc#1051510). - usb: dwc2: host: use hrtimer for NAK retries (git-fixes). - usb: hso: Fix OOB memory access in hso_probe/hso_get_config_data (bsc#1051510). - usbip: vhci_hcd: check rhport before using in vhci_hub_control() (bsc#1090888). - usb: omap_udc: fix crashes on probe error and module removal (bsc#1051510). - usb: omap_udc: fix omap_udc_start() on 15xx machines (bsc#1051510). - usb: omap_udc: fix USB gadget functionality on Palm Tungsten E (bsc#1051510). - usb: omap_udc: use devm_request_irq() (bsc#1051510). - usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device (bsc#1051510). - usb: serial: option: add Fibocom NL668 series (bsc#1051510). - usb: serial: option: add GosunCn ZTE WeLink ME3630 (bsc#1051510). - usb: serial: option: add HP lt4132 (bsc#1051510). - usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) (bsc#1051510). - usb: serial: option: add Telit LN940 series (bsc#1051510). - usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() (bsc#1106110). - usb: usb-storage: Add new IDs to ums-realtek (bsc#1051510). - usb: xhci: fix uninitialized completion when USB3 port got wrong status (bsc#1051510). - usb: xhci: Prevent bus suspend if a port connect change or polling state is detected (bsc#1051510). - userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails (bsc#1118761). - userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (bsc#1118809). - v9fs_dir_readdir: fix double-free on p9stat_read error (bsc#1118771). - vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505). - watchdog/core: Add missing prototypes for weak functions (git-fixes). - wireless: airo: potential buffer overflow in sprintf() (bsc#1051510). - wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()' (bsc#1051510). - x86/bugs: Add AMD's SPEC_CTRL MSR usage (bsc#1106913). - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bsc#1106913). - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features (bsc#1106913). - x86/decoder: Fix and update the opcodes map (bsc#1058115). - x86/kabi: Fix cpu_tlbstate issue (bsc#1106913). - x86/l1tf: Show actual SMT state (bsc#1106913). - x86/mm: Fix decoy address handling vs 32-bit builds (bsc#1120606). - x86/pci: Add additional VMD device root ports to VMD AER quirk (bsc#1120058). - x86/pci: Add 'pci=big_root_window' option for AMD 64-bit windows (bsc#1120058). - x86/pci: Apply VMD's AERSID fixup generically (bsc#1120058). - x86/pci: Avoid AMD SB7xx EHCI USB wakeup defect (bsc#1120058). - x86/pci: Enable a 64bit BAR on AMD Family 15h (Models 00-1f, 30-3f, 60-7f) (bsc#1120058). - x86/pci: Enable AMD 64-bit window on resume (bsc#1120058). - x86/pci: Fix infinite loop in search for 64bit BAR placement (bsc#1120058). - x86/pci: Move and shrink AMD 64-bit window to avoid conflict (bsc#1120058). - x86/pci: Move VMD quirk to x86 fixups (bsc#1120058). - x86/pci: Only enable a 64bit BAR on single-socket AMD Family 15h (bsc#1120058). - x86/pci: Use is_vmd() rather than relying on the domain number (bsc#1120058). - x86/process: Consolidate and simplify switch_to_xtra() code (bsc#1106913). - x86/pti: Document fix wrong index (git-fixes). - x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support (bsc#1106913). - x86/retpoline: Remove minimal retpoline support (bsc#1106913). - x86/speculataion: Mark command line parser data __initdata (bsc#1106913). - x86/speculation: Add command line control for indirect branch speculation (bsc#1106913). - x86/speculation: Add prctl() control for indirect branch speculation (bsc#1106913). - x86/speculation: Add seccomp Spectre v2 user space protection mode (bsc#1106913). - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak (bsc#1106913). - x86/speculation: Avoid __switch_to_xtra() calls (bsc#1106913). - x86/speculation: Clean up spectre_v2_parse_cmdline() (bsc#1106913). - x86/speculation: Disable STIBP when enhanced IBRS is in use (bsc#1106913). - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1106913). - x86/speculation: Enable prctl mode for spectre_v2_user (bsc#1106913). - x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off (bnc#1114871). - x86/speculation: Mark string arrays const correctly (bsc#1106913). - x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (bsc#1106913). - x86/speculation: Prepare arch_smt_update() for PRCTL mode (bsc#1106913). - x86/speculation: Prepare for conditional IBPB in switch_mm() (bsc#1106913). - x86/speculation: Prepare for per task indirect branch speculation control (bsc#1106913). - x86/speculation: Prevent stale SPEC_CTRL msr content (bsc#1106913). - x86/speculation: Propagate information about RSB filling mitigation to sysfs (bsc#1106913). - x86/speculation: Provide IBPB always command line options (bsc#1106913). - x86/speculation: Remove unnecessary ret variable in cpu_show_common() (bsc#1106913). - x86/speculation: Rename SSBD update functions (bsc#1106913). - x86/speculation: Reorder the spec_v2 code (bsc#1106913). - x86/speculation: Reorganize speculation control MSRs update (bsc#1106913). - x86/speculation: Rework SMT state change (bsc#1106913). - x86/speculation: Split out TIF update (bsc#1106913). - x86/speculation: Unify conditional spectre v2 print functions (bsc#1106913). - x86/speculation: Update the TIF_SSBD comment (bsc#1106913). - xen/netfront: tolerate frags with no data (bnc#1119804). - xfs: Align compat attrlist_by_handle with native implementation (git-fixes). - xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621). - xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat (git-fixes). - xfs: xfs_buf: drop useless LIST_HEAD (git-fixes). - xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc (bsc#1117162). - xhci: Do not prevent USB2 bus suspend in state check intended for USB3 only (bsc#1051510). - xhci: Prevent U1/U2 link pm states if exit latency is too long (bsc#1051510). Important SUSE bug 1024718 SUSE bug 1046299 SUSE bug 1050242 SUSE bug 1050244 SUSE bug 1051510 SUSE bug 1055121 SUSE bug 1055186 SUSE bug 1058115 SUSE bug 1060463 SUSE bug 1065729 SUSE bug 1078248 SUSE bug 1079935 SUSE bug 1082387 SUSE bug 1083647 SUSE bug 1086282 SUSE bug 1086283 SUSE bug 1086423 SUSE bug 1087084 SUSE bug 1087978 SUSE bug 1088386 SUSE bug 1090888 SUSE bug 1091405 SUSE bug 1094244 SUSE bug 1097593 SUSE bug 1102875 SUSE bug 1102877 SUSE bug 1102879 SUSE bug 1102882 SUSE bug 1102896 SUSE bug 1103257 SUSE bug 1104353 SUSE bug 1104427 SUSE bug 1104967 SUSE bug 1105168 SUSE bug 1106105 SUSE bug 1106110 SUSE bug 1106615 SUSE bug 1106913 SUSE bug 1108270 SUSE bug 1109272 SUSE bug 1110558 SUSE bug 1111188 SUSE bug 1111469 SUSE bug 1111696 SUSE bug 1111795 SUSE bug 1112128 SUSE bug 1113722 SUSE bug 1114648 SUSE bug 1114871 SUSE bug 1116040 SUSE bug 1116336 SUSE bug 1116803 SUSE bug 1116841 SUSE bug 1117115 SUSE bug 1117162 SUSE bug 1117165 SUSE bug 1117186 SUSE bug 1117561 SUSE bug 1117656 SUSE bug 1117953 SUSE bug 1118215 SUSE bug 1118319 SUSE bug 1118428 SUSE bug 1118484 SUSE bug 1118505 SUSE bug 1118752 SUSE bug 1118760 SUSE bug 1118761 SUSE bug 1118762 SUSE bug 1118766 SUSE bug 1118767 SUSE bug 1118768 SUSE bug 1118769 SUSE bug 1118771 SUSE bug 1118772 SUSE bug 1118773 SUSE bug 1118774 SUSE bug 1118775 SUSE bug 1118787 SUSE bug 1118788 SUSE bug 1118798 SUSE bug 1118809 SUSE bug 1118962 SUSE bug 1119017 SUSE bug 1119086 SUSE bug 1119212 SUSE bug 1119322 SUSE bug 1119410 SUSE bug 1119714 SUSE bug 1119749 SUSE bug 1119804 SUSE bug 1119946 SUSE bug 1119962 SUSE bug 1119968 SUSE bug 1120036 SUSE bug 1120046 SUSE bug 1120053 SUSE bug 1120054 SUSE bug 1120055 SUSE bug 1120058 SUSE bug 1120088 SUSE bug 1120092 SUSE bug 1120094 SUSE bug 1120096 SUSE bug 1120097 SUSE bug 1120173 SUSE bug 1120214 SUSE bug 1120223 SUSE bug 1120228 SUSE bug 1120230 SUSE bug 1120232 SUSE bug 1120234 SUSE bug 1120235 SUSE bug 1120238 SUSE bug 1120594 SUSE bug 1120598 SUSE bug 1120600 SUSE bug 1120601 SUSE bug 1120602 SUSE bug 1120603 SUSE bug 1120604 SUSE bug 1120606 SUSE bug 1120612 SUSE bug 1120613 SUSE bug 1120614 SUSE bug 1120615 SUSE bug 1120616 SUSE bug 1120617 SUSE bug 1120618 SUSE bug 1120620 SUSE bug 1120621 SUSE bug 1120632 SUSE bug 1120633 SUSE bug 1120743 SUSE bug 1120954 SUSE bug 1121017 SUSE bug 1121058 SUSE bug 1121263 SUSE bug 1121273 SUSE bug 1121477 SUSE bug 1121483 SUSE bug 1121599 SUSE bug 1121621 SUSE bug 1121714 SUSE bug 1121715 SUSE bug 1121973 CVE-2018-12232 CVE-2018-14625 CVE-2018-16862 CVE-2018-16884 CVE-2018-18397 CVE-2018-19407 CVE-2018-19854 CVE-2018-19985 CVE-2018-20169 CVE-2018-9568 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for spamassassin to version 3.4.2 fixes the following issues: Security issues fixed: - CVE-2017-15705: Fixed denial of service via unclosed tags in crafted emails (bsc#1108745). - CVE-2018-11781: Fixed a code injection in the meta rule syntax by local users (bsc#1108748). - CVE-2018-11780: Fixed a potential remote code execution vulnerability in PDFInfo plugin (bsc#1108750). Non-security issues fixed: - Added four new plugins (disabled by default): HashBL, ResourceLimits, FromNameSpoof, Phishing - sa-update script: optional support for SHA-256 / SHA-512 been added for better validation of rules - GeoIP2 support has been added to RelayCountry and URILocalBL plugins - Several new or enhanced configuration options Important SUSE bug 1108745 SUSE bug 1108748 SUSE bug 1108750 CVE-2016-1238 CVE-2017-15705 CVE-2018-11780 CVE-2018-11781 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for openexr fixes the following issues: Security issue fixed: - CVE-2017-9111: Fixed an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h (bsc#1040109). - CVE-2017-9113: Fixed an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp (bsc#1040113). - CVE-2017-9115: Fixed an invalid write of size 2 in the = operator function inhalf.h (bsc#1040115). - CVE-2018-18444: Fixed Out-of-bounds write in makeMultiView.cpp (bsc#1113455). - CVE-2017-9112: Fixed invalid read of size 1 in the getBits function in ImfHuf.cpp (bsc#1040112). Moderate SUSE bug 1040109 SUSE bug 1040112 SUSE bug 1040113 SUSE bug 1040115 SUSE bug 1113455 CVE-2017-9111 CVE-2017-9112 CVE-2017-9113 CVE-2017-9115 CVE-2018-18444 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libsolv, libzypp and zypper fixes the following issues: libsolv was updated to version 0.6.36 fixes the following issues: Security issues fixed: - CVE-2018-20532: Fixed a NULL pointer dereference in testcase_read() (bsc#1120629). - CVE-2018-20533: Fixed a NULL pointer dereference in testcase_str2dep_complex() (bsc#1120630). - CVE-2018-20534: Fixed a NULL pointer dereference in pool_whatprovides() (bsc#1120631). Non-security issues fixed: - Made cleandeps jobs on patterns work (bsc#1137977). - Fixed an issue multiversion packages that obsolete their own name (bsc#1127155). - Keep consistent package name if there are multiple alternatives (bsc#1131823). libzypp received following fixes: - Fixes a bug where locking the kernel was not possible (bsc#1113296) zypper received following fixes: - Fixes a bug where the wrong exit code was set when refreshing repos if --root was used (bsc#1134226) - Improved the displaying of locks (bsc#1112911) - Fixes an issue where `https` repository urls caused an error prompt to appear twice (bsc#1110542) - zypper will now always warn when no repositories are defined (bsc#1109893) Moderate SUSE bug 1109893 SUSE bug 1110542 SUSE bug 1111319 SUSE bug 1112911 SUSE bug 1113296 SUSE bug 1120629 SUSE bug 1120630 SUSE bug 1120631 SUSE bug 1127155 SUSE bug 1131823 SUSE bug 1134226 SUSE bug 1137977 CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for cronie fixes the following issues: Security issues fixed: - CVE-2019-9704: Fixed an insufficient check in the return value of calloc which could allow a local user to create Denial of Service by crashing the deamon (bsc#1128937). - CVE-2019-9705: Fixed an implementation vulnerability which could allow a local user to exhaust the memory resulting in Denial of Service (bsc#1128935). Bug fixes: - Manual start of cron is possible even when it's already started using systemd (bsc#1133100). - Cron schedules only one job of crontab (bsc#1130746). Low SUSE bug 1128935 SUSE bug 1128937 SUSE bug 1130746 SUSE bug 1133100 CVE-2019-9704 CVE-2019-9705 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libraw fixes the following issues: Security issues fixed: - CVE-2018-5808: Fixed a stack-based buffer overflow and code execution vulnerability in find_green() function internal/dcraw_common.cpp (bsc#1118894). - CVE-2018-5805: Fixed a boundary error within the quicktake_100_load_raw function (bsc#1097973) - CVE-2018-5806: Fixed a a NULL pointer dereference in the leaf_hdr_load_raw function (bsc#1097974) Moderate SUSE bug 1097973 SUSE bug 1097974 SUSE bug 1118894 CVE-2018-5805 CVE-2018-5806 CVE-2018-5808 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5436: Fixed a heap buffer overflow in tftp_receive_packet() (bsc#1135170). Important SUSE bug 1135170 CVE-2019-5436 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for ImageMagick fixes the following issues: - CVE-2019-13301: Fixed a memory leak in AcquireMagickMemory() (bsc#1140554). - CVE-2019-13310: Fixed a memory leak at AcquireMagickMemory because of an error in MagickWand/mogrify.c (bsc#1140501). - CVE-2019-13311: Fixed a memory leak at AcquireMagickMemory because of a wand/mogrify.c error (bsc#1140513). - CVE-2019-13454: Fixed a division by zero in RemoveDuplicateLayers in MagickCore/layer.c (bsc#1141171). - CVE-2019-13295: Fixed a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage (bsc#1140664). - CVE-2019-13297: Fixed a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage (bsc#1140666). - CVE-2019-12979: Fixed the use of uninitialized values in SyncImageSettings() (bsc#1139886). - CVE-2019-13391: Fixed a heap-based buffer over-read in MagickCore/fourier.c (bsc#1140673). - CVE-2019-13308: Fixed a heap-based buffer overflow in MagickCore/fourier.c (bsc#1140534). - CVE-2019-13300: Fixed a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages (bsc#1140669). - CVE-2019-13307: Fixed a heap-based buffer overflow at MagickCore/statistic.c (bsc#1140538). - CVE-2019-12975: Fixed a memory leak in the WriteDPXImage() in coders/dpx.c (bsc#1140106). - CVE-2019-13135: Fixed the use of uninitialized values in ReadCUTImage() (bsc#1140103). - CVE-2019-12978: Fixed the use of uninitialized values in ReadPANGOImage() (bsc#1139885). - CVE-2019-12974: Fixed a NULL pointer dereference in the ReadPANGOImage() (bsc#1140111). - CVE-2019-13133: Fixed a memory leak in the ReadBMPImage() (bsc#1140100). - CVE-2019-13134: Fixed a memory leak in the ReadVIFFImage() (bsc#1140102). - CVE-2019-12976: Fixed a memory leak in the ReadPCLImage() in coders/pcl.c(bsc#1140110). Moderate SUSE bug 1139885 SUSE bug 1139886 SUSE bug 1140100 SUSE bug 1140102 SUSE bug 1140103 SUSE bug 1140106 SUSE bug 1140110 SUSE bug 1140111 SUSE bug 1140501 SUSE bug 1140513 SUSE bug 1140534 SUSE bug 1140538 SUSE bug 1140554 SUSE bug 1140664 SUSE bug 1140666 SUSE bug 1140669 SUSE bug 1140673 SUSE bug 1141171 CVE-2019-12974 CVE-2019-12975 CVE-2019-12976 CVE-2019-12978 CVE-2019-12979 CVE-2019-13133 CVE-2019-13134 CVE-2019-13135 CVE-2019-13295 CVE-2019-13297 CVE-2019-13300 CVE-2019-13301 CVE-2019-13307 CVE-2019-13308 CVE-2019-13310 CVE-2019-13311 CVE-2019-13391 CVE-2019-13454 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for bzip2 fixes the following issues: - Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors (bsc#1139083). Important SUSE bug 1139083 CVE-2019-12900 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for openexr fixes the following issues: - CVE-2017-14988: Fixed a denial of service in Header::readfrom() (bsc#1061305). Moderate SUSE bug 1061305 CVE-2017-14988 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for java-1_7_0-openjdk to version 7u231 fixes the following issues: Security issues fixed: - CVE_2019-2426: Improve web server connections (bsc#1134297). - CVE-2019-2745: Improved ECC Implementation (bsc#1141784). - CVE-2019-2762: Exceptional throw cases (bsc#1141782). - CVE-2019-2766: Improve file protocol handling (bsc#1141789). - CVE-2019-2769: Better copies of CopiesList (bsc#1141783). - CVE-2019-2786: More limited privilege usage (bsc#1141787). - CVE-2019-2816: Normalize normalization (bsc#1141785). - CVE-2019-2842: Extended AES support (bsc#1141786). - CVE-2019-7317: Improve PNG support (bsc#1141780). - CVE-2018-3639: fix revision to prefer PR_SPEC_DISABLE_NOEXEC to PR_SPEC_DISABLE (bsc#1087082). - Certificate validation improvements Important SUSE bug 1087082 SUSE bug 1134297 SUSE bug 1141780 SUSE bug 1141782 SUSE bug 1141783 SUSE bug 1141784 SUSE bug 1141785 SUSE bug 1141786 SUSE bug 1141787 SUSE bug 1141789 CVE-2018-3639 CVE-2019-2426 CVE-2019-2745 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-2842 CVE-2019-7317 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for polkit fixes the following issues: Security issue fixed: - CVE-2019-6133: Fixed improper caching of auth decisions, which could bypass uid checking in the interactive backend (bsc#1121826). Important SUSE bug 1121826 CVE-2019-6133 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for java-1_8_0-openjdk to version 8u222 fixes the following issues: Security issues fixed: - CVE-2019-2745: Improved ECC Implementation (bsc#1141784). - CVE-2019-2762: Exceptional throw cases (bsc#1141782). - CVE-2019-2766: Improve file protocol handling (bsc#1141789). - CVE-2019-2769: Better copies of CopiesList (bsc#1141783). - CVE-2019-2786: More limited privilege usage (bsc#1141787). - CVE-2019-2816: Normalize normalization (bsc#1141785). - CVE-2019-2842: Extended AES support (bsc#1141786). - CVE-2019-7317: Improve PNG support (bsc#1141780). - Certificate validation improvements Non-security issue fixed: - Fixed an issue where the installation failed when the manpages are not present (bsc#1115375) Important SUSE bug 1115375 SUSE bug 1141780 SUSE bug 1141782 SUSE bug 1141783 SUSE bug 1141784 SUSE bug 1141785 SUSE bug 1141786 SUSE bug 1141787 SUSE bug 1141789 CVE-2019-2745 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-2842 CVE-2019-7317 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for python3 fixes the following issues: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). - CVE-2018-14647: Fixed a denial of service vulnerability caused by a crafted XML document (bsc#1109847). - CVE-2018-1000802: Fixed a command injection in the shutil module (bsc#1109663). Important SUSE bug 1109663 SUSE bug 1109847 SUSE bug 1138459 CVE-2018-1000802 CVE-2018-14647 CVE-2019-10160 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 The SUSE Linux Enterprise 12 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-20855: An issue was discovered in the Linux kernel In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace(bsc#1143045). - CVE-2019-1125: Exclude ATOMs from speculation through SWAPGS (bsc#1139358). - CVE-2019-14283: In the Linux kernel, set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It could be triggered by an unprivileged local user when a floppy disk was inserted. NOTE: QEMU creates the floppy device by default. (bnc#1143191) - CVE-2019-11810: An issue was discovered in the Linux kernel A NULL pointer dereference could occur when megasas_create_frame_pool() failed in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This caused a Denial of Service, related to a use-after-free (bnc#1134399). - CVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory was disabled, a local user could cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sent a crafted signal frame. (bnc#1142254) - CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel, a malicious USB device could send an HID report that triggered an out-of-bounds write during generation of debugging messages. (bnc#1142023) The following non-security bugs were fixed: - Correct the CVE and bug reference for a floppy security fix (CVE-2019-14284,bsc#1143189) A dedicated CVE was already assigned - acpi/nfit: Always dump _DSM output payload (bsc#1142351). - Add back sibling paca poiter to paca (bsc#1055117). - Add support for crct10dif-vpmsum (). - af_unix: remove redundant lockdep class (git-fixes). - alsa: compress: Be more restrictive about when a drain is allowed (bsc#1051510). - alsa: compress: Do not allow paritial drain operations on capture streams (bsc#1051510). - alsa: compress: Fix regression on compressed capture streams (bsc#1051510). - alsa: compress: Prevent bypasses of set_params (bsc#1051510). - alsa: hda - Add a conexant codec entry to let mute led work (bsc#1051510). - alsa: hda/realtek: apply ALC891 headset fixup to one Dell machine (bsc#1051510). - alsa: hda/realtek - Fixed Headphone Mic can't record on Dell platform (bsc#1051510). - alsa: hda/realtek - Headphone Mic can't record after S3 (bsc#1051510). - alsa: line6: Fix a typo (bsc#1051510). - alsa: line6: Fix wrong altsetting for LINE6_PODHD500_1 (bsc#1051510). - alsa: seq: Break too long mutex context in the write loop (bsc#1051510). - alsa: usb-audio: Add quirk for Focusrite Scarlett Solo (bsc#1051510). - alsa: usb-audio: Add quirk for MOTU MicroBook II (bsc#1051510). - alsa: usb-audio: Cleanup DSD whitelist (bsc#1051510). - alsa: usb-audio: Enable .product_name override for Emagic, Unitor 8 (bsc#1051510). - alsa: usb-audio: Sanity checks for each pipe and EP types (bsc#1051510). - asoc : cs4265 : readable register too low (bsc#1051510). - asoc: max98090: remove 24-bit format support if RJ is 0 (bsc#1051510). - asoc: soc-pcm: BE dai needs prepare when pause release after resume (bsc#1051510). - ath6kl: add some bounds checking (bsc#1051510). - batman-adv: fix for leaked TVLV handler (bsc#1051510). - bcache: acquire bch_register_lock later in cached_dev_detach_finish() (bsc#1140652). - bcache: acquire bch_register_lock later in cached_dev_free() (bsc#1140652). - bcache: add code comments for journal_read_bucket() (bsc#1140652). - bcache: Add comments for blkdev_put() in registration code path (bsc#1140652). - bcache: add comments for closure_fn to be called in closure_queue() (bsc#1140652). - bcache: add comments for kobj release callback routine (bsc#1140652). - bcache: add comments for mutex_lock(&b->write_lock) (bsc#1140652). - bcache: add error check for calling register_bdev() (bsc#1140652). - bcache: add failure check to run_cache_set() for journal replay (bsc#1140652). - bcache: add io error counting in write_bdev_super_endio() (bsc#1140652). - bcache: add more error message in bch_cached_dev_attach() (bsc#1140652). - bcache: add pendings_cleanup to stop pending bcache device (bsc#1140652). - bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652). - bcache: add return value check to bch_cached_dev_run() (bsc#1140652). - bcache: avoid a deadlock in bcache_reboot() (bsc#1140652). - bcache: avoid clang -Wunintialized warning (bsc#1140652). - bcache: avoid flushing btree node in cache_set_flush() if io disabled (bsc#1140652). - bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE bit in bch_journal() (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE in allocator code (bsc#1140652). - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush() (bsc#1140652). - bcache: Clean up bch_get_congested() (bsc#1140652). - bcache: destroy dc->writeback_write_wq if failed to create dc->writeback_thread (bsc#1140652). - bcache: do not assign in if condition in bcache_device_init() (bsc#1140652). - bcache: do not set max writeback rate if gc is running (bsc#1140652). - bcache: fix a race between cache register and cacheset unregister (bsc#1140652). - bcache: fix crashes stopping bcache device before read miss done (bsc#1140652). - bcache: fix failure in journal relplay (bsc#1140652). - bcache: fix inaccurate result of unused buckets (bsc#1140652). - bcache: fix mistaken sysfs entry for io_error counter (bsc#1140652). - bcache: fix potential deadlock in cached_def_free() (bsc#1140652). - bcache: fix race in btree_flush_write() (bsc#1140652). - bcache: fix return value error in bch_journal_read() (bsc#1140652). - bcache: fix stack corruption by PRECEDING_KEY() (bsc#1140652). - bcache: fix wrong usage use-after-freed on keylist in out_nocoalesce branch of btree_gc_coalesce (bsc#1140652). - bcache: ignore read-ahead request failure on backing device (bsc#1140652). - bcache: improve bcache_reboot() (bsc#1140652). - bcache: improve error message in bch_cached_dev_run() (bsc#1140652). - bcache: make bset_search_tree() be more understandable (bsc#1140652). - bcache: make is_discard_enabled() static (bsc#1140652). - bcache: more detailed error message to bcache_device_link() (bsc#1140652). - bcache: move definition of 'int ret' out of macro read_bucket() (bsc#1140652). - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() (bsc#1140652). - bcache: only clear BTREE_NODE_dirty bit when it is set (bsc#1140652). - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1140652). - bcache: performance improvement for btree_flush_write() (bsc#1140652). - bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652). - bcache: remove retry_flush_write from struct cache_set (bsc#1140652). - bcache: remove unncessary code in bch_btree_keys_init() (bsc#1140652). - bcache: remove unnecessary prefetch() in bset_search_tree() (bsc#1140652). - bcache: remove 'XXX:' comment line from run_cache_set() (bsc#1140652). - bcache: return error immediately in bch_journal_replay() (bsc#1140652). - bcache: Revert 'bcache: fix high CPU occupancy during journal' (bsc#1140652). - bcache: Revert 'bcache: free heap cache_set->flush_btree in bch_journal_free' (bsc#1140652). - bcache: set largest seq to ja->seq[bucket_index] in journal_read_bucket() (bsc#1140652). - bcache: shrink btree node cache after bch_btree_check() (bsc#1140652). - bcache: stop writeback kthread and kworker when bch_cached_dev_run() failed (bsc#1140652). - bcache: use sysfs_match_string() instead of __sysfs_match_string() (bsc#1140652). - be2net: Fix number of Rx queues used for flow hashing (networking-stable-19_06_18). - be2net: Signal that the device cannot transmit during reconfiguration (bsc#1127315). - be2net: Synchronize be_update_queues with dev_watchdog (bsc#1127315). - block, bfq: NULL out the bic when it's no longer valid (bsc#1142359). - bnx2x: Prevent load reordering in tx completion processing (bsc#1142868). - bnxt_en: Fix aggregation buffer leak under OOM condition (networking-stable-19_05_31). - bonding: fix arp_validate toggling in active-backup mode (networking-stable-19_05_14). - bonding: Force slave speed check after link state recovery for 802.3ad (bsc#1137584). - bpf, x64: fix stack layout of JITed bpf code (bsc#1083647). - bpf, x64: save 5 bytes in prologue when ebpf insns came from cbpf (bsc#1083647). - bridge: Fix error path for kobject_init_and_add() (networking-stable-19_05_14). - btrfs: fix race between block group removal and block group allocation (bsc#1143003). - cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() (bsc#1141478). - clk: qcom: Fix -Wunused-const-variable (bsc#1051510). - clk: rockchip: Do not yell about bad mmc phases when getting (bsc#1051510). - clk: tegra210: fix PLLU and PLLU_OUT1 (bsc#1051510). - cpufreq: acpi-cpufreq: Report if CPU does not support boost technologies (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix initial command check (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency (bsc#1051510). - cpufreq: check if policy is inactive early in __cpufreq_get() (bsc#1051510). - cpufreq: kirkwood: fix possible object reference leak (bsc#1051510). - cpufreq/pasemi: fix possible object reference leak (bsc#1051510). - cpufreq: pmac32: fix possible object reference leak (bsc#1051510). - cpufreq: ppc_cbe: fix possible object reference leak (bsc#1051510). - cpufreq: Use struct kobj_attribute instead of struct global_attr (bsc#1051510). - crypto: arm64/sha1-ce - correct digest for empty data in finup (bsc#1051510). - crypto: arm64/sha2-ce - correct digest for empty data in finup (bsc#1051510). - crypto: ccp - Fix 3DES complaint from ccp-crypto module (bsc#1051510). - crypto: ccp - fix AES CFB error exposed by new test vectors (bsc#1051510). - crypto: ccp - Fix SEV_VERSION_GREATER_OR_EQUAL (bsc#1051510). - crypto: ccp/gcm - use const time tag comparison (bsc#1051510). - crypto: ccp - memset structure fields to zero before reuse (bsc#1051510). - crypto: ccp - Validate the the error value used to index error messages (bsc#1051510). - crypto: chacha20poly1305 - fix atomic sleep when using async algorithm (bsc#1051510). - crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe (bsc#1051510). - crypto: ghash - fix unaligned memory access in ghash_setkey() (bsc#1051510). - crypto: talitos - Align SEC1 accesses to 32 bits boundaries (bsc#1051510). - crypto: talitos - check data blocksize in ablkcipher (bsc#1051510). - crypto: talitos - fix CTR alg blocksize (bsc#1051510). - crypto: talitos - fix max key size for sha384 and sha512 (bsc#1051510). - crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking (bsc#1051510). - crypto: talitos - properly handle split ICV (bsc#1051510). - crypto: talitos - reduce max key size for SEC1 (bsc#1051510). - crypto: talitos - rename alternative AEAD algos (bsc#1051510). - dasd_fba: Display '00000000' for zero page when dumping sense (bsc#1123080). - dmaengine: hsu: Revert 'set HSU_CH_MTSR to memory width' (bsc#1051510). - dpaa_eth: fix SG frame cleanup (networking-stable-19_05_14). - drm/meson: Add support for XBGR8888 & ABGR8888 formats (bsc#1051510). - drm/msm/a3xx: remove TPL1 regs from snapshot (bsc#1051510). - drm/nouveau/i2c: Enable i2c pads & busses during preinit (bsc#1051510). - drm/rockchip: Properly adjust to a true clock in adjusted_mode (bsc#1051510). - e1000e: start network tx queue only when link is up (bsc#1051510). - ethtool: check the return value of get_regs_len (git-fixes). - ethtool: fix potential userspace buffer overflow (networking-stable-19_06_09). - Fix kABI for asus-wmi quirk_entry field addition (bsc#1051510). - Fix memory leak in sctp_process_init (networking-stable-19_06_09). - fork, memcg: fix cached_stacks case (bsc#1134097). - fork, memcg: fix crash in free_thread_stack on memcg charge fail (bsc#1134097). - hid: wacom: correct touch resolution x/y typo (bsc#1051510). - hid: wacom: generic: Correct pad syncing (bsc#1051510). - hid: wacom: generic: only switch the mode on devices with LEDs (bsc#1051510). - hid: wacom: generic: read HID_DG_CONTACTMAX from any feature report (bsc#1051510). - input: elantech - enable middle button support on 2 ThinkPads (bsc#1051510). - input: imx_keypad - make sure keyboard can always wake up system (bsc#1051510). - input: psmouse - fix build error of multiple definition (bsc#1051510). - input: synaptics - enable SMBUS on T480 thinkpad trackpad (bsc#1051510). - input: tm2-touchkey - acknowledge that setting brightness is a blocking call (bsc#1129770). - intel_th: msu: Fix single mode with disabled IOMMU (bsc#1051510). - ipv4: Fix raw socket lookup for local traffic (networking-stable-19_05_14). - ipv4/igmp: fix another memory leak in igmpv3_del_delrec() (networking-stable-19_05_31). - ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST (networking-stable-19_05_31). - ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop (git-fixes). - ipv6: Consider sk_bound_dev_if when binding a raw socket to an address (networking-stable-19_05_31). - ipv6: fix EFAULT on sendto with icmpv6 and hdrincl (networking-stable-19_06_09). - ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero (networking-stable-19_06_18). - ipv6: use READ_ONCE() for inet->hdrincl as in ipv4 (networking-stable-19_06_09). - kbuild: use -flive-patching when CONFIG_LIVEPATCH is enabled (bsc#1071995). - kernel: jump label transformation performance (bsc#1137534 bsc#1137535 LTC#178058 LTC#178059). - kvm: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots (bsc#1133021). - kvm: arm/arm64: vgic-its: Take the srcu lock when writing to guest memory (bsc#1133021). - kvm: fix Guest installation fails by 'Invalid value '0-31' for 'cpuset.cpus': Invalid argument' (bsc#1143507) - kvm: mmu: Fix overflow on kvm mmu page limit calculation (bsc#1135335). - kvm/mmu: kABI fix for *_mmu_pages changes in struct kvm_arch (bsc#1135335). - kvm: polling: add architecture backend to disable polling (bsc#1119222). - kvm: s390: change default halt poll time to 50us (bsc#1119222). - kvm: s390: enable CONFIG_HAVE_KVM_NO_POLL (bsc#1119222) We need to enable CONFIG_HAVE_KVM_NO_POLL for bsc#1119222 - kvm: s390: fix typo in parameter description (bsc#1119222). - kvm: s390: kABI Workaround for 'kvm_vcpu_stat' Add halt_no_poll_steal to kvm_vcpu_stat. Hide it from the kABI checker. - kvm: s390: kABI Workaround for 'lowcore' (bsc#1119222). - kvm: s390: provide kvm_arch_no_poll function (bsc#1119222). - kvm: svm/avic: Do not send AVIC doorbell to self (bsc#1140133). - kvm: SVM: Fix detection of AMD Errata 1096 (bsc#1142354). - lapb: fixed leak of control-blocks (networking-stable-19_06_18). - lib: fix stall in __bitmap_parselist() (bsc#1051510). - libnvdimm/namespace: Fix label tracking error (bsc#1142350). - lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE (bsc#1051510). - livepatch: Remove duplicate warning about missing reliable stacktrace support (bsc#1071995). - livepatch: Use static buffer for debugging messages under rq lock (bsc#1071995). - llc: fix skb leak in llc_build_and_send_ui_pkt() (networking-stable-19_05_31). - media: cpia2_usb: first wake up, then free in disconnect (bsc#1135642). - media: marvell-ccic: fix DMA s/g desc number calculation (bsc#1051510). - media: s5p-mfc: Make additional clocks optional (bsc#1051510). - media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom() (bsc#1051510). - media: vivid: fix incorrect assignment operation when setting video mode (bsc#1051510). - mei: bus: need to unlink client before freeing (bsc#1051510). - mei: me: add denverton innovation engine device IDs (bsc#1051510). - mei: me: add gemini lake devices id (bsc#1051510). - memory: tegra: Fix integer overflow on tick value calculation (bsc#1051510). - memstick: Fix error cleanup path of memstick_init (bsc#1051510). - mfd: intel-lpss: Release IDA resources (bsc#1051510). - mmc: sdhci-pci: Try 'cd' for card-detect lookup before using NULL (bsc#1051510). - mm: migrate: Fix reference check race between __find_get_block() and migration (bnc#1137609). - mm/nvdimm: add is_ioremap_addr and use that to check ioremap address (bsc#1140322 LTC#176270). - mm, page_alloc: fix has_unmovable_pages for HugePages (bsc#1127034). - mm: replace all open encodings for NUMA_NO_NODE (bsc#1140322 LTC#176270). - neigh: fix use-after-free read in pneigh_get_next (networking-stable-19_06_18). - net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142112 bsc#1142221 LTC#179334 LTC#179332). - net: avoid weird emergency message (networking-stable-19_05_21). - net: fec: fix the clk mismatch in failed_reset path (networking-stable-19_05_31). - netfilter: conntrack: fix calculation of next bucket number in early_drop (git-fixes). - net-gro: fix use-after-free read in napi_gro_frags() (networking-stable-19_05_31). - net/mlx4_core: Change the error print to info print (networking-stable-19_05_21). - net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_06_09). - net/mlx5: Allocate root ns memory using kzalloc to match kfree (networking-stable-19_05_31). - net/mlx5: Avoid double free in fs init error unwinding path (networking-stable-19_05_31). - net: mvneta: Fix err code path of probe (networking-stable-19_05_31). - net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value (networking-stable-19_05_31). - net: openvswitch: do not free vport if register_netdevice() is failed (networking-stable-19_06_18). - net/packet: fix memory leak in packet_set_ring() (git-fixes). - net: rds: fix memory leak in rds_ib_flush_mr_pool (networking-stable-19_06_09). - net: seeq: fix crash caused by not set dev.parent (networking-stable-19_05_14). - net: stmmac: fix reset gpio free missing (networking-stable-19_05_31). - net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions (networking-stable-19_05_21). - nvme: fix memory leak caused by incorrect subsystem free (bsc#1143185). - ocfs2: add first lock wait time in locking_state (bsc#1134390). - ocfs2: add last unlock times in locking_state (bsc#1134390). - ocfs2: add locking filter debugfs file (bsc#1134390). - packet: Fix error path in packet_init (networking-stable-19_05_14). - packet: in recvmsg msg_name return at least sizeof sockaddr_ll (git-fixes). - pci: Always allow probing with driver_override (bsc#1051510). - pci: hv: Add hv_pci_remove_slots() when we unload the driver (bsc#1142701). - pci: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary (bsc#1142701). - pci: hv: Fix a memory leak in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix a use-after-free bug in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix return value check in hv_pci_assign_slots() (bsc#1142701). - pci: hv: Remove unused reason for refcount handler (bsc#1142701). - pci: hv: support reporting serial number as slot information (bsc#1142701). - pci: Return error if cannot probe VF (bsc#1051510). - pkey: Indicate old mkvp only if old and current mkvp are different (bsc#1137827 LTC#178090). - pktgen: do not sleep with the thread lock held (git-fixes). - platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ (bsc#1051510). - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510). - platform/x86: intel_turbo_max_3: Remove restriction for HWP platforms (jsc#SLE-5439). - platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to critclk_systems DMI table (bsc#1051510). - powerpc/64s: Remove POWER9 DD1 support (bsc#1055117, LTC#159753, git-fixes). - powerpc/crypto: Use cheaper random numbers for crc-vpmsum self-test (). - powerpc/mm: Change function prototype (bsc#1055117). - powerpc/mm: Consolidate numa_enable check and min_common_depth check (bsc#1140322 LTC#176270). - powerpc/mm/drconf: Use NUMA_NO_NODE on failures instead of node 0 (bsc#1140322 LTC#176270). - powerpc/mm: Fix node look up with numa=off boot (bsc#1140322 LTC#176270). - powerpc/mm/hugetlb: Update huge_ptep_set_access_flags to call __ptep_set_access_flags directly (bsc#1055117). - powerpc/mm/radix: Change pte relax sequence to handle nest MMU hang (bsc#1055117). - powerpc/mm/radix: Move function from radix.h to pgtable-radix.c (bsc#1055117). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945 bsc#1141401 bsc#1141402 bsc#1141452 bsc#1141453 bsc#1141454 LTC#178983 LTC#179191 LTC#179192 LTC#179193 LTC#179194 LTC#179195). - ppp: deflate: Fix possible crash in deflate_init (networking-stable-19_05_21). - rds: ib: fix 'passing zero to ERR_PTR()' warning (git-fixes). - Revert 'bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error()' (bsc#1140652). - Revert 'e1000e: fix cyclic resets at link up with active tx' (bsc#1051510). - Revert 'livepatch: Remove reliable stacktrace check in klp_try_switch_task()' (bsc#1071995). - Revert 'serial: 8250: Do not service RX FIFO if interrupts are disabled' (bsc#1051510). - rtnetlink: always put IFLA_LINK for links with a link-netnsid (networking-stable-19_05_21). - s390/qeth: be drop monitor friendly (bsc#1142220 LTC#179335). - s390/vtime: steal time exponential moving average (bsc#1119222). - scripts/git_sort/git_sort.py: Add mmots tree. - scsi: ibmvfc: fix WARN_ON during event pool release (bsc#1137458 LTC#178093). - sctp: Free cookie before we memdup a new one (networking-stable-19_06_18). - sctp: silence warns on sctp_stream_init allocations (bsc#1083710). - serial: uartps: Do not add a trailing semicolon to macro (bsc#1051510). - serial: uartps: Fix long line over 80 chars (bsc#1051510). - serial: uartps: Fix multiple line dereference (bsc#1051510). - serial: uartps: Remove useless return from cdns_uart_poll_put_char (bsc#1051510). - staging: comedi: amplc_pci230: fix null pointer deref on interrupt (bsc#1051510). - staging: comedi: dt282x: fix a null pointer deref on interrupt (bsc#1051510). - staging: rtl8712: reduce stack usage, again (bsc#1051510). - sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg (networking-stable-19_06_18). - tcp: reduce tcp_fastretrans_alert() verbosity (git-fixes). - team: Always enable vlan tx offload (bsc#1051510). - tty: rocket: fix incorrect forward declaration of 'rp_init()' (bsc#1051510). - tty: serial_core: Set port active bit in uart_port_activate (bsc#1051510). - tty: serial: cpm_uart - fix init when SMC is relocated (bsc#1051510). - tuntap: synchronize through tfiles array instead of tun->numqueues (networking-stable-19_05_14). - usb: gadget: ether: Fix race between gether_disconnect and rx_submit (bsc#1051510). - usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i] (bsc#1051510). - usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC (bsc#1051510). - usb: pci-quirks: Correct AMD PLL quirk detection (bsc#1051510). - usb: serial: ftdi_sio: add ID for isodebug v1 (bsc#1051510). - usb: serial: option: add support for GosunCn ME3630 RNDIS mode (bsc#1051510). - vmci: Fix integer overflow in VMCI handle arrays (bsc#1051510). - vsock/virtio: free packets during the socket release (networking-stable-19_05_21). - vsock/virtio: set SOCK_DONE on peer shutdown (networking-stable-19_06_18). - wil6210: fix potential out-of-bounds read (bsc#1051510). - x86, mm: fix fast GUP with hyper-based TLB flushing (VM Functionality, bsc#1140903). - xen: let alloc_xenballooned_pages() fail if not enough memory free (bsc#1142450 XSA-300). - xfs: do not overflow xattr listent buffer (bsc#1143105). Important SUSE bug 1051510 SUSE bug 1055117 SUSE bug 1071995 SUSE bug 1083647 SUSE bug 1083710 SUSE bug 1102247 SUSE bug 1111666 SUSE bug 1119222 SUSE bug 1123080 SUSE bug 1127034 SUSE bug 1127315 SUSE bug 1129770 SUSE bug 1130972 SUSE bug 1133021 SUSE bug 1134097 SUSE bug 1134390 SUSE bug 1134399 SUSE bug 1135335 SUSE bug 1135642 SUSE bug 1136896 SUSE bug 1137458 SUSE bug 1137534 SUSE bug 1137535 SUSE bug 1137584 SUSE bug 1137609 SUSE bug 1137811 SUSE bug 1137827 SUSE bug 1139358 SUSE bug 1140133 SUSE bug 1140139 SUSE bug 1140322 SUSE bug 1140652 SUSE bug 1140887 SUSE bug 1140888 SUSE bug 1140889 SUSE bug 1140891 SUSE bug 1140893 SUSE bug 1140903 SUSE bug 1140945 SUSE bug 1140954 SUSE bug 1140955 SUSE bug 1140956 SUSE bug 1140957 SUSE bug 1140958 SUSE bug 1140959 SUSE bug 1140960 SUSE bug 1140961 SUSE bug 1140962 SUSE bug 1140964 SUSE bug 1140971 SUSE bug 1140972 SUSE bug 1140992 SUSE bug 1141401 SUSE bug 1141402 SUSE bug 1141452 SUSE bug 1141453 SUSE bug 1141454 SUSE bug 1141478 SUSE bug 1142023 SUSE bug 1142112 SUSE bug 1142220 SUSE bug 1142221 SUSE bug 1142254 SUSE bug 1142350 SUSE bug 1142351 SUSE bug 1142354 SUSE bug 1142359 SUSE bug 1142450 SUSE bug 1142701 SUSE bug 1142868 SUSE bug 1143003 SUSE bug 1143045 SUSE bug 1143105 SUSE bug 1143185 SUSE bug 1143189 SUSE bug 1143191 SUSE bug 1143507 CVE-2018-20855 CVE-2019-1125 CVE-2019-11810 CVE-2019-13631 CVE-2019-13648 CVE-2019-14283 CVE-2019-14284 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for evince fixes the following issues: Security issues fixed: - CVE-2019-11459: Fixed an improper error handling in which could have led to use of uninitialized use of memory (bsc#1133037). - CVE-2019-1010006: Fixed a buffer overflow in backend/tiff/tiff-document.c (bsc#1141619). Important SUSE bug 1133037 SUSE bug 1141619 CVE-2019-1010006 CVE-2019-11459 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for tcpdump fixes the following issues: Security issues fixed: - CVE-2019-1010220: Fixed a buffer over-read in print_prefix() which may expose data (bsc#1142439). - CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print() and lookup_emem() (bsc#1068716). Moderate SUSE bug 1068716 SUSE bug 1142439 CVE-2017-16808 CVE-2019-1010220 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for rsyslog fixes the following issues: Security issue fixed: - CVE-2018-16881: Fixed a denial of service when both the imtcp module and Octet-Counted TCP Framing is enabled (bsc#1123164). Important SUSE bug 1123164 CVE-2018-16881 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for python fixes the following issues: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853). Important SUSE bug 1138459 SUSE bug 1141853 CVE-2018-20852 CVE-2019-10160 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for wireshark to version 2.4.16 fixes the following issues: Security issue fixed: - CVE-2019-13619: ASN.1 BER and related dissectors crash (bsc#1141980). Moderate SUSE bug 1141980 CVE-2019-13619 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for mariadb-100 to version 10.0.38 fixes the following issues: - CVE-2019-2537: Fixed a denial of service vulnerability which can lead to MySQL compromise (bsc#1136037). - CVE-2019-2529: Fixed a denial of service vulnerability by an privileged attacker via a protocol compromise (bsc#1136037). Important SUSE bug 1136037 CVE-2019-2529 CVE-2019-2537 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for openjpeg2 fixes the following issues: Security issue fixed: - CVE-2016-1923: Fixed anout of bounds read int opj_j2k_update_image_data() and opj_tgt_reset () (bsc#962522). Moderate SUSE bug 962522 CVE-2016-1923 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for NetworkManager fixes the following issues: Security issue fixed: - Fixed that passwords are not echoed on terminal when asking for them (bsc#990204). Low SUSE bug 990204 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for perl fixes the following issues: Security issue fixed: - CVE-2018-18311: Fixed integer overflow with oversize environment (bsc#1114674). Important SUSE bug 1114674 CVE-2018-18311 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libsolv, libzypp and zypper fixes the following issues: libsolv was updated to version 0.6.36 and fixes the following issues: Security issues fixed: - CVE-2018-20532: Fixed a NULL pointer dereference in testcase_read() (bsc#1120629). - CVE-2018-20533: Fixed a NULL pointer dereference in testcase_str2dep_complex() (bsc#1120630). - CVE-2018-20534: Fixed a NULL pointer dereference in pool_whatprovides() (bsc#1120631). Non-security issues fixed: - Made cleandeps jobs on patterns work (bsc#1137977). - Fixed an issue multiversion packages that obsolete their own name (bsc#1127155). - Keep consistent package name if there are multiple alternatives (bsc#1131823). Fixes for libzypp: - Fixes a bug where locking the kernel was not possible (bsc#1113296) - Fixes a file descriptor leak (bsc#1116995) - Will now run file conflict check on dry-run (best with download-only) (bsc#1140039) Fixes for zypper: - Fixes a bug where the wrong exit code was set when refreshing repos if --root was used (bsc#1134226) - Improved the displaying of locks (bsc#1112911) - Fixes an issue where `https` repository urls caused an error prompt to appear twice (bsc#1110542) - zypper will now always warn when no repositories are defined (bsc#1109893) - Fixes bash completion option detection (bsc#1049825) Moderate SUSE bug 1049825 SUSE bug 1109893 SUSE bug 1110542 SUSE bug 1111319 SUSE bug 1112911 SUSE bug 1113296 SUSE bug 1116995 SUSE bug 1120629 SUSE bug 1120630 SUSE bug 1120631 SUSE bug 1127155 SUSE bug 1131823 SUSE bug 1134226 SUSE bug 1137977 SUSE bug 1140039 SUSE bug 1145521 CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner (bsc#1145092). Important SUSE bug 1145092 CVE-2019-10208 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for mariadb and mariadb-connector-c fixes the following issues: mariadb: - Update to version 10.2.25 (bsc#1136035) - CVE-2019-2628: Fixed a remote denial of service by an privileged attacker (bsc#1136035). - CVE-2019-2627: Fixed another remote denial of service by an privileged attacker (bsc#1136035). - CVE-2019-2614: Fixed a potential remote denial of service by an privileged attacker (bsc#1136035). - Fixed reading options for multiple instances if my${INSTANCE}.cnf is used (bsc#1132666). - Adjust mysql-systemd-helper ('shutdown protected MySQL' section) so it checks both ping response and the pid in a process list as it can take some time till the process is terminated. Otherwise it can lead to 'found left-over process' situation when regular mariadb is started (bsc#1143215). mariadb-connector-c: - Update to version 3.1.2 (bsc#1136035) - Moved libmariadb.pc from /usr/lib/pkgconfig to /usr/lib64/pkgconfig for x86_64 (bsc#1126088) Important SUSE bug 1126088 SUSE bug 1132666 SUSE bug 1136035 SUSE bug 1143215 CVE-2019-2614 CVE-2019-2627 CVE-2019-2628 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for webkit2gtk3 fixes the following issues: Updated to version 2.24.4 (bsc#1148931). Security issues fixed: - CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8669, CVE-2019-8678, CVE-2019-8680, CVE-2019-8683, CVE-2019-8684, CVE-2019-8688, CVE-2019-8595, CVE-2019-8607, CVE-2019-8615, CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690 Non-security issues fixed: - Improved loading of multimedia streams to avoid memory exhaustion due to excessive caching. - Updated the user agent string to make happy certain websites which would claim that the browser being used was unsupported. Important SUSE bug 1135715 SUSE bug 1148931 CVE-2019-8595 CVE-2019-8607 CVE-2019-8615 CVE-2019-8644 CVE-2019-8649 CVE-2019-8658 CVE-2019-8666 CVE-2019-8669 CVE-2019-8671 CVE-2019-8672 CVE-2019-8673 CVE-2019-8676 CVE-2019-8677 CVE-2019-8678 CVE-2019-8679 CVE-2019-8680 CVE-2019-8681 CVE-2019-8683 CVE-2019-8684 CVE-2019-8686 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for ghostscript fixes the following issues: Security issue fixed: - CVE-2019-10216: Fix privilege escalation via specially crafted PostScript file (bsc#1144621). Moderate SUSE bug 1144621 CVE-2019-10216 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794). - CVE-2019-12155: Security fix for null pointer dereference while releasing spice resources (bsc#1135902). - CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402). Bug fixes and enhancements: - Add vcpu features needed for Cascadelake-Server, Icelake-Client and Icelake-Server, especially the foundational arch-capabilities to help with security and performance on Intel hosts (bsc#1134880) (fate#327764). - Add support for one more security/performance related vcpu feature (bsc#1136777) (fate#327795). - Disable file locking in the Xen PV disk backend to avoid locking issues with PV domUs during migration. The issues triggered by the locking can not be properly handled in libxl. The locking introduced in qemu-2.10 was removed again in qemu-4.0 (bsc#1079730, bsc#1098403, bsc#1111025). - Ignore csske for expanding the cpu model (bsc#1136528). - Provide qcow2 L2 caching improvements, which allows for better storage performance in certain configurations (bsc#1139926, ECO-130). - Fixed virsh migrate-setspeed (bsc#1127077, bsc#1141043). Important SUSE bug 1079730 SUSE bug 1098403 SUSE bug 1111025 SUSE bug 1127077 SUSE bug 1134880 SUSE bug 1135902 SUSE bug 1136528 SUSE bug 1136777 SUSE bug 1139926 SUSE bug 1140402 SUSE bug 1141043 SUSE bug 1143794 CVE-2019-12155 CVE-2019-13164 CVE-2019-14378 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for ceph to version 12.2.12-594-g02236657ca fixes the following issues: Security issues fixed: - CVE-2018-16889: Fixed missing sanitation of customer encryption keys from log output in v4 auth. (bsc#1121567) Moderate SUSE bug 1121567 SUSE bug 1149961 CVE-2018-16889 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for curl fixes the following issues: Security issues fixed: - CVE-2019-5481: Fixed a double-free during kerberos FTP data transfer. (bsc#1149495) - CVE-2019-5482: Fixed a TFTP small block size heap buffer overflow (bsc#1149496). Important SUSE bug 1149495 SUSE bug 1149496 CVE-2019-5481 CVE-2019-5482 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for ibus fixes the following issues: Security issue fixed: - CVE-2019-14822: Fixed a misconfiguration of the DBus server that allowed an unprivileged user to monitor and send method calls to the ibus bus of another user. (bsc#1150011) Important SUSE bug 1150011 CVE-2019-14822 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2019-13565: Fixed ssf memory reuse that leads to incorrect authorization of another connection, granting excess connection rights (ssf) (bsc#1143194). - CVE-2019-13057: Fixed rootDN of a backend that may proxyauth incorrectly to another backend, violating multi-tenant isolation (bsc#1143273). Moderate SUSE bug 1143194 SUSE bug 1143273 CVE-2019-13057 CVE-2019-13565 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libreoffice to version 6.2.7.1 fixes the following issues: Security issues fixed: - CVE-2019-9849: Disabled fetching remote bullet graphics in 'stealth mode' (bsc#1141861). - CVE-2019-9848: Fixed an arbitrary script execution via LibreLogo (bsc#1141862). - CVE-2019-9851: Fixed LibreLogo global-event script execution issue (bsc#1146105). - CVE-2019-9852: Fixed insufficient URL encoding flaw in allowed script location check (bsc#1146107). - CVE-2019-9850: Fixed insufficient URL validation that allowed LibreLogo script execution (bsc#1146098). - CVE-2019-9854: Fixed unsafe URL assembly flaw (bsc#1149944). - CVE-2019-9855: Fixed path equivalence handling flaw (bsc#1149943) Non-security issue fixed: - SmartArt: Basic rendering of Trapezoid List (bsc#1133534) Moderate SUSE bug 1133534 SUSE bug 1141861 SUSE bug 1141862 SUSE bug 1146098 SUSE bug 1146105 SUSE bug 1146107 SUSE bug 1149943 SUSE bug 1149944 CVE-2019-9848 CVE-2019-9849 CVE-2019-9850 CVE-2019-9851 CVE-2019-9852 CVE-2019-9854 CVE-2019-9855 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for spice fixes the following issues: Security issue fixed: - CVE-2019-3813: Fixed a out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). Important SUSE bug 1122706 CVE-2019-3813 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following new features were implemented: - jsc#SLE-4875: [CML] New device IDs for CML - jsc#SLE-7294: Add cpufreq driver for Raspberry Pi - fate#322438: Integrate P9 XIVE support (on PowerVM only) - fate#322447: Add memory protection keys (MPK) support on POWER (on PowerVM only) - fate#322448, fate#321438: P9 hardware counter (performance counters) support (on PowerVM only) - fate#325306, fate#321840: Reduce memory required to boot capture kernel while using fadump - fate#326869: perf: pmu mem_load/store event support The following security bugs were fixed: - CVE-2017-18551: There was an out of bounds write in the function i2c_smbus_xfer_emulated. (bsc#1146163). - CVE-2018-20976: A use after free existed, related to xfs_fs_fill_super failure. (bsc#1146285) - CVE-2018-21008: A use-after-free can be caused by the function rsi_mac80211_detach (bsc#1149591). - CVE-2019-9456: In Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could have lead to local escalation of privilege with System execution privileges needed. (bsc#1150025 CVE-2019-9456). - CVE-2019-10207: Fix a NULL pointer dereference in hci_uart bluetooth driver (bsc#1142857 bsc#1123959). - CVE-2019-14814, CVE-2019-14815, CVE-2019-14816: Fix three heap-based buffer overflows in marvell wifi chip driver kernel, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code. (bnc#1146516) - CVE-2019-14835: Fix QEMU-KVM Guest to Host Kernel Escape. (bsc#1150112). - CVE-2019-15030, CVE-2019-15031: On the powerpc platform, a local user could read vector registers of other users' processes via an interrupt. (bsc#1149713) - CVE-2019-15090: In the qedi_dbg_* family of functions, there was an out-of-bounds read. (bsc#1146399) - CVE-2019-15098: USB driver net/wireless/ath/ath6kl/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor. (bsc#1146378). - CVE-2019-15099: drivers/net/wireless/ath/ath10k/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor. (bsc#1146368) - CVE-2019-15117: parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel mishandled a short descriptor, leading to out-of-bounds memory access. (bsc#1145920). - CVE-2019-15118: check_input_term in sound/usb/mixer.c in the Linux kernel mishandled recursion, leading to kernel stack exhaustion. (bsc#1145922). - CVE-2019-15211: There was a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c did not properly allocate memory. (bsc#1146519). - CVE-2019-15212: There was a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver. (bsc#1051510 bsc#1146391). - CVE-2019-15214: There was a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. (bsc#1146550) - CVE-2019-15215: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver. (bsc#1135642 bsc#1146425) - CVE-2019-15216: Fix a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. (bsc#1146361). - CVE-2019-15217: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. (bsc#1146547). - CVE-2019-15218: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver. (bsc#1051510 bsc#1146413) - CVE-2019-15219: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. (bsc#1146524) - CVE-2019-15220: There was a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver. (bsc#1146526) - CVE-2019-15221, CVE-2019-15222: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver. (bsc#1146529, bsc#1146531) - CVE-2019-15239: An incorrect backport of a certain net/ipv4/tcp_output.c fix allowed a local attacker to trigger multiple use-after-free conditions. This could result in a kernel crash, or potentially in privilege escalation. (bsc#1146589) - CVE-2019-15290: There was a NULL pointer dereference caused by a malicious USB device in the ath6kl_usb_alloc_urb_from_pipe function (bsc#1146543). - CVE-2019-15292: There was a use-after-free in atalk_proc_exit (bsc#1146678) - CVE-2019-15538: XFS partially wedged when a chgrp failed on account of being out of disk quota. This was primarily a local DoS attack vector, but it could result as well in remote DoS if the XFS filesystem was exported for instance via NFS. (bsc#1148032, bsc#1148093) - CVE-2019-15666: There was an out-of-bounds array access in __xfrm_policy_unlink, which would cause denial of service, because verify_newpolicy_info mishandled directory validation. (bsc#1148394). - CVE-2019-15902: A backporting error reintroduced the Spectre vulnerability that it aimed to eliminate. (bnc#1149376) - CVE-2019-15917: There was a use-after-free issue when hci_uart_register_dev() failed in hci_uart_set_proto() (bsc#1149539) - CVE-2019-15919: SMB2_write in fs/cifs/smb2pdu.c had a use-after-free. (bsc#1149552) - CVE-2019-15920: SMB2_read in fs/cifs/smb2pdu.c had a use-after-free. (bsc#1149626) - CVE-2019-15921: There was a memory leak issue when idr_alloc() failed (bsc#1149602) - CVE-2019-15924: Fix a NULL pointer dereference because there was no -ENOMEM upon an alloc_workqueue failure. (bsc#1149612). - CVE-2019-15926: Out of bounds access existed in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx (bsc#1149527) - CVE-2019-15927: An out-of-bounds access existed in the function build_audio_procunit (bsc#1149522) The following non-security bugs were fixed: - 9p/rdma: do not disconnect on down_interruptible EAGAIN (bsc#1051510). - 9p/rdma: remove useless check in cm_event_handler (bsc#1051510). - 9p/virtio: Add cleanup path in p9_virtio_init (bsc#1051510). - 9p/xen: Add cleanup path in p9_trans_xen_init (bsc#1051510). - 9p/xen: fix check for xenbus_read error in front_probe (bsc#1051510). - 9p: acl: fix uninitialized iattr access (bsc#1051510). - 9p: p9dirent_read: check network-provided name length (bsc#1051510). - 9p: pass the correct prototype to read_cache_page (bsc#1051510). - acpi/arm64: ignore 5.1 FADTs that are reported as 5.0 (bsc#1051510). - acpi/iort: Fix off-by-one check in iort_dev_find_its_id() (bsc#1051510). - acpi: PM: Fix regression in acpi_device_set_power() (bsc#1051510). - acpi: fix false-positive -Wuninitialized warning (bsc#1051510). - acpica: Increase total number of possible Owner IDs (bsc#1148859). - acpica: Increase total number of possible Owner IDs (bsc#1148859). - add some missing definitions (bsc#1144333). - address lock imbalance warnings in smbdirect.c (bsc#1144333). - af_key: fix leaks in key_pol_get_resp and dump_sp (bsc#1051510). - af_packet: Block execution of tasks waiting for transmit to complete in AF_PACKET (networking-stable-19_07_02). - alsa: firewire: fix a memory leak bug (bsc#1051510). - alsa: hda - Add a generic reboot_notify (bsc#1051510). - alsa: hda - Apply workaround for another AMD chip 1022:1487 (bsc#1051510). - alsa: hda - Do not override global PCM hw info flag (bsc#1051510). - alsa: hda - Fix a memory leak bug (bsc#1051510). - alsa: hda - Fix potential endless loop at applying quirks (bsc#1051510). - alsa: hda - Let all conexant codec enter D3 when rebooting (bsc#1051510). - alsa: hda - Workaround for crackled sound on AMD controller (1022:1457) (bsc#1051510). - alsa: hda/realtek - Fix overridden device-specific initialization (bsc#1051510). - alsa: hda/realtek - Fix the problem of two front mics on a ThinkCentre (bsc#1051510). - alsa: hda: kabi workaround for generic parser flag (bsc#1051510). - alsa: hiface: fix multiple memory leak bugs (bsc#1051510). - alsa: line6: Fix memory leak at line6_init_pcm() error path (bsc#1051510). - alsa: pcm: fix lost wakeup event scenarios in snd_pcm_drain (bsc#1051510). - alsa: seq: Fix potential concurrent access to the deleted pool (bsc#1051510). - alsa: usb-audio: Fix gpf in snd_usb_pipe_sanity_check (bsc#1051510). - arm64: KVM: Fix architecturally invalid reset value for FPEXC32_EL2 (bsc#1133021). - arm: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling (bsc#1133021). - arm: KVM: report support for SMCCC_ARCH_WORKAROUND_1 (bsc#1133021). - asoc: Fail card instantiation if DAI format setup fails (bsc#1051510). - asoc: dapm: Fix handling of custom_stop_condition on DAPM graph walks (bsc#1051510). - ata: libahci: do not complain in case of deferred probe (bsc#1051510). - batman-adv: Only read OGM tvlv_len after buffer len check (bsc#1051510). - batman-adv: Only read OGM2 tvlv_len after buffer len check (bsc#1051510). - batman-adv: fix uninit-value in batadv_netlink_get_ifindex() (bsc#1051510). - bcache: fix possible memory leak in bch_cached_dev_run() (git fixes). - bio: fix improper use of smp_mb__before_atomic() (git fixes). - blk-mq: Fix spelling in a source code comment (git fixes). - blk-mq: backport fixes for blk_mq_complete_e_request_sync() (bsc#1145661). - blk-mq: introduce blk_mq_complete_request_sync() (bsc#1145661). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - block, documentation: Fix wbt_lat_usec documentation (git fixes). - bluetooth: 6lowpan: search for destination address in all peers (bsc#1051510). - bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug (bsc#1051510). - bluetooth: Check state in l2cap_disconnect_rsp (bsc#1051510). - bluetooth: btqca: Add a short delay before downloading the NVM (bsc#1051510). - bluetooth: hci_bcsp: Fix memory leak in rx_skb (bsc#1051510). - bluetooth: revert 'validate BLE connection interval updates' (bsc#1051510). - bluetooth: validate BLE connection interval updates (bsc#1051510). - bnx2x: Prevent ptp_task to be rescheduled indefinitely (networking-stable-19_07_25). - bonding/802.3ad: fix link_failure_count tracking (bsc#1137069 bsc#1141013). - bonding/802.3ad: fix slave link initialization transition states (bsc#1137069 bsc#1141013). - bonding: Always enable vlan tx offload (networking-stable-19_07_02). - bonding: set default miimon value for non-arp modes if not set (bsc#1137069 bsc#1141013). - bonding: speed/duplex update at NETDEV_UP event (bsc#1137069 bsc#1141013). - bonding: validate ip header before check IPPROTO_IGMP (networking-stable-19_07_25). - btrfs: Fix delalloc inodes invalidation during transaction abort (bsc#1050911). - btrfs: Split btrfs_del_delalloc_inode into 2 functions (bsc#1050911). - btrfs: add a helper to retrive extent inline ref type (bsc#1149325). - btrfs: add cleanup_ref_head_accounting helper (bsc#1050911). - btrfs: add missing inode version, ctime and mtime updates when punching hole (bsc#1140487). - btrfs: add one more sanity check for shared ref type (bsc#1149325). - btrfs: clean up pending block groups when transaction commit aborts (bsc#1050911). - btrfs: convert to use btrfs_get_extent_inline_ref_type (bsc#1149325). - btrfs: do not abort transaction at btrfs_update_root() after failure to COW path (bsc#1150933). - btrfs: fix assertion failure during fsync and use of stale transaction (bsc#1150562). - btrfs: fix data loss after inode eviction, renaming it, and fsync it (bsc#1145941). - btrfs: fix fsync not persisting dentry deletions due to inode evictions (bsc#1145942). - btrfs: fix incremental send failure after deduplication (bsc#1145940). - btrfs: fix pinned underflow after transaction aborted (bsc#1050911). - btrfs: fix race between send and deduplication that lead to failures and crashes (bsc#1145059). - btrfs: fix race leading to fs corruption after transaction abort (bsc#1145937). - btrfs: handle delayed ref head accounting cleanup in abort (bsc#1050911). - btrfs: prevent send failures and crashes due to concurrent relocation (bsc#1145059). - btrfs: remove BUG() in add_data_reference (bsc#1149325). - btrfs: remove BUG() in btrfs_extent_inline_ref_size (bsc#1149325). - btrfs: remove BUG() in print_extent_item (bsc#1149325). - btrfs: remove BUG_ON in __add_tree_block (bsc#1149325). - btrfs: scrub: add memalloc_nofs protection around init_ipath (bsc#1086103). - btrfs: start readahead also in seed devices (bsc#1144886). - btrfs: track running balance in a simpler way (bsc#1145059). - btrfs: use GFP_KERNEL in init_ipath (bsc#1086103). - caif-hsi: fix possible deadlock in cfhsi_exit_module() (networking-stable-19_07_25). - can: m_can: implement errata 'Needless activation of MRAF irq' (bsc#1051510). - can: mcp251x: add support for mcp25625 (bsc#1051510). - can: peak_usb: fix potential double kfree_skb() (bsc#1051510). - can: peak_usb: force the string buffer NULL-terminated (bsc#1051510). - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (bsc#1051510). - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices (bsc#1051510). - can: rcar_canfd: fix possible IRQ storm on high load (bsc#1051510). - can: sja1000: force the string buffer NULL-terminated (bsc#1051510). - carl9170: fix misuse of device driver API (bsc#1142635). - ceph: always get rstat from auth mds (bsc#1146346). - ceph: clean up ceph.dir.pin vxattr name sizeof() (bsc#1146346). - ceph: decode feature bits in session message (bsc#1146346). - ceph: do not blindly unregister session that is in opening state (bsc#1148133). - ceph: do not try fill file_lock on unsuccessful GETFILELOCK reply (bsc#1148133). - ceph: fix 'ceph.dir.rctime' vxattr value (bsc#1148133 bsc#1135219). - ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in fill_inode() (bsc#1148133). - ceph: fix improper use of smp_mb__before_atomic() (bsc#1148133). - ceph: fix iov_iter issues in ceph_direct_read_write() (bsc#1141450). - ceph: hold i_ceph_lock when removing caps for freeing inode (bsc#1148133). - ceph: remove request from waiting list before unregister (bsc#1148133). - ceph: silence a checker warning in mdsc_show() (bsc#1148133). - ceph: support cephfs' own feature bits (bsc#1146346). - ceph: support getting ceph.dir.pin vxattr (bsc#1146346). - ceph: support versioned reply (bsc#1146346). - ceph: use bit flags to define vxattr attributes (bsc#1146346). - cfg80211: revert 'fix processing world regdomain when non modular' (bsc#1051510). - cifs: Accept validate negotiate if server return NT_STATUS_NOT_SUPPORTED (bsc#1144333). - cifs: Add DFS cache routines (bsc#1144333). - cifs: Add direct I/O functions to file_operations (bsc#1144333). - cifs: Add minor debug message during negprot (bsc#1144333). - cifs: Add smb2_send_recv (bsc#1144333). - cifs: Add support for FSCTL passthrough that write data to the server (bsc#1144333). - cifs: Add support for direct I/O read (bsc#1144333). - cifs: Add support for direct I/O write (bsc#1144333). - cifs: Add support for direct pages in rdata (bsc#1144333). - cifs: Add support for direct pages in wdata (bsc#1144333). - cifs: Add support for failover in cifs_mount() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect_tcon() (bsc#1144333). - cifs: Add support for failover in smb2_reconnect() (bsc#1144333). - cifs: Add support for reading attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: Add support for writing attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: Adds information-level logging function (bsc#1144333). - cifs: Adjust MTU credits before reopening a file (bsc#1144333). - cifs: Allocate memory for all iovs in smb2_ioctl (bsc#1144333). - cifs: Allocate validate negotiation request through kmalloc (bsc#1144333). - cifs: Always reset read error to -EIO if no response (bsc#1144333). - cifs: Always resolve hostname before reconnecting (bsc#1051510, bsc#1144333). - cifs: Avoid returning EBUSY to upper layer VFS (bsc#1144333). - cifs: Calculate the correct request length based on page offset and tail size (bsc#1144333). - cifs: Call MID callback before destroying transport (bsc#1144333). - cifs: Change SMB2_open to return an iov for the error parameter (bsc#1144333). - cifs: Check for reconnects before sending async requests (bsc#1144333). - cifs: Check for reconnects before sending compound requests (bsc#1144333). - cifs: Check for timeout on Negotiate stage (bsc#1091171, bsc#1144333). - cifs: Count SMB3 credits for malformed pending responses (bsc#1144333). - cifs: Display SMB2 error codes in the hex format (bsc#1144333). - cifs: Do not assume one credit for async responses (bsc#1144333). - cifs: Do not consider -ENODATA as stat failure for reads (bsc#1144333). - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510, bsc#1144333). - cifs: Do not hide EINTR after sending network packets (bsc#1051510, bsc#1144333). - cifs: Do not log credits when unmounting a share (bsc#1144333). - cifs: Do not match port on SMBDirect transport (bsc#1144333). - cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510, bsc#1144333). - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510, bsc#1144333). - cifs: Do not reset lease state to NONE on lease break (bsc#1051510, bsc#1144333). - cifs: Do not set credits to 1 if the server didn't grant anything (bsc#1144333). - cifs: Do not skip SMB2 message IDs on send failures (bsc#1144333). - cifs: Find and reopen a file before get MTU credits in writepages (bsc#1144333). - cifs: Fix DFS cache refresher for DFS links (bsc#1144333). - cifs: Fix NULL pointer deref on SMB2_tcon() failure (bsc#1071009, bsc#1144333). - cifs: Fix NULL pointer dereference of devname (bnc#1129519). - cifs: Fix NULL ptr deref (bsc#1144333). - cifs: Fix a debug message (bsc#1144333). - cifs: Fix a race condition with cifs_echo_request (bsc#1144333). - cifs: Fix a tiny potential memory leak (bsc#1144333). - cifs: Fix adjustment of credits for MTU requests (bsc#1051510, bsc#1144333). - cifs: Fix an issue with re-sending rdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix an issue with re-sending wdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix autonegotiate security settings mismatch (bsc#1087092, bsc#1144333). - cifs: Fix check for matching with existing mount (bsc#1144333). - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510, bsc#1144333). - cifs: Fix credit calculations in compound mid callback (bsc#1144333). - cifs: Fix credit computation for compounded requests (bsc#1144333). - cifs: Fix credits calculation for cancelled requests (bsc#1144333). - cifs: Fix credits calculations for reads with errors (bsc#1051510, bsc#1144333). - cifs: Fix encryption/signing (bsc#1144333). - cifs: Fix error mapping for SMB2_LOCK command which caused OFD lock problem (bsc#1051510, bsc#1144333). - cifs: Fix error paths in writeback code (bsc#1144333). - cifs: Fix infinite loop when using hard mount option (bsc#1091171, bsc#1144333). - cifs: Fix invalid check in __cifs_calc_signature() (bsc#1144333). - cifs: Fix kernel oops when traceSMB is enabled (bsc#1144333). - cifs: Fix leaking locked VFS cache pages in writeback retry (bsc#1144333). - cifs: Fix lease buffer length error (bsc#1144333). - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510, bsc#1144333). - cifs: Fix missing put_xid in cifs_file_strict_mmap (bsc#1087092, bsc#1144333). - cifs: Fix module dependency (bsc#1144333). - cifs: Fix mounts if the client is low on credits (bsc#1144333). - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510, bsc#1144333). - cifs: Fix possible oops and memory leaks in async IO (bsc#1144333). - cifs: Fix potential OOB access of lock element array (bsc#1051510, bsc#1144333). - cifs: Fix read after write for files with read caching (bsc#1051510, bsc#1144333). - cifs: Fix separator when building path from dentry (bsc#1051510, bsc#1144333). - cifs: Fix signing for SMB2/3 (bsc#1144333). - cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting (bsc#1144333). - cifs: Fix slab-out-of-bounds when tracing SMB tcon (bsc#1144333). - cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1051510, bsc#1144333). - cifs: Fix to use kmem_cache_free() instead of kfree() (bsc#1144333). - cifs: Fix trace command logging for SMB2 reads and writes (bsc#1144333). - cifs: Fix use after free of a mid_q_entry (bsc#1112903, bsc#1144333). - cifs: Fix use-after-free in SMB2_read (bsc#1144333). - cifs: Fix use-after-free in SMB2_write (bsc#1144333). - cifs: Fix validation of signed data in smb2 (bsc#1144333). - cifs: Fix validation of signed data in smb3+ (bsc#1144333). - cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510, bsc#1144333). - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs) (bsc#1144333). - cifs: Introduce helper function to get page offset and length in smb_rqst (bsc#1144333). - cifs: Introduce offset for the 1st page in data transfer structures (bsc#1144333). - cifs: Limit memory used by lock request calls to a page (bsc#1144333). - cifs: Make devname param optional in cifs_compose_mount_options() (bsc#1144333). - cifs: Make sure all data pages are signed correctly (bsc#1144333). - cifs: Make use of DFS cache to get new DFS referrals (bsc#1144333). - cifs: Mask off signals when sending SMB packets (bsc#1144333). - cifs: Minor Kconfig clarification (bsc#1144333). - cifs: Move credit processing to mid callbacks for SMB3 (bsc#1144333). - cifs: Move open file handling to writepages (bsc#1144333). - cifs: Move unlocking pages from wdata_send_pages() (bsc#1144333). - cifs: OFD locks do not conflict with eachothers (bsc#1051510, bsc#1144333). - cifs: Only free DFS target list if we actually got one (bsc#1144333). - cifs: Only send SMB2_NEGOTIATE command on new TCP connections (bsc#1144333). - cifs: Pass page offset for calculating signature (bsc#1144333). - cifs: Pass page offset for encrypting (bsc#1144333). - cifs: Print message when attempting a mount (bsc#1144333). - cifs: Properly handle auto disabling of serverino option (bsc#1144333). - cifs: Reconnect expired SMB sessions (bnc#1060662). - cifs: Refactor out cifs_mount() (bsc#1144333). - cifs: Remove custom credit adjustments for SMB2 async IO (bsc#1144333). - cifs: Reopen file before get SMB2 MTU credits for async IO (bsc#1144333). - cifs: Respect SMB2 hdr preamble size in read responses (bsc#1144333). - cifs: Respect reconnect in MTU credits calculations (bsc#1144333). - cifs: Respect reconnect in non-MTU credits calculations (bsc#1144333). - cifs: Return -EAGAIN instead of -ENOTSOCK (bsc#1144333). - cifs: Return error code when getting file handle for writeback (bsc#1144333). - cifs: SMBD: Add SMB Direct debug counters (bsc#1144333). - cifs: SMBD: Add SMB Direct protocol initial values and constants (bsc#1144333). - cifs: SMBD: Add parameter rdata to smb2_new_read_req (bsc#1144333). - cifs: SMBD: Add rdma mount option (bsc#1144333). - cifs: SMBD: Disable signing on SMB direct transport (bsc#1144333). - cifs: SMBD: Do not call ib_dereg_mr on invalidated memory registration (bsc#1144333). - cifs: SMBD: Establish SMB Direct connection (bsc#1144333). - cifs: SMBD: Fix the definition for SMB2_CHANNEL_RDMA_V1_INVALIDATE (bsc#1144333). - cifs: SMBD: Implement RDMA memory registration (bsc#1144333). - cifs: SMBD: Implement function to create a SMB Direct connection (bsc#1144333). - cifs: SMBD: Implement function to destroy a SMB Direct connection (bsc#1144333). - cifs: SMBD: Implement function to receive data via RDMA receive (bsc#1144333). - cifs: SMBD: Implement function to reconnect to a SMB Direct transport (bsc#1144333). - cifs: SMBD: Implement function to send data via RDMA send (bsc#1144333). - cifs: SMBD: Read correct returned data length for RDMA write (SMB read) I/O (bsc#1144333). - cifs: SMBD: Set SMB Direct maximum read or write size for I/O (bsc#1144333). - cifs: SMBD: Support page offset in RDMA recv (bsc#1144333). - cifs: SMBD: Support page offset in RDMA send (bsc#1144333). - cifs: SMBD: Support page offset in memory registration (bsc#1144333). - cifs: SMBD: Upper layer connects to SMBDirect session (bsc#1144333). - cifs: SMBD: Upper layer destroys SMB Direct session on shutdown or umount (bsc#1144333). - cifs: SMBD: Upper layer performs SMB read via RDMA write through memory registration (bsc#1144333). - cifs: SMBD: Upper layer performs SMB write via RDMA read through memory registration (bsc#1144333). - cifs: SMBD: Upper layer receives data via RDMA receive (bsc#1144333). - cifs: SMBD: Upper layer reconnects to SMB Direct session (bsc#1144333). - cifs: SMBD: Upper layer sends data via RDMA send (bsc#1144333). - cifs: SMBD: _smbd_get_connection() can be static (bsc#1144333). - cifs: SMBD: export protocol initial values (bsc#1144333). - cifs: SMBD: fix spelling mistake: faield and legnth (bsc#1144333). - cifs: SMBD: work around gcc -Wmaybe-uninitialized warning (bsc#1144333). - cifs: Save TTL value when parsing DFS referrals (bsc#1144333). - cifs: Select all required crypto modules (bsc#1085536, bsc#1144333). - cifs: Set reconnect instance to one initially (bsc#1144333). - cifs: Show locallease in /proc/mounts for cifs shares mounted with locallease feature (bsc#1144333). - cifs: Silence uninitialized variable warning (bsc#1144333). - cifs: Skip any trailing backslashes from UNC (bsc#1144333). - cifs: Try to acquire credits at once for compound requests (bsc#1144333). - cifs: Use GFP_ATOMIC when a lock is held in cifs_mount() (bsc#1144333). - cifs: Use ULL suffix for 64-bit constant (bsc#1051510, bsc#1144333). - cifs: Use correct packet length in SMB2_TRANSFORM header (bsc#1144333). - cifs: Use kmemdup in SMB2_ioctl_init() (bsc#1144333). - cifs: Use kmemdup rather than duplicating its implementation in smb311_posix_mkdir() (bsc#1144333). - cifs: Use kzfree() to free password (bsc#1144333). - cifs: Use offset when reading pages (bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510, bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510, bsc#1144333). - cifs: When sending data on socket, pass the correct page offset (bsc#1144333). - cifs: a smb2_validate_and_copy_iov failure does not mean the handle is invalid (bsc#1144333). - cifs: add .splice_write (bsc#1144333). - cifs: add IOCTL for QUERY_INFO passthrough to userspace (bsc#1144333). - cifs: add ONCE flag for cifs_dbg type (bsc#1144333). - cifs: add SFM mapping for 0x01-0x1F (bsc#1144333). - cifs: add SMB2_close_init()/SMB2_close_free() (bsc#1144333). - cifs: add SMB2_ioctl_init/free helpers to be used with compounding (bsc#1144333). - cifs: add SMB2_query_info_[init|free]() (bsc#1144333). - cifs: add a new SMB2_close_flags function (bsc#1144333). - cifs: add a smb2_compound_op and change QUERY_INFO to use it (bsc#1144333). - cifs: add a timeout argument to wait_for_free_credits (bsc#1144333). - cifs: add a warning if we try to to dequeue a deleted mid (bsc#1144333). - cifs: add compound_send_recv() (bsc#1144333). - cifs: add credits from unmatched responses/messages (bsc#1144333). - cifs: add debug output to show nocase mount option (bsc#1144333). - cifs: add fiemap support (bsc#1144333). - cifs: add iface info to struct cifs_ses (bsc#1144333). - cifs: add lease tracking to the cached root fid (bsc#1144333). - cifs: add missing GCM module dependency (bsc#1144333). - cifs: add missing debug entries for kconfig options (bsc#1051510, bsc#1144333). - cifs: add missing support for ACLs in SMB 3.11 (bsc#1051510, bsc#1144333). - cifs: add pdu_size to the TCP_Server_Info structure (bsc#1144333). - cifs: add resp_buf_size to the mid_q_entry structure (bsc#1144333). - cifs: add server argument to the dump_detail method (bsc#1144333). - cifs: add server->vals->header_preamble_size (bsc#1144333). - cifs: add sha512 secmech (bsc#1051510, bsc#1144333). - cifs: add spinlock for the openFileList to cifsInodeInfo (bsc#1144333). - cifs: add support for SEEK_DATA and SEEK_HOLE (bsc#1144333). - cifs: add support for ioctl on directories (bsc#1144333). - cifs: address trivial coverity warning (bsc#1144333). - cifs: allow calling SMB2_xxx_free(NULL) (bsc#1144333). - cifs: allow disabling less secure legacy dialects (bsc#1144333). - cifs: allow guest mounts to work for smb3.11 (bsc#1051510, bsc#1144333). - cifs: always add credits back for unsolicited PDUs (bsc#1144333). - cifs: auto disable 'serverino' in dfs mounts (bsc#1144333). - cifs: avoid a kmalloc in smb2_send_recv/SendReceive2 for the common case (bsc#1144333). - cifs: cache FILE_ALL_INFO for the shared root handle (bsc#1144333). - cifs: change SMB2_OP_RENAME and SMB2_OP_HARDLINK to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_EOF to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_INFO to use compounding (bsc#1144333). - cifs: change mkdir to use a compound (bsc#1144333). - cifs: change smb2_get_data_area_len to take a smb2_sync_hdr as argument (bsc#1144333). - cifs: change smb2_query_eas to use the compound query-info helper (bsc#1144333). - cifs: change unlink to use a compound (bsc#1144333). - cifs: change validate_buf to validate_iov (bsc#1144333). - cifs: change wait_for_free_request() to take flags as argument (bsc#1144333). - cifs: check CIFS_MOUNT_NO_DFS when trying to reuse existing sb (bsc#1144333). - cifs: check MaxPathNameComponentLength != 0 before using it (bsc#1085536, bsc#1144333). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902, bsc#1144333). - cifs: check if SMB2 PDU size has been padded and suppress the warning (bsc#1144333). - cifs: check kmalloc before use (bsc#1051510, bsc#1144333). - cifs: check kzalloc return (bsc#1144333). - cifs: check ntwrk_buf_start for NULL before dereferencing it (bsc#1144333). - cifs: check rsp for NULL before dereferencing in SMB2_open (bsc#1085536, bsc#1144333). - cifs: cifs_read_allocate_pages: do not iterate through whole page array on ENOMEM (bsc#1144333). - cifs: clean up indentation, replace spaces with tab (bsc#1144333). - cifs: cleanup smb2ops.c and normalize strings (bsc#1144333). - cifs: complete PDU definitions for interface queries (bsc#1144333). - cifs: connect to servername instead of IP for IPC$ share (bsc#1051510, bsc#1144333). - cifs: create SMB2_open_init()/SMB2_open_free() helpers (bsc#1144333). - cifs: create a define for how many iovs we need for an SMB2_open() (bsc#1144333). - cifs: create a define for the max number of iov we need for a SMB2 set_info (bsc#1144333). - cifs: create a helper function for compound query_info (bsc#1144333). - cifs: create helpers for SMB2_set_info_init/free() (bsc#1144333). - cifs: do not allow creating sockets except with SMB1 posix exensions (bsc#1102097, bsc#1144333). - cifs: do not attempt cifs operation on smb2+ rename error (bsc#1144333). - cifs: do not dereference smb_file_target before null check (bsc#1051510, bsc#1144333). - cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510, bsc#1144333). - cifs: do not return atime less than mtime (bsc#1144333). - cifs: do not send invalid input buffer on QUERY_INFO requests (bsc#1144333). - cifs: do not show domain= in mount output when domain is empty (bsc#1144333). - cifs: do not use __constant_cpu_to_le32() (bsc#1144333). - cifs: document tcon/ses/server refcount dance (bsc#1144333). - cifs: dump IPC tcon in debug proc file (bsc#1071306, bsc#1144333). - cifs: dump every session iface info (bsc#1144333). - cifs: fallback to older infolevels on findfirst queryinfo retry (bsc#1144333). - cifs: fix GlobalMid_Lock bug in cifs_reconnect (bsc#1144333). - cifs: fix NULL deref in SMB2_read (bsc#1085539, bsc#1144333). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542, bsc#1144333). - cifs: fix SMB1 breakage (bsc#1144333). - cifs: fix a buffer leak in smb2_query_symlink (bsc#1144333). - cifs: fix a credits leak for compund commands (bsc#1144333). - cifs: fix bi-directional fsctl passthrough calls (bsc#1144333). - cifs: fix build break when CONFIG_CIFS_DEBUG2 enabled (bsc#1144333). - cifs: fix build errors for SMB_DIRECT (bsc#1144333). - cifs: fix circular locking dependency (bsc#1064701, bsc#1144333). - cifs: fix computation for MAX_SMB2_HDR_SIZE (bsc#1144333). - cifs: fix confusing warning message on reconnect (bsc#1144333). - cifs: fix crash in cifs_dfs_do_automount (bsc#1144333). - cifs: fix crash in smb2_compound_op()/smb2_set_next_command() (bsc#1144333). - cifs: fix crash querying symlinks stored as reparse-points (bsc#1144333). - cifs: fix credits leak for SMB1 oplock breaks (bsc#1144333). - cifs: fix deadlock in cached root handling (bsc#1144333). - cifs: fix encryption in SMB3.1.1 (bsc#1144333). - cifs: fix handle leak in smb2_query_symlink() (bsc#1144333). - cifs: fix incorrect handling of smb2_set_sparse() return in smb3_simple_falloc (bsc#1144333). - cifs: fix kref underflow in close_shroot() (bsc#1144333). - cifs: fix memory leak and remove dead code (bsc#1144333). - cifs: fix memory leak in SMB2_open() (bsc#1112894, bsc#1144333). - cifs: fix memory leak in SMB2_read (bsc#1144333). - cifs: fix memory leak of an allocated cifs_ntsd structure (bsc#1144333). - cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl case (bsc#1144333). - cifs: fix page reference leak with readv/writev (bsc#1144333). - cifs: fix panic in smb2_reconnect (bsc#1144333). - cifs: fix parsing of symbolic link error response (bsc#1144333). - cifs: fix return value for cifs_listxattr (bsc#1051510, bsc#1144333). - cifs: fix rmmod regression in cifs.ko caused by force_sig changes (bsc#1144333). - cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510, bsc#1144333). - cifs: fix signed/unsigned mismatch on aio_read patch (bsc#1144333). - cifs: fix smb3_zero_range for Azure (bsc#1144333). - cifs: fix smb3_zero_range so it can expand the file-size when required (bsc#1144333). - cifs: fix sparse warning on previous patch in a few printks (bsc#1144333). - cifs: fix spelling mistake, EACCESS -> EACCES (bsc#1144333). - cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() (bsc#1144333). - cifs: fix typo in cifs_dbg (bsc#1144333). - cifs: fix typo in debug message with struct field ia_valid (bsc#1144333). - cifs: fix uninitialized ptr deref in smb2 signing (bsc#1144333). - cifs: fix use-after-free of the lease keys (bsc#1144333). - cifs: fix wrapping bugs in num_entries() (bsc#1051510, bsc#1144333). - cifs: flush before set-info if we have writeable handles (bsc#1144333). - cifs: handle large EA requests more gracefully in smb2+ (bsc#1144333). - cifs: handle netapp error codes (bsc#1136261). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: implement v3.11 preauth integrity (bsc#1051510, bsc#1144333). - cifs: integer overflow in in SMB2_ioctl() (bsc#1051510, bsc#1144333). - cifs: invalidate cache when we truncate a file (bsc#1051510, bsc#1144333). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565, bsc#1144333). - cifs: limit amount of data we request for xattrs to CIFSMaxBufSize (bsc#1144333). - cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510, bsc#1144333). - cifs: make IPC a regular tcon (bsc#1071306, bsc#1144333). - cifs: make arrays static const, reduces object code size (bsc#1144333). - cifs: make minor clarifications to module params for cifs.ko (bsc#1144333). - cifs: make mknod() an smb_version_op (bsc#1144333). - cifs: make rmdir() use compounding (bsc#1144333). - cifs: make smb_send_rqst take an array of requests (bsc#1144333). - cifs: minor clarification in comments (bsc#1144333). - cifs: minor updates to module description for cifs.ko (bsc#1144333). - cifs: move default port definitions to cifsglob.h (bsc#1144333). - cifs: move large array from stack to heap (bsc#1144333). - cifs: only wake the thread for the very last PDU in a compound (bsc#1144333). - cifs: parse and store info on iface queries (bsc#1144333). - cifs: pass flags down into wait_for_free_credits() (bsc#1144333). - cifs: pass page offsets on SMB1 read/write (bsc#1144333). - cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510, bsc#1144333). - cifs: prevent starvation in wait_for_free_credits for multi-credit requests (bsc#1144333). - cifs: print CIFSMaxBufSize as part of /proc/fs/cifs/DebugData (bsc#1144333). - cifs: protect against server returning invalid file system block size (bsc#1144333). - cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: push rfc1002 generation down the stack (bsc#1144333). - cifs: read overflow in is_valid_oplock_break() (bsc#1144333). - cifs: refactor and clean up arguments in the reparse point parsing (bsc#1144333). - cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510, bsc#1144333). - cifs: release auth_key.response for reconnect (bsc#1085536, bsc#1144333). - cifs: release cifs root_cred after exit_cifs (bsc#1085536, bsc#1144333). - cifs: remove coverity warning in calc_lanman_hash (bsc#1144333). - cifs: remove header_preamble_size where it is always 0 (bsc#1144333). - cifs: remove redundant duplicated assignment of pointer 'node' (bsc#1144333). - cifs: remove rfc1002 hardcoded constants from cifs_discard_remaining_data() (bsc#1144333). - cifs: remove rfc1002 header from all SMB2 response structures (bsc#1144333). - cifs: remove rfc1002 header from smb2 read/write requests (bsc#1144333). - cifs: remove rfc1002 header from smb2_close_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_create_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_echo_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_flush_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_ioctl_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_lease_ack (bsc#1144333). - cifs: remove rfc1002 header from smb2_lock_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_logoff_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_negotiate_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_oplock_break we get from server (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_directory_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_sess_setup_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_set_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_connect_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_disconnect_req (bsc#1144333). - cifs: remove set but not used variable 'cifs_sb' (bsc#1144333). - cifs: remove set but not used variable 'sep' (bsc#1144333). - cifs: remove set but not used variable 'server' (bsc#1144333). - cifs: remove set but not used variable 'smb_buf' (bsc#1144333). - cifs: remove small_smb2_init (bsc#1144333). - cifs: remove smb2_send_recv() (bsc#1144333). - cifs: remove struct smb2_hdr (bsc#1144333). - cifs: remove struct smb2_oplock_break_rsp (bsc#1144333). - cifs: remove the is_falloc argument to SMB2_set_eof (bsc#1144333). - cifs: remove unused stats (bsc#1144333). - cifs: remove unused value pointed out by Coverity (bsc#1144333). - cifs: remove unused variable from SMB2_read (bsc#1144333). - cifs: rename and clarify CIFS_ASYNC_OP and CIFS_NO_RESP (bsc#1144333). - cifs: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - cifs: replace snprintf with scnprintf (bsc#1144333). - cifs: return -ENODATA when deleting an xattr that does not exist (bsc#1144333). - cifs: return correct errors when pinning memory failed for direct I/O (bsc#1144333). - cifs: return error on invalid value written to cifsFYI (bsc#1144333). - cifs: set *resp_buf_type to NO_BUFFER on error (bsc#1144333). - cifs: set mapping error when page writeback fails in writepage or launder_pages (bsc#1144333). - cifs: set oparms.create_options rather than or'ing in CREATE_OPEN_BACKUP_INTENT (bsc#1144333). - cifs: show 'soft' in the mount options for hard mounts (bsc#1144333). - cifs: show the w bit for writeable /proc/fs/cifs/* files (bsc#1144333). - cifs: silence compiler warnings showing up with gcc-8.0.0 (bsc#1090734, bsc#1144333). - cifs: simple stats should always be enabled (bsc#1144333). - cifs: simplify code by removing CONFIG_CIFS_ACL ifdef (bsc#1144333). - Update config files. - cifs: simplify how we handle credits in compound_send_recv() (bsc#1144333). - cifs: smb2 commands can not be negative, remove confusing check (bsc#1144333). - cifs: smb2ops: Fix NULL check in smb2_query_symlink (bsc#1144333). - cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510, bsc#1144333). - cifs: smb2pdu: Fix potential NULL pointer dereference (bsc#1144333). - cifs: smbd: Avoid allocating iov on the stack (bsc#1144333). - cifs: smbd: Check for iov length on sending the last iov (bsc#1144333). - cifs: smbd: Do not destroy transport on RDMA disconnect (bsc#1144333). - cifs: smbd: Do not use RDMA read/write when signing is used (bsc#1144333). - cifs: smbd: Dump SMB packet when configured (bsc#1144333). - cifs: smbd: Enable signing with smbdirect (bsc#1144333). - cifs: smbd: Indicate to retry on transport sending failure (bsc#1144333). - cifs: smbd: Retry on memory registration failure (bsc#1144333). - cifs: smbd: Return EINTR when interrupted (bsc#1144333). - cifs: smbd: avoid reconnect lockup (bsc#1144333). - cifs: smbd: depend on INFINIBAND_ADDR_TRANS (bsc#1144333). - cifs: smbd: disconnect transport on RDMA errors (bsc#1144333). - cifs: smbd: take an array of reqeusts when sending upper layer data (bsc#1144333). - cifs: start DFS cache refresher in cifs_mount() (bsc#1144333). - cifs: store the leaseKey in the fid on SMB2_open (bsc#1051510, bsc#1144333). - cifs: suppress some implicit-fallthrough warnings (bsc#1144333). - cifs: track writepages in vfs operation counters (bsc#1144333). - cifs: update __smb_send_rqst() to take an array of requests (bsc#1144333). - cifs: update calc_size to take a server argument (bsc#1144333). - cifs: update init_sg, crypt_message to take an array of rqst (bsc#1144333). - cifs: update internal module number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.14 (bsc#1144333). - cifs: update module internal version number (bsc#1144333). - cifs: update multiplex loop to handle compounded responses (bsc#1144333). - cifs: update receive_encrypted_standard to handle compounded responses (bsc#1144333). - cifs: update smb2_calc_size to use smb2_sync_hdr instead of smb2_hdr (bsc#1144333). - cifs: update smb2_check_message to handle PDUs without a 4 byte length header (bsc#1144333). - cifs: update smb2_queryfs() to use compounding (bsc#1144333). - cifs: use a compound for setting an xattr (bsc#1144333). - cifs: use a refcount to protect open/closing the cached file handle (bsc#1144333). - cifs: use correct format characters (bsc#1144333). - cifs: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl (bsc#1071306, bsc#1144333). - cifs: use the correct length when pinning memory for direct I/O for write (bsc#1144333). - cifs: wait_for_free_credits() make it possible to wait for >=1 credits (bsc#1144333). - cifs: we can not use small padding iovs together with encryption (bsc#1144333). - cifs: zero sensitive data when freeing (bsc#1087092, bsc#1144333). - cifs: zero-range does not require the file is sparse (bsc#1144333). - cifs:smbd Use the correct DMA direction when sending data (bsc#1144333). - cifs:smbd When reconnecting to server, call smbd_destroy() after all MIDs have been called (bsc#1144333). - cifs_lookup(): cifs_get_inode_...() never returns 0 with *inode left NULL (bsc#1144333). - cifs_lookup(): switch to d_splice_alias() (bsc#1144333). - clk: Export clk_bulk_prepare() (bsc#1144813). - clk: add clk_bulk_get accessories (bsc#1144813). - clk: bcm2835: remove pllb (jsc#SLE-7294). - clk: bcm283x: add driver interfacing with Raspberry Pi's firmware (jsc#SLE-7294). - clk: bulk: silently error out on EPROBE_DEFER (bsc#1144718,bsc#1144813). - clk: raspberrypi: register platform device for raspberrypi-cpufreq (jsc#SLE-7294). - clk: renesas: cpg-mssr: Fix reset control race condition (bsc#1051510). - clk: rockchip: Add 1.6GHz PLL rate for rk3399 (bsc#1144718,bsc#1144813). - clk: rockchip: assign correct id for pclk_ddr and hclk_sd in rk3399 (bsc#1144718,bsc#1144813). - compat_ioctl: pppoe: fix PPPOEIOCSFWD handling (bsc#1051510). - coredump: split pipe command whitespace before expanding template (bsc#1051510). - cpu/speculation: Warn on unsupported mitigations= parameter (bsc#1114279). - cpufreq: dt: Try freeing static OPPs only if we have added them (jsc#SLE-7294). - crypto: ccp - Add support for valid authsize values less than 16 (bsc#1051510). - crypto: ccp - Fix oops by properly managing allocated structures (bsc#1051510). - crypto: ccp - Ignore tag length when decrypting GCM ciphertext (bsc#1051510). - crypto: ccp - Ignore unconfigured CCP device on suspend/resume (bnc#1145934). - crypto: ccp - Validate buffer lengths for copy operations (bsc#1051510). - crypto: talitos - fix skcipher failure due to wrong output IV (bsc#1051510). - cx82310_eth: fix a memory leak bug (bsc#1051510). - dax: dax_layout_busy_page() should not unmap cow pages (bsc#1148698). - devres: always use dev_name() in devm_ioremap_resource() (git fixes). - dfs_cache: fix a wrong use of kfree in flush_cache_ent() (bsc#1144333). - dm btree: fix order of block initialization in btree_split_beneath (git fixes). - dm bufio: fix deadlock with loop device (git fixes). - dm cache metadata: Fix loading discard bitset (git fixes). - dm crypt: do not overallocate the integrity tag space (git fixes). - dm crypt: fix parsing of extended IV arguments (git fixes). - dm delay: fix a crash when invalid device is specified (git fixes). - dm integrity: change memcmp to strncmp in dm_integrity_ctr (git fixes). - dm integrity: limit the rate of error messages (git fixes). - dm kcopyd: always complete failed jobs (git fixes). - dm raid: add missing cleanup in raid_ctr() (git fixes). - dm space map metadata: fix missing store of apply_bops() return value (git fixes). - dm table: fix invalid memory accesses with too high sector number (git fixes). - dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors (git fixes). - dm thin: fix bug where bio that overwrites thin block ignores FUA (git fixes). - dm thin: fix passdown_double_checking_shared_status() (git fixes). - dm zoned: Fix zone report handling (git fixes). - dm zoned: Silence a static checker warning (git fixes). - dm zoned: fix potential NULL dereference in dmz_do_reclaim() (git fixes). - dm zoned: fix zone state management race (git fixes). - dm zoned: improve error handling in i/o map code (git fixes). - dm zoned: improve error handling in reclaim (git fixes). - dm zoned: properly handle backing device failure (git fixes). - dm: bufio: revert: 'fix deadlock with loop device' (git fixes). - dm: fix to_sector() for 32bit (git fixes). - dm: revert 8f50e358153d ('dm: limit the max bio size as BIO_MAX_PAGES * PAGE_SIZE') (git fixes). - dma-buf: balance refcount inbalance (bsc#1051510). - dmaengine: rcar-dmac: Reject zero-length slave DMA requests (bsc#1051510). - documentation/networking: fix default_ttl typo in mpls-sysctl (bsc#1051510). - documentation: Add nospectre_v1 parameter (bsc#1051510). - driver core: Fix use-after-free and double free on glue directory (bsc#1131281). - drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl (bsc#1051510). - drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings (bsc#1051510). - drm/amdgpu/psp: move psp version specific function pointers to (bsc#1135642) - drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz (bsc#1051510). - drm/bridge: tc358767: read display_props in get_modes() (bsc#1051510). - drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry (bsc#1051510). - drm/etnaviv: add missing failure path to destroy suballoc (bsc#1135642) - drm/i915/perf: ensure we keep a reference on the driver (bsc#1142635) - drm/i915/userptr: Acquire the page lock around set_page_dirty() (bsc#1051510). - drm/i915: Do not deballoon unused ggtt drm_mm_node in linux guest (bsc#1142635) - drm/i915: Fix wrong escape clock divisor init for GLK (bsc#1142635) - drm/i915: Restore relaxed padding (OCL_OOB_SUPPRES_ENABLE) for skl+ (bsc#1142635) - drm/imx: notify drm core before sending event during crtc disable (bsc#1135642) - drm/imx: only send event on crtc disable if kept disabled (bsc#1135642) - drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver (bsc#1135642) - drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable() (bsc#1135642) - drm/mediatek: clear num_pipes when unbind driver (bsc#1135642) - drm/mediatek: fix unbind functions (bsc#1135642) - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto (bsc#1142635) - drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1135642) - drm/mediatek: use correct device to import PRIME buffers (bsc#1142635) - drm/msm/mdp5: Fix mdp5_cfg_init error return (bsc#1142635) - drm/msm: Depopulate platform on probe failure (bsc#1051510). - drm/nouveau: Do not retry infinitely when receiving no data on i2c (bsc#1142635) - drm/nouveau: fix memory leak in nouveau_conn_reset() (bsc#1051510). - drm/panel: simple: Fix panel_simple_dsi_probe (bsc#1051510). - drm/rockchip: Suspend DP late (bsc#1142635) - drm/udl: introduce a macro to convert dev to udl. (bsc#1113722) - drm/udl: move to embedding drm device inside udl device. (bsc#1113722) - drm/virtio: Add memory barriers for capset cache (bsc#1051510). - drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1135642) - drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1135642) - drm/vmwgfx: fix memory leak when too many retries have occurred (bsc#1051510). - drm: msm: Fix add_gpu_components (bsc#1051510). - drm: silence variable 'conn' set but not used (bsc#1051510). - ecryptfs: fix a couple type promotion bugs (bsc#1051510). - edac, amd64: Add Family 17h, models 10h-2fh support (bsc#1112178). - edac/amd64: Add Family 17h Model 30h PCI IDs (bsc#1112178). - edac: Fix global-out-of-bounds write when setting edac_mc_poll_msec (bsc#1114279). - efi/bgrt: Drop BGRT status field reserved bits check (bsc#1051510). - ehea: Fix a copy-paste err in ehea_init_port_res (bsc#1051510). - ext4: use jbd2_inode dirty range scoping (bsc#1148616). - firmware: raspberrypi: register clk device (jsc#SLE-7294). - firmware: ti_sci: Always request response from firmware (bsc#1051510). - fix incorrect error code mapping for OBJECTID_NOT_FOUND (bsc#1144333). - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510, bsc#1144333). - fix struct ufs_req removal of unused field (git-fixes). - fixed https://bugzilla.kernel.org/show_bug.cgi?id=202935 allow write on the same file (bsc#1144333). - fs/*/kconfig: drop links to 404-compliant http://acl.bestbits.at (bsc#1144333). - fs/cifs/cifsacl.c Fixes typo in a comment (bsc#1144333). - fs/cifs/smb2pdu.c: fix buffer free in SMB2_ioctl_free (bsc#1144333). - fs/cifs: Simplify ib_post_(send|recv|srq_recv)() calls (bsc#1144333). - fs/cifs: do not translate SFM_SLASH (U+F026) to backslash (bsc#1144333). - fs/cifs: fix uninitialised variable warnings (bsc#1144333). - fs/cifs: require sha512 (bsc#1051510, bsc#1144333). - fs/cifs: suppress a string overflow warning (bsc#1144333). - fs/xfs: Fix return code of xfs_break_leased_layouts() (bsc#1148031). - fs: cifs: Drop unlikely before IS_ERR(_OR_NULL) (bsc#1144333). - fs: cifs: Kconfig: pedantic formatting (bsc#1144333). - fs: cifs: Replace _free_xid call in cifs_root_iget function (bsc#1144333). - fs: cifs: cifsssmb: Change return type of convert_ace_to_cifs_ace (bsc#1144333). - fs: xfs: xfs_log: Do not use KM_MAYFAIL at xfs_log_reserve() (bsc#1148033). - fsl/fman: Use GFP_ATOMIC in {memac,tgec}_add_hash_mac_address() (bsc#1051510). - ftrace: Check for empty hash and comment the race with registering probes (bsc#1149418). - ftrace: Check for successful allocation of hash (bsc#1149424). - ftrace: Fix NULL pointer dereference in t_probe_next() (bsc#1149413). - gpio: Fix build error of function redefinition (bsc#1051510). - gpio: gpio-omap: add check for off wake capable gpios (bsc#1051510). - gpio: mxs: Get rid of external API call (bsc#1051510). - gpio: omap: ensure irq is enabled before wakeup (bsc#1051510). - gpio: pxa: handle corner case of unprobed device (bsc#1051510). - gpiolib: fix incorrect IRQ requesting of an active-low lineevent (bsc#1051510). - gpiolib: never report open-drain/source lines as 'input' to user-space (bsc#1051510). - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM (bsc#1142635) - hid: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT (bsc#1051510). - hid: Add quirk for HP X1200 PIXART OEM mouse (bsc#1051510). - hid: cp2112: prevent sleeping function called from invalid context (bsc#1051510). - hid: hiddev: avoid opening a disconnected device (bsc#1051510). - hid: hiddev: do cleanup in failure of opening a device (bsc#1051510). - hid: holtek: test for sanity of intfdata (bsc#1051510). - hid: sony: Fix race condition between rumble and device remove (bsc#1051510). - hid: wacom: Correct distance scale for 2nd-gen Intuos devices (bsc#1142635). - hid: wacom: correct misreported EKR ring values (bsc#1142635). - hid: wacom: fix bit shift for Cintiq Companion 2 (bsc#1051510). - hpet: Fix division by zero in hpet_time_div() (bsc#1051510). - hwmon: (nct6775) Fix register address and added missed tolerance for nct6106 (bsc#1051510). - hwmon: (nct7802) Fix wrong detection of in4 presence (bsc#1051510). - i2c: emev2: avoid race when unregistering slave client (bsc#1051510). - i2c: piix4: Fix port selection for AMD Family 16h Model 30h (bsc#1051510). - i2c: qup: fixed releasing dma without flush operation completion (bsc#1051510). - ib/mlx5: Fix MR registration flow to use UMR properly (bsc#1093205 bsc#1145678). - ibmveth: Convert multicast list size for little-endian system (bsc#1061843). - ibmvnic: Do not process reset during or after device removal (bsc#1149652 ltc#179635). - ibmvnic: Unmap DMA address of TX descriptor buffers after use (bsc#1146351 ltc#180726). - igmp: fix memory leak in igmpv3_del_delrec() (networking-stable-19_07_25). - iio: adc: max9611: Fix misuse of GENMASK macro (bsc#1051510). - iio: adc: max9611: Fix temperature reading in probe (bsc#1051510). - iio: iio-utils: Fix possible incorrect mask calculation (bsc#1051510). - include/linux/bitops.h: sanitize rotate primitives (git fixes). - input: alps - do not handle ALPS cs19 trackpoint-only device (bsc#1051510). - input: alps - fix a mismatch between a condition check and its comment (bsc#1051510). - input: iforce - add sanity checks (bsc#1051510). - input: kbtab - sanity check for endpoint type (bsc#1051510). - input: synaptics - enable RMI mode for HP Spectre X360 (bsc#1051510). - input: synaptics - whitelist Lenovo T580 SMBus intertouch (bsc#1051510). - input: trackpoint - only expose supported controls for Elan, ALPS and NXP (bsc#1051510). - intel_th: pci: Add Ice Lake NNPI support (bsc#1051510). - intel_th: pci: Add Tiger Lake support (bsc#1051510). - intel_th: pci: Add support for another Lewisburg PCH (bsc#1051510). - iommu/amd: Add support for X2APIC IOMMU interrupts (bsc#1145010). - iommu/amd: Fix race in increase_address_space() (bsc#1150860). - iommu/amd: Flush old domains in kdump kernel (bsc#1150861). - iommu/amd: Move iommu_init_pci() to .init section (bsc#1149105). - iommu/dma: Handle SG length overflow better (bsc#1146084). - iommu/iova: Fix compilation error with !CONFIG_IOMMU_IOVA (bsc#1145024). - iommu/vt-d: Do not queue_iova() if there is no flush queue (bsc#1145024). - ipip: validate header length in ipip_tunnel_xmit (git-fixes). - ipv4: do not set IPv6 only flags to IPv4 addresses (networking-stable-19_07_25). - irqchip/gic-v3-its: fix build warnings (bsc#1144880). - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack (bsc#1051510). - isdn: hfcsusb: checking idx of ep configuration (bsc#1051510). - isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain() (bsc#1051510). - iwlwifi: dbg: split iwl_fw_error_dump to two functions (bsc#1119086). - iwlwifi: do not unmap as page memory that was mapped as single (bsc#1051510). - iwlwifi: fix bad dma handling in page_mem dumping flow (bsc#1120902). - iwlwifi: fw: use helper to determine whether to dump paging (bsc#1106434). Patch needed to be adjusted, because our tree does not have the global variable IWL_FW_ERROR_DUMP_PAGING - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT on version &< 41 (bsc#1142635). - iwlwifi: mvm: fix an out-of-bound access (bsc#1051510). - iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT support (bsc#1142635). - iwlwifi: pcie: do not service an interrupt that was masked (bsc#1142635). - iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X (bsc#1142635). - jbd2: flush_descriptor(): Do not decrease buffer head's ref count (bsc#1143843). - jbd2: introduce jbd2_inode dirty range scoping (bsc#1148616). - kabi: Fix kABI for 'struct amd_iommu' (bsc#1145010). - kasan: remove redundant initialization of variable 'real_size' (git fixes). - kconfig/[mn]conf: handle backspace (^H) key (bsc#1051510). - keys: Fix missing null pointer check in request_key_auth_describe() (bsc#1051510). - kvm/eventfd: Avoid crash when assign and deassign specific eventfd in parallel (bsc#1133021). - kvm/x86: Move MSR_IA32_ARCH_CAPABILITIES to array emulated_msrs (bsc#1134881 bsc#1134882). - kvm: Disallow wraparound in kvm_gfn_to_hva_cache_init (bsc#1133021). - kvm: Fix leak vCPU's VMCS value into other pCPU (bsc#1145388). - kvm: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC (bsc#1145408). - kvm: PPC: Book3S HV: Fix CR0 setting in TM emulation (bsc#1061840). - kvm: Reject device ioctls from processes other than the VM's creator (bsc#1133021). - kvm: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT with bad value (bsc#1145393). - kvm: VMX: Fix handling of #MC that occurs during VM-Entry (bsc#1145395). - kvm: VMX: check CPUID before allowing read/write of IA32_XSS (bsc#1145394). - kvm: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083). - kvm: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083). - kvm: arm/arm64: Close VMID generation race (bsc#1133021). - kvm: arm/arm64: Convert kvm_host_cpu_state to a static per-cpu allocation (bsc#1133021). - kvm: arm/arm64: Drop resource size check for GICV window (bsc#1133021). - kvm: arm/arm64: Fix VMID alloc race by reverting to lock-less (bsc#1133021). - kvm: arm/arm64: Fix lost IRQs from emulated physcial timer when blocked (bsc#1133021). - kvm: arm/arm64: Handle CPU_PM_ENTER_FAILED (bsc#1133021). - kvm: arm/arm64: Reduce verbosity of KVM init log (bsc#1133021). - kvm: arm/arm64: Set dist->spis to NULL after kfree (bsc#1133021). - kvm: arm/arm64: Skip updating PMD entry if no change (bsc#1133021). - kvm: arm/arm64: Skip updating PTE entry if no change (bsc#1133021). - kvm: arm/arm64: vgic-its: Fix potential overrun in vgic_copy_lpi_list (bsc#1133021). - kvm: arm/arm64: vgic-v3: Tighten synchronization for guests using v2 on v3 (bsc#1133021). - kvm: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending (bsc#1133021). - kvm: arm/arm64: vgic: Fix kvm_device leak in vgic_its_destroy (bsc#1133021). - kvm: arm64: Fix caching of host MDCR_EL2 value (bsc#1133021). - kvm: mmu: Fix overlap between public and private memslots (bsc#1133021). - kvm: nVMX: Remove unnecessary sync_roots from handle_invept (bsc#1145391). - kvm: nVMX: Use adjusted pin controls for vmcs02 (bsc#1145392). - kvm: nVMX: allow setting the VMFUNC controls MSR (bsc#1145389). - kvm: nVMX: do not use dangling shadow VMCS after guest reset (bsc#1145390). - kvm: x86/vPMU: refine kvm_pmu err msg when event creation failed (bsc#1145397). - kvm: x86: Do not update RIP or do single-step on faulting emulation (bsc#1149104). - kvm: x86: Unconditionally enable irqs in guest context (bsc#1145396). - kvm: x86: degrade WARN to pr_warn_ratelimited (bsc#1145409). - kvm: x86: fix backward migration with async_PF (bsc#1146074). - lan78xx: Fix memory leaks (bsc#1051510). - libata: add SG safety checks in SFF pio transfers (bsc#1051510). - libata: do not request sense data on !ZAC ATA devices (bsc#1051510). - libata: have ata_scsi_rw_xlat() fail invalid passthrough requests (bsc#1051510). - libata: zpodd: Fix small read overflow in zpodd_get_mech_type() (bsc#1051510). - libceph, rbd, ceph: move ceph_osdc_alloc_messages() calls (bsc#1135897). - libceph, rbd: add error handling for osd_req_op_cls_init() (bsc#1135897). - libceph, rbd: new bio handling code (aka do not clone bios) (bsc#1141450). - libceph: add osd_req_op_extent_osd_data_bvecs() (bsc#1141450). - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer (bsc#1148133). - libceph: assign cookies in linger_submit() (bsc#1135897). - libceph: check reply num_data_items in setup_request_data() (bsc#1135897). - libceph: do not consume a ref on pagelist in ceph_msg_data_add_pagelist() (bsc#1135897). - libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() (bsc#1135897). - libceph: fix PG split vs OSD (re)connect race (bsc#1148133). - libceph: handle zero-length data items (bsc#1141450). - libceph: introduce BVECS data type (bsc#1141450). - libceph: introduce alloc_watch_request() (bsc#1135897). - libceph: introduce ceph_pagelist_alloc() (bsc#1135897). - libceph: preallocate message data items (bsc#1135897). - libceph: use single request data item for cmp/setxattr (bsc#1139101). - libnvdimm/pfn: Store correct value of npfns in namespace superblock (bsc#1146381 ltc#180720). - liquidio: add cleanup in octeon_setup_iq() (bsc#1051510). - loop: set PF_MEMALLOC_NOIO for the worker thread (git fixes). - mac80211: do not WARN on short WMM parameters from AP (bsc#1051510). - mac80211: do not warn about CW params when not using them (bsc#1051510). - mac80211: fix possible memory leak in ieee80211_assign_beacon (bsc#1142635). - mac80211: fix possible sta leak (bsc#1051510). - macsec: fix checksumming after decryption (bsc#1051510). - macsec: fix use-after-free of skb during RX (bsc#1051510). - macsec: let the administrator set UP state even if lowerdev is down (bsc#1051510). - macsec: update operstate when lower device changes (bsc#1051510). - mailbox: handle failed named mailbox channel request (bsc#1051510). - md/raid: raid5 preserve the writeback action after the parity check (git fixes). - md: add mddev->pers to avoid potential NULL pointer dereference (git fixes). - media: au0828: fix null dereference in error path (bsc#1051510). - media: coda: Remove unbalanced and unneeded mutex unlock (bsc#1051510). - media: coda: fix last buffer handling in V4L2_ENC_CMD_STOP (bsc#1051510). - media: coda: fix mpeg2 sequence number handling (bsc#1051510). - media: coda: increment sequence offset for the last returned frame (bsc#1051510). - media: dvb: usb: fix use after free in dvb_usb_device_exit (bsc#1051510). - media: hdpvr: fix locking and a missing msleep (bsc#1051510). - media: media_device_enum_links32: clean a reserved field (bsc#1051510). - media: pvrusb2: use a different format for warnings (bsc#1051510). - media: spi: IR LED: add missing of table registration (bsc#1051510). - media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails (bsc#1051510). - media: vpss: fix a potential NULL pointer dereference (bsc#1051510). - media: wl128x: Fix some error handling in fm_v4l2_init_video_device() (bsc#1051510). - mfd: arizona: Fix undefined behavior (bsc#1051510). - mfd: core: Set fwnode for created devices (bsc#1051510). - mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk (bsc#1051510). - mfd: intel-lpss: Add Intel Comet Lake PCI IDs (jsc#SLE-4875). - mm, page_owner: handle THP splits correctly (bsc#1149197, VM Debugging Functionality). - mm/hmm: fix bad subpage pointer in try_to_unmap_one (bsc#1148202, HMM, VM Functionality). - mm/hotplug: fix offline undo_isolate_page_range() (bsc#1148196, VM Functionality). - mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node (bsc#1148379, VM Functionality). - mm/memcontrol.c: fix use after free in mem_cgroup_iter() (bsc#1149224, VM Functionality). - mm/memory.c: recheck page table entry with page table lock held (bsc#1148363, VM Functionality). - mm/migrate.c: initialize pud_entry in migrate_vma() (bsc#1148198, HMM, VM Functionality). - mm/mlock.c: change count_mm_mlocked_page_nr return type (bsc#1148527, VM Functionality). - mm/mlock.c: mlockall error for flag MCL_ONFAULT (bsc#1148527, VM Functionality). - mm/page_alloc.c: fix calculation of pgdat->nr_zones (bsc#1148192, VM Functionality). - mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy() (bsc#1118689). - mm/vmscan.c: fix trying to reclaim unevictable LRU page (bsc#1149214, VM Functionality). - mm: add filemap_fdatawait_range_keep_errors() (bsc#1148616). - mm: do not stall register_shrinker() (bsc#1104902, VM Performance). - mm: page_mapped: do not assume compound page is huge or THP (bsc#1148574, VM Functionality). - mmc: cavium: Add the missing dma unmap when the dma has finished (bsc#1051510). - mmc: cavium: Set the correct dma max segment size for mmc_host (bsc#1051510). - mmc: core: Fix init of SD cards reporting an invalid VDD range (bsc#1051510). - mmc: dw_mmc: Fix occasional hang after tuning on eMMC (bsc#1051510). - mmc: sdhci-of-at91: add quirk for broken HS200 (bsc#1051510). - mmc: sdhci-pci: Add support for Intel CML (jsc#SLE-4875). - mmc: sdhci-pci: Add support for Intel ICP (jsc#SLE-4875). - move a few externs to smbdirect.h to eliminate warning (bsc#1144333). - move core networking kabi patches to the end of the section - move irq_data_get_effective_affinity_mask prior the sorted section - mpls: fix warning with multi-label encap (bsc#1051510). - nbd: replace kill_bdev() with __invalidate_device() again (git fixes). - net/9p: include trans_common.h to fix missing prototype warning (bsc#1051510). - net/ibmvnic: Fix missing { in __ibmvnic_reset (bsc#1149652 ltc#179635). - net/ibmvnic: free reset work of removed device from queue (bsc#1149652 ltc#179635). - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command (bsc#1145678). - net/mlx5e: IPoIB, Add error path in mlx5_rdma_setup_rn (networking-stable-19_07_25). - net/smc: do not schedule tx_work in SMC_CLOSED state (bsc#1149963). - net/smc: original socket family in inet_sock_diag (bsc#1149959). - net: Fix netdev_WARN_ONCE macro (git-fixes). - net: Introduce netdev_*_once functions (networking-stable-19_07_25). - net: bcmgenet: use promisc for unsupported filters (networking-stable-19_07_25). - net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query (networking-stable-19_07_25). - net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling (networking-stable-19_07_25). - net: bridge: stp: do not cache eth dest pointer before skb pull (networking-stable-19_07_25). - net: dsa: mv88e6xxx: wait after reset deactivation (networking-stable-19_07_25). - net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1139020 bsc#1139021). - net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1139020 bsc#1139021). - net: ena: add ethtool function for changing io queue sizes (bsc#1139020 bsc#1139021). - net: ena: add good checksum counter (bsc#1139020 bsc#1139021). - net: ena: add handling of llq max tx burst size (bsc#1139020 bsc#1139021). - net: ena: add newline at the end of pr_err prints (bsc#1139020 bsc#1139021). - net: ena: add support for changing max_header_size in LLQ mode (bsc#1139020 bsc#1139021). - net: ena: allow automatic fallback to polling mode (bsc#1139020 bsc#1139021). - net: ena: allow queue allocation backoff when low on memory (bsc#1139020 bsc#1139021). - net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1139020 bsc#1139021). - net: ena: enable negotiating larger Rx ring size (bsc#1139020 bsc#1139021). - net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1139020 bsc#1139021). - net: ena: ethtool: revert 'add extra properties retrieval via get_priv_flags' (bsc#1139020 bsc#1139021). - net: ena: fix ena_com_fill_hash_function() implementation (bsc#1139020 bsc#1139021). - net: ena: fix incorrect test of supported hash function (bsc#1139020 bsc#1139021). - net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1139020 bsc#1139021). - net: ena: fix: Free napi resources when ena_up() fails (bsc#1139020 bsc#1139021). - net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1139020 bsc#1139021). - net: ena: gcc 8: fix compilation warning (bsc#1139020 bsc#1139021). - net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1139020 bsc#1139021). - net: ena: make ethtool show correct current and max queue sizes (bsc#1139020 bsc#1139021). - net: ena: optimise calculations for CQ doorbell (bsc#1139020 bsc#1139021). - net: ena: remove inline keyword from functions in *.c (bsc#1139020 bsc#1139021). - net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1139020 bsc#1139021). - net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1139020 bsc#1139021). - net: ena: use dev_info_once instead of static variable (bsc#1139020 bsc#1139021). - net: make skb_dst_force return true when dst is refcounted (networking-stable-19_07_25). - net: neigh: fix multiple neigh timer scheduling (networking-stable-19_07_25). - net: remove duplicate fetch in sock_getsockopt (networking-stable-19_07_02). - net: sched: verify that q!=NULL before setting q->flags (git-fixes). - net: stmmac: fixed new system time seconds value calculation (networking-stable-19_07_02). - net: stmmac: set IC bit when transmitting frames with HW timestamp (networking-stable-19_07_02). - net: usb: pegasus: fix improper read if get_registers() fail (bsc#1051510). - net_sched: unset TCQ_F_CAN_BYPASS when adding filters (networking-stable-19_07_25). - netrom: fix a memory leak in nr_rx_frame() (networking-stable-19_07_25). - netrom: hold sock when setting skb->destructor (networking-stable-19_07_25). - nfc: fix potential illegal memory access (bsc#1051510). - nfs: Cleanup if nfs_match_client is interrupted (bsc#1134291). - nfs: Fix a double unlock from nfs_match,get_client (bsc#1134291). - nfs: Fix the inode request accounting when pages have subrequests (bsc#1140012). - nfs: make nfs_match_client killable (bsc#1134291). - nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header (git fixes). - nvme-core: Fix extra device_put() call on error path (bsc#1142541). - nvme-fc: fix module unloads while lports still pending (bsc#1150033). - nvme-multipath: fix ana log nsid lookup when nsid is not found (bsc#1141554). - nvme-multipath: relax ANA state check (bsc#1123105). - nvme-multipath: revalidate nvme_ns_head gendisk in nvme_validate_ns (bsc#1120876). - nvme: Return BLK_STS_TARGET if the DNR bit is set (bsc#1142076). - nvme: cancel request synchronously (bsc#1145661). - nvme: change locking for the per-subsystem controller list (bsc#1142541). - nvme: fix possible use-after-free in connect error flow (bsc#1139500, bsc#1140426) - nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN (bsc#1146938). - objtool: Add rewind_stack_do_exit() to the noreturn list (bsc#1145302). - objtool: Support GCC 9 cold subfunction naming scheme (bsc#1145300). - octeon_mgmt: Fix MIX registers configuration on MTU setup (bsc#1051510). - pci: PM/ACPI: Refresh all stale power state data in pci_pm_complete() (bsc#1149106). - pci: Restore Resizable BAR size bits correctly for 1MB BARs (bsc#1143841). - pci: hv: Fix panic by calling hv_pci_remove_slots() earlier (bsc#1142701). - pci: qcom: Ensure that PERST is asserted for at least 100 ms (bsc#1142635). - pci: xilinx-nwl: Fix Multi MSI data programming (bsc#1142635). - phy: qcom-qusb2: Fix crash if nvmem cell not specified (bsc#1051510). - phy: renesas: rcar-gen2: Fix memory leak at error paths (bsc#1051510). - pinctrl: pistachio: fix leaked of_node references (bsc#1051510). - pinctrl: rockchip: fix leaked of_node references (bsc#1051510). - pm / devfreq: rk3399_dmc: Pass ODT and auto power down parameters to TF-A (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: do not print error when get supply and clk defer (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: fix spelling mistakes (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: remove unneeded semicolon (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: remove wait for dcf irq event (bsc#1144718,bsc#1144813). - pm / devfreq: rockchip-dfi: Move GRF definitions to a common place (bsc#1144718,bsc#1144813). - pm / opp: OF: Use pr_debug() instead of pr_err() while adding OPP table (jsc#SLE-7294). - powerpc/64s: Include cpu header (bsc#1065729). - powerpc/64s: support nospectre_v2 cmdline option (bsc#1131107). - powerpc/book3s/64: check for NULL pointer in pgd_alloc() (bsc#1078248, git-fixes). - powerpc/fadump: Do not allow hot-remove memory from fadump reserved area (bsc#1120937). - powerpc/fadump: Reservationless firmware assisted dump (bsc#1120937). - powerpc/fadump: Throw proper error message on fadump registration failure (bsc#1120937). - powerpc/fadump: use kstrtoint to handle sysfs store (bsc#1146376). - powerpc/fadump: when fadump is supported register the fadump sysfs files (bsc#1146352). - powerpc/fsl: Add nospectre_v2 command line argument (bsc#1131107). - powerpc/fsl: Update Spectre v2 reporting (bsc#1131107). - powerpc/kdump: Handle crashkernel memory reservation failure (bsc#1143466 LTC#179600). - powerpc/lib: Fix feature fixup test of external branch (bsc#1065729). - powerpc/mm/hash/4k: Do not use 64K page size for vmemmap with 4K pagesize (bsc#1142685 LTC#179509). - powerpc/mm/radix: Use the right page size for vmemmap mapping (bsc#1055117 bsc#1142685 LTC#179509). - powerpc/mm: Handle page table allocation failures (bsc#1065729). - powerpc/perf: Add constraints for power9 l2/l3 bus events (bsc#1056686). - powerpc/perf: Add mem access events to sysfs (bsc#1124370). - powerpc/perf: Cleanup cache_sel bits comment (bsc#1056686). - powerpc/perf: Fix thresholding counter data for unknown type (bsc#1056686). - powerpc/perf: Remove PM_BR_CMPL_ALT from power9 event list (bsc#1047238, bsc#1056686). - powerpc/perf: Update perf_regs structure to include SIER (bsc#1056686). - powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler (bsc#1065729). - powerpc/powernv: Flush console before platform error reboot (bsc#1149940 ltc#179958). - powerpc/powernv: Return for invalid IMC domain (bsc1054914, git-fixes). - powerpc/powernv: Use kernel crash path for machine checks (bsc#1149940 ltc#179958). - powerpc/pseries, ps3: panic flush kernel messages before halting system (bsc#1149940 ltc#179958). - powerpc/pseries: Fix xive=off command line (bsc#1085030, git-fixes). - powerpc/pseries: add missing cpumask.h include file (bsc#1065729). - powerpc/pseries: correctly track irq state in default idle (bsc#1150727 ltc#178925). - powerpc/rtas: use device model APIs and serialization during LPM (bsc#1144123 ltc#178840). - powerpc/security: Show powerpc_security_features in debugfs (bsc#1131107). - powerpc/xive: Fix dump of XIVE interrupt under pseries (bsc#1142019). - powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask() (bsc#1085030, bsc#1145189, LTC#179762). - powerpc/xmon: Add a dump of all XIVE interrupts (bsc#1142019). - powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL (bsc#1142019). - powerpc: Allow flush_(inval_)dcache_range to work across ranges >4GB (bsc#1146575 ltc#180764). - powerpc: dump kernel log before carrying out fadump or kdump (bsc#1149940 ltc#179958). - qede: fix write to free'd pointer error and double free of ptp (bsc#1051510). - qlge: Deduplicate lbq_buf_size (bsc#1106061). - qlge: Deduplicate rx buffer queue management (bsc#1106061). - qlge: Factor out duplicated expression (bsc#1106061). - qlge: Fix dma_sync_single calls (bsc#1106061). - qlge: Fix irq masking in INTx mode (bsc#1106061). - qlge: Refill empty buffer queues from wq (bsc#1106061). - qlge: Refill rx buffers up to multiple of 16 (bsc#1106061). - qlge: Remove bq_desc.maplen (bsc#1106061). - qlge: Remove irq_cnt (bsc#1106061). - qlge: Remove page_chunk.last_flag (bsc#1106061). - qlge: Remove qlge_bq.len & size (bsc#1106061). - qlge: Remove rx_ring.sbq_buf_size (bsc#1106061). - qlge: Remove rx_ring.type (bsc#1106061). - qlge: Remove useless dma synchronization calls (bsc#1106061). - qlge: Remove useless memset (bsc#1106061). - qlge: Replace memset with assignment (bsc#1106061). - qlge: Update buffer queue prod index despite oom (bsc#1106061). - rbd: do not (ab)use obj_req->pages for stat requests (bsc#1141450). - rbd: do not NULL out ->obj_request in rbd_img_obj_parent_read_full() (bsc#1141450). - rbd: get rid of img_req->copyup_pages (bsc#1141450). - rbd: move from raw pages to bvec data descriptors (bsc#1141450). - rbd: remove bio cloning helpers (bsc#1141450). - rbd: start enums at 1 instead of 0 (bsc#1141450). - rbd: use kmem_cache_zalloc() in rbd_img_request_create() (bsc#1141450). - regmap: fix bulk writes on paged registers (bsc#1051510). - regulator: qcom_spmi: Fix math of spmi_regulator_set_voltage_time_sel (bsc#1051510). - rename patches according to their names in SLE15-SP1. - rpm/kernel-binary.spec.in: Enable missing modules check. - rpm/kernel-binary.spec.in: Enable missing modules check. - rpmsg: added MODULE_ALIAS for rpmsg_char (bsc#1051510). - rpmsg: smd: do not use mananged resources for endpoints and channels (bsc#1051510). - rpmsg: smd: fix memory leak on channel create (bsc#1051510). - rsi: improve kernel thread handling to fix kernel panic (bsc#1051510). - rslib: Fix decoding of shortened codes (bsc#1051510). - rslib: Fix handling of of caller provided syndrome (bsc#1051510). - rtc: pcf8523: do not return invalid date when battery is low (bsc#1051510). - rxrpc: Fix send on a connected, but unbound socket (networking-stable-19_07_25). - s390/cio: fix ccw_device_start_timeout API (bsc#1142109 LTC#179339). - s390/dasd: fix endless loop after read unit address configuration (bsc#1144912 LTC#179907). - s390/qdio: handle PENDING state for QEBSM devices (bsc#1142117 bsc#1142118 bsc#1142119 LTC#179329 LTC#179330 LTC#179331). - s390/qeth: avoid control IO completion stalls (bsc#1142109 LTC#179339). - s390/qeth: cancel cmd on early error (bsc#1142109 LTC#179339). - s390/qeth: fix request-side race during cmd IO timeout (bsc#1142109 LTC#179339). - s390/qeth: release cmd buffer in error paths (bsc#1142109 LTC#179339). - s390/qeth: simplify reply object handling (bsc#1142109 LTC#179339). - samples, bpf: fix to change the buffer size for read() (bsc#1051510). - samples: mei: use /dev/mei0 instead of /dev/mei (bsc#1051510). - sched/fair: Do not free p->numa_faults with concurrent readers (bsc#1144920). - sched/fair: Use RCU accessors consistently for ->numa_group (bsc#1144920). - scripts/checkstack.pl: Fix arm64 wrong or unknown architecture (bsc#1051510). - scripts/decode_stacktrace.sh: prefix addr2line with $CROSS_COMPILE (bsc#1051510). - scripts/decode_stacktrace: only strip base path when a prefix of the path (bsc#1051510). - scripts/gdb: fix lx-version string output (bsc#1051510). - scripts/git_sort/git_sort.py: - scsi: NCR5380: Always re-enable reselection interrupt (git-fixes). - scsi: aacraid: Fix missing break in switch statement (git-fixes). - scsi: aacraid: Fix performance issue on logical drives (git-fixes). - scsi: aic94xx: fix an error code in aic94xx_init() (git-fixes). - scsi: aic94xx: fix module loading (git-fixes). - scsi: bfa: convert to strlcpy/strlcat (git-fixes). - scsi: bnx2fc: Fix NULL dereference in error handling (git-fixes). - scsi: bnx2fc: fix incorrect cast to u64 on shift operation (git-fixes). - scsi: core: Fix race on creating sense cache (git-fixes). - scsi: core: Synchronize request queue PM status only on successful resume (git-fixes). - scsi: core: set result when the command cannot be dispatched (git-fixes). - scsi: cxlflash: Mark expected switch fall-throughs (bsc#1148868). - scsi: cxlflash: Prevent deadlock when adapter probe fails (git-fixes). - scsi: esp_scsi: Track residual for PIO transfers (git-fixes) Also, mitigate kABI changes. - scsi: fas216: fix sense buffer initialization (git-fixes). - scsi: isci: initialize shost fully before calling scsi_add_host() (git-fixes). - scsi: libfc: fix null pointer dereference on a null lport (git-fixes). - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached (git-fixes). - scsi: mac_scsi: Fix pseudo DMA implementation, take 2 (git-fixes). - scsi: mac_scsi: Increase PIO/PDMA transfer length threshold (git-fixes). - scsi: megaraid: fix out-of-bound array accesses (git-fixes). - scsi: megaraid_sas: Fix calculation of target ID (git-fixes). - scsi: ncr5380: revert 'Increase register polling limit' (git-fixes). - scsi: qedf: Add debug information for unsolicited processing (bsc#1149976). - scsi: qedf: Add shutdown callback handler (bsc#1149976). - scsi: qedf: Add support for 20 Gbps speed (bsc#1149976). - scsi: qedf: Check both the FCF and fabric ID before servicing clear virtual link (bsc#1149976). - scsi: qedf: Check for link state before processing LL2 packets and send fipvlan retries (bsc#1149976). - scsi: qedf: Check for module unloading bit before processing link update AEN (bsc#1149976). - scsi: qedf: Decrease the LL2 MTU size to 2500 (bsc#1149976). - scsi: qedf: Fix race betwen fipvlan request and response path (bsc#1149976). - scsi: qedf: Initiator fails to re-login to switch after link down (bsc#1149976). - scsi: qedf: Print message during bailout conditions (bsc#1149976). - scsi: qedf: Stop sending fipvlan request on unload (bsc#1149976). - scsi: qedf: Update module description string (bsc#1149976). - scsi: qedf: Update the driver version to 8.37.25.20 (bsc#1149976). - scsi: qedf: Update the version to 8.42.3.0 (bsc#1149976). - scsi: qedf: Use discovery list to traverse rports (bsc#1149976). - scsi: qedf: remove memset/memcpy to nfunc and use func instead (git-fixes). - scsi: qedf: remove set but not used variables (bsc#1149976). - scsi: qedi: remove declaration of nvm_image from stack (git-fixes). - scsi: qla2xxx: Add cleanup for PCI EEH recovery (bsc#1129424). - scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory (git-fixes). - scsi: qla2xxx: Fix a format specifier (git-fixes). - scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() (git-fixes). - scsi: qla2xxx: Fix device staying in blocked state (git-fixes). - scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() (git-fixes). - scsi: qla2xxx: Unregister chrdev if module initialization fails (git-fixes). - scsi: qla4xxx: avoid freeing unallocated dma memory (git-fixes). - scsi: raid_attrs: fix unused variable warning (git-fixes). - scsi: scsi_dh_alua: Fix possible null-ptr-deref (git-fixes). - scsi: sd: Defer spinning up drive while SANITIZE is in progress (git-fixes). - scsi: sd: Fix a race between closing an sd device and sd I/O (git-fixes). - scsi: sd: Fix cache_type_store() (git-fixes). - scsi: sd: Optimal I/O size should be a multiple of physical block size (git-fixes). - scsi: sd: Quiesce warning if device does not report optimal I/O size (git-fixes). - scsi: sd: use mempool for discard special page (git-fixes). - scsi: sd_zbc: Fix potential memory leak (git-fixes). - scsi: smartpqi: unlock on error in pqi_submit_raid_request_synchronous() (git-fixes). - scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled (git-fixes). - scsi: ufs: Avoid runtime suspend possibly being blocked forever (git-fixes). - scsi: ufs: Check that space was properly alloced in copy_query_response (git-fixes). - scsi: ufs: Fix NULL pointer dereference in ufshcd_config_vreg_hpm() (git-fixes). - scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value (git-fixes). - scsi: ufs: fix wrong command type of UTRD for UFSHCI v2.1 (git-fixes). - scsi: ufs: revert 'disable vccq if it's not needed by UFS device' (git-fixes). - scsi: use dma_get_cache_alignment() as minimum DMA alignment (git-fixes). - scsi: virtio_scsi: do not send sc payload with tmfs (git-fixes). - sctp: change to hold sk after auth shkey is created successfully (networking-stable-19_07_02). - serial: 8250: Fix TX interrupt handling condition (bsc#1051510). - signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig (bsc#1144333). - sis900: fix TX completion (bsc#1051510). - sky2: Disable MSI on ASUS P6T (bsc#1142496). - smb2: fix missing files in root share directory listing (bsc#1112907, bsc#1144333). - smb2: fix typo in definition of a few error flags (bsc#1144333). - smb2: fix uninitialized variable bug in smb2_ioctl_query_info (bsc#1144333). - smb3 - clean up debug output displaying network interfaces (bsc#1144333). - smb3.1.1: Add GCM crypto to the encrypt and decrypt functions (bsc#1144333). - smb3.11: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - smb311: Fix reconnect (bsc#1051510, bsc#1144333). - smb311: Improve checking of negotiate security contexts (bsc#1051510, bsc#1144333). - smb3: Add SMB3.1.1 GCM to negotiated crypto algorigthms (bsc#1144333). - smb3: Add debug message later in smb2/smb3 reconnect path (bsc#1144333). - smb3: Add defines for new negotiate contexts (bsc#1144333). - smb3: Add dynamic trace points for various compounded smb3 ops (bsc#1144333). - smb3: Add ftrace tracepoints for improved SMB3 debugging (bsc#1144333). - smb3: Add handling for different FSCTL access flags (bsc#1144333). - smb3: Add posix create context for smb3.11 posix mounts (bsc#1144333). - smb3: Add protocol structs for change notify support (bsc#1144333). - smb3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510, bsc#1144333). - smb3: Add tracepoints for read, write and query_dir enter (bsc#1144333). - smb3: Allow SMB3 FSCTL queries to be sent to server from tools (bsc#1144333). - smb3: Allow persistent handle timeout to be configurable on mount (bsc#1144333). - smb3: Allow query of symlinks stored as reparse points (bsc#1144333). - smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510, bsc#1144333). - smb3: Backup intent flag missing from compounded ops (bsc#1144333). - smb3: Clean up query symlink when reparse point (bsc#1144333). - smb3: Cleanup license mess (bsc#1144333). - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bsc#1085536, bsc#1144333). - smb3: Do not send SMB3 SET_INFO if nothing changed (bsc#1051510, bsc#1144333). - smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510, bsc#1144333). - smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510, bsc#1144333). - smb3: Fix deadlock in validate negotiate hits reconnect (bsc#1144333). - smb3: Fix endian warning (bsc#1144333, bsc#1137884). - smb3: Fix enumerating snapshots to Azure (bsc#1144333). - smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510, bsc#1144333). - smb3: Fix mode on mkdir on smb311 mounts (bsc#1144333). - smb3: Fix potential memory leak when processing compound chain (bsc#1144333). - smb3: Fix rmdir compounding regression to strict servers (bsc#1144333). - smb3: Fix root directory when server returns inode number of zero (bsc#1051510, bsc#1144333). - smb3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL (bsc#1144333). - smb3: Log at least once if tree connect fails during reconnect (bsc#1144333). - smb3: Number of requests sent should be displayed for SMB3 not just CIFS (bsc#1144333). - smb3: Send netname context during negotiate protocol (bsc#1144333). - smb3: Track total time spent on roundtrips for each SMB3 command (bsc#1144333). - smb3: Update POSIX negotiate context with POSIX ctxt GUID (bsc#1144333). - smb3: Validate negotiate request must always be signed (bsc#1064597, bsc#1144333). - smb3: Warn user if trying to sign connection that authenticated as guest (bsc#1085536, bsc#1144333). - smb3: add additional ftrace entry points for entry/exit to cifs.ko (bsc#1144333). - smb3: add credits we receive from oplock/break PDUs (bsc#1144333). - smb3: add debug for unexpected mid cancellation (bsc#1144333). - smb3: add define for id for posix create context and corresponding struct (bsc#1144333). - smb3: add dynamic trace point for query_info_enter/done (bsc#1144333). - smb3: add dynamic trace point for smb3_cmd_enter (bsc#1144333). - smb3: add dynamic tracepoint for timeout waiting for credits (bsc#1144333). - smb3: add dynamic tracepoints for simple fallocate and zero range (bsc#1144333). - smb3: add missing read completion trace point (bsc#1144333). - smb3: add module alias for smb3 to cifs.ko (bsc#1144333). - smb3: add new mount option to retrieve mode from special ACE (bsc#1144333). - smb3: add reconnect tracepoints (bsc#1144333). - smb3: add smb3.1.1 to default dialect list (bsc#1144333). - smb3: add support for posix negotiate context (bsc#1144333). - smb3: add support for statfs for smb3.1.1 posix extensions (bsc#1144333). - smb3: add trace point for tree connection (bsc#1144333). - smb3: add tracepoint for sending lease break responses to server (bsc#1144333). - smb3: add tracepoint for session expired or deleted (bsc#1144333). - smb3: add tracepoint for slow responses (bsc#1144333). - smb3: add tracepoint to catch cases where credit refund of failed op overlaps reconnect (bsc#1144333). - smb3: add tracepoints for query dir (bsc#1144333). - smb3: add tracepoints for smb2/smb3 open (bsc#1144333). - smb3: add way to control slow response threshold for logging and stats (bsc#1144333). - smb3: allow more detailed protocol info on open files for debugging (bsc#1144333). - smb3: allow posix mount option to enable new SMB311 protocol extensions (bsc#1144333). - smb3: allow previous versions to be mounted with snapshot= mount parm (bsc#1144333). - smb3: allow stats which track session and share reconnects to be reset (bsc#1051510, bsc#1144333). - smb3: check for and properly advertise directory lease support (bsc#1051510, bsc#1144333). - smb3: create smb3 equivalent alias for cifs pseudo-xattrs (bsc#1144333). - smb3: directory sync should not return an error (bsc#1051510, bsc#1144333). - smb3: display bytes_read and bytes_written in smb3 stats (bsc#1144333). - smb3: display security information in /proc/fs/cifs/DebugData more accurately (bsc#1144333). - smb3: display session id in debug data (bsc#1144333). - smb3: display stats counters for number of slow commands (bsc#1144333). - smb3: display volume serial number for shares in /proc/fs/cifs/DebugData (bsc#1144333). - smb3: do not allow insecure cifs mounts when using smb3 (bsc#1144333). - smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510, bsc#1144333). - smb3: do not display confusing message on mount to Azure servers (bsc#1144333). - smb3: do not display empty interface list (bsc#1144333). - smb3: do not request leases in symlink creation and query (bsc#1051510, bsc#1144333). - smb3: do not send compression info by default (bsc#1144333). - smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510, bsc#1144333). - smb3: fill in statfs fsid and correct namelen (bsc#1112905, bsc#1144333). - smb3: fix bytes_read statistics (bsc#1144333). - smb3: fix corrupt path in subdirs on smb311 with posix (bsc#1144333). - smb3: fix large reads on encrypted connections (bsc#1144333). - smb3: fix lease break problem introduced by compounding (bsc#1144333). - smb3: fix minor debug output for CONFIG_CIFS_STATS (bsc#1144333). - smb3: fix redundant opens on root (bsc#1144333). - smb3: fix reset of bytes read and written stats (bsc#1112906, bsc#1144333). - smb3: fix various xid leaks (bsc#1051510, bsc#1144333). - smb3: for kerberos mounts display the credential uid used (bsc#1144333). - smb3: handle new statx fields (bsc#1085536, bsc#1144333). - smb3: if max_credits is specified then display it in /proc/mounts (bsc#1144333). - smb3: if server does not support posix do not allow posix mount option (bsc#1144333). - smb3: improve dynamic tracing of open and posix mkdir (bsc#1144333). - smb3: increase initial number of credits requested to allow write (bsc#1144333). - smb3: make default i/o size for smb3 mounts larger (bsc#1144333). - smb3: minor cleanup of compound_send_recv (bsc#1144333). - smb3: minor debugging clarifications in rfc1001 len processing (bsc#1144333). - smb3: minor missing defines relating to reparse points (bsc#1144333). - smb3: missing defines and structs for reparse point handling (bsc#1144333). - smb3: note that smb3.11 posix extensions mount option is experimental (bsc#1144333). - smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510, bsc#1144333). - smb3: on reconnect set PreviousSessionId field (bsc#1112899, bsc#1144333). - smb3: optimize open to not send query file internal info (bsc#1144333). - smb3: passthru query info does not check for SMB3 FSCTL passthru (bsc#1144333). - smb3: print tree id in debugdata in proc to be able to help logging (bsc#1144333). - smb3: query inode number on open via create context (bsc#1144333). - smb3: remove noisy warning message on mount (bsc#1129664, bsc#1144333). - smb3: remove per-session operations from per-tree connection stats (bsc#1144333). - smb3: rename encryption_required to smb3_encryption_required (bsc#1144333). - smb3: request more credits on normal (non-large read/write) ops (bsc#1144333). - smb3: request more credits on tree connect (bsc#1144333). - smb3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write (bsc#1144333). - smb3: send CAP_DFS capability during session setup (bsc#1144333). - smb3: send backup intent on compounded query info (bsc#1144333). - smb3: show number of current open files in /proc/fs/cifs/Stats (bsc#1144333). - smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510, bsc#1144333). - smb3: smbdirect no longer experimental (bsc#1144333). - smb3: snapshot mounts are read-only and make sure info is displayable about the mount (bsc#1144333). - smb3: track the instance of each session for debugging (bsc#1144333). - smb3: trivial cleanup to smb2ops.c (bsc#1144333). - smb3: update comment to clarify enumerating snapshots (bsc#1144333). - smb3: update default requested iosize to 4MB from 1MB for recent dialects (bsc#1144333). - smb: Validate negotiate (to protect against downgrade) even if signing off (bsc#1085536, bsc#1144333). - smb: fix leak of validate negotiate info response buffer (bsc#1064597, bsc#1144333). - smb: fix validate negotiate info uninitialised memory use (bsc#1064597, bsc#1144333). - smbd: Make upper layer decide when to destroy the transport (bsc#1144333). - smpboot: Place the __percpu annotation correctly (git fixes). - soc: rockchip: power-domain: Add a sanity check on pd->num_clks (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: Use of_clk_get_parent_count() instead of open coding (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: use clk_bulk APIs (bsc#1144718,bsc#1144813). - sound: fix a memory leak bug (bsc#1051510). - spi: bcm2835aux: fix corruptions for longer spi transfers (bsc#1051510). - spi: bcm2835aux: remove dangerous uncontrolled read of fifo (bsc#1051510). - spi: bcm2835aux: unifying code between polling and interrupt driven code (bsc#1051510). - st21nfca_connectivity_event_received: null check the allocation (bsc#1051510). - st_nci_hci_connectivity_event_received: null check the allocation (bsc#1051510). - staging: comedi: dt3000: Fix rounding up of timer divisor (bsc#1051510). - staging: comedi: dt3000: Fix signed integer overflow 'divider * base' (bsc#1051510). - supported.conf: Add missing modules (bsc#1066369). - supported.conf: Add missing modules (bsc#1066369). - supported.conf: Add raspberrypi-cpufreq (jsc#SLE-7294). - supported.conf: Remove duplicate drivers/ata/libahci_platform - supported.conf: Sort alphabetically, align comments. - supported.conf: Sort alphabetically, align comments. - tcp: Reset bytes_acked and bytes_received when disconnecting (networking-stable-19_07_25). - test_firmware: fix a memory leak bug (bsc#1051510). - tipc: change to use register_pernet_device (networking-stable-19_07_02). - tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete (bsc#1082555). - tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations (bsc#1082555). - tpm: Fix off-by-one when reading binary_bios_measurements (bsc#1082555). - tpm: Unify the send callback behaviour (bsc#1082555). - tpm: vtpm_proxy: Suppress error logging when in closed state (bsc#1082555). - tracing: Fix header include guards in trace event headers (bsc#1144474). - treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 231 (bsc#1144333). - tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop (bsc#1051510). - tty/serial: digicolor: Fix digicolor-usart already registered warning (bsc#1051510). - tty: max310x: Fix invalid baudrate divisors calculator (bsc#1051510). - tty: serial: msm_serial: avoid system lockup condition (bsc#1051510). - tua6100: Avoid build warnings (bsc#1051510). - tun: wake up waitqueues after IFF_UP is set (networking-stable-19_07_02). - udf: Fix incorrect final NOT_ALLOCATED (hole) extent length (bsc#1148617). - update internal version number for cifs.ko (bsc#1144333). - usb-storage: Add new JMS567 revision to unusual_devs (bsc#1051510). - usb: CDC: fix sanity checks in CDC union parser (bsc#1142635). - usb: Handle USB3 remote wakeup for LPM enabled devices correctly (bsc#1051510). - usb: cdc-acm: make sure a refcount is taken early enough (bsc#1142635). - usb: cdc-wdm: fix race between write and disconnect due to flag abuse (bsc#1051510). - usb: chipidea: udc: do not do hardware access if gadget has stopped (bsc#1051510). - usb: core: Fix races in character device registration and deregistraion (bsc#1051510). - usb: core: hub: Disable hub-initiated U1/U2 (bsc#1051510). - usb: gadget: composite: Clear 'suspended' on reset/disconnect (bsc#1051510). - usb: gadget: udc: renesas_usb3: Fix sysfs interface of 'role' (bsc#1142635). - usb: host: fotg2: restart hcd after port reset (bsc#1051510). - usb: host: ohci: fix a race condition between shutdown and irq (bsc#1051510). - usb: host: xhci-rcar: Fix timeout in xhci_suspend() (bsc#1051510). - usb: host: xhci: rcar: Fix typo in compatible string matching (bsc#1051510). - usb: iowarrior: fix deadlock on disconnect (bsc#1051510). - usb: serial: option: Add Motorola modem UARTs (bsc#1051510). - usb: serial: option: Add support for ZTE MF871A (bsc#1051510). - usb: serial: option: add D-Link DWM-222 device ID (bsc#1051510). - usb: serial: option: add the BroadMobi BM818 card (bsc#1051510). - usb: storage: ums-realtek: Update module parameter description for auto_delink_en (bsc#1051510). - usb: storage: ums-realtek: Whitelist auto-delink support (bsc#1051510). - usb: usbfs: fix double-free of usb memory upon submiturb error (bsc#1051510). - usb: wusbcore: fix unbalanced get/put cluster_id (bsc#1051510). - usb: yurex: Fix use-after-free in yurex_delete (bsc#1051510). - vfs: fix page locking deadlocks when deduping files (bsc#1148619). - vmci: Release resource if the work is already queued (bsc#1051510). - vrf: make sure skb->data contains ip header to make routing (networking-stable-19_07_25). - watchdog: bcm2835_wdt: Fix module autoload (bsc#1051510). - watchdog: core: fix null pointer dereference when releasing cdev (bsc#1051510). - watchdog: f71808e_wdt: fix F81866 bit operation (bsc#1051510). - watchdog: fix compile time error of pretimeout governors (bsc#1051510). - wimax/i2400m: fix a memory leak bug (bsc#1051510). - x86/boot: Fix memory leak in default_get_smp_config() (bsc#1114279). - x86/entry/64/compat: Fix stack switching for XEN PV (bsc#1108382). - x86/microcode: Fix the microcode load on CPU hotplug for real (bsc#1114279). - x86/mm: Check for pfn instead of page in vmalloc_sync_one() (bsc#1118689). - x86/mm: Sync also unmappings in vmalloc_sync_all() (bsc#1118689). - x86/speculation/mds: Apply more accurate check on hypervisor platform (bsc#1114279). - x86/speculation: Allow guests to use SSBD even if host does not (bsc#1114279). - x86/unwind: Add hardcoded ORC entry for NULL (bsc#1114279). - x86/unwind: Handle NULL pointer calls better in frame unwinder (bsc#1114279). - xen/swiotlb: fix condition for calling xen_destroy_contiguous_region() (bsc#1065600). - xfrm: Fix NULL pointer dereference in xfrm_input when skb_dst_force clears the dst_entry (bsc#1143300). - xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry (bsc#1143300). - xfrm: Fix bucket count reported to userspace (bsc#1143300). - xfrm: Fix error return code in xfrm_output_one() (bsc#1143300). - xfs: do not crash on null attr fork xfs_bmapi_read (bsc#1148035). - xfs: do not trip over uninitialized buffer on extent read of corrupted inode (bsc#1149053). - xfs: dump transaction usage details on log reservation overrun (bsc#1145235). - xfs: eliminate duplicate icreate tx reservation functions (bsc#1145235). - xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT (bsc#1148032). - xfs: fix semicolon.cocci warnings (bsc#1145235). - xfs: fix up agi unlinked list reservations (bsc#1145235). - xfs: include an allocfree res for inobt modifications (bsc#1145235). - xfs: include inobt buffers in ifree tx log reservation (bsc#1145235). - xfs: print transaction log reservation on overrun (bsc#1145235). - xfs: refactor inode chunk alloc/free tx reservation (bsc#1145235). - xfs: refactor xlog_cil_insert_items() to facilitate transaction dump (bsc#1145235). - xfs: remove more ondisk directory corruption asserts (bsc#1148034). - xfs: separate shutdown from ticket reservation print helper (bsc#1145235). - xfs: truncate transaction does not modify the inobt (bsc#1145235). Important SUSE bug 1047238 SUSE bug 1050911 SUSE bug 1051510 SUSE bug 1054914 SUSE bug 1055117 SUSE bug 1056686 SUSE bug 1060662 SUSE bug 1061840 SUSE bug 1061843 SUSE bug 1064597 SUSE bug 1064701 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1066369 SUSE bug 1071009 SUSE bug 1071306 SUSE bug 1078248 SUSE bug 1082555 SUSE bug 1085030 SUSE bug 1085536 SUSE bug 1085539 SUSE bug 1086103 SUSE bug 1087092 SUSE bug 1090734 SUSE bug 1091171 SUSE bug 1093205 SUSE bug 1102097 SUSE bug 1104902 SUSE bug 1106061 SUSE bug 1106284 SUSE bug 1106434 SUSE bug 1108382 SUSE bug 1112178 SUSE bug 1112894 SUSE bug 1112899 SUSE bug 1112902 SUSE bug 1112903 SUSE bug 1112905 SUSE bug 1112906 SUSE bug 1112907 SUSE bug 1113722 SUSE bug 1114279 SUSE bug 1114542 SUSE bug 1118689 SUSE bug 1119086 SUSE bug 1120876 SUSE bug 1120902 SUSE bug 1120937 SUSE bug 1123105 SUSE bug 1123959 SUSE bug 1124370 SUSE bug 1129424 SUSE bug 1129519 SUSE bug 1129664 SUSE bug 1131107 SUSE bug 1131281 SUSE bug 1131565 SUSE bug 1133021 SUSE bug 1134291 SUSE bug 1134881 SUSE bug 1134882 SUSE bug 1135219 SUSE bug 1135642 SUSE bug 1135897 SUSE bug 1136261 SUSE bug 1137069 SUSE bug 1137884 SUSE bug 1138539 SUSE bug 1139020 SUSE bug 1139021 SUSE bug 1139101 SUSE bug 1139500 SUSE bug 1140012 SUSE bug 1140426 SUSE bug 1140487 SUSE bug 1141013 SUSE bug 1141450 SUSE bug 1141543 SUSE bug 1141554 SUSE bug 1142019 SUSE bug 1142076 SUSE bug 1142109 SUSE bug 1142117 SUSE bug 1142118 SUSE bug 1142119 SUSE bug 1142496 SUSE bug 1142541 SUSE bug 1142635 SUSE bug 1142685 SUSE bug 1142701 SUSE bug 1142857 SUSE bug 1143300 SUSE bug 1143466 SUSE bug 1143765 SUSE bug 1143841 SUSE bug 1143843 SUSE bug 1144123 SUSE bug 1144333 SUSE bug 1144474 SUSE bug 1144518 SUSE bug 1144718 SUSE bug 1144813 SUSE bug 1144880 SUSE bug 1144886 SUSE bug 1144912 SUSE bug 1144920 SUSE bug 1144979 SUSE bug 1145010 SUSE bug 1145024 SUSE bug 1145051 SUSE bug 1145059 SUSE bug 1145189 SUSE bug 1145235 SUSE bug 1145300 SUSE bug 1145302 SUSE bug 1145388 SUSE bug 1145389 SUSE bug 1145390 SUSE bug 1145391 SUSE bug 1145392 SUSE bug 1145393 SUSE bug 1145394 SUSE bug 1145395 SUSE bug 1145396 SUSE bug 1145397 SUSE bug 1145408 SUSE bug 1145409 SUSE bug 1145661 SUSE bug 1145678 SUSE bug 1145687 SUSE bug 1145920 SUSE bug 1145922 SUSE bug 1145934 SUSE bug 1145937 SUSE bug 1145940 SUSE bug 1145941 SUSE bug 1145942 SUSE bug 1146074 SUSE bug 1146084 SUSE bug 1146163 SUSE bug 1146285 SUSE bug 1146346 SUSE bug 1146351 SUSE bug 1146352 SUSE bug 1146361 SUSE bug 1146368 SUSE bug 1146376 SUSE bug 1146378 SUSE bug 1146381 SUSE bug 1146391 SUSE bug 1146399 SUSE bug 1146413 SUSE bug 1146425 SUSE bug 1146516 SUSE bug 1146519 SUSE bug 1146524 SUSE bug 1146526 SUSE bug 1146529 SUSE bug 1146531 SUSE bug 1146543 SUSE bug 1146547 SUSE bug 1146550 SUSE bug 1146575 SUSE bug 1146589 SUSE bug 1146678 SUSE bug 1146938 SUSE bug 1148031 SUSE bug 1148032 SUSE bug 1148033 SUSE bug 1148034 SUSE bug 1148035 SUSE bug 1148093 SUSE bug 1148133 SUSE bug 1148192 SUSE bug 1148196 SUSE bug 1148198 SUSE bug 1148202 SUSE bug 1148303 SUSE bug 1148363 SUSE bug 1148379 SUSE bug 1148394 SUSE bug 1148527 SUSE bug 1148574 SUSE bug 1148616 SUSE bug 1148617 SUSE bug 1148619 SUSE bug 1148698 SUSE bug 1148859 SUSE bug 1148868 SUSE bug 1149053 SUSE bug 1149083 SUSE bug 1149104 SUSE bug 1149105 SUSE bug 1149106 SUSE bug 1149197 SUSE bug 1149214 SUSE bug 1149224 SUSE bug 1149325 SUSE bug 1149376 SUSE bug 1149413 SUSE bug 1149418 SUSE bug 1149424 SUSE bug 1149522 SUSE bug 1149527 SUSE bug 1149539 SUSE bug 1149552 SUSE bug 1149591 SUSE bug 1149602 SUSE bug 1149612 SUSE bug 1149626 SUSE bug 1149652 SUSE bug 1149713 SUSE bug 1149940 SUSE bug 1149959 SUSE bug 1149963 SUSE bug 1149976 SUSE bug 1150025 SUSE bug 1150033 SUSE bug 1150112 SUSE bug 1150562 SUSE bug 1150727 SUSE bug 1150860 SUSE bug 1150861 SUSE bug 1150933 CVE-2017-18551 CVE-2018-20976 CVE-2018-21008 CVE-2019-10207 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14835 CVE-2019-15030 CVE-2019-15031 CVE-2019-15090 CVE-2019-15098 CVE-2019-15099 CVE-2019-15117 CVE-2019-15118 CVE-2019-15211 CVE-2019-15212 CVE-2019-15214 CVE-2019-15215 CVE-2019-15216 CVE-2019-15217 CVE-2019-15218 CVE-2019-15219 CVE-2019-15220 CVE-2019-15221 CVE-2019-15222 CVE-2019-15239 CVE-2019-15290 CVE-2019-15292 CVE-2019-15538 CVE-2019-15666 CVE-2019-15902 CVE-2019-15917 CVE-2019-15919 CVE-2019-15920 CVE-2019-15921 CVE-2019-15924 CVE-2019-15926 CVE-2019-15927 CVE-2019-9456 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191) - CVE-2018-20406: Fixed a integer overflow via a large LONG_BINPUT (bsc#1120644) Important SUSE bug 1120644 SUSE bug 1122191 CVE-2018-20406 CVE-2019-5010 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for MozillaFirefox to ESR 60.9 fixes the following issues: Security issues fixed: - CVE-2019-11742: Fixed a same-origin policy violation involving SVG filters and canvas to steal cross-origin images. (bsc#1149303) - CVE-2019-11746: Fixed a use-after-free while manipulating video. (bsc#1149297) - CVE-2019-11744: Fixed an XSS caused by breaking out of title and textarea elements using innerHTML. (bsc#1149304) - CVE-2019-11753: Fixed a privilege escalation with Mozilla Maintenance Service in custom Firefox installation location. (bsc#1149295) - CVE-2019-11752: Fixed a use-after-free while extracting a key value in IndexedDB. (bsc#1149296) - CVE-2019-11743: Fixed a timing side-channel attack on cross-origin information, utilizing unload event attributes. (bsc#1149298) - CVE-2019-11740: Fixed several memory safety bugs. (bsc#1149299) Important SUSE bug 1149294 SUSE bug 1149295 SUSE bug 1149296 SUSE bug 1149297 SUSE bug 1149298 SUSE bug 1149299 SUSE bug 1149303 SUSE bug 1149304 SUSE bug 1149324 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752 CVE-2019-11753 CVE-2019-9812 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for expat fixes the following issues: Security issue fixed: - CVE-2019-15903: Fixed a heap-based buffer over-read caused by crafted XML documents. (bsc#1149429) Moderate SUSE bug 1149429 CVE-2019-15903 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for djvulibre fixes the following issues: Security issues fixed: - CVE-2019-15142: Fixed heap-based buffer over-read (bsc#1146702). - CVE-2019-15143: Fixed resource exhaustion caused by corrupted image files (bsc#1146569). - CVE-2019-15144: Fixed denial-of-service caused by crafted PBM image files (bsc#1146571). - CVE-2019-15145: Fixed out-of-bounds read caused by corrupted JB2 image files (bsc#1146572). - Fixed segfault when libtiff encounters corrupted TIFF (upstream issue #295). Moderate SUSE bug 1146569 SUSE bug 1146571 SUSE bug 1146572 SUSE bug 1146702 CVE-2019-15142 CVE-2019-15143 CVE-2019-15144 CVE-2019-15145 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for ghostscript to 9.27 fixes the following issues: Security issues fixed: - CVE-2019-3835: Fixed an unauthorized file system access caused by an available superexec operator. (bsc#1129180) - CVE-2019-3839: Fixed an unauthorized file system access caused by available privileged operators. (bsc#1134156) - CVE-2019-12973: Fixed a denial-of-service vulnerability in the OpenJPEG function opj_t1_encode_cblks. (bsc#1140359) - CVE-2019-14811: Fixed a safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator. (bsc#1146882) - CVE-2019-14812: Fixed a safer mode bypass by .forceput exposure in setuserparams. (bsc#1146882) - CVE-2019-14813: Fixed a safer mode bypass by .forceput exposure in setsystemparams. (bsc#1146882) - CVE-2019-14817: Fixed a safer mode bypass by .forceput exposure in .pdfexectoken and other procedures. (bsc#1146884) Important SUSE bug 1129180 SUSE bug 1131863 SUSE bug 1134156 SUSE bug 1140359 SUSE bug 1146882 SUSE bug 1146884 CVE-2019-12973 CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 CVE-2019-14817 CVE-2019-3835 CVE-2019-3839 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for gpg2 fixes the following issues: Security issue fixed: - CVE-2019-13050: Fixed denial-of-service attacks via big keys. (bsc#1141093) Non-security issue fixed: - Allow coredumps in X11 desktop sessions (bsc#1124847). Moderate SUSE bug 1124847 SUSE bug 1141093 CVE-2019-13050 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for bind fixes the following issues: Security issues fixed: - CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069). - CVE-2019-6471: Fixed a reachable assert in dispatch.c. (bsc#1138687) - CVE-2018-5745: Fixed a denial of service vulnerability if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (bsc#1126068). - CVE-2018-5743: Fixed a denial of service vulnerability which could be caused by to many simultaneous TCP connections (bsc#1133185). - CVE-2018-5740: Fixed a denial of service vulnerability in the 'deny-answer-aliases' feature (bsc#1104129). Non-security issues fixed: - Don't rely on /etc/insserv.conf anymore for proper dependencies against nss-lookup.target in named.service and lwresd.service (bsc#1118367, bsc#1118368). - Fix FIPS related regression (bsc#1128220). Important SUSE bug 1104129 SUSE bug 1118367 SUSE bug 1118368 SUSE bug 1126068 SUSE bug 1126069 SUSE bug 1128220 SUSE bug 1133185 SUSE bug 1138687 CVE-2018-5740 CVE-2018-5743 CVE-2018-5745 CVE-2019-6465 CVE-2019-6471 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for openssl-1_0_0 fixes the following issues: OpenSSL Security Advisory [10 September 2019] * CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003) * CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250) In addition fixed invalid curve attacks by validating that an EC point lies on the curve (bsc#1131291). Moderate SUSE bug 1131291 SUSE bug 1150003 SUSE bug 1150250 CVE-2019-1547 CVE-2019-1563 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-13627: Mitigated ECDSA timing attack. (bsc#1148987) Moderate SUSE bug 1148987 CVE-2019-13627 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for jasper fixes the following issues: Security issues fixed: - CVE-2018-19540: Fixed a heap based overflow in jas_icctxtdesc_input (bsc#1117508). - CVE-2018-19541: Fix heap based overread in jas_image_depalettize (bsc#1117507). - CVE-2018-19542: Fixed a denial of service in jp2_decode (bsc#1117505). - CVE-2018-19539: Fixed a denial of service in jas_image_readcmpt (bsc#1117511). - CVE-2016-9396: Fixed a denial of service in jpc_cox_getcompparms (bsc#1010783). Moderate SUSE bug 1010783 SUSE bug 1117505 SUSE bug 1117507 SUSE bug 1117508 SUSE bug 1117511 CVE-2016-9396 CVE-2018-19539 CVE-2018-19540 CVE-2018-19541 CVE-2018-19542 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2019-16168: Fixed improper validation of sqlite_stat1 field that could lead to denial of service (bsc#1150137). Moderate SUSE bug 1150137 CVE-2019-16168 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for compat-openssl098 fixes the following issues: OpenSSL Security Advisory [10 September 2019] - CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance (bsc#1150003). - CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250). Moderate SUSE bug 1150003 SUSE bug 1150250 CVE-2019-1547 CVE-2019-1563 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for MozillaFirefox fixes the following issues: Updated to new ESR version 68.1 (bsc#1149323). In addition to the already fixed vulnerabilities released in previous ESR updates, the following were also fixed: CVE-2019-11751, CVE-2019-11736, CVE-2019-9812, CVE-2019-11748, CVE-2019-11749, CVE-2019-11750, CVE-2019-11738, CVE-2019-11747, CVE-2019-11735. Several run-time issues were also resolved (bsc#1117473, bsc#1124525, bsc#1133810). The version displayed in Help > About is now correct (bsc#1087200). Important SUSE bug 1087200 SUSE bug 1109465 SUSE bug 1117473 SUSE bug 1123482 SUSE bug 1124525 SUSE bug 1133810 SUSE bug 1140868 SUSE bug 1145665 SUSE bug 1149323 CVE-2019-11709 CVE-2019-11710 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11714 CVE-2019-11715 CVE-2019-11716 CVE-2019-11717 CVE-2019-11718 CVE-2019-11719 CVE-2019-11720 CVE-2019-11721 CVE-2019-11723 CVE-2019-11724 CVE-2019-11725 CVE-2019-11727 CVE-2019-11728 CVE-2019-11729 CVE-2019-11730 CVE-2019-11733 CVE-2019-11735 CVE-2019-11736 CVE-2019-11738 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11747 CVE-2019-11748 CVE-2019-11749 CVE-2019-11750 CVE-2019-11751 CVE-2019-11752 CVE-2019-11753 CVE-2019-9811 CVE-2019-9812 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for binutils fixes the following issues: binutils was updated to current 2.32 branch @7b468db3 [jsc#ECO-368]: Includes the following security fixes: - CVE-2018-17358: Fixed invalid memory access in _bfd_stab_section_find_nearest_line in syms.c (bsc#1109412) - CVE-2018-17359: Fixed invalid memory access exists in bfd_zalloc in opncls.c (bsc#1109413) - CVE-2018-17360: Fixed heap-based buffer over-read in bfd_getl32 in libbfd.c (bsc#1109414) - CVE-2018-17985: Fixed a stack consumption problem caused by the cplus_demangle_type (bsc#1116827) - CVE-2018-18309: Fixed an invalid memory address dereference was discovered in read_reloc in reloc.c (bsc#1111996) - CVE-2018-18483: Fixed get_count function provided by libiberty that allowed attackers to cause a denial of service or other unspecified impact (bsc#1112535) - CVE-2018-18484: Fixed stack exhaustion in the C++ demangling functions provided by libiberty, caused by recursive stack frames (bsc#1112534) - CVE-2018-18605: Fixed a heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup causing a denial of service (bsc#1113255) - CVE-2018-18606: Fixed a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments, causing denial of service (bsc#1113252) - CVE-2018-18607: Fixed a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section, causing denial of service (bsc#1113247) - CVE-2018-19931: Fixed a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h (bsc#1118831) - CVE-2018-19932: Fixed an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA (bsc#1118830) - CVE-2018-20623: Fixed a use-after-free in the error function in elfcomm.c (bsc#1121035) - CVE-2018-20651: Fixed a denial of service via a NULL pointer dereference in elf_link_add_object_symbols in elflink.c (bsc#1121034) - CVE-2018-20671: Fixed an integer overflow that can trigger a heap-based buffer overflow in load_specific_debug_section in objdump.c (bsc#1121056) - CVE-2018-1000876: Fixed integer overflow in bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc in objdump (bsc#1120640) - CVE-2019-1010180: Fixed an out of bound memory access that could lead to crashes (bsc#1142772) - Enable xtensa architecture (Tensilica lc6 and related) - Use -ffat-lto-objects in order to provide assembly for static libs (bsc#1141913). - Fixed some LTO problems (bsc#1133131 bsc#1133232). - riscv: Don't check ABI flags if no code section Update to binutils 2.32: * The binutils now support for the C-SKY processor series. * The x86 assembler now supports a -mvexwig=[0|1] option to control encoding of VEX.W-ignored (WIG) VEX instructions. It also has a new -mx86-used-note=[yes|no] option to generate (or not) x86 GNU property notes. * The MIPS assembler now supports the Loongson EXTensions R2 (EXT2), the Loongson EXTensions (EXT) instructions, the Loongson Content Address Memory (CAM) ASE and the Loongson MultiMedia extensions Instructions (MMI) ASE. * The addr2line, c++filt, nm and objdump tools now have a default limit on the maximum amount of recursion that is allowed whilst demangling strings. This limit can be disabled if necessary. * Objdump's --disassemble option can now take a parameter, specifying the starting symbol for disassembly. Disassembly will continue from this symbol up to the next symbol or the end of the function. * The BFD linker will now report property change in linker map file when merging GNU properties. * The BFD linker's -t option now doesn't report members within archives, unless -t is given twice. This makes it more useful when generating a list of files that should be packaged for a linker bug report. * The GOLD linker has improved warning messages for relocations that refer to discarded sections. - Improve relro support on s390 [fate#326356] - Handle ELF compressed header alignment correctly. Moderate SUSE bug 1109412 SUSE bug 1109413 SUSE bug 1109414 SUSE bug 1111996 SUSE bug 1112534 SUSE bug 1112535 SUSE bug 1113247 SUSE bug 1113252 SUSE bug 1113255 SUSE bug 1116827 SUSE bug 1118830 SUSE bug 1118831 SUSE bug 1120640 SUSE bug 1121034 SUSE bug 1121035 SUSE bug 1121056 SUSE bug 1133131 SUSE bug 1133232 SUSE bug 1141913 SUSE bug 1142772 CVE-2018-1000876 CVE-2018-17358 CVE-2018-17359 CVE-2018-17360 CVE-2018-17985 CVE-2018-18309 CVE-2018-18483 CVE-2018-18484 CVE-2018-18605 CVE-2018-18606 CVE-2018-18607 CVE-2018-19931 CVE-2018-19932 CVE-2018-20623 CVE-2018-20651 CVE-2018-20671 CVE-2019-1010180 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for sudo fixes the following issues: Security issue fixed: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers (bsc#1153674). Important SUSE bug 1153674 CVE-2019-14287 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libpcap fixes the following issues: - CVE-2019-15165: Added sanity checks for PHB header length before allocating memory (bsc#1153332). - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332). Important SUSE bug 1153332 CVE-2018-16301 CVE-2019-15165 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for mariadb-100 fixes the following issues: Updated to MariaDB 10.0.40-1. Security issues fixed: - CVE-2019-2805, CVE-2019-2740, CVE-2019-2739, CVE-2019-2737, CVE-2019-2614, CVE-2019-2627. (bsc#1132826) (bsc#1141798). Moderate SUSE bug 1132826 SUSE bug 1141798 CVE-2019-2614 CVE-2019-2627 CVE-2019-2737 CVE-2019-2739 CVE-2019-2740 CVE-2019-2805 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for python-xdg fixes the following issues: Security issue fixed: - CVE-2014-1624: Fixed a TOCTOU race condition in get_runtime_dir(). (bsc#859835) Moderate SUSE bug 859835 CVE-2014-1624 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for dhcp fixes the following issues: Secuirty issue fixed: - CVE-2019-6470: Fixed DHCPv6 server crashes (bsc#1134078). Bug fixes: - Add compile option --enable-secs-byteorder to avoid duplicate lease warnings (bsc#1089524). - Use IPv6 when called as dhclient6, dhcpd6, and dhcrelay6 (bsc#1136572). Moderate SUSE bug 1089524 SUSE bug 1134078 SUSE bug 1136572 CVE-2019-6470 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for openconnect fixes the following issues: - CVE-2019-16239: Fixed a buffer overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. (bsc#1151178) Moderate SUSE bug 1151178 CVE-2019-16239 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libcaca fixes the following issues: Security issues fixed: - CVE-2018-20544: Fixed a floating point exception at caca/dither.c (bsc#1120502) - CVE-2018-20545: Fixed a WRITE memory access in the load_image function at common-image.c for 4bpp (bsc#1120584) - CVE-2018-20546: Fixed a READ memory access in the get_rgba_default function at caca/dither.c for bpp (bsc#1120503) - CVE-2018-20547: Fixed a READ memory access in the get_rgba_default function at caca/dither.c for 24bpp (bsc#1120504) - CVE-2018-20548: Fixed a WRITE memory access in the load_image function at common-image.c for 1bpp (bsc#1120589) - CVE-2018-20549: Fixed a WRITE memory access in the caca_file_read function at caca/file.c (bsc#1120470) Moderate SUSE bug 1120470 SUSE bug 1120502 SUSE bug 1120503 SUSE bug 1120504 SUSE bug 1120584 SUSE bug 1120589 CVE-2018-20544 CVE-2018-20545 CVE-2018-20546 CVE-2018-20547 CVE-2018-20548 CVE-2018-20549 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for python fixes the following issues: Security issue fixed: - CVE-2019-16056: Fixed a parser issue in the email module (bsc#1149955). - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238). Moderate SUSE bug 1149955 SUSE bug 1153238 CVE-2019-16056 CVE-2019-16935 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for sysstat fixes the following issue: - CVE-2019-16167: Fixed a memory corruption due to an integer overflow. (bsc#1150114) Moderate SUSE bug 1150114 CVE-2019-16167 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for xen to version 4.11.2 fixes the following issues: Security issues fixed: - CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator which could have led to Denial of Service (bsc#1149813). - CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of service (bsc#1146874). - CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU emulator which could have led to execution of arbitrary code with privileges of the QEMU process (bsc#1143797). Other issues fixed: - Fixed an HPS bug which did not allow to install Windows Server 2016 with 2 CPUs setting or above (bsc#1137717). - Fixed a segmentation fault in Libvrtd during live migration to a VM (bsc#1145774). - Fixed an issue where libxenlight could not create new domain (bsc#1131811). - Fixed an issue where attached pci devices were lost after reboot (bsc#1129642). - Fixed an issue where Xen could not pre-allocate 1 shadow page (bsc#1145240). Important SUSE bug 1027519 SUSE bug 1111331 SUSE bug 1126140 SUSE bug 1126141 SUSE bug 1126192 SUSE bug 1126195 SUSE bug 1126196 SUSE bug 1126197 SUSE bug 1126198 SUSE bug 1126201 SUSE bug 1127400 SUSE bug 1129642 SUSE bug 1131811 SUSE bug 1137717 SUSE bug 1138294 SUSE bug 1143797 SUSE bug 1145240 SUSE bug 1145774 SUSE bug 1146874 SUSE bug 1149813 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 CVE-2019-12068 CVE-2019-14378 CVE-2019-15890 CVE-2019-17340 CVE-2019-17341 CVE-2019-17342 CVE-2019-17343 CVE-2019-17344 CVE-2019-17345 CVE-2019-17346 CVE-2019-17347 CVE-2019-17348 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for accountsservice fixes the following issues: Security issue fixed: - CVE-2018-14036: Prevent directory traversal caused by an insufficient path check in user_change_icon_file_authorized_cb() (bsc#1099699). Non-security issue fixed: - Improved wtmp io performance (bsc#1139487). Moderate SUSE bug 1099699 SUSE bug 1139487 CVE-2018-14036 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for nfs-utils fixes the following issues: - CVE-2019-3689: Fixed root-owned files stored in insecure /var/lib/nfs. (bsc#1150733) Moderate SUSE bug 1150733 CVE-2019-3689 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-15139: Fixed a denial-of-service vulnerability in ReadXWDImage. (bsc#1146213) - CVE-2019-15140: Fixed a use-after-free bug in the Matlab image parser. (bsc#1146212) - CVE-2019-15141: Fixed a divide-by-zero vulnerability in the MeanShiftImage function. (bsc#1146211) - CVE-2019-14980: Fixed an application crash resulting from a heap-based buffer over-read in WriteTIFFImage. (bsc#1146068) - CVE-2019-16708: Fixed a memory leak in magick/xwindow.c (bsc#1151781). - CVE-2019-16709: Fixed a memory leak in coders/dps.c (bsc#1151782). - CVE-2019-16710: Fixed a memory leak in coders/dot.c (bsc#1151783). - CVE-2019-16711: Fixed a memory leak in Huffman2DEncodeImage in coders/ps2.c (bsc#1151784). - CVE-2019-16712: Fixed a memory leak in Huffman2DEncodeImage in coders/ps3.c (bsc#1151785). - CVE-2019-16713: Fixed a memory leak in coders/dot.c (bsc#1151786). Moderate SUSE bug 1146068 SUSE bug 1146211 SUSE bug 1146212 SUSE bug 1146213 SUSE bug 1151781 SUSE bug 1151782 SUSE bug 1151783 SUSE bug 1151784 SUSE bug 1151785 SUSE bug 1151786 CVE-2019-14980 CVE-2019-15139 CVE-2019-15140 CVE-2019-15141 CVE-2019-16708 CVE-2019-16709 CVE-2019-16710 CVE-2019-16711 CVE-2019-16712 CVE-2019-16713 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for python3 fixes the following issues: - CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955) - CVE-2018-20852: Fixed an incorrect domain validation that could lead to cookies being sent to the wrong server. (bsc#1141853) Moderate SUSE bug 1141853 SUSE bug 1149955 CVE-2018-20852 CVE-2019-16056 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libunwind fixes the following issues: Security issues fixed: - CVE-2015-3239: Fixed a off-by-one in the dwarf_to_unw_regnum function (bsc#936786) Non-security issues fixed: - Fixed a dependency issue with libzmq5 (bsc#1122012) - Fixed build on armv7 (bsc#976955) Moderate SUSE bug 1122012 SUSE bug 936786 SUSE bug 976955 CVE-2015-3239 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for MozillaFirefox to 68.2.0 ESR fixes the following issues: Mozilla Firefox was updated to version 68.2.0 ESR (bsc#1154738). Security issues fixed: - CVE-2019-15903: Fixed a heap overflow in the expat library (bsc#1149429). - CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB (bsc#1154738). - CVE-2019-11758: Fixed a potentially exploitable crash due to 360 Total Security (bsc#1154738). - CVE-2019-11759: Fixed a stack buffer overflow in HKDF output (bsc#1154738). - CVE-2019-11760: Fixed a stack buffer overflow in WebRTC networking (bsc#1154738). - CVE-2019-11761: Fixed an unintended access to a privileged JSONView object (bsc#1154738). - CVE-2019-11762: Fixed a same-origin-property violation (bsc#1154738). - CVE-2019-11763: Fixed an XSS bypass (bsc#1154738). - CVE-2019-11764: Fixed several memory safety bugs (bsc#1154738). Non-security issues fixed: - Firefox 60.7 ESR changed the user interface language (bsc#1137990). - Wrong Firefox GUI Language (bsc#1120374). - Fixed an inadvertent crash report transmission without user opt-in (bsc#1074235). - Firefox hangs randomly when browsing and scrolling (bsc#1043008). - Firefox stops loading page until mouse is moved (bsc#1025108). Important SUSE bug 1010399 SUSE bug 1010405 SUSE bug 1010406 SUSE bug 1010408 SUSE bug 1010409 SUSE bug 1010421 SUSE bug 1010423 SUSE bug 1010424 SUSE bug 1010425 SUSE bug 1010426 SUSE bug 1025108 SUSE bug 1043008 SUSE bug 1047281 SUSE bug 1074235 SUSE bug 1092611 SUSE bug 1120374 SUSE bug 1137990 SUSE bug 1149429 SUSE bug 1154738 SUSE bug 959933 SUSE bug 983922 CVE-2016-2830 CVE-2016-5289 CVE-2016-5292 CVE-2016-9063 CVE-2016-9067 CVE-2016-9068 CVE-2016-9069 CVE-2016-9071 CVE-2016-9073 CVE-2016-9075 CVE-2016-9076 CVE-2016-9077 CVE-2017-7789 CVE-2018-5150 CVE-2018-5151 CVE-2018-5152 CVE-2018-5153 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5160 CVE-2018-5163 CVE-2018-5164 CVE-2018-5165 CVE-2018-5166 CVE-2018-5167 CVE-2018-5168 CVE-2018-5169 CVE-2018-5172 CVE-2018-5173 CVE-2018-5174 CVE-2018-5175 CVE-2018-5176 CVE-2018-5177 CVE-2018-5178 CVE-2018-5179 CVE-2018-5180 CVE-2018-5181 CVE-2018-5182 CVE-2018-5183 CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-15903 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-18595: A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (bnc#1149555). - CVE-2019-14821: An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350). - CVE-2019-15291: There was a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver (bnc#1146540). - CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permitted sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation. This allowed practical brute-force attacks (aka 'KNOB') that could decrypt traffic and injected arbitrary ciphertext without the victim noticing (bnc#1137865 bnc#1146042). - CVE-2019-16232: Fixed a NULL pointer dereference in drivers/net/wireless/marvell/libertas/if_sdio.c, which did not check the alloc_workqueue return value (bnc#1150465). - CVE-2019-16234: Fixed a NULL pointer dereference in drivers/net/wireless/intel/iwlwifi/pcie/trans.c, which did not check the alloc_workqueue return value (bnc#1150452). - CVE-2019-17056: Added enforcement of CAP_NET_RAW in llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module, the lack of which allowed unprivileged users to create a raw socket, aka CID-3a359798b176 (bnc#1152788). - CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158). - CVE-2019-17666: Added an upper-bound check in rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c, the lack of which could have led to a buffer overflow (bnc#1154372). The following non-security bugs were fixed: - 9p: avoid attaching writeback_fid on mmap with type PRIVATE (bsc#1051510). - ACPI / CPPC: do not require the _PSD method (bsc#1051510). - ACPI: CPPC: Set pcc_data[pcc_ss_id] to NULL in acpi_cppc_processor_exit() (bsc#1051510). - ACPI: custom_method: fix memory leaks (bsc#1051510). - ACPI / PCI: fix acpi_pci_irq_enable() memory leak (bsc#1051510). - ACPI / processor: do not print errors for processorIDs == 0xff (bsc#1051510). - ACPI / property: Fix acpi_graph_get_remote_endpoint() name in kerneldoc (bsc#1051510). - act_mirred: Fix mirred_init_module error handling (bsc#1051510). - Add kernel module compression support (bsc#1135854) For enabling the kernel module compress, add the item COMPRESS_MODULES='xz' in config.sh, then mkspec will pass it to the spec file. - alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP (bsc#1151680). - ALSA: aoa: onyx: always initialize register read value (bsc#1051510). - ALSA: firewire-tascam: check intermediate state of clock status and retry (bsc#1051510). - ALSA: firewire-tascam: handle error code when getting current source of clock (bsc#1051510). - ALSA: hda - Add laptop imic fixup for ASUS M9V laptop (bsc#1051510). - ALSA: hda: Add support of Zhaoxin controller (bsc#1051510). - ALSA: hda - Apply AMD controller workaround for Raven platform (bsc#1051510). - ALSA: hda - Define a fallback_pin_fixup_tbl for alc269 family (bsc#1051510). - ALSA: hda - Drop unsol event handler for Intel HDMI codecs (bsc#1051510). - ALSA: hda - Expand pin_match function to match upcoming new tbls (bsc#1051510). - ALSA: hda: Flush interrupts on disabling (bsc#1051510). - ALSA: hda/hdmi: remove redundant assignment to variable pcm_idx (bsc#1051510). - ALSA: hda - Inform too slow responses (bsc#1051510). - ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93 (bsc#1051510). - ALSA: hda/realtek - Check beep whitelist before assigning in all codecs (bsc#1051510). - ALSA: hda/realtek - Fix alienware headset mic (bsc#1051510). - ALSA: hda/realtek: Reduce the Headphone static noise on XPS 9350/9360 (bsc#1051510). - ALSA: hda: Set fifo_size for both playback and capture streams (bsc#1051510). - ALSA: hda - Show the fatal CORB/RIRB error more clearly (bsc#1051510). - ALSA: hda/sigmatel - remove unused variable 'stac9200_core_init' (bsc#1051510). - ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls() (bsc#1051510). - ALSA: line6: sizeof (byte) is always 1, use that fact (bsc#1051510). - ALSA: usb-audio: Add Pioneer DDJ-SX3 PCM quirck (bsc#1051510). - ALSA: usb-audio: Disable quirks for BOSS Katana amplifiers (bsc#1051510). - ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid (bsc#1051510). - appletalk: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - ASoC: Define a set of DAPM pre/post-up events (bsc#1051510). - ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set (bsc#1051510). - ASoC: es8328: Fix copy-paste error in es8328_right_line_controls (bsc#1051510). - ASoC: Intel: Baytrail: Fix implicit fallthrough warning (bsc#1051510). - ASoC: Intel: Fix use of potentially uninitialized variable (bsc#1051510). - ASoC: Intel: NHLT: Fix debug print format (bsc#1051510). - ASoC: sgtl5000: Fix charge pump source assignment (bsc#1051510). - ASoC: sun4i-i2s: RX and TX counter registers are swapped (bsc#1051510). - ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls (bsc#1051510). - ASoC: wm8988: fix typo in wm8988_right_line_controls (bsc#1051510). - ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init (bsc#1051510). - atm: iphase: Fix Spectre v1 vulnerability (networking-stable-19_08_08). - auxdisplay: panel: need to delete scan_timer when misc_register fails in panel_attach (bsc#1051510). - ax25: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA (bsc#1051510). - blk-flush: do not run queue for requests bypassing flush (bsc#1137959). - blk-flush: use blk_mq_request_bypass_insert() (bsc#1137959). - blk-mq: do not allocate driver tag upfront for flush rq (bsc#1137959). - blk-mq: Fix memory leak in blk_mq_init_allocated_queue error handling (bsc#1151610). - blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue (bsc#1137959). - blk-mq: kABI fixes for blk-mq.h (bsc#1137959). - blk-mq: move blk_mq_put_driver_tag*() into blk-mq.h (bsc#1137959). - blk-mq: punt failed direct issue to dispatch list (bsc#1137959). - blk-mq: put the driver tag of nxt rq before first one is requeued (bsc#1137959). - blk-mq-sched: decide how to handle flush rq via RQF_FLUSH_SEQ (bsc#1137959). - blk-wbt: abstract out end IO completion handler (bsc#1135873). - blk-wbt: fix has-sleeper queueing check (bsc#1135873). - blk-wbt: improve waking of tasks (bsc#1135873). - blk-wbt: move disable check into get_limit() (bsc#1135873). - blk-wbt: use wq_has_sleeper() for wq active check (bsc#1135873). - block: add io timeout to sysfs (bsc#1148410). - block: do not show io_timeout if driver has no timeout handler (bsc#1148410). - block: fix timeout changes for legacy request drivers (bsc#1149446). - block: kABI fixes for BLK_EH_DONE renaming (bsc#1142076). - block: rename BLK_EH_NOT_HANDLED to BLK_EH_DONE (bsc#1142076). - Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices (bsc#1051510). - bnx2x: Disable multi-cos feature (networking-stable-19_08_08). - bnx2x: Fix VF's VLAN reconfiguration in reload (bsc#1086323 ). - bonding: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - bridge/mdb: remove wrong use of NLM_F_MULTI (networking-stable-19_09_15). - btrfs: bail out gracefully rather than BUG_ON (bsc#1153646). - btrfs: check for the full sync flag while holding the inode lock during fsync (bsc#1153713). - btrfs: Ensure btrfs_init_dev_replace_tgtdev sees up to date values (bsc#1154651). - btrfs: Ensure replaced device does not have pending chunk allocation (bsc#1154607). - btrfs: fix use-after-free when using the tree modification log (bsc#1151891). - btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls (bsc#1152975). - btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space (bsc#1152974). - btrfs: relocation: fix use-after-free on dead relocation roots (bsc#1152972). - btrfs: remove wrong use of volume_mutex from btrfs_dev_replace_start (bsc#1154651). - can: mcp251x: mcp251x_hw_reset(): allow more time after a reset (bsc#1051510). - can: xilinx_can: xcan_probe(): skip error message on deferred probe (bsc#1051510). - cdc_ether: fix rndis support for Mediatek based smartphones (networking-stable-19_09_15). - cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize (bsc#1051510). - ceph: fix directories inode i_blkbits initialization (bsc#1153717). - ceph: reconnect connection if session hang in opening state (bsc#1153718). - ceph: update the mtime when truncating up (bsc#1153719). - ceph: use ceph_evict_inode to cleanup inode's resource (bsc#1148133). - cfg80211: add and use strongly typed element iteration macros (bsc#1051510). - cfg80211: Purge frame registrations on iftype change (bsc#1051510). - clk: at91: fix update bit maps on CFG_MOR write (bsc#1051510). - clk: at91: select parent if main oscillator or bypass is enabled (bsc#1051510). - clk: qoriq: Fix -Wunused-const-variable (bsc#1051510). - clk: sirf: Do not reference clk_init_data after registration (bsc#1051510). - clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks (bsc#1051510). - clk: sunxi-ng: v3s: add the missing PLL_DDR1 (bsc#1051510). - clk: zx296718: Do not reference clk_init_data after registration (bsc#1051510). - crypto: caam - fix concurrency issue in givencrypt descriptor (bsc#1051510). - crypto: caam - free resources in case caam_rng registration failed (bsc#1051510). - crypto: cavium/zip - Add missing single_release() (bsc#1051510). - crypto: ccp - Reduce maximum stack usage (bsc#1051510). - crypto: qat - Silence smp_processor_id() warning (bsc#1051510). - crypto: skcipher - Unmap pages after an external error (bsc#1051510). - crypto: talitos - fix missing break in switch statement (bsc#1142635). - cxgb4: fix endianness for vlan value in cxgb4_tc_flower (bsc#1064802 bsc#1066129). - cxgb4: offload VLAN flows regardless of VLAN ethtype (bsc#1064802 bsc#1066129). - cxgb4: reduce kernel stack usage in cudbg_collect_mem_region() (bsc#1073513). - cxgb4: Signedness bug in init_one() (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: smt: Add lock for atomic_dec_and_test (bsc#1064802 bsc#1066129). - dasd_fba: Display '00000000' for zero page when dumping sense (bsc#1123080). - /dev/mem: Bail out upon SIGKILL (git-fixes). - dmaengine: dw: platform: Switch to acpi_dma_controller_register() (bsc#1051510). - dmaengine: iop-adma.c: fix printk format warning (bsc#1051510). - drivers: thermal: int340x_thermal: Fix sysfs race condition (bsc#1051510). - drm/amdgpu: Check for valid number of registers to read (bsc#1051510). - drm/amdgpu/si: fix ASIC tests (git-fixes). - drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2) (bsc#1051510). - drm/ast: Fixed reboot test may cause system hanged (bsc#1051510). - drm/bridge: tc358767: Increase AUX transfer length limit (bsc#1051510). - drm: Flush output polling on shutdown (bsc#1051510). - drm/i915: Fix various tracepoints for gen2 (bsc#1113722) - drm/imx: Drop unused imx-ipuv3-crtc.o build (bsc#1113722) - drm/msm/dsi: Implement reset correctly (bsc#1051510). - drm/panel: simple: fix AUO g185han01 horizontal blanking (bsc#1051510). - drm/radeon: Fix EEH during kexec (bsc#1051510). - drm/tilcdc: Register cpufreq notifier after we have initialized crtc (bsc#1051510). - drm/vmwgfx: Fix double free in vmw_recv_msg() (bsc#1051510). - Drop multiversion(kernel) from the KMP template (bsc#1127155). - e1000e: add workaround for possible stalled packet (bsc#1051510). - EDAC/amd64: Decode syndrome before translating address (bsc#1114279). - eeprom: at24: make spd world-readable again (git-fixes). - ext4: fix warning inside ext4_convert_unwritten_extents_endio (bsc#1152025). - ext4: set error return correctly when ext4_htree_store_dirent fails (bsc#1152024). - firmware: dmi: Fix unlikely out-of-bounds read in save_mem_devices (git-fixes). - Fix AMD IOMMU kABI (bsc#1154610). - Fix kabi for: NFSv4: Fix OPEN / CLOSE race (git-fixes). - Fix KVM kABI after x86 mmu backports (bsc#1117665). - gpio: fix line flag validation in lineevent_create (bsc#1051510). - gpio: fix line flag validation in linehandle_create (bsc#1051510). - gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist (bsc#1051510). - gpiolib: only check line handle flags once (bsc#1051510). - gpio: Move gpiochip_lock/unlock_as_irq to gpio/driver.h (bsc#1051510). - gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property() (bsc#1051510). - HID: apple: Fix stuck function keys when using FN (bsc#1051510). - HID: hidraw: Fix invalid read in hidraw_ioctl (bsc#1051510). - HID: logitech: Fix general protection fault caused by Logitech driver (bsc#1051510). - HID: prodikeys: Fix general protection fault during probe (bsc#1051510). - HID: sony: Fix memory corruption issue on cleanup (bsc#1051510). - hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap' (bsc#1051510). - hwmon: (lm75) Fix write operations for negative temperatures (bsc#1051510). - hwmon: (shtc1) fix shtc1 and shtw1 id mask (bsc#1051510). - hwrng: core - do not wait on add_early_randomness() (git-fixes). - i2c: riic: Clear NACK in tend isr (bsc#1051510). - IB/core, ipoib: Do not overreact to SM LID change event (bsc#1154108) - IB/hfi1: Remove overly conservative VM_EXEC flag check (bsc#1144449). - IB/mlx5: Consolidate use_umr checks into single function (bsc#1093205). - IB/mlx5: Fix MR re-registration flow to use UMR properly (bsc#1093205). - IB/mlx5: Report correctly tag matching rendezvous capability (bsc#1046305). - ieee802154: atusb: fix use-after-free at disconnect (bsc#1051510). - ieee802154: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - ife: error out when nla attributes are empty (networking-stable-19_08_08). - iio: adc: ad799x: fix probe error handling (bsc#1051510). - iio: dac: ad5380: fix incorrect assignment to val (bsc#1051510). - iio: light: opt3001: fix mutex unlock race (bsc#1051510). - ima: always return negative code for error (bsc#1051510). - Input: da9063 - fix capability and drop KEY_SLEEP (bsc#1051510). - Input: elan_i2c - remove Lenovo Legion Y7000 PnpID (bsc#1051510). - iommu/amd: Apply the same IVRS IOAPIC workaround to Acer Aspire A315-41 (bsc#1137799). - iommu/amd: Check PM_LEVEL_SIZE() condition in locked section (bsc#1154608). - iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge systems (bsc#1137799). - iommu/amd: Remove domain->updated (bsc#1154610). - iommu/amd: Wait for completion of IOTLB flush in attach_device (bsc#1154611). - iommu/dma: Fix for dereferencing before null checking (bsc#1151667). - iommu/iova: Avoid false sharing on fq_timer_on (bsc#1151671). - ip6_tunnel: fix possible use-after-free on xmit (networking-stable-19_08_08). - ipmi_si: Only schedule continuously in the thread in maintenance mode (bsc#1051510). - ipv6/addrconf: allow adding multicast addr if IFA_F_MCAUTOJOIN is set (networking-stable-19_08_28). - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()' (networking-stable-19_09_15). - isdn/capi: check message length in capi_write() (bsc#1051510). - ixgbe: Prevent u8 wrapping of ITR value to something less than 10us (bsc#1101674). - ixgbe: sync the first fragment unconditionally (bsc#1133140). - kABI: media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). fixes kABI - kABI: media: em28xx: stop rewriting device's struct (bsc#1051510). fixes kABI - kABI: net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05). - kABI/severities: Whitelist functions internal to radix mm. To call these functions you have to first detect if you are running in radix mm mode which can't be expected of OOT code. - kABI workaround for snd_hda_pick_pin_fixup() changes (bsc#1051510). - kernel-subpackage-build: create zero size ghost for uncompressed vmlinux (bsc#1154354). It is not strictly necessary to uncompress it so maybe the ghost file can be 0 size in this case. - kernel/sysctl.c: do not override max_threads provided by userspace (bnc#1150875). - KVM: Convert kvm_lock to a mutex (bsc#1117665). - KVM: MMU: drop vcpu param in gpte_access (bsc#1117665). - KVM: PPC: Book3S: Fix incorrect guest-to-user-translation error handling (bsc#1061840). - KVM: PPC: Book3S HV: Check for MMU ready on piggybacked virtual cores (bsc#1061840). - KVM: PPC: Book3S HV: Do not lose pending doorbell request on migration on P9 (bsc#1061840). - KVM: PPC: Book3S HV: Do not push XIVE context when not using XIVE device (bsc#1061840). - KVM: PPC: Book3S HV: Fix lockdep warning when entering the guest (bsc#1061840). - KVM: PPC: Book3S HV: Fix race in re-enabling XIVE escalation interrupts (bsc#1061840). - KVM: PPC: Book3S HV: Handle virtual mode in XIVE VCPU push code (bsc#1061840). - KVM: PPC: Book3S HV: use smp_mb() when setting/clearing host_ipi flag (bsc#1061840). - KVM: PPC: Book3S HV: XIVE: Free escalation interrupts before disabling the VP (bsc#1061840). - KVM: x86: add tracepoints around __direct_map and FNAME(fetch) (bsc#1117665). - KVM: x86: adjust kvm_mmu_page member to save 8 bytes (bsc#1117665). - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (bsc#1117665). - KVM: x86: Do not release the page inside mmu_set_spte() (bsc#1117665). - KVM: x86: make FNAME(fetch) and __direct_map more similar (bsc#1117665). - KVM: x86, powerpc: do not allow clearing largepages debugfs entry (bsc#1117665). - KVM: x86: remove now unneeded hugepage gfn adjustment (bsc#1117665). - leds: leds-lp5562 allow firmware files up to the maximum length (bsc#1051510). - leds: trigger: gpio: GPIO 0 is valid (bsc#1051510). - libertas: Add missing sentinel at end of if_usb.c fw_table (bsc#1051510). - libertas_tf: Use correct channel range in lbtf_geo_init (bsc#1051510). - libiscsi: do not try to bypass SCSI EH (bsc#1142076). - lib/mpi: Fix karactx leak in mpi_powm (bsc#1051510). - livepatch: Nullify obj->mod in klp_module_coming()'s error path (bsc#1071995). - mac80211: accept deauth frames in IBSS mode (bsc#1051510). - mac80211: minstrel_ht: fix per-group max throughput rate initialization (bsc#1051510). - macsec: drop skb sk before calling gro_cells_receive (bsc#1051510). - md: do not report active array_state until after revalidate_disk() completes (git-fixes). - md: only call set_in_sync() when it is expected to succeed (git-fixes). - md/raid6: Set R5_ReadError when there is read failure on parity disk (git-fixes). - media: atmel: atmel-isc: fix asd memory allocation (bsc#1135642). - media: atmel: atmel-isi: fix timeout value for stop streaming (bsc#1051510). - media: cpia2_usb: fix memory leaks (bsc#1051510). - media: dib0700: fix link error for dibx000_i2c_set_speed (bsc#1051510). - media: dvb-core: fix a memory leak bug (bsc#1051510). - media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). - media: em28xx: stop rewriting device's struct (bsc#1051510). - media: exynos4-is: fix leaked of_node references (bsc#1051510). - media: fdp1: Reduce FCP not found message level to debug (bsc#1051510). - media: gspca: zero usb_buf on error (bsc#1051510). - media: hdpvr: Add device num check and handling (bsc#1051510). - media: hdpvr: add terminating 0 at end of string (bsc#1051510). - media: i2c: ov5645: Fix power sequence (bsc#1051510). - media: iguanair: add sanity checks (bsc#1051510). - media: marvell-ccic: do not generate EOF on parallel bus (bsc#1051510). - media: mc-device.c: do not memset __user pointer contents (bsc#1051510). - media: omap3isp: Do not set streaming state on random subdevs (bsc#1051510). - media: omap3isp: Set device on omap3isp subdevs (bsc#1051510). - media: ov6650: Fix sensor possibly not detected on probe (bsc#1051510). - media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper (bsc#1051510). - media: ov9650: add a sanity check (bsc#1051510). - media: radio/si470x: kill urb on error (bsc#1051510). - media: replace strcpy() by strscpy() (bsc#1051510). - media: Revert '[media] marvell-ccic: reset ccic phy when stop streaming for stability' (bsc#1051510). - media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate() (bsc#1051510). - media: saa7146: add cleanup in hexium_attach() (bsc#1051510). - media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table (bsc#1051510). - media: stkwebcam: fix runtime PM after driver unbind (bsc#1051510). - media: technisat-usb2: break out of loop at end of buffer (bsc#1051510). - media: tm6000: double free if usb disconnect while streaming (bsc#1051510). - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() (bsc#1051510). - media: vb2: Fix videobuf2 to map correct area (bsc#1051510). - memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()' (bsc#1051510). - mfd: intel-lpss: Remove D3cold delay (bsc#1051510). - mic: avoid statically declaring a 'struct device' (bsc#1051510). - mISDN: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - mld: fix memory leak in mld_del_delrec() (networking-stable-19_09_05). - mmc: sdhci: Fix incorrect switch to HS mode (bsc#1051510). - mmc: sdhci: improve ADMA error reporting (bsc#1051510). - mmc: sdhci-msm: fix mutex while in spinlock (bsc#1142635). - mmc: sdhci-of-arasan: Do now show error message in case of deffered probe (bsc#1119086). - mmc: sdhci-of-esdhc: set DMA snooping based on DMA coherence (bsc#1051510). - mtd: spi-nor: Fix Cadence QSPI RCU Schedule Stall (bsc#1051510). - mvpp2: refactor MTU change code (networking-stable-19_08_08). - net: bridge: delete local fdb on device init failure (networking-stable-19_08_08). - net: bridge: mcast: do not delete permanent entries when fast leave is enabled (networking-stable-19_08_08). - net: fix ifindex collision during namespace removal (networking-stable-19_08_08). - net: Fix null de-reference of device refcount (networking-stable-19_09_15). - net: fix skb use after free in netpoll (networking-stable-19_09_05). - net: gso: Fix skb_segment splat when splitting gso_size mangled skb having linear-headed frag_list (networking-stable-19_09_15). - net/ibmvnic: Fix EOI when running in XIVE mode (bsc#1089644, ltc#166495, ltc#165544, git-fixes). - net/ibmvnic: prevent more than one thread from running in reset (bsc#1152457 ltc#174432). - net/ibmvnic: unlock rtnl_lock in reset so linkwatch_event can run (bsc#1152457 ltc#174432). - net/mlx4_en: fix a memory leak bug (bsc#1046299). - net/mlx5: Add device ID of upcoming BlueField-2 (bsc#1046303 ). - net/mlx5e: Only support tx/rx pause setting for port owner (networking-stable-19_08_21). - net/mlx5e: Prevent encap flow counter update async to user query (networking-stable-19_08_08). - net/mlx5e: Use flow keys dissector to parse packets for ARFS (networking-stable-19_08_21). - net/mlx5: Fix error handling in mlx5_load() (bsc#1046305 ). - net/mlx5: Use reversed order when unregister devices (networking-stable-19_08_08). - net/packet: fix race in tpacket_snd() (networking-stable-19_08_21). - net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05). - net: sched: Fix a possible null-pointer dereference in dequeue_func() (networking-stable-19_08_08). - net/smc: make sure EPOLLOUT is raised (networking-stable-19_08_28). - net: stmmac: dwmac-rk: Do not fail if phy regulator is absent (networking-stable-19_09_05). - nfc: fix attrs checks in netlink interface (bsc#1051510). - nfc: fix memory leak in llcp_sock_bind() (bsc#1051510). - nfc: pn533: fix use-after-free and memleaks (bsc#1051510). - NFS4: Fix v4.0 client state corruption when mount (git-fixes). - nfsd: degraded slot-count more gracefully as allocation nears exhaustion (bsc#1150381). - nfsd: Do not release the callback slot unless it was actually held (git-fixes). - nfsd: Fix overflow causing non-working mounts on 1 TB machines (bsc#1150381). - nfsd: fix performance-limiting session calculation (bsc#1150381). - nfsd: give out fewer session slots as limit approaches (bsc#1150381). - nfsd: handle drc over-allocation gracefully (bsc#1150381). - nfsd: increase DRC cache limit (bsc#1150381). - NFS: Do not interrupt file writeout due to fatal errors (git-fixes). - NFS: Do not open code clearing of delegation state (git-fixes). - NFS: Ensure O_DIRECT reports an error if the bytes read/written is 0 (git-fixes). - NFS: Fix regression whereby fscache errors are appearing on 'nofsc' mounts (git-fixes). - NFS: Forbid setting AF_INET6 to 'struct sockaddr_in'->sin_family (git-fixes). - NFS: Refactor nfs_lookup_revalidate() (git-fixes). - NFS: Remove redundant semicolon (git-fixes). - NFSv4.1: Again fix a race where CB_NOTIFY_LOCK fails to wake a waiter (git-fixes). - NFSv4.1: Fix open stateid recovery (git-fixes). - NFSv4.1: Only reap expired delegations (git-fixes). - NFSv4: Check the return value of update_open_stateid() (git-fixes). - NFSv4: Fix an Oops in nfs4_do_setattr (git-fixes). - NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim() (git-fixes). - NFSv4: Fix delegation state recovery (git-fixes). - NFSv4: Fix lookup revalidate of regular files (git-fixes). - NFSv4: Fix OPEN / CLOSE race (git-fixes). - NFSv4: Handle the special Linux file open access mode (git-fixes). - NFSv4: Only pass the delegation to setattr if we're sending a truncate (git-fixes). - NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend() (git-fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - null_blk: complete requests from ->timeout (bsc#1149446). - null_blk: wire up timeouts (bsc#1149446). - nvme: fix multipath crash when ANA is deactivated (bsc#1149446). - nvmem: Use the same permissions for eeprom as for nvmem (git-fixes). - nvme-rdma: Allow DELETING state change failure in (bsc#1104967,). - nvme-rdma: centralize admin/io queue teardown sequence (bsc#1142076). - nvme-rdma: centralize controller setup sequence (bsc#1142076). - nvme-rdma: fix a NULL deref when an admin connect times out (bsc#1149446). - nvme-rdma: fix timeout handler (bsc#1149446). - nvme-rdma: stop admin queue before freeing it (bsc#1140155). - nvme-rdma: support up to 4 segments of inline data (bsc#1142076). - nvme-rdma: unquiesce queues when deleting the controller (bsc#1142076). - nvme: remove ns sibling before clearing path (bsc#1140155). - nvme: return BLK_EH_DONE from ->timeout (bsc#1142076). - objtool: Clobber user CFLAGS variable (bsc#1153236). - PCI: Correct pci=resource_alignment parameter example (bsc#1051510). - PCI: dra7xx: Fix legacy INTD IRQ handling (bsc#1087092). - PCI: hv: Detect and fix Hyper-V PCI domain number collision (bsc#1150423). - PCI: hv: Use bytes 4 and 5 from instance ID as the PCI domain numbers (bsc#1153263). - PCI: PM: Fix pci_power_up() (bsc#1051510). - phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current (bsc#1051510). - pinctrl: tegra: Fix write barrier placement in pmx_writel (bsc#1051510). - platform/x86: classmate-laptop: remove unused variable (bsc#1051510). - platform/x86: pmc_atom: Add Siemens SIMATIC IPC227E to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Add Siemens SIMATIC IPC277E to critclk_systems DMI table (bsc#1051510). - PM: sleep: Fix possible overflow in pm_system_cancel_wakeup() (bsc#1051510). - PNFS fallback to MDS if no deviceid found (git-fixes). - pNFS/flexfiles: Fix PTR_ERR() dereferences in ff_layout_track_ds_error (git-fixes). - pNFS/flexfiles: Turn off soft RPC calls (git-fixes). - powerpc/64: Make sys_switch_endian() traceable (bsc#1065729). - powerpc/64s/pseries: radix flush translations before MMU is enabled at boot (bsc#1055186). - powerpc/64s/radix: Fix MADV_[FREE|DONTNEED] TLB flush miss problem with THP (bsc#1152161 ltc#181664). - powerpc/64s/radix: Fix memory hotplug section page table creation (bsc#1065729). - powerpc/64s/radix: Fix memory hot-unplug page table split (bsc#1065729). - powerpc/64s/radix: Implement _tlbie(l)_va_range flush functions (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve preempt handling in TLB code (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve TLB flushing for page table freeing (bsc#1152161 ltc#181664). - powerpc/64s/radix: Introduce local single page ceiling for TLB range flush (bsc#1055117 bsc#1152161 ltc#181664). - powerpc/64s/radix: keep kernel ERAT over local process/guest invalidates (bsc#1055186). - powerpc/64s/radix: Optimize flush_tlb_range (bsc#1152161 ltc#181664). - powerpc/64s/radix: tidy up TLB flushing code (bsc#1055186). - powerpc/64s: Rename PPC_INVALIDATE_ERAT to PPC_ISA_3_0_INVALIDATE_ERAT (bsc#1055186). - powerpc/book3s64/mm: Do not do tlbie fixup for some hardware revisions (bsc#1152161 ltc#181664). - powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG feature flag (bsc#1152161 ltc#181664). - powerpc: bpf: Fix generation of load/store DW instructions (bsc#1065729). - powerpc/bpf: use unsigned division instruction for 64-bit operations (bsc#1065729). - powerpc: Drop page_is_ram() and walk_system_ram_range() (bsc#1065729). - powerpc/irq: Do not WARN continuously in arch_local_irq_restore() (bsc#1065729). - powerpc/irq: drop arch_early_irq_init() (bsc#1065729). - powerpc/mm/book3s64: Move book3s64 code to pgtable-book3s64 (bsc#1055186). - powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue on POWER9 (bsc#1152161 ltc#181664). - powerpc/mm: mark more tlb functions as __always_inline (bsc#1055186). - powerpc/mm: Properly invalidate when setting process table base (bsc#1055186). - powerpc/mm/radix: Drop unneeded NULL check (bsc#1152161 ltc#181664). - powerpc/mm/radix: implement LPID based TLB flushes to be used by KVM (bsc#1152161 ltc#181664). - powerpc/mm/radix: mark as __tlbie_pid() and friends as__always_inline (bsc#1055186). - powerpc/mm/radix: mark __radix__flush_tlb_range_psize() as __always_inline (bsc#1055186). - powerpc/mm: Simplify page_is_ram by using memblock_is_memory (bsc#1065729). - powerpc/mm: Use memblock API for PPC32 page_is_ram (bsc#1065729). - powerpc/module64: Fix comment in R_PPC64_ENTRY handling (bsc#1065729). - powerpc/powernv: Fix compile without CONFIG_TRACEPOINTS (bsc#1065729). - powerpc/powernv/ioda2: Allocate TCE table levels on demand for default DMA window (bsc#1061840). - powerpc/powernv/ioda: Fix race in TCE level allocation (bsc#1061840). - powerpc/powernv: move OPAL call wrapper tracing and interrupt handling to C (bsc#1065729). - powerpc/powernv/npu: Remove obsolete comment about TCE_KILL_INVAL_ALL (bsc#1065729). - powerpc/pseries: Call H_BLOCK_REMOVE when supported (bsc#1109158). - powerpc/pseries: Export maximum memory value (bsc#1122363). - powerpc/pseries: Export raw per-CPU VPA data via debugfs (). - powerpc/pseries: Fix cpu_hotplug_lock acquisition in resize_hpt() (bsc#1065729). - powerpc/pseries/memory-hotplug: Fix return value type of find_aa_index (bsc#1065729). - powerpc/pseries/mobility: use cond_resched when updating device tree (bsc#1153112 ltc#181778). - powerpc/pseries: Read TLB Block Invalidate Characteristics (bsc#1109158). - powerpc/pseries: Remove confusing warning message (bsc#1109158). - powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning (bsc#1148868). - powerpc/rtas: allow rescheduling while changing cpu states (bsc#1153112 ltc#181778). - powerpc/xive: Fix bogus error code returned by OPAL (bsc#1065729). - powerpc/xive: Implement get_irqchip_state method for XIVE to fix shutdown race (bsc#1065729). - powerpc/xmon: Fix opcode being uninitialized in print_insn_powerpc (bsc#1065729). - power: reset: gpio-restart: Fix typo when gpio reset is not found (bsc#1051510). - power: supply: Init device wakeup after device_add() (bsc#1051510). - power: supply: sysfs: ratelimit property read error message (bsc#1051510). - ppp: Fix memory leak in ppp_write (git-fixes). - printk: Do not lose last line in kmsg buffer dump (bsc#1152460). - printk: fix printk_time race (bsc#1152466). - printk/panic: Avoid deadlock in printk() after stopping CPUs by NMI (bsc#1148712). - qed: iWARP - Fix default window size to be based on chip (bsc#1050536 bsc#1050545). - qed: iWARP - Fix tc for MPA ll2 connection (bsc#1050536 bsc#1050545). - qed: iWARP - fix uninitialized callback (bsc#1050536 bsc#1050545). - qed: iWARP - Use READ_ONCE and smp_store_release to access ep->state (bsc#1050536 bsc#1050545). - qla2xxx: kABI fixes for v10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - qla2xxx: remove SGI SN2 support (bsc#1123034 bsc#1131304 bsc#1127988). - quota: fix wrong condition in is_quota_modification() (bsc#1152026). - r8152: Set memory to all 0xFFs on failed reg reads (bsc#1051510). - RDMA/bnxt_re: Fix spelling mistake 'missin_resp' -> 'missing_resp' (bsc#1050244). - RDMA: Fix goto target to release the allocated memory (bsc#1050244). - regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg (bsc#1051510). - Revert 'mwifiex: fix system hang problem after resume' (bsc#1051510). - Revert 'Revert 'rpm/kernel-binary.spec.in: rename kGraft to KLP ()'' This reverts commit 468af43c8fd8509820798b6d8ed363fc417ca939 Should get this rename again with next SLE15 merge. - rtlwifi: rtl8192cu: Fix value set in descriptor (bsc#1142635). - s390/crypto: fix gcm-aes-s390 selftest failures (bsc#1137861 LTC#178091). - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero (networking-stable-19_09_15). - scsi: lpfc: Fix null ptr oops updating lpfc_devloss_tmo via sysfs attribute (bsc#1140845). - scsi: lpfc: Fix propagation of devloss_tmo setting to nvme transport (bsc#1140883). - scsi: lpfc: Remove bg debugfs buffers (bsc#1144375). - scsi: qedf: fc_rport_priv reference counting fixes (bsc#1098291). - scsi: qedf: Modify abort and tmf handler to handle edge condition and flush (bsc#1098291). - scsi: qla2xxx: Add 28xx flash primary/secondary status/image mechanism (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add Device ID for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add First Burst support for FC-NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add fw_attr and port_no SysFS node (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add new FW dump template entry types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add pci function reset support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add protection mask module parameters (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add Serdes support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for multiple fwdump templates/segments (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for setting port speed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Allow NVMe IO to resume with short cable pull (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: allow session delete to finish before create (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid PCI IRQ affinity mapping when multiqueue is not supported (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: avoid printf format warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that Coverity complains about dereferencing a NULL rport pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if called twice (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change abort wait_loop from msleep to wait_event_timeout (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change data_dsd into an array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change default ZIO threshold (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla24xx_read_flash_data() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla2x00_update_ms_fdmi_iocb() into void (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for FW started flag before aborting (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: check for kstrtol() failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check secondary image if reading the primary image fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the PCI info string output buffer size (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the size of firmware data structures at compile time (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup fcport memory to prevent leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds during unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: cleanup trace buffer initialization (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a command is released that is owned by the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a mailbox command times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a soft reset fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if parsing the version string fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if sp->done() is not called from the completion path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if waiting for pending commands times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain loudly about reference count underflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correct error handling during initialization failures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correction and improvement to fwdt processing (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correctly report max/min supported speeds (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: deadlock by configfs_depend_item (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare fourth qla2x00_set_model_info() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare local symbols static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla_tgt_cmd.cdb const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare the fourth ql_dump_buffer() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Do not corrupt vha->plogi_ack_list (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Downgrade driver to 10.01.00.19-k There are upstream bug reports against 10.01.00.19-k which haven't been resolved. Also the newer version failed to get a proper review. For time being it's better to got with the older version and do not introduce new bugs. - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Enable type checking for the SRB free and done callback functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix abort timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a NULL pointer dereference (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a qla24xx_enable_msix() error path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a recently introduced kernel warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a small typo in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix code indentation for qla27xx_fwdt_entry (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment alignment in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment in MODULE_PARM_DESC in qla2xxx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix different size DMA Alloc/Unmap (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA error when the DIF sg buffer crosses 4GB boundary (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA unmap leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver reload for ISP82xx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are connected (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix fcport null pointer access (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix flash read for Qlogic ISPs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix formatting of pointer types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw dump corruption (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw options handle eh_bus_reset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hang in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardirq-unsafe locking (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardlockup in abort command during driver remove (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix kernel crash after disconnecting NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix message indicating vectors used by driver (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link reset (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link up fail (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Nport ID display value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVMe port discovery after a short device port loss (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix possible fcport null-pointer dereferences (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix premature timer expiration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix read offset in qla24xx_load_risc_flash() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix routine qla27xx_dump_{mpi|ram}() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session cleanup hang (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session lookup in qlt_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake 'alredy' -> 'already' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake 'initializatin' -> 'initialization' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix SRB allocation flag to avoid sleeping in IRQ context (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stuck login session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unload when NVMe devices are configured (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix use-after-free issues in qla2xxx_qpair_sp_free_dma() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: flush IO on chip reset or sess delete (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Further limit FLASH region write access from SysFS (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve Linux kernel coding style conformance (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve logging for scan thread (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Include the <asm/unaligned.h> header file from qla_dsd.h (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the max_sgl_segments to 1024 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the size of the mailbox arrays from 4 to 8 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Insert spaces where required (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2xxx_get_next_handle() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the be_id_t and le_id_t data types for FC src/dst IDs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the dsd32 and dsd64 data structures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Leave a blank line after declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Let the compiler check the type of the SCSI command context pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Log the status code if a firmware command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make it explicit that ELS pass-through IOCBs use little endian (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_mem_free() easier to verify (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_process_response_queue() easier to read (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qlt_handle_abts_completion() more robust (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make sure that aborted commands are freed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Modify NVMe include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move debug messages before sending srb preventing panic (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: move IO flush to the front of NVME rport unregistration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move marker request behind QPair (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_clear_loop_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_is_reserved_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids() definition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the <linux/io-64-nonatomic-lo-hi.h> include directive (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the port_state_str definition from a .h to a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: no need to check return value of debugfs_create functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: on session delete, return nvme cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Pass little-endian values to the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent memory leak for CT req/rsp allocation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent multiple ADISC commands per session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent SysFS access when chip is down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Really fix qla2xxx_eh_abort() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of casts in GID list code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of forward declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the scope of three local variables in qla2xxx_queuecommand() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reject EH_{abort|device_reset|target_request} (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a comment that refers to the SCSI host lock (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove an include directive from qla_mr.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous forward declaration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous pointer check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove dead code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove double assignment in qla2x00_update_fcport (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove FW default template (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove redundant null check on pointer sess (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove set but not used variable 'ptr_dma' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove superfluous sts_entry_* casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove the fcport test from qla_nvme_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous if-tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary locking from the target code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary null check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unreachable code from qla83xx_idc_lock() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove useless set memory to zero use memset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove WARN_ON_ONCE in qla2x00_status_cont_entry() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Replace vmalloc + memset with vzalloc (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report invalid mailbox status codes (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report the firmware status code if a mailbox command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Restore FAWWPN of Physical Port only for loop down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Retry fabric Scan on IOCB queue full (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Rework key encoding in qlt_find_host_by_d_id() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Secure flash update support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remote port devloss timeout to 0 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remove flag for all VP (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the responder mode if appropriate for ELS pass-through IOCBs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the SCSI command result before calling the command done (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence fwdump template message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence Successful ELS IOCB message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplification of register address used in qla_tmpl.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify a debug statement (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify conditional check again (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_abort_sp_done() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_async_abort_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_lport_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_send_term_imm_notif() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Skip FW dump on LOOP initialization error (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress a Coveritiy complaint about integer overflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress multiple Coverity complaint about out-of-bounds accesses (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: target: Fix offline port handling and host reset handling (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Uninline qla2x00_init_timer() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Unregister resources in the opposite order of the registration order (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.13-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.14-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.15-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.16-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.19-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update flash read/write routine (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use an on-stack completion in qla24xx_control_vp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use ARRAY_SIZE() in the definition of QLA_LAST_SPEED (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use common update-firmware-options routine for ISP27xx+ (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use complete switch scan for RSCN events (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use Correct index for Q-Pair array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use get/put_unaligned where appropriate (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use __le64 instead of uint32_t for sending DMA addresses to firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use memcpy() and strlcpy() instead of strcpy() and strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use mutex protection during qla2x00_sysfs_read_fw_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use strlcpy() instead of strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs instead of spaces for indentation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs to indent code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Verify locking assumptions at runtime (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: scsi_dh_rdac: zero cdb in send_mode_select() (bsc#1149313). - scsi: scsi_transport_fc: nvme: display FC-NVMe port roles (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: storvsc: setup 1:1 mapping between hardware queue and CPU queue (bsc#1140729). - scsi: tcm_qla2xxx: Minimize #include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi_transport_fc: complete requests from ->timeout (bsc#1142076). - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()' (networking-stable-19_09_15). - sctp: fix the transport error_count check (networking-stable-19_08_21). - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike (networking-stable-19_09_15). - secure boot lockdown: Fix-up backport of /dev/mem access restriction The upstream-submitted patch set has evolved over time, align our patches (contents and description) to reflect the current status as far as /dev/mem access is concerned. - Sign non-x86 kernels when possible (boo#1134303) - sky2: Disable MSI on yet another ASUS boards (P6Xxxx) (bsc#1051510). - slip: make slhc_free() silently accept an error pointer (bsc#1051510). - slip: sl_alloc(): remove unused parameter 'dev_t line' (bsc#1051510). - sock_diag: fix autoloading of the raw_diag module (bsc#1152791). - sock_diag: request _diag module only when the family or proto has been registered (bsc#1152791). - staging: vt6655: Fix memory leak in vt6655_probe (bsc#1051510). - SUNRPC fix regression in umount of a secure mount (git-fixes). - SUNRPC: Handle connection breakages correctly in call_status() (git-fixes). - SUNRPC/nfs: Fix return value for nfs4_callback_compound() (git-fixes). - tcp: Do not dequeue SYN/FIN-segments from write-queue (git-gixes). - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR (networking-stable-19_09_15). - tcp: inherit timestamp on mtu probe (networking-stable-19_09_05). - tcp: make sure EPOLLOUT wont be missed (networking-stable-19_08_28). - tcp: remove empty skb from write queue in error cases (networking-stable-19_09_05). - team: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - thermal: Fix use-after-free when unregistering thermal zone device (bsc#1051510). - thermal_hwmon: Sanitize thermal_zone type (bsc#1051510). - tipc: add NULL pointer check before calling kfree_rcu (networking-stable-19_09_15). - tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts (bsc#1082555). - tracing: Initialize iter->seq after zeroing in tracing_read_pipe() (bsc#1151508). - tun: fix use-after-free when register netdev failed (networking-stable-19_09_15). - tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (bsc#1145099). - tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (bsc#1145099). - usb: adutux: fix NULL-derefs on disconnect (bsc#1142635). - usb: adutux: fix use-after-free on disconnect (bsc#1142635). - usb: adutux: fix use-after-free on release (bsc#1051510). - usb: chaoskey: fix use-after-free on release (bsc#1051510). - usb: dummy-hcd: fix power budget for SuperSpeed mode (bsc#1051510). - usb: iowarrior: fix use-after-free after driver unbind (bsc#1051510). - usb: iowarrior: fix use-after-free on disconnect (bsc#1051510). - usb: iowarrior: fix use-after-free on release (bsc#1051510). - usb: legousbtower: fix deadlock on disconnect (bsc#1142635). - usb: legousbtower: fix open after failed reset request (bsc#1142635). - usb: legousbtower: fix potential NULL-deref on disconnect (bsc#1142635). - usb: legousbtower: fix slab info leak at probe (bsc#1142635). - usb: legousbtower: fix use-after-free on release (bsc#1051510). - usb: microtek: fix info-leak at probe (bsc#1142635). - usbnet: ignore endpoints with invalid wMaxPacketSize (bsc#1051510). - usbnet: sanity checking of packet sizes and device mtu (bsc#1051510). - usb: serial: fix runtime PM after driver unbind (bsc#1051510). - usb: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20 (bsc#1051510). - usb: serial: keyspan: fix NULL-derefs on open() and write() (bsc#1051510). - usb: serial: option: add support for Cinterion CLS8 devices (bsc#1051510). - usb: serial: option: add Telit FN980 compositions (bsc#1051510). - usb: usbcore: Fix slab-out-of-bounds bug during device reset (bsc#1051510). - usb: usblcd: fix I/O after disconnect (bsc#1142635). - usb: usblp: fix runtime PM after driver unbind (bsc#1051510). - usb: usb-skeleton: fix NULL-deref on disconnect (bsc#1051510). - usb: usb-skeleton: fix runtime PM after driver unbind (bsc#1051510). - usb: usb-skeleton: fix use-after-free after driver unbind (bsc#1051510). - usb: xhci: wait for CNR controller not ready bit in xhci resume (bsc#1051510). - usb: yurex: Do not retry on unexpected errors (bsc#1051510). - usb: yurex: fix NULL-derefs on disconnect (bsc#1051510). - vfio_pci: Restore original state on release (bsc#1051510). - vhost_net: conditionally enable tx polling (bsc#1145099). - vhost_net: conditionally enable tx polling (bsc#1145099). - video: of: display_timing: Add of_node_put() in of_get_display_timing() (bsc#1051510). - video: ssd1307fb: Start page range at page_offset (bsc#1113722) - watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout (bsc#1051510). - x86/asm: Fix MWAITX C-state hint value (bsc#1114279). - x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h (bsc#1114279). - x86/fpu: Add FPU state copying quirk to handle XRSTOR failure on Intel Skylake CPUs (bsc#1151955). - x86/mm: Use WRITE_ONCE() when setting PTEs (bsc#1114279). - x86/tls: Fix possible spectre-v1 in do_get_thread_area() (bsc#1114279). - xen/netback: fix error path of xenvif_connect_data() (bsc#1065600). - xen/netback: Reset nr_frags before freeing skb (networking-stable-19_08_21). - xen-netfront: do not assume sk_buff_head list is empty in error handling (bsc#1065600). - xen-netfront: do not use ~0U as error return value for xennet_fill_frags() (bsc#1065600). - xen/pv: Fix Xen PV guest int3 handling (bsc#1153811). - xen/xenbus: fix self-deadlock after killing user process (bsc#1065600). - xhci: Check all endpoints for LPM timeout (bsc#1051510). - xhci: Fix false warning message about wrong bounce buffer write length (bsc#1051510). - xhci: Increase STS_SAVE timeout in xhci_suspend() (bsc#1051510). - xhci: Prevent device initiated U1/U2 link pm if exit latency is too long (bsc#1051510). Important SUSE bug 1046299 SUSE bug 1046303 SUSE bug 1046305 SUSE bug 1050244 SUSE bug 1050536 SUSE bug 1050545 SUSE bug 1051510 SUSE bug 1054914 SUSE bug 1055117 SUSE bug 1055186 SUSE bug 1061840 SUSE bug 1064802 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1066129 SUSE bug 1071995 SUSE bug 1073513 SUSE bug 1082555 SUSE bug 1086323 SUSE bug 1087092 SUSE bug 1089644 SUSE bug 1093205 SUSE bug 1097583 SUSE bug 1097584 SUSE bug 1097585 SUSE bug 1097586 SUSE bug 1097587 SUSE bug 1097588 SUSE bug 1098291 SUSE bug 1101674 SUSE bug 1104967 SUSE bug 1109158 SUSE bug 1113722 SUSE bug 1114279 SUSE bug 1117665 SUSE bug 1119086 SUSE bug 1122363 SUSE bug 1123034 SUSE bug 1123080 SUSE bug 1127155 SUSE bug 1127988 SUSE bug 1131304 SUSE bug 1133140 SUSE bug 1134303 SUSE bug 1135642 SUSE bug 1135854 SUSE bug 1135873 SUSE bug 1137799 SUSE bug 1137861 SUSE bug 1137865 SUSE bug 1137959 SUSE bug 1140155 SUSE bug 1140729 SUSE bug 1140845 SUSE bug 1140883 SUSE bug 1141600 SUSE bug 1142076 SUSE bug 1142635 SUSE bug 1142667 SUSE bug 1144375 SUSE bug 1144449 SUSE bug 1145099 SUSE bug 1146042 SUSE bug 1146519 SUSE bug 1146540 SUSE bug 1146664 SUSE bug 1148133 SUSE bug 1148410 SUSE bug 1148712 SUSE bug 1148868 SUSE bug 1149313 SUSE bug 1149446 SUSE bug 1149555 SUSE bug 1149651 SUSE bug 1150381 SUSE bug 1150423 SUSE bug 1150452 SUSE bug 1150465 SUSE bug 1150875 SUSE bug 1151350 SUSE bug 1151508 SUSE bug 1151610 SUSE bug 1151667 SUSE bug 1151671 SUSE bug 1151680 SUSE bug 1151891 SUSE bug 1151955 SUSE bug 1152024 SUSE bug 1152025 SUSE bug 1152026 SUSE bug 1152161 SUSE bug 1152325 SUSE bug 1152457 SUSE bug 1152460 SUSE bug 1152466 SUSE bug 1152788 SUSE bug 1152791 SUSE bug 1152972 SUSE bug 1152974 SUSE bug 1152975 SUSE bug 1153112 SUSE bug 1153158 SUSE bug 1153236 SUSE bug 1153263 SUSE bug 1153646 SUSE bug 1153713 SUSE bug 1153717 SUSE bug 1153718 SUSE bug 1153719 SUSE bug 1153811 SUSE bug 1154108 SUSE bug 1154189 SUSE bug 1154354 SUSE bug 1154372 SUSE bug 1154578 SUSE bug 1154607 SUSE bug 1154608 SUSE bug 1154610 SUSE bug 1154611 SUSE bug 1154651 SUSE bug 1154747 CVE-2017-18595 CVE-2019-14821 CVE-2019-15291 CVE-2019-16232 CVE-2019-16234 CVE-2019-17056 CVE-2019-17133 CVE-2019-17666 CVE-2019-9506 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for samba fixes the following issues: - CVE-2019-10218: Client code can return filenames containing path separators (bsc#1144902). Important SUSE bug 1144902 CVE-2019-10218 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for bluez fixes the following issue: - CVE-2016-9798: Fixed a use-after-free in conf_opt (bsc#1013712). Moderate SUSE bug 1013712 CVE-2016-9798 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for gdb fixes the following issues: Update to gdb 8.3.1: (jsc#ECO-368) Security issues fixed: - CVE-2019-1010180: Fixed a potential buffer overflow when loading ELF sections larger than the file. (bsc#1142772) Upgrade libipt from v2.0 to v2.0.1. - Enable librpm for version > librpm.so.3 [bsc#1145692]: * Allow any librpm.so.x * Add %build test to check for 'zypper install <rpm-packagename>' message - Copy gdbinit from fedora master @ 25caf28. Add gdbinit.without-python, and use it for --without=python. Rebase to 8.3 release (as in fedora 30 @ 1e222a3). * DWARF index cache: GDB can now automatically save indices of DWARF symbols on disk to speed up further loading of the same binaries. * Ada task switching is now supported on aarch64-elf targets when debugging a program using the Ravenscar Profile. * Terminal styling is now available for the CLI and the TUI. * Removed support for old demangling styles arm, edg, gnu, hp and lucid. * Support for new native configuration RISC-V GNU/Linux (riscv*-*-linux*). - Implemented access to more POWER8 registers. [fate#326120, fate#325178] - Also handle most new s390 arch13 instructions. [fate#327369, jsc#ECO-368] Moderate SUSE bug 1115034 SUSE bug 1142772 SUSE bug 1145692 CVE-2019-1010180 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libssh2_org fixes the following issue: - CVE-2019-17498: Fixed an integer overflow in a bounds check that might have led to the disclosure of sensitive information or a denial of service (bsc#1154862). Moderate SUSE bug 1154862 CVE-2019-17498 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libseccomp fixes the following issues: Update to new upstream release 2.4.1: * Fix a BPF generation bug where the optimizer mistakenly identified duplicate BPF code blocks. Updated to 2.4.0 (bsc#1128828 CVE-2019-9893): * Update the syscall table for Linux v5.0-rc5 * Added support for the SCMP_ACT_KILL_PROCESS action * Added support for the SCMP_ACT_LOG action and SCMP_FLTATR_CTL_LOG attribute * Added explicit 32-bit (SCMP_AX_32(...)) and 64-bit (SCMP_AX_64(...)) argument comparison macros to help protect against unexpected sign extension * Added support for the parisc and parisc64 architectures * Added the ability to query and set the libseccomp API level via seccomp_api_get(3) and seccomp_api_set(3) * Return -EDOM on an endian mismatch when adding an architecture to a filter * Renumber the pseudo syscall number for subpage_prot() so it no longer conflicts with spu_run() * Fix PFC generation when a syscall is prioritized, but no rule exists * Numerous fixes to the seccomp-bpf filter generation code * Switch our internal hashing function to jhash/Lookup3 to MurmurHash3 * Numerous tests added to the included test suite, coverage now at ~92% * Update our Travis CI configuration to use Ubuntu 16.04 * Numerous documentation fixes and updates Update to release 2.3.3: * Updated the syscall table for Linux v4.15-rc7 Update to release 2.3.2: * Achieved full compliance with the CII Best Practices program * Added Travis CI builds to the GitHub repository * Added code coverage reporting with the '--enable-code-coverage' configure flag and added Coveralls to the GitHub repository * Updated the syscall tables to match Linux v4.10-rc6+ * Support for building with Python v3.x * Allow rules with the -1 syscall if the SCMP\_FLTATR\_API\_TSKIP attribute is set to true * Several small documentation fixes - ignore make check error for ppc64/ppc64le, bypass bsc#1142614 Moderate SUSE bug 1082318 SUSE bug 1128828 SUSE bug 1142614 CVE-2019-9893 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. The Linux Kernel KVM hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack. The Linux kernel was supplemented with the option to disable TSX operation altogether (requiring CPU Microcode updates on older systems) and better flushing of microarchitectural buffers (VERW). The set of options available is described in our TID at https://www.suse.com/support/kb/doc/?id=7024251 Other security fixes: - CVE-2019-0154: Fixed a local denial of service via read of unprotected i915 registers. (bsc#1135966) - CVE-2019-0155: Fixed privilege escalation in the i915 driver. Batch buffers from usermode could have escalated privileges via blitter command stream. (bsc#1135967) - CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150457). - CVE-2019-10220: Added sanity checks on the pathnames passed to the user space. (bsc#1144903). The following non-security bugs were fixed: - alsa: bebob: Fix prototype of helper function to return negative value (bsc#1051510). - alsa: hda/realtek - Add support for ALC623 (bsc#1051510). - alsa: hda/realtek - Add support for ALC711 (bsc#1051510). - alsa: hda/realtek - Fix 2 front mics of codec 0x623 (bsc#1051510). - alsa: hda: Add Elkhart Lake PCI ID (bsc#1051510). - alsa: hda: Add Tigerlake/Jasperlake PCI ID (bsc#1051510). - alsa: timer: Fix mutex deadlock at releasing card (bsc#1051510). - arcnet: provide a buffer big enough to actually receive packets (networking-stable-19_09_30). - asoc: rockchip: i2s: Fix RPM imbalance (bsc#1051510). - asoc: rsnd: Reinitialize bit clock inversion flag for every format setting (bsc#1051510). - bpf: fix use after free in prog symbol exposure (bsc#1083647). - btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group() (bsc#1155178). - btrfs: qgroup: Always free PREALLOC META reserve in btrfs_delalloc_release_extents() (bsc#1155179). - btrfs: tracepoints: Fix bad entry members of qgroup events (bsc#1155186). - btrfs: tracepoints: Fix wrong parameter order for qgroup events (bsc#1155184). - crypto: af_alg - Fix race around ctx->rcvused by making it atomic_t (bsc#1154737). - crypto: af_alg - Initialize sg_num_bytes in error code path (bsc#1051510). - crypto: af_alg - consolidation of duplicate code (bsc#1154737). - crypto: af_alg - fix race accessing cipher request (bsc#1154737). - crypto: af_alg - remove locking in async callback (bsc#1154737). - crypto: af_alg - update correct dst SGL entry (bsc#1051510). - crypto: af_alg - wait for data at beginning of recvmsg (bsc#1154737). - crypto: algif - return error code when no data was processed (bsc#1154737). - crypto: algif_aead - copy AAD from src to dst (bsc#1154737). - crypto: algif_aead - fix reference counting of null skcipher (bsc#1154737). - crypto: algif_aead - overhaul memory management (bsc#1154737). - crypto: algif_aead - skip SGL entries with NULL page (bsc#1154737). - crypto: algif_skcipher - overhaul memory management (bsc#1154737). - cxgb4:Fix out-of-bounds MSI-X info array access (networking-stable-19_10_05). - drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50 (bsc#1051510). - drm/i915/cmdparser: Add support for backward jumps (bsc#1135967) - drm/i915/cmdparser: Ignore Length operands during command matching (bsc#1135967) - drm/i915/cmdparser: Use explicit goto for error paths (bsc#1135967) - drm/i915/gen8+: Add RC6 CTX corruption WA (bsc#1135967) - drm/i915/gtt: Add read only pages to gen8_pte_encode (bsc#1135967) - drm/i915/gtt: Disable read-only support under GVT (bsc#1135967) - drm/i915/gtt: Read-only pages for insert_entries on bdw (bsc#1135967) - drm/i915: Add gen9 BCS cmdparsing (bsc#1135967) - drm/i915: Add support for mandatory cmdparsing (bsc#1135967) - drm/i915: Allow parsing of unsized batches (bsc#1135967) - drm/i915: Disable Secure Batches for gen6+ - drm/i915: Lower RM timeout to avoid DSI hard hangs (bsc#1135967) - drm/i915: Prevent writing into a read-only object via a GGTT mmap (bsc#1135967) - drm/i915: Remove Master tables from cmdparser - drm/i915: Rename gen7 cmdparser tables (bsc#1135967) - drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (bsc#1135967) - efi/memattr: Do not bail on zero VA if it equals the region's PA (bsc#1051510). - efi: cper: print AER info of PCIe fatal error (bsc#1051510). - efivar/ssdt: Do not iterate over EFI vars if no SSDT override was specified (bsc#1051510). - hid: fix error message in hid_open_report() (bsc#1051510). - hid: logitech-hidpp: do all FF cleanup in hidpp_ff_destroy() (bsc#1051510). - hso: fix NULL-deref on tty open (bsc#1051510). - hyperv: set nvme msi interrupts to unmanaged (jsc#SLE-8953, jsc#SLE-9221, jsc#SLE-4941, bsc#1119461, bsc#1119465, bsc#1138190, bsc#1154905). - ib/core: Add mitigation for Spectre V1 (bsc#1155671) - ieee802154: ca8210: prevent memory leak (bsc#1051510). - input: synaptics-rmi4 - avoid processing unknown IRQs (bsc#1051510). - integrity: prevent deadlock during digsig verification (bsc#1090631). - ipv6: Handle missing host route in __ipv6_ifa_notify (networking-stable-19_10_05). - ipv6: drop incoming packets having a v4mapped source address (networking-stable-19_10_05). - kABI workaround for crypto/af_alg changes (bsc#1154737). - kABI workaround for drm_vma_offset_node readonly field addition (bsc#1135967) - ksm: cleanup stable_node chain collapse case (bnc#1144338). - ksm: fix use after free with merge_across_nodes = 0 (bnc#1144338). - ksm: introduce ksm_max_page_sharing per page deduplication limit (bnc#1144338). - ksm: optimize refile of stable_node_dup at the head of the chain (bnc#1144338). - ksm: swap the two output parameters of chain/chain_prune (bnc#1144338). - kvm: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (bsc#1117665). - kvm: x86: mmu: Recovery of shattered NX large pages (bsc#1117665, CVE-2018-12207). - mac80211: Reject malformed SSID elements (bsc#1051510). - mac80211: fix txq null pointer dereference (bsc#1051510). - md/raid0: avoid RAID0 data corruption due to layout confusion (bsc#1140090). - md/raid0: fix warning message for parameter default_layout (bsc#1140090). - net/phy: fix DP83865 10 Mbps HDX loopback disable function (networking-stable-19_09_30). - net/rds: Fix error handling in rds_ib_add_one() (networking-stable-19_10_05). - net/rds: fix warn in rds_message_alloc_sgs (bsc#1154848). - net/rds: remove user triggered WARN_ON in rds_sendmsg (bsc#1154848). - net/sched: act_sample: do not push mac header on ip6gre ingress (networking-stable-19_09_30). - net/smc: fix SMCD link group creation with VLAN id (bsc#1154959). - net: Replace NF_CT_ASSERT() with WARN_ON() (bsc#1146612). - net: Unpublish sk from sk_reuseport_cb before call_rcu (networking-stable-19_10_05). - net: openvswitch: free vport unless register_netdevice() succeeds (git-fixes). - net: qlogic: Fix memory leak in ql_alloc_large_buffers (networking-stable-19_10_05). - net: qrtr: Stop rx_worker before freeing node (networking-stable-19_09_30). - net_sched: add policy validation for action attributes (networking-stable-19_09_30). - net_sched: fix backward compatibility for TCA_ACT_KIND (git-fixes). - netfilter: nf_nat: do not bug when mapping already exists (bsc#1146612). - nfsv4.1 - backchannel request should hold ref on xprt (bsc#1152624). - nl80211: fix null pointer dereference (bsc#1051510). - openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC (networking-stable-19_09_30). - qmi_wwan: add support for Cinterion CLS8 devices (networking-stable-19_10_05). - r8152: Set macpassthru in reset_resume callback (bsc#1051510). - rds: Fix warning (bsc#1154848). - reiserfs: fix extended attributes on the root directory (bsc#1151225). - rpm/kernel-subpackage-spec: Mention debuginfo in the subpackage description (bsc#1149119). - s390/cmf: set_schib_wait add timeout (bsc#1153509, bsc#1153476). - sch_cbq: validate TCA_CBQ_WRROPT to avoid crash (networking-stable-19_10_05). - sch_dsmark: fix potential NULL deref in dsmark_init() (networking-stable-19_10_05). - sch_netem: fix a divide by zero in tabledist() (networking-stable-19_09_30). - sched/fair: Avoid divide by zero when rebalancing domains (bsc#1096254). - scsi: lpfc: Fix devices that do not return after devloss followed by rediscovery (bsc#1137040). - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix N2N link reset (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix N2N link up fail (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix partial flash write of MBI (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix wait condition in loop (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Improve logging for scan thread (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Initialized mailbox to prevent driver load failure (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Set remove flag for all VP (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Silence fwdump template message (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: fix a potential NULL pointer dereference (bsc#1150457 CVE-2019-16233). - scsi: qla2xxx: fixup incorrect usage of host_byte (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: remove redundant assignment to pointer host (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: stop timer in shutdown path (bsc#1143706 bsc#1082635 bsc#1123034). - skge: fix checksum byte order (networking-stable-19_09_30). - staging: wlan-ng: fix exit return when sme->key_idx >= NUM_WEPKEYS (bsc#1051510). - supporte.conf: add efivarfs to kernel-default-base (bsc#1154858). - tipc: fix unlimited bundling of small messages (networking-stable-19_10_05). - usb: ldusb: fix NULL-derefs on driver unbind (bsc#1051510). - usb: ldusb: fix memleak on disconnect (bsc#1051510). - usb: ldusb: fix read info leaks (bsc#1051510). - usb: legousbtower: fix a signedness bug in tower_probe() (bsc#1051510). - usb: legousbtower: fix memleak on disconnect (bsc#1051510). - usb: serial: ti_usb_3410_5052: fix port-close races (bsc#1051510). - usb: udc: lpc32xx: fix bad bit shift operation (bsc#1051510). - usb: usblp: fix use-after-free on disconnect (bsc#1051510). - vfs: Make filldir[64]() verify the directory entry filename is valid (bsc#1144903, CVE-2019-10220). - vsock: Fix a lockdep warning in __vsock_release() (networking-stable-19_10_05). - x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area (bnc#1153969). - x86/boot/64: Round memory hole size up to next PMD page (bnc#1153969). - x86/tsx: Add config options to set tsx=on|off|auto (bsc#1139073, CVE-2019-11135). Important SUSE bug 1051510 SUSE bug 1082635 SUSE bug 1083647 SUSE bug 1090631 SUSE bug 1096254 SUSE bug 1117665 SUSE bug 1119461 SUSE bug 1119465 SUSE bug 1123034 SUSE bug 1135966 SUSE bug 1135967 SUSE bug 1137040 SUSE bug 1138190 SUSE bug 1139073 SUSE bug 1140090 SUSE bug 1143706 SUSE bug 1144338 SUSE bug 1144903 SUSE bug 1146612 SUSE bug 1149119 SUSE bug 1150457 SUSE bug 1151225 SUSE bug 1152624 SUSE bug 1153476 SUSE bug 1153509 SUSE bug 1153969 SUSE bug 1154737 SUSE bug 1154848 SUSE bug 1154858 SUSE bug 1154905 SUSE bug 1154959 SUSE bug 1155178 SUSE bug 1155179 SUSE bug 1155184 SUSE bug 1155186 SUSE bug 1155671 CVE-2018-12207 CVE-2019-0154 CVE-2019-0155 CVE-2019-10220 CVE-2019-11135 CVE-2019-16233 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for qemu fixes the following issues: - Remove a backslash '\' escape character from 80-qemu-ga.rules (bsc#1153358) Unlike sles 15 or newer guests, The udev rule file of qemu guest agent in sles 12 sp4 or newer guest only needs one escape character. - Fix use-after-free in slirp (CVE-2018-20126 bsc#1119991) - Fix potential DOS in lsi scsi controller emulation (CVE-2019-12068 bsc#1146873) - Expose taa-no 'feature', indicating CPU does not have the TSX Async Abort vulnerability. (CVE-2019-11135 bsc#1152506) - Expose pschange-mc-no 'feature', indicating CPU does not have the page size change machine check vulnerability (CVE-2018-12207 bsc#1155812) - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE12-SP4 Important SUSE bug 1119991 SUSE bug 1146873 SUSE bug 1152506 SUSE bug 1153358 SUSE bug 1155812 CVE-2018-12207 CVE-2018-20126 CVE-2019-11135 CVE-2019-12068 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for ucode-intel fixes the following issues: - Updated to 20191112 security release (bsc#1155988) - Processor Identifier Version Products - Model Stepping F-MO-S/PI Old->New - ---- new platforms ---------------------------------------- - CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile - CNL-U D0 6-66-3/80 0000002a Core Gen8 Mobile - SKX-SP B1 6-55-3/97 01000150 Xeon Scalable - ICL U/Y D1 6-7e-5/80 00000046 Core Gen10 Mobile - ---- updated platforms ------------------------------------ - SKL U/Y D0 6-4e-3/c0 000000cc->000000d4 Core Gen6 Mobile - SKL H/S/E3 R0/N0 6-5e-3/36 000000cc->000000d4 Core Gen6 - AML-Y22 H0 6-8e-9/10 000000b4->000000c6 Core Gen8 Mobile - KBL-U/Y H0 6-8e-9/c0 000000b4->000000c6 Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 000000b4->000000c6 Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000b8->000000c6 Core Gen8 Mobile - AML-Y V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile - CML-U42 V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile - WHL-U V0 6-8e-c/94 000000b8->000000c6 Core Gen8 Mobile - KBL-G/X H0 6-9e-9/2a 000000b4->000000c6 Core Gen7/Gen8 - KBL-H/S/E3 B0 6-9e-9/2a 000000b4->000000c6 Core Gen7; Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 000000b4->000000c6 Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 000000b4->000000c6 Core Gen8 - CFL-H R0 6-9e-d/22 000000b8->000000c6 Core Gen9 Mobile - Includes security fixes for: - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073) - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035) - requires coreutils for the %post script (bsc#1154043) Important SUSE bug 1139073 SUSE bug 1141035 SUSE bug 1154043 SUSE bug 1155988 CVE-2019-11135 CVE-2019-11139 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for xen fixes the following issues: - CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. (bsc#1155945) - CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack. (bsc#1152497). - CVE-2019-18424: An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. (bsc#1154461). - CVE-2019-18421: A malicious PV guest administrator may have been able to escalate their privilege to that of the host. (bsc#1154458). - CVE-2019-18425: 32-bit PV guest user mode could elevate its privileges to that of the guest kernel. (bsc#1154456). - CVE-2019-18420: Malicious x86 PV guests may have caused a hypervisor crash, resulting in a Denial of Service (Dos). (bsc#1154448) Important SUSE bug 1152497 SUSE bug 1154448 SUSE bug 1154456 SUSE bug 1154458 SUSE bug 1154461 SUSE bug 1155945 CVE-2018-12207 CVE-2019-11135 CVE-2019-18420 CVE-2019-18421 CVE-2019-18424 CVE-2019-18425 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libjpeg-turbo fixes the following issues: - CVE-2019-2201: Several integer overflow issues and subsequent segfaults occurred in libjpeg-turbo, when attempting to compress or decompress gigapixel images. [bsc#1156402] Important SUSE bug 1156402 CVE-2019-2201 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for ghostscript fixes the following issue: - CVE-2019-14869: Fixed a possible dSAFER escape which could have allowed an attacker to gain high privileges by a specially crafted Postscript code (bsc#1156275). Important SUSE bug 1156275 CVE-2019-14869 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for ucode-intel fixes the following issues: - Updated to 20191112 official security release (bsc#1155988) - Includes security fixes for: - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073) - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035) Important SUSE bug 1139073 SUSE bug 1141035 SUSE bug 1155988 CVE-2019-11135 CVE-2019-11139 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for xen fixes the following issues: - Update to Xen 4.11.1 bug fix release (bsc#1027519) - CVE-2018-17963: Fixed an integer overflow issue in the QEMU emulator, which could occur when a packet with large packet size is processed. A user inside a guest could have used this flaw to crash the qemu process resulting in a Denial of Service (DoS). (bsc#1111014) - CVE-2018-18849: Fixed an out of bounds memory access in the LSI53C895A SCSI host bus adapter emulation, which allowed a user and/or process to crash the qemu process resulting in a Denial of Service (DoS). (bsc#1114423) - CVE-2018-18883: Fixed an issue related to inproper restriction of nested VT-x, which allowed a guest to cause Xen to crash, resulting in a Denial of Service (DoS). (XSA-278) (bsc#1114405) - CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient TLB flushing with AMD IOMMUs, which potentially allowed a guest to escalate its privileges, may cause a Denial of Service (DoS) affecting the entire host, or may be able to access data it is not supposed to access. (XSA-275) (bsc#1115040) - CVE-2018-19963: Fixed the allocation of pages used to communicate with external emulators, which may have cuased Xen to crash, resulting in a Denial of Service (DoS). (XSA-276) (bsc#1115043) - CVE-2018-19965: Fixed an issue related to the INVPCID instruction in case non-canonical addresses are accessed, which may allow a guest to cause Xen to crash, resulting in a Denial of Service (DoS) affecting the entire host. (XSA-279) (bsc#1115045) - CVE-2018-19966: Fixed an issue related to a previous fix for XSA-240, which conflicted with shadow paging and allowed a guest to cause Xen to crash, resulting in a Denial of Service (DoS) (XSA-280) (bsc#1115047) - CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the host, resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988) - CVE-2018-19964: Fixed the incorrect error handling of p2m page removals, which allowed a guest to cause a deadlock, resulting in a Denial of Service (DoS) affecting the entire host. (XSA-277) (bsc#1115044) - CVE-2018-19665: Fixed an integer overflow resulting in memory corruption in various Bluetooth functions, allowing this to crash qemu process resulting in Denial of Service (DoS). (bsc#1117756). Other bugs fixed: - Fixed an issue related to a domU hang on SLE12-SP3 HV (bsc#1108940) Important SUSE bug 1027519 SUSE bug 1108940 SUSE bug 1111014 SUSE bug 1114405 SUSE bug 1114423 SUSE bug 1114988 SUSE bug 1115040 SUSE bug 1115043 SUSE bug 1115044 SUSE bug 1115045 SUSE bug 1115047 SUSE bug 1117756 CVE-2018-17963 CVE-2018-18849 CVE-2018-18883 CVE-2018-19665 CVE-2018-19961 CVE-2018-19962 CVE-2018-19963 CVE-2018-19964 CVE-2018-19965 CVE-2018-19966 CVE-2018-19967 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for aspell fixes the following issues: - CVE-2019-17544: Fixed a stack-based buffer over-read in acommon:unescape in common/getdata.cpp via an isolated backslash (bsc#1153892). Moderate SUSE bug 1153892 CVE-2019-17544 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for sqlite3 fixes the following issues: - CVE-2017-2518: Fixed a use-after-free vulnerability which could have led to buffer overflow via a crafted SQL statement (bsc#1155787). Important SUSE bug 1155787 CVE-2017-2518 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for cups fixes the following issues: - CVE-2019-8675: Fixed a stack buffer overflow in libcups's asn1_get_type function(bsc#1146358). - CVE-2019-8696: Fixed a stack buffer overflow in libcups's asn1_get_packed function (bsc#1146359). Important SUSE bug 1146358 SUSE bug 1146359 CVE-2019-8675 CVE-2019-8696 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for tiff fixes the following issues: Security issues fixed: - CVE-2019-14973: Fixed an improper check which was depended on the compiler which could have led to integer overflow (bsc#1146608). - CVE-2016-5102: Fixed a buffer overflow in readgifimage() (bsc#983268) - CVE-2018-17000: Fixed a NULL pointer dereference in the _TIFFmemcmp function (bsc#1108606). - CVE-2019-6128: Fixed a memory leak in the TIFFFdOpen function in tif_unix.c (bsc#1121626). - CVE-2019-7663: Fixed an invalid address dereference in the TIFFWriteDirectoryTagTransfer function in libtiff/tif_dirwrite.c (bsc#1125113) Moderate SUSE bug 1108606 SUSE bug 1121626 SUSE bug 1125113 SUSE bug 1146608 SUSE bug 983268 CVE-2016-5102 CVE-2018-17000 CVE-2019-14973 CVE-2019-6128 CVE-2019-7663 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for cpio fixes the following issues: - CVE-2019-14866: Fixed an improper validation of the values written in the header of a TAR file through the to_oct() function which could have led to unexpected TAR generation (bsc#1155199). Moderate SUSE bug 1155199 CVE-2019-14866 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for clamav fixes the following issues: Security issue fixed: - CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and heuristics for zips with overlapping files (bsc#1144504). - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1149458). Non-security issues fixed: - Added the --max-scantime clamscan option and MaxScanTime clamd configuration option (bsc#1144504). - Increased the startup timeout of clamd to 5 minutes to cater for the grown virus database as a workaround until clamd has learned to talk to systemd to extend the timeout as long as needed (bsc#1151839). Moderate SUSE bug 1144504 SUSE bug 1149458 SUSE bug 1151839 CVE-2019-12625 CVE-2019-12900 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for freerdp fixes the following issues: - CVE-2019-17177: Fixed multiple memory leaks in libfreerdp/codec/region.c (bsc#1153163). - CVE-2019-17178: Fixed a memory leak in HuffmanTree_makeFromFrequencies (bsc#1153164). Moderate SUSE bug 1153163 SUSE bug 1153164 CVE-2019-17177 CVE-2019-17178 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for java-1_7_0-openjdk fixes the following issues: Security issues fixed (October 2019 CPU bsc#1154212): - CVE-2019-2933: Windows file handling redux - CVE-2019-2945: Better socket support - CVE-2019-2949: Better Kerberos ccache handling - CVE-2019-2958: Build Better Processes - CVE-2019-2964: Better support for patterns - CVE-2019-2962: Better Glyph Images - CVE-2019-2973: Better pattern compilation - CVE-2019-2978: Improved handling of jar files - CVE-2019-2981: Better Path supports - CVE-2019-2983: Better serial attributes - CVE-2019-2987: Better rendering of native glyphs - CVE-2019-2988: Better Graphics2D drawing - CVE-2019-2989: Improve TLS connection support - CVE-2019-2992: Enhance font glyph mapping - CVE-2019-2999: Commentary on Javadoc comments - CVE-2019-2894: Enhance ECDSA operations (bsc#1152856). Important SUSE bug 1152856 SUSE bug 1154212 CVE-2019-2894 CVE-2019-2933 CVE-2019-2945 CVE-2019-2949 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libxml2 doesn't fix any additional security issues, but correct the rpm changelog to reflect all CVEs that have been fixed over the past. Low SUSE bug 1123919 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libarchive fixes the following issues: Security issues fixed: - CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder (bsc#1120653). - CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder (bsc#1120654). - CVE-2019-1000019: Fixed an Out-Of-Bounds Read vulnerability in 7zip decompression (bsc#1124341). - CVE-2019-1000020: Fixed an Infinite Loop vulnerability in ISO9660 parser (bsc#1124342). - CVE-2019-18408: Fixed a use-after-free in RAR format support (bsc#1155079). Moderate SUSE bug 1032089 SUSE bug 1037008 SUSE bug 1037009 SUSE bug 1059134 SUSE bug 1059139 SUSE bug 1120653 SUSE bug 1120654 SUSE bug 1124341 SUSE bug 1124342 SUSE bug 1155079 CVE-2016-10209 CVE-2016-10349 CVE-2016-10350 CVE-2017-14501 CVE-2017-14502 CVE-2018-1000877 CVE-2018-1000878 CVE-2019-1000019 CVE-2019-1000020 CVE-2019-18408 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for ncurses fixes the following issues: Security issue fixed: - CVE-2018-10754: Fixed a denial of service caused by a NULL Pointer Dereference in the _nc_parse_entry() (bsc#1131830). - CVE-2019-17594: Fixed a heap-based buffer over-read in _nc_find_entry function in tinfo/comp_hash.c (bsc#1154036). - CVE-2019-17595: Fixed a heap-based buffer over-read in fmt_entry function in tinfo/comp_hash.c (bsc#1154037). Bug fixes: - Fixed ppc64le build configuration (bsc#1134550). Moderate SUSE bug 1131830 SUSE bug 1134550 SUSE bug 1154036 SUSE bug 1154037 CVE-2018-10754 CVE-2019-17594 CVE-2019-17595 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libtomcrypt fixes the following issues: - CVE-2019-17362: Fixed an improper detection of invalid UTF-8 sequences that could have led to DoS or information disclosure via crafted DER-encoded data (bsc#1153433). Moderate SUSE bug 1153433 CVE-2019-17362 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for clamav fixes the following issues: - CVE-2019-15961: Fixed a denial of service which might occur when scanning a specially crafted email file as (bsc#1157763). Important SUSE bug 1157763 CVE-2019-15961 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for permissions fixes the following issues: Security issues fixed: - CVE-2019-3688: Changed wrong ownership in /usr/sbin/pinger to root:squid which could have allowed a squid user to gain persistence by changing the binary (bsc#1093414). - CVE-2019-3690: Fixed a privilege escalation through untrusted symbolic links (bsc#1150734). Other issue addressed: - Corrected a badly constracted file which could have allowed treating of the shell environment as permissions files (bsc#1097665,bsc#1047247). - Fixed a regression which caused sagmentation fault (bsc#1157198). Moderate SUSE bug 1047247 SUSE bug 1093414 SUSE bug 1097665 SUSE bug 1150734 SUSE bug 1157198 CVE-2019-3688 CVE-2019-3690 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for strongswan provides the following fixes: Security issues fixed: - CVE-2018-5388: Fixed a buffer underflow which may allow to a remote attacker with local user credentials to resource exhaustion and denial of service while reading from the socket (bsc#1094462). - CVE-2018-10811: Fixed a denial of service during the IKEv2 key derivation if the openssl plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF (bsc#1093536). - CVE-2018-16151,CVE-2018-16152: Fixed multiple flaws in the gmp plugin which might lead to authorization bypass (bsc#1107874). - CVE-2018-17540: Fixed an improper input validation in gmp plugin (bsc#1109845). Other issues addressed: - Fixed some client fails when the scep server URL is used with HTTPS protocol (bsc#1071853). - Reject Diffie-Hellman key exchanges using primes smaller than 1024 bit. - Handle unexpected informational message from SonicWall. (bsc#1009254) Important SUSE bug 1009254 SUSE bug 1071853 SUSE bug 1093536 SUSE bug 1094462 SUSE bug 1107874 SUSE bug 1109845 CVE-2018-10811 CVE-2018-16151 CVE-2018-16152 CVE-2018-17540 CVE-2018-5388 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an arbitrary command execution (bsc#1158095). Important SUSE bug 1158095 CVE-2019-14889 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for xen fixes the following issues: - CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm (bsc#1158003 XSA-307). - CVE-2019-19582: Fixed a potential infinite loop when x86 accesses to bitmaps with a compile time known size of 64 (bsc#1158003 XSA-307). - CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH guest userspace code to crash the guest,leading to a guest denial of service (bsc#1158004 XSA-308). - CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could have caused hypervisor crash resulting in denial of service affecting the entire host (bsc#1158005 XSA-309). - CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest administrator could have been able to escalate their privilege to that of the host (bsc#1158006 XSA-310). - CVE-2019-19577: Fixed an issue where a malicious guest administrator could have caused Xen to access data structures while they are being modified leading to a crash (bsc#1158007 XSA-311). - CVE-2019-19579: Fixed a privilege escaltion where an untrusted domain with access to a physical device can DMA into host memory (bsc#1157888 XSA-306). - CVE-2019-18423: A malicious guest administrator may cause a hypervisor crash, resulting in a Denial of Service (DoS). (bsc#1154460). - CVE-2019-18424: An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. (bsc#1154461). - CVE-2019-18422: A malicious ARM guest might contrive to arrange for critical Xen code to run with interrupts erroneously enabled. This could lead to data corruption, denial of service, or possibly even privilege escalation. However a precise attack technique has not been identified. (bsc#1154464) Important SUSE bug 1154460 SUSE bug 1154461 SUSE bug 1154464 SUSE bug 1157888 SUSE bug 1158003 SUSE bug 1158004 SUSE bug 1158005 SUSE bug 1158006 SUSE bug 1158007 CVE-2019-18422 CVE-2019-18423 CVE-2019-18424 CVE-2019-19577 CVE-2019-19578 CVE-2019-19579 CVE-2019-19580 CVE-2019-19581 CVE-2019-19582 CVE-2019-19583 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for zziplib fixes the following issues: Security issues fixed: - CVE-2018-16548: Avoid a memory leak from __zzip_parse_root_directory() which could lead to denial of service. (bsc#1107424) - CVE-2018-7727: Fixed a memory leak in unzzip_cat() (bsc#1084515). Non-security issue fixed: - Prevented division by zero by first checking if uncompressed size is 0. This may happen with directories which have a compressed and uncompressed size of 0. (bsc#1129403) Moderate SUSE bug 1084515 SUSE bug 1107424 SUSE bug 1129403 CVE-2018-16548 CVE-2018-7727 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for MozillaFirefox fixes the following issues: Mozilla Firefox was updated to 68.3esr (MFSA 2019-37 bsc#1158328) Security issues fixed: - CVE-2019-17008: Fixed a use-after-free in worker destruction (bmo#1546331) - CVE-2019-13722: Fixed a stack corruption due to incorrect number of arguments in WebRTC code (bmo#1580156) - CVE-2019-11745: Fixed an out of bounds write in NSS when encrypting with a block cipher (bmo#1586176) - CVE-2019-17009: Fixed an issue where updater temporary files accessible to unprivileged processes (bmo#1510494) - CVE-2019-17010: Fixed a use-after-free when performing device orientation checks (bmo#1581084) - CVE-2019-17005: Fixed a buffer overflow in plain text serializer (bmo#1584170) - CVE-2019-17011: Fixed a use-after-free when retrieving a document in antitracking (bmo#1591334) - CVE-2019-17012: Fixed multiple memmory issues (bmo#1449736, bmo#1533957, bmo#1560667,bmo#1567209, bmo#1580288, bmo#1585760, bmo#1592502) Important SUSE bug 1158328 CVE-2019-11745 CVE-2019-13722 CVE-2019-17005 CVE-2019-17008 CVE-2019-17009 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for MozillaFirefox fixes the following issues: Security issues fixed: CVE-2018-18500: Fixed a use-after-free parsing HTML5 stream (boo#1122983). CVE-2018-18501: Fixed multiple memory safety bugs (boo#1122983). CVE-2018-18505: Fixed a privilege escalation through IPC channel messages (boo#1122983). Important SUSE bug 1120374 SUSE bug 1122983 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for mariadb to version 10.2.29 fixes the following issues: MariaDB was updated to 10.2.29 (bsc#1156669) Security issues fixed: - CVE-2019-2737: Fixed an issue where could lead a remote attacker to cause denial of service - CVE-2019-2938: Fixed an issue where could lead a remote attacker to cause denial of service - CVE-2019-2740: Fixed an issue where could lead a local attacker to cause denial of service - CVE-2019-2805: Fixed an issue where could lead a local attacker to cause denial of service - CVE-2019-2974: Fixed an issue where could lead a remote attacker to cause denial of service - CVE-2019-2758: Fixed an issue where could lead a local attacker to cause denial of service or data corruption - CVE-2019-2739: Fixed an issue where could lead a local attacker to cause denial of service or data corruption Moderate SUSE bug 1156669 CVE-2019-2737 CVE-2019-2739 CVE-2019-2740 CVE-2019-2758 CVE-2019-2805 CVE-2019-2938 CVE-2019-2974 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for mariadb-100 fixes the following issues: Security issue fixed: - CVE-2019-2974: Fixed Server Optimizer (bsc#1154162). Moderate SUSE bug 1154162 CVE-2019-2974 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-14895: A heap-based buffer overflow was discovered in the Linux kernel in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could have allowed the remote device to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1157158). - CVE-2019-18660: The Linux kernel on powerpc allowed Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c (bnc#1157038). - CVE-2019-18683: An issue was discovered in drivers/media/platform/vivid in the Linux kernel. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free (bnc#1155897). - CVE-2019-18809: A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1156258). - CVE-2019-19062: A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures (bnc#1157333). - CVE-2019-19057: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197). - CVE-2019-19056: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197). - CVE-2019-19068: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157307). - CVE-2019-19063: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157298). - CVE-2019-19227: In the AppleTalk subsystem in the Linux kernel there was a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client (bnc#1157678). - CVE-2019-19065: A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures (bnc#1157191). - CVE-2019-19077: A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering copy to udata failures (bnc#1157171). - CVE-2019-19052: A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157324). - CVE-2019-19067: Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures (bsc#1157180). - CVE-2019-19060: A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157178). - CVE-2019-19049: A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures (bsc#1157173). - CVE-2019-19075: A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures (bnc#1157162). - CVE-2019-19058: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures (bnc#1157145). - CVE-2019-19074: A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157143). - CVE-2019-19073: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function (bnc#1157070). - CVE-2019-15916: An issue was discovered in the Linux kernel There was a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service (bnc#1149448). - CVE-2019-16231: drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150466). - CVE-2019-18805: An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel There was a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact (bnc#1156187). - CVE-2019-17055: base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel did not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket (bnc#1152782). The following non-security bugs were fixed: - ACPI / LPSS: Exclude I2C busses shared with PUNIT from pmc_atom_d3_mask (bsc#1051510). - ACPI / SBS: Fix rare oops when removing modules (bsc#1051510). - ACPICA: Never run _REG on system_memory and system_IO (bsc#1051510). - ACPICA: Use %d for signed int print formatting instead of %u (bsc#1051510). - ALSA: 6fire: Drop the dead code (git-fixes). - ALSA: bebob: fix to detect configured source of sampling clock for Focusrite Saffire Pro i/o series (git-fixes). - ALSA: cs4236: fix error return comparison of an unsigned integer (git-fixes). - ALSA: firewire-motu: Correct a typo in the clock proc string (git-fixes). - ALSA: hda - Add mute led support for HP ProBook 645 G4 (git-fixes). - ALSA: hda - Fix pending unsol events at shutdown (git-fixes). - ALSA: hda/ca0132 - Fix possible workqueue stall (bsc#1155836). - ALSA: hda/intel: add CometLake PCI IDs (bsc#1156729). - ALSA: hda/realtek - Move some alc236 pintbls to fallback table (git-fixes). - ALSA: hda/realtek - Move some alc256 pintbls to fallback table (git-fixes). - ALSA: hda: Add Cometlake-S PCI ID (git-fixes). - ALSA: i2c/cs8427: Fix int to char conversion (bsc#1051510). - ALSA: intel8x0m: Register irq handler after register initializations (bsc#1051510). - ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed() (git-fixes). - ALSA: pcm: signedness bug in snd_pcm_plug_alloc() (bsc#1051510). - ALSA: seq: Do error checks at creating system ports (bsc#1051510). - ALSA: timer: Fix incorrectly assigned timer instance (git-fixes). - ALSA: usb-audio: Fix Focusrite Scarlett 6i6 gen1 - input handling (git-fixes). - ALSA: usb-audio: Fix missing error check at mixer resolution test (git-fixes). - ALSA: usb-audio: not submit urb for stopped endpoint (git-fixes). - ASoC: Intel: hdac_hdmi: Limit sampling rates at dai creation (bsc#1051510). - ASoC: davinci-mcasp: Handle return value of devm_kasprintf (stable 4.14.y). - ASoC: davinci: Kill BUG_ON() usage (stable 4.14.y). - ASoC: dpcm: Properly initialise hw->rate_max (bsc#1051510). - ASoC: kirkwood: fix external clock probe defer (git-fixes). - ASoC: msm8916-wcd-analog: Fix RX1 selection in RDAC2 MUX (git-fixes). - ASoC: sgtl5000: avoid division by zero if lo_vag is zero (bsc#1051510). - ASoC: tegra_sgtl5000: fix device_node refcounting (bsc#1051510). - ASoC: tlv320aic31xx: Handle inverted BCLK in non-DSP modes (stable 4.14.y). - ASoC: tlv320dac31xx: mark expected switch fall-through (stable 4.14.y). - Bluetooth: Fix invalid-free in bcsp_close() (git-fixes). - Bluetooth: Fix memory leak in hci_connect_le_scan (bsc#1051510). - Bluetooth: L2CAP: Detect if remote is not able to use the whole MPS (bsc#1051510). - Bluetooth: btusb: fix PM leak in error case of setup (bsc#1051510). - Bluetooth: delete a stray unlock (bsc#1051510). - Bluetooth: hci_core: fix init for HCI_USER_CHANNEL (bsc#1051510). - Btrfs: fix log context list corruption after rename exchange operation (bsc#1156494). - CIFS: Fix SMB2 oplock break processing (bsc#1144333, bsc#1154355). - CIFS: Fix oplock handling for SMB 2.1+ protocols (bsc#1144333, bsc#1154355). - CIFS: Fix retry mid list corruption on reconnects (bsc#1144333, bsc#1154355). - CIFS: Fix use after free of file info structures (bsc#1144333, bsc#1154355). - CIFS: Force reval dentry if LOOKUP_REVAL flag is set (bsc#1144333, bsc#1154355). - CIFS: Force revalidate inode when dentry is stale (bsc#1144333, bsc#1154355). - CIFS: Gracefully handle QueryInfo errors during open (bsc#1144333, bsc#1154355). - CIFS: avoid using MID 0xFFFF (bsc#1144333, bsc#1154355). - CIFS: fix max ea value size (bsc#1144333, bsc#1154355). - Documentation: debugfs: Document debugfs helper for unsigned long values (git-fixes). - Documentation: x86: convert protection-keys.txt to reST (bsc#1078248). - EDAC/ghes: Fix Use after free in ghes_edac remove path (bsc#1114279). - HID: Add ASUS T100CHI keyboard dock battery quirks (bsc#1051510). - HID: Add quirk for Microsoft PIXART OEM mouse (bsc#1051510). - HID: Fix assumption that devices have inputs (git-fixes). - HID: asus: Add T100CHI bluetooth keyboard dock special keys mapping (bsc#1051510). - HID: wacom: generic: Treat serial number and related fields as unsigned (git-fixes). - Input: ff-memless - kill timer in destroy() (bsc#1051510). - Input: silead - try firmware reload after unsuccessful resume (bsc#1051510). - Input: st1232 - set INPUT_PROP_DIRECT property (bsc#1051510). - Input: synaptics-rmi4 - clear IRQ enables for F54 (bsc#1051510). - Input: synaptics-rmi4 - destroy F54 poller workqueue when removing (bsc#1051510). - Input: synaptics-rmi4 - disable the relative position IRQ in the F12 driver (bsc#1051510). - Input: synaptics-rmi4 - do not consume more data than we have (F11, F12) (bsc#1051510). - Input: synaptics-rmi4 - fix video buffer size (git-fixes). - KVM: VMX: Consider PID.PIR to determine if vCPU has pending interrupts (bsc#1158064). - KVM: VMX: Fix conditions for guest IA32_XSS support (bsc#1158065). - KVM: x86/mmu: Take slots_lock when using kvm_mmu_zap_all_fast() (bsc#1158067). - KVM: x86: Introduce vcpu->arch.xsaves_enabled (bsc#1158066). - NFC: nxp-nci: Fix NULL pointer dereference after I2C communication error (git-fixes). - PCI/ACPI: Correct error message for ASPM disabling (bsc#1051510). - PCI/PME: Fix possible use-after-free on remove (git-fixes). - PCI: sysfs: Ignore lockdep for remove attribute (git-fixes). - PM / devfreq: Check NULL governor in available_governors_show (git-fixes). - PM / devfreq: Lock devfreq in trans_stat_show (git-fixes). - PM / devfreq: exynos-bus: Correct clock enable sequence (bsc#1051510). - PM / devfreq: passive: Use non-devm notifiers (bsc#1051510). - PM / devfreq: passive: fix compiler warning (bsc#1051510). - PM / hibernate: Check the success of generating md5 digest before hibernation (bsc#1051510). - README.BRANCH: Add Denis as branch maintainer - Revert synaptics-rmi4 patch due to regression (bsc#1155982) Also blacklisting it - UAS: Revert commit 3ae62a42090f ('UAS: fix alignment of scatter/gather segments'). - USB: chaoskey: fix error case of a timeout (git-fixes). - USB: gadget: Reject endpoints with 0 maxpacket value (bsc#1051510). - USB: ldusb: fix control-message timeout (bsc#1051510). - USB: ldusb: fix ring-buffer locking (bsc#1051510). - USB: serial: mos7720: fix remote wakeup (git-fixes). - USB: serial: mos7840: add USB ID to support Moxa UPort 2210 (bsc#1051510). - USB: serial: mos7840: fix remote wakeup (git-fixes). - USB: serial: option: add support for DW5821e with eSIM support (bsc#1051510). - USB: serial: option: add support for Foxconn T77W968 LTE modules (bsc#1051510). - USB: serial: whiteheat: fix line-speed endianness (bsc#1051510). - USB: serial: whiteheat: fix potential slab corruption (bsc#1051510). - USBIP: add config dependency for SGL_ALLOC (git-fixes). - appledisplay: fix error handling in the scheduled work (git-fixes). - arm64: Update config files. (bsc#1156466) Enable HW_RANDOM_OMAP driver and mark driver omap-rng as supported. - ata: ep93xx: Use proper enums for directions (bsc#1051510). - ath10k: fix kernel panic by moving pci flush after napi_disable (bsc#1051510). - ath10k: fix vdev-start timeout on error (bsc#1051510). - ath10k: limit available channels via DT ieee80211-freq-limit (bsc#1051510). - ath10k: wmi: disable softirq's while calling ieee80211_rx (bsc#1051510). - ath9k: Fix a locking bug in ath9k_add_interface() (bsc#1051510). - ath9k: add back support for using active monitor interfaces for tx99 (bsc#1051510). - ath9k: fix reporting calculated new FFT upper max (bsc#1051510). - ath9k: fix tx99 with monitor mode interface (bsc#1051510). - ath9k_hw: fix uninitialized variable data (bsc#1051510). - ax88172a: fix information leak on short answers (bsc#1051510). - backlight: lm3639: Unconditionally call led_classdev_unregister (bsc#1051510). - brcmfmac: fix full timeout waiting for action frame on-channel tx (bsc#1051510). - brcmfmac: reduce timeout for action frame scan (bsc#1051510). - brcmsmac: AP mode: update beacon when TIM changes (bsc#1051510). - brcmsmac: never log 'tid x is not agg'able' by default (bsc#1051510). - can: c_can: c_can_poll(): only read status register after status IRQ (git-fixes). - can: dev: call netif_carrier_off() in register_candev() (bsc#1051510). - can: mcba_usb: fix use-after-free on disconnect (git-fixes). - can: peak_usb: fix a potential out-of-sync while decoding packets (git-fixes). - can: peak_usb: fix slab info leak (git-fixes). - can: rx-offload: can_rx_offload_offload_one(): do not increase the skb_queue beyond skb_queue_len_max (git-fixes). - can: rx-offload: can_rx_offload_queue_sorted(): fix error handling, avoid skb mem leak (git-fixes). - can: rx-offload: can_rx_offload_queue_tail(): fix error handling, avoid skb mem leak (git-fixes). - can: usb_8dev: fix use-after-free on disconnect (git-fixes). - ceph: add missing check in d_revalidate snapdir handling (bsc#1157183). - ceph: do not try to handle hashed dentries in non-O_CREAT atomic_open (bsc#1157184). - ceph: fix use-after-free in __ceph_remove_cap() (bsc#1154058). - ceph: just skip unrecognized info in ceph_reply_info_extra (bsc#1157182). - cfg80211: Avoid regulatory restore when COUNTRY_IE_IGNORE is set (bsc#1051510). - cfg80211: Prevent regulatory restore during STA disconnect in concurrent interfaces (bsc#1051510). - cfg80211: call disconnect_wk when AP stops (bsc#1051510). - cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (bsc#1144333, bsc#1154355). - cifs: Fix missed free operations (bsc#1144333, bsc#1154355). - cifs: Use kzfree() to zero out the password (bsc#1144333, bsc#1154355). - cifs: add a helper to find an existing readable handle to a file (bsc#1144333, bsc#1154355). - cifs: create a helper to find a writeable handle by path name (bsc#1144333, bsc#1154355). - cifs: move cifsFileInfo_put logic into a work-queue (bsc#1144333, bsc#1154355). - cifs: prepare SMB2_Flush to be usable in compounds (bsc#1144333, bsc#1154355). - cifs: set domainName when a domain-key is used in multiuser (bsc#1144333, bsc#1154355). - cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic (bsc#1144333, bsc#1154355). - cifs: use existing handle for compound_op(OP_SET_INFO) when possible (bsc#1144333, bsc#1154355). - clk: at91: avoid sleeping early (git-fixes). - clk: pxa: fix one of the pxa RTC clocks (bsc#1051510). - clk: samsung: Use clk_hw API for calling clk framework from clk notifiers (bsc#1051510). - clk: samsung: exynos5420: Preserve CPU clocks configuration during suspend/resume (bsc#1051510). - clk: samsung: exynos5420: Preserve PLL configuration during suspend/resume (git-fixes). - clk: sunxi-ng: a80: fix the zero'ing of bits 16 and 18 (git-fixes). - clocksource/drivers/sh_cmt: Fix clocksource width for 32-bit machines (bsc#1051510). - clocksource/drivers/sh_cmt: Fixup for 64-bit machines (bsc#1051510). - component: fix loop condition to call unbind() if bind() fails (bsc#1051510). - cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init() (bsc#1051510). - cpufreq: Skip cpufreq resume if it's not suspended (bsc#1051510). - cpufreq: intel_pstate: Register when ACPI PCCH is present (bsc#1051510). - cpufreq: powernv: fix stack bloat and hard limit on number of CPUs (bsc#1051510). - cpufreq: ti-cpufreq: add missing of_node_put() (bsc#1051510). - cpupower : Fix cpupower working when cpu0 is offline (bsc#1051510). - cpupower : frequency-set -r option misses the last cpu in related cpu list (bsc#1051510). - cpupower: Fix coredump on VMWare (bsc#1051510). - crypto: af_alg - cast ki_complete ternary op to int (bsc#1051510). - crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr (bsc#1051510). - crypto: ecdh - fix big endian bug in ECC library (bsc#1051510). - crypto: fix a memory leak in rsa-kcs1pad's encryption mode (bsc#1051510). - crypto: geode-aes - switch to skcipher for cbc(aes) fallback (bsc#1051510). - crypto: mxs-dcp - Fix AES issues (bsc#1051510). - crypto: mxs-dcp - Fix SHA null hashes and output length (bsc#1051510). - crypto: mxs-dcp - make symbols 'sha1_null_hash' and 'sha256_null_hash' static (bsc#1051510). - crypto: s5p-sss: Fix Fix argument list alignment (bsc#1051510). - crypto: tgr192 - remove unneeded semicolon (bsc#1051510). - cw1200: Fix a signedness bug in cw1200_load_firmware() (bsc#1051510). - cxgb4: fix panic when attaching to ULD fail (networking-stable-19_11_05). - dccp: do not leak jiffies on the wire (networking-stable-19_11_05). - dlm: do not leak kernel pointer to userspace (bsc#1051510). - dlm: fix invalid free (bsc#1051510). - dmaengine: bcm2835: Print error in case setting DMA mask fails (bsc#1051510). - dmaengine: dma-jz4780: Do not depend on MACH_JZ4780 (bsc#1051510). - dmaengine: dma-jz4780: Further residue status fix (bsc#1051510). - dmaengine: ep93xx: Return proper enum in ep93xx_dma_chan_direction (bsc#1051510). - dmaengine: imx-sdma: fix size check for sdma script_number (bsc#1051510). - dmaengine: imx-sdma: fix use-after-free on probe error path (bsc#1051510). - dmaengine: rcar-dmac: set scatter/gather max segment size (bsc#1051510). - dmaengine: timb_dma: Use proper enum in td_prep_slave_sg (bsc#1051510). - docs: move protection-keys.rst to the core-api book (bsc#1078248). - drm/etnaviv: fix dumping of iommuv2 (bsc#1113722) - drm/omap: fix max fclk divider for omap36xx (bsc#1113722) - drm/radeon: fix bad DMA from INTERRUPT_CNTL2 (git-fixes). - drm/radeon: fix si_enable_smc_cac() failed issue (bsc#1113722) - e1000e: Drop unnecessary __E1000_DOWN bit twiddling (bsc#1158049). - e1000e: Use dev_get_drvdata where possible (bsc#1158049). - e1000e: Use rtnl_lock to prevent race conditions between net and pci/pm (bsc#1158049). - extcon: cht-wc: Return from default case to avoid warnings (bsc#1051510). - fbdev: sbuslib: integer overflow in sbusfb_ioctl_helper() (bsc#1051510). - fbdev: sbuslib: use checked version of put_user() (bsc#1051510). - gpio: mpc8xxx: Do not overwrite default irq_set_type callback (bsc#1051510). - gpio: syscon: Fix possible NULL ptr usage (bsc#1051510). - gpiolib: acpi: Add Terra Pad 1061 to the run_edge_events_on_boot_blacklist (bsc#1051510). - gsmi: Fix bug in append_to_eventlog sysfs handler (bsc#1051510). - hwmon: (ina3221) Fix INA3221_CONFIG_MODE macros (bsc#1051510). - hwmon: (pwm-fan) Silence error on probe deferral (bsc#1051510). - hwrng: omap - Fix RNG wait loop timeout (bsc#1051510). - hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if not idled (bsc#1051510). - hypfs: Fix error number left in struct pointer member (bsc#1051510). - ibmvnic: Bound waits for device queries (bsc#1155689 ltc#182047). - ibmvnic: Fix completion structure initialization (bsc#1155689 ltc#182047). - ibmvnic: Serialize device queries (bsc#1155689 ltc#182047). - ibmvnic: Terminate waiting device threads after loss of service (bsc#1155689 ltc#182047). - iio: adc: max9611: explicitly cast gain_selectors (bsc#1051510). - iio: adc: stm32-adc: fix stopping dma (git-fixes). - iio: dac: mcp4922: fix error handling in mcp4922_write_raw (bsc#1051510). - iio: imu: adis16480: assign bias value only if operation succeeded (git-fixes). - iio: imu: adis16480: make sure provided frequency is positive (git-fixes). - iio: imu: adis: assign read val in debugfs hook only if op successful (git-fixes). - iio: imu: adis: assign value only if return code zero in read funcs (git-fixes). - include/linux/bitrev.h: fix constant bitrev (bsc#1114279). - inet: stop leaking jiffies on the wire (networking-stable-19_11_05). - intel_th: Fix a double put_device() in error path (git-fixes). - iommu/vt-d: Fix QI_DEV_IOTLB_PFSID and QI_DEV_EIOTLB_PFSID macros (bsc#1158063). - ipmi:dmi: Ignore IPMI SMBIOS entries with a zero base address (bsc#1051510). - ipv4: Return -ENETUNREACH if we can't create route but saddr is valid (networking-stable-19_10_24). - iwlwifi: api: annotate compressed BA notif array sizes (bsc#1051510). - iwlwifi: check kasprintf() return value (bsc#1051510). - iwlwifi: do not panic in error path on non-msix systems (bsc#1155692). - iwlwifi: exclude GEO SAR support for 3168 (git-fixes). - iwlwifi: mvm: avoid sending too many BARs (bsc#1051510). - iwlwifi: mvm: do not send keys when entering D3 (bsc#1051510). - kABI workaround for ath10k last_wmi_vdev_start_status field (bsc#1051510). - kABI workaround for struct mwifiex_power_cfg change (bsc#1051510). - kABI: Fix for 'KVM: x86: Introduce vcpu->arch.xsaves_enabled' (bsc#1158066). - lib/scatterlist: Fix chaining support in sgl_alloc_order() (git-fixes). - lib/scatterlist: Introduce sgl_alloc() and sgl_free() (git-fixes). - liquidio: fix race condition in instruction completion processing (bsc#1051510). - loop: add ioctl for changing logical block size (bsc#1108043). - mISDN: Fix type of switch control variable in ctrl_teimanager (bsc#1051510). - mac80211: consider QoS Null frames for STA_NULLFUNC_ACKED (bsc#1051510). - mac80211: minstrel: fix CCK rate group streams value (bsc#1051510). - mac80211: minstrel: fix sampling/reporting of CCK rates in HT mode (bsc#1051510). - macvlan: schedule bc_work even if error (bsc#1051510). - mailbox: reset txdone_method TXDONE_BY_POLL if client knows_txdone (git-fixes). - media: au0828: Fix incorrect error messages (bsc#1051510). - media: bdisp: fix memleak on release (git-fixes). - media: cxusb: detect cxusb_ctrl_msg error in query (bsc#1051510). - media: davinci: Fix implicit enum conversion warning (bsc#1051510). - media: exynos4-is: Fix recursive locking in isp_video_release() (git-fixes). - media: fix: media: pci: meye: validate offset to avoid arbitrary access (bsc#1051510). - media: flexcop-usb: ensure -EIO is returned on error condition (git-fixes). - media: imon: invalid dereference in imon_touch_event (bsc#1051510). - media: isif: fix a NULL pointer dereference bug (bsc#1051510). - media: pci: ivtv: Fix a sleep-in-atomic-context bug in ivtv_yuv_init() (bsc#1051510). - media: pxa_camera: Fix check for pdev->dev.of_node (bsc#1051510). - media: radio: wl1273: fix interrupt masking on release (git-fixes). - media: ti-vpe: vpe: Fix Motion Vector vpdma stride (git-fixes). - media: usbvision: Fix races among open, close, and disconnect (bsc#1051510). - media: vim2m: Fix abort issue (git-fixes). - media: vivid: Set vid_cap_streaming and vid_out_streaming to true (bsc#1051510). - mei: fix modalias documentation (git-fixes). - mei: samples: fix a signedness bug in amt_host_if_call() (bsc#1051510). - mfd: intel-lpss: Add default I2C device properties for Gemini Lake (bsc#1051510). - mfd: max8997: Enale irq-wakeup unconditionally (bsc#1051510). - mfd: mc13xxx-core: Fix PMIC shutdown when reading ADC values (bsc#1051510). - mfd: palmas: Assign the right powerhold mask for tps65917 (git-fixes). - mfd: ti_am335x_tscadc: Keep ADC interface on if child is wakeup capable (bsc#1051510). - mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d() (git fixes (mm/gup)). - mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new zone (git fixes (mm/compaction)). - mm/debug.c: PageAnon() is true for PageKsm() pages (git fixes (mm/debug)). - mmc: core: fix wl1251 sdio quirks (git-fixes). - mmc: host: omap_hsmmc: add code for special init of wl1251 to get rid of pandora_wl1251_init_card (git-fixes). - mmc: mediatek: fix cannot receive new request when msdc_cmd_is_ready fail (bsc#1051510). - mmc: sdhci-esdhc-imx: correct the fix of ERR004536 (git-fixes). - mmc: sdhci-of-at91: fix quirk2 overwrite (git-fixes). - mmc: sdio: fix wl1251 vendor id (git-fixes). - mt7601u: fix bbp version check in mt7601u_wait_bbp_ready (bsc#1051510). - mtd: nand: mtk: fix incorrect register setting order about ecc irq. - mtd: spear_smi: Fix Write Burst mode (bsc#1051510). - mtd: spi-nor: fix silent truncation in spi_nor_read() (bsc#1051510). - mwifiex: Fix NL80211_TX_POWER_LIMITED (bsc#1051510). - net/ibmvnic: Ignore H_FUNCTION return from H_EOI to tolerate XIVE mode (bsc#1089644, ltc#166495, ltc#165544, git-fixes). - net/mlx4_core: Dynamically set guaranteed amount of counters per VF (networking-stable-19_11_05). - net/mlx5e: Fix handling of compressed CQEs in case of low NAPI budget (networking-stable-19_11_05). - net/smc: Fix error path in smc_init (git-fixes). - net/smc: avoid fallback in case of non-blocking connect (git-fixes). - net/smc: fix closing of fallback SMC sockets (git-fixes). - net/smc: fix ethernet interface refcounting (git-fixes). - net/smc: fix refcounting for non-blocking connect() (git-fixes). - net/smc: keep vlan_id for SMC-R in smc_listen_work() (git-fixes). - net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol() (networking-stable-19_11_05). - net: add READ_ONCE() annotation in __skb_wait_for_more_packets() (networking-stable-19_11_05). - net: add skb_queue_empty_lockless() (networking-stable-19_11_05). - net: annotate accesses to sk->sk_incoming_cpu (networking-stable-19_11_05). - net: annotate lockless accesses to sk->sk_napi_id (networking-stable-19_11_05). - net: avoid potential infinite loop in tc_ctl_action() (networking-stable-19_10_24). - net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3 (networking-stable-19_10_24). - net: bcmgenet: Set phydev->dev_flags only for internal PHYs (networking-stable-19_10_24). - net: bcmgenet: reset 40nm EPHY on energy detect (networking-stable-19_11_05). - net: dsa: b53: Do not clear existing mirrored port mask (networking-stable-19_11_05). - net: dsa: bcm_sf2: Fix IMP setup for port different than 8 (networking-stable-19_11_05). - net: dsa: fix switch tree list (networking-stable-19_11_05). - net: ethernet: ftgmac100: Fix DMA coherency issue with SW checksum (networking-stable-19_11_05). - net: fix sk_page_frag() recursion from memory reclaim (networking-stable-19_11_05). - net: hisilicon: Fix ping latency when deal with high throughput (networking-stable-19_11_05). - net: stmmac: disable/enable ptp_ref_clk in suspend/resume flow (networking-stable-19_10_24). - net: use skb_queue_empty_lockless() in busy poll contexts (networking-stable-19_11_05). - net: use skb_queue_empty_lockless() in poll() handlers (networking-stable-19_11_05). - net: wireless: ti: remove local VENDOR_ID and DEVICE_ID definitions (git-fixes). - net: wireless: ti: wl1251 use new SDIO_VENDOR_ID_TI_WL1251 definition (git-fixes). - netns: fix GFP flags in rtnl_net_notifyid() (networking-stable-19_11_05). - nfc: netlink: fix double device reference drop (git-fixes). - nfc: port100: handle command failure cleanly (git-fixes). - nl80211: Fix a GET_KEY reply attribute (bsc#1051510). - openvswitch: fix flow command message size (git-fixes). - padata: use smp_mb in padata_reorder to avoid orphaned padata jobs (git-fixes). - phy: phy-twl4030-usb: fix denied runtime access (git-fixes). - pinctl: ti: iodelay: fix error checking on pinctrl_count_index_with_args call (git-fixes). - pinctrl: at91: do not use the same irqchip with multiple gpiochips (git-fixes). - pinctrl: cherryview: Allocate IRQ chip dynamic (git-fixes). - pinctrl: lewisburg: Update pin list according to v1.1v6 (bsc#1051510). - pinctrl: lpc18xx: Use define directive for PIN_CONFIG_GPIO_PIN_INT (bsc#1051510). - pinctrl: qcom: spmi-gpio: fix gpio-hog related boot issues (bsc#1051510). - pinctrl: samsung: Fix device node refcount leaks in S3C24xx wakeup controller init (bsc#1051510). - pinctrl: samsung: Fix device node refcount leaks in S3C64xx wakeup controller init (bsc#1051510). - pinctrl: samsung: Fix device node refcount leaks in init code (bsc#1051510). - pinctrl: sunxi: Fix a memory leak in 'sunxi_pinctrl_build_state()' (bsc#1051510). - pinctrl: zynq: Use define directive for PIN_CONFIG_IO_STANDARD (bsc#1051510). - power: reset: at91-poweroff: do not procede if at91_shdwc is allocated (bsc#1051510). - power: supply: ab8500_fg: silence uninitialized variable warnings (bsc#1051510). - power: supply: max14656: fix potential use-after-free (bsc#1051510). - power: supply: twl4030_charger: disable eoc interrupt on linear charge (bsc#1051510). - power: supply: twl4030_charger: fix charging current out-of-bounds (bsc#1051510). - powerpc/64: Make meltdown reporting Book3S 64 specific (bsc#1091041). - powerpc/book3s64/hash: Use secondary hash for bolted mapping if the primary is full (bsc#1157778 ltc#182520). - powerpc/bpf: Fix tail call implementation (bsc#1157698). - powerpc/pseries: Do not fail hash page table insert for bolted mapping (bsc#1157778 ltc#182520). - powerpc/pseries: Do not opencode HPTE_V_BOLTED (bsc#1157778 ltc#182520). - powerpc/pseries: address checkpatch warnings in dlpar_offline_cpu (bsc#1156700 ltc#182459). - powerpc/pseries: safely roll back failed DLPAR cpu add (bsc#1156700 ltc#182459). - powerpc/security/book3s64: Report L1TF status in sysfs (bsc#1091041). - powerpc/security: Fix wrong message when RFI Flush is disable (bsc#1131107). - powerpc/xive: Prevent page fault issues in the machine crash handler (bsc#1156882 ltc#182435). - ppdev: fix PPGETTIME/PPSETTIME ioctls (bsc#1051510). - pwm: bcm-iproc: Prevent unloading the driver module while in use (git-fixes). - pwm: lpss: Only set update bit if we are actually changing the settings (bsc#1051510). - r8152: add device id for Lenovo ThinkPad USB-C Dock Gen 2 (networking-stable-19_11_05). - regulator: ab8500: Remove AB8505 USB regulator (bsc#1051510). - regulator: ab8500: Remove SYSCLKREQ from enum ab8505_regulator_id (bsc#1051510). - remoteproc: Check for NULL firmwares in sysfs interface (git-fixes). - reset: Fix potential use-after-free in __of_reset_control_get() (bsc#1051510). - reset: fix of_reset_simple_xlate kerneldoc comment (bsc#1051510). - reset: fix reset_control_get_exclusive kerneldoc comment (bsc#1051510). - rpm/kernel-binary.spec.in: add COMPRESS_VMLINUX (bnc#1155921) Let COMPRESS_VMLINUX determine the compression used for vmlinux. By default (historically), it is gz. - rpm/kernel-source.spec.in: Fix dependency of kernel-devel (bsc#1154043) - rtl8187: Fix warning generated when strncpy() destination length matches the sixe argument (bsc#1051510). - rtlwifi: Remove unnecessary NULL check in rtl_regd_init (bsc#1051510). - rtlwifi: rtl8192de: Fix misleading REG_MCUFWDL information (bsc#1051510). - rtlwifi: rtl8192de: Fix missing code to retrieve RX buffer address (bsc#1051510). - rtlwifi: rtl8192de: Fix missing enable interrupt flag (bsc#1051510). - s390/bpf: fix lcgr instruction encoding (bsc#1051510). - s390/bpf: use 32-bit index for tail calls (bsc#1051510). - s390/cio: avoid calling strlen on null pointer (bsc#1051510). - s390/cio: exclude subchannels with no parent from pseudo check (bsc#1051510). - s390/cmm: fix information leak in cmm_timeout_handler() (bsc#1051510). - s390/cpumsf: Check for CPU Measurement sampling (bsc#1153681 LTC#181855). - s390/idle: fix cpu idle time calculation (bsc#1051510). - s390/process: avoid potential reading of freed stack (bsc#1051510). - s390/qdio: (re-)initialize tiqdio list entries (bsc#1051510). - s390/qdio: do not touch the dsci in tiqdio_add_input_queues() (bsc#1051510). - s390/qeth: return proper errno on IO error (bsc#1051510). - s390/setup: fix boot crash for machine without EDAT-1 (bsc#1051510 bsc#1140948). - s390/setup: fix early warning messages (bsc#1051510 bsc#1140948). - s390/topology: avoid firing events before kobjs are created (bsc#1051510). - s390: fix stfle zero padding (bsc#1051510). - sc16is7xx: Fix for 'Unexpected interrupt: 8' (bsc#1051510). - scsi: lpfc: Fix Oops in nvme_register with target logout/login (bsc#1151900). - scsi: lpfc: Honor module parameter lpfc_use_adisc (bsc#1153628). - scsi: lpfc: Limit xri count for kdump environment (bsc#1154124). - scsi: qla2xxx: Add debug dump of LOGO payload and ELS IOCB (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Allow PLOGI in target mode (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Change discovery state before PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Configure local loop for N2N target (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Do command completion on abort timeout (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Do not call qlt_async_event twice (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Do not defer relogin unconditonally (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Drop superfluous INIT_WORK of del_work (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Fix PLOGI payload and ELS IOCB dump length (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Fix SRB leak on switch command timeout (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix a dma_pool_free() call (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix device connect issues in P2P configuration (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix double scsi_done for abort path (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix driver unload hang (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix memory leak when sending I/O fails (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix qla2x00_request_irqs() for MSI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Ignore NULL pointer in tcm_qla2xxx_free_mcmd (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Ignore PORT UPDATE after N2N PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Initialize free_work before flushing it (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Remove an include directive (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Retry PLOGI on FC-NVMe PRLI failure (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Send Notify ACK after N2N PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Update driver version to 10.01.00.21-k (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Use explicit LOGO in target mode (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: do not use zero for FC4_PRIORITY_NVME (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: fix rports not being mark as lost in sync fabric scan (bsc#1138039). - scsi: qla2xxx: initialize fc4_type_priority (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: unregister ports after GPN_FT failure (bsc#1138039). - scsi: sd: Ignore a failure to sync cache due to lack of authorization (git-fixes). - scsi: storvsc: Add ability to change scsi queue depth (bsc#1155021). - scsi: zfcp: fix reaction on bit error threshold notification (bsc#1154956 LTC#182054). - scsi: zfcp: fix request object use-after-free in send path causing wrong traces (bsc#1051510). - sctp: change sctp_prot .no_autobind with true (networking-stable-19_10_24). - sctp: Fixed a regression (bsc#1158082). - selftests: net: reuseport_dualstack: fix uninitalized parameter (networking-stable-19_11_05). - serial: fix kernel-doc warning in comments (bsc#1051510). - serial: mctrl_gpio: Check for NULL pointer (bsc#1051510). - serial: mxs-auart: Fix potential infinite loop (bsc#1051510). - serial: samsung: Enable baud clock for UART reset procedure in resume (bsc#1051510). - serial: uartlite: fix exit path null pointer (bsc#1051510). - serial: uartps: Fix suspend functionality (bsc#1051510). - signal: Properly set TRACE_SIGNAL_LOSE_INFO in __send_signal (bsc#1157463). - slcan: Fix memory leak in error path (bsc#1051510). - slip: Fix memory leak in slip_open error path (bsc#1051510). - slip: Fix use-after-free Read in slip_open (bsc#1051510). - smb3: Incorrect size for netname negotiate context (bsc#1144333, bsc#1154355). - smb3: fix leak in 'open on server' perf counter (bsc#1144333, bsc#1154355). - smb3: fix signing verification of large reads (bsc#1144333, bsc#1154355). - smb3: fix unmount hang in open_shroot (bsc#1144333, bsc#1154355). - smb3: improve handling of share deleted (and share recreated) (bsc#1144333, bsc#1154355). - soc: imx: gpc: fix PDN delay (bsc#1051510). - soc: qcom: wcnss_ctrl: Avoid string overflow (bsc#1051510). - spi: atmel: Fix CS high support (bsc#1051510). - spi: atmel: fix handling of cs_change set on non-last xfer (bsc#1051510). - spi: fsl-lpspi: Prevent FIFO under/overrun by default (bsc#1051510). - spi: mediatek: Do not modify spi_transfer when transfer (bsc#1051510). - spi: mediatek: use correct mata->xfer_len when in fifo transfer (bsc#1051510). - spi: pic32: Use proper enum in dmaengine_prep_slave_rg (bsc#1051510). - spi: rockchip: initialize dma_slave_config properly (bsc#1051510). - spi: spidev: Fix OF tree warning logic (bsc#1051510). - staging: rtl8188eu: fix null dereference when kzalloc fails (bsc#1051510). - thunderbolt: Fix lockdep circular locking depedency warning (git-fixes). - tpm: add check after commands attribs tab allocation (bsc#1051510). - tracing: Get trace_array reference for available_tracers files (bsc#1156429). - udp: use skb_queue_empty_lockless() (networking-stable-19_11_05). - usb-serial: cp201x: support Mark-10 digital force gauge (bsc#1051510). - usb-storage: Revert commit 747668dbc061 ('usb-storage: Set virt_boundary_mask to avoid SG overflows') (bsc#1051510). - usb: chipidea: Fix otg event handler (bsc#1051510). - usb: chipidea: imx: enable OTG overcurrent in case USB subsystem is already started (bsc#1051510). - usb: dwc3: gadget: Check ENBLSLPM before sending ep command (bsc#1051510). - usb: gadget: udc: atmel: Fix interrupt storm in FIFO mode (bsc#1051510). - usb: gadget: udc: fotg210-udc: Fix a sleep-in-atomic-context bug in fotg210_get_status() (bsc#1051510). - usb: gadget: uvc: Factor out video USB request queueing (bsc#1051510). - usb: gadget: uvc: Only halt video streaming endpoint in bulk mode (bsc#1051510). - usb: gadget: uvc: configfs: Drop leaked references to config items (bsc#1051510). - usb: gadget: uvc: configfs: Prevent format changes after linking header (bsc#1051510). - usb: handle warm-reset port requests on hub resume (bsc#1051510). - usb: xhci-mtk: fix ISOC error when interval is zero (bsc#1051510). - usbip: Fix free of unallocated memory in vhci tx (git-fixes). - usbip: Fix vhci_urb_enqueue() URB null transfer buffer error path (git-fixes). - usbip: Implement SG support to vhci-hcd and stub driver (git-fixes). - usbip: tools: fix fd leakage in the function of read_attr_usbip_status (git-fixes). - vfio-ccw: Fix misleading comment when setting orb.cmd.c64 (bsc#1051510). - vfio-ccw: Set pa_nr to 0 if memory allocation fails for pa_iova_pfn (bsc#1051510). - vfio: ccw: push down unsupported IDA check (bsc#1156471 LTC#182362). - video/hdmi: Fix AVI bar unpack (git-fixes). - virtio/s390: fix race on airq_areas (bsc#1051510). - virtio_console: allocate inbufs in add_port() only if it is needed (git-fixes). - virtio_ring: fix return code on DMA mapping fails (git-fixes). - vmxnet3: turn off lro when rxcsum is disabled (bsc#1157499). - watchdog: meson: Fix the wrong value of left time (bsc#1051510). - x86/alternatives: Add int3_emulate_call() selftest (bsc#1153811). - x86/alternatives: Fix int3_emulate_call() selftest stack corruption (bsc#1153811). - x86/mm/pkeys: Fix typo in Documentation/x86/protection-keys.txt (bsc#1078248). - x86/pkeys: Update documentation about availability (bsc#1078248). - x86/resctrl: Fix potential lockdep warning (bsc#1114279). - x86/resctrl: Prevent NULL pointer dereference when reading mondata (bsc#1114279). - x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs (bsc#1158068). - xfrm: Fix xfrm sel prefix length validation (git-fixes). - xfrm: fix sa selector validation (bsc#1156609). Important SUSE bug 1048942 SUSE bug 1051510 SUSE bug 1078248 SUSE bug 1082635 SUSE bug 1089644 SUSE bug 1091041 SUSE bug 1108043 SUSE bug 1113722 SUSE bug 1114279 SUSE bug 1117169 SUSE bug 1131107 SUSE bug 1138039 SUSE bug 1140948 SUSE bug 1143706 SUSE bug 1144333 SUSE bug 1149448 SUSE bug 1150466 SUSE bug 1151548 SUSE bug 1151900 SUSE bug 1152782 SUSE bug 1153628 SUSE bug 1153681 SUSE bug 1153811 SUSE bug 1154043 SUSE bug 1154058 SUSE bug 1154124 SUSE bug 1154355 SUSE bug 1154526 SUSE bug 1154956 SUSE bug 1155021 SUSE bug 1155689 SUSE bug 1155692 SUSE bug 1155836 SUSE bug 1155897 SUSE bug 1155921 SUSE bug 1155982 SUSE bug 1156187 SUSE bug 1156258 SUSE bug 1156429 SUSE bug 1156466 SUSE bug 1156471 SUSE bug 1156494 SUSE bug 1156609 SUSE bug 1156700 SUSE bug 1156729 SUSE bug 1156882 SUSE bug 1157038 SUSE bug 1157042 SUSE bug 1157070 SUSE bug 1157143 SUSE bug 1157145 SUSE bug 1157158 SUSE bug 1157162 SUSE bug 1157171 SUSE bug 1157173 SUSE bug 1157178 SUSE bug 1157180 SUSE bug 1157182 SUSE bug 1157183 SUSE bug 1157184 SUSE bug 1157191 SUSE bug 1157193 SUSE bug 1157197 SUSE bug 1157298 SUSE bug 1157307 SUSE bug 1157324 SUSE bug 1157333 SUSE bug 1157424 SUSE bug 1157463 SUSE bug 1157499 SUSE bug 1157678 SUSE bug 1157698 SUSE bug 1157778 SUSE bug 1157908 SUSE bug 1158049 SUSE bug 1158063 SUSE bug 1158064 SUSE bug 1158065 SUSE bug 1158066 SUSE bug 1158067 SUSE bug 1158068 SUSE bug 1158082 CVE-2019-14895 CVE-2019-15916 CVE-2019-16231 CVE-2019-17055 CVE-2019-18660 CVE-2019-18683 CVE-2019-18805 CVE-2019-18809 CVE-2019-19049 CVE-2019-19052 CVE-2019-19056 CVE-2019-19057 CVE-2019-19058 CVE-2019-19060 CVE-2019-19062 CVE-2019-19063 CVE-2019-19065 CVE-2019-19067 CVE-2019-19068 CVE-2019-19073 CVE-2019-19074 CVE-2019-19075 CVE-2019-19077 CVE-2019-19227 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for curl fixes the following issues: Security issues fixed: - CVE-2019-3822: Fixed a NTLMv2 type-3 header stack buffer overflow (bsc#1123377). - CVE-2019-3823: Fixed an out-of-bounds read in the SMTP end-of-response (bsc#1123378). - CVE-2018-16890: Fixed an out-of-bounds buffer read in NTLM type2 (bsc#1123371). - CVE-2018-16842: Fixed an out-of-bounds read in tool_msgs.c (bsc#1113660). - CVE-2018-16840: Fixed a use-after-free in handle close (bsc#1113029). - CVE-2018-16839: Fixed an SASL password overflow caused by an integer overflow (bsc#1112758). Important SUSE bug 1112758 SUSE bug 1113029 SUSE bug 1113660 SUSE bug 1123371 SUSE bug 1123377 SUSE bug 1123378 CVE-2018-16839 CVE-2018-16840 CVE-2018-16842 CVE-2018-16890 CVE-2019-3822 CVE-2019-3823 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for dia fixes the following issue: - CVE-2019-19451: Fixed an endless loop on filenames with invalid encoding (bsc#1158194). Moderate SUSE bug 1158194 CVE-2019-19451 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for podofo fixes the following issues: These security issues were fixed: - CVE-2017-6845: The PoDoFo::PdfColor::operator function allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1027779). - CVE-2018-5308: Properly validate memcpy arguments in the PdfMemoryOutputStream::Write function to prevent remote attackers from causing a denial-of-service or possibly have unspecified other impact via a crafted pdf file (bsc#1075772) - CVE-2018-5295: Prevent integer overflow in the PdfXRefStreamParserObject::ParseStream function that allowed remote attackers to cause a denial-of-service via a crafted pdf file (bsc#1075026). - CVE-2017-6845: The PoDoFo::PdfColor::operator function allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1027779). - CVE-2018-5309: Prevent integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function that allowed remote attackers to cause a denial-of-service via a crafted pdf file (bsc#1075322). - CVE-2018-5296: Prevent uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function that allowed remote attackers to cause a denial-of-service via a crafted pdf file (bsc#1075021). - CVE-2017-7381: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1032020). - CVE-2017-7382: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1032021). - CVE-2017-7383: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1032022). - CVE-2018-11256: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1096889). - CVE-2018-5783: Prevent uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function that allowed remote attackers to cause a denial of service via a crafted pdf file (bsc#1076962). These non-security issues were fixed: - Prevent regression caused by the fix for CVE-2017-8054. - Prevent NULL dereferences when 'Kids' array is missing (bsc#1096890) - Added to detect cycles and recursions in XRef tables Moderate SUSE bug 1027779 SUSE bug 1032020 SUSE bug 1032021 SUSE bug 1032022 SUSE bug 1075021 SUSE bug 1075026 SUSE bug 1075322 SUSE bug 1075772 SUSE bug 1076962 SUSE bug 1096889 SUSE bug 1096890 CVE-2017-6845 CVE-2017-7381 CVE-2017-7382 CVE-2017-7383 CVE-2017-8054 CVE-2018-11256 CVE-2018-5295 CVE-2018-5296 CVE-2018-5308 CVE-2018-5309 CVE-2018-5783 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for python-numpy fixes the following issue: Security issue fixed: - CVE-2019-6446: Set allow_pickle to false by default to restrict loading untrusted content (bsc#1122208). With this update we decrease the possibility of allowing remote attackers to execute arbitrary code by misusing numpy.load(). A warning during runtime will show-up when the allow_pickle is not explicitly set. NOTE: By applying this update the behavior of python-numpy changes, which might break your application. In order to get the old behaviour back, you have to explicitly set `allow_pickle` to True. Be aware that this should only be done for trusted input, as loading untrusted input might lead to arbitrary code execution. Important SUSE bug 1122208 CVE-2019-6446 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for systemd fixes the following issues: Security vulnerability fixed: - CVE-2019-6454: Fixed a crash of PID1 by sending specially crafted D-BUS message on the system bus by an unprivileged user (bsc#1125352) Other bug fixes and changes: - journal-remote: set a limit on the number of fields in a message - journal-remote: verify entry length from header - journald: set a limit on the number of fields (1k) - journald: do not store the iovec entry for process commandline on stack - core: include Found state in device dumps - device: fix serialization and deserialization of DeviceFound - fix path in btrfs rule (#6844) - assemble multidevice btrfs volumes without external tools (#6607) (bsc#1117025) - Update systemd-system.conf.xml (bsc#1122000) - units: inform user that the default target is started after exiting from rescue or emergency mode - manager: don't skip sigchld handler for main and control pid for services (#3738) - core: Add helper functions unit_{main, control}_pid - manager: Fixing a debug printf formatting mistake (#3640) - manager: Only invoke a single sigchld per unit within a cleanup cycle (bsc#1117382) - core: update invoke_sigchld_event() to handle NULL ->sigchld_event() - sd-event: expose the event loop iteration counter via sd_event_get_iteration() (#3631) - unit: rework a bit how we keep the service fdstore from being destroyed during service restart (bsc#1122344) - core: when restarting services, don't close fds - cryptsetup: Add dependency on loopback setup to generated units - journal-gateway: use localStorage['cursor'] only when it has valid value - journal-gateway: explicitly declare local variables - analyze: actually select longest activated-time of services - sd-bus: fix implicit downcast of bitfield reported by LGTM - core: free lines after reading them (bsc#1123892) - pam_systemd: reword message about not creating a session (bsc#1111498) - pam_systemd: suppress LOG_DEBUG log messages if debugging is off (bsc#1111498) - main: improve RLIMIT_NOFILE handling (#5795) (bsc#1120658) - sd-bus: if we receive an invalid dbus message, ignore and proceeed - automount: don't pass non-blocking pipe to kernel. - units: make sure initrd-cleanup.service terminates before switching to rootfs (bsc#1123333) - units: add Wants=initrd-cleanup.service to initrd-switch-root.target (#4345) (bsc#1123333) Important SUSE bug 1111498 SUSE bug 1117025 SUSE bug 1117382 SUSE bug 1120658 SUSE bug 1122000 SUSE bug 1122344 SUSE bug 1123333 SUSE bug 1123892 SUSE bug 1125352 CVE-2019-6454 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation (bsc#1123156). - CVE-2018-16872: Fixed a host security vulnerability related to handling symlinks in usb-mtp (bsc#1119493). - CVE-2018-19489: Fixed a denial of service vulnerability in virtfs (bsc#1117275). - CVE-2018-19364: Fixed a use-after-free if the virtfs interface resulting in a denial of service (bsc#1116717). - CVE-2018-18954: Fixed a denial of service vulnerability related to PowerPC PowerNV memory operations (bsc#1114957). Non-security issues fixed: - Improved disk performance for qemu on xen (bsc#1100408). - Fixed xen offline migration (bsc#1079730, bsc#1101982, bsc#1063993). - Fixed pwrite64/pread64/write to return 0 over -1 for a zero length NULL buffer in qemu (bsc#1121600). - Use /bin/bash to echo value into sys fs for ksm control (bsc#1112646). - Return specification exception for unimplemented diag 308 subcodes rather than a hardware error (bsc#1123179). Important SUSE bug 1063993 SUSE bug 1079730 SUSE bug 1100408 SUSE bug 1101982 SUSE bug 1112646 SUSE bug 1114957 SUSE bug 1116717 SUSE bug 1117275 SUSE bug 1119493 SUSE bug 1121600 SUSE bug 1123156 SUSE bug 1123179 CVE-2018-16872 CVE-2018-18954 CVE-2018-19364 CVE-2018-19489 CVE-2019-6778 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for procps fixes the following security issues: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). (These issues were previously released for SUSE Linux Enterprise 12 SP3 and SP4.) Also the following non-security issue was fixed: - Fix CPU summary showing old data. (bsc#1121753) Important SUSE bug 1092100 SUSE bug 1121753 CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for python fixes the following issues: Security issues fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191). - CVE-2018-14647: Fixed a denial-of-service vulnerability in Expat (bsc#1109847). Non-security issue fixed: - Fixed a bug where PyWeakReference struct was not initialized correctly leading to a crash (bsc#1073748). Important SUSE bug 1073748 SUSE bug 1109847 SUSE bug 1122191 CVE-2018-14647 CVE-2019-5010 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for java-1_7_0-openjdk to version 7u201 fixes the following issues: Security issues fixed: - CVE-2018-3136: Manifest better support (bsc#1112142) - CVE-2018-3139: Better HTTP Redirection (bsc#1112143) - CVE-2018-3149: Enhance JNDI lookups (bsc#1112144) - CVE-2018-3169: Improve field accesses (bsc#1112146) - CVE-2018-3180: Improve TLS connections stability (bsc#1112147) - CVE-2018-3214: Better RIFF reading support (bsc#1112152) - CVE-2018-13785: Upgrade JDK 8u to libpng 1.6.35 (bsc#1112153) - CVE-2018-16435: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile - CVE-2018-2938: Support Derby connections (bsc#1101644) - CVE-2018-2940: Better stack walking (bsc#1101645) - CVE-2018-2952: Exception to Pattern Syntax (bsc#1101651) - CVE-2018-2973: Improve LDAP support (bsc#1101656) - CVE-2018-3639 cpu speculative store bypass mitigation Important SUSE bug 1101644 SUSE bug 1101645 SUSE bug 1101651 SUSE bug 1101656 SUSE bug 1112142 SUSE bug 1112143 SUSE bug 1112144 SUSE bug 1112146 SUSE bug 1112147 SUSE bug 1112152 SUSE bug 1112153 CVE-2018-13785 CVE-2018-16435 CVE-2018-2938 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3214 CVE-2018-3639 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for ceph fixes the following issues: Security issues fixed: - CVE-2018-14662: mon: limit caps allowed to access the config store (bsc#1111177) - CVE-2018-16846: rgw: enforce bounds on max-keys/max-uploads/max-parts (bsc#1114710) - CVE-2018-16889: rgw: sanitize customer encryption keys from log output in v4 auth (bsc#1121567) Non-security issue fixed: - os/bluestore: avoid frequent allocator dump on bluefs rebalance failure (bsc#1113246) Important SUSE bug 1111177 SUSE bug 1113246 SUSE bug 1114710 SUSE bug 1121567 CVE-2018-14662 CVE-2018-16846 CVE-2018-16889 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for webkit2gtk3 to version 2.22.6 fixes the following issues: Security issues fixed: - CVE-2019-6212: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6215: Fixed a type confusion vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6216: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6217: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6226: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6227: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6229: Fixed a logic issue by improving validation which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6233: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6234: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. Other issues addressed: - Update to version 2.22.6 (bsc#1124937). - Kinetic scrolling slow down smoothly when reaching the ends of pages, instead of abruptly, to better match the GTK+ behaviour. - Fixed Web inspector magnifier under Wayland. - Fixed garbled rendering of some websites (e.g. YouTube) while scrolling under X11. - Fixed several crashes, race conditions, and rendering issues. Important SUSE bug 1124937 CVE-2019-6212 CVE-2019-6215 CVE-2019-6216 CVE-2019-6217 CVE-2019-6226 CVE-2019-6227 CVE-2019-6229 CVE-2019-6233 CVE-2019-6234 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for openssl-1_1 fixes the following issues: - The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS Implementations (bsc#1117951) Moderate SUSE bug 1117951 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for sssd fixes the following issues: Security vulnerabilities addressed: - Fix fallback_homedir returning '/' for empty home directories (CVE-2019-3811) (bsc#1121759) - Create sockets with right permissions (bsc#1098377, CVE-2018-10852) Other bug fixes and changes: - Install logrotate configuration (bsc#1004220) - Strip whitespaces in netgroup triples (bsc#1087320) - Align systemd service file with upstream * Run interactive and change service type to notify (bsc#1120852) * Replace deprecated '-f' and use '--logger' Moderate SUSE bug 1004220 SUSE bug 1087320 SUSE bug 1098377 SUSE bug 1120852 SUSE bug 1121759 CVE-2018-10852 CVE-2019-3811 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for audit fixes the following issues: Audit on SUSE Linux Enterprise 12 SP4 was updated to 2.8.1 to bring new features and bugfixes. (bsc#1125535 FATE#326346) * Many features were added to auparse_normalize * cli option added to auditd and audispd for setting config dir * In auditd, restore the umask after creating a log file * Option added to auditd for skipping email verification The full changelog can be found here: http://people.redhat.com/sgrubb/audit/ChangeLog - Change openldap dependency to client only (bsc#1085003) Minor security issue fixed: - CVE-2015-5186: Audit: log terminal emulator escape sequences handling (bsc#941922) Moderate SUSE bug 1042781 SUSE bug 1085003 SUSE bug 1125535 SUSE bug 941922 CVE-2015-5186 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for java-1_8_0-openjdk to version 8u191 fixes the following issues: Security issues fixed: - CVE-2018-3136: Manifest better support (bsc#1112142) - CVE-2018-3139: Better HTTP Redirection (bsc#1112143) - CVE-2018-3149: Enhance JNDI lookups (bsc#1112144) - CVE-2018-3169: Improve field accesses (bsc#1112146) - CVE-2018-3180: Improve TLS connections stability (bsc#1112147) - CVE-2018-3214: Better RIFF reading support (bsc#1112152) - CVE-2018-13785: Upgrade JDK 8u to libpng 1.6.35 (bsc#1112153) - CVE-2018-3183: Improve script engine support (bsc#1112148) - CVE-2018-16435: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile Important SUSE bug 1112142 SUSE bug 1112143 SUSE bug 1112144 SUSE bug 1112146 SUSE bug 1112147 SUSE bug 1112148 SUSE bug 1112152 SUSE bug 1112153 CVE-2018-13785 CVE-2018-16435 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2018-3214 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for openssl-1_0_0 fixes the following issues: Security issues fixed: - The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations (bsc#1117951) - CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080). Moderate SUSE bug 1117951 SUSE bug 1127080 CVE-2019-1559 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for ovmf fixes the following issues: Security issues fixed: - CVE-2018-12180: Fixed a buffer overflow in BlockIo service, which could lead to memory read/write overrun (bsc#1127820). - CVE-2018-12178: Fixed an improper DNS check upon receiving a new DNS packet (bsc#1127821). - CVE-2018-3630: Fixed a logic error in FV parsing which could allow a local attacker to bypass the chain of trust checks (bsc#1127822). Important SUSE bug 1127820 SUSE bug 1127821 SUSE bug 1127822 CVE-2018-12178 CVE-2018-12180 CVE-2018-3630 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for webkit2gtk3 to version 2.22.4 fixes the following issues: Security issues fixed: CVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4392, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361, CVE-2018-4345, CVE-2018-4372, CVE-2018-4373, CVE-2018-4375, CVE-2018-4376, CVE-2018-4416, CVE-2018-4378, CVE-2018-4382, CVE-2018-4386 (bsc#1110279, bsc#1116998). Important SUSE bug 1110279 SUSE bug 1116998 CVE-2018-4191 CVE-2018-4197 CVE-2018-4207 CVE-2018-4208 CVE-2018-4209 CVE-2018-4210 CVE-2018-4212 CVE-2018-4213 CVE-2018-4261 CVE-2018-4262 CVE-2018-4263 CVE-2018-4264 CVE-2018-4265 CVE-2018-4266 CVE-2018-4267 CVE-2018-4270 CVE-2018-4272 CVE-2018-4273 CVE-2018-4278 CVE-2018-4284 CVE-2018-4299 CVE-2018-4306 CVE-2018-4309 CVE-2018-4312 CVE-2018-4314 CVE-2018-4315 CVE-2018-4316 CVE-2018-4317 CVE-2018-4318 CVE-2018-4319 CVE-2018-4323 CVE-2018-4328 CVE-2018-4345 CVE-2018-4358 CVE-2018-4359 CVE-2018-4361 CVE-2018-4372 CVE-2018-4373 CVE-2018-4375 CVE-2018-4376 CVE-2018-4378 CVE-2018-4382 CVE-2018-4386 CVE-2018-4392 CVE-2018-4416 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for mariadb to version 10.2.22 fixes the following issues: Security issues fixed (bsc#1122198): - CVE-2019-2510: Fixed a vulnerability which can lead to MySQL compromise and lead to Denial of Service. - CVE-2019-2537: Fixed a vulnerability which can lead to MySQL compromise and lead to Denial of Service. Other issues fixed: - Fixed an issue where mysl_install_db fails due to incorrect basedir (bsc#1127027). - Fixed an issue where the lograte was not working (bsc#1112767). - Backport Information Schema CHECK_CONSTRAINTS Table. - Maximum value of table_definition_cache is now 2097152. - InnoDB ALTER TABLE fixes. - Galera crash recovery fixes. - Encryption fixes. - Remove xtrabackup dependency as MariaDB ships a build in mariabackup so xtrabackup is not needed (bsc#1122475). The complete changelog can be found at: https://mariadb.com/kb/en/library/mariadb-10222-changelog/ Moderate SUSE bug 1112767 SUSE bug 1122198 SUSE bug 1122475 SUSE bug 1127027 CVE-2019-2510 CVE-2019-2537 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for lftp fixes the following issues: Security issue fixed: - CVE-2018-10916: Fixed an improper file name sanitization which could lead to loss of integrity of the local system (bsc#1103367). Other issue addressed: - The SSH login handling code detects password prompts more reliably (bsc#1120946). Moderate SUSE bug 1103367 SUSE bug 1120946 CVE-2018-10916 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libssh2_org fixes the following issues: Security issues fixed: - CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets (bsc#1128490). - CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet (bsc#1128492). - CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP packets (bsc#1128481). - CVE-2019-3863: Fixed an Integer overflow in user authenticate keyboard interactive which could allow out-of-bounds writes with specially crafted keyboard responses (bsc#1128493). - CVE-2019-3856: Fixed a potential Integer overflow in keyboard interactive handling which could allow out-of-bounds write with specially crafted payload (bsc#1128472). - CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require and _libssh2_packet_requirev (bsc#1128480). - CVE-2019-3855: Fixed a potential Integer overflow in transport read which could allow out-of-bounds write with specially crafted payload (bsc#1128471). - CVE-2019-3858: Fixed a potential zero-byte allocation which could lead to an out-of-bounds read with a specially crafted SFTP packet (bsc#1128476). - CVE-2019-3857: Fixed a potential Integer overflow which could lead to zero-byte allocation and out-of-bounds with specially crafted message channel request SSH packet (bsc#1128474). Other issue addressed: - Libbssh2 will stop using keys unsupported types in the known_hosts file (bsc#1091236). Moderate SUSE bug 1091236 SUSE bug 1128471 SUSE bug 1128472 SUSE bug 1128474 SUSE bug 1128476 SUSE bug 1128480 SUSE bug 1128481 SUSE bug 1128490 SUSE bug 1128492 SUSE bug 1128493 CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for openwsman fixes the following issues: Security issues fixed: - CVE-2019-3816: Fixed a vulnerability in openwsmand deamon which could lead to arbitary file disclosure (bsc#1122623). - CVE-2019-3833: Fixed a vulnerability in process_connection() which could allow an attacker to trigger an infinite loop which leads to Denial of Service (bsc#1122623). Important SUSE bug 1122623 CVE-2019-3816 CVE-2019-3833 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for wireshark to version 2.4.13 fixes the following issues: Security issues fixed: - CVE-2019-9214: Avoided a dereference of a null coversation which could make RPCAP dissector crash (bsc#1127367). - CVE-2019-9209: Fixed a buffer overflow in time values which could make ASN.1 BER and related dissectors crash (bsc#1127369). - CVE-2019-9208: Fixed a null pointer dereference which could make TCAP dissector crash (bsc#1127370). Release notes: https://www.wireshark.org/docs/relnotes/wireshark-2.4.13.html Moderate SUSE bug 1127367 SUSE bug 1127369 SUSE bug 1127370 CVE-2019-9208 CVE-2019-9209 CVE-2019-9214 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for ghostscript fixes the following issue: Security issue fixed: - CVE-2019-3838: Fixed a vulnerability which made forceput operator in DefineResource to be still accessible which could allow access to file system outside of the constraints of -dSAFER (bsc#1129186). Important SUSE bug 1129186 CVE-2019-3838 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for ucode-intel fixes the following issues: Updated to the 20190312 bundle release (bsc#1129231) New Platforms: - AML-Y22 H0 6-8e-9/10 0000009e Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000a4 Core Gen8 Mobile - WHL-U V0 6-8e-d/94 000000b2 Core Gen8 Mobile - CFL-S P0 6-9e-c/22 000000a2 Core Gen9 Desktop - CFL-H R0 6-9e-d/22 000000b0 Core Gen9 Mobile Updated Platforms: - HSX-E/EP Cx/M1 6-3f-2/6f 0000003d->00000041 Core Gen4 X series; Xeon E5 v3 - HSX-EX E0 6-3f-4/80 00000012->00000013 Xeon E7 v3 - SKX-SP H0/M0/U0 6-55-4/b7 0200004d->0000005a Xeon Scalable - SKX-D M1 6-55-4/b7 0200004d->0000005a Xeon D-21xx - BDX-DE V1 6-56-2/10 00000017->00000019 Xeon D-1520/40 - BDX-DE V2/3 6-56-3/10 07000013->07000016 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 - BDX-DE Y0 6-56-4/10 0f000012->0f000014 Xeon D-1557/59/67/71/77/81/87 - BDX-NS A0 6-56-5/10 0e00000a->0e00000c Xeon D-1513N/23/33/43/53 - APL D0 6-5c-9/03 00000032->00000036 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx - APL E0 6-5c-a/03 0000000c->00000010 Atom x5/7-E39xx - GLK B0 6-7a-1/01 00000028->0000002c Pentium Silver N/J5xxx, Celeron N/J4xxx - KBL-U/Y H0 6-8e-9/c0 0000008e->0000009a Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 00000096->0000009e Core Gen8 Mobile - KBL-H/S/E3 B0 6-9e-9/2a 0000008e->0000009a Core Gen7; Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 00000096->000000aa Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 0000008e->000000aa Core Gen8 Moderate SUSE bug 1129231 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for gd fixes the following issues: Security issues fixed: - CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function (bsc#1123361). - CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions (bsc#1123522). Moderate SUSE bug 1123361 SUSE bug 1123522 CVE-2019-6977 CVE-2019-6978 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-20669: Missing access control checks in ioctl of gpu/drm/i915 driver were fixed which might have lead to information leaks. (bnc#1122971). - CVE-2019-3459, CVE-2019-3460: The Bluetooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758). - CVE-2019-3819: A flaw was found in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ('root') can cause a system lock up and a denial of service. (bnc#1123161). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bnc#1124728 ). - CVE-2019-7221: Fixed a use-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124732). - CVE-2019-7222: Fixed an information leakage in the KVM hypervisor related to handling page fault exceptions, which allowed a guest user/process to use this flaw to leak the host's stack memory contents to a guest (bsc#1124735). - CVE-2019-7308: kernel/bpf/verifier.c performed undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks (bnc#1124055). - CVE-2019-8912: af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr (bnc#1125907). - CVE-2019-8980: A memory leak in the kernel_read_file function in fs/exec.c allowed attackers to cause a denial of service (memory consumption) by triggering vfs_read failures (bnc#1126209). - CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166). - CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179). The following non-security bugs were fixed: - 6lowpan: iphc: reset mac_header after decompress to fix panic (bsc#1051510). - 9p: clear dangling pointers in p9stat_free (bsc#1051510). - 9p locks: fix glock.client_id leak in do_lock (bsc#1051510). - 9p/net: fix memory leak in p9_client_create (bsc#1051510). - 9p/net: put a lower bound on msize (bsc#1051510). - 9p: use inode->i_lock to protect i_size_write() under 32-bit (bsc#1051510). - acpi/APEI: Clear GHES block_status before panic() (bsc#1051510). - acpi/device_sysfs: Avoid OF modalias creation for removed device (bsc#1051510). - acpi/nfit: Block function zero DSMs (bsc#1051510). - acpi, nfit: Fix Address Range Scrub completion tracking (bsc#1124969). - acpi/nfit: Fix bus command validation (bsc#1051510). - acpi/nfit: Fix command-supported detection (bsc#1051510). - acpi/nfit: Fix race accessing memdev in nfit_get_smbios_id() (bsc#1122662). - acpi/nfit: Fix user-initiated ARS to be 'ARS-long' rather than 'ARS-short' (bsc#1124969). - acpi: NUMA: Use correct type for printing addresses on i386-PAE (bsc#1051510). - acpi: power: Skip duplicate power resource references in _PRx (bsc#1051510). - acpi / video: Extend chassis-type detection with a 'Lunch Box' check (bsc#1051510). - acpi / video: Refactor and fix dmi_is_desktop() (bsc#1051510). - add 1 entry 2bcbd406715dca256912b9c5ae449c7968f15705 - Add delay-init quirk for Corsair K70 RGB keyboards (bsc#1087092). - af_iucv: Move sockaddr length checks to before accessing sa_family in bind and connect handlers (bsc#1051510). - alsa: bebob: fix model-id of unit for Apogee Ensemble (bsc#1051510). - alsa: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56 (bsc#1051510). - alsa: compress: Fix stop handling on compressed capture streams (bsc#1051510). - alsa: compress: prevent potential divide by zero bugs (bsc#1051510). - alsa: firewire-motu: fix construction of PCM frame for capture direction (bsc#1051510). - alsa: hda - Add mute LED support for HP ProBook 470 G5 (bsc#1051510). - alsa: hda - Add quirk for HP EliteBook 840 G5 (bsc#1051510). - alsa: hda/ca0132 - Fix build error without CONFIG_PCI (bsc#1051510). - alsa: hda/realtek: Disable PC beep in passthrough on alc285 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX362FA with ALC294 (bsc#1051510). - alsa: hda/realtek - Fixed hp_pin no value (bsc#1051510). - alsa: hda/realtek - Fix lose hp_pins for disable auto mute (bsc#1051510). - alsa: hda/realtek - Headset microphone and internal speaker support for System76 oryp5 (bsc#1051510). - alsa: hda/realtek - Headset microphone support for System76 darp5 (bsc#1051510). - alsa: hda/realtek - Reduce click noise on Dell Precision 5820 headphone (bsc#1126131). - alsa: hda/realtek - Use a common helper for hp pin reference (bsc#1051510). - alsa: hda - Serialize codec registrations (bsc#1122944). - alsa: hda - Use standard device registration for beep (bsc#1122944). - alsa: oxfw: add support for APOGEE duet FireWire (bsc#1051510). - alsa: usb-audio: Add Opus #3 to quirks for native DSD support (bsc#1051510). - alsa: usb-audio: Add support for new T+A USB DAC (bsc#1051510). - alsa: usb-audio: Fix implicit fb endpoint setup by quirk (bsc#1051510). - altera-stapl: check for a null key before strcasecmp'ing it (bsc#1051510). - amd-xgbe: Fix mdio access for non-zero ports and clause 45 PHYs (bsc#1122927). - apparmor: Fix aa_label_build() error handling for failed merges (bsc#1051510). - applicom: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - aquantia: Setup max_mtu in ndev to enable jumbo frames (bsc#1051510). - arm64: fault: avoid send SIGBUS two times (bsc#1126393). - arm: 8802/1: Call syscall_trace_exit even when system call skipped (bsc#1051510). - arm: 8808/1: kexec:offline panic_smp_self_stop CPU (bsc#1051510). - arm: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling (bsc#1051510). - arm: 8815/1: V7M: align v7m_dma_inv_range() with v7 counterpart (bsc#1051510). - arm/arm64: kvm: Rename function kvm_arch_dev_ioctl_check_extension() (bsc#1126393). - arm/arm64: kvm: vgic: Force VM halt when changing the active state of GICv3 PPIs/SGIs (bsc#1051510). - arm: cns3xxx: Fix writing to wrong PCI config registers after alignment (bsc#1051510). - arm: cns3xxx: Use actual size reads for PCIe (bsc#1051510). - arm: imx: update the cpu power up timing setting on i.mx6sx (bsc#1051510). - arm: iop32x/n2100: fix PCI IRQ mapping (bsc#1051510). - arm: kvm: Fix VTTBR_BADDR_MASK BUG_ON off-by-one (bsc#1051510). - arm: mmp/mmp2: fix cpu_is_mmp2() on mmp2-dt (bsc#1051510). - arm: OMAP1: ams-delta: Fix possible use of uninitialized field (bsc#1051510). - arm: OMAP2+: hwmod: Fix some section annotations (bsc#1051510). - arm: OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup (bsc#1051510). - arm: pxa: avoid section mismatch warning (bsc#1051510). - arm: tango: Improve ARCH_MULTIPLATFORM compatibility (bsc#1051510). - ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages (bsc#1051510). - ASoC: dapm: change snprintf to scnprintf for possible overflow (bsc#1051510). - ASoC: dma-sh7760: cleanup a debug printk (bsc#1051510). - ASoC: fsl_esai: fix register setting issue in RIGHT_J mode (bsc#1051510). - ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M (bsc#1051510). - ASoC: imx-audmux: change snprintf to scnprintf for possible overflow (bsc#1051510). - ASoC: imx-sgtl5000: put of nodes if finding codec fails (bsc#1051510). - ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field (bsc#1051510). - ASoC: msm8916-wcd-analog: add missing license information (bsc#1051510). - ASoC: qcom: Fix of-node refcount unbalance in apq8016_sbc_parse_of() (bsc#1051510). - ASoC: rsnd: fixup rsnd_ssi_master_clk_start() user count check (bsc#1051510). - ASoC: rt5514-spi: Fix potential NULL pointer dereference (bsc#1051510). - assoc_array: Fix shortcut creation (bsc#1051510). - ata: ahci: mvebu: remove stale comment (bsc#1051510). - ath9k: Avoid OF no-EEPROM quirks without qca,no-eeprom (bsc#1051510). - ath9k: dynack: check da->enabled first in sampling routines (bsc#1051510). - ath9k: dynack: make ewma estimation faster (bsc#1051510). - ath9k: dynack: use authentication messages for 'late' ack (bsc#1051510). - atm: he: fix sign-extension overflow on large shift (bsc#1051510). - ax25: fix a use-after-free in ax25_fillin_cb() (networking-stable-19_01_04). - ax25: fix possible use-after-free (bsc#1051510). - backlight: pwm_bl: Use gpiod_get_value_cansleep() to get initial (bsc#1113722) - batman-adv: Avoid WARN on net_device without parent in netns (bsc#1051510). - batman-adv: fix uninit-value in batadv_interface_tx() (bsc#1051510). - batman-adv: Force mac header to start of data on xmit (bsc#1051510). - be2net: do not flip hw_features when VXLANs are added/deleted (bsc#1050252). - bio: Introduce BIO_ALLOCED flag and check it in bio_free (bsc#1128094). - blkdev: avoid migration stalls for blkdev pages (bsc#1084216). - blk-mq: fix a hung issue when fsync (bsc#1125252). - blk-mq: fix kernel oops in blk_mq_tag_idle() (bsc#1051510). - block: break discard submissions into the user defined size (git-fixes). - block: cleanup __blkdev_issue_discard() (git-fixes). - block_dev: fix crash on chained bios with O_DIRECT (bsc#1128094). - blockdev: Fix livelocks on loop device (bsc#1124984). - block: do not deal with discard limit in blkdev_issue_discard() (git-fixes). - block: do not use bio->bi_vcnt to figure out segment number (bsc#1128895). - block: do not warn when doing fsync on read-only devices (bsc#1125252). - block: fix 32 bit overflow in __blkdev_issue_discard() (git-fixes). - block: fix infinite loop if the device loses discard capability (git-fixes). - block/loop: Use global lock for ioctl() operation (bsc#1124974). - block: make sure discard bio is aligned with logical block size (git-fixes). - block: make sure writesame bio is aligned with logical block size (git-fixes). - block: move bio_integrity_{intervals,bytes} into blkdev.h (bsc#1114585). - block/swim3: Fix -EBUSY error when re-opening device after unmount (git-fixes). - bluetooth: Fix locking in bt_accept_enqueue() for BH context (bsc#1051510). - bluetooth: Fix unnecessary error message for HCI request completion (bsc#1051510). - bnx2x: Assign unique DMAE channel number for FW DMAE transactions (bsc#1086323). - bnx2x: Clear fip MAC when fcoe offload support is disabled (bsc#1086323). - bnx2x: Fix NULL pointer dereference in bnx2x_del_all_vlans() on some hw (bsc#1086323). - bnx2x: Remove configured vlans as part of unload sequence (bsc#1086323). - bnx2x: Send update-svid ramrod with retry/poll flags enabled (bsc#1086323). - bnxt_en: Fix typo in firmware message timeout logic (bsc#1086282 ). - bnxt_en: Wait longer for the firmware message response to complete (bsc#1086282). - bonding: update nest level on unlink (git-fixes). - bpf: decrease usercnt if bpf_map_new_fd() fails in bpf_map_get_fd_by_id() (bsc#1083647). - bpf: drop refcount if bpf_map_new_fd() fails in map_create() (bsc#1083647). - bpf: fix lockdep false positive in percpu_freelist (bsc#1083647). - bpf: fix replace_map_fd_with_map_ptr's ldimm64 second imm field (bsc#1083647). - bpf: fix sanitation rewrite in case of non-pointers (bsc#1083647). - bpf: Fix syscall's stackmap lookup potential deadlock (bsc#1083647). - bpf, lpm: fix lookup bug in map_delete_elem (bsc#1083647). - bpf/verifier: fix verifier instability (bsc#1056787). - bsg: allocate sense buffer if requested (bsc#1106811). - bsg: Do not copy sense if no response buffer is allocated (bsc#1106811,bsc#1126555). - btrfs: dedupe_file_range ioctl: remove 16MiB restriction (bsc#1127494). - btrfs: do not unnecessarily pass write_lock_level when processing leaf (bsc#1126802). - btrfs: ensure that a DUP or RAID1 block group has exactly two stripes (bsc#1128451). - btrfs: fix clone vs chattr NODATASUM race (bsc#1127497). - btrfs: fix corruption reading shared and compressed extents after hole punching (bsc#1126476). - btrfs: fix deadlock when allocating tree block during leaf/node split (bsc#1126806). - btrfs: fix deadlock when using free space tree due to block group creation (bsc#1126804). - btrfs: fix fsync after succession of renames and unlink/rmdir (bsc#1126488). - btrfs: fix fsync after succession of renames of different files (bsc#1126481). - btrfs: fix invalid-free in btrfs_extent_same (bsc#1127498). - btrfs: fix reading stale metadata blocks after degraded raid1 mounts (bsc#1126803). - btrfs: fix use-after-free of cmp workspace pages (bsc#1127603). - btrfs: grab write lock directly if write_lock_level is the max level (bsc#1126802). - btrfs: Improve btrfs_search_slot description (bsc#1126802). - btrfs: move get root out of btrfs_search_slot to a helper (bsc#1126802). - btrfs: qgroup: Cleanup old subtree swap code (bsc#1063638). - btrfs: qgroup: Do not trace subtree if we're dropping reloc tree (bsc#1063638). - btrfs: qgroup: Finish rescan when hit the last leaf of extent tree (bsc#1129327). - btrfs: qgroup: Fix root item corruption when multiple same source snapshots are created with quota enabled (bsc#1122324). - btrfs: qgroup: Introduce function to find all new tree blocks of reloc tree (bsc#1063638). - btrfs: qgroup: Introduce function to trace two swaped extents (bsc#1063638). - btrfs: qgroup: Introduce per-root swapped blocks infrastructure (bsc#1063638). - btrfs: qgroup: Introduce trace event to analyse the number of dirty extents accounted (bsc#1063638 dependency). - btrfs: qgroup: Make qgroup async transaction commit more aggressive (bsc#1113042). - btrfs: qgroup: Only trace data extents in leaves if we're relocating data block group (bsc#1063638). - btrfs: qgroup: Refactor btrfs_qgroup_trace_subtree_swap (bsc#1063638). - btrfs: qgroup: Search commit root for rescan to avoid missing extent (bsc#1129326). - btrfs: qgroup: Use delayed subtree rescan for balance (bsc#1063638). - btrfs: qgroup: Use generation-aware subtree swap to mark dirty extents (bsc#1063638). - btrfs: quota: Set rescan progress to (u64)-1 if we hit last leaf (bsc#1129327). - btrfs: relocation: Delay reloc tree deletion after merge_reloc_roots (bsc#1063638). - btrfs: reloc: Fix NULL pointer dereference due to expanded reloc_root lifespan (bsc#1129497). - btrfs: remove always true check in unlock_up (bsc#1126802). - btrfs: remove superfluous free_extent_buffer in read_block_for_search (bsc#1126802). - btrfs: remove unnecessary level check in balance_level (bsc#1126802). - btrfs: remove unused check of skip_locking (bsc#1126802). - btrfs: reuse cmp workspace in EXTENT_SAME ioctl (bsc#1127495). - btrfs: send, fix race with transaction commits that create snapshots (bsc#1126802). - btrfs: simplify IS_ERR/PTR_ERR checks (bsc#1126481). - btrfs: split btrfs_extent_same (bsc#1127493). - btrfs: use kvzalloc for EXTENT_SAME temporary data (bsc#1127496). - btrfs: use more straightforward extent_buffer_uptodate check (bsc#1126802). - can: bcm: check timer values before ktime conversion (bsc#1051510). - can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it (bsc#1051510). - can: gw: ensure DLC boundaries after CAN frame modification (bsc#1051510). - cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader (bsc#1051510). - cdc-wdm: pass return value of recover_from_urb_loss (bsc#1051510). - ceph: avoid repeatedly adding inode to mdsc->snap_flush_list (bsc#1126790). - ceph: clear inode pointer when snap realm gets dropped by its inode (bsc#1125799). - cfg80211: extend range deviation for DMG (bsc#1051510). - ch: add missing mutex_lock()/mutex_unlock() in ch_release() (bsc#1124235). - char/mwave: fix potential Spectre v1 vulnerability (bsc#1051510). - checkstack.pl: fix for aarch64 (bsc#1051510). - ch: fixup refcounting imbalance for SCSI devices (bsc#1124235). - cifs: add missing debug entries for kconfig options (bsc#1051510). - cifs: add missing support for ACLs in smb 3.11 (bsc#1051510). - cifs: add sha512 secmech (bsc#1051510). - cifs: Add support for reading attributes on smb2+ (bsc#1051510). - cifs: Add support for writing attributes on smb2+ (bsc#1051510). - cifs: Always resolve hostname before reconnecting (bsc#1051510). - cifs: connect to servername instead of IP for IPC$ share (bsc#1051510). - cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510). - cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510). - cifs: Fix error mapping for smb2_LOCK command which caused OFD lock problem (bsc#1051510). - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510). - cifs: Fix NULL pointer dereference of devname (bnc#1129519). - cifs: fix return value for cifs_listxattr (bsc#1051510). - cifs: Fix separator when building path from dentry (bsc#1051510). - cifs: fix set info (bsc#1051510). - cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510). - cifs: fix wrapping bugs in num_entries() (bsc#1051510). - cifs: For smb2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510). - cifs: hide unused functions (bsc#1051510). - cifs: hide unused functions (bsc#1051510). - cifs: implement v3.11 preauth integrity (bsc#1051510). - cifs: invalidate cache when we truncate a file (bsc#1051510). - cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510). - cifs: OFD locks do not conflict with eachothers (bsc#1051510). - cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510). - cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510). - cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510). - cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510). - cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510). - cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510). - cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510). - cifs: Use ULL suffix for 64-bit constant (bsc#1051510). - clk: armada-370: fix refcount leak in a370_clk_init() (bsc#1051510). - clk: armada-xp: fix refcount leak in axp_clk_init() (bsc#1051510). - clk: dove: fix refcount leak in dove_clk_init() (bsc#1051510). - clk: highbank: fix refcount leak in hb_clk_init() (bsc#1051510). - clk: imx6q: fix refcount leak in imx6q_clocks_init() (bsc#1051510). - clk: imx6q: reset exclusive gates on init (bsc#1051510). - clk: imx6sl: ensure MMDC CH0 handshake is bypassed (bsc#1051510). - clk: imx6sx: fix refcount leak in imx6sx_clocks_init() (bsc#1051510). - clk: imx7d: fix refcount leak in imx7d_clocks_init() (bsc#1051510). - clk: kirkwood: fix refcount leak in kirkwood_clk_init() (bsc#1051510). - clk: mv98dx3236: fix refcount leak in mv98dx3236_clk_init() (bsc#1051510). - clk: qoriq: fix refcount leak in clockgen_init() (bsc#1051510). - clk: rockchip: fix typo in rk3188 spdif_frac parent (bsc#1051510). - clk: samsung: exynos4: fix refcount leak in exynos4_get_xom() (bsc#1051510). - clk: socfpga: fix refcount leak (bsc#1051510). - clk: sunxi: A31: Fix wrong AHB gate number (bsc#1051510). - clk: sunxi-ng: a33: Set CLK_SET_RATE_PARENT for all audio module clocks (bsc#1051510). - clk: sunxi-ng: enable so-said LDOs for A64 SoC's pll-mipi clock (bsc#1051510). - clk: sunxi-ng: h3/h5: Fix CSI_MCLK parent (bsc#1051510). - clk: sunxi-ng: sun8i-a23: Enable PLL-MIPI LDOs when ungating it (bsc#1051510). - clk: uniphier: Fix update register for CPU-gear (bsc#1051510). - clk: vf610: fix refcount leak in vf610_clocks_init() (bsc#1051510). - clocksource/drivers/exynos_mct: Fix error path in timer resources initialization (bsc#1051510). - clocksource/drivers/integrator-ap: Add missing of_node_put() (bsc#1051510). - clocksource/drivers/sun5i: Fail gracefully when clock rate is unavailable (bsc#1051510). - configfs: fix registered group removal (bsc#1051510). - copy_mount_string: Limit string length to PATH_MAX (bsc#1082943). - cpufreq: Cap the default transition delay value to 10 ms (bsc#1127042). - cpufreq: conservative: Take limits changes into account properly (bsc#1051510). - cpufreq: governor: Avoid accessing invalid governor_data (bsc#1051510). - cpufreq: governor: Drop min_sampling_rate (bsc#1127042). - cpufreq: governor: Ensure sufficiently large sampling intervals (bsc#1127042). - cpufreq: imx6q: add return value check for voltage scale (bsc#1051510). - cpufreq: Use transition_delay_us for legacy governors as well (bsc#1127042). - cpuidle: big.LITTLE: fix refcount leak (bsc#1051510). - cramfs: fix abad comparison when wrap-arounds occur (bsc#1051510). - crypto: aes_ti - disable interrupts while accessing S-box (bsc#1051510). - crypto: ahash - fix another early termination in hash walk (bsc#1051510). - crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling (bsc#1051510). - crypto: arm/crct10dif - revert to C code for short inputs (bsc#1051510). - crypto: authencesn - Avoid twice completion call in decrypt path (bsc#1051510). - crypto: authenc - fix parsing key with misaligned rta_len (bsc#1051510). - crypto: bcm - convert to use crypto_authenc_extractkeys() (bsc#1051510). - crypto: brcm - Fix some set-but-not-used warning (bsc#1051510). - crypto: caam - fixed handling of sg list (bsc#1051510). - crypto: caam - fix zero-length buffer DMA mapping (bsc#1051510). - crypto: cavium/zip - fix collision with generic cra_driver_name (bsc#1051510). - crypto: crypto4xx - add missing of_node_put after of_device_is_available (bsc#1051510). - crypto: crypto4xx - Fix wrong ppc4xx_trng_probe()/ppc4xx_trng_remove() arguments (bsc#1051510). - crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails (bsc#1051510). - crypto: testmgr - skip crc32c context test for ahash algorithms (bsc#1051510). - crypto: tgr192 - fix unaligned memory access (bsc#1051510). - crypto: user - support incremental algorithm dumps (bsc#1120902). - crypto: ux500 - Use proper enum in cryp_set_dma_transfer (bsc#1051510). - crypto: ux500 - Use proper enum in hash_set_dma_transfer (bsc#1051510). - cw1200: drop useless LIST_HEAD (bsc#1051510). - cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan() (bsc#1051510). - cw1200: fix missing unlock on error in cw1200_hw_scan() (bsc#1051510). - dccp: fool proof ccid_hc_[rt]x_parse_options() (bsc#1051510). - debugfs: fix debugfs_rename parameter checking (bsc#1051510). - dlm: Do not swamp the CPU with callbacks queued during recovery (bsc#1051510). - dlm: fixed memory leaks after failed ls_remove_names allocation (bsc#1051510). - dlm: lost put_lkb on error path in receive_convert() and receive_unlock() (bsc#1051510). - dlm: memory leaks on error path in dlm_user_request() (bsc#1051510). - dlm: possible memory leak on error path in create_lkb() (bsc#1051510). - dmaengine: at_hdmac: drop useless LIST_HEAD (bsc#1051510). - dmaengine: at_hdmac: fix memory leak in at_dma_xlate() (bsc#1051510). - dmaengine: at_hdmac: fix module unloading (bsc#1051510). - dmaengine: at_xdmac: Fix wrongfull report of a channel as in use (bsc#1051510). - dmaengine: bcm2835: Fix abort of transactions (bsc#1051510). - dmaengine: bcm2835: Fix interrupt race on RT (bsc#1051510). - dmaengine: dma-jz4780: Return error if not probed from DT (bsc#1051510). - dmaengine: dmatest: Abort test in case of mapping error (bsc#1051510). - dmaengine: dw: drop useless LIST_HEAD (bsc#1051510). - dmaengine: dw: Fix FIFO size for Intel Merrifield (bsc#1051510). - dmaengine: imx-dma: fix wrong callback invoke (bsc#1051510). - dmaengine: mv_xor: Use correct device for DMA API (bsc#1051510). - dmaengine: pl330: drop useless LIST_HEAD (bsc#1051510). - dmaengine: sa11x0: drop useless LIST_HEAD (bsc#1051510). - dmaengine: st_fdma: drop useless LIST_HEAD (bsc#1051510). - dmaengine: stm32-dma: fix incomplete configuration in cyclic mode (bsc#1051510). - dmaengine: xilinx_dma: Remove __aligned attribute on zynqmp_dma_desc_ll (bsc#1051510). - dma: Introduce dma_max_mapping_size() (bsc#1120008). - dm cache metadata: verify cache has blocks in blocks_are_clean_separate_dirty() (git-fixes). - dm: call blk_queue_split() to impose device limits on bios (git-fixes). - dm: do not allow readahead to limit IO size (git-fixes). - dm thin: send event about thin-pool state change _after_ making it (git-fixes). - dm zoned: Fix target BIO completion handling (git-fixes). - doc: rcu: Suspicious RCU usage is a warning (bsc#1051510). - doc/README.SUSE: Correct description for building a kernel (bsc#1123348) - Do not log confusing message on reconnect by default (bsc#1129664). - Do not log expected error on DFS referral request (bsc#1051510). - driver core: Do not resume suppliers under device_links_write_lock() (bsc#1051510). - driver core: Move async_synchronize_full call (bsc#1051510). - drivers: core: Remove glue dirs from sysfs earlier (bsc#1051510). - drivers: hv: vmbus: Check for ring when getting debug info (bsc#1126389, bsc#1126579). - drivers: hv: vmbus: preserve hv_ringbuffer_get_debuginfo kABI (bsc#1126389, bsc#1126579). - drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels (bsc#1126389, bsc#1126579). - drivers/misc/sgi-gru: fix Spectre v1 vulnerability (bsc#1051510). - drivers/net/ethernet/qlogic/qed/qed_rdma.h: fix typo (bsc#1086314 bsc#1086313 bsc#1086301 ). - drivers/sbus/char: add of_node_put() (bsc#1051510). - drm/amdgpu: Add delay after enable RLC ucode (bsc#1051510). - drm/ast: Fix connector leak during driver unload (bsc#1051510). - drm/ast: fixed reading monitor EDID not stable issue (bsc#1051510). - drm/atomic-helper: Complete fake_commit->flip_done potentially earlier (bsc#1051510). - drm: Block fb changes for async plane updates (bsc#1051510). - drm/bridge: tc358767: add defines for DP1_SRCCTRL & PHY_2LANE (bsc#1051510). - drm/bridge: tc358767: fix initial DP0/1_SRCCTRL value (bsc#1051510). - drm/bridge: tc358767: fix output H/V syncs (bsc#1051510). - drm/bridge: tc358767: fix single lane configuration (bsc#1051510). - drm/bridge: tc358767: reject modes which require too much BW (bsc#1051510). - drm/bufs: Fix Spectre v1 vulnerability (bsc#1051510). - drm: Clear state->acquire_ctx before leaving drm_atomic_helper_commit_duplicated_state() (bsc#1051510). - drm: disable uncached DMA optimization for ARM and arm64 (bsc#1051510). - drm/etnaviv: NULL vs IS_ERR() buf in etnaviv_core_dump() (bsc#1113722) - drm/etnaviv: potential NULL dereference (bsc#1113722) - drm/fb-helper: Partially bring back workaround for bugs of SDL 1.2 (bsc#1113722) - drm: Fix error handling in drm_legacy_addctx (bsc#1113722) - drm/i915: Block fbdev HPD processing during suspend (bsc#1113722) - drm/i915/fbdev: Actually configure untiled displays (bsc#1113722) - drm/i915: Flush GPU relocs harder for gen3 (bsc#1113722) - drm/i915/gvt: Fix mmap range check (bsc#1120902) - drm/i915/gvt: free VFIO region space in vgpu detach (bsc#1113722) - drm/i915/gvt: release shadow batch buffer and wa_ctx before destroy one workload (bsc#1051510). - drm/i915/opregion: fix version check (bsc#1113722) - drm/i915/opregion: rvda is relative from opregion base in opregion (bsc#1113722) - drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set (bsc#1113722) - drm/i915: Redefine some Whiskey Lake SKUs (bsc#1051510). - drm/i915: Use the correct crtc when sanitizing plane mapping (bsc#1113722) - drm/meson: add missing of_node_put (bsc#1051510). - drm/modes: Prevent division by zero htotal (bsc#1051510). - drm/msm: Fix error return checking (bsc#1051510). - drm/msm: Grab a vblank reference when waiting for commit_done (bsc#1051510). - drm/msm: Unblock writer if reader closes file (bsc#1051510). - drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON (bsc#1113722) - drm/nouveau: Do not spew kernel WARNING for each timeout (bsc#1126480). - drm/nouveau: Do not WARN_ON VCPI allocation failures (bsc#1113722) - drm/nouveau/falcon: avoid touching registers if engine is off (bsc#1051510). - drm/nouveau/pmu: do not print reply values if exec is false (bsc#1113722) - drm/nouveau/tmr: detect stalled gpu timer and break out of waits (bsc#1123538). - drm/radeon/evergreen_cs: fix missing break in switch statement (bsc#1113722) - drm: Reorder set_property_atomic to avoid returning with an active ww_ctx (bsc#1051510). - drm/rockchip: fix for mailbox read size (bsc#1051510). - drm/shmob: Fix return value check in shmob_drm_probe (bsc#1113722) - drm/sun4i: tcon: Prepare and enable TCON channel 0 clock at init (bsc#1051510). - drm/vmwgfx: Do not double-free the mode stored in par->set_mode (bsc#1103429) - drm/vmwgfx: Fix setting of dma masks (bsc#1120902) - drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user (bsc#1120902) - e1000e: allow non-monotonic SYSTIM readings (bsc#1051510). - earlycon: Initialize port->uartclk based on clock-frequency property (bsc#1051510). - earlycon: Remove hardcoded port->uartclk initialization in of_setup_earlycon (bsc#1051510). - Enable CONFIG_RDMA_RXE=m also for ppc64le (bsc#1107665,) - enic: fix build warning without CONFIG_CPUMASK_OFFSTACK (bsc#1051510). - enic: fix checksum validation for IPv6 (bsc#1051510). - esp6: fix memleak on error path in esp6_input (bsc#1051510). - esp: Fix locking on page fragment allocation (bsc#1051510). - esp: Fix memleaks on error paths (bsc#1051510). - esp: Fix skb tailroom calculation (bsc#1051510). - exportfs: do not read dentry after free (bsc#1051510). - ext4: avoid kernel warning when writing the superblock to a dead device (bsc#1124981). - ext4: check for shutdown and r/o file system in ext4_write_inode() (bsc#1124978). - ext4: fix a potential fiemap/page fault deadlock w/ inline_data (bsc#1124980). - ext4: Fix crash during online resizing (bsc#1122779). - ext4: force inode writes when nfsd calls commit_metadata() (bsc#1125125). - ext4: include terminating u32 in size of xattr entries when expanding inodes (bsc#1124976). - ext4: make sure enough credits are reserved for dioread_nolock writes (bsc#1124979). - ext4: track writeback errors using the generic tracking infrastructure (bsc#1124982). - fanotify: fix handling of events on child sub-directory (bsc#1122019). - fat: validate ->i_start before using (bsc#1051510). - fbdev: chipsfb: remove set but not used variable 'size' (bsc#1113722) - firmware/efi: Add NULL pointer checks in efivars API functions (bsc#1051510). - Fix kabi issues with new transport sharing code (bsc#1114893). - Fix problem with sharetransport= and NFSv4 (bsc#1114893). - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510). - floppy: check_events callback should not return a negative number (bsc#1051510). - fork: do not copy inconsistent signal handler state to child (bsc#1051510). - fork: record start_time late (git-fixes). - fork: unconditionally clear stack on fork (git-fixes). - fs/cifs: require sha512 (bsc#1051510). - fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() (git-fixes). - fs/devpts: always delete dcache dentry-s in dput() (git-fixes). - fuse: call pipe_buf_release() under pipe lock (bsc#1051510). - fuse: continue to send FUSE_RELEASEDIR when FUSE_OPEN returns ENOSYS (bsc#1051510). - fuse: decrement NR_WRITEBACK_TEMP on the right page (bsc#1051510). - fuse: handle zero sized retrieve correctly (bsc#1051510). - futex: Fix (possible) missed wakeup (bsc#1050549). - gdrom: fix a memory leak bug (bsc#1051510). - geneve: cleanup hard coded value for Ethernet header length (bsc#1123456). - geneve: correctly handle ipv6.disable module parameter (bsc#1051510). - geneve, vxlan: Do not check skb_dst() twice (bsc#1123456). - geneve, vxlan: Do not set exceptions if skb->len < mtu (bsc#1123456). - genwqe: Fix size check (bsc#1051510). - gfs2: Revert 'Fix loop in gfs2_rbm_find' (bsc#1120601). - gianfar: fix a flooded alignment reports because of padding issue (bsc#1051510). - gianfar: Fix Rx byte accounting for ndev stats (bsc#1051510). - gianfar: prevent integer wrapping in the rx handler (bsc#1051510). - gpio: altera-a10sr: Set proper output level for direction_output (bsc#1051510). - gpio: pcf857x: Fix interrupts on multiple instances (bsc#1051510). - gpio: pl061: handle failed allocations (bsc#1051510). - gpio: pl061: Move irq_chip definition inside struct pl061 (bsc#1051510). - gpio: vf610: Mask all GPIO interrupts (bsc#1051510). - gpu: ipu-v3: Fix CSI offsets for imx53 (bsc#1113722) - gpu: ipu-v3: Fix i.MX51 CSI control registers offset (bsc#1113722) - gpu: ipu-v3: image-convert: Prevent race between run and unprepare (bsc#1051510). - gro_cell: add napi_disable in gro_cells_destroy (networking-stable-19_01_04). - gro_cells: make sure device is up in gro_cells_receive() (git-fixes). - hfs: do not free node before using (bsc#1051510). - hfsplus: do not free node before using (bsc#1051510). - hfsplus: prevent btree data loss on root split (bsc#1051510). - hfs: prevent btree data loss on root split (bsc#1051510). - hid: lenovo: Add checks to fix of_led_classdev_register (bsc#1051510). - hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable (git-fixes). - hvc_opal: do not set tb_ticks_per_usec in udbg_init_opal_common() (bsc#1051510). - hv: v4.12 API for hyperv-iommu (bsc#1122822). - hwmon/k10temp: Add support for AMD family 17h, model 30h CPUs (). - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (). - hwmon: (lm80) fix a missing check of bus read in lm80 probe (bsc#1051510). - hwmon: (lm80) fix a missing check of the status of smbus read (bsc#1051510). - hwmon: (lm80) Fix missing unlock on error in set_fan_div() (bsc#1051510). - hwmon: (tmp421) Correct the misspelling of the tmp442 compatible attribute in OF device ID table (bsc#1051510). - HYPERV/IOMMU: Add Hyper-V stub IOMMU driver (bsc#1122822). - i2c-axxia: check for error conditions first (bsc#1051510). - i2c: bcm2835: Clear current buffer pointers and counts after a transfer (bsc#1051510). - i2c: cadence: Fix the hold bit setting (bsc#1051510). - i2c: dev: prevent adapter retries and timeout being set as minus value (bsc#1051510). - i2c: omap: Use noirq system sleep pm ops to idle device for suspend (bsc#1051510). - i2c: sh_mobile: add support for r8a77990 (R-Car E3) (bsc#1051510). - i40e: fix mac filter delete when setting mac address (bsc#1056658 bsc#1056662). - i40e: report correct statistics when XDP is enabled (bsc#1056658 bsc#1056662). - i40e: restore NETIF_F_GSO_IPXIP to netdev features (bsc#1056658 bsc#1056662). - IB/core: Destroy QP if XRC QP fails (bsc#1046306). - IB/core: Fix potential memory leak while creating MAD agents (bsc#1046306). - IB/core: Unregister notifier before freeing MAD security (bsc#1046306). - IB/hfi1: Close race condition on user context disable and close (bsc#1060463). - IB/mlx5: Unmap DMA addr from HCA before IOMMU (bsc#1046305 ). - ibmveth: Do not process frames after calling napi_reschedule (bcs#1123357). - ibmveth: fix DMA unmap error in ibmveth_xmit_start error path (networking-stable-19_01_04). - ibmvnic: Add ethtool private flag for driver-defined queue limits (bsc#1121726). - ibmvnic: Increase maximum queue size limit (bsc#1121726). - ibmvnic: Introduce driver limits for ring sizes (bsc#1121726). - ibmvnic: Report actual backing device speed and duplex values (bsc#1129923). - ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton (bsc#1119019). - ide: pmac: add of_node_put() (bsc#1051510). - ieee802154: ca8210: fix possible u8 overflow in ca8210_rx_done (bsc#1051510). - ieee802154: lowpan_header_create check must check daddr (networking-stable-19_01_04). - igb: Fix an issue that PME is not enabled during runtime suspend (bsc#1051510). - iio: accel: kxcjk1013: Add KIOX010A acpi Hardware-ID (bsc#1051510). - iio: adc: exynos-adc: Fix NULL pointer exception on unbind (bsc#1051510). - iio: chemical: atlas-ph-sensor: correct IIO_TEMP values to millicelsius (bsc#1051510). - input: bma150 - register input device after setting private data (bsc#1051510). - input: elan_i2c - add acpi ID for touchpad in ASUS Aspire F5-573G (bsc#1051510). - input: elan_i2c - add acpi ID for touchpad in Lenovo V330-15ISK (bsc#1051510). - input: elan_i2c - add id for touchpad found in Lenovo s21e-20 (bsc#1051510). - input: elantech - enable 3rd button support on Fujitsu CELSIUS H780 (bsc#1051510). - input: omap-keypad - fix idle configuration to not block SoC idle states (bsc#1051510). - input: raspberrypi-ts - fix link error (git-fixes). - input: raspberrypi-ts - select CONFIG_INPUT_POLLDEV (git-fixes). - input: restore EV_ABS ABS_RESERVED (bsc#1051510). - input: synaptics - enable RMI on ThinkPad T560 (bsc#1051510). - input: synaptics - enable smbus for HP EliteBook 840 G4 (bsc#1051510). - input: wacom_serial4 - add support for Wacom ArtPad II tablet (bsc#1051510). - input: xpad - add support for SteelSeries Stratus Duo (bsc#1111666). - intel_th: Do not reference unassigned outputs (bsc#1051510). - intel_th: gth: Fix an off-by-one in output unassigning (bsc#1051510). - iomap: fix integer truncation issues in the zeroing and dirtying helpers (bsc#1125947). - iomap: warn on zero-length mappings (bsc#1127062). - iommu/amd: Call free_iova_fast with pfn in map_sg (bsc#1106105). - iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#1106105). - iommu/amd: Unmap all mapped pages in error path of map_sg (bsc#1106105). - iommu/dmar: Fix buffer overflow during PCI bus notification (bsc#1129181). - iommu: Document iommu_ops.is_attach_deferred() (bsc#1129182). - iommu/io-pgtable-arm-v7s: Only kmemleak_ignore L2 tables (bsc#1129205). - iommu/vt-d: Check identity map for hot-added devices (bsc#1129183). - iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions() (bsc#1106105). - iommu/vt-d: Fix NULL pointer reference in intel_svm_bind_mm() (bsc#1129184). - ip6mr: Fix potential Spectre v1 vulnerability (networking-stable-19_01_04). - ip6_tunnel: get the min mtu properly in ip6_tnl_xmit (bsc#1123456). - ip6_tunnel: use the right value for ipv4 min mtu check in ip6_tnl_xmit (bsc#1123456). - ipmi:pci: Blacklist a Realtek 'IPMI' device (git-fixes). - ipmi:ssif: Fix handling of multi-part return messages (bsc#1051510). - ip: on queued skb use skb_header_pointer instead of pskb_may_pull (git-fixes). - ipsec: check return value of skb_to_sgvec always (bsc#1051510). - ipv4: Fix potential Spectre v1 vulnerability (networking-stable-19_01_04). - ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes (networking-stable-18_12_12). - ipv4: speedup ipv6 tunnels dismantle (bsc#1122982). - ipv6: addrlabel: per netns list (bsc#1122982). - ipv6: Check available headroom in ip6_xmit() even without options (networking-stable-18_12_12). - ipv6: Consider sk_bound_dev_if when binding a socket to an address (networking-stable-19_02_01). - ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address (networking-stable-19_01_22). - ipv6: explicitly initialize udp6_addr in udp_sock_create6() (networking-stable-19_01_04). - ipv6: fix kernel-infoleak in ipv6_local_error() (networking-stable-19_01_20). - ipv6: speedup ipv6 tunnels dismantle (bsc#1122982). Refresh patches.suse/ip6_vti-fix-a-null-pointer-deference-when-destroy-vt.patch - ipv6: sr: properly initialize flowi6 prior passing to ip6_route_output (networking-stable-18_12_12). - ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses (networking-stable-19_01_22). - ipv6: tunnels: fix two use-after-free (networking-stable-19_01_04). - ip: validate header length on virtual device xmit (networking-stable-19_01_04). - ipvlan, l3mdev: fix broken l3s mode wrt local routes (networking-stable-19_02_01). - irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size (bsc#1051510). - irqchip/gic-v3-its: Do not bind LPI to unavailable NUMA node (bsc#1051510). - irqchip/gic-v3-its: Fix ITT_entry_size accessor (bsc#1051510). - iscsi target: fix session creation failure handling (bsc#1051510). - isdn: avm: Fix string plus integer warning from Clang (bsc#1051510). - isdn: fix kernel-infoleak in capi_unlocked_ioctl (bsc#1051510). - isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw() (bsc#1051510). - isdn: i4l: isdn_tty: Fix some concurrency double-free bugs (bsc#1051510). - iser: set sector for ambiguous mr status errors (bsc#1051510). - iwlwifi: mvm: avoid possible access out of array (bsc#1051510). - iwlwifi: mvm: fix A-MPDU reference assignment (bsc#1051510). - iwlwifi: mvm: fix RSS config command (bsc#1051510). - iwlwifi: pcie: fix emergency path (bsc#1051510). - iwlwifi: pcie: fix TX while flushing (bsc#1120902). - ixgbe: Be more careful when modifying MAC filters (bsc#1051510). - ixgbe: check return value of napi_complete_done() (bsc#1051510). - ixgbe: recognize 1000BaseLX SFP modules as 1Gbps (bsc#1051510). - jffs2: Fix use of uninitialized delayed_work, lockdep breakage (bsc#1051510). - kabi: cpufreq: keep min_sampling_rate in struct dbs_data (bsc#1127042). - kabi: fix xhci kABI stability (bsc#1119086). - kabi: handle addition of ip6addrlbl_table into struct netns_ipv6 (bsc#1122982). - kabi: handle addition of uevent_sock into struct net (bsc#1122982). - kabi: Preserve kABI for dma_max_mapping_size() (bsc#1120008). - kabi: protect struct sctp_association (kabi). - kabi: protect struct smc_buf_desc (bnc#1117947, LTC#173662). - kabi: protect struct smc_link (bnc#1117947, LTC#173662). - kabi: protect vhost_log_write (kabi). - kabi: restore ip_tunnel_delete_net() (bsc#1122982). - kABI workaroudn for ath9k ath_node.ackto type change (bsc#1051510). - kABI workaround for bt_accept_enqueue() change (bsc#1051510). - kABI workaround for deleted snd_hda_register_beep_device() (bsc#1122944). - kABI workaround for snd_hda_bus.bus_probing addition (bsc#1122944). - kallsyms: Handle too long symbols in kallsyms.c (bsc#1126805). - kconfig: fix file name and line number of warn_ignored_character() (bsc#1051510). - kconfig: fix line numbers for if-entries in menu tree (bsc#1051510). - kconfig: fix memory leak when EOF is encountered in quotation (bsc#1051510). - kconfig: fix the rule of mainmenu_stmt symbol (bsc#1051510). - kernel/exit.c: release ptraced tasks before zap_pid_ns_processes (git-fixes). - keys: allow reaching the keys quotas exactly (bsc#1051510). - keys: Timestamp new keys (bsc#1051510). - kgdboc: fix KASAN global-out-of-bounds bug in param_set_kgdboc_var() (bsc#1051510). - kgdboc: Fix restrict error (bsc#1051510). - kgdboc: Fix warning with module build (bsc#1051510). - kobject: add kobject_uevent_net_broadcast() (bsc#1122982). - kobject: copy env blob in one go (bsc#1122982). - kobject: factorize skb setup in kobject_uevent_net_broadcast() (bsc#1122982). - kprobes: Return error if we fail to reuse kprobe instead of BUG_ON() (bsc#1051510). - kvm: arm/arm64: Properly protect VGIC locks from IRQs (bsc#1117155). - kvm: arm/arm64: VGIC/ITS: Promote irq_lock() in update_affinity (bsc#1117155). - kvm: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock (bsc#1117155). - kvm: arm/arm64: VGIC/ITS save/restore: protect kvm_read_guest() calls (bsc#1117155). - kvm: mmu: Fix race in emulated page table writes (bsc#1129284). - kvm: nVMX: Free the VMREAD/VMWRITE bitmaps if alloc_kvm_area() fails (bsc#1129291). - kvm: nVMX: NMI-window and interrupt-window exiting should wake L2 from HLT (bsc#1129292). - kvm: nVMX: Set VM instruction error for VMPTRLD of unbacked page (bsc#1129293). - kvm: PPC: Book3S PR: Set hflag to indicate that POWER9 supports 1T segments (bsc#1124589). - kvm: sev: Fail KVM_SEV_INIT if already initialized (bsc#1114279). - kvm: vmx: Set IA32_TSC_AUX for legacy mode guests (bsc#1129294). - kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs (bsc#1127082). - kvm: x86: fix L1TF's MMIO GFN calculation (bsc#1124204). - kvm: x86: Fix single-step debugging (bsc#1129295). - kvm: x86: Use jmp to invoke kvm_spurious_fault() from .fixup (bsc#1129296). - l2tp: copy 4 more bytes to linear part if necessary (networking-stable-19_02_01). - l2tp: fix infoleak in l2tp_ip6_recvmsg() (git-fixes). - l2tp: fix reading optional fields of L2TPv3 (networking-stable-19_02_01). - lan78xx: Resolve issue with changing MAC address (bsc#1051510). - leds: lp5523: fix a missing check of return value of lp55xx_read (bsc#1051510). - leds: lp55xx: fix null deref on firmware load failure (bsc#1051510). - libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive() (bsc#1125800). - libceph: handle an empty authorize reply (bsc#1126789). - lib/div64.c: off by one in shift (bsc#1051510). - libnvdimm: Fix altmap reservation size calculation (bsc#1127682). - libnvdimm/label: Clear 'updating' flag after label-set update (bsc#1129543). - libnvdimm/pmem: Honor force_raw for legacy pmem regions (bsc#1129551). - lib/rbtree-test: lower default params (git-fixes). - lightnvm: fail fast on passthrough commands (bsc#1125780). - livepatch: Change unsigned long old_addr -> void *old_func in struct klp_func (bsc#1071995). - livepatch: Consolidate klp_free functions (bsc#1071995 ). - livepatch: core: Return EOPNOTSUPP instead of ENOSYS (bsc#1071995). - livepatch: Define a macro for new API identification (bsc#1071995). - livepatch: Do not block the removal of patches loaded after a forced transition (bsc#1071995). - livepatch: Introduce klp_for_each_patch macro (bsc#1071995 ). - livepatch: Module coming and going callbacks can proceed with all listed patches (bsc#1071995). - livepatch: Proper error handling in the shadow variables selftest (bsc#1071995). - livepatch: Remove ordering (stacking) of the livepatches (bsc#1071995). - livepatch: Remove signal sysfs attribute (bsc#1071995 ). - livepatch: return -ENOMEM on ptr_id() allocation failure (bsc#1071995). - livepatch: Send a fake signal periodically (bsc#1071995 ). - livepatch: Shuffle klp_enable_patch()/klp_disable_patch() code (bsc#1071995). - livepatch: Simplify API by removing registration step (bsc#1071995). - llc: do not use sk_eat_skb() (bsc#1051510). - lockd: fix access beyond unterminated strings in prints (git-fixes). - locking/rwsem: Fix (possible) missed wakeup (bsc#1050549). - loop: drop caches if offset or block_size are changed (bsc#1124975). - loop: Reintroduce lo_ctl_mutex removed by commit 310ca162d (bsc#1124974). - LSM: Check for NULL cred-security on free (bsc#1051510). - mac80211: Add attribute aligned(2) to struct 'action' (bsc#1051510). - mac80211: do not initiate TDLS connection if station is not associated to AP (bsc#1051510). - mac80211: ensure that mgmt tx skbs have tailroom for encryption (bsc#1051510). - mac80211: fix miscounting of ttl-dropped frames (bsc#1051510). - mac80211: fix radiotap vendor presence bitmap handling (bsc#1051510). - mac80211: Free mpath object when rhashtable insertion fails (bsc#1051510). - mac80211: Restore vif beacon interval if start ap fails (bsc#1051510). - macvlan: Only deliver one copy of the frame to the macvlan interface (bsc#1051510). - mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush timeout issue (bsc#1051510). - mdio_bus: Fix use-after-free on device_register fails (bsc#1051510). - media: adv*/tc358743/ths8200: fill in min width/height/pixelclock (bsc#1051510). - media: DaVinci-VPBE: fix error handling in vpbe_initialize() (bsc#1051510). - media: dt-bindings: media: i2c: Fix i2c address for OV5645 camera sensor (bsc#1051510). - media: firewire: Fix app_info parameter type in avc_ca{,_app}_info (bsc#1051510). - media: mtk-vcodec: Release device nodes in mtk_vcodec_init_enc_pm() (bsc#1051510). - media: s5k4ecgx: delete a bogus error message (bsc#1051510). - media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration (bsc#1051510). - media: s5p-jpeg: Correct step and max values for V4L2_CID_JPEG_RESTART_INTERVAL (bsc#1051510). - media: s5p-mfc: fix incorrect bus assignment in virtual child device (bsc#1051510). - media: usb: pwc: Do not use coherent DMA buffers for ISO transfer (bsc#1054610). - media: uvcvideo: Avoid NULL pointer dereference at the end of streaming (bsc#1051510). - media: uvcvideo: Fix 'type' check leading to overflow (bsc#1051510). - media: v4l2: i2c: ov7670: Fix PLL bypass register values (bsc#1051510). - media: v4l2-tpg: array index could become negative (bsc#1051510). - media: v4l: ioctl: Validate num_planes for debug messages (bsc#1051510). - media: vb2: be sure to unlock mutex on errors (bsc#1051510). - media: vb2: vb2_mmap: move lock up (bsc#1051510). - media: vivid: fix error handling of kthread_run (bsc#1051510). - media: vivid: free bitmap_cap when updating std/timings/etc (bsc#1051510). - media: vivid: set min width/height to a value > 0 (bsc#1051510). - memstick: Prevent memstick host from getting runtime suspended during card detection (bsc#1051510). - mfd: ab8500-core: Return zero in get_register_interruptible() (bsc#1051510). - mfd: db8500-prcmu: Fix some section annotations (bsc#1051510). - mfd: mc13xxx: Fix a missing check of a register-read failure (bsc#1051510). - mfd: mt6397: Do not call irq_domain_remove if PMIC unsupported (bsc#1051510). - mfd: qcom_rpm: write fw_version to CTRL_REG (bsc#1051510). - mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells (bsc#1051510). - mfd: tps65218: Use devm_regmap_add_irq_chip and clean up error path in probe() (bsc#1051510). - mfd: tps6586x: Handle interrupts on suspend (bsc#1051510). - mfd: twl-core: Fix section annotations on {,un}protect_pm_master (bsc#1051510). - mfd: wm5110: Add missing ASRC rate register (bsc#1051510). - misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data (bsc#1051510). - misc: hmc6352: fix potential Spectre v1 (bsc#1051510). - misc: hpilo: Do not claim unsupported hardware (bsc#1129330). - misc: hpilo: Exclude unsupported device via blacklist (bsc#1129330). - misc: mic/scif: fix copy-paste error in scif_create_remote_lookup (bsc#1051510). - misc: mic: SCIF Fix scif_get_new_port() error handling (bsc#1051510). - misc: sram: enable clock before registering regions (bsc#1051510). - misc: sram: fix resource leaks in probe error path (bsc#1051510). - misc: ti-st: Fix memory leak in the error path of probe() (bsc#1051510). - misc: vexpress: Off by one in vexpress_syscfg_exec() (bsc#1051510). - mISDN: fix a race in dev_expire_timer() (bsc#1051510). - mlx4: trigger IB events needed by SMC (bnc#1117947, LTC#173662). - mlxsw: __mlxsw_sp_port_headroom_set(): Fix a use of local variable (git-fixes). - mlxsw: spectrum: Disable lag port TX before removing it (networking-stable-19_01_22). - mmap: introduce sane default mmap limits (git fixes (mm/mmap)). - mmap: relax file size limit for regular files (git fixes (mm/mmap)). - mmc: atmel-mci: do not assume idle after atmci_request_end (bsc#1051510). - mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1051510). - mmc: bcm2835: Recover from MMC_SEND_EXT_CSD (bsc#1051510). - mmc: dw_mmc-bluefield: : Fix the license information (bsc#1051510). - mmc: Kconfig: Enable CONFIG_MMC_SDHCI_IO_ACCESSORS (bsc#1051510). - mmc: omap: fix the maximum timeout setting (bsc#1051510). - mmc: sdhci-brcmstb: handle mmc_of_parse() errors during probe (bsc#1051510). - mmc: sdhci-esdhc-imx: fix HS400 timing issue (bsc#1051510). - mmc: sdhci-iproc: handle mmc_of_parse() errors during probe (bsc#1051510). - mmc: sdhci-of-esdhc: Fix timeout checks (bsc#1051510). - mmc: sdhci-xenon: Fix timeout checks (bsc#1051510). - mmc: spi: Fix card detection during probe (bsc#1051510). - mm: do not drop unused pages when userfaultd is running (git fixes (mm/userfaultfd)). - mm/hmm: hmm_pfns_bad() was accessing wrong struct (git fixes (mm/hmm)). - mm: hwpoison: use do_send_sig_info() instead of force_sig() (git fixes (mm/hwpoison)). - mm/ksm.c: ignore STABLE_FLAG of rmap_item->address in rmap_walk_ksm() (git fixes (mm/ksm)). - mm: madvise(MADV_DODUMP): allow hugetlbfs pages (git fixes (mm/madvise)). - mm,memory_hotplug: fix scan_movable_pages() for gigantic hugepages (bsc#1127731). - mm: migrate: do not rely on __PageMovable() of newpage after unlocking it (git fixes (mm/migrate)). - mm: migrate: lock buffers before migrate_page_move_mapping() (bsc#1084216). - mm: migrate: Make buffer_migrate_page_norefs() actually succeed (bsc#1084216) - mm: migrate: provide buffer_migrate_page_norefs() (bsc#1084216). - mm: migration: factor out code to compute expected number of page references (bsc#1084216). - mm, oom: fix use-after-free in oom_kill_process (git fixes (mm/oom)). - mm: use swp_offset as key in shmem_replace_page() (git fixes (mm/shmem)). - mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed (git fixes (mm/vmscan)). - Moved patches.fixes/x86-add-tsx-force-abort-cpuid-msr.patch to patches.arch/ and added upstream tags (bsc#1129363) patches.arch/x86-add-tsx-force-abort-cpuid-msr - Move the upstreamed HD-audio fix into sorted section - mpt3sas: check sense buffer before copying sense data (bsc#1106811). - mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking (bsc#1051510). - mtd: cfi_cmdset_0002: Change write buffer to check correct value (bsc#1051510). - mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips (bsc#1051510). - mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary (bsc#1051510). - mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() (bsc#1051510). - mtdchar: fix overflows in adjustment of `count` (bsc#1051510). - mtdchar: fix usage of mtd_ooblayout_ecc() (bsc#1051510). - mtd: docg3: do not set conflicting BCH_CONST_PARAMS option (bsc#1051510). - mtd/maps: fix solutionengine.c printk format warnings (bsc#1051510). - mtd: mtd_oobtest: Handle bitflips during reads (bsc#1051510). - mtd: nand: atmel: fix buffer overflow in atmel_pmecc_user (bsc#1051510). - mtd: nand: atmel: Fix get_sectorsize() function (bsc#1051510). - mtd: nand: atmel: fix of_irq_get() error check (bsc#1051510). - mtd: nand: brcmnand: Disable prefetch by default (bsc#1051510). - mtd: nand: brcmnand: Zero bitflip is not an error (bsc#1051510). - mtd: nand: denali_pci: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bsc#1051510). - mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]() (bsc#1051510). - mtd: nand: Fix nand_do_read_oob() return value (bsc#1051510). - mtd: nand: Fix writing mtdoops to nand flash (bsc#1051510). - mtd: nand: fsl_ifc: Fix nand waitfunc return value (bsc#1051510). - mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM (bsc#1051510). - mtd: nand: ifc: update bufnum mask for ver >= 2.0.0 (bsc#1051510). - mtd: nand: mtk: fix infinite ECC decode IRQ issue (bsc#1051510). - mtd: nand: omap2: Fix subpage write (bsc#1051510). - mtd: nand: pxa3xx: Fix READOOB implementation (bsc#1051510). - mtd: nand: qcom: Add a NULL check for devm_kasprintf() (bsc#1051510). - mtd: nandsim: remove debugfs entries in error path (bsc#1051510). - mtd: nand: sunxi: Fix ECC strength choice (bsc#1051510). - mtd: nand: sunxi: fix potential divide-by-zero error (bsc#1051510). - mtd: nand: vf610: set correct ooblayout (bsc#1051510). - mtd: spi-nor: cadence-quadspi: Fix page fault kernel panic (bsc#1051510). - mtd: spi-nor: Fix Cadence QSPI page fault kernel panic (bsc#1051510). - mtd: spi-nor: fsl-quadspi: fix read error for flash size larger than 16MB (bsc#1051510). - mtd: spi-nor: stm32-quadspi: Fix uninitialized error return code (bsc#1051510). - mv88e6060: disable hardware level MAC learning (bsc#1051510). - nbd: Use set_blocksize() to set device blocksize (bsc#1124984). - neighbour: Avoid writing before skb->head in neigh_hh_output() (networking-stable-18_12_12). - net: 8139cp: fix a BUG triggered by changing mtu with network traffic (networking-stable-18_12_12). - net: add uevent socket member (bsc#1122982). - net: aquantia: driver should correctly declare vlan_features bits (bsc#1051510). - net: aquantia: fixed instack structure overflow (git-fixes). - net: aquantia: Fix hardware DMA stream overload on large MRRS (bsc#1051510). - net: bcmgenet: abort suspend on error (bsc#1051510). - net: bcmgenet: code movement (bsc#1051510). - net: bcmgenet: fix OF child-node lookup (bsc#1051510). - net: bcmgenet: remove HFB_CTRL access (bsc#1051510). - net: bcmgenet: return correct value 'ret' from bcmgenet_power_down (bsc#1051510). - net: bridge: fix a bug on using a neighbour cache entry without checking its state (networking-stable-19_01_20). - net: bridge: Fix ethernet header pointer before check skb forwardable (networking-stable-19_01_26). - net: core: Fix Spectre v1 vulnerability (networking-stable-19_01_04). - net: do not call update_pmtu unconditionally (bsc#1123456). - net: Do not default Cavium PTP driver to 'y' (bsc#1110096). - net: dp83640: expire old TX-skb (networking-stable-19_02_10). - net: dsa: mv88e6xxx: handle unknown duplex modes gracefully in mv88e6xxx_port_set_duplex (git-fixes). - net: dsa: mv88x6xxx: mv88e6390 errata (networking-stable-19_01_22). - net: dsa: slave: Do not propagate flag changes on down slave interfaces (networking-stable-19_02_10). - net: ena: fix race between link up and device initalization (bsc#1083548). - netfilter: nf_tables: check the result of dereferencing base_chain->stats (git-fixes). - net: Fix usage of pskb_trim_rcsum (networking-stable-19_01_26). - net/hamradio/6pack: use mod_timer() to rearm timers (networking-stable-19_01_04). - net: hns3: add error handler for hns3_nic_init_vector_data() (bsc#1104353). - net: hns3: add handling for big TX fragment (bsc#1104353 ). - net: hns3: Fix client initialize state issue when roce client initialize failed (bsc#1104353). - net: hns3: Fix for loopback selftest failed problem (bsc#1104353 ). - net: hns3: fix for multiple unmapping DMA problem (bsc#1104353 ). - net: hns3: Fix tc setup when netdev is first up (bsc#1104353 ). - net: hns3: Fix tqp array traversal condition for vf (bsc#1104353 ). - net: hns3: move DMA map into hns3_fill_desc (bsc#1104353 ). - net: hns3: remove hns3_fill_desc_tso (bsc#1104353). - net: hns3: rename hns_nic_dma_unmap (bsc#1104353). - net: hns3: rename the interface for init_client_instance and uninit_client_instance (bsc#1104353). - net: ipv4: Fix memory leak in network namespace dismantle (networking-stable-19_01_26). - net: macb: restart tx after tx used bit read (networking-stable-19_01_04). - net/mlx4_core: Add masking for a few queries on HCA caps (networking-stable-19_02_01). - net/mlx4_core: Fix locking in SRIOV mode when switching between events and polling (git-fixes). - net/mlx4_core: Fix qp mtt size calculation (git-fixes). - net/mlx4_core: Fix reset flow when in command polling mode (git-fixes). - net/mlx4_en: Change min MTU size to ETH_MIN_MTU (networking-stable-18_12_12). - net/mlx5e: Allow MAC invalidation while spoofchk is ON (networking-stable-19_02_01). - net/mlx5e: IPoIB, Fix RX checksum statistics update (git-fixes). - net/mlx5e: Remove the false indication of software timestamping support (networking-stable-19_01_04). - net/mlx5e: RX, Fix wrong early return in receive queue poll (bsc#1046305). - net/mlx5: fix uaccess beyond 'count' in debugfs read/write handlers (git-fixes). - net/mlx5: Release resource on error flow (git-fixes). - net/mlx5: Return success for PAGE_FAULT_RESUME in internal error state (git-fixes). - net/mlx5: Typo fix in del_sw_hw_rule (networking-stable-19_01_04). - net/mlx5: Use multi threaded workqueue for page fault handling (git-fixes). - net: netem: fix skb length BUG_ON in __skb_to_sgvec (git-fixes). - netns: restrict uevents (bsc#1122982). - net: phy: do not allow __set_phy_supported to add unsupported modes (networking-stable-18_12_12). - net: phy: Fix the issue that netif always links up after resuming (networking-stable-19_01_04). - net: phy: marvell: Errata for mv88e6390 internal PHYs (networking-stable-19_01_26). - net: phy: mdio_bus: add missing device_del() in mdiobus_register() error handling (networking-stable-19_01_26). - net: phy: Micrel KSZ8061: link failure after cable connect (git-fixes). - netrom: fix locking in nr_find_socket() (networking-stable-19_01_04). - netrom: switch to sock timer API (bsc#1051510). - net/rose: fix NULL ax25_cb kernel panic (networking-stable-19_02_01). - net/sched: act_tunnel_key: fix memory leak in case of action replace (networking-stable-19_01_26). - net_sched: refetch skb protocol for each filter (networking-stable-19_01_26). - net: set default network namespace in init_dummy_netdev() (networking-stable-19_02_01). - net: skb_scrub_packet(): Scrub offload_fwd_mark (networking-stable-18_12_03). - net/smc: abort CLC connection in smc_release (bnc#1117947, LTC#173662). - net/smc: add infrastructure to send delete rkey messages (bnc#1117947, LTC#173662). - net/smc: add SMC-D shutdown signal (bnc#1117947, LTC#173662). - net/smc: allow fallback after clc timeouts (bnc#1117947, LTC#173662). - net/smc: atomic SMCD cursor handling (bnc#1117947, LTC#173662). - net/smc: avoid a delay by waiting for nothing (bnc#1117947, LTC#173662). - net/smc: cleanup listen worker mutex unlocking (bnc#1117947, LTC#173662). - net/smc: cleanup tcp_listen_worker initialization (bnc#1117947, LTC#173662). - net/smc: enable fallback for connection abort in state INIT (bnc#1117947, LTC#173662). - net/smc: fix non-blocking connect problem (bnc#1117947, LTC#173662). - net/smc: fix sizeof to int comparison (bnc#1117947, LTC#173662). - net/smc: fix smc_buf_unuse to use the lgr pointer (bnc#1117947, LTC#173662). - net/smc: fix TCP fallback socket release (networking-stable-19_01_04). - net/smc: make smc_lgr_free() static (bnc#1117947, LTC#173662). - net/smc: no link delete for a never active link (bnc#1117947, LTC#173662). - net/smc: no urgent data check for listen sockets (bnc#1117947, LTC#173662). - net/smc: remove duplicate mutex_unlock (bnc#1117947, LTC#173662). - net/smc: remove sock_error detour in clc-functions (bnc#1117947, LTC#173662). - net/smc: short wait for late smc_clc_wait_msg (bnc#1117947, LTC#173662). - net/smc: unregister rkeys of unused buffer (bnc#1117947, LTC#173662). - net/smc: use after free fix in smc_wr_tx_put_slot() (bnc#1117947, LTC#173662). - net/smc: use queue pair number when matching link group (bnc#1117947, LTC#173662). - net: stmmac: Fix a race in EEE enable callback (git-fixes). - net: stmmac: fix broken dma_interrupt handling for multi-queues (git-fixes). - net: stmmac: Fix PCI module removal leak (git-fixes). - net: stmmac: handle endianness in dwmac4_get_timestamp (git-fixes). - net: stmmac: Use mutex instead of spinlock (git-fixes). - net: systemport: Fix WoL with password after deep sleep (networking-stable-19_02_10). - net: thunderx: fix NULL pointer dereference in nic_remove (git-fixes). - net: thunderx: set tso_hdrs pointer to NULL in nicvf_free_snd_queue (networking-stable-18_12_03). - net: thunderx: set xdp_prog to NULL if bpf_prog_add fails (networking-stable-18_12_03). - net/wan: fix a double free in x25_asy_open_tty() (networking-stable-19_01_04). - nfit: acpi_nfit_ctl(): Check out_obj->type in the right place (bsc#1129547). - nfit/ars: Attempt a short-ARS whenever the ARS state is idle at boot (bsc#1051510). - nfit/ars: Attempt short-ARS even in the no_init_ars case (bsc#1051510). - nfp: bpf: fix ALU32 high bits clearance bug (git-fixes). - nfs: Allow NFSv4 mounts to not share transports (). - nfsd: COPY and CLONE operations require the saved filehandle to be set (git-fixes). - nfsd: Fix an Oops in free_session() (git-fixes). - nfs: Fix a missed page unlock after pg_doio() (git-fixes). - nfs: Fix up return value on fatal errors in nfs_page_async_flush() (git-fixes). - nfs: support 'nosharetransport' option (bnc#807502, bnc#828192, ). - nfsv4.1: Fix the r/wsize checking (git-fixes). - nfsv4: Do not exit the state manager without clearing NFS4CLNT_MANAGER_RUNNING (git-fixes). - niu: fix missing checks of niu_pci_eeprom_read (bsc#1051510). - ntb_transport: Fix bug with max_mw_size parameter (bsc#1051510). - nvme-fc: reject reconnect if io queue count is reduced to zero (bsc#1128351). - nvme: flush namespace scanning work just before removing namespaces (bsc#1108101). - nvme: kABI fix for scan_lock (bsc#1123882). - nvme: lock NS list changes while handling command effects (bsc#1123882). - nvme-loop: fix kernel oops in case of unhandled command (bsc#1126807). - nvme-multipath: drop optimization for static ANA group IDs (bsc#1113939). - nvme-multipath: round-robin I/O policy (bsc#1110705). - nvme-pci: fix out of bounds access in nvme_cqe_pending (bsc#1127595). - of, numa: Validate some distance map rules (bsc#1051510). - of: unittest: Disable interrupt node tests for old world MAC systems (bsc#1051510). - omap2fb: Fix stack memory disclosure (bsc#1120902) - openvswitch: Avoid OOB read when parsing flow nlattrs (bsc#1051510). - openvswitch: fix the incorrect flow action alloc size (bsc#1051510). - openvswitch: Remove padding from packet before L3+ conntrack processing (bsc#1051510). - packet: Do not leak dev refcounts on error exit (git-fixes). - packet: validate address length if non-zero (networking-stable-19_01_04). - packet: validate address length (networking-stable-19_01_04). - parport_pc: fix find_superio io compare code, should use equal test (bsc#1051510). - Partially revert 'block: fail op_is_write() requests to (bsc#1125252). - PCI: add USR vendor id and use it in r8169 and w6692 driver (networking-stable-19_01_22). - PCI: Disable broken RTIT_BAR of Intel TH (bsc#1120318). - pci: endpoint: functions: Use memcpy_fromio()/memcpy_toio() (bsc#1051510). - pci-hyperv: increase HV_VP_SET_BANK_COUNT_MAX to handle 1792 vcpus (bsc#1122822). - pci/PME: Fix hotplug/sysfs remove deadlock in pcie_pme_remove() (bsc#1051510). - pci: qcom: Do not deassert reset GPIO during probe (bsc#1129281). - pcrypt: use format specifier in kobject_add (bsc#1051510). - perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805). - perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805). - perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805). - perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805). - perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805). - perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805). - perf/x86/intel: Fix memory corruption (bsc#1121805). - perf/x86/intel: Fix memory corruption (bsc#1121805). - perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805). - perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805). - perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805). - perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805). - perf/x86/intel: Make cpuc allocations consistent (bsc#1121805). - perf/x86/intel: Make cpuc allocations consistent (bsc#1121805). - phonet: af_phonet: Fix Spectre v1 vulnerability (networking-stable-19_01_04). - phy: allwinner: sun4i-usb: poll vbus changes on A23/A33 when driving VBUS (bsc#1051510). - phy: qcom-qmp: Fix failure path in phy_init functions (bsc#1051510). - phy: qcom-qmp: Fix phy pipe clock gating (bsc#1051510). - phy: renesas: rcar-gen3-usb2: fix vbus_ctrl for role sysfs (bsc#1051510). - phy: rockchip-emmc: retry calpad busy trimming (bsc#1051510). - phy: sun4i-usb: add support for missing USB PHY index (bsc#1051510). - phy: tegra: remove redundant self assignment of 'map' (bsc#1051510). - phy: work around 'phys' references to usb-nop-xceiv devices (bsc#1051510). - pinctrl: max77620: Use define directive for max77620_pinconf_param values (bsc#1051510). - pinctrl: meson: fix pull enable register calculation (bsc#1051510). - pinctrl: meson: meson8b: fix the GPIO function for the GPIOAO pins (bsc#1051510). - pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins (bsc#1051510). - pinctrl: meson: meson8: fix the GPIO function for the GPIOAO pins (bsc#1051510). - pinctrl: msm: fix gpio-hog related boot issues (bsc#1051510). - pinctrl: sh-pfc: emev2: Add missing pinmux functions (bsc#1051510). - pinctrl: sh-pfc: r8a7740: Add missing LCD0 marks to lcd0_data24_1 group (bsc#1051510). - pinctrl: sh-pfc: r8a7740: Add missing REF125CK pin to gether_gmii group (bsc#1051510). - pinctrl: sh-pfc: r8a7778: Fix HSPI pin numbers and names (bsc#1051510). - pinctrl: sh-pfc: r8a7791: Fix scifb2_data_c pin group (bsc#1051510). - pinctrl: sh-pfc: r8a7791: Remove bogus ctrl marks from qspi_data4_b group (bsc#1051510). - pinctrl: sh-pfc: r8a7791: Remove bogus marks from vin1_b_data18 group (bsc#1051510). - pinctrl: sh-pfc: r8a7792: Fix vin1_data18_b pin group (bsc#1051510). - pinctrl: sh-pfc: r8a7794: Remove bogus IPSR9 field (bsc#1051510). - pinctrl: sh-pfc: sh7264: Fix PFCR3 and PFCR0 register configuration (bsc#1051510). - pinctrl: sh-pfc: sh7269: Add missing PCIOR0 field (bsc#1051510). - pinctrl: sh-pfc: sh73a0: Add missing TO pin to tpu4_to3 group (bsc#1051510). - pinctrl: sh-pfc: sh73a0: Fix fsic_spdif pin groups (bsc#1051510). - pinctrl: sh-pfc: sh7734: Add missing IPSR11 field (bsc#1051510). - pinctrl: sh-pfc: sh7734: Fix shifted values in IPSR10 (bsc#1051510). - pinctrl: sh-pfc: sh7734: Remove bogus IPSR10 value (bsc#1051510). - pinctrl: sunxi: a64: Rename function csi0 to csi (bsc#1051510). - pinctrl: sunxi: a64: Rename function ts0 to ts (bsc#1051510). - pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11 (bsc#1051510). - pinctrl: sx150x: handle failure case of devm_kstrdup (bsc#1051510). - pktcdvd: Fix possible Spectre-v1 for pkt_devs (bsc#1051510). - platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes (bsc#1051510). - platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK (bsc#1051510). - platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey (bsc#1051510). - platform/x86: Fix unmet dependency warning for SAMSUNG_Q10 (bsc#1051510). - powerpc/64s: Clear on-stack exception marker upon exception return (bsc#1071995). - powerpc: Add an option to disable static PCI bus numbering (bsc#1122159). - powerpc: Always save/restore checkpointed regs during treclaim/trecheckpoint (bsc#1118338). - powerpc/cacheinfo: Report the correct shared_cpu_map on big-cores (bsc#1109695). - powerpc: Detect the presence of big-cores via 'ibm, thread-groups' (bsc#1109695). - powerpc/livepatch: relax reliable stack tracer checks for first-frame (bsc#1071995). - powerpc/livepatch: small cleanups in save_stack_trace_tsk_reliable() (bsc#1071995). - powerpc: make use of for_each_node_by_type() instead of open-coding it (bsc#1109695). - powerpc/powernv: Clear LPCR[PECE1] via stop-api only for deep state offline (bsc#1119766, bsc#1055121). - powerpc/powernv: Clear PECE1 in LPCR via stop-api only on Hotplug (bsc#1119766, bsc#1055121). - powerpc/pseries: export timebase register sample in lparcfg (bsc#1127750). - powerpc/pseries: Perform full re-add of CPU for topology update post-migration (bsc#1125728). - powerpc: Remove facility loadups on transactional {fp, vec, vsx} unavailable (bsc#1118338). - powerpc: Remove redundant FP/Altivec giveup code (bsc#1118338). - powerpc/setup: Add cpu_to_phys_id array (bsc#1109695). - powerpc/smp: Add cpu_l2_cache_map (bsc#1109695). - powerpc/smp: Add Power9 scheduler topology (bsc#1109695). - powerpc/smp: Rework CPU topology construction (bsc#1109695). - powerpc/smp: Use cpu_to_chip_id() to find core siblings (bsc#1109695). - powerpc/tm: Avoid machine crash on rt_sigreturn (bsc#1118338). - powerpc/tm: Do not check for WARN in TM Bad Thing handling (bsc#1118338). - powerpc/tm: Fix comment (bsc#1118338). - powerpc/tm: Fix endianness flip on trap (bsc#1118338). - powerpc/tm: Fix HFSCR bit for no suspend case (bsc#1118338). - powerpc/tm: Fix HTM documentation (bsc#1118338). - powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM (bsc#1118338). - powerpc/tm: P9 disable transactionally suspended sigcontexts (bsc#1118338). - powerpc/tm: Print 64-bits MSR (bsc#1118338). - powerpc/tm: Print scratch value (bsc#1118338). - powerpc/tm: Reformat comments (bsc#1118338). - powerpc/tm: Remove msr_tm_active() (bsc#1118338). - powerpc/tm: Remove struct thread_info param from tm_reclaim_thread() (bsc#1118338). - powerpc/tm: Save MSR to PACA before RFID (bsc#1118338). - powerpc/tm: Set MSR[TS] just prior to recheckpoint (bsc#1118338, bsc#1120955). - powerpc/tm: Unset MSR[TS] if not recheckpointing (bsc#1118338). - powerpc/tm: Update function prototype comment (bsc#1118338). - powerpc: Use cpu_smallcore_sibling_mask at SMT level on bigcores (bsc#1109695). - powerpc/xmon: Fix invocation inside lock region (bsc#1122885). - pptp: dst_release sk_dst_cache in pptp_sock_destruct (git-fixes). - proc/sysctl: do not return ENOMEM on lookup when a table is unregistering (git-fixes). - pseries/energy: Use OF accessor function to read ibm,drc-indexes (bsc#1129080). - pstore/ram: Avoid allocation and leak of platform data (bsc#1051510). - pstore/ram: Avoid NULL deref in ftrace merging failure path (bsc#1051510). - pstore/ram: Correctly calculate usable PRZ bytes (bsc#1051510). - pstore/ram: Do not treat empty buffers as valid (bsc#1051510). - ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl (bsc#1051510). - ptp: Fix pass zero to ERR_PTR() in ptp_clock_register (bsc#1051510). - ptp_kvm: probe for kvm guest availability (bsc#1098382). - ptr_ring: wrap back ->producer in __ptr_ring_swap_queue() (networking-stable-19_01_04). - Put the xhci fix patch to the right place in the sorted section - qed: Avoid constant logical operation warning in qed_vf_pf_acquire (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Avoid implicit enum conversion in qed_iwarp_parse_rx_pkt (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Avoid implicit enum conversion in qed_roce_mode_to_flavor (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Avoid implicit enum conversion in qed_set_tunn_cls_info (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Fix an error code qed_ll2_start_xmit() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix bitmap_weight() check (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix blocking/unlimited SPQ entries leak (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix command number mismatch between driver and the mfw (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Fix mask parameter in qed_vf_prep_tunn_req_tlv (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix memory/entry leak in qed_init_sp_request() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix potential memory corruption (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix PTT leak in qed_drain() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix QM getters to always return a valid pq (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix rdma_info structure allocation (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix reading wrong value in loop condition (bsc#1086314 bsc#1086313 bsc#1086301). - qla2xxx: Fixup dual-protocol FCP connections (bsc#1108870). - qmi_wwan: Added support for Fibocom NL668 series (networking-stable-19_01_04). - qmi_wwan: Added support for Telit LN940 series (networking-stable-19_01_04). - qmi_wwan: add MTU default to qmap network interface (networking-stable-19_01_22). - qmi_wwan: Add support for Fibocom NL678 series (networking-stable-19_01_04). - r8169: Add support for new Realtek Ethernet (networking-stable-19_01_22). - r8169: use PCI_VDEVICE macro (networking-stable-19_01_22). - rapidio/rionet: do not free skb before reading its length (networking-stable-18_12_03). - rbd: do not return 0 on unmap if RBD_DEV_FLAG_REMOVING is set (bsc#1125797). - rcu: Fix up pending cbs check in rcu_prepare_for_idle (git fixes (kernel/rcu)). - rcu: Make need_resched() respond to urgent RCU-QS needs (git fixes (kernel/rcu)). - rdma/core: Fix unwinding flow in case of error to register device (bsc#1046306). - rdma/vmw_pvrdma: Support upto 64-bit PFNs (bsc#1127285). - Refresh patches.suse/scsi-do-not-print-reservation-conflict-for-TEST-UNIT.patch (bsc#1119843) - regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting (bsc#1051510). - regulator: pv88060: Fix array out-of-bounds access (bsc#1051510). - regulator: pv88080: Fix array out-of-bounds access (bsc#1051510). - regulator: pv88090: Fix array out-of-bounds access (bsc#1051510). - regulator: s2mps11: Fix steps for buck7, buck8 and LDO35 (bsc#1051510). - regulator: wm831x-dcdc: Fix list of wm831x_dcdc_ilim from mA to uA (bsc#1051510). - Remove blacklist of virtio patch so we can install it (bsc#1114585) - Revert 'drm/rockchip: Allow driver to be shutdown on reboot/kexec' (bsc#1051510). - Revert 'input: elan_i2c - add acpi ID for touchpad in ASUS Aspire F5-573G' (bsc#1051510). - Revert 'openvswitch: Fix template leak in error cases.' (bsc#1051510). - Revert 'scsi: qla2xxx: Fix NVMe Target discovery' (bsc#1125252). - Revert 'serial: 8250: Fix clearing FIFOs in RS485 mode again' (bsc#1051510). - Revert the previous merge of drm fixes The branch was merged mistakenly and breaks the build. Revert it. - Revert 'xhci: Reset Renesas uPD72020x USB controller for 32-bit DMA issue' (bsc#1120854). - rocker: fix rocker_tlv_put_* functions for KASAN (bsc#1051510). - rpm/kernel-binary.spec.in: fix initrd permissions (bsc#1123697) dracut has been using permissions 0600 for the initrd for a long time. - rpm/kernel-source.changes.old: Really drop old changelogs (bsc#1098995) - rt2800: enable TX_PIN_CFG_RFRX_EN only for MT7620 (bsc#1120902). - rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices (networking-stable-18_12_12). - rxrpc: bad unlock balance in rxrpc_recvmsg (networking-stable-19_02_10). - s390/cio: Fix how vfio-ccw checks pinned pages (git-fixes). - s390/cpum_cf: Reject request for sampling in event initialization (git-fixes). - s390/early: improve machine detection (git-fixes). - s390/ism: clear dmbe_mask bit before SMC IRQ handling (bnc#1117947, LTC#173662). - s390/mm: always force a load of the primary ASCE on context switch (git-fixes). - s390/mm: fix addressing exception after suspend/resume (bsc#1125252). - s390/qeth: cancel close_dev work before removing a card (LTC#175898, bsc#1127561). - s390/qeth: conclude all event processing before offlining a card (LTC#175901, bsc#1127567). - s390/qeth: fix use-after-free in error path (bsc#1127534). - s390/qeth: invoke softirqs after napi_schedule() (git-fixes). - s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU (git-fixes). - s390/smp: fix CPU hotplug deadlock with CPU rescan (git-fixes). - s390/sthyi: Fix machine name validity indication (git-fixes). - s390/zcrypt: fix specification exception on z196 during ap probe (LTC#174936, bsc#1123061). - sata_rcar: fix deferred probing (bsc#1051510). - sbus: char: add of_node_put() (bsc#1051510). - sc16is7xx: Fix for multi-channel stall (bsc#1051510). - sched: Do not re-read h_load_next during hierarchical load calculation (bnc#1120909). - sched/wait: Fix rcuwait_wake_up() ordering (git-fixes). - sched/wake_q: Document wake_q_add() (bsc#1050549). - sched/wake_q: Fix wakeup ordering for wake_q (bsc#1050549). - sched/wake_q: Reduce reference counting for special users (bsc#1050549). - sch_multiq: fix double free on init failure (bsc#1051510). - scsi: core: reset host byte in DID_NEXUS_FAILURE case (bsc#1122764). - scsi: csiostor: remove flush_scheduled_work() (bsc#1127363). - scsi: fix queue cleanup race before queue initialization is done (bsc#1125252). - scsi: ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - scsi: ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton (bsc#1119019). - scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task (bsc#1122192). - scsi: lpfc: Add log messages to aid in debugging fc4type discovery issues (bsc#1121317). - scsi: lpfc: Correct MDS loopback diagnostics support (bsc#1121317). - scsi: lpfc: do not set queue->page_count to 0 if pc_sli4_params.wqpcnt is invalid (bsc#1121317). - scsi: lpfc: Fix discovery failure when PLOGI is defered (bsc#1121317). - scsi: lpfc: Fix link state reporting for trunking when adapter is offline (bsc#1121317). - scsi: lpfc: fix remoteport access (bsc#1125252). - scsi: lpfc: remove an unnecessary NULL check (bsc#1121317). - scsi: lpfc: update fault value on successful trunk events (bsc#1121317). - scsi: lpfc: Update lpfc version to 12.0.0.10 (bsc#1121317). - scsi: mpt3sas: Add ioc_<level> logging macros (bsc#1117108). - scsi: mpt3sas: Annotate switch/case fall-through (bsc#1117108). - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT and reply_q_name to %s: (bsc#1117108). - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT without logging levels (bsc#1117108). - scsi: mpt3sas: Convert mlsleading uses of pr_<level> with MPT3SAS_FMT (bsc#1117108). - scsi: mpt3sas: Convert uses of pr_<level> with MPT3SAS_FMT to ioc_<level> (bsc#1117108). - scsi: mpt3sas: Fix a race condition in mpt3sas_base_hard_reset_handler() (bsc#1117108). - scsi: mpt3sas: Fix indentation (bsc#1117108). - scsi: mpt3sas: Improve kernel-doc headers (bsc#1117108). - scsi: mpt3sas: Introduce struct mpt3sas_nvme_cmd (bsc#1117108). - scsi: mpt3sas: Remove KERN_WARNING from panic uses (bsc#1117108). - scsi: mpt3sas: Remove set-but-not-used variables (bsc#1117108). - scsi: mpt3sas: Remove unnecessary parentheses and simplify null checks (bsc#1117108). - scsi: mpt3sas: Remove unused macro MPT3SAS_FMT (bsc#1117108). - scsi: mpt3sas: Split _base_reset_handler(), mpt3sas_scsih_reset_handler() and mpt3sas_ctl_reset_handler() (bsc#1117108). - scsi: mpt3sas: Swap I/O memory read value back to cpu endianness (bsc#1117108). - scsi: mpt3sas: switch to generic DMA API (bsc#1117108). - scsi: mpt3sas: Use dma_pool_zalloc (bsc#1117108). - scsi: mptsas: Fixup device hotplug for VMWare ESXi (bsc#1129046). - scsi: qedi: Add ep_state for login completion on un-reachable targets (bsc#1113712). - scsi: qla2xxx: Enable FC-NVME on NPIV ports (bsc#1094555). - scsi: qla2xxx: Fix a typo in MODULE_PARM_DESC (bsc#1094555). - scsi: qla2xxx: Fix for FC-NVMe discovery for NPIV port (bsc#1094555). - scsi: qla2xxx: Fix NPIV handling for FC-NVMe (bsc#1094555). - scsi: qla2xxx: Initialize port speed to avoid setting lower speed (bsc#1094555). - scsi: qla2xxx: Modify fall-through annotations (bsc#1094555). - scsi: qla2xxx: Remove unnecessary self assignment (bsc#1094555). - scsi: qla2xxx: Simplify conditional check (bsc#1094555). - scsi: qla2xxx: Timeouts occur on surprise removal of QLogic adapter (bsc#1124985). - scsi: qla2xxx: Update driver version to 10.00.00.12-k (bsc#1094555). - scsi: storvsc: Fix a race in sub-channel creation that can cause panic (). - scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315). - scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315). - scsi: target: make the pi_prot_format ConfigFS path readable (bsc#1123933). - scsi: virtio_scsi: fix pi_bytes{out,in} on 4 KiB block size devices (bsc#1114585). - sctp: add a ceiling to optlen in some sockopts (bnc#1129163). - sctp: improve the events for sctp stream adding (networking-stable-19_02_01). - sctp: improve the events for sctp stream reset (networking-stable-19_02_01). - sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event (networking-stable-19_01_04). - sctp: kfree_rcu asoc (networking-stable-18_12_12). - sd: disable logical block provisioning if 'lbpme' is not set (bsc#1086095 bsc#1078355). - selftests/livepatch: add DYNAMIC_DEBUG config dependency (bsc#1071995). - selftests/livepatch: introduce tests (bsc#1071995). - selftests/powerpc: Use snprintf to construct DSCR sysfs interface paths (bsc#1124579). - selinux: Add __GFP_NOWARN to allocation at str_read() (bsc#1051510). - selinux: always allow mounting submounts (bsc#1051510). - selinux: fix GPF on invalid policy (bsc#1051510). - seq_buf: Make seq_buf_puts() null-terminate the buffer (bsc#1051510). - serial: 8250_pci: Fix number of ports for ACCES serial cards (bsc#1051510). - serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup() (bsc#1051510). - serial: fix race between flush_to_ldisc and tty_open (bsc#1051510). - serial: fsl_lpuart: clear parity enable bit when disable parity (bsc#1051510). - serial: imx: fix error handling in console_setup (bsc#1051510). - serial: set suppress_bind_attrs flag only if builtin (bsc#1051510). - serial/sunsu: fix refcount leak (bsc#1051510). - serial: uartps: Fix interrupt mask issue to handle the RX interrupts properly (bsc#1051510). - serial: uartps: Fix stuck ISR if RX disabled with non-empty FIFO (bsc#1051510). - signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init (git-fixes). - skge: potential memory corruption in skge_get_regs() (bsc#1051510). - sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79 (bsc#1051510). - sky2: Increase D3 delay again (bsc#1051510). - slab: alien caches must not be initialized if the allocation of the alien cache failed (git fixes (mm/slab)). - smb3.1.1 dialect is no longer experimental (bsc#1051510). - smb311: Fix reconnect (bsc#1051510). - smb311: Improve checking of negotiate security contexts (bsc#1051510). - smb3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510). - smb3: allow stats which track session and share reconnects to be reset (bsc#1051510). - smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510). - smb3: check for and properly advertise directory lease support (bsc#1051510). - smb3: directory sync should not return an error (bsc#1051510). - smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510). - smb3: do not request leases in symlink creation and query (bsc#1051510). - smb3: Do not send smb3 SET_INFO if nothing changed (bsc#1051510). - smb3: Enable encryption for SMB3.1.1 (bsc#1051510). - smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510). - smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510). - smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510). - smb3: Fix root directory when server returns inode number of zero (bsc#1051510). - smb3: fix various xid leaks (bsc#1051510). - smb3: Improve security, move default dialect to smb3 from old CIFS (bsc#1051510). - smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510). - smb3: Remove ifdef since smb3 (and later) now STRONGLY preferred (bsc#1051510). - smb3: remove noisy warning message on mount (bsc#1129664). - smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510). - soc: bcm: brcmstb: Do not leak device tree node reference (bsc#1051510). - soc/tegra: Do not leak device tree node reference (bsc#1051510). - splice: do not merge into linked buffers (git-fixes). - staging: comedi: ni_660x: fix missing break in switch statement (bsc#1051510). - staging:iio:ad2s90: Make probe handle spi_setup failure (bsc#1051510). - staging: iio: ad7780: update voltage on read (bsc#1051510). - staging: iio: adc: ad7280a: handle error from __ad7280_read32() (bsc#1051510). - staging: iio: adt7316: allow adt751x to use internal vref for all dacs (bsc#1051510). - staging: iio: adt7316: fix register and bit definitions (bsc#1051510). - staging: iio: adt7316: fix the dac read calculation (bsc#1051510). - staging: iio: adt7316: fix the dac write calculation (bsc#1051510). - staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1 (bsc#1051510). - staging: rtl8723bs: Fix build error with Clang when inlining is disabled (bsc#1051510). - staging: speakup: Replace strncpy with memcpy (bsc#1051510). - staging: wilc1000: fix to set correct value for 'vif_num' (bsc#1051510). - sunrpc: correct the computation for page_ptr when truncating (git-fixes). - sunrpc: Fix a potential race in xprt_connect() (git-fixes). - sunrpc: Fix leak of krb5p encode pages (git-fixes). - sunrpc: handle ENOMEM in rpcb_getport_async (git-fixes). - sunrpc: safely reallow resvport min/max inversion (git-fixes). - svm: Add mutex_lock to protect apic_access_page_done on AMD systems (bsc#1129285). - swiotlb: Add is_swiotlb_active() function (bsc#1120008). - swiotlb: Introduce swiotlb_max_mapping_size() (bsc#1120008). - switchtec: Fix SWITCHTEC_IOCTL_EVENT_IDX_ALL flags overwrite (bsc#1051510). - switchtec: Remove immediate status check after submitting MRPC command (bsc#1051510). - sysfs: Disable lockdep for driver bind/unbind files (bsc#1051510). - tcp: batch tcp_net_metrics_exit (bsc#1122982). - tcp: change txhash on SYN-data timeout (networking-stable-19_01_20). - tcp: Do not underestimate rwnd_limited (networking-stable-18_12_12). - tcp: fix a race in inet_diag_dump_icsk() (networking-stable-19_01_04). - tcp: fix NULL ref in tail loss probe (networking-stable-18_12_12). - tcp: handle inet_csk_reqsk_queue_add() failures (git-fixes). - tcp: lack of available data can also cause TSO defer (git-fixes). - team: avoid complex list operations in team_nl_cmd_options_set() (bsc#1051510). - team: Free BPF filter when unregistering netdev (bsc#1051510). - thermal: do not clear passive state during system sleep (bsc#1051510). - thermal/drivers/hisi: Encapsulate register writes into helpers (bsc#1051510). - thermal/drivers/hisi: Fix configuration register setting (bsc#1051510). - thermal: generic-adc: Fix adc to temp interpolation (bsc#1051510). - thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set (bsc#1051510). - thermal: int340x_thermal: Fix a NULL vs IS_ERR() check (bsc#1051510). - thermal: mediatek: fix register index error (bsc#1051510). - timekeeping: Use proper seqcount initializer (bsc#1051510). - tipc: compare remote and local protocols in tipc_udp_enable() (networking-stable-19_01_04). - tipc: eliminate KMSAN uninit-value in strcmp complaint (bsc#1051510). - tipc: error path leak fixes in tipc_enable_bearer() (bsc#1051510). - tipc: fix a double kfree_skb() (networking-stable-19_01_04). - tipc: fix a race condition of releasing subscriber object (bsc#1051510). - tipc: fix bug in function tipc_nl_node_dump_monitor (bsc#1051510). - tipc: fix infinite loop when dumping link monitor summary (bsc#1051510). - tipc: fix RDM/DGRAM connect() regression (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_bearer_enable (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_doit (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_link_reset_stats (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_link_set (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_name_table_dump (bsc#1051510). - tipc: use lock_sock() in tipc_sk_reinit() (networking-stable-19_01_04). - tpm: fix kdoc for tpm2_flush_context_cmd() (bsc#1051510). - tpm: return a TPM_RC_COMMAND_CODE response if command is not implemented (bsc#1051510). - tpm: Return the actual size when receiving an unsupported command (bsc#1051510). - tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated (bsc#1051510). - tpm/tpm_i2c_infineon: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) (bsc#1051510). - tpm: tpm_i2c_nuvoton: use correct command duration for TPM 2.x (bsc#1051510). - tpm: tpm_try_transmit() refactor error flow (bsc#1051510). - tracing: Do not free iter->trace in fail path of tracing_open_pipe() (bsc#1129581). - tracing/uprobes: Fix output for multiple string arguments (bsc#1126495). - tracing: Use strncpy instead of memcpy for string keys in hist triggers (bsc#1129625). - Tree connect for smb3.1.1 must be signed for non-encrypted shares (bsc#1051510). - tty: Handle problem if line discipline does not have receive_buf (bsc#1051510). - tty: ipwireless: Fix potential NULL pointer dereference (bsc#1051510). - tty/n_hdlc: fix __might_sleep warning (bsc#1051510). - tty/serial: do not free trasnmit buffer page under port lock (bsc#1051510). - tty: serial: samsung: Properly set flags in autoCTS mode (bsc#1051510). - tun: forbid iface creation with rtnl ops (networking-stable-18_12_12). - uart: Fix crash in uart_write and uart_put_char (bsc#1051510). - ucc_geth: Reset BQL queue when stopping device (networking-stable-19_02_01). - ucma: fix a use-after-free in ucma_resolve_ip() (bsc#1051510). - uevent: add alloc_uevent_skb() helper (bsc#1122982). - Update config files. Remove conditional support for smb2 and SMB3: - Update patches.arch/s390-sles15-zcrypt-fix-specification-exception.patch (LTC#174936, bsc#1123060, bsc#1123061). - Update patches.fixes/acpi-nfit-Block-function-zero-DSMs.patch (bsc#1051510, bsc#1121789). - Update patches.fixes/acpi-nfit-Fix-command-supported-detection.patch (bsc#1051510, bsc#1121789). Add more detailed bugzilla reference. - Update patches.kabi/bpf-prevent-memory-disambiguation-attack.patch (bsc#1087082). - Update patches.kabi/bpf-properly-enforce-index-mask-to-prevent-out-of-bo.patch (bsc#1098425). - uprobes: Fix handle_swbp() vs. unregister() + register() race once more (bsc#1051510). - usb: Add new USB LPM helpers (bsc#1120902). - usb: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB (bsc#1120902). - usb: cdc-acm: send ZLP for Telit 3G Intel based modems (bsc#1120902). - usb: Consolidate LPM checks to avoid enabling LPM twice (bsc#1120902). - usb: dwc3: Correct the logic for checking TRB full in __dwc3_prepare_one_trb() (bsc#1051510). - usb: dwc3: gadget: Clear req->needs_extra_trb flag on cleanup (bsc#1120902). - usb: dwc3: gadget: Disable CSP for stream OUT ep (bsc#1051510). - usb: dwc3: gadget: Handle 0 xfer length for OUT EP (bsc#1051510). - usb: dwc3: trace: add missing break statement to make compiler happy (bsc#1120902). - usb: gadget: musb: fix short isoc packets with inventra dma (bsc#1051510). - usb: gadget: udc: net2272: Fix bitwise and boolean operations (bsc#1051510). - usb: hub: delay hub autosuspend if USB3 port is still link training (bsc#1051510). - usb: mtu3: fix the issue about SetFeature(U1/U2_Enable) (bsc#1051510). - usb: musb: dsps: fix otg state machine (bsc#1051510). - usb: musb: dsps: fix runtime pm for peripheral mode (bsc#1120902). - usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2 (networking-stable-18_12_03). - usbnet: smsc95xx: fix rx packet alignment (bsc#1051510). - usb: phy: am335x: fix race condition in _probe (bsc#1051510). - usb: serial: option: add Fibocom NL678 series (bsc#1120902). - usb: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays (bsc#1120902). - usb: serial: pl2303: add new PID to support PL2303TB (bsc#1051510). - usb: serial: simple: add Motorola Tetra TPG2200 device id (bsc#1051510). - usb: storage: add quirk for SMI SM3350 (bsc#1120902). - usb: storage: do not insert sane sense for SPC3+ when bad sense specified (bsc#1120902). - usb: xhci: fix 'broken_suspend' placement in struct xchi_hcd (bsc#1119086). - veth: set peer GSO values (bsc#1051510). - vfio: ccw: fix cleanup if cp_prefetch fails (git-fixes). - vfio: ccw: process ssch with interrupts disabled (git-fixes). - vfs: Add iomap_seek_hole and iomap_seek_data helpers (bsc#1070995). - vfs: Add page_cache_seek_hole_data helper (bsc#1070995). - vfs: in iomap seek_{hole,data}, return -ENXIO for negative offsets (bsc#1070995). - vhost: correctly check the return value of translate_desc() in log_used() (bsc#1051510). - vhost: log dirty page correctly (networking-stable-19_01_26). - vhost: make sure used idx is seen before log in vhost_add_used_n() (networking-stable-19_01_04). - vhost/vsock: fix uninitialized vhost_vsock->guest_cid (bsc#1051510). - video: clps711x-fb: release disp device node in probe() (bsc#1051510). - virtio-blk: Consider virtio_max_dma_size() for maximum segment size (bsc#1120008). - virtio: Introduce virtio_max_dma_size() (bsc#1120008). - virtio_net: Do not call free_old_xmit_skbs for xdp_frames (networking-stable-19_02_01). - virtio-net: fail XDP set if guest csum is negotiated (networking-stable-18_12_03). - virtio-net: keep vnet header zeroed after processing XDP (networking-stable-18_12_12). - virtio/s390: avoid race on vcdev->config (git-fixes). - virtio/s390: fix race in ccw_io_helper() (git-fixes). - vmci: Support upto 64-bit PPNs (bsc#1127286). - vsock: cope with memory allocation failure at socket creation time (bsc#1051510). - vsock: Send reset control packet when socket is partially bound (networking-stable-19_01_04). - vt: invoke notifier on screen size change (bsc#1051510). - vxge: ensure data0 is initialized in when fetching firmware version information (bsc#1051510). - vxlan: Fix GRO cells race condition between receive and link delete (git-fixes). - vxlan: test dev->flags & IFF_UP before calling gro_cells_receive() (git-fixes). - vxlan: update skb dst pmtu on tx path (bsc#1123456). - w90p910_ether: remove incorrect __init annotation (bsc#1051510). - watchdog: docs: kernel-api: do not reference removed functions (bsc#1051510). - watchdog: w83627hf_wdt: Add quirk for Inves system (bsc#1106434). - writeback: do not decrement wb->refcnt if !wb->bdi (git fixes (writeback)). - x86: Add TSX Force Abort CPUID/MSR (bsc#1121805). - x86: Add TSX Force Abort CPUID/MSR (bsc#1121805). - x86/amd_nb: Add PCI device IDs for family 17h, model 30h (). - x86/amd_nb: Add support for newer PCI topologies (). - x86/a.out: Clear the dump structure initially (bsc#1114279). - x86/apic: Provide apic_ack_irq() (bsc#1122822). - x86/boot/e820: Avoid overwriting e820_table_firmware (bsc#1127154). - x86/boot/e820: Introduce the bootloader provided e820_table_firmware[] table (bsc#1127154). - x86/boot/e820: Rename the e820_table_firmware to e820_table_kexec (bsc#1127154). - x86/bugs: Add AMD's variant of SSB_NO (bsc#1114279). - x86/bugs: Update when to check for the LS_CFG SSBD mitigation (bsc#1114279). - x86/efi: Allocate e820 buffer before calling efi_exit_boot_service (bsc#1127307). - x86/efi: Allocate e820 buffer before calling efi_exit_boot_service (bsc#1127307). - x86/Hyper-V: Set x2apic destination mode to physical when x2apic is available (bsc#1122822). - x86/kaslr: Fix incorrect i8254 outb() parameters (bsc#1114279). - x86/kvmclock: set pvti_cpu0_va after enabling kvmclock (bsc#1098382). - x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out() (bsc#1114279). - x86/microcode/amd: Do not falsely trick the late loading mechanism (bsc#1114279). - x86/mm: Drop usage of __flush_tlb_all() in kernel_physical_mapping_init() (bsc#1114279). - x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE (bsc#1114279). - x86/mtrr: Do not copy uninitialized gentry fields back to userspace (bsc#1114279). - x86/pkeys: Properly copy pkey state at fork() (bsc#1129366). - x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls (bsc#1125614). - x86/pvclock: add setter for pvclock_pvti_cpu0_va (bsc#1098382). - x86/resctrl: Fix rdt_find_domain() return value and checks (bsc#1114279). - x86: respect memory size limiting via mem= parameter (bsc#1117645). - x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC variant (bsc#1114279). - x86/speculation: Remove redundant arch_smt_update() invocation (bsc#1114279). - x86/vdso: Remove obsolete 'fake section table' reservation (bsc#1114279). - x86/xen: dont add memory above max allowed allocation (bsc#1117645). - x86/xen/time: Output xen sched_clock time from 0 (bsc#1098382). - x86/xen/time: set pvclock flags on xen_time_init() (bsc#1098382). - x86/xen/time: setup vcpu 0 time info page (bsc#1098382). - xen, cpu_hotplug: Prevent an out of bounds access (bsc#1065600). - xen: fix dom0 boot on huge systems (bsc#1127836). - xen: Fix x86 sched_clock() interface for xen (bsc#1098382). - xen/manage: do not complain about an empty value in control/sysrq node (bsc#1065600). - xen: remove pre-xen3 fallback handlers (bsc#1065600). - xfs: add option to mount with barrier=0 or barrier=1 (bsc#1088133). - xfs: fix contiguous dquot chunk iteration livelock (bsc#1070995). - xfs: remove filestream item xfs_inode reference (bsc#1127961). - xfs: rewrite xfs_dq_get_next_id using xfs_iext_lookup_extent (bsc#1070995). - xhci: Add quirk to zero 64bit registers on Renesas PCIe controllers (bsc#1120854). - xhci: workaround CSS timeout on AMD SNPS 3.0 xHC (bsc#1119086). - xprtrdma: Reset credit grant properly after a disconnect (git-fixes). - Yama: Check for pid death before checking ancestry (bsc#1051510). - yam: fix a missing-check bug (bsc#1051510). - zswap: re-check zswap_is_full() after do zswap_shrink() (bsc#1051510). - xfs: Switch to iomap for SEEK_HOLE / SEEK_DATA (bsc#1070995). Important SUSE bug 1046305 SUSE bug 1046306 SUSE bug 1050252 SUSE bug 1050549 SUSE bug 1051510 SUSE bug 1054610 SUSE bug 1055121 SUSE bug 1056658 SUSE bug 1056662 SUSE bug 1056787 SUSE bug 1060463 SUSE bug 1063638 SUSE bug 1065600 SUSE bug 1068032 SUSE bug 1070995 SUSE bug 1071995 SUSE bug 1074562 SUSE bug 1074578 SUSE bug 1074701 SUSE bug 1075006 SUSE bug 1075419 SUSE bug 1075748 SUSE bug 1078355 SUSE bug 1080039 SUSE bug 1082943 SUSE bug 1083548 SUSE bug 1083647 SUSE bug 1084216 SUSE bug 1086095 SUSE bug 1086282 SUSE bug 1086301 SUSE bug 1086313 SUSE bug 1086314 SUSE bug 1086323 SUSE bug 1087082 SUSE bug 1087084 SUSE bug 1087092 SUSE bug 1087939 SUSE bug 1088133 SUSE bug 1094555 SUSE bug 1098382 SUSE bug 1098425 SUSE bug 1098995 SUSE bug 1102055 SUSE bug 1103429 SUSE bug 1104353 SUSE bug 1106105 SUSE bug 1106434 SUSE bug 1106811 SUSE bug 1107078 SUSE bug 1107665 SUSE bug 1108101 SUSE bug 1108870 SUSE bug 1109695 SUSE bug 1110096 SUSE bug 1110705 SUSE bug 1111666 SUSE bug 1113042 SUSE bug 1113712 SUSE bug 1113722 SUSE bug 1113769 SUSE bug 1113939 SUSE bug 1114279 SUSE bug 1114585 SUSE bug 1114893 SUSE bug 1117108 SUSE bug 1117155 SUSE bug 1117645 SUSE bug 1117947 SUSE bug 1118338 SUSE bug 1119019 SUSE bug 1119086 SUSE bug 1119766 SUSE bug 1119843 SUSE bug 1120008 SUSE bug 1120318 SUSE bug 1120601 SUSE bug 1120758 SUSE bug 1120854 SUSE bug 1120902 SUSE bug 1120909 SUSE bug 1120955 SUSE bug 1121317 SUSE bug 1121726 SUSE bug 1121789 SUSE bug 1121805 SUSE bug 1122019 SUSE bug 1122159 SUSE bug 1122192 SUSE bug 1122292 SUSE bug 1122324 SUSE bug 1122554 SUSE bug 1122662 SUSE bug 1122764 SUSE bug 1122779 SUSE bug 1122822 SUSE bug 1122885 SUSE bug 1122927 SUSE bug 1122944 SUSE bug 1122971 SUSE bug 1122982 SUSE bug 1123060 SUSE bug 1123061 SUSE bug 1123161 SUSE bug 1123317 SUSE bug 1123348 SUSE bug 1123357 SUSE bug 1123456 SUSE bug 1123538 SUSE bug 1123697 SUSE bug 1123882 SUSE bug 1123933 SUSE bug 1124055 SUSE bug 1124204 SUSE bug 1124235 SUSE bug 1124579 SUSE bug 1124589 SUSE bug 1124728 SUSE bug 1124732 SUSE bug 1124735 SUSE bug 1124969 SUSE bug 1124974 SUSE bug 1124975 SUSE bug 1124976 SUSE bug 1124978 SUSE bug 1124979 SUSE bug 1124980 SUSE bug 1124981 SUSE bug 1124982 SUSE bug 1124984 SUSE bug 1124985 SUSE bug 1125109 SUSE bug 1125125 SUSE bug 1125252 SUSE bug 1125315 SUSE bug 1125614 SUSE bug 1125728 SUSE bug 1125780 SUSE bug 1125797 SUSE bug 1125799 SUSE bug 1125800 SUSE bug 1125907 SUSE bug 1125947 SUSE bug 1126131 SUSE bug 1126209 SUSE bug 1126389 SUSE bug 1126393 SUSE bug 1126476 SUSE bug 1126480 SUSE bug 1126481 SUSE bug 1126488 SUSE bug 1126495 SUSE bug 1126555 SUSE bug 1126579 SUSE bug 1126789 SUSE bug 1126790 SUSE bug 1126802 SUSE bug 1126803 SUSE bug 1126804 SUSE bug 1126805 SUSE bug 1126806 SUSE bug 1126807 SUSE bug 1127042 SUSE bug 1127062 SUSE bug 1127082 SUSE bug 1127154 SUSE bug 1127285 SUSE bug 1127286 SUSE bug 1127307 SUSE bug 1127363 SUSE bug 1127493 SUSE bug 1127494 SUSE bug 1127495 SUSE bug 1127496 SUSE bug 1127497 SUSE bug 1127498 SUSE bug 1127534 SUSE bug 1127561 SUSE bug 1127567 SUSE bug 1127595 SUSE bug 1127603 SUSE bug 1127682 SUSE bug 1127731 SUSE bug 1127750 SUSE bug 1127836 SUSE bug 1127961 SUSE bug 1128094 SUSE bug 1128166 SUSE bug 1128351 SUSE bug 1128451 SUSE bug 1128895 SUSE bug 1129046 SUSE bug 1129080 SUSE bug 1129163 SUSE bug 1129179 SUSE bug 1129181 SUSE bug 1129182 SUSE bug 1129183 SUSE bug 1129184 SUSE bug 1129205 SUSE bug 1129281 SUSE bug 1129284 SUSE bug 1129285 SUSE bug 1129291 SUSE bug 1129292 SUSE bug 1129293 SUSE bug 1129294 SUSE bug 1129295 SUSE bug 1129296 SUSE bug 1129326 SUSE bug 1129327 SUSE bug 1129330 SUSE bug 1129363 SUSE bug 1129366 SUSE bug 1129497 SUSE bug 1129519 SUSE bug 1129543 SUSE bug 1129547 SUSE bug 1129551 SUSE bug 1129581 SUSE bug 1129625 SUSE bug 1129664 SUSE bug 1129739 SUSE bug 1129923 SUSE bug 807502 SUSE bug 824948 SUSE bug 828192 SUSE bug 925178 CVE-2017-5753 CVE-2018-20669 CVE-2019-2024 CVE-2019-3459 CVE-2019-3460 CVE-2019-3819 CVE-2019-6974 CVE-2019-7221 CVE-2019-7222 CVE-2019-7308 CVE-2019-8912 CVE-2019-8980 CVE-2019-9213 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for ovmf fixes the following issues: Security issues fixed: - CVE-2019-0160: Fixed multiple buffer overflows in UDF-related codes in MdeModulePkg\Universal\Disk\PartitionDxe\Udf.c and MdeModulePkg\Universal\Disk\UdfDxe (bsc#1130267). - CVE-2018-12181: Fixed a stack buffer overflow in the HII database when a corrupted Bitmap was used (bsc#1128503). Moderate SUSE bug 1128503 SUSE bug 1130267 CVE-2018-12181 CVE-2019-0160 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for w3m fixes several issues. These security issues were fixed: - CVE-2018-6196: Prevent infinite recursion in HTMLlineproc0 caused by the feed_table_block_tag function which did not prevent a negative indent value (bsc#1077559) - CVE-2018-6197: Prevent NULL pointer dereference in formUpdateBuffer (bsc#1077568) - CVE-2018-6198: w3m did not properly handle temporary files when the ~/.w3m directory is unwritable, which allowed a local attacker to craft a symlink attack to overwrite arbitrary files (bsc#1077572) Moderate SUSE bug 1077559 SUSE bug 1077568 SUSE bug 1077572 CVE-2018-6196 CVE-2018-6197 CVE-2018-6198 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for openssl-1_1 (OpenSSL Security Advisory [6 March 2019]) fixes the following issues: Security issue fixed: - CVE-2019-1543: Fixed an implementation error in ChaCha20-Poly1305 where it was allowed to set IV with more than 12 bytes (bsc#1128189). Moderate SUSE bug 1128189 CVE-2019-1543 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for ntp fixes the following issues: Security issue fixed: - CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause segmentation fault to ntpd (bsc#1128525). Other isses addressed: - Fixed an issue which caused openSSL mismatch (bsc#1125401) - Fixed several bugs in the BANCOMM reclock driver. - Fixed ntp_loopfilter.c snprintf compilation warnings. - Fixed spurious initgroups() error message. - Fixed STA_NANO struct timex units. - Fixed GPS week rollover in libparse. - Fixed incorrect poll interval in packet. - Added a missing check for ENABLE_CMAC. Moderate SUSE bug 1125401 SUSE bug 1128525 CVE-2019-8936 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for bash fixes the following issues: Security issue fixed: - CVE-2019-9924: Fixed a vulnerability in which shell did not prevent user BASH_CMDS allowing the user to execute any command with the permissions of the shell (bsc#1130324). Important SUSE bug 1130324 CVE-2019-9924 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for file fixes the following issues: The following security vulnerabilities were addressed: - Fixed an out-of-bounds read in the function do_core_note in readelf.c, which allowed remote attackers to cause a denial of service (application crash) via a crafted ELF file (bsc#1096974 CVE-2018-10360). - CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c (bsc#1126118) - CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c (bsc#1126119) - CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c (bsc#1126117) Moderate SUSE bug 1096974 SUSE bug 1096984 SUSE bug 1126117 SUSE bug 1126118 SUSE bug 1126119 CVE-2018-10360 CVE-2019-8905 CVE-2019-8906 CVE-2019-8907 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for MozillaFirefox fixes the following issues: Security issuess addressed: - update to Firefox ESR 60.6.1 (bsc#1130262): - CVE-2019-9813: Fixed Ionmonkey type confusion with __proto__ mutations - CVE-2019-9810: Fixed IonMonkey MArraySlice incorrect alias information - Update to Firefox ESR 60.6 (bsc#1129821): - CVE-2018-18506: Fixed an issue with Proxy Auto-Configuration file - CVE-2019-9801: Fixed an issue which could allow Windows programs to be exposed to web content - CVE-2019-9788: Fixed multiple memory safety bugs - CVE-2019-9790: Fixed a Use-after-free vulnerability when removing in-use DOM elements - CVE-2019-9791: Fixed an incorrect Type inference for constructors entered through on-stack replacement with IonMonkey - CVE-2019-9792: Fixed an issue where IonMonkey leaks JS_OPTIMIZED_OUT magic value to script - CVE-2019-9793: Fixed multiple improper bounds checks when Spectre mitigations are disabled - CVE-2019-9794: Fixed an issue where command line arguments not discarded during execution - CVE-2019-9795: Fixed a Type-confusion vulnerability in IonMonkey JIT compiler - CVE-2019-9796: Fixed a Use-after-free vulnerability in SMIL animation controller - Update to Firefox ESR 60.5.1 (bsc#1125330): - CVE-2018-18356: Fixed a use-after-free vulnerability in the Skia library which can occur when creating a path, leading to a potentially exploitable crash. - CVE-2019-5785: Fixed an integer overflow vulnerability in the Skia library which can occur after specific transform operations, leading to a potentially exploitable crash. - CVE-2018-18335: Fixed a buffer overflow vulnerability in the Skia library which can occur with Canvas 2D acceleration on macOS. This issue was addressed by disabling Canvas 2D acceleration in Firefox ESR. Note: this does not affect other versions and platforms where Canvas 2D acceleration is already disabled by default. Other issue addressed: - Fixed an issue with MozillaFirefox-translations-common which was causing error on update (bsc#1127987). Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/ Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/ Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/ Important SUSE bug 1125330 SUSE bug 1127987 SUSE bug 1129821 SUSE bug 1130262 CVE-2018-18335 CVE-2018-18356 CVE-2018-18506 CVE-2019-5785 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9794 CVE-2019-9795 CVE-2019-9796 CVE-2019-9801 CVE-2019-9810 CVE-2019-9813 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for xen fixes the following issues: Security issues fixed: - Fixed an issue which could allow malicious PV guests may cause a host crash or gain access to data pertaining to other guests.Additionally, vulnerable configurations are likely to be unstable even in the absence of an attack (bsc#1126198). - Fixed multiple access violations introduced by XENMEM_exchange hypercall which could allow a single PV guest to leak arbitrary amounts of memory, leading to a denial of service (bsc#1126192). - Fixed an issue which could allow a malicious unprivileged guest userspace process to escalate its privilege to that of other userspace processes in the same guest and potentially thereby to that of the guest operating system (bsc#1126201). - Fixed an issue which could allow malicious or buggy x86 PV guest kernels to mount a Denial of Service attack affecting the whole system (bsc#1126197). - Fixed an issue which could allow an untrusted PV domain with access to a physical device to DMA into its own pagetables leading to privilege escalation (bsc#1126195). - Fixed an issue which could allow a malicious or buggy x86 PV guest kernels can mount a Denial of Service attack affecting the whole system (bsc#1126196). - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() found in slirp (bsc#1123157). - Fixed an issue which could allow malicious 64bit PV guests to cause a host crash (bsc#1127400). - Fixed an issue which could allow malicious or buggy guests with passed through PCI devices to be able to escalate their privileges, crash the host, or access data belonging to other guests. Additionally memory leaks were also possible (bsc#1126140). - Fixed a race condition issue which could allow malicious PV guests to escalate their privilege to that of the hypervisor (bsc#1126141). - CVE-2019-9824: Fixed an information leak in SLiRP networking implementation which could allow a user/process to read uninitialised stack memory contents (bsc#1129623). Other issues addressed: - Upstream bug fixes (bsc#1027519) - Packages should no longer use /var/adm/fillup-templates (bsc#1069468). - Added Xen cmdline option 'suse_vtsc_tolerance' to avoid TSC emulation for HVM domUs (bsc#1026236). - Fixed an issue where setup of grant_tables and other variables may fail (bsc#1126325). - Fixed a building issue (bsc#1119161). - Added a requirement for xen, xl.cfg firmware='pvgrub32|pvgrub64 (bsc#1127620). - Fixed a segmetation fault in Libvirt when crash triggered on top of HVM guest (bsc#1120067). Important SUSE bug 1026236 SUSE bug 1027519 SUSE bug 1069468 SUSE bug 1119161 SUSE bug 1120067 SUSE bug 1123157 SUSE bug 1126140 SUSE bug 1126141 SUSE bug 1126192 SUSE bug 1126195 SUSE bug 1126196 SUSE bug 1126197 SUSE bug 1126198 SUSE bug 1126201 SUSE bug 1126325 SUSE bug 1127400 SUSE bug 1127620 SUSE bug 1129623 CVE-2019-6778 CVE-2019-9824 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for clamav to version 0.100.3 fixes the following issues: Security issues fixed (bsc#1130721): - CVE-2019-1787: Fixed an out-of-bounds heap read condition which may occur when scanning PDF documents. - CVE-2019-1789: Fixed an out-of-bounds heap read condition which may occur when scanning PE files (i.e. Windows EXE and DLL files). - CVE-2019-1788: Fixed an out-of-bounds heap write condition which may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. Important SUSE bug 1130721 CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for SDL fixes the following issues: Security issues fixed: - CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806). - CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099). - CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799). - CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805). - CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827). - CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826). - CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824). - CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803). - CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802). - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825). - CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800). Moderate SUSE bug 1124799 SUSE bug 1124800 SUSE bug 1124802 SUSE bug 1124803 SUSE bug 1124805 SUSE bug 1124806 SUSE bug 1124824 SUSE bug 1124825 SUSE bug 1124826 SUSE bug 1124827 SUSE bug 1125099 CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for sqlite3 fixes the following issues: Security issues fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687). - CVE-2018-20506: Fixed an integer overflow when FTS3 extension is enabled (bsc#1131576). Moderate SUSE bug 1119687 SUSE bug 1131576 CVE-2018-20346 CVE-2018-20506 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libvirt fixes the following issues: Security issue fixed: - CVE-2019-3840: Fixed a null pointer dereference vulnerability in virJSONValueObjectHasKey function which could have resulted in a remote denial of service via the guest agent (bsc#1127458). - CVE-2019-3886: Fixed an information leak which allowed to retrieve the guest hostname under readonly mode (bsc#1131595). Other issues addressed: - libxl: support Xen's max_grant_frames setting with maxGrantFrames attribute on the xenbus controller (bsc#1126325). - conf: added new 'xenbus' controller type - util: skip RDMA detection for non-PCI network devices (bsc#1112182). - qemu: don't use CAP_DAC_OVERRIDE capability if non-root (bsc#1125665). - qemu: fix issues related to restricted permissions on /dev/sev(bsc#1102604). - libxl: save current memory value after successful balloon (bsc#1120813). - libxl: Add support for soft reset. (bsc#1081516) Moderate SUSE bug 1081516 SUSE bug 1102604 SUSE bug 1112182 SUSE bug 1120813 SUSE bug 1125665 SUSE bug 1126325 SUSE bug 1127458 SUSE bug 1131595 CVE-2019-3840 CVE-2019-3886 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for wget fixes the following issues: Security issue fixed: - CVE-2019-5953: Fixed a buffer overflow vulnerability which might cause code execution (bsc#1131493). Important SUSE bug 1131493 CVE-2019-5953 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for soundtouch fixes the following issues: Security issues fixed: - CVE-2018-17098: Fixed a heap corruption from size inconsistency, which allowed remote attackers to cause a denial of service or possibly have other unspecified impact (bsc#1108632) - CVE-2018-17097: Fixed a double free, which allowed remote attackers to cause a denial of service or possibly have other unspecified impact (bsc#1108631) Moderate SUSE bug 1108631 SUSE bug 1108632 CVE-2018-17097 CVE-2018-17098 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). Important SUSE bug 1129346 CVE-2019-9636 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for man fixes the following issues: - Skip using 'safe-rm' in cron job below cache directory (bsc#1159105). Moderate SUSE bug 1159105 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location (bsc#1158095). Important SUSE bug 1158095 CVE-2019-14889 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for Mesa fixes the following issues: Security issue fixed: - CVE-2019-5068: Fixed exploitable shared memory permissions vulnerability (bsc#1156015). Moderate SUSE bug 1156015 CVE-2019-5068 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for virglrenderer fixes the following issues: - CVE-2019-18388: Fixed a null pointer dereference which could have led to denial of service (bsc#1159479). - CVE-2019-18390: Fixed an out of bound read which could have led to denial of service (bsc#1159478). - CVE-2019-18389: Fixed a heap buffer overflow which could have led to guest escape or denial of service (bsc#1159482). - CVE-2019-18391: Fixed a heap based buffer overflow which could have led to guest escape or denial of service (bsc#1159486). Important SUSE bug 1159478 SUSE bug 1159479 SUSE bug 1159482 SUSE bug 1159486 CVE-2019-18388 CVE-2019-18389 CVE-2019-18390 CVE-2019-18391 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for samba fixes the following issues: - CVE-2019-14907: Fixed a Server-side crash after charset conversion failure during NTLMSSP processing (bsc#1160888). Moderate SUSE bug 1160888 CVE-2019-14907 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u232 (icedtea 3.14.0) (October 2019 CPU, bsc#1154212) Security issues fixed: - CVE-2019-2933: Windows file handling redux - CVE-2019-2945: Better socket support - CVE-2019-2949: Better Kerberos ccache handling - CVE-2019-2958: Build Better Processes - CVE-2019-2964: Better support for patterns - CVE-2019-2962: Better Glyph Images - CVE-2019-2973: Better pattern compilation - CVE-2019-2975: Unexpected exception in jjs - CVE-2019-2978: Improved handling of jar files - CVE-2019-2981: Better Path supports - CVE-2019-2983: Better serial attributes - CVE-2019-2987: Better rendering of native glyphs - CVE-2019-2988: Better Graphics2D drawing - CVE-2019-2989: Improve TLS connection support - CVE-2019-2992: Enhance font glyph mapping - CVE-2019-2999: Commentary on Javadoc comments - CVE-2019-2894: Enhance ECDSA operations (bsc#1152856) Bug fixes: - Add patch to fix hotspot-aarch64 (bsc#1138529). Moderate SUSE bug 1138529 SUSE bug 1152856 SUSE bug 1154212 CVE-2019-2894 CVE-2019-2933 CVE-2019-2945 CVE-2019-2949 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2975 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for sysstat fixes the following issues: Security issue fixed: - CVE-2019-19725: Fixed double free in check_file_actlst in sa_common.c (bsc#1159104). Bug fixes: - Enable log information of starting/stoping services. (bsc#1144923, jsc#SLE-5958) Moderate SUSE bug 1144923 SUSE bug 1159104 CVE-2019-19725 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for java-1_8_0-openjdk fixes the following issues: Update java-1_8_0-openjdk to version jdk8u242 (icedtea 3.15.0) (January 2020 CPU, bsc#1160968): - CVE-2020-2583: Unlink Set of LinkedHashSets - CVE-2020-2590: Improve Kerberos interop capabilities - CVE-2020-2593: Normalize normalization for all - CVE-2020-2601: Better Ticket Granting Services - CVE-2020-2604: Better serial filter handling - CVE-2020-2659: Enhance datagram socket support - CVE-2020-2654: Improve Object Identifier Processing Important SUSE bug 1160968 CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2659 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for openssl-1_0_0 fixes the following issues: Security issue fixed: - CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). Moderate SUSE bug 1158809 CVE-2019-1551 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libqt5-qtbase fixes the following issues: Security issues fixed: - CVE-2020-0569: Fixed a potential local code execution by loading plugins from CWD (bsc#1161167). - CVE-2018-19870: Fixed an improper check in QImage allocation which could allow Denial of Service when opening crafted gif files (bsc#1118597). - CVE-2018-19872: Fixed an issue which could allow a division by zero leading to crash (bsc#1130246). Important SUSE bug 1118597 SUSE bug 1130246 SUSE bug 1161167 CVE-2018-19870 CVE-2018-19872 CVE-2020-0569 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for systemd fixes the following issues: - CVE-2020-1712 (bsc#bsc#1162108) Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted Dbus messages. - Unconfirmed fix for prevent hanging of systemctl during restart. (bsc#1139459) - Fix warnings thrown during package installation. (bsc#1154043) - Fix for system-udevd prevent crash within OES2018. (bsc#1151506) - Fragments of masked units ought not be considered for 'NeedDaemonReload'. (bsc#1156482) - Wait for workers to finish when exiting. (bsc#1106383) - Improve log message when inotify limit is reached. (bsc#1155574) - Mention in the man pages that alias names are only effective after command 'systemctl enable'. (bsc#1151377) - Introduce function for reading virtual files in 'sysfs' and 'procfs'. (bsc#1133495, bsc#1159814) Important SUSE bug 1106383 SUSE bug 1133495 SUSE bug 1139459 SUSE bug 1151377 SUSE bug 1151506 SUSE bug 1154043 SUSE bug 1155574 SUSE bug 1156482 SUSE bug 1159814 SUSE bug 1162108 CVE-2020-1712 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for e2fsprogs fixes the following issues: - CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571). Moderate SUSE bug 1160571 CVE-2019-5188 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for wicked fixes the following issues: - CVE-2019-18902: Fixed a use-after-free when receiving invalid DHCP6 client options (bsc#1160903). - CVE-2019-18903: Fixed a use-after-free when receiving invalid DHCP6 IA_PD option (bsc#1160904). - CVE-2020-7216: Fixed a potential denial of service via a memory leak when processing packets with missing message type option in DHCP4 (bsc#1160905). - CVE-2020-7217: Fixed a memory leak in DHCP4 fsm when processing packets for other client ids (bsc#1160906). Important SUSE bug 1160903 SUSE bug 1160904 SUSE bug 1160905 SUSE bug 1160906 CVE-2019-18902 CVE-2019-18903 CVE-2020-7216 CVE-2020-7217 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for dbus-1 fixes the following issues: Security issue fixed: - CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). Important SUSE bug 1137832 CVE-2019-12749 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 68.5.0 ESR * CVE-2020-6796 (bmo#1610426) Missing bounds check on shared memory read in the parent process * CVE-2020-6797 (bmo#1596668) Extensions granted downloads.open permission could open arbitrary applications on Mac OSX * CVE-2020-6798 (bmo#1602944) Incorrect parsing of template tag could result in JavaScript injection * CVE-2020-6799 (bmo#1606596) Arbitrary code execution when opening pdf links from other applications, when Firefox is configured as default pdf reader * CVE-2020-6800 (bmo#1595786, bmo#1596706, bmo#1598543, bmo#1604851, bmo#1605777, bmo#1608580, bmo#1608785) Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 * Fixed: Fixed various issues opening files with spaces in their path (bmo#1601905, bmo#1602726) Important SUSE bug 1161799 CVE-2020-6796 CVE-2020-6797 CVE-2020-6798 CVE-2020-6799 CVE-2020-6800 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for sudo fixes the following issues: Security issue fixed: - CVE-2019-18634: Fixed a buffer overflow in the passphrase prompt that could occur when pwfeedback was enabled in /etc/sudoers (bsc#1162202). Non-security issue fixed: - Fixed an issue where sudo -l would ask for a password even though `listpw` was set to `never` (bsc#1162675). Important SUSE bug 1162202 SUSE bug 1162675 CVE-2019-18634 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for ImageMagick fixes the following issues: Security issue fixed: - CVE-2019-19948: Fixed a heap-based buffer overflow in WriteSGIImage() (bsc#1159861). - CVE-2019-19949: Fixed a heap-based buffer over-read in WritePNGImage() (bsc#1160369). Non-security issue fixed: - Fixed an issue where converting tiff to png would lead to unviewable files (bsc#1161194). Moderate SUSE bug 1159861 SUSE bug 1160369 SUSE bug 1161194 CVE-2019-19948 CVE-2019-19949 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for dnsmasq fixes the following issues: Security issue fixed: - CVE-2019-14834: Fixed a memory leak which could have allowed to remote attackers to cause denial of service via DHCP response creation (bsc#1154849) Other issue addressed: - Removed cache size limit (bsc#1138743). Moderate SUSE bug 1138743 SUSE bug 1154849 CVE-2019-14834 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libexif fixes the following issues: - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). Moderate SUSE bug 1120943 SUSE bug 1160770 CVE-2018-20030 CVE-2019-9278 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for ppp fixes the following security issue: - CVE-2020-8597: Fixed a buffer overflow in the eap_request and eap_response functions (bsc#1162610). Important SUSE bug 1162610 CVE-2020-8597 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for python3 fixes the following issues: Update to 3.4.10 (jsc#SLE-9427, bsc#1159208) from 3.4.6: Security issues fixed: - Update expat copy from 2.1.1 to 2.2.0 to fix the following issues: CVE-2012-0876, CVE-2016-0718, CVE-2016-4472, CVE-2017-9233, CVE-2016-9063 - CVE-2017-1000158: Fix an integer overflow in thePyString_DecodeEscape function in stringobject.c, resulting in heap-based bufferoverflow (bsc#1068664). Moderate SUSE bug 1068664 SUSE bug 1159208 SUSE bug 1159623 CVE-2012-0876 CVE-2016-0718 CVE-2016-4472 CVE-2016-9063 CVE-2017-1000158 CVE-2017-9233 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libpng16 fixes the following issues: Security issues fixed: - CVE-2019-7317: Fixed a use-after-free vulnerability, triggered when png_image_free() was called under png_safe_execute (bsc#1124211). - CVE-2017-12652: Fixed an Input Validation Error related to the length of chunks (bsc#1141493). Moderate SUSE bug 1124211 SUSE bug 1141493 CVE-2017-12652 CVE-2019-7317 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for gimp fixes the following issues: - Fix for crashing due to segmentation fault caused by importing ghostscript files. (bsc#1161998) Security issues fixed: - CVE-2017-17785: Fixed an heap-based buffer overflow in FLI import (bsc#1073625) - CVE-2017-17786: Fixed an out-of-bounds read in TGA (bsc#1073626) - CVE-2017-17788: Fixed an out-of-bounds read in XCF (bsc#1073629) Moderate SUSE bug 1073625 SUSE bug 1073626 SUSE bug 1073629 SUSE bug 1161998 CVE-2017-17785 CVE-2017-17786 CVE-2017-17788 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for gd fixes the following issues: - CVE-2017-7890: Fixed a buffer over-read into uninitialized memory (bsc#1050241). - CVE-2018-14553: Fixed a null pointer dereference in gdImageClone() (bsc#1165471). - CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm() (bsc#1140120). Moderate SUSE bug 1050241 SUSE bug 1140120 SUSE bug 1165471 CVE-2017-7890 CVE-2018-14553 CVE-2019-11038 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for java-1_7_0-openjdk fixes the following issues: Update java-1_7_0-openjdk to version jdk7u251 (January 2020 CPU, bsc#1160968): - CVE-2020-2583: Unlink Set of LinkedHashSets - CVE-2020-2590: Improve Kerberos interop capabilities - CVE-2020-2593: Normalize normalization for all - CVE-2020-2601: Better Ticket Granting Services - CVE-2020-2604: Better serial filter handling - CVE-2020-2659: Enhance datagram socket support - CVE-2020-2654: Improve Object Identifier Processing Important SUSE bug 1160968 CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2659 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for ipmitool fixes the following issues: - CVE-2020-5208: Fixed multiple remote code executtion vulnerabilities (bsc#1163026). - picmg discover messages are now DEBUG and not INFO messages (bsc#1085469). Important SUSE bug 1085469 SUSE bug 1163026 CVE-2020-5208 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 68.4.1 ESR * Fixed: Security fix MFSA 2020-03 (bsc#1160498) * CVE-2019-17026 (bmo#1607443) IonMonkey type confusion with StoreElementHole and FallibleStoreElement - Firefox Extended Support Release 68.4.0 ESR * Fixed: Various security fixes MFSA 2020-02 (bsc#1160305) * CVE-2019-17015 (bmo#1599005) Memory corruption in parent process during new content process initialization on Windows * CVE-2019-17016 (bmo#1599181) Bypass of @namespace CSS sanitization during pasting * CVE-2019-17017 (bmo#1603055) Type Confusion in XPCVariant.cpp * CVE-2019-17021 (bmo#1599008) Heap address disclosure in parent process during content process initialization on Windows * CVE-2019-17022 (bmo#1602843) CSS sanitization does not escape HTML tags * CVE-2019-17024 (bmo#1507180, bmo#1595470, bmo#1598605, bmo#1601826) Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 Important SUSE bug 1160305 SUSE bug 1160498 CVE-2019-17015 CVE-2019-17016 CVE-2019-17017 CVE-2019-17021 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for postgresql10 fixes the following issues: PostgreSQL was updated to version 10.12. Security issue fixed: - CVE-2020-1720: Fixed a missing authorization check in the ALTER ... DEPENDS ON extension (bsc#1163985). Low SUSE bug 1163985 CVE-2020-1720 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for libzypp fixes the following issues: Security issue fixed: - CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763). Moderate SUSE bug 1158763 CVE-2019-18900 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.47.1: Security issues fixed: - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). - CVE-2019-11745: EncryptUpdate should use maxout, not block size (bsc#1158527). - CVE-2019-11727: Fixed vulnerability sign CertificateVerify with PKCS#1 v1.5 signatures issue (bsc#1141322). mozilla-nspr was updated to version 4.23: - Whitespace in C files was cleaned up and no longer uses tab characters for indenting. Moderate SUSE bug 1141322 SUSE bug 1158527 SUSE bug 1159819 CVE-2019-11745 CVE-2019-17006 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 This update for openssl-1_1 fixes the following issues: Security issue fixed: - CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). - CVE-2019-1563: Fixed bleichenbacher attack against cms/pkcs7 encryptioon transported key (bsc#1150250). - CVE-2019-1551: Fixed integer overflow in RSAZ modular exponentiation on x86_64 (bsc#1158809). - CVE-2019-1549: Fixed fork problem with random generator (bsc#1150247). - CVE-2019-1547: Fixed EC_GROUP_set_generator side channel attack avoidance (bsc#1150003). Bug fixes: - Ship the openssl 1.1.1 binary as openssl-1_1, and make it installable in parallel with the system openssl (bsc#1140277). - Update to 1.1.1d (bsc#1133925, jsc#SLE-6430). Moderate SUSE bug 1133925 SUSE bug 1140277 SUSE bug 1150003 SUSE bug 1150247 SUSE bug 1150250 SUSE bug 1158809 CVE-2019-1547 CVE-2019-1549 CVE-2019-1551 CVE-2019-1563 cpe:/o:suse:sled:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removed entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry could remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769). - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751). - CVE-2018-18445: Faulty computation of numeric bounds in the BPF verifier permitted out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandled 32-bit right shifts (bnc#1112372). - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). - CVE-2017-18224: fs/ocfs2/aops.c omitted use of a semaphore and consequently had a race condition for access to the extent tree during read operations in DIRECT mode, which allowed local users to cause a denial of service (BUG) by modifying a certain e_cpos field (bnc#1084831). - CVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674). The following non-security bugs were fixed: - ACPI/APEI: Handle GSIV and GPIO notification types (bsc#1115567). - ACPICA: Tables: Add WSMT support (bsc#1089350). - ACPI/IORT: Fix iort_get_platform_device_domain() uninitialized pointer value (bsc#1051510). - ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers (bsc#1051510). - ACPI, nfit: Fix ARS overflow continuation (bsc#1116895). - ACPI, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#1112128). - ACPI/nfit, x86/mce: Handle only uncorrectable machine checks (bsc#1114279). - ACPI/nfit, x86/mce: Validate a MCE's address before using it (bsc#1114279). - ACPI / platform: Add SMB0001 HID to forbidden_id_list (bsc#1051510). - ACPI / processor: Fix the return value of acpi_processor_ids_walk() (bsc#1051510). - ACPI / watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM (bsc#1051510). - act_ife: fix a potential use-after-free (networking-stable-18_09_11). - Add the cherry-picked dup id for PCI dwc fix - Add version information to KLP_SYMBOLS file - ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write (bsc#1051510). - ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bsc#1051510). - ALSA: control: Fix race between adding and removing a user element (bsc#1051510). - ALSA: hda: Add 2 more models to the power_save blacklist (bsc#1051510). - ALSA: hda: Add ASRock N68C-S UCC the power_save blacklist (bsc#1051510). - ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905) (bsc#1051510). - ALSA: hda - Add quirk for ASUS G751 laptop (bsc#1051510). - ALSA: hda/ca0132 - Call pci_iounmap() instead of iounmap() (bsc#1051510). - ALSA: hda - Fix headphone pin config for ASUS G751 (bsc#1051510). - ALSA: hda: fix unused variable warning (bsc#1051510). - ALSA: hda/realtek - Add auto-mute quirk for HP Spectre x360 laptop (bsc#1051510). - ALSA: hda/realtek - Add GPIO data update helper (bsc#1051510). - ALSA: hda/realtek - Allow skipping spec->init_amp detection (bsc#1051510). - ALSA: hda/realtek - fix headset mic detection for MSI MS-B171 (bsc#1051510). - ALSA: hda/realtek - Fix HP Headset Mic can't record (bsc#1051510). - ALSA: hda/realtek - fix the pop noise on headphone for lenovo laptops (bsc#1051510). - ALSA: hda/realtek - Fix the problem of the front MIC on the Lenovo M715 (bsc#1051510). - ALSA: hda/realtek - Manage GPIO bits commonly (bsc#1051510). - ALSA: hda/realtek - Simplify Dell XPS13 GPIO handling (bsc#1051510). - ALSA: hda/realtek - Support ALC300 (bsc#1051510). - ALSA: oss: Use kvzalloc() for local buffer allocations (bsc#1051510). - ALSA: sparc: Fix invalid snd_free_pages() at error path (bsc#1051510). - ALSA: usb-audio: Add vendor and product name for Dell WD19 Dock (bsc#1051510). - ALSA: usb-audio: update quirk for B&W PX to remove microphone (bsc#1051510). - ALSA: wss: Fix invalid snd_free_pages() at error path (bsc#1051510). - amd/iommu: Fix Guest Virtual APIC Log Tail Address Register (bsc#1106105). - arm64: KVM: Move CPU ID reg trap setup off the world switch path (bsc#1110998). - arm64: KVM: Sanitize PSTATE.M when being set from userspace (bsc#1110998). - arm64: KVM: Tighten guest core register access from userspace (bsc#1110998). - ARM: dts: at91: add new compatibility string for macb on sama5d3 (bsc#1051510). - ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE to dwc (bsc#1085535) - ASoC: Intel: cht_bsw_max98090: add support for Baytrail (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0 (bsc#1051510). - ASoC: intel: skylake: Add missing break in skl_tplg_get_token() (bsc#1051510). - ASoC: Intel: Skylake: Reset the controller in probe (bsc#1051510). - ASoC: rsnd: adg: care clock-frequency size (bsc#1051510). - ASoC: rsnd: do not fallback to PIO mode when -EPROBE_DEFER (bsc#1051510). - ASoC: rt5514: Fix the issue of the delay volume applied again (bsc#1051510). - ASoC: sigmadsp: safeload should not have lower byte limit (bsc#1051510). - ASoC: sun8i-codec: fix crash on module removal (bsc#1051510). - ASoC: wm8804: Add ACPI support (bsc#1051510). - ata: Fix racy link clearance (bsc#1107866). - ataflop: fix error handling during setup (bsc#1051510). - ath10k: fix kernel panic issue during pci probe (bsc#1051510). - ath10k: fix scan crash due to incorrect length calculation (bsc#1051510). - ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait (bsc#1051510). - ath10k: schedule hardware restart if WMI command times out (bsc#1051510). - autofs: fix autofs_sbi() does not check super block type (git-fixes). - autofs: fix slab out of bounds read in getname_kernel() (git-fixes). - autofs: mount point create should honour passed in mode (git-fixes). - badblocks: fix wrong return value in badblocks_set if badblocks are disabled (git-fixes). - batman-adv: Avoid probe ELP information leak (bsc#1051510). - batman-adv: Expand merged fragment buffer for full packet (bsc#1051510). - batman-adv: fix backbone_gw refcount on queue_work() failure (bsc#1051510). - batman-adv: fix hardif_neigh refcount on queue_work() failure (bsc#1051510). - batman-adv: Use explicit tvlv padding for ELP packets (bsc#1051510). - bdi: Fix another oops in wb_workfn() (bsc#1112746). - bdi: Preserve kabi when adding cgwb_release_mutex (bsc#1112746). - bitops: protect variables in bit_clear_unless() macro (bsc#1051510). - bitops: protect variables in set_mask_bits() macro (bsc#1051510). - Blacklist commit that modifies Scsi_Host/kabi (bsc#1114579) - Blacklist sd_zbc patch that is too invasive (bsc#1114583) - Blacklist virtio patch that uses bio_integrity_bytes() (bsc#1114585) - blk-mq: I/O and timer unplugs are inverted in blktrace (bsc#1112713). - block, bfq: fix wrong init of saved start time for weight raising (bsc#1112708). - block: bfq: swap puts in bfqg_and_blkg_put (bsc#1112712). - block: copy ioprio in __bio_clone_fast() (bsc#1082653). - block: respect virtual boundary mask in bvecs (bsc#1113412). - Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bsc#1051510). - Bluetooth: SMP: fix crash in unpairing (bsc#1051510). - bnxt_en: Fix TX timeout during netpoll (networking-stable-18_10_16). - bnxt_en: free hwrm resources, if driver probe fails (networking-stable-18_10_16). - bonding: avoid possible dead-lock (networking-stable-18_10_16). - bonding: fix length of actor system (networking-stable-18_11_02). - bonding: fix warning message (networking-stable-18_10_16). - bonding: pass link-local packets to bonding master also (networking-stable-18_10_16). - bpf: fix partial copy of map_ptr when dst is scalar (bsc#1083647). - bpf, net: add skb_mac_header_len helper (networking-stable-18_09_24). - bpf/verifier: disallow pointer subtraction (bsc#1083647). - bpf: wait for running BPF programs when updating map-in-map (bsc#1083647). - brcmfmac: fix for proper support of 160MHz bandwidth (bsc#1051510). - brcmfmac: fix reporting support for 160 MHz channels (bsc#1051510). - brcmutil: really fix decoding channel info for 160 MHz bandwidth (bsc#1051510). - bridge: do not add port to router list when receives query with source 0.0.0.0 (networking-stable-18_11_02). - Btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency for bsc#1113667). - Btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667). - Btrfs: fix assertion failure during fsync in no-holes mode (bsc#1118136). - Btrfs: fix assertion on fsync of regular file when using no-holes feature (bsc#1118137). - Btrfs: fix cur_offset in the error case for nocow (bsc#1118140). - Btrfs: fix data corruption due to cloning of eof block (bsc#1116878). - Btrfs: fix deadlock on tree root leaf when finding free extent (bsc#1116876). - Btrfs: fix deadlock when writing out free space caches (bsc#1116700). - Btrfs: fix infinite loop on inode eviction after deduplication of eof block (bsc#1116877). - Btrfs: fix missing error return in btrfs_drop_snapshot (Git-fixes bsc#1109919). - Btrfs: fix null pointer dereference on compressed write path error (bsc#1116698). - Btrfs: fix use-after-free during inode eviction (bsc#1116701). - Btrfs: fix use-after-free when dumping free space (bsc#1116862). - Btrfs: fix warning when replaying log after fsync of a tmpfile (bsc#1116692). - Btrfs: fix wrong dentries after fsync of file that got its parent replaced (bsc#1116693). - Btrfs: handle errors while updating refcounts in update_ref_for_cow (Git-fixes bsc#1109915). - Btrfs: make sure we create all new block groups (bsc#1116699). - Btrfs: protect space cache inode alloc with GFP_NOFS (bsc#1116863). - Btrfs: send, fix infinite loop due to directory rename dependencies (bsc#1118138). - cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) (bsc#1051510). - can: dev: __can_get_echo_skb(): Do not crash the kernel if can_priv::echo_skb is accessed out of bounds (bsc#1051510). - can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() (bsc#1051510). - can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb (bsc#1051510). - can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length (bsc#1051510). - can: hi311x: Use level-triggered interrupt (bsc#1051510). - can: raw: check for CAN FD capable netdev in raw_sendmsg() (bsc#1051510). - can: rcar_can: Fix erroneous registration (bsc#1051510). - can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions (bsc#1051510). - cdc-acm: correct counting of UART states in serial state notification (bsc#1051510). - cdc-acm: do not reset notification buffer index upon urb unlinking (bsc#1051510). - cdc-acm: fix race between reset and control messaging (bsc#1051510). - ceph: avoid a use-after-free in ceph_destroy_options() (bsc#1111983). - ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839). - ceph: quota: fix null pointer dereference in quota check (bsc#1114839). - cfg80211: Address some corner cases in scan result channel updating (bsc#1051510). - cfg80211: fix use-after-free in reg_process_hint() (bsc#1051510). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902). - cifs: fix memory leak in SMB2_open() (bsc#1112894). - cifs: Fix use after free of a mid_q_entry (bsc#1112903). - clk: at91: Fix division by zero in PLL recalc_rate() (bsc#1051510). - clk: fixed-factor: fix of_node_get-put imbalance (bsc#1051510). - clk: fixed-rate: fix of_node_get-put imbalance (bsc#1051510). - clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk (bsc#1051510). - clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call (bsc#1051510). - clk: s2mps11: Add used attribute to s2mps11_dt_match (bsc#1051510). - clk: s2mps11: Fix matching when built as module and DT node contains compatible (bsc#1051510). - clk: samsung: exynos5420: Enable PERIS clocks for suspend (bsc#1051510). - clk: x86: add 'ether_clk' alias for Bay Trail / Cherry Trail (bsc#1051510). - clk: x86: Stop marking clocks as CLK_IS_CRITICAL (bsc#1051510). - clockevents/drivers/i8253: Add support for PIT shutdown quirk (bsc#1051510). - clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs (bsc#1051510). - clocksource/drivers/timer-atmel-pit: Properly handle error cases (bsc#1051510). - coda: fix 'kernel memory exposure attempt' in fsync (bsc#1051510). - configfs: replace strncpy with memcpy (bsc#1051510). - crypto: caam - fix implicit casts in endianness helpers (bsc#1051510). - crypto: chelsio - Fix memory corruption in DMA Mapped buffers (bsc#1051510). - crypto: lrw - Fix out-of bounds access on counter overflow (bsc#1051510). - crypto: simd - correctly take reqsize of wrapped skcipher into account (bsc#1051510). - crypto: tcrypt - fix ghash-generic speed test (bsc#1051510). - dax: Fix deadlock in dax_lock_mapping_entry() (bsc#1109951). - debugobjects: Make stack check warning more informative (bsc#1051510). - Documentation/l1tf: Fix small spelling typo (bsc#1051510). - Documentation/l1tf: Fix typos (bsc#1051510). - Documentation/l1tf: Remove Yonah processors from not vulnerable list (bsc#1051510). - do d_instantiate/unlock_new_inode combinations safely (git-fixes). - Do not leak MNT_INTERNAL away from internal mounts (git-fixes). - driver/dma/ioat: Call del_timer_sync() without holding prep_lock (bsc#1051510). - drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type (bsc#1051510). - drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 (bsc#1051510). - drm/amdgpu: Fix vce work queue was not cancelled when suspend (bsc#1106110) - drm/amdgpu/powerplay: fix missing break in switch statements (bsc#1113722) - drm/ast: change resolution may cause screen blurred (boo#1112963). - drm/ast: fixed cursor may disappear sometimes (bsc#1051510). - drm/ast: Fix incorrect free on ioregs (bsc#1051510). - drm/ast: Remove existing framebuffers before loading driver (boo#1112963) - drm/dp_mst: Check if primary mstb is null (bsc#1051510). - drm/dp_mst: Skip validating ports during destruction, just ref (bsc#1051510). - drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510). - drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl (bsc#1113722) - drm/edid: VSDB yCBCr420 Deep Color mode bit definitions (bsc#1051510). - drm: fb-helper: Reject all pixel format changing requests (bsc#1113722) - drm/hisilicon: hibmc: Do not carry error code in HiBMC framebuffer (bsc#1113722) - drm/hisilicon: hibmc: Do not overwrite fb helper surface depth (bsc#1113722) - drm/i915/audio: Hook up component bindings even if displays are (bsc#1113722) - drm/i915: Do not oops during modeset shutdown after lpe audio deinit (bsc#1051510). - drm/i915: Do not unset intel_connector->mst_port (bsc#1051510). - drm/i915/dp: Link train Fallback on eDP only if fallback link BW can fit panel's native mode (bsc#1051510). - drm/i915/execlists: Force write serialisation into context image vs execution (bsc#1051510). - drm/i915: Fix ilk+ watermarks when disabling pipes (bsc#1051510). - drm/i915/gen9+: Fix initial readout for Y tiled framebuffers (bsc#1113722) - drm/i915/glk: Add Quirk for GLK NUC HDMI port issues (bsc#1051510). - drm/i915/glk: Remove 99% limitation (bsc#1051510). - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bsc#1051510). - drm/i915: Large page offsets for pread/pwrite (bsc#1051510). - drm/i915: Mark pin flags as u64 (bsc#1051510). - drm/i915: Restore vblank interrupts earlier (bsc#1051510). - drm/i915: Skip vcpi allocation for MSTB ports that are gone (bsc#1051510). - drm/i915: Write GPU relocs harder with gen3 (bsc#1051510). - drm: mali-dp: Call drm_crtc_vblank_reset on device init (bsc#1051510). - drm/mediatek: fix OF sibling-node lookup (bsc#1106110) - drm/meson: add support for 1080p25 mode (bsc#1051510). - drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config (bsc#1051510). - drm/meson: Fix OOB memory accesses in meson_viu_set_osd_lut() (bsc#1051510). - drm/msm: fix OF child-node lookup (bsc#1106110) - drm/nouveau: Check backlight IDs are >= 0, not > 0 (bsc#1051510). - drm/nouveau: Do not disable polling in fallback mode (bsc#1103356). - drm/omap: fix memory barrier bug in DMM driver (bsc#1051510). - drm/rockchip: Allow driver to be shutdown on reboot/kexec (bsc#1051510). - drm/sti: do not remove the drm_bridge that was never added (bsc#1100132) - drm/sun4i: Fix an ulong overflow in the dotclock driver (bsc#1106110) - drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset() (bsc#1113722) - e1000: check on netif_running() before calling e1000_up() (bsc#1051510). - e1000: ensure to free old tx/rx rings in set_ringparam() (bsc#1051510). - EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting (bsc#1114279). - EDAC: Raise the maximum number of memory controllers (bsc#1113780). - EDAC, skx_edac: Fix logical channel intermediate decoding (bsc#1114279). - EDAC, thunderx: Fix memory leak in thunderx_l2c_threaded_isr() (bsc#1114279). - eeprom: at24: change nvmem stride to 1 (bsc#1051510). - eeprom: at24: check at24_read/write arguments (bsc#1051510). - eeprom: at24: correctly set the size for at24mac402 (bsc#1051510). - Enable LSPCON instead of blindly disabling HDMI - enic: do not call enic_change_mtu in enic_probe (bsc#1051510). - enic: handle mtu change for vf properly (bsc#1051510). - enic: initialize enic->rfs_h.lock in enic_probe (bsc#1051510). - ethtool: fix a privilege escalation bug (bsc#1076830). - ext2, dax: set ext2_dax_aops for dax files (bsc#1112554). - ext4: add missing brelse() add_new_gdb_meta_bg()'s error path (bsc#1117795). - ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path (bsc#1117794). - ext4: add missing brelse() update_backups()'s error path (bsc#1117796). - ext4: avoid arithemetic overflow that can trigger a BUG (bsc#1112736). - ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802). - ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty() (bsc#1117801). - ext4: avoid divide by zero fault when deleting corrupted inline directories (bsc#1112735). - ext4: avoid potential extra brelse in setup_new_flex_group_blocks() (bsc#1117792). - ext4: check for NUL characters in extended attribute's name (bsc#1112732). - ext4: check to make sure the rename(2)'s destination is not freed (bsc#1112734). - ext4: do not mark mmp buffer head dirty (bsc#1112743). - ext4: fix buffer leak in __ext4_read_dirblock() on error path (bsc#1117807). - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806). - ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing (bsc#1117798). - ext4: fix online resize's handling of a too-small final block group (bsc#1112739). - ext4: fix online resizing for bigalloc file systems with a 1k block size (bsc#1112740). - ext4: fix possible inode leak in the retry loop of ext4_resize_fs() (bsc#1117799). - ext4: fix possible leak of sbi->s_group_desc_leak in error path (bsc#1117803). - ext4: fix possible leak of s_journal_flag_rwsem in error path (bsc#1117804). - ext4: fix setattr project check in fssetxattr ioctl (bsc#1117789). - ext4: fix spectre gadget in ext4_mb_regular_allocator() (bsc#1112733). - ext4: fix use-after-free race in ext4_remount()'s error path (bsc#1117791). - ext4: initialize retries variable in ext4_da_write_inline_data_begin() (bsc#1117788). - ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR (bsc#1117790). - ext4: recalucate superblock checksum after updating free blocks/inodes (bsc#1112738). - ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805). - ext4: reset error code in ext4_find_entry in fallback (bsc#1112731). - ext4: show test_dummy_encryption mount option in /proc/mounts (bsc#1112741). - fbdev: fix broken menu dependencies (bsc#1113722) - fbdev/omapfb: fix omapfb_memory_read infoleak (bsc#1051510). - firmware: dcdbas: Add support for WSMT ACPI table (bsc#1089350 ). - firmware: dcdbas: include linux/io.h (bsc#1089350). - Fix kABI for 'Ensure we commit after writeback is complete' (bsc#1111809). - floppy: fix race condition in __floppy_read_block_0() (bsc#1051510). - flow_dissector: do not dissect l4 ports for fragments (networking-stable-18_11_21). - fscache: fix race between enablement and dropping of object (bsc#1107385). - fs: dcache: Avoid livelock between d_alloc_parallel and __d_add (git-fixes). - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() (git-fixes). - fs: dcache: Use READ_ONCE when accessing i_dir_seq (git-fixes). - fs: Make extension of struct super_block transparent (bsc#1117822). - fsnotify: Fix busy inodes during unmount (bsc#1117822). - fsnotify: fix ignore mask logic in fsnotify() (bsc#1115074). - fs/quota: Fix spectre gadget in do_quotactl (bsc#1112745). - ftrace: Fix debug preempt config name in stack_tracer_{en,dis}able (bsc#1117172). - ftrace: Fix kmemleak in unregister_ftrace_graph (bsc#1117181). - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bsc#1117174). - ftrace: Remove incorrect setting of glob search field (bsc#1117184). - genirq: Fix race on spurious interrupt detection (bsc#1051510). - getname_kernel() needs to make sure that ->name != ->iname in long case (git-fixes). - gpio: do not free unallocated ida on gpiochip_add_data_with_key() error path (bsc#1051510). - grace: replace BUG_ON by WARN_ONCE in exit_net hook (git-fixes). - gso_segment: Reset skb->mac_len after modifying network header (networking-stable-18_09_24). - hfsplus: do not return 0 when fill_super() failed (bsc#1051510). - hfsplus: stop workqueue when fill_super() failed (bsc#1051510). - hfs: prevent crash on exit from failed search (bsc#1051510). - HID: hiddev: fix potential Spectre v1 (bsc#1051510). - HID: hid-sensor-hub: Force logical minimum to 1 for power and report state (bsc#1051510). - HID: quirks: fix support for Apple Magic Keyboards (bsc#1051510). - HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report (bsc#1051510). - HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges (bsc#1051510). - hv: avoid crash in vmbus sysfs files (bnc#1108377). - hv_netvsc: fix schedule in RCU context (). - hv_netvsc: ignore devices that are not PCI (networking-stable-18_09_11). - hwmon: (core) Fix double-free in __hwmon_device_register() (bsc#1051510). - hwmon: (ibmpowernv) Remove bogus __init annotations (bsc#1051510). - hwmon: (ina2xx) Fix current value calculation (bsc#1051510). - hwmon (ina2xx) Fix NULL id pointer in probe() (bsc#1051510). - hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510). - hwmon: (pmbus) Fix page count auto-detection (bsc#1051510). - hwmon: (pwm-fan) Set fan speed to 0 on suspend (bsc#1051510). - hwmon: (raspberrypi) Fix initial notify (bsc#1051510). - hwmon: (w83795) temp4_type has writable permission (bsc#1051510). - hwrng: core - document the quality field (bsc#1051510). - hypfs_kill_super(): deal with failed allocations (bsc#1051510). - i2c: i2c-scmi: fix for i2c_smbus_write_block_data (bsc#1051510). - i2c: rcar: cleanup DMA for all kinds of failure (bsc#1051510). - ibmvnic: fix accelerated VLAN handling (). - ibmvnic: fix index in release_rx_pools (bsc#1115440, bsc#1115433). - ibmvnic: remove ndo_poll_controller (). - ibmvnic: Update driver queues after change in ring size support (). - iio: accel: adxl345: convert address field usage in iio_chan_spec (bsc#1051510). - iio: ad5064: Fix regulator handling (bsc#1051510). - iio: adc: at91: fix acking DRDY irq on simple conversions (bsc#1051510). - iio: adc: at91: fix wrong channel number in triggered buffer mode (bsc#1051510). - iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs() (bsc#1051510). - iio:st_magn: Fix enable device after trigger (bsc#1051510). - ima: fix showing large 'violations' or 'runtime_measurements_count' (bsc#1051510). - include/linux/pfn_t.h: force '~' to be parsed as an unary operator (bsc#1051510). - inet: make sure to grab rcu_read_lock before using ireq->ireq_opt (networking-stable-18_10_16). - Input: atakbd - fix Atari CapsLock behaviour (bsc#1051510). - Input: atakbd - fix Atari keymap (bsc#1051510). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bsc#1051510). - Input: synaptics - avoid using uninitialized variable when probing (bsc#1051510). - Input: xpad - add PDP device id 0x02a4 (bsc#1051510). - Input: xpad - add support for Xbox1 PDP Camo series gamepad (bsc#1051510). - Input: xpad - avoid using __set_bit() for capabilities (bsc#1051510). - Input: xpad - fix some coding style issues (bsc#1051510). - intel_th: pci: Add Ice Lake PCH support (bsc#1051510). - iommu/arm-smmu: Ensure that page-table updates are visible before TLBI (bsc#1106237). - iommu/arm-smmu: Error out only if not enough context interrupts (bsc#1106237). - iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105). - iommu/vt-d: Add definitions for PFSID (bsc#1106237). - iommu/vt-d: Fix dev iotlb pfsid use (bsc#1106237). - iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() (bsc#1106105). - iommu/vt-d: Fix scatterlist offset handling (bsc#1106237). - iommu/vt-d: Use memunmap to free memremap (bsc#1106105). - ip6_tunnel: be careful when accessing the inner header (networking-stable-18_10_16). - ip6_tunnel: Fix encapsulation layout (networking-stable-18_11_02). - ip6_vti: fix a null pointer deference when destroy vti6 tunnel (networking-stable-18_09_11). - ipmi: Fix timer race with module unload (bsc#1051510). - ip_tunnel: be careful when accessing the inner header (networking-stable-18_10_16). - ip_tunnel: do not force DF when MTU is locked (networking-stable-18_11_21). - ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu (networking-stable-18_11_21). - ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state (networking-stable-18_09_11). - ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF (networking-stable-18_11_21). - ipv6: fix possible use-after-free in ip6_xmit() (networking-stable-18_09_24). - ipv6: mcast: fix a use-after-free in inet6_mc_check (networking-stable-18_11_02). - ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called (networking-stable-18_11_02). - ipv6: take rcu lock in rawv6_send_hdrinc() (networking-stable-18_10_16). - iwlwifi: dbg: allow wrt collection before ALIVE (bsc#1051510). - iwlwifi: dbg: do not crash if the firmware crashes in the middle of a debug dump (bsc#1051510). - iwlwifi: do not WARN on trying to dump dead firmware (bsc#1051510). - iwlwifi: mvm: Allow TKIP for AP mode (bsc#1051510). - iwlwifi: mvm: check for n_profiles validity in EWRD ACPI (bsc#1051510). - iwlwifi: mvm: check for short GI only for OFDM (bsc#1051510). - iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() (bsc#1051510). - iwlwifi: mvm: clear HW_RESTART_REQUESTED when stopping the interface (bsc#1051510). - iwlwifi: mvm: do not use SAR Geo if basic SAR is not used (bsc#1051510). - iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510). - iwlwifi: mvm: fix regulatory domain update when the firmware starts (bsc#1051510). - iwlwifi: mvm: open BA session only when sta is authorized (bsc#1051510). - iwlwifi: mvm: send BCAST management frames to the right station (bsc#1051510). - iwlwifi: mvm: support sta_statistics() even on older firmware (bsc#1051510). - iwlwifi: pcie: avoid empty free RB queue (bsc#1051510). - iwlwifi: pcie: gen2: build A-MSDU only for GSO (bsc#1051510). - iwlwifi: pcie gen2: check iwl_pcie_gen2_set_tb() return value (bsc#1051510). - jbd2: fix use after free in jbd2_log_do_checkpoint() (bsc#1113257). - KABI fix for 'NFSv4.1: Fix up replays of interrupted requests' (git-fixes). - kABI: Hide get_msr_feature() in kvm_x86_ops (bsc#1106240). - KABI: hide new member in struct iommu_table from genksyms (bsc#1061840). - KABI: mask raw in struct bpf_reg_state (bsc#1083647). - KABI: powerpc: export __find_linux_pte as __find_linux_pte_or_hugepte (bsc#1061840). - KABI: powerpc: Revert npu callback signature change (bsc#1055120). - KABI: protect struct fib_nh_exception (kabi). - KABI: protect struct rtable (kabi). - KABI/severities: ignore __xive_vm_h_* KVM internal symbols. - Kbuild: fix # escaping in .cmd files for future Make (git-fixes). - kbuild: fix kernel/bounds.c 'W=1' warning (bsc#1051510). - kbuild: move '_all' target out of $(KBUILD_SRC) conditional (bsc#1114279). - kernfs: update comment about kernfs_path() return value (bsc#1051510). - kgdboc: Passing ekgdboc to command line causes panic (bsc#1051510). - kprobes/x86: Fix %p uses in error messages (bsc#1110006). - KVM: arm/arm64: Introduce vcpu_el1_is_32bit (bsc#1110998). - KVM: Make VM ioctl do valloc for some archs (bsc#1111506). - KVM: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240). - KVM: nVMX: move check_vmentry_postreqs() call to nested_vmx_enter_non_root_mode() (bsc#1106240). - KVM: PPC: Add pt_regs into kvm_vcpu_arch and move vcpu->arch.gpr[] into it (bsc#1061840). - KVM: PPC: Avoid marking DMA-mapped pages dirty in real mode (bsc#1061840). - KVM: PPC: Book3S: Add MMIO emulation for VMX instructions (bsc#1061840). - KVM: PPC: Book3S: Allow backing bigger guest IOMMU pages with smaller physical pages (bsc#1061840). - KVM: PPC: Book3S: Check KVM_CREATE_SPAPR_TCE_64 parameters (bsc#1061840). - KVM: PPC: Book3S: Eliminate some unnecessary checks (bsc#1061840). - KVM: PPC: Book3S: Fix compile error that occurs with some gcc versions (bsc#1061840). - KVM: PPC: Book3S: Fix matching of hardware and emulated TCE tables (bsc#1061840). - KVM: PPC: Book3S HV: Add of_node_put() in success path (bsc#1061840). - KVM: PPC: Book3S HV: Add 'online' register to ONE_REG interface (bsc#1061840). - KVM: PPC: Book3S HV: Allow creating max number of VCPUs on POWER9 (bsc#1061840). - KVM: PPC: Book3S HV: Allow HPT and radix on the same core for POWER9 v2.2 (bsc#1061840). - KVM: PPC: Book3S HV: Avoid crash from THP collapse during radix page fault (bsc#1061840). - KVM: PPC: Book3S HV: Avoid shifts by negative amounts (bsc#1061840). - KVM: PPC: Book3S HV: Check DR not IR to chose real vs virt mode MMIOs (bsc#1061840). - KVM: PPC: Book3S HV: Do not truncate HPTE index in xlate function (bsc#1061840). - KVM: PPC: Book3S HV: Do not use compound_order to determine host mapping size (bsc#1061840). - KVM: PPC: Book3S HV: Do not use existing 'prodded' flag for XIVE escalations (bsc#1061840). - KVM: PPC: Book 3S HV: Do ptesync in radix guest exit path (bsc#1061840). - KVM: PPC: Book3S HV: Do SLB load/unload with guest LPCR value loaded (bsc#1061840). - KVM: PPC: Book3S HV: Enable migration of decrementer register (bsc#1061840). - KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm (bsc#1061840). - KVM: PPC: Book3S HV: Fix conditions for starting vcpu (bsc#1061840). - KVM: PPC: Book3S HV: Fix constant size warning (bsc#1061840). - KVM: PPC: Book3S HV: Fix duplication of host SLB entries (bsc#1061840). - KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds (bsc#1061840). - KVM: PPC: Book3S HV: Fix handling of large pages in radix page fault handler (bsc#1061840). - KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing code (bsc#1061840). - KVM: PPC: Book3S HV: Fix inaccurate comment (bsc#1061840). - KVM: PPC: Book3S HV: Fix kvmppc_bad_host_intr for real mode interrupts (bsc#1061840). - KVM: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry (bsc#1061840). - KVM: PPC: Book3S HV: Fix typo in kvmppc_hv_get_dirty_log_radix() (bsc#1061840). - KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing (bsc#1061840). - KVM: PPC: Book3S HV: Handle 1GB pages in radix page fault handler (bsc#1061840). - KVM: PPC: Book3S HV: Improve handling of debug-trigger HMIs on POWER9 (bsc#1061840). - KVM: PPC: Book3S HV: Keep XIVE escalation interrupt masked unless ceded (bsc#1061840). - KVM: PPC: Book3S HV: Lockless tlbie for HPT hcalls (bsc#1061840). - KVM: PPC: Book3S HV: Make HPT resizing work on POWER9 (bsc#1061840). - KVM: PPC: Book3S HV: Make radix clear pte when unmapping (bsc#1061840). - KVM: PPC: Book3S HV: Make radix use correct tlbie sequence in kvmppc_radix_tlbie_page (bsc#1061840). - KVM: PPC: Book3S HV: Make xive_pushed a byte, not a word (bsc#1061840). - KVM: PPC: Book3S HV: Pack VCORE IDs to access full VCPU ID space (bsc#1061840). - KVM: PPC: Book3S HV: radix: Do not clear partition PTE when RC or write bits do not match (bsc#1061840). - KVM: PPC: Book3S HV: Radix page fault handler optimizations (bsc#1061840). - KVM: PPC: Book3S HV: radix: Refine IO region partition scope attributes (bsc#1061840). - KVM: PPC: Book3S HV: Read kvm->arch.emul_smt_mode under kvm->lock (bsc#1061840). - KVM: PPC: Book3S HV: Recursively unmap all page table entries when unmapping (bsc#1061840). - KVM: PPC: Book3S HV: Remove useless statement (bsc#1061840). - KVM: PPC: Book3S HV: Remove vcpu->arch.dec usage (bsc#1061840). - KVM: PPC: Book3S HV: Send kvmppc_bad_interrupt NMIs to Linux handlers (bsc#1061840). - KVM: PPC: Book3S HV: Set RWMR on POWER8 so PURR/SPURR count correctly (bsc#1061840). - KVM: PPC: Book3S HV: Snapshot timebase offset on guest entry (bsc#1061840). - KVM: PPC: Book3S HV: Streamline setting of reference and change bits (bsc#1061840). - KVM: PPC: Book3S HV: Use a helper to unmap ptes in the radix fault path (bsc#1061840). - KVM: PPC: Book3S HV: Use __gfn_to_pfn_memslot() in page fault handler (bsc#1061840). - KVM: PPC: Book3S HV: XIVE: Resend re-routed interrupts on CPU priority change (bsc#1061840). - KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm() (bsc#1061840). - KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file (bsc#1061840). - KVM: PPC: Book3S: Use correct page shift in H_STUFF_TCE (bsc#1061840). - KVM: PPC: Fix a mmio_host_swabbed uninitialized usage issue (bsc#1061840). - KVM: PPC: Make iommu_table::it_userspace big endian (bsc#1061840). - KVM: PPC: Move nip/ctr/lr/xer registers to pt_regs in kvm_vcpu_arch (bsc#1061840). - KVM: PPC: Use seq_puts() in kvmppc_exit_timing_show() (bsc#1061840). - KVM: s390: vsie: copy wrapping keys to right place (git-fixes). - KVM: SVM: Add MSR-based feature support for serializing LFENCE (bsc#1106240). - KVM: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb (bsc#1114279). - KVM: VMX: re-add ple_gap module parameter (bsc#1106240). - KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR (bsc#1106240). - KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry (bsc#1106240). - KVM: x86: Add a framework for supporting MSR-based features (bsc#1106240). - KVM: x86: define SVM/VMX specific kvm_arch_[alloc|free]_vm (bsc#1111506). - KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall (bsc#1106240). - KVM: X86: Introduce kvm_get_msr_feature() (bsc#1106240). - KVM/x86: kABI fix for vm_alloc/vm_free changes (bsc#1111506). - KVM: x86: Set highest physical address bits in non-present/reserved SPTEs (bsc#1106240). - libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839). - libceph: fall back to sendmsg for slab pages (bsc#1118316). - libertas: call into generic suspend code before turning off power (bsc#1051510). - libertas: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510). - libnvdimm, badrange: remove a WARN for list_empty (bsc#1112128). - libnvdimm, dimm: Maximize label transfer size (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm: Hold reference on parent while scheduling async init (bsc#1116891). - libnvdimm: Introduce locked DIMM capacity support (bsc#1112128). - libnvdimm, label: change nvdimm_num_label_slots per UEFI 2.7 (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm, label: Fix sparse warning (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm: move poison list functions to a new 'badrange' file (bsc#1112128). - libnvdimm/nfit_test: add firmware download emulation (bsc#1112128). - libnvdimm/nfit_test: adding support for unit testing enable LSS status (bsc#1112128). - libnvdimm, region: Fail badblocks listing for inactive regions (bsc#1116899). - libnvdimm, testing: Add emulation for smart injection commands (bsc#1112128). - libnvdimm, testing: update the default smart ctrl_temperature (bsc#1112128). - lib/ubsan: add type mismatch handler for new GCC/Clang (bsc#1051510). - lib/ubsan.c: s/missaligned/misaligned/ (bsc#1051510). - livepatch: create and include UAPI headers (). - llc: set SOCK_RCU_FREE in llc_sap_add_socket() (networking-stable-18_11_02). - lockd: fix 'list_add double add' caused by legacy signal interface (git-fixes). - loop: add recursion validation to LOOP_CHANGE_FD (bsc#1112711). - loop: do not call into filesystem while holding lo_ctl_mutex (bsc#1112710). - loop: fix LOOP_GET_STATUS lock imbalance (bsc#1113284). - mac80211: Always report TX status (bsc#1051510). - mac80211: fix TX status reporting for ieee80211s (bsc#1051510). - mac80211_hwsim: do not omit multicast announce of first added radio (bsc#1051510). - mac80211: minstrel: fix using short preamble CCK rates on HT clients (bsc#1051510). - mac80211: TDLS: fix skb queue/priority assignment (bsc#1051510). - mach64: detect the dot clock divider correctly on sparc (bsc#1051510). - mach64: fix display corruption on big endian machines (bsc#1113722) - mach64: fix image corruption due to reading accelerator registers (bsc#1113722) - mailbox: PCC: handle parse error (bsc#1051510). - make sure that __dentry_kill() always invalidates d_seq, unhashed or not (git-fixes). - md: allow metadata updates while suspending an array - fix (git-fixes). - MD: fix invalid stored role for a disk - try2 (git-fixes). - md: fix NULL dereference of mddev->pers in remove_and_add_spares() (git-fixes). - md/raid10: fix that replacement cannot complete recovery after reassemble (git-fixes). - md/raid1: add error handling of read error from FailFast device (git-fixes). - md/raid5-cache: disable reshape completely (git-fixes). - md/raid5: fix data corruption of replacements after originals dropped (git-fixes). - media: af9035: prevent buffer overflow on write (bsc#1051510). - media: cx231xx: fix potential sign-extension overflow on large shift (bsc#1051510). - media: dvb: fix compat ioctl translation (bsc#1051510). - media: em28xx: fix input name for Terratec AV 350 (bsc#1051510). - media: em28xx: use a default format if TRY_FMT fails (bsc#1051510). - media: pci: cx23885: handle adding to list failure (bsc#1051510). - media: tvp5150: avoid going past array on v4l2_querymenu() (bsc#1051510). - media: tvp5150: fix switch exit in set control handler (bsc#1051510). - media: tvp5150: fix width alignment during set_selection() (bsc#1051510). - media: uvcvideo: Fix uvc_alloc_entity() allocation alignment (bsc#1051510). - media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD (bsc#1051510). - media: vsp1: Fix YCbCr planar formats pitch calculation (bsc#1051510). - memory_hotplug: cond_resched in __remove_pages (bnc#1114178). - mfd: arizona: Correct calling of runtime_put_sync (bsc#1051510). - mfd: menelaus: Fix possible race condition and leak (bsc#1051510). - mfd: omap-usb-host: Fix dts probe of children (bsc#1051510). - mlxsw: spectrum: Fix IP2ME CPU policer configuration (networking-stable-18_11_21). - mmc: block: avoid multiblock reads for the last sector in SPI mode (bsc#1051510). - mmc: dw_mmc-rockchip: correct property names in debug (bsc#1051510). - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 (bsc#1051510). - mm: handle no memcg case in memcg_kmem_charge() properly (bnc#1113677). - mm/migrate: Use spin_trylock() while resetting rate limit (). - mm: /proc/pid/pagemap: hide swap entries from unprivileged users (Git-fixes bsc#1109907). - mm: rework memcg kernel stack accounting (bnc#1113677). - modpost: ignore livepatch unresolved relocations (). - mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts (bsc#1117819). - mount: Prevent MNT_DETACH from disconnecting locked mounts (bsc#1117820). - mount: Retest MNT_LOCKED in do_umount (bsc#1117818). - move changes without Git-commit out of sorted section - neighbour: confirm neigh entries when ARP packet is received (networking-stable-18_09_24). - net/af_iucv: drop inbound packets with invalid flags (bnc#1113501, LTC#172679). - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1113501, LTC#172679). - net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT (networking-stable-18_09_24). - net: aquantia: memory corruption on jumbo frames (networking-stable-18_10_16). - net: bcmgenet: Poll internal PHY for GENETv5 (networking-stable-18_11_02). - net: bcmgenet: protect stop from timeout (networking-stable-18_11_21). - net: bcmgenet: use MAC link status for fixed phy (networking-stable-18_09_11). - net: bridge: remove ipv6 zero address check in mcast queries (git-fixes). - net: dsa: bcm_sf2: Call setup during switch resume (networking-stable-18_10_16). - net: dsa: bcm_sf2: Fix unbind ordering (networking-stable-18_10_16). - net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1111696 bsc#1117561). - net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1111696 bsc#1117561). - net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1111696 bsc#1117561). - net: ena: complete host info to match latest ENA spec (bsc#1111696 bsc#1117561). - net: ena: enable Low Latency Queues (bsc#1111696 bsc#1117561). - net: ena: explicit casting and initialization, and clearer error handling (bsc#1111696 bsc#1117561). - net: ena: fix auto casting to boolean (bsc#1111696 bsc#1117561). - net: ena: fix compilation error in xtensa architecture (bsc#1111696 bsc#1117561). - net: ena: fix crash during failed resume from hibernation (bsc#1111696 bsc#1117561). - net: ena: fix indentations in ena_defs for better readability (bsc#1111696 bsc#1117561). - net: ena: Fix Kconfig dependency on X86 (bsc#1111696 bsc#1117561). - net: ena: fix NULL dereference due to untimely napi initialization (bsc#1111696 bsc#1117561). - net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1111696 bsc#1117561). - net: ena: fix warning in rmmod caused by double iounmap (bsc#1111696 bsc#1117561). - net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1111696 bsc#1117561). - net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1111696 bsc#1117561). - net: ena: minor performance improvement (bsc#1111696 bsc#1117561). - net: ena: remove ndo_poll_controller (bsc#1111696 bsc#1117561). - net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1111696 bsc#1117561). - net: ena: update driver version to 2.0.1 (bsc#1111696 bsc#1117561). - net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1111696 bsc#1117561). - net: fec: do not dump RX FIFO register when not available (networking-stable-18_11_02). - net-gro: reset skb->pkt_type in napi_reuse_skb() (networking-stable-18_11_21). - net: hns: fix for unmapping problem when SMMU is on (networking-stable-18_10_16). - net: hp100: fix always-true check for link up state (networking-stable-18_09_24). - net: ibm: fix return type of ndo_start_xmit function (). - net/ibmnvic: Fix deadlock problem in reset (). - net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431). - net: ipmr: fix unresolved entry dumps (networking-stable-18_11_02). - net: ipv4: do not let PMTU updates increase route MTU (git-fixes). - net/ipv6: Display all addresses in output of /proc/net/if_inet6 (networking-stable-18_10_16). - net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs (networking-stable-18_11_02). - netlabel: check for IPV4MASK in addrinfo_get (networking-stable-18_10_16). - net: macb: do not disable MDIO bus at open/close time (networking-stable-18_09_11). - net/mlx5: Check for error in mlx5_attach_interface (networking-stable-18_09_18). - net/mlx5e: Fix selftest for small MTUs (networking-stable-18_11_21). - net/mlx5e: Set vlan masks for all offloaded TC rules (networking-stable-18_10_16). - net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables (networking-stable-18_09_18). - net/mlx5: E-Switch, Fix out of bound access when setting vport rate (networking-stable-18_10_16). - net/mlx5: Fix debugfs cleanup in the device init/remove flow (networking-stable-18_09_18). - net/mlx5: Fix use-after-free in self-healing flow (networking-stable-18_09_18). - net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type (networking-stable-18_11_02). - net: mvpp2: Extract the correct ethtype from the skb for tx csum offload (networking-stable-18_10_16). - net: mvpp2: fix a txq_done race condition (networking-stable-18_10_16). - net/packet: fix packet drop as of virtio gso (networking-stable-18_10_16). - net: phy: mdio-gpio: Fix working over slow can_sleep GPIOs (networking-stable-18_11_21). - net: qca_spi: Fix race condition in spi transfers (networking-stable-18_09_18). - net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510). - net: sched: action_ife: take reference to meta module (networking-stable-18_09_11). - net/sched: act_pedit: fix dump of extended layered op (networking-stable-18_09_11). - net/sched: act_sample: fix NULL dereference in the data path (networking-stable-18_09_24). - net: sched: Fix for duplicate class dump (networking-stable-18_11_02). - net: sched: Fix memory exposure from short TCA_U32_SEL (networking-stable-18_09_11). - net: sched: gred: pass the right attribute to gred_change_table_def() (networking-stable-18_11_02). - net: smsc95xx: Fix MTU range (networking-stable-18_11_21). - net: socket: fix a missing-check bug (networking-stable-18_11_02). - net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules (networking-stable-18_11_02). - net: stmmac: Fixup the tail addr setting in xmit path (networking-stable-18_10_16). - net: systemport: Fix wake-up interrupt race during resume (networking-stable-18_10_16). - net: systemport: Protect stop from timeout (networking-stable-18_11_21). - net: udp: fix handling of CHECKSUM_COMPLETE packets (networking-stable-18_11_02). - net/usb: cancel pending work when unbinding smsc75xx (networking-stable-18_10_16). - NFC: nfcmrvl_uart: fix OF child-node lookup (bsc#1051510). - nfit_test: add error injection DSMs (bsc#1112128). - nfit_test: fix buffer overrun, add sanity check (bsc#1112128). - nfit_test: improve structure offset handling (bsc#1112128). - nfit_test: prevent parsing error of nfit_test.0 (bsc#1112128). - nfit_test: when clearing poison, also remove badrange entries (bsc#1112128). - nfp: wait for posted reconfigs when disabling the device (networking-stable-18_09_11). - NFS: Avoid quadratic search when freeing delegations (bsc#1084760). - NFS: Avoid RCU usage in tracepoints (git-fixes). - NFS: commit direct writes even if they fail partially (git-fixes). - nfsd4: permit layoutget of executable-only files (git-fixes). - nfsd: check for use of the closed special stateid (git-fixes). - nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0) (git-fixes). - nfsd: deal with revoked delegations appropriately (git-fixes). - nfsd: Ensure we check stateid validity in the seqid operation checks (git-fixes). - nfsd: Fix another OPEN stateid race (git-fixes). - nfsd: fix corrupted reply to badly ordered compound (git-fixes). - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (git-fixes). - nfsd: Fix stateid races between OPEN and CLOSE (git-fixes). - NFS: do not wait on commit in nfs_commit_inode() if there were no commit requests (git-fixes). - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir (git-fixes). - NFS: Ensure we commit after writeback is complete (bsc#1111809). - NFS: Fix an incorrect type in struct nfs_direct_req (git-fixes). - NFS: Fix a typo in nfs_rename() (git-fixes). - NFS: Fix typo in nomigration mount option (git-fixes). - NFS: Fix unstable write completion (git-fixes). - NFSv4.0 fix client reference leak in callback (git-fixes). - NFSv4.1: Fix a potential layoutget/layoutrecall deadlock (git-fixes). - NFSv4.1 fix infinite loop on I/O (git-fixes). - NFSv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY (git-fixes). - NFSv4.1: Fix up replays of interrupted requests (git-fixes). - NFSv4: Fix a typo in nfs41_sequence_process (git-fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT (bsc#1051510). - nospec: Include <asm/barrier.h> dependency (bsc#1114279). - nvdimm: Clarify comment in sizeof_namespace_index (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Remove empty if statement (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Sanity check labeloff (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Split label init out from the logic for getting config data (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Use namespace index data to reduce number of label reads needed (bsc#1111921, bsc#1113408, bsc#1113972). - nvme: Free ctrl device name on init failure (). - ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry (bsc#1117817). - ocfs2: fix locking for res->tracking and dlm->tracking_list (bsc#1117816). - ocfs2: fix ocfs2 read block panic (bsc#1117815). - ocfs2: free up write context when direct IO failed (bsc#1117821). - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (bsc#1117808). - of: add helper to lookup compatible child node (bsc#1106110) - openvswitch: Fix push/pop ethernet validation (networking-stable-18_11_02). - orangefs: fix deadlock; do not write i_size in read_iter (bsc#1051510). - orangefs: initialize op on loop restart in orangefs_devreq_read (bsc#1051510). - orangefs_kill_sb(): deal with allocation failures (bsc#1051510). - orangefs: use list_for_each_entry_safe in purge_waiting_ops (bsc#1051510). - PCI: Add Device IDs for Intel GPU 'spurious interrupt' quirk (bsc#1051510). - PCI/ASPM: Do not initialize link state when aspm_disabled is set (bsc#1051510). - PCI/ASPM: Fix link_state teardown on device removal (bsc#1051510). - PCI: dwc: remove duplicate fix References: bsc#1115269 Patch has been already applied by the following commit: 9f73db8b7c PCI: dwc: Fix enumeration end when reaching root subordinate (bsc#1051510) - PCI: hv: Do not wait forever on a device that has disappeared (bsc#1109806). - PCI: hv: Use effective affinity mask (bsc#1109772). - PCI: imx6: Fix link training status detection in link up check (bsc#1109806). - PCI: iproc: Remove PAXC slot check to allow VF support (bsc#1109806). - PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice (bsc#1051510). - PCI: Reprogram bridge prefetch registers on resume (bsc#1051510). - PCI: vmd: Assign vector zero to all bridges (bsc#1109806). - PCI: vmd: Detach resources after stopping root bus (bsc#1109806). - PCI: vmd: White list for fast interrupt handlers (bsc#1109806). - pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges (bsc#1051510). - percpu: make this_cpu_generic_read() atomic w.r.t. interrupts (bsc#1114279). - perf: fix invalid bit in diagnostic entry (git-fixes). - pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() (bsc#1051510). - pinctrl: meson: fix pinconf bias disable (bsc#1051510). - pinctrl: qcom: spmi-mpp: Fix drive strength setting (bsc#1051510). - pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux (bsc#1051510). - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant (bsc#1051510). - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant (bsc#1051510). - pipe: match pipe_max_size data type with procfs (git-fixes). - platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 (bsc#1051510). - platform/x86: intel_telemetry: report debugfs failure (bsc#1051510). - pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception (git-fixes). - pNFS: Do not release the sequence slot until we've processed layoutget on open (git-fixes). - pNFS: Prevent the layout header refcount going to zero in pnfs_roc() (git-fixes). - powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9 (bsc#1065729). - powerpc/boot: Fix opal console in boot wrapper (bsc#1065729). - powerpc/kvm/booke: Fix altivec related build break (bsc#1061840). - powerpc/kvm: Switch kvm pmd allocator to custom allocator (bsc#1061840). - powerpc/mm: Fix typo in comments (bsc#1065729). - powerpc/mm/hugetlb: initialize the pagetable cache correctly for hugetlb (bsc#1091800). - powerpc/mm/keys: Move pte bits to correct headers (bsc#1078248). - powerpc/mm: Rename find_linux_pte_or_hugepte() (bsc#1061840). - powerpc/npu-dma.c: Fix crash after __mmu_notifier_register failure (bsc#1055120). - powerpc/perf: Update raw-event code encoding comment for power8 (bsc#1065729). - powerpc/powernv: Add indirect levels to it_userspace (bsc#1061840). - powerpc/powernv: Do not select the cpufreq governors (bsc#1065729). - powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage (bsc#1055120). - powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled (bsc#1065729). - powerpc/powernv/ioda2: Reduce upper limit for DMA window size (bsc#1055120). - powerpc/powernv/ioda: Allocate indirect TCE levels on demand (bsc#1061840). - powerpc/powernv/ioda: Finish removing explicit max window size check (bsc#1061840). - powerpc/powernv/ioda: Remove explicit max window size check (bsc#1061840). - powerpc/powernv: Move TCE manupulation code to its own file (bsc#1061840). - powerpc/powernv/npu: Add lock to prevent race in concurrent context init/destroy (bsc#1055120). - powerpc/powernv/npu: Do not explicitly flush nmmu tlb (bsc#1055120). - powerpc/powernv/npu: Fix deadlock in mmio_invalidate() (bsc#1055120). - powerpc/powernv/npu: Prevent overwriting of pnv_npu2_init_contex() callback parameters (bsc#1055120). - powerpc/powernv/npu: Use flush_all_mm() instead of flush_tlb_mm() (bsc#1055120). - powerpc/powernv/pci: Work around races in PCI bridge enabling (bsc#1055120). - powerpc/powernv: Rework TCE level allocation (bsc#1061840). - powerpc/pseries: Fix build break for SPLPAR=n and CPU hotplug (bsc#1079524, git-fixes). - powerpc/pseries: Fix CONFIG_NUMA=n build (bsc#1067906, git-fixes). - powerpc/pseries: Fix DTL buffer registration (bsc#1065729). - powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1065729). - powerpc/pseries: Fix 'OF: ERROR: Bad of_node_put() on /cpus' during DLPAR (bsc#1113295). - powerpc/pseries/mobility: Extend start/stop topology update scope (bsc#1116950, bsc#1115709). - powerpc: pseries: remove dlpar_attach_node dependency on full path (bsc#1113295). - powerpc/xive: Move definition of ESB bits (bsc#1061840). - powerpc/xmon: Add ISA v3.0 SPRs to SPR dump (bsc#1061840). - power: supply: max8998-charger: Fix platform data retrieval (bsc#1051510). - pppoe: fix reception of frames with no mac header (networking-stable-18_09_24). - printk: drop in_nmi check from printk_safe_flush_on_panic() (bsc#1112170). - printk: Fix panic caused by passing log_buf_len to command line (bsc#1117168). - printk/tracing: Do not trace printk_nmi_enter() (bsc#1112208). - provide linux/set_memory.h (bsc#1113295). - ptp: fix Spectre v1 vulnerability (bsc#1051510). - pwm: lpss: Release runtime-pm reference from the driver's remove callback (bsc#1051510). - pxa168fb: prepare the clock (bsc#1051510). - qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface (bsc#1051510). - qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID (bsc#1051510). - qmi_wwan: Support dynamic config on Quectel EP06 (bsc#1051510). - qrtr: add MODULE_ALIAS macro to smd (bsc#1051510). - r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED (bsc#1051510). - r8169: fix NAPI handling under high load (networking-stable-18_11_02). - race of lockd inetaddr notifiers vs nlmsvc_rqst change (git-fixes). - RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 (git-fixes). - random: rate limit unseeded randomness warnings (git-fixes). - rculist: add list_for_each_entry_from_rcu() (bsc#1084760). - rculist: Improve documentation for list_for_each_entry_from_rcu() (bsc#1084760). - rds: fix two RCU related problems (networking-stable-18_09_18). - README: Clean-up trailing whitespace - reiserfs: add check to detect corrupted directory entry (bsc#1109818). - reiserfs: do not panic on bad directory entries (bsc#1109818). - remoteproc: qcom: Fix potential device node leaks (bsc#1051510). - rename a hv patch to reduce conflicts in -AZURE - reset: hisilicon: fix potential NULL pointer dereference (bsc#1051510). - reset: imx7: Fix always writing bits as 0 (bsc#1051510). - resource: Include resource end in walk_*() interfaces (bsc#1114279). - Revert 'ceph: fix dentry leak in splice_dentry()' (bsc#1114839). - Revert 'powerpc/64: Fix checksum folding in csum_add()' (bsc#1065729). - Revert 'rpm/kernel-binary.spec.in: allow unsupported modules for -extra' - Revert 'usb: dwc3: gadget: skip Set/Clear Halt when invalid' (bsc#1051510). - rpmsg: Correct support for MODULE_DEVICE_TABLE() (git-fixes). - rtnetlink: Disallow FDB configuration for non-Ethernet device (networking-stable-18_11_02). - rtnetlink: fix rtnl_fdb_dump() for ndmsg header (networking-stable-18_10_16). - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 (networking-stable-18_10_16). - s390/cpum_sf: Add data entry sizes to sampling trailer entry (git-fixes). - s390/kvm: fix deadlock when killed by oom (bnc#1113501, LTC#172235). - s390/mm: Check for valid vma before zapping in gmap_discard (git-fixes). - s390/mm: correct allocate_pgste proc_handler callback (git-fixes). - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1113501, LTC#172682). - s390/qeth: fix HiperSockets sniffer (bnc#1113501, LTC#172953). - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1113501, LTC#172682). - s390/qeth: handle failure on workqueue creation (git-fixes). - s390/qeth: report 25Gbit link speed (bnc#1113501, LTC#172959). - s390: revert ELF_ET_DYN_BASE base changes (git-fixes). - s390/sclp_tty: enable line mode tty even if there is an ascii console (git-fixes). - s390/sthyi: add cache to store hypervisor info (LTC#160415, bsc#1068273). - s390/sthyi: add s390_sthyi system call (LTC#160415, bsc#1068273). - s390/sthyi: reorganize sthyi implementation (LTC#160415, bsc#1068273). - sched/numa: Limit the conditions where scan period is reset (). - scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246). - scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246). - scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bsc#1114578). - scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1104731). - scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1104731). - scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731). - scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731). - scsi: libsas: remove irq save in sas_ata_qc_issue() (bsc#1114580). - scsi: lpfc: add support to retrieve firmware logs (bsc#1114015). - scsi: lpfc: add Trunking support (bsc#1114015). - scsi: lpfc: Correct errors accessing fw log (bsc#1114015). - scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 (bsc#1114015). - scsi: lpfc: Correct irq handling via locks when taking adapter offline (bsc#1114015). - scsi: lpfc: Correct LCB RJT handling (bsc#1114015). - scsi: lpfc: Correct loss of fc4 type on remote port address change (bsc#1114015). - scsi: lpfc: Correct race with abort on completion path (bsc#1114015). - scsi: lpfc: Correct soft lockup when running mds diagnostics (bsc#1114015). - scsi: lpfc: Correct speeds on SFP swap (bsc#1114015). - scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces (bsc#1114015). - scsi: lpfc: Fix errors in log messages (bsc#1114015). - scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN (bsc#1114015). - scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event (bsc#1114015). - scsi: lpfc: Fix lpfc_sli4_read_config return value check (bsc#1114015). - scsi: lpfc: Fix odd recovery in duplicate FLOGIs in point-to-point (bsc#1114015). - scsi: lpfc: Implement GID_PT on Nameserver query to support faster failover (bsc#1114015). - scsi: lpfc: Raise nvme defaults to support a larger io and more connectivity (bsc#1114015). - scsi: lpfc: raise sg count for nvme to use available sg resources (bsc#1114015). - scsi: lpfc: reduce locking when updating statistics (bsc#1114015). - scsi: lpfc: Remove set but not used variable 'sgl_size' (bsc#1114015). - scsi: lpfc: Reset link or adapter instead of doing infinite nameserver PLOGI retry (bsc#1114015). - scsi: lpfc: Synchronize access to remoteport via rport (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.7 (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.8 (bsc#1114015). - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1114581). - scsi: scsi_transport_srp: Fix shost to rport translation (bsc#1114582). - scsi: sg: fix minor memory leak in error path (bsc#1114584). - scsi: sysfs: Introduce sysfs_{un,}break_active_protection() (bsc#1114578). - scsi: target: Fix fortify_panic kernel exception (bsc#1114576). - scsi: target/tcm_loop: Avoid that static checkers warn about dead code (bsc#1114577). - scsi: target: tcmu: add read length support (bsc#1097755). - sctp: fix race on sctp_id2asoc (networking-stable-18_11_02). - sctp: fix strchange_flags name for Stream Change Event (networking-stable-18_11_21). - sctp: hold transport before accessing its asoc in sctp_transport_get_next (networking-stable-18_09_11). - sctp: not allow to set asoc prsctp_enable by sockopt (networking-stable-18_11_21). - sctp: not increase stream's incnt before sending addstrm_in request (networking-stable-18_11_21). - sctp: update dst pmtu with the correct daddr (networking-stable-18_10_16). - serial: 8250: Fix clearing FIFOs in RS485 mode again (bsc#1051510). - signal: Properly deliver SIGSEGV from x86 uprobes (bsc#1110006). - skip LAYOUTRETURN if layout is invalid (git-fixes). - smb2: fix missing files in root share directory listing (bsc#1112907). - smb2: fix missing files in root share directory listing (bsc#1112907). - smb3: fill in statfs fsid and correct namelen (bsc#1112905). - smb3: fill in statfs fsid and correct namelen (bsc#1112905). - smb3: fix reset of bytes read and written stats (bsc#1112906). - smb3: fix reset of bytes read and written stats (bsc#1112906). - smb3: on reconnect set PreviousSessionId field (bsc#1112899). - smb3: on reconnect set PreviousSessionId field (bsc#1112899). - soc: fsl: qbman: qman: avoid allocating from non existing gen_pool (bsc#1051510). - soc/tegra: pmc: Fix child-node lookup (bsc#1051510). - soc: ti: QMSS: Fix usage of irq_set_affinity_hint (bsc#1051510). - sound: do not call skl_init_chip() to reset intel skl soc (bsc#1051510). - sound: enable interrupt after dma buffer initialization (bsc#1051510). - spi/bcm63xx-hsspi: keep pll clk enabled (bsc#1051510). - spi: bcm-qspi: switch back to reading flash using smaller chunks (bsc#1051510). - spi: sh-msiof: fix deferred probing (bsc#1051510). - staging: comedi: ni_mio_common: protect register write overflow (bsc#1051510). - staging:iio:ad7606: fix voltage scales (bsc#1051510). - staging: rtl8723bs: Fix the return value in case of error in 'rtw_wx_read32()' (bsc#1051510). - staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510). - sunrpc: Allow connect to return EHOSTUNREACH (git-fixes). - sunrpc: Do not use stack buffer with scatterlist (git-fixes). - sunrpc: Fix rpc_task_begin trace point (git-fixes). - sunrpc: Fix tracepoint storage issues with svc_recv and svc_rqst_status (git-fixes). - target: fix buffer offset in core_scsi3_pri_read_full_status (bsc1117349). - target: log Data-Out timeouts as errors (bsc#1095805). - target: log NOP ping timeouts as errors (bsc#1095805). - target: split out helper for cxn timeout error stashing (bsc#1095805). - target: stash sess_err_stats on Data-Out timeout (bsc#1095805). - target: use ISCSI_IQN_LEN in iscsi_target_stat (bsc#1095805). - tcp: do not restart timewait timer on rst reception (networking-stable-18_09_11). - test_firmware: fix error return getting clobbered (bsc#1051510). - tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths (networking-stable-18_11_21). - thermal: bcm2835: enable hwmon explicitly (bsc#1108468). - thermal: da9062/61: Prevent hardware access during system suspend (bsc#1051510). - thermal: rcar_thermal: Prevent hardware access during system suspend (bsc#1051510). - tipc: do not assume linear buffer when reading ancillary data (networking-stable-18_11_21). - tipc: fix a missing rhashtable_walk_exit() (networking-stable-18_09_11). - tipc: fix flow control accounting for implicit connect (networking-stable-18_10_16). - tools build: fix # escaping in .cmd files for future Make (git-fixes). - tools/testing/nvdimm: advertise a write cache for nfit_test (bsc#1112128). - tools/testing/nvdimm: allow custom error code injection (bsc#1112128). - tools/testing/nvdimm: disable labels for nfit_test.1 (bsc#1112128). - tools/testing/nvdimm: enable labels for nfit_test.1 dimms (bsc#1112128). - tools/testing/nvdimm: fix missing newline in nfit_test_dimm 'handle' attribute (bsc#1112128). - tools/testing/nvdimm: Fix support for emulating controller temperature (bsc#1112128). - tools/testing/nvdimm: force nfit_test to depend on instrumented modules (bsc#1112128). - tools/testing/nvdimm: improve emulation of smart injection (bsc#1112128). - tools/testing/nvdimm: kaddr and pfn can be NULL to ->direct_access() (bsc#1112128). - tools/testing/nvdimm: Make DSM failure code injection an override (bsc#1112128). - tools/testing/nvdimm: smart alarm/threshold control (bsc#1112128). - tools/testing/nvdimm: stricter bounds checking for error injection commands (bsc#1112128). - tools/testing/nvdimm: support nfit_test_dimm attributes under nfit_test.1 (bsc#1112128). - tools/testing/nvdimm: unit test clear-error commands (bsc#1112128). - tools/vm/page-types.c: fix 'defined but not used' warning (bsc#1051510). - tools/vm/slabinfo.c: fix sign-compare warning (bsc#1051510). - tpm2-cmd: allow more attempts for selftest execution (bsc#1082555). - tpm: add retry logic (bsc#1082555). - tpm: consolidate the TPM startup code (bsc#1082555). - tpm: do not suspend/resume if power stays on (bsc#1082555). - tpm: fix intermittent failure with self tests (bsc#1082555). - tpm: fix response size validation in tpm_get_random() (bsc#1082555). - tpm: move endianness conversion of ordinals to tpm_input_header (bsc#1082555). - tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to tpm_input_header (bsc#1082555). - tpm: move the delay_msec increment after sleep in tpm_transmit() (bsc#1082555). - tpm: React correctly to RC_TESTING from TPM 2.0 self tests (bsc#1082555). - tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers (bsc#1082555). - tpm: Restore functionality to xen vtpm driver (bsc#1082555). - tpm: self test failure should not cause suspend to fail (bsc#1082555). - tpm: tpm-interface: fix tpm_transmit/_cmd kdoc (bsc#1082555). - tpm: Trigger only missing TPM 2.0 self tests (bsc#1082555). - tpm: Use dynamic delay to wait for TPM 2.0 self test result (bsc#1082555). - tpm: use tpm2_pcr_read() in tpm2_do_selftest() (bsc#1082555). - tpm: use tpm_buf functions in tpm2_pcr_read() (bsc#1082555). - tracing: Add barrier to trace_printk() buffer nesting modification (bsc#1112219). - tracing: Apply trace_clock changes to instance max buffer (bsc#1117188). - tracing: Erase irqsoff trace with empty write (bsc#1117189). - tty: check name length in tty_find_polling_driver() (bsc#1051510). - tty: Do not block on IO when ldisc change is pending (bnc#1105428). - tty: fix data race between tty_init_dev and flush of buf (bnc#1105428). - tty: Hold tty_ldisc_lock() during tty_reopen() (bnc#1105428). - tty/ldsem: Add lockdep asserts for ldisc_sem (bnc#1105428). - tty/ldsem: Convert to regular lockdep annotations (bnc#1105428). - tty/ldsem: Decrement wait_readers on timeouted down_read() (bnc#1105428). - tty/ldsem: Wake up readers after timed out down_write() (bnc#1105428). - tty: Simplify tty->count math in tty_reopen() (bnc#1105428). - tty: wipe buffer (bsc#1051510). - tty: wipe buffer if not echoing data (bsc#1051510). - tun: Consistently configure generic netdev params via rtnetlink (bsc#1051510). - tuntap: fix multiqueue rx (networking-stable-18_11_21). - udp4: fix IP_CMSG_CHECKSUM for connected sockets (networking-stable-18_09_24). - udp6: add missing checks on edumux packet processing (networking-stable-18_09_24). - udp6: fix encap return code for resubmitting (git-fixes). - uio: ensure class is registered before devices (bsc#1051510). - uio: Fix an Oops on load (bsc#1051510). - uio: make symbol 'uio_class_registered' static (bsc#1051510). - Update config files. Enabled ENA (Amazon network driver) for arm64. - usb: cdc-acm: add entry for Hiro (Conexant) modem (bsc#1051510). - usb: chipidea: Prevent unbalanced IRQ disable (bsc#1051510). - usb: core: Fix hub port connection events lost (bsc#1051510). - usb: dwc2: host: do not delay retries for CONTROL IN transfers (bsc#1114385). - usb: dwc2: host: Do not retry NAKed transactions right away (bsc#1114385). - usb: dwc3: core: Clean up ULPI device (bsc#1051510). - usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers (bsc#1051510). - usb: dwc3: gadget: Properly check last unaligned/zero chain TRB (bsc#1051510). - usb: gadget: fsl_udc_core: check allocation return value and cleanup on failure (bsc#1051510). - usb: gadget: fsl_udc_core: fixup struct_udc_setup documentation (bsc#1051510). - usb: gadget: storage: Fix Spectre v1 vulnerability (bsc#1051510). - usb: gadget: udc: atmel: handle at91sam9rl PMC (bsc#1051510). - usb: gadget: u_ether: fix unsafe list iteration (bsc#1051510). - usb: host: ohci-at91: fix request of irq for optional gpio (bsc#1051510). - usbip: tools: fix atoi() on non-null terminated string (bsc#1051510). - usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten (bsc#1051510). - usb: misc: appledisplay: add 20' Apple Cinema Display (bsc#1051510). - usbnet: smsc95xx: disable carrier check while suspending (bsc#1051510). - usb: omap_udc: fix rejection of out transfers when DMA is used (bsc#1051510). - usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bsc#1051510). - usb: quirks: Add no-lpm quirk for Raydium touchscreens (bsc#1051510). - usb: remove LPM management from usb_driver_claim_interface() (bsc#1051510). - usb: serial: cypress_m8: fix interrupt-out transfer length (bsc#1051510). - usb: serial: option: add two-endpoints device-id flag (bsc#1051510). - usb: serial: option: drop redundant interface-class test (bsc#1051510). - usb: serial: option: improve Quectel EP06 detection (bsc#1051510). - usb: xhci: fix timeout for transition from RExit to U0 (bsc#1051510). - userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access (bsc#1109739). - Use upstream version of pci-hyperv patch (35a88a1) - VFS: close race between getcwd() and d_move() (git-fixes). - VFS: fix freeze protection in mnt_want_write_file() for overlayfs (git-fixes). - vhost: Fix Spectre V1 vulnerability (bsc#1051510). - vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bsc#1051510). - virtio_net: avoid using netif_tx_disable() for serializing tx routine (networking-stable-18_11_02). - VMCI: Resource wildcard match fixed (bsc#1051510). - w1: omap-hdq: fix missing bus unregister at removal (bsc#1051510). - Workaround for mysterious NVMe breakage with i915 CFL (bsc#1111040). - x86/acpi: Prevent X2APIC id 0xffffffff from being accounted (bsc#1110006). - x86/boot/KASLR: Work around firmware bugs by excluding EFI_BOOT_SERVICES_* and EFI_LOADER_* from KASLR's choice (bnc#1112878). - x86/boot: Move EISA setup to a separate file (bsc#1110006). - x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided (bsc#1110006). - x86/cpufeature: Add User-Mode Instruction Prevention definitions (bsc#1110006). - x86/cpufeatures: Add Intel Total Memory Encryption cpufeature (bsc#1110006). - x86/cpu/vmware: Do not trace vmware_sched_clock() (bsc#1114279). - x86/eisa: Add missing include (bsc#1110006). - x86/EISA: Do not probe EISA bus for Xen PV guests (bsc#1110006). - x86/fpu: Remove second definition of fpu in __fpu__restore_sig() (bsc#1110006). - x86, hibernate: Fix nosave_regions setup for hibernation (bsc#1110006). - x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772). - x86/kasan: Panic if there is not enough memory to boot (bsc#1110006). - x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error (bsc#1114279). - x86/ldt: Remove unused variable in map_ldt_struct() (bsc#1114279). - x86/ldt: Split out sanity check in map_ldt_struct() (bsc#1114279). - x86/ldt: Unmap PTEs for the slot before freeing LDT pages (bsc#1114279). - x86/MCE/AMD: Fix the thresholding machinery initialization order (bsc#1114279). - x86/MCE: Fix stack out-of-bounds write in mce-inject.c: Flags_read() (bsc#1110006). - x86/MCE: Make correctable error detection look at the Deferred bit (bsc#1114279). - x86/mm/pat: Disable preemption around __flush_tlb_all() (bsc#1114279). - x86, nfit_test: Add unit test for memcpy_mcsafe() (bsc#1112128). - x86/paravirt: Fix some warning messages (bnc#1065600). - x86/percpu: Fix this_cpu_read() (bsc#1110006). - x86/speculation: Support Enhanced IBRS on future CPUs (). - x86/time: Correct the attribute on jiffies' definition (bsc#1110006). - x86/xen: Fix boot loader version reported for PVH guests (bnc#1065600). - xen/balloon: Support xend-based toolstack (bnc#1065600). - xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062). - xen: fix race in xen_qlock_wait() (bnc#1107256). - xen: fix xen_qlock_wait() (bnc#1107256). - xen/gntdev: avoid out of bounds access in case of partial gntdev_mmap() (bnc#1065600). - xen: make xen_qlock_wait() nestable (bnc#1107256). - xen/netfront: do not bug in case of too many frags (bnc#1104824). - xen/pvh: do not try to unplug emulated devices (bnc#1065600). - xen/pvh: increase early stack size (bnc#1065600). - xen: Remove unnecessary BUG_ON from __unbind_from_irq() (bnc#1065600). - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent (bnc#1065600). - xen-swiotlb: use actually allocated size on check physical continuous (bnc#1065600). - xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfs: do not fail when converting shortform attr to long form during ATTR_REPLACE (bsc#1105025). - xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes). - xfs: Properly detect when DAX won't be used on any device (bsc#1115976). - xhci: Add check for invalid byte size error when UAS devices are connected (bsc#1051510). - xhci: Do not print a warning when setting link state for disabled ports (bsc#1051510). - xhci: Fix leaking USB3 shared_hcd at xhci removal (bsc#1051510). - xprtrdma: Do not defer fencing an async RPC's chunks (git-fixes). Important SUSE bug 1051510 SUSE bug 1055120 SUSE bug 1061840 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1066674 SUSE bug 1067906 SUSE bug 1068273 SUSE bug 1076830 SUSE bug 1078248 SUSE bug 1079524 SUSE bug 1082555 SUSE bug 1082653 SUSE bug 1083647 SUSE bug 1084760 SUSE bug 1084831 SUSE bug 1085535 SUSE bug 1086196 SUSE bug 1089350 SUSE bug 1091800 SUSE bug 1094825 SUSE bug 1095805 SUSE bug 1097755 SUSE bug 1100132 SUSE bug 1103356 SUSE bug 1103925 SUSE bug 1104124 SUSE bug 1104731 SUSE bug 1104824 SUSE bug 1105025 SUSE bug 1105428 SUSE bug 1106105 SUSE bug 1106110 SUSE bug 1106237 SUSE bug 1106240 SUSE bug 1107256 SUSE bug 1107385 SUSE bug 1107866 SUSE bug 1108377 SUSE bug 1108468 SUSE bug 1109330 SUSE bug 1109739 SUSE bug 1109772 SUSE bug 1109806 SUSE bug 1109818 SUSE bug 1109907 SUSE bug 1109911 SUSE bug 1109915 SUSE bug 1109919 SUSE bug 1109951 SUSE bug 1110006 SUSE bug 1110998 SUSE bug 1111040 SUSE bug 1111062 SUSE bug 1111174 SUSE bug 1111506 SUSE bug 1111696 SUSE bug 1111809 SUSE bug 1111921 SUSE bug 1111983 SUSE bug 1112128 SUSE bug 1112170 SUSE bug 1112173 SUSE bug 1112208 SUSE bug 1112219 SUSE bug 1112221 SUSE bug 1112246 SUSE bug 1112372 SUSE bug 1112514 SUSE bug 1112554 SUSE bug 1112708 SUSE bug 1112710 SUSE bug 1112711 SUSE bug 1112712 SUSE bug 1112713 SUSE bug 1112731 SUSE bug 1112732 SUSE bug 1112733 SUSE bug 1112734 SUSE bug 1112735 SUSE bug 1112736 SUSE bug 1112738 SUSE bug 1112739 SUSE bug 1112740 SUSE bug 1112741 SUSE bug 1112743 SUSE bug 1112745 SUSE bug 1112746 SUSE bug 1112878 SUSE bug 1112894 SUSE bug 1112899 SUSE bug 1112902 SUSE bug 1112903 SUSE bug 1112905 SUSE bug 1112906 SUSE bug 1112907 SUSE bug 1112963 SUSE bug 1113257 SUSE bug 1113284 SUSE bug 1113295 SUSE bug 1113408 SUSE bug 1113412 SUSE bug 1113501 SUSE bug 1113667 SUSE bug 1113677 SUSE bug 1113722 SUSE bug 1113751 SUSE bug 1113769 SUSE bug 1113780 SUSE bug 1113972 SUSE bug 1114015 SUSE bug 1114178 SUSE bug 1114279 SUSE bug 1114385 SUSE bug 1114576 SUSE bug 1114577 SUSE bug 1114578 SUSE bug 1114579 SUSE bug 1114580 SUSE bug 1114581 SUSE bug 1114582 SUSE bug 1114583 SUSE bug 1114584 SUSE bug 1114585 SUSE bug 1114839 SUSE bug 1115074 SUSE bug 1115269 SUSE bug 1115431 SUSE bug 1115433 SUSE bug 1115440 SUSE bug 1115567 SUSE bug 1115709 SUSE bug 1115976 SUSE bug 1116183 SUSE bug 1116692 SUSE bug 1116693 SUSE bug 1116698 SUSE bug 1116699 SUSE bug 1116700 SUSE bug 1116701 SUSE bug 1116862 SUSE bug 1116863 SUSE bug 1116876 SUSE bug 1116877 SUSE bug 1116878 SUSE bug 1116891 SUSE bug 1116895 SUSE bug 1116899 SUSE bug 1116950 SUSE bug 1117168 SUSE bug 1117172 SUSE bug 1117174 SUSE bug 1117181 SUSE bug 1117184 SUSE bug 1117188 SUSE bug 1117189 SUSE bug 1117349 SUSE bug 1117561 SUSE bug 1117788 SUSE bug 1117789 SUSE bug 1117790 SUSE bug 1117791 SUSE bug 1117792 SUSE bug 1117794 SUSE bug 1117795 SUSE bug 1117796 SUSE bug 1117798 SUSE bug 1117799 SUSE bug 1117801 SUSE bug 1117802 SUSE bug 1117803 SUSE bug 1117804 SUSE bug 1117805 SUSE bug 1117806 SUSE bug 1117807 SUSE bug 1117808 SUSE bug 1117815 SUSE bug 1117816 SUSE bug 1117817 SUSE bug 1117818 SUSE bug 1117819 SUSE bug 1117820 SUSE bug 1117821 SUSE bug 1117822 SUSE bug 1118102 SUSE bug 1118136 SUSE bug 1118137 SUSE bug 1118138 SUSE bug 1118140 SUSE bug 1118152 SUSE bug 1118316 CVE-2017-16533 CVE-2017-18224 CVE-2018-18281 CVE-2018-18386 CVE-2018-18445 CVE-2018-18710 CVE-2018-19824 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). Non-security issues fixed: - Fix vfs_ceph ftruncate and fallocate handling (bsc#1127153). - Abide by load_printers smb.conf parameter (bsc#1124223). - s3:winbindd: let normalize_name_map() call find_domain_from_name_noinit() (bsc#1123755). - s3:passdb: Do not return OK if we don't have pinfo set up (bsc#1099590). - s3:winbind: Fix regression (bsc#1123755). Moderate SUSE bug 1099590 SUSE bug 1123755 SUSE bug 1124223 SUSE bug 1127153 SUSE bug 1131060 CVE-2019-3880 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 This update for pacemaker fixes the following issues: Security issues fixed: - CVE-2019-3885: Fixed an information disclosure in log output. (bsc#1131357) - CVE-2018-16877: Fixed a local privilege escalation through insufficient IPC client-server authentication. (bsc#1131356) - CVE-2018-16878: Fixed a denial of service through insufficient verification inflicted preference of uncontrolled processes. (bsc#1131353) Non-security issue fixed: - scheduler: Respect the order of constraints when relevant resources are being probed. (bsc#1117934, bsc#1128374) Important SUSE bug 1117381 SUSE bug 1117934 SUSE bug 1128374 SUSE bug 1128772 SUSE bug 1131353 SUSE bug 1131356 SUSE bug 1131357 CVE-2018-16877 CVE-2018-16878 CVE-2019-3885 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) This kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 The following security bugs were fixed: - CVE-2018-16880: A flaw was found in the handle_rx() function in the vhost_net driver. A malicious virtual guest, under specific conditions, could trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (bnc#1122767). - CVE-2019-3882: A flaw was found in the vfio interface implementation that permitted violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). (bnc#1131416 bnc#1131427). - CVE-2019-9003: Attackers could trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a 'service ipmievd restart' loop (bnc#1126704). - CVE-2019-9500: A brcmfmac heap buffer overflow in brcmf_wowl_nd_results was fixed. (bnc#1132681). - CVE-2019-9503: A brcmfmac frame validation bypass was fixed. (bnc#1132828). The following non-security bugs were fixed: - 9p: do not trust pdu content for stat item size (bsc#1051510). - ACPI: acpi_pad: Do not launch acpi_pad threads on idle cpus (bsc#1113399). - acpi, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#1112128) (bsc#1132426). - ACPI / SBS: Fix GPE storm on recent MacBookPro's (bsc#1051510). - alsa: core: Fix card races between register and disconnect (bsc#1051510). - alsa: echoaudio: add a check for ioremap_nocache (bsc#1051510). - alsa: firewire: add const qualifier to identifiers for read-only symbols (bsc#1051510). - alsa: firewire-motu: add a flag for AES/EBU on XLR interface (bsc#1051510). - alsa: firewire-motu: add specification flag for position of flag for MIDI messages (bsc#1051510). - alsa: firewire-motu: add support for MOTU Audio Express (bsc#1051510). - alsa: firewire-motu: add support for Motu Traveler (bsc#1051510). - alsa: firewire-motu: use 'version' field of unit directory to identify model (bsc#1051510). - alsa: hda - add Lenovo IdeaCentre B550 to the power_save_blacklist (bsc#1051510). - alsa: hda - Add two more machines to the power_save_blacklist (bsc#1051510). - alsa: hda - Enforces runtime_resume after S3 and S4 for each codec (bsc#1051510). - alsa: hda: Initialize power_state field properly (bsc#1051510). - alsa: hda/realtek - Add new Dell platform for headset mode (bsc#1051510). - alsa: hda/realtek - Add quirk for Tuxedo XC 1509 (bsc#1131442). - alsa: hda/realtek - Add support for Acer Aspire E5-523G/ES1-432 headset mic (bsc#1051510). - alsa: hda/realtek - Add support headset mode for DELL WYSE AIO (bsc#1051510). - alsa: hda/realtek - Add support headset mode for New DELL WYSE NB (bsc#1051510). - alsa: hda/realtek - add two more pin configuration sets to quirk table (bsc#1051510). - alsa: hda/realtek - Apply the fixup for ASUS Q325UAR (bsc#1051510). - alsa: hda/realtek: Enable ASUS X441MB and X705FD headset MIC with ALC256 (bsc#1051510). - alsa: hda/realtek: Enable headset MIC of Acer AIO with ALC286 (bsc#1051510). - alsa: hda/realtek: Enable headset MIC of Acer Aspire Z24-890 with ALC286 (bsc#1051510). - alsa: hda/realtek: Enable headset mic of ASUS P5440FF with ALC256 (bsc#1051510). - alsa: hda/realtek - Fixed Dell AIO speaker noise (bsc#1051510). - alsa: hda - Record the current power state before suspend/resume calls (bsc#1051510). - alsa: info: Fix racy addition/deletion of nodes (bsc#1051510). - alsa: line6: use dynamic buffers (bsc#1051510). - alsa: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration (bsc#1051510). - alsa: PCM: check if ops are defined before suspending PCM (bsc#1051510). - alsa: pcm: Do not suspend stream in unrecoverable PCM state (bsc#1051510). - alsa: pcm: Fix possible OOB access in PCM oss plugins (bsc#1051510). - alsa: rawmidi: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: sb8: add a check for request_region (bsc#1051510). - alsa: seq: Fix OOB-reads from strlcpy (bsc#1051510). - alsa: seq: oss: Fix Spectre v1 vulnerability (bsc#1051510). - ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe (bsc#1051510). - ASoC: fsl_esai: fix channel swap issue when stream starts (bsc#1051510). - ASoC: topology: free created components in tplg load error (bsc#1051510). - assume flash part size to be 4MB, if it can't be determined (bsc#1127371). - ath10k: avoid possible string overflow (bsc#1051510). - auxdisplay: hd44780: Fix memory leak on ->remove() (bsc#1051510). - auxdisplay: ht16k33: fix potential user-after-free on module unload (bsc#1051510). - batman-adv: Reduce claim hash refcnt only for removed entry (bsc#1051510). - batman-adv: Reduce tt_global hash refcnt only for removed entry (bsc#1051510). - batman-adv: Reduce tt_local hash refcnt only for removed entry (bsc#1051510). - bcm2835 MMC issues (bsc#1070872). - blkcg: Introduce blkg_root_lookup() (bsc#1131673). - blkcg: Make blkg_root_lookup() work for queues in bypass mode (bsc#1131673). - blk-mq: adjust debugfs and sysfs register when updating nr_hw_queues (bsc#1131673). - blk-mq: Avoid that submitting a bio concurrently with device removal triggers a crash (bsc#1131673). - blk-mq: change gfp flags to GFP_NOIO in blk_mq_realloc_hw_ctxs (bsc#1131673). - blk-mq: fallback to previous nr_hw_queues when updating fails (bsc#1131673). - blk-mq: init hctx sched after update ctx and hctx mapping (bsc#1131673). - blk-mq: realloc hctx when hw queue is mapped to another node (bsc#1131673). - blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter (bsc#1131673). - block: Ensure that a request queue is dissociated from the cgroup controller (bsc#1131673). - block: Fix a race between request queue removal and the block cgroup controller (bsc#1131673). - block: Introduce blk_exit_queue() (bsc#1131673). - block: kABI fixes for bio_rewind_iter() removal (bsc#1131673). - block: remove bio_rewind_iter() (bsc#1131673). - bluetooth: btusb: request wake pin with NOAUTOEN (bsc#1051510). - bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt (bsc#1051510). - bluetooth: Fix decrementing reference count twice in releasing socket (bsc#1051510). - bluetooth: hci_ldisc: Initialize hci_dev before open() (bsc#1051510). - bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto() (bsc#1051510). - bluetooth: hci_uart: Check if socket buffer is ERR_PTR in h4_recv_buf() (bsc#1133731). - bnxt_en: Drop oversize TX packets to prevent errors (networking-stable-19_03_07). - bonding: fix PACKET_ORIGDEV regression (git-fixes). - bpf: fix use after free in bpf_evict_inode (bsc#1083647). - btrfs: Avoid possible qgroup_rsv_size overflow in btrfs_calculate_inode_block_rsv_size (git-fixes). - btrfs: check for refs on snapshot delete resume (bsc#1131335). - btrfs: fix assertion failure on fsync with NO_HOLES enabled (bsc#1131848). - btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks (git-fixes). - btrfs: fix deadlock between clone/dedupe and rename (bsc#1130518). - btrfs: fix incorrect file size after shrinking truncate and fsync (bsc#1130195). - btrfs: remove WARN_ON in log_dir_items (bsc#1131847). - btrfs: save drop_progress if we drop refs at all (bsc#1131336). - cdrom: Fix race condition in cdrom_sysctl_register (bsc#1051510). - cgroup: fix parsing empty mount option string (bsc#1133094). - cifs: allow guest mounts to work for smb3.11 (bsc#1051510). - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510). - cifs: do not dereference smb_file_target before null check (bsc#1051510). - cifs: Do not hide EINTR after sending network packets (bsc#1051510). - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510). - cifs: Do not reset lease state to NONE on lease break (bsc#1051510). - cifs: Fix adjustment of credits for MTU requests (bsc#1051510). - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510). - cifs: Fix credits calculations for reads with errors (bsc#1051510). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542). - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510). - cifs: Fix potential OOB access of lock element array (bsc#1051510). - cifs: Fix read after write for files with read caching (bsc#1051510). - clk: clk-twl6040: Fix imprecise external abort for pdmclk (bsc#1051510). - clk: fractional-divider: check parent rate only if flag is set (bsc#1051510). - clk: ingenic: Fix doc of ingenic_cgu_div_info (bsc#1051510). - clk: ingenic: Fix round_rate misbehaving with non-integer dividers (bsc#1051510). - clk: rockchip: fix frac settings of GPLL clock for rk3328 (bsc#1051510). - clk: sunxi-ng: v3s: Fix TCON reset de-assert bit (bsc#1051510). - clk: vc5: Abort clock configuration without upstream clock (bsc#1051510). - clk: x86: Add system specific quirk to mark clocks as critical (bsc#1051510). - clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown (bsc#1051510). - clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR (bsc#1051510). - cpcap-charger: generate events for userspace (bsc#1051510). - cpufreq: pxa2xx: remove incorrect __init annotation (bsc#1051510). - cpufreq: tegra124: add missing of_node_put() (bsc#1051510). - cpupowerutils: bench - Fix cpu online check (bsc#1051510). - cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178). - crypto: caam - add missing put_device() call (bsc#1129770). - crypto: crypto4xx - properly set IV after de- and encrypt (bsc#1051510). - crypto: pcbc - remove bogus memcpy()s with src == dest (bsc#1051510). - crypto: sha256/arm - fix crash bug in Thumb2 build (bsc#1051510). - crypto: sha512/arm - fix crash bug in Thumb2 build (bsc#1051510). - crypto: x86/poly1305 - fix overflow during partial reduction (bsc#1051510). - cxgb4: Add capability to get/set SGE Doorbell Queue Timer Tick (bsc#1127371). - cxgb4: Added missing break in ndo_udp_tunnel_{add/del} (bsc#1127371). - cxgb4: Add flag tc_flower_initialized (bsc#1127371). - cxgb4: Add new T5 PCI device id 0x50ae (bsc#1127371). - cxgb4: Add new T5 PCI device ids 0x50af and 0x50b0 (bsc#1127371). - cxgb4: Add new T6 PCI device ids 0x608a (bsc#1127371). - cxgb4: add per rx-queue counter for packet errors (bsc#1127371). - cxgb4: Add support for FW_ETH_TX_PKT_VM_WR (bsc#1127371). - cxgb4: add support to display DCB info (bsc#1127371). - cxgb4: Add support to read actual provisioned resources (bsc#1127371). - cxgb4: collect ASIC LA dumps from ULP TX (bsc#1127371). - cxgb4: collect hardware queue descriptors (bsc#1127371). - cxgb4: collect number of free PSTRUCT page pointers (bsc#1127371). - cxgb4: convert flower table to use rhashtable (bsc#1127371). - cxgb4: cxgb4: use FW_PORT_ACTION_L1_CFG32 for 32 bit capability (bsc#1127371). - cxgb4/cxgb4vf: Add support for SGE doorbell queue timer (bsc#1127371). - cxgb4/cxgb4vf: Fix mac_hlist initialization and free (bsc#1127374). - cxgb4/cxgb4vf: Link management changes (bsc#1127371). - cxgb4/cxgb4vf: Program hash region for {t4/t4vf}_change_mac() (bsc#1127371). - cxgb4: display number of rx and tx pages free (bsc#1127371). - cxgb4: do not return DUPLEX_UNKNOWN when link is down (bsc#1127371). - cxgb4: Export sge_host_page_size to ulds (bsc#1127371). - cxgb4: fix the error path of cxgb4_uld_register() (bsc#1127371). - cxgb4: impose mandatory VLAN usage when non-zero TAG ID (bsc#1127371). - cxgb4: Mask out interrupts that are not enabled (bsc#1127175). - cxgb4: move Tx/Rx free pages collection to common code (bsc#1127371). - cxgb4: remove redundant assignment to vlan_cmd.dropnovlan_fm (bsc#1127371). - cxgb4: Remove SGE_HOST_PAGE_SIZE dependency on page size (bsc#1127371). - cxgb4: remove the unneeded locks (bsc#1127371). - cxgb4: specify IQTYPE in fw_iq_cmd (bsc#1127371). - cxgb4: Support ethtool private flags (bsc#1127371). - cxgb4: update supported DCB version (bsc#1127371). - cxgb4: use new fw interface to get the VIN and smt index (bsc#1127371). - cxgb4vf: Few more link management changes (bsc#1127374). - cxgb4vf: fix memleak in mac_hlist initialization (bsc#1127374). - cxgb4vf: Update port information in cxgb4vf_open() (bsc#1127374). - device_cgroup: fix RCU imbalance in error case (bsc#1051510). - device property: Fix the length used in PROPERTY_ENTRY_STRING() (bsc#1051510). - Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc (bsc#1051510). - dmaengine: imx-dma: fix warning comparison of distinct pointer types (bsc#1051510). - dmaengine: qcom_hidma: assign channel cookie correctly (bsc#1051510). - dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid (bsc#1051510). - dmaengine: tegra: avoid overflow of byte tracking (bsc#1051510). - dm: disable DISCARD if the underlying storage no longer supports it (bsc#1114638). - Drivers: hv: vmbus: Offload the handling of channels to two workqueues (bsc#1130567). - Drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() (bsc#1130567). - drm: Auto-set allow_fb_modifiers when given modifiers at plane init (bsc#1051510). - drm: bridge: dw-hdmi: Fix overflow workaround for Rockchip SoCs (bsc#1113722) - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers (bsc#1051510). - drm/i915/bios: assume eDP is present on port A when there is no VBT (bsc#1051510). - drm/i915/gvt: Add in context mmio 0x20D8 to gen9 mmio list (bsc#1113722) - drm/i915/gvt: Annotate iomem usage (bsc#1051510). - drm/i915/gvt: do not deliver a workload if its creation fails (bsc#1051510). - drm/i915/gvt: do not let pin count of shadow mm go negative (bsc#1113722) - drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check (bsc#1051510). - drm/i915: Relax mmap VMA check (bsc#1051510). - drm/imx: ignore plane updates on disabled crtcs (bsc#1051510). - drm/imx: imx-ldb: add missing of_node_puts (bsc#1051510). - drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata() (bsc#1113722) - drm/meson: Fix invalid pointer in meson_drv_unbind() (bsc#1051510). - drm/meson: Uninstall IRQ handler (bsc#1051510). - drm/nouveau/debugfs: Fix check of pm_runtime_get_sync failure (bsc#1051510). - drm/nouveau: Stop using drm_crtc_force_disable (bsc#1051510). - drm/nouveau/volt/gf117: fix speedo readout register (bsc#1051510). - drm/rockchip: vop: reset scale mode when win is disabled (bsc#1113722) - drm/sun4i: Add missing drm_atomic_helper_shutdown at driver unbind (bsc#1113722) - drm/sun4i: Fix component unbinding and component master deletion (bsc#1113722) - drm/sun4i: Set device driver data at bind time for use in unbind (bsc#1113722) - drm/sun4i: Unbind components before releasing DRM and memory (bsc#1113722) - drm/udl: add a release method and delay modeset teardown (bsc#1085536) - drm/vc4: Fix memory leak during gpu reset. (bsc#1113722) - dsa: mv88e6xxx: Ensure all pending interrupts are handled prior to exit (networking-stable-19_02_20). - e1000e: fix cyclic resets at link up with active tx (bsc#1051510). - e1000e: Fix -Wformat-truncation warnings (bsc#1051510). - ext2: Fix underflow in ext2_max_size() (bsc#1131174). - ext4: add mask of ext4 flags to swap (bsc#1131170). - ext4: add missing brelse() in add_new_gdb_meta_bg() (bsc#1131176). - ext4: Avoid panic during forced reboot (bsc#1126356). - ext4: brelse all indirect buffer in ext4_ind_remove_space() (bsc#1131173). - ext4: cleanup bh release code in ext4_ind_remove_space() (bsc#1131851). - ext4: cleanup pagecache before swap i_data (bsc#1131178). - ext4: fix check of inode in swap_inode_boot_loader (bsc#1131177). - ext4: fix data corruption caused by unaligned direct AIO (bsc#1131172). - ext4: fix EXT4_IOC_SWAP_BOOT (bsc#1131180). - ext4: fix NULL pointer dereference while journal is aborted (bsc#1131171). - ext4: update quota information while swapping boot loader inode (bsc#1131179). - fbdev: fbmem: fix memory access if logo is bigger than the screen (bsc#1051510). - fix cgroup_do_mount() handling of failure exits (bsc#1133095). - Fix kabi after 'md: batch flush requests.' (bsc#1119680). - Fix struct page kABI after adding atomic for ppc (bsc#1131326, bsc#1108937). - fm10k: Fix a potential NULL pointer dereference (bsc#1051510). - fs: avoid fdput() after failed fdget() in vfs_dedupe_file_range() (bsc#1132384, bsc#1132219). - fs/dax: deposit pagetable even when installing zero page (bsc#1126740). - fs/nfs: Fix nfs_parse_devname to not modify it's argument (git-fixes). - futex: Cure exit race (bsc#1050549). - futex: Ensure that futex address is aligned in handle_futex_death() (bsc#1050549). - futex: Handle early deadlock return correctly (bsc#1050549). - gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input (bsc#1051510). - gpio: gpio-omap: fix level interrupt idling (bsc#1051510). - gpio: of: Fix of_gpiochip_add() error path (bsc#1051510). - gre6: use log_ecn_error module parameter in ip6_tnl_rcv() (git-fixes). - hid: i2c-hid: Ignore input report if there's no data present on Elan touchpanels (bsc#1133486). - hid: intel-ish-hid: avoid binding wrong ishtp_cl_device (bsc#1051510). - hid: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR busy_clear bit (bsc#1051510). - hv_netvsc: Fix IP header checksum for coalesced packets (networking-stable-19_03_07). - hv: reduce storvsc_ringbuffer_size from 1M to 128K to simplify booting with 1k vcpus (). - hv: reduce storvsc_ringbuffer_size from 1M to 128K to simplify booting with 1k vcpus (fate#323887). - hwrng: virtio - Avoid repeated init of completion (bsc#1051510). - i2c: Make i2c_unregister_device() NULL-aware (bsc#1108193). - i2c: tegra: fix maximum transfer size (bsc#1051510). - ibmvnic: Enable GRO (bsc#1132227). - ibmvnic: Fix completion structure initialization (bsc#1131659). - ibmvnic: Fix netdev feature clobbering during a reset (bsc#1132227). - iio: adc: at91: disable adc channel interrupt in timeout case (bsc#1051510). - iio: adc: fix warning in Qualcomm PM8xxx HK/XOADC driver (bsc#1051510). - iio: ad_sigma_delta: select channel when reading register (bsc#1051510). - iio: core: fix a possible circular locking dependency (bsc#1051510). - iio: cros_ec: Fix the maths for gyro scale calculation (bsc#1051510). - iio: dac: mcp4725: add missing powerdown bits in store eeprom (bsc#1051510). - iio: Fix scan mask selection (bsc#1051510). - iio/gyro/bmg160: Use millidegrees for temperature scale (bsc#1051510). - iio: gyro: mpu3050: fix chip ID reading (bsc#1051510). - input: cap11xx - switch to using set_brightness_blocking() (bsc#1051510). - input: matrix_keypad - use flush_delayed_work() (bsc#1051510). - input: snvs_pwrkey - initialize necessary driver data before enabling IRQ (bsc#1051510). - input: st-keyscan - fix potential zalloc NULL dereference (bsc#1051510). - input: synaptics-rmi4 - write config register values to the right offset (bsc#1051510). - input: uinput - fix undefined behavior in uinput_validate_absinfo() (bsc#1120902). - intel_idle: add support for Jacobsville (jsc#SLE-5394). - io: accel: kxcjk1013: restore the range after resume (bsc#1051510). - iommu/amd: Fix NULL dereference bug in match_hid_uid (bsc#1130336). - iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE (bsc#1130337). - iommu/amd: Reserve exclusion range in iova-domain (bsc#1130425). - iommu/amd: Set exclusion range correctly (bsc#1130425). - iommu: Do not print warning when IOMMU driver only supports unmanaged domains (bsc#1130130). - iommu/vt-d: Check capability before disabling protected memory (bsc#1130338). - ip6: fix PMTU discovery when using /127 subnets (git-fixes). - ip6mr: Do not call __IP6_INC_STATS() from preemptible context (git-fixes). - ip6_tunnel: fix ip6 tunnel lookup in collect_md mode (git-fixes). - ipmi: Fix I2C client removal in the SSIF driver (bsc#1108193). - ipmi_ssif: Remove duplicate NULL check (bsc#1108193). - ipv4: Return error for RTA_VIA attribute (networking-stable-19_03_07). - ipv4/route: fail early when inet dev is missing (git-fixes). - ipv6: Fix dangling pointer when ipv6 fragment (git-fixes). - ipv6: propagate genlmsg_reply return code (networking-stable-19_02_24). - ipv6: Return error for RTA_VIA attribute (networking-stable-19_03_07). - ipv6: sit: reset ip header pointer in ipip6_rcv (git-fixes). - ipvlan: disallow userns cap_net_admin to change global mode/flags (networking-stable-19_03_15). - ipvs: remove IPS_NAT_MASK check to fix passive FTP (git-fixes). - irqchip/gic-v3-its: Avoid parsing _indirect_ twice for Device table (bsc#1051510). - irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable (bsc#1051510). - iscsi_ibft: Fix missing break in switch statement (bsc#1051510). - iw_cxgb4: cq/qp mask depends on bar2 pages in a host page (bsc#1127371). - iwiwifi: fix bad monitor buffer register addresses (bsc#1129770). - iwlwifi: fix send hcmd timeout recovery flow (bsc#1129770). - iwlwifi: mvm: fix firmware statistics usage (bsc#1129770). - jbd2: clear dirty flag when revoking a buffer from an older transaction (bsc#1131167). - jbd2: fix compile warning when using JBUFFER_TRACE (bsc#1131168). - kABI: restore icmp_send (kabi). - kabi/severities: add cxgb4 and cxgb4vf shared data to the whitelis (bsc#1127372) - kabi/severities: add libcxgb to cxgb intra module symbols as well - kabi/severities: exclude cxgb4 inter-module symbols - kasan: fix shadow_size calculation error in kasan_module_alloc (bsc#1051510). - kbuild: fix false positive warning/error about missing libelf (bsc#1051510). - kbuild: modversions: Fix relative CRC byte order interpretation (bsc#1131290). - kbuild: strip whitespace in cmd_record_mcount findstring (bsc#1065729). - kcm: switch order of device registration to fix a crash (bnc#1130527). - kernfs: do not set dentry->d_fsdata (boo#1133115). - keys: always initialize keyring_index_key::desc_len (bsc#1051510). - keys: user: Align the payload buffer (bsc#1051510). - kvm: Call kvm_arch_memslots_updated() before updating memslots (bsc#1132563). - kvm: Fix kABI for AMD SMAP Errata workaround (bsc#1133149). - kvm: nVMX: Apply addr size mask to effective address for VMX instructions (bsc#1132561). - kvm: nVMX: Ignore limit checks on VMX instructions using flat segments (bsc#1132564). - kvm: nVMX: Sign extend displacements of VMX instr's mem operands (bsc#1132562). - kvm: PPC: Book3S HV: Fix race between kvm_unmap_hva_range and MMU mode switch (bsc#1061840). - kvm: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation) (bsc#1133149). - kvm: VMX: Compare only a single byte for VMCS' 'launched' in vCPU-run (bsc#1132555). - kvm: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts (bsc#1114279). - kvm: x86/mmu: Detect MMIO generation wrap in any address space (bsc#1132570). - kvm: x86/mmu: Do not cache MMIO accesses while memslots are in flux (bsc#1132571). - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID (bsc#1111331). - leds: pca9532: fix a potential NULL pointer dereference (bsc#1051510). - libceph: wait for latest osdmap in ceph_monc_blacklist_add() (bsc#1130427). - libertas_tf: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510). - lightnvm: if LUNs are already allocated fix return (bsc#1085535). - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a new <linux/bits.h> file (bsc#1111331). - mac80211: do not call driver wake_tx_queue op during reconfig (bsc#1051510). - mac80211: Fix Tx aggregation session tear down with ITXQs (bsc#1051510). - mac80211_hwsim: propagate genlmsg_reply return code (bsc#1051510). - md: batch flush requests (bsc#1119680). - md: Fix failed allocation of md_register_thread (git-fixes). - md/raid1: do not clear bitmap bits on interrupted recovery (git-fixes). - md/raid5: fix 'out of memory' during raid cache recovery (git-fixes). - media: mt9m111: set initial frame size other than 0x0 (bsc#1051510). - media: mtk-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: mx2_emmaprp: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: rc: mce_kbd decoder: fix stuck keys (bsc#1100132). - media: s5p-g2d: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: s5p-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: sh_veu: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: v4l2-ctrls.c/uvc: zero v4l2_event (bsc#1051510). - media: vb2: do not call __vb2_queue_cancel if vb2_start_streaming failed (bsc#1119086). - memremap: fix softlockup reports at teardown (bnc#1130154). - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S (bsc#1051510). - missing barriers in some of unix_sock ->addr and ->path accesses (networking-stable-19_03_15). - mmc: davinci: remove extraneous __init annotation (bsc#1051510). - mmc: pxamci: fix enum type confusion (bsc#1051510). - mmc: sdhci: Fix data command CRC error handling (bsc#1051510). - mmc: sdhci: Handle auto-command errors (bsc#1051510). - mmc: sdhci: Rename SDHCI_ACMD12_ERR and SDHCI_INT_ACMD12ERR (bsc#1051510). - mmc: tmio_mmc_core: do not claim spurious interrupts (bsc#1051510). - mm/debug.c: fix __dump_page when mapping->host is not set (bsc#1131934). - mm: Fix modifying of page protection by insert_pfn() (bsc#1126740). - mm: Fix warning in insert_pfn() (bsc#1126740). - mm/huge_memory.c: fix modifying of page protection by insert_pfn_pmd() (bsc#1126740). - mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate() (bsc#1131935). - mm/vmalloc: fix size check for remap_vmalloc_range_partial() (bsc#1133825). - mpls: Return error for RTA_GATEWAY attribute (networking-stable-19_03_07). - mt7601u: bump supported EEPROM version (bsc#1051510). - mwifiex: do not advertise IBSS features without FW support (bsc#1129770). - net: Add header for usage of fls64() (networking-stable-19_02_20). - net: Add __icmp_send helper (networking-stable-19_03_07). - net: avoid false positives in untrusted gso validation (git-fixes). - net: avoid use IPCB in cipso_v4_error (networking-stable-19_03_07). - net: bridge: add vlan_tunnel to bridge port policies (git-fixes). - net: bridge: fix per-port af_packet sockets (git-fixes). - net: bridge: multicast: use rcu to access port list from br_multicast_start_querier (git-fixes). - net: datagram: fix unbounded loop in __skb_try_recv_datagram() (git-fixes). - net: Do not allocate page fragments that are not skb aligned (networking-stable-19_02_20). - net: dsa: mv88e6xxx: Fix u64 statistics (networking-stable-19_03_07). - net: ena: update driver version from 2.0.2 to 2.0.3 (bsc#1129276 bsc#1125342). - netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING (git-fixes). - netfilter: check for seqadj ext existence before adding it in nf_nat_setup_info (git-fixes). - netfilter: ip6t_MASQUERADE: add dependency on conntrack module (git-fixes). - netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit() (git-fixes). - netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt (git-fixes). - netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target} (git-fixes). - netfilter: x_tables: fix int overflow in xt_alloc_table_info() (git-fixes). - net: Fix for_each_netdev_feature on Big endian (networking-stable-19_02_20). - net: fix IPv6 prefix route residue (networking-stable-19_02_20). - net: Fix untag for vlan packets without ethernet header (git-fixes). - net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off (git-fixes). - net/hsr: Check skb_put_padto() return value (git-fixes). - net: hsr: fix memory leak in hsr_dev_finalize() (networking-stable-19_03_15). - net/hsr: fix possible crash in add_timer() (networking-stable-19_03_15). - netlabel: fix out-of-bounds memory accesses (networking-stable-19_03_07). - netlink: fix nla_put_{u8,u16,u32} for KASAN (git-fixes). - net/mlx5e: Do not overwrite pedit action when multiple pedit used (networking-stable-19_02_24). - net/ncsi: Fix AEN HNCDSC packet length (git-fixes). - net/ncsi: Stop monitor if channel times out or is inactive (git-fixes). - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails (networking-stable-19_03_07). - net/packet: fix 4gb buffer limit due to overflow check (networking-stable-19_02_24). - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec (git-fixes). - net_sched: acquire RTNL in tc_action_net_exit() (git-fixes). - net_sched: fix two more memory leaks in cls_tcindex (networking-stable-19_02_24). - net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255 (networking-stable-19_03_15). - net: sit: fix memory leak in sit_init_net() (networking-stable-19_03_07). - net: sit: fix UBSAN Undefined behaviour in check_6rd (networking-stable-19_03_15). - net: socket: set sock->sk to NULL after calling proto_ops::release() (networking-stable-19_03_07). - net-sysfs: Fix mem leak in netdev_register_kobject (git-fixes). - net: validate untrusted gso packets without csum offload (networking-stable-19_02_20). - net/x25: fix a race in x25_bind() (networking-stable-19_03_15). - net/x25: fix use-after-free in x25_device_event() (networking-stable-19_03_15). - net/x25: reset state in x25_connect() (networking-stable-19_03_15). - net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() (git-fixes). - nfc: nci: Add some bounds checking in nci_hci_cmd_received() (bsc#1051510). - nfs: Add missing encode / decode sequence_maxsz to v4.2 operations (git-fixes). - nfsd4: catch some false session retries (git-fixes). - nfsd4: fix cached replies to solo SEQUENCE compounds (git-fixes). - nfsd: fix memory corruption caused by readdir (bsc#1127445). - nfsd: fix memory corruption caused by readdir (bsc#1127445). - nfs: Do not recoalesce on error in nfs_pageio_complete_mirror() (git-fixes). - nfs: Do not use page_file_mapping after removing the page (git-fixes). - nfs: Fix an I/O request leakage in nfs_do_recoalesce (git-fixes). - nfs: Fix a soft lockup in the delegation recovery code (git-fixes). - nfs: Fix a typo in nfs_init_timeout_values() (git-fixes). - nfs: Fix dentry revalidation on NFSv4 lookup (bsc#1132618). - nfs: Fix I/O request leakages (git-fixes). - nfs: fix mount/umount race in nlmclnt (git-fixes). - nfs/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount (git-fixes). - nfsv4.1 do not free interrupted slot on open (git-fixes). - nfsv4.1: Reinitialise sequence results before retransmitting a request (git-fixes). - nfsv4/flexfiles: Fix invalid deref in FF_LAYOUT_DEVID_NODE() (git-fixes). - nvme: add proper discard setup for the multipath device (bsc#1114638). - nvme: fix the dangerous reference of namespaces list (bsc#1131673). - nvme: make sure ns head inherits underlying device limits (bsc#1131673). - nvme-multipath: avoid crash on invalid subsystem cntlid enumeration (bsc#1129273). - nvme-multipath: split bios with the ns_head bio_set before submitting (bsc#1103259, bsc#1131673). - nvme: only reconfigure discard if necessary (bsc#1114638). - nvme: schedule requeue whenever a LIVE state is entered (bsc#1123105). - ocfs2: fix inode bh swapping mixup in ocfs2_reflink_inodes_lock (bsc#1131169). - pci: Add function 1 DMA alias quirk for Marvell 9170 SATA controller (bsc#1051510). - pci: designware-ep: dw_pcie_ep_set_msi() should only set MMC bits (bsc#1051510). - pci: designware-ep: Read-only registers need DBI_RO_WR_EN to be writable (bsc#1051510). - pci: pciehp: Convert to threaded IRQ (bsc#1133005). - pci: pciehp: Ignore Link State Changes after powering off a slot (bsc#1133005). - phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs (bsc#1051510). - pM / wakeup: Rework wakeup source timer cancellation (bsc#1051510). - powercap: intel_rapl: add support for Jacobsville (). - powercap: intel_rapl: add support for Jacobsville (FATE#327454). - powerpc/64: Call setup_barrier_nospec() from setup_arch() (bsc#1131107). - powerpc/64: Disable the speculation barrier from the command line (bsc#1131107). - powerpc64/ftrace: Include ftrace.h needed for enable/disable calls (bsc#1088804, git-fixes). - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (bsc#1131107). - powerpc/64s: Add new security feature flags for count cache flush (bsc#1131107). - powerpc/64s: Add support for software count cache flush (bsc#1131107). - powerpc/64s: Fix logic when handling unknown CPU features (bsc#1055117). - powerpc/64s: Fix page table fragment refcount race vs speculative references (bsc#1131326, bsc#1108937). - powerpc/asm: Add a patch_site macro & helpers for patching instructions (bsc#1131107). - powerpc: avoid -mno-sched-epilog on GCC 4.9 and newer (bsc#1065729). - powerpc: consolidate -mno-sched-epilog into FTRACE flags (bsc#1065729). - powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest (bsc#1061840). - powerpc/fsl: Fix spectre_v2 mitigations reporting (bsc#1131107). - powerpc/hugetlb: Handle mmap_min_addr correctly in get_unmapped_area callback (bsc#1131900). - powerpc/kvm: Save and restore host AMR/IAMR/UAMOR (bsc#1061840). - powerpc/mm: Add missing tracepoint for tlbie (bsc#1055117, git-fixes). - powerpc/mm: Check secondary hash page table (bsc#1065729). - powerpc/mm: Fix page table dump to work on Radix (bsc#1055186, fate#323286, git-fixes). - powerpc/mm: Fix page table dump to work on Radix (bsc#1055186, git-fixes). - powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown search (bsc#1131900). - powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186, fate#323286, git-fixes). - powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186, git-fixes). - powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186, fate#323286, git-fixes). - powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186, git-fixes). - powerpc/numa: document topology_updates_enabled, disable by default (bsc#1133584). - powerpc/numa: improve control of topology updates (bsc#1133584). - powerpc/perf: Fix unit_sel/cache_sel checks (bsc#1053043). - powerpc/perf: Remove l2 bus events from HW cache event array (bsc#1053043). - powerpc/powernv/cpuidle: Init all present cpus for deep states (bsc#1055121). - powerpc/powernv: Do not reprogram SLW image on every KVM guest entry/exit (bsc#1061840). - powerpc/powernv/ioda2: Remove redundant free of TCE pages (bsc#1061840). - powerpc/powernv/ioda: Allocate indirect TCE levels of cached userspace addresses on demand (bsc#1061840). - powerpc/powernv/ioda: Fix locked_vm counting for memory used by IOMMU tables (bsc#1061840). - powerpc/powernv: Make opal log only readable by root (bsc#1065729). - powerpc/powernv: Query firmware for count cache flush settings (bsc#1131107). - powerpc/powernv: Remove never used pnv_power9_force_smt4 (bsc#1061840). - powerpc/pseries/mce: Fix misleading print for TLB mutlihit (bsc#1094244, git-fixes). - powerpc/pseries: Query hypervisor for count cache flush settings (bsc#1131107). - powerpc/security: Fix spectre_v2 reporting (bsc#1131107). - powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587). - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#1131587). - power: supply: charger-manager: Fix incorrect return value (bsc#1051510). - pwm-backlight: Enable/disable the PWM before/after LCD enable toggle (bsc#1051510). - qmi_wwan: Add support for Quectel EG12/EM12 (networking-stable-19_03_07). - qmi_wwan: apply SET_DTR quirk to Sierra WP7607 (bsc#1051510). - qmi_wwan: Fix qmap header retrieval in qmimux_rx_fixup (bsc#1051510). - raid10: It's wrong to add len to sector_nr in raid10 reshape twice (git-fixes). - ras/cec: Check the correct variable in the debugfs error handling (bsc#1085535). - ravb: Decrease TxFIFO depth of Q3 and Q2 to one (networking-stable-19_03_15). - rdma/cxgb4: Add support for 64Byte cqes (bsc#1127371). - rdma/cxgb4: Add support for kernel mode SRQ's (bsc#1127371). - rdma/cxgb4: Add support for srq functions & structs (bsc#1127371). - rdma/cxgb4: fix some info leaks (bsc#1127371). - rdma/cxgb4: Make c4iw_poll_cq_one() easier to analyze (bsc#1127371). - rdma/cxgb4: Remove a set-but-not-used variable (bsc#1127371). - rdma/iw_cxgb4: Drop __GFP_NOFAIL (bsc#1127371). - rds: fix refcount bug in rds_sock_addref (git-fixes). - rds: tcp: atomically purge entries from rds_tcp_conn_list during netns delete (git-fixes). - regulator: max77620: Initialize values for DT properties (bsc#1051510). - regulator: s2mpa01: Fix step values for some LDOs (bsc#1051510). - Revert drm/i915 patches that caused regressions (bsc#1131062) - Revert 'ipv4: keep skb->dst around in presence of IP options' (git-fixes). - rhashtable: Still do rehash when we get EEXIST (bsc#1051510). - ring-buffer: Check if memory is available before allocation (bsc#1132531). - rpm/config.sh: Fix build project and bugzilla product. - rtc: 88pm80x: fix unintended sign extension (bsc#1051510). - rtc: 88pm860x: fix unintended sign extension (bsc#1051510). - rtc: cmos: ignore bogus century byte (bsc#1051510). - rtc: ds1672: fix unintended sign extension (bsc#1051510). - rtc: Fix overflow when converting time64_t to rtc_time (bsc#1051510). - rtc: pm8xxx: fix unintended sign extension (bsc#1051510). - rtnetlink: bring NETDEV_CHANGE_TX_QUEUE_LEN event process back in rtnetlink_event (git-fixes). - rtnetlink: bring NETDEV_CHANGEUPPER event process back in rtnetlink_event (git-fixes). - rtnetlink: bring NETDEV_POST_TYPE_CHANGE event process back in rtnetlink_event (git-fixes). - rtnetlink: check DO_SETLINK_NOTIFY correctly in do_setlink (git-fixes). - rxrpc: Do not release call mutex on error pointer (git-fixes). - rxrpc: Do not treat call aborts as conn aborts (git-fixes). - rxrpc: Fix client call queueing, waiting for channel (networking-stable-19_03_15). - rxrpc: Fix Tx ring annotation after initial Tx failure (git-fixes). - s390/dasd: fix panic for failed online processing (bsc#1132589). - s390/pkey: move pckmo subfunction available checks away from module init (bsc#1128544). - s390/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - scsi: libiscsi: fix possible NULL pointer dereference in case of TMF (bsc#1127378). - scsi: libsas: allocate sense buffer for bsg queue (bsc#1131467). - scsi: qla2xxx: Add new FC-NVMe enable BIT to enable FC-NVMe feature (bsc#1130579). - sctp: call gso_reset_checksum when computing checksum in sctp_gso_segment (networking-stable-19_02_24). - serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart (bsc#1051510). - serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling (bsc#1051510). - serial: imx: Update cached mctrl value when changing RTS (bsc#1051510). - serial: max310x: Fix to avoid potential NULL pointer dereference (bsc#1051510). - serial: sh-sci: Fix setting SCSCR_TIE while transferring data (bsc#1051510). - sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach() (networking-stable-19_02_24). - smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510). - soc: fsl: qbman: avoid race in clearing QMan interrupt (bsc#1051510). - SoC: imx-sgtl5000: add missing put_device() (bsc#1051510). - soc: qcom: gsbi: Fix error handling in gsbi_probe() (bsc#1051510). - soc/tegra: fuse: Fix illegal free of IO base address (bsc#1051510). - spi: pxa2xx: Setup maximum supported DMA transfer length (bsc#1051510). - spi: ti-qspi: Fix mmap read when more than one CS in use (bsc#1051510). - spi/topcliff_pch: Fix potential NULL dereference on allocation error (bsc#1051510). - staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf (bsc#1051510). - staging: comedi: ni_usb6501: Fix use of uninitialized mutex (bsc#1051510). - staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf (bsc#1051510). - staging: comedi: vmk80xx: Fix use of uninitialized semaphore (bsc#1051510). - staging: iio: ad7192: Fix ad7193 channel address (bsc#1051510). - staging: rtl8712: uninitialized memory in read_bbreg_hdl() (bsc#1051510). - staging: vt6655: Fix interrupt race condition on device start up (bsc#1051510). - staging: vt6655: Remove vif check from vnt_interrupt (bsc#1051510). - sunrpc/cache: handle missing listeners better (bsc#1126221). - sunrpc: fix 4 more call sites that were using stack memory with a scatterlist (git-fixes). - supported.conf: Add vxlan to kernel-default-base (bsc#1132083). - supported.conf: dw_mmc-bluefield is not needed in kernel-default-base (bsc#1131574). - svm/avic: Fix invalidate logical APIC id entry (bsc#1132726). - svm: Fix AVIC DFR and LDR handling (bsc#1132558). - svm: Fix improper check when deactivate AVIC (bsc#1130335). - sysctl: handle overflow for file-max (bsc#1051510). - tcp: fix TCP_REPAIR_QUEUE bound checking (git-fixes). - tcp: tcp_v4_err() should be more careful (networking-stable-19_02_20). - thermal: bcm2835: Fix crash in bcm2835_thermal_debugfs (bsc#1051510). - thermal/intel_powerclamp: fix truncated kthread name (). - thermal/intel_powerclamp: fix truncated kthread name (FATE#326597). - tipc: fix race condition causing hung sendto (networking-stable-19_03_07). - tpm: Fix some name collisions with drivers/char/tpm.h (bsc#1051510). - tpm: Fix the type of the return value in calc_tpm2_event_size() (bsc#1082555). - tpm_tis_spi: Pass the SPI IRQ down to the driver (bsc#1051510). - tpm/tpm_crb: Avoid unaligned reads in crb_recv() (bsc#1051510). - tracing: Fix a memory leak by early error exit in trace_pid_write() (bsc#1133702). - tracing: Fix buffer_ref pipe ops (bsc#1133698). - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account (bsc#1132527). - tty: atmel_serial: fix a potential NULL pointer dereference (bsc#1051510). - tun: fix blocking read (networking-stable-19_03_07). - tun: remove unnecessary memory barrier (networking-stable-19_03_07). - udf: Fix crash on IO error during truncate (bsc#1131175). - uio: Reduce return paths from uio_write() (bsc#1051510). - Update patches.kabi/kabi-cxgb4-MU.patch (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584 bsc#1127371). - usb: cdc-acm: fix race during wakeup blocking TX traffic (bsc#1129770). - usb: chipidea: Grab the (legacy) USB PHY by phandle first (bsc#1051510). - usb: common: Consider only available nodes for dr_mode (bsc#1129770). - usb: core: only clean up what we allocated (bsc#1051510). - usb: dwc3: gadget: Fix the uninitialized link_state when udc starts (bsc#1051510). - usb: dwc3: gadget: synchronize_irq dwc irq in suspend (bsc#1051510). - usb: f_fs: Avoid crash due to out-of-scope stack ptr access (bsc#1051510). - usb: gadget: f_hid: fix deadlock in f_hidg_write() (bsc#1129770). - usb: gadget: Potential NULL dereference on allocation error (bsc#1051510). - usb: host: xhci-rcar: Add XHCI_TRUST_TX_LENGTH quirk (bsc#1051510). - usb: mtu3: fix EXTCON dependency (bsc#1051510). - usb: phy: fix link errors (bsc#1051510). - usb: phy: twl6030-usb: fix possible use-after-free on remove (bsc#1051510). - usb: serial: cp210x: add ID for Ingenico 3070 (bsc#1129770). - usb: serial: cp210x: add new device id (bsc#1051510). - usb: serial: cp210x: fix GPIO in autosuspend (bsc#1120902). - usb: serial: ftdi_sio: add additional NovaTech products (bsc#1051510). - usb: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485 (bsc#1129770). - usb: serial: mos7720: fix mos_parport refcount imbalance on error path (bsc#1129770). - usb: serial: option: add Olicard 600 (bsc#1051510). - usb: serial: option: add support for Quectel EM12 (bsc#1051510). - usb: serial: option: add Telit ME910 ECM composition (bsc#1129770). - usb: serial: option: set driver_info for SIM5218 and compatibles (bsc#1129770). - vfs: allow dedupe of user owned read-only files (bsc#1133778, bsc#1132219). - vfs: avoid problematic remapping requests into partial EOF block (bsc#1133850, bsc#1132219). - vfs: dedupe: extract helper for a single dedup (bsc#1133769, bsc#1132219). - vfs: dedupe should return EPERM if permission is not granted (bsc#1133779, bsc#1132219). - vfs: exit early from zero length remap operations (bsc#1132411, bsc#1132219). - vfs: export vfs_dedupe_file_range_one() to modules (bsc#1133772, bsc#1132219). - vfs: limit size of dedupe (bsc#1132397, bsc#1132219). - vfs: rename clone_verify_area to remap_verify_area (bsc#1133852, bsc#1132219). - vfs: skip zero-length dedupe requests (bsc#1133851, bsc#1132219). - vfs: swap names of {do,vfs}_clone_file_range() (bsc#1133774, bsc#1132219). - vfs: vfs_clone_file_prep_inodes should return EINVAL for a clone from beyond EOF (bsc#1133780, bsc#1132219). - video: fbdev: Set pixclock = 0 in goldfishfb (bsc#1051510). - vxlan: test dev->flags & IFF_UP before calling netif_rx() (networking-stable-19_02_20). - wil6210: check null pointer in _wil_cfg80211_merge_extra_ies (bsc#1051510). - wlcore: Fix memory leak in case wl12xx_fetch_firmware failure (bsc#1051510). - x86/cpu: Add Atom Tremont (Jacobsville) (). - x86/cpu: Add Atom Tremont (Jacobsville) (FATE#327454). - x86/CPU/AMD: Set the CPB bit unconditionally on F17h (bsc#1114279). - x86/cpu: Sanitize FAM6_ATOM naming (bsc#1111331). - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (bsc#1111331). - x86/kvm/hyper-v: avoid spurious pending stimer on vCPU init (bsc#1132572). - x86/kvm/vmx: Add MDS protection when L1D Flush is not active (bsc#1111331). - x86/MCE/AMD, EDAC/mce_amd: Add new error descriptions for some SMCA bank types (bsc#1128415). - x86/MCE/AMD, EDAC/mce_amd: Add new McaTypes for CS, PSP, and SMU units (bsc#1128415). - x86/MCE/AMD, EDAC/mce_amd: Add new MP5, NBIO, and PCIE SMCA bank types (bsc#1128415). - x86/mce/AMD, EDAC/mce_amd: Enumerate Reserved SMCA bank type (bsc#1128415). - x86/mce/AMD: Pass the bank number to smca_get_bank_type() (bsc#1128415). - x86/MCE: Fix kABI for new AMD bank names (bsc#1128415). - x86/mce: Handle varying MCA bank counts (bsc#1128415). - x86/mce: Improve error message when kernel cannot recover, p2 (bsc#1114279). - x86/msr-index: Cleanup bit defines (bsc#1111331). - x86/PCI: Fixup RTIT_BAR of Intel Denverton Trace Hub (bsc#1120318). - x86/speculation: Consolidate CPU whitelists (bsc#1111331). - x86/speculation/mds: Add basic bug infrastructure for MDS (bsc#1111331). - x86/speculation/mds: Add BUG_MSBDS_ONLY (bsc#1111331). - x86/speculation/mds: Add mds_clear_cpu_buffers() (bsc#1111331). - x86/speculation/mds: Add mds=full,nosmt cmdline option (bsc#1111331). - x86/speculation/mds: Add mitigation control for MDS (bsc#1111331). - x86/speculation/mds: Add mitigation mode VMWERV (bsc#1111331). - x86/speculation/mds: Add 'mitigations=' support for MDS (bsc#1111331). - x86/speculation/mds: Add SMT warning message (bsc#1111331). - x86/speculation/mds: Add sysfs reporting for MDS (bsc#1111331). - x86/speculation/mds: Clear CPU buffers on exit to user (bsc#1111331). - x86/speculation/mds: Conditionally clear CPU buffers on idle entry (bsc#1111331). - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (bsc#1111331). - x86/speculation: Move arch_smt_update() call to after mitigation decisions (bsc#1111331). - x86/speculation: Prevent deadlock on ssb_state::lock (bsc#1114279). - x86/speculation: Simplify the CPU bug detection logic (bsc#1111331). - x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - x86/tsc: Force inlining of cyc2ns bits (bsc#1052904). - x86/uaccess: Do not leak the AC flag into __put_user() value evaluation (bsc#1114279). - xen-netback: do not populate the hash cache on XenBus disconnect (networking-stable-19_03_07). - xen-netback: fix occasional leak of grant ref mappings under memory pressure (networking-stable-19_03_07). - xen: Prevent buffer overflow in privcmd ioctl (bsc#1065600). - xfrm: do not call rcu_read_unlock when afinfo is NULL in xfrm_get_tos (git-fixes). - xfrm: Fix ESN sequence number handling for IPsec GSO packets (git-fixes). - xfrm: fix rcu_read_unlock usage in xfrm_local_error (git-fixes). - xfs: add the ability to join a held buffer to a defer_ops (bsc#1133674). - xfs: allow xfs_lock_two_inodes to take different EXCL/SHARED modes (bsc#1132370, bsc#1132219). - xfs: call xfs_qm_dqattach before performing reflink operations (bsc#1132368, bsc#1132219). - xfs: cap the length of deduplication requests (bsc#1132373, bsc#1132219). - xfs: clean up xfs_reflink_remap_blocks call site (bsc#1132413, bsc#1132219). - xfs: fix data corruption w/ unaligned dedupe ranges (bsc#1132405, bsc#1132219). - xfs: fix data corruption w/ unaligned reflink ranges (bsc#1132407, bsc#1132219). - xfs: fix pagecache truncation prior to reflink (bsc#1132412, bsc#1132219). - xfs: fix reporting supported extra file attributes for statx() (bsc#1133529). - xfs: flush removing page cache in xfs_reflink_remap_prep (bsc#1132414, bsc#1132219). - xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute (bsc#1133675). - xfs: only grab shared inode locks for source file during reflink (bsc#1132372, bsc#1132219). - xfs: refactor clonerange preparation into a separate helper (bsc#1132402, bsc#1132219). - xfs: refactor xfs_trans_roll (bsc#1133667). - xfs: reflink find shared should take a transaction (bsc#1132226, bsc#1132219). - xfs: reflink should break pnfs leases before sharing blocks (bsc#1132369, bsc#1132219). - xfs: remove dest file's post-eof preallocations before reflinking (bsc#1132365, bsc#1132219). - xfs: remove the ip argument to xfs_defer_finish (bsc#1133672). - xfs: rename xfs_defer_join to xfs_defer_ijoin (bsc#1133668). - xfs: update ctime and remove suid before cloning files (bsc#1132404, bsc#1132219). - xfs: zero posteof blocks when cloning above eof (bsc#1132403, bsc#1132219). - xhci: Do not let USB3 ports stuck in polling state prevent suspend (bsc#1051510). - xhci: Fix port resume done detection for SS ports with LPM enabled (bsc#1051510). Important SUSE bug 1050549 SUSE bug 1051510 SUSE bug 1052904 SUSE bug 1053043 SUSE bug 1055117 SUSE bug 1055121 SUSE bug 1055186 SUSE bug 1061840 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1070872 SUSE bug 1082555 SUSE bug 1083647 SUSE bug 1085535 SUSE bug 1085536 SUSE bug 1088804 SUSE bug 1094244 SUSE bug 1097583 SUSE bug 1097584 SUSE bug 1097585 SUSE bug 1097586 SUSE bug 1097587 SUSE bug 1097588 SUSE bug 1100132 SUSE bug 1103186 SUSE bug 1103259 SUSE bug 1108193 SUSE bug 1108937 SUSE bug 1111331 SUSE bug 1112128 SUSE bug 1112178 SUSE bug 1113399 SUSE bug 1113722 SUSE bug 1114279 SUSE bug 1114542 SUSE bug 1114638 SUSE bug 1119086 SUSE bug 1119680 SUSE bug 1120318 SUSE bug 1120902 SUSE bug 1122767 SUSE bug 1123105 SUSE bug 1125342 SUSE bug 1126221 SUSE bug 1126356 SUSE bug 1126704 SUSE bug 1126740 SUSE bug 1127175 SUSE bug 1127371 SUSE bug 1127372 SUSE bug 1127374 SUSE bug 1127378 SUSE bug 1127445 SUSE bug 1128415 SUSE bug 1128544 SUSE bug 1129273 SUSE bug 1129276 SUSE bug 1129770 SUSE bug 1130130 SUSE bug 1130154 SUSE bug 1130195 SUSE bug 1130335 SUSE bug 1130336 SUSE bug 1130337 SUSE bug 1130338 SUSE bug 1130425 SUSE bug 1130427 SUSE bug 1130518 SUSE bug 1130527 SUSE bug 1130567 SUSE bug 1130579 SUSE bug 1131062 SUSE bug 1131107 SUSE bug 1131167 SUSE bug 1131168 SUSE bug 1131169 SUSE bug 1131170 SUSE bug 1131171 SUSE bug 1131172 SUSE bug 1131173 SUSE bug 1131174 SUSE bug 1131175 SUSE bug 1131176 SUSE bug 1131177 SUSE bug 1131178 SUSE bug 1131179 SUSE bug 1131180 SUSE bug 1131290 SUSE bug 1131326 SUSE bug 1131335 SUSE bug 1131336 SUSE bug 1131416 SUSE bug 1131427 SUSE bug 1131442 SUSE bug 1131467 SUSE bug 1131574 SUSE bug 1131587 SUSE bug 1131659 SUSE bug 1131673 SUSE bug 1131847 SUSE bug 1131848 SUSE bug 1131851 SUSE bug 1131900 SUSE bug 1131934 SUSE bug 1131935 SUSE bug 1132083 SUSE bug 1132219 SUSE bug 1132226 SUSE bug 1132227 SUSE bug 1132365 SUSE bug 1132368 SUSE bug 1132369 SUSE bug 1132370 SUSE bug 1132372 SUSE bug 1132373 SUSE bug 1132384 SUSE bug 1132397 SUSE bug 1132402 SUSE bug 1132403 SUSE bug 1132404 SUSE bug 1132405 SUSE bug 1132407 SUSE bug 1132411 SUSE bug 1132412 SUSE bug 1132413 SUSE bug 1132414 SUSE bug 1132426 SUSE bug 1132527 SUSE bug 1132531 SUSE bug 1132555 SUSE bug 1132558 SUSE bug 1132561 SUSE bug 1132562 SUSE bug 1132563 SUSE bug 1132564 SUSE bug 1132570 SUSE bug 1132571 SUSE bug 1132572 SUSE bug 1132589 SUSE bug 1132618 SUSE bug 1132681 SUSE bug 1132726 SUSE bug 1132828 SUSE bug 1132943 SUSE bug 1133005 SUSE bug 1133094 SUSE bug 1133095 SUSE bug 1133115 SUSE bug 1133149 SUSE bug 1133486 SUSE bug 1133529 SUSE bug 1133584 SUSE bug 1133667 SUSE bug 1133668 SUSE bug 1133672 SUSE bug 1133674 SUSE bug 1133675 SUSE bug 1133698 SUSE bug 1133702 SUSE bug 1133731 SUSE bug 1133769 SUSE bug 1133772 SUSE bug 1133774 SUSE bug 1133778 SUSE bug 1133779 SUSE bug 1133780 SUSE bug 1133825 SUSE bug 1133850 SUSE bug 1133851 SUSE bug 1133852 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-16880 CVE-2019-11091 CVE-2019-3882 CVE-2019-9003 CVE-2019-9500 CVE-2019-9503 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. - CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power. - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) - CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) - CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) - CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM existed. It could have occured with FUSE requests. (bnc#1133190) - CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) - CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603) - CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access. (bnc#1135278) - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a hidPCONNADD command, because a name field may not end with a '\0' character. (bnc#1134848) - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions. (bnc#1133188) The following non-security bugs were fixed: - 9p locks: add mount option for lock retry interval (bsc#1051510). - Update config files. Debug kernel is not supported (bsc#1135492). - acpi / utils: Drop reference in test for device presence (bsc#1051510). - acpi: button: reinitialize button state upon resume (bsc#1051510). - acpi: fix menuconfig presentation of acpi submenu (bsc#1117158). - acpica: AML interpreter: add region addresses in global list during initialization (bsc#1051510). - acpica: Namespace: remove address node from global list after method termination (bsc#1051510). - alsa: core: Do not refer to snd_cards array directly (bsc#1051510). - alsa: emu10k1: Drop superfluous id-uniquification behavior (bsc#1051510). - alsa: hda - Register irq handler after the chip initialization (bsc#1051510). - alsa: hda - Use a macro for snd_array iteration loops (bsc#1051510). - alsa: hda/hdmi - Consider eld_valid when reporting jack event (bsc#1051510). - alsa: hda/hdmi - Read the pin sense from register when repolling (bsc#1051510). - alsa: hda/realtek - Avoid superfluous COEF EAPD setups (bsc#1051510). - alsa: hda/realtek - Corrected fixup for System76 Gazelle (gaze14) (bsc#1051510). - alsa: hda/realtek - EAPD turn on later (bsc#1051510). - alsa: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug (bsc#1051510). - alsa: hda/realtek - Fixup headphone noise via runtime suspend (bsc#1051510). - alsa: hda/realtek - Improve the headset mic for Acer Aspire laptops (bsc#1051510). - alsa: hdea/realtek - Headset fixup for System76 Gazelle (gaze14) (bsc#1051510). - alsa: line6: Avoid polluting led_* namespace (bsc#1051510). - alsa: seq: Align temporary re-locking with irqsave version (bsc#1051510). - alsa: seq: Correct unlock sequence at snd_seq_client_ioctl_unlock() (bsc#1051510). - alsa: seq: Cover unsubscribe_port() in list_mutex (bsc#1051510). - alsa: seq: Fix race of get-subscription call vs port-delete ioctls (bsc#1051510). - alsa: seq: Protect in-kernel ioctl calls with mutex (bsc#1051510). - alsa: seq: Protect racy pool manipulation from OSS sequencer (bsc#1051510). - alsa: seq: Remove superfluous irqsave flags (bsc#1051510). - alsa: seq: Simplify snd_seq_kernel_client_enqueue() helper (bsc#1051510). - alsa: timer: Check ack_list emptiness instead of bit flag (bsc#1051510). - alsa: timer: Coding style fixes (bsc#1051510). - alsa: timer: Make snd_timer_close() really kill pending actions (bsc#1051510). - alsa: timer: Make sure to clear pending ack list (bsc#1051510). - alsa: timer: Revert active callback sync check at close (bsc#1051510). - alsa: timer: Simplify error path in snd_timer_open() (bsc#1051510). - alsa: timer: Unify timer callback process code (bsc#1051510). - alsa: usb-audio: Fix a memory leak bug (bsc#1051510). - alsa: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk() (bsc#1051510). - alsa: usx2y: fix a double free bug (bsc#1051510). - appletalk: Fix compile regression (bsc#1051510). - appletalk: Fix use-after-free in atalk_proc_exit (bsc#1051510). - arch: arm64: acpi: KABI ginore includes (bsc#1117158 bsc#1134671). - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (bsc#1117158). - arm64/x86: Update config files. Use CONFIG_ARCH_SUPPORTS_acpi - arm64: Export save_stack_trace_tsk() (jsc#SLE-4214). - arm64: acpi: fix alignment fault in accessing acpi (bsc#1117158). - arm64: fix acpi dependencies (bsc#1117158). - arm: 8824/1: fix a migrating irq bug when hotplug cpu (bsc#1051510). - arm: 8833/1: Ensure that NEON code always compiles with Clang (bsc#1051510). - arm: 8839/1: kprobe: make patch_lock a raw_spinlock_t (bsc#1051510). - arm: 8840/1: use a raw_spinlock_t in unwind (bsc#1051510). - arm: OMAP2+: Variable 'reg' in function omap4_dsi_mux_pads() could be uninitialized (bsc#1051510). - arm: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug (bsc#1051510). - arm: avoid Cortex-A9 livelock on tight dmb loops (bsc#1051510). - arm: imx6q: cpuidle: fix bug that CPU might not wake up at expected time (bsc#1051510). - arm: iop: do not use using 64-bit DMA masks (bsc#1051510). - arm: orion: do not use using 64-bit DMA masks (bsc#1051510). - arm: pxa: ssp: unneeded to free devm_ allocated data (bsc#1051510). - arm: s3c24xx: Fix boolean expressions in osiris_dvs_notify (bsc#1051510). - arm: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms (bsc#1051510). - asoc: Intel: avoid Oops if DMA setup fails (bsc#1051510). - asoc: RT5677-SPI: Disable 16Bit SPI Transfers (bsc#1051510). - asoc: cs4270: Set auto-increment bit for register writes (bsc#1051510). - asoc: fix valid stream condition (bsc#1051510). - asoc: fsl_esai: Fix missing break in switch statement (bsc#1051510). - asoc: hdmi-codec: fix S/PDIF DAI (bsc#1051510). - asoc: max98090: Fix restore of DAPM Muxes (bsc#1051510). - asoc: nau8810: fix the issue of widget with prefixed name (bsc#1051510). - asoc: nau8824: fix the issue of the widget with prefix name (bsc#1051510). - asoc: samsung: odroid: Fix clock configuration for 44100 sample rate (bsc#1051510). - asoc: stm32: fix sai driver name initialisation (bsc#1051510). - asoc: tlv320aic32x4: Fix Common Pins (bsc#1051510). - asoc: wm_adsp: Add locking to wm_adsp2_bus_error (bsc#1051510). - asoc:soc-pcm:fix a codec fixup issue in TDM case (bsc#1051510). - at76c50x-usb: Do not register led_trigger if usb_register_driver failed (bsc#1051510). - audit: fix a memleak caused by auditing load module (bsc#1051510). - b43: shut up clang -Wuninitialized variable warning (bsc#1051510). - backlight: lm3630a: Return 0 on success in update_status functions (bsc#1051510). - bcache: Move couple of functions to sysfs.c (bsc#1130972). - bcache: Move couple of string arrays to sysfs.c (bsc#1130972). - bcache: Populate writeback_rate_minimum attribute (bsc#1130972). - bcache: Replace bch_read_string_list() by __sysfs_match_string() (bsc#1130972). - bcache: account size of buckets used in uuid write to ca->meta_sectors_written (bsc#1130972). - bcache: add MODULE_DESCRIPTION information (bsc#1130972). - bcache: add a comment in super.c (bsc#1130972). - bcache: add code comments for bset.c (bsc#1130972). - bcache: add comment for cache_set->fill_iter (bsc#1130972). - bcache: add identifier names to arguments of function definitions (bsc#1130972). - bcache: add missing SPDX header (bsc#1130972). - bcache: add separate workqueue for journal_write to avoid deadlock (bsc#1130972). - bcache: add static const prefix to char * array declarations (bsc#1130972). - bcache: add sysfs_strtoul_bool() for setting bit-field variables (bsc#1130972). - bcache: add the missing comments for smp_mb()/smp_wmb() (bsc#1130972). - bcache: cannot set writeback_running via sysfs if no writeback kthread created (bsc#1130972). - bcache: correct dirty data statistics (bsc#1130972). - bcache: do not assign in if condition in bcache_init() (bsc#1130972). - bcache: do not assign in if condition register_bcache() (bsc#1130972). - bcache: do not check NULL pointer before calling kmem_cache_destroy (bsc#1130972). - bcache: do not check if debug dentry is ERR or NULL explicitly on remove (bsc#1130972). - bcache: do not clone bio in bch_data_verify (bsc#1130972). - bcache: do not mark writeback_running too early (bsc#1130972). - bcache: export backing_dev_name via sysfs (bsc#1130972). - bcache: export backing_dev_uuid via sysfs (bsc#1130972). - bcache: fix code comments style (bsc#1130972). - bcache: fix indent by replacing blank by tabs (bsc#1130972). - bcache: fix indentation issue, remove tabs on a hunk of code (bsc#1130972). - bcache: fix input integer overflow of congested threshold (bsc#1130972). - bcache: fix input overflow to cache set io_error_limit (bsc#1130972). - bcache: fix input overflow to cache set sysfs file io_error_halflife (bsc#1130972). - bcache: fix input overflow to journal_delay_ms (bsc#1130972). - bcache: fix input overflow to sequential_cutoff (bsc#1130972). - bcache: fix input overflow to writeback_delay (bsc#1130972). - bcache: fix input overflow to writeback_rate_minimum (bsc#1130972). - bcache: fix ioctl in flash device (bsc#1130972). - bcache: fix mistaken code comments in bcache.h (bsc#1130972). - bcache: fix mistaken comments in request.c (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_i_term_inverse (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_p_term_inverse (bsc#1130972). - bcache: fix typo 'succesfully' to 'successfully' (bsc#1130972). - bcache: fix typo in code comments of closure_return_with_destructor() (bsc#1130972). - bcache: improve sysfs_strtoul_clamp() (bsc#1130972). - bcache: introduce force_wake_up_gc() (bsc#1130972). - bcache: make cutoff_writeback and cutoff_writeback_sync tunable (bsc#1130972). - bcache: move open brace at end of function definitions to next line (bsc#1130972). - bcache: never writeback a discard operation (bsc#1130972). - bcache: not use hard coded memset size in bch_cache_accounting_clear() (bsc#1130972). - bcache: option to automatically run gc thread after writeback (bsc#1130972). - bcache: panic fix for making cache device (bsc#1130972). - bcache: prefer 'help' in Kconfig (bsc#1130972). - bcache: print number of keys in trace_bcache_journal_write (bsc#1130972). - bcache: recal cached_dev_sectors on detach (bsc#1130972). - bcache: remove unnecessary space before ioctl function pointer arguments (bsc#1130972). - bcache: remove unused bch_passthrough_cache (bsc#1130972). - bcache: remove useless parameter of bch_debug_init() (bsc#1130972). - bcache: replace '%pF' by '%pS' in seq_printf() (bsc#1130972). - bcache: replace Symbolic permissions by octal permission numbers (bsc#1130972). - bcache: replace hard coded number with BUCKET_GC_GEN_MAX (bsc#1130972). - bcache: replace printk() by pr_*() routines (bsc#1130972). - bcache: set writeback_percent in a flexible range (bsc#1130972). - bcache: split combined if-condition code into separate ones (bsc#1130972). - bcache: stop bcache device when backing device is offline (bsc#1130972). - bcache: stop using the deprecated get_seconds() (bsc#1130972). - bcache: style fix to add a blank line after declarations (bsc#1130972). - bcache: style fix to replace 'unsigned' by 'unsigned int' (bsc#1130972). - bcache: style fixes for lines over 80 characters (bsc#1130972). - bcache: treat stale and dirty keys as bad keys (bsc#1130972). - bcache: trivial - remove tailing backslash in macro BTREE_FLAG (bsc#1130972). - bcache: update comment for bch_data_insert (bsc#1130972). - bcache: update comment in sysfs.c (bsc#1130972). - bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata (bsc#1130972). - bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set (bsc#1130972). - bcache: use REQ_PRIO to indicate bio for metadata (bsc#1130972). - bcache: use routines from lib/crc64.c for CRC64 calculation (bsc#1130972). - bcache: use sysfs_strtoul_bool() to set bit-field variables (bsc#1130972). - block: Do not revalidate bdev of hidden gendisk (bsc#1120091). - block: check_events: do not bother with events if unsupported (bsc#1110946, bsc#1119843). - block: disk_events: introduce event flags (bsc#1110946, bsc#1119843). - block: do not leak memory in bio_copy_user_iov() (bsc#1135309). - block: fix the return errno for direct IO (bsc#1135320). - block: fix use-after-free on gendisk (bsc#1135312). - bluetooth: Align minimum encryption key size for LE and BR/EDR connections (bsc#1051510). - bluetooth: Check key sizes only when Secure Simple Pairing is enabled (bsc#1135556). - bluetooth: hidp: fix buffer overflow (bsc#1051510). - bnxt_en: Free short FW command HWRM memory in error path in bnxt_init_one() (bsc#1050242). - bnxt_en: Improve RX consumer index validity check (networking-stable-19_04_10). - bnxt_en: Improve multicast address setup logic (networking-stable-19_05_04). - bnxt_en: Reset device on RX buffer errors (networking-stable-19_04_10). - bonding: fix event handling for stacked bonds (networking-stable-19_04_19). - bpf, lru: avoid messing with eviction heuristics upon syscall lookup (bsc#1083647). - bpf: Add missed newline in verifier verbose log (bsc#1056787). - bpf: add map_lookup_elem_sys_only for lookups from syscall side (bsc#1083647). - brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() (bsc#1051510). - btrfs: Do not panic when we can't find a root key (bsc#1112063). - btrfs: Factor out common delayed refs init code (bsc#1134813). - btrfs: Introduce init_delayed_ref_head (bsc#1134813). - btrfs: Open-code add_delayed_data_ref (bsc#1134813). - btrfs: Open-code add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_data_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_head in add_delayed_ref_head (bsc#1134813). - btrfs: add a helper to return a head ref (bsc#1134813). - btrfs: breakout empty head cleanup to a helper (bsc#1134813). - btrfs: delayed-ref: Introduce better documented delayed ref structures (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: do not allow trimming when a fs is mounted with the nologreplay option (bsc#1135758). - btrfs: do not double unlock on error in btrfs_punch_hole (bsc#1136881). - btrfs: extent-tree: Fix a bug that btrfs is unable to add pinned bytes (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Open-code process_func in __btrfs_mod_ref (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor add_pinned_bytes() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_free_extent() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_inc_extent_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: fix fsync not persisting changed attributes of a directory (bsc#1137151). - btrfs: fix race between ranged fsync and writeback of adjacent ranges (bsc#1136477). - btrfs: fix race updating log root item during fsync (bsc#1137153). - btrfs: fix wrong ctime and mtime of a directory after log replay (bsc#1137152). - btrfs: improve performance on fsync of files with multiple hardlinks (bsc#1123454). - btrfs: move all ref head cleanup to the helper function (bsc#1134813). - btrfs: move extent_op cleanup to a helper (bsc#1134813). - btrfs: move ref_mod modification into the if (ref) logic (bsc#1134813). - btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer dereference (bsc#1134806). - btrfs: qgroup: Do not scan leaf if we're modifying reloc tree (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: qgroup: Move reserved data accounting from btrfs_delayed_ref_head to btrfs_qgroup_extent_record (bsc#1134162). - btrfs: qgroup: Remove duplicated trace points for qgroup_rsv_add/release (bsc#1134160). - btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON() (bsc#1133612). - btrfs: remove delayed_ref_node from ref_head (bsc#1134813). - btrfs: send, flush dellaloc in order to avoid data loss (bsc#1133320). - btrfs: split delayed ref head initialization and addition (bsc#1134813). - btrfs: track refs in a rb_tree instead of a list (bsc#1134813). - btrfs: tree-checker: detect file extent items with overlapping ranges (bsc#1136478). - ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134461). - ceph: fix ci->i_head_snapc leak (bsc#1122776). - ceph: fix use-after-free on symlink traversal (bsc#1134459). - ceph: only use d_name directly when parent is locked (bsc#1134460). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565). - clk: rockchip: Fix video codec clocks on rk3288 (bsc#1051510). - clk: rockchip: fix wrong clock definitions for rk3328 (bsc#1051510). - configfs: Fix use-after-free when accessing sd->s_dentry (bsc#1051510). - configfs: fix possible use-after-free in configfs_register_group (bsc#1051510). - crypto: arm/aes-neonbs - do not access already-freed walk.iv (bsc#1051510). - crypto: caam - fix caam_dump_sg that iterates through scatterlist (bsc#1051510). - crypto: ccm - fix incompatibility between 'ccm' and 'ccm_base' (bsc#1051510). - crypto: ccp - Do not free psp_master when PLATFORM_INIT fails (bsc#1051510). - crypto: chacha20poly1305 - set cra_name correctly (bsc#1051510). - crypto: crct10dif-generic - fix use via crypto_shash_digest() (bsc#1051510). - crypto: fips - Grammar s/options/option/, s/to/the/ (bsc#1051510). - crypto: gcm - fix incompatibility between 'gcm' and 'gcm_base' (bsc#1051510). - crypto: skcipher - do not WARN on unprocessed data after slow walk step (bsc#1051510). - crypto: sun4i-ss - Fix invalid calculation of hash end (bsc#1051510). - crypto: vmx - CTR: always increment IV as quadword (bsc#1051510). - crypto: vmx - fix copy-paste error in CTR mode (bsc#1051510). - crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661, bsc#1137162). - crypto: vmx - return correct error code on failed setkey (bsc#1135661, bsc#1137162). - crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest() (bsc#1051510). - dccp: Fix memleak in __feat_register_sp (bsc#1051510). - dccp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28). - debugfs: fix use-after-free on symlink traversal (bsc#1051510). - devres: Align data[] to ARCH_KMALLOC_MINALIGN (bsc#1051510). - dmaengine: axi-dmac: Do not check the number of frames for alignment (bsc#1051510). - dmaengine: tegra210-dma: free dma controller in remove() (bsc#1051510). - documentation: Add MDS vulnerability documentation (bsc#1135642). - drivers: acpi: add dependency of EFI for arm64 (bsc#1117158). - drm/bridge: adv7511: Fix low refresh rate selection (bsc#1051510). - drm/etnaviv: lock MMU while dumping core (bsc#1113722) - drm/fb-helper: dpms_legacy(): Only set on connectors in use (bsc#1051510). - drm/i915/fbc: disable framebuffer compression on GeminiLake (bsc#1051510). - drm/i915/gvt: Fix cmd length of VEB_DI_IECP (bsc#1113722) - drm/i915/gvt: Fix incorrect mask of mmio 0x22028 in gen8/9 mmio list (bnc#1113722) - drm/i915/gvt: Tiled Resources mmios are in-context mmios for gen9+ (bsc#1113722) - drm/i915/gvt: add 0x4dfc to gen9 save-restore list (bsc#1113722) - drm/i915/gvt: do not let TRTTE and 0x4dfc write passthrough to hardware (bsc#1051510). - drm/i915/gvt: refine ggtt range validation (bsc#1113722) - drm/i915: Disable LP3 watermarks on all SNB machines (bsc#1051510). - drm/i915: Downgrade Gen9 Plane WM latency error (bsc#1051510). - drm/i915: Fix I915_EXEC_RING_MASK (bsc#1051510). - drm/imx: do not skip DP channel disable for background plane (bsc#1051510). - drm/mediatek: fix possible object reference leak (bsc#1051510). - drm/meson: add size and alignment requirements for dumb buffers (bnc#1113722) - drm/nouveau/i2c: Disable i2c bus access after ->fini() (bsc#1113722) - drm/rockchip: fix for mailbox read validation (bsc#1051510). - drm/rockchip: shutdown drm subsystem on shutdown (bsc#1051510). - drm/sun4i: rgb: Change the pixel clock validation check (bnc#1113722) - drm/ttm: Remove warning about inconsistent mapping information (bnc#1131488) - drm/vmwgfx: Do not send drm sysfs hotplug events on initial master set (bsc#1051510). - drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() (bsc#1113722) - drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read (bsc#1051510). - dt-bindings: clock: r8a7795: Remove CSIREF clock (bsc#1120902). - dt-bindings: clock: r8a7796: Remove CSIREF clock (bsc#1120902). - dt-bindings: net: Add binding for the external clock for TI WiLink (bsc#1085535). - dt-bindings: net: Fix a typo in the phy-mode list for ethernet bindings (bsc#1129770). - dt-bindings: rtc: sun6i-rtc: Fix register range in example (bsc#1120902). - dwc2: gadget: Fix completed transfer size calculation in DDMA (bsc#1051510). - efi/arm: Defer persistent reservations until after paging_init() (bsc#1117158). - efi/arm: Do not mark acpi reclaim memory as MEMBLOCK_NOMAP (bsc#1117158 bsc#1115688 bsc#1120566). - efi/arm: Revert 'Defer persistent reservations until after paging_init()' (bsc#1117158). - efi/arm: Revert deferred unmap of early memmap mapping (bsc#1117158). - efi/arm: libstub: add a root memreserve config table (bsc#1117158). - efi/arm: map UEFI memory map even w/o runtime services enabled (bsc#1117158). - efi/arm: preserve early mapping of UEFI memory map longer for BGRT (bsc#1117158). - efi: Permit calling efi_mem_reserve_persistent() from atomic context (bsc#1117158). - efi: Permit multiple entries in persistent memreserve data structure (bsc#1117158). - efi: Prevent GICv3 WARN() by mapping the memreserve table before first use (bsc#1117158). - efi: Reduce the amount of memblock reservations for persistent allocations (bsc#1117158). - efi: add API to reserve memory persistently across kexec reboot (bsc#1117158). - efi: honour memory reservations passed via a linux specific config table (bsc#1117158). - ext4: Do not warn when enabling DAX (bsc#1132894). - ext4: actually request zeroing of inode table after grow (bsc#1135315). - ext4: avoid panic during forced reboot due to aborted journal (bsc#1126356). - ext4: fix data corruption caused by overlapping unaligned and aligned IO (bsc#1136428). - ext4: fix ext4_show_options for file systems w/o journal (bsc#1135316). - ext4: fix use-after-free race with debug_want_extra_isize (bsc#1135314). - ext4: make sanity check in mballoc more strict (bsc#1136439). - ext4: wait for outstanding dio during truncate in nojournal mode (bsc#1136438). - fbdev: fix WARNING in __alloc_pages_nodemask bug (bsc#1113722) - fbdev: fix divide error in fb_var_to_videomode (bsc#1113722) - firmware: efi: factor out mem_reserve (bsc#1117158 bsc#1134671). - fix rtnh_ok() (git-fixes). - fs/sync.c: sync_file_range(2) may use WB_SYNC_ALL writeback (bsc#1136432). - fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount (bsc#1136435). - ftrace/x86_64: Emulate call function while updating in breakpoint handler (bsc#1099658). - genetlink: Fix a memory leak on error path (networking-stable-19_03_28). - ghes, EDAC: Fix ghes_edac registration (bsc#1133176). - gpio: aspeed: fix a potential NULL pointer dereference (bsc#1051510). - gpu: ipu-v3: dp: fix CSC handling (bsc#1051510). - hid: debug: fix race condition with between rdesc_show() and device removal (bsc#1051510). - hid: input: add mapping for 'Toggle Display' key (bsc#1051510). - hid: input: add mapping for Assistant key (bsc#1051510). - hid: input: add mapping for Expose/Overview key (bsc#1051510). - hid: input: add mapping for keyboard Brightness Up/Down/Toggle keys (bsc#1051510). - hid: logitech: check the return value of create_singlethread_workqueue (bsc#1051510). - hwmon: (f71805f) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (pc87427) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (vt1211) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses (bsc#1051510). - ibmvnic: Add device identification to requested IRQs (bsc#1137739). - ibmvnic: Do not close unopened driver during reset (bsc#1137752). - ibmvnic: Fix unchecked return codes of memory allocations (bsc#1137752). - ibmvnic: Refresh device multicast list after reset (bsc#1137752). - ibmvnic: remove set but not used variable 'netdev' (bsc#1137739). - igmp: fix incorrect unsolicit report count when join group (git-fixes). - iio: adc: xilinx: fix potential use-after-free on remove (bsc#1051510). - indirect call wrappers: helpers to speed-up indirect calls of builtin (bsc#1124503). - inetpeer: fix uninit-value in inet_getpeer (git-fixes). - input: elan_i2c - add hardware ID for multiple Lenovo laptops (bsc#1051510). - input: introduce KEY_ASSISTANT (bsc#1051510). - input: synaptics-rmi4 - fix possible double free (bsc#1051510). - intel_th: msu: Fix single mode with IOMMU (bsc#1051510). - intel_th: pci: Add Comet Lake support (bsc#1051510). - iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel (bsc#1117158). - iommu/arm-smmu-v3: Do not disable SMMU in kdump kernel (bsc#1117158 bsc#1134671). - iommu/vt-d: Do not request page request irq under dmar_global_lock (bsc#1135006). - iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU (bsc#1135007). - iommu/vt-d: Set intel_iommu_gfx_mapped correctly (bsc#1135008). - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type (networking-stable-19_04_10). - ip6_tunnel: collect_md xmit: Use ip_tunnel_key's provided src address (git-fixes). - ip_gre: fix parsing gre header in ipgre_err (git-fixes). - ip_tunnel: Fix name string concatenate in __ip_tunnel_create() (git-fixes). - ipconfig: Correctly initialise ic_nameservers (bsc#1051510). - ipmi:ssif: compare block number correctly for multi-part return messages (bsc#1051510). - ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled (git-fixes). - ipv4: add sanity checks in ipv4_link_failure() (git-fixes). - ipv4: ensure rcu_read_lock() in ipv4_link_failure() (networking-stable-19_04_19). - ipv4: ip_do_fragment: Preserve skb_iif during fragmentation (networking-stable-19_05_04). - ipv4: recompile ip options in ipv4_link_failure (networking-stable-19_04_19). - ipv4: set the tcp_min_rtt_wlen range from 0 to one day (networking-stable-19_04_30). - ipv6/flowlabel: wait rcu grace period before put_pid() (git-fixes). - ipv6: fix cleanup ordering for ip6_mr failure (git-fixes). - ipv6: fix cleanup ordering for pingv6 registration (git-fixes). - ipv6: invert flowlabel sharing check in process and user mode (git-fixes). - ipv6: mcast: fix unsolicited report interval after receiving querys (git-fixes). - ipvlan: Add the skb->mark as flow4's member to lookup route (bsc#1051510). - ipvlan: fix ipv6 outbound device (bsc#1051510). - ipvlan: use ETH_MAX_MTU as max mtu (bsc#1051510). - ipvs: Fix signed integer overflow when setsockopt timeout (bsc#1051510). - ipvs: call ip_vs_dst_notifier earlier than ipv6_dev_notf (git-fixes). - ipvs: fix buffer overflow with sync daemon and service (git-fixes). - ipvs: fix check on xmit to non-local addresses (git-fixes). - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() (bsc#1051510). - ipvs: fix rtnl_lock lockups caused by start_sync_thread (git-fixes). - ipvs: fix stats update from local clients (git-fixes). - iw_cxgb4: only allow 1 flush on user qps (bsc#1051510). - jbd2: check superblock mapped prior to committing (bsc#1136430). - kABI workaround for removed usb_interface.pm_usage_cnt field (bsc#1051510). - kABI workaround for snd_seq_kernel_client_enqueue() API changes (bsc#1051510). - kABI: protect dma-mapping.h include (kabi). - kABI: protect functions using struct net_generic (bsc#1130409 LTC#176346). - kABI: protect ip_options_rcv_srr (kabi). - kABI: protect struct mlx5_td (kabi). - kABI: protect struct pci_dev (kabi). - kABI: protect struct smc_ib_device (bsc#1130409 LTC#176346). - kABI: protect struct smc_link (bsc#1129857 LTC#176247). - kABI: protect struct smcd_dev (bsc#1130409 LTC#176346). - kabi: drop LINUX_Mib_TCPWQUEUETOOBIG snmp counter (bsc#1137586). - kabi: implement map_lookup_elem_sys_only in another way (bsc#1083647). - kabi: move sysctl_tcp_min_snd_mss to preserve struct net layout (bsc#1137586). - kernel/signal.c: trace_signal_deliver when signal_group_exit (git-fixes). - kernel/sys.c: prctl: fix false positive in validate_prctl_map() (git-fixes). - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv (bsc#1051510). - kernel/sysctl.c: fix out-of-bounds access when setting file-max (bsc#1051510). - keys: safe concurrent user->{session,uid}_keyring access (bsc#1135642). - kmsg: Update message catalog to latest ibM level (2019/03/08) (bsc#1128904 LTC#176078). - kmsg: Update message catalog to latest ibM level (2019/03/08) (bsc#1128905 LTC#176077). - kvm: Fix UAF in nested posted interrupt processing (bsc#1134199). - kvm: VMX: Zero out *all* general purpose registers after VM-Exit (bsc#1134202). - kvm: nVMX: Clear reserved bits of #DB exit qualification (bsc#1134200). - kvm: nVMX: restore host state in nested_vmx_vmexit for VMFail (bsc#1134201). - kvm: s390: fix memory overwrites when not using SCA entries (bsc#1136206). - kvm: s390: provide io interrupt kvm_stat (bsc#1136206). - kvm: s390: use created_vcpus in more places (bsc#1136206). - kvm: s390: vsie: fix 8k check for the itdba (bsc#1136206). - kvm: x86: Always use 32-bit SMRAM save state for 32-bit kernels (bsc#1134203). - kvm: x86: Do not clear EFER during SMM transitions for 32-bit vCPU (bsc#1134204). - kvm: x86: svm: make sure NMI is injected after nmi_singlestep (bsc#1134205). - l2tp: cleanup l2tp_tunnel_delete calls (bsc#1051510). - l2tp: filter out non-PPP sessions in pppol2tp_tunnel_ioctl() (git-fixes). - l2tp: fix missing refcount drop in pppol2tp_tunnel_ioctl() (git-fixes). - l2tp: only accept PPP sessions in pppol2tp_connect() (git-fixes). - l2tp: prevent pppol2tp_connect() from creating kernel sockets (git-fixes). - l2tp: revert 'l2tp: fix missing print session offset info' (bsc#1051510). - leds: avoid races with workqueue (bsc#1051510). - leds: pwm: silently error out on EPROBE_DEFER (bsc#1051510). - lib: add crc64 calculation routines (bsc#1130972). - lib: do not depend on linux headers being installed (bsc#1130972). - libata: fix using DMA buffers on stack (bsc#1051510). - linux/kernel.h: Use parentheses around argument in u64_to_user_ptr() (bsc#1051510). - livepatch: Convert error about unsupported reliable stacktrace into a warning (bsc#1071995). - livepatch: Remove custom kobject state handling (bsc#1071995). - livepatch: Remove duplicated code for early initialization (bsc#1071995). - lpfc: validate command in lpfc_sli4_scmd_to_wqidx_distr() (bsc#1129138). - mISDN: Check address length before reading address family (bsc#1051510). - mac80211: fix memory accounting with A-MSDU aggregation (bsc#1051510). - mac80211: fix unaligned access in mesh table hash function (bsc#1051510). - mac8390: Fix mmio access size probe (bsc#1051510). - md: fix invalid stored role for a disk (bsc#1051510). - media: atmel: atmel-isc: fix INIT_WORK misplacement (bsc#1051510). - media: cx18: update *pos correctly in cx18_read_pos() (bsc#1051510). - media: cx23885: check allocation return (bsc#1051510). - media: davinci-isif: avoid uninitialized variable use (bsc#1051510). - media: davinci/vpbe: array underflow in vpbe_enum_outputs() (bsc#1051510). - media: ivtv: update *pos correctly in ivtv_read_pos() (bsc#1051510). - media: omap_vout: potential buffer overflow in vidioc_dqbuf() (bsc#1051510). - media: ov2659: fix unbalanced mutex_lock/unlock (bsc#1051510). - media: pvrusb2: Prevent a buffer overflow (bsc#1129770). - media: serial_ir: Fix use-after-free in serial_ir_init_module (bsc#1051510). - media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame (bsc#1051510). - media: vivid: use vfree() instead of kfree() for dev->bitmap_cap (bsc#1051510). - media: wl128x: Fix an error code in fm_download_firmware() (bsc#1051510). - media: wl128x: prevent two potential buffer overflows (bsc#1051510). - memcg: make it work on sparse non-0-node systems (bnc#1133616). - memcg: make it work on sparse non-0-node systems kabi (bnc#1133616). - mlxsw: spectrum: Fix autoneg status in ethtool (networking-stable-19_04_30). - mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned addresses (bsc#1135330). - mm: Fix buggy backport leading to MAP_SYNC failures (bsc#1137372) - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (bnc#1012382). - mmc: block: Delete gendisk before cleaning up the request queue (bsc#1127616). - mmc: core: fix possible use after free of host (bsc#1051510). - mount: copy the port field into the cloned nfs_server structure (bsc#1136990). - mtd: docg3: Fix passing zero to 'PTR_ERR' warning in doc_probe_device (bsc#1051510). - mtd: docg3: fix a possible memory leak of mtd->name (bsc#1051510). - mtd: nand: omap: Fix comment in platform data using wrong Kconfig symbol (bsc#1051510). - mtd: part: fix incorrect format specifier for an unsigned long long (bsc#1051510). - mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary on read/write (bsc#1129770). - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935). - mwifiex: Fix mem leak in mwifiex_tm_cmd (bsc#1051510). - mwifiex: Fix possible buffer overflows at parsing bss descriptor - mwifiex: prevent an array overflow (bsc#1051510). - mwl8k: Fix rate_idx underflow (bsc#1051510). - neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit (git-fixes). - net-gro: Fix GRO flush when receiving a GSO packet (networking-stable-19_04_10). - net/ibmvnic: Remove tests of member address (bsc#1137739). - net/ibmvnic: Update MAC address settings after adapter reset (bsc#1134760). - net/ibmvnic: Update carrier state after link state change (bsc#1135100). - net/ipv4: defensive cipso option parsing (git-fixes). - net/ipv6: do not reinitialize ndev->cnf.addr_gen_mode on new inet6_dev (git-fixes). - net/ipv6: fix addrconf_sysctl_addr_gen_mode (git-fixes). - net/ipv6: propagate net.ipv6.conf.all.addr_gen_mode to devices (git-fixes). - net/ipv6: reserve room for IFLA_INET6_ADDR_GEN_MODE (git-fixes). - net/mlx5: Decrease default mr cache size (networking-stable-19_04_10). - net/mlx5e: Add a lock on tir list (networking-stable-19_04_10). - net/mlx5e: Fix error handling when refreshing TIRs (networking-stable-19_04_10). - net/mlx5e: Fix trailing semicolon (bsc#1075020). - net/mlx5e: IPoib, Reset QP after channels are closed (bsc#1075020). - net/mlx5e: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_04_30). - net/rose: fix unbound loop in rose_loopback_timer() (networking-stable-19_04_30). - net/sched: act_sample: fix divide by zero in the traffic path (networking-stable-19_04_10). - net/sched: do not dereference a->goto_chain to read the chain index (bsc#1064802 bsc#1066129). - net/sched: fix ->get helper of the matchall cls (networking-stable-19_04_10). - net/smc: add pnet table namespace support (bsc#1130409 LTC#176346). - net/smc: add smcd support to the pnet table (bsc#1130409 LTC#176346). - net/smc: allow 16 byte pnetids in netlink policy (bsc#1129857 LTC#176247). - net/smc: allow pci IDs as ib device names in the pnet table (bsc#1130409 LTC#176346). - net/smc: allow pnetid-less configuration (bsc#1130409 LTC#176346). - net/smc: call smc_cdc_msg_send() under send_lock (bsc#1129857 LTC#176247). - net/smc: check connections in smc_lgr_free_work (bsc#1129857 LTC#176247). - net/smc: check for ip prefix and subnet (bsc#1134607 LTC#177518). - net/smc: check port_idx of ib event (bsc#1129857 LTC#176247). - net/smc: cleanup for smcr_tx_sndbuf_nonempty (bsc#1130409 LTC#176346). - net/smc: cleanup of get vlan id (bsc#1134607 LTC#177518). - net/smc: code cleanup smc_listen_work (bsc#1134607 LTC#177518). - net/smc: consolidate function parameters (bsc#1134607 LTC#177518). - net/smc: correct state change for peer closing (bsc#1129857 LTC#176247). - net/smc: delete rkey first before switching to unused (bsc#1129857 LTC#176247). - net/smc: do not wait for send buffer space when data was already sent (bsc#1129857 LTC#176247). - net/smc: do not wait under send_lock (bsc#1129857 LTC#176247). - net/smc: fallback to TCP after connect problems (bsc#1134607 LTC#177518). - net/smc: fix a NULL pointer dereference (bsc#1134607 LTC#177518). - net/smc: fix another sizeof to int comparison (bsc#1129857 LTC#176247). - net/smc: fix byte_order for rx_curs_confirmed (bsc#1129848 LTC#176249). - net/smc: fix return code from FLUSH command (bsc#1134607 LTC#177518). - net/smc: fix sender_free computation (bsc#1129857 LTC#176247). - net/smc: fix smc_poll in SMC_INIT state (bsc#1129848 LTC#176249). - net/smc: fix use of variable in cleared area (bsc#1129857 LTC#176247). - net/smc: improve smc_conn_create reason codes (bsc#1134607 LTC#177518). - net/smc: improve smc_listen_work reason codes (bsc#1134607 LTC#177518). - net/smc: move code to clear the conn->lgr field (bsc#1129857 LTC#176247). - net/smc: move unhash before release of clcsock (bsc#1134607 LTC#177518). - net/smc: move wake up of close waiter (bsc#1129857 LTC#176247). - net/smc: no delay for free tx buffer wait (bsc#1129857 LTC#176247). - net/smc: nonblocking connect rework (bsc#1134607 LTC#177518). - net/smc: postpone release of clcsock (bsc#1129857 LTC#176247). - net/smc: preallocated memory for rdma work requests (bsc#1129857 LTC#176247). - net/smc: prevent races between smc_lgr_terminate() and smc_conn_free() (bsc#1129857 LTC#176247). - net/smc: propagate file from SMC to TCP socket (bsc#1134607 LTC#177518). - net/smc: recvmsg and splice_read should return 0 after shutdown (bsc#1129857 LTC#176247). - net/smc: reduce amount of status updates to peer (bsc#1129857 LTC#176247). - net/smc: reset cursor update required flag (bsc#1129857 LTC#176247). - net/smc: rework pnet table (bsc#1130409 LTC#176346). - net/smc: unlock LGR pending lock earlier for SMC-D (bsc#1129857 LTC#176247). - net/smc: use client and server LGR pending locks for SMC-R (bsc#1129857 LTC#176247). - net/smc: use device link provided in qp_context (bsc#1129857 LTC#176247). - net/smc: use smc_curs_copy() for SMC-D (bsc#1129857 LTC#176247). - net/smc: wait for pending work before clcsock release_sock (bsc#1134607 LTC#177518). - net: Fix a bug in removing queues from XPS map (git-fixes). - net: aquantia: fix rx checksum offload for UDP/TCP over IPv6 (networking-stable-19_03_28). - net: atm: Fix potential Spectre v1 vulnerabilities (networking-stable-19_04_19). - net: avoid skb_warn_bad_offload on IS_ERR (git-fixes). - net: do not keep lonely packets forever in the gro hash (git-fixes). - net: dsa: bcm_sf2: fix buffer overflow doing set_rxnfc (networking-stable-19_05_04). - net: dsa: legacy: do not unmask port bitmaps (git-fixes). - net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT (git-fixes). - net: ena: fix return value of ena_com_config_llq_info() (bsc#1111696 bsc#1117561). - net: ethtool: not call vzalloc for zero sized memory request (networking-stable-19_04_10). - net: fix uninit-value in __hw_addr_add_ex() (git-fixes). - net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv (networking-stable-19_04_19). - net: hns3: remove resetting check in hclgevf_reset_task_schedule (bsc#1104353 bsc#1135056). - net: initialize skb->peeked when cloning (git-fixes). - net: make skb_partial_csum_set() more robust against overflows (git-fixes). - net: phy: marvell: Fix buffer overrun with stats counters (networking-stable-19_05_04). - net: rds: exchange of 8K and 1M pool (networking-stable-19_04_30). - net: rose: fix a possible stack overflow (networking-stable-19_03_28). - net: socket: fix potential spectre v1 gadget in socketcall (git-fixes). - net: stmmac: fix memory corruption with large MTUs (networking-stable-19_03_28). - net: stmmac: move stmmac_check_ether_addr() to driver probe (networking-stable-19_04_30). - net: test tailroom before appending to linear skb (git-fixes). - net: thunderx: do not allow jumbo frames with XDP (networking-stable-19_04_19). - net: thunderx: raise XDP MTU to 1508 (networking-stable-19_04_19). - net: unbreak CONFIG_RETPOLINE=n builds (bsc#1124503). - net: use indirect call wrappers at GRO network layer (bsc#1124503). - net: use indirect call wrappers at GRO transport layer (bsc#1124503). - netfilter: bridge: Do not sabotage nf_hook calls from an l3mdev (git-fixes). - netfilter: bridge: ebt_among: add missing match size checks (git-fixes). - netfilter: bridge: ebt_among: add more missing match size checks (git-fixes). - netfilter: drop template ct when conntrack is skipped (git-fixes). - netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule (git-fixes). - netfilter: ebtables: handle string from userspace with care (git-fixes). - netfilter: ebtables: reject non-bridge targets (git-fixes). - netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel (git-fixes). - netfilter: nf_log: do not hold nf_log_mutex during user access (git-fixes). - netfilter: nf_log: fix uninit read in nf_log_proc_dostring (git-fixes). - netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v{4,6} (git-fixes). - netfilter: nf_tables: can't fail after linking rule into active rule list (git-fixes). - netfilter: nf_tables: check msg_type before nft_trans_set(trans) (git-fixes). - netfilter: nf_tables: fix NULL pointer dereference on nft_ct_helper_obj_dump() (git-fixes). - netfilter: nf_tables: fix leaking object reference count (git-fixes). - netfilter: nf_tables: release chain in flushing set (git-fixes). - netfilter: nft_compat: do not dump private area (git-fixes). - netfilter: x_tables: initialise match/target check parameter struct (git-fixes). - netlink: fix uninit-value in netlink_sendmsg (git-fixes). - nfs add module option to limit nfsv4 minor version (jsc#PM-231). - nfs: Enable nfsv4.2 support - jsc@PM-231 This requires a module parameter for nfsv4.2 to actually be available on SLE12 and SLE15-SP0 - nfsv4.x: always serialize open/close operations (bsc#1114893). - nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands (bsc#1051510). - nvme-rdma: fix possible free of a non-allocated async event buffer (bsc#1120423). - nvme: Do not remove namespaces during reset (bsc#1131673). - nvme: flush scan_work when resetting controller (bsc#1131673). - objtool: Fix function fallthrough detection (bsc#1058115). - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget (bsc#1136434). - ocfs2: turn on OCFS2_FS_STATS setting(bsc#1134393) We need to turn on OCFS2_FS_STATS kernel configuration setting, to fix bsc#1134393. - of: fix clang -Wunsequenced for be32_to_cpu() (bsc#1135642). - omapfb: add missing of_node_put after of_device_is_available (bsc#1051510). - openvswitch: add seqadj extension when NAT is used (bsc#1051510). - openvswitch: fix flow actions reallocation (bsc#1051510). - p54: drop device reference count if fails to enable device (bsc#1135642). - packet: fix reserve calculation (git-fixes). - packet: in packet_snd start writing at link layer allocation (git-fixes). - packet: refine ring v3 block size test to hold one frame (git-fixes). - packet: reset network header if packet shorter than ll reserved space (git-fixes). - packet: validate msg_namelen in send directly (git-fixes). - packets: Always register packet sk in the same order (networking-stable-19_03_28). - pci: Factor out pcie_retrain_link() function (git-fixes). - pci: Mark AMD Stoney Radeon R7 GPU ATS as broken (bsc#1051510). - pci: Mark Atheros AR9462 to avoid bus reset (bsc#1051510). - pci: Work around Pericom pcie-to-pci bridge Retrain Link erratum (git-fixes). - pci: endpoint: Use EPC's device in dma_alloc_coherent()/dma_free_coherent() (git-fixes). - phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode (bsc#1051510). - platform/x86: alienware-wmi: printing the wrong error code (bsc#1051510). - platform/x86: dell-rbtn: Add missing #include (bsc#1051510). - platform/x86: intel_pmc_ipc: adding error handling (bsc#1051510). - platform/x86: intel_punit_ipc: Revert 'Fix resource ioremap warning' (bsc#1051510). - platform/x86: pmc_atom: Add Lex 3I380D industrial PC to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Add several Beckhoff Automation boards to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Drop __initconst on dmi table (bsc#1051510). - platform/x86: sony-laptop: Fix unintentional fall-through (bsc#1051510). - power: supply: axp20x_usb_power: Fix typo in VBUS current limit macros (bsc#1051510). - power: supply: axp288_charger: Fix unchecked return value (bsc#1051510). - powerpc/eeh: Fix race with driver un/bind (bsc#1065729). - powerpc/msi: Fix NULL pointer access in teardown code (bsc#1065729). - powerpc/perf: Fix MMCRA corruption by bhrb_filter (bsc#1053043). - powerpc/powernv/idle: Restore IAMR after idle (bsc#1065729). - powerpc/process: Fix sparse address space warnings (bsc#1065729). - powerpc: Always initialize input array when calling epapr_hypercall() (bsc#1065729). - powerpc: Fix HMIs on big-endian with CONFIG_RELOCATABLE=y (bsc#1065729). - proc/kcore: do not bounds check against address 0 (bsc#1051510). - proc/sysctl: fix return error for proc_doulongvec_minmax() (bsc#1051510). - proc: revalidate kernel thread inodes to root:root (bsc#1051510). - ptrace: take into account saved_sigmask in PTRACE{GET,SET}SIGMASK (git-fixes). - pwm: Fix deadlock warning when removing PWM device (bsc#1051510). - pwm: meson: Consider 128 a valid pre-divider (bsc#1051510). - pwm: meson: Do not disable PWM when setting duty repeatedly (bsc#1051510). - pwm: meson: Use the spin-lock only to protect register modifications (bsc#1051510). - pwm: tiehrpwm: Update shadow register for disabling PWMs (bsc#1051510). - qla2xxx: allow irqbalance control in non-MQ mode (bsc#1128979). - qla2xxx: always allocate qla_tgt_wq (bsc#1131451). - qmi_wwan: add Olicard 600 (bsc#1051510). - rdma/hns: Fix bug that caused srq creation to fail (bsc#1104427 ). - rdma/rxe: Consider skb reserve space based on netdev of GID (bsc#1082387, bsc#1103992). - regulator: tps65086: Fix tps65086_ldoa1_ranges for selector 0xB (bsc#1051510). - rt2x00: do not increment sequence number while re-transmitting (bsc#1051510). - rtc: da9063: set uie_unsupported when relevant (bsc#1051510). - rtc: sh: Fix invalid alarm warning for non-enabled alarm (bsc#1051510). - rtlwifi: rtl8723ae: Fix missing break in switch statement (bsc#1051510). - rxrpc: Fix error reception on AF_INET6 sockets (git-fixes). - rxrpc: Fix transport sockopts to get IPv4 errors on an IPv6 socket (git-fixes). - s390/ism: ignore some errors during deregistration (bsc#1129857 LTC#176247). - s390/qdio: clear intparm during shutdown (bsc#1134597 LTC#177516). - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() (bsc#1051510). - sc16is7xx: move label 'err_spi' to correct section (bsc#1051510). - sc16is7xx: put err_spi and err_i2c into correct #ifdef (bsc#1051510). - scripts: override locale from environment when running recordmcount.pl (bsc#1134354). - scsi: qedf: fixup bit operations (bsc#1135542). - scsi: qedf: fixup locking in qedf_restart_rport() (bsc#1135542). - scsi: qedf: missing kref_put in qedf_xmit() (bsc#1135542). - scsi: qla2xxx: Declare local functions 'static' (bsc#1137444). - scsi: qla2xxx: Fix function argument descriptions (bsc#1118139). - scsi: qla2xxx: Fix memory corruption during hba reset test (bsc#1118139). - scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show (bsc#1132044). - scsi: qla2xxx: Improve several kernel-doc headers (bsc#1137444). - scsi: qla2xxx: Introduce a switch/case statement in qlt_xmit_tm_rsp() (bsc#1137444). - scsi: qla2xxx: Make qla2x00_sysfs_write_nvram() easier to analyze (bsc#1137444). - scsi: qla2xxx: Make sure that qlafx00_ioctl_iosb_entry() initializes 'res' (bsc#1137444). - scsi: qla2xxx: NULL check before some freeing functions is not needed (bsc#1137444). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1137444). - scsi: qla2xxx: Remove two arguments from qlafx00_error_entry() (bsc#1137444). - scsi: qla2xxx: Remove unused symbols (bsc#1118139). - scsi: qla2xxx: Split the __qla2x00_abort_all_cmds() function (bsc#1137444). - scsi: qla2xxx: Use %p for printing pointers (bsc#1118139). - scsi: qla2xxx: fix error message on qla2400 (bsc#1118139). - scsi: qla2xxx: fix spelling mistake: 'existant' -> 'existent' (bsc#1118139). - scsi: qla2xxx: fully convert to the generic DMA API (bsc#1137444). - scsi: qla2xxx: fx00 copypaste typo (bsc#1118139). - scsi: qla2xxx: remove the unused tcm_qla2xxx_cmd_wq (bsc#1118139). - scsi: qla2xxx: use lower_32_bits and upper_32_bits instead of reinventing them (bsc#1137444). - sctp: avoid running the sctp state machine recursively (networking-stable-19_05_04). - sctp: fix identification of new acks for SFR-CACC (git-fixes). - sctp: get sctphdr by offset in sctp_compute_cksum (networking-stable-19_03_28). - sctp: initialize _pad of sockaddr_in before copying to user memory (networking-stable-19_04_10). - sctp: only update outstanding_bytes for transmitted queue when doing prsctp_prune (git-fixes). - sctp: set frag_point in sctp_setsockopt_maxseg correctly` (git-fixes). - selinux: use kernel linux/socket.h for genheaders and mdp (bsc#1134810). - serial: 8250_pxa: honor the port number from devicetree (bsc#1051510). - serial: ar933x_uart: Fix build failure with disabled console (bsc#1051510). - serial: uartps: console_setup() can't be placed to init section (bsc#1051510). - signal: Always notice exiting tasks (git-fixes). - signal: Better detection of synchronous signals (git-fixes). - signal: Restore the stop PTRACE_EVENT_EXIT (git-fixes). - smc: move unhash as early as possible in smc_release() (bsc#1129857 LTC#176247). - soc/fsl/qe: Fix an error code in qe_pin_request() (bsc#1051510). - soc/tegra: pmc: Drop locking from tegra_powergate_is_powered() (bsc#1051510). - spi: Micrel eth switch: declare missing of table (bsc#1051510). - spi: ST ST95HF NFC: declare missing of table (bsc#1051510). - spi: a3700: Clear DATA_OUT when performing a read (bsc#1051510). - spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios (bsc#1051510). - spi: bcm2835aux: setup gpio-cs to output and correct level during setup (bsc#1051510). - spi: bcm2835aux: warn in dmesg that native cs is not really supported (bsc#1051510). - spi: rspi: Fix sequencer reset during initialization (bsc#1051510). - ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit (bsc#1051510). - staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc (bsc#1051510). - stm class: Fix an endless loop in channel allocation (bsc#1051510). - stm class: Fix channel free in stm output free path (bsc#1051510). - stm class: Prevent division by zero (bsc#1051510). - stmmac: pci: Adjust IOT2000 matching (networking-stable-19_04_30). - supported.conf: Add openvswitch to kernel-default-base (bsc#1124839). - supported.conf: Add openvswitch to kernel-default-base (bsc#1124839). - switchtec: Fix unintended mask of MRPC event (git-fixes). - tcp: Ensure DCTCP reacts to losses (networking-stable-19_04_10). - tcp: add tcp_min_snd_mss sysctl (bsc#1137586). - tcp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28). - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586). - tcp: limit payload size of sacked skbs (bsc#1137586). - tcp: purge write queue in tcp_connect_init() (git-fixes). - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586). - tcp: tcp_grow_window() needs to respect tcp_space() (networking-stable-19_04_19). - team: fix possible recursive locking when add slaves (networking-stable-19_04_30). - team: set slave to promisc if team is already in promisc mode (bsc#1051510). - thermal/int340x_thermal: Add additional UUIDs (bsc#1051510). - thermal/int340x_thermal: fix mode setting (bsc#1051510). - thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power (bsc#1051510). - thunderx: eliminate extra calls to put_page() for pages held for recycling (networking-stable-19_03_28). - thunderx: enable page recycling for non-XDP case (networking-stable-19_03_28). - tipc: fix hanging clients using poll with EPOLLOUT flag (git-fixes). - tipc: missing entries in name table of publications (networking-stable-19_04_19). - tools lib traceevent: Fix missing equality check for strcmp (bsc#1129770). - tracing: Fix partial reading of trace event's id file (bsc#1136573). - treewide: Use DEVICE_ATTR_WO (bsc#1137739). - tty: increase the default flip buffer limit to 2*640K (bsc#1051510). - tty: pty: Fix race condition between release_one_tty and pty_write (bsc#1051510). - tty: serial_core, add ->install (bnc#1129693). - tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if blankinterval == 0 (bsc#1051510). - tun: add a missing rcu_read_unlock() in error path (networking-stable-19_03_28). - tun: properly test for IFF_UP (networking-stable-19_03_28). - uas: fix alignment of scatter/gather segments (bsc#1129770). - udp: use indirect call wrappers for GRO socket lookup (bsc#1124503). - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour (bsc#1135323). - usb-storage: Set virt_boundary_mask to avoid SG overflows (bsc#1051510). - usb: cdc-acm: fix unthrottle races (bsc#1051510). - usb: core: Fix bug caused by duplicate interface PM usage counter (bsc#1051510). - usb: core: Fix unterminated string returned by usb_string() (bsc#1051510). - usb: dwc3: Fix default lpm_nyet_threshold value (bsc#1051510). - usb: gadget: net2272: Fix net2272_dequeue() (bsc#1051510). - usb: gadget: net2280: Fix net2280_dequeue() (bsc#1051510). - usb: gadget: net2280: Fix overrun of OUT messages (bsc#1051510). - usb: serial: f81232: fix interrupt worker not stop (bsc#1051510). - usb: serial: fix unthrottle races (bsc#1051510). - usb: u132-hcd: fix resource leak (bsc#1051510). - usb: usb251xb: fix to avoid potential NULL pointer dereference (bsc#1051510). - usb: usbip: fix isoc packet num validation in get_pipe (bsc#1051510). - usb: w1 ds2490: Fix bug caused by improper use of altsetting array (bsc#1051510). - usb: yurex: Fix protection fault after device removal (bsc#1051510). - userfaultfd: use RCU to free the task struct when fork fails (git-fixes). - vfio/mdev: Avoid release parent reference during error path (bsc#1051510). - vfio/mdev: Fix aborting mdev child device removal if one fails (bsc#1051510). - vfio/pci: use correct format characters (bsc#1051510). - vfio_pci: Enable memory accesses before calling pci_map_rom (bsc#1051510). - vhost/vsock: fix reset orphans race with close timeout (bsc#1051510). - vhost: reject zero size iova range (networking-stable-19_04_19). - virtio-blk: limit number of hw queues by nr_cpu_ids (bsc#1051510). - virtio: Honour 'may_reduce_num' in vring_create_virtqueue (bsc#1051510). - virtio_pci: fix a NULL pointer reference in vp_del_vqs (bsc#1051510). - vrf: check accept_source_route on the original netdevice (networking-stable-19_04_10). - vsock/virtio: Initialize core virtio vsock before registering the driver (bsc#1051510). - vsock/virtio: fix kernel panic after device hot-unplug (bsc#1051510). - vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock (bsc#1051510). - vsock/virtio: reset connected sockets on device removal (bsc#1051510). - vt: always call notifier with the console lock held (bsc#1051510). - vxlan: Do not call gro_cells_destroy() before device is unregistered (networking-stable-19_03_28). - x86/speculation/mds: Fix documentation typo (bsc#1135642). - x86_64: Add gap to int3 to allow for call emulation (bsc#1099658). - x86_64: Allow breakpoints to emulate call instructions (bsc#1099658). - xenbus: drop useless LIST_HEAD in xenbus_write_watch() and xenbus_file_write() (bsc#1065600). - xfrm6: avoid potential infinite loop in _decode_session6() (git-fixes). - xfrm6: call kfree_skb when skb is toobig (git-fixes). - xfrm: Fix stack-out-of-bounds read on socket policy lookup (git-fixes). - xfrm: Return error on unknown encap_type in init_state (git-fixes). - xfrm: Validate address prefix lengths in the xfrm selector (git-fixes). - xfrm: fix 'passing zero to ERR_PTR()' warning (git-fixes). - xfrm: fix missing dst_release() after policy blocking lbcast and multicast (git-fixes). - xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) (git-fixes). - xfrm: reset crypto_done when iterating over multiple input xfrms (git-fixes). - xfrm: reset transport header back to network header after all input transforms ahave been applied (git-fixes). - xfrm_user: prevent leaking 2 bytes of kernel memory (git-fixes). - xfs: add log item pinning error injection tag (bsc#1114427). - xfs: buffer lru reference count error injection tag (bsc#1114427). - xfs: check _btree_check_block value (bsc#1123663). - xfs: convert drop_writes to use the errortag mechanism (bsc#1114427). - xfs: create block pointer check functions (bsc#1123663). - xfs: create inode pointer verifiers (bsc#1114427). - xfs: detect and fix bad summary counts at mount (bsc#1114427). - xfs: export _inobt_btrec_to_irec and _ialloc_cluster_alignment for scrub (bsc#1114427). - xfs: export various function for the online scrubber (bsc#1123663). - xfs: expose errortag knobs via sysfs (bsc#1114427). - xfs: fix unused variable warning in xfs_buf_set_ref() (bsc#1114427). - xfs: force summary counter recalc at next mount (bsc#1114427). - xfs: kill meaningless variable 'zero' (bsc#1106011). - xfs: make errortag a per-mountpoint structure (bsc#1123663). - xfs: move error injection tags into their own file (bsc#1114427). - xfs: prepare xfs_break_layouts() for another layout type (bsc#1106011). - xfs: prepare xfs_break_layouts() to be called with XFS_MMAPLOCK_EXCL (bsc#1106011). - xfs: refactor btree block header checking functions (bsc#1123663). - xfs: refactor btree pointer checks (bsc#1123663). - xfs: refactor unmount record write (bsc#1114427). - xfs: remove unneeded parameter from XFS_TEST_ERROR (bsc#1123663). - xfs: remove xfs_zero_range (bsc#1106011). - xfs: rename MAXPATHLEN to XFS_SYMLINK_MAXLEN (bsc#1123663). - xfs: replace log_badcrc_factor knob with error injection tag (bsc#1114427). - xfs: sanity-check the unused space before trying to use it (bsc#1123663). - xfs: serialize unaligned dio writes against all other dio writes (bsc#1134936). Important SUSE bug 1012382 SUSE bug 1050242 SUSE bug 1051510 SUSE bug 1053043 SUSE bug 1056787 SUSE bug 1058115 SUSE bug 1063638 SUSE bug 1064802 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1066129 SUSE bug 1068546 SUSE bug 1071995 SUSE bug 1075020 SUSE bug 1082387 SUSE bug 1083647 SUSE bug 1085535 SUSE bug 1099658 SUSE bug 1103992 SUSE bug 1104353 SUSE bug 1104427 SUSE bug 1106011 SUSE bug 1106284 SUSE bug 1108838 SUSE bug 1110946 SUSE bug 1111696 SUSE bug 1112063 SUSE bug 1113722 SUSE bug 1114427 SUSE bug 1114893 SUSE bug 1115688 SUSE bug 1117158 SUSE bug 1117561 SUSE bug 1118139 SUSE bug 1119843 SUSE bug 1120091 SUSE bug 1120423 SUSE bug 1120566 SUSE bug 1120843 SUSE bug 1120902 SUSE bug 1122776 SUSE bug 1123454 SUSE bug 1123663 SUSE bug 1124503 SUSE bug 1124839 SUSE bug 1126356 SUSE bug 1127616 SUSE bug 1128052 SUSE bug 1128904 SUSE bug 1128905 SUSE bug 1128979 SUSE bug 1129138 SUSE bug 1129497 SUSE bug 1129693 SUSE bug 1129770 SUSE bug 1129848 SUSE bug 1129857 SUSE bug 1130409 SUSE bug 1130699 SUSE bug 1130972 SUSE bug 1131451 SUSE bug 1131488 SUSE bug 1131565 SUSE bug 1131673 SUSE bug 1132044 SUSE bug 1132894 SUSE bug 1133176 SUSE bug 1133188 SUSE bug 1133190 SUSE bug 1133320 SUSE bug 1133612 SUSE bug 1133616 SUSE bug 1134160 SUSE bug 1134162 SUSE bug 1134199 SUSE bug 1134200 SUSE bug 1134201 SUSE bug 1134202 SUSE bug 1134203 SUSE bug 1134204 SUSE bug 1134205 SUSE bug 1134354 SUSE bug 1134393 SUSE bug 1134459 SUSE bug 1134460 SUSE bug 1134461 SUSE bug 1134537 SUSE bug 1134591 SUSE bug 1134597 SUSE bug 1134607 SUSE bug 1134651 SUSE bug 1134671 SUSE bug 1134760 SUSE bug 1134806 SUSE bug 1134810 SUSE bug 1134813 SUSE bug 1134848 SUSE bug 1134936 SUSE bug 1135006 SUSE bug 1135007 SUSE bug 1135008 SUSE bug 1135056 SUSE bug 1135100 SUSE bug 1135120 SUSE bug 1135278 SUSE bug 1135281 SUSE bug 1135309 SUSE bug 1135312 SUSE bug 1135314 SUSE bug 1135315 SUSE bug 1135316 SUSE bug 1135320 SUSE bug 1135323 SUSE bug 1135330 SUSE bug 1135492 SUSE bug 1135542 SUSE bug 1135556 SUSE bug 1135603 SUSE bug 1135642 SUSE bug 1135661 SUSE bug 1135758 SUSE bug 1136206 SUSE bug 1136424 SUSE bug 1136428 SUSE bug 1136430 SUSE bug 1136432 SUSE bug 1136434 SUSE bug 1136435 SUSE bug 1136438 SUSE bug 1136439 SUSE bug 1136477 SUSE bug 1136478 SUSE bug 1136573 SUSE bug 1136586 SUSE bug 1136881 SUSE bug 1136935 SUSE bug 1136990 SUSE bug 1137151 SUSE bug 1137152 SUSE bug 1137153 SUSE bug 1137162 SUSE bug 1137372 SUSE bug 1137444 SUSE bug 1137586 SUSE bug 1137739 SUSE bug 1137752 CVE-2018-7191 CVE-2019-10124 CVE-2019-11085 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11486 CVE-2019-11487 CVE-2019-11815 CVE-2019-11833 CVE-2019-11884 CVE-2019-12382 CVE-2019-3846 CVE-2019-5489 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 This update for libdlm, libqb fixes the following issues: libqb to version 1.0.3: - CVE-2019-12779: Fixed an insecure treatment of IPC temporary files which could have allowed a local attacker to overwrite privileged system files (bsc#1137835). - Enabled use of filesystem sockets for linux (fate#323415). - Fixed logging with newer binutils version (bsc#1074327). libdlm: - Explicitly used and linked libstonithd from libpacemaker3 (bsc#1098449). Important SUSE bug 1069468 SUSE bug 1074327 SUSE bug 1098449 SUSE bug 1137835 CVE-2019-12779 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 This update for fence-agents version 4.4.0 fixes the following issues: Security issue fixed: - CVE-2019-10153: Fixed a denial of service via guest VM comments (bsc#1137314). Non-security issue fixed: - Added aliyun fence agent (bsc#1139913). Low SUSE bug 1137314 SUSE bug 1139913 CVE-2019-10153 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-10638: A device could have been tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. (bnc#1140575) - CVE-2019-10639: Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image was exposed. This attack could have been carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic was trivial if the server answered ICMP Echo requests (ping). For client targets, if the target visited the attacker's web page, then WebRTC or gQUIC could be used to force UDP traffic to attacker-controlled IP addresses. (bnc#1140577) - CVE-2018-20836: A race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, could have lead to a use-after-free. (bnc#1134395) - CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (bnc#1133738) - CVE-2019-12614: An unchecked kstrdup might have allowed an attacker to cause denial of service (a NULL pointer dereference and system crash). (bnc#1137194) - CVE-2019-12819: The function __mdiobus_register() in drivers/net/phy/mdio_bus.c called put_device() which would trigger a fixed_mdio_bus_init use-after-free. This would cause a denial of service. (bnc#1138291) - CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may have returned NULL. If the caller did not check for this, it would trigger a NULL pointer dereference. This would cause denial of service. (bnc#1138293) The following non-security bugs were fixed: - 6lowpan: Off by one handling ->nexthdr (bsc#1051510). - acpi / property: fix handling of data_nodes in acpi_get_next_subnode() (bsc#1051510). - acpi: Add Hygon Dhyana support - af_key: unconditionally clone on broadcast (bsc#1051510). - alsa: firewire-lib/fireworks: fix miss detection of received MIDI messages (bsc#1051510). - alsa: firewire-motu: fix destruction of data for isochronous resources (bsc#1051510). - alsa: hda - Force polling mode on CNL for fixing codec communication (bsc#1051510). - alsa: hda/realtek - Change front mic location for Lenovo M710q (bsc#1051510). - alsa: hda/realtek - Set default power save node to 0 (bsc#1051510). - alsa: hda/realtek - Update headset mode for ALC256 (bsc#1051510). - alsa: hda/realtek: Add quirks for several Clevo notebook barebones (bsc#1051510). - alsa: line6: Fix write on zero-sized buffer (bsc#1051510). - alsa: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510). - alsa: seq: fix incorrect order of dest_client/dest_ports arguments (bsc#1051510). - alsa: usb-audio: fix sign unintended sign extension on left shifts (bsc#1051510). - apparmor: enforce nullbyte at end of tag string (bsc#1051510). - asoc: cs42xx8: Add regcache mask dirty (bsc#1051510). - asoc: eukrea-tlv320: fix a leaked reference by adding missing of_node_put (bsc#1051510). - asoc: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510). - asoc: fsl_sai: Update is_slave_mode with correct value (bsc#1051510). - asoc: fsl_utils: fix a leaked reference by adding missing of_node_put (bsc#1051510). - asoc: hdmi-codec: unlock the device on startup errors (bsc#1051510). - audit: fix a memory leak bug (bsc#1051510). - ax25: fix inconsistent lock state in ax25_destroy_timer (bsc#1051510). - batman-adv: allow updating DAT entry timeouts on incoming ARP Replies (bsc#1051510). - blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432). - blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637). - block: Fix a NULL pointer dereference in generic_make_request() (bsc#1139771). - bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328). - bluetooth: Replace the bluetooth fix with the upstream commit (bsc#1135556) - brcmfmac: convert dev_init_lock mutex to completion (bsc#1051510). - brcmfmac: fix Oops when bringing up interface during USB disconnect (bsc#1051510). - brcmfmac: fix WARNING during USB disconnect in case of unempty psq (bsc#1051510). - brcmfmac: fix missing checks for kmemdup (bsc#1051510). - brcmfmac: fix race during disconnect when USB completion is in progress (bsc#1051510). - can: af_can: Fix error path of can_init() (bsc#1051510). - can: flexcan: fix timeout when set small bitrate (bsc#1051510). - can: purge socket error queue on sock destruct (bsc#1051510). - ceph: flush dirty inodes before proceeding with remount (bsc#1140405). - cfg80211: fix memory leak of wiphy device name (bsc#1051510). - chardev: add additional check for minor range overlap (bsc#1051510). - clk: rockchip: Turn on 'aclk_dmac1' for suspend on rk3288 (bsc#1051510). - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider (bsc#1051510). - coresight: etb10: Fix handling of perf mode (bsc#1051510). - coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510). - cpu/topology: Export die_id (jsc#SLE-5454). - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ (). - cpufreq: Add Hygon Dhyana support (). - crypto: algapi - guard against uninitialized spawn list in crypto_remove_spawns (bsc#1133401). - crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510). - crypto: user - prevent operating on larval algorithms (bsc#1133401). - device core: Consolidate locking and unlocking of parent and device (bsc#1106383). - dm, dax: Fix detection of DAX support (bsc#1139782). - dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510). - doc: Cope with the deprecation of AutoReporter (bsc#1051510). - docs: Fix conf.py for Sphinx 2.0 (bsc#1135642). - documentation: Correct the possible MDS sysfs values (bsc#1135642). - drbd: Avoid Clang warning about pointless switch statment (bsc#1051510). - drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bsc#1051510). - drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510). - drbd: skip spurious timeout (ping-timeo) when failing promote (bsc#1051510). - driver core: Establish order of operations for device_add and device_del via bitflag (bsc#1106383). - driver core: Probe devices asynchronously instead of the driver (bsc#1106383). - drivers/base: Introduce kill_device() (bsc#1139865). - drivers/base: kABI fixes for struct device_private (bsc#1106383). - drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' (bsc#1051510). - drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() (bsc#1051510). - drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var (bsc#1051510). - drivers: thermal: tsens: Do not print error message on -EPROBE_DEFER (bsc#1051510). - drm/amdgpu: fix old fence check in amdgpu_fence_emit (bsc#1051510). - drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510). - drm/drv: Hold ref on parent device during drm_device lifetime (bsc#1051510). - drm/gma500/cdv: Check vbt config bits when detecting lvds panels (bsc#1051510). - drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510). - drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510). - drm/i915/sdvo: Implement proper HDMI audio support for SDVO (bsc#1051510). - drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration (bsc#1051510). - drm/radeon: prefer lower reference dividers (bsc#1051510). - drm: Wake up next in drm_read() chain if we are forced to putback the event (bsc#1051510). - edac, amd64: Add Hygon Dhyana support (). - edac/mc: Fix edac_mc_find() in case no device is found (bsc#1114279). - extcon: arizona: Disable mic detect if running when driver is removed (bsc#1051510). - ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995). - fuse: fallocate: fix return with locked inode (bsc#1051510). - fuse: fix writepages on 32bit (bsc#1051510). - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate (bsc#1051510). - genirq: Prevent use-after-free and work list corruption (bsc#1051510). - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bsc#1051510). - genwqe: Prevent an integer overflow in the ioctl (bsc#1051510). - gpio: Remove obsolete comment about gpiochip_free_hogs() usage (bsc#1051510). - gpio: fix gpio-adp5588 build errors (bsc#1051510). - hid: Wacom: switch Dell canvas into highres mode (bsc#1051510). - hid: input: fix a4tech horizontal wheel custom usage (bsc#1137429). - hid: logitech-hidpp: change low battery level threshold from 31 to 30 percent (bsc#1051510). - hid: logitech-hidpp: use RAP instead of FAP to get the protocol version (bsc#1051510). - hid: wacom: Add ability to provide explicit battery status info (bsc#1051510). - hid: wacom: Add support for 3rd generation Intuos BT (bsc#1051510). - hid: wacom: Add support for Pro Pen slim (bsc#1051510). - hid: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth (bsc#1051510). - hid: wacom: Do not report anything prior to the tool entering range (bsc#1051510). - hid: wacom: Do not set tool type until we're in range (bsc#1051510). - hid: wacom: Mark expected switch fall-through (bsc#1051510). - hid: wacom: Move HID fix for AES serial number into wacom_hid_usage_quirk (bsc#1051510). - hid: wacom: Move handling of HID quirks into a dedicated function (bsc#1051510). - hid: wacom: Properly handle AES serial number and tool type (bsc#1051510). - hid: wacom: Queue events with missing type/serial data for later processing (bsc#1051510). - hid: wacom: Remove comparison of u8 mode with zero and simplify (bsc#1051510). - hid: wacom: Replace touch_max fixup code with static touch_max definitions (bsc#1051510). - hid: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact (bsc#1051510). - hid: wacom: Support 'in range' for Intuos/Bamboo tablets where possible (bsc#1051510). - hid: wacom: Sync INTUOSP2_BT touch state after each frame if necessary (bsc#1051510). - hid: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 (bsc#1051510). - hid: wacom: convert Wacom custom usages to standard HID usages (bsc#1051510). - hid: wacom: fix mistake in printk (bsc#1051510). - hid: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0 (bsc#1051510). - hid: wacom: generic: Leave tool in prox until it completely leaves sense (bsc#1051510). - hid: wacom: generic: Refactor generic battery handling (bsc#1051510). - hid: wacom: generic: Report AES battery information (bsc#1051510). - hid: wacom: generic: Reset events back to zero when pen leaves (bsc#1051510). - hid: wacom: generic: Scale battery capacity measurements to percentages (bsc#1051510). - hid: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set (bsc#1051510). - hid: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range (bsc#1051510). - hid: wacom: generic: Support multiple tools per report (bsc#1051510). - hid: wacom: generic: Use generic codepath terminology in wacom_wac_pen_report (bsc#1051510). - hid: wacom: generic: add the 'Report Valid' usage (bsc#1051510). - hid: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510). - hwmon/coretemp: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - hwmon/coretemp: Support multi-die/package (jsc#SLE-5454). - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (). - hwmon: (core) add thermal sensors only if dev->of_node is present (bsc#1051510). - hwmon: (k10temp) 27C Offset needed for Threadripper2 (). - hwmon: (k10temp) Add Hygon Dhyana support (). - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics (). - hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs (). - hwmon: (k10temp) Add support for family 17h (). - hwmon: (k10temp) Add support for temperature offsets (). - hwmon: (k10temp) Add temperature offset for Ryzen 1900X (). - hwmon: (k10temp) Add temperature offset for Ryzen 2700X (). - hwmon: (k10temp) Correct model name for Ryzen 1600X (). - hwmon: (k10temp) Display both Tctl and Tdie (). - hwmon: (k10temp) Fix reading critical temperature register (). - hwmon: (k10temp) Make function get_raw_temp static (). - hwmon: (k10temp) Move chip specific code into probe function (). - hwmon: (k10temp) Only apply temperature offset if result is positive (). - hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh processors (). - hwmon: (k10temp) Use API function to access System Management Network (). - hwmon: (pmbus/core) Treat parameters as paged if on multiple pages (bsc#1051510). - hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify offset table (). - hwrng: omap - Set default quality (bsc#1051510). - i2c-piix4: Add Hygon Dhyana SMBus support (). - i2c: acorn: fix i2c warning (bsc#1135642). - i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr (bsc#1051510). - i2c: i801: Add support for Intel Comet Lake (jsc#SLE-5331). - ibmveth: Update ethtool settings to reflect virtual properties (bsc#1136157, LTC#177197). - iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion (bsc#1051510). - iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data (bsc#1051510). - iio: hmc5843: fix potential NULL pointer dereferences (bsc#1051510). - input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510). - input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD (bsc#1051510). - iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb() (bsc#1051510). - iwlwifi: pcie: do not crash on invalid RX interrupt (bsc#1051510). - kABI workaround for the new pci_dev.skip_bus_pm field addition (bsc#1051510). - kabi: x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - kabi: x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - kernel-binary: Use -c grep option in klp project detection. - kernel-binary: fix missing \ - kernel-binary: rpm does not support multiline condition - kernel-subpackage-spec: Add dummy package to ensure subpackages are rebuilt with kernel update (bsc#1106751). In factory packages are not rebuilt automatically so a dependency is needed on the old kernel to get a rebuild with the new kernel. THe subpackage itself cannot depend on the kernel so add another empty pacakge that does depend on it. - kmps: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137). - kmps: provide and conflict a kernel version specific KMP name (bsc#1127155, bsc#1109137). - kvm: PPC: Book3S HV: Avoid lockdep debugging in TCE realmode handlers (bsc#1061840). - kvm: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough interrupts (bsc#1061840). - kvm: PPC: Book3S: Protect memslots while validating user address (bsc#1061840). - kvm: PPC: Release all hardware TCE tables attached to a group (bsc#1061840). - kvm: PPC: Remove redundand permission bits removal (bsc#1061840). - kvm: PPC: Validate TCEs against preregistered memory page sizes (bsc#1061840). - kvm: PPC: Validate all tces before updating tables (bsc#1061840). - kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID (bsc#1114279). - kvm: x86: Include multiple indices with CPUID leaf 0x8000001d (bsc#1114279). - leds: avoid flush_work in atomic context (bsc#1051510). - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk (bsc#1051510). - libnvdimm, pfn: Fix over-trim in trim_pfn_device() (bsc#1140719). - libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865). - mISDN: make sure device name is NUL terminated (bsc#1051510). - mac80211/cfg80211: update bss channel on channel switch (bsc#1051510). - mac80211: Do not use stack memory with scatterlist for GMAC (bsc#1051510). - mac80211: Fix kernel panic due to use of txq after free (bsc#1051510). - mac80211: drop robust management frames from unknown TA (bsc#1051510). - mac80211: handle deauthentication/disassociation from TDLS peer (bsc#1051510). - media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() (bsc#1051510). - media: au0828: stop video streaming only when last user stops (bsc#1051510). - media: coda: clear error return value before picture run (bsc#1051510). - media: cpia2: Fix use-after-free in cpia2_exit (bsc#1051510). - media: go7007: avoid clang frame overflow warning with KASAN (bsc#1051510). - media: m88ds3103: serialize reset messages in m88ds3103_set_frontend (bsc#1051510). - media: ov2659: make S_FMT succeed even if requested format does not match (bsc#1051510). - media: saa7146: avoid high stack usage with clang (bsc#1051510). - media: smsusb: better handle optional alignment (bsc#1051510). - media: usb: siano: Fix false-positive 'uninitialized variable' warning (bsc#1051510). - media: usb: siano: Fix general protection fault in smsusb (bsc#1051510). - media: v4l2-ioctl: clear fields in s_parm (bsc#1051510). - mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L (bsc#1051510). - mfd: intel-lpss: Set the device in reset state when init (bsc#1051510). - mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values (bsc#1051510). - mfd: tps65912-spi: Add missing of table registration (bsc#1051510). - mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510). - mm: pagechage-limit: Calculate pagecache-limit based on node state (bsc#1136811) - mmc: core: Prevent processing SDIO IRQs when the card is suspended (bsc#1051510). - mmc: core: Verify SD bus width (bsc#1051510). - mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers (bsc#1051510). - mmc: mmci: Prevent polling for busy detection in IRQ context (bsc#1051510). - mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum A-009204 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC5 support (bsc#1051510). - mmc_spi: add a status check for spi_sync_locked (bsc#1051510). - module: Fix livepatch/ftrace module text permissions race (bsc#1071995). - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633). - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633). - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633). - nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814). - nfit/ars: Avoid stale ARS results (jsc#SLE-5433). - nfit/ars: Introduce scrub_flags (jsc#SLE-5433). - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642). - nvme-rdma: fix double freeing of async event data (bsc#1120423). - nvme-rdma: fix possible double free of controller async event buffer (bsc#1120423). - nvme: copy MTFA field from identify controller (bsc#1140715). - nvme: skip nvme_update_disk_info() if the controller is not live (bsc#1128432). - nvmem: Do not let a NULL cell_id for nvmem_cell_get() crash us (bsc#1051510). - nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510). - nvmem: core: fix read buffer in place (bsc#1051510). - nvmem: correct Broadcom OTP controller driver writes (bsc#1051510). - nvmem: imx-ocotp: Add i.MX7D timing write clock setup support (bsc#1051510). - nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510). - nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510). - nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function (bsc#1051510). - nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510). - nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510). - nvmem: imx-ocotp: Update module description (bsc#1051510). - nvmem: properly handle returned value nvmem_reg_read (bsc#1051510). - ocfs2: try to reuse extent block in dealloc without meta_alloc (bsc#1128902). - parport: Fix mem leak in parport_register_dev_model (bsc#1051510). - pci: PM: Avoid possible suspend-to-idle issue (bsc#1051510). - pci: PM: Skip devices in D0 for suspend-to-idle (bsc#1051510). - pci: rpadlpar: Fix leaked device_node references in add/remove paths (bsc#1051510). - perf tools: Add Hygon Dhyana support (). - perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/rapl: Cosmetic rename internal variables in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454). - platform/chrome: cros_ec_proto: check for NULL transfer function (bsc#1051510). - platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration (bsc#1051510). - pm/core: Propagate dev->power.wakeup_path when no callbacks (bsc#1051510). - power: supply: max14656: fix potential use-before-alloc (bsc#1051510). - power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510). - powercap/intel_rapl: Simplify rapl_find_package() (jsc#SLE-5454). - powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454). - powercap/intel_rapl: Update RAPL domain name and debug messages (jsc#SLE-5454). - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374, LTC#178199). - powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list (bsc#1137728, LTC#178106). - powerpc/perf: Add POWER9 alternate PM_RUN_CYC and PM_RUN_INST_CMPL events (bsc#1137728, LTC#178106). - powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199). - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199). - powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375, LTC#178204). - powerpc/rtas: retry when cpu offline races with suspend/migration (bsc#1140428, LTC#178808). - ppp: mppe: Add softdep to arc4 (bsc#1088047). - qlcnic: Avoid potential NULL pointer dereference (bsc#1051510). - qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510). - qmi_wwan: add network device usage statistics for qmimux devices (bsc#1051510). - qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510). - qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode (bsc#1051510). - qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510). - rapidio: fix a NULL pointer dereference when create_workqueue() fails (bsc#1051510). - ras/cec: Convert the timer callback to a workqueue (bsc#1114279). - ras/cec: Fix binary search function (bsc#1114279). - rpm/dtb.spec.in.in: Fix new include path Commit 89de3db69113d58cdab14d2c777de6080eac49dc ('rpm/dtb.spec.in.in: Update include path for dt-bindings') introduced an additional include path for 4.12. The commit message had it correct, but the spec file template lacked a path component, breaking the aarch64 build while succeeding on armv7hl. Fix that. - rpm/dtb.spec.in.in: Update include path for dt-bindings Kernels before 4.12 had arch/{arm,arm64}/boot/dts/include/ directories with a symlink to include/dt-bindings/. In 4.12 those include/ directories were dropped. Therefore use include/ directly. Additionally some cross-architecture .dtsi reuse was introduced, which requires scripts/dtc/include-prefixes/ that didn't exist on older kernels. - rpm/kernel-binary.spec.in: Add back kernel-binary-base subpackage (jsc#SLE-3853). - rpm/kernel-binary.spec.in: Build livepatch support in SUSE release projects (bsc#1124167). - rpm/kernel-subpackage-build: handle arm kernel zImage. - rpm/kernel-subpackage-spec: only provide firmware actually present in subpackage. - rpm/package-descriptions: fix typo in kernel-azure - rpm/post.sh: correct typo in err msg (bsc#1137625) - rpm: Add arm64 dtb-allwinner subpackage 4.10 added arch/arm64/boot/dts/allwinner/. - rpm: Add arm64 dtb-zte subpackage 4.9 added arch/arm64/boot/dts/zte/. - rtc: 88pm860x: prevent use-after-free on device remove (bsc#1051510). - rtc: do not reference bogus function pointer in kdoc (bsc#1051510). - rtlwifi: fix a potential NULL pointer dereference (bsc#1051510). - s390: fix booting problem (bsc#1140948). - s390/dasd: fix using offset into zero size array error (bsc#1051510). - s390/jump_label: Use 'jdd' constraint on gcc9 (bsc#1138589). - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event (bsc#1051510). - s390/qeth: fix race when initializing the IP address table (bsc#1051510). - s390/setup: fix early warning messages (bsc#1051510). - s390/virtio: handle find on invalid queue gracefully (bsc#1051510). - sbitmap: fix improper use of smp_mb__before_atomic() (bsc#1140658). - sched/topology: Improve load balancing on AMD EPYC (bsc#1137366). - scripts/git_sort/git_sort.py: add djbw/nvdimm nvdimm-pending. - scripts/git_sort/git_sort.py: add nvdimm/libnvdimm-fixes - scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390). - scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555). - scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555). - scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() (bsc#1140727). - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bsc#1140728). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296). - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove (bsc#1051510). - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bsc#1051510). - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bsc#1051510). - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) (bsc#1051510). - serial: sh-sci: disable DMA for uart_console (bsc#1051510). - smb3: Fix endian warning (bsc#1137884). - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher (bsc#1051510). - soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510). - spi : spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510). - spi: Fix zero length xfer bug (bsc#1051510). - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master (bsc#1051510). - spi: pxa2xx: Add support for Intel Comet Lake (jsc#SLE-5331). - spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510). - spi: spi-fsl-spi: call spi_finalize_current_message() at the end (bsc#1051510). - spi: tegra114: reset controller on probe (bsc#1051510). - staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest (bsc#1051510). - staging: vc04_services: prevent integer overflow in create_pagelist() (bsc#1051510). - staging: wlan-ng: fix adapter initialization failure (bsc#1051510). - svm: Add warning message for AVIC IPI invalid target (bsc#1140133). - svm: Fix AVIC incomplete IPI emulation (bsc#1140133). - sysctl: handle overflow in proc_get_long (bsc#1051510). - test_firmware: Use correct snprintf() limit (bsc#1135642). - thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - thermal/x86_pkg_temp_thermal: Support multi-die/package (jsc#SLE-5454). - thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510). - thunderbolt: Fix to check for kmemdup failure (bsc#1051510). - tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510). - tmpfs: fix uninitialized return value in shmem_link (bsc#1051510). - tools/cpupower: Add Hygon Dhyana support (). - topology: Create core_cpus and die_cpus sysfs attributes (jsc#SLE-5454). - topology: Create package_cpus sysfs attribute (jsc#SLE-5454). - tracing/snapshot: Resize spare buffer if size changed (bsc#1140726). - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler (bsc#1051510). - tty: ipwireless: fix missing checks for ioremap (bsc#1051510). - tty: max310x: Fix external crystal register setup (bsc#1051510). - tty: serial: msm_serial: Fix XON/XOFF (bsc#1051510). - usb: Add LPM quirk for Surface Dock GigE adapter (bsc#1051510). - usb: Fix chipmunk-like voice when using Logitech C270 for recording audio (bsc#1051510). - usb: Fix slab-out-of-bounds write in usb_get_bos_descriptor (bsc#1051510). - usb: chipidea: udc: workaround for endpoint conflict issue (bsc#1135642). - usb: core: Add PM runtime calls to usb_hcd_platform_shutdown (bsc#1051510). - usb: core: Do not unbind interfaces following device reset failure (bsc#1051510). - usb: dwc2: Fix DMA cache alignment issues (bsc#1051510). - usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression) (bsc#1135642). - usb: rio500: fix memory leak in close after disconnect (bsc#1051510). - usb: rio500: refuse more than one device at a time (bsc#1051510). - usb: serial: fix initial-termios handling (bsc#1135642). - usb: serial: option: add Telit 0x1260 and 0x1261 compositions (bsc#1051510). - usb: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode (bsc#1051510). - usb: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510). - usb: serial: pl2303: fix tranceiver suspend mode (bsc#1135642). - usb: sisusbvga: fix oops in error path of sisusb_probe (bsc#1051510). - usb: usb-storage: Add new ID to ums-realtek (bsc#1051510). - usb: xhci: avoid null pointer deref when bos field is NULL (bsc#1135642). - usbip: usbip_host: fix BUG: sleeping function called from invalid context (bsc#1051510). - usbip: usbip_host: fix stub_dev lock context imbalance regression (bsc#1051510). - usbnet: fix kernel crash after disconnect (bsc#1051510). - usbnet: ipheth: fix racing condition (bsc#1051510). - vfio: ccw: only free cp on final interrupt (bsc#1051510). - video: hgafb: fix potential NULL pointer dereference (bsc#1051510). - video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510). - virtio_console: initialize vtermno value for ports (bsc#1051510). - vlan: disable SIOCSHWTSTAMP in container (bsc#1051510). - vxlan: trivial indenting fix (bsc#1051510). - vxlan: use __be32 type for the param vni in __vxlan_fdb_delete (bsc#1051510). - w1: fix the resume command API (bsc#1051510). - watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510). - x86/CPU/AMD: Do not force the CPB cap when running under a hypervisor (bsc#1114279). - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors (). - x86/alternative: Init ideal_nops for Hygon Dhyana (). - x86/amd_nb: Add support for Raven Ridge CPUs (). - x86/amd_nb: Check vendor in AMD-only functions (). - x86/apic: Add Hygon Dhyana support (). - x86/bugs: Add Hygon Dhyana to the respective mitigation machinery (). - x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number (). - x86/cpu: Create Hygon Dhyana architecture support file (). - x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana (). - x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382). - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (jsc#SLE-5382). This changes definitions of some bits, but they are intended to be used only by the core, so hopefully, no KMP uses the definitions. - x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions (jsc#SLE-5382). - x86/events: Add Hygon Dhyana support to PMU infrastructure (). - x86/kvm: Add Hygon Dhyana support to KVM (). - x86/mce: Add Hygon Dhyana support to the MCA infrastructure (). - x86/mce: Do not disable MCA banks when offlining a CPU on AMD (). - x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279). - x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback (bsc#1114279). - x86/microcode: Fix microcode hotplug state (bsc#1114279). - x86/microcode: Fix the ancient deprecated microcode loading method (bsc#1114279). - x86/mm/mem_encrypt: Disable all instrumentation for early SME setup (bsc#1114279). - x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and northbridge (). - x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana (). - x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454). - x86/speculation/mds: Revert CPU buffer clear on double fault exit (bsc#1114279). - x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - x86/topology: Create topology_max_die_per_package() (jsc#SLE-5454). - x86/topology: Define topology_die_id() (jsc#SLE-5454). - x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - x86/xen: Add Hygon Dhyana support to Xen (). - xen/pciback: Do not disable PCI_COMMAND on PCI device reset (bsc#1065600). - xfs: do not clear imap_valid for a non-uptodate buffers (bsc#1138018). - xfs: do not look at buffer heads in xfs_add_to_ioend (bsc#1138013). - xfs: do not set the page uptodate in xfs_writepage_map (bsc#1138003). - xfs: do not use XFS_BMAPI_ENTRIRE in xfs_get_blocks (bsc#1137999). - xfs: do not use XFS_BMAPI_IGSTATE in xfs_map_blocks (bsc#1138005). - xfs: eof trim writeback mapping as soon as it is cached (bsc#1138019). - xfs: fix s_maxbytes overflow problems (bsc#1137996). - xfs: make xfs_writepage_map extent map centric (bsc#1138009). - xfs: minor cleanup for xfs_get_blocks (bsc#1138000). - xfs: move all writeback buffer_head manipulation into xfs_map_at_offset (bsc#1138014). - xfs: refactor the tail of xfs_writepage_map (bsc#1138016). - xfs: remove XFS_IO_INVALID (bsc#1138017). - xfs: remove the imap_valid flag (bsc#1138012). - xfs: remove unused parameter from xfs_writepage_map (bsc#1137995). - xfs: remove xfs_map_cow (bsc#1138007). - xfs: remove xfs_reflink_find_cow_mapping (bsc#1138010). - xfs: remove xfs_reflink_trim_irec_to_next_cow (bsc#1138006). - xfs: remove xfs_start_page_writeback (bsc#1138015). - xfs: rename the offset variable in xfs_writepage_map (bsc#1138008). - xfs: simplify xfs_map_blocks by using xfs_iext_lookup_extent directly (bsc#1138011). - xfs: skip CoW writes past EOF when writeback races with truncate (bsc#1137998). - xfs: xfs_reflink_convert_cow() memory allocation deadlock (bsc#1138002). - xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic() (bsc#1051510). - xhci: Use %zu for printing size_t type (bsc#1051510). - xhci: update bounce buffer with correct sg num (bsc#1051510). Important SUSE bug 1051510 SUSE bug 1061840 SUSE bug 1065600 SUSE bug 1071995 SUSE bug 1088047 SUSE bug 1094555 SUSE bug 1098633 SUSE bug 1106383 SUSE bug 1106751 SUSE bug 1109137 SUSE bug 1114279 SUSE bug 1119532 SUSE bug 1120423 SUSE bug 1124167 SUSE bug 1127155 SUSE bug 1128432 SUSE bug 1128902 SUSE bug 1128910 SUSE bug 1132154 SUSE bug 1132390 SUSE bug 1133401 SUSE bug 1133738 SUSE bug 1134303 SUSE bug 1134395 SUSE bug 1135296 SUSE bug 1135556 SUSE bug 1135642 SUSE bug 1136157 SUSE bug 1136811 SUSE bug 1136922 SUSE bug 1137103 SUSE bug 1137194 SUSE bug 1137221 SUSE bug 1137366 SUSE bug 1137429 SUSE bug 1137625 SUSE bug 1137728 SUSE bug 1137884 SUSE bug 1137995 SUSE bug 1137996 SUSE bug 1137998 SUSE bug 1137999 SUSE bug 1138000 SUSE bug 1138002 SUSE bug 1138003 SUSE bug 1138005 SUSE bug 1138006 SUSE bug 1138007 SUSE bug 1138008 SUSE bug 1138009 SUSE bug 1138010 SUSE bug 1138011 SUSE bug 1138012 SUSE bug 1138013 SUSE bug 1138014 SUSE bug 1138015 SUSE bug 1138016 SUSE bug 1138017 SUSE bug 1138018 SUSE bug 1138019 SUSE bug 1138291 SUSE bug 1138293 SUSE bug 1138374 SUSE bug 1138375 SUSE bug 1138589 SUSE bug 1138719 SUSE bug 1139751 SUSE bug 1139771 SUSE bug 1139782 SUSE bug 1139865 SUSE bug 1140133 SUSE bug 1140328 SUSE bug 1140405 SUSE bug 1140424 SUSE bug 1140428 SUSE bug 1140575 SUSE bug 1140577 SUSE bug 1140637 SUSE bug 1140658 SUSE bug 1140715 SUSE bug 1140719 SUSE bug 1140726 SUSE bug 1140727 SUSE bug 1140728 SUSE bug 1140814 SUSE bug 1140948 SUSE bug 821419 SUSE bug 945811 CVE-2018-16871 CVE-2018-20836 CVE-2019-10126 CVE-2019-10638 CVE-2019-10639 CVE-2019-11478 CVE-2019-11599 CVE-2019-12456 CVE-2019-12614 CVE-2019-12818 CVE-2019-12819 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319). - CVE-2018-12232: In net/socket.c in the there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash (bnc#1097593). - CVE-2018-14625: A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (bnc#1106615). - CVE-2018-16862: A security flaw was found in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186). - CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946). - CVE-2018-18397: The userfaultfd implementation mishandled access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656). - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841). - CVE-2018-19854: An issue was discovered in the crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker did not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option) (bnc#1118428). - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). The following non-security bugs were fixed: - acpi / CPPC: Check for valid PCC subspace only if PCC is used (bsc#1117115). - acpi / CPPC: Update all pr_(debug/err) messages to log the susbspace id (bsc#1117115). - aio: fix spectre gadget in lookup_ioctx (bsc#1120594). - alsa: cs46xx: Potential NULL dereference in probe (bsc#1051510). - alsa: emu10k1: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - alsa: emux: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - alsa: fireface: fix for state to fetch PCM frames (bsc#1051510). - alsa: fireface: fix reference to wrong register for clock configuration (bsc#1051510). - alsa: firewire-lib: fix wrong assignment for 'out_packet_without_header' tracepoint (bsc#1051510). - alsa: firewire-lib: fix wrong handling payload_length as payload_quadlet (bsc#1051510). - alsa: firewire-lib: use the same print format for 'without_header' tracepoints (bsc#1051510). - alsa: hda: add mute LED support for HP EliteBook 840 G4 (bsc#1051510). - alsa: hda: Add support for AMD Stoney Ridge (bsc#1051510). - alsa: hda/ca0132 - make pci_iounmap() call conditional (bsc#1051510). - alsa: hda: fix front speakers on Huawei MBXP (bsc#1051510). - alsa: hda/realtek - Add support for Acer Aspire C24-860 headset mic (bsc#1051510). - alsa: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225 (bsc#1051510). - alsa: hda/realtek: ALC286 mic and headset-mode fixups for Acer Aspire U27-880 (bsc#1051510). - alsa: hda/realtek: ALC294 mic and headset-mode fixups for ASUS X542UN (bsc#1051510). - alsa: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX391UA with ALC294 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX433FN/UX333FA with ALC294 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX533FD with ALC294 (bsc#1051510). - alsa: hda/realtek: Enable the headset mic auto detection for ASUS laptops (bsc#1051510). - alsa: hda/realtek - Fixed headphone issue for ALC700 (bsc#1051510). - alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4660G (bsc#1051510). - alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4860G/Z6860G (bsc#1051510). - alsa: hda/realtek - Fix speaker output regression on Thinkpad T570 (bsc#1051510). - alsa: hda/realtek - Fix the mute LED regresion on Lenovo X1 Carbon (bsc#1051510). - alsa: hda/realtek - Support Dell headset mode for New AIO platform (bsc#1051510). - alsa: hda/tegra: clear pending irq handlers (bsc#1051510). - alsa: pcm: Call snd_pcm_unlink() conditionally at closing (bsc#1051510). - alsa: pcm: Fix interval evaluation with openmin/max (bsc#1051510). - alsa: pcm: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: pcm: Fix starvation on down_write_nonblock() (bsc#1051510). - alsa: rme9652: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: trident: Suppress gcc string warning (bsc#1051510). - alsa: usb-audio: Add SMSL D1 to quirks for native DSD support (bsc#1051510). - alsa: usb-audio: Add support for Encore mDSD USB DAC (bsc#1051510). - alsa: usb-audio: Avoid access before bLength check in build_audio_procunit() (bsc#1051510). - alsa: usb-audio: Fix an out-of-bound read in create_composite_quirks (bsc#1051510). - alsa: x86: Fix runtime PM for hdmi-lpe-audio (bsc#1051510). - apparmor: do not try to replace stale label in ptrace access check (git-fixes). - apparmor: do not try to replace stale label in ptraceme check (git-fixes). - apparmor: Fix uninitialized value in aa_split_fqname (git-fixes). - arm64: Add work around for Arm Cortex-A55 Erratum 1024718 (bsc#1120612). - arm64: atomics: Remove '&' from '+&' asm constraint in lse atomics (bsc#1120613). - arm64: cpu_errata: include required headers (bsc#1120615). - arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing (bsc#1120633). - arm64: Fix /proc/iomem for reserved but not memory regions (bsc#1120632). - arm64: lse: Add early clobbers to some input/output asm operands (bsc#1120614). - arm64: lse: remove -fcall-used-x0 flag (bsc#1120618). - arm64: mm: always enable CONFIG_HOLES_IN_ZONE (bsc#1120617). - arm64/numa: Report correct memblock range for the dummy node (bsc#1120620). - arm64/numa: Unify common error path in numa_init() (bsc#1120621). - arm64: remove no-op -p linker flag (bsc#1120616). - ASoC: dapm: Recalculate audio map forcely when card instantiated (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Clapper (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Gnawty (bsc#1051510). - ASoC: Intel: mrfld: fix uninitialized variable access (bsc#1051510). - ASoC: omap-abe-twl6040: Fix missing audio card caused by deferred probing (bsc#1051510). - ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE (bsc#1051510). - ASoC: omap-mcbsp: Fix latency value calculation for pm_qos (bsc#1051510). - ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE (bsc#1051510). - ASoC: rsnd: fixup clock start checker (bsc#1051510). - ASoC: wm_adsp: Fix dma-unsafe read of scratch registers (bsc#1051510). - ath10k: do not assume this is a PCI dev in generic code (bsc#1051510). - ath6kl: Only use match sets when firmware supports it (bsc#1051510). - b43: Fix error in cordic routine (bsc#1051510). - bcache: fix miss key refill->end in writeback (Git-fixes). - bcache: trace missed reading by cache_missed (Git-fixes). - Blacklist 5182f26f6f74 crypto: ccp - Make function sev_get_firmware() static - blk-mq: remove synchronize_rcu() from blk_mq_del_queue_tag_set() (Git-fixes). - block: allow max_discard_segments to be stacked (Git-fixes). - block: blk_init_allocated_queue() set q->fq as NULL in the fail case (Git-fixes). - block: really disable runtime-pm for blk-mq (Git-fixes). - block: reset bi_iter.bi_done after splitting bio (Git-fixes). - block/swim: Fix array bounds check (Git-fixes). - bnxt_en: do not try to offload VLAN 'modify' action (bsc#1050242 ). - bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request (bsc#1086282). - bnxt_en: Fix VNIC reservations on the PF (bsc#1086282 ). - bnxt_en: get the reduced max_irqs by the ones used by RDMA (bsc#1050242). - bpf: fix check of allowed specifiers in bpf_trace_printk (bsc#1083647). - bpf: use per htab salt for bucket hash (git-fixes). - btrfs: Always try all copies when reading extent buffers (git-fixes). - btrfs: delete dead code in btrfs_orphan_add() (bsc#1111469). - btrfs: delete dead code in btrfs_orphan_commit_root() (bsc#1111469). - btrfs: do not BUG_ON() in btrfs_truncate_inode_items() (bsc#1111469). - btrfs: do not check inode's runtime flags under root->orphan_lock (bsc#1111469). - btrfs: do not return ino to ino cache if inode item removal fails (bsc#1111469). - btrfs: fix ENOSPC caused by orphan items reservations (bsc#1111469). - btrfs: Fix error handling in btrfs_cleanup_ordered_extents (git-fixes). - btrfs: fix error handling in btrfs_truncate() (bsc#1111469). - btrfs: fix error handling in btrfs_truncate_inode_items() (bsc#1111469). - btrfs: fix fsync of files with multiple hard links in new directories (1120173). - btrfs: Fix memory barriers usage with device stats counters (git-fixes). - btrfs: fix use-after-free on root->orphan_block_rsv (bsc#1111469). - btrfs: get rid of BTRFS_INODE_HAS_ORPHAN_ITEM (bsc#1111469). - btrfs: get rid of unused orphan infrastructure (bsc#1111469). - btrfs: move btrfs_truncate_block out of trans handle (bsc#1111469). - btrfs: qgroup: Dirty all qgroups before rescan (bsc#1120036). - btrfs: refactor btrfs_evict_inode() reserve refill dance (bsc#1111469). - btrfs: renumber BTRFS_INODE_ runtime flags and switch to enums (bsc#1111469). - btrfs: reserve space for O_TMPFILE orphan item deletion (bsc#1111469). - btrfs: run delayed items before dropping the snapshot (bsc#1121263, bsc#1111188). - btrfs: stop creating orphan items for truncate (bsc#1111469). - btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875). - btrfs: update stale comments referencing vmtruncate() (bsc#1111469). - can: flexcan: flexcan_irq(): fix indention (bsc#1051510). - cdrom: do not attempt to fiddle with cdo->capability (bsc#1051510). - ceph: do not update importing cap's mseq when handing cap export (bsc#1121273). - char_dev: extend dynamic allocation of majors into a higher range (bsc#1121058). - char_dev: Fix off-by-one bugs in find_dynamic_major() (bsc#1121058). - clk: mmp: Off by one in mmp_clk_add() (bsc#1051510). - clk: mvebu: Off by one bugs in cp110_of_clk_get() (bsc#1051510). - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations (git-fixes). - config: arm64: enable erratum 1024718 - cpufeature: avoid warning when compiling with clang (Git-fixes). - cpufreq / CPPC: Add cpuinfo_cur_freq support for CPPC (bsc#1117115). - cpufreq: CPPC: fix build in absence of v3 support (bsc#1117115). - cpupower: remove stringop-truncation waring (git-fixes). - crypto: bcm - fix normal/non key hash algorithm failure (bsc#1051510). - crypto: ccp - Add DOWNLOAD_FIRMWARE SEV command (). - crypto: ccp - Add GET_ID SEV command (). - crypto: ccp - Add psp enabled message when initialization succeeds (). - crypto: ccp - Add support for new CCP/PSP device ID (). - crypto: ccp - Allow SEV firmware to be chosen based on Family and Model (). - crypto: ccp - Fix static checker warning (). - crypto: ccp - Remove unused #defines (). - crypto: ccp - Support register differences between PSP devices (). - dasd: fix deadlock in dasd_times_out (bsc#1121477, LTC#174111). - dax: Check page->mapping isn't NULL (bsc#1120054). - dax: Do not access a freed inode (bsc#1120055). - device property: Define type of PROPERTY_ENRTY_*() macros (bsc#1051510). - device property: fix fwnode_graph_get_next_endpoint() documentation (bsc#1051510). - disable stringop truncation warnings for now (git-fixes). - dm: allocate struct mapped_device with kvzalloc (Git-fixes). - dm cache: destroy migration_cache if cache target registration failed (Git-fixes). - dm cache: fix resize crash if user does not reload cache table (Git-fixes). - dm cache metadata: ignore hints array being too small during resize (Git-fixes). - dm cache metadata: save in-core policy_hint_size to on-disk superblock (Git-fixes). - dm cache metadata: set dirty on all cache blocks after a crash (Git-fixes). - dm cache: only allow a single io_mode cache feature to be requested (Git-fixes). - dm crypt: do not decrease device limits (Git-fixes). - dm: fix report zone remapping to account for partition offset (Git-fixes). - dm integrity: change 'suspending' variable from bool to int (Git-fixes). - dm ioctl: harden copy_params()'s copy_from_user() from malicious users (Git-fixes). - dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled (Git-fixes). - dm linear: fix linear_end_io conditional definition (Git-fixes). - dm thin: handle running out of data space vs concurrent discard (Git-fixes). - dm thin metadata: remove needless work from __commit_transaction (Git-fixes). - dm thin: stop no_space_timeout worker when switching to write-mode (Git-fixes). - dm writecache: fix a crash due to reading past end of dirty_bitmap (Git-fixes). - dm writecache: report start_sector in status line (Git-fixes). - dm zoned: fix metadata block ref counting (Git-fixes). - dm zoned: fix various dmz_get_mblock() issues (Git-fixes). - doc/README.SUSE: correct GIT url No more gitorious, github we use. - drivers/net/usb: add device id for TP-LINK UE300 USB 3.0 Ethernet (bsc#1119749). - drivers/net/usb/r8152: remove the unneeded variable 'ret' in rtl8152_system_suspend (bsc#1119749). - drivers/tty: add missing of_node_put() (bsc#1051510). - drm/amdgpu/gmc8: update MC firmware for polaris (bsc#1113722) - drm/amdgpu: update mc firmware image for polaris12 variants (bsc#1113722) - drm/amdgpu: update SMC firmware image for polaris10 variants (bsc#1113722) - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1113722) - drm/i915/execlists: Apply a full mb before execution for Braswell (bsc#1113722) - drm/ioctl: Fix Spectre v1 vulnerabilities (bsc#1113722) - drm/nouveau/kms: Fix memory leak in nv50_mstm_del() (bsc#1113722) - drm: rcar-du: Fix external clock error checks (bsc#1113722) - drm: rcar-du: Fix vblank initialization (bsc#1113722) - drm/rockchip: psr: do not dereference encoder before it is null (bsc#1113722) - drm: set is_master to 0 upon drm_new_set_master() failure (bsc#1113722) - drm/vc4: Set ->is_yuv to false when num_planes == 1 (bsc#1113722) - drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE (bsc#1113722) - dt-bindings: add compatible string for Allwinner V3s SoC (git-fixes). - dt-bindings: arm: Document SoC compatible value for Armadillo-800 EVA (git-fixes). - dt-bindings: clock: add rk3399 DDR3 standard speed bins (git-fixes). - dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4 (git-fixes). - dt-bindings: iio: update STM32 timers clock names (git-fixes). - dt-bindings: mfd: axp20x: Add AXP806 to supported list of chips (git-fixes). - dt-bindings: net: Remove duplicate NSP Ethernet MAC binding document (git-fixes). - dt-bindings: panel: lvds: Fix path to display timing bindings (git-fixes). - dt-bindings: phy: sun4i-usb-phy: Add property descriptions for H3 (git-fixes). - dt-bindings: pwm: renesas: tpu: Fix 'compatible' prop description (git-fixes). - dt-bindings: pwm: Update STM32 timers clock names (git-fixes). - dt-bindings: rcar-dmac: Document missing error interrupt (git-fixes). - efi: Move some sysfs files to be read-only by root (bsc#1051510). - ethernet: fman: fix wrong of_node_put() in probe function (bsc#1119017). - exportfs: fix 'passing zero to ERR_PTR()' warning (bsc#1118773). - ext2: fix potential use after free (bsc#1118775). - ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#1118760). - ext4: fix EXT4_IOC_GROUP_ADD ioctl (bsc#1120604). - ext4: fix possible use after free in ext4_quota_enable (bsc#1120602). - ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() (bsc#1120603). - extable: Consolidate *kernel_text_address() functions (bsc#1120092). - extable: Enable RCU if it is not watching in kernel_text_address() (bsc#1120092). - fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1113722) - fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1113722) - filesystem-dax: Fix dax_layout_busy_page() livelock (bsc#1118787). - firmware: add firmware_request_nowarn() - load firmware without warnings (). - Fix tracing sample code warning (git-fixes). - fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (Git-fixes). - fscache: Pass the correct cancelled indications to fscache_op_complete() (Git-fixes). - fs: fix lost error code in dio_complete (bsc#1118762). - fs/xfs: Use %pS printk format for direct addresses (git-fixes). - fuse: fix blocked_waitq wakeup (git-fixes). - fuse: fix leaked notify reply (git-fixes). - fuse: fix possibly missed wake-up after abort (git-fixes). - fuse: Fix use-after-free in fuse_dev_do_read() (git-fixes). - fuse: Fix use-after-free in fuse_dev_do_write() (git-fixes). - fuse: fix use-after-free in fuse_direct_IO() (git-fixes). - fuse: set FR_SENT while locked (git-fixes). - gcc-plugins: Add include required by GCC release 8 (git-fixes). - gcc-plugins: Use dynamic initializers (git-fixes). - gfs2: Do not leave s_fs_info pointing to freed memory in init_sbd (bsc#1118769). - gfs2: Fix loop in gfs2_rbm_find (bsc#1120601). - gfs2: Get rid of potential double-freeing in gfs2_create_inode (bsc#1120600). - gfs2_meta: ->mount() can get NULL dev_name (bsc#1118768). - gfs2: Put bitmap buffers in put_super (bsc#1118772). - gpio: davinci: Remove unused member of davinci_gpio_controller (git-fixes). - gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers (bsc#1051510). - gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (bsc#1051510). - gpio: max7301: fix driver for use with CONFIG_VMAP_STACK (bsc#1051510). - gpio: mvebu: only fail on missing clk if pwm is actually to be used (bsc#1051510). - hid: Add quirk for Primax PIXART OEM mice (bsc#1119410). - hid: input: Ignore battery reported by Symbol DS4308 (bsc#1051510). - hid: multitouch: Add pointstick support for Cirque Touchpad (bsc#1051510). - hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - i2c: axxia: properly handle master timeout (bsc#1051510). - i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node (bsc#1051510). - ib/hfi1: Add mtu check for operational data VLs (bsc#1060463 ). - ibmvnic: Convert reset work item mutex to spin lock (). - ibmvnic: Fix non-atomic memory allocation in IRQ context (). - ib/rxe: support for 802.1q VLAN on the listener (bsc#1082387). - ieee802154: 6lowpan: set IFLA_LINK (bsc#1051510). - ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510). - ieee802154: at86rf230: use __func__ macro for debug messages (bsc#1051510). - ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510). - Include modules.fips in kernel-binary as well as kernel-binary-base (). - initramfs: fix initramfs rebuilds w/ compression after disabling (git-fixes). - Input: add official Raspberry Pi's touchscreen driver (). - Input: cros_ec_keyb - fix button/switch capability reports (bsc#1051510). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR (bsc#1051510). - Input: elan_i2c - add ELAN0620 to the ACPI table (bsc#1051510). - Input: elan_i2c - add support for ELAN0621 touchpad (bsc#1051510). - Input: hyper-v - fix wakeup from suspend-to-idle (bsc#1051510). - Input: matrix_keypad - check for errors from of_get_named_gpio() (bsc#1051510). - Input: nomadik-ske-keypad - fix a loop timeout test (bsc#1051510). - Input: omap-keypad - fix keyboard debounce configuration (bsc#1051510). - Input: synaptics - add PNP ID for ThinkPad P50 to SMBus (bsc#1051510). - Input: synaptics - enable SMBus for HP 15-ay000 (bsc#1051510). - Input: xpad - quirk all PDP Xbox One gamepads (bsc#1051510). - integrity/security: fix digsig.c build error with header file (bsc#1051510). - intel_th: msu: Fix an off-by-one in attribute store (bsc#1051510). - iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105). - iommu/vt-d: Handle domain agaw being less than iommu agaw (bsc#1106105). - iwlwifi: add new cards for 9560, 9462, 9461 and killer series (bsc#1051510). - iwlwifi: fix LED command capability bit (bsc#1119086). - iwlwifi: fix non_shared_ant for 22000 devices (bsc#1119086). - iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE (bsc#1119086). - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT to old firmwares (bsc#1119086). - iwlwifi: nvm: get num of hw addresses from firmware (bsc#1119086). - iwlwifi: pcie: do not reset TXQ write pointer (bsc#1051510). - jffs2: free jffs2_sb_info through jffs2_kill_sb() (bsc#1118767). - jump_label: Split out code under the hotplug lock (bsc#1106913). - kabi: hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - kabi protect hnae_ae_ops (bsc#1104353). - kbuild: allow to use GCC toolchain not in Clang search path (git-fixes). - kbuild: fix linker feature test macros when cross compiling with Clang (git-fixes). - kbuild: make missing $DEPMOD a Warning instead of an Error (git-fixes). - kbuild: rpm-pkg: keep spec file until make mrproper (git-fixes). - kbuild: suppress packed-not-aligned warning for default setting only (git-fixes). - kbuild: verify that $DEPMOD is installed (git-fixes). - kdb: use memmove instead of overlapping memcpy (bsc#1120954). - kernfs: Replace strncpy with memcpy (bsc#1120053). - keys: Fix the use of the C++ keyword 'private' in uapi/linux/keyctl.h (Git-fixes). - kobject: Replace strncpy with memcpy (git-fixes). - kprobes: Make list and blacklist root user read only (git-fixes). - kvm: PPC: Book3S PR: Enable use on POWER9 inside HPT-mode guests (bsc#1118484). - libata: whitelist all SAMSUNG MZ7KM* solid-state disks (bsc#1051510). - libertas_tf: prevent underflow in process_cmdrequest() (bsc#1119086). - libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1118962). - libnvdimm, pmem: Fix badblocks population for 'raw' namespaces (bsc#1118788). - lib/raid6: Fix arm64 test build (bsc#1051510). - lib/ubsan.c: do not mark __ubsan_handle_builtin_unreachable as noreturn (bsc#1051510). - Limit max FW API version for QCA9377 (bsc#1121714, bsc#1121715). - linux/bitmap.h: fix type of nbits in bitmap_shift_right() (bsc#1051510). - locking/barriers: Convert users of lockless_dereference() to READ_ONCE() (Git-fixes). - locking/static_keys: Improve uninitialized key warning (bsc#1106913). - mac80211: Clear beacon_int in ieee80211_do_stop (bsc#1051510). - mac80211: fix reordering of buffered broadcast packets (bsc#1051510). - mac80211_hwsim: fix module init error paths for netlink (bsc#1051510). - mac80211_hwsim: Timer should be initialized before device registered (bsc#1051510). - mac80211: ignore NullFunc frames in the duplicate detection (bsc#1051510). - mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext (bsc#1051510). - Mark HI and TASKLET softirq synchronous (git-fixes). - md: fix raid10 hang issue caused by barrier (git-fixes). - media: em28xx: Fix use-after-free when disconnecting (bsc#1051510). - media: em28xx: make v4l2-compliance happier by starting sequence on zero (bsc#1051510). - media: omap3isp: Unregister media device as first (bsc#1051510). - mmc: bcm2835: reset host on timeout (bsc#1051510). - mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support (bsc#1051510). - mmc: core: Reset HPI enabled state during re-init and in case of errors (bsc#1051510). - mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl (bsc#1051510). - mmc: dw_mmc-bluefield: Add driver extension (bsc#1118752). - mmc: dw_mmc-k3: add sd support for hi3660 (bsc#1118752). - MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 (bsc#1051510). - mmc: omap_hsmmc: fix DMA API warning (bsc#1051510). - mmc: sdhci: fix the timeout check window for clock and reset (bsc#1051510). - mm: do not miss the last page because of round-off error (bnc#1118798). - mm: do not warn about large allocations for slab (git fixes (slab)). - mm/huge_memory.c: reorder operations in __split_huge_page_tail() (VM Functionality bsc#1119962). - mm/huge_memory: fix lockdep complaint on 32-bit i_size_read() (VM Functionality, bsc#1121599). - mm/huge_memory: rename freeze_page() to unmap_page() (VM Functionality, bsc#1121599). - mm/huge_memory: splitting set mapping+index before unfreeze (VM Functionality, bsc#1121599). - mm: hugetlb: yield when prepping struct pages (git fixes (memory initialisation)). - mm/khugepaged: collapse_shmem() do not crash on Compound (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() remember to clear holes (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() stop if punched or truncated (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() without freezing new_page (VM Functionality, bsc#1121599). - mm/khugepaged: fix crashes due to misaccounted holes (VM Functionality, bsc#1121599). - mm/khugepaged: minor reorderings in collapse_shmem() (VM Functionality, bsc#1121599). - mm: lower the printk loglevel for __dump_page messages (generic hotplug debugability). - mm, memory_hotplug: be more verbose for memory offline failures (generic hotplug debugability). - mm, memory_hotplug: drop pointless block alignment checks from __offline_pages (generic hotplug debugability). - mm, memory_hotplug: print reason for the offlining failure (generic hotplug debugability). - mm: migration: fix migration of huge PMD shared pages (bnc#1086423). - mm: only report isolation failures when offlining memory (generic hotplug debugability). - mm: print more information about mapping in __dump_page (generic hotplug debugability). - mm: put_and_wait_on_page_locked() while page is migrated (bnc#1109272). - mm: sections are not offlined during memory hotremove (bnc#1119968). - mm: shmem.c: Correctly annotate new inodes for lockdep (Git fixes: shmem). - mm/vmstat.c: fix NUMA statistics updates (git fixes). - Move dell_rbu fix to sorted section (bsc#1087978). - mtd: cfi: convert inline functions to macros (git-fixes). - mtd: Fix comparison in map_word_andequal() (git-fixes). - namei: allow restricted O_CREAT of FIFOs and regular files (bsc#1118766). - nbd: do not allow invalid blocksize settings (Git-fixes). - net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() (bsc#1051510). - net: dsa: mv88e6xxx: Fix binding documentation for MDIO busses (git-fixes). - net: dsa: qca8k: Add QCA8334 binding documentation (git-fixes). - net: ena: fix crash during ena_remove() (bsc#1111696 bsc#1117561). - net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1111696 bsc#1117561). - net: hns3: Add nic state check before calling netif_tx_wake_queue (bsc#1104353). - net: hns3: Add support for hns3_nic_netdev_ops.ndo_do_ioctl (bsc#1104353). - net: hns3: bugfix for buffer not free problem during resetting (bsc#1104353). - net: hns3: bugfix for handling mailbox while the command queue reinitialized (bsc#1104353). - net: hns3: bugfix for hclge_mdio_write and hclge_mdio_read (bsc#1104353). - net: hns3: bugfix for is_valid_csq_clean_head() (bsc#1104353 ). - net: hns3: bugfix for reporting unknown vector0 interrupt repeatly problem (bsc#1104353). - net: hns3: bugfix for rtnl_lock's range in the hclgevf_reset() (bsc#1104353). - net: hns3: bugfix for the initialization of command queue's spin lock (bsc#1104353). - net: hns3: Check hdev state when getting link status (bsc#1104353). - net: hns3: Clear client pointer when initialize client failed or unintialize finished (bsc#1104353). - net: hns3: Fix cmdq registers initialization issue for vf (bsc#1104353). - net: hns3: Fix error of checking used vlan id (bsc#1104353 ). - net: hns3: Fix ets validate issue (bsc#1104353). - net: hns3: Fix for netdev not up problem when setting mtu (bsc#1104353). - net: hns3: Fix for out-of-bounds access when setting pfc back pressure (bsc#1104353). - net: hns3: Fix for packet buffer setting bug (bsc#1104353 ). - net: hns3: Fix for rx vlan id handle to support Rev 0x21 hardware (bsc#1104353). - net: hns3: Fix for setting speed for phy failed problem (bsc#1104353). - net: hns3: Fix for vf vlan delete failed problem (bsc#1104353 ). - net: hns3: Fix loss of coal configuration while doing reset (bsc#1104353). - net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg() (bsc#1104353). - net: hns3: Fix ping exited problem when doing lp selftest (bsc#1104353). - net: hns3: Preserve vlan 0 in hardware table (bsc#1104353 ). - net: hns3: remove unnecessary queue reset in the hns3_uninit_all_ring() (bsc#1104353). - net: hns3: Set STATE_DOWN bit of hdev state when stopping net (bsc#1104353). - net/mlx4_core: Correctly set PFC param if global pause is turned off (bsc#1046299). - net: usb: r8152: constify usb_device_id (bsc#1119749). - net: usb: r8152: use irqsave() in USB's complete callback (bsc#1119749). - nospec: Allow index argument to have const-qualified type (git-fixes) - nospec: Kill array_index_nospec_mask_check() (git-fixes). - nvme-fc: resolve io failures during connect (bsc#1116803). - nvme-multipath: zero out ANA log buffer (bsc#1105168). - nvme: validate controller state before rescheduling keep alive (bsc#1103257). - objtool: Detect RIP-relative switch table references (bsc#1058115). - objtool: Detect RIP-relative switch table references, part 2 (bsc#1058115). - objtool: Fix another switch table detection issue (bsc#1058115). - objtool: Fix double-free in .cold detection error path (bsc#1058115). - objtool: Fix GCC 8 cold subfunction detection for aliased functions (bsc#1058115). - objtool: Fix 'noreturn' detection for recursive sibling calls (bsc#1058115). - objtool: Fix segfault in .cold detection with -ffunction-sections (bsc#1058115). - objtool: Support GCC 8's cold subfunctions (bsc#1058115). - objtool: Support GCC 8 switch tables (bsc#1058115). - panic: avoid deadlocks in re-entrant console drivers (bsc#1088386). - pci: Add ACS quirk for Ampere root ports (bsc#1120058). - pci: Add ACS quirk for APM X-Gene devices (bsc#1120058). - pci: Convert device-specific ACS quirks from NULL termination to ARRAY_SIZE (bsc#1120058). - pci: Delay after FLR of Intel DC P3700 NVMe (bsc#1120058). - pci: Disable Samsung SM961/PM961 NVMe before FLR (bsc#1120058). - pci: Export pcie_has_flr() (bsc#1120058). - pci: iproc: Activate PAXC bridge quirk for more devices (bsc#1120058). - pci: Mark Ceton InfiniTV4 INTx masking as broken (bsc#1120058). - pci: Mark fall-through switch cases before enabling -Wimplicit-fallthrough (bsc#1120058). - pci: Mark Intel XXV710 NIC INTx masking as broken (bsc#1120058). - perf tools: Fix tracing_path_mount proper path (git-fixes). - platform-msi: Free descriptors in platform_msi_domain_free() (bsc#1051510). - powerpc/64s: consolidate MCE counter increment (bsc#1094244). - powerpc/64s/radix: Fix process table entry cache invalidation (bsc#1055186, git-fixes). - powerpc/boot: Expose Kconfig symbols to wrapper (bsc#1065729). - powerpc/boot: Fix build failures with -j 1 (bsc#1065729). - powerpc/pkeys: Fix handling of pkey state across fork() (bsc#1078248, git-fixes). - powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle) (bsc#1055121). - powerpc/pseries: Track LMB nid instead of using device tree (bsc#1108270). - powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244). - power: supply: olpc_battery: correct the temperature units (bsc#1051510). - ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS (bsc#1106913). - qed: Add driver support for 20G link speed (bsc#1110558). - qed: Add support for virtual link (bsc#1111795). - qede: Add driver support for 20G link speed (bsc#1110558). - r8152: add byte_enable for ocp_read_word function (bsc#1119749). - r8152: add Linksys USB3GIGV1 id (bsc#1119749). - r8152: add r8153_phy_status function (bsc#1119749). - r8152: adjust lpm settings for RTL8153 (bsc#1119749). - r8152: adjust rtl8153_runtime_enable function (bsc#1119749). - r8152: adjust the settings about MAC clock speed down for RTL8153 (bsc#1119749). - r8152: adjust U2P3 for RTL8153 (bsc#1119749). - r8152: avoid rx queue more than 1000 packets (bsc#1119749). - r8152: check if disabling ALDPS is finished (bsc#1119749). - r8152: correct the definition (bsc#1119749). - r8152: disable RX aggregation on Dell TB16 dock (bsc#1119749). - r8152: disable RX aggregation on new Dell TB16 dock (bsc#1119749). - r8152: fix wrong checksum status for received IPv4 packets (bsc#1119749). - r8152: move calling delay_autosuspend function (bsc#1119749). - r8152: move the default coalesce setting for RTL8153 (bsc#1119749). - r8152: move the initialization to reset_resume function (bsc#1119749). - r8152: move the setting of rx aggregation (bsc#1119749). - r8152: replace napi_complete with napi_complete_done (bsc#1119749). - r8152: set rx mode early when linking on (bsc#1119749). - r8152: split rtl8152_resume function (bsc#1119749). - r8152: support new chip 8050 (bsc#1119749). - r8152: support RTL8153B (bsc#1119749). - rbd: whitelist RBD_FEATURE_OPERATIONS feature bit (Git-fixes). - rcu: Allow for page faults in NMI handlers (bsc#1120092). - rdma/bnxt_re: Add missing spin lock initialization (bsc#1050244 ). - rdma/bnxt_re: Avoid accessing the device structure after it is freed (bsc#1050244). - rdma/bnxt_re: Avoid NULL check after accessing the pointer (bsc#1086283). - rdma/bnxt_re: Fix system hang when registration with L2 driver fails (bsc#1086283). - rdma/hns: Bugfix pbl configuration for rereg mr (bsc#1104427 ). - rdma_rxe: make rxe work over 802.1q VLAN devices (bsc#1082387). - reset: remove remaining WARN_ON() in <linux/reset.h> (Git-fixes). - Revert commit ef9209b642f 'staging: rtl8723bs: Fix indenting errors and an off-by-one mistake in core/rtw_mlme_ext.c' (bsc#1051510). - Revert 'iommu/io-pgtable-arm: Check for v7s-incapable systems' (bsc#1106105). - Revert 'PCI/ASPM: Do not initialize link state when aspm_disabled is set' (bsc#1051510). - Revert 'scsi: lpfc: ls_rjt erroneus FLOGIs' (bsc#1119322). - ring-buffer: Allow for rescheduling when removing pages (bsc#1120238). - ring-buffer: Do no reuse reader page if still in use (bsc#1120096). - ring-buffer: Mask out the info bits when returning buffer page length (bsc#1120094). - rtc: hctosys: Add missing range error reporting (bsc#1051510). - rtc: m41t80: Correct alarm month range with RTC reads (bsc#1051510). - rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write (bsc#1051510). - rtc: snvs: Add timeouts to avoid kernel lockups (bsc#1051510). - rtl8xxxu: Fix missing break in switch (bsc#1051510). - s390/dasd: simplify locking in dasd_times_out (bsc#1104967,). - s390/kdump: Fix elfcorehdr size calculation (bsc#1117953, LTC#171112). - s390/kdump: Make elfcorehdr size calculation ABI compliant (bsc#1117953, LTC#171112). - s390/qeth: fix length check in SNMP processing (bsc#1117953, LTC#173657). - s390/qeth: remove outdated portname debug msg (bsc#1117953, LTC#172960). - s390/qeth: sanitize strings in debug messages (bsc#1117953, LTC#172960). - sbitmap: fix race in wait batch accounting (Git-fixes). - sched/core: Fix cpu.max vs. cpuhotplug deadlock (bsc#1106913). - sched/smt: Expose sched_smt_present static key (bsc#1106913). - sched/smt: Make sched_smt_present track topology (bsc#1106913). - sched, tracing: Fix trace_sched_pi_setprio() for deboosting (bsc#1120228). - scsi: lpfc: Cap NPIV vports to 256 (bsc#1118215). - scsi: lpfc: Correct code setting non existent bits in sli4 ABORT WQE (bsc#1118215). - scsi: lpfc: Correct topology type reporting on G7 adapters (bsc#1118215). - scsi: lpfc: Defer LS_ACC to FLOGI on point to point logins (bsc#1118215). - scsi: lpfc: Enable Management features for IF_TYPE=6 (bsc#1119322). - scsi: lpfc: Fix a duplicate 0711 log message number (bsc#1118215). - scsi: lpfc: fix block guard enablement on SLI3 adapters (bsc#1079935). - scsi: lpfc: Fix dif and first burst use in write commands (bsc#1118215). - scsi: lpfc: Fix discovery failures during port failovers with lots of vports (bsc#1118215). - scsi: lpfc: Fix driver release of fw-logging buffers (bsc#1118215). - scsi: lpfc: Fix kernel Oops due to null pring pointers (bsc#1118215). - scsi: lpfc: Fix panic when FW-log buffsize is not initialized (bsc#1118215). - scsi: lpfc: ls_rjt erroneus FLOGIs (bsc#1118215). - scsi: lpfc: refactor mailbox structure context fields (bsc#1118215). - scsi: lpfc: rport port swap discovery issue (bsc#1118215). - scsi: lpfc: update driver version to 12.0.0.9 (bsc#1118215). - scsi: lpfc: update manufacturer attribute to reflect Broadcom (bsc#1118215). - scsi: target: add emulate_pr backstore attr to toggle PR support (bsc#1091405). - scsi: target: drop unused pi_prot_format attribute storage (bsc#1091405). - scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bsc#1121483, LTC#174588). - shmem: introduce shmem_inode_acct_block (VM Functionality, bsc#1121599). - shmem: shmem_charge: verify max_block is not exceeded before inode update (VM Functionality, bsc#1121599). - skd: Avoid that module unloading triggers a use-after-free (Git-fixes). - skd: Submit requests to firmware before triggering the doorbell (Git-fixes). - soc: bcm2835: sync firmware properties with downstream () - spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode (bsc#1051510). - spi: bcm2835: Fix book-keeping of DMA termination (bsc#1051510). - spi: bcm2835: Fix race on DMA termination (bsc#1051510). - spi: bcm2835: Unbreak the build of esoteric configs (bsc#1051510). - splice: do not read more than available pipe space (bsc#1119212). - staging: bcm2835-camera: Abort probe if there is no camera (bsc#1051510). - staging: rtl8712: Fix possible buffer overrun (bsc#1051510). - staging: rtl8723bs: Add missing return for cfg80211_rtw_get_station (bsc#1051510). - staging: rts5208: fix gcc-8 logic error warning (bsc#1051510). - staging: wilc1000: fix missing read_write setting when reading data (bsc#1051510). - supported.conf: add raspberrypi-ts driver - supported.conf: whitelist bluefield eMMC driver - target/iscsi: avoid NULL dereference in CHAP auth error path (bsc#1117165). - target: se_dev_attrib.emulate_pr ABI stability (bsc#1091405). - team: no need to do team_notify_peers or team_mcast_rejoin when disabling port (bsc#1051510). - termios, tty/tty_baudrate.c: fix buffer overrun (bsc#1051510). - test_hexdump: use memcpy instead of strncpy (bsc#1051510). - tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset (bsc#1051510). - tools: hv: fcopy: set 'error' in case an unknown operation was requested (git-fixes). - Tools: hv: Fix a bug in the key delete code (git-fixes). - tools: hv: include string.h in hv_fcopy_daemon (git-fixes). - tools/lib/lockdep: Rename 'trywlock' into 'trywrlock' (bsc#1121973). - tools/power/cpupower: fix compilation with STATIC=true (git-fixes). - tools/power turbostat: fix possible sprintf buffer overflow (git-fixes). - tracing/blktrace: Fix to allow setting same value (Git-fixes). - tracing: Fix bad use of igrab in trace_uprobe.c (bsc#1120046). - tracing: Fix crash when freeing instances with event triggers (bsc#1120230). - tracing: Fix crash when it fails to alloc ring buffer (bsc#1120097). - tracing: Fix double free of event_trigger_data (bsc#1120234). - tracing: Fix missing return symbol in function_graph output (bsc#1120232). - tracing: Fix possible double free in event_enable_trigger_func() (bsc#1120235). - tracing: Fix possible double free on failure of allocating trace buffer (bsc#1120214). - tracing: Fix regex_match_front() to not over compare the test string (bsc#1120223). - tracing: Fix trace_pipe behavior for instance traces (bsc#1120088). - tracing: Remove RCU work arounds from stack tracer (bsc#1120092). - tracing/samples: Fix creation and deletion of simple_thread_fn creation (git-fixes). - tty: Do not hold ldisc lock in tty_reopen() if ldisc present (bsc#1051510). - tty: Do not return -EAGAIN in blocking read (bsc#1116040). - tty: do not set TTY_IO_ERROR flag if console port (bsc#1051510). - tty: serial: 8250_mtk: always resume the device in probe (bsc#1051510). - ubifs: Handle re-linking of inodes correctly while recovery (bsc#1120598). - ubifs-Handle-re-linking-of-inodes-correctly-while-re.patch: Fixup compilation failure due to different ubifs_assert() prototype. - udf: Allow mounting volumes with incorrect identification strings (bsc#1118774). - unifdef: use memcpy instead of strncpy (bsc#1051510). - usb: appledisplay: Add 27' Apple Cinema Display (bsc#1051510). - usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series (bsc#1051510). - usb: dwc2: host: use hrtimer for NAK retries (git-fixes). - usb: hso: Fix OOB memory access in hso_probe/hso_get_config_data (bsc#1051510). - usbip: vhci_hcd: check rhport before using in vhci_hub_control() (bsc#1090888). - usb: omap_udc: fix crashes on probe error and module removal (bsc#1051510). - usb: omap_udc: fix omap_udc_start() on 15xx machines (bsc#1051510). - usb: omap_udc: fix USB gadget functionality on Palm Tungsten E (bsc#1051510). - usb: omap_udc: use devm_request_irq() (bsc#1051510). - usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device (bsc#1051510). - usb: serial: option: add Fibocom NL668 series (bsc#1051510). - usb: serial: option: add GosunCn ZTE WeLink ME3630 (bsc#1051510). - usb: serial: option: add HP lt4132 (bsc#1051510). - usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) (bsc#1051510). - usb: serial: option: add Telit LN940 series (bsc#1051510). - usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() (bsc#1106110). - usb: usb-storage: Add new IDs to ums-realtek (bsc#1051510). - usb: xhci: fix uninitialized completion when USB3 port got wrong status (bsc#1051510). - usb: xhci: Prevent bus suspend if a port connect change or polling state is detected (bsc#1051510). - userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails (bsc#1118761). - userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (bsc#1118809). - v9fs_dir_readdir: fix double-free on p9stat_read error (bsc#1118771). - vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505). - watchdog/core: Add missing prototypes for weak functions (git-fixes). - wireless: airo: potential buffer overflow in sprintf() (bsc#1051510). - wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()' (bsc#1051510). - x86/bugs: Add AMD's SPEC_CTRL MSR usage (bsc#1106913). - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bsc#1106913). - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features (bsc#1106913). - x86/decoder: Fix and update the opcodes map (bsc#1058115). - x86/kabi: Fix cpu_tlbstate issue (bsc#1106913). - x86/l1tf: Show actual SMT state (bsc#1106913). - x86/mm: Fix decoy address handling vs 32-bit builds (bsc#1120606). - x86/pci: Add additional VMD device root ports to VMD AER quirk (bsc#1120058). - x86/pci: Add 'pci=big_root_window' option for AMD 64-bit windows (bsc#1120058). - x86/pci: Apply VMD's AERSID fixup generically (bsc#1120058). - x86/pci: Avoid AMD SB7xx EHCI USB wakeup defect (bsc#1120058). - x86/pci: Enable a 64bit BAR on AMD Family 15h (Models 00-1f, 30-3f, 60-7f) (bsc#1120058). - x86/pci: Enable AMD 64-bit window on resume (bsc#1120058). - x86/pci: Fix infinite loop in search for 64bit BAR placement (bsc#1120058). - x86/pci: Move and shrink AMD 64-bit window to avoid conflict (bsc#1120058). - x86/pci: Move VMD quirk to x86 fixups (bsc#1120058). - x86/pci: Only enable a 64bit BAR on single-socket AMD Family 15h (bsc#1120058). - x86/pci: Use is_vmd() rather than relying on the domain number (bsc#1120058). - x86/process: Consolidate and simplify switch_to_xtra() code (bsc#1106913). - x86/pti: Document fix wrong index (git-fixes). - x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support (bsc#1106913). - x86/retpoline: Remove minimal retpoline support (bsc#1106913). - x86/speculataion: Mark command line parser data __initdata (bsc#1106913). - x86/speculation: Add command line control for indirect branch speculation (bsc#1106913). - x86/speculation: Add prctl() control for indirect branch speculation (bsc#1106913). - x86/speculation: Add seccomp Spectre v2 user space protection mode (bsc#1106913). - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak (bsc#1106913). - x86/speculation: Avoid __switch_to_xtra() calls (bsc#1106913). - x86/speculation: Clean up spectre_v2_parse_cmdline() (bsc#1106913). - x86/speculation: Disable STIBP when enhanced IBRS is in use (bsc#1106913). - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1106913). - x86/speculation: Enable prctl mode for spectre_v2_user (bsc#1106913). - x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off (bnc#1114871). - x86/speculation: Mark string arrays const correctly (bsc#1106913). - x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (bsc#1106913). - x86/speculation: Prepare arch_smt_update() for PRCTL mode (bsc#1106913). - x86/speculation: Prepare for conditional IBPB in switch_mm() (bsc#1106913). - x86/speculation: Prepare for per task indirect branch speculation control (bsc#1106913). - x86/speculation: Prevent stale SPEC_CTRL msr content (bsc#1106913). - x86/speculation: Propagate information about RSB filling mitigation to sysfs (bsc#1106913). - x86/speculation: Provide IBPB always command line options (bsc#1106913). - x86/speculation: Remove unnecessary ret variable in cpu_show_common() (bsc#1106913). - x86/speculation: Rename SSBD update functions (bsc#1106913). - x86/speculation: Reorder the spec_v2 code (bsc#1106913). - x86/speculation: Reorganize speculation control MSRs update (bsc#1106913). - x86/speculation: Rework SMT state change (bsc#1106913). - x86/speculation: Split out TIF update (bsc#1106913). - x86/speculation: Unify conditional spectre v2 print functions (bsc#1106913). - x86/speculation: Update the TIF_SSBD comment (bsc#1106913). - xen/netfront: tolerate frags with no data (bnc#1119804). - xfs: Align compat attrlist_by_handle with native implementation (git-fixes). - xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621). - xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat (git-fixes). - xfs: xfs_buf: drop useless LIST_HEAD (git-fixes). - xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc (bsc#1117162). - xhci: Do not prevent USB2 bus suspend in state check intended for USB3 only (bsc#1051510). - xhci: Prevent U1/U2 link pm states if exit latency is too long (bsc#1051510). Important SUSE bug 1024718 SUSE bug 1046299 SUSE bug 1050242 SUSE bug 1050244 SUSE bug 1051510 SUSE bug 1055121 SUSE bug 1055186 SUSE bug 1058115 SUSE bug 1060463 SUSE bug 1065729 SUSE bug 1078248 SUSE bug 1079935 SUSE bug 1082387 SUSE bug 1083647 SUSE bug 1086282 SUSE bug 1086283 SUSE bug 1086423 SUSE bug 1087084 SUSE bug 1087978 SUSE bug 1088386 SUSE bug 1090888 SUSE bug 1091405 SUSE bug 1094244 SUSE bug 1097593 SUSE bug 1102875 SUSE bug 1102877 SUSE bug 1102879 SUSE bug 1102882 SUSE bug 1102896 SUSE bug 1103257 SUSE bug 1104353 SUSE bug 1104427 SUSE bug 1104967 SUSE bug 1105168 SUSE bug 1106105 SUSE bug 1106110 SUSE bug 1106615 SUSE bug 1106913 SUSE bug 1108270 SUSE bug 1109272 SUSE bug 1110558 SUSE bug 1111188 SUSE bug 1111469 SUSE bug 1111696 SUSE bug 1111795 SUSE bug 1112128 SUSE bug 1113722 SUSE bug 1114648 SUSE bug 1114871 SUSE bug 1116040 SUSE bug 1116336 SUSE bug 1116803 SUSE bug 1116841 SUSE bug 1117115 SUSE bug 1117162 SUSE bug 1117165 SUSE bug 1117186 SUSE bug 1117561 SUSE bug 1117656 SUSE bug 1117953 SUSE bug 1118215 SUSE bug 1118319 SUSE bug 1118428 SUSE bug 1118484 SUSE bug 1118505 SUSE bug 1118752 SUSE bug 1118760 SUSE bug 1118761 SUSE bug 1118762 SUSE bug 1118766 SUSE bug 1118767 SUSE bug 1118768 SUSE bug 1118769 SUSE bug 1118771 SUSE bug 1118772 SUSE bug 1118773 SUSE bug 1118774 SUSE bug 1118775 SUSE bug 1118787 SUSE bug 1118788 SUSE bug 1118798 SUSE bug 1118809 SUSE bug 1118962 SUSE bug 1119017 SUSE bug 1119086 SUSE bug 1119212 SUSE bug 1119322 SUSE bug 1119410 SUSE bug 1119714 SUSE bug 1119749 SUSE bug 1119804 SUSE bug 1119946 SUSE bug 1119962 SUSE bug 1119968 SUSE bug 1120036 SUSE bug 1120046 SUSE bug 1120053 SUSE bug 1120054 SUSE bug 1120055 SUSE bug 1120058 SUSE bug 1120088 SUSE bug 1120092 SUSE bug 1120094 SUSE bug 1120096 SUSE bug 1120097 SUSE bug 1120173 SUSE bug 1120214 SUSE bug 1120223 SUSE bug 1120228 SUSE bug 1120230 SUSE bug 1120232 SUSE bug 1120234 SUSE bug 1120235 SUSE bug 1120238 SUSE bug 1120594 SUSE bug 1120598 SUSE bug 1120600 SUSE bug 1120601 SUSE bug 1120602 SUSE bug 1120603 SUSE bug 1120604 SUSE bug 1120606 SUSE bug 1120612 SUSE bug 1120613 SUSE bug 1120614 SUSE bug 1120615 SUSE bug 1120616 SUSE bug 1120617 SUSE bug 1120618 SUSE bug 1120620 SUSE bug 1120621 SUSE bug 1120632 SUSE bug 1120633 SUSE bug 1120743 SUSE bug 1120954 SUSE bug 1121017 SUSE bug 1121058 SUSE bug 1121263 SUSE bug 1121273 SUSE bug 1121477 SUSE bug 1121483 SUSE bug 1121599 SUSE bug 1121621 SUSE bug 1121714 SUSE bug 1121715 SUSE bug 1121973 CVE-2018-12232 CVE-2018-14625 CVE-2018-16862 CVE-2018-16884 CVE-2018-18397 CVE-2018-19407 CVE-2018-19854 CVE-2018-19985 CVE-2018-20169 CVE-2018-9568 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 The SUSE Linux Enterprise 12 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-20855: An issue was discovered in the Linux kernel In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace(bsc#1143045). - CVE-2019-1125: Exclude ATOMs from speculation through SWAPGS (bsc#1139358). - CVE-2019-14283: In the Linux kernel, set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It could be triggered by an unprivileged local user when a floppy disk was inserted. NOTE: QEMU creates the floppy device by default. (bnc#1143191) - CVE-2019-11810: An issue was discovered in the Linux kernel A NULL pointer dereference could occur when megasas_create_frame_pool() failed in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This caused a Denial of Service, related to a use-after-free (bnc#1134399). - CVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory was disabled, a local user could cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sent a crafted signal frame. (bnc#1142254) - CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel, a malicious USB device could send an HID report that triggered an out-of-bounds write during generation of debugging messages. (bnc#1142023) The following non-security bugs were fixed: - Correct the CVE and bug reference for a floppy security fix (CVE-2019-14284,bsc#1143189) A dedicated CVE was already assigned - acpi/nfit: Always dump _DSM output payload (bsc#1142351). - Add back sibling paca poiter to paca (bsc#1055117). - Add support for crct10dif-vpmsum (). - af_unix: remove redundant lockdep class (git-fixes). - alsa: compress: Be more restrictive about when a drain is allowed (bsc#1051510). - alsa: compress: Do not allow paritial drain operations on capture streams (bsc#1051510). - alsa: compress: Fix regression on compressed capture streams (bsc#1051510). - alsa: compress: Prevent bypasses of set_params (bsc#1051510). - alsa: hda - Add a conexant codec entry to let mute led work (bsc#1051510). - alsa: hda/realtek: apply ALC891 headset fixup to one Dell machine (bsc#1051510). - alsa: hda/realtek - Fixed Headphone Mic can't record on Dell platform (bsc#1051510). - alsa: hda/realtek - Headphone Mic can't record after S3 (bsc#1051510). - alsa: line6: Fix a typo (bsc#1051510). - alsa: line6: Fix wrong altsetting for LINE6_PODHD500_1 (bsc#1051510). - alsa: seq: Break too long mutex context in the write loop (bsc#1051510). - alsa: usb-audio: Add quirk for Focusrite Scarlett Solo (bsc#1051510). - alsa: usb-audio: Add quirk for MOTU MicroBook II (bsc#1051510). - alsa: usb-audio: Cleanup DSD whitelist (bsc#1051510). - alsa: usb-audio: Enable .product_name override for Emagic, Unitor 8 (bsc#1051510). - alsa: usb-audio: Sanity checks for each pipe and EP types (bsc#1051510). - asoc : cs4265 : readable register too low (bsc#1051510). - asoc: max98090: remove 24-bit format support if RJ is 0 (bsc#1051510). - asoc: soc-pcm: BE dai needs prepare when pause release after resume (bsc#1051510). - ath6kl: add some bounds checking (bsc#1051510). - batman-adv: fix for leaked TVLV handler (bsc#1051510). - bcache: acquire bch_register_lock later in cached_dev_detach_finish() (bsc#1140652). - bcache: acquire bch_register_lock later in cached_dev_free() (bsc#1140652). - bcache: add code comments for journal_read_bucket() (bsc#1140652). - bcache: Add comments for blkdev_put() in registration code path (bsc#1140652). - bcache: add comments for closure_fn to be called in closure_queue() (bsc#1140652). - bcache: add comments for kobj release callback routine (bsc#1140652). - bcache: add comments for mutex_lock(&b->write_lock) (bsc#1140652). - bcache: add error check for calling register_bdev() (bsc#1140652). - bcache: add failure check to run_cache_set() for journal replay (bsc#1140652). - bcache: add io error counting in write_bdev_super_endio() (bsc#1140652). - bcache: add more error message in bch_cached_dev_attach() (bsc#1140652). - bcache: add pendings_cleanup to stop pending bcache device (bsc#1140652). - bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652). - bcache: add return value check to bch_cached_dev_run() (bsc#1140652). - bcache: avoid a deadlock in bcache_reboot() (bsc#1140652). - bcache: avoid clang -Wunintialized warning (bsc#1140652). - bcache: avoid flushing btree node in cache_set_flush() if io disabled (bsc#1140652). - bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE bit in bch_journal() (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE in allocator code (bsc#1140652). - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush() (bsc#1140652). - bcache: Clean up bch_get_congested() (bsc#1140652). - bcache: destroy dc->writeback_write_wq if failed to create dc->writeback_thread (bsc#1140652). - bcache: do not assign in if condition in bcache_device_init() (bsc#1140652). - bcache: do not set max writeback rate if gc is running (bsc#1140652). - bcache: fix a race between cache register and cacheset unregister (bsc#1140652). - bcache: fix crashes stopping bcache device before read miss done (bsc#1140652). - bcache: fix failure in journal relplay (bsc#1140652). - bcache: fix inaccurate result of unused buckets (bsc#1140652). - bcache: fix mistaken sysfs entry for io_error counter (bsc#1140652). - bcache: fix potential deadlock in cached_def_free() (bsc#1140652). - bcache: fix race in btree_flush_write() (bsc#1140652). - bcache: fix return value error in bch_journal_read() (bsc#1140652). - bcache: fix stack corruption by PRECEDING_KEY() (bsc#1140652). - bcache: fix wrong usage use-after-freed on keylist in out_nocoalesce branch of btree_gc_coalesce (bsc#1140652). - bcache: ignore read-ahead request failure on backing device (bsc#1140652). - bcache: improve bcache_reboot() (bsc#1140652). - bcache: improve error message in bch_cached_dev_run() (bsc#1140652). - bcache: make bset_search_tree() be more understandable (bsc#1140652). - bcache: make is_discard_enabled() static (bsc#1140652). - bcache: more detailed error message to bcache_device_link() (bsc#1140652). - bcache: move definition of 'int ret' out of macro read_bucket() (bsc#1140652). - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() (bsc#1140652). - bcache: only clear BTREE_NODE_dirty bit when it is set (bsc#1140652). - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1140652). - bcache: performance improvement for btree_flush_write() (bsc#1140652). - bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652). - bcache: remove retry_flush_write from struct cache_set (bsc#1140652). - bcache: remove unncessary code in bch_btree_keys_init() (bsc#1140652). - bcache: remove unnecessary prefetch() in bset_search_tree() (bsc#1140652). - bcache: remove 'XXX:' comment line from run_cache_set() (bsc#1140652). - bcache: return error immediately in bch_journal_replay() (bsc#1140652). - bcache: Revert 'bcache: fix high CPU occupancy during journal' (bsc#1140652). - bcache: Revert 'bcache: free heap cache_set->flush_btree in bch_journal_free' (bsc#1140652). - bcache: set largest seq to ja->seq[bucket_index] in journal_read_bucket() (bsc#1140652). - bcache: shrink btree node cache after bch_btree_check() (bsc#1140652). - bcache: stop writeback kthread and kworker when bch_cached_dev_run() failed (bsc#1140652). - bcache: use sysfs_match_string() instead of __sysfs_match_string() (bsc#1140652). - be2net: Fix number of Rx queues used for flow hashing (networking-stable-19_06_18). - be2net: Signal that the device cannot transmit during reconfiguration (bsc#1127315). - be2net: Synchronize be_update_queues with dev_watchdog (bsc#1127315). - block, bfq: NULL out the bic when it's no longer valid (bsc#1142359). - bnx2x: Prevent load reordering in tx completion processing (bsc#1142868). - bnxt_en: Fix aggregation buffer leak under OOM condition (networking-stable-19_05_31). - bonding: fix arp_validate toggling in active-backup mode (networking-stable-19_05_14). - bonding: Force slave speed check after link state recovery for 802.3ad (bsc#1137584). - bpf, x64: fix stack layout of JITed bpf code (bsc#1083647). - bpf, x64: save 5 bytes in prologue when ebpf insns came from cbpf (bsc#1083647). - bridge: Fix error path for kobject_init_and_add() (networking-stable-19_05_14). - btrfs: fix race between block group removal and block group allocation (bsc#1143003). - cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() (bsc#1141478). - clk: qcom: Fix -Wunused-const-variable (bsc#1051510). - clk: rockchip: Do not yell about bad mmc phases when getting (bsc#1051510). - clk: tegra210: fix PLLU and PLLU_OUT1 (bsc#1051510). - cpufreq: acpi-cpufreq: Report if CPU does not support boost technologies (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix initial command check (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency (bsc#1051510). - cpufreq: check if policy is inactive early in __cpufreq_get() (bsc#1051510). - cpufreq: kirkwood: fix possible object reference leak (bsc#1051510). - cpufreq/pasemi: fix possible object reference leak (bsc#1051510). - cpufreq: pmac32: fix possible object reference leak (bsc#1051510). - cpufreq: ppc_cbe: fix possible object reference leak (bsc#1051510). - cpufreq: Use struct kobj_attribute instead of struct global_attr (bsc#1051510). - crypto: arm64/sha1-ce - correct digest for empty data in finup (bsc#1051510). - crypto: arm64/sha2-ce - correct digest for empty data in finup (bsc#1051510). - crypto: ccp - Fix 3DES complaint from ccp-crypto module (bsc#1051510). - crypto: ccp - fix AES CFB error exposed by new test vectors (bsc#1051510). - crypto: ccp - Fix SEV_VERSION_GREATER_OR_EQUAL (bsc#1051510). - crypto: ccp/gcm - use const time tag comparison (bsc#1051510). - crypto: ccp - memset structure fields to zero before reuse (bsc#1051510). - crypto: ccp - Validate the the error value used to index error messages (bsc#1051510). - crypto: chacha20poly1305 - fix atomic sleep when using async algorithm (bsc#1051510). - crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe (bsc#1051510). - crypto: ghash - fix unaligned memory access in ghash_setkey() (bsc#1051510). - crypto: talitos - Align SEC1 accesses to 32 bits boundaries (bsc#1051510). - crypto: talitos - check data blocksize in ablkcipher (bsc#1051510). - crypto: talitos - fix CTR alg blocksize (bsc#1051510). - crypto: talitos - fix max key size for sha384 and sha512 (bsc#1051510). - crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking (bsc#1051510). - crypto: talitos - properly handle split ICV (bsc#1051510). - crypto: talitos - reduce max key size for SEC1 (bsc#1051510). - crypto: talitos - rename alternative AEAD algos (bsc#1051510). - dasd_fba: Display '00000000' for zero page when dumping sense (bsc#1123080). - dmaengine: hsu: Revert 'set HSU_CH_MTSR to memory width' (bsc#1051510). - dpaa_eth: fix SG frame cleanup (networking-stable-19_05_14). - drm/meson: Add support for XBGR8888 & ABGR8888 formats (bsc#1051510). - drm/msm/a3xx: remove TPL1 regs from snapshot (bsc#1051510). - drm/nouveau/i2c: Enable i2c pads & busses during preinit (bsc#1051510). - drm/rockchip: Properly adjust to a true clock in adjusted_mode (bsc#1051510). - e1000e: start network tx queue only when link is up (bsc#1051510). - ethtool: check the return value of get_regs_len (git-fixes). - ethtool: fix potential userspace buffer overflow (networking-stable-19_06_09). - Fix kABI for asus-wmi quirk_entry field addition (bsc#1051510). - Fix memory leak in sctp_process_init (networking-stable-19_06_09). - fork, memcg: fix cached_stacks case (bsc#1134097). - fork, memcg: fix crash in free_thread_stack on memcg charge fail (bsc#1134097). - hid: wacom: correct touch resolution x/y typo (bsc#1051510). - hid: wacom: generic: Correct pad syncing (bsc#1051510). - hid: wacom: generic: only switch the mode on devices with LEDs (bsc#1051510). - hid: wacom: generic: read HID_DG_CONTACTMAX from any feature report (bsc#1051510). - input: elantech - enable middle button support on 2 ThinkPads (bsc#1051510). - input: imx_keypad - make sure keyboard can always wake up system (bsc#1051510). - input: psmouse - fix build error of multiple definition (bsc#1051510). - input: synaptics - enable SMBUS on T480 thinkpad trackpad (bsc#1051510). - input: tm2-touchkey - acknowledge that setting brightness is a blocking call (bsc#1129770). - intel_th: msu: Fix single mode with disabled IOMMU (bsc#1051510). - ipv4: Fix raw socket lookup for local traffic (networking-stable-19_05_14). - ipv4/igmp: fix another memory leak in igmpv3_del_delrec() (networking-stable-19_05_31). - ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST (networking-stable-19_05_31). - ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop (git-fixes). - ipv6: Consider sk_bound_dev_if when binding a raw socket to an address (networking-stable-19_05_31). - ipv6: fix EFAULT on sendto with icmpv6 and hdrincl (networking-stable-19_06_09). - ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero (networking-stable-19_06_18). - ipv6: use READ_ONCE() for inet->hdrincl as in ipv4 (networking-stable-19_06_09). - kbuild: use -flive-patching when CONFIG_LIVEPATCH is enabled (bsc#1071995). - kernel: jump label transformation performance (bsc#1137534 bsc#1137535 LTC#178058 LTC#178059). - kvm: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots (bsc#1133021). - kvm: arm/arm64: vgic-its: Take the srcu lock when writing to guest memory (bsc#1133021). - kvm: fix Guest installation fails by 'Invalid value '0-31' for 'cpuset.cpus': Invalid argument' (bsc#1143507) - kvm: mmu: Fix overflow on kvm mmu page limit calculation (bsc#1135335). - kvm/mmu: kABI fix for *_mmu_pages changes in struct kvm_arch (bsc#1135335). - kvm: polling: add architecture backend to disable polling (bsc#1119222). - kvm: s390: change default halt poll time to 50us (bsc#1119222). - kvm: s390: enable CONFIG_HAVE_KVM_NO_POLL (bsc#1119222) We need to enable CONFIG_HAVE_KVM_NO_POLL for bsc#1119222 - kvm: s390: fix typo in parameter description (bsc#1119222). - kvm: s390: kABI Workaround for 'kvm_vcpu_stat' Add halt_no_poll_steal to kvm_vcpu_stat. Hide it from the kABI checker. - kvm: s390: kABI Workaround for 'lowcore' (bsc#1119222). - kvm: s390: provide kvm_arch_no_poll function (bsc#1119222). - kvm: svm/avic: Do not send AVIC doorbell to self (bsc#1140133). - kvm: SVM: Fix detection of AMD Errata 1096 (bsc#1142354). - lapb: fixed leak of control-blocks (networking-stable-19_06_18). - lib: fix stall in __bitmap_parselist() (bsc#1051510). - libnvdimm/namespace: Fix label tracking error (bsc#1142350). - lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE (bsc#1051510). - livepatch: Remove duplicate warning about missing reliable stacktrace support (bsc#1071995). - livepatch: Use static buffer for debugging messages under rq lock (bsc#1071995). - llc: fix skb leak in llc_build_and_send_ui_pkt() (networking-stable-19_05_31). - media: cpia2_usb: first wake up, then free in disconnect (bsc#1135642). - media: marvell-ccic: fix DMA s/g desc number calculation (bsc#1051510). - media: s5p-mfc: Make additional clocks optional (bsc#1051510). - media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom() (bsc#1051510). - media: vivid: fix incorrect assignment operation when setting video mode (bsc#1051510). - mei: bus: need to unlink client before freeing (bsc#1051510). - mei: me: add denverton innovation engine device IDs (bsc#1051510). - mei: me: add gemini lake devices id (bsc#1051510). - memory: tegra: Fix integer overflow on tick value calculation (bsc#1051510). - memstick: Fix error cleanup path of memstick_init (bsc#1051510). - mfd: intel-lpss: Release IDA resources (bsc#1051510). - mmc: sdhci-pci: Try 'cd' for card-detect lookup before using NULL (bsc#1051510). - mm: migrate: Fix reference check race between __find_get_block() and migration (bnc#1137609). - mm/nvdimm: add is_ioremap_addr and use that to check ioremap address (bsc#1140322 LTC#176270). - mm, page_alloc: fix has_unmovable_pages for HugePages (bsc#1127034). - mm: replace all open encodings for NUMA_NO_NODE (bsc#1140322 LTC#176270). - neigh: fix use-after-free read in pneigh_get_next (networking-stable-19_06_18). - net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142112 bsc#1142221 LTC#179334 LTC#179332). - net: avoid weird emergency message (networking-stable-19_05_21). - net: fec: fix the clk mismatch in failed_reset path (networking-stable-19_05_31). - netfilter: conntrack: fix calculation of next bucket number in early_drop (git-fixes). - net-gro: fix use-after-free read in napi_gro_frags() (networking-stable-19_05_31). - net/mlx4_core: Change the error print to info print (networking-stable-19_05_21). - net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_06_09). - net/mlx5: Allocate root ns memory using kzalloc to match kfree (networking-stable-19_05_31). - net/mlx5: Avoid double free in fs init error unwinding path (networking-stable-19_05_31). - net: mvneta: Fix err code path of probe (networking-stable-19_05_31). - net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value (networking-stable-19_05_31). - net: openvswitch: do not free vport if register_netdevice() is failed (networking-stable-19_06_18). - net/packet: fix memory leak in packet_set_ring() (git-fixes). - net: rds: fix memory leak in rds_ib_flush_mr_pool (networking-stable-19_06_09). - net: seeq: fix crash caused by not set dev.parent (networking-stable-19_05_14). - net: stmmac: fix reset gpio free missing (networking-stable-19_05_31). - net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions (networking-stable-19_05_21). - nvme: fix memory leak caused by incorrect subsystem free (bsc#1143185). - ocfs2: add first lock wait time in locking_state (bsc#1134390). - ocfs2: add last unlock times in locking_state (bsc#1134390). - ocfs2: add locking filter debugfs file (bsc#1134390). - packet: Fix error path in packet_init (networking-stable-19_05_14). - packet: in recvmsg msg_name return at least sizeof sockaddr_ll (git-fixes). - pci: Always allow probing with driver_override (bsc#1051510). - pci: hv: Add hv_pci_remove_slots() when we unload the driver (bsc#1142701). - pci: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary (bsc#1142701). - pci: hv: Fix a memory leak in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix a use-after-free bug in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix return value check in hv_pci_assign_slots() (bsc#1142701). - pci: hv: Remove unused reason for refcount handler (bsc#1142701). - pci: hv: support reporting serial number as slot information (bsc#1142701). - pci: Return error if cannot probe VF (bsc#1051510). - pkey: Indicate old mkvp only if old and current mkvp are different (bsc#1137827 LTC#178090). - pktgen: do not sleep with the thread lock held (git-fixes). - platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ (bsc#1051510). - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510). - platform/x86: intel_turbo_max_3: Remove restriction for HWP platforms (jsc#SLE-5439). - platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to critclk_systems DMI table (bsc#1051510). - powerpc/64s: Remove POWER9 DD1 support (bsc#1055117, LTC#159753, git-fixes). - powerpc/crypto: Use cheaper random numbers for crc-vpmsum self-test (). - powerpc/mm: Change function prototype (bsc#1055117). - powerpc/mm: Consolidate numa_enable check and min_common_depth check (bsc#1140322 LTC#176270). - powerpc/mm/drconf: Use NUMA_NO_NODE on failures instead of node 0 (bsc#1140322 LTC#176270). - powerpc/mm: Fix node look up with numa=off boot (bsc#1140322 LTC#176270). - powerpc/mm/hugetlb: Update huge_ptep_set_access_flags to call __ptep_set_access_flags directly (bsc#1055117). - powerpc/mm/radix: Change pte relax sequence to handle nest MMU hang (bsc#1055117). - powerpc/mm/radix: Move function from radix.h to pgtable-radix.c (bsc#1055117). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945 bsc#1141401 bsc#1141402 bsc#1141452 bsc#1141453 bsc#1141454 LTC#178983 LTC#179191 LTC#179192 LTC#179193 LTC#179194 LTC#179195). - ppp: deflate: Fix possible crash in deflate_init (networking-stable-19_05_21). - rds: ib: fix 'passing zero to ERR_PTR()' warning (git-fixes). - Revert 'bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error()' (bsc#1140652). - Revert 'e1000e: fix cyclic resets at link up with active tx' (bsc#1051510). - Revert 'livepatch: Remove reliable stacktrace check in klp_try_switch_task()' (bsc#1071995). - Revert 'serial: 8250: Do not service RX FIFO if interrupts are disabled' (bsc#1051510). - rtnetlink: always put IFLA_LINK for links with a link-netnsid (networking-stable-19_05_21). - s390/qeth: be drop monitor friendly (bsc#1142220 LTC#179335). - s390/vtime: steal time exponential moving average (bsc#1119222). - scripts/git_sort/git_sort.py: Add mmots tree. - scsi: ibmvfc: fix WARN_ON during event pool release (bsc#1137458 LTC#178093). - sctp: Free cookie before we memdup a new one (networking-stable-19_06_18). - sctp: silence warns on sctp_stream_init allocations (bsc#1083710). - serial: uartps: Do not add a trailing semicolon to macro (bsc#1051510). - serial: uartps: Fix long line over 80 chars (bsc#1051510). - serial: uartps: Fix multiple line dereference (bsc#1051510). - serial: uartps: Remove useless return from cdns_uart_poll_put_char (bsc#1051510). - staging: comedi: amplc_pci230: fix null pointer deref on interrupt (bsc#1051510). - staging: comedi: dt282x: fix a null pointer deref on interrupt (bsc#1051510). - staging: rtl8712: reduce stack usage, again (bsc#1051510). - sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg (networking-stable-19_06_18). - tcp: reduce tcp_fastretrans_alert() verbosity (git-fixes). - team: Always enable vlan tx offload (bsc#1051510). - tty: rocket: fix incorrect forward declaration of 'rp_init()' (bsc#1051510). - tty: serial_core: Set port active bit in uart_port_activate (bsc#1051510). - tty: serial: cpm_uart - fix init when SMC is relocated (bsc#1051510). - tuntap: synchronize through tfiles array instead of tun->numqueues (networking-stable-19_05_14). - usb: gadget: ether: Fix race between gether_disconnect and rx_submit (bsc#1051510). - usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i] (bsc#1051510). - usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC (bsc#1051510). - usb: pci-quirks: Correct AMD PLL quirk detection (bsc#1051510). - usb: serial: ftdi_sio: add ID for isodebug v1 (bsc#1051510). - usb: serial: option: add support for GosunCn ME3630 RNDIS mode (bsc#1051510). - vmci: Fix integer overflow in VMCI handle arrays (bsc#1051510). - vsock/virtio: free packets during the socket release (networking-stable-19_05_21). - vsock/virtio: set SOCK_DONE on peer shutdown (networking-stable-19_06_18). - wil6210: fix potential out-of-bounds read (bsc#1051510). - x86, mm: fix fast GUP with hyper-based TLB flushing (VM Functionality, bsc#1140903). - xen: let alloc_xenballooned_pages() fail if not enough memory free (bsc#1142450 XSA-300). - xfs: do not overflow xattr listent buffer (bsc#1143105). Important SUSE bug 1051510 SUSE bug 1055117 SUSE bug 1071995 SUSE bug 1083647 SUSE bug 1083710 SUSE bug 1102247 SUSE bug 1111666 SUSE bug 1119222 SUSE bug 1123080 SUSE bug 1127034 SUSE bug 1127315 SUSE bug 1129770 SUSE bug 1130972 SUSE bug 1133021 SUSE bug 1134097 SUSE bug 1134390 SUSE bug 1134399 SUSE bug 1135335 SUSE bug 1135642 SUSE bug 1136896 SUSE bug 1137458 SUSE bug 1137534 SUSE bug 1137535 SUSE bug 1137584 SUSE bug 1137609 SUSE bug 1137811 SUSE bug 1137827 SUSE bug 1139358 SUSE bug 1140133 SUSE bug 1140139 SUSE bug 1140322 SUSE bug 1140652 SUSE bug 1140887 SUSE bug 1140888 SUSE bug 1140889 SUSE bug 1140891 SUSE bug 1140893 SUSE bug 1140903 SUSE bug 1140945 SUSE bug 1140954 SUSE bug 1140955 SUSE bug 1140956 SUSE bug 1140957 SUSE bug 1140958 SUSE bug 1140959 SUSE bug 1140960 SUSE bug 1140961 SUSE bug 1140962 SUSE bug 1140964 SUSE bug 1140971 SUSE bug 1140972 SUSE bug 1140992 SUSE bug 1141401 SUSE bug 1141402 SUSE bug 1141452 SUSE bug 1141453 SUSE bug 1141454 SUSE bug 1141478 SUSE bug 1142023 SUSE bug 1142112 SUSE bug 1142220 SUSE bug 1142221 SUSE bug 1142254 SUSE bug 1142350 SUSE bug 1142351 SUSE bug 1142354 SUSE bug 1142359 SUSE bug 1142450 SUSE bug 1142701 SUSE bug 1142868 SUSE bug 1143003 SUSE bug 1143045 SUSE bug 1143105 SUSE bug 1143185 SUSE bug 1143189 SUSE bug 1143191 SUSE bug 1143507 CVE-2018-20855 CVE-2019-1125 CVE-2019-11810 CVE-2019-13631 CVE-2019-13648 CVE-2019-14283 CVE-2019-14284 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 This update for pacemaker fixes the following issues: Security issues fixed: - CVE-2018-16877: Fixed insufficient local IPC client-server authentication on the client's side. (bsc#1131356) - CVE-2018-16878: Fixed insufficient verification inflicted preference of uncontrolled processes (bsc#1131353) Other issues fixed: - stonith_admin --help: specify the usage of --cleanup (bsc#1135317) - scheduler: wait for probe actions to complete to prevent unnecessary restart/re-promote of dependent resources (bsc#1130122, bsc#1032511) - controller: confirm cancel of failed monitors (bsc#1133866) - controller: improve failed recurring action messages (bsc#1133866) - controller: directly acknowledge unrecordable operation results (bsc#1133866) - controller: be more tolerant of malformed executor events (bsc#1133866) - libcrmcommon: return error when applying XML diffs containing unknown operations (bsc#1127716) - libcrmcommon: avoid possible use-of-NULL when applying XML diffs (bsc#1127716) - libcrmcommon: correctly apply XML diffs with multiple move/create changes (bsc#1127716) - libcrmcommon: return proper code if testing pid is denied (bsc#1131353, bsc#1131356) - libcrmcommon: avoid use-of-NULL when checking whether process is active (bsc#1131353, bsc#1131356) - tools: run main loop for crm_resource clean-up with resource (bsc#1140519) - contoller,scheduler: guard hash table deletes (bsc#1136712) Important SUSE bug 1032511 SUSE bug 1127716 SUSE bug 1130122 SUSE bug 1131353 SUSE bug 1131356 SUSE bug 1133866 SUSE bug 1135317 SUSE bug 1136712 SUSE bug 1140519 CVE-2018-16877 CVE-2018-16878 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following new features were implemented: - jsc#SLE-4875: [CML] New device IDs for CML - jsc#SLE-7294: Add cpufreq driver for Raspberry Pi - fate#322438: Integrate P9 XIVE support (on PowerVM only) - fate#322447: Add memory protection keys (MPK) support on POWER (on PowerVM only) - fate#322448, fate#321438: P9 hardware counter (performance counters) support (on PowerVM only) - fate#325306, fate#321840: Reduce memory required to boot capture kernel while using fadump - fate#326869: perf: pmu mem_load/store event support The following security bugs were fixed: - CVE-2017-18551: There was an out of bounds write in the function i2c_smbus_xfer_emulated. (bsc#1146163). - CVE-2018-20976: A use after free existed, related to xfs_fs_fill_super failure. (bsc#1146285) - CVE-2018-21008: A use-after-free can be caused by the function rsi_mac80211_detach (bsc#1149591). - CVE-2019-9456: In Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could have lead to local escalation of privilege with System execution privileges needed. (bsc#1150025 CVE-2019-9456). - CVE-2019-10207: Fix a NULL pointer dereference in hci_uart bluetooth driver (bsc#1142857 bsc#1123959). - CVE-2019-14814, CVE-2019-14815, CVE-2019-14816: Fix three heap-based buffer overflows in marvell wifi chip driver kernel, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code. (bnc#1146516) - CVE-2019-14835: Fix QEMU-KVM Guest to Host Kernel Escape. (bsc#1150112). - CVE-2019-15030, CVE-2019-15031: On the powerpc platform, a local user could read vector registers of other users' processes via an interrupt. (bsc#1149713) - CVE-2019-15090: In the qedi_dbg_* family of functions, there was an out-of-bounds read. (bsc#1146399) - CVE-2019-15098: USB driver net/wireless/ath/ath6kl/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor. (bsc#1146378). - CVE-2019-15099: drivers/net/wireless/ath/ath10k/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor. (bsc#1146368) - CVE-2019-15117: parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel mishandled a short descriptor, leading to out-of-bounds memory access. (bsc#1145920). - CVE-2019-15118: check_input_term in sound/usb/mixer.c in the Linux kernel mishandled recursion, leading to kernel stack exhaustion. (bsc#1145922). - CVE-2019-15211: There was a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c did not properly allocate memory. (bsc#1146519). - CVE-2019-15212: There was a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver. (bsc#1051510 bsc#1146391). - CVE-2019-15214: There was a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. (bsc#1146550) - CVE-2019-15215: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver. (bsc#1135642 bsc#1146425) - CVE-2019-15216: Fix a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. (bsc#1146361). - CVE-2019-15217: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. (bsc#1146547). - CVE-2019-15218: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver. (bsc#1051510 bsc#1146413) - CVE-2019-15219: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. (bsc#1146524) - CVE-2019-15220: There was a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver. (bsc#1146526) - CVE-2019-15221, CVE-2019-15222: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver. (bsc#1146529, bsc#1146531) - CVE-2019-15239: An incorrect backport of a certain net/ipv4/tcp_output.c fix allowed a local attacker to trigger multiple use-after-free conditions. This could result in a kernel crash, or potentially in privilege escalation. (bsc#1146589) - CVE-2019-15290: There was a NULL pointer dereference caused by a malicious USB device in the ath6kl_usb_alloc_urb_from_pipe function (bsc#1146543). - CVE-2019-15292: There was a use-after-free in atalk_proc_exit (bsc#1146678) - CVE-2019-15538: XFS partially wedged when a chgrp failed on account of being out of disk quota. This was primarily a local DoS attack vector, but it could result as well in remote DoS if the XFS filesystem was exported for instance via NFS. (bsc#1148032, bsc#1148093) - CVE-2019-15666: There was an out-of-bounds array access in __xfrm_policy_unlink, which would cause denial of service, because verify_newpolicy_info mishandled directory validation. (bsc#1148394). - CVE-2019-15902: A backporting error reintroduced the Spectre vulnerability that it aimed to eliminate. (bnc#1149376) - CVE-2019-15917: There was a use-after-free issue when hci_uart_register_dev() failed in hci_uart_set_proto() (bsc#1149539) - CVE-2019-15919: SMB2_write in fs/cifs/smb2pdu.c had a use-after-free. (bsc#1149552) - CVE-2019-15920: SMB2_read in fs/cifs/smb2pdu.c had a use-after-free. (bsc#1149626) - CVE-2019-15921: There was a memory leak issue when idr_alloc() failed (bsc#1149602) - CVE-2019-15924: Fix a NULL pointer dereference because there was no -ENOMEM upon an alloc_workqueue failure. (bsc#1149612). - CVE-2019-15926: Out of bounds access existed in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx (bsc#1149527) - CVE-2019-15927: An out-of-bounds access existed in the function build_audio_procunit (bsc#1149522) The following non-security bugs were fixed: - 9p/rdma: do not disconnect on down_interruptible EAGAIN (bsc#1051510). - 9p/rdma: remove useless check in cm_event_handler (bsc#1051510). - 9p/virtio: Add cleanup path in p9_virtio_init (bsc#1051510). - 9p/xen: Add cleanup path in p9_trans_xen_init (bsc#1051510). - 9p/xen: fix check for xenbus_read error in front_probe (bsc#1051510). - 9p: acl: fix uninitialized iattr access (bsc#1051510). - 9p: p9dirent_read: check network-provided name length (bsc#1051510). - 9p: pass the correct prototype to read_cache_page (bsc#1051510). - acpi/arm64: ignore 5.1 FADTs that are reported as 5.0 (bsc#1051510). - acpi/iort: Fix off-by-one check in iort_dev_find_its_id() (bsc#1051510). - acpi: PM: Fix regression in acpi_device_set_power() (bsc#1051510). - acpi: fix false-positive -Wuninitialized warning (bsc#1051510). - acpica: Increase total number of possible Owner IDs (bsc#1148859). - acpica: Increase total number of possible Owner IDs (bsc#1148859). - add some missing definitions (bsc#1144333). - address lock imbalance warnings in smbdirect.c (bsc#1144333). - af_key: fix leaks in key_pol_get_resp and dump_sp (bsc#1051510). - af_packet: Block execution of tasks waiting for transmit to complete in AF_PACKET (networking-stable-19_07_02). - alsa: firewire: fix a memory leak bug (bsc#1051510). - alsa: hda - Add a generic reboot_notify (bsc#1051510). - alsa: hda - Apply workaround for another AMD chip 1022:1487 (bsc#1051510). - alsa: hda - Do not override global PCM hw info flag (bsc#1051510). - alsa: hda - Fix a memory leak bug (bsc#1051510). - alsa: hda - Fix potential endless loop at applying quirks (bsc#1051510). - alsa: hda - Let all conexant codec enter D3 when rebooting (bsc#1051510). - alsa: hda - Workaround for crackled sound on AMD controller (1022:1457) (bsc#1051510). - alsa: hda/realtek - Fix overridden device-specific initialization (bsc#1051510). - alsa: hda/realtek - Fix the problem of two front mics on a ThinkCentre (bsc#1051510). - alsa: hda: kabi workaround for generic parser flag (bsc#1051510). - alsa: hiface: fix multiple memory leak bugs (bsc#1051510). - alsa: line6: Fix memory leak at line6_init_pcm() error path (bsc#1051510). - alsa: pcm: fix lost wakeup event scenarios in snd_pcm_drain (bsc#1051510). - alsa: seq: Fix potential concurrent access to the deleted pool (bsc#1051510). - alsa: usb-audio: Fix gpf in snd_usb_pipe_sanity_check (bsc#1051510). - arm64: KVM: Fix architecturally invalid reset value for FPEXC32_EL2 (bsc#1133021). - arm: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling (bsc#1133021). - arm: KVM: report support for SMCCC_ARCH_WORKAROUND_1 (bsc#1133021). - asoc: Fail card instantiation if DAI format setup fails (bsc#1051510). - asoc: dapm: Fix handling of custom_stop_condition on DAPM graph walks (bsc#1051510). - ata: libahci: do not complain in case of deferred probe (bsc#1051510). - batman-adv: Only read OGM tvlv_len after buffer len check (bsc#1051510). - batman-adv: Only read OGM2 tvlv_len after buffer len check (bsc#1051510). - batman-adv: fix uninit-value in batadv_netlink_get_ifindex() (bsc#1051510). - bcache: fix possible memory leak in bch_cached_dev_run() (git fixes). - bio: fix improper use of smp_mb__before_atomic() (git fixes). - blk-mq: Fix spelling in a source code comment (git fixes). - blk-mq: backport fixes for blk_mq_complete_e_request_sync() (bsc#1145661). - blk-mq: introduce blk_mq_complete_request_sync() (bsc#1145661). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - block, documentation: Fix wbt_lat_usec documentation (git fixes). - bluetooth: 6lowpan: search for destination address in all peers (bsc#1051510). - bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug (bsc#1051510). - bluetooth: Check state in l2cap_disconnect_rsp (bsc#1051510). - bluetooth: btqca: Add a short delay before downloading the NVM (bsc#1051510). - bluetooth: hci_bcsp: Fix memory leak in rx_skb (bsc#1051510). - bluetooth: revert 'validate BLE connection interval updates' (bsc#1051510). - bluetooth: validate BLE connection interval updates (bsc#1051510). - bnx2x: Prevent ptp_task to be rescheduled indefinitely (networking-stable-19_07_25). - bonding/802.3ad: fix link_failure_count tracking (bsc#1137069 bsc#1141013). - bonding/802.3ad: fix slave link initialization transition states (bsc#1137069 bsc#1141013). - bonding: Always enable vlan tx offload (networking-stable-19_07_02). - bonding: set default miimon value for non-arp modes if not set (bsc#1137069 bsc#1141013). - bonding: speed/duplex update at NETDEV_UP event (bsc#1137069 bsc#1141013). - bonding: validate ip header before check IPPROTO_IGMP (networking-stable-19_07_25). - btrfs: Fix delalloc inodes invalidation during transaction abort (bsc#1050911). - btrfs: Split btrfs_del_delalloc_inode into 2 functions (bsc#1050911). - btrfs: add a helper to retrive extent inline ref type (bsc#1149325). - btrfs: add cleanup_ref_head_accounting helper (bsc#1050911). - btrfs: add missing inode version, ctime and mtime updates when punching hole (bsc#1140487). - btrfs: add one more sanity check for shared ref type (bsc#1149325). - btrfs: clean up pending block groups when transaction commit aborts (bsc#1050911). - btrfs: convert to use btrfs_get_extent_inline_ref_type (bsc#1149325). - btrfs: do not abort transaction at btrfs_update_root() after failure to COW path (bsc#1150933). - btrfs: fix assertion failure during fsync and use of stale transaction (bsc#1150562). - btrfs: fix data loss after inode eviction, renaming it, and fsync it (bsc#1145941). - btrfs: fix fsync not persisting dentry deletions due to inode evictions (bsc#1145942). - btrfs: fix incremental send failure after deduplication (bsc#1145940). - btrfs: fix pinned underflow after transaction aborted (bsc#1050911). - btrfs: fix race between send and deduplication that lead to failures and crashes (bsc#1145059). - btrfs: fix race leading to fs corruption after transaction abort (bsc#1145937). - btrfs: handle delayed ref head accounting cleanup in abort (bsc#1050911). - btrfs: prevent send failures and crashes due to concurrent relocation (bsc#1145059). - btrfs: remove BUG() in add_data_reference (bsc#1149325). - btrfs: remove BUG() in btrfs_extent_inline_ref_size (bsc#1149325). - btrfs: remove BUG() in print_extent_item (bsc#1149325). - btrfs: remove BUG_ON in __add_tree_block (bsc#1149325). - btrfs: scrub: add memalloc_nofs protection around init_ipath (bsc#1086103). - btrfs: start readahead also in seed devices (bsc#1144886). - btrfs: track running balance in a simpler way (bsc#1145059). - btrfs: use GFP_KERNEL in init_ipath (bsc#1086103). - caif-hsi: fix possible deadlock in cfhsi_exit_module() (networking-stable-19_07_25). - can: m_can: implement errata 'Needless activation of MRAF irq' (bsc#1051510). - can: mcp251x: add support for mcp25625 (bsc#1051510). - can: peak_usb: fix potential double kfree_skb() (bsc#1051510). - can: peak_usb: force the string buffer NULL-terminated (bsc#1051510). - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (bsc#1051510). - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices (bsc#1051510). - can: rcar_canfd: fix possible IRQ storm on high load (bsc#1051510). - can: sja1000: force the string buffer NULL-terminated (bsc#1051510). - carl9170: fix misuse of device driver API (bsc#1142635). - ceph: always get rstat from auth mds (bsc#1146346). - ceph: clean up ceph.dir.pin vxattr name sizeof() (bsc#1146346). - ceph: decode feature bits in session message (bsc#1146346). - ceph: do not blindly unregister session that is in opening state (bsc#1148133). - ceph: do not try fill file_lock on unsuccessful GETFILELOCK reply (bsc#1148133). - ceph: fix 'ceph.dir.rctime' vxattr value (bsc#1148133 bsc#1135219). - ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in fill_inode() (bsc#1148133). - ceph: fix improper use of smp_mb__before_atomic() (bsc#1148133). - ceph: fix iov_iter issues in ceph_direct_read_write() (bsc#1141450). - ceph: hold i_ceph_lock when removing caps for freeing inode (bsc#1148133). - ceph: remove request from waiting list before unregister (bsc#1148133). - ceph: silence a checker warning in mdsc_show() (bsc#1148133). - ceph: support cephfs' own feature bits (bsc#1146346). - ceph: support getting ceph.dir.pin vxattr (bsc#1146346). - ceph: support versioned reply (bsc#1146346). - ceph: use bit flags to define vxattr attributes (bsc#1146346). - cfg80211: revert 'fix processing world regdomain when non modular' (bsc#1051510). - cifs: Accept validate negotiate if server return NT_STATUS_NOT_SUPPORTED (bsc#1144333). - cifs: Add DFS cache routines (bsc#1144333). - cifs: Add direct I/O functions to file_operations (bsc#1144333). - cifs: Add minor debug message during negprot (bsc#1144333). - cifs: Add smb2_send_recv (bsc#1144333). - cifs: Add support for FSCTL passthrough that write data to the server (bsc#1144333). - cifs: Add support for direct I/O read (bsc#1144333). - cifs: Add support for direct I/O write (bsc#1144333). - cifs: Add support for direct pages in rdata (bsc#1144333). - cifs: Add support for direct pages in wdata (bsc#1144333). - cifs: Add support for failover in cifs_mount() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect_tcon() (bsc#1144333). - cifs: Add support for failover in smb2_reconnect() (bsc#1144333). - cifs: Add support for reading attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: Add support for writing attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: Adds information-level logging function (bsc#1144333). - cifs: Adjust MTU credits before reopening a file (bsc#1144333). - cifs: Allocate memory for all iovs in smb2_ioctl (bsc#1144333). - cifs: Allocate validate negotiation request through kmalloc (bsc#1144333). - cifs: Always reset read error to -EIO if no response (bsc#1144333). - cifs: Always resolve hostname before reconnecting (bsc#1051510, bsc#1144333). - cifs: Avoid returning EBUSY to upper layer VFS (bsc#1144333). - cifs: Calculate the correct request length based on page offset and tail size (bsc#1144333). - cifs: Call MID callback before destroying transport (bsc#1144333). - cifs: Change SMB2_open to return an iov for the error parameter (bsc#1144333). - cifs: Check for reconnects before sending async requests (bsc#1144333). - cifs: Check for reconnects before sending compound requests (bsc#1144333). - cifs: Check for timeout on Negotiate stage (bsc#1091171, bsc#1144333). - cifs: Count SMB3 credits for malformed pending responses (bsc#1144333). - cifs: Display SMB2 error codes in the hex format (bsc#1144333). - cifs: Do not assume one credit for async responses (bsc#1144333). - cifs: Do not consider -ENODATA as stat failure for reads (bsc#1144333). - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510, bsc#1144333). - cifs: Do not hide EINTR after sending network packets (bsc#1051510, bsc#1144333). - cifs: Do not log credits when unmounting a share (bsc#1144333). - cifs: Do not match port on SMBDirect transport (bsc#1144333). - cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510, bsc#1144333). - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510, bsc#1144333). - cifs: Do not reset lease state to NONE on lease break (bsc#1051510, bsc#1144333). - cifs: Do not set credits to 1 if the server didn't grant anything (bsc#1144333). - cifs: Do not skip SMB2 message IDs on send failures (bsc#1144333). - cifs: Find and reopen a file before get MTU credits in writepages (bsc#1144333). - cifs: Fix DFS cache refresher for DFS links (bsc#1144333). - cifs: Fix NULL pointer deref on SMB2_tcon() failure (bsc#1071009, bsc#1144333). - cifs: Fix NULL pointer dereference of devname (bnc#1129519). - cifs: Fix NULL ptr deref (bsc#1144333). - cifs: Fix a debug message (bsc#1144333). - cifs: Fix a race condition with cifs_echo_request (bsc#1144333). - cifs: Fix a tiny potential memory leak (bsc#1144333). - cifs: Fix adjustment of credits for MTU requests (bsc#1051510, bsc#1144333). - cifs: Fix an issue with re-sending rdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix an issue with re-sending wdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix autonegotiate security settings mismatch (bsc#1087092, bsc#1144333). - cifs: Fix check for matching with existing mount (bsc#1144333). - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510, bsc#1144333). - cifs: Fix credit calculations in compound mid callback (bsc#1144333). - cifs: Fix credit computation for compounded requests (bsc#1144333). - cifs: Fix credits calculation for cancelled requests (bsc#1144333). - cifs: Fix credits calculations for reads with errors (bsc#1051510, bsc#1144333). - cifs: Fix encryption/signing (bsc#1144333). - cifs: Fix error mapping for SMB2_LOCK command which caused OFD lock problem (bsc#1051510, bsc#1144333). - cifs: Fix error paths in writeback code (bsc#1144333). - cifs: Fix infinite loop when using hard mount option (bsc#1091171, bsc#1144333). - cifs: Fix invalid check in __cifs_calc_signature() (bsc#1144333). - cifs: Fix kernel oops when traceSMB is enabled (bsc#1144333). - cifs: Fix leaking locked VFS cache pages in writeback retry (bsc#1144333). - cifs: Fix lease buffer length error (bsc#1144333). - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510, bsc#1144333). - cifs: Fix missing put_xid in cifs_file_strict_mmap (bsc#1087092, bsc#1144333). - cifs: Fix module dependency (bsc#1144333). - cifs: Fix mounts if the client is low on credits (bsc#1144333). - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510, bsc#1144333). - cifs: Fix possible oops and memory leaks in async IO (bsc#1144333). - cifs: Fix potential OOB access of lock element array (bsc#1051510, bsc#1144333). - cifs: Fix read after write for files with read caching (bsc#1051510, bsc#1144333). - cifs: Fix separator when building path from dentry (bsc#1051510, bsc#1144333). - cifs: Fix signing for SMB2/3 (bsc#1144333). - cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting (bsc#1144333). - cifs: Fix slab-out-of-bounds when tracing SMB tcon (bsc#1144333). - cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1051510, bsc#1144333). - cifs: Fix to use kmem_cache_free() instead of kfree() (bsc#1144333). - cifs: Fix trace command logging for SMB2 reads and writes (bsc#1144333). - cifs: Fix use after free of a mid_q_entry (bsc#1112903, bsc#1144333). - cifs: Fix use-after-free in SMB2_read (bsc#1144333). - cifs: Fix use-after-free in SMB2_write (bsc#1144333). - cifs: Fix validation of signed data in smb2 (bsc#1144333). - cifs: Fix validation of signed data in smb3+ (bsc#1144333). - cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510, bsc#1144333). - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs) (bsc#1144333). - cifs: Introduce helper function to get page offset and length in smb_rqst (bsc#1144333). - cifs: Introduce offset for the 1st page in data transfer structures (bsc#1144333). - cifs: Limit memory used by lock request calls to a page (bsc#1144333). - cifs: Make devname param optional in cifs_compose_mount_options() (bsc#1144333). - cifs: Make sure all data pages are signed correctly (bsc#1144333). - cifs: Make use of DFS cache to get new DFS referrals (bsc#1144333). - cifs: Mask off signals when sending SMB packets (bsc#1144333). - cifs: Minor Kconfig clarification (bsc#1144333). - cifs: Move credit processing to mid callbacks for SMB3 (bsc#1144333). - cifs: Move open file handling to writepages (bsc#1144333). - cifs: Move unlocking pages from wdata_send_pages() (bsc#1144333). - cifs: OFD locks do not conflict with eachothers (bsc#1051510, bsc#1144333). - cifs: Only free DFS target list if we actually got one (bsc#1144333). - cifs: Only send SMB2_NEGOTIATE command on new TCP connections (bsc#1144333). - cifs: Pass page offset for calculating signature (bsc#1144333). - cifs: Pass page offset for encrypting (bsc#1144333). - cifs: Print message when attempting a mount (bsc#1144333). - cifs: Properly handle auto disabling of serverino option (bsc#1144333). - cifs: Reconnect expired SMB sessions (bnc#1060662). - cifs: Refactor out cifs_mount() (bsc#1144333). - cifs: Remove custom credit adjustments for SMB2 async IO (bsc#1144333). - cifs: Reopen file before get SMB2 MTU credits for async IO (bsc#1144333). - cifs: Respect SMB2 hdr preamble size in read responses (bsc#1144333). - cifs: Respect reconnect in MTU credits calculations (bsc#1144333). - cifs: Respect reconnect in non-MTU credits calculations (bsc#1144333). - cifs: Return -EAGAIN instead of -ENOTSOCK (bsc#1144333). - cifs: Return error code when getting file handle for writeback (bsc#1144333). - cifs: SMBD: Add SMB Direct debug counters (bsc#1144333). - cifs: SMBD: Add SMB Direct protocol initial values and constants (bsc#1144333). - cifs: SMBD: Add parameter rdata to smb2_new_read_req (bsc#1144333). - cifs: SMBD: Add rdma mount option (bsc#1144333). - cifs: SMBD: Disable signing on SMB direct transport (bsc#1144333). - cifs: SMBD: Do not call ib_dereg_mr on invalidated memory registration (bsc#1144333). - cifs: SMBD: Establish SMB Direct connection (bsc#1144333). - cifs: SMBD: Fix the definition for SMB2_CHANNEL_RDMA_V1_INVALIDATE (bsc#1144333). - cifs: SMBD: Implement RDMA memory registration (bsc#1144333). - cifs: SMBD: Implement function to create a SMB Direct connection (bsc#1144333). - cifs: SMBD: Implement function to destroy a SMB Direct connection (bsc#1144333). - cifs: SMBD: Implement function to receive data via RDMA receive (bsc#1144333). - cifs: SMBD: Implement function to reconnect to a SMB Direct transport (bsc#1144333). - cifs: SMBD: Implement function to send data via RDMA send (bsc#1144333). - cifs: SMBD: Read correct returned data length for RDMA write (SMB read) I/O (bsc#1144333). - cifs: SMBD: Set SMB Direct maximum read or write size for I/O (bsc#1144333). - cifs: SMBD: Support page offset in RDMA recv (bsc#1144333). - cifs: SMBD: Support page offset in RDMA send (bsc#1144333). - cifs: SMBD: Support page offset in memory registration (bsc#1144333). - cifs: SMBD: Upper layer connects to SMBDirect session (bsc#1144333). - cifs: SMBD: Upper layer destroys SMB Direct session on shutdown or umount (bsc#1144333). - cifs: SMBD: Upper layer performs SMB read via RDMA write through memory registration (bsc#1144333). - cifs: SMBD: Upper layer performs SMB write via RDMA read through memory registration (bsc#1144333). - cifs: SMBD: Upper layer receives data via RDMA receive (bsc#1144333). - cifs: SMBD: Upper layer reconnects to SMB Direct session (bsc#1144333). - cifs: SMBD: Upper layer sends data via RDMA send (bsc#1144333). - cifs: SMBD: _smbd_get_connection() can be static (bsc#1144333). - cifs: SMBD: export protocol initial values (bsc#1144333). - cifs: SMBD: fix spelling mistake: faield and legnth (bsc#1144333). - cifs: SMBD: work around gcc -Wmaybe-uninitialized warning (bsc#1144333). - cifs: Save TTL value when parsing DFS referrals (bsc#1144333). - cifs: Select all required crypto modules (bsc#1085536, bsc#1144333). - cifs: Set reconnect instance to one initially (bsc#1144333). - cifs: Show locallease in /proc/mounts for cifs shares mounted with locallease feature (bsc#1144333). - cifs: Silence uninitialized variable warning (bsc#1144333). - cifs: Skip any trailing backslashes from UNC (bsc#1144333). - cifs: Try to acquire credits at once for compound requests (bsc#1144333). - cifs: Use GFP_ATOMIC when a lock is held in cifs_mount() (bsc#1144333). - cifs: Use ULL suffix for 64-bit constant (bsc#1051510, bsc#1144333). - cifs: Use correct packet length in SMB2_TRANSFORM header (bsc#1144333). - cifs: Use kmemdup in SMB2_ioctl_init() (bsc#1144333). - cifs: Use kmemdup rather than duplicating its implementation in smb311_posix_mkdir() (bsc#1144333). - cifs: Use kzfree() to free password (bsc#1144333). - cifs: Use offset when reading pages (bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510, bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510, bsc#1144333). - cifs: When sending data on socket, pass the correct page offset (bsc#1144333). - cifs: a smb2_validate_and_copy_iov failure does not mean the handle is invalid (bsc#1144333). - cifs: add .splice_write (bsc#1144333). - cifs: add IOCTL for QUERY_INFO passthrough to userspace (bsc#1144333). - cifs: add ONCE flag for cifs_dbg type (bsc#1144333). - cifs: add SFM mapping for 0x01-0x1F (bsc#1144333). - cifs: add SMB2_close_init()/SMB2_close_free() (bsc#1144333). - cifs: add SMB2_ioctl_init/free helpers to be used with compounding (bsc#1144333). - cifs: add SMB2_query_info_[init|free]() (bsc#1144333). - cifs: add a new SMB2_close_flags function (bsc#1144333). - cifs: add a smb2_compound_op and change QUERY_INFO to use it (bsc#1144333). - cifs: add a timeout argument to wait_for_free_credits (bsc#1144333). - cifs: add a warning if we try to to dequeue a deleted mid (bsc#1144333). - cifs: add compound_send_recv() (bsc#1144333). - cifs: add credits from unmatched responses/messages (bsc#1144333). - cifs: add debug output to show nocase mount option (bsc#1144333). - cifs: add fiemap support (bsc#1144333). - cifs: add iface info to struct cifs_ses (bsc#1144333). - cifs: add lease tracking to the cached root fid (bsc#1144333). - cifs: add missing GCM module dependency (bsc#1144333). - cifs: add missing debug entries for kconfig options (bsc#1051510, bsc#1144333). - cifs: add missing support for ACLs in SMB 3.11 (bsc#1051510, bsc#1144333). - cifs: add pdu_size to the TCP_Server_Info structure (bsc#1144333). - cifs: add resp_buf_size to the mid_q_entry structure (bsc#1144333). - cifs: add server argument to the dump_detail method (bsc#1144333). - cifs: add server->vals->header_preamble_size (bsc#1144333). - cifs: add sha512 secmech (bsc#1051510, bsc#1144333). - cifs: add spinlock for the openFileList to cifsInodeInfo (bsc#1144333). - cifs: add support for SEEK_DATA and SEEK_HOLE (bsc#1144333). - cifs: add support for ioctl on directories (bsc#1144333). - cifs: address trivial coverity warning (bsc#1144333). - cifs: allow calling SMB2_xxx_free(NULL) (bsc#1144333). - cifs: allow disabling less secure legacy dialects (bsc#1144333). - cifs: allow guest mounts to work for smb3.11 (bsc#1051510, bsc#1144333). - cifs: always add credits back for unsolicited PDUs (bsc#1144333). - cifs: auto disable 'serverino' in dfs mounts (bsc#1144333). - cifs: avoid a kmalloc in smb2_send_recv/SendReceive2 for the common case (bsc#1144333). - cifs: cache FILE_ALL_INFO for the shared root handle (bsc#1144333). - cifs: change SMB2_OP_RENAME and SMB2_OP_HARDLINK to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_EOF to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_INFO to use compounding (bsc#1144333). - cifs: change mkdir to use a compound (bsc#1144333). - cifs: change smb2_get_data_area_len to take a smb2_sync_hdr as argument (bsc#1144333). - cifs: change smb2_query_eas to use the compound query-info helper (bsc#1144333). - cifs: change unlink to use a compound (bsc#1144333). - cifs: change validate_buf to validate_iov (bsc#1144333). - cifs: change wait_for_free_request() to take flags as argument (bsc#1144333). - cifs: check CIFS_MOUNT_NO_DFS when trying to reuse existing sb (bsc#1144333). - cifs: check MaxPathNameComponentLength != 0 before using it (bsc#1085536, bsc#1144333). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902, bsc#1144333). - cifs: check if SMB2 PDU size has been padded and suppress the warning (bsc#1144333). - cifs: check kmalloc before use (bsc#1051510, bsc#1144333). - cifs: check kzalloc return (bsc#1144333). - cifs: check ntwrk_buf_start for NULL before dereferencing it (bsc#1144333). - cifs: check rsp for NULL before dereferencing in SMB2_open (bsc#1085536, bsc#1144333). - cifs: cifs_read_allocate_pages: do not iterate through whole page array on ENOMEM (bsc#1144333). - cifs: clean up indentation, replace spaces with tab (bsc#1144333). - cifs: cleanup smb2ops.c and normalize strings (bsc#1144333). - cifs: complete PDU definitions for interface queries (bsc#1144333). - cifs: connect to servername instead of IP for IPC$ share (bsc#1051510, bsc#1144333). - cifs: create SMB2_open_init()/SMB2_open_free() helpers (bsc#1144333). - cifs: create a define for how many iovs we need for an SMB2_open() (bsc#1144333). - cifs: create a define for the max number of iov we need for a SMB2 set_info (bsc#1144333). - cifs: create a helper function for compound query_info (bsc#1144333). - cifs: create helpers for SMB2_set_info_init/free() (bsc#1144333). - cifs: do not allow creating sockets except with SMB1 posix exensions (bsc#1102097, bsc#1144333). - cifs: do not attempt cifs operation on smb2+ rename error (bsc#1144333). - cifs: do not dereference smb_file_target before null check (bsc#1051510, bsc#1144333). - cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510, bsc#1144333). - cifs: do not return atime less than mtime (bsc#1144333). - cifs: do not send invalid input buffer on QUERY_INFO requests (bsc#1144333). - cifs: do not show domain= in mount output when domain is empty (bsc#1144333). - cifs: do not use __constant_cpu_to_le32() (bsc#1144333). - cifs: document tcon/ses/server refcount dance (bsc#1144333). - cifs: dump IPC tcon in debug proc file (bsc#1071306, bsc#1144333). - cifs: dump every session iface info (bsc#1144333). - cifs: fallback to older infolevels on findfirst queryinfo retry (bsc#1144333). - cifs: fix GlobalMid_Lock bug in cifs_reconnect (bsc#1144333). - cifs: fix NULL deref in SMB2_read (bsc#1085539, bsc#1144333). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542, bsc#1144333). - cifs: fix SMB1 breakage (bsc#1144333). - cifs: fix a buffer leak in smb2_query_symlink (bsc#1144333). - cifs: fix a credits leak for compund commands (bsc#1144333). - cifs: fix bi-directional fsctl passthrough calls (bsc#1144333). - cifs: fix build break when CONFIG_CIFS_DEBUG2 enabled (bsc#1144333). - cifs: fix build errors for SMB_DIRECT (bsc#1144333). - cifs: fix circular locking dependency (bsc#1064701, bsc#1144333). - cifs: fix computation for MAX_SMB2_HDR_SIZE (bsc#1144333). - cifs: fix confusing warning message on reconnect (bsc#1144333). - cifs: fix crash in cifs_dfs_do_automount (bsc#1144333). - cifs: fix crash in smb2_compound_op()/smb2_set_next_command() (bsc#1144333). - cifs: fix crash querying symlinks stored as reparse-points (bsc#1144333). - cifs: fix credits leak for SMB1 oplock breaks (bsc#1144333). - cifs: fix deadlock in cached root handling (bsc#1144333). - cifs: fix encryption in SMB3.1.1 (bsc#1144333). - cifs: fix handle leak in smb2_query_symlink() (bsc#1144333). - cifs: fix incorrect handling of smb2_set_sparse() return in smb3_simple_falloc (bsc#1144333). - cifs: fix kref underflow in close_shroot() (bsc#1144333). - cifs: fix memory leak and remove dead code (bsc#1144333). - cifs: fix memory leak in SMB2_open() (bsc#1112894, bsc#1144333). - cifs: fix memory leak in SMB2_read (bsc#1144333). - cifs: fix memory leak of an allocated cifs_ntsd structure (bsc#1144333). - cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl case (bsc#1144333). - cifs: fix page reference leak with readv/writev (bsc#1144333). - cifs: fix panic in smb2_reconnect (bsc#1144333). - cifs: fix parsing of symbolic link error response (bsc#1144333). - cifs: fix return value for cifs_listxattr (bsc#1051510, bsc#1144333). - cifs: fix rmmod regression in cifs.ko caused by force_sig changes (bsc#1144333). - cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510, bsc#1144333). - cifs: fix signed/unsigned mismatch on aio_read patch (bsc#1144333). - cifs: fix smb3_zero_range for Azure (bsc#1144333). - cifs: fix smb3_zero_range so it can expand the file-size when required (bsc#1144333). - cifs: fix sparse warning on previous patch in a few printks (bsc#1144333). - cifs: fix spelling mistake, EACCESS -> EACCES (bsc#1144333). - cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() (bsc#1144333). - cifs: fix typo in cifs_dbg (bsc#1144333). - cifs: fix typo in debug message with struct field ia_valid (bsc#1144333). - cifs: fix uninitialized ptr deref in smb2 signing (bsc#1144333). - cifs: fix use-after-free of the lease keys (bsc#1144333). - cifs: fix wrapping bugs in num_entries() (bsc#1051510, bsc#1144333). - cifs: flush before set-info if we have writeable handles (bsc#1144333). - cifs: handle large EA requests more gracefully in smb2+ (bsc#1144333). - cifs: handle netapp error codes (bsc#1136261). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: implement v3.11 preauth integrity (bsc#1051510, bsc#1144333). - cifs: integer overflow in in SMB2_ioctl() (bsc#1051510, bsc#1144333). - cifs: invalidate cache when we truncate a file (bsc#1051510, bsc#1144333). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565, bsc#1144333). - cifs: limit amount of data we request for xattrs to CIFSMaxBufSize (bsc#1144333). - cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510, bsc#1144333). - cifs: make IPC a regular tcon (bsc#1071306, bsc#1144333). - cifs: make arrays static const, reduces object code size (bsc#1144333). - cifs: make minor clarifications to module params for cifs.ko (bsc#1144333). - cifs: make mknod() an smb_version_op (bsc#1144333). - cifs: make rmdir() use compounding (bsc#1144333). - cifs: make smb_send_rqst take an array of requests (bsc#1144333). - cifs: minor clarification in comments (bsc#1144333). - cifs: minor updates to module description for cifs.ko (bsc#1144333). - cifs: move default port definitions to cifsglob.h (bsc#1144333). - cifs: move large array from stack to heap (bsc#1144333). - cifs: only wake the thread for the very last PDU in a compound (bsc#1144333). - cifs: parse and store info on iface queries (bsc#1144333). - cifs: pass flags down into wait_for_free_credits() (bsc#1144333). - cifs: pass page offsets on SMB1 read/write (bsc#1144333). - cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510, bsc#1144333). - cifs: prevent starvation in wait_for_free_credits for multi-credit requests (bsc#1144333). - cifs: print CIFSMaxBufSize as part of /proc/fs/cifs/DebugData (bsc#1144333). - cifs: protect against server returning invalid file system block size (bsc#1144333). - cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: push rfc1002 generation down the stack (bsc#1144333). - cifs: read overflow in is_valid_oplock_break() (bsc#1144333). - cifs: refactor and clean up arguments in the reparse point parsing (bsc#1144333). - cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510, bsc#1144333). - cifs: release auth_key.response for reconnect (bsc#1085536, bsc#1144333). - cifs: release cifs root_cred after exit_cifs (bsc#1085536, bsc#1144333). - cifs: remove coverity warning in calc_lanman_hash (bsc#1144333). - cifs: remove header_preamble_size where it is always 0 (bsc#1144333). - cifs: remove redundant duplicated assignment of pointer 'node' (bsc#1144333). - cifs: remove rfc1002 hardcoded constants from cifs_discard_remaining_data() (bsc#1144333). - cifs: remove rfc1002 header from all SMB2 response structures (bsc#1144333). - cifs: remove rfc1002 header from smb2 read/write requests (bsc#1144333). - cifs: remove rfc1002 header from smb2_close_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_create_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_echo_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_flush_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_ioctl_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_lease_ack (bsc#1144333). - cifs: remove rfc1002 header from smb2_lock_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_logoff_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_negotiate_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_oplock_break we get from server (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_directory_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_sess_setup_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_set_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_connect_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_disconnect_req (bsc#1144333). - cifs: remove set but not used variable 'cifs_sb' (bsc#1144333). - cifs: remove set but not used variable 'sep' (bsc#1144333). - cifs: remove set but not used variable 'server' (bsc#1144333). - cifs: remove set but not used variable 'smb_buf' (bsc#1144333). - cifs: remove small_smb2_init (bsc#1144333). - cifs: remove smb2_send_recv() (bsc#1144333). - cifs: remove struct smb2_hdr (bsc#1144333). - cifs: remove struct smb2_oplock_break_rsp (bsc#1144333). - cifs: remove the is_falloc argument to SMB2_set_eof (bsc#1144333). - cifs: remove unused stats (bsc#1144333). - cifs: remove unused value pointed out by Coverity (bsc#1144333). - cifs: remove unused variable from SMB2_read (bsc#1144333). - cifs: rename and clarify CIFS_ASYNC_OP and CIFS_NO_RESP (bsc#1144333). - cifs: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - cifs: replace snprintf with scnprintf (bsc#1144333). - cifs: return -ENODATA when deleting an xattr that does not exist (bsc#1144333). - cifs: return correct errors when pinning memory failed for direct I/O (bsc#1144333). - cifs: return error on invalid value written to cifsFYI (bsc#1144333). - cifs: set *resp_buf_type to NO_BUFFER on error (bsc#1144333). - cifs: set mapping error when page writeback fails in writepage or launder_pages (bsc#1144333). - cifs: set oparms.create_options rather than or'ing in CREATE_OPEN_BACKUP_INTENT (bsc#1144333). - cifs: show 'soft' in the mount options for hard mounts (bsc#1144333). - cifs: show the w bit for writeable /proc/fs/cifs/* files (bsc#1144333). - cifs: silence compiler warnings showing up with gcc-8.0.0 (bsc#1090734, bsc#1144333). - cifs: simple stats should always be enabled (bsc#1144333). - cifs: simplify code by removing CONFIG_CIFS_ACL ifdef (bsc#1144333). - Update config files. - cifs: simplify how we handle credits in compound_send_recv() (bsc#1144333). - cifs: smb2 commands can not be negative, remove confusing check (bsc#1144333). - cifs: smb2ops: Fix NULL check in smb2_query_symlink (bsc#1144333). - cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510, bsc#1144333). - cifs: smb2pdu: Fix potential NULL pointer dereference (bsc#1144333). - cifs: smbd: Avoid allocating iov on the stack (bsc#1144333). - cifs: smbd: Check for iov length on sending the last iov (bsc#1144333). - cifs: smbd: Do not destroy transport on RDMA disconnect (bsc#1144333). - cifs: smbd: Do not use RDMA read/write when signing is used (bsc#1144333). - cifs: smbd: Dump SMB packet when configured (bsc#1144333). - cifs: smbd: Enable signing with smbdirect (bsc#1144333). - cifs: smbd: Indicate to retry on transport sending failure (bsc#1144333). - cifs: smbd: Retry on memory registration failure (bsc#1144333). - cifs: smbd: Return EINTR when interrupted (bsc#1144333). - cifs: smbd: avoid reconnect lockup (bsc#1144333). - cifs: smbd: depend on INFINIBAND_ADDR_TRANS (bsc#1144333). - cifs: smbd: disconnect transport on RDMA errors (bsc#1144333). - cifs: smbd: take an array of reqeusts when sending upper layer data (bsc#1144333). - cifs: start DFS cache refresher in cifs_mount() (bsc#1144333). - cifs: store the leaseKey in the fid on SMB2_open (bsc#1051510, bsc#1144333). - cifs: suppress some implicit-fallthrough warnings (bsc#1144333). - cifs: track writepages in vfs operation counters (bsc#1144333). - cifs: update __smb_send_rqst() to take an array of requests (bsc#1144333). - cifs: update calc_size to take a server argument (bsc#1144333). - cifs: update init_sg, crypt_message to take an array of rqst (bsc#1144333). - cifs: update internal module number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.14 (bsc#1144333). - cifs: update module internal version number (bsc#1144333). - cifs: update multiplex loop to handle compounded responses (bsc#1144333). - cifs: update receive_encrypted_standard to handle compounded responses (bsc#1144333). - cifs: update smb2_calc_size to use smb2_sync_hdr instead of smb2_hdr (bsc#1144333). - cifs: update smb2_check_message to handle PDUs without a 4 byte length header (bsc#1144333). - cifs: update smb2_queryfs() to use compounding (bsc#1144333). - cifs: use a compound for setting an xattr (bsc#1144333). - cifs: use a refcount to protect open/closing the cached file handle (bsc#1144333). - cifs: use correct format characters (bsc#1144333). - cifs: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl (bsc#1071306, bsc#1144333). - cifs: use the correct length when pinning memory for direct I/O for write (bsc#1144333). - cifs: wait_for_free_credits() make it possible to wait for >=1 credits (bsc#1144333). - cifs: we can not use small padding iovs together with encryption (bsc#1144333). - cifs: zero sensitive data when freeing (bsc#1087092, bsc#1144333). - cifs: zero-range does not require the file is sparse (bsc#1144333). - cifs:smbd Use the correct DMA direction when sending data (bsc#1144333). - cifs:smbd When reconnecting to server, call smbd_destroy() after all MIDs have been called (bsc#1144333). - cifs_lookup(): cifs_get_inode_...() never returns 0 with *inode left NULL (bsc#1144333). - cifs_lookup(): switch to d_splice_alias() (bsc#1144333). - clk: Export clk_bulk_prepare() (bsc#1144813). - clk: add clk_bulk_get accessories (bsc#1144813). - clk: bcm2835: remove pllb (jsc#SLE-7294). - clk: bcm283x: add driver interfacing with Raspberry Pi's firmware (jsc#SLE-7294). - clk: bulk: silently error out on EPROBE_DEFER (bsc#1144718,bsc#1144813). - clk: raspberrypi: register platform device for raspberrypi-cpufreq (jsc#SLE-7294). - clk: renesas: cpg-mssr: Fix reset control race condition (bsc#1051510). - clk: rockchip: Add 1.6GHz PLL rate for rk3399 (bsc#1144718,bsc#1144813). - clk: rockchip: assign correct id for pclk_ddr and hclk_sd in rk3399 (bsc#1144718,bsc#1144813). - compat_ioctl: pppoe: fix PPPOEIOCSFWD handling (bsc#1051510). - coredump: split pipe command whitespace before expanding template (bsc#1051510). - cpu/speculation: Warn on unsupported mitigations= parameter (bsc#1114279). - cpufreq: dt: Try freeing static OPPs only if we have added them (jsc#SLE-7294). - crypto: ccp - Add support for valid authsize values less than 16 (bsc#1051510). - crypto: ccp - Fix oops by properly managing allocated structures (bsc#1051510). - crypto: ccp - Ignore tag length when decrypting GCM ciphertext (bsc#1051510). - crypto: ccp - Ignore unconfigured CCP device on suspend/resume (bnc#1145934). - crypto: ccp - Validate buffer lengths for copy operations (bsc#1051510). - crypto: talitos - fix skcipher failure due to wrong output IV (bsc#1051510). - cx82310_eth: fix a memory leak bug (bsc#1051510). - dax: dax_layout_busy_page() should not unmap cow pages (bsc#1148698). - devres: always use dev_name() in devm_ioremap_resource() (git fixes). - dfs_cache: fix a wrong use of kfree in flush_cache_ent() (bsc#1144333). - dm btree: fix order of block initialization in btree_split_beneath (git fixes). - dm bufio: fix deadlock with loop device (git fixes). - dm cache metadata: Fix loading discard bitset (git fixes). - dm crypt: do not overallocate the integrity tag space (git fixes). - dm crypt: fix parsing of extended IV arguments (git fixes). - dm delay: fix a crash when invalid device is specified (git fixes). - dm integrity: change memcmp to strncmp in dm_integrity_ctr (git fixes). - dm integrity: limit the rate of error messages (git fixes). - dm kcopyd: always complete failed jobs (git fixes). - dm raid: add missing cleanup in raid_ctr() (git fixes). - dm space map metadata: fix missing store of apply_bops() return value (git fixes). - dm table: fix invalid memory accesses with too high sector number (git fixes). - dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors (git fixes). - dm thin: fix bug where bio that overwrites thin block ignores FUA (git fixes). - dm thin: fix passdown_double_checking_shared_status() (git fixes). - dm zoned: Fix zone report handling (git fixes). - dm zoned: Silence a static checker warning (git fixes). - dm zoned: fix potential NULL dereference in dmz_do_reclaim() (git fixes). - dm zoned: fix zone state management race (git fixes). - dm zoned: improve error handling in i/o map code (git fixes). - dm zoned: improve error handling in reclaim (git fixes). - dm zoned: properly handle backing device failure (git fixes). - dm: bufio: revert: 'fix deadlock with loop device' (git fixes). - dm: fix to_sector() for 32bit (git fixes). - dm: revert 8f50e358153d ('dm: limit the max bio size as BIO_MAX_PAGES * PAGE_SIZE') (git fixes). - dma-buf: balance refcount inbalance (bsc#1051510). - dmaengine: rcar-dmac: Reject zero-length slave DMA requests (bsc#1051510). - documentation/networking: fix default_ttl typo in mpls-sysctl (bsc#1051510). - documentation: Add nospectre_v1 parameter (bsc#1051510). - driver core: Fix use-after-free and double free on glue directory (bsc#1131281). - drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl (bsc#1051510). - drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings (bsc#1051510). - drm/amdgpu/psp: move psp version specific function pointers to (bsc#1135642) - drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz (bsc#1051510). - drm/bridge: tc358767: read display_props in get_modes() (bsc#1051510). - drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry (bsc#1051510). - drm/etnaviv: add missing failure path to destroy suballoc (bsc#1135642) - drm/i915/perf: ensure we keep a reference on the driver (bsc#1142635) - drm/i915/userptr: Acquire the page lock around set_page_dirty() (bsc#1051510). - drm/i915: Do not deballoon unused ggtt drm_mm_node in linux guest (bsc#1142635) - drm/i915: Fix wrong escape clock divisor init for GLK (bsc#1142635) - drm/i915: Restore relaxed padding (OCL_OOB_SUPPRES_ENABLE) for skl+ (bsc#1142635) - drm/imx: notify drm core before sending event during crtc disable (bsc#1135642) - drm/imx: only send event on crtc disable if kept disabled (bsc#1135642) - drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver (bsc#1135642) - drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable() (bsc#1135642) - drm/mediatek: clear num_pipes when unbind driver (bsc#1135642) - drm/mediatek: fix unbind functions (bsc#1135642) - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto (bsc#1142635) - drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1135642) - drm/mediatek: use correct device to import PRIME buffers (bsc#1142635) - drm/msm/mdp5: Fix mdp5_cfg_init error return (bsc#1142635) - drm/msm: Depopulate platform on probe failure (bsc#1051510). - drm/nouveau: Do not retry infinitely when receiving no data on i2c (bsc#1142635) - drm/nouveau: fix memory leak in nouveau_conn_reset() (bsc#1051510). - drm/panel: simple: Fix panel_simple_dsi_probe (bsc#1051510). - drm/rockchip: Suspend DP late (bsc#1142635) - drm/udl: introduce a macro to convert dev to udl. (bsc#1113722) - drm/udl: move to embedding drm device inside udl device. (bsc#1113722) - drm/virtio: Add memory barriers for capset cache (bsc#1051510). - drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1135642) - drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1135642) - drm/vmwgfx: fix memory leak when too many retries have occurred (bsc#1051510). - drm: msm: Fix add_gpu_components (bsc#1051510). - drm: silence variable 'conn' set but not used (bsc#1051510). - ecryptfs: fix a couple type promotion bugs (bsc#1051510). - edac, amd64: Add Family 17h, models 10h-2fh support (bsc#1112178). - edac/amd64: Add Family 17h Model 30h PCI IDs (bsc#1112178). - edac: Fix global-out-of-bounds write when setting edac_mc_poll_msec (bsc#1114279). - efi/bgrt: Drop BGRT status field reserved bits check (bsc#1051510). - ehea: Fix a copy-paste err in ehea_init_port_res (bsc#1051510). - ext4: use jbd2_inode dirty range scoping (bsc#1148616). - firmware: raspberrypi: register clk device (jsc#SLE-7294). - firmware: ti_sci: Always request response from firmware (bsc#1051510). - fix incorrect error code mapping for OBJECTID_NOT_FOUND (bsc#1144333). - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510, bsc#1144333). - fix struct ufs_req removal of unused field (git-fixes). - fixed https://bugzilla.kernel.org/show_bug.cgi?id=202935 allow write on the same file (bsc#1144333). - fs/*/kconfig: drop links to 404-compliant http://acl.bestbits.at (bsc#1144333). - fs/cifs/cifsacl.c Fixes typo in a comment (bsc#1144333). - fs/cifs/smb2pdu.c: fix buffer free in SMB2_ioctl_free (bsc#1144333). - fs/cifs: Simplify ib_post_(send|recv|srq_recv)() calls (bsc#1144333). - fs/cifs: do not translate SFM_SLASH (U+F026) to backslash (bsc#1144333). - fs/cifs: fix uninitialised variable warnings (bsc#1144333). - fs/cifs: require sha512 (bsc#1051510, bsc#1144333). - fs/cifs: suppress a string overflow warning (bsc#1144333). - fs/xfs: Fix return code of xfs_break_leased_layouts() (bsc#1148031). - fs: cifs: Drop unlikely before IS_ERR(_OR_NULL) (bsc#1144333). - fs: cifs: Kconfig: pedantic formatting (bsc#1144333). - fs: cifs: Replace _free_xid call in cifs_root_iget function (bsc#1144333). - fs: cifs: cifsssmb: Change return type of convert_ace_to_cifs_ace (bsc#1144333). - fs: xfs: xfs_log: Do not use KM_MAYFAIL at xfs_log_reserve() (bsc#1148033). - fsl/fman: Use GFP_ATOMIC in {memac,tgec}_add_hash_mac_address() (bsc#1051510). - ftrace: Check for empty hash and comment the race with registering probes (bsc#1149418). - ftrace: Check for successful allocation of hash (bsc#1149424). - ftrace: Fix NULL pointer dereference in t_probe_next() (bsc#1149413). - gpio: Fix build error of function redefinition (bsc#1051510). - gpio: gpio-omap: add check for off wake capable gpios (bsc#1051510). - gpio: mxs: Get rid of external API call (bsc#1051510). - gpio: omap: ensure irq is enabled before wakeup (bsc#1051510). - gpio: pxa: handle corner case of unprobed device (bsc#1051510). - gpiolib: fix incorrect IRQ requesting of an active-low lineevent (bsc#1051510). - gpiolib: never report open-drain/source lines as 'input' to user-space (bsc#1051510). - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM (bsc#1142635) - hid: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT (bsc#1051510). - hid: Add quirk for HP X1200 PIXART OEM mouse (bsc#1051510). - hid: cp2112: prevent sleeping function called from invalid context (bsc#1051510). - hid: hiddev: avoid opening a disconnected device (bsc#1051510). - hid: hiddev: do cleanup in failure of opening a device (bsc#1051510). - hid: holtek: test for sanity of intfdata (bsc#1051510). - hid: sony: Fix race condition between rumble and device remove (bsc#1051510). - hid: wacom: Correct distance scale for 2nd-gen Intuos devices (bsc#1142635). - hid: wacom: correct misreported EKR ring values (bsc#1142635). - hid: wacom: fix bit shift for Cintiq Companion 2 (bsc#1051510). - hpet: Fix division by zero in hpet_time_div() (bsc#1051510). - hwmon: (nct6775) Fix register address and added missed tolerance for nct6106 (bsc#1051510). - hwmon: (nct7802) Fix wrong detection of in4 presence (bsc#1051510). - i2c: emev2: avoid race when unregistering slave client (bsc#1051510). - i2c: piix4: Fix port selection for AMD Family 16h Model 30h (bsc#1051510). - i2c: qup: fixed releasing dma without flush operation completion (bsc#1051510). - ib/mlx5: Fix MR registration flow to use UMR properly (bsc#1093205 bsc#1145678). - ibmveth: Convert multicast list size for little-endian system (bsc#1061843). - ibmvnic: Do not process reset during or after device removal (bsc#1149652 ltc#179635). - ibmvnic: Unmap DMA address of TX descriptor buffers after use (bsc#1146351 ltc#180726). - igmp: fix memory leak in igmpv3_del_delrec() (networking-stable-19_07_25). - iio: adc: max9611: Fix misuse of GENMASK macro (bsc#1051510). - iio: adc: max9611: Fix temperature reading in probe (bsc#1051510). - iio: iio-utils: Fix possible incorrect mask calculation (bsc#1051510). - include/linux/bitops.h: sanitize rotate primitives (git fixes). - input: alps - do not handle ALPS cs19 trackpoint-only device (bsc#1051510). - input: alps - fix a mismatch between a condition check and its comment (bsc#1051510). - input: iforce - add sanity checks (bsc#1051510). - input: kbtab - sanity check for endpoint type (bsc#1051510). - input: synaptics - enable RMI mode for HP Spectre X360 (bsc#1051510). - input: synaptics - whitelist Lenovo T580 SMBus intertouch (bsc#1051510). - input: trackpoint - only expose supported controls for Elan, ALPS and NXP (bsc#1051510). - intel_th: pci: Add Ice Lake NNPI support (bsc#1051510). - intel_th: pci: Add Tiger Lake support (bsc#1051510). - intel_th: pci: Add support for another Lewisburg PCH (bsc#1051510). - iommu/amd: Add support for X2APIC IOMMU interrupts (bsc#1145010). - iommu/amd: Fix race in increase_address_space() (bsc#1150860). - iommu/amd: Flush old domains in kdump kernel (bsc#1150861). - iommu/amd: Move iommu_init_pci() to .init section (bsc#1149105). - iommu/dma: Handle SG length overflow better (bsc#1146084). - iommu/iova: Fix compilation error with !CONFIG_IOMMU_IOVA (bsc#1145024). - iommu/vt-d: Do not queue_iova() if there is no flush queue (bsc#1145024). - ipip: validate header length in ipip_tunnel_xmit (git-fixes). - ipv4: do not set IPv6 only flags to IPv4 addresses (networking-stable-19_07_25). - irqchip/gic-v3-its: fix build warnings (bsc#1144880). - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack (bsc#1051510). - isdn: hfcsusb: checking idx of ep configuration (bsc#1051510). - isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain() (bsc#1051510). - iwlwifi: dbg: split iwl_fw_error_dump to two functions (bsc#1119086). - iwlwifi: do not unmap as page memory that was mapped as single (bsc#1051510). - iwlwifi: fix bad dma handling in page_mem dumping flow (bsc#1120902). - iwlwifi: fw: use helper to determine whether to dump paging (bsc#1106434). Patch needed to be adjusted, because our tree does not have the global variable IWL_FW_ERROR_DUMP_PAGING - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT on version &< 41 (bsc#1142635). - iwlwifi: mvm: fix an out-of-bound access (bsc#1051510). - iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT support (bsc#1142635). - iwlwifi: pcie: do not service an interrupt that was masked (bsc#1142635). - iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X (bsc#1142635). - jbd2: flush_descriptor(): Do not decrease buffer head's ref count (bsc#1143843). - jbd2: introduce jbd2_inode dirty range scoping (bsc#1148616). - kabi: Fix kABI for 'struct amd_iommu' (bsc#1145010). - kasan: remove redundant initialization of variable 'real_size' (git fixes). - kconfig/[mn]conf: handle backspace (^H) key (bsc#1051510). - keys: Fix missing null pointer check in request_key_auth_describe() (bsc#1051510). - kvm/eventfd: Avoid crash when assign and deassign specific eventfd in parallel (bsc#1133021). - kvm/x86: Move MSR_IA32_ARCH_CAPABILITIES to array emulated_msrs (bsc#1134881 bsc#1134882). - kvm: Disallow wraparound in kvm_gfn_to_hva_cache_init (bsc#1133021). - kvm: Fix leak vCPU's VMCS value into other pCPU (bsc#1145388). - kvm: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC (bsc#1145408). - kvm: PPC: Book3S HV: Fix CR0 setting in TM emulation (bsc#1061840). - kvm: Reject device ioctls from processes other than the VM's creator (bsc#1133021). - kvm: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT with bad value (bsc#1145393). - kvm: VMX: Fix handling of #MC that occurs during VM-Entry (bsc#1145395). - kvm: VMX: check CPUID before allowing read/write of IA32_XSS (bsc#1145394). - kvm: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083). - kvm: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083). - kvm: arm/arm64: Close VMID generation race (bsc#1133021). - kvm: arm/arm64: Convert kvm_host_cpu_state to a static per-cpu allocation (bsc#1133021). - kvm: arm/arm64: Drop resource size check for GICV window (bsc#1133021). - kvm: arm/arm64: Fix VMID alloc race by reverting to lock-less (bsc#1133021). - kvm: arm/arm64: Fix lost IRQs from emulated physcial timer when blocked (bsc#1133021). - kvm: arm/arm64: Handle CPU_PM_ENTER_FAILED (bsc#1133021). - kvm: arm/arm64: Reduce verbosity of KVM init log (bsc#1133021). - kvm: arm/arm64: Set dist->spis to NULL after kfree (bsc#1133021). - kvm: arm/arm64: Skip updating PMD entry if no change (bsc#1133021). - kvm: arm/arm64: Skip updating PTE entry if no change (bsc#1133021). - kvm: arm/arm64: vgic-its: Fix potential overrun in vgic_copy_lpi_list (bsc#1133021). - kvm: arm/arm64: vgic-v3: Tighten synchronization for guests using v2 on v3 (bsc#1133021). - kvm: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending (bsc#1133021). - kvm: arm/arm64: vgic: Fix kvm_device leak in vgic_its_destroy (bsc#1133021). - kvm: arm64: Fix caching of host MDCR_EL2 value (bsc#1133021). - kvm: mmu: Fix overlap between public and private memslots (bsc#1133021). - kvm: nVMX: Remove unnecessary sync_roots from handle_invept (bsc#1145391). - kvm: nVMX: Use adjusted pin controls for vmcs02 (bsc#1145392). - kvm: nVMX: allow setting the VMFUNC controls MSR (bsc#1145389). - kvm: nVMX: do not use dangling shadow VMCS after guest reset (bsc#1145390). - kvm: x86/vPMU: refine kvm_pmu err msg when event creation failed (bsc#1145397). - kvm: x86: Do not update RIP or do single-step on faulting emulation (bsc#1149104). - kvm: x86: Unconditionally enable irqs in guest context (bsc#1145396). - kvm: x86: degrade WARN to pr_warn_ratelimited (bsc#1145409). - kvm: x86: fix backward migration with async_PF (bsc#1146074). - lan78xx: Fix memory leaks (bsc#1051510). - libata: add SG safety checks in SFF pio transfers (bsc#1051510). - libata: do not request sense data on !ZAC ATA devices (bsc#1051510). - libata: have ata_scsi_rw_xlat() fail invalid passthrough requests (bsc#1051510). - libata: zpodd: Fix small read overflow in zpodd_get_mech_type() (bsc#1051510). - libceph, rbd, ceph: move ceph_osdc_alloc_messages() calls (bsc#1135897). - libceph, rbd: add error handling for osd_req_op_cls_init() (bsc#1135897). - libceph, rbd: new bio handling code (aka do not clone bios) (bsc#1141450). - libceph: add osd_req_op_extent_osd_data_bvecs() (bsc#1141450). - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer (bsc#1148133). - libceph: assign cookies in linger_submit() (bsc#1135897). - libceph: check reply num_data_items in setup_request_data() (bsc#1135897). - libceph: do not consume a ref on pagelist in ceph_msg_data_add_pagelist() (bsc#1135897). - libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() (bsc#1135897). - libceph: fix PG split vs OSD (re)connect race (bsc#1148133). - libceph: handle zero-length data items (bsc#1141450). - libceph: introduce BVECS data type (bsc#1141450). - libceph: introduce alloc_watch_request() (bsc#1135897). - libceph: introduce ceph_pagelist_alloc() (bsc#1135897). - libceph: preallocate message data items (bsc#1135897). - libceph: use single request data item for cmp/setxattr (bsc#1139101). - libnvdimm/pfn: Store correct value of npfns in namespace superblock (bsc#1146381 ltc#180720). - liquidio: add cleanup in octeon_setup_iq() (bsc#1051510). - loop: set PF_MEMALLOC_NOIO for the worker thread (git fixes). - mac80211: do not WARN on short WMM parameters from AP (bsc#1051510). - mac80211: do not warn about CW params when not using them (bsc#1051510). - mac80211: fix possible memory leak in ieee80211_assign_beacon (bsc#1142635). - mac80211: fix possible sta leak (bsc#1051510). - macsec: fix checksumming after decryption (bsc#1051510). - macsec: fix use-after-free of skb during RX (bsc#1051510). - macsec: let the administrator set UP state even if lowerdev is down (bsc#1051510). - macsec: update operstate when lower device changes (bsc#1051510). - mailbox: handle failed named mailbox channel request (bsc#1051510). - md/raid: raid5 preserve the writeback action after the parity check (git fixes). - md: add mddev->pers to avoid potential NULL pointer dereference (git fixes). - media: au0828: fix null dereference in error path (bsc#1051510). - media: coda: Remove unbalanced and unneeded mutex unlock (bsc#1051510). - media: coda: fix last buffer handling in V4L2_ENC_CMD_STOP (bsc#1051510). - media: coda: fix mpeg2 sequence number handling (bsc#1051510). - media: coda: increment sequence offset for the last returned frame (bsc#1051510). - media: dvb: usb: fix use after free in dvb_usb_device_exit (bsc#1051510). - media: hdpvr: fix locking and a missing msleep (bsc#1051510). - media: media_device_enum_links32: clean a reserved field (bsc#1051510). - media: pvrusb2: use a different format for warnings (bsc#1051510). - media: spi: IR LED: add missing of table registration (bsc#1051510). - media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails (bsc#1051510). - media: vpss: fix a potential NULL pointer dereference (bsc#1051510). - media: wl128x: Fix some error handling in fm_v4l2_init_video_device() (bsc#1051510). - mfd: arizona: Fix undefined behavior (bsc#1051510). - mfd: core: Set fwnode for created devices (bsc#1051510). - mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk (bsc#1051510). - mfd: intel-lpss: Add Intel Comet Lake PCI IDs (jsc#SLE-4875). - mm, page_owner: handle THP splits correctly (bsc#1149197, VM Debugging Functionality). - mm/hmm: fix bad subpage pointer in try_to_unmap_one (bsc#1148202, HMM, VM Functionality). - mm/hotplug: fix offline undo_isolate_page_range() (bsc#1148196, VM Functionality). - mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node (bsc#1148379, VM Functionality). - mm/memcontrol.c: fix use after free in mem_cgroup_iter() (bsc#1149224, VM Functionality). - mm/memory.c: recheck page table entry with page table lock held (bsc#1148363, VM Functionality). - mm/migrate.c: initialize pud_entry in migrate_vma() (bsc#1148198, HMM, VM Functionality). - mm/mlock.c: change count_mm_mlocked_page_nr return type (bsc#1148527, VM Functionality). - mm/mlock.c: mlockall error for flag MCL_ONFAULT (bsc#1148527, VM Functionality). - mm/page_alloc.c: fix calculation of pgdat->nr_zones (bsc#1148192, VM Functionality). - mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy() (bsc#1118689). - mm/vmscan.c: fix trying to reclaim unevictable LRU page (bsc#1149214, VM Functionality). - mm: add filemap_fdatawait_range_keep_errors() (bsc#1148616). - mm: do not stall register_shrinker() (bsc#1104902, VM Performance). - mm: page_mapped: do not assume compound page is huge or THP (bsc#1148574, VM Functionality). - mmc: cavium: Add the missing dma unmap when the dma has finished (bsc#1051510). - mmc: cavium: Set the correct dma max segment size for mmc_host (bsc#1051510). - mmc: core: Fix init of SD cards reporting an invalid VDD range (bsc#1051510). - mmc: dw_mmc: Fix occasional hang after tuning on eMMC (bsc#1051510). - mmc: sdhci-of-at91: add quirk for broken HS200 (bsc#1051510). - mmc: sdhci-pci: Add support for Intel CML (jsc#SLE-4875). - mmc: sdhci-pci: Add support for Intel ICP (jsc#SLE-4875). - move a few externs to smbdirect.h to eliminate warning (bsc#1144333). - move core networking kabi patches to the end of the section - move irq_data_get_effective_affinity_mask prior the sorted section - mpls: fix warning with multi-label encap (bsc#1051510). - nbd: replace kill_bdev() with __invalidate_device() again (git fixes). - net/9p: include trans_common.h to fix missing prototype warning (bsc#1051510). - net/ibmvnic: Fix missing { in __ibmvnic_reset (bsc#1149652 ltc#179635). - net/ibmvnic: free reset work of removed device from queue (bsc#1149652 ltc#179635). - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command (bsc#1145678). - net/mlx5e: IPoIB, Add error path in mlx5_rdma_setup_rn (networking-stable-19_07_25). - net/smc: do not schedule tx_work in SMC_CLOSED state (bsc#1149963). - net/smc: original socket family in inet_sock_diag (bsc#1149959). - net: Fix netdev_WARN_ONCE macro (git-fixes). - net: Introduce netdev_*_once functions (networking-stable-19_07_25). - net: bcmgenet: use promisc for unsupported filters (networking-stable-19_07_25). - net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query (networking-stable-19_07_25). - net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling (networking-stable-19_07_25). - net: bridge: stp: do not cache eth dest pointer before skb pull (networking-stable-19_07_25). - net: dsa: mv88e6xxx: wait after reset deactivation (networking-stable-19_07_25). - net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1139020 bsc#1139021). - net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1139020 bsc#1139021). - net: ena: add ethtool function for changing io queue sizes (bsc#1139020 bsc#1139021). - net: ena: add good checksum counter (bsc#1139020 bsc#1139021). - net: ena: add handling of llq max tx burst size (bsc#1139020 bsc#1139021). - net: ena: add newline at the end of pr_err prints (bsc#1139020 bsc#1139021). - net: ena: add support for changing max_header_size in LLQ mode (bsc#1139020 bsc#1139021). - net: ena: allow automatic fallback to polling mode (bsc#1139020 bsc#1139021). - net: ena: allow queue allocation backoff when low on memory (bsc#1139020 bsc#1139021). - net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1139020 bsc#1139021). - net: ena: enable negotiating larger Rx ring size (bsc#1139020 bsc#1139021). - net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1139020 bsc#1139021). - net: ena: ethtool: revert 'add extra properties retrieval via get_priv_flags' (bsc#1139020 bsc#1139021). - net: ena: fix ena_com_fill_hash_function() implementation (bsc#1139020 bsc#1139021). - net: ena: fix incorrect test of supported hash function (bsc#1139020 bsc#1139021). - net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1139020 bsc#1139021). - net: ena: fix: Free napi resources when ena_up() fails (bsc#1139020 bsc#1139021). - net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1139020 bsc#1139021). - net: ena: gcc 8: fix compilation warning (bsc#1139020 bsc#1139021). - net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1139020 bsc#1139021). - net: ena: make ethtool show correct current and max queue sizes (bsc#1139020 bsc#1139021). - net: ena: optimise calculations for CQ doorbell (bsc#1139020 bsc#1139021). - net: ena: remove inline keyword from functions in *.c (bsc#1139020 bsc#1139021). - net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1139020 bsc#1139021). - net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1139020 bsc#1139021). - net: ena: use dev_info_once instead of static variable (bsc#1139020 bsc#1139021). - net: make skb_dst_force return true when dst is refcounted (networking-stable-19_07_25). - net: neigh: fix multiple neigh timer scheduling (networking-stable-19_07_25). - net: remove duplicate fetch in sock_getsockopt (networking-stable-19_07_02). - net: sched: verify that q!=NULL before setting q->flags (git-fixes). - net: stmmac: fixed new system time seconds value calculation (networking-stable-19_07_02). - net: stmmac: set IC bit when transmitting frames with HW timestamp (networking-stable-19_07_02). - net: usb: pegasus: fix improper read if get_registers() fail (bsc#1051510). - net_sched: unset TCQ_F_CAN_BYPASS when adding filters (networking-stable-19_07_25). - netrom: fix a memory leak in nr_rx_frame() (networking-stable-19_07_25). - netrom: hold sock when setting skb->destructor (networking-stable-19_07_25). - nfc: fix potential illegal memory access (bsc#1051510). - nfs: Cleanup if nfs_match_client is interrupted (bsc#1134291). - nfs: Fix a double unlock from nfs_match,get_client (bsc#1134291). - nfs: Fix the inode request accounting when pages have subrequests (bsc#1140012). - nfs: make nfs_match_client killable (bsc#1134291). - nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header (git fixes). - nvme-core: Fix extra device_put() call on error path (bsc#1142541). - nvme-fc: fix module unloads while lports still pending (bsc#1150033). - nvme-multipath: fix ana log nsid lookup when nsid is not found (bsc#1141554). - nvme-multipath: relax ANA state check (bsc#1123105). - nvme-multipath: revalidate nvme_ns_head gendisk in nvme_validate_ns (bsc#1120876). - nvme: Return BLK_STS_TARGET if the DNR bit is set (bsc#1142076). - nvme: cancel request synchronously (bsc#1145661). - nvme: change locking for the per-subsystem controller list (bsc#1142541). - nvme: fix possible use-after-free in connect error flow (bsc#1139500, bsc#1140426) - nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN (bsc#1146938). - objtool: Add rewind_stack_do_exit() to the noreturn list (bsc#1145302). - objtool: Support GCC 9 cold subfunction naming scheme (bsc#1145300). - octeon_mgmt: Fix MIX registers configuration on MTU setup (bsc#1051510). - pci: PM/ACPI: Refresh all stale power state data in pci_pm_complete() (bsc#1149106). - pci: Restore Resizable BAR size bits correctly for 1MB BARs (bsc#1143841). - pci: hv: Fix panic by calling hv_pci_remove_slots() earlier (bsc#1142701). - pci: qcom: Ensure that PERST is asserted for at least 100 ms (bsc#1142635). - pci: xilinx-nwl: Fix Multi MSI data programming (bsc#1142635). - phy: qcom-qusb2: Fix crash if nvmem cell not specified (bsc#1051510). - phy: renesas: rcar-gen2: Fix memory leak at error paths (bsc#1051510). - pinctrl: pistachio: fix leaked of_node references (bsc#1051510). - pinctrl: rockchip: fix leaked of_node references (bsc#1051510). - pm / devfreq: rk3399_dmc: Pass ODT and auto power down parameters to TF-A (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: do not print error when get supply and clk defer (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: fix spelling mistakes (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: remove unneeded semicolon (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: remove wait for dcf irq event (bsc#1144718,bsc#1144813). - pm / devfreq: rockchip-dfi: Move GRF definitions to a common place (bsc#1144718,bsc#1144813). - pm / opp: OF: Use pr_debug() instead of pr_err() while adding OPP table (jsc#SLE-7294). - powerpc/64s: Include cpu header (bsc#1065729). - powerpc/64s: support nospectre_v2 cmdline option (bsc#1131107). - powerpc/book3s/64: check for NULL pointer in pgd_alloc() (bsc#1078248, git-fixes). - powerpc/fadump: Do not allow hot-remove memory from fadump reserved area (bsc#1120937). - powerpc/fadump: Reservationless firmware assisted dump (bsc#1120937). - powerpc/fadump: Throw proper error message on fadump registration failure (bsc#1120937). - powerpc/fadump: use kstrtoint to handle sysfs store (bsc#1146376). - powerpc/fadump: when fadump is supported register the fadump sysfs files (bsc#1146352). - powerpc/fsl: Add nospectre_v2 command line argument (bsc#1131107). - powerpc/fsl: Update Spectre v2 reporting (bsc#1131107). - powerpc/kdump: Handle crashkernel memory reservation failure (bsc#1143466 LTC#179600). - powerpc/lib: Fix feature fixup test of external branch (bsc#1065729). - powerpc/mm/hash/4k: Do not use 64K page size for vmemmap with 4K pagesize (bsc#1142685 LTC#179509). - powerpc/mm/radix: Use the right page size for vmemmap mapping (bsc#1055117 bsc#1142685 LTC#179509). - powerpc/mm: Handle page table allocation failures (bsc#1065729). - powerpc/perf: Add constraints for power9 l2/l3 bus events (bsc#1056686). - powerpc/perf: Add mem access events to sysfs (bsc#1124370). - powerpc/perf: Cleanup cache_sel bits comment (bsc#1056686). - powerpc/perf: Fix thresholding counter data for unknown type (bsc#1056686). - powerpc/perf: Remove PM_BR_CMPL_ALT from power9 event list (bsc#1047238, bsc#1056686). - powerpc/perf: Update perf_regs structure to include SIER (bsc#1056686). - powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler (bsc#1065729). - powerpc/powernv: Flush console before platform error reboot (bsc#1149940 ltc#179958). - powerpc/powernv: Return for invalid IMC domain (bsc1054914, git-fixes). - powerpc/powernv: Use kernel crash path for machine checks (bsc#1149940 ltc#179958). - powerpc/pseries, ps3: panic flush kernel messages before halting system (bsc#1149940 ltc#179958). - powerpc/pseries: Fix xive=off command line (bsc#1085030, git-fixes). - powerpc/pseries: add missing cpumask.h include file (bsc#1065729). - powerpc/pseries: correctly track irq state in default idle (bsc#1150727 ltc#178925). - powerpc/rtas: use device model APIs and serialization during LPM (bsc#1144123 ltc#178840). - powerpc/security: Show powerpc_security_features in debugfs (bsc#1131107). - powerpc/xive: Fix dump of XIVE interrupt under pseries (bsc#1142019). - powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask() (bsc#1085030, bsc#1145189, LTC#179762). - powerpc/xmon: Add a dump of all XIVE interrupts (bsc#1142019). - powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL (bsc#1142019). - powerpc: Allow flush_(inval_)dcache_range to work across ranges >4GB (bsc#1146575 ltc#180764). - powerpc: dump kernel log before carrying out fadump or kdump (bsc#1149940 ltc#179958). - qede: fix write to free'd pointer error and double free of ptp (bsc#1051510). - qlge: Deduplicate lbq_buf_size (bsc#1106061). - qlge: Deduplicate rx buffer queue management (bsc#1106061). - qlge: Factor out duplicated expression (bsc#1106061). - qlge: Fix dma_sync_single calls (bsc#1106061). - qlge: Fix irq masking in INTx mode (bsc#1106061). - qlge: Refill empty buffer queues from wq (bsc#1106061). - qlge: Refill rx buffers up to multiple of 16 (bsc#1106061). - qlge: Remove bq_desc.maplen (bsc#1106061). - qlge: Remove irq_cnt (bsc#1106061). - qlge: Remove page_chunk.last_flag (bsc#1106061). - qlge: Remove qlge_bq.len & size (bsc#1106061). - qlge: Remove rx_ring.sbq_buf_size (bsc#1106061). - qlge: Remove rx_ring.type (bsc#1106061). - qlge: Remove useless dma synchronization calls (bsc#1106061). - qlge: Remove useless memset (bsc#1106061). - qlge: Replace memset with assignment (bsc#1106061). - qlge: Update buffer queue prod index despite oom (bsc#1106061). - rbd: do not (ab)use obj_req->pages for stat requests (bsc#1141450). - rbd: do not NULL out ->obj_request in rbd_img_obj_parent_read_full() (bsc#1141450). - rbd: get rid of img_req->copyup_pages (bsc#1141450). - rbd: move from raw pages to bvec data descriptors (bsc#1141450). - rbd: remove bio cloning helpers (bsc#1141450). - rbd: start enums at 1 instead of 0 (bsc#1141450). - rbd: use kmem_cache_zalloc() in rbd_img_request_create() (bsc#1141450). - regmap: fix bulk writes on paged registers (bsc#1051510). - regulator: qcom_spmi: Fix math of spmi_regulator_set_voltage_time_sel (bsc#1051510). - rename patches according to their names in SLE15-SP1. - rpm/kernel-binary.spec.in: Enable missing modules check. - rpm/kernel-binary.spec.in: Enable missing modules check. - rpmsg: added MODULE_ALIAS for rpmsg_char (bsc#1051510). - rpmsg: smd: do not use mananged resources for endpoints and channels (bsc#1051510). - rpmsg: smd: fix memory leak on channel create (bsc#1051510). - rsi: improve kernel thread handling to fix kernel panic (bsc#1051510). - rslib: Fix decoding of shortened codes (bsc#1051510). - rslib: Fix handling of of caller provided syndrome (bsc#1051510). - rtc: pcf8523: do not return invalid date when battery is low (bsc#1051510). - rxrpc: Fix send on a connected, but unbound socket (networking-stable-19_07_25). - s390/cio: fix ccw_device_start_timeout API (bsc#1142109 LTC#179339). - s390/dasd: fix endless loop after read unit address configuration (bsc#1144912 LTC#179907). - s390/qdio: handle PENDING state for QEBSM devices (bsc#1142117 bsc#1142118 bsc#1142119 LTC#179329 LTC#179330 LTC#179331). - s390/qeth: avoid control IO completion stalls (bsc#1142109 LTC#179339). - s390/qeth: cancel cmd on early error (bsc#1142109 LTC#179339). - s390/qeth: fix request-side race during cmd IO timeout (bsc#1142109 LTC#179339). - s390/qeth: release cmd buffer in error paths (bsc#1142109 LTC#179339). - s390/qeth: simplify reply object handling (bsc#1142109 LTC#179339). - samples, bpf: fix to change the buffer size for read() (bsc#1051510). - samples: mei: use /dev/mei0 instead of /dev/mei (bsc#1051510). - sched/fair: Do not free p->numa_faults with concurrent readers (bsc#1144920). - sched/fair: Use RCU accessors consistently for ->numa_group (bsc#1144920). - scripts/checkstack.pl: Fix arm64 wrong or unknown architecture (bsc#1051510). - scripts/decode_stacktrace.sh: prefix addr2line with $CROSS_COMPILE (bsc#1051510). - scripts/decode_stacktrace: only strip base path when a prefix of the path (bsc#1051510). - scripts/gdb: fix lx-version string output (bsc#1051510). - scripts/git_sort/git_sort.py: - scsi: NCR5380: Always re-enable reselection interrupt (git-fixes). - scsi: aacraid: Fix missing break in switch statement (git-fixes). - scsi: aacraid: Fix performance issue on logical drives (git-fixes). - scsi: aic94xx: fix an error code in aic94xx_init() (git-fixes). - scsi: aic94xx: fix module loading (git-fixes). - scsi: bfa: convert to strlcpy/strlcat (git-fixes). - scsi: bnx2fc: Fix NULL dereference in error handling (git-fixes). - scsi: bnx2fc: fix incorrect cast to u64 on shift operation (git-fixes). - scsi: core: Fix race on creating sense cache (git-fixes). - scsi: core: Synchronize request queue PM status only on successful resume (git-fixes). - scsi: core: set result when the command cannot be dispatched (git-fixes). - scsi: cxlflash: Mark expected switch fall-throughs (bsc#1148868). - scsi: cxlflash: Prevent deadlock when adapter probe fails (git-fixes). - scsi: esp_scsi: Track residual for PIO transfers (git-fixes) Also, mitigate kABI changes. - scsi: fas216: fix sense buffer initialization (git-fixes). - scsi: isci: initialize shost fully before calling scsi_add_host() (git-fixes). - scsi: libfc: fix null pointer dereference on a null lport (git-fixes). - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached (git-fixes). - scsi: mac_scsi: Fix pseudo DMA implementation, take 2 (git-fixes). - scsi: mac_scsi: Increase PIO/PDMA transfer length threshold (git-fixes). - scsi: megaraid: fix out-of-bound array accesses (git-fixes). - scsi: megaraid_sas: Fix calculation of target ID (git-fixes). - scsi: ncr5380: revert 'Increase register polling limit' (git-fixes). - scsi: qedf: Add debug information for unsolicited processing (bsc#1149976). - scsi: qedf: Add shutdown callback handler (bsc#1149976). - scsi: qedf: Add support for 20 Gbps speed (bsc#1149976). - scsi: qedf: Check both the FCF and fabric ID before servicing clear virtual link (bsc#1149976). - scsi: qedf: Check for link state before processing LL2 packets and send fipvlan retries (bsc#1149976). - scsi: qedf: Check for module unloading bit before processing link update AEN (bsc#1149976). - scsi: qedf: Decrease the LL2 MTU size to 2500 (bsc#1149976). - scsi: qedf: Fix race betwen fipvlan request and response path (bsc#1149976). - scsi: qedf: Initiator fails to re-login to switch after link down (bsc#1149976). - scsi: qedf: Print message during bailout conditions (bsc#1149976). - scsi: qedf: Stop sending fipvlan request on unload (bsc#1149976). - scsi: qedf: Update module description string (bsc#1149976). - scsi: qedf: Update the driver version to 8.37.25.20 (bsc#1149976). - scsi: qedf: Update the version to 8.42.3.0 (bsc#1149976). - scsi: qedf: Use discovery list to traverse rports (bsc#1149976). - scsi: qedf: remove memset/memcpy to nfunc and use func instead (git-fixes). - scsi: qedf: remove set but not used variables (bsc#1149976). - scsi: qedi: remove declaration of nvm_image from stack (git-fixes). - scsi: qla2xxx: Add cleanup for PCI EEH recovery (bsc#1129424). - scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory (git-fixes). - scsi: qla2xxx: Fix a format specifier (git-fixes). - scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() (git-fixes). - scsi: qla2xxx: Fix device staying in blocked state (git-fixes). - scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() (git-fixes). - scsi: qla2xxx: Unregister chrdev if module initialization fails (git-fixes). - scsi: qla4xxx: avoid freeing unallocated dma memory (git-fixes). - scsi: raid_attrs: fix unused variable warning (git-fixes). - scsi: scsi_dh_alua: Fix possible null-ptr-deref (git-fixes). - scsi: sd: Defer spinning up drive while SANITIZE is in progress (git-fixes). - scsi: sd: Fix a race between closing an sd device and sd I/O (git-fixes). - scsi: sd: Fix cache_type_store() (git-fixes). - scsi: sd: Optimal I/O size should be a multiple of physical block size (git-fixes). - scsi: sd: Quiesce warning if device does not report optimal I/O size (git-fixes). - scsi: sd: use mempool for discard special page (git-fixes). - scsi: sd_zbc: Fix potential memory leak (git-fixes). - scsi: smartpqi: unlock on error in pqi_submit_raid_request_synchronous() (git-fixes). - scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled (git-fixes). - scsi: ufs: Avoid runtime suspend possibly being blocked forever (git-fixes). - scsi: ufs: Check that space was properly alloced in copy_query_response (git-fixes). - scsi: ufs: Fix NULL pointer dereference in ufshcd_config_vreg_hpm() (git-fixes). - scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value (git-fixes). - scsi: ufs: fix wrong command type of UTRD for UFSHCI v2.1 (git-fixes). - scsi: ufs: revert 'disable vccq if it's not needed by UFS device' (git-fixes). - scsi: use dma_get_cache_alignment() as minimum DMA alignment (git-fixes). - scsi: virtio_scsi: do not send sc payload with tmfs (git-fixes). - sctp: change to hold sk after auth shkey is created successfully (networking-stable-19_07_02). - serial: 8250: Fix TX interrupt handling condition (bsc#1051510). - signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig (bsc#1144333). - sis900: fix TX completion (bsc#1051510). - sky2: Disable MSI on ASUS P6T (bsc#1142496). - smb2: fix missing files in root share directory listing (bsc#1112907, bsc#1144333). - smb2: fix typo in definition of a few error flags (bsc#1144333). - smb2: fix uninitialized variable bug in smb2_ioctl_query_info (bsc#1144333). - smb3 - clean up debug output displaying network interfaces (bsc#1144333). - smb3.1.1: Add GCM crypto to the encrypt and decrypt functions (bsc#1144333). - smb3.11: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - smb311: Fix reconnect (bsc#1051510, bsc#1144333). - smb311: Improve checking of negotiate security contexts (bsc#1051510, bsc#1144333). - smb3: Add SMB3.1.1 GCM to negotiated crypto algorigthms (bsc#1144333). - smb3: Add debug message later in smb2/smb3 reconnect path (bsc#1144333). - smb3: Add defines for new negotiate contexts (bsc#1144333). - smb3: Add dynamic trace points for various compounded smb3 ops (bsc#1144333). - smb3: Add ftrace tracepoints for improved SMB3 debugging (bsc#1144333). - smb3: Add handling for different FSCTL access flags (bsc#1144333). - smb3: Add posix create context for smb3.11 posix mounts (bsc#1144333). - smb3: Add protocol structs for change notify support (bsc#1144333). - smb3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510, bsc#1144333). - smb3: Add tracepoints for read, write and query_dir enter (bsc#1144333). - smb3: Allow SMB3 FSCTL queries to be sent to server from tools (bsc#1144333). - smb3: Allow persistent handle timeout to be configurable on mount (bsc#1144333). - smb3: Allow query of symlinks stored as reparse points (bsc#1144333). - smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510, bsc#1144333). - smb3: Backup intent flag missing from compounded ops (bsc#1144333). - smb3: Clean up query symlink when reparse point (bsc#1144333). - smb3: Cleanup license mess (bsc#1144333). - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bsc#1085536, bsc#1144333). - smb3: Do not send SMB3 SET_INFO if nothing changed (bsc#1051510, bsc#1144333). - smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510, bsc#1144333). - smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510, bsc#1144333). - smb3: Fix deadlock in validate negotiate hits reconnect (bsc#1144333). - smb3: Fix endian warning (bsc#1144333, bsc#1137884). - smb3: Fix enumerating snapshots to Azure (bsc#1144333). - smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510, bsc#1144333). - smb3: Fix mode on mkdir on smb311 mounts (bsc#1144333). - smb3: Fix potential memory leak when processing compound chain (bsc#1144333). - smb3: Fix rmdir compounding regression to strict servers (bsc#1144333). - smb3: Fix root directory when server returns inode number of zero (bsc#1051510, bsc#1144333). - smb3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL (bsc#1144333). - smb3: Log at least once if tree connect fails during reconnect (bsc#1144333). - smb3: Number of requests sent should be displayed for SMB3 not just CIFS (bsc#1144333). - smb3: Send netname context during negotiate protocol (bsc#1144333). - smb3: Track total time spent on roundtrips for each SMB3 command (bsc#1144333). - smb3: Update POSIX negotiate context with POSIX ctxt GUID (bsc#1144333). - smb3: Validate negotiate request must always be signed (bsc#1064597, bsc#1144333). - smb3: Warn user if trying to sign connection that authenticated as guest (bsc#1085536, bsc#1144333). - smb3: add additional ftrace entry points for entry/exit to cifs.ko (bsc#1144333). - smb3: add credits we receive from oplock/break PDUs (bsc#1144333). - smb3: add debug for unexpected mid cancellation (bsc#1144333). - smb3: add define for id for posix create context and corresponding struct (bsc#1144333). - smb3: add dynamic trace point for query_info_enter/done (bsc#1144333). - smb3: add dynamic trace point for smb3_cmd_enter (bsc#1144333). - smb3: add dynamic tracepoint for timeout waiting for credits (bsc#1144333). - smb3: add dynamic tracepoints for simple fallocate and zero range (bsc#1144333). - smb3: add missing read completion trace point (bsc#1144333). - smb3: add module alias for smb3 to cifs.ko (bsc#1144333). - smb3: add new mount option to retrieve mode from special ACE (bsc#1144333). - smb3: add reconnect tracepoints (bsc#1144333). - smb3: add smb3.1.1 to default dialect list (bsc#1144333). - smb3: add support for posix negotiate context (bsc#1144333). - smb3: add support for statfs for smb3.1.1 posix extensions (bsc#1144333). - smb3: add trace point for tree connection (bsc#1144333). - smb3: add tracepoint for sending lease break responses to server (bsc#1144333). - smb3: add tracepoint for session expired or deleted (bsc#1144333). - smb3: add tracepoint for slow responses (bsc#1144333). - smb3: add tracepoint to catch cases where credit refund of failed op overlaps reconnect (bsc#1144333). - smb3: add tracepoints for query dir (bsc#1144333). - smb3: add tracepoints for smb2/smb3 open (bsc#1144333). - smb3: add way to control slow response threshold for logging and stats (bsc#1144333). - smb3: allow more detailed protocol info on open files for debugging (bsc#1144333). - smb3: allow posix mount option to enable new SMB311 protocol extensions (bsc#1144333). - smb3: allow previous versions to be mounted with snapshot= mount parm (bsc#1144333). - smb3: allow stats which track session and share reconnects to be reset (bsc#1051510, bsc#1144333). - smb3: check for and properly advertise directory lease support (bsc#1051510, bsc#1144333). - smb3: create smb3 equivalent alias for cifs pseudo-xattrs (bsc#1144333). - smb3: directory sync should not return an error (bsc#1051510, bsc#1144333). - smb3: display bytes_read and bytes_written in smb3 stats (bsc#1144333). - smb3: display security information in /proc/fs/cifs/DebugData more accurately (bsc#1144333). - smb3: display session id in debug data (bsc#1144333). - smb3: display stats counters for number of slow commands (bsc#1144333). - smb3: display volume serial number for shares in /proc/fs/cifs/DebugData (bsc#1144333). - smb3: do not allow insecure cifs mounts when using smb3 (bsc#1144333). - smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510, bsc#1144333). - smb3: do not display confusing message on mount to Azure servers (bsc#1144333). - smb3: do not display empty interface list (bsc#1144333). - smb3: do not request leases in symlink creation and query (bsc#1051510, bsc#1144333). - smb3: do not send compression info by default (bsc#1144333). - smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510, bsc#1144333). - smb3: fill in statfs fsid and correct namelen (bsc#1112905, bsc#1144333). - smb3: fix bytes_read statistics (bsc#1144333). - smb3: fix corrupt path in subdirs on smb311 with posix (bsc#1144333). - smb3: fix large reads on encrypted connections (bsc#1144333). - smb3: fix lease break problem introduced by compounding (bsc#1144333). - smb3: fix minor debug output for CONFIG_CIFS_STATS (bsc#1144333). - smb3: fix redundant opens on root (bsc#1144333). - smb3: fix reset of bytes read and written stats (bsc#1112906, bsc#1144333). - smb3: fix various xid leaks (bsc#1051510, bsc#1144333). - smb3: for kerberos mounts display the credential uid used (bsc#1144333). - smb3: handle new statx fields (bsc#1085536, bsc#1144333). - smb3: if max_credits is specified then display it in /proc/mounts (bsc#1144333). - smb3: if server does not support posix do not allow posix mount option (bsc#1144333). - smb3: improve dynamic tracing of open and posix mkdir (bsc#1144333). - smb3: increase initial number of credits requested to allow write (bsc#1144333). - smb3: make default i/o size for smb3 mounts larger (bsc#1144333). - smb3: minor cleanup of compound_send_recv (bsc#1144333). - smb3: minor debugging clarifications in rfc1001 len processing (bsc#1144333). - smb3: minor missing defines relating to reparse points (bsc#1144333). - smb3: missing defines and structs for reparse point handling (bsc#1144333). - smb3: note that smb3.11 posix extensions mount option is experimental (bsc#1144333). - smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510, bsc#1144333). - smb3: on reconnect set PreviousSessionId field (bsc#1112899, bsc#1144333). - smb3: optimize open to not send query file internal info (bsc#1144333). - smb3: passthru query info does not check for SMB3 FSCTL passthru (bsc#1144333). - smb3: print tree id in debugdata in proc to be able to help logging (bsc#1144333). - smb3: query inode number on open via create context (bsc#1144333). - smb3: remove noisy warning message on mount (bsc#1129664, bsc#1144333). - smb3: remove per-session operations from per-tree connection stats (bsc#1144333). - smb3: rename encryption_required to smb3_encryption_required (bsc#1144333). - smb3: request more credits on normal (non-large read/write) ops (bsc#1144333). - smb3: request more credits on tree connect (bsc#1144333). - smb3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write (bsc#1144333). - smb3: send CAP_DFS capability during session setup (bsc#1144333). - smb3: send backup intent on compounded query info (bsc#1144333). - smb3: show number of current open files in /proc/fs/cifs/Stats (bsc#1144333). - smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510, bsc#1144333). - smb3: smbdirect no longer experimental (bsc#1144333). - smb3: snapshot mounts are read-only and make sure info is displayable about the mount (bsc#1144333). - smb3: track the instance of each session for debugging (bsc#1144333). - smb3: trivial cleanup to smb2ops.c (bsc#1144333). - smb3: update comment to clarify enumerating snapshots (bsc#1144333). - smb3: update default requested iosize to 4MB from 1MB for recent dialects (bsc#1144333). - smb: Validate negotiate (to protect against downgrade) even if signing off (bsc#1085536, bsc#1144333). - smb: fix leak of validate negotiate info response buffer (bsc#1064597, bsc#1144333). - smb: fix validate negotiate info uninitialised memory use (bsc#1064597, bsc#1144333). - smbd: Make upper layer decide when to destroy the transport (bsc#1144333). - smpboot: Place the __percpu annotation correctly (git fixes). - soc: rockchip: power-domain: Add a sanity check on pd->num_clks (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: Use of_clk_get_parent_count() instead of open coding (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: use clk_bulk APIs (bsc#1144718,bsc#1144813). - sound: fix a memory leak bug (bsc#1051510). - spi: bcm2835aux: fix corruptions for longer spi transfers (bsc#1051510). - spi: bcm2835aux: remove dangerous uncontrolled read of fifo (bsc#1051510). - spi: bcm2835aux: unifying code between polling and interrupt driven code (bsc#1051510). - st21nfca_connectivity_event_received: null check the allocation (bsc#1051510). - st_nci_hci_connectivity_event_received: null check the allocation (bsc#1051510). - staging: comedi: dt3000: Fix rounding up of timer divisor (bsc#1051510). - staging: comedi: dt3000: Fix signed integer overflow 'divider * base' (bsc#1051510). - supported.conf: Add missing modules (bsc#1066369). - supported.conf: Add missing modules (bsc#1066369). - supported.conf: Add raspberrypi-cpufreq (jsc#SLE-7294). - supported.conf: Remove duplicate drivers/ata/libahci_platform - supported.conf: Sort alphabetically, align comments. - supported.conf: Sort alphabetically, align comments. - tcp: Reset bytes_acked and bytes_received when disconnecting (networking-stable-19_07_25). - test_firmware: fix a memory leak bug (bsc#1051510). - tipc: change to use register_pernet_device (networking-stable-19_07_02). - tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete (bsc#1082555). - tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations (bsc#1082555). - tpm: Fix off-by-one when reading binary_bios_measurements (bsc#1082555). - tpm: Unify the send callback behaviour (bsc#1082555). - tpm: vtpm_proxy: Suppress error logging when in closed state (bsc#1082555). - tracing: Fix header include guards in trace event headers (bsc#1144474). - treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 231 (bsc#1144333). - tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop (bsc#1051510). - tty/serial: digicolor: Fix digicolor-usart already registered warning (bsc#1051510). - tty: max310x: Fix invalid baudrate divisors calculator (bsc#1051510). - tty: serial: msm_serial: avoid system lockup condition (bsc#1051510). - tua6100: Avoid build warnings (bsc#1051510). - tun: wake up waitqueues after IFF_UP is set (networking-stable-19_07_02). - udf: Fix incorrect final NOT_ALLOCATED (hole) extent length (bsc#1148617). - update internal version number for cifs.ko (bsc#1144333). - usb-storage: Add new JMS567 revision to unusual_devs (bsc#1051510). - usb: CDC: fix sanity checks in CDC union parser (bsc#1142635). - usb: Handle USB3 remote wakeup for LPM enabled devices correctly (bsc#1051510). - usb: cdc-acm: make sure a refcount is taken early enough (bsc#1142635). - usb: cdc-wdm: fix race between write and disconnect due to flag abuse (bsc#1051510). - usb: chipidea: udc: do not do hardware access if gadget has stopped (bsc#1051510). - usb: core: Fix races in character device registration and deregistraion (bsc#1051510). - usb: core: hub: Disable hub-initiated U1/U2 (bsc#1051510). - usb: gadget: composite: Clear 'suspended' on reset/disconnect (bsc#1051510). - usb: gadget: udc: renesas_usb3: Fix sysfs interface of 'role' (bsc#1142635). - usb: host: fotg2: restart hcd after port reset (bsc#1051510). - usb: host: ohci: fix a race condition between shutdown and irq (bsc#1051510). - usb: host: xhci-rcar: Fix timeout in xhci_suspend() (bsc#1051510). - usb: host: xhci: rcar: Fix typo in compatible string matching (bsc#1051510). - usb: iowarrior: fix deadlock on disconnect (bsc#1051510). - usb: serial: option: Add Motorola modem UARTs (bsc#1051510). - usb: serial: option: Add support for ZTE MF871A (bsc#1051510). - usb: serial: option: add D-Link DWM-222 device ID (bsc#1051510). - usb: serial: option: add the BroadMobi BM818 card (bsc#1051510). - usb: storage: ums-realtek: Update module parameter description for auto_delink_en (bsc#1051510). - usb: storage: ums-realtek: Whitelist auto-delink support (bsc#1051510). - usb: usbfs: fix double-free of usb memory upon submiturb error (bsc#1051510). - usb: wusbcore: fix unbalanced get/put cluster_id (bsc#1051510). - usb: yurex: Fix use-after-free in yurex_delete (bsc#1051510). - vfs: fix page locking deadlocks when deduping files (bsc#1148619). - vmci: Release resource if the work is already queued (bsc#1051510). - vrf: make sure skb->data contains ip header to make routing (networking-stable-19_07_25). - watchdog: bcm2835_wdt: Fix module autoload (bsc#1051510). - watchdog: core: fix null pointer dereference when releasing cdev (bsc#1051510). - watchdog: f71808e_wdt: fix F81866 bit operation (bsc#1051510). - watchdog: fix compile time error of pretimeout governors (bsc#1051510). - wimax/i2400m: fix a memory leak bug (bsc#1051510). - x86/boot: Fix memory leak in default_get_smp_config() (bsc#1114279). - x86/entry/64/compat: Fix stack switching for XEN PV (bsc#1108382). - x86/microcode: Fix the microcode load on CPU hotplug for real (bsc#1114279). - x86/mm: Check for pfn instead of page in vmalloc_sync_one() (bsc#1118689). - x86/mm: Sync also unmappings in vmalloc_sync_all() (bsc#1118689). - x86/speculation/mds: Apply more accurate check on hypervisor platform (bsc#1114279). - x86/speculation: Allow guests to use SSBD even if host does not (bsc#1114279). - x86/unwind: Add hardcoded ORC entry for NULL (bsc#1114279). - x86/unwind: Handle NULL pointer calls better in frame unwinder (bsc#1114279). - xen/swiotlb: fix condition for calling xen_destroy_contiguous_region() (bsc#1065600). - xfrm: Fix NULL pointer dereference in xfrm_input when skb_dst_force clears the dst_entry (bsc#1143300). - xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry (bsc#1143300). - xfrm: Fix bucket count reported to userspace (bsc#1143300). - xfrm: Fix error return code in xfrm_output_one() (bsc#1143300). - xfs: do not crash on null attr fork xfs_bmapi_read (bsc#1148035). - xfs: do not trip over uninitialized buffer on extent read of corrupted inode (bsc#1149053). - xfs: dump transaction usage details on log reservation overrun (bsc#1145235). - xfs: eliminate duplicate icreate tx reservation functions (bsc#1145235). - xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT (bsc#1148032). - xfs: fix semicolon.cocci warnings (bsc#1145235). - xfs: fix up agi unlinked list reservations (bsc#1145235). - xfs: include an allocfree res for inobt modifications (bsc#1145235). - xfs: include inobt buffers in ifree tx log reservation (bsc#1145235). - xfs: print transaction log reservation on overrun (bsc#1145235). - xfs: refactor inode chunk alloc/free tx reservation (bsc#1145235). - xfs: refactor xlog_cil_insert_items() to facilitate transaction dump (bsc#1145235). - xfs: remove more ondisk directory corruption asserts (bsc#1148034). - xfs: separate shutdown from ticket reservation print helper (bsc#1145235). - xfs: truncate transaction does not modify the inobt (bsc#1145235). Important SUSE bug 1047238 SUSE bug 1050911 SUSE bug 1051510 SUSE bug 1054914 SUSE bug 1055117 SUSE bug 1056686 SUSE bug 1060662 SUSE bug 1061840 SUSE bug 1061843 SUSE bug 1064597 SUSE bug 1064701 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1066369 SUSE bug 1071009 SUSE bug 1071306 SUSE bug 1078248 SUSE bug 1082555 SUSE bug 1085030 SUSE bug 1085536 SUSE bug 1085539 SUSE bug 1086103 SUSE bug 1087092 SUSE bug 1090734 SUSE bug 1091171 SUSE bug 1093205 SUSE bug 1102097 SUSE bug 1104902 SUSE bug 1106061 SUSE bug 1106284 SUSE bug 1106434 SUSE bug 1108382 SUSE bug 1112178 SUSE bug 1112894 SUSE bug 1112899 SUSE bug 1112902 SUSE bug 1112903 SUSE bug 1112905 SUSE bug 1112906 SUSE bug 1112907 SUSE bug 1113722 SUSE bug 1114279 SUSE bug 1114542 SUSE bug 1118689 SUSE bug 1119086 SUSE bug 1120876 SUSE bug 1120902 SUSE bug 1120937 SUSE bug 1123105 SUSE bug 1123959 SUSE bug 1124370 SUSE bug 1129424 SUSE bug 1129519 SUSE bug 1129664 SUSE bug 1131107 SUSE bug 1131281 SUSE bug 1131565 SUSE bug 1133021 SUSE bug 1134291 SUSE bug 1134881 SUSE bug 1134882 SUSE bug 1135219 SUSE bug 1135642 SUSE bug 1135897 SUSE bug 1136261 SUSE bug 1137069 SUSE bug 1137884 SUSE bug 1138539 SUSE bug 1139020 SUSE bug 1139021 SUSE bug 1139101 SUSE bug 1139500 SUSE bug 1140012 SUSE bug 1140426 SUSE bug 1140487 SUSE bug 1141013 SUSE bug 1141450 SUSE bug 1141543 SUSE bug 1141554 SUSE bug 1142019 SUSE bug 1142076 SUSE bug 1142109 SUSE bug 1142117 SUSE bug 1142118 SUSE bug 1142119 SUSE bug 1142496 SUSE bug 1142541 SUSE bug 1142635 SUSE bug 1142685 SUSE bug 1142701 SUSE bug 1142857 SUSE bug 1143300 SUSE bug 1143466 SUSE bug 1143765 SUSE bug 1143841 SUSE bug 1143843 SUSE bug 1144123 SUSE bug 1144333 SUSE bug 1144474 SUSE bug 1144518 SUSE bug 1144718 SUSE bug 1144813 SUSE bug 1144880 SUSE bug 1144886 SUSE bug 1144912 SUSE bug 1144920 SUSE bug 1144979 SUSE bug 1145010 SUSE bug 1145024 SUSE bug 1145051 SUSE bug 1145059 SUSE bug 1145189 SUSE bug 1145235 SUSE bug 1145300 SUSE bug 1145302 SUSE bug 1145388 SUSE bug 1145389 SUSE bug 1145390 SUSE bug 1145391 SUSE bug 1145392 SUSE bug 1145393 SUSE bug 1145394 SUSE bug 1145395 SUSE bug 1145396 SUSE bug 1145397 SUSE bug 1145408 SUSE bug 1145409 SUSE bug 1145661 SUSE bug 1145678 SUSE bug 1145687 SUSE bug 1145920 SUSE bug 1145922 SUSE bug 1145934 SUSE bug 1145937 SUSE bug 1145940 SUSE bug 1145941 SUSE bug 1145942 SUSE bug 1146074 SUSE bug 1146084 SUSE bug 1146163 SUSE bug 1146285 SUSE bug 1146346 SUSE bug 1146351 SUSE bug 1146352 SUSE bug 1146361 SUSE bug 1146368 SUSE bug 1146376 SUSE bug 1146378 SUSE bug 1146381 SUSE bug 1146391 SUSE bug 1146399 SUSE bug 1146413 SUSE bug 1146425 SUSE bug 1146516 SUSE bug 1146519 SUSE bug 1146524 SUSE bug 1146526 SUSE bug 1146529 SUSE bug 1146531 SUSE bug 1146543 SUSE bug 1146547 SUSE bug 1146550 SUSE bug 1146575 SUSE bug 1146589 SUSE bug 1146678 SUSE bug 1146938 SUSE bug 1148031 SUSE bug 1148032 SUSE bug 1148033 SUSE bug 1148034 SUSE bug 1148035 SUSE bug 1148093 SUSE bug 1148133 SUSE bug 1148192 SUSE bug 1148196 SUSE bug 1148198 SUSE bug 1148202 SUSE bug 1148303 SUSE bug 1148363 SUSE bug 1148379 SUSE bug 1148394 SUSE bug 1148527 SUSE bug 1148574 SUSE bug 1148616 SUSE bug 1148617 SUSE bug 1148619 SUSE bug 1148698 SUSE bug 1148859 SUSE bug 1148868 SUSE bug 1149053 SUSE bug 1149083 SUSE bug 1149104 SUSE bug 1149105 SUSE bug 1149106 SUSE bug 1149197 SUSE bug 1149214 SUSE bug 1149224 SUSE bug 1149325 SUSE bug 1149376 SUSE bug 1149413 SUSE bug 1149418 SUSE bug 1149424 SUSE bug 1149522 SUSE bug 1149527 SUSE bug 1149539 SUSE bug 1149552 SUSE bug 1149591 SUSE bug 1149602 SUSE bug 1149612 SUSE bug 1149626 SUSE bug 1149652 SUSE bug 1149713 SUSE bug 1149940 SUSE bug 1149959 SUSE bug 1149963 SUSE bug 1149976 SUSE bug 1150025 SUSE bug 1150033 SUSE bug 1150112 SUSE bug 1150562 SUSE bug 1150727 SUSE bug 1150860 SUSE bug 1150861 SUSE bug 1150933 CVE-2017-18551 CVE-2018-20976 CVE-2018-21008 CVE-2019-10207 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14835 CVE-2019-15030 CVE-2019-15031 CVE-2019-15090 CVE-2019-15098 CVE-2019-15099 CVE-2019-15117 CVE-2019-15118 CVE-2019-15211 CVE-2019-15212 CVE-2019-15214 CVE-2019-15215 CVE-2019-15216 CVE-2019-15217 CVE-2019-15218 CVE-2019-15219 CVE-2019-15220 CVE-2019-15221 CVE-2019-15222 CVE-2019-15239 CVE-2019-15290 CVE-2019-15292 CVE-2019-15538 CVE-2019-15666 CVE-2019-15902 CVE-2019-15917 CVE-2019-15919 CVE-2019-15920 CVE-2019-15921 CVE-2019-15924 CVE-2019-15926 CVE-2019-15927 CVE-2019-9456 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-18595: A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (bnc#1149555). - CVE-2019-14821: An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350). - CVE-2019-15291: There was a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver (bnc#1146540). - CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permitted sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation. This allowed practical brute-force attacks (aka 'KNOB') that could decrypt traffic and injected arbitrary ciphertext without the victim noticing (bnc#1137865 bnc#1146042). - CVE-2019-16232: Fixed a NULL pointer dereference in drivers/net/wireless/marvell/libertas/if_sdio.c, which did not check the alloc_workqueue return value (bnc#1150465). - CVE-2019-16234: Fixed a NULL pointer dereference in drivers/net/wireless/intel/iwlwifi/pcie/trans.c, which did not check the alloc_workqueue return value (bnc#1150452). - CVE-2019-17056: Added enforcement of CAP_NET_RAW in llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module, the lack of which allowed unprivileged users to create a raw socket, aka CID-3a359798b176 (bnc#1152788). - CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158). - CVE-2019-17666: Added an upper-bound check in rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c, the lack of which could have led to a buffer overflow (bnc#1154372). The following non-security bugs were fixed: - 9p: avoid attaching writeback_fid on mmap with type PRIVATE (bsc#1051510). - ACPI / CPPC: do not require the _PSD method (bsc#1051510). - ACPI: CPPC: Set pcc_data[pcc_ss_id] to NULL in acpi_cppc_processor_exit() (bsc#1051510). - ACPI: custom_method: fix memory leaks (bsc#1051510). - ACPI / PCI: fix acpi_pci_irq_enable() memory leak (bsc#1051510). - ACPI / processor: do not print errors for processorIDs == 0xff (bsc#1051510). - ACPI / property: Fix acpi_graph_get_remote_endpoint() name in kerneldoc (bsc#1051510). - act_mirred: Fix mirred_init_module error handling (bsc#1051510). - Add kernel module compression support (bsc#1135854) For enabling the kernel module compress, add the item COMPRESS_MODULES='xz' in config.sh, then mkspec will pass it to the spec file. - alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP (bsc#1151680). - ALSA: aoa: onyx: always initialize register read value (bsc#1051510). - ALSA: firewire-tascam: check intermediate state of clock status and retry (bsc#1051510). - ALSA: firewire-tascam: handle error code when getting current source of clock (bsc#1051510). - ALSA: hda - Add laptop imic fixup for ASUS M9V laptop (bsc#1051510). - ALSA: hda: Add support of Zhaoxin controller (bsc#1051510). - ALSA: hda - Apply AMD controller workaround for Raven platform (bsc#1051510). - ALSA: hda - Define a fallback_pin_fixup_tbl for alc269 family (bsc#1051510). - ALSA: hda - Drop unsol event handler for Intel HDMI codecs (bsc#1051510). - ALSA: hda - Expand pin_match function to match upcoming new tbls (bsc#1051510). - ALSA: hda: Flush interrupts on disabling (bsc#1051510). - ALSA: hda/hdmi: remove redundant assignment to variable pcm_idx (bsc#1051510). - ALSA: hda - Inform too slow responses (bsc#1051510). - ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93 (bsc#1051510). - ALSA: hda/realtek - Check beep whitelist before assigning in all codecs (bsc#1051510). - ALSA: hda/realtek - Fix alienware headset mic (bsc#1051510). - ALSA: hda/realtek: Reduce the Headphone static noise on XPS 9350/9360 (bsc#1051510). - ALSA: hda: Set fifo_size for both playback and capture streams (bsc#1051510). - ALSA: hda - Show the fatal CORB/RIRB error more clearly (bsc#1051510). - ALSA: hda/sigmatel - remove unused variable 'stac9200_core_init' (bsc#1051510). - ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls() (bsc#1051510). - ALSA: line6: sizeof (byte) is always 1, use that fact (bsc#1051510). - ALSA: usb-audio: Add Pioneer DDJ-SX3 PCM quirck (bsc#1051510). - ALSA: usb-audio: Disable quirks for BOSS Katana amplifiers (bsc#1051510). - ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid (bsc#1051510). - appletalk: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - ASoC: Define a set of DAPM pre/post-up events (bsc#1051510). - ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set (bsc#1051510). - ASoC: es8328: Fix copy-paste error in es8328_right_line_controls (bsc#1051510). - ASoC: Intel: Baytrail: Fix implicit fallthrough warning (bsc#1051510). - ASoC: Intel: Fix use of potentially uninitialized variable (bsc#1051510). - ASoC: Intel: NHLT: Fix debug print format (bsc#1051510). - ASoC: sgtl5000: Fix charge pump source assignment (bsc#1051510). - ASoC: sun4i-i2s: RX and TX counter registers are swapped (bsc#1051510). - ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls (bsc#1051510). - ASoC: wm8988: fix typo in wm8988_right_line_controls (bsc#1051510). - ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init (bsc#1051510). - atm: iphase: Fix Spectre v1 vulnerability (networking-stable-19_08_08). - auxdisplay: panel: need to delete scan_timer when misc_register fails in panel_attach (bsc#1051510). - ax25: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA (bsc#1051510). - blk-flush: do not run queue for requests bypassing flush (bsc#1137959). - blk-flush: use blk_mq_request_bypass_insert() (bsc#1137959). - blk-mq: do not allocate driver tag upfront for flush rq (bsc#1137959). - blk-mq: Fix memory leak in blk_mq_init_allocated_queue error handling (bsc#1151610). - blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue (bsc#1137959). - blk-mq: kABI fixes for blk-mq.h (bsc#1137959). - blk-mq: move blk_mq_put_driver_tag*() into blk-mq.h (bsc#1137959). - blk-mq: punt failed direct issue to dispatch list (bsc#1137959). - blk-mq: put the driver tag of nxt rq before first one is requeued (bsc#1137959). - blk-mq-sched: decide how to handle flush rq via RQF_FLUSH_SEQ (bsc#1137959). - blk-wbt: abstract out end IO completion handler (bsc#1135873). - blk-wbt: fix has-sleeper queueing check (bsc#1135873). - blk-wbt: improve waking of tasks (bsc#1135873). - blk-wbt: move disable check into get_limit() (bsc#1135873). - blk-wbt: use wq_has_sleeper() for wq active check (bsc#1135873). - block: add io timeout to sysfs (bsc#1148410). - block: do not show io_timeout if driver has no timeout handler (bsc#1148410). - block: fix timeout changes for legacy request drivers (bsc#1149446). - block: kABI fixes for BLK_EH_DONE renaming (bsc#1142076). - block: rename BLK_EH_NOT_HANDLED to BLK_EH_DONE (bsc#1142076). - Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices (bsc#1051510). - bnx2x: Disable multi-cos feature (networking-stable-19_08_08). - bnx2x: Fix VF's VLAN reconfiguration in reload (bsc#1086323 ). - bonding: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - bridge/mdb: remove wrong use of NLM_F_MULTI (networking-stable-19_09_15). - btrfs: bail out gracefully rather than BUG_ON (bsc#1153646). - btrfs: check for the full sync flag while holding the inode lock during fsync (bsc#1153713). - btrfs: Ensure btrfs_init_dev_replace_tgtdev sees up to date values (bsc#1154651). - btrfs: Ensure replaced device does not have pending chunk allocation (bsc#1154607). - btrfs: fix use-after-free when using the tree modification log (bsc#1151891). - btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls (bsc#1152975). - btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space (bsc#1152974). - btrfs: relocation: fix use-after-free on dead relocation roots (bsc#1152972). - btrfs: remove wrong use of volume_mutex from btrfs_dev_replace_start (bsc#1154651). - can: mcp251x: mcp251x_hw_reset(): allow more time after a reset (bsc#1051510). - can: xilinx_can: xcan_probe(): skip error message on deferred probe (bsc#1051510). - cdc_ether: fix rndis support for Mediatek based smartphones (networking-stable-19_09_15). - cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize (bsc#1051510). - ceph: fix directories inode i_blkbits initialization (bsc#1153717). - ceph: reconnect connection if session hang in opening state (bsc#1153718). - ceph: update the mtime when truncating up (bsc#1153719). - ceph: use ceph_evict_inode to cleanup inode's resource (bsc#1148133). - cfg80211: add and use strongly typed element iteration macros (bsc#1051510). - cfg80211: Purge frame registrations on iftype change (bsc#1051510). - clk: at91: fix update bit maps on CFG_MOR write (bsc#1051510). - clk: at91: select parent if main oscillator or bypass is enabled (bsc#1051510). - clk: qoriq: Fix -Wunused-const-variable (bsc#1051510). - clk: sirf: Do not reference clk_init_data after registration (bsc#1051510). - clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks (bsc#1051510). - clk: sunxi-ng: v3s: add the missing PLL_DDR1 (bsc#1051510). - clk: zx296718: Do not reference clk_init_data after registration (bsc#1051510). - crypto: caam - fix concurrency issue in givencrypt descriptor (bsc#1051510). - crypto: caam - free resources in case caam_rng registration failed (bsc#1051510). - crypto: cavium/zip - Add missing single_release() (bsc#1051510). - crypto: ccp - Reduce maximum stack usage (bsc#1051510). - crypto: qat - Silence smp_processor_id() warning (bsc#1051510). - crypto: skcipher - Unmap pages after an external error (bsc#1051510). - crypto: talitos - fix missing break in switch statement (bsc#1142635). - cxgb4: fix endianness for vlan value in cxgb4_tc_flower (bsc#1064802 bsc#1066129). - cxgb4: offload VLAN flows regardless of VLAN ethtype (bsc#1064802 bsc#1066129). - cxgb4: reduce kernel stack usage in cudbg_collect_mem_region() (bsc#1073513). - cxgb4: Signedness bug in init_one() (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: smt: Add lock for atomic_dec_and_test (bsc#1064802 bsc#1066129). - dasd_fba: Display '00000000' for zero page when dumping sense (bsc#1123080). - /dev/mem: Bail out upon SIGKILL (git-fixes). - dmaengine: dw: platform: Switch to acpi_dma_controller_register() (bsc#1051510). - dmaengine: iop-adma.c: fix printk format warning (bsc#1051510). - drivers: thermal: int340x_thermal: Fix sysfs race condition (bsc#1051510). - drm/amdgpu: Check for valid number of registers to read (bsc#1051510). - drm/amdgpu/si: fix ASIC tests (git-fixes). - drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2) (bsc#1051510). - drm/ast: Fixed reboot test may cause system hanged (bsc#1051510). - drm/bridge: tc358767: Increase AUX transfer length limit (bsc#1051510). - drm: Flush output polling on shutdown (bsc#1051510). - drm/i915: Fix various tracepoints for gen2 (bsc#1113722) - drm/imx: Drop unused imx-ipuv3-crtc.o build (bsc#1113722) - drm/msm/dsi: Implement reset correctly (bsc#1051510). - drm/panel: simple: fix AUO g185han01 horizontal blanking (bsc#1051510). - drm/radeon: Fix EEH during kexec (bsc#1051510). - drm/tilcdc: Register cpufreq notifier after we have initialized crtc (bsc#1051510). - drm/vmwgfx: Fix double free in vmw_recv_msg() (bsc#1051510). - Drop multiversion(kernel) from the KMP template (bsc#1127155). - e1000e: add workaround for possible stalled packet (bsc#1051510). - EDAC/amd64: Decode syndrome before translating address (bsc#1114279). - eeprom: at24: make spd world-readable again (git-fixes). - ext4: fix warning inside ext4_convert_unwritten_extents_endio (bsc#1152025). - ext4: set error return correctly when ext4_htree_store_dirent fails (bsc#1152024). - firmware: dmi: Fix unlikely out-of-bounds read in save_mem_devices (git-fixes). - Fix AMD IOMMU kABI (bsc#1154610). - Fix kabi for: NFSv4: Fix OPEN / CLOSE race (git-fixes). - Fix KVM kABI after x86 mmu backports (bsc#1117665). - gpio: fix line flag validation in lineevent_create (bsc#1051510). - gpio: fix line flag validation in linehandle_create (bsc#1051510). - gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist (bsc#1051510). - gpiolib: only check line handle flags once (bsc#1051510). - gpio: Move gpiochip_lock/unlock_as_irq to gpio/driver.h (bsc#1051510). - gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property() (bsc#1051510). - HID: apple: Fix stuck function keys when using FN (bsc#1051510). - HID: hidraw: Fix invalid read in hidraw_ioctl (bsc#1051510). - HID: logitech: Fix general protection fault caused by Logitech driver (bsc#1051510). - HID: prodikeys: Fix general protection fault during probe (bsc#1051510). - HID: sony: Fix memory corruption issue on cleanup (bsc#1051510). - hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap' (bsc#1051510). - hwmon: (lm75) Fix write operations for negative temperatures (bsc#1051510). - hwmon: (shtc1) fix shtc1 and shtw1 id mask (bsc#1051510). - hwrng: core - do not wait on add_early_randomness() (git-fixes). - i2c: riic: Clear NACK in tend isr (bsc#1051510). - IB/core, ipoib: Do not overreact to SM LID change event (bsc#1154108) - IB/hfi1: Remove overly conservative VM_EXEC flag check (bsc#1144449). - IB/mlx5: Consolidate use_umr checks into single function (bsc#1093205). - IB/mlx5: Fix MR re-registration flow to use UMR properly (bsc#1093205). - IB/mlx5: Report correctly tag matching rendezvous capability (bsc#1046305). - ieee802154: atusb: fix use-after-free at disconnect (bsc#1051510). - ieee802154: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - ife: error out when nla attributes are empty (networking-stable-19_08_08). - iio: adc: ad799x: fix probe error handling (bsc#1051510). - iio: dac: ad5380: fix incorrect assignment to val (bsc#1051510). - iio: light: opt3001: fix mutex unlock race (bsc#1051510). - ima: always return negative code for error (bsc#1051510). - Input: da9063 - fix capability and drop KEY_SLEEP (bsc#1051510). - Input: elan_i2c - remove Lenovo Legion Y7000 PnpID (bsc#1051510). - iommu/amd: Apply the same IVRS IOAPIC workaround to Acer Aspire A315-41 (bsc#1137799). - iommu/amd: Check PM_LEVEL_SIZE() condition in locked section (bsc#1154608). - iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge systems (bsc#1137799). - iommu/amd: Remove domain->updated (bsc#1154610). - iommu/amd: Wait for completion of IOTLB flush in attach_device (bsc#1154611). - iommu/dma: Fix for dereferencing before null checking (bsc#1151667). - iommu/iova: Avoid false sharing on fq_timer_on (bsc#1151671). - ip6_tunnel: fix possible use-after-free on xmit (networking-stable-19_08_08). - ipmi_si: Only schedule continuously in the thread in maintenance mode (bsc#1051510). - ipv6/addrconf: allow adding multicast addr if IFA_F_MCAUTOJOIN is set (networking-stable-19_08_28). - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()' (networking-stable-19_09_15). - isdn/capi: check message length in capi_write() (bsc#1051510). - ixgbe: Prevent u8 wrapping of ITR value to something less than 10us (bsc#1101674). - ixgbe: sync the first fragment unconditionally (bsc#1133140). - kABI: media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). fixes kABI - kABI: media: em28xx: stop rewriting device's struct (bsc#1051510). fixes kABI - kABI: net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05). - kABI/severities: Whitelist functions internal to radix mm. To call these functions you have to first detect if you are running in radix mm mode which can't be expected of OOT code. - kABI workaround for snd_hda_pick_pin_fixup() changes (bsc#1051510). - kernel-subpackage-build: create zero size ghost for uncompressed vmlinux (bsc#1154354). It is not strictly necessary to uncompress it so maybe the ghost file can be 0 size in this case. - kernel/sysctl.c: do not override max_threads provided by userspace (bnc#1150875). - KVM: Convert kvm_lock to a mutex (bsc#1117665). - KVM: MMU: drop vcpu param in gpte_access (bsc#1117665). - KVM: PPC: Book3S: Fix incorrect guest-to-user-translation error handling (bsc#1061840). - KVM: PPC: Book3S HV: Check for MMU ready on piggybacked virtual cores (bsc#1061840). - KVM: PPC: Book3S HV: Do not lose pending doorbell request on migration on P9 (bsc#1061840). - KVM: PPC: Book3S HV: Do not push XIVE context when not using XIVE device (bsc#1061840). - KVM: PPC: Book3S HV: Fix lockdep warning when entering the guest (bsc#1061840). - KVM: PPC: Book3S HV: Fix race in re-enabling XIVE escalation interrupts (bsc#1061840). - KVM: PPC: Book3S HV: Handle virtual mode in XIVE VCPU push code (bsc#1061840). - KVM: PPC: Book3S HV: use smp_mb() when setting/clearing host_ipi flag (bsc#1061840). - KVM: PPC: Book3S HV: XIVE: Free escalation interrupts before disabling the VP (bsc#1061840). - KVM: x86: add tracepoints around __direct_map and FNAME(fetch) (bsc#1117665). - KVM: x86: adjust kvm_mmu_page member to save 8 bytes (bsc#1117665). - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (bsc#1117665). - KVM: x86: Do not release the page inside mmu_set_spte() (bsc#1117665). - KVM: x86: make FNAME(fetch) and __direct_map more similar (bsc#1117665). - KVM: x86, powerpc: do not allow clearing largepages debugfs entry (bsc#1117665). - KVM: x86: remove now unneeded hugepage gfn adjustment (bsc#1117665). - leds: leds-lp5562 allow firmware files up to the maximum length (bsc#1051510). - leds: trigger: gpio: GPIO 0 is valid (bsc#1051510). - libertas: Add missing sentinel at end of if_usb.c fw_table (bsc#1051510). - libertas_tf: Use correct channel range in lbtf_geo_init (bsc#1051510). - libiscsi: do not try to bypass SCSI EH (bsc#1142076). - lib/mpi: Fix karactx leak in mpi_powm (bsc#1051510). - livepatch: Nullify obj->mod in klp_module_coming()'s error path (bsc#1071995). - mac80211: accept deauth frames in IBSS mode (bsc#1051510). - mac80211: minstrel_ht: fix per-group max throughput rate initialization (bsc#1051510). - macsec: drop skb sk before calling gro_cells_receive (bsc#1051510). - md: do not report active array_state until after revalidate_disk() completes (git-fixes). - md: only call set_in_sync() when it is expected to succeed (git-fixes). - md/raid6: Set R5_ReadError when there is read failure on parity disk (git-fixes). - media: atmel: atmel-isc: fix asd memory allocation (bsc#1135642). - media: atmel: atmel-isi: fix timeout value for stop streaming (bsc#1051510). - media: cpia2_usb: fix memory leaks (bsc#1051510). - media: dib0700: fix link error for dibx000_i2c_set_speed (bsc#1051510). - media: dvb-core: fix a memory leak bug (bsc#1051510). - media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). - media: em28xx: stop rewriting device's struct (bsc#1051510). - media: exynos4-is: fix leaked of_node references (bsc#1051510). - media: fdp1: Reduce FCP not found message level to debug (bsc#1051510). - media: gspca: zero usb_buf on error (bsc#1051510). - media: hdpvr: Add device num check and handling (bsc#1051510). - media: hdpvr: add terminating 0 at end of string (bsc#1051510). - media: i2c: ov5645: Fix power sequence (bsc#1051510). - media: iguanair: add sanity checks (bsc#1051510). - media: marvell-ccic: do not generate EOF on parallel bus (bsc#1051510). - media: mc-device.c: do not memset __user pointer contents (bsc#1051510). - media: omap3isp: Do not set streaming state on random subdevs (bsc#1051510). - media: omap3isp: Set device on omap3isp subdevs (bsc#1051510). - media: ov6650: Fix sensor possibly not detected on probe (bsc#1051510). - media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper (bsc#1051510). - media: ov9650: add a sanity check (bsc#1051510). - media: radio/si470x: kill urb on error (bsc#1051510). - media: replace strcpy() by strscpy() (bsc#1051510). - media: Revert '[media] marvell-ccic: reset ccic phy when stop streaming for stability' (bsc#1051510). - media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate() (bsc#1051510). - media: saa7146: add cleanup in hexium_attach() (bsc#1051510). - media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table (bsc#1051510). - media: stkwebcam: fix runtime PM after driver unbind (bsc#1051510). - media: technisat-usb2: break out of loop at end of buffer (bsc#1051510). - media: tm6000: double free if usb disconnect while streaming (bsc#1051510). - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() (bsc#1051510). - media: vb2: Fix videobuf2 to map correct area (bsc#1051510). - memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()' (bsc#1051510). - mfd: intel-lpss: Remove D3cold delay (bsc#1051510). - mic: avoid statically declaring a 'struct device' (bsc#1051510). - mISDN: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - mld: fix memory leak in mld_del_delrec() (networking-stable-19_09_05). - mmc: sdhci: Fix incorrect switch to HS mode (bsc#1051510). - mmc: sdhci: improve ADMA error reporting (bsc#1051510). - mmc: sdhci-msm: fix mutex while in spinlock (bsc#1142635). - mmc: sdhci-of-arasan: Do now show error message in case of deffered probe (bsc#1119086). - mmc: sdhci-of-esdhc: set DMA snooping based on DMA coherence (bsc#1051510). - mtd: spi-nor: Fix Cadence QSPI RCU Schedule Stall (bsc#1051510). - mvpp2: refactor MTU change code (networking-stable-19_08_08). - net: bridge: delete local fdb on device init failure (networking-stable-19_08_08). - net: bridge: mcast: do not delete permanent entries when fast leave is enabled (networking-stable-19_08_08). - net: fix ifindex collision during namespace removal (networking-stable-19_08_08). - net: Fix null de-reference of device refcount (networking-stable-19_09_15). - net: fix skb use after free in netpoll (networking-stable-19_09_05). - net: gso: Fix skb_segment splat when splitting gso_size mangled skb having linear-headed frag_list (networking-stable-19_09_15). - net/ibmvnic: Fix EOI when running in XIVE mode (bsc#1089644, ltc#166495, ltc#165544, git-fixes). - net/ibmvnic: prevent more than one thread from running in reset (bsc#1152457 ltc#174432). - net/ibmvnic: unlock rtnl_lock in reset so linkwatch_event can run (bsc#1152457 ltc#174432). - net/mlx4_en: fix a memory leak bug (bsc#1046299). - net/mlx5: Add device ID of upcoming BlueField-2 (bsc#1046303 ). - net/mlx5e: Only support tx/rx pause setting for port owner (networking-stable-19_08_21). - net/mlx5e: Prevent encap flow counter update async to user query (networking-stable-19_08_08). - net/mlx5e: Use flow keys dissector to parse packets for ARFS (networking-stable-19_08_21). - net/mlx5: Fix error handling in mlx5_load() (bsc#1046305 ). - net/mlx5: Use reversed order when unregister devices (networking-stable-19_08_08). - net/packet: fix race in tpacket_snd() (networking-stable-19_08_21). - net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05). - net: sched: Fix a possible null-pointer dereference in dequeue_func() (networking-stable-19_08_08). - net/smc: make sure EPOLLOUT is raised (networking-stable-19_08_28). - net: stmmac: dwmac-rk: Do not fail if phy regulator is absent (networking-stable-19_09_05). - nfc: fix attrs checks in netlink interface (bsc#1051510). - nfc: fix memory leak in llcp_sock_bind() (bsc#1051510). - nfc: pn533: fix use-after-free and memleaks (bsc#1051510). - NFS4: Fix v4.0 client state corruption when mount (git-fixes). - nfsd: degraded slot-count more gracefully as allocation nears exhaustion (bsc#1150381). - nfsd: Do not release the callback slot unless it was actually held (git-fixes). - nfsd: Fix overflow causing non-working mounts on 1 TB machines (bsc#1150381). - nfsd: fix performance-limiting session calculation (bsc#1150381). - nfsd: give out fewer session slots as limit approaches (bsc#1150381). - nfsd: handle drc over-allocation gracefully (bsc#1150381). - nfsd: increase DRC cache limit (bsc#1150381). - NFS: Do not interrupt file writeout due to fatal errors (git-fixes). - NFS: Do not open code clearing of delegation state (git-fixes). - NFS: Ensure O_DIRECT reports an error if the bytes read/written is 0 (git-fixes). - NFS: Fix regression whereby fscache errors are appearing on 'nofsc' mounts (git-fixes). - NFS: Forbid setting AF_INET6 to 'struct sockaddr_in'->sin_family (git-fixes). - NFS: Refactor nfs_lookup_revalidate() (git-fixes). - NFS: Remove redundant semicolon (git-fixes). - NFSv4.1: Again fix a race where CB_NOTIFY_LOCK fails to wake a waiter (git-fixes). - NFSv4.1: Fix open stateid recovery (git-fixes). - NFSv4.1: Only reap expired delegations (git-fixes). - NFSv4: Check the return value of update_open_stateid() (git-fixes). - NFSv4: Fix an Oops in nfs4_do_setattr (git-fixes). - NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim() (git-fixes). - NFSv4: Fix delegation state recovery (git-fixes). - NFSv4: Fix lookup revalidate of regular files (git-fixes). - NFSv4: Fix OPEN / CLOSE race (git-fixes). - NFSv4: Handle the special Linux file open access mode (git-fixes). - NFSv4: Only pass the delegation to setattr if we're sending a truncate (git-fixes). - NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend() (git-fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - null_blk: complete requests from ->timeout (bsc#1149446). - null_blk: wire up timeouts (bsc#1149446). - nvme: fix multipath crash when ANA is deactivated (bsc#1149446). - nvmem: Use the same permissions for eeprom as for nvmem (git-fixes). - nvme-rdma: Allow DELETING state change failure in (bsc#1104967,). - nvme-rdma: centralize admin/io queue teardown sequence (bsc#1142076). - nvme-rdma: centralize controller setup sequence (bsc#1142076). - nvme-rdma: fix a NULL deref when an admin connect times out (bsc#1149446). - nvme-rdma: fix timeout handler (bsc#1149446). - nvme-rdma: stop admin queue before freeing it (bsc#1140155). - nvme-rdma: support up to 4 segments of inline data (bsc#1142076). - nvme-rdma: unquiesce queues when deleting the controller (bsc#1142076). - nvme: remove ns sibling before clearing path (bsc#1140155). - nvme: return BLK_EH_DONE from ->timeout (bsc#1142076). - objtool: Clobber user CFLAGS variable (bsc#1153236). - PCI: Correct pci=resource_alignment parameter example (bsc#1051510). - PCI: dra7xx: Fix legacy INTD IRQ handling (bsc#1087092). - PCI: hv: Detect and fix Hyper-V PCI domain number collision (bsc#1150423). - PCI: hv: Use bytes 4 and 5 from instance ID as the PCI domain numbers (bsc#1153263). - PCI: PM: Fix pci_power_up() (bsc#1051510). - phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current (bsc#1051510). - pinctrl: tegra: Fix write barrier placement in pmx_writel (bsc#1051510). - platform/x86: classmate-laptop: remove unused variable (bsc#1051510). - platform/x86: pmc_atom: Add Siemens SIMATIC IPC227E to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Add Siemens SIMATIC IPC277E to critclk_systems DMI table (bsc#1051510). - PM: sleep: Fix possible overflow in pm_system_cancel_wakeup() (bsc#1051510). - PNFS fallback to MDS if no deviceid found (git-fixes). - pNFS/flexfiles: Fix PTR_ERR() dereferences in ff_layout_track_ds_error (git-fixes). - pNFS/flexfiles: Turn off soft RPC calls (git-fixes). - powerpc/64: Make sys_switch_endian() traceable (bsc#1065729). - powerpc/64s/pseries: radix flush translations before MMU is enabled at boot (bsc#1055186). - powerpc/64s/radix: Fix MADV_[FREE|DONTNEED] TLB flush miss problem with THP (bsc#1152161 ltc#181664). - powerpc/64s/radix: Fix memory hotplug section page table creation (bsc#1065729). - powerpc/64s/radix: Fix memory hot-unplug page table split (bsc#1065729). - powerpc/64s/radix: Implement _tlbie(l)_va_range flush functions (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve preempt handling in TLB code (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve TLB flushing for page table freeing (bsc#1152161 ltc#181664). - powerpc/64s/radix: Introduce local single page ceiling for TLB range flush (bsc#1055117 bsc#1152161 ltc#181664). - powerpc/64s/radix: keep kernel ERAT over local process/guest invalidates (bsc#1055186). - powerpc/64s/radix: Optimize flush_tlb_range (bsc#1152161 ltc#181664). - powerpc/64s/radix: tidy up TLB flushing code (bsc#1055186). - powerpc/64s: Rename PPC_INVALIDATE_ERAT to PPC_ISA_3_0_INVALIDATE_ERAT (bsc#1055186). - powerpc/book3s64/mm: Do not do tlbie fixup for some hardware revisions (bsc#1152161 ltc#181664). - powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG feature flag (bsc#1152161 ltc#181664). - powerpc: bpf: Fix generation of load/store DW instructions (bsc#1065729). - powerpc/bpf: use unsigned division instruction for 64-bit operations (bsc#1065729). - powerpc: Drop page_is_ram() and walk_system_ram_range() (bsc#1065729). - powerpc/irq: Do not WARN continuously in arch_local_irq_restore() (bsc#1065729). - powerpc/irq: drop arch_early_irq_init() (bsc#1065729). - powerpc/mm/book3s64: Move book3s64 code to pgtable-book3s64 (bsc#1055186). - powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue on POWER9 (bsc#1152161 ltc#181664). - powerpc/mm: mark more tlb functions as __always_inline (bsc#1055186). - powerpc/mm: Properly invalidate when setting process table base (bsc#1055186). - powerpc/mm/radix: Drop unneeded NULL check (bsc#1152161 ltc#181664). - powerpc/mm/radix: implement LPID based TLB flushes to be used by KVM (bsc#1152161 ltc#181664). - powerpc/mm/radix: mark as __tlbie_pid() and friends as__always_inline (bsc#1055186). - powerpc/mm/radix: mark __radix__flush_tlb_range_psize() as __always_inline (bsc#1055186). - powerpc/mm: Simplify page_is_ram by using memblock_is_memory (bsc#1065729). - powerpc/mm: Use memblock API for PPC32 page_is_ram (bsc#1065729). - powerpc/module64: Fix comment in R_PPC64_ENTRY handling (bsc#1065729). - powerpc/powernv: Fix compile without CONFIG_TRACEPOINTS (bsc#1065729). - powerpc/powernv/ioda2: Allocate TCE table levels on demand for default DMA window (bsc#1061840). - powerpc/powernv/ioda: Fix race in TCE level allocation (bsc#1061840). - powerpc/powernv: move OPAL call wrapper tracing and interrupt handling to C (bsc#1065729). - powerpc/powernv/npu: Remove obsolete comment about TCE_KILL_INVAL_ALL (bsc#1065729). - powerpc/pseries: Call H_BLOCK_REMOVE when supported (bsc#1109158). - powerpc/pseries: Export maximum memory value (bsc#1122363). - powerpc/pseries: Export raw per-CPU VPA data via debugfs (). - powerpc/pseries: Fix cpu_hotplug_lock acquisition in resize_hpt() (bsc#1065729). - powerpc/pseries/memory-hotplug: Fix return value type of find_aa_index (bsc#1065729). - powerpc/pseries/mobility: use cond_resched when updating device tree (bsc#1153112 ltc#181778). - powerpc/pseries: Read TLB Block Invalidate Characteristics (bsc#1109158). - powerpc/pseries: Remove confusing warning message (bsc#1109158). - powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning (bsc#1148868). - powerpc/rtas: allow rescheduling while changing cpu states (bsc#1153112 ltc#181778). - powerpc/xive: Fix bogus error code returned by OPAL (bsc#1065729). - powerpc/xive: Implement get_irqchip_state method for XIVE to fix shutdown race (bsc#1065729). - powerpc/xmon: Fix opcode being uninitialized in print_insn_powerpc (bsc#1065729). - power: reset: gpio-restart: Fix typo when gpio reset is not found (bsc#1051510). - power: supply: Init device wakeup after device_add() (bsc#1051510). - power: supply: sysfs: ratelimit property read error message (bsc#1051510). - ppp: Fix memory leak in ppp_write (git-fixes). - printk: Do not lose last line in kmsg buffer dump (bsc#1152460). - printk: fix printk_time race (bsc#1152466). - printk/panic: Avoid deadlock in printk() after stopping CPUs by NMI (bsc#1148712). - qed: iWARP - Fix default window size to be based on chip (bsc#1050536 bsc#1050545). - qed: iWARP - Fix tc for MPA ll2 connection (bsc#1050536 bsc#1050545). - qed: iWARP - fix uninitialized callback (bsc#1050536 bsc#1050545). - qed: iWARP - Use READ_ONCE and smp_store_release to access ep->state (bsc#1050536 bsc#1050545). - qla2xxx: kABI fixes for v10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - qla2xxx: remove SGI SN2 support (bsc#1123034 bsc#1131304 bsc#1127988). - quota: fix wrong condition in is_quota_modification() (bsc#1152026). - r8152: Set memory to all 0xFFs on failed reg reads (bsc#1051510). - RDMA/bnxt_re: Fix spelling mistake 'missin_resp' -> 'missing_resp' (bsc#1050244). - RDMA: Fix goto target to release the allocated memory (bsc#1050244). - regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg (bsc#1051510). - Revert 'mwifiex: fix system hang problem after resume' (bsc#1051510). - Revert 'Revert 'rpm/kernel-binary.spec.in: rename kGraft to KLP ()'' This reverts commit 468af43c8fd8509820798b6d8ed363fc417ca939 Should get this rename again with next SLE15 merge. - rtlwifi: rtl8192cu: Fix value set in descriptor (bsc#1142635). - s390/crypto: fix gcm-aes-s390 selftest failures (bsc#1137861 LTC#178091). - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero (networking-stable-19_09_15). - scsi: lpfc: Fix null ptr oops updating lpfc_devloss_tmo via sysfs attribute (bsc#1140845). - scsi: lpfc: Fix propagation of devloss_tmo setting to nvme transport (bsc#1140883). - scsi: lpfc: Remove bg debugfs buffers (bsc#1144375). - scsi: qedf: fc_rport_priv reference counting fixes (bsc#1098291). - scsi: qedf: Modify abort and tmf handler to handle edge condition and flush (bsc#1098291). - scsi: qla2xxx: Add 28xx flash primary/secondary status/image mechanism (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add Device ID for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add First Burst support for FC-NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add fw_attr and port_no SysFS node (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add new FW dump template entry types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add pci function reset support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add protection mask module parameters (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add Serdes support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for multiple fwdump templates/segments (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for setting port speed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Allow NVMe IO to resume with short cable pull (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: allow session delete to finish before create (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid PCI IRQ affinity mapping when multiqueue is not supported (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: avoid printf format warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that Coverity complains about dereferencing a NULL rport pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if called twice (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change abort wait_loop from msleep to wait_event_timeout (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change data_dsd into an array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change default ZIO threshold (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla24xx_read_flash_data() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla2x00_update_ms_fdmi_iocb() into void (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for FW started flag before aborting (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: check for kstrtol() failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check secondary image if reading the primary image fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the PCI info string output buffer size (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the size of firmware data structures at compile time (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup fcport memory to prevent leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds during unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: cleanup trace buffer initialization (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a command is released that is owned by the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a mailbox command times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a soft reset fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if parsing the version string fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if sp->done() is not called from the completion path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if waiting for pending commands times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain loudly about reference count underflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correct error handling during initialization failures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correction and improvement to fwdt processing (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correctly report max/min supported speeds (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: deadlock by configfs_depend_item (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare fourth qla2x00_set_model_info() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare local symbols static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla_tgt_cmd.cdb const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare the fourth ql_dump_buffer() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Do not corrupt vha->plogi_ack_list (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Downgrade driver to 10.01.00.19-k There are upstream bug reports against 10.01.00.19-k which haven't been resolved. Also the newer version failed to get a proper review. For time being it's better to got with the older version and do not introduce new bugs. - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Enable type checking for the SRB free and done callback functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix abort timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a NULL pointer dereference (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a qla24xx_enable_msix() error path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a recently introduced kernel warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a small typo in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix code indentation for qla27xx_fwdt_entry (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment alignment in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment in MODULE_PARM_DESC in qla2xxx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix different size DMA Alloc/Unmap (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA error when the DIF sg buffer crosses 4GB boundary (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA unmap leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver reload for ISP82xx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are connected (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix fcport null pointer access (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix flash read for Qlogic ISPs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix formatting of pointer types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw dump corruption (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw options handle eh_bus_reset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hang in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardirq-unsafe locking (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardlockup in abort command during driver remove (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix kernel crash after disconnecting NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix message indicating vectors used by driver (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link reset (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link up fail (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Nport ID display value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVMe port discovery after a short device port loss (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix possible fcport null-pointer dereferences (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix premature timer expiration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix read offset in qla24xx_load_risc_flash() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix routine qla27xx_dump_{mpi|ram}() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session cleanup hang (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session lookup in qlt_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake 'alredy' -> 'already' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake 'initializatin' -> 'initialization' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix SRB allocation flag to avoid sleeping in IRQ context (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stuck login session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unload when NVMe devices are configured (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix use-after-free issues in qla2xxx_qpair_sp_free_dma() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: flush IO on chip reset or sess delete (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Further limit FLASH region write access from SysFS (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve Linux kernel coding style conformance (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve logging for scan thread (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Include the <asm/unaligned.h> header file from qla_dsd.h (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the max_sgl_segments to 1024 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the size of the mailbox arrays from 4 to 8 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Insert spaces where required (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2xxx_get_next_handle() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the be_id_t and le_id_t data types for FC src/dst IDs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the dsd32 and dsd64 data structures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Leave a blank line after declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Let the compiler check the type of the SCSI command context pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Log the status code if a firmware command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make it explicit that ELS pass-through IOCBs use little endian (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_mem_free() easier to verify (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_process_response_queue() easier to read (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qlt_handle_abts_completion() more robust (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make sure that aborted commands are freed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Modify NVMe include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move debug messages before sending srb preventing panic (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: move IO flush to the front of NVME rport unregistration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move marker request behind QPair (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_clear_loop_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_is_reserved_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids() definition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the <linux/io-64-nonatomic-lo-hi.h> include directive (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the port_state_str definition from a .h to a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: no need to check return value of debugfs_create functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: on session delete, return nvme cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Pass little-endian values to the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent memory leak for CT req/rsp allocation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent multiple ADISC commands per session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent SysFS access when chip is down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Really fix qla2xxx_eh_abort() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of casts in GID list code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of forward declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the scope of three local variables in qla2xxx_queuecommand() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reject EH_{abort|device_reset|target_request} (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a comment that refers to the SCSI host lock (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove an include directive from qla_mr.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous forward declaration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous pointer check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove dead code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove double assignment in qla2x00_update_fcport (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove FW default template (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove redundant null check on pointer sess (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove set but not used variable 'ptr_dma' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove superfluous sts_entry_* casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove the fcport test from qla_nvme_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous if-tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary locking from the target code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary null check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unreachable code from qla83xx_idc_lock() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove useless set memory to zero use memset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove WARN_ON_ONCE in qla2x00_status_cont_entry() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Replace vmalloc + memset with vzalloc (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report invalid mailbox status codes (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report the firmware status code if a mailbox command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Restore FAWWPN of Physical Port only for loop down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Retry fabric Scan on IOCB queue full (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Rework key encoding in qlt_find_host_by_d_id() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Secure flash update support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remote port devloss timeout to 0 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remove flag for all VP (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the responder mode if appropriate for ELS pass-through IOCBs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the SCSI command result before calling the command done (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence fwdump template message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence Successful ELS IOCB message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplification of register address used in qla_tmpl.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify a debug statement (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify conditional check again (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_abort_sp_done() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_async_abort_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_lport_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_send_term_imm_notif() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Skip FW dump on LOOP initialization error (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress a Coveritiy complaint about integer overflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress multiple Coverity complaint about out-of-bounds accesses (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: target: Fix offline port handling and host reset handling (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Uninline qla2x00_init_timer() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Unregister resources in the opposite order of the registration order (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.13-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.14-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.15-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.16-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.19-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update flash read/write routine (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use an on-stack completion in qla24xx_control_vp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use ARRAY_SIZE() in the definition of QLA_LAST_SPEED (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use common update-firmware-options routine for ISP27xx+ (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use complete switch scan for RSCN events (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use Correct index for Q-Pair array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use get/put_unaligned where appropriate (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use __le64 instead of uint32_t for sending DMA addresses to firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use memcpy() and strlcpy() instead of strcpy() and strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use mutex protection during qla2x00_sysfs_read_fw_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use strlcpy() instead of strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs instead of spaces for indentation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs to indent code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Verify locking assumptions at runtime (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: scsi_dh_rdac: zero cdb in send_mode_select() (bsc#1149313). - scsi: scsi_transport_fc: nvme: display FC-NVMe port roles (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: storvsc: setup 1:1 mapping between hardware queue and CPU queue (bsc#1140729). - scsi: tcm_qla2xxx: Minimize #include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi_transport_fc: complete requests from ->timeout (bsc#1142076). - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()' (networking-stable-19_09_15). - sctp: fix the transport error_count check (networking-stable-19_08_21). - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike (networking-stable-19_09_15). - secure boot lockdown: Fix-up backport of /dev/mem access restriction The upstream-submitted patch set has evolved over time, align our patches (contents and description) to reflect the current status as far as /dev/mem access is concerned. - Sign non-x86 kernels when possible (boo#1134303) - sky2: Disable MSI on yet another ASUS boards (P6Xxxx) (bsc#1051510). - slip: make slhc_free() silently accept an error pointer (bsc#1051510). - slip: sl_alloc(): remove unused parameter 'dev_t line' (bsc#1051510). - sock_diag: fix autoloading of the raw_diag module (bsc#1152791). - sock_diag: request _diag module only when the family or proto has been registered (bsc#1152791). - staging: vt6655: Fix memory leak in vt6655_probe (bsc#1051510). - SUNRPC fix regression in umount of a secure mount (git-fixes). - SUNRPC: Handle connection breakages correctly in call_status() (git-fixes). - SUNRPC/nfs: Fix return value for nfs4_callback_compound() (git-fixes). - tcp: Do not dequeue SYN/FIN-segments from write-queue (git-gixes). - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR (networking-stable-19_09_15). - tcp: inherit timestamp on mtu probe (networking-stable-19_09_05). - tcp: make sure EPOLLOUT wont be missed (networking-stable-19_08_28). - tcp: remove empty skb from write queue in error cases (networking-stable-19_09_05). - team: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - thermal: Fix use-after-free when unregistering thermal zone device (bsc#1051510). - thermal_hwmon: Sanitize thermal_zone type (bsc#1051510). - tipc: add NULL pointer check before calling kfree_rcu (networking-stable-19_09_15). - tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts (bsc#1082555). - tracing: Initialize iter->seq after zeroing in tracing_read_pipe() (bsc#1151508). - tun: fix use-after-free when register netdev failed (networking-stable-19_09_15). - tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (bsc#1145099). - tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (bsc#1145099). - usb: adutux: fix NULL-derefs on disconnect (bsc#1142635). - usb: adutux: fix use-after-free on disconnect (bsc#1142635). - usb: adutux: fix use-after-free on release (bsc#1051510). - usb: chaoskey: fix use-after-free on release (bsc#1051510). - usb: dummy-hcd: fix power budget for SuperSpeed mode (bsc#1051510). - usb: iowarrior: fix use-after-free after driver unbind (bsc#1051510). - usb: iowarrior: fix use-after-free on disconnect (bsc#1051510). - usb: iowarrior: fix use-after-free on release (bsc#1051510). - usb: legousbtower: fix deadlock on disconnect (bsc#1142635). - usb: legousbtower: fix open after failed reset request (bsc#1142635). - usb: legousbtower: fix potential NULL-deref on disconnect (bsc#1142635). - usb: legousbtower: fix slab info leak at probe (bsc#1142635). - usb: legousbtower: fix use-after-free on release (bsc#1051510). - usb: microtek: fix info-leak at probe (bsc#1142635). - usbnet: ignore endpoints with invalid wMaxPacketSize (bsc#1051510). - usbnet: sanity checking of packet sizes and device mtu (bsc#1051510). - usb: serial: fix runtime PM after driver unbind (bsc#1051510). - usb: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20 (bsc#1051510). - usb: serial: keyspan: fix NULL-derefs on open() and write() (bsc#1051510). - usb: serial: option: add support for Cinterion CLS8 devices (bsc#1051510). - usb: serial: option: add Telit FN980 compositions (bsc#1051510). - usb: usbcore: Fix slab-out-of-bounds bug during device reset (bsc#1051510). - usb: usblcd: fix I/O after disconnect (bsc#1142635). - usb: usblp: fix runtime PM after driver unbind (bsc#1051510). - usb: usb-skeleton: fix NULL-deref on disconnect (bsc#1051510). - usb: usb-skeleton: fix runtime PM after driver unbind (bsc#1051510). - usb: usb-skeleton: fix use-after-free after driver unbind (bsc#1051510). - usb: xhci: wait for CNR controller not ready bit in xhci resume (bsc#1051510). - usb: yurex: Do not retry on unexpected errors (bsc#1051510). - usb: yurex: fix NULL-derefs on disconnect (bsc#1051510). - vfio_pci: Restore original state on release (bsc#1051510). - vhost_net: conditionally enable tx polling (bsc#1145099). - vhost_net: conditionally enable tx polling (bsc#1145099). - video: of: display_timing: Add of_node_put() in of_get_display_timing() (bsc#1051510). - video: ssd1307fb: Start page range at page_offset (bsc#1113722) - watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout (bsc#1051510). - x86/asm: Fix MWAITX C-state hint value (bsc#1114279). - x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h (bsc#1114279). - x86/fpu: Add FPU state copying quirk to handle XRSTOR failure on Intel Skylake CPUs (bsc#1151955). - x86/mm: Use WRITE_ONCE() when setting PTEs (bsc#1114279). - x86/tls: Fix possible spectre-v1 in do_get_thread_area() (bsc#1114279). - xen/netback: fix error path of xenvif_connect_data() (bsc#1065600). - xen/netback: Reset nr_frags before freeing skb (networking-stable-19_08_21). - xen-netfront: do not assume sk_buff_head list is empty in error handling (bsc#1065600). - xen-netfront: do not use ~0U as error return value for xennet_fill_frags() (bsc#1065600). - xen/pv: Fix Xen PV guest int3 handling (bsc#1153811). - xen/xenbus: fix self-deadlock after killing user process (bsc#1065600). - xhci: Check all endpoints for LPM timeout (bsc#1051510). - xhci: Fix false warning message about wrong bounce buffer write length (bsc#1051510). - xhci: Increase STS_SAVE timeout in xhci_suspend() (bsc#1051510). - xhci: Prevent device initiated U1/U2 link pm if exit latency is too long (bsc#1051510). Important SUSE bug 1046299 SUSE bug 1046303 SUSE bug 1046305 SUSE bug 1050244 SUSE bug 1050536 SUSE bug 1050545 SUSE bug 1051510 SUSE bug 1054914 SUSE bug 1055117 SUSE bug 1055186 SUSE bug 1061840 SUSE bug 1064802 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1066129 SUSE bug 1071995 SUSE bug 1073513 SUSE bug 1082555 SUSE bug 1086323 SUSE bug 1087092 SUSE bug 1089644 SUSE bug 1093205 SUSE bug 1097583 SUSE bug 1097584 SUSE bug 1097585 SUSE bug 1097586 SUSE bug 1097587 SUSE bug 1097588 SUSE bug 1098291 SUSE bug 1101674 SUSE bug 1104967 SUSE bug 1109158 SUSE bug 1113722 SUSE bug 1114279 SUSE bug 1117665 SUSE bug 1119086 SUSE bug 1122363 SUSE bug 1123034 SUSE bug 1123080 SUSE bug 1127155 SUSE bug 1127988 SUSE bug 1131304 SUSE bug 1133140 SUSE bug 1134303 SUSE bug 1135642 SUSE bug 1135854 SUSE bug 1135873 SUSE bug 1137799 SUSE bug 1137861 SUSE bug 1137865 SUSE bug 1137959 SUSE bug 1140155 SUSE bug 1140729 SUSE bug 1140845 SUSE bug 1140883 SUSE bug 1141600 SUSE bug 1142076 SUSE bug 1142635 SUSE bug 1142667 SUSE bug 1144375 SUSE bug 1144449 SUSE bug 1145099 SUSE bug 1146042 SUSE bug 1146519 SUSE bug 1146540 SUSE bug 1146664 SUSE bug 1148133 SUSE bug 1148410 SUSE bug 1148712 SUSE bug 1148868 SUSE bug 1149313 SUSE bug 1149446 SUSE bug 1149555 SUSE bug 1149651 SUSE bug 1150381 SUSE bug 1150423 SUSE bug 1150452 SUSE bug 1150465 SUSE bug 1150875 SUSE bug 1151350 SUSE bug 1151508 SUSE bug 1151610 SUSE bug 1151667 SUSE bug 1151671 SUSE bug 1151680 SUSE bug 1151891 SUSE bug 1151955 SUSE bug 1152024 SUSE bug 1152025 SUSE bug 1152026 SUSE bug 1152161 SUSE bug 1152325 SUSE bug 1152457 SUSE bug 1152460 SUSE bug 1152466 SUSE bug 1152788 SUSE bug 1152791 SUSE bug 1152972 SUSE bug 1152974 SUSE bug 1152975 SUSE bug 1153112 SUSE bug 1153158 SUSE bug 1153236 SUSE bug 1153263 SUSE bug 1153646 SUSE bug 1153713 SUSE bug 1153717 SUSE bug 1153718 SUSE bug 1153719 SUSE bug 1153811 SUSE bug 1154108 SUSE bug 1154189 SUSE bug 1154354 SUSE bug 1154372 SUSE bug 1154578 SUSE bug 1154607 SUSE bug 1154608 SUSE bug 1154610 SUSE bug 1154611 SUSE bug 1154651 SUSE bug 1154747 CVE-2017-18595 CVE-2019-14821 CVE-2019-15291 CVE-2019-16232 CVE-2019-16234 CVE-2019-17056 CVE-2019-17133 CVE-2019-17666 CVE-2019-9506 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 This update for samba fixes the following issues: - CVE-2019-10218: Client code can return filenames containing path separators (bsc#1144902). Important SUSE bug 1144902 CVE-2019-10218 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. The Linux Kernel KVM hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack. The Linux kernel was supplemented with the option to disable TSX operation altogether (requiring CPU Microcode updates on older systems) and better flushing of microarchitectural buffers (VERW). The set of options available is described in our TID at https://www.suse.com/support/kb/doc/?id=7024251 Other security fixes: - CVE-2019-0154: Fixed a local denial of service via read of unprotected i915 registers. (bsc#1135966) - CVE-2019-0155: Fixed privilege escalation in the i915 driver. Batch buffers from usermode could have escalated privileges via blitter command stream. (bsc#1135967) - CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150457). - CVE-2019-10220: Added sanity checks on the pathnames passed to the user space. (bsc#1144903). The following non-security bugs were fixed: - alsa: bebob: Fix prototype of helper function to return negative value (bsc#1051510). - alsa: hda/realtek - Add support for ALC623 (bsc#1051510). - alsa: hda/realtek - Add support for ALC711 (bsc#1051510). - alsa: hda/realtek - Fix 2 front mics of codec 0x623 (bsc#1051510). - alsa: hda: Add Elkhart Lake PCI ID (bsc#1051510). - alsa: hda: Add Tigerlake/Jasperlake PCI ID (bsc#1051510). - alsa: timer: Fix mutex deadlock at releasing card (bsc#1051510). - arcnet: provide a buffer big enough to actually receive packets (networking-stable-19_09_30). - asoc: rockchip: i2s: Fix RPM imbalance (bsc#1051510). - asoc: rsnd: Reinitialize bit clock inversion flag for every format setting (bsc#1051510). - bpf: fix use after free in prog symbol exposure (bsc#1083647). - btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group() (bsc#1155178). - btrfs: qgroup: Always free PREALLOC META reserve in btrfs_delalloc_release_extents() (bsc#1155179). - btrfs: tracepoints: Fix bad entry members of qgroup events (bsc#1155186). - btrfs: tracepoints: Fix wrong parameter order for qgroup events (bsc#1155184). - crypto: af_alg - Fix race around ctx->rcvused by making it atomic_t (bsc#1154737). - crypto: af_alg - Initialize sg_num_bytes in error code path (bsc#1051510). - crypto: af_alg - consolidation of duplicate code (bsc#1154737). - crypto: af_alg - fix race accessing cipher request (bsc#1154737). - crypto: af_alg - remove locking in async callback (bsc#1154737). - crypto: af_alg - update correct dst SGL entry (bsc#1051510). - crypto: af_alg - wait for data at beginning of recvmsg (bsc#1154737). - crypto: algif - return error code when no data was processed (bsc#1154737). - crypto: algif_aead - copy AAD from src to dst (bsc#1154737). - crypto: algif_aead - fix reference counting of null skcipher (bsc#1154737). - crypto: algif_aead - overhaul memory management (bsc#1154737). - crypto: algif_aead - skip SGL entries with NULL page (bsc#1154737). - crypto: algif_skcipher - overhaul memory management (bsc#1154737). - cxgb4:Fix out-of-bounds MSI-X info array access (networking-stable-19_10_05). - drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50 (bsc#1051510). - drm/i915/cmdparser: Add support for backward jumps (bsc#1135967) - drm/i915/cmdparser: Ignore Length operands during command matching (bsc#1135967) - drm/i915/cmdparser: Use explicit goto for error paths (bsc#1135967) - drm/i915/gen8+: Add RC6 CTX corruption WA (bsc#1135967) - drm/i915/gtt: Add read only pages to gen8_pte_encode (bsc#1135967) - drm/i915/gtt: Disable read-only support under GVT (bsc#1135967) - drm/i915/gtt: Read-only pages for insert_entries on bdw (bsc#1135967) - drm/i915: Add gen9 BCS cmdparsing (bsc#1135967) - drm/i915: Add support for mandatory cmdparsing (bsc#1135967) - drm/i915: Allow parsing of unsized batches (bsc#1135967) - drm/i915: Disable Secure Batches for gen6+ - drm/i915: Lower RM timeout to avoid DSI hard hangs (bsc#1135967) - drm/i915: Prevent writing into a read-only object via a GGTT mmap (bsc#1135967) - drm/i915: Remove Master tables from cmdparser - drm/i915: Rename gen7 cmdparser tables (bsc#1135967) - drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (bsc#1135967) - efi/memattr: Do not bail on zero VA if it equals the region's PA (bsc#1051510). - efi: cper: print AER info of PCIe fatal error (bsc#1051510). - efivar/ssdt: Do not iterate over EFI vars if no SSDT override was specified (bsc#1051510). - hid: fix error message in hid_open_report() (bsc#1051510). - hid: logitech-hidpp: do all FF cleanup in hidpp_ff_destroy() (bsc#1051510). - hso: fix NULL-deref on tty open (bsc#1051510). - hyperv: set nvme msi interrupts to unmanaged (jsc#SLE-8953, jsc#SLE-9221, jsc#SLE-4941, bsc#1119461, bsc#1119465, bsc#1138190, bsc#1154905). - ib/core: Add mitigation for Spectre V1 (bsc#1155671) - ieee802154: ca8210: prevent memory leak (bsc#1051510). - input: synaptics-rmi4 - avoid processing unknown IRQs (bsc#1051510). - integrity: prevent deadlock during digsig verification (bsc#1090631). - ipv6: Handle missing host route in __ipv6_ifa_notify (networking-stable-19_10_05). - ipv6: drop incoming packets having a v4mapped source address (networking-stable-19_10_05). - kABI workaround for crypto/af_alg changes (bsc#1154737). - kABI workaround for drm_vma_offset_node readonly field addition (bsc#1135967) - ksm: cleanup stable_node chain collapse case (bnc#1144338). - ksm: fix use after free with merge_across_nodes = 0 (bnc#1144338). - ksm: introduce ksm_max_page_sharing per page deduplication limit (bnc#1144338). - ksm: optimize refile of stable_node_dup at the head of the chain (bnc#1144338). - ksm: swap the two output parameters of chain/chain_prune (bnc#1144338). - kvm: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (bsc#1117665). - kvm: x86: mmu: Recovery of shattered NX large pages (bsc#1117665, CVE-2018-12207). - mac80211: Reject malformed SSID elements (bsc#1051510). - mac80211: fix txq null pointer dereference (bsc#1051510). - md/raid0: avoid RAID0 data corruption due to layout confusion (bsc#1140090). - md/raid0: fix warning message for parameter default_layout (bsc#1140090). - net/phy: fix DP83865 10 Mbps HDX loopback disable function (networking-stable-19_09_30). - net/rds: Fix error handling in rds_ib_add_one() (networking-stable-19_10_05). - net/rds: fix warn in rds_message_alloc_sgs (bsc#1154848). - net/rds: remove user triggered WARN_ON in rds_sendmsg (bsc#1154848). - net/sched: act_sample: do not push mac header on ip6gre ingress (networking-stable-19_09_30). - net/smc: fix SMCD link group creation with VLAN id (bsc#1154959). - net: Replace NF_CT_ASSERT() with WARN_ON() (bsc#1146612). - net: Unpublish sk from sk_reuseport_cb before call_rcu (networking-stable-19_10_05). - net: openvswitch: free vport unless register_netdevice() succeeds (git-fixes). - net: qlogic: Fix memory leak in ql_alloc_large_buffers (networking-stable-19_10_05). - net: qrtr: Stop rx_worker before freeing node (networking-stable-19_09_30). - net_sched: add policy validation for action attributes (networking-stable-19_09_30). - net_sched: fix backward compatibility for TCA_ACT_KIND (git-fixes). - netfilter: nf_nat: do not bug when mapping already exists (bsc#1146612). - nfsv4.1 - backchannel request should hold ref on xprt (bsc#1152624). - nl80211: fix null pointer dereference (bsc#1051510). - openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC (networking-stable-19_09_30). - qmi_wwan: add support for Cinterion CLS8 devices (networking-stable-19_10_05). - r8152: Set macpassthru in reset_resume callback (bsc#1051510). - rds: Fix warning (bsc#1154848). - reiserfs: fix extended attributes on the root directory (bsc#1151225). - rpm/kernel-subpackage-spec: Mention debuginfo in the subpackage description (bsc#1149119). - s390/cmf: set_schib_wait add timeout (bsc#1153509, bsc#1153476). - sch_cbq: validate TCA_CBQ_WRROPT to avoid crash (networking-stable-19_10_05). - sch_dsmark: fix potential NULL deref in dsmark_init() (networking-stable-19_10_05). - sch_netem: fix a divide by zero in tabledist() (networking-stable-19_09_30). - sched/fair: Avoid divide by zero when rebalancing domains (bsc#1096254). - scsi: lpfc: Fix devices that do not return after devloss followed by rediscovery (bsc#1137040). - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix N2N link reset (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix N2N link up fail (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix partial flash write of MBI (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix wait condition in loop (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Improve logging for scan thread (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Initialized mailbox to prevent driver load failure (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Set remove flag for all VP (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Silence fwdump template message (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: fix a potential NULL pointer dereference (bsc#1150457 CVE-2019-16233). - scsi: qla2xxx: fixup incorrect usage of host_byte (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: remove redundant assignment to pointer host (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: stop timer in shutdown path (bsc#1143706 bsc#1082635 bsc#1123034). - skge: fix checksum byte order (networking-stable-19_09_30). - staging: wlan-ng: fix exit return when sme->key_idx >= NUM_WEPKEYS (bsc#1051510). - supporte.conf: add efivarfs to kernel-default-base (bsc#1154858). - tipc: fix unlimited bundling of small messages (networking-stable-19_10_05). - usb: ldusb: fix NULL-derefs on driver unbind (bsc#1051510). - usb: ldusb: fix memleak on disconnect (bsc#1051510). - usb: ldusb: fix read info leaks (bsc#1051510). - usb: legousbtower: fix a signedness bug in tower_probe() (bsc#1051510). - usb: legousbtower: fix memleak on disconnect (bsc#1051510). - usb: serial: ti_usb_3410_5052: fix port-close races (bsc#1051510). - usb: udc: lpc32xx: fix bad bit shift operation (bsc#1051510). - usb: usblp: fix use-after-free on disconnect (bsc#1051510). - vfs: Make filldir[64]() verify the directory entry filename is valid (bsc#1144903, CVE-2019-10220). - vsock: Fix a lockdep warning in __vsock_release() (networking-stable-19_10_05). - x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area (bnc#1153969). - x86/boot/64: Round memory hole size up to next PMD page (bnc#1153969). - x86/tsx: Add config options to set tsx=on|off|auto (bsc#1139073, CVE-2019-11135). Important SUSE bug 1051510 SUSE bug 1082635 SUSE bug 1083647 SUSE bug 1090631 SUSE bug 1096254 SUSE bug 1117665 SUSE bug 1119461 SUSE bug 1119465 SUSE bug 1123034 SUSE bug 1135966 SUSE bug 1135967 SUSE bug 1137040 SUSE bug 1138190 SUSE bug 1139073 SUSE bug 1140090 SUSE bug 1143706 SUSE bug 1144338 SUSE bug 1144903 SUSE bug 1146612 SUSE bug 1149119 SUSE bug 1150457 SUSE bug 1151225 SUSE bug 1152624 SUSE bug 1153476 SUSE bug 1153509 SUSE bug 1153969 SUSE bug 1154737 SUSE bug 1154848 SUSE bug 1154858 SUSE bug 1154905 SUSE bug 1154959 SUSE bug 1155178 SUSE bug 1155179 SUSE bug 1155184 SUSE bug 1155186 SUSE bug 1155671 CVE-2018-12207 CVE-2019-0154 CVE-2019-0155 CVE-2019-10220 CVE-2019-11135 CVE-2019-16233 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 This update for haproxy fixes the following issues: - CVE-2019-18277: Fixed HTTP smuggling in messages with transfer-encoding header missing the 'chunked' value (bsc#1154980). Important SUSE bug 1154980 CVE-2019-18277 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-14895: A heap-based buffer overflow was discovered in the Linux kernel in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could have allowed the remote device to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1157158). - CVE-2019-18660: The Linux kernel on powerpc allowed Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c (bnc#1157038). - CVE-2019-18683: An issue was discovered in drivers/media/platform/vivid in the Linux kernel. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free (bnc#1155897). - CVE-2019-18809: A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1156258). - CVE-2019-19062: A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures (bnc#1157333). - CVE-2019-19057: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197). - CVE-2019-19056: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197). - CVE-2019-19068: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157307). - CVE-2019-19063: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157298). - CVE-2019-19227: In the AppleTalk subsystem in the Linux kernel there was a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client (bnc#1157678). - CVE-2019-19065: A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures (bnc#1157191). - CVE-2019-19077: A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering copy to udata failures (bnc#1157171). - CVE-2019-19052: A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157324). - CVE-2019-19067: Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures (bsc#1157180). - CVE-2019-19060: A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157178). - CVE-2019-19049: A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures (bsc#1157173). - CVE-2019-19075: A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures (bnc#1157162). - CVE-2019-19058: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures (bnc#1157145). - CVE-2019-19074: A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157143). - CVE-2019-19073: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function (bnc#1157070). - CVE-2019-15916: An issue was discovered in the Linux kernel There was a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service (bnc#1149448). - CVE-2019-16231: drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150466). - CVE-2019-18805: An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel There was a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact (bnc#1156187). - CVE-2019-17055: base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel did not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket (bnc#1152782). The following non-security bugs were fixed: - ACPI / LPSS: Exclude I2C busses shared with PUNIT from pmc_atom_d3_mask (bsc#1051510). - ACPI / SBS: Fix rare oops when removing modules (bsc#1051510). - ACPICA: Never run _REG on system_memory and system_IO (bsc#1051510). - ACPICA: Use %d for signed int print formatting instead of %u (bsc#1051510). - ALSA: 6fire: Drop the dead code (git-fixes). - ALSA: bebob: fix to detect configured source of sampling clock for Focusrite Saffire Pro i/o series (git-fixes). - ALSA: cs4236: fix error return comparison of an unsigned integer (git-fixes). - ALSA: firewire-motu: Correct a typo in the clock proc string (git-fixes). - ALSA: hda - Add mute led support for HP ProBook 645 G4 (git-fixes). - ALSA: hda - Fix pending unsol events at shutdown (git-fixes). - ALSA: hda/ca0132 - Fix possible workqueue stall (bsc#1155836). - ALSA: hda/intel: add CometLake PCI IDs (bsc#1156729). - ALSA: hda/realtek - Move some alc236 pintbls to fallback table (git-fixes). - ALSA: hda/realtek - Move some alc256 pintbls to fallback table (git-fixes). - ALSA: hda: Add Cometlake-S PCI ID (git-fixes). - ALSA: i2c/cs8427: Fix int to char conversion (bsc#1051510). - ALSA: intel8x0m: Register irq handler after register initializations (bsc#1051510). - ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed() (git-fixes). - ALSA: pcm: signedness bug in snd_pcm_plug_alloc() (bsc#1051510). - ALSA: seq: Do error checks at creating system ports (bsc#1051510). - ALSA: timer: Fix incorrectly assigned timer instance (git-fixes). - ALSA: usb-audio: Fix Focusrite Scarlett 6i6 gen1 - input handling (git-fixes). - ALSA: usb-audio: Fix missing error check at mixer resolution test (git-fixes). - ALSA: usb-audio: not submit urb for stopped endpoint (git-fixes). - ASoC: Intel: hdac_hdmi: Limit sampling rates at dai creation (bsc#1051510). - ASoC: davinci-mcasp: Handle return value of devm_kasprintf (stable 4.14.y). - ASoC: davinci: Kill BUG_ON() usage (stable 4.14.y). - ASoC: dpcm: Properly initialise hw->rate_max (bsc#1051510). - ASoC: kirkwood: fix external clock probe defer (git-fixes). - ASoC: msm8916-wcd-analog: Fix RX1 selection in RDAC2 MUX (git-fixes). - ASoC: sgtl5000: avoid division by zero if lo_vag is zero (bsc#1051510). - ASoC: tegra_sgtl5000: fix device_node refcounting (bsc#1051510). - ASoC: tlv320aic31xx: Handle inverted BCLK in non-DSP modes (stable 4.14.y). - ASoC: tlv320dac31xx: mark expected switch fall-through (stable 4.14.y). - Bluetooth: Fix invalid-free in bcsp_close() (git-fixes). - Bluetooth: Fix memory leak in hci_connect_le_scan (bsc#1051510). - Bluetooth: L2CAP: Detect if remote is not able to use the whole MPS (bsc#1051510). - Bluetooth: btusb: fix PM leak in error case of setup (bsc#1051510). - Bluetooth: delete a stray unlock (bsc#1051510). - Bluetooth: hci_core: fix init for HCI_USER_CHANNEL (bsc#1051510). - Btrfs: fix log context list corruption after rename exchange operation (bsc#1156494). - CIFS: Fix SMB2 oplock break processing (bsc#1144333, bsc#1154355). - CIFS: Fix oplock handling for SMB 2.1+ protocols (bsc#1144333, bsc#1154355). - CIFS: Fix retry mid list corruption on reconnects (bsc#1144333, bsc#1154355). - CIFS: Fix use after free of file info structures (bsc#1144333, bsc#1154355). - CIFS: Force reval dentry if LOOKUP_REVAL flag is set (bsc#1144333, bsc#1154355). - CIFS: Force revalidate inode when dentry is stale (bsc#1144333, bsc#1154355). - CIFS: Gracefully handle QueryInfo errors during open (bsc#1144333, bsc#1154355). - CIFS: avoid using MID 0xFFFF (bsc#1144333, bsc#1154355). - CIFS: fix max ea value size (bsc#1144333, bsc#1154355). - Documentation: debugfs: Document debugfs helper for unsigned long values (git-fixes). - Documentation: x86: convert protection-keys.txt to reST (bsc#1078248). - EDAC/ghes: Fix Use after free in ghes_edac remove path (bsc#1114279). - HID: Add ASUS T100CHI keyboard dock battery quirks (bsc#1051510). - HID: Add quirk for Microsoft PIXART OEM mouse (bsc#1051510). - HID: Fix assumption that devices have inputs (git-fixes). - HID: asus: Add T100CHI bluetooth keyboard dock special keys mapping (bsc#1051510). - HID: wacom: generic: Treat serial number and related fields as unsigned (git-fixes). - Input: ff-memless - kill timer in destroy() (bsc#1051510). - Input: silead - try firmware reload after unsuccessful resume (bsc#1051510). - Input: st1232 - set INPUT_PROP_DIRECT property (bsc#1051510). - Input: synaptics-rmi4 - clear IRQ enables for F54 (bsc#1051510). - Input: synaptics-rmi4 - destroy F54 poller workqueue when removing (bsc#1051510). - Input: synaptics-rmi4 - disable the relative position IRQ in the F12 driver (bsc#1051510). - Input: synaptics-rmi4 - do not consume more data than we have (F11, F12) (bsc#1051510). - Input: synaptics-rmi4 - fix video buffer size (git-fixes). - KVM: VMX: Consider PID.PIR to determine if vCPU has pending interrupts (bsc#1158064). - KVM: VMX: Fix conditions for guest IA32_XSS support (bsc#1158065). - KVM: x86/mmu: Take slots_lock when using kvm_mmu_zap_all_fast() (bsc#1158067). - KVM: x86: Introduce vcpu->arch.xsaves_enabled (bsc#1158066). - NFC: nxp-nci: Fix NULL pointer dereference after I2C communication error (git-fixes). - PCI/ACPI: Correct error message for ASPM disabling (bsc#1051510). - PCI/PME: Fix possible use-after-free on remove (git-fixes). - PCI: sysfs: Ignore lockdep for remove attribute (git-fixes). - PM / devfreq: Check NULL governor in available_governors_show (git-fixes). - PM / devfreq: Lock devfreq in trans_stat_show (git-fixes). - PM / devfreq: exynos-bus: Correct clock enable sequence (bsc#1051510). - PM / devfreq: passive: Use non-devm notifiers (bsc#1051510). - PM / devfreq: passive: fix compiler warning (bsc#1051510). - PM / hibernate: Check the success of generating md5 digest before hibernation (bsc#1051510). - README.BRANCH: Add Denis as branch maintainer - Revert synaptics-rmi4 patch due to regression (bsc#1155982) Also blacklisting it - UAS: Revert commit 3ae62a42090f ('UAS: fix alignment of scatter/gather segments'). - USB: chaoskey: fix error case of a timeout (git-fixes). - USB: gadget: Reject endpoints with 0 maxpacket value (bsc#1051510). - USB: ldusb: fix control-message timeout (bsc#1051510). - USB: ldusb: fix ring-buffer locking (bsc#1051510). - USB: serial: mos7720: fix remote wakeup (git-fixes). - USB: serial: mos7840: add USB ID to support Moxa UPort 2210 (bsc#1051510). - USB: serial: mos7840: fix remote wakeup (git-fixes). - USB: serial: option: add support for DW5821e with eSIM support (bsc#1051510). - USB: serial: option: add support for Foxconn T77W968 LTE modules (bsc#1051510). - USB: serial: whiteheat: fix line-speed endianness (bsc#1051510). - USB: serial: whiteheat: fix potential slab corruption (bsc#1051510). - USBIP: add config dependency for SGL_ALLOC (git-fixes). - appledisplay: fix error handling in the scheduled work (git-fixes). - arm64: Update config files. (bsc#1156466) Enable HW_RANDOM_OMAP driver and mark driver omap-rng as supported. - ata: ep93xx: Use proper enums for directions (bsc#1051510). - ath10k: fix kernel panic by moving pci flush after napi_disable (bsc#1051510). - ath10k: fix vdev-start timeout on error (bsc#1051510). - ath10k: limit available channels via DT ieee80211-freq-limit (bsc#1051510). - ath10k: wmi: disable softirq's while calling ieee80211_rx (bsc#1051510). - ath9k: Fix a locking bug in ath9k_add_interface() (bsc#1051510). - ath9k: add back support for using active monitor interfaces for tx99 (bsc#1051510). - ath9k: fix reporting calculated new FFT upper max (bsc#1051510). - ath9k: fix tx99 with monitor mode interface (bsc#1051510). - ath9k_hw: fix uninitialized variable data (bsc#1051510). - ax88172a: fix information leak on short answers (bsc#1051510). - backlight: lm3639: Unconditionally call led_classdev_unregister (bsc#1051510). - brcmfmac: fix full timeout waiting for action frame on-channel tx (bsc#1051510). - brcmfmac: reduce timeout for action frame scan (bsc#1051510). - brcmsmac: AP mode: update beacon when TIM changes (bsc#1051510). - brcmsmac: never log 'tid x is not agg'able' by default (bsc#1051510). - can: c_can: c_can_poll(): only read status register after status IRQ (git-fixes). - can: dev: call netif_carrier_off() in register_candev() (bsc#1051510). - can: mcba_usb: fix use-after-free on disconnect (git-fixes). - can: peak_usb: fix a potential out-of-sync while decoding packets (git-fixes). - can: peak_usb: fix slab info leak (git-fixes). - can: rx-offload: can_rx_offload_offload_one(): do not increase the skb_queue beyond skb_queue_len_max (git-fixes). - can: rx-offload: can_rx_offload_queue_sorted(): fix error handling, avoid skb mem leak (git-fixes). - can: rx-offload: can_rx_offload_queue_tail(): fix error handling, avoid skb mem leak (git-fixes). - can: usb_8dev: fix use-after-free on disconnect (git-fixes). - ceph: add missing check in d_revalidate snapdir handling (bsc#1157183). - ceph: do not try to handle hashed dentries in non-O_CREAT atomic_open (bsc#1157184). - ceph: fix use-after-free in __ceph_remove_cap() (bsc#1154058). - ceph: just skip unrecognized info in ceph_reply_info_extra (bsc#1157182). - cfg80211: Avoid regulatory restore when COUNTRY_IE_IGNORE is set (bsc#1051510). - cfg80211: Prevent regulatory restore during STA disconnect in concurrent interfaces (bsc#1051510). - cfg80211: call disconnect_wk when AP stops (bsc#1051510). - cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (bsc#1144333, bsc#1154355). - cifs: Fix missed free operations (bsc#1144333, bsc#1154355). - cifs: Use kzfree() to zero out the password (bsc#1144333, bsc#1154355). - cifs: add a helper to find an existing readable handle to a file (bsc#1144333, bsc#1154355). - cifs: create a helper to find a writeable handle by path name (bsc#1144333, bsc#1154355). - cifs: move cifsFileInfo_put logic into a work-queue (bsc#1144333, bsc#1154355). - cifs: prepare SMB2_Flush to be usable in compounds (bsc#1144333, bsc#1154355). - cifs: set domainName when a domain-key is used in multiuser (bsc#1144333, bsc#1154355). - cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic (bsc#1144333, bsc#1154355). - cifs: use existing handle for compound_op(OP_SET_INFO) when possible (bsc#1144333, bsc#1154355). - clk: at91: avoid sleeping early (git-fixes). - clk: pxa: fix one of the pxa RTC clocks (bsc#1051510). - clk: samsung: Use clk_hw API for calling clk framework from clk notifiers (bsc#1051510). - clk: samsung: exynos5420: Preserve CPU clocks configuration during suspend/resume (bsc#1051510). - clk: samsung: exynos5420: Preserve PLL configuration during suspend/resume (git-fixes). - clk: sunxi-ng: a80: fix the zero'ing of bits 16 and 18 (git-fixes). - clocksource/drivers/sh_cmt: Fix clocksource width for 32-bit machines (bsc#1051510). - clocksource/drivers/sh_cmt: Fixup for 64-bit machines (bsc#1051510). - component: fix loop condition to call unbind() if bind() fails (bsc#1051510). - cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init() (bsc#1051510). - cpufreq: Skip cpufreq resume if it's not suspended (bsc#1051510). - cpufreq: intel_pstate: Register when ACPI PCCH is present (bsc#1051510). - cpufreq: powernv: fix stack bloat and hard limit on number of CPUs (bsc#1051510). - cpufreq: ti-cpufreq: add missing of_node_put() (bsc#1051510). - cpupower : Fix cpupower working when cpu0 is offline (bsc#1051510). - cpupower : frequency-set -r option misses the last cpu in related cpu list (bsc#1051510). - cpupower: Fix coredump on VMWare (bsc#1051510). - crypto: af_alg - cast ki_complete ternary op to int (bsc#1051510). - crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr (bsc#1051510). - crypto: ecdh - fix big endian bug in ECC library (bsc#1051510). - crypto: fix a memory leak in rsa-kcs1pad's encryption mode (bsc#1051510). - crypto: geode-aes - switch to skcipher for cbc(aes) fallback (bsc#1051510). - crypto: mxs-dcp - Fix AES issues (bsc#1051510). - crypto: mxs-dcp - Fix SHA null hashes and output length (bsc#1051510). - crypto: mxs-dcp - make symbols 'sha1_null_hash' and 'sha256_null_hash' static (bsc#1051510). - crypto: s5p-sss: Fix Fix argument list alignment (bsc#1051510). - crypto: tgr192 - remove unneeded semicolon (bsc#1051510). - cw1200: Fix a signedness bug in cw1200_load_firmware() (bsc#1051510). - cxgb4: fix panic when attaching to ULD fail (networking-stable-19_11_05). - dccp: do not leak jiffies on the wire (networking-stable-19_11_05). - dlm: do not leak kernel pointer to userspace (bsc#1051510). - dlm: fix invalid free (bsc#1051510). - dmaengine: bcm2835: Print error in case setting DMA mask fails (bsc#1051510). - dmaengine: dma-jz4780: Do not depend on MACH_JZ4780 (bsc#1051510). - dmaengine: dma-jz4780: Further residue status fix (bsc#1051510). - dmaengine: ep93xx: Return proper enum in ep93xx_dma_chan_direction (bsc#1051510). - dmaengine: imx-sdma: fix size check for sdma script_number (bsc#1051510). - dmaengine: imx-sdma: fix use-after-free on probe error path (bsc#1051510). - dmaengine: rcar-dmac: set scatter/gather max segment size (bsc#1051510). - dmaengine: timb_dma: Use proper enum in td_prep_slave_sg (bsc#1051510). - docs: move protection-keys.rst to the core-api book (bsc#1078248). - drm/etnaviv: fix dumping of iommuv2 (bsc#1113722) - drm/omap: fix max fclk divider for omap36xx (bsc#1113722) - drm/radeon: fix bad DMA from INTERRUPT_CNTL2 (git-fixes). - drm/radeon: fix si_enable_smc_cac() failed issue (bsc#1113722) - e1000e: Drop unnecessary __E1000_DOWN bit twiddling (bsc#1158049). - e1000e: Use dev_get_drvdata where possible (bsc#1158049). - e1000e: Use rtnl_lock to prevent race conditions between net and pci/pm (bsc#1158049). - extcon: cht-wc: Return from default case to avoid warnings (bsc#1051510). - fbdev: sbuslib: integer overflow in sbusfb_ioctl_helper() (bsc#1051510). - fbdev: sbuslib: use checked version of put_user() (bsc#1051510). - gpio: mpc8xxx: Do not overwrite default irq_set_type callback (bsc#1051510). - gpio: syscon: Fix possible NULL ptr usage (bsc#1051510). - gpiolib: acpi: Add Terra Pad 1061 to the run_edge_events_on_boot_blacklist (bsc#1051510). - gsmi: Fix bug in append_to_eventlog sysfs handler (bsc#1051510). - hwmon: (ina3221) Fix INA3221_CONFIG_MODE macros (bsc#1051510). - hwmon: (pwm-fan) Silence error on probe deferral (bsc#1051510). - hwrng: omap - Fix RNG wait loop timeout (bsc#1051510). - hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if not idled (bsc#1051510). - hypfs: Fix error number left in struct pointer member (bsc#1051510). - ibmvnic: Bound waits for device queries (bsc#1155689 ltc#182047). - ibmvnic: Fix completion structure initialization (bsc#1155689 ltc#182047). - ibmvnic: Serialize device queries (bsc#1155689 ltc#182047). - ibmvnic: Terminate waiting device threads after loss of service (bsc#1155689 ltc#182047). - iio: adc: max9611: explicitly cast gain_selectors (bsc#1051510). - iio: adc: stm32-adc: fix stopping dma (git-fixes). - iio: dac: mcp4922: fix error handling in mcp4922_write_raw (bsc#1051510). - iio: imu: adis16480: assign bias value only if operation succeeded (git-fixes). - iio: imu: adis16480: make sure provided frequency is positive (git-fixes). - iio: imu: adis: assign read val in debugfs hook only if op successful (git-fixes). - iio: imu: adis: assign value only if return code zero in read funcs (git-fixes). - include/linux/bitrev.h: fix constant bitrev (bsc#1114279). - inet: stop leaking jiffies on the wire (networking-stable-19_11_05). - intel_th: Fix a double put_device() in error path (git-fixes). - iommu/vt-d: Fix QI_DEV_IOTLB_PFSID and QI_DEV_EIOTLB_PFSID macros (bsc#1158063). - ipmi:dmi: Ignore IPMI SMBIOS entries with a zero base address (bsc#1051510). - ipv4: Return -ENETUNREACH if we can't create route but saddr is valid (networking-stable-19_10_24). - iwlwifi: api: annotate compressed BA notif array sizes (bsc#1051510). - iwlwifi: check kasprintf() return value (bsc#1051510). - iwlwifi: do not panic in error path on non-msix systems (bsc#1155692). - iwlwifi: exclude GEO SAR support for 3168 (git-fixes). - iwlwifi: mvm: avoid sending too many BARs (bsc#1051510). - iwlwifi: mvm: do not send keys when entering D3 (bsc#1051510). - kABI workaround for ath10k last_wmi_vdev_start_status field (bsc#1051510). - kABI workaround for struct mwifiex_power_cfg change (bsc#1051510). - kABI: Fix for 'KVM: x86: Introduce vcpu->arch.xsaves_enabled' (bsc#1158066). - lib/scatterlist: Fix chaining support in sgl_alloc_order() (git-fixes). - lib/scatterlist: Introduce sgl_alloc() and sgl_free() (git-fixes). - liquidio: fix race condition in instruction completion processing (bsc#1051510). - loop: add ioctl for changing logical block size (bsc#1108043). - mISDN: Fix type of switch control variable in ctrl_teimanager (bsc#1051510). - mac80211: consider QoS Null frames for STA_NULLFUNC_ACKED (bsc#1051510). - mac80211: minstrel: fix CCK rate group streams value (bsc#1051510). - mac80211: minstrel: fix sampling/reporting of CCK rates in HT mode (bsc#1051510). - macvlan: schedule bc_work even if error (bsc#1051510). - mailbox: reset txdone_method TXDONE_BY_POLL if client knows_txdone (git-fixes). - media: au0828: Fix incorrect error messages (bsc#1051510). - media: bdisp: fix memleak on release (git-fixes). - media: cxusb: detect cxusb_ctrl_msg error in query (bsc#1051510). - media: davinci: Fix implicit enum conversion warning (bsc#1051510). - media: exynos4-is: Fix recursive locking in isp_video_release() (git-fixes). - media: fix: media: pci: meye: validate offset to avoid arbitrary access (bsc#1051510). - media: flexcop-usb: ensure -EIO is returned on error condition (git-fixes). - media: imon: invalid dereference in imon_touch_event (bsc#1051510). - media: isif: fix a NULL pointer dereference bug (bsc#1051510). - media: pci: ivtv: Fix a sleep-in-atomic-context bug in ivtv_yuv_init() (bsc#1051510). - media: pxa_camera: Fix check for pdev->dev.of_node (bsc#1051510). - media: radio: wl1273: fix interrupt masking on release (git-fixes). - media: ti-vpe: vpe: Fix Motion Vector vpdma stride (git-fixes). - media: usbvision: Fix races among open, close, and disconnect (bsc#1051510). - media: vim2m: Fix abort issue (git-fixes). - media: vivid: Set vid_cap_streaming and vid_out_streaming to true (bsc#1051510). - mei: fix modalias documentation (git-fixes). - mei: samples: fix a signedness bug in amt_host_if_call() (bsc#1051510). - mfd: intel-lpss: Add default I2C device properties for Gemini Lake (bsc#1051510). - mfd: max8997: Enale irq-wakeup unconditionally (bsc#1051510). - mfd: mc13xxx-core: Fix PMIC shutdown when reading ADC values (bsc#1051510). - mfd: palmas: Assign the right powerhold mask for tps65917 (git-fixes). - mfd: ti_am335x_tscadc: Keep ADC interface on if child is wakeup capable (bsc#1051510). - mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d() (git fixes (mm/gup)). - mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new zone (git fixes (mm/compaction)). - mm/debug.c: PageAnon() is true for PageKsm() pages (git fixes (mm/debug)). - mmc: core: fix wl1251 sdio quirks (git-fixes). - mmc: host: omap_hsmmc: add code for special init of wl1251 to get rid of pandora_wl1251_init_card (git-fixes). - mmc: mediatek: fix cannot receive new request when msdc_cmd_is_ready fail (bsc#1051510). - mmc: sdhci-esdhc-imx: correct the fix of ERR004536 (git-fixes). - mmc: sdhci-of-at91: fix quirk2 overwrite (git-fixes). - mmc: sdio: fix wl1251 vendor id (git-fixes). - mt7601u: fix bbp version check in mt7601u_wait_bbp_ready (bsc#1051510). - mtd: nand: mtk: fix incorrect register setting order about ecc irq. - mtd: spear_smi: Fix Write Burst mode (bsc#1051510). - mtd: spi-nor: fix silent truncation in spi_nor_read() (bsc#1051510). - mwifiex: Fix NL80211_TX_POWER_LIMITED (bsc#1051510). - net/ibmvnic: Ignore H_FUNCTION return from H_EOI to tolerate XIVE mode (bsc#1089644, ltc#166495, ltc#165544, git-fixes). - net/mlx4_core: Dynamically set guaranteed amount of counters per VF (networking-stable-19_11_05). - net/mlx5e: Fix handling of compressed CQEs in case of low NAPI budget (networking-stable-19_11_05). - net/smc: Fix error path in smc_init (git-fixes). - net/smc: avoid fallback in case of non-blocking connect (git-fixes). - net/smc: fix closing of fallback SMC sockets (git-fixes). - net/smc: fix ethernet interface refcounting (git-fixes). - net/smc: fix refcounting for non-blocking connect() (git-fixes). - net/smc: keep vlan_id for SMC-R in smc_listen_work() (git-fixes). - net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol() (networking-stable-19_11_05). - net: add READ_ONCE() annotation in __skb_wait_for_more_packets() (networking-stable-19_11_05). - net: add skb_queue_empty_lockless() (networking-stable-19_11_05). - net: annotate accesses to sk->sk_incoming_cpu (networking-stable-19_11_05). - net: annotate lockless accesses to sk->sk_napi_id (networking-stable-19_11_05). - net: avoid potential infinite loop in tc_ctl_action() (networking-stable-19_10_24). - net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3 (networking-stable-19_10_24). - net: bcmgenet: Set phydev->dev_flags only for internal PHYs (networking-stable-19_10_24). - net: bcmgenet: reset 40nm EPHY on energy detect (networking-stable-19_11_05). - net: dsa: b53: Do not clear existing mirrored port mask (networking-stable-19_11_05). - net: dsa: bcm_sf2: Fix IMP setup for port different than 8 (networking-stable-19_11_05). - net: dsa: fix switch tree list (networking-stable-19_11_05). - net: ethernet: ftgmac100: Fix DMA coherency issue with SW checksum (networking-stable-19_11_05). - net: fix sk_page_frag() recursion from memory reclaim (networking-stable-19_11_05). - net: hisilicon: Fix ping latency when deal with high throughput (networking-stable-19_11_05). - net: stmmac: disable/enable ptp_ref_clk in suspend/resume flow (networking-stable-19_10_24). - net: use skb_queue_empty_lockless() in busy poll contexts (networking-stable-19_11_05). - net: use skb_queue_empty_lockless() in poll() handlers (networking-stable-19_11_05). - net: wireless: ti: remove local VENDOR_ID and DEVICE_ID definitions (git-fixes). - net: wireless: ti: wl1251 use new SDIO_VENDOR_ID_TI_WL1251 definition (git-fixes). - netns: fix GFP flags in rtnl_net_notifyid() (networking-stable-19_11_05). - nfc: netlink: fix double device reference drop (git-fixes). - nfc: port100: handle command failure cleanly (git-fixes). - nl80211: Fix a GET_KEY reply attribute (bsc#1051510). - openvswitch: fix flow command message size (git-fixes). - padata: use smp_mb in padata_reorder to avoid orphaned padata jobs (git-fixes). - phy: phy-twl4030-usb: fix denied runtime access (git-fixes). - pinctl: ti: iodelay: fix error checking on pinctrl_count_index_with_args call (git-fixes). - pinctrl: at91: do not use the same irqchip with multiple gpiochips (git-fixes). - pinctrl: cherryview: Allocate IRQ chip dynamic (git-fixes). - pinctrl: lewisburg: Update pin list according to v1.1v6 (bsc#1051510). - pinctrl: lpc18xx: Use define directive for PIN_CONFIG_GPIO_PIN_INT (bsc#1051510). - pinctrl: qcom: spmi-gpio: fix gpio-hog related boot issues (bsc#1051510). - pinctrl: samsung: Fix device node refcount leaks in S3C24xx wakeup controller init (bsc#1051510). - pinctrl: samsung: Fix device node refcount leaks in S3C64xx wakeup controller init (bsc#1051510). - pinctrl: samsung: Fix device node refcount leaks in init code (bsc#1051510). - pinctrl: sunxi: Fix a memory leak in 'sunxi_pinctrl_build_state()' (bsc#1051510). - pinctrl: zynq: Use define directive for PIN_CONFIG_IO_STANDARD (bsc#1051510). - power: reset: at91-poweroff: do not procede if at91_shdwc is allocated (bsc#1051510). - power: supply: ab8500_fg: silence uninitialized variable warnings (bsc#1051510). - power: supply: max14656: fix potential use-after-free (bsc#1051510). - power: supply: twl4030_charger: disable eoc interrupt on linear charge (bsc#1051510). - power: supply: twl4030_charger: fix charging current out-of-bounds (bsc#1051510). - powerpc/64: Make meltdown reporting Book3S 64 specific (bsc#1091041). - powerpc/book3s64/hash: Use secondary hash for bolted mapping if the primary is full (bsc#1157778 ltc#182520). - powerpc/bpf: Fix tail call implementation (bsc#1157698). - powerpc/pseries: Do not fail hash page table insert for bolted mapping (bsc#1157778 ltc#182520). - powerpc/pseries: Do not opencode HPTE_V_BOLTED (bsc#1157778 ltc#182520). - powerpc/pseries: address checkpatch warnings in dlpar_offline_cpu (bsc#1156700 ltc#182459). - powerpc/pseries: safely roll back failed DLPAR cpu add (bsc#1156700 ltc#182459). - powerpc/security/book3s64: Report L1TF status in sysfs (bsc#1091041). - powerpc/security: Fix wrong message when RFI Flush is disable (bsc#1131107). - powerpc/xive: Prevent page fault issues in the machine crash handler (bsc#1156882 ltc#182435). - ppdev: fix PPGETTIME/PPSETTIME ioctls (bsc#1051510). - pwm: bcm-iproc: Prevent unloading the driver module while in use (git-fixes). - pwm: lpss: Only set update bit if we are actually changing the settings (bsc#1051510). - r8152: add device id for Lenovo ThinkPad USB-C Dock Gen 2 (networking-stable-19_11_05). - regulator: ab8500: Remove AB8505 USB regulator (bsc#1051510). - regulator: ab8500: Remove SYSCLKREQ from enum ab8505_regulator_id (bsc#1051510). - remoteproc: Check for NULL firmwares in sysfs interface (git-fixes). - reset: Fix potential use-after-free in __of_reset_control_get() (bsc#1051510). - reset: fix of_reset_simple_xlate kerneldoc comment (bsc#1051510). - reset: fix reset_control_get_exclusive kerneldoc comment (bsc#1051510). - rpm/kernel-binary.spec.in: add COMPRESS_VMLINUX (bnc#1155921) Let COMPRESS_VMLINUX determine the compression used for vmlinux. By default (historically), it is gz. - rpm/kernel-source.spec.in: Fix dependency of kernel-devel (bsc#1154043) - rtl8187: Fix warning generated when strncpy() destination length matches the sixe argument (bsc#1051510). - rtlwifi: Remove unnecessary NULL check in rtl_regd_init (bsc#1051510). - rtlwifi: rtl8192de: Fix misleading REG_MCUFWDL information (bsc#1051510). - rtlwifi: rtl8192de: Fix missing code to retrieve RX buffer address (bsc#1051510). - rtlwifi: rtl8192de: Fix missing enable interrupt flag (bsc#1051510). - s390/bpf: fix lcgr instruction encoding (bsc#1051510). - s390/bpf: use 32-bit index for tail calls (bsc#1051510). - s390/cio: avoid calling strlen on null pointer (bsc#1051510). - s390/cio: exclude subchannels with no parent from pseudo check (bsc#1051510). - s390/cmm: fix information leak in cmm_timeout_handler() (bsc#1051510). - s390/cpumsf: Check for CPU Measurement sampling (bsc#1153681 LTC#181855). - s390/idle: fix cpu idle time calculation (bsc#1051510). - s390/process: avoid potential reading of freed stack (bsc#1051510). - s390/qdio: (re-)initialize tiqdio list entries (bsc#1051510). - s390/qdio: do not touch the dsci in tiqdio_add_input_queues() (bsc#1051510). - s390/qeth: return proper errno on IO error (bsc#1051510). - s390/setup: fix boot crash for machine without EDAT-1 (bsc#1051510 bsc#1140948). - s390/setup: fix early warning messages (bsc#1051510 bsc#1140948). - s390/topology: avoid firing events before kobjs are created (bsc#1051510). - s390: fix stfle zero padding (bsc#1051510). - sc16is7xx: Fix for 'Unexpected interrupt: 8' (bsc#1051510). - scsi: lpfc: Fix Oops in nvme_register with target logout/login (bsc#1151900). - scsi: lpfc: Honor module parameter lpfc_use_adisc (bsc#1153628). - scsi: lpfc: Limit xri count for kdump environment (bsc#1154124). - scsi: qla2xxx: Add debug dump of LOGO payload and ELS IOCB (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Allow PLOGI in target mode (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Change discovery state before PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Configure local loop for N2N target (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Do command completion on abort timeout (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Do not call qlt_async_event twice (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Do not defer relogin unconditonally (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Drop superfluous INIT_WORK of del_work (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Fix PLOGI payload and ELS IOCB dump length (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Fix SRB leak on switch command timeout (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix a dma_pool_free() call (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix device connect issues in P2P configuration (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix double scsi_done for abort path (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix driver unload hang (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix memory leak when sending I/O fails (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix qla2x00_request_irqs() for MSI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Ignore NULL pointer in tcm_qla2xxx_free_mcmd (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Ignore PORT UPDATE after N2N PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Initialize free_work before flushing it (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Remove an include directive (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Retry PLOGI on FC-NVMe PRLI failure (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Send Notify ACK after N2N PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Update driver version to 10.01.00.21-k (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Use explicit LOGO in target mode (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: do not use zero for FC4_PRIORITY_NVME (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: fix rports not being mark as lost in sync fabric scan (bsc#1138039). - scsi: qla2xxx: initialize fc4_type_priority (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: unregister ports after GPN_FT failure (bsc#1138039). - scsi: sd: Ignore a failure to sync cache due to lack of authorization (git-fixes). - scsi: storvsc: Add ability to change scsi queue depth (bsc#1155021). - scsi: zfcp: fix reaction on bit error threshold notification (bsc#1154956 LTC#182054). - scsi: zfcp: fix request object use-after-free in send path causing wrong traces (bsc#1051510). - sctp: change sctp_prot .no_autobind with true (networking-stable-19_10_24). - sctp: Fixed a regression (bsc#1158082). - selftests: net: reuseport_dualstack: fix uninitalized parameter (networking-stable-19_11_05). - serial: fix kernel-doc warning in comments (bsc#1051510). - serial: mctrl_gpio: Check for NULL pointer (bsc#1051510). - serial: mxs-auart: Fix potential infinite loop (bsc#1051510). - serial: samsung: Enable baud clock for UART reset procedure in resume (bsc#1051510). - serial: uartlite: fix exit path null pointer (bsc#1051510). - serial: uartps: Fix suspend functionality (bsc#1051510). - signal: Properly set TRACE_SIGNAL_LOSE_INFO in __send_signal (bsc#1157463). - slcan: Fix memory leak in error path (bsc#1051510). - slip: Fix memory leak in slip_open error path (bsc#1051510). - slip: Fix use-after-free Read in slip_open (bsc#1051510). - smb3: Incorrect size for netname negotiate context (bsc#1144333, bsc#1154355). - smb3: fix leak in 'open on server' perf counter (bsc#1144333, bsc#1154355). - smb3: fix signing verification of large reads (bsc#1144333, bsc#1154355). - smb3: fix unmount hang in open_shroot (bsc#1144333, bsc#1154355). - smb3: improve handling of share deleted (and share recreated) (bsc#1144333, bsc#1154355). - soc: imx: gpc: fix PDN delay (bsc#1051510). - soc: qcom: wcnss_ctrl: Avoid string overflow (bsc#1051510). - spi: atmel: Fix CS high support (bsc#1051510). - spi: atmel: fix handling of cs_change set on non-last xfer (bsc#1051510). - spi: fsl-lpspi: Prevent FIFO under/overrun by default (bsc#1051510). - spi: mediatek: Do not modify spi_transfer when transfer (bsc#1051510). - spi: mediatek: use correct mata->xfer_len when in fifo transfer (bsc#1051510). - spi: pic32: Use proper enum in dmaengine_prep_slave_rg (bsc#1051510). - spi: rockchip: initialize dma_slave_config properly (bsc#1051510). - spi: spidev: Fix OF tree warning logic (bsc#1051510). - staging: rtl8188eu: fix null dereference when kzalloc fails (bsc#1051510). - thunderbolt: Fix lockdep circular locking depedency warning (git-fixes). - tpm: add check after commands attribs tab allocation (bsc#1051510). - tracing: Get trace_array reference for available_tracers files (bsc#1156429). - udp: use skb_queue_empty_lockless() (networking-stable-19_11_05). - usb-serial: cp201x: support Mark-10 digital force gauge (bsc#1051510). - usb-storage: Revert commit 747668dbc061 ('usb-storage: Set virt_boundary_mask to avoid SG overflows') (bsc#1051510). - usb: chipidea: Fix otg event handler (bsc#1051510). - usb: chipidea: imx: enable OTG overcurrent in case USB subsystem is already started (bsc#1051510). - usb: dwc3: gadget: Check ENBLSLPM before sending ep command (bsc#1051510). - usb: gadget: udc: atmel: Fix interrupt storm in FIFO mode (bsc#1051510). - usb: gadget: udc: fotg210-udc: Fix a sleep-in-atomic-context bug in fotg210_get_status() (bsc#1051510). - usb: gadget: uvc: Factor out video USB request queueing (bsc#1051510). - usb: gadget: uvc: Only halt video streaming endpoint in bulk mode (bsc#1051510). - usb: gadget: uvc: configfs: Drop leaked references to config items (bsc#1051510). - usb: gadget: uvc: configfs: Prevent format changes after linking header (bsc#1051510). - usb: handle warm-reset port requests on hub resume (bsc#1051510). - usb: xhci-mtk: fix ISOC error when interval is zero (bsc#1051510). - usbip: Fix free of unallocated memory in vhci tx (git-fixes). - usbip: Fix vhci_urb_enqueue() URB null transfer buffer error path (git-fixes). - usbip: Implement SG support to vhci-hcd and stub driver (git-fixes). - usbip: tools: fix fd leakage in the function of read_attr_usbip_status (git-fixes). - vfio-ccw: Fix misleading comment when setting orb.cmd.c64 (bsc#1051510). - vfio-ccw: Set pa_nr to 0 if memory allocation fails for pa_iova_pfn (bsc#1051510). - vfio: ccw: push down unsupported IDA check (bsc#1156471 LTC#182362). - video/hdmi: Fix AVI bar unpack (git-fixes). - virtio/s390: fix race on airq_areas (bsc#1051510). - virtio_console: allocate inbufs in add_port() only if it is needed (git-fixes). - virtio_ring: fix return code on DMA mapping fails (git-fixes). - vmxnet3: turn off lro when rxcsum is disabled (bsc#1157499). - watchdog: meson: Fix the wrong value of left time (bsc#1051510). - x86/alternatives: Add int3_emulate_call() selftest (bsc#1153811). - x86/alternatives: Fix int3_emulate_call() selftest stack corruption (bsc#1153811). - x86/mm/pkeys: Fix typo in Documentation/x86/protection-keys.txt (bsc#1078248). - x86/pkeys: Update documentation about availability (bsc#1078248). - x86/resctrl: Fix potential lockdep warning (bsc#1114279). - x86/resctrl: Prevent NULL pointer dereference when reading mondata (bsc#1114279). - x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs (bsc#1158068). - xfrm: Fix xfrm sel prefix length validation (git-fixes). - xfrm: fix sa selector validation (bsc#1156609). Important SUSE bug 1048942 SUSE bug 1051510 SUSE bug 1078248 SUSE bug 1082635 SUSE bug 1089644 SUSE bug 1091041 SUSE bug 1108043 SUSE bug 1113722 SUSE bug 1114279 SUSE bug 1117169 SUSE bug 1131107 SUSE bug 1138039 SUSE bug 1140948 SUSE bug 1143706 SUSE bug 1144333 SUSE bug 1149448 SUSE bug 1150466 SUSE bug 1151548 SUSE bug 1151900 SUSE bug 1152782 SUSE bug 1153628 SUSE bug 1153681 SUSE bug 1153811 SUSE bug 1154043 SUSE bug 1154058 SUSE bug 1154124 SUSE bug 1154355 SUSE bug 1154526 SUSE bug 1154956 SUSE bug 1155021 SUSE bug 1155689 SUSE bug 1155692 SUSE bug 1155836 SUSE bug 1155897 SUSE bug 1155921 SUSE bug 1155982 SUSE bug 1156187 SUSE bug 1156258 SUSE bug 1156429 SUSE bug 1156466 SUSE bug 1156471 SUSE bug 1156494 SUSE bug 1156609 SUSE bug 1156700 SUSE bug 1156729 SUSE bug 1156882 SUSE bug 1157038 SUSE bug 1157042 SUSE bug 1157070 SUSE bug 1157143 SUSE bug 1157145 SUSE bug 1157158 SUSE bug 1157162 SUSE bug 1157171 SUSE bug 1157173 SUSE bug 1157178 SUSE bug 1157180 SUSE bug 1157182 SUSE bug 1157183 SUSE bug 1157184 SUSE bug 1157191 SUSE bug 1157193 SUSE bug 1157197 SUSE bug 1157298 SUSE bug 1157307 SUSE bug 1157324 SUSE bug 1157333 SUSE bug 1157424 SUSE bug 1157463 SUSE bug 1157499 SUSE bug 1157678 SUSE bug 1157698 SUSE bug 1157778 SUSE bug 1157908 SUSE bug 1158049 SUSE bug 1158063 SUSE bug 1158064 SUSE bug 1158065 SUSE bug 1158066 SUSE bug 1158067 SUSE bug 1158068 SUSE bug 1158082 CVE-2019-14895 CVE-2019-15916 CVE-2019-16231 CVE-2019-17055 CVE-2019-18660 CVE-2019-18683 CVE-2019-18805 CVE-2019-18809 CVE-2019-19049 CVE-2019-19052 CVE-2019-19056 CVE-2019-19057 CVE-2019-19058 CVE-2019-19060 CVE-2019-19062 CVE-2019-19063 CVE-2019-19065 CVE-2019-19067 CVE-2019-19068 CVE-2019-19073 CVE-2019-19074 CVE-2019-19075 CVE-2019-19077 CVE-2019-19227 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-20669: Missing access control checks in ioctl of gpu/drm/i915 driver were fixed which might have lead to information leaks. (bnc#1122971). - CVE-2019-3459, CVE-2019-3460: The Bluetooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758). - CVE-2019-3819: A flaw was found in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ('root') can cause a system lock up and a denial of service. (bnc#1123161). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bnc#1124728 ). - CVE-2019-7221: Fixed a use-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124732). - CVE-2019-7222: Fixed an information leakage in the KVM hypervisor related to handling page fault exceptions, which allowed a guest user/process to use this flaw to leak the host's stack memory contents to a guest (bsc#1124735). - CVE-2019-7308: kernel/bpf/verifier.c performed undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks (bnc#1124055). - CVE-2019-8912: af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr (bnc#1125907). - CVE-2019-8980: A memory leak in the kernel_read_file function in fs/exec.c allowed attackers to cause a denial of service (memory consumption) by triggering vfs_read failures (bnc#1126209). - CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166). - CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179). The following non-security bugs were fixed: - 6lowpan: iphc: reset mac_header after decompress to fix panic (bsc#1051510). - 9p: clear dangling pointers in p9stat_free (bsc#1051510). - 9p locks: fix glock.client_id leak in do_lock (bsc#1051510). - 9p/net: fix memory leak in p9_client_create (bsc#1051510). - 9p/net: put a lower bound on msize (bsc#1051510). - 9p: use inode->i_lock to protect i_size_write() under 32-bit (bsc#1051510). - acpi/APEI: Clear GHES block_status before panic() (bsc#1051510). - acpi/device_sysfs: Avoid OF modalias creation for removed device (bsc#1051510). - acpi/nfit: Block function zero DSMs (bsc#1051510). - acpi, nfit: Fix Address Range Scrub completion tracking (bsc#1124969). - acpi/nfit: Fix bus command validation (bsc#1051510). - acpi/nfit: Fix command-supported detection (bsc#1051510). - acpi/nfit: Fix race accessing memdev in nfit_get_smbios_id() (bsc#1122662). - acpi/nfit: Fix user-initiated ARS to be 'ARS-long' rather than 'ARS-short' (bsc#1124969). - acpi: NUMA: Use correct type for printing addresses on i386-PAE (bsc#1051510). - acpi: power: Skip duplicate power resource references in _PRx (bsc#1051510). - acpi / video: Extend chassis-type detection with a 'Lunch Box' check (bsc#1051510). - acpi / video: Refactor and fix dmi_is_desktop() (bsc#1051510). - add 1 entry 2bcbd406715dca256912b9c5ae449c7968f15705 - Add delay-init quirk for Corsair K70 RGB keyboards (bsc#1087092). - af_iucv: Move sockaddr length checks to before accessing sa_family in bind and connect handlers (bsc#1051510). - alsa: bebob: fix model-id of unit for Apogee Ensemble (bsc#1051510). - alsa: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56 (bsc#1051510). - alsa: compress: Fix stop handling on compressed capture streams (bsc#1051510). - alsa: compress: prevent potential divide by zero bugs (bsc#1051510). - alsa: firewire-motu: fix construction of PCM frame for capture direction (bsc#1051510). - alsa: hda - Add mute LED support for HP ProBook 470 G5 (bsc#1051510). - alsa: hda - Add quirk for HP EliteBook 840 G5 (bsc#1051510). - alsa: hda/ca0132 - Fix build error without CONFIG_PCI (bsc#1051510). - alsa: hda/realtek: Disable PC beep in passthrough on alc285 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX362FA with ALC294 (bsc#1051510). - alsa: hda/realtek - Fixed hp_pin no value (bsc#1051510). - alsa: hda/realtek - Fix lose hp_pins for disable auto mute (bsc#1051510). - alsa: hda/realtek - Headset microphone and internal speaker support for System76 oryp5 (bsc#1051510). - alsa: hda/realtek - Headset microphone support for System76 darp5 (bsc#1051510). - alsa: hda/realtek - Reduce click noise on Dell Precision 5820 headphone (bsc#1126131). - alsa: hda/realtek - Use a common helper for hp pin reference (bsc#1051510). - alsa: hda - Serialize codec registrations (bsc#1122944). - alsa: hda - Use standard device registration for beep (bsc#1122944). - alsa: oxfw: add support for APOGEE duet FireWire (bsc#1051510). - alsa: usb-audio: Add Opus #3 to quirks for native DSD support (bsc#1051510). - alsa: usb-audio: Add support for new T+A USB DAC (bsc#1051510). - alsa: usb-audio: Fix implicit fb endpoint setup by quirk (bsc#1051510). - altera-stapl: check for a null key before strcasecmp'ing it (bsc#1051510). - amd-xgbe: Fix mdio access for non-zero ports and clause 45 PHYs (bsc#1122927). - apparmor: Fix aa_label_build() error handling for failed merges (bsc#1051510). - applicom: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - aquantia: Setup max_mtu in ndev to enable jumbo frames (bsc#1051510). - arm64: fault: avoid send SIGBUS two times (bsc#1126393). - arm: 8802/1: Call syscall_trace_exit even when system call skipped (bsc#1051510). - arm: 8808/1: kexec:offline panic_smp_self_stop CPU (bsc#1051510). - arm: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling (bsc#1051510). - arm: 8815/1: V7M: align v7m_dma_inv_range() with v7 counterpart (bsc#1051510). - arm/arm64: kvm: Rename function kvm_arch_dev_ioctl_check_extension() (bsc#1126393). - arm/arm64: kvm: vgic: Force VM halt when changing the active state of GICv3 PPIs/SGIs (bsc#1051510). - arm: cns3xxx: Fix writing to wrong PCI config registers after alignment (bsc#1051510). - arm: cns3xxx: Use actual size reads for PCIe (bsc#1051510). - arm: imx: update the cpu power up timing setting on i.mx6sx (bsc#1051510). - arm: iop32x/n2100: fix PCI IRQ mapping (bsc#1051510). - arm: kvm: Fix VTTBR_BADDR_MASK BUG_ON off-by-one (bsc#1051510). - arm: mmp/mmp2: fix cpu_is_mmp2() on mmp2-dt (bsc#1051510). - arm: OMAP1: ams-delta: Fix possible use of uninitialized field (bsc#1051510). - arm: OMAP2+: hwmod: Fix some section annotations (bsc#1051510). - arm: OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup (bsc#1051510). - arm: pxa: avoid section mismatch warning (bsc#1051510). - arm: tango: Improve ARCH_MULTIPLATFORM compatibility (bsc#1051510). - ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages (bsc#1051510). - ASoC: dapm: change snprintf to scnprintf for possible overflow (bsc#1051510). - ASoC: dma-sh7760: cleanup a debug printk (bsc#1051510). - ASoC: fsl_esai: fix register setting issue in RIGHT_J mode (bsc#1051510). - ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M (bsc#1051510). - ASoC: imx-audmux: change snprintf to scnprintf for possible overflow (bsc#1051510). - ASoC: imx-sgtl5000: put of nodes if finding codec fails (bsc#1051510). - ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field (bsc#1051510). - ASoC: msm8916-wcd-analog: add missing license information (bsc#1051510). - ASoC: qcom: Fix of-node refcount unbalance in apq8016_sbc_parse_of() (bsc#1051510). - ASoC: rsnd: fixup rsnd_ssi_master_clk_start() user count check (bsc#1051510). - ASoC: rt5514-spi: Fix potential NULL pointer dereference (bsc#1051510). - assoc_array: Fix shortcut creation (bsc#1051510). - ata: ahci: mvebu: remove stale comment (bsc#1051510). - ath9k: Avoid OF no-EEPROM quirks without qca,no-eeprom (bsc#1051510). - ath9k: dynack: check da->enabled first in sampling routines (bsc#1051510). - ath9k: dynack: make ewma estimation faster (bsc#1051510). - ath9k: dynack: use authentication messages for 'late' ack (bsc#1051510). - atm: he: fix sign-extension overflow on large shift (bsc#1051510). - ax25: fix a use-after-free in ax25_fillin_cb() (networking-stable-19_01_04). - ax25: fix possible use-after-free (bsc#1051510). - backlight: pwm_bl: Use gpiod_get_value_cansleep() to get initial (bsc#1113722) - batman-adv: Avoid WARN on net_device without parent in netns (bsc#1051510). - batman-adv: fix uninit-value in batadv_interface_tx() (bsc#1051510). - batman-adv: Force mac header to start of data on xmit (bsc#1051510). - be2net: do not flip hw_features when VXLANs are added/deleted (bsc#1050252). - bio: Introduce BIO_ALLOCED flag and check it in bio_free (bsc#1128094). - blkdev: avoid migration stalls for blkdev pages (bsc#1084216). - blk-mq: fix a hung issue when fsync (bsc#1125252). - blk-mq: fix kernel oops in blk_mq_tag_idle() (bsc#1051510). - block: break discard submissions into the user defined size (git-fixes). - block: cleanup __blkdev_issue_discard() (git-fixes). - block_dev: fix crash on chained bios with O_DIRECT (bsc#1128094). - blockdev: Fix livelocks on loop device (bsc#1124984). - block: do not deal with discard limit in blkdev_issue_discard() (git-fixes). - block: do not use bio->bi_vcnt to figure out segment number (bsc#1128895). - block: do not warn when doing fsync on read-only devices (bsc#1125252). - block: fix 32 bit overflow in __blkdev_issue_discard() (git-fixes). - block: fix infinite loop if the device loses discard capability (git-fixes). - block/loop: Use global lock for ioctl() operation (bsc#1124974). - block: make sure discard bio is aligned with logical block size (git-fixes). - block: make sure writesame bio is aligned with logical block size (git-fixes). - block: move bio_integrity_{intervals,bytes} into blkdev.h (bsc#1114585). - block/swim3: Fix -EBUSY error when re-opening device after unmount (git-fixes). - bluetooth: Fix locking in bt_accept_enqueue() for BH context (bsc#1051510). - bluetooth: Fix unnecessary error message for HCI request completion (bsc#1051510). - bnx2x: Assign unique DMAE channel number for FW DMAE transactions (bsc#1086323). - bnx2x: Clear fip MAC when fcoe offload support is disabled (bsc#1086323). - bnx2x: Fix NULL pointer dereference in bnx2x_del_all_vlans() on some hw (bsc#1086323). - bnx2x: Remove configured vlans as part of unload sequence (bsc#1086323). - bnx2x: Send update-svid ramrod with retry/poll flags enabled (bsc#1086323). - bnxt_en: Fix typo in firmware message timeout logic (bsc#1086282 ). - bnxt_en: Wait longer for the firmware message response to complete (bsc#1086282). - bonding: update nest level on unlink (git-fixes). - bpf: decrease usercnt if bpf_map_new_fd() fails in bpf_map_get_fd_by_id() (bsc#1083647). - bpf: drop refcount if bpf_map_new_fd() fails in map_create() (bsc#1083647). - bpf: fix lockdep false positive in percpu_freelist (bsc#1083647). - bpf: fix replace_map_fd_with_map_ptr's ldimm64 second imm field (bsc#1083647). - bpf: fix sanitation rewrite in case of non-pointers (bsc#1083647). - bpf: Fix syscall's stackmap lookup potential deadlock (bsc#1083647). - bpf, lpm: fix lookup bug in map_delete_elem (bsc#1083647). - bpf/verifier: fix verifier instability (bsc#1056787). - bsg: allocate sense buffer if requested (bsc#1106811). - bsg: Do not copy sense if no response buffer is allocated (bsc#1106811,bsc#1126555). - btrfs: dedupe_file_range ioctl: remove 16MiB restriction (bsc#1127494). - btrfs: do not unnecessarily pass write_lock_level when processing leaf (bsc#1126802). - btrfs: ensure that a DUP or RAID1 block group has exactly two stripes (bsc#1128451). - btrfs: fix clone vs chattr NODATASUM race (bsc#1127497). - btrfs: fix corruption reading shared and compressed extents after hole punching (bsc#1126476). - btrfs: fix deadlock when allocating tree block during leaf/node split (bsc#1126806). - btrfs: fix deadlock when using free space tree due to block group creation (bsc#1126804). - btrfs: fix fsync after succession of renames and unlink/rmdir (bsc#1126488). - btrfs: fix fsync after succession of renames of different files (bsc#1126481). - btrfs: fix invalid-free in btrfs_extent_same (bsc#1127498). - btrfs: fix reading stale metadata blocks after degraded raid1 mounts (bsc#1126803). - btrfs: fix use-after-free of cmp workspace pages (bsc#1127603). - btrfs: grab write lock directly if write_lock_level is the max level (bsc#1126802). - btrfs: Improve btrfs_search_slot description (bsc#1126802). - btrfs: move get root out of btrfs_search_slot to a helper (bsc#1126802). - btrfs: qgroup: Cleanup old subtree swap code (bsc#1063638). - btrfs: qgroup: Do not trace subtree if we're dropping reloc tree (bsc#1063638). - btrfs: qgroup: Finish rescan when hit the last leaf of extent tree (bsc#1129327). - btrfs: qgroup: Fix root item corruption when multiple same source snapshots are created with quota enabled (bsc#1122324). - btrfs: qgroup: Introduce function to find all new tree blocks of reloc tree (bsc#1063638). - btrfs: qgroup: Introduce function to trace two swaped extents (bsc#1063638). - btrfs: qgroup: Introduce per-root swapped blocks infrastructure (bsc#1063638). - btrfs: qgroup: Introduce trace event to analyse the number of dirty extents accounted (bsc#1063638 dependency). - btrfs: qgroup: Make qgroup async transaction commit more aggressive (bsc#1113042). - btrfs: qgroup: Only trace data extents in leaves if we're relocating data block group (bsc#1063638). - btrfs: qgroup: Refactor btrfs_qgroup_trace_subtree_swap (bsc#1063638). - btrfs: qgroup: Search commit root for rescan to avoid missing extent (bsc#1129326). - btrfs: qgroup: Use delayed subtree rescan for balance (bsc#1063638). - btrfs: qgroup: Use generation-aware subtree swap to mark dirty extents (bsc#1063638). - btrfs: quota: Set rescan progress to (u64)-1 if we hit last leaf (bsc#1129327). - btrfs: relocation: Delay reloc tree deletion after merge_reloc_roots (bsc#1063638). - btrfs: reloc: Fix NULL pointer dereference due to expanded reloc_root lifespan (bsc#1129497). - btrfs: remove always true check in unlock_up (bsc#1126802). - btrfs: remove superfluous free_extent_buffer in read_block_for_search (bsc#1126802). - btrfs: remove unnecessary level check in balance_level (bsc#1126802). - btrfs: remove unused check of skip_locking (bsc#1126802). - btrfs: reuse cmp workspace in EXTENT_SAME ioctl (bsc#1127495). - btrfs: send, fix race with transaction commits that create snapshots (bsc#1126802). - btrfs: simplify IS_ERR/PTR_ERR checks (bsc#1126481). - btrfs: split btrfs_extent_same (bsc#1127493). - btrfs: use kvzalloc for EXTENT_SAME temporary data (bsc#1127496). - btrfs: use more straightforward extent_buffer_uptodate check (bsc#1126802). - can: bcm: check timer values before ktime conversion (bsc#1051510). - can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it (bsc#1051510). - can: gw: ensure DLC boundaries after CAN frame modification (bsc#1051510). - cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader (bsc#1051510). - cdc-wdm: pass return value of recover_from_urb_loss (bsc#1051510). - ceph: avoid repeatedly adding inode to mdsc->snap_flush_list (bsc#1126790). - ceph: clear inode pointer when snap realm gets dropped by its inode (bsc#1125799). - cfg80211: extend range deviation for DMG (bsc#1051510). - ch: add missing mutex_lock()/mutex_unlock() in ch_release() (bsc#1124235). - char/mwave: fix potential Spectre v1 vulnerability (bsc#1051510). - checkstack.pl: fix for aarch64 (bsc#1051510). - ch: fixup refcounting imbalance for SCSI devices (bsc#1124235). - cifs: add missing debug entries for kconfig options (bsc#1051510). - cifs: add missing support for ACLs in smb 3.11 (bsc#1051510). - cifs: add sha512 secmech (bsc#1051510). - cifs: Add support for reading attributes on smb2+ (bsc#1051510). - cifs: Add support for writing attributes on smb2+ (bsc#1051510). - cifs: Always resolve hostname before reconnecting (bsc#1051510). - cifs: connect to servername instead of IP for IPC$ share (bsc#1051510). - cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510). - cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510). - cifs: Fix error mapping for smb2_LOCK command which caused OFD lock problem (bsc#1051510). - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510). - cifs: Fix NULL pointer dereference of devname (bnc#1129519). - cifs: fix return value for cifs_listxattr (bsc#1051510). - cifs: Fix separator when building path from dentry (bsc#1051510). - cifs: fix set info (bsc#1051510). - cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510). - cifs: fix wrapping bugs in num_entries() (bsc#1051510). - cifs: For smb2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510). - cifs: hide unused functions (bsc#1051510). - cifs: hide unused functions (bsc#1051510). - cifs: implement v3.11 preauth integrity (bsc#1051510). - cifs: invalidate cache when we truncate a file (bsc#1051510). - cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510). - cifs: OFD locks do not conflict with eachothers (bsc#1051510). - cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510). - cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510). - cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510). - cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510). - cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510). - cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510). - cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510). - cifs: Use ULL suffix for 64-bit constant (bsc#1051510). - clk: armada-370: fix refcount leak in a370_clk_init() (bsc#1051510). - clk: armada-xp: fix refcount leak in axp_clk_init() (bsc#1051510). - clk: dove: fix refcount leak in dove_clk_init() (bsc#1051510). - clk: highbank: fix refcount leak in hb_clk_init() (bsc#1051510). - clk: imx6q: fix refcount leak in imx6q_clocks_init() (bsc#1051510). - clk: imx6q: reset exclusive gates on init (bsc#1051510). - clk: imx6sl: ensure MMDC CH0 handshake is bypassed (bsc#1051510). - clk: imx6sx: fix refcount leak in imx6sx_clocks_init() (bsc#1051510). - clk: imx7d: fix refcount leak in imx7d_clocks_init() (bsc#1051510). - clk: kirkwood: fix refcount leak in kirkwood_clk_init() (bsc#1051510). - clk: mv98dx3236: fix refcount leak in mv98dx3236_clk_init() (bsc#1051510). - clk: qoriq: fix refcount leak in clockgen_init() (bsc#1051510). - clk: rockchip: fix typo in rk3188 spdif_frac parent (bsc#1051510). - clk: samsung: exynos4: fix refcount leak in exynos4_get_xom() (bsc#1051510). - clk: socfpga: fix refcount leak (bsc#1051510). - clk: sunxi: A31: Fix wrong AHB gate number (bsc#1051510). - clk: sunxi-ng: a33: Set CLK_SET_RATE_PARENT for all audio module clocks (bsc#1051510). - clk: sunxi-ng: enable so-said LDOs for A64 SoC's pll-mipi clock (bsc#1051510). - clk: sunxi-ng: h3/h5: Fix CSI_MCLK parent (bsc#1051510). - clk: sunxi-ng: sun8i-a23: Enable PLL-MIPI LDOs when ungating it (bsc#1051510). - clk: uniphier: Fix update register for CPU-gear (bsc#1051510). - clk: vf610: fix refcount leak in vf610_clocks_init() (bsc#1051510). - clocksource/drivers/exynos_mct: Fix error path in timer resources initialization (bsc#1051510). - clocksource/drivers/integrator-ap: Add missing of_node_put() (bsc#1051510). - clocksource/drivers/sun5i: Fail gracefully when clock rate is unavailable (bsc#1051510). - configfs: fix registered group removal (bsc#1051510). - copy_mount_string: Limit string length to PATH_MAX (bsc#1082943). - cpufreq: Cap the default transition delay value to 10 ms (bsc#1127042). - cpufreq: conservative: Take limits changes into account properly (bsc#1051510). - cpufreq: governor: Avoid accessing invalid governor_data (bsc#1051510). - cpufreq: governor: Drop min_sampling_rate (bsc#1127042). - cpufreq: governor: Ensure sufficiently large sampling intervals (bsc#1127042). - cpufreq: imx6q: add return value check for voltage scale (bsc#1051510). - cpufreq: Use transition_delay_us for legacy governors as well (bsc#1127042). - cpuidle: big.LITTLE: fix refcount leak (bsc#1051510). - cramfs: fix abad comparison when wrap-arounds occur (bsc#1051510). - crypto: aes_ti - disable interrupts while accessing S-box (bsc#1051510). - crypto: ahash - fix another early termination in hash walk (bsc#1051510). - crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling (bsc#1051510). - crypto: arm/crct10dif - revert to C code for short inputs (bsc#1051510). - crypto: authencesn - Avoid twice completion call in decrypt path (bsc#1051510). - crypto: authenc - fix parsing key with misaligned rta_len (bsc#1051510). - crypto: bcm - convert to use crypto_authenc_extractkeys() (bsc#1051510). - crypto: brcm - Fix some set-but-not-used warning (bsc#1051510). - crypto: caam - fixed handling of sg list (bsc#1051510). - crypto: caam - fix zero-length buffer DMA mapping (bsc#1051510). - crypto: cavium/zip - fix collision with generic cra_driver_name (bsc#1051510). - crypto: crypto4xx - add missing of_node_put after of_device_is_available (bsc#1051510). - crypto: crypto4xx - Fix wrong ppc4xx_trng_probe()/ppc4xx_trng_remove() arguments (bsc#1051510). - crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails (bsc#1051510). - crypto: testmgr - skip crc32c context test for ahash algorithms (bsc#1051510). - crypto: tgr192 - fix unaligned memory access (bsc#1051510). - crypto: user - support incremental algorithm dumps (bsc#1120902). - crypto: ux500 - Use proper enum in cryp_set_dma_transfer (bsc#1051510). - crypto: ux500 - Use proper enum in hash_set_dma_transfer (bsc#1051510). - cw1200: drop useless LIST_HEAD (bsc#1051510). - cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan() (bsc#1051510). - cw1200: fix missing unlock on error in cw1200_hw_scan() (bsc#1051510). - dccp: fool proof ccid_hc_[rt]x_parse_options() (bsc#1051510). - debugfs: fix debugfs_rename parameter checking (bsc#1051510). - dlm: Do not swamp the CPU with callbacks queued during recovery (bsc#1051510). - dlm: fixed memory leaks after failed ls_remove_names allocation (bsc#1051510). - dlm: lost put_lkb on error path in receive_convert() and receive_unlock() (bsc#1051510). - dlm: memory leaks on error path in dlm_user_request() (bsc#1051510). - dlm: possible memory leak on error path in create_lkb() (bsc#1051510). - dmaengine: at_hdmac: drop useless LIST_HEAD (bsc#1051510). - dmaengine: at_hdmac: fix memory leak in at_dma_xlate() (bsc#1051510). - dmaengine: at_hdmac: fix module unloading (bsc#1051510). - dmaengine: at_xdmac: Fix wrongfull report of a channel as in use (bsc#1051510). - dmaengine: bcm2835: Fix abort of transactions (bsc#1051510). - dmaengine: bcm2835: Fix interrupt race on RT (bsc#1051510). - dmaengine: dma-jz4780: Return error if not probed from DT (bsc#1051510). - dmaengine: dmatest: Abort test in case of mapping error (bsc#1051510). - dmaengine: dw: drop useless LIST_HEAD (bsc#1051510). - dmaengine: dw: Fix FIFO size for Intel Merrifield (bsc#1051510). - dmaengine: imx-dma: fix wrong callback invoke (bsc#1051510). - dmaengine: mv_xor: Use correct device for DMA API (bsc#1051510). - dmaengine: pl330: drop useless LIST_HEAD (bsc#1051510). - dmaengine: sa11x0: drop useless LIST_HEAD (bsc#1051510). - dmaengine: st_fdma: drop useless LIST_HEAD (bsc#1051510). - dmaengine: stm32-dma: fix incomplete configuration in cyclic mode (bsc#1051510). - dmaengine: xilinx_dma: Remove __aligned attribute on zynqmp_dma_desc_ll (bsc#1051510). - dma: Introduce dma_max_mapping_size() (bsc#1120008). - dm cache metadata: verify cache has blocks in blocks_are_clean_separate_dirty() (git-fixes). - dm: call blk_queue_split() to impose device limits on bios (git-fixes). - dm: do not allow readahead to limit IO size (git-fixes). - dm thin: send event about thin-pool state change _after_ making it (git-fixes). - dm zoned: Fix target BIO completion handling (git-fixes). - doc: rcu: Suspicious RCU usage is a warning (bsc#1051510). - doc/README.SUSE: Correct description for building a kernel (bsc#1123348) - Do not log confusing message on reconnect by default (bsc#1129664). - Do not log expected error on DFS referral request (bsc#1051510). - driver core: Do not resume suppliers under device_links_write_lock() (bsc#1051510). - driver core: Move async_synchronize_full call (bsc#1051510). - drivers: core: Remove glue dirs from sysfs earlier (bsc#1051510). - drivers: hv: vmbus: Check for ring when getting debug info (bsc#1126389, bsc#1126579). - drivers: hv: vmbus: preserve hv_ringbuffer_get_debuginfo kABI (bsc#1126389, bsc#1126579). - drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels (bsc#1126389, bsc#1126579). - drivers/misc/sgi-gru: fix Spectre v1 vulnerability (bsc#1051510). - drivers/net/ethernet/qlogic/qed/qed_rdma.h: fix typo (bsc#1086314 bsc#1086313 bsc#1086301 ). - drivers/sbus/char: add of_node_put() (bsc#1051510). - drm/amdgpu: Add delay after enable RLC ucode (bsc#1051510). - drm/ast: Fix connector leak during driver unload (bsc#1051510). - drm/ast: fixed reading monitor EDID not stable issue (bsc#1051510). - drm/atomic-helper: Complete fake_commit->flip_done potentially earlier (bsc#1051510). - drm: Block fb changes for async plane updates (bsc#1051510). - drm/bridge: tc358767: add defines for DP1_SRCCTRL & PHY_2LANE (bsc#1051510). - drm/bridge: tc358767: fix initial DP0/1_SRCCTRL value (bsc#1051510). - drm/bridge: tc358767: fix output H/V syncs (bsc#1051510). - drm/bridge: tc358767: fix single lane configuration (bsc#1051510). - drm/bridge: tc358767: reject modes which require too much BW (bsc#1051510). - drm/bufs: Fix Spectre v1 vulnerability (bsc#1051510). - drm: Clear state->acquire_ctx before leaving drm_atomic_helper_commit_duplicated_state() (bsc#1051510). - drm: disable uncached DMA optimization for ARM and arm64 (bsc#1051510). - drm/etnaviv: NULL vs IS_ERR() buf in etnaviv_core_dump() (bsc#1113722) - drm/etnaviv: potential NULL dereference (bsc#1113722) - drm/fb-helper: Partially bring back workaround for bugs of SDL 1.2 (bsc#1113722) - drm: Fix error handling in drm_legacy_addctx (bsc#1113722) - drm/i915: Block fbdev HPD processing during suspend (bsc#1113722) - drm/i915/fbdev: Actually configure untiled displays (bsc#1113722) - drm/i915: Flush GPU relocs harder for gen3 (bsc#1113722) - drm/i915/gvt: Fix mmap range check (bsc#1120902) - drm/i915/gvt: free VFIO region space in vgpu detach (bsc#1113722) - drm/i915/gvt: release shadow batch buffer and wa_ctx before destroy one workload (bsc#1051510). - drm/i915/opregion: fix version check (bsc#1113722) - drm/i915/opregion: rvda is relative from opregion base in opregion (bsc#1113722) - drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set (bsc#1113722) - drm/i915: Redefine some Whiskey Lake SKUs (bsc#1051510). - drm/i915: Use the correct crtc when sanitizing plane mapping (bsc#1113722) - drm/meson: add missing of_node_put (bsc#1051510). - drm/modes: Prevent division by zero htotal (bsc#1051510). - drm/msm: Fix error return checking (bsc#1051510). - drm/msm: Grab a vblank reference when waiting for commit_done (bsc#1051510). - drm/msm: Unblock writer if reader closes file (bsc#1051510). - drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON (bsc#1113722) - drm/nouveau: Do not spew kernel WARNING for each timeout (bsc#1126480). - drm/nouveau: Do not WARN_ON VCPI allocation failures (bsc#1113722) - drm/nouveau/falcon: avoid touching registers if engine is off (bsc#1051510). - drm/nouveau/pmu: do not print reply values if exec is false (bsc#1113722) - drm/nouveau/tmr: detect stalled gpu timer and break out of waits (bsc#1123538). - drm/radeon/evergreen_cs: fix missing break in switch statement (bsc#1113722) - drm: Reorder set_property_atomic to avoid returning with an active ww_ctx (bsc#1051510). - drm/rockchip: fix for mailbox read size (bsc#1051510). - drm/shmob: Fix return value check in shmob_drm_probe (bsc#1113722) - drm/sun4i: tcon: Prepare and enable TCON channel 0 clock at init (bsc#1051510). - drm/vmwgfx: Do not double-free the mode stored in par->set_mode (bsc#1103429) - drm/vmwgfx: Fix setting of dma masks (bsc#1120902) - drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user (bsc#1120902) - e1000e: allow non-monotonic SYSTIM readings (bsc#1051510). - earlycon: Initialize port->uartclk based on clock-frequency property (bsc#1051510). - earlycon: Remove hardcoded port->uartclk initialization in of_setup_earlycon (bsc#1051510). - Enable CONFIG_RDMA_RXE=m also for ppc64le (bsc#1107665,) - enic: fix build warning without CONFIG_CPUMASK_OFFSTACK (bsc#1051510). - enic: fix checksum validation for IPv6 (bsc#1051510). - esp6: fix memleak on error path in esp6_input (bsc#1051510). - esp: Fix locking on page fragment allocation (bsc#1051510). - esp: Fix memleaks on error paths (bsc#1051510). - esp: Fix skb tailroom calculation (bsc#1051510). - exportfs: do not read dentry after free (bsc#1051510). - ext4: avoid kernel warning when writing the superblock to a dead device (bsc#1124981). - ext4: check for shutdown and r/o file system in ext4_write_inode() (bsc#1124978). - ext4: fix a potential fiemap/page fault deadlock w/ inline_data (bsc#1124980). - ext4: Fix crash during online resizing (bsc#1122779). - ext4: force inode writes when nfsd calls commit_metadata() (bsc#1125125). - ext4: include terminating u32 in size of xattr entries when expanding inodes (bsc#1124976). - ext4: make sure enough credits are reserved for dioread_nolock writes (bsc#1124979). - ext4: track writeback errors using the generic tracking infrastructure (bsc#1124982). - fanotify: fix handling of events on child sub-directory (bsc#1122019). - fat: validate ->i_start before using (bsc#1051510). - fbdev: chipsfb: remove set but not used variable 'size' (bsc#1113722) - firmware/efi: Add NULL pointer checks in efivars API functions (bsc#1051510). - Fix kabi issues with new transport sharing code (bsc#1114893). - Fix problem with sharetransport= and NFSv4 (bsc#1114893). - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510). - floppy: check_events callback should not return a negative number (bsc#1051510). - fork: do not copy inconsistent signal handler state to child (bsc#1051510). - fork: record start_time late (git-fixes). - fork: unconditionally clear stack on fork (git-fixes). - fs/cifs: require sha512 (bsc#1051510). - fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() (git-fixes). - fs/devpts: always delete dcache dentry-s in dput() (git-fixes). - fuse: call pipe_buf_release() under pipe lock (bsc#1051510). - fuse: continue to send FUSE_RELEASEDIR when FUSE_OPEN returns ENOSYS (bsc#1051510). - fuse: decrement NR_WRITEBACK_TEMP on the right page (bsc#1051510). - fuse: handle zero sized retrieve correctly (bsc#1051510). - futex: Fix (possible) missed wakeup (bsc#1050549). - gdrom: fix a memory leak bug (bsc#1051510). - geneve: cleanup hard coded value for Ethernet header length (bsc#1123456). - geneve: correctly handle ipv6.disable module parameter (bsc#1051510). - geneve, vxlan: Do not check skb_dst() twice (bsc#1123456). - geneve, vxlan: Do not set exceptions if skb->len < mtu (bsc#1123456). - genwqe: Fix size check (bsc#1051510). - gfs2: Revert 'Fix loop in gfs2_rbm_find' (bsc#1120601). - gianfar: fix a flooded alignment reports because of padding issue (bsc#1051510). - gianfar: Fix Rx byte accounting for ndev stats (bsc#1051510). - gianfar: prevent integer wrapping in the rx handler (bsc#1051510). - gpio: altera-a10sr: Set proper output level for direction_output (bsc#1051510). - gpio: pcf857x: Fix interrupts on multiple instances (bsc#1051510). - gpio: pl061: handle failed allocations (bsc#1051510). - gpio: pl061: Move irq_chip definition inside struct pl061 (bsc#1051510). - gpio: vf610: Mask all GPIO interrupts (bsc#1051510). - gpu: ipu-v3: Fix CSI offsets for imx53 (bsc#1113722) - gpu: ipu-v3: Fix i.MX51 CSI control registers offset (bsc#1113722) - gpu: ipu-v3: image-convert: Prevent race between run and unprepare (bsc#1051510). - gro_cell: add napi_disable in gro_cells_destroy (networking-stable-19_01_04). - gro_cells: make sure device is up in gro_cells_receive() (git-fixes). - hfs: do not free node before using (bsc#1051510). - hfsplus: do not free node before using (bsc#1051510). - hfsplus: prevent btree data loss on root split (bsc#1051510). - hfs: prevent btree data loss on root split (bsc#1051510). - hid: lenovo: Add checks to fix of_led_classdev_register (bsc#1051510). - hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable (git-fixes). - hvc_opal: do not set tb_ticks_per_usec in udbg_init_opal_common() (bsc#1051510). - hv: v4.12 API for hyperv-iommu (bsc#1122822). - hwmon/k10temp: Add support for AMD family 17h, model 30h CPUs (). - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (). - hwmon: (lm80) fix a missing check of bus read in lm80 probe (bsc#1051510). - hwmon: (lm80) fix a missing check of the status of smbus read (bsc#1051510). - hwmon: (lm80) Fix missing unlock on error in set_fan_div() (bsc#1051510). - hwmon: (tmp421) Correct the misspelling of the tmp442 compatible attribute in OF device ID table (bsc#1051510). - HYPERV/IOMMU: Add Hyper-V stub IOMMU driver (bsc#1122822). - i2c-axxia: check for error conditions first (bsc#1051510). - i2c: bcm2835: Clear current buffer pointers and counts after a transfer (bsc#1051510). - i2c: cadence: Fix the hold bit setting (bsc#1051510). - i2c: dev: prevent adapter retries and timeout being set as minus value (bsc#1051510). - i2c: omap: Use noirq system sleep pm ops to idle device for suspend (bsc#1051510). - i2c: sh_mobile: add support for r8a77990 (R-Car E3) (bsc#1051510). - i40e: fix mac filter delete when setting mac address (bsc#1056658 bsc#1056662). - i40e: report correct statistics when XDP is enabled (bsc#1056658 bsc#1056662). - i40e: restore NETIF_F_GSO_IPXIP to netdev features (bsc#1056658 bsc#1056662). - IB/core: Destroy QP if XRC QP fails (bsc#1046306). - IB/core: Fix potential memory leak while creating MAD agents (bsc#1046306). - IB/core: Unregister notifier before freeing MAD security (bsc#1046306). - IB/hfi1: Close race condition on user context disable and close (bsc#1060463). - IB/mlx5: Unmap DMA addr from HCA before IOMMU (bsc#1046305 ). - ibmveth: Do not process frames after calling napi_reschedule (bcs#1123357). - ibmveth: fix DMA unmap error in ibmveth_xmit_start error path (networking-stable-19_01_04). - ibmvnic: Add ethtool private flag for driver-defined queue limits (bsc#1121726). - ibmvnic: Increase maximum queue size limit (bsc#1121726). - ibmvnic: Introduce driver limits for ring sizes (bsc#1121726). - ibmvnic: Report actual backing device speed and duplex values (bsc#1129923). - ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton (bsc#1119019). - ide: pmac: add of_node_put() (bsc#1051510). - ieee802154: ca8210: fix possible u8 overflow in ca8210_rx_done (bsc#1051510). - ieee802154: lowpan_header_create check must check daddr (networking-stable-19_01_04). - igb: Fix an issue that PME is not enabled during runtime suspend (bsc#1051510). - iio: accel: kxcjk1013: Add KIOX010A acpi Hardware-ID (bsc#1051510). - iio: adc: exynos-adc: Fix NULL pointer exception on unbind (bsc#1051510). - iio: chemical: atlas-ph-sensor: correct IIO_TEMP values to millicelsius (bsc#1051510). - input: bma150 - register input device after setting private data (bsc#1051510). - input: elan_i2c - add acpi ID for touchpad in ASUS Aspire F5-573G (bsc#1051510). - input: elan_i2c - add acpi ID for touchpad in Lenovo V330-15ISK (bsc#1051510). - input: elan_i2c - add id for touchpad found in Lenovo s21e-20 (bsc#1051510). - input: elantech - enable 3rd button support on Fujitsu CELSIUS H780 (bsc#1051510). - input: omap-keypad - fix idle configuration to not block SoC idle states (bsc#1051510). - input: raspberrypi-ts - fix link error (git-fixes). - input: raspberrypi-ts - select CONFIG_INPUT_POLLDEV (git-fixes). - input: restore EV_ABS ABS_RESERVED (bsc#1051510). - input: synaptics - enable RMI on ThinkPad T560 (bsc#1051510). - input: synaptics - enable smbus for HP EliteBook 840 G4 (bsc#1051510). - input: wacom_serial4 - add support for Wacom ArtPad II tablet (bsc#1051510). - input: xpad - add support for SteelSeries Stratus Duo (bsc#1111666). - intel_th: Do not reference unassigned outputs (bsc#1051510). - intel_th: gth: Fix an off-by-one in output unassigning (bsc#1051510). - iomap: fix integer truncation issues in the zeroing and dirtying helpers (bsc#1125947). - iomap: warn on zero-length mappings (bsc#1127062). - iommu/amd: Call free_iova_fast with pfn in map_sg (bsc#1106105). - iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#1106105). - iommu/amd: Unmap all mapped pages in error path of map_sg (bsc#1106105). - iommu/dmar: Fix buffer overflow during PCI bus notification (bsc#1129181). - iommu: Document iommu_ops.is_attach_deferred() (bsc#1129182). - iommu/io-pgtable-arm-v7s: Only kmemleak_ignore L2 tables (bsc#1129205). - iommu/vt-d: Check identity map for hot-added devices (bsc#1129183). - iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions() (bsc#1106105). - iommu/vt-d: Fix NULL pointer reference in intel_svm_bind_mm() (bsc#1129184). - ip6mr: Fix potential Spectre v1 vulnerability (networking-stable-19_01_04). - ip6_tunnel: get the min mtu properly in ip6_tnl_xmit (bsc#1123456). - ip6_tunnel: use the right value for ipv4 min mtu check in ip6_tnl_xmit (bsc#1123456). - ipmi:pci: Blacklist a Realtek 'IPMI' device (git-fixes). - ipmi:ssif: Fix handling of multi-part return messages (bsc#1051510). - ip: on queued skb use skb_header_pointer instead of pskb_may_pull (git-fixes). - ipsec: check return value of skb_to_sgvec always (bsc#1051510). - ipv4: Fix potential Spectre v1 vulnerability (networking-stable-19_01_04). - ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes (networking-stable-18_12_12). - ipv4: speedup ipv6 tunnels dismantle (bsc#1122982). - ipv6: addrlabel: per netns list (bsc#1122982). - ipv6: Check available headroom in ip6_xmit() even without options (networking-stable-18_12_12). - ipv6: Consider sk_bound_dev_if when binding a socket to an address (networking-stable-19_02_01). - ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address (networking-stable-19_01_22). - ipv6: explicitly initialize udp6_addr in udp_sock_create6() (networking-stable-19_01_04). - ipv6: fix kernel-infoleak in ipv6_local_error() (networking-stable-19_01_20). - ipv6: speedup ipv6 tunnels dismantle (bsc#1122982). Refresh patches.suse/ip6_vti-fix-a-null-pointer-deference-when-destroy-vt.patch - ipv6: sr: properly initialize flowi6 prior passing to ip6_route_output (networking-stable-18_12_12). - ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses (networking-stable-19_01_22). - ipv6: tunnels: fix two use-after-free (networking-stable-19_01_04). - ip: validate header length on virtual device xmit (networking-stable-19_01_04). - ipvlan, l3mdev: fix broken l3s mode wrt local routes (networking-stable-19_02_01). - irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size (bsc#1051510). - irqchip/gic-v3-its: Do not bind LPI to unavailable NUMA node (bsc#1051510). - irqchip/gic-v3-its: Fix ITT_entry_size accessor (bsc#1051510). - iscsi target: fix session creation failure handling (bsc#1051510). - isdn: avm: Fix string plus integer warning from Clang (bsc#1051510). - isdn: fix kernel-infoleak in capi_unlocked_ioctl (bsc#1051510). - isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw() (bsc#1051510). - isdn: i4l: isdn_tty: Fix some concurrency double-free bugs (bsc#1051510). - iser: set sector for ambiguous mr status errors (bsc#1051510). - iwlwifi: mvm: avoid possible access out of array (bsc#1051510). - iwlwifi: mvm: fix A-MPDU reference assignment (bsc#1051510). - iwlwifi: mvm: fix RSS config command (bsc#1051510). - iwlwifi: pcie: fix emergency path (bsc#1051510). - iwlwifi: pcie: fix TX while flushing (bsc#1120902). - ixgbe: Be more careful when modifying MAC filters (bsc#1051510). - ixgbe: check return value of napi_complete_done() (bsc#1051510). - ixgbe: recognize 1000BaseLX SFP modules as 1Gbps (bsc#1051510). - jffs2: Fix use of uninitialized delayed_work, lockdep breakage (bsc#1051510). - kabi: cpufreq: keep min_sampling_rate in struct dbs_data (bsc#1127042). - kabi: fix xhci kABI stability (bsc#1119086). - kabi: handle addition of ip6addrlbl_table into struct netns_ipv6 (bsc#1122982). - kabi: handle addition of uevent_sock into struct net (bsc#1122982). - kabi: Preserve kABI for dma_max_mapping_size() (bsc#1120008). - kabi: protect struct sctp_association (kabi). - kabi: protect struct smc_buf_desc (bnc#1117947, LTC#173662). - kabi: protect struct smc_link (bnc#1117947, LTC#173662). - kabi: protect vhost_log_write (kabi). - kabi: restore ip_tunnel_delete_net() (bsc#1122982). - kABI workaroudn for ath9k ath_node.ackto type change (bsc#1051510). - kABI workaround for bt_accept_enqueue() change (bsc#1051510). - kABI workaround for deleted snd_hda_register_beep_device() (bsc#1122944). - kABI workaround for snd_hda_bus.bus_probing addition (bsc#1122944). - kallsyms: Handle too long symbols in kallsyms.c (bsc#1126805). - kconfig: fix file name and line number of warn_ignored_character() (bsc#1051510). - kconfig: fix line numbers for if-entries in menu tree (bsc#1051510). - kconfig: fix memory leak when EOF is encountered in quotation (bsc#1051510). - kconfig: fix the rule of mainmenu_stmt symbol (bsc#1051510). - kernel/exit.c: release ptraced tasks before zap_pid_ns_processes (git-fixes). - keys: allow reaching the keys quotas exactly (bsc#1051510). - keys: Timestamp new keys (bsc#1051510). - kgdboc: fix KASAN global-out-of-bounds bug in param_set_kgdboc_var() (bsc#1051510). - kgdboc: Fix restrict error (bsc#1051510). - kgdboc: Fix warning with module build (bsc#1051510). - kobject: add kobject_uevent_net_broadcast() (bsc#1122982). - kobject: copy env blob in one go (bsc#1122982). - kobject: factorize skb setup in kobject_uevent_net_broadcast() (bsc#1122982). - kprobes: Return error if we fail to reuse kprobe instead of BUG_ON() (bsc#1051510). - kvm: arm/arm64: Properly protect VGIC locks from IRQs (bsc#1117155). - kvm: arm/arm64: VGIC/ITS: Promote irq_lock() in update_affinity (bsc#1117155). - kvm: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock (bsc#1117155). - kvm: arm/arm64: VGIC/ITS save/restore: protect kvm_read_guest() calls (bsc#1117155). - kvm: mmu: Fix race in emulated page table writes (bsc#1129284). - kvm: nVMX: Free the VMREAD/VMWRITE bitmaps if alloc_kvm_area() fails (bsc#1129291). - kvm: nVMX: NMI-window and interrupt-window exiting should wake L2 from HLT (bsc#1129292). - kvm: nVMX: Set VM instruction error for VMPTRLD of unbacked page (bsc#1129293). - kvm: PPC: Book3S PR: Set hflag to indicate that POWER9 supports 1T segments (bsc#1124589). - kvm: sev: Fail KVM_SEV_INIT if already initialized (bsc#1114279). - kvm: vmx: Set IA32_TSC_AUX for legacy mode guests (bsc#1129294). - kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs (bsc#1127082). - kvm: x86: fix L1TF's MMIO GFN calculation (bsc#1124204). - kvm: x86: Fix single-step debugging (bsc#1129295). - kvm: x86: Use jmp to invoke kvm_spurious_fault() from .fixup (bsc#1129296). - l2tp: copy 4 more bytes to linear part if necessary (networking-stable-19_02_01). - l2tp: fix infoleak in l2tp_ip6_recvmsg() (git-fixes). - l2tp: fix reading optional fields of L2TPv3 (networking-stable-19_02_01). - lan78xx: Resolve issue with changing MAC address (bsc#1051510). - leds: lp5523: fix a missing check of return value of lp55xx_read (bsc#1051510). - leds: lp55xx: fix null deref on firmware load failure (bsc#1051510). - libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive() (bsc#1125800). - libceph: handle an empty authorize reply (bsc#1126789). - lib/div64.c: off by one in shift (bsc#1051510). - libnvdimm: Fix altmap reservation size calculation (bsc#1127682). - libnvdimm/label: Clear 'updating' flag after label-set update (bsc#1129543). - libnvdimm/pmem: Honor force_raw for legacy pmem regions (bsc#1129551). - lib/rbtree-test: lower default params (git-fixes). - lightnvm: fail fast on passthrough commands (bsc#1125780). - livepatch: Change unsigned long old_addr -> void *old_func in struct klp_func (bsc#1071995). - livepatch: Consolidate klp_free functions (bsc#1071995 ). - livepatch: core: Return EOPNOTSUPP instead of ENOSYS (bsc#1071995). - livepatch: Define a macro for new API identification (bsc#1071995). - livepatch: Do not block the removal of patches loaded after a forced transition (bsc#1071995). - livepatch: Introduce klp_for_each_patch macro (bsc#1071995 ). - livepatch: Module coming and going callbacks can proceed with all listed patches (bsc#1071995). - livepatch: Proper error handling in the shadow variables selftest (bsc#1071995). - livepatch: Remove ordering (stacking) of the livepatches (bsc#1071995). - livepatch: Remove signal sysfs attribute (bsc#1071995 ). - livepatch: return -ENOMEM on ptr_id() allocation failure (bsc#1071995). - livepatch: Send a fake signal periodically (bsc#1071995 ). - livepatch: Shuffle klp_enable_patch()/klp_disable_patch() code (bsc#1071995). - livepatch: Simplify API by removing registration step (bsc#1071995). - llc: do not use sk_eat_skb() (bsc#1051510). - lockd: fix access beyond unterminated strings in prints (git-fixes). - locking/rwsem: Fix (possible) missed wakeup (bsc#1050549). - loop: drop caches if offset or block_size are changed (bsc#1124975). - loop: Reintroduce lo_ctl_mutex removed by commit 310ca162d (bsc#1124974). - LSM: Check for NULL cred-security on free (bsc#1051510). - mac80211: Add attribute aligned(2) to struct 'action' (bsc#1051510). - mac80211: do not initiate TDLS connection if station is not associated to AP (bsc#1051510). - mac80211: ensure that mgmt tx skbs have tailroom for encryption (bsc#1051510). - mac80211: fix miscounting of ttl-dropped frames (bsc#1051510). - mac80211: fix radiotap vendor presence bitmap handling (bsc#1051510). - mac80211: Free mpath object when rhashtable insertion fails (bsc#1051510). - mac80211: Restore vif beacon interval if start ap fails (bsc#1051510). - macvlan: Only deliver one copy of the frame to the macvlan interface (bsc#1051510). - mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush timeout issue (bsc#1051510). - mdio_bus: Fix use-after-free on device_register fails (bsc#1051510). - media: adv*/tc358743/ths8200: fill in min width/height/pixelclock (bsc#1051510). - media: DaVinci-VPBE: fix error handling in vpbe_initialize() (bsc#1051510). - media: dt-bindings: media: i2c: Fix i2c address for OV5645 camera sensor (bsc#1051510). - media: firewire: Fix app_info parameter type in avc_ca{,_app}_info (bsc#1051510). - media: mtk-vcodec: Release device nodes in mtk_vcodec_init_enc_pm() (bsc#1051510). - media: s5k4ecgx: delete a bogus error message (bsc#1051510). - media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration (bsc#1051510). - media: s5p-jpeg: Correct step and max values for V4L2_CID_JPEG_RESTART_INTERVAL (bsc#1051510). - media: s5p-mfc: fix incorrect bus assignment in virtual child device (bsc#1051510). - media: usb: pwc: Do not use coherent DMA buffers for ISO transfer (bsc#1054610). - media: uvcvideo: Avoid NULL pointer dereference at the end of streaming (bsc#1051510). - media: uvcvideo: Fix 'type' check leading to overflow (bsc#1051510). - media: v4l2: i2c: ov7670: Fix PLL bypass register values (bsc#1051510). - media: v4l2-tpg: array index could become negative (bsc#1051510). - media: v4l: ioctl: Validate num_planes for debug messages (bsc#1051510). - media: vb2: be sure to unlock mutex on errors (bsc#1051510). - media: vb2: vb2_mmap: move lock up (bsc#1051510). - media: vivid: fix error handling of kthread_run (bsc#1051510). - media: vivid: free bitmap_cap when updating std/timings/etc (bsc#1051510). - media: vivid: set min width/height to a value > 0 (bsc#1051510). - memstick: Prevent memstick host from getting runtime suspended during card detection (bsc#1051510). - mfd: ab8500-core: Return zero in get_register_interruptible() (bsc#1051510). - mfd: db8500-prcmu: Fix some section annotations (bsc#1051510). - mfd: mc13xxx: Fix a missing check of a register-read failure (bsc#1051510). - mfd: mt6397: Do not call irq_domain_remove if PMIC unsupported (bsc#1051510). - mfd: qcom_rpm: write fw_version to CTRL_REG (bsc#1051510). - mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells (bsc#1051510). - mfd: tps65218: Use devm_regmap_add_irq_chip and clean up error path in probe() (bsc#1051510). - mfd: tps6586x: Handle interrupts on suspend (bsc#1051510). - mfd: twl-core: Fix section annotations on {,un}protect_pm_master (bsc#1051510). - mfd: wm5110: Add missing ASRC rate register (bsc#1051510). - misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data (bsc#1051510). - misc: hmc6352: fix potential Spectre v1 (bsc#1051510). - misc: hpilo: Do not claim unsupported hardware (bsc#1129330). - misc: hpilo: Exclude unsupported device via blacklist (bsc#1129330). - misc: mic/scif: fix copy-paste error in scif_create_remote_lookup (bsc#1051510). - misc: mic: SCIF Fix scif_get_new_port() error handling (bsc#1051510). - misc: sram: enable clock before registering regions (bsc#1051510). - misc: sram: fix resource leaks in probe error path (bsc#1051510). - misc: ti-st: Fix memory leak in the error path of probe() (bsc#1051510). - misc: vexpress: Off by one in vexpress_syscfg_exec() (bsc#1051510). - mISDN: fix a race in dev_expire_timer() (bsc#1051510). - mlx4: trigger IB events needed by SMC (bnc#1117947, LTC#173662). - mlxsw: __mlxsw_sp_port_headroom_set(): Fix a use of local variable (git-fixes). - mlxsw: spectrum: Disable lag port TX before removing it (networking-stable-19_01_22). - mmap: introduce sane default mmap limits (git fixes (mm/mmap)). - mmap: relax file size limit for regular files (git fixes (mm/mmap)). - mmc: atmel-mci: do not assume idle after atmci_request_end (bsc#1051510). - mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1051510). - mmc: bcm2835: Recover from MMC_SEND_EXT_CSD (bsc#1051510). - mmc: dw_mmc-bluefield: : Fix the license information (bsc#1051510). - mmc: Kconfig: Enable CONFIG_MMC_SDHCI_IO_ACCESSORS (bsc#1051510). - mmc: omap: fix the maximum timeout setting (bsc#1051510). - mmc: sdhci-brcmstb: handle mmc_of_parse() errors during probe (bsc#1051510). - mmc: sdhci-esdhc-imx: fix HS400 timing issue (bsc#1051510). - mmc: sdhci-iproc: handle mmc_of_parse() errors during probe (bsc#1051510). - mmc: sdhci-of-esdhc: Fix timeout checks (bsc#1051510). - mmc: sdhci-xenon: Fix timeout checks (bsc#1051510). - mmc: spi: Fix card detection during probe (bsc#1051510). - mm: do not drop unused pages when userfaultd is running (git fixes (mm/userfaultfd)). - mm/hmm: hmm_pfns_bad() was accessing wrong struct (git fixes (mm/hmm)). - mm: hwpoison: use do_send_sig_info() instead of force_sig() (git fixes (mm/hwpoison)). - mm/ksm.c: ignore STABLE_FLAG of rmap_item->address in rmap_walk_ksm() (git fixes (mm/ksm)). - mm: madvise(MADV_DODUMP): allow hugetlbfs pages (git fixes (mm/madvise)). - mm,memory_hotplug: fix scan_movable_pages() for gigantic hugepages (bsc#1127731). - mm: migrate: do not rely on __PageMovable() of newpage after unlocking it (git fixes (mm/migrate)). - mm: migrate: lock buffers before migrate_page_move_mapping() (bsc#1084216). - mm: migrate: Make buffer_migrate_page_norefs() actually succeed (bsc#1084216) - mm: migrate: provide buffer_migrate_page_norefs() (bsc#1084216). - mm: migration: factor out code to compute expected number of page references (bsc#1084216). - mm, oom: fix use-after-free in oom_kill_process (git fixes (mm/oom)). - mm: use swp_offset as key in shmem_replace_page() (git fixes (mm/shmem)). - mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed (git fixes (mm/vmscan)). - Moved patches.fixes/x86-add-tsx-force-abort-cpuid-msr.patch to patches.arch/ and added upstream tags (bsc#1129363) patches.arch/x86-add-tsx-force-abort-cpuid-msr - Move the upstreamed HD-audio fix into sorted section - mpt3sas: check sense buffer before copying sense data (bsc#1106811). - mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking (bsc#1051510). - mtd: cfi_cmdset_0002: Change write buffer to check correct value (bsc#1051510). - mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips (bsc#1051510). - mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary (bsc#1051510). - mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() (bsc#1051510). - mtdchar: fix overflows in adjustment of `count` (bsc#1051510). - mtdchar: fix usage of mtd_ooblayout_ecc() (bsc#1051510). - mtd: docg3: do not set conflicting BCH_CONST_PARAMS option (bsc#1051510). - mtd/maps: fix solutionengine.c printk format warnings (bsc#1051510). - mtd: mtd_oobtest: Handle bitflips during reads (bsc#1051510). - mtd: nand: atmel: fix buffer overflow in atmel_pmecc_user (bsc#1051510). - mtd: nand: atmel: Fix get_sectorsize() function (bsc#1051510). - mtd: nand: atmel: fix of_irq_get() error check (bsc#1051510). - mtd: nand: brcmnand: Disable prefetch by default (bsc#1051510). - mtd: nand: brcmnand: Zero bitflip is not an error (bsc#1051510). - mtd: nand: denali_pci: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bsc#1051510). - mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]() (bsc#1051510). - mtd: nand: Fix nand_do_read_oob() return value (bsc#1051510). - mtd: nand: Fix writing mtdoops to nand flash (bsc#1051510). - mtd: nand: fsl_ifc: Fix nand waitfunc return value (bsc#1051510). - mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM (bsc#1051510). - mtd: nand: ifc: update bufnum mask for ver >= 2.0.0 (bsc#1051510). - mtd: nand: mtk: fix infinite ECC decode IRQ issue (bsc#1051510). - mtd: nand: omap2: Fix subpage write (bsc#1051510). - mtd: nand: pxa3xx: Fix READOOB implementation (bsc#1051510). - mtd: nand: qcom: Add a NULL check for devm_kasprintf() (bsc#1051510). - mtd: nandsim: remove debugfs entries in error path (bsc#1051510). - mtd: nand: sunxi: Fix ECC strength choice (bsc#1051510). - mtd: nand: sunxi: fix potential divide-by-zero error (bsc#1051510). - mtd: nand: vf610: set correct ooblayout (bsc#1051510). - mtd: spi-nor: cadence-quadspi: Fix page fault kernel panic (bsc#1051510). - mtd: spi-nor: Fix Cadence QSPI page fault kernel panic (bsc#1051510). - mtd: spi-nor: fsl-quadspi: fix read error for flash size larger than 16MB (bsc#1051510). - mtd: spi-nor: stm32-quadspi: Fix uninitialized error return code (bsc#1051510). - mv88e6060: disable hardware level MAC learning (bsc#1051510). - nbd: Use set_blocksize() to set device blocksize (bsc#1124984). - neighbour: Avoid writing before skb->head in neigh_hh_output() (networking-stable-18_12_12). - net: 8139cp: fix a BUG triggered by changing mtu with network traffic (networking-stable-18_12_12). - net: add uevent socket member (bsc#1122982). - net: aquantia: driver should correctly declare vlan_features bits (bsc#1051510). - net: aquantia: fixed instack structure overflow (git-fixes). - net: aquantia: Fix hardware DMA stream overload on large MRRS (bsc#1051510). - net: bcmgenet: abort suspend on error (bsc#1051510). - net: bcmgenet: code movement (bsc#1051510). - net: bcmgenet: fix OF child-node lookup (bsc#1051510). - net: bcmgenet: remove HFB_CTRL access (bsc#1051510). - net: bcmgenet: return correct value 'ret' from bcmgenet_power_down (bsc#1051510). - net: bridge: fix a bug on using a neighbour cache entry without checking its state (networking-stable-19_01_20). - net: bridge: Fix ethernet header pointer before check skb forwardable (networking-stable-19_01_26). - net: core: Fix Spectre v1 vulnerability (networking-stable-19_01_04). - net: do not call update_pmtu unconditionally (bsc#1123456). - net: Do not default Cavium PTP driver to 'y' (bsc#1110096). - net: dp83640: expire old TX-skb (networking-stable-19_02_10). - net: dsa: mv88e6xxx: handle unknown duplex modes gracefully in mv88e6xxx_port_set_duplex (git-fixes). - net: dsa: mv88x6xxx: mv88e6390 errata (networking-stable-19_01_22). - net: dsa: slave: Do not propagate flag changes on down slave interfaces (networking-stable-19_02_10). - net: ena: fix race between link up and device initalization (bsc#1083548). - netfilter: nf_tables: check the result of dereferencing base_chain->stats (git-fixes). - net: Fix usage of pskb_trim_rcsum (networking-stable-19_01_26). - net/hamradio/6pack: use mod_timer() to rearm timers (networking-stable-19_01_04). - net: hns3: add error handler for hns3_nic_init_vector_data() (bsc#1104353). - net: hns3: add handling for big TX fragment (bsc#1104353 ). - net: hns3: Fix client initialize state issue when roce client initialize failed (bsc#1104353). - net: hns3: Fix for loopback selftest failed problem (bsc#1104353 ). - net: hns3: fix for multiple unmapping DMA problem (bsc#1104353 ). - net: hns3: Fix tc setup when netdev is first up (bsc#1104353 ). - net: hns3: Fix tqp array traversal condition for vf (bsc#1104353 ). - net: hns3: move DMA map into hns3_fill_desc (bsc#1104353 ). - net: hns3: remove hns3_fill_desc_tso (bsc#1104353). - net: hns3: rename hns_nic_dma_unmap (bsc#1104353). - net: hns3: rename the interface for init_client_instance and uninit_client_instance (bsc#1104353). - net: ipv4: Fix memory leak in network namespace dismantle (networking-stable-19_01_26). - net: macb: restart tx after tx used bit read (networking-stable-19_01_04). - net/mlx4_core: Add masking for a few queries on HCA caps (networking-stable-19_02_01). - net/mlx4_core: Fix locking in SRIOV mode when switching between events and polling (git-fixes). - net/mlx4_core: Fix qp mtt size calculation (git-fixes). - net/mlx4_core: Fix reset flow when in command polling mode (git-fixes). - net/mlx4_en: Change min MTU size to ETH_MIN_MTU (networking-stable-18_12_12). - net/mlx5e: Allow MAC invalidation while spoofchk is ON (networking-stable-19_02_01). - net/mlx5e: IPoIB, Fix RX checksum statistics update (git-fixes). - net/mlx5e: Remove the false indication of software timestamping support (networking-stable-19_01_04). - net/mlx5e: RX, Fix wrong early return in receive queue poll (bsc#1046305). - net/mlx5: fix uaccess beyond 'count' in debugfs read/write handlers (git-fixes). - net/mlx5: Release resource on error flow (git-fixes). - net/mlx5: Return success for PAGE_FAULT_RESUME in internal error state (git-fixes). - net/mlx5: Typo fix in del_sw_hw_rule (networking-stable-19_01_04). - net/mlx5: Use multi threaded workqueue for page fault handling (git-fixes). - net: netem: fix skb length BUG_ON in __skb_to_sgvec (git-fixes). - netns: restrict uevents (bsc#1122982). - net: phy: do not allow __set_phy_supported to add unsupported modes (networking-stable-18_12_12). - net: phy: Fix the issue that netif always links up after resuming (networking-stable-19_01_04). - net: phy: marvell: Errata for mv88e6390 internal PHYs (networking-stable-19_01_26). - net: phy: mdio_bus: add missing device_del() in mdiobus_register() error handling (networking-stable-19_01_26). - net: phy: Micrel KSZ8061: link failure after cable connect (git-fixes). - netrom: fix locking in nr_find_socket() (networking-stable-19_01_04). - netrom: switch to sock timer API (bsc#1051510). - net/rose: fix NULL ax25_cb kernel panic (networking-stable-19_02_01). - net/sched: act_tunnel_key: fix memory leak in case of action replace (networking-stable-19_01_26). - net_sched: refetch skb protocol for each filter (networking-stable-19_01_26). - net: set default network namespace in init_dummy_netdev() (networking-stable-19_02_01). - net: skb_scrub_packet(): Scrub offload_fwd_mark (networking-stable-18_12_03). - net/smc: abort CLC connection in smc_release (bnc#1117947, LTC#173662). - net/smc: add infrastructure to send delete rkey messages (bnc#1117947, LTC#173662). - net/smc: add SMC-D shutdown signal (bnc#1117947, LTC#173662). - net/smc: allow fallback after clc timeouts (bnc#1117947, LTC#173662). - net/smc: atomic SMCD cursor handling (bnc#1117947, LTC#173662). - net/smc: avoid a delay by waiting for nothing (bnc#1117947, LTC#173662). - net/smc: cleanup listen worker mutex unlocking (bnc#1117947, LTC#173662). - net/smc: cleanup tcp_listen_worker initialization (bnc#1117947, LTC#173662). - net/smc: enable fallback for connection abort in state INIT (bnc#1117947, LTC#173662). - net/smc: fix non-blocking connect problem (bnc#1117947, LTC#173662). - net/smc: fix sizeof to int comparison (bnc#1117947, LTC#173662). - net/smc: fix smc_buf_unuse to use the lgr pointer (bnc#1117947, LTC#173662). - net/smc: fix TCP fallback socket release (networking-stable-19_01_04). - net/smc: make smc_lgr_free() static (bnc#1117947, LTC#173662). - net/smc: no link delete for a never active link (bnc#1117947, LTC#173662). - net/smc: no urgent data check for listen sockets (bnc#1117947, LTC#173662). - net/smc: remove duplicate mutex_unlock (bnc#1117947, LTC#173662). - net/smc: remove sock_error detour in clc-functions (bnc#1117947, LTC#173662). - net/smc: short wait for late smc_clc_wait_msg (bnc#1117947, LTC#173662). - net/smc: unregister rkeys of unused buffer (bnc#1117947, LTC#173662). - net/smc: use after free fix in smc_wr_tx_put_slot() (bnc#1117947, LTC#173662). - net/smc: use queue pair number when matching link group (bnc#1117947, LTC#173662). - net: stmmac: Fix a race in EEE enable callback (git-fixes). - net: stmmac: fix broken dma_interrupt handling for multi-queues (git-fixes). - net: stmmac: Fix PCI module removal leak (git-fixes). - net: stmmac: handle endianness in dwmac4_get_timestamp (git-fixes). - net: stmmac: Use mutex instead of spinlock (git-fixes). - net: systemport: Fix WoL with password after deep sleep (networking-stable-19_02_10). - net: thunderx: fix NULL pointer dereference in nic_remove (git-fixes). - net: thunderx: set tso_hdrs pointer to NULL in nicvf_free_snd_queue (networking-stable-18_12_03). - net: thunderx: set xdp_prog to NULL if bpf_prog_add fails (networking-stable-18_12_03). - net/wan: fix a double free in x25_asy_open_tty() (networking-stable-19_01_04). - nfit: acpi_nfit_ctl(): Check out_obj->type in the right place (bsc#1129547). - nfit/ars: Attempt a short-ARS whenever the ARS state is idle at boot (bsc#1051510). - nfit/ars: Attempt short-ARS even in the no_init_ars case (bsc#1051510). - nfp: bpf: fix ALU32 high bits clearance bug (git-fixes). - nfs: Allow NFSv4 mounts to not share transports (). - nfsd: COPY and CLONE operations require the saved filehandle to be set (git-fixes). - nfsd: Fix an Oops in free_session() (git-fixes). - nfs: Fix a missed page unlock after pg_doio() (git-fixes). - nfs: Fix up return value on fatal errors in nfs_page_async_flush() (git-fixes). - nfs: support 'nosharetransport' option (bnc#807502, bnc#828192, ). - nfsv4.1: Fix the r/wsize checking (git-fixes). - nfsv4: Do not exit the state manager without clearing NFS4CLNT_MANAGER_RUNNING (git-fixes). - niu: fix missing checks of niu_pci_eeprom_read (bsc#1051510). - ntb_transport: Fix bug with max_mw_size parameter (bsc#1051510). - nvme-fc: reject reconnect if io queue count is reduced to zero (bsc#1128351). - nvme: flush namespace scanning work just before removing namespaces (bsc#1108101). - nvme: kABI fix for scan_lock (bsc#1123882). - nvme: lock NS list changes while handling command effects (bsc#1123882). - nvme-loop: fix kernel oops in case of unhandled command (bsc#1126807). - nvme-multipath: drop optimization for static ANA group IDs (bsc#1113939). - nvme-multipath: round-robin I/O policy (bsc#1110705). - nvme-pci: fix out of bounds access in nvme_cqe_pending (bsc#1127595). - of, numa: Validate some distance map rules (bsc#1051510). - of: unittest: Disable interrupt node tests for old world MAC systems (bsc#1051510). - omap2fb: Fix stack memory disclosure (bsc#1120902) - openvswitch: Avoid OOB read when parsing flow nlattrs (bsc#1051510). - openvswitch: fix the incorrect flow action alloc size (bsc#1051510). - openvswitch: Remove padding from packet before L3+ conntrack processing (bsc#1051510). - packet: Do not leak dev refcounts on error exit (git-fixes). - packet: validate address length if non-zero (networking-stable-19_01_04). - packet: validate address length (networking-stable-19_01_04). - parport_pc: fix find_superio io compare code, should use equal test (bsc#1051510). - Partially revert 'block: fail op_is_write() requests to (bsc#1125252). - PCI: add USR vendor id and use it in r8169 and w6692 driver (networking-stable-19_01_22). - PCI: Disable broken RTIT_BAR of Intel TH (bsc#1120318). - pci: endpoint: functions: Use memcpy_fromio()/memcpy_toio() (bsc#1051510). - pci-hyperv: increase HV_VP_SET_BANK_COUNT_MAX to handle 1792 vcpus (bsc#1122822). - pci/PME: Fix hotplug/sysfs remove deadlock in pcie_pme_remove() (bsc#1051510). - pci: qcom: Do not deassert reset GPIO during probe (bsc#1129281). - pcrypt: use format specifier in kobject_add (bsc#1051510). - perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805). - perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805). - perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805). - perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805). - perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805). - perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805). - perf/x86/intel: Fix memory corruption (bsc#1121805). - perf/x86/intel: Fix memory corruption (bsc#1121805). - perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805). - perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805). - perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805). - perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805). - perf/x86/intel: Make cpuc allocations consistent (bsc#1121805). - perf/x86/intel: Make cpuc allocations consistent (bsc#1121805). - phonet: af_phonet: Fix Spectre v1 vulnerability (networking-stable-19_01_04). - phy: allwinner: sun4i-usb: poll vbus changes on A23/A33 when driving VBUS (bsc#1051510). - phy: qcom-qmp: Fix failure path in phy_init functions (bsc#1051510). - phy: qcom-qmp: Fix phy pipe clock gating (bsc#1051510). - phy: renesas: rcar-gen3-usb2: fix vbus_ctrl for role sysfs (bsc#1051510). - phy: rockchip-emmc: retry calpad busy trimming (bsc#1051510). - phy: sun4i-usb: add support for missing USB PHY index (bsc#1051510). - phy: tegra: remove redundant self assignment of 'map' (bsc#1051510). - phy: work around 'phys' references to usb-nop-xceiv devices (bsc#1051510). - pinctrl: max77620: Use define directive for max77620_pinconf_param values (bsc#1051510). - pinctrl: meson: fix pull enable register calculation (bsc#1051510). - pinctrl: meson: meson8b: fix the GPIO function for the GPIOAO pins (bsc#1051510). - pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins (bsc#1051510). - pinctrl: meson: meson8: fix the GPIO function for the GPIOAO pins (bsc#1051510). - pinctrl: msm: fix gpio-hog related boot issues (bsc#1051510). - pinctrl: sh-pfc: emev2: Add missing pinmux functions (bsc#1051510). - pinctrl: sh-pfc: r8a7740: Add missing LCD0 marks to lcd0_data24_1 group (bsc#1051510). - pinctrl: sh-pfc: r8a7740: Add missing REF125CK pin to gether_gmii group (bsc#1051510). - pinctrl: sh-pfc: r8a7778: Fix HSPI pin numbers and names (bsc#1051510). - pinctrl: sh-pfc: r8a7791: Fix scifb2_data_c pin group (bsc#1051510). - pinctrl: sh-pfc: r8a7791: Remove bogus ctrl marks from qspi_data4_b group (bsc#1051510). - pinctrl: sh-pfc: r8a7791: Remove bogus marks from vin1_b_data18 group (bsc#1051510). - pinctrl: sh-pfc: r8a7792: Fix vin1_data18_b pin group (bsc#1051510). - pinctrl: sh-pfc: r8a7794: Remove bogus IPSR9 field (bsc#1051510). - pinctrl: sh-pfc: sh7264: Fix PFCR3 and PFCR0 register configuration (bsc#1051510). - pinctrl: sh-pfc: sh7269: Add missing PCIOR0 field (bsc#1051510). - pinctrl: sh-pfc: sh73a0: Add missing TO pin to tpu4_to3 group (bsc#1051510). - pinctrl: sh-pfc: sh73a0: Fix fsic_spdif pin groups (bsc#1051510). - pinctrl: sh-pfc: sh7734: Add missing IPSR11 field (bsc#1051510). - pinctrl: sh-pfc: sh7734: Fix shifted values in IPSR10 (bsc#1051510). - pinctrl: sh-pfc: sh7734: Remove bogus IPSR10 value (bsc#1051510). - pinctrl: sunxi: a64: Rename function csi0 to csi (bsc#1051510). - pinctrl: sunxi: a64: Rename function ts0 to ts (bsc#1051510). - pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11 (bsc#1051510). - pinctrl: sx150x: handle failure case of devm_kstrdup (bsc#1051510). - pktcdvd: Fix possible Spectre-v1 for pkt_devs (bsc#1051510). - platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes (bsc#1051510). - platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK (bsc#1051510). - platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey (bsc#1051510). - platform/x86: Fix unmet dependency warning for SAMSUNG_Q10 (bsc#1051510). - powerpc/64s: Clear on-stack exception marker upon exception return (bsc#1071995). - powerpc: Add an option to disable static PCI bus numbering (bsc#1122159). - powerpc: Always save/restore checkpointed regs during treclaim/trecheckpoint (bsc#1118338). - powerpc/cacheinfo: Report the correct shared_cpu_map on big-cores (bsc#1109695). - powerpc: Detect the presence of big-cores via 'ibm, thread-groups' (bsc#1109695). - powerpc/livepatch: relax reliable stack tracer checks for first-frame (bsc#1071995). - powerpc/livepatch: small cleanups in save_stack_trace_tsk_reliable() (bsc#1071995). - powerpc: make use of for_each_node_by_type() instead of open-coding it (bsc#1109695). - powerpc/powernv: Clear LPCR[PECE1] via stop-api only for deep state offline (bsc#1119766, bsc#1055121). - powerpc/powernv: Clear PECE1 in LPCR via stop-api only on Hotplug (bsc#1119766, bsc#1055121). - powerpc/pseries: export timebase register sample in lparcfg (bsc#1127750). - powerpc/pseries: Perform full re-add of CPU for topology update post-migration (bsc#1125728). - powerpc: Remove facility loadups on transactional {fp, vec, vsx} unavailable (bsc#1118338). - powerpc: Remove redundant FP/Altivec giveup code (bsc#1118338). - powerpc/setup: Add cpu_to_phys_id array (bsc#1109695). - powerpc/smp: Add cpu_l2_cache_map (bsc#1109695). - powerpc/smp: Add Power9 scheduler topology (bsc#1109695). - powerpc/smp: Rework CPU topology construction (bsc#1109695). - powerpc/smp: Use cpu_to_chip_id() to find core siblings (bsc#1109695). - powerpc/tm: Avoid machine crash on rt_sigreturn (bsc#1118338). - powerpc/tm: Do not check for WARN in TM Bad Thing handling (bsc#1118338). - powerpc/tm: Fix comment (bsc#1118338). - powerpc/tm: Fix endianness flip on trap (bsc#1118338). - powerpc/tm: Fix HFSCR bit for no suspend case (bsc#1118338). - powerpc/tm: Fix HTM documentation (bsc#1118338). - powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM (bsc#1118338). - powerpc/tm: P9 disable transactionally suspended sigcontexts (bsc#1118338). - powerpc/tm: Print 64-bits MSR (bsc#1118338). - powerpc/tm: Print scratch value (bsc#1118338). - powerpc/tm: Reformat comments (bsc#1118338). - powerpc/tm: Remove msr_tm_active() (bsc#1118338). - powerpc/tm: Remove struct thread_info param from tm_reclaim_thread() (bsc#1118338). - powerpc/tm: Save MSR to PACA before RFID (bsc#1118338). - powerpc/tm: Set MSR[TS] just prior to recheckpoint (bsc#1118338, bsc#1120955). - powerpc/tm: Unset MSR[TS] if not recheckpointing (bsc#1118338). - powerpc/tm: Update function prototype comment (bsc#1118338). - powerpc: Use cpu_smallcore_sibling_mask at SMT level on bigcores (bsc#1109695). - powerpc/xmon: Fix invocation inside lock region (bsc#1122885). - pptp: dst_release sk_dst_cache in pptp_sock_destruct (git-fixes). - proc/sysctl: do not return ENOMEM on lookup when a table is unregistering (git-fixes). - pseries/energy: Use OF accessor function to read ibm,drc-indexes (bsc#1129080). - pstore/ram: Avoid allocation and leak of platform data (bsc#1051510). - pstore/ram: Avoid NULL deref in ftrace merging failure path (bsc#1051510). - pstore/ram: Correctly calculate usable PRZ bytes (bsc#1051510). - pstore/ram: Do not treat empty buffers as valid (bsc#1051510). - ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl (bsc#1051510). - ptp: Fix pass zero to ERR_PTR() in ptp_clock_register (bsc#1051510). - ptp_kvm: probe for kvm guest availability (bsc#1098382). - ptr_ring: wrap back ->producer in __ptr_ring_swap_queue() (networking-stable-19_01_04). - Put the xhci fix patch to the right place in the sorted section - qed: Avoid constant logical operation warning in qed_vf_pf_acquire (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Avoid implicit enum conversion in qed_iwarp_parse_rx_pkt (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Avoid implicit enum conversion in qed_roce_mode_to_flavor (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Avoid implicit enum conversion in qed_set_tunn_cls_info (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Fix an error code qed_ll2_start_xmit() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix bitmap_weight() check (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix blocking/unlimited SPQ entries leak (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix command number mismatch between driver and the mfw (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Fix mask parameter in qed_vf_prep_tunn_req_tlv (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix memory/entry leak in qed_init_sp_request() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix potential memory corruption (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix PTT leak in qed_drain() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix QM getters to always return a valid pq (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix rdma_info structure allocation (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix reading wrong value in loop condition (bsc#1086314 bsc#1086313 bsc#1086301). - qla2xxx: Fixup dual-protocol FCP connections (bsc#1108870). - qmi_wwan: Added support for Fibocom NL668 series (networking-stable-19_01_04). - qmi_wwan: Added support for Telit LN940 series (networking-stable-19_01_04). - qmi_wwan: add MTU default to qmap network interface (networking-stable-19_01_22). - qmi_wwan: Add support for Fibocom NL678 series (networking-stable-19_01_04). - r8169: Add support for new Realtek Ethernet (networking-stable-19_01_22). - r8169: use PCI_VDEVICE macro (networking-stable-19_01_22). - rapidio/rionet: do not free skb before reading its length (networking-stable-18_12_03). - rbd: do not return 0 on unmap if RBD_DEV_FLAG_REMOVING is set (bsc#1125797). - rcu: Fix up pending cbs check in rcu_prepare_for_idle (git fixes (kernel/rcu)). - rcu: Make need_resched() respond to urgent RCU-QS needs (git fixes (kernel/rcu)). - rdma/core: Fix unwinding flow in case of error to register device (bsc#1046306). - rdma/vmw_pvrdma: Support upto 64-bit PFNs (bsc#1127285). - Refresh patches.suse/scsi-do-not-print-reservation-conflict-for-TEST-UNIT.patch (bsc#1119843) - regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting (bsc#1051510). - regulator: pv88060: Fix array out-of-bounds access (bsc#1051510). - regulator: pv88080: Fix array out-of-bounds access (bsc#1051510). - regulator: pv88090: Fix array out-of-bounds access (bsc#1051510). - regulator: s2mps11: Fix steps for buck7, buck8 and LDO35 (bsc#1051510). - regulator: wm831x-dcdc: Fix list of wm831x_dcdc_ilim from mA to uA (bsc#1051510). - Remove blacklist of virtio patch so we can install it (bsc#1114585) - Revert 'drm/rockchip: Allow driver to be shutdown on reboot/kexec' (bsc#1051510). - Revert 'input: elan_i2c - add acpi ID for touchpad in ASUS Aspire F5-573G' (bsc#1051510). - Revert 'openvswitch: Fix template leak in error cases.' (bsc#1051510). - Revert 'scsi: qla2xxx: Fix NVMe Target discovery' (bsc#1125252). - Revert 'serial: 8250: Fix clearing FIFOs in RS485 mode again' (bsc#1051510). - Revert the previous merge of drm fixes The branch was merged mistakenly and breaks the build. Revert it. - Revert 'xhci: Reset Renesas uPD72020x USB controller for 32-bit DMA issue' (bsc#1120854). - rocker: fix rocker_tlv_put_* functions for KASAN (bsc#1051510). - rpm/kernel-binary.spec.in: fix initrd permissions (bsc#1123697) dracut has been using permissions 0600 for the initrd for a long time. - rpm/kernel-source.changes.old: Really drop old changelogs (bsc#1098995) - rt2800: enable TX_PIN_CFG_RFRX_EN only for MT7620 (bsc#1120902). - rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices (networking-stable-18_12_12). - rxrpc: bad unlock balance in rxrpc_recvmsg (networking-stable-19_02_10). - s390/cio: Fix how vfio-ccw checks pinned pages (git-fixes). - s390/cpum_cf: Reject request for sampling in event initialization (git-fixes). - s390/early: improve machine detection (git-fixes). - s390/ism: clear dmbe_mask bit before SMC IRQ handling (bnc#1117947, LTC#173662). - s390/mm: always force a load of the primary ASCE on context switch (git-fixes). - s390/mm: fix addressing exception after suspend/resume (bsc#1125252). - s390/qeth: cancel close_dev work before removing a card (LTC#175898, bsc#1127561). - s390/qeth: conclude all event processing before offlining a card (LTC#175901, bsc#1127567). - s390/qeth: fix use-after-free in error path (bsc#1127534). - s390/qeth: invoke softirqs after napi_schedule() (git-fixes). - s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU (git-fixes). - s390/smp: fix CPU hotplug deadlock with CPU rescan (git-fixes). - s390/sthyi: Fix machine name validity indication (git-fixes). - s390/zcrypt: fix specification exception on z196 during ap probe (LTC#174936, bsc#1123061). - sata_rcar: fix deferred probing (bsc#1051510). - sbus: char: add of_node_put() (bsc#1051510). - sc16is7xx: Fix for multi-channel stall (bsc#1051510). - sched: Do not re-read h_load_next during hierarchical load calculation (bnc#1120909). - sched/wait: Fix rcuwait_wake_up() ordering (git-fixes). - sched/wake_q: Document wake_q_add() (bsc#1050549). - sched/wake_q: Fix wakeup ordering for wake_q (bsc#1050549). - sched/wake_q: Reduce reference counting for special users (bsc#1050549). - sch_multiq: fix double free on init failure (bsc#1051510). - scsi: core: reset host byte in DID_NEXUS_FAILURE case (bsc#1122764). - scsi: csiostor: remove flush_scheduled_work() (bsc#1127363). - scsi: fix queue cleanup race before queue initialization is done (bsc#1125252). - scsi: ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - scsi: ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton (bsc#1119019). - scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task (bsc#1122192). - scsi: lpfc: Add log messages to aid in debugging fc4type discovery issues (bsc#1121317). - scsi: lpfc: Correct MDS loopback diagnostics support (bsc#1121317). - scsi: lpfc: do not set queue->page_count to 0 if pc_sli4_params.wqpcnt is invalid (bsc#1121317). - scsi: lpfc: Fix discovery failure when PLOGI is defered (bsc#1121317). - scsi: lpfc: Fix link state reporting for trunking when adapter is offline (bsc#1121317). - scsi: lpfc: fix remoteport access (bsc#1125252). - scsi: lpfc: remove an unnecessary NULL check (bsc#1121317). - scsi: lpfc: update fault value on successful trunk events (bsc#1121317). - scsi: lpfc: Update lpfc version to 12.0.0.10 (bsc#1121317). - scsi: mpt3sas: Add ioc_<level> logging macros (bsc#1117108). - scsi: mpt3sas: Annotate switch/case fall-through (bsc#1117108). - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT and reply_q_name to %s: (bsc#1117108). - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT without logging levels (bsc#1117108). - scsi: mpt3sas: Convert mlsleading uses of pr_<level> with MPT3SAS_FMT (bsc#1117108). - scsi: mpt3sas: Convert uses of pr_<level> with MPT3SAS_FMT to ioc_<level> (bsc#1117108). - scsi: mpt3sas: Fix a race condition in mpt3sas_base_hard_reset_handler() (bsc#1117108). - scsi: mpt3sas: Fix indentation (bsc#1117108). - scsi: mpt3sas: Improve kernel-doc headers (bsc#1117108). - scsi: mpt3sas: Introduce struct mpt3sas_nvme_cmd (bsc#1117108). - scsi: mpt3sas: Remove KERN_WARNING from panic uses (bsc#1117108). - scsi: mpt3sas: Remove set-but-not-used variables (bsc#1117108). - scsi: mpt3sas: Remove unnecessary parentheses and simplify null checks (bsc#1117108). - scsi: mpt3sas: Remove unused macro MPT3SAS_FMT (bsc#1117108). - scsi: mpt3sas: Split _base_reset_handler(), mpt3sas_scsih_reset_handler() and mpt3sas_ctl_reset_handler() (bsc#1117108). - scsi: mpt3sas: Swap I/O memory read value back to cpu endianness (bsc#1117108). - scsi: mpt3sas: switch to generic DMA API (bsc#1117108). - scsi: mpt3sas: Use dma_pool_zalloc (bsc#1117108). - scsi: mptsas: Fixup device hotplug for VMWare ESXi (bsc#1129046). - scsi: qedi: Add ep_state for login completion on un-reachable targets (bsc#1113712). - scsi: qla2xxx: Enable FC-NVME on NPIV ports (bsc#1094555). - scsi: qla2xxx: Fix a typo in MODULE_PARM_DESC (bsc#1094555). - scsi: qla2xxx: Fix for FC-NVMe discovery for NPIV port (bsc#1094555). - scsi: qla2xxx: Fix NPIV handling for FC-NVMe (bsc#1094555). - scsi: qla2xxx: Initialize port speed to avoid setting lower speed (bsc#1094555). - scsi: qla2xxx: Modify fall-through annotations (bsc#1094555). - scsi: qla2xxx: Remove unnecessary self assignment (bsc#1094555). - scsi: qla2xxx: Simplify conditional check (bsc#1094555). - scsi: qla2xxx: Timeouts occur on surprise removal of QLogic adapter (bsc#1124985). - scsi: qla2xxx: Update driver version to 10.00.00.12-k (bsc#1094555). - scsi: storvsc: Fix a race in sub-channel creation that can cause panic (). - scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315). - scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315). - scsi: target: make the pi_prot_format ConfigFS path readable (bsc#1123933). - scsi: virtio_scsi: fix pi_bytes{out,in} on 4 KiB block size devices (bsc#1114585). - sctp: add a ceiling to optlen in some sockopts (bnc#1129163). - sctp: improve the events for sctp stream adding (networking-stable-19_02_01). - sctp: improve the events for sctp stream reset (networking-stable-19_02_01). - sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event (networking-stable-19_01_04). - sctp: kfree_rcu asoc (networking-stable-18_12_12). - sd: disable logical block provisioning if 'lbpme' is not set (bsc#1086095 bsc#1078355). - selftests/livepatch: add DYNAMIC_DEBUG config dependency (bsc#1071995). - selftests/livepatch: introduce tests (bsc#1071995). - selftests/powerpc: Use snprintf to construct DSCR sysfs interface paths (bsc#1124579). - selinux: Add __GFP_NOWARN to allocation at str_read() (bsc#1051510). - selinux: always allow mounting submounts (bsc#1051510). - selinux: fix GPF on invalid policy (bsc#1051510). - seq_buf: Make seq_buf_puts() null-terminate the buffer (bsc#1051510). - serial: 8250_pci: Fix number of ports for ACCES serial cards (bsc#1051510). - serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup() (bsc#1051510). - serial: fix race between flush_to_ldisc and tty_open (bsc#1051510). - serial: fsl_lpuart: clear parity enable bit when disable parity (bsc#1051510). - serial: imx: fix error handling in console_setup (bsc#1051510). - serial: set suppress_bind_attrs flag only if builtin (bsc#1051510). - serial/sunsu: fix refcount leak (bsc#1051510). - serial: uartps: Fix interrupt mask issue to handle the RX interrupts properly (bsc#1051510). - serial: uartps: Fix stuck ISR if RX disabled with non-empty FIFO (bsc#1051510). - signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init (git-fixes). - skge: potential memory corruption in skge_get_regs() (bsc#1051510). - sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79 (bsc#1051510). - sky2: Increase D3 delay again (bsc#1051510). - slab: alien caches must not be initialized if the allocation of the alien cache failed (git fixes (mm/slab)). - smb3.1.1 dialect is no longer experimental (bsc#1051510). - smb311: Fix reconnect (bsc#1051510). - smb311: Improve checking of negotiate security contexts (bsc#1051510). - smb3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510). - smb3: allow stats which track session and share reconnects to be reset (bsc#1051510). - smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510). - smb3: check for and properly advertise directory lease support (bsc#1051510). - smb3: directory sync should not return an error (bsc#1051510). - smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510). - smb3: do not request leases in symlink creation and query (bsc#1051510). - smb3: Do not send smb3 SET_INFO if nothing changed (bsc#1051510). - smb3: Enable encryption for SMB3.1.1 (bsc#1051510). - smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510). - smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510). - smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510). - smb3: Fix root directory when server returns inode number of zero (bsc#1051510). - smb3: fix various xid leaks (bsc#1051510). - smb3: Improve security, move default dialect to smb3 from old CIFS (bsc#1051510). - smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510). - smb3: Remove ifdef since smb3 (and later) now STRONGLY preferred (bsc#1051510). - smb3: remove noisy warning message on mount (bsc#1129664). - smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510). - soc: bcm: brcmstb: Do not leak device tree node reference (bsc#1051510). - soc/tegra: Do not leak device tree node reference (bsc#1051510). - splice: do not merge into linked buffers (git-fixes). - staging: comedi: ni_660x: fix missing break in switch statement (bsc#1051510). - staging:iio:ad2s90: Make probe handle spi_setup failure (bsc#1051510). - staging: iio: ad7780: update voltage on read (bsc#1051510). - staging: iio: adc: ad7280a: handle error from __ad7280_read32() (bsc#1051510). - staging: iio: adt7316: allow adt751x to use internal vref for all dacs (bsc#1051510). - staging: iio: adt7316: fix register and bit definitions (bsc#1051510). - staging: iio: adt7316: fix the dac read calculation (bsc#1051510). - staging: iio: adt7316: fix the dac write calculation (bsc#1051510). - staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1 (bsc#1051510). - staging: rtl8723bs: Fix build error with Clang when inlining is disabled (bsc#1051510). - staging: speakup: Replace strncpy with memcpy (bsc#1051510). - staging: wilc1000: fix to set correct value for 'vif_num' (bsc#1051510). - sunrpc: correct the computation for page_ptr when truncating (git-fixes). - sunrpc: Fix a potential race in xprt_connect() (git-fixes). - sunrpc: Fix leak of krb5p encode pages (git-fixes). - sunrpc: handle ENOMEM in rpcb_getport_async (git-fixes). - sunrpc: safely reallow resvport min/max inversion (git-fixes). - svm: Add mutex_lock to protect apic_access_page_done on AMD systems (bsc#1129285). - swiotlb: Add is_swiotlb_active() function (bsc#1120008). - swiotlb: Introduce swiotlb_max_mapping_size() (bsc#1120008). - switchtec: Fix SWITCHTEC_IOCTL_EVENT_IDX_ALL flags overwrite (bsc#1051510). - switchtec: Remove immediate status check after submitting MRPC command (bsc#1051510). - sysfs: Disable lockdep for driver bind/unbind files (bsc#1051510). - tcp: batch tcp_net_metrics_exit (bsc#1122982). - tcp: change txhash on SYN-data timeout (networking-stable-19_01_20). - tcp: Do not underestimate rwnd_limited (networking-stable-18_12_12). - tcp: fix a race in inet_diag_dump_icsk() (networking-stable-19_01_04). - tcp: fix NULL ref in tail loss probe (networking-stable-18_12_12). - tcp: handle inet_csk_reqsk_queue_add() failures (git-fixes). - tcp: lack of available data can also cause TSO defer (git-fixes). - team: avoid complex list operations in team_nl_cmd_options_set() (bsc#1051510). - team: Free BPF filter when unregistering netdev (bsc#1051510). - thermal: do not clear passive state during system sleep (bsc#1051510). - thermal/drivers/hisi: Encapsulate register writes into helpers (bsc#1051510). - thermal/drivers/hisi: Fix configuration register setting (bsc#1051510). - thermal: generic-adc: Fix adc to temp interpolation (bsc#1051510). - thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set (bsc#1051510). - thermal: int340x_thermal: Fix a NULL vs IS_ERR() check (bsc#1051510). - thermal: mediatek: fix register index error (bsc#1051510). - timekeeping: Use proper seqcount initializer (bsc#1051510). - tipc: compare remote and local protocols in tipc_udp_enable() (networking-stable-19_01_04). - tipc: eliminate KMSAN uninit-value in strcmp complaint (bsc#1051510). - tipc: error path leak fixes in tipc_enable_bearer() (bsc#1051510). - tipc: fix a double kfree_skb() (networking-stable-19_01_04). - tipc: fix a race condition of releasing subscriber object (bsc#1051510). - tipc: fix bug in function tipc_nl_node_dump_monitor (bsc#1051510). - tipc: fix infinite loop when dumping link monitor summary (bsc#1051510). - tipc: fix RDM/DGRAM connect() regression (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_bearer_enable (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_doit (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_link_reset_stats (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_link_set (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_name_table_dump (bsc#1051510). - tipc: use lock_sock() in tipc_sk_reinit() (networking-stable-19_01_04). - tpm: fix kdoc for tpm2_flush_context_cmd() (bsc#1051510). - tpm: return a TPM_RC_COMMAND_CODE response if command is not implemented (bsc#1051510). - tpm: Return the actual size when receiving an unsupported command (bsc#1051510). - tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated (bsc#1051510). - tpm/tpm_i2c_infineon: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) (bsc#1051510). - tpm: tpm_i2c_nuvoton: use correct command duration for TPM 2.x (bsc#1051510). - tpm: tpm_try_transmit() refactor error flow (bsc#1051510). - tracing: Do not free iter->trace in fail path of tracing_open_pipe() (bsc#1129581). - tracing/uprobes: Fix output for multiple string arguments (bsc#1126495). - tracing: Use strncpy instead of memcpy for string keys in hist triggers (bsc#1129625). - Tree connect for smb3.1.1 must be signed for non-encrypted shares (bsc#1051510). - tty: Handle problem if line discipline does not have receive_buf (bsc#1051510). - tty: ipwireless: Fix potential NULL pointer dereference (bsc#1051510). - tty/n_hdlc: fix __might_sleep warning (bsc#1051510). - tty/serial: do not free trasnmit buffer page under port lock (bsc#1051510). - tty: serial: samsung: Properly set flags in autoCTS mode (bsc#1051510). - tun: forbid iface creation with rtnl ops (networking-stable-18_12_12). - uart: Fix crash in uart_write and uart_put_char (bsc#1051510). - ucc_geth: Reset BQL queue when stopping device (networking-stable-19_02_01). - ucma: fix a use-after-free in ucma_resolve_ip() (bsc#1051510). - uevent: add alloc_uevent_skb() helper (bsc#1122982). - Update config files. Remove conditional support for smb2 and SMB3: - Update patches.arch/s390-sles15-zcrypt-fix-specification-exception.patch (LTC#174936, bsc#1123060, bsc#1123061). - Update patches.fixes/acpi-nfit-Block-function-zero-DSMs.patch (bsc#1051510, bsc#1121789). - Update patches.fixes/acpi-nfit-Fix-command-supported-detection.patch (bsc#1051510, bsc#1121789). Add more detailed bugzilla reference. - Update patches.kabi/bpf-prevent-memory-disambiguation-attack.patch (bsc#1087082). - Update patches.kabi/bpf-properly-enforce-index-mask-to-prevent-out-of-bo.patch (bsc#1098425). - uprobes: Fix handle_swbp() vs. unregister() + register() race once more (bsc#1051510). - usb: Add new USB LPM helpers (bsc#1120902). - usb: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB (bsc#1120902). - usb: cdc-acm: send ZLP for Telit 3G Intel based modems (bsc#1120902). - usb: Consolidate LPM checks to avoid enabling LPM twice (bsc#1120902). - usb: dwc3: Correct the logic for checking TRB full in __dwc3_prepare_one_trb() (bsc#1051510). - usb: dwc3: gadget: Clear req->needs_extra_trb flag on cleanup (bsc#1120902). - usb: dwc3: gadget: Disable CSP for stream OUT ep (bsc#1051510). - usb: dwc3: gadget: Handle 0 xfer length for OUT EP (bsc#1051510). - usb: dwc3: trace: add missing break statement to make compiler happy (bsc#1120902). - usb: gadget: musb: fix short isoc packets with inventra dma (bsc#1051510). - usb: gadget: udc: net2272: Fix bitwise and boolean operations (bsc#1051510). - usb: hub: delay hub autosuspend if USB3 port is still link training (bsc#1051510). - usb: mtu3: fix the issue about SetFeature(U1/U2_Enable) (bsc#1051510). - usb: musb: dsps: fix otg state machine (bsc#1051510). - usb: musb: dsps: fix runtime pm for peripheral mode (bsc#1120902). - usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2 (networking-stable-18_12_03). - usbnet: smsc95xx: fix rx packet alignment (bsc#1051510). - usb: phy: am335x: fix race condition in _probe (bsc#1051510). - usb: serial: option: add Fibocom NL678 series (bsc#1120902). - usb: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays (bsc#1120902). - usb: serial: pl2303: add new PID to support PL2303TB (bsc#1051510). - usb: serial: simple: add Motorola Tetra TPG2200 device id (bsc#1051510). - usb: storage: add quirk for SMI SM3350 (bsc#1120902). - usb: storage: do not insert sane sense for SPC3+ when bad sense specified (bsc#1120902). - usb: xhci: fix 'broken_suspend' placement in struct xchi_hcd (bsc#1119086). - veth: set peer GSO values (bsc#1051510). - vfio: ccw: fix cleanup if cp_prefetch fails (git-fixes). - vfio: ccw: process ssch with interrupts disabled (git-fixes). - vfs: Add iomap_seek_hole and iomap_seek_data helpers (bsc#1070995). - vfs: Add page_cache_seek_hole_data helper (bsc#1070995). - vfs: in iomap seek_{hole,data}, return -ENXIO for negative offsets (bsc#1070995). - vhost: correctly check the return value of translate_desc() in log_used() (bsc#1051510). - vhost: log dirty page correctly (networking-stable-19_01_26). - vhost: make sure used idx is seen before log in vhost_add_used_n() (networking-stable-19_01_04). - vhost/vsock: fix uninitialized vhost_vsock->guest_cid (bsc#1051510). - video: clps711x-fb: release disp device node in probe() (bsc#1051510). - virtio-blk: Consider virtio_max_dma_size() for maximum segment size (bsc#1120008). - virtio: Introduce virtio_max_dma_size() (bsc#1120008). - virtio_net: Do not call free_old_xmit_skbs for xdp_frames (networking-stable-19_02_01). - virtio-net: fail XDP set if guest csum is negotiated (networking-stable-18_12_03). - virtio-net: keep vnet header zeroed after processing XDP (networking-stable-18_12_12). - virtio/s390: avoid race on vcdev->config (git-fixes). - virtio/s390: fix race in ccw_io_helper() (git-fixes). - vmci: Support upto 64-bit PPNs (bsc#1127286). - vsock: cope with memory allocation failure at socket creation time (bsc#1051510). - vsock: Send reset control packet when socket is partially bound (networking-stable-19_01_04). - vt: invoke notifier on screen size change (bsc#1051510). - vxge: ensure data0 is initialized in when fetching firmware version information (bsc#1051510). - vxlan: Fix GRO cells race condition between receive and link delete (git-fixes). - vxlan: test dev->flags & IFF_UP before calling gro_cells_receive() (git-fixes). - vxlan: update skb dst pmtu on tx path (bsc#1123456). - w90p910_ether: remove incorrect __init annotation (bsc#1051510). - watchdog: docs: kernel-api: do not reference removed functions (bsc#1051510). - watchdog: w83627hf_wdt: Add quirk for Inves system (bsc#1106434). - writeback: do not decrement wb->refcnt if !wb->bdi (git fixes (writeback)). - x86: Add TSX Force Abort CPUID/MSR (bsc#1121805). - x86: Add TSX Force Abort CPUID/MSR (bsc#1121805). - x86/amd_nb: Add PCI device IDs for family 17h, model 30h (). - x86/amd_nb: Add support for newer PCI topologies (). - x86/a.out: Clear the dump structure initially (bsc#1114279). - x86/apic: Provide apic_ack_irq() (bsc#1122822). - x86/boot/e820: Avoid overwriting e820_table_firmware (bsc#1127154). - x86/boot/e820: Introduce the bootloader provided e820_table_firmware[] table (bsc#1127154). - x86/boot/e820: Rename the e820_table_firmware to e820_table_kexec (bsc#1127154). - x86/bugs: Add AMD's variant of SSB_NO (bsc#1114279). - x86/bugs: Update when to check for the LS_CFG SSBD mitigation (bsc#1114279). - x86/efi: Allocate e820 buffer before calling efi_exit_boot_service (bsc#1127307). - x86/efi: Allocate e820 buffer before calling efi_exit_boot_service (bsc#1127307). - x86/Hyper-V: Set x2apic destination mode to physical when x2apic is available (bsc#1122822). - x86/kaslr: Fix incorrect i8254 outb() parameters (bsc#1114279). - x86/kvmclock: set pvti_cpu0_va after enabling kvmclock (bsc#1098382). - x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out() (bsc#1114279). - x86/microcode/amd: Do not falsely trick the late loading mechanism (bsc#1114279). - x86/mm: Drop usage of __flush_tlb_all() in kernel_physical_mapping_init() (bsc#1114279). - x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE (bsc#1114279). - x86/mtrr: Do not copy uninitialized gentry fields back to userspace (bsc#1114279). - x86/pkeys: Properly copy pkey state at fork() (bsc#1129366). - x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls (bsc#1125614). - x86/pvclock: add setter for pvclock_pvti_cpu0_va (bsc#1098382). - x86/resctrl: Fix rdt_find_domain() return value and checks (bsc#1114279). - x86: respect memory size limiting via mem= parameter (bsc#1117645). - x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC variant (bsc#1114279). - x86/speculation: Remove redundant arch_smt_update() invocation (bsc#1114279). - x86/vdso: Remove obsolete 'fake section table' reservation (bsc#1114279). - x86/xen: dont add memory above max allowed allocation (bsc#1117645). - x86/xen/time: Output xen sched_clock time from 0 (bsc#1098382). - x86/xen/time: set pvclock flags on xen_time_init() (bsc#1098382). - x86/xen/time: setup vcpu 0 time info page (bsc#1098382). - xen, cpu_hotplug: Prevent an out of bounds access (bsc#1065600). - xen: fix dom0 boot on huge systems (bsc#1127836). - xen: Fix x86 sched_clock() interface for xen (bsc#1098382). - xen/manage: do not complain about an empty value in control/sysrq node (bsc#1065600). - xen: remove pre-xen3 fallback handlers (bsc#1065600). - xfs: add option to mount with barrier=0 or barrier=1 (bsc#1088133). - xfs: fix contiguous dquot chunk iteration livelock (bsc#1070995). - xfs: remove filestream item xfs_inode reference (bsc#1127961). - xfs: rewrite xfs_dq_get_next_id using xfs_iext_lookup_extent (bsc#1070995). - xhci: Add quirk to zero 64bit registers on Renesas PCIe controllers (bsc#1120854). - xhci: workaround CSS timeout on AMD SNPS 3.0 xHC (bsc#1119086). - xprtrdma: Reset credit grant properly after a disconnect (git-fixes). - Yama: Check for pid death before checking ancestry (bsc#1051510). - yam: fix a missing-check bug (bsc#1051510). - zswap: re-check zswap_is_full() after do zswap_shrink() (bsc#1051510). - xfs: Switch to iomap for SEEK_HOLE / SEEK_DATA (bsc#1070995). Important SUSE bug 1046305 SUSE bug 1046306 SUSE bug 1050252 SUSE bug 1050549 SUSE bug 1051510 SUSE bug 1054610 SUSE bug 1055121 SUSE bug 1056658 SUSE bug 1056662 SUSE bug 1056787 SUSE bug 1060463 SUSE bug 1063638 SUSE bug 1065600 SUSE bug 1068032 SUSE bug 1070995 SUSE bug 1071995 SUSE bug 1074562 SUSE bug 1074578 SUSE bug 1074701 SUSE bug 1075006 SUSE bug 1075419 SUSE bug 1075748 SUSE bug 1078355 SUSE bug 1080039 SUSE bug 1082943 SUSE bug 1083548 SUSE bug 1083647 SUSE bug 1084216 SUSE bug 1086095 SUSE bug 1086282 SUSE bug 1086301 SUSE bug 1086313 SUSE bug 1086314 SUSE bug 1086323 SUSE bug 1087082 SUSE bug 1087084 SUSE bug 1087092 SUSE bug 1087939 SUSE bug 1088133 SUSE bug 1094555 SUSE bug 1098382 SUSE bug 1098425 SUSE bug 1098995 SUSE bug 1102055 SUSE bug 1103429 SUSE bug 1104353 SUSE bug 1106105 SUSE bug 1106434 SUSE bug 1106811 SUSE bug 1107078 SUSE bug 1107665 SUSE bug 1108101 SUSE bug 1108870 SUSE bug 1109695 SUSE bug 1110096 SUSE bug 1110705 SUSE bug 1111666 SUSE bug 1113042 SUSE bug 1113712 SUSE bug 1113722 SUSE bug 1113769 SUSE bug 1113939 SUSE bug 1114279 SUSE bug 1114585 SUSE bug 1114893 SUSE bug 1117108 SUSE bug 1117155 SUSE bug 1117645 SUSE bug 1117947 SUSE bug 1118338 SUSE bug 1119019 SUSE bug 1119086 SUSE bug 1119766 SUSE bug 1119843 SUSE bug 1120008 SUSE bug 1120318 SUSE bug 1120601 SUSE bug 1120758 SUSE bug 1120854 SUSE bug 1120902 SUSE bug 1120909 SUSE bug 1120955 SUSE bug 1121317 SUSE bug 1121726 SUSE bug 1121789 SUSE bug 1121805 SUSE bug 1122019 SUSE bug 1122159 SUSE bug 1122192 SUSE bug 1122292 SUSE bug 1122324 SUSE bug 1122554 SUSE bug 1122662 SUSE bug 1122764 SUSE bug 1122779 SUSE bug 1122822 SUSE bug 1122885 SUSE bug 1122927 SUSE bug 1122944 SUSE bug 1122971 SUSE bug 1122982 SUSE bug 1123060 SUSE bug 1123061 SUSE bug 1123161 SUSE bug 1123317 SUSE bug 1123348 SUSE bug 1123357 SUSE bug 1123456 SUSE bug 1123538 SUSE bug 1123697 SUSE bug 1123882 SUSE bug 1123933 SUSE bug 1124055 SUSE bug 1124204 SUSE bug 1124235 SUSE bug 1124579 SUSE bug 1124589 SUSE bug 1124728 SUSE bug 1124732 SUSE bug 1124735 SUSE bug 1124969 SUSE bug 1124974 SUSE bug 1124975 SUSE bug 1124976 SUSE bug 1124978 SUSE bug 1124979 SUSE bug 1124980 SUSE bug 1124981 SUSE bug 1124982 SUSE bug 1124984 SUSE bug 1124985 SUSE bug 1125109 SUSE bug 1125125 SUSE bug 1125252 SUSE bug 1125315 SUSE bug 1125614 SUSE bug 1125728 SUSE bug 1125780 SUSE bug 1125797 SUSE bug 1125799 SUSE bug 1125800 SUSE bug 1125907 SUSE bug 1125947 SUSE bug 1126131 SUSE bug 1126209 SUSE bug 1126389 SUSE bug 1126393 SUSE bug 1126476 SUSE bug 1126480 SUSE bug 1126481 SUSE bug 1126488 SUSE bug 1126495 SUSE bug 1126555 SUSE bug 1126579 SUSE bug 1126789 SUSE bug 1126790 SUSE bug 1126802 SUSE bug 1126803 SUSE bug 1126804 SUSE bug 1126805 SUSE bug 1126806 SUSE bug 1126807 SUSE bug 1127042 SUSE bug 1127062 SUSE bug 1127082 SUSE bug 1127154 SUSE bug 1127285 SUSE bug 1127286 SUSE bug 1127307 SUSE bug 1127363 SUSE bug 1127493 SUSE bug 1127494 SUSE bug 1127495 SUSE bug 1127496 SUSE bug 1127497 SUSE bug 1127498 SUSE bug 1127534 SUSE bug 1127561 SUSE bug 1127567 SUSE bug 1127595 SUSE bug 1127603 SUSE bug 1127682 SUSE bug 1127731 SUSE bug 1127750 SUSE bug 1127836 SUSE bug 1127961 SUSE bug 1128094 SUSE bug 1128166 SUSE bug 1128351 SUSE bug 1128451 SUSE bug 1128895 SUSE bug 1129046 SUSE bug 1129080 SUSE bug 1129163 SUSE bug 1129179 SUSE bug 1129181 SUSE bug 1129182 SUSE bug 1129183 SUSE bug 1129184 SUSE bug 1129205 SUSE bug 1129281 SUSE bug 1129284 SUSE bug 1129285 SUSE bug 1129291 SUSE bug 1129292 SUSE bug 1129293 SUSE bug 1129294 SUSE bug 1129295 SUSE bug 1129296 SUSE bug 1129326 SUSE bug 1129327 SUSE bug 1129330 SUSE bug 1129363 SUSE bug 1129366 SUSE bug 1129497 SUSE bug 1129519 SUSE bug 1129543 SUSE bug 1129547 SUSE bug 1129551 SUSE bug 1129581 SUSE bug 1129625 SUSE bug 1129664 SUSE bug 1129739 SUSE bug 1129923 SUSE bug 807502 SUSE bug 824948 SUSE bug 828192 SUSE bug 925178 CVE-2017-5753 CVE-2018-20669 CVE-2019-2024 CVE-2019-3459 CVE-2019-3460 CVE-2019-3819 CVE-2019-6974 CVE-2019-7221 CVE-2019-7222 CVE-2019-7308 CVE-2019-8912 CVE-2019-8980 CVE-2019-9213 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 This update for resource-agents fixes the following issues: - Fixed multiple vulnerabilities related to unsafe tempfile usage. (bsc#1146690, bsc#1146691, bsc#1146692, bsc#1146766, bsc#1146776, bsc#1146784, bsc#1146785, bsc#1146787, bsc#1146789) - Fixed issues where the ocfmon user was created with a default password (bsc#1021689, bsc#1146687). Important SUSE bug 1021689 SUSE bug 1146687 SUSE bug 1146690 SUSE bug 1146691 SUSE bug 1146692 SUSE bug 1146766 SUSE bug 1146776 SUSE bug 1146784 SUSE bug 1146785 SUSE bug 1146787 SUSE bug 1146789 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-8834: KVM on Power8 processors had a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability to run code in kernel space of a guest VM can cause the host kernel to panic (bnc#1168276). - CVE-2020-11494: An issue was discovered in slc_bump in drivers/net/can/slcan.c, which allowed attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL (bnc#1168424). - CVE-2020-10942: In get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls (bnc#1167629). - CVE-2019-9458: In the video driver there was a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed (bnc#1168295). - CVE-2019-3701: Fixed an issue in can_can_gw_rcv, which could cause a system crash (bnc#1120386). - CVE-2019-19770: Fixed a use-after-free in the debugfs_remove function (bsc#1159198). - CVE-2020-11669: Fixed an issue where arch/powerpc/kernel/idle_book3s.S did not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR (bnc#1169390). - CVE-2020-8647: There was a use-after-free vulnerability in the vc_do_resize function in drivers/tty/vt/vt.c (bnc#1162929). - CVE-2020-8649: There was a use-after-free vulnerability in the vgacon_invert_region function in drivers/video/console/vgacon.c (bnc#1162931). - CVE-2020-9383: An issue was discovered set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it (bnc#1165111). - CVE-2019-19768: Fixed a use-after-free in the __blk_add_trace function in kernel/trace/blktrace.c (bnc#1159285). The following non-security bugs were fixed: - ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro (bsc#1051510). - ACPI: watchdog: Fix gas->access_width usage (bsc#1051510). - ALSA: ali5451: remove redundant variable capture_flag (bsc#1051510). - ALSA: core: Replace zero-length array with flexible-array member (bsc#1051510). - ALSA: emu10k1: Fix endianness annotations (bsc#1051510). - ALSA: hda/ca0132 - Replace zero-length array with flexible-array member (bsc#1051510). - ALSA: hda_codec: Replace zero-length array with flexible-array member (bsc#1051510). - ALSA: hda: Fix potential access overflow in beep helper (bsc#1051510). - ALSA: hda/realtek: Fix pop noise on ALC225 (git-fixes). - ALSA: hda/realtek - Set principled PC Beep configuration for ALC256 (bsc#1051510). - ALSA: hda: remove redundant assignment to variable timeout (bsc#1051510). - ALSA: hda: Use scnprintf() for string truncation (bsc#1051510). - ALSA: hdsp: remove redundant assignment to variable err (bsc#1051510). - ALSA: ice1724: Fix invalid access for enumerated ctl items (bsc#1051510). - ALSA: info: remove redundant assignment to variable c (bsc#1051510). - ALSA: korg1212: fix if-statement empty body warnings (bsc#1051510). - ALSA: line6: Fix endless MIDI read loop (git-fixes). - ALSA: pcm: oss: Avoid plugin buffer overflow (git-fixes). - ALSA: pcm: oss: Fix regression by buffer overflow fix (bsc#1051510). - ALSA: pcm: oss: Remove WARNING from snd_pcm_plug_alloc() checks (git-fixes). - ALSA: seq: oss: Fix running status after receiving sysex (git-fixes). - ALSA: seq: virmidi: Fix running status after receiving sysex (git-fixes). - ALSA: usx2y: Adjust indentation in snd_usX2Y_hwdep_dsp_status (bsc#1051510). - ALSA: via82xx: Fix endianness annotations (bsc#1051510). - ASoC: dapm: Correct DAPM handling of active widgets during shutdown (bsc#1051510). - ASoC: Intel: atom: Take the drv->lock mutex before calling sst_send_slot_map() (bsc#1051510). - ASoC: Intel: mrfld: fix incorrect check on p->sink (bsc#1051510). - ASoC: Intel: mrfld: return error codes when an error occurs (bsc#1051510). - ASoC: jz4740-i2s: Fix divider written at incorrect offset in register (bsc#1051510). - ASoC: pcm512x: Fix unbalanced regulator enable call in probe error path (bsc#1051510). - ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output (bsc#1051510). - ASoC: pcm: update FE/BE trigger order based on the command (bsc#1051510). - ASoC: sun8i-codec: Remove unused dev from codec struct (bsc#1051510). - ASoC: topology: Fix memleak in soc_tplg_link_elems_load() (bsc#1051510). - ath9k: Handle txpower changes even when TPC is disabled (bsc#1051510). - atm: zatm: Fix empty body Clang warnings (bsc#1051510). - atomic: Add irqsave variant of atomic_dec_and_lock() (bsc#1166003). - b43legacy: Fix -Wcast-function-type (bsc#1051510). - batman-adv: Avoid spurious warnings from bat_v neigh_cmp implementation (bsc#1051510). - batman-adv: Do not schedule OGM for disabled interface (bsc#1051510). - batman-adv: prevent TT request storms by not sending inconsistent TT TLVLs (bsc#1051510). - blk: Fix kabi due to blk_trace_mutex addition (bsc#1159285). - blk-mq: Allow blocking queue tag iter callbacks (bsc#1167316). - blktrace: fix dereference after null check (bsc#1159285). - blktrace: fix trace mutex deadlock (bsc#1159285). - block: allow gendisk's request_queue registration to be (bsc#1104967,bsc#1159142). - block, bfq: fix use-after-free in bfq_idle_slice_timer_body (bsc#1168760). - block: keep bdi->io_pages in sync with max_sectors_kb for stacked devices (bsc#1168762). - Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl (bsc#1051510). - bnxt_en: Fix TC queue mapping (networking-stable-20_02_05). - bonding/alb: properly access headers in bond_alb_xmit() (networking-stable-20_02_09). - bpf: Explicitly memset some bpf info structures declared on the stack (bsc#1083647). - bpf: Explicitly memset the bpf_attr structure (bsc#1083647). - bpf: fix ldx in ld_abs rewrite for large offsets (bsc#1154385). - bpf: implement ld_abs/ld_ind in native bpf (bsc#1154385). - bpf: make unknown opcode handling more robust (bsc#1154385). - bpf: prefix cbpf internal helpers with bpf_ (bsc#1154385). - bpf, x64: remove ld_abs/ld_ind (bsc#1154385). - bpf, x64: save several bytes by using mov over movabsq when possible (bsc#1154385). - btrfs: Account for trans_block_rsv in may_commit_transaction (bsc#1165949). - btrfs: add a flush step for delayed iputs (bsc#1165949). - btrfs: add assertions for releasing trans handle reservations (bsc#1165949). - btrfs: add btrfs_delete_ref_head helper (bsc#1165949). - btrfs: add enospc debug messages for ticket failure (bsc#1165949). - btrfs: Add enospc_debug printing in metadata_reserve_bytes (bsc#1165949). - btrfs: add new flushing states for the delayed refs rsv (bsc#1165949). - btrfs: add space reservation tracepoint for reserved bytes (bsc#1165949). - btrfs: allow us to use up to 90% of the global rsv for unlink (bsc#1165949). - btrfs: always reserve our entire size for the global reserve (bsc#1165949). - btrfs: assert on non-empty delayed iputs (bsc##1165949). - btrfs: be more explicit about allowed flush states (bsc#1165949). - btrfs: call btrfs_create_pending_block_groups unconditionally (bsc#1165949). - btrfs: catch cow on deleting snapshots (bsc#1165949). - btrfs: change the minimum global reserve size (bsc#1165949). - btrfs: check if there are free block groups for commit (bsc#1165949). - btrfs: clean up error handling in btrfs_truncate() (bsc#1165949). - btrfs: cleanup extent_op handling (bsc#1165949). - btrfs: cleanup root usage by btrfs_get_alloc_profile (bsc#1165949). - btrfs: cleanup the target logic in __btrfs_block_rsv_release (bsc#1165949). - btrfs: clear space cache inode generation always (bsc#1165949). - btrfs: delayed-ref: pass delayed_refs directly to btrfs_delayed_ref_lock (bsc#1165949). - btrfs: do not account global reserve in can_overcommit (bsc#1165949). - btrfs: do not allow reservations if we have pending tickets (bsc#1165949). - btrfs: do not call btrfs_start_delalloc_roots in flushoncommit (bsc#1165949). - btrfs: do not end the transaction for delayed refs in throttle (bsc#1165949). - btrfs: do not enospc all tickets on flush failure (bsc#1165949). - btrfs: do not run delayed_iputs in commit (bsc##1165949). - btrfs: do not run delayed refs in the end transaction logic (bsc#1165949). - btrfs: do not use ctl->free_space for max_extent_size (bsc##1165949). - btrfs: do not use global reserve for chunk allocation (bsc#1165949). - btrfs: drop min_size from evict_refill_and_join (bsc##1165949). - btrfs: drop unused space_info parameter from create_space_info (bsc#1165949). - btrfs: dump block_rsv details when dumping space info (bsc#1165949). - btrfs: export block group accounting helpers (bsc#1165949). - btrfs: export block_rsv_use_bytes (bsc#1165949). - btrfs: export btrfs_block_rsv_add_bytes (bsc#1165949). - btrfs: export __btrfs_block_rsv_release (bsc#1165949). - btrfs: export space_info_add_*_bytes (bsc#1165949). - btrfs: export the block group caching helpers (bsc#1165949). - btrfs: export the caching control helpers (bsc#1165949). - btrfs: export the excluded extents helpers (bsc#1165949). - btrfs: extent-tree: Add lockdep assert when updating space info (bsc#1165949). - btrfs: extent-tree: Add trace events for space info numbers update (bsc#1165949). - btrfs: extent-tree: Detect bytes_may_use underflow earlier (bsc#1165949). - btrfs: extent-tree: Detect bytes_pinned underflow earlier (bsc#1165949). - btrfs: factor out the ticket flush handling (bsc#1165949). - btrfs: fix btrfs_wait_ordered_range() so that it waits for all ordered extents (bsc#1163508). - btrfs: fix insert_reserved error handling (bsc##1165949). - btrfs: fix may_commit_transaction to deal with no partial filling (bsc#1165949). - btrfs: fix missing delayed iputs on unmount (bsc#1165949). - btrfs: fix panic during relocation after ENOSPC before writeback happens (bsc#1163508). - btrfs: fix qgroup double free after failure to reserve metadata for delalloc (bsc#1165949). - btrfs: fix race leading to metadata space leak after task received signal (bsc#1165949). - btrfs: fix truncate throttling (bsc#1165949). - btrfs: force chunk allocation if our global rsv is larger than metadata (bsc#1165949). - btrfs: Improve global reserve stealing logic (bsc#1165949). - btrfs: introduce an evict flushing state (bsc#1165949). - btrfs: introduce delayed_refs_rsv (bsc#1165949). - btrfs: loop in inode_rsv_refill (bsc#1165949). - btrfs: make btrfs_destroy_delayed_refs use btrfs_delayed_ref_lock (bsc#1165949). - btrfs: make btrfs_destroy_delayed_refs use btrfs_delete_ref_head (bsc#1165949). - btrfs: make caching_thread use btrfs_find_next_key (bsc#1165949). - btrfs: migrate btrfs_trans_release_chunk_metadata (bsc#1165949). - btrfs: migrate inc/dec_block_group_ro code (bsc#1165949). - btrfs: migrate nocow and reservation helpers (bsc#1165949). - btrfs: migrate the alloc_profile helpers (bsc#1165949). - btrfs: migrate the block group caching code (bsc#1165949). - btrfs: migrate the block group cleanup code (bsc#1165949). - btrfs: migrate the block group lookup code (bsc#1165949). - btrfs: migrate the block group read/creation code (bsc#1165949). - btrfs: migrate the block group ref counting stuff (bsc#1165949). - btrfs: migrate the block group removal code (bsc#1165949). - btrfs: migrate the block group space accounting helpers (bsc#1165949). - btrfs: migrate the block-rsv code to block-rsv.c (bsc#1165949). - btrfs: migrate the chunk allocation code (bsc#1165949). - btrfs: migrate the delalloc space stuff to it's own home (bsc#1165949). - btrfs: migrate the delayed refs rsv code (bsc#1165949). - btrfs: migrate the dirty bg writeout code (bsc#1165949). - btrfs: migrate the global_block_rsv helpers to block-rsv.c (bsc#1165949). - btrfs: move and export can_overcommit (bsc#1165949). - btrfs: move basic block_group definitions to their own header (bsc#1165949). - btrfs: move btrfs_add_free_space out of a header file (bsc#1165949). - btrfs: move btrfs_block_rsv definitions into it's own header (bsc#1165949). - btrfs: move btrfs_raid_group values to btrfs_raid_attr table (bsc#1165949). - btrfs: move btrfs_space_info_add_*_bytes to space-info.c (bsc#1165949). - btrfs: move dump_space_info to space-info.c (bsc#1165949). - btrfs: move reserve_metadata_bytes and supporting code to space-info.c (bsc#1165949). - btrfs: move space_info to space-info.h (bsc#1165949). - btrfs: move the space_info handling code to space-info.c (bsc#1165949). - btrfs: move the space info update macro to space-info.h (bsc#1165949). - btrfs: move the subvolume reservation stuff out of extent-tree.c (bsc#1165949). - btrfs: only check delayed ref usage in should_end_transaction (bsc#1165949). - btrfs: only check priority tickets for priority flushing (bsc#1165949). - btrfs: only free reserved extent if we didn't insert it (bsc##1165949). - btrfs: only reserve metadata_size for inodes (bsc#1165949). - btrfs: only track ref_heads in delayed_ref_updates (bsc#1165949). - btrfs: Output ENOSPC debug info in inc_block_group_ro (bsc#1165949). - btrfs: pass root to various extent ref mod functions (bsc#1165949). - btrfs: refactor block group replication factor calculation to a helper (bsc#1165949). - btrfs: refactor priority_reclaim_metadata_space (bsc#1165949). - btrfs: refactor the ticket wakeup code (bsc#1165949). - btrfs: release metadata before running delayed refs (bsc##1165949). - btrfs: Remove btrfs_inode::delayed_iput_count (bsc#1165949). - btrfs: Remove fs_info from do_chunk_alloc (bsc#1165949). - btrfs: remove orig_bytes from reserve_ticket (bsc#1165949). - btrfs: Remove redundant argument of flush_space (bsc#1165949). - btrfs: rename btrfs_space_info_add_old_bytes (bsc#1165949). - btrfs: rename do_chunk_alloc to btrfs_chunk_alloc (bsc#1165949). - btrfs: rename the btrfs_calc_*_metadata_size helpers (bsc#1165949). - btrfs: replace cleaner_delayed_iput_mutex with a waitqueue (bsc#1165949). - btrfs: reserve delalloc metadata differently (bsc#1165949). - btrfs: reserve extra space during evict (bsc#1165949). - btrfs: reset max_extent_size on clear in a bitmap (bsc##1165949). - btrfs: reset max_extent_size properly (bsc##1165949). - btrfs: rework btrfs_check_space_for_delayed_refs (bsc#1165949). - btrfs: rework wake_all_tickets (bsc#1165949). - btrfs: roll tracepoint into btrfs_space_info_update helper (bsc#1165949). - btrfs: run btrfs_try_granting_tickets if a priority ticket fails (bsc#1165949). - btrfs: run delayed iput at unlink time (bsc#1165949). - btrfs: run delayed iputs before committing (bsc#1165949). - btrfs: set max_extent_size properly (bsc##1165949). - btrfs: stop partially refilling tickets when releasing space (bsc#1165949). - btrfs: stop using block_rsv_release_bytes everywhere (bsc#1165949). - btrfs: temporarily export btrfs_get_restripe_target (bsc#1165949). - btrfs: temporarily export fragment_free_space (bsc#1165949). - btrfs: temporarily export inc_block_group_ro (bsc#1165949). - btrfs: track DIO bytes in flight (bsc#1165949). - btrfs: unexport can_overcommit (bsc#1165949). - btrfs: unexport the temporary exported functions (bsc#1165949). - btrfs: unify error handling for ticket flushing (bsc#1165949). - btrfs: update may_commit_transaction to use the delayed refs rsv (bsc#1165949). - btrfs: use btrfs_try_granting_tickets in update_global_rsv (bsc#1165949). - btrfs: wait on caching when putting the bg cache (bsc#1165949). - btrfs: wait on ordered extents on abort cleanup (bsc#1165949). - btrfs: wakeup cleaner thread when adding delayed iput (bsc#1165949). - ceph: canonicalize server path in place (bsc#1168443). - ceph: remove the extra slashes in the server path (bsc#1168443). - cfg80211: check reg_rule for NULL in handle_channel_custom() (bsc#1051510). - cfg80211: check wiphy driver existence for drvinfo report (bsc#1051510). - cgroup: memcg: net: do not associate sock with unrelated cgroup (bsc#1167290). - cifs: add a debug macro that prints \\server\share for errors (bsc#1144333). - cifs: add missing mount option to /proc/mounts (bsc#1144333). - cifs: add new debugging macro cifs_server_dbg (bsc#1144333). - cifs: add passthrough for smb2 setinfo (bsc#1144333). - cifs: add SMB2_open() arg to return POSIX data (bsc#1144333). - cifs: add smb2 POSIX info level (bsc#1144333). - cifs: add SMB3 change notification support (bsc#1144333). - cifs: add support for fallocate mode 0 for non-sparse files (bsc#1144333). - cifs: Add support for setting owner info, dos attributes, and create time (bsc#1144333). - cifs: Add tracepoints for errors on flush or fsync (bsc#1144333). - cifs: Adjust indentation in smb2_open_file (bsc#1144333). - cifs: allow chmod to set mode bits using special sid (bsc#1144333). - cifs: Avoid doing network I/O while holding cache lock (bsc#1144333). - cifs: call wake_up(&server->response_q) inside of cifs_reconnect() (bsc#1144333). - cifs: Clean up DFS referral cache (bsc#1144333). - cifs: create a helper function to parse the query-directory response buffer (bsc#1144333). - cifs: do d_move in rename (bsc#1144333). - cifs: Do not display RDMA transport on reconnect (bsc#1144333). - cifs: do not ignore the SYNC flags in getattr (bsc#1144333). - cifs: do not leak -EAGAIN for stat() during reconnect (bsc#1144333). - cifs: do not use 'pre:' for MODULE_SOFTDEP (bsc#1144333). - cifs: enable change notification for SMB2.1 dialect (bsc#1144333). - cifs: fail i/o on soft mounts if sessionsetup errors out (bsc#1144333). - cifs: fix a comment for the timeouts when sending echos (bsc#1144333). - cifs: fix a white space issue in cifs_get_inode_info() (bsc#1144333). - cifs: fix dereference on ses before it is null checked (bsc#1144333). - cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1144333). - cifs: fix mode bits from dir listing when mounted with modefromsid (bsc#1144333). - cifs: Fix mode output in debugging statements (bsc#1144333). - cifs: Fix mount options set in automount (bsc#1144333). - cifs: fix NULL dereference in match_prepath (bsc#1144333). - cifs: Fix potential deadlock when updating vol in cifs_reconnect() (bsc#1144333). - cifs: fix potential mismatch of UNC paths (bsc#1144333). - cifs: fix rename() by ensuring source handle opened with DELETE bit (bsc#1144333). - cifs: Fix return value in __update_cache_entry (bsc#1144333). - cifs: fix soft mounts hanging in the reconnect code (bsc#1144333). - cifs: fix soft mounts hanging in the reconnect code (bsc#1144333). - cifs: Fix task struct use-after-free on reconnect (bsc#1144333). - cifs: fix unitialized variable poential problem with network I/O cache lock patch (bsc#1144333). - cifs: get mode bits from special sid on stat (bsc#1144333). - cifs: Get rid of kstrdup_const()'d paths (bsc#1144333). - cifs: handle prefix paths in reconnect (bsc#1144333). - cifs: ignore cached share root handle closing errors (bsc#1166780). - cifs: Introduce helpers for finding TCP connection (bsc#1144333). - cifs: log warning message (once) if out of disk space (bsc#1144333). - cifs: make sure we do not overflow the max EA buffer size (bsc#1144333). - cifs: make use of cap_unix(ses) in cifs_reconnect_tcon() (bsc#1144333). - cifs: Merge is_path_valid() into get_normalized_path() (bsc#1144333). - cifs: modefromsid: make room for 4 ACE (bsc#1144333). - cifs: modefromsid: write mode ACE first (bsc#1144333). - cifs: Optimize readdir on reparse points (bsc#1144333). - cifs: plumb smb2 POSIX dir enumeration (bsc#1144333). - cifs: potential unintitliazed error code in cifs_getattr() (bsc#1144333). - cifs: prepare SMB2_query_directory to be used with compounding (bsc#1144333). - cifs: print warning once if mounting with vers=1.0 (bsc#1144333). - cifs: refactor cifs_get_inode_info() (bsc#1144333). - cifs: remove redundant assignment to pointer pneg_ctxt (bsc#1144333). - cifs: remove redundant assignment to variable rc (bsc#1144333). - cifs: remove set but not used variables (bsc#1144333). - cifs: remove set but not used variable 'server' (bsc#1144333). - cifs: remove unused variable (bsc#1144333). - cifs: remove unused variable 'sid_user' (bsc#1144333). - cifs: rename a variable in SendReceive() (bsc#1144333). - cifs: rename posix create rsp (bsc#1144333). - cifs: replace various strncpy with strscpy and similar (bsc#1144333). - cifs: Return directly after a failed build_path_from_dentry() in cifs_do_create() (bsc#1144333). - cifs: set correct max-buffer-size for smb2_ioctl_init() (bsc#1144333). - cifs: smbd: Add messages on RDMA session destroy and reconnection (bsc#1144333). - cifs: smbd: Invalidate and deregister memory registration on re-send for direct I/O (bsc#1144333). - cifs: smbd: Only queue work for error recovery on memory registration (bsc#1144333). - cifs: smbd: Return -EAGAIN when transport is reconnecting (bsc#1144333). - cifs: smbd: Return -ECONNABORTED when trasnport is not in connected state (bsc#1144333). - cifs: smbd: Return -EINVAL when the number of iovs exceeds SMBDIRECT_MAX_SGE (bsc#1144333). - cifs: Use common error handling code in smb2_ioctl_query_info() (bsc#1144333). - cifs: use compounding for open and first query-dir for readdir() (bsc#1144333). - cifs: Use #define in cifs_dbg (bsc#1144333). - cifs: Use memdup_user() rather than duplicating its implementation (bsc#1144333). - cifs: use mod_delayed_work() for &server->reconnect if already queued (bsc#1144333). - cifs: use PTR_ERR_OR_ZERO() to simplify code (bsc#1144333). - clk: qcom: rcg: Return failure for RCG update (bsc#1051510). - cls_rsvp: fix rsvp_policy (networking-stable-20_02_05). - configfs: Fix bool initialization/comparison (bsc#1051510). - cpufreq: powernv: Fix unsafe notifiers (bsc#1065729). - cpufreq: powernv: Fix use-after-free (bsc#1065729). - cpufreq: Register drivers only after CPU devices have been registered (bsc#1051510). - cpuidle: Do not unset the driver if it is there already (bsc#1051510). - crypto: arm64/sha-ce - implement export/import (bsc#1051510). - crypto: mxs-dcp - fix scatterlist linearization for hash (bsc#1051510). - crypto: pcrypt - Fix user-after-free on module unload (git-fixes). - crypto: tcrypt - fix printed skcipher [a]sync mode (bsc#1051510). - debugfs: add support for more elaborate ->d_fsdata (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: call debugfs_real_fops() only after debugfs_file_get() (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: convert to debugfs_file_get() and -put() (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: debugfs_real_fops(): drop __must_hold sparse annotation (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: debugfs_use_start/finish do not exist anymore (bsc#1159198). Prerequisite for bsc#1159198. - debugfs: defer debugfs_fsdata allocation to first usage (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: fix debugfs_real_fops() build error (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: implement per-file removal protection (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: purge obsolete SRCU based removal protection (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: simplify __debugfs_remove_file() (bsc#1159198). Prerequisite for bsc#1159198. - Delete patches which cause regression (bsc#1165527 ltc#184149). - Deprecate NR_UNSTABLE_NFS, use NR_WRITEBACK (bsc#1163403). - device: Use overflow helpers for devm_kmalloc() (bsc#1166003). - dmaengine: coh901318: Fix a double lock bug in dma_tc_handle() (bsc#1051510). - dmaengine: ste_dma40: fix unneeded variable warning (bsc#1051510). - dm: fix incomplete request_queue initialization (bsc#1104967,bsc#1159142). - driver core: platform: fix u32 greater or equal to zero comparison (bsc#1051510). - driver core: platform: Prevent resouce overflow from causing infinite loops (bsc#1051510). - driver core: Print device when resources present in really_probe() (bsc#1051510). - drivers/md/raid5.c: use the new spelling of RWH_WRITE_LIFE_NOT_SET (bsc#1166003). - drivers/md/raid5: Do not disable irq on release_inactive_stripe_list() call (bsc#1166003). - drivers/md/raid5-ppl.c: use the new spelling of RWH_WRITE_LIFE_NOT_SET (bsc#1166003). - drivers/md/raid5: Use irqsave variant of atomic_dec_and_lock() (bsc#1166003). - drm/amd/display: remove duplicated assignment to grph_obj_type (bsc#1051510). - drm/amdkfd: fix a use after free race with mmu_notifer unregister (bsc#1114279) - drm: atmel-hlcdc: enable clock before configuring timing engine (bsc#1114279) - drm/bochs: downgrade pci_request_region failure from error to warning (bsc#1051510). - drm/bridge: dw-hdmi: fix AVI frame colorimetry (bsc#1051510). - drm_dp_mst_topology: fix broken drm_dp_sideband_parse_remote_dpcd_read() (bsc#1051510). - drm/drm_dp_mst:remove set but not used variable 'origlen' (bsc#1051510). - drm/etnaviv: fix dumping of iommuv2 (bsc#1114279) - drm/gma500: Fixup fbdev stolen size usage evaluation (bsc#1051510). - drm/i915/gvt: Separate display reset from ALL_ENGINES reset (bsc#1114279) - drm/i915/userptr: fix size calculation (bsc#1114279) - drm/i915/userptr: Try to acquire the page lock around (bsc#1114279) - drm/i915: Wean off drm_pci_alloc/drm_pci_free (bsc#1114279) - drm/mediatek: Add gamma property according to hardware capability (bsc#1114279) - drm/mediatek: disable all the planes in atomic_disable (bsc#1114279) - drm/mediatek: handle events when enabling/disabling crtc (bsc#1051510). - drm/mipi_dbi: Fix off-by-one bugs in mipi_dbi_blank() (bsc#1114279) - drm: msm: mdp4: Adjust indentation in mdp4_dsi_encoder_enable (bsc#1114279) - drm/msm: Set dma maximum segment size for mdss (bsc#1051510). - drm/msm: stop abusing dma_map/unmap for cache (bsc#1051510). - drm/msm: Use the correct dma_sync calls harder (bsc#1051510). - drm/msm: Use the correct dma_sync calls in msm_gem (bsc#1051510). - drm/nouveau/disp/nv50-: prevent oops when no channel method map provided (bsc#1051510). - drm/nouveau/gr/gk20a,gm200-: add terminators to method lists read from fw (bsc#1051510). - drm: rcar-du: Recognize 'renesas,vsps' in addition to 'vsps' (bsc#1114279) - drm: remove the newline for CRC source name (bsc#1051510). - dt-bindings: allow up to four clocks for orion-mdio (bsc#1051510). - EDAC/mc: Fix use-after-free and memleaks during device removal (bsc#1114279). - efi: Fix a race and a buffer overflow while reading efivars via sysfs (bsc#1164893). - ethtool: Factored out similar ethtool link settings for virtual devices to core (bsc#1136157 ltc#177197). - ext4: add cond_resched() to __ext4_find_entry() (bsc#1166862). - ext4: Avoid ENOSPC when avoiding to reuse recently deleted inodes (bsc#1165019). - ext4: Check for non-zero journal inum in ext4_calculate_overhead (bsc#1167288). - ext4: do not assume that mmp_nodename/bdevname have NUL (bsc#1166860). - ext4: fix a data race in EXT4_I(inode)->i_disksize (bsc#1166861). - ext4: fix incorrect group count in ext4_fill_super error message (bsc#1168765). - ext4: fix incorrect inodes per group in error message (bsc#1168764). - ext4: fix potential race between online resizing and write operations (bsc#1166864). - ext4: fix potential race between s_flex_groups online resizing and access (bsc#1166867). - ext4: fix potential race between s_group_info online resizing and access (bsc#1166866). - ext4: fix race between writepages and enabling EXT4_EXTENTS_FL (bsc#1166870). - ext4: fix support for inode sizes > 1024 bytes (bsc#1164284). - ext4: potential crash on allocation error in ext4_alloc_flex_bg_array() (bsc#1166940). - ext4: rename s_journal_flag_rwsem to s_writepages_rwsem (bsc#1166868). - ext4: validate the debug_want_extra_isize mount option at parse time (bsc#1163897). - fat: fix uninit-memory access for partial initialized inode (bsc#1051510). - fat: work around race with userspace's read via blockdev while mounting (bsc#1051510). - fbdev/g364fb: Fix build failure (bsc#1051510). - fbdev: potential information leak in do_fb_ioctl() (bsc#1114279) - fbmem: Adjust indentation in fb_prepare_logo and fb_blank (bsc#1114279) - fcntl: fix typo in RWH_WRITE_LIFE_NOT_SET r/w hint name (bsc#1166003). - fix memory leak in large read decrypt offload (bsc#1144333). - fs/cifs/cifssmb.c: use true,false for bool variable (bsc#1144333). - fs: cifs: cifsssmb: remove redundant assignment to variable ret (bsc#1144333). - fs: cifs: Initialize filesystem timestamp ranges (bsc#1144333). - fs: cifs: mute -Wunused-const-variable message (bsc#1144333). - fs/cifs/sess.c: Remove set but not used variable 'capabilities' (bsc#1144333). - fs/cifs/smb2ops.c: use true,false for bool variable (bsc#1144333). - fs/cifs/smb2pdu.c: Make SMB2_notify_init static (bsc#1144333). - fs/xfs: fix f_ffree value for statfs when project quota is set (bsc#1165985). - ftrace/kprobe: Show the maxactive number on kprobe_events (git-fixes). - gtp: make sure only SOCK_DGRAM UDP sockets are accepted (networking-stable-20_01_27). - gtp: use __GFP_NOWARN to avoid memalloc warning (networking-stable-20_02_05). - HID: apple: Add support for recent firmware on Magic Keyboards (bsc#1051510). - HID: core: fix off-by-one memset in hid_report_raw_event() (bsc#1051510). - HID: hiddev: Fix race in in hiddev_disconnect() (git-fixes). - hv_netvsc: Fix memory leak when removing rndis device (networking-stable-20_01_20). - hv_netvsc: pass netvsc_device to rndis halt - hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT() (bsc#1051510). - i2c: hix5hd2: add missed clk_disable_unprepare in remove (bsc#1051510). - i2c: jz4780: silence log flood on txabrt (bsc#1051510). - IB/hfi1: Close window for pq and request coliding (bsc#1060463 ). - IB/hfi1: convert to debugfs_file_get() and -put() (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - ibmvfc: do not send implicit logouts prior to NPIV login (bsc#1169625 ltc#184611). - ibmvfc: Fix NULL return compiler warning (bsc#1161951 ltc#183551). - ibmvnic: Do not process device remove during device reset (bsc#1065729). - ibmvnic: Warn unknown speed message only when carrier is present (bsc#1065729). - iio: gyro: adis16136: check ret val for non-zero vs less-than-zero (bsc#1051510). - iio: imu: adis16400: check ret val for non-zero vs less-than-zero (bsc#1051510). - iio: imu: adis: check ret val for non-zero vs less-than-zero (bsc#1051510). - iio: magnetometer: ak8974: Fix negative raw values in sysfs (bsc#1051510). - iio: potentiostat: lmp9100: fix iio_triggered_buffer_{predisable,postenable} positions (bsc#1051510). - Input: add safety guards to input_set_keycode() (bsc#1168075). - Input: avoid BIT() macro usage in the serio.h UAPI header (bsc#1051510). - Input: edt-ft5x06 - work around first register access error (bsc#1051510). - Input: raydium_i2c_ts - fix error codes in raydium_i2c_boot_trigger() (bsc#1051510). - Input: synaptics - enable RMI on HP Envy 13-ad105ng (bsc#1051510). - Input: synaptics - enable SMBus on ThinkPad L470 (bsc#1051510). - Input: synaptics - remove the LEN0049 dmi id from topbuttonpad list (bsc#1051510). - Input: synaptics - switch T470s to RMI4 by default (bsc#1051510). - intel_th: Fix user-visible error codes (bsc#1051510). - intel_th: pci: Add Elkhart Lake CPU support (bsc#1051510). - iommu/amd: Check feature support bit before accessing MSI capability registers (bsc#1166101). - iommu/amd: Fix the configuration of GCR3 table root pointer (bsc#1169057). - iommu/amd: Only support x2APIC with IVHD type 11h/40h (bsc#1166102). - iommu/dma: Fix MSI reservation allocation (bsc#1166730). - iommu/vt-d: dmar: replace WARN_TAINT with pr_warn + add_taint (bsc#1166731). - iommu/vt-d: Fix a bug in intel_iommu_iova_to_phys() for huge page (bsc#1166732). - iommu/vt-d: Fix compile warning from intel-svm.h (bsc#1166103). - iommu/vt-d: Fix the wrong printing in RHSA parsing (bsc#1166733). - iommu/vt-d: Ignore devices with out-of-spec domain number (bsc#1166734). - iommu/vt-d: quirk_ioat_snb_local_iommu: replace WARN_TAINT with pr_warn + add_taint (bsc#1166735). - ipmi:ssif: Handle a possible NULL pointer reference (bsc#1051510). - ipv4: ensure rcu_read_lock() in cipso_v4_error() (git-fixes). - ipvlan: do not add hardware address of master to its unicast filter list (bsc#1137325). - irqchip/bcm2835: Quiesce IRQs left enabled by bootloader (bsc#1051510). - irqdomain: Fix a memory leak in irq_domain_push_irq() (bsc#1051510). - iwlegacy: Fix -Wcast-function-type (bsc#1051510). - iwlwifi: mvm: Do not require PHY_SKU NVM section for 3168 devices (bsc#1166632). - iwlwifi: mvm: Fix thermal zone registration (bsc#1051510). - kABI: fixes for debugfs per-file removal protection backports (bsc#1159198 bsc#1109911). - kabi: invoke bpf_gen_ld_abs() directly (bsc#1158552). - kABI: restore debugfs_remove_recursive() (bsc#1159198). - kernel/module.c: Only return -EEXIST for modules that have finished loading (bsc#1165488). - kernel/module.c: wakeup processes in module_wq on module unload (bsc#1165488). - KVM: arm64: Store vcpu on the stack during __guest_enter() (bsc#1133021). - KVM: s390: do not clobber registers during guest reset/store status (bsc#1133021). - KVM: s390: ENOTSUPP -> EOPNOTSUPP fixups (bsc#1133021). - KVM: VMX: check descriptor table exits on instruction emulation (bsc#1166104). - l2tp: Allow duplicate session creation with UDP (networking-stable-20_02_05). - lcoking/rwsem: Add missing ACQUIRE to read_slowpath sleep loop (bsc#1050549). - libfs: fix infoleak in simple_attr_read() (bsc#1168881). - lib/raid6: add missing include for raid6test (bsc#1166003). - lib/raid6: add option to skip algo benchmarking (bsc#1166003). - lib/raid6/altivec: Add vpermxor implementation for raid6 Q syndrome (bsc#1166003). - lib/raid6: avoid __attribute_const__ redefinition (bsc#1166003). - locking/rwsem: Prevent decrement of reader count before increment (bsc#1050549). - mac80211: consider more elements in parsing CRC (bsc#1051510). - mac80211: Do not send mesh HWMP PREQ if HWMP is disabled (bsc#1051510). - mac80211: free peer keys before vif down in mesh (bsc#1051510). - mac80211: mesh: fix RCU warning (bsc#1051510). - mac80211: only warn once on chanctx_conf being NULL (bsc#1051510). - mac80211: rx: avoid RCU list traversal under mutex (bsc#1051510). - macsec: add missing attribute validation for port (bsc#1051510). - macsec: fix refcnt leak in module exit routine (bsc#1051510). - md: add __acquires/__releases annotations to handle_active_stripes (bsc#1166003). - md: add __acquires/__releases annotations to (un)lock_two_stripes (bsc#1166003). - md: add a missing endianness conversion in check_sb_changes (bsc#1166003). - md: add bitmap_abort label in md_run (bsc#1166003). - md: add feature flag MD_FEATURE_RAID0_LAYOUT (bsc#1166003). - md: allow last device to be forcibly removed from RAID1/RAID10 (bsc#1166003). - md: avoid invalid memory access for array sb->dev_roles (bsc#1166003). - md/bitmap: avoid race window between md_bitmap_resize and bitmap_file_clear_bit (bsc#1166003). - md-bitmap: create and destroy wb_info_pool with the change of backlog (bsc#1166003). - md-bitmap: create and destroy wb_info_pool with the change of bitmap (bsc#1166003). - md-bitmap: small cleanups (bsc#1166003). - md/bitmap: use mddev_suspend/resume instead of ->quiesce() (bsc#1166003). - md-cluster/bitmap: do not call md_bitmap_sync_with_cluster during reshaping stage (bsc#1166003). - md-cluster: introduce resync_info_get interface for sanity check (bsc#1166003). - md-cluster/raid10: call update_size in md_reap_sync_thread (bsc#1166003). - md-cluster/raid10: do not call remove_and_add_spares during reshaping stage (bsc#1166003). - md-cluster/raid10: resize all the bitmaps before start reshape (bsc#1166003). - md-cluster/raid10: support add disk under grow mode (bsc#1166003). - md-cluster: remove suspend_info (bsc#1166003). - md-cluster: send BITMAP_NEEDS_SYNC message if reshaping is interrupted (bsc#1166003). - md: convert to kvmalloc (bsc#1166003). - md: do not call spare_active in md_reap_sync_thread if all member devices can't work (bsc#1166003). - md: do not set In_sync if array is frozen (bsc#1166003). - md: fix an error code format and remove unsed bio_sector (bsc#1166003). - md: fix a typo s/creat/create (bsc#1166003). - md: fix for divide error in status_resync (bsc#1166003). - md: fix spelling typo and add necessary space (bsc#1166003). - md: introduce mddev_create/destroy_wb_pool for the change of member device (bsc#1166003). - md: introduce new personality funciton start() (bsc#1166003). - md-linear: use struct_size() in kzalloc() (bsc#1166003). - md: Make bio_alloc_mddev use bio_alloc_bioset (bsc#1166003). - md: make sure desc_nr less than MD_SB_DISKS (bsc#1166003). - md: md.c: Return -ENODEV when mddev is NULL in rdev_attr_show (bsc#1166003). - md: no longer compare spare disk superblock events in super_load (bsc#1166003). - md/r5cache: remove redundant pointer bio (bsc#1166003). - md/raid0: Fix an error message in raid0_make_request() (bsc#1166003). - md raid0/linear: Mark array as 'broken' and fail BIOs if a member is gone (bsc#1166003). - md/raid10: end bio when the device faulty (bsc#1166003). - md/raid10: Fix raid10 replace hang when new added disk faulty (bsc#1166003). - md/raid10: prevent access of uninitialized resync_pages offset (bsc#1166003). - md/raid10: read balance chooses idlest disk for SSD (bsc#1166003). - md: raid10: Use struct_size() in kmalloc() (bsc#1166003). - md/raid1: avoid soft lockup under high load (bsc#1166003). - md: raid1: check rdev before reference in raid1_sync_request func (bsc#1166003). - md/raid1: end bio when the device faulty (bsc#1166003). - md/raid1: fail run raid1 array when active disk less than one (bsc#1166003). - md/raid1: Fix a warning message in remove_wb() (bsc#1166003). - md/raid1: fix potential data inconsistency issue with write behind device (bsc#1166003). - md/raid1: get rid of extra blank line and space (bsc#1166003). - md/raid5: Assigning NULL to sh->batch_head before testing bit R5_Overlap of a stripe (bsc#1166003). - md/raid5: use bio_end_sector to calculate last_sector (bsc#1166003). - md/raid6: fix algorithm choice under larger PAGE_SIZE (bsc#1166003). - md/raid6: implement recovery using ARM NEON intrinsics (bsc#1166003). - md: remove a bogus comment (bsc#1166003). - md: remove redundant code that is no longer reachable (bsc#1166003). - md: remove set but not used variable 'bi_rdev' (bsc#1166003). - md: rename wb stuffs (bsc#1166003). - md: return -ENODEV if rdev has no mddev assigned (bsc#1166003). - md: use correct type in super_1_load (bsc#1166003). - md: use correct type in super_1_sync (bsc#1166003). - md: use correct types in md_bitmap_print_sb (bsc#1166003). - media: dib0700: fix rc endpoint lookup (bsc#1051510). - media: flexcop-usb: fix endpoint sanity check (git-fixes). - media: go7007: Fix URB type for interrupt handling (bsc#1051510). - media: ov519: add missing endpoint sanity checks (bsc#1168829). - media: ov6650: Fix .get_fmt() V4L2_SUBDEV_FORMAT_TRY support (bsc#1051510). - media: ov6650: Fix some format attributes not under control (bsc#1051510). - media: ov6650: Fix stored crop rectangle not in sync with hardware (bsc#1051510). - media: ov6650: Fix stored frame format not in sync with hardware (bsc#1051510). - media: stv06xx: add missing descriptor sanity checks (bsc#1168854). - media: tda10071: fix unsigned sign extension overflow (bsc#1051510). - media: usbtv: fix control-message timeouts (bsc#1051510). - media: uvcvideo: Refactor teardown of uvc on USB disconnect (bsc#1164507). - media: v4l2-core: fix entity initialization in device_register_subdev (bsc#1051510). - media: vsp1: tidyup VI6_HGT_LBn_H() macro (bsc#1051510). - media: xirlink_cit: add missing descriptor sanity checks (bsc#1051510). - mfd: dln2: Fix sanity checking for endpoints (bsc#1051510). - misc: pci_endpoint_test: Fix to support > 10 pci-endpoint-test devices (bsc#1051510). - mmc: sdhci-of-at91: fix cd-gpios for SAMA5D2 (bsc#1051510). - mm/filemap.c: do not initiate writeback if mapping has no dirty pages (bsc#1168884). - mm/memory_hotplug.c: only respect mem= parameter during boot stage (bsc#1065600). - MM: replace PF_LESS_THROTTLE with PF_LOCAL_THROTTLE (bsc#1163403). - mm: Use overflow helpers in kvmalloc() (bsc#1166003). - mwifiex: set needed_headroom, not hard_header_len (bsc#1051510). - net: core: another layer of lists, around PF_MEMALLOC skb handling (bsc#1050549). - net: cxgb3_main: Add CAP_NET_ADMIN check to CHELSIO_GET_MEM (networking-stable-20_01_27). - net: dsa: mv88e6xxx: Preserve priority when setting CPU port (networking-stable-20_01_11). - net: dsa: tag_qca: fix doubled Tx statistics (networking-stable-20_01_20). - net: dsa: tag_qca: Make sure there is headroom for tag (networking-stable-20_02_19). - net: ena: Add PCI shutdown handler to allow safe kexec (bsc#1167421, bsc#1167423). - net/ethtool: Introduce link_ksettings API for virtual network devices (bsc#1136157 ltc#177197). - netfilter: conntrack: sctp: use distinct states for new SCTP connections (bsc#1159199). - net: hns: fix soft lockup when there is not enough memory (networking-stable-20_01_20). - net: hsr: fix possible NULL deref in hsr_handle_frame() (networking-stable-20_02_05). - net: ip6_gre: fix moving ip6gre between namespaces (networking-stable-20_01_27). - net, ip6_tunnel: fix namespaces move (networking-stable-20_01_27). - net, ip_tunnel: fix namespaces move (networking-stable-20_01_27). - net: macb: Limit maximum GEM TX length in TSO (networking-stable-20_02_09). - net: macb: Remove unnecessary alignment check for TSO (networking-stable-20_02_09). - net/mlxfw: Verify FSM error code translation does not exceed array size (bsc#1051858). - net: mvneta: move rx_dropped and rx_errors in per-cpu stats (networking-stable-20_02_09). - net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL (bsc#1051510). - net: nfc: fix bounds checking bugs on 'pipe' (bsc#1051510). - net: phy: micrel: kszphy_resume(): add delay after genphy_resume() before accessing PHY registers (bsc#1051510). - net: rtnetlink: validate IFLA_MTU attribute in rtnl_create_link() (networking-stable-20_01_27). - net_sched: ematch: reject invalid TCF_EM_SIMPLE (networking-stable-20_01_30). - net_sched: fix an OOB access in cls_tcindex (networking-stable-20_02_05). - net_sched: fix a resource leak in tcindex_set_parms() (networking-stable-20_02_09). - net_sched: fix datalen for ematch (networking-stable-20_01_27). - net/sched: flower: add missing validation of TCA_FLOWER_FLAGS (networking-stable-20_02_19). - net_sched: keep alloc_hash updated after hash allocation (git-fixes). - net/sched: matchall: add missing validation of TCA_MATCHALL_FLAGS (networking-stable-20_02_19). - net: sch_prio: When ungrafting, replace with FIFO (networking-stable-20_01_11). - net/smc: add fallback check to connect() (git-fixes). - net/smc: fix leak of kernel memory to user space (networking-stable-20_02_19). - net/smc: fix refcount non-blocking connect() -part 2 (git-fixes). - net: stmmac: Delete txtimer in suspend() (networking-stable-20_02_05). - net: stmmac: dwmac-sunxi: Allow all RGMII modes (networking-stable-20_01_11). - net-sysfs: Fix reference count leak (networking-stable-20_01_27). - net: systemport: Avoid RBUF stuck in Wake-on-LAN mode (networking-stable-20_02_09). - net: usb: lan78xx: Add .ndo_features_check (networking-stable-20_01_27). - net: usb: lan78xx: fix possible skb leak (networking-stable-20_01_11). - net/wan/fsl_ucc_hdlc: fix out of bounds write on array utdm_info (networking-stable-20_01_20). - NFC: fdp: Fix a signedness bug in fdp_nci_send_patch() (bsc#1051510). - NFC: pn544: Fix a typo in a debug message (bsc#1051510). - NFC: port100: Convert cpu_to_le16(le16_to_cpu(E1) + E2) to use le16_add_cpu() (bsc#1051510). - NFS: send state management on a single connection (bsc#1167005). - nvme-multipath: fix possible I/O hang when paths are updated (bsc#1158983). - objtool: Add is_static_jump() helper (bsc#1169514). - objtool: Add relocation check for alternative sections (bsc#1169514). - OMAP: DSS2: remove non-zero check on variable r (bsc#1114279) - orinoco: avoid assertion in case of NULL pointer (bsc#1051510). - padata: always acquire cpu_hotplug_lock before pinst->lock (git-fixes). - partitions/efi: Fix partition name parsing in GUID partition entry (bsc#1168763). - PCI/ASPM: Clear the correct bits when enabling L1 substates (bsc#1051510). - PCI: endpoint: Fix clearing start entry in configfs (bsc#1051510). - PCI: pciehp: Fix MSI interrupt race (bsc#1159037). - PCI/switchtec: Fix init_completion race condition with poll_wait() (bsc#1051510). - perf/amd/uncore: Replace manual sampling check with CAP_NO_INTERRUPT flag (bsc#1114279). - perf: qcom_l2: fix column exclusion check (git-fixes). - pinctrl: baytrail: Do not clear IRQ flags on direct-irq enabled pins (bsc#1051510). - pinctrl: core: Remove extra kref_get which blocks hogs being freed (bsc#1051510). - pinctrl: sh-pfc: sh7264: Fix CAN function GPIOs (bsc#1051510). - pinctrl: sh-pfc: sh7269: Fix CAN function GPIOs (bsc#1051510). - pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM (networking-stable-20_01_11). - platform/x86: pmc_atom: Add Lex 2I385SW to critclk_systems DMI table (bsc#1051510). - PM: core: Fix handling of devices deleted during system-wide resume (git-fixes). - powerpc/64: mark start_here_multiplatform as __ref (bsc#1148868). - powerpc/64s: Fix section mismatch warnings from boot code (bsc#1148868). - powerpc/64/tm: Do not let userspace set regs->trap via sigreturn (bsc#1118338 ltc#173734). - powerpc: fix hardware PMU exception bug on PowerVM compatibility mode systems (bsc#1056686). - powerpc/hash64/devmap: Use H_PAGE_THP_HUGE when setting up huge devmap PTE entries (bsc#1065729). - powerpc/kprobes: Ignore traps that happened in real mode (bsc#1065729). - powerpc/mm: Fix section mismatch warning in stop_machine_change_mapping() (bsc#1148868). - powerpc/pseries: Avoid NULL pointer dereference when drmem is unavailable (bsc#1160659). - powerpc/pseries: group lmb operation and memblock's (bsc#1165404 ltc#183498). - powerpc/pseries/memory-hotplug: Only update DT once per memory DLPAR request (bsc#1165404 ltc#183498). - powerpc/pseries: update device tree before ejecting hotplug uevents (bsc#1165404 ltc#183498). - powerpc/smp: Use nid as fallback for package_id (bsc#1165813 ltc#184091). - powerpc/vmlinux.lds: Explicitly retain .gnu.hash (bsc#1148868). - powerpc/xive: Replace msleep(x) with msleep(OPAL_BUSY_DELAY_MS) (bsc#1085030). - powerpc/xive: Use XIVE_BAD_IRQ instead of zero to catch non configured IPIs (bsc#1085030). - pwm: bcm2835: Dynamically allocate base (bsc#1051510). - pwm: meson: Fix confusing indentation (bsc#1051510). - pwm: pca9685: Fix PWM/GPIO inter-operation (bsc#1051510). - pwm: rcar: Fix late Runtime PM enablement (bsc#1051510). - pwm: renesas-tpu: Fix late Runtime PM enablement (bsc#1051510). - pxa168fb: fix release function mismatch in probe failure (bsc#1051510). - qmi_wwan: re-add DW5821e pre-production variant (bsc#1051510). - qmi_wwan: unconditionally reject 2 ep interfaces (bsc#1051510). - raid10: refactor common wait code from regular read/write request (bsc#1166003). - raid1: factor out a common routine to handle the completion of sync write (bsc#1166003). - raid1: simplify raid1_error function (bsc#1166003). - raid1: use an int as the return value of raise_barrier() (bsc#1166003). - raid5: block failing device if raid will be failed (bsc#1166003). - raid5-cache: Need to do start() part job after adding journal device (bsc#1166003). - raid5: copy write hint from origin bio to stripe (bsc#1166003). - raid5: do not increment read_errors on EILSEQ return (bsc#1166003). - raid5: do not set STRIPE_HANDLE to stripe which is in batch list (bsc#1166003). - raid5 improve too many read errors msg by adding limits (bsc#1166003). - raid5: need to set STRIPE_HANDLE for batch head (bsc#1166003). - raid5: remove STRIPE_OPS_REQ_PENDING (bsc#1166003). - raid5: remove worker_cnt_per_group argument from alloc_thread_groups (bsc#1166003). - raid5: set write hint for PPL (bsc#1166003). - raid5: use bio_end_sector in r5_next_bio (bsc#1166003). - raid6/test: fix a compilation error (bsc#1166003). - raid6/test: fix a compilation warning (bsc#1166003). - remoteproc: Initialize rproc_class before use (bsc#1051510). - rtlwifi: rtl8192de: Fix missing callback that tests for hw release of buffer (git-fixes). - rtlwifi: rtl_pci: Fix -Wcast-function-type (bsc#1051510). - rxrpc: Fix insufficient receive notification generation (networking-stable-20_02_05). - s390/mm: fix dynamic pagetable upgrade for hugetlbfs (bsc#1165182 LTC#184102). - scsi: core: avoid repetitive logging of device offline messages (bsc#1145929). - scsi: core: kABI fix offline_already (bsc#1145929). - scsi: fnic: do not queue commands during fwreset (bsc#1146539). - scsi: ibmvfc: Add failed PRLI to cmd_status lookup array (bsc#1161951 ltc#183551). - scsi: ibmvfc: Avoid loss of all paths during SVC node reboot (bsc#1161951 ltc#183551). - scsi: ibmvfc: Byte swap status and error codes when logging (bsc#1161951 ltc#183551). - scsi: ibmvfc: Clean up transport events (bsc#1161951 ltc#183551). - scsi: ibmvfc: constify dev_pm_ops structures (bsc#1161951 ltc#183551). - scsi: ibmvfc: Do not call fc_block_scsi_eh() on host reset (bsc#1161951 ltc#183551). - scsi: ibmvfc: Fix NULL return compiler warning (bsc#1161951 ltc#183551). Refresh sorted patches. - scsi: ibmvfc: ibmvscsi: ibmvscsi_tgt: constify vio_device_id (bsc#1161951 ltc#183551). - scsi: ibmvfc: Mark expected switch fall-throughs (bsc#1161951 ltc#183551). - scsi: ibmvfc: Remove 'failed' from logged errors (bsc#1161951 ltc#183551). - scsi: ibmvfc: Remove unneeded semicolons (bsc#1161951 ltc#183551). - scsi: ibmvscsi: change strncpy+truncation to strlcpy (bsc#1161951 ltc#183551). - scsi: ibmvscsi: constify dev_pm_ops structures (bsc#1161951 ltc#183551). - scsi: ibmvscsi: Do not use rc uninitialized in ibmvscsi_do_work (bsc#1161951 ltc#183551). - scsi: ibmvscsi: fix tripping of blk_mq_run_hw_queue WARN_ON (bsc#1161951 ltc#183551). - scsi: ibmvscsi: Improve strings handling (bsc#1161951 ltc#183551). - scsi: ibmvscsi: redo driver work thread to use enum action states (bsc#1161951 ltc#183551). - scsi: ibmvscsi: Wire up host_reset() in the driver's scsi_host_template (bsc#1161951 ltc#183551). - scsi: qla2xxx: Add 16.0GT for PCI String (bsc#1157424). - scsi: qla2xxx: Add beacon LED config sysfs interface (bsc#1157424). - scsi: qla2xxx: Add changes in preparation for vendor extended FDMI/RDP (bsc#1157424). - scsi: qla2xxx: Add deferred queue for processing ABTS and RDP (bsc#1157424). - scsi: qla2xxx: Add endianizer macro calls to fc host stats (bsc#1157424). - scsi: qla2xxx: Add fixes for mailbox command (bsc#1157424). - scsi: qla2xxx: add more FW debug information (bsc#1157424). - scsi: qla2xxx: Add ql2xrdpenable module parameter for RDP (bsc#1157424). - scsi: qla2xxx: Add sysfs node for D-Port Diagnostics AEN data (bsc#1157424). - scsi: qla2xxx: Add vendor extended FDMI commands (bsc#1157424). - scsi: qla2xxx: Add vendor extended RDP additions and amendments (bsc#1157424). - scsi: qla2xxx: Avoid setting firmware options twice in 24xx_update_fw_options (bsc#1157424). - scsi: qla2xxx: Check locking assumptions at runtime in qla2x00_abort_srb() (bsc#1157424). - scsi: qla2xxx: Cleanup ELS/PUREX iocb fields (bsc#1157424). - scsi: qla2xxx: Convert MAKE_HANDLE() from a define into an inline function (bsc#1157424). - scsi: qla2xxx: Correction to selection of loopback/echo test (bsc#1157424). - scsi: qla2xxx: Display message for FCE enabled (bsc#1157424). - scsi: qla2xxx: Fix control flags for login/logout IOCB (bsc#1157424). - scsi: qla2xxx: Fix FCP-SCSI FC4 flag passing error (bsc#1157424). - scsi: qla2xxx: fix FW resource count values (bsc#1157424). - scsi: qla2xxx: Fix I/Os being passed down when FC device is being deleted (bsc#1157424). - scsi: qla2xxx: Fix NPIV instantiation after FW dump (bsc#1157424). - scsi: qla2xxx: Fix qla2x00_echo_test() based on ISP type (bsc#1157424). - scsi: qla2xxx: Fix RDP respond data format (bsc#1157424). - scsi: qla2xxx: Fix RDP response size (bsc#1157424). - scsi: qla2xxx: Fix sparse warning reported by kbuild bot (bsc#1157424). - scsi: qla2xxx: Fix sparse warnings triggered by the PCI state checking code (bsc#1157424). - scsi: qla2xxx: Force semaphore on flash validation failure (bsc#1157424). - scsi: qla2xxx: Handle cases for limiting RDP response payload length (bsc#1157424). - scsi: qla2xxx: Handle NVME status iocb correctly (bsc#1157424). - scsi: qla2xxx: Improved secure flash support messages (bsc#1157424). - scsi: qla2xxx: Move free of fcport out of interrupt context (bsc#1157424). - scsi: qla2xxx: Print portname for logging in qla24xx_logio_entry() (bsc#1157424). - scsi: qla2xxx: Remove restriction of FC T10-PI and FC-NVMe (bsc#1157424). - scsi: qla2xxx: Return appropriate failure through BSG Interface (bsc#1157424). - scsi: qla2xxx: Save rscn_gen for new fcport (bsc#1157424). - scsi: qla2xxx: Serialize fc_port alloc in N2N (bsc#1157424). - scsi: qla2xxx: Set Nport ID for N2N (bsc#1157424). - scsi: qla2xxx: Show correct port speed capabilities for RDP command (bsc#1157424). - scsi: qla2xxx: Simplify the code for aborting SCSI commands (bsc#1157424). - scsi: qla2xxx: Suppress endianness complaints in qla2x00_configure_local_loop() (bsc#1157424). - scsi: qla2xxx: Update BPM enablement semantics (bsc#1157424). - scsi: qla2xxx: Update driver version to 10.01.00.24-k (bsc#1157424). - scsi: qla2xxx: Update driver version to 10.01.00.25-k (bsc#1157424). - scsi: qla2xxx: Use a dedicated interrupt handler for 'handshake-required' ISPs (bsc#1157424). - scsi: qla2xxx: Use correct ISP28xx active FW region (bsc#1157424). - scsi: qla2xxx: Use endian macros to assign static fields in fwdump header (bsc#1157424). - scsi: qla2xxx: Use FC generic update firmware options routine for ISP27xx (bsc#1157424). - scsi: qla2xxx: Use QLA_FW_STOPPED macro to propagate flag (bsc#1157424). - scsi: tcm_qla2xxx: Make qlt_alloc_qfull_cmd() set cmd->se_cmd.map_tag (bsc#1157424). - sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY (networking-stable-20_01_11). - serdev: ttyport: restore client ops on deregistration (bsc#1051510). - smb3: add debug messages for closing unmatched open (bsc#1144333). - smb3: Add defines for new information level, FileIdInformation (bsc#1144333). - smb3: add dynamic tracepoints for flush and close (bsc#1144333). - smb3: add missing flag definitions (bsc#1144333). - smb3: Add missing reparse tags (bsc#1144333). - smb3: add missing worker function for SMB3 change notify (bsc#1144333). - smb3: add mount option to allow forced caching of read only share (bsc#1144333). - smb3: add mount option to allow RW caching of share accessed by only 1 client (bsc#1144333). - smb3: add one more dynamic tracepoint missing from strict fsync path (bsc#1144333). - smb3: add some more descriptive messages about share when mounting cache=ro (bsc#1144333). - smb3: allow decryption keys to be dumped by admin for debugging (bsc#1144333). - smb3: allow disabling requesting leases (bsc#1144333). - smb3: allow parallelizing decryption of reads (bsc#1144333). - smb3: allow skipping signature verification for perf sensitive configurations (bsc#1144333). - SMB3: Backup intent flag missing from some more ops (bsc#1144333). - smb3: cleanup some recent endian errors spotted by updated sparse (bsc#1144333). - smb3: display max smb3 requests in flight at any one time (bsc#1144333). - smb3: dump in_send and num_waiters stats counters by default (bsc#1144333). - smb3: enable offload of decryption of large reads via mount option (bsc#1144333). - smb3: fix default permissions on new files when mounting with modefromsid (bsc#1144333). - smb3: fix mode passed in on create for modetosid mount option (bsc#1144333). - smb3: fix performance regression with setting mtime (bsc#1144333). - smb3: fix potential null dereference in decrypt offload (bsc#1144333). - smb3: fix problem with null cifs super block with previous patch (bsc#1144333). - smb3: Fix regression in time handling (bsc#1144333). - smb3: improve check for when we send the security descriptor context on create (bsc#1144333). - smb3: log warning if CSC policy conflicts with cache mount option (bsc#1144333). - smb3: missing ACL related flags (bsc#1144333). - smb3: only offload decryption of read responses if multiple requests (bsc#1144333). - smb3: pass mode bits into create calls (bsc#1144333). - smb3: print warning once if posix context returned on open (bsc#1144333). - smb3: query attributes on file close (bsc#1144333). - smb3: remove noisy debug message and minor cleanup (bsc#1144333). - smb3: remove unused flag passed into close functions (bsc#1144333). - staging: ccree: use signal safe completion wait (git-fixes). - staging: rtl8188eu: Add ASUS USB-N10 Nano B1 to device table (bsc#1051510). - staging: rtl8188eu: Fix potential overuse of kernel memory (bsc#1051510). - staging: rtl8188eu: Fix potential security hole (bsc#1051510). - staging: rtl8723bs: Fix potential overuse of kernel memory (bsc#1051510). - staging: rtl8723bs: Fix potential security hole (bsc#1051510). - staging: vt6656: fix sign of rx_dbm to bb_pre_ed_rssi (bsc#1051510). - staging: wlan-ng: fix ODEBUG bug in prism2sta_disconnect_usb (bsc#1051510). - staging: wlan-ng: fix use-after-free Read in hfa384x_usbin_callback (bsc#1051510). - SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202). - tcp_bbr: improve arithmetic division in bbr_update_bw() (networking-stable-20_01_27). - tcp: clear tp->data_segs{in|out} in tcp_disconnect() (networking-stable-20_02_05). - tcp: clear tp->delivered in tcp_disconnect() (networking-stable-20_02_05). - tcp: clear tp->segs_{in|out} in tcp_disconnect() (networking-stable-20_02_05). - tcp: clear tp->total_retrans in tcp_disconnect() (networking-stable-20_02_05). - tcp: fix marked lost packets not being retransmitted (networking-stable-20_01_20). - tcp: fix 'old stuff' D-SACK causing SACK to be treated as D-SACK (networking-stable-20_01_11). - thermal: devfreq_cooling: inline all stubs for CONFIG_DEVFREQ_THERMAL=n (bsc#1051510). - thunderbolt: Prevent crash if non-active NVMem file is read (git-fixes). - tick: broadcast-hrtimer: Fix a race in bc_set_next (bsc#1044231). - tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure (git-fixes). - tools: Update include/uapi/linux/fcntl.h copy from the kernel (bsc#1166003). - tpm: ibmvtpm: Wait for buffer to be set before proceeding (bsc#1065729). - tty: evh_bytechan: Fix out of bounds accesses (bsc#1051510). - ttyprintk: fix a potential deadlock in interrupt context issue (git-fixes). - tty/serial: atmel: manage shutdown in case of RS485 or ISO7816 mode (bsc#1051510). - tty: serial: imx: setup the correct sg entry for tx dma (bsc#1051510). - USB: cdc-acm: fix rounding error in TIOCSSERIAL (git-fixes). - USB: core: add endpoint-blacklist quirk (git-fixes). - USB: core: hub: do error out if usb_autopm_get_interface() fails (git-fixes). - USB: core: port: do error out if usb_autopm_get_interface() fails (git-fixes). - USB: Disable LPM on WD19's Realtek Hub (git-fixes). - USB: dwc2: Fix in ISOC request length checking (git-fixes). - USB: Fix novation SourceControl XL after suspend (git-fixes). - USB: gadget: composite: Fix bMaxPower for SuperSpeedPlus (git-fixes). - USB: gadget: f_fs: Fix use after free issue as part of queue failure (bsc#1051510). - USB: host: xhci-plat: add a shutdown (git-fixes). - USB: host: xhci: update event ring dequeue pointer on purpose (git-fixes). - USB: hub: Do not record a connect-change event during reset-resume (git-fixes). - usbip: Fix uninitialized symbol 'nents' in stub_recv_cmd_submit() (git-fixes). - USB: misc: iowarrior: add support for 2 OEMed devices (git-fixes). - USB: misc: iowarrior: add support for the 100 device (git-fixes). - USB: misc: iowarrior: add support for the 28 and 28L devices (git-fixes). - USB: musb: Disable pullup at init (git-fixes). - USB: musb: fix crash with highmen PIO and usbmon (bsc#1051510). - USB: quirks: add NO_LPM quirk for Logitech Screen Share (git-fixes). - USB: quirks: add NO_LPM quirk for RTL8153 based ethernet adapters (git-fixes). - USB: quirks: blacklist duplicate ep on Sound Devices USBPre2 (git-fixes). - USB: serial: io_edgeport: fix slab-out-of-bounds read in edge_interrupt_callback (bsc#1051510). - USB: serial: option: add ME910G1 ECM composition 0x110b (git-fixes). - USB: serial: pl2303: add device-id for HP LD381 (git-fixes). - USB: storage: Add quirk for Samsung Fit flash (git-fixes). - USB: uas: fix a plug & unplug racing (git-fixes). - USB: xhci: apply XHCI_SUSPEND_DELAY to AMD XHCI controller 1022:145c (git-fixes). - uvcvideo: Refactor teardown of uvc on USB disconnect (bsc#1164507) - vgacon: Fix a UAF in vgacon_invert_region (bsc#1114279) - virtio-blk: fix hw_queue stopped on arbitrary error (git-fixes). - vlan: fix memory leak in vlan_dev_set_egress_priority (networking-stable-20_01_11). - vlan: vlan_changelink() should propagate errors (networking-stable-20_01_11). - vxlan: fix tos value before xmit (networking-stable-20_01_11). - x86/cpu/amd: Enable the fixed Instructions Retired counter IRPERF (bsc#1114279). - x86/mce/amd: Fix kobject lifetime (bsc#1114279). - x86/mce/amd: Publish the bank pointer only after setup has succeeded (bsc#1114279). - x86/mce: Fix logic and comments around MSR_PPIN_CTL (bsc#1114279). - x86/mm: Split vmalloc_sync_all() (bsc#1165741). - x86/pkeys: Manually set X86_FEATURE_OSPKE to preserve existing changes (bsc#1114279). - xen/blkfront: fix memory allocation flags in blkfront_setup_indirect() (bsc#1168486). - xfs: also remove cached ACLs when removing the underlying attr (bsc#1165873). - xfs: bulkstat should copy lastip whenever userspace supplies one (bsc#1165984). - xhci: apply XHCI_PME_STUCK_QUIRK to Intel Comet Lake platforms (git-fixes). - xhci: Do not open code __print_symbolic() in xhci trace events (git-fixes). - xhci: fix runtime pm enabling for quirky Intel hosts (bsc#1051510). - xhci: Force Maximum Packet size for Full-speed bulk devices to valid range (bsc#1051510). Important SUSE bug 1044231 SUSE bug 1050549 SUSE bug 1051510 SUSE bug 1051858 SUSE bug 1056686 SUSE bug 1060463 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1083647 SUSE bug 1085030 SUSE bug 1104967 SUSE bug 1109911 SUSE bug 1114279 SUSE bug 1118338 SUSE bug 1120386 SUSE bug 1133021 SUSE bug 1136157 SUSE bug 1137325 SUSE bug 1144333 SUSE bug 1145051 SUSE bug 1145929 SUSE bug 1146539 SUSE bug 1148868 SUSE bug 1154385 SUSE bug 1157424 SUSE bug 1158552 SUSE bug 1158983 SUSE bug 1159037 SUSE bug 1159142 SUSE bug 1159198 SUSE bug 1159199 SUSE bug 1159285 SUSE bug 1160659 SUSE bug 1161951 SUSE bug 1162929 SUSE bug 1162931 SUSE bug 1163403 SUSE bug 1163508 SUSE bug 1163897 SUSE bug 1164078 SUSE bug 1164284 SUSE bug 1164507 SUSE bug 1164893 SUSE bug 1165019 SUSE bug 1165111 SUSE bug 1165182 SUSE bug 1165404 SUSE bug 1165488 SUSE bug 1165527 SUSE bug 1165741 SUSE bug 1165813 SUSE bug 1165873 SUSE bug 1165949 SUSE bug 1165984 SUSE bug 1165985 SUSE bug 1166003 SUSE bug 1166101 SUSE bug 1166102 SUSE bug 1166103 SUSE bug 1166104 SUSE bug 1166632 SUSE bug 1166730 SUSE bug 1166731 SUSE bug 1166732 SUSE bug 1166733 SUSE bug 1166734 SUSE bug 1166735 SUSE bug 1166780 SUSE bug 1166860 SUSE bug 1166861 SUSE bug 1166862 SUSE bug 1166864 SUSE bug 1166866 SUSE bug 1166867 SUSE bug 1166868 SUSE bug 1166870 SUSE bug 1166940 SUSE bug 1167005 SUSE bug 1167288 SUSE bug 1167290 SUSE bug 1167316 SUSE bug 1167421 SUSE bug 1167423 SUSE bug 1167629 SUSE bug 1168075 SUSE bug 1168202 SUSE bug 1168276 SUSE bug 1168295 SUSE bug 1168424 SUSE bug 1168443 SUSE bug 1168486 SUSE bug 1168760 SUSE bug 1168762 SUSE bug 1168763 SUSE bug 1168764 SUSE bug 1168765 SUSE bug 1168829 SUSE bug 1168854 SUSE bug 1168881 SUSE bug 1168884 SUSE bug 1168952 SUSE bug 1169057 SUSE bug 1169390 SUSE bug 1169514 SUSE bug 1169625 CVE-2019-19768 CVE-2019-19770 CVE-2019-3701 CVE-2019-9458 CVE-2020-10942 CVE-2020-11494 CVE-2020-11669 CVE-2020-8647 CVE-2020-8649 CVE-2020-8834 CVE-2020-9383 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824). - CVE-2020-13143: Fixed an out-of-bounds read in gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c (bsc#1171982). - CVE-2020-12769: Fixed an issue which could have allowed attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one (bsc#1171983). - CVE-2020-12768: Fixed a memory leak in svm_cpu_uninit in arch/x86/kvm/svm.c (bsc#1171736). - CVE-2020-12657: An a use-after-free in block/bfq-iosched.c (bsc#1171205). - CVE-2020-12656: Fixed an improper handling of certain domain_release calls leadingch could have led to a memory leak (bsc#1171219). - CVE-2020-12655: Fixed an issue which could have allowed attackers to trigger a sync of excessive duration via an XFS v5 image with crafted metadata (bsc#1171217). - CVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171202). - CVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171195). - CVE-2020-12652: Fixed an issue which could have allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition (bsc#1171218). - CVE-2020-12464: Fixed a use-after-free due to a transfer without a reference (bsc#1170901). - CVE-2020-12114: Fixed a pivot_root race condition which could have allowed local users to cause a denial of service (panic) by corrupting a mountpoint reference counter (bsc#1171098). - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172317). - CVE-2020-10751: Fixed an improper implementation in SELinux LSM hook where it was assumed that an skb would only contain a single netlink message (bsc#1171189). - CVE-2020-10732: Fixed kernel data leak in userspace coredumps due to uninitialized data (bsc#1171220). - CVE-2020-10720: Fixed a use-after-free read in napi_gro_frags() (bsc#1170778). - CVE-2020-10711: Fixed a null pointer dereference in SELinux subsystem which could have allowed a remote network user to crash the kernel resulting in a denial of service (bsc#1171191). - CVE-2020-10690: Fixed the race between the release of ptp_clock and cdev (bsc#1170056). - CVE-2019-9455: Fixed a pointer leak due to a WARN_ON statement in a video driver. This could lead to local information disclosure with System execution privileges needed (bsc#1170345). - CVE-2019-20812: Fixed an issue in prb_calc_retire_blk_tmo() which could have resulted in a denial of service (bsc#1172453). - CVE-2019-20806: Fixed a null pointer dereference which may had lead to denial of service (bsc#1172199). - CVE-2019-19462: Fixed an issue which could have allowed local user to cause denial of service (bsc#1158265). - CVE-2018-1000199: Fixed a potential local code execution via ptrace (bsc#1089895). The following non-security bugs were fixed: - ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() (bsc#1051510). - ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() (bsc#1051510). - acpi/x86: ignore unspecified bit positions in the ACPI global lock field (bsc#1051510). - Add commit for git-fix that's not a fix This commit cleans up debug code but does not fix anything, and it relies on a new kernel function that isn't yet in this version of SLE. - agp/intel: Reinforce the barrier after GTT updates (bsc#1051510). - ALSA: ctxfi: Remove unnecessary cast in kfree (bsc#1051510). - ALSA: dummy: Fix PCM format loop in proc output (bsc#1111666). - ALSA: hda: Do not release card at firmware loading error (bsc#1051510). - ALSA: hda/hdmi: fix race in monitor detection during probe (bsc#1051510). - ALSA: hda/hdmi: fix without unlocked before return (bsc#1051510). - ALSA: hda: Keep the controller initialization even if no codecs found (bsc#1051510). - ALSA: hda/realtek - Add more fixup entries for Clevo machines (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC245 (bsc#1051510). - ALSA: hda/realtek - Add new codec supported for ALC287 (git-fixes). - ALSA: hda/realtek - Fix S3 pop noise on Dell Wyse (git-fixes). - ALSA: hda/realtek - Fix unexpected init_amp override (bsc#1051510). - ALSA: hda/realtek - Limit int mic boost for Thinkpad T530 (git-fixes bsc#1171293). - ALSA: hda/realtek - Two front mics on a Lenovo ThinkCenter (bsc#1051510). - ALSA: hwdep: fix a left shifting 1 by 31 UB bug (git-fixes). - ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option (git-fixes). - ALSA: opti9xx: shut up gcc-10 range warning (bsc#1051510). - ALSA: pcm: fix incorrect hw_base increase (git-fixes). - ALSA: pcm: oss: Place the plugin buffer overflow checks correctly (bsc#1170522). - ALSA-pcm-oss-Place-the-plugin-buffer-overflow-checks.patch - ALSA: rawmidi: Fix racy buffer resize under concurrent accesses (git-fixes). - ALSA: usb-audio: Add control message quirk delay for Kingston HyperX headset (git-fixes). - ALSA: usb-audio: Correct a typo of NuPrime DAC-10 USB ID (bsc#1051510). - ALSA: usb-audio: Do not override ignore_ctl_error value from the map (bsc#1051510). - ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif (bsc#1051510). - ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC (git-fixes). - ALSA: usx2y: Fix potential NULL dereference (bsc#1051510). - ASoC: codecs: hdac_hdmi: Fix incorrect use of list_for_each_entry (bsc#1051510). - ASoC: dapm: connect virtual mux with default value (bsc#1051510). - ASoC: dapm: fixup dapm kcontrol widget (bsc#1051510). - ASoC: dpcm: allow start or stop during pause for backend (bsc#1051510). - ASoC: fix regwmask (bsc#1051510). - ASoC: msm8916-wcd-digital: Reset RX interpolation path after use (bsc#1051510). - ASoC: samsung: Prevent clk_get_rate() calls in atomic context (bsc#1111666). - ASoC: topology: Check return value of pcm_new_ver (bsc#1051510). - ASoC: topology: use name_prefix for new kcontrol (bsc#1051510). - b43legacy: Fix case where channel status is corrupted (bsc#1051510). - batman-adv: fix batadv_nc_random_weight_tq (git-fixes). - batman-adv: Fix refcnt leak in batadv_show_throughput_override (git-fixes). - batman-adv: Fix refcnt leak in batadv_store_throughput_override (git-fixes). - batman-adv: Fix refcnt leak in batadv_v_ogm_process (git-fixes). - bcache: avoid unnecessary btree nodes flushing in btree_flush_write() (git fixes (block drivers)). - bcache: fix incorrect data type usage in btree_flush_write() (git fixes (block drivers)). - bcache: Revert 'bcache: shrink btree node cache after bch_btree_check()' (git fixes (block drivers)). - block/drbd: delete invalid function drbd_md_mark_dirty_ (bsc#1171527). - block: drbd: remove a stray unlock in __drbd_send_protocol() (bsc#1171599). - block: fix busy device checking in blk_drop_partitions again (bsc#1171948). - block: fix busy device checking in blk_drop_partitions (bsc#1171948). - block: fix memleak of bio integrity data (git fixes (block drivers)). - block: remove the bd_openers checks in blk_drop_partitions (bsc#1171948). - bnxt_en: fix memory leaks in bnxt_dcbnl_ieee_getets() (networking-stable-20_03_28). - bnxt_en: reinitialize IRQs when MTU is modified (networking-stable-20_03_14). - bonding/alb: make sure arp header is pulled before accessing it (networking-stable-20_03_14). - brcmfmac: abort and release host after error (bsc#1051510). - Btrfs: fix deadlock with memory reclaim during scrub (bsc#1172127). - btrfs: fix log context list corruption after rename whiteout error (bsc#1172342). - btrfs: fix partial loss of prealloc extent past i_size after fsync (bsc#1172343). - btrfs: move the dio_sem higher up the callchain (bsc#1171761). - btrfs: reloc: clear DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: reloc: fix reloc root leak and NULL pointer dereference (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: setup a nofs context for memory allocation at btrfs_create_tree() (bsc#1172127). - btrfs: setup a nofs context for memory allocation at __btrfs_set_acl (bsc#1172127). - btrfs: use nofs context when initializing security xattrs to avoid deadlock (bsc#1172127). - can: add missing attribute validation for termination (networking-stable-20_03_14). - cdc-acm: close race betrween suspend() and acm_softint (git-fixes). - cdc-acm: introduce a cool down (git-fixes). - ceph: fix double unlock in handle_cap_export() (bsc#1171694). - ceph: fix endianness bug when handling MDS session feature bits (bsc#1171695). - cgroup, netclassid: periodically release file_lock on classid updating (networking-stable-20_03_14). - CIFS: Allocate crypto structures on the fly for calculating signatures of incoming packets (bsc#1144333). - CIFS: Allocate encryption header through kmalloc (bsc#1144333). - CIFS: allow unlock flock and OFD lock across fork (bsc#1144333). - CIFS: check new file size when extending file by fallocate (bsc#1144333). - CIFS: cifspdu.h: Replace zero-length array with flexible-array member (bsc#1144333). - CIFS: clear PF_MEMALLOC before exiting demultiplex thread (bsc#1144333). - CIFS: do not share tcons with DFS (bsc#1144333). - CIFS: dump the session id and keys also for SMB2 sessions (bsc#1144333). - CIFS: ensure correct super block for DFS reconnect (bsc#1144333). - CIFS: Fix bug which the return value by asynchronous read is error (bsc#1144333). - CIFS: fix uninitialised lease_key in open_shroot() (bsc#1144333). - CIFS: improve read performance for page size 64KB & cache=strict & vers=2.1+ (bsc#1144333). - CIFS: Increment num_remote_opens stats counter even in case of smb2_query_dir_first (bsc#1144333). - CIFS: minor update to comments around the cifs_tcp_ses_lock mutex (bsc#1144333). - CIFS: protect updating server->dstaddr with a spinlock (bsc#1144333). - CIFS: smb2pdu.h: Replace zero-length array with flexible-array member (bsc#1144333). - CIFS: smbd: Calculate the correct maximum packet size for segmented SMBDirect send/receive (bsc#1144333). - CIFS: smbd: Check and extend sender credits in interrupt context (bsc#1144333). - CIFS: smbd: Check send queue size before posting a send (bsc#1144333). - CIFS: smbd: Do not schedule work to send immediate packet on every receive (bsc#1144333). - CIFS: smbd: Merge code to track pending packets (bsc#1144333). - CIFS: smbd: Properly process errors on ib_post_send (bsc#1144333). - CIFS: smbd: Update receive credits before sending and deal with credits roll back on failure before sending (bsc#1144333). - CIFS: Warn less noisily on default mount (bsc#1144333). - clk: Add clk_hw_unregister_composite helper function definition (bsc#1051510). - clk: imx6ull: use OSC clock during AXI rate change (bsc#1051510). - clk: imx: make mux parent strings const (bsc#1051510). - clk: mediatek: correct the clocks for MT2701 HDMI PHY module (bsc#1051510). - clk: sunxi-ng: a64: Fix gate bit of DSI DPHY (bsc#1051510). - clocksource/drivers/hyper-v: Set TSC clocksource as default w/ InvariantTSC (bsc#1170620). - clocksource: dw_apb_timer_of: Fix missing clockevent timers (bsc#1051510). - component: Silence bind error on -EPROBE_DEFER (bsc#1051510). - coresight: do not use the BIT() macro in the UAPI header (git fixes (block drivers)). - cpufreq: s3c64xx: Remove pointless NULL check in s3c64xx_cpufreq_driver_init (bsc#1051510). - crypto: ccp - AES CFB mode is a stream cipher (git-fixes). - crypto: ccp - Clean up and exit correctly on allocation failure (git-fixes). - crypto: ccp - Cleanup misc_dev on sev_exit() (bsc#1114279). - crypto: ccp - Cleanup sp_dev_master in psp_dev_destroy() (bsc#1114279). - debugfs: Add debugfs_create_xul() for hexadecimal unsigned long (git-fixes). - dmaengine: dmatest: Fix iteration non-stop logic (bsc#1051510). - dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574). - dm writecache: fix data corruption when reloading the target (git fixes (block drivers)). - dm writecache: fix incorrect flush sequence when doing SSD mode commit (git fixes (block drivers)). - dm writecache: verify watermark during resume (git fixes (block drivers)). - dm zoned: fix invalid memory access (git fixes (block drivers)). - dm zoned: reduce overhead of backing device checks (git fixes (block drivers)). - dm zoned: remove duplicate nr_rnd_zones increase in dmz_init_zone() (git fixes (block drivers)). - dm zoned: support zone sizes smaller than 128MiB (git fixes (block drivers)). - dp83640: reverse arguments to list_add_tail (git-fixes). - drivers: hv: Add a module description line to the hv_vmbus driver (bsc#1172253). - Drivers: HV: Send one page worth of kmsg dump over Hyper-V during panic (bsc#1170618). - Drivers: hv: vmbus: Fix the issue with freeing up hv_ctl_table_hdr (bsc#1170618). - Drivers: hv: vmbus: Get rid of MSR access from vmbus_drv.c (bsc#1170618). - Drivers: hv: vmus: Fix the check for return value from kmsg get dump buffer (bsc#1170618). - drivers/net/ibmvnic: Update VNIC protocol version reporting (bsc#1065729). - drm: amd/acp: fix broken menu structure (bsc#1114279) * context changes - drm/crc: Actually allow to change the crc source (bsc#1114279) * offset changes - drm/dp_mst: Fix clearing payload state on topology disable (bsc#1051510). - drm/dp_mst: Reformat drm_dp_check_act_status() a bit (bsc#1051510). - drm/edid: Fix off-by-one in DispID DTD pixel clock (bsc#1114279) - drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of (bsc#1114279) - drm/i915: properly sanity check batch_start_offset (bsc#1114279) * renamed display/intel_fbc.c -> intel_fb.c * renamed gt/intel_rc6.c -> intel_pm.c * context changes - drm/meson: Delete an error message in meson_dw_hdmi_bind() (bsc#1051510). - drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem (bsc#1114279) - drm/qxl: qxl_release leak in qxl_draw_dirty_fb() (bsc#1051510). - drm/qxl: qxl_release leak in qxl_hw_surface_alloc() (bsc#1051510). - drm/qxl: qxl_release use after free (bsc#1051510). - drm: Remove PageReserved manipulation from drm_pci_alloc (bsc#1114279) * offset changes - dump_stack: avoid the livelock of the dump_lock (git fixes (block drivers)). - EDAC, sb_edac: Add support for systems with segmented PCI buses (bsc#1169525). - ext4: do not zeroout extents beyond i_disksize (bsc#1167851). - ext4: fix extent_status fragmentation for plain files (bsc#1171949). - ext4: use non-movable memory for superblock readahead (bsc#1171952). - fanotify: fix merging marks masks with FAN_ONDIR (bsc#1171679). - fbcon: fix null-ptr-deref in fbcon_switch (bsc#1114279) * rename drivers/video/fbdev/core to drivers/video/console * context changes - fib: add missing attribute validation for tun_id (networking-stable-20_03_14). - firmware: qcom: scm: fix compilation error when disabled (bsc#1051510). - fs/cifs: fix gcc warning in sid_to_id (bsc#1144333). - fs/seq_file.c: simplify seq_file iteration code and interface (bsc#1170125). - gpio: tegra: mask GPIO IRQs during IRQ shutdown (bsc#1051510). - gre: fix uninit-value in __iptunnel_pull_header (networking-stable-20_03_14). - HID: hid-input: clear unmapped usages (git-fixes). - HID: hyperv: Add a module description line (bsc#1172253). - HID: i2c-hid: add Trekstor Primebook C11B to descriptor override (git-fixes). - HID: i2c-hid: override HID descriptors for certain devices (git-fixes). - HID: multitouch: add eGalaxTouch P80H84 support (bsc#1051510). - HID: wacom: Read HID_DG_CONTACTMAX directly for non-generic devices (git-fixes). - hrtimer: Annotate lockless access to timer->state (git fixes (block drivers)). - hsr: add restart routine into hsr_get_node_list() (networking-stable-20_03_28). - hsr: check protocol version in hsr_newlink() (networking-stable-20_04_17). - hsr: fix general protection fault in hsr_addr_is_self() (networking-stable-20_03_28). - hsr: set .netnsok flag (networking-stable-20_03_28). - hsr: use rcu_read_lock() in hsr_get_node_{list/status}() (networking-stable-20_03_28). - i2c: acpi: Force bus speed to 400KHz if a Silead touchscreen is present (git-fixes). - i2c: acpi: put device when verifying client fails (git-fixes). - i2c: brcmstb: remove unused struct member (git-fixes). - i2c: core: Allow empty id_table in ACPI case as well (git-fixes). - i2c: core: decrease reference count of device node in i2c_unregister_device (git-fixes). - i2c: dev: Fix the race between the release of i2c_dev and cdev (bsc#1051510). - i2c: fix missing pm_runtime_put_sync in i2c_device_probe (git-fixes). - i2c-hid: properly terminate i2c_hid_dmi_desc_override_table array (git-fixes). - i2c: i801: Do not add ICH_RES_IO_SMI for the iTCO_wdt device (git-fixes). - i2c: iproc: Stop advertising support of SMBUS quick cmd (git-fixes). - i2c: isch: Remove unnecessary acpi.h include (git-fixes). - i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()' (bsc#1051510). - i2c: st: fix missing struct parameter description (bsc#1051510). - IB/ipoib: Add child to parent list only if device initialized (bsc#1168503). - IB/ipoib: Consolidate checking of the proposed child interface (bsc#1168503). - IB/ipoib: Do not remove child devices from within the ndo_uninit (bsc#1168503). - IB/ipoib: Get rid of IPOIB_FLAG_GOING_DOWN (bsc#1168503). - IB/ipoib: Get rid of the sysfs_mutex (bsc#1168503). - IB/ipoib: Maintain the child_intfs list from ndo_init/uninit (bsc#1168503). - IB/ipoib: Move all uninit code into ndo_uninit (bsc#1168503). - IB/ipoib: Move init code to ndo_init (bsc#1168503). - IB/ipoib: Replace printk with pr_warn (bsc#1168503). - IB/ipoib: Use cancel_delayed_work_sync for neigh-clean task (bsc#1168503). - IB/ipoib: Warn when one port fails to initialize (bsc#1168503). - ibmvnic: Skip fatal error reset after passive init (bsc#1171078 ltc#184239). - iio:ad7797: Use correct attribute_group (bsc#1051510). - iio: adc: stm32-adc: fix device used to request dma (bsc#1051510). - iio: adc: stm32-adc: fix sleep in atomic context (git-fixes). - iio: adc: stm32-adc: Use dma_request_chan() instead dma_request_slave_channel() (bsc#1051510). - iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()' (bsc#1051510). - iio: sca3000: Remove an erroneous 'get_device()' (bsc#1051510). - iio: xilinx-xadc: Fix ADC-B powerdown (bsc#1051510). - iio: xilinx-xadc: Fix clearing interrupt when enabling trigger (bsc#1051510). - iio: xilinx-xadc: Fix sequencer configuration for aux channels in simultaneous mode (bsc#1051510). - ima: Fix return value of ima_write_policy() (git-fixes). - Input: evdev - call input_flush_device() on release(), not flush() (bsc#1051510). - Input: hyperv-keyboard - add module description (bsc#1172253). - Input: i8042 - add Acer Aspire 5738z to nomux list (bsc#1051510). - Input: i8042 - add ThinkPad S230u to i8042 reset list (bsc#1051510). - Input: raydium_i2c_ts - use true and false for boolean values (bsc#1051510). - Input: synaptics-rmi4 - fix error return code in rmi_driver_probe() (bsc#1051510). - Input: synaptics-rmi4 - really fix attn_data use-after-free (git-fixes). - Input: usbtouchscreen - add support for BonXeon TP (bsc#1051510). - Input: xpad - add custom init packet for Xbox One S controllers (bsc#1051510). - iommu/amd: Call domain_flush_complete() in update_domain() (bsc#1172096). - iommu/amd: Do not flush Device Table in iommu_map_page() (bsc#1172097). - iommu/amd: Do not loop forever when trying to increase address space (bsc#1172098). - iommu/amd: Fix legacy interrupt remapping for x2APIC-enabled system (bsc#1172099). - iommu/amd: Fix over-read of ACPI UID from IVRS table (bsc#1172101). - iommu/amd: Fix race in increase_address_space()/fetch_pte() (bsc#1172102). - iommu/amd: Update Device Table in increase_address_space() (bsc#1172103). - iommu: Fix reference count leak in iommu_group_alloc (bsc#1172397). - ipmi: fix hung processes in __get_guid() (git-fixes). - ipv4: fix a RCU-list lock in fib_triestat_seq_show (networking-stable-20_04_02). - ipv6/addrconf: call ipv6_mc_up() for non-Ethernet interface (networking-stable-20_03_14). - ipv6: do not auto-add link-local address to lag ports (networking-stable-20_04_09). - ipv6: Fix nlmsg_flags when splitting a multipath route (networking-stable-20_03_01). - ipv6: Fix route replacement with dev-only route (networking-stable-20_03_01). - ipvlan: add cond_resched_rcu() while processing muticast backlog (networking-stable-20_03_14). - ipvlan: do not deref eth hdr before checking it's set (networking-stable-20_03_14). - ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast() (networking-stable-20_03_14). - iwlwifi: pcie: actually release queue memory in TVQM (bsc#1051510). - kabi fix for early XHCI debug (git-fixes). - kabi for for md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (git-fixes). - kabi, protect struct ib_device (bsc#1168503). - kabi/severities: Do not track KVM internal symbols. - kabi/severities: Ingnore get_dev_data() The function is internal to the AMD IOMMU driver and must not be called by any third party. - kabi workaround for snd_rawmidi buffer_ref field addition (git-fixes). - KEYS: reaching the keys quotas correctly (bsc#1051510). - KVM: arm64: Change hyp_panic()s dependency on tpidr_el2 (bsc#1133021). - KVM: arm64: Stop save/restoring host tpidr_el1 on VHE (bsc#1133021). - KVM: Check validity of resolved slot when searching memslots (bsc#1172104). - KVM: s390: vsie: Fix delivery of addressing exceptions (git-fixes). - KVM: s390: vsie: Fix possible race when shadowing region 3 tables (git-fixes). - KVM: s390: vsie: Fix region 1 ASCE sanity shadow address checks (git-fixes). - KVM: SVM: Fix potential memory leak in svm_cpu_init() (bsc#1171736). - KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1152489). - l2tp: Allow management of tunnels and session in user namespace (networking-stable-20_04_17). - libata: Remove extra scsi_host_put() in ata_scsi_add_hosts() (bsc#1051510). - libata: Return correct status in sata_pmp_eh_recover_pm() when ATA_DFLAG_DETACH is set (bsc#1051510). - lib: raid6: fix awk build warnings (git fixes (block drivers)). - lib/raid6/test: fix build on distros whose /bin/sh is not bash (git fixes (block drivers)). - lib/stackdepot.c: fix global out-of-bounds in stack_slabs (git fixes (block drivers)). - locks: print unsigned ino in /proc/locks (bsc#1171951). - mac80211: add ieee80211_is_any_nullfunc() (bsc#1051510). - mac80211_hwsim: Use kstrndup() in place of kasprintf() (bsc#1051510). - mac80211: mesh: fix discovery timer re-arming issue / crash (bsc#1051510). - macsec: avoid to set wrong mtu (bsc#1051510). - macsec: restrict to ethernet devices (networking-stable-20_03_28). - macvlan: add cond_resched() during multicast processing (networking-stable-20_03_14). - macvlan: fix null dereference in macvlan_device_event() (bsc#1051510). - md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (git-fixes). - md/raid0: Fix an error message in raid0_make_request() (git fixes (block drivers)). - md/raid10: prevent access of uninitialized resync_pages offset (git-fixes). - media: dvb: return -EREMOTEIO on i2c transfer failure (bsc#1051510). - media: platform: fcp: Set appropriate DMA parameters (bsc#1051510). - media: ti-vpe: cal: fix disable_irqs to only the intended target (git-fixes). - mei: release me_cl object reference (bsc#1051510). - mlxsw: Fix some IS_ERR() vs NULL bugs (networking-stable-20_04_27). - mlxsw: spectrum_flower: Do not stop at FLOW_ACTION_VLAN_MANGLE (networking-stable-20_04_09). - mmc: atmel-mci: Fix debugfs on 64-bit platforms (git-fixes). - mmc: dw_mmc: Fix debugfs on 64-bit platforms (git-fixes). - mmc: meson-gx: make sure the descriptor is stopped on errors (git-fixes). - mmc: meson-gx: simplify interrupt handler (git-fixes). - mmc: renesas_sdhi: limit block count to 16 bit for old revisions (git-fixes). - mmc: sdhci-esdhc-imx: fix the mask for tuning start point (bsc#1051510). - mmc: sdhci-msm: Clear tuning done flag while hs400 tuning (bsc#1051510). - mmc: sdhci-of-at91: fix memleak on clk_get failure (git-fixes). - mmc: sdhci-pci: Fix eMMC driver strength for BYT-based controllers (bsc#1051510). - mmc: sdhci-xenon: fix annoying 1.8V regulator warning (bsc#1051510). - mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() (bsc#1051510). - mmc: tmio: fix access width of Block Count Register (git-fixes). - mm: thp: handle page cache THP correctly in PageTransCompoundMap (git fixes (block drivers)). - mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer (bsc#1051510). - mtd: spi-nor: cadence-quadspi: add a delay in write sequence (git-fixes). - mtd: spi-nor: enable 4B opcodes for mx66l51235l (git-fixes). - mtd: spi-nor: fsl-quadspi: Do not let -EINVAL on the bus (git-fixes). - mwifiex: avoid -Wstringop-overflow warning (bsc#1051510). - mwifiex: Fix memory corruption in dump_station (bsc#1051510). - net: bcmgenet: correct per TX/RX ring statistics (networking-stable-20_04_27). - net: dsa: b53: Fix ARL register definitions (networking-stable-20_04_27). - net: dsa: b53: Rework ARL bin logic (networking-stable-20_04_27). - net: dsa: bcm_sf2: Do not register slave MDIO bus with OF (networking-stable-20_04_09). - net: dsa: bcm_sf2: Ensure correct sub-node is parsed (networking-stable-20_04_09). - net: dsa: bcm_sf2: Fix overflow checks (git-fixes). - net: dsa: Fix duplicate frames flooded by learning (networking-stable-20_03_28). - net: dsa: mv88e6xxx: fix lockup on warm boot (networking-stable-20_03_14). - net: fec: validate the new settings in fec_enet_set_coalesce() (networking-stable-20_03_14). - net: fib_rules: Correctly set table field when table number exceeds 8 bits (networking-stable-20_03_01). - net: fix race condition in __inet_lookup_established() (bsc#1151794). - net: fq: add missing attribute validation for orphan mask (networking-stable-20_03_14). - net, ip_tunnel: fix interface lookup with no key (networking-stable-20_04_02). - net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin (networking-stable-20_04_17). - net: ipv6: do not consider routes via gateways for anycast address check (networking-stable-20_04_17). - netlink: Use netlink header as base to calculate bad attribute offset (networking-stable-20_03_14). - net: macsec: update SCI upon MAC address change (networking-stable-20_03_14). - net: memcg: fix lockdep splat in inet_csk_accept() (networking-stable-20_03_14). - net: memcg: late association of sock to memcg (networking-stable-20_03_14). - net/mlx4_en: avoid indirect call in TX completion (networking-stable-20_04_27). - net/mlx5: Add new fields to Port Type and Speed register (bsc#1171118). - net/mlx5: Add RoCE RX ICRC encapsulated counter (bsc#1171118). - net/mlx5e: Fix ethtool self test: link speed (bsc#1171118). - net/mlx5e: Move port speed code from en_ethtool.c to en/port.c (bsc#1171118). - net/mlx5: Expose link speed directly (bsc#1171118). - net/mlx5: Expose port speed when possible (bsc#1171118). - net: mvneta: Fix the case where the last poll did not process all rx (networking-stable-20_03_28). - net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node (networking-stable-20_04_27). - net/packet: tpacket_rcv: do not increment ring index on drop (networking-stable-20_03_14). - net: phy: restore mdio regs in the iproc mdio driver (networking-stable-20_03_01). - net: qmi_wwan: add support for ASKEY WWHC050 (networking-stable-20_03_28). - net: revert default NAPI poll timeout to 2 jiffies (networking-stable-20_04_17). - net_sched: cls_route: remove the right filter from hashtable (networking-stable-20_03_28). - net/x25: Fix x25_neigh refcnt leak when receiving frame (networking-stable-20_04_27). - nfc: add missing attribute validation for SE API (networking-stable-20_03_14). - nfc: add missing attribute validation for vendor subcommand (networking-stable-20_03_14). - nfc: pn544: Fix occasional HW initialization failure (networking-stable-20_03_01). - NFC: st21nfca: add missed kfree_skb() in an error path (bsc#1051510). - nfsd4: fix up replay_matches_cache() (git-fixes). - nfsd: Ensure CLONE persists data and metadata changes to the target file (git-fixes). - nfsd: fix delay timer on 32-bit architectures (git-fixes). - nfsd: fix jiffies/time_t mixup in LRU list (git-fixes). - NFS: Directory page cache pages need to be locked when read (git-fixes). - nfsd: memory corruption in nfsd4_lock() (git-fixes). - NFS: Do not call generic_error_remove_page() while holding locks (bsc#1170457). - NFS: Fix memory leaks and corruption in readdir (git-fixes). - NFS: Fix O_DIRECT accounting of number of bytes read/written (git-fixes). - NFS: Fix potential posix_acl refcnt leak in nfs3_set_acl (git-fixes). - NFS: fix racey wait in nfs_set_open_stateid_locked (bsc#1170592). - NFS/flexfiles: Use the correct TCP timeout for flexfiles I/O (git-fixes). - NFS/pnfs: Fix pnfs_generic_prepare_to_resend_writes() (git-fixes). - NFS: Revalidate the file size on a fatal write error (git-fixes). - NFSv4.0: nfs4_do_fsinfo() should not do implicit lease renewals (git-fixes). - NFSv4: Do not allow a cached open with a revoked delegation (git-fixes). - NFSv4: Fix leak of clp->cl_acceptor string (git-fixes). - NFSv4/pnfs: Return valid stateids in nfs_layout_find_inode_by_stateid() (git-fixes). - NFSv4: try lease recovery on NFS4ERR_EXPIRED (git-fixes). - NFSv4.x: Drop the slot if nfs4_delegreturn_prepare waits for layoutreturn (git-fixes). - nl802154: add missing attribute validation for dev_type (networking-stable-20_03_14). - nl802154: add missing attribute validation (networking-stable-20_03_14). - nvme-fc: print proper nvme-fc devloss_tmo value (bsc#1172391). - objtool: Fix stack offset tracking for indirect CFAs (bsc#1169514). - objtool: Fix switch table detection in .text.unlikely (bsc#1169514). - objtool: Make BP scratch register warning more robust (bsc#1169514). - padata: Remove broken queue flushing (git-fixes). - Partially revert 'kfifo: fix kfifo_alloc() and kfifo_init()' (git fixes (block drivers)). - pinctrl: baytrail: Enable pin configuration setting for GPIO chip (git-fixes). - pinctrl: cherryview: Add missing spinlock usage in chv_gpio_irq_handler (git-fixes). - platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA (bsc#1051510). - pNFS: Ensure we do clear the return-on-close layout stateid on fatal errors (git-fixes). - powerpc: Add attributes for setjmp/longjmp (bsc#1065729). - powerpc/pci/of: Parse unassigned resources (bsc#1065729). - powerpc/setup_64: Set cache-line-size based on cache-block-size (bsc#1065729). - powerpc/sstep: Fix DS operand in ld encoding to appropriate value (bsc#1065729). - qede: Fix race between rdma destroy workqueue and link change event (networking-stable-20_03_01). - r8152: check disconnect status after long sleep (networking-stable-20_03_14). - raid6/ppc: Fix build for clang (git fixes (block drivers)). - rcu: locking and unlocking need to always be at least barriers (git fixes (block drivers)). - RDMA/ipoib: Fix use of sizeof() (bsc#1168503). - RDMA/netdev: Fix netlink support in IPoIB (bsc#1168503). - RDMA/netdev: Hoist alloc_netdev_mqs out of the driver (bsc#1168503). - RDMA/netdev: Use priv_destructor for netdev cleanup (bsc#1168503). - Remove 2 git-fixes that cause build issues. (bsc#1171691) - Revert 'ALSA: hda/realtek: Fix pop noise on ALC225' (git-fixes). - Revert 'drm/panel: simple: Add support for Sharp LQ150X1LG11 panels' (bsc#1114279) * offset changes - Revert 'HID: i2c-hid: add Trekstor Primebook C11B to descriptor override' Depends on 9b5c747685982d22efffeafc5ec601bd28f6d78b, which was also reverted. - Revert 'HID: i2c-hid: override HID descriptors for certain devices' This broke i2c-hid.ko's build, there is no way around it without a big file rename or renaming the kernel module. - Revert 'i2c-hid: properly terminate i2c_hid_dmi_desc_override_table' Fixed 9b5c747685982d22efffeafc5ec601bd28f6d78b, which was also reverted. - Revert 'ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()' (bsc#1172221). - rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup() (bsc#1051510). - s390/cio: avoid duplicated 'ADD' uevents (git-fixes). - s390/cio: generate delayed uevent for vfio-ccw subchannels (git-fixes). - s390/cpuinfo: fix wrong output when CPU0 is offline (git-fixes). - s390/diag: fix display of diagnose call statistics (git-fixes). - s390/ftrace: fix potential crashes when switching tracers (git-fixes). - s390/gmap: return proper error code on ksm unsharing (git-fixes). - s390/ism: fix error return code in ism_probe() (git-fixes). - s390/pci: Fix possible deadlock in recover_store() (bsc#1165183 LTC#184103). - s390/pci: Recover handle in clp_set_pci_fn() (bsc#1165183 LTC#184103). - s390/qeth: cancel RX reclaim work earlier (git-fixes). - s390/qeth: do not return -ENOTSUPP to userspace (git-fixes). - s390/qeth: do not warn for napi with 0 budget (git-fixes). - s390/qeth: fix off-by-one in RX copybreak check (git-fixes). - s390/qeth: fix promiscuous mode after reset (git-fixes). - s390/qeth: fix qdio teardown after early init error (git-fixes). - s390/qeth: handle error due to unsupported transport mode (git-fixes). - s390/qeth: handle error when backing RX buffer (git-fixes). - s390/qeth: lock the card while changing its hsuid (git-fixes). - s390/qeth: support net namespaces for L3 devices (git-fixes). - s390/time: Fix clk type in get_tod_clock (git-fixes). - scripts/decodecode: fix trapping instruction formatting (bsc#1065729). - scripts/dtc: Remove redundant YYLOC global declaration (bsc#1160388). - scsi: bnx2i: fix potential use after free (bsc#1171600). - scsi: core: Handle drivers which set sg_tablesize to zero (bsc#1171601) This commit also required: > scsi: core: avoid preallocating big SGL for data - scsi: core: save/restore command resid for error handling (bsc#1171602). - scsi: core: scsi_trace: Use get_unaligned_be*() (bsc#1171604). - scsi: core: try to get module before removing device (bsc#1171605). - scsi: csiostor: Adjust indentation in csio_device_reset (bsc#1171606). - scsi: csiostor: Do not enable IRQs too early (bsc#1171607). - scsi: esas2r: unlock on error in esas2r_nvram_read_direct() (bsc#1171608). - scsi: fnic: fix invalid stack access (bsc#1171609). - scsi: fnic: fix msix interrupt allocation (bsc#1171610). - scsi: ibmvscsi: Fix WARN_ON during event pool release (bsc#1170791 ltc#185128). - scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func (bsc#1171611). - scsi: iscsi: Fix a potential deadlock in the timeout handler (bsc#1171612). - scsi: iscsi: qla4xxx: fix double free in probe (bsc#1171613). - scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences (bsc#1171614). - scsi: lpfc: Fix crash in target side cable pulls hitting WAIT_FOR_UNREG (bsc#1171615). - scsi: megaraid_sas: Do not initiate OCR if controller is not in ready state (bsc#1171616). - scsi: qla2xxx: add ring buffer for tracing debug logs (bsc#1157169). - scsi: qla2xxx: check UNLOADING before posting async work (bsc#1157169). - scsi: qla2xxx: Delete all sessions before unregister local nvme port (bsc#1157169). - scsi: qla2xxx: Do not log message when reading port speed via sysfs (bsc#1157169). - scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV (bsc#1157169). - scsi: qla2xxx: Fix regression warnings (bsc#1157169). - scsi: qla2xxx: Remove non functional code (bsc#1157169). - scsi: qla2xxx: set UNLOADING before waiting for session deletion (bsc#1157169). - scsi: qla4xxx: Adjust indentation in qla4xxx_mem_free (bsc#1171617). - scsi: qla4xxx: fix double free bug (bsc#1171618). - scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI (bsc#1171619). - scsi: sg: add sg_remove_request in sg_common_write (bsc#1171620). - scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6) (bsc#1171621). - scsi: ufs: change msleep to usleep_range (bsc#1171622). - scsi: ufs: Clean up ufshcd_scale_clks() and clock scaling error out path (bsc#1171623). - scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic (bsc#1171624). - scsi: ufs: Fix ufshcd_probe_hba() reture value in case ufshcd_scsi_add_wlus() fails (bsc#1171625). - scsi: ufs: Recheck bkops level if bkops is disabled (bsc#1171626). - scsi: zfcp: fix missing erp_lock in port recovery trigger for point-to-point (git-fixes). - sctp: fix possibly using a bad saddr with a given dst (networking-stable-20_04_02). - sctp: fix refcount bug in sctp_wfree (networking-stable-20_04_02). - sctp: move the format error check out of __sctp_sf_do_9_1_abort (networking-stable-20_03_01). - seq_file: fix problem when seeking mid-record (bsc#1170125). - serial: uartps: Move the spinlock after the read of the tx empty (git-fixes). - sfc: detach from cb_page in efx_copy_channel() (networking-stable-20_03_14). - signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig (bsc#1172185). - slcan: not call free_netdev before rtnl_unlock in slcan_open (networking-stable-20_03_28). - slip: make slhc_compress() more robust against malicious packets (networking-stable-20_03_14). - smb3: Additional compression structures (bsc#1144333). - smb3: Add new compression flags (bsc#1144333). - smb3: change noisy error message to FYI (bsc#1144333). - smb3: enable swap on SMB3 mounts (bsc#1144333). - smb3: Minor cleanup of protocol definitions (bsc#1144333). - smb3: remove overly noisy debug line in signing errors (bsc#1144333). - smb3: smbdirect support can be configured by default (bsc#1144333). - smb3: use SMB2_SIGNATURE_SIZE define (bsc#1144333). - spi: bcm2835: Fix 3-wire mode if DMA is enabled (git-fixes). - spi: bcm63xx-hsspi: Really keep pll clk enabled (bsc#1051510). - spi: bcm-qspi: when tx/rx buffer is NULL set to 0 (bsc#1051510). - spi: dw: Add SPI Rx-done wait method to DMA-based transfer (bsc#1051510). - spi: dw: Add SPI Tx-done wait method to DMA-based transfer (bsc#1051510). - spi: dw: Zero DMA Tx and Rx configurations on stack (bsc#1051510). - spi: fsl: do not map irq during probe (git-fixes). - spi: fsl: use platform_get_irq() instead of of_irq_to_resource() (git-fixes). - spi: pxa2xx: Add CS control clock quirk (bsc#1051510). - spi: qup: call spi_qup_pm_resume_runtime before suspending (bsc#1051510). - spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (git-fixes). - spi: spi-s3c64xx: Fix system resume support (git-fixes). - spi/zynqmp: remove entry that causes a cs glitch (bsc#1051510). - staging: comedi: dt2815: fix writing hi byte of analog output (bsc#1051510). - staging: comedi: Fix comedi_device refcnt leak in comedi_open (bsc#1051510). - staging: iio: ad2s1210: Fix SPI reading (bsc#1051510). - staging: vt6656: Do not set RCR_MULTICAST or RCR_BROADCAST by default (git-fixes). - staging: vt6656: Fix drivers TBTT timing counter (git-fixes). - staging: vt6656: Fix pairwise key entry save (git-fixes). - sunrpc: expiry_time should be seconds not timeval (git-fixes). - SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()' (git-fixes). - supported.conf: Add br_netfilter to base (bsc#1169020). - svcrdma: Fix leak of transport addresses (git-fixes). - taskstats: fix data-race (bsc#1172188). - tcp: cache line align MAX_TCP_HEADER (networking-stable-20_04_27). - tcp: repair: fix TCP_QUEUE_SEQ implementation (networking-stable-20_03_28). - team: add missing attribute validation for array index (networking-stable-20_03_14). - team: add missing attribute validation for port ifindex (networking-stable-20_03_14). - team: fix hang in team_mode_get() (networking-stable-20_04_27). - tools lib traceevent: Remove unneeded qsort and uses memmove instead (git-fixes). - tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send() (bsc#1065729). - tpm/tpm_tis: Free IRQ if probing fails (bsc#1082555). - tpm/tpm_tis: Free IRQ if probing fails (git-fixes). - tracing: Add a vmalloc_sync_mappings() for safe measure (git-fixes). - tracing: Disable trace_printk() on post poned tests (git-fixes). - tracing: Fix the race between registering 'snapshot' event trigger and triggering 'snapshot' operation (git-fixes). - tty: rocket, avoid OOB access (git-fixes). - UAS: fix deadlock in error handling and PM flushing work (git-fixes). - UAS: no use logging any details in case of ENODEV (git-fixes). - USB: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair K70 RGB RAPIDFIRE (git-fixes). - USB: cdc-acm: restore capability check order (git-fixes). - USB: core: Fix misleading driver bug report (bsc#1051510). - USB: dwc3: do not set gadget->is_otg flag (git-fixes). - USB: dwc3: gadget: Do link recovery for SS and SSP (git-fixes). - USB: early: Handle AMD's spec-compliant identifiers, too (git-fixes). - USB: f_fs: Clear OS Extended descriptor counts to zero in ffs_data_reset() (git-fixes). - USB: gadget: audio: Fix a missing error return value in audio_bind() (git-fixes). - USB: gadget: composite: Inform controller driver of self-powered (git-fixes). - USB: gadget: legacy: fix error return code in cdc_bind() (git-fixes). - USB: gadget: legacy: fix error return code in gncm_bind() (git-fixes). - USB: gadget: legacy: fix redundant initialization warnings (bsc#1051510). - USB: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()' (git-fixes). - USB: gadget: udc: atmel: Fix vbus disconnect handling (git-fixes). - USB: gadget: udc: atmel: Make some symbols static (git-fixes). - USB: gadget: udc: bdc: Remove unnecessary NULL checks in bdc_req_complete (git-fixes). - USB: host: xhci-plat: keep runtime active when removing host (git-fixes). - USB: hub: Fix handling of connect changes during sleep (git-fixes). - usbnet: silence an unnecessary warning (bsc#1170770). - USB: serial: garmin_gps: add sanity checking for data length (git-fixes). - USB: serial: option: add BroadMobi BM806U (git-fixes). - USB: serial: option: add support for ASKEY WWHC050 (git-fixes). - USB: serial: option: add Wistron Neweb D19Q1 (git-fixes). - USB: serial: qcserial: Add DW5816e support (git-fixes). - USB: sisusbvga: Change port variable from signed to unsigned (git-fixes). - usb-storage: Add unusual_devs entry for JMicron JMS566 (git-fixes). - USB: uas: add quirk for LaCie 2Big Quadra (git-fixes). - USB: xhci: Fix NULL pointer dereference when enqueuing trbs from urb sg list (git-fixes). - video: fbdev: sis: Remove unnecessary parentheses and commented code (bsc#1114279) - video: fbdev: w100fb: Fix a potential double free (bsc#1051510). - vrf: Check skb for XFRM_TRANSFORMED flag (networking-stable-20_04_27). - vt: ioctl, switch VT_IS_IN_USE and VT_BUSY to inlines (git-fixes). - vt: selection, introduce vc_is_sel (git-fixes). - vt: vt_ioctl: fix race in VT_RESIZEX (git-fixes). - vt: vt_ioctl: fix use-after-free in vt_in_use() (git-fixes). - vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (git-fixes). - vxlan: check return value of gro_cells_init() (networking-stable-20_03_28). - watchdog: reset last_hw_keepalive time at start (git-fixes). - wcn36xx: Fix error handling path in 'wcn36xx_probe()' (bsc#1051510). - wil6210: remove reset file from debugfs (git-fixes). - wimax/i2400m: Fix potential urb refcnt leak (bsc#1051510). - workqueue: do not use wq_select_unbound_cpu() for bound works (bsc#1172130). - x86/entry/64: Fix unwind hints in kernel exit path (bsc#1058115). - x86/entry/64: Fix unwind hints in register clearing code (bsc#1058115). - x86/entry/64: Fix unwind hints in rewind_stack_do_exit() (bsc#1058115). - x86/entry/64: Fix unwind hints in __switch_to_asm() (bsc#1058115). - x86/Hyper-V: Allow guests to enable InvariantTSC (bsc#1170620). - x86/Hyper-V: Free hv_panic_page when fail to register kmsg dump (bsc#1170618). - x86/Hyper-V: Report crash data in die() when panic_on_oops is set (bsc#1170618). - x86/Hyper-V: Report crash register data or kmsg before running crash kernel (bsc#1170618). - x86/Hyper-V: Report crash register data when sysctl_record_panic_msg is not set (bsc#1170618). - x86:Hyper-V: report value of misc_features (git-fixes). - x86/Hyper-V: Trigger crash enlightenment only once during system crash (bsc#1170618). - x86/Hyper-V: Unload vmbus channel in hv panic callback (bsc#1170618). - x86/kprobes: Avoid kretprobe recursion bug (bsc#1114279). - x86/resctrl: Fix invalid attempt at removing the default resource group (git-fixes). - x86/resctrl: Preserve CDP enable over CPU hotplug (bsc#1114279). - x86/unwind/orc: Do not skip the first frame for inactive tasks (bsc#1058115). - x86/unwind/orc: Fix error handling in __unwind_start() (bsc#1058115). - x86/unwind/orc: Fix error path for bad ORC entry type (bsc#1058115). - x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks (bsc#1058115). - x86/unwind/orc: Prevent unwinding before ORC initialization (bsc#1058115). - x86/unwind: Prevent false warnings for non-current tasks (bsc#1058115). - x86/xen: fix booting 32-bit pv guest (bsc#1071995). - x86/xen: Make the boot CPU idle task reliable (bsc#1071995). - x86/xen: Make the secondary CPU idle tasks reliable (bsc#1071995). - xen/pci: reserve MCFG areas earlier (bsc#1170145). - xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish (networking-stable-20_04_27). - xfs: Correctly invert xfs_buftarg LRU isolation logic (git-fixes). - xfs: do not ever return a stale pointer from __xfs_dir3_free_read (git-fixes). - xprtrdma: Fix completion wait during device removal (git-fixes). Important SUSE bug 1051510 SUSE bug 1058115 SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1082555 SUSE bug 1089895 SUSE bug 1111666 SUSE bug 1114279 SUSE bug 1133021 SUSE bug 1144333 SUSE bug 1151794 SUSE bug 1152489 SUSE bug 1154824 SUSE bug 1157169 SUSE bug 1158265 SUSE bug 1160388 SUSE bug 1160947 SUSE bug 1165183 SUSE bug 1165741 SUSE bug 1166969 SUSE bug 1167574 SUSE bug 1167851 SUSE bug 1168503 SUSE bug 1168670 SUSE bug 1169020 SUSE bug 1169514 SUSE bug 1169525 SUSE bug 1170056 SUSE bug 1170125 SUSE bug 1170145 SUSE bug 1170345 SUSE bug 1170457 SUSE bug 1170522 SUSE bug 1170592 SUSE bug 1170618 SUSE bug 1170620 SUSE bug 1170770 SUSE bug 1170778 SUSE bug 1170791 SUSE bug 1170901 SUSE bug 1171078 SUSE bug 1171098 SUSE bug 1171118 SUSE bug 1171189 SUSE bug 1171191 SUSE bug 1171195 SUSE bug 1171202 SUSE bug 1171205 SUSE bug 1171217 SUSE bug 1171218 SUSE bug 1171219 SUSE bug 1171220 SUSE bug 1171293 SUSE bug 1171417 SUSE bug 1171527 SUSE bug 1171599 SUSE bug 1171600 SUSE bug 1171601 SUSE bug 1171602 SUSE bug 1171604 SUSE bug 1171605 SUSE bug 1171606 SUSE bug 1171607 SUSE bug 1171608 SUSE bug 1171609 SUSE bug 1171610 SUSE bug 1171611 SUSE bug 1171612 SUSE bug 1171613 SUSE bug 1171614 SUSE bug 1171615 SUSE bug 1171616 SUSE bug 1171617 SUSE bug 1171618 SUSE bug 1171619 SUSE bug 1171620 SUSE bug 1171621 SUSE bug 1171622 SUSE bug 1171623 SUSE bug 1171624 SUSE bug 1171625 SUSE bug 1171626 SUSE bug 1171679 SUSE bug 1171691 SUSE bug 1171694 SUSE bug 1171695 SUSE bug 1171736 SUSE bug 1171761 SUSE bug 1171948 SUSE bug 1171949 SUSE bug 1171951 SUSE bug 1171952 SUSE bug 1171982 SUSE bug 1171983 SUSE bug 1172096 SUSE bug 1172097 SUSE bug 1172098 SUSE bug 1172099 SUSE bug 1172101 SUSE bug 1172102 SUSE bug 1172103 SUSE bug 1172104 SUSE bug 1172127 SUSE bug 1172130 SUSE bug 1172185 SUSE bug 1172188 SUSE bug 1172199 SUSE bug 1172221 SUSE bug 1172253 SUSE bug 1172317 SUSE bug 1172342 SUSE bug 1172343 SUSE bug 1172344 SUSE bug 1172366 SUSE bug 1172391 SUSE bug 1172397 SUSE bug 1172453 CVE-2018-1000199 CVE-2019-19462 CVE-2019-20806 CVE-2019-20812 CVE-2019-9455 CVE-2020-0543 CVE-2020-10690 CVE-2020-10711 CVE-2020-10720 CVE-2020-10732 CVE-2020-10751 CVE-2020-10757 CVE-2020-12114 CVE-2020-12464 CVE-2020-12652 CVE-2020-12653 CVE-2020-12654 CVE-2020-12655 CVE-2020-12656 CVE-2020-12657 CVE-2020-12768 CVE-2020-12769 CVE-2020-13143 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 This update for samba fixes the following issues: - CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU (bsc#1173160). Moderate SUSE bug 1173160 CVE-2020-10745 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c where incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bnc#1173567). - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573). - CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770 (bnc#1173514). - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c had a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2019-16746: net/wireless/nl80211.c did not check the length of variable elements in a beacon head, leading to a buffer overflow (bnc#1152107). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265). - CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999). - CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-10768: Indirect branch speculation could have been enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (bnc#1172783). - CVE-2020-10766: Fixed Rogue cross-process SSBD shutdown, where a Linux scheduler logical bug allows an attacker to turn off the SSBD protection. (bnc#1172781). - CVE-2020-10767: Indirect Branch Prediction Barrier was force-disabled when STIBP is unavailable or enhanced IBRS is available. (bnc#1172782). - CVE-2020-13974: drivers/tty/vt/keyboard.c had an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. (bnc#1172775). - CVE-2019-20810: go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel did not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586 (bnc#1172458). The following non-security bugs were fixed: - ACPI: PM: Avoid using power resources if there are none for D0 (bsc#1051510). - ALSA: es1688: Add the missed snd_card_free() (bsc#1051510). - bcache: Fix an error code in bch_dump_read() (git fixes (block drivers)). - block, bfq: add requeue-request hook (bsc#1104967 bsc#1171673). - block, bfq: postpone rq preparation to insert or merge (bsc#1104967 bsc#1171673). - block: remove QUEUE_FLAG_STACKABLE (git fixes (block drivers)). - block: sed-opal: fix sparse warning: convert __be64 data (git fixes (block drivers)). - btrfs: always wait on ordered extents at fsync time (bsc#1171761). - btrfs: clean up the left over logged_list usage (bsc#1171761). - btrfs: do not zero f_bavail if we have available space (bsc#1168081). - btrfs: fix list_add corruption and soft lockups in fsync (bsc#1171761). - btrfs: fix missing data checksums after a ranged fsync (msync) (bsc#1171761). - btrfs: fix missing file extent item for hole after ranged fsync (bsc#1171761). - btrfs: fix missing hole after hole punching and fsync when using NO_HOLES (bsc#1171761). - btrfs: fix missing semaphore unlock in btrfs_sync_file (bsc#1171761). - btrfs: fix rare chances for data loss when doing a fast fsync (bsc#1171761). - btrfs: Remove extra parentheses from condition in copy_items() (bsc#1171761). - btrfs: remove no longer used io_err from btrfs_log_ctx (bsc#1171761). - btrfs: remove no longer used logged range variables when logging extents (bsc#1171761). - btrfs: remove no longer used 'sync' member from transaction handle (bsc#1171761). - btrfs: remove remaing full_sync logic from btrfs_sync_file (bsc#1171761). - btrfs: remove the logged extents infrastructure (bsc#1171761). - btrfs: remove the wait ordered logic in the log_one_extent path (bsc#1171761). - btrfs: volumes: Remove ENOSPC-prone btrfs_can_relocate() (bsc#1171124). - CDC-ACM: heed quirk also in error handling (git-fixes). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1144333). - cifs: handle hostnames that resolve to same ip in failover (bsc#1144333 bsc#1161016). - cifs: set up next DFS target before generic_ip_connect() (bsc#1144333 bsc#1161016). - clk: bcm2835: Fix return type of bcm2835_register_gate (bsc#1051510). - clk: clk-flexgen: fix clock-critical handling (bsc#1051510). - clk: sunxi: Fix incorrect usage of round_down() (bsc#1051510). - compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE (git fixes (block drivers)). - compat_ioctl: block: handle Persistent Reservations (git fixes (block drivers)). - copy_{to,from}_user(): consolidate object size checks (git fixes). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes). - dm btree: increase rebalance threshold in __rebalance2() (git fixes (block drivers)). - dm cache: fix a crash due to incorrect work item cancelling (git fixes (block drivers)). - dm crypt: fix benbi IV constructor crash if used in authenticated mode (git fixes (block drivers)). - dm: fix potential for q->make_request_fn NULL pointer (git fixes (block drivers)). - dm space map common: fix to ensure new block isn't already in use (git fixes (block drivers)). - dm: various cleanups to md->queue initialization code (git fixes). - dm verity fec: fix hash block number in verity_fec_decode (git fixes (block drivers)). - dm verity fec: fix memory leak in verity_fec_dtr (git fixes (block drivers)). - Drivers: hv: Change flag to write log level in panic msg to false (bsc#1170618). - drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static (bsc#1051510). - drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1152472) * context changes - drm: encoder_slave: fix refcouting error for modules (bsc#1114279) - drm/mediatek: Check plane visibility in atomic_update (bsc#1152472) * context changes - drm/qxl: Use correct notify port address when creating cursor ring (bsc#1152472) - drm/radeon: fix double free (bsc#1152472) - drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1152472) - e1000e: Disable TSO for buffer overrun workaround (bsc#1051510). - e1000e: Do not wake up the system via WOL if device wakeup is disabled (bsc#1051510). - EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1114279). - evm: Check also if *tfm is an error pointer in init_desc() (bsc#1051510). - evm: Fix a small race in init_desc() (bsc#1051510). - extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' (bsc#1051510). - gpiolib: Document that GPIO line names are not globally unique (bsc#1051510). - HID: sony: Fix for broken buttons on DS3 USB dongles (bsc#1051510). - ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - iio: buffer: Do not allow buffers without any channels enabled to be activated (bsc#1051510). - iio: pressure: bmp280: Tolerate IRQ before registering (bsc#1051510). - ima: Directly assign the ima_default_policy pointer to ima_rules (bsc#1051510). - ima: Fix ima digest hash table key calculation (bsc#1051510). - include/asm-generic/topology.h: guard cpumask_of_node() macro argument (bsc#1148868). - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - KVM: nVMX: Do not reread VMCS-agnostic state when switching VMCS (bsc#1114279). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1114279). - kvm: x86: Fix L1TF mitigation for shadow MMU (bsc#1171904). - KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated (bsc#1171904). - KVM: x86: only do L1TF workaround on affected processors (bsc#1171904). - libceph: do not omit recovery_deletes in target_copy() (bsc#1173462). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - md: Avoid namespace collision with bitmap API (git fixes (block drivers)). - md: use memalloc scope APIs in mddev_suspend()/mddev_resume() (git fixes (block drivers)). - mmc: fix compilation of user API (bsc#1051510). - netfilter: connlabels: prefer static lock initialiser (git-fixes). - netfilter: ctnetlink: netns exit must wait for callbacks (bsc#1169795). - netfilter: not mark a spinlock as __read_mostly (git-fixes). - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484). - NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid() (bsc#1170592). - NFSv4: Retry CLOSE and DELEGRETURN on NFS4ERR_OLD_STATEID (bsc#1170592). - nvme: check for NVME_CTRL_LIVE in nvme_report_ns_ids() (bcs#1171558 bsc#1159058). - nvme: do not update multipath disk information if the controller is down (bcs#1171558 bsc#1159058). - objtool: Clean instruction state before each function validation (bsc#1169514). - objtool: Ignore empty alternatives (bsc#1169514). - overflow: Fix -Wtype-limits compilation warnings (git fixes). - overflow.h: Add arithmetic shift helper (git fixes). - p54usb: add AirVasT USB stick device-id (bsc#1051510). - PCI: Allow pci_resize_resource() for devices on root bus (bsc#1051510). - PCI: Fix pci_register_host_bridge() device_register() error handling (bsc#1051510). - PCI: Program MPS for RCiEP devices (bsc#1051510). - PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port (bsc#1051510). - perf: Allocate context task_ctx_data for child event (git-fixes). - perf/cgroup: Fix perf cgroup hierarchy support (git-fixes). - perf: Copy parent's address filter offsets on clone (git-fixes). - perf/core: Add sanity check to deal with pinned event failure (git-fixes). - perf/core: Avoid freeing static PMU contexts when PMU is unregistered (git-fixes). - perf/core: Correct event creation with PERF_FORMAT_GROUP (git-fixes). - perf/core: Do not WARN() for impossible ring-buffer sizes (git-fixes). - perf/core: Fix bad use of igrab() (git fixes (dependent patch)). - perf/core: Fix crash when using HW tracing kernel filters (git-fixes). - perf/core: Fix ctx_event_type in ctx_resched() (git-fixes). - perf/core: Fix error handling in perf_event_alloc() (git-fixes). - perf/core: Fix exclusive events' grouping (git-fixes). - perf/core: Fix group scheduling with mixed hw and sw events (git-fixes). - perf/core: Fix impossible ring-buffer sizes warning (git-fixes). - perf/core: Fix locking for children siblings group read (git-fixes). - perf/core: Fix lock inversion between perf,trace,cpuhp (git-fixes (dependent patch for 18736eef1213)). - perf/core: Fix perf_event_read_value() locking (git-fixes). - perf/core: Fix perf_pmu_unregister() locking (git-fixes). - perf/core: Fix __perf_read_group_add() locking (git-fixes (dependent patch)). - perf/core: Fix perf_sample_regs_user() mm check (git-fixes). - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages (git-fixes). - perf/core: Fix race between close() and fork() (git-fixes). - perf/core: Fix the address filtering fix (git-fixes). - perf/core: Fix use-after-free in uprobe_perf_close() (git-fixes). - perf/core: Force USER_DS when recording user stack data (git-fixes). - perf/core: Restore mmap record type correctly (git-fixes). - perf: Fix header.size for namespace events (git-fixes). - perf/ioctl: Add check for the sample_period value (git-fixes). - perf, pt, coresight: Fix address filters for vmas with non-zero offset (git-fixes). - perf: Return proper values for user stack errors (git-fixes). - perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes). - perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity (git-fixes). - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes). - perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) (git-fixes). - perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static (git-fixes). - perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs (git-fixes stable). - perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes). - perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events (git-fixes stable). - perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes). - perf/x86: Fix incorrect PEBS_REGS (git-fixes). - perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts() (git-fixes). - perf/x86/intel: Add proper condition to run sched_task callbacks (git-fixes). - perf/x86/intel/bts: Fix the use of page_private() (git-fixes). - perf/x86/intel: Fix PT PMI handling (git-fixes). - perf/x86/intel: Move branch tracing setup to the Intel-specific source file (git-fixes). - perf/x86/intel/uncore: Add Node ID mask (git-fixes). - perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes). - perf/x86/pt, coresight: Clean up address filter structure (git fixes (dependent patch)). - perf/x86/uncore: Fix event group support (git-fixes). - pid: Improve the comment about waiting in zap_pid_ns_processes (git fixes)). - pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' (bsc#1051510). - pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' (bsc#1051510). - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs (bsc#1051510). - pnp: Use list_for_each_entry() instead of open coding (git fixes). - powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729). - powerpc/64s: Save FSCR to init_task.thread.fscr after feature init (bsc#1065729). - powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030). - power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select (bsc#1051510). - power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' (bsc#1051510). - power: supply: smb347-charger: IRQSTAT_D is volatile (bsc#1051510). - raid5: remove gfp flags from scribble_alloc() (git fixes (block drivers)). - resolve KABI warning for perf-pt-coresight (git-fixes). - Revert 'bcache: ignore pending signals when creating gc and allocator thread' (git fixes (block drivers)). - Revert 'dm crypt: use WQ_HIGHPRI for the IO and crypt workqueues' (git fixes (block drivers)). - Revert 'tools lib traceevent: Remove unneeded qsort and uses memmove' - rpm/kernel-docs.spec.in: Require python-packaging for build. - s390/bpf: Maintain 8-byte stack alignment (bsc#1169194). - s390: fix syscall_get_error for compat processes (git-fixes). - s390/qdio: consistently restore the IRQ handler (git-fixes). - s390/qdio: lock device while installing IRQ handler (git-fixes). - s390/qdio: put thinint indicator after early error (git-fixes). - s390/qdio: tear down thinint indicator after early error (git-fixes). - s390/qeth: fix error handling for isolation mode cmds (git-fixes). - scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM (bsc#1172759 ltc#184814). - scsi: qedf: Add port_id getter (bsc#1150660). - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983). - spi: dw: use 'smp_mb()' to avoid sending spi data error (bsc#1051510). - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (bsc#1051510). - staging: sm750fb: add missing case while setting FB_VISUAL (bsc#1051510). - SUNRPC: The TCP back channel mustn't disappear while requests are outstanding (bsc#1152624). - tracing: Fix event trigger to accept redundant spaces (git-fixes). - tty: n_gsm: Fix bogus i++ in gsm_data_kick (bsc#1051510). - tty: n_gsm: Fix SOF skipping (bsc#1051510). - tty: n_gsm: Fix waking up upper tty layer when room available (bsc#1051510). - usb: dwc2: gadget: move gadget resume after the core is in L0 state (bsc#1051510). - usb: gadget: lpc32xx_udc: do not dereference ep pointer before null check (bsc#1051510). - usb: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke (bsc#1051510). - usb: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() (bsc#1051510). - usb: musb: Fix runtime PM imbalance on error (bsc#1051510). - usb: musb: start session in resume for host port (bsc#1051510). - usb: serial: option: add Telit LE910C1-EUX compositions (bsc#1051510). - usb: serial: qcserial: add DW5816e QDL support (bsc#1051510). - usb: serial: usb_wwan: do not resubmit rx urb on fatal errors (bsc#1051510). - usb: serial: usb_wwan: do not resubmit rx urb on fatal errors (git-fixes). - virtio-blk: handle block_device_operations callbacks after hot unplug (git fixes (block drivers)). - vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484). - vmxnet3: add support to get/set rx flow hash (bsc#1172484). - vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484). - vmxnet3: avoid format strint overflow warning (bsc#1172484). - vmxnet3: prepare for version 4 changes (bsc#1172484). - vmxnet3: Remove always false conditional statement (bsc#1172484). - vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1172484). - vmxnet3: remove unused flag 'rxcsum' from struct vmxnet3_adapter (bsc#1172484). - vmxnet3: Replace msleep(1) with usleep_range() (bsc#1172484). - vmxnet3: update to version 4 (bsc#1172484). - vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484). - w1: omap-hdq: cleanup to add missing newline for some dev_dbg (bsc#1051510). - work around mvfs bug (bsc#1162063). - x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1114279). - x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS (git-fixes). - x86: Fix early boot crash on gcc-10, third try (bsc#1114279). - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257). - x86/reboot/quirks: Add MacBook6,1 reboot quirk (bsc#1114279). - xfrm: fix error in comment (git fixes). Important SUSE bug 1051510 SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1085030 SUSE bug 1104967 SUSE bug 1114279 SUSE bug 1144333 SUSE bug 1148868 SUSE bug 1150660 SUSE bug 1152107 SUSE bug 1152472 SUSE bug 1152624 SUSE bug 1158983 SUSE bug 1159058 SUSE bug 1161016 SUSE bug 1162002 SUSE bug 1162063 SUSE bug 1168081 SUSE bug 1169194 SUSE bug 1169514 SUSE bug 1169795 SUSE bug 1170011 SUSE bug 1170592 SUSE bug 1170618 SUSE bug 1171124 SUSE bug 1171424 SUSE bug 1171558 SUSE bug 1171673 SUSE bug 1171732 SUSE bug 1171761 SUSE bug 1171868 SUSE bug 1171904 SUSE bug 1172257 SUSE bug 1172344 SUSE bug 1172458 SUSE bug 1172484 SUSE bug 1172759 SUSE bug 1172775 SUSE bug 1172781 SUSE bug 1172782 SUSE bug 1172783 SUSE bug 1172999 SUSE bug 1173265 SUSE bug 1173280 SUSE bug 1173428 SUSE bug 1173462 SUSE bug 1173514 SUSE bug 1173567 SUSE bug 1173573 SUSE bug 1174115 SUSE bug 1174462 SUSE bug 1174543 CVE-2019-16746 CVE-2019-20810 CVE-2019-20908 CVE-2020-0305 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10769 CVE-2020-10773 CVE-2020-12771 CVE-2020-12888 CVE-2020-13974 CVE-2020-14416 CVE-2020-15393 CVE-2020-15780 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 This update for samba fixes the following issues: - CVE-2019-14907: Fixed a Server-side crash after charset conversion failure during NTLMSSP processing (bsc#1160888). Moderate SUSE bug 1160888 CVE-2019-14907 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165629). - CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798). - CVE-2020-14356: Fixed a null pointer dereference in cgroupv2 subsystem which could have led to privilege escalation (bsc#1175213). - CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205). - CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757). - CVE-2020-24394: Fixed an issue which could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support (bsc#1175518). - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication Bluetooth might have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access (bsc#1171988). - CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069). The following non-security bugs were fixed: - btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1174784). - cifs: document and cleanup dfs mount (bsc#1144333 bsc#1172428). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1144333 bsc#1172428). - cifs: fix double free error on share and prefix (bsc#1144333 bsc#1172428). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1144333 bsc#1172428). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1144333 bsc#1172428). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: reduce number of referral requests in DFS link lookups (bsc#1144333 bsc#1172428). - cifs: rename reconn_inval_dfs_target() (bsc#1144333 bsc#1172428). - Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175127). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL (bsc#1175515). - ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL (bsc#1175515). - ipvs: fix the connection sync failed in some cases (bsc#1174699). - kabi: hide new parameter of ip6_dst_lookup_flow() (bsc#1165629). - kabi: mask changes to struct ipv6_stub (bsc#1165629). - mm: Avoid calling build_all_zonelists_init under hotplug context (bsc#1154366). - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). - ocfs2: add trimfs dlm lock resource (bsc#1175228). - ocfs2: add trimfs lock to avoid duplicated trims in cluster (bsc#1175228). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix remounting needed after setfacl command (bsc#1173954). - ocfs2: fix the application IO timeout when fstrim is running (bsc#1175228). - ocfs2: load global_inode_alloc (bsc#1172963). - ocfs2: load global_inode_alloc (bsc#1172963). - powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689). - powerpc/pseries: PCIE PHB reset (bsc#1174689). - Revert 'ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963).' This reverts commit 2638f62c6bc33d4c10ce0dddbf240aa80d366d7b. - Revert 'ocfs2: load global_inode_alloc (bsc#1172963).' This reverts commit f04f670651f505cb354f26601ec5f5e4428f2f47. - scsi: scsi_dh_alua: skip RTPG for devices only supporting active/optimized (bsc#1174978). - selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995). - Update patch reference for a tipc fix patch (bsc#1175515) - x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115). - xen: do not reschedule in preemption off sections (bsc#1175749). Important SUSE bug 1058115 SUSE bug 1071995 SUSE bug 1144333 SUSE bug 1154366 SUSE bug 1165629 SUSE bug 1171988 SUSE bug 1172428 SUSE bug 1172963 SUSE bug 1173798 SUSE bug 1173954 SUSE bug 1174205 SUSE bug 1174689 SUSE bug 1174699 SUSE bug 1174757 SUSE bug 1174784 SUSE bug 1174978 SUSE bug 1175112 SUSE bug 1175127 SUSE bug 1175213 SUSE bug 1175228 SUSE bug 1175515 SUSE bug 1175518 SUSE bug 1175691 SUSE bug 1175749 SUSE bug 1176069 CVE-2020-10135 CVE-2020-14314 CVE-2020-14331 CVE-2020-14356 CVE-2020-14386 CVE-2020-16166 CVE-2020-1749 CVE-2020-24394 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 This update for samba fixes the following issues: - ZeroLogon: An elevation of privilege was possible with some configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579). - Fixed an issue where multiple home folders were created(bsc#1174316, bso#13369). - Fixed an issue where the net command was unable to negotiate SMB2 (bsc#1174120); Important SUSE bug 1174120 SUSE bug 1174316 SUSE bug 1176579 CVE-2020-1472 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 This update for pacemaker fixes the following issues: - attrd: handle shutdown more cleanly (bsc#1173668) - executor: restrict certain IPC requests to Pacemaker daemons (CVE-2020-25654, bsc#1177916) - extra: quote shell variables in agent code where appropriate (bsc#1175557) - fencer: restrict certain IPC requests to privileged users (CVE-2020-25654, bsc#1177916) - Fixes for %_libexecdir changing to /usr/libexec - pacemakerd: ignore shutdown requests from unprivileged users (CVE-2020-25654, bsc#1177916) - resources: use ocf_is_true in SysInfo - rpm: use the user/group ID 90 for haclient/hacluster to be consistent with cluster-glue (bsc#1167171) Important SUSE bug 1167171 SUSE bug 1173668 SUSE bug 1175557 SUSE bug 1177916 CVE-2020-25654 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 This update for graphviz fixes the following issues: - CVE-2018-10196: Fixed a null dereference in rebuild_vlis (bsc#1093447). Low SUSE bug 1093447 CVE-2018-10196 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 This update for samba fixes the following issues: - CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records (bsc#1177613). - CVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994). - CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify (bsc#1173902). Important SUSE bug 1173902 SUSE bug 1173994 SUSE bug 1177613 CVE-2020-14318 CVE-2020-14323 CVE-2020-14383 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 This update for yast2-multipath to version 3.2.2 fixes the following issues: - CVE-2018-17955: Use random file name instead of static names (bsc#1117592). Moderate SUSE bug 1117592 CVE-2018-17955 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bug fixes. The following security bugs were fixed: - CVE-2020-25705: A flaw in the way reply ICMP packets are limited in was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software and services that rely on UDP source port randomization (like DNS) are indirectly affected as well. Kernel versions may be vulnerable to this issue (bsc#1175721, bsc#1178782). - CVE-2020-25704: Fixed a memory leak in perf_event_parse_addr_filter() (bsc#1178393). - CVE-2020-25668: Fixed a use-after-free in con_font_op() (bnc#1178123). - CVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl (bnc#1177766). - CVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in mm/hugetlb.c (bnc#1176485). - CVE-2020-0430: Fixed an OOB read in skb_headlen of /include/linux/skbuff.h (bnc#1176723). - CVE-2020-14351: Fixed a race in the perf_mmap_close() function (bsc#1177086). - CVE-2020-16120: Fixed a permissions issue in ovl_path_open() (bsc#1177470). - CVE-2020-8694: Restricted energy meter to root access (bsc#1170415). - CVE-2020-12351: Implemented a kABI workaround for bluetooth l2cap_ops filter addition (bsc#1177724). - CVE-2020-12352: Fixed an information leak when processing certain AMP packets aka 'BleedingTooth' (bsc#1177725). - CVE-2020-25212: Fixed a TOCTOU mismatch in the NFS client code (bnc#1176381). - CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177511). - CVE-2020-14381: Fixed a UAF in the fast user mutex (futex) wait operation (bsc#1176011). - CVE-2020-25643: Fixed an improper input validation in the ppp_cp_parse_cr function of the HDLC_PPP module (bnc#1177206). - CVE-2020-25641: Fixed a zero-length biovec request issued by the block subsystem could have caused the kernel to enter an infinite loop, causing a denial of service (bsc#1177121). - CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990). - CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235). - CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721). - CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725). - CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722). - CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423). - CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482). - CVE-2020-27673: Fixed an issue where rogue guests could have caused denial of service of Dom0 via high frequency events (XSA-332 bsc#1177411) - CVE-2020-27675: Fixed a race condition in event handler which may crash dom0 (XSA-331 bsc#1177410). The following non-security bugs were fixed: - btrfs: remove root usage from can_overcommit (bsc#1131277). - hv: vmbus: Add timeout to vmbus_wait_for_unload (bsc#1177816). - hyperv_fb: disable superfluous VERSION_WIN10_V5 case (bsc#1175306). - hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306). - livepatch: Add -fdump-ipa-clones to build (). Add support for -fdump-ipa-clones GCC option. Update config files accordingly. - livepatch: Test if -fdump-ipa-clones is really available As of now we add -fdump-ipa-clones unconditionally. It does not cause a trouble if the kernel is build with the supported toolchain. Otherwise it could fail easily. Do the correct thing and test for the availability. - NFS: On fatal writeback errors, we need to call nfs_inode_remove_request() (bsc#1177340). - NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139). - NFS: Revalidate the file mapping on all fatal writeback errors (bsc#1177340). - NFSv4: do not mark all open state for recovery when handling recallable state revoked flag (bsc#1176935). - obsolete_kmp: provide newer version than the obsoleted one (boo#1170232). - ocfs2: give applications more IO opportunities during fstrim (bsc#1175228). - powerpc/pseries/cpuidle: add polling idle for shared processor guests (bsc#1178765 ltc#188968). - rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules (bsc#1176869 ltc#188243). - scsi: fnic: Do not call 'scsi_done()' for unhandled commands (bsc#1168468, bsc#1171675). - scsi: qla2xxx: Do not consume srb greedily (bsc#1173233). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1173233). - video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306). - video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306). - video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306). - x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306). - xen/blkback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/events: add a new 'late EOI' evtchn framework (XSA-332 bsc#1177411). - xen/events: add a proper barrier to 2-level uevent unmasking (XSA-332 bsc#1177411). - xen/events: avoid removing an event channel while handling it (XSA-331 bsc#1177410). - xen/events: block rogue events for some time (XSA-332 bsc#1177411). - xen/events: defer eoi in case of excessive number of events (XSA-332 bsc#1177411). - xen/events: do not use chip_data for legacy IRQs (XSA-332 bsc#1065600). - xen/events: fix race in evtchn_fifo_unmask() (XSA-332 bsc#1177411). - xen/events: switch user event channels to lateeoi model (XSA-332 bsc#1177411). - xen/events: use a common cpu hotplug hook for event channels (XSA-332 bsc#1177411). - xen/netback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/pciback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/scsiback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (XSA-332 bsc#1065600). Important SUSE bug 1051510 SUSE bug 1058115 SUSE bug 1065600 SUSE bug 1131277 SUSE bug 1160947 SUSE bug 1163524 SUSE bug 1166965 SUSE bug 1168468 SUSE bug 1170139 SUSE bug 1170232 SUSE bug 1170415 SUSE bug 1171417 SUSE bug 1171675 SUSE bug 1172073 SUSE bug 1172366 SUSE bug 1173115 SUSE bug 1173233 SUSE bug 1175228 SUSE bug 1175306 SUSE bug 1175721 SUSE bug 1175882 SUSE bug 1176011 SUSE bug 1176235 SUSE bug 1176278 SUSE bug 1176381 SUSE bug 1176423 SUSE bug 1176482 SUSE bug 1176485 SUSE bug 1176698 SUSE bug 1176721 SUSE bug 1176722 SUSE bug 1176723 SUSE bug 1176725 SUSE bug 1176732 SUSE bug 1176869 SUSE bug 1176907 SUSE bug 1176922 SUSE bug 1176935 SUSE bug 1176950 SUSE bug 1176990 SUSE bug 1177027 SUSE bug 1177086 SUSE bug 1177121 SUSE bug 1177206 SUSE bug 1177340 SUSE bug 1177410 SUSE bug 1177411 SUSE bug 1177470 SUSE bug 1177511 SUSE bug 1177724 SUSE bug 1177725 SUSE bug 1177766 SUSE bug 1177816 SUSE bug 1178123 SUSE bug 1178330 SUSE bug 1178393 SUSE bug 1178669 SUSE bug 1178765 SUSE bug 1178782 SUSE bug 1178838 CVE-2020-0404 CVE-2020-0427 CVE-2020-0430 CVE-2020-0431 CVE-2020-0432 CVE-2020-12351 CVE-2020-12352 CVE-2020-14351 CVE-2020-14381 CVE-2020-14390 CVE-2020-16120 CVE-2020-25212 CVE-2020-25284 CVE-2020-25285 CVE-2020-25641 CVE-2020-25643 CVE-2020-25645 CVE-2020-25656 CVE-2020-25668 CVE-2020-25704 CVE-2020-25705 CVE-2020-26088 CVE-2020-27673 CVE-2020-27675 CVE-2020-8694 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-2732: Fixed an issue affecting Intel CPUs where an L2 guest may trick the L0 hypervisor into accessing sensitive L1 resources (bsc#1163971). - CVE-2019-19338: There was an incomplete fix for an issue with Transactional Synchronisation Extensions in the KVM code (bsc#1158954). - CVE-2019-14615: An information disclosure vulnerability existed due to insufficient control flow in certain data structures for some Intel(R) Processors (bnc#1160195). - CVE-2019-14896: A heap overflow was found in the add_ie_rates() function of the Marvell Wifi Driver (bsc#1157157). - CVE-2019-14897: A stack overflow was found in the lbs_ibss_join_existing() function of the Marvell Wifi Driver (bsc#1157155). - CVE-2019-15213: A use-after-free bug caused by a malicious USB device was found in drivers/media/usb/dvb-usb/dvb-usb-init.c (bsc#1146544). - CVE-2019-16994: A memory leak existed in sit_init_net() in net/ipv6/sit.c which might have caused denial of service, aka CID-07f12b26e21a (bnc#1161523). - CVE-2019-18808: A memory leak in drivers/crypto/ccp/ccp-ops.c allowed attackers to cause a denial of service (memory consumption), aka CID-128c66429247 (bnc#1156259). - CVE-2019-19036: An issue discovered in btrfs_root_node in fs/btrfs/ctree.c allowed a NULL pointer dereference because rcu_dereference(root->node) can be zero (bnc#1157692). - CVE-2019-19045: A memory leak in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c allowed attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7 (bnc#1161522). - CVE-2019-19051: A memory leak in drivers/net/wimax/i2400m/op-rfkill.c allowed attackers to cause a denial of service (memory consumption), aka CID-6f3ef5c25cc7 (bnc#1159024). - CVE-2019-19054: A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c allowed attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b (bnc#1161518). - CVE-2019-19066: A memory leak in drivers/scsi/bfa/bfad_attr.c allowed attackers to cause a denial of service (memory consumption), aka CID-0e62395da2bd (bnc#1157303). - CVE-2019-19318: Mounting a crafted btrfs image twice could have caused a use-after-free (bnc#1158026). - CVE-2019-19319: A slab-out-of-bounds write access could have occured when setxattr was called after mounting of a specially crafted ext4 image (bnc#1158021). - CVE-2019-19332: An out-of-bounds memory write issue was found in the way the KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could have used this flaw to crash the system (bnc#1158827). - CVE-2019-19447: Mounting a crafted ext4 filesystem image, performing some operations, and unmounting could have led to a use-after-free in fs/ext4/super.c (bnc#1158819). - CVE-2019-19523: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79 (bsc#1158823). - CVE-2019-19524: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9 (bsc#1158413). - CVE-2019-19525: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035 (bsc#1158417). - CVE-2019-19526: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098 (bsc#1158893). - CVE-2019-19527: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e (bsc#1158900). - CVE-2019-19528: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d (bsc#1158407). - CVE-2019-19529: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41 (bnc#1158381). - CVE-2019-19530: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef (bsc#1158410). - CVE-2019-19531: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca (bsc#1158445). - CVE-2019-19532: There were multiple out-of-bounds write bugs that can be caused by a malicious USB HID device, aka CID-d9d4b1e46d95 (bsc#1158824). - CVE-2019-19533: There was an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464 (bsc#1158834). - CVE-2019-19534: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29 (bsc#1158398). - CVE-2019-19535: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042 (bsc#1158903). - CVE-2019-19536: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0 (bsc#1158394). - CVE-2019-19537: There was a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9 (bsc#1158904). - CVE-2019-19543: There was a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (bnc#1158427). - CVE-2019-19767: There were multiple use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163 (bnc#1159297). - CVE-2019-19965: There was a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5 (bnc#1159911). - CVE-2019-19966: There was a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that could have caused a denial of service, aka CID-dea37a972655 (bnc#1159841). - CVE-2019-20054: There was a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e (bnc#1159910). - CVE-2019-20095: Several memory leaks were found in drivers/net/wireless/marvell/mwifiex/cfg80211.c, aka CID-003b686ace82 (bnc#1159909). - CVE-2019-20096: There was a memory leak in __feat_register_sp() in net/dccp/feat.c, aka CID-1d3ff0950e2b (bnc#1159908). - CVE-2020-7053: There was a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c (bnc#1160966). - CVE-2020-8428: There was a use-after-free bug in fs/namei.c, which allowed local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9 (bnc#1162109). - CVE-2020-8648: There was a use-after-free vulnerability in the n_tty_receive_buf_common function in drivers/tty/n_tty.c (bnc#1162928). - CVE-2020-8992: An issue was discovered in ext4_protect_reserved_inode in fs/ext4/block_validity.c that allowed attackers to cause a soft lockup via a crafted journal size (bnc#1164069). The following non-security bugs were fixed: - 6pack,mkiss: fix possible deadlock (bsc#1051510). - ACPI / APEI: Do not wait to serialise with oops messages when panic()ing (bsc#1051510). - ACPI / APEI: Switch estatus pool to use vmalloc memory (bsc#1051510). - ACPI / LPSS: Ignore acpi_device_fix_up_power() return value (bsc#1051510). - ACPI / video: Add force_none quirk for Dell OptiPlex 9020M (bsc#1051510). - ACPI / watchdog: Fix init failure with overlapping register regions (bsc#1162557). - ACPI / watchdog: Set default timeout in probe (bsc#1162557). - ACPI: bus: Fix NULL pointer check in acpi_bus_get_private_data() (bsc#1051510). - ACPI: fix acpi_find_child_device() invocation in acpi_preset_companion() (bsc#1051510). - ACPI: OSL: only free map once in osl.c (bsc#1051510). - ACPI: PM: Avoid attaching ACPI PM domain to certain devices (bsc#1051510). - ACPI: sysfs: Change ACPI_MASKABLE_GPE_MAX to 0x100 (bsc#1051510). - ACPI: video: Do not export a non working backlight interface on MSI MS-7721 boards (bsc#1051510). - ACPI: watchdog: Allow disabling WDAT at boot (bsc#1162557). - af_packet: set defaule value for tmo (bsc#1051510). - ALSA: control: remove useless assignment in .info callback of PCM chmap element (git-fixes). - ALSA: echoaudio: simplify get_audio_levels (bsc#1051510). - ALSA: fireface: fix return value in error path of isochronous resources reservation (bsc#1051510). - ALSA: hda - Add docking station support for Lenovo Thinkpad T420s (git-fixes). - ALSA: hda - Downgrade error message for single-cmd fallback (git-fixes). - ALSA: hda/analog - Minor optimization for SPDIF mux connections (git-fixes). - ALSA: hda/ca0132 - Avoid endless loop (git-fixes). - ALSA: hda/ca0132 - Fix work handling in delayed HP detection (git-fixes). - ALSA: hda/ca0132 - Keep power on during processing DSP response (git-fixes). - ALSA: hda/hdmi - Add new pci ids for AMD GPU display audio (git-fixes). - ALSA: hda/hdmi - add retry logic to parse_intel_hdmi() (git-fixes). - ALSA: hda/hdmi - fix atpx_present when CLASS is not VGA (bsc#1051510). - ALSA: hda/hdmi - Fix duplicate unref of pci_dev (bsc#1051510). - ALSA: hda/hdmi - fix vgaswitcheroo detection for AMD (git-fixes). - ALSA: hda/realtek - Add headset Mic no shutup for ALC283 (bsc#1051510). - ALSA: hda/realtek - Dell headphone has noise on unmute for ALC236 (git-fixes). - ALSA: hda/realtek - Fix silent output on MSI-GL73 (git-fixes). - ALSA: hda/realtek - Line-out jack does not work on a Dell AIO (bsc#1051510). - ALSA: hda: Add Clevo W65_67SB the power_save blacklist (git-fixes). - ALSA: hda: Reset stream if DMA RUN bit not cleared (bsc#1111666). - ALSA: hda: Use scnprintf() for printing texts for sysfs/procfs (git-fixes). - ALSA: ice1724: Fix sleep-in-atomic in Infrasonic Quartet support code (bsc#1051510). - ALSA: oxfw: fix return value in error path of isochronous resources reservation (bsc#1051510). - ALSA: pcm: Avoid possible info leaks from PCM stream buffers (git-fixes). - ALSA: pcm: oss: Avoid potential buffer overflows (git-fixes). - ALSA: seq: Avoid concurrent access to queue flags (git-fixes). - ALSA: seq: Fix concurrent access to queue current tick/time (git-fixes). - ALSA: seq: Fix racy access for queue timer in proc read (bsc#1051510). - ALSA: sh: Fix compile warning wrt const (git-fixes). - ALSA: usb-audio: Apply sample rate quirk for Audioengine D1 (git-fixes). - ALSA: usb-audio: fix set_format altsetting sanity check (bsc#1051510). - ALSA: usb-audio: fix sync-ep altsetting sanity check (bsc#1051510). - apparmor: fix unsigned len comparison with less than zero (git-fixes). - ar5523: check NULL before memcpy() in ar5523_cmd() (bsc#1051510). - arm64: Revert support for execute-only user mappings (bsc#1160218). - ASoC: au8540: use 64-bit arithmetic instead of 32-bit (bsc#1051510). - ASoC: compress: fix unsigned integer overflow check (bsc#1051510). - ASoC: cs4349: Use PM ops 'cs4349_runtime_pm' (bsc#1051510). - ASoC: Jack: Fix NULL pointer dereference in snd_soc_jack_report (bsc#1051510). - ASoC: msm8916-wcd-analog: Fix selected events for MIC BIAS External1 (bsc#1051510). - ASoC: sun8i-codec: Fix setting DAI data format (git-fixes). - ASoC: wm8962: fix lambda value (git-fixes). - ata: ahci: Add shutdown to freeze hardware resources of ahci (bsc#1164388). - ath10k: fix fw crash by moving chip reset after napi disabled (bsc#1051510). - ath6kl: Fix off by one error in scan completion (bsc#1051510). - ath9k: fix storage endpoint lookup (git-fixes). - atl1e: checking the status of atl1e_write_phy_reg (bsc#1051510). - audit: Allow auditd to set pid to 0 to end auditing (bsc#1158094). - batman-adv: Fix DAT candidate selection on little endian systems (bsc#1051510). - bcache: add code comment bch_keylist_pop() and bch_keylist_pop_front() (bsc#1163762). - bcache: add code comments for state->pool in __btree_sort() (bsc#1163762). - bcache: add code comments in bch_btree_leaf_dirty() (bsc#1163762). - bcache: add cond_resched() in __bch_cache_cmp() (bsc#1163762). - bcache: add idle_max_writeback_rate sysfs interface (bsc#1163762). - bcache: add more accurate error messages in read_super() (bsc#1163762). - bcache: add readahead cache policy options via sysfs interface (bsc#1163762). - bcache: at least try to shrink 1 node in bch_mca_scan() (bsc#1163762). - bcache: avoid unnecessary btree nodes flushing in btree_flush_write() (bsc#1163762). - bcache: check return value of prio_read() (bsc#1163762). - bcache: deleted code comments for dead code in bch_data_insert_keys() (bsc#1163762). - bcache: do not export symbols (bsc#1163762). - bcache: explicity type cast in bset_bkey_last() (bsc#1163762). - bcache: fix a lost wake-up problem caused by mca_cannibalize_lock (bsc#1163762). - bcache: Fix an error code in bch_dump_read() (bsc#1163762). - bcache: fix deadlock in bcache_allocator (bsc#1163762). - bcache: fix incorrect data type usage in btree_flush_write() (bsc#1163762). - bcache: fix memory corruption in bch_cache_accounting_clear() (bsc#1163762). - bcache: fix static checker warning in bcache_device_free() (bsc#1163762). - bcache: ignore pending signals when creating gc and allocator thread (bsc#1163762, bsc#1112504). - bcache: print written and keys in trace_bcache_btree_write (bsc#1163762). - bcache: reap c->btree_cache_freeable from the tail in bch_mca_scan() (bsc#1163762). - bcache: reap from tail of c->btree_cache in bch_mca_scan() (bsc#1163762). - bcache: remove macro nr_to_fifo_front() (bsc#1163762). - bcache: remove member accessed from struct btree (bsc#1163762). - bcache: remove the extra cflags for request.o (bsc#1163762). - bcache: Revert 'bcache: shrink btree node cache after bch_btree_check()' (bsc#1163762, bsc#1112504). - bcma: remove set but not used variable 'sizel' (git-fixes). - blk-mq: avoid sysfs buffer overflow with too many CPU cores (bsc#1163840). - blk-mq: make sure that line break can be printed (bsc#1164098). - Bluetooth: Fix race condition in hci_release_sock() (bsc#1051510). - Bluetooth: hci_bcm: Handle specific unknown packets after firmware loading (bsc#1051510). - bonding: fix active-backup transition after link failure (git-fixes). - bonding: fix potential NULL deref in bond_update_slave_arr (bsc#1051510). - bonding: fix slave stuck in BOND_LINK_FAIL state (networking-stable-19_11_10). - bonding: fix state transition issue in link monitoring (networking-stable-19_11_10). - bonding: fix unexpected IFF_BONDING bit unset (bsc#1051510). - bpf: Make use of probe_user_write in probe write helper (bsc#1083647). - brcmfmac: fix interface sanity check (git-fixes). - brcmfmac: Fix memory leak in brcmf_usbdev_qinit (git-fixes). - brcmfmac: Fix use after free in brcmf_sdio_readframes() (git-fixes). - btrfs: abort transaction after failed inode updates in create_subvol (bsc#1161936). - btrfs: add missing extents release on file extent cluster relocation error (bsc#1159483). - btrfs: avoid fallback to transaction commit during fsync of files with holes (bsc#1159569). - btrfs: dev-replace: remove warning for unknown return codes when finished (dependency for bsc#1162067). - btrfs: do not call synchronize_srcu() in inode_tree_del (bsc#1161934). - btrfs: do not double lock the subvol_sem for rename exchange (bsc#1162943). - btrfs: Ensure we trim ranges across block group boundary (bsc#1151910). - btrfs: fix block group remaining RO forever after error during device replace (bsc#1160442). - btrfs: fix btrfs_write_inode vs delayed iput deadlock (bsc#1154243). - btrfs: fix infinite loop during fsync after rename operations (bsc#1163383). - btrfs: fix infinite loop during nocow writeback due to race (bsc#1160804). - btrfs: fix integer overflow in calc_reclaim_items_nr (bsc#1160433). - btrfs: fix missing data checksums after replaying a log tree (bsc#1161931). - btrfs: fix negative subv_writers counter and data space leak after buffered write (bsc#1160802). - btrfs: fix race between adding and putting tree mod seq elements and nodes (bsc#1163384). - btrfs: fix removal logic of the tree mod log that leads to use-after-free issues (bsc#1160803). - btrfs: fix selftests failure due to uninitialized i_mode in test inodes (Fix for dependency of bsc#1157692). - btrfs: handle ENOENT in btrfs_uuid_tree_iterate (bsc#1161937). - btrfs: harden agaist duplicate fsid on scanned devices (bsc#1134973). - btrfs: inode: Verify inode mode to avoid NULL pointer dereference (dependency for bsc#1157692). - btrfs: make tree checker detect checksum items with overlapping ranges (bsc#1161931). - btrfs: Move btrfs_check_chunk_valid() to tree-check.[ch] and export it (dependency for bsc#1157692). - btrfs: record all roots for rename exchange on a subvol (bsc#1161933). - btrfs: relocation: fix reloc_root lifespan and access (bsc#1159588). - btrfs: scrub: Require mandatory block group RO for dev-replace (bsc#1162067). - btrfs: send, skip backreference walking for extents with many references (bsc#1162139). - btrfs: simplify inode locking for RWF_NOWAIT (git-fixes). - btrfs: skip log replay on orphaned roots (bsc#1161935). - btrfs: tree-checker: Check chunk item at tree block read time (dependency for bsc#1157692). - btrfs: tree-checker: Check level for leaves and nodes (dependency for bsc#1157692). - btrfs: tree-checker: Enhance chunk checker to validate chunk profile (dependency for bsc#1157692). - btrfs: tree-checker: Fix wrong check on max devid (fixes for dependency of bsc#1157692). - btrfs: tree-checker: get fs_info from eb in block_group_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_block_group_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_csum_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_dev_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_dir_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_extent_data_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_inode_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_leaf (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_leaf_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in chunk_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in dev_item_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in dir_item_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in file_extent_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in generic_err (dependency for bsc#1157692). - btrfs: tree-checker: Make btrfs_check_chunk_valid() return EUCLEAN instead of EIO (dependency for bsc#1157692). - btrfs: tree-checker: Make chunk item checker messages more readable (dependency for bsc#1157692). - btrfs: tree-checker: Verify dev item (dependency for bsc#1157692). - btrfs: tree-checker: Verify inode item (dependency for bsc#1157692). - btrfs: volumes: Use more straightforward way to calculate map length (bsc#1151910). - can, slip: Protect tty->disc_data in write_wakeup and close with RCU (bsc#1051510). - can: can_dropped_invalid_skb(): ensure an initialized headroom in outgoing CAN sk_buffs (bsc#1051510). - can: c_can: D_CAN: c_can_chip_config(): perform a sofware reset on open (bsc#1051510). - can: gs_usb: gs_usb_probe(): use descriptors of current altsetting (bsc#1051510). - can: mscan: mscan_rx_poll(): fix rx path lockup when returning from polling to irq mode (bsc#1051510). - can: peak_usb: report bus recovery as well (bsc#1051510). - can: rx-offload: can_rx_offload_irq_offload_fifo(): continue on error (bsc#1051510). - can: rx-offload: can_rx_offload_irq_offload_timestamp(): continue on error (bsc#1051510). - can: rx-offload: can_rx_offload_offload_one(): increment rx_fifo_errors on queue overflow or OOM (bsc#1051510). - can: rx-offload: can_rx_offload_offload_one(): use ERR_PTR() to propagate error value in case of errors (bsc#1051510). - can: slcan: Fix use-after-free Read in slcan_open (bsc#1051510). - CDC-NCM: handle incomplete transfer of MTU (networking-stable-19_11_10). - cdrom: respect device capabilities during opening action (boo#1164632). - cfg80211/mac80211: make ieee80211_send_layer2_update a public function (bsc#1051510). - cfg80211: check for set_wiphy_params (bsc#1051510). - cfg80211: fix page refcount issue in A-MSDU decap (bsc#1051510). - cgroup,writeback: do not switch wbs immediately on dead wbs if the memcg is dead (bsc#1158645). - cgroup: pids: use atomic64_t for pids->limit (bsc#1161514). - chardev: Avoid potential use-after-free in 'chrdev_open()' (bsc#1163849). - cifs: add support for flock (bsc#1144333). - cifs: Close cached root handle only if it had a lease (bsc#1144333). - cifs: Close open handle after interrupted close (bsc#1144333). - cifs: close the shared root handle on tree disconnect (bsc#1144333). - cifs: Do not miss cancelled OPEN responses (bsc#1144333). - cifs: Fix lookup of root ses in DFS referral cache (bsc#1144333). - cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1144333). - cifs: fix mount option display for sec=krb5i (bsc#1161907). - cifs: Fix mount options set in automount (bsc#1144333). - cifs: Fix NULL pointer dereference in mid callback (bsc#1144333). - cifs: Fix NULL-pointer dereference in smb2_push_mandatory_locks (bsc#1144333). - cifs: Fix potential softlockups while refreshing DFS cache (bsc#1144333). - cifs: Fix retrieval of DFS referrals in cifs_mount() (bsc#1144333). - cifs: Fix use-after-free bug in cifs_reconnect() (bsc#1144333). - cifs: Properly process SMB3 lease breaks (bsc#1144333). - cifs: remove set but not used variables 'cinode' and 'netfid' (bsc#1144333). - cifs: Respect O_SYNC and O_DIRECT flags during reconnect (bsc#1144333). - clk: Do not try to enable critical clocks if prepare failed (bsc#1051510). - clk: mmp2: Fix the order of timer mux parents (bsc#1051510). - clk: qcom: rcg2: Do not crash if our parent can't be found; return an error (bsc#1051510). - clk: rockchip: fix I2S1 clock gate register for rk3328 (bsc#1051510). - clk: rockchip: fix ID of 8ch clock of I2S1 for rk3328 (bsc#1051510). - clk: rockchip: fix rk3188 sclk_mac_lbtest parameter ordering (bsc#1051510). - clk: rockchip: fix rk3188 sclk_smc gate data (bsc#1051510). - clk: sunxi-ng: add mux and pll notifiers for A64 CPU clock (bsc#1051510). - clk: sunxi: sun9i-mmc: Implement reset callback for reset controls (bsc#1051510). - clk: tegra: Mark fuse clock as critical (bsc#1051510). - clocksource/drivers/bcm2835_timer: Fix memory leak of timer (bsc#1051510). - clocksource: Prevent double add_timer_on() for watchdog_timer (bsc#1051510). - closures: fix a race on wakeup from closure_sync (bsc#1163762). - compat_ioctl: handle SIOCOUTQNSD (bsc#1051510). - configfs_register_group() shouldn't be (and isn't) called in rmdirable parts (bsc#1051510). - copy/pasted 'Recommends:' instead of 'Provides:', 'Obsoletes:' and 'Conflicts: - Cover up kABI breakage due to DH key verification (bsc#1155331). - crypto: af_alg - Use bh_lock_sock in sk_destruct (bsc#1051510). - crypto: api - Check spawn->alg under lock in crypto_drop_spawn (bsc#1051510). - crypto: api - Fix race condition in crypto_spawn_alg (bsc#1051510). - crypto: atmel-sha - fix error handling when setting hmac key (bsc#1051510). - crypto: ccp - fix uninitialized list head (bsc#1051510). - crypto: chelsio - fix writing tfm flags to wrong place (bsc#1051510). - crypto: dh - add public key verification test (bsc#1155331). - crypto: dh - fix calculating encoded key size (bsc#1155331). - crypto: dh - fix memory leak (bsc#1155331). - crypto: dh - update test for public key verification (bsc#1155331). - crypto: DRBG - add FIPS 140-2 CTRNG for noise source (bsc#1155334). - crypto: ecdh - add public key verification test (bsc#1155331). - crypto: ecdh - fix typo of P-192 b value (bsc#1155331). - crypto: mxc-scc - fix build warnings on ARM64 (bsc#1051510). - crypto: pcrypt - Do not clear MAY_SLEEP flag in original request (bsc#1051510). - crypto: picoxcell - adjust the position of tasklet_init and fix missed tasklet_kill (bsc#1051510). - crypto: reexport crypto_shoot_alg() (bsc#1051510, kABI fix). - cxgb4: request the TX CIDX updates to status page (bsc#1127371). - dma-buf: Fix memory leak in sync_file_merge() (git-fixes). - dma-mapping: fix return type of dma_set_max_seg_size() (bsc#1051510). - dmaengine: coh901318: Fix a double-lock bug (bsc#1051510). - dmaengine: coh901318: Remove unused variable (bsc#1051510). - dmaengine: Fix access to uninitialized dma_slave_caps (bsc#1051510). - Documentation: Document arm64 kpti control (bsc#1162623). - drivers/base/memory.c: cache blocks in radix tree to accelerate lookup (bsc#1159955 ltc#182993). - drivers/base/memory.c: do not access uninitialized memmaps in soft_offline_page_store() (bsc#1051510). - drivers/base/platform.c: kmemleak ignore a known leak (bsc#1051510). - drivers/regulator: fix a missing check of return value (bsc#1051510). - drm/amdgpu: add function parameter description in 'amdgpu_gart_bind' (bsc#1051510). - drm/amdgpu: fix bad DMA from INTERRUPT_CNTL2 (bsc#1114279) - drm/amdgpu: remove 4 set but not used variable in amdgpu_atombios_get_connector_info_from_object_table (bsc#1051510). - drm/amdgpu: remove always false comparison in 'amdgpu_atombios_i2c_process_i2c_ch' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'amdgpu_connector' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'dig' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'dig_connector' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'mc_shared_chmap' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'mc_shared_chmap' from 'gfx_v6_0.c' and 'gfx_v7_0.c' (bsc#1051510). - drm/dp_mst: correct the shifting in DP_REMOTE_I2C_READ (bsc#1051510). - drm/fb-helper: Round up bits_per_pixel if possible (bsc#1051510). - drm/i810: Prevent underflow in ioctl (bsc#1114279) - drm/i915: Add missing include file <linux/math64.h> (bsc#1051510). - drm/i915: Fix pid leak with banned clients (bsc#1114279) - drm/mst: Fix MST sideband up-reply failure handling (bsc#1051510). - drm/nouveau/secboot/gm20b: initialize pointer in gm20b_secboot_new() (bsc#1051510). - drm/nouveau: Fix copy-paste error in nouveau_fence_wait_uevent_handler (bsc#1051510). - drm/qxl: Return error if fbdev is not 32 bpp (bsc#1159028) - drm/radeon: fix r1xx/r2xx register checker for POT textures (bsc#1114279) - drm/rockchip: lvds: Fix indentation of a #define (bsc#1051510). - drm/rockchip: Round up _before_ giving to the clock framework (bsc#1114279) - drm/vmwgfx: prevent memory leak in vmw_cmdbuf_res_add (bsc#1051510). - drm: bridge: dw-hdmi: constify copied structure (bsc#1051510). - drm: limit to INT_MAX in create_blob ioctl (bsc#1051510). - drm: meson: venc: cvbs: fix CVBS mode matching (bsc#1051510). - drm: panel-lvds: Potential Oops in probe error handling (bsc#1114279) - e1000e: Add support for Comet Lake (bsc#1158533). - e1000e: Add support for Tiger Lake (bsc#1158533). - e1000e: Increase pause and refresh time (bsc#1158533). - e100: Fix passing zero to 'PTR_ERR' warning in e100_load_ucode_wait (bsc#1051510). - ecryptfs_lookup_interpose(): lower_dentry->d_inode is not stable (bsc#1158646). - ecryptfs_lookup_interpose(): lower_dentry->d_parent is not stable either (bsc#1158647). - EDAC/ghes: Fix locking and memory barrier issues (bsc#1114279). EDAC/ghes: Do not warn when incrementing refcount on 0 (bsc#1114279). - Enable CONFIG_BLK_DEV_SR_VENDOR (boo#1164632). - enic: prevent waking up stopped tx queues over watchdog reset (bsc#1133147). - exit: panic before exit_mm() on global init exit (bsc#1161549). - ext2: check err when partial != NULL (bsc#1163859). - ext4, jbd2: ensure panic when aborting with zero errno (bsc#1163853). - ext4: check for directory entries too close to block end (bsc#1163861). - ext4: fix a bug in ext4_wait_for_tail_page_commit (bsc#1163841). - ext4: fix checksum errors with indexed dirs (bsc#1160979). - ext4: fix deadlock allocating crypto bounce page from mempool (bsc#1163842). - ext4: Fix mount failure with quota configured as module (bsc#1164471). - ext4: fix punch hole for inline_data file systems (bsc#1158640). - ext4: improve explanation of a mount failure caused by a misconfigured kernel (bsc#1163843). - ext4: update direct I/O read lock pattern for IOCB_NOWAIT (bsc#1158639). - extcon: max8997: Fix lack of path setting in USB device mode (bsc#1051510). - firestream: fix memory leaks (bsc#1051510). - fix autofs regression caused by follow_managed() changes (bsc#1159271). - fix dget_parent() fastpath race (bsc#1159271). - Fix partial checked out tree build ... so that bisection does not break. - Fix the locking in dcache_readdir() and friends (bsc#1123328). - fjes: fix missed check in fjes_acpi_add (bsc#1051510). - fs/namei.c: fix missing barriers when checking positivity (bsc#1159271). - fs/namei.c: pull positivity check into follow_managed() (bsc#1159271). - fs/open.c: allow opening only regular files during execve() (bsc#1163845). - fs: cifs: Fix atime update check vs mtime (bsc#1144333). - fscrypt: do not set policy for a dead directory (bsc#1163846). - ftrace: Add comment to why rcu_dereference_sched() is open coded (git-fixes). - ftrace: Avoid potential division by zero in function profiler (bsc#1160784). - ftrace: Introduce PERMANENT ftrace_ops flag (bsc#1120853). - ftrace: Protect ftrace_graph_hash with ftrace_sync (git-fixes). - genirq/proc: Return proper error code when irq_set_affinity() fails (bnc#1105392). - genirq: Prevent NULL pointer dereference in resend_irqs() (bsc#1051510). - genirq: Properly pair kobject_del() with kobject_add() (bsc#1051510). - gpio: Fix error message on out-of-range GPIO in lookup table (bsc#1051510). - gtp: avoid zero size hashtable (networking-stable-20_01_01). - gtp: do not allow adding duplicate tid and ms_addr pdp context (networking-stable-20_01_01). - gtp: fix an use-after-free in ipv4_pdp_find() (networking-stable-20_01_01). - gtp: fix wrong condition in gtp_genl_dump_pdp() (networking-stable-20_01_01). - HID: doc: fix wrong data structure reference for UHID_OUTPUT (bsc#1051510). - HID: hidraw, uhid: Always report EPOLLOUT (bsc#1051510). - HID: hidraw: Fix returning EPOLLOUT from hidraw_poll (bsc#1051510). - HID: intel-ish-hid: fixes incorrect error handling (bsc#1051510). - HID: uhid: Fix returning EPOLLOUT from uhid_char_poll (bsc#1051510). - hidraw: Return EPOLLOUT from hidraw_poll (bsc#1051510). - hwmon: (adt7475) Make volt2reg return same reg as reg2volt input (bsc#1051510). - hwmon: (core) Do not use device managed functions for memory allocations (bsc#1051510). - hwmon: (nct7802) Fix voltage limits to wrong registers (bsc#1051510). - hwmon: (pmbus/ltc2978) Fix PMBus polling of MFR_COMMON definitions (bsc#1051510). - hwrng: stm32 - fix unbalanced pm_runtime_enable (bsc#1051510). - i2c: imx: do not print error message on probe defer (bsc#1051510). - ibmveth: Detect unsupported packets before sending to the hypervisor (bsc#1159484 ltc#182983). - ibmvnic: Bound waits for device queries (bsc#1155689 ltc#182047). - ibmvnic: Fix completion structure initialization (bsc#1155689 ltc#182047). - ibmvnic: Serialize device queries (bsc#1155689 ltc#182047). - ibmvnic: Terminate waiting device threads after loss of service (bsc#1155689 ltc#182047). - idr: Fix idr_alloc_u32 on 32-bit systems (bsc#1051510). - iio: adc: max9611: Fix too short conversion time delay (bsc#1051510). - iio: buffer: align the size of scan bytes to size of the largest element (bsc#1051510). - inet: protect against too small mtu values (networking-stable-19_12_16). - init: add arch_call_rest_init to allow stack switching (jsc#SLE-11179). - Input: aiptek - fix endpoint sanity check (bsc#1051510). - Input: cyttsp4_core - fix use after free bug (bsc#1051510). - Input: goodix - add upside-down quirk for Teclast X89 tablet (bsc#1051510). - Input: gtco - fix endpoint sanity check (bsc#1051510). - Input: keyspan-remote - fix control-message timeouts (bsc#1051510). - Input: pegasus_notetaker - fix endpoint sanity check (bsc#1051510). - Input: pm8xxx-vib - fix handling of separate enable register (bsc#1051510). - Input: rmi_f54 - read from FIFO in 32 byte blocks (bsc#1051510). - Input: sun4i-ts - add a check for devm_thermal_zone_of_sensor_register (bsc#1051510). - Input: sur40 - fix interface sanity checks (bsc#1051510). - Input: synaptics - switch another X1 Carbon 6 to RMI/SMbus (bsc#1051510). - Input: synaptics-rmi4 - do not increment rmiaddr for SMBus transfers (bsc#1051510). - Input: synaptics-rmi4 - simplify data read in rmi_f54_work (bsc#1051510). - iomap: Fix pipe page leakage during splicing (bsc#1158651). - iommu/amd: Fix IOMMU perf counter clobbering during init (bsc#1162617). - iommu/arm-smmu-v3: Populate VMID field for CMDQ_OP_TLBI_NH_VA (bsc#1164314). - iommu/io-pgtable-arm: Fix race handling in split_blk_unmap() (bsc#1164115). - iommu/vt-d: Unlink device if failed to add to group (bsc#1160756). - iommu: Remove device link to group on failure (bsc#1160755). - ipv4: Fix table id reference in fib_sync_down_addr (networking-stable-19_11_10). - iwlegacy: ensure loop counter addr does not wrap and cause an infinite loop (git-fixes). - iwlwifi: do not throw error when trying to remove IGTK (bsc#1051510). - iwlwifi: mvm: fix NVM check for 3168 devices (bsc#1051510). - iwlwifi: mvm: Send non offchannel traffic via AP sta (bsc#1051510). - iwlwifi: mvm: synchronize TID queue removal (bsc#1051510). - jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info when load journal (bsc#1163862). - jbd2: do not clear the BH_Mapped flag when forgetting a metadata buffer (bsc#1163836). - jbd2: Fix possible overflow in jbd2_log_space_left() (bsc#1163860). - jbd2: make sure ESHUTDOWN to be recorded in the journal superblock (bsc#1163863). - jbd2: move the clearing of b_modified flag to the journal_unmap_buffer() (bsc#1163880). - jbd2: switch to use jbd2_journal_abort() when failed to submit the commit record (bsc#1163852). - kABI workaround for can/skb.h inclusion (bsc#1051510). - kABI: add _q suffix to exports that take struct dh (bsc#1155331). - kABI: protect struct sctp_ep_common (kabi). - kconfig: fix broken dependency in randconfig-generated .config (bsc#1051510). - kernel-binary.spec.in: do not recommend firmware for kvmsmall and azure flavor (boo#1161360). - kernel/trace: Fix do not unregister tracepoints when register sched_migrate_task fail (bsc#1160787). - kernfs: Fix range checks in kernfs_get_target_path (bsc#1051510). - kexec: bail out upon SIGKILL when allocating memory (git-fixes). - KVM: Clean up __kvm_gfn_to_hva_cache_init() and its callers (bsc#1133021). - KVM: fix spectrev1 gadgets (bsc#1164705). - KVM: PPC: Book3S HV: Uninit vCPU if vcore creation fails (bsc#1061840). - KVM: PPC: Book3S PR: Fix -Werror=return-type build failure (bsc#1061840). - KVM: PPC: Book3S PR: Free shared page if mmu initialization fails (bsc#1061840). - KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl (git-fixes). - KVM: s390: Test for bad access register and size at the start of S390_MEM_OP (git-fixes). - KVM: SVM: Guard against DEACTIVATE when performing WBINVD/DF_FLUSH (bsc#1114279). - KVM: SVM: Override default MMIO mask if memory encryption is enabled (bsc#1162618). - KVM: SVM: Serialize access to the SEV ASID bitmap (bsc#1114279). - KVM: x86: Host feature SSBD does not imply guest feature SPEC_CTRL_SSBD (bsc#1160476). - KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks (bsc#1164734). - KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks (bsc#1164728). - KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks (bsc#1164729). - KVM: x86: Protect kvm_hv_msr_[get|set]_crash_data() from Spectre-v1/L1TF attacks (bsc#1164712). - KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks (bsc#1164730). - KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks in x86.c (bsc#1164733). - KVM: x86: Protect MSR-based index computations in fixed_msr_to_seg_unit() from Spectre-v1/L1TF attacks (bsc#1164731). - KVM: x86: Protect MSR-based index computations in pmu.h from Spectre-v1/L1TF attacks (bsc#1164732). - KVM: x86: Protect pmu_intel.c from Spectre-v1/L1TF attacks (bsc#1164735). - KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks (bsc#1164705). - KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks (bsc#1164727). - KVM: x86: Remove a spurious export of a static function (bsc#1158954). - leds: Allow to call led_classdev_unregister() unconditionally (bsc#1161674). - leds: class: ensure workqueue is initialized before setting brightness (bsc#1161674). - lib/scatterlist.c: adjust indentation in __sg_alloc_table (bsc#1051510). - lib/test_kasan.c: fix memory leak in kmalloc_oob_krealloc_more() (bsc#1051510). - lib: crc64: include <linux/crc64.h> for 'crc64_be' (bsc#1163762). - livepatch/samples/selftest: Use klp_shadow_alloc() API correctly (bsc#1071995). - livepatch/selftest: Clean up shadow variable names and type (bsc#1071995). - livepatch: Allow to distinguish different version of system state changes (bsc#1071995). - livepatch: Basic API to track system state changes (bsc#1071995 ). - livepatch: Keep replaced patches until post_patch callback is called (bsc#1071995). - livepatch: Selftests of the API for tracking system state changes (bsc#1071995). - livepatch: Simplify stack trace retrieval (jsc#SLE-11179). - loop: fix no-unmap write-zeroes request behavior (bsc#1158637). - mac80211: Do not send Layer 2 Update frame before authorization (bsc#1051510). - mac80211: fix station inactive_time shortly after boot (bsc#1051510). - mac80211: Fix TKIP replay protection immediately after key setup (bsc#1051510). - mac80211: mesh: restrict airtime metric to peered established plinks (bsc#1051510). - macvlan: do not assume mac_header is set in macvlan_broadcast() (bsc#1051510). - macvlan: use skb_reset_mac_header() in macvlan_queue_xmit() (bsc#1051510). - mailbox: mailbox-test: fix null pointer if no mmio (bsc#1051510). - media/v4l2-core: set pages dirty upon releasing DMA buffers (bsc#1051510). - media: af9005: uninitialized variable printked (bsc#1051510). - media: cec.h: CEC_OP_REC_FLAG_ values were swapped (bsc#1051510). - media: cec: CEC 2.0-only bcast messages were ignored (git-fixes). - media: cec: report Vendor ID after initialization (bsc#1051510). - media: digitv: do not continue if remote control state can't be read (bsc#1051510). - media: dvb-usb/dvb-usb-urb.c: initialize actlen to 0 (bsc#1051510). - media: exynos4-is: fix wrong mdev and v4l2 dev order in error path (git-fixes). - media: gspca: zero usb_buf (bsc#1051510). - media: iguanair: fix endpoint sanity check (bsc#1051510). - media: ov6650: Fix control handler not freed on init error (git-fixes). - media: ov6650: Fix crop rectangle alignment not passed back (git-fixes). - media: ov6650: Fix incorrect use of JPEG colorspace (git-fixes). - media: pulse8-cec: fix lost cec_transmit_attempt_done() call. - media: pulse8-cec: return 0 when invalidating the logical address (bsc#1051510). - media: stkwebcam: Bugfix for wrong return values (bsc#1051510). - media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors (bsc#1051510). - media: uvcvideo: Fix error path in control parsing failure (git-fixes). - media: v4l2-ctrl: fix flags for DO_WHITE_BALANCE (bsc#1051510). - media: v4l2-ioctl.c: zero reserved fields for S/TRY_FMT (bsc#1051510). - media: v4l2-rect.h: fix v4l2_rect_map_inside() top/left adjustments (bsc#1051510). - mei: bus: prefix device names on bus with the bus name (bsc#1051510). - mfd: da9062: Fix watchdog compatible string (bsc#1051510). - mfd: dln2: More sanity checking for endpoints (bsc#1051510). - mfd: rn5t618: Mark ADC control register volatile (bsc#1051510). - missing escaping of backslashes in macro expansions Fixes: f3b74b0ae86b ('rpm/kernel-subpackage-spec: Unify dependency handling.') Fixes: 3fd22e219f77 ('rpm/kernel-subpackage-spec: Fix empty Recommends tag (bsc#1143959)') - mlx5: add parameter to disable enhanced IPoIB (bsc#1142095) - mm, memory_hotplug: do not clear numa_node association after hot_remove (bnc#1115026). - mm/page-writeback.c: fix range_cyclic writeback vs writepages deadlock (bsc#1159394). - mm: memory_hotplug: use put_device() if device_register fail (bsc#1159955 ltc#182993). - mmc: mediatek: fix CMD_TA to 2 for MT8173 HS200/HS400 mode (bsc#1051510). - mmc: sdhci-of-esdhc: fix P2020 errata handling (bsc#1051510). - mmc: sdhci-of-esdhc: Revert 'mmc: sdhci-of-esdhc: add erratum A-009204 support' (bsc#1051510). - mmc: sdhci: fix minimum clock rate for v3 controller (bsc#1051510). - mmc: spi: Toggle SPI polarity, do not hardcode it (bsc#1051510). - mmc: tegra: fix SDR50 tuning override (bsc#1051510). - moduleparam: fix parameter description mismatch (bsc#1051510). - mod_devicetable: fix PHY module format (networking-stable-19_12_28). - mtd: fix mtd_oobavail() incoherent returned value (bsc#1051510). - mwifiex: debugfs: correct histogram spacing, formatting (bsc#1051510). - mwifiex: drop most magic numbers from mwifiex_process_tdls_action_frame() (git-fixes). - mwifiex: fix potential NULL dereference and use after free (bsc#1051510). - namei: only return -ECHILD from follow_dotdot_rcu() (bsc#1163851). - nbd: prevent memory leak (bsc#1158638). - net/ibmvnic: Fix typo in retry check (bsc#1155689 ltc#182047). - net/mlx4_en: fix mlx4 ethtool -N insertion (networking-stable-19_11_25). - net/mlx5: prevent memory leak in mlx5_fpga_conn_create_cq (bsc#1046303). - net/mlx5e: Fix set vf link state error flow (networking-stable-19_11_25). - net/mlx5e: Fix SFF 8472 eeprom length (git-fixes). - net/mlxfw: Fix out-of-memory error in mfa2 flash burning (bsc#1051858). - net/sched: act_pedit: fix WARN() in the traffic path (networking-stable-19_11_25). - net: bridge: deny dev_set_mac_address() when unregistering (networking-stable-19_12_16). - net: cdc_ncm: Signedness bug in cdc_ncm_set_dgram_size() (git-fixes). - net: dst: Force 4-byte alignment of dst_metrics (networking-stable-19_12_28). - net: ena: fix napi handler misbehavior when the napi budget is zero (networking-stable-20_01_01). - net: ethernet: octeon_mgmt: Account for second possible VLAN header (networking-stable-19_11_10). - net: ethernet: ti: cpsw: fix extra rx interrupt (networking-stable-19_12_16). - net: fix data-race in neigh_event_send() (networking-stable-19_11_10). - net: hisilicon: Fix a BUG trigered by wrong bytes_compl (networking-stable-19_12_28). - net: nfc: nci: fix a possible sleep-in-atomic-context bug in nci_uart_tty_receive() (networking-stable-19_12_28). - net: phy: at803x: Change error to EINVAL for invalid MAC (bsc#1051510). - net: phy: broadcom: Use strlcpy() for ethtool::get_strings (bsc#1051510). - net: phy: Check against net_device being NULL (bsc#1051510). - net: phy: dp83867: Set up RGMII TX delay (bsc#1051510). - net: phy: Fix not to call phy_resume() if PHY is not attached (bsc#1051510). - net: phy: Fix the register offsets in Broadcom iProc mdio mux driver (bsc#1051510). - net: phy: fixed_phy: Fix fixed_phy not checking GPIO (bsc#1051510). - net: phy: marvell: clear wol event before setting it (bsc#1051510). - net: phy: marvell: Use strlcpy() for ethtool::get_strings (bsc#1051510). - net: phy: meson-gxl: check phy_write return value (bsc#1051510). - net: phy: micrel: Use strlcpy() for ethtool::get_strings (bsc#1051510). - net: phy: mscc: read 'vsc8531, edge-slowdown' as an u32 (bsc#1051510). - net: phy: mscc: read 'vsc8531,vddmac' as an u32 (bsc#1051510). - net: phy: xgene: disable clk on error paths (bsc#1051510). - net: phy: xgmiitorgmii: Check phy_driver ready before accessing (bsc#1051510). - net: phy: xgmiitorgmii: Check read_status results (bsc#1051510). - net: phy: xgmiitorgmii: Support generic PHY status read (bsc#1051510). - net: psample: fix skb_over_panic (networking-stable-19_12_03). - net: qlogic: Fix error paths in ql_alloc_large_buffers() (networking-stable-19_12_28). - net: rtnetlink: prevent underflows in do_setvfinfo() (networking-stable-19_11_25). - net: sched: correct flower port blocking (git-fixes). - net: sched: fix `tc -s class show` no bstats on class with nolock subqueues (networking-stable-19_12_03). - net: usb: lan78xx: Fix suspend/resume PHY register access error (networking-stable-19_12_28). - net: usb: lan78xx: limit size of local TSO packets (bsc#1051510). - net: usb: qmi_wwan: add support for DW5821e with eSIM support (networking-stable-19_11_10). - net: usb: qmi_wwan: add support for Foxconn T77W968 LTE modules (networking-stable-19_11_18). - netfilter: nf_queue: enqueue skbs with NULL dst (git-fixes). - new helper: lookup_positive_unlocked() (bsc#1159271). - NFC: fdp: fix incorrect free object (networking-stable-19_11_10). - NFC: pn533: fix bulk-message timeout (bsc#1051510). - NFC: pn544: Adjust indentation in pn544_hci_check_presence (git-fixes). - NFC: st21nfca: fix double free (networking-stable-19_11_10). - nvme: fix the parameter order for nvme_get_log in nvme_get_fw_slot_info (bsc#1163774). - ocfs2: fix panic due to ocfs2_wq is null (bsc#1158644). - ocfs2: fix passing zero to 'PTR_ERR' warning (bsc#1158649). - openvswitch: drop unneeded BUG_ON() in ovs_flow_cmd_build_info() (networking-stable-19_12_03). - openvswitch: remove another BUG_ON() (networking-stable-19_12_03). - openvswitch: support asymmetric conntrack (networking-stable-19_12_16). - orinoco_usb: fix interface sanity check (git-fixes). - PCI/IOV: Fix memory leak in pci_iov_add_virtfn() (git-fixes). - PCI/MSI: Fix incorrect MSI-X masking on resume (bsc#1051510). - PCI/MSI: Return -ENOSPC from pci_alloc_irq_vectors_affinity() (bsc#1051510). - PCI/PTM: Remove spurious 'd' from granularity message (bsc#1051510). - PCI/switchtec: Fix vep_vector_number ioread width (bsc#1051510). - PCI: Add DMA alias quirk for Intel VCA NTB (bsc#1051510). - PCI: Apply Cavium ACS quirk to ThunderX2 and ThunderX3 (bsc#1051510). - PCI: Do not disable bridge BARs when assigning bus resources (bsc#1051510). - PCI: dwc: Fix find_next_bit() usage (bsc#1051510). - PCI: Fix Intel ACS quirk UPDCR register address (bsc#1051510). - PCI: rcar: Fix missing MACCTLR register setting in initialization sequence (bsc#1051510). - PCI: tegra: Enable Relaxed Ordering only for Tegra20 & Tegra30 (git-fixes). - percpu: Separate decrypted varaibles anytime encryption can be enabled (bsc#1114279). - perf/x86/intel: Fix inaccurate period in context switch for auto-reload (bsc#1164315). - phy: qualcomm: Adjust indentation in read_poll_timeout (bsc#1051510). - pinctrl: qcom: ssbi-gpio: fix gpio-hog related boot issues (bsc#1051510). - pinctrl: sh-pfc: r8a7778: Fix duplicate SDSELF_B and SD1_CLK_B (bsc#1051510). - pinctrl: xway: fix gpio-hog related boot issues (bsc#1051510). - pktcdvd: remove warning on attempting to register non-passthrough dev (bsc#1051510). - platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0 (bsc#1051510). - platform/x86: hp-wmi: Fix ACPI errors caused by passing 0 as input size (bsc#1051510). - platform/x86: hp-wmi: Fix ACPI errors caused by too small buffer (bsc#1051510). - platform/x86: hp-wmi: Make buffer for HPWMI_FEATURE2_QUERY 128 bytes (bsc#1051510). - platform/x86: pmc_atom: Add Siemens CONNECT X300 to critclk_systems DMI table (bsc#1051510). - PM / AVS: SmartReflex: NULL check before some freeing functions is not needed (bsc#1051510). - PM / Domains: Deal with multiple states but no governor in genpd (bsc#1051510). - power: supply: ltc2941-battery-gauge: fix use-after-free (bsc#1051510). - powerpc/archrandom: fix arch_get_random_seed_int() (bsc#1065729). - powerpc/irq: fix stack overflow verification (bsc#1065729). - powerpc/livepatch: return -ERRNO values in save_stack_trace_tsk_reliable() (bsc#1071995 bsc#1161875). - powerpc/mm: drop #ifdef CONFIG_MMU in is_ioremap_addr() (bsc#1065729). - powerpc/mm: Remove kvm radix prefetch workaround for Power9 DD2.2 (bsc#1061840). - powerpc/pkeys: remove unused pkey_allows_readwrite (bsc#1065729). - powerpc/powernv: Disable native PCIe port management (bsc#1065729). - powerpc/pseries/hotplug-memory: Change rc variable to bool (bsc#1065729). - powerpc/pseries/lparcfg: Fix display of Maximum Memory (bsc#1162028 ltc#181740). - powerpc/pseries/mobility: notify network peers after migration (bsc#1152631 ltc#181798). - powerpc/pseries/vio: Fix iommu_table use-after-free refcount warning (bsc#1065729). - powerpc/pseries: Advance pfn if section is not present in lmb_is_removable() (bsc#1065729). - powerpc/pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce for DDW (bsc#1065729). - powerpc/pseries: Drop pointless static qualifier in vpa_debugfs_init() (git-fixes). - powerpc/security: Fix debugfs data leak on 32-bit (bsc#1065729). - powerpc/tm: Fix clearing MSR[TS] in current when reclaiming on signal delivery (bsc#1118338 ltc#173734). - powerpc/tools: Do not quote $objdump in scripts (bsc#1065729). - powerpc/xive: Discard ESB load value when interrupt is invalid (bsc#1085030). - powerpc/xive: Skip ioremap() of ESB pages for LSI interrupts (bsc#1085030). - powerpc/xmon: do not access ASDR in VMs (bsc#1065729). - powerpc: Allow 64bit VDSO __kernel_sync_dicache to work across ranges >4GB (bnc#1151927 5.3.17). - powerpc: Allow flush_icache_range to work across ranges >4GB (bnc#1151927 5.3.17). - powerpc: avoid adjusting memory_limit for capture kernel memory reservation (bsc#1140025 ltc#176086). - powerpc: Fix vDSO clock_getres() (bsc#1065729). - powerpc: reserve memory for capture kernel after hugepages init (bsc#1140025 ltc#176086). - ppp: Adjust indentation into ppp_async_input (git-fixes). - prevent active file list thrashing due to refault detection (VM Performance, bsc#1156286). - printk: Export console_printk (bsc#1071995). - pstore/ram: Write new dumps to start of recycled zones (bsc#1051510). - pwm: Clear chip_data in pwm_put() (bsc#1051510). - pwm: clps711x: Fix period calculation (bsc#1051510). - pwm: omap-dmtimer: Remove PWM chip in .remove before making it unfunctional (git-fixes). - pwm: Remove set but not set variable 'pwm' (git-fixes). - pxa168fb: Fix the function used to release some memory in an error (bsc#1114279) - qede: Disable hardware gro when xdp prog is installed (bsc#1086314 bsc#1086313 bsc#1086301 ). - qede: Fix multicast mac configuration (networking-stable-19_12_28). - qede: fix NULL pointer deref in __qede_remove() (networking-stable-19_11_10). - qmi_wwan: Add support for Quectel RM500Q (bsc#1051510). - quota: Check that quota is not dirty before release (bsc#1163858). - quota: fix livelock in dquot_writeback_dquots (bsc#1163857). - r8152: add missing endpoint sanity check (bsc#1051510). - r8152: get default setting of WOL before initializing (bsc#1051510). - random: move FIPS continuous test to output functions (bsc#1155334). - RDMA/bnxt_re: Avoid freeing MR resources if dereg fails (bsc#1050244). - RDMA/hns: Prevent memory leaks of eq->buf_list (bsc#1104427 ). - regulator: Fix return value of _set_load() stub (bsc#1051510). - regulator: rk808: Lower log level on optional GPIOs being not available (bsc#1051510). - regulator: rn5t618: fix module aliases (bsc#1051510). - regulator: tps65910: fix a missing check of return value (bsc#1051510). - reiserfs: Fix memory leak of journal device string (bsc#1163867). - reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling (bsc#1163869). - reset: fix reset_control_ops kerneldoc comment (bsc#1051510). - resource: fix locking in find_next_iomem_res() (bsc#1114279). - rpm/kabi.pl: support new (>=5.4) Module.symvers format (new symbol namespace field) - rpm/kernel-binary.spec.in: Replace Novell with SUSE - rpm/kernel-subpackage-spec: Exclude kernel-firmware recommends (bsc#1143959) For reducing the dependency on kernel-firmware in sub packages - rpm/kernel-subpackage-spec: Fix empty Recommends tag (bsc#1143959) - rpm/kernel-subpackage-spec: fix kernel-default-base build There were some issues with recent changes to subpackage dependencies handling: - rpm/kernel-subpackage-spec: Unify dependency handling. - rpm/modules.fips: update module list (bsc#1157853) - rsi_91x_usb: fix interface sanity check (git-fixes). - rt2800: remove errornous duplicate condition (git-fixes). - rtc: cmos: Stop using shared IRQ (bsc#1051510). - rtc: dt-binding: abx80x: fix resistance scale (bsc#1051510). - rtc: hym8563: Return -EINVAL if the time is known to be invalid (bsc#1051510). - rtc: max8997: Fix the returned value in case of error in 'max8997_rtc_read_alarm()' (bsc#1051510). - rtc: msm6242: Fix reading of 10-hour digit (bsc#1051510). - rtc: pcf8523: set xtal load capacitance from DT (bsc#1051510). - rtc: s35390a: Change buf's type to u8 in s35390a_init (bsc#1051510). - rtl818x: fix potential use after free (bsc#1051510). - rtl8xxxu: fix interface sanity check (git-fixes). - rtlwifi: Fix MAX MPDU of VHT capability (git-fixes). - rtlwifi: Remove redundant semicolon in wifi.h (git-fixes). - s390/ftrace: generate traced function stack frame (jsc#SLE-11178 jsc#SLE-11179). - s390/ftrace: save traced function caller (jsc#SLE-11179). - s390/ftrace: use HAVE_FUNCTION_GRAPH_RET_ADDR_PTR (jsc#SLE-11179). - s390/head64: correct init_task stack setup (jsc#SLE-11179). - s390/kasan: avoid false positives during stack unwind (jsc#SLE-11179). - s390/kasan: avoid report in get_wchan (jsc#SLE-11179). - s390/livepatch: Implement reliable stack tracing for the consistency model (jsc#SLE-11179). - s390/mm: properly clear _PAGE_NOEXEC bit when it is not supported (bsc#1051510). - s390/process: avoid custom stack unwinding in get_wchan (jsc#SLE-11179). - s390/qeth: clean up page frag creation (git-fixes). - s390/qeth: consolidate skb allocation (git-fixes). - s390/qeth: ensure linear access to packet headers (git-fixes). - s390/qeth: guard against runt packets (git-fixes). - s390/stacktrace: use common arch_stack_walk infrastructure (jsc#SLE-11179). - s390/suspend: fix stack setup in swsusp_arch_suspend (jsc#SLE-11179). - s390/test_unwind: print verbose unwinding results (jsc#SLE-11179). - s390/unwind: add stack pointer alignment sanity checks (jsc#SLE-11179). - s390/unwind: always inline get_stack_pointer (jsc#SLE-11179). - s390/unwind: avoid int overflow in outside_of_stack (jsc#SLE-11179). - s390/unwind: cleanup unused READ_ONCE_TASK_STACK (jsc#SLE-11179). - s390/unwind: correct stack switching during unwind (jsc#SLE-11179). - s390/unwind: drop unnecessary code around calling ftrace_graph_ret_addr() (jsc#SLE-11179). - s390/unwind: filter out unreliable bogus %r14 (jsc#SLE-11179). - s390/unwind: fix get_stack_pointer(NULL, NULL) (jsc#SLE-11179). - s390/unwind: fix mixing regs and sp (jsc#SLE-11179). - s390/unwind: introduce stack unwind API (jsc#SLE-11179). - s390/unwind: make reuse_sp default when unwinding pt_regs (jsc#SLE-11179). - s390/unwind: remove stack recursion warning (jsc#SLE-11179). - s390/unwind: report an error if pt_regs are not on stack (jsc#SLE-11179). - s390/unwind: start unwinding from reliable state (jsc#SLE-11179). - s390/unwind: stop gracefully at task pt_regs (jsc#SLE-11179). - s390/unwind: stop gracefully at user mode pt_regs in irq stack (jsc#SLE-11179). - s390/unwind: unify task is current checks (jsc#SLE-11179). - s390: add stack switch helper (jsc#SLE-11179). - s390: add support for virtually mapped kernel stacks (jsc#SLE-11179). - s390: always inline current_stack_pointer() (jsc#SLE-11179). - s390: always inline disabled_wait (jsc#SLE-11179). - s390: avoid misusing CALL_ON_STACK for task stack setup (jsc#SLE-11179). - s390: clean up stacks setup (jsc#SLE-11179). - s390: correct CALL_ON_STACK back_chain saving (jsc#SLE-11179). - s390: disable preemption when switching to nodat stack with CALL_ON_STACK (jsc#SLE-11179). - s390: fine-tune stack switch helper (jsc#SLE-11179). - s390: fix register clobbering in CALL_ON_STACK (jsc#SLE-11179). - s390: kabi workaround for ftrace_ret_stack (jsc#SLE-11179). - s390: kabi workaround for lowcore changes due to vmap stack (jsc#SLE-11179). - s390: kabi workaround for reliable stack tracing (jsc#SLE-11179). - s390: preserve kabi for stack unwind API (jsc#SLE-11179). - s390: unify stack size definitions (jsc#SLE-11179). - sched/fair: Add tmp_alone_branch assertion (bnc#1156462). - sched/fair: Fix insertion in rq->leaf_cfs_rq_list (bnc#1156462). - sched/fair: Fix O(nr_cgroups) in the load balancing path (bnc#1156462). - sched/fair: Optimize update_blocked_averages() (bnc#1156462). - sched/fair: WARN() and refuse to set buddy when !se->on_rq (bsc#1158132). - scsi: qla2xxx: Add a shadow variable to hold disc_state history of fcport (bsc#1158013). - scsi: qla2xxx: Add D-Port Diagnostic reason explanation logs (bsc#1158013). - scsi: qla2xxx: Added support for MPI and PEP regions for ISP28XX (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548). - scsi: qla2xxx: Cleanup unused async_logout_done (bsc#1158013). - scsi: qla2xxx: Consolidate fabric scan (bsc#1158013). - scsi: qla2xxx: Correct fcport flags handling (bsc#1158013). - scsi: qla2xxx: Correctly retrieve and interpret active flash region (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548). - scsi: qla2xxx: Fix a NULL pointer dereference in an error path (bsc#1157966 bsc#1158013 bsc#1157424). - scsi: qla2xxx: Fix fabric scan hang (bsc#1158013). - scsi: qla2xxx: Fix incorrect SFUB length used for Secure Flash Update MB Cmd (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548). - scsi: qla2xxx: Fix mtcp dump collection failure (bsc#1158013). - scsi: qla2xxx: Fix RIDA Format-2 (bsc#1158013). - scsi: qla2xxx: Fix stuck login session using prli_pend_timer (bsc#1158013). - scsi: qla2xxx: Fix stuck session in GNL (bsc#1158013). - scsi: qla2xxx: Fix the endianness of the qla82xx_get_fw_size() return type (bsc#1158013). - scsi: qla2xxx: Fix unbound NVME response length (bsc#1157966 bsc#1158013 bsc#1157424). - scsi: qla2xxx: Fix update_fcport for current_topology (bsc#1158013). - scsi: qla2xxx: Improve readability of the code that handles qla_flt_header (bsc#1158013). - scsi: qla2xxx: Remove defer flag to indicate immeadiate port loss (bsc#1158013). - scsi: qla2xxx: Update driver version to 10.01.00.22-k (bsc#1158013). - scsi: qla2xxx: Use common routine to free fcport struct (bsc#1158013). - scsi: qla2xxx: Use get_unaligned_*() instead of open-coding these functions (bsc#1158013). - scsi: zfcp: trace channel log even for FCP command responses (git-fixes). - sctp: cache netns in sctp_ep_common (networking-stable-19_12_03). - sctp: fully initialize v4 addr in some functions (networking-stable-19_12_28). - serial: 8250_bcm2835aux: Fix line mismatch on driver unbind (bsc#1051510). - serial: ifx6x60: add missed pm_runtime_disable (bsc#1051510). - serial: max310x: Fix tx_empty() callback (bsc#1051510). - serial: pl011: Fix DMA ->flush_buffer() (bsc#1051510). - serial: serial_core: Perform NULL checks for break_ctl ops (bsc#1051510). - serial: stm32: fix transmit_chars when tx is stopped (bsc#1051510). - sfc: Only cancel the PPS workqueue if it exists (networking-stable-19_11_25). - sh_eth: check sh_eth_cpu_data::dual_port when dumping registers (bsc#1051510). - sh_eth: fix dumping ARSTR (bsc#1051510). - sh_eth: fix invalid context bug while calling auto-negotiation by ethtool (bsc#1051510). - sh_eth: fix invalid context bug while changing link options by ethtool (bsc#1051510). - sh_eth: fix TSU init on SH7734/R8A7740 (bsc#1051510). - sh_eth: fix TXALCR1 offsets (bsc#1051510). - sh_eth: TSU_QTAG0/1 registers the same as TSU_QTAGM0/1 (bsc#1051510). - smb3: Fix crash in SMB2_open_init due to uninitialized field in compounding path (bsc#1144333). - smb3: Fix persistent handles reconnect (bsc#1144333). - smb3: fix refcount underflow warning on unmount when no directory leases (bsc#1144333). - smb3: remove confusing dmesg when mounting with encryption ('seal') (bsc#1144333). - soc/tegra: fuse: Correct straps' address for older Tegra124 device trees (bsc#1051510). - soc: renesas: rcar-sysc: Add goto to of_node_put() before return (bsc#1051510). - soc: ti: wkup_m3_ipc: Fix race condition with rproc_boot (bsc#1051510). - spi: omap2-mcspi: Fix DMA and FIFO event trigger size mismatch (bsc#1051510). - spi: omap2-mcspi: Set FIFO DMA trigger level to word length (bsc#1051510). - spi: tegra114: clear packed bit for unpacked mode (bsc#1051510). - spi: tegra114: configure dma burst size to fifo trig level (bsc#1051510). - spi: tegra114: fix for unpacked mode transfers (bsc#1051510). - spi: tegra114: flush fifos (bsc#1051510). - spi: tegra114: terminate dma and reset on transfer timeout (bsc#1051510). - sr_vendor: support Beurer GL50 evo CD-on-a-chip devices (boo#1164632). - stacktrace: Do not skip first entry on noncurrent tasks (jsc#SLE-11179). - stacktrace: Force USER_DS for stack_trace_save_user() (jsc#SLE-11179). - stacktrace: Get rid of unneeded '!!' pattern (jsc#SLE-11179). - stacktrace: Provide common infrastructure (jsc#SLE-11179). - stacktrace: Provide helpers for common stack trace operations (jsc#SLE-11179). - stacktrace: Unbreak stack_trace_save_tsk_reliable() (jsc#SLE-11179). - stacktrace: Use PF_KTHREAD to check for kernel threads (jsc#SLE-11179). - staging: comedi: adv_pci1710: fix AI channels 16-31 for PCI-1713 (bsc#1051510). - staging: iio: adt7316: Fix i2c data reading, set the data field (bsc#1051510). - staging: rtl8188eu: fix interface sanity check (bsc#1051510). - staging: rtl8192e: fix potential use after free (bsc#1051510). - staging: rtl8723bs: Add 024c:0525 to the list of SDIO device-ids (bsc#1051510). - staging: rtl8723bs: Drop ACPI device ids (bsc#1051510). - staging: vt6656: correct packet types for CTS protect, mode (bsc#1051510). - staging: vt6656: Fix false Tx excessive retries reporting (bsc#1051510). - staging: vt6656: use NULLFUCTION stack on mac80211 (bsc#1051510). - staging: wlan-ng: ensure error return is actually returned (bsc#1051510). - stm class: Fix a double free of stm_source_device (bsc#1051510). - stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock (bsc#1088810, bsc#1161702). - stop_machine: Atomically queue and wake stopper threads (bsc#1088810, bsc#1161702). - stop_machine: Disable preemption after queueing stopper threads (bsc#1088810, bsc#1161702). - stop_machine: Disable preemption when waking two stopper threads (bsc#1088810, bsc#1161702). - supported.conf: - synclink_gt(): fix compat_ioctl() (bsc#1051510). - tcp: clear tp->packets_out when purging write queue (bsc#1160560). - tcp: do not send empty skb from tcp_write_xmit() (networking-stable-20_01_01). - tcp: exit if nothing to retransmit on RTO timeout (bsc#1160560, stable 4.14.159). - tcp: md5: fix potential overestimation of TCP option space (networking-stable-19_12_16). - tcp_nv: fix potential integer overflow in tcpnv_acked (bsc#1051510). - thermal: Fix deadlock in thermal thermal_zone_device_check (bsc#1051510). - tipc: Avoid copying bytes beyond the supplied data (bsc#1051510). - tipc: check bearer name with right length in tipc_nl_compat_bearer_enable (bsc#1051510). - tipc: check link name with right length in tipc_nl_compat_link_set (bsc#1051510). - tipc: check msg->req data len in tipc_nl_compat_bearer_disable (bsc#1051510). - tipc: compat: allow tipc commands without arguments (bsc#1051510). - tipc: fix a missing check of genlmsg_put (bsc#1051510). - tipc: fix link name length check (bsc#1051510). - tipc: fix memory leak in tipc_nl_compat_publ_dump (bsc#1051510). - tipc: fix skb may be leaky in tipc_link_input (bsc#1051510). - tipc: fix tipc_mon_delete() oops in tipc_enable_bearer() error path (bsc#1051510). - tipc: fix wrong timeout input for tipc_wait_for_cond() (bsc#1051510). - tipc: handle the err returned from cmd header function (bsc#1051510). - tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb (bsc#1051510). - tipc: tipc clang warning (bsc#1051510). - tracing: Annotate ftrace_graph_hash pointer with __rcu (git-fixes). - tracing: Annotate ftrace_graph_notrace_hash pointer with __rcu (git-fixes). - tracing: Cleanup stack trace code (jsc#SLE-11179). - tracing: Fix tracing_stat return values in error handling paths (git-fixes). - tracing: Fix very unlikely race of registering two stat tracers (git-fixes). - tracing: Have the histogram compare functions convert to u64 first (bsc#1160210). - tracing: xen: Ordered comparison of function pointers (git-fixes). - tty/serial: atmel: Add is_half_duplex helper (bsc#1051510). - tty: n_hdlc: fix build on SPARC (bsc#1051510). - tty: serial: fsl_lpuart: use the sg count from dma_map_sg (bsc#1051510). - tty: serial: imx: use the sg count from dma_map_sg (bsc#1051510). - tty: serial: msm_serial: Fix flow control (bsc#1051510). - tty: serial: msm_serial: Fix lockup for sysrq and oops (bsc#1051510). - tty: serial: pch_uart: correct usage of dma_unmap_sg (bsc#1051510). - tty: vt: keyboard: reject invalid keycodes (bsc#1051510). - uaccess: Add non-pagefault user-space write function (bsc#1083647). - ubifs: Correctly initialize c->min_log_bytes (bsc#1158641). - ubifs: do not trigger assertion on invalid no-key filename (bsc#1163850). - ubifs: Fix deadlock in concurrent bulk-read and writepage (bsc#1163856). - ubifs: Fix FS_IOC_SETFLAGS unexpectedly clearing encrypt flag (bsc#1163855). - ubifs: Limit the number of pages in shrink_liability (bsc#1158643). - ubifs: Reject unsupported ioctl flags explicitly (bsc#1163844). - udp: fix integer overflow while computing available space in sk_rcvbuf (networking-stable-20_01_01). - usb-storage: Disable UAS on JMicron SATA enclosure (bsc#1051510). - usb: adutux: fix interface sanity check (bsc#1051510). - usb: Allow USB device to be warm reset in suspended state (bsc#1051510). - usb: atm: ueagle-atm: add missing endpoint check (bsc#1051510). - usb: chipidea: host: Disable port power only if previously enabled (bsc#1051510). - usb: core: fix check for duplicate endpoints (git-fixes). - usb: core: hub: Improved device recognition on remote wakeup (bsc#1051510). - usb: core: urb: fix URB structure initialization function (bsc#1051510). - usb: documentation: flags on usb-storage versus UAS (bsc#1051510). - usb: dwc3: debugfs: Properly print/set link state for HS (bsc#1051510). - usb: dwc3: do not log probe deferrals; but do log other error codes (bsc#1051510). - usb: dwc3: ep0: Clear started flag on completion (bsc#1051510). - usb: dwc3: turn off VBUS when leaving host mode (bsc#1051510). - usb: EHCI: Do not return -EPIPE when hub is disconnected (git-fixes). - usb: gadget: f_ecm: Use atomic_t to track in-flight request (bsc#1051510). - usb: gadget: f_ncm: Use atomic_t to track in-flight request (bsc#1051510). - usb: gadget: legacy: set max_speed to super-speed (bsc#1051510). - usb: gadget: pch_udc: fix use after free (bsc#1051510). - usb: gadget: u_serial: add missing port entry locking (bsc#1051510). - usb: gadget: Zero ffs_io_data (bsc#1051510). - usb: host: xhci-hub: fix extra endianness conversion (bsc#1051510). - usb: idmouse: fix interface sanity checks (bsc#1051510). - usb: misc: appledisplay: fix backlight update_status return code (bsc#1051510). - usb: mon: Fix a deadlock in usbmon between mmap and read (bsc#1051510). - usb: mtu3: fix dbginfo in qmu_tx_zlp_error_handler (bsc#1051510). - usb: musb: dma: Correct parameter passed to IRQ handler (bsc#1051510). - usb: musb: fix idling for suspend after disconnect interrupt (bsc#1051510). - usb: serial: ch341: handle unbound port at reset_resume (bsc#1051510). - usb: serial: ftdi_sio: add device IDs for U-Blox C099-F9P (bsc#1051510). - usb: serial: io_edgeport: add missing active-port sanity check (bsc#1051510). - usb: serial: io_edgeport: fix epic endpoint lookup (bsc#1051510). - usb: serial: io_edgeport: handle unbound ports on URB completion (bsc#1051510). - usb: serial: io_edgeport: use irqsave() in USB's complete callback (bsc#1051510). - usb: serial: ir-usb: add missing endpoint sanity check (bsc#1051510). - usb: serial: ir-usb: fix IrLAP framing (bsc#1051510). - usb: serial: ir-usb: fix link-speed handling (bsc#1051510). - usb: serial: keyspan: handle unbound ports (bsc#1051510). - usb: serial: opticon: fix control-message timeouts (bsc#1051510). - usb: serial: option: Add support for Quectel RM500Q (bsc#1051510). - usb: serial: option: add support for Quectel RM500Q in QDL mode (git-fixes). - usb: serial: option: add Telit ME910G1 0x110a composition (git-fixes). - usb: serial: option: add ZLP support for 0x1bc7/0x9010 (git-fixes). - usb: serial: quatech2: handle unbound ports (bsc#1051510). - usb: serial: simple: Add Motorola Solutions TETRA MTP3xxx and MTP85xx (bsc#1051510). - usb: serial: suppress driver bind attributes (bsc#1051510). - usb: typec: tcpci: mask event interrupts when remove driver (bsc#1051510). - usb: uas: heed CAPACITY_HEURISTICS (bsc#1051510). - usb: uas: honor flag to avoid CAPACITY16 (bsc#1051510). - usb: xhci: Fix build warning seen with CONFIG_PM=n (bsc#1051510). - usb: xhci: only set D3hot for pci device (bsc#1051510). - usbip: Fix error path of vhci_recv_ret_submit() (git-fixes). - usbip: Fix receive error in vhci-hcd when using scatter-gather (bsc#1051510). - vfs: fix preadv64v2 and pwritev64v2 compat syscalls with offset == -1 (bsc#1051510). - vhost/vsock: accept only packets with the right dst_cid (networking-stable-20_01_01). - video: backlight: Add devres versions of of_find_backlight (bsc#1090888) Taken for 6010831dde5. - video: backlight: Add of_find_backlight helper in backlight.c (bsc#1090888) Taken for 6010831dde5. - vsock/virtio: fix sock refcnt holding during the shutdown (git-fixes). - watchdog: max77620_wdt: fix potential build errors (bsc#1051510). - watchdog: rn5t618_wdt: fix module aliases (bsc#1051510). - watchdog: sama5d4: fix WDD value to be always set to max (bsc#1051510). - watchdog: wdat_wdt: fix get_timeleft call for wdat_wdt (bsc#1162557). - wireless: fix enabling channel 12 for custom regulatory domain (bsc#1051510). - wireless: wext: avoid gcc -O3 warning (bsc#1051510). - workqueue: Fix pwq ref leak in rescuer_thread() (bsc#1160211). - x86/cpu: Update cached HLE state on write to TSX_CTRL_CPUID_CLEAR (bsc#1162619). - x86/intel_rdt: Split resource group removal in two (bsc#1112178). - x86/kgbd: Use NMI_VECTOR not APIC_DM_NMI (bsc#1114279). - x86/mce/AMD: Allow any CPU to initialize the smca_banks array (bsc#1114279). - x86/MCE/AMD: Allow Reserved types to be overwritten in smca_banks (bsc#1114279). - x86/MCE/AMD: Do not use rdmsr_safe_on_cpu() in smca_configure() (bsc#1114279). - x86/mce: Fix possibly incorrect severity calculation on AMD (bsc#1114279). - x86/resctrl: Check monitoring static key in the MBM overflow handler (bsc#1114279). - x86/resctrl: Fix a deadlock due to inaccurate reference (bsc#1112178). - x86/resctrl: Fix an imbalance in domain_remove_cpu() (bsc#1114279). - x86/resctrl: Fix potential memory leak (bsc#1114279). - x86/resctrl: Fix use-after-free due to inaccurate refcount of rdtgroup (bsc#1112178). - x86/resctrl: Fix use-after-free when deleting resource groups (bsc#1114279). - x86/speculation: Fix incorrect MDS/TAA mitigation status (bsc#1114279). - x86/speculation: Fix redundant MDS mitigation message (bsc#1114279). - xen-blkfront: switch kcalloc to kvcalloc for large array allocation (bsc#1160917). - xen/balloon: Support xend-based toolstack take two (bsc#1065600). - xen/blkback: Avoid unmapping unmapped grant pages (bsc#1065600). - xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk (bsc#1065600). - xen: Enable interrupts when calling _cond_resched() (bsc#1065600). - xfrm: Fix transport mode skb control buffer usage (bsc#1161552). - xfs: Fix tail rounding in xfs_alloc_file_space() (bsc#1161087, bsc#1153917). - xfs: Sanity check flags of Q_XQUOTARM call (bsc#1158652). - xhci: Fix memory leak in xhci_add_in_port() (bsc#1051510). - xhci: fix USB3 device initiated resume race with roothub autosuspend (bsc#1051510). - xhci: handle some XHCI_TRUST_TX_LENGTH quirks cases as default behaviour (bsc#1051510). - xhci: Increase STS_HALT timeout in xhci_suspend() (bsc#1051510). - xhci: make sure interrupts are restored to correct state (bsc#1051510). - zd1211rw: fix storage endpoint lookup (git-fixes). Important SUSE bug 1046303 SUSE bug 1050244 SUSE bug 1051510 SUSE bug 1051858 SUSE bug 1061840 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1083647 SUSE bug 1085030 SUSE bug 1086301 SUSE bug 1086313 SUSE bug 1086314 SUSE bug 1088810 SUSE bug 1090888 SUSE bug 1104427 SUSE bug 1105392 SUSE bug 1111666 SUSE bug 1112178 SUSE bug 1112504 SUSE bug 1114279 SUSE bug 1115026 SUSE bug 1118338 SUSE bug 1120853 SUSE bug 1123328 SUSE bug 1127371 SUSE bug 1133021 SUSE bug 1133147 SUSE bug 1134973 SUSE bug 1140025 SUSE bug 1141054 SUSE bug 1142095 SUSE bug 1143959 SUSE bug 1144333 SUSE bug 1146519 SUSE bug 1146544 SUSE bug 1151548 SUSE bug 1151910 SUSE bug 1151927 SUSE bug 1152631 SUSE bug 1153917 SUSE bug 1154243 SUSE bug 1155331 SUSE bug 1155334 SUSE bug 1155689 SUSE bug 1156259 SUSE bug 1156286 SUSE bug 1156462 SUSE bug 1157155 SUSE bug 1157157 SUSE bug 1157169 SUSE bug 1157303 SUSE bug 1157424 SUSE bug 1157692 SUSE bug 1157853 SUSE bug 1157908 SUSE bug 1157966 SUSE bug 1158013 SUSE bug 1158021 SUSE bug 1158026 SUSE bug 1158094 SUSE bug 1158132 SUSE bug 1158381 SUSE bug 1158394 SUSE bug 1158398 SUSE bug 1158407 SUSE bug 1158410 SUSE bug 1158413 SUSE bug 1158417 SUSE bug 1158427 SUSE bug 1158445 SUSE bug 1158533 SUSE bug 1158637 SUSE bug 1158638 SUSE bug 1158639 SUSE bug 1158640 SUSE bug 1158641 SUSE bug 1158643 SUSE bug 1158644 SUSE bug 1158645 SUSE bug 1158646 SUSE bug 1158647 SUSE bug 1158649 SUSE bug 1158651 SUSE bug 1158652 SUSE bug 1158819 SUSE bug 1158823 SUSE bug 1158824 SUSE bug 1158827 SUSE bug 1158834 SUSE bug 1158893 SUSE bug 1158900 SUSE bug 1158903 SUSE bug 1158904 SUSE bug 1158954 SUSE bug 1159024 SUSE bug 1159028 SUSE bug 1159271 SUSE bug 1159297 SUSE bug 1159394 SUSE bug 1159483 SUSE bug 1159484 SUSE bug 1159569 SUSE bug 1159588 SUSE bug 1159841 SUSE bug 1159908 SUSE bug 1159909 SUSE bug 1159910 SUSE bug 1159911 SUSE bug 1159955 SUSE bug 1160195 SUSE bug 1160210 SUSE bug 1160211 SUSE bug 1160218 SUSE bug 1160433 SUSE bug 1160442 SUSE bug 1160476 SUSE bug 1160560 SUSE bug 1160755 SUSE bug 1160756 SUSE bug 1160784 SUSE bug 1160787 SUSE bug 1160802 SUSE bug 1160803 SUSE bug 1160804 SUSE bug 1160917 SUSE bug 1160966 SUSE bug 1160979 SUSE bug 1161087 SUSE bug 1161360 SUSE bug 1161514 SUSE bug 1161518 SUSE bug 1161522 SUSE bug 1161523 SUSE bug 1161549 SUSE bug 1161552 SUSE bug 1161674 SUSE bug 1161702 SUSE bug 1161875 SUSE bug 1161907 SUSE bug 1161931 SUSE bug 1161933 SUSE bug 1161934 SUSE bug 1161935 SUSE bug 1161936 SUSE bug 1161937 SUSE bug 1162028 SUSE bug 1162067 SUSE bug 1162109 SUSE bug 1162139 SUSE bug 1162557 SUSE bug 1162617 SUSE bug 1162618 SUSE bug 1162619 SUSE bug 1162623 SUSE bug 1162928 SUSE bug 1162943 SUSE bug 1163383 SUSE bug 1163384 SUSE bug 1163762 SUSE bug 1163774 SUSE bug 1163836 SUSE bug 1163840 SUSE bug 1163841 SUSE bug 1163842 SUSE bug 1163843 SUSE bug 1163844 SUSE bug 1163845 SUSE bug 1163846 SUSE bug 1163849 SUSE bug 1163850 SUSE bug 1163851 SUSE bug 1163852 SUSE bug 1163853 SUSE bug 1163855 SUSE bug 1163856 SUSE bug 1163857 SUSE bug 1163858 SUSE bug 1163859 SUSE bug 1163860 SUSE bug 1163861 SUSE bug 1163862 SUSE bug 1163863 SUSE bug 1163867 SUSE bug 1163869 SUSE bug 1163880 SUSE bug 1163971 SUSE bug 1164069 SUSE bug 1164098 SUSE bug 1164115 SUSE bug 1164314 SUSE bug 1164315 SUSE bug 1164388 SUSE bug 1164471 SUSE bug 1164632 SUSE bug 1164705 SUSE bug 1164712 SUSE bug 1164727 SUSE bug 1164728 SUSE bug 1164729 SUSE bug 1164730 SUSE bug 1164731 SUSE bug 1164732 SUSE bug 1164733 SUSE bug 1164734 SUSE bug 1164735 CVE-2019-14615 CVE-2019-14896 CVE-2019-14897 CVE-2019-15213 CVE-2019-16994 CVE-2019-18808 CVE-2019-19036 CVE-2019-19045 CVE-2019-19051 CVE-2019-19054 CVE-2019-19066 CVE-2019-19318 CVE-2019-19319 CVE-2019-19332 CVE-2019-19338 CVE-2019-19447 CVE-2019-19523 CVE-2019-19524 CVE-2019-19525 CVE-2019-19526 CVE-2019-19527 CVE-2019-19528 CVE-2019-19529 CVE-2019-19530 CVE-2019-19531 CVE-2019-19532 CVE-2019-19533 CVE-2019-19534 CVE-2019-19535 CVE-2019-19536 CVE-2019-19537 CVE-2019-19543 CVE-2019-19767 CVE-2019-19965 CVE-2019-19966 CVE-2019-20054 CVE-2019-20095 CVE-2019-20096 CVE-2020-2732 CVE-2020-7053 CVE-2020-8428 CVE-2020-8648 CVE-2020-8992 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 This update for samba fixes the following issues: - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677). - Avoid free'ing our own pointer in memcache when memcache_trim attempts to reduce cache size (bsc#1179156). - Adjust smbcacls '--propagate-inheritance' feature to align with upstream (bsc#1178469). Important SUSE bug 1178469 SUSE bug 1179156 SUSE bug 1184677 CVE-2021-20254 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bnc#1184509). - CVE-2021-29650: Fixed an issue inside the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208). - CVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations (bnc#1184942). - CVE-2020-36310: Fixed an issue in arch/x86/kvm/svm/svm.c that allowed a set_memory_region_test infinite loop for certain nested page faults (bnc#1184512). - CVE-2020-27673: Fixed an issue in Xen where a guest OS users could have caused a denial of service (host OS hang) via a high rate of events to dom0 (bnc#1177411, bnc#1184583). - CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bnc#1184391). - CVE-2020-25673: Fixed NFC endless loops caused by repeated llcp_sock_connect() (bsc#1178181). - CVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect() (bsc#1178181). - CVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect() (bsc#1178181). - CVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind() (bsc#1178181). - CVE-2020-36311: Fixed an issue in arch/x86/kvm/svm/sev.c that allowed attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions) (bnc#1184511). - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a 'stall on CPU' could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211). - CVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211). - CVE-2021-30002: Fixed a memory leak issue when a webcam device exists (bnc#1184120). - CVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl() (bsc#1184393). - CVE-2021-20219: Fixed a denial of service vulnerability in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could have delayed the loop and cause a threat to the system availability (bnc#1184397). - CVE-2021-28964: Fixed a race condition in fs/btrfs/ctree.c that could have caused a denial of service because of a lack of locking on an extent buffer before a cloning operation (bnc#1184193). - CVE-2021-3444: Fixed the bpf verifier as it did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution (bnc#1184170). - CVE-2021-28971: Fixed a potential local denial of service in intel_pmu_drain_pebs_nhm where userspace applications can cause a system crash because the PEBS status in a PEBS record is mishandled (bnc#1184196). - CVE-2021-28688: Fixed XSA-365 that includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains (bnc#1183646). - CVE-2021-29265: Fixed an issue in usbip_sockfd_store in drivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status (bnc#1184167). - CVE-2021-29264: Fixed an issue in drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver that allowed attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled (bnc#1184168). - CVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c where the RPA PCI Hotplug driver had a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination (bnc#1184198). - CVE-2021-29647: Fixed an issue in kernel qrtr_recvmsg in net/qrtr/qrtr.c that allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bnc#1184192). - CVE-2020-27171: Fixed an issue in kernel/bpf/verifier.c that had an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bnc#1183686, bnc#1183775). - CVE-2020-27170: Fixed an issue in kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. This affects pointer types that do not define a ptr_limit (bnc#1183686 bnc#1183775). - CVE-2021-28660: Fixed rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing beyond the end of the ssid array (bnc#1183593). - CVE-2020-35519: Update patch reference for x25 fix (bsc#1183696). - CVE-2021-3428: Fixed ext4 integer overflow in ext4_es_cache_extent (bsc#1173485, bsc#1183509). - CVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where a possible use after free due to improper locking could have happened. This could have led to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176720). - CVE-2021-28038: Fixed an issue with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931 (bnc#1183022, bnc#1183069). - CVE-2020-27815: Fixed jfs array index bounds check in dbAdjTree (bsc#1179454). - CVE-2021-27365: Fixed an issue inside the iSCSI data structures that does not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bnc#1182715). - CVE-2021-27363: Fixed an issue with a kernel pointer leak that could have been used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables (bnc#1182716). - CVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c where an unprivileged user can craft Netlink messages (bnc#1182717). The following non-security bugs were fixed: - Revert 'rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514)' This turned out to be a bad idea: the kernel-$flavor-devel package must be usable without kernel-$flavor, e.g. at the build of a KMP. And this change brought superfluous installation of kernel-preempt when a system had kernel-syms (bsc#1185113). - Xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367). - bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775). - bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775). - coredump: fix crash when umh is disabled (bsc#1177753, bsc#1182194). - dm: fix redundant IO accounting for bios that need splitting (bsc#1183738). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - handle also the opposite type of race condition - hv: clear ring_buffer pointer during cleanup (part of ae6935ed) (bsc#1181032). - hv_netvsc: remove ndo_poll_controller (bsc#1185248). - ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922). - ibmvnic: Clear failover_pending if unable to schedule (bsc#1181960 ltc#190997). - ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140). - ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: continue fatal error reset after passive init (bsc#1171078 ltc#184239 git-fixes). - ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098 git-fixes). - ibmvnic: enhance resetting status check during module exit (bsc#1065729). - ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues (bsc#1040855 ltc#155067 git-fixes). - ibmvnic: fix a race between open and reset (bsc#1176855 ltc#187293). - ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432 git-fixes). - macros.kernel-source: Use spec_install_pre for certificate installation (boo#1182672). - post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388). - powerpc/vnic: Extend 'failover pending' window (bsc#1176855 ltc#187293). - rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063). - rpm/kernel-subpackage-build: Workaround broken bot (https://github.com/openSUSE/openSUSE-release-tools/issues/2439) - rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244) - rpm/mkspec: Use tilde instead of dot for version string with rc (bsc#1184650) - xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367). Important SUSE bug 1040855 SUSE bug 1044767 SUSE bug 1047233 SUSE bug 1065729 SUSE bug 1094840 SUSE bug 1152457 SUSE bug 1171078 SUSE bug 1173485 SUSE bug 1175873 SUSE bug 1176700 SUSE bug 1176720 SUSE bug 1176855 SUSE bug 1177411 SUSE bug 1177753 SUSE bug 1178181 SUSE bug 1179454 SUSE bug 1181032 SUSE bug 1181960 SUSE bug 1182194 SUSE bug 1182672 SUSE bug 1182715 SUSE bug 1182716 SUSE bug 1182717 SUSE bug 1183022 SUSE bug 1183063 SUSE bug 1183069 SUSE bug 1183509 SUSE bug 1183593 SUSE bug 1183646 SUSE bug 1183686 SUSE bug 1183696 SUSE bug 1183738 SUSE bug 1183775 SUSE bug 1184120 SUSE bug 1184167 SUSE bug 1184168 SUSE bug 1184170 SUSE bug 1184192 SUSE bug 1184193 SUSE bug 1184194 SUSE bug 1184196 SUSE bug 1184198 SUSE bug 1184208 SUSE bug 1184211 SUSE bug 1184388 SUSE bug 1184391 SUSE bug 1184393 SUSE bug 1184397 SUSE bug 1184509 SUSE bug 1184511 SUSE bug 1184512 SUSE bug 1184514 SUSE bug 1184583 SUSE bug 1184650 SUSE bug 1184942 SUSE bug 1185113 SUSE bug 1185244 SUSE bug 1185248 CVE-2020-0433 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-27170 CVE-2020-27171 CVE-2020-27673 CVE-2020-27815 CVE-2020-35519 CVE-2020-36310 CVE-2020-36311 CVE-2020-36312 CVE-2020-36322 CVE-2021-20219 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28660 CVE-2021-28688 CVE-2021-28950 CVE-2021-28964 CVE-2021-28971 CVE-2021-28972 CVE-2021-29154 CVE-2021-29155 CVE-2021-29264 CVE-2021-29265 CVE-2021-29647 CVE-2021-29650 CVE-2021-30002 CVE-2021-3428 CVE-2021-3444 CVE-2021-3483 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 This update for graphviz fixes the following issues: - CVE-2020-18032: Fixed possible remote code execution via buffer overflow (bsc#1185833). Critical SUSE bug 1185833 CVE-2020-18032 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bounds reads and writes in kernel memory (bsc#1186484). - CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values. (bsc#1186111) - CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. (bnc#1186062) - CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local attackers to elevate their privileges. (bnc#1186060) - CVE-2021-23133: Fixed a race condition in SCTP sockets, which could lead to privilege escalation from the context of a network service or an unprivileged process. (bnc#1184675) - CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This vulnerability is related to the PROVIDE_BUFFERS operation, which allowed the MAX_RW_COUNT limit to be bypassed (bsc#1185642). - CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611). - CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances this can be abused to inject arbitrary network packets and/or exfiltrate user data (bnc#1185859). - CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed (bnc#1185859 bnc#1185862). - CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments, even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used (bnc#1185859). - CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (bnc#1185860) - CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H, where the Message Integrity Check (authenticity) of fragmented TKIP frames was not verified. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. (bnc#1185987) The following non-security bugs were fixed: - Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185724). - Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185724). - af_packet: fix the tx skb protocol in raw sockets with ETH_P_ALL (bsc#1176081). - ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938 ltc#192043). - ibmvfc: Handle move login failure (bsc#1185938 ltc#192043). - ibmvfc: Reinit target retries (bsc#1185938 ltc#192043). - kABI: Fix kABI after modifying struct __call_single_data (bsc#1180846). - kabi: preserve struct header_ops after bsc#1176081 fix (bsc#1176081). - kernel/smp: Provide CSD lock timeout diagnostics (bsc#1180846). - kernel/smp: add boot parameter for controlling CSD lock debugging (bsc#1180846). - kernel/smp: add more data to CSD lock debugging (bsc#1180846). - kernel/smp: make csdlock timeout depend on boot parameter (bsc#1180846). - kernel/smp: prepare more CSD lock debugging (bsc#1180846). - md/raid1: properly indicate failure when ending a failed write request (bsc#1185680). - net/ethernet: Add parse_protocol header_ops support (bsc#1176081). - net/mlx5e: Remove the wrong assumption about transport offset (bsc#1176081). - net/mlx5e: Trust kernel regarding transport offset (bsc#1176081). - net/packet: Ask driver for protocol if not provided by user (bsc#1176081). - net/packet: Remove redundant skb->protocol set (bsc#1176081). - net: Do not set transport offset to invalid value (bsc#1176081). - net: Introduce parse_protocol header_ops callback (bsc#1176081). - netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947 bsc#1185950). - netfilter: conntrack: avoid misleading 'invalid' in log message (bsc#1183947 bsc#1185950). - netfilter: conntrack: improve RST handling when tuple is re-used (bsc#1183947 bsc#1185950). - netfilter: conntrack: tcp: only close if RST matches exact sequence (bsc#1183947 bsc#1185950). - s390/entry: save the caller of psw_idle (bsc#1185677). - smp: Add source and destination CPUs to __call_single_data (bsc#1180846). - video: hyperv_fb: Add ratelimit on error message (bsc#1185724). Important SUSE bug 1176081 SUSE bug 1180846 SUSE bug 1183947 SUSE bug 1184611 SUSE bug 1184675 SUSE bug 1185642 SUSE bug 1185677 SUSE bug 1185680 SUSE bug 1185724 SUSE bug 1185859 SUSE bug 1185860 SUSE bug 1185862 SUSE bug 1185863 SUSE bug 1185898 SUSE bug 1185899 SUSE bug 1185901 SUSE bug 1185938 SUSE bug 1185950 SUSE bug 1185987 SUSE bug 1186060 SUSE bug 1186061 SUSE bug 1186062 SUSE bug 1186111 SUSE bug 1186285 SUSE bug 1186390 SUSE bug 1186484 SUSE bug 1186498 CVE-2020-24586 CVE-2020-24587 CVE-2020-26139 CVE-2020-26141 CVE-2020-26145 CVE-2020-26147 CVE-2021-23133 CVE-2021-23134 CVE-2021-32399 CVE-2021-33034 CVE-2021-33200 CVE-2021-3491 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 This update for hawk2 fixes the following issues: hawk2 was updated to version 2.5. Security issue fixed: - Fixed another possible code execution vulnerability in the controller code (bsc#1179998). Critical SUSE bug 1179998 CVE-2020-35458 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 This update for csync2 fixes the following issues: - CVE-2019-15522: Fixed an issue where daemon fails to enforce TLS (bsc#1147137) - CVE-2019-15523: Fixed an incorrect TLS handshake error handling (bsc#1147139) Moderate SUSE bug 1147137 SUSE bug 1147139 CVE-2019-15522 CVE-2019-15523 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-22555: A heap out-of-bounds write was discovered in net/netfilter/x_tables.c (bnc#1188116). - CVE-2021-33909: Extremely large seq buffer allocations in seq_file could lead to buffer underruns and code execution (bsc#1188062). - CVE-2021-3609: A use-after-free in can/bcm could have led to privilege escalation (bsc#1187215). - CVE-2021-33624: In kernel/bpf/verifier.c a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db (bnc#1187554). - CVE-2021-0605: In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation (bnc#1187601). - CVE-2021-0512: In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1187595). - CVE-2020-26558: Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time (bnc#1179610 bnc#1186463). - CVE-2021-34693: net/can/bcm.c allowed local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized (bnc#1187452). - CVE-2020-36385: An issue was discovered in drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c (bnc#1187050). - CVE-2021-0129: Improper access control in BlueZ may have allowed an authenticated user to potentially enable information disclosure via adjacent access (bnc#1186463). - CVE-2020-36386: An issue was discovered net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf (bnc#1187038). - CVE-2020-24588: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets (bnc#1185861). - CVE-2021-33200: kernel/bpf/verifier.c enforced incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit (bnc#1186484). The following non-security bugs were fixed: - block: do not use blocking queue entered for recursive bio (bsc#1104967). - s390/stack: fix possible register corruption with stack switch helper (git-fixes). - scsi: scsi_dh_alua: Retry RTPG on a different path after failure (bsc#1174978 bsc#1185701). Important SUSE bug 1104967 SUSE bug 1174978 SUSE bug 1179610 SUSE bug 1185701 SUSE bug 1185861 SUSE bug 1186463 SUSE bug 1186484 SUSE bug 1187038 SUSE bug 1187050 SUSE bug 1187215 SUSE bug 1187452 SUSE bug 1187554 SUSE bug 1187595 SUSE bug 1187601 SUSE bug 1187934 SUSE bug 1188062 SUSE bug 1188116 CVE-2020-24588 CVE-2020-26558 CVE-2020-36385 CVE-2020-36386 CVE-2021-0129 CVE-2021-0512 CVE-2021-0605 CVE-2021-22555 CVE-2021-33200 CVE-2021-33624 CVE-2021-33909 CVE-2021-34693 CVE-2021-3609 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 This update for crmsh fixes the following issues: - CVE-2020-35459: Fixed usage of utils.mkdirp instead of system mkdir command (bsc#1179999). - Fixed usage to collect ra trace files (bsc#1189641). Important SUSE bug 1179999 SUSE bug 1189641 CVE-2020-35459 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973). - CVE-2017-7244: Fixed invalid read in _pcre32_xclass() (bsc#1030807). - CVE-2017-7245: Fixed buffer overflow in the pcre32_copy_substring (bsc#1030805). - CVE-2017-7246: Fixed another buffer overflow in the pcre32_copy_substring (bsc#1030803). - CVE-2017-7186: Fixed denial of service caused by an invalid Unicode property lookup (bsc#1030066). - CVE-2017-6004: Fixed denial of service via crafted regular expression (bsc#1025709). Moderate SUSE bug 1025709 SUSE bug 1030066 SUSE bug 1030803 SUSE bug 1030805 SUSE bug 1030807 SUSE bug 1172973 SUSE bug 1172974 CVE-2017-6004 CVE-2017-7186 CVE-2017-7244 CVE-2017-7245 CVE-2017-7246 CVE-2019-20838 CVE-2020-14155 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 This update for samba fixes the following issues: - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos (bsc#1014440). - CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members (bsc#1192284). Important SUSE bug 1014440 SUSE bug 1192284 CVE-2016-2124 CVE-2020-25717 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) The following security bugs were fixed: - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045). - CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) - CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails. (bsc#1191961) - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563). - CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349). - CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063). - CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479). - CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317). - CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access (bsc#1191315). - CVE-2021-37159: Fixed use-after-free and a double free inside hso_free_net_device in drivers/net/usb/hso.c when unregister_netdev is called without checking for the NETREG_REGISTERED state (bnc#1188601). - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193) - CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023) - CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159) - CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884) - CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534) - CVE-2021-3772: Fixed a remote denial of service in the SCTP stack, if the attacker can spoof IP addresses and knows the IP-addresses and port numbers being used (bnc#1190351). - CVE-2018-9517: Fixed possible memory corruption due to a use after free in pppol2tp_connect (bsc#1108488). - CVE-2019-3874: Fixed possible denial of service attack via SCTP socket buffer used by a userspace applications (bnc#1129898). - CVE-2019-3900: Fixed an infinite loop issue while handling incoming packets in handle_rx() (bnc#1133374). - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172). - CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399). - CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400). - CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057). - CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706). - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). - CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115). - CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) - CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262). - CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291). - CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983). - CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985). - CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases (bsc#1171420). - CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876). - CVE-2021-22543: Fixed improper handling of VM_IO|VM_PFNMAP vmas in KVM, which could bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allowed users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation (bsc#1186482). - CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM guest OS user could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). - CVE-2020-0429: In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. (bsc#1176724). The following non-security bugs were fixed: - Add arch-dependent support markers in supported.conf (bsc#1186672) - Add the support for kernel-FLAVOR-optional subpackage (jsc#SLE-11796) - NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628). - PCI: hv: Use expected affinity when unmasking IRQ (bsc#1185973). - Use /usr/lib/modules as module dir when usermerge is active in the target distro. - UsrMerge the kernel (boo#1184804) - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22913) - bpf: Disallow unprivileged bpf by default (jsc#SLE-22913). - cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (bsc#1185758,bsc#1192400). - drm: fix spectre issue in vmw_execbuf_ioctl (bsc#1192802). - drop debugging statements - ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267). - gigaset: fix spectre issue in do_data_b3_req (bsc#1192802). - handle also race conditions in /proc/net/tcp code - hisax: fix spectre issues (bsc#1192802). - hv: adjust mana_select_queue to old ndo_select_queue API - hv: mana: adjust mana_select_queue to old API (jsc#SLE-18779, bsc#1185727). - hv: mana: fake bitmap API (jsc#SLE-18779, bsc#1185726). - hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185727). - hysdn: fix spectre issue in hycapi_send_message (bsc#1192802). - infiniband: fix spectre issue in ib_uverbs_write (bsc#1192802). - ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115). - iwlwifi: fix spectre issue in iwl_dbgfs_update_pm (bsc#1192802). - media: dvb_ca_en50221: prevent using slot_info for Spectre attacs (bsc#1192802). - media: dvb_ca_en50221: sanity check slot number from userspace (bsc#1192802). - media: wl128x: get rid of a potential spectre issue (bsc#1192802). - memcg: enable accounting for file lock caches (bsc#1190115). - mm: vmscan: scan anonymous pages on file refaults (VM Performance, bsc#1183050). - mpt3sas: fix spectre issues (bsc#1192802). - net/mlx4_en: Avoid scheduling restart task if it is already running (bsc#1181854 bsc#1181855). - net/mlx4_en: Handle TX error CQE (bsc#1181854 bsc#1181855). - net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185727). - net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185727). - net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185727). - net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185727). - net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191801). - net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185727). - net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185727). - net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185727). - net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185727). - net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185727). - net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185727). - net: sched: sch_teql: fix null-pointer dereference (bsc#1190717). - net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd() (bsc#1192802). - net_sched: cls_route: remove the right filter from hashtable (networking-stable-20_03_28). - objtool: Do not fail on missing symbol table (bsc#1192379). - osst: fix spectre issue in osst_verify_frame (bsc#1192802). - ovl: check whiteout in ovl_create_over_whiteout() (bsc#1189846). - ovl: filter of trusted xattr results in audit (bsc#1189846). - ovl: fix dentry leak in ovl_get_redirect (bsc#1189846). - ovl: initialize error in ovl_copy_xattr (bsc#1189846). - ovl: relax WARN_ON() on rename to self (bsc#1189846). - s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (bsc#1190601). - s390/bpf: Fix branch shortening during codegen pass (bsc#1190601). - s390/bpf: Fix optimizing out zero-extensions (bsc#1190601). - s390/bpf: Wrap JIT macro parameter usages in parentheses (bsc#1190601). - s390/unwind: use current_frame_address() to unwind current task (bsc#1185677). - s390/vtime: fix increased steal time accounting (bsc#1183861). - s390: bpf: implement jitting of BPF_ALU | BPF_ARSH | BPF_* (bsc#1190601). - scripts/git_sort/git_sort.py: add bpf git repo - sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351). - sctp: fully initialize v4 addr in some functions (bsc#1188563). - sysvipc/sem: mitigate semnum index against spectre v1 (bsc#1192802). - x86/CPU: Add more Icelake model numbers (bsc#1185758,bsc#1192400). - x86/debug: Extend the lower bound of crash kernel low reservations (bsc#1153720). - xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377). Important SUSE bug 1087082 SUSE bug 1100416 SUSE bug 1108488 SUSE bug 1129735 SUSE bug 1129898 SUSE bug 1133374 SUSE bug 1153720 SUSE bug 1171420 SUSE bug 1176724 SUSE bug 1176931 SUSE bug 1180624 SUSE bug 1181854 SUSE bug 1181855 SUSE bug 1183050 SUSE bug 1183861 SUSE bug 1184673 SUSE bug 1184804 SUSE bug 1185377 SUSE bug 1185677 SUSE bug 1185726 SUSE bug 1185727 SUSE bug 1185758 SUSE bug 1185973 SUSE bug 1186063 SUSE bug 1186482 SUSE bug 1186483 SUSE bug 1186672 SUSE bug 1188026 SUSE bug 1188172 SUSE bug 1188563 SUSE bug 1188601 SUSE bug 1188613 SUSE bug 1188838 SUSE bug 1188842 SUSE bug 1188876 SUSE bug 1188983 SUSE bug 1188985 SUSE bug 1189057 SUSE bug 1189262 SUSE bug 1189278 SUSE bug 1189291 SUSE bug 1189399 SUSE bug 1189400 SUSE bug 1189418 SUSE bug 1189420 SUSE bug 1189706 SUSE bug 1189846 SUSE bug 1189884 SUSE bug 1190023 SUSE bug 1190025 SUSE bug 1190067 SUSE bug 1190115 SUSE bug 1190117 SUSE bug 1190118 SUSE bug 1190159 SUSE bug 1190276 SUSE bug 1190349 SUSE bug 1190350 SUSE bug 1190351 SUSE bug 1190432 SUSE bug 1190479 SUSE bug 1190534 SUSE bug 1190601 SUSE bug 1190717 SUSE bug 1191193 SUSE bug 1191315 SUSE bug 1191317 SUSE bug 1191318 SUSE bug 1191529 SUSE bug 1191530 SUSE bug 1191628 SUSE bug 1191660 SUSE bug 1191790 SUSE bug 1191801 SUSE bug 1191813 SUSE bug 1191961 SUSE bug 1192036 SUSE bug 1192045 SUSE bug 1192048 SUSE bug 1192267 SUSE bug 1192379 SUSE bug 1192400 SUSE bug 1192444 SUSE bug 1192549 SUSE bug 1192775 SUSE bug 1192781 SUSE bug 1192802 CVE-2018-13405 CVE-2018-9517 CVE-2019-3874 CVE-2019-3900 CVE-2020-0429 CVE-2020-12770 CVE-2020-3702 CVE-2021-0941 CVE-2021-20322 CVE-2021-22543 CVE-2021-31916 CVE-2021-34556 CVE-2021-34981 CVE-2021-3542 CVE-2021-35477 CVE-2021-3640 CVE-2021-3653 CVE-2021-3655 CVE-2021-3656 CVE-2021-3659 CVE-2021-3679 CVE-2021-3715 CVE-2021-37159 CVE-2021-3732 CVE-2021-3744 CVE-2021-3752 CVE-2021-3753 CVE-2021-37576 CVE-2021-3759 CVE-2021-3760 CVE-2021-3764 CVE-2021-3772 CVE-2021-38160 CVE-2021-38198 CVE-2021-38204 CVE-2021-40490 CVE-2021-41864 CVE-2021-42008 CVE-2021-42252 CVE-2021-42739 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3348: Fixed a use-after-free in nbd_add_socket() that could be triggered by local attackers (with access to the nbd device) via an I/O request (bnc#1181504). - CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349). - CVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found, specifically in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878). - CVE-2020-25211: Fixed a buffer overflow in ctnetlink_parse_tuple_filter() which could be triggered by a local attackers by injecting conntrack netlink configuration (bnc#1176395). - CVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl (bnc#1176846). - CVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509). - CVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508). - CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031). - CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666). - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141). - CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086). - CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107). - CVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601). - CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960). - CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745). - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589). - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886). - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182). - CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140). - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559). - CVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372). - CVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed (bsc#1179663). The following non-security bugs were fixed: - blk-mq: improve heavily contended tag case (bsc#1178198). - debugfs_lookup(): switch to lookup_one_len_unlocked() (bsc#1171979). - epoll: Keep a reference on files added to the check list (bsc#1180031). - fix regression in 'epoll: Keep a reference on files added to the check list' (bsc#1180031, git-fixes). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032). - futex: Ensure the correct return value from futex_lock_pi() (bsc#1181349 bsc#1149032). - futex: Fix incorrect should_fail_futex() handling (bsc#1181349). - futex: Handle faults correctly for PI futexes (bsc#1181349 bsc#1149032). - futex: Provide and use pi_state_update_owner() (bsc#1181349 bsc#1149032). - futex: Replace pointless printk in fixup_owner() (bsc#1181349 bsc#1149032). - futex: Simplify fixup_pi_state_owner() (bsc#1181349 bsc#1149032). - futex: Use pi_state_update_owner() in put_pi_state() (bsc#1181349 bsc#1149032). - HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052). - iommu/vt-d: Do not dereference iommu_device if IOMMU_API is not built (bsc#1181001, jsc#ECO-3191). - iommu/vt-d: Gracefully handle DMAR units with no supported address widths (bsc#1181001, jsc#ECO-3191). - kABI: Fix kABI for extended APIC-ID support (bsc#1181001, jsc#ECO-3191). - locking/futex: Allow low-level atomic operations to return -EAGAIN (bsc#1149032). - md/bitmap: fix memory leak of temporary bitmap (bsc#1163727). - md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727). - md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727). - md/cluster: block reshape with remote resync job (bsc#1163727). - md/cluster: fix deadlock when node is doing resync job (bsc#1163727). - md-cluster: Fix potential error pointer dereference in resize_bitmaps() (bsc#1163727). - md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc#1163727). - md-cluster: fix safemode_delay value when converting to clustered bitmap (bsc#1163727). - md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727). - Move upstreamed bt fixes into sorted section - nbd: Fix memory leak in nbd_add_socket (bsc#1181504). - net/x25: prevent a couple of overflows (bsc#1178590). - NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304). - rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (bsc#1181349 bsc#1149032). - s390/dasd: fix hanging device offline processing (bsc#1144912). - scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#188304). - scsi: ibmvfc: Use compiler attribute defines instead of __attribute__() (bsc#1176962 ltc#188304). - SUNRPC: cache: ignore timestamp written to 'flush' file (bsc#1178036). - x86/apic: Fix x2apic enablement without interrupt remapping (bsc#1181001, jsc#ECO-3191). - x86/apic: Support 15 bits of APIC ID in IOAPIC/MSI where available (bsc#1181001, jsc#ECO-3191). - x86/ioapic: Handle Extended Destination ID field in RTE (bsc#1181001, jsc#ECO-3191). - x86/kvm: Add KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191). - x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191). - x86/msi: Only use high bits of MSI address for DMAR unit (bsc#1181001, jsc#ECO-3191). - x86/tracing: Introduce a static key for exception tracing (bsc#1179895). - x86/traps: Simplify pagefault tracing logic (bsc#1179895). - xfrm: Fix memleak on xfrm state destroy (bsc#1158775). Important SUSE bug 1144912 SUSE bug 1149032 SUSE bug 1158775 SUSE bug 1163727 SUSE bug 1171979 SUSE bug 1176395 SUSE bug 1176846 SUSE bug 1176962 SUSE bug 1177304 SUSE bug 1177666 SUSE bug 1178036 SUSE bug 1178182 SUSE bug 1178198 SUSE bug 1178372 SUSE bug 1178589 SUSE bug 1178590 SUSE bug 1178684 SUSE bug 1178886 SUSE bug 1179107 SUSE bug 1179140 SUSE bug 1179141 SUSE bug 1179419 SUSE bug 1179429 SUSE bug 1179508 SUSE bug 1179509 SUSE bug 1179601 SUSE bug 1179616 SUSE bug 1179663 SUSE bug 1179666 SUSE bug 1179745 SUSE bug 1179877 SUSE bug 1179878 SUSE bug 1179895 SUSE bug 1179960 SUSE bug 1179961 SUSE bug 1180008 SUSE bug 1180027 SUSE bug 1180028 SUSE bug 1180029 SUSE bug 1180030 SUSE bug 1180031 SUSE bug 1180032 SUSE bug 1180052 SUSE bug 1180086 SUSE bug 1180559 SUSE bug 1180562 SUSE bug 1180676 SUSE bug 1181001 SUSE bug 1181158 SUSE bug 1181349 SUSE bug 1181504 SUSE bug 1181553 SUSE bug 1181645 CVE-2019-20934 CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-15436 CVE-2020-15437 CVE-2020-25211 CVE-2020-25639 CVE-2020-25669 CVE-2020-27068 CVE-2020-27777 CVE-2020-27786 CVE-2020-27825 CVE-2020-27835 CVE-2020-28374 CVE-2020-28915 CVE-2020-28974 CVE-2020-29371 CVE-2020-29568 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2020-4788 CVE-2021-3347 CVE-2021-3348 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 This update for csync2 fixes the following issues: - Fixed an issue where TLS keys were generated wrongly during installation (bsc#1145032) Low SUSE bug 1145032 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 This update for crmsh fixes the following issues: - Update to version 4.1.0+git.1614156984.f4f5e146: * Fix: hb_report: walk through hb_report process under hacluster(CVE-2020-35459, bsc#1179999; CVE-2021-3020, bsc#1180571) * Fix: bootstrap: setup authorized ssh access for hacluster(CVE-2020-35459, bsc#1179999; CVE-2021-3020, bsc#1180571) * Dev: utils: change default file mod as 644 for str2file function * Dev: lock: give more specific error message when raise ClaimLockError * Dev: hb_report: Detect if any ocfs2 partitions exist * Fix: hb_report: run lsof with specific ocfs2 device(bsc#1180688) * Dev: corosync: change the permission of corosync.conf to 644 * Fix: bootstrap: Use class Watchdog to simplify watchdog config(bsc#1154927, bsc#1178869) * Fix: bootstrap: make sure sbd device UUID was the same between nodes(bsc#1178454) Important SUSE bug 1154927 SUSE bug 1178454 SUSE bug 1178869 SUSE bug 1179999 SUSE bug 1180571 SUSE bug 1180688 CVE-2020-35459 CVE-2021-3020 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843). - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753). - CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747). by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372). - CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428). The following non-security bugs were fixed: - cifs: check all path components in resolved dfs target (bsc#1180906). - cifs: fix check of tcon dfs in smb1 (bsc#1180906). - cifs: fix nodfs mount option (bsc#1180906). - cifs: introduce helper for finding referral server (bsc#1180906). - kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082) - kernel-binary.spec: Add back initrd and image symlink ghosts to filelist (bsc#1182140). Fixes: 76a9256314c3 ('rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082).') - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). RPM_BUILD_ROOT is cleared before %%install. Do the unpack into RPM_BUILD_ROOT in %%install - rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014) - rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014) %split_extra still contained two. - rpm/kernel-binary.spec.in: Fix compressed module handling for in-tree KMP (jsc#SLE-10886) - rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045) egrep is only a deprecated bash wrapper for 'grep -E'. So use the latter instead. - rpm/kernel-module-subpackage: make Group tag optional (bsc#1163592) - rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls (bsc#1178401) - rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082). - rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit kernel due to various bugs (bsc#1178762 to name one). There is: ExportFilter: ^kernel-obs-build.*\.x86_64.rpm$ . i586 in Factory's prjconf now. No other actively maintained distro (i.e. merging packaging branch) builds a x86_32 kernel, hence pushing to packaging directly. - rpm/post.sh: Avoid purge-kernel for the first installed kernel (bsc#1180058) - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section - scsi: fc: add FPIN ELS definition (bsc#1181441). - scsi/fc: kABI fixes for new ELS_FPIN definition (bsc#1181441) - scsi: fc: Update Descriptor definition and add RDF and Link Integrity FPINs (bsc#1181441). - scsi: Fix trivial spelling (bsc#1181441). - scsi: qla2xxx: Add IOCB resource tracking (bsc#1181441). - scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1181441). - scsi: qla2xxx: Address a set of sparse warnings (bsc#1181441). - scsi: qla2xxx: Add rport fields in debugfs (bsc#1181441). - scsi: qla2xxx: Add SLER and PI control support (bsc#1181441). - scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (bsc#1181441). - scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (bsc#1181441). - scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (bsc#1181441). - scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (bsc#1181441). - scsi: qla2xxx: Change post del message from debug level to log level (bsc#1181441). - scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (bsc#1181441). - scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (bsc#1181441). - scsi: qla2xxx: Check if FW supports MQ before enabling (bsc#1181441). - scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (bsc#1181441). - scsi: qla2xxx: Correct the check for sscanf() return value (bsc#1181441). - scsi: qla2xxx: Do not check for fw_started while posting NVMe command (bsc#1181441). - scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (bsc#1181441). - scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1181441). - scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (bsc#1181441). - scsi: qla2xxx: Fix buffer-buffer credit extraction error (bsc#1181441). - scsi: qla2xxx: Fix compilation issue in PPC systems (bsc#1181441). - scsi: qla2xxx: Fix crash during driver load on big endian machines (bsc#1181441). - scsi: qla2xxx: Fix crash on session cleanup with unload (bsc#1181441). - scsi: qla2xxx: Fix description for parameter ql2xenforce_iocb_limit (bsc#1181441). - scsi: qla2xxx: Fix device loss on 4G and older HBAs (bsc#1181441). - scsi: qla2xxx: Fix endianness annotations in header files (bsc#1181441). - scsi: qla2xxx: Fix endianness annotations in source files (bsc#1181441). - scsi: qla2xxx: Fix failure message in qlt_disable_vha() (bsc#1181441). - scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines (bsc#1181441). - scsi: qla2xxx: Fix FW initialization error on big endian machines (bsc#1181441). - scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (bsc#1181441). - scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (bsc#1181441). - scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (bsc#1181441). - scsi: qla2xxx: Fix I/O errors during LIP reset tests (bsc#1181441). - scsi: qla2xxx: Fix I/O failures during remote port toggle testing (bsc#1181441). - scsi: qla2xxx: Fix issue with adapter's stopping state (bsc#1181441). - scsi: qla2xxx: Fix login timeout (bsc#1181441). - scsi: qla2xxx: Fix memory size truncation (bsc#1181441). - scsi: qla2xxx: Fix MPI failure AEN (8200) handling (bsc#1181441). - scsi: qla2xxx: Fix MPI reset needed message (bsc#1181441). - scsi: qla2xxx: Fix N2N and NVMe connect retry failure (bsc#1181441). - scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (bsc#1181441). - scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (bsc#1181441). - scsi: qla2xxx: Fix regression on sparc64 (bsc#1181441). - scsi: qla2xxx: Fix reset of MPI firmware (bsc#1181441). - scsi: qla2xxx: Fix return of uninitialized value in rval (bsc#1181441). - scsi: qla2xxx: Fix spelling of a variable name (bsc#1181441). - scsi: qla2xxx: Fix the call trace for flush workqueue (bsc#1181441). - scsi: qla2xxx: Fix the code that reads from mailbox registers (bsc#1181441). - scsi: qla2xxx: Fix the return value (bsc#1181441). - scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (bsc#1181441). - scsi: qla2xxx: Fix warning after FC target reset (bsc#1181441). - scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (bsc#1181441). - scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (bsc#1181441). - scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (bsc#1181441). - scsi: qla2xxx: Flush all sessions on zone disable (bsc#1181441). - scsi: qla2xxx: Flush I/O on zone disable (bsc#1181441). - scsi: qla2xxx: Handle aborts correctly for port undergoing deletion (bsc#1181441). - scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (bsc#1181441). - scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry (bsc#1181441). - scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (bsc#1181441). - scsi: qla2xxx: Indicate correct supported speeds for Mezz card (bsc#1181441). - scsi: qla2xxx: Initialize 'n' before using it (bsc#1181441). - scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (bsc#1181441). - scsi: qla2xxx: Introduce a function for computing the debug message prefix (bsc#1181441). - scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1181441). - scsi: qla2xxx: Limit interrupt vectors to number of CPUs (bsc#1181441). - scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (bsc#1181441). - scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1181441). - scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (bsc#1181441). - scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (bsc#1181441). - scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (bsc#1181441). - scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (bsc#1181441). - scsi: qla2xxx: Make qlafx00_process_aen() return void (bsc#1181441). - scsi: qla2xxx: Make qla_set_ini_mode() return void (bsc#1181441). - scsi: qla2xxx: Make tgt_port_database available in initiator mode (bsc#1181441). - scsi: qla2xxx: Move sess cmd list/lock to driver (bsc#1181441). - scsi: qla2xxx: Performance tweak (bsc#1181441). - scsi: qla2xxx: Reduce duplicate code in reporting speed (bsc#1181441). - scsi: qla2xxx: Reduce noisy debug message (bsc#1181441). - scsi: qla2xxx: Remove an unused function (bsc#1181441). - scsi: qla2xxx: Remove a superfluous cast (bsc#1181441). - scsi: qla2xxx: remove incorrect sparse #ifdef (bsc#1181441). - scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code (bsc#1181441). - scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code (bsc#1181441). - scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1181441). - scsi: qla2xxx: Remove redundant variable initialization (bsc#1181441). - scsi: qla2xxx: Remove return value from qla_nvme_ls() (bsc#1181441). - scsi: qla2xxx: Remove superfluous memset() (bsc#1181441). - scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (bsc#1181441). - scsi: qla2xxx: Remove trailing semicolon in macro definition (bsc#1181441). - scsi: qla2xxx: Remove unneeded variable 'rval' (bsc#1181441). - scsi: qla2xxx: Return EBUSY on fcport deletion (bsc#1181441). - scsi: qla2xxx: SAN congestion management implementation (bsc#1181441). - scsi: qla2xxx: Setup debugfs entries for remote ports (bsc#1181441). - scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (bsc#1181441). - scsi: qla2xxx: Simplify the functions for dumping firmware (bsc#1181441). - scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (bsc#1181441). - scsi: qla2xxx: Split qla2x00_configure_local_loop() (bsc#1181441). - scsi: qla2xxx: Tear down session if FW say it is down (bsc#1181441). - scsi: qla2xxx: Update version to 10.02.00.102-k (bsc#1181441). - scsi: qla2xxx: Update version to 10.02.00.103-k (bsc#1181441). - scsi: qla2xxx: Update version to 10.02.00.104-k (bsc#1181441). - scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (bsc#1181441). - scsi: qla2xxx: Use constant when it is known (bsc#1181441). - scsi: qla2xxx: Use make_handle() instead of open-coding it (bsc#1181441). - scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (bsc#1181441). - scsi: qla2xxx: Use register names instead of register offsets (bsc#1181441). - scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1181441). - scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1181441). - scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (bsc#1181441). - scsi: scsi_transport_fc: Add FPIN fc event codes (bsc#1181441). - scsi: scsi_transport_fc: refactor event posting routines (bsc#1181441). - scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (bsc#1181441). - x86/hyperv: Fix kexec panic/hang issues (bsc#1176831). - xen/netback: avoid race in xenvif_rx_ring_slots_available() (bsc#1065600). - xen/netback: fix spurious event detection for common event case (bsc#1182175). Important SUSE bug 1065600 SUSE bug 1163592 SUSE bug 1176831 SUSE bug 1178401 SUSE bug 1178762 SUSE bug 1179014 SUSE bug 1179015 SUSE bug 1179045 SUSE bug 1179082 SUSE bug 1179428 SUSE bug 1179660 SUSE bug 1180058 SUSE bug 1180906 SUSE bug 1181441 SUSE bug 1181747 SUSE bug 1181753 SUSE bug 1181843 SUSE bug 1182140 SUSE bug 1182175 CVE-2020-29368 CVE-2020-29374 CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 This update for crmsh fixes the following issue: - CVE-2020-35459: Fixed a privilege escalation in hawk_invoke (bsc#1179999). Important SUSE bug 1179999 CVE-2020-35459 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 This update for hawk2 fixes the following security issue: - CVE-2020-35458: Fixed an insufficient input handler that could have led to remote code execution (bsc#1179998). Important SUSE bug 1179998 CVE-2020-35458 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 This update for hawk2 fixes the following issues: - Update to version 2.6.3: * Remove hawk_invoke and use capture3 instead of runas (bsc#1179999)(CVE-2020-35459) * Remove unnecessary chmod (bsc#1182166)(CVE-2021-25314) * Sanitize filename to contains whitelist of alphanumeric (bsc#1182165) Important SUSE bug 1179999 SUSE bug 1182165 SUSE bug 1182166 CVE-2020-35459 CVE-2021-25314 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated. The following security bugs were fixed: - CVE-2022-0812: Fixed an incorrect header size calculations which could lead to a memory leak. (bsc#1196639) - CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free. (bnc#1196973) - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227) - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-28356: Fixed a refcount bug in llc_ui_bind and llc_ui_autobind which could allow an unprivileged user to execute a DoS. (bnc#1197391) - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032) - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031) - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331) - CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761) - CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device. (bsc#1196836) - CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366) - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) The following non-security bugs were fixed: - ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018). - genirq: Use rcu in kstat_irqs_usr() (bsc#1193738). - llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes). - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - net: usb: ax88179_178a: fix packet alignment padding (bsc#1196018). - net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). - sr9700: sanity check for packet length (bsc#1196836). - tcp: add some entropy in __inet_hash_connect() (bsc#1180153). - tcp: change source port randomizarion at connect() time (bsc#1180153). - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - x86/tsc: Make calibration refinement more robust (bsc#1196573). - xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). Important SUSE bug 1180153 SUSE bug 1189562 SUSE bug 1193738 SUSE bug 1194943 SUSE bug 1195051 SUSE bug 1195353 SUSE bug 1196018 SUSE bug 1196114 SUSE bug 1196468 SUSE bug 1196488 SUSE bug 1196514 SUSE bug 1196573 SUSE bug 1196639 SUSE bug 1196761 SUSE bug 1196830 SUSE bug 1196836 SUSE bug 1196942 SUSE bug 1196973 SUSE bug 1197211 SUSE bug 1197227 SUSE bug 1197331 SUSE bug 1197366 SUSE bug 1197391 SUSE bug 1197462 SUSE bug 1198031 SUSE bug 1198032 SUSE bug 1198033 CVE-2021-39713 CVE-2021-45868 CVE-2022-0812 CVE-2022-0850 CVE-2022-1016 CVE-2022-1048 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-26490 CVE-2022-26966 CVE-2022-27666 CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 This update for python-requests fixes the following issues: - CVE-2018-18074: Fixed to prevent the package to send an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect. (bsc#1111622) Moderate SUSE bug 1111622 CVE-2018-18074 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated. The following security bugs were fixed: - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) - CVE-2021-39711: Fixed a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1197219). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012). - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647). - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2021-43389: Fixed an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958). - CVE-2019-20811: Fixed issue in rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, where a reference count is mishandled (bnc#1172456). - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055). - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c. (bnc#1198516) - CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723). - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343) The following non-security bugs were fixed: - btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399). - btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399). - debug: Lock down kgdb (bsc#1199426). - dimlib: make DIMLIB a hidden symbol (bsc#1197099 jsc#SLE-24124). - lib/dim: Fix -Wunused-const-variable warnings (bsc#1197099 jsc#SLE-24124). - lib/dim: fix help text typos (bsc#1197099 jsc#SLE-24124). - linux/dim: Add completions count to dim_sample (bsc#1197099 jsc#SLE-24124). - linux/dim: Fix overflow in dim calculation (bsc#1197099 jsc#SLE-24124). - linux/dim: Implement RDMA adaptive moderation (DIM) (bsc#1197099 jsc#SLE-24124). - linux/dim: Move implementation to .c files (bsc#1197099 jsc#SLE-24124). - linux/dim: Move logic to dim.h (bsc#1197099 jsc#SLE-24124). - linux/dim: Remove 'net' prefix from internal DIM members (bsc#1197099 jsc#SLE-24124). - linux/dim: Rename externally exposed macros (bsc#1197099 jsc#SLE-24124). - linux/dim: Rename externally used net_dim members (bsc#1197099 jsc#SLE-24124). - linux/dim: Rename net_dim_sample() to net_dim_update_sample() (bsc#1197099 jsc#SLE-24124). - net: ena: A typo fix in the file ena_com.h (bsc#1197099 jsc#SLE-24124). - net: ena: Add capabilities field with support for ENI stats capability (bsc#1197099 jsc#SLE-24124). - net: ena: add device distinct log prefix to files (bsc#1197099 jsc#SLE-24124). - net: ena: Add first_interrupt field to napi struct (bsc#1197099 jsc#SLE-24124). - net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it (bsc#1197099 jsc#SLE-24124). - net: ena: add jiffies of last napi call to stats (bsc#1197099 jsc#SLE-24124). - net: ena: add missing ethtool TX timestamping indication (bsc#1197099 jsc#SLE-24124). - net: ena: add reserved PCI device ID (bsc#1197099 jsc#SLE-24124). - net: ena: add support for reporting of packet drops (bsc#1197099 jsc#SLE-24124). - net: ena: add support for the rx offset feature (bsc#1197099 jsc#SLE-24124). - net: ena: add support for traffic mirroring (bsc#1197099 jsc#SLE-24124). - net: ena: add unmask interrupts statistics to ethtool (bsc#1197099 jsc#SLE-24124). - net: ena: aggregate stats increase into a function (bsc#1197099 jsc#SLE-24124). - net: ena: allow setting the hash function without changing the key (bsc#1197099 jsc#SLE-24124). - net: ena: avoid memory access violation by validating req_id properly (bsc#1197099 jsc#SLE-24124). - net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1197099 jsc#SLE-24124). - net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1197099 jsc#SLE-24124). - net: ena: Capitalize all log strings and improve code readability (bsc#1197099 jsc#SLE-24124). - net: ena: change default RSS hash function to Toeplitz (bsc#1197099 jsc#SLE-24124). - net: ena: Change ENI stats support check to use capabilities field (bsc#1197099 jsc#SLE-24124). - net: ena: Change license into format to SPDX in all files (bsc#1197099 jsc#SLE-24124). - net: ena: Change log message to netif/dev function (bsc#1197099 jsc#SLE-24124). - net: ena: change num_queues to num_io_queues for clarity and consistency (bsc#1197099 jsc#SLE-24124). - net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1197099 jsc#SLE-24124). - net: ena: Change RSS related macros and variables names (bsc#1197099 jsc#SLE-24124). - net: ena: Change the name of bad_csum variable (bsc#1197099 jsc#SLE-24124). - net: ena: changes to RSS hash key allocation (bsc#1197099 jsc#SLE-24124). - net: ena: clean up indentation issue (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: code reorderings (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: fix line break issues (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: fix spacing issues (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: minor code changes (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: remove unnecessary code (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1197099 jsc#SLE-24124). - net: ena: do not wake up tx queue when down (bsc#1197099 jsc#SLE-24124). - net: ena: drop superfluous prototype (bsc#1197099 jsc#SLE-24124). - net: ena: ena-com.c: prevent NULL pointer dereference (bsc#1197099 jsc#SLE-24124). - net: ena: enable support of rss hash key and function changes (bsc#1197099 jsc#SLE-24124). - net: ena: enable the interrupt_moderation in driver_supported_features (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: Add new device statistics (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: clean up minor indentation issue (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: get_channels: use combined only (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: remove redundant non-zero check on rc (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: support set_channels callback (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: use correct value for crc32 hash (bsc#1197099 jsc#SLE-24124). - net: ena: Fix all static chekers' warnings (bsc#1197099 jsc#SLE-24124). - net: ena: Fix build warning in ena_xdp_set() (bsc#1197099 jsc#SLE-24124). - net: ena: fix coding style nits (bsc#1197099 jsc#SLE-24124). - net: ena: fix continuous keep-alive resets (bsc#1197099 jsc#SLE-24124). - net: ena: fix corruption of dev_idx_to_host_tbl (bsc#1197099 jsc#SLE-24124). - net: ena: fix default tx interrupt moderation interval (bsc#1197099 jsc#SLE-24124). - net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1197099 jsc#SLE-24124). - net: ena: Fix error handling when calculating max IO queues number (bsc#1197099 jsc#SLE-24124). - net: ena: fix error returning in ena_com_get_hash_function() (bsc#1197099 jsc#SLE-24124). - net: ena: fix inaccurate print type (bsc#1197099 jsc#SLE-24124). - net: ena: fix incorrect default RSS key (bsc#1197099 jsc#SLE-24124). - net: ena: fix incorrect setting of the number of msix vectors (bsc#1197099 jsc#SLE-24124). - net: ena: fix incorrect update of intr_delay_resolution (bsc#1197099 jsc#SLE-24124). - net: ena: fix incorrectly saving queue numbers when setting RSS indirection table (bsc#1197099 jsc#SLE-24124). - net: ena: fix issues in setting interrupt moderation params in ethtool (bsc#1197099 jsc#SLE-24124). - net: ena: fix packet's addresses for rx_offset feature (bsc#1197099 jsc#SLE-24124). - net: ena: fix potential crash when rxfh key is NULL (bsc#1197099 jsc#SLE-24124). - net: ena: fix request of incorrect number of IRQ vectors (bsc#1197099 jsc#SLE-24124). - net: ena: fix retrieval of nonadaptive interrupt moderation intervals (bsc#1197099 jsc#SLE-24124). - net: ena: fix update of interrupt moderation register (bsc#1197099 jsc#SLE-24124). - net: ena: fix uses of round_jiffies() (bsc#1197099 jsc#SLE-24124). - net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1197099 jsc#SLE-24124). - net: ena: Fix wrong rx request id by resetting device (bsc#1197099 jsc#SLE-24124). - net: ena: handle bad request id in ena_netdev (bsc#1197099 jsc#SLE-24124). - net: ena: Improve error logging in driver (bsc#1197099 jsc#SLE-24124). - net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE (bsc#1197099 jsc#SLE-24124). - net: ena: make ethtool -l show correct max number of queues (bsc#1197099 jsc#SLE-24124). - net: ena: Make missed_tx stat incremental (bsc#1197099 jsc#SLE-24124). - net: ena: make symbol 'ena_alloc_map_page' static (bsc#1197099 jsc#SLE-24124). - net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1197099 jsc#SLE-24124). - net: ena: Move reset completion print to the reset function (bsc#1197099 jsc#SLE-24124). - net: ena: multiple queue creation related cleanups (bsc#1197099 jsc#SLE-24124). - net: ena: Prevent reset after device destruction (bsc#1197099 jsc#SLE-24124). - net: ena: re-organize code to improve readability (bsc#1197099 jsc#SLE-24124). - net: ena: reduce driver load time (bsc#1197099 jsc#SLE-24124). - net: ena: reimplement set/get_coalesce() (bsc#1197099 jsc#SLE-24124). - net: ena: remove all old adaptive rx interrupt moderation code from ena_com (bsc#1197099 jsc#SLE-24124). - net: ena: remove code duplication in ena_com_update_nonadaptive_moderation_interval _*() (bsc#1197099 jsc#SLE-24124). - net: ena: remove code that does nothing (bsc#1197099 jsc#SLE-24124). - net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1197099 jsc#SLE-24124). - net: ena: remove ena_restore_ethtool_params() and relevant fields (bsc#1197099 jsc#SLE-24124). - net: ena: remove extra words from comments (bsc#1197099 jsc#SLE-24124). - net: ena: Remove module param and change message severity (bsc#1197099 jsc#SLE-24124). - net: ena: remove old adaptive interrupt moderation code from ena_netdev (bsc#1197099 jsc#SLE-24124). - net: ena: remove redundant print of number of queues (bsc#1197099 jsc#SLE-24124). - net: ena: Remove redundant print of placement policy (bsc#1197099 jsc#SLE-24124). - net: ena: Remove redundant return code check (bsc#1197099 jsc#SLE-24124). - net: ena: remove set but not used variable 'hash_key' (bsc#1197099 jsc#SLE-24124). - net: ena: Remove unused code (bsc#1197099 jsc#SLE-24124). - net: ena: rename ena_com_free_desc to make API more uniform (bsc#1197099 jsc#SLE-24124). - net: ena: rss: do not allocate key when not supported (bsc#1197099 jsc#SLE-24124). - net: ena: rss: fix failure to get indirection table (bsc#1197099 jsc#SLE-24124). - net: ena: rss: store hash function as values and not bits (bsc#1197099 jsc#SLE-24124). - net: ena: Select DIMLIB for ENA_ETHERNET (bsc#1197099 jsc#SLE-24124). - net: ena: set initial DMA width to avoid intel iommu issue (bsc#1197099 jsc#SLE-24124). - net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1197099 jsc#SLE-24124). - net: ena: store values in their appropriate variables types (bsc#1197099 jsc#SLE-24124). - net: ena: support new LLQ acceleration mode (bsc#1197099 jsc#SLE-24124). - net: ena: switch to dim algorithm for rx adaptive interrupt moderation (bsc#1197099 jsc#SLE-24124). - net: ena: use constant value for net_device allocation (bsc#1197099 jsc#SLE-24124). - net: ena: Use dev_alloc() in RX buffer allocation (bsc#1197099 jsc#SLE-24124). - net: ena: use explicit variable size for clarity (bsc#1197099 jsc#SLE-24124). - net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1197099 jsc#SLE-24124). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - net: update net_dim documentation after rename (bsc#1197099 jsc#SLE-24124). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - powerpc/pseries: extract host bridge from pci_bus prior to bus removal (bsc#1182171 ltc#190900 bsc#1198660 ltc#197803). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729 bsc#1198660 ltc#197803). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825). - x86/pm: Save the MSR validity status at context setup (bsc#1114648). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1114648). Important SUSE bug 1028340 SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1114648 SUSE bug 1172456 SUSE bug 1182171 SUSE bug 1183723 SUSE bug 1187055 SUSE bug 1191647 SUSE bug 1191958 SUSE bug 1195651 SUSE bug 1196426 SUSE bug 1197099 SUSE bug 1197219 SUSE bug 1197343 SUSE bug 1198400 SUSE bug 1198516 SUSE bug 1198660 SUSE bug 1198687 SUSE bug 1198742 SUSE bug 1198825 SUSE bug 1199012 SUSE bug 1199063 SUSE bug 1199314 SUSE bug 1199399 SUSE bug 1199426 SUSE bug 1199505 SUSE bug 1199605 SUSE bug 1199650 CVE-2019-20811 CVE-2021-20292 CVE-2021-20321 CVE-2021-33061 CVE-2021-38208 CVE-2021-39711 CVE-2021-43389 CVE-2022-1011 CVE-2022-1353 CVE-2022-1419 CVE-2022-1516 CVE-2022-1652 CVE-2022-1734 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-30594 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 This update of drbd fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Important SUSE bug 1198581 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) Important SUSE bug 1199232 CVE-2022-1586 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 This update for resource-agents fixes the following issues: - Fixed redictable log file in /tmp in mariadb.in (bsc#1146691). Moderate SUSE bug 1146691 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bsc#1177282) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space (bsc#1200144). - CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux kernel by simulating nfc device from user-space (bsc#1200143). - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1184: Fixed a use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (bsc#1198577). - CVE-2022-21499: Lock down kgdb to prohibit secure-boot bypass (bsc#1199426). - CVE-2019-19377: Fixed a user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image (bsc#1158266). The following non-security bugs were fixed: - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - exec: Force single empty string when argv is empty (bsc#1200571). Important SUSE bug 1158266 SUSE bug 1162338 SUSE bug 1162369 SUSE bug 1173871 SUSE bug 1177282 SUSE bug 1194013 SUSE bug 1196901 SUSE bug 1198577 SUSE bug 1199426 SUSE bug 1199487 SUSE bug 1199507 SUSE bug 1199657 SUSE bug 1200059 SUSE bug 1200143 SUSE bug 1200144 SUSE bug 1200249 SUSE bug 1200571 SUSE bug 1200599 SUSE bug 1200604 SUSE bug 1200605 SUSE bug 1200608 SUSE bug 1200619 SUSE bug 1200692 SUSE bug 1200762 SUSE bug 1201050 SUSE bug 1201080 SUSE bug 1201251 CVE-2019-19377 CVE-2020-26541 CVE-2021-26341 CVE-2021-4157 CVE-2022-1184 CVE-2022-1679 CVE-2022-1729 CVE-2022-1974 CVE-2022-1975 CVE-2022-20132 CVE-2022-20141 CVE-2022-20154 CVE-2022-21499 CVE-2022-2318 CVE-2022-26365 CVE-2022-29900 CVE-2022-29901 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33981 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 This update for samba fixes the following issues: - CVE-2022-32742: Fixed incorrect length check in SMB1write, SMB1write_and_close, SMB1write_and_unlock (bsc#1201496). Moderate SUSE bug 1201496 CVE-2022-32742 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 This update for samba fixes the following issues: - CVE-2021-44142: Fixed out-of-Bound Read/Write on Samba vfs_fruit module. (bsc#1194859) Critical SUSE bug 1194859 CVE-2021-44142 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT (bnc#1201636). - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829). The following non-security bugs were fixed: - Add missing recommends of kernel-install-tools to kernel-source-vanilla (bsc#1200442) - cifs: On cifs_reconnect, resolve the hostname again (bsc#1201926). - cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1201926). - cifs: To match file servers, make sure the server hostname matches (bsc#1201926). - cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1201926). - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1201926). - cifs: set a minimum of 120s for next dns resolution (bsc#1201926). - cifs: use the expiry output of dns_query to schedule next resolution (bsc#1201926). - kernel-binary.spec: Support radio selection for debuginfo. To disable debuginfo on 5.18 kernel a radio selection needs to be switched to a different selection. This requires disabling the currently active option and selecting NONE as debuginfo type. - kvm: emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - pahole 1.22 required for full BTF features. also recommend pahole for kernel-source to make the kernel buildable with standard config - rpm/*.spec.in: remove backtick usage - rpm/constraints.in: skip SLOW_DISK workers for kernel-source - rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775) - rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut module (bsc#1195775) - rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484). Important SUSE bug 1195775 SUSE bug 1195926 SUSE bug 1198484 SUSE bug 1198829 SUSE bug 1200442 SUSE bug 1201050 SUSE bug 1201635 SUSE bug 1201636 SUSE bug 1201926 SUSE bug 1201930 CVE-2021-26341 CVE-2021-33655 CVE-2021-33656 CVE-2022-1462 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-36946: Fixed a denial of service (panic) inside nfqnl_mangle in net/netfilter/nfnetlink_queue.c (bnc#1201940). - CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948). - CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898). - CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672). - CVE-2022-2639: Fixed an integer coercion error that was found in the openvswitch kernel module (bnc#1202154). - CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-21385: Fixed a flaw in net_rds_alloc_sgs() that allowed unprivileged local users to crash the machine (bnc#1202897). - CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347). - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346). - CVE-2022-20166: Fixed possible out of bounds write due to a heap buffer overflow in various methods of kernel base drivers (bnc#1200598). - CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535). - CVE-2020-36558: Fixed a race condition involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault (bnc#1200910). - CVE-2020-36557: Fixed a race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys that could have led to a use-after-free (bnc#1201429). - CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616). The following non-security bugs were fixed: - cifs: fix error paths in cifs_tree_connect() (bsc#1177440). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1188944). - cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440). - cifs: skip trailing separators of prefix paths (bsc#1188944). - kernel-obs-build: include qemu_fw_cfg (boo#1201705) - lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325). - mm/rmap.c: do not reuse anon_vma if we just want a copy (git-fixes, bsc#1203098). - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098). - net_sched: cls_route: disallow handle of 0 (bsc#1202393). - objtool: Add --backtrace support (bsc#1202396). - objtool: Add support for intra-function calls (bsc#1202396). - objtool: Allow no-op CFI ops in alternatives (bsc#1202396). - objtool: Convert insn type to enum (bsc#1202396). - objtool: Do not use ignore flag for fake jumps (bsc#1202396). - objtool: Fix !CFI insn_state propagation (bsc#1202396). - objtool: Fix ORC vs alternatives (bsc#1202396). - objtool: Fix sibling call detection (bsc#1202396). - objtool: Make handle_insn_ops() unconditional (bsc#1202396). - objtool: Remove INSN_STACK (bsc#1202396). - objtool: Remove check preventing branches within alternative (bsc#1202396). - objtool: Rename elf_open() to prevent conflict with libelf from elftoolchain (bsc#1202396). - objtool: Rename struct cfi_state (bsc#1202396). - objtool: Rework allocating stack_ops on decode (bsc#1202396). - objtool: Rewrite alt->skip_orig (bsc#1202396). - objtool: Set insn->func for alternatives (bsc#1202396). - objtool: Support conditional retpolines (bsc#1202396). - objtool: Support multiple stack_op per instruction (bsc#1202396). - objtool: Track original function across branches (bsc#1202396). - objtool: Uniquely identify alternative instruction groups (bsc#1202396). - objtool: Use Elf_Scn typedef instead of assuming struct name (bsc#1202396). - powerpc/pci: Fix broken INTx configuration via OF (bsc#1172145 ltc#184630 bsc#1200770 ltc#198666). - powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145 ltc#184630 bsc#1200770 ltc#198666). - powerpc/pci: Use of_irq_parse_and_map_pci() helper (bsc#1172145 ltc#184630 bsc#1200770 ltc#198666). - rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019). Important SUSE bug 1172145 SUSE bug 1177440 SUSE bug 1188944 SUSE bug 1191881 SUSE bug 1194535 SUSE bug 1196616 SUSE bug 1200598 SUSE bug 1200770 SUSE bug 1200910 SUSE bug 1201019 SUSE bug 1201420 SUSE bug 1201429 SUSE bug 1201705 SUSE bug 1201726 SUSE bug 1201940 SUSE bug 1201948 SUSE bug 1202096 SUSE bug 1202154 SUSE bug 1202346 SUSE bug 1202347 SUSE bug 1202393 SUSE bug 1202396 SUSE bug 1202672 SUSE bug 1202897 SUSE bug 1202898 SUSE bug 1203098 CVE-2020-36516 CVE-2020-36557 CVE-2020-36558 CVE-2021-4203 CVE-2022-20166 CVE-2022-20368 CVE-2022-20369 CVE-2022-21385 CVE-2022-2588 CVE-2022-26373 CVE-2022-2639 CVE-2022-2977 CVE-2022-3028 CVE-2022-36879 CVE-2022-36946 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated The following security bugs were fixed: - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-2503: Fixed a bug in dm-verity, device-mapper table reloads allowed users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allowed root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates (bnc#1202677). - CVE-2022-39188: Fixed a race condition where a device driver can free a page while it still has stale TLB entries. (bnc#1203107). - CVE-2022-2663: Fixed an issue which allowed a firewall to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured (bnc#1202097). The following non-security bugs were fixed: - dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages. - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still be possible to do so that the mitigation can still be disabled on Intel who do not use the return thunks but IBRS. Important SUSE bug 1201309 SUSE bug 1202097 SUSE bug 1202385 SUSE bug 1202677 SUSE bug 1202960 SUSE bug 1203107 SUSE bug 1203552 CVE-2022-2503 CVE-2022-2663 CVE-2022-3239 CVE-2022-39188 CVE-2022-41218 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). - CVE-2022-0322: Fixed SCTP issue with account stream padding length for reconf chunk (bsc#1194985). - CVE-2021-45486: Fixed information leak inside the IPv4 implementation caused by very small hash table (bnc#1194087). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767). - CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bnc#1192847) - CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bsc#1192845) - CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194529). - CVE-2021-4197: Use cgroup open-time credentials for process migraton perm checks (bsc#1194302). - CVE-2021-4159: Fixed kernel ptr leak vulnerability via BPF in coerce_reg_to_size (bsc#1194227). - CVE-2021-4149: Fixed btrfs unlock newly allocated extent buffer after error (bsc#1194001). - CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1193727). - CVE-2021-4002: Fixed a missing TLB flush that could lead to leak or corruption of data in hugetlbfs. (bsc#1192946) - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2021-3564: Fixed double-free memory corruption in the Linux kernel HCI device initialization subsystem that could have been used by attaching malicious HCI TTY Bluetooth devices. A local user could use this flaw to crash the system (bnc#1186207). - CVE-2021-33098: Fixed a potential denial of service in Intel(R) Ethernet ixgbe driver due to improper input validation. (bsc#1192877) - CVE-2021-28715: Fixed issue with xen/netback to do not queue unlimited number of packages (XSA-392) (bsc#1193442). - CVE-2021-28714: Fixed issue with xen/netback to add rx queue stall detection (XSA-392) (bsc#1193442). - CVE-2021-28713: Fixed issue with xen/console to harden hvc_xen against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-28712: Fixed issue with xen/netfront to harden netfront against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-28711: Fixed issue with xen/blkfront to harden blkfront against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-0935: Fixed possible out of bounds write in ip6_xmit of ip6_output.c due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192032). - CVE-2021-0920: Fixed use after free bug due to a race condition in unix_scm_to_skb of af_unix.c. This could have led to local escalation of privilege with System execution privileges needed (bnc#1193731). - CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device. (bsc#1179599) - CVE-2019-15126: Fixed a vulnerability in Broadcom and Cypress Wi-Fi chips, used in RPi family of devices aka 'Kr00k'. (bsc#1167162) - CVE-2018-25020: Fixed an overflow in the BPF subsystem due to a mishandling of a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions. This affects kernel/bpf/core.c and net/core/filter.c (bnc#1193575). The following non-security bugs were fixed: - Bluetooth: fix the erroneous flush_work() order (git-fixes). - Build: Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731). - elfcore: fix building with clang (bsc#1169514). - fget: clarify and improve __fget_files() implementation (bsc#1193727). - hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (bsc#1193507). - hv_netvsc: Set needed_headroom according to VF (bsc#1193507). - kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740). - kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable. - kernel-binary.spec: Define $image as rpm macro (bsc#1189841). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167). - kernel-binary.spec: Fix kernel-default-base scriptlets after packaging merge. - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well (bsc#1189841). - kernel-cert-subpackage: Fix certificate location in scriptlets (bsc#1189841). - kernel-source.spec: install-kernel-tools also required on 15.4 - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229). - kprobes: Limit max data_size of the kretprobe instances (bsc#1193669). - livepatch: Avoid CPU hogging with cond_resched (bsc#1071995). - memstick: rtsx_usb_ms: fix UAF (bsc#1194516). - moxart: fix potential use-after-free on remove path (bsc#1194516). - net: Using proper atomic helper (bsc#1186222). - net: mana: Add RX fencing (bsc#1193507). - net: mana: Add XDP support (bsc#1193507). - net: mana: Allow setting the number of queues while the NIC is down (bsc#1193507). - net: mana: Fix spelling mistake 'calledd' -> 'called' (bsc#1193507). - net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (bsc#1193507). - net: mana: Improve the HWC error handling (bsc#1193507). - net: mana: Support hibernation and kexec (bsc#1193507). - net: mana: Use kcalloc() instead of kzalloc() (bsc#1193507). - objtool: Support Clang non-section symbols in ORC generation (bsc#1169514). - post.sh: detect /usr mountpoint too - recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267). - recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267). - rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to use kmod with ZSTD support on non-Tumbleweed. - rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804). - rpm/kernel-binary.spec.in: do not strip vmlinux again (bsc#1193306) After usrmerge, vmlinux file is not named vmlinux-&lt;version>, but simply vmlinux. And this is not reflected in STRIP_KEEP_SYMTAB we set. So fix this by removing the dash... - rpm/kernel-binary.spec: Use only non-empty certificates. - rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305) - rpm/kernel-source.rpmlintrc: ignore new include/config files In 5.13, since 0e0345b77ac4, config files have no longer .h suffix. Adapt the zero-length check. Based on Martin Liska's change. - rpm/kernel-source.spec.in: do some more for vanilla_only Make sure: * sources are NOT executable * env is not used as interpreter * timestamps are correct We do all this for normal kernel builds, but not for vanilla_only kernels (linux-next and vanilla). - rpm: fixup support gz and zst compression methods (bsc#1190428, bsc#1190358). - rpm: use _rpmmacrodir (boo#1191384) - tty: hvc: replace BUG_ON() with negative return value (git-fixes). - vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888). - watchdog: iTCO_wdt: Export vendorsupport (bsc#1177101). - watchdog: iTCO_wdt: Make ICH_RES_IO_SMI optional (bsc#1177101). - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (bsc#1169514). - xen/blkfront: do not take local copy of a request from the ring page (git-fixes). - xen/blkfront: do not trust the backend response data blindly (git-fixes). - xen/blkfront: read response from backend only once (git-fixes). - xen/netfront: disentangle tx_skb_freelist (git-fixes). - xen/netfront: do not read data from request on the ring page (git-fixes). - xen/netfront: do not trust the backend response data blindly (git-fixes). - xen/netfront: read response from backend only once (git-fixes). - xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). Important SUSE bug 1071995 SUSE bug 1124431 SUSE bug 1167162 SUSE bug 1169514 SUSE bug 1172073 SUSE bug 1177101 SUSE bug 1179599 SUSE bug 1184804 SUSE bug 1185377 SUSE bug 1186207 SUSE bug 1186222 SUSE bug 1187167 SUSE bug 1189305 SUSE bug 1189841 SUSE bug 1190358 SUSE bug 1190428 SUSE bug 1191229 SUSE bug 1191384 SUSE bug 1191731 SUSE bug 1192032 SUSE bug 1192267 SUSE bug 1192740 SUSE bug 1192845 SUSE bug 1192847 SUSE bug 1192877 SUSE bug 1192946 SUSE bug 1193306 SUSE bug 1193440 SUSE bug 1193442 SUSE bug 1193507 SUSE bug 1193575 SUSE bug 1193669 SUSE bug 1193727 SUSE bug 1193731 SUSE bug 1193767 SUSE bug 1193861 SUSE bug 1193864 SUSE bug 1193867 SUSE bug 1194001 SUSE bug 1194048 SUSE bug 1194087 SUSE bug 1194227 SUSE bug 1194302 SUSE bug 1194516 SUSE bug 1194529 SUSE bug 1194880 SUSE bug 1194888 SUSE bug 1194985 SUSE bug 1195254 CVE-2018-25020 CVE-2019-15126 CVE-2020-27820 CVE-2021-0920 CVE-2021-0935 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-33098 CVE-2021-3564 CVE-2021-39648 CVE-2021-39657 CVE-2021-4002 CVE-2021-4083 CVE-2021-4149 CVE-2021-4197 CVE-2021-4202 CVE-2021-43975 CVE-2021-43976 CVE-2021-44733 CVE-2021-45095 CVE-2021-45486 CVE-2022-0322 CVE-2022-0330 CVE-2022-0435 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-42328: Guests could trigger denial of service via the netback driver (bsc#1206114). - CVE-2022-42329: Guests could trigger denial of service via the netback driver (bsc#1206113). - CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bsc#1206113). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bsc#1202686). - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bsc#1198702). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bsc#1204653). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bsc#1204402). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bsc#1204635). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bsc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bsc#1204647). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bsc#1204574). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bsc#1204479). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204431). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bsc#1204354). - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory (bsc#1203514). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bsc#1204168). - CVE-2022-3169: Fixed an denial of service though request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290). - CVE-2022-40307: Fixed a race condition that could had been exploited to trigger a use-after-free in the efi firmware capsule-loader.c (bsc#1203322). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-3521: Fixed a race condition in kcm_tx_work() of the file net/kcm/kcmsock.c (bsc#1204355). - CVE-2022-2153: Fixed a NULL pointer dereference in the KVM subsystem, when attempting to set a SynIC IRQ (bsc#1200788). - CVE-2022-41848: Fixed a race condition in drivers/char/pcmcia/synclink_cs.c mgslpc_ioctl and mgslpc_detach (bsc#1203987). The following non-security bugs were fixed: - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - sunrpc: Re-purpose trace_svc_process (bsc#1205006). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - x86/hyperv: Set pv_info.name to 'Hyper-V' (git-fixes). Important SUSE bug 1196018 SUSE bug 1198702 SUSE bug 1200788 SUSE bug 1201455 SUSE bug 1202686 SUSE bug 1203008 SUSE bug 1203183 SUSE bug 1203290 SUSE bug 1203322 SUSE bug 1203514 SUSE bug 1203960 SUSE bug 1203987 SUSE bug 1204166 SUSE bug 1204168 SUSE bug 1204170 SUSE bug 1204354 SUSE bug 1204355 SUSE bug 1204402 SUSE bug 1204414 SUSE bug 1204415 SUSE bug 1204424 SUSE bug 1204431 SUSE bug 1204432 SUSE bug 1204439 SUSE bug 1204479 SUSE bug 1204574 SUSE bug 1204576 SUSE bug 1204631 SUSE bug 1204635 SUSE bug 1204636 SUSE bug 1204646 SUSE bug 1204647 SUSE bug 1204653 SUSE bug 1204868 SUSE bug 1205006 SUSE bug 1205128 SUSE bug 1205130 SUSE bug 1205220 SUSE bug 1205473 SUSE bug 1205514 SUSE bug 1205671 SUSE bug 1205705 SUSE bug 1205709 SUSE bug 1205796 SUSE bug 1206113 SUSE bug 1206114 SUSE bug 1206207 CVE-2021-4037 CVE-2022-2153 CVE-2022-28693 CVE-2022-28748 CVE-2022-2964 CVE-2022-3169 CVE-2022-3424 CVE-2022-3521 CVE-2022-3524 CVE-2022-3542 CVE-2022-3545 CVE-2022-3565 CVE-2022-3567 CVE-2022-3586 CVE-2022-3594 CVE-2022-3621 CVE-2022-3628 CVE-2022-3629 CVE-2022-3635 CVE-2022-3643 CVE-2022-3646 CVE-2022-3649 CVE-2022-3903 CVE-2022-40307 CVE-2022-40768 CVE-2022-4095 CVE-2022-41848 CVE-2022-41850 CVE-2022-41858 CVE-2022-42328 CVE-2022-42329 CVE-2022-42703 CVE-2022-42895 CVE-2022-42896 CVE-2022-43750 CVE-2022-4378 CVE-2022-43945 CVE-2022-45934 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155). - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897). - CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516). - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). - CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). The following non-security bugs were fixed: - NFSv4.x: by default serialize open/close operations (bsc#1114893 bsc#1195934). - crypto: af_alg - get_page upon reassignment to TX SGL (bsc#1195840). - hv_netvsc: fix network namespace issues with VF support (bsc#1107207). - hv_netvsc: move VF to same namespace as netvsc device (bsc#1107207). - lib/iov_iter: initialize 'flags' in new pipe_buffer (bsc#1196584). Important SUSE bug 1107207 SUSE bug 1114893 SUSE bug 1185973 SUSE bug 1191580 SUSE bug 1194516 SUSE bug 1195536 SUSE bug 1195543 SUSE bug 1195612 SUSE bug 1195840 SUSE bug 1195897 SUSE bug 1195908 SUSE bug 1195934 SUSE bug 1195949 SUSE bug 1195987 SUSE bug 1196079 SUSE bug 1196155 SUSE bug 1196584 SUSE bug 1196601 SUSE bug 1196612 CVE-2021-44879 CVE-2022-0001 CVE-2022-0002 CVE-2022-0487 CVE-2022-0492 CVE-2022-0617 CVE-2022-0644 CVE-2022-0847 CVE-2022-24448 CVE-2022-24959 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 This update for samba fixes the following issues: - CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user's password (bsc#1206546). - CVE-2022-38023: Disabled weak ciphers by default in the Netlogon Secure channel (bsc#1206504). - CVE-2022-37966: Fixed an issue where a weak cipher would be selected to encrypt session keys, which could lead to privilege escalation (bsc#1205385). Important SUSE bug 1205385 SUSE bug 1206504 SUSE bug 1206546 CVE-2021-20251 CVE-2022-37966 CVE-2022-38023 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2483: Fixed a use after free bug in emac_remove due caused by a race condition (bsc#1211037). - CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). - CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). - CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). - CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). - CVE-2020-36691: Fixed a denial of service (unbounded recursion) vulnerability via a nested Netlink policy with a back reference (bsc#1209613 bsc#1209777). - CVE-2023-0394: Fixed a null pointer dereference flaw in the network subcomponent in the Linux kernel which could lead to system crash (bsc#1207168). - CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA (bsc#1209778). - CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bsc#1194535). - CVE-2022-20567: Fixed use after free that could lead to a local privilege escalation in pppol2tp_create of l2tp_ppp.c (bsc#1208850). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). - CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599). - CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777). - CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). - CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289). - CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). - CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). - CVE-2023-1855: Fixed an use-after-free flaw in xgene_hwmon_remove (bsc#1210202). - CVE-2023-1989: Fixed an use-after-free flaw in btsdio_remove (bsc#1210336). - CVE-2023-1990: Fixed an use-after-free flaw in ndlc_remove (bsc#1210337). - CVE-2023-1998: Fixed an use-after-free flaw during login when accessing the shost ipaddress (bsc#1210506). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). - CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036). - CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125). - CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291). - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1209052). - CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549). - CVE-2023-30772: Fixed race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). The following non-security bugs were fixed: - Do not sign the vanilla kernel (bsc#1209008). - Fix kABI breakage (bsc#1208333) - PCI: hv: Add a per-bus mutex state_lock (bsc#1207185). - PCI: hv: Fix a race condition bug in hv_pci_query_relations() (bsc#1207185). - PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185). - PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185). - Remove obsolete KMP obsoletes (bsc#1210469). - Replace mkinitrd dependency with dracut (bsc#1202353). - cifs: fix double free in dfs mounts (bsc#1209845). - cifs: fix negotiate context parsing (bsc#1210301). - cifs: handle reconnect of tcon when there is no cached dfs referral (bsc#1209845). - cifs: missing null pointer check in cifs_mount (bsc#1209845). - cifs: serialize all mount attempts (bsc#1209845). - cred: allow get_cred() and put_cred() to be given NULL (bsc#1209887). - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168). - k-m-s: Drop Linux 2.6 support - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). Important SUSE bug 1076830 SUSE bug 1194535 SUSE bug 1202353 SUSE bug 1205128 SUSE bug 1207036 SUSE bug 1207125 SUSE bug 1207168 SUSE bug 1207185 SUSE bug 1207795 SUSE bug 1207845 SUSE bug 1208179 SUSE bug 1208333 SUSE bug 1208599 SUSE bug 1208777 SUSE bug 1208837 SUSE bug 1208850 SUSE bug 1209008 SUSE bug 1209052 SUSE bug 1209256 SUSE bug 1209289 SUSE bug 1209291 SUSE bug 1209532 SUSE bug 1209547 SUSE bug 1209549 SUSE bug 1209613 SUSE bug 1209687 SUSE bug 1209777 SUSE bug 1209778 SUSE bug 1209845 SUSE bug 1209871 SUSE bug 1209887 SUSE bug 1210124 SUSE bug 1210202 SUSE bug 1210301 SUSE bug 1210329 SUSE bug 1210336 SUSE bug 1210337 SUSE bug 1210469 SUSE bug 1210498 SUSE bug 1210506 SUSE bug 1210647 SUSE bug 1211037 CVE-2017-5753 CVE-2020-36691 CVE-2021-3923 CVE-2021-4203 CVE-2022-20567 CVE-2022-43945 CVE-2023-0394 CVE-2023-0590 CVE-2023-0597 CVE-2023-1076 CVE-2023-1095 CVE-2023-1118 CVE-2023-1390 CVE-2023-1513 CVE-2023-1611 CVE-2023-1670 CVE-2023-1855 CVE-2023-1989 CVE-2023-1990 CVE-2023-1998 CVE-2023-2124 CVE-2023-2162 CVE-2023-23454 CVE-2023-23455 CVE-2023-2483 CVE-2023-28328 CVE-2023-28464 CVE-2023-28772 CVE-2023-30772 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405). - CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). - CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). - CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). - CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). - CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). - CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783). - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940 bsc#1211260). - CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715). - CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186). - CVE-2023-1380: A slab-out-of-bound read problem was fixed in brcmf_get_assoc_ies(), that could lead to a denial of service (bsc#1209287). - CVE-2023-2513: A use-after-free vulnerability was fixed in the ext4 filesystem, related to the way it handled the extra inode size for extended attributes (bsc#1211105). - CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629). The following non-security bugs were fixed: - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). - ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). Important SUSE bug 1204405 SUSE bug 1205756 SUSE bug 1205758 SUSE bug 1205760 SUSE bug 1205762 SUSE bug 1205803 SUSE bug 1206878 SUSE bug 1209287 SUSE bug 1210629 SUSE bug 1210715 SUSE bug 1210783 SUSE bug 1210940 SUSE bug 1211105 SUSE bug 1211186 SUSE bug 1211260 SUSE bug 1211592 CVE-2022-3566 CVE-2022-45884 CVE-2022-45885 CVE-2022-45886 CVE-2022-45887 CVE-2022-45919 CVE-2023-1380 CVE-2023-2176 CVE-2023-2194 CVE-2023-2513 CVE-2023-31084 CVE-2023-31436 CVE-2023-32269 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 This update for python-requests fixes the following issues: - CVE-2023-32681: Fixed unintended leak of Proxy-Authorization header (bsc#1211674). Moderate SUSE bug 1211674 CVE-2023-32681 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 This update for samba fixes the following issues: - CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send (bsc#1213174). Bugfixes: - Fixed trust relationship failure (bsc#1213384). Moderate SUSE bug 1213174 SUSE bug 1213384 CVE-2022-2127 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bnc#1207237). - CVE-2023-23454: Fixed denial or service in cbq_classify in net/sched/sch_cbq.c (bnc#1207036). - CVE-2022-4662: Fixed incorrect access control in the USB core subsystem that could lead a local user to crash the system (bnc#1206664). - CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bnc#1206073). The following non-security bugs were fixed: - Added support for enabling livepatching related packages on -RT (jsc#PED-1706). - Added suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149). - Reverted 'constraints: increase disk space for all architectures' (bsc#1203693). - HID: betop: check shape of output reports (bsc#1207186). - HID: betop: fix slab-out-of-bounds Write in betop_probe (bsc#1207186). - HID: check empty report_list in hid_validate_values() (bsc#1206784). - net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036). - net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036). - sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). Important SUSE bug 1203693 SUSE bug 1205149 SUSE bug 1206073 SUSE bug 1206664 SUSE bug 1206677 SUSE bug 1206784 SUSE bug 1207036 SUSE bug 1207186 SUSE bug 1207237 CVE-2022-3564 CVE-2022-4662 CVE-2022-47929 CVE-2023-23454 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) - CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bsc#1194535). - CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051). - CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). - CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). - CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332). - CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773). - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2022-2991: Fixed an heap-based overflow in the lightnvm implemenation (bsc#1201420). The following non-security bugs were fixed: - kabi/severities: add l2tp local symbols Important SUSE bug 1191881 SUSE bug 1194535 SUSE bug 1201420 SUSE bug 1203331 SUSE bug 1203332 SUSE bug 1205711 SUSE bug 1207051 SUSE bug 1207773 SUSE bug 1207795 SUSE bug 1208700 SUSE bug 1209188 CVE-2021-4203 CVE-2022-2991 CVE-2022-36280 CVE-2022-38096 CVE-2022-4129 CVE-2023-0045 CVE-2023-0590 CVE-2023-23559 CVE-2023-26545 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability Extension 12 SP4 This update of drbd fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). Moderate SUSE bug 1209188 cpe:/o:suse:sle-ha:12:sp4 SUSE Linux Enterprise High Availability GEO Extension 12 SP4 This update for booth fixes the following issues: - CVE-2022-2553: authfile directive in booth config file is completely ignored (bsc#1201946). Important SUSE bug 1201946 CVE-2022-2553 cpe:/o:suse:sle-ha-geo:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removed entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry could remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769). - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751). - CVE-2018-18445: Faulty computation of numeric bounds in the BPF verifier permitted out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandled 32-bit right shifts (bnc#1112372). - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). - CVE-2017-18224: fs/ocfs2/aops.c omitted use of a semaphore and consequently had a race condition for access to the extent tree during read operations in DIRECT mode, which allowed local users to cause a denial of service (BUG) by modifying a certain e_cpos field (bnc#1084831). - CVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674). The following non-security bugs were fixed: - ACPI/APEI: Handle GSIV and GPIO notification types (bsc#1115567). - ACPICA: Tables: Add WSMT support (bsc#1089350). - ACPI/IORT: Fix iort_get_platform_device_domain() uninitialized pointer value (bsc#1051510). - ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers (bsc#1051510). - ACPI, nfit: Fix ARS overflow continuation (bsc#1116895). - ACPI, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#1112128). - ACPI/nfit, x86/mce: Handle only uncorrectable machine checks (bsc#1114279). - ACPI/nfit, x86/mce: Validate a MCE's address before using it (bsc#1114279). - ACPI / platform: Add SMB0001 HID to forbidden_id_list (bsc#1051510). - ACPI / processor: Fix the return value of acpi_processor_ids_walk() (bsc#1051510). - ACPI / watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM (bsc#1051510). - act_ife: fix a potential use-after-free (networking-stable-18_09_11). - Add the cherry-picked dup id for PCI dwc fix - Add version information to KLP_SYMBOLS file - ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write (bsc#1051510). - ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bsc#1051510). - ALSA: control: Fix race between adding and removing a user element (bsc#1051510). - ALSA: hda: Add 2 more models to the power_save blacklist (bsc#1051510). - ALSA: hda: Add ASRock N68C-S UCC the power_save blacklist (bsc#1051510). - ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905) (bsc#1051510). - ALSA: hda - Add quirk for ASUS G751 laptop (bsc#1051510). - ALSA: hda/ca0132 - Call pci_iounmap() instead of iounmap() (bsc#1051510). - ALSA: hda - Fix headphone pin config for ASUS G751 (bsc#1051510). - ALSA: hda: fix unused variable warning (bsc#1051510). - ALSA: hda/realtek - Add auto-mute quirk for HP Spectre x360 laptop (bsc#1051510). - ALSA: hda/realtek - Add GPIO data update helper (bsc#1051510). - ALSA: hda/realtek - Allow skipping spec->init_amp detection (bsc#1051510). - ALSA: hda/realtek - fix headset mic detection for MSI MS-B171 (bsc#1051510). - ALSA: hda/realtek - Fix HP Headset Mic can't record (bsc#1051510). - ALSA: hda/realtek - fix the pop noise on headphone for lenovo laptops (bsc#1051510). - ALSA: hda/realtek - Fix the problem of the front MIC on the Lenovo M715 (bsc#1051510). - ALSA: hda/realtek - Manage GPIO bits commonly (bsc#1051510). - ALSA: hda/realtek - Simplify Dell XPS13 GPIO handling (bsc#1051510). - ALSA: hda/realtek - Support ALC300 (bsc#1051510). - ALSA: oss: Use kvzalloc() for local buffer allocations (bsc#1051510). - ALSA: sparc: Fix invalid snd_free_pages() at error path (bsc#1051510). - ALSA: usb-audio: Add vendor and product name for Dell WD19 Dock (bsc#1051510). - ALSA: usb-audio: update quirk for B&W PX to remove microphone (bsc#1051510). - ALSA: wss: Fix invalid snd_free_pages() at error path (bsc#1051510). - amd/iommu: Fix Guest Virtual APIC Log Tail Address Register (bsc#1106105). - arm64: KVM: Move CPU ID reg trap setup off the world switch path (bsc#1110998). - arm64: KVM: Sanitize PSTATE.M when being set from userspace (bsc#1110998). - arm64: KVM: Tighten guest core register access from userspace (bsc#1110998). - ARM: dts: at91: add new compatibility string for macb on sama5d3 (bsc#1051510). - ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE to dwc (bsc#1085535) - ASoC: Intel: cht_bsw_max98090: add support for Baytrail (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0 (bsc#1051510). - ASoC: intel: skylake: Add missing break in skl_tplg_get_token() (bsc#1051510). - ASoC: Intel: Skylake: Reset the controller in probe (bsc#1051510). - ASoC: rsnd: adg: care clock-frequency size (bsc#1051510). - ASoC: rsnd: do not fallback to PIO mode when -EPROBE_DEFER (bsc#1051510). - ASoC: rt5514: Fix the issue of the delay volume applied again (bsc#1051510). - ASoC: sigmadsp: safeload should not have lower byte limit (bsc#1051510). - ASoC: sun8i-codec: fix crash on module removal (bsc#1051510). - ASoC: wm8804: Add ACPI support (bsc#1051510). - ata: Fix racy link clearance (bsc#1107866). - ataflop: fix error handling during setup (bsc#1051510). - ath10k: fix kernel panic issue during pci probe (bsc#1051510). - ath10k: fix scan crash due to incorrect length calculation (bsc#1051510). - ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait (bsc#1051510). - ath10k: schedule hardware restart if WMI command times out (bsc#1051510). - autofs: fix autofs_sbi() does not check super block type (git-fixes). - autofs: fix slab out of bounds read in getname_kernel() (git-fixes). - autofs: mount point create should honour passed in mode (git-fixes). - badblocks: fix wrong return value in badblocks_set if badblocks are disabled (git-fixes). - batman-adv: Avoid probe ELP information leak (bsc#1051510). - batman-adv: Expand merged fragment buffer for full packet (bsc#1051510). - batman-adv: fix backbone_gw refcount on queue_work() failure (bsc#1051510). - batman-adv: fix hardif_neigh refcount on queue_work() failure (bsc#1051510). - batman-adv: Use explicit tvlv padding for ELP packets (bsc#1051510). - bdi: Fix another oops in wb_workfn() (bsc#1112746). - bdi: Preserve kabi when adding cgwb_release_mutex (bsc#1112746). - bitops: protect variables in bit_clear_unless() macro (bsc#1051510). - bitops: protect variables in set_mask_bits() macro (bsc#1051510). - Blacklist commit that modifies Scsi_Host/kabi (bsc#1114579) - Blacklist sd_zbc patch that is too invasive (bsc#1114583) - Blacklist virtio patch that uses bio_integrity_bytes() (bsc#1114585) - blk-mq: I/O and timer unplugs are inverted in blktrace (bsc#1112713). - block, bfq: fix wrong init of saved start time for weight raising (bsc#1112708). - block: bfq: swap puts in bfqg_and_blkg_put (bsc#1112712). - block: copy ioprio in __bio_clone_fast() (bsc#1082653). - block: respect virtual boundary mask in bvecs (bsc#1113412). - Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bsc#1051510). - Bluetooth: SMP: fix crash in unpairing (bsc#1051510). - bnxt_en: Fix TX timeout during netpoll (networking-stable-18_10_16). - bnxt_en: free hwrm resources, if driver probe fails (networking-stable-18_10_16). - bonding: avoid possible dead-lock (networking-stable-18_10_16). - bonding: fix length of actor system (networking-stable-18_11_02). - bonding: fix warning message (networking-stable-18_10_16). - bonding: pass link-local packets to bonding master also (networking-stable-18_10_16). - bpf: fix partial copy of map_ptr when dst is scalar (bsc#1083647). - bpf, net: add skb_mac_header_len helper (networking-stable-18_09_24). - bpf/verifier: disallow pointer subtraction (bsc#1083647). - bpf: wait for running BPF programs when updating map-in-map (bsc#1083647). - brcmfmac: fix for proper support of 160MHz bandwidth (bsc#1051510). - brcmfmac: fix reporting support for 160 MHz channels (bsc#1051510). - brcmutil: really fix decoding channel info for 160 MHz bandwidth (bsc#1051510). - bridge: do not add port to router list when receives query with source 0.0.0.0 (networking-stable-18_11_02). - Btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency for bsc#1113667). - Btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667). - Btrfs: fix assertion failure during fsync in no-holes mode (bsc#1118136). - Btrfs: fix assertion on fsync of regular file when using no-holes feature (bsc#1118137). - Btrfs: fix cur_offset in the error case for nocow (bsc#1118140). - Btrfs: fix data corruption due to cloning of eof block (bsc#1116878). - Btrfs: fix deadlock on tree root leaf when finding free extent (bsc#1116876). - Btrfs: fix deadlock when writing out free space caches (bsc#1116700). - Btrfs: fix infinite loop on inode eviction after deduplication of eof block (bsc#1116877). - Btrfs: fix missing error return in btrfs_drop_snapshot (Git-fixes bsc#1109919). - Btrfs: fix null pointer dereference on compressed write path error (bsc#1116698). - Btrfs: fix use-after-free during inode eviction (bsc#1116701). - Btrfs: fix use-after-free when dumping free space (bsc#1116862). - Btrfs: fix warning when replaying log after fsync of a tmpfile (bsc#1116692). - Btrfs: fix wrong dentries after fsync of file that got its parent replaced (bsc#1116693). - Btrfs: handle errors while updating refcounts in update_ref_for_cow (Git-fixes bsc#1109915). - Btrfs: make sure we create all new block groups (bsc#1116699). - Btrfs: protect space cache inode alloc with GFP_NOFS (bsc#1116863). - Btrfs: send, fix infinite loop due to directory rename dependencies (bsc#1118138). - cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) (bsc#1051510). - can: dev: __can_get_echo_skb(): Do not crash the kernel if can_priv::echo_skb is accessed out of bounds (bsc#1051510). - can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() (bsc#1051510). - can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb (bsc#1051510). - can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length (bsc#1051510). - can: hi311x: Use level-triggered interrupt (bsc#1051510). - can: raw: check for CAN FD capable netdev in raw_sendmsg() (bsc#1051510). - can: rcar_can: Fix erroneous registration (bsc#1051510). - can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions (bsc#1051510). - cdc-acm: correct counting of UART states in serial state notification (bsc#1051510). - cdc-acm: do not reset notification buffer index upon urb unlinking (bsc#1051510). - cdc-acm: fix race between reset and control messaging (bsc#1051510). - ceph: avoid a use-after-free in ceph_destroy_options() (bsc#1111983). - ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839). - ceph: quota: fix null pointer dereference in quota check (bsc#1114839). - cfg80211: Address some corner cases in scan result channel updating (bsc#1051510). - cfg80211: fix use-after-free in reg_process_hint() (bsc#1051510). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902). - cifs: fix memory leak in SMB2_open() (bsc#1112894). - cifs: Fix use after free of a mid_q_entry (bsc#1112903). - clk: at91: Fix division by zero in PLL recalc_rate() (bsc#1051510). - clk: fixed-factor: fix of_node_get-put imbalance (bsc#1051510). - clk: fixed-rate: fix of_node_get-put imbalance (bsc#1051510). - clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk (bsc#1051510). - clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call (bsc#1051510). - clk: s2mps11: Add used attribute to s2mps11_dt_match (bsc#1051510). - clk: s2mps11: Fix matching when built as module and DT node contains compatible (bsc#1051510). - clk: samsung: exynos5420: Enable PERIS clocks for suspend (bsc#1051510). - clk: x86: add 'ether_clk' alias for Bay Trail / Cherry Trail (bsc#1051510). - clk: x86: Stop marking clocks as CLK_IS_CRITICAL (bsc#1051510). - clockevents/drivers/i8253: Add support for PIT shutdown quirk (bsc#1051510). - clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs (bsc#1051510). - clocksource/drivers/timer-atmel-pit: Properly handle error cases (bsc#1051510). - coda: fix 'kernel memory exposure attempt' in fsync (bsc#1051510). - configfs: replace strncpy with memcpy (bsc#1051510). - crypto: caam - fix implicit casts in endianness helpers (bsc#1051510). - crypto: chelsio - Fix memory corruption in DMA Mapped buffers (bsc#1051510). - crypto: lrw - Fix out-of bounds access on counter overflow (bsc#1051510). - crypto: simd - correctly take reqsize of wrapped skcipher into account (bsc#1051510). - crypto: tcrypt - fix ghash-generic speed test (bsc#1051510). - dax: Fix deadlock in dax_lock_mapping_entry() (bsc#1109951). - debugobjects: Make stack check warning more informative (bsc#1051510). - Documentation/l1tf: Fix small spelling typo (bsc#1051510). - Documentation/l1tf: Fix typos (bsc#1051510). - Documentation/l1tf: Remove Yonah processors from not vulnerable list (bsc#1051510). - do d_instantiate/unlock_new_inode combinations safely (git-fixes). - Do not leak MNT_INTERNAL away from internal mounts (git-fixes). - driver/dma/ioat: Call del_timer_sync() without holding prep_lock (bsc#1051510). - drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type (bsc#1051510). - drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 (bsc#1051510). - drm/amdgpu: Fix vce work queue was not cancelled when suspend (bsc#1106110) - drm/amdgpu/powerplay: fix missing break in switch statements (bsc#1113722) - drm/ast: change resolution may cause screen blurred (boo#1112963). - drm/ast: fixed cursor may disappear sometimes (bsc#1051510). - drm/ast: Fix incorrect free on ioregs (bsc#1051510). - drm/ast: Remove existing framebuffers before loading driver (boo#1112963) - drm/dp_mst: Check if primary mstb is null (bsc#1051510). - drm/dp_mst: Skip validating ports during destruction, just ref (bsc#1051510). - drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510). - drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl (bsc#1113722) - drm/edid: VSDB yCBCr420 Deep Color mode bit definitions (bsc#1051510). - drm: fb-helper: Reject all pixel format changing requests (bsc#1113722) - drm/hisilicon: hibmc: Do not carry error code in HiBMC framebuffer (bsc#1113722) - drm/hisilicon: hibmc: Do not overwrite fb helper surface depth (bsc#1113722) - drm/i915/audio: Hook up component bindings even if displays are (bsc#1113722) - drm/i915: Do not oops during modeset shutdown after lpe audio deinit (bsc#1051510). - drm/i915: Do not unset intel_connector->mst_port (bsc#1051510). - drm/i915/dp: Link train Fallback on eDP only if fallback link BW can fit panel's native mode (bsc#1051510). - drm/i915/execlists: Force write serialisation into context image vs execution (bsc#1051510). - drm/i915: Fix ilk+ watermarks when disabling pipes (bsc#1051510). - drm/i915/gen9+: Fix initial readout for Y tiled framebuffers (bsc#1113722) - drm/i915/glk: Add Quirk for GLK NUC HDMI port issues (bsc#1051510). - drm/i915/glk: Remove 99% limitation (bsc#1051510). - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bsc#1051510). - drm/i915: Large page offsets for pread/pwrite (bsc#1051510). - drm/i915: Mark pin flags as u64 (bsc#1051510). - drm/i915: Restore vblank interrupts earlier (bsc#1051510). - drm/i915: Skip vcpi allocation for MSTB ports that are gone (bsc#1051510). - drm/i915: Write GPU relocs harder with gen3 (bsc#1051510). - drm: mali-dp: Call drm_crtc_vblank_reset on device init (bsc#1051510). - drm/mediatek: fix OF sibling-node lookup (bsc#1106110) - drm/meson: add support for 1080p25 mode (bsc#1051510). - drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config (bsc#1051510). - drm/meson: Fix OOB memory accesses in meson_viu_set_osd_lut() (bsc#1051510). - drm/msm: fix OF child-node lookup (bsc#1106110) - drm/nouveau: Check backlight IDs are >= 0, not > 0 (bsc#1051510). - drm/nouveau: Do not disable polling in fallback mode (bsc#1103356). - drm/omap: fix memory barrier bug in DMM driver (bsc#1051510). - drm/rockchip: Allow driver to be shutdown on reboot/kexec (bsc#1051510). - drm/sti: do not remove the drm_bridge that was never added (bsc#1100132) - drm/sun4i: Fix an ulong overflow in the dotclock driver (bsc#1106110) - drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset() (bsc#1113722) - e1000: check on netif_running() before calling e1000_up() (bsc#1051510). - e1000: ensure to free old tx/rx rings in set_ringparam() (bsc#1051510). - EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting (bsc#1114279). - EDAC: Raise the maximum number of memory controllers (bsc#1113780). - EDAC, skx_edac: Fix logical channel intermediate decoding (bsc#1114279). - EDAC, thunderx: Fix memory leak in thunderx_l2c_threaded_isr() (bsc#1114279). - eeprom: at24: change nvmem stride to 1 (bsc#1051510). - eeprom: at24: check at24_read/write arguments (bsc#1051510). - eeprom: at24: correctly set the size for at24mac402 (bsc#1051510). - Enable LSPCON instead of blindly disabling HDMI - enic: do not call enic_change_mtu in enic_probe (bsc#1051510). - enic: handle mtu change for vf properly (bsc#1051510). - enic: initialize enic->rfs_h.lock in enic_probe (bsc#1051510). - ethtool: fix a privilege escalation bug (bsc#1076830). - ext2, dax: set ext2_dax_aops for dax files (bsc#1112554). - ext4: add missing brelse() add_new_gdb_meta_bg()'s error path (bsc#1117795). - ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path (bsc#1117794). - ext4: add missing brelse() update_backups()'s error path (bsc#1117796). - ext4: avoid arithemetic overflow that can trigger a BUG (bsc#1112736). - ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802). - ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty() (bsc#1117801). - ext4: avoid divide by zero fault when deleting corrupted inline directories (bsc#1112735). - ext4: avoid potential extra brelse in setup_new_flex_group_blocks() (bsc#1117792). - ext4: check for NUL characters in extended attribute's name (bsc#1112732). - ext4: check to make sure the rename(2)'s destination is not freed (bsc#1112734). - ext4: do not mark mmp buffer head dirty (bsc#1112743). - ext4: fix buffer leak in __ext4_read_dirblock() on error path (bsc#1117807). - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806). - ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing (bsc#1117798). - ext4: fix online resize's handling of a too-small final block group (bsc#1112739). - ext4: fix online resizing for bigalloc file systems with a 1k block size (bsc#1112740). - ext4: fix possible inode leak in the retry loop of ext4_resize_fs() (bsc#1117799). - ext4: fix possible leak of sbi->s_group_desc_leak in error path (bsc#1117803). - ext4: fix possible leak of s_journal_flag_rwsem in error path (bsc#1117804). - ext4: fix setattr project check in fssetxattr ioctl (bsc#1117789). - ext4: fix spectre gadget in ext4_mb_regular_allocator() (bsc#1112733). - ext4: fix use-after-free race in ext4_remount()'s error path (bsc#1117791). - ext4: initialize retries variable in ext4_da_write_inline_data_begin() (bsc#1117788). - ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR (bsc#1117790). - ext4: recalucate superblock checksum after updating free blocks/inodes (bsc#1112738). - ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805). - ext4: reset error code in ext4_find_entry in fallback (bsc#1112731). - ext4: show test_dummy_encryption mount option in /proc/mounts (bsc#1112741). - fbdev: fix broken menu dependencies (bsc#1113722) - fbdev/omapfb: fix omapfb_memory_read infoleak (bsc#1051510). - firmware: dcdbas: Add support for WSMT ACPI table (bsc#1089350 ). - firmware: dcdbas: include linux/io.h (bsc#1089350). - Fix kABI for 'Ensure we commit after writeback is complete' (bsc#1111809). - floppy: fix race condition in __floppy_read_block_0() (bsc#1051510). - flow_dissector: do not dissect l4 ports for fragments (networking-stable-18_11_21). - fscache: fix race between enablement and dropping of object (bsc#1107385). - fs: dcache: Avoid livelock between d_alloc_parallel and __d_add (git-fixes). - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() (git-fixes). - fs: dcache: Use READ_ONCE when accessing i_dir_seq (git-fixes). - fs: Make extension of struct super_block transparent (bsc#1117822). - fsnotify: Fix busy inodes during unmount (bsc#1117822). - fsnotify: fix ignore mask logic in fsnotify() (bsc#1115074). - fs/quota: Fix spectre gadget in do_quotactl (bsc#1112745). - ftrace: Fix debug preempt config name in stack_tracer_{en,dis}able (bsc#1117172). - ftrace: Fix kmemleak in unregister_ftrace_graph (bsc#1117181). - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bsc#1117174). - ftrace: Remove incorrect setting of glob search field (bsc#1117184). - genirq: Fix race on spurious interrupt detection (bsc#1051510). - getname_kernel() needs to make sure that ->name != ->iname in long case (git-fixes). - gpio: do not free unallocated ida on gpiochip_add_data_with_key() error path (bsc#1051510). - grace: replace BUG_ON by WARN_ONCE in exit_net hook (git-fixes). - gso_segment: Reset skb->mac_len after modifying network header (networking-stable-18_09_24). - hfsplus: do not return 0 when fill_super() failed (bsc#1051510). - hfsplus: stop workqueue when fill_super() failed (bsc#1051510). - hfs: prevent crash on exit from failed search (bsc#1051510). - HID: hiddev: fix potential Spectre v1 (bsc#1051510). - HID: hid-sensor-hub: Force logical minimum to 1 for power and report state (bsc#1051510). - HID: quirks: fix support for Apple Magic Keyboards (bsc#1051510). - HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report (bsc#1051510). - HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges (bsc#1051510). - hv: avoid crash in vmbus sysfs files (bnc#1108377). - hv_netvsc: fix schedule in RCU context (). - hv_netvsc: ignore devices that are not PCI (networking-stable-18_09_11). - hwmon: (core) Fix double-free in __hwmon_device_register() (bsc#1051510). - hwmon: (ibmpowernv) Remove bogus __init annotations (bsc#1051510). - hwmon: (ina2xx) Fix current value calculation (bsc#1051510). - hwmon (ina2xx) Fix NULL id pointer in probe() (bsc#1051510). - hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510). - hwmon: (pmbus) Fix page count auto-detection (bsc#1051510). - hwmon: (pwm-fan) Set fan speed to 0 on suspend (bsc#1051510). - hwmon: (raspberrypi) Fix initial notify (bsc#1051510). - hwmon: (w83795) temp4_type has writable permission (bsc#1051510). - hwrng: core - document the quality field (bsc#1051510). - hypfs_kill_super(): deal with failed allocations (bsc#1051510). - i2c: i2c-scmi: fix for i2c_smbus_write_block_data (bsc#1051510). - i2c: rcar: cleanup DMA for all kinds of failure (bsc#1051510). - ibmvnic: fix accelerated VLAN handling (). - ibmvnic: fix index in release_rx_pools (bsc#1115440, bsc#1115433). - ibmvnic: remove ndo_poll_controller (). - ibmvnic: Update driver queues after change in ring size support (). - iio: accel: adxl345: convert address field usage in iio_chan_spec (bsc#1051510). - iio: ad5064: Fix regulator handling (bsc#1051510). - iio: adc: at91: fix acking DRDY irq on simple conversions (bsc#1051510). - iio: adc: at91: fix wrong channel number in triggered buffer mode (bsc#1051510). - iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs() (bsc#1051510). - iio:st_magn: Fix enable device after trigger (bsc#1051510). - ima: fix showing large 'violations' or 'runtime_measurements_count' (bsc#1051510). - include/linux/pfn_t.h: force '~' to be parsed as an unary operator (bsc#1051510). - inet: make sure to grab rcu_read_lock before using ireq->ireq_opt (networking-stable-18_10_16). - Input: atakbd - fix Atari CapsLock behaviour (bsc#1051510). - Input: atakbd - fix Atari keymap (bsc#1051510). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bsc#1051510). - Input: synaptics - avoid using uninitialized variable when probing (bsc#1051510). - Input: xpad - add PDP device id 0x02a4 (bsc#1051510). - Input: xpad - add support for Xbox1 PDP Camo series gamepad (bsc#1051510). - Input: xpad - avoid using __set_bit() for capabilities (bsc#1051510). - Input: xpad - fix some coding style issues (bsc#1051510). - intel_th: pci: Add Ice Lake PCH support (bsc#1051510). - iommu/arm-smmu: Ensure that page-table updates are visible before TLBI (bsc#1106237). - iommu/arm-smmu: Error out only if not enough context interrupts (bsc#1106237). - iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105). - iommu/vt-d: Add definitions for PFSID (bsc#1106237). - iommu/vt-d: Fix dev iotlb pfsid use (bsc#1106237). - iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() (bsc#1106105). - iommu/vt-d: Fix scatterlist offset handling (bsc#1106237). - iommu/vt-d: Use memunmap to free memremap (bsc#1106105). - ip6_tunnel: be careful when accessing the inner header (networking-stable-18_10_16). - ip6_tunnel: Fix encapsulation layout (networking-stable-18_11_02). - ip6_vti: fix a null pointer deference when destroy vti6 tunnel (networking-stable-18_09_11). - ipmi: Fix timer race with module unload (bsc#1051510). - ip_tunnel: be careful when accessing the inner header (networking-stable-18_10_16). - ip_tunnel: do not force DF when MTU is locked (networking-stable-18_11_21). - ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu (networking-stable-18_11_21). - ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state (networking-stable-18_09_11). - ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF (networking-stable-18_11_21). - ipv6: fix possible use-after-free in ip6_xmit() (networking-stable-18_09_24). - ipv6: mcast: fix a use-after-free in inet6_mc_check (networking-stable-18_11_02). - ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called (networking-stable-18_11_02). - ipv6: take rcu lock in rawv6_send_hdrinc() (networking-stable-18_10_16). - iwlwifi: dbg: allow wrt collection before ALIVE (bsc#1051510). - iwlwifi: dbg: do not crash if the firmware crashes in the middle of a debug dump (bsc#1051510). - iwlwifi: do not WARN on trying to dump dead firmware (bsc#1051510). - iwlwifi: mvm: Allow TKIP for AP mode (bsc#1051510). - iwlwifi: mvm: check for n_profiles validity in EWRD ACPI (bsc#1051510). - iwlwifi: mvm: check for short GI only for OFDM (bsc#1051510). - iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() (bsc#1051510). - iwlwifi: mvm: clear HW_RESTART_REQUESTED when stopping the interface (bsc#1051510). - iwlwifi: mvm: do not use SAR Geo if basic SAR is not used (bsc#1051510). - iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510). - iwlwifi: mvm: fix regulatory domain update when the firmware starts (bsc#1051510). - iwlwifi: mvm: open BA session only when sta is authorized (bsc#1051510). - iwlwifi: mvm: send BCAST management frames to the right station (bsc#1051510). - iwlwifi: mvm: support sta_statistics() even on older firmware (bsc#1051510). - iwlwifi: pcie: avoid empty free RB queue (bsc#1051510). - iwlwifi: pcie: gen2: build A-MSDU only for GSO (bsc#1051510). - iwlwifi: pcie gen2: check iwl_pcie_gen2_set_tb() return value (bsc#1051510). - jbd2: fix use after free in jbd2_log_do_checkpoint() (bsc#1113257). - KABI fix for 'NFSv4.1: Fix up replays of interrupted requests' (git-fixes). - kABI: Hide get_msr_feature() in kvm_x86_ops (bsc#1106240). - KABI: hide new member in struct iommu_table from genksyms (bsc#1061840). - KABI: mask raw in struct bpf_reg_state (bsc#1083647). - KABI: powerpc: export __find_linux_pte as __find_linux_pte_or_hugepte (bsc#1061840). - KABI: powerpc: Revert npu callback signature change (bsc#1055120). - KABI: protect struct fib_nh_exception (kabi). - KABI: protect struct rtable (kabi). - KABI/severities: ignore __xive_vm_h_* KVM internal symbols. - Kbuild: fix # escaping in .cmd files for future Make (git-fixes). - kbuild: fix kernel/bounds.c 'W=1' warning (bsc#1051510). - kbuild: move '_all' target out of $(KBUILD_SRC) conditional (bsc#1114279). - kernfs: update comment about kernfs_path() return value (bsc#1051510). - kgdboc: Passing ekgdboc to command line causes panic (bsc#1051510). - kprobes/x86: Fix %p uses in error messages (bsc#1110006). - KVM: arm/arm64: Introduce vcpu_el1_is_32bit (bsc#1110998). - KVM: Make VM ioctl do valloc for some archs (bsc#1111506). - KVM: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240). - KVM: nVMX: move check_vmentry_postreqs() call to nested_vmx_enter_non_root_mode() (bsc#1106240). - KVM: PPC: Add pt_regs into kvm_vcpu_arch and move vcpu->arch.gpr[] into it (bsc#1061840). - KVM: PPC: Avoid marking DMA-mapped pages dirty in real mode (bsc#1061840). - KVM: PPC: Book3S: Add MMIO emulation for VMX instructions (bsc#1061840). - KVM: PPC: Book3S: Allow backing bigger guest IOMMU pages with smaller physical pages (bsc#1061840). - KVM: PPC: Book3S: Check KVM_CREATE_SPAPR_TCE_64 parameters (bsc#1061840). - KVM: PPC: Book3S: Eliminate some unnecessary checks (bsc#1061840). - KVM: PPC: Book3S: Fix compile error that occurs with some gcc versions (bsc#1061840). - KVM: PPC: Book3S: Fix matching of hardware and emulated TCE tables (bsc#1061840). - KVM: PPC: Book3S HV: Add of_node_put() in success path (bsc#1061840). - KVM: PPC: Book3S HV: Add 'online' register to ONE_REG interface (bsc#1061840). - KVM: PPC: Book3S HV: Allow creating max number of VCPUs on POWER9 (bsc#1061840). - KVM: PPC: Book3S HV: Allow HPT and radix on the same core for POWER9 v2.2 (bsc#1061840). - KVM: PPC: Book3S HV: Avoid crash from THP collapse during radix page fault (bsc#1061840). - KVM: PPC: Book3S HV: Avoid shifts by negative amounts (bsc#1061840). - KVM: PPC: Book3S HV: Check DR not IR to chose real vs virt mode MMIOs (bsc#1061840). - KVM: PPC: Book3S HV: Do not truncate HPTE index in xlate function (bsc#1061840). - KVM: PPC: Book3S HV: Do not use compound_order to determine host mapping size (bsc#1061840). - KVM: PPC: Book3S HV: Do not use existing 'prodded' flag for XIVE escalations (bsc#1061840). - KVM: PPC: Book 3S HV: Do ptesync in radix guest exit path (bsc#1061840). - KVM: PPC: Book3S HV: Do SLB load/unload with guest LPCR value loaded (bsc#1061840). - KVM: PPC: Book3S HV: Enable migration of decrementer register (bsc#1061840). - KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm (bsc#1061840). - KVM: PPC: Book3S HV: Fix conditions for starting vcpu (bsc#1061840). - KVM: PPC: Book3S HV: Fix constant size warning (bsc#1061840). - KVM: PPC: Book3S HV: Fix duplication of host SLB entries (bsc#1061840). - KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds (bsc#1061840). - KVM: PPC: Book3S HV: Fix handling of large pages in radix page fault handler (bsc#1061840). - KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing code (bsc#1061840). - KVM: PPC: Book3S HV: Fix inaccurate comment (bsc#1061840). - KVM: PPC: Book3S HV: Fix kvmppc_bad_host_intr for real mode interrupts (bsc#1061840). - KVM: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry (bsc#1061840). - KVM: PPC: Book3S HV: Fix typo in kvmppc_hv_get_dirty_log_radix() (bsc#1061840). - KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing (bsc#1061840). - KVM: PPC: Book3S HV: Handle 1GB pages in radix page fault handler (bsc#1061840). - KVM: PPC: Book3S HV: Improve handling of debug-trigger HMIs on POWER9 (bsc#1061840). - KVM: PPC: Book3S HV: Keep XIVE escalation interrupt masked unless ceded (bsc#1061840). - KVM: PPC: Book3S HV: Lockless tlbie for HPT hcalls (bsc#1061840). - KVM: PPC: Book3S HV: Make HPT resizing work on POWER9 (bsc#1061840). - KVM: PPC: Book3S HV: Make radix clear pte when unmapping (bsc#1061840). - KVM: PPC: Book3S HV: Make radix use correct tlbie sequence in kvmppc_radix_tlbie_page (bsc#1061840). - KVM: PPC: Book3S HV: Make xive_pushed a byte, not a word (bsc#1061840). - KVM: PPC: Book3S HV: Pack VCORE IDs to access full VCPU ID space (bsc#1061840). - KVM: PPC: Book3S HV: radix: Do not clear partition PTE when RC or write bits do not match (bsc#1061840). - KVM: PPC: Book3S HV: Radix page fault handler optimizations (bsc#1061840). - KVM: PPC: Book3S HV: radix: Refine IO region partition scope attributes (bsc#1061840). - KVM: PPC: Book3S HV: Read kvm->arch.emul_smt_mode under kvm->lock (bsc#1061840). - KVM: PPC: Book3S HV: Recursively unmap all page table entries when unmapping (bsc#1061840). - KVM: PPC: Book3S HV: Remove useless statement (bsc#1061840). - KVM: PPC: Book3S HV: Remove vcpu->arch.dec usage (bsc#1061840). - KVM: PPC: Book3S HV: Send kvmppc_bad_interrupt NMIs to Linux handlers (bsc#1061840). - KVM: PPC: Book3S HV: Set RWMR on POWER8 so PURR/SPURR count correctly (bsc#1061840). - KVM: PPC: Book3S HV: Snapshot timebase offset on guest entry (bsc#1061840). - KVM: PPC: Book3S HV: Streamline setting of reference and change bits (bsc#1061840). - KVM: PPC: Book3S HV: Use a helper to unmap ptes in the radix fault path (bsc#1061840). - KVM: PPC: Book3S HV: Use __gfn_to_pfn_memslot() in page fault handler (bsc#1061840). - KVM: PPC: Book3S HV: XIVE: Resend re-routed interrupts on CPU priority change (bsc#1061840). - KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm() (bsc#1061840). - KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file (bsc#1061840). - KVM: PPC: Book3S: Use correct page shift in H_STUFF_TCE (bsc#1061840). - KVM: PPC: Fix a mmio_host_swabbed uninitialized usage issue (bsc#1061840). - KVM: PPC: Make iommu_table::it_userspace big endian (bsc#1061840). - KVM: PPC: Move nip/ctr/lr/xer registers to pt_regs in kvm_vcpu_arch (bsc#1061840). - KVM: PPC: Use seq_puts() in kvmppc_exit_timing_show() (bsc#1061840). - KVM: s390: vsie: copy wrapping keys to right place (git-fixes). - KVM: SVM: Add MSR-based feature support for serializing LFENCE (bsc#1106240). - KVM: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb (bsc#1114279). - KVM: VMX: re-add ple_gap module parameter (bsc#1106240). - KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR (bsc#1106240). - KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry (bsc#1106240). - KVM: x86: Add a framework for supporting MSR-based features (bsc#1106240). - KVM: x86: define SVM/VMX specific kvm_arch_[alloc|free]_vm (bsc#1111506). - KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall (bsc#1106240). - KVM: X86: Introduce kvm_get_msr_feature() (bsc#1106240). - KVM/x86: kABI fix for vm_alloc/vm_free changes (bsc#1111506). - KVM: x86: Set highest physical address bits in non-present/reserved SPTEs (bsc#1106240). - libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839). - libceph: fall back to sendmsg for slab pages (bsc#1118316). - libertas: call into generic suspend code before turning off power (bsc#1051510). - libertas: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510). - libnvdimm, badrange: remove a WARN for list_empty (bsc#1112128). - libnvdimm, dimm: Maximize label transfer size (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm: Hold reference on parent while scheduling async init (bsc#1116891). - libnvdimm: Introduce locked DIMM capacity support (bsc#1112128). - libnvdimm, label: change nvdimm_num_label_slots per UEFI 2.7 (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm, label: Fix sparse warning (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm: move poison list functions to a new 'badrange' file (bsc#1112128). - libnvdimm/nfit_test: add firmware download emulation (bsc#1112128). - libnvdimm/nfit_test: adding support for unit testing enable LSS status (bsc#1112128). - libnvdimm, region: Fail badblocks listing for inactive regions (bsc#1116899). - libnvdimm, testing: Add emulation for smart injection commands (bsc#1112128). - libnvdimm, testing: update the default smart ctrl_temperature (bsc#1112128). - lib/ubsan: add type mismatch handler for new GCC/Clang (bsc#1051510). - lib/ubsan.c: s/missaligned/misaligned/ (bsc#1051510). - livepatch: create and include UAPI headers (). - llc: set SOCK_RCU_FREE in llc_sap_add_socket() (networking-stable-18_11_02). - lockd: fix 'list_add double add' caused by legacy signal interface (git-fixes). - loop: add recursion validation to LOOP_CHANGE_FD (bsc#1112711). - loop: do not call into filesystem while holding lo_ctl_mutex (bsc#1112710). - loop: fix LOOP_GET_STATUS lock imbalance (bsc#1113284). - mac80211: Always report TX status (bsc#1051510). - mac80211: fix TX status reporting for ieee80211s (bsc#1051510). - mac80211_hwsim: do not omit multicast announce of first added radio (bsc#1051510). - mac80211: minstrel: fix using short preamble CCK rates on HT clients (bsc#1051510). - mac80211: TDLS: fix skb queue/priority assignment (bsc#1051510). - mach64: detect the dot clock divider correctly on sparc (bsc#1051510). - mach64: fix display corruption on big endian machines (bsc#1113722) - mach64: fix image corruption due to reading accelerator registers (bsc#1113722) - mailbox: PCC: handle parse error (bsc#1051510). - make sure that __dentry_kill() always invalidates d_seq, unhashed or not (git-fixes). - md: allow metadata updates while suspending an array - fix (git-fixes). - MD: fix invalid stored role for a disk - try2 (git-fixes). - md: fix NULL dereference of mddev->pers in remove_and_add_spares() (git-fixes). - md/raid10: fix that replacement cannot complete recovery after reassemble (git-fixes). - md/raid1: add error handling of read error from FailFast device (git-fixes). - md/raid5-cache: disable reshape completely (git-fixes). - md/raid5: fix data corruption of replacements after originals dropped (git-fixes). - media: af9035: prevent buffer overflow on write (bsc#1051510). - media: cx231xx: fix potential sign-extension overflow on large shift (bsc#1051510). - media: dvb: fix compat ioctl translation (bsc#1051510). - media: em28xx: fix input name for Terratec AV 350 (bsc#1051510). - media: em28xx: use a default format if TRY_FMT fails (bsc#1051510). - media: pci: cx23885: handle adding to list failure (bsc#1051510). - media: tvp5150: avoid going past array on v4l2_querymenu() (bsc#1051510). - media: tvp5150: fix switch exit in set control handler (bsc#1051510). - media: tvp5150: fix width alignment during set_selection() (bsc#1051510). - media: uvcvideo: Fix uvc_alloc_entity() allocation alignment (bsc#1051510). - media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD (bsc#1051510). - media: vsp1: Fix YCbCr planar formats pitch calculation (bsc#1051510). - memory_hotplug: cond_resched in __remove_pages (bnc#1114178). - mfd: arizona: Correct calling of runtime_put_sync (bsc#1051510). - mfd: menelaus: Fix possible race condition and leak (bsc#1051510). - mfd: omap-usb-host: Fix dts probe of children (bsc#1051510). - mlxsw: spectrum: Fix IP2ME CPU policer configuration (networking-stable-18_11_21). - mmc: block: avoid multiblock reads for the last sector in SPI mode (bsc#1051510). - mmc: dw_mmc-rockchip: correct property names in debug (bsc#1051510). - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 (bsc#1051510). - mm: handle no memcg case in memcg_kmem_charge() properly (bnc#1113677). - mm/migrate: Use spin_trylock() while resetting rate limit (). - mm: /proc/pid/pagemap: hide swap entries from unprivileged users (Git-fixes bsc#1109907). - mm: rework memcg kernel stack accounting (bnc#1113677). - modpost: ignore livepatch unresolved relocations (). - mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts (bsc#1117819). - mount: Prevent MNT_DETACH from disconnecting locked mounts (bsc#1117820). - mount: Retest MNT_LOCKED in do_umount (bsc#1117818). - move changes without Git-commit out of sorted section - neighbour: confirm neigh entries when ARP packet is received (networking-stable-18_09_24). - net/af_iucv: drop inbound packets with invalid flags (bnc#1113501, LTC#172679). - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1113501, LTC#172679). - net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT (networking-stable-18_09_24). - net: aquantia: memory corruption on jumbo frames (networking-stable-18_10_16). - net: bcmgenet: Poll internal PHY for GENETv5 (networking-stable-18_11_02). - net: bcmgenet: protect stop from timeout (networking-stable-18_11_21). - net: bcmgenet: use MAC link status for fixed phy (networking-stable-18_09_11). - net: bridge: remove ipv6 zero address check in mcast queries (git-fixes). - net: dsa: bcm_sf2: Call setup during switch resume (networking-stable-18_10_16). - net: dsa: bcm_sf2: Fix unbind ordering (networking-stable-18_10_16). - net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1111696 bsc#1117561). - net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1111696 bsc#1117561). - net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1111696 bsc#1117561). - net: ena: complete host info to match latest ENA spec (bsc#1111696 bsc#1117561). - net: ena: enable Low Latency Queues (bsc#1111696 bsc#1117561). - net: ena: explicit casting and initialization, and clearer error handling (bsc#1111696 bsc#1117561). - net: ena: fix auto casting to boolean (bsc#1111696 bsc#1117561). - net: ena: fix compilation error in xtensa architecture (bsc#1111696 bsc#1117561). - net: ena: fix crash during failed resume from hibernation (bsc#1111696 bsc#1117561). - net: ena: fix indentations in ena_defs for better readability (bsc#1111696 bsc#1117561). - net: ena: Fix Kconfig dependency on X86 (bsc#1111696 bsc#1117561). - net: ena: fix NULL dereference due to untimely napi initialization (bsc#1111696 bsc#1117561). - net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1111696 bsc#1117561). - net: ena: fix warning in rmmod caused by double iounmap (bsc#1111696 bsc#1117561). - net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1111696 bsc#1117561). - net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1111696 bsc#1117561). - net: ena: minor performance improvement (bsc#1111696 bsc#1117561). - net: ena: remove ndo_poll_controller (bsc#1111696 bsc#1117561). - net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1111696 bsc#1117561). - net: ena: update driver version to 2.0.1 (bsc#1111696 bsc#1117561). - net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1111696 bsc#1117561). - net: fec: do not dump RX FIFO register when not available (networking-stable-18_11_02). - net-gro: reset skb->pkt_type in napi_reuse_skb() (networking-stable-18_11_21). - net: hns: fix for unmapping problem when SMMU is on (networking-stable-18_10_16). - net: hp100: fix always-true check for link up state (networking-stable-18_09_24). - net: ibm: fix return type of ndo_start_xmit function (). - net/ibmnvic: Fix deadlock problem in reset (). - net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431). - net: ipmr: fix unresolved entry dumps (networking-stable-18_11_02). - net: ipv4: do not let PMTU updates increase route MTU (git-fixes). - net/ipv6: Display all addresses in output of /proc/net/if_inet6 (networking-stable-18_10_16). - net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs (networking-stable-18_11_02). - netlabel: check for IPV4MASK in addrinfo_get (networking-stable-18_10_16). - net: macb: do not disable MDIO bus at open/close time (networking-stable-18_09_11). - net/mlx5: Check for error in mlx5_attach_interface (networking-stable-18_09_18). - net/mlx5e: Fix selftest for small MTUs (networking-stable-18_11_21). - net/mlx5e: Set vlan masks for all offloaded TC rules (networking-stable-18_10_16). - net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables (networking-stable-18_09_18). - net/mlx5: E-Switch, Fix out of bound access when setting vport rate (networking-stable-18_10_16). - net/mlx5: Fix debugfs cleanup in the device init/remove flow (networking-stable-18_09_18). - net/mlx5: Fix use-after-free in self-healing flow (networking-stable-18_09_18). - net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type (networking-stable-18_11_02). - net: mvpp2: Extract the correct ethtype from the skb for tx csum offload (networking-stable-18_10_16). - net: mvpp2: fix a txq_done race condition (networking-stable-18_10_16). - net/packet: fix packet drop as of virtio gso (networking-stable-18_10_16). - net: phy: mdio-gpio: Fix working over slow can_sleep GPIOs (networking-stable-18_11_21). - net: qca_spi: Fix race condition in spi transfers (networking-stable-18_09_18). - net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510). - net: sched: action_ife: take reference to meta module (networking-stable-18_09_11). - net/sched: act_pedit: fix dump of extended layered op (networking-stable-18_09_11). - net/sched: act_sample: fix NULL dereference in the data path (networking-stable-18_09_24). - net: sched: Fix for duplicate class dump (networking-stable-18_11_02). - net: sched: Fix memory exposure from short TCA_U32_SEL (networking-stable-18_09_11). - net: sched: gred: pass the right attribute to gred_change_table_def() (networking-stable-18_11_02). - net: smsc95xx: Fix MTU range (networking-stable-18_11_21). - net: socket: fix a missing-check bug (networking-stable-18_11_02). - net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules (networking-stable-18_11_02). - net: stmmac: Fixup the tail addr setting in xmit path (networking-stable-18_10_16). - net: systemport: Fix wake-up interrupt race during resume (networking-stable-18_10_16). - net: systemport: Protect stop from timeout (networking-stable-18_11_21). - net: udp: fix handling of CHECKSUM_COMPLETE packets (networking-stable-18_11_02). - net/usb: cancel pending work when unbinding smsc75xx (networking-stable-18_10_16). - NFC: nfcmrvl_uart: fix OF child-node lookup (bsc#1051510). - nfit_test: add error injection DSMs (bsc#1112128). - nfit_test: fix buffer overrun, add sanity check (bsc#1112128). - nfit_test: improve structure offset handling (bsc#1112128). - nfit_test: prevent parsing error of nfit_test.0 (bsc#1112128). - nfit_test: when clearing poison, also remove badrange entries (bsc#1112128). - nfp: wait for posted reconfigs when disabling the device (networking-stable-18_09_11). - NFS: Avoid quadratic search when freeing delegations (bsc#1084760). - NFS: Avoid RCU usage in tracepoints (git-fixes). - NFS: commit direct writes even if they fail partially (git-fixes). - nfsd4: permit layoutget of executable-only files (git-fixes). - nfsd: check for use of the closed special stateid (git-fixes). - nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0) (git-fixes). - nfsd: deal with revoked delegations appropriately (git-fixes). - nfsd: Ensure we check stateid validity in the seqid operation checks (git-fixes). - nfsd: Fix another OPEN stateid race (git-fixes). - nfsd: fix corrupted reply to badly ordered compound (git-fixes). - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (git-fixes). - nfsd: Fix stateid races between OPEN and CLOSE (git-fixes). - NFS: do not wait on commit in nfs_commit_inode() if there were no commit requests (git-fixes). - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir (git-fixes). - NFS: Ensure we commit after writeback is complete (bsc#1111809). - NFS: Fix an incorrect type in struct nfs_direct_req (git-fixes). - NFS: Fix a typo in nfs_rename() (git-fixes). - NFS: Fix typo in nomigration mount option (git-fixes). - NFS: Fix unstable write completion (git-fixes). - NFSv4.0 fix client reference leak in callback (git-fixes). - NFSv4.1: Fix a potential layoutget/layoutrecall deadlock (git-fixes). - NFSv4.1 fix infinite loop on I/O (git-fixes). - NFSv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY (git-fixes). - NFSv4.1: Fix up replays of interrupted requests (git-fixes). - NFSv4: Fix a typo in nfs41_sequence_process (git-fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT (bsc#1051510). - nospec: Include <asm/barrier.h> dependency (bsc#1114279). - nvdimm: Clarify comment in sizeof_namespace_index (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Remove empty if statement (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Sanity check labeloff (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Split label init out from the logic for getting config data (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Use namespace index data to reduce number of label reads needed (bsc#1111921, bsc#1113408, bsc#1113972). - nvme: Free ctrl device name on init failure (). - ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry (bsc#1117817). - ocfs2: fix locking for res->tracking and dlm->tracking_list (bsc#1117816). - ocfs2: fix ocfs2 read block panic (bsc#1117815). - ocfs2: free up write context when direct IO failed (bsc#1117821). - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (bsc#1117808). - of: add helper to lookup compatible child node (bsc#1106110) - openvswitch: Fix push/pop ethernet validation (networking-stable-18_11_02). - orangefs: fix deadlock; do not write i_size in read_iter (bsc#1051510). - orangefs: initialize op on loop restart in orangefs_devreq_read (bsc#1051510). - orangefs_kill_sb(): deal with allocation failures (bsc#1051510). - orangefs: use list_for_each_entry_safe in purge_waiting_ops (bsc#1051510). - PCI: Add Device IDs for Intel GPU 'spurious interrupt' quirk (bsc#1051510). - PCI/ASPM: Do not initialize link state when aspm_disabled is set (bsc#1051510). - PCI/ASPM: Fix link_state teardown on device removal (bsc#1051510). - PCI: dwc: remove duplicate fix References: bsc#1115269 Patch has been already applied by the following commit: 9f73db8b7c PCI: dwc: Fix enumeration end when reaching root subordinate (bsc#1051510) - PCI: hv: Do not wait forever on a device that has disappeared (bsc#1109806). - PCI: hv: Use effective affinity mask (bsc#1109772). - PCI: imx6: Fix link training status detection in link up check (bsc#1109806). - PCI: iproc: Remove PAXC slot check to allow VF support (bsc#1109806). - PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice (bsc#1051510). - PCI: Reprogram bridge prefetch registers on resume (bsc#1051510). - PCI: vmd: Assign vector zero to all bridges (bsc#1109806). - PCI: vmd: Detach resources after stopping root bus (bsc#1109806). - PCI: vmd: White list for fast interrupt handlers (bsc#1109806). - pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges (bsc#1051510). - percpu: make this_cpu_generic_read() atomic w.r.t. interrupts (bsc#1114279). - perf: fix invalid bit in diagnostic entry (git-fixes). - pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() (bsc#1051510). - pinctrl: meson: fix pinconf bias disable (bsc#1051510). - pinctrl: qcom: spmi-mpp: Fix drive strength setting (bsc#1051510). - pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux (bsc#1051510). - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant (bsc#1051510). - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant (bsc#1051510). - pipe: match pipe_max_size data type with procfs (git-fixes). - platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 (bsc#1051510). - platform/x86: intel_telemetry: report debugfs failure (bsc#1051510). - pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception (git-fixes). - pNFS: Do not release the sequence slot until we've processed layoutget on open (git-fixes). - pNFS: Prevent the layout header refcount going to zero in pnfs_roc() (git-fixes). - powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9 (bsc#1065729). - powerpc/boot: Fix opal console in boot wrapper (bsc#1065729). - powerpc/kvm/booke: Fix altivec related build break (bsc#1061840). - powerpc/kvm: Switch kvm pmd allocator to custom allocator (bsc#1061840). - powerpc/mm: Fix typo in comments (bsc#1065729). - powerpc/mm/hugetlb: initialize the pagetable cache correctly for hugetlb (bsc#1091800). - powerpc/mm/keys: Move pte bits to correct headers (bsc#1078248). - powerpc/mm: Rename find_linux_pte_or_hugepte() (bsc#1061840). - powerpc/npu-dma.c: Fix crash after __mmu_notifier_register failure (bsc#1055120). - powerpc/perf: Update raw-event code encoding comment for power8 (bsc#1065729). - powerpc/powernv: Add indirect levels to it_userspace (bsc#1061840). - powerpc/powernv: Do not select the cpufreq governors (bsc#1065729). - powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage (bsc#1055120). - powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled (bsc#1065729). - powerpc/powernv/ioda2: Reduce upper limit for DMA window size (bsc#1055120). - powerpc/powernv/ioda: Allocate indirect TCE levels on demand (bsc#1061840). - powerpc/powernv/ioda: Finish removing explicit max window size check (bsc#1061840). - powerpc/powernv/ioda: Remove explicit max window size check (bsc#1061840). - powerpc/powernv: Move TCE manupulation code to its own file (bsc#1061840). - powerpc/powernv/npu: Add lock to prevent race in concurrent context init/destroy (bsc#1055120). - powerpc/powernv/npu: Do not explicitly flush nmmu tlb (bsc#1055120). - powerpc/powernv/npu: Fix deadlock in mmio_invalidate() (bsc#1055120). - powerpc/powernv/npu: Prevent overwriting of pnv_npu2_init_contex() callback parameters (bsc#1055120). - powerpc/powernv/npu: Use flush_all_mm() instead of flush_tlb_mm() (bsc#1055120). - powerpc/powernv/pci: Work around races in PCI bridge enabling (bsc#1055120). - powerpc/powernv: Rework TCE level allocation (bsc#1061840). - powerpc/pseries: Fix build break for SPLPAR=n and CPU hotplug (bsc#1079524, git-fixes). - powerpc/pseries: Fix CONFIG_NUMA=n build (bsc#1067906, git-fixes). - powerpc/pseries: Fix DTL buffer registration (bsc#1065729). - powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1065729). - powerpc/pseries: Fix 'OF: ERROR: Bad of_node_put() on /cpus' during DLPAR (bsc#1113295). - powerpc/pseries/mobility: Extend start/stop topology update scope (bsc#1116950, bsc#1115709). - powerpc: pseries: remove dlpar_attach_node dependency on full path (bsc#1113295). - powerpc/xive: Move definition of ESB bits (bsc#1061840). - powerpc/xmon: Add ISA v3.0 SPRs to SPR dump (bsc#1061840). - power: supply: max8998-charger: Fix platform data retrieval (bsc#1051510). - pppoe: fix reception of frames with no mac header (networking-stable-18_09_24). - printk: drop in_nmi check from printk_safe_flush_on_panic() (bsc#1112170). - printk: Fix panic caused by passing log_buf_len to command line (bsc#1117168). - printk/tracing: Do not trace printk_nmi_enter() (bsc#1112208). - provide linux/set_memory.h (bsc#1113295). - ptp: fix Spectre v1 vulnerability (bsc#1051510). - pwm: lpss: Release runtime-pm reference from the driver's remove callback (bsc#1051510). - pxa168fb: prepare the clock (bsc#1051510). - qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface (bsc#1051510). - qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID (bsc#1051510). - qmi_wwan: Support dynamic config on Quectel EP06 (bsc#1051510). - qrtr: add MODULE_ALIAS macro to smd (bsc#1051510). - r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED (bsc#1051510). - r8169: fix NAPI handling under high load (networking-stable-18_11_02). - race of lockd inetaddr notifiers vs nlmsvc_rqst change (git-fixes). - RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 (git-fixes). - random: rate limit unseeded randomness warnings (git-fixes). - rculist: add list_for_each_entry_from_rcu() (bsc#1084760). - rculist: Improve documentation for list_for_each_entry_from_rcu() (bsc#1084760). - rds: fix two RCU related problems (networking-stable-18_09_18). - README: Clean-up trailing whitespace - reiserfs: add check to detect corrupted directory entry (bsc#1109818). - reiserfs: do not panic on bad directory entries (bsc#1109818). - remoteproc: qcom: Fix potential device node leaks (bsc#1051510). - rename a hv patch to reduce conflicts in -AZURE - reset: hisilicon: fix potential NULL pointer dereference (bsc#1051510). - reset: imx7: Fix always writing bits as 0 (bsc#1051510). - resource: Include resource end in walk_*() interfaces (bsc#1114279). - Revert 'ceph: fix dentry leak in splice_dentry()' (bsc#1114839). - Revert 'powerpc/64: Fix checksum folding in csum_add()' (bsc#1065729). - Revert 'rpm/kernel-binary.spec.in: allow unsupported modules for -extra' - Revert 'usb: dwc3: gadget: skip Set/Clear Halt when invalid' (bsc#1051510). - rpmsg: Correct support for MODULE_DEVICE_TABLE() (git-fixes). - rtnetlink: Disallow FDB configuration for non-Ethernet device (networking-stable-18_11_02). - rtnetlink: fix rtnl_fdb_dump() for ndmsg header (networking-stable-18_10_16). - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 (networking-stable-18_10_16). - s390/cpum_sf: Add data entry sizes to sampling trailer entry (git-fixes). - s390/kvm: fix deadlock when killed by oom (bnc#1113501, LTC#172235). - s390/mm: Check for valid vma before zapping in gmap_discard (git-fixes). - s390/mm: correct allocate_pgste proc_handler callback (git-fixes). - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1113501, LTC#172682). - s390/qeth: fix HiperSockets sniffer (bnc#1113501, LTC#172953). - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1113501, LTC#172682). - s390/qeth: handle failure on workqueue creation (git-fixes). - s390/qeth: report 25Gbit link speed (bnc#1113501, LTC#172959). - s390: revert ELF_ET_DYN_BASE base changes (git-fixes). - s390/sclp_tty: enable line mode tty even if there is an ascii console (git-fixes). - s390/sthyi: add cache to store hypervisor info (LTC#160415, bsc#1068273). - s390/sthyi: add s390_sthyi system call (LTC#160415, bsc#1068273). - s390/sthyi: reorganize sthyi implementation (LTC#160415, bsc#1068273). - sched/numa: Limit the conditions where scan period is reset (). - scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246). - scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246). - scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bsc#1114578). - scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1104731). - scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1104731). - scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731). - scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731). - scsi: libsas: remove irq save in sas_ata_qc_issue() (bsc#1114580). - scsi: lpfc: add support to retrieve firmware logs (bsc#1114015). - scsi: lpfc: add Trunking support (bsc#1114015). - scsi: lpfc: Correct errors accessing fw log (bsc#1114015). - scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 (bsc#1114015). - scsi: lpfc: Correct irq handling via locks when taking adapter offline (bsc#1114015). - scsi: lpfc: Correct LCB RJT handling (bsc#1114015). - scsi: lpfc: Correct loss of fc4 type on remote port address change (bsc#1114015). - scsi: lpfc: Correct race with abort on completion path (bsc#1114015). - scsi: lpfc: Correct soft lockup when running mds diagnostics (bsc#1114015). - scsi: lpfc: Correct speeds on SFP swap (bsc#1114015). - scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces (bsc#1114015). - scsi: lpfc: Fix errors in log messages (bsc#1114015). - scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN (bsc#1114015). - scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event (bsc#1114015). - scsi: lpfc: Fix lpfc_sli4_read_config return value check (bsc#1114015). - scsi: lpfc: Fix odd recovery in duplicate FLOGIs in point-to-point (bsc#1114015). - scsi: lpfc: Implement GID_PT on Nameserver query to support faster failover (bsc#1114015). - scsi: lpfc: Raise nvme defaults to support a larger io and more connectivity (bsc#1114015). - scsi: lpfc: raise sg count for nvme to use available sg resources (bsc#1114015). - scsi: lpfc: reduce locking when updating statistics (bsc#1114015). - scsi: lpfc: Remove set but not used variable 'sgl_size' (bsc#1114015). - scsi: lpfc: Reset link or adapter instead of doing infinite nameserver PLOGI retry (bsc#1114015). - scsi: lpfc: Synchronize access to remoteport via rport (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.7 (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.8 (bsc#1114015). - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1114581). - scsi: scsi_transport_srp: Fix shost to rport translation (bsc#1114582). - scsi: sg: fix minor memory leak in error path (bsc#1114584). - scsi: sysfs: Introduce sysfs_{un,}break_active_protection() (bsc#1114578). - scsi: target: Fix fortify_panic kernel exception (bsc#1114576). - scsi: target/tcm_loop: Avoid that static checkers warn about dead code (bsc#1114577). - scsi: target: tcmu: add read length support (bsc#1097755). - sctp: fix race on sctp_id2asoc (networking-stable-18_11_02). - sctp: fix strchange_flags name for Stream Change Event (networking-stable-18_11_21). - sctp: hold transport before accessing its asoc in sctp_transport_get_next (networking-stable-18_09_11). - sctp: not allow to set asoc prsctp_enable by sockopt (networking-stable-18_11_21). - sctp: not increase stream's incnt before sending addstrm_in request (networking-stable-18_11_21). - sctp: update dst pmtu with the correct daddr (networking-stable-18_10_16). - serial: 8250: Fix clearing FIFOs in RS485 mode again (bsc#1051510). - signal: Properly deliver SIGSEGV from x86 uprobes (bsc#1110006). - skip LAYOUTRETURN if layout is invalid (git-fixes). - smb2: fix missing files in root share directory listing (bsc#1112907). - smb2: fix missing files in root share directory listing (bsc#1112907). - smb3: fill in statfs fsid and correct namelen (bsc#1112905). - smb3: fill in statfs fsid and correct namelen (bsc#1112905). - smb3: fix reset of bytes read and written stats (bsc#1112906). - smb3: fix reset of bytes read and written stats (bsc#1112906). - smb3: on reconnect set PreviousSessionId field (bsc#1112899). - smb3: on reconnect set PreviousSessionId field (bsc#1112899). - soc: fsl: qbman: qman: avoid allocating from non existing gen_pool (bsc#1051510). - soc/tegra: pmc: Fix child-node lookup (bsc#1051510). - soc: ti: QMSS: Fix usage of irq_set_affinity_hint (bsc#1051510). - sound: do not call skl_init_chip() to reset intel skl soc (bsc#1051510). - sound: enable interrupt after dma buffer initialization (bsc#1051510). - spi/bcm63xx-hsspi: keep pll clk enabled (bsc#1051510). - spi: bcm-qspi: switch back to reading flash using smaller chunks (bsc#1051510). - spi: sh-msiof: fix deferred probing (bsc#1051510). - staging: comedi: ni_mio_common: protect register write overflow (bsc#1051510). - staging:iio:ad7606: fix voltage scales (bsc#1051510). - staging: rtl8723bs: Fix the return value in case of error in 'rtw_wx_read32()' (bsc#1051510). - staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510). - sunrpc: Allow connect to return EHOSTUNREACH (git-fixes). - sunrpc: Do not use stack buffer with scatterlist (git-fixes). - sunrpc: Fix rpc_task_begin trace point (git-fixes). - sunrpc: Fix tracepoint storage issues with svc_recv and svc_rqst_status (git-fixes). - target: fix buffer offset in core_scsi3_pri_read_full_status (bsc1117349). - target: log Data-Out timeouts as errors (bsc#1095805). - target: log NOP ping timeouts as errors (bsc#1095805). - target: split out helper for cxn timeout error stashing (bsc#1095805). - target: stash sess_err_stats on Data-Out timeout (bsc#1095805). - target: use ISCSI_IQN_LEN in iscsi_target_stat (bsc#1095805). - tcp: do not restart timewait timer on rst reception (networking-stable-18_09_11). - test_firmware: fix error return getting clobbered (bsc#1051510). - tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths (networking-stable-18_11_21). - thermal: bcm2835: enable hwmon explicitly (bsc#1108468). - thermal: da9062/61: Prevent hardware access during system suspend (bsc#1051510). - thermal: rcar_thermal: Prevent hardware access during system suspend (bsc#1051510). - tipc: do not assume linear buffer when reading ancillary data (networking-stable-18_11_21). - tipc: fix a missing rhashtable_walk_exit() (networking-stable-18_09_11). - tipc: fix flow control accounting for implicit connect (networking-stable-18_10_16). - tools build: fix # escaping in .cmd files for future Make (git-fixes). - tools/testing/nvdimm: advertise a write cache for nfit_test (bsc#1112128). - tools/testing/nvdimm: allow custom error code injection (bsc#1112128). - tools/testing/nvdimm: disable labels for nfit_test.1 (bsc#1112128). - tools/testing/nvdimm: enable labels for nfit_test.1 dimms (bsc#1112128). - tools/testing/nvdimm: fix missing newline in nfit_test_dimm 'handle' attribute (bsc#1112128). - tools/testing/nvdimm: Fix support for emulating controller temperature (bsc#1112128). - tools/testing/nvdimm: force nfit_test to depend on instrumented modules (bsc#1112128). - tools/testing/nvdimm: improve emulation of smart injection (bsc#1112128). - tools/testing/nvdimm: kaddr and pfn can be NULL to ->direct_access() (bsc#1112128). - tools/testing/nvdimm: Make DSM failure code injection an override (bsc#1112128). - tools/testing/nvdimm: smart alarm/threshold control (bsc#1112128). - tools/testing/nvdimm: stricter bounds checking for error injection commands (bsc#1112128). - tools/testing/nvdimm: support nfit_test_dimm attributes under nfit_test.1 (bsc#1112128). - tools/testing/nvdimm: unit test clear-error commands (bsc#1112128). - tools/vm/page-types.c: fix 'defined but not used' warning (bsc#1051510). - tools/vm/slabinfo.c: fix sign-compare warning (bsc#1051510). - tpm2-cmd: allow more attempts for selftest execution (bsc#1082555). - tpm: add retry logic (bsc#1082555). - tpm: consolidate the TPM startup code (bsc#1082555). - tpm: do not suspend/resume if power stays on (bsc#1082555). - tpm: fix intermittent failure with self tests (bsc#1082555). - tpm: fix response size validation in tpm_get_random() (bsc#1082555). - tpm: move endianness conversion of ordinals to tpm_input_header (bsc#1082555). - tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to tpm_input_header (bsc#1082555). - tpm: move the delay_msec increment after sleep in tpm_transmit() (bsc#1082555). - tpm: React correctly to RC_TESTING from TPM 2.0 self tests (bsc#1082555). - tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers (bsc#1082555). - tpm: Restore functionality to xen vtpm driver (bsc#1082555). - tpm: self test failure should not cause suspend to fail (bsc#1082555). - tpm: tpm-interface: fix tpm_transmit/_cmd kdoc (bsc#1082555). - tpm: Trigger only missing TPM 2.0 self tests (bsc#1082555). - tpm: Use dynamic delay to wait for TPM 2.0 self test result (bsc#1082555). - tpm: use tpm2_pcr_read() in tpm2_do_selftest() (bsc#1082555). - tpm: use tpm_buf functions in tpm2_pcr_read() (bsc#1082555). - tracing: Add barrier to trace_printk() buffer nesting modification (bsc#1112219). - tracing: Apply trace_clock changes to instance max buffer (bsc#1117188). - tracing: Erase irqsoff trace with empty write (bsc#1117189). - tty: check name length in tty_find_polling_driver() (bsc#1051510). - tty: Do not block on IO when ldisc change is pending (bnc#1105428). - tty: fix data race between tty_init_dev and flush of buf (bnc#1105428). - tty: Hold tty_ldisc_lock() during tty_reopen() (bnc#1105428). - tty/ldsem: Add lockdep asserts for ldisc_sem (bnc#1105428). - tty/ldsem: Convert to regular lockdep annotations (bnc#1105428). - tty/ldsem: Decrement wait_readers on timeouted down_read() (bnc#1105428). - tty/ldsem: Wake up readers after timed out down_write() (bnc#1105428). - tty: Simplify tty->count math in tty_reopen() (bnc#1105428). - tty: wipe buffer (bsc#1051510). - tty: wipe buffer if not echoing data (bsc#1051510). - tun: Consistently configure generic netdev params via rtnetlink (bsc#1051510). - tuntap: fix multiqueue rx (networking-stable-18_11_21). - udp4: fix IP_CMSG_CHECKSUM for connected sockets (networking-stable-18_09_24). - udp6: add missing checks on edumux packet processing (networking-stable-18_09_24). - udp6: fix encap return code for resubmitting (git-fixes). - uio: ensure class is registered before devices (bsc#1051510). - uio: Fix an Oops on load (bsc#1051510). - uio: make symbol 'uio_class_registered' static (bsc#1051510). - Update config files. Enabled ENA (Amazon network driver) for arm64. - usb: cdc-acm: add entry for Hiro (Conexant) modem (bsc#1051510). - usb: chipidea: Prevent unbalanced IRQ disable (bsc#1051510). - usb: core: Fix hub port connection events lost (bsc#1051510). - usb: dwc2: host: do not delay retries for CONTROL IN transfers (bsc#1114385). - usb: dwc2: host: Do not retry NAKed transactions right away (bsc#1114385). - usb: dwc3: core: Clean up ULPI device (bsc#1051510). - usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers (bsc#1051510). - usb: dwc3: gadget: Properly check last unaligned/zero chain TRB (bsc#1051510). - usb: gadget: fsl_udc_core: check allocation return value and cleanup on failure (bsc#1051510). - usb: gadget: fsl_udc_core: fixup struct_udc_setup documentation (bsc#1051510). - usb: gadget: storage: Fix Spectre v1 vulnerability (bsc#1051510). - usb: gadget: udc: atmel: handle at91sam9rl PMC (bsc#1051510). - usb: gadget: u_ether: fix unsafe list iteration (bsc#1051510). - usb: host: ohci-at91: fix request of irq for optional gpio (bsc#1051510). - usbip: tools: fix atoi() on non-null terminated string (bsc#1051510). - usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten (bsc#1051510). - usb: misc: appledisplay: add 20' Apple Cinema Display (bsc#1051510). - usbnet: smsc95xx: disable carrier check while suspending (bsc#1051510). - usb: omap_udc: fix rejection of out transfers when DMA is used (bsc#1051510). - usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bsc#1051510). - usb: quirks: Add no-lpm quirk for Raydium touchscreens (bsc#1051510). - usb: remove LPM management from usb_driver_claim_interface() (bsc#1051510). - usb: serial: cypress_m8: fix interrupt-out transfer length (bsc#1051510). - usb: serial: option: add two-endpoints device-id flag (bsc#1051510). - usb: serial: option: drop redundant interface-class test (bsc#1051510). - usb: serial: option: improve Quectel EP06 detection (bsc#1051510). - usb: xhci: fix timeout for transition from RExit to U0 (bsc#1051510). - userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access (bsc#1109739). - Use upstream version of pci-hyperv patch (35a88a1) - VFS: close race between getcwd() and d_move() (git-fixes). - VFS: fix freeze protection in mnt_want_write_file() for overlayfs (git-fixes). - vhost: Fix Spectre V1 vulnerability (bsc#1051510). - vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bsc#1051510). - virtio_net: avoid using netif_tx_disable() for serializing tx routine (networking-stable-18_11_02). - VMCI: Resource wildcard match fixed (bsc#1051510). - w1: omap-hdq: fix missing bus unregister at removal (bsc#1051510). - Workaround for mysterious NVMe breakage with i915 CFL (bsc#1111040). - x86/acpi: Prevent X2APIC id 0xffffffff from being accounted (bsc#1110006). - x86/boot/KASLR: Work around firmware bugs by excluding EFI_BOOT_SERVICES_* and EFI_LOADER_* from KASLR's choice (bnc#1112878). - x86/boot: Move EISA setup to a separate file (bsc#1110006). - x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided (bsc#1110006). - x86/cpufeature: Add User-Mode Instruction Prevention definitions (bsc#1110006). - x86/cpufeatures: Add Intel Total Memory Encryption cpufeature (bsc#1110006). - x86/cpu/vmware: Do not trace vmware_sched_clock() (bsc#1114279). - x86/eisa: Add missing include (bsc#1110006). - x86/EISA: Do not probe EISA bus for Xen PV guests (bsc#1110006). - x86/fpu: Remove second definition of fpu in __fpu__restore_sig() (bsc#1110006). - x86, hibernate: Fix nosave_regions setup for hibernation (bsc#1110006). - x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772). - x86/kasan: Panic if there is not enough memory to boot (bsc#1110006). - x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error (bsc#1114279). - x86/ldt: Remove unused variable in map_ldt_struct() (bsc#1114279). - x86/ldt: Split out sanity check in map_ldt_struct() (bsc#1114279). - x86/ldt: Unmap PTEs for the slot before freeing LDT pages (bsc#1114279). - x86/MCE/AMD: Fix the thresholding machinery initialization order (bsc#1114279). - x86/MCE: Fix stack out-of-bounds write in mce-inject.c: Flags_read() (bsc#1110006). - x86/MCE: Make correctable error detection look at the Deferred bit (bsc#1114279). - x86/mm/pat: Disable preemption around __flush_tlb_all() (bsc#1114279). - x86, nfit_test: Add unit test for memcpy_mcsafe() (bsc#1112128). - x86/paravirt: Fix some warning messages (bnc#1065600). - x86/percpu: Fix this_cpu_read() (bsc#1110006). - x86/speculation: Support Enhanced IBRS on future CPUs (). - x86/time: Correct the attribute on jiffies' definition (bsc#1110006). - x86/xen: Fix boot loader version reported for PVH guests (bnc#1065600). - xen/balloon: Support xend-based toolstack (bnc#1065600). - xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062). - xen: fix race in xen_qlock_wait() (bnc#1107256). - xen: fix xen_qlock_wait() (bnc#1107256). - xen/gntdev: avoid out of bounds access in case of partial gntdev_mmap() (bnc#1065600). - xen: make xen_qlock_wait() nestable (bnc#1107256). - xen/netfront: do not bug in case of too many frags (bnc#1104824). - xen/pvh: do not try to unplug emulated devices (bnc#1065600). - xen/pvh: increase early stack size (bnc#1065600). - xen: Remove unnecessary BUG_ON from __unbind_from_irq() (bnc#1065600). - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent (bnc#1065600). - xen-swiotlb: use actually allocated size on check physical continuous (bnc#1065600). - xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfs: do not fail when converting shortform attr to long form during ATTR_REPLACE (bsc#1105025). - xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes). - xfs: Properly detect when DAX won't be used on any device (bsc#1115976). - xhci: Add check for invalid byte size error when UAS devices are connected (bsc#1051510). - xhci: Do not print a warning when setting link state for disabled ports (bsc#1051510). - xhci: Fix leaking USB3 shared_hcd at xhci removal (bsc#1051510). - xprtrdma: Do not defer fencing an async RPC's chunks (git-fixes). Important SUSE bug 1051510 SUSE bug 1055120 SUSE bug 1061840 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1066674 SUSE bug 1067906 SUSE bug 1068273 SUSE bug 1076830 SUSE bug 1078248 SUSE bug 1079524 SUSE bug 1082555 SUSE bug 1082653 SUSE bug 1083647 SUSE bug 1084760 SUSE bug 1084831 SUSE bug 1085535 SUSE bug 1086196 SUSE bug 1089350 SUSE bug 1091800 SUSE bug 1094825 SUSE bug 1095805 SUSE bug 1097755 SUSE bug 1100132 SUSE bug 1103356 SUSE bug 1103925 SUSE bug 1104124 SUSE bug 1104731 SUSE bug 1104824 SUSE bug 1105025 SUSE bug 1105428 SUSE bug 1106105 SUSE bug 1106110 SUSE bug 1106237 SUSE bug 1106240 SUSE bug 1107256 SUSE bug 1107385 SUSE bug 1107866 SUSE bug 1108377 SUSE bug 1108468 SUSE bug 1109330 SUSE bug 1109739 SUSE bug 1109772 SUSE bug 1109806 SUSE bug 1109818 SUSE bug 1109907 SUSE bug 1109911 SUSE bug 1109915 SUSE bug 1109919 SUSE bug 1109951 SUSE bug 1110006 SUSE bug 1110998 SUSE bug 1111040 SUSE bug 1111062 SUSE bug 1111174 SUSE bug 1111506 SUSE bug 1111696 SUSE bug 1111809 SUSE bug 1111921 SUSE bug 1111983 SUSE bug 1112128 SUSE bug 1112170 SUSE bug 1112173 SUSE bug 1112208 SUSE bug 1112219 SUSE bug 1112221 SUSE bug 1112246 SUSE bug 1112372 SUSE bug 1112514 SUSE bug 1112554 SUSE bug 1112708 SUSE bug 1112710 SUSE bug 1112711 SUSE bug 1112712 SUSE bug 1112713 SUSE bug 1112731 SUSE bug 1112732 SUSE bug 1112733 SUSE bug 1112734 SUSE bug 1112735 SUSE bug 1112736 SUSE bug 1112738 SUSE bug 1112739 SUSE bug 1112740 SUSE bug 1112741 SUSE bug 1112743 SUSE bug 1112745 SUSE bug 1112746 SUSE bug 1112878 SUSE bug 1112894 SUSE bug 1112899 SUSE bug 1112902 SUSE bug 1112903 SUSE bug 1112905 SUSE bug 1112906 SUSE bug 1112907 SUSE bug 1112963 SUSE bug 1113257 SUSE bug 1113284 SUSE bug 1113295 SUSE bug 1113408 SUSE bug 1113412 SUSE bug 1113501 SUSE bug 1113667 SUSE bug 1113677 SUSE bug 1113722 SUSE bug 1113751 SUSE bug 1113769 SUSE bug 1113780 SUSE bug 1113972 SUSE bug 1114015 SUSE bug 1114178 SUSE bug 1114279 SUSE bug 1114385 SUSE bug 1114576 SUSE bug 1114577 SUSE bug 1114578 SUSE bug 1114579 SUSE bug 1114580 SUSE bug 1114581 SUSE bug 1114582 SUSE bug 1114583 SUSE bug 1114584 SUSE bug 1114585 SUSE bug 1114839 SUSE bug 1115074 SUSE bug 1115269 SUSE bug 1115431 SUSE bug 1115433 SUSE bug 1115440 SUSE bug 1115567 SUSE bug 1115709 SUSE bug 1115976 SUSE bug 1116183 SUSE bug 1116692 SUSE bug 1116693 SUSE bug 1116698 SUSE bug 1116699 SUSE bug 1116700 SUSE bug 1116701 SUSE bug 1116862 SUSE bug 1116863 SUSE bug 1116876 SUSE bug 1116877 SUSE bug 1116878 SUSE bug 1116891 SUSE bug 1116895 SUSE bug 1116899 SUSE bug 1116950 SUSE bug 1117168 SUSE bug 1117172 SUSE bug 1117174 SUSE bug 1117181 SUSE bug 1117184 SUSE bug 1117188 SUSE bug 1117189 SUSE bug 1117349 SUSE bug 1117561 SUSE bug 1117788 SUSE bug 1117789 SUSE bug 1117790 SUSE bug 1117791 SUSE bug 1117792 SUSE bug 1117794 SUSE bug 1117795 SUSE bug 1117796 SUSE bug 1117798 SUSE bug 1117799 SUSE bug 1117801 SUSE bug 1117802 SUSE bug 1117803 SUSE bug 1117804 SUSE bug 1117805 SUSE bug 1117806 SUSE bug 1117807 SUSE bug 1117808 SUSE bug 1117815 SUSE bug 1117816 SUSE bug 1117817 SUSE bug 1117818 SUSE bug 1117819 SUSE bug 1117820 SUSE bug 1117821 SUSE bug 1117822 SUSE bug 1118102 SUSE bug 1118136 SUSE bug 1118137 SUSE bug 1118138 SUSE bug 1118140 SUSE bug 1118152 SUSE bug 1118316 CVE-2017-16533 CVE-2017-18224 CVE-2018-18281 CVE-2018-18386 CVE-2018-18445 CVE-2018-18710 CVE-2018-19824 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) This kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 The following security bugs were fixed: - CVE-2018-16880: A flaw was found in the handle_rx() function in the vhost_net driver. A malicious virtual guest, under specific conditions, could trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (bnc#1122767). - CVE-2019-3882: A flaw was found in the vfio interface implementation that permitted violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). (bnc#1131416 bnc#1131427). - CVE-2019-9003: Attackers could trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a 'service ipmievd restart' loop (bnc#1126704). - CVE-2019-9500: A brcmfmac heap buffer overflow in brcmf_wowl_nd_results was fixed. (bnc#1132681). - CVE-2019-9503: A brcmfmac frame validation bypass was fixed. (bnc#1132828). The following non-security bugs were fixed: - 9p: do not trust pdu content for stat item size (bsc#1051510). - ACPI: acpi_pad: Do not launch acpi_pad threads on idle cpus (bsc#1113399). - acpi, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#1112128) (bsc#1132426). - ACPI / SBS: Fix GPE storm on recent MacBookPro's (bsc#1051510). - alsa: core: Fix card races between register and disconnect (bsc#1051510). - alsa: echoaudio: add a check for ioremap_nocache (bsc#1051510). - alsa: firewire: add const qualifier to identifiers for read-only symbols (bsc#1051510). - alsa: firewire-motu: add a flag for AES/EBU on XLR interface (bsc#1051510). - alsa: firewire-motu: add specification flag for position of flag for MIDI messages (bsc#1051510). - alsa: firewire-motu: add support for MOTU Audio Express (bsc#1051510). - alsa: firewire-motu: add support for Motu Traveler (bsc#1051510). - alsa: firewire-motu: use 'version' field of unit directory to identify model (bsc#1051510). - alsa: hda - add Lenovo IdeaCentre B550 to the power_save_blacklist (bsc#1051510). - alsa: hda - Add two more machines to the power_save_blacklist (bsc#1051510). - alsa: hda - Enforces runtime_resume after S3 and S4 for each codec (bsc#1051510). - alsa: hda: Initialize power_state field properly (bsc#1051510). - alsa: hda/realtek - Add new Dell platform for headset mode (bsc#1051510). - alsa: hda/realtek - Add quirk for Tuxedo XC 1509 (bsc#1131442). - alsa: hda/realtek - Add support for Acer Aspire E5-523G/ES1-432 headset mic (bsc#1051510). - alsa: hda/realtek - Add support headset mode for DELL WYSE AIO (bsc#1051510). - alsa: hda/realtek - Add support headset mode for New DELL WYSE NB (bsc#1051510). - alsa: hda/realtek - add two more pin configuration sets to quirk table (bsc#1051510). - alsa: hda/realtek - Apply the fixup for ASUS Q325UAR (bsc#1051510). - alsa: hda/realtek: Enable ASUS X441MB and X705FD headset MIC with ALC256 (bsc#1051510). - alsa: hda/realtek: Enable headset MIC of Acer AIO with ALC286 (bsc#1051510). - alsa: hda/realtek: Enable headset MIC of Acer Aspire Z24-890 with ALC286 (bsc#1051510). - alsa: hda/realtek: Enable headset mic of ASUS P5440FF with ALC256 (bsc#1051510). - alsa: hda/realtek - Fixed Dell AIO speaker noise (bsc#1051510). - alsa: hda - Record the current power state before suspend/resume calls (bsc#1051510). - alsa: info: Fix racy addition/deletion of nodes (bsc#1051510). - alsa: line6: use dynamic buffers (bsc#1051510). - alsa: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration (bsc#1051510). - alsa: PCM: check if ops are defined before suspending PCM (bsc#1051510). - alsa: pcm: Do not suspend stream in unrecoverable PCM state (bsc#1051510). - alsa: pcm: Fix possible OOB access in PCM oss plugins (bsc#1051510). - alsa: rawmidi: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: sb8: add a check for request_region (bsc#1051510). - alsa: seq: Fix OOB-reads from strlcpy (bsc#1051510). - alsa: seq: oss: Fix Spectre v1 vulnerability (bsc#1051510). - ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe (bsc#1051510). - ASoC: fsl_esai: fix channel swap issue when stream starts (bsc#1051510). - ASoC: topology: free created components in tplg load error (bsc#1051510). - assume flash part size to be 4MB, if it can't be determined (bsc#1127371). - ath10k: avoid possible string overflow (bsc#1051510). - auxdisplay: hd44780: Fix memory leak on ->remove() (bsc#1051510). - auxdisplay: ht16k33: fix potential user-after-free on module unload (bsc#1051510). - batman-adv: Reduce claim hash refcnt only for removed entry (bsc#1051510). - batman-adv: Reduce tt_global hash refcnt only for removed entry (bsc#1051510). - batman-adv: Reduce tt_local hash refcnt only for removed entry (bsc#1051510). - bcm2835 MMC issues (bsc#1070872). - blkcg: Introduce blkg_root_lookup() (bsc#1131673). - blkcg: Make blkg_root_lookup() work for queues in bypass mode (bsc#1131673). - blk-mq: adjust debugfs and sysfs register when updating nr_hw_queues (bsc#1131673). - blk-mq: Avoid that submitting a bio concurrently with device removal triggers a crash (bsc#1131673). - blk-mq: change gfp flags to GFP_NOIO in blk_mq_realloc_hw_ctxs (bsc#1131673). - blk-mq: fallback to previous nr_hw_queues when updating fails (bsc#1131673). - blk-mq: init hctx sched after update ctx and hctx mapping (bsc#1131673). - blk-mq: realloc hctx when hw queue is mapped to another node (bsc#1131673). - blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter (bsc#1131673). - block: Ensure that a request queue is dissociated from the cgroup controller (bsc#1131673). - block: Fix a race between request queue removal and the block cgroup controller (bsc#1131673). - block: Introduce blk_exit_queue() (bsc#1131673). - block: kABI fixes for bio_rewind_iter() removal (bsc#1131673). - block: remove bio_rewind_iter() (bsc#1131673). - bluetooth: btusb: request wake pin with NOAUTOEN (bsc#1051510). - bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt (bsc#1051510). - bluetooth: Fix decrementing reference count twice in releasing socket (bsc#1051510). - bluetooth: hci_ldisc: Initialize hci_dev before open() (bsc#1051510). - bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto() (bsc#1051510). - bluetooth: hci_uart: Check if socket buffer is ERR_PTR in h4_recv_buf() (bsc#1133731). - bnxt_en: Drop oversize TX packets to prevent errors (networking-stable-19_03_07). - bonding: fix PACKET_ORIGDEV regression (git-fixes). - bpf: fix use after free in bpf_evict_inode (bsc#1083647). - btrfs: Avoid possible qgroup_rsv_size overflow in btrfs_calculate_inode_block_rsv_size (git-fixes). - btrfs: check for refs on snapshot delete resume (bsc#1131335). - btrfs: fix assertion failure on fsync with NO_HOLES enabled (bsc#1131848). - btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks (git-fixes). - btrfs: fix deadlock between clone/dedupe and rename (bsc#1130518). - btrfs: fix incorrect file size after shrinking truncate and fsync (bsc#1130195). - btrfs: remove WARN_ON in log_dir_items (bsc#1131847). - btrfs: save drop_progress if we drop refs at all (bsc#1131336). - cdrom: Fix race condition in cdrom_sysctl_register (bsc#1051510). - cgroup: fix parsing empty mount option string (bsc#1133094). - cifs: allow guest mounts to work for smb3.11 (bsc#1051510). - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510). - cifs: do not dereference smb_file_target before null check (bsc#1051510). - cifs: Do not hide EINTR after sending network packets (bsc#1051510). - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510). - cifs: Do not reset lease state to NONE on lease break (bsc#1051510). - cifs: Fix adjustment of credits for MTU requests (bsc#1051510). - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510). - cifs: Fix credits calculations for reads with errors (bsc#1051510). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542). - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510). - cifs: Fix potential OOB access of lock element array (bsc#1051510). - cifs: Fix read after write for files with read caching (bsc#1051510). - clk: clk-twl6040: Fix imprecise external abort for pdmclk (bsc#1051510). - clk: fractional-divider: check parent rate only if flag is set (bsc#1051510). - clk: ingenic: Fix doc of ingenic_cgu_div_info (bsc#1051510). - clk: ingenic: Fix round_rate misbehaving with non-integer dividers (bsc#1051510). - clk: rockchip: fix frac settings of GPLL clock for rk3328 (bsc#1051510). - clk: sunxi-ng: v3s: Fix TCON reset de-assert bit (bsc#1051510). - clk: vc5: Abort clock configuration without upstream clock (bsc#1051510). - clk: x86: Add system specific quirk to mark clocks as critical (bsc#1051510). - clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown (bsc#1051510). - clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR (bsc#1051510). - cpcap-charger: generate events for userspace (bsc#1051510). - cpufreq: pxa2xx: remove incorrect __init annotation (bsc#1051510). - cpufreq: tegra124: add missing of_node_put() (bsc#1051510). - cpupowerutils: bench - Fix cpu online check (bsc#1051510). - cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178). - crypto: caam - add missing put_device() call (bsc#1129770). - crypto: crypto4xx - properly set IV after de- and encrypt (bsc#1051510). - crypto: pcbc - remove bogus memcpy()s with src == dest (bsc#1051510). - crypto: sha256/arm - fix crash bug in Thumb2 build (bsc#1051510). - crypto: sha512/arm - fix crash bug in Thumb2 build (bsc#1051510). - crypto: x86/poly1305 - fix overflow during partial reduction (bsc#1051510). - cxgb4: Add capability to get/set SGE Doorbell Queue Timer Tick (bsc#1127371). - cxgb4: Added missing break in ndo_udp_tunnel_{add/del} (bsc#1127371). - cxgb4: Add flag tc_flower_initialized (bsc#1127371). - cxgb4: Add new T5 PCI device id 0x50ae (bsc#1127371). - cxgb4: Add new T5 PCI device ids 0x50af and 0x50b0 (bsc#1127371). - cxgb4: Add new T6 PCI device ids 0x608a (bsc#1127371). - cxgb4: add per rx-queue counter for packet errors (bsc#1127371). - cxgb4: Add support for FW_ETH_TX_PKT_VM_WR (bsc#1127371). - cxgb4: add support to display DCB info (bsc#1127371). - cxgb4: Add support to read actual provisioned resources (bsc#1127371). - cxgb4: collect ASIC LA dumps from ULP TX (bsc#1127371). - cxgb4: collect hardware queue descriptors (bsc#1127371). - cxgb4: collect number of free PSTRUCT page pointers (bsc#1127371). - cxgb4: convert flower table to use rhashtable (bsc#1127371). - cxgb4: cxgb4: use FW_PORT_ACTION_L1_CFG32 for 32 bit capability (bsc#1127371). - cxgb4/cxgb4vf: Add support for SGE doorbell queue timer (bsc#1127371). - cxgb4/cxgb4vf: Fix mac_hlist initialization and free (bsc#1127374). - cxgb4/cxgb4vf: Link management changes (bsc#1127371). - cxgb4/cxgb4vf: Program hash region for {t4/t4vf}_change_mac() (bsc#1127371). - cxgb4: display number of rx and tx pages free (bsc#1127371). - cxgb4: do not return DUPLEX_UNKNOWN when link is down (bsc#1127371). - cxgb4: Export sge_host_page_size to ulds (bsc#1127371). - cxgb4: fix the error path of cxgb4_uld_register() (bsc#1127371). - cxgb4: impose mandatory VLAN usage when non-zero TAG ID (bsc#1127371). - cxgb4: Mask out interrupts that are not enabled (bsc#1127175). - cxgb4: move Tx/Rx free pages collection to common code (bsc#1127371). - cxgb4: remove redundant assignment to vlan_cmd.dropnovlan_fm (bsc#1127371). - cxgb4: Remove SGE_HOST_PAGE_SIZE dependency on page size (bsc#1127371). - cxgb4: remove the unneeded locks (bsc#1127371). - cxgb4: specify IQTYPE in fw_iq_cmd (bsc#1127371). - cxgb4: Support ethtool private flags (bsc#1127371). - cxgb4: update supported DCB version (bsc#1127371). - cxgb4: use new fw interface to get the VIN and smt index (bsc#1127371). - cxgb4vf: Few more link management changes (bsc#1127374). - cxgb4vf: fix memleak in mac_hlist initialization (bsc#1127374). - cxgb4vf: Update port information in cxgb4vf_open() (bsc#1127374). - device_cgroup: fix RCU imbalance in error case (bsc#1051510). - device property: Fix the length used in PROPERTY_ENTRY_STRING() (bsc#1051510). - Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc (bsc#1051510). - dmaengine: imx-dma: fix warning comparison of distinct pointer types (bsc#1051510). - dmaengine: qcom_hidma: assign channel cookie correctly (bsc#1051510). - dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid (bsc#1051510). - dmaengine: tegra: avoid overflow of byte tracking (bsc#1051510). - dm: disable DISCARD if the underlying storage no longer supports it (bsc#1114638). - Drivers: hv: vmbus: Offload the handling of channels to two workqueues (bsc#1130567). - Drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() (bsc#1130567). - drm: Auto-set allow_fb_modifiers when given modifiers at plane init (bsc#1051510). - drm: bridge: dw-hdmi: Fix overflow workaround for Rockchip SoCs (bsc#1113722) - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers (bsc#1051510). - drm/i915/bios: assume eDP is present on port A when there is no VBT (bsc#1051510). - drm/i915/gvt: Add in context mmio 0x20D8 to gen9 mmio list (bsc#1113722) - drm/i915/gvt: Annotate iomem usage (bsc#1051510). - drm/i915/gvt: do not deliver a workload if its creation fails (bsc#1051510). - drm/i915/gvt: do not let pin count of shadow mm go negative (bsc#1113722) - drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check (bsc#1051510). - drm/i915: Relax mmap VMA check (bsc#1051510). - drm/imx: ignore plane updates on disabled crtcs (bsc#1051510). - drm/imx: imx-ldb: add missing of_node_puts (bsc#1051510). - drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata() (bsc#1113722) - drm/meson: Fix invalid pointer in meson_drv_unbind() (bsc#1051510). - drm/meson: Uninstall IRQ handler (bsc#1051510). - drm/nouveau/debugfs: Fix check of pm_runtime_get_sync failure (bsc#1051510). - drm/nouveau: Stop using drm_crtc_force_disable (bsc#1051510). - drm/nouveau/volt/gf117: fix speedo readout register (bsc#1051510). - drm/rockchip: vop: reset scale mode when win is disabled (bsc#1113722) - drm/sun4i: Add missing drm_atomic_helper_shutdown at driver unbind (bsc#1113722) - drm/sun4i: Fix component unbinding and component master deletion (bsc#1113722) - drm/sun4i: Set device driver data at bind time for use in unbind (bsc#1113722) - drm/sun4i: Unbind components before releasing DRM and memory (bsc#1113722) - drm/udl: add a release method and delay modeset teardown (bsc#1085536) - drm/vc4: Fix memory leak during gpu reset. (bsc#1113722) - dsa: mv88e6xxx: Ensure all pending interrupts are handled prior to exit (networking-stable-19_02_20). - e1000e: fix cyclic resets at link up with active tx (bsc#1051510). - e1000e: Fix -Wformat-truncation warnings (bsc#1051510). - ext2: Fix underflow in ext2_max_size() (bsc#1131174). - ext4: add mask of ext4 flags to swap (bsc#1131170). - ext4: add missing brelse() in add_new_gdb_meta_bg() (bsc#1131176). - ext4: Avoid panic during forced reboot (bsc#1126356). - ext4: brelse all indirect buffer in ext4_ind_remove_space() (bsc#1131173). - ext4: cleanup bh release code in ext4_ind_remove_space() (bsc#1131851). - ext4: cleanup pagecache before swap i_data (bsc#1131178). - ext4: fix check of inode in swap_inode_boot_loader (bsc#1131177). - ext4: fix data corruption caused by unaligned direct AIO (bsc#1131172). - ext4: fix EXT4_IOC_SWAP_BOOT (bsc#1131180). - ext4: fix NULL pointer dereference while journal is aborted (bsc#1131171). - ext4: update quota information while swapping boot loader inode (bsc#1131179). - fbdev: fbmem: fix memory access if logo is bigger than the screen (bsc#1051510). - fix cgroup_do_mount() handling of failure exits (bsc#1133095). - Fix kabi after 'md: batch flush requests.' (bsc#1119680). - Fix struct page kABI after adding atomic for ppc (bsc#1131326, bsc#1108937). - fm10k: Fix a potential NULL pointer dereference (bsc#1051510). - fs: avoid fdput() after failed fdget() in vfs_dedupe_file_range() (bsc#1132384, bsc#1132219). - fs/dax: deposit pagetable even when installing zero page (bsc#1126740). - fs/nfs: Fix nfs_parse_devname to not modify it's argument (git-fixes). - futex: Cure exit race (bsc#1050549). - futex: Ensure that futex address is aligned in handle_futex_death() (bsc#1050549). - futex: Handle early deadlock return correctly (bsc#1050549). - gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input (bsc#1051510). - gpio: gpio-omap: fix level interrupt idling (bsc#1051510). - gpio: of: Fix of_gpiochip_add() error path (bsc#1051510). - gre6: use log_ecn_error module parameter in ip6_tnl_rcv() (git-fixes). - hid: i2c-hid: Ignore input report if there's no data present on Elan touchpanels (bsc#1133486). - hid: intel-ish-hid: avoid binding wrong ishtp_cl_device (bsc#1051510). - hid: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR busy_clear bit (bsc#1051510). - hv_netvsc: Fix IP header checksum for coalesced packets (networking-stable-19_03_07). - hv: reduce storvsc_ringbuffer_size from 1M to 128K to simplify booting with 1k vcpus (). - hv: reduce storvsc_ringbuffer_size from 1M to 128K to simplify booting with 1k vcpus (fate#323887). - hwrng: virtio - Avoid repeated init of completion (bsc#1051510). - i2c: Make i2c_unregister_device() NULL-aware (bsc#1108193). - i2c: tegra: fix maximum transfer size (bsc#1051510). - ibmvnic: Enable GRO (bsc#1132227). - ibmvnic: Fix completion structure initialization (bsc#1131659). - ibmvnic: Fix netdev feature clobbering during a reset (bsc#1132227). - iio: adc: at91: disable adc channel interrupt in timeout case (bsc#1051510). - iio: adc: fix warning in Qualcomm PM8xxx HK/XOADC driver (bsc#1051510). - iio: ad_sigma_delta: select channel when reading register (bsc#1051510). - iio: core: fix a possible circular locking dependency (bsc#1051510). - iio: cros_ec: Fix the maths for gyro scale calculation (bsc#1051510). - iio: dac: mcp4725: add missing powerdown bits in store eeprom (bsc#1051510). - iio: Fix scan mask selection (bsc#1051510). - iio/gyro/bmg160: Use millidegrees for temperature scale (bsc#1051510). - iio: gyro: mpu3050: fix chip ID reading (bsc#1051510). - input: cap11xx - switch to using set_brightness_blocking() (bsc#1051510). - input: matrix_keypad - use flush_delayed_work() (bsc#1051510). - input: snvs_pwrkey - initialize necessary driver data before enabling IRQ (bsc#1051510). - input: st-keyscan - fix potential zalloc NULL dereference (bsc#1051510). - input: synaptics-rmi4 - write config register values to the right offset (bsc#1051510). - input: uinput - fix undefined behavior in uinput_validate_absinfo() (bsc#1120902). - intel_idle: add support for Jacobsville (jsc#SLE-5394). - io: accel: kxcjk1013: restore the range after resume (bsc#1051510). - iommu/amd: Fix NULL dereference bug in match_hid_uid (bsc#1130336). - iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE (bsc#1130337). - iommu/amd: Reserve exclusion range in iova-domain (bsc#1130425). - iommu/amd: Set exclusion range correctly (bsc#1130425). - iommu: Do not print warning when IOMMU driver only supports unmanaged domains (bsc#1130130). - iommu/vt-d: Check capability before disabling protected memory (bsc#1130338). - ip6: fix PMTU discovery when using /127 subnets (git-fixes). - ip6mr: Do not call __IP6_INC_STATS() from preemptible context (git-fixes). - ip6_tunnel: fix ip6 tunnel lookup in collect_md mode (git-fixes). - ipmi: Fix I2C client removal in the SSIF driver (bsc#1108193). - ipmi_ssif: Remove duplicate NULL check (bsc#1108193). - ipv4: Return error for RTA_VIA attribute (networking-stable-19_03_07). - ipv4/route: fail early when inet dev is missing (git-fixes). - ipv6: Fix dangling pointer when ipv6 fragment (git-fixes). - ipv6: propagate genlmsg_reply return code (networking-stable-19_02_24). - ipv6: Return error for RTA_VIA attribute (networking-stable-19_03_07). - ipv6: sit: reset ip header pointer in ipip6_rcv (git-fixes). - ipvlan: disallow userns cap_net_admin to change global mode/flags (networking-stable-19_03_15). - ipvs: remove IPS_NAT_MASK check to fix passive FTP (git-fixes). - irqchip/gic-v3-its: Avoid parsing _indirect_ twice for Device table (bsc#1051510). - irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable (bsc#1051510). - iscsi_ibft: Fix missing break in switch statement (bsc#1051510). - iw_cxgb4: cq/qp mask depends on bar2 pages in a host page (bsc#1127371). - iwiwifi: fix bad monitor buffer register addresses (bsc#1129770). - iwlwifi: fix send hcmd timeout recovery flow (bsc#1129770). - iwlwifi: mvm: fix firmware statistics usage (bsc#1129770). - jbd2: clear dirty flag when revoking a buffer from an older transaction (bsc#1131167). - jbd2: fix compile warning when using JBUFFER_TRACE (bsc#1131168). - kABI: restore icmp_send (kabi). - kabi/severities: add cxgb4 and cxgb4vf shared data to the whitelis (bsc#1127372) - kabi/severities: add libcxgb to cxgb intra module symbols as well - kabi/severities: exclude cxgb4 inter-module symbols - kasan: fix shadow_size calculation error in kasan_module_alloc (bsc#1051510). - kbuild: fix false positive warning/error about missing libelf (bsc#1051510). - kbuild: modversions: Fix relative CRC byte order interpretation (bsc#1131290). - kbuild: strip whitespace in cmd_record_mcount findstring (bsc#1065729). - kcm: switch order of device registration to fix a crash (bnc#1130527). - kernfs: do not set dentry->d_fsdata (boo#1133115). - keys: always initialize keyring_index_key::desc_len (bsc#1051510). - keys: user: Align the payload buffer (bsc#1051510). - kvm: Call kvm_arch_memslots_updated() before updating memslots (bsc#1132563). - kvm: Fix kABI for AMD SMAP Errata workaround (bsc#1133149). - kvm: nVMX: Apply addr size mask to effective address for VMX instructions (bsc#1132561). - kvm: nVMX: Ignore limit checks on VMX instructions using flat segments (bsc#1132564). - kvm: nVMX: Sign extend displacements of VMX instr's mem operands (bsc#1132562). - kvm: PPC: Book3S HV: Fix race between kvm_unmap_hva_range and MMU mode switch (bsc#1061840). - kvm: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation) (bsc#1133149). - kvm: VMX: Compare only a single byte for VMCS' 'launched' in vCPU-run (bsc#1132555). - kvm: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts (bsc#1114279). - kvm: x86/mmu: Detect MMIO generation wrap in any address space (bsc#1132570). - kvm: x86/mmu: Do not cache MMIO accesses while memslots are in flux (bsc#1132571). - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID (bsc#1111331). - leds: pca9532: fix a potential NULL pointer dereference (bsc#1051510). - libceph: wait for latest osdmap in ceph_monc_blacklist_add() (bsc#1130427). - libertas_tf: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510). - lightnvm: if LUNs are already allocated fix return (bsc#1085535). - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a new <linux/bits.h> file (bsc#1111331). - mac80211: do not call driver wake_tx_queue op during reconfig (bsc#1051510). - mac80211: Fix Tx aggregation session tear down with ITXQs (bsc#1051510). - mac80211_hwsim: propagate genlmsg_reply return code (bsc#1051510). - md: batch flush requests (bsc#1119680). - md: Fix failed allocation of md_register_thread (git-fixes). - md/raid1: do not clear bitmap bits on interrupted recovery (git-fixes). - md/raid5: fix 'out of memory' during raid cache recovery (git-fixes). - media: mt9m111: set initial frame size other than 0x0 (bsc#1051510). - media: mtk-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: mx2_emmaprp: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: rc: mce_kbd decoder: fix stuck keys (bsc#1100132). - media: s5p-g2d: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: s5p-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: sh_veu: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: v4l2-ctrls.c/uvc: zero v4l2_event (bsc#1051510). - media: vb2: do not call __vb2_queue_cancel if vb2_start_streaming failed (bsc#1119086). - memremap: fix softlockup reports at teardown (bnc#1130154). - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S (bsc#1051510). - missing barriers in some of unix_sock ->addr and ->path accesses (networking-stable-19_03_15). - mmc: davinci: remove extraneous __init annotation (bsc#1051510). - mmc: pxamci: fix enum type confusion (bsc#1051510). - mmc: sdhci: Fix data command CRC error handling (bsc#1051510). - mmc: sdhci: Handle auto-command errors (bsc#1051510). - mmc: sdhci: Rename SDHCI_ACMD12_ERR and SDHCI_INT_ACMD12ERR (bsc#1051510). - mmc: tmio_mmc_core: do not claim spurious interrupts (bsc#1051510). - mm/debug.c: fix __dump_page when mapping->host is not set (bsc#1131934). - mm: Fix modifying of page protection by insert_pfn() (bsc#1126740). - mm: Fix warning in insert_pfn() (bsc#1126740). - mm/huge_memory.c: fix modifying of page protection by insert_pfn_pmd() (bsc#1126740). - mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate() (bsc#1131935). - mm/vmalloc: fix size check for remap_vmalloc_range_partial() (bsc#1133825). - mpls: Return error for RTA_GATEWAY attribute (networking-stable-19_03_07). - mt7601u: bump supported EEPROM version (bsc#1051510). - mwifiex: do not advertise IBSS features without FW support (bsc#1129770). - net: Add header for usage of fls64() (networking-stable-19_02_20). - net: Add __icmp_send helper (networking-stable-19_03_07). - net: avoid false positives in untrusted gso validation (git-fixes). - net: avoid use IPCB in cipso_v4_error (networking-stable-19_03_07). - net: bridge: add vlan_tunnel to bridge port policies (git-fixes). - net: bridge: fix per-port af_packet sockets (git-fixes). - net: bridge: multicast: use rcu to access port list from br_multicast_start_querier (git-fixes). - net: datagram: fix unbounded loop in __skb_try_recv_datagram() (git-fixes). - net: Do not allocate page fragments that are not skb aligned (networking-stable-19_02_20). - net: dsa: mv88e6xxx: Fix u64 statistics (networking-stable-19_03_07). - net: ena: update driver version from 2.0.2 to 2.0.3 (bsc#1129276 bsc#1125342). - netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING (git-fixes). - netfilter: check for seqadj ext existence before adding it in nf_nat_setup_info (git-fixes). - netfilter: ip6t_MASQUERADE: add dependency on conntrack module (git-fixes). - netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit() (git-fixes). - netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt (git-fixes). - netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target} (git-fixes). - netfilter: x_tables: fix int overflow in xt_alloc_table_info() (git-fixes). - net: Fix for_each_netdev_feature on Big endian (networking-stable-19_02_20). - net: fix IPv6 prefix route residue (networking-stable-19_02_20). - net: Fix untag for vlan packets without ethernet header (git-fixes). - net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off (git-fixes). - net/hsr: Check skb_put_padto() return value (git-fixes). - net: hsr: fix memory leak in hsr_dev_finalize() (networking-stable-19_03_15). - net/hsr: fix possible crash in add_timer() (networking-stable-19_03_15). - netlabel: fix out-of-bounds memory accesses (networking-stable-19_03_07). - netlink: fix nla_put_{u8,u16,u32} for KASAN (git-fixes). - net/mlx5e: Do not overwrite pedit action when multiple pedit used (networking-stable-19_02_24). - net/ncsi: Fix AEN HNCDSC packet length (git-fixes). - net/ncsi: Stop monitor if channel times out or is inactive (git-fixes). - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails (networking-stable-19_03_07). - net/packet: fix 4gb buffer limit due to overflow check (networking-stable-19_02_24). - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec (git-fixes). - net_sched: acquire RTNL in tc_action_net_exit() (git-fixes). - net_sched: fix two more memory leaks in cls_tcindex (networking-stable-19_02_24). - net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255 (networking-stable-19_03_15). - net: sit: fix memory leak in sit_init_net() (networking-stable-19_03_07). - net: sit: fix UBSAN Undefined behaviour in check_6rd (networking-stable-19_03_15). - net: socket: set sock->sk to NULL after calling proto_ops::release() (networking-stable-19_03_07). - net-sysfs: Fix mem leak in netdev_register_kobject (git-fixes). - net: validate untrusted gso packets without csum offload (networking-stable-19_02_20). - net/x25: fix a race in x25_bind() (networking-stable-19_03_15). - net/x25: fix use-after-free in x25_device_event() (networking-stable-19_03_15). - net/x25: reset state in x25_connect() (networking-stable-19_03_15). - net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() (git-fixes). - nfc: nci: Add some bounds checking in nci_hci_cmd_received() (bsc#1051510). - nfs: Add missing encode / decode sequence_maxsz to v4.2 operations (git-fixes). - nfsd4: catch some false session retries (git-fixes). - nfsd4: fix cached replies to solo SEQUENCE compounds (git-fixes). - nfsd: fix memory corruption caused by readdir (bsc#1127445). - nfsd: fix memory corruption caused by readdir (bsc#1127445). - nfs: Do not recoalesce on error in nfs_pageio_complete_mirror() (git-fixes). - nfs: Do not use page_file_mapping after removing the page (git-fixes). - nfs: Fix an I/O request leakage in nfs_do_recoalesce (git-fixes). - nfs: Fix a soft lockup in the delegation recovery code (git-fixes). - nfs: Fix a typo in nfs_init_timeout_values() (git-fixes). - nfs: Fix dentry revalidation on NFSv4 lookup (bsc#1132618). - nfs: Fix I/O request leakages (git-fixes). - nfs: fix mount/umount race in nlmclnt (git-fixes). - nfs/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount (git-fixes). - nfsv4.1 do not free interrupted slot on open (git-fixes). - nfsv4.1: Reinitialise sequence results before retransmitting a request (git-fixes). - nfsv4/flexfiles: Fix invalid deref in FF_LAYOUT_DEVID_NODE() (git-fixes). - nvme: add proper discard setup for the multipath device (bsc#1114638). - nvme: fix the dangerous reference of namespaces list (bsc#1131673). - nvme: make sure ns head inherits underlying device limits (bsc#1131673). - nvme-multipath: avoid crash on invalid subsystem cntlid enumeration (bsc#1129273). - nvme-multipath: split bios with the ns_head bio_set before submitting (bsc#1103259, bsc#1131673). - nvme: only reconfigure discard if necessary (bsc#1114638). - nvme: schedule requeue whenever a LIVE state is entered (bsc#1123105). - ocfs2: fix inode bh swapping mixup in ocfs2_reflink_inodes_lock (bsc#1131169). - pci: Add function 1 DMA alias quirk for Marvell 9170 SATA controller (bsc#1051510). - pci: designware-ep: dw_pcie_ep_set_msi() should only set MMC bits (bsc#1051510). - pci: designware-ep: Read-only registers need DBI_RO_WR_EN to be writable (bsc#1051510). - pci: pciehp: Convert to threaded IRQ (bsc#1133005). - pci: pciehp: Ignore Link State Changes after powering off a slot (bsc#1133005). - phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs (bsc#1051510). - pM / wakeup: Rework wakeup source timer cancellation (bsc#1051510). - powercap: intel_rapl: add support for Jacobsville (). - powercap: intel_rapl: add support for Jacobsville (FATE#327454). - powerpc/64: Call setup_barrier_nospec() from setup_arch() (bsc#1131107). - powerpc/64: Disable the speculation barrier from the command line (bsc#1131107). - powerpc64/ftrace: Include ftrace.h needed for enable/disable calls (bsc#1088804, git-fixes). - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (bsc#1131107). - powerpc/64s: Add new security feature flags for count cache flush (bsc#1131107). - powerpc/64s: Add support for software count cache flush (bsc#1131107). - powerpc/64s: Fix logic when handling unknown CPU features (bsc#1055117). - powerpc/64s: Fix page table fragment refcount race vs speculative references (bsc#1131326, bsc#1108937). - powerpc/asm: Add a patch_site macro & helpers for patching instructions (bsc#1131107). - powerpc: avoid -mno-sched-epilog on GCC 4.9 and newer (bsc#1065729). - powerpc: consolidate -mno-sched-epilog into FTRACE flags (bsc#1065729). - powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest (bsc#1061840). - powerpc/fsl: Fix spectre_v2 mitigations reporting (bsc#1131107). - powerpc/hugetlb: Handle mmap_min_addr correctly in get_unmapped_area callback (bsc#1131900). - powerpc/kvm: Save and restore host AMR/IAMR/UAMOR (bsc#1061840). - powerpc/mm: Add missing tracepoint for tlbie (bsc#1055117, git-fixes). - powerpc/mm: Check secondary hash page table (bsc#1065729). - powerpc/mm: Fix page table dump to work on Radix (bsc#1055186, fate#323286, git-fixes). - powerpc/mm: Fix page table dump to work on Radix (bsc#1055186, git-fixes). - powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown search (bsc#1131900). - powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186, fate#323286, git-fixes). - powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186, git-fixes). - powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186, fate#323286, git-fixes). - powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186, git-fixes). - powerpc/numa: document topology_updates_enabled, disable by default (bsc#1133584). - powerpc/numa: improve control of topology updates (bsc#1133584). - powerpc/perf: Fix unit_sel/cache_sel checks (bsc#1053043). - powerpc/perf: Remove l2 bus events from HW cache event array (bsc#1053043). - powerpc/powernv/cpuidle: Init all present cpus for deep states (bsc#1055121). - powerpc/powernv: Do not reprogram SLW image on every KVM guest entry/exit (bsc#1061840). - powerpc/powernv/ioda2: Remove redundant free of TCE pages (bsc#1061840). - powerpc/powernv/ioda: Allocate indirect TCE levels of cached userspace addresses on demand (bsc#1061840). - powerpc/powernv/ioda: Fix locked_vm counting for memory used by IOMMU tables (bsc#1061840). - powerpc/powernv: Make opal log only readable by root (bsc#1065729). - powerpc/powernv: Query firmware for count cache flush settings (bsc#1131107). - powerpc/powernv: Remove never used pnv_power9_force_smt4 (bsc#1061840). - powerpc/pseries/mce: Fix misleading print for TLB mutlihit (bsc#1094244, git-fixes). - powerpc/pseries: Query hypervisor for count cache flush settings (bsc#1131107). - powerpc/security: Fix spectre_v2 reporting (bsc#1131107). - powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587). - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#1131587). - power: supply: charger-manager: Fix incorrect return value (bsc#1051510). - pwm-backlight: Enable/disable the PWM before/after LCD enable toggle (bsc#1051510). - qmi_wwan: Add support for Quectel EG12/EM12 (networking-stable-19_03_07). - qmi_wwan: apply SET_DTR quirk to Sierra WP7607 (bsc#1051510). - qmi_wwan: Fix qmap header retrieval in qmimux_rx_fixup (bsc#1051510). - raid10: It's wrong to add len to sector_nr in raid10 reshape twice (git-fixes). - ras/cec: Check the correct variable in the debugfs error handling (bsc#1085535). - ravb: Decrease TxFIFO depth of Q3 and Q2 to one (networking-stable-19_03_15). - rdma/cxgb4: Add support for 64Byte cqes (bsc#1127371). - rdma/cxgb4: Add support for kernel mode SRQ's (bsc#1127371). - rdma/cxgb4: Add support for srq functions & structs (bsc#1127371). - rdma/cxgb4: fix some info leaks (bsc#1127371). - rdma/cxgb4: Make c4iw_poll_cq_one() easier to analyze (bsc#1127371). - rdma/cxgb4: Remove a set-but-not-used variable (bsc#1127371). - rdma/iw_cxgb4: Drop __GFP_NOFAIL (bsc#1127371). - rds: fix refcount bug in rds_sock_addref (git-fixes). - rds: tcp: atomically purge entries from rds_tcp_conn_list during netns delete (git-fixes). - regulator: max77620: Initialize values for DT properties (bsc#1051510). - regulator: s2mpa01: Fix step values for some LDOs (bsc#1051510). - Revert drm/i915 patches that caused regressions (bsc#1131062) - Revert 'ipv4: keep skb->dst around in presence of IP options' (git-fixes). - rhashtable: Still do rehash when we get EEXIST (bsc#1051510). - ring-buffer: Check if memory is available before allocation (bsc#1132531). - rpm/config.sh: Fix build project and bugzilla product. - rtc: 88pm80x: fix unintended sign extension (bsc#1051510). - rtc: 88pm860x: fix unintended sign extension (bsc#1051510). - rtc: cmos: ignore bogus century byte (bsc#1051510). - rtc: ds1672: fix unintended sign extension (bsc#1051510). - rtc: Fix overflow when converting time64_t to rtc_time (bsc#1051510). - rtc: pm8xxx: fix unintended sign extension (bsc#1051510). - rtnetlink: bring NETDEV_CHANGE_TX_QUEUE_LEN event process back in rtnetlink_event (git-fixes). - rtnetlink: bring NETDEV_CHANGEUPPER event process back in rtnetlink_event (git-fixes). - rtnetlink: bring NETDEV_POST_TYPE_CHANGE event process back in rtnetlink_event (git-fixes). - rtnetlink: check DO_SETLINK_NOTIFY correctly in do_setlink (git-fixes). - rxrpc: Do not release call mutex on error pointer (git-fixes). - rxrpc: Do not treat call aborts as conn aborts (git-fixes). - rxrpc: Fix client call queueing, waiting for channel (networking-stable-19_03_15). - rxrpc: Fix Tx ring annotation after initial Tx failure (git-fixes). - s390/dasd: fix panic for failed online processing (bsc#1132589). - s390/pkey: move pckmo subfunction available checks away from module init (bsc#1128544). - s390/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - scsi: libiscsi: fix possible NULL pointer dereference in case of TMF (bsc#1127378). - scsi: libsas: allocate sense buffer for bsg queue (bsc#1131467). - scsi: qla2xxx: Add new FC-NVMe enable BIT to enable FC-NVMe feature (bsc#1130579). - sctp: call gso_reset_checksum when computing checksum in sctp_gso_segment (networking-stable-19_02_24). - serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart (bsc#1051510). - serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling (bsc#1051510). - serial: imx: Update cached mctrl value when changing RTS (bsc#1051510). - serial: max310x: Fix to avoid potential NULL pointer dereference (bsc#1051510). - serial: sh-sci: Fix setting SCSCR_TIE while transferring data (bsc#1051510). - sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach() (networking-stable-19_02_24). - smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510). - soc: fsl: qbman: avoid race in clearing QMan interrupt (bsc#1051510). - SoC: imx-sgtl5000: add missing put_device() (bsc#1051510). - soc: qcom: gsbi: Fix error handling in gsbi_probe() (bsc#1051510). - soc/tegra: fuse: Fix illegal free of IO base address (bsc#1051510). - spi: pxa2xx: Setup maximum supported DMA transfer length (bsc#1051510). - spi: ti-qspi: Fix mmap read when more than one CS in use (bsc#1051510). - spi/topcliff_pch: Fix potential NULL dereference on allocation error (bsc#1051510). - staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf (bsc#1051510). - staging: comedi: ni_usb6501: Fix use of uninitialized mutex (bsc#1051510). - staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf (bsc#1051510). - staging: comedi: vmk80xx: Fix use of uninitialized semaphore (bsc#1051510). - staging: iio: ad7192: Fix ad7193 channel address (bsc#1051510). - staging: rtl8712: uninitialized memory in read_bbreg_hdl() (bsc#1051510). - staging: vt6655: Fix interrupt race condition on device start up (bsc#1051510). - staging: vt6655: Remove vif check from vnt_interrupt (bsc#1051510). - sunrpc/cache: handle missing listeners better (bsc#1126221). - sunrpc: fix 4 more call sites that were using stack memory with a scatterlist (git-fixes). - supported.conf: Add vxlan to kernel-default-base (bsc#1132083). - supported.conf: dw_mmc-bluefield is not needed in kernel-default-base (bsc#1131574). - svm/avic: Fix invalidate logical APIC id entry (bsc#1132726). - svm: Fix AVIC DFR and LDR handling (bsc#1132558). - svm: Fix improper check when deactivate AVIC (bsc#1130335). - sysctl: handle overflow for file-max (bsc#1051510). - tcp: fix TCP_REPAIR_QUEUE bound checking (git-fixes). - tcp: tcp_v4_err() should be more careful (networking-stable-19_02_20). - thermal: bcm2835: Fix crash in bcm2835_thermal_debugfs (bsc#1051510). - thermal/intel_powerclamp: fix truncated kthread name (). - thermal/intel_powerclamp: fix truncated kthread name (FATE#326597). - tipc: fix race condition causing hung sendto (networking-stable-19_03_07). - tpm: Fix some name collisions with drivers/char/tpm.h (bsc#1051510). - tpm: Fix the type of the return value in calc_tpm2_event_size() (bsc#1082555). - tpm_tis_spi: Pass the SPI IRQ down to the driver (bsc#1051510). - tpm/tpm_crb: Avoid unaligned reads in crb_recv() (bsc#1051510). - tracing: Fix a memory leak by early error exit in trace_pid_write() (bsc#1133702). - tracing: Fix buffer_ref pipe ops (bsc#1133698). - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account (bsc#1132527). - tty: atmel_serial: fix a potential NULL pointer dereference (bsc#1051510). - tun: fix blocking read (networking-stable-19_03_07). - tun: remove unnecessary memory barrier (networking-stable-19_03_07). - udf: Fix crash on IO error during truncate (bsc#1131175). - uio: Reduce return paths from uio_write() (bsc#1051510). - Update patches.kabi/kabi-cxgb4-MU.patch (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584 bsc#1127371). - usb: cdc-acm: fix race during wakeup blocking TX traffic (bsc#1129770). - usb: chipidea: Grab the (legacy) USB PHY by phandle first (bsc#1051510). - usb: common: Consider only available nodes for dr_mode (bsc#1129770). - usb: core: only clean up what we allocated (bsc#1051510). - usb: dwc3: gadget: Fix the uninitialized link_state when udc starts (bsc#1051510). - usb: dwc3: gadget: synchronize_irq dwc irq in suspend (bsc#1051510). - usb: f_fs: Avoid crash due to out-of-scope stack ptr access (bsc#1051510). - usb: gadget: f_hid: fix deadlock in f_hidg_write() (bsc#1129770). - usb: gadget: Potential NULL dereference on allocation error (bsc#1051510). - usb: host: xhci-rcar: Add XHCI_TRUST_TX_LENGTH quirk (bsc#1051510). - usb: mtu3: fix EXTCON dependency (bsc#1051510). - usb: phy: fix link errors (bsc#1051510). - usb: phy: twl6030-usb: fix possible use-after-free on remove (bsc#1051510). - usb: serial: cp210x: add ID for Ingenico 3070 (bsc#1129770). - usb: serial: cp210x: add new device id (bsc#1051510). - usb: serial: cp210x: fix GPIO in autosuspend (bsc#1120902). - usb: serial: ftdi_sio: add additional NovaTech products (bsc#1051510). - usb: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485 (bsc#1129770). - usb: serial: mos7720: fix mos_parport refcount imbalance on error path (bsc#1129770). - usb: serial: option: add Olicard 600 (bsc#1051510). - usb: serial: option: add support for Quectel EM12 (bsc#1051510). - usb: serial: option: add Telit ME910 ECM composition (bsc#1129770). - usb: serial: option: set driver_info for SIM5218 and compatibles (bsc#1129770). - vfs: allow dedupe of user owned read-only files (bsc#1133778, bsc#1132219). - vfs: avoid problematic remapping requests into partial EOF block (bsc#1133850, bsc#1132219). - vfs: dedupe: extract helper for a single dedup (bsc#1133769, bsc#1132219). - vfs: dedupe should return EPERM if permission is not granted (bsc#1133779, bsc#1132219). - vfs: exit early from zero length remap operations (bsc#1132411, bsc#1132219). - vfs: export vfs_dedupe_file_range_one() to modules (bsc#1133772, bsc#1132219). - vfs: limit size of dedupe (bsc#1132397, bsc#1132219). - vfs: rename clone_verify_area to remap_verify_area (bsc#1133852, bsc#1132219). - vfs: skip zero-length dedupe requests (bsc#1133851, bsc#1132219). - vfs: swap names of {do,vfs}_clone_file_range() (bsc#1133774, bsc#1132219). - vfs: vfs_clone_file_prep_inodes should return EINVAL for a clone from beyond EOF (bsc#1133780, bsc#1132219). - video: fbdev: Set pixclock = 0 in goldfishfb (bsc#1051510). - vxlan: test dev->flags & IFF_UP before calling netif_rx() (networking-stable-19_02_20). - wil6210: check null pointer in _wil_cfg80211_merge_extra_ies (bsc#1051510). - wlcore: Fix memory leak in case wl12xx_fetch_firmware failure (bsc#1051510). - x86/cpu: Add Atom Tremont (Jacobsville) (). - x86/cpu: Add Atom Tremont (Jacobsville) (FATE#327454). - x86/CPU/AMD: Set the CPB bit unconditionally on F17h (bsc#1114279). - x86/cpu: Sanitize FAM6_ATOM naming (bsc#1111331). - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (bsc#1111331). - x86/kvm/hyper-v: avoid spurious pending stimer on vCPU init (bsc#1132572). - x86/kvm/vmx: Add MDS protection when L1D Flush is not active (bsc#1111331). - x86/MCE/AMD, EDAC/mce_amd: Add new error descriptions for some SMCA bank types (bsc#1128415). - x86/MCE/AMD, EDAC/mce_amd: Add new McaTypes for CS, PSP, and SMU units (bsc#1128415). - x86/MCE/AMD, EDAC/mce_amd: Add new MP5, NBIO, and PCIE SMCA bank types (bsc#1128415). - x86/mce/AMD, EDAC/mce_amd: Enumerate Reserved SMCA bank type (bsc#1128415). - x86/mce/AMD: Pass the bank number to smca_get_bank_type() (bsc#1128415). - x86/MCE: Fix kABI for new AMD bank names (bsc#1128415). - x86/mce: Handle varying MCA bank counts (bsc#1128415). - x86/mce: Improve error message when kernel cannot recover, p2 (bsc#1114279). - x86/msr-index: Cleanup bit defines (bsc#1111331). - x86/PCI: Fixup RTIT_BAR of Intel Denverton Trace Hub (bsc#1120318). - x86/speculation: Consolidate CPU whitelists (bsc#1111331). - x86/speculation/mds: Add basic bug infrastructure for MDS (bsc#1111331). - x86/speculation/mds: Add BUG_MSBDS_ONLY (bsc#1111331). - x86/speculation/mds: Add mds_clear_cpu_buffers() (bsc#1111331). - x86/speculation/mds: Add mds=full,nosmt cmdline option (bsc#1111331). - x86/speculation/mds: Add mitigation control for MDS (bsc#1111331). - x86/speculation/mds: Add mitigation mode VMWERV (bsc#1111331). - x86/speculation/mds: Add 'mitigations=' support for MDS (bsc#1111331). - x86/speculation/mds: Add SMT warning message (bsc#1111331). - x86/speculation/mds: Add sysfs reporting for MDS (bsc#1111331). - x86/speculation/mds: Clear CPU buffers on exit to user (bsc#1111331). - x86/speculation/mds: Conditionally clear CPU buffers on idle entry (bsc#1111331). - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (bsc#1111331). - x86/speculation: Move arch_smt_update() call to after mitigation decisions (bsc#1111331). - x86/speculation: Prevent deadlock on ssb_state::lock (bsc#1114279). - x86/speculation: Simplify the CPU bug detection logic (bsc#1111331). - x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - x86/tsc: Force inlining of cyc2ns bits (bsc#1052904). - x86/uaccess: Do not leak the AC flag into __put_user() value evaluation (bsc#1114279). - xen-netback: do not populate the hash cache on XenBus disconnect (networking-stable-19_03_07). - xen-netback: fix occasional leak of grant ref mappings under memory pressure (networking-stable-19_03_07). - xen: Prevent buffer overflow in privcmd ioctl (bsc#1065600). - xfrm: do not call rcu_read_unlock when afinfo is NULL in xfrm_get_tos (git-fixes). - xfrm: Fix ESN sequence number handling for IPsec GSO packets (git-fixes). - xfrm: fix rcu_read_unlock usage in xfrm_local_error (git-fixes). - xfs: add the ability to join a held buffer to a defer_ops (bsc#1133674). - xfs: allow xfs_lock_two_inodes to take different EXCL/SHARED modes (bsc#1132370, bsc#1132219). - xfs: call xfs_qm_dqattach before performing reflink operations (bsc#1132368, bsc#1132219). - xfs: cap the length of deduplication requests (bsc#1132373, bsc#1132219). - xfs: clean up xfs_reflink_remap_blocks call site (bsc#1132413, bsc#1132219). - xfs: fix data corruption w/ unaligned dedupe ranges (bsc#1132405, bsc#1132219). - xfs: fix data corruption w/ unaligned reflink ranges (bsc#1132407, bsc#1132219). - xfs: fix pagecache truncation prior to reflink (bsc#1132412, bsc#1132219). - xfs: fix reporting supported extra file attributes for statx() (bsc#1133529). - xfs: flush removing page cache in xfs_reflink_remap_prep (bsc#1132414, bsc#1132219). - xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute (bsc#1133675). - xfs: only grab shared inode locks for source file during reflink (bsc#1132372, bsc#1132219). - xfs: refactor clonerange preparation into a separate helper (bsc#1132402, bsc#1132219). - xfs: refactor xfs_trans_roll (bsc#1133667). - xfs: reflink find shared should take a transaction (bsc#1132226, bsc#1132219). - xfs: reflink should break pnfs leases before sharing blocks (bsc#1132369, bsc#1132219). - xfs: remove dest file's post-eof preallocations before reflinking (bsc#1132365, bsc#1132219). - xfs: remove the ip argument to xfs_defer_finish (bsc#1133672). - xfs: rename xfs_defer_join to xfs_defer_ijoin (bsc#1133668). - xfs: update ctime and remove suid before cloning files (bsc#1132404, bsc#1132219). - xfs: zero posteof blocks when cloning above eof (bsc#1132403, bsc#1132219). - xhci: Do not let USB3 ports stuck in polling state prevent suspend (bsc#1051510). - xhci: Fix port resume done detection for SS ports with LPM enabled (bsc#1051510). Important SUSE bug 1050549 SUSE bug 1051510 SUSE bug 1052904 SUSE bug 1053043 SUSE bug 1055117 SUSE bug 1055121 SUSE bug 1055186 SUSE bug 1061840 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1070872 SUSE bug 1082555 SUSE bug 1083647 SUSE bug 1085535 SUSE bug 1085536 SUSE bug 1088804 SUSE bug 1094244 SUSE bug 1097583 SUSE bug 1097584 SUSE bug 1097585 SUSE bug 1097586 SUSE bug 1097587 SUSE bug 1097588 SUSE bug 1100132 SUSE bug 1103186 SUSE bug 1103259 SUSE bug 1108193 SUSE bug 1108937 SUSE bug 1111331 SUSE bug 1112128 SUSE bug 1112178 SUSE bug 1113399 SUSE bug 1113722 SUSE bug 1114279 SUSE bug 1114542 SUSE bug 1114638 SUSE bug 1119086 SUSE bug 1119680 SUSE bug 1120318 SUSE bug 1120902 SUSE bug 1122767 SUSE bug 1123105 SUSE bug 1125342 SUSE bug 1126221 SUSE bug 1126356 SUSE bug 1126704 SUSE bug 1126740 SUSE bug 1127175 SUSE bug 1127371 SUSE bug 1127372 SUSE bug 1127374 SUSE bug 1127378 SUSE bug 1127445 SUSE bug 1128415 SUSE bug 1128544 SUSE bug 1129273 SUSE bug 1129276 SUSE bug 1129770 SUSE bug 1130130 SUSE bug 1130154 SUSE bug 1130195 SUSE bug 1130335 SUSE bug 1130336 SUSE bug 1130337 SUSE bug 1130338 SUSE bug 1130425 SUSE bug 1130427 SUSE bug 1130518 SUSE bug 1130527 SUSE bug 1130567 SUSE bug 1130579 SUSE bug 1131062 SUSE bug 1131107 SUSE bug 1131167 SUSE bug 1131168 SUSE bug 1131169 SUSE bug 1131170 SUSE bug 1131171 SUSE bug 1131172 SUSE bug 1131173 SUSE bug 1131174 SUSE bug 1131175 SUSE bug 1131176 SUSE bug 1131177 SUSE bug 1131178 SUSE bug 1131179 SUSE bug 1131180 SUSE bug 1131290 SUSE bug 1131326 SUSE bug 1131335 SUSE bug 1131336 SUSE bug 1131416 SUSE bug 1131427 SUSE bug 1131442 SUSE bug 1131467 SUSE bug 1131574 SUSE bug 1131587 SUSE bug 1131659 SUSE bug 1131673 SUSE bug 1131847 SUSE bug 1131848 SUSE bug 1131851 SUSE bug 1131900 SUSE bug 1131934 SUSE bug 1131935 SUSE bug 1132083 SUSE bug 1132219 SUSE bug 1132226 SUSE bug 1132227 SUSE bug 1132365 SUSE bug 1132368 SUSE bug 1132369 SUSE bug 1132370 SUSE bug 1132372 SUSE bug 1132373 SUSE bug 1132384 SUSE bug 1132397 SUSE bug 1132402 SUSE bug 1132403 SUSE bug 1132404 SUSE bug 1132405 SUSE bug 1132407 SUSE bug 1132411 SUSE bug 1132412 SUSE bug 1132413 SUSE bug 1132414 SUSE bug 1132426 SUSE bug 1132527 SUSE bug 1132531 SUSE bug 1132555 SUSE bug 1132558 SUSE bug 1132561 SUSE bug 1132562 SUSE bug 1132563 SUSE bug 1132564 SUSE bug 1132570 SUSE bug 1132571 SUSE bug 1132572 SUSE bug 1132589 SUSE bug 1132618 SUSE bug 1132681 SUSE bug 1132726 SUSE bug 1132828 SUSE bug 1132943 SUSE bug 1133005 SUSE bug 1133094 SUSE bug 1133095 SUSE bug 1133115 SUSE bug 1133149 SUSE bug 1133486 SUSE bug 1133529 SUSE bug 1133584 SUSE bug 1133667 SUSE bug 1133668 SUSE bug 1133672 SUSE bug 1133674 SUSE bug 1133675 SUSE bug 1133698 SUSE bug 1133702 SUSE bug 1133731 SUSE bug 1133769 SUSE bug 1133772 SUSE bug 1133774 SUSE bug 1133778 SUSE bug 1133779 SUSE bug 1133780 SUSE bug 1133825 SUSE bug 1133850 SUSE bug 1133851 SUSE bug 1133852 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-16880 CVE-2019-11091 CVE-2019-3882 CVE-2019-9003 CVE-2019-9500 CVE-2019-9503 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. - CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power. - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) - CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) - CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) - CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM existed. It could have occured with FUSE requests. (bnc#1133190) - CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) - CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603) - CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access. (bnc#1135278) - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a hidPCONNADD command, because a name field may not end with a '\0' character. (bnc#1134848) - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions. (bnc#1133188) The following non-security bugs were fixed: - 9p locks: add mount option for lock retry interval (bsc#1051510). - Update config files. Debug kernel is not supported (bsc#1135492). - acpi / utils: Drop reference in test for device presence (bsc#1051510). - acpi: button: reinitialize button state upon resume (bsc#1051510). - acpi: fix menuconfig presentation of acpi submenu (bsc#1117158). - acpica: AML interpreter: add region addresses in global list during initialization (bsc#1051510). - acpica: Namespace: remove address node from global list after method termination (bsc#1051510). - alsa: core: Do not refer to snd_cards array directly (bsc#1051510). - alsa: emu10k1: Drop superfluous id-uniquification behavior (bsc#1051510). - alsa: hda - Register irq handler after the chip initialization (bsc#1051510). - alsa: hda - Use a macro for snd_array iteration loops (bsc#1051510). - alsa: hda/hdmi - Consider eld_valid when reporting jack event (bsc#1051510). - alsa: hda/hdmi - Read the pin sense from register when repolling (bsc#1051510). - alsa: hda/realtek - Avoid superfluous COEF EAPD setups (bsc#1051510). - alsa: hda/realtek - Corrected fixup for System76 Gazelle (gaze14) (bsc#1051510). - alsa: hda/realtek - EAPD turn on later (bsc#1051510). - alsa: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug (bsc#1051510). - alsa: hda/realtek - Fixup headphone noise via runtime suspend (bsc#1051510). - alsa: hda/realtek - Improve the headset mic for Acer Aspire laptops (bsc#1051510). - alsa: hdea/realtek - Headset fixup for System76 Gazelle (gaze14) (bsc#1051510). - alsa: line6: Avoid polluting led_* namespace (bsc#1051510). - alsa: seq: Align temporary re-locking with irqsave version (bsc#1051510). - alsa: seq: Correct unlock sequence at snd_seq_client_ioctl_unlock() (bsc#1051510). - alsa: seq: Cover unsubscribe_port() in list_mutex (bsc#1051510). - alsa: seq: Fix race of get-subscription call vs port-delete ioctls (bsc#1051510). - alsa: seq: Protect in-kernel ioctl calls with mutex (bsc#1051510). - alsa: seq: Protect racy pool manipulation from OSS sequencer (bsc#1051510). - alsa: seq: Remove superfluous irqsave flags (bsc#1051510). - alsa: seq: Simplify snd_seq_kernel_client_enqueue() helper (bsc#1051510). - alsa: timer: Check ack_list emptiness instead of bit flag (bsc#1051510). - alsa: timer: Coding style fixes (bsc#1051510). - alsa: timer: Make snd_timer_close() really kill pending actions (bsc#1051510). - alsa: timer: Make sure to clear pending ack list (bsc#1051510). - alsa: timer: Revert active callback sync check at close (bsc#1051510). - alsa: timer: Simplify error path in snd_timer_open() (bsc#1051510). - alsa: timer: Unify timer callback process code (bsc#1051510). - alsa: usb-audio: Fix a memory leak bug (bsc#1051510). - alsa: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk() (bsc#1051510). - alsa: usx2y: fix a double free bug (bsc#1051510). - appletalk: Fix compile regression (bsc#1051510). - appletalk: Fix use-after-free in atalk_proc_exit (bsc#1051510). - arch: arm64: acpi: KABI ginore includes (bsc#1117158 bsc#1134671). - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (bsc#1117158). - arm64/x86: Update config files. Use CONFIG_ARCH_SUPPORTS_acpi - arm64: Export save_stack_trace_tsk() (jsc#SLE-4214). - arm64: acpi: fix alignment fault in accessing acpi (bsc#1117158). - arm64: fix acpi dependencies (bsc#1117158). - arm: 8824/1: fix a migrating irq bug when hotplug cpu (bsc#1051510). - arm: 8833/1: Ensure that NEON code always compiles with Clang (bsc#1051510). - arm: 8839/1: kprobe: make patch_lock a raw_spinlock_t (bsc#1051510). - arm: 8840/1: use a raw_spinlock_t in unwind (bsc#1051510). - arm: OMAP2+: Variable 'reg' in function omap4_dsi_mux_pads() could be uninitialized (bsc#1051510). - arm: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug (bsc#1051510). - arm: avoid Cortex-A9 livelock on tight dmb loops (bsc#1051510). - arm: imx6q: cpuidle: fix bug that CPU might not wake up at expected time (bsc#1051510). - arm: iop: do not use using 64-bit DMA masks (bsc#1051510). - arm: orion: do not use using 64-bit DMA masks (bsc#1051510). - arm: pxa: ssp: unneeded to free devm_ allocated data (bsc#1051510). - arm: s3c24xx: Fix boolean expressions in osiris_dvs_notify (bsc#1051510). - arm: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms (bsc#1051510). - asoc: Intel: avoid Oops if DMA setup fails (bsc#1051510). - asoc: RT5677-SPI: Disable 16Bit SPI Transfers (bsc#1051510). - asoc: cs4270: Set auto-increment bit for register writes (bsc#1051510). - asoc: fix valid stream condition (bsc#1051510). - asoc: fsl_esai: Fix missing break in switch statement (bsc#1051510). - asoc: hdmi-codec: fix S/PDIF DAI (bsc#1051510). - asoc: max98090: Fix restore of DAPM Muxes (bsc#1051510). - asoc: nau8810: fix the issue of widget with prefixed name (bsc#1051510). - asoc: nau8824: fix the issue of the widget with prefix name (bsc#1051510). - asoc: samsung: odroid: Fix clock configuration for 44100 sample rate (bsc#1051510). - asoc: stm32: fix sai driver name initialisation (bsc#1051510). - asoc: tlv320aic32x4: Fix Common Pins (bsc#1051510). - asoc: wm_adsp: Add locking to wm_adsp2_bus_error (bsc#1051510). - asoc:soc-pcm:fix a codec fixup issue in TDM case (bsc#1051510). - at76c50x-usb: Do not register led_trigger if usb_register_driver failed (bsc#1051510). - audit: fix a memleak caused by auditing load module (bsc#1051510). - b43: shut up clang -Wuninitialized variable warning (bsc#1051510). - backlight: lm3630a: Return 0 on success in update_status functions (bsc#1051510). - bcache: Move couple of functions to sysfs.c (bsc#1130972). - bcache: Move couple of string arrays to sysfs.c (bsc#1130972). - bcache: Populate writeback_rate_minimum attribute (bsc#1130972). - bcache: Replace bch_read_string_list() by __sysfs_match_string() (bsc#1130972). - bcache: account size of buckets used in uuid write to ca->meta_sectors_written (bsc#1130972). - bcache: add MODULE_DESCRIPTION information (bsc#1130972). - bcache: add a comment in super.c (bsc#1130972). - bcache: add code comments for bset.c (bsc#1130972). - bcache: add comment for cache_set->fill_iter (bsc#1130972). - bcache: add identifier names to arguments of function definitions (bsc#1130972). - bcache: add missing SPDX header (bsc#1130972). - bcache: add separate workqueue for journal_write to avoid deadlock (bsc#1130972). - bcache: add static const prefix to char * array declarations (bsc#1130972). - bcache: add sysfs_strtoul_bool() for setting bit-field variables (bsc#1130972). - bcache: add the missing comments for smp_mb()/smp_wmb() (bsc#1130972). - bcache: cannot set writeback_running via sysfs if no writeback kthread created (bsc#1130972). - bcache: correct dirty data statistics (bsc#1130972). - bcache: do not assign in if condition in bcache_init() (bsc#1130972). - bcache: do not assign in if condition register_bcache() (bsc#1130972). - bcache: do not check NULL pointer before calling kmem_cache_destroy (bsc#1130972). - bcache: do not check if debug dentry is ERR or NULL explicitly on remove (bsc#1130972). - bcache: do not clone bio in bch_data_verify (bsc#1130972). - bcache: do not mark writeback_running too early (bsc#1130972). - bcache: export backing_dev_name via sysfs (bsc#1130972). - bcache: export backing_dev_uuid via sysfs (bsc#1130972). - bcache: fix code comments style (bsc#1130972). - bcache: fix indent by replacing blank by tabs (bsc#1130972). - bcache: fix indentation issue, remove tabs on a hunk of code (bsc#1130972). - bcache: fix input integer overflow of congested threshold (bsc#1130972). - bcache: fix input overflow to cache set io_error_limit (bsc#1130972). - bcache: fix input overflow to cache set sysfs file io_error_halflife (bsc#1130972). - bcache: fix input overflow to journal_delay_ms (bsc#1130972). - bcache: fix input overflow to sequential_cutoff (bsc#1130972). - bcache: fix input overflow to writeback_delay (bsc#1130972). - bcache: fix input overflow to writeback_rate_minimum (bsc#1130972). - bcache: fix ioctl in flash device (bsc#1130972). - bcache: fix mistaken code comments in bcache.h (bsc#1130972). - bcache: fix mistaken comments in request.c (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_i_term_inverse (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_p_term_inverse (bsc#1130972). - bcache: fix typo 'succesfully' to 'successfully' (bsc#1130972). - bcache: fix typo in code comments of closure_return_with_destructor() (bsc#1130972). - bcache: improve sysfs_strtoul_clamp() (bsc#1130972). - bcache: introduce force_wake_up_gc() (bsc#1130972). - bcache: make cutoff_writeback and cutoff_writeback_sync tunable (bsc#1130972). - bcache: move open brace at end of function definitions to next line (bsc#1130972). - bcache: never writeback a discard operation (bsc#1130972). - bcache: not use hard coded memset size in bch_cache_accounting_clear() (bsc#1130972). - bcache: option to automatically run gc thread after writeback (bsc#1130972). - bcache: panic fix for making cache device (bsc#1130972). - bcache: prefer 'help' in Kconfig (bsc#1130972). - bcache: print number of keys in trace_bcache_journal_write (bsc#1130972). - bcache: recal cached_dev_sectors on detach (bsc#1130972). - bcache: remove unnecessary space before ioctl function pointer arguments (bsc#1130972). - bcache: remove unused bch_passthrough_cache (bsc#1130972). - bcache: remove useless parameter of bch_debug_init() (bsc#1130972). - bcache: replace '%pF' by '%pS' in seq_printf() (bsc#1130972). - bcache: replace Symbolic permissions by octal permission numbers (bsc#1130972). - bcache: replace hard coded number with BUCKET_GC_GEN_MAX (bsc#1130972). - bcache: replace printk() by pr_*() routines (bsc#1130972). - bcache: set writeback_percent in a flexible range (bsc#1130972). - bcache: split combined if-condition code into separate ones (bsc#1130972). - bcache: stop bcache device when backing device is offline (bsc#1130972). - bcache: stop using the deprecated get_seconds() (bsc#1130972). - bcache: style fix to add a blank line after declarations (bsc#1130972). - bcache: style fix to replace 'unsigned' by 'unsigned int' (bsc#1130972). - bcache: style fixes for lines over 80 characters (bsc#1130972). - bcache: treat stale and dirty keys as bad keys (bsc#1130972). - bcache: trivial - remove tailing backslash in macro BTREE_FLAG (bsc#1130972). - bcache: update comment for bch_data_insert (bsc#1130972). - bcache: update comment in sysfs.c (bsc#1130972). - bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata (bsc#1130972). - bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set (bsc#1130972). - bcache: use REQ_PRIO to indicate bio for metadata (bsc#1130972). - bcache: use routines from lib/crc64.c for CRC64 calculation (bsc#1130972). - bcache: use sysfs_strtoul_bool() to set bit-field variables (bsc#1130972). - block: Do not revalidate bdev of hidden gendisk (bsc#1120091). - block: check_events: do not bother with events if unsupported (bsc#1110946, bsc#1119843). - block: disk_events: introduce event flags (bsc#1110946, bsc#1119843). - block: do not leak memory in bio_copy_user_iov() (bsc#1135309). - block: fix the return errno for direct IO (bsc#1135320). - block: fix use-after-free on gendisk (bsc#1135312). - bluetooth: Align minimum encryption key size for LE and BR/EDR connections (bsc#1051510). - bluetooth: Check key sizes only when Secure Simple Pairing is enabled (bsc#1135556). - bluetooth: hidp: fix buffer overflow (bsc#1051510). - bnxt_en: Free short FW command HWRM memory in error path in bnxt_init_one() (bsc#1050242). - bnxt_en: Improve RX consumer index validity check (networking-stable-19_04_10). - bnxt_en: Improve multicast address setup logic (networking-stable-19_05_04). - bnxt_en: Reset device on RX buffer errors (networking-stable-19_04_10). - bonding: fix event handling for stacked bonds (networking-stable-19_04_19). - bpf, lru: avoid messing with eviction heuristics upon syscall lookup (bsc#1083647). - bpf: Add missed newline in verifier verbose log (bsc#1056787). - bpf: add map_lookup_elem_sys_only for lookups from syscall side (bsc#1083647). - brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() (bsc#1051510). - btrfs: Do not panic when we can't find a root key (bsc#1112063). - btrfs: Factor out common delayed refs init code (bsc#1134813). - btrfs: Introduce init_delayed_ref_head (bsc#1134813). - btrfs: Open-code add_delayed_data_ref (bsc#1134813). - btrfs: Open-code add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_data_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_head in add_delayed_ref_head (bsc#1134813). - btrfs: add a helper to return a head ref (bsc#1134813). - btrfs: breakout empty head cleanup to a helper (bsc#1134813). - btrfs: delayed-ref: Introduce better documented delayed ref structures (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: do not allow trimming when a fs is mounted with the nologreplay option (bsc#1135758). - btrfs: do not double unlock on error in btrfs_punch_hole (bsc#1136881). - btrfs: extent-tree: Fix a bug that btrfs is unable to add pinned bytes (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Open-code process_func in __btrfs_mod_ref (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor add_pinned_bytes() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_free_extent() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_inc_extent_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: fix fsync not persisting changed attributes of a directory (bsc#1137151). - btrfs: fix race between ranged fsync and writeback of adjacent ranges (bsc#1136477). - btrfs: fix race updating log root item during fsync (bsc#1137153). - btrfs: fix wrong ctime and mtime of a directory after log replay (bsc#1137152). - btrfs: improve performance on fsync of files with multiple hardlinks (bsc#1123454). - btrfs: move all ref head cleanup to the helper function (bsc#1134813). - btrfs: move extent_op cleanup to a helper (bsc#1134813). - btrfs: move ref_mod modification into the if (ref) logic (bsc#1134813). - btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer dereference (bsc#1134806). - btrfs: qgroup: Do not scan leaf if we're modifying reloc tree (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: qgroup: Move reserved data accounting from btrfs_delayed_ref_head to btrfs_qgroup_extent_record (bsc#1134162). - btrfs: qgroup: Remove duplicated trace points for qgroup_rsv_add/release (bsc#1134160). - btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON() (bsc#1133612). - btrfs: remove delayed_ref_node from ref_head (bsc#1134813). - btrfs: send, flush dellaloc in order to avoid data loss (bsc#1133320). - btrfs: split delayed ref head initialization and addition (bsc#1134813). - btrfs: track refs in a rb_tree instead of a list (bsc#1134813). - btrfs: tree-checker: detect file extent items with overlapping ranges (bsc#1136478). - ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134461). - ceph: fix ci->i_head_snapc leak (bsc#1122776). - ceph: fix use-after-free on symlink traversal (bsc#1134459). - ceph: only use d_name directly when parent is locked (bsc#1134460). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565). - clk: rockchip: Fix video codec clocks on rk3288 (bsc#1051510). - clk: rockchip: fix wrong clock definitions for rk3328 (bsc#1051510). - configfs: Fix use-after-free when accessing sd->s_dentry (bsc#1051510). - configfs: fix possible use-after-free in configfs_register_group (bsc#1051510). - crypto: arm/aes-neonbs - do not access already-freed walk.iv (bsc#1051510). - crypto: caam - fix caam_dump_sg that iterates through scatterlist (bsc#1051510). - crypto: ccm - fix incompatibility between 'ccm' and 'ccm_base' (bsc#1051510). - crypto: ccp - Do not free psp_master when PLATFORM_INIT fails (bsc#1051510). - crypto: chacha20poly1305 - set cra_name correctly (bsc#1051510). - crypto: crct10dif-generic - fix use via crypto_shash_digest() (bsc#1051510). - crypto: fips - Grammar s/options/option/, s/to/the/ (bsc#1051510). - crypto: gcm - fix incompatibility between 'gcm' and 'gcm_base' (bsc#1051510). - crypto: skcipher - do not WARN on unprocessed data after slow walk step (bsc#1051510). - crypto: sun4i-ss - Fix invalid calculation of hash end (bsc#1051510). - crypto: vmx - CTR: always increment IV as quadword (bsc#1051510). - crypto: vmx - fix copy-paste error in CTR mode (bsc#1051510). - crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661, bsc#1137162). - crypto: vmx - return correct error code on failed setkey (bsc#1135661, bsc#1137162). - crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest() (bsc#1051510). - dccp: Fix memleak in __feat_register_sp (bsc#1051510). - dccp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28). - debugfs: fix use-after-free on symlink traversal (bsc#1051510). - devres: Align data[] to ARCH_KMALLOC_MINALIGN (bsc#1051510). - dmaengine: axi-dmac: Do not check the number of frames for alignment (bsc#1051510). - dmaengine: tegra210-dma: free dma controller in remove() (bsc#1051510). - documentation: Add MDS vulnerability documentation (bsc#1135642). - drivers: acpi: add dependency of EFI for arm64 (bsc#1117158). - drm/bridge: adv7511: Fix low refresh rate selection (bsc#1051510). - drm/etnaviv: lock MMU while dumping core (bsc#1113722) - drm/fb-helper: dpms_legacy(): Only set on connectors in use (bsc#1051510). - drm/i915/fbc: disable framebuffer compression on GeminiLake (bsc#1051510). - drm/i915/gvt: Fix cmd length of VEB_DI_IECP (bsc#1113722) - drm/i915/gvt: Fix incorrect mask of mmio 0x22028 in gen8/9 mmio list (bnc#1113722) - drm/i915/gvt: Tiled Resources mmios are in-context mmios for gen9+ (bsc#1113722) - drm/i915/gvt: add 0x4dfc to gen9 save-restore list (bsc#1113722) - drm/i915/gvt: do not let TRTTE and 0x4dfc write passthrough to hardware (bsc#1051510). - drm/i915/gvt: refine ggtt range validation (bsc#1113722) - drm/i915: Disable LP3 watermarks on all SNB machines (bsc#1051510). - drm/i915: Downgrade Gen9 Plane WM latency error (bsc#1051510). - drm/i915: Fix I915_EXEC_RING_MASK (bsc#1051510). - drm/imx: do not skip DP channel disable for background plane (bsc#1051510). - drm/mediatek: fix possible object reference leak (bsc#1051510). - drm/meson: add size and alignment requirements for dumb buffers (bnc#1113722) - drm/nouveau/i2c: Disable i2c bus access after ->fini() (bsc#1113722) - drm/rockchip: fix for mailbox read validation (bsc#1051510). - drm/rockchip: shutdown drm subsystem on shutdown (bsc#1051510). - drm/sun4i: rgb: Change the pixel clock validation check (bnc#1113722) - drm/ttm: Remove warning about inconsistent mapping information (bnc#1131488) - drm/vmwgfx: Do not send drm sysfs hotplug events on initial master set (bsc#1051510). - drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() (bsc#1113722) - drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read (bsc#1051510). - dt-bindings: clock: r8a7795: Remove CSIREF clock (bsc#1120902). - dt-bindings: clock: r8a7796: Remove CSIREF clock (bsc#1120902). - dt-bindings: net: Add binding for the external clock for TI WiLink (bsc#1085535). - dt-bindings: net: Fix a typo in the phy-mode list for ethernet bindings (bsc#1129770). - dt-bindings: rtc: sun6i-rtc: Fix register range in example (bsc#1120902). - dwc2: gadget: Fix completed transfer size calculation in DDMA (bsc#1051510). - efi/arm: Defer persistent reservations until after paging_init() (bsc#1117158). - efi/arm: Do not mark acpi reclaim memory as MEMBLOCK_NOMAP (bsc#1117158 bsc#1115688 bsc#1120566). - efi/arm: Revert 'Defer persistent reservations until after paging_init()' (bsc#1117158). - efi/arm: Revert deferred unmap of early memmap mapping (bsc#1117158). - efi/arm: libstub: add a root memreserve config table (bsc#1117158). - efi/arm: map UEFI memory map even w/o runtime services enabled (bsc#1117158). - efi/arm: preserve early mapping of UEFI memory map longer for BGRT (bsc#1117158). - efi: Permit calling efi_mem_reserve_persistent() from atomic context (bsc#1117158). - efi: Permit multiple entries in persistent memreserve data structure (bsc#1117158). - efi: Prevent GICv3 WARN() by mapping the memreserve table before first use (bsc#1117158). - efi: Reduce the amount of memblock reservations for persistent allocations (bsc#1117158). - efi: add API to reserve memory persistently across kexec reboot (bsc#1117158). - efi: honour memory reservations passed via a linux specific config table (bsc#1117158). - ext4: Do not warn when enabling DAX (bsc#1132894). - ext4: actually request zeroing of inode table after grow (bsc#1135315). - ext4: avoid panic during forced reboot due to aborted journal (bsc#1126356). - ext4: fix data corruption caused by overlapping unaligned and aligned IO (bsc#1136428). - ext4: fix ext4_show_options for file systems w/o journal (bsc#1135316). - ext4: fix use-after-free race with debug_want_extra_isize (bsc#1135314). - ext4: make sanity check in mballoc more strict (bsc#1136439). - ext4: wait for outstanding dio during truncate in nojournal mode (bsc#1136438). - fbdev: fix WARNING in __alloc_pages_nodemask bug (bsc#1113722) - fbdev: fix divide error in fb_var_to_videomode (bsc#1113722) - firmware: efi: factor out mem_reserve (bsc#1117158 bsc#1134671). - fix rtnh_ok() (git-fixes). - fs/sync.c: sync_file_range(2) may use WB_SYNC_ALL writeback (bsc#1136432). - fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount (bsc#1136435). - ftrace/x86_64: Emulate call function while updating in breakpoint handler (bsc#1099658). - genetlink: Fix a memory leak on error path (networking-stable-19_03_28). - ghes, EDAC: Fix ghes_edac registration (bsc#1133176). - gpio: aspeed: fix a potential NULL pointer dereference (bsc#1051510). - gpu: ipu-v3: dp: fix CSC handling (bsc#1051510). - hid: debug: fix race condition with between rdesc_show() and device removal (bsc#1051510). - hid: input: add mapping for 'Toggle Display' key (bsc#1051510). - hid: input: add mapping for Assistant key (bsc#1051510). - hid: input: add mapping for Expose/Overview key (bsc#1051510). - hid: input: add mapping for keyboard Brightness Up/Down/Toggle keys (bsc#1051510). - hid: logitech: check the return value of create_singlethread_workqueue (bsc#1051510). - hwmon: (f71805f) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (pc87427) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (vt1211) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses (bsc#1051510). - ibmvnic: Add device identification to requested IRQs (bsc#1137739). - ibmvnic: Do not close unopened driver during reset (bsc#1137752). - ibmvnic: Fix unchecked return codes of memory allocations (bsc#1137752). - ibmvnic: Refresh device multicast list after reset (bsc#1137752). - ibmvnic: remove set but not used variable 'netdev' (bsc#1137739). - igmp: fix incorrect unsolicit report count when join group (git-fixes). - iio: adc: xilinx: fix potential use-after-free on remove (bsc#1051510). - indirect call wrappers: helpers to speed-up indirect calls of builtin (bsc#1124503). - inetpeer: fix uninit-value in inet_getpeer (git-fixes). - input: elan_i2c - add hardware ID for multiple Lenovo laptops (bsc#1051510). - input: introduce KEY_ASSISTANT (bsc#1051510). - input: synaptics-rmi4 - fix possible double free (bsc#1051510). - intel_th: msu: Fix single mode with IOMMU (bsc#1051510). - intel_th: pci: Add Comet Lake support (bsc#1051510). - iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel (bsc#1117158). - iommu/arm-smmu-v3: Do not disable SMMU in kdump kernel (bsc#1117158 bsc#1134671). - iommu/vt-d: Do not request page request irq under dmar_global_lock (bsc#1135006). - iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU (bsc#1135007). - iommu/vt-d: Set intel_iommu_gfx_mapped correctly (bsc#1135008). - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type (networking-stable-19_04_10). - ip6_tunnel: collect_md xmit: Use ip_tunnel_key's provided src address (git-fixes). - ip_gre: fix parsing gre header in ipgre_err (git-fixes). - ip_tunnel: Fix name string concatenate in __ip_tunnel_create() (git-fixes). - ipconfig: Correctly initialise ic_nameservers (bsc#1051510). - ipmi:ssif: compare block number correctly for multi-part return messages (bsc#1051510). - ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled (git-fixes). - ipv4: add sanity checks in ipv4_link_failure() (git-fixes). - ipv4: ensure rcu_read_lock() in ipv4_link_failure() (networking-stable-19_04_19). - ipv4: ip_do_fragment: Preserve skb_iif during fragmentation (networking-stable-19_05_04). - ipv4: recompile ip options in ipv4_link_failure (networking-stable-19_04_19). - ipv4: set the tcp_min_rtt_wlen range from 0 to one day (networking-stable-19_04_30). - ipv6/flowlabel: wait rcu grace period before put_pid() (git-fixes). - ipv6: fix cleanup ordering for ip6_mr failure (git-fixes). - ipv6: fix cleanup ordering for pingv6 registration (git-fixes). - ipv6: invert flowlabel sharing check in process and user mode (git-fixes). - ipv6: mcast: fix unsolicited report interval after receiving querys (git-fixes). - ipvlan: Add the skb->mark as flow4's member to lookup route (bsc#1051510). - ipvlan: fix ipv6 outbound device (bsc#1051510). - ipvlan: use ETH_MAX_MTU as max mtu (bsc#1051510). - ipvs: Fix signed integer overflow when setsockopt timeout (bsc#1051510). - ipvs: call ip_vs_dst_notifier earlier than ipv6_dev_notf (git-fixes). - ipvs: fix buffer overflow with sync daemon and service (git-fixes). - ipvs: fix check on xmit to non-local addresses (git-fixes). - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() (bsc#1051510). - ipvs: fix rtnl_lock lockups caused by start_sync_thread (git-fixes). - ipvs: fix stats update from local clients (git-fixes). - iw_cxgb4: only allow 1 flush on user qps (bsc#1051510). - jbd2: check superblock mapped prior to committing (bsc#1136430). - kABI workaround for removed usb_interface.pm_usage_cnt field (bsc#1051510). - kABI workaround for snd_seq_kernel_client_enqueue() API changes (bsc#1051510). - kABI: protect dma-mapping.h include (kabi). - kABI: protect functions using struct net_generic (bsc#1130409 LTC#176346). - kABI: protect ip_options_rcv_srr (kabi). - kABI: protect struct mlx5_td (kabi). - kABI: protect struct pci_dev (kabi). - kABI: protect struct smc_ib_device (bsc#1130409 LTC#176346). - kABI: protect struct smc_link (bsc#1129857 LTC#176247). - kABI: protect struct smcd_dev (bsc#1130409 LTC#176346). - kabi: drop LINUX_Mib_TCPWQUEUETOOBIG snmp counter (bsc#1137586). - kabi: implement map_lookup_elem_sys_only in another way (bsc#1083647). - kabi: move sysctl_tcp_min_snd_mss to preserve struct net layout (bsc#1137586). - kernel/signal.c: trace_signal_deliver when signal_group_exit (git-fixes). - kernel/sys.c: prctl: fix false positive in validate_prctl_map() (git-fixes). - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv (bsc#1051510). - kernel/sysctl.c: fix out-of-bounds access when setting file-max (bsc#1051510). - keys: safe concurrent user->{session,uid}_keyring access (bsc#1135642). - kmsg: Update message catalog to latest ibM level (2019/03/08) (bsc#1128904 LTC#176078). - kmsg: Update message catalog to latest ibM level (2019/03/08) (bsc#1128905 LTC#176077). - kvm: Fix UAF in nested posted interrupt processing (bsc#1134199). - kvm: VMX: Zero out *all* general purpose registers after VM-Exit (bsc#1134202). - kvm: nVMX: Clear reserved bits of #DB exit qualification (bsc#1134200). - kvm: nVMX: restore host state in nested_vmx_vmexit for VMFail (bsc#1134201). - kvm: s390: fix memory overwrites when not using SCA entries (bsc#1136206). - kvm: s390: provide io interrupt kvm_stat (bsc#1136206). - kvm: s390: use created_vcpus in more places (bsc#1136206). - kvm: s390: vsie: fix 8k check for the itdba (bsc#1136206). - kvm: x86: Always use 32-bit SMRAM save state for 32-bit kernels (bsc#1134203). - kvm: x86: Do not clear EFER during SMM transitions for 32-bit vCPU (bsc#1134204). - kvm: x86: svm: make sure NMI is injected after nmi_singlestep (bsc#1134205). - l2tp: cleanup l2tp_tunnel_delete calls (bsc#1051510). - l2tp: filter out non-PPP sessions in pppol2tp_tunnel_ioctl() (git-fixes). - l2tp: fix missing refcount drop in pppol2tp_tunnel_ioctl() (git-fixes). - l2tp: only accept PPP sessions in pppol2tp_connect() (git-fixes). - l2tp: prevent pppol2tp_connect() from creating kernel sockets (git-fixes). - l2tp: revert 'l2tp: fix missing print session offset info' (bsc#1051510). - leds: avoid races with workqueue (bsc#1051510). - leds: pwm: silently error out on EPROBE_DEFER (bsc#1051510). - lib: add crc64 calculation routines (bsc#1130972). - lib: do not depend on linux headers being installed (bsc#1130972). - libata: fix using DMA buffers on stack (bsc#1051510). - linux/kernel.h: Use parentheses around argument in u64_to_user_ptr() (bsc#1051510). - livepatch: Convert error about unsupported reliable stacktrace into a warning (bsc#1071995). - livepatch: Remove custom kobject state handling (bsc#1071995). - livepatch: Remove duplicated code for early initialization (bsc#1071995). - lpfc: validate command in lpfc_sli4_scmd_to_wqidx_distr() (bsc#1129138). - mISDN: Check address length before reading address family (bsc#1051510). - mac80211: fix memory accounting with A-MSDU aggregation (bsc#1051510). - mac80211: fix unaligned access in mesh table hash function (bsc#1051510). - mac8390: Fix mmio access size probe (bsc#1051510). - md: fix invalid stored role for a disk (bsc#1051510). - media: atmel: atmel-isc: fix INIT_WORK misplacement (bsc#1051510). - media: cx18: update *pos correctly in cx18_read_pos() (bsc#1051510). - media: cx23885: check allocation return (bsc#1051510). - media: davinci-isif: avoid uninitialized variable use (bsc#1051510). - media: davinci/vpbe: array underflow in vpbe_enum_outputs() (bsc#1051510). - media: ivtv: update *pos correctly in ivtv_read_pos() (bsc#1051510). - media: omap_vout: potential buffer overflow in vidioc_dqbuf() (bsc#1051510). - media: ov2659: fix unbalanced mutex_lock/unlock (bsc#1051510). - media: pvrusb2: Prevent a buffer overflow (bsc#1129770). - media: serial_ir: Fix use-after-free in serial_ir_init_module (bsc#1051510). - media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame (bsc#1051510). - media: vivid: use vfree() instead of kfree() for dev->bitmap_cap (bsc#1051510). - media: wl128x: Fix an error code in fm_download_firmware() (bsc#1051510). - media: wl128x: prevent two potential buffer overflows (bsc#1051510). - memcg: make it work on sparse non-0-node systems (bnc#1133616). - memcg: make it work on sparse non-0-node systems kabi (bnc#1133616). - mlxsw: spectrum: Fix autoneg status in ethtool (networking-stable-19_04_30). - mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned addresses (bsc#1135330). - mm: Fix buggy backport leading to MAP_SYNC failures (bsc#1137372) - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (bnc#1012382). - mmc: block: Delete gendisk before cleaning up the request queue (bsc#1127616). - mmc: core: fix possible use after free of host (bsc#1051510). - mount: copy the port field into the cloned nfs_server structure (bsc#1136990). - mtd: docg3: Fix passing zero to 'PTR_ERR' warning in doc_probe_device (bsc#1051510). - mtd: docg3: fix a possible memory leak of mtd->name (bsc#1051510). - mtd: nand: omap: Fix comment in platform data using wrong Kconfig symbol (bsc#1051510). - mtd: part: fix incorrect format specifier for an unsigned long long (bsc#1051510). - mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary on read/write (bsc#1129770). - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935). - mwifiex: Fix mem leak in mwifiex_tm_cmd (bsc#1051510). - mwifiex: Fix possible buffer overflows at parsing bss descriptor - mwifiex: prevent an array overflow (bsc#1051510). - mwl8k: Fix rate_idx underflow (bsc#1051510). - neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit (git-fixes). - net-gro: Fix GRO flush when receiving a GSO packet (networking-stable-19_04_10). - net/ibmvnic: Remove tests of member address (bsc#1137739). - net/ibmvnic: Update MAC address settings after adapter reset (bsc#1134760). - net/ibmvnic: Update carrier state after link state change (bsc#1135100). - net/ipv4: defensive cipso option parsing (git-fixes). - net/ipv6: do not reinitialize ndev->cnf.addr_gen_mode on new inet6_dev (git-fixes). - net/ipv6: fix addrconf_sysctl_addr_gen_mode (git-fixes). - net/ipv6: propagate net.ipv6.conf.all.addr_gen_mode to devices (git-fixes). - net/ipv6: reserve room for IFLA_INET6_ADDR_GEN_MODE (git-fixes). - net/mlx5: Decrease default mr cache size (networking-stable-19_04_10). - net/mlx5e: Add a lock on tir list (networking-stable-19_04_10). - net/mlx5e: Fix error handling when refreshing TIRs (networking-stable-19_04_10). - net/mlx5e: Fix trailing semicolon (bsc#1075020). - net/mlx5e: IPoib, Reset QP after channels are closed (bsc#1075020). - net/mlx5e: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_04_30). - net/rose: fix unbound loop in rose_loopback_timer() (networking-stable-19_04_30). - net/sched: act_sample: fix divide by zero in the traffic path (networking-stable-19_04_10). - net/sched: do not dereference a->goto_chain to read the chain index (bsc#1064802 bsc#1066129). - net/sched: fix ->get helper of the matchall cls (networking-stable-19_04_10). - net/smc: add pnet table namespace support (bsc#1130409 LTC#176346). - net/smc: add smcd support to the pnet table (bsc#1130409 LTC#176346). - net/smc: allow 16 byte pnetids in netlink policy (bsc#1129857 LTC#176247). - net/smc: allow pci IDs as ib device names in the pnet table (bsc#1130409 LTC#176346). - net/smc: allow pnetid-less configuration (bsc#1130409 LTC#176346). - net/smc: call smc_cdc_msg_send() under send_lock (bsc#1129857 LTC#176247). - net/smc: check connections in smc_lgr_free_work (bsc#1129857 LTC#176247). - net/smc: check for ip prefix and subnet (bsc#1134607 LTC#177518). - net/smc: check port_idx of ib event (bsc#1129857 LTC#176247). - net/smc: cleanup for smcr_tx_sndbuf_nonempty (bsc#1130409 LTC#176346). - net/smc: cleanup of get vlan id (bsc#1134607 LTC#177518). - net/smc: code cleanup smc_listen_work (bsc#1134607 LTC#177518). - net/smc: consolidate function parameters (bsc#1134607 LTC#177518). - net/smc: correct state change for peer closing (bsc#1129857 LTC#176247). - net/smc: delete rkey first before switching to unused (bsc#1129857 LTC#176247). - net/smc: do not wait for send buffer space when data was already sent (bsc#1129857 LTC#176247). - net/smc: do not wait under send_lock (bsc#1129857 LTC#176247). - net/smc: fallback to TCP after connect problems (bsc#1134607 LTC#177518). - net/smc: fix a NULL pointer dereference (bsc#1134607 LTC#177518). - net/smc: fix another sizeof to int comparison (bsc#1129857 LTC#176247). - net/smc: fix byte_order for rx_curs_confirmed (bsc#1129848 LTC#176249). - net/smc: fix return code from FLUSH command (bsc#1134607 LTC#177518). - net/smc: fix sender_free computation (bsc#1129857 LTC#176247). - net/smc: fix smc_poll in SMC_INIT state (bsc#1129848 LTC#176249). - net/smc: fix use of variable in cleared area (bsc#1129857 LTC#176247). - net/smc: improve smc_conn_create reason codes (bsc#1134607 LTC#177518). - net/smc: improve smc_listen_work reason codes (bsc#1134607 LTC#177518). - net/smc: move code to clear the conn->lgr field (bsc#1129857 LTC#176247). - net/smc: move unhash before release of clcsock (bsc#1134607 LTC#177518). - net/smc: move wake up of close waiter (bsc#1129857 LTC#176247). - net/smc: no delay for free tx buffer wait (bsc#1129857 LTC#176247). - net/smc: nonblocking connect rework (bsc#1134607 LTC#177518). - net/smc: postpone release of clcsock (bsc#1129857 LTC#176247). - net/smc: preallocated memory for rdma work requests (bsc#1129857 LTC#176247). - net/smc: prevent races between smc_lgr_terminate() and smc_conn_free() (bsc#1129857 LTC#176247). - net/smc: propagate file from SMC to TCP socket (bsc#1134607 LTC#177518). - net/smc: recvmsg and splice_read should return 0 after shutdown (bsc#1129857 LTC#176247). - net/smc: reduce amount of status updates to peer (bsc#1129857 LTC#176247). - net/smc: reset cursor update required flag (bsc#1129857 LTC#176247). - net/smc: rework pnet table (bsc#1130409 LTC#176346). - net/smc: unlock LGR pending lock earlier for SMC-D (bsc#1129857 LTC#176247). - net/smc: use client and server LGR pending locks for SMC-R (bsc#1129857 LTC#176247). - net/smc: use device link provided in qp_context (bsc#1129857 LTC#176247). - net/smc: use smc_curs_copy() for SMC-D (bsc#1129857 LTC#176247). - net/smc: wait for pending work before clcsock release_sock (bsc#1134607 LTC#177518). - net: Fix a bug in removing queues from XPS map (git-fixes). - net: aquantia: fix rx checksum offload for UDP/TCP over IPv6 (networking-stable-19_03_28). - net: atm: Fix potential Spectre v1 vulnerabilities (networking-stable-19_04_19). - net: avoid skb_warn_bad_offload on IS_ERR (git-fixes). - net: do not keep lonely packets forever in the gro hash (git-fixes). - net: dsa: bcm_sf2: fix buffer overflow doing set_rxnfc (networking-stable-19_05_04). - net: dsa: legacy: do not unmask port bitmaps (git-fixes). - net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT (git-fixes). - net: ena: fix return value of ena_com_config_llq_info() (bsc#1111696 bsc#1117561). - net: ethtool: not call vzalloc for zero sized memory request (networking-stable-19_04_10). - net: fix uninit-value in __hw_addr_add_ex() (git-fixes). - net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv (networking-stable-19_04_19). - net: hns3: remove resetting check in hclgevf_reset_task_schedule (bsc#1104353 bsc#1135056). - net: initialize skb->peeked when cloning (git-fixes). - net: make skb_partial_csum_set() more robust against overflows (git-fixes). - net: phy: marvell: Fix buffer overrun with stats counters (networking-stable-19_05_04). - net: rds: exchange of 8K and 1M pool (networking-stable-19_04_30). - net: rose: fix a possible stack overflow (networking-stable-19_03_28). - net: socket: fix potential spectre v1 gadget in socketcall (git-fixes). - net: stmmac: fix memory corruption with large MTUs (networking-stable-19_03_28). - net: stmmac: move stmmac_check_ether_addr() to driver probe (networking-stable-19_04_30). - net: test tailroom before appending to linear skb (git-fixes). - net: thunderx: do not allow jumbo frames with XDP (networking-stable-19_04_19). - net: thunderx: raise XDP MTU to 1508 (networking-stable-19_04_19). - net: unbreak CONFIG_RETPOLINE=n builds (bsc#1124503). - net: use indirect call wrappers at GRO network layer (bsc#1124503). - net: use indirect call wrappers at GRO transport layer (bsc#1124503). - netfilter: bridge: Do not sabotage nf_hook calls from an l3mdev (git-fixes). - netfilter: bridge: ebt_among: add missing match size checks (git-fixes). - netfilter: bridge: ebt_among: add more missing match size checks (git-fixes). - netfilter: drop template ct when conntrack is skipped (git-fixes). - netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule (git-fixes). - netfilter: ebtables: handle string from userspace with care (git-fixes). - netfilter: ebtables: reject non-bridge targets (git-fixes). - netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel (git-fixes). - netfilter: nf_log: do not hold nf_log_mutex during user access (git-fixes). - netfilter: nf_log: fix uninit read in nf_log_proc_dostring (git-fixes). - netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v{4,6} (git-fixes). - netfilter: nf_tables: can't fail after linking rule into active rule list (git-fixes). - netfilter: nf_tables: check msg_type before nft_trans_set(trans) (git-fixes). - netfilter: nf_tables: fix NULL pointer dereference on nft_ct_helper_obj_dump() (git-fixes). - netfilter: nf_tables: fix leaking object reference count (git-fixes). - netfilter: nf_tables: release chain in flushing set (git-fixes). - netfilter: nft_compat: do not dump private area (git-fixes). - netfilter: x_tables: initialise match/target check parameter struct (git-fixes). - netlink: fix uninit-value in netlink_sendmsg (git-fixes). - nfs add module option to limit nfsv4 minor version (jsc#PM-231). - nfs: Enable nfsv4.2 support - jsc@PM-231 This requires a module parameter for nfsv4.2 to actually be available on SLE12 and SLE15-SP0 - nfsv4.x: always serialize open/close operations (bsc#1114893). - nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands (bsc#1051510). - nvme-rdma: fix possible free of a non-allocated async event buffer (bsc#1120423). - nvme: Do not remove namespaces during reset (bsc#1131673). - nvme: flush scan_work when resetting controller (bsc#1131673). - objtool: Fix function fallthrough detection (bsc#1058115). - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget (bsc#1136434). - ocfs2: turn on OCFS2_FS_STATS setting(bsc#1134393) We need to turn on OCFS2_FS_STATS kernel configuration setting, to fix bsc#1134393. - of: fix clang -Wunsequenced for be32_to_cpu() (bsc#1135642). - omapfb: add missing of_node_put after of_device_is_available (bsc#1051510). - openvswitch: add seqadj extension when NAT is used (bsc#1051510). - openvswitch: fix flow actions reallocation (bsc#1051510). - p54: drop device reference count if fails to enable device (bsc#1135642). - packet: fix reserve calculation (git-fixes). - packet: in packet_snd start writing at link layer allocation (git-fixes). - packet: refine ring v3 block size test to hold one frame (git-fixes). - packet: reset network header if packet shorter than ll reserved space (git-fixes). - packet: validate msg_namelen in send directly (git-fixes). - packets: Always register packet sk in the same order (networking-stable-19_03_28). - pci: Factor out pcie_retrain_link() function (git-fixes). - pci: Mark AMD Stoney Radeon R7 GPU ATS as broken (bsc#1051510). - pci: Mark Atheros AR9462 to avoid bus reset (bsc#1051510). - pci: Work around Pericom pcie-to-pci bridge Retrain Link erratum (git-fixes). - pci: endpoint: Use EPC's device in dma_alloc_coherent()/dma_free_coherent() (git-fixes). - phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode (bsc#1051510). - platform/x86: alienware-wmi: printing the wrong error code (bsc#1051510). - platform/x86: dell-rbtn: Add missing #include (bsc#1051510). - platform/x86: intel_pmc_ipc: adding error handling (bsc#1051510). - platform/x86: intel_punit_ipc: Revert 'Fix resource ioremap warning' (bsc#1051510). - platform/x86: pmc_atom: Add Lex 3I380D industrial PC to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Add several Beckhoff Automation boards to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Drop __initconst on dmi table (bsc#1051510). - platform/x86: sony-laptop: Fix unintentional fall-through (bsc#1051510). - power: supply: axp20x_usb_power: Fix typo in VBUS current limit macros (bsc#1051510). - power: supply: axp288_charger: Fix unchecked return value (bsc#1051510). - powerpc/eeh: Fix race with driver un/bind (bsc#1065729). - powerpc/msi: Fix NULL pointer access in teardown code (bsc#1065729). - powerpc/perf: Fix MMCRA corruption by bhrb_filter (bsc#1053043). - powerpc/powernv/idle: Restore IAMR after idle (bsc#1065729). - powerpc/process: Fix sparse address space warnings (bsc#1065729). - powerpc: Always initialize input array when calling epapr_hypercall() (bsc#1065729). - powerpc: Fix HMIs on big-endian with CONFIG_RELOCATABLE=y (bsc#1065729). - proc/kcore: do not bounds check against address 0 (bsc#1051510). - proc/sysctl: fix return error for proc_doulongvec_minmax() (bsc#1051510). - proc: revalidate kernel thread inodes to root:root (bsc#1051510). - ptrace: take into account saved_sigmask in PTRACE{GET,SET}SIGMASK (git-fixes). - pwm: Fix deadlock warning when removing PWM device (bsc#1051510). - pwm: meson: Consider 128 a valid pre-divider (bsc#1051510). - pwm: meson: Do not disable PWM when setting duty repeatedly (bsc#1051510). - pwm: meson: Use the spin-lock only to protect register modifications (bsc#1051510). - pwm: tiehrpwm: Update shadow register for disabling PWMs (bsc#1051510). - qla2xxx: allow irqbalance control in non-MQ mode (bsc#1128979). - qla2xxx: always allocate qla_tgt_wq (bsc#1131451). - qmi_wwan: add Olicard 600 (bsc#1051510). - rdma/hns: Fix bug that caused srq creation to fail (bsc#1104427 ). - rdma/rxe: Consider skb reserve space based on netdev of GID (bsc#1082387, bsc#1103992). - regulator: tps65086: Fix tps65086_ldoa1_ranges for selector 0xB (bsc#1051510). - rt2x00: do not increment sequence number while re-transmitting (bsc#1051510). - rtc: da9063: set uie_unsupported when relevant (bsc#1051510). - rtc: sh: Fix invalid alarm warning for non-enabled alarm (bsc#1051510). - rtlwifi: rtl8723ae: Fix missing break in switch statement (bsc#1051510). - rxrpc: Fix error reception on AF_INET6 sockets (git-fixes). - rxrpc: Fix transport sockopts to get IPv4 errors on an IPv6 socket (git-fixes). - s390/ism: ignore some errors during deregistration (bsc#1129857 LTC#176247). - s390/qdio: clear intparm during shutdown (bsc#1134597 LTC#177516). - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() (bsc#1051510). - sc16is7xx: move label 'err_spi' to correct section (bsc#1051510). - sc16is7xx: put err_spi and err_i2c into correct #ifdef (bsc#1051510). - scripts: override locale from environment when running recordmcount.pl (bsc#1134354). - scsi: qedf: fixup bit operations (bsc#1135542). - scsi: qedf: fixup locking in qedf_restart_rport() (bsc#1135542). - scsi: qedf: missing kref_put in qedf_xmit() (bsc#1135542). - scsi: qla2xxx: Declare local functions 'static' (bsc#1137444). - scsi: qla2xxx: Fix function argument descriptions (bsc#1118139). - scsi: qla2xxx: Fix memory corruption during hba reset test (bsc#1118139). - scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show (bsc#1132044). - scsi: qla2xxx: Improve several kernel-doc headers (bsc#1137444). - scsi: qla2xxx: Introduce a switch/case statement in qlt_xmit_tm_rsp() (bsc#1137444). - scsi: qla2xxx: Make qla2x00_sysfs_write_nvram() easier to analyze (bsc#1137444). - scsi: qla2xxx: Make sure that qlafx00_ioctl_iosb_entry() initializes 'res' (bsc#1137444). - scsi: qla2xxx: NULL check before some freeing functions is not needed (bsc#1137444). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1137444). - scsi: qla2xxx: Remove two arguments from qlafx00_error_entry() (bsc#1137444). - scsi: qla2xxx: Remove unused symbols (bsc#1118139). - scsi: qla2xxx: Split the __qla2x00_abort_all_cmds() function (bsc#1137444). - scsi: qla2xxx: Use %p for printing pointers (bsc#1118139). - scsi: qla2xxx: fix error message on qla2400 (bsc#1118139). - scsi: qla2xxx: fix spelling mistake: 'existant' -> 'existent' (bsc#1118139). - scsi: qla2xxx: fully convert to the generic DMA API (bsc#1137444). - scsi: qla2xxx: fx00 copypaste typo (bsc#1118139). - scsi: qla2xxx: remove the unused tcm_qla2xxx_cmd_wq (bsc#1118139). - scsi: qla2xxx: use lower_32_bits and upper_32_bits instead of reinventing them (bsc#1137444). - sctp: avoid running the sctp state machine recursively (networking-stable-19_05_04). - sctp: fix identification of new acks for SFR-CACC (git-fixes). - sctp: get sctphdr by offset in sctp_compute_cksum (networking-stable-19_03_28). - sctp: initialize _pad of sockaddr_in before copying to user memory (networking-stable-19_04_10). - sctp: only update outstanding_bytes for transmitted queue when doing prsctp_prune (git-fixes). - sctp: set frag_point in sctp_setsockopt_maxseg correctly` (git-fixes). - selinux: use kernel linux/socket.h for genheaders and mdp (bsc#1134810). - serial: 8250_pxa: honor the port number from devicetree (bsc#1051510). - serial: ar933x_uart: Fix build failure with disabled console (bsc#1051510). - serial: uartps: console_setup() can't be placed to init section (bsc#1051510). - signal: Always notice exiting tasks (git-fixes). - signal: Better detection of synchronous signals (git-fixes). - signal: Restore the stop PTRACE_EVENT_EXIT (git-fixes). - smc: move unhash as early as possible in smc_release() (bsc#1129857 LTC#176247). - soc/fsl/qe: Fix an error code in qe_pin_request() (bsc#1051510). - soc/tegra: pmc: Drop locking from tegra_powergate_is_powered() (bsc#1051510). - spi: Micrel eth switch: declare missing of table (bsc#1051510). - spi: ST ST95HF NFC: declare missing of table (bsc#1051510). - spi: a3700: Clear DATA_OUT when performing a read (bsc#1051510). - spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios (bsc#1051510). - spi: bcm2835aux: setup gpio-cs to output and correct level during setup (bsc#1051510). - spi: bcm2835aux: warn in dmesg that native cs is not really supported (bsc#1051510). - spi: rspi: Fix sequencer reset during initialization (bsc#1051510). - ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit (bsc#1051510). - staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc (bsc#1051510). - stm class: Fix an endless loop in channel allocation (bsc#1051510). - stm class: Fix channel free in stm output free path (bsc#1051510). - stm class: Prevent division by zero (bsc#1051510). - stmmac: pci: Adjust IOT2000 matching (networking-stable-19_04_30). - supported.conf: Add openvswitch to kernel-default-base (bsc#1124839). - supported.conf: Add openvswitch to kernel-default-base (bsc#1124839). - switchtec: Fix unintended mask of MRPC event (git-fixes). - tcp: Ensure DCTCP reacts to losses (networking-stable-19_04_10). - tcp: add tcp_min_snd_mss sysctl (bsc#1137586). - tcp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28). - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586). - tcp: limit payload size of sacked skbs (bsc#1137586). - tcp: purge write queue in tcp_connect_init() (git-fixes). - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586). - tcp: tcp_grow_window() needs to respect tcp_space() (networking-stable-19_04_19). - team: fix possible recursive locking when add slaves (networking-stable-19_04_30). - team: set slave to promisc if team is already in promisc mode (bsc#1051510). - thermal/int340x_thermal: Add additional UUIDs (bsc#1051510). - thermal/int340x_thermal: fix mode setting (bsc#1051510). - thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power (bsc#1051510). - thunderx: eliminate extra calls to put_page() for pages held for recycling (networking-stable-19_03_28). - thunderx: enable page recycling for non-XDP case (networking-stable-19_03_28). - tipc: fix hanging clients using poll with EPOLLOUT flag (git-fixes). - tipc: missing entries in name table of publications (networking-stable-19_04_19). - tools lib traceevent: Fix missing equality check for strcmp (bsc#1129770). - tracing: Fix partial reading of trace event's id file (bsc#1136573). - treewide: Use DEVICE_ATTR_WO (bsc#1137739). - tty: increase the default flip buffer limit to 2*640K (bsc#1051510). - tty: pty: Fix race condition between release_one_tty and pty_write (bsc#1051510). - tty: serial_core, add ->install (bnc#1129693). - tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if blankinterval == 0 (bsc#1051510). - tun: add a missing rcu_read_unlock() in error path (networking-stable-19_03_28). - tun: properly test for IFF_UP (networking-stable-19_03_28). - uas: fix alignment of scatter/gather segments (bsc#1129770). - udp: use indirect call wrappers for GRO socket lookup (bsc#1124503). - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour (bsc#1135323). - usb-storage: Set virt_boundary_mask to avoid SG overflows (bsc#1051510). - usb: cdc-acm: fix unthrottle races (bsc#1051510). - usb: core: Fix bug caused by duplicate interface PM usage counter (bsc#1051510). - usb: core: Fix unterminated string returned by usb_string() (bsc#1051510). - usb: dwc3: Fix default lpm_nyet_threshold value (bsc#1051510). - usb: gadget: net2272: Fix net2272_dequeue() (bsc#1051510). - usb: gadget: net2280: Fix net2280_dequeue() (bsc#1051510). - usb: gadget: net2280: Fix overrun of OUT messages (bsc#1051510). - usb: serial: f81232: fix interrupt worker not stop (bsc#1051510). - usb: serial: fix unthrottle races (bsc#1051510). - usb: u132-hcd: fix resource leak (bsc#1051510). - usb: usb251xb: fix to avoid potential NULL pointer dereference (bsc#1051510). - usb: usbip: fix isoc packet num validation in get_pipe (bsc#1051510). - usb: w1 ds2490: Fix bug caused by improper use of altsetting array (bsc#1051510). - usb: yurex: Fix protection fault after device removal (bsc#1051510). - userfaultfd: use RCU to free the task struct when fork fails (git-fixes). - vfio/mdev: Avoid release parent reference during error path (bsc#1051510). - vfio/mdev: Fix aborting mdev child device removal if one fails (bsc#1051510). - vfio/pci: use correct format characters (bsc#1051510). - vfio_pci: Enable memory accesses before calling pci_map_rom (bsc#1051510). - vhost/vsock: fix reset orphans race with close timeout (bsc#1051510). - vhost: reject zero size iova range (networking-stable-19_04_19). - virtio-blk: limit number of hw queues by nr_cpu_ids (bsc#1051510). - virtio: Honour 'may_reduce_num' in vring_create_virtqueue (bsc#1051510). - virtio_pci: fix a NULL pointer reference in vp_del_vqs (bsc#1051510). - vrf: check accept_source_route on the original netdevice (networking-stable-19_04_10). - vsock/virtio: Initialize core virtio vsock before registering the driver (bsc#1051510). - vsock/virtio: fix kernel panic after device hot-unplug (bsc#1051510). - vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock (bsc#1051510). - vsock/virtio: reset connected sockets on device removal (bsc#1051510). - vt: always call notifier with the console lock held (bsc#1051510). - vxlan: Do not call gro_cells_destroy() before device is unregistered (networking-stable-19_03_28). - x86/speculation/mds: Fix documentation typo (bsc#1135642). - x86_64: Add gap to int3 to allow for call emulation (bsc#1099658). - x86_64: Allow breakpoints to emulate call instructions (bsc#1099658). - xenbus: drop useless LIST_HEAD in xenbus_write_watch() and xenbus_file_write() (bsc#1065600). - xfrm6: avoid potential infinite loop in _decode_session6() (git-fixes). - xfrm6: call kfree_skb when skb is toobig (git-fixes). - xfrm: Fix stack-out-of-bounds read on socket policy lookup (git-fixes). - xfrm: Return error on unknown encap_type in init_state (git-fixes). - xfrm: Validate address prefix lengths in the xfrm selector (git-fixes). - xfrm: fix 'passing zero to ERR_PTR()' warning (git-fixes). - xfrm: fix missing dst_release() after policy blocking lbcast and multicast (git-fixes). - xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) (git-fixes). - xfrm: reset crypto_done when iterating over multiple input xfrms (git-fixes). - xfrm: reset transport header back to network header after all input transforms ahave been applied (git-fixes). - xfrm_user: prevent leaking 2 bytes of kernel memory (git-fixes). - xfs: add log item pinning error injection tag (bsc#1114427). - xfs: buffer lru reference count error injection tag (bsc#1114427). - xfs: check _btree_check_block value (bsc#1123663). - xfs: convert drop_writes to use the errortag mechanism (bsc#1114427). - xfs: create block pointer check functions (bsc#1123663). - xfs: create inode pointer verifiers (bsc#1114427). - xfs: detect and fix bad summary counts at mount (bsc#1114427). - xfs: export _inobt_btrec_to_irec and _ialloc_cluster_alignment for scrub (bsc#1114427). - xfs: export various function for the online scrubber (bsc#1123663). - xfs: expose errortag knobs via sysfs (bsc#1114427). - xfs: fix unused variable warning in xfs_buf_set_ref() (bsc#1114427). - xfs: force summary counter recalc at next mount (bsc#1114427). - xfs: kill meaningless variable 'zero' (bsc#1106011). - xfs: make errortag a per-mountpoint structure (bsc#1123663). - xfs: move error injection tags into their own file (bsc#1114427). - xfs: prepare xfs_break_layouts() for another layout type (bsc#1106011). - xfs: prepare xfs_break_layouts() to be called with XFS_MMAPLOCK_EXCL (bsc#1106011). - xfs: refactor btree block header checking functions (bsc#1123663). - xfs: refactor btree pointer checks (bsc#1123663). - xfs: refactor unmount record write (bsc#1114427). - xfs: remove unneeded parameter from XFS_TEST_ERROR (bsc#1123663). - xfs: remove xfs_zero_range (bsc#1106011). - xfs: rename MAXPATHLEN to XFS_SYMLINK_MAXLEN (bsc#1123663). - xfs: replace log_badcrc_factor knob with error injection tag (bsc#1114427). - xfs: sanity-check the unused space before trying to use it (bsc#1123663). - xfs: serialize unaligned dio writes against all other dio writes (bsc#1134936). Important SUSE bug 1012382 SUSE bug 1050242 SUSE bug 1051510 SUSE bug 1053043 SUSE bug 1056787 SUSE bug 1058115 SUSE bug 1063638 SUSE bug 1064802 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1066129 SUSE bug 1068546 SUSE bug 1071995 SUSE bug 1075020 SUSE bug 1082387 SUSE bug 1083647 SUSE bug 1085535 SUSE bug 1099658 SUSE bug 1103992 SUSE bug 1104353 SUSE bug 1104427 SUSE bug 1106011 SUSE bug 1106284 SUSE bug 1108838 SUSE bug 1110946 SUSE bug 1111696 SUSE bug 1112063 SUSE bug 1113722 SUSE bug 1114427 SUSE bug 1114893 SUSE bug 1115688 SUSE bug 1117158 SUSE bug 1117561 SUSE bug 1118139 SUSE bug 1119843 SUSE bug 1120091 SUSE bug 1120423 SUSE bug 1120566 SUSE bug 1120843 SUSE bug 1120902 SUSE bug 1122776 SUSE bug 1123454 SUSE bug 1123663 SUSE bug 1124503 SUSE bug 1124839 SUSE bug 1126356 SUSE bug 1127616 SUSE bug 1128052 SUSE bug 1128904 SUSE bug 1128905 SUSE bug 1128979 SUSE bug 1129138 SUSE bug 1129497 SUSE bug 1129693 SUSE bug 1129770 SUSE bug 1129848 SUSE bug 1129857 SUSE bug 1130409 SUSE bug 1130699 SUSE bug 1130972 SUSE bug 1131451 SUSE bug 1131488 SUSE bug 1131565 SUSE bug 1131673 SUSE bug 1132044 SUSE bug 1132894 SUSE bug 1133176 SUSE bug 1133188 SUSE bug 1133190 SUSE bug 1133320 SUSE bug 1133612 SUSE bug 1133616 SUSE bug 1134160 SUSE bug 1134162 SUSE bug 1134199 SUSE bug 1134200 SUSE bug 1134201 SUSE bug 1134202 SUSE bug 1134203 SUSE bug 1134204 SUSE bug 1134205 SUSE bug 1134354 SUSE bug 1134393 SUSE bug 1134459 SUSE bug 1134460 SUSE bug 1134461 SUSE bug 1134537 SUSE bug 1134591 SUSE bug 1134597 SUSE bug 1134607 SUSE bug 1134651 SUSE bug 1134671 SUSE bug 1134760 SUSE bug 1134806 SUSE bug 1134810 SUSE bug 1134813 SUSE bug 1134848 SUSE bug 1134936 SUSE bug 1135006 SUSE bug 1135007 SUSE bug 1135008 SUSE bug 1135056 SUSE bug 1135100 SUSE bug 1135120 SUSE bug 1135278 SUSE bug 1135281 SUSE bug 1135309 SUSE bug 1135312 SUSE bug 1135314 SUSE bug 1135315 SUSE bug 1135316 SUSE bug 1135320 SUSE bug 1135323 SUSE bug 1135330 SUSE bug 1135492 SUSE bug 1135542 SUSE bug 1135556 SUSE bug 1135603 SUSE bug 1135642 SUSE bug 1135661 SUSE bug 1135758 SUSE bug 1136206 SUSE bug 1136424 SUSE bug 1136428 SUSE bug 1136430 SUSE bug 1136432 SUSE bug 1136434 SUSE bug 1136435 SUSE bug 1136438 SUSE bug 1136439 SUSE bug 1136477 SUSE bug 1136478 SUSE bug 1136573 SUSE bug 1136586 SUSE bug 1136881 SUSE bug 1136935 SUSE bug 1136990 SUSE bug 1137151 SUSE bug 1137152 SUSE bug 1137153 SUSE bug 1137162 SUSE bug 1137372 SUSE bug 1137444 SUSE bug 1137586 SUSE bug 1137739 SUSE bug 1137752 CVE-2018-7191 CVE-2019-10124 CVE-2019-11085 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11486 CVE-2019-11487 CVE-2019-11815 CVE-2019-11833 CVE-2019-11884 CVE-2019-12382 CVE-2019-3846 CVE-2019-5489 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_16 fixes several issues. The following security issues were fixed: - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136446). - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586) - CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bsc#1133191). Important SUSE bug 1133191 SUSE bug 1136446 SUSE bug 1136935 SUSE bug 1137597 CVE-2019-11477 CVE-2019-11478 CVE-2019-11487 CVE-2019-3846 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-94_41 fixes several issues. The following security issues were fixed: - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136446). - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586) - CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bsc#1133191). - CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics may allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1135280). Important SUSE bug 1133191 SUSE bug 1135280 SUSE bug 1136446 SUSE bug 1136935 SUSE bug 1137597 CVE-2019-11085 CVE-2019-11477 CVE-2019-11478 CVE-2019-11487 CVE-2019-3846 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_3 fixes several issues. The following security issues were fixed: - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136446). - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586) - CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bsc#1133191). - CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics may allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1135280). Important SUSE bug 1133191 SUSE bug 1135280 SUSE bug 1136446 SUSE bug 1136935 SUSE bug 1137597 CVE-2019-11085 CVE-2019-11477 CVE-2019-11478 CVE-2019-11487 CVE-2019-3846 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_13 fixes several issues. The following security issues were fixed: - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136446). - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586) - CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bsc#1133191). Important SUSE bug 1133191 SUSE bug 1136446 SUSE bug 1136935 SUSE bug 1137597 CVE-2019-11477 CVE-2019-11478 CVE-2019-11487 CVE-2019-3846 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_6 fixes several issues. The following security issues were fixed: - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136446). - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586) - CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bsc#1133191). - CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics may allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1135280). Important SUSE bug 1133191 SUSE bug 1135280 SUSE bug 1136446 SUSE bug 1136935 SUSE bug 1137597 CVE-2019-11085 CVE-2019-11477 CVE-2019-11478 CVE-2019-11487 CVE-2019-3846 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-10638: A device could have been tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. (bnc#1140575) - CVE-2019-10639: Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image was exposed. This attack could have been carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic was trivial if the server answered ICMP Echo requests (ping). For client targets, if the target visited the attacker's web page, then WebRTC or gQUIC could be used to force UDP traffic to attacker-controlled IP addresses. (bnc#1140577) - CVE-2018-20836: A race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, could have lead to a use-after-free. (bnc#1134395) - CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (bnc#1133738) - CVE-2019-12614: An unchecked kstrdup might have allowed an attacker to cause denial of service (a NULL pointer dereference and system crash). (bnc#1137194) - CVE-2019-12819: The function __mdiobus_register() in drivers/net/phy/mdio_bus.c called put_device() which would trigger a fixed_mdio_bus_init use-after-free. This would cause a denial of service. (bnc#1138291) - CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may have returned NULL. If the caller did not check for this, it would trigger a NULL pointer dereference. This would cause denial of service. (bnc#1138293) The following non-security bugs were fixed: - 6lowpan: Off by one handling ->nexthdr (bsc#1051510). - acpi / property: fix handling of data_nodes in acpi_get_next_subnode() (bsc#1051510). - acpi: Add Hygon Dhyana support - af_key: unconditionally clone on broadcast (bsc#1051510). - alsa: firewire-lib/fireworks: fix miss detection of received MIDI messages (bsc#1051510). - alsa: firewire-motu: fix destruction of data for isochronous resources (bsc#1051510). - alsa: hda - Force polling mode on CNL for fixing codec communication (bsc#1051510). - alsa: hda/realtek - Change front mic location for Lenovo M710q (bsc#1051510). - alsa: hda/realtek - Set default power save node to 0 (bsc#1051510). - alsa: hda/realtek - Update headset mode for ALC256 (bsc#1051510). - alsa: hda/realtek: Add quirks for several Clevo notebook barebones (bsc#1051510). - alsa: line6: Fix write on zero-sized buffer (bsc#1051510). - alsa: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510). - alsa: seq: fix incorrect order of dest_client/dest_ports arguments (bsc#1051510). - alsa: usb-audio: fix sign unintended sign extension on left shifts (bsc#1051510). - apparmor: enforce nullbyte at end of tag string (bsc#1051510). - asoc: cs42xx8: Add regcache mask dirty (bsc#1051510). - asoc: eukrea-tlv320: fix a leaked reference by adding missing of_node_put (bsc#1051510). - asoc: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510). - asoc: fsl_sai: Update is_slave_mode with correct value (bsc#1051510). - asoc: fsl_utils: fix a leaked reference by adding missing of_node_put (bsc#1051510). - asoc: hdmi-codec: unlock the device on startup errors (bsc#1051510). - audit: fix a memory leak bug (bsc#1051510). - ax25: fix inconsistent lock state in ax25_destroy_timer (bsc#1051510). - batman-adv: allow updating DAT entry timeouts on incoming ARP Replies (bsc#1051510). - blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432). - blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637). - block: Fix a NULL pointer dereference in generic_make_request() (bsc#1139771). - bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328). - bluetooth: Replace the bluetooth fix with the upstream commit (bsc#1135556) - brcmfmac: convert dev_init_lock mutex to completion (bsc#1051510). - brcmfmac: fix Oops when bringing up interface during USB disconnect (bsc#1051510). - brcmfmac: fix WARNING during USB disconnect in case of unempty psq (bsc#1051510). - brcmfmac: fix missing checks for kmemdup (bsc#1051510). - brcmfmac: fix race during disconnect when USB completion is in progress (bsc#1051510). - can: af_can: Fix error path of can_init() (bsc#1051510). - can: flexcan: fix timeout when set small bitrate (bsc#1051510). - can: purge socket error queue on sock destruct (bsc#1051510). - ceph: flush dirty inodes before proceeding with remount (bsc#1140405). - cfg80211: fix memory leak of wiphy device name (bsc#1051510). - chardev: add additional check for minor range overlap (bsc#1051510). - clk: rockchip: Turn on 'aclk_dmac1' for suspend on rk3288 (bsc#1051510). - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider (bsc#1051510). - coresight: etb10: Fix handling of perf mode (bsc#1051510). - coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510). - cpu/topology: Export die_id (jsc#SLE-5454). - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ (). - cpufreq: Add Hygon Dhyana support (). - crypto: algapi - guard against uninitialized spawn list in crypto_remove_spawns (bsc#1133401). - crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510). - crypto: user - prevent operating on larval algorithms (bsc#1133401). - device core: Consolidate locking and unlocking of parent and device (bsc#1106383). - dm, dax: Fix detection of DAX support (bsc#1139782). - dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510). - doc: Cope with the deprecation of AutoReporter (bsc#1051510). - docs: Fix conf.py for Sphinx 2.0 (bsc#1135642). - documentation: Correct the possible MDS sysfs values (bsc#1135642). - drbd: Avoid Clang warning about pointless switch statment (bsc#1051510). - drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bsc#1051510). - drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510). - drbd: skip spurious timeout (ping-timeo) when failing promote (bsc#1051510). - driver core: Establish order of operations for device_add and device_del via bitflag (bsc#1106383). - driver core: Probe devices asynchronously instead of the driver (bsc#1106383). - drivers/base: Introduce kill_device() (bsc#1139865). - drivers/base: kABI fixes for struct device_private (bsc#1106383). - drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' (bsc#1051510). - drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() (bsc#1051510). - drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var (bsc#1051510). - drivers: thermal: tsens: Do not print error message on -EPROBE_DEFER (bsc#1051510). - drm/amdgpu: fix old fence check in amdgpu_fence_emit (bsc#1051510). - drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510). - drm/drv: Hold ref on parent device during drm_device lifetime (bsc#1051510). - drm/gma500/cdv: Check vbt config bits when detecting lvds panels (bsc#1051510). - drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510). - drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510). - drm/i915/sdvo: Implement proper HDMI audio support for SDVO (bsc#1051510). - drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration (bsc#1051510). - drm/radeon: prefer lower reference dividers (bsc#1051510). - drm: Wake up next in drm_read() chain if we are forced to putback the event (bsc#1051510). - edac, amd64: Add Hygon Dhyana support (). - edac/mc: Fix edac_mc_find() in case no device is found (bsc#1114279). - extcon: arizona: Disable mic detect if running when driver is removed (bsc#1051510). - ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995). - fuse: fallocate: fix return with locked inode (bsc#1051510). - fuse: fix writepages on 32bit (bsc#1051510). - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate (bsc#1051510). - genirq: Prevent use-after-free and work list corruption (bsc#1051510). - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bsc#1051510). - genwqe: Prevent an integer overflow in the ioctl (bsc#1051510). - gpio: Remove obsolete comment about gpiochip_free_hogs() usage (bsc#1051510). - gpio: fix gpio-adp5588 build errors (bsc#1051510). - hid: Wacom: switch Dell canvas into highres mode (bsc#1051510). - hid: input: fix a4tech horizontal wheel custom usage (bsc#1137429). - hid: logitech-hidpp: change low battery level threshold from 31 to 30 percent (bsc#1051510). - hid: logitech-hidpp: use RAP instead of FAP to get the protocol version (bsc#1051510). - hid: wacom: Add ability to provide explicit battery status info (bsc#1051510). - hid: wacom: Add support for 3rd generation Intuos BT (bsc#1051510). - hid: wacom: Add support for Pro Pen slim (bsc#1051510). - hid: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth (bsc#1051510). - hid: wacom: Do not report anything prior to the tool entering range (bsc#1051510). - hid: wacom: Do not set tool type until we're in range (bsc#1051510). - hid: wacom: Mark expected switch fall-through (bsc#1051510). - hid: wacom: Move HID fix for AES serial number into wacom_hid_usage_quirk (bsc#1051510). - hid: wacom: Move handling of HID quirks into a dedicated function (bsc#1051510). - hid: wacom: Properly handle AES serial number and tool type (bsc#1051510). - hid: wacom: Queue events with missing type/serial data for later processing (bsc#1051510). - hid: wacom: Remove comparison of u8 mode with zero and simplify (bsc#1051510). - hid: wacom: Replace touch_max fixup code with static touch_max definitions (bsc#1051510). - hid: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact (bsc#1051510). - hid: wacom: Support 'in range' for Intuos/Bamboo tablets where possible (bsc#1051510). - hid: wacom: Sync INTUOSP2_BT touch state after each frame if necessary (bsc#1051510). - hid: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 (bsc#1051510). - hid: wacom: convert Wacom custom usages to standard HID usages (bsc#1051510). - hid: wacom: fix mistake in printk (bsc#1051510). - hid: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0 (bsc#1051510). - hid: wacom: generic: Leave tool in prox until it completely leaves sense (bsc#1051510). - hid: wacom: generic: Refactor generic battery handling (bsc#1051510). - hid: wacom: generic: Report AES battery information (bsc#1051510). - hid: wacom: generic: Reset events back to zero when pen leaves (bsc#1051510). - hid: wacom: generic: Scale battery capacity measurements to percentages (bsc#1051510). - hid: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set (bsc#1051510). - hid: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range (bsc#1051510). - hid: wacom: generic: Support multiple tools per report (bsc#1051510). - hid: wacom: generic: Use generic codepath terminology in wacom_wac_pen_report (bsc#1051510). - hid: wacom: generic: add the 'Report Valid' usage (bsc#1051510). - hid: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510). - hwmon/coretemp: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - hwmon/coretemp: Support multi-die/package (jsc#SLE-5454). - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (). - hwmon: (core) add thermal sensors only if dev->of_node is present (bsc#1051510). - hwmon: (k10temp) 27C Offset needed for Threadripper2 (). - hwmon: (k10temp) Add Hygon Dhyana support (). - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics (). - hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs (). - hwmon: (k10temp) Add support for family 17h (). - hwmon: (k10temp) Add support for temperature offsets (). - hwmon: (k10temp) Add temperature offset for Ryzen 1900X (). - hwmon: (k10temp) Add temperature offset for Ryzen 2700X (). - hwmon: (k10temp) Correct model name for Ryzen 1600X (). - hwmon: (k10temp) Display both Tctl and Tdie (). - hwmon: (k10temp) Fix reading critical temperature register (). - hwmon: (k10temp) Make function get_raw_temp static (). - hwmon: (k10temp) Move chip specific code into probe function (). - hwmon: (k10temp) Only apply temperature offset if result is positive (). - hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh processors (). - hwmon: (k10temp) Use API function to access System Management Network (). - hwmon: (pmbus/core) Treat parameters as paged if on multiple pages (bsc#1051510). - hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify offset table (). - hwrng: omap - Set default quality (bsc#1051510). - i2c-piix4: Add Hygon Dhyana SMBus support (). - i2c: acorn: fix i2c warning (bsc#1135642). - i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr (bsc#1051510). - i2c: i801: Add support for Intel Comet Lake (jsc#SLE-5331). - ibmveth: Update ethtool settings to reflect virtual properties (bsc#1136157, LTC#177197). - iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion (bsc#1051510). - iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data (bsc#1051510). - iio: hmc5843: fix potential NULL pointer dereferences (bsc#1051510). - input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510). - input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD (bsc#1051510). - iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb() (bsc#1051510). - iwlwifi: pcie: do not crash on invalid RX interrupt (bsc#1051510). - kABI workaround for the new pci_dev.skip_bus_pm field addition (bsc#1051510). - kabi: x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - kabi: x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - kernel-binary: Use -c grep option in klp project detection. - kernel-binary: fix missing \ - kernel-binary: rpm does not support multiline condition - kernel-subpackage-spec: Add dummy package to ensure subpackages are rebuilt with kernel update (bsc#1106751). In factory packages are not rebuilt automatically so a dependency is needed on the old kernel to get a rebuild with the new kernel. THe subpackage itself cannot depend on the kernel so add another empty pacakge that does depend on it. - kmps: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137). - kmps: provide and conflict a kernel version specific KMP name (bsc#1127155, bsc#1109137). - kvm: PPC: Book3S HV: Avoid lockdep debugging in TCE realmode handlers (bsc#1061840). - kvm: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough interrupts (bsc#1061840). - kvm: PPC: Book3S: Protect memslots while validating user address (bsc#1061840). - kvm: PPC: Release all hardware TCE tables attached to a group (bsc#1061840). - kvm: PPC: Remove redundand permission bits removal (bsc#1061840). - kvm: PPC: Validate TCEs against preregistered memory page sizes (bsc#1061840). - kvm: PPC: Validate all tces before updating tables (bsc#1061840). - kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID (bsc#1114279). - kvm: x86: Include multiple indices with CPUID leaf 0x8000001d (bsc#1114279). - leds: avoid flush_work in atomic context (bsc#1051510). - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk (bsc#1051510). - libnvdimm, pfn: Fix over-trim in trim_pfn_device() (bsc#1140719). - libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865). - mISDN: make sure device name is NUL terminated (bsc#1051510). - mac80211/cfg80211: update bss channel on channel switch (bsc#1051510). - mac80211: Do not use stack memory with scatterlist for GMAC (bsc#1051510). - mac80211: Fix kernel panic due to use of txq after free (bsc#1051510). - mac80211: drop robust management frames from unknown TA (bsc#1051510). - mac80211: handle deauthentication/disassociation from TDLS peer (bsc#1051510). - media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() (bsc#1051510). - media: au0828: stop video streaming only when last user stops (bsc#1051510). - media: coda: clear error return value before picture run (bsc#1051510). - media: cpia2: Fix use-after-free in cpia2_exit (bsc#1051510). - media: go7007: avoid clang frame overflow warning with KASAN (bsc#1051510). - media: m88ds3103: serialize reset messages in m88ds3103_set_frontend (bsc#1051510). - media: ov2659: make S_FMT succeed even if requested format does not match (bsc#1051510). - media: saa7146: avoid high stack usage with clang (bsc#1051510). - media: smsusb: better handle optional alignment (bsc#1051510). - media: usb: siano: Fix false-positive 'uninitialized variable' warning (bsc#1051510). - media: usb: siano: Fix general protection fault in smsusb (bsc#1051510). - media: v4l2-ioctl: clear fields in s_parm (bsc#1051510). - mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L (bsc#1051510). - mfd: intel-lpss: Set the device in reset state when init (bsc#1051510). - mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values (bsc#1051510). - mfd: tps65912-spi: Add missing of table registration (bsc#1051510). - mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510). - mm: pagechage-limit: Calculate pagecache-limit based on node state (bsc#1136811) - mmc: core: Prevent processing SDIO IRQs when the card is suspended (bsc#1051510). - mmc: core: Verify SD bus width (bsc#1051510). - mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers (bsc#1051510). - mmc: mmci: Prevent polling for busy detection in IRQ context (bsc#1051510). - mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum A-009204 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC5 support (bsc#1051510). - mmc_spi: add a status check for spi_sync_locked (bsc#1051510). - module: Fix livepatch/ftrace module text permissions race (bsc#1071995). - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633). - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633). - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633). - nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814). - nfit/ars: Avoid stale ARS results (jsc#SLE-5433). - nfit/ars: Introduce scrub_flags (jsc#SLE-5433). - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642). - nvme-rdma: fix double freeing of async event data (bsc#1120423). - nvme-rdma: fix possible double free of controller async event buffer (bsc#1120423). - nvme: copy MTFA field from identify controller (bsc#1140715). - nvme: skip nvme_update_disk_info() if the controller is not live (bsc#1128432). - nvmem: Do not let a NULL cell_id for nvmem_cell_get() crash us (bsc#1051510). - nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510). - nvmem: core: fix read buffer in place (bsc#1051510). - nvmem: correct Broadcom OTP controller driver writes (bsc#1051510). - nvmem: imx-ocotp: Add i.MX7D timing write clock setup support (bsc#1051510). - nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510). - nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510). - nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function (bsc#1051510). - nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510). - nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510). - nvmem: imx-ocotp: Update module description (bsc#1051510). - nvmem: properly handle returned value nvmem_reg_read (bsc#1051510). - ocfs2: try to reuse extent block in dealloc without meta_alloc (bsc#1128902). - parport: Fix mem leak in parport_register_dev_model (bsc#1051510). - pci: PM: Avoid possible suspend-to-idle issue (bsc#1051510). - pci: PM: Skip devices in D0 for suspend-to-idle (bsc#1051510). - pci: rpadlpar: Fix leaked device_node references in add/remove paths (bsc#1051510). - perf tools: Add Hygon Dhyana support (). - perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/rapl: Cosmetic rename internal variables in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454). - platform/chrome: cros_ec_proto: check for NULL transfer function (bsc#1051510). - platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration (bsc#1051510). - pm/core: Propagate dev->power.wakeup_path when no callbacks (bsc#1051510). - power: supply: max14656: fix potential use-before-alloc (bsc#1051510). - power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510). - powercap/intel_rapl: Simplify rapl_find_package() (jsc#SLE-5454). - powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454). - powercap/intel_rapl: Update RAPL domain name and debug messages (jsc#SLE-5454). - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374, LTC#178199). - powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list (bsc#1137728, LTC#178106). - powerpc/perf: Add POWER9 alternate PM_RUN_CYC and PM_RUN_INST_CMPL events (bsc#1137728, LTC#178106). - powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199). - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199). - powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375, LTC#178204). - powerpc/rtas: retry when cpu offline races with suspend/migration (bsc#1140428, LTC#178808). - ppp: mppe: Add softdep to arc4 (bsc#1088047). - qlcnic: Avoid potential NULL pointer dereference (bsc#1051510). - qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510). - qmi_wwan: add network device usage statistics for qmimux devices (bsc#1051510). - qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510). - qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode (bsc#1051510). - qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510). - rapidio: fix a NULL pointer dereference when create_workqueue() fails (bsc#1051510). - ras/cec: Convert the timer callback to a workqueue (bsc#1114279). - ras/cec: Fix binary search function (bsc#1114279). - rpm/dtb.spec.in.in: Fix new include path Commit 89de3db69113d58cdab14d2c777de6080eac49dc ('rpm/dtb.spec.in.in: Update include path for dt-bindings') introduced an additional include path for 4.12. The commit message had it correct, but the spec file template lacked a path component, breaking the aarch64 build while succeeding on armv7hl. Fix that. - rpm/dtb.spec.in.in: Update include path for dt-bindings Kernels before 4.12 had arch/{arm,arm64}/boot/dts/include/ directories with a symlink to include/dt-bindings/. In 4.12 those include/ directories were dropped. Therefore use include/ directly. Additionally some cross-architecture .dtsi reuse was introduced, which requires scripts/dtc/include-prefixes/ that didn't exist on older kernels. - rpm/kernel-binary.spec.in: Add back kernel-binary-base subpackage (jsc#SLE-3853). - rpm/kernel-binary.spec.in: Build livepatch support in SUSE release projects (bsc#1124167). - rpm/kernel-subpackage-build: handle arm kernel zImage. - rpm/kernel-subpackage-spec: only provide firmware actually present in subpackage. - rpm/package-descriptions: fix typo in kernel-azure - rpm/post.sh: correct typo in err msg (bsc#1137625) - rpm: Add arm64 dtb-allwinner subpackage 4.10 added arch/arm64/boot/dts/allwinner/. - rpm: Add arm64 dtb-zte subpackage 4.9 added arch/arm64/boot/dts/zte/. - rtc: 88pm860x: prevent use-after-free on device remove (bsc#1051510). - rtc: do not reference bogus function pointer in kdoc (bsc#1051510). - rtlwifi: fix a potential NULL pointer dereference (bsc#1051510). - s390: fix booting problem (bsc#1140948). - s390/dasd: fix using offset into zero size array error (bsc#1051510). - s390/jump_label: Use 'jdd' constraint on gcc9 (bsc#1138589). - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event (bsc#1051510). - s390/qeth: fix race when initializing the IP address table (bsc#1051510). - s390/setup: fix early warning messages (bsc#1051510). - s390/virtio: handle find on invalid queue gracefully (bsc#1051510). - sbitmap: fix improper use of smp_mb__before_atomic() (bsc#1140658). - sched/topology: Improve load balancing on AMD EPYC (bsc#1137366). - scripts/git_sort/git_sort.py: add djbw/nvdimm nvdimm-pending. - scripts/git_sort/git_sort.py: add nvdimm/libnvdimm-fixes - scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390). - scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555). - scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555). - scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() (bsc#1140727). - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bsc#1140728). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296). - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove (bsc#1051510). - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bsc#1051510). - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bsc#1051510). - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) (bsc#1051510). - serial: sh-sci: disable DMA for uart_console (bsc#1051510). - smb3: Fix endian warning (bsc#1137884). - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher (bsc#1051510). - soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510). - spi : spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510). - spi: Fix zero length xfer bug (bsc#1051510). - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master (bsc#1051510). - spi: pxa2xx: Add support for Intel Comet Lake (jsc#SLE-5331). - spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510). - spi: spi-fsl-spi: call spi_finalize_current_message() at the end (bsc#1051510). - spi: tegra114: reset controller on probe (bsc#1051510). - staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest (bsc#1051510). - staging: vc04_services: prevent integer overflow in create_pagelist() (bsc#1051510). - staging: wlan-ng: fix adapter initialization failure (bsc#1051510). - svm: Add warning message for AVIC IPI invalid target (bsc#1140133). - svm: Fix AVIC incomplete IPI emulation (bsc#1140133). - sysctl: handle overflow in proc_get_long (bsc#1051510). - test_firmware: Use correct snprintf() limit (bsc#1135642). - thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - thermal/x86_pkg_temp_thermal: Support multi-die/package (jsc#SLE-5454). - thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510). - thunderbolt: Fix to check for kmemdup failure (bsc#1051510). - tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510). - tmpfs: fix uninitialized return value in shmem_link (bsc#1051510). - tools/cpupower: Add Hygon Dhyana support (). - topology: Create core_cpus and die_cpus sysfs attributes (jsc#SLE-5454). - topology: Create package_cpus sysfs attribute (jsc#SLE-5454). - tracing/snapshot: Resize spare buffer if size changed (bsc#1140726). - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler (bsc#1051510). - tty: ipwireless: fix missing checks for ioremap (bsc#1051510). - tty: max310x: Fix external crystal register setup (bsc#1051510). - tty: serial: msm_serial: Fix XON/XOFF (bsc#1051510). - usb: Add LPM quirk for Surface Dock GigE adapter (bsc#1051510). - usb: Fix chipmunk-like voice when using Logitech C270 for recording audio (bsc#1051510). - usb: Fix slab-out-of-bounds write in usb_get_bos_descriptor (bsc#1051510). - usb: chipidea: udc: workaround for endpoint conflict issue (bsc#1135642). - usb: core: Add PM runtime calls to usb_hcd_platform_shutdown (bsc#1051510). - usb: core: Do not unbind interfaces following device reset failure (bsc#1051510). - usb: dwc2: Fix DMA cache alignment issues (bsc#1051510). - usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression) (bsc#1135642). - usb: rio500: fix memory leak in close after disconnect (bsc#1051510). - usb: rio500: refuse more than one device at a time (bsc#1051510). - usb: serial: fix initial-termios handling (bsc#1135642). - usb: serial: option: add Telit 0x1260 and 0x1261 compositions (bsc#1051510). - usb: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode (bsc#1051510). - usb: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510). - usb: serial: pl2303: fix tranceiver suspend mode (bsc#1135642). - usb: sisusbvga: fix oops in error path of sisusb_probe (bsc#1051510). - usb: usb-storage: Add new ID to ums-realtek (bsc#1051510). - usb: xhci: avoid null pointer deref when bos field is NULL (bsc#1135642). - usbip: usbip_host: fix BUG: sleeping function called from invalid context (bsc#1051510). - usbip: usbip_host: fix stub_dev lock context imbalance regression (bsc#1051510). - usbnet: fix kernel crash after disconnect (bsc#1051510). - usbnet: ipheth: fix racing condition (bsc#1051510). - vfio: ccw: only free cp on final interrupt (bsc#1051510). - video: hgafb: fix potential NULL pointer dereference (bsc#1051510). - video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510). - virtio_console: initialize vtermno value for ports (bsc#1051510). - vlan: disable SIOCSHWTSTAMP in container (bsc#1051510). - vxlan: trivial indenting fix (bsc#1051510). - vxlan: use __be32 type for the param vni in __vxlan_fdb_delete (bsc#1051510). - w1: fix the resume command API (bsc#1051510). - watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510). - x86/CPU/AMD: Do not force the CPB cap when running under a hypervisor (bsc#1114279). - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors (). - x86/alternative: Init ideal_nops for Hygon Dhyana (). - x86/amd_nb: Add support for Raven Ridge CPUs (). - x86/amd_nb: Check vendor in AMD-only functions (). - x86/apic: Add Hygon Dhyana support (). - x86/bugs: Add Hygon Dhyana to the respective mitigation machinery (). - x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number (). - x86/cpu: Create Hygon Dhyana architecture support file (). - x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana (). - x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382). - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (jsc#SLE-5382). This changes definitions of some bits, but they are intended to be used only by the core, so hopefully, no KMP uses the definitions. - x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions (jsc#SLE-5382). - x86/events: Add Hygon Dhyana support to PMU infrastructure (). - x86/kvm: Add Hygon Dhyana support to KVM (). - x86/mce: Add Hygon Dhyana support to the MCA infrastructure (). - x86/mce: Do not disable MCA banks when offlining a CPU on AMD (). - x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279). - x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback (bsc#1114279). - x86/microcode: Fix microcode hotplug state (bsc#1114279). - x86/microcode: Fix the ancient deprecated microcode loading method (bsc#1114279). - x86/mm/mem_encrypt: Disable all instrumentation for early SME setup (bsc#1114279). - x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and northbridge (). - x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana (). - x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454). - x86/speculation/mds: Revert CPU buffer clear on double fault exit (bsc#1114279). - x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - x86/topology: Create topology_max_die_per_package() (jsc#SLE-5454). - x86/topology: Define topology_die_id() (jsc#SLE-5454). - x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - x86/xen: Add Hygon Dhyana support to Xen (). - xen/pciback: Do not disable PCI_COMMAND on PCI device reset (bsc#1065600). - xfs: do not clear imap_valid for a non-uptodate buffers (bsc#1138018). - xfs: do not look at buffer heads in xfs_add_to_ioend (bsc#1138013). - xfs: do not set the page uptodate in xfs_writepage_map (bsc#1138003). - xfs: do not use XFS_BMAPI_ENTRIRE in xfs_get_blocks (bsc#1137999). - xfs: do not use XFS_BMAPI_IGSTATE in xfs_map_blocks (bsc#1138005). - xfs: eof trim writeback mapping as soon as it is cached (bsc#1138019). - xfs: fix s_maxbytes overflow problems (bsc#1137996). - xfs: make xfs_writepage_map extent map centric (bsc#1138009). - xfs: minor cleanup for xfs_get_blocks (bsc#1138000). - xfs: move all writeback buffer_head manipulation into xfs_map_at_offset (bsc#1138014). - xfs: refactor the tail of xfs_writepage_map (bsc#1138016). - xfs: remove XFS_IO_INVALID (bsc#1138017). - xfs: remove the imap_valid flag (bsc#1138012). - xfs: remove unused parameter from xfs_writepage_map (bsc#1137995). - xfs: remove xfs_map_cow (bsc#1138007). - xfs: remove xfs_reflink_find_cow_mapping (bsc#1138010). - xfs: remove xfs_reflink_trim_irec_to_next_cow (bsc#1138006). - xfs: remove xfs_start_page_writeback (bsc#1138015). - xfs: rename the offset variable in xfs_writepage_map (bsc#1138008). - xfs: simplify xfs_map_blocks by using xfs_iext_lookup_extent directly (bsc#1138011). - xfs: skip CoW writes past EOF when writeback races with truncate (bsc#1137998). - xfs: xfs_reflink_convert_cow() memory allocation deadlock (bsc#1138002). - xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic() (bsc#1051510). - xhci: Use %zu for printing size_t type (bsc#1051510). - xhci: update bounce buffer with correct sg num (bsc#1051510). Important SUSE bug 1051510 SUSE bug 1061840 SUSE bug 1065600 SUSE bug 1071995 SUSE bug 1088047 SUSE bug 1094555 SUSE bug 1098633 SUSE bug 1106383 SUSE bug 1106751 SUSE bug 1109137 SUSE bug 1114279 SUSE bug 1119532 SUSE bug 1120423 SUSE bug 1124167 SUSE bug 1127155 SUSE bug 1128432 SUSE bug 1128902 SUSE bug 1128910 SUSE bug 1132154 SUSE bug 1132390 SUSE bug 1133401 SUSE bug 1133738 SUSE bug 1134303 SUSE bug 1134395 SUSE bug 1135296 SUSE bug 1135556 SUSE bug 1135642 SUSE bug 1136157 SUSE bug 1136811 SUSE bug 1136922 SUSE bug 1137103 SUSE bug 1137194 SUSE bug 1137221 SUSE bug 1137366 SUSE bug 1137429 SUSE bug 1137625 SUSE bug 1137728 SUSE bug 1137884 SUSE bug 1137995 SUSE bug 1137996 SUSE bug 1137998 SUSE bug 1137999 SUSE bug 1138000 SUSE bug 1138002 SUSE bug 1138003 SUSE bug 1138005 SUSE bug 1138006 SUSE bug 1138007 SUSE bug 1138008 SUSE bug 1138009 SUSE bug 1138010 SUSE bug 1138011 SUSE bug 1138012 SUSE bug 1138013 SUSE bug 1138014 SUSE bug 1138015 SUSE bug 1138016 SUSE bug 1138017 SUSE bug 1138018 SUSE bug 1138019 SUSE bug 1138291 SUSE bug 1138293 SUSE bug 1138374 SUSE bug 1138375 SUSE bug 1138589 SUSE bug 1138719 SUSE bug 1139751 SUSE bug 1139771 SUSE bug 1139782 SUSE bug 1139865 SUSE bug 1140133 SUSE bug 1140328 SUSE bug 1140405 SUSE bug 1140424 SUSE bug 1140428 SUSE bug 1140575 SUSE bug 1140577 SUSE bug 1140637 SUSE bug 1140658 SUSE bug 1140715 SUSE bug 1140719 SUSE bug 1140726 SUSE bug 1140727 SUSE bug 1140728 SUSE bug 1140814 SUSE bug 1140948 SUSE bug 821419 SUSE bug 945811 CVE-2018-16871 CVE-2018-20836 CVE-2019-10126 CVE-2019-10638 CVE-2019-10639 CVE-2019-11478 CVE-2019-11599 CVE-2019-12456 CVE-2019-12614 CVE-2019-12818 CVE-2019-12819 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-94_41 fixes several issues. The following security issues were fixed: - CVE-2019-11477: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-11478: Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136424). This update contains a regression fix for CVE-2019-11477 and CVE-2019-11478 (bsc#1140747). Important SUSE bug 1136446 SUSE bug 1137597 SUSE bug 1140747 CVE-2019-11477 CVE-2019-11478 CVE-2019-3846 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_3 fixes several issues. The following security issues were fixed: - CVE-2019-11477: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-11478: Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136424). This update contains a regression fix for CVE-2019-11477 and CVE-2019-11478 (bsc#1140747). Important SUSE bug 1136446 SUSE bug 1137597 SUSE bug 1140747 CVE-2019-11477 CVE-2019-11478 CVE-2019-3846 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_6 fixes several issues. The following security issues were fixed: - CVE-2019-11477: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-11478: Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136424). This update contains a regression fix for CVE-2019-11477 and CVE-2019-11478 (bsc#1140747). Important SUSE bug 1136446 SUSE bug 1137597 SUSE bug 1140747 CVE-2019-11477 CVE-2019-11478 CVE-2019-3846 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_13 fixes several issues. The following security issues were fixed: - CVE-2019-11477: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-11478: Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136424). This update contains a regression fix for CVE-2019-11477 and CVE-2019-11478 (bsc#1140747). Important SUSE bug 1136446 SUSE bug 1137597 SUSE bug 1140747 CVE-2019-11477 CVE-2019-11478 CVE-2019-3846 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_16 fixes several issues. The following security issues were fixed: - CVE-2019-11477: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-11478: Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136424). This update contains a regression fix for CVE-2019-11477 and CVE-2019-11478 (bsc#1140747). Important SUSE bug 1136446 SUSE bug 1137597 SUSE bug 1140747 CVE-2019-11477 CVE-2019-11478 CVE-2019-3846 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_19 fixes one issue. The following security issue was fixed: This update contains a regression fix for CVE-2019-11478 (bsc#1140747). Important SUSE bug 1140747 CVE-2019-11478 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319). - CVE-2018-12232: In net/socket.c in the there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash (bnc#1097593). - CVE-2018-14625: A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (bnc#1106615). - CVE-2018-16862: A security flaw was found in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186). - CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946). - CVE-2018-18397: The userfaultfd implementation mishandled access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656). - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841). - CVE-2018-19854: An issue was discovered in the crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker did not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option) (bnc#1118428). - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). The following non-security bugs were fixed: - acpi / CPPC: Check for valid PCC subspace only if PCC is used (bsc#1117115). - acpi / CPPC: Update all pr_(debug/err) messages to log the susbspace id (bsc#1117115). - aio: fix spectre gadget in lookup_ioctx (bsc#1120594). - alsa: cs46xx: Potential NULL dereference in probe (bsc#1051510). - alsa: emu10k1: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - alsa: emux: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - alsa: fireface: fix for state to fetch PCM frames (bsc#1051510). - alsa: fireface: fix reference to wrong register for clock configuration (bsc#1051510). - alsa: firewire-lib: fix wrong assignment for 'out_packet_without_header' tracepoint (bsc#1051510). - alsa: firewire-lib: fix wrong handling payload_length as payload_quadlet (bsc#1051510). - alsa: firewire-lib: use the same print format for 'without_header' tracepoints (bsc#1051510). - alsa: hda: add mute LED support for HP EliteBook 840 G4 (bsc#1051510). - alsa: hda: Add support for AMD Stoney Ridge (bsc#1051510). - alsa: hda/ca0132 - make pci_iounmap() call conditional (bsc#1051510). - alsa: hda: fix front speakers on Huawei MBXP (bsc#1051510). - alsa: hda/realtek - Add support for Acer Aspire C24-860 headset mic (bsc#1051510). - alsa: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225 (bsc#1051510). - alsa: hda/realtek: ALC286 mic and headset-mode fixups for Acer Aspire U27-880 (bsc#1051510). - alsa: hda/realtek: ALC294 mic and headset-mode fixups for ASUS X542UN (bsc#1051510). - alsa: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX391UA with ALC294 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX433FN/UX333FA with ALC294 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX533FD with ALC294 (bsc#1051510). - alsa: hda/realtek: Enable the headset mic auto detection for ASUS laptops (bsc#1051510). - alsa: hda/realtek - Fixed headphone issue for ALC700 (bsc#1051510). - alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4660G (bsc#1051510). - alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4860G/Z6860G (bsc#1051510). - alsa: hda/realtek - Fix speaker output regression on Thinkpad T570 (bsc#1051510). - alsa: hda/realtek - Fix the mute LED regresion on Lenovo X1 Carbon (bsc#1051510). - alsa: hda/realtek - Support Dell headset mode for New AIO platform (bsc#1051510). - alsa: hda/tegra: clear pending irq handlers (bsc#1051510). - alsa: pcm: Call snd_pcm_unlink() conditionally at closing (bsc#1051510). - alsa: pcm: Fix interval evaluation with openmin/max (bsc#1051510). - alsa: pcm: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: pcm: Fix starvation on down_write_nonblock() (bsc#1051510). - alsa: rme9652: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: trident: Suppress gcc string warning (bsc#1051510). - alsa: usb-audio: Add SMSL D1 to quirks for native DSD support (bsc#1051510). - alsa: usb-audio: Add support for Encore mDSD USB DAC (bsc#1051510). - alsa: usb-audio: Avoid access before bLength check in build_audio_procunit() (bsc#1051510). - alsa: usb-audio: Fix an out-of-bound read in create_composite_quirks (bsc#1051510). - alsa: x86: Fix runtime PM for hdmi-lpe-audio (bsc#1051510). - apparmor: do not try to replace stale label in ptrace access check (git-fixes). - apparmor: do not try to replace stale label in ptraceme check (git-fixes). - apparmor: Fix uninitialized value in aa_split_fqname (git-fixes). - arm64: Add work around for Arm Cortex-A55 Erratum 1024718 (bsc#1120612). - arm64: atomics: Remove '&' from '+&' asm constraint in lse atomics (bsc#1120613). - arm64: cpu_errata: include required headers (bsc#1120615). - arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing (bsc#1120633). - arm64: Fix /proc/iomem for reserved but not memory regions (bsc#1120632). - arm64: lse: Add early clobbers to some input/output asm operands (bsc#1120614). - arm64: lse: remove -fcall-used-x0 flag (bsc#1120618). - arm64: mm: always enable CONFIG_HOLES_IN_ZONE (bsc#1120617). - arm64/numa: Report correct memblock range for the dummy node (bsc#1120620). - arm64/numa: Unify common error path in numa_init() (bsc#1120621). - arm64: remove no-op -p linker flag (bsc#1120616). - ASoC: dapm: Recalculate audio map forcely when card instantiated (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Clapper (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Gnawty (bsc#1051510). - ASoC: Intel: mrfld: fix uninitialized variable access (bsc#1051510). - ASoC: omap-abe-twl6040: Fix missing audio card caused by deferred probing (bsc#1051510). - ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE (bsc#1051510). - ASoC: omap-mcbsp: Fix latency value calculation for pm_qos (bsc#1051510). - ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE (bsc#1051510). - ASoC: rsnd: fixup clock start checker (bsc#1051510). - ASoC: wm_adsp: Fix dma-unsafe read of scratch registers (bsc#1051510). - ath10k: do not assume this is a PCI dev in generic code (bsc#1051510). - ath6kl: Only use match sets when firmware supports it (bsc#1051510). - b43: Fix error in cordic routine (bsc#1051510). - bcache: fix miss key refill->end in writeback (Git-fixes). - bcache: trace missed reading by cache_missed (Git-fixes). - Blacklist 5182f26f6f74 crypto: ccp - Make function sev_get_firmware() static - blk-mq: remove synchronize_rcu() from blk_mq_del_queue_tag_set() (Git-fixes). - block: allow max_discard_segments to be stacked (Git-fixes). - block: blk_init_allocated_queue() set q->fq as NULL in the fail case (Git-fixes). - block: really disable runtime-pm for blk-mq (Git-fixes). - block: reset bi_iter.bi_done after splitting bio (Git-fixes). - block/swim: Fix array bounds check (Git-fixes). - bnxt_en: do not try to offload VLAN 'modify' action (bsc#1050242 ). - bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request (bsc#1086282). - bnxt_en: Fix VNIC reservations on the PF (bsc#1086282 ). - bnxt_en: get the reduced max_irqs by the ones used by RDMA (bsc#1050242). - bpf: fix check of allowed specifiers in bpf_trace_printk (bsc#1083647). - bpf: use per htab salt for bucket hash (git-fixes). - btrfs: Always try all copies when reading extent buffers (git-fixes). - btrfs: delete dead code in btrfs_orphan_add() (bsc#1111469). - btrfs: delete dead code in btrfs_orphan_commit_root() (bsc#1111469). - btrfs: do not BUG_ON() in btrfs_truncate_inode_items() (bsc#1111469). - btrfs: do not check inode's runtime flags under root->orphan_lock (bsc#1111469). - btrfs: do not return ino to ino cache if inode item removal fails (bsc#1111469). - btrfs: fix ENOSPC caused by orphan items reservations (bsc#1111469). - btrfs: Fix error handling in btrfs_cleanup_ordered_extents (git-fixes). - btrfs: fix error handling in btrfs_truncate() (bsc#1111469). - btrfs: fix error handling in btrfs_truncate_inode_items() (bsc#1111469). - btrfs: fix fsync of files with multiple hard links in new directories (1120173). - btrfs: Fix memory barriers usage with device stats counters (git-fixes). - btrfs: fix use-after-free on root->orphan_block_rsv (bsc#1111469). - btrfs: get rid of BTRFS_INODE_HAS_ORPHAN_ITEM (bsc#1111469). - btrfs: get rid of unused orphan infrastructure (bsc#1111469). - btrfs: move btrfs_truncate_block out of trans handle (bsc#1111469). - btrfs: qgroup: Dirty all qgroups before rescan (bsc#1120036). - btrfs: refactor btrfs_evict_inode() reserve refill dance (bsc#1111469). - btrfs: renumber BTRFS_INODE_ runtime flags and switch to enums (bsc#1111469). - btrfs: reserve space for O_TMPFILE orphan item deletion (bsc#1111469). - btrfs: run delayed items before dropping the snapshot (bsc#1121263, bsc#1111188). - btrfs: stop creating orphan items for truncate (bsc#1111469). - btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875). - btrfs: update stale comments referencing vmtruncate() (bsc#1111469). - can: flexcan: flexcan_irq(): fix indention (bsc#1051510). - cdrom: do not attempt to fiddle with cdo->capability (bsc#1051510). - ceph: do not update importing cap's mseq when handing cap export (bsc#1121273). - char_dev: extend dynamic allocation of majors into a higher range (bsc#1121058). - char_dev: Fix off-by-one bugs in find_dynamic_major() (bsc#1121058). - clk: mmp: Off by one in mmp_clk_add() (bsc#1051510). - clk: mvebu: Off by one bugs in cp110_of_clk_get() (bsc#1051510). - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations (git-fixes). - config: arm64: enable erratum 1024718 - cpufeature: avoid warning when compiling with clang (Git-fixes). - cpufreq / CPPC: Add cpuinfo_cur_freq support for CPPC (bsc#1117115). - cpufreq: CPPC: fix build in absence of v3 support (bsc#1117115). - cpupower: remove stringop-truncation waring (git-fixes). - crypto: bcm - fix normal/non key hash algorithm failure (bsc#1051510). - crypto: ccp - Add DOWNLOAD_FIRMWARE SEV command (). - crypto: ccp - Add GET_ID SEV command (). - crypto: ccp - Add psp enabled message when initialization succeeds (). - crypto: ccp - Add support for new CCP/PSP device ID (). - crypto: ccp - Allow SEV firmware to be chosen based on Family and Model (). - crypto: ccp - Fix static checker warning (). - crypto: ccp - Remove unused #defines (). - crypto: ccp - Support register differences between PSP devices (). - dasd: fix deadlock in dasd_times_out (bsc#1121477, LTC#174111). - dax: Check page->mapping isn't NULL (bsc#1120054). - dax: Do not access a freed inode (bsc#1120055). - device property: Define type of PROPERTY_ENRTY_*() macros (bsc#1051510). - device property: fix fwnode_graph_get_next_endpoint() documentation (bsc#1051510). - disable stringop truncation warnings for now (git-fixes). - dm: allocate struct mapped_device with kvzalloc (Git-fixes). - dm cache: destroy migration_cache if cache target registration failed (Git-fixes). - dm cache: fix resize crash if user does not reload cache table (Git-fixes). - dm cache metadata: ignore hints array being too small during resize (Git-fixes). - dm cache metadata: save in-core policy_hint_size to on-disk superblock (Git-fixes). - dm cache metadata: set dirty on all cache blocks after a crash (Git-fixes). - dm cache: only allow a single io_mode cache feature to be requested (Git-fixes). - dm crypt: do not decrease device limits (Git-fixes). - dm: fix report zone remapping to account for partition offset (Git-fixes). - dm integrity: change 'suspending' variable from bool to int (Git-fixes). - dm ioctl: harden copy_params()'s copy_from_user() from malicious users (Git-fixes). - dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled (Git-fixes). - dm linear: fix linear_end_io conditional definition (Git-fixes). - dm thin: handle running out of data space vs concurrent discard (Git-fixes). - dm thin metadata: remove needless work from __commit_transaction (Git-fixes). - dm thin: stop no_space_timeout worker when switching to write-mode (Git-fixes). - dm writecache: fix a crash due to reading past end of dirty_bitmap (Git-fixes). - dm writecache: report start_sector in status line (Git-fixes). - dm zoned: fix metadata block ref counting (Git-fixes). - dm zoned: fix various dmz_get_mblock() issues (Git-fixes). - doc/README.SUSE: correct GIT url No more gitorious, github we use. - drivers/net/usb: add device id for TP-LINK UE300 USB 3.0 Ethernet (bsc#1119749). - drivers/net/usb/r8152: remove the unneeded variable 'ret' in rtl8152_system_suspend (bsc#1119749). - drivers/tty: add missing of_node_put() (bsc#1051510). - drm/amdgpu/gmc8: update MC firmware for polaris (bsc#1113722) - drm/amdgpu: update mc firmware image for polaris12 variants (bsc#1113722) - drm/amdgpu: update SMC firmware image for polaris10 variants (bsc#1113722) - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1113722) - drm/i915/execlists: Apply a full mb before execution for Braswell (bsc#1113722) - drm/ioctl: Fix Spectre v1 vulnerabilities (bsc#1113722) - drm/nouveau/kms: Fix memory leak in nv50_mstm_del() (bsc#1113722) - drm: rcar-du: Fix external clock error checks (bsc#1113722) - drm: rcar-du: Fix vblank initialization (bsc#1113722) - drm/rockchip: psr: do not dereference encoder before it is null (bsc#1113722) - drm: set is_master to 0 upon drm_new_set_master() failure (bsc#1113722) - drm/vc4: Set ->is_yuv to false when num_planes == 1 (bsc#1113722) - drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE (bsc#1113722) - dt-bindings: add compatible string for Allwinner V3s SoC (git-fixes). - dt-bindings: arm: Document SoC compatible value for Armadillo-800 EVA (git-fixes). - dt-bindings: clock: add rk3399 DDR3 standard speed bins (git-fixes). - dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4 (git-fixes). - dt-bindings: iio: update STM32 timers clock names (git-fixes). - dt-bindings: mfd: axp20x: Add AXP806 to supported list of chips (git-fixes). - dt-bindings: net: Remove duplicate NSP Ethernet MAC binding document (git-fixes). - dt-bindings: panel: lvds: Fix path to display timing bindings (git-fixes). - dt-bindings: phy: sun4i-usb-phy: Add property descriptions for H3 (git-fixes). - dt-bindings: pwm: renesas: tpu: Fix 'compatible' prop description (git-fixes). - dt-bindings: pwm: Update STM32 timers clock names (git-fixes). - dt-bindings: rcar-dmac: Document missing error interrupt (git-fixes). - efi: Move some sysfs files to be read-only by root (bsc#1051510). - ethernet: fman: fix wrong of_node_put() in probe function (bsc#1119017). - exportfs: fix 'passing zero to ERR_PTR()' warning (bsc#1118773). - ext2: fix potential use after free (bsc#1118775). - ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#1118760). - ext4: fix EXT4_IOC_GROUP_ADD ioctl (bsc#1120604). - ext4: fix possible use after free in ext4_quota_enable (bsc#1120602). - ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() (bsc#1120603). - extable: Consolidate *kernel_text_address() functions (bsc#1120092). - extable: Enable RCU if it is not watching in kernel_text_address() (bsc#1120092). - fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1113722) - fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1113722) - filesystem-dax: Fix dax_layout_busy_page() livelock (bsc#1118787). - firmware: add firmware_request_nowarn() - load firmware without warnings (). - Fix tracing sample code warning (git-fixes). - fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (Git-fixes). - fscache: Pass the correct cancelled indications to fscache_op_complete() (Git-fixes). - fs: fix lost error code in dio_complete (bsc#1118762). - fs/xfs: Use %pS printk format for direct addresses (git-fixes). - fuse: fix blocked_waitq wakeup (git-fixes). - fuse: fix leaked notify reply (git-fixes). - fuse: fix possibly missed wake-up after abort (git-fixes). - fuse: Fix use-after-free in fuse_dev_do_read() (git-fixes). - fuse: Fix use-after-free in fuse_dev_do_write() (git-fixes). - fuse: fix use-after-free in fuse_direct_IO() (git-fixes). - fuse: set FR_SENT while locked (git-fixes). - gcc-plugins: Add include required by GCC release 8 (git-fixes). - gcc-plugins: Use dynamic initializers (git-fixes). - gfs2: Do not leave s_fs_info pointing to freed memory in init_sbd (bsc#1118769). - gfs2: Fix loop in gfs2_rbm_find (bsc#1120601). - gfs2: Get rid of potential double-freeing in gfs2_create_inode (bsc#1120600). - gfs2_meta: ->mount() can get NULL dev_name (bsc#1118768). - gfs2: Put bitmap buffers in put_super (bsc#1118772). - gpio: davinci: Remove unused member of davinci_gpio_controller (git-fixes). - gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers (bsc#1051510). - gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (bsc#1051510). - gpio: max7301: fix driver for use with CONFIG_VMAP_STACK (bsc#1051510). - gpio: mvebu: only fail on missing clk if pwm is actually to be used (bsc#1051510). - hid: Add quirk for Primax PIXART OEM mice (bsc#1119410). - hid: input: Ignore battery reported by Symbol DS4308 (bsc#1051510). - hid: multitouch: Add pointstick support for Cirque Touchpad (bsc#1051510). - hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - i2c: axxia: properly handle master timeout (bsc#1051510). - i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node (bsc#1051510). - ib/hfi1: Add mtu check for operational data VLs (bsc#1060463 ). - ibmvnic: Convert reset work item mutex to spin lock (). - ibmvnic: Fix non-atomic memory allocation in IRQ context (). - ib/rxe: support for 802.1q VLAN on the listener (bsc#1082387). - ieee802154: 6lowpan: set IFLA_LINK (bsc#1051510). - ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510). - ieee802154: at86rf230: use __func__ macro for debug messages (bsc#1051510). - ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510). - Include modules.fips in kernel-binary as well as kernel-binary-base (). - initramfs: fix initramfs rebuilds w/ compression after disabling (git-fixes). - Input: add official Raspberry Pi's touchscreen driver (). - Input: cros_ec_keyb - fix button/switch capability reports (bsc#1051510). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR (bsc#1051510). - Input: elan_i2c - add ELAN0620 to the ACPI table (bsc#1051510). - Input: elan_i2c - add support for ELAN0621 touchpad (bsc#1051510). - Input: hyper-v - fix wakeup from suspend-to-idle (bsc#1051510). - Input: matrix_keypad - check for errors from of_get_named_gpio() (bsc#1051510). - Input: nomadik-ske-keypad - fix a loop timeout test (bsc#1051510). - Input: omap-keypad - fix keyboard debounce configuration (bsc#1051510). - Input: synaptics - add PNP ID for ThinkPad P50 to SMBus (bsc#1051510). - Input: synaptics - enable SMBus for HP 15-ay000 (bsc#1051510). - Input: xpad - quirk all PDP Xbox One gamepads (bsc#1051510). - integrity/security: fix digsig.c build error with header file (bsc#1051510). - intel_th: msu: Fix an off-by-one in attribute store (bsc#1051510). - iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105). - iommu/vt-d: Handle domain agaw being less than iommu agaw (bsc#1106105). - iwlwifi: add new cards for 9560, 9462, 9461 and killer series (bsc#1051510). - iwlwifi: fix LED command capability bit (bsc#1119086). - iwlwifi: fix non_shared_ant for 22000 devices (bsc#1119086). - iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE (bsc#1119086). - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT to old firmwares (bsc#1119086). - iwlwifi: nvm: get num of hw addresses from firmware (bsc#1119086). - iwlwifi: pcie: do not reset TXQ write pointer (bsc#1051510). - jffs2: free jffs2_sb_info through jffs2_kill_sb() (bsc#1118767). - jump_label: Split out code under the hotplug lock (bsc#1106913). - kabi: hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - kabi protect hnae_ae_ops (bsc#1104353). - kbuild: allow to use GCC toolchain not in Clang search path (git-fixes). - kbuild: fix linker feature test macros when cross compiling with Clang (git-fixes). - kbuild: make missing $DEPMOD a Warning instead of an Error (git-fixes). - kbuild: rpm-pkg: keep spec file until make mrproper (git-fixes). - kbuild: suppress packed-not-aligned warning for default setting only (git-fixes). - kbuild: verify that $DEPMOD is installed (git-fixes). - kdb: use memmove instead of overlapping memcpy (bsc#1120954). - kernfs: Replace strncpy with memcpy (bsc#1120053). - keys: Fix the use of the C++ keyword 'private' in uapi/linux/keyctl.h (Git-fixes). - kobject: Replace strncpy with memcpy (git-fixes). - kprobes: Make list and blacklist root user read only (git-fixes). - kvm: PPC: Book3S PR: Enable use on POWER9 inside HPT-mode guests (bsc#1118484). - libata: whitelist all SAMSUNG MZ7KM* solid-state disks (bsc#1051510). - libertas_tf: prevent underflow in process_cmdrequest() (bsc#1119086). - libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1118962). - libnvdimm, pmem: Fix badblocks population for 'raw' namespaces (bsc#1118788). - lib/raid6: Fix arm64 test build (bsc#1051510). - lib/ubsan.c: do not mark __ubsan_handle_builtin_unreachable as noreturn (bsc#1051510). - Limit max FW API version for QCA9377 (bsc#1121714, bsc#1121715). - linux/bitmap.h: fix type of nbits in bitmap_shift_right() (bsc#1051510). - locking/barriers: Convert users of lockless_dereference() to READ_ONCE() (Git-fixes). - locking/static_keys: Improve uninitialized key warning (bsc#1106913). - mac80211: Clear beacon_int in ieee80211_do_stop (bsc#1051510). - mac80211: fix reordering of buffered broadcast packets (bsc#1051510). - mac80211_hwsim: fix module init error paths for netlink (bsc#1051510). - mac80211_hwsim: Timer should be initialized before device registered (bsc#1051510). - mac80211: ignore NullFunc frames in the duplicate detection (bsc#1051510). - mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext (bsc#1051510). - Mark HI and TASKLET softirq synchronous (git-fixes). - md: fix raid10 hang issue caused by barrier (git-fixes). - media: em28xx: Fix use-after-free when disconnecting (bsc#1051510). - media: em28xx: make v4l2-compliance happier by starting sequence on zero (bsc#1051510). - media: omap3isp: Unregister media device as first (bsc#1051510). - mmc: bcm2835: reset host on timeout (bsc#1051510). - mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support (bsc#1051510). - mmc: core: Reset HPI enabled state during re-init and in case of errors (bsc#1051510). - mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl (bsc#1051510). - mmc: dw_mmc-bluefield: Add driver extension (bsc#1118752). - mmc: dw_mmc-k3: add sd support for hi3660 (bsc#1118752). - MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 (bsc#1051510). - mmc: omap_hsmmc: fix DMA API warning (bsc#1051510). - mmc: sdhci: fix the timeout check window for clock and reset (bsc#1051510). - mm: do not miss the last page because of round-off error (bnc#1118798). - mm: do not warn about large allocations for slab (git fixes (slab)). - mm/huge_memory.c: reorder operations in __split_huge_page_tail() (VM Functionality bsc#1119962). - mm/huge_memory: fix lockdep complaint on 32-bit i_size_read() (VM Functionality, bsc#1121599). - mm/huge_memory: rename freeze_page() to unmap_page() (VM Functionality, bsc#1121599). - mm/huge_memory: splitting set mapping+index before unfreeze (VM Functionality, bsc#1121599). - mm: hugetlb: yield when prepping struct pages (git fixes (memory initialisation)). - mm/khugepaged: collapse_shmem() do not crash on Compound (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() remember to clear holes (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() stop if punched or truncated (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() without freezing new_page (VM Functionality, bsc#1121599). - mm/khugepaged: fix crashes due to misaccounted holes (VM Functionality, bsc#1121599). - mm/khugepaged: minor reorderings in collapse_shmem() (VM Functionality, bsc#1121599). - mm: lower the printk loglevel for __dump_page messages (generic hotplug debugability). - mm, memory_hotplug: be more verbose for memory offline failures (generic hotplug debugability). - mm, memory_hotplug: drop pointless block alignment checks from __offline_pages (generic hotplug debugability). - mm, memory_hotplug: print reason for the offlining failure (generic hotplug debugability). - mm: migration: fix migration of huge PMD shared pages (bnc#1086423). - mm: only report isolation failures when offlining memory (generic hotplug debugability). - mm: print more information about mapping in __dump_page (generic hotplug debugability). - mm: put_and_wait_on_page_locked() while page is migrated (bnc#1109272). - mm: sections are not offlined during memory hotremove (bnc#1119968). - mm: shmem.c: Correctly annotate new inodes for lockdep (Git fixes: shmem). - mm/vmstat.c: fix NUMA statistics updates (git fixes). - Move dell_rbu fix to sorted section (bsc#1087978). - mtd: cfi: convert inline functions to macros (git-fixes). - mtd: Fix comparison in map_word_andequal() (git-fixes). - namei: allow restricted O_CREAT of FIFOs and regular files (bsc#1118766). - nbd: do not allow invalid blocksize settings (Git-fixes). - net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() (bsc#1051510). - net: dsa: mv88e6xxx: Fix binding documentation for MDIO busses (git-fixes). - net: dsa: qca8k: Add QCA8334 binding documentation (git-fixes). - net: ena: fix crash during ena_remove() (bsc#1111696 bsc#1117561). - net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1111696 bsc#1117561). - net: hns3: Add nic state check before calling netif_tx_wake_queue (bsc#1104353). - net: hns3: Add support for hns3_nic_netdev_ops.ndo_do_ioctl (bsc#1104353). - net: hns3: bugfix for buffer not free problem during resetting (bsc#1104353). - net: hns3: bugfix for handling mailbox while the command queue reinitialized (bsc#1104353). - net: hns3: bugfix for hclge_mdio_write and hclge_mdio_read (bsc#1104353). - net: hns3: bugfix for is_valid_csq_clean_head() (bsc#1104353 ). - net: hns3: bugfix for reporting unknown vector0 interrupt repeatly problem (bsc#1104353). - net: hns3: bugfix for rtnl_lock's range in the hclgevf_reset() (bsc#1104353). - net: hns3: bugfix for the initialization of command queue's spin lock (bsc#1104353). - net: hns3: Check hdev state when getting link status (bsc#1104353). - net: hns3: Clear client pointer when initialize client failed or unintialize finished (bsc#1104353). - net: hns3: Fix cmdq registers initialization issue for vf (bsc#1104353). - net: hns3: Fix error of checking used vlan id (bsc#1104353 ). - net: hns3: Fix ets validate issue (bsc#1104353). - net: hns3: Fix for netdev not up problem when setting mtu (bsc#1104353). - net: hns3: Fix for out-of-bounds access when setting pfc back pressure (bsc#1104353). - net: hns3: Fix for packet buffer setting bug (bsc#1104353 ). - net: hns3: Fix for rx vlan id handle to support Rev 0x21 hardware (bsc#1104353). - net: hns3: Fix for setting speed for phy failed problem (bsc#1104353). - net: hns3: Fix for vf vlan delete failed problem (bsc#1104353 ). - net: hns3: Fix loss of coal configuration while doing reset (bsc#1104353). - net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg() (bsc#1104353). - net: hns3: Fix ping exited problem when doing lp selftest (bsc#1104353). - net: hns3: Preserve vlan 0 in hardware table (bsc#1104353 ). - net: hns3: remove unnecessary queue reset in the hns3_uninit_all_ring() (bsc#1104353). - net: hns3: Set STATE_DOWN bit of hdev state when stopping net (bsc#1104353). - net/mlx4_core: Correctly set PFC param if global pause is turned off (bsc#1046299). - net: usb: r8152: constify usb_device_id (bsc#1119749). - net: usb: r8152: use irqsave() in USB's complete callback (bsc#1119749). - nospec: Allow index argument to have const-qualified type (git-fixes) - nospec: Kill array_index_nospec_mask_check() (git-fixes). - nvme-fc: resolve io failures during connect (bsc#1116803). - nvme-multipath: zero out ANA log buffer (bsc#1105168). - nvme: validate controller state before rescheduling keep alive (bsc#1103257). - objtool: Detect RIP-relative switch table references (bsc#1058115). - objtool: Detect RIP-relative switch table references, part 2 (bsc#1058115). - objtool: Fix another switch table detection issue (bsc#1058115). - objtool: Fix double-free in .cold detection error path (bsc#1058115). - objtool: Fix GCC 8 cold subfunction detection for aliased functions (bsc#1058115). - objtool: Fix 'noreturn' detection for recursive sibling calls (bsc#1058115). - objtool: Fix segfault in .cold detection with -ffunction-sections (bsc#1058115). - objtool: Support GCC 8's cold subfunctions (bsc#1058115). - objtool: Support GCC 8 switch tables (bsc#1058115). - panic: avoid deadlocks in re-entrant console drivers (bsc#1088386). - pci: Add ACS quirk for Ampere root ports (bsc#1120058). - pci: Add ACS quirk for APM X-Gene devices (bsc#1120058). - pci: Convert device-specific ACS quirks from NULL termination to ARRAY_SIZE (bsc#1120058). - pci: Delay after FLR of Intel DC P3700 NVMe (bsc#1120058). - pci: Disable Samsung SM961/PM961 NVMe before FLR (bsc#1120058). - pci: Export pcie_has_flr() (bsc#1120058). - pci: iproc: Activate PAXC bridge quirk for more devices (bsc#1120058). - pci: Mark Ceton InfiniTV4 INTx masking as broken (bsc#1120058). - pci: Mark fall-through switch cases before enabling -Wimplicit-fallthrough (bsc#1120058). - pci: Mark Intel XXV710 NIC INTx masking as broken (bsc#1120058). - perf tools: Fix tracing_path_mount proper path (git-fixes). - platform-msi: Free descriptors in platform_msi_domain_free() (bsc#1051510). - powerpc/64s: consolidate MCE counter increment (bsc#1094244). - powerpc/64s/radix: Fix process table entry cache invalidation (bsc#1055186, git-fixes). - powerpc/boot: Expose Kconfig symbols to wrapper (bsc#1065729). - powerpc/boot: Fix build failures with -j 1 (bsc#1065729). - powerpc/pkeys: Fix handling of pkey state across fork() (bsc#1078248, git-fixes). - powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle) (bsc#1055121). - powerpc/pseries: Track LMB nid instead of using device tree (bsc#1108270). - powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244). - power: supply: olpc_battery: correct the temperature units (bsc#1051510). - ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS (bsc#1106913). - qed: Add driver support for 20G link speed (bsc#1110558). - qed: Add support for virtual link (bsc#1111795). - qede: Add driver support for 20G link speed (bsc#1110558). - r8152: add byte_enable for ocp_read_word function (bsc#1119749). - r8152: add Linksys USB3GIGV1 id (bsc#1119749). - r8152: add r8153_phy_status function (bsc#1119749). - r8152: adjust lpm settings for RTL8153 (bsc#1119749). - r8152: adjust rtl8153_runtime_enable function (bsc#1119749). - r8152: adjust the settings about MAC clock speed down for RTL8153 (bsc#1119749). - r8152: adjust U2P3 for RTL8153 (bsc#1119749). - r8152: avoid rx queue more than 1000 packets (bsc#1119749). - r8152: check if disabling ALDPS is finished (bsc#1119749). - r8152: correct the definition (bsc#1119749). - r8152: disable RX aggregation on Dell TB16 dock (bsc#1119749). - r8152: disable RX aggregation on new Dell TB16 dock (bsc#1119749). - r8152: fix wrong checksum status for received IPv4 packets (bsc#1119749). - r8152: move calling delay_autosuspend function (bsc#1119749). - r8152: move the default coalesce setting for RTL8153 (bsc#1119749). - r8152: move the initialization to reset_resume function (bsc#1119749). - r8152: move the setting of rx aggregation (bsc#1119749). - r8152: replace napi_complete with napi_complete_done (bsc#1119749). - r8152: set rx mode early when linking on (bsc#1119749). - r8152: split rtl8152_resume function (bsc#1119749). - r8152: support new chip 8050 (bsc#1119749). - r8152: support RTL8153B (bsc#1119749). - rbd: whitelist RBD_FEATURE_OPERATIONS feature bit (Git-fixes). - rcu: Allow for page faults in NMI handlers (bsc#1120092). - rdma/bnxt_re: Add missing spin lock initialization (bsc#1050244 ). - rdma/bnxt_re: Avoid accessing the device structure after it is freed (bsc#1050244). - rdma/bnxt_re: Avoid NULL check after accessing the pointer (bsc#1086283). - rdma/bnxt_re: Fix system hang when registration with L2 driver fails (bsc#1086283). - rdma/hns: Bugfix pbl configuration for rereg mr (bsc#1104427 ). - rdma_rxe: make rxe work over 802.1q VLAN devices (bsc#1082387). - reset: remove remaining WARN_ON() in <linux/reset.h> (Git-fixes). - Revert commit ef9209b642f 'staging: rtl8723bs: Fix indenting errors and an off-by-one mistake in core/rtw_mlme_ext.c' (bsc#1051510). - Revert 'iommu/io-pgtable-arm: Check for v7s-incapable systems' (bsc#1106105). - Revert 'PCI/ASPM: Do not initialize link state when aspm_disabled is set' (bsc#1051510). - Revert 'scsi: lpfc: ls_rjt erroneus FLOGIs' (bsc#1119322). - ring-buffer: Allow for rescheduling when removing pages (bsc#1120238). - ring-buffer: Do no reuse reader page if still in use (bsc#1120096). - ring-buffer: Mask out the info bits when returning buffer page length (bsc#1120094). - rtc: hctosys: Add missing range error reporting (bsc#1051510). - rtc: m41t80: Correct alarm month range with RTC reads (bsc#1051510). - rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write (bsc#1051510). - rtc: snvs: Add timeouts to avoid kernel lockups (bsc#1051510). - rtl8xxxu: Fix missing break in switch (bsc#1051510). - s390/dasd: simplify locking in dasd_times_out (bsc#1104967,). - s390/kdump: Fix elfcorehdr size calculation (bsc#1117953, LTC#171112). - s390/kdump: Make elfcorehdr size calculation ABI compliant (bsc#1117953, LTC#171112). - s390/qeth: fix length check in SNMP processing (bsc#1117953, LTC#173657). - s390/qeth: remove outdated portname debug msg (bsc#1117953, LTC#172960). - s390/qeth: sanitize strings in debug messages (bsc#1117953, LTC#172960). - sbitmap: fix race in wait batch accounting (Git-fixes). - sched/core: Fix cpu.max vs. cpuhotplug deadlock (bsc#1106913). - sched/smt: Expose sched_smt_present static key (bsc#1106913). - sched/smt: Make sched_smt_present track topology (bsc#1106913). - sched, tracing: Fix trace_sched_pi_setprio() for deboosting (bsc#1120228). - scsi: lpfc: Cap NPIV vports to 256 (bsc#1118215). - scsi: lpfc: Correct code setting non existent bits in sli4 ABORT WQE (bsc#1118215). - scsi: lpfc: Correct topology type reporting on G7 adapters (bsc#1118215). - scsi: lpfc: Defer LS_ACC to FLOGI on point to point logins (bsc#1118215). - scsi: lpfc: Enable Management features for IF_TYPE=6 (bsc#1119322). - scsi: lpfc: Fix a duplicate 0711 log message number (bsc#1118215). - scsi: lpfc: fix block guard enablement on SLI3 adapters (bsc#1079935). - scsi: lpfc: Fix dif and first burst use in write commands (bsc#1118215). - scsi: lpfc: Fix discovery failures during port failovers with lots of vports (bsc#1118215). - scsi: lpfc: Fix driver release of fw-logging buffers (bsc#1118215). - scsi: lpfc: Fix kernel Oops due to null pring pointers (bsc#1118215). - scsi: lpfc: Fix panic when FW-log buffsize is not initialized (bsc#1118215). - scsi: lpfc: ls_rjt erroneus FLOGIs (bsc#1118215). - scsi: lpfc: refactor mailbox structure context fields (bsc#1118215). - scsi: lpfc: rport port swap discovery issue (bsc#1118215). - scsi: lpfc: update driver version to 12.0.0.9 (bsc#1118215). - scsi: lpfc: update manufacturer attribute to reflect Broadcom (bsc#1118215). - scsi: target: add emulate_pr backstore attr to toggle PR support (bsc#1091405). - scsi: target: drop unused pi_prot_format attribute storage (bsc#1091405). - scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bsc#1121483, LTC#174588). - shmem: introduce shmem_inode_acct_block (VM Functionality, bsc#1121599). - shmem: shmem_charge: verify max_block is not exceeded before inode update (VM Functionality, bsc#1121599). - skd: Avoid that module unloading triggers a use-after-free (Git-fixes). - skd: Submit requests to firmware before triggering the doorbell (Git-fixes). - soc: bcm2835: sync firmware properties with downstream () - spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode (bsc#1051510). - spi: bcm2835: Fix book-keeping of DMA termination (bsc#1051510). - spi: bcm2835: Fix race on DMA termination (bsc#1051510). - spi: bcm2835: Unbreak the build of esoteric configs (bsc#1051510). - splice: do not read more than available pipe space (bsc#1119212). - staging: bcm2835-camera: Abort probe if there is no camera (bsc#1051510). - staging: rtl8712: Fix possible buffer overrun (bsc#1051510). - staging: rtl8723bs: Add missing return for cfg80211_rtw_get_station (bsc#1051510). - staging: rts5208: fix gcc-8 logic error warning (bsc#1051510). - staging: wilc1000: fix missing read_write setting when reading data (bsc#1051510). - supported.conf: add raspberrypi-ts driver - supported.conf: whitelist bluefield eMMC driver - target/iscsi: avoid NULL dereference in CHAP auth error path (bsc#1117165). - target: se_dev_attrib.emulate_pr ABI stability (bsc#1091405). - team: no need to do team_notify_peers or team_mcast_rejoin when disabling port (bsc#1051510). - termios, tty/tty_baudrate.c: fix buffer overrun (bsc#1051510). - test_hexdump: use memcpy instead of strncpy (bsc#1051510). - tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset (bsc#1051510). - tools: hv: fcopy: set 'error' in case an unknown operation was requested (git-fixes). - Tools: hv: Fix a bug in the key delete code (git-fixes). - tools: hv: include string.h in hv_fcopy_daemon (git-fixes). - tools/lib/lockdep: Rename 'trywlock' into 'trywrlock' (bsc#1121973). - tools/power/cpupower: fix compilation with STATIC=true (git-fixes). - tools/power turbostat: fix possible sprintf buffer overflow (git-fixes). - tracing/blktrace: Fix to allow setting same value (Git-fixes). - tracing: Fix bad use of igrab in trace_uprobe.c (bsc#1120046). - tracing: Fix crash when freeing instances with event triggers (bsc#1120230). - tracing: Fix crash when it fails to alloc ring buffer (bsc#1120097). - tracing: Fix double free of event_trigger_data (bsc#1120234). - tracing: Fix missing return symbol in function_graph output (bsc#1120232). - tracing: Fix possible double free in event_enable_trigger_func() (bsc#1120235). - tracing: Fix possible double free on failure of allocating trace buffer (bsc#1120214). - tracing: Fix regex_match_front() to not over compare the test string (bsc#1120223). - tracing: Fix trace_pipe behavior for instance traces (bsc#1120088). - tracing: Remove RCU work arounds from stack tracer (bsc#1120092). - tracing/samples: Fix creation and deletion of simple_thread_fn creation (git-fixes). - tty: Do not hold ldisc lock in tty_reopen() if ldisc present (bsc#1051510). - tty: Do not return -EAGAIN in blocking read (bsc#1116040). - tty: do not set TTY_IO_ERROR flag if console port (bsc#1051510). - tty: serial: 8250_mtk: always resume the device in probe (bsc#1051510). - ubifs: Handle re-linking of inodes correctly while recovery (bsc#1120598). - ubifs-Handle-re-linking-of-inodes-correctly-while-re.patch: Fixup compilation failure due to different ubifs_assert() prototype. - udf: Allow mounting volumes with incorrect identification strings (bsc#1118774). - unifdef: use memcpy instead of strncpy (bsc#1051510). - usb: appledisplay: Add 27' Apple Cinema Display (bsc#1051510). - usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series (bsc#1051510). - usb: dwc2: host: use hrtimer for NAK retries (git-fixes). - usb: hso: Fix OOB memory access in hso_probe/hso_get_config_data (bsc#1051510). - usbip: vhci_hcd: check rhport before using in vhci_hub_control() (bsc#1090888). - usb: omap_udc: fix crashes on probe error and module removal (bsc#1051510). - usb: omap_udc: fix omap_udc_start() on 15xx machines (bsc#1051510). - usb: omap_udc: fix USB gadget functionality on Palm Tungsten E (bsc#1051510). - usb: omap_udc: use devm_request_irq() (bsc#1051510). - usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device (bsc#1051510). - usb: serial: option: add Fibocom NL668 series (bsc#1051510). - usb: serial: option: add GosunCn ZTE WeLink ME3630 (bsc#1051510). - usb: serial: option: add HP lt4132 (bsc#1051510). - usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) (bsc#1051510). - usb: serial: option: add Telit LN940 series (bsc#1051510). - usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() (bsc#1106110). - usb: usb-storage: Add new IDs to ums-realtek (bsc#1051510). - usb: xhci: fix uninitialized completion when USB3 port got wrong status (bsc#1051510). - usb: xhci: Prevent bus suspend if a port connect change or polling state is detected (bsc#1051510). - userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails (bsc#1118761). - userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (bsc#1118809). - v9fs_dir_readdir: fix double-free on p9stat_read error (bsc#1118771). - vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505). - watchdog/core: Add missing prototypes for weak functions (git-fixes). - wireless: airo: potential buffer overflow in sprintf() (bsc#1051510). - wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()' (bsc#1051510). - x86/bugs: Add AMD's SPEC_CTRL MSR usage (bsc#1106913). - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bsc#1106913). - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features (bsc#1106913). - x86/decoder: Fix and update the opcodes map (bsc#1058115). - x86/kabi: Fix cpu_tlbstate issue (bsc#1106913). - x86/l1tf: Show actual SMT state (bsc#1106913). - x86/mm: Fix decoy address handling vs 32-bit builds (bsc#1120606). - x86/pci: Add additional VMD device root ports to VMD AER quirk (bsc#1120058). - x86/pci: Add 'pci=big_root_window' option for AMD 64-bit windows (bsc#1120058). - x86/pci: Apply VMD's AERSID fixup generically (bsc#1120058). - x86/pci: Avoid AMD SB7xx EHCI USB wakeup defect (bsc#1120058). - x86/pci: Enable a 64bit BAR on AMD Family 15h (Models 00-1f, 30-3f, 60-7f) (bsc#1120058). - x86/pci: Enable AMD 64-bit window on resume (bsc#1120058). - x86/pci: Fix infinite loop in search for 64bit BAR placement (bsc#1120058). - x86/pci: Move and shrink AMD 64-bit window to avoid conflict (bsc#1120058). - x86/pci: Move VMD quirk to x86 fixups (bsc#1120058). - x86/pci: Only enable a 64bit BAR on single-socket AMD Family 15h (bsc#1120058). - x86/pci: Use is_vmd() rather than relying on the domain number (bsc#1120058). - x86/process: Consolidate and simplify switch_to_xtra() code (bsc#1106913). - x86/pti: Document fix wrong index (git-fixes). - x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support (bsc#1106913). - x86/retpoline: Remove minimal retpoline support (bsc#1106913). - x86/speculataion: Mark command line parser data __initdata (bsc#1106913). - x86/speculation: Add command line control for indirect branch speculation (bsc#1106913). - x86/speculation: Add prctl() control for indirect branch speculation (bsc#1106913). - x86/speculation: Add seccomp Spectre v2 user space protection mode (bsc#1106913). - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak (bsc#1106913). - x86/speculation: Avoid __switch_to_xtra() calls (bsc#1106913). - x86/speculation: Clean up spectre_v2_parse_cmdline() (bsc#1106913). - x86/speculation: Disable STIBP when enhanced IBRS is in use (bsc#1106913). - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1106913). - x86/speculation: Enable prctl mode for spectre_v2_user (bsc#1106913). - x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off (bnc#1114871). - x86/speculation: Mark string arrays const correctly (bsc#1106913). - x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (bsc#1106913). - x86/speculation: Prepare arch_smt_update() for PRCTL mode (bsc#1106913). - x86/speculation: Prepare for conditional IBPB in switch_mm() (bsc#1106913). - x86/speculation: Prepare for per task indirect branch speculation control (bsc#1106913). - x86/speculation: Prevent stale SPEC_CTRL msr content (bsc#1106913). - x86/speculation: Propagate information about RSB filling mitigation to sysfs (bsc#1106913). - x86/speculation: Provide IBPB always command line options (bsc#1106913). - x86/speculation: Remove unnecessary ret variable in cpu_show_common() (bsc#1106913). - x86/speculation: Rename SSBD update functions (bsc#1106913). - x86/speculation: Reorder the spec_v2 code (bsc#1106913). - x86/speculation: Reorganize speculation control MSRs update (bsc#1106913). - x86/speculation: Rework SMT state change (bsc#1106913). - x86/speculation: Split out TIF update (bsc#1106913). - x86/speculation: Unify conditional spectre v2 print functions (bsc#1106913). - x86/speculation: Update the TIF_SSBD comment (bsc#1106913). - xen/netfront: tolerate frags with no data (bnc#1119804). - xfs: Align compat attrlist_by_handle with native implementation (git-fixes). - xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621). - xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat (git-fixes). - xfs: xfs_buf: drop useless LIST_HEAD (git-fixes). - xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc (bsc#1117162). - xhci: Do not prevent USB2 bus suspend in state check intended for USB3 only (bsc#1051510). - xhci: Prevent U1/U2 link pm states if exit latency is too long (bsc#1051510). Important SUSE bug 1024718 SUSE bug 1046299 SUSE bug 1050242 SUSE bug 1050244 SUSE bug 1051510 SUSE bug 1055121 SUSE bug 1055186 SUSE bug 1058115 SUSE bug 1060463 SUSE bug 1065729 SUSE bug 1078248 SUSE bug 1079935 SUSE bug 1082387 SUSE bug 1083647 SUSE bug 1086282 SUSE bug 1086283 SUSE bug 1086423 SUSE bug 1087084 SUSE bug 1087978 SUSE bug 1088386 SUSE bug 1090888 SUSE bug 1091405 SUSE bug 1094244 SUSE bug 1097593 SUSE bug 1102875 SUSE bug 1102877 SUSE bug 1102879 SUSE bug 1102882 SUSE bug 1102896 SUSE bug 1103257 SUSE bug 1104353 SUSE bug 1104427 SUSE bug 1104967 SUSE bug 1105168 SUSE bug 1106105 SUSE bug 1106110 SUSE bug 1106615 SUSE bug 1106913 SUSE bug 1108270 SUSE bug 1109272 SUSE bug 1110558 SUSE bug 1111188 SUSE bug 1111469 SUSE bug 1111696 SUSE bug 1111795 SUSE bug 1112128 SUSE bug 1113722 SUSE bug 1114648 SUSE bug 1114871 SUSE bug 1116040 SUSE bug 1116336 SUSE bug 1116803 SUSE bug 1116841 SUSE bug 1117115 SUSE bug 1117162 SUSE bug 1117165 SUSE bug 1117186 SUSE bug 1117561 SUSE bug 1117656 SUSE bug 1117953 SUSE bug 1118215 SUSE bug 1118319 SUSE bug 1118428 SUSE bug 1118484 SUSE bug 1118505 SUSE bug 1118752 SUSE bug 1118760 SUSE bug 1118761 SUSE bug 1118762 SUSE bug 1118766 SUSE bug 1118767 SUSE bug 1118768 SUSE bug 1118769 SUSE bug 1118771 SUSE bug 1118772 SUSE bug 1118773 SUSE bug 1118774 SUSE bug 1118775 SUSE bug 1118787 SUSE bug 1118788 SUSE bug 1118798 SUSE bug 1118809 SUSE bug 1118962 SUSE bug 1119017 SUSE bug 1119086 SUSE bug 1119212 SUSE bug 1119322 SUSE bug 1119410 SUSE bug 1119714 SUSE bug 1119749 SUSE bug 1119804 SUSE bug 1119946 SUSE bug 1119962 SUSE bug 1119968 SUSE bug 1120036 SUSE bug 1120046 SUSE bug 1120053 SUSE bug 1120054 SUSE bug 1120055 SUSE bug 1120058 SUSE bug 1120088 SUSE bug 1120092 SUSE bug 1120094 SUSE bug 1120096 SUSE bug 1120097 SUSE bug 1120173 SUSE bug 1120214 SUSE bug 1120223 SUSE bug 1120228 SUSE bug 1120230 SUSE bug 1120232 SUSE bug 1120234 SUSE bug 1120235 SUSE bug 1120238 SUSE bug 1120594 SUSE bug 1120598 SUSE bug 1120600 SUSE bug 1120601 SUSE bug 1120602 SUSE bug 1120603 SUSE bug 1120604 SUSE bug 1120606 SUSE bug 1120612 SUSE bug 1120613 SUSE bug 1120614 SUSE bug 1120615 SUSE bug 1120616 SUSE bug 1120617 SUSE bug 1120618 SUSE bug 1120620 SUSE bug 1120621 SUSE bug 1120632 SUSE bug 1120633 SUSE bug 1120743 SUSE bug 1120954 SUSE bug 1121017 SUSE bug 1121058 SUSE bug 1121263 SUSE bug 1121273 SUSE bug 1121477 SUSE bug 1121483 SUSE bug 1121599 SUSE bug 1121621 SUSE bug 1121714 SUSE bug 1121715 SUSE bug 1121973 CVE-2018-12232 CVE-2018-14625 CVE-2018-16862 CVE-2018-16884 CVE-2018-18397 CVE-2018-19407 CVE-2018-19854 CVE-2018-19985 CVE-2018-20169 CVE-2018-9568 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 The SUSE Linux Enterprise 12 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-20855: An issue was discovered in the Linux kernel In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace(bsc#1143045). - CVE-2019-1125: Exclude ATOMs from speculation through SWAPGS (bsc#1139358). - CVE-2019-14283: In the Linux kernel, set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It could be triggered by an unprivileged local user when a floppy disk was inserted. NOTE: QEMU creates the floppy device by default. (bnc#1143191) - CVE-2019-11810: An issue was discovered in the Linux kernel A NULL pointer dereference could occur when megasas_create_frame_pool() failed in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This caused a Denial of Service, related to a use-after-free (bnc#1134399). - CVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory was disabled, a local user could cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sent a crafted signal frame. (bnc#1142254) - CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel, a malicious USB device could send an HID report that triggered an out-of-bounds write during generation of debugging messages. (bnc#1142023) The following non-security bugs were fixed: - Correct the CVE and bug reference for a floppy security fix (CVE-2019-14284,bsc#1143189) A dedicated CVE was already assigned - acpi/nfit: Always dump _DSM output payload (bsc#1142351). - Add back sibling paca poiter to paca (bsc#1055117). - Add support for crct10dif-vpmsum (). - af_unix: remove redundant lockdep class (git-fixes). - alsa: compress: Be more restrictive about when a drain is allowed (bsc#1051510). - alsa: compress: Do not allow paritial drain operations on capture streams (bsc#1051510). - alsa: compress: Fix regression on compressed capture streams (bsc#1051510). - alsa: compress: Prevent bypasses of set_params (bsc#1051510). - alsa: hda - Add a conexant codec entry to let mute led work (bsc#1051510). - alsa: hda/realtek: apply ALC891 headset fixup to one Dell machine (bsc#1051510). - alsa: hda/realtek - Fixed Headphone Mic can't record on Dell platform (bsc#1051510). - alsa: hda/realtek - Headphone Mic can't record after S3 (bsc#1051510). - alsa: line6: Fix a typo (bsc#1051510). - alsa: line6: Fix wrong altsetting for LINE6_PODHD500_1 (bsc#1051510). - alsa: seq: Break too long mutex context in the write loop (bsc#1051510). - alsa: usb-audio: Add quirk for Focusrite Scarlett Solo (bsc#1051510). - alsa: usb-audio: Add quirk for MOTU MicroBook II (bsc#1051510). - alsa: usb-audio: Cleanup DSD whitelist (bsc#1051510). - alsa: usb-audio: Enable .product_name override for Emagic, Unitor 8 (bsc#1051510). - alsa: usb-audio: Sanity checks for each pipe and EP types (bsc#1051510). - asoc : cs4265 : readable register too low (bsc#1051510). - asoc: max98090: remove 24-bit format support if RJ is 0 (bsc#1051510). - asoc: soc-pcm: BE dai needs prepare when pause release after resume (bsc#1051510). - ath6kl: add some bounds checking (bsc#1051510). - batman-adv: fix for leaked TVLV handler (bsc#1051510). - bcache: acquire bch_register_lock later in cached_dev_detach_finish() (bsc#1140652). - bcache: acquire bch_register_lock later in cached_dev_free() (bsc#1140652). - bcache: add code comments for journal_read_bucket() (bsc#1140652). - bcache: Add comments for blkdev_put() in registration code path (bsc#1140652). - bcache: add comments for closure_fn to be called in closure_queue() (bsc#1140652). - bcache: add comments for kobj release callback routine (bsc#1140652). - bcache: add comments for mutex_lock(&b->write_lock) (bsc#1140652). - bcache: add error check for calling register_bdev() (bsc#1140652). - bcache: add failure check to run_cache_set() for journal replay (bsc#1140652). - bcache: add io error counting in write_bdev_super_endio() (bsc#1140652). - bcache: add more error message in bch_cached_dev_attach() (bsc#1140652). - bcache: add pendings_cleanup to stop pending bcache device (bsc#1140652). - bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652). - bcache: add return value check to bch_cached_dev_run() (bsc#1140652). - bcache: avoid a deadlock in bcache_reboot() (bsc#1140652). - bcache: avoid clang -Wunintialized warning (bsc#1140652). - bcache: avoid flushing btree node in cache_set_flush() if io disabled (bsc#1140652). - bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE bit in bch_journal() (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE in allocator code (bsc#1140652). - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush() (bsc#1140652). - bcache: Clean up bch_get_congested() (bsc#1140652). - bcache: destroy dc->writeback_write_wq if failed to create dc->writeback_thread (bsc#1140652). - bcache: do not assign in if condition in bcache_device_init() (bsc#1140652). - bcache: do not set max writeback rate if gc is running (bsc#1140652). - bcache: fix a race between cache register and cacheset unregister (bsc#1140652). - bcache: fix crashes stopping bcache device before read miss done (bsc#1140652). - bcache: fix failure in journal relplay (bsc#1140652). - bcache: fix inaccurate result of unused buckets (bsc#1140652). - bcache: fix mistaken sysfs entry for io_error counter (bsc#1140652). - bcache: fix potential deadlock in cached_def_free() (bsc#1140652). - bcache: fix race in btree_flush_write() (bsc#1140652). - bcache: fix return value error in bch_journal_read() (bsc#1140652). - bcache: fix stack corruption by PRECEDING_KEY() (bsc#1140652). - bcache: fix wrong usage use-after-freed on keylist in out_nocoalesce branch of btree_gc_coalesce (bsc#1140652). - bcache: ignore read-ahead request failure on backing device (bsc#1140652). - bcache: improve bcache_reboot() (bsc#1140652). - bcache: improve error message in bch_cached_dev_run() (bsc#1140652). - bcache: make bset_search_tree() be more understandable (bsc#1140652). - bcache: make is_discard_enabled() static (bsc#1140652). - bcache: more detailed error message to bcache_device_link() (bsc#1140652). - bcache: move definition of 'int ret' out of macro read_bucket() (bsc#1140652). - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() (bsc#1140652). - bcache: only clear BTREE_NODE_dirty bit when it is set (bsc#1140652). - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1140652). - bcache: performance improvement for btree_flush_write() (bsc#1140652). - bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652). - bcache: remove retry_flush_write from struct cache_set (bsc#1140652). - bcache: remove unncessary code in bch_btree_keys_init() (bsc#1140652). - bcache: remove unnecessary prefetch() in bset_search_tree() (bsc#1140652). - bcache: remove 'XXX:' comment line from run_cache_set() (bsc#1140652). - bcache: return error immediately in bch_journal_replay() (bsc#1140652). - bcache: Revert 'bcache: fix high CPU occupancy during journal' (bsc#1140652). - bcache: Revert 'bcache: free heap cache_set->flush_btree in bch_journal_free' (bsc#1140652). - bcache: set largest seq to ja->seq[bucket_index] in journal_read_bucket() (bsc#1140652). - bcache: shrink btree node cache after bch_btree_check() (bsc#1140652). - bcache: stop writeback kthread and kworker when bch_cached_dev_run() failed (bsc#1140652). - bcache: use sysfs_match_string() instead of __sysfs_match_string() (bsc#1140652). - be2net: Fix number of Rx queues used for flow hashing (networking-stable-19_06_18). - be2net: Signal that the device cannot transmit during reconfiguration (bsc#1127315). - be2net: Synchronize be_update_queues with dev_watchdog (bsc#1127315). - block, bfq: NULL out the bic when it's no longer valid (bsc#1142359). - bnx2x: Prevent load reordering in tx completion processing (bsc#1142868). - bnxt_en: Fix aggregation buffer leak under OOM condition (networking-stable-19_05_31). - bonding: fix arp_validate toggling in active-backup mode (networking-stable-19_05_14). - bonding: Force slave speed check after link state recovery for 802.3ad (bsc#1137584). - bpf, x64: fix stack layout of JITed bpf code (bsc#1083647). - bpf, x64: save 5 bytes in prologue when ebpf insns came from cbpf (bsc#1083647). - bridge: Fix error path for kobject_init_and_add() (networking-stable-19_05_14). - btrfs: fix race between block group removal and block group allocation (bsc#1143003). - cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() (bsc#1141478). - clk: qcom: Fix -Wunused-const-variable (bsc#1051510). - clk: rockchip: Do not yell about bad mmc phases when getting (bsc#1051510). - clk: tegra210: fix PLLU and PLLU_OUT1 (bsc#1051510). - cpufreq: acpi-cpufreq: Report if CPU does not support boost technologies (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix initial command check (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency (bsc#1051510). - cpufreq: check if policy is inactive early in __cpufreq_get() (bsc#1051510). - cpufreq: kirkwood: fix possible object reference leak (bsc#1051510). - cpufreq/pasemi: fix possible object reference leak (bsc#1051510). - cpufreq: pmac32: fix possible object reference leak (bsc#1051510). - cpufreq: ppc_cbe: fix possible object reference leak (bsc#1051510). - cpufreq: Use struct kobj_attribute instead of struct global_attr (bsc#1051510). - crypto: arm64/sha1-ce - correct digest for empty data in finup (bsc#1051510). - crypto: arm64/sha2-ce - correct digest for empty data in finup (bsc#1051510). - crypto: ccp - Fix 3DES complaint from ccp-crypto module (bsc#1051510). - crypto: ccp - fix AES CFB error exposed by new test vectors (bsc#1051510). - crypto: ccp - Fix SEV_VERSION_GREATER_OR_EQUAL (bsc#1051510). - crypto: ccp/gcm - use const time tag comparison (bsc#1051510). - crypto: ccp - memset structure fields to zero before reuse (bsc#1051510). - crypto: ccp - Validate the the error value used to index error messages (bsc#1051510). - crypto: chacha20poly1305 - fix atomic sleep when using async algorithm (bsc#1051510). - crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe (bsc#1051510). - crypto: ghash - fix unaligned memory access in ghash_setkey() (bsc#1051510). - crypto: talitos - Align SEC1 accesses to 32 bits boundaries (bsc#1051510). - crypto: talitos - check data blocksize in ablkcipher (bsc#1051510). - crypto: talitos - fix CTR alg blocksize (bsc#1051510). - crypto: talitos - fix max key size for sha384 and sha512 (bsc#1051510). - crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking (bsc#1051510). - crypto: talitos - properly handle split ICV (bsc#1051510). - crypto: talitos - reduce max key size for SEC1 (bsc#1051510). - crypto: talitos - rename alternative AEAD algos (bsc#1051510). - dasd_fba: Display '00000000' for zero page when dumping sense (bsc#1123080). - dmaengine: hsu: Revert 'set HSU_CH_MTSR to memory width' (bsc#1051510). - dpaa_eth: fix SG frame cleanup (networking-stable-19_05_14). - drm/meson: Add support for XBGR8888 & ABGR8888 formats (bsc#1051510). - drm/msm/a3xx: remove TPL1 regs from snapshot (bsc#1051510). - drm/nouveau/i2c: Enable i2c pads & busses during preinit (bsc#1051510). - drm/rockchip: Properly adjust to a true clock in adjusted_mode (bsc#1051510). - e1000e: start network tx queue only when link is up (bsc#1051510). - ethtool: check the return value of get_regs_len (git-fixes). - ethtool: fix potential userspace buffer overflow (networking-stable-19_06_09). - Fix kABI for asus-wmi quirk_entry field addition (bsc#1051510). - Fix memory leak in sctp_process_init (networking-stable-19_06_09). - fork, memcg: fix cached_stacks case (bsc#1134097). - fork, memcg: fix crash in free_thread_stack on memcg charge fail (bsc#1134097). - hid: wacom: correct touch resolution x/y typo (bsc#1051510). - hid: wacom: generic: Correct pad syncing (bsc#1051510). - hid: wacom: generic: only switch the mode on devices with LEDs (bsc#1051510). - hid: wacom: generic: read HID_DG_CONTACTMAX from any feature report (bsc#1051510). - input: elantech - enable middle button support on 2 ThinkPads (bsc#1051510). - input: imx_keypad - make sure keyboard can always wake up system (bsc#1051510). - input: psmouse - fix build error of multiple definition (bsc#1051510). - input: synaptics - enable SMBUS on T480 thinkpad trackpad (bsc#1051510). - input: tm2-touchkey - acknowledge that setting brightness is a blocking call (bsc#1129770). - intel_th: msu: Fix single mode with disabled IOMMU (bsc#1051510). - ipv4: Fix raw socket lookup for local traffic (networking-stable-19_05_14). - ipv4/igmp: fix another memory leak in igmpv3_del_delrec() (networking-stable-19_05_31). - ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST (networking-stable-19_05_31). - ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop (git-fixes). - ipv6: Consider sk_bound_dev_if when binding a raw socket to an address (networking-stable-19_05_31). - ipv6: fix EFAULT on sendto with icmpv6 and hdrincl (networking-stable-19_06_09). - ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero (networking-stable-19_06_18). - ipv6: use READ_ONCE() for inet->hdrincl as in ipv4 (networking-stable-19_06_09). - kbuild: use -flive-patching when CONFIG_LIVEPATCH is enabled (bsc#1071995). - kernel: jump label transformation performance (bsc#1137534 bsc#1137535 LTC#178058 LTC#178059). - kvm: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots (bsc#1133021). - kvm: arm/arm64: vgic-its: Take the srcu lock when writing to guest memory (bsc#1133021). - kvm: fix Guest installation fails by 'Invalid value '0-31' for 'cpuset.cpus': Invalid argument' (bsc#1143507) - kvm: mmu: Fix overflow on kvm mmu page limit calculation (bsc#1135335). - kvm/mmu: kABI fix for *_mmu_pages changes in struct kvm_arch (bsc#1135335). - kvm: polling: add architecture backend to disable polling (bsc#1119222). - kvm: s390: change default halt poll time to 50us (bsc#1119222). - kvm: s390: enable CONFIG_HAVE_KVM_NO_POLL (bsc#1119222) We need to enable CONFIG_HAVE_KVM_NO_POLL for bsc#1119222 - kvm: s390: fix typo in parameter description (bsc#1119222). - kvm: s390: kABI Workaround for 'kvm_vcpu_stat' Add halt_no_poll_steal to kvm_vcpu_stat. Hide it from the kABI checker. - kvm: s390: kABI Workaround for 'lowcore' (bsc#1119222). - kvm: s390: provide kvm_arch_no_poll function (bsc#1119222). - kvm: svm/avic: Do not send AVIC doorbell to self (bsc#1140133). - kvm: SVM: Fix detection of AMD Errata 1096 (bsc#1142354). - lapb: fixed leak of control-blocks (networking-stable-19_06_18). - lib: fix stall in __bitmap_parselist() (bsc#1051510). - libnvdimm/namespace: Fix label tracking error (bsc#1142350). - lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE (bsc#1051510). - livepatch: Remove duplicate warning about missing reliable stacktrace support (bsc#1071995). - livepatch: Use static buffer for debugging messages under rq lock (bsc#1071995). - llc: fix skb leak in llc_build_and_send_ui_pkt() (networking-stable-19_05_31). - media: cpia2_usb: first wake up, then free in disconnect (bsc#1135642). - media: marvell-ccic: fix DMA s/g desc number calculation (bsc#1051510). - media: s5p-mfc: Make additional clocks optional (bsc#1051510). - media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom() (bsc#1051510). - media: vivid: fix incorrect assignment operation when setting video mode (bsc#1051510). - mei: bus: need to unlink client before freeing (bsc#1051510). - mei: me: add denverton innovation engine device IDs (bsc#1051510). - mei: me: add gemini lake devices id (bsc#1051510). - memory: tegra: Fix integer overflow on tick value calculation (bsc#1051510). - memstick: Fix error cleanup path of memstick_init (bsc#1051510). - mfd: intel-lpss: Release IDA resources (bsc#1051510). - mmc: sdhci-pci: Try 'cd' for card-detect lookup before using NULL (bsc#1051510). - mm: migrate: Fix reference check race between __find_get_block() and migration (bnc#1137609). - mm/nvdimm: add is_ioremap_addr and use that to check ioremap address (bsc#1140322 LTC#176270). - mm, page_alloc: fix has_unmovable_pages for HugePages (bsc#1127034). - mm: replace all open encodings for NUMA_NO_NODE (bsc#1140322 LTC#176270). - neigh: fix use-after-free read in pneigh_get_next (networking-stable-19_06_18). - net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142112 bsc#1142221 LTC#179334 LTC#179332). - net: avoid weird emergency message (networking-stable-19_05_21). - net: fec: fix the clk mismatch in failed_reset path (networking-stable-19_05_31). - netfilter: conntrack: fix calculation of next bucket number in early_drop (git-fixes). - net-gro: fix use-after-free read in napi_gro_frags() (networking-stable-19_05_31). - net/mlx4_core: Change the error print to info print (networking-stable-19_05_21). - net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_06_09). - net/mlx5: Allocate root ns memory using kzalloc to match kfree (networking-stable-19_05_31). - net/mlx5: Avoid double free in fs init error unwinding path (networking-stable-19_05_31). - net: mvneta: Fix err code path of probe (networking-stable-19_05_31). - net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value (networking-stable-19_05_31). - net: openvswitch: do not free vport if register_netdevice() is failed (networking-stable-19_06_18). - net/packet: fix memory leak in packet_set_ring() (git-fixes). - net: rds: fix memory leak in rds_ib_flush_mr_pool (networking-stable-19_06_09). - net: seeq: fix crash caused by not set dev.parent (networking-stable-19_05_14). - net: stmmac: fix reset gpio free missing (networking-stable-19_05_31). - net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions (networking-stable-19_05_21). - nvme: fix memory leak caused by incorrect subsystem free (bsc#1143185). - ocfs2: add first lock wait time in locking_state (bsc#1134390). - ocfs2: add last unlock times in locking_state (bsc#1134390). - ocfs2: add locking filter debugfs file (bsc#1134390). - packet: Fix error path in packet_init (networking-stable-19_05_14). - packet: in recvmsg msg_name return at least sizeof sockaddr_ll (git-fixes). - pci: Always allow probing with driver_override (bsc#1051510). - pci: hv: Add hv_pci_remove_slots() when we unload the driver (bsc#1142701). - pci: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary (bsc#1142701). - pci: hv: Fix a memory leak in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix a use-after-free bug in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix return value check in hv_pci_assign_slots() (bsc#1142701). - pci: hv: Remove unused reason for refcount handler (bsc#1142701). - pci: hv: support reporting serial number as slot information (bsc#1142701). - pci: Return error if cannot probe VF (bsc#1051510). - pkey: Indicate old mkvp only if old and current mkvp are different (bsc#1137827 LTC#178090). - pktgen: do not sleep with the thread lock held (git-fixes). - platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ (bsc#1051510). - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510). - platform/x86: intel_turbo_max_3: Remove restriction for HWP platforms (jsc#SLE-5439). - platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to critclk_systems DMI table (bsc#1051510). - powerpc/64s: Remove POWER9 DD1 support (bsc#1055117, LTC#159753, git-fixes). - powerpc/crypto: Use cheaper random numbers for crc-vpmsum self-test (). - powerpc/mm: Change function prototype (bsc#1055117). - powerpc/mm: Consolidate numa_enable check and min_common_depth check (bsc#1140322 LTC#176270). - powerpc/mm/drconf: Use NUMA_NO_NODE on failures instead of node 0 (bsc#1140322 LTC#176270). - powerpc/mm: Fix node look up with numa=off boot (bsc#1140322 LTC#176270). - powerpc/mm/hugetlb: Update huge_ptep_set_access_flags to call __ptep_set_access_flags directly (bsc#1055117). - powerpc/mm/radix: Change pte relax sequence to handle nest MMU hang (bsc#1055117). - powerpc/mm/radix: Move function from radix.h to pgtable-radix.c (bsc#1055117). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945 bsc#1141401 bsc#1141402 bsc#1141452 bsc#1141453 bsc#1141454 LTC#178983 LTC#179191 LTC#179192 LTC#179193 LTC#179194 LTC#179195). - ppp: deflate: Fix possible crash in deflate_init (networking-stable-19_05_21). - rds: ib: fix 'passing zero to ERR_PTR()' warning (git-fixes). - Revert 'bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error()' (bsc#1140652). - Revert 'e1000e: fix cyclic resets at link up with active tx' (bsc#1051510). - Revert 'livepatch: Remove reliable stacktrace check in klp_try_switch_task()' (bsc#1071995). - Revert 'serial: 8250: Do not service RX FIFO if interrupts are disabled' (bsc#1051510). - rtnetlink: always put IFLA_LINK for links with a link-netnsid (networking-stable-19_05_21). - s390/qeth: be drop monitor friendly (bsc#1142220 LTC#179335). - s390/vtime: steal time exponential moving average (bsc#1119222). - scripts/git_sort/git_sort.py: Add mmots tree. - scsi: ibmvfc: fix WARN_ON during event pool release (bsc#1137458 LTC#178093). - sctp: Free cookie before we memdup a new one (networking-stable-19_06_18). - sctp: silence warns on sctp_stream_init allocations (bsc#1083710). - serial: uartps: Do not add a trailing semicolon to macro (bsc#1051510). - serial: uartps: Fix long line over 80 chars (bsc#1051510). - serial: uartps: Fix multiple line dereference (bsc#1051510). - serial: uartps: Remove useless return from cdns_uart_poll_put_char (bsc#1051510). - staging: comedi: amplc_pci230: fix null pointer deref on interrupt (bsc#1051510). - staging: comedi: dt282x: fix a null pointer deref on interrupt (bsc#1051510). - staging: rtl8712: reduce stack usage, again (bsc#1051510). - sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg (networking-stable-19_06_18). - tcp: reduce tcp_fastretrans_alert() verbosity (git-fixes). - team: Always enable vlan tx offload (bsc#1051510). - tty: rocket: fix incorrect forward declaration of 'rp_init()' (bsc#1051510). - tty: serial_core: Set port active bit in uart_port_activate (bsc#1051510). - tty: serial: cpm_uart - fix init when SMC is relocated (bsc#1051510). - tuntap: synchronize through tfiles array instead of tun->numqueues (networking-stable-19_05_14). - usb: gadget: ether: Fix race between gether_disconnect and rx_submit (bsc#1051510). - usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i] (bsc#1051510). - usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC (bsc#1051510). - usb: pci-quirks: Correct AMD PLL quirk detection (bsc#1051510). - usb: serial: ftdi_sio: add ID for isodebug v1 (bsc#1051510). - usb: serial: option: add support for GosunCn ME3630 RNDIS mode (bsc#1051510). - vmci: Fix integer overflow in VMCI handle arrays (bsc#1051510). - vsock/virtio: free packets during the socket release (networking-stable-19_05_21). - vsock/virtio: set SOCK_DONE on peer shutdown (networking-stable-19_06_18). - wil6210: fix potential out-of-bounds read (bsc#1051510). - x86, mm: fix fast GUP with hyper-based TLB flushing (VM Functionality, bsc#1140903). - xen: let alloc_xenballooned_pages() fail if not enough memory free (bsc#1142450 XSA-300). - xfs: do not overflow xattr listent buffer (bsc#1143105). Important SUSE bug 1051510 SUSE bug 1055117 SUSE bug 1071995 SUSE bug 1083647 SUSE bug 1083710 SUSE bug 1102247 SUSE bug 1111666 SUSE bug 1119222 SUSE bug 1123080 SUSE bug 1127034 SUSE bug 1127315 SUSE bug 1129770 SUSE bug 1130972 SUSE bug 1133021 SUSE bug 1134097 SUSE bug 1134390 SUSE bug 1134399 SUSE bug 1135335 SUSE bug 1135642 SUSE bug 1136896 SUSE bug 1137458 SUSE bug 1137534 SUSE bug 1137535 SUSE bug 1137584 SUSE bug 1137609 SUSE bug 1137811 SUSE bug 1137827 SUSE bug 1139358 SUSE bug 1140133 SUSE bug 1140139 SUSE bug 1140322 SUSE bug 1140652 SUSE bug 1140887 SUSE bug 1140888 SUSE bug 1140889 SUSE bug 1140891 SUSE bug 1140893 SUSE bug 1140903 SUSE bug 1140945 SUSE bug 1140954 SUSE bug 1140955 SUSE bug 1140956 SUSE bug 1140957 SUSE bug 1140958 SUSE bug 1140959 SUSE bug 1140960 SUSE bug 1140961 SUSE bug 1140962 SUSE bug 1140964 SUSE bug 1140971 SUSE bug 1140972 SUSE bug 1140992 SUSE bug 1141401 SUSE bug 1141402 SUSE bug 1141452 SUSE bug 1141453 SUSE bug 1141454 SUSE bug 1141478 SUSE bug 1142023 SUSE bug 1142112 SUSE bug 1142220 SUSE bug 1142221 SUSE bug 1142254 SUSE bug 1142350 SUSE bug 1142351 SUSE bug 1142354 SUSE bug 1142359 SUSE bug 1142450 SUSE bug 1142701 SUSE bug 1142868 SUSE bug 1143003 SUSE bug 1143045 SUSE bug 1143105 SUSE bug 1143185 SUSE bug 1143189 SUSE bug 1143191 SUSE bug 1143507 CVE-2018-20855 CVE-2019-1125 CVE-2019-11810 CVE-2019-13631 CVE-2019-13648 CVE-2019-14283 CVE-2019-14284 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following new features were implemented: - jsc#SLE-4875: [CML] New device IDs for CML - jsc#SLE-7294: Add cpufreq driver for Raspberry Pi - fate#322438: Integrate P9 XIVE support (on PowerVM only) - fate#322447: Add memory protection keys (MPK) support on POWER (on PowerVM only) - fate#322448, fate#321438: P9 hardware counter (performance counters) support (on PowerVM only) - fate#325306, fate#321840: Reduce memory required to boot capture kernel while using fadump - fate#326869: perf: pmu mem_load/store event support The following security bugs were fixed: - CVE-2017-18551: There was an out of bounds write in the function i2c_smbus_xfer_emulated. (bsc#1146163). - CVE-2018-20976: A use after free existed, related to xfs_fs_fill_super failure. (bsc#1146285) - CVE-2018-21008: A use-after-free can be caused by the function rsi_mac80211_detach (bsc#1149591). - CVE-2019-9456: In Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could have lead to local escalation of privilege with System execution privileges needed. (bsc#1150025 CVE-2019-9456). - CVE-2019-10207: Fix a NULL pointer dereference in hci_uart bluetooth driver (bsc#1142857 bsc#1123959). - CVE-2019-14814, CVE-2019-14815, CVE-2019-14816: Fix three heap-based buffer overflows in marvell wifi chip driver kernel, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code. (bnc#1146516) - CVE-2019-14835: Fix QEMU-KVM Guest to Host Kernel Escape. (bsc#1150112). - CVE-2019-15030, CVE-2019-15031: On the powerpc platform, a local user could read vector registers of other users' processes via an interrupt. (bsc#1149713) - CVE-2019-15090: In the qedi_dbg_* family of functions, there was an out-of-bounds read. (bsc#1146399) - CVE-2019-15098: USB driver net/wireless/ath/ath6kl/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor. (bsc#1146378). - CVE-2019-15099: drivers/net/wireless/ath/ath10k/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor. (bsc#1146368) - CVE-2019-15117: parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel mishandled a short descriptor, leading to out-of-bounds memory access. (bsc#1145920). - CVE-2019-15118: check_input_term in sound/usb/mixer.c in the Linux kernel mishandled recursion, leading to kernel stack exhaustion. (bsc#1145922). - CVE-2019-15211: There was a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c did not properly allocate memory. (bsc#1146519). - CVE-2019-15212: There was a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver. (bsc#1051510 bsc#1146391). - CVE-2019-15214: There was a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. (bsc#1146550) - CVE-2019-15215: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver. (bsc#1135642 bsc#1146425) - CVE-2019-15216: Fix a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. (bsc#1146361). - CVE-2019-15217: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. (bsc#1146547). - CVE-2019-15218: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver. (bsc#1051510 bsc#1146413) - CVE-2019-15219: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. (bsc#1146524) - CVE-2019-15220: There was a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver. (bsc#1146526) - CVE-2019-15221, CVE-2019-15222: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver. (bsc#1146529, bsc#1146531) - CVE-2019-15239: An incorrect backport of a certain net/ipv4/tcp_output.c fix allowed a local attacker to trigger multiple use-after-free conditions. This could result in a kernel crash, or potentially in privilege escalation. (bsc#1146589) - CVE-2019-15290: There was a NULL pointer dereference caused by a malicious USB device in the ath6kl_usb_alloc_urb_from_pipe function (bsc#1146543). - CVE-2019-15292: There was a use-after-free in atalk_proc_exit (bsc#1146678) - CVE-2019-15538: XFS partially wedged when a chgrp failed on account of being out of disk quota. This was primarily a local DoS attack vector, but it could result as well in remote DoS if the XFS filesystem was exported for instance via NFS. (bsc#1148032, bsc#1148093) - CVE-2019-15666: There was an out-of-bounds array access in __xfrm_policy_unlink, which would cause denial of service, because verify_newpolicy_info mishandled directory validation. (bsc#1148394). - CVE-2019-15902: A backporting error reintroduced the Spectre vulnerability that it aimed to eliminate. (bnc#1149376) - CVE-2019-15917: There was a use-after-free issue when hci_uart_register_dev() failed in hci_uart_set_proto() (bsc#1149539) - CVE-2019-15919: SMB2_write in fs/cifs/smb2pdu.c had a use-after-free. (bsc#1149552) - CVE-2019-15920: SMB2_read in fs/cifs/smb2pdu.c had a use-after-free. (bsc#1149626) - CVE-2019-15921: There was a memory leak issue when idr_alloc() failed (bsc#1149602) - CVE-2019-15924: Fix a NULL pointer dereference because there was no -ENOMEM upon an alloc_workqueue failure. (bsc#1149612). - CVE-2019-15926: Out of bounds access existed in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx (bsc#1149527) - CVE-2019-15927: An out-of-bounds access existed in the function build_audio_procunit (bsc#1149522) The following non-security bugs were fixed: - 9p/rdma: do not disconnect on down_interruptible EAGAIN (bsc#1051510). - 9p/rdma: remove useless check in cm_event_handler (bsc#1051510). - 9p/virtio: Add cleanup path in p9_virtio_init (bsc#1051510). - 9p/xen: Add cleanup path in p9_trans_xen_init (bsc#1051510). - 9p/xen: fix check for xenbus_read error in front_probe (bsc#1051510). - 9p: acl: fix uninitialized iattr access (bsc#1051510). - 9p: p9dirent_read: check network-provided name length (bsc#1051510). - 9p: pass the correct prototype to read_cache_page (bsc#1051510). - acpi/arm64: ignore 5.1 FADTs that are reported as 5.0 (bsc#1051510). - acpi/iort: Fix off-by-one check in iort_dev_find_its_id() (bsc#1051510). - acpi: PM: Fix regression in acpi_device_set_power() (bsc#1051510). - acpi: fix false-positive -Wuninitialized warning (bsc#1051510). - acpica: Increase total number of possible Owner IDs (bsc#1148859). - acpica: Increase total number of possible Owner IDs (bsc#1148859). - add some missing definitions (bsc#1144333). - address lock imbalance warnings in smbdirect.c (bsc#1144333). - af_key: fix leaks in key_pol_get_resp and dump_sp (bsc#1051510). - af_packet: Block execution of tasks waiting for transmit to complete in AF_PACKET (networking-stable-19_07_02). - alsa: firewire: fix a memory leak bug (bsc#1051510). - alsa: hda - Add a generic reboot_notify (bsc#1051510). - alsa: hda - Apply workaround for another AMD chip 1022:1487 (bsc#1051510). - alsa: hda - Do not override global PCM hw info flag (bsc#1051510). - alsa: hda - Fix a memory leak bug (bsc#1051510). - alsa: hda - Fix potential endless loop at applying quirks (bsc#1051510). - alsa: hda - Let all conexant codec enter D3 when rebooting (bsc#1051510). - alsa: hda - Workaround for crackled sound on AMD controller (1022:1457) (bsc#1051510). - alsa: hda/realtek - Fix overridden device-specific initialization (bsc#1051510). - alsa: hda/realtek - Fix the problem of two front mics on a ThinkCentre (bsc#1051510). - alsa: hda: kabi workaround for generic parser flag (bsc#1051510). - alsa: hiface: fix multiple memory leak bugs (bsc#1051510). - alsa: line6: Fix memory leak at line6_init_pcm() error path (bsc#1051510). - alsa: pcm: fix lost wakeup event scenarios in snd_pcm_drain (bsc#1051510). - alsa: seq: Fix potential concurrent access to the deleted pool (bsc#1051510). - alsa: usb-audio: Fix gpf in snd_usb_pipe_sanity_check (bsc#1051510). - arm64: KVM: Fix architecturally invalid reset value for FPEXC32_EL2 (bsc#1133021). - arm: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling (bsc#1133021). - arm: KVM: report support for SMCCC_ARCH_WORKAROUND_1 (bsc#1133021). - asoc: Fail card instantiation if DAI format setup fails (bsc#1051510). - asoc: dapm: Fix handling of custom_stop_condition on DAPM graph walks (bsc#1051510). - ata: libahci: do not complain in case of deferred probe (bsc#1051510). - batman-adv: Only read OGM tvlv_len after buffer len check (bsc#1051510). - batman-adv: Only read OGM2 tvlv_len after buffer len check (bsc#1051510). - batman-adv: fix uninit-value in batadv_netlink_get_ifindex() (bsc#1051510). - bcache: fix possible memory leak in bch_cached_dev_run() (git fixes). - bio: fix improper use of smp_mb__before_atomic() (git fixes). - blk-mq: Fix spelling in a source code comment (git fixes). - blk-mq: backport fixes for blk_mq_complete_e_request_sync() (bsc#1145661). - blk-mq: introduce blk_mq_complete_request_sync() (bsc#1145661). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - block, documentation: Fix wbt_lat_usec documentation (git fixes). - bluetooth: 6lowpan: search for destination address in all peers (bsc#1051510). - bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug (bsc#1051510). - bluetooth: Check state in l2cap_disconnect_rsp (bsc#1051510). - bluetooth: btqca: Add a short delay before downloading the NVM (bsc#1051510). - bluetooth: hci_bcsp: Fix memory leak in rx_skb (bsc#1051510). - bluetooth: revert 'validate BLE connection interval updates' (bsc#1051510). - bluetooth: validate BLE connection interval updates (bsc#1051510). - bnx2x: Prevent ptp_task to be rescheduled indefinitely (networking-stable-19_07_25). - bonding/802.3ad: fix link_failure_count tracking (bsc#1137069 bsc#1141013). - bonding/802.3ad: fix slave link initialization transition states (bsc#1137069 bsc#1141013). - bonding: Always enable vlan tx offload (networking-stable-19_07_02). - bonding: set default miimon value for non-arp modes if not set (bsc#1137069 bsc#1141013). - bonding: speed/duplex update at NETDEV_UP event (bsc#1137069 bsc#1141013). - bonding: validate ip header before check IPPROTO_IGMP (networking-stable-19_07_25). - btrfs: Fix delalloc inodes invalidation during transaction abort (bsc#1050911). - btrfs: Split btrfs_del_delalloc_inode into 2 functions (bsc#1050911). - btrfs: add a helper to retrive extent inline ref type (bsc#1149325). - btrfs: add cleanup_ref_head_accounting helper (bsc#1050911). - btrfs: add missing inode version, ctime and mtime updates when punching hole (bsc#1140487). - btrfs: add one more sanity check for shared ref type (bsc#1149325). - btrfs: clean up pending block groups when transaction commit aborts (bsc#1050911). - btrfs: convert to use btrfs_get_extent_inline_ref_type (bsc#1149325). - btrfs: do not abort transaction at btrfs_update_root() after failure to COW path (bsc#1150933). - btrfs: fix assertion failure during fsync and use of stale transaction (bsc#1150562). - btrfs: fix data loss after inode eviction, renaming it, and fsync it (bsc#1145941). - btrfs: fix fsync not persisting dentry deletions due to inode evictions (bsc#1145942). - btrfs: fix incremental send failure after deduplication (bsc#1145940). - btrfs: fix pinned underflow after transaction aborted (bsc#1050911). - btrfs: fix race between send and deduplication that lead to failures and crashes (bsc#1145059). - btrfs: fix race leading to fs corruption after transaction abort (bsc#1145937). - btrfs: handle delayed ref head accounting cleanup in abort (bsc#1050911). - btrfs: prevent send failures and crashes due to concurrent relocation (bsc#1145059). - btrfs: remove BUG() in add_data_reference (bsc#1149325). - btrfs: remove BUG() in btrfs_extent_inline_ref_size (bsc#1149325). - btrfs: remove BUG() in print_extent_item (bsc#1149325). - btrfs: remove BUG_ON in __add_tree_block (bsc#1149325). - btrfs: scrub: add memalloc_nofs protection around init_ipath (bsc#1086103). - btrfs: start readahead also in seed devices (bsc#1144886). - btrfs: track running balance in a simpler way (bsc#1145059). - btrfs: use GFP_KERNEL in init_ipath (bsc#1086103). - caif-hsi: fix possible deadlock in cfhsi_exit_module() (networking-stable-19_07_25). - can: m_can: implement errata 'Needless activation of MRAF irq' (bsc#1051510). - can: mcp251x: add support for mcp25625 (bsc#1051510). - can: peak_usb: fix potential double kfree_skb() (bsc#1051510). - can: peak_usb: force the string buffer NULL-terminated (bsc#1051510). - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (bsc#1051510). - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices (bsc#1051510). - can: rcar_canfd: fix possible IRQ storm on high load (bsc#1051510). - can: sja1000: force the string buffer NULL-terminated (bsc#1051510). - carl9170: fix misuse of device driver API (bsc#1142635). - ceph: always get rstat from auth mds (bsc#1146346). - ceph: clean up ceph.dir.pin vxattr name sizeof() (bsc#1146346). - ceph: decode feature bits in session message (bsc#1146346). - ceph: do not blindly unregister session that is in opening state (bsc#1148133). - ceph: do not try fill file_lock on unsuccessful GETFILELOCK reply (bsc#1148133). - ceph: fix 'ceph.dir.rctime' vxattr value (bsc#1148133 bsc#1135219). - ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in fill_inode() (bsc#1148133). - ceph: fix improper use of smp_mb__before_atomic() (bsc#1148133). - ceph: fix iov_iter issues in ceph_direct_read_write() (bsc#1141450). - ceph: hold i_ceph_lock when removing caps for freeing inode (bsc#1148133). - ceph: remove request from waiting list before unregister (bsc#1148133). - ceph: silence a checker warning in mdsc_show() (bsc#1148133). - ceph: support cephfs' own feature bits (bsc#1146346). - ceph: support getting ceph.dir.pin vxattr (bsc#1146346). - ceph: support versioned reply (bsc#1146346). - ceph: use bit flags to define vxattr attributes (bsc#1146346). - cfg80211: revert 'fix processing world regdomain when non modular' (bsc#1051510). - cifs: Accept validate negotiate if server return NT_STATUS_NOT_SUPPORTED (bsc#1144333). - cifs: Add DFS cache routines (bsc#1144333). - cifs: Add direct I/O functions to file_operations (bsc#1144333). - cifs: Add minor debug message during negprot (bsc#1144333). - cifs: Add smb2_send_recv (bsc#1144333). - cifs: Add support for FSCTL passthrough that write data to the server (bsc#1144333). - cifs: Add support for direct I/O read (bsc#1144333). - cifs: Add support for direct I/O write (bsc#1144333). - cifs: Add support for direct pages in rdata (bsc#1144333). - cifs: Add support for direct pages in wdata (bsc#1144333). - cifs: Add support for failover in cifs_mount() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect_tcon() (bsc#1144333). - cifs: Add support for failover in smb2_reconnect() (bsc#1144333). - cifs: Add support for reading attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: Add support for writing attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: Adds information-level logging function (bsc#1144333). - cifs: Adjust MTU credits before reopening a file (bsc#1144333). - cifs: Allocate memory for all iovs in smb2_ioctl (bsc#1144333). - cifs: Allocate validate negotiation request through kmalloc (bsc#1144333). - cifs: Always reset read error to -EIO if no response (bsc#1144333). - cifs: Always resolve hostname before reconnecting (bsc#1051510, bsc#1144333). - cifs: Avoid returning EBUSY to upper layer VFS (bsc#1144333). - cifs: Calculate the correct request length based on page offset and tail size (bsc#1144333). - cifs: Call MID callback before destroying transport (bsc#1144333). - cifs: Change SMB2_open to return an iov for the error parameter (bsc#1144333). - cifs: Check for reconnects before sending async requests (bsc#1144333). - cifs: Check for reconnects before sending compound requests (bsc#1144333). - cifs: Check for timeout on Negotiate stage (bsc#1091171, bsc#1144333). - cifs: Count SMB3 credits for malformed pending responses (bsc#1144333). - cifs: Display SMB2 error codes in the hex format (bsc#1144333). - cifs: Do not assume one credit for async responses (bsc#1144333). - cifs: Do not consider -ENODATA as stat failure for reads (bsc#1144333). - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510, bsc#1144333). - cifs: Do not hide EINTR after sending network packets (bsc#1051510, bsc#1144333). - cifs: Do not log credits when unmounting a share (bsc#1144333). - cifs: Do not match port on SMBDirect transport (bsc#1144333). - cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510, bsc#1144333). - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510, bsc#1144333). - cifs: Do not reset lease state to NONE on lease break (bsc#1051510, bsc#1144333). - cifs: Do not set credits to 1 if the server didn't grant anything (bsc#1144333). - cifs: Do not skip SMB2 message IDs on send failures (bsc#1144333). - cifs: Find and reopen a file before get MTU credits in writepages (bsc#1144333). - cifs: Fix DFS cache refresher for DFS links (bsc#1144333). - cifs: Fix NULL pointer deref on SMB2_tcon() failure (bsc#1071009, bsc#1144333). - cifs: Fix NULL pointer dereference of devname (bnc#1129519). - cifs: Fix NULL ptr deref (bsc#1144333). - cifs: Fix a debug message (bsc#1144333). - cifs: Fix a race condition with cifs_echo_request (bsc#1144333). - cifs: Fix a tiny potential memory leak (bsc#1144333). - cifs: Fix adjustment of credits for MTU requests (bsc#1051510, bsc#1144333). - cifs: Fix an issue with re-sending rdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix an issue with re-sending wdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix autonegotiate security settings mismatch (bsc#1087092, bsc#1144333). - cifs: Fix check for matching with existing mount (bsc#1144333). - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510, bsc#1144333). - cifs: Fix credit calculations in compound mid callback (bsc#1144333). - cifs: Fix credit computation for compounded requests (bsc#1144333). - cifs: Fix credits calculation for cancelled requests (bsc#1144333). - cifs: Fix credits calculations for reads with errors (bsc#1051510, bsc#1144333). - cifs: Fix encryption/signing (bsc#1144333). - cifs: Fix error mapping for SMB2_LOCK command which caused OFD lock problem (bsc#1051510, bsc#1144333). - cifs: Fix error paths in writeback code (bsc#1144333). - cifs: Fix infinite loop when using hard mount option (bsc#1091171, bsc#1144333). - cifs: Fix invalid check in __cifs_calc_signature() (bsc#1144333). - cifs: Fix kernel oops when traceSMB is enabled (bsc#1144333). - cifs: Fix leaking locked VFS cache pages in writeback retry (bsc#1144333). - cifs: Fix lease buffer length error (bsc#1144333). - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510, bsc#1144333). - cifs: Fix missing put_xid in cifs_file_strict_mmap (bsc#1087092, bsc#1144333). - cifs: Fix module dependency (bsc#1144333). - cifs: Fix mounts if the client is low on credits (bsc#1144333). - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510, bsc#1144333). - cifs: Fix possible oops and memory leaks in async IO (bsc#1144333). - cifs: Fix potential OOB access of lock element array (bsc#1051510, bsc#1144333). - cifs: Fix read after write for files with read caching (bsc#1051510, bsc#1144333). - cifs: Fix separator when building path from dentry (bsc#1051510, bsc#1144333). - cifs: Fix signing for SMB2/3 (bsc#1144333). - cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting (bsc#1144333). - cifs: Fix slab-out-of-bounds when tracing SMB tcon (bsc#1144333). - cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1051510, bsc#1144333). - cifs: Fix to use kmem_cache_free() instead of kfree() (bsc#1144333). - cifs: Fix trace command logging for SMB2 reads and writes (bsc#1144333). - cifs: Fix use after free of a mid_q_entry (bsc#1112903, bsc#1144333). - cifs: Fix use-after-free in SMB2_read (bsc#1144333). - cifs: Fix use-after-free in SMB2_write (bsc#1144333). - cifs: Fix validation of signed data in smb2 (bsc#1144333). - cifs: Fix validation of signed data in smb3+ (bsc#1144333). - cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510, bsc#1144333). - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs) (bsc#1144333). - cifs: Introduce helper function to get page offset and length in smb_rqst (bsc#1144333). - cifs: Introduce offset for the 1st page in data transfer structures (bsc#1144333). - cifs: Limit memory used by lock request calls to a page (bsc#1144333). - cifs: Make devname param optional in cifs_compose_mount_options() (bsc#1144333). - cifs: Make sure all data pages are signed correctly (bsc#1144333). - cifs: Make use of DFS cache to get new DFS referrals (bsc#1144333). - cifs: Mask off signals when sending SMB packets (bsc#1144333). - cifs: Minor Kconfig clarification (bsc#1144333). - cifs: Move credit processing to mid callbacks for SMB3 (bsc#1144333). - cifs: Move open file handling to writepages (bsc#1144333). - cifs: Move unlocking pages from wdata_send_pages() (bsc#1144333). - cifs: OFD locks do not conflict with eachothers (bsc#1051510, bsc#1144333). - cifs: Only free DFS target list if we actually got one (bsc#1144333). - cifs: Only send SMB2_NEGOTIATE command on new TCP connections (bsc#1144333). - cifs: Pass page offset for calculating signature (bsc#1144333). - cifs: Pass page offset for encrypting (bsc#1144333). - cifs: Print message when attempting a mount (bsc#1144333). - cifs: Properly handle auto disabling of serverino option (bsc#1144333). - cifs: Reconnect expired SMB sessions (bnc#1060662). - cifs: Refactor out cifs_mount() (bsc#1144333). - cifs: Remove custom credit adjustments for SMB2 async IO (bsc#1144333). - cifs: Reopen file before get SMB2 MTU credits for async IO (bsc#1144333). - cifs: Respect SMB2 hdr preamble size in read responses (bsc#1144333). - cifs: Respect reconnect in MTU credits calculations (bsc#1144333). - cifs: Respect reconnect in non-MTU credits calculations (bsc#1144333). - cifs: Return -EAGAIN instead of -ENOTSOCK (bsc#1144333). - cifs: Return error code when getting file handle for writeback (bsc#1144333). - cifs: SMBD: Add SMB Direct debug counters (bsc#1144333). - cifs: SMBD: Add SMB Direct protocol initial values and constants (bsc#1144333). - cifs: SMBD: Add parameter rdata to smb2_new_read_req (bsc#1144333). - cifs: SMBD: Add rdma mount option (bsc#1144333). - cifs: SMBD: Disable signing on SMB direct transport (bsc#1144333). - cifs: SMBD: Do not call ib_dereg_mr on invalidated memory registration (bsc#1144333). - cifs: SMBD: Establish SMB Direct connection (bsc#1144333). - cifs: SMBD: Fix the definition for SMB2_CHANNEL_RDMA_V1_INVALIDATE (bsc#1144333). - cifs: SMBD: Implement RDMA memory registration (bsc#1144333). - cifs: SMBD: Implement function to create a SMB Direct connection (bsc#1144333). - cifs: SMBD: Implement function to destroy a SMB Direct connection (bsc#1144333). - cifs: SMBD: Implement function to receive data via RDMA receive (bsc#1144333). - cifs: SMBD: Implement function to reconnect to a SMB Direct transport (bsc#1144333). - cifs: SMBD: Implement function to send data via RDMA send (bsc#1144333). - cifs: SMBD: Read correct returned data length for RDMA write (SMB read) I/O (bsc#1144333). - cifs: SMBD: Set SMB Direct maximum read or write size for I/O (bsc#1144333). - cifs: SMBD: Support page offset in RDMA recv (bsc#1144333). - cifs: SMBD: Support page offset in RDMA send (bsc#1144333). - cifs: SMBD: Support page offset in memory registration (bsc#1144333). - cifs: SMBD: Upper layer connects to SMBDirect session (bsc#1144333). - cifs: SMBD: Upper layer destroys SMB Direct session on shutdown or umount (bsc#1144333). - cifs: SMBD: Upper layer performs SMB read via RDMA write through memory registration (bsc#1144333). - cifs: SMBD: Upper layer performs SMB write via RDMA read through memory registration (bsc#1144333). - cifs: SMBD: Upper layer receives data via RDMA receive (bsc#1144333). - cifs: SMBD: Upper layer reconnects to SMB Direct session (bsc#1144333). - cifs: SMBD: Upper layer sends data via RDMA send (bsc#1144333). - cifs: SMBD: _smbd_get_connection() can be static (bsc#1144333). - cifs: SMBD: export protocol initial values (bsc#1144333). - cifs: SMBD: fix spelling mistake: faield and legnth (bsc#1144333). - cifs: SMBD: work around gcc -Wmaybe-uninitialized warning (bsc#1144333). - cifs: Save TTL value when parsing DFS referrals (bsc#1144333). - cifs: Select all required crypto modules (bsc#1085536, bsc#1144333). - cifs: Set reconnect instance to one initially (bsc#1144333). - cifs: Show locallease in /proc/mounts for cifs shares mounted with locallease feature (bsc#1144333). - cifs: Silence uninitialized variable warning (bsc#1144333). - cifs: Skip any trailing backslashes from UNC (bsc#1144333). - cifs: Try to acquire credits at once for compound requests (bsc#1144333). - cifs: Use GFP_ATOMIC when a lock is held in cifs_mount() (bsc#1144333). - cifs: Use ULL suffix for 64-bit constant (bsc#1051510, bsc#1144333). - cifs: Use correct packet length in SMB2_TRANSFORM header (bsc#1144333). - cifs: Use kmemdup in SMB2_ioctl_init() (bsc#1144333). - cifs: Use kmemdup rather than duplicating its implementation in smb311_posix_mkdir() (bsc#1144333). - cifs: Use kzfree() to free password (bsc#1144333). - cifs: Use offset when reading pages (bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510, bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510, bsc#1144333). - cifs: When sending data on socket, pass the correct page offset (bsc#1144333). - cifs: a smb2_validate_and_copy_iov failure does not mean the handle is invalid (bsc#1144333). - cifs: add .splice_write (bsc#1144333). - cifs: add IOCTL for QUERY_INFO passthrough to userspace (bsc#1144333). - cifs: add ONCE flag for cifs_dbg type (bsc#1144333). - cifs: add SFM mapping for 0x01-0x1F (bsc#1144333). - cifs: add SMB2_close_init()/SMB2_close_free() (bsc#1144333). - cifs: add SMB2_ioctl_init/free helpers to be used with compounding (bsc#1144333). - cifs: add SMB2_query_info_[init|free]() (bsc#1144333). - cifs: add a new SMB2_close_flags function (bsc#1144333). - cifs: add a smb2_compound_op and change QUERY_INFO to use it (bsc#1144333). - cifs: add a timeout argument to wait_for_free_credits (bsc#1144333). - cifs: add a warning if we try to to dequeue a deleted mid (bsc#1144333). - cifs: add compound_send_recv() (bsc#1144333). - cifs: add credits from unmatched responses/messages (bsc#1144333). - cifs: add debug output to show nocase mount option (bsc#1144333). - cifs: add fiemap support (bsc#1144333). - cifs: add iface info to struct cifs_ses (bsc#1144333). - cifs: add lease tracking to the cached root fid (bsc#1144333). - cifs: add missing GCM module dependency (bsc#1144333). - cifs: add missing debug entries for kconfig options (bsc#1051510, bsc#1144333). - cifs: add missing support for ACLs in SMB 3.11 (bsc#1051510, bsc#1144333). - cifs: add pdu_size to the TCP_Server_Info structure (bsc#1144333). - cifs: add resp_buf_size to the mid_q_entry structure (bsc#1144333). - cifs: add server argument to the dump_detail method (bsc#1144333). - cifs: add server->vals->header_preamble_size (bsc#1144333). - cifs: add sha512 secmech (bsc#1051510, bsc#1144333). - cifs: add spinlock for the openFileList to cifsInodeInfo (bsc#1144333). - cifs: add support for SEEK_DATA and SEEK_HOLE (bsc#1144333). - cifs: add support for ioctl on directories (bsc#1144333). - cifs: address trivial coverity warning (bsc#1144333). - cifs: allow calling SMB2_xxx_free(NULL) (bsc#1144333). - cifs: allow disabling less secure legacy dialects (bsc#1144333). - cifs: allow guest mounts to work for smb3.11 (bsc#1051510, bsc#1144333). - cifs: always add credits back for unsolicited PDUs (bsc#1144333). - cifs: auto disable 'serverino' in dfs mounts (bsc#1144333). - cifs: avoid a kmalloc in smb2_send_recv/SendReceive2 for the common case (bsc#1144333). - cifs: cache FILE_ALL_INFO for the shared root handle (bsc#1144333). - cifs: change SMB2_OP_RENAME and SMB2_OP_HARDLINK to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_EOF to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_INFO to use compounding (bsc#1144333). - cifs: change mkdir to use a compound (bsc#1144333). - cifs: change smb2_get_data_area_len to take a smb2_sync_hdr as argument (bsc#1144333). - cifs: change smb2_query_eas to use the compound query-info helper (bsc#1144333). - cifs: change unlink to use a compound (bsc#1144333). - cifs: change validate_buf to validate_iov (bsc#1144333). - cifs: change wait_for_free_request() to take flags as argument (bsc#1144333). - cifs: check CIFS_MOUNT_NO_DFS when trying to reuse existing sb (bsc#1144333). - cifs: check MaxPathNameComponentLength != 0 before using it (bsc#1085536, bsc#1144333). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902, bsc#1144333). - cifs: check if SMB2 PDU size has been padded and suppress the warning (bsc#1144333). - cifs: check kmalloc before use (bsc#1051510, bsc#1144333). - cifs: check kzalloc return (bsc#1144333). - cifs: check ntwrk_buf_start for NULL before dereferencing it (bsc#1144333). - cifs: check rsp for NULL before dereferencing in SMB2_open (bsc#1085536, bsc#1144333). - cifs: cifs_read_allocate_pages: do not iterate through whole page array on ENOMEM (bsc#1144333). - cifs: clean up indentation, replace spaces with tab (bsc#1144333). - cifs: cleanup smb2ops.c and normalize strings (bsc#1144333). - cifs: complete PDU definitions for interface queries (bsc#1144333). - cifs: connect to servername instead of IP for IPC$ share (bsc#1051510, bsc#1144333). - cifs: create SMB2_open_init()/SMB2_open_free() helpers (bsc#1144333). - cifs: create a define for how many iovs we need for an SMB2_open() (bsc#1144333). - cifs: create a define for the max number of iov we need for a SMB2 set_info (bsc#1144333). - cifs: create a helper function for compound query_info (bsc#1144333). - cifs: create helpers for SMB2_set_info_init/free() (bsc#1144333). - cifs: do not allow creating sockets except with SMB1 posix exensions (bsc#1102097, bsc#1144333). - cifs: do not attempt cifs operation on smb2+ rename error (bsc#1144333). - cifs: do not dereference smb_file_target before null check (bsc#1051510, bsc#1144333). - cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510, bsc#1144333). - cifs: do not return atime less than mtime (bsc#1144333). - cifs: do not send invalid input buffer on QUERY_INFO requests (bsc#1144333). - cifs: do not show domain= in mount output when domain is empty (bsc#1144333). - cifs: do not use __constant_cpu_to_le32() (bsc#1144333). - cifs: document tcon/ses/server refcount dance (bsc#1144333). - cifs: dump IPC tcon in debug proc file (bsc#1071306, bsc#1144333). - cifs: dump every session iface info (bsc#1144333). - cifs: fallback to older infolevels on findfirst queryinfo retry (bsc#1144333). - cifs: fix GlobalMid_Lock bug in cifs_reconnect (bsc#1144333). - cifs: fix NULL deref in SMB2_read (bsc#1085539, bsc#1144333). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542, bsc#1144333). - cifs: fix SMB1 breakage (bsc#1144333). - cifs: fix a buffer leak in smb2_query_symlink (bsc#1144333). - cifs: fix a credits leak for compund commands (bsc#1144333). - cifs: fix bi-directional fsctl passthrough calls (bsc#1144333). - cifs: fix build break when CONFIG_CIFS_DEBUG2 enabled (bsc#1144333). - cifs: fix build errors for SMB_DIRECT (bsc#1144333). - cifs: fix circular locking dependency (bsc#1064701, bsc#1144333). - cifs: fix computation for MAX_SMB2_HDR_SIZE (bsc#1144333). - cifs: fix confusing warning message on reconnect (bsc#1144333). - cifs: fix crash in cifs_dfs_do_automount (bsc#1144333). - cifs: fix crash in smb2_compound_op()/smb2_set_next_command() (bsc#1144333). - cifs: fix crash querying symlinks stored as reparse-points (bsc#1144333). - cifs: fix credits leak for SMB1 oplock breaks (bsc#1144333). - cifs: fix deadlock in cached root handling (bsc#1144333). - cifs: fix encryption in SMB3.1.1 (bsc#1144333). - cifs: fix handle leak in smb2_query_symlink() (bsc#1144333). - cifs: fix incorrect handling of smb2_set_sparse() return in smb3_simple_falloc (bsc#1144333). - cifs: fix kref underflow in close_shroot() (bsc#1144333). - cifs: fix memory leak and remove dead code (bsc#1144333). - cifs: fix memory leak in SMB2_open() (bsc#1112894, bsc#1144333). - cifs: fix memory leak in SMB2_read (bsc#1144333). - cifs: fix memory leak of an allocated cifs_ntsd structure (bsc#1144333). - cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl case (bsc#1144333). - cifs: fix page reference leak with readv/writev (bsc#1144333). - cifs: fix panic in smb2_reconnect (bsc#1144333). - cifs: fix parsing of symbolic link error response (bsc#1144333). - cifs: fix return value for cifs_listxattr (bsc#1051510, bsc#1144333). - cifs: fix rmmod regression in cifs.ko caused by force_sig changes (bsc#1144333). - cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510, bsc#1144333). - cifs: fix signed/unsigned mismatch on aio_read patch (bsc#1144333). - cifs: fix smb3_zero_range for Azure (bsc#1144333). - cifs: fix smb3_zero_range so it can expand the file-size when required (bsc#1144333). - cifs: fix sparse warning on previous patch in a few printks (bsc#1144333). - cifs: fix spelling mistake, EACCESS -> EACCES (bsc#1144333). - cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() (bsc#1144333). - cifs: fix typo in cifs_dbg (bsc#1144333). - cifs: fix typo in debug message with struct field ia_valid (bsc#1144333). - cifs: fix uninitialized ptr deref in smb2 signing (bsc#1144333). - cifs: fix use-after-free of the lease keys (bsc#1144333). - cifs: fix wrapping bugs in num_entries() (bsc#1051510, bsc#1144333). - cifs: flush before set-info if we have writeable handles (bsc#1144333). - cifs: handle large EA requests more gracefully in smb2+ (bsc#1144333). - cifs: handle netapp error codes (bsc#1136261). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: implement v3.11 preauth integrity (bsc#1051510, bsc#1144333). - cifs: integer overflow in in SMB2_ioctl() (bsc#1051510, bsc#1144333). - cifs: invalidate cache when we truncate a file (bsc#1051510, bsc#1144333). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565, bsc#1144333). - cifs: limit amount of data we request for xattrs to CIFSMaxBufSize (bsc#1144333). - cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510, bsc#1144333). - cifs: make IPC a regular tcon (bsc#1071306, bsc#1144333). - cifs: make arrays static const, reduces object code size (bsc#1144333). - cifs: make minor clarifications to module params for cifs.ko (bsc#1144333). - cifs: make mknod() an smb_version_op (bsc#1144333). - cifs: make rmdir() use compounding (bsc#1144333). - cifs: make smb_send_rqst take an array of requests (bsc#1144333). - cifs: minor clarification in comments (bsc#1144333). - cifs: minor updates to module description for cifs.ko (bsc#1144333). - cifs: move default port definitions to cifsglob.h (bsc#1144333). - cifs: move large array from stack to heap (bsc#1144333). - cifs: only wake the thread for the very last PDU in a compound (bsc#1144333). - cifs: parse and store info on iface queries (bsc#1144333). - cifs: pass flags down into wait_for_free_credits() (bsc#1144333). - cifs: pass page offsets on SMB1 read/write (bsc#1144333). - cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510, bsc#1144333). - cifs: prevent starvation in wait_for_free_credits for multi-credit requests (bsc#1144333). - cifs: print CIFSMaxBufSize as part of /proc/fs/cifs/DebugData (bsc#1144333). - cifs: protect against server returning invalid file system block size (bsc#1144333). - cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: push rfc1002 generation down the stack (bsc#1144333). - cifs: read overflow in is_valid_oplock_break() (bsc#1144333). - cifs: refactor and clean up arguments in the reparse point parsing (bsc#1144333). - cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510, bsc#1144333). - cifs: release auth_key.response for reconnect (bsc#1085536, bsc#1144333). - cifs: release cifs root_cred after exit_cifs (bsc#1085536, bsc#1144333). - cifs: remove coverity warning in calc_lanman_hash (bsc#1144333). - cifs: remove header_preamble_size where it is always 0 (bsc#1144333). - cifs: remove redundant duplicated assignment of pointer 'node' (bsc#1144333). - cifs: remove rfc1002 hardcoded constants from cifs_discard_remaining_data() (bsc#1144333). - cifs: remove rfc1002 header from all SMB2 response structures (bsc#1144333). - cifs: remove rfc1002 header from smb2 read/write requests (bsc#1144333). - cifs: remove rfc1002 header from smb2_close_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_create_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_echo_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_flush_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_ioctl_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_lease_ack (bsc#1144333). - cifs: remove rfc1002 header from smb2_lock_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_logoff_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_negotiate_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_oplock_break we get from server (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_directory_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_sess_setup_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_set_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_connect_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_disconnect_req (bsc#1144333). - cifs: remove set but not used variable 'cifs_sb' (bsc#1144333). - cifs: remove set but not used variable 'sep' (bsc#1144333). - cifs: remove set but not used variable 'server' (bsc#1144333). - cifs: remove set but not used variable 'smb_buf' (bsc#1144333). - cifs: remove small_smb2_init (bsc#1144333). - cifs: remove smb2_send_recv() (bsc#1144333). - cifs: remove struct smb2_hdr (bsc#1144333). - cifs: remove struct smb2_oplock_break_rsp (bsc#1144333). - cifs: remove the is_falloc argument to SMB2_set_eof (bsc#1144333). - cifs: remove unused stats (bsc#1144333). - cifs: remove unused value pointed out by Coverity (bsc#1144333). - cifs: remove unused variable from SMB2_read (bsc#1144333). - cifs: rename and clarify CIFS_ASYNC_OP and CIFS_NO_RESP (bsc#1144333). - cifs: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - cifs: replace snprintf with scnprintf (bsc#1144333). - cifs: return -ENODATA when deleting an xattr that does not exist (bsc#1144333). - cifs: return correct errors when pinning memory failed for direct I/O (bsc#1144333). - cifs: return error on invalid value written to cifsFYI (bsc#1144333). - cifs: set *resp_buf_type to NO_BUFFER on error (bsc#1144333). - cifs: set mapping error when page writeback fails in writepage or launder_pages (bsc#1144333). - cifs: set oparms.create_options rather than or'ing in CREATE_OPEN_BACKUP_INTENT (bsc#1144333). - cifs: show 'soft' in the mount options for hard mounts (bsc#1144333). - cifs: show the w bit for writeable /proc/fs/cifs/* files (bsc#1144333). - cifs: silence compiler warnings showing up with gcc-8.0.0 (bsc#1090734, bsc#1144333). - cifs: simple stats should always be enabled (bsc#1144333). - cifs: simplify code by removing CONFIG_CIFS_ACL ifdef (bsc#1144333). - Update config files. - cifs: simplify how we handle credits in compound_send_recv() (bsc#1144333). - cifs: smb2 commands can not be negative, remove confusing check (bsc#1144333). - cifs: smb2ops: Fix NULL check in smb2_query_symlink (bsc#1144333). - cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510, bsc#1144333). - cifs: smb2pdu: Fix potential NULL pointer dereference (bsc#1144333). - cifs: smbd: Avoid allocating iov on the stack (bsc#1144333). - cifs: smbd: Check for iov length on sending the last iov (bsc#1144333). - cifs: smbd: Do not destroy transport on RDMA disconnect (bsc#1144333). - cifs: smbd: Do not use RDMA read/write when signing is used (bsc#1144333). - cifs: smbd: Dump SMB packet when configured (bsc#1144333). - cifs: smbd: Enable signing with smbdirect (bsc#1144333). - cifs: smbd: Indicate to retry on transport sending failure (bsc#1144333). - cifs: smbd: Retry on memory registration failure (bsc#1144333). - cifs: smbd: Return EINTR when interrupted (bsc#1144333). - cifs: smbd: avoid reconnect lockup (bsc#1144333). - cifs: smbd: depend on INFINIBAND_ADDR_TRANS (bsc#1144333). - cifs: smbd: disconnect transport on RDMA errors (bsc#1144333). - cifs: smbd: take an array of reqeusts when sending upper layer data (bsc#1144333). - cifs: start DFS cache refresher in cifs_mount() (bsc#1144333). - cifs: store the leaseKey in the fid on SMB2_open (bsc#1051510, bsc#1144333). - cifs: suppress some implicit-fallthrough warnings (bsc#1144333). - cifs: track writepages in vfs operation counters (bsc#1144333). - cifs: update __smb_send_rqst() to take an array of requests (bsc#1144333). - cifs: update calc_size to take a server argument (bsc#1144333). - cifs: update init_sg, crypt_message to take an array of rqst (bsc#1144333). - cifs: update internal module number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.14 (bsc#1144333). - cifs: update module internal version number (bsc#1144333). - cifs: update multiplex loop to handle compounded responses (bsc#1144333). - cifs: update receive_encrypted_standard to handle compounded responses (bsc#1144333). - cifs: update smb2_calc_size to use smb2_sync_hdr instead of smb2_hdr (bsc#1144333). - cifs: update smb2_check_message to handle PDUs without a 4 byte length header (bsc#1144333). - cifs: update smb2_queryfs() to use compounding (bsc#1144333). - cifs: use a compound for setting an xattr (bsc#1144333). - cifs: use a refcount to protect open/closing the cached file handle (bsc#1144333). - cifs: use correct format characters (bsc#1144333). - cifs: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl (bsc#1071306, bsc#1144333). - cifs: use the correct length when pinning memory for direct I/O for write (bsc#1144333). - cifs: wait_for_free_credits() make it possible to wait for >=1 credits (bsc#1144333). - cifs: we can not use small padding iovs together with encryption (bsc#1144333). - cifs: zero sensitive data when freeing (bsc#1087092, bsc#1144333). - cifs: zero-range does not require the file is sparse (bsc#1144333). - cifs:smbd Use the correct DMA direction when sending data (bsc#1144333). - cifs:smbd When reconnecting to server, call smbd_destroy() after all MIDs have been called (bsc#1144333). - cifs_lookup(): cifs_get_inode_...() never returns 0 with *inode left NULL (bsc#1144333). - cifs_lookup(): switch to d_splice_alias() (bsc#1144333). - clk: Export clk_bulk_prepare() (bsc#1144813). - clk: add clk_bulk_get accessories (bsc#1144813). - clk: bcm2835: remove pllb (jsc#SLE-7294). - clk: bcm283x: add driver interfacing with Raspberry Pi's firmware (jsc#SLE-7294). - clk: bulk: silently error out on EPROBE_DEFER (bsc#1144718,bsc#1144813). - clk: raspberrypi: register platform device for raspberrypi-cpufreq (jsc#SLE-7294). - clk: renesas: cpg-mssr: Fix reset control race condition (bsc#1051510). - clk: rockchip: Add 1.6GHz PLL rate for rk3399 (bsc#1144718,bsc#1144813). - clk: rockchip: assign correct id for pclk_ddr and hclk_sd in rk3399 (bsc#1144718,bsc#1144813). - compat_ioctl: pppoe: fix PPPOEIOCSFWD handling (bsc#1051510). - coredump: split pipe command whitespace before expanding template (bsc#1051510). - cpu/speculation: Warn on unsupported mitigations= parameter (bsc#1114279). - cpufreq: dt: Try freeing static OPPs only if we have added them (jsc#SLE-7294). - crypto: ccp - Add support for valid authsize values less than 16 (bsc#1051510). - crypto: ccp - Fix oops by properly managing allocated structures (bsc#1051510). - crypto: ccp - Ignore tag length when decrypting GCM ciphertext (bsc#1051510). - crypto: ccp - Ignore unconfigured CCP device on suspend/resume (bnc#1145934). - crypto: ccp - Validate buffer lengths for copy operations (bsc#1051510). - crypto: talitos - fix skcipher failure due to wrong output IV (bsc#1051510). - cx82310_eth: fix a memory leak bug (bsc#1051510). - dax: dax_layout_busy_page() should not unmap cow pages (bsc#1148698). - devres: always use dev_name() in devm_ioremap_resource() (git fixes). - dfs_cache: fix a wrong use of kfree in flush_cache_ent() (bsc#1144333). - dm btree: fix order of block initialization in btree_split_beneath (git fixes). - dm bufio: fix deadlock with loop device (git fixes). - dm cache metadata: Fix loading discard bitset (git fixes). - dm crypt: do not overallocate the integrity tag space (git fixes). - dm crypt: fix parsing of extended IV arguments (git fixes). - dm delay: fix a crash when invalid device is specified (git fixes). - dm integrity: change memcmp to strncmp in dm_integrity_ctr (git fixes). - dm integrity: limit the rate of error messages (git fixes). - dm kcopyd: always complete failed jobs (git fixes). - dm raid: add missing cleanup in raid_ctr() (git fixes). - dm space map metadata: fix missing store of apply_bops() return value (git fixes). - dm table: fix invalid memory accesses with too high sector number (git fixes). - dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors (git fixes). - dm thin: fix bug where bio that overwrites thin block ignores FUA (git fixes). - dm thin: fix passdown_double_checking_shared_status() (git fixes). - dm zoned: Fix zone report handling (git fixes). - dm zoned: Silence a static checker warning (git fixes). - dm zoned: fix potential NULL dereference in dmz_do_reclaim() (git fixes). - dm zoned: fix zone state management race (git fixes). - dm zoned: improve error handling in i/o map code (git fixes). - dm zoned: improve error handling in reclaim (git fixes). - dm zoned: properly handle backing device failure (git fixes). - dm: bufio: revert: 'fix deadlock with loop device' (git fixes). - dm: fix to_sector() for 32bit (git fixes). - dm: revert 8f50e358153d ('dm: limit the max bio size as BIO_MAX_PAGES * PAGE_SIZE') (git fixes). - dma-buf: balance refcount inbalance (bsc#1051510). - dmaengine: rcar-dmac: Reject zero-length slave DMA requests (bsc#1051510). - documentation/networking: fix default_ttl typo in mpls-sysctl (bsc#1051510). - documentation: Add nospectre_v1 parameter (bsc#1051510). - driver core: Fix use-after-free and double free on glue directory (bsc#1131281). - drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl (bsc#1051510). - drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings (bsc#1051510). - drm/amdgpu/psp: move psp version specific function pointers to (bsc#1135642) - drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz (bsc#1051510). - drm/bridge: tc358767: read display_props in get_modes() (bsc#1051510). - drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry (bsc#1051510). - drm/etnaviv: add missing failure path to destroy suballoc (bsc#1135642) - drm/i915/perf: ensure we keep a reference on the driver (bsc#1142635) - drm/i915/userptr: Acquire the page lock around set_page_dirty() (bsc#1051510). - drm/i915: Do not deballoon unused ggtt drm_mm_node in linux guest (bsc#1142635) - drm/i915: Fix wrong escape clock divisor init for GLK (bsc#1142635) - drm/i915: Restore relaxed padding (OCL_OOB_SUPPRES_ENABLE) for skl+ (bsc#1142635) - drm/imx: notify drm core before sending event during crtc disable (bsc#1135642) - drm/imx: only send event on crtc disable if kept disabled (bsc#1135642) - drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver (bsc#1135642) - drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable() (bsc#1135642) - drm/mediatek: clear num_pipes when unbind driver (bsc#1135642) - drm/mediatek: fix unbind functions (bsc#1135642) - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto (bsc#1142635) - drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1135642) - drm/mediatek: use correct device to import PRIME buffers (bsc#1142635) - drm/msm/mdp5: Fix mdp5_cfg_init error return (bsc#1142635) - drm/msm: Depopulate platform on probe failure (bsc#1051510). - drm/nouveau: Do not retry infinitely when receiving no data on i2c (bsc#1142635) - drm/nouveau: fix memory leak in nouveau_conn_reset() (bsc#1051510). - drm/panel: simple: Fix panel_simple_dsi_probe (bsc#1051510). - drm/rockchip: Suspend DP late (bsc#1142635) - drm/udl: introduce a macro to convert dev to udl. (bsc#1113722) - drm/udl: move to embedding drm device inside udl device. (bsc#1113722) - drm/virtio: Add memory barriers for capset cache (bsc#1051510). - drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1135642) - drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1135642) - drm/vmwgfx: fix memory leak when too many retries have occurred (bsc#1051510). - drm: msm: Fix add_gpu_components (bsc#1051510). - drm: silence variable 'conn' set but not used (bsc#1051510). - ecryptfs: fix a couple type promotion bugs (bsc#1051510). - edac, amd64: Add Family 17h, models 10h-2fh support (bsc#1112178). - edac/amd64: Add Family 17h Model 30h PCI IDs (bsc#1112178). - edac: Fix global-out-of-bounds write when setting edac_mc_poll_msec (bsc#1114279). - efi/bgrt: Drop BGRT status field reserved bits check (bsc#1051510). - ehea: Fix a copy-paste err in ehea_init_port_res (bsc#1051510). - ext4: use jbd2_inode dirty range scoping (bsc#1148616). - firmware: raspberrypi: register clk device (jsc#SLE-7294). - firmware: ti_sci: Always request response from firmware (bsc#1051510). - fix incorrect error code mapping for OBJECTID_NOT_FOUND (bsc#1144333). - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510, bsc#1144333). - fix struct ufs_req removal of unused field (git-fixes). - fixed https://bugzilla.kernel.org/show_bug.cgi?id=202935 allow write on the same file (bsc#1144333). - fs/*/kconfig: drop links to 404-compliant http://acl.bestbits.at (bsc#1144333). - fs/cifs/cifsacl.c Fixes typo in a comment (bsc#1144333). - fs/cifs/smb2pdu.c: fix buffer free in SMB2_ioctl_free (bsc#1144333). - fs/cifs: Simplify ib_post_(send|recv|srq_recv)() calls (bsc#1144333). - fs/cifs: do not translate SFM_SLASH (U+F026) to backslash (bsc#1144333). - fs/cifs: fix uninitialised variable warnings (bsc#1144333). - fs/cifs: require sha512 (bsc#1051510, bsc#1144333). - fs/cifs: suppress a string overflow warning (bsc#1144333). - fs/xfs: Fix return code of xfs_break_leased_layouts() (bsc#1148031). - fs: cifs: Drop unlikely before IS_ERR(_OR_NULL) (bsc#1144333). - fs: cifs: Kconfig: pedantic formatting (bsc#1144333). - fs: cifs: Replace _free_xid call in cifs_root_iget function (bsc#1144333). - fs: cifs: cifsssmb: Change return type of convert_ace_to_cifs_ace (bsc#1144333). - fs: xfs: xfs_log: Do not use KM_MAYFAIL at xfs_log_reserve() (bsc#1148033). - fsl/fman: Use GFP_ATOMIC in {memac,tgec}_add_hash_mac_address() (bsc#1051510). - ftrace: Check for empty hash and comment the race with registering probes (bsc#1149418). - ftrace: Check for successful allocation of hash (bsc#1149424). - ftrace: Fix NULL pointer dereference in t_probe_next() (bsc#1149413). - gpio: Fix build error of function redefinition (bsc#1051510). - gpio: gpio-omap: add check for off wake capable gpios (bsc#1051510). - gpio: mxs: Get rid of external API call (bsc#1051510). - gpio: omap: ensure irq is enabled before wakeup (bsc#1051510). - gpio: pxa: handle corner case of unprobed device (bsc#1051510). - gpiolib: fix incorrect IRQ requesting of an active-low lineevent (bsc#1051510). - gpiolib: never report open-drain/source lines as 'input' to user-space (bsc#1051510). - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM (bsc#1142635) - hid: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT (bsc#1051510). - hid: Add quirk for HP X1200 PIXART OEM mouse (bsc#1051510). - hid: cp2112: prevent sleeping function called from invalid context (bsc#1051510). - hid: hiddev: avoid opening a disconnected device (bsc#1051510). - hid: hiddev: do cleanup in failure of opening a device (bsc#1051510). - hid: holtek: test for sanity of intfdata (bsc#1051510). - hid: sony: Fix race condition between rumble and device remove (bsc#1051510). - hid: wacom: Correct distance scale for 2nd-gen Intuos devices (bsc#1142635). - hid: wacom: correct misreported EKR ring values (bsc#1142635). - hid: wacom: fix bit shift for Cintiq Companion 2 (bsc#1051510). - hpet: Fix division by zero in hpet_time_div() (bsc#1051510). - hwmon: (nct6775) Fix register address and added missed tolerance for nct6106 (bsc#1051510). - hwmon: (nct7802) Fix wrong detection of in4 presence (bsc#1051510). - i2c: emev2: avoid race when unregistering slave client (bsc#1051510). - i2c: piix4: Fix port selection for AMD Family 16h Model 30h (bsc#1051510). - i2c: qup: fixed releasing dma without flush operation completion (bsc#1051510). - ib/mlx5: Fix MR registration flow to use UMR properly (bsc#1093205 bsc#1145678). - ibmveth: Convert multicast list size for little-endian system (bsc#1061843). - ibmvnic: Do not process reset during or after device removal (bsc#1149652 ltc#179635). - ibmvnic: Unmap DMA address of TX descriptor buffers after use (bsc#1146351 ltc#180726). - igmp: fix memory leak in igmpv3_del_delrec() (networking-stable-19_07_25). - iio: adc: max9611: Fix misuse of GENMASK macro (bsc#1051510). - iio: adc: max9611: Fix temperature reading in probe (bsc#1051510). - iio: iio-utils: Fix possible incorrect mask calculation (bsc#1051510). - include/linux/bitops.h: sanitize rotate primitives (git fixes). - input: alps - do not handle ALPS cs19 trackpoint-only device (bsc#1051510). - input: alps - fix a mismatch between a condition check and its comment (bsc#1051510). - input: iforce - add sanity checks (bsc#1051510). - input: kbtab - sanity check for endpoint type (bsc#1051510). - input: synaptics - enable RMI mode for HP Spectre X360 (bsc#1051510). - input: synaptics - whitelist Lenovo T580 SMBus intertouch (bsc#1051510). - input: trackpoint - only expose supported controls for Elan, ALPS and NXP (bsc#1051510). - intel_th: pci: Add Ice Lake NNPI support (bsc#1051510). - intel_th: pci: Add Tiger Lake support (bsc#1051510). - intel_th: pci: Add support for another Lewisburg PCH (bsc#1051510). - iommu/amd: Add support for X2APIC IOMMU interrupts (bsc#1145010). - iommu/amd: Fix race in increase_address_space() (bsc#1150860). - iommu/amd: Flush old domains in kdump kernel (bsc#1150861). - iommu/amd: Move iommu_init_pci() to .init section (bsc#1149105). - iommu/dma: Handle SG length overflow better (bsc#1146084). - iommu/iova: Fix compilation error with !CONFIG_IOMMU_IOVA (bsc#1145024). - iommu/vt-d: Do not queue_iova() if there is no flush queue (bsc#1145024). - ipip: validate header length in ipip_tunnel_xmit (git-fixes). - ipv4: do not set IPv6 only flags to IPv4 addresses (networking-stable-19_07_25). - irqchip/gic-v3-its: fix build warnings (bsc#1144880). - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack (bsc#1051510). - isdn: hfcsusb: checking idx of ep configuration (bsc#1051510). - isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain() (bsc#1051510). - iwlwifi: dbg: split iwl_fw_error_dump to two functions (bsc#1119086). - iwlwifi: do not unmap as page memory that was mapped as single (bsc#1051510). - iwlwifi: fix bad dma handling in page_mem dumping flow (bsc#1120902). - iwlwifi: fw: use helper to determine whether to dump paging (bsc#1106434). Patch needed to be adjusted, because our tree does not have the global variable IWL_FW_ERROR_DUMP_PAGING - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT on version &< 41 (bsc#1142635). - iwlwifi: mvm: fix an out-of-bound access (bsc#1051510). - iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT support (bsc#1142635). - iwlwifi: pcie: do not service an interrupt that was masked (bsc#1142635). - iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X (bsc#1142635). - jbd2: flush_descriptor(): Do not decrease buffer head's ref count (bsc#1143843). - jbd2: introduce jbd2_inode dirty range scoping (bsc#1148616). - kabi: Fix kABI for 'struct amd_iommu' (bsc#1145010). - kasan: remove redundant initialization of variable 'real_size' (git fixes). - kconfig/[mn]conf: handle backspace (^H) key (bsc#1051510). - keys: Fix missing null pointer check in request_key_auth_describe() (bsc#1051510). - kvm/eventfd: Avoid crash when assign and deassign specific eventfd in parallel (bsc#1133021). - kvm/x86: Move MSR_IA32_ARCH_CAPABILITIES to array emulated_msrs (bsc#1134881 bsc#1134882). - kvm: Disallow wraparound in kvm_gfn_to_hva_cache_init (bsc#1133021). - kvm: Fix leak vCPU's VMCS value into other pCPU (bsc#1145388). - kvm: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC (bsc#1145408). - kvm: PPC: Book3S HV: Fix CR0 setting in TM emulation (bsc#1061840). - kvm: Reject device ioctls from processes other than the VM's creator (bsc#1133021). - kvm: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT with bad value (bsc#1145393). - kvm: VMX: Fix handling of #MC that occurs during VM-Entry (bsc#1145395). - kvm: VMX: check CPUID before allowing read/write of IA32_XSS (bsc#1145394). - kvm: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083). - kvm: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083). - kvm: arm/arm64: Close VMID generation race (bsc#1133021). - kvm: arm/arm64: Convert kvm_host_cpu_state to a static per-cpu allocation (bsc#1133021). - kvm: arm/arm64: Drop resource size check for GICV window (bsc#1133021). - kvm: arm/arm64: Fix VMID alloc race by reverting to lock-less (bsc#1133021). - kvm: arm/arm64: Fix lost IRQs from emulated physcial timer when blocked (bsc#1133021). - kvm: arm/arm64: Handle CPU_PM_ENTER_FAILED (bsc#1133021). - kvm: arm/arm64: Reduce verbosity of KVM init log (bsc#1133021). - kvm: arm/arm64: Set dist->spis to NULL after kfree (bsc#1133021). - kvm: arm/arm64: Skip updating PMD entry if no change (bsc#1133021). - kvm: arm/arm64: Skip updating PTE entry if no change (bsc#1133021). - kvm: arm/arm64: vgic-its: Fix potential overrun in vgic_copy_lpi_list (bsc#1133021). - kvm: arm/arm64: vgic-v3: Tighten synchronization for guests using v2 on v3 (bsc#1133021). - kvm: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending (bsc#1133021). - kvm: arm/arm64: vgic: Fix kvm_device leak in vgic_its_destroy (bsc#1133021). - kvm: arm64: Fix caching of host MDCR_EL2 value (bsc#1133021). - kvm: mmu: Fix overlap between public and private memslots (bsc#1133021). - kvm: nVMX: Remove unnecessary sync_roots from handle_invept (bsc#1145391). - kvm: nVMX: Use adjusted pin controls for vmcs02 (bsc#1145392). - kvm: nVMX: allow setting the VMFUNC controls MSR (bsc#1145389). - kvm: nVMX: do not use dangling shadow VMCS after guest reset (bsc#1145390). - kvm: x86/vPMU: refine kvm_pmu err msg when event creation failed (bsc#1145397). - kvm: x86: Do not update RIP or do single-step on faulting emulation (bsc#1149104). - kvm: x86: Unconditionally enable irqs in guest context (bsc#1145396). - kvm: x86: degrade WARN to pr_warn_ratelimited (bsc#1145409). - kvm: x86: fix backward migration with async_PF (bsc#1146074). - lan78xx: Fix memory leaks (bsc#1051510). - libata: add SG safety checks in SFF pio transfers (bsc#1051510). - libata: do not request sense data on !ZAC ATA devices (bsc#1051510). - libata: have ata_scsi_rw_xlat() fail invalid passthrough requests (bsc#1051510). - libata: zpodd: Fix small read overflow in zpodd_get_mech_type() (bsc#1051510). - libceph, rbd, ceph: move ceph_osdc_alloc_messages() calls (bsc#1135897). - libceph, rbd: add error handling for osd_req_op_cls_init() (bsc#1135897). - libceph, rbd: new bio handling code (aka do not clone bios) (bsc#1141450). - libceph: add osd_req_op_extent_osd_data_bvecs() (bsc#1141450). - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer (bsc#1148133). - libceph: assign cookies in linger_submit() (bsc#1135897). - libceph: check reply num_data_items in setup_request_data() (bsc#1135897). - libceph: do not consume a ref on pagelist in ceph_msg_data_add_pagelist() (bsc#1135897). - libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() (bsc#1135897). - libceph: fix PG split vs OSD (re)connect race (bsc#1148133). - libceph: handle zero-length data items (bsc#1141450). - libceph: introduce BVECS data type (bsc#1141450). - libceph: introduce alloc_watch_request() (bsc#1135897). - libceph: introduce ceph_pagelist_alloc() (bsc#1135897). - libceph: preallocate message data items (bsc#1135897). - libceph: use single request data item for cmp/setxattr (bsc#1139101). - libnvdimm/pfn: Store correct value of npfns in namespace superblock (bsc#1146381 ltc#180720). - liquidio: add cleanup in octeon_setup_iq() (bsc#1051510). - loop: set PF_MEMALLOC_NOIO for the worker thread (git fixes). - mac80211: do not WARN on short WMM parameters from AP (bsc#1051510). - mac80211: do not warn about CW params when not using them (bsc#1051510). - mac80211: fix possible memory leak in ieee80211_assign_beacon (bsc#1142635). - mac80211: fix possible sta leak (bsc#1051510). - macsec: fix checksumming after decryption (bsc#1051510). - macsec: fix use-after-free of skb during RX (bsc#1051510). - macsec: let the administrator set UP state even if lowerdev is down (bsc#1051510). - macsec: update operstate when lower device changes (bsc#1051510). - mailbox: handle failed named mailbox channel request (bsc#1051510). - md/raid: raid5 preserve the writeback action after the parity check (git fixes). - md: add mddev->pers to avoid potential NULL pointer dereference (git fixes). - media: au0828: fix null dereference in error path (bsc#1051510). - media: coda: Remove unbalanced and unneeded mutex unlock (bsc#1051510). - media: coda: fix last buffer handling in V4L2_ENC_CMD_STOP (bsc#1051510). - media: coda: fix mpeg2 sequence number handling (bsc#1051510). - media: coda: increment sequence offset for the last returned frame (bsc#1051510). - media: dvb: usb: fix use after free in dvb_usb_device_exit (bsc#1051510). - media: hdpvr: fix locking and a missing msleep (bsc#1051510). - media: media_device_enum_links32: clean a reserved field (bsc#1051510). - media: pvrusb2: use a different format for warnings (bsc#1051510). - media: spi: IR LED: add missing of table registration (bsc#1051510). - media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails (bsc#1051510). - media: vpss: fix a potential NULL pointer dereference (bsc#1051510). - media: wl128x: Fix some error handling in fm_v4l2_init_video_device() (bsc#1051510). - mfd: arizona: Fix undefined behavior (bsc#1051510). - mfd: core: Set fwnode for created devices (bsc#1051510). - mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk (bsc#1051510). - mfd: intel-lpss: Add Intel Comet Lake PCI IDs (jsc#SLE-4875). - mm, page_owner: handle THP splits correctly (bsc#1149197, VM Debugging Functionality). - mm/hmm: fix bad subpage pointer in try_to_unmap_one (bsc#1148202, HMM, VM Functionality). - mm/hotplug: fix offline undo_isolate_page_range() (bsc#1148196, VM Functionality). - mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node (bsc#1148379, VM Functionality). - mm/memcontrol.c: fix use after free in mem_cgroup_iter() (bsc#1149224, VM Functionality). - mm/memory.c: recheck page table entry with page table lock held (bsc#1148363, VM Functionality). - mm/migrate.c: initialize pud_entry in migrate_vma() (bsc#1148198, HMM, VM Functionality). - mm/mlock.c: change count_mm_mlocked_page_nr return type (bsc#1148527, VM Functionality). - mm/mlock.c: mlockall error for flag MCL_ONFAULT (bsc#1148527, VM Functionality). - mm/page_alloc.c: fix calculation of pgdat->nr_zones (bsc#1148192, VM Functionality). - mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy() (bsc#1118689). - mm/vmscan.c: fix trying to reclaim unevictable LRU page (bsc#1149214, VM Functionality). - mm: add filemap_fdatawait_range_keep_errors() (bsc#1148616). - mm: do not stall register_shrinker() (bsc#1104902, VM Performance). - mm: page_mapped: do not assume compound page is huge or THP (bsc#1148574, VM Functionality). - mmc: cavium: Add the missing dma unmap when the dma has finished (bsc#1051510). - mmc: cavium: Set the correct dma max segment size for mmc_host (bsc#1051510). - mmc: core: Fix init of SD cards reporting an invalid VDD range (bsc#1051510). - mmc: dw_mmc: Fix occasional hang after tuning on eMMC (bsc#1051510). - mmc: sdhci-of-at91: add quirk for broken HS200 (bsc#1051510). - mmc: sdhci-pci: Add support for Intel CML (jsc#SLE-4875). - mmc: sdhci-pci: Add support for Intel ICP (jsc#SLE-4875). - move a few externs to smbdirect.h to eliminate warning (bsc#1144333). - move core networking kabi patches to the end of the section - move irq_data_get_effective_affinity_mask prior the sorted section - mpls: fix warning with multi-label encap (bsc#1051510). - nbd: replace kill_bdev() with __invalidate_device() again (git fixes). - net/9p: include trans_common.h to fix missing prototype warning (bsc#1051510). - net/ibmvnic: Fix missing { in __ibmvnic_reset (bsc#1149652 ltc#179635). - net/ibmvnic: free reset work of removed device from queue (bsc#1149652 ltc#179635). - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command (bsc#1145678). - net/mlx5e: IPoIB, Add error path in mlx5_rdma_setup_rn (networking-stable-19_07_25). - net/smc: do not schedule tx_work in SMC_CLOSED state (bsc#1149963). - net/smc: original socket family in inet_sock_diag (bsc#1149959). - net: Fix netdev_WARN_ONCE macro (git-fixes). - net: Introduce netdev_*_once functions (networking-stable-19_07_25). - net: bcmgenet: use promisc for unsupported filters (networking-stable-19_07_25). - net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query (networking-stable-19_07_25). - net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling (networking-stable-19_07_25). - net: bridge: stp: do not cache eth dest pointer before skb pull (networking-stable-19_07_25). - net: dsa: mv88e6xxx: wait after reset deactivation (networking-stable-19_07_25). - net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1139020 bsc#1139021). - net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1139020 bsc#1139021). - net: ena: add ethtool function for changing io queue sizes (bsc#1139020 bsc#1139021). - net: ena: add good checksum counter (bsc#1139020 bsc#1139021). - net: ena: add handling of llq max tx burst size (bsc#1139020 bsc#1139021). - net: ena: add newline at the end of pr_err prints (bsc#1139020 bsc#1139021). - net: ena: add support for changing max_header_size in LLQ mode (bsc#1139020 bsc#1139021). - net: ena: allow automatic fallback to polling mode (bsc#1139020 bsc#1139021). - net: ena: allow queue allocation backoff when low on memory (bsc#1139020 bsc#1139021). - net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1139020 bsc#1139021). - net: ena: enable negotiating larger Rx ring size (bsc#1139020 bsc#1139021). - net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1139020 bsc#1139021). - net: ena: ethtool: revert 'add extra properties retrieval via get_priv_flags' (bsc#1139020 bsc#1139021). - net: ena: fix ena_com_fill_hash_function() implementation (bsc#1139020 bsc#1139021). - net: ena: fix incorrect test of supported hash function (bsc#1139020 bsc#1139021). - net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1139020 bsc#1139021). - net: ena: fix: Free napi resources when ena_up() fails (bsc#1139020 bsc#1139021). - net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1139020 bsc#1139021). - net: ena: gcc 8: fix compilation warning (bsc#1139020 bsc#1139021). - net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1139020 bsc#1139021). - net: ena: make ethtool show correct current and max queue sizes (bsc#1139020 bsc#1139021). - net: ena: optimise calculations for CQ doorbell (bsc#1139020 bsc#1139021). - net: ena: remove inline keyword from functions in *.c (bsc#1139020 bsc#1139021). - net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1139020 bsc#1139021). - net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1139020 bsc#1139021). - net: ena: use dev_info_once instead of static variable (bsc#1139020 bsc#1139021). - net: make skb_dst_force return true when dst is refcounted (networking-stable-19_07_25). - net: neigh: fix multiple neigh timer scheduling (networking-stable-19_07_25). - net: remove duplicate fetch in sock_getsockopt (networking-stable-19_07_02). - net: sched: verify that q!=NULL before setting q->flags (git-fixes). - net: stmmac: fixed new system time seconds value calculation (networking-stable-19_07_02). - net: stmmac: set IC bit when transmitting frames with HW timestamp (networking-stable-19_07_02). - net: usb: pegasus: fix improper read if get_registers() fail (bsc#1051510). - net_sched: unset TCQ_F_CAN_BYPASS when adding filters (networking-stable-19_07_25). - netrom: fix a memory leak in nr_rx_frame() (networking-stable-19_07_25). - netrom: hold sock when setting skb->destructor (networking-stable-19_07_25). - nfc: fix potential illegal memory access (bsc#1051510). - nfs: Cleanup if nfs_match_client is interrupted (bsc#1134291). - nfs: Fix a double unlock from nfs_match,get_client (bsc#1134291). - nfs: Fix the inode request accounting when pages have subrequests (bsc#1140012). - nfs: make nfs_match_client killable (bsc#1134291). - nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header (git fixes). - nvme-core: Fix extra device_put() call on error path (bsc#1142541). - nvme-fc: fix module unloads while lports still pending (bsc#1150033). - nvme-multipath: fix ana log nsid lookup when nsid is not found (bsc#1141554). - nvme-multipath: relax ANA state check (bsc#1123105). - nvme-multipath: revalidate nvme_ns_head gendisk in nvme_validate_ns (bsc#1120876). - nvme: Return BLK_STS_TARGET if the DNR bit is set (bsc#1142076). - nvme: cancel request synchronously (bsc#1145661). - nvme: change locking for the per-subsystem controller list (bsc#1142541). - nvme: fix possible use-after-free in connect error flow (bsc#1139500, bsc#1140426) - nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN (bsc#1146938). - objtool: Add rewind_stack_do_exit() to the noreturn list (bsc#1145302). - objtool: Support GCC 9 cold subfunction naming scheme (bsc#1145300). - octeon_mgmt: Fix MIX registers configuration on MTU setup (bsc#1051510). - pci: PM/ACPI: Refresh all stale power state data in pci_pm_complete() (bsc#1149106). - pci: Restore Resizable BAR size bits correctly for 1MB BARs (bsc#1143841). - pci: hv: Fix panic by calling hv_pci_remove_slots() earlier (bsc#1142701). - pci: qcom: Ensure that PERST is asserted for at least 100 ms (bsc#1142635). - pci: xilinx-nwl: Fix Multi MSI data programming (bsc#1142635). - phy: qcom-qusb2: Fix crash if nvmem cell not specified (bsc#1051510). - phy: renesas: rcar-gen2: Fix memory leak at error paths (bsc#1051510). - pinctrl: pistachio: fix leaked of_node references (bsc#1051510). - pinctrl: rockchip: fix leaked of_node references (bsc#1051510). - pm / devfreq: rk3399_dmc: Pass ODT and auto power down parameters to TF-A (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: do not print error when get supply and clk defer (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: fix spelling mistakes (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: remove unneeded semicolon (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: remove wait for dcf irq event (bsc#1144718,bsc#1144813). - pm / devfreq: rockchip-dfi: Move GRF definitions to a common place (bsc#1144718,bsc#1144813). - pm / opp: OF: Use pr_debug() instead of pr_err() while adding OPP table (jsc#SLE-7294). - powerpc/64s: Include cpu header (bsc#1065729). - powerpc/64s: support nospectre_v2 cmdline option (bsc#1131107). - powerpc/book3s/64: check for NULL pointer in pgd_alloc() (bsc#1078248, git-fixes). - powerpc/fadump: Do not allow hot-remove memory from fadump reserved area (bsc#1120937). - powerpc/fadump: Reservationless firmware assisted dump (bsc#1120937). - powerpc/fadump: Throw proper error message on fadump registration failure (bsc#1120937). - powerpc/fadump: use kstrtoint to handle sysfs store (bsc#1146376). - powerpc/fadump: when fadump is supported register the fadump sysfs files (bsc#1146352). - powerpc/fsl: Add nospectre_v2 command line argument (bsc#1131107). - powerpc/fsl: Update Spectre v2 reporting (bsc#1131107). - powerpc/kdump: Handle crashkernel memory reservation failure (bsc#1143466 LTC#179600). - powerpc/lib: Fix feature fixup test of external branch (bsc#1065729). - powerpc/mm/hash/4k: Do not use 64K page size for vmemmap with 4K pagesize (bsc#1142685 LTC#179509). - powerpc/mm/radix: Use the right page size for vmemmap mapping (bsc#1055117 bsc#1142685 LTC#179509). - powerpc/mm: Handle page table allocation failures (bsc#1065729). - powerpc/perf: Add constraints for power9 l2/l3 bus events (bsc#1056686). - powerpc/perf: Add mem access events to sysfs (bsc#1124370). - powerpc/perf: Cleanup cache_sel bits comment (bsc#1056686). - powerpc/perf: Fix thresholding counter data for unknown type (bsc#1056686). - powerpc/perf: Remove PM_BR_CMPL_ALT from power9 event list (bsc#1047238, bsc#1056686). - powerpc/perf: Update perf_regs structure to include SIER (bsc#1056686). - powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler (bsc#1065729). - powerpc/powernv: Flush console before platform error reboot (bsc#1149940 ltc#179958). - powerpc/powernv: Return for invalid IMC domain (bsc1054914, git-fixes). - powerpc/powernv: Use kernel crash path for machine checks (bsc#1149940 ltc#179958). - powerpc/pseries, ps3: panic flush kernel messages before halting system (bsc#1149940 ltc#179958). - powerpc/pseries: Fix xive=off command line (bsc#1085030, git-fixes). - powerpc/pseries: add missing cpumask.h include file (bsc#1065729). - powerpc/pseries: correctly track irq state in default idle (bsc#1150727 ltc#178925). - powerpc/rtas: use device model APIs and serialization during LPM (bsc#1144123 ltc#178840). - powerpc/security: Show powerpc_security_features in debugfs (bsc#1131107). - powerpc/xive: Fix dump of XIVE interrupt under pseries (bsc#1142019). - powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask() (bsc#1085030, bsc#1145189, LTC#179762). - powerpc/xmon: Add a dump of all XIVE interrupts (bsc#1142019). - powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL (bsc#1142019). - powerpc: Allow flush_(inval_)dcache_range to work across ranges >4GB (bsc#1146575 ltc#180764). - powerpc: dump kernel log before carrying out fadump or kdump (bsc#1149940 ltc#179958). - qede: fix write to free'd pointer error and double free of ptp (bsc#1051510). - qlge: Deduplicate lbq_buf_size (bsc#1106061). - qlge: Deduplicate rx buffer queue management (bsc#1106061). - qlge: Factor out duplicated expression (bsc#1106061). - qlge: Fix dma_sync_single calls (bsc#1106061). - qlge: Fix irq masking in INTx mode (bsc#1106061). - qlge: Refill empty buffer queues from wq (bsc#1106061). - qlge: Refill rx buffers up to multiple of 16 (bsc#1106061). - qlge: Remove bq_desc.maplen (bsc#1106061). - qlge: Remove irq_cnt (bsc#1106061). - qlge: Remove page_chunk.last_flag (bsc#1106061). - qlge: Remove qlge_bq.len & size (bsc#1106061). - qlge: Remove rx_ring.sbq_buf_size (bsc#1106061). - qlge: Remove rx_ring.type (bsc#1106061). - qlge: Remove useless dma synchronization calls (bsc#1106061). - qlge: Remove useless memset (bsc#1106061). - qlge: Replace memset with assignment (bsc#1106061). - qlge: Update buffer queue prod index despite oom (bsc#1106061). - rbd: do not (ab)use obj_req->pages for stat requests (bsc#1141450). - rbd: do not NULL out ->obj_request in rbd_img_obj_parent_read_full() (bsc#1141450). - rbd: get rid of img_req->copyup_pages (bsc#1141450). - rbd: move from raw pages to bvec data descriptors (bsc#1141450). - rbd: remove bio cloning helpers (bsc#1141450). - rbd: start enums at 1 instead of 0 (bsc#1141450). - rbd: use kmem_cache_zalloc() in rbd_img_request_create() (bsc#1141450). - regmap: fix bulk writes on paged registers (bsc#1051510). - regulator: qcom_spmi: Fix math of spmi_regulator_set_voltage_time_sel (bsc#1051510). - rename patches according to their names in SLE15-SP1. - rpm/kernel-binary.spec.in: Enable missing modules check. - rpm/kernel-binary.spec.in: Enable missing modules check. - rpmsg: added MODULE_ALIAS for rpmsg_char (bsc#1051510). - rpmsg: smd: do not use mananged resources for endpoints and channels (bsc#1051510). - rpmsg: smd: fix memory leak on channel create (bsc#1051510). - rsi: improve kernel thread handling to fix kernel panic (bsc#1051510). - rslib: Fix decoding of shortened codes (bsc#1051510). - rslib: Fix handling of of caller provided syndrome (bsc#1051510). - rtc: pcf8523: do not return invalid date when battery is low (bsc#1051510). - rxrpc: Fix send on a connected, but unbound socket (networking-stable-19_07_25). - s390/cio: fix ccw_device_start_timeout API (bsc#1142109 LTC#179339). - s390/dasd: fix endless loop after read unit address configuration (bsc#1144912 LTC#179907). - s390/qdio: handle PENDING state for QEBSM devices (bsc#1142117 bsc#1142118 bsc#1142119 LTC#179329 LTC#179330 LTC#179331). - s390/qeth: avoid control IO completion stalls (bsc#1142109 LTC#179339). - s390/qeth: cancel cmd on early error (bsc#1142109 LTC#179339). - s390/qeth: fix request-side race during cmd IO timeout (bsc#1142109 LTC#179339). - s390/qeth: release cmd buffer in error paths (bsc#1142109 LTC#179339). - s390/qeth: simplify reply object handling (bsc#1142109 LTC#179339). - samples, bpf: fix to change the buffer size for read() (bsc#1051510). - samples: mei: use /dev/mei0 instead of /dev/mei (bsc#1051510). - sched/fair: Do not free p->numa_faults with concurrent readers (bsc#1144920). - sched/fair: Use RCU accessors consistently for ->numa_group (bsc#1144920). - scripts/checkstack.pl: Fix arm64 wrong or unknown architecture (bsc#1051510). - scripts/decode_stacktrace.sh: prefix addr2line with $CROSS_COMPILE (bsc#1051510). - scripts/decode_stacktrace: only strip base path when a prefix of the path (bsc#1051510). - scripts/gdb: fix lx-version string output (bsc#1051510). - scripts/git_sort/git_sort.py: - scsi: NCR5380: Always re-enable reselection interrupt (git-fixes). - scsi: aacraid: Fix missing break in switch statement (git-fixes). - scsi: aacraid: Fix performance issue on logical drives (git-fixes). - scsi: aic94xx: fix an error code in aic94xx_init() (git-fixes). - scsi: aic94xx: fix module loading (git-fixes). - scsi: bfa: convert to strlcpy/strlcat (git-fixes). - scsi: bnx2fc: Fix NULL dereference in error handling (git-fixes). - scsi: bnx2fc: fix incorrect cast to u64 on shift operation (git-fixes). - scsi: core: Fix race on creating sense cache (git-fixes). - scsi: core: Synchronize request queue PM status only on successful resume (git-fixes). - scsi: core: set result when the command cannot be dispatched (git-fixes). - scsi: cxlflash: Mark expected switch fall-throughs (bsc#1148868). - scsi: cxlflash: Prevent deadlock when adapter probe fails (git-fixes). - scsi: esp_scsi: Track residual for PIO transfers (git-fixes) Also, mitigate kABI changes. - scsi: fas216: fix sense buffer initialization (git-fixes). - scsi: isci: initialize shost fully before calling scsi_add_host() (git-fixes). - scsi: libfc: fix null pointer dereference on a null lport (git-fixes). - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached (git-fixes). - scsi: mac_scsi: Fix pseudo DMA implementation, take 2 (git-fixes). - scsi: mac_scsi: Increase PIO/PDMA transfer length threshold (git-fixes). - scsi: megaraid: fix out-of-bound array accesses (git-fixes). - scsi: megaraid_sas: Fix calculation of target ID (git-fixes). - scsi: ncr5380: revert 'Increase register polling limit' (git-fixes). - scsi: qedf: Add debug information for unsolicited processing (bsc#1149976). - scsi: qedf: Add shutdown callback handler (bsc#1149976). - scsi: qedf: Add support for 20 Gbps speed (bsc#1149976). - scsi: qedf: Check both the FCF and fabric ID before servicing clear virtual link (bsc#1149976). - scsi: qedf: Check for link state before processing LL2 packets and send fipvlan retries (bsc#1149976). - scsi: qedf: Check for module unloading bit before processing link update AEN (bsc#1149976). - scsi: qedf: Decrease the LL2 MTU size to 2500 (bsc#1149976). - scsi: qedf: Fix race betwen fipvlan request and response path (bsc#1149976). - scsi: qedf: Initiator fails to re-login to switch after link down (bsc#1149976). - scsi: qedf: Print message during bailout conditions (bsc#1149976). - scsi: qedf: Stop sending fipvlan request on unload (bsc#1149976). - scsi: qedf: Update module description string (bsc#1149976). - scsi: qedf: Update the driver version to 8.37.25.20 (bsc#1149976). - scsi: qedf: Update the version to 8.42.3.0 (bsc#1149976). - scsi: qedf: Use discovery list to traverse rports (bsc#1149976). - scsi: qedf: remove memset/memcpy to nfunc and use func instead (git-fixes). - scsi: qedf: remove set but not used variables (bsc#1149976). - scsi: qedi: remove declaration of nvm_image from stack (git-fixes). - scsi: qla2xxx: Add cleanup for PCI EEH recovery (bsc#1129424). - scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory (git-fixes). - scsi: qla2xxx: Fix a format specifier (git-fixes). - scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() (git-fixes). - scsi: qla2xxx: Fix device staying in blocked state (git-fixes). - scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() (git-fixes). - scsi: qla2xxx: Unregister chrdev if module initialization fails (git-fixes). - scsi: qla4xxx: avoid freeing unallocated dma memory (git-fixes). - scsi: raid_attrs: fix unused variable warning (git-fixes). - scsi: scsi_dh_alua: Fix possible null-ptr-deref (git-fixes). - scsi: sd: Defer spinning up drive while SANITIZE is in progress (git-fixes). - scsi: sd: Fix a race between closing an sd device and sd I/O (git-fixes). - scsi: sd: Fix cache_type_store() (git-fixes). - scsi: sd: Optimal I/O size should be a multiple of physical block size (git-fixes). - scsi: sd: Quiesce warning if device does not report optimal I/O size (git-fixes). - scsi: sd: use mempool for discard special page (git-fixes). - scsi: sd_zbc: Fix potential memory leak (git-fixes). - scsi: smartpqi: unlock on error in pqi_submit_raid_request_synchronous() (git-fixes). - scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled (git-fixes). - scsi: ufs: Avoid runtime suspend possibly being blocked forever (git-fixes). - scsi: ufs: Check that space was properly alloced in copy_query_response (git-fixes). - scsi: ufs: Fix NULL pointer dereference in ufshcd_config_vreg_hpm() (git-fixes). - scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value (git-fixes). - scsi: ufs: fix wrong command type of UTRD for UFSHCI v2.1 (git-fixes). - scsi: ufs: revert 'disable vccq if it's not needed by UFS device' (git-fixes). - scsi: use dma_get_cache_alignment() as minimum DMA alignment (git-fixes). - scsi: virtio_scsi: do not send sc payload with tmfs (git-fixes). - sctp: change to hold sk after auth shkey is created successfully (networking-stable-19_07_02). - serial: 8250: Fix TX interrupt handling condition (bsc#1051510). - signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig (bsc#1144333). - sis900: fix TX completion (bsc#1051510). - sky2: Disable MSI on ASUS P6T (bsc#1142496). - smb2: fix missing files in root share directory listing (bsc#1112907, bsc#1144333). - smb2: fix typo in definition of a few error flags (bsc#1144333). - smb2: fix uninitialized variable bug in smb2_ioctl_query_info (bsc#1144333). - smb3 - clean up debug output displaying network interfaces (bsc#1144333). - smb3.1.1: Add GCM crypto to the encrypt and decrypt functions (bsc#1144333). - smb3.11: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - smb311: Fix reconnect (bsc#1051510, bsc#1144333). - smb311: Improve checking of negotiate security contexts (bsc#1051510, bsc#1144333). - smb3: Add SMB3.1.1 GCM to negotiated crypto algorigthms (bsc#1144333). - smb3: Add debug message later in smb2/smb3 reconnect path (bsc#1144333). - smb3: Add defines for new negotiate contexts (bsc#1144333). - smb3: Add dynamic trace points for various compounded smb3 ops (bsc#1144333). - smb3: Add ftrace tracepoints for improved SMB3 debugging (bsc#1144333). - smb3: Add handling for different FSCTL access flags (bsc#1144333). - smb3: Add posix create context for smb3.11 posix mounts (bsc#1144333). - smb3: Add protocol structs for change notify support (bsc#1144333). - smb3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510, bsc#1144333). - smb3: Add tracepoints for read, write and query_dir enter (bsc#1144333). - smb3: Allow SMB3 FSCTL queries to be sent to server from tools (bsc#1144333). - smb3: Allow persistent handle timeout to be configurable on mount (bsc#1144333). - smb3: Allow query of symlinks stored as reparse points (bsc#1144333). - smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510, bsc#1144333). - smb3: Backup intent flag missing from compounded ops (bsc#1144333). - smb3: Clean up query symlink when reparse point (bsc#1144333). - smb3: Cleanup license mess (bsc#1144333). - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bsc#1085536, bsc#1144333). - smb3: Do not send SMB3 SET_INFO if nothing changed (bsc#1051510, bsc#1144333). - smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510, bsc#1144333). - smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510, bsc#1144333). - smb3: Fix deadlock in validate negotiate hits reconnect (bsc#1144333). - smb3: Fix endian warning (bsc#1144333, bsc#1137884). - smb3: Fix enumerating snapshots to Azure (bsc#1144333). - smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510, bsc#1144333). - smb3: Fix mode on mkdir on smb311 mounts (bsc#1144333). - smb3: Fix potential memory leak when processing compound chain (bsc#1144333). - smb3: Fix rmdir compounding regression to strict servers (bsc#1144333). - smb3: Fix root directory when server returns inode number of zero (bsc#1051510, bsc#1144333). - smb3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL (bsc#1144333). - smb3: Log at least once if tree connect fails during reconnect (bsc#1144333). - smb3: Number of requests sent should be displayed for SMB3 not just CIFS (bsc#1144333). - smb3: Send netname context during negotiate protocol (bsc#1144333). - smb3: Track total time spent on roundtrips for each SMB3 command (bsc#1144333). - smb3: Update POSIX negotiate context with POSIX ctxt GUID (bsc#1144333). - smb3: Validate negotiate request must always be signed (bsc#1064597, bsc#1144333). - smb3: Warn user if trying to sign connection that authenticated as guest (bsc#1085536, bsc#1144333). - smb3: add additional ftrace entry points for entry/exit to cifs.ko (bsc#1144333). - smb3: add credits we receive from oplock/break PDUs (bsc#1144333). - smb3: add debug for unexpected mid cancellation (bsc#1144333). - smb3: add define for id for posix create context and corresponding struct (bsc#1144333). - smb3: add dynamic trace point for query_info_enter/done (bsc#1144333). - smb3: add dynamic trace point for smb3_cmd_enter (bsc#1144333). - smb3: add dynamic tracepoint for timeout waiting for credits (bsc#1144333). - smb3: add dynamic tracepoints for simple fallocate and zero range (bsc#1144333). - smb3: add missing read completion trace point (bsc#1144333). - smb3: add module alias for smb3 to cifs.ko (bsc#1144333). - smb3: add new mount option to retrieve mode from special ACE (bsc#1144333). - smb3: add reconnect tracepoints (bsc#1144333). - smb3: add smb3.1.1 to default dialect list (bsc#1144333). - smb3: add support for posix negotiate context (bsc#1144333). - smb3: add support for statfs for smb3.1.1 posix extensions (bsc#1144333). - smb3: add trace point for tree connection (bsc#1144333). - smb3: add tracepoint for sending lease break responses to server (bsc#1144333). - smb3: add tracepoint for session expired or deleted (bsc#1144333). - smb3: add tracepoint for slow responses (bsc#1144333). - smb3: add tracepoint to catch cases where credit refund of failed op overlaps reconnect (bsc#1144333). - smb3: add tracepoints for query dir (bsc#1144333). - smb3: add tracepoints for smb2/smb3 open (bsc#1144333). - smb3: add way to control slow response threshold for logging and stats (bsc#1144333). - smb3: allow more detailed protocol info on open files for debugging (bsc#1144333). - smb3: allow posix mount option to enable new SMB311 protocol extensions (bsc#1144333). - smb3: allow previous versions to be mounted with snapshot= mount parm (bsc#1144333). - smb3: allow stats which track session and share reconnects to be reset (bsc#1051510, bsc#1144333). - smb3: check for and properly advertise directory lease support (bsc#1051510, bsc#1144333). - smb3: create smb3 equivalent alias for cifs pseudo-xattrs (bsc#1144333). - smb3: directory sync should not return an error (bsc#1051510, bsc#1144333). - smb3: display bytes_read and bytes_written in smb3 stats (bsc#1144333). - smb3: display security information in /proc/fs/cifs/DebugData more accurately (bsc#1144333). - smb3: display session id in debug data (bsc#1144333). - smb3: display stats counters for number of slow commands (bsc#1144333). - smb3: display volume serial number for shares in /proc/fs/cifs/DebugData (bsc#1144333). - smb3: do not allow insecure cifs mounts when using smb3 (bsc#1144333). - smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510, bsc#1144333). - smb3: do not display confusing message on mount to Azure servers (bsc#1144333). - smb3: do not display empty interface list (bsc#1144333). - smb3: do not request leases in symlink creation and query (bsc#1051510, bsc#1144333). - smb3: do not send compression info by default (bsc#1144333). - smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510, bsc#1144333). - smb3: fill in statfs fsid and correct namelen (bsc#1112905, bsc#1144333). - smb3: fix bytes_read statistics (bsc#1144333). - smb3: fix corrupt path in subdirs on smb311 with posix (bsc#1144333). - smb3: fix large reads on encrypted connections (bsc#1144333). - smb3: fix lease break problem introduced by compounding (bsc#1144333). - smb3: fix minor debug output for CONFIG_CIFS_STATS (bsc#1144333). - smb3: fix redundant opens on root (bsc#1144333). - smb3: fix reset of bytes read and written stats (bsc#1112906, bsc#1144333). - smb3: fix various xid leaks (bsc#1051510, bsc#1144333). - smb3: for kerberos mounts display the credential uid used (bsc#1144333). - smb3: handle new statx fields (bsc#1085536, bsc#1144333). - smb3: if max_credits is specified then display it in /proc/mounts (bsc#1144333). - smb3: if server does not support posix do not allow posix mount option (bsc#1144333). - smb3: improve dynamic tracing of open and posix mkdir (bsc#1144333). - smb3: increase initial number of credits requested to allow write (bsc#1144333). - smb3: make default i/o size for smb3 mounts larger (bsc#1144333). - smb3: minor cleanup of compound_send_recv (bsc#1144333). - smb3: minor debugging clarifications in rfc1001 len processing (bsc#1144333). - smb3: minor missing defines relating to reparse points (bsc#1144333). - smb3: missing defines and structs for reparse point handling (bsc#1144333). - smb3: note that smb3.11 posix extensions mount option is experimental (bsc#1144333). - smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510, bsc#1144333). - smb3: on reconnect set PreviousSessionId field (bsc#1112899, bsc#1144333). - smb3: optimize open to not send query file internal info (bsc#1144333). - smb3: passthru query info does not check for SMB3 FSCTL passthru (bsc#1144333). - smb3: print tree id in debugdata in proc to be able to help logging (bsc#1144333). - smb3: query inode number on open via create context (bsc#1144333). - smb3: remove noisy warning message on mount (bsc#1129664, bsc#1144333). - smb3: remove per-session operations from per-tree connection stats (bsc#1144333). - smb3: rename encryption_required to smb3_encryption_required (bsc#1144333). - smb3: request more credits on normal (non-large read/write) ops (bsc#1144333). - smb3: request more credits on tree connect (bsc#1144333). - smb3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write (bsc#1144333). - smb3: send CAP_DFS capability during session setup (bsc#1144333). - smb3: send backup intent on compounded query info (bsc#1144333). - smb3: show number of current open files in /proc/fs/cifs/Stats (bsc#1144333). - smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510, bsc#1144333). - smb3: smbdirect no longer experimental (bsc#1144333). - smb3: snapshot mounts are read-only and make sure info is displayable about the mount (bsc#1144333). - smb3: track the instance of each session for debugging (bsc#1144333). - smb3: trivial cleanup to smb2ops.c (bsc#1144333). - smb3: update comment to clarify enumerating snapshots (bsc#1144333). - smb3: update default requested iosize to 4MB from 1MB for recent dialects (bsc#1144333). - smb: Validate negotiate (to protect against downgrade) even if signing off (bsc#1085536, bsc#1144333). - smb: fix leak of validate negotiate info response buffer (bsc#1064597, bsc#1144333). - smb: fix validate negotiate info uninitialised memory use (bsc#1064597, bsc#1144333). - smbd: Make upper layer decide when to destroy the transport (bsc#1144333). - smpboot: Place the __percpu annotation correctly (git fixes). - soc: rockchip: power-domain: Add a sanity check on pd->num_clks (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: Use of_clk_get_parent_count() instead of open coding (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: use clk_bulk APIs (bsc#1144718,bsc#1144813). - sound: fix a memory leak bug (bsc#1051510). - spi: bcm2835aux: fix corruptions for longer spi transfers (bsc#1051510). - spi: bcm2835aux: remove dangerous uncontrolled read of fifo (bsc#1051510). - spi: bcm2835aux: unifying code between polling and interrupt driven code (bsc#1051510). - st21nfca_connectivity_event_received: null check the allocation (bsc#1051510). - st_nci_hci_connectivity_event_received: null check the allocation (bsc#1051510). - staging: comedi: dt3000: Fix rounding up of timer divisor (bsc#1051510). - staging: comedi: dt3000: Fix signed integer overflow 'divider * base' (bsc#1051510). - supported.conf: Add missing modules (bsc#1066369). - supported.conf: Add missing modules (bsc#1066369). - supported.conf: Add raspberrypi-cpufreq (jsc#SLE-7294). - supported.conf: Remove duplicate drivers/ata/libahci_platform - supported.conf: Sort alphabetically, align comments. - supported.conf: Sort alphabetically, align comments. - tcp: Reset bytes_acked and bytes_received when disconnecting (networking-stable-19_07_25). - test_firmware: fix a memory leak bug (bsc#1051510). - tipc: change to use register_pernet_device (networking-stable-19_07_02). - tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete (bsc#1082555). - tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations (bsc#1082555). - tpm: Fix off-by-one when reading binary_bios_measurements (bsc#1082555). - tpm: Unify the send callback behaviour (bsc#1082555). - tpm: vtpm_proxy: Suppress error logging when in closed state (bsc#1082555). - tracing: Fix header include guards in trace event headers (bsc#1144474). - treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 231 (bsc#1144333). - tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop (bsc#1051510). - tty/serial: digicolor: Fix digicolor-usart already registered warning (bsc#1051510). - tty: max310x: Fix invalid baudrate divisors calculator (bsc#1051510). - tty: serial: msm_serial: avoid system lockup condition (bsc#1051510). - tua6100: Avoid build warnings (bsc#1051510). - tun: wake up waitqueues after IFF_UP is set (networking-stable-19_07_02). - udf: Fix incorrect final NOT_ALLOCATED (hole) extent length (bsc#1148617). - update internal version number for cifs.ko (bsc#1144333). - usb-storage: Add new JMS567 revision to unusual_devs (bsc#1051510). - usb: CDC: fix sanity checks in CDC union parser (bsc#1142635). - usb: Handle USB3 remote wakeup for LPM enabled devices correctly (bsc#1051510). - usb: cdc-acm: make sure a refcount is taken early enough (bsc#1142635). - usb: cdc-wdm: fix race between write and disconnect due to flag abuse (bsc#1051510). - usb: chipidea: udc: do not do hardware access if gadget has stopped (bsc#1051510). - usb: core: Fix races in character device registration and deregistraion (bsc#1051510). - usb: core: hub: Disable hub-initiated U1/U2 (bsc#1051510). - usb: gadget: composite: Clear 'suspended' on reset/disconnect (bsc#1051510). - usb: gadget: udc: renesas_usb3: Fix sysfs interface of 'role' (bsc#1142635). - usb: host: fotg2: restart hcd after port reset (bsc#1051510). - usb: host: ohci: fix a race condition between shutdown and irq (bsc#1051510). - usb: host: xhci-rcar: Fix timeout in xhci_suspend() (bsc#1051510). - usb: host: xhci: rcar: Fix typo in compatible string matching (bsc#1051510). - usb: iowarrior: fix deadlock on disconnect (bsc#1051510). - usb: serial: option: Add Motorola modem UARTs (bsc#1051510). - usb: serial: option: Add support for ZTE MF871A (bsc#1051510). - usb: serial: option: add D-Link DWM-222 device ID (bsc#1051510). - usb: serial: option: add the BroadMobi BM818 card (bsc#1051510). - usb: storage: ums-realtek: Update module parameter description for auto_delink_en (bsc#1051510). - usb: storage: ums-realtek: Whitelist auto-delink support (bsc#1051510). - usb: usbfs: fix double-free of usb memory upon submiturb error (bsc#1051510). - usb: wusbcore: fix unbalanced get/put cluster_id (bsc#1051510). - usb: yurex: Fix use-after-free in yurex_delete (bsc#1051510). - vfs: fix page locking deadlocks when deduping files (bsc#1148619). - vmci: Release resource if the work is already queued (bsc#1051510). - vrf: make sure skb->data contains ip header to make routing (networking-stable-19_07_25). - watchdog: bcm2835_wdt: Fix module autoload (bsc#1051510). - watchdog: core: fix null pointer dereference when releasing cdev (bsc#1051510). - watchdog: f71808e_wdt: fix F81866 bit operation (bsc#1051510). - watchdog: fix compile time error of pretimeout governors (bsc#1051510). - wimax/i2400m: fix a memory leak bug (bsc#1051510). - x86/boot: Fix memory leak in default_get_smp_config() (bsc#1114279). - x86/entry/64/compat: Fix stack switching for XEN PV (bsc#1108382). - x86/microcode: Fix the microcode load on CPU hotplug for real (bsc#1114279). - x86/mm: Check for pfn instead of page in vmalloc_sync_one() (bsc#1118689). - x86/mm: Sync also unmappings in vmalloc_sync_all() (bsc#1118689). - x86/speculation/mds: Apply more accurate check on hypervisor platform (bsc#1114279). - x86/speculation: Allow guests to use SSBD even if host does not (bsc#1114279). - x86/unwind: Add hardcoded ORC entry for NULL (bsc#1114279). - x86/unwind: Handle NULL pointer calls better in frame unwinder (bsc#1114279). - xen/swiotlb: fix condition for calling xen_destroy_contiguous_region() (bsc#1065600). - xfrm: Fix NULL pointer dereference in xfrm_input when skb_dst_force clears the dst_entry (bsc#1143300). - xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry (bsc#1143300). - xfrm: Fix bucket count reported to userspace (bsc#1143300). - xfrm: Fix error return code in xfrm_output_one() (bsc#1143300). - xfs: do not crash on null attr fork xfs_bmapi_read (bsc#1148035). - xfs: do not trip over uninitialized buffer on extent read of corrupted inode (bsc#1149053). - xfs: dump transaction usage details on log reservation overrun (bsc#1145235). - xfs: eliminate duplicate icreate tx reservation functions (bsc#1145235). - xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT (bsc#1148032). - xfs: fix semicolon.cocci warnings (bsc#1145235). - xfs: fix up agi unlinked list reservations (bsc#1145235). - xfs: include an allocfree res for inobt modifications (bsc#1145235). - xfs: include inobt buffers in ifree tx log reservation (bsc#1145235). - xfs: print transaction log reservation on overrun (bsc#1145235). - xfs: refactor inode chunk alloc/free tx reservation (bsc#1145235). - xfs: refactor xlog_cil_insert_items() to facilitate transaction dump (bsc#1145235). - xfs: remove more ondisk directory corruption asserts (bsc#1148034). - xfs: separate shutdown from ticket reservation print helper (bsc#1145235). - xfs: truncate transaction does not modify the inobt (bsc#1145235). Important SUSE bug 1047238 SUSE bug 1050911 SUSE bug 1051510 SUSE bug 1054914 SUSE bug 1055117 SUSE bug 1056686 SUSE bug 1060662 SUSE bug 1061840 SUSE bug 1061843 SUSE bug 1064597 SUSE bug 1064701 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1066369 SUSE bug 1071009 SUSE bug 1071306 SUSE bug 1078248 SUSE bug 1082555 SUSE bug 1085030 SUSE bug 1085536 SUSE bug 1085539 SUSE bug 1086103 SUSE bug 1087092 SUSE bug 1090734 SUSE bug 1091171 SUSE bug 1093205 SUSE bug 1102097 SUSE bug 1104902 SUSE bug 1106061 SUSE bug 1106284 SUSE bug 1106434 SUSE bug 1108382 SUSE bug 1112178 SUSE bug 1112894 SUSE bug 1112899 SUSE bug 1112902 SUSE bug 1112903 SUSE bug 1112905 SUSE bug 1112906 SUSE bug 1112907 SUSE bug 1113722 SUSE bug 1114279 SUSE bug 1114542 SUSE bug 1118689 SUSE bug 1119086 SUSE bug 1120876 SUSE bug 1120902 SUSE bug 1120937 SUSE bug 1123105 SUSE bug 1123959 SUSE bug 1124370 SUSE bug 1129424 SUSE bug 1129519 SUSE bug 1129664 SUSE bug 1131107 SUSE bug 1131281 SUSE bug 1131565 SUSE bug 1133021 SUSE bug 1134291 SUSE bug 1134881 SUSE bug 1134882 SUSE bug 1135219 SUSE bug 1135642 SUSE bug 1135897 SUSE bug 1136261 SUSE bug 1137069 SUSE bug 1137884 SUSE bug 1138539 SUSE bug 1139020 SUSE bug 1139021 SUSE bug 1139101 SUSE bug 1139500 SUSE bug 1140012 SUSE bug 1140426 SUSE bug 1140487 SUSE bug 1141013 SUSE bug 1141450 SUSE bug 1141543 SUSE bug 1141554 SUSE bug 1142019 SUSE bug 1142076 SUSE bug 1142109 SUSE bug 1142117 SUSE bug 1142118 SUSE bug 1142119 SUSE bug 1142496 SUSE bug 1142541 SUSE bug 1142635 SUSE bug 1142685 SUSE bug 1142701 SUSE bug 1142857 SUSE bug 1143300 SUSE bug 1143466 SUSE bug 1143765 SUSE bug 1143841 SUSE bug 1143843 SUSE bug 1144123 SUSE bug 1144333 SUSE bug 1144474 SUSE bug 1144518 SUSE bug 1144718 SUSE bug 1144813 SUSE bug 1144880 SUSE bug 1144886 SUSE bug 1144912 SUSE bug 1144920 SUSE bug 1144979 SUSE bug 1145010 SUSE bug 1145024 SUSE bug 1145051 SUSE bug 1145059 SUSE bug 1145189 SUSE bug 1145235 SUSE bug 1145300 SUSE bug 1145302 SUSE bug 1145388 SUSE bug 1145389 SUSE bug 1145390 SUSE bug 1145391 SUSE bug 1145392 SUSE bug 1145393 SUSE bug 1145394 SUSE bug 1145395 SUSE bug 1145396 SUSE bug 1145397 SUSE bug 1145408 SUSE bug 1145409 SUSE bug 1145661 SUSE bug 1145678 SUSE bug 1145687 SUSE bug 1145920 SUSE bug 1145922 SUSE bug 1145934 SUSE bug 1145937 SUSE bug 1145940 SUSE bug 1145941 SUSE bug 1145942 SUSE bug 1146074 SUSE bug 1146084 SUSE bug 1146163 SUSE bug 1146285 SUSE bug 1146346 SUSE bug 1146351 SUSE bug 1146352 SUSE bug 1146361 SUSE bug 1146368 SUSE bug 1146376 SUSE bug 1146378 SUSE bug 1146381 SUSE bug 1146391 SUSE bug 1146399 SUSE bug 1146413 SUSE bug 1146425 SUSE bug 1146516 SUSE bug 1146519 SUSE bug 1146524 SUSE bug 1146526 SUSE bug 1146529 SUSE bug 1146531 SUSE bug 1146543 SUSE bug 1146547 SUSE bug 1146550 SUSE bug 1146575 SUSE bug 1146589 SUSE bug 1146678 SUSE bug 1146938 SUSE bug 1148031 SUSE bug 1148032 SUSE bug 1148033 SUSE bug 1148034 SUSE bug 1148035 SUSE bug 1148093 SUSE bug 1148133 SUSE bug 1148192 SUSE bug 1148196 SUSE bug 1148198 SUSE bug 1148202 SUSE bug 1148303 SUSE bug 1148363 SUSE bug 1148379 SUSE bug 1148394 SUSE bug 1148527 SUSE bug 1148574 SUSE bug 1148616 SUSE bug 1148617 SUSE bug 1148619 SUSE bug 1148698 SUSE bug 1148859 SUSE bug 1148868 SUSE bug 1149053 SUSE bug 1149083 SUSE bug 1149104 SUSE bug 1149105 SUSE bug 1149106 SUSE bug 1149197 SUSE bug 1149214 SUSE bug 1149224 SUSE bug 1149325 SUSE bug 1149376 SUSE bug 1149413 SUSE bug 1149418 SUSE bug 1149424 SUSE bug 1149522 SUSE bug 1149527 SUSE bug 1149539 SUSE bug 1149552 SUSE bug 1149591 SUSE bug 1149602 SUSE bug 1149612 SUSE bug 1149626 SUSE bug 1149652 SUSE bug 1149713 SUSE bug 1149940 SUSE bug 1149959 SUSE bug 1149963 SUSE bug 1149976 SUSE bug 1150025 SUSE bug 1150033 SUSE bug 1150112 SUSE bug 1150562 SUSE bug 1150727 SUSE bug 1150860 SUSE bug 1150861 SUSE bug 1150933 CVE-2017-18551 CVE-2018-20976 CVE-2018-21008 CVE-2019-10207 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14835 CVE-2019-15030 CVE-2019-15031 CVE-2019-15090 CVE-2019-15098 CVE-2019-15099 CVE-2019-15117 CVE-2019-15118 CVE-2019-15211 CVE-2019-15212 CVE-2019-15214 CVE-2019-15215 CVE-2019-15216 CVE-2019-15217 CVE-2019-15218 CVE-2019-15219 CVE-2019-15220 CVE-2019-15221 CVE-2019-15222 CVE-2019-15239 CVE-2019-15290 CVE-2019-15292 CVE-2019-15538 CVE-2019-15666 CVE-2019-15902 CVE-2019-15917 CVE-2019-15919 CVE-2019-15920 CVE-2019-15921 CVE-2019-15924 CVE-2019-15926 CVE-2019-15927 CVE-2019-9456 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_29 fixes several issues. The following security issue was fixed: - CVE-2019-14835: A buffer overflow flaw was found in the way vhost functionality, that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host (bsc#1151021). Important SUSE bug 1149841 SUSE bug 1151021 CVE-2019-14835 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_24 fixes several issues. The following security issue was fixed: - CVE-2019-14835: A buffer overflow flaw was found in the way vhost functionality, that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host (bsc#1151021). Important SUSE bug 1149841 SUSE bug 1151021 CVE-2019-14835 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_16 fixes several issues. The following security issue was fixed: - CVE-2019-14835: A buffer overflow flaw was found in the way vhost functionality, that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host (bsc#1151021). Important SUSE bug 1149841 SUSE bug 1151021 CVE-2019-14835 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_19 fixes several issues. The following security issue was fixed: - CVE-2019-14835: A buffer overflow flaw was found in the way vhost functionality, that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host (bsc#1151021). Important SUSE bug 1149841 SUSE bug 1151021 CVE-2019-14835 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_13 fixes several issues. The following security issue was fixed: - CVE-2019-14835: A buffer overflow flaw was found in the way vhost functionality, that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host (bsc#1151021). Important SUSE bug 1149841 SUSE bug 1151021 CVE-2019-14835 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_6 fixes several issues. The following security issue was fixed: - CVE-2019-14835: A buffer overflow flaw was found in the way vhost functionality, that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host (bsc#1151021). Important SUSE bug 1149841 SUSE bug 1151021 CVE-2019-14835 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_3 fixes several issues. The following security issue was fixed: - CVE-2019-14835: A buffer overflow flaw was found in the way vhost functionality, that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host (bsc#1151021). Important SUSE bug 1149841 SUSE bug 1151021 CVE-2019-14835 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-94_41 fixes several issues. The following security issue was fixed: - CVE-2019-14835: A buffer overflow flaw was found in the way vhost functionality, that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host (bsc#1151021). Important SUSE bug 1149841 SUSE bug 1151021 CVE-2019-14835 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-94_41 fixes several issues. The following security issues were fixed: - CVE-2019-10220: Fixed a relative path escape in the Samba client module (bsc#1144903, bsc#1153108). - CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158). Important SUSE bug 1144903 SUSE bug 1153108 SUSE bug 1153158 SUSE bug 1153161 CVE-2019-10220 CVE-2019-17133 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_3 fixes several issues. The following security issues were fixed: - CVE-2019-10220: Fixed a relative path escape in the Samba client module (bsc#1144903, bsc#1153108). - CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158). Important SUSE bug 1144903 SUSE bug 1153108 SUSE bug 1153158 SUSE bug 1153161 CVE-2019-10220 CVE-2019-17133 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_6 fixes several issues. The following security issues were fixed: - CVE-2019-10220: Fixed a relative path escape in the Samba client module (bsc#1144903, bsc#1153108). - CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158). Important SUSE bug 1144903 SUSE bug 1153108 SUSE bug 1153158 SUSE bug 1153161 CVE-2019-10220 CVE-2019-17133 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_13 fixes several issues. The following security issues were fixed: - CVE-2019-10220: Fixed a relative path escape in the Samba client module (bsc#1144903, bsc#1153108). - CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158). Important SUSE bug 1144903 SUSE bug 1153108 SUSE bug 1153158 SUSE bug 1153161 CVE-2019-10220 CVE-2019-17133 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_16 fixes several issues. The following security issues were fixed: - CVE-2019-10220: Fixed a relative path escape in the Samba client module (bsc#1144903, bsc#1153108). - CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158). Important SUSE bug 1144903 SUSE bug 1153108 SUSE bug 1153158 SUSE bug 1153161 CVE-2019-10220 CVE-2019-17133 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_19 fixes several issues. The following security issues were fixed: - CVE-2019-10220: Fixed a relative path escape in the Samba client module (bsc#1144903, bsc#1153108). - CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158). Important SUSE bug 1144903 SUSE bug 1153108 SUSE bug 1153158 SUSE bug 1153161 CVE-2019-10220 CVE-2019-17133 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_24 fixes several issues. The following security issues were fixed: - CVE-2019-10220: Fixed a relative path escape in the Samba client module (bsc#1144903, bsc#1153108). - CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158). Important SUSE bug 1144903 SUSE bug 1153108 SUSE bug 1153158 SUSE bug 1153161 CVE-2019-10220 CVE-2019-17133 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_29 fixes several issues. The following security issues were fixed: - CVE-2019-10220: Fixed a relative path escape in the Samba client module (bsc#1144903, bsc#1153108). - CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158). Important SUSE bug 1144903 SUSE bug 1153108 SUSE bug 1153158 SUSE bug 1153161 CVE-2019-10220 CVE-2019-17133 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_32 fixes several issues. The following security issues were fixed: - CVE-2019-10220: Fixed a relative path escape in the Samba client module (bsc#1144903, bsc#1153108). - CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158). Important SUSE bug 1144903 SUSE bug 1149841 SUSE bug 1153108 SUSE bug 1153158 SUSE bug 1153161 CVE-2019-10220 CVE-2019-17133 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-18595: A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (bnc#1149555). - CVE-2019-14821: An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350). - CVE-2019-15291: There was a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver (bnc#1146540). - CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permitted sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation. This allowed practical brute-force attacks (aka 'KNOB') that could decrypt traffic and injected arbitrary ciphertext without the victim noticing (bnc#1137865 bnc#1146042). - CVE-2019-16232: Fixed a NULL pointer dereference in drivers/net/wireless/marvell/libertas/if_sdio.c, which did not check the alloc_workqueue return value (bnc#1150465). - CVE-2019-16234: Fixed a NULL pointer dereference in drivers/net/wireless/intel/iwlwifi/pcie/trans.c, which did not check the alloc_workqueue return value (bnc#1150452). - CVE-2019-17056: Added enforcement of CAP_NET_RAW in llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module, the lack of which allowed unprivileged users to create a raw socket, aka CID-3a359798b176 (bnc#1152788). - CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158). - CVE-2019-17666: Added an upper-bound check in rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c, the lack of which could have led to a buffer overflow (bnc#1154372). The following non-security bugs were fixed: - 9p: avoid attaching writeback_fid on mmap with type PRIVATE (bsc#1051510). - ACPI / CPPC: do not require the _PSD method (bsc#1051510). - ACPI: CPPC: Set pcc_data[pcc_ss_id] to NULL in acpi_cppc_processor_exit() (bsc#1051510). - ACPI: custom_method: fix memory leaks (bsc#1051510). - ACPI / PCI: fix acpi_pci_irq_enable() memory leak (bsc#1051510). - ACPI / processor: do not print errors for processorIDs == 0xff (bsc#1051510). - ACPI / property: Fix acpi_graph_get_remote_endpoint() name in kerneldoc (bsc#1051510). - act_mirred: Fix mirred_init_module error handling (bsc#1051510). - Add kernel module compression support (bsc#1135854) For enabling the kernel module compress, add the item COMPRESS_MODULES='xz' in config.sh, then mkspec will pass it to the spec file. - alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP (bsc#1151680). - ALSA: aoa: onyx: always initialize register read value (bsc#1051510). - ALSA: firewire-tascam: check intermediate state of clock status and retry (bsc#1051510). - ALSA: firewire-tascam: handle error code when getting current source of clock (bsc#1051510). - ALSA: hda - Add laptop imic fixup for ASUS M9V laptop (bsc#1051510). - ALSA: hda: Add support of Zhaoxin controller (bsc#1051510). - ALSA: hda - Apply AMD controller workaround for Raven platform (bsc#1051510). - ALSA: hda - Define a fallback_pin_fixup_tbl for alc269 family (bsc#1051510). - ALSA: hda - Drop unsol event handler for Intel HDMI codecs (bsc#1051510). - ALSA: hda - Expand pin_match function to match upcoming new tbls (bsc#1051510). - ALSA: hda: Flush interrupts on disabling (bsc#1051510). - ALSA: hda/hdmi: remove redundant assignment to variable pcm_idx (bsc#1051510). - ALSA: hda - Inform too slow responses (bsc#1051510). - ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93 (bsc#1051510). - ALSA: hda/realtek - Check beep whitelist before assigning in all codecs (bsc#1051510). - ALSA: hda/realtek - Fix alienware headset mic (bsc#1051510). - ALSA: hda/realtek: Reduce the Headphone static noise on XPS 9350/9360 (bsc#1051510). - ALSA: hda: Set fifo_size for both playback and capture streams (bsc#1051510). - ALSA: hda - Show the fatal CORB/RIRB error more clearly (bsc#1051510). - ALSA: hda/sigmatel - remove unused variable 'stac9200_core_init' (bsc#1051510). - ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls() (bsc#1051510). - ALSA: line6: sizeof (byte) is always 1, use that fact (bsc#1051510). - ALSA: usb-audio: Add Pioneer DDJ-SX3 PCM quirck (bsc#1051510). - ALSA: usb-audio: Disable quirks for BOSS Katana amplifiers (bsc#1051510). - ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid (bsc#1051510). - appletalk: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - ASoC: Define a set of DAPM pre/post-up events (bsc#1051510). - ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set (bsc#1051510). - ASoC: es8328: Fix copy-paste error in es8328_right_line_controls (bsc#1051510). - ASoC: Intel: Baytrail: Fix implicit fallthrough warning (bsc#1051510). - ASoC: Intel: Fix use of potentially uninitialized variable (bsc#1051510). - ASoC: Intel: NHLT: Fix debug print format (bsc#1051510). - ASoC: sgtl5000: Fix charge pump source assignment (bsc#1051510). - ASoC: sun4i-i2s: RX and TX counter registers are swapped (bsc#1051510). - ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls (bsc#1051510). - ASoC: wm8988: fix typo in wm8988_right_line_controls (bsc#1051510). - ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init (bsc#1051510). - atm: iphase: Fix Spectre v1 vulnerability (networking-stable-19_08_08). - auxdisplay: panel: need to delete scan_timer when misc_register fails in panel_attach (bsc#1051510). - ax25: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA (bsc#1051510). - blk-flush: do not run queue for requests bypassing flush (bsc#1137959). - blk-flush: use blk_mq_request_bypass_insert() (bsc#1137959). - blk-mq: do not allocate driver tag upfront for flush rq (bsc#1137959). - blk-mq: Fix memory leak in blk_mq_init_allocated_queue error handling (bsc#1151610). - blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue (bsc#1137959). - blk-mq: kABI fixes for blk-mq.h (bsc#1137959). - blk-mq: move blk_mq_put_driver_tag*() into blk-mq.h (bsc#1137959). - blk-mq: punt failed direct issue to dispatch list (bsc#1137959). - blk-mq: put the driver tag of nxt rq before first one is requeued (bsc#1137959). - blk-mq-sched: decide how to handle flush rq via RQF_FLUSH_SEQ (bsc#1137959). - blk-wbt: abstract out end IO completion handler (bsc#1135873). - blk-wbt: fix has-sleeper queueing check (bsc#1135873). - blk-wbt: improve waking of tasks (bsc#1135873). - blk-wbt: move disable check into get_limit() (bsc#1135873). - blk-wbt: use wq_has_sleeper() for wq active check (bsc#1135873). - block: add io timeout to sysfs (bsc#1148410). - block: do not show io_timeout if driver has no timeout handler (bsc#1148410). - block: fix timeout changes for legacy request drivers (bsc#1149446). - block: kABI fixes for BLK_EH_DONE renaming (bsc#1142076). - block: rename BLK_EH_NOT_HANDLED to BLK_EH_DONE (bsc#1142076). - Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices (bsc#1051510). - bnx2x: Disable multi-cos feature (networking-stable-19_08_08). - bnx2x: Fix VF's VLAN reconfiguration in reload (bsc#1086323 ). - bonding: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - bridge/mdb: remove wrong use of NLM_F_MULTI (networking-stable-19_09_15). - btrfs: bail out gracefully rather than BUG_ON (bsc#1153646). - btrfs: check for the full sync flag while holding the inode lock during fsync (bsc#1153713). - btrfs: Ensure btrfs_init_dev_replace_tgtdev sees up to date values (bsc#1154651). - btrfs: Ensure replaced device does not have pending chunk allocation (bsc#1154607). - btrfs: fix use-after-free when using the tree modification log (bsc#1151891). - btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls (bsc#1152975). - btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space (bsc#1152974). - btrfs: relocation: fix use-after-free on dead relocation roots (bsc#1152972). - btrfs: remove wrong use of volume_mutex from btrfs_dev_replace_start (bsc#1154651). - can: mcp251x: mcp251x_hw_reset(): allow more time after a reset (bsc#1051510). - can: xilinx_can: xcan_probe(): skip error message on deferred probe (bsc#1051510). - cdc_ether: fix rndis support for Mediatek based smartphones (networking-stable-19_09_15). - cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize (bsc#1051510). - ceph: fix directories inode i_blkbits initialization (bsc#1153717). - ceph: reconnect connection if session hang in opening state (bsc#1153718). - ceph: update the mtime when truncating up (bsc#1153719). - ceph: use ceph_evict_inode to cleanup inode's resource (bsc#1148133). - cfg80211: add and use strongly typed element iteration macros (bsc#1051510). - cfg80211: Purge frame registrations on iftype change (bsc#1051510). - clk: at91: fix update bit maps on CFG_MOR write (bsc#1051510). - clk: at91: select parent if main oscillator or bypass is enabled (bsc#1051510). - clk: qoriq: Fix -Wunused-const-variable (bsc#1051510). - clk: sirf: Do not reference clk_init_data after registration (bsc#1051510). - clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks (bsc#1051510). - clk: sunxi-ng: v3s: add the missing PLL_DDR1 (bsc#1051510). - clk: zx296718: Do not reference clk_init_data after registration (bsc#1051510). - crypto: caam - fix concurrency issue in givencrypt descriptor (bsc#1051510). - crypto: caam - free resources in case caam_rng registration failed (bsc#1051510). - crypto: cavium/zip - Add missing single_release() (bsc#1051510). - crypto: ccp - Reduce maximum stack usage (bsc#1051510). - crypto: qat - Silence smp_processor_id() warning (bsc#1051510). - crypto: skcipher - Unmap pages after an external error (bsc#1051510). - crypto: talitos - fix missing break in switch statement (bsc#1142635). - cxgb4: fix endianness for vlan value in cxgb4_tc_flower (bsc#1064802 bsc#1066129). - cxgb4: offload VLAN flows regardless of VLAN ethtype (bsc#1064802 bsc#1066129). - cxgb4: reduce kernel stack usage in cudbg_collect_mem_region() (bsc#1073513). - cxgb4: Signedness bug in init_one() (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: smt: Add lock for atomic_dec_and_test (bsc#1064802 bsc#1066129). - dasd_fba: Display '00000000' for zero page when dumping sense (bsc#1123080). - /dev/mem: Bail out upon SIGKILL (git-fixes). - dmaengine: dw: platform: Switch to acpi_dma_controller_register() (bsc#1051510). - dmaengine: iop-adma.c: fix printk format warning (bsc#1051510). - drivers: thermal: int340x_thermal: Fix sysfs race condition (bsc#1051510). - drm/amdgpu: Check for valid number of registers to read (bsc#1051510). - drm/amdgpu/si: fix ASIC tests (git-fixes). - drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2) (bsc#1051510). - drm/ast: Fixed reboot test may cause system hanged (bsc#1051510). - drm/bridge: tc358767: Increase AUX transfer length limit (bsc#1051510). - drm: Flush output polling on shutdown (bsc#1051510). - drm/i915: Fix various tracepoints for gen2 (bsc#1113722) - drm/imx: Drop unused imx-ipuv3-crtc.o build (bsc#1113722) - drm/msm/dsi: Implement reset correctly (bsc#1051510). - drm/panel: simple: fix AUO g185han01 horizontal blanking (bsc#1051510). - drm/radeon: Fix EEH during kexec (bsc#1051510). - drm/tilcdc: Register cpufreq notifier after we have initialized crtc (bsc#1051510). - drm/vmwgfx: Fix double free in vmw_recv_msg() (bsc#1051510). - Drop multiversion(kernel) from the KMP template (bsc#1127155). - e1000e: add workaround for possible stalled packet (bsc#1051510). - EDAC/amd64: Decode syndrome before translating address (bsc#1114279). - eeprom: at24: make spd world-readable again (git-fixes). - ext4: fix warning inside ext4_convert_unwritten_extents_endio (bsc#1152025). - ext4: set error return correctly when ext4_htree_store_dirent fails (bsc#1152024). - firmware: dmi: Fix unlikely out-of-bounds read in save_mem_devices (git-fixes). - Fix AMD IOMMU kABI (bsc#1154610). - Fix kabi for: NFSv4: Fix OPEN / CLOSE race (git-fixes). - Fix KVM kABI after x86 mmu backports (bsc#1117665). - gpio: fix line flag validation in lineevent_create (bsc#1051510). - gpio: fix line flag validation in linehandle_create (bsc#1051510). - gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist (bsc#1051510). - gpiolib: only check line handle flags once (bsc#1051510). - gpio: Move gpiochip_lock/unlock_as_irq to gpio/driver.h (bsc#1051510). - gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property() (bsc#1051510). - HID: apple: Fix stuck function keys when using FN (bsc#1051510). - HID: hidraw: Fix invalid read in hidraw_ioctl (bsc#1051510). - HID: logitech: Fix general protection fault caused by Logitech driver (bsc#1051510). - HID: prodikeys: Fix general protection fault during probe (bsc#1051510). - HID: sony: Fix memory corruption issue on cleanup (bsc#1051510). - hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap' (bsc#1051510). - hwmon: (lm75) Fix write operations for negative temperatures (bsc#1051510). - hwmon: (shtc1) fix shtc1 and shtw1 id mask (bsc#1051510). - hwrng: core - do not wait on add_early_randomness() (git-fixes). - i2c: riic: Clear NACK in tend isr (bsc#1051510). - IB/core, ipoib: Do not overreact to SM LID change event (bsc#1154108) - IB/hfi1: Remove overly conservative VM_EXEC flag check (bsc#1144449). - IB/mlx5: Consolidate use_umr checks into single function (bsc#1093205). - IB/mlx5: Fix MR re-registration flow to use UMR properly (bsc#1093205). - IB/mlx5: Report correctly tag matching rendezvous capability (bsc#1046305). - ieee802154: atusb: fix use-after-free at disconnect (bsc#1051510). - ieee802154: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - ife: error out when nla attributes are empty (networking-stable-19_08_08). - iio: adc: ad799x: fix probe error handling (bsc#1051510). - iio: dac: ad5380: fix incorrect assignment to val (bsc#1051510). - iio: light: opt3001: fix mutex unlock race (bsc#1051510). - ima: always return negative code for error (bsc#1051510). - Input: da9063 - fix capability and drop KEY_SLEEP (bsc#1051510). - Input: elan_i2c - remove Lenovo Legion Y7000 PnpID (bsc#1051510). - iommu/amd: Apply the same IVRS IOAPIC workaround to Acer Aspire A315-41 (bsc#1137799). - iommu/amd: Check PM_LEVEL_SIZE() condition in locked section (bsc#1154608). - iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge systems (bsc#1137799). - iommu/amd: Remove domain->updated (bsc#1154610). - iommu/amd: Wait for completion of IOTLB flush in attach_device (bsc#1154611). - iommu/dma: Fix for dereferencing before null checking (bsc#1151667). - iommu/iova: Avoid false sharing on fq_timer_on (bsc#1151671). - ip6_tunnel: fix possible use-after-free on xmit (networking-stable-19_08_08). - ipmi_si: Only schedule continuously in the thread in maintenance mode (bsc#1051510). - ipv6/addrconf: allow adding multicast addr if IFA_F_MCAUTOJOIN is set (networking-stable-19_08_28). - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()' (networking-stable-19_09_15). - isdn/capi: check message length in capi_write() (bsc#1051510). - ixgbe: Prevent u8 wrapping of ITR value to something less than 10us (bsc#1101674). - ixgbe: sync the first fragment unconditionally (bsc#1133140). - kABI: media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). fixes kABI - kABI: media: em28xx: stop rewriting device's struct (bsc#1051510). fixes kABI - kABI: net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05). - kABI/severities: Whitelist functions internal to radix mm. To call these functions you have to first detect if you are running in radix mm mode which can't be expected of OOT code. - kABI workaround for snd_hda_pick_pin_fixup() changes (bsc#1051510). - kernel-subpackage-build: create zero size ghost for uncompressed vmlinux (bsc#1154354). It is not strictly necessary to uncompress it so maybe the ghost file can be 0 size in this case. - kernel/sysctl.c: do not override max_threads provided by userspace (bnc#1150875). - KVM: Convert kvm_lock to a mutex (bsc#1117665). - KVM: MMU: drop vcpu param in gpte_access (bsc#1117665). - KVM: PPC: Book3S: Fix incorrect guest-to-user-translation error handling (bsc#1061840). - KVM: PPC: Book3S HV: Check for MMU ready on piggybacked virtual cores (bsc#1061840). - KVM: PPC: Book3S HV: Do not lose pending doorbell request on migration on P9 (bsc#1061840). - KVM: PPC: Book3S HV: Do not push XIVE context when not using XIVE device (bsc#1061840). - KVM: PPC: Book3S HV: Fix lockdep warning when entering the guest (bsc#1061840). - KVM: PPC: Book3S HV: Fix race in re-enabling XIVE escalation interrupts (bsc#1061840). - KVM: PPC: Book3S HV: Handle virtual mode in XIVE VCPU push code (bsc#1061840). - KVM: PPC: Book3S HV: use smp_mb() when setting/clearing host_ipi flag (bsc#1061840). - KVM: PPC: Book3S HV: XIVE: Free escalation interrupts before disabling the VP (bsc#1061840). - KVM: x86: add tracepoints around __direct_map and FNAME(fetch) (bsc#1117665). - KVM: x86: adjust kvm_mmu_page member to save 8 bytes (bsc#1117665). - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (bsc#1117665). - KVM: x86: Do not release the page inside mmu_set_spte() (bsc#1117665). - KVM: x86: make FNAME(fetch) and __direct_map more similar (bsc#1117665). - KVM: x86, powerpc: do not allow clearing largepages debugfs entry (bsc#1117665). - KVM: x86: remove now unneeded hugepage gfn adjustment (bsc#1117665). - leds: leds-lp5562 allow firmware files up to the maximum length (bsc#1051510). - leds: trigger: gpio: GPIO 0 is valid (bsc#1051510). - libertas: Add missing sentinel at end of if_usb.c fw_table (bsc#1051510). - libertas_tf: Use correct channel range in lbtf_geo_init (bsc#1051510). - libiscsi: do not try to bypass SCSI EH (bsc#1142076). - lib/mpi: Fix karactx leak in mpi_powm (bsc#1051510). - livepatch: Nullify obj->mod in klp_module_coming()'s error path (bsc#1071995). - mac80211: accept deauth frames in IBSS mode (bsc#1051510). - mac80211: minstrel_ht: fix per-group max throughput rate initialization (bsc#1051510). - macsec: drop skb sk before calling gro_cells_receive (bsc#1051510). - md: do not report active array_state until after revalidate_disk() completes (git-fixes). - md: only call set_in_sync() when it is expected to succeed (git-fixes). - md/raid6: Set R5_ReadError when there is read failure on parity disk (git-fixes). - media: atmel: atmel-isc: fix asd memory allocation (bsc#1135642). - media: atmel: atmel-isi: fix timeout value for stop streaming (bsc#1051510). - media: cpia2_usb: fix memory leaks (bsc#1051510). - media: dib0700: fix link error for dibx000_i2c_set_speed (bsc#1051510). - media: dvb-core: fix a memory leak bug (bsc#1051510). - media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). - media: em28xx: stop rewriting device's struct (bsc#1051510). - media: exynos4-is: fix leaked of_node references (bsc#1051510). - media: fdp1: Reduce FCP not found message level to debug (bsc#1051510). - media: gspca: zero usb_buf on error (bsc#1051510). - media: hdpvr: Add device num check and handling (bsc#1051510). - media: hdpvr: add terminating 0 at end of string (bsc#1051510). - media: i2c: ov5645: Fix power sequence (bsc#1051510). - media: iguanair: add sanity checks (bsc#1051510). - media: marvell-ccic: do not generate EOF on parallel bus (bsc#1051510). - media: mc-device.c: do not memset __user pointer contents (bsc#1051510). - media: omap3isp: Do not set streaming state on random subdevs (bsc#1051510). - media: omap3isp: Set device on omap3isp subdevs (bsc#1051510). - media: ov6650: Fix sensor possibly not detected on probe (bsc#1051510). - media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper (bsc#1051510). - media: ov9650: add a sanity check (bsc#1051510). - media: radio/si470x: kill urb on error (bsc#1051510). - media: replace strcpy() by strscpy() (bsc#1051510). - media: Revert '[media] marvell-ccic: reset ccic phy when stop streaming for stability' (bsc#1051510). - media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate() (bsc#1051510). - media: saa7146: add cleanup in hexium_attach() (bsc#1051510). - media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table (bsc#1051510). - media: stkwebcam: fix runtime PM after driver unbind (bsc#1051510). - media: technisat-usb2: break out of loop at end of buffer (bsc#1051510). - media: tm6000: double free if usb disconnect while streaming (bsc#1051510). - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() (bsc#1051510). - media: vb2: Fix videobuf2 to map correct area (bsc#1051510). - memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()' (bsc#1051510). - mfd: intel-lpss: Remove D3cold delay (bsc#1051510). - mic: avoid statically declaring a 'struct device' (bsc#1051510). - mISDN: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - mld: fix memory leak in mld_del_delrec() (networking-stable-19_09_05). - mmc: sdhci: Fix incorrect switch to HS mode (bsc#1051510). - mmc: sdhci: improve ADMA error reporting (bsc#1051510). - mmc: sdhci-msm: fix mutex while in spinlock (bsc#1142635). - mmc: sdhci-of-arasan: Do now show error message in case of deffered probe (bsc#1119086). - mmc: sdhci-of-esdhc: set DMA snooping based on DMA coherence (bsc#1051510). - mtd: spi-nor: Fix Cadence QSPI RCU Schedule Stall (bsc#1051510). - mvpp2: refactor MTU change code (networking-stable-19_08_08). - net: bridge: delete local fdb on device init failure (networking-stable-19_08_08). - net: bridge: mcast: do not delete permanent entries when fast leave is enabled (networking-stable-19_08_08). - net: fix ifindex collision during namespace removal (networking-stable-19_08_08). - net: Fix null de-reference of device refcount (networking-stable-19_09_15). - net: fix skb use after free in netpoll (networking-stable-19_09_05). - net: gso: Fix skb_segment splat when splitting gso_size mangled skb having linear-headed frag_list (networking-stable-19_09_15). - net/ibmvnic: Fix EOI when running in XIVE mode (bsc#1089644, ltc#166495, ltc#165544, git-fixes). - net/ibmvnic: prevent more than one thread from running in reset (bsc#1152457 ltc#174432). - net/ibmvnic: unlock rtnl_lock in reset so linkwatch_event can run (bsc#1152457 ltc#174432). - net/mlx4_en: fix a memory leak bug (bsc#1046299). - net/mlx5: Add device ID of upcoming BlueField-2 (bsc#1046303 ). - net/mlx5e: Only support tx/rx pause setting for port owner (networking-stable-19_08_21). - net/mlx5e: Prevent encap flow counter update async to user query (networking-stable-19_08_08). - net/mlx5e: Use flow keys dissector to parse packets for ARFS (networking-stable-19_08_21). - net/mlx5: Fix error handling in mlx5_load() (bsc#1046305 ). - net/mlx5: Use reversed order when unregister devices (networking-stable-19_08_08). - net/packet: fix race in tpacket_snd() (networking-stable-19_08_21). - net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05). - net: sched: Fix a possible null-pointer dereference in dequeue_func() (networking-stable-19_08_08). - net/smc: make sure EPOLLOUT is raised (networking-stable-19_08_28). - net: stmmac: dwmac-rk: Do not fail if phy regulator is absent (networking-stable-19_09_05). - nfc: fix attrs checks in netlink interface (bsc#1051510). - nfc: fix memory leak in llcp_sock_bind() (bsc#1051510). - nfc: pn533: fix use-after-free and memleaks (bsc#1051510). - NFS4: Fix v4.0 client state corruption when mount (git-fixes). - nfsd: degraded slot-count more gracefully as allocation nears exhaustion (bsc#1150381). - nfsd: Do not release the callback slot unless it was actually held (git-fixes). - nfsd: Fix overflow causing non-working mounts on 1 TB machines (bsc#1150381). - nfsd: fix performance-limiting session calculation (bsc#1150381). - nfsd: give out fewer session slots as limit approaches (bsc#1150381). - nfsd: handle drc over-allocation gracefully (bsc#1150381). - nfsd: increase DRC cache limit (bsc#1150381). - NFS: Do not interrupt file writeout due to fatal errors (git-fixes). - NFS: Do not open code clearing of delegation state (git-fixes). - NFS: Ensure O_DIRECT reports an error if the bytes read/written is 0 (git-fixes). - NFS: Fix regression whereby fscache errors are appearing on 'nofsc' mounts (git-fixes). - NFS: Forbid setting AF_INET6 to 'struct sockaddr_in'->sin_family (git-fixes). - NFS: Refactor nfs_lookup_revalidate() (git-fixes). - NFS: Remove redundant semicolon (git-fixes). - NFSv4.1: Again fix a race where CB_NOTIFY_LOCK fails to wake a waiter (git-fixes). - NFSv4.1: Fix open stateid recovery (git-fixes). - NFSv4.1: Only reap expired delegations (git-fixes). - NFSv4: Check the return value of update_open_stateid() (git-fixes). - NFSv4: Fix an Oops in nfs4_do_setattr (git-fixes). - NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim() (git-fixes). - NFSv4: Fix delegation state recovery (git-fixes). - NFSv4: Fix lookup revalidate of regular files (git-fixes). - NFSv4: Fix OPEN / CLOSE race (git-fixes). - NFSv4: Handle the special Linux file open access mode (git-fixes). - NFSv4: Only pass the delegation to setattr if we're sending a truncate (git-fixes). - NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend() (git-fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - null_blk: complete requests from ->timeout (bsc#1149446). - null_blk: wire up timeouts (bsc#1149446). - nvme: fix multipath crash when ANA is deactivated (bsc#1149446). - nvmem: Use the same permissions for eeprom as for nvmem (git-fixes). - nvme-rdma: Allow DELETING state change failure in (bsc#1104967,). - nvme-rdma: centralize admin/io queue teardown sequence (bsc#1142076). - nvme-rdma: centralize controller setup sequence (bsc#1142076). - nvme-rdma: fix a NULL deref when an admin connect times out (bsc#1149446). - nvme-rdma: fix timeout handler (bsc#1149446). - nvme-rdma: stop admin queue before freeing it (bsc#1140155). - nvme-rdma: support up to 4 segments of inline data (bsc#1142076). - nvme-rdma: unquiesce queues when deleting the controller (bsc#1142076). - nvme: remove ns sibling before clearing path (bsc#1140155). - nvme: return BLK_EH_DONE from ->timeout (bsc#1142076). - objtool: Clobber user CFLAGS variable (bsc#1153236). - PCI: Correct pci=resource_alignment parameter example (bsc#1051510). - PCI: dra7xx: Fix legacy INTD IRQ handling (bsc#1087092). - PCI: hv: Detect and fix Hyper-V PCI domain number collision (bsc#1150423). - PCI: hv: Use bytes 4 and 5 from instance ID as the PCI domain numbers (bsc#1153263). - PCI: PM: Fix pci_power_up() (bsc#1051510). - phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current (bsc#1051510). - pinctrl: tegra: Fix write barrier placement in pmx_writel (bsc#1051510). - platform/x86: classmate-laptop: remove unused variable (bsc#1051510). - platform/x86: pmc_atom: Add Siemens SIMATIC IPC227E to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Add Siemens SIMATIC IPC277E to critclk_systems DMI table (bsc#1051510). - PM: sleep: Fix possible overflow in pm_system_cancel_wakeup() (bsc#1051510). - PNFS fallback to MDS if no deviceid found (git-fixes). - pNFS/flexfiles: Fix PTR_ERR() dereferences in ff_layout_track_ds_error (git-fixes). - pNFS/flexfiles: Turn off soft RPC calls (git-fixes). - powerpc/64: Make sys_switch_endian() traceable (bsc#1065729). - powerpc/64s/pseries: radix flush translations before MMU is enabled at boot (bsc#1055186). - powerpc/64s/radix: Fix MADV_[FREE|DONTNEED] TLB flush miss problem with THP (bsc#1152161 ltc#181664). - powerpc/64s/radix: Fix memory hotplug section page table creation (bsc#1065729). - powerpc/64s/radix: Fix memory hot-unplug page table split (bsc#1065729). - powerpc/64s/radix: Implement _tlbie(l)_va_range flush functions (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve preempt handling in TLB code (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve TLB flushing for page table freeing (bsc#1152161 ltc#181664). - powerpc/64s/radix: Introduce local single page ceiling for TLB range flush (bsc#1055117 bsc#1152161 ltc#181664). - powerpc/64s/radix: keep kernel ERAT over local process/guest invalidates (bsc#1055186). - powerpc/64s/radix: Optimize flush_tlb_range (bsc#1152161 ltc#181664). - powerpc/64s/radix: tidy up TLB flushing code (bsc#1055186). - powerpc/64s: Rename PPC_INVALIDATE_ERAT to PPC_ISA_3_0_INVALIDATE_ERAT (bsc#1055186). - powerpc/book3s64/mm: Do not do tlbie fixup for some hardware revisions (bsc#1152161 ltc#181664). - powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG feature flag (bsc#1152161 ltc#181664). - powerpc: bpf: Fix generation of load/store DW instructions (bsc#1065729). - powerpc/bpf: use unsigned division instruction for 64-bit operations (bsc#1065729). - powerpc: Drop page_is_ram() and walk_system_ram_range() (bsc#1065729). - powerpc/irq: Do not WARN continuously in arch_local_irq_restore() (bsc#1065729). - powerpc/irq: drop arch_early_irq_init() (bsc#1065729). - powerpc/mm/book3s64: Move book3s64 code to pgtable-book3s64 (bsc#1055186). - powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue on POWER9 (bsc#1152161 ltc#181664). - powerpc/mm: mark more tlb functions as __always_inline (bsc#1055186). - powerpc/mm: Properly invalidate when setting process table base (bsc#1055186). - powerpc/mm/radix: Drop unneeded NULL check (bsc#1152161 ltc#181664). - powerpc/mm/radix: implement LPID based TLB flushes to be used by KVM (bsc#1152161 ltc#181664). - powerpc/mm/radix: mark as __tlbie_pid() and friends as__always_inline (bsc#1055186). - powerpc/mm/radix: mark __radix__flush_tlb_range_psize() as __always_inline (bsc#1055186). - powerpc/mm: Simplify page_is_ram by using memblock_is_memory (bsc#1065729). - powerpc/mm: Use memblock API for PPC32 page_is_ram (bsc#1065729). - powerpc/module64: Fix comment in R_PPC64_ENTRY handling (bsc#1065729). - powerpc/powernv: Fix compile without CONFIG_TRACEPOINTS (bsc#1065729). - powerpc/powernv/ioda2: Allocate TCE table levels on demand for default DMA window (bsc#1061840). - powerpc/powernv/ioda: Fix race in TCE level allocation (bsc#1061840). - powerpc/powernv: move OPAL call wrapper tracing and interrupt handling to C (bsc#1065729). - powerpc/powernv/npu: Remove obsolete comment about TCE_KILL_INVAL_ALL (bsc#1065729). - powerpc/pseries: Call H_BLOCK_REMOVE when supported (bsc#1109158). - powerpc/pseries: Export maximum memory value (bsc#1122363). - powerpc/pseries: Export raw per-CPU VPA data via debugfs (). - powerpc/pseries: Fix cpu_hotplug_lock acquisition in resize_hpt() (bsc#1065729). - powerpc/pseries/memory-hotplug: Fix return value type of find_aa_index (bsc#1065729). - powerpc/pseries/mobility: use cond_resched when updating device tree (bsc#1153112 ltc#181778). - powerpc/pseries: Read TLB Block Invalidate Characteristics (bsc#1109158). - powerpc/pseries: Remove confusing warning message (bsc#1109158). - powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning (bsc#1148868). - powerpc/rtas: allow rescheduling while changing cpu states (bsc#1153112 ltc#181778). - powerpc/xive: Fix bogus error code returned by OPAL (bsc#1065729). - powerpc/xive: Implement get_irqchip_state method for XIVE to fix shutdown race (bsc#1065729). - powerpc/xmon: Fix opcode being uninitialized in print_insn_powerpc (bsc#1065729). - power: reset: gpio-restart: Fix typo when gpio reset is not found (bsc#1051510). - power: supply: Init device wakeup after device_add() (bsc#1051510). - power: supply: sysfs: ratelimit property read error message (bsc#1051510). - ppp: Fix memory leak in ppp_write (git-fixes). - printk: Do not lose last line in kmsg buffer dump (bsc#1152460). - printk: fix printk_time race (bsc#1152466). - printk/panic: Avoid deadlock in printk() after stopping CPUs by NMI (bsc#1148712). - qed: iWARP - Fix default window size to be based on chip (bsc#1050536 bsc#1050545). - qed: iWARP - Fix tc for MPA ll2 connection (bsc#1050536 bsc#1050545). - qed: iWARP - fix uninitialized callback (bsc#1050536 bsc#1050545). - qed: iWARP - Use READ_ONCE and smp_store_release to access ep->state (bsc#1050536 bsc#1050545). - qla2xxx: kABI fixes for v10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - qla2xxx: remove SGI SN2 support (bsc#1123034 bsc#1131304 bsc#1127988). - quota: fix wrong condition in is_quota_modification() (bsc#1152026). - r8152: Set memory to all 0xFFs on failed reg reads (bsc#1051510). - RDMA/bnxt_re: Fix spelling mistake 'missin_resp' -> 'missing_resp' (bsc#1050244). - RDMA: Fix goto target to release the allocated memory (bsc#1050244). - regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg (bsc#1051510). - Revert 'mwifiex: fix system hang problem after resume' (bsc#1051510). - Revert 'Revert 'rpm/kernel-binary.spec.in: rename kGraft to KLP ()'' This reverts commit 468af43c8fd8509820798b6d8ed363fc417ca939 Should get this rename again with next SLE15 merge. - rtlwifi: rtl8192cu: Fix value set in descriptor (bsc#1142635). - s390/crypto: fix gcm-aes-s390 selftest failures (bsc#1137861 LTC#178091). - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero (networking-stable-19_09_15). - scsi: lpfc: Fix null ptr oops updating lpfc_devloss_tmo via sysfs attribute (bsc#1140845). - scsi: lpfc: Fix propagation of devloss_tmo setting to nvme transport (bsc#1140883). - scsi: lpfc: Remove bg debugfs buffers (bsc#1144375). - scsi: qedf: fc_rport_priv reference counting fixes (bsc#1098291). - scsi: qedf: Modify abort and tmf handler to handle edge condition and flush (bsc#1098291). - scsi: qla2xxx: Add 28xx flash primary/secondary status/image mechanism (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add Device ID for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add First Burst support for FC-NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add fw_attr and port_no SysFS node (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add new FW dump template entry types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add pci function reset support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add protection mask module parameters (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add Serdes support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for multiple fwdump templates/segments (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for setting port speed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Allow NVMe IO to resume with short cable pull (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: allow session delete to finish before create (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid PCI IRQ affinity mapping when multiqueue is not supported (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: avoid printf format warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that Coverity complains about dereferencing a NULL rport pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if called twice (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change abort wait_loop from msleep to wait_event_timeout (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change data_dsd into an array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change default ZIO threshold (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla24xx_read_flash_data() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla2x00_update_ms_fdmi_iocb() into void (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for FW started flag before aborting (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: check for kstrtol() failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check secondary image if reading the primary image fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the PCI info string output buffer size (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the size of firmware data structures at compile time (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup fcport memory to prevent leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds during unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: cleanup trace buffer initialization (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a command is released that is owned by the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a mailbox command times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a soft reset fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if parsing the version string fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if sp->done() is not called from the completion path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if waiting for pending commands times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain loudly about reference count underflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correct error handling during initialization failures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correction and improvement to fwdt processing (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correctly report max/min supported speeds (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: deadlock by configfs_depend_item (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare fourth qla2x00_set_model_info() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare local symbols static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla_tgt_cmd.cdb const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare the fourth ql_dump_buffer() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Do not corrupt vha->plogi_ack_list (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Downgrade driver to 10.01.00.19-k There are upstream bug reports against 10.01.00.19-k which haven't been resolved. Also the newer version failed to get a proper review. For time being it's better to got with the older version and do not introduce new bugs. - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Enable type checking for the SRB free and done callback functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix abort timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a NULL pointer dereference (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a qla24xx_enable_msix() error path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a recently introduced kernel warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a small typo in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix code indentation for qla27xx_fwdt_entry (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment alignment in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment in MODULE_PARM_DESC in qla2xxx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix different size DMA Alloc/Unmap (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA error when the DIF sg buffer crosses 4GB boundary (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA unmap leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver reload for ISP82xx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are connected (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix fcport null pointer access (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix flash read for Qlogic ISPs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix formatting of pointer types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw dump corruption (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw options handle eh_bus_reset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hang in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardirq-unsafe locking (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardlockup in abort command during driver remove (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix kernel crash after disconnecting NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix message indicating vectors used by driver (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link reset (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link up fail (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Nport ID display value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVMe port discovery after a short device port loss (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix possible fcport null-pointer dereferences (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix premature timer expiration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix read offset in qla24xx_load_risc_flash() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix routine qla27xx_dump_{mpi|ram}() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session cleanup hang (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session lookup in qlt_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake 'alredy' -> 'already' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake 'initializatin' -> 'initialization' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix SRB allocation flag to avoid sleeping in IRQ context (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stuck login session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unload when NVMe devices are configured (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix use-after-free issues in qla2xxx_qpair_sp_free_dma() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: flush IO on chip reset or sess delete (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Further limit FLASH region write access from SysFS (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve Linux kernel coding style conformance (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve logging for scan thread (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Include the <asm/unaligned.h> header file from qla_dsd.h (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the max_sgl_segments to 1024 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the size of the mailbox arrays from 4 to 8 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Insert spaces where required (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2xxx_get_next_handle() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the be_id_t and le_id_t data types for FC src/dst IDs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the dsd32 and dsd64 data structures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Leave a blank line after declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Let the compiler check the type of the SCSI command context pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Log the status code if a firmware command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make it explicit that ELS pass-through IOCBs use little endian (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_mem_free() easier to verify (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_process_response_queue() easier to read (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qlt_handle_abts_completion() more robust (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make sure that aborted commands are freed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Modify NVMe include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move debug messages before sending srb preventing panic (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: move IO flush to the front of NVME rport unregistration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move marker request behind QPair (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_clear_loop_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_is_reserved_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids() definition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the <linux/io-64-nonatomic-lo-hi.h> include directive (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the port_state_str definition from a .h to a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: no need to check return value of debugfs_create functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: on session delete, return nvme cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Pass little-endian values to the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent memory leak for CT req/rsp allocation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent multiple ADISC commands per session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent SysFS access when chip is down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Really fix qla2xxx_eh_abort() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of casts in GID list code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of forward declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the scope of three local variables in qla2xxx_queuecommand() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reject EH_{abort|device_reset|target_request} (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a comment that refers to the SCSI host lock (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove an include directive from qla_mr.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous forward declaration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous pointer check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove dead code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove double assignment in qla2x00_update_fcport (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove FW default template (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove redundant null check on pointer sess (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove set but not used variable 'ptr_dma' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove superfluous sts_entry_* casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove the fcport test from qla_nvme_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous if-tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary locking from the target code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary null check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unreachable code from qla83xx_idc_lock() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove useless set memory to zero use memset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove WARN_ON_ONCE in qla2x00_status_cont_entry() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Replace vmalloc + memset with vzalloc (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report invalid mailbox status codes (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report the firmware status code if a mailbox command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Restore FAWWPN of Physical Port only for loop down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Retry fabric Scan on IOCB queue full (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Rework key encoding in qlt_find_host_by_d_id() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Secure flash update support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remote port devloss timeout to 0 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remove flag for all VP (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the responder mode if appropriate for ELS pass-through IOCBs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the SCSI command result before calling the command done (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence fwdump template message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence Successful ELS IOCB message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplification of register address used in qla_tmpl.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify a debug statement (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify conditional check again (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_abort_sp_done() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_async_abort_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_lport_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_send_term_imm_notif() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Skip FW dump on LOOP initialization error (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress a Coveritiy complaint about integer overflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress multiple Coverity complaint about out-of-bounds accesses (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: target: Fix offline port handling and host reset handling (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Uninline qla2x00_init_timer() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Unregister resources in the opposite order of the registration order (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.13-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.14-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.15-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.16-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.19-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update flash read/write routine (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use an on-stack completion in qla24xx_control_vp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use ARRAY_SIZE() in the definition of QLA_LAST_SPEED (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use common update-firmware-options routine for ISP27xx+ (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use complete switch scan for RSCN events (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use Correct index for Q-Pair array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use get/put_unaligned where appropriate (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use __le64 instead of uint32_t for sending DMA addresses to firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use memcpy() and strlcpy() instead of strcpy() and strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use mutex protection during qla2x00_sysfs_read_fw_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use strlcpy() instead of strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs instead of spaces for indentation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs to indent code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Verify locking assumptions at runtime (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: scsi_dh_rdac: zero cdb in send_mode_select() (bsc#1149313). - scsi: scsi_transport_fc: nvme: display FC-NVMe port roles (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: storvsc: setup 1:1 mapping between hardware queue and CPU queue (bsc#1140729). - scsi: tcm_qla2xxx: Minimize #include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi_transport_fc: complete requests from ->timeout (bsc#1142076). - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()' (networking-stable-19_09_15). - sctp: fix the transport error_count check (networking-stable-19_08_21). - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike (networking-stable-19_09_15). - secure boot lockdown: Fix-up backport of /dev/mem access restriction The upstream-submitted patch set has evolved over time, align our patches (contents and description) to reflect the current status as far as /dev/mem access is concerned. - Sign non-x86 kernels when possible (boo#1134303) - sky2: Disable MSI on yet another ASUS boards (P6Xxxx) (bsc#1051510). - slip: make slhc_free() silently accept an error pointer (bsc#1051510). - slip: sl_alloc(): remove unused parameter 'dev_t line' (bsc#1051510). - sock_diag: fix autoloading of the raw_diag module (bsc#1152791). - sock_diag: request _diag module only when the family or proto has been registered (bsc#1152791). - staging: vt6655: Fix memory leak in vt6655_probe (bsc#1051510). - SUNRPC fix regression in umount of a secure mount (git-fixes). - SUNRPC: Handle connection breakages correctly in call_status() (git-fixes). - SUNRPC/nfs: Fix return value for nfs4_callback_compound() (git-fixes). - tcp: Do not dequeue SYN/FIN-segments from write-queue (git-gixes). - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR (networking-stable-19_09_15). - tcp: inherit timestamp on mtu probe (networking-stable-19_09_05). - tcp: make sure EPOLLOUT wont be missed (networking-stable-19_08_28). - tcp: remove empty skb from write queue in error cases (networking-stable-19_09_05). - team: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - thermal: Fix use-after-free when unregistering thermal zone device (bsc#1051510). - thermal_hwmon: Sanitize thermal_zone type (bsc#1051510). - tipc: add NULL pointer check before calling kfree_rcu (networking-stable-19_09_15). - tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts (bsc#1082555). - tracing: Initialize iter->seq after zeroing in tracing_read_pipe() (bsc#1151508). - tun: fix use-after-free when register netdev failed (networking-stable-19_09_15). - tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (bsc#1145099). - tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (bsc#1145099). - usb: adutux: fix NULL-derefs on disconnect (bsc#1142635). - usb: adutux: fix use-after-free on disconnect (bsc#1142635). - usb: adutux: fix use-after-free on release (bsc#1051510). - usb: chaoskey: fix use-after-free on release (bsc#1051510). - usb: dummy-hcd: fix power budget for SuperSpeed mode (bsc#1051510). - usb: iowarrior: fix use-after-free after driver unbind (bsc#1051510). - usb: iowarrior: fix use-after-free on disconnect (bsc#1051510). - usb: iowarrior: fix use-after-free on release (bsc#1051510). - usb: legousbtower: fix deadlock on disconnect (bsc#1142635). - usb: legousbtower: fix open after failed reset request (bsc#1142635). - usb: legousbtower: fix potential NULL-deref on disconnect (bsc#1142635). - usb: legousbtower: fix slab info leak at probe (bsc#1142635). - usb: legousbtower: fix use-after-free on release (bsc#1051510). - usb: microtek: fix info-leak at probe (bsc#1142635). - usbnet: ignore endpoints with invalid wMaxPacketSize (bsc#1051510). - usbnet: sanity checking of packet sizes and device mtu (bsc#1051510). - usb: serial: fix runtime PM after driver unbind (bsc#1051510). - usb: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20 (bsc#1051510). - usb: serial: keyspan: fix NULL-derefs on open() and write() (bsc#1051510). - usb: serial: option: add support for Cinterion CLS8 devices (bsc#1051510). - usb: serial: option: add Telit FN980 compositions (bsc#1051510). - usb: usbcore: Fix slab-out-of-bounds bug during device reset (bsc#1051510). - usb: usblcd: fix I/O after disconnect (bsc#1142635). - usb: usblp: fix runtime PM after driver unbind (bsc#1051510). - usb: usb-skeleton: fix NULL-deref on disconnect (bsc#1051510). - usb: usb-skeleton: fix runtime PM after driver unbind (bsc#1051510). - usb: usb-skeleton: fix use-after-free after driver unbind (bsc#1051510). - usb: xhci: wait for CNR controller not ready bit in xhci resume (bsc#1051510). - usb: yurex: Do not retry on unexpected errors (bsc#1051510). - usb: yurex: fix NULL-derefs on disconnect (bsc#1051510). - vfio_pci: Restore original state on release (bsc#1051510). - vhost_net: conditionally enable tx polling (bsc#1145099). - vhost_net: conditionally enable tx polling (bsc#1145099). - video: of: display_timing: Add of_node_put() in of_get_display_timing() (bsc#1051510). - video: ssd1307fb: Start page range at page_offset (bsc#1113722) - watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout (bsc#1051510). - x86/asm: Fix MWAITX C-state hint value (bsc#1114279). - x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h (bsc#1114279). - x86/fpu: Add FPU state copying quirk to handle XRSTOR failure on Intel Skylake CPUs (bsc#1151955). - x86/mm: Use WRITE_ONCE() when setting PTEs (bsc#1114279). - x86/tls: Fix possible spectre-v1 in do_get_thread_area() (bsc#1114279). - xen/netback: fix error path of xenvif_connect_data() (bsc#1065600). - xen/netback: Reset nr_frags before freeing skb (networking-stable-19_08_21). - xen-netfront: do not assume sk_buff_head list is empty in error handling (bsc#1065600). - xen-netfront: do not use ~0U as error return value for xennet_fill_frags() (bsc#1065600). - xen/pv: Fix Xen PV guest int3 handling (bsc#1153811). - xen/xenbus: fix self-deadlock after killing user process (bsc#1065600). - xhci: Check all endpoints for LPM timeout (bsc#1051510). - xhci: Fix false warning message about wrong bounce buffer write length (bsc#1051510). - xhci: Increase STS_SAVE timeout in xhci_suspend() (bsc#1051510). - xhci: Prevent device initiated U1/U2 link pm if exit latency is too long (bsc#1051510). Important SUSE bug 1046299 SUSE bug 1046303 SUSE bug 1046305 SUSE bug 1050244 SUSE bug 1050536 SUSE bug 1050545 SUSE bug 1051510 SUSE bug 1054914 SUSE bug 1055117 SUSE bug 1055186 SUSE bug 1061840 SUSE bug 1064802 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1066129 SUSE bug 1071995 SUSE bug 1073513 SUSE bug 1082555 SUSE bug 1086323 SUSE bug 1087092 SUSE bug 1089644 SUSE bug 1093205 SUSE bug 1097583 SUSE bug 1097584 SUSE bug 1097585 SUSE bug 1097586 SUSE bug 1097587 SUSE bug 1097588 SUSE bug 1098291 SUSE bug 1101674 SUSE bug 1104967 SUSE bug 1109158 SUSE bug 1113722 SUSE bug 1114279 SUSE bug 1117665 SUSE bug 1119086 SUSE bug 1122363 SUSE bug 1123034 SUSE bug 1123080 SUSE bug 1127155 SUSE bug 1127988 SUSE bug 1131304 SUSE bug 1133140 SUSE bug 1134303 SUSE bug 1135642 SUSE bug 1135854 SUSE bug 1135873 SUSE bug 1137799 SUSE bug 1137861 SUSE bug 1137865 SUSE bug 1137959 SUSE bug 1140155 SUSE bug 1140729 SUSE bug 1140845 SUSE bug 1140883 SUSE bug 1141600 SUSE bug 1142076 SUSE bug 1142635 SUSE bug 1142667 SUSE bug 1144375 SUSE bug 1144449 SUSE bug 1145099 SUSE bug 1146042 SUSE bug 1146519 SUSE bug 1146540 SUSE bug 1146664 SUSE bug 1148133 SUSE bug 1148410 SUSE bug 1148712 SUSE bug 1148868 SUSE bug 1149313 SUSE bug 1149446 SUSE bug 1149555 SUSE bug 1149651 SUSE bug 1150381 SUSE bug 1150423 SUSE bug 1150452 SUSE bug 1150465 SUSE bug 1150875 SUSE bug 1151350 SUSE bug 1151508 SUSE bug 1151610 SUSE bug 1151667 SUSE bug 1151671 SUSE bug 1151680 SUSE bug 1151891 SUSE bug 1151955 SUSE bug 1152024 SUSE bug 1152025 SUSE bug 1152026 SUSE bug 1152161 SUSE bug 1152325 SUSE bug 1152457 SUSE bug 1152460 SUSE bug 1152466 SUSE bug 1152788 SUSE bug 1152791 SUSE bug 1152972 SUSE bug 1152974 SUSE bug 1152975 SUSE bug 1153112 SUSE bug 1153158 SUSE bug 1153236 SUSE bug 1153263 SUSE bug 1153646 SUSE bug 1153713 SUSE bug 1153717 SUSE bug 1153718 SUSE bug 1153719 SUSE bug 1153811 SUSE bug 1154108 SUSE bug 1154189 SUSE bug 1154354 SUSE bug 1154372 SUSE bug 1154578 SUSE bug 1154607 SUSE bug 1154608 SUSE bug 1154610 SUSE bug 1154611 SUSE bug 1154651 SUSE bug 1154747 CVE-2017-18595 CVE-2019-14821 CVE-2019-15291 CVE-2019-16232 CVE-2019-16234 CVE-2019-17056 CVE-2019-17133 CVE-2019-17666 CVE-2019-9506 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_3 fixes one issue. The following security issue was fixed: - CVE-2018-16884: A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time could make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bsc#1119947). Important SUSE bug 1119947 CVE-2018-16884 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. The Linux Kernel KVM hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack. The Linux kernel was supplemented with the option to disable TSX operation altogether (requiring CPU Microcode updates on older systems) and better flushing of microarchitectural buffers (VERW). The set of options available is described in our TID at https://www.suse.com/support/kb/doc/?id=7024251 Other security fixes: - CVE-2019-0154: Fixed a local denial of service via read of unprotected i915 registers. (bsc#1135966) - CVE-2019-0155: Fixed privilege escalation in the i915 driver. Batch buffers from usermode could have escalated privileges via blitter command stream. (bsc#1135967) - CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150457). - CVE-2019-10220: Added sanity checks on the pathnames passed to the user space. (bsc#1144903). The following non-security bugs were fixed: - alsa: bebob: Fix prototype of helper function to return negative value (bsc#1051510). - alsa: hda/realtek - Add support for ALC623 (bsc#1051510). - alsa: hda/realtek - Add support for ALC711 (bsc#1051510). - alsa: hda/realtek - Fix 2 front mics of codec 0x623 (bsc#1051510). - alsa: hda: Add Elkhart Lake PCI ID (bsc#1051510). - alsa: hda: Add Tigerlake/Jasperlake PCI ID (bsc#1051510). - alsa: timer: Fix mutex deadlock at releasing card (bsc#1051510). - arcnet: provide a buffer big enough to actually receive packets (networking-stable-19_09_30). - asoc: rockchip: i2s: Fix RPM imbalance (bsc#1051510). - asoc: rsnd: Reinitialize bit clock inversion flag for every format setting (bsc#1051510). - bpf: fix use after free in prog symbol exposure (bsc#1083647). - btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group() (bsc#1155178). - btrfs: qgroup: Always free PREALLOC META reserve in btrfs_delalloc_release_extents() (bsc#1155179). - btrfs: tracepoints: Fix bad entry members of qgroup events (bsc#1155186). - btrfs: tracepoints: Fix wrong parameter order for qgroup events (bsc#1155184). - crypto: af_alg - Fix race around ctx->rcvused by making it atomic_t (bsc#1154737). - crypto: af_alg - Initialize sg_num_bytes in error code path (bsc#1051510). - crypto: af_alg - consolidation of duplicate code (bsc#1154737). - crypto: af_alg - fix race accessing cipher request (bsc#1154737). - crypto: af_alg - remove locking in async callback (bsc#1154737). - crypto: af_alg - update correct dst SGL entry (bsc#1051510). - crypto: af_alg - wait for data at beginning of recvmsg (bsc#1154737). - crypto: algif - return error code when no data was processed (bsc#1154737). - crypto: algif_aead - copy AAD from src to dst (bsc#1154737). - crypto: algif_aead - fix reference counting of null skcipher (bsc#1154737). - crypto: algif_aead - overhaul memory management (bsc#1154737). - crypto: algif_aead - skip SGL entries with NULL page (bsc#1154737). - crypto: algif_skcipher - overhaul memory management (bsc#1154737). - cxgb4:Fix out-of-bounds MSI-X info array access (networking-stable-19_10_05). - drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50 (bsc#1051510). - drm/i915/cmdparser: Add support for backward jumps (bsc#1135967) - drm/i915/cmdparser: Ignore Length operands during command matching (bsc#1135967) - drm/i915/cmdparser: Use explicit goto for error paths (bsc#1135967) - drm/i915/gen8+: Add RC6 CTX corruption WA (bsc#1135967) - drm/i915/gtt: Add read only pages to gen8_pte_encode (bsc#1135967) - drm/i915/gtt: Disable read-only support under GVT (bsc#1135967) - drm/i915/gtt: Read-only pages for insert_entries on bdw (bsc#1135967) - drm/i915: Add gen9 BCS cmdparsing (bsc#1135967) - drm/i915: Add support for mandatory cmdparsing (bsc#1135967) - drm/i915: Allow parsing of unsized batches (bsc#1135967) - drm/i915: Disable Secure Batches for gen6+ - drm/i915: Lower RM timeout to avoid DSI hard hangs (bsc#1135967) - drm/i915: Prevent writing into a read-only object via a GGTT mmap (bsc#1135967) - drm/i915: Remove Master tables from cmdparser - drm/i915: Rename gen7 cmdparser tables (bsc#1135967) - drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (bsc#1135967) - efi/memattr: Do not bail on zero VA if it equals the region's PA (bsc#1051510). - efi: cper: print AER info of PCIe fatal error (bsc#1051510). - efivar/ssdt: Do not iterate over EFI vars if no SSDT override was specified (bsc#1051510). - hid: fix error message in hid_open_report() (bsc#1051510). - hid: logitech-hidpp: do all FF cleanup in hidpp_ff_destroy() (bsc#1051510). - hso: fix NULL-deref on tty open (bsc#1051510). - hyperv: set nvme msi interrupts to unmanaged (jsc#SLE-8953, jsc#SLE-9221, jsc#SLE-4941, bsc#1119461, bsc#1119465, bsc#1138190, bsc#1154905). - ib/core: Add mitigation for Spectre V1 (bsc#1155671) - ieee802154: ca8210: prevent memory leak (bsc#1051510). - input: synaptics-rmi4 - avoid processing unknown IRQs (bsc#1051510). - integrity: prevent deadlock during digsig verification (bsc#1090631). - ipv6: Handle missing host route in __ipv6_ifa_notify (networking-stable-19_10_05). - ipv6: drop incoming packets having a v4mapped source address (networking-stable-19_10_05). - kABI workaround for crypto/af_alg changes (bsc#1154737). - kABI workaround for drm_vma_offset_node readonly field addition (bsc#1135967) - ksm: cleanup stable_node chain collapse case (bnc#1144338). - ksm: fix use after free with merge_across_nodes = 0 (bnc#1144338). - ksm: introduce ksm_max_page_sharing per page deduplication limit (bnc#1144338). - ksm: optimize refile of stable_node_dup at the head of the chain (bnc#1144338). - ksm: swap the two output parameters of chain/chain_prune (bnc#1144338). - kvm: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (bsc#1117665). - kvm: x86: mmu: Recovery of shattered NX large pages (bsc#1117665, CVE-2018-12207). - mac80211: Reject malformed SSID elements (bsc#1051510). - mac80211: fix txq null pointer dereference (bsc#1051510). - md/raid0: avoid RAID0 data corruption due to layout confusion (bsc#1140090). - md/raid0: fix warning message for parameter default_layout (bsc#1140090). - net/phy: fix DP83865 10 Mbps HDX loopback disable function (networking-stable-19_09_30). - net/rds: Fix error handling in rds_ib_add_one() (networking-stable-19_10_05). - net/rds: fix warn in rds_message_alloc_sgs (bsc#1154848). - net/rds: remove user triggered WARN_ON in rds_sendmsg (bsc#1154848). - net/sched: act_sample: do not push mac header on ip6gre ingress (networking-stable-19_09_30). - net/smc: fix SMCD link group creation with VLAN id (bsc#1154959). - net: Replace NF_CT_ASSERT() with WARN_ON() (bsc#1146612). - net: Unpublish sk from sk_reuseport_cb before call_rcu (networking-stable-19_10_05). - net: openvswitch: free vport unless register_netdevice() succeeds (git-fixes). - net: qlogic: Fix memory leak in ql_alloc_large_buffers (networking-stable-19_10_05). - net: qrtr: Stop rx_worker before freeing node (networking-stable-19_09_30). - net_sched: add policy validation for action attributes (networking-stable-19_09_30). - net_sched: fix backward compatibility for TCA_ACT_KIND (git-fixes). - netfilter: nf_nat: do not bug when mapping already exists (bsc#1146612). - nfsv4.1 - backchannel request should hold ref on xprt (bsc#1152624). - nl80211: fix null pointer dereference (bsc#1051510). - openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC (networking-stable-19_09_30). - qmi_wwan: add support for Cinterion CLS8 devices (networking-stable-19_10_05). - r8152: Set macpassthru in reset_resume callback (bsc#1051510). - rds: Fix warning (bsc#1154848). - reiserfs: fix extended attributes on the root directory (bsc#1151225). - rpm/kernel-subpackage-spec: Mention debuginfo in the subpackage description (bsc#1149119). - s390/cmf: set_schib_wait add timeout (bsc#1153509, bsc#1153476). - sch_cbq: validate TCA_CBQ_WRROPT to avoid crash (networking-stable-19_10_05). - sch_dsmark: fix potential NULL deref in dsmark_init() (networking-stable-19_10_05). - sch_netem: fix a divide by zero in tabledist() (networking-stable-19_09_30). - sched/fair: Avoid divide by zero when rebalancing domains (bsc#1096254). - scsi: lpfc: Fix devices that do not return after devloss followed by rediscovery (bsc#1137040). - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix N2N link reset (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix N2N link up fail (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix partial flash write of MBI (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix wait condition in loop (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Improve logging for scan thread (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Initialized mailbox to prevent driver load failure (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Set remove flag for all VP (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Silence fwdump template message (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: fix a potential NULL pointer dereference (bsc#1150457 CVE-2019-16233). - scsi: qla2xxx: fixup incorrect usage of host_byte (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: remove redundant assignment to pointer host (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: stop timer in shutdown path (bsc#1143706 bsc#1082635 bsc#1123034). - skge: fix checksum byte order (networking-stable-19_09_30). - staging: wlan-ng: fix exit return when sme->key_idx >= NUM_WEPKEYS (bsc#1051510). - supporte.conf: add efivarfs to kernel-default-base (bsc#1154858). - tipc: fix unlimited bundling of small messages (networking-stable-19_10_05). - usb: ldusb: fix NULL-derefs on driver unbind (bsc#1051510). - usb: ldusb: fix memleak on disconnect (bsc#1051510). - usb: ldusb: fix read info leaks (bsc#1051510). - usb: legousbtower: fix a signedness bug in tower_probe() (bsc#1051510). - usb: legousbtower: fix memleak on disconnect (bsc#1051510). - usb: serial: ti_usb_3410_5052: fix port-close races (bsc#1051510). - usb: udc: lpc32xx: fix bad bit shift operation (bsc#1051510). - usb: usblp: fix use-after-free on disconnect (bsc#1051510). - vfs: Make filldir[64]() verify the directory entry filename is valid (bsc#1144903, CVE-2019-10220). - vsock: Fix a lockdep warning in __vsock_release() (networking-stable-19_10_05). - x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area (bnc#1153969). - x86/boot/64: Round memory hole size up to next PMD page (bnc#1153969). - x86/tsx: Add config options to set tsx=on|off|auto (bsc#1139073, CVE-2019-11135). Important SUSE bug 1051510 SUSE bug 1082635 SUSE bug 1083647 SUSE bug 1090631 SUSE bug 1096254 SUSE bug 1117665 SUSE bug 1119461 SUSE bug 1119465 SUSE bug 1123034 SUSE bug 1135966 SUSE bug 1135967 SUSE bug 1137040 SUSE bug 1138190 SUSE bug 1139073 SUSE bug 1140090 SUSE bug 1143706 SUSE bug 1144338 SUSE bug 1144903 SUSE bug 1146612 SUSE bug 1149119 SUSE bug 1150457 SUSE bug 1151225 SUSE bug 1152624 SUSE bug 1153476 SUSE bug 1153509 SUSE bug 1153969 SUSE bug 1154737 SUSE bug 1154848 SUSE bug 1154858 SUSE bug 1154905 SUSE bug 1154959 SUSE bug 1155178 SUSE bug 1155179 SUSE bug 1155184 SUSE bug 1155186 SUSE bug 1155671 CVE-2018-12207 CVE-2019-0154 CVE-2019-0155 CVE-2019-10220 CVE-2019-11135 CVE-2019-16233 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-94_41 fixes one issue. The following security issue was fixed: - CVE-2018-16884: A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time could make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bsc#1119947). Important SUSE bug 1119947 CVE-2018-16884 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_37 fixes one issue. The following security issue was fixed: - CVE-2019-10220: Added sanity checks on the pathnames passed to the user space (bsc#1153108). Important SUSE bug 1153108 CVE-2019-10220 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_6 fixes several issues. The following security issues were fixed: - CVE-2019-15917: Fixed a use-after-free when hci_uart_register_dev() fails in hci_uart_set_proto() (bsc#1156334). - CVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship (bsc#1156321). - CVE-2018-16871: Fixed an issue where an attacker, who could mount an exported NFS filesystem, was able to trigger a null pointer dereference by using an invalid NFS sequence leading to kernel panic and deny of access to the NFS server (bsc#1156320). - CVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108). Important SUSE bug 1153108 SUSE bug 1156320 SUSE bug 1156321 SUSE bug 1156334 CVE-2018-16871 CVE-2019-10220 CVE-2019-13272 CVE-2019-15917 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_13 fixes several issues. The following security issues were fixed: - CVE-2019-15917: Fixed a use-after-free when hci_uart_register_dev() fails in hci_uart_set_proto() (bsc#1156334). - CVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship (bsc#1156321). - CVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108). Important SUSE bug 1153108 SUSE bug 1156321 SUSE bug 1156334 CVE-2019-10220 CVE-2019-13272 CVE-2019-15917 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_16 fixes several issues. The following security issues were fixed: - CVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship (bsc#1156321). - CVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108). Important SUSE bug 1153108 SUSE bug 1156321 CVE-2019-10220 CVE-2019-13272 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_19 fixes several issues. The following security issues were fixed: - CVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship (bsc#1156321). - CVE-2019-15239: Fixed a vulnerability where a local attacker could have triggered multiple use-after-free conditions resulted in privilege escalation (bsc#1156317). - CVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108). The following bugs were fixed: - Fixed boot up hang revealed by int3 self test (bsc#1157770). Important SUSE bug 1153108 SUSE bug 1156317 SUSE bug 1156321 SUSE bug 1157770 CVE-2019-10220 CVE-2019-13272 CVE-2019-15239 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_29 fixes several issues. The following security issues were fixed: - Fixed boot up hang revealed by int3 self test (bsc#1157770). - CVE-2019-15239: Fixed a vulnerability where a local attacker could have triggered multiple use-after-free conditions resulted in privilege escalation (bsc#1156317). - CVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108). The following bugs were fixed: - Fixed boot up hang revealed by int3 self test (bsc#1157770). Important SUSE bug 1153108 SUSE bug 1156317 SUSE bug 1157770 CVE-2019-10220 CVE-2019-15239 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-94_41 fixes several issues. The following security issues were fixed: - CVE-2019-15917: Fixed a use-after-free when hci_uart_register_dev() fails in hci_uart_set_proto() (bsc#1156334). - CVE-2018-20856: Fixed a use-after-free in block/blk-core.c due to improper error handling (bsc#1156331). - CVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship (bsc#1156321). - CVE-2018-16871: Fixed an issue where an attacker, who could mount an exported NFS filesystem, was able to trigger a null pointer dereference by using an invalid NFS sequence leading to kernel panic and deny of access to the NFS server (bsc#1156320). - CVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108). Important SUSE bug 1153108 SUSE bug 1156320 SUSE bug 1156321 SUSE bug 1156331 SUSE bug 1156334 CVE-2018-16871 CVE-2018-20856 CVE-2019-10220 CVE-2019-13272 CVE-2019-15917 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_3 fixes several issues. The following security issues were fixed: - CVE-2019-15917: Fixed a use-after-free when hci_uart_register_dev() fails in hci_uart_set_proto() (bsc#1156334). - CVE-2018-20856: Fixed a use-after-free in block/blk-core.c due to improper error handling (bsc#1156331). - CVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship (bsc#1156321). - CVE-2018-16871: Fixed an issue where an attacker, who could mount an exported NFS filesystem, was able to trigger a null pointer dereference by using an invalid NFS sequence leading to kernel panic and deny of access to the NFS server (bsc#1156320). - CVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108). Important SUSE bug 1153108 SUSE bug 1156320 SUSE bug 1156321 SUSE bug 1156331 SUSE bug 1156334 CVE-2018-16871 CVE-2018-20856 CVE-2019-10220 CVE-2019-13272 CVE-2019-15917 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_24 fixes several issues. The following security issues were fixed: - CVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship (bsc#1156321). - CVE-2019-15239: Fixed a vulnerability where a local attacker could have triggered multiple use-after-free conditions resulted in privilege escalation (bsc#1156317). - CVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108). The following bugs were fixed: - Fixed boot up hang revealed by int3 self test (bsc#1157770). Important SUSE bug 1153108 SUSE bug 1156317 SUSE bug 1156321 SUSE bug 1157770 CVE-2019-10220 CVE-2019-13272 CVE-2019-15239 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_32 fixes several issues. The following security issue was fixed: - CVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108). The following bugs were fixed: - Fixed boot up hang revealed by int3 self test (bsc#1157770). Important SUSE bug 1153108 SUSE bug 1157770 CVE-2019-10220 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-14895: A heap-based buffer overflow was discovered in the Linux kernel in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could have allowed the remote device to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1157158). - CVE-2019-18660: The Linux kernel on powerpc allowed Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c (bnc#1157038). - CVE-2019-18683: An issue was discovered in drivers/media/platform/vivid in the Linux kernel. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free (bnc#1155897). - CVE-2019-18809: A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1156258). - CVE-2019-19062: A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures (bnc#1157333). - CVE-2019-19057: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197). - CVE-2019-19056: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197). - CVE-2019-19068: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157307). - CVE-2019-19063: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157298). - CVE-2019-19227: In the AppleTalk subsystem in the Linux kernel there was a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client (bnc#1157678). - CVE-2019-19065: A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures (bnc#1157191). - CVE-2019-19077: A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering copy to udata failures (bnc#1157171). - CVE-2019-19052: A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157324). - CVE-2019-19067: Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures (bsc#1157180). - CVE-2019-19060: A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157178). - CVE-2019-19049: A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures (bsc#1157173). - CVE-2019-19075: A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures (bnc#1157162). - CVE-2019-19058: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures (bnc#1157145). - CVE-2019-19074: A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157143). - CVE-2019-19073: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function (bnc#1157070). - CVE-2019-15916: An issue was discovered in the Linux kernel There was a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service (bnc#1149448). - CVE-2019-16231: drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150466). - CVE-2019-18805: An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel There was a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact (bnc#1156187). - CVE-2019-17055: base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel did not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket (bnc#1152782). The following non-security bugs were fixed: - ACPI / LPSS: Exclude I2C busses shared with PUNIT from pmc_atom_d3_mask (bsc#1051510). - ACPI / SBS: Fix rare oops when removing modules (bsc#1051510). - ACPICA: Never run _REG on system_memory and system_IO (bsc#1051510). - ACPICA: Use %d for signed int print formatting instead of %u (bsc#1051510). - ALSA: 6fire: Drop the dead code (git-fixes). - ALSA: bebob: fix to detect configured source of sampling clock for Focusrite Saffire Pro i/o series (git-fixes). - ALSA: cs4236: fix error return comparison of an unsigned integer (git-fixes). - ALSA: firewire-motu: Correct a typo in the clock proc string (git-fixes). - ALSA: hda - Add mute led support for HP ProBook 645 G4 (git-fixes). - ALSA: hda - Fix pending unsol events at shutdown (git-fixes). - ALSA: hda/ca0132 - Fix possible workqueue stall (bsc#1155836). - ALSA: hda/intel: add CometLake PCI IDs (bsc#1156729). - ALSA: hda/realtek - Move some alc236 pintbls to fallback table (git-fixes). - ALSA: hda/realtek - Move some alc256 pintbls to fallback table (git-fixes). - ALSA: hda: Add Cometlake-S PCI ID (git-fixes). - ALSA: i2c/cs8427: Fix int to char conversion (bsc#1051510). - ALSA: intel8x0m: Register irq handler after register initializations (bsc#1051510). - ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed() (git-fixes). - ALSA: pcm: signedness bug in snd_pcm_plug_alloc() (bsc#1051510). - ALSA: seq: Do error checks at creating system ports (bsc#1051510). - ALSA: timer: Fix incorrectly assigned timer instance (git-fixes). - ALSA: usb-audio: Fix Focusrite Scarlett 6i6 gen1 - input handling (git-fixes). - ALSA: usb-audio: Fix missing error check at mixer resolution test (git-fixes). - ALSA: usb-audio: not submit urb for stopped endpoint (git-fixes). - ASoC: Intel: hdac_hdmi: Limit sampling rates at dai creation (bsc#1051510). - ASoC: davinci-mcasp: Handle return value of devm_kasprintf (stable 4.14.y). - ASoC: davinci: Kill BUG_ON() usage (stable 4.14.y). - ASoC: dpcm: Properly initialise hw->rate_max (bsc#1051510). - ASoC: kirkwood: fix external clock probe defer (git-fixes). - ASoC: msm8916-wcd-analog: Fix RX1 selection in RDAC2 MUX (git-fixes). - ASoC: sgtl5000: avoid division by zero if lo_vag is zero (bsc#1051510). - ASoC: tegra_sgtl5000: fix device_node refcounting (bsc#1051510). - ASoC: tlv320aic31xx: Handle inverted BCLK in non-DSP modes (stable 4.14.y). - ASoC: tlv320dac31xx: mark expected switch fall-through (stable 4.14.y). - Bluetooth: Fix invalid-free in bcsp_close() (git-fixes). - Bluetooth: Fix memory leak in hci_connect_le_scan (bsc#1051510). - Bluetooth: L2CAP: Detect if remote is not able to use the whole MPS (bsc#1051510). - Bluetooth: btusb: fix PM leak in error case of setup (bsc#1051510). - Bluetooth: delete a stray unlock (bsc#1051510). - Bluetooth: hci_core: fix init for HCI_USER_CHANNEL (bsc#1051510). - Btrfs: fix log context list corruption after rename exchange operation (bsc#1156494). - CIFS: Fix SMB2 oplock break processing (bsc#1144333, bsc#1154355). - CIFS: Fix oplock handling for SMB 2.1+ protocols (bsc#1144333, bsc#1154355). - CIFS: Fix retry mid list corruption on reconnects (bsc#1144333, bsc#1154355). - CIFS: Fix use after free of file info structures (bsc#1144333, bsc#1154355). - CIFS: Force reval dentry if LOOKUP_REVAL flag is set (bsc#1144333, bsc#1154355). - CIFS: Force revalidate inode when dentry is stale (bsc#1144333, bsc#1154355). - CIFS: Gracefully handle QueryInfo errors during open (bsc#1144333, bsc#1154355). - CIFS: avoid using MID 0xFFFF (bsc#1144333, bsc#1154355). - CIFS: fix max ea value size (bsc#1144333, bsc#1154355). - Documentation: debugfs: Document debugfs helper for unsigned long values (git-fixes). - Documentation: x86: convert protection-keys.txt to reST (bsc#1078248). - EDAC/ghes: Fix Use after free in ghes_edac remove path (bsc#1114279). - HID: Add ASUS T100CHI keyboard dock battery quirks (bsc#1051510). - HID: Add quirk for Microsoft PIXART OEM mouse (bsc#1051510). - HID: Fix assumption that devices have inputs (git-fixes). - HID: asus: Add T100CHI bluetooth keyboard dock special keys mapping (bsc#1051510). - HID: wacom: generic: Treat serial number and related fields as unsigned (git-fixes). - Input: ff-memless - kill timer in destroy() (bsc#1051510). - Input: silead - try firmware reload after unsuccessful resume (bsc#1051510). - Input: st1232 - set INPUT_PROP_DIRECT property (bsc#1051510). - Input: synaptics-rmi4 - clear IRQ enables for F54 (bsc#1051510). - Input: synaptics-rmi4 - destroy F54 poller workqueue when removing (bsc#1051510). - Input: synaptics-rmi4 - disable the relative position IRQ in the F12 driver (bsc#1051510). - Input: synaptics-rmi4 - do not consume more data than we have (F11, F12) (bsc#1051510). - Input: synaptics-rmi4 - fix video buffer size (git-fixes). - KVM: VMX: Consider PID.PIR to determine if vCPU has pending interrupts (bsc#1158064). - KVM: VMX: Fix conditions for guest IA32_XSS support (bsc#1158065). - KVM: x86/mmu: Take slots_lock when using kvm_mmu_zap_all_fast() (bsc#1158067). - KVM: x86: Introduce vcpu->arch.xsaves_enabled (bsc#1158066). - NFC: nxp-nci: Fix NULL pointer dereference after I2C communication error (git-fixes). - PCI/ACPI: Correct error message for ASPM disabling (bsc#1051510). - PCI/PME: Fix possible use-after-free on remove (git-fixes). - PCI: sysfs: Ignore lockdep for remove attribute (git-fixes). - PM / devfreq: Check NULL governor in available_governors_show (git-fixes). - PM / devfreq: Lock devfreq in trans_stat_show (git-fixes). - PM / devfreq: exynos-bus: Correct clock enable sequence (bsc#1051510). - PM / devfreq: passive: Use non-devm notifiers (bsc#1051510). - PM / devfreq: passive: fix compiler warning (bsc#1051510). - PM / hibernate: Check the success of generating md5 digest before hibernation (bsc#1051510). - README.BRANCH: Add Denis as branch maintainer - Revert synaptics-rmi4 patch due to regression (bsc#1155982) Also blacklisting it - UAS: Revert commit 3ae62a42090f ('UAS: fix alignment of scatter/gather segments'). - USB: chaoskey: fix error case of a timeout (git-fixes). - USB: gadget: Reject endpoints with 0 maxpacket value (bsc#1051510). - USB: ldusb: fix control-message timeout (bsc#1051510). - USB: ldusb: fix ring-buffer locking (bsc#1051510). - USB: serial: mos7720: fix remote wakeup (git-fixes). - USB: serial: mos7840: add USB ID to support Moxa UPort 2210 (bsc#1051510). - USB: serial: mos7840: fix remote wakeup (git-fixes). - USB: serial: option: add support for DW5821e with eSIM support (bsc#1051510). - USB: serial: option: add support for Foxconn T77W968 LTE modules (bsc#1051510). - USB: serial: whiteheat: fix line-speed endianness (bsc#1051510). - USB: serial: whiteheat: fix potential slab corruption (bsc#1051510). - USBIP: add config dependency for SGL_ALLOC (git-fixes). - appledisplay: fix error handling in the scheduled work (git-fixes). - arm64: Update config files. (bsc#1156466) Enable HW_RANDOM_OMAP driver and mark driver omap-rng as supported. - ata: ep93xx: Use proper enums for directions (bsc#1051510). - ath10k: fix kernel panic by moving pci flush after napi_disable (bsc#1051510). - ath10k: fix vdev-start timeout on error (bsc#1051510). - ath10k: limit available channels via DT ieee80211-freq-limit (bsc#1051510). - ath10k: wmi: disable softirq's while calling ieee80211_rx (bsc#1051510). - ath9k: Fix a locking bug in ath9k_add_interface() (bsc#1051510). - ath9k: add back support for using active monitor interfaces for tx99 (bsc#1051510). - ath9k: fix reporting calculated new FFT upper max (bsc#1051510). - ath9k: fix tx99 with monitor mode interface (bsc#1051510). - ath9k_hw: fix uninitialized variable data (bsc#1051510). - ax88172a: fix information leak on short answers (bsc#1051510). - backlight: lm3639: Unconditionally call led_classdev_unregister (bsc#1051510). - brcmfmac: fix full timeout waiting for action frame on-channel tx (bsc#1051510). - brcmfmac: reduce timeout for action frame scan (bsc#1051510). - brcmsmac: AP mode: update beacon when TIM changes (bsc#1051510). - brcmsmac: never log 'tid x is not agg'able' by default (bsc#1051510). - can: c_can: c_can_poll(): only read status register after status IRQ (git-fixes). - can: dev: call netif_carrier_off() in register_candev() (bsc#1051510). - can: mcba_usb: fix use-after-free on disconnect (git-fixes). - can: peak_usb: fix a potential out-of-sync while decoding packets (git-fixes). - can: peak_usb: fix slab info leak (git-fixes). - can: rx-offload: can_rx_offload_offload_one(): do not increase the skb_queue beyond skb_queue_len_max (git-fixes). - can: rx-offload: can_rx_offload_queue_sorted(): fix error handling, avoid skb mem leak (git-fixes). - can: rx-offload: can_rx_offload_queue_tail(): fix error handling, avoid skb mem leak (git-fixes). - can: usb_8dev: fix use-after-free on disconnect (git-fixes). - ceph: add missing check in d_revalidate snapdir handling (bsc#1157183). - ceph: do not try to handle hashed dentries in non-O_CREAT atomic_open (bsc#1157184). - ceph: fix use-after-free in __ceph_remove_cap() (bsc#1154058). - ceph: just skip unrecognized info in ceph_reply_info_extra (bsc#1157182). - cfg80211: Avoid regulatory restore when COUNTRY_IE_IGNORE is set (bsc#1051510). - cfg80211: Prevent regulatory restore during STA disconnect in concurrent interfaces (bsc#1051510). - cfg80211: call disconnect_wk when AP stops (bsc#1051510). - cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (bsc#1144333, bsc#1154355). - cifs: Fix missed free operations (bsc#1144333, bsc#1154355). - cifs: Use kzfree() to zero out the password (bsc#1144333, bsc#1154355). - cifs: add a helper to find an existing readable handle to a file (bsc#1144333, bsc#1154355). - cifs: create a helper to find a writeable handle by path name (bsc#1144333, bsc#1154355). - cifs: move cifsFileInfo_put logic into a work-queue (bsc#1144333, bsc#1154355). - cifs: prepare SMB2_Flush to be usable in compounds (bsc#1144333, bsc#1154355). - cifs: set domainName when a domain-key is used in multiuser (bsc#1144333, bsc#1154355). - cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic (bsc#1144333, bsc#1154355). - cifs: use existing handle for compound_op(OP_SET_INFO) when possible (bsc#1144333, bsc#1154355). - clk: at91: avoid sleeping early (git-fixes). - clk: pxa: fix one of the pxa RTC clocks (bsc#1051510). - clk: samsung: Use clk_hw API for calling clk framework from clk notifiers (bsc#1051510). - clk: samsung: exynos5420: Preserve CPU clocks configuration during suspend/resume (bsc#1051510). - clk: samsung: exynos5420: Preserve PLL configuration during suspend/resume (git-fixes). - clk: sunxi-ng: a80: fix the zero'ing of bits 16 and 18 (git-fixes). - clocksource/drivers/sh_cmt: Fix clocksource width for 32-bit machines (bsc#1051510). - clocksource/drivers/sh_cmt: Fixup for 64-bit machines (bsc#1051510). - component: fix loop condition to call unbind() if bind() fails (bsc#1051510). - cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init() (bsc#1051510). - cpufreq: Skip cpufreq resume if it's not suspended (bsc#1051510). - cpufreq: intel_pstate: Register when ACPI PCCH is present (bsc#1051510). - cpufreq: powernv: fix stack bloat and hard limit on number of CPUs (bsc#1051510). - cpufreq: ti-cpufreq: add missing of_node_put() (bsc#1051510). - cpupower : Fix cpupower working when cpu0 is offline (bsc#1051510). - cpupower : frequency-set -r option misses the last cpu in related cpu list (bsc#1051510). - cpupower: Fix coredump on VMWare (bsc#1051510). - crypto: af_alg - cast ki_complete ternary op to int (bsc#1051510). - crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr (bsc#1051510). - crypto: ecdh - fix big endian bug in ECC library (bsc#1051510). - crypto: fix a memory leak in rsa-kcs1pad's encryption mode (bsc#1051510). - crypto: geode-aes - switch to skcipher for cbc(aes) fallback (bsc#1051510). - crypto: mxs-dcp - Fix AES issues (bsc#1051510). - crypto: mxs-dcp - Fix SHA null hashes and output length (bsc#1051510). - crypto: mxs-dcp - make symbols 'sha1_null_hash' and 'sha256_null_hash' static (bsc#1051510). - crypto: s5p-sss: Fix Fix argument list alignment (bsc#1051510). - crypto: tgr192 - remove unneeded semicolon (bsc#1051510). - cw1200: Fix a signedness bug in cw1200_load_firmware() (bsc#1051510). - cxgb4: fix panic when attaching to ULD fail (networking-stable-19_11_05). - dccp: do not leak jiffies on the wire (networking-stable-19_11_05). - dlm: do not leak kernel pointer to userspace (bsc#1051510). - dlm: fix invalid free (bsc#1051510). - dmaengine: bcm2835: Print error in case setting DMA mask fails (bsc#1051510). - dmaengine: dma-jz4780: Do not depend on MACH_JZ4780 (bsc#1051510). - dmaengine: dma-jz4780: Further residue status fix (bsc#1051510). - dmaengine: ep93xx: Return proper enum in ep93xx_dma_chan_direction (bsc#1051510). - dmaengine: imx-sdma: fix size check for sdma script_number (bsc#1051510). - dmaengine: imx-sdma: fix use-after-free on probe error path (bsc#1051510). - dmaengine: rcar-dmac: set scatter/gather max segment size (bsc#1051510). - dmaengine: timb_dma: Use proper enum in td_prep_slave_sg (bsc#1051510). - docs: move protection-keys.rst to the core-api book (bsc#1078248). - drm/etnaviv: fix dumping of iommuv2 (bsc#1113722) - drm/omap: fix max fclk divider for omap36xx (bsc#1113722) - drm/radeon: fix bad DMA from INTERRUPT_CNTL2 (git-fixes). - drm/radeon: fix si_enable_smc_cac() failed issue (bsc#1113722) - e1000e: Drop unnecessary __E1000_DOWN bit twiddling (bsc#1158049). - e1000e: Use dev_get_drvdata where possible (bsc#1158049). - e1000e: Use rtnl_lock to prevent race conditions between net and pci/pm (bsc#1158049). - extcon: cht-wc: Return from default case to avoid warnings (bsc#1051510). - fbdev: sbuslib: integer overflow in sbusfb_ioctl_helper() (bsc#1051510). - fbdev: sbuslib: use checked version of put_user() (bsc#1051510). - gpio: mpc8xxx: Do not overwrite default irq_set_type callback (bsc#1051510). - gpio: syscon: Fix possible NULL ptr usage (bsc#1051510). - gpiolib: acpi: Add Terra Pad 1061 to the run_edge_events_on_boot_blacklist (bsc#1051510). - gsmi: Fix bug in append_to_eventlog sysfs handler (bsc#1051510). - hwmon: (ina3221) Fix INA3221_CONFIG_MODE macros (bsc#1051510). - hwmon: (pwm-fan) Silence error on probe deferral (bsc#1051510). - hwrng: omap - Fix RNG wait loop timeout (bsc#1051510). - hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if not idled (bsc#1051510). - hypfs: Fix error number left in struct pointer member (bsc#1051510). - ibmvnic: Bound waits for device queries (bsc#1155689 ltc#182047). - ibmvnic: Fix completion structure initialization (bsc#1155689 ltc#182047). - ibmvnic: Serialize device queries (bsc#1155689 ltc#182047). - ibmvnic: Terminate waiting device threads after loss of service (bsc#1155689 ltc#182047). - iio: adc: max9611: explicitly cast gain_selectors (bsc#1051510). - iio: adc: stm32-adc: fix stopping dma (git-fixes). - iio: dac: mcp4922: fix error handling in mcp4922_write_raw (bsc#1051510). - iio: imu: adis16480: assign bias value only if operation succeeded (git-fixes). - iio: imu: adis16480: make sure provided frequency is positive (git-fixes). - iio: imu: adis: assign read val in debugfs hook only if op successful (git-fixes). - iio: imu: adis: assign value only if return code zero in read funcs (git-fixes). - include/linux/bitrev.h: fix constant bitrev (bsc#1114279). - inet: stop leaking jiffies on the wire (networking-stable-19_11_05). - intel_th: Fix a double put_device() in error path (git-fixes). - iommu/vt-d: Fix QI_DEV_IOTLB_PFSID and QI_DEV_EIOTLB_PFSID macros (bsc#1158063). - ipmi:dmi: Ignore IPMI SMBIOS entries with a zero base address (bsc#1051510). - ipv4: Return -ENETUNREACH if we can't create route but saddr is valid (networking-stable-19_10_24). - iwlwifi: api: annotate compressed BA notif array sizes (bsc#1051510). - iwlwifi: check kasprintf() return value (bsc#1051510). - iwlwifi: do not panic in error path on non-msix systems (bsc#1155692). - iwlwifi: exclude GEO SAR support for 3168 (git-fixes). - iwlwifi: mvm: avoid sending too many BARs (bsc#1051510). - iwlwifi: mvm: do not send keys when entering D3 (bsc#1051510). - kABI workaround for ath10k last_wmi_vdev_start_status field (bsc#1051510). - kABI workaround for struct mwifiex_power_cfg change (bsc#1051510). - kABI: Fix for 'KVM: x86: Introduce vcpu->arch.xsaves_enabled' (bsc#1158066). - lib/scatterlist: Fix chaining support in sgl_alloc_order() (git-fixes). - lib/scatterlist: Introduce sgl_alloc() and sgl_free() (git-fixes). - liquidio: fix race condition in instruction completion processing (bsc#1051510). - loop: add ioctl for changing logical block size (bsc#1108043). - mISDN: Fix type of switch control variable in ctrl_teimanager (bsc#1051510). - mac80211: consider QoS Null frames for STA_NULLFUNC_ACKED (bsc#1051510). - mac80211: minstrel: fix CCK rate group streams value (bsc#1051510). - mac80211: minstrel: fix sampling/reporting of CCK rates in HT mode (bsc#1051510). - macvlan: schedule bc_work even if error (bsc#1051510). - mailbox: reset txdone_method TXDONE_BY_POLL if client knows_txdone (git-fixes). - media: au0828: Fix incorrect error messages (bsc#1051510). - media: bdisp: fix memleak on release (git-fixes). - media: cxusb: detect cxusb_ctrl_msg error in query (bsc#1051510). - media: davinci: Fix implicit enum conversion warning (bsc#1051510). - media: exynos4-is: Fix recursive locking in isp_video_release() (git-fixes). - media: fix: media: pci: meye: validate offset to avoid arbitrary access (bsc#1051510). - media: flexcop-usb: ensure -EIO is returned on error condition (git-fixes). - media: imon: invalid dereference in imon_touch_event (bsc#1051510). - media: isif: fix a NULL pointer dereference bug (bsc#1051510). - media: pci: ivtv: Fix a sleep-in-atomic-context bug in ivtv_yuv_init() (bsc#1051510). - media: pxa_camera: Fix check for pdev->dev.of_node (bsc#1051510). - media: radio: wl1273: fix interrupt masking on release (git-fixes). - media: ti-vpe: vpe: Fix Motion Vector vpdma stride (git-fixes). - media: usbvision: Fix races among open, close, and disconnect (bsc#1051510). - media: vim2m: Fix abort issue (git-fixes). - media: vivid: Set vid_cap_streaming and vid_out_streaming to true (bsc#1051510). - mei: fix modalias documentation (git-fixes). - mei: samples: fix a signedness bug in amt_host_if_call() (bsc#1051510). - mfd: intel-lpss: Add default I2C device properties for Gemini Lake (bsc#1051510). - mfd: max8997: Enale irq-wakeup unconditionally (bsc#1051510). - mfd: mc13xxx-core: Fix PMIC shutdown when reading ADC values (bsc#1051510). - mfd: palmas: Assign the right powerhold mask for tps65917 (git-fixes). - mfd: ti_am335x_tscadc: Keep ADC interface on if child is wakeup capable (bsc#1051510). - mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d() (git fixes (mm/gup)). - mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new zone (git fixes (mm/compaction)). - mm/debug.c: PageAnon() is true for PageKsm() pages (git fixes (mm/debug)). - mmc: core: fix wl1251 sdio quirks (git-fixes). - mmc: host: omap_hsmmc: add code for special init of wl1251 to get rid of pandora_wl1251_init_card (git-fixes). - mmc: mediatek: fix cannot receive new request when msdc_cmd_is_ready fail (bsc#1051510). - mmc: sdhci-esdhc-imx: correct the fix of ERR004536 (git-fixes). - mmc: sdhci-of-at91: fix quirk2 overwrite (git-fixes). - mmc: sdio: fix wl1251 vendor id (git-fixes). - mt7601u: fix bbp version check in mt7601u_wait_bbp_ready (bsc#1051510). - mtd: nand: mtk: fix incorrect register setting order about ecc irq. - mtd: spear_smi: Fix Write Burst mode (bsc#1051510). - mtd: spi-nor: fix silent truncation in spi_nor_read() (bsc#1051510). - mwifiex: Fix NL80211_TX_POWER_LIMITED (bsc#1051510). - net/ibmvnic: Ignore H_FUNCTION return from H_EOI to tolerate XIVE mode (bsc#1089644, ltc#166495, ltc#165544, git-fixes). - net/mlx4_core: Dynamically set guaranteed amount of counters per VF (networking-stable-19_11_05). - net/mlx5e: Fix handling of compressed CQEs in case of low NAPI budget (networking-stable-19_11_05). - net/smc: Fix error path in smc_init (git-fixes). - net/smc: avoid fallback in case of non-blocking connect (git-fixes). - net/smc: fix closing of fallback SMC sockets (git-fixes). - net/smc: fix ethernet interface refcounting (git-fixes). - net/smc: fix refcounting for non-blocking connect() (git-fixes). - net/smc: keep vlan_id for SMC-R in smc_listen_work() (git-fixes). - net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol() (networking-stable-19_11_05). - net: add READ_ONCE() annotation in __skb_wait_for_more_packets() (networking-stable-19_11_05). - net: add skb_queue_empty_lockless() (networking-stable-19_11_05). - net: annotate accesses to sk->sk_incoming_cpu (networking-stable-19_11_05). - net: annotate lockless accesses to sk->sk_napi_id (networking-stable-19_11_05). - net: avoid potential infinite loop in tc_ctl_action() (networking-stable-19_10_24). - net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3 (networking-stable-19_10_24). - net: bcmgenet: Set phydev->dev_flags only for internal PHYs (networking-stable-19_10_24). - net: bcmgenet: reset 40nm EPHY on energy detect (networking-stable-19_11_05). - net: dsa: b53: Do not clear existing mirrored port mask (networking-stable-19_11_05). - net: dsa: bcm_sf2: Fix IMP setup for port different than 8 (networking-stable-19_11_05). - net: dsa: fix switch tree list (networking-stable-19_11_05). - net: ethernet: ftgmac100: Fix DMA coherency issue with SW checksum (networking-stable-19_11_05). - net: fix sk_page_frag() recursion from memory reclaim (networking-stable-19_11_05). - net: hisilicon: Fix ping latency when deal with high throughput (networking-stable-19_11_05). - net: stmmac: disable/enable ptp_ref_clk in suspend/resume flow (networking-stable-19_10_24). - net: use skb_queue_empty_lockless() in busy poll contexts (networking-stable-19_11_05). - net: use skb_queue_empty_lockless() in poll() handlers (networking-stable-19_11_05). - net: wireless: ti: remove local VENDOR_ID and DEVICE_ID definitions (git-fixes). - net: wireless: ti: wl1251 use new SDIO_VENDOR_ID_TI_WL1251 definition (git-fixes). - netns: fix GFP flags in rtnl_net_notifyid() (networking-stable-19_11_05). - nfc: netlink: fix double device reference drop (git-fixes). - nfc: port100: handle command failure cleanly (git-fixes). - nl80211: Fix a GET_KEY reply attribute (bsc#1051510). - openvswitch: fix flow command message size (git-fixes). - padata: use smp_mb in padata_reorder to avoid orphaned padata jobs (git-fixes). - phy: phy-twl4030-usb: fix denied runtime access (git-fixes). - pinctl: ti: iodelay: fix error checking on pinctrl_count_index_with_args call (git-fixes). - pinctrl: at91: do not use the same irqchip with multiple gpiochips (git-fixes). - pinctrl: cherryview: Allocate IRQ chip dynamic (git-fixes). - pinctrl: lewisburg: Update pin list according to v1.1v6 (bsc#1051510). - pinctrl: lpc18xx: Use define directive for PIN_CONFIG_GPIO_PIN_INT (bsc#1051510). - pinctrl: qcom: spmi-gpio: fix gpio-hog related boot issues (bsc#1051510). - pinctrl: samsung: Fix device node refcount leaks in S3C24xx wakeup controller init (bsc#1051510). - pinctrl: samsung: Fix device node refcount leaks in S3C64xx wakeup controller init (bsc#1051510). - pinctrl: samsung: Fix device node refcount leaks in init code (bsc#1051510). - pinctrl: sunxi: Fix a memory leak in 'sunxi_pinctrl_build_state()' (bsc#1051510). - pinctrl: zynq: Use define directive for PIN_CONFIG_IO_STANDARD (bsc#1051510). - power: reset: at91-poweroff: do not procede if at91_shdwc is allocated (bsc#1051510). - power: supply: ab8500_fg: silence uninitialized variable warnings (bsc#1051510). - power: supply: max14656: fix potential use-after-free (bsc#1051510). - power: supply: twl4030_charger: disable eoc interrupt on linear charge (bsc#1051510). - power: supply: twl4030_charger: fix charging current out-of-bounds (bsc#1051510). - powerpc/64: Make meltdown reporting Book3S 64 specific (bsc#1091041). - powerpc/book3s64/hash: Use secondary hash for bolted mapping if the primary is full (bsc#1157778 ltc#182520). - powerpc/bpf: Fix tail call implementation (bsc#1157698). - powerpc/pseries: Do not fail hash page table insert for bolted mapping (bsc#1157778 ltc#182520). - powerpc/pseries: Do not opencode HPTE_V_BOLTED (bsc#1157778 ltc#182520). - powerpc/pseries: address checkpatch warnings in dlpar_offline_cpu (bsc#1156700 ltc#182459). - powerpc/pseries: safely roll back failed DLPAR cpu add (bsc#1156700 ltc#182459). - powerpc/security/book3s64: Report L1TF status in sysfs (bsc#1091041). - powerpc/security: Fix wrong message when RFI Flush is disable (bsc#1131107). - powerpc/xive: Prevent page fault issues in the machine crash handler (bsc#1156882 ltc#182435). - ppdev: fix PPGETTIME/PPSETTIME ioctls (bsc#1051510). - pwm: bcm-iproc: Prevent unloading the driver module while in use (git-fixes). - pwm: lpss: Only set update bit if we are actually changing the settings (bsc#1051510). - r8152: add device id for Lenovo ThinkPad USB-C Dock Gen 2 (networking-stable-19_11_05). - regulator: ab8500: Remove AB8505 USB regulator (bsc#1051510). - regulator: ab8500: Remove SYSCLKREQ from enum ab8505_regulator_id (bsc#1051510). - remoteproc: Check for NULL firmwares in sysfs interface (git-fixes). - reset: Fix potential use-after-free in __of_reset_control_get() (bsc#1051510). - reset: fix of_reset_simple_xlate kerneldoc comment (bsc#1051510). - reset: fix reset_control_get_exclusive kerneldoc comment (bsc#1051510). - rpm/kernel-binary.spec.in: add COMPRESS_VMLINUX (bnc#1155921) Let COMPRESS_VMLINUX determine the compression used for vmlinux. By default (historically), it is gz. - rpm/kernel-source.spec.in: Fix dependency of kernel-devel (bsc#1154043) - rtl8187: Fix warning generated when strncpy() destination length matches the sixe argument (bsc#1051510). - rtlwifi: Remove unnecessary NULL check in rtl_regd_init (bsc#1051510). - rtlwifi: rtl8192de: Fix misleading REG_MCUFWDL information (bsc#1051510). - rtlwifi: rtl8192de: Fix missing code to retrieve RX buffer address (bsc#1051510). - rtlwifi: rtl8192de: Fix missing enable interrupt flag (bsc#1051510). - s390/bpf: fix lcgr instruction encoding (bsc#1051510). - s390/bpf: use 32-bit index for tail calls (bsc#1051510). - s390/cio: avoid calling strlen on null pointer (bsc#1051510). - s390/cio: exclude subchannels with no parent from pseudo check (bsc#1051510). - s390/cmm: fix information leak in cmm_timeout_handler() (bsc#1051510). - s390/cpumsf: Check for CPU Measurement sampling (bsc#1153681 LTC#181855). - s390/idle: fix cpu idle time calculation (bsc#1051510). - s390/process: avoid potential reading of freed stack (bsc#1051510). - s390/qdio: (re-)initialize tiqdio list entries (bsc#1051510). - s390/qdio: do not touch the dsci in tiqdio_add_input_queues() (bsc#1051510). - s390/qeth: return proper errno on IO error (bsc#1051510). - s390/setup: fix boot crash for machine without EDAT-1 (bsc#1051510 bsc#1140948). - s390/setup: fix early warning messages (bsc#1051510 bsc#1140948). - s390/topology: avoid firing events before kobjs are created (bsc#1051510). - s390: fix stfle zero padding (bsc#1051510). - sc16is7xx: Fix for 'Unexpected interrupt: 8' (bsc#1051510). - scsi: lpfc: Fix Oops in nvme_register with target logout/login (bsc#1151900). - scsi: lpfc: Honor module parameter lpfc_use_adisc (bsc#1153628). - scsi: lpfc: Limit xri count for kdump environment (bsc#1154124). - scsi: qla2xxx: Add debug dump of LOGO payload and ELS IOCB (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Allow PLOGI in target mode (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Change discovery state before PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Configure local loop for N2N target (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Do command completion on abort timeout (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Do not call qlt_async_event twice (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Do not defer relogin unconditonally (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Drop superfluous INIT_WORK of del_work (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Fix PLOGI payload and ELS IOCB dump length (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Fix SRB leak on switch command timeout (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix a dma_pool_free() call (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix device connect issues in P2P configuration (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix double scsi_done for abort path (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix driver unload hang (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix memory leak when sending I/O fails (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix qla2x00_request_irqs() for MSI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Ignore NULL pointer in tcm_qla2xxx_free_mcmd (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Ignore PORT UPDATE after N2N PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Initialize free_work before flushing it (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Remove an include directive (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Retry PLOGI on FC-NVMe PRLI failure (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Send Notify ACK after N2N PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Update driver version to 10.01.00.21-k (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Use explicit LOGO in target mode (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: do not use zero for FC4_PRIORITY_NVME (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: fix rports not being mark as lost in sync fabric scan (bsc#1138039). - scsi: qla2xxx: initialize fc4_type_priority (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: unregister ports after GPN_FT failure (bsc#1138039). - scsi: sd: Ignore a failure to sync cache due to lack of authorization (git-fixes). - scsi: storvsc: Add ability to change scsi queue depth (bsc#1155021). - scsi: zfcp: fix reaction on bit error threshold notification (bsc#1154956 LTC#182054). - scsi: zfcp: fix request object use-after-free in send path causing wrong traces (bsc#1051510). - sctp: change sctp_prot .no_autobind with true (networking-stable-19_10_24). - sctp: Fixed a regression (bsc#1158082). - selftests: net: reuseport_dualstack: fix uninitalized parameter (networking-stable-19_11_05). - serial: fix kernel-doc warning in comments (bsc#1051510). - serial: mctrl_gpio: Check for NULL pointer (bsc#1051510). - serial: mxs-auart: Fix potential infinite loop (bsc#1051510). - serial: samsung: Enable baud clock for UART reset procedure in resume (bsc#1051510). - serial: uartlite: fix exit path null pointer (bsc#1051510). - serial: uartps: Fix suspend functionality (bsc#1051510). - signal: Properly set TRACE_SIGNAL_LOSE_INFO in __send_signal (bsc#1157463). - slcan: Fix memory leak in error path (bsc#1051510). - slip: Fix memory leak in slip_open error path (bsc#1051510). - slip: Fix use-after-free Read in slip_open (bsc#1051510). - smb3: Incorrect size for netname negotiate context (bsc#1144333, bsc#1154355). - smb3: fix leak in 'open on server' perf counter (bsc#1144333, bsc#1154355). - smb3: fix signing verification of large reads (bsc#1144333, bsc#1154355). - smb3: fix unmount hang in open_shroot (bsc#1144333, bsc#1154355). - smb3: improve handling of share deleted (and share recreated) (bsc#1144333, bsc#1154355). - soc: imx: gpc: fix PDN delay (bsc#1051510). - soc: qcom: wcnss_ctrl: Avoid string overflow (bsc#1051510). - spi: atmel: Fix CS high support (bsc#1051510). - spi: atmel: fix handling of cs_change set on non-last xfer (bsc#1051510). - spi: fsl-lpspi: Prevent FIFO under/overrun by default (bsc#1051510). - spi: mediatek: Do not modify spi_transfer when transfer (bsc#1051510). - spi: mediatek: use correct mata->xfer_len when in fifo transfer (bsc#1051510). - spi: pic32: Use proper enum in dmaengine_prep_slave_rg (bsc#1051510). - spi: rockchip: initialize dma_slave_config properly (bsc#1051510). - spi: spidev: Fix OF tree warning logic (bsc#1051510). - staging: rtl8188eu: fix null dereference when kzalloc fails (bsc#1051510). - thunderbolt: Fix lockdep circular locking depedency warning (git-fixes). - tpm: add check after commands attribs tab allocation (bsc#1051510). - tracing: Get trace_array reference for available_tracers files (bsc#1156429). - udp: use skb_queue_empty_lockless() (networking-stable-19_11_05). - usb-serial: cp201x: support Mark-10 digital force gauge (bsc#1051510). - usb-storage: Revert commit 747668dbc061 ('usb-storage: Set virt_boundary_mask to avoid SG overflows') (bsc#1051510). - usb: chipidea: Fix otg event handler (bsc#1051510). - usb: chipidea: imx: enable OTG overcurrent in case USB subsystem is already started (bsc#1051510). - usb: dwc3: gadget: Check ENBLSLPM before sending ep command (bsc#1051510). - usb: gadget: udc: atmel: Fix interrupt storm in FIFO mode (bsc#1051510). - usb: gadget: udc: fotg210-udc: Fix a sleep-in-atomic-context bug in fotg210_get_status() (bsc#1051510). - usb: gadget: uvc: Factor out video USB request queueing (bsc#1051510). - usb: gadget: uvc: Only halt video streaming endpoint in bulk mode (bsc#1051510). - usb: gadget: uvc: configfs: Drop leaked references to config items (bsc#1051510). - usb: gadget: uvc: configfs: Prevent format changes after linking header (bsc#1051510). - usb: handle warm-reset port requests on hub resume (bsc#1051510). - usb: xhci-mtk: fix ISOC error when interval is zero (bsc#1051510). - usbip: Fix free of unallocated memory in vhci tx (git-fixes). - usbip: Fix vhci_urb_enqueue() URB null transfer buffer error path (git-fixes). - usbip: Implement SG support to vhci-hcd and stub driver (git-fixes). - usbip: tools: fix fd leakage in the function of read_attr_usbip_status (git-fixes). - vfio-ccw: Fix misleading comment when setting orb.cmd.c64 (bsc#1051510). - vfio-ccw: Set pa_nr to 0 if memory allocation fails for pa_iova_pfn (bsc#1051510). - vfio: ccw: push down unsupported IDA check (bsc#1156471 LTC#182362). - video/hdmi: Fix AVI bar unpack (git-fixes). - virtio/s390: fix race on airq_areas (bsc#1051510). - virtio_console: allocate inbufs in add_port() only if it is needed (git-fixes). - virtio_ring: fix return code on DMA mapping fails (git-fixes). - vmxnet3: turn off lro when rxcsum is disabled (bsc#1157499). - watchdog: meson: Fix the wrong value of left time (bsc#1051510). - x86/alternatives: Add int3_emulate_call() selftest (bsc#1153811). - x86/alternatives: Fix int3_emulate_call() selftest stack corruption (bsc#1153811). - x86/mm/pkeys: Fix typo in Documentation/x86/protection-keys.txt (bsc#1078248). - x86/pkeys: Update documentation about availability (bsc#1078248). - x86/resctrl: Fix potential lockdep warning (bsc#1114279). - x86/resctrl: Prevent NULL pointer dereference when reading mondata (bsc#1114279). - x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs (bsc#1158068). - xfrm: Fix xfrm sel prefix length validation (git-fixes). - xfrm: fix sa selector validation (bsc#1156609). Important SUSE bug 1048942 SUSE bug 1051510 SUSE bug 1078248 SUSE bug 1082635 SUSE bug 1089644 SUSE bug 1091041 SUSE bug 1108043 SUSE bug 1113722 SUSE bug 1114279 SUSE bug 1117169 SUSE bug 1131107 SUSE bug 1138039 SUSE bug 1140948 SUSE bug 1143706 SUSE bug 1144333 SUSE bug 1149448 SUSE bug 1150466 SUSE bug 1151548 SUSE bug 1151900 SUSE bug 1152782 SUSE bug 1153628 SUSE bug 1153681 SUSE bug 1153811 SUSE bug 1154043 SUSE bug 1154058 SUSE bug 1154124 SUSE bug 1154355 SUSE bug 1154526 SUSE bug 1154956 SUSE bug 1155021 SUSE bug 1155689 SUSE bug 1155692 SUSE bug 1155836 SUSE bug 1155897 SUSE bug 1155921 SUSE bug 1155982 SUSE bug 1156187 SUSE bug 1156258 SUSE bug 1156429 SUSE bug 1156466 SUSE bug 1156471 SUSE bug 1156494 SUSE bug 1156609 SUSE bug 1156700 SUSE bug 1156729 SUSE bug 1156882 SUSE bug 1157038 SUSE bug 1157042 SUSE bug 1157070 SUSE bug 1157143 SUSE bug 1157145 SUSE bug 1157158 SUSE bug 1157162 SUSE bug 1157171 SUSE bug 1157173 SUSE bug 1157178 SUSE bug 1157180 SUSE bug 1157182 SUSE bug 1157183 SUSE bug 1157184 SUSE bug 1157191 SUSE bug 1157193 SUSE bug 1157197 SUSE bug 1157298 SUSE bug 1157307 SUSE bug 1157324 SUSE bug 1157333 SUSE bug 1157424 SUSE bug 1157463 SUSE bug 1157499 SUSE bug 1157678 SUSE bug 1157698 SUSE bug 1157778 SUSE bug 1157908 SUSE bug 1158049 SUSE bug 1158063 SUSE bug 1158064 SUSE bug 1158065 SUSE bug 1158066 SUSE bug 1158067 SUSE bug 1158068 SUSE bug 1158082 CVE-2019-14895 CVE-2019-15916 CVE-2019-16231 CVE-2019-17055 CVE-2019-18660 CVE-2019-18683 CVE-2019-18805 CVE-2019-18809 CVE-2019-19049 CVE-2019-19052 CVE-2019-19056 CVE-2019-19057 CVE-2019-19058 CVE-2019-19060 CVE-2019-19062 CVE-2019-19063 CVE-2019-19065 CVE-2019-19067 CVE-2019-19068 CVE-2019-19073 CVE-2019-19074 CVE-2019-19075 CVE-2019-19077 CVE-2019-19227 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-94_41 fixes several issues. The following security issues were fixed: - CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378). - CVE-2019-8912: af_alg_release() in crypto/af_alg.c neglected to set a NULL value for a certain structure member, which could have led to a use-after-free in sockfs_setattr (bsc#1126284). - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124734). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bsc#1124729). Important SUSE bug 1124729 SUSE bug 1124734 SUSE bug 1126284 SUSE bug 1128378 CVE-2019-6974 CVE-2019-7221 CVE-2019-8912 CVE-2019-9213 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_3 fixes several issues. The following security issues were fixed: - CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378). - CVE-2019-8912: af_alg_release() in crypto/af_alg.c neglected to set a NULL value for a certain structure member, which could have led to a use-after-free in sockfs_setattr (bsc#1126284). - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124734). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bsc#1124729). Important SUSE bug 1124729 SUSE bug 1124734 SUSE bug 1126284 SUSE bug 1128378 CVE-2019-6974 CVE-2019-7221 CVE-2019-8912 CVE-2019-9213 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_6 fixes several issues. The following security issues were fixed: - CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378). - CVE-2019-8912: af_alg_release() in crypto/af_alg.c neglected to set a NULL value for a certain structure member, which could have led to a use-after-free in sockfs_setattr (bsc#1126284). - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124734). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bsc#1124729). Important SUSE bug 1124729 SUSE bug 1124734 SUSE bug 1126284 SUSE bug 1128378 CVE-2019-6974 CVE-2019-7221 CVE-2019-8912 CVE-2019-9213 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-20669: Missing access control checks in ioctl of gpu/drm/i915 driver were fixed which might have lead to information leaks. (bnc#1122971). - CVE-2019-3459, CVE-2019-3460: The Bluetooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758). - CVE-2019-3819: A flaw was found in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ('root') can cause a system lock up and a denial of service. (bnc#1123161). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bnc#1124728 ). - CVE-2019-7221: Fixed a use-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124732). - CVE-2019-7222: Fixed an information leakage in the KVM hypervisor related to handling page fault exceptions, which allowed a guest user/process to use this flaw to leak the host's stack memory contents to a guest (bsc#1124735). - CVE-2019-7308: kernel/bpf/verifier.c performed undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks (bnc#1124055). - CVE-2019-8912: af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr (bnc#1125907). - CVE-2019-8980: A memory leak in the kernel_read_file function in fs/exec.c allowed attackers to cause a denial of service (memory consumption) by triggering vfs_read failures (bnc#1126209). - CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166). - CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179). The following non-security bugs were fixed: - 6lowpan: iphc: reset mac_header after decompress to fix panic (bsc#1051510). - 9p: clear dangling pointers in p9stat_free (bsc#1051510). - 9p locks: fix glock.client_id leak in do_lock (bsc#1051510). - 9p/net: fix memory leak in p9_client_create (bsc#1051510). - 9p/net: put a lower bound on msize (bsc#1051510). - 9p: use inode->i_lock to protect i_size_write() under 32-bit (bsc#1051510). - acpi/APEI: Clear GHES block_status before panic() (bsc#1051510). - acpi/device_sysfs: Avoid OF modalias creation for removed device (bsc#1051510). - acpi/nfit: Block function zero DSMs (bsc#1051510). - acpi, nfit: Fix Address Range Scrub completion tracking (bsc#1124969). - acpi/nfit: Fix bus command validation (bsc#1051510). - acpi/nfit: Fix command-supported detection (bsc#1051510). - acpi/nfit: Fix race accessing memdev in nfit_get_smbios_id() (bsc#1122662). - acpi/nfit: Fix user-initiated ARS to be 'ARS-long' rather than 'ARS-short' (bsc#1124969). - acpi: NUMA: Use correct type for printing addresses on i386-PAE (bsc#1051510). - acpi: power: Skip duplicate power resource references in _PRx (bsc#1051510). - acpi / video: Extend chassis-type detection with a 'Lunch Box' check (bsc#1051510). - acpi / video: Refactor and fix dmi_is_desktop() (bsc#1051510). - add 1 entry 2bcbd406715dca256912b9c5ae449c7968f15705 - Add delay-init quirk for Corsair K70 RGB keyboards (bsc#1087092). - af_iucv: Move sockaddr length checks to before accessing sa_family in bind and connect handlers (bsc#1051510). - alsa: bebob: fix model-id of unit for Apogee Ensemble (bsc#1051510). - alsa: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56 (bsc#1051510). - alsa: compress: Fix stop handling on compressed capture streams (bsc#1051510). - alsa: compress: prevent potential divide by zero bugs (bsc#1051510). - alsa: firewire-motu: fix construction of PCM frame for capture direction (bsc#1051510). - alsa: hda - Add mute LED support for HP ProBook 470 G5 (bsc#1051510). - alsa: hda - Add quirk for HP EliteBook 840 G5 (bsc#1051510). - alsa: hda/ca0132 - Fix build error without CONFIG_PCI (bsc#1051510). - alsa: hda/realtek: Disable PC beep in passthrough on alc285 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX362FA with ALC294 (bsc#1051510). - alsa: hda/realtek - Fixed hp_pin no value (bsc#1051510). - alsa: hda/realtek - Fix lose hp_pins for disable auto mute (bsc#1051510). - alsa: hda/realtek - Headset microphone and internal speaker support for System76 oryp5 (bsc#1051510). - alsa: hda/realtek - Headset microphone support for System76 darp5 (bsc#1051510). - alsa: hda/realtek - Reduce click noise on Dell Precision 5820 headphone (bsc#1126131). - alsa: hda/realtek - Use a common helper for hp pin reference (bsc#1051510). - alsa: hda - Serialize codec registrations (bsc#1122944). - alsa: hda - Use standard device registration for beep (bsc#1122944). - alsa: oxfw: add support for APOGEE duet FireWire (bsc#1051510). - alsa: usb-audio: Add Opus #3 to quirks for native DSD support (bsc#1051510). - alsa: usb-audio: Add support for new T+A USB DAC (bsc#1051510). - alsa: usb-audio: Fix implicit fb endpoint setup by quirk (bsc#1051510). - altera-stapl: check for a null key before strcasecmp'ing it (bsc#1051510). - amd-xgbe: Fix mdio access for non-zero ports and clause 45 PHYs (bsc#1122927). - apparmor: Fix aa_label_build() error handling for failed merges (bsc#1051510). - applicom: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - aquantia: Setup max_mtu in ndev to enable jumbo frames (bsc#1051510). - arm64: fault: avoid send SIGBUS two times (bsc#1126393). - arm: 8802/1: Call syscall_trace_exit even when system call skipped (bsc#1051510). - arm: 8808/1: kexec:offline panic_smp_self_stop CPU (bsc#1051510). - arm: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling (bsc#1051510). - arm: 8815/1: V7M: align v7m_dma_inv_range() with v7 counterpart (bsc#1051510). - arm/arm64: kvm: Rename function kvm_arch_dev_ioctl_check_extension() (bsc#1126393). - arm/arm64: kvm: vgic: Force VM halt when changing the active state of GICv3 PPIs/SGIs (bsc#1051510). - arm: cns3xxx: Fix writing to wrong PCI config registers after alignment (bsc#1051510). - arm: cns3xxx: Use actual size reads for PCIe (bsc#1051510). - arm: imx: update the cpu power up timing setting on i.mx6sx (bsc#1051510). - arm: iop32x/n2100: fix PCI IRQ mapping (bsc#1051510). - arm: kvm: Fix VTTBR_BADDR_MASK BUG_ON off-by-one (bsc#1051510). - arm: mmp/mmp2: fix cpu_is_mmp2() on mmp2-dt (bsc#1051510). - arm: OMAP1: ams-delta: Fix possible use of uninitialized field (bsc#1051510). - arm: OMAP2+: hwmod: Fix some section annotations (bsc#1051510). - arm: OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup (bsc#1051510). - arm: pxa: avoid section mismatch warning (bsc#1051510). - arm: tango: Improve ARCH_MULTIPLATFORM compatibility (bsc#1051510). - ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages (bsc#1051510). - ASoC: dapm: change snprintf to scnprintf for possible overflow (bsc#1051510). - ASoC: dma-sh7760: cleanup a debug printk (bsc#1051510). - ASoC: fsl_esai: fix register setting issue in RIGHT_J mode (bsc#1051510). - ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M (bsc#1051510). - ASoC: imx-audmux: change snprintf to scnprintf for possible overflow (bsc#1051510). - ASoC: imx-sgtl5000: put of nodes if finding codec fails (bsc#1051510). - ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field (bsc#1051510). - ASoC: msm8916-wcd-analog: add missing license information (bsc#1051510). - ASoC: qcom: Fix of-node refcount unbalance in apq8016_sbc_parse_of() (bsc#1051510). - ASoC: rsnd: fixup rsnd_ssi_master_clk_start() user count check (bsc#1051510). - ASoC: rt5514-spi: Fix potential NULL pointer dereference (bsc#1051510). - assoc_array: Fix shortcut creation (bsc#1051510). - ata: ahci: mvebu: remove stale comment (bsc#1051510). - ath9k: Avoid OF no-EEPROM quirks without qca,no-eeprom (bsc#1051510). - ath9k: dynack: check da->enabled first in sampling routines (bsc#1051510). - ath9k: dynack: make ewma estimation faster (bsc#1051510). - ath9k: dynack: use authentication messages for 'late' ack (bsc#1051510). - atm: he: fix sign-extension overflow on large shift (bsc#1051510). - ax25: fix a use-after-free in ax25_fillin_cb() (networking-stable-19_01_04). - ax25: fix possible use-after-free (bsc#1051510). - backlight: pwm_bl: Use gpiod_get_value_cansleep() to get initial (bsc#1113722) - batman-adv: Avoid WARN on net_device without parent in netns (bsc#1051510). - batman-adv: fix uninit-value in batadv_interface_tx() (bsc#1051510). - batman-adv: Force mac header to start of data on xmit (bsc#1051510). - be2net: do not flip hw_features when VXLANs are added/deleted (bsc#1050252). - bio: Introduce BIO_ALLOCED flag and check it in bio_free (bsc#1128094). - blkdev: avoid migration stalls for blkdev pages (bsc#1084216). - blk-mq: fix a hung issue when fsync (bsc#1125252). - blk-mq: fix kernel oops in blk_mq_tag_idle() (bsc#1051510). - block: break discard submissions into the user defined size (git-fixes). - block: cleanup __blkdev_issue_discard() (git-fixes). - block_dev: fix crash on chained bios with O_DIRECT (bsc#1128094). - blockdev: Fix livelocks on loop device (bsc#1124984). - block: do not deal with discard limit in blkdev_issue_discard() (git-fixes). - block: do not use bio->bi_vcnt to figure out segment number (bsc#1128895). - block: do not warn when doing fsync on read-only devices (bsc#1125252). - block: fix 32 bit overflow in __blkdev_issue_discard() (git-fixes). - block: fix infinite loop if the device loses discard capability (git-fixes). - block/loop: Use global lock for ioctl() operation (bsc#1124974). - block: make sure discard bio is aligned with logical block size (git-fixes). - block: make sure writesame bio is aligned with logical block size (git-fixes). - block: move bio_integrity_{intervals,bytes} into blkdev.h (bsc#1114585). - block/swim3: Fix -EBUSY error when re-opening device after unmount (git-fixes). - bluetooth: Fix locking in bt_accept_enqueue() for BH context (bsc#1051510). - bluetooth: Fix unnecessary error message for HCI request completion (bsc#1051510). - bnx2x: Assign unique DMAE channel number for FW DMAE transactions (bsc#1086323). - bnx2x: Clear fip MAC when fcoe offload support is disabled (bsc#1086323). - bnx2x: Fix NULL pointer dereference in bnx2x_del_all_vlans() on some hw (bsc#1086323). - bnx2x: Remove configured vlans as part of unload sequence (bsc#1086323). - bnx2x: Send update-svid ramrod with retry/poll flags enabled (bsc#1086323). - bnxt_en: Fix typo in firmware message timeout logic (bsc#1086282 ). - bnxt_en: Wait longer for the firmware message response to complete (bsc#1086282). - bonding: update nest level on unlink (git-fixes). - bpf: decrease usercnt if bpf_map_new_fd() fails in bpf_map_get_fd_by_id() (bsc#1083647). - bpf: drop refcount if bpf_map_new_fd() fails in map_create() (bsc#1083647). - bpf: fix lockdep false positive in percpu_freelist (bsc#1083647). - bpf: fix replace_map_fd_with_map_ptr's ldimm64 second imm field (bsc#1083647). - bpf: fix sanitation rewrite in case of non-pointers (bsc#1083647). - bpf: Fix syscall's stackmap lookup potential deadlock (bsc#1083647). - bpf, lpm: fix lookup bug in map_delete_elem (bsc#1083647). - bpf/verifier: fix verifier instability (bsc#1056787). - bsg: allocate sense buffer if requested (bsc#1106811). - bsg: Do not copy sense if no response buffer is allocated (bsc#1106811,bsc#1126555). - btrfs: dedupe_file_range ioctl: remove 16MiB restriction (bsc#1127494). - btrfs: do not unnecessarily pass write_lock_level when processing leaf (bsc#1126802). - btrfs: ensure that a DUP or RAID1 block group has exactly two stripes (bsc#1128451). - btrfs: fix clone vs chattr NODATASUM race (bsc#1127497). - btrfs: fix corruption reading shared and compressed extents after hole punching (bsc#1126476). - btrfs: fix deadlock when allocating tree block during leaf/node split (bsc#1126806). - btrfs: fix deadlock when using free space tree due to block group creation (bsc#1126804). - btrfs: fix fsync after succession of renames and unlink/rmdir (bsc#1126488). - btrfs: fix fsync after succession of renames of different files (bsc#1126481). - btrfs: fix invalid-free in btrfs_extent_same (bsc#1127498). - btrfs: fix reading stale metadata blocks after degraded raid1 mounts (bsc#1126803). - btrfs: fix use-after-free of cmp workspace pages (bsc#1127603). - btrfs: grab write lock directly if write_lock_level is the max level (bsc#1126802). - btrfs: Improve btrfs_search_slot description (bsc#1126802). - btrfs: move get root out of btrfs_search_slot to a helper (bsc#1126802). - btrfs: qgroup: Cleanup old subtree swap code (bsc#1063638). - btrfs: qgroup: Do not trace subtree if we're dropping reloc tree (bsc#1063638). - btrfs: qgroup: Finish rescan when hit the last leaf of extent tree (bsc#1129327). - btrfs: qgroup: Fix root item corruption when multiple same source snapshots are created with quota enabled (bsc#1122324). - btrfs: qgroup: Introduce function to find all new tree blocks of reloc tree (bsc#1063638). - btrfs: qgroup: Introduce function to trace two swaped extents (bsc#1063638). - btrfs: qgroup: Introduce per-root swapped blocks infrastructure (bsc#1063638). - btrfs: qgroup: Introduce trace event to analyse the number of dirty extents accounted (bsc#1063638 dependency). - btrfs: qgroup: Make qgroup async transaction commit more aggressive (bsc#1113042). - btrfs: qgroup: Only trace data extents in leaves if we're relocating data block group (bsc#1063638). - btrfs: qgroup: Refactor btrfs_qgroup_trace_subtree_swap (bsc#1063638). - btrfs: qgroup: Search commit root for rescan to avoid missing extent (bsc#1129326). - btrfs: qgroup: Use delayed subtree rescan for balance (bsc#1063638). - btrfs: qgroup: Use generation-aware subtree swap to mark dirty extents (bsc#1063638). - btrfs: quota: Set rescan progress to (u64)-1 if we hit last leaf (bsc#1129327). - btrfs: relocation: Delay reloc tree deletion after merge_reloc_roots (bsc#1063638). - btrfs: reloc: Fix NULL pointer dereference due to expanded reloc_root lifespan (bsc#1129497). - btrfs: remove always true check in unlock_up (bsc#1126802). - btrfs: remove superfluous free_extent_buffer in read_block_for_search (bsc#1126802). - btrfs: remove unnecessary level check in balance_level (bsc#1126802). - btrfs: remove unused check of skip_locking (bsc#1126802). - btrfs: reuse cmp workspace in EXTENT_SAME ioctl (bsc#1127495). - btrfs: send, fix race with transaction commits that create snapshots (bsc#1126802). - btrfs: simplify IS_ERR/PTR_ERR checks (bsc#1126481). - btrfs: split btrfs_extent_same (bsc#1127493). - btrfs: use kvzalloc for EXTENT_SAME temporary data (bsc#1127496). - btrfs: use more straightforward extent_buffer_uptodate check (bsc#1126802). - can: bcm: check timer values before ktime conversion (bsc#1051510). - can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it (bsc#1051510). - can: gw: ensure DLC boundaries after CAN frame modification (bsc#1051510). - cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader (bsc#1051510). - cdc-wdm: pass return value of recover_from_urb_loss (bsc#1051510). - ceph: avoid repeatedly adding inode to mdsc->snap_flush_list (bsc#1126790). - ceph: clear inode pointer when snap realm gets dropped by its inode (bsc#1125799). - cfg80211: extend range deviation for DMG (bsc#1051510). - ch: add missing mutex_lock()/mutex_unlock() in ch_release() (bsc#1124235). - char/mwave: fix potential Spectre v1 vulnerability (bsc#1051510). - checkstack.pl: fix for aarch64 (bsc#1051510). - ch: fixup refcounting imbalance for SCSI devices (bsc#1124235). - cifs: add missing debug entries for kconfig options (bsc#1051510). - cifs: add missing support for ACLs in smb 3.11 (bsc#1051510). - cifs: add sha512 secmech (bsc#1051510). - cifs: Add support for reading attributes on smb2+ (bsc#1051510). - cifs: Add support for writing attributes on smb2+ (bsc#1051510). - cifs: Always resolve hostname before reconnecting (bsc#1051510). - cifs: connect to servername instead of IP for IPC$ share (bsc#1051510). - cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510). - cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510). - cifs: Fix error mapping for smb2_LOCK command which caused OFD lock problem (bsc#1051510). - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510). - cifs: Fix NULL pointer dereference of devname (bnc#1129519). - cifs: fix return value for cifs_listxattr (bsc#1051510). - cifs: Fix separator when building path from dentry (bsc#1051510). - cifs: fix set info (bsc#1051510). - cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510). - cifs: fix wrapping bugs in num_entries() (bsc#1051510). - cifs: For smb2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510). - cifs: hide unused functions (bsc#1051510). - cifs: hide unused functions (bsc#1051510). - cifs: implement v3.11 preauth integrity (bsc#1051510). - cifs: invalidate cache when we truncate a file (bsc#1051510). - cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510). - cifs: OFD locks do not conflict with eachothers (bsc#1051510). - cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510). - cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510). - cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510). - cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510). - cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510). - cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510). - cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510). - cifs: Use ULL suffix for 64-bit constant (bsc#1051510). - clk: armada-370: fix refcount leak in a370_clk_init() (bsc#1051510). - clk: armada-xp: fix refcount leak in axp_clk_init() (bsc#1051510). - clk: dove: fix refcount leak in dove_clk_init() (bsc#1051510). - clk: highbank: fix refcount leak in hb_clk_init() (bsc#1051510). - clk: imx6q: fix refcount leak in imx6q_clocks_init() (bsc#1051510). - clk: imx6q: reset exclusive gates on init (bsc#1051510). - clk: imx6sl: ensure MMDC CH0 handshake is bypassed (bsc#1051510). - clk: imx6sx: fix refcount leak in imx6sx_clocks_init() (bsc#1051510). - clk: imx7d: fix refcount leak in imx7d_clocks_init() (bsc#1051510). - clk: kirkwood: fix refcount leak in kirkwood_clk_init() (bsc#1051510). - clk: mv98dx3236: fix refcount leak in mv98dx3236_clk_init() (bsc#1051510). - clk: qoriq: fix refcount leak in clockgen_init() (bsc#1051510). - clk: rockchip: fix typo in rk3188 spdif_frac parent (bsc#1051510). - clk: samsung: exynos4: fix refcount leak in exynos4_get_xom() (bsc#1051510). - clk: socfpga: fix refcount leak (bsc#1051510). - clk: sunxi: A31: Fix wrong AHB gate number (bsc#1051510). - clk: sunxi-ng: a33: Set CLK_SET_RATE_PARENT for all audio module clocks (bsc#1051510). - clk: sunxi-ng: enable so-said LDOs for A64 SoC's pll-mipi clock (bsc#1051510). - clk: sunxi-ng: h3/h5: Fix CSI_MCLK parent (bsc#1051510). - clk: sunxi-ng: sun8i-a23: Enable PLL-MIPI LDOs when ungating it (bsc#1051510). - clk: uniphier: Fix update register for CPU-gear (bsc#1051510). - clk: vf610: fix refcount leak in vf610_clocks_init() (bsc#1051510). - clocksource/drivers/exynos_mct: Fix error path in timer resources initialization (bsc#1051510). - clocksource/drivers/integrator-ap: Add missing of_node_put() (bsc#1051510). - clocksource/drivers/sun5i: Fail gracefully when clock rate is unavailable (bsc#1051510). - configfs: fix registered group removal (bsc#1051510). - copy_mount_string: Limit string length to PATH_MAX (bsc#1082943). - cpufreq: Cap the default transition delay value to 10 ms (bsc#1127042). - cpufreq: conservative: Take limits changes into account properly (bsc#1051510). - cpufreq: governor: Avoid accessing invalid governor_data (bsc#1051510). - cpufreq: governor: Drop min_sampling_rate (bsc#1127042). - cpufreq: governor: Ensure sufficiently large sampling intervals (bsc#1127042). - cpufreq: imx6q: add return value check for voltage scale (bsc#1051510). - cpufreq: Use transition_delay_us for legacy governors as well (bsc#1127042). - cpuidle: big.LITTLE: fix refcount leak (bsc#1051510). - cramfs: fix abad comparison when wrap-arounds occur (bsc#1051510). - crypto: aes_ti - disable interrupts while accessing S-box (bsc#1051510). - crypto: ahash - fix another early termination in hash walk (bsc#1051510). - crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling (bsc#1051510). - crypto: arm/crct10dif - revert to C code for short inputs (bsc#1051510). - crypto: authencesn - Avoid twice completion call in decrypt path (bsc#1051510). - crypto: authenc - fix parsing key with misaligned rta_len (bsc#1051510). - crypto: bcm - convert to use crypto_authenc_extractkeys() (bsc#1051510). - crypto: brcm - Fix some set-but-not-used warning (bsc#1051510). - crypto: caam - fixed handling of sg list (bsc#1051510). - crypto: caam - fix zero-length buffer DMA mapping (bsc#1051510). - crypto: cavium/zip - fix collision with generic cra_driver_name (bsc#1051510). - crypto: crypto4xx - add missing of_node_put after of_device_is_available (bsc#1051510). - crypto: crypto4xx - Fix wrong ppc4xx_trng_probe()/ppc4xx_trng_remove() arguments (bsc#1051510). - crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails (bsc#1051510). - crypto: testmgr - skip crc32c context test for ahash algorithms (bsc#1051510). - crypto: tgr192 - fix unaligned memory access (bsc#1051510). - crypto: user - support incremental algorithm dumps (bsc#1120902). - crypto: ux500 - Use proper enum in cryp_set_dma_transfer (bsc#1051510). - crypto: ux500 - Use proper enum in hash_set_dma_transfer (bsc#1051510). - cw1200: drop useless LIST_HEAD (bsc#1051510). - cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan() (bsc#1051510). - cw1200: fix missing unlock on error in cw1200_hw_scan() (bsc#1051510). - dccp: fool proof ccid_hc_[rt]x_parse_options() (bsc#1051510). - debugfs: fix debugfs_rename parameter checking (bsc#1051510). - dlm: Do not swamp the CPU with callbacks queued during recovery (bsc#1051510). - dlm: fixed memory leaks after failed ls_remove_names allocation (bsc#1051510). - dlm: lost put_lkb on error path in receive_convert() and receive_unlock() (bsc#1051510). - dlm: memory leaks on error path in dlm_user_request() (bsc#1051510). - dlm: possible memory leak on error path in create_lkb() (bsc#1051510). - dmaengine: at_hdmac: drop useless LIST_HEAD (bsc#1051510). - dmaengine: at_hdmac: fix memory leak in at_dma_xlate() (bsc#1051510). - dmaengine: at_hdmac: fix module unloading (bsc#1051510). - dmaengine: at_xdmac: Fix wrongfull report of a channel as in use (bsc#1051510). - dmaengine: bcm2835: Fix abort of transactions (bsc#1051510). - dmaengine: bcm2835: Fix interrupt race on RT (bsc#1051510). - dmaengine: dma-jz4780: Return error if not probed from DT (bsc#1051510). - dmaengine: dmatest: Abort test in case of mapping error (bsc#1051510). - dmaengine: dw: drop useless LIST_HEAD (bsc#1051510). - dmaengine: dw: Fix FIFO size for Intel Merrifield (bsc#1051510). - dmaengine: imx-dma: fix wrong callback invoke (bsc#1051510). - dmaengine: mv_xor: Use correct device for DMA API (bsc#1051510). - dmaengine: pl330: drop useless LIST_HEAD (bsc#1051510). - dmaengine: sa11x0: drop useless LIST_HEAD (bsc#1051510). - dmaengine: st_fdma: drop useless LIST_HEAD (bsc#1051510). - dmaengine: stm32-dma: fix incomplete configuration in cyclic mode (bsc#1051510). - dmaengine: xilinx_dma: Remove __aligned attribute on zynqmp_dma_desc_ll (bsc#1051510). - dma: Introduce dma_max_mapping_size() (bsc#1120008). - dm cache metadata: verify cache has blocks in blocks_are_clean_separate_dirty() (git-fixes). - dm: call blk_queue_split() to impose device limits on bios (git-fixes). - dm: do not allow readahead to limit IO size (git-fixes). - dm thin: send event about thin-pool state change _after_ making it (git-fixes). - dm zoned: Fix target BIO completion handling (git-fixes). - doc: rcu: Suspicious RCU usage is a warning (bsc#1051510). - doc/README.SUSE: Correct description for building a kernel (bsc#1123348) - Do not log confusing message on reconnect by default (bsc#1129664). - Do not log expected error on DFS referral request (bsc#1051510). - driver core: Do not resume suppliers under device_links_write_lock() (bsc#1051510). - driver core: Move async_synchronize_full call (bsc#1051510). - drivers: core: Remove glue dirs from sysfs earlier (bsc#1051510). - drivers: hv: vmbus: Check for ring when getting debug info (bsc#1126389, bsc#1126579). - drivers: hv: vmbus: preserve hv_ringbuffer_get_debuginfo kABI (bsc#1126389, bsc#1126579). - drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels (bsc#1126389, bsc#1126579). - drivers/misc/sgi-gru: fix Spectre v1 vulnerability (bsc#1051510). - drivers/net/ethernet/qlogic/qed/qed_rdma.h: fix typo (bsc#1086314 bsc#1086313 bsc#1086301 ). - drivers/sbus/char: add of_node_put() (bsc#1051510). - drm/amdgpu: Add delay after enable RLC ucode (bsc#1051510). - drm/ast: Fix connector leak during driver unload (bsc#1051510). - drm/ast: fixed reading monitor EDID not stable issue (bsc#1051510). - drm/atomic-helper: Complete fake_commit->flip_done potentially earlier (bsc#1051510). - drm: Block fb changes for async plane updates (bsc#1051510). - drm/bridge: tc358767: add defines for DP1_SRCCTRL & PHY_2LANE (bsc#1051510). - drm/bridge: tc358767: fix initial DP0/1_SRCCTRL value (bsc#1051510). - drm/bridge: tc358767: fix output H/V syncs (bsc#1051510). - drm/bridge: tc358767: fix single lane configuration (bsc#1051510). - drm/bridge: tc358767: reject modes which require too much BW (bsc#1051510). - drm/bufs: Fix Spectre v1 vulnerability (bsc#1051510). - drm: Clear state->acquire_ctx before leaving drm_atomic_helper_commit_duplicated_state() (bsc#1051510). - drm: disable uncached DMA optimization for ARM and arm64 (bsc#1051510). - drm/etnaviv: NULL vs IS_ERR() buf in etnaviv_core_dump() (bsc#1113722) - drm/etnaviv: potential NULL dereference (bsc#1113722) - drm/fb-helper: Partially bring back workaround for bugs of SDL 1.2 (bsc#1113722) - drm: Fix error handling in drm_legacy_addctx (bsc#1113722) - drm/i915: Block fbdev HPD processing during suspend (bsc#1113722) - drm/i915/fbdev: Actually configure untiled displays (bsc#1113722) - drm/i915: Flush GPU relocs harder for gen3 (bsc#1113722) - drm/i915/gvt: Fix mmap range check (bsc#1120902) - drm/i915/gvt: free VFIO region space in vgpu detach (bsc#1113722) - drm/i915/gvt: release shadow batch buffer and wa_ctx before destroy one workload (bsc#1051510). - drm/i915/opregion: fix version check (bsc#1113722) - drm/i915/opregion: rvda is relative from opregion base in opregion (bsc#1113722) - drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set (bsc#1113722) - drm/i915: Redefine some Whiskey Lake SKUs (bsc#1051510). - drm/i915: Use the correct crtc when sanitizing plane mapping (bsc#1113722) - drm/meson: add missing of_node_put (bsc#1051510). - drm/modes: Prevent division by zero htotal (bsc#1051510). - drm/msm: Fix error return checking (bsc#1051510). - drm/msm: Grab a vblank reference when waiting for commit_done (bsc#1051510). - drm/msm: Unblock writer if reader closes file (bsc#1051510). - drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON (bsc#1113722) - drm/nouveau: Do not spew kernel WARNING for each timeout (bsc#1126480). - drm/nouveau: Do not WARN_ON VCPI allocation failures (bsc#1113722) - drm/nouveau/falcon: avoid touching registers if engine is off (bsc#1051510). - drm/nouveau/pmu: do not print reply values if exec is false (bsc#1113722) - drm/nouveau/tmr: detect stalled gpu timer and break out of waits (bsc#1123538). - drm/radeon/evergreen_cs: fix missing break in switch statement (bsc#1113722) - drm: Reorder set_property_atomic to avoid returning with an active ww_ctx (bsc#1051510). - drm/rockchip: fix for mailbox read size (bsc#1051510). - drm/shmob: Fix return value check in shmob_drm_probe (bsc#1113722) - drm/sun4i: tcon: Prepare and enable TCON channel 0 clock at init (bsc#1051510). - drm/vmwgfx: Do not double-free the mode stored in par->set_mode (bsc#1103429) - drm/vmwgfx: Fix setting of dma masks (bsc#1120902) - drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user (bsc#1120902) - e1000e: allow non-monotonic SYSTIM readings (bsc#1051510). - earlycon: Initialize port->uartclk based on clock-frequency property (bsc#1051510). - earlycon: Remove hardcoded port->uartclk initialization in of_setup_earlycon (bsc#1051510). - Enable CONFIG_RDMA_RXE=m also for ppc64le (bsc#1107665,) - enic: fix build warning without CONFIG_CPUMASK_OFFSTACK (bsc#1051510). - enic: fix checksum validation for IPv6 (bsc#1051510). - esp6: fix memleak on error path in esp6_input (bsc#1051510). - esp: Fix locking on page fragment allocation (bsc#1051510). - esp: Fix memleaks on error paths (bsc#1051510). - esp: Fix skb tailroom calculation (bsc#1051510). - exportfs: do not read dentry after free (bsc#1051510). - ext4: avoid kernel warning when writing the superblock to a dead device (bsc#1124981). - ext4: check for shutdown and r/o file system in ext4_write_inode() (bsc#1124978). - ext4: fix a potential fiemap/page fault deadlock w/ inline_data (bsc#1124980). - ext4: Fix crash during online resizing (bsc#1122779). - ext4: force inode writes when nfsd calls commit_metadata() (bsc#1125125). - ext4: include terminating u32 in size of xattr entries when expanding inodes (bsc#1124976). - ext4: make sure enough credits are reserved for dioread_nolock writes (bsc#1124979). - ext4: track writeback errors using the generic tracking infrastructure (bsc#1124982). - fanotify: fix handling of events on child sub-directory (bsc#1122019). - fat: validate ->i_start before using (bsc#1051510). - fbdev: chipsfb: remove set but not used variable 'size' (bsc#1113722) - firmware/efi: Add NULL pointer checks in efivars API functions (bsc#1051510). - Fix kabi issues with new transport sharing code (bsc#1114893). - Fix problem with sharetransport= and NFSv4 (bsc#1114893). - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510). - floppy: check_events callback should not return a negative number (bsc#1051510). - fork: do not copy inconsistent signal handler state to child (bsc#1051510). - fork: record start_time late (git-fixes). - fork: unconditionally clear stack on fork (git-fixes). - fs/cifs: require sha512 (bsc#1051510). - fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() (git-fixes). - fs/devpts: always delete dcache dentry-s in dput() (git-fixes). - fuse: call pipe_buf_release() under pipe lock (bsc#1051510). - fuse: continue to send FUSE_RELEASEDIR when FUSE_OPEN returns ENOSYS (bsc#1051510). - fuse: decrement NR_WRITEBACK_TEMP on the right page (bsc#1051510). - fuse: handle zero sized retrieve correctly (bsc#1051510). - futex: Fix (possible) missed wakeup (bsc#1050549). - gdrom: fix a memory leak bug (bsc#1051510). - geneve: cleanup hard coded value for Ethernet header length (bsc#1123456). - geneve: correctly handle ipv6.disable module parameter (bsc#1051510). - geneve, vxlan: Do not check skb_dst() twice (bsc#1123456). - geneve, vxlan: Do not set exceptions if skb->len < mtu (bsc#1123456). - genwqe: Fix size check (bsc#1051510). - gfs2: Revert 'Fix loop in gfs2_rbm_find' (bsc#1120601). - gianfar: fix a flooded alignment reports because of padding issue (bsc#1051510). - gianfar: Fix Rx byte accounting for ndev stats (bsc#1051510). - gianfar: prevent integer wrapping in the rx handler (bsc#1051510). - gpio: altera-a10sr: Set proper output level for direction_output (bsc#1051510). - gpio: pcf857x: Fix interrupts on multiple instances (bsc#1051510). - gpio: pl061: handle failed allocations (bsc#1051510). - gpio: pl061: Move irq_chip definition inside struct pl061 (bsc#1051510). - gpio: vf610: Mask all GPIO interrupts (bsc#1051510). - gpu: ipu-v3: Fix CSI offsets for imx53 (bsc#1113722) - gpu: ipu-v3: Fix i.MX51 CSI control registers offset (bsc#1113722) - gpu: ipu-v3: image-convert: Prevent race between run and unprepare (bsc#1051510). - gro_cell: add napi_disable in gro_cells_destroy (networking-stable-19_01_04). - gro_cells: make sure device is up in gro_cells_receive() (git-fixes). - hfs: do not free node before using (bsc#1051510). - hfsplus: do not free node before using (bsc#1051510). - hfsplus: prevent btree data loss on root split (bsc#1051510). - hfs: prevent btree data loss on root split (bsc#1051510). - hid: lenovo: Add checks to fix of_led_classdev_register (bsc#1051510). - hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable (git-fixes). - hvc_opal: do not set tb_ticks_per_usec in udbg_init_opal_common() (bsc#1051510). - hv: v4.12 API for hyperv-iommu (bsc#1122822). - hwmon/k10temp: Add support for AMD family 17h, model 30h CPUs (). - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (). - hwmon: (lm80) fix a missing check of bus read in lm80 probe (bsc#1051510). - hwmon: (lm80) fix a missing check of the status of smbus read (bsc#1051510). - hwmon: (lm80) Fix missing unlock on error in set_fan_div() (bsc#1051510). - hwmon: (tmp421) Correct the misspelling of the tmp442 compatible attribute in OF device ID table (bsc#1051510). - HYPERV/IOMMU: Add Hyper-V stub IOMMU driver (bsc#1122822). - i2c-axxia: check for error conditions first (bsc#1051510). - i2c: bcm2835: Clear current buffer pointers and counts after a transfer (bsc#1051510). - i2c: cadence: Fix the hold bit setting (bsc#1051510). - i2c: dev: prevent adapter retries and timeout being set as minus value (bsc#1051510). - i2c: omap: Use noirq system sleep pm ops to idle device for suspend (bsc#1051510). - i2c: sh_mobile: add support for r8a77990 (R-Car E3) (bsc#1051510). - i40e: fix mac filter delete when setting mac address (bsc#1056658 bsc#1056662). - i40e: report correct statistics when XDP is enabled (bsc#1056658 bsc#1056662). - i40e: restore NETIF_F_GSO_IPXIP to netdev features (bsc#1056658 bsc#1056662). - IB/core: Destroy QP if XRC QP fails (bsc#1046306). - IB/core: Fix potential memory leak while creating MAD agents (bsc#1046306). - IB/core: Unregister notifier before freeing MAD security (bsc#1046306). - IB/hfi1: Close race condition on user context disable and close (bsc#1060463). - IB/mlx5: Unmap DMA addr from HCA before IOMMU (bsc#1046305 ). - ibmveth: Do not process frames after calling napi_reschedule (bcs#1123357). - ibmveth: fix DMA unmap error in ibmveth_xmit_start error path (networking-stable-19_01_04). - ibmvnic: Add ethtool private flag for driver-defined queue limits (bsc#1121726). - ibmvnic: Increase maximum queue size limit (bsc#1121726). - ibmvnic: Introduce driver limits for ring sizes (bsc#1121726). - ibmvnic: Report actual backing device speed and duplex values (bsc#1129923). - ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton (bsc#1119019). - ide: pmac: add of_node_put() (bsc#1051510). - ieee802154: ca8210: fix possible u8 overflow in ca8210_rx_done (bsc#1051510). - ieee802154: lowpan_header_create check must check daddr (networking-stable-19_01_04). - igb: Fix an issue that PME is not enabled during runtime suspend (bsc#1051510). - iio: accel: kxcjk1013: Add KIOX010A acpi Hardware-ID (bsc#1051510). - iio: adc: exynos-adc: Fix NULL pointer exception on unbind (bsc#1051510). - iio: chemical: atlas-ph-sensor: correct IIO_TEMP values to millicelsius (bsc#1051510). - input: bma150 - register input device after setting private data (bsc#1051510). - input: elan_i2c - add acpi ID for touchpad in ASUS Aspire F5-573G (bsc#1051510). - input: elan_i2c - add acpi ID for touchpad in Lenovo V330-15ISK (bsc#1051510). - input: elan_i2c - add id for touchpad found in Lenovo s21e-20 (bsc#1051510). - input: elantech - enable 3rd button support on Fujitsu CELSIUS H780 (bsc#1051510). - input: omap-keypad - fix idle configuration to not block SoC idle states (bsc#1051510). - input: raspberrypi-ts - fix link error (git-fixes). - input: raspberrypi-ts - select CONFIG_INPUT_POLLDEV (git-fixes). - input: restore EV_ABS ABS_RESERVED (bsc#1051510). - input: synaptics - enable RMI on ThinkPad T560 (bsc#1051510). - input: synaptics - enable smbus for HP EliteBook 840 G4 (bsc#1051510). - input: wacom_serial4 - add support for Wacom ArtPad II tablet (bsc#1051510). - input: xpad - add support for SteelSeries Stratus Duo (bsc#1111666). - intel_th: Do not reference unassigned outputs (bsc#1051510). - intel_th: gth: Fix an off-by-one in output unassigning (bsc#1051510). - iomap: fix integer truncation issues in the zeroing and dirtying helpers (bsc#1125947). - iomap: warn on zero-length mappings (bsc#1127062). - iommu/amd: Call free_iova_fast with pfn in map_sg (bsc#1106105). - iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#1106105). - iommu/amd: Unmap all mapped pages in error path of map_sg (bsc#1106105). - iommu/dmar: Fix buffer overflow during PCI bus notification (bsc#1129181). - iommu: Document iommu_ops.is_attach_deferred() (bsc#1129182). - iommu/io-pgtable-arm-v7s: Only kmemleak_ignore L2 tables (bsc#1129205). - iommu/vt-d: Check identity map for hot-added devices (bsc#1129183). - iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions() (bsc#1106105). - iommu/vt-d: Fix NULL pointer reference in intel_svm_bind_mm() (bsc#1129184). - ip6mr: Fix potential Spectre v1 vulnerability (networking-stable-19_01_04). - ip6_tunnel: get the min mtu properly in ip6_tnl_xmit (bsc#1123456). - ip6_tunnel: use the right value for ipv4 min mtu check in ip6_tnl_xmit (bsc#1123456). - ipmi:pci: Blacklist a Realtek 'IPMI' device (git-fixes). - ipmi:ssif: Fix handling of multi-part return messages (bsc#1051510). - ip: on queued skb use skb_header_pointer instead of pskb_may_pull (git-fixes). - ipsec: check return value of skb_to_sgvec always (bsc#1051510). - ipv4: Fix potential Spectre v1 vulnerability (networking-stable-19_01_04). - ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes (networking-stable-18_12_12). - ipv4: speedup ipv6 tunnels dismantle (bsc#1122982). - ipv6: addrlabel: per netns list (bsc#1122982). - ipv6: Check available headroom in ip6_xmit() even without options (networking-stable-18_12_12). - ipv6: Consider sk_bound_dev_if when binding a socket to an address (networking-stable-19_02_01). - ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address (networking-stable-19_01_22). - ipv6: explicitly initialize udp6_addr in udp_sock_create6() (networking-stable-19_01_04). - ipv6: fix kernel-infoleak in ipv6_local_error() (networking-stable-19_01_20). - ipv6: speedup ipv6 tunnels dismantle (bsc#1122982). Refresh patches.suse/ip6_vti-fix-a-null-pointer-deference-when-destroy-vt.patch - ipv6: sr: properly initialize flowi6 prior passing to ip6_route_output (networking-stable-18_12_12). - ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses (networking-stable-19_01_22). - ipv6: tunnels: fix two use-after-free (networking-stable-19_01_04). - ip: validate header length on virtual device xmit (networking-stable-19_01_04). - ipvlan, l3mdev: fix broken l3s mode wrt local routes (networking-stable-19_02_01). - irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size (bsc#1051510). - irqchip/gic-v3-its: Do not bind LPI to unavailable NUMA node (bsc#1051510). - irqchip/gic-v3-its: Fix ITT_entry_size accessor (bsc#1051510). - iscsi target: fix session creation failure handling (bsc#1051510). - isdn: avm: Fix string plus integer warning from Clang (bsc#1051510). - isdn: fix kernel-infoleak in capi_unlocked_ioctl (bsc#1051510). - isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw() (bsc#1051510). - isdn: i4l: isdn_tty: Fix some concurrency double-free bugs (bsc#1051510). - iser: set sector for ambiguous mr status errors (bsc#1051510). - iwlwifi: mvm: avoid possible access out of array (bsc#1051510). - iwlwifi: mvm: fix A-MPDU reference assignment (bsc#1051510). - iwlwifi: mvm: fix RSS config command (bsc#1051510). - iwlwifi: pcie: fix emergency path (bsc#1051510). - iwlwifi: pcie: fix TX while flushing (bsc#1120902). - ixgbe: Be more careful when modifying MAC filters (bsc#1051510). - ixgbe: check return value of napi_complete_done() (bsc#1051510). - ixgbe: recognize 1000BaseLX SFP modules as 1Gbps (bsc#1051510). - jffs2: Fix use of uninitialized delayed_work, lockdep breakage (bsc#1051510). - kabi: cpufreq: keep min_sampling_rate in struct dbs_data (bsc#1127042). - kabi: fix xhci kABI stability (bsc#1119086). - kabi: handle addition of ip6addrlbl_table into struct netns_ipv6 (bsc#1122982). - kabi: handle addition of uevent_sock into struct net (bsc#1122982). - kabi: Preserve kABI for dma_max_mapping_size() (bsc#1120008). - kabi: protect struct sctp_association (kabi). - kabi: protect struct smc_buf_desc (bnc#1117947, LTC#173662). - kabi: protect struct smc_link (bnc#1117947, LTC#173662). - kabi: protect vhost_log_write (kabi). - kabi: restore ip_tunnel_delete_net() (bsc#1122982). - kABI workaroudn for ath9k ath_node.ackto type change (bsc#1051510). - kABI workaround for bt_accept_enqueue() change (bsc#1051510). - kABI workaround for deleted snd_hda_register_beep_device() (bsc#1122944). - kABI workaround for snd_hda_bus.bus_probing addition (bsc#1122944). - kallsyms: Handle too long symbols in kallsyms.c (bsc#1126805). - kconfig: fix file name and line number of warn_ignored_character() (bsc#1051510). - kconfig: fix line numbers for if-entries in menu tree (bsc#1051510). - kconfig: fix memory leak when EOF is encountered in quotation (bsc#1051510). - kconfig: fix the rule of mainmenu_stmt symbol (bsc#1051510). - kernel/exit.c: release ptraced tasks before zap_pid_ns_processes (git-fixes). - keys: allow reaching the keys quotas exactly (bsc#1051510). - keys: Timestamp new keys (bsc#1051510). - kgdboc: fix KASAN global-out-of-bounds bug in param_set_kgdboc_var() (bsc#1051510). - kgdboc: Fix restrict error (bsc#1051510). - kgdboc: Fix warning with module build (bsc#1051510). - kobject: add kobject_uevent_net_broadcast() (bsc#1122982). - kobject: copy env blob in one go (bsc#1122982). - kobject: factorize skb setup in kobject_uevent_net_broadcast() (bsc#1122982). - kprobes: Return error if we fail to reuse kprobe instead of BUG_ON() (bsc#1051510). - kvm: arm/arm64: Properly protect VGIC locks from IRQs (bsc#1117155). - kvm: arm/arm64: VGIC/ITS: Promote irq_lock() in update_affinity (bsc#1117155). - kvm: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock (bsc#1117155). - kvm: arm/arm64: VGIC/ITS save/restore: protect kvm_read_guest() calls (bsc#1117155). - kvm: mmu: Fix race in emulated page table writes (bsc#1129284). - kvm: nVMX: Free the VMREAD/VMWRITE bitmaps if alloc_kvm_area() fails (bsc#1129291). - kvm: nVMX: NMI-window and interrupt-window exiting should wake L2 from HLT (bsc#1129292). - kvm: nVMX: Set VM instruction error for VMPTRLD of unbacked page (bsc#1129293). - kvm: PPC: Book3S PR: Set hflag to indicate that POWER9 supports 1T segments (bsc#1124589). - kvm: sev: Fail KVM_SEV_INIT if already initialized (bsc#1114279). - kvm: vmx: Set IA32_TSC_AUX for legacy mode guests (bsc#1129294). - kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs (bsc#1127082). - kvm: x86: fix L1TF's MMIO GFN calculation (bsc#1124204). - kvm: x86: Fix single-step debugging (bsc#1129295). - kvm: x86: Use jmp to invoke kvm_spurious_fault() from .fixup (bsc#1129296). - l2tp: copy 4 more bytes to linear part if necessary (networking-stable-19_02_01). - l2tp: fix infoleak in l2tp_ip6_recvmsg() (git-fixes). - l2tp: fix reading optional fields of L2TPv3 (networking-stable-19_02_01). - lan78xx: Resolve issue with changing MAC address (bsc#1051510). - leds: lp5523: fix a missing check of return value of lp55xx_read (bsc#1051510). - leds: lp55xx: fix null deref on firmware load failure (bsc#1051510). - libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive() (bsc#1125800). - libceph: handle an empty authorize reply (bsc#1126789). - lib/div64.c: off by one in shift (bsc#1051510). - libnvdimm: Fix altmap reservation size calculation (bsc#1127682). - libnvdimm/label: Clear 'updating' flag after label-set update (bsc#1129543). - libnvdimm/pmem: Honor force_raw for legacy pmem regions (bsc#1129551). - lib/rbtree-test: lower default params (git-fixes). - lightnvm: fail fast on passthrough commands (bsc#1125780). - livepatch: Change unsigned long old_addr -> void *old_func in struct klp_func (bsc#1071995). - livepatch: Consolidate klp_free functions (bsc#1071995 ). - livepatch: core: Return EOPNOTSUPP instead of ENOSYS (bsc#1071995). - livepatch: Define a macro for new API identification (bsc#1071995). - livepatch: Do not block the removal of patches loaded after a forced transition (bsc#1071995). - livepatch: Introduce klp_for_each_patch macro (bsc#1071995 ). - livepatch: Module coming and going callbacks can proceed with all listed patches (bsc#1071995). - livepatch: Proper error handling in the shadow variables selftest (bsc#1071995). - livepatch: Remove ordering (stacking) of the livepatches (bsc#1071995). - livepatch: Remove signal sysfs attribute (bsc#1071995 ). - livepatch: return -ENOMEM on ptr_id() allocation failure (bsc#1071995). - livepatch: Send a fake signal periodically (bsc#1071995 ). - livepatch: Shuffle klp_enable_patch()/klp_disable_patch() code (bsc#1071995). - livepatch: Simplify API by removing registration step (bsc#1071995). - llc: do not use sk_eat_skb() (bsc#1051510). - lockd: fix access beyond unterminated strings in prints (git-fixes). - locking/rwsem: Fix (possible) missed wakeup (bsc#1050549). - loop: drop caches if offset or block_size are changed (bsc#1124975). - loop: Reintroduce lo_ctl_mutex removed by commit 310ca162d (bsc#1124974). - LSM: Check for NULL cred-security on free (bsc#1051510). - mac80211: Add attribute aligned(2) to struct 'action' (bsc#1051510). - mac80211: do not initiate TDLS connection if station is not associated to AP (bsc#1051510). - mac80211: ensure that mgmt tx skbs have tailroom for encryption (bsc#1051510). - mac80211: fix miscounting of ttl-dropped frames (bsc#1051510). - mac80211: fix radiotap vendor presence bitmap handling (bsc#1051510). - mac80211: Free mpath object when rhashtable insertion fails (bsc#1051510). - mac80211: Restore vif beacon interval if start ap fails (bsc#1051510). - macvlan: Only deliver one copy of the frame to the macvlan interface (bsc#1051510). - mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush timeout issue (bsc#1051510). - mdio_bus: Fix use-after-free on device_register fails (bsc#1051510). - media: adv*/tc358743/ths8200: fill in min width/height/pixelclock (bsc#1051510). - media: DaVinci-VPBE: fix error handling in vpbe_initialize() (bsc#1051510). - media: dt-bindings: media: i2c: Fix i2c address for OV5645 camera sensor (bsc#1051510). - media: firewire: Fix app_info parameter type in avc_ca{,_app}_info (bsc#1051510). - media: mtk-vcodec: Release device nodes in mtk_vcodec_init_enc_pm() (bsc#1051510). - media: s5k4ecgx: delete a bogus error message (bsc#1051510). - media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration (bsc#1051510). - media: s5p-jpeg: Correct step and max values for V4L2_CID_JPEG_RESTART_INTERVAL (bsc#1051510). - media: s5p-mfc: fix incorrect bus assignment in virtual child device (bsc#1051510). - media: usb: pwc: Do not use coherent DMA buffers for ISO transfer (bsc#1054610). - media: uvcvideo: Avoid NULL pointer dereference at the end of streaming (bsc#1051510). - media: uvcvideo: Fix 'type' check leading to overflow (bsc#1051510). - media: v4l2: i2c: ov7670: Fix PLL bypass register values (bsc#1051510). - media: v4l2-tpg: array index could become negative (bsc#1051510). - media: v4l: ioctl: Validate num_planes for debug messages (bsc#1051510). - media: vb2: be sure to unlock mutex on errors (bsc#1051510). - media: vb2: vb2_mmap: move lock up (bsc#1051510). - media: vivid: fix error handling of kthread_run (bsc#1051510). - media: vivid: free bitmap_cap when updating std/timings/etc (bsc#1051510). - media: vivid: set min width/height to a value > 0 (bsc#1051510). - memstick: Prevent memstick host from getting runtime suspended during card detection (bsc#1051510). - mfd: ab8500-core: Return zero in get_register_interruptible() (bsc#1051510). - mfd: db8500-prcmu: Fix some section annotations (bsc#1051510). - mfd: mc13xxx: Fix a missing check of a register-read failure (bsc#1051510). - mfd: mt6397: Do not call irq_domain_remove if PMIC unsupported (bsc#1051510). - mfd: qcom_rpm: write fw_version to CTRL_REG (bsc#1051510). - mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells (bsc#1051510). - mfd: tps65218: Use devm_regmap_add_irq_chip and clean up error path in probe() (bsc#1051510). - mfd: tps6586x: Handle interrupts on suspend (bsc#1051510). - mfd: twl-core: Fix section annotations on {,un}protect_pm_master (bsc#1051510). - mfd: wm5110: Add missing ASRC rate register (bsc#1051510). - misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data (bsc#1051510). - misc: hmc6352: fix potential Spectre v1 (bsc#1051510). - misc: hpilo: Do not claim unsupported hardware (bsc#1129330). - misc: hpilo: Exclude unsupported device via blacklist (bsc#1129330). - misc: mic/scif: fix copy-paste error in scif_create_remote_lookup (bsc#1051510). - misc: mic: SCIF Fix scif_get_new_port() error handling (bsc#1051510). - misc: sram: enable clock before registering regions (bsc#1051510). - misc: sram: fix resource leaks in probe error path (bsc#1051510). - misc: ti-st: Fix memory leak in the error path of probe() (bsc#1051510). - misc: vexpress: Off by one in vexpress_syscfg_exec() (bsc#1051510). - mISDN: fix a race in dev_expire_timer() (bsc#1051510). - mlx4: trigger IB events needed by SMC (bnc#1117947, LTC#173662). - mlxsw: __mlxsw_sp_port_headroom_set(): Fix a use of local variable (git-fixes). - mlxsw: spectrum: Disable lag port TX before removing it (networking-stable-19_01_22). - mmap: introduce sane default mmap limits (git fixes (mm/mmap)). - mmap: relax file size limit for regular files (git fixes (mm/mmap)). - mmc: atmel-mci: do not assume idle after atmci_request_end (bsc#1051510). - mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1051510). - mmc: bcm2835: Recover from MMC_SEND_EXT_CSD (bsc#1051510). - mmc: dw_mmc-bluefield: : Fix the license information (bsc#1051510). - mmc: Kconfig: Enable CONFIG_MMC_SDHCI_IO_ACCESSORS (bsc#1051510). - mmc: omap: fix the maximum timeout setting (bsc#1051510). - mmc: sdhci-brcmstb: handle mmc_of_parse() errors during probe (bsc#1051510). - mmc: sdhci-esdhc-imx: fix HS400 timing issue (bsc#1051510). - mmc: sdhci-iproc: handle mmc_of_parse() errors during probe (bsc#1051510). - mmc: sdhci-of-esdhc: Fix timeout checks (bsc#1051510). - mmc: sdhci-xenon: Fix timeout checks (bsc#1051510). - mmc: spi: Fix card detection during probe (bsc#1051510). - mm: do not drop unused pages when userfaultd is running (git fixes (mm/userfaultfd)). - mm/hmm: hmm_pfns_bad() was accessing wrong struct (git fixes (mm/hmm)). - mm: hwpoison: use do_send_sig_info() instead of force_sig() (git fixes (mm/hwpoison)). - mm/ksm.c: ignore STABLE_FLAG of rmap_item->address in rmap_walk_ksm() (git fixes (mm/ksm)). - mm: madvise(MADV_DODUMP): allow hugetlbfs pages (git fixes (mm/madvise)). - mm,memory_hotplug: fix scan_movable_pages() for gigantic hugepages (bsc#1127731). - mm: migrate: do not rely on __PageMovable() of newpage after unlocking it (git fixes (mm/migrate)). - mm: migrate: lock buffers before migrate_page_move_mapping() (bsc#1084216). - mm: migrate: Make buffer_migrate_page_norefs() actually succeed (bsc#1084216) - mm: migrate: provide buffer_migrate_page_norefs() (bsc#1084216). - mm: migration: factor out code to compute expected number of page references (bsc#1084216). - mm, oom: fix use-after-free in oom_kill_process (git fixes (mm/oom)). - mm: use swp_offset as key in shmem_replace_page() (git fixes (mm/shmem)). - mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed (git fixes (mm/vmscan)). - Moved patches.fixes/x86-add-tsx-force-abort-cpuid-msr.patch to patches.arch/ and added upstream tags (bsc#1129363) patches.arch/x86-add-tsx-force-abort-cpuid-msr - Move the upstreamed HD-audio fix into sorted section - mpt3sas: check sense buffer before copying sense data (bsc#1106811). - mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking (bsc#1051510). - mtd: cfi_cmdset_0002: Change write buffer to check correct value (bsc#1051510). - mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips (bsc#1051510). - mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary (bsc#1051510). - mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() (bsc#1051510). - mtdchar: fix overflows in adjustment of `count` (bsc#1051510). - mtdchar: fix usage of mtd_ooblayout_ecc() (bsc#1051510). - mtd: docg3: do not set conflicting BCH_CONST_PARAMS option (bsc#1051510). - mtd/maps: fix solutionengine.c printk format warnings (bsc#1051510). - mtd: mtd_oobtest: Handle bitflips during reads (bsc#1051510). - mtd: nand: atmel: fix buffer overflow in atmel_pmecc_user (bsc#1051510). - mtd: nand: atmel: Fix get_sectorsize() function (bsc#1051510). - mtd: nand: atmel: fix of_irq_get() error check (bsc#1051510). - mtd: nand: brcmnand: Disable prefetch by default (bsc#1051510). - mtd: nand: brcmnand: Zero bitflip is not an error (bsc#1051510). - mtd: nand: denali_pci: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bsc#1051510). - mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]() (bsc#1051510). - mtd: nand: Fix nand_do_read_oob() return value (bsc#1051510). - mtd: nand: Fix writing mtdoops to nand flash (bsc#1051510). - mtd: nand: fsl_ifc: Fix nand waitfunc return value (bsc#1051510). - mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM (bsc#1051510). - mtd: nand: ifc: update bufnum mask for ver >= 2.0.0 (bsc#1051510). - mtd: nand: mtk: fix infinite ECC decode IRQ issue (bsc#1051510). - mtd: nand: omap2: Fix subpage write (bsc#1051510). - mtd: nand: pxa3xx: Fix READOOB implementation (bsc#1051510). - mtd: nand: qcom: Add a NULL check for devm_kasprintf() (bsc#1051510). - mtd: nandsim: remove debugfs entries in error path (bsc#1051510). - mtd: nand: sunxi: Fix ECC strength choice (bsc#1051510). - mtd: nand: sunxi: fix potential divide-by-zero error (bsc#1051510). - mtd: nand: vf610: set correct ooblayout (bsc#1051510). - mtd: spi-nor: cadence-quadspi: Fix page fault kernel panic (bsc#1051510). - mtd: spi-nor: Fix Cadence QSPI page fault kernel panic (bsc#1051510). - mtd: spi-nor: fsl-quadspi: fix read error for flash size larger than 16MB (bsc#1051510). - mtd: spi-nor: stm32-quadspi: Fix uninitialized error return code (bsc#1051510). - mv88e6060: disable hardware level MAC learning (bsc#1051510). - nbd: Use set_blocksize() to set device blocksize (bsc#1124984). - neighbour: Avoid writing before skb->head in neigh_hh_output() (networking-stable-18_12_12). - net: 8139cp: fix a BUG triggered by changing mtu with network traffic (networking-stable-18_12_12). - net: add uevent socket member (bsc#1122982). - net: aquantia: driver should correctly declare vlan_features bits (bsc#1051510). - net: aquantia: fixed instack structure overflow (git-fixes). - net: aquantia: Fix hardware DMA stream overload on large MRRS (bsc#1051510). - net: bcmgenet: abort suspend on error (bsc#1051510). - net: bcmgenet: code movement (bsc#1051510). - net: bcmgenet: fix OF child-node lookup (bsc#1051510). - net: bcmgenet: remove HFB_CTRL access (bsc#1051510). - net: bcmgenet: return correct value 'ret' from bcmgenet_power_down (bsc#1051510). - net: bridge: fix a bug on using a neighbour cache entry without checking its state (networking-stable-19_01_20). - net: bridge: Fix ethernet header pointer before check skb forwardable (networking-stable-19_01_26). - net: core: Fix Spectre v1 vulnerability (networking-stable-19_01_04). - net: do not call update_pmtu unconditionally (bsc#1123456). - net: Do not default Cavium PTP driver to 'y' (bsc#1110096). - net: dp83640: expire old TX-skb (networking-stable-19_02_10). - net: dsa: mv88e6xxx: handle unknown duplex modes gracefully in mv88e6xxx_port_set_duplex (git-fixes). - net: dsa: mv88x6xxx: mv88e6390 errata (networking-stable-19_01_22). - net: dsa: slave: Do not propagate flag changes on down slave interfaces (networking-stable-19_02_10). - net: ena: fix race between link up and device initalization (bsc#1083548). - netfilter: nf_tables: check the result of dereferencing base_chain->stats (git-fixes). - net: Fix usage of pskb_trim_rcsum (networking-stable-19_01_26). - net/hamradio/6pack: use mod_timer() to rearm timers (networking-stable-19_01_04). - net: hns3: add error handler for hns3_nic_init_vector_data() (bsc#1104353). - net: hns3: add handling for big TX fragment (bsc#1104353 ). - net: hns3: Fix client initialize state issue when roce client initialize failed (bsc#1104353). - net: hns3: Fix for loopback selftest failed problem (bsc#1104353 ). - net: hns3: fix for multiple unmapping DMA problem (bsc#1104353 ). - net: hns3: Fix tc setup when netdev is first up (bsc#1104353 ). - net: hns3: Fix tqp array traversal condition for vf (bsc#1104353 ). - net: hns3: move DMA map into hns3_fill_desc (bsc#1104353 ). - net: hns3: remove hns3_fill_desc_tso (bsc#1104353). - net: hns3: rename hns_nic_dma_unmap (bsc#1104353). - net: hns3: rename the interface for init_client_instance and uninit_client_instance (bsc#1104353). - net: ipv4: Fix memory leak in network namespace dismantle (networking-stable-19_01_26). - net: macb: restart tx after tx used bit read (networking-stable-19_01_04). - net/mlx4_core: Add masking for a few queries on HCA caps (networking-stable-19_02_01). - net/mlx4_core: Fix locking in SRIOV mode when switching between events and polling (git-fixes). - net/mlx4_core: Fix qp mtt size calculation (git-fixes). - net/mlx4_core: Fix reset flow when in command polling mode (git-fixes). - net/mlx4_en: Change min MTU size to ETH_MIN_MTU (networking-stable-18_12_12). - net/mlx5e: Allow MAC invalidation while spoofchk is ON (networking-stable-19_02_01). - net/mlx5e: IPoIB, Fix RX checksum statistics update (git-fixes). - net/mlx5e: Remove the false indication of software timestamping support (networking-stable-19_01_04). - net/mlx5e: RX, Fix wrong early return in receive queue poll (bsc#1046305). - net/mlx5: fix uaccess beyond 'count' in debugfs read/write handlers (git-fixes). - net/mlx5: Release resource on error flow (git-fixes). - net/mlx5: Return success for PAGE_FAULT_RESUME in internal error state (git-fixes). - net/mlx5: Typo fix in del_sw_hw_rule (networking-stable-19_01_04). - net/mlx5: Use multi threaded workqueue for page fault handling (git-fixes). - net: netem: fix skb length BUG_ON in __skb_to_sgvec (git-fixes). - netns: restrict uevents (bsc#1122982). - net: phy: do not allow __set_phy_supported to add unsupported modes (networking-stable-18_12_12). - net: phy: Fix the issue that netif always links up after resuming (networking-stable-19_01_04). - net: phy: marvell: Errata for mv88e6390 internal PHYs (networking-stable-19_01_26). - net: phy: mdio_bus: add missing device_del() in mdiobus_register() error handling (networking-stable-19_01_26). - net: phy: Micrel KSZ8061: link failure after cable connect (git-fixes). - netrom: fix locking in nr_find_socket() (networking-stable-19_01_04). - netrom: switch to sock timer API (bsc#1051510). - net/rose: fix NULL ax25_cb kernel panic (networking-stable-19_02_01). - net/sched: act_tunnel_key: fix memory leak in case of action replace (networking-stable-19_01_26). - net_sched: refetch skb protocol for each filter (networking-stable-19_01_26). - net: set default network namespace in init_dummy_netdev() (networking-stable-19_02_01). - net: skb_scrub_packet(): Scrub offload_fwd_mark (networking-stable-18_12_03). - net/smc: abort CLC connection in smc_release (bnc#1117947, LTC#173662). - net/smc: add infrastructure to send delete rkey messages (bnc#1117947, LTC#173662). - net/smc: add SMC-D shutdown signal (bnc#1117947, LTC#173662). - net/smc: allow fallback after clc timeouts (bnc#1117947, LTC#173662). - net/smc: atomic SMCD cursor handling (bnc#1117947, LTC#173662). - net/smc: avoid a delay by waiting for nothing (bnc#1117947, LTC#173662). - net/smc: cleanup listen worker mutex unlocking (bnc#1117947, LTC#173662). - net/smc: cleanup tcp_listen_worker initialization (bnc#1117947, LTC#173662). - net/smc: enable fallback for connection abort in state INIT (bnc#1117947, LTC#173662). - net/smc: fix non-blocking connect problem (bnc#1117947, LTC#173662). - net/smc: fix sizeof to int comparison (bnc#1117947, LTC#173662). - net/smc: fix smc_buf_unuse to use the lgr pointer (bnc#1117947, LTC#173662). - net/smc: fix TCP fallback socket release (networking-stable-19_01_04). - net/smc: make smc_lgr_free() static (bnc#1117947, LTC#173662). - net/smc: no link delete for a never active link (bnc#1117947, LTC#173662). - net/smc: no urgent data check for listen sockets (bnc#1117947, LTC#173662). - net/smc: remove duplicate mutex_unlock (bnc#1117947, LTC#173662). - net/smc: remove sock_error detour in clc-functions (bnc#1117947, LTC#173662). - net/smc: short wait for late smc_clc_wait_msg (bnc#1117947, LTC#173662). - net/smc: unregister rkeys of unused buffer (bnc#1117947, LTC#173662). - net/smc: use after free fix in smc_wr_tx_put_slot() (bnc#1117947, LTC#173662). - net/smc: use queue pair number when matching link group (bnc#1117947, LTC#173662). - net: stmmac: Fix a race in EEE enable callback (git-fixes). - net: stmmac: fix broken dma_interrupt handling for multi-queues (git-fixes). - net: stmmac: Fix PCI module removal leak (git-fixes). - net: stmmac: handle endianness in dwmac4_get_timestamp (git-fixes). - net: stmmac: Use mutex instead of spinlock (git-fixes). - net: systemport: Fix WoL with password after deep sleep (networking-stable-19_02_10). - net: thunderx: fix NULL pointer dereference in nic_remove (git-fixes). - net: thunderx: set tso_hdrs pointer to NULL in nicvf_free_snd_queue (networking-stable-18_12_03). - net: thunderx: set xdp_prog to NULL if bpf_prog_add fails (networking-stable-18_12_03). - net/wan: fix a double free in x25_asy_open_tty() (networking-stable-19_01_04). - nfit: acpi_nfit_ctl(): Check out_obj->type in the right place (bsc#1129547). - nfit/ars: Attempt a short-ARS whenever the ARS state is idle at boot (bsc#1051510). - nfit/ars: Attempt short-ARS even in the no_init_ars case (bsc#1051510). - nfp: bpf: fix ALU32 high bits clearance bug (git-fixes). - nfs: Allow NFSv4 mounts to not share transports (). - nfsd: COPY and CLONE operations require the saved filehandle to be set (git-fixes). - nfsd: Fix an Oops in free_session() (git-fixes). - nfs: Fix a missed page unlock after pg_doio() (git-fixes). - nfs: Fix up return value on fatal errors in nfs_page_async_flush() (git-fixes). - nfs: support 'nosharetransport' option (bnc#807502, bnc#828192, ). - nfsv4.1: Fix the r/wsize checking (git-fixes). - nfsv4: Do not exit the state manager without clearing NFS4CLNT_MANAGER_RUNNING (git-fixes). - niu: fix missing checks of niu_pci_eeprom_read (bsc#1051510). - ntb_transport: Fix bug with max_mw_size parameter (bsc#1051510). - nvme-fc: reject reconnect if io queue count is reduced to zero (bsc#1128351). - nvme: flush namespace scanning work just before removing namespaces (bsc#1108101). - nvme: kABI fix for scan_lock (bsc#1123882). - nvme: lock NS list changes while handling command effects (bsc#1123882). - nvme-loop: fix kernel oops in case of unhandled command (bsc#1126807). - nvme-multipath: drop optimization for static ANA group IDs (bsc#1113939). - nvme-multipath: round-robin I/O policy (bsc#1110705). - nvme-pci: fix out of bounds access in nvme_cqe_pending (bsc#1127595). - of, numa: Validate some distance map rules (bsc#1051510). - of: unittest: Disable interrupt node tests for old world MAC systems (bsc#1051510). - omap2fb: Fix stack memory disclosure (bsc#1120902) - openvswitch: Avoid OOB read when parsing flow nlattrs (bsc#1051510). - openvswitch: fix the incorrect flow action alloc size (bsc#1051510). - openvswitch: Remove padding from packet before L3+ conntrack processing (bsc#1051510). - packet: Do not leak dev refcounts on error exit (git-fixes). - packet: validate address length if non-zero (networking-stable-19_01_04). - packet: validate address length (networking-stable-19_01_04). - parport_pc: fix find_superio io compare code, should use equal test (bsc#1051510). - Partially revert 'block: fail op_is_write() requests to (bsc#1125252). - PCI: add USR vendor id and use it in r8169 and w6692 driver (networking-stable-19_01_22). - PCI: Disable broken RTIT_BAR of Intel TH (bsc#1120318). - pci: endpoint: functions: Use memcpy_fromio()/memcpy_toio() (bsc#1051510). - pci-hyperv: increase HV_VP_SET_BANK_COUNT_MAX to handle 1792 vcpus (bsc#1122822). - pci/PME: Fix hotplug/sysfs remove deadlock in pcie_pme_remove() (bsc#1051510). - pci: qcom: Do not deassert reset GPIO during probe (bsc#1129281). - pcrypt: use format specifier in kobject_add (bsc#1051510). - perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805). - perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805). - perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805). - perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805). - perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805). - perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805). - perf/x86/intel: Fix memory corruption (bsc#1121805). - perf/x86/intel: Fix memory corruption (bsc#1121805). - perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805). - perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805). - perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805). - perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805). - perf/x86/intel: Make cpuc allocations consistent (bsc#1121805). - perf/x86/intel: Make cpuc allocations consistent (bsc#1121805). - phonet: af_phonet: Fix Spectre v1 vulnerability (networking-stable-19_01_04). - phy: allwinner: sun4i-usb: poll vbus changes on A23/A33 when driving VBUS (bsc#1051510). - phy: qcom-qmp: Fix failure path in phy_init functions (bsc#1051510). - phy: qcom-qmp: Fix phy pipe clock gating (bsc#1051510). - phy: renesas: rcar-gen3-usb2: fix vbus_ctrl for role sysfs (bsc#1051510). - phy: rockchip-emmc: retry calpad busy trimming (bsc#1051510). - phy: sun4i-usb: add support for missing USB PHY index (bsc#1051510). - phy: tegra: remove redundant self assignment of 'map' (bsc#1051510). - phy: work around 'phys' references to usb-nop-xceiv devices (bsc#1051510). - pinctrl: max77620: Use define directive for max77620_pinconf_param values (bsc#1051510). - pinctrl: meson: fix pull enable register calculation (bsc#1051510). - pinctrl: meson: meson8b: fix the GPIO function for the GPIOAO pins (bsc#1051510). - pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins (bsc#1051510). - pinctrl: meson: meson8: fix the GPIO function for the GPIOAO pins (bsc#1051510). - pinctrl: msm: fix gpio-hog related boot issues (bsc#1051510). - pinctrl: sh-pfc: emev2: Add missing pinmux functions (bsc#1051510). - pinctrl: sh-pfc: r8a7740: Add missing LCD0 marks to lcd0_data24_1 group (bsc#1051510). - pinctrl: sh-pfc: r8a7740: Add missing REF125CK pin to gether_gmii group (bsc#1051510). - pinctrl: sh-pfc: r8a7778: Fix HSPI pin numbers and names (bsc#1051510). - pinctrl: sh-pfc: r8a7791: Fix scifb2_data_c pin group (bsc#1051510). - pinctrl: sh-pfc: r8a7791: Remove bogus ctrl marks from qspi_data4_b group (bsc#1051510). - pinctrl: sh-pfc: r8a7791: Remove bogus marks from vin1_b_data18 group (bsc#1051510). - pinctrl: sh-pfc: r8a7792: Fix vin1_data18_b pin group (bsc#1051510). - pinctrl: sh-pfc: r8a7794: Remove bogus IPSR9 field (bsc#1051510). - pinctrl: sh-pfc: sh7264: Fix PFCR3 and PFCR0 register configuration (bsc#1051510). - pinctrl: sh-pfc: sh7269: Add missing PCIOR0 field (bsc#1051510). - pinctrl: sh-pfc: sh73a0: Add missing TO pin to tpu4_to3 group (bsc#1051510). - pinctrl: sh-pfc: sh73a0: Fix fsic_spdif pin groups (bsc#1051510). - pinctrl: sh-pfc: sh7734: Add missing IPSR11 field (bsc#1051510). - pinctrl: sh-pfc: sh7734: Fix shifted values in IPSR10 (bsc#1051510). - pinctrl: sh-pfc: sh7734: Remove bogus IPSR10 value (bsc#1051510). - pinctrl: sunxi: a64: Rename function csi0 to csi (bsc#1051510). - pinctrl: sunxi: a64: Rename function ts0 to ts (bsc#1051510). - pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11 (bsc#1051510). - pinctrl: sx150x: handle failure case of devm_kstrdup (bsc#1051510). - pktcdvd: Fix possible Spectre-v1 for pkt_devs (bsc#1051510). - platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes (bsc#1051510). - platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK (bsc#1051510). - platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey (bsc#1051510). - platform/x86: Fix unmet dependency warning for SAMSUNG_Q10 (bsc#1051510). - powerpc/64s: Clear on-stack exception marker upon exception return (bsc#1071995). - powerpc: Add an option to disable static PCI bus numbering (bsc#1122159). - powerpc: Always save/restore checkpointed regs during treclaim/trecheckpoint (bsc#1118338). - powerpc/cacheinfo: Report the correct shared_cpu_map on big-cores (bsc#1109695). - powerpc: Detect the presence of big-cores via 'ibm, thread-groups' (bsc#1109695). - powerpc/livepatch: relax reliable stack tracer checks for first-frame (bsc#1071995). - powerpc/livepatch: small cleanups in save_stack_trace_tsk_reliable() (bsc#1071995). - powerpc: make use of for_each_node_by_type() instead of open-coding it (bsc#1109695). - powerpc/powernv: Clear LPCR[PECE1] via stop-api only for deep state offline (bsc#1119766, bsc#1055121). - powerpc/powernv: Clear PECE1 in LPCR via stop-api only on Hotplug (bsc#1119766, bsc#1055121). - powerpc/pseries: export timebase register sample in lparcfg (bsc#1127750). - powerpc/pseries: Perform full re-add of CPU for topology update post-migration (bsc#1125728). - powerpc: Remove facility loadups on transactional {fp, vec, vsx} unavailable (bsc#1118338). - powerpc: Remove redundant FP/Altivec giveup code (bsc#1118338). - powerpc/setup: Add cpu_to_phys_id array (bsc#1109695). - powerpc/smp: Add cpu_l2_cache_map (bsc#1109695). - powerpc/smp: Add Power9 scheduler topology (bsc#1109695). - powerpc/smp: Rework CPU topology construction (bsc#1109695). - powerpc/smp: Use cpu_to_chip_id() to find core siblings (bsc#1109695). - powerpc/tm: Avoid machine crash on rt_sigreturn (bsc#1118338). - powerpc/tm: Do not check for WARN in TM Bad Thing handling (bsc#1118338). - powerpc/tm: Fix comment (bsc#1118338). - powerpc/tm: Fix endianness flip on trap (bsc#1118338). - powerpc/tm: Fix HFSCR bit for no suspend case (bsc#1118338). - powerpc/tm: Fix HTM documentation (bsc#1118338). - powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM (bsc#1118338). - powerpc/tm: P9 disable transactionally suspended sigcontexts (bsc#1118338). - powerpc/tm: Print 64-bits MSR (bsc#1118338). - powerpc/tm: Print scratch value (bsc#1118338). - powerpc/tm: Reformat comments (bsc#1118338). - powerpc/tm: Remove msr_tm_active() (bsc#1118338). - powerpc/tm: Remove struct thread_info param from tm_reclaim_thread() (bsc#1118338). - powerpc/tm: Save MSR to PACA before RFID (bsc#1118338). - powerpc/tm: Set MSR[TS] just prior to recheckpoint (bsc#1118338, bsc#1120955). - powerpc/tm: Unset MSR[TS] if not recheckpointing (bsc#1118338). - powerpc/tm: Update function prototype comment (bsc#1118338). - powerpc: Use cpu_smallcore_sibling_mask at SMT level on bigcores (bsc#1109695). - powerpc/xmon: Fix invocation inside lock region (bsc#1122885). - pptp: dst_release sk_dst_cache in pptp_sock_destruct (git-fixes). - proc/sysctl: do not return ENOMEM on lookup when a table is unregistering (git-fixes). - pseries/energy: Use OF accessor function to read ibm,drc-indexes (bsc#1129080). - pstore/ram: Avoid allocation and leak of platform data (bsc#1051510). - pstore/ram: Avoid NULL deref in ftrace merging failure path (bsc#1051510). - pstore/ram: Correctly calculate usable PRZ bytes (bsc#1051510). - pstore/ram: Do not treat empty buffers as valid (bsc#1051510). - ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl (bsc#1051510). - ptp: Fix pass zero to ERR_PTR() in ptp_clock_register (bsc#1051510). - ptp_kvm: probe for kvm guest availability (bsc#1098382). - ptr_ring: wrap back ->producer in __ptr_ring_swap_queue() (networking-stable-19_01_04). - Put the xhci fix patch to the right place in the sorted section - qed: Avoid constant logical operation warning in qed_vf_pf_acquire (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Avoid implicit enum conversion in qed_iwarp_parse_rx_pkt (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Avoid implicit enum conversion in qed_roce_mode_to_flavor (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Avoid implicit enum conversion in qed_set_tunn_cls_info (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Fix an error code qed_ll2_start_xmit() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix bitmap_weight() check (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix blocking/unlimited SPQ entries leak (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix command number mismatch between driver and the mfw (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Fix mask parameter in qed_vf_prep_tunn_req_tlv (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix memory/entry leak in qed_init_sp_request() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix potential memory corruption (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix PTT leak in qed_drain() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix QM getters to always return a valid pq (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix rdma_info structure allocation (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix reading wrong value in loop condition (bsc#1086314 bsc#1086313 bsc#1086301). - qla2xxx: Fixup dual-protocol FCP connections (bsc#1108870). - qmi_wwan: Added support for Fibocom NL668 series (networking-stable-19_01_04). - qmi_wwan: Added support for Telit LN940 series (networking-stable-19_01_04). - qmi_wwan: add MTU default to qmap network interface (networking-stable-19_01_22). - qmi_wwan: Add support for Fibocom NL678 series (networking-stable-19_01_04). - r8169: Add support for new Realtek Ethernet (networking-stable-19_01_22). - r8169: use PCI_VDEVICE macro (networking-stable-19_01_22). - rapidio/rionet: do not free skb before reading its length (networking-stable-18_12_03). - rbd: do not return 0 on unmap if RBD_DEV_FLAG_REMOVING is set (bsc#1125797). - rcu: Fix up pending cbs check in rcu_prepare_for_idle (git fixes (kernel/rcu)). - rcu: Make need_resched() respond to urgent RCU-QS needs (git fixes (kernel/rcu)). - rdma/core: Fix unwinding flow in case of error to register device (bsc#1046306). - rdma/vmw_pvrdma: Support upto 64-bit PFNs (bsc#1127285). - Refresh patches.suse/scsi-do-not-print-reservation-conflict-for-TEST-UNIT.patch (bsc#1119843) - regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting (bsc#1051510). - regulator: pv88060: Fix array out-of-bounds access (bsc#1051510). - regulator: pv88080: Fix array out-of-bounds access (bsc#1051510). - regulator: pv88090: Fix array out-of-bounds access (bsc#1051510). - regulator: s2mps11: Fix steps for buck7, buck8 and LDO35 (bsc#1051510). - regulator: wm831x-dcdc: Fix list of wm831x_dcdc_ilim from mA to uA (bsc#1051510). - Remove blacklist of virtio patch so we can install it (bsc#1114585) - Revert 'drm/rockchip: Allow driver to be shutdown on reboot/kexec' (bsc#1051510). - Revert 'input: elan_i2c - add acpi ID for touchpad in ASUS Aspire F5-573G' (bsc#1051510). - Revert 'openvswitch: Fix template leak in error cases.' (bsc#1051510). - Revert 'scsi: qla2xxx: Fix NVMe Target discovery' (bsc#1125252). - Revert 'serial: 8250: Fix clearing FIFOs in RS485 mode again' (bsc#1051510). - Revert the previous merge of drm fixes The branch was merged mistakenly and breaks the build. Revert it. - Revert 'xhci: Reset Renesas uPD72020x USB controller for 32-bit DMA issue' (bsc#1120854). - rocker: fix rocker_tlv_put_* functions for KASAN (bsc#1051510). - rpm/kernel-binary.spec.in: fix initrd permissions (bsc#1123697) dracut has been using permissions 0600 for the initrd for a long time. - rpm/kernel-source.changes.old: Really drop old changelogs (bsc#1098995) - rt2800: enable TX_PIN_CFG_RFRX_EN only for MT7620 (bsc#1120902). - rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices (networking-stable-18_12_12). - rxrpc: bad unlock balance in rxrpc_recvmsg (networking-stable-19_02_10). - s390/cio: Fix how vfio-ccw checks pinned pages (git-fixes). - s390/cpum_cf: Reject request for sampling in event initialization (git-fixes). - s390/early: improve machine detection (git-fixes). - s390/ism: clear dmbe_mask bit before SMC IRQ handling (bnc#1117947, LTC#173662). - s390/mm: always force a load of the primary ASCE on context switch (git-fixes). - s390/mm: fix addressing exception after suspend/resume (bsc#1125252). - s390/qeth: cancel close_dev work before removing a card (LTC#175898, bsc#1127561). - s390/qeth: conclude all event processing before offlining a card (LTC#175901, bsc#1127567). - s390/qeth: fix use-after-free in error path (bsc#1127534). - s390/qeth: invoke softirqs after napi_schedule() (git-fixes). - s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU (git-fixes). - s390/smp: fix CPU hotplug deadlock with CPU rescan (git-fixes). - s390/sthyi: Fix machine name validity indication (git-fixes). - s390/zcrypt: fix specification exception on z196 during ap probe (LTC#174936, bsc#1123061). - sata_rcar: fix deferred probing (bsc#1051510). - sbus: char: add of_node_put() (bsc#1051510). - sc16is7xx: Fix for multi-channel stall (bsc#1051510). - sched: Do not re-read h_load_next during hierarchical load calculation (bnc#1120909). - sched/wait: Fix rcuwait_wake_up() ordering (git-fixes). - sched/wake_q: Document wake_q_add() (bsc#1050549). - sched/wake_q: Fix wakeup ordering for wake_q (bsc#1050549). - sched/wake_q: Reduce reference counting for special users (bsc#1050549). - sch_multiq: fix double free on init failure (bsc#1051510). - scsi: core: reset host byte in DID_NEXUS_FAILURE case (bsc#1122764). - scsi: csiostor: remove flush_scheduled_work() (bsc#1127363). - scsi: fix queue cleanup race before queue initialization is done (bsc#1125252). - scsi: ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - scsi: ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton (bsc#1119019). - scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task (bsc#1122192). - scsi: lpfc: Add log messages to aid in debugging fc4type discovery issues (bsc#1121317). - scsi: lpfc: Correct MDS loopback diagnostics support (bsc#1121317). - scsi: lpfc: do not set queue->page_count to 0 if pc_sli4_params.wqpcnt is invalid (bsc#1121317). - scsi: lpfc: Fix discovery failure when PLOGI is defered (bsc#1121317). - scsi: lpfc: Fix link state reporting for trunking when adapter is offline (bsc#1121317). - scsi: lpfc: fix remoteport access (bsc#1125252). - scsi: lpfc: remove an unnecessary NULL check (bsc#1121317). - scsi: lpfc: update fault value on successful trunk events (bsc#1121317). - scsi: lpfc: Update lpfc version to 12.0.0.10 (bsc#1121317). - scsi: mpt3sas: Add ioc_<level> logging macros (bsc#1117108). - scsi: mpt3sas: Annotate switch/case fall-through (bsc#1117108). - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT and reply_q_name to %s: (bsc#1117108). - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT without logging levels (bsc#1117108). - scsi: mpt3sas: Convert mlsleading uses of pr_<level> with MPT3SAS_FMT (bsc#1117108). - scsi: mpt3sas: Convert uses of pr_<level> with MPT3SAS_FMT to ioc_<level> (bsc#1117108). - scsi: mpt3sas: Fix a race condition in mpt3sas_base_hard_reset_handler() (bsc#1117108). - scsi: mpt3sas: Fix indentation (bsc#1117108). - scsi: mpt3sas: Improve kernel-doc headers (bsc#1117108). - scsi: mpt3sas: Introduce struct mpt3sas_nvme_cmd (bsc#1117108). - scsi: mpt3sas: Remove KERN_WARNING from panic uses (bsc#1117108). - scsi: mpt3sas: Remove set-but-not-used variables (bsc#1117108). - scsi: mpt3sas: Remove unnecessary parentheses and simplify null checks (bsc#1117108). - scsi: mpt3sas: Remove unused macro MPT3SAS_FMT (bsc#1117108). - scsi: mpt3sas: Split _base_reset_handler(), mpt3sas_scsih_reset_handler() and mpt3sas_ctl_reset_handler() (bsc#1117108). - scsi: mpt3sas: Swap I/O memory read value back to cpu endianness (bsc#1117108). - scsi: mpt3sas: switch to generic DMA API (bsc#1117108). - scsi: mpt3sas: Use dma_pool_zalloc (bsc#1117108). - scsi: mptsas: Fixup device hotplug for VMWare ESXi (bsc#1129046). - scsi: qedi: Add ep_state for login completion on un-reachable targets (bsc#1113712). - scsi: qla2xxx: Enable FC-NVME on NPIV ports (bsc#1094555). - scsi: qla2xxx: Fix a typo in MODULE_PARM_DESC (bsc#1094555). - scsi: qla2xxx: Fix for FC-NVMe discovery for NPIV port (bsc#1094555). - scsi: qla2xxx: Fix NPIV handling for FC-NVMe (bsc#1094555). - scsi: qla2xxx: Initialize port speed to avoid setting lower speed (bsc#1094555). - scsi: qla2xxx: Modify fall-through annotations (bsc#1094555). - scsi: qla2xxx: Remove unnecessary self assignment (bsc#1094555). - scsi: qla2xxx: Simplify conditional check (bsc#1094555). - scsi: qla2xxx: Timeouts occur on surprise removal of QLogic adapter (bsc#1124985). - scsi: qla2xxx: Update driver version to 10.00.00.12-k (bsc#1094555). - scsi: storvsc: Fix a race in sub-channel creation that can cause panic (). - scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315). - scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315). - scsi: target: make the pi_prot_format ConfigFS path readable (bsc#1123933). - scsi: virtio_scsi: fix pi_bytes{out,in} on 4 KiB block size devices (bsc#1114585). - sctp: add a ceiling to optlen in some sockopts (bnc#1129163). - sctp: improve the events for sctp stream adding (networking-stable-19_02_01). - sctp: improve the events for sctp stream reset (networking-stable-19_02_01). - sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event (networking-stable-19_01_04). - sctp: kfree_rcu asoc (networking-stable-18_12_12). - sd: disable logical block provisioning if 'lbpme' is not set (bsc#1086095 bsc#1078355). - selftests/livepatch: add DYNAMIC_DEBUG config dependency (bsc#1071995). - selftests/livepatch: introduce tests (bsc#1071995). - selftests/powerpc: Use snprintf to construct DSCR sysfs interface paths (bsc#1124579). - selinux: Add __GFP_NOWARN to allocation at str_read() (bsc#1051510). - selinux: always allow mounting submounts (bsc#1051510). - selinux: fix GPF on invalid policy (bsc#1051510). - seq_buf: Make seq_buf_puts() null-terminate the buffer (bsc#1051510). - serial: 8250_pci: Fix number of ports for ACCES serial cards (bsc#1051510). - serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup() (bsc#1051510). - serial: fix race between flush_to_ldisc and tty_open (bsc#1051510). - serial: fsl_lpuart: clear parity enable bit when disable parity (bsc#1051510). - serial: imx: fix error handling in console_setup (bsc#1051510). - serial: set suppress_bind_attrs flag only if builtin (bsc#1051510). - serial/sunsu: fix refcount leak (bsc#1051510). - serial: uartps: Fix interrupt mask issue to handle the RX interrupts properly (bsc#1051510). - serial: uartps: Fix stuck ISR if RX disabled with non-empty FIFO (bsc#1051510). - signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init (git-fixes). - skge: potential memory corruption in skge_get_regs() (bsc#1051510). - sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79 (bsc#1051510). - sky2: Increase D3 delay again (bsc#1051510). - slab: alien caches must not be initialized if the allocation of the alien cache failed (git fixes (mm/slab)). - smb3.1.1 dialect is no longer experimental (bsc#1051510). - smb311: Fix reconnect (bsc#1051510). - smb311: Improve checking of negotiate security contexts (bsc#1051510). - smb3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510). - smb3: allow stats which track session and share reconnects to be reset (bsc#1051510). - smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510). - smb3: check for and properly advertise directory lease support (bsc#1051510). - smb3: directory sync should not return an error (bsc#1051510). - smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510). - smb3: do not request leases in symlink creation and query (bsc#1051510). - smb3: Do not send smb3 SET_INFO if nothing changed (bsc#1051510). - smb3: Enable encryption for SMB3.1.1 (bsc#1051510). - smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510). - smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510). - smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510). - smb3: Fix root directory when server returns inode number of zero (bsc#1051510). - smb3: fix various xid leaks (bsc#1051510). - smb3: Improve security, move default dialect to smb3 from old CIFS (bsc#1051510). - smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510). - smb3: Remove ifdef since smb3 (and later) now STRONGLY preferred (bsc#1051510). - smb3: remove noisy warning message on mount (bsc#1129664). - smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510). - soc: bcm: brcmstb: Do not leak device tree node reference (bsc#1051510). - soc/tegra: Do not leak device tree node reference (bsc#1051510). - splice: do not merge into linked buffers (git-fixes). - staging: comedi: ni_660x: fix missing break in switch statement (bsc#1051510). - staging:iio:ad2s90: Make probe handle spi_setup failure (bsc#1051510). - staging: iio: ad7780: update voltage on read (bsc#1051510). - staging: iio: adc: ad7280a: handle error from __ad7280_read32() (bsc#1051510). - staging: iio: adt7316: allow adt751x to use internal vref for all dacs (bsc#1051510). - staging: iio: adt7316: fix register and bit definitions (bsc#1051510). - staging: iio: adt7316: fix the dac read calculation (bsc#1051510). - staging: iio: adt7316: fix the dac write calculation (bsc#1051510). - staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1 (bsc#1051510). - staging: rtl8723bs: Fix build error with Clang when inlining is disabled (bsc#1051510). - staging: speakup: Replace strncpy with memcpy (bsc#1051510). - staging: wilc1000: fix to set correct value for 'vif_num' (bsc#1051510). - sunrpc: correct the computation for page_ptr when truncating (git-fixes). - sunrpc: Fix a potential race in xprt_connect() (git-fixes). - sunrpc: Fix leak of krb5p encode pages (git-fixes). - sunrpc: handle ENOMEM in rpcb_getport_async (git-fixes). - sunrpc: safely reallow resvport min/max inversion (git-fixes). - svm: Add mutex_lock to protect apic_access_page_done on AMD systems (bsc#1129285). - swiotlb: Add is_swiotlb_active() function (bsc#1120008). - swiotlb: Introduce swiotlb_max_mapping_size() (bsc#1120008). - switchtec: Fix SWITCHTEC_IOCTL_EVENT_IDX_ALL flags overwrite (bsc#1051510). - switchtec: Remove immediate status check after submitting MRPC command (bsc#1051510). - sysfs: Disable lockdep for driver bind/unbind files (bsc#1051510). - tcp: batch tcp_net_metrics_exit (bsc#1122982). - tcp: change txhash on SYN-data timeout (networking-stable-19_01_20). - tcp: Do not underestimate rwnd_limited (networking-stable-18_12_12). - tcp: fix a race in inet_diag_dump_icsk() (networking-stable-19_01_04). - tcp: fix NULL ref in tail loss probe (networking-stable-18_12_12). - tcp: handle inet_csk_reqsk_queue_add() failures (git-fixes). - tcp: lack of available data can also cause TSO defer (git-fixes). - team: avoid complex list operations in team_nl_cmd_options_set() (bsc#1051510). - team: Free BPF filter when unregistering netdev (bsc#1051510). - thermal: do not clear passive state during system sleep (bsc#1051510). - thermal/drivers/hisi: Encapsulate register writes into helpers (bsc#1051510). - thermal/drivers/hisi: Fix configuration register setting (bsc#1051510). - thermal: generic-adc: Fix adc to temp interpolation (bsc#1051510). - thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set (bsc#1051510). - thermal: int340x_thermal: Fix a NULL vs IS_ERR() check (bsc#1051510). - thermal: mediatek: fix register index error (bsc#1051510). - timekeeping: Use proper seqcount initializer (bsc#1051510). - tipc: compare remote and local protocols in tipc_udp_enable() (networking-stable-19_01_04). - tipc: eliminate KMSAN uninit-value in strcmp complaint (bsc#1051510). - tipc: error path leak fixes in tipc_enable_bearer() (bsc#1051510). - tipc: fix a double kfree_skb() (networking-stable-19_01_04). - tipc: fix a race condition of releasing subscriber object (bsc#1051510). - tipc: fix bug in function tipc_nl_node_dump_monitor (bsc#1051510). - tipc: fix infinite loop when dumping link monitor summary (bsc#1051510). - tipc: fix RDM/DGRAM connect() regression (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_bearer_enable (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_doit (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_link_reset_stats (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_link_set (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_name_table_dump (bsc#1051510). - tipc: use lock_sock() in tipc_sk_reinit() (networking-stable-19_01_04). - tpm: fix kdoc for tpm2_flush_context_cmd() (bsc#1051510). - tpm: return a TPM_RC_COMMAND_CODE response if command is not implemented (bsc#1051510). - tpm: Return the actual size when receiving an unsupported command (bsc#1051510). - tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated (bsc#1051510). - tpm/tpm_i2c_infineon: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) (bsc#1051510). - tpm: tpm_i2c_nuvoton: use correct command duration for TPM 2.x (bsc#1051510). - tpm: tpm_try_transmit() refactor error flow (bsc#1051510). - tracing: Do not free iter->trace in fail path of tracing_open_pipe() (bsc#1129581). - tracing/uprobes: Fix output for multiple string arguments (bsc#1126495). - tracing: Use strncpy instead of memcpy for string keys in hist triggers (bsc#1129625). - Tree connect for smb3.1.1 must be signed for non-encrypted shares (bsc#1051510). - tty: Handle problem if line discipline does not have receive_buf (bsc#1051510). - tty: ipwireless: Fix potential NULL pointer dereference (bsc#1051510). - tty/n_hdlc: fix __might_sleep warning (bsc#1051510). - tty/serial: do not free trasnmit buffer page under port lock (bsc#1051510). - tty: serial: samsung: Properly set flags in autoCTS mode (bsc#1051510). - tun: forbid iface creation with rtnl ops (networking-stable-18_12_12). - uart: Fix crash in uart_write and uart_put_char (bsc#1051510). - ucc_geth: Reset BQL queue when stopping device (networking-stable-19_02_01). - ucma: fix a use-after-free in ucma_resolve_ip() (bsc#1051510). - uevent: add alloc_uevent_skb() helper (bsc#1122982). - Update config files. Remove conditional support for smb2 and SMB3: - Update patches.arch/s390-sles15-zcrypt-fix-specification-exception.patch (LTC#174936, bsc#1123060, bsc#1123061). - Update patches.fixes/acpi-nfit-Block-function-zero-DSMs.patch (bsc#1051510, bsc#1121789). - Update patches.fixes/acpi-nfit-Fix-command-supported-detection.patch (bsc#1051510, bsc#1121789). Add more detailed bugzilla reference. - Update patches.kabi/bpf-prevent-memory-disambiguation-attack.patch (bsc#1087082). - Update patches.kabi/bpf-properly-enforce-index-mask-to-prevent-out-of-bo.patch (bsc#1098425). - uprobes: Fix handle_swbp() vs. unregister() + register() race once more (bsc#1051510). - usb: Add new USB LPM helpers (bsc#1120902). - usb: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB (bsc#1120902). - usb: cdc-acm: send ZLP for Telit 3G Intel based modems (bsc#1120902). - usb: Consolidate LPM checks to avoid enabling LPM twice (bsc#1120902). - usb: dwc3: Correct the logic for checking TRB full in __dwc3_prepare_one_trb() (bsc#1051510). - usb: dwc3: gadget: Clear req->needs_extra_trb flag on cleanup (bsc#1120902). - usb: dwc3: gadget: Disable CSP for stream OUT ep (bsc#1051510). - usb: dwc3: gadget: Handle 0 xfer length for OUT EP (bsc#1051510). - usb: dwc3: trace: add missing break statement to make compiler happy (bsc#1120902). - usb: gadget: musb: fix short isoc packets with inventra dma (bsc#1051510). - usb: gadget: udc: net2272: Fix bitwise and boolean operations (bsc#1051510). - usb: hub: delay hub autosuspend if USB3 port is still link training (bsc#1051510). - usb: mtu3: fix the issue about SetFeature(U1/U2_Enable) (bsc#1051510). - usb: musb: dsps: fix otg state machine (bsc#1051510). - usb: musb: dsps: fix runtime pm for peripheral mode (bsc#1120902). - usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2 (networking-stable-18_12_03). - usbnet: smsc95xx: fix rx packet alignment (bsc#1051510). - usb: phy: am335x: fix race condition in _probe (bsc#1051510). - usb: serial: option: add Fibocom NL678 series (bsc#1120902). - usb: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays (bsc#1120902). - usb: serial: pl2303: add new PID to support PL2303TB (bsc#1051510). - usb: serial: simple: add Motorola Tetra TPG2200 device id (bsc#1051510). - usb: storage: add quirk for SMI SM3350 (bsc#1120902). - usb: storage: do not insert sane sense for SPC3+ when bad sense specified (bsc#1120902). - usb: xhci: fix 'broken_suspend' placement in struct xchi_hcd (bsc#1119086). - veth: set peer GSO values (bsc#1051510). - vfio: ccw: fix cleanup if cp_prefetch fails (git-fixes). - vfio: ccw: process ssch with interrupts disabled (git-fixes). - vfs: Add iomap_seek_hole and iomap_seek_data helpers (bsc#1070995). - vfs: Add page_cache_seek_hole_data helper (bsc#1070995). - vfs: in iomap seek_{hole,data}, return -ENXIO for negative offsets (bsc#1070995). - vhost: correctly check the return value of translate_desc() in log_used() (bsc#1051510). - vhost: log dirty page correctly (networking-stable-19_01_26). - vhost: make sure used idx is seen before log in vhost_add_used_n() (networking-stable-19_01_04). - vhost/vsock: fix uninitialized vhost_vsock->guest_cid (bsc#1051510). - video: clps711x-fb: release disp device node in probe() (bsc#1051510). - virtio-blk: Consider virtio_max_dma_size() for maximum segment size (bsc#1120008). - virtio: Introduce virtio_max_dma_size() (bsc#1120008). - virtio_net: Do not call free_old_xmit_skbs for xdp_frames (networking-stable-19_02_01). - virtio-net: fail XDP set if guest csum is negotiated (networking-stable-18_12_03). - virtio-net: keep vnet header zeroed after processing XDP (networking-stable-18_12_12). - virtio/s390: avoid race on vcdev->config (git-fixes). - virtio/s390: fix race in ccw_io_helper() (git-fixes). - vmci: Support upto 64-bit PPNs (bsc#1127286). - vsock: cope with memory allocation failure at socket creation time (bsc#1051510). - vsock: Send reset control packet when socket is partially bound (networking-stable-19_01_04). - vt: invoke notifier on screen size change (bsc#1051510). - vxge: ensure data0 is initialized in when fetching firmware version information (bsc#1051510). - vxlan: Fix GRO cells race condition between receive and link delete (git-fixes). - vxlan: test dev->flags & IFF_UP before calling gro_cells_receive() (git-fixes). - vxlan: update skb dst pmtu on tx path (bsc#1123456). - w90p910_ether: remove incorrect __init annotation (bsc#1051510). - watchdog: docs: kernel-api: do not reference removed functions (bsc#1051510). - watchdog: w83627hf_wdt: Add quirk for Inves system (bsc#1106434). - writeback: do not decrement wb->refcnt if !wb->bdi (git fixes (writeback)). - x86: Add TSX Force Abort CPUID/MSR (bsc#1121805). - x86: Add TSX Force Abort CPUID/MSR (bsc#1121805). - x86/amd_nb: Add PCI device IDs for family 17h, model 30h (). - x86/amd_nb: Add support for newer PCI topologies (). - x86/a.out: Clear the dump structure initially (bsc#1114279). - x86/apic: Provide apic_ack_irq() (bsc#1122822). - x86/boot/e820: Avoid overwriting e820_table_firmware (bsc#1127154). - x86/boot/e820: Introduce the bootloader provided e820_table_firmware[] table (bsc#1127154). - x86/boot/e820: Rename the e820_table_firmware to e820_table_kexec (bsc#1127154). - x86/bugs: Add AMD's variant of SSB_NO (bsc#1114279). - x86/bugs: Update when to check for the LS_CFG SSBD mitigation (bsc#1114279). - x86/efi: Allocate e820 buffer before calling efi_exit_boot_service (bsc#1127307). - x86/efi: Allocate e820 buffer before calling efi_exit_boot_service (bsc#1127307). - x86/Hyper-V: Set x2apic destination mode to physical when x2apic is available (bsc#1122822). - x86/kaslr: Fix incorrect i8254 outb() parameters (bsc#1114279). - x86/kvmclock: set pvti_cpu0_va after enabling kvmclock (bsc#1098382). - x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out() (bsc#1114279). - x86/microcode/amd: Do not falsely trick the late loading mechanism (bsc#1114279). - x86/mm: Drop usage of __flush_tlb_all() in kernel_physical_mapping_init() (bsc#1114279). - x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE (bsc#1114279). - x86/mtrr: Do not copy uninitialized gentry fields back to userspace (bsc#1114279). - x86/pkeys: Properly copy pkey state at fork() (bsc#1129366). - x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls (bsc#1125614). - x86/pvclock: add setter for pvclock_pvti_cpu0_va (bsc#1098382). - x86/resctrl: Fix rdt_find_domain() return value and checks (bsc#1114279). - x86: respect memory size limiting via mem= parameter (bsc#1117645). - x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC variant (bsc#1114279). - x86/speculation: Remove redundant arch_smt_update() invocation (bsc#1114279). - x86/vdso: Remove obsolete 'fake section table' reservation (bsc#1114279). - x86/xen: dont add memory above max allowed allocation (bsc#1117645). - x86/xen/time: Output xen sched_clock time from 0 (bsc#1098382). - x86/xen/time: set pvclock flags on xen_time_init() (bsc#1098382). - x86/xen/time: setup vcpu 0 time info page (bsc#1098382). - xen, cpu_hotplug: Prevent an out of bounds access (bsc#1065600). - xen: fix dom0 boot on huge systems (bsc#1127836). - xen: Fix x86 sched_clock() interface for xen (bsc#1098382). - xen/manage: do not complain about an empty value in control/sysrq node (bsc#1065600). - xen: remove pre-xen3 fallback handlers (bsc#1065600). - xfs: add option to mount with barrier=0 or barrier=1 (bsc#1088133). - xfs: fix contiguous dquot chunk iteration livelock (bsc#1070995). - xfs: remove filestream item xfs_inode reference (bsc#1127961). - xfs: rewrite xfs_dq_get_next_id using xfs_iext_lookup_extent (bsc#1070995). - xhci: Add quirk to zero 64bit registers on Renesas PCIe controllers (bsc#1120854). - xhci: workaround CSS timeout on AMD SNPS 3.0 xHC (bsc#1119086). - xprtrdma: Reset credit grant properly after a disconnect (git-fixes). - Yama: Check for pid death before checking ancestry (bsc#1051510). - yam: fix a missing-check bug (bsc#1051510). - zswap: re-check zswap_is_full() after do zswap_shrink() (bsc#1051510). - xfs: Switch to iomap for SEEK_HOLE / SEEK_DATA (bsc#1070995). Important SUSE bug 1046305 SUSE bug 1046306 SUSE bug 1050252 SUSE bug 1050549 SUSE bug 1051510 SUSE bug 1054610 SUSE bug 1055121 SUSE bug 1056658 SUSE bug 1056662 SUSE bug 1056787 SUSE bug 1060463 SUSE bug 1063638 SUSE bug 1065600 SUSE bug 1068032 SUSE bug 1070995 SUSE bug 1071995 SUSE bug 1074562 SUSE bug 1074578 SUSE bug 1074701 SUSE bug 1075006 SUSE bug 1075419 SUSE bug 1075748 SUSE bug 1078355 SUSE bug 1080039 SUSE bug 1082943 SUSE bug 1083548 SUSE bug 1083647 SUSE bug 1084216 SUSE bug 1086095 SUSE bug 1086282 SUSE bug 1086301 SUSE bug 1086313 SUSE bug 1086314 SUSE bug 1086323 SUSE bug 1087082 SUSE bug 1087084 SUSE bug 1087092 SUSE bug 1087939 SUSE bug 1088133 SUSE bug 1094555 SUSE bug 1098382 SUSE bug 1098425 SUSE bug 1098995 SUSE bug 1102055 SUSE bug 1103429 SUSE bug 1104353 SUSE bug 1106105 SUSE bug 1106434 SUSE bug 1106811 SUSE bug 1107078 SUSE bug 1107665 SUSE bug 1108101 SUSE bug 1108870 SUSE bug 1109695 SUSE bug 1110096 SUSE bug 1110705 SUSE bug 1111666 SUSE bug 1113042 SUSE bug 1113712 SUSE bug 1113722 SUSE bug 1113769 SUSE bug 1113939 SUSE bug 1114279 SUSE bug 1114585 SUSE bug 1114893 SUSE bug 1117108 SUSE bug 1117155 SUSE bug 1117645 SUSE bug 1117947 SUSE bug 1118338 SUSE bug 1119019 SUSE bug 1119086 SUSE bug 1119766 SUSE bug 1119843 SUSE bug 1120008 SUSE bug 1120318 SUSE bug 1120601 SUSE bug 1120758 SUSE bug 1120854 SUSE bug 1120902 SUSE bug 1120909 SUSE bug 1120955 SUSE bug 1121317 SUSE bug 1121726 SUSE bug 1121789 SUSE bug 1121805 SUSE bug 1122019 SUSE bug 1122159 SUSE bug 1122192 SUSE bug 1122292 SUSE bug 1122324 SUSE bug 1122554 SUSE bug 1122662 SUSE bug 1122764 SUSE bug 1122779 SUSE bug 1122822 SUSE bug 1122885 SUSE bug 1122927 SUSE bug 1122944 SUSE bug 1122971 SUSE bug 1122982 SUSE bug 1123060 SUSE bug 1123061 SUSE bug 1123161 SUSE bug 1123317 SUSE bug 1123348 SUSE bug 1123357 SUSE bug 1123456 SUSE bug 1123538 SUSE bug 1123697 SUSE bug 1123882 SUSE bug 1123933 SUSE bug 1124055 SUSE bug 1124204 SUSE bug 1124235 SUSE bug 1124579 SUSE bug 1124589 SUSE bug 1124728 SUSE bug 1124732 SUSE bug 1124735 SUSE bug 1124969 SUSE bug 1124974 SUSE bug 1124975 SUSE bug 1124976 SUSE bug 1124978 SUSE bug 1124979 SUSE bug 1124980 SUSE bug 1124981 SUSE bug 1124982 SUSE bug 1124984 SUSE bug 1124985 SUSE bug 1125109 SUSE bug 1125125 SUSE bug 1125252 SUSE bug 1125315 SUSE bug 1125614 SUSE bug 1125728 SUSE bug 1125780 SUSE bug 1125797 SUSE bug 1125799 SUSE bug 1125800 SUSE bug 1125907 SUSE bug 1125947 SUSE bug 1126131 SUSE bug 1126209 SUSE bug 1126389 SUSE bug 1126393 SUSE bug 1126476 SUSE bug 1126480 SUSE bug 1126481 SUSE bug 1126488 SUSE bug 1126495 SUSE bug 1126555 SUSE bug 1126579 SUSE bug 1126789 SUSE bug 1126790 SUSE bug 1126802 SUSE bug 1126803 SUSE bug 1126804 SUSE bug 1126805 SUSE bug 1126806 SUSE bug 1126807 SUSE bug 1127042 SUSE bug 1127062 SUSE bug 1127082 SUSE bug 1127154 SUSE bug 1127285 SUSE bug 1127286 SUSE bug 1127307 SUSE bug 1127363 SUSE bug 1127493 SUSE bug 1127494 SUSE bug 1127495 SUSE bug 1127496 SUSE bug 1127497 SUSE bug 1127498 SUSE bug 1127534 SUSE bug 1127561 SUSE bug 1127567 SUSE bug 1127595 SUSE bug 1127603 SUSE bug 1127682 SUSE bug 1127731 SUSE bug 1127750 SUSE bug 1127836 SUSE bug 1127961 SUSE bug 1128094 SUSE bug 1128166 SUSE bug 1128351 SUSE bug 1128451 SUSE bug 1128895 SUSE bug 1129046 SUSE bug 1129080 SUSE bug 1129163 SUSE bug 1129179 SUSE bug 1129181 SUSE bug 1129182 SUSE bug 1129183 SUSE bug 1129184 SUSE bug 1129205 SUSE bug 1129281 SUSE bug 1129284 SUSE bug 1129285 SUSE bug 1129291 SUSE bug 1129292 SUSE bug 1129293 SUSE bug 1129294 SUSE bug 1129295 SUSE bug 1129296 SUSE bug 1129326 SUSE bug 1129327 SUSE bug 1129330 SUSE bug 1129363 SUSE bug 1129366 SUSE bug 1129497 SUSE bug 1129519 SUSE bug 1129543 SUSE bug 1129547 SUSE bug 1129551 SUSE bug 1129581 SUSE bug 1129625 SUSE bug 1129664 SUSE bug 1129739 SUSE bug 1129923 SUSE bug 807502 SUSE bug 824948 SUSE bug 828192 SUSE bug 925178 CVE-2017-5753 CVE-2018-20669 CVE-2019-2024 CVE-2019-3459 CVE-2019-3460 CVE-2019-3819 CVE-2019-6974 CVE-2019-7221 CVE-2019-7222 CVE-2019-7308 CVE-2019-8912 CVE-2019-8980 CVE-2019-9213 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-8834: KVM on Power8 processors had a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability to run code in kernel space of a guest VM can cause the host kernel to panic (bnc#1168276). - CVE-2020-11494: An issue was discovered in slc_bump in drivers/net/can/slcan.c, which allowed attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL (bnc#1168424). - CVE-2020-10942: In get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls (bnc#1167629). - CVE-2019-9458: In the video driver there was a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed (bnc#1168295). - CVE-2019-3701: Fixed an issue in can_can_gw_rcv, which could cause a system crash (bnc#1120386). - CVE-2019-19770: Fixed a use-after-free in the debugfs_remove function (bsc#1159198). - CVE-2020-11669: Fixed an issue where arch/powerpc/kernel/idle_book3s.S did not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR (bnc#1169390). - CVE-2020-8647: There was a use-after-free vulnerability in the vc_do_resize function in drivers/tty/vt/vt.c (bnc#1162929). - CVE-2020-8649: There was a use-after-free vulnerability in the vgacon_invert_region function in drivers/video/console/vgacon.c (bnc#1162931). - CVE-2020-9383: An issue was discovered set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it (bnc#1165111). - CVE-2019-19768: Fixed a use-after-free in the __blk_add_trace function in kernel/trace/blktrace.c (bnc#1159285). The following non-security bugs were fixed: - ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro (bsc#1051510). - ACPI: watchdog: Fix gas->access_width usage (bsc#1051510). - ALSA: ali5451: remove redundant variable capture_flag (bsc#1051510). - ALSA: core: Replace zero-length array with flexible-array member (bsc#1051510). - ALSA: emu10k1: Fix endianness annotations (bsc#1051510). - ALSA: hda/ca0132 - Replace zero-length array with flexible-array member (bsc#1051510). - ALSA: hda_codec: Replace zero-length array with flexible-array member (bsc#1051510). - ALSA: hda: Fix potential access overflow in beep helper (bsc#1051510). - ALSA: hda/realtek: Fix pop noise on ALC225 (git-fixes). - ALSA: hda/realtek - Set principled PC Beep configuration for ALC256 (bsc#1051510). - ALSA: hda: remove redundant assignment to variable timeout (bsc#1051510). - ALSA: hda: Use scnprintf() for string truncation (bsc#1051510). - ALSA: hdsp: remove redundant assignment to variable err (bsc#1051510). - ALSA: ice1724: Fix invalid access for enumerated ctl items (bsc#1051510). - ALSA: info: remove redundant assignment to variable c (bsc#1051510). - ALSA: korg1212: fix if-statement empty body warnings (bsc#1051510). - ALSA: line6: Fix endless MIDI read loop (git-fixes). - ALSA: pcm: oss: Avoid plugin buffer overflow (git-fixes). - ALSA: pcm: oss: Fix regression by buffer overflow fix (bsc#1051510). - ALSA: pcm: oss: Remove WARNING from snd_pcm_plug_alloc() checks (git-fixes). - ALSA: seq: oss: Fix running status after receiving sysex (git-fixes). - ALSA: seq: virmidi: Fix running status after receiving sysex (git-fixes). - ALSA: usx2y: Adjust indentation in snd_usX2Y_hwdep_dsp_status (bsc#1051510). - ALSA: via82xx: Fix endianness annotations (bsc#1051510). - ASoC: dapm: Correct DAPM handling of active widgets during shutdown (bsc#1051510). - ASoC: Intel: atom: Take the drv->lock mutex before calling sst_send_slot_map() (bsc#1051510). - ASoC: Intel: mrfld: fix incorrect check on p->sink (bsc#1051510). - ASoC: Intel: mrfld: return error codes when an error occurs (bsc#1051510). - ASoC: jz4740-i2s: Fix divider written at incorrect offset in register (bsc#1051510). - ASoC: pcm512x: Fix unbalanced regulator enable call in probe error path (bsc#1051510). - ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output (bsc#1051510). - ASoC: pcm: update FE/BE trigger order based on the command (bsc#1051510). - ASoC: sun8i-codec: Remove unused dev from codec struct (bsc#1051510). - ASoC: topology: Fix memleak in soc_tplg_link_elems_load() (bsc#1051510). - ath9k: Handle txpower changes even when TPC is disabled (bsc#1051510). - atm: zatm: Fix empty body Clang warnings (bsc#1051510). - atomic: Add irqsave variant of atomic_dec_and_lock() (bsc#1166003). - b43legacy: Fix -Wcast-function-type (bsc#1051510). - batman-adv: Avoid spurious warnings from bat_v neigh_cmp implementation (bsc#1051510). - batman-adv: Do not schedule OGM for disabled interface (bsc#1051510). - batman-adv: prevent TT request storms by not sending inconsistent TT TLVLs (bsc#1051510). - blk: Fix kabi due to blk_trace_mutex addition (bsc#1159285). - blk-mq: Allow blocking queue tag iter callbacks (bsc#1167316). - blktrace: fix dereference after null check (bsc#1159285). - blktrace: fix trace mutex deadlock (bsc#1159285). - block: allow gendisk's request_queue registration to be (bsc#1104967,bsc#1159142). - block, bfq: fix use-after-free in bfq_idle_slice_timer_body (bsc#1168760). - block: keep bdi->io_pages in sync with max_sectors_kb for stacked devices (bsc#1168762). - Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl (bsc#1051510). - bnxt_en: Fix TC queue mapping (networking-stable-20_02_05). - bonding/alb: properly access headers in bond_alb_xmit() (networking-stable-20_02_09). - bpf: Explicitly memset some bpf info structures declared on the stack (bsc#1083647). - bpf: Explicitly memset the bpf_attr structure (bsc#1083647). - bpf: fix ldx in ld_abs rewrite for large offsets (bsc#1154385). - bpf: implement ld_abs/ld_ind in native bpf (bsc#1154385). - bpf: make unknown opcode handling more robust (bsc#1154385). - bpf: prefix cbpf internal helpers with bpf_ (bsc#1154385). - bpf, x64: remove ld_abs/ld_ind (bsc#1154385). - bpf, x64: save several bytes by using mov over movabsq when possible (bsc#1154385). - btrfs: Account for trans_block_rsv in may_commit_transaction (bsc#1165949). - btrfs: add a flush step for delayed iputs (bsc#1165949). - btrfs: add assertions for releasing trans handle reservations (bsc#1165949). - btrfs: add btrfs_delete_ref_head helper (bsc#1165949). - btrfs: add enospc debug messages for ticket failure (bsc#1165949). - btrfs: Add enospc_debug printing in metadata_reserve_bytes (bsc#1165949). - btrfs: add new flushing states for the delayed refs rsv (bsc#1165949). - btrfs: add space reservation tracepoint for reserved bytes (bsc#1165949). - btrfs: allow us to use up to 90% of the global rsv for unlink (bsc#1165949). - btrfs: always reserve our entire size for the global reserve (bsc#1165949). - btrfs: assert on non-empty delayed iputs (bsc##1165949). - btrfs: be more explicit about allowed flush states (bsc#1165949). - btrfs: call btrfs_create_pending_block_groups unconditionally (bsc#1165949). - btrfs: catch cow on deleting snapshots (bsc#1165949). - btrfs: change the minimum global reserve size (bsc#1165949). - btrfs: check if there are free block groups for commit (bsc#1165949). - btrfs: clean up error handling in btrfs_truncate() (bsc#1165949). - btrfs: cleanup extent_op handling (bsc#1165949). - btrfs: cleanup root usage by btrfs_get_alloc_profile (bsc#1165949). - btrfs: cleanup the target logic in __btrfs_block_rsv_release (bsc#1165949). - btrfs: clear space cache inode generation always (bsc#1165949). - btrfs: delayed-ref: pass delayed_refs directly to btrfs_delayed_ref_lock (bsc#1165949). - btrfs: do not account global reserve in can_overcommit (bsc#1165949). - btrfs: do not allow reservations if we have pending tickets (bsc#1165949). - btrfs: do not call btrfs_start_delalloc_roots in flushoncommit (bsc#1165949). - btrfs: do not end the transaction for delayed refs in throttle (bsc#1165949). - btrfs: do not enospc all tickets on flush failure (bsc#1165949). - btrfs: do not run delayed_iputs in commit (bsc##1165949). - btrfs: do not run delayed refs in the end transaction logic (bsc#1165949). - btrfs: do not use ctl->free_space for max_extent_size (bsc##1165949). - btrfs: do not use global reserve for chunk allocation (bsc#1165949). - btrfs: drop min_size from evict_refill_and_join (bsc##1165949). - btrfs: drop unused space_info parameter from create_space_info (bsc#1165949). - btrfs: dump block_rsv details when dumping space info (bsc#1165949). - btrfs: export block group accounting helpers (bsc#1165949). - btrfs: export block_rsv_use_bytes (bsc#1165949). - btrfs: export btrfs_block_rsv_add_bytes (bsc#1165949). - btrfs: export __btrfs_block_rsv_release (bsc#1165949). - btrfs: export space_info_add_*_bytes (bsc#1165949). - btrfs: export the block group caching helpers (bsc#1165949). - btrfs: export the caching control helpers (bsc#1165949). - btrfs: export the excluded extents helpers (bsc#1165949). - btrfs: extent-tree: Add lockdep assert when updating space info (bsc#1165949). - btrfs: extent-tree: Add trace events for space info numbers update (bsc#1165949). - btrfs: extent-tree: Detect bytes_may_use underflow earlier (bsc#1165949). - btrfs: extent-tree: Detect bytes_pinned underflow earlier (bsc#1165949). - btrfs: factor out the ticket flush handling (bsc#1165949). - btrfs: fix btrfs_wait_ordered_range() so that it waits for all ordered extents (bsc#1163508). - btrfs: fix insert_reserved error handling (bsc##1165949). - btrfs: fix may_commit_transaction to deal with no partial filling (bsc#1165949). - btrfs: fix missing delayed iputs on unmount (bsc#1165949). - btrfs: fix panic during relocation after ENOSPC before writeback happens (bsc#1163508). - btrfs: fix qgroup double free after failure to reserve metadata for delalloc (bsc#1165949). - btrfs: fix race leading to metadata space leak after task received signal (bsc#1165949). - btrfs: fix truncate throttling (bsc#1165949). - btrfs: force chunk allocation if our global rsv is larger than metadata (bsc#1165949). - btrfs: Improve global reserve stealing logic (bsc#1165949). - btrfs: introduce an evict flushing state (bsc#1165949). - btrfs: introduce delayed_refs_rsv (bsc#1165949). - btrfs: loop in inode_rsv_refill (bsc#1165949). - btrfs: make btrfs_destroy_delayed_refs use btrfs_delayed_ref_lock (bsc#1165949). - btrfs: make btrfs_destroy_delayed_refs use btrfs_delete_ref_head (bsc#1165949). - btrfs: make caching_thread use btrfs_find_next_key (bsc#1165949). - btrfs: migrate btrfs_trans_release_chunk_metadata (bsc#1165949). - btrfs: migrate inc/dec_block_group_ro code (bsc#1165949). - btrfs: migrate nocow and reservation helpers (bsc#1165949). - btrfs: migrate the alloc_profile helpers (bsc#1165949). - btrfs: migrate the block group caching code (bsc#1165949). - btrfs: migrate the block group cleanup code (bsc#1165949). - btrfs: migrate the block group lookup code (bsc#1165949). - btrfs: migrate the block group read/creation code (bsc#1165949). - btrfs: migrate the block group ref counting stuff (bsc#1165949). - btrfs: migrate the block group removal code (bsc#1165949). - btrfs: migrate the block group space accounting helpers (bsc#1165949). - btrfs: migrate the block-rsv code to block-rsv.c (bsc#1165949). - btrfs: migrate the chunk allocation code (bsc#1165949). - btrfs: migrate the delalloc space stuff to it's own home (bsc#1165949). - btrfs: migrate the delayed refs rsv code (bsc#1165949). - btrfs: migrate the dirty bg writeout code (bsc#1165949). - btrfs: migrate the global_block_rsv helpers to block-rsv.c (bsc#1165949). - btrfs: move and export can_overcommit (bsc#1165949). - btrfs: move basic block_group definitions to their own header (bsc#1165949). - btrfs: move btrfs_add_free_space out of a header file (bsc#1165949). - btrfs: move btrfs_block_rsv definitions into it's own header (bsc#1165949). - btrfs: move btrfs_raid_group values to btrfs_raid_attr table (bsc#1165949). - btrfs: move btrfs_space_info_add_*_bytes to space-info.c (bsc#1165949). - btrfs: move dump_space_info to space-info.c (bsc#1165949). - btrfs: move reserve_metadata_bytes and supporting code to space-info.c (bsc#1165949). - btrfs: move space_info to space-info.h (bsc#1165949). - btrfs: move the space_info handling code to space-info.c (bsc#1165949). - btrfs: move the space info update macro to space-info.h (bsc#1165949). - btrfs: move the subvolume reservation stuff out of extent-tree.c (bsc#1165949). - btrfs: only check delayed ref usage in should_end_transaction (bsc#1165949). - btrfs: only check priority tickets for priority flushing (bsc#1165949). - btrfs: only free reserved extent if we didn't insert it (bsc##1165949). - btrfs: only reserve metadata_size for inodes (bsc#1165949). - btrfs: only track ref_heads in delayed_ref_updates (bsc#1165949). - btrfs: Output ENOSPC debug info in inc_block_group_ro (bsc#1165949). - btrfs: pass root to various extent ref mod functions (bsc#1165949). - btrfs: refactor block group replication factor calculation to a helper (bsc#1165949). - btrfs: refactor priority_reclaim_metadata_space (bsc#1165949). - btrfs: refactor the ticket wakeup code (bsc#1165949). - btrfs: release metadata before running delayed refs (bsc##1165949). - btrfs: Remove btrfs_inode::delayed_iput_count (bsc#1165949). - btrfs: Remove fs_info from do_chunk_alloc (bsc#1165949). - btrfs: remove orig_bytes from reserve_ticket (bsc#1165949). - btrfs: Remove redundant argument of flush_space (bsc#1165949). - btrfs: rename btrfs_space_info_add_old_bytes (bsc#1165949). - btrfs: rename do_chunk_alloc to btrfs_chunk_alloc (bsc#1165949). - btrfs: rename the btrfs_calc_*_metadata_size helpers (bsc#1165949). - btrfs: replace cleaner_delayed_iput_mutex with a waitqueue (bsc#1165949). - btrfs: reserve delalloc metadata differently (bsc#1165949). - btrfs: reserve extra space during evict (bsc#1165949). - btrfs: reset max_extent_size on clear in a bitmap (bsc##1165949). - btrfs: reset max_extent_size properly (bsc##1165949). - btrfs: rework btrfs_check_space_for_delayed_refs (bsc#1165949). - btrfs: rework wake_all_tickets (bsc#1165949). - btrfs: roll tracepoint into btrfs_space_info_update helper (bsc#1165949). - btrfs: run btrfs_try_granting_tickets if a priority ticket fails (bsc#1165949). - btrfs: run delayed iput at unlink time (bsc#1165949). - btrfs: run delayed iputs before committing (bsc#1165949). - btrfs: set max_extent_size properly (bsc##1165949). - btrfs: stop partially refilling tickets when releasing space (bsc#1165949). - btrfs: stop using block_rsv_release_bytes everywhere (bsc#1165949). - btrfs: temporarily export btrfs_get_restripe_target (bsc#1165949). - btrfs: temporarily export fragment_free_space (bsc#1165949). - btrfs: temporarily export inc_block_group_ro (bsc#1165949). - btrfs: track DIO bytes in flight (bsc#1165949). - btrfs: unexport can_overcommit (bsc#1165949). - btrfs: unexport the temporary exported functions (bsc#1165949). - btrfs: unify error handling for ticket flushing (bsc#1165949). - btrfs: update may_commit_transaction to use the delayed refs rsv (bsc#1165949). - btrfs: use btrfs_try_granting_tickets in update_global_rsv (bsc#1165949). - btrfs: wait on caching when putting the bg cache (bsc#1165949). - btrfs: wait on ordered extents on abort cleanup (bsc#1165949). - btrfs: wakeup cleaner thread when adding delayed iput (bsc#1165949). - ceph: canonicalize server path in place (bsc#1168443). - ceph: remove the extra slashes in the server path (bsc#1168443). - cfg80211: check reg_rule for NULL in handle_channel_custom() (bsc#1051510). - cfg80211: check wiphy driver existence for drvinfo report (bsc#1051510). - cgroup: memcg: net: do not associate sock with unrelated cgroup (bsc#1167290). - cifs: add a debug macro that prints \\server\share for errors (bsc#1144333). - cifs: add missing mount option to /proc/mounts (bsc#1144333). - cifs: add new debugging macro cifs_server_dbg (bsc#1144333). - cifs: add passthrough for smb2 setinfo (bsc#1144333). - cifs: add SMB2_open() arg to return POSIX data (bsc#1144333). - cifs: add smb2 POSIX info level (bsc#1144333). - cifs: add SMB3 change notification support (bsc#1144333). - cifs: add support for fallocate mode 0 for non-sparse files (bsc#1144333). - cifs: Add support for setting owner info, dos attributes, and create time (bsc#1144333). - cifs: Add tracepoints for errors on flush or fsync (bsc#1144333). - cifs: Adjust indentation in smb2_open_file (bsc#1144333). - cifs: allow chmod to set mode bits using special sid (bsc#1144333). - cifs: Avoid doing network I/O while holding cache lock (bsc#1144333). - cifs: call wake_up(&server->response_q) inside of cifs_reconnect() (bsc#1144333). - cifs: Clean up DFS referral cache (bsc#1144333). - cifs: create a helper function to parse the query-directory response buffer (bsc#1144333). - cifs: do d_move in rename (bsc#1144333). - cifs: Do not display RDMA transport on reconnect (bsc#1144333). - cifs: do not ignore the SYNC flags in getattr (bsc#1144333). - cifs: do not leak -EAGAIN for stat() during reconnect (bsc#1144333). - cifs: do not use 'pre:' for MODULE_SOFTDEP (bsc#1144333). - cifs: enable change notification for SMB2.1 dialect (bsc#1144333). - cifs: fail i/o on soft mounts if sessionsetup errors out (bsc#1144333). - cifs: fix a comment for the timeouts when sending echos (bsc#1144333). - cifs: fix a white space issue in cifs_get_inode_info() (bsc#1144333). - cifs: fix dereference on ses before it is null checked (bsc#1144333). - cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1144333). - cifs: fix mode bits from dir listing when mounted with modefromsid (bsc#1144333). - cifs: Fix mode output in debugging statements (bsc#1144333). - cifs: Fix mount options set in automount (bsc#1144333). - cifs: fix NULL dereference in match_prepath (bsc#1144333). - cifs: Fix potential deadlock when updating vol in cifs_reconnect() (bsc#1144333). - cifs: fix potential mismatch of UNC paths (bsc#1144333). - cifs: fix rename() by ensuring source handle opened with DELETE bit (bsc#1144333). - cifs: Fix return value in __update_cache_entry (bsc#1144333). - cifs: fix soft mounts hanging in the reconnect code (bsc#1144333). - cifs: fix soft mounts hanging in the reconnect code (bsc#1144333). - cifs: Fix task struct use-after-free on reconnect (bsc#1144333). - cifs: fix unitialized variable poential problem with network I/O cache lock patch (bsc#1144333). - cifs: get mode bits from special sid on stat (bsc#1144333). - cifs: Get rid of kstrdup_const()'d paths (bsc#1144333). - cifs: handle prefix paths in reconnect (bsc#1144333). - cifs: ignore cached share root handle closing errors (bsc#1166780). - cifs: Introduce helpers for finding TCP connection (bsc#1144333). - cifs: log warning message (once) if out of disk space (bsc#1144333). - cifs: make sure we do not overflow the max EA buffer size (bsc#1144333). - cifs: make use of cap_unix(ses) in cifs_reconnect_tcon() (bsc#1144333). - cifs: Merge is_path_valid() into get_normalized_path() (bsc#1144333). - cifs: modefromsid: make room for 4 ACE (bsc#1144333). - cifs: modefromsid: write mode ACE first (bsc#1144333). - cifs: Optimize readdir on reparse points (bsc#1144333). - cifs: plumb smb2 POSIX dir enumeration (bsc#1144333). - cifs: potential unintitliazed error code in cifs_getattr() (bsc#1144333). - cifs: prepare SMB2_query_directory to be used with compounding (bsc#1144333). - cifs: print warning once if mounting with vers=1.0 (bsc#1144333). - cifs: refactor cifs_get_inode_info() (bsc#1144333). - cifs: remove redundant assignment to pointer pneg_ctxt (bsc#1144333). - cifs: remove redundant assignment to variable rc (bsc#1144333). - cifs: remove set but not used variables (bsc#1144333). - cifs: remove set but not used variable 'server' (bsc#1144333). - cifs: remove unused variable (bsc#1144333). - cifs: remove unused variable 'sid_user' (bsc#1144333). - cifs: rename a variable in SendReceive() (bsc#1144333). - cifs: rename posix create rsp (bsc#1144333). - cifs: replace various strncpy with strscpy and similar (bsc#1144333). - cifs: Return directly after a failed build_path_from_dentry() in cifs_do_create() (bsc#1144333). - cifs: set correct max-buffer-size for smb2_ioctl_init() (bsc#1144333). - cifs: smbd: Add messages on RDMA session destroy and reconnection (bsc#1144333). - cifs: smbd: Invalidate and deregister memory registration on re-send for direct I/O (bsc#1144333). - cifs: smbd: Only queue work for error recovery on memory registration (bsc#1144333). - cifs: smbd: Return -EAGAIN when transport is reconnecting (bsc#1144333). - cifs: smbd: Return -ECONNABORTED when trasnport is not in connected state (bsc#1144333). - cifs: smbd: Return -EINVAL when the number of iovs exceeds SMBDIRECT_MAX_SGE (bsc#1144333). - cifs: Use common error handling code in smb2_ioctl_query_info() (bsc#1144333). - cifs: use compounding for open and first query-dir for readdir() (bsc#1144333). - cifs: Use #define in cifs_dbg (bsc#1144333). - cifs: Use memdup_user() rather than duplicating its implementation (bsc#1144333). - cifs: use mod_delayed_work() for &server->reconnect if already queued (bsc#1144333). - cifs: use PTR_ERR_OR_ZERO() to simplify code (bsc#1144333). - clk: qcom: rcg: Return failure for RCG update (bsc#1051510). - cls_rsvp: fix rsvp_policy (networking-stable-20_02_05). - configfs: Fix bool initialization/comparison (bsc#1051510). - cpufreq: powernv: Fix unsafe notifiers (bsc#1065729). - cpufreq: powernv: Fix use-after-free (bsc#1065729). - cpufreq: Register drivers only after CPU devices have been registered (bsc#1051510). - cpuidle: Do not unset the driver if it is there already (bsc#1051510). - crypto: arm64/sha-ce - implement export/import (bsc#1051510). - crypto: mxs-dcp - fix scatterlist linearization for hash (bsc#1051510). - crypto: pcrypt - Fix user-after-free on module unload (git-fixes). - crypto: tcrypt - fix printed skcipher [a]sync mode (bsc#1051510). - debugfs: add support for more elaborate ->d_fsdata (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: call debugfs_real_fops() only after debugfs_file_get() (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: convert to debugfs_file_get() and -put() (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: debugfs_real_fops(): drop __must_hold sparse annotation (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: debugfs_use_start/finish do not exist anymore (bsc#1159198). Prerequisite for bsc#1159198. - debugfs: defer debugfs_fsdata allocation to first usage (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: fix debugfs_real_fops() build error (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: implement per-file removal protection (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: purge obsolete SRCU based removal protection (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: simplify __debugfs_remove_file() (bsc#1159198). Prerequisite for bsc#1159198. - Delete patches which cause regression (bsc#1165527 ltc#184149). - Deprecate NR_UNSTABLE_NFS, use NR_WRITEBACK (bsc#1163403). - device: Use overflow helpers for devm_kmalloc() (bsc#1166003). - dmaengine: coh901318: Fix a double lock bug in dma_tc_handle() (bsc#1051510). - dmaengine: ste_dma40: fix unneeded variable warning (bsc#1051510). - dm: fix incomplete request_queue initialization (bsc#1104967,bsc#1159142). - driver core: platform: fix u32 greater or equal to zero comparison (bsc#1051510). - driver core: platform: Prevent resouce overflow from causing infinite loops (bsc#1051510). - driver core: Print device when resources present in really_probe() (bsc#1051510). - drivers/md/raid5.c: use the new spelling of RWH_WRITE_LIFE_NOT_SET (bsc#1166003). - drivers/md/raid5: Do not disable irq on release_inactive_stripe_list() call (bsc#1166003). - drivers/md/raid5-ppl.c: use the new spelling of RWH_WRITE_LIFE_NOT_SET (bsc#1166003). - drivers/md/raid5: Use irqsave variant of atomic_dec_and_lock() (bsc#1166003). - drm/amd/display: remove duplicated assignment to grph_obj_type (bsc#1051510). - drm/amdkfd: fix a use after free race with mmu_notifer unregister (bsc#1114279) - drm: atmel-hlcdc: enable clock before configuring timing engine (bsc#1114279) - drm/bochs: downgrade pci_request_region failure from error to warning (bsc#1051510). - drm/bridge: dw-hdmi: fix AVI frame colorimetry (bsc#1051510). - drm_dp_mst_topology: fix broken drm_dp_sideband_parse_remote_dpcd_read() (bsc#1051510). - drm/drm_dp_mst:remove set but not used variable 'origlen' (bsc#1051510). - drm/etnaviv: fix dumping of iommuv2 (bsc#1114279) - drm/gma500: Fixup fbdev stolen size usage evaluation (bsc#1051510). - drm/i915/gvt: Separate display reset from ALL_ENGINES reset (bsc#1114279) - drm/i915/userptr: fix size calculation (bsc#1114279) - drm/i915/userptr: Try to acquire the page lock around (bsc#1114279) - drm/i915: Wean off drm_pci_alloc/drm_pci_free (bsc#1114279) - drm/mediatek: Add gamma property according to hardware capability (bsc#1114279) - drm/mediatek: disable all the planes in atomic_disable (bsc#1114279) - drm/mediatek: handle events when enabling/disabling crtc (bsc#1051510). - drm/mipi_dbi: Fix off-by-one bugs in mipi_dbi_blank() (bsc#1114279) - drm: msm: mdp4: Adjust indentation in mdp4_dsi_encoder_enable (bsc#1114279) - drm/msm: Set dma maximum segment size for mdss (bsc#1051510). - drm/msm: stop abusing dma_map/unmap for cache (bsc#1051510). - drm/msm: Use the correct dma_sync calls harder (bsc#1051510). - drm/msm: Use the correct dma_sync calls in msm_gem (bsc#1051510). - drm/nouveau/disp/nv50-: prevent oops when no channel method map provided (bsc#1051510). - drm/nouveau/gr/gk20a,gm200-: add terminators to method lists read from fw (bsc#1051510). - drm: rcar-du: Recognize 'renesas,vsps' in addition to 'vsps' (bsc#1114279) - drm: remove the newline for CRC source name (bsc#1051510). - dt-bindings: allow up to four clocks for orion-mdio (bsc#1051510). - EDAC/mc: Fix use-after-free and memleaks during device removal (bsc#1114279). - efi: Fix a race and a buffer overflow while reading efivars via sysfs (bsc#1164893). - ethtool: Factored out similar ethtool link settings for virtual devices to core (bsc#1136157 ltc#177197). - ext4: add cond_resched() to __ext4_find_entry() (bsc#1166862). - ext4: Avoid ENOSPC when avoiding to reuse recently deleted inodes (bsc#1165019). - ext4: Check for non-zero journal inum in ext4_calculate_overhead (bsc#1167288). - ext4: do not assume that mmp_nodename/bdevname have NUL (bsc#1166860). - ext4: fix a data race in EXT4_I(inode)->i_disksize (bsc#1166861). - ext4: fix incorrect group count in ext4_fill_super error message (bsc#1168765). - ext4: fix incorrect inodes per group in error message (bsc#1168764). - ext4: fix potential race between online resizing and write operations (bsc#1166864). - ext4: fix potential race between s_flex_groups online resizing and access (bsc#1166867). - ext4: fix potential race between s_group_info online resizing and access (bsc#1166866). - ext4: fix race between writepages and enabling EXT4_EXTENTS_FL (bsc#1166870). - ext4: fix support for inode sizes > 1024 bytes (bsc#1164284). - ext4: potential crash on allocation error in ext4_alloc_flex_bg_array() (bsc#1166940). - ext4: rename s_journal_flag_rwsem to s_writepages_rwsem (bsc#1166868). - ext4: validate the debug_want_extra_isize mount option at parse time (bsc#1163897). - fat: fix uninit-memory access for partial initialized inode (bsc#1051510). - fat: work around race with userspace's read via blockdev while mounting (bsc#1051510). - fbdev/g364fb: Fix build failure (bsc#1051510). - fbdev: potential information leak in do_fb_ioctl() (bsc#1114279) - fbmem: Adjust indentation in fb_prepare_logo and fb_blank (bsc#1114279) - fcntl: fix typo in RWH_WRITE_LIFE_NOT_SET r/w hint name (bsc#1166003). - fix memory leak in large read decrypt offload (bsc#1144333). - fs/cifs/cifssmb.c: use true,false for bool variable (bsc#1144333). - fs: cifs: cifsssmb: remove redundant assignment to variable ret (bsc#1144333). - fs: cifs: Initialize filesystem timestamp ranges (bsc#1144333). - fs: cifs: mute -Wunused-const-variable message (bsc#1144333). - fs/cifs/sess.c: Remove set but not used variable 'capabilities' (bsc#1144333). - fs/cifs/smb2ops.c: use true,false for bool variable (bsc#1144333). - fs/cifs/smb2pdu.c: Make SMB2_notify_init static (bsc#1144333). - fs/xfs: fix f_ffree value for statfs when project quota is set (bsc#1165985). - ftrace/kprobe: Show the maxactive number on kprobe_events (git-fixes). - gtp: make sure only SOCK_DGRAM UDP sockets are accepted (networking-stable-20_01_27). - gtp: use __GFP_NOWARN to avoid memalloc warning (networking-stable-20_02_05). - HID: apple: Add support for recent firmware on Magic Keyboards (bsc#1051510). - HID: core: fix off-by-one memset in hid_report_raw_event() (bsc#1051510). - HID: hiddev: Fix race in in hiddev_disconnect() (git-fixes). - hv_netvsc: Fix memory leak when removing rndis device (networking-stable-20_01_20). - hv_netvsc: pass netvsc_device to rndis halt - hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT() (bsc#1051510). - i2c: hix5hd2: add missed clk_disable_unprepare in remove (bsc#1051510). - i2c: jz4780: silence log flood on txabrt (bsc#1051510). - IB/hfi1: Close window for pq and request coliding (bsc#1060463 ). - IB/hfi1: convert to debugfs_file_get() and -put() (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - ibmvfc: do not send implicit logouts prior to NPIV login (bsc#1169625 ltc#184611). - ibmvfc: Fix NULL return compiler warning (bsc#1161951 ltc#183551). - ibmvnic: Do not process device remove during device reset (bsc#1065729). - ibmvnic: Warn unknown speed message only when carrier is present (bsc#1065729). - iio: gyro: adis16136: check ret val for non-zero vs less-than-zero (bsc#1051510). - iio: imu: adis16400: check ret val for non-zero vs less-than-zero (bsc#1051510). - iio: imu: adis: check ret val for non-zero vs less-than-zero (bsc#1051510). - iio: magnetometer: ak8974: Fix negative raw values in sysfs (bsc#1051510). - iio: potentiostat: lmp9100: fix iio_triggered_buffer_{predisable,postenable} positions (bsc#1051510). - Input: add safety guards to input_set_keycode() (bsc#1168075). - Input: avoid BIT() macro usage in the serio.h UAPI header (bsc#1051510). - Input: edt-ft5x06 - work around first register access error (bsc#1051510). - Input: raydium_i2c_ts - fix error codes in raydium_i2c_boot_trigger() (bsc#1051510). - Input: synaptics - enable RMI on HP Envy 13-ad105ng (bsc#1051510). - Input: synaptics - enable SMBus on ThinkPad L470 (bsc#1051510). - Input: synaptics - remove the LEN0049 dmi id from topbuttonpad list (bsc#1051510). - Input: synaptics - switch T470s to RMI4 by default (bsc#1051510). - intel_th: Fix user-visible error codes (bsc#1051510). - intel_th: pci: Add Elkhart Lake CPU support (bsc#1051510). - iommu/amd: Check feature support bit before accessing MSI capability registers (bsc#1166101). - iommu/amd: Fix the configuration of GCR3 table root pointer (bsc#1169057). - iommu/amd: Only support x2APIC with IVHD type 11h/40h (bsc#1166102). - iommu/dma: Fix MSI reservation allocation (bsc#1166730). - iommu/vt-d: dmar: replace WARN_TAINT with pr_warn + add_taint (bsc#1166731). - iommu/vt-d: Fix a bug in intel_iommu_iova_to_phys() for huge page (bsc#1166732). - iommu/vt-d: Fix compile warning from intel-svm.h (bsc#1166103). - iommu/vt-d: Fix the wrong printing in RHSA parsing (bsc#1166733). - iommu/vt-d: Ignore devices with out-of-spec domain number (bsc#1166734). - iommu/vt-d: quirk_ioat_snb_local_iommu: replace WARN_TAINT with pr_warn + add_taint (bsc#1166735). - ipmi:ssif: Handle a possible NULL pointer reference (bsc#1051510). - ipv4: ensure rcu_read_lock() in cipso_v4_error() (git-fixes). - ipvlan: do not add hardware address of master to its unicast filter list (bsc#1137325). - irqchip/bcm2835: Quiesce IRQs left enabled by bootloader (bsc#1051510). - irqdomain: Fix a memory leak in irq_domain_push_irq() (bsc#1051510). - iwlegacy: Fix -Wcast-function-type (bsc#1051510). - iwlwifi: mvm: Do not require PHY_SKU NVM section for 3168 devices (bsc#1166632). - iwlwifi: mvm: Fix thermal zone registration (bsc#1051510). - kABI: fixes for debugfs per-file removal protection backports (bsc#1159198 bsc#1109911). - kabi: invoke bpf_gen_ld_abs() directly (bsc#1158552). - kABI: restore debugfs_remove_recursive() (bsc#1159198). - kernel/module.c: Only return -EEXIST for modules that have finished loading (bsc#1165488). - kernel/module.c: wakeup processes in module_wq on module unload (bsc#1165488). - KVM: arm64: Store vcpu on the stack during __guest_enter() (bsc#1133021). - KVM: s390: do not clobber registers during guest reset/store status (bsc#1133021). - KVM: s390: ENOTSUPP -> EOPNOTSUPP fixups (bsc#1133021). - KVM: VMX: check descriptor table exits on instruction emulation (bsc#1166104). - l2tp: Allow duplicate session creation with UDP (networking-stable-20_02_05). - lcoking/rwsem: Add missing ACQUIRE to read_slowpath sleep loop (bsc#1050549). - libfs: fix infoleak in simple_attr_read() (bsc#1168881). - lib/raid6: add missing include for raid6test (bsc#1166003). - lib/raid6: add option to skip algo benchmarking (bsc#1166003). - lib/raid6/altivec: Add vpermxor implementation for raid6 Q syndrome (bsc#1166003). - lib/raid6: avoid __attribute_const__ redefinition (bsc#1166003). - locking/rwsem: Prevent decrement of reader count before increment (bsc#1050549). - mac80211: consider more elements in parsing CRC (bsc#1051510). - mac80211: Do not send mesh HWMP PREQ if HWMP is disabled (bsc#1051510). - mac80211: free peer keys before vif down in mesh (bsc#1051510). - mac80211: mesh: fix RCU warning (bsc#1051510). - mac80211: only warn once on chanctx_conf being NULL (bsc#1051510). - mac80211: rx: avoid RCU list traversal under mutex (bsc#1051510). - macsec: add missing attribute validation for port (bsc#1051510). - macsec: fix refcnt leak in module exit routine (bsc#1051510). - md: add __acquires/__releases annotations to handle_active_stripes (bsc#1166003). - md: add __acquires/__releases annotations to (un)lock_two_stripes (bsc#1166003). - md: add a missing endianness conversion in check_sb_changes (bsc#1166003). - md: add bitmap_abort label in md_run (bsc#1166003). - md: add feature flag MD_FEATURE_RAID0_LAYOUT (bsc#1166003). - md: allow last device to be forcibly removed from RAID1/RAID10 (bsc#1166003). - md: avoid invalid memory access for array sb->dev_roles (bsc#1166003). - md/bitmap: avoid race window between md_bitmap_resize and bitmap_file_clear_bit (bsc#1166003). - md-bitmap: create and destroy wb_info_pool with the change of backlog (bsc#1166003). - md-bitmap: create and destroy wb_info_pool with the change of bitmap (bsc#1166003). - md-bitmap: small cleanups (bsc#1166003). - md/bitmap: use mddev_suspend/resume instead of ->quiesce() (bsc#1166003). - md-cluster/bitmap: do not call md_bitmap_sync_with_cluster during reshaping stage (bsc#1166003). - md-cluster: introduce resync_info_get interface for sanity check (bsc#1166003). - md-cluster/raid10: call update_size in md_reap_sync_thread (bsc#1166003). - md-cluster/raid10: do not call remove_and_add_spares during reshaping stage (bsc#1166003). - md-cluster/raid10: resize all the bitmaps before start reshape (bsc#1166003). - md-cluster/raid10: support add disk under grow mode (bsc#1166003). - md-cluster: remove suspend_info (bsc#1166003). - md-cluster: send BITMAP_NEEDS_SYNC message if reshaping is interrupted (bsc#1166003). - md: convert to kvmalloc (bsc#1166003). - md: do not call spare_active in md_reap_sync_thread if all member devices can't work (bsc#1166003). - md: do not set In_sync if array is frozen (bsc#1166003). - md: fix an error code format and remove unsed bio_sector (bsc#1166003). - md: fix a typo s/creat/create (bsc#1166003). - md: fix for divide error in status_resync (bsc#1166003). - md: fix spelling typo and add necessary space (bsc#1166003). - md: introduce mddev_create/destroy_wb_pool for the change of member device (bsc#1166003). - md: introduce new personality funciton start() (bsc#1166003). - md-linear: use struct_size() in kzalloc() (bsc#1166003). - md: Make bio_alloc_mddev use bio_alloc_bioset (bsc#1166003). - md: make sure desc_nr less than MD_SB_DISKS (bsc#1166003). - md: md.c: Return -ENODEV when mddev is NULL in rdev_attr_show (bsc#1166003). - md: no longer compare spare disk superblock events in super_load (bsc#1166003). - md/r5cache: remove redundant pointer bio (bsc#1166003). - md/raid0: Fix an error message in raid0_make_request() (bsc#1166003). - md raid0/linear: Mark array as 'broken' and fail BIOs if a member is gone (bsc#1166003). - md/raid10: end bio when the device faulty (bsc#1166003). - md/raid10: Fix raid10 replace hang when new added disk faulty (bsc#1166003). - md/raid10: prevent access of uninitialized resync_pages offset (bsc#1166003). - md/raid10: read balance chooses idlest disk for SSD (bsc#1166003). - md: raid10: Use struct_size() in kmalloc() (bsc#1166003). - md/raid1: avoid soft lockup under high load (bsc#1166003). - md: raid1: check rdev before reference in raid1_sync_request func (bsc#1166003). - md/raid1: end bio when the device faulty (bsc#1166003). - md/raid1: fail run raid1 array when active disk less than one (bsc#1166003). - md/raid1: Fix a warning message in remove_wb() (bsc#1166003). - md/raid1: fix potential data inconsistency issue with write behind device (bsc#1166003). - md/raid1: get rid of extra blank line and space (bsc#1166003). - md/raid5: Assigning NULL to sh->batch_head before testing bit R5_Overlap of a stripe (bsc#1166003). - md/raid5: use bio_end_sector to calculate last_sector (bsc#1166003). - md/raid6: fix algorithm choice under larger PAGE_SIZE (bsc#1166003). - md/raid6: implement recovery using ARM NEON intrinsics (bsc#1166003). - md: remove a bogus comment (bsc#1166003). - md: remove redundant code that is no longer reachable (bsc#1166003). - md: remove set but not used variable 'bi_rdev' (bsc#1166003). - md: rename wb stuffs (bsc#1166003). - md: return -ENODEV if rdev has no mddev assigned (bsc#1166003). - md: use correct type in super_1_load (bsc#1166003). - md: use correct type in super_1_sync (bsc#1166003). - md: use correct types in md_bitmap_print_sb (bsc#1166003). - media: dib0700: fix rc endpoint lookup (bsc#1051510). - media: flexcop-usb: fix endpoint sanity check (git-fixes). - media: go7007: Fix URB type for interrupt handling (bsc#1051510). - media: ov519: add missing endpoint sanity checks (bsc#1168829). - media: ov6650: Fix .get_fmt() V4L2_SUBDEV_FORMAT_TRY support (bsc#1051510). - media: ov6650: Fix some format attributes not under control (bsc#1051510). - media: ov6650: Fix stored crop rectangle not in sync with hardware (bsc#1051510). - media: ov6650: Fix stored frame format not in sync with hardware (bsc#1051510). - media: stv06xx: add missing descriptor sanity checks (bsc#1168854). - media: tda10071: fix unsigned sign extension overflow (bsc#1051510). - media: usbtv: fix control-message timeouts (bsc#1051510). - media: uvcvideo: Refactor teardown of uvc on USB disconnect (bsc#1164507). - media: v4l2-core: fix entity initialization in device_register_subdev (bsc#1051510). - media: vsp1: tidyup VI6_HGT_LBn_H() macro (bsc#1051510). - media: xirlink_cit: add missing descriptor sanity checks (bsc#1051510). - mfd: dln2: Fix sanity checking for endpoints (bsc#1051510). - misc: pci_endpoint_test: Fix to support > 10 pci-endpoint-test devices (bsc#1051510). - mmc: sdhci-of-at91: fix cd-gpios for SAMA5D2 (bsc#1051510). - mm/filemap.c: do not initiate writeback if mapping has no dirty pages (bsc#1168884). - mm/memory_hotplug.c: only respect mem= parameter during boot stage (bsc#1065600). - MM: replace PF_LESS_THROTTLE with PF_LOCAL_THROTTLE (bsc#1163403). - mm: Use overflow helpers in kvmalloc() (bsc#1166003). - mwifiex: set needed_headroom, not hard_header_len (bsc#1051510). - net: core: another layer of lists, around PF_MEMALLOC skb handling (bsc#1050549). - net: cxgb3_main: Add CAP_NET_ADMIN check to CHELSIO_GET_MEM (networking-stable-20_01_27). - net: dsa: mv88e6xxx: Preserve priority when setting CPU port (networking-stable-20_01_11). - net: dsa: tag_qca: fix doubled Tx statistics (networking-stable-20_01_20). - net: dsa: tag_qca: Make sure there is headroom for tag (networking-stable-20_02_19). - net: ena: Add PCI shutdown handler to allow safe kexec (bsc#1167421, bsc#1167423). - net/ethtool: Introduce link_ksettings API for virtual network devices (bsc#1136157 ltc#177197). - netfilter: conntrack: sctp: use distinct states for new SCTP connections (bsc#1159199). - net: hns: fix soft lockup when there is not enough memory (networking-stable-20_01_20). - net: hsr: fix possible NULL deref in hsr_handle_frame() (networking-stable-20_02_05). - net: ip6_gre: fix moving ip6gre between namespaces (networking-stable-20_01_27). - net, ip6_tunnel: fix namespaces move (networking-stable-20_01_27). - net, ip_tunnel: fix namespaces move (networking-stable-20_01_27). - net: macb: Limit maximum GEM TX length in TSO (networking-stable-20_02_09). - net: macb: Remove unnecessary alignment check for TSO (networking-stable-20_02_09). - net/mlxfw: Verify FSM error code translation does not exceed array size (bsc#1051858). - net: mvneta: move rx_dropped and rx_errors in per-cpu stats (networking-stable-20_02_09). - net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL (bsc#1051510). - net: nfc: fix bounds checking bugs on 'pipe' (bsc#1051510). - net: phy: micrel: kszphy_resume(): add delay after genphy_resume() before accessing PHY registers (bsc#1051510). - net: rtnetlink: validate IFLA_MTU attribute in rtnl_create_link() (networking-stable-20_01_27). - net_sched: ematch: reject invalid TCF_EM_SIMPLE (networking-stable-20_01_30). - net_sched: fix an OOB access in cls_tcindex (networking-stable-20_02_05). - net_sched: fix a resource leak in tcindex_set_parms() (networking-stable-20_02_09). - net_sched: fix datalen for ematch (networking-stable-20_01_27). - net/sched: flower: add missing validation of TCA_FLOWER_FLAGS (networking-stable-20_02_19). - net_sched: keep alloc_hash updated after hash allocation (git-fixes). - net/sched: matchall: add missing validation of TCA_MATCHALL_FLAGS (networking-stable-20_02_19). - net: sch_prio: When ungrafting, replace with FIFO (networking-stable-20_01_11). - net/smc: add fallback check to connect() (git-fixes). - net/smc: fix leak of kernel memory to user space (networking-stable-20_02_19). - net/smc: fix refcount non-blocking connect() -part 2 (git-fixes). - net: stmmac: Delete txtimer in suspend() (networking-stable-20_02_05). - net: stmmac: dwmac-sunxi: Allow all RGMII modes (networking-stable-20_01_11). - net-sysfs: Fix reference count leak (networking-stable-20_01_27). - net: systemport: Avoid RBUF stuck in Wake-on-LAN mode (networking-stable-20_02_09). - net: usb: lan78xx: Add .ndo_features_check (networking-stable-20_01_27). - net: usb: lan78xx: fix possible skb leak (networking-stable-20_01_11). - net/wan/fsl_ucc_hdlc: fix out of bounds write on array utdm_info (networking-stable-20_01_20). - NFC: fdp: Fix a signedness bug in fdp_nci_send_patch() (bsc#1051510). - NFC: pn544: Fix a typo in a debug message (bsc#1051510). - NFC: port100: Convert cpu_to_le16(le16_to_cpu(E1) + E2) to use le16_add_cpu() (bsc#1051510). - NFS: send state management on a single connection (bsc#1167005). - nvme-multipath: fix possible I/O hang when paths are updated (bsc#1158983). - objtool: Add is_static_jump() helper (bsc#1169514). - objtool: Add relocation check for alternative sections (bsc#1169514). - OMAP: DSS2: remove non-zero check on variable r (bsc#1114279) - orinoco: avoid assertion in case of NULL pointer (bsc#1051510). - padata: always acquire cpu_hotplug_lock before pinst->lock (git-fixes). - partitions/efi: Fix partition name parsing in GUID partition entry (bsc#1168763). - PCI/ASPM: Clear the correct bits when enabling L1 substates (bsc#1051510). - PCI: endpoint: Fix clearing start entry in configfs (bsc#1051510). - PCI: pciehp: Fix MSI interrupt race (bsc#1159037). - PCI/switchtec: Fix init_completion race condition with poll_wait() (bsc#1051510). - perf/amd/uncore: Replace manual sampling check with CAP_NO_INTERRUPT flag (bsc#1114279). - perf: qcom_l2: fix column exclusion check (git-fixes). - pinctrl: baytrail: Do not clear IRQ flags on direct-irq enabled pins (bsc#1051510). - pinctrl: core: Remove extra kref_get which blocks hogs being freed (bsc#1051510). - pinctrl: sh-pfc: sh7264: Fix CAN function GPIOs (bsc#1051510). - pinctrl: sh-pfc: sh7269: Fix CAN function GPIOs (bsc#1051510). - pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM (networking-stable-20_01_11). - platform/x86: pmc_atom: Add Lex 2I385SW to critclk_systems DMI table (bsc#1051510). - PM: core: Fix handling of devices deleted during system-wide resume (git-fixes). - powerpc/64: mark start_here_multiplatform as __ref (bsc#1148868). - powerpc/64s: Fix section mismatch warnings from boot code (bsc#1148868). - powerpc/64/tm: Do not let userspace set regs->trap via sigreturn (bsc#1118338 ltc#173734). - powerpc: fix hardware PMU exception bug on PowerVM compatibility mode systems (bsc#1056686). - powerpc/hash64/devmap: Use H_PAGE_THP_HUGE when setting up huge devmap PTE entries (bsc#1065729). - powerpc/kprobes: Ignore traps that happened in real mode (bsc#1065729). - powerpc/mm: Fix section mismatch warning in stop_machine_change_mapping() (bsc#1148868). - powerpc/pseries: Avoid NULL pointer dereference when drmem is unavailable (bsc#1160659). - powerpc/pseries: group lmb operation and memblock's (bsc#1165404 ltc#183498). - powerpc/pseries/memory-hotplug: Only update DT once per memory DLPAR request (bsc#1165404 ltc#183498). - powerpc/pseries: update device tree before ejecting hotplug uevents (bsc#1165404 ltc#183498). - powerpc/smp: Use nid as fallback for package_id (bsc#1165813 ltc#184091). - powerpc/vmlinux.lds: Explicitly retain .gnu.hash (bsc#1148868). - powerpc/xive: Replace msleep(x) with msleep(OPAL_BUSY_DELAY_MS) (bsc#1085030). - powerpc/xive: Use XIVE_BAD_IRQ instead of zero to catch non configured IPIs (bsc#1085030). - pwm: bcm2835: Dynamically allocate base (bsc#1051510). - pwm: meson: Fix confusing indentation (bsc#1051510). - pwm: pca9685: Fix PWM/GPIO inter-operation (bsc#1051510). - pwm: rcar: Fix late Runtime PM enablement (bsc#1051510). - pwm: renesas-tpu: Fix late Runtime PM enablement (bsc#1051510). - pxa168fb: fix release function mismatch in probe failure (bsc#1051510). - qmi_wwan: re-add DW5821e pre-production variant (bsc#1051510). - qmi_wwan: unconditionally reject 2 ep interfaces (bsc#1051510). - raid10: refactor common wait code from regular read/write request (bsc#1166003). - raid1: factor out a common routine to handle the completion of sync write (bsc#1166003). - raid1: simplify raid1_error function (bsc#1166003). - raid1: use an int as the return value of raise_barrier() (bsc#1166003). - raid5: block failing device if raid will be failed (bsc#1166003). - raid5-cache: Need to do start() part job after adding journal device (bsc#1166003). - raid5: copy write hint from origin bio to stripe (bsc#1166003). - raid5: do not increment read_errors on EILSEQ return (bsc#1166003). - raid5: do not set STRIPE_HANDLE to stripe which is in batch list (bsc#1166003). - raid5 improve too many read errors msg by adding limits (bsc#1166003). - raid5: need to set STRIPE_HANDLE for batch head (bsc#1166003). - raid5: remove STRIPE_OPS_REQ_PENDING (bsc#1166003). - raid5: remove worker_cnt_per_group argument from alloc_thread_groups (bsc#1166003). - raid5: set write hint for PPL (bsc#1166003). - raid5: use bio_end_sector in r5_next_bio (bsc#1166003). - raid6/test: fix a compilation error (bsc#1166003). - raid6/test: fix a compilation warning (bsc#1166003). - remoteproc: Initialize rproc_class before use (bsc#1051510). - rtlwifi: rtl8192de: Fix missing callback that tests for hw release of buffer (git-fixes). - rtlwifi: rtl_pci: Fix -Wcast-function-type (bsc#1051510). - rxrpc: Fix insufficient receive notification generation (networking-stable-20_02_05). - s390/mm: fix dynamic pagetable upgrade for hugetlbfs (bsc#1165182 LTC#184102). - scsi: core: avoid repetitive logging of device offline messages (bsc#1145929). - scsi: core: kABI fix offline_already (bsc#1145929). - scsi: fnic: do not queue commands during fwreset (bsc#1146539). - scsi: ibmvfc: Add failed PRLI to cmd_status lookup array (bsc#1161951 ltc#183551). - scsi: ibmvfc: Avoid loss of all paths during SVC node reboot (bsc#1161951 ltc#183551). - scsi: ibmvfc: Byte swap status and error codes when logging (bsc#1161951 ltc#183551). - scsi: ibmvfc: Clean up transport events (bsc#1161951 ltc#183551). - scsi: ibmvfc: constify dev_pm_ops structures (bsc#1161951 ltc#183551). - scsi: ibmvfc: Do not call fc_block_scsi_eh() on host reset (bsc#1161951 ltc#183551). - scsi: ibmvfc: Fix NULL return compiler warning (bsc#1161951 ltc#183551). Refresh sorted patches. - scsi: ibmvfc: ibmvscsi: ibmvscsi_tgt: constify vio_device_id (bsc#1161951 ltc#183551). - scsi: ibmvfc: Mark expected switch fall-throughs (bsc#1161951 ltc#183551). - scsi: ibmvfc: Remove 'failed' from logged errors (bsc#1161951 ltc#183551). - scsi: ibmvfc: Remove unneeded semicolons (bsc#1161951 ltc#183551). - scsi: ibmvscsi: change strncpy+truncation to strlcpy (bsc#1161951 ltc#183551). - scsi: ibmvscsi: constify dev_pm_ops structures (bsc#1161951 ltc#183551). - scsi: ibmvscsi: Do not use rc uninitialized in ibmvscsi_do_work (bsc#1161951 ltc#183551). - scsi: ibmvscsi: fix tripping of blk_mq_run_hw_queue WARN_ON (bsc#1161951 ltc#183551). - scsi: ibmvscsi: Improve strings handling (bsc#1161951 ltc#183551). - scsi: ibmvscsi: redo driver work thread to use enum action states (bsc#1161951 ltc#183551). - scsi: ibmvscsi: Wire up host_reset() in the driver's scsi_host_template (bsc#1161951 ltc#183551). - scsi: qla2xxx: Add 16.0GT for PCI String (bsc#1157424). - scsi: qla2xxx: Add beacon LED config sysfs interface (bsc#1157424). - scsi: qla2xxx: Add changes in preparation for vendor extended FDMI/RDP (bsc#1157424). - scsi: qla2xxx: Add deferred queue for processing ABTS and RDP (bsc#1157424). - scsi: qla2xxx: Add endianizer macro calls to fc host stats (bsc#1157424). - scsi: qla2xxx: Add fixes for mailbox command (bsc#1157424). - scsi: qla2xxx: add more FW debug information (bsc#1157424). - scsi: qla2xxx: Add ql2xrdpenable module parameter for RDP (bsc#1157424). - scsi: qla2xxx: Add sysfs node for D-Port Diagnostics AEN data (bsc#1157424). - scsi: qla2xxx: Add vendor extended FDMI commands (bsc#1157424). - scsi: qla2xxx: Add vendor extended RDP additions and amendments (bsc#1157424). - scsi: qla2xxx: Avoid setting firmware options twice in 24xx_update_fw_options (bsc#1157424). - scsi: qla2xxx: Check locking assumptions at runtime in qla2x00_abort_srb() (bsc#1157424). - scsi: qla2xxx: Cleanup ELS/PUREX iocb fields (bsc#1157424). - scsi: qla2xxx: Convert MAKE_HANDLE() from a define into an inline function (bsc#1157424). - scsi: qla2xxx: Correction to selection of loopback/echo test (bsc#1157424). - scsi: qla2xxx: Display message for FCE enabled (bsc#1157424). - scsi: qla2xxx: Fix control flags for login/logout IOCB (bsc#1157424). - scsi: qla2xxx: Fix FCP-SCSI FC4 flag passing error (bsc#1157424). - scsi: qla2xxx: fix FW resource count values (bsc#1157424). - scsi: qla2xxx: Fix I/Os being passed down when FC device is being deleted (bsc#1157424). - scsi: qla2xxx: Fix NPIV instantiation after FW dump (bsc#1157424). - scsi: qla2xxx: Fix qla2x00_echo_test() based on ISP type (bsc#1157424). - scsi: qla2xxx: Fix RDP respond data format (bsc#1157424). - scsi: qla2xxx: Fix RDP response size (bsc#1157424). - scsi: qla2xxx: Fix sparse warning reported by kbuild bot (bsc#1157424). - scsi: qla2xxx: Fix sparse warnings triggered by the PCI state checking code (bsc#1157424). - scsi: qla2xxx: Force semaphore on flash validation failure (bsc#1157424). - scsi: qla2xxx: Handle cases for limiting RDP response payload length (bsc#1157424). - scsi: qla2xxx: Handle NVME status iocb correctly (bsc#1157424). - scsi: qla2xxx: Improved secure flash support messages (bsc#1157424). - scsi: qla2xxx: Move free of fcport out of interrupt context (bsc#1157424). - scsi: qla2xxx: Print portname for logging in qla24xx_logio_entry() (bsc#1157424). - scsi: qla2xxx: Remove restriction of FC T10-PI and FC-NVMe (bsc#1157424). - scsi: qla2xxx: Return appropriate failure through BSG Interface (bsc#1157424). - scsi: qla2xxx: Save rscn_gen for new fcport (bsc#1157424). - scsi: qla2xxx: Serialize fc_port alloc in N2N (bsc#1157424). - scsi: qla2xxx: Set Nport ID for N2N (bsc#1157424). - scsi: qla2xxx: Show correct port speed capabilities for RDP command (bsc#1157424). - scsi: qla2xxx: Simplify the code for aborting SCSI commands (bsc#1157424). - scsi: qla2xxx: Suppress endianness complaints in qla2x00_configure_local_loop() (bsc#1157424). - scsi: qla2xxx: Update BPM enablement semantics (bsc#1157424). - scsi: qla2xxx: Update driver version to 10.01.00.24-k (bsc#1157424). - scsi: qla2xxx: Update driver version to 10.01.00.25-k (bsc#1157424). - scsi: qla2xxx: Use a dedicated interrupt handler for 'handshake-required' ISPs (bsc#1157424). - scsi: qla2xxx: Use correct ISP28xx active FW region (bsc#1157424). - scsi: qla2xxx: Use endian macros to assign static fields in fwdump header (bsc#1157424). - scsi: qla2xxx: Use FC generic update firmware options routine for ISP27xx (bsc#1157424). - scsi: qla2xxx: Use QLA_FW_STOPPED macro to propagate flag (bsc#1157424). - scsi: tcm_qla2xxx: Make qlt_alloc_qfull_cmd() set cmd->se_cmd.map_tag (bsc#1157424). - sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY (networking-stable-20_01_11). - serdev: ttyport: restore client ops on deregistration (bsc#1051510). - smb3: add debug messages for closing unmatched open (bsc#1144333). - smb3: Add defines for new information level, FileIdInformation (bsc#1144333). - smb3: add dynamic tracepoints for flush and close (bsc#1144333). - smb3: add missing flag definitions (bsc#1144333). - smb3: Add missing reparse tags (bsc#1144333). - smb3: add missing worker function for SMB3 change notify (bsc#1144333). - smb3: add mount option to allow forced caching of read only share (bsc#1144333). - smb3: add mount option to allow RW caching of share accessed by only 1 client (bsc#1144333). - smb3: add one more dynamic tracepoint missing from strict fsync path (bsc#1144333). - smb3: add some more descriptive messages about share when mounting cache=ro (bsc#1144333). - smb3: allow decryption keys to be dumped by admin for debugging (bsc#1144333). - smb3: allow disabling requesting leases (bsc#1144333). - smb3: allow parallelizing decryption of reads (bsc#1144333). - smb3: allow skipping signature verification for perf sensitive configurations (bsc#1144333). - SMB3: Backup intent flag missing from some more ops (bsc#1144333). - smb3: cleanup some recent endian errors spotted by updated sparse (bsc#1144333). - smb3: display max smb3 requests in flight at any one time (bsc#1144333). - smb3: dump in_send and num_waiters stats counters by default (bsc#1144333). - smb3: enable offload of decryption of large reads via mount option (bsc#1144333). - smb3: fix default permissions on new files when mounting with modefromsid (bsc#1144333). - smb3: fix mode passed in on create for modetosid mount option (bsc#1144333). - smb3: fix performance regression with setting mtime (bsc#1144333). - smb3: fix potential null dereference in decrypt offload (bsc#1144333). - smb3: fix problem with null cifs super block with previous patch (bsc#1144333). - smb3: Fix regression in time handling (bsc#1144333). - smb3: improve check for when we send the security descriptor context on create (bsc#1144333). - smb3: log warning if CSC policy conflicts with cache mount option (bsc#1144333). - smb3: missing ACL related flags (bsc#1144333). - smb3: only offload decryption of read responses if multiple requests (bsc#1144333). - smb3: pass mode bits into create calls (bsc#1144333). - smb3: print warning once if posix context returned on open (bsc#1144333). - smb3: query attributes on file close (bsc#1144333). - smb3: remove noisy debug message and minor cleanup (bsc#1144333). - smb3: remove unused flag passed into close functions (bsc#1144333). - staging: ccree: use signal safe completion wait (git-fixes). - staging: rtl8188eu: Add ASUS USB-N10 Nano B1 to device table (bsc#1051510). - staging: rtl8188eu: Fix potential overuse of kernel memory (bsc#1051510). - staging: rtl8188eu: Fix potential security hole (bsc#1051510). - staging: rtl8723bs: Fix potential overuse of kernel memory (bsc#1051510). - staging: rtl8723bs: Fix potential security hole (bsc#1051510). - staging: vt6656: fix sign of rx_dbm to bb_pre_ed_rssi (bsc#1051510). - staging: wlan-ng: fix ODEBUG bug in prism2sta_disconnect_usb (bsc#1051510). - staging: wlan-ng: fix use-after-free Read in hfa384x_usbin_callback (bsc#1051510). - SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202). - tcp_bbr: improve arithmetic division in bbr_update_bw() (networking-stable-20_01_27). - tcp: clear tp->data_segs{in|out} in tcp_disconnect() (networking-stable-20_02_05). - tcp: clear tp->delivered in tcp_disconnect() (networking-stable-20_02_05). - tcp: clear tp->segs_{in|out} in tcp_disconnect() (networking-stable-20_02_05). - tcp: clear tp->total_retrans in tcp_disconnect() (networking-stable-20_02_05). - tcp: fix marked lost packets not being retransmitted (networking-stable-20_01_20). - tcp: fix 'old stuff' D-SACK causing SACK to be treated as D-SACK (networking-stable-20_01_11). - thermal: devfreq_cooling: inline all stubs for CONFIG_DEVFREQ_THERMAL=n (bsc#1051510). - thunderbolt: Prevent crash if non-active NVMem file is read (git-fixes). - tick: broadcast-hrtimer: Fix a race in bc_set_next (bsc#1044231). - tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure (git-fixes). - tools: Update include/uapi/linux/fcntl.h copy from the kernel (bsc#1166003). - tpm: ibmvtpm: Wait for buffer to be set before proceeding (bsc#1065729). - tty: evh_bytechan: Fix out of bounds accesses (bsc#1051510). - ttyprintk: fix a potential deadlock in interrupt context issue (git-fixes). - tty/serial: atmel: manage shutdown in case of RS485 or ISO7816 mode (bsc#1051510). - tty: serial: imx: setup the correct sg entry for tx dma (bsc#1051510). - USB: cdc-acm: fix rounding error in TIOCSSERIAL (git-fixes). - USB: core: add endpoint-blacklist quirk (git-fixes). - USB: core: hub: do error out if usb_autopm_get_interface() fails (git-fixes). - USB: core: port: do error out if usb_autopm_get_interface() fails (git-fixes). - USB: Disable LPM on WD19's Realtek Hub (git-fixes). - USB: dwc2: Fix in ISOC request length checking (git-fixes). - USB: Fix novation SourceControl XL after suspend (git-fixes). - USB: gadget: composite: Fix bMaxPower for SuperSpeedPlus (git-fixes). - USB: gadget: f_fs: Fix use after free issue as part of queue failure (bsc#1051510). - USB: host: xhci-plat: add a shutdown (git-fixes). - USB: host: xhci: update event ring dequeue pointer on purpose (git-fixes). - USB: hub: Do not record a connect-change event during reset-resume (git-fixes). - usbip: Fix uninitialized symbol 'nents' in stub_recv_cmd_submit() (git-fixes). - USB: misc: iowarrior: add support for 2 OEMed devices (git-fixes). - USB: misc: iowarrior: add support for the 100 device (git-fixes). - USB: misc: iowarrior: add support for the 28 and 28L devices (git-fixes). - USB: musb: Disable pullup at init (git-fixes). - USB: musb: fix crash with highmen PIO and usbmon (bsc#1051510). - USB: quirks: add NO_LPM quirk for Logitech Screen Share (git-fixes). - USB: quirks: add NO_LPM quirk for RTL8153 based ethernet adapters (git-fixes). - USB: quirks: blacklist duplicate ep on Sound Devices USBPre2 (git-fixes). - USB: serial: io_edgeport: fix slab-out-of-bounds read in edge_interrupt_callback (bsc#1051510). - USB: serial: option: add ME910G1 ECM composition 0x110b (git-fixes). - USB: serial: pl2303: add device-id for HP LD381 (git-fixes). - USB: storage: Add quirk for Samsung Fit flash (git-fixes). - USB: uas: fix a plug & unplug racing (git-fixes). - USB: xhci: apply XHCI_SUSPEND_DELAY to AMD XHCI controller 1022:145c (git-fixes). - uvcvideo: Refactor teardown of uvc on USB disconnect (bsc#1164507) - vgacon: Fix a UAF in vgacon_invert_region (bsc#1114279) - virtio-blk: fix hw_queue stopped on arbitrary error (git-fixes). - vlan: fix memory leak in vlan_dev_set_egress_priority (networking-stable-20_01_11). - vlan: vlan_changelink() should propagate errors (networking-stable-20_01_11). - vxlan: fix tos value before xmit (networking-stable-20_01_11). - x86/cpu/amd: Enable the fixed Instructions Retired counter IRPERF (bsc#1114279). - x86/mce/amd: Fix kobject lifetime (bsc#1114279). - x86/mce/amd: Publish the bank pointer only after setup has succeeded (bsc#1114279). - x86/mce: Fix logic and comments around MSR_PPIN_CTL (bsc#1114279). - x86/mm: Split vmalloc_sync_all() (bsc#1165741). - x86/pkeys: Manually set X86_FEATURE_OSPKE to preserve existing changes (bsc#1114279). - xen/blkfront: fix memory allocation flags in blkfront_setup_indirect() (bsc#1168486). - xfs: also remove cached ACLs when removing the underlying attr (bsc#1165873). - xfs: bulkstat should copy lastip whenever userspace supplies one (bsc#1165984). - xhci: apply XHCI_PME_STUCK_QUIRK to Intel Comet Lake platforms (git-fixes). - xhci: Do not open code __print_symbolic() in xhci trace events (git-fixes). - xhci: fix runtime pm enabling for quirky Intel hosts (bsc#1051510). - xhci: Force Maximum Packet size for Full-speed bulk devices to valid range (bsc#1051510). Important SUSE bug 1044231 SUSE bug 1050549 SUSE bug 1051510 SUSE bug 1051858 SUSE bug 1056686 SUSE bug 1060463 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1083647 SUSE bug 1085030 SUSE bug 1104967 SUSE bug 1109911 SUSE bug 1114279 SUSE bug 1118338 SUSE bug 1120386 SUSE bug 1133021 SUSE bug 1136157 SUSE bug 1137325 SUSE bug 1144333 SUSE bug 1145051 SUSE bug 1145929 SUSE bug 1146539 SUSE bug 1148868 SUSE bug 1154385 SUSE bug 1157424 SUSE bug 1158552 SUSE bug 1158983 SUSE bug 1159037 SUSE bug 1159142 SUSE bug 1159198 SUSE bug 1159199 SUSE bug 1159285 SUSE bug 1160659 SUSE bug 1161951 SUSE bug 1162929 SUSE bug 1162931 SUSE bug 1163403 SUSE bug 1163508 SUSE bug 1163897 SUSE bug 1164078 SUSE bug 1164284 SUSE bug 1164507 SUSE bug 1164893 SUSE bug 1165019 SUSE bug 1165111 SUSE bug 1165182 SUSE bug 1165404 SUSE bug 1165488 SUSE bug 1165527 SUSE bug 1165741 SUSE bug 1165813 SUSE bug 1165873 SUSE bug 1165949 SUSE bug 1165984 SUSE bug 1165985 SUSE bug 1166003 SUSE bug 1166101 SUSE bug 1166102 SUSE bug 1166103 SUSE bug 1166104 SUSE bug 1166632 SUSE bug 1166730 SUSE bug 1166731 SUSE bug 1166732 SUSE bug 1166733 SUSE bug 1166734 SUSE bug 1166735 SUSE bug 1166780 SUSE bug 1166860 SUSE bug 1166861 SUSE bug 1166862 SUSE bug 1166864 SUSE bug 1166866 SUSE bug 1166867 SUSE bug 1166868 SUSE bug 1166870 SUSE bug 1166940 SUSE bug 1167005 SUSE bug 1167288 SUSE bug 1167290 SUSE bug 1167316 SUSE bug 1167421 SUSE bug 1167423 SUSE bug 1167629 SUSE bug 1168075 SUSE bug 1168202 SUSE bug 1168276 SUSE bug 1168295 SUSE bug 1168424 SUSE bug 1168443 SUSE bug 1168486 SUSE bug 1168760 SUSE bug 1168762 SUSE bug 1168763 SUSE bug 1168764 SUSE bug 1168765 SUSE bug 1168829 SUSE bug 1168854 SUSE bug 1168881 SUSE bug 1168884 SUSE bug 1168952 SUSE bug 1169057 SUSE bug 1169390 SUSE bug 1169514 SUSE bug 1169625 CVE-2019-19768 CVE-2019-19770 CVE-2019-3701 CVE-2019-9458 CVE-2020-10942 CVE-2020-11494 CVE-2020-11669 CVE-2020-8647 CVE-2020-8649 CVE-2020-8834 CVE-2020-9383 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_51 fixes several issues. The following security issues were fixed: - CVE-2020-12653: Fixed a buffer overflow in mwifiex_cmd_append_vsie_tlv() which could have allowed local users to gain privileges or cause a denial of service (bsc#1171254). - CVE-2020-12654: Fixed a heap-based buffer overflow in mwifiex_ret_wmm_get_status() which could have been triggered by a remote AP to trigger (bsc#1171252). - CVE-2020-1749: Fixed an improper implementation in some IPsec protocols where the data were sent unencrypted allowing an attacker to read them (bsc#1165631). Important SUSE bug 1165631 SUSE bug 1171252 SUSE bug 1171254 CVE-2020-12653 CVE-2020-12654 CVE-2020-1749 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_48 fixes several issues. The following security issues were fixed: - CVE-2020-12653: Fixed a buffer overflow in mwifiex_cmd_append_vsie_tlv() which could have allowed local users to gain privileges or cause a denial of service (bsc#1171254). - CVE-2020-12654: Fixed a heap-based buffer overflow in mwifiex_ret_wmm_get_status() which could have been triggered by a remote AP to trigger (bsc#1171252). Important SUSE bug 1171252 SUSE bug 1171254 CVE-2020-12653 CVE-2020-12654 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_45 fixes several issues. The following security issues were fixed: - CVE-2020-12653: Fixed a buffer overflow in mwifiex_cmd_append_vsie_tlv() which could have allowed local users to gain privileges or cause a denial of service (bsc#1171254). - CVE-2020-12654: Fixed a heap-based buffer overflow in mwifiex_ret_wmm_get_status() which could have been triggered by a remote AP to trigger (bsc#1171252). Important SUSE bug 1171252 SUSE bug 1171254 CVE-2020-12653 CVE-2020-12654 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_40 fixes several issues. The following security issues were fixed: - CVE-2020-12653: Fixed a buffer overflow in mwifiex_cmd_append_vsie_tlv() which could have allowed local users to gain privileges or cause a denial of service (bsc#1171254). - CVE-2020-12654: Fixed a heap-based buffer overflow in mwifiex_ret_wmm_get_status() which could have been triggered by a remote AP to trigger (bsc#1171252). Important SUSE bug 1171252 SUSE bug 1171254 CVE-2020-12653 CVE-2020-12654 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_37 fixes several issues. The following security issues were fixed: - CVE-2020-12653: Fixed a buffer overflow in mwifiex_cmd_append_vsie_tlv() which could have allowed local users to gain privileges or cause a denial of service (bsc#1171254). - CVE-2020-12654: Fixed a heap-based buffer overflow in mwifiex_ret_wmm_get_status() which could have been triggered by a remote AP to trigger (bsc#1171252). Important SUSE bug 1171252 SUSE bug 1171254 CVE-2020-12653 CVE-2020-12654 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_32 fixes several issues. The following security issues were fixed: - CVE-2020-12653: Fixed a buffer overflow in mwifiex_cmd_append_vsie_tlv() which could have allowed local users to gain privileges or cause a denial of service (bsc#1171254). - CVE-2020-12654: Fixed a heap-based buffer overflow in mwifiex_ret_wmm_get_status() which could have been triggered by a remote AP to trigger (bsc#1171252). Important SUSE bug 1171252 SUSE bug 1171254 CVE-2020-12653 CVE-2020-12654 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_29 fixes several issues. The following security issues were fixed: - CVE-2020-12653: Fixed a buffer overflow in mwifiex_cmd_append_vsie_tlv() which could have allowed local users to gain privileges or cause a denial of service (bsc#1171254). - CVE-2020-12654: Fixed a heap-based buffer overflow in mwifiex_ret_wmm_get_status() which could have been triggered by a remote AP to trigger (bsc#1171252). Important SUSE bug 1171252 SUSE bug 1171254 CVE-2020-12653 CVE-2020-12654 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_24 fixes several issues. The following security issues were fixed: - CVE-2020-12653: Fixed a buffer overflow in mwifiex_cmd_append_vsie_tlv() which could have allowed local users to gain privileges or cause a denial of service (bsc#1171254). - CVE-2020-12654: Fixed a heap-based buffer overflow in mwifiex_ret_wmm_get_status() which could have been triggered by a remote AP to trigger (bsc#1171252). Important SUSE bug 1171252 SUSE bug 1171254 CVE-2020-12653 CVE-2020-12654 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_19 fixes several issues. The following security issues were fixed: - CVE-2020-12653: Fixed a buffer overflow in mwifiex_cmd_append_vsie_tlv() which could have allowed local users to gain privileges or cause a denial of service (bsc#1171254). - CVE-2020-12654: Fixed a heap-based buffer overflow in mwifiex_ret_wmm_get_status() which could have been triggered by a remote AP to trigger (bsc#1171252). Important SUSE bug 1171252 SUSE bug 1171254 CVE-2020-12653 CVE-2020-12654 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_16 fixes several issues. The following security issues were fixed: - CVE-2020-12653: Fixed a buffer overflow in mwifiex_cmd_append_vsie_tlv() which could have allowed local users to gain privileges or cause a denial of service (bsc#1171254). - CVE-2020-12654: Fixed a heap-based buffer overflow in mwifiex_ret_wmm_get_status() which could have been triggered by a remote AP to trigger (bsc#1171252). Important SUSE bug 1171252 SUSE bug 1171254 CVE-2020-12653 CVE-2020-12654 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824). - CVE-2020-13143: Fixed an out-of-bounds read in gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c (bsc#1171982). - CVE-2020-12769: Fixed an issue which could have allowed attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one (bsc#1171983). - CVE-2020-12768: Fixed a memory leak in svm_cpu_uninit in arch/x86/kvm/svm.c (bsc#1171736). - CVE-2020-12657: An a use-after-free in block/bfq-iosched.c (bsc#1171205). - CVE-2020-12656: Fixed an improper handling of certain domain_release calls leadingch could have led to a memory leak (bsc#1171219). - CVE-2020-12655: Fixed an issue which could have allowed attackers to trigger a sync of excessive duration via an XFS v5 image with crafted metadata (bsc#1171217). - CVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171202). - CVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171195). - CVE-2020-12652: Fixed an issue which could have allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition (bsc#1171218). - CVE-2020-12464: Fixed a use-after-free due to a transfer without a reference (bsc#1170901). - CVE-2020-12114: Fixed a pivot_root race condition which could have allowed local users to cause a denial of service (panic) by corrupting a mountpoint reference counter (bsc#1171098). - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172317). - CVE-2020-10751: Fixed an improper implementation in SELinux LSM hook where it was assumed that an skb would only contain a single netlink message (bsc#1171189). - CVE-2020-10732: Fixed kernel data leak in userspace coredumps due to uninitialized data (bsc#1171220). - CVE-2020-10720: Fixed a use-after-free read in napi_gro_frags() (bsc#1170778). - CVE-2020-10711: Fixed a null pointer dereference in SELinux subsystem which could have allowed a remote network user to crash the kernel resulting in a denial of service (bsc#1171191). - CVE-2020-10690: Fixed the race between the release of ptp_clock and cdev (bsc#1170056). - CVE-2019-9455: Fixed a pointer leak due to a WARN_ON statement in a video driver. This could lead to local information disclosure with System execution privileges needed (bsc#1170345). - CVE-2019-20812: Fixed an issue in prb_calc_retire_blk_tmo() which could have resulted in a denial of service (bsc#1172453). - CVE-2019-20806: Fixed a null pointer dereference which may had lead to denial of service (bsc#1172199). - CVE-2019-19462: Fixed an issue which could have allowed local user to cause denial of service (bsc#1158265). - CVE-2018-1000199: Fixed a potential local code execution via ptrace (bsc#1089895). The following non-security bugs were fixed: - ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() (bsc#1051510). - ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() (bsc#1051510). - acpi/x86: ignore unspecified bit positions in the ACPI global lock field (bsc#1051510). - Add commit for git-fix that's not a fix This commit cleans up debug code but does not fix anything, and it relies on a new kernel function that isn't yet in this version of SLE. - agp/intel: Reinforce the barrier after GTT updates (bsc#1051510). - ALSA: ctxfi: Remove unnecessary cast in kfree (bsc#1051510). - ALSA: dummy: Fix PCM format loop in proc output (bsc#1111666). - ALSA: hda: Do not release card at firmware loading error (bsc#1051510). - ALSA: hda/hdmi: fix race in monitor detection during probe (bsc#1051510). - ALSA: hda/hdmi: fix without unlocked before return (bsc#1051510). - ALSA: hda: Keep the controller initialization even if no codecs found (bsc#1051510). - ALSA: hda/realtek - Add more fixup entries for Clevo machines (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC245 (bsc#1051510). - ALSA: hda/realtek - Add new codec supported for ALC287 (git-fixes). - ALSA: hda/realtek - Fix S3 pop noise on Dell Wyse (git-fixes). - ALSA: hda/realtek - Fix unexpected init_amp override (bsc#1051510). - ALSA: hda/realtek - Limit int mic boost for Thinkpad T530 (git-fixes bsc#1171293). - ALSA: hda/realtek - Two front mics on a Lenovo ThinkCenter (bsc#1051510). - ALSA: hwdep: fix a left shifting 1 by 31 UB bug (git-fixes). - ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option (git-fixes). - ALSA: opti9xx: shut up gcc-10 range warning (bsc#1051510). - ALSA: pcm: fix incorrect hw_base increase (git-fixes). - ALSA: pcm: oss: Place the plugin buffer overflow checks correctly (bsc#1170522). - ALSA-pcm-oss-Place-the-plugin-buffer-overflow-checks.patch - ALSA: rawmidi: Fix racy buffer resize under concurrent accesses (git-fixes). - ALSA: usb-audio: Add control message quirk delay for Kingston HyperX headset (git-fixes). - ALSA: usb-audio: Correct a typo of NuPrime DAC-10 USB ID (bsc#1051510). - ALSA: usb-audio: Do not override ignore_ctl_error value from the map (bsc#1051510). - ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif (bsc#1051510). - ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC (git-fixes). - ALSA: usx2y: Fix potential NULL dereference (bsc#1051510). - ASoC: codecs: hdac_hdmi: Fix incorrect use of list_for_each_entry (bsc#1051510). - ASoC: dapm: connect virtual mux with default value (bsc#1051510). - ASoC: dapm: fixup dapm kcontrol widget (bsc#1051510). - ASoC: dpcm: allow start or stop during pause for backend (bsc#1051510). - ASoC: fix regwmask (bsc#1051510). - ASoC: msm8916-wcd-digital: Reset RX interpolation path after use (bsc#1051510). - ASoC: samsung: Prevent clk_get_rate() calls in atomic context (bsc#1111666). - ASoC: topology: Check return value of pcm_new_ver (bsc#1051510). - ASoC: topology: use name_prefix for new kcontrol (bsc#1051510). - b43legacy: Fix case where channel status is corrupted (bsc#1051510). - batman-adv: fix batadv_nc_random_weight_tq (git-fixes). - batman-adv: Fix refcnt leak in batadv_show_throughput_override (git-fixes). - batman-adv: Fix refcnt leak in batadv_store_throughput_override (git-fixes). - batman-adv: Fix refcnt leak in batadv_v_ogm_process (git-fixes). - bcache: avoid unnecessary btree nodes flushing in btree_flush_write() (git fixes (block drivers)). - bcache: fix incorrect data type usage in btree_flush_write() (git fixes (block drivers)). - bcache: Revert 'bcache: shrink btree node cache after bch_btree_check()' (git fixes (block drivers)). - block/drbd: delete invalid function drbd_md_mark_dirty_ (bsc#1171527). - block: drbd: remove a stray unlock in __drbd_send_protocol() (bsc#1171599). - block: fix busy device checking in blk_drop_partitions again (bsc#1171948). - block: fix busy device checking in blk_drop_partitions (bsc#1171948). - block: fix memleak of bio integrity data (git fixes (block drivers)). - block: remove the bd_openers checks in blk_drop_partitions (bsc#1171948). - bnxt_en: fix memory leaks in bnxt_dcbnl_ieee_getets() (networking-stable-20_03_28). - bnxt_en: reinitialize IRQs when MTU is modified (networking-stable-20_03_14). - bonding/alb: make sure arp header is pulled before accessing it (networking-stable-20_03_14). - brcmfmac: abort and release host after error (bsc#1051510). - Btrfs: fix deadlock with memory reclaim during scrub (bsc#1172127). - btrfs: fix log context list corruption after rename whiteout error (bsc#1172342). - btrfs: fix partial loss of prealloc extent past i_size after fsync (bsc#1172343). - btrfs: move the dio_sem higher up the callchain (bsc#1171761). - btrfs: reloc: clear DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: reloc: fix reloc root leak and NULL pointer dereference (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: setup a nofs context for memory allocation at btrfs_create_tree() (bsc#1172127). - btrfs: setup a nofs context for memory allocation at __btrfs_set_acl (bsc#1172127). - btrfs: use nofs context when initializing security xattrs to avoid deadlock (bsc#1172127). - can: add missing attribute validation for termination (networking-stable-20_03_14). - cdc-acm: close race betrween suspend() and acm_softint (git-fixes). - cdc-acm: introduce a cool down (git-fixes). - ceph: fix double unlock in handle_cap_export() (bsc#1171694). - ceph: fix endianness bug when handling MDS session feature bits (bsc#1171695). - cgroup, netclassid: periodically release file_lock on classid updating (networking-stable-20_03_14). - CIFS: Allocate crypto structures on the fly for calculating signatures of incoming packets (bsc#1144333). - CIFS: Allocate encryption header through kmalloc (bsc#1144333). - CIFS: allow unlock flock and OFD lock across fork (bsc#1144333). - CIFS: check new file size when extending file by fallocate (bsc#1144333). - CIFS: cifspdu.h: Replace zero-length array with flexible-array member (bsc#1144333). - CIFS: clear PF_MEMALLOC before exiting demultiplex thread (bsc#1144333). - CIFS: do not share tcons with DFS (bsc#1144333). - CIFS: dump the session id and keys also for SMB2 sessions (bsc#1144333). - CIFS: ensure correct super block for DFS reconnect (bsc#1144333). - CIFS: Fix bug which the return value by asynchronous read is error (bsc#1144333). - CIFS: fix uninitialised lease_key in open_shroot() (bsc#1144333). - CIFS: improve read performance for page size 64KB & cache=strict & vers=2.1+ (bsc#1144333). - CIFS: Increment num_remote_opens stats counter even in case of smb2_query_dir_first (bsc#1144333). - CIFS: minor update to comments around the cifs_tcp_ses_lock mutex (bsc#1144333). - CIFS: protect updating server->dstaddr with a spinlock (bsc#1144333). - CIFS: smb2pdu.h: Replace zero-length array with flexible-array member (bsc#1144333). - CIFS: smbd: Calculate the correct maximum packet size for segmented SMBDirect send/receive (bsc#1144333). - CIFS: smbd: Check and extend sender credits in interrupt context (bsc#1144333). - CIFS: smbd: Check send queue size before posting a send (bsc#1144333). - CIFS: smbd: Do not schedule work to send immediate packet on every receive (bsc#1144333). - CIFS: smbd: Merge code to track pending packets (bsc#1144333). - CIFS: smbd: Properly process errors on ib_post_send (bsc#1144333). - CIFS: smbd: Update receive credits before sending and deal with credits roll back on failure before sending (bsc#1144333). - CIFS: Warn less noisily on default mount (bsc#1144333). - clk: Add clk_hw_unregister_composite helper function definition (bsc#1051510). - clk: imx6ull: use OSC clock during AXI rate change (bsc#1051510). - clk: imx: make mux parent strings const (bsc#1051510). - clk: mediatek: correct the clocks for MT2701 HDMI PHY module (bsc#1051510). - clk: sunxi-ng: a64: Fix gate bit of DSI DPHY (bsc#1051510). - clocksource/drivers/hyper-v: Set TSC clocksource as default w/ InvariantTSC (bsc#1170620). - clocksource: dw_apb_timer_of: Fix missing clockevent timers (bsc#1051510). - component: Silence bind error on -EPROBE_DEFER (bsc#1051510). - coresight: do not use the BIT() macro in the UAPI header (git fixes (block drivers)). - cpufreq: s3c64xx: Remove pointless NULL check in s3c64xx_cpufreq_driver_init (bsc#1051510). - crypto: ccp - AES CFB mode is a stream cipher (git-fixes). - crypto: ccp - Clean up and exit correctly on allocation failure (git-fixes). - crypto: ccp - Cleanup misc_dev on sev_exit() (bsc#1114279). - crypto: ccp - Cleanup sp_dev_master in psp_dev_destroy() (bsc#1114279). - debugfs: Add debugfs_create_xul() for hexadecimal unsigned long (git-fixes). - dmaengine: dmatest: Fix iteration non-stop logic (bsc#1051510). - dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574). - dm writecache: fix data corruption when reloading the target (git fixes (block drivers)). - dm writecache: fix incorrect flush sequence when doing SSD mode commit (git fixes (block drivers)). - dm writecache: verify watermark during resume (git fixes (block drivers)). - dm zoned: fix invalid memory access (git fixes (block drivers)). - dm zoned: reduce overhead of backing device checks (git fixes (block drivers)). - dm zoned: remove duplicate nr_rnd_zones increase in dmz_init_zone() (git fixes (block drivers)). - dm zoned: support zone sizes smaller than 128MiB (git fixes (block drivers)). - dp83640: reverse arguments to list_add_tail (git-fixes). - drivers: hv: Add a module description line to the hv_vmbus driver (bsc#1172253). - Drivers: HV: Send one page worth of kmsg dump over Hyper-V during panic (bsc#1170618). - Drivers: hv: vmbus: Fix the issue with freeing up hv_ctl_table_hdr (bsc#1170618). - Drivers: hv: vmbus: Get rid of MSR access from vmbus_drv.c (bsc#1170618). - Drivers: hv: vmus: Fix the check for return value from kmsg get dump buffer (bsc#1170618). - drivers/net/ibmvnic: Update VNIC protocol version reporting (bsc#1065729). - drm: amd/acp: fix broken menu structure (bsc#1114279) * context changes - drm/crc: Actually allow to change the crc source (bsc#1114279) * offset changes - drm/dp_mst: Fix clearing payload state on topology disable (bsc#1051510). - drm/dp_mst: Reformat drm_dp_check_act_status() a bit (bsc#1051510). - drm/edid: Fix off-by-one in DispID DTD pixel clock (bsc#1114279) - drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of (bsc#1114279) - drm/i915: properly sanity check batch_start_offset (bsc#1114279) * renamed display/intel_fbc.c -> intel_fb.c * renamed gt/intel_rc6.c -> intel_pm.c * context changes - drm/meson: Delete an error message in meson_dw_hdmi_bind() (bsc#1051510). - drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem (bsc#1114279) - drm/qxl: qxl_release leak in qxl_draw_dirty_fb() (bsc#1051510). - drm/qxl: qxl_release leak in qxl_hw_surface_alloc() (bsc#1051510). - drm/qxl: qxl_release use after free (bsc#1051510). - drm: Remove PageReserved manipulation from drm_pci_alloc (bsc#1114279) * offset changes - dump_stack: avoid the livelock of the dump_lock (git fixes (block drivers)). - EDAC, sb_edac: Add support for systems with segmented PCI buses (bsc#1169525). - ext4: do not zeroout extents beyond i_disksize (bsc#1167851). - ext4: fix extent_status fragmentation for plain files (bsc#1171949). - ext4: use non-movable memory for superblock readahead (bsc#1171952). - fanotify: fix merging marks masks with FAN_ONDIR (bsc#1171679). - fbcon: fix null-ptr-deref in fbcon_switch (bsc#1114279) * rename drivers/video/fbdev/core to drivers/video/console * context changes - fib: add missing attribute validation for tun_id (networking-stable-20_03_14). - firmware: qcom: scm: fix compilation error when disabled (bsc#1051510). - fs/cifs: fix gcc warning in sid_to_id (bsc#1144333). - fs/seq_file.c: simplify seq_file iteration code and interface (bsc#1170125). - gpio: tegra: mask GPIO IRQs during IRQ shutdown (bsc#1051510). - gre: fix uninit-value in __iptunnel_pull_header (networking-stable-20_03_14). - HID: hid-input: clear unmapped usages (git-fixes). - HID: hyperv: Add a module description line (bsc#1172253). - HID: i2c-hid: add Trekstor Primebook C11B to descriptor override (git-fixes). - HID: i2c-hid: override HID descriptors for certain devices (git-fixes). - HID: multitouch: add eGalaxTouch P80H84 support (bsc#1051510). - HID: wacom: Read HID_DG_CONTACTMAX directly for non-generic devices (git-fixes). - hrtimer: Annotate lockless access to timer->state (git fixes (block drivers)). - hsr: add restart routine into hsr_get_node_list() (networking-stable-20_03_28). - hsr: check protocol version in hsr_newlink() (networking-stable-20_04_17). - hsr: fix general protection fault in hsr_addr_is_self() (networking-stable-20_03_28). - hsr: set .netnsok flag (networking-stable-20_03_28). - hsr: use rcu_read_lock() in hsr_get_node_{list/status}() (networking-stable-20_03_28). - i2c: acpi: Force bus speed to 400KHz if a Silead touchscreen is present (git-fixes). - i2c: acpi: put device when verifying client fails (git-fixes). - i2c: brcmstb: remove unused struct member (git-fixes). - i2c: core: Allow empty id_table in ACPI case as well (git-fixes). - i2c: core: decrease reference count of device node in i2c_unregister_device (git-fixes). - i2c: dev: Fix the race between the release of i2c_dev and cdev (bsc#1051510). - i2c: fix missing pm_runtime_put_sync in i2c_device_probe (git-fixes). - i2c-hid: properly terminate i2c_hid_dmi_desc_override_table array (git-fixes). - i2c: i801: Do not add ICH_RES_IO_SMI for the iTCO_wdt device (git-fixes). - i2c: iproc: Stop advertising support of SMBUS quick cmd (git-fixes). - i2c: isch: Remove unnecessary acpi.h include (git-fixes). - i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()' (bsc#1051510). - i2c: st: fix missing struct parameter description (bsc#1051510). - IB/ipoib: Add child to parent list only if device initialized (bsc#1168503). - IB/ipoib: Consolidate checking of the proposed child interface (bsc#1168503). - IB/ipoib: Do not remove child devices from within the ndo_uninit (bsc#1168503). - IB/ipoib: Get rid of IPOIB_FLAG_GOING_DOWN (bsc#1168503). - IB/ipoib: Get rid of the sysfs_mutex (bsc#1168503). - IB/ipoib: Maintain the child_intfs list from ndo_init/uninit (bsc#1168503). - IB/ipoib: Move all uninit code into ndo_uninit (bsc#1168503). - IB/ipoib: Move init code to ndo_init (bsc#1168503). - IB/ipoib: Replace printk with pr_warn (bsc#1168503). - IB/ipoib: Use cancel_delayed_work_sync for neigh-clean task (bsc#1168503). - IB/ipoib: Warn when one port fails to initialize (bsc#1168503). - ibmvnic: Skip fatal error reset after passive init (bsc#1171078 ltc#184239). - iio:ad7797: Use correct attribute_group (bsc#1051510). - iio: adc: stm32-adc: fix device used to request dma (bsc#1051510). - iio: adc: stm32-adc: fix sleep in atomic context (git-fixes). - iio: adc: stm32-adc: Use dma_request_chan() instead dma_request_slave_channel() (bsc#1051510). - iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()' (bsc#1051510). - iio: sca3000: Remove an erroneous 'get_device()' (bsc#1051510). - iio: xilinx-xadc: Fix ADC-B powerdown (bsc#1051510). - iio: xilinx-xadc: Fix clearing interrupt when enabling trigger (bsc#1051510). - iio: xilinx-xadc: Fix sequencer configuration for aux channels in simultaneous mode (bsc#1051510). - ima: Fix return value of ima_write_policy() (git-fixes). - Input: evdev - call input_flush_device() on release(), not flush() (bsc#1051510). - Input: hyperv-keyboard - add module description (bsc#1172253). - Input: i8042 - add Acer Aspire 5738z to nomux list (bsc#1051510). - Input: i8042 - add ThinkPad S230u to i8042 reset list (bsc#1051510). - Input: raydium_i2c_ts - use true and false for boolean values (bsc#1051510). - Input: synaptics-rmi4 - fix error return code in rmi_driver_probe() (bsc#1051510). - Input: synaptics-rmi4 - really fix attn_data use-after-free (git-fixes). - Input: usbtouchscreen - add support for BonXeon TP (bsc#1051510). - Input: xpad - add custom init packet for Xbox One S controllers (bsc#1051510). - iommu/amd: Call domain_flush_complete() in update_domain() (bsc#1172096). - iommu/amd: Do not flush Device Table in iommu_map_page() (bsc#1172097). - iommu/amd: Do not loop forever when trying to increase address space (bsc#1172098). - iommu/amd: Fix legacy interrupt remapping for x2APIC-enabled system (bsc#1172099). - iommu/amd: Fix over-read of ACPI UID from IVRS table (bsc#1172101). - iommu/amd: Fix race in increase_address_space()/fetch_pte() (bsc#1172102). - iommu/amd: Update Device Table in increase_address_space() (bsc#1172103). - iommu: Fix reference count leak in iommu_group_alloc (bsc#1172397). - ipmi: fix hung processes in __get_guid() (git-fixes). - ipv4: fix a RCU-list lock in fib_triestat_seq_show (networking-stable-20_04_02). - ipv6/addrconf: call ipv6_mc_up() for non-Ethernet interface (networking-stable-20_03_14). - ipv6: do not auto-add link-local address to lag ports (networking-stable-20_04_09). - ipv6: Fix nlmsg_flags when splitting a multipath route (networking-stable-20_03_01). - ipv6: Fix route replacement with dev-only route (networking-stable-20_03_01). - ipvlan: add cond_resched_rcu() while processing muticast backlog (networking-stable-20_03_14). - ipvlan: do not deref eth hdr before checking it's set (networking-stable-20_03_14). - ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast() (networking-stable-20_03_14). - iwlwifi: pcie: actually release queue memory in TVQM (bsc#1051510). - kabi fix for early XHCI debug (git-fixes). - kabi for for md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (git-fixes). - kabi, protect struct ib_device (bsc#1168503). - kabi/severities: Do not track KVM internal symbols. - kabi/severities: Ingnore get_dev_data() The function is internal to the AMD IOMMU driver and must not be called by any third party. - kabi workaround for snd_rawmidi buffer_ref field addition (git-fixes). - KEYS: reaching the keys quotas correctly (bsc#1051510). - KVM: arm64: Change hyp_panic()s dependency on tpidr_el2 (bsc#1133021). - KVM: arm64: Stop save/restoring host tpidr_el1 on VHE (bsc#1133021). - KVM: Check validity of resolved slot when searching memslots (bsc#1172104). - KVM: s390: vsie: Fix delivery of addressing exceptions (git-fixes). - KVM: s390: vsie: Fix possible race when shadowing region 3 tables (git-fixes). - KVM: s390: vsie: Fix region 1 ASCE sanity shadow address checks (git-fixes). - KVM: SVM: Fix potential memory leak in svm_cpu_init() (bsc#1171736). - KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1152489). - l2tp: Allow management of tunnels and session in user namespace (networking-stable-20_04_17). - libata: Remove extra scsi_host_put() in ata_scsi_add_hosts() (bsc#1051510). - libata: Return correct status in sata_pmp_eh_recover_pm() when ATA_DFLAG_DETACH is set (bsc#1051510). - lib: raid6: fix awk build warnings (git fixes (block drivers)). - lib/raid6/test: fix build on distros whose /bin/sh is not bash (git fixes (block drivers)). - lib/stackdepot.c: fix global out-of-bounds in stack_slabs (git fixes (block drivers)). - locks: print unsigned ino in /proc/locks (bsc#1171951). - mac80211: add ieee80211_is_any_nullfunc() (bsc#1051510). - mac80211_hwsim: Use kstrndup() in place of kasprintf() (bsc#1051510). - mac80211: mesh: fix discovery timer re-arming issue / crash (bsc#1051510). - macsec: avoid to set wrong mtu (bsc#1051510). - macsec: restrict to ethernet devices (networking-stable-20_03_28). - macvlan: add cond_resched() during multicast processing (networking-stable-20_03_14). - macvlan: fix null dereference in macvlan_device_event() (bsc#1051510). - md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (git-fixes). - md/raid0: Fix an error message in raid0_make_request() (git fixes (block drivers)). - md/raid10: prevent access of uninitialized resync_pages offset (git-fixes). - media: dvb: return -EREMOTEIO on i2c transfer failure (bsc#1051510). - media: platform: fcp: Set appropriate DMA parameters (bsc#1051510). - media: ti-vpe: cal: fix disable_irqs to only the intended target (git-fixes). - mei: release me_cl object reference (bsc#1051510). - mlxsw: Fix some IS_ERR() vs NULL bugs (networking-stable-20_04_27). - mlxsw: spectrum_flower: Do not stop at FLOW_ACTION_VLAN_MANGLE (networking-stable-20_04_09). - mmc: atmel-mci: Fix debugfs on 64-bit platforms (git-fixes). - mmc: dw_mmc: Fix debugfs on 64-bit platforms (git-fixes). - mmc: meson-gx: make sure the descriptor is stopped on errors (git-fixes). - mmc: meson-gx: simplify interrupt handler (git-fixes). - mmc: renesas_sdhi: limit block count to 16 bit for old revisions (git-fixes). - mmc: sdhci-esdhc-imx: fix the mask for tuning start point (bsc#1051510). - mmc: sdhci-msm: Clear tuning done flag while hs400 tuning (bsc#1051510). - mmc: sdhci-of-at91: fix memleak on clk_get failure (git-fixes). - mmc: sdhci-pci: Fix eMMC driver strength for BYT-based controllers (bsc#1051510). - mmc: sdhci-xenon: fix annoying 1.8V regulator warning (bsc#1051510). - mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() (bsc#1051510). - mmc: tmio: fix access width of Block Count Register (git-fixes). - mm: thp: handle page cache THP correctly in PageTransCompoundMap (git fixes (block drivers)). - mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer (bsc#1051510). - mtd: spi-nor: cadence-quadspi: add a delay in write sequence (git-fixes). - mtd: spi-nor: enable 4B opcodes for mx66l51235l (git-fixes). - mtd: spi-nor: fsl-quadspi: Do not let -EINVAL on the bus (git-fixes). - mwifiex: avoid -Wstringop-overflow warning (bsc#1051510). - mwifiex: Fix memory corruption in dump_station (bsc#1051510). - net: bcmgenet: correct per TX/RX ring statistics (networking-stable-20_04_27). - net: dsa: b53: Fix ARL register definitions (networking-stable-20_04_27). - net: dsa: b53: Rework ARL bin logic (networking-stable-20_04_27). - net: dsa: bcm_sf2: Do not register slave MDIO bus with OF (networking-stable-20_04_09). - net: dsa: bcm_sf2: Ensure correct sub-node is parsed (networking-stable-20_04_09). - net: dsa: bcm_sf2: Fix overflow checks (git-fixes). - net: dsa: Fix duplicate frames flooded by learning (networking-stable-20_03_28). - net: dsa: mv88e6xxx: fix lockup on warm boot (networking-stable-20_03_14). - net: fec: validate the new settings in fec_enet_set_coalesce() (networking-stable-20_03_14). - net: fib_rules: Correctly set table field when table number exceeds 8 bits (networking-stable-20_03_01). - net: fix race condition in __inet_lookup_established() (bsc#1151794). - net: fq: add missing attribute validation for orphan mask (networking-stable-20_03_14). - net, ip_tunnel: fix interface lookup with no key (networking-stable-20_04_02). - net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin (networking-stable-20_04_17). - net: ipv6: do not consider routes via gateways for anycast address check (networking-stable-20_04_17). - netlink: Use netlink header as base to calculate bad attribute offset (networking-stable-20_03_14). - net: macsec: update SCI upon MAC address change (networking-stable-20_03_14). - net: memcg: fix lockdep splat in inet_csk_accept() (networking-stable-20_03_14). - net: memcg: late association of sock to memcg (networking-stable-20_03_14). - net/mlx4_en: avoid indirect call in TX completion (networking-stable-20_04_27). - net/mlx5: Add new fields to Port Type and Speed register (bsc#1171118). - net/mlx5: Add RoCE RX ICRC encapsulated counter (bsc#1171118). - net/mlx5e: Fix ethtool self test: link speed (bsc#1171118). - net/mlx5e: Move port speed code from en_ethtool.c to en/port.c (bsc#1171118). - net/mlx5: Expose link speed directly (bsc#1171118). - net/mlx5: Expose port speed when possible (bsc#1171118). - net: mvneta: Fix the case where the last poll did not process all rx (networking-stable-20_03_28). - net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node (networking-stable-20_04_27). - net/packet: tpacket_rcv: do not increment ring index on drop (networking-stable-20_03_14). - net: phy: restore mdio regs in the iproc mdio driver (networking-stable-20_03_01). - net: qmi_wwan: add support for ASKEY WWHC050 (networking-stable-20_03_28). - net: revert default NAPI poll timeout to 2 jiffies (networking-stable-20_04_17). - net_sched: cls_route: remove the right filter from hashtable (networking-stable-20_03_28). - net/x25: Fix x25_neigh refcnt leak when receiving frame (networking-stable-20_04_27). - nfc: add missing attribute validation for SE API (networking-stable-20_03_14). - nfc: add missing attribute validation for vendor subcommand (networking-stable-20_03_14). - nfc: pn544: Fix occasional HW initialization failure (networking-stable-20_03_01). - NFC: st21nfca: add missed kfree_skb() in an error path (bsc#1051510). - nfsd4: fix up replay_matches_cache() (git-fixes). - nfsd: Ensure CLONE persists data and metadata changes to the target file (git-fixes). - nfsd: fix delay timer on 32-bit architectures (git-fixes). - nfsd: fix jiffies/time_t mixup in LRU list (git-fixes). - NFS: Directory page cache pages need to be locked when read (git-fixes). - nfsd: memory corruption in nfsd4_lock() (git-fixes). - NFS: Do not call generic_error_remove_page() while holding locks (bsc#1170457). - NFS: Fix memory leaks and corruption in readdir (git-fixes). - NFS: Fix O_DIRECT accounting of number of bytes read/written (git-fixes). - NFS: Fix potential posix_acl refcnt leak in nfs3_set_acl (git-fixes). - NFS: fix racey wait in nfs_set_open_stateid_locked (bsc#1170592). - NFS/flexfiles: Use the correct TCP timeout for flexfiles I/O (git-fixes). - NFS/pnfs: Fix pnfs_generic_prepare_to_resend_writes() (git-fixes). - NFS: Revalidate the file size on a fatal write error (git-fixes). - NFSv4.0: nfs4_do_fsinfo() should not do implicit lease renewals (git-fixes). - NFSv4: Do not allow a cached open with a revoked delegation (git-fixes). - NFSv4: Fix leak of clp->cl_acceptor string (git-fixes). - NFSv4/pnfs: Return valid stateids in nfs_layout_find_inode_by_stateid() (git-fixes). - NFSv4: try lease recovery on NFS4ERR_EXPIRED (git-fixes). - NFSv4.x: Drop the slot if nfs4_delegreturn_prepare waits for layoutreturn (git-fixes). - nl802154: add missing attribute validation for dev_type (networking-stable-20_03_14). - nl802154: add missing attribute validation (networking-stable-20_03_14). - nvme-fc: print proper nvme-fc devloss_tmo value (bsc#1172391). - objtool: Fix stack offset tracking for indirect CFAs (bsc#1169514). - objtool: Fix switch table detection in .text.unlikely (bsc#1169514). - objtool: Make BP scratch register warning more robust (bsc#1169514). - padata: Remove broken queue flushing (git-fixes). - Partially revert 'kfifo: fix kfifo_alloc() and kfifo_init()' (git fixes (block drivers)). - pinctrl: baytrail: Enable pin configuration setting for GPIO chip (git-fixes). - pinctrl: cherryview: Add missing spinlock usage in chv_gpio_irq_handler (git-fixes). - platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA (bsc#1051510). - pNFS: Ensure we do clear the return-on-close layout stateid on fatal errors (git-fixes). - powerpc: Add attributes for setjmp/longjmp (bsc#1065729). - powerpc/pci/of: Parse unassigned resources (bsc#1065729). - powerpc/setup_64: Set cache-line-size based on cache-block-size (bsc#1065729). - powerpc/sstep: Fix DS operand in ld encoding to appropriate value (bsc#1065729). - qede: Fix race between rdma destroy workqueue and link change event (networking-stable-20_03_01). - r8152: check disconnect status after long sleep (networking-stable-20_03_14). - raid6/ppc: Fix build for clang (git fixes (block drivers)). - rcu: locking and unlocking need to always be at least barriers (git fixes (block drivers)). - RDMA/ipoib: Fix use of sizeof() (bsc#1168503). - RDMA/netdev: Fix netlink support in IPoIB (bsc#1168503). - RDMA/netdev: Hoist alloc_netdev_mqs out of the driver (bsc#1168503). - RDMA/netdev: Use priv_destructor for netdev cleanup (bsc#1168503). - Remove 2 git-fixes that cause build issues. (bsc#1171691) - Revert 'ALSA: hda/realtek: Fix pop noise on ALC225' (git-fixes). - Revert 'drm/panel: simple: Add support for Sharp LQ150X1LG11 panels' (bsc#1114279) * offset changes - Revert 'HID: i2c-hid: add Trekstor Primebook C11B to descriptor override' Depends on 9b5c747685982d22efffeafc5ec601bd28f6d78b, which was also reverted. - Revert 'HID: i2c-hid: override HID descriptors for certain devices' This broke i2c-hid.ko's build, there is no way around it without a big file rename or renaming the kernel module. - Revert 'i2c-hid: properly terminate i2c_hid_dmi_desc_override_table' Fixed 9b5c747685982d22efffeafc5ec601bd28f6d78b, which was also reverted. - Revert 'ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()' (bsc#1172221). - rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup() (bsc#1051510). - s390/cio: avoid duplicated 'ADD' uevents (git-fixes). - s390/cio: generate delayed uevent for vfio-ccw subchannels (git-fixes). - s390/cpuinfo: fix wrong output when CPU0 is offline (git-fixes). - s390/diag: fix display of diagnose call statistics (git-fixes). - s390/ftrace: fix potential crashes when switching tracers (git-fixes). - s390/gmap: return proper error code on ksm unsharing (git-fixes). - s390/ism: fix error return code in ism_probe() (git-fixes). - s390/pci: Fix possible deadlock in recover_store() (bsc#1165183 LTC#184103). - s390/pci: Recover handle in clp_set_pci_fn() (bsc#1165183 LTC#184103). - s390/qeth: cancel RX reclaim work earlier (git-fixes). - s390/qeth: do not return -ENOTSUPP to userspace (git-fixes). - s390/qeth: do not warn for napi with 0 budget (git-fixes). - s390/qeth: fix off-by-one in RX copybreak check (git-fixes). - s390/qeth: fix promiscuous mode after reset (git-fixes). - s390/qeth: fix qdio teardown after early init error (git-fixes). - s390/qeth: handle error due to unsupported transport mode (git-fixes). - s390/qeth: handle error when backing RX buffer (git-fixes). - s390/qeth: lock the card while changing its hsuid (git-fixes). - s390/qeth: support net namespaces for L3 devices (git-fixes). - s390/time: Fix clk type in get_tod_clock (git-fixes). - scripts/decodecode: fix trapping instruction formatting (bsc#1065729). - scripts/dtc: Remove redundant YYLOC global declaration (bsc#1160388). - scsi: bnx2i: fix potential use after free (bsc#1171600). - scsi: core: Handle drivers which set sg_tablesize to zero (bsc#1171601) This commit also required: > scsi: core: avoid preallocating big SGL for data - scsi: core: save/restore command resid for error handling (bsc#1171602). - scsi: core: scsi_trace: Use get_unaligned_be*() (bsc#1171604). - scsi: core: try to get module before removing device (bsc#1171605). - scsi: csiostor: Adjust indentation in csio_device_reset (bsc#1171606). - scsi: csiostor: Do not enable IRQs too early (bsc#1171607). - scsi: esas2r: unlock on error in esas2r_nvram_read_direct() (bsc#1171608). - scsi: fnic: fix invalid stack access (bsc#1171609). - scsi: fnic: fix msix interrupt allocation (bsc#1171610). - scsi: ibmvscsi: Fix WARN_ON during event pool release (bsc#1170791 ltc#185128). - scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func (bsc#1171611). - scsi: iscsi: Fix a potential deadlock in the timeout handler (bsc#1171612). - scsi: iscsi: qla4xxx: fix double free in probe (bsc#1171613). - scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences (bsc#1171614). - scsi: lpfc: Fix crash in target side cable pulls hitting WAIT_FOR_UNREG (bsc#1171615). - scsi: megaraid_sas: Do not initiate OCR if controller is not in ready state (bsc#1171616). - scsi: qla2xxx: add ring buffer for tracing debug logs (bsc#1157169). - scsi: qla2xxx: check UNLOADING before posting async work (bsc#1157169). - scsi: qla2xxx: Delete all sessions before unregister local nvme port (bsc#1157169). - scsi: qla2xxx: Do not log message when reading port speed via sysfs (bsc#1157169). - scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV (bsc#1157169). - scsi: qla2xxx: Fix regression warnings (bsc#1157169). - scsi: qla2xxx: Remove non functional code (bsc#1157169). - scsi: qla2xxx: set UNLOADING before waiting for session deletion (bsc#1157169). - scsi: qla4xxx: Adjust indentation in qla4xxx_mem_free (bsc#1171617). - scsi: qla4xxx: fix double free bug (bsc#1171618). - scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI (bsc#1171619). - scsi: sg: add sg_remove_request in sg_common_write (bsc#1171620). - scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6) (bsc#1171621). - scsi: ufs: change msleep to usleep_range (bsc#1171622). - scsi: ufs: Clean up ufshcd_scale_clks() and clock scaling error out path (bsc#1171623). - scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic (bsc#1171624). - scsi: ufs: Fix ufshcd_probe_hba() reture value in case ufshcd_scsi_add_wlus() fails (bsc#1171625). - scsi: ufs: Recheck bkops level if bkops is disabled (bsc#1171626). - scsi: zfcp: fix missing erp_lock in port recovery trigger for point-to-point (git-fixes). - sctp: fix possibly using a bad saddr with a given dst (networking-stable-20_04_02). - sctp: fix refcount bug in sctp_wfree (networking-stable-20_04_02). - sctp: move the format error check out of __sctp_sf_do_9_1_abort (networking-stable-20_03_01). - seq_file: fix problem when seeking mid-record (bsc#1170125). - serial: uartps: Move the spinlock after the read of the tx empty (git-fixes). - sfc: detach from cb_page in efx_copy_channel() (networking-stable-20_03_14). - signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig (bsc#1172185). - slcan: not call free_netdev before rtnl_unlock in slcan_open (networking-stable-20_03_28). - slip: make slhc_compress() more robust against malicious packets (networking-stable-20_03_14). - smb3: Additional compression structures (bsc#1144333). - smb3: Add new compression flags (bsc#1144333). - smb3: change noisy error message to FYI (bsc#1144333). - smb3: enable swap on SMB3 mounts (bsc#1144333). - smb3: Minor cleanup of protocol definitions (bsc#1144333). - smb3: remove overly noisy debug line in signing errors (bsc#1144333). - smb3: smbdirect support can be configured by default (bsc#1144333). - smb3: use SMB2_SIGNATURE_SIZE define (bsc#1144333). - spi: bcm2835: Fix 3-wire mode if DMA is enabled (git-fixes). - spi: bcm63xx-hsspi: Really keep pll clk enabled (bsc#1051510). - spi: bcm-qspi: when tx/rx buffer is NULL set to 0 (bsc#1051510). - spi: dw: Add SPI Rx-done wait method to DMA-based transfer (bsc#1051510). - spi: dw: Add SPI Tx-done wait method to DMA-based transfer (bsc#1051510). - spi: dw: Zero DMA Tx and Rx configurations on stack (bsc#1051510). - spi: fsl: do not map irq during probe (git-fixes). - spi: fsl: use platform_get_irq() instead of of_irq_to_resource() (git-fixes). - spi: pxa2xx: Add CS control clock quirk (bsc#1051510). - spi: qup: call spi_qup_pm_resume_runtime before suspending (bsc#1051510). - spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (git-fixes). - spi: spi-s3c64xx: Fix system resume support (git-fixes). - spi/zynqmp: remove entry that causes a cs glitch (bsc#1051510). - staging: comedi: dt2815: fix writing hi byte of analog output (bsc#1051510). - staging: comedi: Fix comedi_device refcnt leak in comedi_open (bsc#1051510). - staging: iio: ad2s1210: Fix SPI reading (bsc#1051510). - staging: vt6656: Do not set RCR_MULTICAST or RCR_BROADCAST by default (git-fixes). - staging: vt6656: Fix drivers TBTT timing counter (git-fixes). - staging: vt6656: Fix pairwise key entry save (git-fixes). - sunrpc: expiry_time should be seconds not timeval (git-fixes). - SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()' (git-fixes). - supported.conf: Add br_netfilter to base (bsc#1169020). - svcrdma: Fix leak of transport addresses (git-fixes). - taskstats: fix data-race (bsc#1172188). - tcp: cache line align MAX_TCP_HEADER (networking-stable-20_04_27). - tcp: repair: fix TCP_QUEUE_SEQ implementation (networking-stable-20_03_28). - team: add missing attribute validation for array index (networking-stable-20_03_14). - team: add missing attribute validation for port ifindex (networking-stable-20_03_14). - team: fix hang in team_mode_get() (networking-stable-20_04_27). - tools lib traceevent: Remove unneeded qsort and uses memmove instead (git-fixes). - tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send() (bsc#1065729). - tpm/tpm_tis: Free IRQ if probing fails (bsc#1082555). - tpm/tpm_tis: Free IRQ if probing fails (git-fixes). - tracing: Add a vmalloc_sync_mappings() for safe measure (git-fixes). - tracing: Disable trace_printk() on post poned tests (git-fixes). - tracing: Fix the race between registering 'snapshot' event trigger and triggering 'snapshot' operation (git-fixes). - tty: rocket, avoid OOB access (git-fixes). - UAS: fix deadlock in error handling and PM flushing work (git-fixes). - UAS: no use logging any details in case of ENODEV (git-fixes). - USB: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair K70 RGB RAPIDFIRE (git-fixes). - USB: cdc-acm: restore capability check order (git-fixes). - USB: core: Fix misleading driver bug report (bsc#1051510). - USB: dwc3: do not set gadget->is_otg flag (git-fixes). - USB: dwc3: gadget: Do link recovery for SS and SSP (git-fixes). - USB: early: Handle AMD's spec-compliant identifiers, too (git-fixes). - USB: f_fs: Clear OS Extended descriptor counts to zero in ffs_data_reset() (git-fixes). - USB: gadget: audio: Fix a missing error return value in audio_bind() (git-fixes). - USB: gadget: composite: Inform controller driver of self-powered (git-fixes). - USB: gadget: legacy: fix error return code in cdc_bind() (git-fixes). - USB: gadget: legacy: fix error return code in gncm_bind() (git-fixes). - USB: gadget: legacy: fix redundant initialization warnings (bsc#1051510). - USB: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()' (git-fixes). - USB: gadget: udc: atmel: Fix vbus disconnect handling (git-fixes). - USB: gadget: udc: atmel: Make some symbols static (git-fixes). - USB: gadget: udc: bdc: Remove unnecessary NULL checks in bdc_req_complete (git-fixes). - USB: host: xhci-plat: keep runtime active when removing host (git-fixes). - USB: hub: Fix handling of connect changes during sleep (git-fixes). - usbnet: silence an unnecessary warning (bsc#1170770). - USB: serial: garmin_gps: add sanity checking for data length (git-fixes). - USB: serial: option: add BroadMobi BM806U (git-fixes). - USB: serial: option: add support for ASKEY WWHC050 (git-fixes). - USB: serial: option: add Wistron Neweb D19Q1 (git-fixes). - USB: serial: qcserial: Add DW5816e support (git-fixes). - USB: sisusbvga: Change port variable from signed to unsigned (git-fixes). - usb-storage: Add unusual_devs entry for JMicron JMS566 (git-fixes). - USB: uas: add quirk for LaCie 2Big Quadra (git-fixes). - USB: xhci: Fix NULL pointer dereference when enqueuing trbs from urb sg list (git-fixes). - video: fbdev: sis: Remove unnecessary parentheses and commented code (bsc#1114279) - video: fbdev: w100fb: Fix a potential double free (bsc#1051510). - vrf: Check skb for XFRM_TRANSFORMED flag (networking-stable-20_04_27). - vt: ioctl, switch VT_IS_IN_USE and VT_BUSY to inlines (git-fixes). - vt: selection, introduce vc_is_sel (git-fixes). - vt: vt_ioctl: fix race in VT_RESIZEX (git-fixes). - vt: vt_ioctl: fix use-after-free in vt_in_use() (git-fixes). - vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (git-fixes). - vxlan: check return value of gro_cells_init() (networking-stable-20_03_28). - watchdog: reset last_hw_keepalive time at start (git-fixes). - wcn36xx: Fix error handling path in 'wcn36xx_probe()' (bsc#1051510). - wil6210: remove reset file from debugfs (git-fixes). - wimax/i2400m: Fix potential urb refcnt leak (bsc#1051510). - workqueue: do not use wq_select_unbound_cpu() for bound works (bsc#1172130). - x86/entry/64: Fix unwind hints in kernel exit path (bsc#1058115). - x86/entry/64: Fix unwind hints in register clearing code (bsc#1058115). - x86/entry/64: Fix unwind hints in rewind_stack_do_exit() (bsc#1058115). - x86/entry/64: Fix unwind hints in __switch_to_asm() (bsc#1058115). - x86/Hyper-V: Allow guests to enable InvariantTSC (bsc#1170620). - x86/Hyper-V: Free hv_panic_page when fail to register kmsg dump (bsc#1170618). - x86/Hyper-V: Report crash data in die() when panic_on_oops is set (bsc#1170618). - x86/Hyper-V: Report crash register data or kmsg before running crash kernel (bsc#1170618). - x86/Hyper-V: Report crash register data when sysctl_record_panic_msg is not set (bsc#1170618). - x86:Hyper-V: report value of misc_features (git-fixes). - x86/Hyper-V: Trigger crash enlightenment only once during system crash (bsc#1170618). - x86/Hyper-V: Unload vmbus channel in hv panic callback (bsc#1170618). - x86/kprobes: Avoid kretprobe recursion bug (bsc#1114279). - x86/resctrl: Fix invalid attempt at removing the default resource group (git-fixes). - x86/resctrl: Preserve CDP enable over CPU hotplug (bsc#1114279). - x86/unwind/orc: Do not skip the first frame for inactive tasks (bsc#1058115). - x86/unwind/orc: Fix error handling in __unwind_start() (bsc#1058115). - x86/unwind/orc: Fix error path for bad ORC entry type (bsc#1058115). - x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks (bsc#1058115). - x86/unwind/orc: Prevent unwinding before ORC initialization (bsc#1058115). - x86/unwind: Prevent false warnings for non-current tasks (bsc#1058115). - x86/xen: fix booting 32-bit pv guest (bsc#1071995). - x86/xen: Make the boot CPU idle task reliable (bsc#1071995). - x86/xen: Make the secondary CPU idle tasks reliable (bsc#1071995). - xen/pci: reserve MCFG areas earlier (bsc#1170145). - xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish (networking-stable-20_04_27). - xfs: Correctly invert xfs_buftarg LRU isolation logic (git-fixes). - xfs: do not ever return a stale pointer from __xfs_dir3_free_read (git-fixes). - xprtrdma: Fix completion wait during device removal (git-fixes). Important SUSE bug 1051510 SUSE bug 1058115 SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1082555 SUSE bug 1089895 SUSE bug 1111666 SUSE bug 1114279 SUSE bug 1133021 SUSE bug 1144333 SUSE bug 1151794 SUSE bug 1152489 SUSE bug 1154824 SUSE bug 1157169 SUSE bug 1158265 SUSE bug 1160388 SUSE bug 1160947 SUSE bug 1165183 SUSE bug 1165741 SUSE bug 1166969 SUSE bug 1167574 SUSE bug 1167851 SUSE bug 1168503 SUSE bug 1168670 SUSE bug 1169020 SUSE bug 1169514 SUSE bug 1169525 SUSE bug 1170056 SUSE bug 1170125 SUSE bug 1170145 SUSE bug 1170345 SUSE bug 1170457 SUSE bug 1170522 SUSE bug 1170592 SUSE bug 1170618 SUSE bug 1170620 SUSE bug 1170770 SUSE bug 1170778 SUSE bug 1170791 SUSE bug 1170901 SUSE bug 1171078 SUSE bug 1171098 SUSE bug 1171118 SUSE bug 1171189 SUSE bug 1171191 SUSE bug 1171195 SUSE bug 1171202 SUSE bug 1171205 SUSE bug 1171217 SUSE bug 1171218 SUSE bug 1171219 SUSE bug 1171220 SUSE bug 1171293 SUSE bug 1171417 SUSE bug 1171527 SUSE bug 1171599 SUSE bug 1171600 SUSE bug 1171601 SUSE bug 1171602 SUSE bug 1171604 SUSE bug 1171605 SUSE bug 1171606 SUSE bug 1171607 SUSE bug 1171608 SUSE bug 1171609 SUSE bug 1171610 SUSE bug 1171611 SUSE bug 1171612 SUSE bug 1171613 SUSE bug 1171614 SUSE bug 1171615 SUSE bug 1171616 SUSE bug 1171617 SUSE bug 1171618 SUSE bug 1171619 SUSE bug 1171620 SUSE bug 1171621 SUSE bug 1171622 SUSE bug 1171623 SUSE bug 1171624 SUSE bug 1171625 SUSE bug 1171626 SUSE bug 1171679 SUSE bug 1171691 SUSE bug 1171694 SUSE bug 1171695 SUSE bug 1171736 SUSE bug 1171761 SUSE bug 1171948 SUSE bug 1171949 SUSE bug 1171951 SUSE bug 1171952 SUSE bug 1171982 SUSE bug 1171983 SUSE bug 1172096 SUSE bug 1172097 SUSE bug 1172098 SUSE bug 1172099 SUSE bug 1172101 SUSE bug 1172102 SUSE bug 1172103 SUSE bug 1172104 SUSE bug 1172127 SUSE bug 1172130 SUSE bug 1172185 SUSE bug 1172188 SUSE bug 1172199 SUSE bug 1172221 SUSE bug 1172253 SUSE bug 1172317 SUSE bug 1172342 SUSE bug 1172343 SUSE bug 1172344 SUSE bug 1172366 SUSE bug 1172391 SUSE bug 1172397 SUSE bug 1172453 CVE-2018-1000199 CVE-2019-19462 CVE-2019-20806 CVE-2019-20812 CVE-2019-9455 CVE-2020-0543 CVE-2020-10690 CVE-2020-10711 CVE-2020-10720 CVE-2020-10732 CVE-2020-10751 CVE-2020-10757 CVE-2020-12114 CVE-2020-12464 CVE-2020-12652 CVE-2020-12653 CVE-2020-12654 CVE-2020-12655 CVE-2020-12656 CVE-2020-12657 CVE-2020-12768 CVE-2020-12769 CVE-2020-13143 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_51 fixes several issues. The following security issues were fixed: - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172437). - CVE-2018-1000199: Fixed a potential local code execution via ptrace (bsc#1171746). Important SUSE bug 1171746 SUSE bug 1172437 CVE-2018-1000199 CVE-2020-10757 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_48 fixes several issues. The following security issues were fixed: - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172437). - CVE-2018-1000199: Fixed a potential local code execution via ptrace (bsc#1171746). Important SUSE bug 1171746 SUSE bug 1172437 CVE-2018-1000199 CVE-2020-10757 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_45 fixes several issues. The following security issues were fixed: - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172437). - CVE-2018-1000199: Fixed a potential local code execution via ptrace (bsc#1171746). Important SUSE bug 1171746 SUSE bug 1172437 CVE-2018-1000199 CVE-2020-10757 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_40 fixes several issues. The following security issues were fixed: - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172437). - CVE-2018-1000199: Fixed a potential local code execution via ptrace (bsc#1171746). Important SUSE bug 1171746 SUSE bug 1172437 CVE-2018-1000199 CVE-2020-10757 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_37 fixes several issues. The following security issues were fixed: - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172437). - CVE-2018-1000199: Fixed a potential local code execution via ptrace (bsc#1171746). Important SUSE bug 1171746 SUSE bug 1172437 CVE-2018-1000199 CVE-2020-10757 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_32 fixes several issues. The following security issues were fixed: - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172437). - CVE-2018-1000199: Fixed a potential local code execution via ptrace (bsc#1171746). Important SUSE bug 1171746 SUSE bug 1172437 CVE-2018-1000199 CVE-2020-10757 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_29 fixes several issues. The following security issues were fixed: - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172437). - CVE-2019-15666: Fixed an out of bounds read __xfrm_policy_unlink, which could have led to denial of service (bsc#1172140). - CVE-2018-1000199: Fixed a potential local code execution via ptrace (bsc#1171746). Important SUSE bug 1171746 SUSE bug 1172140 SUSE bug 1172437 CVE-2018-1000199 CVE-2019-15666 CVE-2020-10757 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_24 fixes several issues. The following security issues were fixed: - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172437). - CVE-2019-15666: Fixed an out of bounds read __xfrm_policy_unlink, which could have led to denial of service (bsc#1172140). - CVE-2018-1000199: Fixed a potential local code execution via ptrace (bsc#1171746). Important SUSE bug 1171746 SUSE bug 1172140 SUSE bug 1172437 CVE-2018-1000199 CVE-2019-15666 CVE-2020-10757 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_19 fixes several issues. The following security issues were fixed: - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172437). - CVE-2019-15666: Fixed an out of bounds read __xfrm_policy_unlink, which could have led to denial of service (bsc#1172140). - CVE-2018-1000199: Fixed a potential local code execution via ptrace (bsc#1171746). Important SUSE bug 1171746 SUSE bug 1172140 SUSE bug 1172437 CVE-2018-1000199 CVE-2019-15666 CVE-2020-10757 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_45 fixes several issues. The following security issues were fixed: - CVE-2019-14896: A heap-based buffer overflow vulnerability was found in the Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (bsc#1157157). - CVE-2019-14897: A stack-based buffer overflow was found in the Marvell WiFi chip driver. An attacker was able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA (bsc#1157155). Important SUSE bug 1160467 SUSE bug 1160468 CVE-2019-14896 CVE-2019-14897 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_40 fixes several issues. The following security issues were fixed: - CVE-2019-14896: A heap-based buffer overflow vulnerability was found in the Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (bsc#1157157). - CVE-2019-14897: A stack-based buffer overflow was found in the Marvell WiFi chip driver. An attacker was able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA (bsc#1157155). Important SUSE bug 1103203 SUSE bug 1160467 SUSE bug 1160468 CVE-2019-14896 CVE-2019-14897 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_37 fixes several issues. The following security issues were fixed: - CVE-2019-14896: A heap-based buffer overflow vulnerability was found in the Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (bsc#1157157). - CVE-2019-14897: A stack-based buffer overflow was found in the Marvell WiFi chip driver. An attacker was able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA (bsc#1157155). Important SUSE bug 1103203 SUSE bug 1160467 SUSE bug 1160468 CVE-2019-14896 CVE-2019-14897 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_32 fixes several issues. The following security issues were fixed: - CVE-2019-14896: A heap-based buffer overflow vulnerability was found in the Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (bsc#1157157). - CVE-2019-14897: A stack-based buffer overflow was found in the Marvell WiFi chip driver. An attacker was able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA (bsc#1157155). Important SUSE bug 1103203 SUSE bug 1160467 SUSE bug 1160468 CVE-2019-14896 CVE-2019-14897 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_29 fixes several issues. The following security issues were fixed: - CVE-2019-14896: A heap-based buffer overflow vulnerability was found in the Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (bsc#1157157). - CVE-2019-14897: A stack-based buffer overflow was found in the Marvell WiFi chip driver. An attacker was able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA (bsc#1157155). Important SUSE bug 1103203 SUSE bug 1160467 SUSE bug 1160468 CVE-2019-14896 CVE-2019-14897 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_24 fixes several issues. The following security issues were fixed: - CVE-2019-14896: A heap-based buffer overflow vulnerability was found in the Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (bsc#1157157). - CVE-2019-14897: A stack-based buffer overflow was found in the Marvell WiFi chip driver. An attacker was able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA (bsc#1157155). Important SUSE bug 1103203 SUSE bug 1160467 SUSE bug 1160468 CVE-2019-14896 CVE-2019-14897 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_19 fixes several issues. The following security issues were fixed: - CVE-2019-14896: A heap-based buffer overflow vulnerability was found in the Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (bsc#1157157). - CVE-2019-14897: A stack-based buffer overflow was found in the Marvell WiFi chip driver. An attacker was able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA (bsc#1157155). Important SUSE bug 1103203 SUSE bug 1160467 SUSE bug 1160468 CVE-2019-14896 CVE-2019-14897 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_16 fixes several issues. The following security issues were fixed: - CVE-2019-14896: A heap-based buffer overflow vulnerability was found in the Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (bsc#1157157). - CVE-2019-14897: A stack-based buffer overflow was found in the Marvell WiFi chip driver. An attacker was able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA (bsc#1157155). Important SUSE bug 1103203 SUSE bug 1160467 SUSE bug 1160468 CVE-2019-14896 CVE-2019-14897 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_13 fixes several issues. The following security issues were fixed: - CVE-2019-14896: A heap-based buffer overflow vulnerability was found in the Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (bsc#1157157). - CVE-2019-14897: A stack-based buffer overflow was found in the Marvell WiFi chip driver. An attacker was able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA (bsc#1157155). Important SUSE bug 1103203 SUSE bug 1160467 SUSE bug 1160468 CVE-2019-14896 CVE-2019-14897 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_6 fixes several issues. The following security issues were fixed: - CVE-2019-14896: A heap-based buffer overflow vulnerability was found in the Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (bsc#1157157). - CVE-2019-14897: A stack-based buffer overflow was found in the Marvell WiFi chip driver. An attacker was able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA (bsc#1157155). Important SUSE bug 1103203 SUSE bug 1160467 SUSE bug 1160468 CVE-2019-14896 CVE-2019-14897 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c where incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bnc#1173567). - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573). - CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770 (bnc#1173514). - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c had a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2019-16746: net/wireless/nl80211.c did not check the length of variable elements in a beacon head, leading to a buffer overflow (bnc#1152107). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265). - CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999). - CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-10768: Indirect branch speculation could have been enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (bnc#1172783). - CVE-2020-10766: Fixed Rogue cross-process SSBD shutdown, where a Linux scheduler logical bug allows an attacker to turn off the SSBD protection. (bnc#1172781). - CVE-2020-10767: Indirect Branch Prediction Barrier was force-disabled when STIBP is unavailable or enhanced IBRS is available. (bnc#1172782). - CVE-2020-13974: drivers/tty/vt/keyboard.c had an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. (bnc#1172775). - CVE-2019-20810: go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel did not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586 (bnc#1172458). The following non-security bugs were fixed: - ACPI: PM: Avoid using power resources if there are none for D0 (bsc#1051510). - ALSA: es1688: Add the missed snd_card_free() (bsc#1051510). - bcache: Fix an error code in bch_dump_read() (git fixes (block drivers)). - block, bfq: add requeue-request hook (bsc#1104967 bsc#1171673). - block, bfq: postpone rq preparation to insert or merge (bsc#1104967 bsc#1171673). - block: remove QUEUE_FLAG_STACKABLE (git fixes (block drivers)). - block: sed-opal: fix sparse warning: convert __be64 data (git fixes (block drivers)). - btrfs: always wait on ordered extents at fsync time (bsc#1171761). - btrfs: clean up the left over logged_list usage (bsc#1171761). - btrfs: do not zero f_bavail if we have available space (bsc#1168081). - btrfs: fix list_add corruption and soft lockups in fsync (bsc#1171761). - btrfs: fix missing data checksums after a ranged fsync (msync) (bsc#1171761). - btrfs: fix missing file extent item for hole after ranged fsync (bsc#1171761). - btrfs: fix missing hole after hole punching and fsync when using NO_HOLES (bsc#1171761). - btrfs: fix missing semaphore unlock in btrfs_sync_file (bsc#1171761). - btrfs: fix rare chances for data loss when doing a fast fsync (bsc#1171761). - btrfs: Remove extra parentheses from condition in copy_items() (bsc#1171761). - btrfs: remove no longer used io_err from btrfs_log_ctx (bsc#1171761). - btrfs: remove no longer used logged range variables when logging extents (bsc#1171761). - btrfs: remove no longer used 'sync' member from transaction handle (bsc#1171761). - btrfs: remove remaing full_sync logic from btrfs_sync_file (bsc#1171761). - btrfs: remove the logged extents infrastructure (bsc#1171761). - btrfs: remove the wait ordered logic in the log_one_extent path (bsc#1171761). - btrfs: volumes: Remove ENOSPC-prone btrfs_can_relocate() (bsc#1171124). - CDC-ACM: heed quirk also in error handling (git-fixes). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1144333). - cifs: handle hostnames that resolve to same ip in failover (bsc#1144333 bsc#1161016). - cifs: set up next DFS target before generic_ip_connect() (bsc#1144333 bsc#1161016). - clk: bcm2835: Fix return type of bcm2835_register_gate (bsc#1051510). - clk: clk-flexgen: fix clock-critical handling (bsc#1051510). - clk: sunxi: Fix incorrect usage of round_down() (bsc#1051510). - compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE (git fixes (block drivers)). - compat_ioctl: block: handle Persistent Reservations (git fixes (block drivers)). - copy_{to,from}_user(): consolidate object size checks (git fixes). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes). - dm btree: increase rebalance threshold in __rebalance2() (git fixes (block drivers)). - dm cache: fix a crash due to incorrect work item cancelling (git fixes (block drivers)). - dm crypt: fix benbi IV constructor crash if used in authenticated mode (git fixes (block drivers)). - dm: fix potential for q->make_request_fn NULL pointer (git fixes (block drivers)). - dm space map common: fix to ensure new block isn't already in use (git fixes (block drivers)). - dm: various cleanups to md->queue initialization code (git fixes). - dm verity fec: fix hash block number in verity_fec_decode (git fixes (block drivers)). - dm verity fec: fix memory leak in verity_fec_dtr (git fixes (block drivers)). - Drivers: hv: Change flag to write log level in panic msg to false (bsc#1170618). - drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static (bsc#1051510). - drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1152472) * context changes - drm: encoder_slave: fix refcouting error for modules (bsc#1114279) - drm/mediatek: Check plane visibility in atomic_update (bsc#1152472) * context changes - drm/qxl: Use correct notify port address when creating cursor ring (bsc#1152472) - drm/radeon: fix double free (bsc#1152472) - drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1152472) - e1000e: Disable TSO for buffer overrun workaround (bsc#1051510). - e1000e: Do not wake up the system via WOL if device wakeup is disabled (bsc#1051510). - EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1114279). - evm: Check also if *tfm is an error pointer in init_desc() (bsc#1051510). - evm: Fix a small race in init_desc() (bsc#1051510). - extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' (bsc#1051510). - gpiolib: Document that GPIO line names are not globally unique (bsc#1051510). - HID: sony: Fix for broken buttons on DS3 USB dongles (bsc#1051510). - ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - iio: buffer: Do not allow buffers without any channels enabled to be activated (bsc#1051510). - iio: pressure: bmp280: Tolerate IRQ before registering (bsc#1051510). - ima: Directly assign the ima_default_policy pointer to ima_rules (bsc#1051510). - ima: Fix ima digest hash table key calculation (bsc#1051510). - include/asm-generic/topology.h: guard cpumask_of_node() macro argument (bsc#1148868). - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - KVM: nVMX: Do not reread VMCS-agnostic state when switching VMCS (bsc#1114279). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1114279). - kvm: x86: Fix L1TF mitigation for shadow MMU (bsc#1171904). - KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated (bsc#1171904). - KVM: x86: only do L1TF workaround on affected processors (bsc#1171904). - libceph: do not omit recovery_deletes in target_copy() (bsc#1173462). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - md: Avoid namespace collision with bitmap API (git fixes (block drivers)). - md: use memalloc scope APIs in mddev_suspend()/mddev_resume() (git fixes (block drivers)). - mmc: fix compilation of user API (bsc#1051510). - netfilter: connlabels: prefer static lock initialiser (git-fixes). - netfilter: ctnetlink: netns exit must wait for callbacks (bsc#1169795). - netfilter: not mark a spinlock as __read_mostly (git-fixes). - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484). - NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid() (bsc#1170592). - NFSv4: Retry CLOSE and DELEGRETURN on NFS4ERR_OLD_STATEID (bsc#1170592). - nvme: check for NVME_CTRL_LIVE in nvme_report_ns_ids() (bcs#1171558 bsc#1159058). - nvme: do not update multipath disk information if the controller is down (bcs#1171558 bsc#1159058). - objtool: Clean instruction state before each function validation (bsc#1169514). - objtool: Ignore empty alternatives (bsc#1169514). - overflow: Fix -Wtype-limits compilation warnings (git fixes). - overflow.h: Add arithmetic shift helper (git fixes). - p54usb: add AirVasT USB stick device-id (bsc#1051510). - PCI: Allow pci_resize_resource() for devices on root bus (bsc#1051510). - PCI: Fix pci_register_host_bridge() device_register() error handling (bsc#1051510). - PCI: Program MPS for RCiEP devices (bsc#1051510). - PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port (bsc#1051510). - perf: Allocate context task_ctx_data for child event (git-fixes). - perf/cgroup: Fix perf cgroup hierarchy support (git-fixes). - perf: Copy parent's address filter offsets on clone (git-fixes). - perf/core: Add sanity check to deal with pinned event failure (git-fixes). - perf/core: Avoid freeing static PMU contexts when PMU is unregistered (git-fixes). - perf/core: Correct event creation with PERF_FORMAT_GROUP (git-fixes). - perf/core: Do not WARN() for impossible ring-buffer sizes (git-fixes). - perf/core: Fix bad use of igrab() (git fixes (dependent patch)). - perf/core: Fix crash when using HW tracing kernel filters (git-fixes). - perf/core: Fix ctx_event_type in ctx_resched() (git-fixes). - perf/core: Fix error handling in perf_event_alloc() (git-fixes). - perf/core: Fix exclusive events' grouping (git-fixes). - perf/core: Fix group scheduling with mixed hw and sw events (git-fixes). - perf/core: Fix impossible ring-buffer sizes warning (git-fixes). - perf/core: Fix locking for children siblings group read (git-fixes). - perf/core: Fix lock inversion between perf,trace,cpuhp (git-fixes (dependent patch for 18736eef1213)). - perf/core: Fix perf_event_read_value() locking (git-fixes). - perf/core: Fix perf_pmu_unregister() locking (git-fixes). - perf/core: Fix __perf_read_group_add() locking (git-fixes (dependent patch)). - perf/core: Fix perf_sample_regs_user() mm check (git-fixes). - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages (git-fixes). - perf/core: Fix race between close() and fork() (git-fixes). - perf/core: Fix the address filtering fix (git-fixes). - perf/core: Fix use-after-free in uprobe_perf_close() (git-fixes). - perf/core: Force USER_DS when recording user stack data (git-fixes). - perf/core: Restore mmap record type correctly (git-fixes). - perf: Fix header.size for namespace events (git-fixes). - perf/ioctl: Add check for the sample_period value (git-fixes). - perf, pt, coresight: Fix address filters for vmas with non-zero offset (git-fixes). - perf: Return proper values for user stack errors (git-fixes). - perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes). - perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity (git-fixes). - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes). - perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) (git-fixes). - perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static (git-fixes). - perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs (git-fixes stable). - perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes). - perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events (git-fixes stable). - perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes). - perf/x86: Fix incorrect PEBS_REGS (git-fixes). - perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts() (git-fixes). - perf/x86/intel: Add proper condition to run sched_task callbacks (git-fixes). - perf/x86/intel/bts: Fix the use of page_private() (git-fixes). - perf/x86/intel: Fix PT PMI handling (git-fixes). - perf/x86/intel: Move branch tracing setup to the Intel-specific source file (git-fixes). - perf/x86/intel/uncore: Add Node ID mask (git-fixes). - perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes). - perf/x86/pt, coresight: Clean up address filter structure (git fixes (dependent patch)). - perf/x86/uncore: Fix event group support (git-fixes). - pid: Improve the comment about waiting in zap_pid_ns_processes (git fixes)). - pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' (bsc#1051510). - pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' (bsc#1051510). - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs (bsc#1051510). - pnp: Use list_for_each_entry() instead of open coding (git fixes). - powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729). - powerpc/64s: Save FSCR to init_task.thread.fscr after feature init (bsc#1065729). - powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030). - power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select (bsc#1051510). - power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' (bsc#1051510). - power: supply: smb347-charger: IRQSTAT_D is volatile (bsc#1051510). - raid5: remove gfp flags from scribble_alloc() (git fixes (block drivers)). - resolve KABI warning for perf-pt-coresight (git-fixes). - Revert 'bcache: ignore pending signals when creating gc and allocator thread' (git fixes (block drivers)). - Revert 'dm crypt: use WQ_HIGHPRI for the IO and crypt workqueues' (git fixes (block drivers)). - Revert 'tools lib traceevent: Remove unneeded qsort and uses memmove' - rpm/kernel-docs.spec.in: Require python-packaging for build. - s390/bpf: Maintain 8-byte stack alignment (bsc#1169194). - s390: fix syscall_get_error for compat processes (git-fixes). - s390/qdio: consistently restore the IRQ handler (git-fixes). - s390/qdio: lock device while installing IRQ handler (git-fixes). - s390/qdio: put thinint indicator after early error (git-fixes). - s390/qdio: tear down thinint indicator after early error (git-fixes). - s390/qeth: fix error handling for isolation mode cmds (git-fixes). - scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM (bsc#1172759 ltc#184814). - scsi: qedf: Add port_id getter (bsc#1150660). - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983). - spi: dw: use 'smp_mb()' to avoid sending spi data error (bsc#1051510). - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (bsc#1051510). - staging: sm750fb: add missing case while setting FB_VISUAL (bsc#1051510). - SUNRPC: The TCP back channel mustn't disappear while requests are outstanding (bsc#1152624). - tracing: Fix event trigger to accept redundant spaces (git-fixes). - tty: n_gsm: Fix bogus i++ in gsm_data_kick (bsc#1051510). - tty: n_gsm: Fix SOF skipping (bsc#1051510). - tty: n_gsm: Fix waking up upper tty layer when room available (bsc#1051510). - usb: dwc2: gadget: move gadget resume after the core is in L0 state (bsc#1051510). - usb: gadget: lpc32xx_udc: do not dereference ep pointer before null check (bsc#1051510). - usb: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke (bsc#1051510). - usb: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() (bsc#1051510). - usb: musb: Fix runtime PM imbalance on error (bsc#1051510). - usb: musb: start session in resume for host port (bsc#1051510). - usb: serial: option: add Telit LE910C1-EUX compositions (bsc#1051510). - usb: serial: qcserial: add DW5816e QDL support (bsc#1051510). - usb: serial: usb_wwan: do not resubmit rx urb on fatal errors (bsc#1051510). - usb: serial: usb_wwan: do not resubmit rx urb on fatal errors (git-fixes). - virtio-blk: handle block_device_operations callbacks after hot unplug (git fixes (block drivers)). - vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484). - vmxnet3: add support to get/set rx flow hash (bsc#1172484). - vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484). - vmxnet3: avoid format strint overflow warning (bsc#1172484). - vmxnet3: prepare for version 4 changes (bsc#1172484). - vmxnet3: Remove always false conditional statement (bsc#1172484). - vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1172484). - vmxnet3: remove unused flag 'rxcsum' from struct vmxnet3_adapter (bsc#1172484). - vmxnet3: Replace msleep(1) with usleep_range() (bsc#1172484). - vmxnet3: update to version 4 (bsc#1172484). - vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484). - w1: omap-hdq: cleanup to add missing newline for some dev_dbg (bsc#1051510). - work around mvfs bug (bsc#1162063). - x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1114279). - x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS (git-fixes). - x86: Fix early boot crash on gcc-10, third try (bsc#1114279). - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257). - x86/reboot/quirks: Add MacBook6,1 reboot quirk (bsc#1114279). - xfrm: fix error in comment (git fixes). Important SUSE bug 1051510 SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1085030 SUSE bug 1104967 SUSE bug 1114279 SUSE bug 1144333 SUSE bug 1148868 SUSE bug 1150660 SUSE bug 1152107 SUSE bug 1152472 SUSE bug 1152624 SUSE bug 1158983 SUSE bug 1159058 SUSE bug 1161016 SUSE bug 1162002 SUSE bug 1162063 SUSE bug 1168081 SUSE bug 1169194 SUSE bug 1169514 SUSE bug 1169795 SUSE bug 1170011 SUSE bug 1170592 SUSE bug 1170618 SUSE bug 1171124 SUSE bug 1171424 SUSE bug 1171558 SUSE bug 1171673 SUSE bug 1171732 SUSE bug 1171761 SUSE bug 1171868 SUSE bug 1171904 SUSE bug 1172257 SUSE bug 1172344 SUSE bug 1172458 SUSE bug 1172484 SUSE bug 1172759 SUSE bug 1172775 SUSE bug 1172781 SUSE bug 1172782 SUSE bug 1172783 SUSE bug 1172999 SUSE bug 1173265 SUSE bug 1173280 SUSE bug 1173428 SUSE bug 1173462 SUSE bug 1173514 SUSE bug 1173567 SUSE bug 1173573 SUSE bug 1174115 SUSE bug 1174462 SUSE bug 1174543 CVE-2019-16746 CVE-2019-20810 CVE-2019-20908 CVE-2020-0305 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10769 CVE-2020-10773 CVE-2020-12771 CVE-2020-12888 CVE-2020-13974 CVE-2020-14416 CVE-2020-15393 CVE-2020-15780 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_32 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs (bsc#1174186). - CVE-2019-0155: Fixed a privilege escalation in the i915 graphics driver (bsc#1173663). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). - CVE-2019-19447: Fixed a use-after-free in ext4_put_super (bsc#1173869). - CVE-2019-14901: Fixed a heap overflow in the Marvell WiFi driver (bsc#1173661). - CVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173100). Important SUSE bug 1173100 SUSE bug 1173659 SUSE bug 1173661 SUSE bug 1173663 SUSE bug 1173869 SUSE bug 1173942 SUSE bug 1173963 SUSE bug 1174186 SUSE bug 1174247 CVE-2019-0155 CVE-2019-14895 CVE-2019-14901 CVE-2019-16746 CVE-2019-19447 CVE-2019-9458 CVE-2020-11668 CVE-2020-14331 CVE-2020-15780 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_37 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs (bsc#1174186). - CVE-2019-0155: Fixed a privilege escalation in the i915 graphics driver (bsc#1173663). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). - CVE-2019-19447: Fixed a use-after-free in ext4_put_super (bsc#1173869). - CVE-2019-14901: Fixed a heap overflow in the Marvell WiFi driver (bsc#1173661). - CVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173100). Important SUSE bug 1173100 SUSE bug 1173659 SUSE bug 1173661 SUSE bug 1173663 SUSE bug 1173869 SUSE bug 1173942 SUSE bug 1173963 SUSE bug 1174186 SUSE bug 1174247 CVE-2019-0155 CVE-2019-14895 CVE-2019-14901 CVE-2019-16746 CVE-2019-19447 CVE-2019-9458 CVE-2020-11668 CVE-2020-14331 CVE-2020-15780 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_40 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs (bsc#1174186). - CVE-2019-0155: Fixed a privilege escalation in the i915 graphics driver (bsc#1173663). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). - CVE-2019-19447: Fixed a use-after-free in ext4_put_super (bsc#1173869). - CVE-2019-14901: Fixed a heap overflow in the Marvell WiFi driver (bsc#1173661). - CVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173100). Important SUSE bug 1173100 SUSE bug 1173659 SUSE bug 1173661 SUSE bug 1173663 SUSE bug 1173869 SUSE bug 1173942 SUSE bug 1173963 SUSE bug 1174186 SUSE bug 1174247 CVE-2019-0155 CVE-2019-14895 CVE-2019-14901 CVE-2019-16746 CVE-2019-19447 CVE-2019-9458 CVE-2020-11668 CVE-2020-14331 CVE-2020-15780 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_45 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs (bsc#1174186). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). - CVE-2019-19447: Fixed a use-after-free in ext4_put_super (bsc#1173869). - CVE-2019-14901: Fixed a heap overflow in the Marvell WiFi driver (bsc#1173661). - CVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173100). Important SUSE bug 1173100 SUSE bug 1173659 SUSE bug 1173661 SUSE bug 1173869 SUSE bug 1173942 SUSE bug 1173963 SUSE bug 1174186 SUSE bug 1174247 CVE-2019-14895 CVE-2019-14901 CVE-2019-16746 CVE-2019-19447 CVE-2019-9458 CVE-2020-11668 CVE-2020-14331 CVE-2020-15780 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_48 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs (bsc#1174186). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). Important SUSE bug 1173659 SUSE bug 1173942 SUSE bug 1173963 SUSE bug 1174186 SUSE bug 1174247 CVE-2019-16746 CVE-2019-9458 CVE-2020-11668 CVE-2020-14331 CVE-2020-15780 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_51 fixes several issues. The following security issues were fixed: - CVE-2020-10757: Fixed a privilege escalation in the mremap handling of DAX Huge Pages (bsc#1172437). - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs (bsc#1174186). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). Important SUSE bug 1172437 SUSE bug 1173659 SUSE bug 1174186 SUSE bug 1174247 CVE-2019-16746 CVE-2020-10757 CVE-2020-14331 CVE-2020-15780 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_54 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2020-15780: Fixed a lockdown bypass via injection of malicious ACPI tables via configfs (bsc#1174186). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2020-1749: Fixed a flaw in IPsec where some IPv6 protocols were not encrypted (bsc#1165631). Important SUSE bug 1165631 SUSE bug 1173659 SUSE bug 1174186 SUSE bug 1174247 CVE-2019-16746 CVE-2020-14331 CVE-2020-15780 CVE-2020-1749 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_57 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2020-1749: Fixed a flaw in IPsec where some IPv6 protocols were not encrypted (bsc#1165631). Important SUSE bug 1165631 SUSE bug 1174247 CVE-2020-14331 CVE-2020-1749 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165629). - CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798). - CVE-2020-14356: Fixed a null pointer dereference in cgroupv2 subsystem which could have led to privilege escalation (bsc#1175213). - CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205). - CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757). - CVE-2020-24394: Fixed an issue which could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support (bsc#1175518). - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication Bluetooth might have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access (bsc#1171988). - CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069). The following non-security bugs were fixed: - btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1174784). - cifs: document and cleanup dfs mount (bsc#1144333 bsc#1172428). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1144333 bsc#1172428). - cifs: fix double free error on share and prefix (bsc#1144333 bsc#1172428). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1144333 bsc#1172428). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1144333 bsc#1172428). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: reduce number of referral requests in DFS link lookups (bsc#1144333 bsc#1172428). - cifs: rename reconn_inval_dfs_target() (bsc#1144333 bsc#1172428). - Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175127). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL (bsc#1175515). - ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL (bsc#1175515). - ipvs: fix the connection sync failed in some cases (bsc#1174699). - kabi: hide new parameter of ip6_dst_lookup_flow() (bsc#1165629). - kabi: mask changes to struct ipv6_stub (bsc#1165629). - mm: Avoid calling build_all_zonelists_init under hotplug context (bsc#1154366). - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). - ocfs2: add trimfs dlm lock resource (bsc#1175228). - ocfs2: add trimfs lock to avoid duplicated trims in cluster (bsc#1175228). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix remounting needed after setfacl command (bsc#1173954). - ocfs2: fix the application IO timeout when fstrim is running (bsc#1175228). - ocfs2: load global_inode_alloc (bsc#1172963). - ocfs2: load global_inode_alloc (bsc#1172963). - powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689). - powerpc/pseries: PCIE PHB reset (bsc#1174689). - Revert 'ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963).' This reverts commit 2638f62c6bc33d4c10ce0dddbf240aa80d366d7b. - Revert 'ocfs2: load global_inode_alloc (bsc#1172963).' This reverts commit f04f670651f505cb354f26601ec5f5e4428f2f47. - scsi: scsi_dh_alua: skip RTPG for devices only supporting active/optimized (bsc#1174978). - selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995). - Update patch reference for a tipc fix patch (bsc#1175515) - x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115). - xen: do not reschedule in preemption off sections (bsc#1175749). Important SUSE bug 1058115 SUSE bug 1071995 SUSE bug 1144333 SUSE bug 1154366 SUSE bug 1165629 SUSE bug 1171988 SUSE bug 1172428 SUSE bug 1172963 SUSE bug 1173798 SUSE bug 1173954 SUSE bug 1174205 SUSE bug 1174689 SUSE bug 1174699 SUSE bug 1174757 SUSE bug 1174784 SUSE bug 1174978 SUSE bug 1175112 SUSE bug 1175127 SUSE bug 1175213 SUSE bug 1175228 SUSE bug 1175515 SUSE bug 1175518 SUSE bug 1175691 SUSE bug 1175749 SUSE bug 1176069 CVE-2020-10135 CVE-2020-14314 CVE-2020-14331 CVE-2020-14356 CVE-2020-14386 CVE-2020-16166 CVE-2020-1749 CVE-2020-24394 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_60 fixes several issues. The following security issues were fixed: - CVE-2020-14381: Fixed a use-after-free in the fast user mutex (futex) wait operation, which could have lead to memory corruption and possibly privilege escalation (bsc#1176011). - CVE-2020-25212: A TOCTOU mismatch in the NFS client code could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c (bsc#1176381). Important SUSE bug 1176012 SUSE bug 1176382 CVE-2020-14381 CVE-2020-25212 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_57 fixes several issues. The following security issues were fixed: - CVE-2020-14381: Fixed a use-after-free in the fast user mutex (futex) wait operation, which could have lead to memory corruption and possibly privilege escalation (bsc#1176011). - CVE-2020-25212: A TOCTOU mismatch in the NFS client code could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c (bsc#1176381). - CVE-2020-14386: Fixed a memory corruption which could have lead to an attacker gaining root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity (bsc#1176069). - CVE-2020-24394: The NFS server code can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support. This occurs because the current umask is not considered (bsc#1175518). Important SUSE bug 1175992 SUSE bug 1176012 SUSE bug 1176072 SUSE bug 1176382 CVE-2020-14381 CVE-2020-14386 CVE-2020-24394 CVE-2020-25212 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_54 fixes several issues. The following security issues were fixed: - CVE-2020-14381: Fixed a use-after-free in the fast user mutex (futex) wait operation, which could have lead to memory corruption and possibly privilege escalation (bsc#1176011). - CVE-2020-25212: A TOCTOU mismatch in the NFS client code could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c (bsc#1176381). - CVE-2020-14386: Fixed a memory corruption which could have lead to an attacker gaining root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity (bsc#1176069). - CVE-2020-24394: The NFS server code can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support. This occurs because the current umask is not considered (bsc#1175518). Important SUSE bug 1175992 SUSE bug 1176012 SUSE bug 1176072 SUSE bug 1176382 CVE-2020-14381 CVE-2020-14386 CVE-2020-24394 CVE-2020-25212 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_51 fixes several issues. The following security issues were fixed: - CVE-2020-14381: Fixed a use-after-free in the fast user mutex (futex) wait operation, which could have lead to memory corruption and possibly privilege escalation (bsc#1176011). - CVE-2020-0431: In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bsc#1176722) - CVE-2020-25212: A TOCTOU mismatch in the NFS client code could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c (bsc#1176381). - CVE-2020-14386: Fixed a memory corruption which could have lead to an attacker gaining root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity (bsc#1176069). - CVE-2020-24394: The NFS server code can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support. This occurs because the current umask is not considered (bsc#1175518). Important SUSE bug 1175992 SUSE bug 1176012 SUSE bug 1176072 SUSE bug 1176382 SUSE bug 1176896 CVE-2020-0431 CVE-2020-14381 CVE-2020-14386 CVE-2020-24394 CVE-2020-25212 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_48 fixes several issues. The following security issues were fixed: - CVE-2020-14381: Fixed a use-after-free in the fast user mutex (futex) wait operation, which could have lead to memory corruption and possibly privilege escalation (bsc#1176011). - CVE-2020-0431: In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bsc#1176722) - CVE-2020-25212: A TOCTOU mismatch in the NFS client code could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c (bsc#1176381). - CVE-2020-14386: Fixed a memory corruption which could have lead to an attacker gaining root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity (bsc#1176069). - CVE-2020-24394: The NFS server code can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support. This occurs because the current umask is not considered (bsc#1175518). Important SUSE bug 1175992 SUSE bug 1176012 SUSE bug 1176072 SUSE bug 1176382 SUSE bug 1176896 CVE-2020-0431 CVE-2020-14381 CVE-2020-14386 CVE-2020-24394 CVE-2020-25212 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_45 fixes several issues. The following security issues were fixed: - CVE-2020-14381: Fixed a use-after-free in the fast user mutex (futex) wait operation, which could have lead to memory corruption and possibly privilege escalation (bsc#1176011). - CVE-2020-0431: In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bsc#1176722) - CVE-2020-25212: A TOCTOU mismatch in the NFS client code could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c (bsc#1176381). - CVE-2020-14386: Fixed a memory corruption which could have lead to an attacker gaining root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity (bsc#1176069). - CVE-2020-24394: The NFS server code can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support. This occurs because the current umask is not considered (bsc#1175518). Important SUSE bug 1175992 SUSE bug 1176012 SUSE bug 1176072 SUSE bug 1176382 SUSE bug 1176896 CVE-2020-0431 CVE-2020-14381 CVE-2020-14386 CVE-2020-24394 CVE-2020-25212 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_40 fixes several issues. The following security issues were fixed: - CVE-2020-14381: Fixed a use-after-free in the fast user mutex (futex) wait operation, which could have lead to memory corruption and possibly privilege escalation (bsc#1176011). - CVE-2020-0431: In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bsc#1176722) - CVE-2020-25212: A TOCTOU mismatch in the NFS client code could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c (bsc#1176381). - CVE-2020-14386: Fixed a memory corruption which could have lead to an attacker gaining root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity (bsc#1176069). - CVE-2020-24394: The NFS server code can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support. This occurs because the current umask is not considered (bsc#1175518). Important SUSE bug 1175992 SUSE bug 1176012 SUSE bug 1176072 SUSE bug 1176382 SUSE bug 1176896 CVE-2020-0431 CVE-2020-14381 CVE-2020-14386 CVE-2020-24394 CVE-2020-25212 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_37 fixes several issues. The following security issues were fixed: - CVE-2020-14381: Fixed a use-after-free in the fast user mutex (futex) wait operation, which could have lead to memory corruption and possibly privilege escalation (bsc#1176011). - CVE-2020-0431: In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bsc#1176722) - CVE-2020-25212: A TOCTOU mismatch in the NFS client code could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c (bsc#1176381). - CVE-2020-14386: Fixed a memory corruption which could have lead to an attacker gaining root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity (bsc#1176069). - CVE-2020-24394: The NFS server code can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support. This occurs because the current umask is not considered (bsc#1175518). Important SUSE bug 1175992 SUSE bug 1176012 SUSE bug 1176072 SUSE bug 1176382 SUSE bug 1176896 CVE-2020-0431 CVE-2020-14381 CVE-2020-14386 CVE-2020-24394 CVE-2020-25212 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_60 fixes several issues. The following security issues were fixed: - CVE-2020-0430: Fixed an OOB read in skb_headlen of /include/linux/skbuff.h (bsc#1176723, bsc#1178003). - CVE-2020-12351: Fixed a type confusion while processing AMP packets aka 'BleedingTooth' aka 'BadKarma' (bsc#1177724, bsc#1177729, bsc#1178397). - CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177513). Important SUSE bug 1177513 SUSE bug 1177729 SUSE bug 1178003 CVE-2020-0430 CVE-2020-12351 CVE-2020-25645 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_57 fixes several issues. The following security issues were fixed: - CVE-2020-0430: Fixed an OOB read in skb_headlen of /include/linux/skbuff.h (bsc#1176723, bsc#1178003). - CVE-2020-12351: Fixed a type confusion while processing AMP packets aka 'BleedingTooth' aka 'BadKarma' (bsc#1177724, bsc#1177729, bsc#1178397). - CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177513). Important SUSE bug 1177513 SUSE bug 1177729 SUSE bug 1178003 CVE-2020-0430 CVE-2020-12351 CVE-2020-25645 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_54 fixes several issues. The following security issues were fixed: - CVE-2020-0430: Fixed an OOB read in skb_headlen of /include/linux/skbuff.h (bsc#1176723, bsc#1178003). - CVE-2020-12351: Fixed a type confusion while processing AMP packets aka 'BleedingTooth' aka 'BadKarma' (bsc#1177724, bsc#1177729, bsc#1178397). - CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177513). Important SUSE bug 1177513 SUSE bug 1177729 SUSE bug 1178003 CVE-2020-0430 CVE-2020-12351 CVE-2020-25645 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_51 fixes several issues. The following security issues were fixed: - CVE-2020-0430: Fixed an OOB read in skb_headlen of /include/linux/skbuff.h (bsc#1176723, bsc#1178003). - CVE-2020-12351: Fixed a type confusion while processing AMP packets aka 'BleedingTooth' aka 'BadKarma' (bsc#1177724, bsc#1177729, bsc#1178397). - CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177513). Important SUSE bug 1177513 SUSE bug 1177729 SUSE bug 1178003 CVE-2020-0430 CVE-2020-12351 CVE-2020-25645 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_48 fixes several issues. The following security issues were fixed: - CVE-2020-0430: Fixed an OOB read in skb_headlen of /include/linux/skbuff.h (bsc#1176723, bsc#1178003). - CVE-2020-12351: Fixed a type confusion while processing AMP packets aka 'BleedingTooth' aka 'BadKarma' (bsc#1177724, bsc#1177729, bsc#1178397). - CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177513). Important SUSE bug 1177513 SUSE bug 1177729 SUSE bug 1178003 CVE-2020-0430 CVE-2020-12351 CVE-2020-25645 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_45 fixes several issues. The following security issues were fixed: - CVE-2020-0430: Fixed an OOB read in skb_headlen of /include/linux/skbuff.h (bsc#1176723, bsc#1178003). - CVE-2020-12351: Fixed a type confusion while processing AMP packets aka 'BleedingTooth' aka 'BadKarma' (bsc#1177724, bsc#1177729, bsc#1178397). - CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177513). Important SUSE bug 1177513 SUSE bug 1177729 SUSE bug 1178003 CVE-2020-0430 CVE-2020-12351 CVE-2020-25645 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_40 fixes several issues. The following security issues were fixed: - CVE-2017-1000405: Fixed a bug in the THP CoW support that could have been used by local attackers to corrupt memory of other processes and cause them to crash (bsc#1178264, bsc#1069496, bsc#1070307). - CVE-2020-0430: Fixed an OOB read in skb_headlen of /include/linux/skbuff.h (bsc#1176723, bsc#1178003). - CVE-2020-12351: Fixed a type confusion while processing AMP packets aka 'BleedingTooth' aka 'BadKarma' (bsc#1177724, bsc#1177729, bsc#1178397). - CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177513). Important SUSE bug 1177513 SUSE bug 1177729 SUSE bug 1178003 SUSE bug 1178264 CVE-2017-1000405 CVE-2020-0430 CVE-2020-12351 CVE-2020-25645 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bug fixes. The following security bugs were fixed: - CVE-2020-25705: A flaw in the way reply ICMP packets are limited in was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software and services that rely on UDP source port randomization (like DNS) are indirectly affected as well. Kernel versions may be vulnerable to this issue (bsc#1175721, bsc#1178782). - CVE-2020-25704: Fixed a memory leak in perf_event_parse_addr_filter() (bsc#1178393). - CVE-2020-25668: Fixed a use-after-free in con_font_op() (bnc#1178123). - CVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl (bnc#1177766). - CVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in mm/hugetlb.c (bnc#1176485). - CVE-2020-0430: Fixed an OOB read in skb_headlen of /include/linux/skbuff.h (bnc#1176723). - CVE-2020-14351: Fixed a race in the perf_mmap_close() function (bsc#1177086). - CVE-2020-16120: Fixed a permissions issue in ovl_path_open() (bsc#1177470). - CVE-2020-8694: Restricted energy meter to root access (bsc#1170415). - CVE-2020-12351: Implemented a kABI workaround for bluetooth l2cap_ops filter addition (bsc#1177724). - CVE-2020-12352: Fixed an information leak when processing certain AMP packets aka 'BleedingTooth' (bsc#1177725). - CVE-2020-25212: Fixed a TOCTOU mismatch in the NFS client code (bnc#1176381). - CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177511). - CVE-2020-14381: Fixed a UAF in the fast user mutex (futex) wait operation (bsc#1176011). - CVE-2020-25643: Fixed an improper input validation in the ppp_cp_parse_cr function of the HDLC_PPP module (bnc#1177206). - CVE-2020-25641: Fixed a zero-length biovec request issued by the block subsystem could have caused the kernel to enter an infinite loop, causing a denial of service (bsc#1177121). - CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990). - CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235). - CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721). - CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725). - CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722). - CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423). - CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482). - CVE-2020-27673: Fixed an issue where rogue guests could have caused denial of service of Dom0 via high frequency events (XSA-332 bsc#1177411) - CVE-2020-27675: Fixed a race condition in event handler which may crash dom0 (XSA-331 bsc#1177410). The following non-security bugs were fixed: - btrfs: remove root usage from can_overcommit (bsc#1131277). - hv: vmbus: Add timeout to vmbus_wait_for_unload (bsc#1177816). - hyperv_fb: disable superfluous VERSION_WIN10_V5 case (bsc#1175306). - hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306). - livepatch: Add -fdump-ipa-clones to build (). Add support for -fdump-ipa-clones GCC option. Update config files accordingly. - livepatch: Test if -fdump-ipa-clones is really available As of now we add -fdump-ipa-clones unconditionally. It does not cause a trouble if the kernel is build with the supported toolchain. Otherwise it could fail easily. Do the correct thing and test for the availability. - NFS: On fatal writeback errors, we need to call nfs_inode_remove_request() (bsc#1177340). - NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139). - NFS: Revalidate the file mapping on all fatal writeback errors (bsc#1177340). - NFSv4: do not mark all open state for recovery when handling recallable state revoked flag (bsc#1176935). - obsolete_kmp: provide newer version than the obsoleted one (boo#1170232). - ocfs2: give applications more IO opportunities during fstrim (bsc#1175228). - powerpc/pseries/cpuidle: add polling idle for shared processor guests (bsc#1178765 ltc#188968). - rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules (bsc#1176869 ltc#188243). - scsi: fnic: Do not call 'scsi_done()' for unhandled commands (bsc#1168468, bsc#1171675). - scsi: qla2xxx: Do not consume srb greedily (bsc#1173233). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1173233). - video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306). - video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306). - video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306). - x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306). - xen/blkback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/events: add a new 'late EOI' evtchn framework (XSA-332 bsc#1177411). - xen/events: add a proper barrier to 2-level uevent unmasking (XSA-332 bsc#1177411). - xen/events: avoid removing an event channel while handling it (XSA-331 bsc#1177410). - xen/events: block rogue events for some time (XSA-332 bsc#1177411). - xen/events: defer eoi in case of excessive number of events (XSA-332 bsc#1177411). - xen/events: do not use chip_data for legacy IRQs (XSA-332 bsc#1065600). - xen/events: fix race in evtchn_fifo_unmask() (XSA-332 bsc#1177411). - xen/events: switch user event channels to lateeoi model (XSA-332 bsc#1177411). - xen/events: use a common cpu hotplug hook for event channels (XSA-332 bsc#1177411). - xen/netback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/pciback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/scsiback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (XSA-332 bsc#1065600). Important SUSE bug 1051510 SUSE bug 1058115 SUSE bug 1065600 SUSE bug 1131277 SUSE bug 1160947 SUSE bug 1163524 SUSE bug 1166965 SUSE bug 1168468 SUSE bug 1170139 SUSE bug 1170232 SUSE bug 1170415 SUSE bug 1171417 SUSE bug 1171675 SUSE bug 1172073 SUSE bug 1172366 SUSE bug 1173115 SUSE bug 1173233 SUSE bug 1175228 SUSE bug 1175306 SUSE bug 1175721 SUSE bug 1175882 SUSE bug 1176011 SUSE bug 1176235 SUSE bug 1176278 SUSE bug 1176381 SUSE bug 1176423 SUSE bug 1176482 SUSE bug 1176485 SUSE bug 1176698 SUSE bug 1176721 SUSE bug 1176722 SUSE bug 1176723 SUSE bug 1176725 SUSE bug 1176732 SUSE bug 1176869 SUSE bug 1176907 SUSE bug 1176922 SUSE bug 1176935 SUSE bug 1176950 SUSE bug 1176990 SUSE bug 1177027 SUSE bug 1177086 SUSE bug 1177121 SUSE bug 1177206 SUSE bug 1177340 SUSE bug 1177410 SUSE bug 1177411 SUSE bug 1177470 SUSE bug 1177511 SUSE bug 1177724 SUSE bug 1177725 SUSE bug 1177766 SUSE bug 1177816 SUSE bug 1178123 SUSE bug 1178330 SUSE bug 1178393 SUSE bug 1178669 SUSE bug 1178765 SUSE bug 1178782 SUSE bug 1178838 CVE-2020-0404 CVE-2020-0427 CVE-2020-0430 CVE-2020-0431 CVE-2020-0432 CVE-2020-12351 CVE-2020-12352 CVE-2020-14351 CVE-2020-14381 CVE-2020-14390 CVE-2020-16120 CVE-2020-25212 CVE-2020-25284 CVE-2020-25285 CVE-2020-25641 CVE-2020-25643 CVE-2020-25645 CVE-2020-25656 CVE-2020-25668 CVE-2020-25704 CVE-2020-25705 CVE-2020-26088 CVE-2020-27673 CVE-2020-27675 CVE-2020-8694 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_45 fixes several issues. The following security issues were fixed: - CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178622). - CVE-2020-8694: Fixed an insufficient access control in the Linux kernel driver for some Intel(R) Processors which might have allowed an authenticated user to potentially enable information disclosure via local access (bsc#1178700). - CVE-2020-25705: Fixed a flaw which could have allowed an off-path remote user to effectively bypass source port UDP randomization (bsc#1178783). - Fixed an issue where system was hanging due to a massive amount of soft lockups in btrfs_drop_and_free_fs_root() (bsc#1178046). Important SUSE bug 1178046 SUSE bug 1178622 SUSE bug 1178700 SUSE bug 1178783 CVE-2020-25668 CVE-2020-25705 CVE-2020-8694 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_48 fixes several issues. The following security issues were fixed: - CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178622). - CVE-2020-8694: Fixed an insufficient access control in the Linux kernel driver for some Intel(R) Processors which might have allowed an authenticated user to potentially enable information disclosure via local access (bsc#1178700). - CVE-2020-25705: Fixed a flaw which could have allowed an off-path remote user to effectively bypass source port UDP randomization (bsc#1178783). - Fixed an issue where system was hanging due to a massive amount of soft lockups in btrfs_drop_and_free_fs_root() (bsc#1178046). Important SUSE bug 1178046 SUSE bug 1178622 SUSE bug 1178700 SUSE bug 1178783 CVE-2020-25668 CVE-2020-25705 CVE-2020-8694 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_51 fixes several issues. The following security issues were fixed: - CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178622). - CVE-2020-8694: Fixed an insufficient access control in the Linux kernel driver for some Intel(R) Processors which might have allowed an authenticated user to potentially enable information disclosure via local access (bsc#1178700). - CVE-2020-25705: Fixed a flaw which could have allowed an off-path remote user to effectively bypass source port UDP randomization (bsc#1178783). - Fixed an issue where system was hanging due to a massive amount of soft lockups in btrfs_drop_and_free_fs_root() (bsc#1178046). Important SUSE bug 1178046 SUSE bug 1178622 SUSE bug 1178700 SUSE bug 1178783 CVE-2020-25668 CVE-2020-25705 CVE-2020-8694 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_54 fixes several issues. The following security issues were fixed: - CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178622). - CVE-2020-8694: Fixed an insufficient access control in the Linux kernel driver for some Intel(R) Processors which might have allowed an authenticated user to potentially enable information disclosure via local access (bsc#1178700). - CVE-2020-25705: Fixed a flaw which could have allowed an off-path remote user to effectively bypass source port UDP randomization (bsc#1178783). - Fixed an issue where system was hanging due to a massive amount of soft lockups in btrfs_drop_and_free_fs_root() (bsc#1178046). Important SUSE bug 1178046 SUSE bug 1178622 SUSE bug 1178700 SUSE bug 1178783 CVE-2020-25668 CVE-2020-25705 CVE-2020-8694 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_57 fixes several issues. The following security issues were fixed: - CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178622). - CVE-2020-8694: Fixed an insufficient access control in the Linux kernel driver for some Intel(R) Processors which might have allowed an authenticated user to potentially enable information disclosure via local access (bsc#1178700). - CVE-2020-25705: Fixed a flaw which could have allowed an off-path remote user to effectively bypass source port UDP randomization (bsc#1178783). - Fixed an issue where system was hanging due to a massive amount of soft lockups in btrfs_drop_and_free_fs_root() (bsc#1178046). Important SUSE bug 1178046 SUSE bug 1178622 SUSE bug 1178700 SUSE bug 1178783 CVE-2020-25668 CVE-2020-25705 CVE-2020-8694 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_60 fixes several issues. The following security issues were fixed: - CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178622). - CVE-2020-8694: Fixed an insufficient access control in the Linux kernel driver for some Intel(R) Processors which might have allowed an authenticated user to potentially enable information disclosure via local access (bsc#1178700). - CVE-2020-25705: Fixed a flaw which could have allowed an off-path remote user to effectively bypass source port UDP randomization (bsc#1178783). - Fixed an issue where system was hanging due to a massive amount of soft lockups in btrfs_drop_and_free_fs_root() (bsc#1178046). Important SUSE bug 1178046 SUSE bug 1178622 SUSE bug 1178700 SUSE bug 1178783 CVE-2020-25668 CVE-2020-25705 CVE-2020-8694 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-2732: Fixed an issue affecting Intel CPUs where an L2 guest may trick the L0 hypervisor into accessing sensitive L1 resources (bsc#1163971). - CVE-2019-19338: There was an incomplete fix for an issue with Transactional Synchronisation Extensions in the KVM code (bsc#1158954). - CVE-2019-14615: An information disclosure vulnerability existed due to insufficient control flow in certain data structures for some Intel(R) Processors (bnc#1160195). - CVE-2019-14896: A heap overflow was found in the add_ie_rates() function of the Marvell Wifi Driver (bsc#1157157). - CVE-2019-14897: A stack overflow was found in the lbs_ibss_join_existing() function of the Marvell Wifi Driver (bsc#1157155). - CVE-2019-15213: A use-after-free bug caused by a malicious USB device was found in drivers/media/usb/dvb-usb/dvb-usb-init.c (bsc#1146544). - CVE-2019-16994: A memory leak existed in sit_init_net() in net/ipv6/sit.c which might have caused denial of service, aka CID-07f12b26e21a (bnc#1161523). - CVE-2019-18808: A memory leak in drivers/crypto/ccp/ccp-ops.c allowed attackers to cause a denial of service (memory consumption), aka CID-128c66429247 (bnc#1156259). - CVE-2019-19036: An issue discovered in btrfs_root_node in fs/btrfs/ctree.c allowed a NULL pointer dereference because rcu_dereference(root->node) can be zero (bnc#1157692). - CVE-2019-19045: A memory leak in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c allowed attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7 (bnc#1161522). - CVE-2019-19051: A memory leak in drivers/net/wimax/i2400m/op-rfkill.c allowed attackers to cause a denial of service (memory consumption), aka CID-6f3ef5c25cc7 (bnc#1159024). - CVE-2019-19054: A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c allowed attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b (bnc#1161518). - CVE-2019-19066: A memory leak in drivers/scsi/bfa/bfad_attr.c allowed attackers to cause a denial of service (memory consumption), aka CID-0e62395da2bd (bnc#1157303). - CVE-2019-19318: Mounting a crafted btrfs image twice could have caused a use-after-free (bnc#1158026). - CVE-2019-19319: A slab-out-of-bounds write access could have occured when setxattr was called after mounting of a specially crafted ext4 image (bnc#1158021). - CVE-2019-19332: An out-of-bounds memory write issue was found in the way the KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could have used this flaw to crash the system (bnc#1158827). - CVE-2019-19447: Mounting a crafted ext4 filesystem image, performing some operations, and unmounting could have led to a use-after-free in fs/ext4/super.c (bnc#1158819). - CVE-2019-19523: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79 (bsc#1158823). - CVE-2019-19524: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9 (bsc#1158413). - CVE-2019-19525: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035 (bsc#1158417). - CVE-2019-19526: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098 (bsc#1158893). - CVE-2019-19527: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e (bsc#1158900). - CVE-2019-19528: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d (bsc#1158407). - CVE-2019-19529: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41 (bnc#1158381). - CVE-2019-19530: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef (bsc#1158410). - CVE-2019-19531: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca (bsc#1158445). - CVE-2019-19532: There were multiple out-of-bounds write bugs that can be caused by a malicious USB HID device, aka CID-d9d4b1e46d95 (bsc#1158824). - CVE-2019-19533: There was an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464 (bsc#1158834). - CVE-2019-19534: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29 (bsc#1158398). - CVE-2019-19535: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042 (bsc#1158903). - CVE-2019-19536: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0 (bsc#1158394). - CVE-2019-19537: There was a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9 (bsc#1158904). - CVE-2019-19543: There was a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (bnc#1158427). - CVE-2019-19767: There were multiple use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163 (bnc#1159297). - CVE-2019-19965: There was a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5 (bnc#1159911). - CVE-2019-19966: There was a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that could have caused a denial of service, aka CID-dea37a972655 (bnc#1159841). - CVE-2019-20054: There was a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e (bnc#1159910). - CVE-2019-20095: Several memory leaks were found in drivers/net/wireless/marvell/mwifiex/cfg80211.c, aka CID-003b686ace82 (bnc#1159909). - CVE-2019-20096: There was a memory leak in __feat_register_sp() in net/dccp/feat.c, aka CID-1d3ff0950e2b (bnc#1159908). - CVE-2020-7053: There was a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c (bnc#1160966). - CVE-2020-8428: There was a use-after-free bug in fs/namei.c, which allowed local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9 (bnc#1162109). - CVE-2020-8648: There was a use-after-free vulnerability in the n_tty_receive_buf_common function in drivers/tty/n_tty.c (bnc#1162928). - CVE-2020-8992: An issue was discovered in ext4_protect_reserved_inode in fs/ext4/block_validity.c that allowed attackers to cause a soft lockup via a crafted journal size (bnc#1164069). The following non-security bugs were fixed: - 6pack,mkiss: fix possible deadlock (bsc#1051510). - ACPI / APEI: Do not wait to serialise with oops messages when panic()ing (bsc#1051510). - ACPI / APEI: Switch estatus pool to use vmalloc memory (bsc#1051510). - ACPI / LPSS: Ignore acpi_device_fix_up_power() return value (bsc#1051510). - ACPI / video: Add force_none quirk for Dell OptiPlex 9020M (bsc#1051510). - ACPI / watchdog: Fix init failure with overlapping register regions (bsc#1162557). - ACPI / watchdog: Set default timeout in probe (bsc#1162557). - ACPI: bus: Fix NULL pointer check in acpi_bus_get_private_data() (bsc#1051510). - ACPI: fix acpi_find_child_device() invocation in acpi_preset_companion() (bsc#1051510). - ACPI: OSL: only free map once in osl.c (bsc#1051510). - ACPI: PM: Avoid attaching ACPI PM domain to certain devices (bsc#1051510). - ACPI: sysfs: Change ACPI_MASKABLE_GPE_MAX to 0x100 (bsc#1051510). - ACPI: video: Do not export a non working backlight interface on MSI MS-7721 boards (bsc#1051510). - ACPI: watchdog: Allow disabling WDAT at boot (bsc#1162557). - af_packet: set defaule value for tmo (bsc#1051510). - ALSA: control: remove useless assignment in .info callback of PCM chmap element (git-fixes). - ALSA: echoaudio: simplify get_audio_levels (bsc#1051510). - ALSA: fireface: fix return value in error path of isochronous resources reservation (bsc#1051510). - ALSA: hda - Add docking station support for Lenovo Thinkpad T420s (git-fixes). - ALSA: hda - Downgrade error message for single-cmd fallback (git-fixes). - ALSA: hda/analog - Minor optimization for SPDIF mux connections (git-fixes). - ALSA: hda/ca0132 - Avoid endless loop (git-fixes). - ALSA: hda/ca0132 - Fix work handling in delayed HP detection (git-fixes). - ALSA: hda/ca0132 - Keep power on during processing DSP response (git-fixes). - ALSA: hda/hdmi - Add new pci ids for AMD GPU display audio (git-fixes). - ALSA: hda/hdmi - add retry logic to parse_intel_hdmi() (git-fixes). - ALSA: hda/hdmi - fix atpx_present when CLASS is not VGA (bsc#1051510). - ALSA: hda/hdmi - Fix duplicate unref of pci_dev (bsc#1051510). - ALSA: hda/hdmi - fix vgaswitcheroo detection for AMD (git-fixes). - ALSA: hda/realtek - Add headset Mic no shutup for ALC283 (bsc#1051510). - ALSA: hda/realtek - Dell headphone has noise on unmute for ALC236 (git-fixes). - ALSA: hda/realtek - Fix silent output on MSI-GL73 (git-fixes). - ALSA: hda/realtek - Line-out jack does not work on a Dell AIO (bsc#1051510). - ALSA: hda: Add Clevo W65_67SB the power_save blacklist (git-fixes). - ALSA: hda: Reset stream if DMA RUN bit not cleared (bsc#1111666). - ALSA: hda: Use scnprintf() for printing texts for sysfs/procfs (git-fixes). - ALSA: ice1724: Fix sleep-in-atomic in Infrasonic Quartet support code (bsc#1051510). - ALSA: oxfw: fix return value in error path of isochronous resources reservation (bsc#1051510). - ALSA: pcm: Avoid possible info leaks from PCM stream buffers (git-fixes). - ALSA: pcm: oss: Avoid potential buffer overflows (git-fixes). - ALSA: seq: Avoid concurrent access to queue flags (git-fixes). - ALSA: seq: Fix concurrent access to queue current tick/time (git-fixes). - ALSA: seq: Fix racy access for queue timer in proc read (bsc#1051510). - ALSA: sh: Fix compile warning wrt const (git-fixes). - ALSA: usb-audio: Apply sample rate quirk for Audioengine D1 (git-fixes). - ALSA: usb-audio: fix set_format altsetting sanity check (bsc#1051510). - ALSA: usb-audio: fix sync-ep altsetting sanity check (bsc#1051510). - apparmor: fix unsigned len comparison with less than zero (git-fixes). - ar5523: check NULL before memcpy() in ar5523_cmd() (bsc#1051510). - arm64: Revert support for execute-only user mappings (bsc#1160218). - ASoC: au8540: use 64-bit arithmetic instead of 32-bit (bsc#1051510). - ASoC: compress: fix unsigned integer overflow check (bsc#1051510). - ASoC: cs4349: Use PM ops 'cs4349_runtime_pm' (bsc#1051510). - ASoC: Jack: Fix NULL pointer dereference in snd_soc_jack_report (bsc#1051510). - ASoC: msm8916-wcd-analog: Fix selected events for MIC BIAS External1 (bsc#1051510). - ASoC: sun8i-codec: Fix setting DAI data format (git-fixes). - ASoC: wm8962: fix lambda value (git-fixes). - ata: ahci: Add shutdown to freeze hardware resources of ahci (bsc#1164388). - ath10k: fix fw crash by moving chip reset after napi disabled (bsc#1051510). - ath6kl: Fix off by one error in scan completion (bsc#1051510). - ath9k: fix storage endpoint lookup (git-fixes). - atl1e: checking the status of atl1e_write_phy_reg (bsc#1051510). - audit: Allow auditd to set pid to 0 to end auditing (bsc#1158094). - batman-adv: Fix DAT candidate selection on little endian systems (bsc#1051510). - bcache: add code comment bch_keylist_pop() and bch_keylist_pop_front() (bsc#1163762). - bcache: add code comments for state->pool in __btree_sort() (bsc#1163762). - bcache: add code comments in bch_btree_leaf_dirty() (bsc#1163762). - bcache: add cond_resched() in __bch_cache_cmp() (bsc#1163762). - bcache: add idle_max_writeback_rate sysfs interface (bsc#1163762). - bcache: add more accurate error messages in read_super() (bsc#1163762). - bcache: add readahead cache policy options via sysfs interface (bsc#1163762). - bcache: at least try to shrink 1 node in bch_mca_scan() (bsc#1163762). - bcache: avoid unnecessary btree nodes flushing in btree_flush_write() (bsc#1163762). - bcache: check return value of prio_read() (bsc#1163762). - bcache: deleted code comments for dead code in bch_data_insert_keys() (bsc#1163762). - bcache: do not export symbols (bsc#1163762). - bcache: explicity type cast in bset_bkey_last() (bsc#1163762). - bcache: fix a lost wake-up problem caused by mca_cannibalize_lock (bsc#1163762). - bcache: Fix an error code in bch_dump_read() (bsc#1163762). - bcache: fix deadlock in bcache_allocator (bsc#1163762). - bcache: fix incorrect data type usage in btree_flush_write() (bsc#1163762). - bcache: fix memory corruption in bch_cache_accounting_clear() (bsc#1163762). - bcache: fix static checker warning in bcache_device_free() (bsc#1163762). - bcache: ignore pending signals when creating gc and allocator thread (bsc#1163762, bsc#1112504). - bcache: print written and keys in trace_bcache_btree_write (bsc#1163762). - bcache: reap c->btree_cache_freeable from the tail in bch_mca_scan() (bsc#1163762). - bcache: reap from tail of c->btree_cache in bch_mca_scan() (bsc#1163762). - bcache: remove macro nr_to_fifo_front() (bsc#1163762). - bcache: remove member accessed from struct btree (bsc#1163762). - bcache: remove the extra cflags for request.o (bsc#1163762). - bcache: Revert 'bcache: shrink btree node cache after bch_btree_check()' (bsc#1163762, bsc#1112504). - bcma: remove set but not used variable 'sizel' (git-fixes). - blk-mq: avoid sysfs buffer overflow with too many CPU cores (bsc#1163840). - blk-mq: make sure that line break can be printed (bsc#1164098). - Bluetooth: Fix race condition in hci_release_sock() (bsc#1051510). - Bluetooth: hci_bcm: Handle specific unknown packets after firmware loading (bsc#1051510). - bonding: fix active-backup transition after link failure (git-fixes). - bonding: fix potential NULL deref in bond_update_slave_arr (bsc#1051510). - bonding: fix slave stuck in BOND_LINK_FAIL state (networking-stable-19_11_10). - bonding: fix state transition issue in link monitoring (networking-stable-19_11_10). - bonding: fix unexpected IFF_BONDING bit unset (bsc#1051510). - bpf: Make use of probe_user_write in probe write helper (bsc#1083647). - brcmfmac: fix interface sanity check (git-fixes). - brcmfmac: Fix memory leak in brcmf_usbdev_qinit (git-fixes). - brcmfmac: Fix use after free in brcmf_sdio_readframes() (git-fixes). - btrfs: abort transaction after failed inode updates in create_subvol (bsc#1161936). - btrfs: add missing extents release on file extent cluster relocation error (bsc#1159483). - btrfs: avoid fallback to transaction commit during fsync of files with holes (bsc#1159569). - btrfs: dev-replace: remove warning for unknown return codes when finished (dependency for bsc#1162067). - btrfs: do not call synchronize_srcu() in inode_tree_del (bsc#1161934). - btrfs: do not double lock the subvol_sem for rename exchange (bsc#1162943). - btrfs: Ensure we trim ranges across block group boundary (bsc#1151910). - btrfs: fix block group remaining RO forever after error during device replace (bsc#1160442). - btrfs: fix btrfs_write_inode vs delayed iput deadlock (bsc#1154243). - btrfs: fix infinite loop during fsync after rename operations (bsc#1163383). - btrfs: fix infinite loop during nocow writeback due to race (bsc#1160804). - btrfs: fix integer overflow in calc_reclaim_items_nr (bsc#1160433). - btrfs: fix missing data checksums after replaying a log tree (bsc#1161931). - btrfs: fix negative subv_writers counter and data space leak after buffered write (bsc#1160802). - btrfs: fix race between adding and putting tree mod seq elements and nodes (bsc#1163384). - btrfs: fix removal logic of the tree mod log that leads to use-after-free issues (bsc#1160803). - btrfs: fix selftests failure due to uninitialized i_mode in test inodes (Fix for dependency of bsc#1157692). - btrfs: handle ENOENT in btrfs_uuid_tree_iterate (bsc#1161937). - btrfs: harden agaist duplicate fsid on scanned devices (bsc#1134973). - btrfs: inode: Verify inode mode to avoid NULL pointer dereference (dependency for bsc#1157692). - btrfs: make tree checker detect checksum items with overlapping ranges (bsc#1161931). - btrfs: Move btrfs_check_chunk_valid() to tree-check.[ch] and export it (dependency for bsc#1157692). - btrfs: record all roots for rename exchange on a subvol (bsc#1161933). - btrfs: relocation: fix reloc_root lifespan and access (bsc#1159588). - btrfs: scrub: Require mandatory block group RO for dev-replace (bsc#1162067). - btrfs: send, skip backreference walking for extents with many references (bsc#1162139). - btrfs: simplify inode locking for RWF_NOWAIT (git-fixes). - btrfs: skip log replay on orphaned roots (bsc#1161935). - btrfs: tree-checker: Check chunk item at tree block read time (dependency for bsc#1157692). - btrfs: tree-checker: Check level for leaves and nodes (dependency for bsc#1157692). - btrfs: tree-checker: Enhance chunk checker to validate chunk profile (dependency for bsc#1157692). - btrfs: tree-checker: Fix wrong check on max devid (fixes for dependency of bsc#1157692). - btrfs: tree-checker: get fs_info from eb in block_group_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_block_group_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_csum_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_dev_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_dir_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_extent_data_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_inode_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_leaf (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_leaf_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in chunk_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in dev_item_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in dir_item_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in file_extent_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in generic_err (dependency for bsc#1157692). - btrfs: tree-checker: Make btrfs_check_chunk_valid() return EUCLEAN instead of EIO (dependency for bsc#1157692). - btrfs: tree-checker: Make chunk item checker messages more readable (dependency for bsc#1157692). - btrfs: tree-checker: Verify dev item (dependency for bsc#1157692). - btrfs: tree-checker: Verify inode item (dependency for bsc#1157692). - btrfs: volumes: Use more straightforward way to calculate map length (bsc#1151910). - can, slip: Protect tty->disc_data in write_wakeup and close with RCU (bsc#1051510). - can: can_dropped_invalid_skb(): ensure an initialized headroom in outgoing CAN sk_buffs (bsc#1051510). - can: c_can: D_CAN: c_can_chip_config(): perform a sofware reset on open (bsc#1051510). - can: gs_usb: gs_usb_probe(): use descriptors of current altsetting (bsc#1051510). - can: mscan: mscan_rx_poll(): fix rx path lockup when returning from polling to irq mode (bsc#1051510). - can: peak_usb: report bus recovery as well (bsc#1051510). - can: rx-offload: can_rx_offload_irq_offload_fifo(): continue on error (bsc#1051510). - can: rx-offload: can_rx_offload_irq_offload_timestamp(): continue on error (bsc#1051510). - can: rx-offload: can_rx_offload_offload_one(): increment rx_fifo_errors on queue overflow or OOM (bsc#1051510). - can: rx-offload: can_rx_offload_offload_one(): use ERR_PTR() to propagate error value in case of errors (bsc#1051510). - can: slcan: Fix use-after-free Read in slcan_open (bsc#1051510). - CDC-NCM: handle incomplete transfer of MTU (networking-stable-19_11_10). - cdrom: respect device capabilities during opening action (boo#1164632). - cfg80211/mac80211: make ieee80211_send_layer2_update a public function (bsc#1051510). - cfg80211: check for set_wiphy_params (bsc#1051510). - cfg80211: fix page refcount issue in A-MSDU decap (bsc#1051510). - cgroup,writeback: do not switch wbs immediately on dead wbs if the memcg is dead (bsc#1158645). - cgroup: pids: use atomic64_t for pids->limit (bsc#1161514). - chardev: Avoid potential use-after-free in 'chrdev_open()' (bsc#1163849). - cifs: add support for flock (bsc#1144333). - cifs: Close cached root handle only if it had a lease (bsc#1144333). - cifs: Close open handle after interrupted close (bsc#1144333). - cifs: close the shared root handle on tree disconnect (bsc#1144333). - cifs: Do not miss cancelled OPEN responses (bsc#1144333). - cifs: Fix lookup of root ses in DFS referral cache (bsc#1144333). - cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1144333). - cifs: fix mount option display for sec=krb5i (bsc#1161907). - cifs: Fix mount options set in automount (bsc#1144333). - cifs: Fix NULL pointer dereference in mid callback (bsc#1144333). - cifs: Fix NULL-pointer dereference in smb2_push_mandatory_locks (bsc#1144333). - cifs: Fix potential softlockups while refreshing DFS cache (bsc#1144333). - cifs: Fix retrieval of DFS referrals in cifs_mount() (bsc#1144333). - cifs: Fix use-after-free bug in cifs_reconnect() (bsc#1144333). - cifs: Properly process SMB3 lease breaks (bsc#1144333). - cifs: remove set but not used variables 'cinode' and 'netfid' (bsc#1144333). - cifs: Respect O_SYNC and O_DIRECT flags during reconnect (bsc#1144333). - clk: Do not try to enable critical clocks if prepare failed (bsc#1051510). - clk: mmp2: Fix the order of timer mux parents (bsc#1051510). - clk: qcom: rcg2: Do not crash if our parent can't be found; return an error (bsc#1051510). - clk: rockchip: fix I2S1 clock gate register for rk3328 (bsc#1051510). - clk: rockchip: fix ID of 8ch clock of I2S1 for rk3328 (bsc#1051510). - clk: rockchip: fix rk3188 sclk_mac_lbtest parameter ordering (bsc#1051510). - clk: rockchip: fix rk3188 sclk_smc gate data (bsc#1051510). - clk: sunxi-ng: add mux and pll notifiers for A64 CPU clock (bsc#1051510). - clk: sunxi: sun9i-mmc: Implement reset callback for reset controls (bsc#1051510). - clk: tegra: Mark fuse clock as critical (bsc#1051510). - clocksource/drivers/bcm2835_timer: Fix memory leak of timer (bsc#1051510). - clocksource: Prevent double add_timer_on() for watchdog_timer (bsc#1051510). - closures: fix a race on wakeup from closure_sync (bsc#1163762). - compat_ioctl: handle SIOCOUTQNSD (bsc#1051510). - configfs_register_group() shouldn't be (and isn't) called in rmdirable parts (bsc#1051510). - copy/pasted 'Recommends:' instead of 'Provides:', 'Obsoletes:' and 'Conflicts: - Cover up kABI breakage due to DH key verification (bsc#1155331). - crypto: af_alg - Use bh_lock_sock in sk_destruct (bsc#1051510). - crypto: api - Check spawn->alg under lock in crypto_drop_spawn (bsc#1051510). - crypto: api - Fix race condition in crypto_spawn_alg (bsc#1051510). - crypto: atmel-sha - fix error handling when setting hmac key (bsc#1051510). - crypto: ccp - fix uninitialized list head (bsc#1051510). - crypto: chelsio - fix writing tfm flags to wrong place (bsc#1051510). - crypto: dh - add public key verification test (bsc#1155331). - crypto: dh - fix calculating encoded key size (bsc#1155331). - crypto: dh - fix memory leak (bsc#1155331). - crypto: dh - update test for public key verification (bsc#1155331). - crypto: DRBG - add FIPS 140-2 CTRNG for noise source (bsc#1155334). - crypto: ecdh - add public key verification test (bsc#1155331). - crypto: ecdh - fix typo of P-192 b value (bsc#1155331). - crypto: mxc-scc - fix build warnings on ARM64 (bsc#1051510). - crypto: pcrypt - Do not clear MAY_SLEEP flag in original request (bsc#1051510). - crypto: picoxcell - adjust the position of tasklet_init and fix missed tasklet_kill (bsc#1051510). - crypto: reexport crypto_shoot_alg() (bsc#1051510, kABI fix). - cxgb4: request the TX CIDX updates to status page (bsc#1127371). - dma-buf: Fix memory leak in sync_file_merge() (git-fixes). - dma-mapping: fix return type of dma_set_max_seg_size() (bsc#1051510). - dmaengine: coh901318: Fix a double-lock bug (bsc#1051510). - dmaengine: coh901318: Remove unused variable (bsc#1051510). - dmaengine: Fix access to uninitialized dma_slave_caps (bsc#1051510). - Documentation: Document arm64 kpti control (bsc#1162623). - drivers/base/memory.c: cache blocks in radix tree to accelerate lookup (bsc#1159955 ltc#182993). - drivers/base/memory.c: do not access uninitialized memmaps in soft_offline_page_store() (bsc#1051510). - drivers/base/platform.c: kmemleak ignore a known leak (bsc#1051510). - drivers/regulator: fix a missing check of return value (bsc#1051510). - drm/amdgpu: add function parameter description in 'amdgpu_gart_bind' (bsc#1051510). - drm/amdgpu: fix bad DMA from INTERRUPT_CNTL2 (bsc#1114279) - drm/amdgpu: remove 4 set but not used variable in amdgpu_atombios_get_connector_info_from_object_table (bsc#1051510). - drm/amdgpu: remove always false comparison in 'amdgpu_atombios_i2c_process_i2c_ch' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'amdgpu_connector' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'dig' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'dig_connector' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'mc_shared_chmap' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'mc_shared_chmap' from 'gfx_v6_0.c' and 'gfx_v7_0.c' (bsc#1051510). - drm/dp_mst: correct the shifting in DP_REMOTE_I2C_READ (bsc#1051510). - drm/fb-helper: Round up bits_per_pixel if possible (bsc#1051510). - drm/i810: Prevent underflow in ioctl (bsc#1114279) - drm/i915: Add missing include file <linux/math64.h> (bsc#1051510). - drm/i915: Fix pid leak with banned clients (bsc#1114279) - drm/mst: Fix MST sideband up-reply failure handling (bsc#1051510). - drm/nouveau/secboot/gm20b: initialize pointer in gm20b_secboot_new() (bsc#1051510). - drm/nouveau: Fix copy-paste error in nouveau_fence_wait_uevent_handler (bsc#1051510). - drm/qxl: Return error if fbdev is not 32 bpp (bsc#1159028) - drm/radeon: fix r1xx/r2xx register checker for POT textures (bsc#1114279) - drm/rockchip: lvds: Fix indentation of a #define (bsc#1051510). - drm/rockchip: Round up _before_ giving to the clock framework (bsc#1114279) - drm/vmwgfx: prevent memory leak in vmw_cmdbuf_res_add (bsc#1051510). - drm: bridge: dw-hdmi: constify copied structure (bsc#1051510). - drm: limit to INT_MAX in create_blob ioctl (bsc#1051510). - drm: meson: venc: cvbs: fix CVBS mode matching (bsc#1051510). - drm: panel-lvds: Potential Oops in probe error handling (bsc#1114279) - e1000e: Add support for Comet Lake (bsc#1158533). - e1000e: Add support for Tiger Lake (bsc#1158533). - e1000e: Increase pause and refresh time (bsc#1158533). - e100: Fix passing zero to 'PTR_ERR' warning in e100_load_ucode_wait (bsc#1051510). - ecryptfs_lookup_interpose(): lower_dentry->d_inode is not stable (bsc#1158646). - ecryptfs_lookup_interpose(): lower_dentry->d_parent is not stable either (bsc#1158647). - EDAC/ghes: Fix locking and memory barrier issues (bsc#1114279). EDAC/ghes: Do not warn when incrementing refcount on 0 (bsc#1114279). - Enable CONFIG_BLK_DEV_SR_VENDOR (boo#1164632). - enic: prevent waking up stopped tx queues over watchdog reset (bsc#1133147). - exit: panic before exit_mm() on global init exit (bsc#1161549). - ext2: check err when partial != NULL (bsc#1163859). - ext4, jbd2: ensure panic when aborting with zero errno (bsc#1163853). - ext4: check for directory entries too close to block end (bsc#1163861). - ext4: fix a bug in ext4_wait_for_tail_page_commit (bsc#1163841). - ext4: fix checksum errors with indexed dirs (bsc#1160979). - ext4: fix deadlock allocating crypto bounce page from mempool (bsc#1163842). - ext4: Fix mount failure with quota configured as module (bsc#1164471). - ext4: fix punch hole for inline_data file systems (bsc#1158640). - ext4: improve explanation of a mount failure caused by a misconfigured kernel (bsc#1163843). - ext4: update direct I/O read lock pattern for IOCB_NOWAIT (bsc#1158639). - extcon: max8997: Fix lack of path setting in USB device mode (bsc#1051510). - firestream: fix memory leaks (bsc#1051510). - fix autofs regression caused by follow_managed() changes (bsc#1159271). - fix dget_parent() fastpath race (bsc#1159271). - Fix partial checked out tree build ... so that bisection does not break. - Fix the locking in dcache_readdir() and friends (bsc#1123328). - fjes: fix missed check in fjes_acpi_add (bsc#1051510). - fs/namei.c: fix missing barriers when checking positivity (bsc#1159271). - fs/namei.c: pull positivity check into follow_managed() (bsc#1159271). - fs/open.c: allow opening only regular files during execve() (bsc#1163845). - fs: cifs: Fix atime update check vs mtime (bsc#1144333). - fscrypt: do not set policy for a dead directory (bsc#1163846). - ftrace: Add comment to why rcu_dereference_sched() is open coded (git-fixes). - ftrace: Avoid potential division by zero in function profiler (bsc#1160784). - ftrace: Introduce PERMANENT ftrace_ops flag (bsc#1120853). - ftrace: Protect ftrace_graph_hash with ftrace_sync (git-fixes). - genirq/proc: Return proper error code when irq_set_affinity() fails (bnc#1105392). - genirq: Prevent NULL pointer dereference in resend_irqs() (bsc#1051510). - genirq: Properly pair kobject_del() with kobject_add() (bsc#1051510). - gpio: Fix error message on out-of-range GPIO in lookup table (bsc#1051510). - gtp: avoid zero size hashtable (networking-stable-20_01_01). - gtp: do not allow adding duplicate tid and ms_addr pdp context (networking-stable-20_01_01). - gtp: fix an use-after-free in ipv4_pdp_find() (networking-stable-20_01_01). - gtp: fix wrong condition in gtp_genl_dump_pdp() (networking-stable-20_01_01). - HID: doc: fix wrong data structure reference for UHID_OUTPUT (bsc#1051510). - HID: hidraw, uhid: Always report EPOLLOUT (bsc#1051510). - HID: hidraw: Fix returning EPOLLOUT from hidraw_poll (bsc#1051510). - HID: intel-ish-hid: fixes incorrect error handling (bsc#1051510). - HID: uhid: Fix returning EPOLLOUT from uhid_char_poll (bsc#1051510). - hidraw: Return EPOLLOUT from hidraw_poll (bsc#1051510). - hwmon: (adt7475) Make volt2reg return same reg as reg2volt input (bsc#1051510). - hwmon: (core) Do not use device managed functions for memory allocations (bsc#1051510). - hwmon: (nct7802) Fix voltage limits to wrong registers (bsc#1051510). - hwmon: (pmbus/ltc2978) Fix PMBus polling of MFR_COMMON definitions (bsc#1051510). - hwrng: stm32 - fix unbalanced pm_runtime_enable (bsc#1051510). - i2c: imx: do not print error message on probe defer (bsc#1051510). - ibmveth: Detect unsupported packets before sending to the hypervisor (bsc#1159484 ltc#182983). - ibmvnic: Bound waits for device queries (bsc#1155689 ltc#182047). - ibmvnic: Fix completion structure initialization (bsc#1155689 ltc#182047). - ibmvnic: Serialize device queries (bsc#1155689 ltc#182047). - ibmvnic: Terminate waiting device threads after loss of service (bsc#1155689 ltc#182047). - idr: Fix idr_alloc_u32 on 32-bit systems (bsc#1051510). - iio: adc: max9611: Fix too short conversion time delay (bsc#1051510). - iio: buffer: align the size of scan bytes to size of the largest element (bsc#1051510). - inet: protect against too small mtu values (networking-stable-19_12_16). - init: add arch_call_rest_init to allow stack switching (jsc#SLE-11179). - Input: aiptek - fix endpoint sanity check (bsc#1051510). - Input: cyttsp4_core - fix use after free bug (bsc#1051510). - Input: goodix - add upside-down quirk for Teclast X89 tablet (bsc#1051510). - Input: gtco - fix endpoint sanity check (bsc#1051510). - Input: keyspan-remote - fix control-message timeouts (bsc#1051510). - Input: pegasus_notetaker - fix endpoint sanity check (bsc#1051510). - Input: pm8xxx-vib - fix handling of separate enable register (bsc#1051510). - Input: rmi_f54 - read from FIFO in 32 byte blocks (bsc#1051510). - Input: sun4i-ts - add a check for devm_thermal_zone_of_sensor_register (bsc#1051510). - Input: sur40 - fix interface sanity checks (bsc#1051510). - Input: synaptics - switch another X1 Carbon 6 to RMI/SMbus (bsc#1051510). - Input: synaptics-rmi4 - do not increment rmiaddr for SMBus transfers (bsc#1051510). - Input: synaptics-rmi4 - simplify data read in rmi_f54_work (bsc#1051510). - iomap: Fix pipe page leakage during splicing (bsc#1158651). - iommu/amd: Fix IOMMU perf counter clobbering during init (bsc#1162617). - iommu/arm-smmu-v3: Populate VMID field for CMDQ_OP_TLBI_NH_VA (bsc#1164314). - iommu/io-pgtable-arm: Fix race handling in split_blk_unmap() (bsc#1164115). - iommu/vt-d: Unlink device if failed to add to group (bsc#1160756). - iommu: Remove device link to group on failure (bsc#1160755). - ipv4: Fix table id reference in fib_sync_down_addr (networking-stable-19_11_10). - iwlegacy: ensure loop counter addr does not wrap and cause an infinite loop (git-fixes). - iwlwifi: do not throw error when trying to remove IGTK (bsc#1051510). - iwlwifi: mvm: fix NVM check for 3168 devices (bsc#1051510). - iwlwifi: mvm: Send non offchannel traffic via AP sta (bsc#1051510). - iwlwifi: mvm: synchronize TID queue removal (bsc#1051510). - jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info when load journal (bsc#1163862). - jbd2: do not clear the BH_Mapped flag when forgetting a metadata buffer (bsc#1163836). - jbd2: Fix possible overflow in jbd2_log_space_left() (bsc#1163860). - jbd2: make sure ESHUTDOWN to be recorded in the journal superblock (bsc#1163863). - jbd2: move the clearing of b_modified flag to the journal_unmap_buffer() (bsc#1163880). - jbd2: switch to use jbd2_journal_abort() when failed to submit the commit record (bsc#1163852). - kABI workaround for can/skb.h inclusion (bsc#1051510). - kABI: add _q suffix to exports that take struct dh (bsc#1155331). - kABI: protect struct sctp_ep_common (kabi). - kconfig: fix broken dependency in randconfig-generated .config (bsc#1051510). - kernel-binary.spec.in: do not recommend firmware for kvmsmall and azure flavor (boo#1161360). - kernel/trace: Fix do not unregister tracepoints when register sched_migrate_task fail (bsc#1160787). - kernfs: Fix range checks in kernfs_get_target_path (bsc#1051510). - kexec: bail out upon SIGKILL when allocating memory (git-fixes). - KVM: Clean up __kvm_gfn_to_hva_cache_init() and its callers (bsc#1133021). - KVM: fix spectrev1 gadgets (bsc#1164705). - KVM: PPC: Book3S HV: Uninit vCPU if vcore creation fails (bsc#1061840). - KVM: PPC: Book3S PR: Fix -Werror=return-type build failure (bsc#1061840). - KVM: PPC: Book3S PR: Free shared page if mmu initialization fails (bsc#1061840). - KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl (git-fixes). - KVM: s390: Test for bad access register and size at the start of S390_MEM_OP (git-fixes). - KVM: SVM: Guard against DEACTIVATE when performing WBINVD/DF_FLUSH (bsc#1114279). - KVM: SVM: Override default MMIO mask if memory encryption is enabled (bsc#1162618). - KVM: SVM: Serialize access to the SEV ASID bitmap (bsc#1114279). - KVM: x86: Host feature SSBD does not imply guest feature SPEC_CTRL_SSBD (bsc#1160476). - KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks (bsc#1164734). - KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks (bsc#1164728). - KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks (bsc#1164729). - KVM: x86: Protect kvm_hv_msr_[get|set]_crash_data() from Spectre-v1/L1TF attacks (bsc#1164712). - KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks (bsc#1164730). - KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks in x86.c (bsc#1164733). - KVM: x86: Protect MSR-based index computations in fixed_msr_to_seg_unit() from Spectre-v1/L1TF attacks (bsc#1164731). - KVM: x86: Protect MSR-based index computations in pmu.h from Spectre-v1/L1TF attacks (bsc#1164732). - KVM: x86: Protect pmu_intel.c from Spectre-v1/L1TF attacks (bsc#1164735). - KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks (bsc#1164705). - KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks (bsc#1164727). - KVM: x86: Remove a spurious export of a static function (bsc#1158954). - leds: Allow to call led_classdev_unregister() unconditionally (bsc#1161674). - leds: class: ensure workqueue is initialized before setting brightness (bsc#1161674). - lib/scatterlist.c: adjust indentation in __sg_alloc_table (bsc#1051510). - lib/test_kasan.c: fix memory leak in kmalloc_oob_krealloc_more() (bsc#1051510). - lib: crc64: include <linux/crc64.h> for 'crc64_be' (bsc#1163762). - livepatch/samples/selftest: Use klp_shadow_alloc() API correctly (bsc#1071995). - livepatch/selftest: Clean up shadow variable names and type (bsc#1071995). - livepatch: Allow to distinguish different version of system state changes (bsc#1071995). - livepatch: Basic API to track system state changes (bsc#1071995 ). - livepatch: Keep replaced patches until post_patch callback is called (bsc#1071995). - livepatch: Selftests of the API for tracking system state changes (bsc#1071995). - livepatch: Simplify stack trace retrieval (jsc#SLE-11179). - loop: fix no-unmap write-zeroes request behavior (bsc#1158637). - mac80211: Do not send Layer 2 Update frame before authorization (bsc#1051510). - mac80211: fix station inactive_time shortly after boot (bsc#1051510). - mac80211: Fix TKIP replay protection immediately after key setup (bsc#1051510). - mac80211: mesh: restrict airtime metric to peered established plinks (bsc#1051510). - macvlan: do not assume mac_header is set in macvlan_broadcast() (bsc#1051510). - macvlan: use skb_reset_mac_header() in macvlan_queue_xmit() (bsc#1051510). - mailbox: mailbox-test: fix null pointer if no mmio (bsc#1051510). - media/v4l2-core: set pages dirty upon releasing DMA buffers (bsc#1051510). - media: af9005: uninitialized variable printked (bsc#1051510). - media: cec.h: CEC_OP_REC_FLAG_ values were swapped (bsc#1051510). - media: cec: CEC 2.0-only bcast messages were ignored (git-fixes). - media: cec: report Vendor ID after initialization (bsc#1051510). - media: digitv: do not continue if remote control state can't be read (bsc#1051510). - media: dvb-usb/dvb-usb-urb.c: initialize actlen to 0 (bsc#1051510). - media: exynos4-is: fix wrong mdev and v4l2 dev order in error path (git-fixes). - media: gspca: zero usb_buf (bsc#1051510). - media: iguanair: fix endpoint sanity check (bsc#1051510). - media: ov6650: Fix control handler not freed on init error (git-fixes). - media: ov6650: Fix crop rectangle alignment not passed back (git-fixes). - media: ov6650: Fix incorrect use of JPEG colorspace (git-fixes). - media: pulse8-cec: fix lost cec_transmit_attempt_done() call. - media: pulse8-cec: return 0 when invalidating the logical address (bsc#1051510). - media: stkwebcam: Bugfix for wrong return values (bsc#1051510). - media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors (bsc#1051510). - media: uvcvideo: Fix error path in control parsing failure (git-fixes). - media: v4l2-ctrl: fix flags for DO_WHITE_BALANCE (bsc#1051510). - media: v4l2-ioctl.c: zero reserved fields for S/TRY_FMT (bsc#1051510). - media: v4l2-rect.h: fix v4l2_rect_map_inside() top/left adjustments (bsc#1051510). - mei: bus: prefix device names on bus with the bus name (bsc#1051510). - mfd: da9062: Fix watchdog compatible string (bsc#1051510). - mfd: dln2: More sanity checking for endpoints (bsc#1051510). - mfd: rn5t618: Mark ADC control register volatile (bsc#1051510). - missing escaping of backslashes in macro expansions Fixes: f3b74b0ae86b ('rpm/kernel-subpackage-spec: Unify dependency handling.') Fixes: 3fd22e219f77 ('rpm/kernel-subpackage-spec: Fix empty Recommends tag (bsc#1143959)') - mlx5: add parameter to disable enhanced IPoIB (bsc#1142095) - mm, memory_hotplug: do not clear numa_node association after hot_remove (bnc#1115026). - mm/page-writeback.c: fix range_cyclic writeback vs writepages deadlock (bsc#1159394). - mm: memory_hotplug: use put_device() if device_register fail (bsc#1159955 ltc#182993). - mmc: mediatek: fix CMD_TA to 2 for MT8173 HS200/HS400 mode (bsc#1051510). - mmc: sdhci-of-esdhc: fix P2020 errata handling (bsc#1051510). - mmc: sdhci-of-esdhc: Revert 'mmc: sdhci-of-esdhc: add erratum A-009204 support' (bsc#1051510). - mmc: sdhci: fix minimum clock rate for v3 controller (bsc#1051510). - mmc: spi: Toggle SPI polarity, do not hardcode it (bsc#1051510). - mmc: tegra: fix SDR50 tuning override (bsc#1051510). - moduleparam: fix parameter description mismatch (bsc#1051510). - mod_devicetable: fix PHY module format (networking-stable-19_12_28). - mtd: fix mtd_oobavail() incoherent returned value (bsc#1051510). - mwifiex: debugfs: correct histogram spacing, formatting (bsc#1051510). - mwifiex: drop most magic numbers from mwifiex_process_tdls_action_frame() (git-fixes). - mwifiex: fix potential NULL dereference and use after free (bsc#1051510). - namei: only return -ECHILD from follow_dotdot_rcu() (bsc#1163851). - nbd: prevent memory leak (bsc#1158638). - net/ibmvnic: Fix typo in retry check (bsc#1155689 ltc#182047). - net/mlx4_en: fix mlx4 ethtool -N insertion (networking-stable-19_11_25). - net/mlx5: prevent memory leak in mlx5_fpga_conn_create_cq (bsc#1046303). - net/mlx5e: Fix set vf link state error flow (networking-stable-19_11_25). - net/mlx5e: Fix SFF 8472 eeprom length (git-fixes). - net/mlxfw: Fix out-of-memory error in mfa2 flash burning (bsc#1051858). - net/sched: act_pedit: fix WARN() in the traffic path (networking-stable-19_11_25). - net: bridge: deny dev_set_mac_address() when unregistering (networking-stable-19_12_16). - net: cdc_ncm: Signedness bug in cdc_ncm_set_dgram_size() (git-fixes). - net: dst: Force 4-byte alignment of dst_metrics (networking-stable-19_12_28). - net: ena: fix napi handler misbehavior when the napi budget is zero (networking-stable-20_01_01). - net: ethernet: octeon_mgmt: Account for second possible VLAN header (networking-stable-19_11_10). - net: ethernet: ti: cpsw: fix extra rx interrupt (networking-stable-19_12_16). - net: fix data-race in neigh_event_send() (networking-stable-19_11_10). - net: hisilicon: Fix a BUG trigered by wrong bytes_compl (networking-stable-19_12_28). - net: nfc: nci: fix a possible sleep-in-atomic-context bug in nci_uart_tty_receive() (networking-stable-19_12_28). - net: phy: at803x: Change error to EINVAL for invalid MAC (bsc#1051510). - net: phy: broadcom: Use strlcpy() for ethtool::get_strings (bsc#1051510). - net: phy: Check against net_device being NULL (bsc#1051510). - net: phy: dp83867: Set up RGMII TX delay (bsc#1051510). - net: phy: Fix not to call phy_resume() if PHY is not attached (bsc#1051510). - net: phy: Fix the register offsets in Broadcom iProc mdio mux driver (bsc#1051510). - net: phy: fixed_phy: Fix fixed_phy not checking GPIO (bsc#1051510). - net: phy: marvell: clear wol event before setting it (bsc#1051510). - net: phy: marvell: Use strlcpy() for ethtool::get_strings (bsc#1051510). - net: phy: meson-gxl: check phy_write return value (bsc#1051510). - net: phy: micrel: Use strlcpy() for ethtool::get_strings (bsc#1051510). - net: phy: mscc: read 'vsc8531, edge-slowdown' as an u32 (bsc#1051510). - net: phy: mscc: read 'vsc8531,vddmac' as an u32 (bsc#1051510). - net: phy: xgene: disable clk on error paths (bsc#1051510). - net: phy: xgmiitorgmii: Check phy_driver ready before accessing (bsc#1051510). - net: phy: xgmiitorgmii: Check read_status results (bsc#1051510). - net: phy: xgmiitorgmii: Support generic PHY status read (bsc#1051510). - net: psample: fix skb_over_panic (networking-stable-19_12_03). - net: qlogic: Fix error paths in ql_alloc_large_buffers() (networking-stable-19_12_28). - net: rtnetlink: prevent underflows in do_setvfinfo() (networking-stable-19_11_25). - net: sched: correct flower port blocking (git-fixes). - net: sched: fix `tc -s class show` no bstats on class with nolock subqueues (networking-stable-19_12_03). - net: usb: lan78xx: Fix suspend/resume PHY register access error (networking-stable-19_12_28). - net: usb: lan78xx: limit size of local TSO packets (bsc#1051510). - net: usb: qmi_wwan: add support for DW5821e with eSIM support (networking-stable-19_11_10). - net: usb: qmi_wwan: add support for Foxconn T77W968 LTE modules (networking-stable-19_11_18). - netfilter: nf_queue: enqueue skbs with NULL dst (git-fixes). - new helper: lookup_positive_unlocked() (bsc#1159271). - NFC: fdp: fix incorrect free object (networking-stable-19_11_10). - NFC: pn533: fix bulk-message timeout (bsc#1051510). - NFC: pn544: Adjust indentation in pn544_hci_check_presence (git-fixes). - NFC: st21nfca: fix double free (networking-stable-19_11_10). - nvme: fix the parameter order for nvme_get_log in nvme_get_fw_slot_info (bsc#1163774). - ocfs2: fix panic due to ocfs2_wq is null (bsc#1158644). - ocfs2: fix passing zero to 'PTR_ERR' warning (bsc#1158649). - openvswitch: drop unneeded BUG_ON() in ovs_flow_cmd_build_info() (networking-stable-19_12_03). - openvswitch: remove another BUG_ON() (networking-stable-19_12_03). - openvswitch: support asymmetric conntrack (networking-stable-19_12_16). - orinoco_usb: fix interface sanity check (git-fixes). - PCI/IOV: Fix memory leak in pci_iov_add_virtfn() (git-fixes). - PCI/MSI: Fix incorrect MSI-X masking on resume (bsc#1051510). - PCI/MSI: Return -ENOSPC from pci_alloc_irq_vectors_affinity() (bsc#1051510). - PCI/PTM: Remove spurious 'd' from granularity message (bsc#1051510). - PCI/switchtec: Fix vep_vector_number ioread width (bsc#1051510). - PCI: Add DMA alias quirk for Intel VCA NTB (bsc#1051510). - PCI: Apply Cavium ACS quirk to ThunderX2 and ThunderX3 (bsc#1051510). - PCI: Do not disable bridge BARs when assigning bus resources (bsc#1051510). - PCI: dwc: Fix find_next_bit() usage (bsc#1051510). - PCI: Fix Intel ACS quirk UPDCR register address (bsc#1051510). - PCI: rcar: Fix missing MACCTLR register setting in initialization sequence (bsc#1051510). - PCI: tegra: Enable Relaxed Ordering only for Tegra20 & Tegra30 (git-fixes). - percpu: Separate decrypted varaibles anytime encryption can be enabled (bsc#1114279). - perf/x86/intel: Fix inaccurate period in context switch for auto-reload (bsc#1164315). - phy: qualcomm: Adjust indentation in read_poll_timeout (bsc#1051510). - pinctrl: qcom: ssbi-gpio: fix gpio-hog related boot issues (bsc#1051510). - pinctrl: sh-pfc: r8a7778: Fix duplicate SDSELF_B and SD1_CLK_B (bsc#1051510). - pinctrl: xway: fix gpio-hog related boot issues (bsc#1051510). - pktcdvd: remove warning on attempting to register non-passthrough dev (bsc#1051510). - platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0 (bsc#1051510). - platform/x86: hp-wmi: Fix ACPI errors caused by passing 0 as input size (bsc#1051510). - platform/x86: hp-wmi: Fix ACPI errors caused by too small buffer (bsc#1051510). - platform/x86: hp-wmi: Make buffer for HPWMI_FEATURE2_QUERY 128 bytes (bsc#1051510). - platform/x86: pmc_atom: Add Siemens CONNECT X300 to critclk_systems DMI table (bsc#1051510). - PM / AVS: SmartReflex: NULL check before some freeing functions is not needed (bsc#1051510). - PM / Domains: Deal with multiple states but no governor in genpd (bsc#1051510). - power: supply: ltc2941-battery-gauge: fix use-after-free (bsc#1051510). - powerpc/archrandom: fix arch_get_random_seed_int() (bsc#1065729). - powerpc/irq: fix stack overflow verification (bsc#1065729). - powerpc/livepatch: return -ERRNO values in save_stack_trace_tsk_reliable() (bsc#1071995 bsc#1161875). - powerpc/mm: drop #ifdef CONFIG_MMU in is_ioremap_addr() (bsc#1065729). - powerpc/mm: Remove kvm radix prefetch workaround for Power9 DD2.2 (bsc#1061840). - powerpc/pkeys: remove unused pkey_allows_readwrite (bsc#1065729). - powerpc/powernv: Disable native PCIe port management (bsc#1065729). - powerpc/pseries/hotplug-memory: Change rc variable to bool (bsc#1065729). - powerpc/pseries/lparcfg: Fix display of Maximum Memory (bsc#1162028 ltc#181740). - powerpc/pseries/mobility: notify network peers after migration (bsc#1152631 ltc#181798). - powerpc/pseries/vio: Fix iommu_table use-after-free refcount warning (bsc#1065729). - powerpc/pseries: Advance pfn if section is not present in lmb_is_removable() (bsc#1065729). - powerpc/pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce for DDW (bsc#1065729). - powerpc/pseries: Drop pointless static qualifier in vpa_debugfs_init() (git-fixes). - powerpc/security: Fix debugfs data leak on 32-bit (bsc#1065729). - powerpc/tm: Fix clearing MSR[TS] in current when reclaiming on signal delivery (bsc#1118338 ltc#173734). - powerpc/tools: Do not quote $objdump in scripts (bsc#1065729). - powerpc/xive: Discard ESB load value when interrupt is invalid (bsc#1085030). - powerpc/xive: Skip ioremap() of ESB pages for LSI interrupts (bsc#1085030). - powerpc/xmon: do not access ASDR in VMs (bsc#1065729). - powerpc: Allow 64bit VDSO __kernel_sync_dicache to work across ranges >4GB (bnc#1151927 5.3.17). - powerpc: Allow flush_icache_range to work across ranges >4GB (bnc#1151927 5.3.17). - powerpc: avoid adjusting memory_limit for capture kernel memory reservation (bsc#1140025 ltc#176086). - powerpc: Fix vDSO clock_getres() (bsc#1065729). - powerpc: reserve memory for capture kernel after hugepages init (bsc#1140025 ltc#176086). - ppp: Adjust indentation into ppp_async_input (git-fixes). - prevent active file list thrashing due to refault detection (VM Performance, bsc#1156286). - printk: Export console_printk (bsc#1071995). - pstore/ram: Write new dumps to start of recycled zones (bsc#1051510). - pwm: Clear chip_data in pwm_put() (bsc#1051510). - pwm: clps711x: Fix period calculation (bsc#1051510). - pwm: omap-dmtimer: Remove PWM chip in .remove before making it unfunctional (git-fixes). - pwm: Remove set but not set variable 'pwm' (git-fixes). - pxa168fb: Fix the function used to release some memory in an error (bsc#1114279) - qede: Disable hardware gro when xdp prog is installed (bsc#1086314 bsc#1086313 bsc#1086301 ). - qede: Fix multicast mac configuration (networking-stable-19_12_28). - qede: fix NULL pointer deref in __qede_remove() (networking-stable-19_11_10). - qmi_wwan: Add support for Quectel RM500Q (bsc#1051510). - quota: Check that quota is not dirty before release (bsc#1163858). - quota: fix livelock in dquot_writeback_dquots (bsc#1163857). - r8152: add missing endpoint sanity check (bsc#1051510). - r8152: get default setting of WOL before initializing (bsc#1051510). - random: move FIPS continuous test to output functions (bsc#1155334). - RDMA/bnxt_re: Avoid freeing MR resources if dereg fails (bsc#1050244). - RDMA/hns: Prevent memory leaks of eq->buf_list (bsc#1104427 ). - regulator: Fix return value of _set_load() stub (bsc#1051510). - regulator: rk808: Lower log level on optional GPIOs being not available (bsc#1051510). - regulator: rn5t618: fix module aliases (bsc#1051510). - regulator: tps65910: fix a missing check of return value (bsc#1051510). - reiserfs: Fix memory leak of journal device string (bsc#1163867). - reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling (bsc#1163869). - reset: fix reset_control_ops kerneldoc comment (bsc#1051510). - resource: fix locking in find_next_iomem_res() (bsc#1114279). - rpm/kabi.pl: support new (>=5.4) Module.symvers format (new symbol namespace field) - rpm/kernel-binary.spec.in: Replace Novell with SUSE - rpm/kernel-subpackage-spec: Exclude kernel-firmware recommends (bsc#1143959) For reducing the dependency on kernel-firmware in sub packages - rpm/kernel-subpackage-spec: Fix empty Recommends tag (bsc#1143959) - rpm/kernel-subpackage-spec: fix kernel-default-base build There were some issues with recent changes to subpackage dependencies handling: - rpm/kernel-subpackage-spec: Unify dependency handling. - rpm/modules.fips: update module list (bsc#1157853) - rsi_91x_usb: fix interface sanity check (git-fixes). - rt2800: remove errornous duplicate condition (git-fixes). - rtc: cmos: Stop using shared IRQ (bsc#1051510). - rtc: dt-binding: abx80x: fix resistance scale (bsc#1051510). - rtc: hym8563: Return -EINVAL if the time is known to be invalid (bsc#1051510). - rtc: max8997: Fix the returned value in case of error in 'max8997_rtc_read_alarm()' (bsc#1051510). - rtc: msm6242: Fix reading of 10-hour digit (bsc#1051510). - rtc: pcf8523: set xtal load capacitance from DT (bsc#1051510). - rtc: s35390a: Change buf's type to u8 in s35390a_init (bsc#1051510). - rtl818x: fix potential use after free (bsc#1051510). - rtl8xxxu: fix interface sanity check (git-fixes). - rtlwifi: Fix MAX MPDU of VHT capability (git-fixes). - rtlwifi: Remove redundant semicolon in wifi.h (git-fixes). - s390/ftrace: generate traced function stack frame (jsc#SLE-11178 jsc#SLE-11179). - s390/ftrace: save traced function caller (jsc#SLE-11179). - s390/ftrace: use HAVE_FUNCTION_GRAPH_RET_ADDR_PTR (jsc#SLE-11179). - s390/head64: correct init_task stack setup (jsc#SLE-11179). - s390/kasan: avoid false positives during stack unwind (jsc#SLE-11179). - s390/kasan: avoid report in get_wchan (jsc#SLE-11179). - s390/livepatch: Implement reliable stack tracing for the consistency model (jsc#SLE-11179). - s390/mm: properly clear _PAGE_NOEXEC bit when it is not supported (bsc#1051510). - s390/process: avoid custom stack unwinding in get_wchan (jsc#SLE-11179). - s390/qeth: clean up page frag creation (git-fixes). - s390/qeth: consolidate skb allocation (git-fixes). - s390/qeth: ensure linear access to packet headers (git-fixes). - s390/qeth: guard against runt packets (git-fixes). - s390/stacktrace: use common arch_stack_walk infrastructure (jsc#SLE-11179). - s390/suspend: fix stack setup in swsusp_arch_suspend (jsc#SLE-11179). - s390/test_unwind: print verbose unwinding results (jsc#SLE-11179). - s390/unwind: add stack pointer alignment sanity checks (jsc#SLE-11179). - s390/unwind: always inline get_stack_pointer (jsc#SLE-11179). - s390/unwind: avoid int overflow in outside_of_stack (jsc#SLE-11179). - s390/unwind: cleanup unused READ_ONCE_TASK_STACK (jsc#SLE-11179). - s390/unwind: correct stack switching during unwind (jsc#SLE-11179). - s390/unwind: drop unnecessary code around calling ftrace_graph_ret_addr() (jsc#SLE-11179). - s390/unwind: filter out unreliable bogus %r14 (jsc#SLE-11179). - s390/unwind: fix get_stack_pointer(NULL, NULL) (jsc#SLE-11179). - s390/unwind: fix mixing regs and sp (jsc#SLE-11179). - s390/unwind: introduce stack unwind API (jsc#SLE-11179). - s390/unwind: make reuse_sp default when unwinding pt_regs (jsc#SLE-11179). - s390/unwind: remove stack recursion warning (jsc#SLE-11179). - s390/unwind: report an error if pt_regs are not on stack (jsc#SLE-11179). - s390/unwind: start unwinding from reliable state (jsc#SLE-11179). - s390/unwind: stop gracefully at task pt_regs (jsc#SLE-11179). - s390/unwind: stop gracefully at user mode pt_regs in irq stack (jsc#SLE-11179). - s390/unwind: unify task is current checks (jsc#SLE-11179). - s390: add stack switch helper (jsc#SLE-11179). - s390: add support for virtually mapped kernel stacks (jsc#SLE-11179). - s390: always inline current_stack_pointer() (jsc#SLE-11179). - s390: always inline disabled_wait (jsc#SLE-11179). - s390: avoid misusing CALL_ON_STACK for task stack setup (jsc#SLE-11179). - s390: clean up stacks setup (jsc#SLE-11179). - s390: correct CALL_ON_STACK back_chain saving (jsc#SLE-11179). - s390: disable preemption when switching to nodat stack with CALL_ON_STACK (jsc#SLE-11179). - s390: fine-tune stack switch helper (jsc#SLE-11179). - s390: fix register clobbering in CALL_ON_STACK (jsc#SLE-11179). - s390: kabi workaround for ftrace_ret_stack (jsc#SLE-11179). - s390: kabi workaround for lowcore changes due to vmap stack (jsc#SLE-11179). - s390: kabi workaround for reliable stack tracing (jsc#SLE-11179). - s390: preserve kabi for stack unwind API (jsc#SLE-11179). - s390: unify stack size definitions (jsc#SLE-11179). - sched/fair: Add tmp_alone_branch assertion (bnc#1156462). - sched/fair: Fix insertion in rq->leaf_cfs_rq_list (bnc#1156462). - sched/fair: Fix O(nr_cgroups) in the load balancing path (bnc#1156462). - sched/fair: Optimize update_blocked_averages() (bnc#1156462). - sched/fair: WARN() and refuse to set buddy when !se->on_rq (bsc#1158132). - scsi: qla2xxx: Add a shadow variable to hold disc_state history of fcport (bsc#1158013). - scsi: qla2xxx: Add D-Port Diagnostic reason explanation logs (bsc#1158013). - scsi: qla2xxx: Added support for MPI and PEP regions for ISP28XX (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548). - scsi: qla2xxx: Cleanup unused async_logout_done (bsc#1158013). - scsi: qla2xxx: Consolidate fabric scan (bsc#1158013). - scsi: qla2xxx: Correct fcport flags handling (bsc#1158013). - scsi: qla2xxx: Correctly retrieve and interpret active flash region (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548). - scsi: qla2xxx: Fix a NULL pointer dereference in an error path (bsc#1157966 bsc#1158013 bsc#1157424). - scsi: qla2xxx: Fix fabric scan hang (bsc#1158013). - scsi: qla2xxx: Fix incorrect SFUB length used for Secure Flash Update MB Cmd (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548). - scsi: qla2xxx: Fix mtcp dump collection failure (bsc#1158013). - scsi: qla2xxx: Fix RIDA Format-2 (bsc#1158013). - scsi: qla2xxx: Fix stuck login session using prli_pend_timer (bsc#1158013). - scsi: qla2xxx: Fix stuck session in GNL (bsc#1158013). - scsi: qla2xxx: Fix the endianness of the qla82xx_get_fw_size() return type (bsc#1158013). - scsi: qla2xxx: Fix unbound NVME response length (bsc#1157966 bsc#1158013 bsc#1157424). - scsi: qla2xxx: Fix update_fcport for current_topology (bsc#1158013). - scsi: qla2xxx: Improve readability of the code that handles qla_flt_header (bsc#1158013). - scsi: qla2xxx: Remove defer flag to indicate immeadiate port loss (bsc#1158013). - scsi: qla2xxx: Update driver version to 10.01.00.22-k (bsc#1158013). - scsi: qla2xxx: Use common routine to free fcport struct (bsc#1158013). - scsi: qla2xxx: Use get_unaligned_*() instead of open-coding these functions (bsc#1158013). - scsi: zfcp: trace channel log even for FCP command responses (git-fixes). - sctp: cache netns in sctp_ep_common (networking-stable-19_12_03). - sctp: fully initialize v4 addr in some functions (networking-stable-19_12_28). - serial: 8250_bcm2835aux: Fix line mismatch on driver unbind (bsc#1051510). - serial: ifx6x60: add missed pm_runtime_disable (bsc#1051510). - serial: max310x: Fix tx_empty() callback (bsc#1051510). - serial: pl011: Fix DMA ->flush_buffer() (bsc#1051510). - serial: serial_core: Perform NULL checks for break_ctl ops (bsc#1051510). - serial: stm32: fix transmit_chars when tx is stopped (bsc#1051510). - sfc: Only cancel the PPS workqueue if it exists (networking-stable-19_11_25). - sh_eth: check sh_eth_cpu_data::dual_port when dumping registers (bsc#1051510). - sh_eth: fix dumping ARSTR (bsc#1051510). - sh_eth: fix invalid context bug while calling auto-negotiation by ethtool (bsc#1051510). - sh_eth: fix invalid context bug while changing link options by ethtool (bsc#1051510). - sh_eth: fix TSU init on SH7734/R8A7740 (bsc#1051510). - sh_eth: fix TXALCR1 offsets (bsc#1051510). - sh_eth: TSU_QTAG0/1 registers the same as TSU_QTAGM0/1 (bsc#1051510). - smb3: Fix crash in SMB2_open_init due to uninitialized field in compounding path (bsc#1144333). - smb3: Fix persistent handles reconnect (bsc#1144333). - smb3: fix refcount underflow warning on unmount when no directory leases (bsc#1144333). - smb3: remove confusing dmesg when mounting with encryption ('seal') (bsc#1144333). - soc/tegra: fuse: Correct straps' address for older Tegra124 device trees (bsc#1051510). - soc: renesas: rcar-sysc: Add goto to of_node_put() before return (bsc#1051510). - soc: ti: wkup_m3_ipc: Fix race condition with rproc_boot (bsc#1051510). - spi: omap2-mcspi: Fix DMA and FIFO event trigger size mismatch (bsc#1051510). - spi: omap2-mcspi: Set FIFO DMA trigger level to word length (bsc#1051510). - spi: tegra114: clear packed bit for unpacked mode (bsc#1051510). - spi: tegra114: configure dma burst size to fifo trig level (bsc#1051510). - spi: tegra114: fix for unpacked mode transfers (bsc#1051510). - spi: tegra114: flush fifos (bsc#1051510). - spi: tegra114: terminate dma and reset on transfer timeout (bsc#1051510). - sr_vendor: support Beurer GL50 evo CD-on-a-chip devices (boo#1164632). - stacktrace: Do not skip first entry on noncurrent tasks (jsc#SLE-11179). - stacktrace: Force USER_DS for stack_trace_save_user() (jsc#SLE-11179). - stacktrace: Get rid of unneeded '!!' pattern (jsc#SLE-11179). - stacktrace: Provide common infrastructure (jsc#SLE-11179). - stacktrace: Provide helpers for common stack trace operations (jsc#SLE-11179). - stacktrace: Unbreak stack_trace_save_tsk_reliable() (jsc#SLE-11179). - stacktrace: Use PF_KTHREAD to check for kernel threads (jsc#SLE-11179). - staging: comedi: adv_pci1710: fix AI channels 16-31 for PCI-1713 (bsc#1051510). - staging: iio: adt7316: Fix i2c data reading, set the data field (bsc#1051510). - staging: rtl8188eu: fix interface sanity check (bsc#1051510). - staging: rtl8192e: fix potential use after free (bsc#1051510). - staging: rtl8723bs: Add 024c:0525 to the list of SDIO device-ids (bsc#1051510). - staging: rtl8723bs: Drop ACPI device ids (bsc#1051510). - staging: vt6656: correct packet types for CTS protect, mode (bsc#1051510). - staging: vt6656: Fix false Tx excessive retries reporting (bsc#1051510). - staging: vt6656: use NULLFUCTION stack on mac80211 (bsc#1051510). - staging: wlan-ng: ensure error return is actually returned (bsc#1051510). - stm class: Fix a double free of stm_source_device (bsc#1051510). - stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock (bsc#1088810, bsc#1161702). - stop_machine: Atomically queue and wake stopper threads (bsc#1088810, bsc#1161702). - stop_machine: Disable preemption after queueing stopper threads (bsc#1088810, bsc#1161702). - stop_machine: Disable preemption when waking two stopper threads (bsc#1088810, bsc#1161702). - supported.conf: - synclink_gt(): fix compat_ioctl() (bsc#1051510). - tcp: clear tp->packets_out when purging write queue (bsc#1160560). - tcp: do not send empty skb from tcp_write_xmit() (networking-stable-20_01_01). - tcp: exit if nothing to retransmit on RTO timeout (bsc#1160560, stable 4.14.159). - tcp: md5: fix potential overestimation of TCP option space (networking-stable-19_12_16). - tcp_nv: fix potential integer overflow in tcpnv_acked (bsc#1051510). - thermal: Fix deadlock in thermal thermal_zone_device_check (bsc#1051510). - tipc: Avoid copying bytes beyond the supplied data (bsc#1051510). - tipc: check bearer name with right length in tipc_nl_compat_bearer_enable (bsc#1051510). - tipc: check link name with right length in tipc_nl_compat_link_set (bsc#1051510). - tipc: check msg->req data len in tipc_nl_compat_bearer_disable (bsc#1051510). - tipc: compat: allow tipc commands without arguments (bsc#1051510). - tipc: fix a missing check of genlmsg_put (bsc#1051510). - tipc: fix link name length check (bsc#1051510). - tipc: fix memory leak in tipc_nl_compat_publ_dump (bsc#1051510). - tipc: fix skb may be leaky in tipc_link_input (bsc#1051510). - tipc: fix tipc_mon_delete() oops in tipc_enable_bearer() error path (bsc#1051510). - tipc: fix wrong timeout input for tipc_wait_for_cond() (bsc#1051510). - tipc: handle the err returned from cmd header function (bsc#1051510). - tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb (bsc#1051510). - tipc: tipc clang warning (bsc#1051510). - tracing: Annotate ftrace_graph_hash pointer with __rcu (git-fixes). - tracing: Annotate ftrace_graph_notrace_hash pointer with __rcu (git-fixes). - tracing: Cleanup stack trace code (jsc#SLE-11179). - tracing: Fix tracing_stat return values in error handling paths (git-fixes). - tracing: Fix very unlikely race of registering two stat tracers (git-fixes). - tracing: Have the histogram compare functions convert to u64 first (bsc#1160210). - tracing: xen: Ordered comparison of function pointers (git-fixes). - tty/serial: atmel: Add is_half_duplex helper (bsc#1051510). - tty: n_hdlc: fix build on SPARC (bsc#1051510). - tty: serial: fsl_lpuart: use the sg count from dma_map_sg (bsc#1051510). - tty: serial: imx: use the sg count from dma_map_sg (bsc#1051510). - tty: serial: msm_serial: Fix flow control (bsc#1051510). - tty: serial: msm_serial: Fix lockup for sysrq and oops (bsc#1051510). - tty: serial: pch_uart: correct usage of dma_unmap_sg (bsc#1051510). - tty: vt: keyboard: reject invalid keycodes (bsc#1051510). - uaccess: Add non-pagefault user-space write function (bsc#1083647). - ubifs: Correctly initialize c->min_log_bytes (bsc#1158641). - ubifs: do not trigger assertion on invalid no-key filename (bsc#1163850). - ubifs: Fix deadlock in concurrent bulk-read and writepage (bsc#1163856). - ubifs: Fix FS_IOC_SETFLAGS unexpectedly clearing encrypt flag (bsc#1163855). - ubifs: Limit the number of pages in shrink_liability (bsc#1158643). - ubifs: Reject unsupported ioctl flags explicitly (bsc#1163844). - udp: fix integer overflow while computing available space in sk_rcvbuf (networking-stable-20_01_01). - usb-storage: Disable UAS on JMicron SATA enclosure (bsc#1051510). - usb: adutux: fix interface sanity check (bsc#1051510). - usb: Allow USB device to be warm reset in suspended state (bsc#1051510). - usb: atm: ueagle-atm: add missing endpoint check (bsc#1051510). - usb: chipidea: host: Disable port power only if previously enabled (bsc#1051510). - usb: core: fix check for duplicate endpoints (git-fixes). - usb: core: hub: Improved device recognition on remote wakeup (bsc#1051510). - usb: core: urb: fix URB structure initialization function (bsc#1051510). - usb: documentation: flags on usb-storage versus UAS (bsc#1051510). - usb: dwc3: debugfs: Properly print/set link state for HS (bsc#1051510). - usb: dwc3: do not log probe deferrals; but do log other error codes (bsc#1051510). - usb: dwc3: ep0: Clear started flag on completion (bsc#1051510). - usb: dwc3: turn off VBUS when leaving host mode (bsc#1051510). - usb: EHCI: Do not return -EPIPE when hub is disconnected (git-fixes). - usb: gadget: f_ecm: Use atomic_t to track in-flight request (bsc#1051510). - usb: gadget: f_ncm: Use atomic_t to track in-flight request (bsc#1051510). - usb: gadget: legacy: set max_speed to super-speed (bsc#1051510). - usb: gadget: pch_udc: fix use after free (bsc#1051510). - usb: gadget: u_serial: add missing port entry locking (bsc#1051510). - usb: gadget: Zero ffs_io_data (bsc#1051510). - usb: host: xhci-hub: fix extra endianness conversion (bsc#1051510). - usb: idmouse: fix interface sanity checks (bsc#1051510). - usb: misc: appledisplay: fix backlight update_status return code (bsc#1051510). - usb: mon: Fix a deadlock in usbmon between mmap and read (bsc#1051510). - usb: mtu3: fix dbginfo in qmu_tx_zlp_error_handler (bsc#1051510). - usb: musb: dma: Correct parameter passed to IRQ handler (bsc#1051510). - usb: musb: fix idling for suspend after disconnect interrupt (bsc#1051510). - usb: serial: ch341: handle unbound port at reset_resume (bsc#1051510). - usb: serial: ftdi_sio: add device IDs for U-Blox C099-F9P (bsc#1051510). - usb: serial: io_edgeport: add missing active-port sanity check (bsc#1051510). - usb: serial: io_edgeport: fix epic endpoint lookup (bsc#1051510). - usb: serial: io_edgeport: handle unbound ports on URB completion (bsc#1051510). - usb: serial: io_edgeport: use irqsave() in USB's complete callback (bsc#1051510). - usb: serial: ir-usb: add missing endpoint sanity check (bsc#1051510). - usb: serial: ir-usb: fix IrLAP framing (bsc#1051510). - usb: serial: ir-usb: fix link-speed handling (bsc#1051510). - usb: serial: keyspan: handle unbound ports (bsc#1051510). - usb: serial: opticon: fix control-message timeouts (bsc#1051510). - usb: serial: option: Add support for Quectel RM500Q (bsc#1051510). - usb: serial: option: add support for Quectel RM500Q in QDL mode (git-fixes). - usb: serial: option: add Telit ME910G1 0x110a composition (git-fixes). - usb: serial: option: add ZLP support for 0x1bc7/0x9010 (git-fixes). - usb: serial: quatech2: handle unbound ports (bsc#1051510). - usb: serial: simple: Add Motorola Solutions TETRA MTP3xxx and MTP85xx (bsc#1051510). - usb: serial: suppress driver bind attributes (bsc#1051510). - usb: typec: tcpci: mask event interrupts when remove driver (bsc#1051510). - usb: uas: heed CAPACITY_HEURISTICS (bsc#1051510). - usb: uas: honor flag to avoid CAPACITY16 (bsc#1051510). - usb: xhci: Fix build warning seen with CONFIG_PM=n (bsc#1051510). - usb: xhci: only set D3hot for pci device (bsc#1051510). - usbip: Fix error path of vhci_recv_ret_submit() (git-fixes). - usbip: Fix receive error in vhci-hcd when using scatter-gather (bsc#1051510). - vfs: fix preadv64v2 and pwritev64v2 compat syscalls with offset == -1 (bsc#1051510). - vhost/vsock: accept only packets with the right dst_cid (networking-stable-20_01_01). - video: backlight: Add devres versions of of_find_backlight (bsc#1090888) Taken for 6010831dde5. - video: backlight: Add of_find_backlight helper in backlight.c (bsc#1090888) Taken for 6010831dde5. - vsock/virtio: fix sock refcnt holding during the shutdown (git-fixes). - watchdog: max77620_wdt: fix potential build errors (bsc#1051510). - watchdog: rn5t618_wdt: fix module aliases (bsc#1051510). - watchdog: sama5d4: fix WDD value to be always set to max (bsc#1051510). - watchdog: wdat_wdt: fix get_timeleft call for wdat_wdt (bsc#1162557). - wireless: fix enabling channel 12 for custom regulatory domain (bsc#1051510). - wireless: wext: avoid gcc -O3 warning (bsc#1051510). - workqueue: Fix pwq ref leak in rescuer_thread() (bsc#1160211). - x86/cpu: Update cached HLE state on write to TSX_CTRL_CPUID_CLEAR (bsc#1162619). - x86/intel_rdt: Split resource group removal in two (bsc#1112178). - x86/kgbd: Use NMI_VECTOR not APIC_DM_NMI (bsc#1114279). - x86/mce/AMD: Allow any CPU to initialize the smca_banks array (bsc#1114279). - x86/MCE/AMD: Allow Reserved types to be overwritten in smca_banks (bsc#1114279). - x86/MCE/AMD: Do not use rdmsr_safe_on_cpu() in smca_configure() (bsc#1114279). - x86/mce: Fix possibly incorrect severity calculation on AMD (bsc#1114279). - x86/resctrl: Check monitoring static key in the MBM overflow handler (bsc#1114279). - x86/resctrl: Fix a deadlock due to inaccurate reference (bsc#1112178). - x86/resctrl: Fix an imbalance in domain_remove_cpu() (bsc#1114279). - x86/resctrl: Fix potential memory leak (bsc#1114279). - x86/resctrl: Fix use-after-free due to inaccurate refcount of rdtgroup (bsc#1112178). - x86/resctrl: Fix use-after-free when deleting resource groups (bsc#1114279). - x86/speculation: Fix incorrect MDS/TAA mitigation status (bsc#1114279). - x86/speculation: Fix redundant MDS mitigation message (bsc#1114279). - xen-blkfront: switch kcalloc to kvcalloc for large array allocation (bsc#1160917). - xen/balloon: Support xend-based toolstack take two (bsc#1065600). - xen/blkback: Avoid unmapping unmapped grant pages (bsc#1065600). - xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk (bsc#1065600). - xen: Enable interrupts when calling _cond_resched() (bsc#1065600). - xfrm: Fix transport mode skb control buffer usage (bsc#1161552). - xfs: Fix tail rounding in xfs_alloc_file_space() (bsc#1161087, bsc#1153917). - xfs: Sanity check flags of Q_XQUOTARM call (bsc#1158652). - xhci: Fix memory leak in xhci_add_in_port() (bsc#1051510). - xhci: fix USB3 device initiated resume race with roothub autosuspend (bsc#1051510). - xhci: handle some XHCI_TRUST_TX_LENGTH quirks cases as default behaviour (bsc#1051510). - xhci: Increase STS_HALT timeout in xhci_suspend() (bsc#1051510). - xhci: make sure interrupts are restored to correct state (bsc#1051510). - zd1211rw: fix storage endpoint lookup (git-fixes). Important SUSE bug 1046303 SUSE bug 1050244 SUSE bug 1051510 SUSE bug 1051858 SUSE bug 1061840 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1083647 SUSE bug 1085030 SUSE bug 1086301 SUSE bug 1086313 SUSE bug 1086314 SUSE bug 1088810 SUSE bug 1090888 SUSE bug 1104427 SUSE bug 1105392 SUSE bug 1111666 SUSE bug 1112178 SUSE bug 1112504 SUSE bug 1114279 SUSE bug 1115026 SUSE bug 1118338 SUSE bug 1120853 SUSE bug 1123328 SUSE bug 1127371 SUSE bug 1133021 SUSE bug 1133147 SUSE bug 1134973 SUSE bug 1140025 SUSE bug 1141054 SUSE bug 1142095 SUSE bug 1143959 SUSE bug 1144333 SUSE bug 1146519 SUSE bug 1146544 SUSE bug 1151548 SUSE bug 1151910 SUSE bug 1151927 SUSE bug 1152631 SUSE bug 1153917 SUSE bug 1154243 SUSE bug 1155331 SUSE bug 1155334 SUSE bug 1155689 SUSE bug 1156259 SUSE bug 1156286 SUSE bug 1156462 SUSE bug 1157155 SUSE bug 1157157 SUSE bug 1157169 SUSE bug 1157303 SUSE bug 1157424 SUSE bug 1157692 SUSE bug 1157853 SUSE bug 1157908 SUSE bug 1157966 SUSE bug 1158013 SUSE bug 1158021 SUSE bug 1158026 SUSE bug 1158094 SUSE bug 1158132 SUSE bug 1158381 SUSE bug 1158394 SUSE bug 1158398 SUSE bug 1158407 SUSE bug 1158410 SUSE bug 1158413 SUSE bug 1158417 SUSE bug 1158427 SUSE bug 1158445 SUSE bug 1158533 SUSE bug 1158637 SUSE bug 1158638 SUSE bug 1158639 SUSE bug 1158640 SUSE bug 1158641 SUSE bug 1158643 SUSE bug 1158644 SUSE bug 1158645 SUSE bug 1158646 SUSE bug 1158647 SUSE bug 1158649 SUSE bug 1158651 SUSE bug 1158652 SUSE bug 1158819 SUSE bug 1158823 SUSE bug 1158824 SUSE bug 1158827 SUSE bug 1158834 SUSE bug 1158893 SUSE bug 1158900 SUSE bug 1158903 SUSE bug 1158904 SUSE bug 1158954 SUSE bug 1159024 SUSE bug 1159028 SUSE bug 1159271 SUSE bug 1159297 SUSE bug 1159394 SUSE bug 1159483 SUSE bug 1159484 SUSE bug 1159569 SUSE bug 1159588 SUSE bug 1159841 SUSE bug 1159908 SUSE bug 1159909 SUSE bug 1159910 SUSE bug 1159911 SUSE bug 1159955 SUSE bug 1160195 SUSE bug 1160210 SUSE bug 1160211 SUSE bug 1160218 SUSE bug 1160433 SUSE bug 1160442 SUSE bug 1160476 SUSE bug 1160560 SUSE bug 1160755 SUSE bug 1160756 SUSE bug 1160784 SUSE bug 1160787 SUSE bug 1160802 SUSE bug 1160803 SUSE bug 1160804 SUSE bug 1160917 SUSE bug 1160966 SUSE bug 1160979 SUSE bug 1161087 SUSE bug 1161360 SUSE bug 1161514 SUSE bug 1161518 SUSE bug 1161522 SUSE bug 1161523 SUSE bug 1161549 SUSE bug 1161552 SUSE bug 1161674 SUSE bug 1161702 SUSE bug 1161875 SUSE bug 1161907 SUSE bug 1161931 SUSE bug 1161933 SUSE bug 1161934 SUSE bug 1161935 SUSE bug 1161936 SUSE bug 1161937 SUSE bug 1162028 SUSE bug 1162067 SUSE bug 1162109 SUSE bug 1162139 SUSE bug 1162557 SUSE bug 1162617 SUSE bug 1162618 SUSE bug 1162619 SUSE bug 1162623 SUSE bug 1162928 SUSE bug 1162943 SUSE bug 1163383 SUSE bug 1163384 SUSE bug 1163762 SUSE bug 1163774 SUSE bug 1163836 SUSE bug 1163840 SUSE bug 1163841 SUSE bug 1163842 SUSE bug 1163843 SUSE bug 1163844 SUSE bug 1163845 SUSE bug 1163846 SUSE bug 1163849 SUSE bug 1163850 SUSE bug 1163851 SUSE bug 1163852 SUSE bug 1163853 SUSE bug 1163855 SUSE bug 1163856 SUSE bug 1163857 SUSE bug 1163858 SUSE bug 1163859 SUSE bug 1163860 SUSE bug 1163861 SUSE bug 1163862 SUSE bug 1163863 SUSE bug 1163867 SUSE bug 1163869 SUSE bug 1163880 SUSE bug 1163971 SUSE bug 1164069 SUSE bug 1164098 SUSE bug 1164115 SUSE bug 1164314 SUSE bug 1164315 SUSE bug 1164388 SUSE bug 1164471 SUSE bug 1164632 SUSE bug 1164705 SUSE bug 1164712 SUSE bug 1164727 SUSE bug 1164728 SUSE bug 1164729 SUSE bug 1164730 SUSE bug 1164731 SUSE bug 1164732 SUSE bug 1164733 SUSE bug 1164734 SUSE bug 1164735 CVE-2019-14615 CVE-2019-14896 CVE-2019-14897 CVE-2019-15213 CVE-2019-16994 CVE-2019-18808 CVE-2019-19036 CVE-2019-19045 CVE-2019-19051 CVE-2019-19054 CVE-2019-19066 CVE-2019-19318 CVE-2019-19319 CVE-2019-19332 CVE-2019-19338 CVE-2019-19447 CVE-2019-19523 CVE-2019-19524 CVE-2019-19525 CVE-2019-19526 CVE-2019-19527 CVE-2019-19528 CVE-2019-19529 CVE-2019-19530 CVE-2019-19531 CVE-2019-19532 CVE-2019-19533 CVE-2019-19534 CVE-2019-19535 CVE-2019-19536 CVE-2019-19537 CVE-2019-19543 CVE-2019-19767 CVE-2019-19965 CVE-2019-19966 CVE-2019-20054 CVE-2019-20095 CVE-2019-20096 CVE-2020-2732 CVE-2020-7053 CVE-2020-8428 CVE-2020-8648 CVE-2020-8992 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_48 fixes one issue. The following security issue was fixed: - CVE-2020-1749: Fixed an issue in the networking protocols in encrypted IPsec tunnel (bsc#1165631) Important SUSE bug 1165631 CVE-2020-1749 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_45 fixes several issues. The following security issues were fixed: - CVE-2020-1749: Fixed an issue in the networking protocols in encrypted IPsec tunnel (bsc#1165631) - CVE-2019-5108: Fixed an issue where by triggering AP to send IAPP location updates for stations before the required authentication process has completed could have led to denial-of-service (bsc#1159913). Important SUSE bug 1159913 SUSE bug 1165631 CVE-2019-5108 CVE-2020-1749 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_40 fixes several issues. The following security issues were fixed: - CVE-2020-1749: Fixed an issue in the networking protocols in encrypted IPsec tunnel (bsc#1165631) - CVE-2019-5108: Fixed an issue where by triggering AP to send IAPP location updates for stations before the required authentication process has completed could have led to denial-of-service (bsc#1159913). Important SUSE bug 1159913 SUSE bug 1165631 CVE-2019-5108 CVE-2020-1749 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_37 fixes several issues. The following security issues were fixed: - CVE-2020-1749: Fixed an issue in the networking protocols in encrypted IPsec tunnel (bsc#1165631) - CVE-2019-5108: Fixed an issue where by triggering AP to send IAPP location updates for stations before the required authentication process has completed could have led to denial-of-service (bsc#1159913). Important SUSE bug 1159913 SUSE bug 1165631 CVE-2019-5108 CVE-2020-1749 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_32 fixes several issues. The following security issues were fixed: - CVE-2020-1749: Fixed an issue in the networking protocols in encrypted IPsec tunnel (bsc#1165631) - CVE-2019-5108: Fixed an issue where by triggering AP to send IAPP location updates for stations before the required authentication process has completed could have led to denial-of-service (bsc#1159913). Important SUSE bug 1159913 SUSE bug 1165631 CVE-2019-5108 CVE-2020-1749 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_29 fixes several issues. The following security issues were fixed: - CVE-2020-1749: Fixed an issue in the networking protocols in encrypted IPsec tunnel (bsc#1165631) - CVE-2019-5108: Fixed an issue where by triggering AP to send IAPP location updates for stations before the required authentication process has completed could have led to denial-of-service (bsc#1159913). Important SUSE bug 1159913 SUSE bug 1165631 CVE-2019-5108 CVE-2020-1749 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_24 fixes several issues. The following security issues were fixed: - CVE-2020-1749: Fixed an issue in the networking protocols in encrypted IPsec tunnel (bsc#1165631) - CVE-2019-5108: Fixed an issue where by triggering AP to send IAPP location updates for stations before the required authentication process has completed could have led to denial-of-service (bsc#1159913). Important SUSE bug 1159913 SUSE bug 1165631 CVE-2019-5108 CVE-2020-1749 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_19 fixes several issues. The following security issues were fixed: - CVE-2020-1749: Fixed an issue in the networking protocols in encrypted IPsec tunnel (bsc#1165631) - CVE-2019-5108: Fixed an issue where by triggering AP to send IAPP location updates for stations before the required authentication process has completed could have led to denial-of-service (bsc#1159913). Important SUSE bug 1159913 SUSE bug 1165631 CVE-2019-5108 CVE-2020-1749 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_16 fixes several issues. The following security issues were fixed: - CVE-2020-1749: Fixed an issue in the networking protocols in encrypted IPsec tunnel (bsc#1165631) - CVE-2019-5108: Fixed an issue where by triggering AP to send IAPP location updates for stations before the required authentication process has completed could have led to denial-of-service (bsc#1159913). Important SUSE bug 1159913 SUSE bug 1165631 CVE-2019-5108 CVE-2020-1749 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_51 fixes several issues. The following security issues were fixed: - CVE-2021-27365: Fixed an issue where data structures did not have appropriate length constraints or checks, and could exceed the PAGE_SIZE value (bsc#1183491). - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1183120). - CVE-2021-27364: Fixed an issue where an unprivileged user could craft Netlink messages (bsc#1182717). Important SUSE bug 1182717 SUSE bug 1183120 SUSE bug 1183491 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_54 fixes several issues. The following security issues were fixed: - CVE-2021-27365: Fixed an issue where data structures did not have appropriate length constraints or checks, and could exceed the PAGE_SIZE value (bsc#1183491). - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1183120). - CVE-2021-27364: Fixed an issue where an unprivileged user could craft Netlink messages (bsc#1182717). Important SUSE bug 1182717 SUSE bug 1183120 SUSE bug 1183491 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_57 fixes several issues. The following security issues were fixed: - CVE-2021-27365: Fixed an issue where data structures did not have appropriate length constraints or checks, and could exceed the PAGE_SIZE value (bsc#1183491). - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1183120). - CVE-2021-27364: Fixed an issue where an unprivileged user could craft Netlink messages (bsc#1182717). Important SUSE bug 1182717 SUSE bug 1183120 SUSE bug 1183491 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_60 fixes several issues. The following security issues were fixed: - CVE-2021-27365: Fixed an issue where data structures did not have appropriate length constraints or checks, and could exceed the PAGE_SIZE value (bsc#1183491). - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1183120). - CVE-2021-27364: Fixed an issue where an unprivileged user could craft Netlink messages (bsc#1182717). Important SUSE bug 1182717 SUSE bug 1183120 SUSE bug 1183491 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_65 fixes several issues. The following security issues were fixed: - CVE-2021-27365: Fixed an issue where data structures did not have appropriate length constraints or checks, and could exceed the PAGE_SIZE value (bsc#1183491). - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1183120). - CVE-2021-27364: Fixed an issue where an unprivileged user could craft Netlink messages (bsc#1182717). Important SUSE bug 1182717 SUSE bug 1183120 SUSE bug 1183491 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_68 fixes several issues. The following security issues were fixed: - CVE-2021-27365: Fixed an issue where data structures did not have appropriate length constraints or checks, and could exceed the PAGE_SIZE value (bsc#1183491). - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1183120). - CVE-2021-27364: Fixed an issue where an unprivileged user could craft Netlink messages (bsc#1182717). Important SUSE bug 1182717 SUSE bug 1183120 SUSE bug 1183491 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_71 fixes several issues. The following security issues were fixed: - CVE-2021-27365: Fixed an issue where data structures did not have appropriate length constraints or checks, and could exceed the PAGE_SIZE value (bsc#1183491). - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1183120). - CVE-2021-27364: Fixed an issue where an unprivileged user could craft Netlink messages (bsc#1182717). Important SUSE bug 1182717 SUSE bug 1183120 SUSE bug 1183491 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_51 fixes several issues. The following security issues were fixed: - CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184171). - CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc##1182294, bsc#1183646). - CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1182294). - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1183022). Important SUSE bug 1182294 SUSE bug 1184171 CVE-2021-26930 CVE-2021-26931 CVE-2021-28688 CVE-2021-3444 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_57 fixes several issues. The following security issues were fixed: - CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184171). - CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc##1182294, bsc#1183646). - CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1182294). - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1183022). Important SUSE bug 1182294 SUSE bug 1184171 CVE-2021-26930 CVE-2021-26931 CVE-2021-28688 CVE-2021-3444 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_60 fixes several issues. The following security issues were fixed: - CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184171). - CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc##1182294, bsc#1183646). - CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1182294). - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1183022). Important SUSE bug 1182294 SUSE bug 1184171 CVE-2021-26930 CVE-2021-26931 CVE-2021-28688 CVE-2021-3444 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_65 fixes several issues. The following security issues were fixed: - CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184171). - CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc##1182294, bsc#1183646). - CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1182294). - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1183022). Important SUSE bug 1182294 SUSE bug 1184171 CVE-2021-26930 CVE-2021-26931 CVE-2021-28688 CVE-2021-3444 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_68 fixes several issues. The following security issues were fixed: - CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184171). - CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc##1182294, bsc#1183646). - CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1182294). - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1183022). Important SUSE bug 1182294 SUSE bug 1184171 CVE-2021-26930 CVE-2021-26931 CVE-2021-28688 CVE-2021-3444 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_71 fixes several issues. The following security issues were fixed: - CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184171). - CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc##1182294, bsc#1183646). Important SUSE bug 1182294 SUSE bug 1184171 CVE-2021-28688 CVE-2021-3444 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_54 fixes several issues. The following security issues were fixed: - CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184171). - CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc##1182294, bsc#1183646). - CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1182294). - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1183022). Important SUSE bug 1182294 SUSE bug 1184171 CVE-2021-26930 CVE-2021-26931 CVE-2021-28688 CVE-2021-3444 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bnc#1184509). - CVE-2021-29650: Fixed an issue inside the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208). - CVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations (bnc#1184942). - CVE-2020-36310: Fixed an issue in arch/x86/kvm/svm/svm.c that allowed a set_memory_region_test infinite loop for certain nested page faults (bnc#1184512). - CVE-2020-27673: Fixed an issue in Xen where a guest OS users could have caused a denial of service (host OS hang) via a high rate of events to dom0 (bnc#1177411, bnc#1184583). - CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bnc#1184391). - CVE-2020-25673: Fixed NFC endless loops caused by repeated llcp_sock_connect() (bsc#1178181). - CVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect() (bsc#1178181). - CVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect() (bsc#1178181). - CVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind() (bsc#1178181). - CVE-2020-36311: Fixed an issue in arch/x86/kvm/svm/sev.c that allowed attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions) (bnc#1184511). - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a 'stall on CPU' could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211). - CVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211). - CVE-2021-30002: Fixed a memory leak issue when a webcam device exists (bnc#1184120). - CVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl() (bsc#1184393). - CVE-2021-20219: Fixed a denial of service vulnerability in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could have delayed the loop and cause a threat to the system availability (bnc#1184397). - CVE-2021-28964: Fixed a race condition in fs/btrfs/ctree.c that could have caused a denial of service because of a lack of locking on an extent buffer before a cloning operation (bnc#1184193). - CVE-2021-3444: Fixed the bpf verifier as it did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution (bnc#1184170). - CVE-2021-28971: Fixed a potential local denial of service in intel_pmu_drain_pebs_nhm where userspace applications can cause a system crash because the PEBS status in a PEBS record is mishandled (bnc#1184196). - CVE-2021-28688: Fixed XSA-365 that includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains (bnc#1183646). - CVE-2021-29265: Fixed an issue in usbip_sockfd_store in drivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status (bnc#1184167). - CVE-2021-29264: Fixed an issue in drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver that allowed attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled (bnc#1184168). - CVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c where the RPA PCI Hotplug driver had a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination (bnc#1184198). - CVE-2021-29647: Fixed an issue in kernel qrtr_recvmsg in net/qrtr/qrtr.c that allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bnc#1184192). - CVE-2020-27171: Fixed an issue in kernel/bpf/verifier.c that had an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bnc#1183686, bnc#1183775). - CVE-2020-27170: Fixed an issue in kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. This affects pointer types that do not define a ptr_limit (bnc#1183686 bnc#1183775). - CVE-2021-28660: Fixed rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing beyond the end of the ssid array (bnc#1183593). - CVE-2020-35519: Update patch reference for x25 fix (bsc#1183696). - CVE-2021-3428: Fixed ext4 integer overflow in ext4_es_cache_extent (bsc#1173485, bsc#1183509). - CVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where a possible use after free due to improper locking could have happened. This could have led to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176720). - CVE-2021-28038: Fixed an issue with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931 (bnc#1183022, bnc#1183069). - CVE-2020-27815: Fixed jfs array index bounds check in dbAdjTree (bsc#1179454). - CVE-2021-27365: Fixed an issue inside the iSCSI data structures that does not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bnc#1182715). - CVE-2021-27363: Fixed an issue with a kernel pointer leak that could have been used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables (bnc#1182716). - CVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c where an unprivileged user can craft Netlink messages (bnc#1182717). The following non-security bugs were fixed: - Revert 'rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514)' This turned out to be a bad idea: the kernel-$flavor-devel package must be usable without kernel-$flavor, e.g. at the build of a KMP. And this change brought superfluous installation of kernel-preempt when a system had kernel-syms (bsc#1185113). - Xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367). - bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775). - bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775). - coredump: fix crash when umh is disabled (bsc#1177753, bsc#1182194). - dm: fix redundant IO accounting for bios that need splitting (bsc#1183738). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - handle also the opposite type of race condition - hv: clear ring_buffer pointer during cleanup (part of ae6935ed) (bsc#1181032). - hv_netvsc: remove ndo_poll_controller (bsc#1185248). - ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922). - ibmvnic: Clear failover_pending if unable to schedule (bsc#1181960 ltc#190997). - ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140). - ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: continue fatal error reset after passive init (bsc#1171078 ltc#184239 git-fixes). - ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098 git-fixes). - ibmvnic: enhance resetting status check during module exit (bsc#1065729). - ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues (bsc#1040855 ltc#155067 git-fixes). - ibmvnic: fix a race between open and reset (bsc#1176855 ltc#187293). - ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432 git-fixes). - macros.kernel-source: Use spec_install_pre for certificate installation (boo#1182672). - post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388). - powerpc/vnic: Extend 'failover pending' window (bsc#1176855 ltc#187293). - rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063). - rpm/kernel-subpackage-build: Workaround broken bot (https://github.com/openSUSE/openSUSE-release-tools/issues/2439) - rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244) - rpm/mkspec: Use tilde instead of dot for version string with rc (bsc#1184650) - xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367). Important SUSE bug 1040855 SUSE bug 1044767 SUSE bug 1047233 SUSE bug 1065729 SUSE bug 1094840 SUSE bug 1152457 SUSE bug 1171078 SUSE bug 1173485 SUSE bug 1175873 SUSE bug 1176700 SUSE bug 1176720 SUSE bug 1176855 SUSE bug 1177411 SUSE bug 1177753 SUSE bug 1178181 SUSE bug 1179454 SUSE bug 1181032 SUSE bug 1181960 SUSE bug 1182194 SUSE bug 1182672 SUSE bug 1182715 SUSE bug 1182716 SUSE bug 1182717 SUSE bug 1183022 SUSE bug 1183063 SUSE bug 1183069 SUSE bug 1183509 SUSE bug 1183593 SUSE bug 1183646 SUSE bug 1183686 SUSE bug 1183696 SUSE bug 1183738 SUSE bug 1183775 SUSE bug 1184120 SUSE bug 1184167 SUSE bug 1184168 SUSE bug 1184170 SUSE bug 1184192 SUSE bug 1184193 SUSE bug 1184194 SUSE bug 1184196 SUSE bug 1184198 SUSE bug 1184208 SUSE bug 1184211 SUSE bug 1184388 SUSE bug 1184391 SUSE bug 1184393 SUSE bug 1184397 SUSE bug 1184509 SUSE bug 1184511 SUSE bug 1184512 SUSE bug 1184514 SUSE bug 1184583 SUSE bug 1184650 SUSE bug 1184942 SUSE bug 1185113 SUSE bug 1185244 SUSE bug 1185248 CVE-2020-0433 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-27170 CVE-2020-27171 CVE-2020-27673 CVE-2020-27815 CVE-2020-35519 CVE-2020-36310 CVE-2020-36311 CVE-2020-36312 CVE-2020-36322 CVE-2021-20219 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28660 CVE-2021-28688 CVE-2021-28950 CVE-2021-28964 CVE-2021-28971 CVE-2021-28972 CVE-2021-29154 CVE-2021-29155 CVE-2021-29264 CVE-2021-29265 CVE-2021-29647 CVE-2021-29650 CVE-2021-30002 CVE-2021-3428 CVE-2021-3444 CVE-2021-3483 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_71 fixes several issues. The following security issues were fixed: - CVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bsc#1184952). - CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bsc#1184710) Important SUSE bug 1184710 SUSE bug 1184952 CVE-2020-36322 CVE-2021-29154 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_68 fixes several issues. The following security issues were fixed: - CVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bsc#1184952). - CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bsc#1184710) Important SUSE bug 1184710 SUSE bug 1184952 CVE-2020-36322 CVE-2021-29154 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_65 fixes several issues. The following security issues were fixed: - CVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bsc#1184952). - CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bsc#1184710) Important SUSE bug 1184710 SUSE bug 1184952 CVE-2020-36322 CVE-2021-29154 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_60 fixes several issues. The following security issues were fixed: - CVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bsc#1184952). - CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bsc#1184710) Important SUSE bug 1184710 SUSE bug 1184952 CVE-2020-36322 CVE-2021-29154 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_57 fixes several issues. The following security issues were fixed: - CVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bsc#1184952). - CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bsc#1184710) Important SUSE bug 1184710 SUSE bug 1184952 CVE-2020-36322 CVE-2021-29154 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_54 fixes several issues. The following security issues were fixed: - CVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bsc#1184952). - CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bsc#1184710) Important SUSE bug 1184710 SUSE bug 1184952 CVE-2020-36322 CVE-2021-29154 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bounds reads and writes in kernel memory (bsc#1186484). - CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values. (bsc#1186111) - CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. (bnc#1186062) - CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local attackers to elevate their privileges. (bnc#1186060) - CVE-2021-23133: Fixed a race condition in SCTP sockets, which could lead to privilege escalation from the context of a network service or an unprivileged process. (bnc#1184675) - CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This vulnerability is related to the PROVIDE_BUFFERS operation, which allowed the MAX_RW_COUNT limit to be bypassed (bsc#1185642). - CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611). - CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances this can be abused to inject arbitrary network packets and/or exfiltrate user data (bnc#1185859). - CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed (bnc#1185859 bnc#1185862). - CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments, even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used (bnc#1185859). - CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (bnc#1185860) - CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H, where the Message Integrity Check (authenticity) of fragmented TKIP frames was not verified. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. (bnc#1185987) The following non-security bugs were fixed: - Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185724). - Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185724). - af_packet: fix the tx skb protocol in raw sockets with ETH_P_ALL (bsc#1176081). - ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938 ltc#192043). - ibmvfc: Handle move login failure (bsc#1185938 ltc#192043). - ibmvfc: Reinit target retries (bsc#1185938 ltc#192043). - kABI: Fix kABI after modifying struct __call_single_data (bsc#1180846). - kabi: preserve struct header_ops after bsc#1176081 fix (bsc#1176081). - kernel/smp: Provide CSD lock timeout diagnostics (bsc#1180846). - kernel/smp: add boot parameter for controlling CSD lock debugging (bsc#1180846). - kernel/smp: add more data to CSD lock debugging (bsc#1180846). - kernel/smp: make csdlock timeout depend on boot parameter (bsc#1180846). - kernel/smp: prepare more CSD lock debugging (bsc#1180846). - md/raid1: properly indicate failure when ending a failed write request (bsc#1185680). - net/ethernet: Add parse_protocol header_ops support (bsc#1176081). - net/mlx5e: Remove the wrong assumption about transport offset (bsc#1176081). - net/mlx5e: Trust kernel regarding transport offset (bsc#1176081). - net/packet: Ask driver for protocol if not provided by user (bsc#1176081). - net/packet: Remove redundant skb->protocol set (bsc#1176081). - net: Do not set transport offset to invalid value (bsc#1176081). - net: Introduce parse_protocol header_ops callback (bsc#1176081). - netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947 bsc#1185950). - netfilter: conntrack: avoid misleading 'invalid' in log message (bsc#1183947 bsc#1185950). - netfilter: conntrack: improve RST handling when tuple is re-used (bsc#1183947 bsc#1185950). - netfilter: conntrack: tcp: only close if RST matches exact sequence (bsc#1183947 bsc#1185950). - s390/entry: save the caller of psw_idle (bsc#1185677). - smp: Add source and destination CPUs to __call_single_data (bsc#1180846). - video: hyperv_fb: Add ratelimit on error message (bsc#1185724). Important SUSE bug 1176081 SUSE bug 1180846 SUSE bug 1183947 SUSE bug 1184611 SUSE bug 1184675 SUSE bug 1185642 SUSE bug 1185677 SUSE bug 1185680 SUSE bug 1185724 SUSE bug 1185859 SUSE bug 1185860 SUSE bug 1185862 SUSE bug 1185863 SUSE bug 1185898 SUSE bug 1185899 SUSE bug 1185901 SUSE bug 1185938 SUSE bug 1185950 SUSE bug 1185987 SUSE bug 1186060 SUSE bug 1186061 SUSE bug 1186062 SUSE bug 1186111 SUSE bug 1186285 SUSE bug 1186390 SUSE bug 1186484 SUSE bug 1186498 CVE-2020-24586 CVE-2020-24587 CVE-2020-26139 CVE-2020-26141 CVE-2020-26145 CVE-2020-26147 CVE-2021-23133 CVE-2021-23134 CVE-2021-32399 CVE-2021-33034 CVE-2021-33200 CVE-2021-3491 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_74 fixes several issues. The following issues were fixed: - CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bounds reads and writes in kernel memory (bsc#1186484). - CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values (bsc#1186111). - CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local attackers to elevate their privileges (bnc#1186060). - CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611). - Fixed a data loss/data corruption that occurs if there is a write error on an md/raid array (bsc#1185680). Important SUSE bug 1185847 SUSE bug 1185899 SUSE bug 1186061 SUSE bug 1186285 SUSE bug 1186498 CVE-2021-23134 CVE-2021-32399 CVE-2021-33034 CVE-2021-33200 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_71 fixes several issues. The following issues were fixed: - CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values (bsc#1186111). - CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611). - Fixed a data loss/data corruption that occurs if there is a write error on an md/raid array (bsc#1185680). Important SUSE bug 1185847 SUSE bug 1185899 SUSE bug 1186285 CVE-2021-32399 CVE-2021-33034 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_68 fixes several issues. The following issues were fixed: - CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values (bsc#1186111). - CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611). - Fixed a data loss/data corruption that occurs if there is a write error on an md/raid array (bsc#1185680). Important SUSE bug 1185847 SUSE bug 1185899 SUSE bug 1186285 CVE-2021-32399 CVE-2021-33034 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_65 fixes several issues. The following issues were fixed: - CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values (bsc#1186111). - CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611). - Fixed a data loss/data corruption that occurs if there is a write error on an md/raid array (bsc#1185680). Important SUSE bug 1185847 SUSE bug 1185899 SUSE bug 1186285 CVE-2021-32399 CVE-2021-33034 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_60 fixes several issues. The following issues were fixed: - CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values (bsc#1186111). - CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611). - Fixed a data loss/data corruption that occurs if there is a write error on an md/raid array (bsc#1185680). Important SUSE bug 1185847 SUSE bug 1185899 SUSE bug 1186285 CVE-2021-32399 CVE-2021-33034 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_57 fixes several issues. The following issues were fixed: - CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values (bsc#1186111). - CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611). - Fixed a data loss/data corruption that occurs if there is a write error on an md/raid array (bsc#1185680). Important SUSE bug 1185847 SUSE bug 1185899 SUSE bug 1186285 CVE-2021-32399 CVE-2021-33034 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_65 fixes several issues. The following security issues were fixed: - CVE-2021-0605: Fixed an out-of-bounds read which could lead to local information disclosure in the kernel with System execution privileges needed. (bsc#1187687) - CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1187597) - CVE-2021-23133: Fixed a race condition in the SCTP sockets that can lead to kernel privilege escalation from the context of a network service or an unprivileged process. (bsc#1185901) Important SUSE bug 1185901 SUSE bug 1187597 SUSE bug 1187687 CVE-2021-0512 CVE-2021-0605 CVE-2021-23133 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_68 fixes several issues. The following security issues were fixed: - CVE-2021-0605: Fixed an out-of-bounds read which could lead to local information disclosure in the kernel with System execution privileges needed. (bsc#1187687) - CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1187597) - CVE-2021-23133: Fixed a race condition in the SCTP sockets that can lead to kernel privilege escalation from the context of a network service or an unprivileged process. (bsc#1185901) Important SUSE bug 1185901 SUSE bug 1187597 SUSE bug 1187687 CVE-2021-0512 CVE-2021-0605 CVE-2021-23133 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_71 fixes several issues. The following security issues were fixed: - CVE-2021-0605: Fixed an out-of-bounds read which could lead to local information disclosure in the kernel with System execution privileges needed. (bsc#1187687) - CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1187597) - CVE-2021-23133: Fixed a race condition in the SCTP sockets that can lead to kernel privilege escalation from the context of a network service or an unprivileged process. (bsc#1185901) Important SUSE bug 1185901 SUSE bug 1187597 SUSE bug 1187687 CVE-2021-0512 CVE-2021-0605 CVE-2021-23133 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_57 fixes several issues. The following security issues were fixed: - CVE-2021-0605: Fixed an out-of-bounds read which could lead to local information disclosure in the kernel with System execution privileges needed. (bsc#1187687) - CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1187597) - CVE-2021-23133: Fixed a race condition in the SCTP sockets that can lead to kernel privilege escalation from the context of a network service or an unprivileged process. (bsc#1185901) Important SUSE bug 1185901 SUSE bug 1187597 SUSE bug 1187687 CVE-2021-0512 CVE-2021-0605 CVE-2021-23133 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_60 fixes several issues. The following security issues were fixed: - CVE-2021-0605: Fixed an out-of-bounds read which could lead to local information disclosure in the kernel with System execution privileges needed. (bsc#1187687) - CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1187597) - CVE-2021-23133: Fixed a race condition in the SCTP sockets that can lead to kernel privilege escalation from the context of a network service or an unprivileged process. (bsc#1185901) Important SUSE bug 1185901 SUSE bug 1187597 SUSE bug 1187687 CVE-2021-0512 CVE-2021-0605 CVE-2021-23133 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_74 fixes several issues. The following security issues were fixed: - CVE-2021-0605: Fixed an out-of-bounds read which could lead to local information disclosure in the kernel with System execution privileges needed. (bsc#1187687) - CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1187597) - CVE-2021-23133: Fixed a race condition in the SCTP sockets that can lead to kernel privilege escalation from the context of a network service or an unprivileged process. (bsc#1185901) Important SUSE bug 1185901 SUSE bug 1187597 SUSE bug 1187687 CVE-2021-0512 CVE-2021-0605 CVE-2021-23133 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_77 fixes several issues. The following security issues were fixed: - CVE-2021-0605: Fixed an out-of-bounds read which could lead to local information disclosure in the kernel with System execution privileges needed. (bsc#1187687) - CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1187597) Important SUSE bug 1187597 SUSE bug 1187687 CVE-2021-0512 CVE-2021-0605 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-22555: A heap out-of-bounds write was discovered in net/netfilter/x_tables.c (bnc#1188116). - CVE-2021-33909: Extremely large seq buffer allocations in seq_file could lead to buffer underruns and code execution (bsc#1188062). - CVE-2021-3609: A use-after-free in can/bcm could have led to privilege escalation (bsc#1187215). - CVE-2021-33624: In kernel/bpf/verifier.c a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db (bnc#1187554). - CVE-2021-0605: In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation (bnc#1187601). - CVE-2021-0512: In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1187595). - CVE-2020-26558: Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time (bnc#1179610 bnc#1186463). - CVE-2021-34693: net/can/bcm.c allowed local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized (bnc#1187452). - CVE-2020-36385: An issue was discovered in drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c (bnc#1187050). - CVE-2021-0129: Improper access control in BlueZ may have allowed an authenticated user to potentially enable information disclosure via adjacent access (bnc#1186463). - CVE-2020-36386: An issue was discovered net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf (bnc#1187038). - CVE-2020-24588: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets (bnc#1185861). - CVE-2021-33200: kernel/bpf/verifier.c enforced incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit (bnc#1186484). The following non-security bugs were fixed: - block: do not use blocking queue entered for recursive bio (bsc#1104967). - s390/stack: fix possible register corruption with stack switch helper (git-fixes). - scsi: scsi_dh_alua: Retry RTPG on a different path after failure (bsc#1174978 bsc#1185701). Important SUSE bug 1104967 SUSE bug 1174978 SUSE bug 1179610 SUSE bug 1185701 SUSE bug 1185861 SUSE bug 1186463 SUSE bug 1186484 SUSE bug 1187038 SUSE bug 1187050 SUSE bug 1187215 SUSE bug 1187452 SUSE bug 1187554 SUSE bug 1187595 SUSE bug 1187601 SUSE bug 1187934 SUSE bug 1188062 SUSE bug 1188116 CVE-2020-24588 CVE-2020-26558 CVE-2020-36385 CVE-2020-36386 CVE-2021-0129 CVE-2021-0512 CVE-2021-0605 CVE-2021-22555 CVE-2021-33200 CVE-2021-33624 CVE-2021-33909 CVE-2021-34693 CVE-2021-3609 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_77 fixes several issues. The following security issues were fixed: - CVE-2021-33909: Fixed an out-of-bounds write in the filesystem layer that allows to andobtain full root privileges. (bsc#1188062) - CVE-2021-22555: Fixed an heap out-of-bounds write in net/netfilter/x_tables.c that could allow local provilege escalation. (bsc#1188116) - CVE-2020-36385: Fixed a use-after-free vulnerability reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called. (bnc#1187050) Important SUSE bug 1187052 SUSE bug 1188117 SUSE bug 1188257 CVE-2020-36385 CVE-2021-22555 CVE-2021-33909 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_74 fixes several issues. The following security issues were fixed: - CVE-2021-33909: Fixed an out-of-bounds write in the filesystem layer that allows to andobtain full root privileges. (bsc#1188062) - CVE-2021-22555: Fixed an heap out-of-bounds write in net/netfilter/x_tables.c that could allow local provilege escalation. (bsc#1188116) - CVE-2020-36385: Fixed a use-after-free vulnerability reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called. (bnc#1187050) Important SUSE bug 1187052 SUSE bug 1188117 SUSE bug 1188257 CVE-2020-36385 CVE-2021-22555 CVE-2021-33909 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_71 fixes several issues. The following security issues were fixed: - CVE-2021-33909: Fixed an out-of-bounds write in the filesystem layer that allows to andobtain full root privileges. (bsc#1188062) - CVE-2021-22555: Fixed an heap out-of-bounds write in net/netfilter/x_tables.c that could allow local provilege escalation. (bsc#1188116) - CVE-2020-36385: Fixed a use-after-free vulnerability reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called. (bnc#1187050) Important SUSE bug 1187052 SUSE bug 1188117 SUSE bug 1188257 CVE-2020-36385 CVE-2021-22555 CVE-2021-33909 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_65 fixes several issues. The following security issues were fixed: - CVE-2021-33909: Fixed an out-of-bounds write in the filesystem layer that allows to andobtain full root privileges. (bsc#1188062) - CVE-2021-22555: Fixed an heap out-of-bounds write in net/netfilter/x_tables.c that could allow local provilege escalation. (bsc#1188116) - CVE-2020-36385: Fixed a use-after-free vulnerability reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called. (bnc#1187050) Important SUSE bug 1187052 SUSE bug 1188117 SUSE bug 1188257 CVE-2020-36385 CVE-2021-22555 CVE-2021-33909 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_60 fixes several issues. The following security issues were fixed: - CVE-2021-33909: Fixed an out-of-bounds write in the filesystem layer that allows to andobtain full root privileges. (bsc#1188062) - CVE-2021-22555: Fixed an heap out-of-bounds write in net/netfilter/x_tables.c that could allow local provilege escalation. (bsc#1188116) - CVE-2020-36385: Fixed a use-after-free vulnerability reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called. (bnc#1187050) Important SUSE bug 1187052 SUSE bug 1188117 SUSE bug 1188257 CVE-2020-36385 CVE-2021-22555 CVE-2021-33909 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_57 fixes several issues. The following security issues were fixed: - CVE-2021-33909: Fixed an out-of-bounds write in the filesystem layer that allows to andobtain full root privileges. (bsc#1188062) - CVE-2021-22555: Fixed an heap out-of-bounds write in net/netfilter/x_tables.c that could allow local provilege escalation. (bsc#1188116) - CVE-2020-36385: Fixed a use-after-free vulnerability reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called. (bnc#1187050) Important SUSE bug 1187052 SUSE bug 1188117 SUSE bug 1188257 CVE-2020-36385 CVE-2021-22555 CVE-2021-33909 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_68 fixes several issues. The following security issues were fixed: - CVE-2021-33909: Fixed an out-of-bounds write in the filesystem layer that allows to andobtain full root privileges. (bsc#1188062) - CVE-2021-22555: Fixed an heap out-of-bounds write in net/netfilter/x_tables.c that could allow local provilege escalation. (bsc#1188116) - CVE-2020-36385: Fixed a use-after-free vulnerability reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called. (bnc#1187050) Important SUSE bug 1187052 SUSE bug 1188117 SUSE bug 1188257 CVE-2020-36385 CVE-2021-22555 CVE-2021-33909 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_80 fixes several issues. The following security issues were fixed: - CVE-2021-22543: Fixed an issue with KVM, related to the handling of VM_IO|VM_PFNMAP vmas, which allowed users with the ability to start and control a VM to read/write random pages of memory and could result in local privilege escalation (bsc#1186482). - CVE-2021-37576: On the powerpc platform KVM guest OS users could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). Important SUSE bug 1186483 SUSE bug 1188842 CVE-2021-22543 CVE-2021-37576 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_77 fixes several issues. The following security issues were fixed: - CVE-2021-22543: Fixed an issue with KVM, related to the handling of VM_IO|VM_PFNMAP vmas, which allowed users with the ability to start and control a VM to read/write random pages of memory and could result in local privilege escalation (bsc#1186482). - CVE-2021-37576: On the powerpc platform KVM guest OS users could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). - CVE-2021-3609: Fixed a local privilege escalation via a race condition in net/can/bcm.c (bsc#1187215). Important SUSE bug 1186483 SUSE bug 1188323 SUSE bug 1188842 CVE-2021-22543 CVE-2021-3609 CVE-2021-37576 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_74 fixes several issues. The following security issues were fixed: - CVE-2021-22543: Fixed an issue with KVM, related to the handling of VM_IO|VM_PFNMAP vmas, which allowed users with the ability to start and control a VM to read/write random pages of memory and could result in local privilege escalation (bsc#1186482). - CVE-2021-37576: On the powerpc platform KVM guest OS users could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). - CVE-2021-3609: Fixed a local privilege escalation via a race condition in net/can/bcm.c (bsc#1187215). Important SUSE bug 1186483 SUSE bug 1188323 SUSE bug 1188842 CVE-2021-22543 CVE-2021-3609 CVE-2021-37576 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_71 fixes several issues. The following security issues were fixed: - CVE-2021-22543: Fixed an issue with KVM, related to the handling of VM_IO|VM_PFNMAP vmas, which allowed users with the ability to start and control a VM to read/write random pages of memory and could result in local privilege escalation (bsc#1186482). - CVE-2021-37576: On the powerpc platform KVM guest OS users could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). - CVE-2021-3609: Fixed a local privilege escalation via a race condition in net/can/bcm.c (bsc#1187215). Important SUSE bug 1186483 SUSE bug 1188323 SUSE bug 1188842 CVE-2021-22543 CVE-2021-3609 CVE-2021-37576 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_68 fixes several issues. The following security issues were fixed: - CVE-2021-22543: Fixed an issue with KVM, related to the handling of VM_IO|VM_PFNMAP vmas, which allowed users with the ability to start and control a VM to read/write random pages of memory and could result in local privilege escalation (bsc#1186482). - CVE-2021-37576: On the powerpc platform KVM guest OS users could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). - CVE-2021-3609: Fixed a local privilege escalation via a race condition in net/can/bcm.c (bsc#1187215). Important SUSE bug 1186483 SUSE bug 1188323 SUSE bug 1188842 CVE-2021-22543 CVE-2021-3609 CVE-2021-37576 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_65 fixes several issues. The following security issues were fixed: - CVE-2021-22543: Fixed an issue with KVM, related to the handling of VM_IO|VM_PFNMAP vmas, which allowed users with the ability to start and control a VM to read/write random pages of memory and could result in local privilege escalation (bsc#1186482). - CVE-2021-37576: On the powerpc platform KVM guest OS users could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). - CVE-2021-3609: Fixed a local privilege escalation via a race condition in net/can/bcm.c (bsc#1187215). Important SUSE bug 1186483 SUSE bug 1188323 SUSE bug 1188842 CVE-2021-22543 CVE-2021-3609 CVE-2021-37576 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_60 fixes several issues. The following security issues were fixed: - CVE-2021-22543: Fixed an issue with KVM, related to the handling of VM_IO|VM_PFNMAP vmas, which allowed users with the ability to start and control a VM to read/write random pages of memory and could result in local privilege escalation (bsc#1186482). - CVE-2021-37576: On the powerpc platform KVM guest OS users could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). - CVE-2021-3609: Fixed a local privilege escalation via a race condition in net/can/bcm.c (bsc#1187215). Important SUSE bug 1186483 SUSE bug 1188323 SUSE bug 1188842 CVE-2021-22543 CVE-2021-3609 CVE-2021-37576 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_60 fixes several issues. The following security issues were fixed: - CVE-2021-3653: Fixed missing validation of the KVM `int_ctl` VMCB field that would have allowed a malicious L1 guest to enable AVIC support for the L2 guest (bsc#1189420). - CVE-2021-3656: Fixed KVM nSVM nested VMLOAD/VMSAVE interception (bsc#1189418). - CVE-2021-38198: Fixed KVM MMU to use the correct inherited permissions to get shadow page (bsc#1189278). Important SUSE bug 1189278 SUSE bug 1189418 SUSE bug 1189420 CVE-2021-3653 CVE-2021-3656 CVE-2021-38198 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_65 fixes several issues. The following security issues were fixed: - CVE-2021-3653: Fixed missing validation of the KVM `int_ctl` VMCB field that would have allowed a malicious L1 guest to enable AVIC support for the L2 guest (bsc#1189420). - CVE-2021-3656: Fixed KVM nSVM nested VMLOAD/VMSAVE interception (bsc#1189418). - CVE-2021-38198: Fixed KVM MMU to use the correct inherited permissions to get shadow page (bsc#1189278). Important SUSE bug 1189278 SUSE bug 1189418 SUSE bug 1189420 CVE-2021-3653 CVE-2021-3656 CVE-2021-38198 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_68 fixes several issues. The following security issues were fixed: - CVE-2021-3653: Fixed missing validation of the KVM `int_ctl` VMCB field that would have allowed a malicious L1 guest to enable AVIC support for the L2 guest (bsc#1189420). - CVE-2021-3656: Fixed KVM nSVM nested VMLOAD/VMSAVE interception (bsc#1189418). - CVE-2021-38198: Fixed KVM MMU to use the correct inherited permissions to get shadow page (bsc#1189278). Important SUSE bug 1189278 SUSE bug 1189418 SUSE bug 1189420 CVE-2021-3653 CVE-2021-3656 CVE-2021-38198 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_71 fixes several issues. The following security issues were fixed: - CVE-2021-3653: Fixed missing validation of the KVM `int_ctl` VMCB field that would have allowed a malicious L1 guest to enable AVIC support for the L2 guest (bsc#1189420). - CVE-2021-3656: Fixed KVM nSVM nested VMLOAD/VMSAVE interception (bsc#1189418). - CVE-2021-38198: Fixed KVM MMU to use the correct inherited permissions to get shadow page (bsc#1189278). Important SUSE bug 1189278 SUSE bug 1189418 SUSE bug 1189420 CVE-2021-3653 CVE-2021-3656 CVE-2021-38198 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_74 fixes several issues. The following security issues were fixed: - CVE-2021-3653: Fixed missing validation of the KVM `int_ctl` VMCB field that would have allowed a malicious L1 guest to enable AVIC support for the L2 guest (bsc#1189420). - CVE-2021-3656: Fixed KVM nSVM nested VMLOAD/VMSAVE interception (bsc#1189418). - CVE-2021-38198: Fixed KVM MMU to use the correct inherited permissions to get shadow page (bsc#1189278). Important SUSE bug 1189278 SUSE bug 1189418 SUSE bug 1189420 CVE-2021-3653 CVE-2021-3656 CVE-2021-38198 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_77 fixes several issues. The following security issues were fixed: - CVE-2021-3653: Fixed missing validation of the KVM `int_ctl` VMCB field that would have allowed a malicious L1 guest to enable AVIC support for the L2 guest (bsc#1189420). - CVE-2021-3656: Fixed KVM nSVM nested VMLOAD/VMSAVE interception (bsc#1189418). - CVE-2021-38198: Fixed KVM MMU to use the correct inherited permissions to get shadow page (bsc#1189278). Important SUSE bug 1189278 SUSE bug 1189418 SUSE bug 1189420 CVE-2021-3653 CVE-2021-3656 CVE-2021-38198 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_80 fixes several issues. The following security issues were fixed: - CVE-2021-3653: Fixed missing validation of the KVM `int_ctl` VMCB field that would have allowed a malicious L1 guest to enable AVIC support for the L2 guest (bsc#1189420). - CVE-2021-3656: Fixed KVM nSVM nested VMLOAD/VMSAVE interception (bsc#1189418). - CVE-2021-38198: Fixed KVM MMU to use the correct inherited permissions to get shadow page (bsc#1189278). Important SUSE bug 1189278 SUSE bug 1189418 SUSE bug 1189420 CVE-2021-3653 CVE-2021-3656 CVE-2021-38198 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_80 fixes several issues. The following security issues were fixed: - CVE-2021-38160: Fixed a bug that could lead to a data corruption or loss. This can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190118) - CVE-2021-3640: Fixed a user-after-free bug in the function sco_sock_sendmsg which could lead to local privilege escalation. (bsc#1188613) - CVE-2021-3573: Fixed a user-after-free bug in the function hci_sock_bound_ioctl which could lead to local privilege escalation. (bsc#1187054). Important SUSE bug 1187054 SUSE bug 1188613 SUSE bug 1190118 CVE-2021-3573 CVE-2021-3640 CVE-2021-38160 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_77 fixes several issues. The following security issues were fixed: - CVE-2021-38160: Fixed a bug that could lead to a data corruption or loss. This can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190118) - CVE-2021-3640: Fixed a user-after-free bug in the function sco_sock_sendmsg which could lead to local privilege escalation. (bsc#1188613) - CVE-2021-3573: Fixed a user-after-free bug in the function hci_sock_bound_ioctl which could lead to local privilege escalation. (bsc#1187054). Important SUSE bug 1187054 SUSE bug 1188613 SUSE bug 1190118 CVE-2021-3573 CVE-2021-3640 CVE-2021-38160 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_74 fixes several issues. The following security issues were fixed: - CVE-2021-38160: Fixed a bug that could lead to a data corruption or loss. This can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190118) - CVE-2021-3640: Fixed a user-after-free bug in the function sco_sock_sendmsg which could lead to local privilege escalation. (bsc#1188613) - CVE-2021-3573: Fixed a user-after-free bug in the function hci_sock_bound_ioctl which could lead to local privilege escalation. (bsc#1187054). Important SUSE bug 1187054 SUSE bug 1188613 SUSE bug 1190118 CVE-2021-3573 CVE-2021-3640 CVE-2021-38160 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_71 fixes several issues. The following security issues were fixed: - CVE-2021-38160: Fixed a bug that could lead to a data corruption or loss. This can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190118) - CVE-2021-3640: Fixed a user-after-free bug in the function sco_sock_sendmsg which could lead to local privilege escalation. (bsc#1188613) - CVE-2021-3573: Fixed a user-after-free bug in the function hci_sock_bound_ioctl which could lead to local privilege escalation. (bsc#1187054). Important SUSE bug 1187054 SUSE bug 1188613 SUSE bug 1190118 CVE-2021-3573 CVE-2021-3640 CVE-2021-38160 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_68 fixes several issues. The following security issues were fixed: - CVE-2021-38160: Fixed a bug that could lead to a data corruption or loss. This can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190118) - CVE-2021-3640: Fixed a user-after-free bug in the function sco_sock_sendmsg which could lead to local privilege escalation. (bsc#1188613) - CVE-2021-3573: Fixed a user-after-free bug in the function hci_sock_bound_ioctl which could lead to local privilege escalation. (bsc#1187054). Important SUSE bug 1187054 SUSE bug 1188613 SUSE bug 1190118 CVE-2021-3573 CVE-2021-3640 CVE-2021-38160 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_65 fixes several issues. The following security issues were fixed: - CVE-2021-38160: Fixed a bug that could lead to a data corruption or loss. This can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190118) - CVE-2021-3640: Fixed a user-after-free bug in the function sco_sock_sendmsg which could lead to local privilege escalation. (bsc#1188613) - CVE-2021-3573: Fixed a user-after-free bug in the function hci_sock_bound_ioctl which could lead to local privilege escalation. (bsc#1187054). Important SUSE bug 1187054 SUSE bug 1188613 SUSE bug 1190118 CVE-2021-3573 CVE-2021-3640 CVE-2021-38160 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_65 fixes several issues. The following security issues were fixed: - CVE-2021-0935: Fixed use after free that could lead to local escalation of privilege in ip6_xmit of ip6_output.c (bsc#1192042). - CVE-2021-3752: Fixed vulnerability in the linux kernel Bluetooth uaf module (bsc#1190432). - CVE-2021-41864: Fixed an integer overflow with a resultant out-of-bounds write in prealloc_elems_and_freelist in kernel/bpf/stackmap.c (bsc#1191318). Important SUSE bug 1190432 SUSE bug 1191318 SUSE bug 1192042 CVE-2021-0935 CVE-2021-3752 CVE-2021-41864 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_68 fixes several issues. The following security issues were fixed: - CVE-2021-0935: Fixed use after free that could lead to local escalation of privilege in ip6_xmit of ip6_output.c (bsc#1192042). - CVE-2021-3752: Fixed vulnerability in the linux kernel Bluetooth uaf module (bsc#1190432). - CVE-2021-41864: Fixed an integer overflow with a resultant out-of-bounds write in prealloc_elems_and_freelist in kernel/bpf/stackmap.c (bsc#1191318). Important SUSE bug 1190432 SUSE bug 1191318 SUSE bug 1192042 CVE-2021-0935 CVE-2021-3752 CVE-2021-41864 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_71 fixes several issues. The following security issues were fixed: - CVE-2021-0935: Fixed use after free that could lead to local escalation of privilege in ip6_xmit of ip6_output.c (bsc#1192042). - CVE-2021-3752: Fixed vulnerability in the linux kernel Bluetooth uaf module (bsc#1190432). - CVE-2021-41864: Fixed an integer overflow with a resultant out-of-bounds write in prealloc_elems_and_freelist in kernel/bpf/stackmap.c (bsc#1191318). Important SUSE bug 1190432 SUSE bug 1191318 SUSE bug 1192042 CVE-2021-0935 CVE-2021-3752 CVE-2021-41864 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_77 fixes several issues. The following security issues were fixed: - CVE-2021-0935: Fixed use after free that could lead to local escalation of privilege in ip6_xmit of ip6_output.c (bsc#1192042). - CVE-2021-3752: Fixed vulnerability in the linux kernel Bluetooth uaf module (bsc#1190432). - CVE-2021-41864: Fixed an integer overflow with a resultant out-of-bounds write in prealloc_elems_and_freelist in kernel/bpf/stackmap.c (bsc#1191318). Important SUSE bug 1190432 SUSE bug 1191318 SUSE bug 1192042 CVE-2021-0935 CVE-2021-3752 CVE-2021-41864 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_80 fixes several issues. The following security issues were fixed: - CVE-2021-0935: Fixed use after free that could lead to local escalation of privilege in ip6_xmit of ip6_output.c (bsc#1192042). - CVE-2021-3752: Fixed vulnerability in the linux kernel Bluetooth uaf module (bsc#1190432). - CVE-2021-41864: Fixed an integer overflow with a resultant out-of-bounds write in prealloc_elems_and_freelist in kernel/bpf/stackmap.c (bsc#1191318). Important SUSE bug 1190432 SUSE bug 1191318 SUSE bug 1192042 CVE-2021-0935 CVE-2021-3752 CVE-2021-41864 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_74 fixes several issues. The following security issues were fixed: - CVE-2021-0935: Fixed use after free that could lead to local escalation of privilege in ip6_xmit of ip6_output.c (bsc#1192042). - CVE-2021-3752: Fixed vulnerability in the linux kernel Bluetooth uaf module (bsc#1190432). - CVE-2021-41864: Fixed an integer overflow with a resultant out-of-bounds write in prealloc_elems_and_freelist in kernel/bpf/stackmap.c (bsc#1191318). Important SUSE bug 1190432 SUSE bug 1191318 SUSE bug 1192042 CVE-2021-0935 CVE-2021-3752 CVE-2021-41864 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) The following security bugs were fixed: - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045). - CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) - CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails. (bsc#1191961) - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563). - CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349). - CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063). - CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479). - CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317). - CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access (bsc#1191315). - CVE-2021-37159: Fixed use-after-free and a double free inside hso_free_net_device in drivers/net/usb/hso.c when unregister_netdev is called without checking for the NETREG_REGISTERED state (bnc#1188601). - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193) - CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023) - CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159) - CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884) - CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534) - CVE-2021-3772: Fixed a remote denial of service in the SCTP stack, if the attacker can spoof IP addresses and knows the IP-addresses and port numbers being used (bnc#1190351). - CVE-2018-9517: Fixed possible memory corruption due to a use after free in pppol2tp_connect (bsc#1108488). - CVE-2019-3874: Fixed possible denial of service attack via SCTP socket buffer used by a userspace applications (bnc#1129898). - CVE-2019-3900: Fixed an infinite loop issue while handling incoming packets in handle_rx() (bnc#1133374). - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172). - CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399). - CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400). - CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057). - CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706). - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). - CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115). - CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) - CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262). - CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291). - CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983). - CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985). - CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases (bsc#1171420). - CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876). - CVE-2021-22543: Fixed improper handling of VM_IO|VM_PFNMAP vmas in KVM, which could bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allowed users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation (bsc#1186482). - CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM guest OS user could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). - CVE-2020-0429: In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. (bsc#1176724). The following non-security bugs were fixed: - Add arch-dependent support markers in supported.conf (bsc#1186672) - Add the support for kernel-FLAVOR-optional subpackage (jsc#SLE-11796) - NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628). - PCI: hv: Use expected affinity when unmasking IRQ (bsc#1185973). - Use /usr/lib/modules as module dir when usermerge is active in the target distro. - UsrMerge the kernel (boo#1184804) - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22913) - bpf: Disallow unprivileged bpf by default (jsc#SLE-22913). - cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (bsc#1185758,bsc#1192400). - drm: fix spectre issue in vmw_execbuf_ioctl (bsc#1192802). - drop debugging statements - ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267). - gigaset: fix spectre issue in do_data_b3_req (bsc#1192802). - handle also race conditions in /proc/net/tcp code - hisax: fix spectre issues (bsc#1192802). - hv: adjust mana_select_queue to old ndo_select_queue API - hv: mana: adjust mana_select_queue to old API (jsc#SLE-18779, bsc#1185727). - hv: mana: fake bitmap API (jsc#SLE-18779, bsc#1185726). - hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185727). - hysdn: fix spectre issue in hycapi_send_message (bsc#1192802). - infiniband: fix spectre issue in ib_uverbs_write (bsc#1192802). - ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115). - iwlwifi: fix spectre issue in iwl_dbgfs_update_pm (bsc#1192802). - media: dvb_ca_en50221: prevent using slot_info for Spectre attacs (bsc#1192802). - media: dvb_ca_en50221: sanity check slot number from userspace (bsc#1192802). - media: wl128x: get rid of a potential spectre issue (bsc#1192802). - memcg: enable accounting for file lock caches (bsc#1190115). - mm: vmscan: scan anonymous pages on file refaults (VM Performance, bsc#1183050). - mpt3sas: fix spectre issues (bsc#1192802). - net/mlx4_en: Avoid scheduling restart task if it is already running (bsc#1181854 bsc#1181855). - net/mlx4_en: Handle TX error CQE (bsc#1181854 bsc#1181855). - net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185727). - net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185727). - net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185727). - net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185727). - net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191801). - net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185727). - net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185727). - net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185727). - net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185727). - net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185727). - net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185727). - net: sched: sch_teql: fix null-pointer dereference (bsc#1190717). - net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd() (bsc#1192802). - net_sched: cls_route: remove the right filter from hashtable (networking-stable-20_03_28). - objtool: Do not fail on missing symbol table (bsc#1192379). - osst: fix spectre issue in osst_verify_frame (bsc#1192802). - ovl: check whiteout in ovl_create_over_whiteout() (bsc#1189846). - ovl: filter of trusted xattr results in audit (bsc#1189846). - ovl: fix dentry leak in ovl_get_redirect (bsc#1189846). - ovl: initialize error in ovl_copy_xattr (bsc#1189846). - ovl: relax WARN_ON() on rename to self (bsc#1189846). - s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (bsc#1190601). - s390/bpf: Fix branch shortening during codegen pass (bsc#1190601). - s390/bpf: Fix optimizing out zero-extensions (bsc#1190601). - s390/bpf: Wrap JIT macro parameter usages in parentheses (bsc#1190601). - s390/unwind: use current_frame_address() to unwind current task (bsc#1185677). - s390/vtime: fix increased steal time accounting (bsc#1183861). - s390: bpf: implement jitting of BPF_ALU | BPF_ARSH | BPF_* (bsc#1190601). - scripts/git_sort/git_sort.py: add bpf git repo - sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351). - sctp: fully initialize v4 addr in some functions (bsc#1188563). - sysvipc/sem: mitigate semnum index against spectre v1 (bsc#1192802). - x86/CPU: Add more Icelake model numbers (bsc#1185758,bsc#1192400). - x86/debug: Extend the lower bound of crash kernel low reservations (bsc#1153720). - xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377). Important SUSE bug 1087082 SUSE bug 1100416 SUSE bug 1108488 SUSE bug 1129735 SUSE bug 1129898 SUSE bug 1133374 SUSE bug 1153720 SUSE bug 1171420 SUSE bug 1176724 SUSE bug 1176931 SUSE bug 1180624 SUSE bug 1181854 SUSE bug 1181855 SUSE bug 1183050 SUSE bug 1183861 SUSE bug 1184673 SUSE bug 1184804 SUSE bug 1185377 SUSE bug 1185677 SUSE bug 1185726 SUSE bug 1185727 SUSE bug 1185758 SUSE bug 1185973 SUSE bug 1186063 SUSE bug 1186482 SUSE bug 1186483 SUSE bug 1186672 SUSE bug 1188026 SUSE bug 1188172 SUSE bug 1188563 SUSE bug 1188601 SUSE bug 1188613 SUSE bug 1188838 SUSE bug 1188842 SUSE bug 1188876 SUSE bug 1188983 SUSE bug 1188985 SUSE bug 1189057 SUSE bug 1189262 SUSE bug 1189278 SUSE bug 1189291 SUSE bug 1189399 SUSE bug 1189400 SUSE bug 1189418 SUSE bug 1189420 SUSE bug 1189706 SUSE bug 1189846 SUSE bug 1189884 SUSE bug 1190023 SUSE bug 1190025 SUSE bug 1190067 SUSE bug 1190115 SUSE bug 1190117 SUSE bug 1190118 SUSE bug 1190159 SUSE bug 1190276 SUSE bug 1190349 SUSE bug 1190350 SUSE bug 1190351 SUSE bug 1190432 SUSE bug 1190479 SUSE bug 1190534 SUSE bug 1190601 SUSE bug 1190717 SUSE bug 1191193 SUSE bug 1191315 SUSE bug 1191317 SUSE bug 1191318 SUSE bug 1191529 SUSE bug 1191530 SUSE bug 1191628 SUSE bug 1191660 SUSE bug 1191790 SUSE bug 1191801 SUSE bug 1191813 SUSE bug 1191961 SUSE bug 1192036 SUSE bug 1192045 SUSE bug 1192048 SUSE bug 1192267 SUSE bug 1192379 SUSE bug 1192400 SUSE bug 1192444 SUSE bug 1192549 SUSE bug 1192775 SUSE bug 1192781 SUSE bug 1192802 CVE-2018-13405 CVE-2018-9517 CVE-2019-3874 CVE-2019-3900 CVE-2020-0429 CVE-2020-12770 CVE-2020-3702 CVE-2021-0941 CVE-2021-20322 CVE-2021-22543 CVE-2021-31916 CVE-2021-34556 CVE-2021-34981 CVE-2021-3542 CVE-2021-35477 CVE-2021-3640 CVE-2021-3653 CVE-2021-3655 CVE-2021-3656 CVE-2021-3659 CVE-2021-3679 CVE-2021-3715 CVE-2021-37159 CVE-2021-3732 CVE-2021-3744 CVE-2021-3752 CVE-2021-3753 CVE-2021-37576 CVE-2021-3759 CVE-2021-3760 CVE-2021-3764 CVE-2021-3772 CVE-2021-38160 CVE-2021-38198 CVE-2021-38204 CVE-2021-40490 CVE-2021-41864 CVE-2021-42008 CVE-2021-42252 CVE-2021-42739 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_65 fixes several issues. The following security issues were fixed: - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180562). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180030). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180032. - CVE-2020-29569: Fixed a use after free due to a logic error (bsc#1180008). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bsc#1179877). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179877). - CVE-2020-29368: Fixed an issue in copy-on-write implementation which could grant unintended write access because of a race condition in a THP mapcount check (bsc#1179664). Important SUSE bug 1179664 SUSE bug 1179877 SUSE bug 1180008 SUSE bug 1180030 SUSE bug 1180032 SUSE bug 1180562 CVE-2020-0465 CVE-2020-0466 CVE-2020-29368 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_60 fixes several issues. The following security issues were fixed: - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180562). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180030). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180032. - CVE-2020-29569: Fixed a use after free due to a logic error (bsc#1180008). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bsc#1179877). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179877). - CVE-2020-29368: Fixed an issue in copy-on-write implementation which could grant unintended write access because of a race condition in a THP mapcount check (bsc#1179664). Important SUSE bug 1179664 SUSE bug 1179877 SUSE bug 1180008 SUSE bug 1180030 SUSE bug 1180032 SUSE bug 1180562 CVE-2020-0465 CVE-2020-0466 CVE-2020-29368 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_57 fixes several issues. The following security issues were fixed: - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180562). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180030). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180032. - CVE-2020-29569: Fixed a use after free due to a logic error (bsc#1180008). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bsc#1179877). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179877). - CVE-2020-29368: Fixed an issue in copy-on-write implementation which could grant unintended write access because of a race condition in a THP mapcount check (bsc#1179664). Important SUSE bug 1179664 SUSE bug 1179877 SUSE bug 1180008 SUSE bug 1180030 SUSE bug 1180032 SUSE bug 1180562 CVE-2020-0465 CVE-2020-0466 CVE-2020-29368 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_54 fixes several issues. The following security issues were fixed: - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180562). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180030). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180032. - CVE-2020-29569: Fixed a use after free due to a logic error (bsc#1180008). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bsc#1179877). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179877). - CVE-2020-29368: Fixed an issue in copy-on-write implementation which could grant unintended write access because of a race condition in a THP mapcount check (bsc#1179664). Important SUSE bug 1179664 SUSE bug 1179877 SUSE bug 1180008 SUSE bug 1180030 SUSE bug 1180032 SUSE bug 1180562 CVE-2020-0465 CVE-2020-0466 CVE-2020-29368 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_51 fixes several issues. The following security issues were fixed: - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180562). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180030). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180032. - CVE-2020-29569: Fixed a use after free due to a logic error (bsc#1180008). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bsc#1179877). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179877). - CVE-2020-29368: Fixed an issue in copy-on-write implementation which could grant unintended write access because of a race condition in a THP mapcount check (bsc#1179664). Important SUSE bug 1179664 SUSE bug 1179877 SUSE bug 1180008 SUSE bug 1180030 SUSE bug 1180032 SUSE bug 1180562 CVE-2020-0465 CVE-2020-0466 CVE-2020-29368 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_48 fixes several issues. The following security issues were fixed: - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180562). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180030). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180032. - CVE-2020-29569: Fixed a use after free due to a logic error (bsc#1180008). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bsc#1179877). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179877). - CVE-2020-29368: Fixed an issue in copy-on-write implementation which could grant unintended write access because of a race condition in a THP mapcount check (bsc#1179664). Important SUSE bug 1179664 SUSE bug 1179877 SUSE bug 1180008 SUSE bug 1180030 SUSE bug 1180032 SUSE bug 1180562 CVE-2020-0465 CVE-2020-0466 CVE-2020-29368 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_80 fixes several issues. The following security issues were fixed: - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) Important SUSE bug 1191813 SUSE bug 1192048 CVE-2021-0941 CVE-2021-20322 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_77 fixes several issues. The following security issues were fixed: - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) Important SUSE bug 1191813 SUSE bug 1192048 CVE-2021-0941 CVE-2021-20322 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_74 fixes several issues. The following security issues were fixed: - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) Important SUSE bug 1191813 SUSE bug 1192048 CVE-2021-0941 CVE-2021-20322 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_71 fixes several issues. The following security issues were fixed: - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) Important SUSE bug 1191813 SUSE bug 1192048 CVE-2021-0941 CVE-2021-20322 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_68 fixes several issues. The following security issues were fixed: - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) Important SUSE bug 1191813 SUSE bug 1192048 CVE-2021-0941 CVE-2021-20322 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3348: Fixed a use-after-free in nbd_add_socket() that could be triggered by local attackers (with access to the nbd device) via an I/O request (bnc#1181504). - CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349). - CVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found, specifically in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878). - CVE-2020-25211: Fixed a buffer overflow in ctnetlink_parse_tuple_filter() which could be triggered by a local attackers by injecting conntrack netlink configuration (bnc#1176395). - CVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl (bnc#1176846). - CVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509). - CVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508). - CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031). - CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666). - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141). - CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086). - CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107). - CVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601). - CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960). - CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745). - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589). - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886). - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182). - CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140). - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559). - CVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372). - CVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed (bsc#1179663). The following non-security bugs were fixed: - blk-mq: improve heavily contended tag case (bsc#1178198). - debugfs_lookup(): switch to lookup_one_len_unlocked() (bsc#1171979). - epoll: Keep a reference on files added to the check list (bsc#1180031). - fix regression in 'epoll: Keep a reference on files added to the check list' (bsc#1180031, git-fixes). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032). - futex: Ensure the correct return value from futex_lock_pi() (bsc#1181349 bsc#1149032). - futex: Fix incorrect should_fail_futex() handling (bsc#1181349). - futex: Handle faults correctly for PI futexes (bsc#1181349 bsc#1149032). - futex: Provide and use pi_state_update_owner() (bsc#1181349 bsc#1149032). - futex: Replace pointless printk in fixup_owner() (bsc#1181349 bsc#1149032). - futex: Simplify fixup_pi_state_owner() (bsc#1181349 bsc#1149032). - futex: Use pi_state_update_owner() in put_pi_state() (bsc#1181349 bsc#1149032). - HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052). - iommu/vt-d: Do not dereference iommu_device if IOMMU_API is not built (bsc#1181001, jsc#ECO-3191). - iommu/vt-d: Gracefully handle DMAR units with no supported address widths (bsc#1181001, jsc#ECO-3191). - kABI: Fix kABI for extended APIC-ID support (bsc#1181001, jsc#ECO-3191). - locking/futex: Allow low-level atomic operations to return -EAGAIN (bsc#1149032). - md/bitmap: fix memory leak of temporary bitmap (bsc#1163727). - md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727). - md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727). - md/cluster: block reshape with remote resync job (bsc#1163727). - md/cluster: fix deadlock when node is doing resync job (bsc#1163727). - md-cluster: Fix potential error pointer dereference in resize_bitmaps() (bsc#1163727). - md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc#1163727). - md-cluster: fix safemode_delay value when converting to clustered bitmap (bsc#1163727). - md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727). - Move upstreamed bt fixes into sorted section - nbd: Fix memory leak in nbd_add_socket (bsc#1181504). - net/x25: prevent a couple of overflows (bsc#1178590). - NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304). - rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (bsc#1181349 bsc#1149032). - s390/dasd: fix hanging device offline processing (bsc#1144912). - scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#188304). - scsi: ibmvfc: Use compiler attribute defines instead of __attribute__() (bsc#1176962 ltc#188304). - SUNRPC: cache: ignore timestamp written to 'flush' file (bsc#1178036). - x86/apic: Fix x2apic enablement without interrupt remapping (bsc#1181001, jsc#ECO-3191). - x86/apic: Support 15 bits of APIC ID in IOAPIC/MSI where available (bsc#1181001, jsc#ECO-3191). - x86/ioapic: Handle Extended Destination ID field in RTE (bsc#1181001, jsc#ECO-3191). - x86/kvm: Add KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191). - x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191). - x86/msi: Only use high bits of MSI address for DMAR unit (bsc#1181001, jsc#ECO-3191). - x86/tracing: Introduce a static key for exception tracing (bsc#1179895). - x86/traps: Simplify pagefault tracing logic (bsc#1179895). - xfrm: Fix memleak on xfrm state destroy (bsc#1158775). Important SUSE bug 1144912 SUSE bug 1149032 SUSE bug 1158775 SUSE bug 1163727 SUSE bug 1171979 SUSE bug 1176395 SUSE bug 1176846 SUSE bug 1176962 SUSE bug 1177304 SUSE bug 1177666 SUSE bug 1178036 SUSE bug 1178182 SUSE bug 1178198 SUSE bug 1178372 SUSE bug 1178589 SUSE bug 1178590 SUSE bug 1178684 SUSE bug 1178886 SUSE bug 1179107 SUSE bug 1179140 SUSE bug 1179141 SUSE bug 1179419 SUSE bug 1179429 SUSE bug 1179508 SUSE bug 1179509 SUSE bug 1179601 SUSE bug 1179616 SUSE bug 1179663 SUSE bug 1179666 SUSE bug 1179745 SUSE bug 1179877 SUSE bug 1179878 SUSE bug 1179895 SUSE bug 1179960 SUSE bug 1179961 SUSE bug 1180008 SUSE bug 1180027 SUSE bug 1180028 SUSE bug 1180029 SUSE bug 1180030 SUSE bug 1180031 SUSE bug 1180032 SUSE bug 1180052 SUSE bug 1180086 SUSE bug 1180559 SUSE bug 1180562 SUSE bug 1180676 SUSE bug 1181001 SUSE bug 1181158 SUSE bug 1181349 SUSE bug 1181504 SUSE bug 1181553 SUSE bug 1181645 CVE-2019-20934 CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-15436 CVE-2020-15437 CVE-2020-25211 CVE-2020-25639 CVE-2020-25669 CVE-2020-27068 CVE-2020-27777 CVE-2020-27786 CVE-2020-27825 CVE-2020-27835 CVE-2020-28374 CVE-2020-28915 CVE-2020-28974 CVE-2020-29371 CVE-2020-29568 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2020-4788 CVE-2021-3347 CVE-2021-3348 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843). - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753). - CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747). by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372). - CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428). The following non-security bugs were fixed: - cifs: check all path components in resolved dfs target (bsc#1180906). - cifs: fix check of tcon dfs in smb1 (bsc#1180906). - cifs: fix nodfs mount option (bsc#1180906). - cifs: introduce helper for finding referral server (bsc#1180906). - kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082) - kernel-binary.spec: Add back initrd and image symlink ghosts to filelist (bsc#1182140). Fixes: 76a9256314c3 ('rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082).') - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). RPM_BUILD_ROOT is cleared before %%install. Do the unpack into RPM_BUILD_ROOT in %%install - rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014) - rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014) %split_extra still contained two. - rpm/kernel-binary.spec.in: Fix compressed module handling for in-tree KMP (jsc#SLE-10886) - rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045) egrep is only a deprecated bash wrapper for 'grep -E'. So use the latter instead. - rpm/kernel-module-subpackage: make Group tag optional (bsc#1163592) - rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls (bsc#1178401) - rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082). - rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit kernel due to various bugs (bsc#1178762 to name one). There is: ExportFilter: ^kernel-obs-build.*\.x86_64.rpm$ . i586 in Factory's prjconf now. No other actively maintained distro (i.e. merging packaging branch) builds a x86_32 kernel, hence pushing to packaging directly. - rpm/post.sh: Avoid purge-kernel for the first installed kernel (bsc#1180058) - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section - scsi: fc: add FPIN ELS definition (bsc#1181441). - scsi/fc: kABI fixes for new ELS_FPIN definition (bsc#1181441) - scsi: fc: Update Descriptor definition and add RDF and Link Integrity FPINs (bsc#1181441). - scsi: Fix trivial spelling (bsc#1181441). - scsi: qla2xxx: Add IOCB resource tracking (bsc#1181441). - scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1181441). - scsi: qla2xxx: Address a set of sparse warnings (bsc#1181441). - scsi: qla2xxx: Add rport fields in debugfs (bsc#1181441). - scsi: qla2xxx: Add SLER and PI control support (bsc#1181441). - scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (bsc#1181441). - scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (bsc#1181441). - scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (bsc#1181441). - scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (bsc#1181441). - scsi: qla2xxx: Change post del message from debug level to log level (bsc#1181441). - scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (bsc#1181441). - scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (bsc#1181441). - scsi: qla2xxx: Check if FW supports MQ before enabling (bsc#1181441). - scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (bsc#1181441). - scsi: qla2xxx: Correct the check for sscanf() return value (bsc#1181441). - scsi: qla2xxx: Do not check for fw_started while posting NVMe command (bsc#1181441). - scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (bsc#1181441). - scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1181441). - scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (bsc#1181441). - scsi: qla2xxx: Fix buffer-buffer credit extraction error (bsc#1181441). - scsi: qla2xxx: Fix compilation issue in PPC systems (bsc#1181441). - scsi: qla2xxx: Fix crash during driver load on big endian machines (bsc#1181441). - scsi: qla2xxx: Fix crash on session cleanup with unload (bsc#1181441). - scsi: qla2xxx: Fix description for parameter ql2xenforce_iocb_limit (bsc#1181441). - scsi: qla2xxx: Fix device loss on 4G and older HBAs (bsc#1181441). - scsi: qla2xxx: Fix endianness annotations in header files (bsc#1181441). - scsi: qla2xxx: Fix endianness annotations in source files (bsc#1181441). - scsi: qla2xxx: Fix failure message in qlt_disable_vha() (bsc#1181441). - scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines (bsc#1181441). - scsi: qla2xxx: Fix FW initialization error on big endian machines (bsc#1181441). - scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (bsc#1181441). - scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (bsc#1181441). - scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (bsc#1181441). - scsi: qla2xxx: Fix I/O errors during LIP reset tests (bsc#1181441). - scsi: qla2xxx: Fix I/O failures during remote port toggle testing (bsc#1181441). - scsi: qla2xxx: Fix issue with adapter's stopping state (bsc#1181441). - scsi: qla2xxx: Fix login timeout (bsc#1181441). - scsi: qla2xxx: Fix memory size truncation (bsc#1181441). - scsi: qla2xxx: Fix MPI failure AEN (8200) handling (bsc#1181441). - scsi: qla2xxx: Fix MPI reset needed message (bsc#1181441). - scsi: qla2xxx: Fix N2N and NVMe connect retry failure (bsc#1181441). - scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (bsc#1181441). - scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (bsc#1181441). - scsi: qla2xxx: Fix regression on sparc64 (bsc#1181441). - scsi: qla2xxx: Fix reset of MPI firmware (bsc#1181441). - scsi: qla2xxx: Fix return of uninitialized value in rval (bsc#1181441). - scsi: qla2xxx: Fix spelling of a variable name (bsc#1181441). - scsi: qla2xxx: Fix the call trace for flush workqueue (bsc#1181441). - scsi: qla2xxx: Fix the code that reads from mailbox registers (bsc#1181441). - scsi: qla2xxx: Fix the return value (bsc#1181441). - scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (bsc#1181441). - scsi: qla2xxx: Fix warning after FC target reset (bsc#1181441). - scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (bsc#1181441). - scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (bsc#1181441). - scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (bsc#1181441). - scsi: qla2xxx: Flush all sessions on zone disable (bsc#1181441). - scsi: qla2xxx: Flush I/O on zone disable (bsc#1181441). - scsi: qla2xxx: Handle aborts correctly for port undergoing deletion (bsc#1181441). - scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (bsc#1181441). - scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry (bsc#1181441). - scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (bsc#1181441). - scsi: qla2xxx: Indicate correct supported speeds for Mezz card (bsc#1181441). - scsi: qla2xxx: Initialize 'n' before using it (bsc#1181441). - scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (bsc#1181441). - scsi: qla2xxx: Introduce a function for computing the debug message prefix (bsc#1181441). - scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1181441). - scsi: qla2xxx: Limit interrupt vectors to number of CPUs (bsc#1181441). - scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (bsc#1181441). - scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1181441). - scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (bsc#1181441). - scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (bsc#1181441). - scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (bsc#1181441). - scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (bsc#1181441). - scsi: qla2xxx: Make qlafx00_process_aen() return void (bsc#1181441). - scsi: qla2xxx: Make qla_set_ini_mode() return void (bsc#1181441). - scsi: qla2xxx: Make tgt_port_database available in initiator mode (bsc#1181441). - scsi: qla2xxx: Move sess cmd list/lock to driver (bsc#1181441). - scsi: qla2xxx: Performance tweak (bsc#1181441). - scsi: qla2xxx: Reduce duplicate code in reporting speed (bsc#1181441). - scsi: qla2xxx: Reduce noisy debug message (bsc#1181441). - scsi: qla2xxx: Remove an unused function (bsc#1181441). - scsi: qla2xxx: Remove a superfluous cast (bsc#1181441). - scsi: qla2xxx: remove incorrect sparse #ifdef (bsc#1181441). - scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code (bsc#1181441). - scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code (bsc#1181441). - scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1181441). - scsi: qla2xxx: Remove redundant variable initialization (bsc#1181441). - scsi: qla2xxx: Remove return value from qla_nvme_ls() (bsc#1181441). - scsi: qla2xxx: Remove superfluous memset() (bsc#1181441). - scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (bsc#1181441). - scsi: qla2xxx: Remove trailing semicolon in macro definition (bsc#1181441). - scsi: qla2xxx: Remove unneeded variable 'rval' (bsc#1181441). - scsi: qla2xxx: Return EBUSY on fcport deletion (bsc#1181441). - scsi: qla2xxx: SAN congestion management implementation (bsc#1181441). - scsi: qla2xxx: Setup debugfs entries for remote ports (bsc#1181441). - scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (bsc#1181441). - scsi: qla2xxx: Simplify the functions for dumping firmware (bsc#1181441). - scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (bsc#1181441). - scsi: qla2xxx: Split qla2x00_configure_local_loop() (bsc#1181441). - scsi: qla2xxx: Tear down session if FW say it is down (bsc#1181441). - scsi: qla2xxx: Update version to 10.02.00.102-k (bsc#1181441). - scsi: qla2xxx: Update version to 10.02.00.103-k (bsc#1181441). - scsi: qla2xxx: Update version to 10.02.00.104-k (bsc#1181441). - scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (bsc#1181441). - scsi: qla2xxx: Use constant when it is known (bsc#1181441). - scsi: qla2xxx: Use make_handle() instead of open-coding it (bsc#1181441). - scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (bsc#1181441). - scsi: qla2xxx: Use register names instead of register offsets (bsc#1181441). - scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1181441). - scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1181441). - scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (bsc#1181441). - scsi: scsi_transport_fc: Add FPIN fc event codes (bsc#1181441). - scsi: scsi_transport_fc: refactor event posting routines (bsc#1181441). - scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (bsc#1181441). - x86/hyperv: Fix kexec panic/hang issues (bsc#1176831). - xen/netback: avoid race in xenvif_rx_ring_slots_available() (bsc#1065600). - xen/netback: fix spurious event detection for common event case (bsc#1182175). Important SUSE bug 1065600 SUSE bug 1163592 SUSE bug 1176831 SUSE bug 1178401 SUSE bug 1178762 SUSE bug 1179014 SUSE bug 1179015 SUSE bug 1179045 SUSE bug 1179082 SUSE bug 1179428 SUSE bug 1179660 SUSE bug 1180058 SUSE bug 1180906 SUSE bug 1181441 SUSE bug 1181747 SUSE bug 1181753 SUSE bug 1181843 SUSE bug 1182140 SUSE bug 1182175 CVE-2020-29368 CVE-2020-29374 CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_68 fixes one issue. The following security issue was fixed: - CVE-2020-29368: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179664). Important SUSE bug 1179664 CVE-2020-29368 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_65 fixes several issues. The following security issues were fixed: - CVE-2020-29368: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179664). - CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault handling, allowing local users to execute code in the kernel (bsc#1181553). - CVE-2020-27786: Fixed a potential user after free which could have led to memory corruption or privilege escalation (bsc#1179616). - CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI target code which could have been used by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#1178684). Important SUSE bug 1178684 SUSE bug 1179616 SUSE bug 1179664 SUSE bug 1181553 CVE-2020-27786 CVE-2020-28374 CVE-2020-29368 CVE-2021-3347 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_60 fixes several issues. The following security issues were fixed: - CVE-2020-29368: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179664). - Fixed an issue where NFS client filesystems got unmounted on fail-over (bsc#1182468). - Fixed an issue where NFS client hanged on write errors (bsc#1182108). - CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault handling, allowing local users to execute code in the kernel (bsc#1181553). - CVE-2020-27786: Fixed a potential user after free which could have led to memory corruption or privilege escalation (bsc#1179616). - CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI target code which could have been used by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#1178684). Important SUSE bug 1178684 SUSE bug 1179616 SUSE bug 1179664 SUSE bug 1181553 SUSE bug 1182108 SUSE bug 1182468 CVE-2020-27786 CVE-2020-28374 CVE-2020-29368 CVE-2021-3347 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_57 fixes several issues. The following security issues were fixed: - CVE-2020-29368: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179664). - Fixed an issue where NFS client filesystems got unmounted on fail-over (bsc#1182468). - Fixed an issue where NFS client hanged on write errors (bsc#1182108). - CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault handling, allowing local users to execute code in the kernel (bsc#1181553). - CVE-2020-27786: Fixed a potential user after free which could have led to memory corruption or privilege escalation (bsc#1179616). - CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI target code which could have been used by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#1178684). Important SUSE bug 1178684 SUSE bug 1179616 SUSE bug 1179664 SUSE bug 1181553 SUSE bug 1182108 SUSE bug 1182468 CVE-2020-27786 CVE-2020-28374 CVE-2020-29368 CVE-2021-3347 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_54 fixes several issues. The following security issues were fixed: - CVE-2020-29368: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179664). - Fixed an issue where NFS client filesystems got unmounted on fail-over (bsc#1182468). - Fixed an issue where NFS client hanged on write errors (bsc#1182108). - CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault handling, allowing local users to execute code in the kernel (bsc#1181553). - CVE-2020-27786: Fixed a potential user after free which could have led to memory corruption or privilege escalation (bsc#1179616). - CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI target code which could have been used by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#1178684). Important SUSE bug 1178684 SUSE bug 1179616 SUSE bug 1179664 SUSE bug 1181553 SUSE bug 1182108 SUSE bug 1182468 CVE-2020-27786 CVE-2020-28374 CVE-2020-29368 CVE-2021-3347 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_51 fixes several issues. The following security issues were fixed: - CVE-2020-29368: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179664). - Fixed an issue where NFS client filesystems got unmounted on fail-over (bsc#1182468). - CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault handling, allowing local users to execute code in the kernel (bsc#1181553). - CVE-2020-27786: Fixed a potential user after free which could have led to memory corruption or privilege escalation (bsc#1179616). - CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI target code which could have been used by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#1178684). Important SUSE bug 1178684 SUSE bug 1179616 SUSE bug 1179664 SUSE bug 1181553 SUSE bug 1182468 CVE-2020-27786 CVE-2020-28374 CVE-2020-29368 CVE-2021-3347 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_48 fixes several issues. The following security issues were fixed: - CVE-2020-29368: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179664). - Fixed an issue where NFS client filesystems got unmounted on fail-over (bsc#1182468). - CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault handling, allowing local users to execute code in the kernel (bsc#1181553). - CVE-2020-27786: Fixed a potential user after free which could have led to memory corruption or privilege escalation (bsc#1179616). - CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI target code which could have been used by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#1178684). Important SUSE bug 1178684 SUSE bug 1179616 SUSE bug 1179664 SUSE bug 1181553 SUSE bug 1182468 CVE-2020-27786 CVE-2020-28374 CVE-2020-29368 CVE-2021-3347 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_74 fixes several issues. The following security issues were fixed: - CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516). - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). Important SUSE bug 1195908 SUSE bug 1195949 CVE-2022-0487 CVE-2022-0492 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_77 fixes several issues. The following security issues were fixed: - CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516). - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). Important SUSE bug 1195908 SUSE bug 1195949 CVE-2022-0487 CVE-2022-0492 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_80 fixes several issues. The following security issues were fixed: - CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516). - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). Important SUSE bug 1195908 SUSE bug 1195949 CVE-2022-0487 CVE-2022-0492 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_83 fixes several issues. The following security issues were fixed: - CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516). - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). Important SUSE bug 1195908 SUSE bug 1195949 CVE-2022-0487 CVE-2022-0492 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_88 fixes one issue. The following security issue was fixed: - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). Important SUSE bug 1195908 CVE-2022-0492 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_77 fixes one issue. The following security issue was fixed: - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) Important SUSE bug 1197133 CVE-2022-27666 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_80 fixes one issue. The following security issue was fixed: - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) Important SUSE bug 1197133 CVE-2022-27666 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_83 fixes one issue. The following security issue was fixed: - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) Important SUSE bug 1197133 CVE-2022-27666 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_88 fixes one issue. The following security issue was fixed: - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) Important SUSE bug 1197133 CVE-2022-27666 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated. The following security bugs were fixed: - CVE-2022-0812: Fixed an incorrect header size calculations which could lead to a memory leak. (bsc#1196639) - CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free. (bnc#1196973) - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227) - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-28356: Fixed a refcount bug in llc_ui_bind and llc_ui_autobind which could allow an unprivileged user to execute a DoS. (bnc#1197391) - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032) - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031) - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331) - CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761) - CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device. (bsc#1196836) - CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366) - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) The following non-security bugs were fixed: - ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018). - genirq: Use rcu in kstat_irqs_usr() (bsc#1193738). - llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes). - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - net: usb: ax88179_178a: fix packet alignment padding (bsc#1196018). - net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). - sr9700: sanity check for packet length (bsc#1196836). - tcp: add some entropy in __inet_hash_connect() (bsc#1180153). - tcp: change source port randomizarion at connect() time (bsc#1180153). - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - x86/tsc: Make calibration refinement more robust (bsc#1196573). - xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). Important SUSE bug 1180153 SUSE bug 1189562 SUSE bug 1193738 SUSE bug 1194943 SUSE bug 1195051 SUSE bug 1195353 SUSE bug 1196018 SUSE bug 1196114 SUSE bug 1196468 SUSE bug 1196488 SUSE bug 1196514 SUSE bug 1196573 SUSE bug 1196639 SUSE bug 1196761 SUSE bug 1196830 SUSE bug 1196836 SUSE bug 1196942 SUSE bug 1196973 SUSE bug 1197211 SUSE bug 1197227 SUSE bug 1197331 SUSE bug 1197366 SUSE bug 1197391 SUSE bug 1197462 SUSE bug 1198031 SUSE bug 1198032 SUSE bug 1198033 CVE-2021-39713 CVE-2021-45868 CVE-2022-0812 CVE-2022-0850 CVE-2022-1016 CVE-2022-1048 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-26490 CVE-2022-26966 CVE-2022-27666 CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_93 fixes one issue. The following security issue was fixed: - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) Important SUSE bug 1197133 CVE-2022-27666 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_74 fixes one issue. The following security issue was fixed: - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) Important SUSE bug 1197133 CVE-2022-27666 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_80 fixes several issues. The following security issues were fixed: - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197335) - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bsc#1197344) - CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free (bsc#1197211). Important SUSE bug 1197211 SUSE bug 1197335 SUSE bug 1197344 CVE-2021-39713 CVE-2022-1011 CVE-2022-1016 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_74 fixes several issues. The following security issues were fixed: - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197335) - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bsc#1197344) - CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free (bsc#1197211). - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197133) Important SUSE bug 1197133 SUSE bug 1197211 SUSE bug 1197335 SUSE bug 1197344 CVE-2021-39713 CVE-2022-0886 CVE-2022-1011 CVE-2022-1016 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_77 fixes several issues. The following security issues were fixed: - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197335) - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bsc#1197344) - CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free (bsc#1197211). Important SUSE bug 1197211 SUSE bug 1197335 SUSE bug 1197344 CVE-2021-39713 CVE-2022-1011 CVE-2022-1016 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_83 fixes several issues. The following security issues were fixed: - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197335) - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bsc#1197344) - CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free (bsc#1197211). Important SUSE bug 1197211 SUSE bug 1197335 SUSE bug 1197344 CVE-2021-39713 CVE-2022-1011 CVE-2022-1016 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_88 fixes several issues. The following security issues were fixed: - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197335) - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bsc#1197344) - CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free (bsc#1197211). Important SUSE bug 1197211 SUSE bug 1197335 SUSE bug 1197344 CVE-2021-39713 CVE-2022-1011 CVE-2022-1016 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_93 fixes several issues. The following security issues were fixed: - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197335) - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bsc#1197344) - CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free (bsc#1197211). Important SUSE bug 1197211 SUSE bug 1197335 SUSE bug 1197344 CVE-2021-39713 CVE-2022-1011 CVE-2022-1016 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_77 fixes one issue. The following security issue was fixed: - CVE-2022-0330: A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allowed a local user to crash the system or escalate their privileges on the system. (bsc#1195950) Important SUSE bug 1195950 CVE-2022-0330 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_80 fixes one issue. The following security issue was fixed: - CVE-2022-0330: A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allowed a local user to crash the system or escalate their privileges on the system. (bsc#1195950) Important SUSE bug 1195950 CVE-2022-0330 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_83 fixes one issue. The following security issue was fixed: - CVE-2022-0330: A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allowed a local user to crash the system or escalate their privileges on the system. (bsc#1195950) Important SUSE bug 1195950 CVE-2022-0330 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_96 fixes several issues. The following security issues were fixed: - CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free. (bsc#1197211) - CVE-2022-1011: A use-after-free flaw was found in the FUSE filesystem in the way a user triggers write(). This flaw allowed a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. (bsc#1197344) Important SUSE bug 1197211 SUSE bug 1197344 CVE-2021-39713 CVE-2022-1011 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_74 fixes one issue. The following security issue was fixed: - CVE-2022-0330: A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allowed a local user to crash the system or escalate their privileges on the system. (bsc#1195950) Important SUSE bug 1195950 CVE-2022-0330 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_80 fixes several issues. The following security issues were fixed: - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock (bsc#1197597). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199602). - Add missing module_mutex lock to module notifier for previous live patches (bsc#1199834). Important SUSE bug 1197597 SUSE bug 1199602 SUSE bug 1199834 CVE-2022-1048 CVE-2022-30594 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_83 fixes several issues. The following security issues were fixed: - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock (bsc#1197597). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199602). - Add missing module_mutex lock to module notifier for previous live patches (bsc#1199834). Important SUSE bug 1197597 SUSE bug 1199602 SUSE bug 1199834 CVE-2022-1048 CVE-2022-30594 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_88 fixes several issues. The following security issues were fixed: - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock (bsc#1197597). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199602). - Add missing module_mutex lock to module notifier for previous live patches (bsc#1199834). Important SUSE bug 1197597 SUSE bug 1199602 SUSE bug 1199834 CVE-2022-1048 CVE-2022-30594 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_96 fixes several issues. The following security issue was fixed: - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199602). - Add missing module_mutex lock to module notifier for previous live patches (bsc#1199834). Important SUSE bug 1199602 SUSE bug 1199834 CVE-2022-30594 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_77 fixes several issues. The following security issues were fixed: - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock (bsc#1197597). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199602). - Add missing module_mutex lock to module notifier for previous live patches (bsc#1199834). Important SUSE bug 1197597 SUSE bug 1199602 SUSE bug 1199834 CVE-2022-1048 CVE-2022-30594 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_93 fixes several issues. The following security issues were fixed: - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock (bsc#1197597). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199602). - Add missing module_mutex lock to module notifier for previous live patches (bsc#1199834). Important SUSE bug 1197597 SUSE bug 1199602 SUSE bug 1199834 CVE-2022-1048 CVE-2022-30594 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated. The following security bugs were fixed: - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) - CVE-2021-39711: Fixed a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1197219). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012). - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647). - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2021-43389: Fixed an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958). - CVE-2019-20811: Fixed issue in rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, where a reference count is mishandled (bnc#1172456). - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055). - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c. (bnc#1198516) - CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723). - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343) The following non-security bugs were fixed: - btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399). - btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399). - debug: Lock down kgdb (bsc#1199426). - dimlib: make DIMLIB a hidden symbol (bsc#1197099 jsc#SLE-24124). - lib/dim: Fix -Wunused-const-variable warnings (bsc#1197099 jsc#SLE-24124). - lib/dim: fix help text typos (bsc#1197099 jsc#SLE-24124). - linux/dim: Add completions count to dim_sample (bsc#1197099 jsc#SLE-24124). - linux/dim: Fix overflow in dim calculation (bsc#1197099 jsc#SLE-24124). - linux/dim: Implement RDMA adaptive moderation (DIM) (bsc#1197099 jsc#SLE-24124). - linux/dim: Move implementation to .c files (bsc#1197099 jsc#SLE-24124). - linux/dim: Move logic to dim.h (bsc#1197099 jsc#SLE-24124). - linux/dim: Remove 'net' prefix from internal DIM members (bsc#1197099 jsc#SLE-24124). - linux/dim: Rename externally exposed macros (bsc#1197099 jsc#SLE-24124). - linux/dim: Rename externally used net_dim members (bsc#1197099 jsc#SLE-24124). - linux/dim: Rename net_dim_sample() to net_dim_update_sample() (bsc#1197099 jsc#SLE-24124). - net: ena: A typo fix in the file ena_com.h (bsc#1197099 jsc#SLE-24124). - net: ena: Add capabilities field with support for ENI stats capability (bsc#1197099 jsc#SLE-24124). - net: ena: add device distinct log prefix to files (bsc#1197099 jsc#SLE-24124). - net: ena: Add first_interrupt field to napi struct (bsc#1197099 jsc#SLE-24124). - net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it (bsc#1197099 jsc#SLE-24124). - net: ena: add jiffies of last napi call to stats (bsc#1197099 jsc#SLE-24124). - net: ena: add missing ethtool TX timestamping indication (bsc#1197099 jsc#SLE-24124). - net: ena: add reserved PCI device ID (bsc#1197099 jsc#SLE-24124). - net: ena: add support for reporting of packet drops (bsc#1197099 jsc#SLE-24124). - net: ena: add support for the rx offset feature (bsc#1197099 jsc#SLE-24124). - net: ena: add support for traffic mirroring (bsc#1197099 jsc#SLE-24124). - net: ena: add unmask interrupts statistics to ethtool (bsc#1197099 jsc#SLE-24124). - net: ena: aggregate stats increase into a function (bsc#1197099 jsc#SLE-24124). - net: ena: allow setting the hash function without changing the key (bsc#1197099 jsc#SLE-24124). - net: ena: avoid memory access violation by validating req_id properly (bsc#1197099 jsc#SLE-24124). - net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1197099 jsc#SLE-24124). - net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1197099 jsc#SLE-24124). - net: ena: Capitalize all log strings and improve code readability (bsc#1197099 jsc#SLE-24124). - net: ena: change default RSS hash function to Toeplitz (bsc#1197099 jsc#SLE-24124). - net: ena: Change ENI stats support check to use capabilities field (bsc#1197099 jsc#SLE-24124). - net: ena: Change license into format to SPDX in all files (bsc#1197099 jsc#SLE-24124). - net: ena: Change log message to netif/dev function (bsc#1197099 jsc#SLE-24124). - net: ena: change num_queues to num_io_queues for clarity and consistency (bsc#1197099 jsc#SLE-24124). - net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1197099 jsc#SLE-24124). - net: ena: Change RSS related macros and variables names (bsc#1197099 jsc#SLE-24124). - net: ena: Change the name of bad_csum variable (bsc#1197099 jsc#SLE-24124). - net: ena: changes to RSS hash key allocation (bsc#1197099 jsc#SLE-24124). - net: ena: clean up indentation issue (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: code reorderings (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: fix line break issues (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: fix spacing issues (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: minor code changes (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: remove unnecessary code (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1197099 jsc#SLE-24124). - net: ena: do not wake up tx queue when down (bsc#1197099 jsc#SLE-24124). - net: ena: drop superfluous prototype (bsc#1197099 jsc#SLE-24124). - net: ena: ena-com.c: prevent NULL pointer dereference (bsc#1197099 jsc#SLE-24124). - net: ena: enable support of rss hash key and function changes (bsc#1197099 jsc#SLE-24124). - net: ena: enable the interrupt_moderation in driver_supported_features (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: Add new device statistics (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: clean up minor indentation issue (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: get_channels: use combined only (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: remove redundant non-zero check on rc (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: support set_channels callback (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: use correct value for crc32 hash (bsc#1197099 jsc#SLE-24124). - net: ena: Fix all static chekers' warnings (bsc#1197099 jsc#SLE-24124). - net: ena: Fix build warning in ena_xdp_set() (bsc#1197099 jsc#SLE-24124). - net: ena: fix coding style nits (bsc#1197099 jsc#SLE-24124). - net: ena: fix continuous keep-alive resets (bsc#1197099 jsc#SLE-24124). - net: ena: fix corruption of dev_idx_to_host_tbl (bsc#1197099 jsc#SLE-24124). - net: ena: fix default tx interrupt moderation interval (bsc#1197099 jsc#SLE-24124). - net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1197099 jsc#SLE-24124). - net: ena: Fix error handling when calculating max IO queues number (bsc#1197099 jsc#SLE-24124). - net: ena: fix error returning in ena_com_get_hash_function() (bsc#1197099 jsc#SLE-24124). - net: ena: fix inaccurate print type (bsc#1197099 jsc#SLE-24124). - net: ena: fix incorrect default RSS key (bsc#1197099 jsc#SLE-24124). - net: ena: fix incorrect setting of the number of msix vectors (bsc#1197099 jsc#SLE-24124). - net: ena: fix incorrect update of intr_delay_resolution (bsc#1197099 jsc#SLE-24124). - net: ena: fix incorrectly saving queue numbers when setting RSS indirection table (bsc#1197099 jsc#SLE-24124). - net: ena: fix issues in setting interrupt moderation params in ethtool (bsc#1197099 jsc#SLE-24124). - net: ena: fix packet's addresses for rx_offset feature (bsc#1197099 jsc#SLE-24124). - net: ena: fix potential crash when rxfh key is NULL (bsc#1197099 jsc#SLE-24124). - net: ena: fix request of incorrect number of IRQ vectors (bsc#1197099 jsc#SLE-24124). - net: ena: fix retrieval of nonadaptive interrupt moderation intervals (bsc#1197099 jsc#SLE-24124). - net: ena: fix update of interrupt moderation register (bsc#1197099 jsc#SLE-24124). - net: ena: fix uses of round_jiffies() (bsc#1197099 jsc#SLE-24124). - net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1197099 jsc#SLE-24124). - net: ena: Fix wrong rx request id by resetting device (bsc#1197099 jsc#SLE-24124). - net: ena: handle bad request id in ena_netdev (bsc#1197099 jsc#SLE-24124). - net: ena: Improve error logging in driver (bsc#1197099 jsc#SLE-24124). - net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE (bsc#1197099 jsc#SLE-24124). - net: ena: make ethtool -l show correct max number of queues (bsc#1197099 jsc#SLE-24124). - net: ena: Make missed_tx stat incremental (bsc#1197099 jsc#SLE-24124). - net: ena: make symbol 'ena_alloc_map_page' static (bsc#1197099 jsc#SLE-24124). - net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1197099 jsc#SLE-24124). - net: ena: Move reset completion print to the reset function (bsc#1197099 jsc#SLE-24124). - net: ena: multiple queue creation related cleanups (bsc#1197099 jsc#SLE-24124). - net: ena: Prevent reset after device destruction (bsc#1197099 jsc#SLE-24124). - net: ena: re-organize code to improve readability (bsc#1197099 jsc#SLE-24124). - net: ena: reduce driver load time (bsc#1197099 jsc#SLE-24124). - net: ena: reimplement set/get_coalesce() (bsc#1197099 jsc#SLE-24124). - net: ena: remove all old adaptive rx interrupt moderation code from ena_com (bsc#1197099 jsc#SLE-24124). - net: ena: remove code duplication in ena_com_update_nonadaptive_moderation_interval _*() (bsc#1197099 jsc#SLE-24124). - net: ena: remove code that does nothing (bsc#1197099 jsc#SLE-24124). - net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1197099 jsc#SLE-24124). - net: ena: remove ena_restore_ethtool_params() and relevant fields (bsc#1197099 jsc#SLE-24124). - net: ena: remove extra words from comments (bsc#1197099 jsc#SLE-24124). - net: ena: Remove module param and change message severity (bsc#1197099 jsc#SLE-24124). - net: ena: remove old adaptive interrupt moderation code from ena_netdev (bsc#1197099 jsc#SLE-24124). - net: ena: remove redundant print of number of queues (bsc#1197099 jsc#SLE-24124). - net: ena: Remove redundant print of placement policy (bsc#1197099 jsc#SLE-24124). - net: ena: Remove redundant return code check (bsc#1197099 jsc#SLE-24124). - net: ena: remove set but not used variable 'hash_key' (bsc#1197099 jsc#SLE-24124). - net: ena: Remove unused code (bsc#1197099 jsc#SLE-24124). - net: ena: rename ena_com_free_desc to make API more uniform (bsc#1197099 jsc#SLE-24124). - net: ena: rss: do not allocate key when not supported (bsc#1197099 jsc#SLE-24124). - net: ena: rss: fix failure to get indirection table (bsc#1197099 jsc#SLE-24124). - net: ena: rss: store hash function as values and not bits (bsc#1197099 jsc#SLE-24124). - net: ena: Select DIMLIB for ENA_ETHERNET (bsc#1197099 jsc#SLE-24124). - net: ena: set initial DMA width to avoid intel iommu issue (bsc#1197099 jsc#SLE-24124). - net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1197099 jsc#SLE-24124). - net: ena: store values in their appropriate variables types (bsc#1197099 jsc#SLE-24124). - net: ena: support new LLQ acceleration mode (bsc#1197099 jsc#SLE-24124). - net: ena: switch to dim algorithm for rx adaptive interrupt moderation (bsc#1197099 jsc#SLE-24124). - net: ena: use constant value for net_device allocation (bsc#1197099 jsc#SLE-24124). - net: ena: Use dev_alloc() in RX buffer allocation (bsc#1197099 jsc#SLE-24124). - net: ena: use explicit variable size for clarity (bsc#1197099 jsc#SLE-24124). - net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1197099 jsc#SLE-24124). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - net: update net_dim documentation after rename (bsc#1197099 jsc#SLE-24124). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - powerpc/pseries: extract host bridge from pci_bus prior to bus removal (bsc#1182171 ltc#190900 bsc#1198660 ltc#197803). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729 bsc#1198660 ltc#197803). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825). - x86/pm: Save the MSR validity status at context setup (bsc#1114648). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1114648). Important SUSE bug 1028340 SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1114648 SUSE bug 1172456 SUSE bug 1182171 SUSE bug 1183723 SUSE bug 1187055 SUSE bug 1191647 SUSE bug 1191958 SUSE bug 1195651 SUSE bug 1196426 SUSE bug 1197099 SUSE bug 1197219 SUSE bug 1197343 SUSE bug 1198400 SUSE bug 1198516 SUSE bug 1198660 SUSE bug 1198687 SUSE bug 1198742 SUSE bug 1198825 SUSE bug 1199012 SUSE bug 1199063 SUSE bug 1199314 SUSE bug 1199399 SUSE bug 1199426 SUSE bug 1199505 SUSE bug 1199605 SUSE bug 1199650 CVE-2019-20811 CVE-2021-20292 CVE-2021-20321 CVE-2021-33061 CVE-2021-38208 CVE-2021-39711 CVE-2021-43389 CVE-2022-1011 CVE-2022-1353 CVE-2022-1419 CVE-2022-1516 CVE-2022-1652 CVE-2022-1734 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-30594 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_93 fixes one issue. The following security issue was fixed: - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) Important SUSE bug 1199606 CVE-2022-1734 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_80 fixes one issue. The following security issue was fixed: - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) Important SUSE bug 1199606 CVE-2022-1734 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_88 fixes one issue. The following security issue was fixed: - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) Important SUSE bug 1199606 CVE-2022-1734 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_96 fixes one issue. The following security issue was fixed: - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) Important SUSE bug 1199606 CVE-2022-1734 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_83 fixes one issue. The following security issue was fixed: - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) Important SUSE bug 1199606 CVE-2022-1734 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bsc#1177282) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space (bsc#1200144). - CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux kernel by simulating nfc device from user-space (bsc#1200143). - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1184: Fixed a use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (bsc#1198577). - CVE-2022-21499: Lock down kgdb to prohibit secure-boot bypass (bsc#1199426). - CVE-2019-19377: Fixed a user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image (bsc#1158266). The following non-security bugs were fixed: - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - exec: Force single empty string when argv is empty (bsc#1200571). Important SUSE bug 1158266 SUSE bug 1162338 SUSE bug 1162369 SUSE bug 1173871 SUSE bug 1177282 SUSE bug 1194013 SUSE bug 1196901 SUSE bug 1198577 SUSE bug 1199426 SUSE bug 1199487 SUSE bug 1199507 SUSE bug 1199657 SUSE bug 1200059 SUSE bug 1200143 SUSE bug 1200144 SUSE bug 1200249 SUSE bug 1200571 SUSE bug 1200599 SUSE bug 1200604 SUSE bug 1200605 SUSE bug 1200608 SUSE bug 1200619 SUSE bug 1200692 SUSE bug 1200762 SUSE bug 1201050 SUSE bug 1201080 SUSE bug 1201251 CVE-2019-19377 CVE-2020-26541 CVE-2021-26341 CVE-2021-4157 CVE-2022-1184 CVE-2022-1679 CVE-2022-1729 CVE-2022-1974 CVE-2022-1975 CVE-2022-20132 CVE-2022-20141 CVE-2022-20154 CVE-2022-21499 CVE-2022-2318 CVE-2022-26365 CVE-2022-29900 CVE-2022-29901 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33981 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_83 fixes several issues. The following security issues were fixed: - CVE-2018-25020: Fixed an issue in the BPF subsystem in the Linux kernel mishandled situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. (bsc#1193575) - CVE-2021-0935: Fixed out of bounds write due to a use after free which could lead to local escalation of privilege with System execution privileges needed in ip6_xmit. (bsc#1192032) Important SUSE bug 1192042 SUSE bug 1193863 CVE-2018-25020 CVE-2021-0935 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_93 fixes several issues. The following security issues were fixed: - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2022-21499: Reinforced the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb (bsc#1199426). - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). Important SUSE bug 1199697 SUSE bug 1200059 SUSE bug 1200608 CVE-2022-1729 CVE-2022-20154 CVE-2022-21499 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_83 fixes several issues. The following security issues were fixed: - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2022-21499: Reinforced the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb (bsc#1199426). - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). Important SUSE bug 1199697 SUSE bug 1200059 SUSE bug 1200608 CVE-2022-1729 CVE-2022-20154 CVE-2022-21499 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_99 fixes several issues. The following security issues were fixed: - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). Important SUSE bug 1199697 SUSE bug 1200608 CVE-2022-1729 CVE-2022-20154 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_80 fixes several issues. The following security issues were fixed: - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2022-21499: Reinforced the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb (bsc#1199426). - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). Important SUSE bug 1199697 SUSE bug 1200059 SUSE bug 1200608 CVE-2022-1729 CVE-2022-20154 CVE-2022-21499 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_88 fixes several issues. The following security issues were fixed: - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2022-21499: Reinforced the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb (bsc#1199426). - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). Important SUSE bug 1199697 SUSE bug 1200059 SUSE bug 1200608 CVE-2022-1729 CVE-2022-20154 CVE-2022-21499 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_96 fixes several issues. The following security issues were fixed: - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2022-21499: Reinforced the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb (bsc#1199426). - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). Important SUSE bug 1199697 SUSE bug 1200059 SUSE bug 1200608 CVE-2022-1729 CVE-2022-20154 CVE-2022-21499 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_99 fixes several issues. The following security issues were fixed: - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). Important SUSE bug 1200605 SUSE bug 1201080 CVE-2022-1679 CVE-2022-20141 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_88 fixes several issues. The following security issues were fixed: - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). Important SUSE bug 1200605 SUSE bug 1201080 SUSE bug 1201517 SUSE bug 1201655 SUSE bug 1201656 SUSE bug 1201657 CVE-2022-1419 CVE-2022-1679 CVE-2022-20141 CVE-2022-26490 CVE-2022-28389 CVE-2022-28390 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_93 fixes several issues. The following security issues were fixed: - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). Important SUSE bug 1200605 SUSE bug 1201080 SUSE bug 1201517 SUSE bug 1201655 SUSE bug 1201656 SUSE bug 1201657 CVE-2022-1419 CVE-2022-1679 CVE-2022-20141 CVE-2022-26490 CVE-2022-28389 CVE-2022-28390 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_83 fixes several issues. The following security issues were fixed: - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). Important SUSE bug 1200605 SUSE bug 1201080 SUSE bug 1201517 SUSE bug 1201655 SUSE bug 1201656 SUSE bug 1201657 CVE-2022-1419 CVE-2022-1679 CVE-2022-20141 CVE-2022-26490 CVE-2022-28389 CVE-2022-28390 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_96 fixes several issues. The following security issues were fixed: - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). Important SUSE bug 1200605 SUSE bug 1201080 SUSE bug 1201655 CVE-2022-1419 CVE-2022-1679 CVE-2022-20141 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT (bnc#1201636). - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829). The following non-security bugs were fixed: - Add missing recommends of kernel-install-tools to kernel-source-vanilla (bsc#1200442) - cifs: On cifs_reconnect, resolve the hostname again (bsc#1201926). - cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1201926). - cifs: To match file servers, make sure the server hostname matches (bsc#1201926). - cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1201926). - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1201926). - cifs: set a minimum of 120s for next dns resolution (bsc#1201926). - cifs: use the expiry output of dns_query to schedule next resolution (bsc#1201926). - kernel-binary.spec: Support radio selection for debuginfo. To disable debuginfo on 5.18 kernel a radio selection needs to be switched to a different selection. This requires disabling the currently active option and selecting NONE as debuginfo type. - kvm: emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - pahole 1.22 required for full BTF features. also recommend pahole for kernel-source to make the kernel buildable with standard config - rpm/*.spec.in: remove backtick usage - rpm/constraints.in: skip SLOW_DISK workers for kernel-source - rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775) - rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut module (bsc#1195775) - rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484). Important SUSE bug 1195775 SUSE bug 1195926 SUSE bug 1198484 SUSE bug 1198829 SUSE bug 1200442 SUSE bug 1201050 SUSE bug 1201635 SUSE bug 1201636 SUSE bug 1201926 SUSE bug 1201930 CVE-2021-26341 CVE-2021-33655 CVE-2021-33656 CVE-2022-1462 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_68 fixes several issues. The following security issues were fixed: - CVE-2018-25020: Fixed an issue in the BPF subsystem in the Linux kernel mishandled situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. (bsc#1193575) - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193) - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673, CVE-2021-23134: Fixed multiple bugs in NFC subsytem (bsc#1178181, bsc#1186060). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). Important SUSE bug 1186061 SUSE bug 1191529 SUSE bug 1192036 SUSE bug 1193863 SUSE bug 1194680 CVE-2018-25020 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-3702 CVE-2021-23134 CVE-2021-42739 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_71 fixes several issues. The following security issues were fixed: - CVE-2018-25020: Fixed an issue in the BPF subsystem in the Linux kernel mishandled situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. (bsc#1193575) - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193) - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673, CVE-2021-23134: Fixed multiple bugs in NFC subsytem (bsc#1178181, bsc#1186060). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). Important SUSE bug 1186061 SUSE bug 1191529 SUSE bug 1192036 SUSE bug 1193863 SUSE bug 1194680 CVE-2018-25020 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-3702 CVE-2021-23134 CVE-2021-42739 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_74 fixes several issues. The following security issues were fixed: - CVE-2018-25020: Fixed an issue in the BPF subsystem in the Linux kernel mishandled situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. (bsc#1193575) - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193) - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). Important SUSE bug 1191529 SUSE bug 1192036 SUSE bug 1193863 CVE-2018-25020 CVE-2020-3702 CVE-2021-42739 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_77 fixes several issues. The following security issues were fixed: - CVE-2018-25020: Fixed an issue in the BPF subsystem in the Linux kernel mishandled situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. (bsc#1193575) - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193) - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). Important SUSE bug 1191529 SUSE bug 1192036 SUSE bug 1193863 CVE-2018-25020 CVE-2020-3702 CVE-2021-42739 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_80 fixes several issues. The following security issues were fixed: - CVE-2018-25020: Fixed an issue in the BPF subsystem in the Linux kernel mishandled situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. (bsc#1193575) - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bsc#1191193) - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). Important SUSE bug 1191529 SUSE bug 1192036 SUSE bug 1193863 CVE-2018-25020 CVE-2020-3702 CVE-2021-42739 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_83 fixes several issues. The following security issues were fixed: - CVE-2020-36516: Fixed an off-path attack via mixed IPID assignment method with the hash-based IPID assignment policy to inject data into a victim's TCP session or terminate that session (bsc#1196867). - CVE-2022-36946: Fixed a remote denial of service attack inside nfqnl_mangle in net/netfilter/nfnetlink_queue.c, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative length (bsc#1201941). Important SUSE bug 1196867 SUSE bug 1201941 CVE-2020-36516 CVE-2022-36946 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_88 fixes several issues. The following security issues were fixed: - CVE-2020-36516: Fixed an off-path attack via mixed IPID assignment method with the hash-based IPID assignment policy to inject data into a victim's TCP session or terminate that session (bsc#1196867). - CVE-2022-36946: Fixed a remote denial of service attack inside nfqnl_mangle in net/netfilter/nfnetlink_queue.c, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative length (bsc#1201941). Important SUSE bug 1196867 SUSE bug 1201941 CVE-2020-36516 CVE-2022-36946 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_93 fixes several issues. The following security issues were fixed: - CVE-2020-36516: Fixed an off-path attack via mixed IPID assignment method with the hash-based IPID assignment policy to inject data into a victim's TCP session or terminate that session (bsc#1196867). - CVE-2022-36946: Fixed a remote denial of service attack inside nfqnl_mangle in net/netfilter/nfnetlink_queue.c, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative length (bsc#1201941). Important SUSE bug 1196867 SUSE bug 1201941 CVE-2020-36516 CVE-2022-36946 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_96 fixes several issues. The following security issues were fixed: - CVE-2020-36516: Fixed an off-path attack via mixed IPID assignment method with the hash-based IPID assignment policy to inject data into a victim's TCP session or terminate that session (bsc#1196867). - CVE-2022-36946: Fixed a remote denial of service attack inside nfqnl_mangle in net/netfilter/nfnetlink_queue.c, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative length (bsc#1201941). Important SUSE bug 1196867 SUSE bug 1201941 CVE-2020-36516 CVE-2022-36946 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_99 fixes several issues. The following security issues were fixed: - CVE-2020-36516: Fixed an off-path attack via mixed IPID assignment method with the hash-based IPID assignment policy to inject data into a victim's TCP session or terminate that session (bsc#1196867). - CVE-2022-36946: Fixed a remote denial of service attack inside nfqnl_mangle in net/netfilter/nfnetlink_queue.c, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative length (bsc#1201941). Important SUSE bug 1196867 SUSE bug 1201941 CVE-2020-36516 CVE-2022-36946 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_102 fixes several issues. The following security issues were fixed: - CVE-2020-36516: Fixed an off-path attack via mixed IPID assignment method with the hash-based IPID assignment policy to inject data into a victim's TCP session or terminate that session (bsc#1196867). - CVE-2022-36946: Fixed a remote denial of service attack inside nfqnl_mangle in net/netfilter/nfnetlink_queue.c, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative length (bsc#1201941). Important SUSE bug 1196867 SUSE bug 1201941 CVE-2020-36516 CVE-2022-36946 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_105 fixes several issues. The following security issues were fixed: - CVE-2020-36516: Fixed an off-path attack via mixed IPID assignment method with the hash-based IPID assignment policy to inject data into a victim's TCP session or terminate that session (bsc#1196867). - CVE-2022-36946: Fixed a remote denial of service attack inside nfqnl_mangle in net/netfilter/nfnetlink_queue.c, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative length (bsc#1201941). Important SUSE bug 1196867 SUSE bug 1201941 CVE-2020-36516 CVE-2022-36946 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-36946: Fixed a denial of service (panic) inside nfqnl_mangle in net/netfilter/nfnetlink_queue.c (bnc#1201940). - CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948). - CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898). - CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672). - CVE-2022-2639: Fixed an integer coercion error that was found in the openvswitch kernel module (bnc#1202154). - CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-21385: Fixed a flaw in net_rds_alloc_sgs() that allowed unprivileged local users to crash the machine (bnc#1202897). - CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347). - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346). - CVE-2022-20166: Fixed possible out of bounds write due to a heap buffer overflow in various methods of kernel base drivers (bnc#1200598). - CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535). - CVE-2020-36558: Fixed a race condition involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault (bnc#1200910). - CVE-2020-36557: Fixed a race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys that could have led to a use-after-free (bnc#1201429). - CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616). The following non-security bugs were fixed: - cifs: fix error paths in cifs_tree_connect() (bsc#1177440). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1188944). - cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440). - cifs: skip trailing separators of prefix paths (bsc#1188944). - kernel-obs-build: include qemu_fw_cfg (boo#1201705) - lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325). - mm/rmap.c: do not reuse anon_vma if we just want a copy (git-fixes, bsc#1203098). - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098). - net_sched: cls_route: disallow handle of 0 (bsc#1202393). - objtool: Add --backtrace support (bsc#1202396). - objtool: Add support for intra-function calls (bsc#1202396). - objtool: Allow no-op CFI ops in alternatives (bsc#1202396). - objtool: Convert insn type to enum (bsc#1202396). - objtool: Do not use ignore flag for fake jumps (bsc#1202396). - objtool: Fix !CFI insn_state propagation (bsc#1202396). - objtool: Fix ORC vs alternatives (bsc#1202396). - objtool: Fix sibling call detection (bsc#1202396). - objtool: Make handle_insn_ops() unconditional (bsc#1202396). - objtool: Remove INSN_STACK (bsc#1202396). - objtool: Remove check preventing branches within alternative (bsc#1202396). - objtool: Rename elf_open() to prevent conflict with libelf from elftoolchain (bsc#1202396). - objtool: Rename struct cfi_state (bsc#1202396). - objtool: Rework allocating stack_ops on decode (bsc#1202396). - objtool: Rewrite alt->skip_orig (bsc#1202396). - objtool: Set insn->func for alternatives (bsc#1202396). - objtool: Support conditional retpolines (bsc#1202396). - objtool: Support multiple stack_op per instruction (bsc#1202396). - objtool: Track original function across branches (bsc#1202396). - objtool: Uniquely identify alternative instruction groups (bsc#1202396). - objtool: Use Elf_Scn typedef instead of assuming struct name (bsc#1202396). - powerpc/pci: Fix broken INTx configuration via OF (bsc#1172145 ltc#184630 bsc#1200770 ltc#198666). - powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145 ltc#184630 bsc#1200770 ltc#198666). - powerpc/pci: Use of_irq_parse_and_map_pci() helper (bsc#1172145 ltc#184630 bsc#1200770 ltc#198666). - rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019). Important SUSE bug 1172145 SUSE bug 1177440 SUSE bug 1188944 SUSE bug 1191881 SUSE bug 1194535 SUSE bug 1196616 SUSE bug 1200598 SUSE bug 1200770 SUSE bug 1200910 SUSE bug 1201019 SUSE bug 1201420 SUSE bug 1201429 SUSE bug 1201705 SUSE bug 1201726 SUSE bug 1201940 SUSE bug 1201948 SUSE bug 1202096 SUSE bug 1202154 SUSE bug 1202346 SUSE bug 1202347 SUSE bug 1202393 SUSE bug 1202396 SUSE bug 1202672 SUSE bug 1202897 SUSE bug 1202898 SUSE bug 1203098 CVE-2020-36516 CVE-2020-36557 CVE-2020-36558 CVE-2021-4203 CVE-2022-20166 CVE-2022-20368 CVE-2022-20369 CVE-2022-21385 CVE-2022-2588 CVE-2022-26373 CVE-2022-2639 CVE-2022-2977 CVE-2022-3028 CVE-2022-36879 CVE-2022-36946 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_83 fixes several issues. The following security issues were fixed: - CVE-2022-39188: Fixed a race condition between unmap_mapping_range() and munmap() on VM_PFNMAP mappings leads to stale TLB entry (bsc#1203116). - CVE-2022-1652: Fixed a use-after-free in bad_flp_intr (bsc#1200057). Important SUSE bug 1200057 SUSE bug 1203116 CVE-2022-1652 CVE-2022-39188 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_88 fixes several issues. The following security issues were fixed: - CVE-2022-39188: Fixed a race condition between unmap_mapping_range() and munmap() on VM_PFNMAP mappings leads to stale TLB entry (bsc#1203116). - CVE-2022-1652: Fixed a use-after-free in bad_flp_intr (bsc#1200057). Important SUSE bug 1200057 SUSE bug 1203116 CVE-2022-1652 CVE-2022-39188 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_93 fixes several issues. The following security issues were fixed: - CVE-2022-39188: Fixed a race condition between unmap_mapping_range() and munmap() on VM_PFNMAP mappings leads to stale TLB entry (bsc#1203116). - CVE-2022-1652: Fixed a use-after-free in bad_flp_intr (bsc#1200057). Important SUSE bug 1200057 SUSE bug 1203116 CVE-2022-1652 CVE-2022-39188 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_99 fixes one issue. The following security issue was fixed: - CVE-2022-39188: Fixed a race condition between unmap_mapping_range() and munmap() on VM_PFNMAP mappings leads to stale TLB entry (bsc#1203116). Important SUSE bug 1203116 CVE-2022-39188 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_105 fixes one issue. The following security issue was fixed: - CVE-2022-39188: Fixed a race condition between unmap_mapping_range() and munmap() on VM_PFNMAP mappings leads to stale TLB entry (bsc#1203116). Important SUSE bug 1203116 CVE-2022-39188 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_108 fixes one issue. The following security issue was fixed: - CVE-2022-39188: Fixed a race condition between unmap_mapping_range() and munmap() on VM_PFNMAP mappings leads to stale TLB entry (bsc#1203116). Important SUSE bug 1203116 CVE-2022-39188 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_102 fixes one issue. The following security issue was fixed: - CVE-2022-39188: Fixed a race condition between unmap_mapping_range() and munmap() on VM_PFNMAP mappings leads to stale TLB entry (bsc#1203116). Important SUSE bug 1203116 CVE-2022-39188 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_96 fixes several issues. The following security issues were fixed: - CVE-2022-39188: Fixed a race condition between unmap_mapping_range() and munmap() on VM_PFNMAP mappings leads to stale TLB entry (bsc#1203116). - CVE-2022-1652: Fixed a use-after-free in bad_flp_intr (bsc#1200057). Important SUSE bug 1200057 SUSE bug 1203116 CVE-2022-1652 CVE-2022-39188 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated The following security bugs were fixed: - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-2503: Fixed a bug in dm-verity, device-mapper table reloads allowed users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allowed root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates (bnc#1202677). - CVE-2022-39188: Fixed a race condition where a device driver can free a page while it still has stale TLB entries. (bnc#1203107). - CVE-2022-2663: Fixed an issue which allowed a firewall to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured (bnc#1202097). The following non-security bugs were fixed: - dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages. - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still be possible to do so that the mitigation can still be disabled on Intel who do not use the return thunks but IBRS. Important SUSE bug 1201309 SUSE bug 1202097 SUSE bug 1202385 SUSE bug 1202677 SUSE bug 1202960 SUSE bug 1203107 SUSE bug 1203552 CVE-2022-2503 CVE-2022-2663 CVE-2022-3239 CVE-2022-39188 CVE-2022-41218 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). - CVE-2022-0322: Fixed SCTP issue with account stream padding length for reconf chunk (bsc#1194985). - CVE-2021-45486: Fixed information leak inside the IPv4 implementation caused by very small hash table (bnc#1194087). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767). - CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bnc#1192847) - CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bsc#1192845) - CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194529). - CVE-2021-4197: Use cgroup open-time credentials for process migraton perm checks (bsc#1194302). - CVE-2021-4159: Fixed kernel ptr leak vulnerability via BPF in coerce_reg_to_size (bsc#1194227). - CVE-2021-4149: Fixed btrfs unlock newly allocated extent buffer after error (bsc#1194001). - CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1193727). - CVE-2021-4002: Fixed a missing TLB flush that could lead to leak or corruption of data in hugetlbfs. (bsc#1192946) - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2021-3564: Fixed double-free memory corruption in the Linux kernel HCI device initialization subsystem that could have been used by attaching malicious HCI TTY Bluetooth devices. A local user could use this flaw to crash the system (bnc#1186207). - CVE-2021-33098: Fixed a potential denial of service in Intel(R) Ethernet ixgbe driver due to improper input validation. (bsc#1192877) - CVE-2021-28715: Fixed issue with xen/netback to do not queue unlimited number of packages (XSA-392) (bsc#1193442). - CVE-2021-28714: Fixed issue with xen/netback to add rx queue stall detection (XSA-392) (bsc#1193442). - CVE-2021-28713: Fixed issue with xen/console to harden hvc_xen against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-28712: Fixed issue with xen/netfront to harden netfront against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-28711: Fixed issue with xen/blkfront to harden blkfront against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-0935: Fixed possible out of bounds write in ip6_xmit of ip6_output.c due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192032). - CVE-2021-0920: Fixed use after free bug due to a race condition in unix_scm_to_skb of af_unix.c. This could have led to local escalation of privilege with System execution privileges needed (bnc#1193731). - CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device. (bsc#1179599) - CVE-2019-15126: Fixed a vulnerability in Broadcom and Cypress Wi-Fi chips, used in RPi family of devices aka 'Kr00k'. (bsc#1167162) - CVE-2018-25020: Fixed an overflow in the BPF subsystem due to a mishandling of a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions. This affects kernel/bpf/core.c and net/core/filter.c (bnc#1193575). The following non-security bugs were fixed: - Bluetooth: fix the erroneous flush_work() order (git-fixes). - Build: Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731). - elfcore: fix building with clang (bsc#1169514). - fget: clarify and improve __fget_files() implementation (bsc#1193727). - hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (bsc#1193507). - hv_netvsc: Set needed_headroom according to VF (bsc#1193507). - kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740). - kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable. - kernel-binary.spec: Define $image as rpm macro (bsc#1189841). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167). - kernel-binary.spec: Fix kernel-default-base scriptlets after packaging merge. - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well (bsc#1189841). - kernel-cert-subpackage: Fix certificate location in scriptlets (bsc#1189841). - kernel-source.spec: install-kernel-tools also required on 15.4 - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229). - kprobes: Limit max data_size of the kretprobe instances (bsc#1193669). - livepatch: Avoid CPU hogging with cond_resched (bsc#1071995). - memstick: rtsx_usb_ms: fix UAF (bsc#1194516). - moxart: fix potential use-after-free on remove path (bsc#1194516). - net: Using proper atomic helper (bsc#1186222). - net: mana: Add RX fencing (bsc#1193507). - net: mana: Add XDP support (bsc#1193507). - net: mana: Allow setting the number of queues while the NIC is down (bsc#1193507). - net: mana: Fix spelling mistake 'calledd' -> 'called' (bsc#1193507). - net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (bsc#1193507). - net: mana: Improve the HWC error handling (bsc#1193507). - net: mana: Support hibernation and kexec (bsc#1193507). - net: mana: Use kcalloc() instead of kzalloc() (bsc#1193507). - objtool: Support Clang non-section symbols in ORC generation (bsc#1169514). - post.sh: detect /usr mountpoint too - recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267). - recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267). - rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to use kmod with ZSTD support on non-Tumbleweed. - rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804). - rpm/kernel-binary.spec.in: do not strip vmlinux again (bsc#1193306) After usrmerge, vmlinux file is not named vmlinux-&lt;version>, but simply vmlinux. And this is not reflected in STRIP_KEEP_SYMTAB we set. So fix this by removing the dash... - rpm/kernel-binary.spec: Use only non-empty certificates. - rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305) - rpm/kernel-source.rpmlintrc: ignore new include/config files In 5.13, since 0e0345b77ac4, config files have no longer .h suffix. Adapt the zero-length check. Based on Martin Liska's change. - rpm/kernel-source.spec.in: do some more for vanilla_only Make sure: * sources are NOT executable * env is not used as interpreter * timestamps are correct We do all this for normal kernel builds, but not for vanilla_only kernels (linux-next and vanilla). - rpm: fixup support gz and zst compression methods (bsc#1190428, bsc#1190358). - rpm: use _rpmmacrodir (boo#1191384) - tty: hvc: replace BUG_ON() with negative return value (git-fixes). - vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888). - watchdog: iTCO_wdt: Export vendorsupport (bsc#1177101). - watchdog: iTCO_wdt: Make ICH_RES_IO_SMI optional (bsc#1177101). - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (bsc#1169514). - xen/blkfront: do not take local copy of a request from the ring page (git-fixes). - xen/blkfront: do not trust the backend response data blindly (git-fixes). - xen/blkfront: read response from backend only once (git-fixes). - xen/netfront: disentangle tx_skb_freelist (git-fixes). - xen/netfront: do not read data from request on the ring page (git-fixes). - xen/netfront: do not trust the backend response data blindly (git-fixes). - xen/netfront: read response from backend only once (git-fixes). - xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). Important SUSE bug 1071995 SUSE bug 1124431 SUSE bug 1167162 SUSE bug 1169514 SUSE bug 1172073 SUSE bug 1177101 SUSE bug 1179599 SUSE bug 1184804 SUSE bug 1185377 SUSE bug 1186207 SUSE bug 1186222 SUSE bug 1187167 SUSE bug 1189305 SUSE bug 1189841 SUSE bug 1190358 SUSE bug 1190428 SUSE bug 1191229 SUSE bug 1191384 SUSE bug 1191731 SUSE bug 1192032 SUSE bug 1192267 SUSE bug 1192740 SUSE bug 1192845 SUSE bug 1192847 SUSE bug 1192877 SUSE bug 1192946 SUSE bug 1193306 SUSE bug 1193440 SUSE bug 1193442 SUSE bug 1193507 SUSE bug 1193575 SUSE bug 1193669 SUSE bug 1193727 SUSE bug 1193731 SUSE bug 1193767 SUSE bug 1193861 SUSE bug 1193864 SUSE bug 1193867 SUSE bug 1194001 SUSE bug 1194048 SUSE bug 1194087 SUSE bug 1194227 SUSE bug 1194302 SUSE bug 1194516 SUSE bug 1194529 SUSE bug 1194880 SUSE bug 1194888 SUSE bug 1194985 SUSE bug 1195254 CVE-2018-25020 CVE-2019-15126 CVE-2020-27820 CVE-2021-0920 CVE-2021-0935 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-33098 CVE-2021-3564 CVE-2021-39648 CVE-2021-39657 CVE-2021-4002 CVE-2021-4083 CVE-2021-4149 CVE-2021-4197 CVE-2021-4202 CVE-2021-43975 CVE-2021-43976 CVE-2021-44733 CVE-2021-45095 CVE-2021-45486 CVE-2022-0322 CVE-2022-0330 CVE-2022-0435 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_68 fixes several issues. The following security issues were fixed: - CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194533). - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195308). - CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1194460). Critical SUSE bug 1194460 SUSE bug 1194533 SUSE bug 1195308 CVE-2021-4083 CVE-2021-4202 CVE-2022-0435 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_71 fixes several issues. The following security issues were fixed: - CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194533). - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195308). - CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1194460). Critical SUSE bug 1194460 SUSE bug 1194533 SUSE bug 1195308 CVE-2021-4083 CVE-2021-4202 CVE-2022-0435 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_74 fixes several issues. The following security issues were fixed: - CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194533). - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195308). - CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1194460). Critical SUSE bug 1194460 SUSE bug 1194533 SUSE bug 1195308 CVE-2021-4083 CVE-2021-4202 CVE-2022-0435 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_77 fixes several issues. The following security issues were fixed: - CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194533). - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195308). - CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1194460). Critical SUSE bug 1194460 SUSE bug 1194533 SUSE bug 1195308 CVE-2021-4083 CVE-2021-4202 CVE-2022-0435 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_80 fixes several issues. The following security issues were fixed: - CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194533). - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195308). - CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1194460). Critical SUSE bug 1194460 SUSE bug 1194533 SUSE bug 1195308 CVE-2021-4083 CVE-2021-4202 CVE-2022-0435 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_83 fixes several issues. The following security issues were fixed: - CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194533). - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195308). - CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1194460). Critical SUSE bug 1194460 SUSE bug 1194533 SUSE bug 1195308 CVE-2021-4083 CVE-2021-4202 CVE-2022-0435 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_105 fixes several issues. The following security issues were fixed: - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). Important SUSE bug 1203613 SUSE bug 1204170 CVE-2022-2588 CVE-2022-42703 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_102 fixes several issues. The following security issues were fixed: - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). Important SUSE bug 1202087 SUSE bug 1203613 SUSE bug 1204170 CVE-2021-33655 CVE-2022-2588 CVE-2022-42703 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_83 fixes several issues. The following security issues were fixed: - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). - Fixed incorrect handling of empty arguments array in execve() (bsc#1200571). Important SUSE bug 1202087 SUSE bug 1203613 SUSE bug 1204170 SUSE bug 1204381 CVE-2021-33655 CVE-2022-2588 CVE-2022-42703 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_88 fixes several issues. The following security issues were fixed: - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). - Fixed incorrect handling of empty arguments array in execve() (bsc#1200571). Important SUSE bug 1202087 SUSE bug 1203613 SUSE bug 1204170 SUSE bug 1204381 CVE-2021-33655 CVE-2022-2588 CVE-2022-42703 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_93 fixes several issues. The following security issues were fixed: - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). - Fixed incorrect handling of empty arguments array in execve() (bsc#1200571). Important SUSE bug 1202087 SUSE bug 1203613 SUSE bug 1204170 SUSE bug 1204381 CVE-2021-33655 CVE-2022-2588 CVE-2022-42703 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_96 fixes several issues. The following security issues were fixed: - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). - Fixed incorrect handling of empty arguments array in execve() (bsc#1200571). Important SUSE bug 1202087 SUSE bug 1203613 SUSE bug 1204170 SUSE bug 1204381 CVE-2021-33655 CVE-2022-2588 CVE-2022-42703 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_99 fixes several issues. The following security issues were fixed: - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). - Fixed incorrect handling of empty arguments array in execve() (bsc#1200571). Important SUSE bug 1202087 SUSE bug 1203613 SUSE bug 1204170 SUSE bug 1204381 CVE-2021-33655 CVE-2022-2588 CVE-2022-42703 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_99 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-41218: Fixed a use-after-free caused by refcount races, affecting dvb_demux_open() and dvb_dmxdev_release() in drivers/media/dvb-core/dmxdev.c (bsc#1202960). Important SUSE bug 1203606 SUSE bug 1204424 SUSE bug 1204576 SUSE bug 1205130 SUSE bug 1206228 CVE-2022-3545 CVE-2022-3586 CVE-2022-41218 CVE-2022-4378 CVE-2022-43945 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_111 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). Important SUSE bug 1204424 SUSE bug 1204576 SUSE bug 1205130 SUSE bug 1206228 CVE-2022-3545 CVE-2022-3586 CVE-2022-4378 CVE-2022-43945 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_105 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-41218: Fixed a use-after-free caused by refcount races, affecting dvb_demux_open() and dvb_dmxdev_release() in drivers/media/dvb-core/dmxdev.c (bsc#1202960). Important SUSE bug 1203606 SUSE bug 1204424 SUSE bug 1204576 SUSE bug 1205130 SUSE bug 1206228 CVE-2022-3545 CVE-2022-3586 CVE-2022-41218 CVE-2022-4378 CVE-2022-43945 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_102 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-41218: Fixed a use-after-free caused by refcount races, affecting dvb_demux_open() and dvb_dmxdev_release() in drivers/media/dvb-core/dmxdev.c (bsc#1202960). Important SUSE bug 1203606 SUSE bug 1204424 SUSE bug 1204576 SUSE bug 1205130 SUSE bug 1206228 CVE-2022-3545 CVE-2022-3586 CVE-2022-41218 CVE-2022-4378 CVE-2022-43945 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_108 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-41218: Fixed a use-after-free caused by refcount races, affecting dvb_demux_open() and dvb_dmxdev_release() in drivers/media/dvb-core/dmxdev.c (bsc#1202960). Important SUSE bug 1203606 SUSE bug 1204424 SUSE bug 1204576 SUSE bug 1205130 SUSE bug 1206228 CVE-2022-3545 CVE-2022-3586 CVE-2022-41218 CVE-2022-4378 CVE-2022-43945 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_96 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-41218: Fixed a use-after-free caused by refcount races, affecting dvb_demux_open() and dvb_dmxdev_release() in drivers/media/dvb-core/dmxdev.c (bsc#1202960). Important SUSE bug 1203606 SUSE bug 1204424 SUSE bug 1204576 SUSE bug 1205130 SUSE bug 1206228 CVE-2022-3545 CVE-2022-3586 CVE-2022-41218 CVE-2022-4378 CVE-2022-43945 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_83 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-41218: Fixed a use-after-free caused by refcount races, affecting dvb_demux_open() and dvb_dmxdev_release() in drivers/media/dvb-core/dmxdev.c (bsc#1202960). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bsc#1202686). Important SUSE bug 1203008 SUSE bug 1203606 SUSE bug 1204424 SUSE bug 1204576 SUSE bug 1205130 SUSE bug 1206228 CVE-2022-2964 CVE-2022-3545 CVE-2022-3586 CVE-2022-41218 CVE-2022-4378 CVE-2022-43945 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_88 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-41218: Fixed a use-after-free caused by refcount races, affecting dvb_demux_open() and dvb_dmxdev_release() in drivers/media/dvb-core/dmxdev.c (bsc#1202960). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bsc#1202686). Important SUSE bug 1203008 SUSE bug 1203606 SUSE bug 1204424 SUSE bug 1204576 SUSE bug 1205130 SUSE bug 1206228 CVE-2022-2964 CVE-2022-3545 CVE-2022-3586 CVE-2022-41218 CVE-2022-4378 CVE-2022-43945 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_93 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-41218: Fixed a use-after-free caused by refcount races, affecting dvb_demux_open() and dvb_dmxdev_release() in drivers/media/dvb-core/dmxdev.c (bsc#1202960). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bsc#1202686). Important SUSE bug 1203008 SUSE bug 1203606 SUSE bug 1204424 SUSE bug 1204576 SUSE bug 1205130 SUSE bug 1206228 CVE-2022-2964 CVE-2022-3545 CVE-2022-3586 CVE-2022-41218 CVE-2022-4378 CVE-2022-43945 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-42328: Guests could trigger denial of service via the netback driver (bsc#1206114). - CVE-2022-42329: Guests could trigger denial of service via the netback driver (bsc#1206113). - CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bsc#1206113). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bsc#1202686). - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bsc#1198702). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bsc#1204653). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bsc#1204402). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bsc#1204635). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bsc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bsc#1204647). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bsc#1204574). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bsc#1204479). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204431). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bsc#1204354). - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory (bsc#1203514). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bsc#1204168). - CVE-2022-3169: Fixed an denial of service though request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290). - CVE-2022-40307: Fixed a race condition that could had been exploited to trigger a use-after-free in the efi firmware capsule-loader.c (bsc#1203322). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-3521: Fixed a race condition in kcm_tx_work() of the file net/kcm/kcmsock.c (bsc#1204355). - CVE-2022-2153: Fixed a NULL pointer dereference in the KVM subsystem, when attempting to set a SynIC IRQ (bsc#1200788). - CVE-2022-41848: Fixed a race condition in drivers/char/pcmcia/synclink_cs.c mgslpc_ioctl and mgslpc_detach (bsc#1203987). The following non-security bugs were fixed: - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - sunrpc: Re-purpose trace_svc_process (bsc#1205006). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - x86/hyperv: Set pv_info.name to 'Hyper-V' (git-fixes). Important SUSE bug 1196018 SUSE bug 1198702 SUSE bug 1200788 SUSE bug 1201455 SUSE bug 1202686 SUSE bug 1203008 SUSE bug 1203183 SUSE bug 1203290 SUSE bug 1203322 SUSE bug 1203514 SUSE bug 1203960 SUSE bug 1203987 SUSE bug 1204166 SUSE bug 1204168 SUSE bug 1204170 SUSE bug 1204354 SUSE bug 1204355 SUSE bug 1204402 SUSE bug 1204414 SUSE bug 1204415 SUSE bug 1204424 SUSE bug 1204431 SUSE bug 1204432 SUSE bug 1204439 SUSE bug 1204479 SUSE bug 1204574 SUSE bug 1204576 SUSE bug 1204631 SUSE bug 1204635 SUSE bug 1204636 SUSE bug 1204646 SUSE bug 1204647 SUSE bug 1204653 SUSE bug 1204868 SUSE bug 1205006 SUSE bug 1205128 SUSE bug 1205130 SUSE bug 1205220 SUSE bug 1205473 SUSE bug 1205514 SUSE bug 1205671 SUSE bug 1205705 SUSE bug 1205709 SUSE bug 1205796 SUSE bug 1206113 SUSE bug 1206114 SUSE bug 1206207 CVE-2021-4037 CVE-2022-2153 CVE-2022-28693 CVE-2022-28748 CVE-2022-2964 CVE-2022-3169 CVE-2022-3424 CVE-2022-3521 CVE-2022-3524 CVE-2022-3542 CVE-2022-3545 CVE-2022-3565 CVE-2022-3567 CVE-2022-3586 CVE-2022-3594 CVE-2022-3621 CVE-2022-3628 CVE-2022-3629 CVE-2022-3635 CVE-2022-3643 CVE-2022-3646 CVE-2022-3649 CVE-2022-3903 CVE-2022-40307 CVE-2022-40768 CVE-2022-4095 CVE-2022-41848 CVE-2022-41850 CVE-2022-41858 CVE-2022-42328 CVE-2022-42329 CVE-2022-42703 CVE-2022-42895 CVE-2022-42896 CVE-2022-43750 CVE-2022-4378 CVE-2022-43945 CVE-2022-45934 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_83 fixes one issue. The following security issue was fixed: - CVE-2021-0920: Fixed a local privilege escalation due to an use after free bug in unix_gc (bsc#1194463). Important SUSE bug 1194463 CVE-2021-0920 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_80 fixes one issue. The following security issue was fixed: - CVE-2021-0920: Fixed a local privilege escalation due to an use after free bug in unix_gc (bsc#1194463). Important SUSE bug 1194463 CVE-2021-0920 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_74 fixes one issue. The following security issue was fixed: - CVE-2021-0920: Fixed a local privilege escalation due to an use after free bug in unix_gc (bsc#1194463). Important SUSE bug 1194463 CVE-2021-0920 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_71 fixes one issue. The following security issue was fixed: - CVE-2021-0920: Fixed a local privilege escalation due to an use after free bug in unix_gc (bsc#1194463). Important SUSE bug 1194463 CVE-2021-0920 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_77 fixes one issue. The following security issue was fixed: - CVE-2021-0920: Fixed a local privilege escalation due to an use after free bug in unix_gc (bsc#1194463). Important SUSE bug 1194463 CVE-2021-0920 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155). - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897). - CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516). - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). - CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). The following non-security bugs were fixed: - NFSv4.x: by default serialize open/close operations (bsc#1114893 bsc#1195934). - crypto: af_alg - get_page upon reassignment to TX SGL (bsc#1195840). - hv_netvsc: fix network namespace issues with VF support (bsc#1107207). - hv_netvsc: move VF to same namespace as netvsc device (bsc#1107207). - lib/iov_iter: initialize 'flags' in new pipe_buffer (bsc#1196584). Important SUSE bug 1107207 SUSE bug 1114893 SUSE bug 1185973 SUSE bug 1191580 SUSE bug 1194516 SUSE bug 1195536 SUSE bug 1195543 SUSE bug 1195612 SUSE bug 1195840 SUSE bug 1195897 SUSE bug 1195908 SUSE bug 1195934 SUSE bug 1195949 SUSE bug 1195987 SUSE bug 1196079 SUSE bug 1196155 SUSE bug 1196584 SUSE bug 1196601 SUSE bug 1196612 CVE-2021-44879 CVE-2022-0001 CVE-2022-0002 CVE-2022-0487 CVE-2022-0492 CVE-2022-0617 CVE-2022-0644 CVE-2022-0847 CVE-2022-24448 CVE-2022-24959 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_99 fixes one issue. The following security issue was fixed: - CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). Important SUSE bug 1208909 CVE-2023-26545 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_102 fixes one issue. The following security issue was fixed: - CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208909). Important SUSE bug 1208909 CVE-2023-26545 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_114 fixes one issue. The following security issue was fixed: - CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208909). Important SUSE bug 1208909 CVE-2023-26545 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_96 fixes one issue. The following security issue was fixed: - CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). Important SUSE bug 1208909 CVE-2023-26545 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_111 fixes one issue. The following security issue was fixed: - CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208909). Important SUSE bug 1208909 CVE-2023-26545 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_117 fixes one issue. The following security issue was fixed: - CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208909). Important SUSE bug 1208909 CVE-2023-26545 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_105 fixes one issue. The following security issue was fixed: - CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208909). Important SUSE bug 1208909 CVE-2023-26545 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_108 fixes one issue. The following security issue was fixed: - CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208909). Important SUSE bug 1208909 CVE-2023-26545 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_102 fixes several issues. The following security issues were fixed: - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). - CVE-2022-2991: Fixed an heap-based overflow in the lightnvm implemenation (bsc#1201420). Important SUSE bug 1203993 SUSE bug 1207822 SUSE bug 1208910 CVE-2022-2991 CVE-2023-0590 CVE-2023-1118 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_120 fixes one issue. The following security issue was fixed: - CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). Important SUSE bug 1208910 CVE-2023-1118 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_114 fixes several issues. The following security issues were fixed: - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). Important SUSE bug 1207822 SUSE bug 1208910 CVE-2023-0590 CVE-2023-1118 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_105 fixes several issues. The following security issues were fixed: - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). - CVE-2022-2991: Fixed an heap-based overflow in the lightnvm implemenation (bsc#1201420). Important SUSE bug 1203993 SUSE bug 1207822 SUSE bug 1208910 CVE-2022-2991 CVE-2023-0590 CVE-2023-1118 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_99 fixes several issues. The following security issues were fixed: - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). - CVE-2022-2991: Fixed an heap-based overflow in the lightnvm implemenation (bsc#1201420). Important SUSE bug 1203993 SUSE bug 1207822 SUSE bug 1208910 CVE-2022-2991 CVE-2023-0590 CVE-2023-1118 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_108 fixes several issues. The following security issues were fixed: - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). Important SUSE bug 1207822 SUSE bug 1208910 CVE-2023-0590 CVE-2023-1118 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_111 fixes several issues. The following security issues were fixed: - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). Important SUSE bug 1207822 SUSE bug 1208910 CVE-2023-0590 CVE-2023-1118 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_117 fixes several issues. The following security issues were fixed: - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). Important SUSE bug 1207822 SUSE bug 1208910 CVE-2023-0590 CVE-2023-1118 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2483: Fixed a use after free bug in emac_remove due caused by a race condition (bsc#1211037). - CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). - CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). - CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). - CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). - CVE-2020-36691: Fixed a denial of service (unbounded recursion) vulnerability via a nested Netlink policy with a back reference (bsc#1209613 bsc#1209777). - CVE-2023-0394: Fixed a null pointer dereference flaw in the network subcomponent in the Linux kernel which could lead to system crash (bsc#1207168). - CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA (bsc#1209778). - CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bsc#1194535). - CVE-2022-20567: Fixed use after free that could lead to a local privilege escalation in pppol2tp_create of l2tp_ppp.c (bsc#1208850). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). - CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599). - CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777). - CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). - CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289). - CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). - CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). - CVE-2023-1855: Fixed an use-after-free flaw in xgene_hwmon_remove (bsc#1210202). - CVE-2023-1989: Fixed an use-after-free flaw in btsdio_remove (bsc#1210336). - CVE-2023-1990: Fixed an use-after-free flaw in ndlc_remove (bsc#1210337). - CVE-2023-1998: Fixed an use-after-free flaw during login when accessing the shost ipaddress (bsc#1210506). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). - CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036). - CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125). - CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291). - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1209052). - CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549). - CVE-2023-30772: Fixed race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). The following non-security bugs were fixed: - Do not sign the vanilla kernel (bsc#1209008). - Fix kABI breakage (bsc#1208333) - PCI: hv: Add a per-bus mutex state_lock (bsc#1207185). - PCI: hv: Fix a race condition bug in hv_pci_query_relations() (bsc#1207185). - PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185). - PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185). - Remove obsolete KMP obsoletes (bsc#1210469). - Replace mkinitrd dependency with dracut (bsc#1202353). - cifs: fix double free in dfs mounts (bsc#1209845). - cifs: fix negotiate context parsing (bsc#1210301). - cifs: handle reconnect of tcon when there is no cached dfs referral (bsc#1209845). - cifs: missing null pointer check in cifs_mount (bsc#1209845). - cifs: serialize all mount attempts (bsc#1209845). - cred: allow get_cred() and put_cred() to be given NULL (bsc#1209887). - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168). - k-m-s: Drop Linux 2.6 support - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). Important SUSE bug 1076830 SUSE bug 1194535 SUSE bug 1202353 SUSE bug 1205128 SUSE bug 1207036 SUSE bug 1207125 SUSE bug 1207168 SUSE bug 1207185 SUSE bug 1207795 SUSE bug 1207845 SUSE bug 1208179 SUSE bug 1208333 SUSE bug 1208599 SUSE bug 1208777 SUSE bug 1208837 SUSE bug 1208850 SUSE bug 1209008 SUSE bug 1209052 SUSE bug 1209256 SUSE bug 1209289 SUSE bug 1209291 SUSE bug 1209532 SUSE bug 1209547 SUSE bug 1209549 SUSE bug 1209613 SUSE bug 1209687 SUSE bug 1209777 SUSE bug 1209778 SUSE bug 1209845 SUSE bug 1209871 SUSE bug 1209887 SUSE bug 1210124 SUSE bug 1210202 SUSE bug 1210301 SUSE bug 1210329 SUSE bug 1210336 SUSE bug 1210337 SUSE bug 1210469 SUSE bug 1210498 SUSE bug 1210506 SUSE bug 1210647 SUSE bug 1211037 CVE-2017-5753 CVE-2020-36691 CVE-2021-3923 CVE-2021-4203 CVE-2022-20567 CVE-2022-43945 CVE-2023-0394 CVE-2023-0590 CVE-2023-0597 CVE-2023-1076 CVE-2023-1095 CVE-2023-1118 CVE-2023-1390 CVE-2023-1513 CVE-2023-1611 CVE-2023-1670 CVE-2023-1855 CVE-2023-1989 CVE-2023-1990 CVE-2023-1998 CVE-2023-2124 CVE-2023-2162 CVE-2023-23454 CVE-2023-23455 CVE-2023-2483 CVE-2023-28328 CVE-2023-28464 CVE-2023-28772 CVE-2023-30772 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_105 fixes several issues. The following security issues were fixed: - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204432). Important SUSE bug 1204167 SUSE bug 1204432 CVE-2022-3424 CVE-2022-3565 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_102 fixes several issues. The following security issues were fixed: - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204432). Important SUSE bug 1204167 SUSE bug 1204432 CVE-2022-3424 CVE-2022-3565 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_108 fixes several issues. The following security issues were fixed: - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204432). Important SUSE bug 1204167 SUSE bug 1204432 CVE-2022-3424 CVE-2022-3565 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_111 fixes several issues. The following security issues were fixed: - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1211111). - CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210500). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210662). - CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188). Important SUSE bug 1207188 SUSE bug 1210500 SUSE bug 1210662 SUSE bug 1211111 CVE-2023-1989 CVE-2023-2162 CVE-2023-23454 CVE-2023-28464 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_117 fixes several issues. The following security issues were fixed: - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1211111). - CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210500). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210662). - CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188). Important SUSE bug 1207188 SUSE bug 1210500 SUSE bug 1210662 SUSE bug 1211111 CVE-2023-1989 CVE-2023-2162 CVE-2023-23454 CVE-2023-28464 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_105 fixes several issues. The following security issues were fixed: - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1211111). - CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210500). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210662). - CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188). Important SUSE bug 1207188 SUSE bug 1210500 SUSE bug 1210662 SUSE bug 1211111 CVE-2023-1989 CVE-2023-2162 CVE-2023-23454 CVE-2023-28464 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_120 fixes several issues. The following security issues were fixed: - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1211111). - CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210500). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210662). - CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188). Important SUSE bug 1207188 SUSE bug 1210500 SUSE bug 1210662 SUSE bug 1211111 CVE-2023-1989 CVE-2023-2162 CVE-2023-23454 CVE-2023-28464 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_114 fixes several issues. The following security issues were fixed: - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1211111). - CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210500). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210662). - CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188). Important SUSE bug 1207188 SUSE bug 1210500 SUSE bug 1210662 SUSE bug 1211111 CVE-2023-1989 CVE-2023-2162 CVE-2023-23454 CVE-2023-28464 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_111 fixes several issues. The following security issues were fixed: - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204432). Important SUSE bug 1204167 SUSE bug 1204432 CVE-2022-3424 CVE-2022-3565 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_102 fixes several issues. The following security issues were fixed: - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1211111). - CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210500). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210662). - CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188). Important SUSE bug 1207188 SUSE bug 1210500 SUSE bug 1210662 SUSE bug 1211111 CVE-2023-1989 CVE-2023-2162 CVE-2023-23454 CVE-2023-28464 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_108 fixes several issues. The following security issues were fixed: - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1211111). - CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210500). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210662). - CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188). Important SUSE bug 1207188 SUSE bug 1210500 SUSE bug 1210662 SUSE bug 1211111 CVE-2023-1989 CVE-2023-2162 CVE-2023-23454 CVE-2023-28464 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_99 fixes several issues. The following security issues were fixed: - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1211111). - CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210500). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210662). - CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188). Important SUSE bug 1207188 SUSE bug 1210500 SUSE bug 1210662 SUSE bug 1211111 CVE-2023-1989 CVE-2023-2162 CVE-2023-23454 CVE-2023-28464 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_99 fixes several issues. The following security issues were fixed: - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204432). Important SUSE bug 1204167 SUSE bug 1204432 CVE-2022-3424 CVE-2022-3565 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_88 fixes several issues. The following security issues were fixed: - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204432). Important SUSE bug 1204167 SUSE bug 1204432 CVE-2022-3424 CVE-2022-3565 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405). - CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). - CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). - CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). - CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). - CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). - CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783). - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940 bsc#1211260). - CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715). - CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186). - CVE-2023-1380: A slab-out-of-bound read problem was fixed in brcmf_get_assoc_ies(), that could lead to a denial of service (bsc#1209287). - CVE-2023-2513: A use-after-free vulnerability was fixed in the ext4 filesystem, related to the way it handled the extra inode size for extended attributes (bsc#1211105). - CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629). The following non-security bugs were fixed: - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). - ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). Important SUSE bug 1204405 SUSE bug 1205756 SUSE bug 1205758 SUSE bug 1205760 SUSE bug 1205762 SUSE bug 1205803 SUSE bug 1206878 SUSE bug 1209287 SUSE bug 1210629 SUSE bug 1210715 SUSE bug 1210783 SUSE bug 1210940 SUSE bug 1211105 SUSE bug 1211186 SUSE bug 1211260 SUSE bug 1211592 CVE-2022-3566 CVE-2022-45884 CVE-2022-45885 CVE-2022-45886 CVE-2022-45887 CVE-2022-45919 CVE-2023-1380 CVE-2023-2176 CVE-2023-2194 CVE-2023-2513 CVE-2023-31084 CVE-2023-31436 CVE-2023-32269 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_93 fixes several issues. The following security issues were fixed: - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204432). Important SUSE bug 1204167 SUSE bug 1204432 CVE-2022-3424 CVE-2022-3565 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_96 fixes several issues. The following security issues were fixed: - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204432). Important SUSE bug 1204167 SUSE bug 1204432 CVE-2022-3424 CVE-2022-3565 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_105 fixes several issues. The following security issues were fixed: - CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207189). - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). - CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1210779). Important SUSE bug 1207189 SUSE bug 1210779 SUSE bug 1210989 CVE-2023-1390 CVE-2023-23455 CVE-2023-31436 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_102 fixes several issues. The following security issues were fixed: - CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207189). - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). - CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1210779). Important SUSE bug 1207189 SUSE bug 1210779 SUSE bug 1210989 CVE-2023-1390 CVE-2023-23455 CVE-2023-31436 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_120 fixes several issues. The following security issues were fixed: - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). - CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1210779). Important SUSE bug 1210779 SUSE bug 1210989 CVE-2023-1390 CVE-2023-31436 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_108 fixes several issues. The following security issues were fixed: - CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207189). - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). - CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1210779). Important SUSE bug 1207189 SUSE bug 1210779 SUSE bug 1210989 CVE-2023-1390 CVE-2023-23455 CVE-2023-31436 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_114 fixes several issues. The following security issues were fixed: - CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207189). - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). - CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1210779). Important SUSE bug 1207189 SUSE bug 1210779 SUSE bug 1210989 CVE-2023-1390 CVE-2023-23455 CVE-2023-31436 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_117 fixes several issues. The following security issues were fixed: - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). - CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1210779). Important SUSE bug 1210779 SUSE bug 1210989 CVE-2023-1390 CVE-2023-31436 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_111 fixes several issues. The following security issues were fixed: - CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207189). - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). - CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1210779). Important SUSE bug 1207189 SUSE bug 1210779 SUSE bug 1210989 CVE-2023-1390 CVE-2023-23455 CVE-2023-31436 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_125 fixes one issue. The following security issue was fixed: - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). Important SUSE bug 1210989 CVE-2023-31436 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bnc#1207237). - CVE-2023-23454: Fixed denial or service in cbq_classify in net/sched/sch_cbq.c (bnc#1207036). - CVE-2022-4662: Fixed incorrect access control in the USB core subsystem that could lead a local user to crash the system (bnc#1206664). - CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bnc#1206073). The following non-security bugs were fixed: - Added support for enabling livepatching related packages on -RT (jsc#PED-1706). - Added suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149). - Reverted 'constraints: increase disk space for all architectures' (bsc#1203693). - HID: betop: check shape of output reports (bsc#1207186). - HID: betop: fix slab-out-of-bounds Write in betop_probe (bsc#1207186). - HID: check empty report_list in hid_validate_values() (bsc#1206784). - net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036). - net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036). - sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). Important SUSE bug 1203693 SUSE bug 1205149 SUSE bug 1206073 SUSE bug 1206664 SUSE bug 1206677 SUSE bug 1206784 SUSE bug 1207036 SUSE bug 1207186 SUSE bug 1207237 CVE-2022-3564 CVE-2022-4662 CVE-2022-47929 CVE-2023-23454 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_114 fixes one issue. The following security issue was fixed: - CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bsc#1206314). Important SUSE bug 1206314 CVE-2022-3564 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_93 fixes one issue. The following security issue was fixed: - CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bsc#1206314). Important SUSE bug 1206314 CVE-2022-3564 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_99 fixes one issue. The following security issue was fixed: - CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bsc#1206314). Important SUSE bug 1206314 CVE-2022-3564 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_111 fixes one issue. The following security issue was fixed: - CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bsc#1206314). Important SUSE bug 1206314 CVE-2022-3564 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_108 fixes one issue. The following security issue was fixed: - CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bsc#1206314). Important SUSE bug 1206314 CVE-2022-3564 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_105 fixes one issue. The following security issue was fixed: - CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bsc#1206314). Important SUSE bug 1206314 CVE-2022-3564 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_102 fixes one issue. The following security issue was fixed: - CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bsc#1206314). Important SUSE bug 1206314 CVE-2022-3564 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 This update for the Linux Kernel 4.12.14-95_96 fixes one issue. The following security issue was fixed: - CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bsc#1206314). Important SUSE bug 1206314 CVE-2022-3564 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Live Patching 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) - CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bsc#1194535). - CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051). - CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). - CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). - CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332). - CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773). - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2022-2991: Fixed an heap-based overflow in the lightnvm implemenation (bsc#1201420). The following non-security bugs were fixed: - kabi/severities: add l2tp local symbols Important SUSE bug 1191881 SUSE bug 1194535 SUSE bug 1201420 SUSE bug 1203331 SUSE bug 1203332 SUSE bug 1205711 SUSE bug 1207051 SUSE bug 1207773 SUSE bug 1207795 SUSE bug 1208700 SUSE bug 1209188 CVE-2021-4203 CVE-2022-2991 CVE-2022-36280 CVE-2022-38096 CVE-2022-4129 CVE-2023-0045 CVE-2023-0590 CVE-2023-23559 CVE-2023-26545 cpe:/o:suse:sle-live-patching:12:sp4 SUSE Linux Enterprise Real Time 12 SP4 The SUSE Linux Enterprise Server 12 SP4 Realtime Kernel was updated to fix bugs and security issues. Security issues fixed: - CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c. There was an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash) (bnc#1137194). - CVE-2018-16871: A NULL pointer dereference due to an anomalized NFS message sequence was fixed. (bnc#1137103). - CVE-2018-20836: There was a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free (bnc#1134395). - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bnc#1136424). - CVE-2018-20855: An issue was discovered in create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace (bsc#1143045). - CVE-2019-11810: A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free (bsc#1134399). - CVE-2019-14283: The function set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default (bsc#1143191). - CVE-2019-14284: The drivers/block/floppy.c allowed a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default (bsc#1143189). - CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages (bsc#1142023). - CVE-2019-1125: Enable Spectre v1 mitigations for SWAPGS (bsc#1139358). - CVE-2019-10126: A flaw was found in the Linux kernel that might lead to memory corruption in the marvell mwifiex driver. (bnc#1136935) - CVE-2019-10638: In the Linux kernel, a device could be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. (bnc#1140575) - CVE-2019-10639: The Linux kernel allowed Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visited the attacker's web page, then WebRTC or gQUIC could be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable because IP ID generation was changed to have a dependency on an address associated with a network namespace. (bnc#1140577) - CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586) - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. - CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (bnc#1133738) - CVE-2019-12380: An issue was discovered in the efi subsystem in the Linux kernel phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it. (bnc#1136598) - CVE-2019-12456: a double-fetch bug in _ctl_ioctl_main() could allow local users to create a denial of service (bsc#1136922). - CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller does not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This used to affect nfc_llcp_build_gb in net/nfc/llcp_core.c. (bsc#1138293) - CVE-2019-12819: The function __mdiobus_register() called put_device(), which triggered a fixed_mdio_bus_init use-after-free. This would cause a denial of service. (bsc#1138291) - CVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory was disabled, a local user can cause a denial of service via a sigreturn() system call that sends a crafted signal frame. (bnc#1142265) Other issues fixed: - 6lowpan: Off by one handling ->nexthdr (bsc#1051510). - Abort file_remove_privs() for non-reg. files (bsc#1140888). - acpi: Add Hygon Dhyana support (fate#327735). - acpi: fix menuconfig presentation of acpi submenu (bsc#1117158). - acpi/nfit: Always dump _DSM output payload (bsc#1142351). - acpi: PM: Allow transitions to D0 to occur in special cases (bsc#1051510). - acpi: PM: Avoid evaluating _PS3 on transitions from D3hot to D3cold (bsc#1051510). - acpi / property: fix handling of data_nodes in acpi_get_next_subnode() (bsc#1051510). - Add back sibling paca poiter to paca (bsc#1055117). - added De0-Nanos-SoC board support (and others based on Altera SOC). - Add kernel-subpackage-build.spec (FATE#326579). - Add sample kernel-default-base spec file (FATE#326579, jsc#SLE-4117, jsc#SLE-3853, bsc#1128910). - Add support for crct10dif-vpmsum (FATE#327696). - Add version information to KLP_SYMBOLS file - af_key: unconditionally clone on broadcast (bsc#1051510). - af_unix: remove redundant lockdep class (git-fixes). - alsa: compress: Be more restrictive about when a drain is allowed (bsc#1051510). - alsa: compress: Don't allow paritial drain operations on capture streams (bsc#1051510). - alsa: compress: Fix regression on compressed capture streams (bsc#1051510). - alsa: compress: Prevent bypasses of set_params (bsc#1051510). - alsa: firewire-lib/fireworks: fix miss detection of received MIDI messages (bsc#1051510). - alsa: firewire-motu: fix destruction of data for isochronous resources (bsc#1051510). - alsa: hda - Add a conexant codec entry to let mute led work (bsc#1051510). - alsa: hda - Force polling mode on CNL for fixing codec communication (bsc#1051510). - alsa: hda/realtek: Add quirks for several Clevo notebook barebones (bsc#1051510). - alsa: hda/realtek: apply ALC891 headset fixup to one Dell machine (bsc#1051510). - alsa: hda/realtek - Change front mic location for Lenovo M710q (bsc#1051510). - alsa: hda/realtek - Fixed Headphone Mic can't record on Dell platform (bsc#1051510). - alsa: hda/realtek - Headphone Mic can't record after S3 (bsc#1051510). - alsa: hda/realtek - Set default power save node to 0 (bsc#1051510). - alsa: hda/realtek - Update headset mode for ALC256 (bsc#1051510). - alsa: line6: Fix a typo (bsc#1051510). - alsa: line6: Fix write on zero-sized buffer (bsc#1051510). - alsa: line6: Fix wrong altsetting for LINE6_PODHD500_1 (bsc#1051510). - alsa: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510). - alsa: seq: Break too long mutex context in the write loop (bsc#1051510). - alsa: seq: fix incorrect order of dest_client/dest_ports arguments (bsc#1051510). - alsa: usb-audio: Add quirk for Focusrite Scarlett Solo (bsc#1051510). - alsa: usb-audio: Add quirk for MOTU MicroBook II (bsc#1051510). - alsa: usb-audio: Cleanup DSD whitelist (bsc#1051510). - alsa: usb-audio: Enable .product_name override for Emagic, Unitor 8 (bsc#1051510). - alsa: usb-audio: fix sign unintended sign extension on left shifts (bsc#1051510). - alsa: usb-audio: Sanity checks for each pipe and EP types (bsc#1051510). - apparmor: enforce nullbyte at end of tag string (bsc#1051510). - arch: arm64: acpi: KABI ginore includes (bsc#1117158 bsc#1134671). - arm64: acpi: fix alignment fault in accessing acpi (bsc#1117158). - arm64: fix acpi dependencies (bsc#1117158). - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (bsc#1117158). - arm64/x86: Update config files. - ASoC : cs4265 : readable register too low (bsc#1051510). - ASoC: cs42xx8: Add regcache mask dirty (bsc#1051510). - ASoC: cx2072x: fix integer overflow on unsigned int multiply (bsc#1111666). - ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put (bsc#1051510). - ASoC: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510). - ASoC: fsl_sai: Update is_slave_mode with correct value (bsc#1051510). - ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put (bsc#1051510). - ASoC: hdmi-codec: unlock the device on startup errors (bsc#1051510). - ASoC: max98090: remove 24-bit format support if RJ is 0 (bsc#1051510). - ASoC: soc-pcm: BE dai needs prepare when pause release after resume (bsc#1051510). - ath6kl: add some bounds checking (bsc#1051510). - audit: fix a memory leak bug (bsc#1051510). - ax25: fix inconsistent lock state in ax25_destroy_timer (bsc#1051510). - batman-adv: allow updating DAT entry timeouts on incoming ARP Replies (bsc#1051510). - batman-adv: fix for leaked TVLV handler (bsc#1051510). - bcache: acquire bch_register_lock later in cached_dev_detach_finish() (bsc#1140652). - bcache: acquire bch_register_lock later in cached_dev_free() (bsc#1140652). - bcache: add code comments for journal_read_bucket() (bsc#1140652). - bcache: Add comments for blkdev_put() in registration code path (bsc#1140652). - bcache: add comments for closure_fn to be called in closure_queue() (bsc#1140652). - bcache: add comments for kobj release callback routine (bsc#1140652). - bcache: add comments for mutex_lock(&b->write_lock) (bsc#1140652). - bcache: add error check for calling register_bdev() (bsc#1140652). - bcache: add failure check to run_cache_set() for journal replay (bsc#1140652). - bcache: add io error counting in write_bdev_super_endio() (bsc#1140652). - bcache: add more error message in bch_cached_dev_attach() (bsc#1140652). - bcache: add pendings_cleanup to stop pending bcache device (bsc#1140652). - bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652). - bcache: add return value check to bch_cached_dev_run() (bsc#1140652). - bcache: avoid a deadlock in bcache_reboot() (bsc#1140652). - bcache: avoid clang -Wunintialized warning (bsc#1140652). - bcache: avoid flushing btree node in cache_set_flush() if io disabled (bsc#1140652). - bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE bit in bch_journal() (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE in allocator code (bsc#1140652). - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush() (bsc#1140652). - bcache: Clean up bch_get_congested() (bsc#1140652). - bcache: destroy dc->writeback_write_wq if failed to create dc->writeback_thread (bsc#1140652). - bcache: do not assign in if condition in bcache_device_init() (bsc#1140652). - bcache: don't set max writeback rate if gc is running (bsc#1140652). - bcache: fix a race between cache register and cacheset unregister (bsc#1140652). - bcache: fix crashes stopping bcache device before read miss done (bsc#1140652). - bcache: fix failure in journal relplay (bsc#1140652). - bcache: fix inaccurate result of unused buckets (bsc#1140652). - bcache: fix mistaken sysfs entry for io_error counter (bsc#1140652). - bcache: fix potential deadlock in cached_def_free() (bsc#1140652). - bcache: fix race in btree_flush_write() (bsc#1140652). - bcache: fix return value error in bch_journal_read() (bsc#1140652). - bcache: fix stack corruption by PRECEDING_KEY() (bsc#1140652). - bcache: fix wrong usage use-after-freed on keylist in out_nocoalesce branch of btree_gc_coalesce (bsc#1140652). - bcache: ignore read-ahead request failure on backing device (bsc#1140652). - bcache: improve bcache_reboot() (bsc#1140652). - bcache: improve error message in bch_cached_dev_run() (bsc#1140652). - bcache: make bset_search_tree() be more understandable (bsc#1140652). - bcache: make is_discard_enabled() static (bsc#1140652). - bcache: more detailed error message to bcache_device_link() (bsc#1140652). - bcache: move definition of 'int ret' out of macro read_bucket() (bsc#1140652). - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() (bsc#1140652). - bcache: only clear BTREE_NODE_dirty bit when it is set (bsc#1140652). - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1140652). - bcache: performance improvement for btree_flush_write() (bsc#1140652). - bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652). - bcache: remove retry_flush_write from struct cache_set (bsc#1140652). - bcache: remove unncessary code in bch_btree_keys_init() (bsc#1140652). - bcache: remove unnecessary prefetch() in bset_search_tree() (bsc#1140652). - bcache: remove 'XXX:' comment line from run_cache_set() (bsc#1140652). - bcache: return error immediately in bch_journal_replay() (bsc#1140652). - bcache: Revert 'bcache: fix high CPU occupancy during journal' (bsc#1140652). - bcache: Revert 'bcache: free heap cache_set->flush_btree in bch_journal_free' (bsc#1140652). - bcache: set largest seq to ja->seq[bucket_index] in journal_read_bucket() (bsc#1140652). - bcache: shrink btree node cache after bch_btree_check() (bsc#1140652). - bcache: stop writeback kthread and kworker when bch_cached_dev_run() failed (bsc#1140652). - bcache: use sysfs_match_string() instead of __sysfs_match_string() (bsc#1140652). - be2net: Fix number of Rx queues used for flow hashing (networking-stable-19_06_18). - be2net: Signal that the device cannot transmit during reconfiguration (bsc#1127315). - be2net: Synchronize be_update_queues with dev_watchdog (bsc#1127315). - blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432). - blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637). - block, bfq: NULL out the bic when it's no longer valid (bsc#1142359). - block: Fix a NULL pointer dereference in generic_make_request() (bsc#1139771). - Bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328). - bnx2x: Prevent load reordering in tx completion processing (bsc#1142868). - bnxt_en: Fix aggregation buffer leak under OOM condition (networking-stable-19_05_31). - bonding: fix arp_validate toggling in active-backup mode (networking-stable-19_05_14). - bonding: Force slave speed check after link state recovery for 802.3ad (bsc#1137584). - bpf, x64: fix stack layout of JITed bpf code (bsc#1083647). - bpf, x64: save 5 bytes in prologue when ebpf insns came from cbpf (bsc#1083647). - brcmfmac: convert dev_init_lock mutex to completion (bsc#1051510). - brcmfmac: fix missing checks for kmemdup (bsc#1051510). - brcmfmac: fix Oops when bringing up interface during USB disconnect (bsc#1051510). - brcmfmac: fix race during disconnect when USB completion is in progress (bsc#1051510). - brcmfmac: fix WARNING during USB disconnect in case of unempty psq (bsc#1051510). - bridge: Fix error path for kobject_init_and_add() (networking-stable-19_05_14). - btrfs: fix race between block group removal and block group allocation (bsc#1143003). - Build klp-symbols in kernel devel projects. - can: af_can: Fix error path of can_init() (bsc#1051510). - can: flexcan: fix timeout when set small bitrate (bsc#1051510). - can: purge socket error queue on sock destruct (bsc#1051510). - ceph: flush dirty inodes before proceeding with remount (bsc#1140405). - cfg80211: fix memory leak of wiphy device name (bsc#1051510). - cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() (bsc#1141478). - chardev: add additional check for minor range overlap (bsc#1051510). - clk: qcom: Fix -Wunused-const-variable (bsc#1051510). - clk: rockchip: Don't yell about bad mmc phases when getting (bsc#1051510). - clk: rockchip: Turn on 'aclk_dmac1' for suspend on rk3288 (bsc#1051510). - clk: tegra210: fix PLLU and PLLU_OUT1 (bsc#1051510). - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider (bsc#1051510). - coredump: fix race condition between collapse_huge_page() and core dumping (bnc#1133738, CVE-2019-11599). - coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (bsc#1133738, CVE-2019-11599). - coresight: etb10: Fix handling of perf mode (bsc#1051510). - coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510). - Correct the CVE and bug reference for a floppy security fix (CVE-2019-14284,bsc#1143189) - Correct the patch reference tag for scsi fix (bsc#1136922 CVE-2019-12456) - cpufreq: acpi-cpufreq: Report if CPU doesn't support boost technologies (bsc#1051510). - cpufreq: Add Hygon Dhyana support (fate#327735). - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ (fate#327735). - cpufreq: brcmstb-avs-cpufreq: Fix initial command check (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency (bsc#1051510). - cpufreq: check if policy is inactive early in __cpufreq_get() (bsc#1051510). - cpufreq: kirkwood: fix possible object reference leak (bsc#1051510). - cpufreq/pasemi: fix possible object reference leak (bsc#1051510). - cpufreq: pmac32: fix possible object reference leak (bsc#1051510). - cpufreq: ppc_cbe: fix possible object reference leak (bsc#1051510). - cpufreq: Use struct kobj_attribute instead of struct global_attr (bsc#1051510). - cpu/topology: Export die_id (jsc#SLE-5454). - crypto: algapi - guard against uninitialized spawn list in crypto_remove_spawns (bsc#1133401). - crypto: arm64/sha1-ce - correct digest for empty data in finup (bsc#1051510). - crypto: arm64/sha2-ce - correct digest for empty data in finup (bsc#1051510). - crypto: ccp - Fix 3DES complaint from ccp-crypto module (bsc#1051510). - crypto: ccp - fix AES CFB error exposed by new test vectors (bsc#1051510). - crypto: ccp - Fix SEV_VERSION_GREATER_OR_EQUAL (bsc#1051510). - crypto: ccp - fix the SEV probe in kexec boot path (bsc#1136896). - crypto: ccp/gcm - use const time tag comparison (bsc#1051510). - crypto: ccp - memset structure fields to zero before reuse (bsc#1051510). - crypto: ccp - Validate the the error value used to index error messages (bsc#1051510). - crypto: chacha20poly1305 - fix atomic sleep when using async algorithm (bsc#1051510). - crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510). - crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe (bsc#1051510). - crypto: ghash - fix unaligned memory access in ghash_setkey() (bsc#1051510). - crypto: talitos - Align SEC1 accesses to 32 bits boundaries (bsc#1051510). - crypto: talitos - check data blocksize in ablkcipher (bsc#1051510). - crypto: talitos - fix CTR alg blocksize (bsc#1051510). - crypto: talitos - fix max key size for sha384 and sha512 (bsc#1051510). - crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking (bsc#1051510). - crypto: talitos - properly handle split ICV (bsc#1051510). - crypto: talitos - reduce max key size for SEC1 (bsc#1051510). - crypto: talitos - rename alternative AEAD algos (bsc#1051510). - crypto: user - prevent operating on larval algorithms (bsc#1133401). - crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661, bsc#1137162). - crypto: vmx - return correct error code on failed setkey (bsc#1135661, bsc#1137162). - dasd_fba: Display '00000000' for zero page when dumping sense (bsc#11123080). - dax: Fix xarray entry association for mixed mappings (bsc#1140893). - device core: Consolidate locking and unlocking of parent and device (bsc#1106383). - dmaengine: hsu: Revert 'set HSU_CH_MTSR to memory width' (bsc#1051510). - dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510). - dm, dax: Fix detection of DAX support (bsc#1139782). - doc: Cope with the deprecation of AutoReporter (bsc#1051510). - docs: Fix conf.py for Sphinx 2.0 (bsc#1135642). - Documentation: Add MDS vulnerability documentation (bsc#1135642). - Documentation: Correct the possible MDS sysfs values (bsc#1135642). - Documentation: DMA-API: fix a function name of max_mapping_size (bsc#1140954). - Do not provide kernel-default from kernel-default-base (boo#1132154, bsc#1106751). - Do not provide kernel-default-srchash from kernel-default-base. - Don't restrict NFSv4.2 on openSUSE (bsc#1138719). - dpaa_eth: fix SG frame cleanup (networking-stable-19_05_14). - drbd: Avoid Clang warning about pointless switch statment (bsc#1051510). - drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bsc#1051510). - drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510). - drbd: skip spurious timeout (ping-timeo) when failing promote (bsc#1051510). - driver core: Establish order of operations for device_add and device_del via bitflag (bsc#1106383). - driver core: Probe devices asynchronously instead of the driver (bsc#1106383). - drivers: acpi: add dependency of EFI for arm64 (bsc#1117158). - drivers/base: Introduce kill_device() (bsc#1139865). - drivers/base: kABI fixes for struct device_private (bsc#1106383). - drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var (bsc#1051510). - drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' (bsc#1051510). - drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() (bsc#1051510). - drivers: thermal: tsens: Don't print error message on -EPROBE_DEFER (bsc#1051510). - drm/amdgpu: fix old fence check in amdgpu_fence_emit (bsc#1051510). - drm/amdgpu/gfx9: use reset default for PA_SC_FIFO_SIZE (bsc#1051510). - drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510). - drm/drv: Hold ref on parent device during drm_device lifetime (bsc#1051510). - drm/gma500/cdv: Check vbt config bits when detecting lvds panels (bsc#1051510). - drm/i915/dmc: protect against reading random memory (bsc#1051510). - drm/i915/gvt: Fix cmd length of VEB_DI_IECP (bsc#1113722) - drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510). - drm/i915/gvt: refine ggtt range validation (bsc#1113722) - drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510). - drm/i915/sdvo: Implement proper HDMI audio support for SDVO (bsc#1051510). - drm/meson: Add support for XBGR8888 & ABGR8888 formats (bsc#1051510). - drm/msm/a3xx: remove TPL1 regs from snapshot (bsc#1051510). - drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration (bsc#1051510). - drm/nouveau/i2c: Disable i2c bus access after ->fini() (bsc#1113722) - drm/nouveau/i2c: Enable i2c pads & busses during preinit (bsc#1051510). - drm/radeon: prefer lower reference dividers (bsc#1051510). - drm/rockchip: Properly adjust to a true clock in adjusted_mode (bsc#1051510). - drm: Wake up next in drm_read() chain if we are forced to putback the event (bsc#1051510). - e1000e: start network tx queue only when link is up (bsc#1051510). - edac, amd64: Add Hygon Dhyana support (fate#327735). - edac/mc: Fix edac_mc_find() in case no device is found (bsc#1114279). - efi: add API to reserve memory persistently across kexec reboot (bsc#1117158). - efi/arm: Defer persistent reservations until after paging_init() (bsc#1117158). - efi/arm: Don't mark acpi reclaim memory as MEMBLOCK_NOMAP (bsc#1117158 bsc#1115688 bsc#1120566). - efi/arm: libstub: add a root memreserve config table (bsc#1117158). - efi/arm: map UEFI memory map even w/o runtime services enabled (bsc#1117158). - efi/arm: preserve early mapping of UEFI memory map longer for BGRT (bsc#1117158). - efi/arm: Revert 'Defer persistent reservations until after paging_init()' (bsc#1117158). - efi/arm: Revert deferred unmap of early memmap mapping (bsc#1117158). - efi: honour memory reservations passed via a linux specific config table (bsc#1117158). - efi: Permit calling efi_mem_reserve_persistent() from atomic context (bsc#1117158). - efi: Permit multiple entries in persistent memreserve data structure (bsc#1117158). - efi: Prevent GICv3 WARN() by mapping the memreserve table before first use (bsc#1117158). - efi: Reduce the amount of memblock reservations for persistent allocations (bsc#1117158). - efi/x86/Add missing error handling to old_memmap 1:1 mapping code (CVE-2019-12380,bsc#1136598). - ethtool: check the return value of get_regs_len (git-fixes). - ethtool: fix potential userspace buffer overflow (networking-stable-19_06_09). - ext4: do not delete unlinked inode from orphan list on failed truncate (bsc#1140891). - extcon: arizona: Disable mic detect if running when driver is removed (bsc#1051510). - firmware: efi: factor out mem_reserve (bsc#1117158 bsc#1134671). - Fix kABI breakage by mwifiex security fix (CVE-2019-3846,bsc#1136424). - Fix kABI for asus-wmi quirk_entry field addition (bsc#1051510). - Fix memory leak in sctp_process_init (networking-stable-19_06_09). - floppy: fix div-by-zero in setup_format_params (CVE-2019-14283,bsc#1143191). - floppy: fix out-of-bounds read in copy_buffer (CVE-2019-14283,bsc#1143191). - fork, memcg: fix cached_stacks case (bsc#1134097). - fork, memcg: fix crash in free_thread_stack on memcg charge fail (bsc#1134097). - fs/ocfs2: fix race in ocfs2_dentry_attach_lock() (bsc#1140889). - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference (bsc#1140887). - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (bsc#1140887). - ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995 fate#323487). - fuse: fallocate: fix return with locked inode (bsc#1051510). - fuse: fix writepages on 32bit (bsc#1051510). - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate (bsc#1051510). - genirq: Prevent use-after-free and work list corruption (bsc#1051510). - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bsc#1051510). - genwqe: Prevent an integer overflow in the ioctl (bsc#1051510). - git_sort: add crypto maintainer tree. - gpio: fix gpio-adp5588 build errors (bsc#1051510). - gpio: omap: fix lack of irqstatus_raw0 for OMAP4 (bsc#1051510). - gpio: Remove obsolete comment about gpiochip_free_hogs() usage (bsc#1051510). - HID: input: fix a4tech horizontal wheel custom usage (bsc#1137429). - HID: logitech-hidpp: change low battery level threshold from 31 to 30 percent (bsc#1051510). - HID: logitech-hidpp: use RAP instead of FAP to get the protocol version (bsc#1051510). - HID: wacom: Add ability to provide explicit battery status info (bsc#1051510). - - HID: wacom: Add support for 3rd generation Intuos BT (bsc#1051510). - HID: wacom: Add support for Pro Pen slim (bsc#1051510). - HID: wacom: convert Wacom custom usages to standard HID usages (bsc#1051510). - HID: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth (bsc#1051510). - HID: wacom: correct touch resolution x/y typo (bsc#1051510). - HID: wacom: Don't report anything prior to the tool entering range (bsc#1051510). - HID: wacom: Don't set tool type until we're in range (bsc#1051510). - HID: wacom: fix mistake in printk (bsc#1051510). - HID: wacom: generic: add the 'Report Valid' usage (bsc#1051510). - HID: wacom: generic: Correct pad syncing (bsc#1051510). - HID: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0 (bsc#1051510). - HID: wacom: generic: Leave tool in prox until it completely leaves sense (bsc#1051510). - HID: wacom: generic: only switch the mode on devices with LEDs (bsc#1051510). - HID: wacom: generic: read HID_DG_CONTACTMAX from any feature report (bsc#1051510). - HID: wacom: generic: Refactor generic battery handling (bsc#1051510). - HID: wacom: generic: Report AES battery information (bsc#1051510). - HID: wacom: generic: Reset events back to zero when pen leaves (bsc#1051510). - HID: wacom: generic: Scale battery capacity measurements to percentages (bsc#1051510). - HID: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set (bsc#1051510). - HID: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range (bsc#1051510). - HID: wacom: generic: Support multiple tools per report (bsc#1051510). - HID: wacom: generic: Use generic codepath terminology in wacom_wac_pen_report (bsc#1051510). - HID: wacom: Mark expected switch fall-through (bsc#1051510). - HID: wacom: Move handling of HID quirks into a dedicated function (bsc#1051510). - HID: wacom: Move HID fix for AES serial number into wacom_hid_usage_quirk (bsc#1051510). - HID: wacom: Properly handle AES serial number and tool type (bsc#1051510). - HID: wacom: Queue events with missing type/serial data for later processing (bsc#1051510). - HID: wacom: Remove comparison of u8 mode with zero and simplify (bsc#1051510). - HID: wacom: Replace touch_max fixup code with static touch_max definitions (bsc#1051510). - HID: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact (bsc#1051510). - HID: wacom: Support 'in range' for Intuos/Bamboo tablets where possible (bsc#1051510). - HID: Wacom: switch Dell canvas into highres mode (bsc#1051510). - HID: wacom: Sync INTUOSP2_BT touch state after each frame if necessary (bsc#1051510). - HID: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510). - HID: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 (bsc#1051510). - hugetlbfs: dirty pages as they are added to pagecache (git fixes (mm/hugetlbfs)). - hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! (git fixes (mm/hugetlbfs)). - hwmon: (core) add thermal sensors only if dev->of_node is present (bsc#1051510). - hwmon/coretemp: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - hwmon/coretemp: Support multi-die/package (jsc#SLE-5454). - hwmon: (k10temp) 27C Offset needed for Threadripper2 (FATE#327735). - hwmon: (k10temp) Add Hygon Dhyana support (FATE#327735). - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics (FATE#327735). - hwmon: (k10temp) Add support for family 17h (FATE#327735). - hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs (FATE#327735). - hwmon: (k10temp) Add support for temperature offsets (FATE#327735). - hwmon: (k10temp) Add temperature offset for Ryzen 1900X (FATE#327735). - hwmon: (k10temp) Add temperature offset for Ryzen 2700X (FATE#327735). - hwmon: (k10temp) Correct model name for Ryzen 1600X (FATE#327735). - hwmon: (k10temp) Display both Tctl and Tdie (FATE#327735). - hwmon: (k10temp) Fix reading critical temperature register (FATE#327735). - hwmon: (k10temp) Make function get_raw_temp static (FATE#327735). - hwmon: (k10temp) Move chip specific code into probe function (FATE#327735). - hwmon: (k10temp) Only apply temperature offset if result is positive (FATE#327735). - hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh processors (FATE#327735). - hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify offset table (FATE#327735). - hwmon: (k10temp) Use API function to access System Management Network (FATE#327735). - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (FATE#327735). - hwmon: (pmbus/core) Treat parameters as paged if on multiple pages (bsc#1051510). - hwrng: omap - Set default quality (bsc#1051510). - i2c: acorn: fix i2c warning (bsc#1135642). - i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr (bsc#1051510). - i2c: i801: Add support for Intel Comet Lake (jsc#SLE-5331). - i2c-piix4: Add Hygon Dhyana SMBus support (FATE#327735). - IB/mlx5: Fix leaking stack memory to userspace (bsc#1143045 CVE-2018-20855). - ibmveth: Update ethtool settings to reflect virtual properties (bsc#1136157, LTC#177197). - ibmvnic: Add device identification to requested IRQs (bsc#1137739). - ibmvnic: Do not close unopened driver during reset (bsc#1137752). - ibmvnic: Fix unchecked return codes of memory allocations (bsc#1137752). - ibmvnic: Refresh device multicast list after reset (bsc#1137752). - ibmvnic: remove set but not used variable 'netdev' (bsc#1137739). - iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion (bsc#1051510). - iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data (bsc#1051510). - iio: hmc5843: fix potential NULL pointer dereferences (bsc#1051510). - indirect call wrappers: helpers to speed-up indirect calls of builtin (bsc#1124503). - inet: switch IP ID generator to siphash (CVE-2019-10638 bsc#1140575). - Input: elantech - enable middle button support on 2 ThinkPads (bsc#1051510). - Input: gtco - bounds check collection indent level (CVE-2019-13631,bsc#1142023). - Input: imx_keypad - make sure keyboard can always wake up system (bsc#1051510). - Input: psmouse - fix build error of multiple definition (bsc#1051510). - Input: synaptics - enable SMBUS on T480 thinkpad trackpad (bsc#1051510). - Input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510). - Input: tm2-touchkey - acknowledge that setting brightness is a blocking call (bsc#1129770). - Input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD (bsc#1051510). - Install extra rpm scripts for kernel subpackaging (FATE#326579, jsc#SLE-4117, jsc#SLE-3853, bsc#1128910). - intel_th: msu: Fix single mode with disabled IOMMU (bsc#1051510). - iommu/amd: Make iommu_disable safer (bsc#1140955). - iommu/arm-smmu: Add support for qcom,smmu-v2 variant (bsc#1051510). - iommu/arm-smmu: Avoid constant zero in TLBI writes (bsc#1140956). - iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel (bsc#1117158). - iommu/arm-smmu-v3: Don't disable SMMU in kdump kernel (bsc#1117158 bsc#1134671). - iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register (bsc#1051510). - iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer (bsc#1051510). - iommu: Fix a leak in iommu_insert_resv_region (bsc#1140957). - iommu: Use right function to get group for device (bsc#1140958). - iommu/vt-d: Duplicate iommu_resv_region objects per device list (bsc#1140959). - iommu/vt-d: Handle PCI bridge RMRR device scopes in intel_iommu_get_resv_regions (bsc#1140960). - iommu/vt-d: Handle RMRR with PCI bridge device scopes (bsc#1140961). - iommu/vt-d: Introduce is_downstream_to_pci_bridge helper (bsc#1140962). - iommu/vt-d: Remove unnecessary rcu_read_locks (bsc#1140964). - ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled (git-fixes). - ipv4: Fix raw socket lookup for local traffic (networking-stable-19_05_14). - ipv4/igmp: fix another memory leak in igmpv3_del_delrec() (networking-stable-19_05_31). - ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST (networking-stable-19_05_31). - ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop (git-fixes). - ipv6: Consider sk_bound_dev_if when binding a raw socket to an address (networking-stable-19_05_31). - ipv6: fix EFAULT on sendto with icmpv6 and hdrincl (networking-stable-19_06_09). - ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero (networking-stable-19_06_18). - ipv6: use READ_ONCE() for inet->hdrincl as in ipv4 (networking-stable-19_06_09). - irqchip/gic-v3-its: fix some definitions of inner cacheability attributes (bsc#1051510). - irqchip/mbigen: Don't clear eventid when freeing an MSI (bsc#1051510). - iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb() (bsc#1051510). - iwlwifi: pcie: don't crash on invalid RX interrupt (bsc#1051510). - kabi: drop LINUX_MIB_TCPWQUEUETOOBIG snmp counter (bsc#1137586). - Kabi fixup blk_mq_register_dev() (bsc#1140637). - kabi: handle addition of net::hash_mix (CVE-2019-10639 bsc#1140577). - kabi: handle addition of netns_ipv4::ip_id_key (CVE-2019-10638 bsc#1140575). - kabi: move sysctl_tcp_min_snd_mss to preserve struct net layout (bsc#1137586). - kABI workaround for the new pci_dev.skip_bus_pm field addition (bsc#1051510). - kabi: x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - kabi: x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - kbuild: use -flive-patching when CONFIG_LIVEPATCH is enabled (bsc#1071995 fate#323487). - kernel-binary: fix missing \ - kernel-binary: rpm does not support multiline condition - kernel-binary: Use -c grep option in klp project detection. - kernel: jump label transformation performance (bsc#1137534 bsc#1137535 LTC#178058 LTC#178059). - kernel/signal.c: trace_signal_deliver when signal_group_exit (git-fixes). - kernel-subpackage-spec: Add dummy package to ensure subpackages are rebuilt with kernel update (bsc#1106751). - KMPs: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137). - KMPs: provide and conflict a kernel version specific KMP name (bsc#1127155, bsc#1109137). - KVM: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots (bsc#1133021). - KVM: arm/arm64: vgic-its: Take the srcu lock when writing to guest memory (bsc#1133021). - kvm: mmu: Fix overflow on kvm mmu page limit calculation (bsc#1135335). - kvm/mmu: kABI fix for *_mmu_pages changes in struct kvm_arch (bsc#1135335). - KVM: polling: add architecture backend to disable polling (bsc#1119222). - KVM: PPC: Book3S HV: Avoid lockdep debugging in TCE realmode handlers (bsc#1061840). - KVM: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough interrupts (bsc#1061840). - KVM: PPC: Book3S: Protect memslots while validating user address (bsc#1061840). - KVM: PPC: Release all hardware TCE tables attached to a group (bsc#1061840). - KVM: PPC: Remove redundand permission bits removal (bsc#1061840). - KVM: PPC: Validate all tces before updating tables (bsc#1061840). - KVM: PPC: Validate TCEs against preregistered memory page sizes (bsc#1061840). - KVM: s390: change default halt poll time to 50us (bsc#1119222). - KVM: s390: enable CONFIG_HAVE_KVM_NO_POLL (bsc#1119222) - KVM: s390: fix typo in parameter description (bsc#1119222). - KVM: s390: kABI Workaround for 'kvm_vcpu_stat' - KVM: s390: kABI Workaround for 'lowcore' (bsc#1119222). - KVM: s390: provide kvm_arch_no_poll function (bsc#1119222). - kvm: svm/avic: Do not send AVIC doorbell to self (bsc#1140133). - kvm: svm/avic: fix off-by-one in checking host APIC ID (bsc#1140971). - KVM: SVM: Fix detection of AMD Errata 1096 (bsc#1142354). - KVM: x86: fix return value for reserved EFER (bsc#1140992). - kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID (bsc#1114279). - kvm: x86: Include multiple indices with CPUID leaf 0x8000001d (bsc#1114279). - KVM: x86: Skip EFER vs. guest CPUID checks for host-initiated writes (bsc#1140972). - lapb: fixed leak of control-blocks (networking-stable-19_06_18). - leds: avoid flush_work in atomic context (bsc#1051510). - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk (bsc#1051510). - lib/bitmap.c: make bitmap_parselist() thread-safe and much faster (bsc#1143507). - lib: fix stall in __bitmap_parselist() (bsc#1051510). - libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865). - libnvdimm/namespace: Fix label tracking error (bsc#1142350). - libnvdimm, pfn: Fix over-trim in trim_pfn_device() (bsc#1140719). - lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE (bsc#1051510). - livepatch: Remove duplicate warning about missing reliable stacktrace support (bsc#1071995 fate#323487). - livepatch: Use static buffer for debugging messages under rq lock (bsc#1071995 fate#323487). - llc: fix skb leak in llc_build_and_send_ui_pkt() (networking-stable-19_05_31). - mac80211/cfg80211: update bss channel on channel switch (bsc#1051510). - mac80211: Do not use stack memory with scatterlist for GMAC (bsc#1051510). - mac80211: drop robust management frames from unknown TA (bsc#1051510). - mac80211: Fix kernel panic due to use of txq after free (bsc#1051510). - mac80211: handle deauthentication/disassociation from TDLS peer (bsc#1051510). - media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() (bsc#1051510). - media: au0828: stop video streaming only when last user stops (bsc#1051510). - media: coda: clear error return value before picture run (bsc#1051510). - media: cpia2: Fix use-after-free in cpia2_exit (bsc#1051510). - media: cpia2_usb: first wake up, then free in disconnect (bsc#1135642). - media: go7007: avoid clang frame overflow warning with KASAN (bsc#1051510). - media: m88ds3103: serialize reset messages in m88ds3103_set_frontend (bsc#1051510). - media: marvell-ccic: fix DMA s/g desc number calculation (bsc#1051510). - media: ov2659: make S_FMT succeed even if requested format doesn't match (bsc#1051510). - media: s5p-mfc: Make additional clocks optional (bsc#1051510). - media: saa7146: avoid high stack usage with clang (bsc#1051510). - media: smsusb: better handle optional alignment (bsc#1051510). - media: usb: siano: Fix false-positive 'uninitialized variable' warning (bsc#1051510). - media: usb: siano: Fix general protection fault in smsusb (bsc#1051510). - media: v4l2-ioctl: clear fields in s_parm (bsc#1051510). - media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom() (bsc#1051510). - media: vivid: fix incorrect assignment operation when setting video mode (bsc#1051510). - mei: bus: need to unlink client before freeing (bsc#1051510). - mei: me: add denverton innovation engine device IDs (bsc#1051510). - mei: me: add gemini lake devices id (bsc#1051510). - memory: tegra: Fix integer overflow on tick value calculation (bsc#1051510). - memstick: Fix error cleanup path of memstick_init (bsc#1051510). - Merge branch 'origin/users/jthumshirn/SLE15/for-next' into SLE15 - Merge branch 'packaging' into SLE15 - Merge branch 'scripts' into SLE15 - Merge branch 'scripts' into SLE15 - Merge branch 'SLE15_EMBARGO' into SLE12-SP4_EMBARGO - Merge branch 'SLE15_EMBARGO' into SLE12-SP4_EMBARGO - Merge branch 'SLE15_EMBARGO' into SLE15 - Merge branch 'SLE15' into SLE12-SP4 - Merge branch 'SLE15' into SLE12-SP4 - Merge branch 'SLE15' into SLE12-SP4 - Merge branch 'SLE15' into SLE12-SP4 - Merge branch 'SLE15' into SLE12-SP4 - Merge branch 'SLE15' into SLE12-SP4 - Merge branch 'SLE15' into SLE12-SP4 - Merge branch 'SLE15' into SLE12-SP4 - Merge branch 'SLE15' into SLE12-SP4 - Merge branch 'SLE15' into SLE12-SP4 - Merge branch 'SLE15' into SLE12-SP4 - Merge branch 'SLE15' into SLE12-SP4 - Merge branch 'SLE15' into SLE12-SP4 - Merge branch 'SLE15' into SLE12-SP4 - Merge branch 'SLE15' into SLE12-SP4 - Merge branch 'SLE15' into SLE15_EMBARGO - Merge branch 'SLE15' into users/tiwai/SLE15/bsc1139358 - Merge branch 'SLE15' into users/tiwai/SLE15/bsc1139358 - Merge branch 'SLE15' into users/tiwai/SLE15/bsc1139358 - Merge branch 'users/bpetkov/SLE15/for-next' into SLE15 - Merge branch 'users/bpetkov/SLE15/for-next' into SLE15 - Merge branch 'users/dkirjanov/SLE15/for-next' into SLE15 - Merge branch 'users/fbaumanis/SLE15/for-next' into SLE15 - Merge branch 'users/fdmanana/SLE15/for-next' into SLE15 - Merge branch 'users/fdmanana/SLE15/for-next' into SLE15 - Merge branch 'users/fyang/SLE15/for-next' into SLE15 - Merge branch 'users/ggherdovich/SLE15/for-next' into SLE15 - Merge branch 'users/glin/SLE15/for-next' into SLE15 - Merge branch 'users/hare/SLE15/for-next' into SLE15 - Merge branch 'users/hare/SLE15/for-next' into SLE15 - Merge branch 'users/hare/SLE15/for-next' into SLE15 - Merge branch 'users/hare/SLE15/for-next' into SLE15 - Merge branch 'users/jack/SLE15/for-next' into SLE15 - Merge branch 'users/jack/SLE15/for-next' into SLE15 - Merge branch 'users/jack/SLE15/for-next' into SLE15 - Merge branch 'users/jack/SLE15/for-next' into SLE15 - Merge branch 'users/jdelvare/SLE15/for-next' into SLE15 - Merge branch 'users/jgross/SLE15/for-next' into SLE15 - Merge branch 'users/jroedel/SLE15/for-next' into SLE15 - Merge branch 'users/jroedel/SLE15/for-next' into SLE15 - Merge branch 'users/jslaby/SLE15/for-next' into SLE15 - Merge branch 'users/jslaby/SLE15/for-next' into SLE15 - Merge branch 'users/jthumshirn/SLE15/for-next' into SLE15 - Merge branch 'users/jthumshirn/SLE15/for-next' into SLE15 - Merge branch 'users/jthumshirn/SLE15/for-next' into SLE15 - Merge branch 'users/jthumshirn/SLE15/for-next' into SLE15 - Merge branch 'users/jthumshirn/SLE15/for-next' into SLE15 - Merge branch 'users/lduncan/SLE15/for-next' into SLE15 - Merge branch 'users/lduncan/SLE15/for-next' into SLE15 - Merge branch 'users/lduncan/SLE15/for-next' into SLE15 - Merge branch 'users/lduncan/SLE15/for-next' into SLE15 - Merge branch 'users/lhenriques/SLE15/for-next' into SLE15 - Merge branch 'users/lyan/SLE15/for-next' into SLE15 - Merge branch 'users/lyan/SLE15/for-next' into SLE15 - Merge branch 'users/mbenes/SLE15/for-next' into SLE15 - Merge branch 'users/mbenes/SLE15/for-next' into SLE15 - Merge branch 'users/mbrugger/SLE15/for-next' into SLE15 - Merge branch 'users/mgorman/SLE15/for-next' into SLE15 - Merge branch 'users/mgorman/SLE15/for-next' into SLE15 - Merge branch 'users/mhocko/SLE12-SP4/bnc1136896' into users/mhocko/SLE12-SP4/for-next - Merge branch 'users/mhocko/SLE15/bnc1139358' into SLE15 - Merge branch 'users/mhocko/SLE15/bnc1139358' into users/mhocko/SLE12-SP4/bnc1139358 - Merge branch 'users/mhocko/SLE15/for-next' into SLE15 - Merge branch 'users/mkoutny/SLE15/for-next' into SLE15 - Merge branch 'users/mkubecek/SLE15/1137586' into SLE15_EMBARGO - Merge branch 'users/mkubecek/SLE15/1137586' into SLE15_EMBARGO - Merge branch 'users/mkubecek/SLE15/for-next' into SLE15 - Merge branch 'users/mkubecek/SLE15/for-next' into SLE15 - Merge branch 'users/msuchanek/SLE15/bsc1137534-s390-jumplabel-perf' into SLE15 - Merge branch 'users/msuchanek/SLE15/for-next' into SLE15 - Merge branch 'users/msuchanek/SLE15/for-next' into SLE15 - Merge branch 'users/msuchanek/SLE15/for-next' into SLE15 - Merge branch 'users/msuchanek/SLE15/for-next' into SLE15 - Merge branch 'users/msuchanek/SLE15/for-next' into SLE15 - Merge branch 'users/msuchanek/SLE15/for-next' into SLE15 - Merge branch 'users/msuchanek/SLE15/for-next' into SLE15 - Merge branch 'users/msuchanek/SLE15/for-next' into SLE15 - Merge branch 'users/msuchanek/SLE15/for-next' into SLE15 - Merge branch 'users/msuchanek/SLE15/for-next' into SLE15 - Merge branch 'users/nfbrown/SLE15/for-next' into SLE15 - Merge branch 'users/nfbrown/SLE15/for-next' into SLE15 - Merge branch 'users/ohering/SLE15/for-next' into SLE15 - Merge branch 'users/oneukum/SLE15/for-next' into SLE15 - Merge branch 'users/oneukum/SLE15/for-next' into SLE15 - Merge branch 'users/oneukum/SLE15/for-next' into SLE15 - Merge branch 'users/oneukum/SLE15/for-next' into SLE15 - Merge branch 'users/oneukum/SLE15/for-next' into SLE15 - Merge branch 'users/oneukum/SLE15/for-next' into SLE15 - Merge branch 'users/osalvador/SLE15/for-next' into SLE15 - Merge branch 'users/ptesarik/SLE15/for-next' into SLE15 - Merge branch 'users/pvorel/SLE15/for-next' into SLE15 - Merge branch 'users/tbogendoerfer/SLE15/for-next' into SLE15 - Merge branch 'users/tzimmermann/SLE15/for-next' into SLE15 - Merge branch 'users/vbabka/SLE15/for-next' into SLE15 - Merge branch 'users/vbabka/SLE15/for-next' into SLE15 - Merge branch 'users/vbabka/SLE15/for-next' into SLE15 - Merge remote-tracking branch 'origin/SLE15' into SLE12-SP4 - Merge remote-tracking branch 'origin/SLE15' into SLE12-SP4 - Merge remote-tracking branch 'origin/SLE15' into SLE12-SP4 - Merge remote-tracking branch 'origin/SLE15' into SLE12-SP4 - Merge remote-tracking branch 'origin/SLE15' into SLE12-SP4 - Merge remote-tracking branch 'origin/SLE15' into SLE12-SP4 - Merge remote-tracking branch 'origin/SLE15' into SLE12-SP4 - Merge remote-tracking branch 'origin/SLE15' into SLE12-SP4 - Merge remote-tracking branch 'origin/SLE15' into SLE12-SP4 - Merge remote-tracking branch 'origin/SLE15' into SLE12-SP4 - Merge remote-tracking branch 'origin/SLE15' into SLE12-SP4_EMBARGO - Merge remote-tracking branch 'origin/SLE15' into SLE12-SP4_EMBARGO - Merge remote-tracking branch 'origin/users/fyang/SLE12-SP4/for-next' into SLE12-SP4 - Merge remote-tracking branch 'origin/users/ghe/SLE12-SP4/for-next' into SLE12-SP4 - Merge remote-tracking branch 'origin/users/mfleming/SLE12-SP4/for-next' into SLE12-SP4 - Merge remote-tracking branch 'origin/users/mhocko/SLE12-SP4/for-next' into SLE12-SP4 - Merge remote-tracking branch 'origin/users/msuchanek/SLE12-SP4/for-next' into SLE12-SP4 - mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L (bsc#1051510). - mfd: hi655x: Fix regmap area declared size for hi655x (bsc#1051510). - mfd: intel-lpss: Release IDA resources (bsc#1051510). - mfd: intel-lpss: Set the device in reset state when init (bsc#1051510). - mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values (bsc#1051510). - mfd: tps65912-spi: Add missing of table registration (bsc#1051510). - mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510). - mISDN: make sure device name is NUL terminated (bsc#1051510). - mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers (bsc#1051510). - mmc: core: Prevent processing SDIO IRQs when the card is suspended (bsc#1051510). - mmc: core: Verify SD bus width (bsc#1051510). - mmc: mmci: Prevent polling for busy detection in IRQ context (bsc#1051510). - mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum A-009204 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC5 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support (bsc#1051510). - mmc: sdhci-pci: Try 'cd' for card-detect lookup before using NULL (bsc#1051510). - mmc_spi: add a status check for spi_sync_locked (bsc#1051510). - mm: migrate: Fix reference check race between __find_get_block() and migration (bnc#1137609). - mm/nvdimm: add is_ioremap_addr and use that to check ioremap address (bsc#1140322 LTC#176270). - mm, page_alloc: fix has_unmovable_pages for HugePages (bsc#1127034). - mm: pagechage-limit: Calculate pagecache-limit based on node state (bsc#1136811) - mm: replace all open encodings for NUMA_NO_NODE (bsc#1140322 LTC#176270). - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (bnc#1012382). - mm/vmscan.c: prevent useless kswapd loops (git fixes (mm/vmscan)). - module: Fix livepatch/ftrace module text permissions race (bsc#1071995 fate#323487). - mount: copy the port field into the cloned nfs_server structure (bsc#1136990). - Move patch to correct directory. - Move stuff git_sort chokes on, out of the way - Move upstreamed ASoC patches into sorted section - mwifiex: Abort at too short BSS descriptor element (bsc#1136424 CVE-2019-3846). - mwifiex: Don't abort on small, spec-compliant vendor IEs (CVE-2019-3846,bsc#1136424). - mwifiex: fix 802.11n/WPA detection (CVE-2019-3846,bsc#1136424). - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935). - mwifiex: Fix possible buffer overflows at parsing bss descriptor - neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit (git-fixes). - neigh: fix use-after-free read in pneigh_get_next (networking-stable-19_06_18). - net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142112 bsc#1142221 LTC#179334 LTC#179332). - net: avoid weird emergency message (networking-stable-19_05_21). - net: fec: fix the clk mismatch in failed_reset path (networking-stable-19_05_31). - netfilter: conntrack: fix calculation of next bucket number in early_drop (git-fixes). - net-gro: fix use-after-free read in napi_gro_frags() (networking-stable-19_05_31). - net/ibmvnic: Remove tests of member address (bsc#1137739). - net/mlx4_core: Change the error print to info print (networking-stable-19_05_21). - net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_06_09). - net/mlx5: Allocate root ns memory using kzalloc to match kfree (networking-stable-19_05_31). - net/mlx5: Avoid double free in fs init error unwinding path (networking-stable-19_05_31). - net: mvneta: Fix err code path of probe (networking-stable-19_05_31). - net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value (networking-stable-19_05_31). - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633). - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633). - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633). - netns: get more entropy from net_hash_mix() (CVE-2019-10638 bsc#1140575). - netns: provide pure entropy for net_hash_mix() (CVE-2019-10639 bsc#1140577). - net: openvswitch: do not free vport if register_netdevice() is failed (networking-stable-19_06_18). - net/packet: fix memory leak in packet_set_ring() (git-fixes). - net: rds: fix memory leak in rds_ib_flush_mr_pool (networking-stable-19_06_09). - net: seeq: fix crash caused by not set dev.parent (networking-stable-19_05_14). - net: stmmac: fix reset gpio free missing (networking-stable-19_05_31). - net: unbreak CONFIG_RETPOLINE=n builds (bsc#1124503). - net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions (networking-stable-19_05_21). - net: use indirect call wrappers at GRO network layer (bsc#1124503). - net: use indirect call wrappers at GRO transport layer (bsc#1124503). - nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814). - nfit/ars: Avoid stale ARS results (jsc#SLE-5433). - nfit/ars: Introduce scrub_flags (jsc#SLE-5433). - NFS add module option to limit NFSv4 minor version (jsc#PM-231). - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642). - nvme: copy MTFA field from identify controller (bsc#1140715). - nvme: fix memory leak caused by incorrect subsystem free (bsc#1143185). - nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510). - nvmem: core: fix read buffer in place (bsc#1051510). - nvmem: correct Broadcom OTP controller driver writes (bsc#1051510). - nvmem: Don't let a NULL cell_id for nvmem_cell_get() crash us (bsc#1051510). - nvmem: imx-ocotp: Add i.MX7D timing write clock setup support (bsc#1051510). - nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510). - nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510). - nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function (bsc#1051510). - nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510). - nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510). - nvmem: imx-ocotp: Update module description (bsc#1051510). - nvmem: properly handle returned value nvmem_reg_read (bsc#1051510). - nvme-rdma: fix double freeing of async event data (bsc#1120423). - nvme-rdma: fix possible double free of controller async event buffer (bsc#1120423). - nvme-rdma: fix possible free of a non-allocated async event buffer (bsc#1120423). - nvme: skip nvme_update_disk_info() if the controller is not live (bsc#1128432). - ocfs2: add first lock wait time in locking_state (bsc#1134390). - ocfs2: add last unlock times in locking_state (bsc#1134390). - ocfs2: add locking filter debugfs file (bsc#1134390). - ocfs2: try to reuse extent block in dealloc without meta_alloc (bsc#1128902). - ocfs2: turn on OCFS2_FS_STATS setting(bsc#1134393) - of: fix clang -Wunsequenced for be32_to_cpu() (bsc#1135642). - packet: Fix error path in packet_init (networking-stable-19_05_14). - packet: in recvmsg msg_name return at least sizeof sockaddr_ll (git-fixes). - parport: Fix mem leak in parport_register_dev_model (bsc#1051510). - patches.fixes/mm-Fix-modifying-of-page-protection-by-insert_pfn.patch: Fix buggy backport leading to MAP_SYNC failures (bsc#1137372) - patches.fixes/scsi-vmw_pscsi-Fix-use-after-free-in-pvscsi_queue_lc.patch: Update patch metadata - patches.suse/Btrfs-kill-btrfs_clear_path_blocking.patch: (bsc#1140139). - PCI: Always allow probing with driver_override (bsc#1051510). - PCI: Do not poll for PME if the device is in D3cold (bsc#1051510). - PCI: hv: Add hv_pci_remove_slots() when we unload the driver (bsc#1142701). - PCI: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary (bsc#1142701). - PCI: hv: Fix a memory leak in hv_eject_device_work() (bsc#1142701). - PCI: hv: Fix a use-after-free bug in hv_eject_device_work() (bsc#1142701). - PCI: hv: Fix return value check in hv_pci_assign_slots() (bsc#1142701). - PCI: hv: Remove unused reason for refcount handler (bsc#1142701). - PCI: hv: support reporting serial number as slot information (bsc#1142701). - PCI: PM: Avoid possible suspend-to-idle issue (bsc#1051510). - PCI: PM: Skip devices in D0 for suspend-to-idle (bsc#1051510). - PCI: Return error if cannot probe VF (bsc#1051510). - PCI: rpadlpar: Fix leaked device_node references in add/remove paths (bsc#1051510). - perf tools: Add Hygon Dhyana support (fate#327735). - perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/rapl: Cosmetic rename internal variables in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454). - pkey: Indicate old mkvp only if old and current mkvp are different (bsc#1137827 LTC#178090). - pktgen: do not sleep with the thread lock held (git-fixes). - platform/chrome: cros_ec_proto: check for NULL transfer function (bsc#1051510). - platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ (bsc#1051510). - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510). - platform/x86: intel_turbo_max_3: Remove restriction for HWP platforms (jsc#SLE-5439). - platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration (bsc#1051510). - platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to critclk_systems DMI table (bsc#1051510). - PM / core: Propagate dev->power.wakeup_path when no callbacks (bsc#1051510). - powercap/intel_rapl: Simplify rapl_find_package() (jsc#SLE-5454). - powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454). - powercap/intel_rapl: Update RAPL domain name and debug messages (jsc#SLE-5454). - powerpc/64s: Remove POWER9 DD1 support (bsc#1055117, LTC#159753, FATE#323286, git-fixes). - powerpc: Always initialize input array when calling epapr_hypercall() (bsc#1065729). - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374, LTC#178199). - powerpc/crypto: Use cheaper random numbers for crc-vpmsum self-test (FATE#327696). - powerpc/eeh: Fix race with driver un/bind (bsc#1065729). - powerpc: Fix HMIs on big-endian with CONFIG_RELOCATABLE=y (bsc#1065729). - powerpc/mm: Change function prototype (bsc#1055117). - powerpc/mm: Consolidate numa_enable check and min_common_depth check (bsc#1140322 LTC#176270). - powerpc/mm/drconf: Use NUMA_NO_NODE on failures instead of node 0 (bsc#1140322 LTC#176270). - powerpc/mm: Fix node look up with numa=off boot (bsc#1140322 LTC#176270). - powerpc/mm/hugetlb: Update huge_ptep_set_access_flags to call __ptep_set_access_flags directly (bsc#1055117). - powerpc/mm/radix: Change pte relax sequence to handle nest MMU hang (bsc#1055117). - powerpc/mm/radix: Move function from radix.h to pgtable-radix.c (bsc#1055117). - powerpc/msi: Fix NULL pointer access in teardown code (bsc#1065729). - powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list (bsc#1137728, LTC#178106). - powerpc/perf: Add POWER9 alternate PM_RUN_CYC and PM_RUN_INST_CMPL events (bsc#1137728, LTC#178106). - powerpc/perf: Fix MMCRA corruption by bhrb_filter (bsc#1053043). - powerpc/powernv/idle: Restore IAMR after idle (bsc#1065729). - powerpc/process: Fix sparse address space warnings (bsc#1065729). - powerpc/pseries/dlpar: Fix a missing check in dlpar_parse_cc_property() (bsc#1137194, CVE-2019-12614). - powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375, LTC#178204). - powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199). - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199). - powerpc/rtas: retry when cpu offline races with suspend/migration (bsc#1140428, LTC#178808). - powerpc/tm: Fix oops on sigreturn on systems without TM (bsc#1142265 CVE-2019-13648). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945 bsc#1141401 bsc#1141402 bsc#1141452 bsc#1141453 bsc#1141454 LTC#178983 LTC#179191 LTC#179192 LTC#179193 LTC#179194 LTC#179195). - power: supply: max14656: fix potential use-before-alloc (bsc#1051510). - power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510). - ppp: deflate: Fix possible crash in deflate_init (networking-stable-19_05_21). - ppp: mppe: Add softdep to arc4 (bsc#1088047). - ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME (git-fixes). - ptrace: restore smp_rmb() in __ptrace_may_access() (git-fixes). - pwm: stm32: Use 3 cells ->of_xlate() (bsc#1111666). - qlcnic: Avoid potential NULL pointer dereference (bsc#1051510). - qmi_wwan: add network device usage statistics for qmimux devices (bsc#1051510). - qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510). - qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510). - qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode (bsc#1051510). - qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510). - qmi_wwan: Fix out-of-bounds read (bsc#1111666). - rapidio: fix a NULL pointer dereference when create_workqueue() fails (bsc#1051510). - ras/CEC: Convert the timer callback to a workqueue (bsc#1114279). - ras/CEC: Fix binary search function (bsc#1114279). - rds: IB: fix 'passing zero to ERR_PTR()' warning (git-fixes). - regulator: s2mps11: Fix buck7 and buck8 wrong voltages (bsc#1051510). - Replace the bluetooth fix with the upstream commit (bsc#1135556) - Revert 'alsa: hda/realtek - Improve the headset mic for Acer Aspire laptops' (bsc#1051510). - Revert 'bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error()' (bsc#1140652). - Revert 'Drop multiversion(kernel) from the KMP template (fate#323189)' (bsc#1109137). - Revert 'e1000e: fix cyclic resets at link up with active tx' (bsc#1051510). - Revert 'HID: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range' (bsc#1051510). - Revert 'KMPs: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137).' - Revert 'KMPs: provide and conflict a kernel version specific KMP name' - Revert 'livepatch: Remove reliable stacktrace check in klp_try_switch_task()' (bsc#1071995 fate#323487). - Revert 'Revert 'Drop multiversion(kernel) from the KMP template (fate#323189)'' - Revert 'Revert 'KMPs: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137).'' - Revert 'Revert 'KMPs: provide and conflict a kernel version specific KMP name'' - Revert 'Revert 'Revert 'Drop multiversion(kernel) from the KMP template (fate#323189)''' - Revert 's390/jump_label: Use 'jdd' constraint on gcc9 (bsc#1138589).' - Revert 'serial: 8250: Don't service RX FIFO if interrupts are disabled' (bsc#1051510). - Revert 'Sign non-x86 kernels when possible (boo#1134303)' - Revert 'svm: Fix AVIC incomplete IPI emulation' (bsc#1140133). - rpm/kernel-binary.spec.in: Add back kernel-binary-base subpackage (jsc#SLE-3853). - rpm/kernel-binary.spec.in: Build livepatch support in SUSE release projects (bsc#1124167). - rpm/kernel-binary.spec.in: Update drm-kmp obsolete for SLE12-SP3/Leap-42.3 - rpm/post.sh: correct typo in err msg (bsc#1137625) - rtc: 88pm860x: prevent use-after-free on device remove (bsc#1051510). - rtc: don't reference bogus function pointer in kdoc (bsc#1051510). - rtlwifi: fix a potential NULL pointer dereference (bsc#1051510). - rtnetlink: always put IFLA_LINK for links with a link-netnsid (networking-stable-19_05_21). - s390/dasd: fix using offset into zero size array error (bsc#1051510). - s390/jump_label: Use 'jdd' constraint on gcc9 (bsc#1138589). - s390/jump_label: Use 'jdd' constraint on gcc9 (bsc#1138589). - s390/qeth: be drop monitor friendly (bsc#1142220 LTC#179335). - s390/qeth: fix race when initializing the IP address table (bsc#1051510). - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event (bsc#1051510). - s390/setup: fix early warning messages (bsc#1051510). - s390/virtio: handle find on invalid queue gracefully (bsc#1051510). - s390/vtime: steal time exponential moving average (bsc#1119222). - s390/zcrypt: Fix wrong dispatching for control domain CPRBs (bsc#1137811 LTC#178088). - sbitmap: fix improper use of smp_mb__before_atomic() (bsc#1140658). - sched/topology: Improve load balancing on AMD EPYC (bsc#1137366). - scripts/tar-up.sh: do not make assumptions about the remote name (bsc#1141488) - scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390). - scsi: ibmvfc: fix WARN_ON during event pool release (bsc#1137458 LTC#178093). - scsi: libsas: fix a race condition when smp task timeout (CVE-2018-20836 bsc#1134395). - scsi: megaraid_sas: return error when create DMA pool failed (CVE-2019-11810 bsc#1134399). - scsi: mpt3sas_ctl: fix double-fetch bug in _ctl_ioctl_main() (bsc#1136922 CVE-2019-12456). - scsi: qla2xxx: Declare local functions 'static' (bsc#1137444). - scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() (bsc#1140727). - scsi: qla2xxx: fix error message on &lt;qla2400 (bsc#1118139). - scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555). - scsi: qla2xxx: Fix function argument descriptions (bsc#1118139). - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bsc#1140728). - scsi: qla2xxx: Fix memory corruption during hba reset test (bsc#1118139). - scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555). - scsi: qla2xxx: fix spelling mistake: 'existant' -> 'existent' (bsc#1118139). - scsi: qla2xxx: fully convert to the generic DMA API (bsc#1137444). - scsi: qla2xxx: fx00 copypaste typo (bsc#1118139). - scsi: qla2xxx: Improve several kernel-doc headers (bsc#1137444). - scsi: qla2xxx: Introduce a switch/case statement in qlt_xmit_tm_rsp() (bsc#1137444). - scsi: qla2xxx: Make qla2x00_sysfs_write_nvram() easier to analyze (bsc#1137444). - scsi: qla2xxx: Make sure that qlafx00_ioctl_iosb_entry() initializes 'res' (bsc#1137444). - scsi: qla2xxx: NULL check before some freeing functions is not needed (bsc#1137444). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1137444). - scsi: qla2xxx: remove the unused tcm_qla2xxx_cmd_wq (bsc#1118139). - scsi: qla2xxx: Remove two arguments from qlafx00_error_entry() (bsc#1137444). - scsi: qla2xxx: Remove unused symbols (bsc#1118139). - scsi: qla2xxx: Split the __qla2x00_abort_all_cmds() function (bsc#1137444). - scsi: qla2xxx: use lower_32_bits and upper_32_bits instead of reinventing them (bsc#1137444). - scsi: qla2xxx: Use %p for printing pointers (bsc#1118139). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296). - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove (bsc#1051510). - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bsc#1051510). - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bsc#1051510). - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) (bsc#1051510). - sctp: Free cookie before we memdup a new one (networking-stable-19_06_18). - sctp: silence warns on sctp_stream_init allocations (bsc#1083710). - serial: sh-sci: disable DMA for uart_console (bsc#1051510). - serial: uartps: Do not add a trailing semicolon to macro (bsc#1051510). - serial: uartps: Fix long line over 80 chars (bsc#1051510). - serial: uartps: Fix multiple line dereference (bsc#1051510). - serial: uartps: Remove useless return from cdns_uart_poll_put_char (bsc#1051510). - signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO (git-fixes). - Sign non-x86 kernels when possible (boo#1134303) - SMB3: Fix endian warning (bsc#1137884). - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher (bsc#1051510). - soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510). - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master (bsc#1051510). - spi: Fix zero length xfer bug (bsc#1051510). - spi: pxa2xx: Add support for Intel Comet Lake (jsc#SLE-5331). - spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510). - spi: spi-fsl-spi: call spi_finalize_current_message() at the end (bsc#1051510). - spi : spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510). - spi: tegra114: reset controller on probe (bsc#1051510). - staging: comedi: amplc_pci230: fix null pointer deref on interrupt (bsc#1051510). - staging: comedi: dt282x: fix a null pointer deref on interrupt (bsc#1051510). - staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest (bsc#1051510). - staging:iio:ad7150: fix threshold mode config bit (bsc#1051510). - staging: rtl8712: reduce stack usage, again (bsc#1051510). - Staging: vc04_services: Fix a couple error codes (bsc#1051510). - staging: vc04_services: prevent integer overflow in create_pagelist() (bsc#1051510). - staging: wlan-ng: fix adapter initialization failure (bsc#1051510). - sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg (networking-stable-19_06_18). - svm: Add warning message for AVIC IPI invalid target (bsc#1140133). - svm: Fix AVIC incomplete IPI emulation (bsc#1140133). - sysctl: handle overflow in proc_get_long (bsc#1051510). - tcp: add tcp_min_snd_mss sysctl (bsc#1137586). - tcp: be more careful in tcp_fragment() (CVE-2019-11478 bsc#1137586 bsc#1139751). - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586). - tcp: fix fack_count accounting on tcp_shift_skb_data() (CVE-2019-11477 bsc#1137586). - tcp: limit payload size of sacked skbs (bsc#1137586). - tcp: reduce tcp_fastretrans_alert() verbosity (git-fixes). - tcp: refine memory limit test in tcp_fragment() (CVE-2019-11478 bsc#1137586 bsc#1139751). - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586). - team: Always enable vlan tx offload (bsc#1051510). - test_firmware: Use correct snprintf() limit (bsc#1135642). - thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510). - thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - thermal/x86_pkg_temp_thermal: Support multi-die/package (jsc#SLE-5454). - thunderbolt: Fix to check for kmemdup failure (bsc#1051510). - tipc: fix hanging clients using poll with EPOLLOUT flag (git-fixes). - tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510). - tmpfs: fix uninitialized return value in shmem_link (bsc#1051510). - tools/cpupower: Add Hygon Dhyana support (fate#327735). - topology: Create core_cpus and die_cpus sysfs attributes (jsc#SLE-5454). - topology: Create package_cpus sysfs attribute (jsc#SLE-5454). - tracing/snapshot: Resize spare buffer if size changed (bsc#1140726). - treewide: Use DEVICE_ATTR_WO (bsc#1137739). - Trim build dependencies of sample subpackage spec file (FATE#326579, jsc#SLE-4117, jsc#SLE-3853, bsc#1128910). - tty: ipwireless: fix missing checks for ioremap (bsc#1051510). - tty: max310x: Fix external crystal register setup (bsc#1051510). - tty: rocket: fix incorrect forward declaration of 'rp_init()' (bsc#1051510). - tty: serial_core: Set port active bit in uart_port_activate (bsc#1051510). - tty: serial: cpm_uart - fix init when SMC is relocated (bsc#1051510). - tty: serial: msm_serial: Fix XON/XOFF (bsc#1051510). - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler (bsc#1051510). - tuntap: synchronize through tfiles array instead of tun->numqueues (networking-stable-19_05_14). - udp: use indirect call wrappers for GRO socket lookup (bsc#1124503). - Update config files for NFSv4.2 - Update patches.fixes/0001-mwifiex-Fix-heap-overflow-in-mwifiex_uap_parse_tail_.patch (bsc#1136935 CVE-2019-10126). Added CVE number - Update patches.fixes/nfsd-COPY-and-CLONE-operations-require-the-saved-fil.patch (git-fixes, bsc#1137103, CVE-2018-16871). - Update patches.suse/do-not-default-to-ibrs-on-skl.patch (bsc#1068032 CVE-2017-5753 bsc#1112824 jsc#SLE-7074). - Update patch referecens for two sercurity fixes (CVE-2019-12819, bsc#1138291, CVE-2019-12818, bsc#1138293). - Update References field to patches.suse/0275-bcache-never-writeback-a-discard-operation.patch (bsc#1130972, bsc#1102247). - Update 'SACK Panic' patches to reflect upstream state. - Update upstream patch tags - USB: Add LPM quirk for Surface Dock GigE adapter (bsc#1051510). - usb: chipidea: udc: workaround for endpoint conflict issue (bsc#1135642). - usb: core: Add PM runtime calls to usb_hcd_platform_shutdown (bsc#1051510). - USB: core: Don't unbind interfaces following device reset failure (bsc#1051510). - usb: dwc2: Fix DMA cache alignment issues (bsc#1051510). - usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression) (bsc#1135642). - USB: Fix chipmunk-like voice when using Logitech C270 for recording audio (bsc#1051510). - USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor (bsc#1051510). - usb: gadget: ether: Fix race between gether_disconnect and rx_submit (bsc#1051510). - usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i] (bsc#1051510). - usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC (bsc#1051510). - usbip: usbip_host: fix BUG: sleeping function called from invalid context (bsc#1051510). - usbip: usbip_host: fix stub_dev lock context imbalance regression (bsc#1051510). - usbnet: fix kernel crash after disconnect (bsc#1051510). - usbnet: ipheth: fix racing condition (bsc#1051510). - usb: pci-quirks: Correct AMD PLL quirk detection (bsc#1051510). - USB: rio500: fix memory leak in close after disconnect (bsc#1051510). - USB: rio500: refuse more than one device at a time (bsc#1051510). - USB: serial: fix initial-termios handling (bsc#1135642). - USB: serial: ftdi_sio: add ID for isodebug v1 (bsc#1051510). - USB: serial: option: add support for GosunCn ME3630 RNDIS mode (bsc#1051510). - USB: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode (bsc#1051510). - USB: serial: option: add Telit 0x1260 and 0x1261 compositions (bsc#1051510). - USB: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510). - USB: serial: pl2303: fix tranceiver suspend mode (bsc#1135642). - USB: sisusbvga: fix oops in error path of sisusb_probe (bsc#1051510). - USB: usb-storage: Add new ID to ums-realtek (bsc#1051510). - usb: xhci: avoid null pointer deref when bos field is NULL (bsc#1135642). - vfio: ccw: only free cp on final interrupt (bsc#1051510). - video: hgafb: fix potential NULL pointer dereference (bsc#1051510). - video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510). - virtio_console: initialize vtermno value for ports (bsc#1051510). - vlan: disable SIOCSHWTSTAMP in container (bsc#1051510). - VMCI: Fix integer overflow in VMCI handle arrays (bsc#1051510). - vrf: sit mtu should not be updated when vrf netdev is the link (networking-stable-19_05_14). - vsock/virtio: free packets during the socket release (networking-stable-19_05_21). - vsock/virtio: set SOCK_DONE on peer shutdown (networking-stable-19_06_18). - vxlan: trivial indenting fix (bsc#1051510). - vxlan: use __be32 type for the param vni in __vxlan_fdb_delete (bsc#1051510). - w1: fix the resume command API (bsc#1051510). - watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510). - wil6210: fix potential out-of-bounds read (bsc#1051510). - x86/alternative: Init ideal_nops for Hygon Dhyana (fate#327735). - x86/amd_nb: Add support for Raven Ridge CPUs (FATE#327735). - x86/amd_nb: Check vendor in AMD-only functions (fate#327735). - x86/apic: Add Hygon Dhyana support (fate#327735). - x86/bugs: Add Hygon Dhyana to the respective mitigation machinery (fate#327735). - x86/CPU/AMD: Don't force the CPB cap when running under a hypervisor (bsc#1114279). - x86/cpu: Create Hygon Dhyana architecture support file (fate#327735). - x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382). - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (jsc#SLE-5382). - x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions (jsc#SLE-5382). - x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana (fate#327735). - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors (fate#327735). - x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number (fate#327735). - x86/events: Add Hygon Dhyana support to PMU infrastructure (fate#327735). - x86/kvm: Add Hygon Dhyana support to KVM (fate#327735). - x86/mce: Add Hygon Dhyana support to the MCA infrastructure (fate#327735). - x86/mce: Don't disable MCA banks when offlining a CPU on AMD (fate#327735). - x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279). - x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback (bsc#1114279). - x86/microcode: Fix microcode hotplug state (bsc#1114279). - x86/microcode: Fix the ancient deprecated microcode loading method (bsc#1114279). - x86, mm: fix fast GUP with hyper-based TLB flushing (VM Functionality, bsc#1140903). - x86/mm/mem_encrypt: Disable all instrumentation for early SME setup (bsc#1114279). - x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and northbridge (fate#327735). - x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana (fate#327735). - x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454). - x86/speculation/mds: Revert CPU buffer clear on double fault exit (bsc#1114279). - x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS (bsc#1139358, CVE-2019-1125). - x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - x86/topology: Create topology_max_die_per_package() (jsc#SLE-5454). - x86/topology: Define topology_die_id() (jsc#SLE-5454). - x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - x86/xen: Add Hygon Dhyana support to Xen (fate#327735). - xen: let alloc_xenballooned_pages() fail if not enough memory free (bsc#1142450 XSA-300). - xen/pciback: Don't disable PCI_COMMAND on PCI device reset (bsc#1065600). - xfs: do not set the page uptodate in xfs_writepage_map (bsc#1138003). - xfs: don't clear imap_valid for a non-uptodate buffers (bsc#1138018). - xfs: don't look at buffer heads in xfs_add_to_ioend (bsc#1138013). - xfs: don't overflow xattr listent buffer (bsc#1143105). - xfs: don't use XFS_BMAPI_ENTRIRE in xfs_get_blocks (bsc#1137999). - xfs: don't use XFS_BMAPI_IGSTATE in xfs_map_blocks (bsc#1138005). - xfs: eof trim writeback mapping as soon as it is cached (bsc#1138019). - xfs: fix s_maxbytes overflow problems (bsc#1137996). - xfs: make xfs_writepage_map extent map centric (bsc#1138009). - xfs: minor cleanup for xfs_get_blocks (bsc#1138000). - xfs: move all writeback buffer_head manipulation into xfs_map_at_offset (bsc#1138014). - xfs: refactor the tail of xfs_writepage_map (bsc#1138016). - xfs: remove the imap_valid flag (bsc#1138012). - xfs: remove unused parameter from xfs_writepage_map (bsc#1137995). - xfs: remove XFS_IO_INVALID (bsc#1138017). - xfs: remove xfs_map_cow (bsc#1138007). - xfs: remove xfs_reflink_find_cow_mapping (bsc#1138010). - xfs: remove xfs_reflink_trim_irec_to_next_cow (bsc#1138006). - xfs: remove xfs_start_page_writeback (bsc#1138015). - xfs: rename the offset variable in xfs_writepage_map (bsc#1138008). - xfs: simplify xfs_map_blocks by using xfs_iext_lookup_extent directly (bsc#1138011). - xfs: skip CoW writes past EOF when writeback races with truncate (bsc#1137998). - xfs: xfs_reflink_convert_cow() memory allocation deadlock (bsc#1138002). - xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic() (bsc#1051510). - xhci: update bounce buffer with correct sg num (bsc#1051510). - xhci: Use %zu for printing size_t type (bsc#1051510). Important SUSE bug 1012382 SUSE bug 1051510 SUSE bug 1053043 SUSE bug 1055117 SUSE bug 1061840 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1068032 SUSE bug 1071995 SUSE bug 1083647 SUSE bug 1083710 SUSE bug 1088047 SUSE bug 1094555 SUSE bug 1098633 SUSE bug 1102247 SUSE bug 1106383 SUSE bug 1106751 SUSE bug 1109137 SUSE bug 1111666 SUSE bug 11123080 SUSE bug 1112824 SUSE bug 1113722 SUSE bug 1114279 SUSE bug 1115688 SUSE bug 1117158 SUSE bug 1118139 SUSE bug 1119222 SUSE bug 1120423 SUSE bug 1120566 SUSE bug 1124167 SUSE bug 1124503 SUSE bug 1127034 SUSE bug 1127155 SUSE bug 1127315 SUSE bug 1128432 SUSE bug 1128902 SUSE bug 1128910 SUSE bug 1129770 SUSE bug 1130972 SUSE bug 1132154 SUSE bug 1132390 SUSE bug 1133021 SUSE bug 1133401 SUSE bug 1133738 SUSE bug 1134097 SUSE bug 1134303 SUSE bug 1134390 SUSE bug 1134393 SUSE bug 1134395 SUSE bug 1134399 SUSE bug 1134671 SUSE bug 1135296 SUSE bug 1135335 SUSE bug 1135556 SUSE bug 1135642 SUSE bug 1135661 SUSE bug 1136157 SUSE bug 1136424 SUSE bug 1136598 SUSE bug 1136811 SUSE bug 1136896 SUSE bug 1136922 SUSE bug 1136935 SUSE bug 1136990 SUSE bug 1137103 SUSE bug 1137162 SUSE bug 1137194 SUSE bug 1137366 SUSE bug 1137372 SUSE bug 1137429 SUSE bug 1137444 SUSE bug 1137458 SUSE bug 1137534 SUSE bug 1137535 SUSE bug 1137584 SUSE bug 1137586 SUSE bug 1137609 SUSE bug 1137625 SUSE bug 1137728 SUSE bug 1137739 SUSE bug 1137752 SUSE bug 1137811 SUSE bug 1137827 SUSE bug 1137884 SUSE bug 1137995 SUSE bug 1137996 SUSE bug 1137998 SUSE bug 1137999 SUSE bug 1138000 SUSE bug 1138002 SUSE bug 1138003 SUSE bug 1138005 SUSE bug 1138006 SUSE bug 1138007 SUSE bug 1138008 SUSE bug 1138009 SUSE bug 1138010 SUSE bug 1138011 SUSE bug 1138012 SUSE bug 1138013 SUSE bug 1138014 SUSE bug 1138015 SUSE bug 1138016 SUSE bug 1138017 SUSE bug 1138018 SUSE bug 1138019 SUSE bug 1138291 SUSE bug 1138293 SUSE bug 1138374 SUSE bug 1138375 SUSE bug 1138589 SUSE bug 1138719 SUSE bug 1139358 SUSE bug 1139751 SUSE bug 1139771 SUSE bug 1139782 SUSE bug 1139865 SUSE bug 1140133 SUSE bug 1140139 SUSE bug 1140322 SUSE bug 1140328 SUSE bug 1140405 SUSE bug 1140424 SUSE bug 1140428 SUSE bug 1140575 SUSE bug 1140577 SUSE bug 1140637 SUSE bug 1140652 SUSE bug 1140658 SUSE bug 1140715 SUSE bug 1140719 SUSE bug 1140726 SUSE bug 1140727 SUSE bug 1140728 SUSE bug 1140814 SUSE bug 1140887 SUSE bug 1140888 SUSE bug 1140889 SUSE bug 1140891 SUSE bug 1140893 SUSE bug 1140903 SUSE bug 1140945 SUSE bug 1140954 SUSE bug 1140955 SUSE bug 1140956 SUSE bug 1140957 SUSE bug 1140958 SUSE bug 1140959 SUSE bug 1140960 SUSE bug 1140961 SUSE bug 1140962 SUSE bug 1140964 SUSE bug 1140971 SUSE bug 1140972 SUSE bug 1140992 SUSE bug 1141401 SUSE bug 1141402 SUSE bug 1141452 SUSE bug 1141453 SUSE bug 1141454 SUSE bug 1141478 SUSE bug 1141488 SUSE bug 1142023 SUSE bug 1142112 SUSE bug 1142220 SUSE bug 1142221 SUSE bug 1142265 SUSE bug 1142350 SUSE bug 1142351 SUSE bug 1142354 SUSE bug 1142359 SUSE bug 1142450 SUSE bug 1142701 SUSE bug 1142868 SUSE bug 1143003 SUSE bug 1143045 SUSE bug 1143105 SUSE bug 1143185 SUSE bug 1143189 SUSE bug 1143191 SUSE bug 1143507 CVE-2018-16871 CVE-2018-20836 CVE-2018-20855 CVE-2019-10126 CVE-2019-10638 CVE-2019-10639 CVE-2019-1125 CVE-2019-11477 CVE-2019-11478 CVE-2019-11599 CVE-2019-11810 CVE-2019-12380 CVE-2019-12456 CVE-2019-12614 CVE-2019-12818 CVE-2019-12819 CVE-2019-13631 CVE-2019-13648 CVE-2019-14283 CVE-2019-14284 CVE-2019-3846 cpe:/o:suse:suse-linux-enterprise-rt:12:sp4 SUSE Linux Enterprise Real Time 12 SP4 The SUSE Linux Enterprise 12 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-15291: There was a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver (bnc#1146540). - CVE-2019-14821: An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350). - CVE-2017-18595: A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (bnc#1149555). - CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permitted sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation. This allowed practical brute-force attacks (aka 'KNOB') that could decrypt traffic and injected arbitrary ciphertext without the victim noticing (bnc#1137865 bnc#1146042). - CVE-2019-14835: A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could have used this flaw to increase their privileges on the host (bnc#1150112). - CVE-2019-15216: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver (bnc#1146361). - CVE-2019-15924: fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c had a NULL pointer dereference because there was no -ENOMEM upon an alloc_workqueue failure (bnc#1149612). - CVE-2019-9456: In the Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could have led to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1150025). - CVE-2019-15031: In the Linux kernel on the powerpc platform, a local user could have read vector registers of other users' processes via an interrupt. To exploit the vulnerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE was misused in arch/powerpc/kernel/process.c (bnc#1149713). - CVE-2019-15030: In the Linux kernel on the powerpc platform, a local user could have read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check (bnc#1149713). - CVE-2019-15920: SMB2_read in fs/cifs/smb2pdu.c had a use-after-free. (bnc#1149626). - CVE-2019-15921: There was a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c (bnc#1149602). - CVE-2018-21008: A use-after-free could have been caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c (bnc#1149591). - CVE-2019-15919: SMB2_write in fs/cifs/smb2pdu.c had a use-after-free (bnc#1149552). - CVE-2019-15917: There was a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c (bnc#1149539). - CVE-2019-15926: An out-of-bounds access existed in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c (bnc#1149527). - CVE-2019-15927: An out-of-bounds access existed in the function build_audio_procunit in the file sound/usb/mixer.c (bnc#1149522). - CVE-2019-15902: Misuse of the upstream 'x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()' commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped (bnc#1149376). - CVE-2019-15666: There was an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandled directory validation (bnc#1148394). - CVE-2019-15219: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver (bnc#1146524). - CVE-2019-14814: There was a heap-based buffer overflow in the Marvell wifi chip driver, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146512). - CVE-2019-14815: There was a heap-based buffer overflow in the Marvell wifi chip driver, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code. (bsc#1146514) - CVE-2019-14816: There was a heap-based buffer overflow in the Marvell wifi chip driver, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146516). - CVE-2019-15220: There was a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver (bnc#1146526). - CVE-2019-15538: An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS (bnc#1148093). - - Update reference for ath6kl fix (CVE-2019-15290,bsc#1146543). - CVE-2019-15098: drivers/net/wireless/ath/ath6kl/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor (bnc#1146378). - CVE-2019-15239: An incorrect backport of a certain net/ipv4/tcp_output.c fix allowed a local attacker to trigger multiple use-after-free conditions. This could result in a kernel crash, or potentially in privilege escalation. (bsc#1146589) - CVE-2019-15212: There was a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver (bnc#1146391). - CVE-2019-15292: There was a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c (bnc#1146678). - CVE-2019-15217: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver (bnc#1146547). - CVE-2019-15211: There was a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c did not properly allocate memory (bnc#1146519). - CVE-2019-15214: There was a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is related to sound/core/init.c and sound/core/info.c (bnc#1146550). - CVE-2019-15221: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver (bnc#1146529). - CVE-2019-15222: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/helper.c (motu_microbookii) driver (bnc#1146531). - CVE-2019-15218: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver (bnc#1146413). - CVE-2019-15215: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver (bnc#1146425). - CVE-2019-15090: An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the qedi_dbg_* family of functions, there is an out-of-bounds read (bnc#1146399). - CVE-2018-20976: An issue was discovered in fs/xfs/xfs_super.c. A use after free exists, related to xfs_fs_fill_super failure (bnc#1146285). - CVE-2017-18551: An issue was discovered in drivers/i2c/i2c-core-smbus.c. There was an out of bounds write in the function i2c_smbus_xfer_emulated (bnc#1146163). - CVE-2019-15118: check_input_term in sound/usb/mixer.c mishandled recursion, leading to kernel stack exhaustion (bnc#1145922). - CVE-2019-15117: parse_audio_mixer_unit in sound/usb/mixer.c mishandled a short descriptor, leading to out-of-bounds memory access (bnc#1145920). - CVE-2019-11479: Fixed the default MSS that was hard-coded to 48 bytes. This allowed a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. (bnc#1137586). - CVE-2019-10207: Bluetooth/hci_uart was missing a check for tty operations (bsc#1142857). The following non-security bugs were fixed: - 6lowpan: Off by one handling ->nexthdr (bsc#1051510). - 9p: acl: fix uninitialized iattr access (bsc#1051510). - 9p: p9dirent_read: check network-provided name length (bsc#1051510). - 9p: pass the correct prototype to read_cache_page (bsc#1051510). - 9p/rdma: do not disconnect on down_interruptible EAGAIN (bsc#1051510). - 9p/rdma: remove useless check in cm_event_handler (bsc#1051510). - 9p/virtio: Add cleanup path in p9_virtio_init (bsc#1051510). - 9p/xen: Add cleanup path in p9_trans_xen_init (bsc#1051510). - 9p/xen: fix check for xenbus_read error in front_probe (bsc#1051510). - Abort file_remove_privs() for non-reg. files (bsc#1140888). - ACPI: Add Hygon Dhyana support (). - ACPI/arm64: ignore 5.1 FADTs that are reported as 5.0 (bsc#1051510). - ACPICA: Increase total number of possible Owner IDs (bsc#1148859). - ACPICA: Increase total number of possible Owner IDs (bsc#1148859). - ACPI: custom_method: fix memory leaks (bsc#1051510). - ACPI: fix false-positive -Wuninitialized warning (bsc#1051510). - ACPI: fix menuconfig presentation of ACPI submenu (bsc#1117158). - ACPI/IORT: Fix off-by-one check in iort_dev_find_its_id() (bsc#1051510). - ACPI/nfit: Always dump _DSM output payload (bsc#1142351). - ACPI/PCI: fix acpi_pci_irq_enable() memory leak (bsc#1051510). - ACPI: PM: Allow transitions to D0 to occur in special cases (bsc#1051510). - ACPI: PM: Avoid evaluating _PS3 on transitions from D3hot to D3cold (bsc#1051510). - ACPI: PM: Fix regression in acpi_device_set_power() (bsc#1051510). - ACPI / property: Fix acpi_graph_get_remote_endpoint() name in kerneldoc (bsc#1051510). - ACPI / property: fix handling of data_nodes in acpi_get_next_subnode() (bsc#1051510). - Add back sibling paca poiter to paca (bsc#1055117). - Added De0-Nanos-SoC board support (and others based on Altera SOC). - Add missing structs and defines from recent SMB3.1.1 documentation (bsc#1144333). - Add new flag on SMB3.1.1 read (bsc#1144333). - Address lock imbalance warnings in smbdirect.c (bsc#1144333). - Add sample kernel-default-base spec file (jsc#SLE-4117, jsc#SLE-3853, bsc#1128910). - Add some missing debug fields in server and tcon structs (bsc#1144333). - add some missing definitions (bsc#1144333). - Add support for crct10dif-vpmsum (). - Add vers=3.0.2 as a valid option for SMBv3.0.2 (bsc#1144333). - af_key: fix leaks in key_pol_get_resp and dump_sp (bsc#1051510). - af_key: unconditionally clone on broadcast (bsc#1051510). - af_packet: Block execution of tasks waiting for transmit to complete in AF_PACKET (networking-stable-19_07_02). - af_unix: remove redundant lockdep class (git-fixes). - ALSA: aoa: onyx: always initialize register read value (bsc#1051510). - ALSA: compress: Be more restrictive about when a drain is allowed (bsc#1051510). - ALSA: compress: Do not allow paritial drain operations on capture streams (bsc#1051510). - ALSA: compress: Fix regression on compressed capture streams (bsc#1051510). - ALSA: compress: Prevent bypasses of set_params (bsc#1051510). - ALSA: firewire: fix a memory leak bug (bsc#1051510). - ALSA: firewire-lib/fireworks: fix miss detection of received MIDI messages (bsc#1051510). - ALSA: firewire-motu: fix destruction of data for isochronous resources (bsc#1051510). - ALSA: firewire-tascam: check intermediate state of clock status and retry (bsc#1051510). - ALSA: firewire-tascam: handle error code when getting current source of clock (bsc#1051510). - ALSA: hda - Add a conexant codec entry to let mute led work (bsc#1051510). - ALSA: hda - Add a generic reboot_notify (bsc#1051510). - ALSA: hda - Apply workaround for another AMD chip 1022:1487 (bsc#1051510). - ALSA: hda - Do not override global PCM hw info flag (bsc#1051510). - ALSA: hda - Fix a memory leak bug (bsc#1051510). - ALSA: hda - Fix potential endless loop at applying quirks (bsc#1051510). - ALSA: hda - Force polling mode on CNL for fixing codec communication (bsc#1051510). - ALSA: hda: kabi workaround for generic parser flag (bsc#1051510). - ALSA: hda - Let all conexant codec enter D3 when rebooting (bsc#1051510). - ALSA: hda/realtek: Add quirks for several Clevo notebook barebones (bsc#1051510). - ALSA: hda/realtek: apply ALC891 headset fixup to one Dell machine (bsc#1051510). - ALSA: hda/realtek - Change front mic location for Lenovo M710q (bsc#1051510). - ALSA: hda/realtek - Fixed Headphone Mic can't record on Dell platform (bsc#1051510). - ALSA: hda/realtek - Fix overridden device-specific initialization (bsc#1051510). - ALSA: hda/realtek - Fix the problem of two front mics on a ThinkCentre (bsc#1051510). - ALSA: hda/realtek - Headphone Mic can't record after S3 (bsc#1051510). - ALSA: hda/realtek - Set default power save node to 0 (bsc#1051510). - ALSA: hda/realtek - Update headset mode for ALC256 (bsc#1051510). - ALSA: hda - Workaround for crackled sound on AMD controller (1022:1457) (bsc#1051510). - ALSA: hiface: fix multiple memory leak bugs (bsc#1051510). - ALSA: line6: Fix a typo (bsc#1051510). - ALSA: line6: Fix memory leak at line6_init_pcm() error path (bsc#1051510). - ALSA: line6: Fix write on zero-sized buffer (bsc#1051510). - ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1 (bsc#1051510). - ALSA: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510). - ALSA: pcm: fix lost wakeup event scenarios in snd_pcm_drain (bsc#1051510). - ALSA: seq: Break too long mutex context in the write loop (bsc#1051510). - ALSA: seq: fix incorrect order of dest_client/dest_ports arguments (bsc#1051510). - ALSA: seq: Fix potential concurrent access to the deleted pool (bsc#1051510). - ALSA: usb-audio: Add quirk for Focusrite Scarlett Solo (bsc#1051510). - ALSA: usb-audio: Add quirk for MOTU MicroBook II (bsc#1051510). - ALSA: usb-audio: Cleanup DSD whitelist (bsc#1051510). - ALSA: usb-audio: Enable .product_name override for Emagic, Unitor 8 (bsc#1051510). - ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check (bsc#1051510). - ALSA: usb-audio: fix sign unintended sign extension on left shifts (bsc#1051510). - ALSA: usb-audio: Sanity checks for each pipe and EP types (bsc#1051510). - apparmor: enforce nullbyte at end of tag string (bsc#1051510). - arch: arm64: acpi: KABI ginore includes (bsc#1117158 bsc#1134671). - arm64: acpi: fix alignment fault in accessing ACPI (bsc#1117158). - arm64: fix ACPI dependencies (bsc#1117158). - arm64: KVM: Fix architecturally invalid reset value for FPEXC32_EL2 (bsc#1133021). - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (bsc#1117158). - ARM: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling (bsc#1133021). - ARM: KVM: report support for SMCCC_ARCH_WORKAROUND_1 (bsc#1133021). - ASoC : cs4265 : readable register too low (bsc#1051510). - ASoC: cs42xx8: Add regcache mask dirty (bsc#1051510). - ASoC: cx2072x: fix integer overflow on unsigned int multiply (bsc#1111666). - ASoC: dapm: Fix handling of custom_stop_condition on DAPM graph walks (bsc#1051510). - ASoC: es8328: Fix copy-paste error in es8328_right_line_controls (bsc#1051510). - ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put (bsc#1051510). - ASoC: Fail card instantiation if DAI format setup fails (bsc#1051510). - ASoC: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510). - ASoC: fsl_sai: Update is_slave_mode with correct value (bsc#1051510). - ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put (bsc#1051510). - ASoC: hdmi-codec: unlock the device on startup errors (bsc#1051510). - ASoC: Intel: Baytrail: Fix implicit fallthrough warning (bsc#1051510). - ASoC: max98090: remove 24-bit format support if RJ is 0 (bsc#1051510). - ASoC: soc-pcm: BE dai needs prepare when pause release after resume (bsc#1051510). - ASoC: sun4i-i2s: RX and TX counter registers are swapped (bsc#1051510). - ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls (bsc#1051510). - ASoC: wm8988: fix typo in wm8988_right_line_controls (bsc#1051510). - ata: libahci: do not complain in case of deferred probe (bsc#1051510). - ath6kl: add some bounds checking (bsc#1051510). - ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init (bsc#1051510). - atm: iphase: Fix Spectre v1 vulnerability (networking-stable-19_08_08). - audit: fix a memory leak bug (bsc#1051510). - ax25: fix inconsistent lock state in ax25_destroy_timer (bsc#1051510). - batman-adv: allow updating DAT entry timeouts on incoming ARP Replies (bsc#1051510). - batman-adv: fix for leaked TVLV handler (bsc#1051510). - batman-adv: fix uninit-value in batadv_netlink_get_ifindex() (bsc#1051510). - batman-adv: Only read OGM2 tvlv_len after buffer len check (bsc#1051510). - batman-adv: Only read OGM tvlv_len after buffer len check (bsc#1051510). - bcache: acquire bch_register_lock later in cached_dev_detach_finish() (bsc#1140652). - bcache: acquire bch_register_lock later in cached_dev_free() (bsc#1140652). - bcache: add code comments for journal_read_bucket() (bsc#1140652). - bcache: Add comments for blkdev_put() in registration code path (bsc#1140652). - bcache: add comments for closure_fn to be called in closure_queue() (bsc#1140652). - bcache: add comments for kobj release callback routine (bsc#1140652). - bcache: add comments for mutex_lock(&b->write_lock) (bsc#1140652). - bcache: add error check for calling register_bdev() (bsc#1140652). - bcache: add failure check to run_cache_set() for journal replay (bsc#1140652). - bcache: add io error counting in write_bdev_super_endio() (bsc#1140652). - bcache: add more error message in bch_cached_dev_attach() (bsc#1140652). - bcache: add pendings_cleanup to stop pending bcache device (bsc#1140652). - bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652). - bcache: add return value check to bch_cached_dev_run() (bsc#1140652). - bcache: avoid a deadlock in bcache_reboot() (bsc#1140652). - bcache: avoid clang -Wunintialized warning (bsc#1140652). - bcache: avoid flushing btree node in cache_set_flush() if io disabled (bsc#1140652). - bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE bit in bch_journal() (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE in allocator code (bsc#1140652). - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush() (bsc#1140652). - bcache: Clean up bch_get_congested() (bsc#1140652). - bcache: destroy dc->writeback_write_wq if failed to create dc->writeback_thread (bsc#1140652). - bcache: do not assign in if condition in bcache_device_init() (bsc#1140652). - bcache: do not set max writeback rate if gc is running (bsc#1140652). - bcache: fix a race between cache register and cacheset unregister (bsc#1140652). - bcache: fix crashes stopping bcache device before read miss done (bsc#1140652). - bcache: fix failure in journal relplay (bsc#1140652). - bcache: fix inaccurate result of unused buckets (bsc#1140652). - bcache: fix mistaken sysfs entry for io_error counter (bsc#1140652). - bcache: fix possible memory leak in bch_cached_dev_run() (git fixes). - bcache: fix potential deadlock in cached_def_free() (bsc#1140652). - bcache: fix race in btree_flush_write() (bsc#1140652). - bcache: fix return value error in bch_journal_read() (bsc#1140652). - bcache: fix stack corruption by PRECEDING_KEY() (bsc#1140652). - bcache: fix wrong usage use-after-freed on keylist in out_nocoalesce branch of btree_gc_coalesce (bsc#1140652). - bcache: ignore read-ahead request failure on backing device (bsc#1140652). - bcache: improve bcache_reboot() (bsc#1140652). - bcache: improve error message in bch_cached_dev_run() (bsc#1140652). - bcache: make bset_search_tree() be more understandable (bsc#1140652). - bcache: make is_discard_enabled() static (bsc#1140652). - bcache: more detailed error message to bcache_device_link() (bsc#1140652). - bcache: move definition of 'int ret' out of macro read_bucket() (bsc#1140652). - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() (bsc#1140652). - bcache: only clear BTREE_NODE_dirty bit when it is set (bsc#1140652). - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1140652). - bcache: performance improvement for btree_flush_write() (bsc#1140652). - bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652). - bcache: remove retry_flush_write from struct cache_set (bsc#1140652). - bcache: remove unncessary code in bch_btree_keys_init() (bsc#1140652). - bcache: remove unnecessary prefetch() in bset_search_tree() (bsc#1140652). - bcache: remove 'XXX:' comment line from run_cache_set() (bsc#1140652). - bcache: return error immediately in bch_journal_replay() (bsc#1140652). - bcache: Revert 'bcache: fix high CPU occupancy during journal' (bsc#1140652). - bcache: Revert 'bcache: free heap cache_set->flush_btree in bch_journal_free' (bsc#1140652). - bcache: set largest seq to ja->seq[bucket_index] in journal_read_bucket() (bsc#1140652). - bcache: shrink btree node cache after bch_btree_check() (bsc#1140652). - bcache: stop writeback kthread and kworker when bch_cached_dev_run() failed (bsc#1140652). - bcache: use sysfs_match_string() instead of __sysfs_match_string() (bsc#1140652). - bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA (bsc#1051510). - be2net: Fix number of Rx queues used for flow hashing (networking-stable-19_06_18). - be2net: Signal that the device cannot transmit during reconfiguration (bsc#1127315). - be2net: Synchronize be_update_queues with dev_watchdog (bsc#1127315). - bio: fix improper use of smp_mb__before_atomic() (git fixes). - blk-flush: do not run queue for requests bypassing flush (bsc#1137959). - blk-flush: use blk_mq_request_bypass_insert() (bsc#1137959). - blk-mq: backport fixes for blk_mq_complete_e_request_sync() (bsc#1145661). - blk-mq: do not allocate driver tag upfront for flush rq (bsc#1137959). - blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432). - blk-mq: Fix memory leak in blk_mq_init_allocated_queue error handling (bsc#1151610). - blk-mq: Fix spelling in a source code comment (git fixes). - blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637). - blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue (bsc#1137959). - blk-mq: introduce blk_mq_complete_request_sync() (bsc#1145661). - blk-mq: kABI fixes for blk-mq.h (bsc#1137959). - blk-mq: move blk_mq_put_driver_tag*() into blk-mq.h (bsc#1137959). - blk-mq: punt failed direct issue to dispatch list (bsc#1137959). - blk-mq: put the driver tag of nxt rq before first one is requeued (bsc#1137959). - blk-mq-sched: decide how to handle flush rq via RQF_FLUSH_SEQ (bsc#1137959). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - block, bfq: NULL out the bic when it's no longer valid (bsc#1142359). - block, documentation: Fix wbt_lat_usec documentation (git fixes). - block: Fix a NULL pointer dereference in generic_make_request() (bsc#1139771). - block: fix timeout changes for legacy request drivers (bsc#1149446). - block: kABI fixes for BLK_EH_DONE renaming (bsc#1142076). - block: rename BLK_EH_NOT_HANDLED to BLK_EH_DONE (bsc#1142076). - Bluetooth: 6lowpan: search for destination address in all peers (bsc#1051510). - Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug (bsc#1051510). - Bluetooth: btqca: Add a short delay before downloading the NVM (bsc#1051510). - Bluetooth: Check state in l2cap_disconnect_rsp (bsc#1051510). - Bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328). - Bluetooth: hci_bcsp: Fix memory leak in rx_skb (bsc#1051510). - Bluetooth: validate BLE connection interval updates (bsc#1051510). - bnx2x: Disable multi-cos feature (networking-stable-19_08_08). - bnx2x: Prevent load reordering in tx completion processing (bsc#1142868). - bnx2x: Prevent ptp_task to be rescheduled indefinitely (networking-stable-19_07_25). - bnxt_en: Fix aggregation buffer leak under OOM condition (networking-stable-19_05_31). - bonding/802.3ad: fix link_failure_count tracking (bsc#1137069 bsc#1141013). - bonding/802.3ad: fix slave link initialization transition states (bsc#1137069 bsc#1141013). - bonding: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - bonding: Always enable vlan tx offload (networking-stable-19_07_02). - bonding: fix arp_validate toggling in active-backup mode (networking-stable-19_05_14). - bonding: Force slave speed check after link state recovery for 802.3ad (bsc#1137584). - bonding: set default miimon value for non-arp modes if not set (bsc#1137069 bsc#1141013). - bonding: speed/duplex update at NETDEV_UP event (bsc#1137069 bsc#1141013). - bonding: validate ip header before check IPPROTO_IGMP (networking-stable-19_07_25). - bpf, x64: fix stack layout of JITed bpf code (bsc#1083647). - bpf, x64: save 5 bytes in prologue when ebpf insns came from cbpf (bsc#1083647). - brcmfmac: convert dev_init_lock mutex to completion (bsc#1051510). - brcmfmac: fix missing checks for kmemdup (bsc#1051510). - brcmfmac: fix Oops when bringing up interface during USB disconnect (bsc#1051510). - brcmfmac: fix race during disconnect when USB completion is in progress (bsc#1051510). - brcmfmac: fix WARNING during USB disconnect in case of unempty psq (bsc#1051510). - bridge: Fix error path for kobject_init_and_add() (networking-stable-19_05_14). - btrfs: add a helper to retrive extent inline ref type (bsc#1149325). - btrfs: add cleanup_ref_head_accounting helper (bsc#1050911). - btrfs: add missing inode version, ctime and mtime updates when punching hole (bsc#1140487). - btrfs: add one more sanity check for shared ref type (bsc#1149325). - btrfs: clean up pending block groups when transaction commit aborts (bsc#1050911). - btrfs: convert to use btrfs_get_extent_inline_ref_type (bsc#1149325). - btrfs: do not abort transaction at btrfs_update_root() after failure to COW path (bsc#1150933). - btrfs: fix assertion failure during fsync and use of stale transaction (bsc#1150562). - btrfs: fix data loss after inode eviction, renaming it, and fsync it (bsc#1145941). - btrfs: Fix delalloc inodes invalidation during transaction abort (bsc#1050911). - btrfs: fix fsync not persisting dentry deletions due to inode evictions (bsc#1145942). - btrfs: fix incremental send failure after deduplication (bsc#1145940). - btrfs: fix pinned underflow after transaction aborted (bsc#1050911). - btrfs: fix race between block group removal and block group allocation (bsc#1143003). - btrfs: fix race between send and deduplication that lead to failures and crashes (bsc#1145059). - btrfs: fix race leading to fs corruption after transaction abort (bsc#1145937). - btrfs: fix use-after-free when using the tree modification log (bsc#1151891). - btrfs: handle delayed ref head accounting cleanup in abort (bsc#1050911). - btrfs-kill-btrfs_clear_path_blocking.patch: (bsc#1140139). - btrfs: prevent send failures and crashes due to concurrent relocation (bsc#1145059). - btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls (bsc#1152975). - btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space (bsc#1152974). - btrfs: relocation: fix use-after-free on dead relocation roots (bsc#1152972). - btrfs: remove BUG() in add_data_reference (bsc#1149325). - btrfs: remove BUG() in btrfs_extent_inline_ref_size (bsc#1149325). - btrfs: remove BUG() in print_extent_item (bsc#1149325). - btrfs: remove BUG_ON in __add_tree_block (bsc#1149325). - btrfs: scrub: add memalloc_nofs protection around init_ipath (bsc#1086103). - btrfs: Split btrfs_del_delalloc_inode into 2 functions (bsc#1050911). - btrfs: start readahead also in seed devices (bsc#1144886). - btrfs: track running balance in a simpler way (bsc#1145059). - btrfs: use GFP_KERNEL in init_ipath (bsc#1086103). - Build klp-symbols in kernel devel projects. - caif-hsi: fix possible deadlock in cfhsi_exit_module() (networking-stable-19_07_25). - can: af_can: Fix error path of can_init() (bsc#1051510). - can: flexcan: fix timeout when set small bitrate (bsc#1051510). - can: m_can: implement errata 'Needless activation of MRAF irq' (bsc#1051510). - can: mcp251x: add support for mcp25625 (bsc#1051510). - can: peak_usb: fix potential double kfree_skb() (bsc#1051510). - can: peak_usb: force the string buffer NULL-terminated (bsc#1051510). - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (bsc#1051510). - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices (bsc#1051510). - can: purge socket error queue on sock destruct (bsc#1051510). - can: rcar_canfd: fix possible IRQ storm on high load (bsc#1051510). - can: sja1000: force the string buffer NULL-terminated (bsc#1051510). - carl9170: fix misuse of device driver API (bsc#1142635). - ceph: always get rstat from auth mds (bsc#1146346). - ceph: clean up ceph.dir.pin vxattr name sizeof() (bsc#1146346). - ceph: decode feature bits in session message (bsc#1146346). - ceph: do not blindly unregister session that is in opening state (bsc#1148133). - ceph: do not try fill file_lock on unsuccessful GETFILELOCK reply (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in fill_inode() (bsc#1148133). - ceph: fix 'ceph.dir.rctime' vxattr value (bsc#1148133 bsc#1135219). - ceph: fix improper use of smp_mb__before_atomic() (bsc#1148133). - ceph: flush dirty inodes before proceeding with remount (bsc#1140405). - ceph: hold i_ceph_lock when removing caps for freeing inode (bsc#1148133). - ceph: remove request from waiting list before unregister (bsc#1148133). - ceph: silence a checker warning in mdsc_show() (bsc#1148133). - ceph: support cephfs' own feature bits (bsc#1146346). - ceph: support getting ceph.dir.pin vxattr (bsc#1146346). - ceph: support versioned reply (bsc#1146346). - ceph: use bit flags to define vxattr attributes (bsc#1146346). - ceph: use ceph_evict_inode to cleanup inode's resource (bsc#1148133). - cfg80211: fix memory leak of wiphy device name (bsc#1051510). - cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() (bsc#1141478). - chardev: add additional check for minor range overlap (bsc#1051510). - cifs: Accept validate negotiate if server return NT_STATUS_NOT_SUPPORTED (bsc#1144333). - cifs: add a new SMB2_close_flags function (bsc#1144333). - cifs: add a smb2_compound_op and change QUERY_INFO to use it (bsc#1144333). - cifs: add a timeout argument to wait_for_free_credits (bsc#1144333). - cifs: add a warning if we try to to dequeue a deleted mid (bsc#1144333). - cifs: add compound_send_recv() (bsc#1144333). - cifs: add credits from unmatched responses/messages (bsc#1144333). - cifs: add debug output to show nocase mount option (bsc#1144333). - cifs: Add DFS cache routines (bsc#1144333). - cifs: Add direct I/O functions to file_operations (bsc#1144333). - cifs: add fiemap support (bsc#1144333). - cifs: add iface info to struct cifs_ses (bsc#1144333). - cifs: add IOCTL for QUERY_INFO passthrough to userspace (bsc#1144333). - cifs: add lease tracking to the cached root fid (bsc#1144333). - cifs: Add minor debug message during negprot (bsc#1144333). - cifs: add missing debug entries for kconfig options (bsc#1051510, bsc#1144333). - cifs: add missing GCM module dependency (bsc#1144333). - cifs: add missing support for ACLs in SMB 3.11 (bsc#1051510, bsc#1144333). - cifs: add ONCE flag for cifs_dbg type (bsc#1144333). - cifs: add pdu_size to the TCP_Server_Info structure (bsc#1144333). - cifs: add resp_buf_size to the mid_q_entry structure (bsc#1144333). - cifs: address trivial coverity warning (bsc#1144333). - cifs: add server argument to the dump_detail method (bsc#1144333). - cifs: add server->vals->header_preamble_size (bsc#1144333). - cifs: add SFM mapping for 0x01-0x1F (bsc#1144333). - cifs: add sha512 secmech (bsc#1051510, bsc#1144333). - cifs: Adds information-level logging function (bsc#1144333). - cifs: add SMB2_close_init()/SMB2_close_free() (bsc#1144333). - cifs: add SMB2_ioctl_init/free helpers to be used with compounding (bsc#1144333). - cifs: add SMB2_query_info_[init|free]() (bsc#1144333). - cifs: Add smb2_send_recv (bsc#1144333). - cifs: add spinlock for the openFileList to cifsInodeInfo (bsc#1144333). - cifs: add .splice_write (bsc#1144333). - cifs: Add support for direct I/O read (bsc#1144333). - cifs: Add support for direct I/O write (bsc#1144333). - cifs: Add support for direct pages in rdata (bsc#1144333). - cifs: Add support for direct pages in wdata (bsc#1144333). - cifs: Add support for failover in cifs_mount() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect_tcon() (bsc#1144333). - cifs: Add support for failover in smb2_reconnect() (bsc#1144333). - cifs: Add support for FSCTL passthrough that write data to the server (bsc#1144333). - cifs: add support for ioctl on directories (bsc#1144333). - cifs: Add support for reading attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: add support for SEEK_DATA and SEEK_HOLE (bsc#1144333). - cifs: Add support for writing attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: Adjust MTU credits before reopening a file (bsc#1144333). - cifs: Allocate memory for all iovs in smb2_ioctl (bsc#1144333). - cifs: Allocate validate negotiation request through kmalloc (bsc#1144333). - cifs: allow calling SMB2_xxx_free(NULL) (bsc#1144333). - cifs: allow disabling less secure legacy dialects (bsc#1144333). - cifs: allow guest mounts to work for smb3.11 (bsc#1051510, bsc#1144333). - cifs: always add credits back for unsolicited PDUs (bsc#1144333). - cifs: Always reset read error to -EIO if no response (bsc#1144333). - cifs: Always resolve hostname before reconnecting (bsc#1051510, bsc#1144333). - cifs: a smb2_validate_and_copy_iov failure does not mean the handle is invalid (bsc#1144333). - cifs: auto disable 'serverino' in dfs mounts (bsc#1144333). - cifs: avoid a kmalloc in smb2_send_recv/SendReceive2 for the common case (bsc#1144333). - cifs: Avoid returning EBUSY to upper layer VFS (bsc#1144333). - cifs: cache FILE_ALL_INFO for the shared root handle (bsc#1144333). - cifs: Calculate the correct request length based on page offset and tail size (bsc#1144333). - cifs: Call MID callback before destroying transport (bsc#1144333). - cifs: change mkdir to use a compound (bsc#1144333). - cifs: change smb2_get_data_area_len to take a smb2_sync_hdr as argument (bsc#1144333). - cifs: Change SMB2_open to return an iov for the error parameter (bsc#1144333). - cifs: change SMB2_OP_RENAME and SMB2_OP_HARDLINK to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_EOF to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_INFO to use compounding (bsc#1144333). - cifs: change smb2_query_eas to use the compound query-info helper (bsc#1144333). - cifs: change unlink to use a compound (bsc#1144333). - cifs: change validate_buf to validate_iov (bsc#1144333). - cifs: change wait_for_free_request() to take flags as argument (bsc#1144333). - cifs: check CIFS_MOUNT_NO_DFS when trying to reuse existing sb (bsc#1144333). - cifs: Check for reconnects before sending async requests (bsc#1144333). - cifs: Check for reconnects before sending compound requests (bsc#1144333). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902, bsc#1144333). - cifs: Check for timeout on Negotiate stage (bsc#1091171, bsc#1144333). - cifs: check if SMB2 PDU size has been padded and suppress the warning (bsc#1144333). - cifs: check kmalloc before use (bsc#1051510, bsc#1144333). - cifs: check kzalloc return (bsc#1144333). - cifs: check MaxPathNameComponentLength != 0 before using it (bsc#1085536, bsc#1144333). - cifs: check ntwrk_buf_start for NULL before dereferencing it (bsc#1144333). - cifs: check rsp for NULL before dereferencing in SMB2_open (bsc#1085536, bsc#1144333). - cifs: cifs_read_allocate_pages: do not iterate through whole page array on ENOMEM (bsc#1144333). - cifs: clean up indentation, replace spaces with tab (bsc#1144333). - cifs: cleanup smb2ops.c and normalize strings (bsc#1144333). - cifs: complete PDU definitions for interface queries (bsc#1144333). - cifs: connect to servername instead of IP for IPC$ share (bsc#1051510, bsc#1144333). - cifs: Count SMB3 credits for malformed pending responses (bsc#1144333). - cifs: create a define for how many iovs we need for an SMB2_open() (bsc#1144333). - cifs: create a define for the max number of iov we need for a SMB2 set_info (bsc#1144333). - cifs: create a helper function for compound query_info (bsc#1144333). - cifs: create helpers for SMB2_set_info_init/free() (bsc#1144333). - cifs: create SMB2_open_init()/SMB2_open_free() helpers (bsc#1144333). - cifs: Display SMB2 error codes in the hex format (bsc#1144333). - cifs: document tcon/ses/server refcount dance (bsc#1144333). - cifs: do not allow creating sockets except with SMB1 posix exensions (bsc#1102097, bsc#1144333). - cifs: Do not assume one credit for async responses (bsc#1144333). - cifs: do not attempt cifs operation on smb2+ rename error (bsc#1144333). - cifs: Do not consider -ENODATA as stat failure for reads (bsc#1144333). - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510, bsc#1144333). - cifs: do not dereference smb_file_target before null check (bsc#1051510, bsc#1144333). - cifs: Do not hide EINTR after sending network packets (bsc#1051510, bsc#1144333). - cifs: Do not log credits when unmounting a share (bsc#1144333). - cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510, bsc#1144333). - cifs: Do not match port on SMBDirect transport (bsc#1144333). - cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510, bsc#1144333). - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510, bsc#1144333). - cifs: Do not reset lease state to NONE on lease break (bsc#1051510, bsc#1144333). - cifs: do not return atime less than mtime (bsc#1144333). - cifs: do not send invalid input buffer on QUERY_INFO requests (bsc#1144333). - cifs: Do not set credits to 1 if the server didn't grant anything (bsc#1144333). - cifs: do not show domain= in mount output when domain is empty (bsc#1144333). - cifs: Do not skip SMB2 message IDs on send failures (bsc#1144333). - cifs: do not use __constant_cpu_to_le32() (bsc#1144333). - cifs: dump every session iface info (bsc#1144333). - cifs: dump IPC tcon in debug proc file (bsc#1071306, bsc#1144333). - cifs: fallback to older infolevels on findfirst queryinfo retry (bsc#1144333). - cifs: Find and reopen a file before get MTU credits in writepages (bsc#1144333). - cifs: fix a buffer leak in smb2_query_symlink (bsc#1144333). - cifs: fix a credits leak for compund commands (bsc#1144333). - cifs: Fix a debug message (bsc#1144333). - cifs: Fix adjustment of credits for MTU requests (bsc#1051510, bsc#1144333). - cifs: Fix an issue with re-sending rdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix an issue with re-sending wdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix a race condition with cifs_echo_request (bsc#1144333). - cifs: Fix a tiny potential memory leak (bsc#1144333). - cifs: Fix autonegotiate security settings mismatch (bsc#1087092, bsc#1144333). - cifs: fix bi-directional fsctl passthrough calls (bsc#1144333). - cifs: fix build break when CONFIG_CIFS_DEBUG2 enabled (bsc#1144333). - cifs: fix build errors for SMB_DIRECT (bsc#1144333). - cifs: Fix check for matching with existing mount (bsc#1144333). - cifs: fix circular locking dependency (bsc#1064701, bsc#1144333). - cifs: fix computation for MAX_SMB2_HDR_SIZE (bsc#1144333). - cifs: fix confusing warning message on reconnect (bsc#1144333). - cifs: fix crash in cifs_dfs_do_automount (bsc#1144333). - cifs: fix crash in smb2_compound_op()/smb2_set_next_command() (bsc#1144333). - cifs: fix crash querying symlinks stored as reparse-points (bsc#1144333). - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510, bsc#1144333). - cifs: Fix credit calculations in compound mid callback (bsc#1144333). - cifs: Fix credit computation for compounded requests (bsc#1144333). - cifs: Fix credits calculation for cancelled requests (bsc#1144333). - cifs: Fix credits calculations for reads with errors (bsc#1051510, bsc#1144333). - cifs: fix credits leak for SMB1 oplock breaks (bsc#1144333). - cifs: fix deadlock in cached root handling (bsc#1144333). - cifs: Fix DFS cache refresher for DFS links (bsc#1144333). - cifs: fix encryption in SMB3.1.1 (bsc#1144333). - cifs: Fix encryption/signing (bsc#1144333). - cifs: Fix error mapping for SMB2_LOCK command which caused OFD lock problem (bsc#1051510, bsc#1144333). - cifs: Fix error paths in writeback code (bsc#1144333). - cifs: fix GlobalMid_Lock bug in cifs_reconnect (bsc#1144333). - cifs: fix handle leak in smb2_query_symlink() (bsc#1144333). - cifs: fix incorrect handling of smb2_set_sparse() return in smb3_simple_falloc (bsc#1144333). - cifs: Fix infinite loop when using hard mount option (bsc#1091171, bsc#1144333). - cifs: Fix invalid check in __cifs_calc_signature() (bsc#1144333). - cifs: Fix kernel oops when traceSMB is enabled (bsc#1144333). - cifs: fix kref underflow in close_shroot() (bsc#1144333). - cifs: Fix leaking locked VFS cache pages in writeback retry (bsc#1144333). - cifs: Fix lease buffer length error (bsc#1144333). - cifs: fix memory leak and remove dead code (bsc#1144333). - cifs: fix memory leak in SMB2_open() (bsc#1112894, bsc#1144333). - cifs: fix memory leak in SMB2_read (bsc#1144333). - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510, bsc#1144333). - cifs: fix memory leak of an allocated cifs_ntsd structure (bsc#1144333). - cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl case (bsc#1144333). - cifs: Fix missing put_xid in cifs_file_strict_mmap (bsc#1087092, bsc#1144333). - cifs: Fix module dependency (bsc#1144333). - cifs: Fix mounts if the client is low on credits (bsc#1144333). - cifs: fix NULL deref in SMB2_read (bsc#1085539, bsc#1144333). - cifs: Fix NULL pointer dereference of devname (bnc#1129519). - cifs: Fix NULL pointer deref on SMB2_tcon() failure (bsc#1071009, bsc#1144333). - cifs: Fix NULL ptr deref (bsc#1144333). - cifs: fix page reference leak with readv/writev (bsc#1144333). - cifs: fix panic in smb2_reconnect (bsc#1144333). - cifs: fix parsing of symbolic link error response (bsc#1144333). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542, bsc#1144333). - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510, bsc#1144333). - cifs: Fix possible oops and memory leaks in async IO (bsc#1144333). - cifs: Fix potential OOB access of lock element array (bsc#1051510, bsc#1144333). - cifs: Fix read after write for files with read caching (bsc#1051510, bsc#1144333). - cifs: fix return value for cifs_listxattr (bsc#1051510, bsc#1144333). - cifs: fix rmmod regression in cifs.ko caused by force_sig changes (bsc#1144333). - cifs: Fix separator when building path from dentry (bsc#1051510, bsc#1144333). - cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510, bsc#1144333). - cifs: Fix signing for SMB2/3 (bsc#1144333). - cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting (bsc#1144333). - cifs: Fix slab-out-of-bounds when tracing SMB tcon (bsc#1144333). - cifs: fix SMB1 breakage (bsc#1144333). - cifs: fix smb3_zero_range for Azure (bsc#1144333). - cifs: fix smb3_zero_range so it can expand the file-size when required (bsc#1144333). - cifs: fix spelling mistake, EACCESS -> EACCES (bsc#1144333). - cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1051510, bsc#1144333). - cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() (bsc#1144333). - cifs: Fix to use kmem_cache_free() instead of kfree() (bsc#1144333). - cifs: Fix trace command logging for SMB2 reads and writes (bsc#1144333). - cifs: fix typo in cifs_dbg (bsc#1144333). - cifs: fix typo in debug message with struct field ia_valid (bsc#1144333). - cifs: fix uninitialized ptr deref in smb2 signing (bsc#1144333). - cifs: Fix use-after-free in SMB2_read (bsc#1144333). - cifs: Fix use-after-free in SMB2_write (bsc#1144333). - cifs: Fix use after free of a mid_q_entry (bsc#1112903, bsc#1144333). - cifs: fix use-after-free of the lease keys (bsc#1144333). - cifs: Fix validation of signed data in smb2 (bsc#1144333). - cifs: Fix validation of signed data in smb3+ (bsc#1144333). - cifs: fix wrapping bugs in num_entries() (bsc#1051510, bsc#1144333). - cifs: flush before set-info if we have writeable handles (bsc#1144333). - cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510, bsc#1144333). - cifs: handle large EA requests more gracefully in smb2+ (bsc#1144333). - cifs: handle netapp error codes (bsc#1136261). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: implement v3.11 preauth integrity (bsc#1051510, bsc#1144333). - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs) (bsc#1144333). - cifs: integer overflow in in SMB2_ioctl() (bsc#1051510, bsc#1144333). - cifs: Introduce helper function to get page offset and length in smb_rqst (bsc#1144333). - cifs: Introduce offset for the 1st page in data transfer structures (bsc#1144333). - cifs: invalidate cache when we truncate a file (bsc#1051510, bsc#1144333). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565, bsc#1144333). - cifs: limit amount of data we request for xattrs to CIFSMaxBufSize (bsc#1144333). - cifs: Limit memory used by lock request calls to a page (bsc#1144333). - cifs_lookup(): cifs_get_inode_...() never returns 0 with *inode left NULL (bsc#1144333). - cifs_lookup(): switch to d_splice_alias() (bsc#1144333). - cifs: make arrays static const, reduces object code size (bsc#1144333). - cifs: Make devname param optional in cifs_compose_mount_options() (bsc#1144333). - cifs: make IPC a regular tcon (bsc#1071306, bsc#1144333). - cifs: make minor clarifications to module params for cifs.ko (bsc#1144333). - cifs: make mknod() an smb_version_op (bsc#1144333). - cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510, bsc#1144333). - cifs: make rmdir() use compounding (bsc#1144333). - cifs: make smb_send_rqst take an array of requests (bsc#1144333). - cifs: Make sure all data pages are signed correctly (bsc#1144333). - cifs: Make use of DFS cache to get new DFS referrals (bsc#1144333). - cifs: Mask off signals when sending SMB packets (bsc#1144333). - cifs: minor clarification in comments (bsc#1144333). - cifs: Minor Kconfig clarification (bsc#1144333). - cifs: minor updates to module description for cifs.ko (bsc#1144333). - cifs: Move credit processing to mid callbacks for SMB3 (bsc#1144333). - cifs: move default port definitions to cifsglob.h (bsc#1144333). - cifs: move large array from stack to heap (bsc#1144333). - cifs: Move open file handling to writepages (bsc#1144333). - cifs: Move unlocking pages from wdata_send_pages() (bsc#1144333). - cifs: OFD locks do not conflict with eachothers (bsc#1051510, bsc#1144333). - cifs: Only free DFS target list if we actually got one (bsc#1144333). - cifs: Only send SMB2_NEGOTIATE command on new TCP connections (bsc#1144333). - cifs: only wake the thread for the very last PDU in a compound (bsc#1144333). - cifs: parse and store info on iface queries (bsc#1144333). - cifs: pass flags down into wait_for_free_credits() (bsc#1144333). - cifs: Pass page offset for calculating signature (bsc#1144333). - cifs: Pass page offset for encrypting (bsc#1144333). - cifs: pass page offsets on SMB1 read/write (bsc#1144333). - cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510, bsc#1144333). - cifs: prevent starvation in wait_for_free_credits for multi-credit requests (bsc#1144333). - cifs: print CIFSMaxBufSize as part of /proc/fs/cifs/DebugData (bsc#1144333). - cifs: Print message when attempting a mount (bsc#1144333). - cifs: Properly handle auto disabling of serverino option (bsc#1144333). - cifs: protect against server returning invalid file system block size (bsc#1144333). - cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: push rfc1002 generation down the stack (bsc#1144333). - cifs: read overflow in is_valid_oplock_break() (bsc#1144333). - cifs: Reconnect expired SMB sessions (bnc#1060662). - cifs: refactor and clean up arguments in the reparse point parsing (bsc#1144333). - cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510, bsc#1144333). - cifs: Refactor out cifs_mount() (bsc#1144333). - cifs: release auth_key.response for reconnect (bsc#1085536, bsc#1144333). - cifs: release cifs root_cred after exit_cifs (bsc#1085536, bsc#1144333). - cifs: remove coverity warning in calc_lanman_hash (bsc#1144333). - cifs: Remove custom credit adjustments for SMB2 async IO (bsc#1144333). - cifs: remove header_preamble_size where it is always 0 (bsc#1144333). - cifs: remove redundant duplicated assignment of pointer 'node' (bsc#1144333). - cifs: remove rfc1002 hardcoded constants from cifs_discard_remaining_data() (bsc#1144333). - cifs: remove rfc1002 header from all SMB2 response structures (bsc#1144333). - cifs: remove rfc1002 header from smb2_close_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_create_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_echo_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_flush_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_ioctl_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_lease_ack (bsc#1144333). - cifs: remove rfc1002 header from smb2_lock_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_logoff_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_negotiate_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_oplock_break we get from server (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_directory_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2 read/write requests (bsc#1144333). - cifs: remove rfc1002 header from smb2_sess_setup_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_set_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_connect_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_disconnect_req (bsc#1144333). - cifs: remove set but not used variable 'cifs_sb' (bsc#1144333). - cifs: remove set but not used variable 'sep' (bsc#1144333). - cifs: remove set but not used variable 'server' (bsc#1144333). - cifs: remove set but not used variable 'smb_buf' (bsc#1144333). - cifs: remove small_smb2_init (bsc#1144333). - cifs: remove smb2_send_recv() (bsc#1144333). - cifs: remove struct smb2_hdr (bsc#1144333). - cifs: remove struct smb2_oplock_break_rsp (bsc#1144333). - cifs: remove the is_falloc argument to SMB2_set_eof (bsc#1144333). - cifs: remove unused stats (bsc#1144333). - cifs: remove unused value pointed out by Coverity (bsc#1144333). - cifs: remove unused variable from SMB2_read (bsc#1144333). - cifs: rename and clarify CIFS_ASYNC_OP and CIFS_NO_RESP (bsc#1144333). - cifs: Reopen file before get SMB2 MTU credits for async IO (bsc#1144333). - cifs: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - cifs: replace snprintf with scnprintf (bsc#1144333). - cifs: Respect reconnect in MTU credits calculations (bsc#1144333). - cifs: Respect reconnect in non-MTU credits calculations (bsc#1144333). - cifs: Respect SMB2 hdr preamble size in read responses (bsc#1144333). - cifs: return correct errors when pinning memory failed for direct I/O (bsc#1144333). - cifs: Return -EAGAIN instead of -ENOTSOCK (bsc#1144333). - cifs: return -ENODATA when deleting an xattr that does not exist (bsc#1144333). - cifs: Return error code when getting file handle for writeback (bsc#1144333). - cifs: return error on invalid value written to cifsFYI (bsc#1144333). - cifs: Save TTL value when parsing DFS referrals (bsc#1144333). - cifs: Select all required crypto modules (bsc#1085536, bsc#1144333). - cifs: set mapping error when page writeback fails in writepage or launder_pages (bsc#1144333). - cifs: set oparms.create_options rather than or'ing in CREATE_OPEN_BACKUP_INTENT (bsc#1144333). - cifs: Set reconnect instance to one initially (bsc#1144333). - cifs: set *resp_buf_type to NO_BUFFER on error (bsc#1144333). - cifs: Show locallease in /proc/mounts for cifs shares mounted with locallease feature (bsc#1144333). - cifs: show 'soft' in the mount options for hard mounts (bsc#1144333). - cifs: show the w bit for writeable /proc/fs/cifs/* files (bsc#1144333). - cifs: silence compiler warnings showing up with gcc-8.0.0 (bsc#1090734, bsc#1144333). - cifs: Silence uninitialized variable warning (bsc#1144333). - cifs: simple stats should always be enabled (bsc#1144333). - cifs: simplify code by removing CONFIG_CIFS_ACL ifdef (bsc#1144333). - Update config files. - cifs: simplify how we handle credits in compound_send_recv() (bsc#1144333). - cifs: Skip any trailing backslashes from UNC (bsc#1144333). - cifs: smb2 commands can not be negative, remove confusing check (bsc#1144333). - cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510, bsc#1144333). - cifs: smb2ops: Fix NULL check in smb2_query_symlink (bsc#1144333). - cifs: smb2pdu: Fix potential NULL pointer dereference (bsc#1144333). - cifs: SMBD: Add parameter rdata to smb2_new_read_req (bsc#1144333). - cifs: SMBD: Add rdma mount option (bsc#1144333). - cifs: SMBD: Add SMB Direct debug counters (bsc#1144333). - cifs: SMBD: Add SMB Direct protocol initial values and constants (bsc#1144333). - cifs: smbd: Avoid allocating iov on the stack (bsc#1144333). - cifs: smbd: avoid reconnect lockup (bsc#1144333). - cifs: smbd: Check for iov length on sending the last iov (bsc#1144333). - cifs: smbd: depend on INFINIBAND_ADDR_TRANS (bsc#1144333). - cifs: SMBD: Disable signing on SMB direct transport (bsc#1144333). - cifs: smbd: disconnect transport on RDMA errors (bsc#1144333). - cifs: SMBD: Do not call ib_dereg_mr on invalidated memory registration (bsc#1144333). - cifs: smbd: Do not destroy transport on RDMA disconnect (bsc#1144333). - cifs: smbd: Do not use RDMA read/write when signing is used (bsc#1144333). - cifs: smbd: Dump SMB packet when configured (bsc#1144333). - cifs: smbd: Enable signing with smbdirect (bsc#1144333). - cifs: SMBD: Establish SMB Direct connection (bsc#1144333). - cifs: SMBD: export protocol initial values (bsc#1144333). - cifs: SMBD: fix spelling mistake: faield and legnth (bsc#1144333). - cifs: SMBD: Fix the definition for SMB2_CHANNEL_RDMA_V1_INVALIDATE (bsc#1144333). - cifs: SMBD: Implement function to create a SMB Direct connection (bsc#1144333). - cifs: SMBD: Implement function to destroy a SMB Direct connection (bsc#1144333). - cifs: SMBD: Implement function to receive data via RDMA receive (bsc#1144333). - cifs: SMBD: Implement function to reconnect to a SMB Direct transport (bsc#1144333). - cifs: SMBD: Implement function to send data via RDMA send (bsc#1144333). - cifs: SMBD: Implement RDMA memory registration (bsc#1144333). - cifs: smbd: Indicate to retry on transport sending failure (bsc#1144333). - cifs: SMBD: Read correct returned data length for RDMA write (SMB read) I/O (bsc#1144333). - cifs: smbd: Retry on memory registration failure (bsc#1144333). - cifs: smbd: Return EINTR when interrupted (bsc#1144333). - cifs: SMBD: Set SMB Direct maximum read or write size for I/O (bsc#1144333). - cifs: SMBD: _smbd_get_connection() can be static (bsc#1144333). - cifs: SMBD: Support page offset in memory registration (bsc#1144333). - cifs: SMBD: Support page offset in RDMA recv (bsc#1144333). - cifs: SMBD: Support page offset in RDMA send (bsc#1144333). - cifs: smbd: take an array of reqeusts when sending upper layer data (bsc#1144333). - cifs: SMBD: Upper layer connects to SMBDirect session (bsc#1144333). - cifs: SMBD: Upper layer destroys SMB Direct session on shutdown or umount (bsc#1144333). - cifs: SMBD: Upper layer performs SMB read via RDMA write through memory registration (bsc#1144333). - cifs: SMBD: Upper layer performs SMB write via RDMA read through memory registration (bsc#1144333). - cifs: SMBD: Upper layer receives data via RDMA receive (bsc#1144333). - cifs: SMBD: Upper layer reconnects to SMB Direct session (bsc#1144333). - cifs: SMBD: Upper layer sends data via RDMA send (bsc#1144333). - cifs:smbd Use the correct DMA direction when sending data (bsc#1144333). - cifs:smbd When reconnecting to server, call smbd_destroy() after all MIDs have been called (bsc#1144333). - cifs: SMBD: work around gcc -Wmaybe-uninitialized warning (bsc#1144333). - cifs: start DFS cache refresher in cifs_mount() (bsc#1144333). - cifs: store the leaseKey in the fid on SMB2_open (bsc#1051510, bsc#1144333). - cifs: suppress some implicit-fallthrough warnings (bsc#1144333). - cifs: track writepages in vfs operation counters (bsc#1144333). - cifs: Try to acquire credits at once for compound requests (bsc#1144333). - cifs: update calc_size to take a server argument (bsc#1144333). - cifs: update init_sg, crypt_message to take an array of rqst (bsc#1144333). - cifs: update internal module number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.14 (bsc#1144333). - cifs: update module internal version number (bsc#1144333). - cifs: update multiplex loop to handle compounded responses (bsc#1144333). - cifs: update receive_encrypted_standard to handle compounded responses (bsc#1144333). - cifs: update smb2_calc_size to use smb2_sync_hdr instead of smb2_hdr (bsc#1144333). - cifs: update smb2_check_message to handle PDUs without a 4 byte length header (bsc#1144333). - cifs: update smb2_queryfs() to use compounding (bsc#1144333). - cifs: update __smb_send_rqst() to take an array of requests (bsc#1144333). - cifs: use a compound for setting an xattr (bsc#1144333). - cifs: use a refcount to protect open/closing the cached file handle (bsc#1144333). - cifs: use correct format characters (bsc#1144333). - cifs: Use correct packet length in SMB2_TRANSFORM header (bsc#1144333). - cifs: Use GFP_ATOMIC when a lock is held in cifs_mount() (bsc#1144333). - cifs: Use kmemdup in SMB2_ioctl_init() (bsc#1144333). - cifs: Use kmemdup rather than duplicating its implementation in smb311_posix_mkdir() (bsc#1144333). - cifs: Use kzfree() to free password (bsc#1144333). - cifs: Use offset when reading pages (bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510, bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510, bsc#1144333). - cifs: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl (bsc#1071306, bsc#1144333). - cifs: use the correct length when pinning memory for direct I/O for write (bsc#1144333). - cifs: Use ULL suffix for 64-bit constant (bsc#1051510, bsc#1144333). - cifs: wait_for_free_credits() make it possible to wait for >=1 credits (bsc#1144333). - cifs: we can not use small padding iovs together with encryption (bsc#1144333). - cifs: When sending data on socket, pass the correct page offset (bsc#1144333). - cifs: zero-range does not require the file is sparse (bsc#1144333). - cifs: zero sensitive data when freeing (bsc#1087092, bsc#1144333). - Cleanup some minor endian issues in smb3 rdma (bsc#1144333). - clk: add clk_bulk_get accessories (bsc#1144813). - clk: at91: fix update bit maps on CFG_MOR write (bsc#1051510). - clk: bcm2835: remove pllb (jsc#SLE-7294). - clk: bcm283x: add driver interfacing with Raspberry Pi's firmware (jsc#SLE-7294). - clk: bulk: silently error out on EPROBE_DEFER (bsc#1144718,bsc#1144813). - clk: Export clk_bulk_prepare() (bsc#1144813). - clk: qcom: Fix -Wunused-const-variable (bsc#1051510). - clk: raspberrypi: register platform device for raspberrypi-cpufreq (jsc#SLE-7294). - clk: renesas: cpg-mssr: Fix reset control race condition (bsc#1051510). - clk: rockchip: Add 1.6GHz PLL rate for rk3399 (bsc#1144718,bsc#1144813). - clk: rockchip: assign correct id for pclk_ddr and hclk_sd in rk3399 (bsc#1144718,bsc#1144813). - clk: rockchip: Do not yell about bad mmc phases when getting (bsc#1051510). - clk: rockchip: Turn on 'aclk_dmac1' for suspend on rk3288 (bsc#1051510). - clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks (bsc#1051510). - clk: sunxi-ng: v3s: add the missing PLL_DDR1 (bsc#1051510). - clk: tegra210: fix PLLU and PLLU_OUT1 (bsc#1051510). - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider (bsc#1051510). - compat_ioctl: pppoe: fix PPPOEIOCSFWD handling (bsc#1051510). - coredump: split pipe command whitespace before expanding template (bsc#1051510). - coresight: etb10: Fix handling of perf mode (bsc#1051510). - coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510). - cpufreq: acpi-cpufreq: Report if CPU does not support boost technologies (bsc#1051510). - cpufreq: add driver for Raspberry Pi (jsc#SLE-7294). - cpufreq: Add Hygon Dhyana support (). - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ (). - cpufreq: brcmstb-avs-cpufreq: Fix initial command check (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency (bsc#1051510). - cpufreq: check if policy is inactive early in __cpufreq_get() (bsc#1051510). - cpufreq: dt: Try freeing static OPPs only if we have added them (jsc#SLE-7294). - cpufreq: kirkwood: fix possible object reference leak (bsc#1051510). - cpufreq/pasemi: fix possible object reference leak (bsc#1051510). - cpufreq: pmac32: fix possible object reference leak (bsc#1051510). - cpufreq: ppc_cbe: fix possible object reference leak (bsc#1051510). - cpufreq: Use struct kobj_attribute instead of struct global_attr (bsc#1051510). - cpu/speculation: Warn on unsupported mitigations= parameter (bsc#1114279). - cpu/topology: Export die_id (jsc#SLE-5454). - crypto: algapi - guard against uninitialized spawn list in crypto_remove_spawns (bsc#1133401). - crypto: arm64/sha1-ce - correct digest for empty data in finup (bsc#1051510). - crypto: arm64/sha2-ce - correct digest for empty data in finup (bsc#1051510). - crypto: caam - fix concurrency issue in givencrypt descriptor (bsc#1051510). - crypto: caam - free resources in case caam_rng registration failed (bsc#1051510). - crypto: cavium/zip - Add missing single_release() (bsc#1051510). - crypto: ccp - Add support for valid authsize values less than 16 (bsc#1051510). - crypto: ccp - Fix 3DES complaint from ccp-crypto module (bsc#1051510). - crypto: ccp - fix AES CFB error exposed by new test vectors (bsc#1051510). - crypto: ccp - Fix oops by properly managing allocated structures (bsc#1051510). - crypto: ccp - Fix SEV_VERSION_GREATER_OR_EQUAL (bsc#1051510). - crypto: ccp - fix the SEV probe in kexec boot path (bsc#1136896). - crypto: ccp/gcm - use const time tag comparison (bsc#1051510). - crypto: ccp - Ignore tag length when decrypting GCM ciphertext (bsc#1051510). - crypto: ccp - Ignore unconfigured CCP device on suspend/resume (bnc#1145934). - crypto: ccp - memset structure fields to zero before reuse (bsc#1051510). - crypto: ccp - Reduce maximum stack usage (bsc#1051510). - crypto: ccp - Validate buffer lengths for copy operations (bsc#1051510). - crypto: ccp - Validate the the error value used to index error messages (bsc#1051510). - crypto: chacha20poly1305 - fix atomic sleep when using async algorithm (bsc#1051510). - crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510). - crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe (bsc#1051510). - crypto: ghash - fix unaligned memory access in ghash_setkey() (bsc#1051510). - crypto: qat - Silence smp_processor_id() warning (bsc#1051510). - crypto: skcipher - Unmap pages after an external error (bsc#1051510). - crypto: talitos - Align SEC1 accesses to 32 bits boundaries (bsc#1051510). - crypto: talitos - check data blocksize in ablkcipher (bsc#1051510). - crypto: talitos - fix CTR alg blocksize (bsc#1051510). - crypto: talitos - fix max key size for sha384 and sha512 (bsc#1051510). - crypto: talitos - fix skcipher failure due to wrong output IV (bsc#1051510). - crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking (bsc#1051510). - crypto: talitos - properly handle split ICV (bsc#1051510). - crypto: talitos - reduce max key size for SEC1 (bsc#1051510). - crypto: talitos - rename alternative AEAD algos (bsc#1051510). - crypto: user - prevent operating on larval algorithms (bsc#1133401). - crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661, bsc#1137162). - crypto: vmx - return correct error code on failed setkey (bsc#1135661, bsc#1137162). - cx82310_eth: fix a memory leak bug (bsc#1051510). - dasd_fba: Display '00000000' for zero page when dumping sense (bsc#1123080). - dax: dax_layout_busy_page() should not unmap cow pages (bsc#1148698). - dax: Fix xarray entry association for mixed mappings (bsc#1140893). - Delete for bsc#1144979: bcache: kernel oops on reading sysfs cache_mode file patches.suse/0031-bcache-use-sysfs_match_string-instead-of-__sysfs_mat.patch. - device core: Consolidate locking and unlocking of parent and device (bsc#1106383). - devres: always use dev_name() in devm_ioremap_resource() (git fixes). - dfs_cache: fix a wrong use of kfree in flush_cache_ent() (bsc#1144333). - dma-buf: balance refcount inbalance (bsc#1051510). - dmaengine: dw: platform: Switch to acpi_dma_controller_register() (bsc#1051510). - dmaengine: hsu: Revert 'set HSU_CH_MTSR to memory width' (bsc#1051510). - dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510). - dmaengine: iop-adma.c: fix printk format warning (bsc#1051510). - dmaengine: rcar-dmac: Reject zero-length slave DMA requests (bsc#1051510). - dm btree: fix order of block initialization in btree_split_beneath (git fixes). - dm bufio: fix deadlock with loop device (git fixes). - dm cache metadata: Fix loading discard bitset (git fixes). - dm crypt: do not overallocate the integrity tag space (git fixes). - dm crypt: fix parsing of extended IV arguments (git fixes). - dm, dax: Fix detection of DAX support (bsc#1139782). - dm delay: fix a crash when invalid device is specified (git fixes). - dm: fix to_sector() for 32bit (git fixes). - dm integrity: change memcmp to strncmp in dm_integrity_ctr (git fixes). - dm integrity: limit the rate of error messages (git fixes). - dm kcopyd: always complete failed jobs (git fixes). - dm log writes: make sure super sector log updates are written in order (git fixes). - dm raid: add missing cleanup in raid_ctr() (git fixes). - dm: revert 8f50e358153d ('dm: limit the max bio size as BIO_MAX_PAGES * PAGE_SIZE') (git fixes). - dm space map metadata: fix missing store of apply_bops() return value (git fixes). - dm table: fix invalid memory accesses with too high sector number (git fixes). - dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors (git fixes). - dm thin: fix bug where bio that overwrites thin block ignores FUA (git fixes). - dm thin: fix passdown_double_checking_shared_status() (git fixes). - dm zoned: fix potential NULL dereference in dmz_do_reclaim() (git fixes). - dm zoned: Fix zone report handling (git fixes). - dm zoned: fix zone state management race (git fixes). - dm zoned: improve error handling in i/o map code (git fixes). - dm zoned: improve error handling in reclaim (git fixes). - dm zoned: properly handle backing device failure (git fixes). - dm zoned: Silence a static checker warning (git fixes). - doc: Cope with the deprecation of AutoReporter (bsc#1051510). - docs: Fix conf.py for Sphinx 2.0 (bsc#1135642). - Documentation: Add MDS vulnerability documentation (bsc#1135642). - Documentation: Add nospectre_v1 parameter (bsc#1051510). - Documentation: Correct the possible MDS sysfs values (bsc#1135642). - Documentation: DMA-API: fix a function name of max_mapping_size (bsc#1140954). - Documentation/networking: fix default_ttl typo in mpls-sysctl (bsc#1051510). - Do not log confusing message on reconnect by default (bsc#1129664, bsc#1144333). - Do not log expected error on DFS referral request (bsc#1051510, bsc#1144333). - Do not provide kernel-default from kernel-default-base (boo#1132154, bsc#1106751). - Do not provide kernel-default-srchash from kernel-default-base. - Do not restrict NFSv4.2 on openSUSE (bsc#1138719). - dpaa_eth: fix SG frame cleanup (networking-stable-19_05_14). - drbd: Avoid Clang warning about pointless switch statment (bsc#1051510). - drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bsc#1051510). - drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510). - drbd: skip spurious timeout (ping-timeo) when failing promote (bsc#1051510). - driver core: Establish order of operations for device_add and device_del via bitflag (bsc#1106383). - driver core: Fix use-after-free and double free on glue directory (bsc#1131281). - driver core: Probe devices asynchronously instead of the driver (bsc#1106383). - drivers: acpi: add dependency of EFI for arm64 (bsc#1117158). - drivers/base: Introduce kill_device() (bsc#1139865). - drivers/base: kABI fixes for struct device_private (bsc#1106383). - drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var (bsc#1051510). - drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl (bsc#1051510). - drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' (bsc#1051510). - drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings (bsc#1051510). - drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() (bsc#1051510). - drivers: thermal: int340x_thermal: Fix sysfs race condition (bsc#1051510). - drivers: thermal: tsens: Do not print error message on -EPROBE_DEFER (bsc#1051510). - drm/amdgpu: fix old fence check in amdgpu_fence_emit (bsc#1051510). - drm/amdgpu/gfx9: use reset default for PA_SC_FIFO_SIZE (bsc#1051510). - drm/amdgpu/psp: move psp version specific function pointers to (bsc#1135642) - drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510). - drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz (bsc#1051510). - drm/bridge: tc358767: read display_props in get_modes() (bsc#1051510). - drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry (bsc#1051510). - drm/drv: Hold ref on parent device during drm_device lifetime (bsc#1051510). - drm/etnaviv: add missing failure path to destroy suballoc (bsc#1135642) - drm/gma500/cdv: Check vbt config bits when detecting lvds panels (bsc#1051510). - drm/i915/dmc: protect against reading random memory (bsc#1051510). - drm/i915: Do not deballoon unused ggtt drm_mm_node in linux guest (bsc#1142635) - drm/i915: Fix various tracepoints for gen2 (bsc#1113722) - drm/i915: Fix wrong escape clock divisor init for GLK (bsc#1142635) - drm/i915/gvt: Fix cmd length of VEB_DI_IECP (bsc#1113722) - drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510). - drm/i915/gvt: refine ggtt range validation (bsc#1113722) - drm/i915/perf: ensure we keep a reference on the driver (bsc#1142635) - drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510). - drm/i915: Restore relaxed padding (OCL_OOB_SUPPRES_ENABLE) for skl+ (bsc#1142635) - drm/i915/sdvo: Implement proper HDMI audio support for SDVO (bsc#1051510). - drm/i915/userptr: Acquire the page lock around set_page_dirty() (bsc#1051510). - drm/imx: Drop unused imx-ipuv3-crtc.o build (bsc#1113722) - drm/imx: notify drm core before sending event during crtc disable (bsc#1135642) - drm/imx: only send event on crtc disable if kept disabled (bsc#1135642) - drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver (bsc#1135642) - drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable() (bsc#1135642) - drm/mediatek: clear num_pipes when unbind driver (bsc#1135642) - drm/mediatek: fix unbind functions (bsc#1135642) - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto (bsc#1142635) - drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1135642) - drm/mediatek: use correct device to import PRIME buffers (bsc#1142635) - drm/meson: Add support for XBGR8888 & ABGR8888 formats (bsc#1051510). - drm/msm/a3xx: remove TPL1 regs from snapshot (bsc#1051510). - drm/msm: Depopulate platform on probe failure (bsc#1051510). - drm: msm: Fix add_gpu_components (bsc#1051510). - drm/msm/mdp5: Fix mdp5_cfg_init error return (bsc#1142635) - drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration (bsc#1051510). - drm/nouveau: Do not retry infinitely when receiving no data on i2c (bsc#1142635) - drm/nouveau: fix memory leak in nouveau_conn_reset() (bsc#1051510). - drm/nouveau/i2c: Disable i2c bus access after ->fini() (bsc#1113722) - drm/nouveau/i2c: Enable i2c pads & busses during preinit (bsc#1051510). - drm/panel: simple: Fix panel_simple_dsi_probe (bsc#1051510). - drm/radeon: prefer lower reference dividers (bsc#1051510). - drm/rockchip: Properly adjust to a true clock in adjusted_mode (bsc#1051510). - drm/rockchip: Suspend DP late (bsc#1142635) - drm: silence variable 'conn' set but not used (bsc#1051510). - drm/udl: introduce a macro to convert dev to udl. (bsc#1113722) - drm/udl: move to embedding drm device inside udl device. (bsc#1113722) - drm/virtio: Add memory barriers for capset cache (bsc#1051510). - drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1135642) - drm/vmwgfx: fix memory leak when too many retries have occurred (bsc#1051510). - drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1135642) - drm: Wake up next in drm_read() chain if we are forced to putback the event (bsc#1051510). - Drop an ASoC fix that was reverted in 4.14.y stable - e1000e: start network tx queue only when link is up (bsc#1051510). - eCryptfs: fix a couple type promotion bugs (bsc#1051510). - EDAC/amd64: Add Family 17h Model 30h PCI IDs (bsc#1112178). - EDAC, amd64: Add Family 17h, models 10h-2fh support (bsc#1112178). - EDAC, amd64: Add Hygon Dhyana support (). - EDAC/amd64: Decode syndrome before translating address (bsc#1114279). - EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec (bsc#1114279). - EDAC/mc: Fix edac_mc_find() in case no device is found (bsc#1114279). - eeprom: at24: make spd world-readable again (git-fixes). - efi: add API to reserve memory persistently across kexec reboot (bsc#1117158). - efi/arm: Defer persistent reservations until after paging_init() (bsc#1117158). - efi/arm: Do not mark ACPI reclaim memory as MEMBLOCK_NOMAP (bsc#1117158 bsc#1115688 bsc#1120566). - efi/arm: libstub: add a root memreserve config table (bsc#1117158). - efi/arm: map UEFI memory map even w/o runtime services enabled (bsc#1117158). - efi/arm: preserve early mapping of UEFI memory map longer for BGRT (bsc#1117158). - efi/arm: Revert 'Defer persistent reservations until after paging_init()' (bsc#1117158). - efi/arm: Revert deferred unmap of early memmap mapping (bsc#1117158). - efi/bgrt: Drop BGRT status field reserved bits check (bsc#1051510). - efi: honour memory reservations passed via a linux specific config table (bsc#1117158). - efi: Permit calling efi_mem_reserve_persistent() from atomic context (bsc#1117158). - efi: Permit multiple entries in persistent memreserve data structure (bsc#1117158). - efi: Prevent GICv3 WARN() by mapping the memreserve table before first use (bsc#1117158). - efi: Reduce the amount of memblock reservations for persistent allocations (bsc#1117158). - ehea: Fix a copy-paste err in ehea_init_port_res (bsc#1051510). - ethtool: check the return value of get_regs_len (git-fixes). - ethtool: fix potential userspace buffer overflow (networking-stable-19_06_09). - ext4: do not delete unlinked inode from orphan list on failed truncate (bsc#1140891). - ext4: fix warning inside ext4_convert_unwritten_extents_endio (bsc#1152025). - ext4: set error return correctly when ext4_htree_store_dirent fails (bsc#1152024). - ext4: use jbd2_inode dirty range scoping (bsc#1148616). - extcon: arizona: Disable mic detect if running when driver is removed (bsc#1051510). - firmware: efi: factor out mem_reserve (bsc#1117158 bsc#1134671). - firmware: raspberrypi: register clk device (jsc#SLE-7294). - firmware: ti_sci: Always request response from firmware (bsc#1051510). - Fixed https://bugzilla.kernel.org/show_bug.cgi?id=202935 allow write on the same file (bsc#1144333). - Fix encryption labels and lengths for SMB3.1.1 (bsc#1085536, bsc#1144333). - fix incorrect error code mapping for OBJECTID_NOT_FOUND (bsc#1144333). - Fix kABI after KVM fixes - Fix kABI for asus-wmi quirk_entry field addition (bsc#1051510). - Fix kabi for: NFSv4: Fix OPEN / CLOSE race (git-fixes). - Fix match_server check to allow for auto dialect negotiate (bsc#1144333). - Fix memory leak in sctp_process_init (networking-stable-19_06_09). - Fix SMB3.1.1 guest authentication to Samba (bsc#1085536, bsc#1144333). - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510, bsc#1144333). - fix struct ufs_req removal of unused field (git-fixes). - Fix warning messages when mounting to older servers (bsc#1144333). - fork, memcg: fix cached_stacks case (bsc#1134097). - fork, memcg: fix crash in free_thread_stack on memcg charge fail (bsc#1134097). - fs/cifs/cifsacl.c Fixes typo in a comment (bsc#1144333). - fs: cifs: cifsssmb: Change return type of convert_ace_to_cifs_ace (bsc#1144333). - fs/cifs: do not translate SFM_SLASH (U+F026) to backslash (bsc#1144333). - fs: cifs: Drop unlikely before IS_ERR(_OR_NULL) (bsc#1144333). - fs/cifs: fix uninitialised variable warnings (bsc#1144333). - fs: cifs: Kconfig: pedantic formatting (bsc#1144333). - fs: cifs: Replace _free_xid call in cifs_root_iget function (bsc#1144333). - fs/cifs: require sha512 (bsc#1051510, bsc#1144333). - fs/cifs: Simplify ib_post_(send|recv|srq_recv)() calls (bsc#1144333). - fs/cifs/smb2pdu.c: fix buffer free in SMB2_ioctl_free (bsc#1144333). - fs/cifs: suppress a string overflow warning (bsc#1144333). - fs/*/Kconfig: drop links to 404-compliant http://acl.bestbits.at (bsc#1144333). - fsl/fman: Use GFP_ATOMIC in {memac,tgec}_add_hash_mac_address() (bsc#1051510). - fs/ocfs2: fix race in ocfs2_dentry_attach_lock() (bsc#1140889). - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference (bsc#1140887). - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (bsc#1140887). - fs/xfs: Fix return code of xfs_break_leased_layouts() (bsc#1148031). - fs: xfs: xfs_log: Do not use KM_MAYFAIL at xfs_log_reserve() (bsc#1148033). - ftrace: Check for empty hash and comment the race with registering probes (bsc#1149418). - ftrace: Check for successful allocation of hash (bsc#1149424). - ftrace: Fix NULL pointer dereference in t_probe_next() (bsc#1149413). - ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995). - fuse: fallocate: fix return with locked inode (bsc#1051510). - fuse: fix writepages on 32bit (bsc#1051510). - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate (bsc#1051510). - genirq: Prevent use-after-free and work list corruption (bsc#1051510). - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bsc#1051510). - genwqe: Prevent an integer overflow in the ioctl (bsc#1051510). - gpio: Fix build error of function redefinition (bsc#1051510). - gpio: fix gpio-adp5588 build errors (bsc#1051510). - gpio: fix line flag validation in lineevent_create (bsc#1051510). - gpio: fix line flag validation in linehandle_create (bsc#1051510). - gpio: gpio-omap: add check for off wake capable gpios (bsc#1051510). - gpiolib: fix incorrect IRQ requesting of an active-low lineevent (bsc#1051510). - gpiolib: never report open-drain/source lines as 'input' to user-space (bsc#1051510). - gpiolib: only check line handle flags once (bsc#1051510). - gpio: Move gpiochip_lock/unlock_as_irq to gpio/driver.h (bsc#1051510). - gpio: mxs: Get rid of external API call (bsc#1051510). - gpio: omap: ensure irq is enabled before wakeup (bsc#1051510). - gpio: omap: fix lack of irqstatus_raw0 for OMAP4 (bsc#1051510). - gpio: pxa: handle corner case of unprobed device (bsc#1051510). - gpio: Remove obsolete comment about gpiochip_free_hogs() usage (bsc#1051510). - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM (bsc#1142635) - HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT (bsc#1051510). - HID: Add quirk for HP X1200 PIXART OEM mouse (bsc#1051510). - HID: cp2112: prevent sleeping function called from invalid context (bsc#1051510). - HID: hiddev: avoid opening a disconnected device (bsc#1051510). - HID: hiddev: do cleanup in failure of opening a device (bsc#1051510). - HID: holtek: test for sanity of intfdata (bsc#1051510). - HID: input: fix a4tech horizontal wheel custom usage (bsc#1137429). - HID: logitech-hidpp: change low battery level threshold from 31 to 30 percent (bsc#1051510). - HID: logitech-hidpp: use RAP instead of FAP to get the protocol version (bsc#1051510). - HID: sony: Fix race condition between rumble and device remove (bsc#1051510). - HID: wacom: Add ability to provide explicit battery status info (bsc#1051510). - HID: wacom: Add support for 3rd generation Intuos BT (bsc#1051510). - HID: wacom: Add support for Pro Pen slim (bsc#1051510). - HID: wacom: convert Wacom custom usages to standard HID usages (bsc#1051510). - HID: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth (bsc#1051510). - HID: wacom: Correct distance scale for 2nd-gen Intuos devices (bsc#1142635). - HID: wacom: correct misreported EKR ring values (bsc#1142635). - HID: wacom: correct touch resolution x/y typo (bsc#1051510). - HID: wacom: Do not report anything prior to the tool entering range (bsc#1051510). - HID: wacom: Do not set tool type until we're in range (bsc#1051510). - HID: wacom: fix bit shift for Cintiq Companion 2 (bsc#1051510). - HID: wacom: fix mistake in printk (bsc#1051510). - HID: wacom: generic: add the 'Report Valid' usage (bsc#1051510). - HID: wacom: generic: Correct pad syncing (bsc#1051510). - HID: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0 (bsc#1051510). - HID: wacom: generic: Leave tool in prox until it completely leaves sense (bsc#1051510). - HID: wacom: generic: only switch the mode on devices with LEDs (bsc#1051510). - HID: wacom: generic: read HID_DG_CONTACTMAX from any feature report (bsc#1051510). - HID: wacom: generic: Refactor generic battery handling (bsc#1051510). - HID: wacom: generic: Report AES battery information (bsc#1051510). - HID: wacom: generic: Reset events back to zero when pen leaves (bsc#1051510). - HID: wacom: generic: Scale battery capacity measurements to percentages (bsc#1051510). - HID: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set (bsc#1051510). - HID: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range (bsc#1051510). - HID: wacom: generic: Support multiple tools per report (bsc#1051510). - HID: wacom: generic: Use generic codepath terminology in wacom_wac_pen_report (bsc#1051510). - HID: wacom: Mark expected switch fall-through (bsc#1051510). - HID: wacom: Move handling of HID quirks into a dedicated function (bsc#1051510). - HID: wacom: Move HID fix for AES serial number into wacom_hid_usage_quirk (bsc#1051510). - HID: wacom: Properly handle AES serial number and tool type (bsc#1051510). - HID: wacom: Queue events with missing type/serial data for later processing (bsc#1051510). - HID: wacom: Remove comparison of u8 mode with zero and simplify (bsc#1051510). - HID: wacom: Replace touch_max fixup code with static touch_max definitions (bsc#1051510). - HID: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact (bsc#1051510). - HID: wacom: Support 'in range' for Intuos/Bamboo tablets where possible (bsc#1051510). - HID: Wacom: switch Dell canvas into highres mode (bsc#1051510). - HID: wacom: Sync INTUOSP2_BT touch state after each frame if necessary (bsc#1051510). - HID: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510). - HID: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 (bsc#1051510). - hpet: Fix division by zero in hpet_time_div() (bsc#1051510). - hugetlbfs: dirty pages as they are added to pagecache (git fixes (mm/hugetlbfs)). - hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! (git fixes (mm/hugetlbfs)). - hwmon: (core) add thermal sensors only if dev->of_node is present (bsc#1051510). - hwmon/coretemp: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - hwmon/coretemp: Support multi-die/package (jsc#SLE-5454). - hwmon: (k10temp) 27C Offset needed for Threadripper2 (). - hwmon: (k10temp) Add Hygon Dhyana support (). - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics (). - hwmon: (k10temp) Add support for family 17h (). - hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs (). - hwmon: (k10temp) Add support for temperature offsets (). - hwmon: (k10temp) Add temperature offset for Ryzen 1900X (). - hwmon: (k10temp) Add temperature offset for Ryzen 2700X (). - hwmon: (k10temp) Correct model name for Ryzen 1600X (). - hwmon: (k10temp) Display both Tctl and Tdie (). - hwmon: (k10temp) Fix reading critical temperature register (). - hwmon: (k10temp) Make function get_raw_temp static (). - hwmon: (k10temp) Move chip specific code into probe function (). - hwmon: (k10temp) Only apply temperature offset if result is positive (). - hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh processors (). - hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify offset table (). - hwmon: (k10temp) Use API function to access System Management Network (). - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (). - hwmon: (lm75) Fix write operations for negative temperatures (bsc#1051510). - hwmon: (nct6775) Fix register address and added missed tolerance for nct6106 (bsc#1051510). - hwmon: (nct7802) Fix wrong detection of in4 presence (bsc#1051510). - hwmon: (pmbus/core) Treat parameters as paged if on multiple pages (bsc#1051510). - hwmon: (shtc1) fix shtc1 and shtw1 id mask (bsc#1051510). - hwrng: omap - Set default quality (bsc#1051510). - i2c: acorn: fix i2c warning (bsc#1135642). - i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr (bsc#1051510). - i2c: emev2: avoid race when unregistering slave client (bsc#1051510). - i2c: i801: Add support for Intel Comet Lake (jsc#SLE-5331). - i2c-piix4: Add Hygon Dhyana SMBus support (). - i2c: piix4: Fix port selection for AMD Family 16h Model 30h (bsc#1051510). - i2c: qup: fixed releasing dma without flush operation completion (bsc#1051510). - IB/mlx5: Fix MR registration flow to use UMR properly (bsc#1093205 bsc#1145678). - ibmveth: Convert multicast list size for little-endian system (bsc#1061843). - ibmveth: Update ethtool settings to reflect virtual properties (bsc#1136157, LTC#177197). - ibmvnic: Add device identification to requested IRQs (bsc#1137739). - ibmvnic: Do not close unopened driver during reset (bsc#1137752). - ibmvnic: Do not process reset during or after device removal (bsc#1149652 ltc#179635). - ibmvnic: Fix unchecked return codes of memory allocations (bsc#1137752). - ibmvnic: Refresh device multicast list after reset (bsc#1137752). - ibmvnic: remove set but not used variable 'netdev' (bsc#1137739). - ibmvnic: Unmap DMA address of TX descriptor buffers after use (bsc#1146351 ltc#180726). - ife: error out when nla attributes are empty (networking-stable-19_08_08). - igmp: fix memory leak in igmpv3_del_delrec() (networking-stable-19_07_25). - iio: adc: max9611: Fix misuse of GENMASK macro (bsc#1051510). - iio: adc: max9611: Fix temperature reading in probe (bsc#1051510). - iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion (bsc#1051510). - iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data (bsc#1051510). - iio: dac: ad5380: fix incorrect assignment to val (bsc#1051510). - iio: hmc5843: fix potential NULL pointer dereferences (bsc#1051510). - iio: iio-utils: Fix possible incorrect mask calculation (bsc#1051510). - Improve security, move default dialect to SMB3 from old CIFS (bsc#1051510, bsc#1144333). - include/linux/bitops.h: sanitize rotate primitives (git fixes). - indirect call wrappers: helpers to speed-up indirect calls of builtin (bsc#1124503). - Input: alps - do not handle ALPS cs19 trackpoint-only device (bsc#1051510). - Input: alps - fix a mismatch between a condition check and its comment (bsc#1051510). - Input: elan_i2c - remove Lenovo Legion Y7000 PnpID (bsc#1051510). - Input: elantech - enable middle button support on 2 ThinkPads (bsc#1051510). - Input: iforce - add sanity checks (bsc#1051510). - Input: imx_keypad - make sure keyboard can always wake up system (bsc#1051510). - Input: kbtab - sanity check for endpoint type (bsc#1051510). - Input: psmouse - fix build error of multiple definition (bsc#1051510). - Input: synaptics - enable RMI mode for HP Spectre X360 (bsc#1051510). - Input: synaptics - enable SMBUS on T480 thinkpad trackpad (bsc#1051510). - Input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510). - Input: synaptics - whitelist Lenovo T580 SMBus intertouch (bsc#1051510). - Input: tm2-touchkey - acknowledge that setting brightness is a blocking call (bsc#1129770). - Input: trackpoint - only expose supported controls for Elan, ALPS and NXP (bsc#1051510). - Input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD (bsc#1051510). - Install extra rpm scripts for kernel subpackaging (jsc#SLE-4117, jsc#SLE-3853, bsc#1128910). - intel_th: msu: Fix single mode with disabled IOMMU (bsc#1051510). - intel_th: pci: Add Ice Lake NNPI support (bsc#1051510). - intel_th: pci: Add support for another Lewisburg PCH (bsc#1051510). - intel_th: pci: Add Tiger Lake support (bsc#1051510). - iommu/amd: Add support for X2APIC IOMMU interrupts (bsc#1145010). - iommu/amd: Fix race in increase_address_space() (bsc#1150860). - iommu/amd: Flush old domains in kdump kernel (bsc#1150861). - iommu/amd: Make iommu_disable safer (bsc#1140955). - iommu/amd: Move iommu_init_pci() to .init section (bsc#1149105). - iommu/arm-smmu: Add support for qcom,smmu-v2 variant (bsc#1051510). - iommu/arm-smmu: Avoid constant zero in TLBI writes (bsc#1140956). - iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel (bsc#1117158). - iommu/arm-smmu-v3: Do not disable SMMU in kdump kernel (bsc#1117158 bsc#1134671). - iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register (bsc#1051510). - iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer (bsc#1051510). - iommu/dma: Fix for dereferencing before null checking (bsc#1151667). - iommu/dma: Handle SG length overflow better (bsc#1146084). - iommu: Fix a leak in iommu_insert_resv_region (bsc#1140957). - iommu/iova: Avoid false sharing on fq_timer_on (bsc#1151671). - iommu/iova: Fix compilation error with !CONFIG_IOMMU_IOVA (bsc#1145024). - iommu: Use right function to get group for device (bsc#1140958). - iommu/vt-d: Do not queue_iova() if there is no flush queue (bsc#1145024). - iommu/vt-d: Duplicate iommu_resv_region objects per device list (bsc#1140959). - iommu/vt-d: Handle PCI bridge RMRR device scopes in intel_iommu_get_resv_regions (bsc#1140960). - iommu/vt-d: Handle RMRR with PCI bridge device scopes (bsc#1140961). - iommu/vt-d: Introduce is_downstream_to_pci_bridge helper (bsc#1140962). - iommu/vt-d: Remove unnecessary rcu_read_locks (bsc#1140964). - ip6_tunnel: fix possible use-after-free on xmit (networking-stable-19_08_08). - ipip: validate header length in ipip_tunnel_xmit (git-fixes). - ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled (git-fixes). - ipv4: do not set IPv6 only flags to IPv4 addresses (networking-stable-19_07_25). - ipv4: Fix raw socket lookup for local traffic (networking-stable-19_05_14). - ipv4/igmp: fix another memory leak in igmpv3_del_delrec() (networking-stable-19_05_31). - ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST (networking-stable-19_05_31). - ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop (git-fixes). - ipv6/addrconf: allow adding multicast addr if IFA_F_MCAUTOJOIN is set (networking-stable-19_08_28). - ipv6: Consider sk_bound_dev_if when binding a raw socket to an address (networking-stable-19_05_31). - ipv6: fix EFAULT on sendto with icmpv6 and hdrincl (networking-stable-19_06_09). - ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero (networking-stable-19_06_18). - ipv6: use READ_ONCE() for inet->hdrincl as in ipv4 (networking-stable-19_06_09). - irqchip/gic-v3-its: fix build warnings (bsc#1144880). - irqchip/gic-v3-its: fix some definitions of inner cacheability attributes (bsc#1051510). - irqchip/mbigen: Do not clear eventid when freeing an MSI (bsc#1051510). - isdn/capi: check message length in capi_write() (bsc#1051510). - ISDN: hfcsusb: checking idx of ep configuration (bsc#1051510). - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack (bsc#1051510). - isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain() (bsc#1051510). - iwlwifi: dbg: split iwl_fw_error_dump to two functions (bsc#1119086). - iwlwifi: do not unmap as page memory that was mapped as single (bsc#1051510). - iwlwifi: fix bad dma handling in page_mem dumping flow (bsc#1120902). - iwlwifi: fw: use helper to determine whether to dump paging (bsc#1106434). - iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb() (bsc#1051510). - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT on version < 41 (bsc#1142635). - iwlwifi: mvm: fix an out-of-bound access (bsc#1051510). - iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT support (bsc#1142635). - iwlwifi: pcie: do not crash on invalid RX interrupt (bsc#1051510). - iwlwifi: pcie: do not service an interrupt that was masked (bsc#1142635). - iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X (bsc#1142635). - jbd2: flush_descriptor(): Do not decrease buffer head's ref count (bsc#1143843). - jbd2: introduce jbd2_inode dirty range scoping (bsc#1148616). - kabi: drop LINUX_MIB_TCPWQUEUETOOBIG snmp counter (bsc#1137586). - kabi: Fix kABI for 'struct amd_iommu' (bsc#1145010). - kabi fixup blk_mq_register_dev() (bsc#1140637). - kabi: media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). fixes kABI - kabi: media: em28xx: stop rewriting device's struct (bsc#1051510). fixes kABI - kabi workaround for the new pci_dev.skip_bus_pm field addition (bsc#1051510). - kabi: x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - kabi: x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - kasan: remove redundant initialization of variable 'real_size' (git fixes). - kbuild: use -flive-patching when CONFIG_LIVEPATCH is enabled (bsc#1071995). - kconfig/[mn]conf: handle backspace (^H) key (bsc#1051510). - kernel-binary: fix missing \ - kernel-binary: rpm does not support multiline condition - kernel-binary: Use -c grep option in klp project detection. - kernel: jump label transformation performance (bsc#1137534 bsc#1137535 LTC#178058 LTC#178059). - kernel/signal.c: trace_signal_deliver when signal_group_exit (git-fixes). - keys: Fix missing null pointer check in request_key_auth_describe() (bsc#1051510). - KMPs: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137). - KMPs: provide and conflict a kernel version specific KMP name (bsc#1127155, bsc#1109137). - kvm: arm64: Fix caching of host MDCR_EL2 value (bsc#1133021). - kvm: arm/arm64: Close VMID generation race (bsc#1133021). - kvm: arm/arm64: Convert kvm_host_cpu_state to a static per-cpu allocation (bsc#1133021). - kvm: arm/arm64: Drop resource size check for GICV window (bsc#1133021). - kvm: arm/arm64: Fix lost IRQs from emulated physcial timer when blocked (bsc#1133021). - kvm: arm/arm64: Fix VMID alloc race by reverting to lock-less (bsc#1133021). - kvm: arm/arm64: Handle CPU_PM_ENTER_FAILED (bsc#1133021). - kvm: arm/arm64: Reduce verbosity of KVM init log (bsc#1133021). - kvm: arm/arm64: Set dist->spis to NULL after kfree (bsc#1133021). - kvm: arm/arm64: Skip updating PMD entry if no change (bsc#1133021). - kvm: arm/arm64: Skip updating PTE entry if no change (bsc#1133021). - kvm: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending (bsc#1133021). - kvm: arm/arm64: vgic: Fix kvm_device leak in vgic_its_destroy (bsc#1133021). - kvm: arm/arm64: vgic-its: Fix potential overrun in vgic_copy_lpi_list (bsc#1133021). - kvm: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots (bsc#1133021). - kvm: arm/arm64: vgic-its: Take the srcu lock when writing to guest memory (bsc#1133021). - kvm: arm/arm64: vgic-v3: Tighten synchronization for guests using v2 on v3 (bsc#1133021). - kvm: Disallow wraparound in kvm_gfn_to_hva_cache_init (bsc#1133021). - kvm/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel (bsc#1133021). - kvm: Fix leak vCPU's VMCS value into other pCPU (bsc#1145388). - kvm: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC (bsc#1145408). - kvm: mmu: Fix overflow on kvm mmu page limit calculation (bsc#1135335). - kvm: mmu: Fix overlap between public and private memslots (bsc#1133021). - kvm/mmu: kABI fix for *_mmu_pages changes in struct kvm_arch (bsc#1135335). - kvm: nVMX: allow setting the VMFUNC controls MSR (bsc#1145389). - kvm: nVMX: do not use dangling shadow VMCS after guest reset (bsc#1145390). - kvm: nVMX: Remove unnecessary sync_roots from handle_invept (bsc#1145391). - kvm: nVMX: Use adjusted pin controls for vmcs02 (bsc#1145392). - kvm: polling: add architecture backend to disable polling (bsc#1119222). - kvm: PPC: Book3S: Fix incorrect guest-to-user-translation error handling (bsc#1061840). - kvm: PPC: Book3S HV: Avoid lockdep debugging in TCE realmode handlers (bsc#1061840). - kvm: PPC: Book3S HV: Check for MMU ready on piggybacked virtual cores (bsc#1061840). - kvm: PPC: Book3S HV: Do not lose pending doorbell request on migration on P9 (bsc#1061840). - kvm: PPC: Book3S HV: Do not push XIVE context when not using XIVE device (bsc#1061840). - kvm: PPC: Book3S HV: Fix CR0 setting in TM emulation (bsc#1061840). - kvm: PPC: Book3S HV: Fix lockdep warning when entering the guest (bsc#1061840). - kvm: PPC: Book3S HV: Fix race in re-enabling XIVE escalation interrupts (bsc#1061840). - kvm: PPC: Book3S HV: Handle virtual mode in XIVE VCPU push code (bsc#1061840). - kvm: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough interrupts (bsc#1061840). - kvm: PPC: Book3S HV: XIVE: Free escalation interrupts before disabling the VP (bsc#1061840). - kvm: PPC: Book3S: Protect memslots while validating user address (bsc#1061840). - kvm: PPC: Release all hardware TCE tables attached to a group (bsc#1061840). - kvm: PPC: Remove redundand permission bits removal (bsc#1061840). - kvm: PPC: Validate all tces before updating tables (bsc#1061840). - kvm: PPC: Validate TCEs against preregistered memory page sizes (bsc#1061840). - kvm: Reject device ioctls from processes other than the VM's creator (bsc#1133021). - kvm: s390: change default halt poll time to 50us (bsc#1119222). - kvm: s390: enable CONFIG_HAVE_KVM_NO_POLL (bsc#1119222) We need to enable CONFIG_HAVE_KVM_NO_POLL for bsc#1119222 - kvm: s390: fix typo in parameter description (bsc#1119222). - kvm: s390: kABI Workaround for 'lowcore' (bsc#1119222). - kvm: s390: provide kvm_arch_no_poll function (bsc#1119222). - kvm: svm/avic: Do not send AVIC doorbell to self (bsc#1140133). - kvm: svm/avic: fix off-by-one in checking host APIC ID (bsc#1140971). - kvm: SVM: Fix detection of AMD Errata 1096 (bsc#1142354). - kvm: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT with bad value (bsc#1145393). - kvm: VMX: check CPUID before allowing read/write of IA32_XSS (bsc#1145394). - kvm: VMX: Fix handling of #MC that occurs during VM-Entry (bsc#1145395). - kvm: x86: degrade WARN to pr_warn_ratelimited (bsc#1145409). - kvm: x86: Do not update RIP or do single-step on faulting emulation (bsc#1149104). - kvm: x86: fix backward migration with async_PF (bsc#1146074). - kvm: x86: fix return value for reserved EFER (bsc#1140992). - kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID (bsc#1114279). - kvm: x86: Include multiple indices with CPUID leaf 0x8000001d (bsc#1114279). - kvm/x86: Move MSR_IA32_ARCH_CAPABILITIES to array emulated_msrs (bsc#1134881 bsc#1134882). - kvm: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083). - kvm: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083). - kvm: x86: Skip EFER vs. guest CPUID checks for host-initiated writes (bsc#1140972). - kvm: x86: Unconditionally enable irqs in guest context (bsc#1145396). - kvm: x86/vPMU: refine kvm_pmu err msg when event creation failed (bsc#1145397). - lan78xx: Fix memory leaks (bsc#1051510). - lapb: fixed leak of control-blocks (networking-stable-19_06_18). - leds: avoid flush_work in atomic context (bsc#1051510). - leds: leds-lp5562 allow firmware files up to the maximum length (bsc#1051510). - leds: trigger: gpio: GPIO 0 is valid (bsc#1051510). - libata: add SG safety checks in SFF pio transfers (bsc#1051510). - libata: do not request sense data on !ZAC ATA devices (bsc#1051510). - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk (bsc#1051510). - libata: have ata_scsi_rw_xlat() fail invalid passthrough requests (bsc#1051510). - libata: zpodd: Fix small read overflow in zpodd_get_mech_type() (bsc#1051510). - lib/bitmap.c: make bitmap_parselist() thread-safe and much faster (bsc#1143507). - libceph: add osd_req_op_extent_osd_data_bvecs() (bsc#1141450). - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer (bsc#1148133). - libceph: assign cookies in linger_submit() (bsc#1135897). - libceph: check reply num_data_items in setup_request_data() (bsc#1135897). - libceph: do not consume a ref on pagelist in ceph_msg_data_add_pagelist() (bsc#1135897). - libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() (bsc#1135897). - libceph: fix PG split vs OSD (re)connect race (bsc#1148133). - libceph: handle zero-length data items (bsc#1141450). - libceph: introduce alloc_watch_request() (bsc#1135897). - libceph: introduce BVECS data type (bsc#1141450). - libceph: introduce ceph_pagelist_alloc() (bsc#1135897). - libceph: preallocate message data items (bsc#1135897). - libceph, rbd: add error handling for osd_req_op_cls_init() (bsc#1135897). - libceph, rbd, ceph: move ceph_osdc_alloc_messages() calls (bsc#1135897). - libceph, rbd: new bio handling code (aka do not clone bios) (bsc#1141450). - libceph: use single request data item for cmp/setxattr (bsc#1139101). - libertas_tf: Use correct channel range in lbtf_geo_init (bsc#1051510). - lib: fix stall in __bitmap_parselist() (bsc#1051510). - libiscsi: do not try to bypass SCSI EH (bsc#1142076). - libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865). - libnvdimm/namespace: Fix label tracking error (bsc#1142350). - libnvdimm, pfn: Fix over-trim in trim_pfn_device() (bsc#1140719). - libnvdimm/pfn: Store correct value of npfns in namespace superblock (bsc#1146381 ltc#180720). - lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE (bsc#1051510). - liquidio: add cleanup in octeon_setup_iq() (bsc#1051510). - livepatch: Nullify obj->mod in klp_module_coming()'s error path (bsc#1071995). - livepatch: Remove duplicate warning about missing reliable stacktrace support (bsc#1071995). - livepatch: Use static buffer for debugging messages under rq lock (bsc#1071995). - llc: fix skb leak in llc_build_and_send_ui_pkt() (networking-stable-19_05_31). - loop: set PF_MEMALLOC_NOIO for the worker thread (git fixes). - mac80211/cfg80211: update bss channel on channel switch (bsc#1051510). - mac80211: Do not use stack memory with scatterlist for GMAC (bsc#1051510). - mac80211: do not warn about CW params when not using them (bsc#1051510). - mac80211: do not WARN on short WMM parameters from AP (bsc#1051510). - mac80211: drop robust management frames from unknown TA (bsc#1051510). - mac80211: Fix kernel panic due to use of txq after free (bsc#1051510). - mac80211: fix possible memory leak in ieee80211_assign_beacon (bsc#1142635). - mac80211: fix possible sta leak (bsc#1051510). - mac80211: handle deauthentication/disassociation from TDLS peer (bsc#1051510). - mac80211: minstrel_ht: fix per-group max throughput rate initialization (bsc#1051510). - macsec: fix checksumming after decryption (bsc#1051510). - macsec: fix use-after-free of skb during RX (bsc#1051510). - macsec: let the administrator set UP state even if lowerdev is down (bsc#1051510). - macsec: update operstate when lower device changes (bsc#1051510). - mailbox: handle failed named mailbox channel request (bsc#1051510). - md: add mddev->pers to avoid potential NULL pointer dereference (git fixes). - md: do not report active array_state until after revalidate_disk() completes (git-fixes). - md: only call set_in_sync() when it is expected to succeed (git-fixes). - md/raid6: Set R5_ReadError when there is read failure on parity disk (git-fixes). - md/raid: raid5 preserve the writeback action after the parity check (git fixes). - media: atmel: atmel-isi: fix timeout value for stop streaming (bsc#1051510). - media: au0828: fix null dereference in error path (bsc#1051510). - media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() (bsc#1051510). - media: au0828: stop video streaming only when last user stops (bsc#1051510). - media: coda: clear error return value before picture run (bsc#1051510). - media: coda: fix last buffer handling in V4L2_ENC_CMD_STOP (bsc#1051510). - media: coda: fix mpeg2 sequence number handling (bsc#1051510). - media: coda: increment sequence offset for the last returned frame (bsc#1051510). - media: coda: Remove unbalanced and unneeded mutex unlock (bsc#1051510). - media: cpia2: Fix use-after-free in cpia2_exit (bsc#1051510). - media: cpia2_usb: first wake up, then free in disconnect (bsc#1135642). - media: dib0700: fix link error for dibx000_i2c_set_speed (bsc#1051510). - media: dvb: usb: fix use after free in dvb_usb_device_exit (bsc#1051510). - media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). - media: em28xx: stop rewriting device's struct (bsc#1051510). - media: fdp1: Reduce FCP not found message level to debug (bsc#1051510). - media: go7007: avoid clang frame overflow warning with KASAN (bsc#1051510). - media: hdpvr: fix locking and a missing msleep (bsc#1051510). - media: m88ds3103: serialize reset messages in m88ds3103_set_frontend (bsc#1051510). - media: marvell-ccic: do not generate EOF on parallel bus (bsc#1051510). - media: marvell-ccic: fix DMA s/g desc number calculation (bsc#1051510). - media: mc-device.c: do not memset __user pointer contents (bsc#1051510). - media: media_device_enum_links32: clean a reserved field (bsc#1051510). - media: ov2659: make S_FMT succeed even if requested format does not match (bsc#1051510). - media: ov6650: Fix sensor possibly not detected on probe (bsc#1051510). - media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper (bsc#1051510). - media: pvrusb2: use a different format for warnings (bsc#1051510). - media: replace strcpy() by strscpy() (bsc#1051510). - media: Revert '[media] marvell-ccic: reset ccic phy when stop streaming for stability' (bsc#1051510). - media: s5p-mfc: Make additional clocks optional (bsc#1051510). - media: saa7146: avoid high stack usage with clang (bsc#1051510). - media: smsusb: better handle optional alignment (bsc#1051510). - media: spi: IR LED: add missing of table registration (bsc#1051510). - media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails (bsc#1051510). - media: technisat-usb2: break out of loop at end of buffer (bsc#1051510). - media: tm6000: double free if usb disconnect while streaming (bsc#1051510). - media: usb: siano: Fix false-positive 'uninitialized variable' warning (bsc#1051510). - media: usb: siano: Fix general protection fault in smsusb (bsc#1051510). - media: v4l2-ioctl: clear fields in s_parm (bsc#1051510). - media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom() (bsc#1051510). - media: vb2: Fix videobuf2 to map correct area (bsc#1051510). - media: vivid: fix incorrect assignment operation when setting video mode (bsc#1051510). - media: vpss: fix a potential NULL pointer dereference (bsc#1051510). - media: wl128x: Fix some error handling in fm_v4l2_init_video_device() (bsc#1051510). - mei: bus: need to unlink client before freeing (bsc#1051510). - mei: me: add denverton innovation engine device IDs (bsc#1051510). - mei: me: add gemini lake devices id (bsc#1051510). - memory: tegra: Fix integer overflow on tick value calculation (bsc#1051510). - memstick: Fix error cleanup path of memstick_init (bsc#1051510). - mfd: arizona: Fix undefined behavior (bsc#1051510). - mfd: core: Set fwnode for created devices (bsc#1051510). - mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L (bsc#1051510). - mfd: hi655x: Fix regmap area declared size for hi655x (bsc#1051510). - mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk (bsc#1051510). - mfd: intel-lpss: Add Intel Comet Lake PCI IDs (jsc#SLE-4875). - mfd: intel-lpss: Release IDA resources (bsc#1051510). - mfd: intel-lpss: Set the device in reset state when init (bsc#1051510). - mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values (bsc#1051510). - mfd: tps65912-spi: Add missing of table registration (bsc#1051510). - mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510). - mic: avoid statically declaring a 'struct device' (bsc#1051510). - mISDN: make sure device name is NUL terminated (bsc#1051510). - mm: add filemap_fdatawait_range_keep_errors() (bsc#1148616). - mmc: cavium: Add the missing dma unmap when the dma has finished (bsc#1051510). - mmc: cavium: Set the correct dma max segment size for mmc_host (bsc#1051510). - mmc: core: Fix init of SD cards reporting an invalid VDD range (bsc#1051510). - mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers (bsc#1051510). - mmc: core: Prevent processing SDIO IRQs when the card is suspended (bsc#1051510). - mmc: core: Verify SD bus width (bsc#1051510). - mmc: dw_mmc: Fix occasional hang after tuning on eMMC (bsc#1051510). - mmc: mmci: Prevent polling for busy detection in IRQ context (bsc#1051510). - mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-msm: fix mutex while in spinlock (bsc#1142635). - mmc: sdhci-of-arasan: Do now show error message in case of deffered probe (bsc#1119086). - mmc: sdhci-of-at91: add quirk for broken HS200 (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum A-009204 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC5 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support (bsc#1051510). - mmc: sdhci-pci: Add support for Intel CML (jsc#SLE-4875). - mmc: sdhci-pci: Add support for Intel ICP (jsc#SLE-4875). - mmc: sdhci-pci: Try 'cd' for card-detect lookup before using NULL (bsc#1051510). - mmc_spi: add a status check for spi_sync_locked (bsc#1051510). - mm: do not stall register_shrinker() (bsc#1104902, VM Performance). - mm: Fix buggy backport leading to MAP_SYNC failures (bsc#1137372) - mm/hmm: fix bad subpage pointer in try_to_unmap_one (bsc#1148202, HMM, VM Functionality). - mm/hotplug: fix offline undo_isolate_page_range() (bsc#1148196, VM Functionality). - mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node (bsc#1148379, VM Functionality). - mm/memcontrol.c: fix use after free in mem_cgroup_iter() (bsc#1149224, VM Functionality). - mm/memory.c: recheck page table entry with page table lock held (bsc#1148363, VM Functionality). - mm/migrate.c: initialize pud_entry in migrate_vma() (bsc#1148198, HMM, VM Functionality). - mm: migrate: Fix reference check race between __find_get_block() and migration (bnc#1137609). - mm/mlock.c: change count_mm_mlocked_page_nr return type (bsc#1148527, VM Functionality). - mm/mlock.c: mlockall error for flag MCL_ONFAULT (bsc#1148527, VM Functionality). - mm/nvdimm: add is_ioremap_addr and use that to check ioremap address (bsc#1140322 LTC#176270). - mm/page_alloc.c: fix calculation of pgdat->nr_zones (bsc#1148192, VM Functionality). - mm, page_alloc: fix has_unmovable_pages for HugePages (bsc#1127034). - mm: pagechage-limit: Calculate pagecache-limit based on node state (bsc#1136811) - mm: page_mapped: do not assume compound page is huge or THP (bsc#1148574, VM Functionality). - mm, page_owner: handle THP splits correctly (bsc#1149197, VM Debugging Functionality). - mm: replace all open encodings for NUMA_NO_NODE (bsc#1140322 LTC#176270). - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (bnc#1012382). - mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy() (bsc#1118689). - mm/vmscan.c: fix trying to reclaim unevictable LRU page (bsc#1149214, VM Functionality). - mm/vmscan.c: prevent useless kswapd loops (git fixes (mm/vmscan)). - module: Fix livepatch/ftrace module text permissions race (bsc#1071995). - mount: copy the port field into the cloned nfs_server structure (bsc#1136990). - move a few externs to smbdirect.h to eliminate warning (bsc#1144333). - move irq_data_get_effective_affinity_mask prior the sorted section - Move stuff git_sort chokes on, out of the way - Move upstreamed BT fix into sorted section - Move upstreamed nvme fix into sorted section - mpls: fix warning with multi-label encap (bsc#1051510). - mtd: spi-nor: Fix Cadence QSPI RCU Schedule Stall (bsc#1051510). - mvpp2: refactor MTU change code (networking-stable-19_08_08). - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935). - mwifiex: Fix possible buffer overflows at parsing bss descriptor - nbd: replace kill_bdev() with __invalidate_device() again (git fixes). - Negotiate and save preferred compression algorithms (bsc#1144333). - neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit (git-fixes). - neigh: fix use-after-free read in pneigh_get_next (networking-stable-19_06_18). - net/9p: include trans_common.h to fix missing prototype warning (bsc#1051510). - net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142112 bsc#1142221 LTC#179334 LTC#179332). - net: avoid weird emergency message (networking-stable-19_05_21). - net: bcmgenet: use promisc for unsupported filters (networking-stable-19_07_25). - net: bridge: delete local fdb on device init failure (networking-stable-19_08_08). - net: bridge: mcast: do not delete permanent entries when fast leave is enabled (networking-stable-19_08_08). - net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query (networking-stable-19_07_25). - net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling (networking-stable-19_07_25). - net: bridge: stp: do not cache eth dest pointer before skb pull (networking-stable-19_07_25). - net: dsa: mv88e6xxx: wait after reset deactivation (networking-stable-19_07_25). - net: ena: add ethtool function for changing io queue sizes (bsc#1139020 bsc#1139021). - net: ena: add good checksum counter (bsc#1139020 bsc#1139021). - net: ena: add handling of llq max tx burst size (bsc#1139020 bsc#1139021). - net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1139020 bsc#1139021). - net: ena: add newline at the end of pr_err prints (bsc#1139020 bsc#1139021). - net: ena: add support for changing max_header_size in LLQ mode (bsc#1139020 bsc#1139021). - net: ena: allow automatic fallback to polling mode (bsc#1139020 bsc#1139021). - net: ena: allow queue allocation backoff when low on memory (bsc#1139020 bsc#1139021). - net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1139020 bsc#1139021). - net: ena: enable negotiating larger Rx ring size (bsc#1139020 bsc#1139021). - net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1139020 bsc#1139021). - net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1139020 bsc#1139021). - net: ena: fix ena_com_fill_hash_function() implementation (bsc#1139020 bsc#1139021). - net: ena: fix: Free napi resources when ena_up() fails (bsc#1139020 bsc#1139021). - net: ena: fix incorrect test of supported hash function (bsc#1139020 bsc#1139021). - net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1139020 bsc#1139021). - net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1139020 bsc#1139021). - net: ena: gcc 8: fix compilation warning (bsc#1139020 bsc#1139021). - net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1139020 bsc#1139021). - net: ena: make ethtool show correct current and max queue sizes (bsc#1139020 bsc#1139021). - net: ena: optimise calculations for CQ doorbell (bsc#1139020 bsc#1139021). - net: ena: remove inline keyword from functions in *.c (bsc#1139020 bsc#1139021). - net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1139020 bsc#1139021). - net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1139020 bsc#1139021). - net: ena: use dev_info_once instead of static variable (bsc#1139020 bsc#1139021). - net: fec: fix the clk mismatch in failed_reset path (networking-stable-19_05_31). - netfilter: conntrack: fix calculation of next bucket number in early_drop (git-fixes). - net: fix ifindex collision during namespace removal (networking-stable-19_08_08). - net: Fix netdev_WARN_ONCE macro (git-fixes). - net-gro: fix use-after-free read in napi_gro_frags() (networking-stable-19_05_31). - net/ibmvnic: Fix missing { in __ibmvnic_reset (bsc#1149652 ltc#179635). - net/ibmvnic: free reset work of removed device from queue (bsc#1149652 ltc#179635). - net/ibmvnic: prevent more than one thread from running in reset (bsc#1152457 ltc#174432). - net/ibmvnic: Remove tests of member address (bsc#1137739). - net/ibmvnic: unlock rtnl_lock in reset so linkwatch_event can run (bsc#1152457 ltc#174432). - net: Introduce netdev_*_once functions (networking-stable-19_07_25). - net: make skb_dst_force return true when dst is refcounted (networking-stable-19_07_25). - net/mlx4_core: Change the error print to info print (networking-stable-19_05_21). - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command (bsc#1145678). - net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_06_09). - net/mlx5: Allocate root ns memory using kzalloc to match kfree (networking-stable-19_05_31). - net/mlx5: Avoid double free in fs init error unwinding path (networking-stable-19_05_31). - net/mlx5e: IPoIB, Add error path in mlx5_rdma_setup_rn (networking-stable-19_07_25). - net/mlx5e: Only support tx/rx pause setting for port owner (networking-stable-19_08_21). - net/mlx5e: Prevent encap flow counter update async to user query (networking-stable-19_08_08). - net/mlx5e: Use flow keys dissector to parse packets for ARFS (networking-stable-19_08_21). - net/mlx5: Use reversed order when unregister devices (networking-stable-19_08_08). - net: mvneta: Fix err code path of probe (networking-stable-19_05_31). - net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value (networking-stable-19_05_31). - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633). - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633). - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633). - net: neigh: fix multiple neigh timer scheduling (networking-stable-19_07_25). - net: openvswitch: do not free vport if register_netdevice() is failed (networking-stable-19_06_18). - net: openvswitch: fix csum updates for MPLS actions (networking-stable-19_07_25). - net/packet: fix memory leak in packet_set_ring() (git-fixes). - net/packet: fix race in tpacket_snd() (networking-stable-19_08_21). - net: rds: fix memory leak in rds_ib_flush_mr_pool (networking-stable-19_06_09). - net: remove duplicate fetch in sock_getsockopt (networking-stable-19_07_02). - netrom: fix a memory leak in nr_rx_frame() (networking-stable-19_07_25). - netrom: hold sock when setting skb->destructor (networking-stable-19_07_25). - net: sched: Fix a possible null-pointer dereference in dequeue_func() (networking-stable-19_08_08). - net_sched: unset TCQ_F_CAN_BYPASS when adding filters (networking-stable-19_07_25). - net: sched: verify that q!=NULL before setting q->flags (git-fixes). - net: seeq: fix crash caused by not set dev.parent (networking-stable-19_05_14). - net/smc: do not schedule tx_work in SMC_CLOSED state (bsc#1149963). - net/smc: make sure EPOLLOUT is raised (networking-stable-19_08_28). - net/smc: original socket family in inet_sock_diag (bsc#1149959). - net: stmmac: fixed new system time seconds value calculation (networking-stable-19_07_02). - net: stmmac: fix reset gpio free missing (networking-stable-19_05_31). - net: stmmac: set IC bit when transmitting frames with HW timestamp (networking-stable-19_07_02). - net: unbreak CONFIG_RETPOLINE=n builds (bsc#1124503). - net: usb: pegasus: fix improper read if get_registers() fail (bsc#1051510). - net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions (networking-stable-19_05_21). - net: use indirect call wrappers at GRO network layer (bsc#1124503). - net: use indirect call wrappers at GRO transport layer (bsc#1124503). - nfc: fix potential illegal memory access (bsc#1051510). - nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814). - nfit/ars: Avoid stale ARS results (jsc#SLE-5433). - nfit/ars: Introduce scrub_flags (jsc#SLE-5433). - nfs4: Fix v4.0 client state corruption when mount (git-fixes). - nfs add module option to limit NFSv4 minor version (jsc#PM-231). - nfs: Cleanup if nfs_match_client is interrupted (bsc#1134291). - nfsd: degraded slot-count more gracefully as allocation nears exhaustion (bsc#1150381). - nfsd: Do not release the callback slot unless it was actually held (git-fixes). - nfsd: Fix overflow causing non-working mounts on 1 TB machines (bsc#1150381). - nfsd: fix performance-limiting session calculation (bsc#1150381). - nfsd: give out fewer session slots as limit approaches (bsc#1150381). - nfsd: handle drc over-allocation gracefully (bsc#1150381). - nfsd: increase DRC cache limit (bsc#1150381). - nfs: Do not interrupt file writeout due to fatal errors (git-fixes). - nfs: Do not open code clearing of delegation state (git-fixes). - nfs: Ensure O_DIRECT reports an error if the bytes read/written is 0 (git-fixes). - nfs: Fix a double unlock from nfs_match,get_client (bsc#1134291). - nfs: Fix regression whereby fscache errors are appearing on 'nofsc' mounts (git-fixes). - nfs: Fix the inode request accounting when pages have subrequests (bsc#1140012). - nfs: Forbid setting AF_INET6 to 'struct sockaddr_in'->sin_family (git-fixes). - nfs: make nfs_match_client killable (bsc#1134291). - nfs: Refactor nfs_lookup_revalidate() (git-fixes). - nfs: Remove redundant semicolon (git-fixes). - nfsv4.1: Again fix a race where CB_NOTIFY_LOCK fails to wake a waiter (git-fixes). - nfsv4.1: Fix open stateid recovery (git-fixes). - nfsv4.1: Only reap expired delegations (git-fixes). - nfsv4: Check the return value of update_open_stateid() (git-fixes). - nfsv4: Fix an Oops in nfs4_do_setattr (git-fixes). - nfsv4: Fix a potential sleep while atomic in nfs4_do_reclaim() (git-fixes). - nfsv4: Fix delegation state recovery (git-fixes). - nfsv4: Fix lookup revalidate of regular files (git-fixes). - nfsv4: Fix OPEN / CLOSE race (git-fixes). - nfsv4: Handle the special Linux file open access mode (git-fixes). - nfsv4: Only pass the delegation to setattr if we're sending a truncate (git-fixes). - nfsv4/pnfs: Fix a page lock leak in nfs_pageio_resend() (git-fixes). - nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header (git fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642). - null_blk: complete requests from ->timeout (bsc#1149446). - null_blk: wire up timeouts (bsc#1149446). - nvme: cancel request synchronously (bsc#1145661). - nvme: change locking for the per-subsystem controller list (bsc#1142541). - nvme: copy MTFA field from identify controller (bsc#1140715). - nvme-core: Fix extra device_put() call on error path (bsc#1142541). - nvme-fc: fix module unloads while lports still pending (bsc#1150033). - nvme: fix memory leak caused by incorrect subsystem free (bsc#1143185). - nvme: fix multipath crash when ANA is deactivated (bsc#1149446). - nvme: fix possible use-after-free in connect error flow (bsc#1139500, bsc#1140426) - nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN (bsc#1146938). - nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510). - nvmem: core: fix read buffer in place (bsc#1051510). - nvmem: correct Broadcom OTP controller driver writes (bsc#1051510). - nvmem: Do not let a NULL cell_id for nvmem_cell_get() crash us (bsc#1051510). - nvmem: imx-ocotp: Add i.MX7D timing write clock setup support (bsc#1051510). - nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510). - nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510). - nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function (bsc#1051510). - nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510). - nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510). - nvmem: imx-ocotp: Update module description (bsc#1051510). - nvmem: properly handle returned value nvmem_reg_read (bsc#1051510). - nvme-multipath: fix ana log nsid lookup when nsid is not found (bsc#1141554). - nvme-multipath: relax ANA state check (bsc#1123105). - nvme-multipath: revalidate nvme_ns_head gendisk in nvme_validate_ns (bsc#1120876). - nvmem: Use the same permissions for eeprom as for nvmem (git-fixes). - nvme-rdma: Allow DELETING state change failure in (bsc#1104967,). - nvme-rdma: centralize admin/io queue teardown sequence (bsc#1142076). - nvme-rdma: centralize controller setup sequence (bsc#1142076). - nvme-rdma: fix a NULL deref when an admin connect times out (bsc#1149446). - nvme-rdma: fix double freeing of async event data (bsc#1120423). - nvme-rdma: fix possible double free of controller async event buffer (bsc#1120423). - nvme-rdma: fix possible free of a non-allocated async event buffer (bsc#1120423). - nvme-rdma: fix timeout handler (bsc#1149446). - nvme-rdma: stop admin queue before freeing it (bsc#1140155). - nvme-rdma: support up to 4 segments of inline data (bsc#1142076). - nvme-rdma: unquiesce queues when deleting the controller (bsc#1142076). - nvme: remove ns sibling before clearing path (bsc#1140155). - nvme: return BLK_EH_DONE from ->timeout (bsc#1142076). - nvme: Return BLK_STS_TARGET if the DNR bit is set (bsc#1142076). - nvme: skip nvme_update_disk_info() if the controller is not live (bsc#1128432). - objtool: Add rewind_stack_do_exit() to the noreturn list (bsc#1145302). - objtool: Support GCC 9 cold subfunction naming scheme (bsc#1145300). - ocfs2: add first lock wait time in locking_state (bsc#1134390). - ocfs2: add last unlock times in locking_state (bsc#1134390). - ocfs2: add locking filter debugfs file (bsc#1134390). - ocfs2: try to reuse extent block in dealloc without meta_alloc (bsc#1128902). - octeon_mgmt: Fix MIX registers configuration on MTU setup (bsc#1051510). - of: fix clang -Wunsequenced for be32_to_cpu() (bsc#1135642). - packet: Fix error path in packet_init (networking-stable-19_05_14). - packet: in recvmsg msg_name return at least sizeof sockaddr_ll (git-fixes). - parport: Fix mem leak in parport_register_dev_model (bsc#1051510). - PCI: Always allow probing with driver_override (bsc#1051510). - PCI: Do not poll for PME if the device is in D3cold (bsc#1051510). - PCI: hv: Add hv_pci_remove_slots() when we unload the driver (bsc#1142701). - PCI: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary (bsc#1142701). - PCI: hv: Detect and fix Hyper-V PCI domain number collision (bsc#1150423). - PCI: hv: Fix a memory leak in hv_eject_device_work() (bsc#1142701). - PCI: hv: Fix a use-after-free bug in hv_eject_device_work() (bsc#1142701). - PCI: hv: Fix panic by calling hv_pci_remove_slots() earlier (bsc#1142701). - PCI: hv: Fix return value check in hv_pci_assign_slots() (bsc#1142701). - PCI: hv: Remove unused reason for refcount handler (bsc#1142701). - PCI: hv: support reporting serial number as slot information (bsc#1142701). - PCI: PM/ACPI: Refresh all stale power state data in pci_pm_complete() (bsc#1149106). - PCI: PM: Avoid possible suspend-to-idle issue (bsc#1051510). - PCI: PM: Skip devices in D0 for suspend-to-idle (bsc#1051510). - PCI: qcom: Ensure that PERST is asserted for at least 100 ms (bsc#1142635). - PCI: Restore Resizable BAR size bits correctly for 1MB BARs (bsc#1143841). - PCI: Return error if cannot probe VF (bsc#1051510). - PCI: rpadlpar: Fix leaked device_node references in add/remove paths (bsc#1051510). - PCI: xilinx-nwl: Fix Multi MSI data programming (bsc#1142635). - perf tools: Add Hygon Dhyana support (). - perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/rapl: Cosmetic rename internal variables in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454). - phy: qcom-qusb2: Fix crash if nvmem cell not specified (bsc#1051510). - phy: renesas: rcar-gen2: Fix memory leak at error paths (bsc#1051510). - phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current (bsc#1051510). - pinctrl: pistachio: fix leaked of_node references (bsc#1051510). - pinctrl: rockchip: fix leaked of_node references (bsc#1051510). - pkey: Indicate old mkvp only if old and current mkvp are different (bsc#1137827 LTC#178090). - pktgen: do not sleep with the thread lock held (git-fixes). - platform/chrome: cros_ec_proto: check for NULL transfer function (bsc#1051510). - platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ (bsc#1051510). - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510). - platform/x86: intel_turbo_max_3: Remove restriction for HWP platforms (jsc#SLE-5439). - platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration (bsc#1051510). - platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Add Siemens SIMATIC IPC227E to critclk_systems DMI table (bsc#1051510). - PM / core: Propagate dev->power.wakeup_path when no callbacks (bsc#1051510). - PM / devfreq: rk3399_dmc: do not print error when get supply and clk defer (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: fix spelling mistakes (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: Pass ODT and auto power down parameters to TF-A (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: remove unneeded semicolon (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: remove wait for dcf irq event (bsc#1144718,bsc#1144813). - PM / devfreq: rockchip-dfi: Move GRF definitions to a common place (bsc#1144718,bsc#1144813). - PM / OPP: OF: Use pr_debug() instead of pr_err() while adding OPP table (jsc#SLE-7294). - PM: sleep: Fix possible overflow in pm_system_cancel_wakeup() (bsc#1051510). - pnfs fallback to MDS if no deviceid found (git-fixes). - pnfs/flexfiles: Fix PTR_ERR() dereferences in ff_layout_track_ds_error (git-fixes). - pnfs/flexfiles: Turn off soft RPC calls (git-fixes). - powercap/intel_rapl: Simplify rapl_find_package() (jsc#SLE-5454). - powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454). - powercap/intel_rapl: Update RAPL domain name and debug messages (jsc#SLE-5454). - powerpc/64: Make sys_switch_endian() traceable (bsc#1065729). - powerpc/64s: Include cpu header (bsc#1065729). - powerpc/64s/radix: Fix MADV_[FREE|DONTNEED] TLB flush miss problem with THP (bsc#1152161 ltc#181664). - powerpc/64s/radix: Fix memory hotplug section page table creation (bsc#1065729). - powerpc/64s/radix: Fix memory hot-unplug page table split (bsc#1065729). - powerpc/64s/radix: Implement _tlbie(l)_va_range flush functions (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve preempt handling in TLB code (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve TLB flushing for page table freeing (bsc#1152161 ltc#181664). - powerpc/64s/radix: Introduce local single page ceiling for TLB range flush (bsc#1055117 bsc#1152161 ltc#181664). - powerpc/64s/radix: Optimize flush_tlb_range (bsc#1152161 ltc#181664). - powerpc/64s: Remove POWER9 DD1 support (bsc#1055117, LTC#159753, git-fixes). - powerpc/64s: support nospectre_v2 cmdline option (bsc#1131107). - powerpc: Allow flush_(inval_)dcache_range to work across ranges >4GB (bsc#1146575 ltc#180764). - powerpc: Always initialize input array when calling epapr_hypercall() (bsc#1065729). - powerpc/book3s/64: check for NULL pointer in pgd_alloc() (bsc#1078248, git-fixes). - powerpc/book3s64/mm: Do not do tlbie fixup for some hardware revisions (bsc#1152161 ltc#181664). - powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG feature flag (bsc#1152161 ltc#181664). - powerpc: bpf: Fix generation of load/store DW instructions (bsc#1065729). - powerpc/bpf: use unsigned division instruction for 64-bit operations (bsc#1065729). - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374, LTC#178199). - powerpc/crypto: Use cheaper random numbers for crc-vpmsum self-test (). - powerpc: Drop page_is_ram() and walk_system_ram_range() (bsc#1065729). - powerpc: dump kernel log before carrying out fadump or kdump (bsc#1149940 ltc#179958). - powerpc/eeh: Fix race with driver un/bind (bsc#1065729). - powerpc/fadump: Do not allow hot-remove memory from fadump reserved area (bsc#1120937). - powerpc/fadump: Reservationless firmware assisted dump (bsc#1120937). - powerpc/fadump: Throw proper error message on fadump registration failure (bsc#1120937). - powerpc/fadump: use kstrtoint to handle sysfs store (bsc#1146376). - powerpc/fadump: when fadump is supported register the fadump sysfs files (bsc#1146352). - powerpc: Fix HMIs on big-endian with CONFIG_RELOCATABLE=y (bsc#1065729). - powerpc/fsl: Add nospectre_v2 command line argument (bsc#1131107). - powerpc/fsl: Update Spectre v2 reporting (bsc#1131107). - powerpc/irq: Do not WARN continuously in arch_local_irq_restore() (bsc#1065729). - powerpc/irq: drop arch_early_irq_init() (bsc#1065729). - powerpc/kdump: Handle crashkernel memory reservation failure (bsc#1143466 LTC#179600). - powerpc/lib: Fix feature fixup test of external branch (bsc#1065729). - powerpc/mm: Change function prototype (bsc#1055117). - powerpc/mm: Consolidate numa_enable check and min_common_depth check (bsc#1140322 LTC#176270). - powerpc/mm/drconf: Use NUMA_NO_NODE on failures instead of node 0 (bsc#1140322 LTC#176270). - powerpc/mm: Fix node look up with numa=off boot (bsc#1140322 LTC#176270). - powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue on POWER9 (bsc#1152161 ltc#181664). - powerpc/mm: Handle page table allocation failures (bsc#1065729). - powerpc/mm/hash/4k: Do not use 64K page size for vmemmap with 4K pagesize (bsc#1142685 LTC#179509). - powerpc/mm/hugetlb: Update huge_ptep_set_access_flags to call __ptep_set_access_flags directly (bsc#1055117). - powerpc/mm/radix: Change pte relax sequence to handle nest MMU hang (bsc#1055117). - powerpc/mm/radix: Drop unneeded NULL check (bsc#1152161 ltc#181664). - powerpc/mm/radix: implement LPID based TLB flushes to be used by KVM (bsc#1152161 ltc#181664). - powerpc/mm/radix: Move function from radix.h to pgtable-radix.c (bsc#1055117). - powerpc/mm/radix: Use the right page size for vmemmap mapping (bsc#1055117 bsc#1142685 LTC#179509). - powerpc/mm: Simplify page_is_ram by using memblock_is_memory (bsc#1065729). - powerpc/mm: Use memblock API for PPC32 page_is_ram (bsc#1065729). - powerpc/module64: Fix comment in R_PPC64_ENTRY handling (bsc#1065729). - powerpc/msi: Fix NULL pointer access in teardown code (bsc#1065729). - powerpc/perf: Add constraints for power9 l2/l3 bus events (bsc#1056686). - powerpc/perf: Add mem access events to sysfs (bsc#1124370). - powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list (bsc#1137728, LTC#178106). - powerpc/perf: Add POWER9 alternate PM_RUN_CYC and PM_RUN_INST_CMPL events (bsc#1137728, LTC#178106). - powerpc/perf: Cleanup cache_sel bits comment (bsc#1056686). - powerpc/perf: Fix MMCRA corruption by bhrb_filter (bsc#1053043). - powerpc/perf: Fix thresholding counter data for unknown type (bsc#1056686). - powerpc/perf: Remove PM_BR_CMPL_ALT from power9 event list (bsc#1047238, bsc#1056686). - powerpc/perf: Update perf_regs structure to include SIER (bsc#1056686). - powerpc/powernv: Fix compile without CONFIG_TRACEPOINTS (bsc#1065729). - powerpc/powernv: Flush console before platform error reboot (bsc#1149940 ltc#179958). - powerpc/powernv/idle: Restore IAMR after idle (bsc#1065729). - powerpc/powernv/ioda2: Allocate TCE table levels on demand for default DMA window (bsc#1061840). - powerpc/powernv/ioda: Fix race in TCE level allocation (bsc#1061840). - powerpc/powernv: move OPAL call wrapper tracing and interrupt handling to C (bsc#1065729). - powerpc/powernv/npu: Remove obsolete comment about TCE_KILL_INVAL_ALL (bsc#1065729). - powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler (bsc#1065729). - powerpc/powernv: Return for invalid IMC domain (bsc1054914, git-fixes). - powerpc/powernv: Use kernel crash path for machine checks (bsc#1149940 ltc#179958). - powerpc/process: Fix sparse address space warnings (bsc#1065729). - powerpc/pseries: add missing cpumask.h include file (bsc#1065729). - powerpc/pseries: Call H_BLOCK_REMOVE when supported (bsc#1109158). - powerpc/pseries: correctly track irq state in default idle (bsc#1150727 ltc#178925). - powerpc/pseries: Fix cpu_hotplug_lock acquisition in resize_hpt() (bsc#1065729). - powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375, LTC#178204). - powerpc/pseries: Fix xive=off command line (bsc#1085030, git-fixes). - powerpc/pseries/memory-hotplug: Fix return value type of find_aa_index (bsc#1065729). - powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199). - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199). - powerpc/pseries, ps3: panic flush kernel messages before halting system (bsc#1149940 ltc#179958). - powerpc/pseries: Read TLB Block Invalidate Characteristics (bsc#1109158). - powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning (bsc#1148868). - powerpc/rtas: retry when cpu offline races with suspend/migration (bsc#1140428, LTC#178808). - powerpc/rtas: use device model APIs and serialization during LPM (bsc#1144123 ltc#178840). - powerpc/security: Show powerpc_security_features in debugfs (bsc#1131107). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945 bsc#1141401 bsc#1141402 bsc#1141452 bsc#1141453 bsc#1141454 LTC#178983 LTC#179191 LTC#179192 LTC#179193 LTC#179194 LTC#179195). - powerpc/xive: Fix bogus error code returned by OPAL (bsc#1065729). - powerpc/xive: Fix dump of XIVE interrupt under pseries (bsc#1142019). - powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask() (bsc#1085030, bsc#1145189, LTC#179762). - powerpc/xive: Implement get_irqchip_state method for XIVE to fix shutdown race (bsc#1065729). - powerpc/xmon: Add a dump of all XIVE interrupts (bsc#1142019). - powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL (bsc#1142019). - powerpc/xmon: Fix opcode being uninitialized in print_insn_powerpc (bsc#1065729). - power: reset: gpio-restart: Fix typo when gpio reset is not found (bsc#1051510). - power: supply: Init device wakeup after device_add() (bsc#1051510). - power: supply: max14656: fix potential use-before-alloc (bsc#1051510). - power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510). - ppp: deflate: Fix possible crash in deflate_init (networking-stable-19_05_21). - ppp: Fix memory leak in ppp_write (git-fixes). - ppp: mppe: Add softdep to arc4 (bsc#1088047). - printk: Do not lose last line in kmsg buffer dump (bsc#1152460). - printk: fix printk_time race (bsc#1152466). - printk/panic: Avoid deadlock in printk() after stopping CPUs by NMI (bsc#1148712). - ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME (git-fixes). - ptrace: restore smp_rmb() in __ptrace_may_access() (git-fixes). - pwm: stm32: Use 3 cells ->of_xlate() (bsc#1111666). - qede: fix write to free'd pointer error and double free of ptp (bsc#1051510). - qla2xxx: kABI fixes for v10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - qla2xxx: remove SGI SN2 support (bsc#1123034 bsc#1131304 bsc#1127988). - qlcnic: Avoid potential NULL pointer dereference (bsc#1051510). - qlge: Deduplicate lbq_buf_size (bsc#1106061). - qlge: Deduplicate rx buffer queue management (bsc#1106061). - qlge: Factor out duplicated expression (bsc#1106061). - qlge: Fix dma_sync_single calls (bsc#1106061). - qlge: Fix irq masking in INTx mode (bsc#1106061). - qlge: Refill empty buffer queues from wq (bsc#1106061). - qlge: Refill rx buffers up to multiple of 16 (bsc#1106061). - qlge: Remove bq_desc.maplen (bsc#1106061). - qlge: Remove irq_cnt (bsc#1106061). - qlge: Remove page_chunk.last_flag (bsc#1106061). - qlge: Remove qlge_bq.len & size (bsc#1106061). - qlge: Remove rx_ring.sbq_buf_size (bsc#1106061). - qlge: Remove rx_ring.type (bsc#1106061). - qlge: Remove useless dma synchronization calls (bsc#1106061). - qlge: Remove useless memset (bsc#1106061). - qlge: Replace memset with assignment (bsc#1106061). - qlge: Update buffer queue prod index despite oom (bsc#1106061). - qmi_wwan: add network device usage statistics for qmimux devices (bsc#1051510). - qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510). - qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510). - qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode (bsc#1051510). - qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510). - qmi_wwan: Fix out-of-bounds read (bsc#1111666). - quota: fix wrong condition in is_quota_modification() (bsc#1152026). - r8152: Set memory to all 0xFFs on failed reg reads (bsc#1051510). - rapidio: fix a NULL pointer dereference when create_workqueue() fails (bsc#1051510). - RAS/CEC: Convert the timer callback to a workqueue (bsc#1114279). - RAS/CEC: Fix binary search function (bsc#1114279). - rbd: do not (ab)use obj_req->pages for stat requests (bsc#1141450). - rbd: do not NULL out ->obj_request in rbd_img_obj_parent_read_full() (bsc#1141450). - rbd: get rid of img_req->copyup_pages (bsc#1141450). - rbd: move from raw pages to bvec data descriptors (bsc#1141450). - rbd: remove bio cloning helpers (bsc#1141450). - rbd: start enums at 1 instead of 0 (bsc#1141450). - rbd: use kmem_cache_zalloc() in rbd_img_request_create() (bsc#1141450). - RDS: IB: fix 'passing zero to ERR_PTR()' warning (git-fixes). - regmap: fix bulk writes on paged registers (bsc#1051510). - regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg (bsc#1051510). - regulator: qcom_spmi: Fix math of spmi_regulator_set_voltage_time_sel (bsc#1051510). - regulator: s2mps11: Fix buck7 and buck8 wrong voltages (bsc#1051510). - Remove ifdef since SMB3 (and later) now STRONGLY preferred (bsc#1051510, bsc#1144333). - Replace the bluetooth fix with the upstream commit (bsc#1135556) - Revert 'ALSA: hda/realtek - Improve the headset mic for Acer Aspire laptops' (bsc#1051510). - Revert 'bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error()' (bsc#1140652). - Revert 'Bluetooth: validate BLE connection interval updates' (bsc#1051510). - Revert 'cfg80211: fix processing world regdomain when non modular' (bsc#1051510). - Revert 'dm bufio: fix deadlock with loop device' (git fixes). - Revert 'Drop multiversion(kernel) from the KMP template ()' (bsc#1109137). - Revert 'e1000e: fix cyclic resets at link up with active tx' (bsc#1051510). - Revert 'HID: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range' (bsc#1051510). - Revert i915 userptr page lock patch (bsc#1145051) This patch potentially causes a deadlock between kcompactd, as reported on 5.3-rc3. - Revert 'KMPs: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137).' - Revert 'mwifiex: fix system hang problem after resume' (bsc#1051510). - Revert 'net: ena: ethtool: add extra properties retrieval via get_priv_flags' (bsc#1139020 bsc#1139021). - Revert patches.suse/0001-blk-wbt-Avoid-lock-contention-and-thundering-herd-is.patch (bsc#1141543) As we see stalls / crashes recently with the relevant code path, revert this patch tentatively. - Revert 'Revert 'Drop multiversion(kernel) from the KMP template ()'' This feature was requested for SLE15 but aws reverted in packaging and master. - Revert 'Revert 'KMPs: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137).'' - Revert 'Revert 'KMPs: provide and conflict a kernel version specific KMP name'' - Revert 'Revert 'Revert 'Drop multiversion(kernel) from the KMP template ()''' - Revert 's390/jump_label: Use 'jdd' constraint on gcc9 (bsc#1138589).' This broke the build with older gcc instead. - Revert 'scsi: ncr5380: Increase register polling limit' (git-fixes). - Revert 'scsi: ufs: disable vccq if it's not needed by UFS device' (git-fixes). - Revert 'serial: 8250: Do not service RX FIFO if interrupts are disabled' (bsc#1051510). - Revert 'svm: Fix AVIC incomplete IPI emulation' (bsc#1140133). - rpm: Add arm64 dtb-allwinner subpackage 4.10 added arch/arm64/boot/dts/allwinner/. - rpm: Add arm64 dtb-zte subpackage 4.9 added arch/arm64/boot/dts/zte/. - rpm/kernel-binary.spec.in: Add back kernel-binary-base subpackage (jsc#SLE-3853). - rpm/kernel-binary.spec.in: Build livepatch support in SUSE release projects (bsc#1124167). - rpm/kernel-binary.spec.in: Enable missing modules check. - rpm/kernel-binary.spec.in: Enable missing modules check. - rpm/kernel-subpackage-build: handle arm kernel zImage. - rpm/kernel-subpackage-spec: only provide firmware actually present in subpackage. - rpm/package-descriptions: fix typo in kernel-azure - rpm/post.sh: correct typo in err msg (bsc#1137625) - rpmsg: added MODULE_ALIAS for rpmsg_char (bsc#1051510). - rpmsg: smd: do not use mananged resources for endpoints and channels (bsc#1051510). - rpmsg: smd: fix memory leak on channel create (bsc#1051510). - rsi: improve kernel thread handling to fix kernel panic (bsc#1051510). - rslib: Fix decoding of shortened codes (bsc#1051510). - rslib: Fix handling of of caller provided syndrome (bsc#1051510). - rtc: 88pm860x: prevent use-after-free on device remove (bsc#1051510). - rtc: do not reference bogus function pointer in kdoc (bsc#1051510). - rtc: pcf8523: do not return invalid date when battery is low (bsc#1051510). - rtlwifi: fix a potential NULL pointer dereference (bsc#1051510). - rtnetlink: always put IFLA_LINK for links with a link-netnsid (networking-stable-19_05_21). - rxrpc: Fix send on a connected, but unbound socket (networking-stable-19_07_25). - s390/cio: fix ccw_device_start_timeout API (bsc#1142109 LTC#179339). - s390/dasd: fix endless loop after read unit address configuration (bsc#1144912 LTC#179907). - s390/dasd: fix using offset into zero size array error (bsc#1051510). - s390/jump_label: Use 'jdd' constraint on gcc9 (bsc#1138589). - s390/qdio: handle PENDING state for QEBSM devices (bsc#1142117 bsc#1142118 bsc#1142119 LTC#179329 LTC#179330 LTC#179331). - s390/qeth: avoid control IO completion stalls (bsc#1142109 LTC#179339). - s390/qeth: be drop monitor friendly (bsc#1142220 LTC#179335). - s390/qeth: cancel cmd on early error (bsc#1142109 LTC#179339). - s390/qeth: fix race when initializing the IP address table (bsc#1051510). - s390/qeth: fix request-side race during cmd IO timeout (bsc#1142109 LTC#179339). - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event (bsc#1051510). - s390/qeth: release cmd buffer in error paths (bsc#1142109 LTC#179339). - s390/qeth: simplify reply object handling (bsc#1142109 LTC#179339). - s390/setup: fix early warning messages (bsc#1051510). - s390/virtio: handle find on invalid queue gracefully (bsc#1051510). - s390/vtime: steal time exponential moving average (bsc#1119222). - s390/zcrypt: Fix wrong dispatching for control domain CPRBs (bsc#1137811 LTC#178088). - samples, bpf: fix to change the buffer size for read() (bsc#1051510). - samples: mei: use /dev/mei0 instead of /dev/mei (bsc#1051510). - sbitmap: fix improper use of smp_mb__before_atomic() (bsc#1140658). - sched/fair: Do not free p->numa_faults with concurrent readers (bsc#1144920). - sched/fair: Use RCU accessors consistently for ->numa_group (bsc#1144920). - sched/topology: Improve load balancing on AMD EPYC (bsc#1137366). - scripts/checkstack.pl: Fix arm64 wrong or unknown architecture (bsc#1051510). - scripts/decode_stacktrace: only strip base path when a prefix of the path (bsc#1051510). - scripts/decode_stacktrace.sh: prefix addr2line with $CROSS_COMPILE (bsc#1051510). - scripts/gdb: fix lx-version string output (bsc#1051510). - scripts/git_sort/git_sort.py: - scripts/git_sort/git_sort.py: add djbw/nvdimm nvdimm-pending. - scripts/git_sort/git_sort.py: Add mmots tree. - scripts/git_sort/git_sort.py: add nvdimm/libnvdimm-fixes - scsi: aacraid: Fix missing break in switch statement (git-fixes). - scsi: aacraid: Fix performance issue on logical drives (git-fixes). - scsi: aic94xx: fix an error code in aic94xx_init() (git-fixes). - scsi: aic94xx: fix module loading (git-fixes). - scsi: bfa: convert to strlcpy/strlcat (git-fixes). - scsi: bnx2fc: fix incorrect cast to u64 on shift operation (git-fixes). - scsi: bnx2fc: Fix NULL dereference in error handling (git-fixes). - scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390). - scsi: core: Fix race on creating sense cache (git-fixes). - scsi: core: set result when the command cannot be dispatched (git-fixes). - scsi: core: Synchronize request queue PM status only on successful resume (git-fixes). - scsi: cxlflash: Mark expected switch fall-throughs (bsc#1148868). - scsi: cxlflash: Prevent deadlock when adapter probe fails (git-fixes). - scsi: esp_scsi: Track residual for PIO transfers (git-fixes) Also, mitigate kABI changes. - scsi: fas216: fix sense buffer initialization (git-fixes). - scsi: ibmvfc: fix WARN_ON during event pool release (bsc#1137458 LTC#178093). - scsi: isci: initialize shost fully before calling scsi_add_host() (git-fixes). - scsi: libfc: fix null pointer dereference on a null lport (git-fixes). - scsi: libsas: delete sas port if expander discover failed (git-fixes). - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached (git-fixes). - scsi: mac_scsi: Fix pseudo DMA implementation, take 2 (git-fixes). - scsi: mac_scsi: Increase PIO/PDMA transfer length threshold (git-fixes). - scsi: megaraid: fix out-of-bound array accesses (git-fixes). - scsi: megaraid_sas: Fix calculation of target ID (git-fixes). - scsi: NCR5380: Always re-enable reselection interrupt (git-fixes). - scsi: qedf: Add debug information for unsolicited processing (bsc#1149976). - scsi: qedf: Add shutdown callback handler (bsc#1149976). - scsi: qedf: Add support for 20 Gbps speed (bsc#1149976). - scsi: qedf: Check both the FCF and fabric ID before servicing clear virtual link (bsc#1149976). - scsi: qedf: Check for link state before processing LL2 packets and send fipvlan retries (bsc#1149976). - scsi: qedf: Check for module unloading bit before processing link update AEN (bsc#1149976). - scsi: qedf: Decrease the LL2 MTU size to 2500 (bsc#1149976). - scsi: qedf: Fix race betwen fipvlan request and response path (bsc#1149976). - scsi: qedf: Initiator fails to re-login to switch after link down (bsc#1149976). - scsi: qedf: Print message during bailout conditions (bsc#1149976). - scsi: qedf: remove memset/memcpy to nfunc and use func instead (git-fixes). - scsi: qedf: remove set but not used variables (bsc#1149976). - scsi: qedf: Stop sending fipvlan request on unload (bsc#1149976). - scsi: qedf: Update module description string (bsc#1149976). - scsi: qedf: Update the driver version to 8.37.25.20 (bsc#1149976). - scsi: qedf: Update the version to 8.42.3.0 (bsc#1149976). - scsi: qedf: Use discovery list to traverse rports (bsc#1149976). - scsi: qedi: remove declaration of nvm_image from stack (git-fixes). - scsi: qla2xxx: Add 28xx flash primary/secondary status/image mechanism (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add cleanup for PCI EEH recovery (bsc#1129424). - scsi: qla2xxx: Add Device ID for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add First Burst support for FC-NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add fw_attr and port_no SysFS node (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add new FW dump template entry types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add pci function reset support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add protection mask module parameters (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add Serdes support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for multiple fwdump templates/segments (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for setting port speed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Allow NVMe IO to resume with short cable pull (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: allow session delete to finish before create (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid PCI IRQ affinity mapping when multiqueue is not supported (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: avoid printf format warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that Coverity complains about dereferencing a NULL rport pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if called twice (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory (git-fixes). - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change abort wait_loop from msleep to wait_event_timeout (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change data_dsd into an array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change default ZIO threshold (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla24xx_read_flash_data() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla2x00_update_ms_fdmi_iocb() into void (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for FW started flag before aborting (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: check for kstrtol() failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check secondary image if reading the primary image fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the PCI info string output buffer size (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the size of firmware data structures at compile time (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup fcport memory to prevent leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds during unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: cleanup trace buffer initialization (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a command is released that is owned by the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a mailbox command times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a soft reset fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if parsing the version string fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if sp->done() is not called from the completion path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if waiting for pending commands times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain loudly about reference count underflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correct error handling during initialization failures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correction and improvement to fwdt processing (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correctly report max/min supported speeds (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: deadlock by configfs_depend_item (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare fourth qla2x00_set_model_info() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare local functions 'static' (bsc#1137444). - scsi: qla2xxx: Declare local symbols static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla_tgt_cmd.cdb const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare the fourth ql_dump_buffer() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Do not corrupt vha->plogi_ack_list (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Downgrade driver to 10.01.00.19-k There are upstream bug reports against 10.01.00.19-k which haven't been resolved. Also the newer version failed to get a proper review. For time being it's better to got with the older version and do not introduce new bugs. - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Enable type checking for the SRB free and done callback functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() (bsc#1140727). - scsi: qla2xxx: Fix abort timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a format specifier (git-fixes). - scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() (git-fixes). - scsi: qla2xxx: Fix a NULL pointer dereference (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a qla24xx_enable_msix() error path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a recently introduced kernel warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a small typo in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix code indentation for qla27xx_fwdt_entry (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment alignment in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment in MODULE_PARM_DESC in qla2xxx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix device staying in blocked state (git-fixes). - scsi: qla2xxx: Fix different size DMA Alloc/Unmap (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA error when the DIF sg buffer crosses 4GB boundary (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA unmap leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver reload for ISP82xx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are connected (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() (git-fixes). - scsi: qla2xxx: fix error message on <qla2400 (bsc#1118139). - scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555). - scsi: qla2xxx: fix fcport null pointer access (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix flash read for Qlogic ISPs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix formatting of pointer types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix function argument descriptions (bsc#1118139). - scsi: qla2xxx: Fix fw dump corruption (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw options handle eh_bus_reset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hang in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardirq-unsafe locking (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardlockup in abort command during driver remove (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bsc#1140728). - scsi: qla2xxx: Fix kernel crash after disconnecting NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix memory corruption during hba reset test (bsc#1118139). - scsi: qla2xxx: Fix message indicating vectors used by driver (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link reset (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link up fail (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555). - scsi: qla2xxx: Fix Nport ID display value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVMe port discovery after a short device port loss (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix possible fcport null-pointer dereferences (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix premature timer expiration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix read offset in qla24xx_load_risc_flash() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix routine qla27xx_dump_{mpi|ram}() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session cleanup hang (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session lookup in qlt_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake 'alredy' -> 'already' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake: 'existant' -> 'existent' (bsc#1118139). - scsi: qla2xxx: fix spelling mistake 'initializatin' -> 'initialization' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix SRB allocation flag to avoid sleeping in IRQ context (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stuck login session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unload when NVMe devices are configured (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix use-after-free issues in qla2xxx_qpair_sp_free_dma() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: flush IO on chip reset or sess delete (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fully convert to the generic DMA API (bsc#1137444). - scsi: qla2xxx: Further limit FLASH region write access from SysFS (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fx00 copypaste typo (bsc#1118139). - scsi: qla2xxx: Improve Linux kernel coding style conformance (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve logging for scan thread (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve several kernel-doc headers (bsc#1137444). - scsi: qla2xxx: Include the <asm/unaligned.h> header file from qla_dsd.h (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the max_sgl_segments to 1024 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the size of the mailbox arrays from 4 to 8 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Insert spaces where required (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce a switch/case statement in qlt_xmit_tm_rsp() (bsc#1137444). - scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2xxx_get_next_handle() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the be_id_t and le_id_t data types for FC src/dst IDs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the dsd32 and dsd64 data structures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Leave a blank line after declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Let the compiler check the type of the SCSI command context pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Log the status code if a firmware command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make it explicit that ELS pass-through IOCBs use little endian (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_mem_free() easier to verify (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_process_response_queue() easier to read (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_sysfs_write_nvram() easier to analyze (bsc#1137444). - scsi: qla2xxx: Make qlt_handle_abts_completion() more robust (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make sure that aborted commands are freed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make sure that qlafx00_ioctl_iosb_entry() initializes 'res' (bsc#1137444). - scsi: qla2xxx: Modify NVMe include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move debug messages before sending srb preventing panic (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: move IO flush to the front of NVME rport unregistration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move marker request behind QPair (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_clear_loop_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_is_reserved_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids() definition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the <linux/io-64-nonatomic-lo-hi.h> include directive (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the port_state_str definition from a .h to a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: no need to check return value of debugfs_create functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: NULL check before some freeing functions is not needed (bsc#1137444). - scsi: qla2xxx: on session delete, return nvme cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Pass little-endian values to the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent memory leak for CT req/rsp allocation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent multiple ADISC commands per session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent SysFS access when chip is down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Really fix qla2xxx_eh_abort() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of casts in GID list code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of forward declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the scope of three local variables in qla2xxx_queuecommand() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reject EH_{abort|device_reset|target_request} (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a comment that refers to the SCSI host lock (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove an include directive from qla_mr.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1137444). - scsi: qla2xxx: Remove a superfluous forward declaration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous pointer check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove dead code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove double assignment in qla2x00_update_fcport (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove FW default template (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove redundant null check on pointer sess (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove set but not used variable 'ptr_dma' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove superfluous sts_entry_* casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove the fcport test from qla_nvme_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove the unused tcm_qla2xxx_cmd_wq (bsc#1118139). - scsi: qla2xxx: Remove two arguments from qlafx00_error_entry() (bsc#1137444). - scsi: qla2xxx: Remove two superfluous casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous if-tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary locking from the target code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary null check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unreachable code from qla83xx_idc_lock() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unused symbols (bsc#1118139). - scsi: qla2xxx: Remove useless set memory to zero use memset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove WARN_ON_ONCE in qla2x00_status_cont_entry() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Replace vmalloc + memset with vzalloc (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report invalid mailbox status codes (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report the firmware status code if a mailbox command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Restore FAWWPN of Physical Port only for loop down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Retry fabric Scan on IOCB queue full (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Rework key encoding in qlt_find_host_by_d_id() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Secure flash update support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remote port devloss timeout to 0 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remove flag for all VP (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the responder mode if appropriate for ELS pass-through IOCBs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the SCSI command result before calling the command done (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence fwdump template message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence Successful ELS IOCB message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplification of register address used in qla_tmpl.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify a debug statement (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify conditional check again (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_abort_sp_done() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_async_abort_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_lport_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_send_term_imm_notif() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Skip FW dump on LOOP initialization error (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Split the __qla2x00_abort_all_cmds() function (bsc#1137444). - scsi: qla2xxx: Suppress a Coveritiy complaint about integer overflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress multiple Coverity complaint about out-of-bounds accesses (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: target: Fix offline port handling and host reset handling (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Uninline qla2x00_init_timer() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Unregister chrdev if module initialization fails (git-fixes). - scsi: qla2xxx: Unregister resources in the opposite order of the registration order (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.13-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.14-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.15-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.16-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.19-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update flash read/write routine (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update two source code comments (git-fixes). - scsi: qla2xxx: Use an on-stack completion in qla24xx_control_vp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use ARRAY_SIZE() in the definition of QLA_LAST_SPEED (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use common update-firmware-options routine for ISP27xx+ (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use complete switch scan for RSCN events (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use Correct index for Q-Pair array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use get/put_unaligned where appropriate (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use __le64 instead of uint32_t for sending DMA addresses to firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: use lower_32_bits and upper_32_bits instead of reinventing them (bsc#1137444). - scsi: qla2xxx: Use memcpy() and strlcpy() instead of strcpy() and strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use mutex protection during qla2x00_sysfs_read_fw_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use %p for printing pointers (bsc#1118139). - scsi: qla2xxx: Use strlcpy() instead of strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs instead of spaces for indentation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs to indent code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Verify locking assumptions at runtime (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla4xxx: avoid freeing unallocated dma memory (git-fixes). - scsi: raid_attrs: fix unused variable warning (git-fixes). - scsi: scsi_dh_alua: Fix possible null-ptr-deref (git-fixes). - scsi: scsi_dh_rdac: zero cdb in send_mode_select() (bsc#1149313). - scsi: scsi_transport_fc: nvme: display FC-NVMe port roles (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: sd: Defer spinning up drive while SANITIZE is in progress (git-fixes). - scsi: sd: Fix a race between closing an sd device and sd I/O (git-fixes). - scsi: sd: Fix cache_type_store() (git-fixes). - scsi: sd: Optimal I/O size should be a multiple of physical block size (git-fixes). - scsi: sd: Quiesce warning if device does not report optimal I/O size (git-fixes). - scsi: sd: use mempool for discard special page (git-fixes). - scsi: sd_zbc: Fix potential memory leak (git-fixes). - scsi: smartpqi: unlock on error in pqi_submit_raid_request_synchronous() (git-fixes). - scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled (git-fixes). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - scsi: tcm_qla2xxx: Minimize #include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi_transport_fc: complete requests from ->timeout (bsc#1142076). - scsi: ufs: Avoid runtime suspend possibly being blocked forever (git-fixes). - scsi: ufs: Check that space was properly alloced in copy_query_response (git-fixes). - scsi: ufs: Fix NULL pointer dereference in ufshcd_config_vreg_hpm() (git-fixes). - scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value (git-fixes). - scsi: ufs: fix wrong command type of UTRD for UFSHCI v2.1 (git-fixes). - scsi: use dma_get_cache_alignment() as minimum DMA alignment (git-fixes). - scsi: virtio_scsi: do not send sc payload with tmfs (git-fixes). - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296). - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove (bsc#1051510). - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bsc#1051510). - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bsc#1051510). - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) (bsc#1051510). - sctp: change to hold sk after auth shkey is created successfully (networking-stable-19_07_02). - sctp: fix the transport error_count check (networking-stable-19_08_21). - sctp: Free cookie before we memdup a new one (networking-stable-19_06_18). - sctp: silence warns on sctp_stream_init allocations (bsc#1083710). - serial: 8250: Fix TX interrupt handling condition (bsc#1051510). - serial: sh-sci: disable DMA for uart_console (bsc#1051510). - serial: uartps: Do not add a trailing semicolon to macro (bsc#1051510). - serial: uartps: Fix long line over 80 chars (bsc#1051510). - serial: uartps: Fix multiple line dereference (bsc#1051510). - serial: uartps: Remove useless return from cdns_uart_poll_put_char (bsc#1051510). - signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig (bsc#1144333). - signal/ptrace: Do not leak unitialized kernel memory with PTRACE_PEEK_SIGINFO (git-fixes). - sis900: fix TX completion (bsc#1051510). - sky2: Disable MSI on ASUS P6T (bsc#1142496). - sky2: Disable MSI on yet another ASUS boards (P6Xxxx) (bsc#1051510). - slip: make slhc_free() silently accept an error pointer (bsc#1051510). - slip: sl_alloc(): remove unused parameter 'dev_t line' (bsc#1051510). - smb2: fix missing files in root share directory listing (bsc#1112907, bsc#1144333). - smb2: fix typo in definition of a few error flags (bsc#1144333). - smb2: fix uninitialized variable bug in smb2_ioctl_query_info (bsc#1144333). - smb3.1.1: Add GCM crypto to the encrypt and decrypt functions (bsc#1144333). - smb3.1.1 dialect is no longer experimental (bsc#1051510, bsc#1144333). - smb311: Fix reconnect (bsc#1051510, bsc#1144333). - smb311: Improve checking of negotiate security contexts (bsc#1051510, bsc#1144333). - smb3.11: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - smb3: add additional ftrace entry points for entry/exit to cifs.ko (bsc#1144333). - smb3: add credits we receive from oplock/break PDUs (bsc#1144333). - smb3: add debug for unexpected mid cancellation (bsc#1144333). - smb3: Add debug message later in smb2/smb3 reconnect path (bsc#1144333). - smb3: add define for id for posix create context and corresponding struct (bsc#1144333). - smb3: Add defines for new negotiate contexts (bsc#1144333). - smb3: add dynamic trace point for query_info_enter/done (bsc#1144333). - smb3: add dynamic trace point for smb3_cmd_enter (bsc#1144333). - smb3: add dynamic tracepoint for timeout waiting for credits (bsc#1144333). - smb3: add dynamic tracepoints for simple fallocate and zero range (bsc#1144333). - smb3: Add dynamic trace points for various compounded smb3 ops (bsc#1144333). - smb3: Add ftrace tracepoints for improved SMB3 debugging (bsc#1144333). - smb3: Add handling for different FSCTL access flags (bsc#1144333). - smb3: add missing read completion trace point (bsc#1144333). - smb3: add module alias for smb3 to cifs.ko (bsc#1144333). - smb3: add new mount option to retrieve mode from special ACE (bsc#1144333). - smb3: Add posix create context for smb3.11 posix mounts (bsc#1144333). - smb3: Add protocol structs for change notify support (bsc#1144333). - smb3: add reconnect tracepoints (bsc#1144333). - smb3: Add SMB3.1.1 GCM to negotiated crypto algorigthms (bsc#1144333). - smb3: add smb3.1.1 to default dialect list (bsc#1144333). - smb3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510, bsc#1144333). - smb3: add support for posix negotiate context (bsc#1144333). - smb3: add support for statfs for smb3.1.1 posix extensions (bsc#1144333). - smb3: add tracepoint for sending lease break responses to server (bsc#1144333). - smb3: add tracepoint for session expired or deleted (bsc#1144333). - smb3: add tracepoint for slow responses (bsc#1144333). - smb3: add trace point for tree connection (bsc#1144333). - smb3: add tracepoints for query dir (bsc#1144333). - smb3: Add tracepoints for read, write and query_dir enter (bsc#1144333). - smb3: add tracepoints for smb2/smb3 open (bsc#1144333). - smb3: add tracepoint to catch cases where credit refund of failed op overlaps reconnect (bsc#1144333). - smb3: add way to control slow response threshold for logging and stats (bsc#1144333). - smb3: allow more detailed protocol info on open files for debugging (bsc#1144333). - smb3: Allow persistent handle timeout to be configurable on mount (bsc#1144333). - smb3: allow posix mount option to enable new SMB311 protocol extensions (bsc#1144333). - smb3: allow previous versions to be mounted with snapshot= mount parm (bsc#1144333). - smb3: Allow query of symlinks stored as reparse points (bsc#1144333). - smb3: Allow SMB3 FSCTL queries to be sent to server from tools (bsc#1144333). - smb3: allow stats which track session and share reconnects to be reset (bsc#1051510, bsc#1144333). - smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510, bsc#1144333). - smb3: Backup intent flag missing from compounded ops (bsc#1144333). - smb3: check for and properly advertise directory lease support (bsc#1051510, bsc#1144333). - smb3 - clean up debug output displaying network interfaces (bsc#1144333). - smb3: Cleanup license mess (bsc#1144333). - smb3: Clean up query symlink when reparse point (bsc#1144333). - smb3: create smb3 equivalent alias for cifs pseudo-xattrs (bsc#1144333). - smb3: directory sync should not return an error (bsc#1051510, bsc#1144333). - smb3: display bytes_read and bytes_written in smb3 stats (bsc#1144333). - smb3: display security information in /proc/fs/cifs/DebugData more accurately (bsc#1144333). - smb3: display session id in debug data (bsc#1144333). - smb3: display stats counters for number of slow commands (bsc#1144333). - smb3: display volume serial number for shares in /proc/fs/cifs/DebugData (bsc#1144333). - smb3: do not allow insecure cifs mounts when using smb3 (bsc#1144333). - smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510, bsc#1144333). - smb3: do not display confusing message on mount to Azure servers (bsc#1144333). - smb3: do not display empty interface list (bsc#1144333). - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bsc#1085536, bsc#1144333). - smb3: do not request leases in symlink creation and query (bsc#1051510, bsc#1144333). - smb3: do not send compression info by default (bsc#1144333). - smb3: Do not send SMB3 SET_INFO if nothing changed (bsc#1051510, bsc#1144333). - smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510, bsc#1144333). - smb3: fill in statfs fsid and correct namelen (bsc#1112905, bsc#1144333). - smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510, bsc#1144333). - smb3: fix bytes_read statistics (bsc#1144333). - smb3: fix corrupt path in subdirs on smb311 with posix (bsc#1144333). - smb3: Fix deadlock in validate negotiate hits reconnect (bsc#1144333). - smb3: Fix endian warning (bsc#1137884). - smb3: Fix endian warning (bsc#1144333, bsc#1137884). - smb3: Fix enumerating snapshots to Azure (bsc#1144333). - smb3: fix large reads on encrypted connections (bsc#1144333). - smb3: fix lease break problem introduced by compounding (bsc#1144333). - smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510, bsc#1144333). - smb3: fix minor debug output for CONFIG_CIFS_STATS (bsc#1144333). - smb3: Fix mode on mkdir on smb311 mounts (bsc#1144333). - smb3: Fix potential memory leak when processing compound chain (bsc#1144333). - smb3: fix redundant opens on root (bsc#1144333). - smb3: fix reset of bytes read and written stats (bsc#1112906, bsc#1144333). - smb3: Fix rmdir compounding regression to strict servers (bsc#1144333). - smb3: Fix root directory when server returns inode number of zero (bsc#1051510, bsc#1144333). - smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510, bsc#1144333). - smb3: fix various xid leaks (bsc#1051510, bsc#1144333). - smb3: for kerberos mounts display the credential uid used (bsc#1144333). - smb3: handle new statx fields (bsc#1085536, bsc#1144333). - smb3: if max_credits is specified then display it in /proc/mounts (bsc#1144333). - smb3: if server does not support posix do not allow posix mount option (bsc#1144333). - smb3: improve dynamic tracing of open and posix mkdir (bsc#1144333). - smb3: increase initial number of credits requested to allow write (bsc#1144333). - smb3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL (bsc#1144333). - smb3: Log at least once if tree connect fails during reconnect (bsc#1144333). - smb3: make default i/o size for smb3 mounts larger (bsc#1144333). - smb3: minor cleanup of compound_send_recv (bsc#1144333). - smb3: minor debugging clarifications in rfc1001 len processing (bsc#1144333). - smb3: minor missing defines relating to reparse points (bsc#1144333). - smb3: missing defines and structs for reparse point handling (bsc#1144333). - smb3: note that smb3.11 posix extensions mount option is experimental (bsc#1144333). - smb3: Number of requests sent should be displayed for SMB3 not just CIFS (bsc#1144333). - smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510, bsc#1144333). - smb3: on reconnect set PreviousSessionId field (bsc#1112899, bsc#1144333). - smb3: optimize open to not send query file internal info (bsc#1144333). - smb3: passthru query info does not check for SMB3 FSCTL passthru (bsc#1144333). - smb3: print tree id in debugdata in proc to be able to help logging (bsc#1144333). - smb3: query inode number on open via create context (bsc#1144333). - smb3: remove noisy warning message on mount (bsc#1129664, bsc#1144333). - smb3: remove per-session operations from per-tree connection stats (bsc#1144333). - smb3: rename encryption_required to smb3_encryption_required (bsc#1144333). - smb3: request more credits on normal (non-large read/write) ops (bsc#1144333). - smb3: request more credits on tree connect (bsc#1144333). - smb3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write (bsc#1144333). - smb3: send backup intent on compounded query info (bsc#1144333). - smb3: send CAP_DFS capability during session setup (bsc#1144333). - smb3: Send netname context during negotiate protocol (bsc#1144333). - smb3: show number of current open files in /proc/fs/cifs/Stats (bsc#1144333). - smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510, bsc#1144333). - smb3: smbdirect no longer experimental (bsc#1144333). - smb3: snapshot mounts are read-only and make sure info is displayable about the mount (bsc#1144333). - smb3: track the instance of each session for debugging (bsc#1144333). - smb3: Track total time spent on roundtrips for each SMB3 command (bsc#1144333). - smb3: trivial cleanup to smb2ops.c (bsc#1144333). - smb3: update comment to clarify enumerating snapshots (bsc#1144333). - smb3: update default requested iosize to 4MB from 1MB for recent dialects (bsc#1144333). - smb3: Update POSIX negotiate context with POSIX ctxt GUID (bsc#1144333). - smb3: Validate negotiate request must always be signed (bsc#1064597, bsc#1144333). - smb3: Warn user if trying to sign connection that authenticated as guest (bsc#1085536, bsc#1144333). - smbd: Make upper layer decide when to destroy the transport (bsc#1144333). - smb: fix leak of validate negotiate info response buffer (bsc#1064597, bsc#1144333). - smb: fix validate negotiate info uninitialised memory use (bsc#1064597, bsc#1144333). - smb: Validate negotiate (to protect against downgrade) even if signing off (bsc#1085536, bsc#1144333). - smpboot: Place the __percpu annotation correctly (git fixes). - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher (bsc#1051510). - soc: rockchip: power-domain: Add a sanity check on pd->num_clks (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: use clk_bulk APIs (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: Use of_clk_get_parent_count() instead of open coding (bsc#1144718,bsc#1144813). - soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510). - sound: fix a memory leak bug (bsc#1051510). - spi: bcm2835aux: fix corruptions for longer spi transfers (bsc#1051510). - spi: bcm2835aux: remove dangerous uncontrolled read of fifo (bsc#1051510). - spi: bcm2835aux: unifying code between polling and interrupt driven code (bsc#1051510). - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master (bsc#1051510). - spi: Fix zero length xfer bug (bsc#1051510). - spi: pxa2xx: Add support for Intel Comet Lake (jsc#SLE-5331). - spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510). - spi: spi-fsl-spi: call spi_finalize_current_message() at the end (bsc#1051510). - spi : spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510). - spi: tegra114: reset controller on probe (bsc#1051510). - st21nfca_connectivity_event_received: null check the allocation (bsc#1051510). - staging: comedi: amplc_pci230: fix null pointer deref on interrupt (bsc#1051510). - staging: comedi: dt282x: fix a null pointer deref on interrupt (bsc#1051510). - staging: comedi: dt3000: Fix rounding up of timer divisor (bsc#1051510). - staging: comedi: dt3000: Fix signed integer overflow 'divider * base' (bsc#1051510). - staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest (bsc#1051510). - staging:iio:ad7150: fix threshold mode config bit (bsc#1051510). - staging: rtl8712: reduce stack usage, again (bsc#1051510). - Staging: vc04_services: Fix a couple error codes (bsc#1051510). - staging: vc04_services: prevent integer overflow in create_pagelist() (bsc#1051510). - staging: wlan-ng: fix adapter initialization failure (bsc#1051510). - st_nci_hci_connectivity_event_received: null check the allocation (bsc#1051510). - sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg (networking-stable-19_06_18). - SUNRPC fix regression in umount of a secure mount (git-fixes). - SUNRPC: Handle connection breakages correctly in call_status() (git-fixes). - SUNRPC/nfs: Fix return value for nfs4_callback_compound() (git-fixes). - supported.conf: Add missing modules (bsc#1066369). - supported.conf: Add missing modules (bsc#1066369). - supported.conf: Add raspberrypi-cpufreq (jsc#SLE-7294). - supported.conf: Remove duplicate drivers/ata/libahci_platform - supported.conf: Sort alphabetically, align comments. - supported.conf: Sort alphabetically, align comments. - svm: Add warning message for AVIC IPI invalid target (bsc#1140133). - svm: Fix AVIC incomplete IPI emulation (bsc#1140133). - sysctl: handle overflow in proc_get_long (bsc#1051510). - tcp: add tcp_min_snd_mss sysctl (bsc#1137586). - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586). - tcp: limit payload size of sacked skbs (bsc#1137586). - tcp: make sure EPOLLOUT wont be missed (networking-stable-19_08_28). - tcp: reduce tcp_fastretrans_alert() verbosity (git-fixes). - tcp: Reset bytes_acked and bytes_received when disconnecting (networking-stable-19_07_25). - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586). - team: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - team: Always enable vlan tx offload (bsc#1051510). - test_firmware: fix a memory leak bug (bsc#1051510). - test_firmware: Use correct snprintf() limit (bsc#1135642). - thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510). - thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - thermal/x86_pkg_temp_thermal: Support multi-die/package (jsc#SLE-5454). - thunderbolt: Fix to check for kmemdup failure (bsc#1051510). - tipc: change to use register_pernet_device (networking-stable-19_07_02). - tipc: fix hanging clients using poll with EPOLLOUT flag (git-fixes). - tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510). - tmpfs: fix uninitialized return value in shmem_link (bsc#1051510). - tools/cpupower: Add Hygon Dhyana support (). - topology: Create core_cpus and die_cpus sysfs attributes (jsc#SLE-5454). - topology: Create package_cpus sysfs attribute (jsc#SLE-5454). - tpm: Fix off-by-one when reading binary_bios_measurements (bsc#1082555). - tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations (bsc#1082555). - tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts (bsc#1082555). - tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete (bsc#1082555). - tpm: Unify the send callback behaviour (bsc#1082555). - tpm: vtpm_proxy: Suppress error logging when in closed state (bsc#1082555). - tracing: Fix header include guards in trace event headers (bsc#1144474). - tracing/snapshot: Resize spare buffer if size changed (bsc#1140726). - Tree connect for SMB3.1.1 must be signed for non-encrypted shares (bsc#1051510, bsc#1144333). - treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 231 (bsc#1144333). - treewide: Use DEVICE_ATTR_WO (bsc#1137739). - Trim build dependencies of sample subpackage spec file (jsc#SLE-4117, jsc#SLE-3853, bsc#1128910). - tty: ipwireless: fix missing checks for ioremap (bsc#1051510). - tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop (bsc#1051510). - tty: max310x: Fix external crystal register setup (bsc#1051510). - tty: max310x: Fix invalid baudrate divisors calculator (bsc#1051510). - tty: rocket: fix incorrect forward declaration of 'rp_init()' (bsc#1051510). - tty: serial_core: Set port active bit in uart_port_activate (bsc#1051510). - tty: serial: cpm_uart - fix init when SMC is relocated (bsc#1051510). - tty/serial: digicolor: Fix digicolor-usart already registered warning (bsc#1051510). - tty: serial: msm_serial: avoid system lockup condition (bsc#1051510). - tty: serial: msm_serial: Fix XON/XOFF (bsc#1051510). - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler (bsc#1051510). - tua6100: Avoid build warnings (bsc#1051510). - tuntap: synchronize through tfiles array instead of tun->numqueues (networking-stable-19_05_14). - tun: wake up waitqueues after IFF_UP is set (networking-stable-19_07_02). - udf: Fix incorrect final NOT_ALLOCATED (hole) extent length (bsc#1148617). - udp: use indirect call wrappers for GRO socket lookup (bsc#1124503). - Update config files. (bsc#1145687) Add the following kernel config to ARM64: CONFIG_ACPI_PCI_SLOT=y CONFIG_HOTPLUG_PCI_ACPI=y - Update config files. - CIFS: add CONFIG_CIFS_DEBUG_KEYS to dump encryption keys (bsc#1144333). - Update config files. - cifs: allow disabling insecure dialects in the config (bsc#1144333). - Update config files. - CIFS: SMBD: Introduce kernel config option CONFIG_CIFS_SMB_DIRECT (bsc#1144333). - Update config files for NFSv4.2 Enable NFSv4.2 support - jsc@PM-231 This requires a module parameter for NFSv4.2 to actually be available on SLE12 and SLE15-SP0 - update internal version number for cifs.ko (bsc#1144333). - Update session and share information displayed for debugging SMB2/SMB3 (bsc#1144333). - Update version of cifs module (bsc#1144333). - usb: Add LPM quirk for Surface Dock GigE adapter (bsc#1051510). - usb: cdc-acm: make sure a refcount is taken early enough (bsc#1142635). - usb: CDC: fix sanity checks in CDC union parser (bsc#1142635). - usb: cdc-wdm: fix race between write and disconnect due to flag abuse (bsc#1051510). - usb: chipidea: udc: do not do hardware access if gadget has stopped (bsc#1051510). - usb: chipidea: udc: workaround for endpoint conflict issue (bsc#1135642). - usb: core: Add PM runtime calls to usb_hcd_platform_shutdown (bsc#1051510). - usb: core: Do not unbind interfaces following device reset failure (bsc#1051510). - usb: core: Fix races in character device registration and deregistraion (bsc#1051510). - usb: core: hub: Disable hub-initiated U1/U2 (bsc#1051510). - usb: dwc2: Fix DMA cache alignment issues (bsc#1051510). - usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression) (bsc#1135642). - usb: Fix chipmunk-like voice when using Logitech C270 for recording audio (bsc#1051510). - usb: Fix slab-out-of-bounds write in usb_get_bos_descriptor (bsc#1051510). - usb: gadget: composite: Clear 'suspended' on reset/disconnect (bsc#1051510). - usb: gadget: ether: Fix race between gether_disconnect and rx_submit (bsc#1051510). - usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i] (bsc#1051510). - usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC (bsc#1051510). - usb: gadget: udc: renesas_usb3: Fix sysfs interface of 'role' (bsc#1142635). - usb: Handle USB3 remote wakeup for LPM enabled devices correctly (bsc#1051510). - usb: host: fotg2: restart hcd after port reset (bsc#1051510). - usb: host: ohci: fix a race condition between shutdown and irq (bsc#1051510). - usb: host: xhci-rcar: Fix timeout in xhci_suspend() (bsc#1051510). - usb: host: xhci: rcar: Fix typo in compatible string matching (bsc#1051510). - usb: iowarrior: fix deadlock on disconnect (bsc#1051510). - usbip: usbip_host: fix BUG: sleeping function called from invalid context (bsc#1051510). - usbip: usbip_host: fix stub_dev lock context imbalance regression (bsc#1051510). - usbnet: fix kernel crash after disconnect (bsc#1051510). - usbnet: ipheth: fix racing condition (bsc#1051510). - usb: pci-quirks: Correct AMD PLL quirk detection (bsc#1051510). - usb: rio500: fix memory leak in close after disconnect (bsc#1051510). - usb: rio500: refuse more than one device at a time (bsc#1051510). - usb: serial: fix initial-termios handling (bsc#1135642). - usb: serial: ftdi_sio: add ID for isodebug v1 (bsc#1051510). - usb: serial: option: add D-Link DWM-222 device ID (bsc#1051510). - usb: serial: option: Add Motorola modem UARTs (bsc#1051510). - usb: serial: option: add support for GosunCn ME3630 RNDIS mode (bsc#1051510). - usb: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode (bsc#1051510). - usb: serial: option: Add support for ZTE MF871A (bsc#1051510). - usb: serial: option: add Telit 0x1260 and 0x1261 compositions (bsc#1051510). - usb: serial: option: add the BroadMobi BM818 card (bsc#1051510). - usb: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510). - usb: serial: pl2303: fix tranceiver suspend mode (bsc#1135642). - usb: sisusbvga: fix oops in error path of sisusb_probe (bsc#1051510). - usb-storage: Add new JMS567 revision to unusual_devs (bsc#1051510). - usb: storage: ums-realtek: Update module parameter description for auto_delink_en (bsc#1051510). - usb: storage: ums-realtek: Whitelist auto-delink support (bsc#1051510). - usb: usbcore: Fix slab-out-of-bounds bug during device reset (bsc#1051510). - usb: usbfs: fix double-free of usb memory upon submiturb error (bsc#1051510). - usb: usb-storage: Add new ID to ums-realtek (bsc#1051510). - usb: wusbcore: fix unbalanced get/put cluster_id (bsc#1051510). - usb: xhci: avoid null pointer deref when bos field is NULL (bsc#1135642). - usb: yurex: Fix use-after-free in yurex_delete (bsc#1051510). - vfio: ccw: only free cp on final interrupt (bsc#1051510). - vfs: fix page locking deadlocks when deduping files (bsc#1148619). - video: hgafb: fix potential NULL pointer dereference (bsc#1051510). - video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510). - video: ssd1307fb: Start page range at page_offset (bsc#1113722) - virtio_console: initialize vtermno value for ports (bsc#1051510). - vlan: disable SIOCSHWTSTAMP in container (bsc#1051510). - VMCI: Fix integer overflow in VMCI handle arrays (bsc#1051510). - VMCI: Release resource if the work is already queued (bsc#1051510). - vrf: make sure skb->data contains ip header to make routing (networking-stable-19_07_25). - vrf: sit mtu should not be updated when vrf netdev is the link (networking-stable-19_05_14). - vsock/virtio: free packets during the socket release (networking-stable-19_05_21). - vsock/virtio: set SOCK_DONE on peer shutdown (networking-stable-19_06_18). - vxlan: trivial indenting fix (bsc#1051510). - vxlan: use __be32 type for the param vni in __vxlan_fdb_delete (bsc#1051510). - w1: fix the resume command API (bsc#1051510). - watchdog: bcm2835_wdt: Fix module autoload (bsc#1051510). - watchdog: core: fix null pointer dereference when releasing cdev (bsc#1051510). - watchdog: f71808e_wdt: fix F81866 bit operation (bsc#1051510). - watchdog: fix compile time error of pretimeout governors (bsc#1051510). - watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510). - wil6210: fix potential out-of-bounds read (bsc#1051510). - wimax/i2400m: fix a memory leak bug (bsc#1051510). - x86/alternative: Init ideal_nops for Hygon Dhyana (). - x86/amd_nb: Add support for Raven Ridge CPUs (). - x86/amd_nb: Check vendor in AMD-only functions (). - x86/apic: Add Hygon Dhyana support (). - x86/boot: Fix memory leak in default_get_smp_config() (bsc#1114279). - x86/bugs: Add Hygon Dhyana to the respective mitigation machinery (). - x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h (bsc#1114279). - x86/CPU/AMD: Do not force the CPB cap when running under a hypervisor (bsc#1114279). - x86/cpu: Create Hygon Dhyana architecture support file (). - x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382). - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (jsc#SLE-5382). - x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions (jsc#SLE-5382). - x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana (). - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors (). - x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number (). - x86/entry/64/compat: Fix stack switching for XEN PV (bsc#1108382). - x86/events: Add Hygon Dhyana support to PMU infrastructure (). - x86/fpu: Add FPU state copying quirk to handle XRSTOR failure on Intel Skylake CPUs (bsc#1151955). - x86/kvm: Add Hygon Dhyana support to KVM (). - x86/mce: Add Hygon Dhyana support to the MCA infrastructure (). - x86/mce: Do not disable MCA banks when offlining a CPU on AMD (). - x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279). - x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback (bsc#1114279). - x86/microcode: Fix microcode hotplug state (bsc#1114279). - x86/microcode: Fix the ancient deprecated microcode loading method (bsc#1114279). - x86/microcode: Fix the microcode load on CPU hotplug for real (bsc#1114279). - x86/mm: Check for pfn instead of page in vmalloc_sync_one() (bsc#1118689). - x86, mm: fix fast GUP with hyper-based TLB flushing (VM Functionality, bsc#1140903). - x86/mm/mem_encrypt: Disable all instrumentation for early SME setup (bsc#1114279). - x86/mm: Sync also unmappings in vmalloc_sync_all() (bsc#1118689). - x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and northbridge (). - x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana (). - x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454). - x86/speculation: Allow guests to use SSBD even if host does not (bsc#1114279). - x86/speculation/mds: Apply more accurate check on hypervisor platform (bsc#1114279). - x86/speculation/mds: Revert CPU buffer clear on double fault exit (bsc#1114279). - x86/tls: Fix possible spectre-v1 in do_get_thread_area() (bsc#1114279). - x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - x86/topology: Create topology_max_die_per_package() (jsc#SLE-5454). - x86/topology: Define topology_die_id() (jsc#SLE-5454). - x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - x86/unwind: Add hardcoded ORC entry for NULL (bsc#1114279). - x86/unwind: Handle NULL pointer calls better in frame unwinder (bsc#1114279). - x86/xen: Add Hygon Dhyana support to Xen (). - xen: let alloc_xenballooned_pages() fail if not enough memory free (bsc#1142450 XSA-300). - xen/netback: Reset nr_frags before freeing skb (networking-stable-19_08_21). - xen-netfront: do not assume sk_buff_head list is empty in error handling (bsc#1065600). - xen/pciback: Do not disable PCI_COMMAND on PCI device reset (bsc#1065600). - xen/swiotlb: fix condition for calling xen_destroy_contiguous_region() (bsc#1065600). - xfrm: Fix bucket count reported to userspace (bsc#1143300). - xfrm: Fix error return code in xfrm_output_one() (bsc#1143300). - xfrm: Fix NULL pointer dereference in xfrm_input when skb_dst_force clears the dst_entry (bsc#1143300). - xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry (bsc#1143300). - xfs: do not clear imap_valid for a non-uptodate buffers (bsc#1138018). - xfs: do not crash on null attr fork xfs_bmapi_read (bsc#1148035). - xfs: do not look at buffer heads in xfs_add_to_ioend (bsc#1138013). - xfs: do not overflow xattr listent buffer (bsc#1143105). - xfs: do not set the page uptodate in xfs_writepage_map (bsc#1138003). - xfs: do not trip over uninitialized buffer on extent read of corrupted inode (bsc#1149053). - xfs: do not use XFS_BMAPI_ENTRIRE in xfs_get_blocks (bsc#1137999). - xfs: do not use XFS_BMAPI_IGSTATE in xfs_map_blocks (bsc#1138005). - xfs: dump transaction usage details on log reservation overrun (bsc#1145235). - xfs: eliminate duplicate icreate tx reservation functions (bsc#1145235). - xfs: eof trim writeback mapping as soon as it is cached (bsc#1138019). - xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT (bsc#1148032). - xfs: fix semicolon.cocci warnings (bsc#1145235). - xfs: fix s_maxbytes overflow problems (bsc#1137996). - xfs: fix up agi unlinked list reservations (bsc#1145235). - xfs: include an allocfree res for inobt modifications (bsc#1145235). - xfs: include inobt buffers in ifree tx log reservation (bsc#1145235). - xfs: make xfs_writepage_map extent map centric (bsc#1138009). - xfs: minor cleanup for xfs_get_blocks (bsc#1138000). - xfs: move all writeback buffer_head manipulation into xfs_map_at_offset (bsc#1138014). - xfs: print transaction log reservation on overrun (bsc#1145235). - xfs: refactor inode chunk alloc/free tx reservation (bsc#1145235). - xfs: refactor the tail of xfs_writepage_map (bsc#1138016). - xfs: refactor xlog_cil_insert_items() to facilitate transaction dump (bsc#1145235). - xfs: remove more ondisk directory corruption asserts (bsc#1148034). - xfs: remove the imap_valid flag (bsc#1138012). - xfs: remove unused parameter from xfs_writepage_map (bsc#1137995). - xfs: remove XFS_IO_INVALID (bsc#1138017). - xfs: remove xfs_map_cow (bsc#1138007). - xfs: remove xfs_reflink_find_cow_mapping (bsc#1138010). - xfs: remove xfs_reflink_trim_irec_to_next_cow (bsc#1138006). - xfs: remove xfs_start_page_writeback (bsc#1138015). - xfs: rename the offset variable in xfs_writepage_map (bsc#1138008). - xfs: separate shutdown from ticket reservation print helper (bsc#1145235). - xfs: simplify xfs_map_blocks by using xfs_iext_lookup_extent directly (bsc#1138011). - xfs: skip CoW writes past EOF when writeback races with truncate (bsc#1137998). - xfs: truncate transaction does not modify the inobt (bsc#1145235). - xfs: xfs_reflink_convert_cow() memory allocation deadlock (bsc#1138002). - xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic() (bsc#1051510). - xhci: update bounce buffer with correct sg num (bsc#1051510). - xhci: Use %zu for printing size_t type (bsc#1051510). Important SUSE bug 1012382 SUSE bug 1047238 SUSE bug 1050911 SUSE bug 1051510 SUSE bug 1053043 SUSE bug 1054914 SUSE bug 1055117 SUSE bug 1056686 SUSE bug 1060662 SUSE bug 1061840 SUSE bug 1061843 SUSE bug 1064597 SUSE bug 1064701 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1066369 SUSE bug 1071009 SUSE bug 1071306 SUSE bug 1071995 SUSE bug 1078248 SUSE bug 1082555 SUSE bug 1083647 SUSE bug 1083710 SUSE bug 1085030 SUSE bug 1085536 SUSE bug 1085539 SUSE bug 1086103 SUSE bug 1087092 SUSE bug 1088047 SUSE bug 1090734 SUSE bug 1091171 SUSE bug 1093205 SUSE bug 1094555 SUSE bug 1098633 SUSE bug 1102097 SUSE bug 1102247 SUSE bug 1104902 SUSE bug 1104967 SUSE bug 1106061 SUSE bug 1106284 SUSE bug 1106383 SUSE bug 1106434 SUSE bug 1106751 SUSE bug 1108382 SUSE bug 1109137 SUSE bug 1109158 SUSE bug 1111666 SUSE bug 1112178 SUSE bug 1112894 SUSE bug 1112899 SUSE bug 1112902 SUSE bug 1112903 SUSE bug 1112905 SUSE bug 1112906 SUSE bug 1112907 SUSE bug 1113722 SUSE bug 1114279 SUSE bug 1114542 SUSE bug 1115688 SUSE bug 1117158 SUSE bug 1118139 SUSE bug 1118689 SUSE bug 1119086 SUSE bug 1119222 SUSE bug 1119532 SUSE bug 1120423 SUSE bug 1120566 SUSE bug 1120876 SUSE bug 1120902 SUSE bug 1120937 SUSE bug 1123034 SUSE bug 1123080 SUSE bug 1123105 SUSE bug 1123959 SUSE bug 1124167 SUSE bug 1124370 SUSE bug 1124503 SUSE bug 1127034 SUSE bug 1127155 SUSE bug 1127315 SUSE bug 1127988 SUSE bug 1128432 SUSE bug 1128902 SUSE bug 1128910 SUSE bug 1129424 SUSE bug 1129519 SUSE bug 1129664 SUSE bug 1129770 SUSE bug 1130972 SUSE bug 1131107 SUSE bug 1131281 SUSE bug 1131304 SUSE bug 1131565 SUSE bug 1132154 SUSE bug 1132390 SUSE bug 1132686 SUSE bug 1133021 SUSE bug 1133401 SUSE bug 1134097 SUSE bug 1134291 SUSE bug 1134303 SUSE bug 1134390 SUSE bug 1134671 SUSE bug 1134881 SUSE bug 1134882 SUSE bug 1135219 SUSE bug 1135296 SUSE bug 1135335 SUSE bug 1135556 SUSE bug 1135642 SUSE bug 1135661 SUSE bug 1135897 SUSE bug 1136157 SUSE bug 1136261 SUSE bug 1136811 SUSE bug 1136896 SUSE bug 1136935 SUSE bug 1136990 SUSE bug 1137069 SUSE bug 1137162 SUSE bug 1137221 SUSE bug 1137366 SUSE bug 1137372 SUSE bug 1137429 SUSE bug 1137444 SUSE bug 1137458 SUSE bug 1137534 SUSE bug 1137535 SUSE bug 1137584 SUSE bug 1137586 SUSE bug 1137609 SUSE bug 1137625 SUSE bug 1137728 SUSE bug 1137739 SUSE bug 1137752 SUSE bug 1137811 SUSE bug 1137827 SUSE bug 1137865 SUSE bug 1137884 SUSE bug 1137959 SUSE bug 1137995 SUSE bug 1137996 SUSE bug 1137998 SUSE bug 1137999 SUSE bug 1138000 SUSE bug 1138002 SUSE bug 1138003 SUSE bug 1138005 SUSE bug 1138006 SUSE bug 1138007 SUSE bug 1138008 SUSE bug 1138009 SUSE bug 1138010 SUSE bug 1138011 SUSE bug 1138012 SUSE bug 1138013 SUSE bug 1138014 SUSE bug 1138015 SUSE bug 1138016 SUSE bug 1138017 SUSE bug 1138018 SUSE bug 1138019 SUSE bug 1138374 SUSE bug 1138375 SUSE bug 1138539 SUSE bug 1138589 SUSE bug 1138719 SUSE bug 1139020 SUSE bug 1139021 SUSE bug 1139101 SUSE bug 1139500 SUSE bug 1139771 SUSE bug 1139782 SUSE bug 1139865 SUSE bug 1140012 SUSE bug 1140133 SUSE bug 1140139 SUSE bug 1140155 SUSE bug 1140322 SUSE bug 1140328 SUSE bug 1140405 SUSE bug 1140424 SUSE bug 1140426 SUSE bug 1140428 SUSE bug 1140487 SUSE bug 1140637 SUSE bug 1140652 SUSE bug 1140658 SUSE bug 1140715 SUSE bug 1140719 SUSE bug 1140726 SUSE bug 1140727 SUSE bug 1140728 SUSE bug 1140814 SUSE bug 1140887 SUSE bug 1140888 SUSE bug 1140889 SUSE bug 1140891 SUSE bug 1140893 SUSE bug 1140903 SUSE bug 1140945 SUSE bug 1140948 SUSE bug 1140954 SUSE bug 1140955 SUSE bug 1140956 SUSE bug 1140957 SUSE bug 1140958 SUSE bug 1140959 SUSE bug 1140960 SUSE bug 1140961 SUSE bug 1140962 SUSE bug 1140964 SUSE bug 1140971 SUSE bug 1140972 SUSE bug 1140992 SUSE bug 1141013 SUSE bug 1141401 SUSE bug 1141402 SUSE bug 1141450 SUSE bug 1141452 SUSE bug 1141453 SUSE bug 1141454 SUSE bug 1141478 SUSE bug 1141543 SUSE bug 1141554 SUSE bug 1142019 SUSE bug 1142076 SUSE bug 1142109 SUSE bug 1142112 SUSE bug 1142117 SUSE bug 1142118 SUSE bug 1142119 SUSE bug 1142129 SUSE bug 1142220 SUSE bug 1142221 SUSE bug 1142350 SUSE bug 1142351 SUSE bug 1142354 SUSE bug 1142359 SUSE bug 1142450 SUSE bug 1142496 SUSE bug 1142541 SUSE bug 1142635 SUSE bug 1142685 SUSE bug 1142701 SUSE bug 1142857 SUSE bug 1142868 SUSE bug 1143003 SUSE bug 1143105 SUSE bug 1143185 SUSE bug 1143300 SUSE bug 1143466 SUSE bug 1143507 SUSE bug 1143765 SUSE bug 1143841 SUSE bug 1143843 SUSE bug 1144123 SUSE bug 1144333 SUSE bug 1144474 SUSE bug 1144518 SUSE bug 1144718 SUSE bug 1144813 SUSE bug 1144880 SUSE bug 1144886 SUSE bug 1144912 SUSE bug 1144920 SUSE bug 1144979 SUSE bug 1145010 SUSE bug 1145024 SUSE bug 1145051 SUSE bug 1145059 SUSE bug 1145189 SUSE bug 1145235 SUSE bug 1145300 SUSE bug 1145302 SUSE bug 1145388 SUSE bug 1145389 SUSE bug 1145390 SUSE bug 1145391 SUSE bug 1145392 SUSE bug 1145393 SUSE bug 1145394 SUSE bug 1145395 SUSE bug 1145396 SUSE bug 1145397 SUSE bug 1145408 SUSE bug 1145409 SUSE bug 1145661 SUSE bug 1145678 SUSE bug 1145687 SUSE bug 1145920 SUSE bug 1145922 SUSE bug 1145934 SUSE bug 1145937 SUSE bug 1145940 SUSE bug 1145941 SUSE bug 1145942 SUSE bug 1146042 SUSE bug 1146074 SUSE bug 1146084 SUSE bug 1146163 SUSE bug 1146285 SUSE bug 1146346 SUSE bug 1146351 SUSE bug 1146352 SUSE bug 1146361 SUSE bug 1146376 SUSE bug 1146378 SUSE bug 1146381 SUSE bug 1146391 SUSE bug 1146399 SUSE bug 1146413 SUSE bug 1146425 SUSE bug 1146512 SUSE bug 1146514 SUSE bug 1146516 SUSE bug 1146519 SUSE bug 1146524 SUSE bug 1146526 SUSE bug 1146529 SUSE bug 1146531 SUSE bug 1146540 SUSE bug 1146543 SUSE bug 1146547 SUSE bug 1146550 SUSE bug 1146575 SUSE bug 1146589 SUSE bug 1146664 SUSE bug 1146678 SUSE bug 1146938 SUSE bug 1148031 SUSE bug 1148032 SUSE bug 1148033 SUSE bug 1148034 SUSE bug 1148035 SUSE bug 1148093 SUSE bug 1148133 SUSE bug 1148192 SUSE bug 1148196 SUSE bug 1148198 SUSE bug 1148202 SUSE bug 1148303 SUSE bug 1148363 SUSE bug 1148379 SUSE bug 1148394 SUSE bug 1148527 SUSE bug 1148574 SUSE bug 1148616 SUSE bug 1148617 SUSE bug 1148619 SUSE bug 1148698 SUSE bug 1148712 SUSE bug 1148859 SUSE bug 1148868 SUSE bug 1149053 SUSE bug 1149083 SUSE bug 1149104 SUSE bug 1149105 SUSE bug 1149106 SUSE bug 1149197 SUSE bug 1149214 SUSE bug 1149224 SUSE bug 1149313 SUSE bug 1149325 SUSE bug 1149376 SUSE bug 1149413 SUSE bug 1149418 SUSE bug 1149424 SUSE bug 1149446 SUSE bug 1149522 SUSE bug 1149527 SUSE bug 1149539 SUSE bug 1149552 SUSE bug 1149555 SUSE bug 1149591 SUSE bug 1149602 SUSE bug 1149612 SUSE bug 1149626 SUSE bug 1149651 SUSE bug 1149652 SUSE bug 1149713 SUSE bug 1149940 SUSE bug 1149959 SUSE bug 1149963 SUSE bug 1149976 SUSE bug 1150025 SUSE bug 1150033 SUSE bug 1150112 SUSE bug 1150381 SUSE bug 1150423 SUSE bug 1150562 SUSE bug 1150727 SUSE bug 1150860 SUSE bug 1150861 SUSE bug 1150933 SUSE bug 1151350 SUSE bug 1151610 SUSE bug 1151667 SUSE bug 1151671 SUSE bug 1151891 SUSE bug 1151955 SUSE bug 1152024 SUSE bug 1152025 SUSE bug 1152026 SUSE bug 1152161 SUSE bug 1152325 SUSE bug 1152457 SUSE bug 1152460 SUSE bug 1152466 SUSE bug 1152972 SUSE bug 1152974 SUSE bug 1152975 CVE-2017-18551 CVE-2017-18595 CVE-2018-20976 CVE-2018-21008 CVE-2019-10207 CVE-2019-11479 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14821 CVE-2019-14835 CVE-2019-15030 CVE-2019-15031 CVE-2019-15090 CVE-2019-15098 CVE-2019-15117 CVE-2019-15118 CVE-2019-15211 CVE-2019-15212 CVE-2019-15214 CVE-2019-15215 CVE-2019-15216 CVE-2019-15217 CVE-2019-15218 CVE-2019-15219 CVE-2019-15220 CVE-2019-15221 CVE-2019-15222 CVE-2019-15239 CVE-2019-15290 CVE-2019-15291 CVE-2019-15292 CVE-2019-15538 CVE-2019-15666 CVE-2019-15902 CVE-2019-15917 CVE-2019-15919 CVE-2019-15920 CVE-2019-15921 CVE-2019-15924 CVE-2019-15926 CVE-2019-15927 CVE-2019-9456 CVE-2019-9506 cpe:/o:suse:suse-linux-enterprise-rt:12:sp4 SUSE Linux Enterprise Real Time 12 SP4 The SUSE Linux Enterprise 12 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-15916: Fixed a memory leak in register_queue_kobjects() which might have led denial of service (bsc#1149448). - CVE-2019-0154: Fixed an improper access control in subsystem for Intel (R) processor graphics whichs may have allowed an authenticated user to potentially enable denial of service via local access (bsc#1135966). - CVE-2019-0155: Fixed an improper access control in subsystem for Intel (R) processor graphics whichs may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1135967). - CVE-2019-16231: Fixed a NULL pointer dereference due to lack of checking the alloc_workqueue return value (bsc#1150466). - CVE-2019-18805: Fixed an integer overflow in tcp_ack_update_rtt() leading to a denial of service or possibly unspecified other impact (bsc#1156187). - CVE-2019-17055: Enforced CAP_NET_RAW in the AF_ISDN network module to restrict unprivileged users to create a raw socket (bsc#1152782). - CVE-2019-16995: Fixed a memory leak in hsr_dev_finalize() which may have caused denial of service (bsc#1152685). - CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack.(bsc#1139073). The Linux kernel was supplemented with the option to disable TSX operation altogether (requiring CPU Microcode updates on older systems) and better flushing of microarchitectural buffers (VERW). The set of options available is described in our TID at https://www.suse.com/support/kb/doc/?id=7024251 - CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150457). - CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. - CVE-2019-10220: Added sanity checks on the pathnames passed to the user space. (bsc#1144903) - CVE-2019-17666: rtlwifi: Fix potential overflow in P2P code (bsc#1154372). - CVE-2019-16232: Fix a potential NULL pointer dereference in the Marwell libertas driver (bsc#1150465). - CVE-2019-16234: iwlwifi pcie driver did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150452). - CVE-2019-17133: cfg80211 wireless extension did not reject a long SSID IE, leading to a Buffer Overflow (bsc#1153158). - CVE-2019-17056: The AF_NFC network module did not enforce CAP_NET_RAW, which meant that unprivileged users could create a raw socket (bsc#1152788). The following non-security bugs were fixed: - 9p: avoid attaching writeback_fid on mmap with type PRIVATE (bsc#1051510). - ACPI / CPPC: do not require the _PSD method (bsc#1051510). - ACPI: CPPC: Set pcc_data[pcc_ss_id] to NULL in acpi_cppc_processor_exit() (bsc#1051510). - ACPI / processor: do not print errors for processorIDs == 0xff (bsc#1051510). - act_mirred: Fix mirred_init_module error handling (bsc#1051510). - Add kernel module compression support (bsc#1135854) For enabling the kernel module compress, add the item COMPRESS_MODULES='xz' in config.sh, then mkspec will pass it to the spec file. - alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP (bsc#1151680). - ALSA: bebob: Fix prototype of helper function to return negative value (bsc#1051510). - ALSA: bebob: fix to detect configured source of sampling clock for Focusrite Saffire Pro i/o series (git-fixes). - ALSA: hda: Add Cometlake-S PCI ID (git-fixes). - ALSA: hda: Add Elkhart Lake PCI ID (bsc#1051510). - ALSA: hda - Add laptop imic fixup for ASUS M9V laptop (bsc#1051510). - ALSA: hda: Add support of Zhaoxin controller (bsc#1051510). - ALSA: hda: Add Tigerlake/Jasperlake PCI ID (bsc#1051510). - ALSA: hda - Apply AMD controller workaround for Raven platform (bsc#1051510). - ALSA: hda/ca0132 - Fix possible workqueue stall (bsc#1155836). - ALSA: hda - Define a fallback_pin_fixup_tbl for alc269 family (bsc#1051510). - ALSA: hda - Drop unsol event handler for Intel HDMI codecs (bsc#1051510). - ALSA: hda - Expand pin_match function to match upcoming new tbls (bsc#1051510). - ALSA: hda: Flush interrupts on disabling (bsc#1051510). - ALSA: hda/hdmi: remove redundant assignment to variable pcm_idx (bsc#1051510). - ALSA: hda - Inform too slow responses (bsc#1051510). - ALSA: hda/intel: add CometLake PCI IDs (bsc#1156729). - ALSA: hda/realtek - Add support for ALC623 (bsc#1051510). - ALSA: hda/realtek - Add support for ALC711 (bsc#1051510). - ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93 (bsc#1051510). - ALSA: hda/realtek - Check beep whitelist before assigning in all codecs (bsc#1051510). - ALSA: hda/realtek - Fix 2 front mics of codec 0x623 (bsc#1051510). - ALSA: hda/realtek - Fix alienware headset mic (bsc#1051510). - ALSA: hda/realtek: Reduce the Headphone static noise on XPS 9350/9360 (bsc#1051510). - ALSA: hda: Set fifo_size for both playback and capture streams (bsc#1051510). - ALSA: hda - Show the fatal CORB/RIRB error more clearly (bsc#1051510). - ALSA: hda/sigmatel - remove unused variable 'stac9200_core_init' (bsc#1051510). - ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls() (bsc#1051510). - ALSA: line6: sizeof (byte) is always 1, use that fact (bsc#1051510). - ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed() (git-fixes). - ALSA: timer: Fix incorrectly assigned timer instance (git-fixes). - ALSA: timer: Fix mutex deadlock at releasing card (bsc#1051510). - ALSA: usb-audio: Add Pioneer DDJ-SX3 PCM quirck (bsc#1051510). - ALSA: usb-audio: Disable quirks for BOSS Katana amplifiers (bsc#1051510). - ALSA: usb-audio: Fix missing error check at mixer resolution test (git-fixes). - ALSA: usb-audio: not submit urb for stopped endpoint (git-fixes). - ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid (bsc#1051510). - appletalk: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - arcnet: provide a buffer big enough to actually receive packets (networking-stable-19_09_30). - arm64: Update config files. (bsc#1156466) Enable HW_RANDOM_OMAP driver and mark driver omap-rng as supported. - ASoC: Define a set of DAPM pre/post-up events (bsc#1051510). - ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set (bsc#1051510). - ASoC: Intel: Fix use of potentially uninitialized variable (bsc#1051510). - ASoC: Intel: NHLT: Fix debug print format (bsc#1051510). - ASoc: rockchip: i2s: Fix RPM imbalance (bsc#1051510). - ASoC: rsnd: Reinitialize bit clock inversion flag for every format setting (bsc#1051510). - ASoC: sgtl5000: Fix charge pump source assignment (bsc#1051510). - auxdisplay: panel: need to delete scan_timer when misc_register fails in panel_attach (bsc#1051510). - ax25: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - Blacklist 'signal: Correct namespace fixups of si_pid and si_uid' (bsc#1142667) - blk-wbt: abstract out end IO completion handler (bsc#1135873). - blk-wbt: fix has-sleeper queueing check (bsc#1135873). - blk-wbt: improve waking of tasks (bsc#1135873). - blk-wbt: move disable check into get_limit() (bsc#1135873). - blk-wbt: use wq_has_sleeper() for wq active check (bsc#1135873). - block: add io timeout to sysfs (bsc#1148410). - block: do not show io_timeout if driver has no timeout handler (bsc#1148410). - Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices (bsc#1051510). - bnx2x: Fix VF's VLAN reconfiguration in reload (bsc#1086323 ). - bpf: fix use after free in prog symbol exposure (bsc#1083647). - bridge/mdb: remove wrong use of NLM_F_MULTI (networking-stable-19_09_15). - Btrfs: bail out gracefully rather than BUG_ON (bsc#1153646). - Btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group() (bsc#1155178). - Btrfs: check for the full sync flag while holding the inode lock during fsync (bsc#1153713). - Btrfs: Ensure btrfs_init_dev_replace_tgtdev sees up to date values (bsc#1154651). - Btrfs: Ensure replaced device does not have pending chunk allocation (bsc#1154607). - Btrfs: fix log context list corruption after rename exchange operation (bsc#1156494). - Btrfs: qgroup: Always free PREALLOC META reserve in btrfs_delalloc_release_extents() (bsc#1155179). - Btrfs: remove wrong use of volume_mutex from btrfs_dev_replace_start (bsc#1154651). - Btrfs: tracepoints: Fix bad entry members of qgroup events (bsc#1155186). - Btrfs: tracepoints: Fix wrong parameter order for qgroup events (bsc#1155184). - can: dev: call netif_carrier_off() in register_candev() (bsc#1051510). - can: mcp251x: mcp251x_hw_reset(): allow more time after a reset (bsc#1051510). - can: xilinx_can: xcan_probe(): skip error message on deferred probe (bsc#1051510). - cdc_ether: fix rndis support for Mediatek based smartphones (networking-stable-19_09_15). - cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize (bsc#1051510). - ceph: fix directories inode i_blkbits initialization (bsc#1153717). - ceph: reconnect connection if session hang in opening state (bsc#1153718). - ceph: update the mtime when truncating up (bsc#1153719). - cfg80211: add and use strongly typed element iteration macros (bsc#1051510). - cfg80211: Purge frame registrations on iftype change (bsc#1051510). - clk: at91: select parent if main oscillator or bypass is enabled (bsc#1051510). - clk: qoriq: Fix -Wunused-const-variable (bsc#1051510). - clk: sirf: Do not reference clk_init_data after registration (bsc#1051510). - clk: zx296718: Do not reference clk_init_data after registration (bsc#1051510). - crypto: af_alg - consolidation of duplicate code (bsc#1154737). - crypto: af_alg - fix race accessing cipher request (bsc#1154737). - crypto: af_alg - Fix race around ctx->rcvused by making it atomic_t (bsc#1154737). - crypto: af_alg - Initialize sg_num_bytes in error code path (bsc#1051510). - crypto: af_alg - remove locking in async callback (bsc#1154737). - crypto: af_alg - update correct dst SGL entry (bsc#1051510). - crypto: af_alg - wait for data at beginning of recvmsg (bsc#1154737). - crypto: algif_aead - copy AAD from src to dst (bsc#1154737). - crypto: algif_aead - fix reference counting of null skcipher (bsc#1154737). - crypto: algif_aead - overhaul memory management (bsc#1154737). - crypto: algif_aead - skip SGL entries with NULL page (bsc#1154737). - crypto: algif - return error code when no data was processed (bsc#1154737). - crypto: algif_skcipher - overhaul memory management (bsc#1154737). - crypto: talitos - fix missing break in switch statement (bsc#1142635). - cxgb4: fix endianness for vlan value in cxgb4_tc_flower (bsc#1064802 bsc#1066129). - cxgb4:Fix out-of-bounds MSI-X info array access (networking-stable-19_10_05). - cxgb4: offload VLAN flows regardless of VLAN ethtype (bsc#1064802 bsc#1066129). - cxgb4: reduce kernel stack usage in cudbg_collect_mem_region() (bsc#1073513). - cxgb4: Signedness bug in init_one() (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: smt: Add lock for atomic_dec_and_test (bsc#1064802 bsc#1066129). - dasd_fba: Display '00000000' for zero page when dumping sense (bsc#1123080). - dmaengine: bcm2835: Print error in case setting DMA mask fails (bsc#1051510). - dmaengine: imx-sdma: fix size check for sdma script_number (bsc#1051510). - drm/amdgpu: Check for valid number of registers to read (bsc#1051510). - drm/amdgpu/si: fix ASIC tests (git-fixes). - drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2) (bsc#1051510). - drm/ast: Fixed reboot test may cause system hanged (bsc#1051510). - drm/bridge: tc358767: Increase AUX transfer length limit (bsc#1051510). - drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50 (bsc#1051510). - drm: Flush output polling on shutdown (bsc#1051510). - drm/i915: Add gen9 BCS cmdparsing (bsc#1135967) - drm/i915: Add support for mandatory cmdparsing (bsc#1135967) - drm/i915: Allow parsing of unsized batches (bsc#1135967) - drm/i915/cmdparser: Add support for backward jumps (bsc#1135967) - drm/i915/cmdparser: Ignore Length operands during command matching (bsc#1135967) - drm/i915/cmdparser: Use explicit goto for error paths (bsc#1135967) - drm/i915: Disable Secure Batches for gen6+ - drm/i915/gen8+: Add RC6 CTX corruption WA (bsc#1135967) - drm/i915/gtt: Add read only pages to gen8_pte_encode (bsc#1135967) - drm/i915/gtt: Disable read-only support under GVT (bsc#1135967) - drm/i915/gtt: Read-only pages for insert_entries on bdw (bsc#1135967) - drm/i915: Lower RM timeout to avoid DSI hard hangs (bsc#1135967) - drm/i915: Prevent writing into a read-only object via a GGTT mmap (bsc#1135967) - drm/i915: Remove Master tables from cmdparser - drm/i915: Rename gen7 cmdparser tables (bsc#1135967) - drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (bsc#1135967) - drm/msm/dsi: Implement reset correctly (bsc#1051510). - drm/panel: simple: fix AUO g185han01 horizontal blanking (bsc#1051510). - drm/radeon: Fix EEH during kexec (bsc#1051510). - drm/tilcdc: Register cpufreq notifier after we have initialized crtc (bsc#1051510). - drm/vmwgfx: Fix double free in vmw_recv_msg() (bsc#1051510). - Drop multiversion(kernel) from the KMP template (bsc#1127155). - e1000e: add workaround for possible stalled packet (bsc#1051510). - efi: cper: print AER info of PCIe fatal error (bsc#1051510). - efi/memattr: Do not bail on zero VA if it equals the region's PA (bsc#1051510). - efivar/ssdt: Do not iterate over EFI vars if no SSDT override was specified (bsc#1051510). - firmware: dmi: Fix unlikely out-of-bounds read in save_mem_devices (git-fixes). - Fix AMD IOMMU kABI (bsc#1154610). - Fix KVM kABI after x86 mmu backports (bsc#1117665). - Fix NULL pointer dereference in fc_lookup_rport (bsc#1098291). - gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property() (bsc#1051510). - HID: apple: Fix stuck function keys when using FN (bsc#1051510). - HID: fix error message in hid_open_report() (bsc#1051510). - HID: hidraw: Fix invalid read in hidraw_ioctl (bsc#1051510). - HID: logitech: Fix general protection fault caused by Logitech driver (bsc#1051510). - HID: logitech-hidpp: do all FF cleanup in hidpp_ff_destroy() (bsc#1051510). - HID: prodikeys: Fix general protection fault during probe (bsc#1051510). - HID: sony: Fix memory corruption issue on cleanup (bsc#1051510). - hso: fix NULL-deref on tty open (bsc#1051510). - hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap' (bsc#1051510). - hwrng: core - do not wait on add_early_randomness() (git-fixes). - hyperv: set nvme msi interrupts to unmanaged (jsc#SLE-8953, jsc#SLE-9221, jsc#SLE-4941, bsc#1119461, bsc#1119465, bsc#1138190, bsc#1154905). - i2c: riic: Clear NACK in tend isr (bsc#1051510). - IB/core: Add mitigation for Spectre V1 (bsc#1155671) - IB/core, ipoib: Do not overreact to SM LID change event (bsc#1154108) - IB/hfi1: Remove overly conservative VM_EXEC flag check (bsc#1144449). - IB/mlx5: Consolidate use_umr checks into single function (bsc#1093205). - IB/mlx5: Fix MR re-registration flow to use UMR properly (bsc#1093205). - IB/mlx5: Report correctly tag matching rendezvous capability (bsc#1046305). - ieee802154: atusb: fix use-after-free at disconnect (bsc#1051510). - ieee802154: ca8210: prevent memory leak (bsc#1051510). - ieee802154: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - iio: adc: ad799x: fix probe error handling (bsc#1051510). - iio: light: opt3001: fix mutex unlock race (bsc#1051510). - ima: always return negative code for error (bsc#1051510). - Input: da9063 - fix capability and drop KEY_SLEEP (bsc#1051510). - Input: synaptics-rmi4 - avoid processing unknown IRQs (bsc#1051510). - integrity: prevent deadlock during digsig verification (bsc#1090631). - iommu/amd: Apply the same IVRS IOAPIC workaround to Acer Aspire A315-41 (bsc#1137799). - iommu/amd: Check PM_LEVEL_SIZE() condition in locked section (bsc#1154608). - iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge systems (bsc#1137799). - iommu/amd: Remove domain->updated (bsc#1154610). - iommu/amd: Wait for completion of IOTLB flush in attach_device (bsc#1154611). - ipmi_si: Only schedule continuously in the thread in maintenance mode (bsc#1051510). - ipv6: drop incoming packets having a v4mapped source address (networking-stable-19_10_05). - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()' (networking-stable-19_09_15). - ipv6: Handle missing host route in __ipv6_ifa_notify (networking-stable-19_10_05). - iwlwifi: do not panic in error path on non-msix systems (bsc#1155692). - iwlwifi: exclude GEO SAR support for 3168 (git-fixes). - ixgbe: Prevent u8 wrapping of ITR value to something less than 10us (bsc#1101674). - ixgbe: sync the first fragment unconditionally (bsc#1133140). - kABI: net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05). - kABI/severities: Whitelist functions internal to radix mm. To call these functions you have to first detect if you are running in radix mm mode which can't be expected of OOT code. - kABI workaround for crypto/af_alg changes (bsc#1154737). - kABI workaround for drm_vma_offset_node readonly field addition (bsc#1135967) - kABI workaround for snd_hda_pick_pin_fixup() changes (bsc#1051510). - kernel-binary: Drop .kernel-binary.spec.buildenv (boo#1154578). - kernel-binary.spec.in: Fix build of non-modular kernels (boo#1154578). - kernel-binary.spec.in: Obsolete kgraft packages only when not building them. - kernel-subpackage-build: create zero size ghost for uncompressed vmlinux (bsc#1154354). It is not strictly necessary to uncompress it so maybe the ghost file can be 0 size in this case. - kernel/sysctl.c: do not override max_threads provided by userspace (bnc#1150875). - ksm: cleanup stable_node chain collapse case (bnc#1144338). - ksm: fix use after free with merge_across_nodes = 0 (bnc#1144338). - ksm: introduce ksm_max_page_sharing per page deduplication limit (bnc#1144338). - ksm: optimize refile of stable_node_dup at the head of the chain (bnc#1144338). - ksm: swap the two output parameters of chain/chain_prune (bnc#1144338). - KVM: Convert kvm_lock to a mutex (bsc#1117665). - KVM: MMU: drop vcpu param in gpte_access (bsc#1117665). - KVM: PPC: Book3S HV: use smp_mb() when setting/clearing host_ipi flag (bsc#1061840). - KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (bsc#1117665). - KVM: x86: add tracepoints around __direct_map and FNAME(fetch) (bsc#1117665). - KVM: x86: adjust kvm_mmu_page member to save 8 bytes (bsc#1117665). - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (bsc#1117665). - KVM: x86: Do not release the page inside mmu_set_spte() (bsc#1117665). - KVM: x86: make FNAME(fetch) and __direct_map more similar (bsc#1117665). - KVM: x86, powerpc: do not allow clearing largepages debugfs entry (bsc#1117665). - KVM: x86: remove now unneeded hugepage gfn adjustment (bsc#1117665). - libertas: Add missing sentinel at end of if_usb.c fw_table (bsc#1051510). - lib/mpi: Fix karactx leak in mpi_powm (bsc#1051510). - lib/scatterlist: Fix chaining support in sgl_alloc_order() (git-fixes). - lib/scatterlist: Introduce sgl_alloc() and sgl_free() (git-fixes). - mac80211: accept deauth frames in IBSS mode (bsc#1051510). - mac80211: fix txq null pointer dereference (bsc#1051510). - mac80211: Reject malformed SSID elements (bsc#1051510). - macsec: drop skb sk before calling gro_cells_receive (bsc#1051510). - md/raid0: avoid RAID0 data corruption due to layout confusion (bsc#1140090). - md/raid0: fix warning message for parameter default_layout (bsc#1140090). - media: atmel: atmel-isc: fix asd memory allocation (bsc#1135642). - media: cpia2_usb: fix memory leaks (bsc#1051510). - media: dvb-core: fix a memory leak bug (bsc#1051510). - media: exynos4-is: fix leaked of_node references (bsc#1051510). - media: gspca: zero usb_buf on error (bsc#1051510). - media: hdpvr: Add device num check and handling (bsc#1051510). - media: hdpvr: add terminating 0 at end of string (bsc#1051510). - media: i2c: ov5645: Fix power sequence (bsc#1051510). - media: iguanair: add sanity checks (bsc#1051510). - media: omap3isp: Do not set streaming state on random subdevs (bsc#1051510). - media: omap3isp: Set device on omap3isp subdevs (bsc#1051510). - media: ov9650: add a sanity check (bsc#1051510). - media: radio/si470x: kill urb on error (bsc#1051510). - media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate() (bsc#1051510). - media: saa7146: add cleanup in hexium_attach() (bsc#1051510). - media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table (bsc#1051510). - media: stkwebcam: fix runtime PM after driver unbind (bsc#1051510). - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() (bsc#1051510). - memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()' (bsc#1051510). - mfd: intel-lpss: Remove D3cold delay (bsc#1051510). - mISDN: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - mld: fix memory leak in mld_del_delrec() (networking-stable-19_09_05). - mmc: sdhci-esdhc-imx: correct the fix of ERR004536 (git-fixes). - mmc: sdhci: Fix incorrect switch to HS mode (bsc#1051510). - mmc: sdhci: improve ADMA error reporting (bsc#1051510). - mmc: sdhci-of-esdhc: set DMA snooping based on DMA coherence (bsc#1051510). - mtd: nand: mtk: fix incorrect register setting order about ecc irq. - netfilter: nf_nat: do not bug when mapping already exists (bsc#1146612). - net: Fix null de-reference of device refcount (networking-stable-19_09_15). - net: fix skb use after free in netpoll (networking-stable-19_09_05). - net: gso: Fix skb_segment splat when splitting gso_size mangled skb having linear-headed frag_list (networking-stable-19_09_15). - net/ibmvnic: Fix EOI when running in XIVE mode (bsc#1089644, ltc#166495, ltc#165544, git-fixes). - net/mlx4_en: fix a memory leak bug (bsc#1046299). - net/mlx5: Add device ID of upcoming BlueField-2 (bsc#1046303 ). - net/mlx5: Fix error handling in mlx5_load() (bsc#1046305 ). - net: openvswitch: free vport unless register_netdevice() succeeds (git-fixes). - net/phy: fix DP83865 10 Mbps HDX loopback disable function (networking-stable-19_09_30). - net: qlogic: Fix memory leak in ql_alloc_large_buffers (networking-stable-19_10_05). - net: qrtr: Stop rx_worker before freeing node (networking-stable-19_09_30). - net/rds: Fix error handling in rds_ib_add_one() (networking-stable-19_10_05). - net/rds: fix warn in rds_message_alloc_sgs (bsc#1154848). - net/rds: remove user triggered WARN_ON in rds_sendmsg (bsc#1154848). - net: Replace NF_CT_ASSERT() with WARN_ON() (bsc#1146612). - net/sched: act_sample: do not push mac header on ip6gre ingress (networking-stable-19_09_30). - net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05). - net_sched: add policy validation for action attributes (networking-stable-19_09_30). - net_sched: fix backward compatibility for TCA_ACT_KIND (git-fixes). - net/smc: fix SMCD link group creation with VLAN id (bsc#1154959). - net: stmmac: dwmac-rk: Do not fail if phy regulator is absent (networking-stable-19_09_05). - net: Unpublish sk from sk_reuseport_cb before call_rcu (networking-stable-19_10_05). - NFC: fix attrs checks in netlink interface (bsc#1051510). - NFC: fix memory leak in llcp_sock_bind() (bsc#1051510). - NFC: pn533: fix use-after-free and memleaks (bsc#1051510). - NFS: fix incorrectly backported patch (boo#1154189 bsc#1154747). - NFSv4.1 - backchannel request should hold ref on xprt (bsc#1152624). - nl80211: fix null pointer dereference (bsc#1051510). - objtool: Clobber user CFLAGS variable (bsc#1153236). - openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC (networking-stable-19_09_30). - packaging: add support for riscv64 - Parametrize kgraft vs livepatch. - PCI: Correct pci=resource_alignment parameter example (bsc#1051510). - PCI: dra7xx: Fix legacy INTD IRQ handling (bsc#1087092). - PCI: hv: Use bytes 4 and 5 from instance ID as the PCI domain numbers (bsc#1153263). - PCI: PM: Fix pci_power_up() (bsc#1051510). - pinctrl: tegra: Fix write barrier placement in pmx_writel (bsc#1051510). - platform/x86: classmate-laptop: remove unused variable (bsc#1051510). - platform/x86: pmc_atom: Add Siemens SIMATIC IPC277E to critclk_systems DMI table (bsc#1051510). - powerpc/64: Make meltdown reporting Book3S 64 specific (bsc#1091041). - powerpc/64s/pseries: radix flush translations before MMU is enabled at boot (bsc#1055186). - powerpc/64s/radix: keep kernel ERAT over local process/guest invalidates (bsc#1055186). - powerpc/64s/radix: tidy up TLB flushing code (bsc#1055186). - powerpc/64s: Rename PPC_INVALIDATE_ERAT to PPC_ISA_3_0_INVALIDATE_ERAT (bsc#1055186). - powerpc/mm/book3s64: Move book3s64 code to pgtable-book3s64 (bsc#1055186). - powerpc/mm: mark more tlb functions as __always_inline (bsc#1055186). - powerpc/mm: Properly invalidate when setting process table base (bsc#1055186). - powerpc/mm/radix: mark as __tlbie_pid() and friends as__always_inline (bsc#1055186). - powerpc/mm/radix: mark __radix__flush_tlb_range_psize() as __always_inline (bsc#1055186). - powerpc/pseries: address checkpatch warnings in dlpar_offline_cpu (bsc#1156700 ltc#182459). - powerpc/pseries: Export maximum memory value (bsc#1122363). - powerpc/pseries: Export raw per-CPU VPA data via debugfs (). - powerpc/pseries/mobility: use cond_resched when updating device tree (bsc#1153112 ltc#181778). - powerpc/pseries: Remove confusing warning message (bsc#1109158). - powerpc/pseries: safely roll back failed DLPAR cpu add (bsc#1156700 ltc#182459). - powerpc/rtas: allow rescheduling while changing cpu states (bsc#1153112 ltc#181778). - powerpc/security/book3s64: Report L1TF status in sysfs (bsc#1091041). - powerpc/security: Fix wrong message when RFI Flush is disable (bsc#1131107). - powerpc/xive: Prevent page fault issues in the machine crash handler (bsc#1156882 ltc#182435). - power: supply: max14656: fix potential use-after-free (bsc#1051510). - power: supply: sysfs: ratelimit property read error message (bsc#1051510). - Pull packaging cleanup from mkubecek. - qed: iWARP - Fix default window size to be based on chip (bsc#1050536 bsc#1050545). - qed: iWARP - Fix tc for MPA ll2 connection (bsc#1050536 bsc#1050545). - qed: iWARP - fix uninitialized callback (bsc#1050536 bsc#1050545). - qed: iWARP - Use READ_ONCE and smp_store_release to access ep->state (bsc#1050536 bsc#1050545). - qmi_wwan: add support for Cinterion CLS8 devices (networking-stable-19_10_05). - r8152: Set macpassthru in reset_resume callback (bsc#1051510). - RDMA/bnxt_re: Fix spelling mistake 'missin_resp' -> 'missing_resp' (bsc#1050244). - RDMA: Fix goto target to release the allocated memory (bsc#1050244). - rds: Fix warning (bsc#1154848). - reiserfs: fix extended attributes on the root directory (bsc#1151225). - rpm/config.sh: Enable kgraft. - rpm/config.sh: Enable livepatch. - rpm/constraints.in: lower disk space required for ARM With a requirement of 35GB, only 2 slow workers are usable for ARM. Current aarch64 build requires 27G and armv6/7 requires 14G. Set requirements respectively to 30GB and 20GB. - rpm/dtb.spec.in.in: do not make dtb directory inaccessible There is no reason to lock down the dtb directory for ordinary users. - rpm/kernel-binary.spec.in: build kernel-*-kgraft only for default SLE kernel RT and Azure variants are excluded for the moment. (bsc#1141600) - rpm/kernel-binary.spec.in: Fix kernel-livepatch description typo. - rpm/kernel-binary.spec.in: handle modules.builtin.modinfo It was added in 5.2. - rpm/kernel-binary.spec.in: support partial rt debug config. - rpm/kernel-subpackage-spec: Mention debuginfo in the subpackage description (bsc#1149119). - rpm/macros.kernel-source: KMPs should depend on kmod-compat to build. kmod-compat links are used in find-provides.ksyms, find-requires.ksyms, and find-supplements.ksyms in rpm-config-SUSE. - rpm/mkspec: Correct tarball URL for rc kernels. - rpm/mkspec: Make building DTBs optional. - rpm/modflist: Simplify compression support. - rpm: raise required disk space for binary packages Current disk space constraints (10 GB on s390x, 25 GB on other architectures) no longer suffice for 5.3 kernel builds. The statistics show ~30 GB of disk consumption on x86_64 and ~11 GB on s390x so raise the constraints to 35 GB in general and 14 GB on s390x. - rpm: support compressed modules Some of our scripts and scriptlets in rpm/ do not expect module files not ending with '.ko' which currently leads to failure in preuninstall scriptlet of cluster-md-kmp-default (and probably also other subpackages). Let those which could be run on compressed module files recognize '.ko.xz' in addition to '.ko'. - rtlwifi: rtl8192cu: Fix value set in descriptor (bsc#1142635). - s390/cmf: set_schib_wait add timeout (bsc#1153509, bsc#1153476). - s390/cpumsf: Check for CPU Measurement sampling (bsc#1153681 LTC#181855). - s390/crypto: fix gcm-aes-s390 selftest failures (bsc#1137861 LTC#178091). - sc16is7xx: Fix for 'Unexpected interrupt: 8' (bsc#1051510). - sch_cbq: validate TCA_CBQ_WRROPT to avoid crash (networking-stable-19_10_05). - sch_dsmark: fix potential NULL deref in dsmark_init() (networking-stable-19_10_05). - sched/fair: Avoid divide by zero when rebalancing domains (bsc#1096254). - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero (networking-stable-19_09_15). - sch_netem: fix a divide by zero in tabledist() (networking-stable-19_09_30). - scripts/arch-symbols: add missing link. - scsi: lpfc: Fix devices that do not return after devloss followed by rediscovery (bsc#1137040). - scsi: lpfc: Fix null ptr oops updating lpfc_devloss_tmo via sysfs attribute (bsc#1140845). - scsi: lpfc: Fix propagation of devloss_tmo setting to nvme transport (bsc#1140883). - scsi: lpfc: Honor module parameter lpfc_use_adisc (bsc#1153628). - scsi: lpfc: Limit xri count for kdump environment (bsc#1154124). - scsi: lpfc: Remove bg debugfs buffers (bsc#1144375). - scsi: qedf: fc_rport_priv reference counting fixes (bsc#1098291). - scsi: qedf: Modify abort and tmf handler to handle edge condition and flush (bsc#1098291). - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Do command completion on abort timeout (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: do not use zero for FC4_PRIORITY_NVME (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix a dma_pool_free() call (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix device connect issues in P2P configuration (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix double scsi_done for abort path (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix driver unload hang (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix memory leak when sending I/O fails (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix N2N link reset (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix N2N link up fail (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix partial flash write of MBI (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix SRB leak on switch command timeout (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: fixup incorrect usage of host_byte (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix wait condition in loop (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Improve logging for scan thread (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Initialized mailbox to prevent driver load failure (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: initialize fc4_type_priority (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Remove an include directive (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: remove redundant assignment to pointer host (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Retry PLOGI on FC-NVMe PRLI failure (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Set remove flag for all VP (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Silence fwdump template message (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: stop timer in shutdown path (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Update driver version to 10.01.00.21-k (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: sd: Ignore a failure to sync cache due to lack of authorization (git-fixes). - scsi: storvsc: Add ability to change scsi queue depth (bsc#1155021). - scsi: storvsc: setup 1:1 mapping between hardware queue and CPU queue (bsc#1140729). - scsi: zfcp: fix reaction on bit error threshold notification (bsc#1154956 LTC#182054). - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()' (networking-stable-19_09_15). - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike (networking-stable-19_09_15). - serial: fix kernel-doc warning in comments (bsc#1051510). - serial: mctrl_gpio: Check for NULL pointer (bsc#1051510). - serial: uartlite: fix exit path null pointer (bsc#1051510). - skge: fix checksum byte order (networking-stable-19_09_30). - sock_diag: fix autoloading of the raw_diag module (bsc#1152791). - sock_diag: request _diag module only when the family or proto has been registered (bsc#1152791). - staging: rtl8188eu: fix null dereference when kzalloc fails (bsc#1051510). - staging: vt6655: Fix memory leak in vt6655_probe (bsc#1051510). - staging: wlan-ng: fix exit return when sme->key_idx >= NUM_WEPKEYS (bsc#1051510). - supporte.conf: add efivarfs to kernel-default-base (bsc#1154858). - tcp: Do not dequeue SYN/FIN-segments from write-queue (git-gixes). - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR (networking-stable-19_09_15). - tcp: inherit timestamp on mtu probe (networking-stable-19_09_05). - tcp: remove empty skb from write queue in error cases (networking-stable-19_09_05). - thermal: Fix use-after-free when unregistering thermal zone device (bsc#1051510). - thermal_hwmon: Sanitize thermal_zone type (bsc#1051510). - tipc: add NULL pointer check before calling kfree_rcu (networking-stable-19_09_15). - tipc: fix unlimited bundling of small messages (networking-stable-19_10_05). - tracing: Get trace_array reference for available_tracers files (bsc#1156429). - tracing: Initialize iter->seq after zeroing in tracing_read_pipe() (bsc#1151508). - tun: fix use-after-free when register netdev failed (networking-stable-19_09_15). - tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (bsc#1145099). - tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (bsc#1145099). - UAS: Revert commit 3ae62a42090f ('UAS: fix alignment of scatter/gather segments'). - USB: adutux: fix NULL-derefs on disconnect (bsc#1142635). - USB: adutux: fix use-after-free on disconnect (bsc#1142635). - USB: adutux: fix use-after-free on release (bsc#1051510). - USB: chaoskey: fix use-after-free on release (bsc#1051510). - USB: dummy-hcd: fix power budget for SuperSpeed mode (bsc#1051510). - USB: gadget: Reject endpoints with 0 maxpacket value (bsc#1051510). - USB: gadget: udc: atmel: Fix interrupt storm in FIFO mode (bsc#1051510). - USB: handle warm-reset port requests on hub resume (bsc#1051510). - USB: iowarrior: fix use-after-free after driver unbind (bsc#1051510). - USB: iowarrior: fix use-after-free on disconnect (bsc#1051510). - USB: iowarrior: fix use-after-free on release (bsc#1051510). - USBIP: add config dependency for SGL_ALLOC (git-fixes). - USBIP: Fix free of unallocated memory in vhci tx (git-fixes). - USBIP: Fix vhci_urb_enqueue() URB null transfer buffer error path (git-fixes). - USBIP: Implement SG support to vhci-hcd and stub driver (git-fixes). - USB: ldusb: fix control-message timeout (bsc#1051510). - USB: ldusb: fix memleak on disconnect (bsc#1051510). - USB: ldusb: fix NULL-derefs on driver unbind (bsc#1051510). - USB: ldusb: fix read info leaks (bsc#1051510). - USB: ldusb: fix ring-buffer locking (bsc#1051510). - USB: legousbtower: fix a signedness bug in tower_probe() (bsc#1051510). - USB: legousbtower: fix deadlock on disconnect (bsc#1142635). - USB: legousbtower: fix memleak on disconnect (bsc#1051510). - USB: legousbtower: fix open after failed reset request (bsc#1142635). - USB: legousbtower: fix potential NULL-deref on disconnect (bsc#1142635). - USB: legousbtower: fix slab info leak at probe (bsc#1142635). - USB: legousbtower: fix use-after-free on release (bsc#1051510). - USB: microtek: fix info-leak at probe (bsc#1142635). - usbnet: ignore endpoints with invalid wMaxPacketSize (bsc#1051510). - usbnet: sanity checking of packet sizes and device mtu (bsc#1051510). - USB: serial: fix runtime PM after driver unbind (bsc#1051510). - USB: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20 (bsc#1051510). - USB: serial: keyspan: fix NULL-derefs on open() and write() (bsc#1051510). - USB: serial: option: add support for Cinterion CLS8 devices (bsc#1051510). - USB: serial: option: add Telit FN980 compositions (bsc#1051510). - USB: serial: ti_usb_3410_5052: fix port-close races (bsc#1051510). - USB: serial: whiteheat: fix line-speed endianness (bsc#1051510). - USB: serial: whiteheat: fix potential slab corruption (bsc#1051510). - usb-storage: Revert commit 747668dbc061 ('usb-storage: Set virt_boundary_mask to avoid SG overflows') (bsc#1051510). - USB: udc: lpc32xx: fix bad bit shift operation (bsc#1051510). - USB: usblcd: fix I/O after disconnect (bsc#1142635). - USB: usblp: fix runtime PM after driver unbind (bsc#1051510). - USB: usblp: fix use-after-free on disconnect (bsc#1051510). - USB: usb-skeleton: fix NULL-deref on disconnect (bsc#1051510). - USB: usb-skeleton: fix runtime PM after driver unbind (bsc#1051510). - USB: usb-skeleton: fix use-after-free after driver unbind (bsc#1051510). - USB: xhci: wait for CNR controller not ready bit in xhci resume (bsc#1051510). - USB: yurex: Do not retry on unexpected errors (bsc#1051510). - USB: yurex: fix NULL-derefs on disconnect (bsc#1051510). - vfio_pci: Restore original state on release (bsc#1051510). - vhost_net: conditionally enable tx polling (bsc#1145099). - vhost_net: conditionally enable tx polling (bsc#1145099). - video: of: display_timing: Add of_node_put() in of_get_display_timing() (bsc#1051510). - vsock: Fix a lockdep warning in __vsock_release() (networking-stable-19_10_05). - watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout (bsc#1051510). - x86/asm: Fix MWAITX C-state hint value (bsc#1114279). - x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area (bnc#1153969). - x86/boot/64: Round memory hole size up to next PMD page (bnc#1153969). - x86/mm: Use WRITE_ONCE() when setting PTEs (bsc#1114279). - xen/netback: fix error path of xenvif_connect_data() (bsc#1065600). - xen-netfront: do not use ~0U as error return value for xennet_fill_frags() (bsc#1065600). - xen/pv: Fix Xen PV guest int3 handling (bsc#1153811). - xen/xenbus: fix self-deadlock after killing user process (bsc#1065600). - xfrm: fix sa selector validation (bsc#1156609). - xfrm: Fix xfrm sel prefix length validation (git-fixes). - xhci: Check all endpoints for LPM timeout (bsc#1051510). - xhci: Fix false warning message about wrong bounce buffer write length (bsc#1051510). - xhci: Increase STS_SAVE timeout in xhci_suspend() (bsc#1051510). - xhci: Prevent device initiated U1/U2 link pm if exit latency is too long (bsc#1051510). Important SUSE bug 1046299 SUSE bug 1046303 SUSE bug 1046305 SUSE bug 1048942 SUSE bug 1050244 SUSE bug 1050536 SUSE bug 1050545 SUSE bug 1051510 SUSE bug 1055186 SUSE bug 1061840 SUSE bug 1064802 SUSE bug 1065600 SUSE bug 1066129 SUSE bug 1073513 SUSE bug 1082635 SUSE bug 1083647 SUSE bug 1086323 SUSE bug 1087092 SUSE bug 1089644 SUSE bug 1090631 SUSE bug 1091041 SUSE bug 1093205 SUSE bug 1096254 SUSE bug 1097583 SUSE bug 1097584 SUSE bug 1097585 SUSE bug 1097586 SUSE bug 1097587 SUSE bug 1097588 SUSE bug 1098291 SUSE bug 1101674 SUSE bug 1109158 SUSE bug 1114279 SUSE bug 1117665 SUSE bug 1119461 SUSE bug 1119465 SUSE bug 1122363 SUSE bug 1123034 SUSE bug 1123080 SUSE bug 1127155 SUSE bug 1131107 SUSE bug 1133140 SUSE bug 1134303 SUSE bug 1135642 SUSE bug 1135854 SUSE bug 1135873 SUSE bug 1135966 SUSE bug 1135967 SUSE bug 1137040 SUSE bug 1137799 SUSE bug 1137861 SUSE bug 1138190 SUSE bug 1139073 SUSE bug 1140090 SUSE bug 1140729 SUSE bug 1140845 SUSE bug 1140883 SUSE bug 1141600 SUSE bug 1142635 SUSE bug 1142667 SUSE bug 1143706 SUSE bug 1144338 SUSE bug 1144375 SUSE bug 1144449 SUSE bug 1144903 SUSE bug 1145099 SUSE bug 1146612 SUSE bug 1148410 SUSE bug 1149119 SUSE bug 1149448 SUSE bug 1150452 SUSE bug 1150457 SUSE bug 1150465 SUSE bug 1150466 SUSE bug 1150875 SUSE bug 1151225 SUSE bug 1151508 SUSE bug 1151680 SUSE bug 1152497 SUSE bug 1152505 SUSE bug 1152506 SUSE bug 1152624 SUSE bug 1152685 SUSE bug 1152782 SUSE bug 1152788 SUSE bug 1152791 SUSE bug 1153112 SUSE bug 1153158 SUSE bug 1153236 SUSE bug 1153263 SUSE bug 1153476 SUSE bug 1153509 SUSE bug 1153628 SUSE bug 1153646 SUSE bug 1153681 SUSE bug 1153713 SUSE bug 1153717 SUSE bug 1153718 SUSE bug 1153719 SUSE bug 1153811 SUSE bug 1153969 SUSE bug 1154108 SUSE bug 1154124 SUSE bug 1154189 SUSE bug 1154354 SUSE bug 1154372 SUSE bug 1154526 SUSE bug 1154578 SUSE bug 1154607 SUSE bug 1154608 SUSE bug 1154610 SUSE bug 1154611 SUSE bug 1154651 SUSE bug 1154737 SUSE bug 1154747 SUSE bug 1154848 SUSE bug 1154858 SUSE bug 1154905 SUSE bug 1154956 SUSE bug 1154959 SUSE bug 1155021 SUSE bug 1155178 SUSE bug 1155179 SUSE bug 1155184 SUSE bug 1155186 SUSE bug 1155671 SUSE bug 1155692 SUSE bug 1155812 SUSE bug 1155817 SUSE bug 1155836 SUSE bug 1155945 SUSE bug 1155982 SUSE bug 1156187 SUSE bug 1156429 SUSE bug 1156466 SUSE bug 1156494 SUSE bug 1156609 SUSE bug 1156700 SUSE bug 1156729 SUSE bug 1156882 CVE-2018-12207 CVE-2019-0154 CVE-2019-0155 CVE-2019-10220 CVE-2019-11135 CVE-2019-15916 CVE-2019-16231 CVE-2019-16232 CVE-2019-16233 CVE-2019-16234 CVE-2019-16995 CVE-2019-17055 CVE-2019-17056 CVE-2019-17133 CVE-2019-17666 CVE-2019-18805 cpe:/o:suse:suse-linux-enterprise-rt:12:sp4 SUSE Linux Enterprise Real Time 12 SP4 The SUSE Linux Enterprise 12 SP4 RT kernel was updated to 3.12.31 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-8834: KVM on Power8 processors had a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability to run code in kernel space of a guest VM can cause the host kernel to panic (bnc#1168276). - CVE-2020-11494: An issue was discovered in slc_bump in drivers/net/can/slcan.c, which allowed attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL (bnc#1168424). - CVE-2020-10942: In get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls (bnc#1167629). - CVE-2020-8647: Fixed a use-after-free vulnerability in the vc_do_resize function in drivers/tty/vt/vt.c (bnc#1162929). - CVE-2020-8649: Fixed a use-after-free vulnerability in the vgacon_invert_region function in drivers/video/console/vgacon.c (bnc#1162931). - CVE-2020-9383: Fixed an issue in set_fdc in drivers/block/floppy.c, which leads to a wait_til_ready out-of-bounds read (bnc#1165111). - CVE-2019-9458: In the video driver there was a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed (bnc#1168295). - CVE-2019-3701: Fixed an issue in can_can_gw_rcv, which could cause a system crash (bnc#1120386). - CVE-2019-19768: Fixed a use-after-free in the __blk_add_trace function in kernel/trace/blktrace.c (bnc#1159285). - CVE-2019-19770: Fixed a use-after-free in the debugfs_remove function (bsc#1159198). The following non-security bugs were fixed: - ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro (bsc#1051510). - ACPI: watchdog: Fix gas->access_width usage (bsc#1051510). - ALSA: ali5451: remove redundant variable capture_flag (bsc#1051510). - ALSA: core: Replace zero-length array with flexible-array member (bsc#1051510). - ALSA: emu10k1: Fix endianness annotations (bsc#1051510). - ALSA: hda/ca0132 - Replace zero-length array with flexible-array member (bsc#1051510). - ALSA: hda_codec: Replace zero-length array with flexible-array member (bsc#1051510). - ALSA: hda: Fix potential access overflow in beep helper (bsc#1051510). - ALSA: hda/realtek: Fix pop noise on ALC225 (git-fixes). - ALSA: hda/realtek - Set principled PC Beep configuration for ALC256 (bsc#1051510). - ALSA: hda: remove redundant assignment to variable timeout (bsc#1051510). - ALSA: hda: Use scnprintf() for string truncation (bsc#1051510). - ALSA: hdsp: remove redundant assignment to variable err (bsc#1051510). - ALSA: ice1724: Fix invalid access for enumerated ctl items (bsc#1051510). - ALSA: info: remove redundant assignment to variable c (bsc#1051510). - ALSA: korg1212: fix if-statement empty body warnings (bsc#1051510). - ALSA: line6: Fix endless MIDI read loop (git-fixes). - ALSA: pcm: oss: Avoid plugin buffer overflow (git-fixes). - ALSA: pcm: oss: Fix regression by buffer overflow fix (bsc#1051510). - ALSA: pcm: oss: Remove WARNING from snd_pcm_plug_alloc() checks (git-fixes). - ALSA: seq: oss: Fix running status after receiving sysex (git-fixes). - ALSA: seq: virmidi: Fix running status after receiving sysex (git-fixes). - ALSA: usx2y: Adjust indentation in snd_usX2Y_hwdep_dsp_status (bsc#1051510). - ALSA: via82xx: Fix endianness annotations (bsc#1051510). - ASoC: dapm: Correct DAPM handling of active widgets during shutdown (bsc#1051510). - ASoC: Intel: atom: Take the drv->lock mutex before calling sst_send_slot_map() (bsc#1051510). - ASoC: Intel: mrfld: fix incorrect check on p->sink (bsc#1051510). - ASoC: Intel: mrfld: return error codes when an error occurs (bsc#1051510). - ASoC: jz4740-i2s: Fix divider written at incorrect offset in register (bsc#1051510). - ASoC: pcm512x: Fix unbalanced regulator enable call in probe error path (bsc#1051510). - ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output (bsc#1051510). - ASoC: pcm: update FE/BE trigger order based on the command (bsc#1051510). - ASoC: sun8i-codec: Remove unused dev from codec struct (bsc#1051510). - ASoC: topology: Fix memleak in soc_tplg_link_elems_load() (bsc#1051510). - ath9k: Handle txpower changes even when TPC is disabled (bsc#1051510). - atm: zatm: Fix empty body Clang warnings (bsc#1051510). - atomic: Add irqsave variant of atomic_dec_and_lock() (bsc#1166003). - b43legacy: Fix -Wcast-function-type (bsc#1051510). - batman-adv: Avoid spurious warnings from bat_v neigh_cmp implementation (bsc#1051510). - batman-adv: Do not schedule OGM for disabled interface (bsc#1051510). - batman-adv: prevent TT request storms by not sending inconsistent TT TLVLs (bsc#1051510). - blk: Fix kabi due to blk_trace_mutex addition (bsc#1159285). - blk-mq: Allow blocking queue tag iter callbacks (bsc#1167316). - blktrace: fix dereference after null check (bsc#1159285). - blktrace: fix trace mutex deadlock (bsc#1159285). - block: allow gendisk's request_queue registration to be (bsc#1104967,bsc#1159142). - block, bfq: fix use-after-free in bfq_idle_slice_timer_body (bsc#1168760). - block: keep bdi->io_pages in sync with max_sectors_kb for stacked devices (bsc#1168762). - Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl (bsc#1051510). - bnxt_en: Fix TC queue mapping (networking-stable-20_02_05). - bonding/alb: properly access headers in bond_alb_xmit() (networking-stable-20_02_09). - bpf: Explicitly memset some bpf info structures declared on the stack (bsc#1083647). - bpf: Explicitly memset the bpf_attr structure (bsc#1083647). - bpf: fix ldx in ld_abs rewrite for large offsets (bsc#1154385). - bpf: implement ld_abs/ld_ind in native bpf (bsc#1154385). - bpf: make unknown opcode handling more robust (bsc#1154385). - bpf: prefix cbpf internal helpers with bpf_ (bsc#1154385). - bpf, x64: remove ld_abs/ld_ind (bsc#1154385). - bpf, x64: save several bytes by using mov over movabsq when possible (bsc#1154385). - btrfs: Account for trans_block_rsv in may_commit_transaction (bsc#1165949). - btrfs: add a flush step for delayed iputs (bsc#1165949). - btrfs: add assertions for releasing trans handle reservations (bsc#1165949). - btrfs: add btrfs_delete_ref_head helper (bsc#1165949). - btrfs: add enospc debug messages for ticket failure (bsc#1165949). - btrfs: Add enospc_debug printing in metadata_reserve_bytes (bsc#1165949). - btrfs: add new flushing states for the delayed refs rsv (bsc#1165949). - btrfs: add space reservation tracepoint for reserved bytes (bsc#1165949). - btrfs: allow us to use up to 90% of the global rsv for unlink (bsc#1165949). - btrfs: always reserve our entire size for the global reserve (bsc#1165949). - btrfs: assert on non-empty delayed iputs (bsc##1165949). - btrfs: be more explicit about allowed flush states (bsc#1165949). - btrfs: call btrfs_create_pending_block_groups unconditionally (bsc#1165949). - btrfs: catch cow on deleting snapshots (bsc#1165949). - btrfs: change the minimum global reserve size (bsc#1165949). - btrfs: check if there are free block groups for commit (bsc#1165949). - btrfs: clean up error handling in btrfs_truncate() (bsc#1165949). - btrfs: cleanup extent_op handling (bsc#1165949). - btrfs: cleanup root usage by btrfs_get_alloc_profile (bsc#1165949). - btrfs: cleanup the target logic in __btrfs_block_rsv_release (bsc#1165949). - btrfs: clear space cache inode generation always (bsc#1165949). - btrfs: delayed-ref: pass delayed_refs directly to btrfs_delayed_ref_lock (bsc#1165949). - btrfs: do not account global reserve in can_overcommit (bsc#1165949). - btrfs: do not allow reservations if we have pending tickets (bsc#1165949). - btrfs: do not call btrfs_start_delalloc_roots in flushoncommit (bsc#1165949). - btrfs: do not end the transaction for delayed refs in throttle (bsc#1165949). - btrfs: do not enospc all tickets on flush failure (bsc#1165949). - btrfs: do not run delayed_iputs in commit (bsc##1165949). - btrfs: do not run delayed refs in the end transaction logic (bsc#1165949). - btrfs: do not use ctl->free_space for max_extent_size (bsc##1165949). - btrfs: do not use global reserve for chunk allocation (bsc#1165949). - btrfs: drop min_size from evict_refill_and_join (bsc##1165949). - btrfs: drop unused space_info parameter from create_space_info (bsc#1165949). - btrfs: dump block_rsv details when dumping space info (bsc#1165949). - btrfs: export block group accounting helpers (bsc#1165949). - btrfs: export block_rsv_use_bytes (bsc#1165949). - btrfs: export btrfs_block_rsv_add_bytes (bsc#1165949). - btrfs: export __btrfs_block_rsv_release (bsc#1165949). - btrfs: export space_info_add_*_bytes (bsc#1165949). - btrfs: export the block group caching helpers (bsc#1165949). - btrfs: export the caching control helpers (bsc#1165949). - btrfs: export the excluded extents helpers (bsc#1165949). - btrfs: extent-tree: Add lockdep assert when updating space info (bsc#1165949). - btrfs: extent-tree: Add trace events for space info numbers update (bsc#1165949). - btrfs: extent-tree: Detect bytes_may_use underflow earlier (bsc#1165949). - btrfs: extent-tree: Detect bytes_pinned underflow earlier (bsc#1165949). - btrfs: factor out the ticket flush handling (bsc#1165949). - btrfs: fix btrfs_wait_ordered_range() so that it waits for all ordered extents (bsc#1163508). - btrfs: fix insert_reserved error handling (bsc##1165949). - btrfs: fix may_commit_transaction to deal with no partial filling (bsc#1165949). - btrfs: fix missing delayed iputs on unmount (bsc#1165949). - btrfs: fix panic during relocation after ENOSPC before writeback happens (bsc#1163508). - btrfs: fix qgroup double free after failure to reserve metadata for delalloc (bsc#1165949). - btrfs: fix race leading to metadata space leak after task received signal (bsc#1165949). - btrfs: fix truncate throttling (bsc#1165949). - btrfs: force chunk allocation if our global rsv is larger than metadata (bsc#1165949). - btrfs: Improve global reserve stealing logic (bsc#1165949). - btrfs: introduce an evict flushing state (bsc#1165949). - btrfs: introduce delayed_refs_rsv (bsc#1165949). - btrfs: loop in inode_rsv_refill (bsc#1165949). - btrfs: make btrfs_destroy_delayed_refs use btrfs_delayed_ref_lock (bsc#1165949). - btrfs: make btrfs_destroy_delayed_refs use btrfs_delete_ref_head (bsc#1165949). - btrfs: make caching_thread use btrfs_find_next_key (bsc#1165949). - btrfs: migrate btrfs_trans_release_chunk_metadata (bsc#1165949). - btrfs: migrate inc/dec_block_group_ro code (bsc#1165949). - btrfs: migrate nocow and reservation helpers (bsc#1165949). - btrfs: migrate the alloc_profile helpers (bsc#1165949). - btrfs: migrate the block group caching code (bsc#1165949). - btrfs: migrate the block group cleanup code (bsc#1165949). - btrfs: migrate the block group lookup code (bsc#1165949). - btrfs: migrate the block group read/creation code (bsc#1165949). - btrfs: migrate the block group ref counting stuff (bsc#1165949). - btrfs: migrate the block group removal code (bsc#1165949). - btrfs: migrate the block group space accounting helpers (bsc#1165949). - btrfs: migrate the block-rsv code to block-rsv.c (bsc#1165949). - btrfs: migrate the chunk allocation code (bsc#1165949). - btrfs: migrate the delalloc space stuff to it's own home (bsc#1165949). - btrfs: migrate the delayed refs rsv code (bsc#1165949). - btrfs: migrate the dirty bg writeout code (bsc#1165949). - btrfs: migrate the global_block_rsv helpers to block-rsv.c (bsc#1165949). - btrfs: move and export can_overcommit (bsc#1165949). - btrfs: move basic block_group definitions to their own header (bsc#1165949). - btrfs: move btrfs_add_free_space out of a header file (bsc#1165949). - btrfs: move btrfs_block_rsv definitions into it's own header (bsc#1165949). - btrfs: move btrfs_raid_group values to btrfs_raid_attr table (bsc#1165949). - btrfs: move btrfs_space_info_add_*_bytes to space-info.c (bsc#1165949). - btrfs: move dump_space_info to space-info.c (bsc#1165949). - btrfs: move reserve_metadata_bytes and supporting code to space-info.c (bsc#1165949). - btrfs: move space_info to space-info.h (bsc#1165949). - btrfs: move the space_info handling code to space-info.c (bsc#1165949). - btrfs: move the space info update macro to space-info.h (bsc#1165949). - btrfs: move the subvolume reservation stuff out of extent-tree.c (bsc#1165949). - btrfs: only check delayed ref usage in should_end_transaction (bsc#1165949). - btrfs: only check priority tickets for priority flushing (bsc#1165949). - btrfs: only free reserved extent if we didn't insert it (bsc##1165949). - btrfs: only reserve metadata_size for inodes (bsc#1165949). - btrfs: only track ref_heads in delayed_ref_updates (bsc#1165949). - btrfs: Output ENOSPC debug info in inc_block_group_ro (bsc#1165949). - btrfs: pass root to various extent ref mod functions (bsc#1165949). - btrfs: refactor block group replication factor calculation to a helper (bsc#1165949). - btrfs: refactor priority_reclaim_metadata_space (bsc#1165949). - btrfs: refactor the ticket wakeup code (bsc#1165949). - btrfs: release metadata before running delayed refs (bsc##1165949). - btrfs: Remove btrfs_inode::delayed_iput_count (bsc#1165949). - btrfs: Remove fs_info from do_chunk_alloc (bsc#1165949). - btrfs: remove orig_bytes from reserve_ticket (bsc#1165949). - btrfs: Remove redundant argument of flush_space (bsc#1165949). - btrfs: rename btrfs_space_info_add_old_bytes (bsc#1165949). - btrfs: rename do_chunk_alloc to btrfs_chunk_alloc (bsc#1165949). - btrfs: rename the btrfs_calc_*_metadata_size helpers (bsc#1165949). - btrfs: replace cleaner_delayed_iput_mutex with a waitqueue (bsc#1165949). - btrfs: reserve delalloc metadata differently (bsc#1165949). - btrfs: reserve extra space during evict (bsc#1165949). - btrfs: reset max_extent_size on clear in a bitmap (bsc##1165949). - btrfs: reset max_extent_size properly (bsc##1165949). - btrfs: rework btrfs_check_space_for_delayed_refs (bsc#1165949). - btrfs: rework wake_all_tickets (bsc#1165949). - btrfs: roll tracepoint into btrfs_space_info_update helper (bsc#1165949). - btrfs: run btrfs_try_granting_tickets if a priority ticket fails (bsc#1165949). - btrfs: run delayed iput at unlink time (bsc#1165949). - btrfs: run delayed iputs before committing (bsc#1165949). - btrfs: set max_extent_size properly (bsc##1165949). - btrfs: stop partially refilling tickets when releasing space (bsc#1165949). - btrfs: stop using block_rsv_release_bytes everywhere (bsc#1165949). - btrfs: temporarily export btrfs_get_restripe_target (bsc#1165949). - btrfs: temporarily export fragment_free_space (bsc#1165949). - btrfs: temporarily export inc_block_group_ro (bsc#1165949). - btrfs: track DIO bytes in flight (bsc#1165949). - btrfs: unexport can_overcommit (bsc#1165949). - btrfs: unexport the temporary exported functions (bsc#1165949). - btrfs: unify error handling for ticket flushing (bsc#1165949). - btrfs: update may_commit_transaction to use the delayed refs rsv (bsc#1165949). - btrfs: use btrfs_try_granting_tickets in update_global_rsv (bsc#1165949). - btrfs: wait on caching when putting the bg cache (bsc#1165949). - btrfs: wait on ordered extents on abort cleanup (bsc#1165949). - btrfs: wakeup cleaner thread when adding delayed iput (bsc#1165949). - ceph: canonicalize server path in place (bsc#1168443). - ceph: remove the extra slashes in the server path (bsc#1168443). - cfg80211: check reg_rule for NULL in handle_channel_custom() (bsc#1051510). - cfg80211: check wiphy driver existence for drvinfo report (bsc#1051510). - cgroup: memcg: net: do not associate sock with unrelated cgroup (bsc#1167290). - cifs: add a debug macro that prints \\server\share for errors (bsc#1144333). - cifs: add missing mount option to /proc/mounts (bsc#1144333). - cifs: add new debugging macro cifs_server_dbg (bsc#1144333). - cifs: add passthrough for smb2 setinfo (bsc#1144333). - cifs: add SMB2_open() arg to return POSIX data (bsc#1144333). - cifs: add smb2 POSIX info level (bsc#1144333). - cifs: add SMB3 change notification support (bsc#1144333). - cifs: add support for fallocate mode 0 for non-sparse files (bsc#1144333). - cifs: Add support for setting owner info, dos attributes, and create time (bsc#1144333). - cifs: Add tracepoints for errors on flush or fsync (bsc#1144333). - cifs: Adjust indentation in smb2_open_file (bsc#1144333). - cifs: allow chmod to set mode bits using special sid (bsc#1144333). - cifs: Avoid doing network I/O while holding cache lock (bsc#1144333). - cifs: call wake_up(server->response_q) inside of cifs_reconnect() (bsc#1144333). - cifs: Clean up DFS referral cache (bsc#1144333). - cifs: create a helper function to parse the query-directory response buffer (bsc#1144333). - cifs: do d_move in rename (bsc#1144333). - cifs: Do not display RDMA transport on reconnect (bsc#1144333). - cifs: do not ignore the SYNC flags in getattr (bsc#1144333). - cifs: do not leak -EAGAIN for stat() during reconnect (bsc#1144333). - cifs: do not use 'pre:' for MODULE_SOFTDEP (bsc#1144333). - cifs: enable change notification for SMB2.1 dialect (bsc#1144333). - cifs: fail i/o on soft mounts if sessionsetup errors out (bsc#1144333). - cifs: fix a comment for the timeouts when sending echos (bsc#1144333). - cifs: fix a white space issue in cifs_get_inode_info() (bsc#1144333). - cifs: fix dereference on ses before it is null checked (bsc#1144333). - cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1144333). - cifs: fix mode bits from dir listing when mounted with modefromsid (bsc#1144333). - cifs: Fix mode output in debugging statements (bsc#1144333). - cifs: Fix mount options set in automount (bsc#1144333). - cifs: fix NULL dereference in match_prepath (bsc#1144333). - cifs: Fix potential deadlock when updating vol in cifs_reconnect() (bsc#1144333). - cifs: fix potential mismatch of UNC paths (bsc#1144333). - cifs: fix rename() by ensuring source handle opened with DELETE bit (bsc#1144333). - cifs: Fix return value in __update_cache_entry (bsc#1144333). - cifs: fix soft mounts hanging in the reconnect code (bsc#1144333). - cifs: fix soft mounts hanging in the reconnect code (bsc#1144333). - cifs: Fix task struct use-after-free on reconnect (bsc#1144333). - cifs: fix unitialized variable poential problem with network I/O cache lock patch (bsc#1144333). - cifs: get mode bits from special sid on stat (bsc#1144333). - cifs: Get rid of kstrdup_const()'d paths (bsc#1144333). - cifs: handle prefix paths in reconnect (bsc#1144333). - cifs: ignore cached share root handle closing errors (bsc#1166780). - cifs: Introduce helpers for finding TCP connection (bsc#1144333). - cifs: log warning message (once) if out of disk space (bsc#1144333). - cifs: make sure we do not overflow the max EA buffer size (bsc#1144333). - cifs: make use of cap_unix(ses) in cifs_reconnect_tcon() (bsc#1144333). - cifs: Merge is_path_valid() into get_normalized_path() (bsc#1144333). - cifs: modefromsid: make room for 4 ACE (bsc#1144333). - cifs: modefromsid: write mode ACE first (bsc#1144333). - cifs: Optimize readdir on reparse points (bsc#1144333). - cifs: plumb smb2 POSIX dir enumeration (bsc#1144333). - cifs: potential unintitliazed error code in cifs_getattr() (bsc#1144333). - cifs: prepare SMB2_query_directory to be used with compounding (bsc#1144333). - cifs: print warning once if mounting with vers=1.0 (bsc#1144333). - cifs: refactor cifs_get_inode_info() (bsc#1144333). - cifs: remove redundant assignment to pointer pneg_ctxt (bsc#1144333). - cifs: remove redundant assignment to variable rc (bsc#1144333). - cifs: remove set but not used variables (bsc#1144333). - cifs: remove set but not used variable 'server' (bsc#1144333). - cifs: remove unused variable (bsc#1144333). - cifs: remove unused variable 'sid_user' (bsc#1144333). - cifs: rename a variable in SendReceive() (bsc#1144333). - cifs: rename posix create rsp (bsc#1144333). - cifs: replace various strncpy with strscpy and similar (bsc#1144333). - cifs: Return directly after a failed build_path_from_dentry() in cifs_do_create() (bsc#1144333). - cifs: set correct max-buffer-size for smb2_ioctl_init() (bsc#1144333). - cifs: smbd: Add messages on RDMA session destroy and reconnection (bsc#1144333). - cifs: smbd: Invalidate and deregister memory registration on re-send for direct I/O (bsc#1144333). - cifs: smbd: Only queue work for error recovery on memory registration (bsc#1144333). - cifs: smbd: Return -EAGAIN when transport is reconnecting (bsc#1144333). - cifs: smbd: Return -ECONNABORTED when trasnport is not in connected state (bsc#1144333). - cifs: smbd: Return -EINVAL when the number of iovs exceeds SMBDIRECT_MAX_SGE (bsc#1144333). - cifs: Use common error handling code in smb2_ioctl_query_info() (bsc#1144333). - cifs: use compounding for open and first query-dir for readdir() (bsc#1144333). - cifs: Use #define in cifs_dbg (bsc#1144333). - cifs: Use memdup_user() rather than duplicating its implementation (bsc#1144333). - cifs: use mod_delayed_work() for server->reconnect if already queued (bsc#1144333). - cifs: use PTR_ERR_OR_ZERO() to simplify code (bsc#1144333). - clk: qcom: rcg: Return failure for RCG update (bsc#1051510). - cls_rsvp: fix rsvp_policy (networking-stable-20_02_05). - configfs: Fix bool initialization/comparison (bsc#1051510). - cpufreq: powernv: Fix unsafe notifiers (bsc#1065729). - cpufreq: powernv: Fix use-after-free (bsc#1065729). - cpufreq: Register drivers only after CPU devices have been registered (bsc#1051510). - cpuidle: Do not unset the driver if it is there already (bsc#1051510). - crypto: arm64/sha-ce - implement export/import (bsc#1051510). - crypto: mxs-dcp - fix scatterlist linearization for hash (bsc#1051510). - crypto: pcrypt - Fix user-after-free on module unload (git-fixes). - crypto: tcrypt - fix printed skcipher [a]sync mode (bsc#1051510). - debugfs: add support for more elaborate ->d_fsdata (bsc#1159198 bsc#1109911). - debugfs: call debugfs_real_fops() only after debugfs_file_get() (bsc#1159198 bsc#1109911). - debugfs: convert to debugfs_file_get() and -put() (bsc#1159198 bsc#1109911). - debugfs: debugfs_real_fops(): drop __must_hold sparse annotation (bsc#1159198 bsc#1109911). - debugfs: debugfs_use_start/finish do not exist anymore (bsc#1159198). - debugfs: defer debugfs_fsdata allocation to first usage (bsc#1159198 bsc#1109911). - debugfs: fix debugfs_real_fops() build error (bsc#1159198 bsc#1109911). - debugfs: implement per-file removal protection (bsc#1159198 bsc#1109911). - debugfs: purge obsolete SRCU based removal protection (bsc#1159198 bsc#1109911). - debugfs: simplify __debugfs_remove_file() (bsc#1159198). - Delete patches which cause regression (bsc#1165527 ltc#184149). - Deprecate NR_UNSTABLE_NFS, use NR_WRITEBACK (bsc#1163403). - device: Use overflow helpers for devm_kmalloc() (bsc#1166003). - dmaengine: coh901318: Fix a double lock bug in dma_tc_handle() (bsc#1051510). - dmaengine: ste_dma40: fix unneeded variable warning (bsc#1051510). - dm: fix incomplete request_queue initialization (bsc#1104967,bsc#1159142). - driver core: platform: fix u32 greater or equal to zero comparison (bsc#1051510). - driver core: platform: Prevent resouce overflow from causing infinite loops (bsc#1051510). - driver core: Print device when resources present in really_probe() (bsc#1051510). - drivers/md/raid5.c: use the new spelling of RWH_WRITE_LIFE_NOT_SET (bsc#1166003). - drivers/md/raid5: Do not disable irq on release_inactive_stripe_list() call (bsc#1166003). - drivers/md/raid5-ppl.c: use the new spelling of RWH_WRITE_LIFE_NOT_SET (bsc#1166003). - drivers/md/raid5: Use irqsave variant of atomic_dec_and_lock() (bsc#1166003). - drm/amd/display: remove duplicated assignment to grph_obj_type (bsc#1051510). - drm/amdkfd: fix a use after free race with mmu_notifer unregister (bsc#1114279) - drm: atmel-hlcdc: enable clock before configuring timing engine (bsc#1114279) - drm/bochs: downgrade pci_request_region failure from error to warning (bsc#1051510). - drm/bridge: dw-hdmi: fix AVI frame colorimetry (bsc#1051510). - drm_dp_mst_topology: fix broken drm_dp_sideband_parse_remote_dpcd_read() (bsc#1051510). - drm/drm_dp_mst:remove set but not used variable 'origlen' (bsc#1051510). - drm/etnaviv: fix dumping of iommuv2 (bsc#1114279) - drm/gma500: Fixup fbdev stolen size usage evaluation (bsc#1051510). - drm/i915/gvt: Separate display reset from ALL_ENGINES reset (bsc#1114279) - drm/i915/selftests: Fix return in assert_mmap_offset() (bsc#1114279) - drm/i915/userptr: fix size calculation (bsc#1114279) - drm/i915/userptr: Try to acquire the page lock around (bsc#1114279) - drm/i915: Wean off drm_pci_alloc/drm_pci_free (bsc#1114279) - drm/mediatek: Add gamma property according to hardware capability (bsc#1114279) - drm/mediatek: disable all the planes in atomic_disable (bsc#1114279) - drm/mediatek: handle events when enabling/disabling crtc (bsc#1051510). - drm/mipi_dbi: Fix off-by-one bugs in mipi_dbi_blank() (bsc#1114279) - drm: msm: mdp4: Adjust indentation in mdp4_dsi_encoder_enable (bsc#1114279) - drm/msm: Set dma maximum segment size for mdss (bsc#1051510). - drm/msm: stop abusing dma_map/unmap for cache (bsc#1051510). - drm/msm: Use the correct dma_sync calls harder (bsc#1051510). - drm/msm: Use the correct dma_sync calls in msm_gem (bsc#1051510). - drm/nouveau/disp/nv50-: prevent oops when no channel method map provided (bsc#1051510). - drm/nouveau/gr/gk20a,gm200-: add terminators to method lists read from fw (bsc#1051510). - drm: rcar-du: Recognize 'renesas,vsps' in addition to 'vsps' (bsc#1114279) - drm: remove the newline for CRC source name (bsc#1051510). - dt-bindings: allow up to four clocks for orion-mdio (bsc#1051510). - EDAC/mc: Fix use-after-free and memleaks during device removal (bsc#1114279). - efi: Fix a race and a buffer overflow while reading efivars via sysfs (bsc#1164893). - ethtool: Factored out similar ethtool link settings for virtual devices to core (bsc#1136157 ltc#177197). - ext4: add cond_resched() to __ext4_find_entry() (bsc#1166862). - ext4: Avoid ENOSPC when avoiding to reuse recently deleted inodes (bsc#1165019). - ext4: Check for non-zero journal inum in ext4_calculate_overhead (bsc#1167288). - ext4: do not assume that mmp_nodename/bdevname have NUL (bsc#1166860). - ext4: fix a data race in EXT4_I(inode)->i_disksize (bsc#1166861). - ext4: fix incorrect group count in ext4_fill_super error message (bsc#1168765). - ext4: fix incorrect inodes per group in error message (bsc#1168764). - ext4: fix potential race between online resizing and write operations (bsc#1166864). - ext4: fix potential race between s_flex_groups online resizing and access (bsc#1166867). - ext4: fix potential race between s_group_info online resizing and access (bsc#1166866). - ext4: fix race between writepages and enabling EXT4_EXTENTS_FL (bsc#1166870). - ext4: fix support for inode sizes > 1024 bytes (bsc#1164284). - ext4: potential crash on allocation error in ext4_alloc_flex_bg_array() (bsc#1166940). - ext4: rename s_journal_flag_rwsem to s_writepages_rwsem (bsc#1166868). - ext4: validate the debug_want_extra_isize mount option at parse time (bsc#1163897). - fat: fix uninit-memory access for partial initialized inode (bsc#1051510). - fat: work around race with userspace's read via blockdev while mounting (bsc#1051510). - fbdev/g364fb: Fix build failure (bsc#1051510). - fcntl: fix typo in RWH_WRITE_LIFE_NOT_SET r/w hint name (bsc#1166003). - fix memory leak in large read decrypt offload (bsc#1144333). - fs/cifs/cifssmb.c: use true,false for bool variable (bsc#1144333). - fs: cifs: cifsssmb: remove redundant assignment to variable ret (bsc#1144333). - fs: cifs: Initialize filesystem timestamp ranges (bsc#1144333). - fs: cifs: mute -Wunused-const-variable message (bsc#1144333). - fs/cifs/sess.c: Remove set but not used variable 'capabilities' (bsc#1144333). - fs/cifs/smb2ops.c: use true,false for bool variable (bsc#1144333). - fs/cifs/smb2pdu.c: Make SMB2_notify_init static (bsc#1144333). - fs/xfs: fix f_ffree value for statfs when project quota is set (bsc#1165985). - ftrace/kprobe: Show the maxactive number on kprobe_events (git-fixes). - gtp: make sure only SOCK_DGRAM UDP sockets are accepted (networking-stable-20_01_27). - gtp: use __GFP_NOWARN to avoid memalloc warning (networking-stable-20_02_05). - HID: apple: Add support for recent firmware on Magic Keyboards (bsc#1051510). - HID: core: fix off-by-one memset in hid_report_raw_event() (bsc#1051510). - HID: hiddev: Fix race in in hiddev_disconnect() (git-fixes). - hv_netvsc: Fix memory leak when removing rndis device (networking-stable-20_01_20). - hv_netvsc: pass netvsc_device to rndis halt - hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT() (bsc#1051510). - i2c: hix5hd2: add missed clk_disable_unprepare in remove (bsc#1051510). - i2c: jz4780: silence log flood on txabrt (bsc#1051510). - IB/hfi1: Close window for pq and request coliding (bsc#1060463 ). - IB/hfi1: convert to debugfs_file_get() and -put() (bsc#1159198 bsc#1109911). - ibmvfc: Fix NULL return compiler warning (bsc#1161951 ltc#183551). - ibmvnic: Do not process device remove during device reset (bsc#1065729). - ibmvnic: Warn unknown speed message only when carrier is present (bsc#1065729). - iio: gyro: adis16136: check ret val for non-zero vs less-than-zero (bsc#1051510). - iio: imu: adis16400: check ret val for non-zero vs less-than-zero (bsc#1051510). - iio: imu: adis: check ret val for non-zero vs less-than-zero (bsc#1051510). - iio: magnetometer: ak8974: Fix negative raw values in sysfs (bsc#1051510). - iio: potentiostat: lmp9100: fix iio_triggered_buffer_{predisable,postenable} positions (bsc#1051510). - Input: add safety guards to input_set_keycode() (bsc#1168075). - Input: avoid BIT() macro usage in the serio.h UAPI header (bsc#1051510). - Input: edt-ft5x06 - work around first register access error (bsc#1051510). - Input: raydium_i2c_ts - fix error codes in raydium_i2c_boot_trigger() (bsc#1051510). - Input: synaptics - enable RMI on HP Envy 13-ad105ng (bsc#1051510). - Input: synaptics - enable SMBus on ThinkPad L470 (bsc#1051510). - Input: synaptics - remove the LEN0049 dmi id from topbuttonpad list (bsc#1051510). - Input: synaptics - switch T470s to RMI4 by default (bsc#1051510). - intel_th: Fix user-visible error codes (bsc#1051510). - intel_th: pci: Add Elkhart Lake CPU support (bsc#1051510). - iommu/amd: Check feature support bit before accessing MSI capability registers (bsc#1166101). - iommu/amd: Fix the configuration of GCR3 table root pointer (bsc#1169057). - iommu/amd: Only support x2APIC with IVHD type 11h/40h (bsc#1166102). - iommu/dma: Fix MSI reservation allocation (bsc#1166730). - iommu/vt-d: dmar: replace WARN_TAINT with pr_warn + add_taint (bsc#1166731). - iommu/vt-d: Fix a bug in intel_iommu_iova_to_phys() for huge page (bsc#1166732). - iommu/vt-d: Fix compile warning from intel-svm.h (bsc#1166103). - iommu/vt-d: Fix the wrong printing in RHSA parsing (bsc#1166733). - iommu/vt-d: Ignore devices with out-of-spec domain number (bsc#1166734). - iommu/vt-d: quirk_ioat_snb_local_iommu: replace WARN_TAINT with pr_warn + add_taint (bsc#1166735). - ipmi:ssif: Handle a possible NULL pointer reference (bsc#1051510). - ipv4: ensure rcu_read_lock() in cipso_v4_error() (git-fixes). - ipvlan: do not add hardware address of master to its unicast filter list (bsc#1137325). - irqchip/bcm2835: Quiesce IRQs left enabled by bootloader (bsc#1051510). - irqdomain: Fix a memory leak in irq_domain_push_irq() (bsc#1051510). - iwlegacy: Fix -Wcast-function-type (bsc#1051510). - iwlwifi: mvm: Do not require PHY_SKU NVM section for 3168 devices (bsc#1166632). - iwlwifi: mvm: Fix thermal zone registration (bsc#1051510). - kABI: fixes for debugfs per-file removal protection backports (bsc#1159198 bsc#1109911). - kABI: invoke bpf_gen_ld_abs() directly (bsc#1158552). - kABI: restore debugfs_remove_recursive() (bsc#1159198). - kernel/module.c: Only return -EEXIST for modules that have finished loading (bsc#1165488). - kernel/module.c: wakeup processes in module_wq on module unload (bsc#1165488). - KVM: arm64: Store vcpu on the stack during __guest_enter() (bsc#1133021). - KVM: s390: do not clobber registers during guest reset/store status (bsc#1133021). - KVM: s390: ENOTSUPP -> EOPNOTSUPP fixups (bsc#1133021). - KVM: VMX: check descriptor table exits on instruction emulation (bsc#1166104). - l2tp: Allow duplicate session creation with UDP (networking-stable-20_02_05). - lcoking/rwsem: Add missing ACQUIRE to read_slowpath sleep loop (bsc#1050549). - libfs: fix infoleak in simple_attr_read() (bsc#1168881). - lib/raid6: add missing include for raid6test (bsc#1166003). - lib/raid6: add option to skip algo benchmarking (bsc#1166003). - lib/raid6/altivec: Add vpermxor implementation for raid6 Q syndrome (bsc#1166003). - lib/raid6: avoid __attribute_const__ redefinition (bsc#1166003). - locking/rwsem: Prevent decrement of reader count before increment (bsc#1050549). - mac80211: consider more elements in parsing CRC (bsc#1051510). - mac80211: Do not send mesh HWMP PREQ if HWMP is disabled (bsc#1051510). - mac80211: free peer keys before vif down in mesh (bsc#1051510). - mac80211: mesh: fix RCU warning (bsc#1051510). - mac80211: only warn once on chanctx_conf being NULL (bsc#1051510). - mac80211: rx: avoid RCU list traversal under mutex (bsc#1051510). - macsec: add missing attribute validation for port (bsc#1051510). - macsec: fix refcnt leak in module exit routine (bsc#1051510). - md: add __acquires/__releases annotations to handle_active_stripes (bsc#1166003). - md: add __acquires/__releases annotations to (un)lock_two_stripes (bsc#1166003). - md: add a missing endianness conversion in check_sb_changes (bsc#1166003). - md: add bitmap_abort label in md_run (bsc#1166003). - md: add feature flag MD_FEATURE_RAID0_LAYOUT (bsc#1166003). - md: allow last device to be forcibly removed from RAID1/RAID10 (bsc#1166003). - md: avoid invalid memory access for array sb->dev_roles (bsc#1166003). - md/bitmap: avoid race window between md_bitmap_resize and bitmap_file_clear_bit (bsc#1166003). - md-bitmap: create and destroy wb_info_pool with the change of backlog (bsc#1166003). - md-bitmap: create and destroy wb_info_pool with the change of bitmap (bsc#1166003). - md-bitmap: small cleanups (bsc#1166003). - md/bitmap: use mddev_suspend/resume instead of ->quiesce() (bsc#1166003). - md-cluster/bitmap: do not call md_bitmap_sync_with_cluster during reshaping stage (bsc#1166003). - md-cluster: introduce resync_info_get interface for sanity check (bsc#1166003). - md-cluster/raid10: call update_size in md_reap_sync_thread (bsc#1166003). - md-cluster/raid10: do not call remove_and_add_spares during reshaping stage (bsc#1166003). - md-cluster/raid10: resize all the bitmaps before start reshape (bsc#1166003). - md-cluster/raid10: support add disk under grow mode (bsc#1166003). - md-cluster: remove suspend_info (bsc#1166003). - md-cluster: send BITMAP_NEEDS_SYNC message if reshaping is interrupted (bsc#1166003). - md: convert to kvmalloc (bsc#1166003). - md: do not call spare_active in md_reap_sync_thread if all member devices can't work (bsc#1166003). - md: do not set In_sync if array is frozen (bsc#1166003). - md: fix an error code format and remove unsed bio_sector (bsc#1166003). - md: fix a typo s/creat/create (bsc#1166003). - md: fix for divide error in status_resync (bsc#1166003). - md: fix spelling typo and add necessary space (bsc#1166003). - md: introduce mddev_create/destroy_wb_pool for the change of member device (bsc#1166003). - md: introduce new personality funciton start() (bsc#1166003). - md-linear: use struct_size() in kzalloc() (bsc#1166003). - md: Make bio_alloc_mddev use bio_alloc_bioset (bsc#1166003). - md: make sure desc_nr less than MD_SB_DISKS (bsc#1166003). - md: md.c: Return -ENODEV when mddev is NULL in rdev_attr_show (bsc#1166003). - md: no longer compare spare disk superblock events in super_load (bsc#1166003). - md/r5cache: remove redundant pointer bio (bsc#1166003). - md/raid0: Fix an error message in raid0_make_request() (bsc#1166003). - md/raid0/linear: Mark array as 'broken' and fail BIOs if a member is gone (bsc#1166003). - md/raid10: end bio when the device faulty (bsc#1166003). - md/raid10: Fix raid10 replace hang when new added disk faulty (bsc#1166003). - md/raid10: prevent access of uninitialized resync_pages offset (bsc#1166003). - md/raid10: read balance chooses idlest disk for SSD (bsc#1166003). - md/raid10: Use struct_size() in kmalloc() (bsc#1166003). - md/raid1: avoid soft lockup under high load (bsc#1166003). - md/raid1: check rdev before reference in raid1_sync_request func (bsc#1166003). - md/raid1: end bio when the device faulty (bsc#1166003). - md/raid1: fail run raid1 array when active disk less than one (bsc#1166003). - md/raid1: Fix a warning message in remove_wb() (bsc#1166003). - md/raid1: fix potential data inconsistency issue with write behind device (bsc#1166003). - md/raid1: get rid of extra blank line and space (bsc#1166003). - md/raid5: Assigning NULL to sh->batch_head before testing bit R5_Overlap of a stripe (bsc#1166003). - md/raid5: use bio_end_sector to calculate last_sector (bsc#1166003). - md/raid6: fix algorithm choice under larger PAGE_SIZE (bsc#1166003). - md/raid6: implement recovery using ARM NEON intrinsics (bsc#1166003). - md: remove a bogus comment (bsc#1166003). - md: remove redundant code that is no longer reachable (bsc#1166003). - md: remove set but not used variable 'bi_rdev' (bsc#1166003). - md: rename wb stuffs (bsc#1166003). - md: return -ENODEV if rdev has no mddev assigned (bsc#1166003). - md: use correct type in super_1_load (bsc#1166003). - md: use correct type in super_1_sync (bsc#1166003). - md: use correct types in md_bitmap_print_sb (bsc#1166003). - media: dib0700: fix rc endpoint lookup (bsc#1051510). - media: flexcop-usb: fix endpoint sanity check (git-fixes). - media: go7007: Fix URB type for interrupt handling (bsc#1051510). - media: ov519: add missing endpoint sanity checks (bsc#1168829). - media: ov6650: Fix .get_fmt() V4L2_SUBDEV_FORMAT_TRY support (bsc#1051510). - media: ov6650: Fix some format attributes not under control (bsc#1051510). - media: ov6650: Fix stored crop rectangle not in sync with hardware (bsc#1051510). - media: ov6650: Fix stored frame format not in sync with hardware (bsc#1051510). - media: stv06xx: add missing descriptor sanity checks (bsc#1168854). - media: tda10071: fix unsigned sign extension overflow (bsc#1051510). - media: usbtv: fix control-message timeouts (bsc#1051510). - media: uvcvideo: Refactor teardown of uvc on USB disconnect (bsc#1164507). - media: v4l2-core: fix entity initialization in device_register_subdev (bsc#1051510). - media: vsp1: tidyup VI6_HGT_LBn_H() macro (bsc#1051510). - media: xirlink_cit: add missing descriptor sanity checks (bsc#1051510). - mfd: dln2: Fix sanity checking for endpoints (bsc#1051510). - misc: pci_endpoint_test: Fix to support > 10 pci-endpoint-test devices (bsc#1051510). - mmc: sdhci-of-at91: fix cd-gpios for SAMA5D2 (bsc#1051510). - mm/filemap.c: do not initiate writeback if mapping has no dirty pages (bsc#1168884). - mm/memory_hotplug.c: only respect mem= parameter during boot stage (bsc#1065600). - mm: replace PF_LESS_THROTTLE with PF_LOCAL_THROTTLE (bsc#1163403). - mm: Use overflow helpers in kvmalloc() (bsc#1166003). - mwifiex: set needed_headroom, not hard_header_len (bsc#1051510). - net: core: another layer of lists, around PF_MEMALLOC skb handling (bsc#1050549). - net: cxgb3_main: Add CAP_NET_ADMIN check to CHELSIO_GET_MEM (networking-stable-20_01_27). - net: dsa: mv88e6xxx: Preserve priority when setting CPU port (networking-stable-20_01_11). - net: dsa: tag_qca: fix doubled Tx statistics (networking-stable-20_01_20). - net: dsa: tag_qca: Make sure there is headroom for tag (networking-stable-20_02_19). - net: ena: Add PCI shutdown handler to allow safe kexec (bsc#1167421, bsc#1167423). - net/ethtool: Introduce link_ksettings API for virtual network devices (bsc#1136157 ltc#177197). - net: hns: fix soft lockup when there is not enough memory (networking-stable-20_01_20). - net: hsr: fix possible NULL deref in hsr_handle_frame() (networking-stable-20_02_05). - net: ip6_gre: fix moving ip6gre between namespaces (networking-stable-20_01_27). - net, ip6_tunnel: fix namespaces move (networking-stable-20_01_27). - net, ip_tunnel: fix namespaces move (networking-stable-20_01_27). - net: macb: Limit maximum GEM TX length in TSO (networking-stable-20_02_09). - net: macb: Remove unnecessary alignment check for TSO (networking-stable-20_02_09). - net/mlxfw: Verify FSM error code translation does not exceed array size (bsc#1051858). - net: mvneta: move rx_dropped and rx_errors in per-cpu stats (networking-stable-20_02_09). - net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL (bsc#1051510). - net: nfc: fix bounds checking bugs on 'pipe' (bsc#1051510). - net: phy: micrel: kszphy_resume(): add delay after genphy_resume() before accessing PHY registers (bsc#1051510). - net: rtnetlink: validate IFLA_MTU attribute in rtnl_create_link() (networking-stable-20_01_27). - net/sched: ematch: reject invalid TCF_EM_SIMPLE (networking-stable-20_01_30). - net/sched: fix an OOB access in cls_tcindex (networking-stable-20_02_05). - net/sched: fix a resource leak in tcindex_set_parms() (networking-stable-20_02_09). - net/sched: fix datalen for ematch (networking-stable-20_01_27). - net/sched: keep alloc_hash updated after hash allocation (git-fixes). - net/sched: flower: add missing validation of TCA_FLOWER_FLAGS (networking-stable-20_02_19). - net/sched: matchall: add missing validation of TCA_MATCHALL_FLAGS (networking-stable-20_02_19). - net: sch_prio: When ungrafting, replace with FIFO (networking-stable-20_01_11). - net/smc: fix leak of kernel memory to user space (networking-stable-20_02_19). - net: stmmac: Delete txtimer in suspend() (networking-stable-20_02_05). - net: stmmac: dwmac-sunxi: Allow all RGMII modes (networking-stable-20_01_11). - net-sysfs: Fix reference count leak (networking-stable-20_01_27). - net: systemport: Avoid RBUF stuck in Wake-on-LAN mode (networking-stable-20_02_09). - net: usb: lan78xx: Add .ndo_features_check (networking-stable-20_01_27). - net: usb: lan78xx: fix possible skb leak (networking-stable-20_01_11). - net/wan/fsl_ucc_hdlc: fix out of bounds write on array utdm_info (networking-stable-20_01_20). - NFC: fdp: Fix a signedness bug in fdp_nci_send_patch() (bsc#1051510). - NFC: pn544: Fix a typo in a debug message (bsc#1051510). - NFC: port100: Convert cpu_to_le16(le16_to_cpu(E1) + E2) to use le16_add_cpu() (bsc#1051510). - NFS: send state management on a single connection (bsc#1167005). - nvme-multipath: fix possible I/O hang when paths are updated (bsc#1158983). - orinoco: avoid assertion in case of NULL pointer (bsc#1051510). - padata: always acquire cpu_hotplug_lock before pinst->lock (git-fixes). - partitions/efi: Fix partition name parsing in GUID partition entry (bsc#1168763). - PCI/ASPM: Clear the correct bits when enabling L1 substates (bsc#1051510). - PCI: endpoint: Fix clearing start entry in configfs (bsc#1051510). - PCI: pciehp: Fix MSI interrupt race (bsc#1159037). - PCI/switchtec: Fix init_completion race condition with poll_wait() (bsc#1051510). - perf/amd/uncore: Replace manual sampling check with CAP_NO_INTERRUPT flag (bsc#1114279). - perf: qcom_l2: fix column exclusion check (git-fixes). - pinctrl: baytrail: Do not clear IRQ flags on direct-irq enabled pins (bsc#1051510). - pinctrl: core: Remove extra kref_get which blocks hogs being freed (bsc#1051510). - pinctrl: sh-pfc: sh7264: Fix CAN function GPIOs (bsc#1051510). - pinctrl: sh-pfc: sh7269: Fix CAN function GPIOs (bsc#1051510). - pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM (networking-stable-20_01_11). - platform/x86: pmc_atom: Add Lex 2I385SW to critclk_systems DMI table (bsc#1051510). - PM: core: Fix handling of devices deleted during system-wide resume (git-fixes). - powerpc/64: mark start_here_multiplatform as __ref (bsc#1148868). - powerpc/64s: Fix section mismatch warnings from boot code (bsc#1148868). - powerpc/64/tm: Do not let userspace set regs->trap via sigreturn (bsc#1118338 ltc#173734). - powerpc: fix hardware PMU exception bug on PowerVM compatibility mode systems (bsc#1056686). - powerpc/hash64/devmap: Use H_PAGE_THP_HUGE when setting up huge devmap PTE entries (bsc#1065729). - powerpc/kprobes: Ignore traps that happened in real mode (bsc#1065729). - powerpc/mm: Fix section mismatch warning in stop_machine_change_mapping() (bsc#1148868). - powerpc/pseries: Avoid NULL pointer dereference when drmem is unavailable (bsc#1160659). - powerpc/pseries: group lmb operation and memblock's (bsc#1165404 ltc#183498). - powerpc/pseries/memory-hotplug: Only update DT once per memory DLPAR request (bsc#1165404 ltc#183498). - powerpc/pseries: update device tree before ejecting hotplug uevents (bsc#1165404 ltc#183498). - powerpc/smp: Use nid as fallback for package_id (bsc#1165813 ltc#184091). - powerpc/vmlinux.lds: Explicitly retain .gnu.hash (bsc#1148868). - powerpc/xive: Replace msleep(x) with msleep(OPAL_BUSY_DELAY_MS) (bsc#1085030). - powerpc/xive: Use XIVE_BAD_IRQ instead of zero to catch non configured IPIs (bsc#1085030). - pwm: bcm2835: Dynamically allocate base (bsc#1051510). - pwm: meson: Fix confusing indentation (bsc#1051510). - pwm: pca9685: Fix PWM/GPIO inter-operation (bsc#1051510). - pwm: rcar: Fix late Runtime PM enablement (bsc#1051510). - pwm: renesas-tpu: Fix late Runtime PM enablement (bsc#1051510). - pxa168fb: fix release function mismatch in probe failure (bsc#1051510). - qmi_wwan: re-add DW5821e pre-production variant (bsc#1051510). - qmi_wwan: unconditionally reject 2 ep interfaces (bsc#1051510). - raid10: refactor common wait code from regular read/write request (bsc#1166003). - raid1: factor out a common routine to handle the completion of sync write (bsc#1166003). - raid1: simplify raid1_error function (bsc#1166003). - raid1: use an int as the return value of raise_barrier() (bsc#1166003). - raid5: block failing device if raid will be failed (bsc#1166003). - raid5-cache: Need to do start() part job after adding journal device (bsc#1166003). - raid5: copy write hint from origin bio to stripe (bsc#1166003). - raid5: do not increment read_errors on EILSEQ return (bsc#1166003). - raid5: do not set STRIPE_HANDLE to stripe which is in batch list (bsc#1166003). - raid5 improve too many read errors msg by adding limits (bsc#1166003). - raid5: need to set STRIPE_HANDLE for batch head (bsc#1166003). - raid5: remove STRIPE_OPS_REQ_PENDING (bsc#1166003). - raid5: remove worker_cnt_per_group argument from alloc_thread_groups (bsc#1166003). - raid5: set write hint for PPL (bsc#1166003). - raid5: use bio_end_sector in r5_next_bio (bsc#1166003). - raid6/test: fix a compilation error (bsc#1166003). - raid6/test: fix a compilation warning (bsc#1166003). - remoteproc: Initialize rproc_class before use (bsc#1051510). - rtlwifi: rtl8192de: Fix missing callback that tests for hw release of buffer (git-fixes). - rtlwifi: rtl_pci: Fix -Wcast-function-type (bsc#1051510). - rxrpc: Fix insufficient receive notification generation (networking-stable-20_02_05). - s390/mm: fix dynamic pagetable upgrade for hugetlbfs (bsc#1165182 LTC#184102). - scsi: core: avoid repetitive logging of device offline messages (bsc#1145929). - scsi: core: kABI fix offline_already (bsc#1145929). - scsi: fnic: do not queue commands during fwreset (bsc#1146539). - scsi: ibmvfc: Add failed PRLI to cmd_status lookup array (bsc#1161951 ltc#183551). - scsi: ibmvfc: Avoid loss of all paths during SVC node reboot (bsc#1161951 ltc#183551). - scsi: ibmvfc: Byte swap status and error codes when logging (bsc#1161951 ltc#183551). - scsi: ibmvfc: Clean up transport events (bsc#1161951 ltc#183551). - scsi: ibmvfc: constify dev_pm_ops structures (bsc#1161951 ltc#183551). - scsi: ibmvfc: Do not call fc_block_scsi_eh() on host reset (bsc#1161951 ltc#183551). - scsi: ibmvfc: Fix NULL return compiler warning (bsc#1161951 ltc#183551). Refresh sorted patches. - scsi: ibmvfc: ibmvscsi: ibmvscsi_tgt: constify vio_device_id (bsc#1161951 ltc#183551). - scsi: ibmvfc: Mark expected switch fall-throughs (bsc#1161951 ltc#183551). - scsi: ibmvfc: Remove 'failed' from logged errors (bsc#1161951 ltc#183551). - scsi: ibmvfc: Remove unneeded semicolons (bsc#1161951 ltc#183551). - scsi: ibmvscsi: change strncpy+truncation to strlcpy (bsc#1161951 ltc#183551). - scsi: ibmvscsi: constify dev_pm_ops structures (bsc#1161951 ltc#183551). - scsi: ibmvscsi: Do not use rc uninitialized in ibmvscsi_do_work (bsc#1161951 ltc#183551). - scsi: ibmvscsi: fix tripping of blk_mq_run_hw_queue WARN_ON (bsc#1161951 ltc#183551). - scsi: ibmvscsi: redo driver work thread to use enum action states (bsc#1161951 ltc#183551). - scsi: ibmvscsi: Wire up host_reset() in the driver's scsi_host_template (bsc#1161951 ltc#183551). - scsi: qla2xxx: Add 16.0GT for PCI String (bsc#1157424). - scsi: qla2xxx: Add beacon LED config sysfs interface (bsc#1157424). - scsi: qla2xxx: Add changes in preparation for vendor extended FDMI/RDP (bsc#1157424). - scsi: qla2xxx: Add deferred queue for processing ABTS and RDP (bsc#1157424). - scsi: qla2xxx: Add endianizer macro calls to fc host stats (bsc#1157424). - scsi: qla2xxx: Add fixes for mailbox command (bsc#1157424). - scsi: qla2xxx: add more FW debug information (bsc#1157424). - scsi: qla2xxx: Add ql2xrdpenable module parameter for RDP (bsc#1157424). - scsi: qla2xxx: Add sysfs node for D-Port Diagnostics AEN data (bsc#1157424). - scsi: qla2xxx: Add vendor extended FDMI commands (bsc#1157424). - scsi: qla2xxx: Add vendor extended RDP additions and amendments (bsc#1157424). - scsi: qla2xxx: Avoid setting firmware options twice in 24xx_update_fw_options (bsc#1157424). - scsi: qla2xxx: Check locking assumptions at runtime in qla2x00_abort_srb() (bsc#1157424). - scsi: qla2xxx: Cleanup ELS/PUREX iocb fields (bsc#1157424). - scsi: qla2xxx: Convert MAKE_HANDLE() from a define into an inline function (bsc#1157424). - scsi: qla2xxx: Correction to selection of loopback/echo test (bsc#1157424). - scsi: qla2xxx: Display message for FCE enabled (bsc#1157424). - scsi: qla2xxx: Fix control flags for login/logout IOCB (bsc#1157424). - scsi: qla2xxx: Fix FCP-SCSI FC4 flag passing error (bsc#1157424). - scsi: qla2xxx: fix FW resource count values (bsc#1157424). - scsi: qla2xxx: Fix I/Os being passed down when FC device is being deleted (bsc#1157424). - scsi: qla2xxx: Fix NPIV instantiation after FW dump (bsc#1157424). - scsi: qla2xxx: Fix qla2x00_echo_test() based on ISP type (bsc#1157424). - scsi: qla2xxx: Fix RDP respond data format (bsc#1157424). - scsi: qla2xxx: Fix RDP response size (bsc#1157424). - scsi: qla2xxx: Fix sparse warning reported by kbuild bot (bsc#1157424). - scsi: qla2xxx: Fix sparse warnings triggered by the PCI state checking code (bsc#1157424). - scsi: qla2xxx: Force semaphore on flash validation failure (bsc#1157424). - scsi: qla2xxx: Handle cases for limiting RDP response payload length (bsc#1157424). - scsi: qla2xxx: Handle NVME status iocb correctly (bsc#1157424). - scsi: qla2xxx: Improved secure flash support messages (bsc#1157424). - scsi: qla2xxx: Move free of fcport out of interrupt context (bsc#1157424). - scsi: qla2xxx: Print portname for logging in qla24xx_logio_entry() (bsc#1157424). - scsi: qla2xxx: Remove restriction of FC T10-PI and FC-NVMe (bsc#1157424). - scsi: qla2xxx: Return appropriate failure through BSG Interface (bsc#1157424). - scsi: qla2xxx: Save rscn_gen for new fcport (bsc#1157424). - scsi: qla2xxx: Serialize fc_port alloc in N2N (bsc#1157424). - scsi: qla2xxx: Set Nport ID for N2N (bsc#1157424). - scsi: qla2xxx: Show correct port speed capabilities for RDP command (bsc#1157424). - scsi: qla2xxx: Simplify the code for aborting SCSI commands (bsc#1157424). - scsi: qla2xxx: Suppress endianness complaints in qla2x00_configure_local_loop() (bsc#1157424). - scsi: qla2xxx: Update BPM enablement semantics (bsc#1157424). - scsi: qla2xxx: Update driver version to 10.01.00.24-k (bsc#1157424). - scsi: qla2xxx: Update driver version to 10.01.00.25-k (bsc#1157424). - scsi: qla2xxx: Use a dedicated interrupt handler for 'handshake-required' ISPs (bsc#1157424). - scsi: qla2xxx: Use correct ISP28xx active FW region (bsc#1157424). - scsi: qla2xxx: Use endian macros to assign static fields in fwdump header (bsc#1157424). - scsi: qla2xxx: Use FC generic update firmware options routine for ISP27xx (bsc#1157424). - scsi: qla2xxx: Use QLA_FW_STOPPED macro to propagate flag (bsc#1157424). - scsi: tcm_qla2xxx: Make qlt_alloc_qfull_cmd() set cmd->se_cmd.map_tag (bsc#1157424). - sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY (networking-stable-20_01_11). - serdev: ttyport: restore client ops on deregistration (bsc#1051510). - smb3: add debug messages for closing unmatched open (bsc#1144333). - smb3: Add defines for new information level, FileIdInformation (bsc#1144333). - smb3: add dynamic tracepoints for flush and close (bsc#1144333). - smb3: add missing flag definitions (bsc#1144333). - smb3: Add missing reparse tags (bsc#1144333). - smb3: add missing worker function for SMB3 change notify (bsc#1144333). - smb3: add mount option to allow forced caching of read only share (bsc#1144333). - smb3: add mount option to allow RW caching of share accessed by only 1 client (bsc#1144333). - smb3: add one more dynamic tracepoint missing from strict fsync path (bsc#1144333). - smb3: add some more descriptive messages about share when mounting cache=ro (bsc#1144333). - smb3: allow decryption keys to be dumped by admin for debugging (bsc#1144333). - smb3: allow disabling requesting leases (bsc#1144333). - smb3: allow parallelizing decryption of reads (bsc#1144333). - smb3: allow skipping signature verification for perf sensitive configurations (bsc#1144333). - SMB3: Backup intent flag missing from some more ops (bsc#1144333). - smb3: cleanup some recent endian errors spotted by updated sparse (bsc#1144333). - smb3: display max smb3 requests in flight at any one time (bsc#1144333). - smb3: dump in_send and num_waiters stats counters by default (bsc#1144333). - smb3: enable offload of decryption of large reads via mount option (bsc#1144333). - smb3: fix default permissions on new files when mounting with modefromsid (bsc#1144333). - smb3: fix mode passed in on create for modetosid mount option (bsc#1144333). - smb3: fix performance regression with setting mtime (bsc#1144333). - smb3: fix potential null dereference in decrypt offload (bsc#1144333). - smb3: fix problem with null cifs super block with previous patch (bsc#1144333). - smb3: Fix regression in time handling (bsc#1144333). - smb3: improve check for when we send the security descriptor context on create (bsc#1144333). - smb3: log warning if CSC policy conflicts with cache mount option (bsc#1144333). - smb3: missing ACL related flags (bsc#1144333). - smb3: only offload decryption of read responses if multiple requests (bsc#1144333). - smb3: pass mode bits into create calls (bsc#1144333). - smb3: print warning once if posix context returned on open (bsc#1144333). - smb3: query attributes on file close (bsc#1144333). - smb3: remove noisy debug message and minor cleanup (bsc#1144333). - smb3: remove unused flag passed into close functions (bsc#1144333). - staging: ccree: use signal safe completion wait (git-fixes). - staging: rtl8188eu: Add ASUS USB-N10 Nano B1 to device table (bsc#1051510). - staging: rtl8188eu: Fix potential overuse of kernel memory (bsc#1051510). - staging: rtl8188eu: Fix potential security hole (bsc#1051510). - staging: rtl8723bs: Fix potential overuse of kernel memory (bsc#1051510). - staging: rtl8723bs: Fix potential security hole (bsc#1051510). - staging: vt6656: fix sign of rx_dbm to bb_pre_ed_rssi (bsc#1051510). - staging: wlan-ng: fix ODEBUG bug in prism2sta_disconnect_usb (bsc#1051510). - staging: wlan-ng: fix use-after-free Read in hfa384x_usbin_callback (bsc#1051510). - SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202). - tcp_bbr: improve arithmetic division in bbr_update_bw() (networking-stable-20_01_27). - tcp: clear tp->data_segs{in|out} in tcp_disconnect() (networking-stable-20_02_05). - tcp: clear tp->delivered in tcp_disconnect() (networking-stable-20_02_05). - tcp: clear tp->segs_{in|out} in tcp_disconnect() (networking-stable-20_02_05). - tcp: clear tp->total_retrans in tcp_disconnect() (networking-stable-20_02_05). - tcp: fix marked lost packets not being retransmitted (networking-stable-20_01_20). - tcp: fix 'old stuff' D-SACK causing SACK to be treated as D-SACK (networking-stable-20_01_11). - thermal: devfreq_cooling: inline all stubs for CONFIG_DEVFREQ_THERMAL=n (bsc#1051510). - thunderbolt: Prevent crash if non-active NVMem file is read (git-fixes). - tick: broadcast-hrtimer: Fix a race in bc_set_next (bsc#1044231). - tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure (git-fixes). - tools: Update include/uapi/linux/fcntl.h copy from the kernel (bsc#1166003). - tpm: ibmvtpm: Wait for buffer to be set before proceeding (bsc#1065729). - tty: evh_bytechan: Fix out of bounds accesses (bsc#1051510). - ttyprintk: fix a potential deadlock in interrupt context issue (git-fixes). - tty/serial: atmel: manage shutdown in case of RS485 or ISO7816 mode (bsc#1051510). - tty: serial: imx: setup the correct sg entry for tx dma (bsc#1051510). - USB: cdc-acm: fix rounding error in TIOCSSERIAL (git-fixes). - USB: core: add endpoint-blacklist quirk (git-fixes). - USB: core: hub: do error out if usb_autopm_get_interface() fails (git-fixes). - USB: core: port: do error out if usb_autopm_get_interface() fails (git-fixes). - USB: Disable LPM on WD19's Realtek Hub (git-fixes). - USB: dwc2: Fix in ISOC request length checking (git-fixes). - USB: Fix novation SourceControl XL after suspend (git-fixes). - USB: gadget: composite: Fix bMaxPower for SuperSpeedPlus (git-fixes). - USB: gadget: f_fs: Fix use after free issue as part of queue failure (bsc#1051510). - USB: host: xhci-plat: add a shutdown (git-fixes). - USB: host: xhci: update event ring dequeue pointer on purpose (git-fixes). - USB: hub: Do not record a connect-change event during reset-resume (git-fixes). - usbip: Fix uninitialized symbol 'nents' in stub_recv_cmd_submit() (git-fixes). - USB: misc: iowarrior: add support for 2 OEMed devices (git-fixes). - USB: misc: iowarrior: add support for the 100 device (git-fixes). - USB: misc: iowarrior: add support for the 28 and 28L devices (git-fixes). - USB: musb: Disable pullup at init (git-fixes). - USB: musb: fix crash with highmen PIO and usbmon (bsc#1051510). - USB: quirks: add NO_LPM quirk for Logitech Screen Share (git-fixes). - USB: quirks: add NO_LPM quirk for RTL8153 based ethernet adapters (git-fixes). - USB: quirks: blacklist duplicate ep on Sound Devices USBPre2 (git-fixes). - USB: serial: io_edgeport: fix slab-out-of-bounds read in edge_interrupt_callback (bsc#1051510). - USB: serial: option: add ME910G1 ECM composition 0x110b (git-fixes). - USB: serial: pl2303: add device-id for HP LD381 (git-fixes). - USB: storage: Add quirk for Samsung Fit flash (git-fixes). - USB: uas: fix a plug & unplug racing (git-fixes). - USB: xhci: apply XHCI_SUSPEND_DELAY to AMD XHCI controller 1022:145c (git-fixes). - uvcvideo: Refactor teardown of uvc on USB disconnect (bsc#1164507). - vgacon: Fix a UAF in vgacon_invert_region (bsc#1114279) - virtio-blk: fix hw_queue stopped on arbitrary error (git-fixes). - vlan: fix memory leak in vlan_dev_set_egress_priority (networking-stable-20_01_11). - vlan: vlan_changelink() should propagate errors (networking-stable-20_01_11). - vxlan: fix tos value before xmit (networking-stable-20_01_11). - x86/cpu/amd: Enable the fixed Instructions Retired counter IRPERF (bsc#1114279). - x86/mce/amd: Fix kobject lifetime (bsc#1114279). - x86/mce/amd: Publish the bank pointer only after setup has succeeded (bsc#1114279). - x86/mce: Fix logic and comments around MSR_PPIN_CTL (bsc#1114279). - x86/mm: Split vmalloc_sync_all() (bsc#1165741). - x86/pkeys: Manually set X86_FEATURE_OSPKE to preserve existing changes (bsc#1114279). - xen/blkfront: fix memory allocation flags in blkfront_setup_indirect() (bsc#1168486). - xfs: also remove cached ACLs when removing the underlying attr (bsc#1165873). - xfs: bulkstat should copy lastip whenever userspace supplies one (bsc#1165984). - xhci: apply XHCI_PME_STUCK_QUIRK to Intel Comet Lake platforms (git-fixes). - xhci: Do not open code __print_symbolic() in xhci trace events (git-fixes). - xhci: fix runtime pm enabling for quirky Intel hosts (bsc#1051510). - xhci: Force Maximum Packet size for Full-speed bulk devices to valid range (bsc#1051510). Important SUSE bug 1044231 SUSE bug 1050549 SUSE bug 1051510 SUSE bug 1051858 SUSE bug 1056686 SUSE bug 1060463 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1083647 SUSE bug 1085030 SUSE bug 1104967 SUSE bug 1109911 SUSE bug 1114279 SUSE bug 1118338 SUSE bug 1120386 SUSE bug 1133021 SUSE bug 1136157 SUSE bug 1137325 SUSE bug 1144333 SUSE bug 1145051 SUSE bug 1145929 SUSE bug 1146539 SUSE bug 1148868 SUSE bug 1154385 SUSE bug 1157424 SUSE bug 1158552 SUSE bug 1158983 SUSE bug 1159037 SUSE bug 1159142 SUSE bug 1159198 SUSE bug 1159285 SUSE bug 1160659 SUSE bug 1161951 SUSE bug 1162929 SUSE bug 1162931 SUSE bug 1163403 SUSE bug 1163508 SUSE bug 1163897 SUSE bug 1164078 SUSE bug 1164284 SUSE bug 1164507 SUSE bug 1164893 SUSE bug 1165019 SUSE bug 1165111 SUSE bug 1165182 SUSE bug 1165404 SUSE bug 1165488 SUSE bug 1165527 SUSE bug 1165741 SUSE bug 1165813 SUSE bug 1165873 SUSE bug 1165949 SUSE bug 1165984 SUSE bug 1165985 SUSE bug 1166003 SUSE bug 1166101 SUSE bug 1166102 SUSE bug 1166103 SUSE bug 1166104 SUSE bug 1166632 SUSE bug 1166730 SUSE bug 1166731 SUSE bug 1166732 SUSE bug 1166733 SUSE bug 1166734 SUSE bug 1166735 SUSE bug 1166780 SUSE bug 1166860 SUSE bug 1166861 SUSE bug 1166862 SUSE bug 1166864 SUSE bug 1166866 SUSE bug 1166867 SUSE bug 1166868 SUSE bug 1166870 SUSE bug 1166940 SUSE bug 1167005 SUSE bug 1167288 SUSE bug 1167290 SUSE bug 1167316 SUSE bug 1167421 SUSE bug 1167423 SUSE bug 1167629 SUSE bug 1168075 SUSE bug 1168202 SUSE bug 1168276 SUSE bug 1168295 SUSE bug 1168424 SUSE bug 1168443 SUSE bug 1168486 SUSE bug 1168760 SUSE bug 1168762 SUSE bug 1168763 SUSE bug 1168764 SUSE bug 1168765 SUSE bug 1168829 SUSE bug 1168854 SUSE bug 1168881 SUSE bug 1168884 SUSE bug 1168952 SUSE bug 1169057 SUSE bug 1169390 CVE-2019-19768 CVE-2019-19770 CVE-2019-3701 CVE-2019-9458 CVE-2020-10942 CVE-2020-11494 CVE-2020-11669 CVE-2020-8647 CVE-2020-8649 CVE-2020-8834 CVE-2020-9383 cpe:/o:suse:suse-linux-enterprise-rt:12:sp4 SUSE Linux Enterprise Real Time 12 SP4 The SUSE Linux Enterprise 12 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key (bnc#1171988). - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c where incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bnc#1173567). - CVE-2020-10781: zram sysfs resource consumption was fixed (bnc#1173074). - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573). - CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c had a memory leak, aka CID-28ebeb8db770 (bnc#1173514). - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c had a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265). - CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999). - CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-10766: Fixed an issue which allowed an attacker with a local account to disable SSBD protection (bnc#1172781). - CVE-2020-10767: Fixed an issue where Indirect Branch Prediction Barrier was disabled in certain circumstances, leaving the system open to a spectre v2 style attack (bnc#1172782). - CVE-2020-10768: Fixed an issue with the prctl() function, where indirect branch speculation could be enabled even though it was diabled before (bnc#1172783). - CVE-2020-13974: Fixed a integer overflow in drivers/tty/vt/keyboard.c, if k_ascii is called several times in a row (bnc#1172775). - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824). - CVE-2020-13974: Fixed an integer overflow in drivers/tty/vt/keyboard.c which could have been caused by calling multiple time in a row k_ascii (bsc#1172775). - CVE-2020-13143: Fixed an out-of-bounds read in gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c (bsc#1171982). - CVE-2020-12769: Fixed an issue which could have allowed attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one (bsc#1171983). - CVE-2020-12657: An a use-after-free in block/bfq-iosched.c (bsc#1171205). - CVE-2020-12656: Fixed an improper handling of certain domain_release calls leadingch could have led to a memory leak (bsc#1171219). - CVE-2020-12655: Fixed an issue which could have allowed attackers to trigger a sync of excessive duration via an XFS v5 image with crafted metadata (bsc#1171217). - CVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171202). - CVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171195). - CVE-2020-12652: Fixed an issue which could have allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition (bsc#1171218). - CVE-2020-12464: Fixed a use-after-free due to a transfer without a reference (bsc#1170901). - CVE-2020-12114: Fixed a pivot_root race condition which could have allowed local users to cause a denial of service (panic) by corrupting a mountpoint reference counter (bsc#1171098). - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172317). - CVE-2020-10751: Fixed an improper implementation in SELinux LSM hook where it was assumed that an skb would only contain a single netlink message (bsc#1171189). - CVE-2020-10732: Fixed kernel data leak in userspace coredumps due to uninitialized data (bsc#1171220). - CVE-2020-10720: Fixed a use-after-free read in napi_gro_frags() (bsc#1170778). - CVE-2020-10711: Fixed a null pointer dereference in SELinux subsystem which could have allowed a remote network user to crash the kernel resulting in a denial of service (bsc#1171191). - CVE-2020-10690: Fixed the race between the release of ptp_clock and cdev (bsc#1170056). - CVE-2019-9455: Fixed a pointer leak due to a WARN_ON statement in a video driver. This could lead to local information disclosure with System execution privileges needed (bsc#1170345). - CVE-2019-20812: Fixed an issue in prb_calc_retire_blk_tmo() which could have resulted in a denial of service (bsc#1172453). - CVE-2019-20810: Fixed a memory leak in due to not calling of snd_card_free (bsc#1172458). - CVE-2019-20806: Fixed a null pointer dereference which may had lead to denial of service (bsc#1172199). - CVE-2019-19462: Fixed an issue which could have allowed local user to cause denial of service (bsc#1158265). - CVE-2019-16746: An issue was discovered in net/wireless/nl80211.c, where the length of variable elements in a beacon head was not checked, leading to a buffer overflow (bnc#1152107 1173659). - CVE-2019-20810: go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c did not call snd_card_free for a failure path, which caused a memory leak, aka CID-9453264ef586 (bnc#1172458). - CVE-2018-1000199: Fixed a potential local code execution via ptrace (bsc#1089895). The following non-security bugs were fixed: - ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() (bsc#1051510). - ACPI: PM: Avoid using power resources if there are none for D0 (bsc#1051510). - ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() (bsc#1051510). - acpi/x86: ignore unspecified bit positions in the ACPI global lock field (bsc#1051510). - agp/intel: Reinforce the barrier after GTT updates (bsc#1051510). - ALSA: ctxfi: Remove unnecessary cast in kfree (bsc#1051510). - ALSA: dummy: Fix PCM format loop in proc output (bsc#1111666). - ALSA: es1688: Add the missed snd_card_free() (bsc#1051510). - ALSA: hda: Do not release card at firmware loading error (bsc#1051510). - ALSA: hda/hdmi: fix race in monitor detection during probe (bsc#1051510). - ALSA: hda/hdmi: fix without unlocked before return (bsc#1051510). - ALSA: hda: Keep the controller initialization even if no codecs found (bsc#1051510). - ALSA: hda/realtek - Add more fixup entries for Clevo machines (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC245 (bsc#1051510). - ALSA: hda/realtek - Add new codec supported for ALC287 (git-fixes). - ALSA: hda/realtek - Fix S3 pop noise on Dell Wyse (git-fixes). - ALSA: hda/realtek - Fix unexpected init_amp override (bsc#1051510). - ALSA: hda/realtek - Limit int mic boost for Thinkpad T530 (git-fixes bsc#1171293). - ALSA: hda/realtek - Two front mics on a Lenovo ThinkCenter (bsc#1051510). - ALSA: hwdep: fix a left shifting 1 by 31 UB bug (git-fixes). - ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option (git-fixes). - ALSA: opti9xx: shut up gcc-10 range warning (bsc#1051510). - ALSA: pcm: fix incorrect hw_base increase (git-fixes). - ALSA: pcm: oss: Place the plugin buffer overflow checks correctly (bsc#1170522). - ALSA: rawmidi: Fix racy buffer resize under concurrent accesses (git-fixes). - ALSA: usb-audio: Add control message quirk delay for Kingston HyperX headset (git-fixes). - ALSA: usb-audio: Correct a typo of NuPrime DAC-10 USB ID (bsc#1051510). - ALSA: usb-audio: Do not override ignore_ctl_error value from the map (bsc#1051510). - ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif (bsc#1051510). - ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC (git-fixes). - ALSA: usx2y: Fix potential NULL dereference (bsc#1051510). - ASoC: codecs: hdac_hdmi: Fix incorrect use of list_for_each_entry (bsc#1051510). - ASoC: dapm: connect virtual mux with default value (bsc#1051510). - ASoC: dapm: fixup dapm kcontrol widget (bsc#1051510). - ASoC: dpcm: allow start or stop during pause for backend (bsc#1051510). - ASoC: fix regwmask (bsc#1051510). - ASoC: msm8916-wcd-digital: Reset RX interpolation path after use (bsc#1051510). - ASoC: samsung: Prevent clk_get_rate() calls in atomic context (bsc#1111666). - ASoC: topology: Check return value of pcm_new_ver (bsc#1051510). - ASoC: topology: use name_prefix for new kcontrol (bsc#1051510). - b43legacy: Fix case where channel status is corrupted (bsc#1051510). - batman-adv: fix batadv_nc_random_weight_tq (git-fixes). - batman-adv: Fix refcnt leak in batadv_show_throughput_override (git-fixes). - batman-adv: Fix refcnt leak in batadv_store_throughput_override (git-fixes). - batman-adv: Fix refcnt leak in batadv_v_ogm_process (git-fixes). - bcache: avoid unnecessary btree nodes flushing in btree_flush_write() (git fixes (block drivers)). - bcache: Fix an error code in bch_dump_read() (git fixes (block drivers)). - bcache: fix incorrect data type usage in btree_flush_write() (git fixes (block drivers)). - bcache: Revert 'bcache: shrink btree node cache after bch_btree_check()' (git fixes (block drivers)). - block, bfq: add requeue-request hook (bsc#1104967 bsc#1171673). - block, bfq: postpone rq preparation to insert or merge (bsc#1104967 bsc#1171673). - block/drbd: delete invalid function drbd_md_mark_dirty_ (bsc#1171527). - block: drbd: remove a stray unlock in __drbd_send_protocol() (bsc#1171599). - block: fix busy device checking in blk_drop_partitions again (bsc#1171948). - block: fix busy device checking in blk_drop_partitions (bsc#1171948). - block: fix memleak of bio integrity data (git fixes (block drivers)). - block: remove QUEUE_FLAG_STACKABLE (git fixes (block drivers)). - block: remove the bd_openers checks in blk_drop_partitions (bsc#1171948). - block: sed-opal: fix sparse warning: convert __be64 data (git fixes (block drivers)). - bnxt_en: fix memory leaks in bnxt_dcbnl_ieee_getets() (networking-stable-20_03_28). - bnxt_en: reinitialize IRQs when MTU is modified (networking-stable-20_03_14). - bonding/alb: make sure arp header is pulled before accessing it (networking-stable-20_03_14). - brcmfmac: abort and release host after error (bsc#1051510). - btrfs: always wait on ordered extents at fsync time (bsc#1171761). - btrfs: clean up the left over logged_list usage (bsc#1171761). - btrfs: do not zero f_bavail if we have available space (bsc#1168081). - btrfs: fix deadlock with memory reclaim during scrub (bsc#1172127). - Btrfs: fix list_add corruption and soft lockups in fsync (bsc#1171761). - btrfs: fix log context list corruption after rename whiteout error (bsc#1172342). - Btrfs: fix missing data checksums after a ranged fsync (msync) (bsc#1171761). - btrfs: fix missing file extent item for hole after ranged fsync (bsc#1171761). - Btrfs: fix missing hole after hole punching and fsync when using NO_HOLES (bsc#1171761). - btrfs: fix missing semaphore unlock in btrfs_sync_file (bsc#1171761). - btrfs: fix partial loss of prealloc extent past i_size after fsync (bsc#1172343). - Btrfs: fix rare chances for data loss when doing a fast fsync (bsc#1171761). - btrfs: move the dio_sem higher up the callchain (bsc#1171761). - btrfs: reloc: clear DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: reloc: fix reloc root leak and NULL pointer dereference (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: Remove extra parentheses from condition in copy_items() (bsc#1171761). - Btrfs: remove no longer used io_err from btrfs_log_ctx (bsc#1171761). - Btrfs: remove no longer used logged range variables when logging extents (bsc#1171761). - Btrfs: remove no longer used 'sync' member from transaction handle (bsc#1171761). - btrfs: remove remaing full_sync logic from btrfs_sync_file (bsc#1171761). - btrfs: remove the logged extents infrastructure (bsc#1171761). - btrfs: remove the wait ordered logic in the log_one_extent path (bsc#1171761). - btrfs: setup a nofs context for memory allocation at btrfs_create_tree() (bsc#1172127). - btrfs: setup a nofs context for memory allocation at __btrfs_set_acl (bsc#1172127). - btrfs: use nofs context when initializing security xattrs to avoid deadlock (bsc#1172127). - btrfs: volumes: Remove ENOSPC-prone btrfs_can_relocate() (bsc#1171124). - can: add missing attribute validation for termination (networking-stable-20_03_14). - cdc-acm: close race betrween suspend() and acm_softint (git-fixes). - CDC-ACM: heed quirk also in error handling (git-fixes). - cdc-acm: introduce a cool down (git-fixes). - ceph: fix double unlock in handle_cap_export() (bsc#1171694). - ceph: fix endianness bug when handling MDS session feature bits (bsc#1171695). - cgroup, netclassid: periodically release file_lock on classid updating (networking-stable-20_03_14). - CIFS: Allocate crypto structures on the fly for calculating signatures of incoming packets (bsc#1144333). - CIFS: Allocate encryption header through kmalloc (bsc#1144333). - CIFS: allow unlock flock and OFD lock across fork (bsc#1144333). - CIFS: check new file size when extending file by fallocate (bsc#1144333). - CIFS: cifspdu.h: Replace zero-length array with flexible-array member (bsc#1144333). - CIFS: clear PF_MEMALLOC before exiting demultiplex thread (bsc#1144333). - CIFS: do not share tcons with DFS (bsc#1144333). - CIFS: dump the session id and keys also for SMB2 sessions (bsc#1144333). - CIFS: ensure correct super block for DFS reconnect (bsc#1144333). - CIFS: Fix bug which the return value by asynchronous read is error (bsc#1144333). - CIFS: fix uninitialised lease_key in open_shroot() (bsc#1144333). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1144333). - cifs: handle hostnames that resolve to same ip in failover (bsc#1144333 bsc#1161016). - CIFS: improve read performance for page size 64KB & cache=strict & vers=2.1+ (bsc#1144333). - CIFS: Increment num_remote_opens stats counter even in case of smb2_query_dir_first (bsc#1144333). - CIFS: minor update to comments around the cifs_tcp_ses_lock mutex (bsc#1144333). - CIFS: protect updating server->dstaddr with a spinlock (bsc#1144333). - cifs: set up next DFS target before generic_ip_connect() (bsc#1144333 bsc#1161016). - CIFS: smb2pdu.h: Replace zero-length array with flexible-array member (bsc#1144333). - CIFS: smbd: Calculate the correct maximum packet size for segmented SMBDirect send/receive (bsc#1144333). - CIFS: smbd: Check and extend sender credits in interrupt context (bsc#1144333). - CIFS: smbd: Check send queue size before posting a send (bsc#1144333). - CIFS: smbd: Do not schedule work to send immediate packet on every receive (bsc#1144333). - CIFS: smbd: Merge code to track pending packets (bsc#1144333). - CIFS: smbd: Properly process errors on ib_post_send (bsc#1144333). - CIFS: smbd: Update receive credits before sending and deal with credits roll back on failure before sending (bsc#1144333). - CIFS: Warn less noisily on default mount (bsc#1144333). - clk: Add clk_hw_unregister_composite helper function definition (bsc#1051510). - clk: bcm2835: Fix return type of bcm2835_register_gate (bsc#1051510). - clk: clk-flexgen: fix clock-critical handling (bsc#1051510). - clk: imx6ull: use OSC clock during AXI rate change (bsc#1051510). - clk: imx: make mux parent strings const (bsc#1051510). - clk: mediatek: correct the clocks for MT2701 HDMI PHY module (bsc#1051510). - clk: sunxi: Fix incorrect usage of round_down() (bsc#1051510). - clk: sunxi-ng: a64: Fix gate bit of DSI DPHY (bsc#1051510). - clocksource/drivers/hyper-v: Set TSC clocksource as default w/ InvariantTSC (bsc#1170620). - clocksource: dw_apb_timer_of: Fix missing clockevent timers (bsc#1051510). - compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE (git fixes (block drivers)). - compat_ioctl: block: handle Persistent Reservations (git fixes (block drivers)). - component: Silence bind error on -EPROBE_DEFER (bsc#1051510). - copy_{to,from}_user(): consolidate object size checks (git fixes). - coresight: do not use the BIT() macro in the UAPI header (git fixes (block drivers)). - cpufreq: s3c64xx: Remove pointless NULL check in s3c64xx_cpufreq_driver_init (bsc#1051510). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes). - crypto: ccp - AES CFB mode is a stream cipher (git-fixes). - crypto: ccp - Clean up and exit correctly on allocation failure (git-fixes). - crypto: ccp - Cleanup misc_dev on sev_exit() (bsc#1114279). - crypto: ccp - Cleanup sp_dev_master in psp_dev_destroy() (bsc#1114279). - debugfs: Add debugfs_create_xul() for hexadecimal unsigned long (git-fixes). - dmaengine: dmatest: Fix iteration non-stop logic (bsc#1051510). - dm btree: increase rebalance threshold in __rebalance2() (git fixes (block drivers)). - dm cache: fix a crash due to incorrect work item cancelling (git fixes (block drivers)). - dm crypt: fix benbi IV constructor crash if used in authenticated mode (git fixes (block drivers)). - dm: fix potential for q->make_request_fn NULL pointer (git fixes (block drivers)). - dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574). - dm space map common: fix to ensure new block isn't already in use (git fixes (block drivers)). - dm: various cleanups to md->queue initialization code (git fixes). - dm verity fec: fix hash block number in verity_fec_decode (git fixes (block drivers)). - dm verity fec: fix memory leak in verity_fec_dtr (git fixes (block drivers)). - dm writecache: fix data corruption when reloading the target (git fixes (block drivers)). - dm writecache: fix incorrect flush sequence when doing SSD mode commit (git fixes (block drivers)). - dm writecache: verify watermark during resume (git fixes (block drivers)). - dm zoned: fix invalid memory access (git fixes (block drivers)). - dm zoned: reduce overhead of backing device checks (git fixes (block drivers)). - dm zoned: remove duplicate nr_rnd_zones increase in dmz_init_zone() (git fixes (block drivers)). - dm zoned: support zone sizes smaller than 128MiB (git fixes (block drivers)). - dp83640: reverse arguments to list_add_tail (git-fixes). - Drivers: hv: Add a module description line to the hv_vmbus driver (bsc#1172253). - Drivers: HV: Send one page worth of kmsg dump over Hyper-V during panic (bsc#1170618). - Drivers: hv: vmbus: Fix the issue with freeing up hv_ctl_table_hdr (bsc#1170618). - Drivers: hv: vmbus: Get rid of MSR access from vmbus_drv.c (bsc#1170618). - Drivers: hv: vmus: Fix the check for return value from kmsg get dump buffer (bsc#1170618). - Drivers/net/ibmvnic: Update VNIC protocol version reporting (bsc#1065729). - Drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static (bsc#1051510). - drm: amd/acp: fix broken menu structure (bsc#1114279) * context changes - drm/crc: Actually allow to change the crc source (bsc#1114279) * offset changes - drm/dp_mst: Fix clearing payload state on topology disable (bsc#1051510). - drm/dp_mst: Reformat drm_dp_check_act_status() a bit (bsc#1051510). - drm/edid: Fix off-by-one in DispID DTD pixel clock (bsc#1114279) - drm: encoder_slave: fix refcouting error for modules (bsc#1114279) - drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of (bsc#1114279) - drm/i915: properly sanity check batch_start_offset (bsc#1114279) * renamed display/intel_fbc.c -> intel_fb.c * renamed gt/intel_rc6.c -> intel_pm.c * context changes - drm/meson: Delete an error message in meson_dw_hdmi_bind() (bsc#1051510). - drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem (bsc#1114279) - drm/qxl: qxl_release leak in qxl_draw_dirty_fb() (bsc#1051510). - drm/qxl: qxl_release leak in qxl_hw_surface_alloc() (bsc#1051510). - drm/qxl: qxl_release use after free (bsc#1051510). - drm: Remove PageReserved manipulation from drm_pci_alloc (bsc#1114279) * offset changes - dump_stack: avoid the livelock of the dump_lock (git fixes (block drivers)). - e1000e: Disable TSO for buffer overrun workaround (bsc#1051510). - e1000e: Do not wake up the system via WOL if device wakeup is disabled (bsc#1051510). - EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1114279). - EDAC, sb_edac: Add support for systems with segmented PCI buses (bsc#1169525). - evm: Check also if *tfm is an error pointer in init_desc() (bsc#1051510). - evm: Fix a small race in init_desc() (bsc#1051510). - ext4: do not zeroout extents beyond i_disksize (bsc#1167851). - ext4: fix extent_status fragmentation for plain files (bsc#1171949). - ext4: use non-movable memory for superblock readahead (bsc#1171952). - extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' (bsc#1051510). - fanotify: fix merging marks masks with FAN_ONDIR (bsc#1171679). - fbcon: fix null-ptr-deref in fbcon_switch (bsc#1114279) * rename drivers/video/fbdev/core to drivers/video/console * context changes - fbdev: potential information leak in do_fb_ioctl() (bsc#1114279) - fbmem: Adjust indentation in fb_prepare_logo and fb_blank (bsc#1114279) - fib: add missing attribute validation for tun_id (networking-stable-20_03_14). - firmware: qcom: scm: fix compilation error when disabled (bsc#1051510). - fs/cifs: fix gcc warning in sid_to_id (bsc#1144333). - fs/seq_file.c: simplify seq_file iteration code and interface (bsc#1170125). - gpiolib: Document that GPIO line names are not globally unique (bsc#1051510). - gpio: tegra: mask GPIO IRQs during IRQ shutdown (bsc#1051510). - gre: fix uninit-value in __iptunnel_pull_header (networking-stable-20_03_14). - HID: hid-input: clear unmapped usages (git-fixes). - HID: hyperv: Add a module description line (bsc#1172253). - HID: i2c-hid: add Trekstor Primebook C11B to descriptor override (git-fixes). - HID: i2c-hid: override HID descriptors for certain devices (git-fixes). - HID: multitouch: add eGalaxTouch P80H84 support (bsc#1051510). - HID: sony: Fix for broken buttons on DS3 USB dongles (bsc#1051510). - HID: wacom: Read HID_DG_CONTACTMAX directly for non-generic devices (git-fixes). - hrtimer: Annotate lockless access to timer->state (git fixes (block drivers)). - hsr: add restart routine into hsr_get_node_list() (networking-stable-20_03_28). - hsr: check protocol version in hsr_newlink() (networking-stable-20_04_17). - hsr: fix general protection fault in hsr_addr_is_self() (networking-stable-20_03_28). - hsr: set .netnsok flag (networking-stable-20_03_28). - hsr: use rcu_read_lock() in hsr_get_node_{list/status}() (networking-stable-20_03_28). - i2c: acpi: Force bus speed to 400KHz if a Silead touchscreen is present (git-fixes). - i2c: acpi: put device when verifying client fails (git-fixes). - i2c: brcmstb: remove unused struct member (git-fixes). - i2c: core: Allow empty id_table in ACPI case as well (git-fixes). - i2c: core: decrease reference count of device node in i2c_unregister_device (git-fixes). - i2c: dev: Fix the race between the release of i2c_dev and cdev (bsc#1051510). - i2c: fix missing pm_runtime_put_sync in i2c_device_probe (git-fixes). - i2c-hid: properly terminate i2c_hid_dmi_desc_override_table array (git-fixes). - i2c: i801: Do not add ICH_RES_IO_SMI for the iTCO_wdt device (git-fixes). - i2c: iproc: Stop advertising support of SMBUS quick cmd (git-fixes). - i2c: isch: Remove unnecessary acpi.h include (git-fixes). - i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()' (bsc#1051510). - i2c: st: fix missing struct parameter description (bsc#1051510). - IB/ipoib: Add child to parent list only if device initialized (bsc#1168503). - IB/ipoib: Consolidate checking of the proposed child interface (bsc#1168503). - IB/ipoib: Do not remove child devices from within the ndo_uninit (bsc#1168503). - IB/ipoib: Get rid of IPOIB_FLAG_GOING_DOWN (bsc#1168503). - IB/ipoib: Get rid of the sysfs_mutex (bsc#1168503). - IB/ipoib: Maintain the child_intfs list from ndo_init/uninit (bsc#1168503). - IB/ipoib: Move all uninit code into ndo_uninit (bsc#1168503). - IB/ipoib: Move init code to ndo_init (bsc#1168503). - IB/ipoib: Replace printk with pr_warn (bsc#1168503). - IB/ipoib: Use cancel_delayed_work_sync for neigh-clean task (bsc#1168503). - IB/ipoib: Warn when one port fails to initialize (bsc#1168503). - ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397). - ibmvfc: do not send implicit logouts prior to NPIV login (bsc#1169625 ltc#184611). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - ibmvnic: Skip fatal error reset after passive init (bsc#1171078 ltc#184239). - iio:ad7797: Use correct attribute_group (bsc#1051510). - iio: adc: stm32-adc: fix device used to request dma (bsc#1051510). - iio: adc: stm32-adc: fix sleep in atomic context (git-fixes). - iio: adc: stm32-adc: Use dma_request_chan() instead dma_request_slave_channel() (bsc#1051510). - iio: buffer: Do not allow buffers without any channels enabled to be activated (bsc#1051510). - iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()' (bsc#1051510). - iio: pressure: bmp280: Tolerate IRQ before registering (bsc#1051510). - iio: sca3000: Remove an erroneous 'get_device()' (bsc#1051510). - iio: xilinx-xadc: Fix ADC-B powerdown (bsc#1051510). - iio: xilinx-xadc: Fix clearing interrupt when enabling trigger (bsc#1051510). - iio: xilinx-xadc: Fix sequencer configuration for aux channels in simultaneous mode (bsc#1051510). - ima: Directly assign the ima_default_policy pointer to ima_rules (bsc#1051510). - ima: Fix ima digest hash table key calculation (bsc#1051510). - ima: Fix return value of ima_write_policy() (git-fixes). - include/asm-generic/topology.h: guard cpumask_of_node() macro argument (bsc#1148868). - Input: evdev - call input_flush_device() on release(), not flush() (bsc#1051510). - Input: hyperv-keyboard - add module description (bsc#1172253). - Input: i8042 - add Acer Aspire 5738z to nomux list (bsc#1051510). - Input: i8042 - add ThinkPad S230u to i8042 reset list (bsc#1051510). - Input: raydium_i2c_ts - use true and false for boolean values (bsc#1051510). - Input: synaptics-rmi4 - fix error return code in rmi_driver_probe() (bsc#1051510). - Input: synaptics-rmi4 - really fix attn_data use-after-free (git-fixes). - Input: usbtouchscreen - add support for BonXeon TP (bsc#1051510). - Input: xpad - add custom init packet for Xbox One S controllers (bsc#1051510). - iommu/amd: Call domain_flush_complete() in update_domain() (bsc#1172096). - iommu/amd: Do not flush Device Table in iommu_map_page() (bsc#1172097). - iommu/amd: Do not loop forever when trying to increase address space (bsc#1172098). - iommu/amd: Fix legacy interrupt remapping for x2APIC-enabled system (bsc#1172099). - iommu/amd: Fix over-read of ACPI UID from IVRS table (bsc#1172101). - iommu/amd: Fix race in increase_address_space()/fetch_pte() (bsc#1172102). - iommu/amd: Update Device Table in increase_address_space() (bsc#1172103). - iommu: Fix reference count leak in iommu_group_alloc (bsc#1172397). - ipmi: fix hung processes in __get_guid() (git-fixes). - ipv4: fix a RCU-list lock in fib_triestat_seq_show (networking-stable-20_04_02). - ipv6/addrconf: call ipv6_mc_up() for non-Ethernet interface (networking-stable-20_03_14). - ipv6: do not auto-add link-local address to lag ports (networking-stable-20_04_09). - ipv6: Fix nlmsg_flags when splitting a multipath route (networking-stable-20_03_01). - ipv6: Fix route replacement with dev-only route (networking-stable-20_03_01). - ipvlan: add cond_resched_rcu() while processing muticast backlog (networking-stable-20_03_14). - ipvlan: do not deref eth hdr before checking it's set (networking-stable-20_03_14). - ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast() (networking-stable-20_03_14). - iwlwifi: pcie: actually release queue memory in TVQM (bsc#1051510). - kABI fix for early XHCI debug (git-fixes). - kabi for for md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (git-fixes). - kabi, protect struct ib_device (bsc#1168503). - kabi/severities: Do not track KVM internal symbols. - kabi/severities: Ingnore get_dev_data() The function is internal to the AMD IOMMU driver and must not be called by any third party. - kabi workaround for snd_rawmidi buffer_ref field addition (git-fixes). - KEYS: reaching the keys quotas correctly (bsc#1051510). - KVM: arm64: Change hyp_panic()s dependency on tpidr_el2 (bsc#1133021). - KVM: arm64: Stop save/restoring host tpidr_el1 on VHE (bsc#1133021). - KVM: Check validity of resolved slot when searching memslots (bsc#1172104). - KVM: nVMX: Do not reread VMCS-agnostic state when switching VMCS (bsc#1114279). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1114279). - KVM: s390: vsie: Fix delivery of addressing exceptions (git-fixes). - KVM: s390: vsie: Fix possible race when shadowing region 3 tables (git-fixes). - KVM: s390: vsie: Fix region 1 ASCE sanity shadow address checks (git-fixes). - KVM: SVM: Fix potential memory leak in svm_cpu_init() (bsc#1171736). - KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1152489). - kvm: x86: Fix L1TF mitigation for shadow MMU (bsc#1171904). - KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated (bsc#1171904). - KVM: x86: only do L1TF workaround on affected processors (bsc#1171904). - l2tp: Allow management of tunnels and session in user namespace (networking-stable-20_04_17). - libata: Remove extra scsi_host_put() in ata_scsi_add_hosts() (bsc#1051510). - libata: Return correct status in sata_pmp_eh_recover_pm() when ATA_DFLAG_DETACH is set (bsc#1051510). - libceph: do not omit recovery_deletes in target_copy() (bsc#1173462). - lib: raid6: fix awk build warnings (git fixes (block drivers)). - lib/raid6/test: fix build on distros whose /bin/sh is not bash (git fixes (block drivers)). - lib/stackdepot.c: fix global out-of-bounds in stack_slabs (git fixes (block drivers)). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - locks: print unsigned ino in /proc/locks (bsc#1171951). - mac80211: add ieee80211_is_any_nullfunc() (bsc#1051510). - mac80211_hwsim: Use kstrndup() in place of kasprintf() (bsc#1051510). - mac80211: mesh: fix discovery timer re-arming issue / crash (bsc#1051510). - macsec: avoid to set wrong mtu (bsc#1051510). - macsec: restrict to ethernet devices (networking-stable-20_03_28). - macvlan: add cond_resched() during multicast processing (networking-stable-20_03_14). - macvlan: fix null dereference in macvlan_device_event() (bsc#1051510). - md: Avoid namespace collision with bitmap API (git fixes (block drivers)). - md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (git-fixes). - md/raid0: Fix an error message in raid0_make_request() (git fixes (block drivers)). - md/raid10: prevent access of uninitialized resync_pages offset (git-fixes). - md: use memalloc scope APIs in mddev_suspend()/mddev_resume() (git fixes (block drivers)). - media: dvb: return -EREMOTEIO on i2c transfer failure (bsc#1051510). - media: platform: fcp: Set appropriate DMA parameters (bsc#1051510). - media: ti-vpe: cal: fix disable_irqs to only the intended target (git-fixes). - mei: release me_cl object reference (bsc#1051510). - mlxsw: Fix some IS_ERR() vs NULL bugs (networking-stable-20_04_27). - mlxsw: spectrum_flower: Do not stop at FLOW_ACTION_VLAN_MANGLE (networking-stable-20_04_09). - mmc: atmel-mci: Fix debugfs on 64-bit platforms (git-fixes). - mmc: dw_mmc: Fix debugfs on 64-bit platforms (git-fixes). - mmc: fix compilation of user API (bsc#1051510). - mmc: meson-gx: make sure the descriptor is stopped on errors (git-fixes). - mmc: meson-gx: simplify interrupt handler (git-fixes). - mmc: renesas_sdhi: limit block count to 16 bit for old revisions (git-fixes). - mmc: sdhci-esdhc-imx: fix the mask for tuning start point (bsc#1051510). - mmc: sdhci-msm: Clear tuning done flag while hs400 tuning (bsc#1051510). - mmc: sdhci-of-at91: fix memleak on clk_get failure (git-fixes). - mmc: sdhci-pci: Fix eMMC driver strength for BYT-based controllers (bsc#1051510). - mmc: sdhci-xenon: fix annoying 1.8V regulator warning (bsc#1051510). - mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() (bsc#1051510). - mmc: tmio: fix access width of Block Count Register (git-fixes). - mm: thp: handle page cache THP correctly in PageTransCompoundMap (git fixes (block drivers)). - mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer (bsc#1051510). - mtd: spi-nor: cadence-quadspi: add a delay in write sequence (git-fixes). - mtd: spi-nor: enable 4B opcodes for mx66l51235l (git-fixes). - mtd: spi-nor: fsl-quadspi: Do not let -EINVAL on the bus (git-fixes). - mwifiex: avoid -Wstringop-overflow warning (bsc#1051510). - mwifiex: Fix memory corruption in dump_station (bsc#1051510). - net: bcmgenet: correct per TX/RX ring statistics (networking-stable-20_04_27). - net: dsa: b53: Fix ARL register definitions (networking-stable-20_04_27). - net: dsa: b53: Rework ARL bin logic (networking-stable-20_04_27). - net: dsa: bcm_sf2: Do not register slave MDIO bus with OF (networking-stable-20_04_09). - net: dsa: bcm_sf2: Ensure correct sub-node is parsed (networking-stable-20_04_09). - net: dsa: bcm_sf2: Fix overflow checks (git-fixes). - net: dsa: Fix duplicate frames flooded by learning (networking-stable-20_03_28). - net: dsa: mv88e6xxx: fix lockup on warm boot (networking-stable-20_03_14). - net: fec: validate the new settings in fec_enet_set_coalesce() (networking-stable-20_03_14). - net: fib_rules: Correctly set table field when table number exceeds 8 bits (networking-stable-20_03_01). - netfilter: connlabels: prefer static lock initialiser (git-fixes). - netfilter: conntrack: sctp: use distinct states for new SCTP connections (bsc#1159199). - netfilter: ctnetlink: netns exit must wait for callbacks (bsc#1169795). - netfilter: not mark a spinlock as __read_mostly (git-fixes). - net: fix race condition in __inet_lookup_established() (bsc#1151794). - net: fq: add missing attribute validation for orphan mask (networking-stable-20_03_14). - net, ip_tunnel: fix interface lookup with no key (networking-stable-20_04_02). - net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin (networking-stable-20_04_17). - net: ipv6: do not consider routes via gateways for anycast address check (networking-stable-20_04_17). - netlink: Use netlink header as base to calculate bad attribute offset (networking-stable-20_03_14). - net: macsec: update SCI upon MAC address change (networking-stable-20_03_14). - net: memcg: fix lockdep splat in inet_csk_accept() (networking-stable-20_03_14). - net: memcg: late association of sock to memcg (networking-stable-20_03_14). - net/mlx4_en: avoid indirect call in TX completion (networking-stable-20_04_27). - net/mlx5: Add new fields to Port Type and Speed register (bsc#1171118). - net/mlx5: Add RoCE RX ICRC encapsulated counter (bsc#1171118). - net/mlx5e: Fix ethtool self test: link speed (bsc#1171118). - net/mlx5e: Move port speed code from en_ethtool.c to en/port.c (bsc#1171118). - net/mlx5: Expose link speed directly (bsc#1171118). - net/mlx5: Expose port speed when possible (bsc#1171118). - net: mvneta: Fix the case where the last poll did not process all rx (networking-stable-20_03_28). - net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node (networking-stable-20_04_27). - net/packet: tpacket_rcv: do not increment ring index on drop (networking-stable-20_03_14). - net: phy: restore mdio regs in the iproc mdio driver (networking-stable-20_03_01). - net: qmi_wwan: add support for ASKEY WWHC050 (networking-stable-20_03_28). - net: revert default NAPI poll timeout to 2 jiffies (networking-stable-20_04_17). - net_sched: cls_route: remove the right filter from hashtable (networking-stable-20_03_28). - net/smc: add fallback check to connect() (git-fixes). - net/smc: fix refcount non-blocking connect() -part 2 (git-fixes). - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484). - net/x25: Fix x25_neigh refcnt leak when receiving frame (networking-stable-20_04_27). - nfc: add missing attribute validation for SE API (networking-stable-20_03_14). - nfc: add missing attribute validation for vendor subcommand (networking-stable-20_03_14). - nfc: pn544: Fix occasional HW initialization failure (networking-stable-20_03_01). - nfc: st21nfca: add missed kfree_skb() in an error path (bsc#1051510). - nfsd4: fix up replay_matches_cache() (git-fixes). - nfsd: Ensure CLONE persists data and metadata changes to the target file (git-fixes). - nfsd: fix delay timer on 32-bit architectures (git-fixes). - nfsd: fix jiffies/time_t mixup in LRU list (git-fixes). - NFS: Directory page cache pages need to be locked when read (git-fixes). - nfsd: memory corruption in nfsd4_lock() (git-fixes). - NFS: Do not call generic_error_remove_page() while holding locks (bsc#1170457). - NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid() (bsc#1170592). - NFS: Fix memory leaks and corruption in readdir (git-fixes). - NFS: Fix O_DIRECT accounting of number of bytes read/written (git-fixes). - NFS: Fix potential posix_acl refcnt leak in nfs3_set_acl (git-fixes). - NFS: fix racey wait in nfs_set_open_stateid_locked (bsc#1170592). - NFS/flexfiles: Use the correct TCP timeout for flexfiles I/O (git-fixes). - NFS/pnfs: Fix pnfs_generic_prepare_to_resend_writes() (git-fixes). - NFS: Revalidate the file size on a fatal write error (git-fixes). - NFSv4.0: nfs4_do_fsinfo() should not do implicit lease renewals (git-fixes). - NFSv4: Do not allow a cached open with a revoked delegation (git-fixes). - NFSv4: Fix leak of clp->cl_acceptor string (git-fixes). - NFSv4/pnfs: Return valid stateids in nfs_layout_find_inode_by_stateid() (git-fixes). - NFSv4: Retry CLOSE and DELEGRETURN on NFS4ERR_OLD_STATEID (bsc#1170592). - NFSv4: try lease recovery on NFS4ERR_EXPIRED (git-fixes). - NFSv4.x: Drop the slot if nfs4_delegreturn_prepare waits for layoutreturn (git-fixes). - nl802154: add missing attribute validation for dev_type (networking-stable-20_03_14). - nl802154: add missing attribute validation (networking-stable-20_03_14). - nvme: check for NVME_CTRL_LIVE in nvme_report_ns_ids() (bcs#1171558 bsc#1159058). - nvme: do not update multipath disk information if the controller is down (bcs#1171558 bsc#1159058). - nvme-fc: print proper nvme-fc devloss_tmo value (bsc#1172391). - objtool: Add is_static_jump() helper (bsc#1169514). - objtool: Add relocation check for alternative sections (bsc#1169514). - objtool: Clean instruction state before each function validation (bsc#1169514). - objtool: Fix stack offset tracking for indirect CFAs (bsc#1169514). - objtool: Fix switch table detection in .text.unlikely (bsc#1169514). - objtool: Ignore empty alternatives (bsc#1169514). - objtool: Make BP scratch register warning more robust (bsc#1169514). - OMAP: DSS2: remove non-zero check on variable r (bsc#1114279) - overflow: Fix -Wtype-limits compilation warnings (git fixes). - overflow.h: Add arithmetic shift helper (git fixes). - p54usb: add AirVasT USB stick device-id (bsc#1051510). - padata: Remove broken queue flushing (git-fixes). - Partially revert 'kfifo: fix kfifo_alloc() and kfifo_init()' (git fixes (block drivers)). - PCI: Allow pci_resize_resource() for devices on root bus (bsc#1051510). - PCI: Fix pci_register_host_bridge() device_register() error handling (bsc#1051510). - PCI: Program MPS for RCiEP devices (bsc#1051510). - PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port (bsc#1051510). - perf: Allocate context task_ctx_data for child event (git-fixes). - perf/cgroup: Fix perf cgroup hierarchy support (git-fixes). - perf: Copy parent's address filter offsets on clone (git-fixes). - perf/core: Add sanity check to deal with pinned event failure (git-fixes). - perf/core: Avoid freeing static PMU contexts when PMU is unregistered (git-fixes). - perf/core: Correct event creation with PERF_FORMAT_GROUP (git-fixes). - perf/core: Do not WARN() for impossible ring-buffer sizes (git-fixes). - perf/core: Fix crash when using HW tracing kernel filters (git-fixes). - perf/core: Fix ctx_event_type in ctx_resched() (git-fixes). - perf/core: Fix error handling in perf_event_alloc() (git-fixes). - perf/core: Fix exclusive events' grouping (git-fixes). - perf/core: Fix group scheduling with mixed hw and sw events (git-fixes). - perf/core: Fix impossible ring-buffer sizes warning (git-fixes). - perf/core: Fix locking for children siblings group read (git-fixes). - perf/core: Fix perf_event_read_value() locking (git-fixes). - perf/core: Fix perf_pmu_unregister() locking (git-fixes). - perf/core: Fix perf_sample_regs_user() mm check (git-fixes). - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages (git-fixes). - perf/core: Fix race between close() and fork() (git-fixes). - perf/core: Fix the address filtering fix (git-fixes). - perf/core: Fix use-after-free in uprobe_perf_close() (git-fixes). - perf/core: Force USER_DS when recording user stack data (git-fixes). - perf/core: Restore mmap record type correctly (git-fixes). - perf: Fix header.size for namespace events (git-fixes). - perf/ioctl: Add check for the sample_period value (git-fixes). - perf, pt, coresight: Fix address filters for vmas with non-zero offset (git-fixes). - perf: Return proper values for user stack errors (git-fixes). - perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes). - perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity (git-fixes). - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes). - perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) (git-fixes). - perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static (git-fixes). - perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs (git-fixes stable). - perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes). - perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events (git-fixes stable). - perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes). - perf/x86: Fix incorrect PEBS_REGS (git-fixes). - perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts() (git-fixes). - perf/x86/intel: Add proper condition to run sched_task callbacks (git-fixes). - perf/x86/intel/bts: Fix the use of page_private() (git-fixes). - perf/x86/intel: Fix PT PMI handling (git-fixes). - perf/x86/intel: Move branch tracing setup to the Intel-specific source file (git-fixes). - perf/x86/intel/uncore: Add Node ID mask (git-fixes). - perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes). - perf/x86/uncore: Fix event group support (git-fixes). - pid: Improve the comment about waiting in zap_pid_ns_processes (git fixes)). - pinctrl: baytrail: Enable pin configuration setting for GPIO chip (git-fixes). - pinctrl: cherryview: Add missing spinlock usage in chv_gpio_irq_handler (git-fixes). - pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' (bsc#1051510). - pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' (bsc#1051510). - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs (bsc#1051510). - platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA (bsc#1051510). - pNFS: Ensure we do clear the return-on-close layout stateid on fatal errors (git-fixes). - pnp: Use list_for_each_entry() instead of open coding (git fixes). - powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729). - powerpc/64s: Save FSCR to init_task.thread.fscr after feature init (bsc#1065729). - powerpc: Add attributes for setjmp/longjmp (bsc#1065729). - powerpc/pci/of: Parse unassigned resources (bsc#1065729). - powerpc/setup_64: Set cache-line-size based on cache-block-size (bsc#1065729). - powerpc/sstep: Fix DS operand in ld encoding to appropriate value (bsc#1065729). - powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030). - power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select (bsc#1051510). - power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' (bsc#1051510). - power: supply: smb347-charger: IRQSTAT_D is volatile (bsc#1051510). - qede: Fix race between rdma destroy workqueue and link change event (networking-stable-20_03_01). - r8152: check disconnect status after long sleep (networking-stable-20_03_14). - raid5: remove gfp flags from scribble_alloc() (git fixes (block drivers)). - raid6/ppc: Fix build for clang (git fixes (block drivers)). - rcu: locking and unlocking need to always be at least barriers (git fixes (block drivers)). - RDMA/ipoib: Fix use of sizeof() (bsc#1168503). - RDMA/netdev: Fix netlink support in IPoIB (bsc#1168503). - RDMA/netdev: Hoist alloc_netdev_mqs out of the driver (bsc#1168503). - RDMA/netdev: Use priv_destructor for netdev cleanup (bsc#1168503). - README.BRANCH: Replace Matt Fleming with Davidlohr Bueso as maintainer. - Revert 'dm crypt: use WQ_HIGHPRI for the IO and crypt workqueues' (git fixes (block drivers)). - Revert 'drm/panel: simple: Add support for Sharp LQ150X1LG11 panels' (bsc#1114279) * offset changes - Revert 'ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()' (bsc#1172221). - Revert 'tools lib traceevent: Remove unneeded qsort and uses memmove' - rpm/kernel-docs.spec.in: Require python-packaging for build. - rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup() (bsc#1051510). - s390/bpf: Maintain 8-byte stack alignment (bsc#1169194). - s390/cio: avoid duplicated 'ADD' uevents (git-fixes). - s390/cio: generate delayed uevent for vfio-ccw subchannels (git-fixes). - s390/cpuinfo: fix wrong output when CPU0 is offline (git-fixes). - s390/diag: fix display of diagnose call statistics (git-fixes). - s390: fix syscall_get_error for compat processes (git-fixes). - s390/ftrace: fix potential crashes when switching tracers (git-fixes). - s390/gmap: return proper error code on ksm unsharing (git-fixes). - s390/ism: fix error return code in ism_probe() (git-fixes). - s390/pci: Fix possible deadlock in recover_store() (bsc#1165183 LTC#184103). - s390/pci: Recover handle in clp_set_pci_fn() (bsc#1165183 LTC#184103). - s390/qdio: consistently restore the IRQ handler (git-fixes). - s390/qdio: lock device while installing IRQ handler (git-fixes). - s390/qdio: put thinint indicator after early error (git-fixes). - s390/qdio: tear down thinint indicator after early error (git-fixes). - s390/qeth: cancel RX reclaim work earlier (git-fixes). - s390/qeth: do not return -ENOTSUPP to userspace (git-fixes). - s390/qeth: do not warn for napi with 0 budget (git-fixes). - s390/qeth: fix error handling for isolation mode cmds (git-fixes). - s390/qeth: fix off-by-one in RX copybreak check (git-fixes). - s390/qeth: fix promiscuous mode after reset (git-fixes). - s390/qeth: fix qdio teardown after early init error (git-fixes). - s390/qeth: handle error due to unsupported transport mode (git-fixes). - s390/qeth: handle error when backing RX buffer (git-fixes). - s390/qeth: lock the card while changing its hsuid (git-fixes). - s390/qeth: support net namespaces for L3 devices (git-fixes). - s390/time: Fix clk type in get_tod_clock (git-fixes). - scripts/decodecode: fix trapping instruction formatting (bsc#1065729). - scripts/dtc: Remove redundant YYLOC global declaration (bsc#1160388). - scsi: bnx2i: fix potential use after free (bsc#1171600). - scsi: core: Handle drivers which set sg_tablesize to zero (bsc#1171601) This commit also required: > scsi: core: avoid preallocating big SGL for data - scsi: core: save/restore command resid for error handling (bsc#1171602). - scsi: core: scsi_trace: Use get_unaligned_be*() (bsc#1171604). - scsi: core: try to get module before removing device (bsc#1171605). - scsi: csiostor: Adjust indentation in csio_device_reset (bsc#1171606). - scsi: csiostor: Do not enable IRQs too early (bsc#1171607). - scsi: esas2r: unlock on error in esas2r_nvram_read_direct() (bsc#1171608). - scsi: fnic: fix invalid stack access (bsc#1171609). - scsi: fnic: fix msix interrupt allocation (bsc#1171610). - scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM (bsc#1172759 ltc#184814). - scsi: ibmvscsi: Fix WARN_ON during event pool release (bsc#1170791 ltc#185128). - scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func (bsc#1171611). - scsi: iscsi: Fix a potential deadlock in the timeout handler (bsc#1171612). - scsi: iscsi: qla4xxx: fix double free in probe (bsc#1171613). - scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences (bsc#1171614). - scsi: lpfc: Fix crash in target side cable pulls hitting WAIT_FOR_UNREG (bsc#1171615). - scsi: megaraid_sas: Do not initiate OCR if controller is not in ready state (bsc#1171616). - scsi: qedf: Add port_id getter (bsc#1150660). - scsi: qla2xxx: add ring buffer for tracing debug logs (bsc#1157169). - scsi: qla2xxx: check UNLOADING before posting async work (bsc#1157169). - scsi: qla2xxx: Delete all sessions before unregister local nvme port (bsc#1157169). - scsi: qla2xxx: Do not log message when reading port speed via sysfs (bsc#1157169). - scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV (bsc#1157169). - scsi: qla2xxx: Fix regression warnings (bsc#1157169). - scsi: qla2xxx: Remove non functional code (bsc#1157169). - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983). - scsi: qla2xxx: set UNLOADING before waiting for session deletion (bsc#1157169). - scsi: qla4xxx: Adjust indentation in qla4xxx_mem_free (bsc#1171617). - scsi: qla4xxx: fix double free bug (bsc#1171618). - scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI (bsc#1171619). - scsi: sg: add sg_remove_request in sg_common_write (bsc#1171620). - scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6) (bsc#1171621). - scsi: ufs: change msleep to usleep_range (bsc#1171622). - scsi: ufs: Clean up ufshcd_scale_clks() and clock scaling error out path (bsc#1171623). - scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic (bsc#1171624). - scsi: ufs: Fix ufshcd_probe_hba() reture value in case ufshcd_scsi_add_wlus() fails (bsc#1171625). - scsi: ufs: Recheck bkops level if bkops is disabled (bsc#1171626). - scsi: zfcp: fix missing erp_lock in port recovery trigger for point-to-point (git-fixes). - sctp: fix possibly using a bad saddr with a given dst (networking-stable-20_04_02). - sctp: fix refcount bug in sctp_wfree (networking-stable-20_04_02). - sctp: move the format error check out of __sctp_sf_do_9_1_abort (networking-stable-20_03_01). - seq_file: fix problem when seeking mid-record (bsc#1170125). - serial: uartps: Move the spinlock after the read of the tx empty (git-fixes). - sfc: detach from cb_page in efx_copy_channel() (networking-stable-20_03_14). - signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig (bsc#1172185). - slcan: not call free_netdev before rtnl_unlock in slcan_open (networking-stable-20_03_28). - slip: make slhc_compress() more robust against malicious packets (networking-stable-20_03_14). - smb3: Additional compression structures (bsc#1144333). - smb3: Add new compression flags (bsc#1144333). - smb3: change noisy error message to FYI (bsc#1144333). - smb3: enable swap on SMB3 mounts (bsc#1144333). - smb3: Minor cleanup of protocol definitions (bsc#1144333). - smb3: remove overly noisy debug line in signing errors (bsc#1144333). - smb3: smbdirect support can be configured by default (bsc#1144333). - smb3: use SMB2_SIGNATURE_SIZE define (bsc#1144333). - spi: bcm2835: Fix 3-wire mode if DMA is enabled (git-fixes). - spi: bcm63xx-hsspi: Really keep pll clk enabled (bsc#1051510). - spi: bcm-qspi: when tx/rx buffer is NULL set to 0 (bsc#1051510). - spi: dw: Add SPI Rx-done wait method to DMA-based transfer (bsc#1051510). - spi: dw: Add SPI Tx-done wait method to DMA-based transfer (bsc#1051510). - spi: dw: use 'smp_mb()' to avoid sending spi data error (bsc#1051510). - spi: dw: Zero DMA Tx and Rx configurations on stack (bsc#1051510). - spi: fsl: do not map irq during probe (git-fixes). - spi: fsl: use platform_get_irq() instead of of_irq_to_resource() (git-fixes). - spi: pxa2xx: Add CS control clock quirk (bsc#1051510). - spi: qup: call spi_qup_pm_resume_runtime before suspending (bsc#1051510). - spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (git-fixes). - spi: spi-s3c64xx: Fix system resume support (git-fixes). - spi/zynqmp: remove entry that causes a cs glitch (bsc#1051510). - staging: comedi: dt2815: fix writing hi byte of analog output (bsc#1051510). - staging: comedi: Fix comedi_device refcnt leak in comedi_open (bsc#1051510). - staging: iio: ad2s1210: Fix SPI reading (bsc#1051510). - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (bsc#1051510). - staging: sm750fb: add missing case while setting FB_VISUAL (bsc#1051510). - staging: vt6656: Do not set RCR_MULTICAST or RCR_BROADCAST by default (git-fixes). - staging: vt6656: Fix drivers TBTT timing counter (git-fixes). - staging: vt6656: Fix pairwise key entry save (git-fixes). - sunrpc: expiry_time should be seconds not timeval (git-fixes). - SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()' (git-fixes). - SUNRPC: The TCP back channel mustn't disappear while requests are outstanding (bsc#1152624). - supported.conf: Add br_netfilter to base (bsc#1169020). - svcrdma: Fix leak of transport addresses (git-fixes). - taskstats: fix data-race (bsc#1172188). - tcp: cache line align MAX_TCP_HEADER (networking-stable-20_04_27). - tcp: repair: fix TCP_QUEUE_SEQ implementation (networking-stable-20_03_28). - team: add missing attribute validation for array index (networking-stable-20_03_14). - team: add missing attribute validation for port ifindex (networking-stable-20_03_14). - team: fix hang in team_mode_get() (networking-stable-20_04_27). - tools lib traceevent: Remove unneeded qsort and uses memmove instead (git-fixes). - tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send() (bsc#1065729). - tpm/tpm_tis: Free IRQ if probing fails (bsc#1082555). - tpm/tpm_tis: Free IRQ if probing fails (git-fixes). - tracing: Add a vmalloc_sync_mappings() for safe measure (git-fixes). - tracing: Disable trace_printk() on post poned tests (git-fixes). - tracing: Fix event trigger to accept redundant spaces (git-fixes). - tracing: Fix the race between registering 'snapshot' event trigger and triggering 'snapshot' operation (git-fixes). - tty: n_gsm: Fix bogus i++ in gsm_data_kick (bsc#1051510). - tty: n_gsm: Fix SOF skipping (bsc#1051510). - tty: n_gsm: Fix waking up upper tty layer when room available (bsc#1051510). - tty: rocket, avoid OOB access (git-fixes). - UAS: fix deadlock in error handling and PM flushing work (git-fixes). - UAS: no use logging any details in case of ENODEV (git-fixes). - USB: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair K70 RGB RAPIDFIRE (git-fixes). - USB: cdc-acm: restore capability check order (git-fixes). - USB: core: Fix misleading driver bug report (bsc#1051510). - USB: dwc2: gadget: move gadget resume after the core is in L0 state (bsc#1051510). - USB: dwc3: do not set gadget->is_otg flag (git-fixes). - USB: dwc3: gadget: Do link recovery for SS and SSP (git-fixes). - USB: early: Handle AMD's spec-compliant identifiers, too (git-fixes). - USB: f_fs: Clear OS Extended descriptor counts to zero in ffs_data_reset() (git-fixes). - USB: gadget: audio: Fix a missing error return value in audio_bind() (git-fixes). - USB: gadget: composite: Inform controller driver of self-powered (git-fixes). - USB: gadget: legacy: fix error return code in cdc_bind() (git-fixes). - USB: gadget: legacy: fix error return code in gncm_bind() (git-fixes). - USB: gadget: legacy: fix redundant initialization warnings (bsc#1051510). - USB: gadget: lpc32xx_udc: do not dereference ep pointer before null check (bsc#1051510). - USB: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()' (git-fixes). - USB: gadget: udc: atmel: Fix vbus disconnect handling (git-fixes). - USB: gadget: udc: atmel: Make some symbols static (git-fixes). - USB: gadget: udc: bdc: Remove unnecessary NULL checks in bdc_req_complete (git-fixes). - USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke (bsc#1051510). - USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() (bsc#1051510). - USB: host: xhci-plat: keep runtime active when removing host (git-fixes). - USB: hub: Fix handling of connect changes during sleep (git-fixes). - USB: musb: Fix runtime PM imbalance on error (bsc#1051510). - USB: musb: start session in resume for host port (bsc#1051510). - usbnet: silence an unnecessary warning (bsc#1170770). - USB: serial: garmin_gps: add sanity checking for data length (git-fixes). - USB: serial: option: add BroadMobi BM806U (git-fixes). - USB: serial: option: add support for ASKEY WWHC050 (git-fixes). - USB: serial: option: add Telit LE910C1-EUX compositions (bsc#1051510). - USB: serial: option: add Wistron Neweb D19Q1 (git-fixes). - USB: serial: qcserial: add DW5816e QDL support (bsc#1051510). - USB: serial: qcserial: Add DW5816e support (git-fixes). - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (bsc#1051510). - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (git-fixes). - USB: sisusbvga: Change port variable from signed to unsigned (git-fixes). - USB-storage: Add unusual_devs entry for JMicron JMS566 (git-fixes). - USB: uas: add quirk for LaCie 2Big Quadra (git-fixes). - USB: xhci: Fix NULL pointer dereference when enqueuing trbs from urb sg list (git-fixes). - video: fbdev: sis: Remove unnecessary parentheses and commented code (bsc#1114279) - video: fbdev: w100fb: Fix a potential double free (bsc#1051510). - virtio-blk: handle block_device_operations callbacks after hot unplug (git fixes (block drivers)). - vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484). - vmxnet3: add support to get/set rx flow hash (bsc#1172484). - vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484). - vmxnet3: avoid format strint overflow warning (bsc#1172484). - vmxnet3: prepare for version 4 changes (bsc#1172484). - vmxnet3: Remove always false conditional statement (bsc#1172484). - vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1172484). - vmxnet3: remove unused flag 'rxcsum' from struct vmxnet3_adapter (bsc#1172484). - vmxnet3: Replace msleep(1) with usleep_range() (bsc#1172484). - vmxnet3: update to version 4 (bsc#1172484). - vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484). - vrf: Check skb for XFRM_TRANSFORMED flag (networking-stable-20_04_27). - vt: ioctl, switch VT_IS_IN_USE and VT_BUSY to inlines (git-fixes). - vt: selection, introduce vc_is_sel (git-fixes). - vt: vt_ioctl: fix race in VT_RESIZEX (git-fixes). - vt: vt_ioctl: fix use-after-free in vt_in_use() (git-fixes). - vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (git-fixes). - vxlan: check return value of gro_cells_init() (networking-stable-20_03_28). - w1: omap-hdq: cleanup to add missing newline for some dev_dbg (bsc#1051510). - watchdog: reset last_hw_keepalive time at start (git-fixes). - wcn36xx: Fix error handling path in 'wcn36xx_probe()' (bsc#1051510). - wil6210: remove reset file from debugfs (git-fixes). - wimax/i2400m: Fix potential urb refcnt leak (bsc#1051510). - work around mvfs bug (bsc#1162063). - workqueue: do not use wq_select_unbound_cpu() for bound works (bsc#1172130). - x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1114279). - x86/entry/64: Fix unwind hints in kernel exit path (bsc#1058115). - x86/entry/64: Fix unwind hints in register clearing code (bsc#1058115). - x86/entry/64: Fix unwind hints in rewind_stack_do_exit() (bsc#1058115). - x86/entry/64: Fix unwind hints in __switch_to_asm() (bsc#1058115). - x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS (git-fixes). - x86: Fix early boot crash on gcc-10, third try (bsc#1114279). - x86/Hyper-V: Allow guests to enable InvariantTSC (bsc#1170620). - x86/Hyper-V: Free hv_panic_page when fail to register kmsg dump (bsc#1170618). - x86/Hyper-V: Report crash data in die() when panic_on_oops is set (bsc#1170618). - x86/Hyper-V: Report crash register data or kmsg before running crash kernel (bsc#1170618). - x86/Hyper-V: Report crash register data when sysctl_record_panic_msg is not set (bsc#1170618). - x86/Hyper-V: report value of misc_features (git-fixes). - x86/Hyper-V: Trigger crash enlightenment only once during system crash (bsc#1170618). - x86/Hyper-V: Unload vmbus channel in hv panic callback (bsc#1170618). - x86/kprobes: Avoid kretprobe recursion bug (bsc#1114279). - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257). - x86/reboot/quirks: Add MacBook6,1 reboot quirk (bsc#1114279). - x86/resctrl: Fix invalid attempt at removing the default resource group (git-fixes). - x86/resctrl: Preserve CDP enable over CPU hotplug (bsc#1114279). - x86/unwind/orc: Do not skip the first frame for inactive tasks (bsc#1058115). - x86/unwind/orc: Fix error handling in __unwind_start() (bsc#1058115). - x86/unwind/orc: Fix error path for bad ORC entry type (bsc#1058115). - x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks (bsc#1058115). - x86/unwind/orc: Prevent unwinding before ORC initialization (bsc#1058115). - x86/unwind: Prevent false warnings for non-current tasks (bsc#1058115). - x86/xen: fix booting 32-bit pv guest (bsc#1071995). - x86/xen: Make the boot CPU idle task reliable (bsc#1071995). - x86/xen: Make the secondary CPU idle tasks reliable (bsc#1071995). - xen/pci: reserve MCFG areas earlier (bsc#1170145). - xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish (networking-stable-20_04_27). - xfrm: fix error in comment (git fixes). - xfs: Correctly invert xfs_buftarg LRU isolation logic (git-fixes). - xfs: do not ever return a stale pointer from __xfs_dir3_free_read (git-fixes). - xprtrdma: Fix completion wait during device removal (git-fixes). Important SUSE bug 1051510 SUSE bug 1058115 SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1082555 SUSE bug 1085030 SUSE bug 1089895 SUSE bug 1104967 SUSE bug 1111666 SUSE bug 1114279 SUSE bug 1133021 SUSE bug 1144333 SUSE bug 1148868 SUSE bug 1150660 SUSE bug 1151794 SUSE bug 1152107 SUSE bug 1152489 SUSE bug 1152624 SUSE bug 1154824 SUSE bug 1157169 SUSE bug 1158265 SUSE bug 1158983 SUSE bug 1159058 SUSE bug 1159199 SUSE bug 1160388 SUSE bug 1160947 SUSE bug 1161016 SUSE bug 1162002 SUSE bug 1162063 SUSE bug 1165183 SUSE bug 1165741 SUSE bug 1166969 SUSE bug 1167574 SUSE bug 1167851 SUSE bug 1168081 SUSE bug 1168503 SUSE bug 1168670 SUSE bug 1169020 SUSE bug 1169194 SUSE bug 1169514 SUSE bug 1169525 SUSE bug 1169625 SUSE bug 1169795 SUSE bug 1170011 SUSE bug 1170056 SUSE bug 1170125 SUSE bug 1170145 SUSE bug 1170345 SUSE bug 1170457 SUSE bug 1170522 SUSE bug 1170592 SUSE bug 1170618 SUSE bug 1170620 SUSE bug 1170770 SUSE bug 1170778 SUSE bug 1170791 SUSE bug 1170901 SUSE bug 1171078 SUSE bug 1171098 SUSE bug 1171118 SUSE bug 1171124 SUSE bug 1171189 SUSE bug 1171191 SUSE bug 1171195 SUSE bug 1171202 SUSE bug 1171205 SUSE bug 1171217 SUSE bug 1171218 SUSE bug 1171219 SUSE bug 1171220 SUSE bug 1171293 SUSE bug 1171417 SUSE bug 1171424 SUSE bug 1171527 SUSE bug 1171558 SUSE bug 1171599 SUSE bug 1171600 SUSE bug 1171601 SUSE bug 1171602 SUSE bug 1171604 SUSE bug 1171605 SUSE bug 1171606 SUSE bug 1171607 SUSE bug 1171608 SUSE bug 1171609 SUSE bug 1171610 SUSE bug 1171611 SUSE bug 1171612 SUSE bug 1171613 SUSE bug 1171614 SUSE bug 1171615 SUSE bug 1171616 SUSE bug 1171617 SUSE bug 1171618 SUSE bug 1171619 SUSE bug 1171620 SUSE bug 1171621 SUSE bug 1171622 SUSE bug 1171623 SUSE bug 1171624 SUSE bug 1171625 SUSE bug 1171626 SUSE bug 1171673 SUSE bug 1171679 SUSE bug 1171691 SUSE bug 1171694 SUSE bug 1171695 SUSE bug 1171736 SUSE bug 1171761 SUSE bug 1171868 SUSE bug 1171904 SUSE bug 1171948 SUSE bug 1171949 SUSE bug 1171951 SUSE bug 1171952 SUSE bug 1171982 SUSE bug 1171983 SUSE bug 1172096 SUSE bug 1172097 SUSE bug 1172098 SUSE bug 1172099 SUSE bug 1172101 SUSE bug 1172102 SUSE bug 1172103 SUSE bug 1172104 SUSE bug 1172127 SUSE bug 1172130 SUSE bug 1172185 SUSE bug 1172188 SUSE bug 1172199 SUSE bug 1172221 SUSE bug 1172253 SUSE bug 1172257 SUSE bug 1172317 SUSE bug 1172342 SUSE bug 1172343 SUSE bug 1172344 SUSE bug 1172366 SUSE bug 1172391 SUSE bug 1172397 SUSE bug 1172453 SUSE bug 1172458 SUSE bug 1172484 SUSE bug 1172759 SUSE bug 1172775 SUSE bug 1172781 SUSE bug 1172782 SUSE bug 1172783 SUSE bug 1172999 SUSE bug 1173265 SUSE bug 1173280 SUSE bug 1173428 SUSE bug 1173462 SUSE bug 1173659 CVE-2018-1000199 CVE-2019-16746 CVE-2019-19462 CVE-2019-20806 CVE-2019-20810 CVE-2019-20812 CVE-2019-9455 CVE-2020-0543 CVE-2020-10690 CVE-2020-10711 CVE-2020-10720 CVE-2020-10732 CVE-2020-10751 CVE-2020-10757 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10769 CVE-2020-10773 CVE-2020-12114 CVE-2020-12464 CVE-2020-12652 CVE-2020-12653 CVE-2020-12654 CVE-2020-12655 CVE-2020-12656 CVE-2020-12657 CVE-2020-12769 CVE-2020-12888 CVE-2020-13143 CVE-2020-13974 CVE-2020-14416 cpe:/o:suse:suse-linux-enterprise-rt:12:sp4 SUSE Linux Enterprise Real Time 12 SP4 The SUSE Linux Enterprise 12 SP4 real-time kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-14615: An information disclosure vulnerability existed due to insufficient control flow in certain data structures for some Intel(R) Processors (bnc#1160195). - CVE-2019-14895: A heap-based buffer overflow was discovered in the Marvell WiFi driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service or possibly execute arbitrary code (bnc#1157158). - CVE-2019-14896: A heap overflow was found in the add_ie_rates() function of the Marvell Wifi Driver (bsc#1157157). - CVE-2019-14897: A stack overflow was found in the lbs_ibss_join_existing() function of the Marvell Wifi Driver (bsc#1157155). - CVE-2019-14901: A heap overflow flaw was found in the Marvell WiFi driver. The vulnerability allowed a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code (bnc#1157042). - CVE-2019-15213: A use-after-free bug caused by a malicious USB device was found in drivers/media/usb/dvb-usb/dvb-usb-init.c (bsc#1146544). - CVE-2019-16994: A memory leak existed in sit_init_net() in net/ipv6/sit.c which might have caused denial of service, aka CID-07f12b26e21a (bnc#1161523). - CVE-2019-18660: An information disclosure bug occured because the Spectre-RSB mitigation were not in place for all applicable CPUs, aka CID-39e72bf96f58 (bnc#1157038). - CVE-2019-18683: Multiple race conditions were discovered in drivers/media/platform/vivid. It was exploitable for privilege escalation if local users had access to /dev/video0, but only if the driver happened to be loaded. At least one of these race conditions led to a use-after-free (bnc#1155897). - CVE-2019-18808: A memory leak in drivers/crypto/ccp/ccp-ops.c allowed attackers to cause a denial of service (memory consumption), aka CID-128c66429247 (bnc#1156259). - CVE-2019-18809: A memory leak in drivers/media/usb/dvb-usb/af9005.c allowed attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559 (bnc#1156258). - CVE-2019-19036: An issue discovered in btrfs_root_node in fs/btrfs/ctree.c allowed a NULL pointer dereference because rcu_dereference(root->node) can be zero (bnc#1157692). - CVE-2019-19045: A memory leak in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c allowed attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7 (bnc#1161522). - CVE-2019-19051: A memory leak in drivers/net/wimax/i2400m/op-rfkill.c allowed attackers to cause a denial of service (memory consumption), aka CID-6f3ef5c25cc7 (bnc#1159024). - CVE-2019-19052: A memory leak in drivers/net/can/usb/gs_usb.c allowed attackers to cause a denial of service (memory consumption), aka CID-fb5be6a7b486 (bnc#1157324). - CVE-2019-19054: A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c allowed attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b (bnc#1161518). - CVE-2019-19056: A memory leak in drivers/net/wireless/marvell/mwifiex/pcie.c allowed attackers to cause a denial of service (memory consumption), aka CID-db8fd2cde932 (bnc#1157197). - CVE-2019-19057: Two memory leaks in drivers/net/wireless/marvell/mwifiex/pcie.c allowed attackers to cause a denial of service (memory consumption), aka CID-d10dcb615c8e (bnc#1157193 bsc#1157197). - CVE-2019-19058: A memory leak in drivers/net/wireless/intel/iwlwifi/fw/dbg.c allowed attackers to cause a denial of service (memory consumption), aka CID-b4b814fec1a5 (bnc#1157145). - CVE-2019-19060: A memory leak in drivers/iio/imu/adis_buffer.c allowed attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41 (bnc#1157178). - CVE-2019-19062: A memory leak in crypto/crypto_user_base.c allowed attackers to cause a denial of service (memory consumption), aka CID-ffdde5932042 (bnc#1157333). - CVE-2019-19063: Two memory leaks in drivers/net/wireless/realtek/rtlwifi/usb.c allowed attackers to cause a denial of service (memory consumption), aka CID-3f9361695113 (bnc#1157298). - CVE-2019-19065: A memory leak in drivers/infiniband/hw/hfi1/sdma.c allowed attackers to cause a denial of service (memory consumption), aka CID-34b3be18a04e (bnc#1157191). - CVE-2019-19066: A memory leak in drivers/scsi/bfa/bfad_attr.c allowed attackers to cause a denial of service (memory consumption), aka CID-0e62395da2bd (bnc#1157303). - CVE-2019-19067: There were four unlikely memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c (bnc#1157180). - CVE-2019-19068: A memory leak in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c allowed attackers to cause a denial of service (memory consumption), aka CID-a2cdd07488e6 (bnc#1157307). - CVE-2019-19073: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c allowed attackers to cause a denial of service (memory consumption), aka CID-853acf7caf10 (bnc#1157070). - CVE-2019-19074: A memory leak in drivers/net/wireless/ath/ath9k/wmi.c allowed attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4 (bnc#1157143). - CVE-2019-19075: A memory leak in drivers/net/ieee802154/ca8210.c allowed attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures, aka CID-6402939ec86e (bnc#1157162). - CVE-2019-19077: A memory leak in drivers/infiniband/hw/bnxt_re/ib_verbs.c allowed attackers to cause a denial of service (memory consumption), aka CID-4a9d46a9fe14 (bnc#1157171). - CVE-2019-19227: In the AppleTalk subsystem there was a potential NULL pointer dereference because register_snap_client may return NULL. This could have led to denial of service, aka CID-9804501fa122 (bnc#1157678). - CVE-2019-19318: Mounting a crafted btrfs image twice could have caused a use-after-free (bnc#1158026). - CVE-2019-19319: A slab-out-of-bounds write access could have occured when setxattr was called after mounting of a specially crafted ext4 image (bnc#1158021). - CVE-2019-19332: An out-of-bounds memory write issue was found in the way the KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could have used this flaw to crash the system (bnc#1158827). - CVE-2019-19447: Mounting a crafted ext4 filesystem image, performing some operations, and unmounting could have led to a use-after-free in fs/ext4/super.c (bnc#1158819). - CVE-2019-19523: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79 (bsc#1158823). - CVE-2019-19524: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9 (bsc#1158413). - CVE-2019-19525: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035 (bsc#1158417). - CVE-2019-19526: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098 (bsc#1158893). - CVE-2019-19527: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e (bsc#1158900). - CVE-2019-19528: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d (bsc#1158407). - CVE-2019-19529: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41 (bnc#1158381). - CVE-2019-19530: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef (bsc#1158410). - CVE-2019-19531: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca (bsc#1158445). - CVE-2019-19532: There were multiple out-of-bounds write bugs that can be caused by a malicious USB HID device, aka CID-d9d4b1e46d95 (bsc#1158824). - CVE-2019-19533: There was an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464 (bsc#1158834). - CVE-2019-19534: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29 (bsc#1158398). - CVE-2019-19535: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042 (bsc#1158903). - CVE-2019-19536: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0 (bsc#1158394). - CVE-2019-19537: There was a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9 (bsc#1158904). - CVE-2019-19543: There was a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (bnc#1158427). - CVE-2019-19767: There were multiple use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163 (bnc#1159297). - CVE-2019-19965: There was a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5 (bnc#1159911). - CVE-2019-19966: There was a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that could have caused a denial of service, aka CID-dea37a972655 (bnc#1159841). - CVE-2019-20054: There was a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e (bnc#1159910). - CVE-2019-20095: Several memory leaks were found in drivers/net/wireless/marvell/mwifiex/cfg80211.c, aka CID-003b686ace82 (bnc#1159909). - CVE-2019-20096: There was a memory leak in __feat_register_sp() in net/dccp/feat.c, aka CID-1d3ff0950e2b (bnc#1159908). - CVE-2020-7053: There was a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c (bnc#1160966). - CVE-2019-19338: There was an incomplete fix for an issue with Transactional Synchronisation Extensions in the KVM code (bsc#1158954). - CVE-2019-19049: There was an unlikely memory leak in unittest_data_add (bsc#1157173). The following non-security bugs were fixed: - ACPI / APEI: Do not wait to serialise with oops messages when panic()ing (bsc#1051510). - ACPI / LPSS: Exclude I2C busses shared with PUNIT from pmc_atom_d3_mask (bsc#1051510). - ACPI / LPSS: Ignore acpi_device_fix_up_power() return value (bsc#1051510). - ACPI / SBS: Fix rare oops when removing modules (bsc#1051510). - ACPI: bus: Fix NULL pointer check in acpi_bus_get_private_data() (bsc#1051510). - ACPI: fix acpi_find_child_device() invocation in acpi_preset_companion() (bsc#1051510). - ACPI: OSL: only free map once in osl.c (bsc#1051510). - ACPI: sysfs: Change ACPI_MASKABLE_GPE_MAX to 0x100 (bsc#1051510). - ACPICA: Never run _REG on system_memory and system_IO (bsc#1051510). - ACPICA: Use %d for signed int print formatting instead of %u (bsc#1051510). - af_packet: set defaule value for tmo (bsc#1051510). - ALSA: 6fire: Drop the dead code (git-fixes). - ALSA: control: remove useless assignment in .info callback of PCM chmap element (git-fixes). - ALSA: cs4236: fix error return comparison of an unsigned integer (git-fixes). - ALSA: echoaudio: simplify get_audio_levels (bsc#1051510). - ALSA: fireface: fix return value in error path of isochronous resources reservation (bsc#1051510). - ALSA: firewire-motu: Correct a typo in the clock proc string (git-fixes). - ALSA: hda - Add docking station support for Lenovo Thinkpad T420s (git-fixes). - ALSA: hda - Add mute led support for HP ProBook 645 G4 (git-fixes). - ALSA: hda - Downgrade error message for single-cmd fallback (git-fixes). - ALSA: hda - Fix pending unsol events at shutdown (git-fixes). - ALSA: hda/analog - Minor optimization for SPDIF mux connections (git-fixes). - ALSA: hda/ca0132 - Avoid endless loop (git-fixes). - ALSA: hda/ca0132 - Fix work handling in delayed HP detection (git-fixes). - ALSA: hda/ca0132 - Keep power on during processing DSP response (git-fixes). - ALSA: hda/hdmi - Add new pci ids for AMD GPU display audio (git-fixes). - ALSA: hda/hdmi - add retry logic to parse_intel_hdmi() (git-fixes). - ALSA: hda/hdmi - fix atpx_present when CLASS is not VGA (bsc#1051510). - ALSA: hda/hdmi - Fix duplicate unref of pci_dev (bsc#1051510). - ALSA: hda/hdmi - fix vgaswitcheroo detection for AMD (git-fixes). - ALSA: hda/realtek - Add headset Mic no shutup for ALC283 (bsc#1051510). - ALSA: hda/realtek - Dell headphone has noise on unmute for ALC236 (git-fixes). - ALSA: hda/realtek - Line-out jack does not work on a Dell AIO (bsc#1051510). - ALSA: hda/realtek - Move some alc236 pintbls to fallback table (git-fixes). - ALSA: hda/realtek - Move some alc256 pintbls to fallback table (git-fixes). - ALSA: hda: Add Clevo W65_67SB the power_save blacklist (git-fixes). - ALSA: i2c/cs8427: Fix int to char conversion (bsc#1051510). - ALSA: ice1724: Fix sleep-in-atomic in Infrasonic Quartet support code (bsc#1051510). - ALSA: intel8x0m: Register irq handler after register initializations (bsc#1051510). - ALSA: oxfw: fix return value in error path of isochronous resources reservation (bsc#1051510). - ALSA: pcm: Avoid possible info leaks from PCM stream buffers (git-fixes). - ALSA: pcm: oss: Avoid potential buffer overflows (git-fixes). - ALSA: pcm: signedness bug in snd_pcm_plug_alloc() (bsc#1051510). - ALSA: seq: Do error checks at creating system ports (bsc#1051510). - ALSA: seq: Fix racy access for queue timer in proc read (bsc#1051510). - ALSA: sh: Fix compile warning wrt const (git-fixes). - ALSA: usb-audio: Fix Focusrite Scarlett 6i6 gen1 - input handling (git-fixes). - ALSA: usb-audio: fix set_format altsetting sanity check (bsc#1051510). - ALSA: usb-audio: fix sync-ep altsetting sanity check (bsc#1051510). - apparmor: fix unsigned len comparison with less than zero (git-fixes). - appledisplay: fix error handling in the scheduled work (git-fixes). - ar5523: check NULL before memcpy() in ar5523_cmd() (bsc#1051510). - ASoC: au8540: use 64-bit arithmetic instead of 32-bit (bsc#1051510). - ASoC: compress: fix unsigned integer overflow check (bsc#1051510). - ASoC: cs4349: Use PM ops 'cs4349_runtime_pm' (bsc#1051510). - ASoC: davinci-mcasp: Handle return value of devm_kasprintf (stable 4.14.y). - ASoC: davinci: Kill BUG_ON() usage (stable 4.14.y). - ASoC: dpcm: Properly initialise hw->rate_max (bsc#1051510). - ASoC: Intel: hdac_hdmi: Limit sampling rates at dai creation (bsc#1051510). - ASoC: Jack: Fix NULL pointer dereference in snd_soc_jack_report (bsc#1051510). - ASoC: kirkwood: fix external clock probe defer (git-fixes). - ASoC: msm8916-wcd-analog: Fix RX1 selection in RDAC2 MUX (git-fixes). - ASoC: msm8916-wcd-analog: Fix selected events for MIC BIAS External1 (bsc#1051510). - ASoC: sgtl5000: avoid division by zero if lo_vag is zero (bsc#1051510). - ASoC: tegra_sgtl5000: fix device_node refcounting (bsc#1051510). - ASoC: tlv320aic31xx: Handle inverted BCLK in non-DSP modes (stable 4.14.y). - ASoC: tlv320dac31xx: mark expected switch fall-through (stable 4.14.y). - ASoC: wm8962: fix lambda value (git-fixes). - ata: ep93xx: Use proper enums for directions (bsc#1051510). - ath10k: fix fw crash by moving chip reset after napi disabled (bsc#1051510). - ath10k: fix kernel panic by moving pci flush after napi_disable (bsc#1051510). - ath10k: fix vdev-start timeout on error (bsc#1051510). - ath10k: limit available channels via DT ieee80211-freq-limit (bsc#1051510). - ath10k: wmi: disable softirq's while calling ieee80211_rx (bsc#1051510). - ath6kl: Fix off by one error in scan completion (bsc#1051510). - ath9k: add back support for using active monitor interfaces for tx99 (bsc#1051510). - ath9k: Fix a locking bug in ath9k_add_interface() (bsc#1051510). - ath9k: fix reporting calculated new FFT upper max (bsc#1051510). - ath9k: fix storage endpoint lookup (git-fixes). - ath9k: fix tx99 with monitor mode interface (bsc#1051510). - ath9k_hw: fix uninitialized variable data (bsc#1051510). - atl1e: checking the status of atl1e_write_phy_reg (bsc#1051510). - audit: Allow auditd to set pid to 0 to end auditing (bsc#1158094). - ax88172a: fix information leak on short answers (bsc#1051510). - backlight: lm3639: Unconditionally call led_classdev_unregister (bsc#1051510). - batman-adv: Fix DAT candidate selection on little endian systems (bsc#1051510). - bcma: remove set but not used variable 'sizel' (git-fixes). - Bluetooth: btusb: fix PM leak in error case of setup (bsc#1051510). - Bluetooth: delete a stray unlock (bsc#1051510). - Bluetooth: Fix invalid-free in bcsp_close() (git-fixes). - Bluetooth: Fix memory leak in hci_connect_le_scan (bsc#1051510). - Bluetooth: hci_bcm: Handle specific unknown packets after firmware loading (bsc#1051510). - Bluetooth: hci_core: fix init for HCI_USER_CHANNEL (bsc#1051510). - Bluetooth: L2CAP: Detect if remote is not able to use the whole MPS (bsc#1051510). - bonding: fix active-backup transition after link failure (git-fixes). - bonding: fix slave stuck in BOND_LINK_FAIL state (networking-stable-19_11_10). - bonding: fix state transition issue in link monitoring (networking-stable-19_11_10). - bpf: Make use of probe_user_write in probe write helper (bsc#1083647). - brcmfmac: fix full timeout waiting for action frame on-channel tx (bsc#1051510). - brcmfmac: fix interface sanity check (git-fixes). - brcmfmac: Fix memory leak in brcmf_usbdev_qinit (git-fixes). - brcmfmac: Fix use after free in brcmf_sdio_readframes() (git-fixes). - brcmfmac: reduce timeout for action frame scan (bsc#1051510). - brcmsmac: AP mode: update beacon when TIM changes (bsc#1051510). - brcmsmac: never log 'tid x is not agg'able' by default (bsc#1051510). - btrfs: abort transaction after failed inode updates in create_subvol (bsc#1161936). - btrfs: add missing extents release on file extent cluster relocation error (bsc#1159483). - btrfs: avoid fallback to transaction commit during fsync of files with holes (bsc#1159569). - btrfs: dev-replace: remove warning for unknown return codes when finished (dependency for bsc#1162067). - btrfs: do not call synchronize_srcu() in inode_tree_del (bsc#1161934). - btrfs: Ensure we trim ranges across block group boundary (bsc#1151910). - btrfs: fix block group remaining RO forever after error during device replace (bsc#1160442). - btrfs: fix infinite loop during nocow writeback due to race (bsc#1160804). - btrfs: fix integer overflow in calc_reclaim_items_nr (bsc#1160433). - btrfs: fix missing data checksums after replaying a log tree (bsc#1161931). - btrfs: fix negative subv_writers counter and data space leak after buffered write (bsc#1160802). - btrfs: fix removal logic of the tree mod log that leads to use-after-free issues (bsc#1160803). - btrfs: fix selftests failure due to uninitialized i_mode in test inodes (Fix for dependency of bsc#1157692). - btrfs: handle ENOENT in btrfs_uuid_tree_iterate (bsc#1161937). - btrfs: harden agaist duplicate fsid on scanned devices (bsc#1134973). - btrfs: inode: Verify inode mode to avoid NULL pointer dereference (dependency for bsc#1157692). - btrfs: make tree checker detect checksum items with overlapping ranges (bsc#1161931). - btrfs: Move btrfs_check_chunk_valid() to tree-check.[ch] and export it (dependency for bsc#1157692). - btrfs: record all roots for rename exchange on a subvol (bsc#1161933). - btrfs: relocation: fix reloc_root lifespan and access (bsc#1159588). - btrfs: scrub: Require mandatory block group RO for dev-replace (bsc#1162067). - btrfs: simplify inode locking for RWF_NOWAIT (git-fixes). - btrfs: skip log replay on orphaned roots (bsc#1161935). - btrfs: tree-checker: Check chunk item at tree block read time (dependency for bsc#1157692). - btrfs: tree-checker: Check level for leaves and nodes (dependency for bsc#1157692). - btrfs: tree-checker: Enhance chunk checker to validate chunk profile (dependency for bsc#1157692). - btrfs: tree-checker: Fix wrong check on max devid (fixes for dependency of bsc#1157692). - btrfs: tree-checker: get fs_info from eb in block_group_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_block_group_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_csum_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_dev_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_dir_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_extent_data_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_inode_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_leaf (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_leaf_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in chunk_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in dev_item_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in dir_item_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in file_extent_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in generic_err (dependency for bsc#1157692). - btrfs: tree-checker: Make btrfs_check_chunk_valid() return EUCLEAN instead of EIO (dependency for bsc#1157692). - btrfs: tree-checker: Make chunk item checker messages more readable (dependency for bsc#1157692). - btrfs: tree-checker: Verify dev item (dependency for bsc#1157692). - btrfs: tree-checker: Verify inode item (dependency for bsc#1157692). - btrfs: volumes: Use more straightforward way to calculate map length (bsc#1151910). - can, slip: Protect tty->disc_data in write_wakeup and close with RCU (bsc#1051510). - can: can_dropped_invalid_skb(): ensure an initialized headroom in outgoing CAN sk_buffs (bsc#1051510). - can: c_can: c_can_poll(): only read status register after status IRQ (git-fixes). - can: c_can: D_CAN: c_can_chip_config(): perform a sofware reset on open (bsc#1051510). - can: gs_usb: gs_usb_probe(): use descriptors of current altsetting (bsc#1051510). - can: mcba_usb: fix use-after-free on disconnect (git-fixes). - can: mscan: mscan_rx_poll(): fix rx path lockup when returning from polling to irq mode (bsc#1051510). - can: peak_usb: fix a potential out-of-sync while decoding packets (git-fixes). - can: peak_usb: fix slab info leak (git-fixes). - can: peak_usb: report bus recovery as well (bsc#1051510). - can: rx-offload: can_rx_offload_irq_offload_fifo(): continue on error (bsc#1051510). - can: rx-offload: can_rx_offload_irq_offload_timestamp(): continue on error (bsc#1051510). - can: rx-offload: can_rx_offload_offload_one(): do not increase the skb_queue beyond skb_queue_len_max (git-fixes). - can: rx-offload: can_rx_offload_offload_one(): increment rx_fifo_errors on queue overflow or OOM (bsc#1051510). - can: rx-offload: can_rx_offload_offload_one(): use ERR_PTR() to propagate error value in case of errors (bsc#1051510). - can: rx-offload: can_rx_offload_queue_sorted(): fix error handling, avoid skb mem leak (git-fixes). - can: rx-offload: can_rx_offload_queue_tail(): fix error handling, avoid skb mem leak (git-fixes). - can: slcan: Fix use-after-free Read in slcan_open (bsc#1051510). - can: usb_8dev: fix use-after-free on disconnect (git-fixes). - CDC-NCM: handle incomplete transfer of MTU (networking-stable-19_11_10). - ceph: add missing check in d_revalidate snapdir handling (bsc#1157183). - ceph: do not try to handle hashed dentries in non-O_CREAT atomic_open (bsc#1157184). - ceph: fix use-after-free in __ceph_remove_cap() (bsc#1154058). - ceph: just skip unrecognized info in ceph_reply_info_extra (bsc#1157182). - cfg80211/mac80211: make ieee80211_send_layer2_update a public function (bsc#1051510). - cfg80211: Avoid regulatory restore when COUNTRY_IE_IGNORE is set (bsc#1051510). - cfg80211: call disconnect_wk when AP stops (bsc#1051510). - cfg80211: check for set_wiphy_params (bsc#1051510). - cfg80211: fix page refcount issue in A-MSDU decap (bsc#1051510). - cfg80211: Prevent regulatory restore during STA disconnect in concurrent interfaces (bsc#1051510). - cgroup,writeback: do not switch wbs immediately on dead wbs if the memcg is dead (bsc#1158645). - cgroup: pids: use atomic64_t for pids->limit (bsc#1161514). - cifs: add a helper to find an existing readable handle to a file (bsc#1144333, bsc#1154355). - cifs: add support for flock (bsc#1144333). - cifs: avoid using MID 0xFFFF (bsc#1144333, bsc#1154355). - cifs: Close cached root handle only if it had a lease (bsc#1144333). - cifs: Close open handle after interrupted close (bsc#1144333). - cifs: close the shared root handle on tree disconnect (bsc#1144333). - cifs: create a helper to find a writeable handle by path name (bsc#1144333, bsc#1154355). - cifs: Do not miss cancelled OPEN responses (bsc#1144333). - cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (bsc#1144333, bsc#1154355). - cifs: Fix lookup of root ses in DFS referral cache (bsc#1144333). - cifs: fix max ea value size (bsc#1144333, bsc#1154355). - cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1144333). - cifs: Fix missed free operations (bsc#1144333, bsc#1154355). - cifs: Fix mount options set in automount (bsc#1144333). - cifs: Fix NULL pointer dereference in mid callback (bsc#1144333). - cifs: Fix NULL-pointer dereference in smb2_push_mandatory_locks (bsc#1144333). - cifs: Fix oplock handling for SMB 2.1+ protocols (bsc#1144333, bsc#1154355). - cifs: Fix potential softlockups while refreshing DFS cache (bsc#1144333). - cifs: Fix retrieval of DFS referrals in cifs_mount() (bsc#1144333). - cifs: Fix retry mid list corruption on reconnects (bsc#1144333, bsc#1154355). - cifs: Fix SMB2 oplock break processing (bsc#1144333, bsc#1154355). - cifs: Fix use after free of file info structures (bsc#1144333, bsc#1154355). - cifs: Fix use-after-free bug in cifs_reconnect() (bsc#1144333). - cifs: Force reval dentry if LOOKUP_REVAL flag is set (bsc#1144333, bsc#1154355). - cifs: Force revalidate inode when dentry is stale (bsc#1144333, bsc#1154355). - cifs: Gracefully handle QueryInfo errors during open (bsc#1144333, bsc#1154355). - cifs: move cifsFileInfo_put logic into a work-queue (bsc#1144333, bsc#1154355). - cifs: prepare SMB2_Flush to be usable in compounds (bsc#1144333, bsc#1154355). - cifs: Properly process SMB3 lease breaks (bsc#1144333). - cifs: remove set but not used variables 'cinode' and 'netfid' (bsc#1144333). - cifs: Respect O_SYNC and O_DIRECT flags during reconnect (bsc#1144333). - cifs: set domainName when a domain-key is used in multiuser (bsc#1144333, bsc#1154355). - cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic (bsc#1144333, bsc#1154355). - cifs: use existing handle for compound_op(OP_SET_INFO) when possible (bsc#1144333, bsc#1154355). - cifs: Use kzfree() to zero out the password (bsc#1144333, bsc#1154355). - clk: at91: avoid sleeping early (git-fixes). - clk: Do not try to enable critical clocks if prepare failed (bsc#1051510). - clk: pxa: fix one of the pxa RTC clocks (bsc#1051510). - clk: rockchip: fix I2S1 clock gate register for rk3328 (bsc#1051510). - clk: rockchip: fix ID of 8ch clock of I2S1 for rk3328 (bsc#1051510). - clk: rockchip: fix rk3188 sclk_mac_lbtest parameter ordering (bsc#1051510). - clk: rockchip: fix rk3188 sclk_smc gate data (bsc#1051510). - clk: samsung: exynos5420: Preserve CPU clocks configuration during suspend/resume (bsc#1051510). - clk: samsung: exynos5420: Preserve PLL configuration during suspend/resume (git-fixes). - clk: samsung: Use clk_hw API for calling clk framework from clk notifiers (bsc#1051510). - clk: sunxi-ng: a80: fix the zero'ing of bits 16 and 18 (git-fixes). - clk: sunxi: sun9i-mmc: Implement reset callback for reset controls (bsc#1051510). - clocksource/drivers/sh_cmt: Fix clocksource width for 32-bit machines (bsc#1051510). - clocksource/drivers/sh_cmt: Fixup for 64-bit machines (bsc#1051510). - compat_ioctl: handle SIOCOUTQNSD (bsc#1051510). - component: fix loop condition to call unbind() if bind() fails (bsc#1051510). - configfs_register_group() shouldn't be (and isn't) called in rmdirable parts (bsc#1051510). - copy/pasted 'Recommends:' instead of 'Provides:', 'Obsoletes:' and 'Conflicts: - Cover up kABI breakage due to DH key verification (bsc#1155331). - cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init() (bsc#1051510). - cpufreq: intel_pstate: Register when ACPI PCCH is present (bsc#1051510). - cpufreq: powernv: fix stack bloat and hard limit on number of CPUs (bsc#1051510). - cpufreq: Skip cpufreq resume if it's not suspended (bsc#1051510). - cpufreq: ti-cpufreq: add missing of_node_put() (bsc#1051510). - cpupower : Fix cpupower working when cpu0 is offline (bsc#1051510). - cpupower : frequency-set -r option misses the last cpu in related cpu list (bsc#1051510). - cpupower: Fix coredump on VMWare (bsc#1051510). - crypto: af_alg - cast ki_complete ternary op to int (bsc#1051510). - crypto: af_alg - Use bh_lock_sock in sk_destruct (bsc#1051510). - crypto: api - Check spawn->alg under lock in crypto_drop_spawn (bsc#1051510). - crypto: atmel-sha - fix error handling when setting hmac key (bsc#1051510). - crypto: ccp - fix uninitialized list head (bsc#1051510). - crypto: chelsio - fix writing tfm flags to wrong place (bsc#1051510). - crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr (bsc#1051510). - crypto: dh - add public key verification test (bsc#1155331). - crypto: dh - fix calculating encoded key size (bsc#1155331). - crypto: dh - fix memory leak (bsc#1155331). - crypto: dh - update test for public key verification (bsc#1155331). - crypto: DRBG - add FIPS 140-2 CTRNG for noise source (bsc#1155334). - crypto: ecdh - add public key verification test (bsc#1155331). - crypto: ecdh - fix big endian bug in ECC library (bsc#1051510). - crypto: ecdh - fix typo of P-192 b value (bsc#1155331). - crypto: fix a memory leak in rsa-kcs1pad's encryption mode (bsc#1051510). - crypto: geode-aes - switch to skcipher for cbc(aes) fallback (bsc#1051510). - crypto: mxc-scc - fix build warnings on ARM64 (bsc#1051510). - crypto: mxs-dcp - Fix AES issues (bsc#1051510). - crypto: mxs-dcp - Fix SHA null hashes and output length (bsc#1051510). - crypto: mxs-dcp - make symbols 'sha1_null_hash' and 'sha256_null_hash' static (bsc#1051510). - crypto: pcrypt - Do not clear MAY_SLEEP flag in original request (bsc#1051510). - crypto: picoxcell - adjust the position of tasklet_init and fix missed tasklet_kill (bsc#1051510). - crypto: s5p-sss: Fix Fix argument list alignment (bsc#1051510). - crypto: tgr192 - remove unneeded semicolon (bsc#1051510). - cw1200: Fix a signedness bug in cw1200_load_firmware() (bsc#1051510). - cxgb4: fix panic when attaching to ULD fail (networking-stable-19_11_05). - cxgb4: request the TX CIDX updates to status page (bsc#1127371). - dccp: do not leak jiffies on the wire (networking-stable-19_11_05). - dlm: do not leak kernel pointer to userspace (bsc#1051510). - dlm: fix invalid free (bsc#1051510). - dma-buf: Fix memory leak in sync_file_merge() (git-fixes). - dma-mapping: fix return type of dma_set_max_seg_size() (bsc#1051510). - dmaengine: coh901318: Fix a double-lock bug (bsc#1051510). - dmaengine: coh901318: Remove unused variable (bsc#1051510). - dmaengine: dma-jz4780: Do not depend on MACH_JZ4780 (bsc#1051510). - dmaengine: dma-jz4780: Further residue status fix (bsc#1051510). - dmaengine: ep93xx: Return proper enum in ep93xx_dma_chan_direction (bsc#1051510). - dmaengine: Fix access to uninitialized dma_slave_caps (bsc#1051510). - dmaengine: imx-sdma: fix use-after-free on probe error path (bsc#1051510). - dmaengine: rcar-dmac: set scatter/gather max segment size (bsc#1051510). - dmaengine: timb_dma: Use proper enum in td_prep_slave_sg (bsc#1051510). - docs: move protection-keys.rst to the core-api book (bsc#1078248). - Documentation: debugfs: Document debugfs helper for unsigned long values (git-fixes). - Documentation: x86: convert protection-keys.txt to reST (bsc#1078248). - drivers/base/memory.c: cache blocks in radix tree to accelerate lookup (bsc#1159955 ltc#182993). - drivers/base/platform.c: kmemleak ignore a known leak (bsc#1051510). - drivers/regulator: fix a missing check of return value (bsc#1051510). - drm/amdgpu: fix bad DMA from INTERRUPT_CNTL2 (bsc#1114279) - drm/dp_mst: correct the shifting in DP_REMOTE_I2C_READ (bsc#1051510). - drm/etnaviv: fix dumping of iommuv2 (bsc#1113722) - drm/fb-helper: Round up bits_per_pixel if possible (bsc#1051510). - drm/i810: Prevent underflow in ioctl (bsc#1114279) - drm/i915: Add missing include file <linux/math64.h> (bsc#1051510). - drm/i915: Fix pid leak with banned clients (bsc#1114279) - drm/mst: Fix MST sideband up-reply failure handling (bsc#1051510). - drm/omap: fix max fclk divider for omap36xx (bsc#1113722) - drm/qxl: Return error if fbdev is not 32 bpp (bsc#1159028) - drm/radeon: fix bad DMA from INTERRUPT_CNTL2 (git-fixes). - drm/radeon: fix r1xx/r2xx register checker for POT textures (bsc#1114279) - drm/radeon: fix si_enable_smc_cac() failed issue (bsc#1113722) - drm/rockchip: Round up _before_ giving to the clock framework (bsc#1114279) - drm: limit to INT_MAX in create_blob ioctl (bsc#1051510). - drm: meson: venc: cvbs: fix CVBS mode matching (bsc#1051510). - drm: panel-lvds: Potential Oops in probe error handling (bsc#1114279) - e1000e: Add support for Comet Lake (bsc#1158533). - e1000e: Add support for Tiger Lake (bsc#1158533). - e1000e: Drop unnecessary __E1000_DOWN bit twiddling (bsc#1158049). - e1000e: Increase pause and refresh time (bsc#1158533). - e1000e: Use dev_get_drvdata where possible (bsc#1158049). - e1000e: Use rtnl_lock to prevent race conditions between net and pci/pm (bsc#1158049). - e100: Fix passing zero to 'PTR_ERR' warning in e100_load_ucode_wait (bsc#1051510). - ecryptfs_lookup_interpose(): lower_dentry->d_inode is not stable (bsc#1158646). - ecryptfs_lookup_interpose(): lower_dentry->d_parent is not stable either (bsc#1158647). - EDAC/ghes: Fix locking and memory barrier issues (bsc#1114279). EDAC/ghes: Do not warn when incrementing refcount on 0 (bsc#1114279). - EDAC/ghes: Fix Use after free in ghes_edac remove path (bsc#1114279). - exit: panic before exit_mm() on global init exit (bsc#1161549). - ext4: fix punch hole for inline_data file systems (bsc#1158640). - ext4: update direct I/O read lock pattern for IOCB_NOWAIT (bsc#1158639). - extcon: cht-wc: Return from default case to avoid warnings (bsc#1051510). - extcon: max8997: Fix lack of path setting in USB device mode (bsc#1051510). - fbdev: sbuslib: integer overflow in sbusfb_ioctl_helper() (bsc#1051510). - fbdev: sbuslib: use checked version of put_user() (bsc#1051510). - fjes: fix missed check in fjes_acpi_add (bsc#1051510). - fs: cifs: Fix atime update check vs mtime (bsc#1144333). - ftrace: Avoid potential division by zero in function profiler (bsc#1160784). - ftrace: Introduce PERMANENT ftrace_ops flag (bsc#1120853). - genirq: Prevent NULL pointer dereference in resend_irqs() (bsc#1051510). - genirq: Properly pair kobject_del() with kobject_add() (bsc#1051510). - gpio: Fix error message on out-of-range GPIO in lookup table (bsc#1051510). - gpio: mpc8xxx: Do not overwrite default irq_set_type callback (bsc#1051510). - gpio: syscon: Fix possible NULL ptr usage (bsc#1051510). - gpiolib: acpi: Add Terra Pad 1061 to the run_edge_events_on_boot_blacklist (bsc#1051510). - gsmi: Fix bug in append_to_eventlog sysfs handler (bsc#1051510). - HID: Add ASUS T100CHI keyboard dock battery quirks (bsc#1051510). - HID: Add quirk for Microsoft PIXART OEM mouse (bsc#1051510). - HID: asus: Add T100CHI bluetooth keyboard dock special keys mapping (bsc#1051510). - HID: doc: fix wrong data structure reference for UHID_OUTPUT (bsc#1051510). - HID: Fix assumption that devices have inputs (git-fixes). - HID: hidraw, uhid: Always report EPOLLOUT (bsc#1051510). - HID: hidraw: Fix returning EPOLLOUT from hidraw_poll (bsc#1051510). - HID: intel-ish-hid: fixes incorrect error handling (bsc#1051510). - HID: uhid: Fix returning EPOLLOUT from uhid_char_poll (bsc#1051510). - HID: wacom: generic: Treat serial number and related fields as unsigned (git-fixes). - hidraw: Return EPOLLOUT from hidraw_poll (bsc#1051510). - hwmon: (ina3221) Fix INA3221_CONFIG_MODE macros (bsc#1051510). - hwmon: (pwm-fan) Silence error on probe deferral (bsc#1051510). - hwrng: omap - Fix RNG wait loop timeout (bsc#1051510). - hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if not idled (bsc#1051510). - hwrng: stm32 - fix unbalanced pm_runtime_enable (bsc#1051510). - hypfs: Fix error number left in struct pointer member (bsc#1051510). - i2c: imx: do not print error message on probe defer (bsc#1051510). - ibmveth: Detect unsupported packets before sending to the hypervisor (bsc#1159484 ltc#182983). - ibmvnic: Bound waits for device queries (bsc#1155689 ltc#182047). - ibmvnic: Bound waits for device queries (bsc#1155689 ltc#182047). - ibmvnic: Fix completion structure initialization (bsc#1155689 ltc#182047). - ibmvnic: Fix completion structure initialization (bsc#1155689 ltc#182047). - ibmvnic: Serialize device queries (bsc#1155689 ltc#182047). - ibmvnic: Serialize device queries (bsc#1155689 ltc#182047). - ibmvnic: Terminate waiting device threads after loss of service (bsc#1155689 ltc#182047). - ibmvnic: Terminate waiting device threads after loss of service (bsc#1155689 ltc#182047). - idr: Fix idr_alloc_u32 on 32-bit systems (bsc#1051510). - iio: adc: max9611: explicitly cast gain_selectors (bsc#1051510). - iio: adc: max9611: Fix too short conversion time delay (bsc#1051510). - iio: adc: stm32-adc: fix stopping dma (git-fixes). - iio: buffer: align the size of scan bytes to size of the largest element (bsc#1051510). - iio: dac: mcp4922: fix error handling in mcp4922_write_raw (bsc#1051510). - iio: imu: adis16480: assign bias value only if operation succeeded (git-fixes). - iio: imu: adis16480: make sure provided frequency is positive (git-fixes). - iio: imu: adis: assign read val in debugfs hook only if op successful (git-fixes). - iio: imu: adis: assign value only if return code zero in read funcs (git-fixes). - include/linux/bitrev.h: fix constant bitrev (bsc#1114279). - inet: protect against too small mtu values (networking-stable-19_12_16). - inet: stop leaking jiffies on the wire (networking-stable-19_11_05). - init: add arch_call_rest_init to allow stack switching (jsc#SLE-11179). - Input: aiptek - fix endpoint sanity check (bsc#1051510). - Input: cyttsp4_core - fix use after free bug (bsc#1051510). - Input: ff-memless - kill timer in destroy() (bsc#1051510). - Input: goodix - add upside-down quirk for Teclast X89 tablet (bsc#1051510). - Input: gtco - fix endpoint sanity check (bsc#1051510). - Input: keyspan-remote - fix control-message timeouts (bsc#1051510). - Input: pegasus_notetaker - fix endpoint sanity check (bsc#1051510). - Input: pm8xxx-vib - fix handling of separate enable register (bsc#1051510). - Input: rmi_f54 - read from FIFO in 32 byte blocks (bsc#1051510). - Input: silead - try firmware reload after unsuccessful resume (bsc#1051510). - Input: st1232 - set INPUT_PROP_DIRECT property (bsc#1051510). - Input: sun4i-ts - add a check for devm_thermal_zone_of_sensor_register (bsc#1051510). - Input: sur40 - fix interface sanity checks (bsc#1051510). - Input: synaptics - switch another X1 Carbon 6 to RMI/SMbus (bsc#1051510). - Input: synaptics-rmi4 - clear IRQ enables for F54 (bsc#1051510). - Input: synaptics-rmi4 - destroy F54 poller workqueue when removing (bsc#1051510). - Input: synaptics-rmi4 - disable the relative position IRQ in the F12 driver (bsc#1051510). - Input: synaptics-rmi4 - do not consume more data than we have (F11, F12) (bsc#1051510). - Input: synaptics-rmi4 - do not increment rmiaddr for SMBus transfers (bsc#1051510). - Input: synaptics-rmi4 - fix video buffer size (git-fixes). - Input: synaptics-rmi4 - simplify data read in rmi_f54_work (bsc#1051510). - intel_th: Fix a double put_device() in error path (git-fixes). - iomap: Fix pipe page leakage during splicing (bsc#1158651). - iommu/vt-d: Fix QI_DEV_IOTLB_PFSID and QI_DEV_EIOTLB_PFSID macros (bsc#1158063). - iommu/vt-d: Unlink device if failed to add to group (bsc#1160756). - iommu: Remove device link to group on failure (bsc#1160755). - ipmi:dmi: Ignore IPMI SMBIOS entries with a zero base address (bsc#1051510). - ipv4: Fix table id reference in fib_sync_down_addr (networking-stable-19_11_10). - ipv4: Return -ENETUNREACH if we can't create route but saddr is valid (networking-stable-19_10_24). - iwlegacy: ensure loop counter addr does not wrap and cause an infinite loop (git-fixes). - iwlwifi: api: annotate compressed BA notif array sizes (bsc#1051510). - iwlwifi: check kasprintf() return value (bsc#1051510). - iwlwifi: mvm: avoid sending too many BARs (bsc#1051510). - iwlwifi: mvm: do not send keys when entering D3 (bsc#1051510). - iwlwifi: mvm: Send non offchannel traffic via AP sta (bsc#1051510). - iwlwifi: mvm: synchronize TID queue removal (bsc#1051510). - kABI workaround for ath10k last_wmi_vdev_start_status field (bsc#1051510). - kABI workaround for can/skb.h inclusion (bsc#1051510). - kABI workaround for struct mwifiex_power_cfg change (bsc#1051510). - kABI: add _q suffix to exports that take struct dh (bsc#1155331). - kABI: Fix for 'KVM: x86: Introduce vcpu->arch.xsaves_enabled' (bsc#1158066). - kABI: protect struct sctp_ep_common (kabi). - kernel/trace: Fix do not unregister tracepoints when register sched_migrate_task fail (bsc#1160787). - kernfs: Fix range checks in kernfs_get_target_path (bsc#1051510). - kexec: bail out upon SIGKILL when allocating memory (git-fixes). - KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl (git-fixes). - KVM: s390: Test for bad access register and size at the start of S390_MEM_OP (git-fixes). - KVM: SVM: Guard against DEACTIVATE when performing WBINVD/DF_FLUSH (bsc#1114279). - KVM: SVM: Serialize access to the SEV ASID bitmap (bsc#1114279). - KVM: VMX: Consider PID.PIR to determine if vCPU has pending interrupts (bsc#1158064). - KVM: VMX: Fix conditions for guest IA32_XSS support (bsc#1158065). - KVM: x86/mmu: Take slots_lock when using kvm_mmu_zap_all_fast() (bsc#1158067). - KVM: x86: Host feature SSBD does not imply guest feature SPEC_CTRL_SSBD (bsc#1160476). - KVM: x86: Introduce vcpu->arch.xsaves_enabled (bsc#1158066). - KVM: x86: Remove a spurious export of a static function (bsc#1158954). - leds: Allow to call led_classdev_unregister() unconditionally (bsc#1161674). - leds: class: ensure workqueue is initialized before setting brightness (bsc#1161674). - liquidio: fix race condition in instruction completion processing (bsc#1051510). - livepatch: Allow to distinguish different version of system state changes (bsc#1071995). - livepatch: Basic API to track system state changes (bsc#1071995 ). - livepatch: Keep replaced patches until post_patch callback is called (bsc#1071995). - livepatch: Selftests of the API for tracking system state changes (bsc#1071995). - livepatch: Simplify stack trace retrieval (jsc#SLE-11179). - loop: add ioctl for changing logical block size (bsc#1108043). - loop: fix no-unmap write-zeroes request behavior (bsc#1158637). - mac80211: consider QoS Null frames for STA_NULLFUNC_ACKED (bsc#1051510). - mac80211: Do not send Layer 2 Update frame before authorization (bsc#1051510). - mac80211: fix station inactive_time shortly after boot (bsc#1051510). - mac80211: minstrel: fix CCK rate group streams value (bsc#1051510). - mac80211: minstrel: fix sampling/reporting of CCK rates in HT mode (bsc#1051510). - macvlan: do not assume mac_header is set in macvlan_broadcast() (bsc#1051510). - macvlan: schedule bc_work even if error (bsc#1051510). - macvlan: use skb_reset_mac_header() in macvlan_queue_xmit() (bsc#1051510). - mailbox: mailbox-test: fix null pointer if no mmio (bsc#1051510). - mailbox: reset txdone_method TXDONE_BY_POLL if client knows_txdone (git-fixes). - media: au0828: Fix incorrect error messages (bsc#1051510). - media: bdisp: fix memleak on release (git-fixes). - media: cec.h: CEC_OP_REC_FLAG_ values were swapped (bsc#1051510). - media: cec: report Vendor ID after initialization (bsc#1051510). - media: cxusb: detect cxusb_ctrl_msg error in query (bsc#1051510). - media: davinci: Fix implicit enum conversion warning (bsc#1051510). - media: exynos4-is: Fix recursive locking in isp_video_release() (git-fixes). - media: fix: media: pci: meye: validate offset to avoid arbitrary access (bsc#1051510). - media: flexcop-usb: ensure -EIO is returned on error condition (git-fixes). - media: imon: invalid dereference in imon_touch_event (bsc#1051510). - media: isif: fix a NULL pointer dereference bug (bsc#1051510). - media: ov6650: Fix control handler not freed on init error (git-fixes). - media: pci: ivtv: Fix a sleep-in-atomic-context bug in ivtv_yuv_init() (bsc#1051510). - media: pulse8-cec: return 0 when invalidating the logical address (bsc#1051510). - media: pxa_camera: Fix check for pdev->dev.of_node (bsc#1051510). - media: radio: wl1273: fix interrupt masking on release (git-fixes). - media: stkwebcam: Bugfix for wrong return values (bsc#1051510). - media: ti-vpe: vpe: Fix Motion Vector vpdma stride (git-fixes). - media: usbvision: Fix races among open, close, and disconnect (bsc#1051510). - media: uvcvideo: Fix error path in control parsing failure (git-fixes). - media: v4l2-ctrl: fix flags for DO_WHITE_BALANCE (bsc#1051510). - media: vim2m: Fix abort issue (git-fixes). - media: vivid: Set vid_cap_streaming and vid_out_streaming to true (bsc#1051510). - mei: bus: prefix device names on bus with the bus name (bsc#1051510). - mei: fix modalias documentation (git-fixes). - mei: samples: fix a signedness bug in amt_host_if_call() (bsc#1051510). - mfd: intel-lpss: Add default I2C device properties for Gemini Lake (bsc#1051510). - mfd: max8997: Enale irq-wakeup unconditionally (bsc#1051510). - mfd: mc13xxx-core: Fix PMIC shutdown when reading ADC values (bsc#1051510). - mfd: palmas: Assign the right powerhold mask for tps65917 (git-fixes). - mfd: ti_am335x_tscadc: Keep ADC interface on if child is wakeup capable (bsc#1051510). - mISDN: Fix type of switch control variable in ctrl_teimanager (bsc#1051510). - missing escaping of backslashes in macro expansions Fixes: f3b74b0ae86b ('rpm/kernel-subpackage-spec: Unify dependency handling.') Fixes: 3fd22e219f77 ('rpm/kernel-subpackage-spec: Fix empty Recommends tag (bsc#1143959)') - mlx5: add parameter to disable enhanced IPoIB (bsc#1142095) - mm, memory_hotplug: do not clear numa_node association after hot_remove (bnc#1115026). - mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d() (git fixes (mm/gup)). - mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new zone (git fixes (mm/compaction)). - mm/debug.c: PageAnon() is true for PageKsm() pages (git fixes (mm/debug)). - mm/page-writeback.c: fix range_cyclic writeback vs writepages deadlock (bsc#1159394). - mm: memory_hotplug: use put_device() if device_register fail (bsc#1159955 ltc#182993). - mmc: core: fix wl1251 sdio quirks (git-fixes). - mmc: host: omap_hsmmc: add code for special init of wl1251 to get rid of pandora_wl1251_init_card (git-fixes). - mmc: mediatek: fix cannot receive new request when msdc_cmd_is_ready fail (bsc#1051510). - mmc: mediatek: fix CMD_TA to 2 for MT8173 HS200/HS400 mode (bsc#1051510). - mmc: sdhci-of-at91: fix quirk2 overwrite (git-fixes). - mmc: sdhci-of-esdhc: fix P2020 errata handling (bsc#1051510). - mmc: sdhci-of-esdhc: Revert 'mmc: sdhci-of-esdhc: add erratum A-009204 support' (bsc#1051510). - mmc: sdhci: fix minimum clock rate for v3 controller (bsc#1051510). - mmc: sdio: fix wl1251 vendor id (git-fixes). - mmc: tegra: fix SDR50 tuning override (bsc#1051510). - moduleparam: fix parameter description mismatch (bsc#1051510). - mt7601u: fix bbp version check in mt7601u_wait_bbp_ready (bsc#1051510). - mtd: spear_smi: Fix Write Burst mode (bsc#1051510). - mtd: spi-nor: fix silent truncation in spi_nor_read() (bsc#1051510). - mwifiex: debugfs: correct histogram spacing, formatting (bsc#1051510). - mwifiex: drop most magic numbers from mwifiex_process_tdls_action_frame() (git-fixes). - mwifiex: Fix NL80211_TX_POWER_LIMITED (bsc#1051510). - mwifiex: fix potential NULL dereference and use after free (bsc#1051510). - nbd: prevent memory leak (bsc#1158638). - net/ibmvnic: Fix typo in retry check (bsc#1155689 ltc#182047). - net/ibmvnic: Ignore H_FUNCTION return from H_EOI to tolerate XIVE mode (bsc#1089644, ltc#166495, ltc#165544, git-fixes). - net/mlx4_core: Dynamically set guaranteed amount of counters per VF (networking-stable-19_11_05). - net/mlx4_en: fix mlx4 ethtool -N insertion (networking-stable-19_11_25). - net/mlx5: prevent memory leak in mlx5_fpga_conn_create_cq (bsc#1046303). - net/mlx5e: Fix handling of compressed CQEs in case of low NAPI budget (networking-stable-19_11_05). - net/mlx5e: Fix set vf link state error flow (networking-stable-19_11_25). - net/mlx5e: Fix SFF 8472 eeprom length (git-fixes). - net/mlxfw: Fix out-of-memory error in mfa2 flash burning (bsc#1051858). - net/sched: act_pedit: fix WARN() in the traffic path (networking-stable-19_11_25). - net/smc: avoid fallback in case of non-blocking connect (git-fixes). - net/smc: fix closing of fallback SMC sockets (git-fixes). - net/smc: Fix error path in smc_init (git-fixes). - net/smc: fix ethernet interface refcounting (git-fixes). - net/smc: fix refcounting for non-blocking connect() (git-fixes). - net/smc: keep vlan_id for SMC-R in smc_listen_work() (git-fixes). - net: add READ_ONCE() annotation in __skb_wait_for_more_packets() (networking-stable-19_11_05). - net: add skb_queue_empty_lockless() (networking-stable-19_11_05). - net: annotate accesses to sk->sk_incoming_cpu (networking-stable-19_11_05). - net: annotate lockless accesses to sk->sk_napi_id (networking-stable-19_11_05). - net: avoid potential infinite loop in tc_ctl_action() (networking-stable-19_10_24). - net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3 (networking-stable-19_10_24). - net: bcmgenet: reset 40nm EPHY on energy detect (networking-stable-19_11_05). - net: bcmgenet: Set phydev->dev_flags only for internal PHYs (networking-stable-19_10_24). - net: bridge: deny dev_set_mac_address() when unregistering (networking-stable-19_12_16). - net: cdc_ncm: Signedness bug in cdc_ncm_set_dgram_size() (git-fixes). - net: dsa: b53: Do not clear existing mirrored port mask (networking-stable-19_11_05). - net: dsa: bcm_sf2: Fix IMP setup for port different than 8 (networking-stable-19_11_05). - net: dsa: fix switch tree list (networking-stable-19_11_05). - net: ethernet: ftgmac100: Fix DMA coherency issue with SW checksum (networking-stable-19_11_05). - net: ethernet: octeon_mgmt: Account for second possible VLAN header (networking-stable-19_11_10). - net: ethernet: ti: cpsw: fix extra rx interrupt (networking-stable-19_12_16). - net: fix data-race in neigh_event_send() (networking-stable-19_11_10). - net: fix sk_page_frag() recursion from memory reclaim (networking-stable-19_11_05). - net: hisilicon: Fix ping latency when deal with high throughput (networking-stable-19_11_05). - net: phy: at803x: Change error to EINVAL for invalid MAC (bsc#1051510). - net: phy: broadcom: Use strlcpy() for ethtool::get_strings (bsc#1051510). - net: phy: Check against net_device being NULL (bsc#1051510). - net: phy: dp83867: Set up RGMII TX delay (bsc#1051510). - net: phy: Fix not to call phy_resume() if PHY is not attached (bsc#1051510). - net: phy: Fix the register offsets in Broadcom iProc mdio mux driver (bsc#1051510). - net: phy: fixed_phy: Fix fixed_phy not checking GPIO (bsc#1051510). - net: phy: marvell: clear wol event before setting it (bsc#1051510). - net: phy: marvell: Use strlcpy() for ethtool::get_strings (bsc#1051510). - net: phy: meson-gxl: check phy_write return value (bsc#1051510). - net: phy: micrel: Use strlcpy() for ethtool::get_strings (bsc#1051510). - net: phy: mscc: read 'vsc8531, edge-slowdown' as an u32 (bsc#1051510). - net: phy: mscc: read 'vsc8531,vddmac' as an u32 (bsc#1051510). - net: phy: xgene: disable clk on error paths (bsc#1051510). - net: phy: xgmiitorgmii: Check phy_driver ready before accessing (bsc#1051510). - net: phy: xgmiitorgmii: Check read_status results (bsc#1051510). - net: phy: xgmiitorgmii: Support generic PHY status read (bsc#1051510). - net: psample: fix skb_over_panic (networking-stable-19_12_03). - net: rtnetlink: prevent underflows in do_setvfinfo() (networking-stable-19_11_25). - net: sched: fix `tc -s class show` no bstats on class with nolock subqueues (networking-stable-19_12_03). - net: stmmac: disable/enable ptp_ref_clk in suspend/resume flow (networking-stable-19_10_24). - net: usb: lan78xx: limit size of local TSO packets (bsc#1051510). - net: usb: qmi_wwan: add support for DW5821e with eSIM support (networking-stable-19_11_10). - net: usb: qmi_wwan: add support for Foxconn T77W968 LTE modules (networking-stable-19_11_18). - net: use skb_queue_empty_lockless() in busy poll contexts (networking-stable-19_11_05). - net: use skb_queue_empty_lockless() in poll() handlers (networking-stable-19_11_05). - net: wireless: ti: remove local VENDOR_ID and DEVICE_ID definitions (git-fixes). - net: wireless: ti: wl1251 use new SDIO_VENDOR_ID_TI_WL1251 definition (git-fixes). - net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol() (networking-stable-19_11_05). - netfilter: nf_queue: enqueue skbs with NULL dst (git-fixes). - netns: fix GFP flags in rtnl_net_notifyid() (networking-stable-19_11_05). - nfc: fdp: fix incorrect free object (networking-stable-19_11_10). - nfc: netlink: fix double device reference drop (git-fixes). - nfc: nxp-nci: Fix NULL pointer dereference after I2C communication error (git-fixes). - nfc: pn533: fix bulk-message timeout (bsc#1051510). - nfc: pn544: Adjust indentation in pn544_hci_check_presence (git-fixes). - nfc: port100: handle command failure cleanly (git-fixes). - nfc: st21nfca: fix double free (networking-stable-19_11_10). - nl80211: Fix a GET_KEY reply attribute (bsc#1051510). - ocfs2: fix panic due to ocfs2_wq is null (bsc#1158644). - ocfs2: fix passing zero to 'PTR_ERR' warning (bsc#1158649). - openvswitch: drop unneeded BUG_ON() in ovs_flow_cmd_build_info() (networking-stable-19_12_03). - openvswitch: fix flow command message size (git-fixes). - openvswitch: remove another BUG_ON() (networking-stable-19_12_03). - openvswitch: support asymmetric conntrack (networking-stable-19_12_16). - orinoco_usb: fix interface sanity check (git-fixes). - padata: use smp_mb in padata_reorder to avoid orphaned padata jobs (git-fixes). - PCI/ACPI: Correct error message for ASPM disabling (bsc#1051510). - PCI/MSI: Fix incorrect MSI-X masking on resume (bsc#1051510). - PCI/MSI: Return -ENOSPC from pci_alloc_irq_vectors_affinity() (bsc#1051510). - PCI/PME: Fix possible use-after-free on remove (git-fixes). - PCI/PTM: Remove spurious 'd' from granularity message (bsc#1051510). - PCI: Apply Cavium ACS quirk to ThunderX2 and ThunderX3 (bsc#1051510). - PCI: dwc: Fix find_next_bit() usage (bsc#1051510). - PCI: Fix Intel ACS quirk UPDCR register address (bsc#1051510). - PCI: rcar: Fix missing MACCTLR register setting in initialization sequence (bsc#1051510). - PCI: sysfs: Ignore lockdep for remove attribute (git-fixes). - PCI: tegra: Enable Relaxed Ordering only for Tegra20 & Tegra30 (git-fixes). - phy: phy-twl4030-usb: fix denied runtime access (git-fixes). - pinctl: ti: iodelay: fix error checking on pinctrl_count_index_with_args call (git-fixes). - pinctrl: at91: do not use the same irqchip with multiple gpiochips (git-fixes). - pinctrl: cherryview: Allocate IRQ chip dynamic (git-fixes). - pinctrl: lewisburg: Update pin list according to v1.1v6 (bsc#1051510). - pinctrl: lpc18xx: Use define directive for PIN_CONFIG_GPIO_PIN_INT (bsc#1051510). - pinctrl: qcom: spmi-gpio: fix gpio-hog related boot issues (bsc#1051510). - pinctrl: qcom: ssbi-gpio: fix gpio-hog related boot issues (bsc#1051510). - pinctrl: samsung: Fix device node refcount leaks in init code (bsc#1051510). - pinctrl: samsung: Fix device node refcount leaks in S3C24xx wakeup controller init (bsc#1051510). - pinctrl: samsung: Fix device node refcount leaks in S3C64xx wakeup controller init (bsc#1051510). - pinctrl: sunxi: Fix a memory leak in 'sunxi_pinctrl_build_state()' (bsc#1051510). - pinctrl: xway: fix gpio-hog related boot issues (bsc#1051510). - pinctrl: zynq: Use define directive for PIN_CONFIG_IO_STANDARD (bsc#1051510). - pktcdvd: remove warning on attempting to register non-passthrough dev (bsc#1051510). - platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0 (bsc#1051510). - platform/x86: hp-wmi: Fix ACPI errors caused by passing 0 as input size (bsc#1051510). - platform/x86: hp-wmi: Fix ACPI errors caused by too small buffer (bsc#1051510). - platform/x86: hp-wmi: Make buffer for HPWMI_FEATURE2_QUERY 128 bytes (bsc#1051510). - platform/x86: pmc_atom: Add Siemens CONNECT X300 to critclk_systems DMI table (bsc#1051510). - PM / AVS: SmartReflex: NULL check before some freeing functions is not needed (bsc#1051510). - PM / devfreq: Check NULL governor in available_governors_show (git-fixes). - PM / devfreq: exynos-bus: Correct clock enable sequence (bsc#1051510). - PM / devfreq: Lock devfreq in trans_stat_show (git-fixes). - PM / devfreq: passive: fix compiler warning (bsc#1051510). - PM / devfreq: passive: Use non-devm notifiers (bsc#1051510). - PM / Domains: Deal with multiple states but no governor in genpd (bsc#1051510). - PM / hibernate: Check the success of generating md5 digest before hibernation (bsc#1051510). - power: reset: at91-poweroff: do not procede if at91_shdwc is allocated (bsc#1051510). - power: supply: ab8500_fg: silence uninitialized variable warnings (bsc#1051510). - power: supply: twl4030_charger: disable eoc interrupt on linear charge (bsc#1051510). - power: supply: twl4030_charger: fix charging current out-of-bounds (bsc#1051510). - powerpc/archrandom: fix arch_get_random_seed_int() (bsc#1065729). - powerpc/book3s64/hash: Use secondary hash for bolted mapping if the primary is full (bsc#1157778 ltc#182520). - powerpc/bpf: Fix tail call implementation (bsc#1157698). - powerpc/irq: fix stack overflow verification (bsc#1065729). - powerpc/livepatch: return -ERRNO values in save_stack_trace_tsk_reliable() (bsc#1071995 bsc#1161875). - powerpc/mm: drop #ifdef CONFIG_MMU in is_ioremap_addr() (bsc#1065729). - powerpc/pkeys: remove unused pkey_allows_readwrite (bsc#1065729). - powerpc/powernv: Disable native PCIe port management (bsc#1065729). - powerpc/pseries/lparcfg: Fix display of Maximum Memory (bsc#1162028 ltc#181740). - powerpc/pseries/mobility: notify network peers after migration (bsc#1152631 ltc#181798). - powerpc/pseries: Do not fail hash page table insert for bolted mapping (bsc#1157778 ltc#182520). - powerpc/pseries: Do not opencode HPTE_V_BOLTED (bsc#1157778 ltc#182520). - powerpc/pseries: Drop pointless static qualifier in vpa_debugfs_init() (git-fixes). - powerpc/security: Fix debugfs data leak on 32-bit (bsc#1065729). - powerpc/tools: Do not quote $objdump in scripts (bsc#1065729). - powerpc/xive: Discard ESB load value when interrupt is invalid (bsc#1085030). - powerpc/xive: Skip ioremap() of ESB pages for LSI interrupts (bsc#1085030). - powerpc: Allow 64bit VDSO __kernel_sync_dicache to work across ranges >4GB (bnc#1151927 5.3.17). - powerpc: Allow flush_icache_range to work across ranges >4GB (bnc#1151927 5.3.17). - powerpc: Fix vDSO clock_getres() (bsc#1065729). - ppdev: fix PPGETTIME/PPSETTIME ioctls (bsc#1051510). - ppp: Adjust indentation into ppp_async_input (git-fixes). - prevent active file list thrashing due to refault detection (VM Performance, bsc#1156286). - printk: Export console_printk (bsc#1071995). - pwm: bcm-iproc: Prevent unloading the driver module while in use (git-fixes). - pwm: Clear chip_data in pwm_put() (bsc#1051510). - pwm: clps711x: Fix period calculation (bsc#1051510). - pwm: lpss: Only set update bit if we are actually changing the settings (bsc#1051510). - qede: Disable hardware gro when xdp prog is installed (bsc#1086314 bsc#1086313 bsc#1086301 ). - qede: fix NULL pointer deref in __qede_remove() (networking-stable-19_11_10). - r8152: add device id for Lenovo ThinkPad USB-C Dock Gen 2 (networking-stable-19_11_05). - r8152: add missing endpoint sanity check (bsc#1051510). - random: move FIPS continuous test to output functions (bsc#1155334). - RDMA/bnxt_re: Avoid freeing MR resources if dereg fails (bsc#1050244). - RDMA/hns: Prevent memory leaks of eq->buf_list (bsc#1104427 ). - README.BRANCH: removing myself from the maintainer list - regulator: ab8500: Remove AB8505 USB regulator (bsc#1051510). - regulator: ab8500: Remove SYSCLKREQ from enum ab8505_regulator_id (bsc#1051510). - regulator: rn5t618: fix module aliases (bsc#1051510). - regulator: tps65910: fix a missing check of return value (bsc#1051510). - remoteproc: Check for NULL firmwares in sysfs interface (git-fixes). - reset: fix of_reset_simple_xlate kerneldoc comment (bsc#1051510). - reset: Fix potential use-after-free in __of_reset_control_get() (bsc#1051510). - reset: fix reset_control_get_exclusive kerneldoc comment (bsc#1051510). - reset: fix reset_control_ops kerneldoc comment (bsc#1051510). - resource: fix locking in find_next_iomem_res() (bsc#1114279). - Revert 'ath10k: fix DMA related firmware crashes on multiple devices' (git-fixes). - Revert 'Input: synaptics-rmi4 - do not increment rmiaddr for SMBus transfers' (bsc#1051510). - Revert 'mmc: sdhci: Fix incorrect switch to HS mode' (bsc#1051510). - rpm/kernel-binary.spec.in: add COMPRESS_VMLINUX (bnc#1155921) Let COMPRESS_VMLINUX determine the compression used for vmlinux. By default (historically), it is gz. - rpm/kernel-source.spec.in: Fix dependency of kernel-devel (bsc#1154043) - rpm/kernel-subpackage-spec: Exclude kernel-firmware recommends (bsc#1143959) For reducing the dependency on kernel-firmware in sub packages - rpm/kernel-subpackage-spec: Fix empty Recommends tag (bsc#1143959) - rpm/kernel-subpackage-spec: fix kernel-default-base build There were some issues with recent changes to subpackage dependencies handling: - rpm/kernel-subpackage-spec: Unify dependency handling. - rpm/modules.fips: update module list (bsc#1157853) - rsi_91x_usb: fix interface sanity check (git-fixes). - rt2800: remove errornous duplicate condition (git-fixes). - rtc: dt-binding: abx80x: fix resistance scale (bsc#1051510). - rtc: max8997: Fix the returned value in case of error in 'max8997_rtc_read_alarm()' (bsc#1051510). - rtc: msm6242: Fix reading of 10-hour digit (bsc#1051510). - rtc: pcf8523: set xtal load capacitance from DT (bsc#1051510). - rtc: s35390a: Change buf's type to u8 in s35390a_init (bsc#1051510). - rtl8187: Fix warning generated when strncpy() destination length matches the sixe argument (bsc#1051510). - rtl818x: fix potential use after free (bsc#1051510). - rtl8xxxu: fix interface sanity check (git-fixes). - rtlwifi: Remove unnecessary NULL check in rtl_regd_init (bsc#1051510). - rtlwifi: rtl8192de: Fix misleading REG_MCUFWDL information (bsc#1051510). - rtlwifi: rtl8192de: Fix missing code to retrieve RX buffer address (bsc#1051510). - rtlwifi: rtl8192de: Fix missing enable interrupt flag (bsc#1051510). - s390/bpf: fix lcgr instruction encoding (bsc#1051510). - s390/bpf: use 32-bit index for tail calls (bsc#1051510). - s390/cio: avoid calling strlen on null pointer (bsc#1051510). - s390/cio: exclude subchannels with no parent from pseudo check (bsc#1051510). - s390/cmm: fix information leak in cmm_timeout_handler() (bsc#1051510). - s390/ftrace: generate traced function stack frame (jsc#SLE-11178 jsc#SLE-11179). - s390/ftrace: save traced function caller (jsc#SLE-11179). - s390/ftrace: use HAVE_FUNCTION_GRAPH_RET_ADDR_PTR (jsc#SLE-11179). - s390/head64: correct init_task stack setup (jsc#SLE-11179). - s390/idle: fix cpu idle time calculation (bsc#1051510). - s390/kasan: avoid false positives during stack unwind (jsc#SLE-11179). - s390/kasan: avoid report in get_wchan (jsc#SLE-11179). - s390/livepatch: Implement reliable stack tracing for the consistency model (jsc#SLE-11179). - s390/mm: properly clear _PAGE_NOEXEC bit when it is not supported (bsc#1051510). - s390/process: avoid custom stack unwinding in get_wchan (jsc#SLE-11179). - s390/process: avoid potential reading of freed stack (bsc#1051510). - s390/qdio: (re-)initialize tiqdio list entries (bsc#1051510). - s390/qdio: do not touch the dsci in tiqdio_add_input_queues() (bsc#1051510). - s390/qeth: clean up page frag creation (git-fixes). - s390/qeth: consolidate skb allocation (git-fixes). - s390/qeth: ensure linear access to packet headers (git-fixes). - s390/qeth: guard against runt packets (git-fixes). - s390/qeth: return proper errno on IO error (bsc#1051510). - s390/setup: fix boot crash for machine without EDAT-1 (bsc#1051510 bsc#1140948). - s390/setup: fix early warning messages (bsc#1051510 bsc#1140948). - s390/stacktrace: use common arch_stack_walk infrastructure (jsc#SLE-11179). - s390/suspend: fix stack setup in swsusp_arch_suspend (jsc#SLE-11179). - s390/test_unwind: print verbose unwinding results (jsc#SLE-11179). - s390/topology: avoid firing events before kobjs are created (bsc#1051510). - s390/unwind: add stack pointer alignment sanity checks (jsc#SLE-11179). - s390/unwind: always inline get_stack_pointer (jsc#SLE-11179). - s390/unwind: avoid int overflow in outside_of_stack (jsc#SLE-11179). - s390/unwind: cleanup unused READ_ONCE_TASK_STACK (jsc#SLE-11179). - s390/unwind: correct stack switching during unwind (jsc#SLE-11179). - s390/unwind: drop unnecessary code around calling ftrace_graph_ret_addr() (jsc#SLE-11179). - s390/unwind: filter out unreliable bogus %r14 (jsc#SLE-11179). - s390/unwind: fix get_stack_pointer(NULL, NULL) (jsc#SLE-11179). - s390/unwind: fix mixing regs and sp (jsc#SLE-11179). - s390/unwind: introduce stack unwind API (jsc#SLE-11179). - s390/unwind: make reuse_sp default when unwinding pt_regs (jsc#SLE-11179). - s390/unwind: remove stack recursion warning (jsc#SLE-11179). - s390/unwind: report an error if pt_regs are not on stack (jsc#SLE-11179). - s390/unwind: start unwinding from reliable state (jsc#SLE-11179). - s390/unwind: stop gracefully at task pt_regs (jsc#SLE-11179). - s390/unwind: stop gracefully at user mode pt_regs in irq stack (jsc#SLE-11179). - s390/unwind: unify task is current checks (jsc#SLE-11179). - s390: add stack switch helper (jsc#SLE-11179). - s390: add support for virtually mapped kernel stacks (jsc#SLE-11179). - s390: always inline current_stack_pointer() (jsc#SLE-11179). - s390: always inline disabled_wait (jsc#SLE-11179). - s390: avoid misusing CALL_ON_STACK for task stack setup (jsc#SLE-11179). - s390: clean up stacks setup (jsc#SLE-11179). - s390: correct CALL_ON_STACK back_chain saving (jsc#SLE-11179). - s390: disable preemption when switching to nodat stack with CALL_ON_STACK (jsc#SLE-11179). - s390: fine-tune stack switch helper (jsc#SLE-11179). - s390: fix register clobbering in CALL_ON_STACK (jsc#SLE-11179). - s390: fix stfle zero padding (bsc#1051510). - s390: kabi workaround for ftrace_ret_stack (jsc#SLE-11179). - s390: kabi workaround for lowcore changes due to vmap stack (jsc#SLE-11179). - s390: kabi workaround for reliable stack tracing (jsc#SLE-11179). - s390: preserve kabi for stack unwind API (jsc#SLE-11179). - s390: unify stack size definitions (jsc#SLE-11179). - sched/fair: Add tmp_alone_branch assertion (bnc#1156462). - sched/fair: Fix insertion in rq->leaf_cfs_rq_list (bnc#1156462). - sched/fair: Fix O(nr_cgroups) in the load balancing path (bnc#1156462). - sched/fair: Optimize update_blocked_averages() (bnc#1156462). - sched/fair: WARN() and refuse to set buddy when !se->on_rq (bsc#1158132). - scsi: lpfc: Fix Oops in nvme_register with target logout/login (bsc#1151900). - scsi: qla2xxx: Add a shadow variable to hold disc_state history of fcport (bsc#1158013). - scsi: qla2xxx: Add D-Port Diagnostic reason explanation logs (bsc#1158013). - scsi: qla2xxx: Add debug dump of LOGO payload and ELS IOCB (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Added support for MPI and PEP regions for ISP28XX (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548). - scsi: qla2xxx: Allow PLOGI in target mode (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Change discovery state before PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Cleanup unused async_logout_done (bsc#1158013). - scsi: qla2xxx: Configure local loop for N2N target (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Consolidate fabric scan (bsc#1158013). - scsi: qla2xxx: Correct fcport flags handling (bsc#1158013). - scsi: qla2xxx: Correctly retrieve and interpret active flash region (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548). - scsi: qla2xxx: Do not call qlt_async_event twice (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Do not defer relogin unconditonally (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Drop superfluous INIT_WORK of del_work (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Fix fabric scan hang (bsc#1158013). - scsi: qla2xxx: Fix incorrect SFUB length used for Secure Flash Update MB Cmd (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548). - scsi: qla2xxx: Fix mtcp dump collection failure (bsc#1158013). - scsi: qla2xxx: Fix PLOGI payload and ELS IOCB dump length (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Fix qla2x00_request_irqs() for MSI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Fix RIDA Format-2 (bsc#1158013). - scsi: qla2xxx: fix rports not being mark as lost in sync fabric scan (bsc#1138039). - scsi: qla2xxx: Fix stuck login session using prli_pend_timer (bsc#1158013). - scsi: qla2xxx: Fix stuck session in GNL (bsc#1158013). - scsi: qla2xxx: Fix the endianness of the qla82xx_get_fw_size() return type (bsc#1158013). - scsi: qla2xxx: Fix update_fcport for current_topology (bsc#1158013). - scsi: qla2xxx: Ignore NULL pointer in tcm_qla2xxx_free_mcmd (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Ignore PORT UPDATE after N2N PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Improve readability of the code that handles qla_flt_header (bsc#1158013). - scsi: qla2xxx: Initialize free_work before flushing it (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Remove defer flag to indicate immeadiate port loss (bsc#1158013). - scsi: qla2xxx: Send Notify ACK after N2N PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: unregister ports after GPN_FT failure (bsc#1138039). - scsi: qla2xxx: Update driver version to 10.01.00.22-k (bsc#1158013). - scsi: qla2xxx: Use common routine to free fcport struct (bsc#1158013). - scsi: qla2xxx: Use explicit LOGO in target mode (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Use get_unaligned_*() instead of open-coding these functions (bsc#1158013). - scsi: zfcp: fix request object use-after-free in send path causing wrong traces (bsc#1051510). - scsi: zfcp: trace channel log even for FCP command responses (git-fixes). - sctp: cache netns in sctp_ep_common (networking-stable-19_12_03). - sctp: change sctp_prot .no_autobind with true (networking-stable-19_10_24). - selftests: net: reuseport_dualstack: fix uninitalized parameter (networking-stable-19_11_05). - serial: max310x: Fix tx_empty() callback (bsc#1051510). - serial: mxs-auart: Fix potential infinite loop (bsc#1051510). - serial: samsung: Enable baud clock for UART reset procedure in resume (bsc#1051510). - serial: uartps: Fix suspend functionality (bsc#1051510). - sfc: Only cancel the PPS workqueue if it exists (networking-stable-19_11_25). - signal: Properly set TRACE_SIGNAL_LOSE_INFO in __send_signal (bsc#1157463). - slcan: Fix memory leak in error path (bsc#1051510). - slip: Fix memory leak in slip_open error path (bsc#1051510). - slip: Fix use-after-free Read in slip_open (bsc#1051510). - smb3: Fix crash in SMB2_open_init due to uninitialized field in compounding path (bsc#1144333). - smb3: fix leak in 'open on server' perf counter (bsc#1144333, bsc#1154355). - smb3: Fix persistent handles reconnect (bsc#1144333). - smb3: fix refcount underflow warning on unmount when no directory leases (bsc#1144333). - smb3: fix signing verification of large reads (bsc#1144333, bsc#1154355). - smb3: fix unmount hang in open_shroot (bsc#1144333, bsc#1154355). - smb3: improve handling of share deleted (and share recreated) (bsc#1144333, bsc#1154355). - smb3: Incorrect size for netname negotiate context (bsc#1144333, bsc#1154355). - smb3: remove confusing dmesg when mounting with encryption ('seal') (bsc#1144333). - soc: imx: gpc: fix PDN delay (bsc#1051510). - soc: qcom: wcnss_ctrl: Avoid string overflow (bsc#1051510). - spi: atmel: Fix CS high support (bsc#1051510). - spi: atmel: fix handling of cs_change set on non-last xfer (bsc#1051510). - spi: fsl-lpspi: Prevent FIFO under/overrun by default (bsc#1051510). - spi: mediatek: Do not modify spi_transfer when transfer (bsc#1051510). - spi: mediatek: use correct mata->xfer_len when in fifo transfer (bsc#1051510). - spi: omap2-mcspi: Fix DMA and FIFO event trigger size mismatch (bsc#1051510). - spi: omap2-mcspi: Set FIFO DMA trigger level to word length (bsc#1051510). - spi: pic32: Use proper enum in dmaengine_prep_slave_rg (bsc#1051510). - spi: rockchip: initialize dma_slave_config properly (bsc#1051510). - spi: spidev: Fix OF tree warning logic (bsc#1051510). - stacktrace: Do not skip first entry on noncurrent tasks (jsc#SLE-11179). - stacktrace: Force USER_DS for stack_trace_save_user() (jsc#SLE-11179). - stacktrace: Get rid of unneeded '!!' pattern (jsc#SLE-11179). - stacktrace: Provide common infrastructure (jsc#SLE-11179). - stacktrace: Provide helpers for common stack trace operations (jsc#SLE-11179). - stacktrace: Unbreak stack_trace_save_tsk_reliable() (jsc#SLE-11179). - stacktrace: Use PF_KTHREAD to check for kernel threads (jsc#SLE-11179). - staging: comedi: adv_pci1710: fix AI channels 16-31 for PCI-1713 (bsc#1051510). - staging: iio: adt7316: Fix i2c data reading, set the data field (bsc#1051510). - staging: rtl8188eu: fix interface sanity check (bsc#1051510). - staging: rtl8192e: fix potential use after free (bsc#1051510). - staging: rtl8723bs: Add 024c:0525 to the list of SDIO device-ids (bsc#1051510). - staging: rtl8723bs: Drop ACPI device ids (bsc#1051510). - stm class: Fix a double free of stm_source_device (bsc#1051510). - supported.conf: - synclink_gt(): fix compat_ioctl() (bsc#1051510). - tcp: clear tp->packets_out when purging write queue (bsc#1160560). - tcp: exit if nothing to retransmit on RTO timeout (bsc#1160560, stable 4.14.159). - tcp: md5: fix potential overestimation of TCP option space (networking-stable-19_12_16). - tcp_nv: fix potential integer overflow in tcpnv_acked (bsc#1051510). - thermal: Fix deadlock in thermal thermal_zone_device_check (bsc#1051510). - thunderbolt: Fix lockdep circular locking depedency warning (git-fixes). - tipc: Avoid copying bytes beyond the supplied data (bsc#1051510). - tipc: check bearer name with right length in tipc_nl_compat_bearer_enable (bsc#1051510). - tipc: check link name with right length in tipc_nl_compat_link_set (bsc#1051510). - tipc: check msg->req data len in tipc_nl_compat_bearer_disable (bsc#1051510). - tipc: compat: allow tipc commands without arguments (bsc#1051510). - tipc: fix a missing check of genlmsg_put (bsc#1051510). - tipc: fix link name length check (bsc#1051510). - tipc: fix memory leak in tipc_nl_compat_publ_dump (bsc#1051510). - tipc: fix skb may be leaky in tipc_link_input (bsc#1051510). - tipc: fix tipc_mon_delete() oops in tipc_enable_bearer() error path (bsc#1051510). - tipc: fix wrong timeout input for tipc_wait_for_cond() (bsc#1051510). - tipc: handle the err returned from cmd header function (bsc#1051510). - tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb (bsc#1051510). - tipc: tipc clang warning (bsc#1051510). - tpm: add check after commands attribs tab allocation (bsc#1051510). - tracing: Cleanup stack trace code (jsc#SLE-11179). - tracing: Have the histogram compare functions convert to u64 first (bsc#1160210). - tracing: xen: Ordered comparison of function pointers (git-fixes). - tty: serial: fsl_lpuart: use the sg count from dma_map_sg (bsc#1051510). - tty: serial: imx: use the sg count from dma_map_sg (bsc#1051510). - tty: serial: msm_serial: Fix flow control (bsc#1051510). - tty: serial: pch_uart: correct usage of dma_unmap_sg (bsc#1051510). - uaccess: Add non-pagefault user-space write function (bsc#1083647). - ubifs: Correctly initialize c->min_log_bytes (bsc#1158641). - ubifs: Limit the number of pages in shrink_liability (bsc#1158643). - udp: use skb_queue_empty_lockless() (networking-stable-19_11_05). - usb-serial: cp201x: support Mark-10 digital force gauge (bsc#1051510). - usb: adutux: fix interface sanity check (bsc#1051510). - usb: Allow USB device to be warm reset in suspended state (bsc#1051510). - usb: atm: ueagle-atm: add missing endpoint check (bsc#1051510). - usb: chaoskey: fix error case of a timeout (git-fixes). - usb: chipidea: Fix otg event handler (bsc#1051510). - usb: chipidea: host: Disable port power only if previously enabled (bsc#1051510). - usb: chipidea: imx: enable OTG overcurrent in case USB subsystem is already started (bsc#1051510). - usb: core: hub: Improved device recognition on remote wakeup (bsc#1051510). - usb: core: urb: fix URB structure initialization function (bsc#1051510). - usb: documentation: flags on usb-storage versus UAS (bsc#1051510). - usb: dwc3: debugfs: Properly print/set link state for HS (bsc#1051510). - usb: dwc3: do not log probe deferrals; but do log other error codes (bsc#1051510). - usb: dwc3: ep0: Clear started flag on completion (bsc#1051510). - usb: dwc3: gadget: Check ENBLSLPM before sending ep command (bsc#1051510). - usb: gadget: pch_udc: fix use after free (bsc#1051510). - usb: gadget: udc: fotg210-udc: Fix a sleep-in-atomic-context bug in fotg210_get_status() (bsc#1051510). - usb: gadget: uvc: configfs: Drop leaked references to config items (bsc#1051510). - usb: gadget: uvc: configfs: Prevent format changes after linking header (bsc#1051510). - usb: gadget: uvc: Factor out video USB request queueing (bsc#1051510). - usb: gadget: uvc: Only halt video streaming endpoint in bulk mode (bsc#1051510). - usb: gadget: u_serial: add missing port entry locking (bsc#1051510). - usb: idmouse: fix interface sanity checks (bsc#1051510). - usb: misc: appledisplay: fix backlight update_status return code (bsc#1051510). - usb: mon: Fix a deadlock in usbmon between mmap and read (bsc#1051510). - usb: mtu3: fix dbginfo in qmu_tx_zlp_error_handler (bsc#1051510). - usb: musb: dma: Correct parameter passed to IRQ handler (bsc#1051510). - usb: musb: fix idling for suspend after disconnect interrupt (bsc#1051510). - usb: serial: ch341: handle unbound port at reset_resume (bsc#1051510). - usb: serial: ftdi_sio: add device IDs for U-Blox C099-F9P (bsc#1051510). - usb: serial: io_edgeport: add missing active-port sanity check (bsc#1051510). - usb: serial: io_edgeport: fix epic endpoint lookup (bsc#1051510). - usb: serial: io_edgeport: handle unbound ports on URB completion (bsc#1051510). - usb: serial: io_edgeport: use irqsave() in USB's complete callback (bsc#1051510). - usb: serial: keyspan: handle unbound ports (bsc#1051510). - usb: serial: mos7720: fix remote wakeup (git-fixes). - usb: serial: mos7840: add USB ID to support Moxa UPort 2210 (bsc#1051510). - usb: serial: mos7840: fix remote wakeup (git-fixes). - usb: serial: opticon: fix control-message timeouts (bsc#1051510). - usb: serial: option: add support for DW5821e with eSIM support (bsc#1051510). - usb: serial: option: add support for Foxconn T77W968 LTE modules (bsc#1051510). - usb: serial: option: Add support for Quectel RM500Q (bsc#1051510). - usb: serial: quatech2: handle unbound ports (bsc#1051510). - usb: serial: simple: Add Motorola Solutions TETRA MTP3xxx and MTP85xx (bsc#1051510). - usb: serial: suppress driver bind attributes (bsc#1051510). - usb: uas: heed CAPACITY_HEURISTICS (bsc#1051510). - usb: uas: honor flag to avoid CAPACITY16 (bsc#1051510). - usb: xhci-mtk: fix ISOC error when interval is zero (bsc#1051510). - usb: xhci: Fix build warning seen with CONFIG_PM=n (bsc#1051510). - usb: xhci: only set D3hot for pci device (bsc#1051510). - usbip: Fix receive error in vhci-hcd when using scatter-gather (bsc#1051510). - usbip: tools: fix fd leakage in the function of read_attr_usbip_status (git-fixes). - vfio-ccw: Fix misleading comment when setting orb.cmd.c64 (bsc#1051510). - vfio-ccw: Set pa_nr to 0 if memory allocation fails for pa_iova_pfn (bsc#1051510). - vfio: ccw: push down unsupported IDA check (bsc#1156471 LTC#182362). - vfs: fix preadv64v2 and pwritev64v2 compat syscalls with offset == -1 (bsc#1051510). - video/hdmi: Fix AVI bar unpack (git-fixes). - video: backlight: Add devres versions of of_find_backlight (bsc#1090888) Taken for 6010831dde5. - video: backlight: Add of_find_backlight helper in backlight.c (bsc#1090888) Taken for 6010831dde5. - virtio/s390: fix race on airq_areas (bsc#1051510). - virtio_console: allocate inbufs in add_port() only if it is needed (git-fixes). - virtio_ring: fix return code on DMA mapping fails (git-fixes). - vmxnet3: turn off lro when rxcsum is disabled (bsc#1157499). - vsock/virtio: fix sock refcnt holding during the shutdown (git-fixes). - watchdog: meson: Fix the wrong value of left time (bsc#1051510). - watchdog: sama5d4: fix WDD value to be always set to max (bsc#1051510). - workqueue: Fix pwq ref leak in rescuer_thread() (bsc#1160211). - x86/alternatives: Add int3_emulate_call() selftest (bsc#1153811). - x86/alternatives: Fix int3_emulate_call() selftest stack corruption (bsc#1153811). - x86/kgbd: Use NMI_VECTOR not APIC_DM_NMI (bsc#1114279). - x86/mce/AMD: Allow any CPU to initialize the smca_banks array (bsc#1114279). - x86/MCE/AMD: Allow Reserved types to be overwritten in smca_banks (bsc#1114279). - x86/MCE/AMD: Do not use rdmsr_safe_on_cpu() in smca_configure() (bsc#1114279). - x86/mce: Fix possibly incorrect severity calculation on AMD (bsc#1114279). - x86/mm/pkeys: Fix typo in Documentation/x86/protection-keys.txt (bsc#1078248). - x86/pkeys: Update documentation about availability (bsc#1078248). - x86/resctrl: Fix an imbalance in domain_remove_cpu() (bsc#1114279). - x86/resctrl: Fix potential lockdep warning (bsc#1114279). - x86/resctrl: Fix potential memory leak (bsc#1114279). - x86/resctrl: Prevent NULL pointer dereference when reading mondata (bsc#1114279). - x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs (bsc#1158068). - x86/speculation: Fix incorrect MDS/TAA mitigation status (bsc#1114279). - x86/speculation: Fix redundant MDS mitigation message (bsc#1114279). - xen-blkfront: switch kcalloc to kvcalloc for large array allocation (bsc#1160917). - xen/blkback: Avoid unmapping unmapped grant pages (bsc#1065600). - xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk (bsc#1065600). - xfrm: Fix transport mode skb control buffer usage (bsc#1161552). - xfs: Fix tail rounding in xfs_alloc_file_space() (bsc#1161087, bsc#1153917). - xfs: Sanity check flags of Q_XQUOTARM call (bsc#1158652). - xhci: handle some XHCI_TRUST_TX_LENGTH quirks cases as default behaviour (bsc#1051510). - xhci: Increase STS_HALT timeout in xhci_suspend() (bsc#1051510). - zd1211rw: fix storage endpoint lookup (git-fixes). Moderate SUSE bug 1046303 SUSE bug 1050244 SUSE bug 1051510 SUSE bug 1051858 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1078248 SUSE bug 1083647 SUSE bug 1085030 SUSE bug 1086301 SUSE bug 1086313 SUSE bug 1086314 SUSE bug 1089644 SUSE bug 1090888 SUSE bug 1104427 SUSE bug 1108043 SUSE bug 1113722 SUSE bug 1114279 SUSE bug 1115026 SUSE bug 1117169 SUSE bug 1120853 SUSE bug 1127371 SUSE bug 1134973 SUSE bug 1138039 SUSE bug 1140948 SUSE bug 1141054 SUSE bug 1142095 SUSE bug 1143959 SUSE bug 1144333 SUSE bug 1146519 SUSE bug 1146544 SUSE bug 1151548 SUSE bug 1151900 SUSE bug 1151910 SUSE bug 1151927 SUSE bug 1152631 SUSE bug 1153811 SUSE bug 1153917 SUSE bug 1154043 SUSE bug 1154058 SUSE bug 1154355 SUSE bug 1155331 SUSE bug 1155334 SUSE bug 1155689 SUSE bug 1155897 SUSE bug 1155921 SUSE bug 1156258 SUSE bug 1156259 SUSE bug 1156286 SUSE bug 1156462 SUSE bug 1156471 SUSE bug 1157038 SUSE bug 1157042 SUSE bug 1157070 SUSE bug 1157143 SUSE bug 1157145 SUSE bug 1157155 SUSE bug 1157157 SUSE bug 1157158 SUSE bug 1157162 SUSE bug 1157169 SUSE bug 1157171 SUSE bug 1157173 SUSE bug 1157178 SUSE bug 1157180 SUSE bug 1157182 SUSE bug 1157183 SUSE bug 1157184 SUSE bug 1157191 SUSE bug 1157193 SUSE bug 1157197 SUSE bug 1157298 SUSE bug 1157303 SUSE bug 1157307 SUSE bug 1157324 SUSE bug 1157333 SUSE bug 1157424 SUSE bug 1157463 SUSE bug 1157499 SUSE bug 1157678 SUSE bug 1157692 SUSE bug 1157698 SUSE bug 1157778 SUSE bug 1157853 SUSE bug 1157908 SUSE bug 1158013 SUSE bug 1158021 SUSE bug 1158026 SUSE bug 1158049 SUSE bug 1158063 SUSE bug 1158064 SUSE bug 1158065 SUSE bug 1158066 SUSE bug 1158067 SUSE bug 1158068 SUSE bug 1158082 SUSE bug 1158094 SUSE bug 1158132 SUSE bug 1158381 SUSE bug 1158394 SUSE bug 1158398 SUSE bug 1158407 SUSE bug 1158410 SUSE bug 1158413 SUSE bug 1158417 SUSE bug 1158427 SUSE bug 1158445 SUSE bug 1158533 SUSE bug 1158637 SUSE bug 1158638 SUSE bug 1158639 SUSE bug 1158640 SUSE bug 1158641 SUSE bug 1158643 SUSE bug 1158644 SUSE bug 1158645 SUSE bug 1158646 SUSE bug 1158647 SUSE bug 1158649 SUSE bug 1158651 SUSE bug 1158652 SUSE bug 1158819 SUSE bug 1158823 SUSE bug 1158824 SUSE bug 1158827 SUSE bug 1158834 SUSE bug 1158893 SUSE bug 1158900 SUSE bug 1158903 SUSE bug 1158904 SUSE bug 1158954 SUSE bug 1159024 SUSE bug 1159028 SUSE bug 1159297 SUSE bug 1159394 SUSE bug 1159483 SUSE bug 1159484 SUSE bug 1159569 SUSE bug 1159588 SUSE bug 1159841 SUSE bug 1159908 SUSE bug 1159909 SUSE bug 1159910 SUSE bug 1159911 SUSE bug 1159955 SUSE bug 1160195 SUSE bug 1160210 SUSE bug 1160211 SUSE bug 1160433 SUSE bug 1160442 SUSE bug 1160476 SUSE bug 1160560 SUSE bug 1160755 SUSE bug 1160756 SUSE bug 1160784 SUSE bug 1160787 SUSE bug 1160802 SUSE bug 1160803 SUSE bug 1160804 SUSE bug 1160917 SUSE bug 1160966 SUSE bug 1161087 SUSE bug 1161514 SUSE bug 1161518 SUSE bug 1161522 SUSE bug 1161523 SUSE bug 1161549 SUSE bug 1161552 SUSE bug 1161674 SUSE bug 1161875 SUSE bug 1161931 SUSE bug 1161933 SUSE bug 1161934 SUSE bug 1161935 SUSE bug 1161936 SUSE bug 1161937 SUSE bug 1162028 SUSE bug 1162067 CVE-2019-14615 CVE-2019-14895 CVE-2019-14896 CVE-2019-14897 CVE-2019-14901 CVE-2019-15213 CVE-2019-16994 CVE-2019-18660 CVE-2019-18683 CVE-2019-18808 CVE-2019-18809 CVE-2019-19036 CVE-2019-19045 CVE-2019-19049 CVE-2019-19051 CVE-2019-19052 CVE-2019-19054 CVE-2019-19056 CVE-2019-19057 CVE-2019-19058 CVE-2019-19060 CVE-2019-19062 CVE-2019-19063 CVE-2019-19065 CVE-2019-19066 CVE-2019-19067 CVE-2019-19068 CVE-2019-19073 CVE-2019-19074 CVE-2019-19075 CVE-2019-19077 CVE-2019-19227 CVE-2019-19318 CVE-2019-19319 CVE-2019-19332 CVE-2019-19338 CVE-2019-19447 CVE-2019-19523 CVE-2019-19524 CVE-2019-19525 CVE-2019-19526 CVE-2019-19527 CVE-2019-19528 CVE-2019-19529 CVE-2019-19530 CVE-2019-19531 CVE-2019-19532 CVE-2019-19533 CVE-2019-19534 CVE-2019-19535 CVE-2019-19536 CVE-2019-19537 CVE-2019-19543 CVE-2019-19767 CVE-2019-19965 CVE-2019-19966 CVE-2019-20054 CVE-2019-20095 CVE-2019-20096 CVE-2020-7053 cpe:/o:suse:suse-linux-enterprise-rt:12:sp4 SUSE Linux Enterprise Real Time 12 SP4 The SUSE Linux Enterprise 12-SP4 kernel-RT was updated to 4.12.14 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-8992: Fixed an issue in ext4_protect_reserved_inode in fs/ext4/block_validity.c that allowed attackers to cause a soft lockup via a crafted journal size (bsc#1164069). - CVE-2020-8648: Fixed a use-after-free vulnerability in the n_tty_receive_buf_common function in drivers/tty/n_tty.c (bsc#1162928). - CVE-2020-2732: Fixed an issue affecting Intel CPUs where an L2 guest may trick the L0 hypervisor into accessing sensitive L1 resources (bsc#1163971). - CVE-2020-8428: There was a use-after-free bug in fs/namei.c, which allowed local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9 (bsc#1162109). The following non-security bugs were fixed: - 6pack,mkiss: fix possible deadlock (bsc#1051510). - ACPI / APEI: Switch estatus pool to use vmalloc memory (bsc#1051510). - ACPI: PM: Avoid attaching ACPI PM domain to certain devices (bsc#1051510). - ACPI / video: Add force_none quirk for Dell OptiPlex 9020M (bsc#1051510). - ACPI: video: Do not export a non working backlight interface on MSI MS-7721 boards (bsc#1051510). - ACPI: watchdog: Allow disabling WDAT at boot (bsc#1162557). - ACPI / watchdog: Fix init failure with overlapping register regions (bsc#1162557). - ACPI / watchdog: Set default timeout in probe (bsc#1162557). - ALSA: hda/realtek - Fix silent output on MSI-GL73 (git-fixes). - ALSA: hda: Reset stream if DMA RUN bit not cleared (bsc#1111666). - ALSA: hda: Use scnprintf() for printing texts for sysfs/procfs (git-fixes). - ALSA: seq: Avoid concurrent access to queue flags (git-fixes). - ALSA: seq: Fix concurrent access to queue current tick/time (git-fixes). - ALSA: usb-audio: Apply sample rate quirk for Audioengine D1 (git-fixes). - arm64: Revert support for execute-only user mappings (bsc#1160218). - ASoC: sun8i-codec: Fix setting DAI data format (git-fixes). - ata: ahci: Add shutdown to freeze hardware resources of ahci (bsc#1164388). - bcache: add code comment bch_keylist_pop() and bch_keylist_pop_front() (bsc#1163762). - bcache: add code comments for state->pool in __btree_sort() (bsc#1163762). - bcache: add code comments in bch_btree_leaf_dirty() (bsc#1163762). - bcache: add cond_resched() in __bch_cache_cmp() (bsc#1163762). - bcache: add idle_max_writeback_rate sysfs interface (bsc#1163762). - bcache: add more accurate error messages in read_super() (bsc#1163762). - bcache: add readahead cache policy options via sysfs interface (bsc#1163762). - bcache: at least try to shrink 1 node in bch_mca_scan() (bsc#1163762). - bcache: avoid unnecessary btree nodes flushing in btree_flush_write() (bsc#1163762). - bcache: check return value of prio_read() (bsc#1163762). - bcache: deleted code comments for dead code in bch_data_insert_keys() (bsc#1163762). - bcache: do not export symbols (bsc#1163762). - bcache: explicity type cast in bset_bkey_last() (bsc#1163762). - bcache: fix a lost wake-up problem caused by mca_cannibalize_lock (bsc#1163762). - bcache: Fix an error code in bch_dump_read() (bsc#1163762). - bcache: fix deadlock in bcache_allocator (bsc#1163762). - bcache: fix incorrect data type usage in btree_flush_write() (bsc#1163762). - bcache: fix memory corruption in bch_cache_accounting_clear() (bsc#1163762). - bcache: fix static checker warning in bcache_device_free() (bsc#1163762). - bcache: ignore pending signals when creating gc and allocator thread (bsc#1163762, bsc#1112504). - bcache: print written and keys in trace_bcache_btree_write (bsc#1163762). - bcache: reap c->btree_cache_freeable from the tail in bch_mca_scan() (bsc#1163762). - bcache: reap from tail of c->btree_cache in bch_mca_scan() (bsc#1163762). - bcache: remove macro nr_to_fifo_front() (bsc#1163762). - bcache: remove member accessed from struct btree (bsc#1163762). - bcache: remove the extra cflags for request.o (bsc#1163762). - bcache: Revert 'bcache: shrink btree node cache after bch_btree_check()' (bsc#1163762, bsc#1112504). - blk-mq: avoid sysfs buffer overflow with too many CPU cores (bsc#1163840). - blk-mq: make sure that line break can be printed (bsc#1164098). - Bluetooth: Fix race condition in hci_release_sock() (bsc#1051510). - bonding: fix potential NULL deref in bond_update_slave_arr (bsc#1051510). - bonding: fix unexpected IFF_BONDING bit unset (bsc#1051510). - Btrfs: do not double lock the subvol_sem for rename exchange (bsc#1162943). - Btrfs: fix btrfs_write_inode vs delayed iput deadlock (bsc#1154243). - Btrfs: fix infinite loop during fsync after rename operations (bsc#1163383). - Btrfs: fix race between adding and putting tree mod seq elements and nodes (bsc#1163384). - Btrfs: send, skip backreference walking for extents with many references (bsc#1162139). - cdrom: respect device capabilities during opening action (boo#1164632). - chardev: Avoid potential use-after-free in 'chrdev_open()' (bsc#1163849). - cifs: fix mount option display for sec=krb5i (bsc#1161907). - clk: mmp2: Fix the order of timer mux parents (bsc#1051510). - clk: qcom: rcg2: Do not crash if our parent can't be found; return an error (bsc#1051510). - clk: sunxi-ng: add mux and pll notifiers for A64 CPU clock (bsc#1051510). - clk: tegra: Mark fuse clock as critical (bsc#1051510). - clocksource/drivers/bcm2835_timer: Fix memory leak of timer (bsc#1051510). - clocksource: Prevent double add_timer_on() for watchdog_timer (bsc#1051510). - closures: fix a race on wakeup from closure_sync (bsc#1163762). - crypto: api - Fix race condition in crypto_spawn_alg (bsc#1051510). - crypto: reexport crypto_shoot_alg() (bsc#1051510, kABI fix). - Documentation: Document arm64 kpti control (bsc#1162623). - drivers/base/memory.c: do not access uninitialized memmaps in soft_offline_page_store() (bsc#1051510). - drm/amdgpu: add function parameter description in 'amdgpu_gart_bind' (bsc#1051510). - drm/amdgpu: remove 4 set but not used variable in amdgpu_atombios_get_connector_info_from_object_table (bsc#1051510). - drm/amdgpu: remove always false comparison in 'amdgpu_atombios_i2c_process_i2c_ch' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'amdgpu_connector' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'dig' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'dig_connector' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'mc_shared_chmap' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'mc_shared_chmap' from 'gfx_v6_0.c' and 'gfx_v7_0.c' (bsc#1051510). - drm: bridge: dw-hdmi: constify copied structure (bsc#1051510). - drm/nouveau: Fix copy-paste error in nouveau_fence_wait_uevent_handler (bsc#1051510). - drm/nouveau/secboot/gm20b: initialize pointer in gm20b_secboot_new() (bsc#1051510). - drm/rockchip: lvds: Fix indentation of a #define (bsc#1051510). - drm/vmwgfx: prevent memory leak in vmw_cmdbuf_res_add (bsc#1051510). - Enable CONFIG_BLK_DEV_SR_VENDOR (boo#1164632). - enic: prevent waking up stopped tx queues over watchdog reset (bsc#1133147). - ext2: check err when partial != NULL (bsc#1163859). - ext4: check for directory entries too close to block end (bsc#1163861). - ext4: fix a bug in ext4_wait_for_tail_page_commit (bsc#1163841). - ext4: fix checksum errors with indexed dirs (bsc#1160979). - ext4: fix deadlock allocating crypto bounce page from mempool (bsc#1163842). - ext4: Fix mount failure with quota configured as module (bsc#1164471). - ext4: improve explanation of a mount failure caused by a misconfigured kernel (bsc#1163843). - ext4, jbd2: ensure panic when aborting with zero errno (bsc#1163853). - firestream: fix memory leaks (bsc#1051510). - fix autofs regression caused by follow_managed() changes (bsc#1159271). - fix dget_parent() fastpath race (bsc#1159271). - fix the locking in dcache_readdir() and friends (bsc#1123328). - fscrypt: do not set policy for a dead directory (bsc#1163846). - fs/namei.c: fix missing barriers when checking positivity (bsc#1159271). - fs/namei.c: pull positivity check into follow_managed() (bsc#1159271). - fs/open.c: allow opening only regular files during execve() (bsc#1163845). - ftrace: Add comment to why rcu_dereference_sched() is open coded (git-fixes). - ftrace: Protect ftrace_graph_hash with ftrace_sync (git-fixes). - genirq/proc: Return proper error code when irq_set_affinity() fails (bnc#1105392). - gtp: avoid zero size hashtable (networking-stable-20_01_01). - gtp: do not allow adding duplicate tid and ms_addr pdp context (networking-stable-20_01_01). - gtp: fix an use-after-free in ipv4_pdp_find() (networking-stable-20_01_01). - gtp: fix wrong condition in gtp_genl_dump_pdp() (networking-stable-20_01_01). - hwmon: (adt7475) Make volt2reg return same reg as reg2volt input (bsc#1051510). - hwmon: (core) Do not use device managed functions for memory allocations (bsc#1051510). - hwmon: (nct7802) Fix voltage limits to wrong registers (bsc#1051510). - hwmon: (pmbus/ltc2978) Fix PMBus polling of MFR_COMMON definitions (bsc#1051510). - iommu/amd: Fix IOMMU perf counter clobbering during init (bsc#1162617). - iommu/arm-smmu-v3: Populate VMID field for CMDQ_OP_TLBI_NH_VA (bsc#1164314). - iommu/io-pgtable-arm: Fix race handling in split_blk_unmap() (bsc#1164115). - iwlwifi: do not throw error when trying to remove IGTK (bsc#1051510). - iwlwifi: mvm: fix NVM check for 3168 devices (bsc#1051510). - jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info when load journal (bsc#1163862). - jbd2: do not clear the BH_Mapped flag when forgetting a metadata buffer (bsc#1163836). - jbd2: Fix possible overflow in jbd2_log_space_left() (bsc#1163860). - jbd2: make sure ESHUTDOWN to be recorded in the journal superblock (bsc#1163863). - jbd2: move the clearing of b_modified flag to the journal_unmap_buffer() (bsc#1163880). - jbd2: switch to use jbd2_journal_abort() when failed to submit the commit record (bsc#1163852). - kconfig: fix broken dependency in randconfig-generated .config (bsc#1051510). - kernel-binary.spec.in: do not recommend firmware for kvmsmall and azure flavor (boo#1161360). - KVM: Clean up __kvm_gfn_to_hva_cache_init() and its callers (bsc#1133021). - KVM: fix spectrev1 gadgets (bsc#1164705). - KVM: PPC: Book3S HV: Uninit vCPU if vcore creation fails (bsc#1061840). - KVM: PPC: Book3S PR: Fix -Werror=return-type build failure (bsc#1061840). - KVM: PPC: Book3S PR: Free shared page if mmu initialization fails (bsc#1061840). - KVM: SVM: Override default MMIO mask if memory encryption is enabled (bsc#1162618). - KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks (bsc#1164734). - KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks (bsc#1164728). - KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks (bsc#1164729). - KVM: x86: Protect kvm_hv_msr_[get|set]_crash_data() from Spectre-v1/L1TF attacks (bsc#1164712). - KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks (bsc#1164730). - KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks in x86.c (bsc#1164733). - KVM: x86: Protect MSR-based index computations in fixed_msr_to_seg_unit() from Spectre-v1/L1TF attacks (bsc#1164731). - KVM: x86: Protect MSR-based index computations in pmu.h from Spectre-v1/L1TF attacks (bsc#1164732). - KVM: x86: Protect pmu_intel.c from Spectre-v1/L1TF attacks (bsc#1164735). - KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks (bsc#1164705). - KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks (bsc#1164727). - lib: crc64: include &lt;linux/crc64.h> for 'crc64_be' (bsc#1163762). - lib/scatterlist.c: adjust indentation in __sg_alloc_table (bsc#1051510). - lib/test_kasan.c: fix memory leak in kmalloc_oob_krealloc_more() (bsc#1051510). - livepatch/samples/selftest: Use klp_shadow_alloc() API correctly (bsc#1071995). - livepatch/selftest: Clean up shadow variable names and type (bsc#1071995). - mac80211: Fix TKIP replay protection immediately after key setup (bsc#1051510). - mac80211: mesh: restrict airtime metric to peered established plinks (bsc#1051510). - media: af9005: uninitialized variable printked (bsc#1051510). - media: cec: CEC 2.0-only bcast messages were ignored (git-fixes). - media: digitv: do not continue if remote control state can't be read (bsc#1051510). - media: dvb-usb/dvb-usb-urb.c: initialize actlen to 0 (bsc#1051510). - media: exynos4-is: fix wrong mdev and v4l2 dev order in error path (git-fixes). - media: gspca: zero usb_buf (bsc#1051510). - media: iguanair: fix endpoint sanity check (bsc#1051510). - media: ov6650: Fix crop rectangle alignment not passed back (git-fixes). - media: ov6650: Fix incorrect use of JPEG colorspace (git-fixes). - media: pulse8-cec: fix lost cec_transmit_attempt_done() call. - media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors (bsc#1051510). - media/v4l2-core: set pages dirty upon releasing DMA buffers (bsc#1051510). - media: v4l2-ioctl.c: zero reserved fields for S/TRY_FMT (bsc#1051510). - media: v4l2-rect.h: fix v4l2_rect_map_inside() top/left adjustments (bsc#1051510). - mfd: da9062: Fix watchdog compatible string (bsc#1051510). - mfd: dln2: More sanity checking for endpoints (bsc#1051510). - mfd: rn5t618: Mark ADC control register volatile (bsc#1051510). - mmc: spi: Toggle SPI polarity, do not hardcode it (bsc#1051510). - mod_devicetable: fix PHY module format (networking-stable-19_12_28). - mtd: fix mtd_oobavail() incoherent returned value (bsc#1051510). - namei: only return -ECHILD from follow_dotdot_rcu() (bsc#1163851). - net: dst: Force 4-byte alignment of dst_metrics (networking-stable-19_12_28). - net: ena: fix napi handler misbehavior when the napi budget is zero (networking-stable-20_01_01). - net: hisilicon: Fix a BUG trigered by wrong bytes_compl (networking-stable-19_12_28). - net: nfc: nci: fix a possible sleep-in-atomic-context bug in nci_uart_tty_receive() (networking-stable-19_12_28). - net: qlogic: Fix error paths in ql_alloc_large_buffers() (networking-stable-19_12_28). - net: sched: correct flower port blocking (git-fixes). - net: usb: lan78xx: Fix suspend/resume PHY register access error (networking-stable-19_12_28). - new helper: lookup_positive_unlocked() (bsc#1159271). - nvme: fix the parameter order for nvme_get_log in nvme_get_fw_slot_info (bsc#1163774). - PCI: Add DMA alias quirk for Intel VCA NTB (bsc#1051510). - PCI: Do not disable bridge BARs when assigning bus resources (bsc#1051510). - PCI/IOV: Fix memory leak in pci_iov_add_virtfn() (git-fixes). - PCI/switchtec: Fix vep_vector_number ioread width (bsc#1051510). - percpu: Separate decrypted varaibles anytime encryption can be enabled (bsc#1114279). - perf/x86/intel: Fix inaccurate period in context switch for auto-reload (bsc#1164315). - phy: qualcomm: Adjust indentation in read_poll_timeout (bsc#1051510). - pinctrl: sh-pfc: r8a7778: Fix duplicate SDSELF_B and SD1_CLK_B (bsc#1051510). - powerpc: avoid adjusting memory_limit for capture kernel memory reservation (bsc#1140025 ltc#176086). - powerpc/mm: Remove kvm radix prefetch workaround for Power9 DD2.2 (bsc#1061840). - powerpc/pseries: Advance pfn if section is not present in lmb_is_removable() (bsc#1065729). - powerpc/pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce for DDW (bsc#1065729). - powerpc/pseries/hotplug-memory: Change rc variable to bool (bsc#1065729). - powerpc/pseries/vio: Fix iommu_table use-after-free refcount warning (bsc#1065729). - powerpc: reserve memory for capture kernel after hugepages init (bsc#1140025 ltc#176086). - powerpc/tm: Fix clearing MSR[TS] in current when reclaiming on signal delivery (bsc#1118338 ltc#173734). - powerpc/xmon: do not access ASDR in VMs (bsc#1065729). - power: supply: ltc2941-battery-gauge: fix use-after-free (bsc#1051510). - pstore/ram: Write new dumps to start of recycled zones (bsc#1051510). - pwm: omap-dmtimer: Remove PWM chip in .remove before making it unfunctional (git-fixes). - pwm: Remove set but not set variable 'pwm' (git-fixes). - pxa168fb: Fix the function used to release some memory in an error (bsc#1114279) - qede: Fix multicast mac configuration (networking-stable-19_12_28). - qmi_wwan: Add support for Quectel RM500Q (bsc#1051510). - quota: Check that quota is not dirty before release (bsc#1163858). - quota: fix livelock in dquot_writeback_dquots (bsc#1163857). - r8152: get default setting of WOL before initializing (bsc#1051510). - README.BRANCH: Update the branch name to cve/linux-4.12 - regulator: Fix return value of _set_load() stub (bsc#1051510). - regulator: rk808: Lower log level on optional GPIOs being not available (bsc#1051510). - reiserfs: Fix memory leak of journal device string (bsc#1163867). - reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling (bsc#1163869). - rpm/kabi.pl: support new (>=5.4) Module.symvers format (new symbol namespace field) - rpm/kernel-binary.spec.in: Replace Novell with SUSE - rtc: cmos: Stop using shared IRQ (bsc#1051510). - rtc: hym8563: Return -EINVAL if the time is known to be invalid (bsc#1051510). - rtlwifi: Fix MAX MPDU of VHT capability (git-fixes). - rtlwifi: Remove redundant semicolon in wifi.h (git-fixes). - scsi: qla2xxx: Fix a NULL pointer dereference in an error path (bsc#1157966 bsc#1158013 bsc#1157424). - scsi: qla2xxx: Fix unbound NVME response length (bsc#1157966 bsc#1158013 bsc#1157424). - sctp: fully initialize v4 addr in some functions (networking-stable-19_12_28). - serial: 8250_bcm2835aux: Fix line mismatch on driver unbind (bsc#1051510). - serial: ifx6x60: add missed pm_runtime_disable (bsc#1051510). - serial: pl011: Fix DMA ->flush_buffer() (bsc#1051510). - serial: serial_core: Perform NULL checks for break_ctl ops (bsc#1051510). - serial: stm32: fix transmit_chars when tx is stopped (bsc#1051510). - sh_eth: check sh_eth_cpu_data::dual_port when dumping registers (bsc#1051510). - sh_eth: fix dumping ARSTR (bsc#1051510). - sh_eth: fix invalid context bug while calling auto-negotiation by ethtool (bsc#1051510). - sh_eth: fix invalid context bug while changing link options by ethtool (bsc#1051510). - sh_eth: fix TSU init on SH7734/R8A7740 (bsc#1051510). - sh_eth: fix TXALCR1 offsets (bsc#1051510). - sh_eth: TSU_QTAG0/1 registers the same as TSU_QTAGM0/1 (bsc#1051510). - soc: renesas: rcar-sysc: Add goto to of_node_put() before return (bsc#1051510). - soc/tegra: fuse: Correct straps' address for older Tegra124 device trees (bsc#1051510). - soc: ti: wkup_m3_ipc: Fix race condition with rproc_boot (bsc#1051510). - spi: tegra114: clear packed bit for unpacked mode (bsc#1051510). - spi: tegra114: configure dma burst size to fifo trig level (bsc#1051510). - spi: tegra114: fix for unpacked mode transfers (bsc#1051510). - spi: tegra114: flush fifos (bsc#1051510). - spi: tegra114: terminate dma and reset on transfer timeout (bsc#1051510). - sr_vendor: support Beurer GL50 evo CD-on-a-chip devices (boo#1164632). - staging: vt6656: correct packet types for CTS protect, mode (bsc#1051510). - staging: vt6656: Fix false Tx excessive retries reporting (bsc#1051510). - staging: vt6656: use NULLFUCTION stack on mac80211 (bsc#1051510). - staging: wlan-ng: ensure error return is actually returned (bsc#1051510). - stop_machine: Atomically queue and wake stopper threads (bsc#1088810, bsc#1161702). - stop_machine: Disable preemption after queueing stopper threads (bsc#1088810, bsc#1161702). - stop_machine: Disable preemption when waking two stopper threads (bsc#1088810, bsc#1161702). - stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock (bsc#1088810, bsc#1161702). - tcp: do not send empty skb from tcp_write_xmit() (networking-stable-20_01_01). - tracing: Annotate ftrace_graph_hash pointer with __rcu (git-fixes). - tracing: Annotate ftrace_graph_notrace_hash pointer with __rcu (git-fixes). - tracing: Fix tracing_stat return values in error handling paths (git-fixes). - tracing: Fix very unlikely race of registering two stat tracers (git-fixes). - tty: n_hdlc: fix build on SPARC (bsc#1051510). - tty/serial: atmel: Add is_half_duplex helper (bsc#1051510). - tty: serial: msm_serial: Fix lockup for sysrq and oops (bsc#1051510). - tty: vt: keyboard: reject invalid keycodes (bsc#1051510). - ubifs: do not trigger assertion on invalid no-key filename (bsc#1163850). - ubifs: Fix deadlock in concurrent bulk-read and writepage (bsc#1163856). - ubifs: Fix FS_IOC_SETFLAGS unexpectedly clearing encrypt flag (bsc#1163855). - ubifs: Reject unsupported ioctl flags explicitly (bsc#1163844). - udp: fix integer overflow while computing available space in sk_rcvbuf (networking-stable-20_01_01). - USB: core: fix check for duplicate endpoints (git-fixes). - USB: dwc3: turn off VBUS when leaving host mode (bsc#1051510). - USB: EHCI: Do not return -EPIPE when hub is disconnected (git-fixes). - USB: gadget: f_ecm: Use atomic_t to track in-flight request (bsc#1051510). - USB: gadget: f_ncm: Use atomic_t to track in-flight request (bsc#1051510). - USB: gadget: legacy: set max_speed to super-speed (bsc#1051510). - USB: gadget: Zero ffs_io_data (bsc#1051510). - USB: host: xhci-hub: fix extra endianness conversion (bsc#1051510). - usbip: Fix error path of vhci_recv_ret_submit() (git-fixes). - USB: serial: ir-usb: add missing endpoint sanity check (bsc#1051510). - USB: serial: ir-usb: fix IrLAP framing (bsc#1051510). - USB: serial: ir-usb: fix link-speed handling (bsc#1051510). - USB: serial: option: add support for Quectel RM500Q in QDL mode (git-fixes). - USB: serial: option: add Telit ME910G1 0x110a composition (git-fixes). - USB: serial: option: add ZLP support for 0x1bc7/0x9010 (git-fixes). - usb-storage: Disable UAS on JMicron SATA enclosure (bsc#1051510). - USB: typec: tcpci: mask event interrupts when remove driver (bsc#1051510). - vhost/vsock: accept only packets with the right dst_cid (networking-stable-20_01_01). - watchdog: max77620_wdt: fix potential build errors (bsc#1051510). - watchdog: rn5t618_wdt: fix module aliases (bsc#1051510). - watchdog: wdat_wdt: fix get_timeleft call for wdat_wdt (bsc#1162557). - wireless: fix enabling channel 12 for custom regulatory domain (bsc#1051510). - wireless: wext: avoid gcc -O3 warning (bsc#1051510). - x86/cpu: Update cached HLE state on write to TSX_CTRL_CPUID_CLEAR (bsc#1162619). - x86/intel_rdt: Split resource group removal in two (bsc#1112178). - x86/resctrl: Check monitoring static key in the MBM overflow handler (bsc#1114279). - x86/resctrl: Fix a deadlock due to inaccurate reference (bsc#1112178). - x86/resctrl: Fix use-after-free due to inaccurate refcount of rdtgroup (bsc#1112178). - x86/resctrl: Fix use-after-free when deleting resource groups (bsc#1114279). - xen/balloon: Support xend-based toolstack take two (bsc#1065600). - xen: Enable interrupts when calling _cond_resched() (bsc#1065600). - xhci: Fix memory leak in xhci_add_in_port() (bsc#1051510). - xhci: fix USB3 device initiated resume race with roothub autosuspend (bsc#1051510). - xhci: make sure interrupts are restored to correct state (bsc#1051510). Moderate SUSE bug 1051510 SUSE bug 1061840 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1088810 SUSE bug 1105392 SUSE bug 1111666 SUSE bug 1112178 SUSE bug 1112504 SUSE bug 1114279 SUSE bug 1118338 SUSE bug 1123328 SUSE bug 1133021 SUSE bug 1133147 SUSE bug 1140025 SUSE bug 1154243 SUSE bug 1157424 SUSE bug 1157966 SUSE bug 1158013 SUSE bug 1159271 SUSE bug 1160218 SUSE bug 1160979 SUSE bug 1161360 SUSE bug 1161702 SUSE bug 1161907 SUSE bug 1162109 SUSE bug 1162139 SUSE bug 1162557 SUSE bug 1162617 SUSE bug 1162618 SUSE bug 1162619 SUSE bug 1162623 SUSE bug 1162928 SUSE bug 1162943 SUSE bug 1163383 SUSE bug 1163384 SUSE bug 1163762 SUSE bug 1163774 SUSE bug 1163836 SUSE bug 1163840 SUSE bug 1163841 SUSE bug 1163842 SUSE bug 1163843 SUSE bug 1163844 SUSE bug 1163845 SUSE bug 1163846 SUSE bug 1163849 SUSE bug 1163850 SUSE bug 1163851 SUSE bug 1163852 SUSE bug 1163853 SUSE bug 1163855 SUSE bug 1163856 SUSE bug 1163857 SUSE bug 1163858 SUSE bug 1163859 SUSE bug 1163860 SUSE bug 1163861 SUSE bug 1163862 SUSE bug 1163863 SUSE bug 1163867 SUSE bug 1163869 SUSE bug 1163880 SUSE bug 1163971 SUSE bug 1164069 SUSE bug 1164098 SUSE bug 1164115 SUSE bug 1164314 SUSE bug 1164315 SUSE bug 1164388 SUSE bug 1164471 SUSE bug 1164632 SUSE bug 1164705 SUSE bug 1164712 SUSE bug 1164727 SUSE bug 1164728 SUSE bug 1164729 SUSE bug 1164730 SUSE bug 1164731 SUSE bug 1164732 SUSE bug 1164733 SUSE bug 1164734 SUSE bug 1164735 CVE-2020-2732 CVE-2020-8428 CVE-2020-8648 CVE-2020-8992 cpe:/o:suse:suse-linux-enterprise-rt:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for compat-openssl098 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534). - CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018). - Fixed the 'One and Done' side-channel attack on RSA (bsc#1104789). Moderate SUSE bug 1104789 SUSE bug 1110018 SUSE bug 1113534 SUSE bug 1113652 CVE-2016-8610 CVE-2018-0734 CVE-2018-5407 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for compat-openssl098 fixes the following issues: - CVE-2019-1559: Fix 0-byte record padding oracle via SSL_shutdown (bsc#1127080) - Reject invalid EC point coordinates (bsc#1131291) - Fixed 'The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS Implementations' (bsc#1117951) Moderate SUSE bug 1117951 SUSE bug 1127080 SUSE bug 1131291 CVE-2019-1559 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for compat-openssl098 fixes the following issues: OpenSSL Security Advisory [10 September 2019] - CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance (bsc#1150003). - CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250). Moderate SUSE bug 1150003 SUSE bug 1150250 CVE-2019-1547 CVE-2019-1563 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2017-9287: A double free vulnerability in the mdb backend during search with page size 0 was fixed (bsc#1041764). - CVE-2017-17740: Fixed a denial of service (slapd crash) via a member MODDN operation that could have been triggered when both the nops module and the memberof overlay are enabled (bsc#1073313). Non-security issues fixed: - Fix a regression in handling of non-blocking connections (bsc#1031702) - Fix an uninitialised variable that causes startup failure (bsc#1037396) - Fix libldap leaks socket descriptors issue (bsc#1065083) Important SUSE bug 1031702 SUSE bug 1037396 SUSE bug 1041764 SUSE bug 1065083 SUSE bug 1073313 CVE-2017-17740 CVE-2017-9287 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openldap2 fixes the following issues: - CVE-2020-12243: Fixed a denial of service related to recursive filters (bsc#1170771). - CVE-2019-13565: Fixed an authentication bypass caused by incorrect authorization of another connection, granting excess connection rights (bsc#1143194). - CVE-2019-13057: Fixed an issue with improper authorization with delegated database admin privileges (bsc#1143273). Important SUSE bug 1143194 SUSE bug 1143273 SUSE bug 1170771 CVE-2019-13057 CVE-2019-13565 CVE-2020-12243 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53.1 - CVE-2020-12402: Fixed a potential side channel attack during RSA key generation (bsc#1173032). - CVE-2020-12399: Fixed a timing attack on DSA signature generation (bsc#1171978). - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). - Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony (bsc#1168669). - Fixed an issue where Firefox tab was crashing (bsc#1170908). Release notes: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53_release_notes mozilla-nspr to version 4.25 Important SUSE bug 1159819 SUSE bug 1168669 SUSE bug 1169746 SUSE bug 1170908 SUSE bug 1171978 SUSE bug 1173022 CVE-2019-17006 CVE-2020-12399 CVE-2020-12402 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). Important SUSE bug 1172698 SUSE bug 1172704 CVE-2020-8023 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xen fixes the following issues: - CVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking (bsc#1173377). - CVE-2020-15565: Fixed insufficient cache write-back under VT-d (bsc#1173378). - CVE-2020-15566: Fixed incorrect error handling in event channel port allocation (bsc#1173376). - CVE-2020-15567: Fixed non-atomic modification of live EPT PTE (bsc#1173380). Important SUSE bug 1173376 SUSE bug 1173377 SUSE bug 1173378 SUSE bug 1173380 CVE-2020-15563 CVE-2020-15565 CVE-2020-15566 CVE-2020-15567 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox to version 78.0.1 ESR fixes the following issues: Security issues fixed: - CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing (bsc#1173576). - CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster (bsc#1173576). - CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 (bsc#1173576). - CVE-2020-12418: Information disclosure due to manipulated URL object (bsc#1173576). - CVE-2020-12419: Use-after-free in nsGlobalWindowInner (bsc#1173576). - CVE-2020-12420: Use-After-Free when trying to connect to a STUN server (bsc#1173576). - CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack (bsc#1173576). - CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates (bsc#1173576). - CVE-2020-12422: Integer overflow in nsJPEGEncoder::emptyOutputBuffer (bsc#1173576). - CVE-2020-12423: DLL Hijacking due to searching %PATH% for a library (bsc#1173576). - CVE-2020-12424: WebRTC permission prompt could have been bypassed by a compromised content process (bsc#1173576). - CVE-2020-12425: Out of bound read in Date.parse() (bsc#1173576). - CVE-2020-12426: Memory safety bugs fixed in Firefox 78 (bsc#1173576). - FIPS: MozillaFirefox: allow /proc/sys/crypto/fips_enabled (bsc#1167231). Non-security issues fixed: - Fixed interaction with freetype6 (bsc#1173613). Important SUSE bug 1167231 SUSE bug 1173576 SUSE bug 1173613 CVE-2020-12402 CVE-2020-12415 CVE-2020-12416 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 CVE-2020-12422 CVE-2020-12423 CVE-2020-12424 CVE-2020-12425 CVE-2020-12426 CVE-2020-6813 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for squid fixes the following issues: - CVE-2020-15049.patch: fixes a Cache Poisoning and Request Smuggling attack (CVE-2020-15049, bsc#1173455) Important SUSE bug 1173455 CVE-2020-15049 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for tomcat fixes the following issues: Tomcat was updated to 9.0.36 See changelog at - CVE-2020-11996: Fixed an issue which by sending a specially crafted sequence of HTTP/2 requests could have triggered high CPU usage for several seconds making potentially the server unresponsive (bsc#1173389). Important SUSE bug 1173389 CVE-2020-11996 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update fixes the following issues: cobbler: - Calculate relative path for kernel and inited when generating grub entry (bsc#1170231) Added: fix-grub2-entry-paths.diff - Fix os-release version detection for SUSE Modified: sles15.patch - Jinja2 template library fix (bsc#1141661) - Removes string replace for textmode fix (bsc#1134195) golang-github-prometheus-node_exporter: - Update to 0.18.1 * [BUGFIX] Fix incorrect sysctl call in BSD meminfo collector, resulting in broken swap metrics on FreeBSD #1345 * [BUGFIX] Fix rollover bug in mountstats collector #1364 * Renamed interface label to device in netclass collector for consistency with * other network metrics #1224 * The cpufreq metrics now separate the cpufreq and scaling data based on what the driver provides. #1248 * The labels for the network_up metric have changed, see issue #1236 * Bonding collector now uses mii_status instead of operstatus #1124 * Several systemd metrics have been turned off by default to improve performance #1254 * These include unit_tasks_current, unit_tasks_max, service_restart_total, and unit_start_time_seconds * The systemd collector blacklist now includes automount, device, mount, and slice units by default. #1255 * [CHANGE] Bonding state uses mii_status #1124 * [CHANGE] Add a limit to the number of in-flight requests #1166 * [CHANGE] Renamed interface label to device in netclass collector #1224 * [CHANGE] Add separate cpufreq and scaling metrics #1248 * [CHANGE] Several systemd metrics have been turned off by default to improve performance #1254 * [CHANGE] Expand systemd collector blacklist #1255 * [CHANGE] Split cpufreq metrics into a separate collector #1253 * [FEATURE] Add a flag to disable exporter metrics #1148 * [FEATURE] Add kstat-based Solaris metrics for boottime, cpu and zfs collectors #1197 * [FEATURE] Add uname collector for FreeBSD #1239 * [FEATURE] Add diskstats collector for OpenBSD #1250 * [FEATURE] Add pressure collector exposing pressure stall information for Linux #1174 * [FEATURE] Add perf exporter for Linux #1274 * [ENHANCEMENT] Add Infiniband counters #1120 * [ENHANCEMENT] Add TCPSynRetrans to netstat default filter #1143 * [ENHANCEMENT] Move network_up labels into new metric network_info #1236 * [ENHANCEMENT] Use 64-bit counters for Darwin netstat * [BUGFIX] Add fallback for missing /proc/1/mounts #1172 * [BUGFIX] Fix node_textfile_mtime_seconds to work properly on symlinks #1326 - Add network-online (Wants and After) dependency to systemd unit bsc#1143913 golang-github-prometheus-prometheus: - Update change log and spec file + Modified spec file: default to golang 1.14 to avoid 'have choice' build issues in OBS. + Rebase and update patches for version 2.18.0 + Changed: * 0002-Default-settings.patch Changed - Update to 2.18.0 + Features * Tracing: Added experimental Jaeger support #7148 + Changes * Federation: Only use local TSDB for federation (ignore remote read). #7096 * Rules: `rule_evaluations_total` and `rule_evaluation_failures_total` have a `rule_group` label now. #7094 + Enhancements * TSDB: Significantly reduce WAL size kept around after a block cut. #7098 * Discovery: Add `architecture` meta label for EC2. #7000 + Bug fixes * UI: Fixed wrong MinTime reported by /status. #7182 * React UI: Fixed multiselect legend on OSX. #6880 * Remote Write: Fixed blocked resharding edge case. #7122 * Remote Write: Fixed remote write not updating on relabel configs change. #7073 - Changes from 2.17.2 + Bug fixes * Federation: Register federation metrics #7081 * PromQL: Fix panic in parser error handling #7132 * Rules: Fix reloads hanging when deleting a rule group that is being evaluated #7138 * TSDB: Fix a memory leak when prometheus starts with an empty TSDB WAL #7135 * TSDB: Make isolation more robust to panics in web handlers #7129 #7136 - Changes from 2.17.1 + Bug fixes * TSDB: Fix query performance regression that increased memory and CPU usage #7051 - Changes from 2.17.0 + Features * TSDB: Support isolation #6841 * This release implements isolation in TSDB. API queries and recording rules are guaranteed to only see full scrapes and full recording rules. This comes with a certain overhead in resource usage. Depending on the situation, there might be some increase in memory usage, CPU usage, or query latency. + Enhancements * PromQL: Allow more keywords as metric names #6933 * React UI: Add normalization of localhost URLs in targets page #6794 * Remote read: Read from remote storage concurrently #6770 * Rules: Mark deleted rule series as stale after a reload #6745 * Scrape: Log scrape append failures as debug rather than warn #6852 * TSDB: Improve query performance for queries that partially hit the head #6676 * Consul SD: Expose service health as meta label #5313 * EC2 SD: Expose EC2 instance lifecycle as meta label #6914 * Kubernetes SD: Expose service type as meta label for K8s service role #6684 * Kubernetes SD: Expose label_selector and field_selector #6807 * Openstack SD: Expose hypervisor id as meta label #6962 + Bug fixes * PromQL: Do not escape HTML-like chars in query log #6834 #6795 * React UI: Fix data table matrix values #6896 * React UI: Fix new targets page not loading when using non-ASCII characters #6892 * Remote read: Fix duplication of metrics read from remote storage with external labels #6967 #7018 * Remote write: Register WAL watcher and live reader metrics for all remotes, not just the first one #6998 * Scrape: Prevent removal of metric names upon relabeling #6891 * Scrape: Fix 'superfluous response.WriteHeader call' errors when scrape fails under some circonstances #6986 * Scrape: Fix crash when reloads are separated by two scrape intervals #7011 - Changes from 2.16.0 + Features * React UI: Support local timezone on /graph #6692 * PromQL: add absent_over_time query function #6490 * Adding optional logging of queries to their own file #6520 + Enhancements * React UI: Add support for rules page and 'Xs ago' duration displays #6503 * React UI: alerts page, replace filtering togglers tabs with checkboxes #6543 * TSDB: Export metric for WAL write errors #6647 * TSDB: Improve query performance for queries that only touch the most recent 2h of data. #6651 * PromQL: Refactoring in parser errors to improve error messages #6634 * PromQL: Support trailing commas in grouping opts #6480 * Scrape: Reduce memory usage on reloads by reusing scrape cache #6670 * Scrape: Add metrics to track bytes and entries in the metadata cache #6675 * promtool: Add support for line-column numbers for invalid rules output #6533 * Avoid restarting rule groups when it is unnecessary #6450 + Bug fixes * React UI: Send cookies on fetch() on older browsers #6553 * React UI: adopt grafana flot fix for stacked graphs #6603 * React UI: broken graph page browser history so that back button works as expected #6659 * TSDB: ensure compactionsSkipped metric is registered, and log proper error if one is returned from head.Init #6616 * TSDB: return an error on ingesting series with duplicate labels #6664 * PromQL: Fix unary operator precedence #6579 * PromQL: Respect query.timeout even when we reach query.max-concurrency #6712 * PromQL: Fix string and parentheses handling in engine, which affected React UI #6612 * PromQL: Remove output labels returned by absent() if they are produced by multiple identical label matchers #6493 * Scrape: Validate that OpenMetrics input ends with `# EOF` #6505 * Remote read: return the correct error if configs can't be marshal'd to JSON #6622 * Remote write: Make remote client `Store` use passed context, which can affect shutdown timing #6673 * Remote write: Improve sharding calculation in cases where we would always be consistently behind by tracking pendingSamples #6511 * Ensure prometheus_rule_group metrics are deleted when a rule group is removed #6693 - Changes from 2.15.2 + Bug fixes * TSDB: Fixed support for TSDB blocks built with Prometheus before 2.1.0. #6564 * TSDB: Fixed block compaction issues on Windows. #6547 - Changes from 2.15.1 + Bug fixes * TSDB: Fixed race on concurrent queries against same data. #6512 - Changes from 2.15.0 + Features * API: Added new endpoint for exposing per metric metadata `/metadata`. #6420 #6442 + Changes * Discovery: Removed `prometheus_sd_kubernetes_cache_*` metrics. Additionally `prometheus_sd_kubernetes_workqueue_latency_seconds` and `prometheus_sd_kubernetes_workqueue_work_duration_seconds` metrics now show correct values in seconds. #6393 * Remote write: Changed `query` label on `prometheus_remote_storage_*` metrics to `remote_name` and `url`. #6043 + Enhancements * TSDB: Significantly reduced memory footprint of loaded TSDB blocks. #6418 #6461 * TSDB: Significantly optimized what we buffer during compaction which should result in lower memory footprint during compaction. #6422 #6452 #6468 #6475 * TSDB: Improve replay latency. #6230 * TSDB: WAL size is now used for size based retention calculation. #5886 * Remote read: Added query grouping and range hints to the remote read request #6401 * Remote write: Added `prometheus_remote_storage_sent_bytes_total` counter per queue. #6344 * promql: Improved PromQL parser performance. #6356 * React UI: Implemented missing pages like `/targets` #6276, TSDB status page #6281 #6267 and many other fixes and performance improvements. * promql: Prometheus now accepts spaces between time range and square bracket. e.g `[ 5m]` #6065 + Bug fixes * Config: Fixed alertmanager configuration to not miss targets when configurations are similar. #6455 * Remote write: Value of `prometheus_remote_storage_shards_desired` gauge shows raw value of desired shards and it's updated correctly. #6378 * Rules: Prometheus now fails the evaluation of rules and alerts where metric results collide with labels specified in `labels` field. #6469 * API: Targets Metadata API `/targets/metadata` now accepts empty `match_targets` parameter as in the spec. #6303 - Changes from 2.14.0 + Features * API: `/api/v1/status/runtimeinfo` and `/api/v1/status/buildinfo` endpoints added for use by the React UI. #6243 * React UI: implement the new experimental React based UI. #5694 and many more * Can be found by under `/new`. * Not all pages are implemented yet. * Status: Cardinality statistics added to the Runtime & Build Information page. #6125 + Enhancements * Remote write: fix delays in remote write after a compaction. #6021 * UI: Alerts can be filtered by state. #5758 + Bug fixes * Ensure warnings from the API are escaped. #6279 * API: lifecycle endpoints return 403 when not enabled. #6057 * Build: Fix Solaris build. #6149 * Promtool: Remove false duplicate rule warnings when checking rule files with alerts. #6270 * Remote write: restore use of deduplicating logger in remote write. #6113 * Remote write: do not reshard when unable to send samples. #6111 * Service discovery: errors are no longer logged on context cancellation. #6116, #6133 * UI: handle null response from API properly. #6071 - Changes from 2.13.1 + Bug fixes * Fix panic in ARM builds of Prometheus. #6110 * promql: fix potential panic in the query logger. #6094 * Multiple errors of http: superfluous response.WriteHeader call in the logs. #6145 - Changes from 2.13.0 + Enhancements * Metrics: renamed prometheus_sd_configs_failed_total to prometheus_sd_failed_configs and changed to Gauge #5254 * Include the tsdb tool in builds. #6089 * Service discovery: add new node address types for kubernetes. #5902 * UI: show warnings if query have returned some warnings. #5964 * Remote write: reduce memory usage of the series cache. #5849 * Remote read: use remote read streaming to reduce memory usage. #5703 * Metrics: added metrics for remote write max/min/desired shards to queue manager. #5787 * Promtool: show the warnings during label query. #5924 * Promtool: improve error messages when parsing bad rules. #5965 * Promtool: more promlint rules. #5515 + Bug fixes * UI: Fix a Stored DOM XSS vulnerability with query history [CVE-2019-10215](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10215). #6098 * Promtool: fix recording inconsistency due to duplicate labels. #6026 * UI: fixes service-discovery view when accessed from unhealthy targets. #5915 * Metrics format: OpenMetrics parser crashes on short input. #5939 * UI: avoid truncated Y-axis values. #6014 - Changes from 2.12.0 + Features * Track currently active PromQL queries in a log file. #5794 * Enable and provide binaries for `mips64` / `mips64le` architectures. #5792 + Enhancements * Improve responsiveness of targets web UI and API endpoint. #5740 * Improve remote write desired shards calculation. #5763 * Flush TSDB pages more precisely. tsdb#660 * Add `prometheus_tsdb_retention_limit_bytes` metric. tsdb#667 * Add logging during TSDB WAL replay on startup. tsdb#662 * Improve TSDB memory usage. tsdb#653, tsdb#643, tsdb#654, tsdb#642, tsdb#627 + Bug fixes * Check for duplicate label names in remote read. #5829 * Mark deleted rules' series as stale on next evaluation. #5759 * Fix JavaScript error when showing warning about out-of-sync server time. #5833 * Fix `promtool test rules` panic when providing empty `exp_labels`. #5774 * Only check last directory when discovering checkpoint number. #5756 * Fix error propagation in WAL watcher helper functions. #5741 * Correctly handle empty labels from alert templates. #5845 - Update Uyuni/SUSE Manager service discovery patch + Modified 0003-Add-Uyuni-service-discovery.patch: + Adapt service discovery to the new Uyuni API endpoints + Modified spec file: force golang 1.12 to fix build issues in SLE15SP2 - Update to Prometheus 2.11.2 grafana: - Update to version 7.0.3 * Features / Enhancements - Stats: include all fields. #24829, @ryantxu - Variables: change VariableEditorList row action Icon to IconButton. #25217, @hshoff * Bug fixes - Cloudwatch: Fix dimensions of DDoSProtection. #25317, @papagian - Configuration: Fix env var override of sections containing hyphen. #25178, @marefr - Dashboard: Get panels in collapsed rows. #25079, @peterholmberg - Do not show alerts tab when alerting is disabled. #25285, @dprokop - Jaeger: fixes cascader option label duration value. #25129, @Estrax - Transformations: Fixed Transform tab crash & no update after adding first transform. #25152, @torkelo - Update to version 7.0.2 * Bug fixes - Security: Urgent security patch release to fix CVE-2020-13379 - Update to version 7.0.1 * Features / Enhancements - Datasource/CloudWatch: Makes CloudWatch Logs query history more readable. #24795, @kaydelaney - Download CSV: Add date and time formatting. #24992, @ryantxu - Table: Make last cell value visible when right aligned. #24921, @peterholmberg - TablePanel: Adding sort order persistance. #24705, @torkelo - Transformations: Display correct field name when using reduce transformation. #25068, @peterholmberg - Transformations: Allow custom number input for binary operations. #24752, @ryantxu * Bug fixes - Dashboard/Links: Fixes dashboard links by tags not working. #24773, @KamalGalrani - Dashboard/Links: Fixes open in new window for dashboard link. #24772, @KamalGalrani - Dashboard/Links: Variables are resolved and limits to 100. #25076, @hugohaggmark - DataLinks: Bring back variables interpolation in title. #24970, @dprokop - Datasource/CloudWatch: Field suggestions no longer limited to prefix-only. #24855, @kaydelaney - Explore/Table: Keep existing field types if possible. #24944, @kaydelaney - Explore: Fix wrap lines toggle for results of queries with filter expression. #24915, @ivanahuckova - Explore: fix undo in query editor. #24797, @zoltanbedi - Explore: fix word break in type head info. #25014, @zoltanbedi - Graph: Legend decimals now work as expected. #24931, @torkelo - LoginPage: Fix hover color for service buttons. #25009, @tskarhed - LogsPanel: Fix scrollbar. #24850, @ivanahuckova - MoveDashboard: Fix for moving dashboard caused all variables to be lost. #25005, @torkelo - Organize transformer: Use display name in field order comparer. #24984, @dprokop - Panel: shows correct panel menu items in view mode. #24912, @hugohaggmark - PanelEditor Fix missing labels and description if there is only single option in category. #24905, @dprokop - PanelEditor: Overrides name matcher still show all original field names even after Field default display name is specified. #24933, @torkelo - PanelInspector: Makes sure Data display options are visible. #24902, @hugohaggmark - PanelInspector: Hides unsupported data display options for Panel type. #24918, @hugohaggmark - PanelMenu: Make menu disappear on button press. #25015, @tskarhed - Postgres: Fix add button. #25087, @phemmer - Prometheus: Fix recording rules expansion. #24977, @ivanahuckova - Stackdriver: Fix creating Service Level Objectives (SLO) datasource query variable. #25023, @papagian - Update to version 7.0.0 * Breaking changes - Removed PhantomJS: PhantomJS was deprecated in Grafana v6.4 and starting from Grafana v7.0.0, all PhantomJS support has been removed. This means that Grafana no longer ships with a built-in image renderer, and we advise you to install the Grafana Image Renderer plugin. - Dashboard: A global minimum dashboard refresh interval is now enforced and defaults to 5 seconds. - Interval calculation: There is now a new option Max data points that controls the auto interval $__interval calculation. Interval was previously calculated by dividing the panel width by the time range. With the new max data points option it is now easy to set $__interval to a dynamic value that is time range agnostic. For example if you set Max data points to 10 Grafana will dynamically set $__interval by dividing the current time range by 10. - Datasource/Loki: Support for deprecated Loki endpoints has been removed. - Backend plugins: Grafana now requires backend plugins to be signed, otherwise Grafana will not load/start them. This is an additional security measure to make sure backend plugin binaries and files haven't been tampered with. Refer to Upgrade Grafana for more information. - @grafana/ui: Forms migration notice, see @grafana/ui changelog - @grafana/ui: Select API change for creating custom values, see @grafana/ui changelog + Deprecation warnings - Scripted dashboards is now deprecated. The feature is not removed but will be in a future release. We hope to address the underlying requirement of dynamic dashboards in a different way. #24059 - The unofficial first version of backend plugins together with usage of grafana/grafana-plugin-model is now deprecated and support for that will be removed in a future release. Please refer to backend plugins documentation for information about the new officially supported backend plugins. * Features / Enhancements - Backend plugins: Log deprecation warning when using the unofficial first version of backend plugins. #24675, @marefr - Editor: New line on Enter, run query on Shift+Enter. #24654, @davkal - Loki: Allow multiple derived fields with the same name. #24437, @aocenas - Orgs: Add future deprecation notice. #24502, @torkelo * Bug Fixes - @grafana/toolkit: Use process.cwd() instead of PWD to get directory. #24677, @zoltanbedi - Admin: Makes long settings values line break in settings page. #24559, @hugohaggmark - Dashboard: Allow editing provisioned dashboard JSON and add confirmation when JSON is copied to dashboard. #24680, @dprokop - Dashboard: Fix for strange 'dashboard not found' errors when opening links in dashboard settings. #24416, @torkelo - Dashboard: Fix so default data source is selected when data source can't be found in panel editor. #24526, @mckn - Dashboard: Fixed issue changing a panel from transparent back to normal in panel editor. #24483, @torkelo - Dashboard: Make header names reflect the field name when exporting to CSV file from the the panel inspector. #24624, @peterholmberg - Dashboard: Make sure side pane is displayed with tabs by default in panel editor. #24636, @dprokop - Data source: Fix query/annotation help content formatting. #24687, @AgnesToulet - Data source: Fixes async mount errors. #24579, @Estrax - Data source: Fixes saving a data source without failure when URL doesn't specify a protocol. #24497, @aknuds1 - Explore/Prometheus: Show results of instant queries only in table. #24508, @ivanahuckova - Explore: Fix rendering of react query editors. #24593, @ivanahuckova - Explore: Fixes loading more logs in logs context view. #24135, @Estrax - Graphite: Fix schema and dedupe strategy in rollup indicators for Metrictank queries. #24685, @torkelo - Graphite: Makes query annotations work again. #24556, @hugohaggmark - Logs: Clicking 'Load more' from context overlay doesn't expand log row. #24299, @kaydelaney - Logs: Fix total bytes process calculation. #24691, @davkal - Org/user/team preferences: Fixes so UI Theme can be set back to Default. #24628, @AgnesToulet - Plugins: Fix manifest validation. #24573, @aknuds1 - Provisioning: Use proxy as default access mode in provisioning. #24669, @bergquist - Search: Fix select item when pressing enter and Grafana is served using a sub path. #24634, @tskarhed - Search: Save folder expanded state. #24496, @Clarity-89 - Security: Tag value sanitization fix in OpenTSDB data source. #24539, @rotemreiss - Table: Do not include angular options in options when switching from angular panel. #24684, @torkelo - Table: Fixed persisting column resize for time series fields. #24505, @torkelo - Table: Fixes Cannot read property subRows of null. #24578, @hugohaggmark - Time picker: Fixed so you can enter a relative range in the time picker without being converted to absolute range. #24534, @mckn - Transformations: Make transform dropdowns not cropped. #24615, @dprokop - Transformations: Sort order should be preserved as entered by user when using the reduce transformation. #24494, @hugohaggmark - Units: Adds scale symbol for currencies with suffixed symbol. #24678, @hugohaggmark - Variables: Fixes filtering options with more than 1000 entries. #24614, @hugohaggmark - Variables: Fixes so Textbox variables read value from url. #24623, @hugohaggmark - Zipkin: Fix error when span contains remoteEndpoint. #24524, @aocenas - SAML: Switch from email to login for user login attribute mapping (Enterprise) - Update Makefile and spec file * Remove phantomJS patch from Makefile * Fix multiline strings in Makefile * Exclude s390 from SLE12 builds, golang 1.14 is not built for s390 - Add instructions for patching the Grafana javascript frontend. - BuildRequires golang(API) instead of go metapackage version range * BuildRequires: golang(API) >= 1.14 from BuildRequires: ( go >= 1.14 with go < 1.15 ) - Update to version 6.7.3 - This version fixes bsc#1170557 and its corresponding CVE-2020-12245 - Admin: Fix Synced via LDAP message for non-LDAP external users. #23477, @alexanderzobnin - Alerting: Fixes notifications for alerts with empty message in Google Hangouts notifier. #23559, @hugohaggmark - AuthProxy: Fixes bug where long username could not be cached.. #22926, @jcmcken - Dashboard: Fix saving dashboard when editing raw dashboard JSON model. #23314, @peterholmberg - Dashboard: Try to parse 8 and 15 digit numbers as timestamps if parsing of time range as date fails. #21694, @jessetan - DashboardListPanel: Fixed problem with empty panel after going into edit mode (General folder filter being automatically added) . #23426, @torkelo - Data source: Handle datasource withCredentials option properly. #23380, @hvtuananh - Security: Fix annotation popup XSS vulnerability. #23813, @torkelo - Server: Exit Grafana with status code 0 if no error. #23312, @aknuds1 - TablePanel: Fix XSS issue in header column rename (backport). #23814, @torkelo - Variables: Fixes error when setting adhoc variable values. #23580, @hugohaggmark - Update to version 6.7.2: (see installed changelog for the full list of changes) - BackendSrv: Adds config to response to fix issue for external plugins that used this property . #23032, @torkelo - Dashboard: Fixed issue with saving new dashboard after changing title . #23104, @dprokop - DataLinks: make sure we use the correct datapoint when dataset contains null value.. #22981, @mckn - Plugins: Fixed issue for plugins that imported dateMath util . #23069, @mckn - Security: Fix for dashboard snapshot original dashboard link could contain XSS vulnerability in url. #23254, @torkelo - Variables: Fixes issue with too many queries being issued for nested template variables after value change. #23220, @torkelo - Plugins: Expose promiseToDigest. #23249, @torkelo - Reporting (Enterprise): Fixes issue updating a report created by someone else - Update to 6.7.1: (see installed changelog for the full list of changes) Bug Fixes - Azure: Fixed dropdowns not showing current value. #22914, @torkelo - BackendSrv: only add content-type on POST, PUT requests. #22910, @hugohaggmark - Panels: Fixed size issue with panel internal size when exiting panel edit mode. #22912, @torkelo - Reporting: fixes migrations compatibility with mysql (Enterprise) - Reporting: Reduce default concurrency limit to 4 (Enterprise) - Update to 6.7.0: (see installed changelog for the full list of changes) Bug Fixes - AngularPanels: Fixed inner height calculation for angular panels . #22796, @torkelo - BackendSrv: makes sure provided headers are correctly recognized and set. #22778, @hugohaggmark - Forms: Fix input suffix position (caret-down in Select) . #22780, @torkelo - Graphite: Fixed issue with query editor and next select metric now showing after selecting metric node . #22856, @torkelo - Rich History: UX adjustments and fixes. #22729, @ivanahuckova - Update to 6.7.0-beta1: Breaking changes - Slack: Removed Mention setting and instead introduce Mention Users, Mention Groups, and Mention Channel. The first two settings require user and group IDs, respectively. This change was necessary because the way of mentioning via the Slack API changed and mentions in Slack notifications no longer worked. - Alerting: Reverts the behavior of diff and percent_diff to not always be absolute. Something we introduced by mistake in 6.1.0. Alerting now support diff(), diff_abs(), percent_diff() and percent_diff_abs(). #21338 - Notice about changes in backendSrv for plugin authors In our mission to migrate away from AngularJS to React we have removed all AngularJS dependencies in the core data retrieval service backendSrv. Removing the AngularJS dependencies in backendSrv has the unfortunate side effect of AngularJS digest no longer being triggered for any request made with backendSrv. Because of this, external plugins using backendSrv directly may suffer from strange behaviour in the UI. To remedy this issue, as a plugin author you need to trigger the digest after a direct call to backendSrv. Bug Fixes API: Fix redirect issues. #22285, @papagian Alerting: Don't include image_url field with Slack message if empty. #22372, @aknuds1 Alerting: Fixed bad background color for default notifications in alert tab . #22660, @krvajal Annotations: In table panel when setting transform to annotation, they will now show up right away without a manual refresh. #22323, @krvajal Azure Monitor: Fix app insights source to allow for new __timeFrom and __timeTo. #21879, @ChadNedzlek BackendSrv: Fixes POST body for form data. gmark CloudWatch: Credentials cache invalidation fix. #22473, @sunker CloudWatch: Expand alias variables when query yields no result. #22695, @sunker Dashboard: Fix bug with NaN in alerting. #22053, @a-melnyk Explore: Fix display of multiline logs in log panel and explore. #22057, @thomasdraebing Heatmap: Legend color range is incorrect when using custom min/max. #21748, @sv5d Security: Fixed XSS issue in dashboard history diff . #22680, @torkelo StatPanel: Fixes base color is being used for null values . #22646, @torkelo - Update to version 6.6.2: (see installed changelog for the full list of changes) - Update to version 6.6.1: (see installed changelog for the full list of changes) - Update to version 6.6.0: (see installed changelog for the full list of changes) - Update to version 6.5.3: (see installed changelog for the full list of changes) - Update to version 6.5.2: (see installed changelog for the full list of changes) - Update to version 6.5.1: (see installed changelog for the full list of changes) - Update to version 6.5.0 (see installed changelog for the full list of changes) - Update to version 6.4.5: * Create version 6.4.5 * CloudWatch: Fix high CPU load (#20579) - Add obs-service-go_modules to download required modules into vendor.tar.gz - Adjusted spec file to use vendor.tar.gz - Adjusted Makefile to work with new filenames - BuildRequire go1.14 - Update to version 6.4.4: * DataLinks: Fix blur issues. #19883, @aocenas * Docker: Makes it possible to parse timezones in the docker image. #20081, @xlson * LDAP: All LDAP servers should be tried even if one of them returns a connection error. #20077, @jongyllen * LDAP: No longer shows incorrectly matching groups based on role in debug page. #20018, @xlson * Singlestat: Fix no data / null value mapping . #19951, @ryantxu - Revert the spec file and make script - Remove PhantomJS dependency - Update to 6.4.3 * Bug Fixes - Alerting: All notification channels should send even if one fails to send. #19807, @jan25 - AzureMonitor: Fix slate interference with dropdowns. #19799, @aocenas - ContextMenu: make ContextMenu positioning aware of the viewport width. #19699, @krvajal - DataLinks: Fix context menu not showing in singlestat-ish visualisations. #19809, @dprokop - DataLinks: Fix url field not releasing focus. #19804, @aocenas - Datasource: Fixes clicking outside of some query editors required 2 clicks. #19822, @aocenas - Panels: Fixes default tab for visualizations without Queries Tab. #19803, @hugohaggmark - Singlestat: Fixed issue with mapping null to text. #19689, @torkelo - @grafana/toolkit: Don't fail plugin creation when git user.name config is not set. #19821, @dprokop - @grafana/toolkit: TSLint line number off by 1. #19782, @fredwangwang - Update to 6.4.2 * Bug Fixes - CloudWatch: Changes incorrect dimension wmlid to wlmid . #19679, @ATTron - Grafana Image Renderer: Fixes plugin page. #19664, @hugohaggmark - Graph: Fixes auto decimals logic for y axis ticks that results in too many decimals for high values. #19618, @torkelo - Graph: Switching to series mode should re-render graph. #19623, @torkelo - Loki: Fix autocomplete on label values. #19579, @aocenas - Loki: Removes live option for logs panel. #19533, @davkal - Profile: Fix issue with user profile not showing more than sessions sessions in some cases. #19578, @huynhsamha - Prometheus: Fixes so results in Panel always are sorted by query order. #19597, @hugohaggmark - sted keys in YAML provisioning caused a server crash, #19547 - ImageRendering: Fixed issue with image rendering in enterprise build (Enterprise) - Reporting: Fixed issue with reporting service when STMP was disabled (Enterprise). - Changes from 6.4.0 * Features / Enhancements - Build: Upgrade go to 1.12.10. #19499, @marefr - DataLinks: Suggestions menu improvements. #19396, @dprokop - Explore: Take root_url setting into account when redirecting from dashboard to explore. #19447, @ivanahuckova - Explore: Update broken link to logql docs. #19510, @ivanahuckova - Logs: Adds Logs Panel as a visualization. #19504, @davkal * Bug Fixes - CLI: Fix version selection for plugin install. #19498, @aocenas - Graph: Fixes minor issue with series override color picker and custom color . #19516, @torkelo - Changes from 6.4.0 Beta 2 * Features / Enhancements - Azure Monitor: Remove support for cross resource queries (#19115)'. #19346, @sunker - Docker: Upgrade packages to resolve reported vulnerabilities. #19188, @marefr - Graphite: Time range expansion reduced from 1 minute to 1 second. #19246, @torkelo - grafana/toolkit: Add plugin creation task. #19207, @dprokop * Bug Fixes - Alerting: Prevents creating alerts from unsupported queries. #19250, @hugohaggmark - Alerting: Truncate PagerDuty summary when greater than 1024 characters. #18730, @nvllsvm - Cloudwatch: Fix autocomplete for Gamelift dimensions. #19146, @kevinpz - Dashboard: Fix export for sharing when panels use default data source. #19315, @torkelo - Database: Rewrite system statistics query to perform better. #19178, @papagian - Gauge/BarGauge: Fix issue with [object Object] in titles . #19217, @ryantxu - MSSQL: Revert usage of new connectionstring format introduced by #18384. #19203, @marefr - Multi-LDAP: Do not fail-fast on invalid credentials. #19261, @gotjosh - MySQL, Postgres, MSSQL: Fix validating query with template variables in alert . #19237, @marefr - MySQL, Postgres: Update raw sql when query builder updates. #19209, @marefr - MySQL: Limit datasource error details returned from the backend. #19373, @marefr - Changes from 6.4.0 Beta 1 * Features / Enhancements - API: Readonly datasources should not be created via the API. #19006, @papagian - Alerting: Include configured AlertRuleTags in Webhooks notifier. #18233, @dominic-miglar - Annotations: Add annotations support to Loki. #18949, @aocenas - Annotations: Use a single row to represent a region. #17673, @ryantxu - Auth: Allow inviting existing users when login form is disabled. #19048, @548017 - Azure Monitor: Add support for cross resource queries. #19115, @sunker - CLI: Allow installing custom binary plugins. #17551, @aocenas - Dashboard: Adds Logs Panel (alpha) as visualization option for Dashboards. #18641, @hugohaggmark - Dashboard: Reuse query results between panels . #16660, @ryantxu - Dashboard: Set time to to 23:59:59 when setting To time using calendar. #18595, @simPod - DataLinks: Add DataLinks support to Gauge, BarGauge and SingleStat2 panel. #18605, @ryantxu - DataLinks: Enable access to labels & field names. #18918, @torkelo - DataLinks: Enable multiple data links per panel. #18434, @dprokop - Docker: switch docker image to alpine base with phantomjs support. #18468, @DanCech - Elasticsearch: allow templating queries to order by doc_count. #18870, @hackery - Explore: Add throttling when doing live queries. #19085, @aocenas - Explore: Adds ability to go back to dashboard, optionally with query changes. #17982, @kaydelaney - Explore: Reduce default time range to last hour. #18212, @davkal - Gauge/BarGauge: Support decimals for min/max. #18368, @ryantxu - Graph: New series override transform constant that renders a single point as a line across the whole graph. #19102, @davkal - Image rendering: Add deprecation warning when PhantomJS is used for rendering images. #18933, @papagian - InfluxDB: Enable interpolation within ad-hoc filter values. #18077, @kvc-code - LDAP: Allow an user to be synchronized against LDAP. #18976, @gotjosh - Ldap: Add ldap debug page. #18759, @peterholmberg - Loki: Remove prefetching of default label values. #18213, @davkal - Metrics: Add failed alert notifications metric. #18089, @koorgoo - OAuth: Support JMES path lookup when retrieving user email. #14683, @bobmshannon - OAuth: return GitLab groups as a part of user info (enable team sync). #18388, @alexanderzobnin - Panels: Add unit for electrical charge - ampere-hour. #18950, @anirudh-ramesh - Plugin: AzureMonitor - Reapply MetricNamespace support. #17282, @raphaelquati - Plugins: better warning when plugins fail to load. #18671, @ryantxu - Postgres: Add support for scram sha 256 authentication. #18397, @nonamef - RemoteCache: Support SSL with Redis. #18511, @kylebrandt - SingleStat: The gauge option in now disabled/hidden (unless it's an old panel with it already enabled) . #18610, @ryantxu - Stackdriver: Add extra alignment period options. #18909, @sunker - Units: Add South African Rand (ZAR) to currencies. #18893, @jeteon - Units: Adding T,P,E,Z,and Y bytes. #18706, @chiqomar * Bug Fixes - Alerting: Notification is sent when state changes from no_data to ok. #18920, @papagian - Alerting: fix duplicate alert states when the alert fails to save to the database. #18216, @kylebrandt - Alerting: fix response popover prompt when add notification channels. #18967, @lzdw - CloudWatch: Fix alerting for queries with Id (using GetMetricData). #17899, @alex-berger - Explore: Fix auto completion on label values for Loki. #18988, @aocenas - Explore: Fixes crash using back button with a zoomed in graph. #19122, @hugohaggmark - Explore: Fixes so queries in Explore are only run if Graph/Table is shown. #19000, @hugohaggmark - MSSQL: Change connectionstring to URL format to fix using passwords with semicolon. #18384, @Russiancold - MSSQL: Fix memory leak when debug enabled. #19049, @briangann - Provisioning: Allow escaping literal '$' with '$$' in configs to avoid interpolation. #18045, @kylebrandt - TimePicker: Fixes hiding time picker dropdown in FireFox. #19154, @hugohaggmark * Breaking changes + Annotations There are some breaking changes in the annotations HTTP API for region annotations. Region annotations are now represented using a single event instead of two seperate events. Check breaking changes in HTTP API below and HTTP API documentation for more details. + Docker Grafana is now using Alpine 3.10 as docker base image. + HTTP API - GET /api/alert-notifications now requires at least editor access. New /api/alert-notifications/lookup returns less information than /api/alert-notifications and can be access by any authenticated user. - GET /api/alert-notifiers now requires at least editor access - GET /api/org/users now requires org admin role. New /api/org/users/lookup returns less information than /api/org/users and can be access by users that are org admins, admin in any folder or admin of any team. - GET /api/annotations no longer returns regionId property. - POST /api/annotations no longer supports isRegion property. - PUT /api/annotations/:id no longer supports isRegion property. - PATCH /api/annotations/:id no longer supports isRegion property. - DELETE /api/annotations/region/:id has been removed. * Deprecation notes + PhantomJS - PhantomJS, which is used for rendering images of dashboards and panels, is deprecated and will be removed in a future Grafana release. A deprecation warning will from now on be logged when Grafana starts up if PhantomJS is in use. Please consider migrating from PhantomJS to the Grafana Image Renderer plugin. - Changes from 6.3.6 * Features / Enhancements - Metrics: Adds setting for turning off total stats metrics. #19142, @marefr * Bug Fixes - Database: Rewrite system statistics query to perform better. #19178, @papagian - Explore: Fixes error when switching from prometheus to loki data sources. #18599, @kaydelaney - Rebase package spec. Use mostly from fedora, fix suse specified things and fix some errors. - Add missing directories provisioning/datasources and provisioning/notifiers and sample.yaml as described in packaging/rpm/control from upstream. Missing directories are shown in logfiles. - Version 6.3.5 * Upgrades + Build: Upgrade to go 1.12.9. * Bug Fixes + Dashboard: Fixes dashboards init failed loading error for dashboards with panel links that had missing properties. + Editor: Fixes issue where only entire lines were being copied. + Explore: Fixes query field layout in splitted view for Safari browsers. + LDAP: multildap + ldap integration. + Profile/UserAdmin: Fix for user agent parser crashes grafana-server on 32-bit builds. + Prometheus: Prevents panel editor crash when switching to Prometheus datasource. + Prometheus: Changes brace-insertion behavior to be less annoying. - Version 6.3.4 * Security: CVE-2019-15043 - Parts of the HTTP API allow unauthenticated use. - Version 6.3.3 * Bug Fixes + Annotations: Fix failing annotation query when time series query is cancelled. #18532 1, @dprokop 1 + Auth: Do not set SameSite cookie attribute if cookie_samesite is none. #18462 1, @papagian 3 + DataLinks: Apply scoped variables to data links correctly. #18454 1, @dprokop 1 + DataLinks: Respect timezone when displaying datapoint’s timestamp in graph context menu. #18461 2, @dprokop 1 + DataLinks: Use datapoint timestamp correctly when interpolating variables. #18459 1, @dprokop 1 + Explore: Fix loading error for empty queries. #18488 1, @davkal + Graph: Fixes legend issue clicking on series line icon and issue with horizontal scrollbar being visible on windows. #18563 1, @torkelo 2 + Graphite: Avoid glob of single-value array variables . #18420, @gotjosh + Prometheus: Fix queries with label_replace remove the $1 match when loading query editor. #18480 5, @hugohaggmark 3 + Prometheus: More consistently allows for multi-line queries in editor. #18362 2, @kaydelaney 2 + TimeSeries: Assume values are all numbers. #18540 4, @ryantxu - Version 6.3.2 * Bug Fixes + Gauge/BarGauge: Fixes issue with losts thresholds and issue loading Gauge with avg stat. #18375 12 - Version 6.3.1 * Bug Fixes + PanelLinks: Fix crash issue Gauge & Bar Gauge for panels with panel links (drill down links). #18430 2 - Version 6.3.0 * Features / Enhancements + OAuth: Do not set SameSite OAuth cookie if cookie_samesite is None. #18392 4, @papagian 3 + Auth Proxy: Include additional headers as part of the cache key. #18298 6, @gotjosh + Build grafana images consistently. #18224 12, @hassanfarid + Docs: SAML. #18069 11, @gotjosh + Permissions: Show plugins in nav for non admin users but hide plugin configuration. #18234 1, @aocenas + TimePicker: Increase max height of quick range dropdown. #18247 2, @torkelo 2 + Alerting: Add tags to alert rules. #10989 13, @Thib17 1 + Alerting: Attempt to send email notifications to all given email addresses. #16881 1, @zhulongcheng + Alerting: Improve alert rule testing. #16286 2, @marefr + Alerting: Support for configuring content field for Discord alert notifier. #17017 2, @jan25 + Alertmanager: Replace illegal chars with underscore in label names. #17002 5, @bergquist 1 + Auth: Allow expiration of API keys. #17678, @papagian 3 + Auth: Return device, os and browser when listing user auth tokens in HTTP API. #17504, @shavonn 1 + Auth: Support list and revoke of user auth tokens in UI. #17434 2, @shavonn 1 + AzureMonitor: change clashing built-in Grafana variables/macro names for Azure Logs. #17140, @shavonn 1 + CloudWatch: Made region visible for AWS Cloudwatch Expressions. #17243 2, @utkarshcmu + Cloudwatch: Add AWS DocDB metrics. #17241, @utkarshcmu + Dashboard: Use timezone dashboard setting when exporting to CSV. #18002 1, @dehrax + Data links. #17267 11, @torkelo 2 + Docker: Switch base image to ubuntu:latest from debian:stretch to avoid security issues… #17066 5, @bergquist 1 + Elasticsearch: Support for visualizing logs in Explore . #17605 7, @marefr + Explore: Adds Live option for supported datasources. #17062 1, @hugohaggmark 3 + Explore: Adds orgId to URL for sharing purposes. #17895 1, @kaydelaney 2 + Explore: Adds support for new loki ‘start’ and ‘end’ params for labels endpoint. #17512, @kaydelaney 2 + Explore: Adds support for toggling raw query mode in explore. #17870, @kaydelaney 2 + Explore: Allow switching between metrics and logs . #16959 2, @marefr + Explore: Combines the timestamp and local time columns into one. #17775, @hugohaggmark 3 + Explore: Display log lines context . #17097, @dprokop 1 + Explore: Don’t parse log levels if provided by field or label. #17180 1, @marefr + Explore: Improves performance of Logs element by limiting re-rendering. #17685, @kaydelaney 2 + Explore: Support for new LogQL filtering syntax. #16674 4, @davkal + Explore: Use new TimePicker from Grafana/UI. #17793, @hugohaggmark 3 + Explore: handle newlines in LogRow Highlighter. #17425, @rrfeng 1 + Graph: Added new fill gradient option. #17528 3, @torkelo 2 + GraphPanel: Don’t sort series when legend table & sort column is not visible . #17095, @shavonn 1 + InfluxDB: Support for visualizing logs in Explore. #17450 9, @hugohaggmark 3 + Logging: Login and Logout actions (#17760). #17883 1, @ATTron + Logging: Move log package to pkg/infra. #17023, @zhulongcheng + Metrics: Expose stats about roles as metrics. #17469 2, @bergquist 1 + MySQL/Postgres/MSSQL: Add parsing for day, weeks and year intervals in macros. #13086 6, @bernardd + MySQL: Add support for periodically reloading client certs. #14892, @tpetr + Plugins: replace dataFormats list with skipDataQuery flag in plugin.json. #16984, @ryantxu + Prometheus: Take timezone into account for step alignment. #17477, @fxmiii + Prometheus: Use overridden panel range for $__range instead of dashboard range. #17352, @patrick246 + Prometheus: added time range filter to series labels query. #16851 3, @FUSAKLA + Provisioning: Support folder that doesn’t exist yet in dashboard provisioning. #17407 1, @Nexucis + Refresh picker: Handle empty intervals. #17585 1, @dehrax + Singlestat: Add y min/max config to singlestat sparklines. #17527 4, @pitr + Snapshot: use given key and deleteKey. #16876, @zhulongcheng + Templating: Correctly display __text in multi-value variable after page reload. #17840 1, @EduardSergeev + Templating: Support selecting all filtered values of a multi-value variable. #16873 2, @r66ad + Tracing: allow propagation with Zipkin headers. #17009 4, @jrockway + Users: Disable users removed from LDAP. #16820 2, @alexanderzobnin * Bug Fixes + PanelLinks: Fix render issue when there is no panel description. #18408 3, @dehrax + OAuth: Fix “missing saved state” OAuth login failure due to SameSite cookie policy. #18332 1, @papagian 3 + cli: fix for recognizing when in dev mode… #18334, @xlson + DataLinks: Fixes incorrect interpolation of ${__series_name} . #18251 1, @torkelo 2 + Loki: Display live tailed logs in correct order in Explore. #18031 3, @kaydelaney 2 + PhantomJS: Fixes rendering on Debian Buster. #18162 2, @xlson + TimePicker: Fixed style issue for custom range popover. #18244, @torkelo 2 + Timerange: Fixes a bug where custom time ranges didn’t respect UTC. #18248 1, @kaydelaney 2 + remote_cache: Fix redis connstr parsing. #18204 1, @mblaschke + AddPanel: Fix issue when removing moved add panel widget . #17659 2, @dehrax + CLI: Fix encrypt-datasource-passwords fails with sql error. #18014, @marefr + Elasticsearch: Fix default max concurrent shard requests. #17770 4, @marefr + Explore: Fix browsing back to dashboard panel. #17061, @jschill + Explore: Fix filter by series level in logs graph. #17798, @marefr + Explore: Fix issues when loading and both graph/table are collapsed. #17113, @marefr + Explore: Fix selection/copy of log lines. #17121, @marefr + Fix: Wrap value of multi variable in array when coming from URL. #16992 1, @aocenas + Frontend: Fix for Json tree component not working. #17608, @srid12 + Graphite: Fix for issue with alias function being moved last. #17791, @torkelo 2 + Graphite: Fixes issue with seriesByTag & function with variable param. #17795, @torkelo 2 + Graphite: use POST for /metrics/find requests. #17814 2, @papagian 3 + HTTP Server: Serve Grafana with a custom URL path prefix. #17048 6, @jan25 + InfluxDB: Fixes single quotes are not escaped in label value filters. #17398 1, @Panzki + Prometheus: Correctly escape ‘|’ literals in interpolated PromQL variables. #16932, @Limess + Prometheus: Fix when adding label for metrics which contains colons in Explore. #16760, @tolwi + SinglestatPanel: Remove background color when value turns null. #17552 1, @druggieri - Make phantomjs dependency configurable - Create plugin directory and clean up (create in %install, add to %files) handling of /var/lib/grafana/* and mgr-cfg: - Remove commented code in test files - Replace spacewalk-usix with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) - Add mgr manpage links mgr-custom-info: - Bump version to 4.1.0 (bsc#1154940) mgr-daemon: - Bump version to 4.1.0 (bsc#1154940) - Fix systemd timer configuration on SLE12 (bsc#1142038) mgr-osad: - Separate osa-dispatcher and jabberd so it can be disabled independently - Replace spacewalk-usix with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) - Move /usr/share/rhn/config-defaults to uyuni-base-common - Require uyuni-base-common for /etc/rhn (for osa-dispatcher) - Ensure bytes type when using hashlib to avoid traceback (bsc#1138822) mgr-push: - Replace spacewalk-usix and spacewalk-backend-libs with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) mgr-virtualization: - Replace spacewalk-usix with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) - Fix mgr-virtualization timer rhnlib: - Fix building - Fix malformed XML response when data contains non-ASCII chars (bsc#1154968) - Bump version to 4.1.0 (bsc#1154940) - Fix bootstrapping SLE11SP4 trad client with SSL enabled (bsc#1148177) spacecmd: - Only report real error, not result (bsc#1171687) - Use defined return values for spacecmd methods so scripts can check for failure (bsc#1171687) - Disable globbing for api subcommand to allow wildcards in filter settings (bsc#1163871) - Bugfix: attempt to purge SSM when it is empty (bsc#1155372) - Bump version to 4.1.0 (bsc#1154940) - Prevent error when piping stdout in Python 2 (bsc#1153090) - Java api expects content as encoded string instead of encoded bytes like before (bsc#1153277) - Enable building and installing for Ubuntu 16.04 and Ubuntu 18.04 - Add unit test for schedule, errata, user, utils, misc, configchannel and kickstart modules - Multiple minor bugfixes alongside the unit tests - Bugfix: referenced variable before assignment. - Add unit test for report, package, org, repo and group spacewalk-client-tools: - Add workaround for uptime overflow to spacewalk-update-status as well (bsc#1165921) - Spell correctly 'successful' and 'successfully' - Skip dmidecode data on aarch64 to prevent coredump (bsc#1113160) - Replace spacewalk-usix with uyuni-common-libs - Return a non-zero exit status on errors in rhn_check - Bump version to 4.1.0 (bsc#1154940) - Make a explicit requirement to systemd for spacewalk-client-tools when rhnsd timer is installed spacewalk-koan: - Bump version to 4.1.0 (bsc#1154940) - Require commands we use in merge-rd.sh spacewalk-oscap: - Bump version to 4.1.0 (bsc#1154940) spacewalk-remote-utils: - Update spacewalk-create-channel with RHEL 7.7 channel definitions - Bump version to 4.1.0 (bsc#1154940) supportutils-plugin-susemanager-client: - Bump version to 4.1.0 (bsc#1154940) suseRegisterInfo: - SuseRegisterInfo only needs perl-base, not full perl (bsc#1168310) - Bump version to 4.1.0 (bsc#1154940) zypp-plugin-spacewalk: - Prevent issue with non-ASCII characters in Python 2 systems (bsc#1172462) Moderate SUSE bug 1113160 SUSE bug 1134195 SUSE bug 1138822 SUSE bug 1141661 SUSE bug 1142038 SUSE bug 1143913 SUSE bug 1148177 SUSE bug 1153090 SUSE bug 1153277 SUSE bug 1154940 SUSE bug 1154968 SUSE bug 1155372 SUSE bug 1163871 SUSE bug 1165921 SUSE bug 1168310 SUSE bug 1170231 SUSE bug 1170557 SUSE bug 1171687 SUSE bug 1172462 CVE-2019-10215 CVE-2019-15043 CVE-2020-12245 CVE-2020-13379 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xrdp fixes the following issues: - Security fixes (bsc#1173580, CVE-2020-4044): + Add patches: * xrdp-cve-2020-4044-fix-0.patch * xrdp-cve-2020-4044-fix-1.patch + Rebase SLE patch: * xrdp-fate318398-change-expired-password.patch - Update patch: + xrdp-Allow-sessions-with-32-bpp.patch.patch Important SUSE bug 1173580 CVE-2020-4044 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for tomcat fixes the following issues: - Fixed CVEs: * CVE-2020-13934 (bsc#1174121) * CVE-2020-13935 (bsc#1174117) Important SUSE bug 1174117 SUSE bug 1174121 CVE-2020-13934 CVE-2020-13935 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for mailman fixes the following issues: - CVE-2020-15011: Fixed a possible Arbitrary Content Injection via the private archive login page (bsc#1173369). Important SUSE bug 1173369 CVE-2020-15011 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for samba fixes the following issues: - CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU (bsc#1173160). Moderate SUSE bug 1173160 CVE-2020-10745 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for webkit2gtk3 fixes the following issues: - Update to version 2.28.3 (bsc#1173998): + Enable kinetic scrolling with async scrolling. + Fix web process hangs on large GitHub pages. + Bubblewrap sandbox should not attempt to bind empty paths. + Fix threading issues in the media player. + Fix several crashes and rendering issues. + Security fixes: CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-13753. Important SUSE bug 1173998 CVE-2020-13753 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for grub2 fixes the following issues: - Fix for CVE-2020-10713 (bsc#1168994) - Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812) - Fix for CVE-2020-15706 (bsc#1174463) - Fix for CVE-2020-15707 (bsc#1174570) - Use overflow checking primitives where the arithmetic expression for buffer allocations may include unvalidated data - Use grub_calloc for overflow check and return NULL when it would occur - Use gcc-9 compiler for overflow check builtins - Backport gcc-9 build fixes Important SUSE bug 1168994 SUSE bug 1173812 SUSE bug 1174463 SUSE bug 1174570 CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15706 CVE-2020-15707 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ghostscript fixes the following issues: - fixed CVE-2020-15900 Memory Corruption (SAFER Sandbox Breakout) cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582 (bsc#1174415) Important SUSE bug 1174415 CVE-2020-15900 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.1.0 ESR * Fixed: Various stability, functionality, and security fixes (bsc#1174538) * CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker * CVE-2020-6514: WebRTC data channel leaks internal address to peer * CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy * CVE-2020-15653: Bypassing iframe sandbox when allowing popups * CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture * CVE-2020-15656: Type confusion for special arguments in IonMonkey * CVE-2020-15658: Overriding file type when saving to disk * CVE-2020-15657: DLL hijacking due to incorrect loading path * CVE-2020-15654: Custom cursor can overlay user interface * CVE-2020-15659: Memory safety bugs fixed in Firefox 79 and Firefox ESR 78.1 Moderate SUSE bug 1173948 SUSE bug 1174538 CVE-2020-15652 CVE-2020-15653 CVE-2020-15654 CVE-2020-15655 CVE-2020-15656 CVE-2020-15657 CVE-2020-15658 CVE-2020-15659 CVE-2020-6463 CVE-2020-6514 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628) Important SUSE bug 1174628 CVE-2020-14344 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c where incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bnc#1173567). - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573). - CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770 (bnc#1173514). - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c had a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2019-16746: net/wireless/nl80211.c did not check the length of variable elements in a beacon head, leading to a buffer overflow (bnc#1152107). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265). - CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999). - CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-10768: Indirect branch speculation could have been enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (bnc#1172783). - CVE-2020-10766: Fixed Rogue cross-process SSBD shutdown, where a Linux scheduler logical bug allows an attacker to turn off the SSBD protection. (bnc#1172781). - CVE-2020-10767: Indirect Branch Prediction Barrier was force-disabled when STIBP is unavailable or enhanced IBRS is available. (bnc#1172782). - CVE-2020-13974: drivers/tty/vt/keyboard.c had an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. (bnc#1172775). - CVE-2019-20810: go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel did not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586 (bnc#1172458). The following non-security bugs were fixed: - ACPI: PM: Avoid using power resources if there are none for D0 (bsc#1051510). - ALSA: es1688: Add the missed snd_card_free() (bsc#1051510). - bcache: Fix an error code in bch_dump_read() (git fixes (block drivers)). - block, bfq: add requeue-request hook (bsc#1104967 bsc#1171673). - block, bfq: postpone rq preparation to insert or merge (bsc#1104967 bsc#1171673). - block: remove QUEUE_FLAG_STACKABLE (git fixes (block drivers)). - block: sed-opal: fix sparse warning: convert __be64 data (git fixes (block drivers)). - btrfs: always wait on ordered extents at fsync time (bsc#1171761). - btrfs: clean up the left over logged_list usage (bsc#1171761). - btrfs: do not zero f_bavail if we have available space (bsc#1168081). - btrfs: fix list_add corruption and soft lockups in fsync (bsc#1171761). - btrfs: fix missing data checksums after a ranged fsync (msync) (bsc#1171761). - btrfs: fix missing file extent item for hole after ranged fsync (bsc#1171761). - btrfs: fix missing hole after hole punching and fsync when using NO_HOLES (bsc#1171761). - btrfs: fix missing semaphore unlock in btrfs_sync_file (bsc#1171761). - btrfs: fix rare chances for data loss when doing a fast fsync (bsc#1171761). - btrfs: Remove extra parentheses from condition in copy_items() (bsc#1171761). - btrfs: remove no longer used io_err from btrfs_log_ctx (bsc#1171761). - btrfs: remove no longer used logged range variables when logging extents (bsc#1171761). - btrfs: remove no longer used 'sync' member from transaction handle (bsc#1171761). - btrfs: remove remaing full_sync logic from btrfs_sync_file (bsc#1171761). - btrfs: remove the logged extents infrastructure (bsc#1171761). - btrfs: remove the wait ordered logic in the log_one_extent path (bsc#1171761). - btrfs: volumes: Remove ENOSPC-prone btrfs_can_relocate() (bsc#1171124). - CDC-ACM: heed quirk also in error handling (git-fixes). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1144333). - cifs: handle hostnames that resolve to same ip in failover (bsc#1144333 bsc#1161016). - cifs: set up next DFS target before generic_ip_connect() (bsc#1144333 bsc#1161016). - clk: bcm2835: Fix return type of bcm2835_register_gate (bsc#1051510). - clk: clk-flexgen: fix clock-critical handling (bsc#1051510). - clk: sunxi: Fix incorrect usage of round_down() (bsc#1051510). - compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE (git fixes (block drivers)). - compat_ioctl: block: handle Persistent Reservations (git fixes (block drivers)). - copy_{to,from}_user(): consolidate object size checks (git fixes). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes). - dm btree: increase rebalance threshold in __rebalance2() (git fixes (block drivers)). - dm cache: fix a crash due to incorrect work item cancelling (git fixes (block drivers)). - dm crypt: fix benbi IV constructor crash if used in authenticated mode (git fixes (block drivers)). - dm: fix potential for q->make_request_fn NULL pointer (git fixes (block drivers)). - dm space map common: fix to ensure new block isn't already in use (git fixes (block drivers)). - dm: various cleanups to md->queue initialization code (git fixes). - dm verity fec: fix hash block number in verity_fec_decode (git fixes (block drivers)). - dm verity fec: fix memory leak in verity_fec_dtr (git fixes (block drivers)). - Drivers: hv: Change flag to write log level in panic msg to false (bsc#1170618). - drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static (bsc#1051510). - drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1152472) * context changes - drm: encoder_slave: fix refcouting error for modules (bsc#1114279) - drm/mediatek: Check plane visibility in atomic_update (bsc#1152472) * context changes - drm/qxl: Use correct notify port address when creating cursor ring (bsc#1152472) - drm/radeon: fix double free (bsc#1152472) - drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1152472) - e1000e: Disable TSO for buffer overrun workaround (bsc#1051510). - e1000e: Do not wake up the system via WOL if device wakeup is disabled (bsc#1051510). - EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1114279). - evm: Check also if *tfm is an error pointer in init_desc() (bsc#1051510). - evm: Fix a small race in init_desc() (bsc#1051510). - extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' (bsc#1051510). - gpiolib: Document that GPIO line names are not globally unique (bsc#1051510). - HID: sony: Fix for broken buttons on DS3 USB dongles (bsc#1051510). - ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - iio: buffer: Do not allow buffers without any channels enabled to be activated (bsc#1051510). - iio: pressure: bmp280: Tolerate IRQ before registering (bsc#1051510). - ima: Directly assign the ima_default_policy pointer to ima_rules (bsc#1051510). - ima: Fix ima digest hash table key calculation (bsc#1051510). - include/asm-generic/topology.h: guard cpumask_of_node() macro argument (bsc#1148868). - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - KVM: nVMX: Do not reread VMCS-agnostic state when switching VMCS (bsc#1114279). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1114279). - kvm: x86: Fix L1TF mitigation for shadow MMU (bsc#1171904). - KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated (bsc#1171904). - KVM: x86: only do L1TF workaround on affected processors (bsc#1171904). - libceph: do not omit recovery_deletes in target_copy() (bsc#1173462). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - md: Avoid namespace collision with bitmap API (git fixes (block drivers)). - md: use memalloc scope APIs in mddev_suspend()/mddev_resume() (git fixes (block drivers)). - mmc: fix compilation of user API (bsc#1051510). - netfilter: connlabels: prefer static lock initialiser (git-fixes). - netfilter: ctnetlink: netns exit must wait for callbacks (bsc#1169795). - netfilter: not mark a spinlock as __read_mostly (git-fixes). - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484). - NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid() (bsc#1170592). - NFSv4: Retry CLOSE and DELEGRETURN on NFS4ERR_OLD_STATEID (bsc#1170592). - nvme: check for NVME_CTRL_LIVE in nvme_report_ns_ids() (bcs#1171558 bsc#1159058). - nvme: do not update multipath disk information if the controller is down (bcs#1171558 bsc#1159058). - objtool: Clean instruction state before each function validation (bsc#1169514). - objtool: Ignore empty alternatives (bsc#1169514). - overflow: Fix -Wtype-limits compilation warnings (git fixes). - overflow.h: Add arithmetic shift helper (git fixes). - p54usb: add AirVasT USB stick device-id (bsc#1051510). - PCI: Allow pci_resize_resource() for devices on root bus (bsc#1051510). - PCI: Fix pci_register_host_bridge() device_register() error handling (bsc#1051510). - PCI: Program MPS for RCiEP devices (bsc#1051510). - PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port (bsc#1051510). - perf: Allocate context task_ctx_data for child event (git-fixes). - perf/cgroup: Fix perf cgroup hierarchy support (git-fixes). - perf: Copy parent's address filter offsets on clone (git-fixes). - perf/core: Add sanity check to deal with pinned event failure (git-fixes). - perf/core: Avoid freeing static PMU contexts when PMU is unregistered (git-fixes). - perf/core: Correct event creation with PERF_FORMAT_GROUP (git-fixes). - perf/core: Do not WARN() for impossible ring-buffer sizes (git-fixes). - perf/core: Fix bad use of igrab() (git fixes (dependent patch)). - perf/core: Fix crash when using HW tracing kernel filters (git-fixes). - perf/core: Fix ctx_event_type in ctx_resched() (git-fixes). - perf/core: Fix error handling in perf_event_alloc() (git-fixes). - perf/core: Fix exclusive events' grouping (git-fixes). - perf/core: Fix group scheduling with mixed hw and sw events (git-fixes). - perf/core: Fix impossible ring-buffer sizes warning (git-fixes). - perf/core: Fix locking for children siblings group read (git-fixes). - perf/core: Fix lock inversion between perf,trace,cpuhp (git-fixes (dependent patch for 18736eef1213)). - perf/core: Fix perf_event_read_value() locking (git-fixes). - perf/core: Fix perf_pmu_unregister() locking (git-fixes). - perf/core: Fix __perf_read_group_add() locking (git-fixes (dependent patch)). - perf/core: Fix perf_sample_regs_user() mm check (git-fixes). - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages (git-fixes). - perf/core: Fix race between close() and fork() (git-fixes). - perf/core: Fix the address filtering fix (git-fixes). - perf/core: Fix use-after-free in uprobe_perf_close() (git-fixes). - perf/core: Force USER_DS when recording user stack data (git-fixes). - perf/core: Restore mmap record type correctly (git-fixes). - perf: Fix header.size for namespace events (git-fixes). - perf/ioctl: Add check for the sample_period value (git-fixes). - perf, pt, coresight: Fix address filters for vmas with non-zero offset (git-fixes). - perf: Return proper values for user stack errors (git-fixes). - perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes). - perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity (git-fixes). - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes). - perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) (git-fixes). - perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static (git-fixes). - perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs (git-fixes stable). - perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes). - perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events (git-fixes stable). - perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes). - perf/x86: Fix incorrect PEBS_REGS (git-fixes). - perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts() (git-fixes). - perf/x86/intel: Add proper condition to run sched_task callbacks (git-fixes). - perf/x86/intel/bts: Fix the use of page_private() (git-fixes). - perf/x86/intel: Fix PT PMI handling (git-fixes). - perf/x86/intel: Move branch tracing setup to the Intel-specific source file (git-fixes). - perf/x86/intel/uncore: Add Node ID mask (git-fixes). - perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes). - perf/x86/pt, coresight: Clean up address filter structure (git fixes (dependent patch)). - perf/x86/uncore: Fix event group support (git-fixes). - pid: Improve the comment about waiting in zap_pid_ns_processes (git fixes)). - pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' (bsc#1051510). - pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' (bsc#1051510). - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs (bsc#1051510). - pnp: Use list_for_each_entry() instead of open coding (git fixes). - powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729). - powerpc/64s: Save FSCR to init_task.thread.fscr after feature init (bsc#1065729). - powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030). - power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select (bsc#1051510). - power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' (bsc#1051510). - power: supply: smb347-charger: IRQSTAT_D is volatile (bsc#1051510). - raid5: remove gfp flags from scribble_alloc() (git fixes (block drivers)). - resolve KABI warning for perf-pt-coresight (git-fixes). - Revert 'bcache: ignore pending signals when creating gc and allocator thread' (git fixes (block drivers)). - Revert 'dm crypt: use WQ_HIGHPRI for the IO and crypt workqueues' (git fixes (block drivers)). - Revert 'tools lib traceevent: Remove unneeded qsort and uses memmove' - rpm/kernel-docs.spec.in: Require python-packaging for build. - s390/bpf: Maintain 8-byte stack alignment (bsc#1169194). - s390: fix syscall_get_error for compat processes (git-fixes). - s390/qdio: consistently restore the IRQ handler (git-fixes). - s390/qdio: lock device while installing IRQ handler (git-fixes). - s390/qdio: put thinint indicator after early error (git-fixes). - s390/qdio: tear down thinint indicator after early error (git-fixes). - s390/qeth: fix error handling for isolation mode cmds (git-fixes). - scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM (bsc#1172759 ltc#184814). - scsi: qedf: Add port_id getter (bsc#1150660). - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983). - spi: dw: use 'smp_mb()' to avoid sending spi data error (bsc#1051510). - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (bsc#1051510). - staging: sm750fb: add missing case while setting FB_VISUAL (bsc#1051510). - SUNRPC: The TCP back channel mustn't disappear while requests are outstanding (bsc#1152624). - tracing: Fix event trigger to accept redundant spaces (git-fixes). - tty: n_gsm: Fix bogus i++ in gsm_data_kick (bsc#1051510). - tty: n_gsm: Fix SOF skipping (bsc#1051510). - tty: n_gsm: Fix waking up upper tty layer when room available (bsc#1051510). - usb: dwc2: gadget: move gadget resume after the core is in L0 state (bsc#1051510). - usb: gadget: lpc32xx_udc: do not dereference ep pointer before null check (bsc#1051510). - usb: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke (bsc#1051510). - usb: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() (bsc#1051510). - usb: musb: Fix runtime PM imbalance on error (bsc#1051510). - usb: musb: start session in resume for host port (bsc#1051510). - usb: serial: option: add Telit LE910C1-EUX compositions (bsc#1051510). - usb: serial: qcserial: add DW5816e QDL support (bsc#1051510). - usb: serial: usb_wwan: do not resubmit rx urb on fatal errors (bsc#1051510). - usb: serial: usb_wwan: do not resubmit rx urb on fatal errors (git-fixes). - virtio-blk: handle block_device_operations callbacks after hot unplug (git fixes (block drivers)). - vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484). - vmxnet3: add support to get/set rx flow hash (bsc#1172484). - vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484). - vmxnet3: avoid format strint overflow warning (bsc#1172484). - vmxnet3: prepare for version 4 changes (bsc#1172484). - vmxnet3: Remove always false conditional statement (bsc#1172484). - vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1172484). - vmxnet3: remove unused flag 'rxcsum' from struct vmxnet3_adapter (bsc#1172484). - vmxnet3: Replace msleep(1) with usleep_range() (bsc#1172484). - vmxnet3: update to version 4 (bsc#1172484). - vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484). - w1: omap-hdq: cleanup to add missing newline for some dev_dbg (bsc#1051510). - work around mvfs bug (bsc#1162063). - x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1114279). - x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS (git-fixes). - x86: Fix early boot crash on gcc-10, third try (bsc#1114279). - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257). - x86/reboot/quirks: Add MacBook6,1 reboot quirk (bsc#1114279). - xfrm: fix error in comment (git fixes). Important SUSE bug 1051510 SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1085030 SUSE bug 1104967 SUSE bug 1114279 SUSE bug 1144333 SUSE bug 1148868 SUSE bug 1150660 SUSE bug 1152107 SUSE bug 1152472 SUSE bug 1152624 SUSE bug 1158983 SUSE bug 1159058 SUSE bug 1161016 SUSE bug 1162002 SUSE bug 1162063 SUSE bug 1168081 SUSE bug 1169194 SUSE bug 1169514 SUSE bug 1169795 SUSE bug 1170011 SUSE bug 1170592 SUSE bug 1170618 SUSE bug 1171124 SUSE bug 1171424 SUSE bug 1171558 SUSE bug 1171673 SUSE bug 1171732 SUSE bug 1171761 SUSE bug 1171868 SUSE bug 1171904 SUSE bug 1172257 SUSE bug 1172344 SUSE bug 1172458 SUSE bug 1172484 SUSE bug 1172759 SUSE bug 1172775 SUSE bug 1172781 SUSE bug 1172782 SUSE bug 1172783 SUSE bug 1172999 SUSE bug 1173265 SUSE bug 1173280 SUSE bug 1173428 SUSE bug 1173462 SUSE bug 1173514 SUSE bug 1173567 SUSE bug 1173573 SUSE bug 1174115 SUSE bug 1174462 SUSE bug 1174543 CVE-2019-16746 CVE-2019-20810 CVE-2019-20908 CVE-2020-0305 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10769 CVE-2020-10773 CVE-2020-12771 CVE-2020-12888 CVE-2020-13974 CVE-2020-14416 CVE-2020-15393 CVE-2020-15780 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xen fixes the following issues: - bsc#1174543 - secure boot related fixes - bsc#1163019 - CVE-2020-8608: Potential OOB access due to unsafe snprintf() usages Important SUSE bug 1163019 SUSE bug 1174543 CVE-2020-8608 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python-ipaddress fixes the following issues: - Add CVE-2020-14422-ipaddress-hash-collision.patch fixing CVE-2020-14422 (bsc#1173274, bpo#41004), where hash collisions in IPv4Interface and IPv6Interface could lead to DOS. Important SUSE bug 1173274 CVE-2020-14422 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for LibVNCServer fixes the following issues: - security update fix CVE-2018-21247 [bsc#1173874], uninitialized memory contents are vulnerable to Information leak fix CVE-2019-20839 [bsc#1173875], buffer overflow in ConnectClientToUnixSock() fix CVE-2019-20840 [bsc#1173876], unaligned accesses in hybiReadAndDecode can lead to denial of service fix CVE-2020-14398 [bsc#1173880], improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c fix CVE-2020-14397 [bsc#1173700], NULL pointer dereference in libvncserver/rfbregion.c fix CVE-2020-14399 [bsc#1173743], Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. fix CVE-2020-14400 [bsc#1173691], Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. fix CVE-2020-14401 [bsc#1173694], potential integer overflows in libvncserver/scale.c fix CVE-2020-14402 [bsc#1173701], out-of-bounds access via encodings. fix CVE-2020-14403 [bsc#1173701], out-of-bounds access via encodings. fix CVE-2020-14404 [bsc#1173701], out-of-bounds access via encodings. fix CVE-2017-18922 [bsc#1173477], preauth buffer overwrite Important SUSE bug 1173477 SUSE bug 1173691 SUSE bug 1173694 SUSE bug 1173700 SUSE bug 1173701 SUSE bug 1173743 SUSE bug 1173874 SUSE bug 1173875 SUSE bug 1173876 SUSE bug 1173880 CVE-2017-18922 CVE-2018-21247 CVE-2019-20839 CVE-2019-20840 CVE-2020-14397 CVE-2020-14398 CVE-2020-14399 CVE-2020-14400 CVE-2020-14401 CVE-2020-14402 CVE-2020-14403 CVE-2020-14404 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628). Important SUSE bug 1174628 CVE-2020-14344 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xerces-c fixes the following issues: - CVE-2017-12627: Processing of external DTD paths could have resulted in a null pointer dereference under certain conditions (bsc#1083630) Moderate SUSE bug 1083630 CVE-2017-12627 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for webkit2gtk3 fixes the following issues: - Update to version 2.28.4 (bsc#1174662): + Fix several crashes and rendering issues. + Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925. Important SUSE bug 1174662 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for dovecot22 fixes the following issues: - CVE-2020-12673: improper implementation of NTLM does not check message buffer size (bsc#1174922). - CVE-2020-12674: improper implementation of RPA mechanism (bsc#1174923). Important SUSE bug 1174922 SUSE bug 1174923 CVE-2020-12673 CVE-2020-12674 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for grub2 fixes the following issues: - CVE-2020-15705: Fail kernel validation without shim protocol (bsc#1174421). - Add fibre channel device's ofpath support to grub-ofpathname and search hint to speed up root device discovery (bsc#1172745). Important SUSE bug 1172745 SUSE bug 1174421 CVE-2020-15705 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xorg-x11-server fixes the following issues: - CVE-2020-14347: Leak of uninitialized heap memory from the X server to clients on pixmap allocation (bsc#1174633, ZDI-CAN-11426). - CVE-2020-14346: XIChangeHierarchy Integer Underflow Privilege Escalation Vulnerability (bsc#1174638, ZDI-CAN-11429). - CVE-2020-14345: XKB out-of-bounds access privilege escalation vulnerability (bsc#1174635, ZDI-CAN-11428). Important SUSE bug 1174633 SUSE bug 1174635 SUSE bug 1174638 CVE-2020-14345 CVE-2020-14346 CVE-2020-14347 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xorg-x11-server fixes the following issues: - CVE-2020-14361: Fix XkbSelectEvents() integer underflow (bsc#1174910 ZDI-CAN-11573). - CVE-2020-14362: Fix XRecordRegisterClients() Integer underflow (bsc#1174913 ZDI-CAN-11574). Important SUSE bug 1174910 SUSE bug 1174913 CVE-2020-14361 CVE-2020-14362 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for apache2 fixes the following issues: - CVE-2020-9490: Fixed a crash caused by a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request (bsc#1175071). - CVE-2020-11985: IP address spoofing when proxying using mod_remoteip and mod_rewrite (bsc#1175072). - CVE-2020-11993: When trace/debug was enabled for the HTTP/2 module logging statements were made on the wrong connection (bsc#1175070). Moderate SUSE bug 1175070 SUSE bug 1175071 SUSE bug 1175072 CVE-2020-11985 CVE-2020-11993 CVE-2020-9490 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 15 [bsc#1175259, bsc#1174157] CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14556 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583 CVE-2019-17639 * Class Libraries: - JAVA.UTIL.ZIP.DEFLATER OPERATIONS THROW JAVA.LANG.INTERNALERROR - JAVA 8 DECODER OBJECTS CONSUME A LARGE AMOUNT OF JAVA HEAP - TRANSLATION MESSAGES UPDATE FOR JCL - UPDATE TIMEZONE INFORMATION TO TZDATA2020A * Java Virtual Machine: - IBM JAVA REGISTERS A HANDLER BY DEFAULT FOR SIGABRT - LARGE MEMORY FOOTPRINT HELD BY TRACECONTEXT OBJECT * JIT Compiler: - CRASH IN THE INTERPRETER AFTER OSR FROM INLINED SYNCHRONIZED METHOD IN DEBUGGING MODE - INTERMITTENT ASSERTION FAILURE REPORTED - CRASH IN RESOLVECLASSREF() DURING AOT LOAD - JIT CRASH DURING CLASS UNLOADING IN J9METHOD_HT::ONCLASSUNLOADING() - SEGMENTATION FAULT WHILE COMPILING A METHOD - UNEXPECTED CLASSCASTEXCEPTION THROWN IN HIGH LEVEL PARALLEL APPLICATION ON IBM Z PLATFORM * Security: - CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO NON DEFAULT VALUE - CHANGES TO IBMJCE AND IBMJCEPLUS PROVIDERS - IBMJCEPLUS FAILS, WHEN THE SECURITY MANAGER IS ENABLED, WITH DEFAULT PERMISSIONS, SPECIFIED IN JAVA.POLICY FILE - IN CERTAIN INSTANCES, IBMJCEPLUS PROVIDER THROWS EXCEPTION FROM KEYFACTORY CLASS Moderate SUSE bug 1174157 SUSE bug 1175259 CVE-2019-17639 CVE-2020-14556 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for squid fixes the following issues: - CVE-2020-24606: Fix livelocking in peerDigestHandleReply (bsc#1175671). - CVE-2020-15811: Improve Transfer-Encoding handling (bsc#1175665). - CVE-2020-15810: Enforce token characters for field-name (bsc#1175664). Critical SUSE bug 1175664 SUSE bug 1175665 SUSE bug 1175671 CVE-2020-15810 CVE-2020-15811 CVE-2020-24606 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libX11 fixes the following issues: - CVE-2020-14363: Fix an integer overflow in init_om() (bsc#1175239). Moderate SUSE bug 1175239 CVE-2020-14363 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 4 Fix Pack 70 [bsc#1175259, bsc#1174157] CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583 CVE-2019-17639 * Class Libraries: - UPDATE TIMEZONE INFORMATION TO TZDATA2020A * Security: - CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO NON DEFAULT VALUE Moderate SUSE bug 1174157 SUSE bug 1175259 CVE-2019-17639 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.2.0 ESR * Fixed: Various stability, functionality, and security fixes - Mozilla Firefox ESR 78.2 MFSA 2020-38 (bsc#1175686) * CVE-2020-15663 (bmo#1643199) Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege * CVE-2020-15664 (bmo#1658214) Attacker-induced prompt for extension installation * CVE-2020-15670 (bmo#1651001, bmo#1651449, bmo#1653626, bmo#1656957) Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2 - Fixed Firefox tab crash in FIPS mode (bsc#1174284). - Fix broken translation-loading. (bsc#1173991) * allow addon sideloading * mark signatures for langpacks non-mandatory * do not autodisable user profile scopes - Google API key is not usable for geolocation service any more Moderate SUSE bug 1173991 SUSE bug 1174284 SUSE bug 1175686 CVE-2020-15663 CVE-2020-15664 CVE-2020-15670 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165629). - CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798). - CVE-2020-14356: Fixed a null pointer dereference in cgroupv2 subsystem which could have led to privilege escalation (bsc#1175213). - CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205). - CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757). - CVE-2020-24394: Fixed an issue which could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support (bsc#1175518). - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication Bluetooth might have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access (bsc#1171988). - CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069). The following non-security bugs were fixed: - btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1174784). - cifs: document and cleanup dfs mount (bsc#1144333 bsc#1172428). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1144333 bsc#1172428). - cifs: fix double free error on share and prefix (bsc#1144333 bsc#1172428). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1144333 bsc#1172428). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1144333 bsc#1172428). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: reduce number of referral requests in DFS link lookups (bsc#1144333 bsc#1172428). - cifs: rename reconn_inval_dfs_target() (bsc#1144333 bsc#1172428). - Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175127). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL (bsc#1175515). - ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL (bsc#1175515). - ipvs: fix the connection sync failed in some cases (bsc#1174699). - kabi: hide new parameter of ip6_dst_lookup_flow() (bsc#1165629). - kabi: mask changes to struct ipv6_stub (bsc#1165629). - mm: Avoid calling build_all_zonelists_init under hotplug context (bsc#1154366). - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). - ocfs2: add trimfs dlm lock resource (bsc#1175228). - ocfs2: add trimfs lock to avoid duplicated trims in cluster (bsc#1175228). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix remounting needed after setfacl command (bsc#1173954). - ocfs2: fix the application IO timeout when fstrim is running (bsc#1175228). - ocfs2: load global_inode_alloc (bsc#1172963). - ocfs2: load global_inode_alloc (bsc#1172963). - powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689). - powerpc/pseries: PCIE PHB reset (bsc#1174689). - Revert 'ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963).' This reverts commit 2638f62c6bc33d4c10ce0dddbf240aa80d366d7b. - Revert 'ocfs2: load global_inode_alloc (bsc#1172963).' This reverts commit f04f670651f505cb354f26601ec5f5e4428f2f47. - scsi: scsi_dh_alua: skip RTPG for devices only supporting active/optimized (bsc#1174978). - selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995). - Update patch reference for a tipc fix patch (bsc#1175515) - x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115). - xen: do not reschedule in preemption off sections (bsc#1175749). Important SUSE bug 1058115 SUSE bug 1071995 SUSE bug 1144333 SUSE bug 1154366 SUSE bug 1165629 SUSE bug 1171988 SUSE bug 1172428 SUSE bug 1172963 SUSE bug 1173798 SUSE bug 1173954 SUSE bug 1174205 SUSE bug 1174689 SUSE bug 1174699 SUSE bug 1174757 SUSE bug 1174784 SUSE bug 1174978 SUSE bug 1175112 SUSE bug 1175127 SUSE bug 1175213 SUSE bug 1175228 SUSE bug 1175515 SUSE bug 1175518 SUSE bug 1175691 SUSE bug 1175749 SUSE bug 1176069 CVE-2020-10135 CVE-2020-14314 CVE-2020-14331 CVE-2020-14356 CVE-2020-14386 CVE-2020-16166 CVE-2020-1749 CVE-2020-24394 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for shim fixes the following issues: - Update to the unified shim binary from SUSE Linux Enterprise 15-SP1 (bsc#1168994) This update addresses the 'BootHole' security issue (master CVE CVE-2020-10713), by disallowing binaries signed by the previous SUSE UEFI signing key from booting. This update should only be installed after updates of grub2, the Linux kernel and (if used) Xen from July / August 2020 are applied. Additional fixes: + shim-install: install MokManager to \EFI\boot to process the pending MOK request (bsc#1175626, bsc#1175656) Moderate SUSE bug 1168994 SUSE bug 1175626 SUSE bug 1175656 CVE-2020-10713 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for compat-openssl098 fixes the following issues: - CVE-2020-1968: Introduced hardening against the Raccoon attack by always generating fresh DH keys and never reuse them across multiple TLS connections (bsc#1176331). Important SUSE bug 1153785 SUSE bug 1176331 CVE-2019-1563 CVE-2020-1968 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libsolv fixes the following issues: This is a reissue of an existing libsolv update that also included libsolv-devel for LTSS products. libsolv was updated to version 0.6.36 fixes the following issues: Security issues fixed: - CVE-2018-20532: Fixed a NULL pointer dereference in testcase_read() (bsc#1120629). - CVE-2018-20533: Fixed a NULL pointer dereference in testcase_str2dep_complex() (bsc#1120630). - CVE-2018-20534: Fixed a NULL pointer dereference in pool_whatprovides() (bsc#1120631). Non-security issues fixed: - Made cleandeps jobs on patterns work (bsc#1137977). - Fixed an issue multiversion packages that obsolete their own name (bsc#1127155). - Keep consistent package name if there are multiple alternatives (bsc#1131823). Moderate SUSE bug 1120629 SUSE bug 1120630 SUSE bug 1120631 SUSE bug 1127155 SUSE bug 1131823 SUSE bug 1137977 CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for perl-DBI fixes the following issues: Security issues fixed: - CVE-2020-14392: Memory corruption in XS functions when Perl stack is reallocated (bsc#1176412). - CVE-2020-14393: Fixed a buffer overflow on an overlong DBD class name (bsc#1176409). Important SUSE bug 1176409 SUSE bug 1176412 CVE-2020-14392 CVE-2020-14393 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python3 fixes the following issues: - CVE-2019-20907: Fixed denial of service by avoiding possible infinite loop in specifically crafted tarball (bsc#1174091). - CVE-2020-14422: Fixed an improper computation of hash values in the IPv4Interface and IPv6Interface could have led to denial of service (bsc#1173274). - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238). - CVE-2019-9947: Fixed an issue in urllib2 which allowed CRLF injection if the attacker controls a url parameter (bsc#1130840). - If the locale is 'C', coerce it to C.UTF-8 (bsc#1162423). Important SUSE bug 1088004 SUSE bug 1088009 SUSE bug 1130840 SUSE bug 1141853 SUSE bug 1149955 SUSE bug 1153238 SUSE bug 1162423 SUSE bug 1173274 SUSE bug 1174091 SUSE bug 1174701 CVE-2018-14647 CVE-2018-20852 CVE-2019-16056 CVE-2019-16935 CVE-2019-20907 CVE-2019-9947 CVE-2020-14422 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ovmf fixes the following issues: - CVE-2019-14562: Fixed an overflow in DxeImageVerificationHandler (bsc#1175476). - Use openSUSE CA for the opensuse flavor (bsc#1175674) Moderate SUSE bug 1175476 SUSE bug 1175674 CVE-2019-14562 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for samba fixes the following issues: - ZeroLogon: An elevation of privilege was possible with some configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579). - Fixed an issue where multiple home folders were created(bsc#1174316, bso#13369). - Fixed an issue where the net command was unable to negotiate SMB2 (bsc#1174120); Important SUSE bug 1174120 SUSE bug 1174316 SUSE bug 1176579 CVE-2020-1472 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libqt5-qtbase fixes the following issues: - CVE-2020-17507: Fixed a buffer overflow in XBM parser (bsc#1176315) - Made handling of XDG_RUNTIME_DIR more secure (bsc#1172515) Important SUSE bug 1172515 SUSE bug 1176315 CVE-2020-17507 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: -Firefox was updated to 78.3.0 ESR (bsc#1176756, MFSA 2020-43) - CVE-2020-15677: Download origin spoofing via redirect - CVE-2020-15676: Fixed an XSS when pasting attacker-controlled data into a contenteditable element - CVE-2020-15678: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario - CVE-2020-15673: Fixed memory safety bugs - Enhance fix for wayland-detection (bsc#1174420) - Attempt to fix langpack-parallelization by introducing separate obj-dirs for each lang (bsc#1173986, bsc#1167976) Important SUSE bug 1167976 SUSE bug 1173986 SUSE bug 1174420 SUSE bug 1176756 CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xen fixes the following issues: - CVE-2020-25602: Fixed an issue where there was a crash when handling guest access to MSR_MISC_ENABLE was thrown (bsc#1176339,XSA-333) - CVE-2020-25598: Added a missing unlock in XENMEM_acquire_resource error path (bsc#1176341,XSA-334) - CVE-2020-25604: Fixed a race condition when migrating timers between x86 HVM vCPU-s (bsc#1176343,XSA-336) - CVE-2020-25595: Fixed an issue where PCI passthrough code was reading back hardware registers (bsc#1176344,XSA-337) - CVE-2020-25597: Fixed an issue where a valid event channels may not turn invalid (bsc#1176346,XSA-338) - CVE-2020-25596: Fixed a potential denial of service in x86 pv guest kernel via SYSENTER (bsc#1176345,XSA-339) - CVE-2020-25603: Fixed an issue due to missing barriers when accessing/allocating an event channel (bsc#1176347,XSA-340) - CVE-2020-25600: Fixed out of bounds event channels available to 32-bit x86 domains (bsc#1176348,XSA-342) - CVE-2020-25599: Fixed race conditions with evtchn_reset() (bsc#1176349,XSA-343) - CVE-2020-25601: Fixed an issue due to lack of preemption in evtchn_reset() / evtchn_destroy() (bsc#1176350,XSA-344) - CVE-2020-14364: Fixed an out-of-bounds read/write access while processing usb packets (bsc#1175534). - Various bug fixes (bsc#1027519) Important SUSE bug 1027519 SUSE bug 1175534 SUSE bug 1176339 SUSE bug 1176343 SUSE bug 1176344 SUSE bug 1176345 SUSE bug 1176346 SUSE bug 1176347 SUSE bug 1176348 SUSE bug 1176349 SUSE bug 1176350 CVE-2020-14364 CVE-2020-25595 CVE-2020-25596 CVE-2020-25597 CVE-2020-25599 CVE-2020-25600 CVE-2020-25601 CVE-2020-25602 CVE-2020-25603 CVE-2020-25604 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for perl-DBI fixes the following issues: - CVE-2019-20919: Fixed a NULL profile dereference in dbi_profile (bsc#1176764). - CVE-2013-7490: Fixed memory corruption when using many arguments to methods for CallbacksUsing (bsc#1176496). Important SUSE bug 1176496 SUSE bug 1176764 CVE-2013-7490 CVE-2019-20919 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_7_0-openjdk fixes the following issues: - java-1_7_0-openjdk was updated to 2.6.23 (July 2020 CPU, bsc#1174157) - JDK-8028431, CVE-2020-14579: NullPointerException in - DerValue.equals(DerValue) - JDK-8028591, CVE-2020-14578: NegativeArraySizeException in - sun.security.util.DerInputStream.getUnalignedBitString() - JDK-8230613: Better ASCII conversions - JDK-8231800: Better listing of arrays - JDK-8232014: Expand DTD support - JDK-8233255: Better Swing Buttons - JDK-8234032: Improve basic calendar services - JDK-8234042: Better factory production of certificates - JDK-8234418: Better parsing with CertificateFactory - JDK-8234836: Improve serialization handling - JDK-8236191: Enhance OID processing - JDK-8237592, CVE-2020-14577: Enhance certificate verification - JDK-8238002, CVE-2020-14581: Better matrix operations - JDK-8238804: Enhance key handling process - JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable - JDK-8238843: Enhanced font handing - JDK-8238920, CVE-2020-14583: Better Buffer support - JDK-8238925: Enhance WAV file playback - JDK-8240119, CVE-2020-14593: Less Affine Transformations - JDK-8240482: Improved WAV file playback - JDK-8241379: Update JCEKS support - JDK-8241522: Manifest improved jar headers redux - JDK-8242136, CVE-2020-14621: Better XML namespace handling - JDK-8040113: File not initialized in src/share/native/sun/awt/giflib/dgif_lib.c - JDK-8054446: Repeated offer and remove on ConcurrentLinkedQueue lead to an OutOfMemoryError - JDK-8077982: GIFLIB upgrade - JDK-8081315: 8077982 giflib upgrade breaks system giflib builds with earlier versions - JDK-8147087: Race when reusing PerRegionTable bitmaps may result in dropped remembered set entries - JDK-8151582: (ch) test java/nio/channels/AsyncCloseAndInterrupt.java failing due to 'Connection succeeded' - JDK-8155691: Update GIFlib library to the latest up-to-date - JDK-8181841: A TSA server returns timestamp with precision higher than milliseconds - JDK-8203190: SessionId.hashCode generates too many collisions - JDK-8217676: Upgrade libpng to 1.6.37 - JDK-8220495: Update GIFlib library to the 5.1.8 - JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys - JDK-8229899: Make java.io.File.isInvalid() less racy - JDK-8230597: Update GIFlib library to the 5.2.1 - JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return - JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a - JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result Important SUSE bug 1174157 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for tigervnc fixes the following issues: - CVE-2020-26117: Server certificates were stored as certiticate authorities, allowing malicious owners of these certificates to impersonate any server after a client had added an exception (bsc#1176733) Critical SUSE bug 1176733 CVE-2020-26117 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). Important SUSE bug 1176410 SUSE bug 1177143 CVE-2020-25219 CVE-2020-26154 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for freetype2 fixes the following issues: - CVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps (bsc#1177914). Important SUSE bug 1177914 CVE-2020-15999 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libvirt fixes the following issues: - CVE-2020-15708: Added a note to libvirtd.conf about polkit auth in SUSE distros (bsc#1174955). - CVE-2020-25637: Fixed a double free in qemuAgentGetInterfaces() (bsc#1177155). - libxl: Fixed lock manager lock ordering (bsc#1171701). Important SUSE bug 1171701 SUSE bug 1174955 SUSE bug 1177155 CVE-2020-15708 CVE-2020-25637 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.4.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2020-46 (bsc#1177872, bsc#1176756) * CVE-2020-15969 Use-after-free in usersctp * CVE-2020-15683 Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 * Fixed: Fixed legacy preferences not being properly applied when set via GPO Important SUSE bug 1176756 SUSE bug 1177872 CVE-2020-15683 CVE-2020-15969 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for spice fixes the following issues: - CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC image decoding (bsc#1177158). Moderate SUSE bug 1177158 CVE-2020-14355 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for spice-gtk fixes the following issues: - CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC image decoding (bsc#1177158). Moderate SUSE bug 1177158 CVE-2020-14355 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xen fixes the following issues: - bsc#1177409 - VUL-0: CVE-2020-27673: xen: x86 PV guest INVLPG-like flushes may leave stale TLB entries (XSA-286) - bsc#1177412 - VUL-0: CVE-2020-27672: xen: Race condition in Xen mapping code (XSA-345) - bsc#1177413 - VUL-0: CVE-2020-27671: xen: undue deferral of IOMMU TLB flushes (XSA-346) - bsc#1177414 - VUL-0: CVE-2020-27670: xen: unsafe AMD IOMMU page table updates (XSA-347) Important SUSE bug 1177409 SUSE bug 1177412 SUSE bug 1177413 SUSE bug 1177414 CVE-2020-27670 CVE-2020-27671 CVE-2020-27672 CVE-2020-27673 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for samba fixes the following issues: - CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records (bsc#1177613). - CVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994). - CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify (bsc#1173902). Important SUSE bug 1173902 SUSE bug 1173994 SUSE bug 1177613 CVE-2020-14318 CVE-2020-14323 CVE-2020-14383 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for sane-backends fixes the following issues: - sane-backends version upgrade to 1.0.31: * sane-backends version upgrade to 1.0.30 fixes memory corruption bugs CVE-2020-12861, CVE-2020-12862, CVE-2020-12863, CVE-2020-12864, CVE-2020-12865, CVE-2020-12866, CVE-2020-12867 (bsc#1172524) * sane-backends version upgrade to 1.0.31 to further improve hardware enablement for scanner devices (jsc#SLE-15561 and jsc#SLE-15560 with jsc#ECO-2418) * The new escl backend cannot be provided for SLE12 because it requires more additional software (avahi-client, libcurl, and libpoppler-glib-devel) where in particular for libcurl the one that is in SLE12 (via libcurl-devel-7.37.0) is likely too old because with that building the escl backend fails with 'escl/escl.c:1267:34: error: 'CURLOPT_UNIX_SOCKET_PATH' undeclared curl_easy_setopt(handle, CURLOPT_UNIX_SOCKET_PATH' Important SUSE bug 1172524 CVE-2017-6318 CVE-2020-12861 CVE-2020-12862 CVE-2020-12863 CVE-2020-12864 CVE-2020-12865 CVE-2020-12866 CVE-2020-12867 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for apache-commons-httpclient fixes the following issues: - http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. [bsc#945190, CVE-2015-5262] - org.apache.http.conn.ssl.AbstractVerifier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows MITM attackers to spoof SSL servers via a 'CN=' string in a field in the distinguished name (DN) of a certificate. [bsc#1178171, CVE-2014-3577] Important SUSE bug 1178171 SUSE bug 945190 CVE-2014-3577 CVE-2015-5262 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_8_0-openjdk fixes the following issues: - Fix regression '8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)', introduced in October 2020 CPU. - Update to version jdk8u272 (icedtea 3.17.0) (July 2020 CPU, bsc#1174157, and October 2020 CPU, bsc#1177943) * New features + JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7 + PR3796: Allow the number of curves supported to be specified * Security fixes + JDK-8028431, CVE-2020-14579: NullPointerException in DerValue.equals(DerValue) + JDK-8028591, CVE-2020-14578: NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString() + JDK-8230613: Better ASCII conversions + JDK-8231800: Better listing of arrays + JDK-8232014: Expand DTD support + JDK-8233255: Better Swing Buttons + JDK-8233624: Enhance JNI linkage + JDK-8234032: Improve basic calendar services + JDK-8234042: Better factory production of certificates + JDK-8234418: Better parsing with CertificateFactory + JDK-8234836: Improve serialization handling + JDK-8236191: Enhance OID processing + JDK-8236196: Improve string pooling + JDK-8236862, CVE-2020-14779: Enhance support of Proxy class + JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior + JDK-8237592, CVE-2020-14577: Enhance certificate verification + JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts + JDK-8237995, CVE-2020-14782: Enhance certificate processing + JDK-8238002, CVE-2020-14581: Better matrix operations + JDK-8238804: Enhance key handling process + JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable + JDK-8238843: Enhanced font handing + JDK-8238920, CVE-2020-14583: Better Buffer support + JDK-8238925: Enhance WAV file playback + JDK-8240119, CVE-2020-14593: Less Affine Transformations + JDK-8240124: Better VM Interning + JDK-8240482: Improved WAV file playback + JDK-8241114, CVE-2020-14792: Better range handling + JDK-8241379: Update JCEKS support + JDK-8241522: Manifest improved jar headers redux + JDK-8242136, CVE-2020-14621: Better XML namespace handling + JDK-8242680, CVE-2020-14796: Improved URI Support + JDK-8242685, CVE-2020-14797: Better Path Validation + JDK-8242695, CVE-2020-14798: Enhanced buffer support + JDK-8243302: Advanced class supports + JDK-8244136, CVE-2020-14803: Improved Buffer supports + JDK-8244479: Further constrain certificates + JDK-8244955: Additional Fix for JDK-8240124 + JDK-8245407: Enhance zoning of times + JDK-8245412: Better class definitions + JDK-8245417: Improve certificate chain handling + JDK-8248574: Improve jpeg processing + JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit + JDK-8253019: Enhanced JPEG decoding * Import of OpenJDK 8 u262 build 01 + JDK-4949105: Access Bridge lacks html tags parsing + JDK-8003209: JFR events for network utilization + JDK-8030680: 292 cleanup from default method code assessment + JDK-8035633: TEST_BUG: java/net/NetworkInterface/Equals.java and some tests failed on windows intermittently + JDK-8041626: Shutdown tracing event + JDK-8141056: Erroneous assignment in HeapRegionSet.cpp + JDK-8149338: JVM Crash caused by Marlin renderer not handling NaN coordinates + JDK-8151582: (ch) test java/nio/channels/ /AsyncCloseAndInterrupt.java failing due to 'Connection succeeded' + JDK-8165675: Trace event for thread park has incorrect unit for timeout + JDK-8176182: 4 security tests are not run + JDK-8178910: Problemlist sample tests + JDK-8183925: Decouple crash protection from watcher thread + JDK-8191393: Random crashes during cfree+0x1c + JDK-8195817: JFR.stop should require name of recording + JDK-8195818: JFR.start should increase autogenerated name by one + JDK-8195819: Remove recording=x from jcmd JFR.check output + JDK-8199712: Flight Recorder + JDK-8202578: Revisit location for class unload events + JDK-8202835: jfr/event/os/TestSystemProcess.java fails on missing events + JDK-8203287: Zero fails to build after JDK-8199712 (Flight Recorder) + JDK-8203346: JFR: Inconsistent signature of jfr_add_string_constant + JDK-8203664: JFR start failure after AppCDS archive created with JFR StartFlightRecording + JDK-8203921: JFR thread sampling is missing fixes from JDK-8194552 + JDK-8203929: Limit amount of data for JFR.dump + JDK-8205516: JFR tool + JDK-8207392: [PPC64] Implement JFR profiling + JDK-8207829: FlightRecorderMXBeanImpl is leaking the first classloader which calls it + JDK-8209960: -Xlog:jfr* doesn't work with the JFR + JDK-8210024: JFR calls virtual is_Java_thread from ~Thread() + JDK-8210776: Upgrade X Window System 6.8.2 to the latest XWD 1.0.7 + JDK-8211239: Build fails without JFR: empty JFR events signatures mismatch + JDK-8212232: Wrong metadata for the configuration of the cutoff for old object sample events + JDK-8213015: Inconsistent settings between JFR.configure and -XX:FlightRecorderOptions + JDK-8213421: Line number information for execution samples always 0 + JDK-8213617: JFR should record the PID of the recorded process + JDK-8213734: SAXParser.parse(File, ..) does not close resources when Exception occurs. + JDK-8213914: [TESTBUG] Several JFR VM events are not covered by tests + JDK-8213917: [TESTBUG] Shutdown JFR event is not covered by test + JDK-8213966: The ZGC JFR events should be marked as experimental + JDK-8214542: JFR: Old Object Sample event slow on a deep heap in debug builds + JDK-8214750: Unnecessary <p> tags in jfr classes + JDK-8214896: JFR Tool left files behind + JDK-8214906: [TESTBUG] jfr/event/sampling/TestNative.java fails with UnsatisfiedLinkError + JDK-8214925: JFR tool fails to execute + JDK-8215175: Inconsistencies in JFR event metadata + JDK-8215237: jdk.jfr.Recording javadoc does not compile + JDK-8215284: Reduce noise induced by periodic task getFileSize() + JDK-8215355: Object monitor deadlock with no threads holding the monitor (using jemalloc 5.1) + JDK-8215362: JFR GTest JfrTestNetworkUtilization fails + JDK-8215771: The jfr tool should pretty print reference chains + JDK-8216064: -XX:StartFlightRecording:settings= doesn't work properly + JDK-8216486: Possibility of integer overflow in JfrThreadSampler::run() + JDK-8216528: test/jdk/java/rmi/transport/ /runtimeThreadInheritanceLeak/ /RuntimeThreadInheritanceLeak.java failing with Xcomp + JDK-8216559: [JFR] Native libraries not correctly parsed from /proc/self/maps + JDK-8216578: Remove unused/obsolete method in JFR code + JDK-8216995: Clean up JFR command line processing + JDK-8217744: [TESTBUG] JFR TestShutdownEvent fails on some systems due to process surviving SIGINT + JDK-8217748: [TESTBUG] Exclude TestSig test case from JFR TestShutdownEvent + JDK-8218935: Make jfr strncpy uses GCC 8.x friendly + JDK-8223147: JFR Backport + JDK-8223689: Add JFR Thread Sampling Support + JDK-8223690: Add JFR BiasedLock Event Support + JDK-8223691: Add JFR G1 Region Type Change Event Support + JDK-8223692: Add JFR G1 Heap Summary Event Support + JDK-8224172: assert(jfr_is_event_enabled(id)) failed: invariant + JDK-8224475: JTextPane does not show images in HTML rendering + JDK-8226253: JAWS reports wrong number of radio buttons when buttons are hidden. + JDK-8226779: [TESTBUG] Test JFR API from Java agent + JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys + JDK-8227011: Starting a JFR recording in response to JVMTI VMInit and / or Java agent premain corrupts memory + JDK-8227605: Kitchensink fails 'assert((((klass)->trace_id() & (JfrTraceIdEpoch::leakp_in_use_this_epoch_bit())) != 0)) failed: invariant' + JDK-8229366: JFR backport allows unchecked writing to memory + JDK-8229401: Fix JFR code cache test failures + JDK-8229708: JFR backport code does not initialize + JDK-8229873: 8229401 broke jdk8u-jfr-incubator + JDK-8230448: [test] JFRSecurityTestSuite.java is failing on Windows + JDK-8230707: JFR related tests are failing + JDK-8230782: Robot.createScreenCapture() fails if 'awt.robot.gtk' is set to false + JDK-8230856: Java_java_net_NetworkInterface_getByName0 on unix misses ReleaseStringUTFChars in early return + JDK-8230947: TestLookForUntestedEvents.java is failing after JDK-8230707 + JDK-8231995: two jtreg tests failed after 8229366 is fixed + JDK-8233623: Add classpath exception to copyright in EventHandlerProxyCreator.java file + JDK-8236002: CSR for JFR backport suggests not leaving out the package-info + JDK-8236008: Some backup files were accidentally left in the hotspot tree + JDK-8236074: Missed package-info + JDK-8236174: Should update javadoc since tags + JDK-8238076: Fix OpenJDK 7 Bootstrap Broken by JFR Backport + JDK-8238452: Keytool generates wrong expiration date if validity is set to 2050/01/01 + JDK-8238555: Allow Initialization of SunPKCS11 with NSS when there are external FIPS modules in the NSSDB + JDK-8238589: Necessary code cleanup in JFR for JDK8u + JDK-8238590: Enable JFR by default during compilation in 8u + JDK-8239055: Wrong implementation of VMState.hasListener + JDK-8239476: JDK-8238589 broke windows build by moving OrderedPair + JDK-8239479: minimal1 and zero builds are failing + JDK-8239867: correct over use of INCLUDE_JFR macro + JDK-8240375: Disable JFR by default for July 2020 release + JDK-8241444: Metaspace::_class_vsm not initialized if compressed class pointers are disabled + JDK-8241902: AIX Build broken after integration of JDK-8223147 (JFR Backport) + JDK-8242788: Non-PCH build is broken after JDK-8191393 * Import of OpenJDK 8 u262 build 02 + JDK-8130737: AffineTransformOp can't handle child raster with non-zero x-offset + JDK-8172559: [PIT][TEST_BUG] Move @test to be 1st annotation in java/awt/image/Raster/TestChildRasterOp.java + JDK-8230926: [macosx] Two apostrophes are entered instead of one with 'U.S. International - PC' layout + JDK-8240576: JVM crashes after transformation in C2 IdealLoopTree::merge_many_backedges + JDK-8242883: Incomplete backport of JDK-8078268: backport test part * Import of OpenJDK 8 u262 build 03 + JDK-8037866: Replace the Fun class in tests with lambdas + JDK-8146612: C2: Precedence edges specification violated + JDK-8150986: serviceability/sa/jmap-hprof/ /JMapHProfLargeHeapTest.java failing because expects HPROF JAVA PROFILE 1.0.1 file format + JDK-8229888: (zipfs) Updating an existing zip file does not preserve original permissions + JDK-8230597: Update GIFlib library to the 5.2.1 + JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return + JDK-8233880, PR3798: Support compilers with multi-digit major version numbers + JDK-8239852: java/util/concurrent tests fail with -XX:+VerifyGraphEdges: assert(!VerifyGraphEdges) failed: verification should have failed + JDK-8241638: launcher time metrics always report 1 on Linux when _JAVA_LAUNCHER_DEBUG set + JDK-8243059: Build fails when --with-vendor-name contains a comma + JDK-8243474: [TESTBUG] removed three tests of 0 bytes + JDK-8244461: [JDK 8u] Build fails with glibc 2.32 + JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result * Import of OpenJDK 8 u262 build 04 + JDK-8067796: (process) Process.waitFor(timeout, unit) doesn't throw NPE if timeout is less than, or equal to zero when unit == null + JDK-8148886: SEGV in sun.java2d.marlin.Renderer._endRendering + JDK-8171934: ObjectSizeCalculator.getEffectiveMemoryLayoutSpecification() does not recognize OpenJDK's HotSpot VM + JDK-8196969: JTreg Failure: serviceability/sa/ClhsdbJstack.java causes NPE + JDK-8243539: Copyright info (Year) should be updated for fix of 8241638 + JDK-8244777: ClassLoaderStats VM Op uses constant hash value * Import of OpenJDK 8 u262 build 05 + JDK-7147060: com/sun/org/apache/xml/internal/security/ /transforms/ClassLoaderTest.java doesn't run in agentvm mode + JDK-8178374: Problematic ByteBuffer handling in CipherSpi.bufferCrypt method + JDK-8181841: A TSA server returns timestamp with precision higher than milliseconds + JDK-8227269: Slow class loading when running with JDWP + JDK-8229899: Make java.io.File.isInvalid() less racy + JDK-8236996: Incorrect Roboto font rendering on Windows with subpixel antialiasing + JDK-8241750: x86_32 build failure after JDK-8227269 + JDK-8244407: JVM crashes after transformation in C2 IdealLoopTree::split_fall_in + JDK-8244843: JapanEraNameCompatTest fails * Import of OpenJDK 8 u262 build 06 + JDK-8246223: Windows build fails after JDK-8227269 * Import of OpenJDK 8 u262 build 07 + JDK-8233197: Invert JvmtiExport::post_vm_initialized() and Jfr:on_vm_start() start-up order for correct option parsing + JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a + JDK-8245167: Top package in method profiling shows null in JMC + JDK-8246703: [TESTBUG] Add test for JDK-8233197 * Import of OpenJDK 8 u262 build 08 + JDK-8220293: Deadlock in JFR string pool + JDK-8225068: Remove DocuSign root certificate that is expiring in May 2020 + JDK-8225069: Remove Comodo root certificate that is expiring in May 2020 * Import of OpenJDK 8 u262 build 09 + JDK-8248399: Build installs jfr binary when JFR is disabled * Import of OpenJDK 8 u262 build 10 + JDK-8248715: New JavaTimeSupplementary localisation for 'in' installed in wrong package * Import of OpenJDK 8 u265 build 01 + JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior + JDK-8250546: Expect changed behaviour reported in JDK-8249846 * Import of OpenJDK 8 u272 build 01 + JDK-8006205: [TESTBUG] NEED_TEST: please JTREGIFY test/compiler/7177917/Test7177917.java + JDK-8035493: JVMTI PopFrame capability must instruct compilers not to prune locals + JDK-8036088: Replace strtok() with its safe equivalent strtok_s() in DefaultProxySelector.c + JDK-8039082: [TEST_BUG] Test java/awt/dnd/ /BadSerializationTest/BadSerializationTest.java fails + JDK-8075774: Small readability and performance improvements for zipfs + JDK-8132206: move ScanTest.java into OpenJDK + JDK-8132376: Add @requires os.family to the client tests with access to internal OS-specific API + JDK-8132745: minor cleanup of java/util/Scanner/ScanTest.java + JDK-8137087: [TEST_BUG] Cygwin failure of java/awt/ /appletviewer/IOExceptionIfEncodedURLTest/ /IOExceptionIfEncodedURLTest.sh + JDK-8145808: java/awt/Graphics2D/MTGraphicsAccessTest/ /MTGraphicsAccessTest.java hangs on Win. 8 + JDK-8151788: NullPointerException from ntlm.Client.type3 + JDK-8151834: Test SmallPrimeExponentP.java times out intermittently + JDK-8153430: jdk regression test MletParserLocaleTest, ParserInfiniteLoopTest reduce default timeout + JDK-8153583: Make OutputAnalyzer.reportDiagnosticSummary public + JDK-8156169: Some sound tests rarely hangs because of incorrect synchronization + JDK-8165936: Potential Heap buffer overflow when seaching timezone info files + JDK-8166148: Fix for JDK-8165936 broke solaris builds + JDK-8167300: Scheduling failures during gcm should be fatal + JDK-8167615: Opensource unit/regression tests for JavaSound + JDK-8172012: [TEST_BUG] delays needed in javax/swing/JTree/4633594/bug4633594.java + JDK-8177628: Opensource unit/regression tests for ImageIO + JDK-8183341: Better cleanup for javax/imageio/AllowSearch.java + JDK-8183351: Better cleanup for jdk/test/javax/imageio/spi/ /AppletContextTest/BadPluginConfigurationTest.sh + JDK-8193137: Nashorn crashes when given an empty script file + JDK-8194298: Add support for per Socket configuration of TCP keepalive + JDK-8198004: javax/swing/JFileChooser/6868611/bug6868611.java throws error + JDK-8200313: java/awt/Gtk/GtkVersionTest/GtkVersionTest.java fails + JDK-8210147: adjust some WSAGetLastError usages in windows network coding + JDK-8211714: Need to update vm_version.cpp to recognise VS2017 minor versions + JDK-8214862: assert(proj != __null) at compile.cpp:3251 + JDK-8217606: LdapContext#reconnect always opens a new connection + JDK-8217647: JFR: recordings on 32-bit systems unreadable + JDK-8226697: Several tests which need the @key headful keyword are missing it. + JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow + JDK-8230303: JDB hangs when running monitor command + JDK-8230711: ConnectionGraph::unique_java_object(Node* N) return NULL if n is not in the CG + JDK-8234617: C1: Incorrect result of field load due to missing narrowing conversion + JDK-8235243: handle VS2017 15.9 and VS2019 in abstract_vm_version + JDK-8235325: build failure on Linux after 8235243 + JDK-8235687: Contents/MacOS/libjli.dylib cannot be a symlink + JDK-8237951: CTW: C2 compilation fails with 'malformed control flow' + JDK-8238225: Issues reported after replacing symlink at Contents/MacOS/libjli.dylib with binary + JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD + JDK-8239819: XToolkit: Misread of screen information memory + JDK-8240295: hs_err elapsed time in seconds is not accurate enough + JDK-8241888: Mirror jdk.security.allowNonCaAnchor system property with a security one + JDK-8242498: Invalid 'sun.awt.TimedWindowEvent' object leads to JVM crash + JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions + JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor + JDK-8246310: Clean commented-out code about ModuleEntry and PackageEntry in JFR + JDK-8246384: Enable JFR by default on supported architectures for October 2020 release + JDK-8248643: Remove extra leading space in JDK-8240295 8u backport + JDK-8249610: Make sun.security.krb5.Config.getBooleanObject(String... keys) method public * Import of OpenJDK 8 u272 build 02 + JDK-8023697: failed class resolution reports different class name in detail message for the first and subsequent times + JDK-8025886: replace [[ and == bash extensions in regtest + JDK-8046274: Removing dependency on jakarta-regexp + JDK-8048933: -XX:+TraceExceptions output should include the message + JDK-8076151: [TESTBUG] Test java/awt/FontClass/CreateFont/ /fileaccess/FontFile.java fails + JDK-8148854: Class names 'SomeClass' and 'LSomeClass;' treated by JVM as an equivalent + JDK-8154313: Generated javadoc scattered all over the place + JDK-8163251: Hard coded loop limit prevents reading of smart card data greater than 8k + JDK-8173300: [TESTBUG]compiler/tiered/NonTieredLevelsTest.java fails with compiler.whitebox.SimpleTestCaseHelper(int) must be compiled + JDK-8183349: Better cleanup for jdk/test/javax/imageio/ /plugins/shared/CanWriteSequence.java and WriteAfterAbort.java + JDK-8191678: [TESTBUG] Add keyword headful in java/awt FocusTransitionTest test. + JDK-8201633: Problems with AES-GCM native acceleration + JDK-8211049: Second parameter of 'initialize' method is not used + JDK-8219566: JFR did not collect call stacks when MaxJavaStackTraceDepth is set to zero + JDK-8220165: Encryption using GCM results in RuntimeException- input length out of bound + JDK-8220555: JFR tool shows potentially misleading message when it cannot access a file + JDK-8224217: RecordingInfo should use textual representation of path + JDK-8231779: crash HeapWord*ParallelScavengeHeap::failed_mem_allocate + JDK-8238380, PR3798: java.base/unix/native/libjava/childproc.c 'multiple definition' link errors with GCC10 + JDK-8238386, PR3798: (sctp) jdk.sctp/unix/native/libsctp/ /SctpNet.c 'multiple definition' link errors with GCC10 + JDK-8238388, PR3798: libj2gss/NativeFunc.o 'multiple definition' link errors with GCC10 + JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array + JDK-8250755: Better cleanup for jdk/test/javax/imageio/ /plugins/shared/CanWriteSequence.java * Import of OpenJDK 8 u272 build 03 + JDK-6574989: TEST_BUG: javax/sound/sampled/Clip/bug5070081.java fails sometimes + JDK-8148754: C2 loop unrolling fails due to unexpected graph shape + JDK-8192953: sun/management/jmxremote/bootstrap/*.sh tests fail with error : revokeall.exe: Permission denied + JDK-8203357: Container Metrics + JDK-8209113: Use WeakReference for lastFontStrike for created Fonts + JDK-8216283: Allow shorter method sampling interval than 10 ms + JDK-8221569: JFR tool produces incorrect output when both --categories and --events are specified + JDK-8233097: Fontmetrics for large Fonts has zero width + JDK-8248851: CMS: Missing memory fences between free chunk check and klass read + JDK-8250875: Incorrect parameter type for update_number in JDK_Version::jdk_update * Import of OpenJDK 8 u272 build 04 + JDK-8061616: HotspotDiagnosticMXBean.getVMOption() throws IllegalArgumentException for flags of type double + JDK-8177334: Update xmldsig implementation to Apache Santuario 2.1.1 + JDK-8217878: ENVELOPING XML signature no longer works in JDK 11 + JDK-8218629: XML Digital Signature throws NAMESPACE_ERR exception on OpenJDK 11, works 8/9/10 + JDK-8243138: Enhance BaseLdapServer to support starttls extended request * Import of OpenJDK 8 u272 build 05 + JDK-8026236: Add PrimeTest for BigInteger + JDK-8057003: Large reference arrays cause extremely long synchronization times + JDK-8060721: Test runtime/SharedArchiveFile/ /LimitSharedSizes.java fails in jdk 9 fcs new platforms/compiler + JDK-8152077: (cal) Calendar.roll does not always roll the hours during daylight savings + JDK-8168517: java/lang/ProcessBuilder/Basic.java failed + JDK-8211163: UNIX version of Java_java_io_Console_echo does not return a clean boolean + JDK-8220674: [TESTBUG] MetricsMemoryTester failcount test in docker container only works with debug JVMs + JDK-8231213: Migrate SimpleDateFormatConstTest to JDK Repo + JDK-8236645: JDK 8u231 introduces a regression with incompatible handling of XML messages + JDK-8240676: Meet not symmetric failure when running lucene on jdk8 + JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program + JDK-8249158: THREAD_START and THREAD_END event posted in primordial phase + JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics + JDK-8251546: 8u backport of JDK-8194298 breaks AIX and Solaris builds + JDK-8252084: Minimal VM fails to bootcycle: undefined symbol: AgeTableTracer::is_tenuring_distribution_event_enabled * Import of OpenJDK 8 u272 build 06 + JDK-8064319: Need to enable -XX:+TraceExceptions in release builds + JDK-8080462, PR3801: Update SunPKCS11 provider with PKCS11 v2.40 support + JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider + JDK-8161973: PKIXRevocationChecker.getSoftFailExceptions() not working + JDK-8169925, PR3801: PKCS #11 Cryptographic Token Interface license + JDK-8184762: ZapStackSegments should use optimized memset + JDK-8193234: When using -Xcheck:jni an internally allocated buffer can leak + JDK-8219919: RuntimeStub name lost with PrintFrameConverterAssembly + JDK-8220313: [TESTBUG] Update base image for Docker testing to OL 7.6 + JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp + JDK-8225695: 32-bit build failures after JDK-8080462 (Update SunPKCS11 provider with PKCS11 v2.40 support) + JDK-8226575: OperatingSystemMXBean should be made container aware + JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous + JDK-8228835: Memory leak in PKCS11 provider when using AES GCM + JDK-8233621: Mismatch in jsse.enableMFLNExtension property name + JDK-8238898, PR3801: Missing hash characters for header on license file + JDK-8243320: Add SSL root certificates to Oracle Root CA program + JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26 + JDK-8245467: Remove 8u TLSv1.2 implementation files + JDK-8245469: Remove DTLS protocol implementation + JDK-8245470: Fix JDK8 compatibility issues + JDK-8245471: Revert JDK-8148188 + JDK-8245472: Backport JDK-8038893 to JDK8 + JDK-8245473: OCSP stapling support + JDK-8245474: Add TLS_KRB5 cipher suites support according to RFC-2712 + JDK-8245476: Disable TLSv1.3 protocol in the ClientHello message by default + JDK-8245477: Adjust TLS tests location + JDK-8245653: Remove 8u TLS tests + JDK-8245681: Add TLSv1.3 regression test from 11.0.7 + JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher + JDK-8251120, PR3793: [8u] HotSpot build assumes ENABLE_JFR is set to either true or false + JDK-8251341: Minimal Java specification change + JDK-8251478: Backport TLSv1.3 regression tests to JDK8u * Import of OpenJDK 8 u272 build 07 + JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ * Import of OpenJDK 8 u272 build 08 + JDK-8062947: Fix exception message to correctly represent LDAP connection failure + JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect + JDK-8252573: 8u: Windows build failed after 8222079 backport * Import of OpenJDK 8 u272 build 09 + JDK-8252886: [TESTBUG] sun/security/ec/TestEC.java : Compilation failed * Import of OpenJDK 8 u272 build 10 + JDK-8254673: Call to JvmtiExport::post_vm_start() was removed by the fix for JDK-8249158 + JDK-8254937: Revert JDK-8148854 for 8u272 * Backports + JDK-8038723, PR3806: Openup some PrinterJob tests + JDK-8041480, PR3806: ArrayIndexOutOfBoundsException when JTable contains certain string + JDK-8058779, PR3805: Faster implementation of String.replace(CharSequence, CharSequence) + JDK-8130125, PR3806: [TEST_BUG] add @modules to the several client tests unaffected by the automated bulk update + JDK-8144015, PR3806: [PIT] failures of text layout font tests + JDK-8144023, PR3806: [PIT] failure of text measurements in javax/swing/text/html/parser/Parser/6836089/bug6836089.java + JDK-8144240, PR3806: [macosx][PIT] AIOOB in closed/javax/swing/text/GlyphPainter2/6427244/bug6427244.java + JDK-8145542, PR3806: The case failed automatically and thrown java.lang.ArrayIndexOutOfBoundsException exception + JDK-8151725, PR3806: [macosx] ArrayIndexOOB exception when displaying Devanagari text in JEditorPane + JDK-8152358, PR3800: code and comment cleanups found during the hunt for 8077392 + JDK-8152545, PR3804: Use preprocessor instead of compiling a program to generate native nio constants + JDK-8152680, PR3806: Regression in GlyphVector.getGlyphCharIndex behaviour + JDK-8158924, PR3806: Incorrect i18n text document layout + JDK-8166003, PR3806: [PIT][TEST_BUG] missing helper for javax/swing/text/GlyphPainter2/6427244/bug6427244.java + JDK-8166068, PR3806: test/java/awt/font/GlyphVector/ /GetGlyphCharIndexTest.java does not compile + JDK-8169879, PR3806: [TEST_BUG] javax/swing/text/ /GlyphPainter2/6427244/bug6427244.java - compilation failed + JDK-8191512, PR3806: T2K font rasterizer code removal + JDK-8191522, PR3806: Remove Bigelow&Holmes Lucida fonts from JDK sources + JDK-8236512, PR3801: PKCS11 Connection closed after Cipher.doFinal and NoPadding + JDK-8254177, PR3809: (tz) Upgrade time-zone data to tzdata2020b * Bug fixes + PR3798: Fix format-overflow error on GCC 10, caused by passing NULL to a '%s' directive + PR3795: ECDSAUtils for XML digital signatures should support the same curve set as the rest of the JDK + PR3799: Adapt elliptic curve patches to JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7 + PR3808: IcedTea does not install the JFR *.jfc files + PR3810: Enable JFR on x86 (32-bit) now that JDK-8252096 has fixed its use with Shenandoah + PR3811: Don't attempt to install JFR files when JFR is disabled * Shenandoah + [backport] 8221435: Shenandoah should not mark through weak roots + [backport] 8221629: Shenandoah: Cleanup class unloading logic + [backport] 8222992: Shenandoah: Pre-evacuate all roots + [backport] 8223215: Shenandoah: Support verifying subset of roots + [backport] 8223774: Shenandoah: Refactor ShenandoahRootProcessor and family + [backport] 8224210: Shenandoah: Refactor ShenandoahRootScanner to support scanning CSet codecache roots + [backport] 8224508: Shenandoah: Need to update thread roots in final mark for piggyback ref update cycle + [backport] 8224579: ResourceMark not declared in shenandoahRootProcessor.inline.hpp with --disable-precompiled-headers + [backport] 8224679: Shenandoah: Make ShenandoahParallelCodeCacheIterator noncopyable + [backport] 8224751: Shenandoah: Shenandoah Verifier should select proper roots according to current GC cycle + [backport] 8225014: Separate ShenandoahRootScanner method for object_iterate + [backport] 8225216: gc/logging/TestMetaSpaceLog.java doesn't work for Shenandoah + [backport] 8225573: Shenandoah: Enhance ShenandoahVerifier to ensure roots to-space invariant + [backport] 8225590: Shenandoah: Refactor ShenandoahClassLoaderDataRoots API + [backport] 8226413: Shenandoah: Separate root scanner for SH::object_iterate() + [backport] 8230853: Shenandoah: replace leftover assert(is_in(...)) with rich asserts + [backport] 8231198: Shenandoah: heap walking should visit all roots most of the time + [backport] 8231244: Shenandoah: all-roots heap walking misses some weak roots + [backport] 8237632: Shenandoah: accept NULL fwdptr to cooperate with JVMTI and JFR + [backport] 8239786: Shenandoah: print per-cycle statistics + [backport] 8239926: Shenandoah: Shenandoah needs to mark nmethod's metadata + [backport] 8240671: Shenandoah: refactor ShenandoahPhaseTimings + [backport] 8240749: Shenandoah: refactor ShenandoahUtils + [backport] 8240750: Shenandoah: remove leftover files and mentions of ShenandoahAllocTracker + [backport] 8240868: Shenandoah: remove CM-with-UR piggybacking cycles + [backport] 8240872: Shenandoah: Avoid updating new regions from start of evacuation + [backport] 8240873: Shenandoah: Short-cut arraycopy barriers + [backport] 8240915: Shenandoah: Remove unused fields in init mark tasks + [backport] 8240948: Shenandoah: cleanup not-forwarded-objects paths after JDK-8240868 + [backport] 8241007: Shenandoah: remove ShenandoahCriticalControlThreadPriority support + [backport] 8241062: Shenandoah: rich asserts trigger 'empty statement' inspection + [backport] 8241081: Shenandoah: Do not modify update-watermark concurrently + [backport] 8241093: Shenandoah: editorial changes in flag descriptions + [backport] 8241139: Shenandoah: distribute mark-compact work exactly to minimize fragmentation + [backport] 8241142: Shenandoah: should not use parallel reference processing with single GC thread + [backport] 8241351: Shenandoah: fragmentation metrics overhaul + [backport] 8241435: Shenandoah: avoid disabling pacing with 'aggressive' + [backport] 8241520: Shenandoah: simplify region sequence numbers handling + [backport] 8241534: Shenandoah: region status should include update watermark + [backport] 8241574: Shenandoah: remove ShenandoahAssertToSpaceClosure + [backport] 8241583: Shenandoah: turn heap lock asserts into macros + [backport] 8241668: Shenandoah: make ShenandoahHeapRegion not derive from ContiguousSpace + [backport] 8241673: Shenandoah: refactor anti-false-sharing padding + [backport] 8241675: Shenandoah: assert(n->outcnt() > 0) at shenandoahSupport.cpp:2858 with java/util/Collections/FindSubList.java + [backport] 8241692: Shenandoah: remove ShenandoahHeapRegion::_reserved + [backport] 8241700: Shenandoah: Fold ShenandoahKeepAliveBarrier flag into ShenandoahSATBBarrier + [backport] 8241740: Shenandoah: remove ShenandoahHeapRegion::_heap + [backport] 8241743: Shenandoah: refactor and inline ShenandoahHeap::heap() + [backport] 8241748: Shenandoah: inline MarkingContext TAMS methods + [backport] 8241838: Shenandoah: no need to trash cset during final mark + [backport] 8241841: Shenandoah: ditch one of allocation type counters in ShenandoahHeapRegion + [backport] 8241842: Shenandoah: inline ShenandoahHeapRegion::region_number + [backport] 8241844: Shenandoah: rename ShenandoahHeapRegion::region_number + [backport] 8241845: Shenandoah: align ShenandoahHeapRegions to cache lines + [backport] 8241926: Shenandoah: only print heap changes for operations that directly affect it + [backport] 8241983: Shenandoah: simplify FreeSet logging + [backport] 8241985: Shenandoah: simplify collectable garbage logging + [backport] 8242040: Shenandoah: print allocation failure type + [backport] 8242041: Shenandoah: adaptive heuristics should account evac reserve in free target + [backport] 8242042: Shenandoah: tune down ShenandoahGarbageThreshold + [backport] 8242054: Shenandoah: New incremental-update mode + [backport] 8242075: Shenandoah: rename ShenandoahHeapRegionSize flag + [backport] 8242082: Shenandoah: Purge Traversal mode + [backport] 8242083: Shenandoah: split 'Prepare Evacuation' tracking into cset/freeset counters + [backport] 8242089: Shenandoah: per-worker stats should be summed up, not averaged + [backport] 8242101: Shenandoah: coalesce and parallelise heap region walks during the pauses + [backport] 8242114: Shenandoah: remove ShenandoahHeapRegion::reset_alloc_metadata_to_shared + [backport] 8242130: Shenandoah: Simplify arraycopy-barrier dispatching + [backport] 8242211: Shenandoah: remove ShenandoahHeuristics::RegionData::_seqnum_last_alloc + [backport] 8242212: Shenandoah: initialize ShenandoahHeuristics::_region_data eagerly + [backport] 8242213: Shenandoah: remove ShenandoahHeuristics::_bytes_in_cset + [backport] 8242217: Shenandoah: Enable GC mode to be diagnostic/experimental and have a name + [backport] 8242227: Shenandoah: transit regions to cset state when adding to collection set + [backport] 8242228: Shenandoah: remove unused ShenandoahCollectionSet methods + [backport] 8242229: Shenandoah: inline ShenandoahHeapRegion liveness-related methods + [backport] 8242267: Shenandoah: regions space needs to be aligned by os::vm_allocation_granularity() + [backport] 8242271: Shenandoah: add test to verify GC mode unlock + [backport] 8242273: Shenandoah: accept either SATB or IU barriers, but not both + [backport] 8242301: Shenandoah: Inline LRB runtime call + [backport] 8242316: Shenandoah: Turn NULL-check into assert in SATB slow-path entry + [backport] 8242353: Shenandoah: micro-optimize region liveness handling + [backport] 8242365: Shenandoah: use uint16_t instead of jushort for liveness cache + [backport] 8242375: Shenandoah: Remove ShenandoahHeuristic::record_gc_start/end methods + [backport] 8242641: Shenandoah: clear live data and update TAMS optimistically + [backport] 8243238: Shenandoah: explicit GC request should wait for a complete GC cycle + [backport] 8243301: Shenandoah: ditch ShenandoahAllowMixedAllocs + [backport] 8243307: Shenandoah: remove ShCollectionSet::live_data + [backport] 8243395: Shenandoah: demote guarantee in ShenandoahPhaseTimings::record_workers_end + [backport] 8243463: Shenandoah: ditch total_pause counters + [backport] 8243464: Shenandoah: print statistic counters in time order + [backport] 8243465: Shenandoah: ditch unused pause_other, conc_other counters + [backport] 8243487: Shenandoah: make _num_phases illegal phase type + [backport] 8243494: Shenandoah: set counters once per cycle + [backport] 8243573: Shenandoah: rename GCParPhases and related code + [backport] 8243848: Shenandoah: Windows build fails after JDK-8239786 + [backport] 8244180: Shenandoah: carry Phase to ShWorkerTimingsTracker explicitly + [backport] 8244200: Shenandoah: build breakages after JDK-8241743 + [backport] 8244226: Shenandoah: per-cycle statistics contain worker data from previous cycles + [backport] 8244326: Shenandoah: global statistics should not accept bogus samples + [backport] 8244509: Shenandoah: refactor ShenandoahBarrierC2Support::test_* methods + [backport] 8244551: Shenandoah: Fix racy update of update_watermark + [backport] 8244667: Shenandoah: SBC2Support::test_gc_state takes loop for wrong control + [backport] 8244730: Shenandoah: gc/shenandoah/options/ /TestHeuristicsUnlock.java should only verify the heuristics + [backport] 8244732: Shenandoah: move heuristics code to gc/shenandoah/heuristics + [backport] 8244737: Shenandoah: move mode code to gc/shenandoah/mode + [backport] 8244739: Shenandoah: break superclass dependency on ShenandoahNormalMode + [backport] 8244740: Shenandoah: rename ShenandoahNormalMode to ShenandoahSATBMode + [backport] 8245461: Shenandoah: refine mode name()-s + [backport] 8245463: Shenandoah: refine ShenandoahPhaseTimings constructor arguments + [backport] 8245464: Shenandoah: allocate collection set bitmap at lower addresses + [backport] 8245465: Shenandoah: test_in_cset can use more efficient encoding + [backport] 8245726: Shenandoah: lift/cleanup ShenandoahHeuristics names and properties + [backport] 8245754: Shenandoah: ditch ShenandoahAlwaysPreTouch + [backport] 8245757: Shenandoah: AlwaysPreTouch should not disable heap resizing or uncommits + [backport] 8245773: Shenandoah: Windows assertion failure after JDK-8245464 + [backport] 8245812: Shenandoah: compute root phase parallelism + [backport] 8245814: Shenandoah: reconsider format specifiers for stats + [backport] 8245825: Shenandoah: Remove diagnostic flag ShenandoahConcurrentScanCodeRoots + [backport] 8246162: Shenandoah: full GC does not mark code roots when class unloading is off + [backport] 8247310: Shenandoah: pacer should not affect interrupt status + [backport] 8247358: Shenandoah: reconsider free budget slice for marking + [backport] 8247367: Shenandoah: pacer should wait on lock instead of exponential backoff + [backport] 8247474: Shenandoah: Windows build warning after JDK-8247310 + [backport] 8247560: Shenandoah: heap iteration holds root locks all the time + [backport] 8247593: Shenandoah: should not block pacing reporters + [backport] 8247751: Shenandoah: options tests should run with smaller heaps + [backport] 8247754: Shenandoah: mxbeans tests can be shorter + [backport] 8247757: Shenandoah: split heavy tests by heuristics to improve parallelism + [backport] 8247860: Shenandoah: add update watermark line in rich assert failure message + [backport] 8248041: Shenandoah: pre-Full GC root updates may miss some roots + [backport] 8248652: Shenandoah: SATB buffer handling may assume no forwarded objects + [backport] 8249560: Shenandoah: Fix racy GC request handling + [backport] 8249649: Shenandoah: provide per-cycle pacing stats + [backport] 8249801: Shenandoah: Clear soft-refs on requested GC cycle + [backport] 8249953: Shenandoah: gc/shenandoah/mxbeans tests should account for corner cases + Fix slowdebug build after JDK-8230853 backport + JDK-8252096: Shenandoah: adjust SerialPageShiftCount for x86_32 and JFR + JDK-8252366: Shenandoah: revert/cleanup changes in graphKit.cpp + Shenandoah: add JFR roots to root processor after JFR integration + Shenandoah: add root statistics for string dedup table/queues + Shenandoah: enable low-frequency STW class unloading + Shenandoah: fix build failures after JDK-8244737 backport + Shenandoah: Fix build failure with +JFR -PCH + Shenandoah: fix forceful pacer claim + Shenandoah: fix formats in ShenandoahStringSymbolTableUnlinkTask + Shenandoah: fix runtime linking failure due to non-compiled shenandoahBarrierSetC1 + Shenandoah: hook statistics printing to PrintGCDetails, not PrintGC + Shenandoah: JNI weak roots are always cleared before Full GC mark + Shenandoah: missing SystemDictionary roots in ShenandoahHeapIterationRootScanner + Shenandoah: move barrier sets to their proper locations + Shenandoah: move parallelCleaning.* to shenandoah/ + Shenandoah: pacer should use proper Atomics for intptr_t + Shenandoah: properly deallocates class loader metadata + Shenandoah: specialize String Table scans for better pause performance + Shenandoah: Zero build fails after recent Atomic cleanup in Pacer * AArch64 port + JDK-8161072, PR3797: AArch64: jtreg compiler/uncommontrap/TestDeoptOOM failure + JDK-8171537, PR3797: aarch64: compiler/c1/Test6849574.java generates guarantee failure in C1 + JDK-8183925, PR3797: [AArch64] Decouple crash protection from watcher thread + JDK-8199712, PR3797: [AArch64] Flight Recorder + JDK-8203481, PR3797: Incorrect constraint for unextended_sp in frame:safe_for_sender + JDK-8203699, PR3797: java/lang/invoke/SpecialInterfaceCall fails with SIGILL on aarch64 + JDK-8209413, PR3797: AArch64: NPE in clhsdb jstack command + JDK-8215961, PR3797: jdk/jfr/event/os/TestCPUInformation.java fails on AArch64 + JDK-8216989, PR3797: CardTableBarrierSetAssembler::gen_write_ref_array_post_barrier() does not check for zero length on AARCH64 + JDK-8217368, PR3797: AArch64: C2 recursive stack locking optimisation not triggered + JDK-8221658, PR3797: aarch64: add necessary predicate for ubfx patterns + JDK-8237512, PR3797: AArch64: aarch64TestHook leaks a BufferBlob + JDK-8246482, PR3797: Build failures with +JFR -PCH + JDK-8247979, PR3797: aarch64: missing side effect of killing flags for clearArray_reg_reg + JDK-8248219, PR3797: aarch64: missing memory barrier in fast_storefield and fast_accessfield - Ignore whitespaces after the header or footer in PEM X.509 cert (bsc#1171352) Important SUSE bug 1171352 SUSE bug 1174157 SUSE bug 1177943 CVE-2020-14556 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for gcc10 fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Moderate SUSE bug 1172798 SUSE bug 1172846 SUSE bug 1173972 SUSE bug 1174753 SUSE bug 1174817 SUSE bug 1175168 CVE-2020-13844 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ucode-intel fixes the following issues: - Intel CPU Microcode updated to 20201027 prerelease - CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446) - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) # New Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile | CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3 | CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile | CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10 | CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10 | CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile # Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5 | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3 | SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2 | ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile | AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile | CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8 | CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9 | CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile | CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile Moderate SUSE bug 1170446 SUSE bug 1173594 CVE-2020-8695 CVE-2020-8698 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_7_0-openjdk fixes the following issues: - Update to 2.6.24 - OpenJDK 7u281 (October 2020 CPU, bsc#1177943) * Security fixes + JDK-8233624: Enhance JNI linkage + JDK-8236862, CVE-2020-14779: Enhance support of Proxy class + JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts + JDK-8237995, CVE-2020-14782: Enhance certificate processing + JDK-8240124: Better VM Interning + JDK-8241114, CVE-2020-14792: Better range handling + JDK-8242680, CVE-2020-14796: Improved URI Support + JDK-8242685, CVE-2020-14797: Better Path Validation + JDK-8242695, CVE-2020-14798: Enhanced buffer support + JDK-8243302: Advanced class supports + JDK-8244136, CVE-2020-14803: Improved Buffer supports + JDK-8244479: Further constrain certificates + JDK-8244955: Additional Fix for JDK-8240124 + JDK-8245407: Enhance zoning of times + JDK-8245412: Better class definitions + JDK-8245417: Improve certificate chain handling + JDK-8248574: Improve jpeg processing + JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit + JDK-8253019: Enhanced JPEG decoding * Import of OpenJDK 7 u281 build 1 + JDK-8145096: Undefined behaviour in HotSpot + JDK-8215265: C2: range check elimination may allow illegal out of bound access * Backports + JDK-8250861, PR3812: Crash in MinINode::Ideal(PhaseGVN*, bool) Important SUSE bug 1177943 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). Important SUSE bug 1178387 CVE-2020-25692 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). Important SUSE bug 1178387 CVE-2020-25692 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.4.1 ESR * Fixed: Security fix MFSA 2020-49 (bsc#1178588) * CVE-2020-26950 (bmo#1675905) Write side effects in MCallGetProperty opcode not accounted for Important SUSE bug 1178588 CVE-2020-26950 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update changes the internal packaging for postgresql, and so contains all currently maintained postgresql versions across our SUSE Linux Enterprise 12 products. * postgresql12 is shipped new in version 12.3 (bsc#1171924). The server and client packages only on SUSE Linux Enterprise Server 12 SP5, the libraries on SUSE Linux Enterprise Server 12 SP2 LTSS up to 12 SP5. + https://www.postgresql.org/about/news/2038/ + https://www.postgresql.org/docs/12/release-12-3.html * postgresql10 is updated to 10.13 (bsc#1171924). On SUSE Linux Enterprise Server 12 SP2 LTSS up to 12 SP5. + https://www.postgresql.org/about/news/2038/ + https://www.postgresql.org/docs/10/release-10-13.html * postgresql96 is updated to 9.6.18 (bsc#1171924): + https://www.postgresql.org/about/news/2038/ + https://www.postgresql.org/docs/9.6/release-9-6-18.html On SUSE Linux Enterprise Server 12-SP2 and 12-SP3 LTSS only. * postgresql 9.4 is updated to 9.4.26: + https://www.postgresql.org/about/news/2011/ + https://www.postgresql.org/docs/9.4/release-9-4-26.html + https://www.postgresql.org/about/news/1994/ + https://www.postgresql.org/docs/9.4/release-9-4-25.html Moderate SUSE bug 1171924 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for raptor fixes the following issues: - Fixed a heap overflow vulnerability (bsc#1178593, CVE-2017-18926). - Update raptor to version 2.0.15 * Made several fixes to Turtle / N-Triples family of parsers and serializers * Added utility functions for re-entrant sorting of objects and sequences. * Made other fixes and improvements including fixing reported issues: 0000574, 0000575, 0000576, 0000577, 0000579, 0000581 and 0000584. Important SUSE bug 1178593 CVE-2017-18926 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for kernel-firmware fixes the following issue: - CVE-2020-12321: Updated the Intel Bluetooth firmware for buffer overflow security bugs (bsc#1178671). Important SUSE bug 1178671 CVE-2020-12321 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for krb5 fixes the following security issue: - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512). Moderate SUSE bug 1178512 CVE-2020-28196 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xen fixes the following issues: Security issue fixed: - CVE-2020-28368: Fixed the Intel RAPL sidechannel attack, aka PLATYPUS attack, aka XSA-351 (bsc#1178591). Non-security issue fixed: - Adjusted help for --max_iters, default is 5 (bsc#1177950). Important SUSE bug 1177950 SUSE bug 1178591 CVE-2020-28368 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for postgresql10 fixes the following issues: Upgrade to version 10.15: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/10/release-10-15.html Update to 10.14: * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers * CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure. * https://www.postgresql.org/docs/10/release-10-14.html Important SUSE bug 1175193 SUSE bug 1175194 SUSE bug 1178666 SUSE bug 1178667 SUSE bug 1178668 CVE-2020-14349 CVE-2020-14350 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for mariadb and mariadb-connector-c fixes the following issues: - Update mariadb to 10.2.36 GA [bsc#1177472, bsc#1178428] fixing for the following security vulnerabilities: CVE-2020-14812, CVE-2020-14765, CVE-2020-14776, CVE-2020-14789 CVE-2020-15180 - Update mariadb-connector-c to 3.1.11 [bsc#1177472 and bsc#1178428] Moderate SUSE bug 1172399 SUSE bug 1175596 SUSE bug 1177472 SUSE bug 1178428 CVE-2020-14765 CVE-2020-14776 CVE-2020-14789 CVE-2020-14812 CVE-2020-15180 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ucode-intel fixes the following issues: - Updated Intel CPU Microcode to 20201118 official release. (bsc#1178971) - Removed TGL/06-8c-01/80 due to functional issues with some OEM platforms. - CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) INTEL-SA-00389 (bsc#1170446) - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) - CVE-2020-8696: Vector Register Sampling Active INTEL-SA-00381 (bsc#1173592) - Release notes: - Security updates for [INTEL-SA-00381](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html). - Security updates for [INTEL-SA-00389](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html). - Update for functional issues. Refer to [Second Generation Intel? Xeon? Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details. - Update for functional issues. Refer to [Intel? Xeon? Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details. - Update for functional issues. Refer to [Intel? Xeon? Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details. - Update for functional issues. Refer to [10th Gen Intel? Core™ Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details. - Update for functional issues. Refer to [8th and 9th Gen Intel? Core™ Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details. - Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel? Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details. - Update for functional issues. Refer to [6th Gen Intel? Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details. - Update for functional issues. Refer to [Intel? Xeon? E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details. - Update for functional issues. Refer to [Intel? Xeon? E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details. ### New Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3 | LKF | B2/B3 | 06-8a-01/10 | | 00000028 | Core w/Hybrid Technology | TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile | CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile | CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10 | CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10 | CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile ### Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3 | SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2 | APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5 | GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile | AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile | CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8 | CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9 | CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile | CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile Moderate SUSE bug 1170446 SUSE bug 1173592 SUSE bug 1173594 SUSE bug 1178971 CVE-2020-8695 CVE-2020-8696 CVE-2020-8698 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for bluez fixes the following issues: - CVE-2020-0556: Fixed improper access control which may lead to escalation of privilege and denial of service by an unauthenticated user (bsc#1166751). Important SUSE bug 1166751 CVE-2020-0556 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bug fixes. The following security bugs were fixed: - CVE-2020-25705: A flaw in the way reply ICMP packets are limited in was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software and services that rely on UDP source port randomization (like DNS) are indirectly affected as well. Kernel versions may be vulnerable to this issue (bsc#1175721, bsc#1178782). - CVE-2020-25704: Fixed a memory leak in perf_event_parse_addr_filter() (bsc#1178393). - CVE-2020-25668: Fixed a use-after-free in con_font_op() (bnc#1178123). - CVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl (bnc#1177766). - CVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in mm/hugetlb.c (bnc#1176485). - CVE-2020-0430: Fixed an OOB read in skb_headlen of /include/linux/skbuff.h (bnc#1176723). - CVE-2020-14351: Fixed a race in the perf_mmap_close() function (bsc#1177086). - CVE-2020-16120: Fixed a permissions issue in ovl_path_open() (bsc#1177470). - CVE-2020-8694: Restricted energy meter to root access (bsc#1170415). - CVE-2020-12351: Implemented a kABI workaround for bluetooth l2cap_ops filter addition (bsc#1177724). - CVE-2020-12352: Fixed an information leak when processing certain AMP packets aka 'BleedingTooth' (bsc#1177725). - CVE-2020-25212: Fixed a TOCTOU mismatch in the NFS client code (bnc#1176381). - CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177511). - CVE-2020-14381: Fixed a UAF in the fast user mutex (futex) wait operation (bsc#1176011). - CVE-2020-25643: Fixed an improper input validation in the ppp_cp_parse_cr function of the HDLC_PPP module (bnc#1177206). - CVE-2020-25641: Fixed a zero-length biovec request issued by the block subsystem could have caused the kernel to enter an infinite loop, causing a denial of service (bsc#1177121). - CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990). - CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235). - CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721). - CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725). - CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722). - CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423). - CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482). - CVE-2020-27673: Fixed an issue where rogue guests could have caused denial of service of Dom0 via high frequency events (XSA-332 bsc#1177411) - CVE-2020-27675: Fixed a race condition in event handler which may crash dom0 (XSA-331 bsc#1177410). The following non-security bugs were fixed: - btrfs: remove root usage from can_overcommit (bsc#1131277). - hv: vmbus: Add timeout to vmbus_wait_for_unload (bsc#1177816). - hyperv_fb: disable superfluous VERSION_WIN10_V5 case (bsc#1175306). - hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306). - livepatch: Add -fdump-ipa-clones to build (). Add support for -fdump-ipa-clones GCC option. Update config files accordingly. - livepatch: Test if -fdump-ipa-clones is really available As of now we add -fdump-ipa-clones unconditionally. It does not cause a trouble if the kernel is build with the supported toolchain. Otherwise it could fail easily. Do the correct thing and test for the availability. - NFS: On fatal writeback errors, we need to call nfs_inode_remove_request() (bsc#1177340). - NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139). - NFS: Revalidate the file mapping on all fatal writeback errors (bsc#1177340). - NFSv4: do not mark all open state for recovery when handling recallable state revoked flag (bsc#1176935). - obsolete_kmp: provide newer version than the obsoleted one (boo#1170232). - ocfs2: give applications more IO opportunities during fstrim (bsc#1175228). - powerpc/pseries/cpuidle: add polling idle for shared processor guests (bsc#1178765 ltc#188968). - rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules (bsc#1176869 ltc#188243). - scsi: fnic: Do not call 'scsi_done()' for unhandled commands (bsc#1168468, bsc#1171675). - scsi: qla2xxx: Do not consume srb greedily (bsc#1173233). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1173233). - video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306). - video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306). - video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306). - x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306). - xen/blkback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/events: add a new 'late EOI' evtchn framework (XSA-332 bsc#1177411). - xen/events: add a proper barrier to 2-level uevent unmasking (XSA-332 bsc#1177411). - xen/events: avoid removing an event channel while handling it (XSA-331 bsc#1177410). - xen/events: block rogue events for some time (XSA-332 bsc#1177411). - xen/events: defer eoi in case of excessive number of events (XSA-332 bsc#1177411). - xen/events: do not use chip_data for legacy IRQs (XSA-332 bsc#1065600). - xen/events: fix race in evtchn_fifo_unmask() (XSA-332 bsc#1177411). - xen/events: switch user event channels to lateeoi model (XSA-332 bsc#1177411). - xen/events: use a common cpu hotplug hook for event channels (XSA-332 bsc#1177411). - xen/netback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/pciback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/scsiback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (XSA-332 bsc#1065600). Important SUSE bug 1051510 SUSE bug 1058115 SUSE bug 1065600 SUSE bug 1131277 SUSE bug 1160947 SUSE bug 1163524 SUSE bug 1166965 SUSE bug 1168468 SUSE bug 1170139 SUSE bug 1170232 SUSE bug 1170415 SUSE bug 1171417 SUSE bug 1171675 SUSE bug 1172073 SUSE bug 1172366 SUSE bug 1173115 SUSE bug 1173233 SUSE bug 1175228 SUSE bug 1175306 SUSE bug 1175721 SUSE bug 1175882 SUSE bug 1176011 SUSE bug 1176235 SUSE bug 1176278 SUSE bug 1176381 SUSE bug 1176423 SUSE bug 1176482 SUSE bug 1176485 SUSE bug 1176698 SUSE bug 1176721 SUSE bug 1176722 SUSE bug 1176723 SUSE bug 1176725 SUSE bug 1176732 SUSE bug 1176869 SUSE bug 1176907 SUSE bug 1176922 SUSE bug 1176935 SUSE bug 1176950 SUSE bug 1176990 SUSE bug 1177027 SUSE bug 1177086 SUSE bug 1177121 SUSE bug 1177206 SUSE bug 1177340 SUSE bug 1177410 SUSE bug 1177411 SUSE bug 1177470 SUSE bug 1177511 SUSE bug 1177724 SUSE bug 1177725 SUSE bug 1177766 SUSE bug 1177816 SUSE bug 1178123 SUSE bug 1178330 SUSE bug 1178393 SUSE bug 1178669 SUSE bug 1178765 SUSE bug 1178782 SUSE bug 1178838 CVE-2020-0404 CVE-2020-0427 CVE-2020-0430 CVE-2020-0431 CVE-2020-0432 CVE-2020-12351 CVE-2020-12352 CVE-2020-14351 CVE-2020-14381 CVE-2020-14390 CVE-2020-16120 CVE-2020-25212 CVE-2020-25284 CVE-2020-25285 CVE-2020-25641 CVE-2020-25643 CVE-2020-25645 CVE-2020-25656 CVE-2020-25668 CVE-2020-25704 CVE-2020-25705 CVE-2020-26088 CVE-2020-27673 CVE-2020-27675 CVE-2020-8694 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.5.0 ESR (bsc#1178824) * CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code * CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls * CVE-2020-26953: Fullscreen could be enabled without displaying the security UI * CVE-2020-26956: XSS through paste (manual and clipboard API) * CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions * CVE-2020-26959: Use-after-free in WebRequestService * CVE-2020-26960: Potential use-after-free in uses of nsTArray * CVE-2020-15999: Heap buffer overflow in freetype * CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses * CVE-2020-26965: Software keyboards may have remembered typed passwords * CVE-2020-26966: Single-word search queries were also broadcast to local network * CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 Important SUSE bug 1178824 CVE-2020-15999 CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26966 CVE-2020-26968 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for LibVNCServer fixes the following issues: - CVE-2020-25708 [bsc#1178682], libvncserver/rfbserver.c has a divide by zero which could result in DoS Important SUSE bug 1178682 CVE-2020-25708 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xorg-x11-server fixes the following issues: - CVE-2020-25712: Fixed a heap-based buffer overflow which could have led to privilege escalation (bsc#1177596). - CVE-2020-14360: Fixed an out of bounds memory accesses on too short request which could lead to denial of service (bsc#1174908). Important SUSE bug 1174908 SUSE bug 1177596 CVE-2020-14360 CVE-2020-25712 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python-setuptools fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) Important SUSE bug 1176262 CVE-2019-20916 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python3 fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) Important SUSE bug 1176262 CVE-2019-20916 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for gdm fixes the following issues: - CVE-2020-16125: Fixed a privilege escalation (bsc#1178150). Important SUSE bug 1178150 CVE-2020-16125 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python-cryptography fixes the following issues: - CVE-2020-25659: Attempted to mitigate Bleichenbacher attacks on RSA decryption (bsc#1178168). Moderate SUSE bug 1178168 CVE-2020-25659 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for postgresql12 fixes the following issues: Upgrade to version 12.5: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. (obsoletes postgresql-timetz.patch) * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/12/release-12-5.html The previous postgresql12 update already addressed: Update to 12.4: * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers * CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure. * https://www.postgresql.org/docs/12/release-12-4.html Important SUSE bug 1175193 SUSE bug 1175194 SUSE bug 1178666 SUSE bug 1178667 SUSE bug 1178668 CVE-2020-14349 CVE-2020-14350 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for mutt fixes the following issues: - Find and display the content of messages properly. (bsc#1179461) - CVE-2020-28896: incomplete connection termination could send credentials over unencrypted connections. (bsc#1179035) - Avoid that message with a million tiny parts can freeze MUA for several minutes. (bsc#1179113) Important SUSE bug 1179035 SUSE bug 1179113 SUSE bug 1179461 CVE-2020-28896 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xen fixes the following issues: - bsc#1178963 - VUL-0: xen: stack corruption from XSA-346 change (XSA-355) Important SUSE bug 1177409 SUSE bug 1177412 SUSE bug 1177413 SUSE bug 1177414 SUSE bug 1178591 SUSE bug 1178963 CVE-2020-27670 CVE-2020-27671 CVE-2020-27672 CVE-2020-27674 CVE-2020-28368 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssl-1_0_0 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). Important SUSE bug 1179491 CVE-2020-1971 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). Important SUSE bug 1179491 CVE-2020-1971 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) Important SUSE bug 1176262 CVE-2019-20916 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssh fixes the following issues: - CVE-2020-14145: Fixed an observable discrepancy leading to an information leak in the algorithm negotiation (bsc#1173513). - Fixed an issue where AuthorizedKeysCommand produced a lot of output (bsc#1161684). - Fixed an issue where oracle cluster with cluvfy using 'scp' failing/missinterpreted (bsc#1148566). Moderate SUSE bug 1148566 SUSE bug 1161684 SUSE bug 1173513 CVE-2020-14145 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.6.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2020-55 (bsc#1180039) * CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused uninitialized memory to be exposed * CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL * CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect sanitization * CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free * CVE-2020-26978 (bmo#1677047) Internal network hosts could have been probed by a malicious webpage * CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did not catch view-source URLs * CVE-2020-35112 (bmo#1661365) Opening an extension-less download may have inadvertently launched an executable instead * CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 Critical SUSE bug 1180039 CVE-2020-16042 CVE-2020-26971 CVE-2020-26973 CVE-2020-26974 CVE-2020-26978 CVE-2020-35111 CVE-2020-35112 CVE-2020-35113 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xen fixes the following issues: - CVE-2020-29480: Fixed an issue which could have allowed leak of non-sensitive data to administrator guests (bsc#117949 XSA-115). - CVE-2020-29481: Fixed an issue which could have allowd to new domains to inherit existing node permissions (bsc#1179498 XSA-322). - CVE-2020-29483: Fixed an issue where guests could disturb domain cleanup (bsc#1179502 XSA-325). - CVE-2020-29484: Fixed an issue where guests could crash xenstored via watchs (bsc#1179501 XSA-324). - CVE-2020-29566: Fixed an undue recursion in x86 HVM context switch code (bsc#1179506 XSA-348). - CVE-2020-29570: Fixed an issue where FIFO event channels control block related ordering (bsc#1179514 XSA-358). - CVE-2020-29571: Fixed an issue where FIFO event channels control structure ordering (bsc#1179516 XSA-359). - CVE-2020-29130: Fixed an out-of-bounds access while processing ARP packets (bsc#1179477). - Fixed an issue where dump-core shows missing nr_pages during core (bsc#1176782). - Multiple other bugs (bsc#1027519) Moderate SUSE bug 1027519 SUSE bug 1176782 SUSE bug 1179477 SUSE bug 1179496 SUSE bug 1179498 SUSE bug 1179501 SUSE bug 1179502 SUSE bug 1179506 SUSE bug 1179514 SUSE bug 1179516 CVE-2020-29130 CVE-2020-29480 CVE-2020-29481 CVE-2020-29483 CVE-2020-29484 CVE-2020-29566 CVE-2020-29570 CVE-2020-29571 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for clamav fixes the following issues: clamav was updated to 0.103.0 to implement jsc#ECO-3010 and bsc#1118459. * clamd can now reload the signature database without blocking scanning. This multi-threaded database reload improvement was made possible thanks to a community effort. - Non-blocking database reloads are now the default behavior. Some systems that are more constrained on RAM may need to disable non-blocking reloads as it will temporarily consume two times as much memory. We added a new clamd config option ConcurrentDatabaseReload, which may be set to no. * Fix clamav-milter.service (requires clamd.service to run) * bsc#1119353, clamav-fips.patch: Fix freshclam crash in FIPS mode. * Partial sync with SLE15. Update to version 0.102.4 Accumulated security fixes: * CVE-2020-3350: Fix a vulnerability wherein a malicious user could replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (eg. a critical system file). The issue would affect users that use the --move or --remove options for clamscan, clamdscan, and clamonacc. (bsc#1174255) * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.3 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking results in an out-of-bounds read which could cause a crash. The previous fix for this CVE in 0.102.3 was incomplete. This fix correctly resolves the issue. * CVE-2020-3481: Fix a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 could cause a Denial-of-Service (DoS) condition. Improper error handling may result in a crash due to a NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive parser in versions affected by the vulnerability. (bsc#1174250) * CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read which may cause a crash. (bsc#1171981) * CVE-2020-3123: A denial-of-service (DoS) condition may occur when using the optional credit card data-loss-prevention (DLP) feature. Improper bounds checking of an unsigned variable resulted in an out-of-bounds read, which causes a crash. * CVE-2019-15961: A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation. (bsc#1157763). * CVE-2019-12900: An out of bounds write in the NSIS bzip2 (bsc#1149458) * CVE-2019-12625: Introduce a configurable time limit to mitigate zip bomb vulnerability completely. Default is 2 minutes, configurable useing the clamscan --max-scantime and for clamd using the MaxScanTime config option (bsc#1144504) Update to version 0.101.3: * ZIP bomb causes extreme CPU spikes (bsc#1144504) Update to version 0.101.2 (bsc#1118459): * Support for RAR v5 archive extraction. * Incompatible changes to the arguments of cl_scandesc, cl_scandesc_callback, and cl_scanmap_callback. * Scanning options have been converted from a single flag bit-field into a structure of multiple categorized flag bit-fields. * The CL_SCAN_HEURISTIC_ENCRYPTED scan option was replaced by 2 new scan options: CL_SCAN_HEURISTIC_ENCRYPTED_ARCHIVE, and CL_SCAN_HEURISTIC_ENCRYPTED_DOC * Incompatible clamd.conf and command line interface changes. * Heuristic Alerts' (aka 'Algorithmic Detection') options have been changed to make the names more consistent. The original options are deprecated in 0.101, and will be removed in a future feature release. * For details, see https://blog.clamav.net/2018/12/clamav-01010-has-been-released.html Important SUSE bug 1118459 SUSE bug 1119353 SUSE bug 1144504 SUSE bug 1149458 SUSE bug 1157763 SUSE bug 1171981 SUSE bug 1174250 SUSE bug 1174255 CVE-2019-12900 CVE-2019-15961 CVE-2020-3123 CVE-2020-3327 CVE-2020-3341 CVE-2020-3350 CVE-2020-3481 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for cyrus-sasl fixes the following issues: - CVE-2019-19906: Fixed an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet (bsc#1159635). Important SUSE bug 1159635 CVE-2019-19906 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for compat-openssl098 fixes the following issues: - Add missing commits for fixes of the 'The 9 Lives of Bleichenbacher's CAT' attack (bsc#1117951) - Fixed missing BN_copy() (bsc#1160163) Moderate SUSE bug 1117951 SUSE bug 1160163 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libzypp fixes the following issues: Security issue fixed: - CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763). Moderate SUSE bug 1158763 CVE-2019-18900 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for fwupdate fixes the following issues: - Add SBAT section to EFI images (bsc#1182057) Important SUSE bug 1182057 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for spamassassin fixes the following issues: - spamassassin was updated to version 3.4.5 - CVE-2019-12420: memory leak via crafted messages (bsc#1159133) - CVE-2020-1946: security update (bsc#1184221) Important SUSE bug 1159133 SUSE bug 1184221 CVE-2019-12420 CVE-2020-1946 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for glibc fixes the following issues: - CVE-2020-27618: Accept redundant shift sequences in IBM1364 (bsc#1178386) - CVE-2020-29562: Fix incorrect UCS4 inner loop bounds (bsc#1179694) - CVE-2020-29573: Harden printf against non-normal long double values (bsc#1179721) - Check vector support in memmove ifunc-selector (bsc#1184034) Important SUSE bug 1178386 SUSE bug 1179694 SUSE bug 1179721 SUSE bug 1184034 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xorg-x11-server fixes the following issues: - CVE-2021-3472: XChangeFeedbackControl Integer Underflow Privilege Escalation (bsc#1180128) Important SUSE bug 1180128 CVE-2021-3472 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for clamav fixes the following issues: - CVE-2021-1252: Fix for Excel XLM parser infinite loop. (bsc#1184532) - CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash. (bsc#1184533) - CVE-2021-1405: Fix for mail parser NULL-dereference crash. (bsc#1184534) - Fix errors when scanning files > 4G (bsc#1181256) - Update clamav.keyring - Update to 0.103.2 Important SUSE bug 1181256 SUSE bug 1184532 SUSE bug 1184533 SUSE bug 1184534 CVE-2021-1252 CVE-2021-1404 CVE-2021-1405 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for qemu fixes the following issues: - Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385) - Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362, bsc#1172383) - Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934) - Fix use-after-free in usb ehci packet handling (CVE-2020-25084, bsc#1176673) - Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682) - Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684) - Fix guest triggerable assert in shared network handling code (CVE-2020-27617, bsc#1178174) - Fix infinite loop (DoS) in e1000e device emulation (CVE-2020-28916, bsc#1179468) - Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108) - Fix null pointer deref. (DoS) in mmio ops (CVE-2020-15469, bsc#1173612) - Fix infinite loop (DoS) in e1000 device emulation (CVE-2021-20257, bsc#1182577) - Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968) - Fix OOB access (stack overflow) in other NIC emulations (CVE-2021-3416) - Fix OOB access in SLIRP ARP/NCSI packet processing (CVE-2020-29129, bsc#1179466, CVE-2020-29130, bsc#1179467) - Fix null pointer dereference possibility (DoS) in MegaRAID SAS 8708EM2 emulation (CVE-2020-13659, bsc#1172386) - Fix OOB access in iscsi (CVE-2020-11947, bsc#1180523) - Fix OOB access in vmxnet3 emulation (CVE-2021-20203, bsc#1181639) - Fix buffer overflow in the XGMAC device (CVE-2020-15863, bsc#1174386) - Fix DoS in packet processing of various emulated NICs (CVE-2020-16092, bsc#1174641) - Fix OOB access while processing USB packets (CVE-2020-14364, bsc#1175441) - Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425) - Fix potential privilege escalation in virtfs (CVE-2021-20181, bsc#1182137) - Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361, bsc#1172384) - Fix OOB access in ROM loading (CVE-2020-13765, bsc#1172478) - Fix qemu-testsuite failure - Fix vm migration is failing with input/output error when nfs server is disconnected (bsc#1119115) - Fix OOB access in ARM interrupt handling (CVE-2021-20221, bsc#1181933) - Fix slowness in arm32 emulation (bsc#1112499) - Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385) - Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362, bsc#1172383) - Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934) - Fix use-after-free in usb ehci packet handling (CVE-2020-25084, bsc#1176673) - Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682) - Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684) - Fix guest triggerable assert in shared network handling code (CVE-2020-27617, bsc#1178174) - Fix infinite loop (DoS) in e1000e device emulation (CVE-2020-28916, bsc#1179468) - Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108) - Fix null pointer deref. (DoS) in mmio ops (CVE-2020-15469, bsc#1173612) - Fix infinite loop (DoS) in e1000 device emulation (CVE-2021-20257, bsc#1182577) - Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968) - Fix OOB access (stack overflow) in other NIC emulations (CVE-2021-3416) - Fix OOB access in SLIRP ARP/NCSI packet processing (CVE-2020-29129, bsc#1179466, CVE-2020-29130, bsc#1179467) - Fix null pointer dereference possibility (DoS) in MegaRAID SAS 8708EM2 emulation (CVE-2020-13659, bsc#1172386) - Fix OOB access in iscsi (CVE-2020-11947, bsc#1180523) - Fix OOB access in vmxnet3 emulation (CVE-2021-20203, bsc#1181639) - Fix buffer overflow in the XGMAC device (CVE-2020-15863, bsc#1174386) - Fix DoS in packet processing of various emulated NICs (CVE-2020-16092, bsc#1174641) - Fix OOB access while processing USB packets (CVE-2020-14364, bsc#1175441) - Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425) - Fix potential privilege escalation in virtfs (CVE-2021-20181, bsc#1182137) - Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361, bsc#1172384) - Fix OOB access in ROM loading (CVE-2020-13765, bsc#1172478) - Fix qemu-testsuite failure - Fix vm migration is failing with input/output error when nfs server is disconnected (bsc#1119115) - Fix OOB access in ARM interrupt handling (CVE-2021-20221, bsc#1181933) - Fix slowness in arm32 emulation (bsc#1112499) Important SUSE bug 1112499 SUSE bug 1119115 SUSE bug 1172383 SUSE bug 1172384 SUSE bug 1172385 SUSE bug 1172386 SUSE bug 1172478 SUSE bug 1173612 SUSE bug 1174386 SUSE bug 1174641 SUSE bug 1175441 SUSE bug 1176673 SUSE bug 1176682 SUSE bug 1176684 SUSE bug 1178174 SUSE bug 1178934 SUSE bug 1179466 SUSE bug 1179467 SUSE bug 1179468 SUSE bug 1180523 SUSE bug 1181108 SUSE bug 1181639 SUSE bug 1181933 SUSE bug 1182137 SUSE bug 1182425 SUSE bug 1182577 SUSE bug 1182968 CVE-2020-11947 CVE-2020-12829 CVE-2020-13361 CVE-2020-13362 CVE-2020-13659 CVE-2020-13765 CVE-2020-14364 CVE-2020-15469 CVE-2020-15863 CVE-2020-16092 CVE-2020-25084 CVE-2020-25624 CVE-2020-25625 CVE-2020-25723 CVE-2020-27617 CVE-2020-28916 CVE-2020-29129 CVE-2020-29130 CVE-2020-29443 CVE-2021-20181 CVE-2021-20203 CVE-2021-20221 CVE-2021-20257 CVE-2021-3416 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xen fixes the following issues: - CVE-2021-27379: Fixed an issue where entries in the IOMMU were not being updated under certain circumstances due to improper backport of XSA-321 (XSA-366, bsc#1182431) - CVE-2021-20257: Fixed an infinite loop in the e1000 NIC emulator (bsc#1182846) Important SUSE bug 1178591 SUSE bug 1182431 SUSE bug 1182846 CVE-2021-20257 CVE-2021-27379 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for sudo fixes the following issues: - L3: Tenable Scan reports sudo is vulnerable to CVE-2021-3156 (bsc#1183936) Important SUSE bug 1183936 CVE-2021-3156 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.10.0 ESR (bsc#1184960) * CVE-2021-23994: Out of bound write due to lazy initialization * CVE-2021-23995: Use-after-free in Responsive Design Mode * CVE-2021-23998: Secure Lock icon could have been spoofed * CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage * CVE-2021-23999: Blob URLs may have been granted additional privileges * CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL * CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads * CVE-2021-29946: Port blocking could be bypassed Important SUSE bug 1184960 CVE-2021-23961 CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401, bsc#1183835). Important SUSE bug 1183835 SUSE bug 1184401 CVE-2021-20305 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for gdm fixes the following issues: - Avoid the signal SIGTRAP when gdm exits (bsc#1184456). Important SUSE bug 1184456 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openldap2 fixes the following issues: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Moderate SUSE bug 1178909 CVE-2020-25709 CVE-2020-25710 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for permissions fixes the following issues: - Update to version 20170707: * make btmp root:utmp (bsc#1050467, bsc#1182899) Important SUSE bug 1050467 SUSE bug 1182899 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_7_0-openjdk fixes the following issues: - Update to 2.6.25 - OpenJDK 7u291 (January 2021 CPU, bsc#1181239) * Security fixes + JDK-8247619: Improve Direct Buffering of Characters * Import of OpenJDK 7 u291 build 1 + JDK-8254177: (tz) Upgrade time-zone data to tzdata2020b + JDK-8254982: (tz) Upgrade time-zone data to tzdata2020c + JDK-8255226: (tz) Upgrade time-zone data to tzdata2020d Moderate SUSE bug 1181239 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for cups fixes the following issues: - CVE-2021-25317: ownership of /var/log/cups could allow privilege escalation from lp user to root via symlink attacks (bsc#1184161) Important SUSE bug 1184161 CVE-2021-25317 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for bind fixes the following issues: - CVE-2021-25214: Fixed a broken inbound incremental zone update (IXFR) which could have caused named to terminate unexpectedly (bsc#1185345). - CVE-2021-25215: Fixed an assertion check which could have failed while answering queries for DNAME records that required the DNAME to be processed to resolve itself (bsc#1185345). - MD5 warning message using host, dig, nslookup (bind-utils) on SLES 12 SP5 with FIPS enabled (bsc#1181495). Important SUSE bug 1181495 SUSE bug 1185345 CVE-2021-25214 CVE-2021-25215 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for samba fixes the following issues: - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677). - Avoid free'ing our own pointer in memcache when memcache_trim attempts to reduce cache size (bsc#1179156). - Adjust smbcacls '--propagate-inheritance' feature to align with upstream (bsc#1178469). Important SUSE bug 1178469 SUSE bug 1179156 SUSE bug 1184677 CVE-2021-20254 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for avahi fixes the following issues: - CVE-2021-3468: avoid infinite loop by handling HUP event in client_work (bsc#1184521). Important SUSE bug 1184521 CVE-2021-3468 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bnc#1184509). - CVE-2021-29650: Fixed an issue inside the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208). - CVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations (bnc#1184942). - CVE-2020-36310: Fixed an issue in arch/x86/kvm/svm/svm.c that allowed a set_memory_region_test infinite loop for certain nested page faults (bnc#1184512). - CVE-2020-27673: Fixed an issue in Xen where a guest OS users could have caused a denial of service (host OS hang) via a high rate of events to dom0 (bnc#1177411, bnc#1184583). - CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bnc#1184391). - CVE-2020-25673: Fixed NFC endless loops caused by repeated llcp_sock_connect() (bsc#1178181). - CVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect() (bsc#1178181). - CVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect() (bsc#1178181). - CVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind() (bsc#1178181). - CVE-2020-36311: Fixed an issue in arch/x86/kvm/svm/sev.c that allowed attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions) (bnc#1184511). - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a 'stall on CPU' could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211). - CVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211). - CVE-2021-30002: Fixed a memory leak issue when a webcam device exists (bnc#1184120). - CVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl() (bsc#1184393). - CVE-2021-20219: Fixed a denial of service vulnerability in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could have delayed the loop and cause a threat to the system availability (bnc#1184397). - CVE-2021-28964: Fixed a race condition in fs/btrfs/ctree.c that could have caused a denial of service because of a lack of locking on an extent buffer before a cloning operation (bnc#1184193). - CVE-2021-3444: Fixed the bpf verifier as it did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution (bnc#1184170). - CVE-2021-28971: Fixed a potential local denial of service in intel_pmu_drain_pebs_nhm where userspace applications can cause a system crash because the PEBS status in a PEBS record is mishandled (bnc#1184196). - CVE-2021-28688: Fixed XSA-365 that includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains (bnc#1183646). - CVE-2021-29265: Fixed an issue in usbip_sockfd_store in drivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status (bnc#1184167). - CVE-2021-29264: Fixed an issue in drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver that allowed attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled (bnc#1184168). - CVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c where the RPA PCI Hotplug driver had a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination (bnc#1184198). - CVE-2021-29647: Fixed an issue in kernel qrtr_recvmsg in net/qrtr/qrtr.c that allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bnc#1184192). - CVE-2020-27171: Fixed an issue in kernel/bpf/verifier.c that had an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bnc#1183686, bnc#1183775). - CVE-2020-27170: Fixed an issue in kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. This affects pointer types that do not define a ptr_limit (bnc#1183686 bnc#1183775). - CVE-2021-28660: Fixed rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing beyond the end of the ssid array (bnc#1183593). - CVE-2020-35519: Update patch reference for x25 fix (bsc#1183696). - CVE-2021-3428: Fixed ext4 integer overflow in ext4_es_cache_extent (bsc#1173485, bsc#1183509). - CVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where a possible use after free due to improper locking could have happened. This could have led to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176720). - CVE-2021-28038: Fixed an issue with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931 (bnc#1183022, bnc#1183069). - CVE-2020-27815: Fixed jfs array index bounds check in dbAdjTree (bsc#1179454). - CVE-2021-27365: Fixed an issue inside the iSCSI data structures that does not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bnc#1182715). - CVE-2021-27363: Fixed an issue with a kernel pointer leak that could have been used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables (bnc#1182716). - CVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c where an unprivileged user can craft Netlink messages (bnc#1182717). The following non-security bugs were fixed: - Revert 'rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514)' This turned out to be a bad idea: the kernel-$flavor-devel package must be usable without kernel-$flavor, e.g. at the build of a KMP. And this change brought superfluous installation of kernel-preempt when a system had kernel-syms (bsc#1185113). - Xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367). - bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775). - bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775). - coredump: fix crash when umh is disabled (bsc#1177753, bsc#1182194). - dm: fix redundant IO accounting for bios that need splitting (bsc#1183738). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - handle also the opposite type of race condition - hv: clear ring_buffer pointer during cleanup (part of ae6935ed) (bsc#1181032). - hv_netvsc: remove ndo_poll_controller (bsc#1185248). - ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922). - ibmvnic: Clear failover_pending if unable to schedule (bsc#1181960 ltc#190997). - ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140). - ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: continue fatal error reset after passive init (bsc#1171078 ltc#184239 git-fixes). - ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098 git-fixes). - ibmvnic: enhance resetting status check during module exit (bsc#1065729). - ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues (bsc#1040855 ltc#155067 git-fixes). - ibmvnic: fix a race between open and reset (bsc#1176855 ltc#187293). - ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432 git-fixes). - macros.kernel-source: Use spec_install_pre for certificate installation (boo#1182672). - post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388). - powerpc/vnic: Extend 'failover pending' window (bsc#1176855 ltc#187293). - rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063). - rpm/kernel-subpackage-build: Workaround broken bot (https://github.com/openSUSE/openSUSE-release-tools/issues/2439) - rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244) - rpm/mkspec: Use tilde instead of dot for version string with rc (bsc#1184650) - xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367). Important SUSE bug 1040855 SUSE bug 1044767 SUSE bug 1047233 SUSE bug 1065729 SUSE bug 1094840 SUSE bug 1152457 SUSE bug 1171078 SUSE bug 1173485 SUSE bug 1175873 SUSE bug 1176700 SUSE bug 1176720 SUSE bug 1176855 SUSE bug 1177411 SUSE bug 1177753 SUSE bug 1178181 SUSE bug 1179454 SUSE bug 1181032 SUSE bug 1181960 SUSE bug 1182194 SUSE bug 1182672 SUSE bug 1182715 SUSE bug 1182716 SUSE bug 1182717 SUSE bug 1183022 SUSE bug 1183063 SUSE bug 1183069 SUSE bug 1183509 SUSE bug 1183593 SUSE bug 1183646 SUSE bug 1183686 SUSE bug 1183696 SUSE bug 1183738 SUSE bug 1183775 SUSE bug 1184120 SUSE bug 1184167 SUSE bug 1184168 SUSE bug 1184170 SUSE bug 1184192 SUSE bug 1184193 SUSE bug 1184194 SUSE bug 1184196 SUSE bug 1184198 SUSE bug 1184208 SUSE bug 1184211 SUSE bug 1184388 SUSE bug 1184391 SUSE bug 1184393 SUSE bug 1184397 SUSE bug 1184509 SUSE bug 1184511 SUSE bug 1184512 SUSE bug 1184514 SUSE bug 1184583 SUSE bug 1184650 SUSE bug 1184942 SUSE bug 1185113 SUSE bug 1185244 SUSE bug 1185248 CVE-2020-0433 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-27170 CVE-2020-27171 CVE-2020-27673 CVE-2020-27815 CVE-2020-35519 CVE-2020-36310 CVE-2020-36311 CVE-2020-36312 CVE-2020-36322 CVE-2021-20219 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28660 CVE-2021-28688 CVE-2021-28950 CVE-2021-28964 CVE-2021-28971 CVE-2021-28972 CVE-2021-29154 CVE-2021-29155 CVE-2021-29264 CVE-2021-29265 CVE-2021-29647 CVE-2021-29650 CVE-2021-30002 CVE-2021-3428 CVE-2021-3444 CVE-2021-3483 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python3 fixes the following issues: Security issues fixed: - CVE-2020-27619: where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP. (bsc#1178009) Other fixes: - Make sure to close the 'import_failed.map' file after the exception has been raised in order to avoid ResourceWarnings when the failing import is part of a try...except block Important CVE-2020-27619 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for djvulibre fixes the following issues: Security issues fixed: - CVE-2021-32491 [bsc#1185900]: Integer overflow in function render() in tools/ddjvu via crafted djvu file - CVE-2021-32492 [bsc#1185904]: Out of bounds read in function DJVU:DataPool:has_data() via crafted djvu file - CVE-2021-32493 [bsc#1185905]: Heap buffer overflow in function DJVU:GBitmap:decode() via crafted djvu file Important SUSE bug 1185900 SUSE bug 1185904 SUSE bug 1185905 CVE-2019-18804 CVE-2021-32491 CVE-2021-32492 CVE-2021-32493 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for graphviz fixes the following issues: - CVE-2020-18032: Fixed possible remote code execution via buffer overflow (bsc#1185833). Critical SUSE bug 1185833 CVE-2020-18032 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xen fixes the following issues: Security issue fixed: - CVE-2021-28689: Fixed some x86 speculative vulnerabilities with bare (non-shim) 32-bit PV guests (XSA-370) (bsc#1185104) - Make sure xencommons is in a format as expected by fillup. (bsc#1185682) Each comment needs to be followed by an enabled key. Otherwise fillup will remove manually enabled key=value pairs, along with everything that looks like a stale comment, during next pkg update - A recent systemd update caused a regression in xenstored.service systemd now fails to track units that use systemd-notify (bsc#1183790) - Added a delay between the call to systemd-notify and the final exit of the wrapper script (bsc#1185021, bsc#1185196) Important SUSE bug 1183790 SUSE bug 1185021 SUSE bug 1185104 SUSE bug 1185196 SUSE bug 1185682 CVE-2021-28689 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libxml2 fixes the following issues: Security issues fixed: CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). Important SUSE bug 1185408 SUSE bug 1185409 SUSE bug 1185410 SUSE bug 1185698 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3537 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for dnsmasq fixes the following issues: - bsc#1177077: Fixed DNSpooq vulnerabilities - CVE-2020-25684, CVE-2020-25685, CVE-2020-25686: Fixed multiple Cache Poisoning attacks. - CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687: Fixed multiple potential Heap-based overflows when DNSSEC is enabled. - Retry query to other servers on receipt of SERVFAIL rcode (bsc#1176076) Important SUSE bug 1176076 SUSE bug 1177077 CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for flac fixes the following issues: - CVE-2020-0499: Fixed an out-of-bounds access (bsc#1180099). Moderate SUSE bug 1180099 CVE-2020-0499 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for curl fixes the following issues: - CVE-2021-22898: TELNET stack contents disclosure (bsc#1186114) - CVE-2021-22876: The automatic referer leaks credentials (bsc#1183933) - CVE-2020-8286: Inferior OCSP verification (bsc#1179593) - CVE-2020-8285: FTP wildcard stack overflow (bsc#1179399) - CVE-2020-8284: Trusting FTP PASV responses (bsc#1179398) - CVE-2020-8231: libcurl will pick and use the wrong connection with multiple requests with libcurl's multi API and the 'CURLOPT_CONNECT_ONLY' option (bsc#1175109) - Fix: SFTP uploads result in empty uploaded files (bsc#1177976) Moderate SUSE bug 1175109 SUSE bug 1177976 SUSE bug 1179398 SUSE bug 1179399 SUSE bug 1179593 SUSE bug 1183933 SUSE bug 1186114 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2021-22876 CVE-2021-22898 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for dovecot22 fixes the following issues: - CVE-2020-24386: Fixed an issue with IMAP hibernation that allowed users to access other users' emails (bsc#1180405). Important SUSE bug 1180405 CVE-2020-24386 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for djvulibre fixes the following issues: - CVE-2021-3500: Stack overflow in function DJVU:DjVuDocument:get_djvu_file() via crafted djvu file (bsc#1186253) Important SUSE bug 1186253 CVE-2021-3500 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for dhcp fixes the following issues: - CVE-2021-25217: A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient (bsc#1186382) Important SUSE bug 1186382 CVE-2021-25217 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libwebp fixes the following issues: - CVE-2018-25010: Fixed heap-based buffer overflow in ApplyFilter() (bsc#1185685). - CVE-2020-36330: Fixed heap-based buffer overflow in ChunkVerifyAndAssign() (bsc#1185691). - CVE-2020-36332: Fixed extreme memory allocation when reading a file (bsc#1185674). - CVE-2020-36329: Fixed use-after-free in EmitFancyRGB() (bsc#1185652). - CVE-2018-25012: Fixed heap-based buffer overflow in GetLE24() (bsc#1185690). - CVE-2018-25013: Fixed heap-based buffer overflow in ShiftBytes() (bsc#1185654). - CVE-2020-36331: Fixed heap-based buffer overflow in ChunkAssignData() (bsc#1185686). - CVE-2018-25009: Fixed heap-based buffer overflow in GetLE16() (bsc#1185673). - CVE-2018-25011: Fixed fail on multiple image chunks (bsc#1186247). Critical SUSE bug 1185652 SUSE bug 1185654 SUSE bug 1185673 SUSE bug 1185674 SUSE bug 1185685 SUSE bug 1185686 SUSE bug 1185690 SUSE bug 1185691 SUSE bug 1186247 CVE-2018-25009 CVE-2018-25010 CVE-2018-25011 CVE-2018-25012 CVE-2018-25013 CVE-2020-36329 CVE-2020-36330 CVE-2020-36331 CVE-2020-36332 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for polkit fixes the following issues: - CVE-2021-3560: Fixed a local privilege escalation using polkit_system_bus_name_get_creds_sync() (bsc#1186497). Important SUSE bug 1186497 CVE-2021-3560 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for gstreamer-plugins-bad fixes the following issues: - CVE-2021-3185: Fixed buffer overflow in gst_h264_slice_parse_dec_ref_pic_marking (bsc#1181255). Important SUSE bug 1181255 CVE-2021-3185 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.11.0 ESR (bsc#1186696) * CVE-2021-29964: Out of bounds-read when parsing a `WM_COPYDATA` message * CVE-2021-29967: Memory safety bugs fixed in Firefox Important SUSE bug 1185633 SUSE bug 1186696 CVE-2021-29951 CVE-2021-29964 CVE-2021-29967 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bounds reads and writes in kernel memory (bsc#1186484). - CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values. (bsc#1186111) - CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. (bnc#1186062) - CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local attackers to elevate their privileges. (bnc#1186060) - CVE-2021-23133: Fixed a race condition in SCTP sockets, which could lead to privilege escalation from the context of a network service or an unprivileged process. (bnc#1184675) - CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This vulnerability is related to the PROVIDE_BUFFERS operation, which allowed the MAX_RW_COUNT limit to be bypassed (bsc#1185642). - CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611). - CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances this can be abused to inject arbitrary network packets and/or exfiltrate user data (bnc#1185859). - CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed (bnc#1185859 bnc#1185862). - CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments, even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used (bnc#1185859). - CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (bnc#1185860) - CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H, where the Message Integrity Check (authenticity) of fragmented TKIP frames was not verified. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. (bnc#1185987) The following non-security bugs were fixed: - Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185724). - Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185724). - af_packet: fix the tx skb protocol in raw sockets with ETH_P_ALL (bsc#1176081). - ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938 ltc#192043). - ibmvfc: Handle move login failure (bsc#1185938 ltc#192043). - ibmvfc: Reinit target retries (bsc#1185938 ltc#192043). - kABI: Fix kABI after modifying struct __call_single_data (bsc#1180846). - kabi: preserve struct header_ops after bsc#1176081 fix (bsc#1176081). - kernel/smp: Provide CSD lock timeout diagnostics (bsc#1180846). - kernel/smp: add boot parameter for controlling CSD lock debugging (bsc#1180846). - kernel/smp: add more data to CSD lock debugging (bsc#1180846). - kernel/smp: make csdlock timeout depend on boot parameter (bsc#1180846). - kernel/smp: prepare more CSD lock debugging (bsc#1180846). - md/raid1: properly indicate failure when ending a failed write request (bsc#1185680). - net/ethernet: Add parse_protocol header_ops support (bsc#1176081). - net/mlx5e: Remove the wrong assumption about transport offset (bsc#1176081). - net/mlx5e: Trust kernel regarding transport offset (bsc#1176081). - net/packet: Ask driver for protocol if not provided by user (bsc#1176081). - net/packet: Remove redundant skb->protocol set (bsc#1176081). - net: Do not set transport offset to invalid value (bsc#1176081). - net: Introduce parse_protocol header_ops callback (bsc#1176081). - netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947 bsc#1185950). - netfilter: conntrack: avoid misleading 'invalid' in log message (bsc#1183947 bsc#1185950). - netfilter: conntrack: improve RST handling when tuple is re-used (bsc#1183947 bsc#1185950). - netfilter: conntrack: tcp: only close if RST matches exact sequence (bsc#1183947 bsc#1185950). - s390/entry: save the caller of psw_idle (bsc#1185677). - smp: Add source and destination CPUs to __call_single_data (bsc#1180846). - video: hyperv_fb: Add ratelimit on error message (bsc#1185724). Important SUSE bug 1176081 SUSE bug 1180846 SUSE bug 1183947 SUSE bug 1184611 SUSE bug 1184675 SUSE bug 1185642 SUSE bug 1185677 SUSE bug 1185680 SUSE bug 1185724 SUSE bug 1185859 SUSE bug 1185860 SUSE bug 1185862 SUSE bug 1185863 SUSE bug 1185898 SUSE bug 1185899 SUSE bug 1185901 SUSE bug 1185938 SUSE bug 1185950 SUSE bug 1185987 SUSE bug 1186060 SUSE bug 1186061 SUSE bug 1186062 SUSE bug 1186111 SUSE bug 1186285 SUSE bug 1186390 SUSE bug 1186484 SUSE bug 1186498 CVE-2020-24586 CVE-2020-24587 CVE-2020-26139 CVE-2020-26141 CVE-2020-26145 CVE-2020-26147 CVE-2021-23133 CVE-2021-23134 CVE-2021-32399 CVE-2021-33034 CVE-2021-33200 CVE-2021-3491 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libX11 fixes the following issues: - Regression in the fix for CVE-2021-31535, causing segfaults for xforms applications like fdesign (bsc#1186643) Important SUSE bug 1186643 CVE-2021-31535 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 4 Fix Pack 75 [bsc#1180063, bsc#1177943] CVE-2020-14792 CVE-2020-14797 CVE-2020-14782 CVE-2020-14781 CVE-2020-14779 CVE-2020-14798 CVE-2020-14796 CVE-2020-14803 * Class Libraries: - Z/OS specific C function send_file is changing the file pointer position * Security: - Add the new oracle signer certificate - Certificate parsing error - JVM memory growth can be caused by the IBMPKCS11IMPL crypto provider - Remove check for websphere signed jars - sessionid.hashcode generates too many collisions - The Java 8 IBM certpath provider does not honor the user specified system property for CLR connect timeout Moderate SUSE bug 1177943 SUSE bug 1180063 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for apache2-mod_auth_openidc fixes the following issues: - CVE-2021-20718: Fixed possible remote denial-of-service (DoS) via unspecified vectors (bsc#1186291). Important SUSE bug 1186291 CVE-2021-20718 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for spice fixes the following issues: - CVE-2021-20201: client initiated renegotiation causing denial of service (bsc#1181686) Important SUSE bug 1181686 CVE-2021-20201 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20210608 release. - CVE-2020-24513: A domain bypass transient execution vulnerability was discovered on some Intel Atom processors that use a micro-architectural incident channel. (INTEL-SA-00465 bsc#1179833) See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html - CVE-2020-24511: The IBRS feature to mitigate Spectre variant 2 transient execution side channel vulnerabilities may not fully prevent non-root (guest) branches from controlling the branch predictions of the root (host) (INTEL-SA-00464 bsc#1179836) See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html) - CVE-2020-24512: Fixed trivial data value cache-lines such as all-zero value cache-lines may lead to changes in cache-allocation or write-back behavior for such cache-lines (bsc#1179837 INTEL-SA-00464) See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html) - CVE-2020-24489: Fixed Intel VT-d device pass through potential local privilege escalation (INTEL-SA-00442 bsc#1179839) See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html Other fixes: - Update for functional issues. Refer to [Third Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780)for details. - Update for functional issues. Refer to [Second Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details. - Update for functional issues. Refer to [Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details. - Update for functional issues. Refer to [Intel Xeon Processor D-1500, D-1500 NS and D-1600 NS Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-d-1500-specification-update.html) for details. - Update for functional issues. Refer to [Intel Xeon E7-8800 and E7-4800 v3 Processor Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e7-v3-spec-update.html) for details. - Update for functional issues. Refer to [Intel Xeon Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details. - Update for functional issues. Refer to [10th Gen Intel Core Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details. - Update for functional issues. Refer to [8th and 9th Gen Intel Core Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details. - Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details. - Update for functional issues. Refer to [6th Gen Intel Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details. - Update for functional issues. Refer to [Intel Xeon E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details. - Update for functional issues. Refer to [Intel Xeon E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details. - New platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | CLX-SP | A0 | 06-55-05/b7 | | 03000010 | Xeon Scalable Gen2 | ICX-SP | C0 | 06-6a-05/87 | | 0c0002f0 | Xeon Scalable Gen3 | ICX-SP | D0 | 06-6a-06/87 | | 0d0002a0 | Xeon Scalable Gen3 | SNR | B0 | 06-86-04/01 | | 0b00000f | Atom P59xxB | SNR | B1 | 06-86-05/01 | | 0b00000f | Atom P59xxB | TGL | B1 | 06-8c-01/80 | | 00000088 | Core Gen11 Mobile | TGL-R | C0 | 06-8c-02/c2 | | 00000016 | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | | 0000002c | Core Gen11 Mobile | EHL | B1 | 06-96-01/01 | | 00000011 | Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E | JSL | A0/A1 | 06-9c-00/01 | | 0000001d | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105 | RKL-S | B0 | 06-a7-01/02 | | 00000040 | Core Gen11 - Updated platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000044 | 00000046 | Core Gen4 X series; Xeon E5 v3 | HSX-EX | E0 | 06-3f-04/80 | 00000016 | 00000019 | Xeon E7 v3 | SKL-U/Y | D0 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile | SKL-U23e | K1 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile | BDX-ML | B0/M0/R0 | 06-4f-01/ef | 0b000038 | 0b00003e | Xeon E5/E7 v4; Core i7-69xx/68xx | SKX-SP | B1 | 06-55-03/97 | 01000159 | 0100015b | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04003006 | 04003102 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003006 | 05003102 | Xeon Scalable Gen2 | CPX-SP | A1 | 06-55-0b/bf | 0700001e | 07002302 | Xeon Scalable Gen3 | BDX-DE | V2/V3 | 06-56-03/10 | 07000019 | 0700001b | Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 | BDX-DE | Y0 | 06-56-04/10 | 0f000017 | 0f000019 | Xeon D-1557/59/67/71/77/81/87 | BDX-NS | A0 | 06-56-05/10 | 0e00000f | 0e000012 | Xeon D-1513N/23/33/43/53 | APL | D0 | 06-5c-09/03 | 00000040 | 00000044 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | APL | E0 | 06-5c-0a/03 | 0000001e | 00000020 | Atom x5-E39xx | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000e2 | 000000ea | Core Gen6; Xeon E3 v5 | DNV | B0 | 06-5f-01/01 | 0000002e | 00000034 | Atom C Series | GLK | B0 | 06-7a-01/01 | 00000034 | 00000036 | Pentium Silver N/J5xxx, Celeron N/J4xxx | GKL-R | R0 | 06-7a-08/01 | 00000018 | 0000001a | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 000000a0 | 000000a6 | Core Gen10 Mobile | LKF | B2/B3 | 06-8a-01/10 | 00000028 | 0000002a | Core w/Hybrid Technology | AML-Y22 | H0 | 06-8e-09/10 | 000000de | 000000ea | Core Gen8 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000de | 000000ea | Core Gen7 Mobile | CFL-U43e | D0 | 06-8e-0a/c0 | 000000e0 | 000000ea | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000de | 000000ea | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen8 Mobile | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000de | 000000ea | Core Gen7; Xeon E3 v6 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000de | 000000ea | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000de | 000000ea | Core Gen8 | CFL-H/S | P0 | 06-9e-0c/22 | 000000de | 000000ea | Core Gen9 | CFL-H | R0 | 06-9e-0d/22 | 000000de | 000000ea | Core Gen9 Mobile | CML-H | R1 | 06-a5-02/20 | 000000e0 | 000000ea | Core Gen10 Mobile | CML-S62 | G1 | 06-a5-03/22 | 000000e0 | 000000ea | Core Gen10 | CML-S102 | Q0 | 06-a5-05/22 | 000000e0 | 000000ec | Core Gen10 | CML-U62 | A0 | 06-a6-00/80 | 000000e0 | 000000e8 | Core Gen10 Mobile | CML-U62 V2 | K0 | 06-a6-01/80 | 000000e0 | 000000ea | Core Gen10 Mobile Important SUSE bug 1179833 SUSE bug 1179836 SUSE bug 1179837 SUSE bug 1179839 CVE-2020-24489 CVE-2020-24511 CVE-2020-24512 CVE-2020-24513 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for caribou fixes the following issues: Security issue fixed: - CVE-2021-3567: Fixed a segfault when attempting to use shifted characters (bsc#1186617). Important SUSE bug 1186617 CVE-2021-3567 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for qemu fixes the following issues: - Fix OOB access during mmio operations (CVE-2020-13754, bsc#1172382) - Fix out-of-bounds read information disclosure in icmp6_send_echoreply (CVE-2020-10756, bsc#1172380) - For the record, these issues are fixed in this package already. Most are alternate references to previously mentioned issues: (CVE-2019-15890, bsc#1149813, CVE-2020-8608, bsc#1163019, CVE-2020-14364, bsc#1175534, CVE-2020-25707, bsc#1178683, CVE-2020-25723, bsc#1178935, CVE-2020-29130, bsc#1179477, CVE-2020-29129, bsc#1179484, CVE-2021-20257, bsc#1182846, CVE-2021-3419, bsc#1182975) Important SUSE bug 1149813 SUSE bug 1163019 SUSE bug 1172380 SUSE bug 1172382 SUSE bug 1175534 SUSE bug 1178683 SUSE bug 1178935 SUSE bug 1179477 SUSE bug 1179484 SUSE bug 1182846 SUSE bug 1182975 CVE-2019-15890 CVE-2020-10756 CVE-2020-13754 CVE-2020-14364 CVE-2020-25707 CVE-2020-25723 CVE-2020-29129 CVE-2020-29130 CVE-2020-8608 CVE-2021-20257 CVE-2021-3419 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for freeradius-server fixes the following issues: - Do not log passwords in logfiles (bsc#1184016) Moderate SUSE bug 1184016 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_8_0-openjdk fixes the following issues: - Update to version jdk8u292 (icedtea 3.19.0). - CVE-2021-2161: Fixed incomplete enforcement of JAR signing disabled algorithms (bsc#1185055). Moderate SUSE bug 1185055 CVE-2021-2163 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ImageMagick fixes the following issues: - CVE-2020-19667: Fixed a stack buffer overflow in XPM coder could result in a crash (bsc#1179103). - CVE-2020-25664: Fixed a heap-based buffer overflow in PopShortPixel (bsc#1179202). - CVE-2020-25665: Fixed a heap-based buffer overflow in WritePALMImage (bsc#1179208). - CVE-2020-25666: Fixed an outside the range of representable values of type 'int' and signed integer overflow (bsc#1179212). - CVE-2020-25674: Fixed a heap-based buffer overflow in WriteOnePNGImage (bsc#1179223). - CVE-2020-25675: Fixed an outside the range of representable values of type 'long' and integer overflow (bsc#1179240). - CVE-2020-25676: Fixed an outside the range of representable values of type 'long' and integer overflow at MagickCore/pixel.c (bsc#1179244). - CVE-2020-27750: Fixed an division by zero in MagickCore/colorspace-private.h (bsc#1179260). - CVE-2020-27751: Fixed an integer overflow in MagickCore/quantum-export.c (bsc#1179269). - CVE-2020-27752: Fixed a heap-based buffer overflow in PopShortPixel in MagickCore/quantum-private.h (bsc#1179346). - CVE-2020-27753: Fixed memory leaks in AcquireMagickMemory function (bsc#1179397). - CVE-2020-27754: Fixed an outside the range of representable values of type 'long' and signed integer overflow at MagickCore/quantize.c (bsc#1179336). - CVE-2020-27755: Fixed memory leaks in ResizeMagickMemory function in ImageMagick/MagickCore/memory.c (bsc#1179345). - CVE-2020-27757: Fixed an outside the range of representable values of type 'unsigned long long' at MagickCore/quantum-private.h (bsc#1179268). - CVE-2020-27759: Fixed an outside the range of representable values of type 'int' at MagickCore/quantize.c (bsc#1179313). - CVE-2020-27760: Fixed a division by zero at MagickCore/enhance.c (bsc#1179281). - CVE-2020-27761: Fixed an outside the range of representable values of type 'unsigned long' at coders/palm.c (bsc#1179315). - CVE-2020-27762: Fixed an outside the range of representable values of type 'unsigned char' (bsc#1179278). - CVE-2020-27763: Fixed a division by zero at MagickCore/resize.c (bsc#1179312). - CVE-2020-27764: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179317). - CVE-2020-27765: Fixed a division by zero at MagickCore/segment.c (bsc#1179311). - CVE-2020-27766: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179361). - CVE-2020-27767: Fixed an outside the range of representable values of type 'float' at MagickCore/quantum.h (bsc#1179322). - CVE-2020-27768: Fixed an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h (bsc#1179339). - CVE-2020-27769: Fixed an outside the range of representable values of type 'float' at MagickCore/quantize.c (bsc#1179321). - CVE-2020-27770: Fixed an unsigned offset overflowed at MagickCore/string.c (bsc#1179343). - CVE-2020-27771: Fixed an outside the range of representable values of type 'unsigned char' at coders/pdf.c (bsc#1179327). - CVE-2020-27772: Fixed an outside the range of representable values of type 'unsigned int' at coders/bmp.c (bsc#1179347). - CVE-2020-27773: Fixed a division by zero at MagickCore/gem-private.h (bsc#1179285). - CVE-2020-27774: Fixed an integer overflow at MagickCore/statistic.c (bsc#1179333). - CVE-2020-27775: Fixed an outside the range of representable values of type 'unsigned char' at MagickCore/quantum.h (bsc#1179338). - CVE-2020-27776: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179362). Important SUSE bug 1179103 SUSE bug 1179202 SUSE bug 1179208 SUSE bug 1179212 SUSE bug 1179223 SUSE bug 1179240 SUSE bug 1179244 SUSE bug 1179260 SUSE bug 1179268 SUSE bug 1179269 SUSE bug 1179278 SUSE bug 1179281 SUSE bug 1179285 SUSE bug 1179311 SUSE bug 1179312 SUSE bug 1179313 SUSE bug 1179315 SUSE bug 1179317 SUSE bug 1179321 SUSE bug 1179322 SUSE bug 1179327 SUSE bug 1179333 SUSE bug 1179336 SUSE bug 1179338 SUSE bug 1179339 SUSE bug 1179343 SUSE bug 1179345 SUSE bug 1179346 SUSE bug 1179347 SUSE bug 1179361 SUSE bug 1179362 SUSE bug 1179397 CVE-2020-19667 CVE-2020-25664 CVE-2020-25665 CVE-2020-25666 CVE-2020-25674 CVE-2020-25675 CVE-2020-25676 CVE-2020-27750 CVE-2020-27751 CVE-2020-27752 CVE-2020-27753 CVE-2020-27754 CVE-2020-27755 CVE-2020-27757 CVE-2020-27759 CVE-2020-27760 CVE-2020-27761 CVE-2020-27762 CVE-2020-27763 CVE-2020-27764 CVE-2020-27765 CVE-2020-27766 CVE-2020-27767 CVE-2020-27768 CVE-2020-27769 CVE-2020-27770 CVE-2020-27771 CVE-2020-27772 CVE-2020-27773 CVE-2020-27774 CVE-2020-27775 CVE-2020-27776 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for webkit2gtk3 fixes the following issues: - Update to version 2.32.1: + Improve handling of Media Capture devices. + Improve WebAudio playback. + Improve video orientation handling. + Improve seeking support for MSE playback. + Improve flush support in EME decryptors. + Fix HTTP status codes for requests done through a custom URI handler. + Fix the Bubblewrap sandbox in certain 32-bit systems. + Fix inconsistencies between the WebKitWebView.is-muted property state and values returned by webkit_web_view_is_playing_audio(). + Fix the build with ENABLE_VIDEO=OFF. + Fix wrong timestamps for long-lived cookies. + Fix UI process crash when failing to load favicons. + Fix several crashes and rendering issues. - Including Security fixes for: CVE-2021-1788, CVE-2021-1844, CVE-2021-1871, CVE-2020-27918, CVE-2020-29623, CVE-2021-1765, CVE-2021-1789, CVE-2021-1799, CVE-2021-1801, CVE-2021-1870, CVE-2020-13558, CVE-2020-13584, CVE-2020-9983, CVE-2020-13543, CVE-2020-9947, CVE-2020-9948, CVE-2020-9951. Important SUSE bug 1177087 SUSE bug 1179122 SUSE bug 1179451 SUSE bug 1182286 SUSE bug 1184155 SUSE bug 1184262 CVE-2020-13543 CVE-2020-13558 CVE-2020-13584 CVE-2020-27918 CVE-2020-29623 CVE-2020-9947 CVE-2020-9948 CVE-2020-9951 CVE-2020-9983 CVE-2021-1765 CVE-2021-1788 CVE-2021-1789 CVE-2021-1799 CVE-2021-1801 CVE-2021-1844 CVE-2021-1870 CVE-2021-1871 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for apache2 fixes the following issues: - fixed CVE-2021-30641 [bsc#1187174]: MergeSlashes regression - fixed CVE-2021-31618 [bsc#1186924]: NULL pointer dereference on specially crafted HTTP/2 request - fixed CVE-2020-35452 [bsc#1186922]: Single zero byte stack overflow in mod_auth_digest - fixed CVE-2021-26690 [bsc#1186923]: mod_session NULL pointer dereference in parser - fixed CVE-2021-26691 [bsc#1187017]: Heap overflow in mod_session Important SUSE bug 1186922 SUSE bug 1186923 SUSE bug 1186924 SUSE bug 1187017 SUSE bug 1187174 CVE-2020-35452 CVE-2021-26690 CVE-2021-26691 CVE-2021-30641 CVE-2021-31618 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xterm fixes the following issues: - CVE-2021-27135: Fixed buffer-overflow when clicking on selected utf8 text. (bsc#1182091) Important SUSE bug 1182091 CVE-2021-27135 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libnettle fixes the following issues: - CVE-2021-3580: Fixed a remote denial of service in the RSA decryption via manipulated ciphertext (bsc#1187060). Important SUSE bug 1187060 CVE-2021-3580 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for cryptctl fixes the following issues: Update to version 2.4: - CVE-2019-18906: Client side password hashing was equivalent to clear text password storage (bsc#1186226) - First step to use plain text password instead of hashed password. - Move repository into the SUSE github organization - in RPC server, if client comes from localhost, remember its ipv4 localhost address instead of ipv6 address - tell a record to clear expired pending commands upon saving a command result; introduce pending commands RPC test case - avoid hard coding 127.0.0.1 in host ID of alive message test; let system administrator mount and unmount disks by issuing these two commands on key server. Important SUSE bug 1186226 CVE-2019-18906 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ovmf fixes the following issues: - Fixed a possible buffer overflow in IScsiDxe (bsc#1186151) Important SUSE bug 1186151 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212). Important SUSE bug 1187212 CVE-2021-33560 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openexr fixes the following issues: - Fixed CVE-2021-3479 [bsc#1184354]: Out-of-memory caused by allocation of a very large buffer - Fixed CVE-2021-3605 [bsc#1187395]: Heap buffer overflow in the rleUncompress function - Fixed CVE-2021-3598 [bsc#1187310]: Heap buffer overflow in Imf_3_1:CharPtrIO:readChars Important SUSE bug 1184354 SUSE bug 1187310 SUSE bug 1187395 CVE-2021-3479 CVE-2021-3598 CVE-2021-3605 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for postgresql, postgresql12, postgresql13 fixes the following issues: Initial packaging of PostgreSQL 13: * https://www.postgresql.org/about/news/2077/ * https://www.postgresql.org/docs/13/release-13.html Changes in postgresql: - Bump postgresql major version to 13. Changes in postgresql12: - %ghost the symlinks to pg_config and ecpg. (bsc#1178961) - BuildRequire libpq5 and libecpg6 when not building them to avoid dangling symlinks in the devel package. (bsc#1179765) - Fix a DST problem in the test suite. Changes in postgresql13: - Add postgresql-icu68.patch: fix build with ICU 68 - %ghost the symlinks to pg_config and ecpg. (bsc#1178961) - BuildRequire libpq5 and libecpg6 when not building them to avoid dangling symlinks in the devel package. (bsc#1179765) Upgrade to version 13.1: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. (obsoletes postgresql-timetz.patch) * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/13/release-13-1.html - Fix a DST problem in the test suite. Important SUSE bug 1178666 SUSE bug 1178667 SUSE bug 1178668 SUSE bug 1178961 SUSE bug 1179765 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for arpwatch fixes the following issues: - CVE-2021-25321: Fixed local privilege escalation from runtime user to root (bsc#1186240). Important SUSE bug 1186240 CVE-2021-25321 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libsolv fixes the following issues: Security issues fixed: - CVE-2019-20387: Fixed heap-buffer-overflow in repodata_schema2id (bsc#1161510) - CVE-2021-3200: testcase_read: error out if repos are added or the system is changed too late (bsc#1186229) Other issues fixed: - backport support for blacklisted packages to support ptf packages and retracted patches - fix ruleinfo of complex dependencies returning the wrong origin - fix SOLVER_FLAG_FOCUS_BEST updateing packages without reason - fix add_complex_recommends() selecting conflicted packages in rare cases - fix potential segfault in resolve_jobrules - fix solv_zchunk decoding error if large chunks are used Important SUSE bug 1161510 SUSE bug 1186229 CVE-2019-20387 CVE-2021-3200 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for sudo fixes the following issues: - A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges [bsc#1181090,CVE-2021-3156] - It was possible for a user to test for the existence of a directory due to a Race Condition in `sudoedit` [bsc#1180684,CVE-2021-23239] - A Possible Symlink Attack vector existed in `sudoedit` if SELinux was running in permissive mode [bsc#1180685, CVE-2021-23240] - It was possible for a User to enable Debug Settings not Intended for them [bsc#1180687] Important SUSE bug 1180684 SUSE bug 1180685 SUSE bug 1180687 SUSE bug 1181090 CVE-2021-23239 CVE-2021-23240 CVE-2021-3156 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.12.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-29 (bsc#1188275) * CVE-2021-29970: Use-after-free in accessibility features of a document * CVE-2021-30547: Out of bounds write in ANGLE * CVE-2021-29976: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 Important SUSE bug 1188275 CVE-2021-29970 CVE-2021-29976 CVE-2021-30547 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.7.0 ESR (MFSA 2021-04, bsc#1181414) * CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests * CVE-2021-23954: Fixed a type confusion when using logical assignment operators in JavaScript switch statements * CVE-2020-26976: Fixed an issue where HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2021-23960: Fixed a use-after-poison for incorrectly redeclared JavaScript variables during GC * CVE-2021-23964: Fixed Memory safety bugs Important SUSE bug 1181414 CVE-2020-26976 CVE-2021-23953 CVE-2021-23954 CVE-2021-23960 CVE-2021-23964 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-22555: A heap out-of-bounds write was discovered in net/netfilter/x_tables.c (bnc#1188116). - CVE-2021-33909: Extremely large seq buffer allocations in seq_file could lead to buffer underruns and code execution (bsc#1188062). - CVE-2021-3609: A use-after-free in can/bcm could have led to privilege escalation (bsc#1187215). - CVE-2021-33624: In kernel/bpf/verifier.c a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db (bnc#1187554). - CVE-2021-0605: In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation (bnc#1187601). - CVE-2021-0512: In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1187595). - CVE-2020-26558: Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time (bnc#1179610 bnc#1186463). - CVE-2021-34693: net/can/bcm.c allowed local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized (bnc#1187452). - CVE-2020-36385: An issue was discovered in drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c (bnc#1187050). - CVE-2021-0129: Improper access control in BlueZ may have allowed an authenticated user to potentially enable information disclosure via adjacent access (bnc#1186463). - CVE-2020-36386: An issue was discovered net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf (bnc#1187038). - CVE-2020-24588: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets (bnc#1185861). - CVE-2021-33200: kernel/bpf/verifier.c enforced incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit (bnc#1186484). The following non-security bugs were fixed: - block: do not use blocking queue entered for recursive bio (bsc#1104967). - s390/stack: fix possible register corruption with stack switch helper (git-fixes). - scsi: scsi_dh_alua: Retry RTPG on a different path after failure (bsc#1174978 bsc#1185701). Important SUSE bug 1104967 SUSE bug 1174978 SUSE bug 1179610 SUSE bug 1185701 SUSE bug 1185861 SUSE bug 1186463 SUSE bug 1186484 SUSE bug 1187038 SUSE bug 1187050 SUSE bug 1187215 SUSE bug 1187452 SUSE bug 1187554 SUSE bug 1187595 SUSE bug 1187601 SUSE bug 1187934 SUSE bug 1188062 SUSE bug 1188116 CVE-2020-24588 CVE-2020-26558 CVE-2020-36385 CVE-2020-36386 CVE-2021-0129 CVE-2021-0512 CVE-2021-0605 CVE-2021-22555 CVE-2021-33200 CVE-2021-33624 CVE-2021-33909 CVE-2021-34693 CVE-2021-3609 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for systemd fixes the following issues: Security issues fixed: - CVE-2021-33910: Fixed a denial of service (stack exhaustion) in systemd (PID 1) (bsc#1188063) Other fixes: - mount-util: shorten the loop a bit (#7545) - mount-util: do not use the official MAX_HANDLE_SZ (#7523) - mount-util: tape over name_to_handle_at() flakiness (#7517) (bsc#1184761) - mount-util: fix bad indenting - mount-util: EOVERFLOW might have other causes than buffer size issues - mount-util: fix error propagation in fd_fdinfo_mnt_id() - mount-util: drop exponential buffer growing in name_to_handle_at_loop() - udev: port udev_has_devtmpfs() to use path_get_mnt_id() - mount-util: add new path_get_mnt_id() call that queries the mnt ID of a path - mount-util: add name_to_handle_at_loop() wrapper around name_to_handle_at() - mount-util: accept that name_to_handle_at() might fail with EPERM (#5499) - basic: fallback to the fstat if we don't have access to the /proc/self/fdinfo - sysusers: use the usual comment style - test/TEST-21-SYSUSERS: add tests for new functionality - sysusers: allow admin/runtime overrides to command-line config - basic/strv: add function to insert items at position - sysusers: allow the shell to be specified - sysusers: move various user credential validity checks to src/basic/ - man: reformat table in sysusers.d(5) - sysusers: take configuration as positional arguments - sysusers: emit a bit more info at debug level when locking fails - sysusers: allow force reusing existing user/group IDs (#8037) - sysusers: ensure GID in uid:gid syntax exists - sysusers: make ADD_GROUP always create a group - test: add TEST-21-SYSUSERS test - sysuser: use OrderedHashmap - sysusers: allow uid:gid in sysusers.conf files - sysusers: fix memleak (#4430) - These commits implement the option '--replace' for systemd-sysusers so %sysusers_create_package can be introduced in SLE and packages can rely on this rpm macro without wondering whether the macro is available on the different target the package is submitted to. - Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807) - systemctl: add --value option - execute: make sure to call into PAM after initializing resource limits (bsc#1184967) - rlimit-util: introduce setrlimit_closest_all() - system-conf: drop reference to ShutdownWatchdogUsec= - core: rename ShutdownWatchdogSec to RebootWatchdogSec (bsc#1185331) - Return -EAGAIN instead of -EALREADY from unit_reload (bsc#1185046) - rules: don't ignore Xen virtual interfaces anymore (bsc#1178561) - write_net_rules: set execute bits (bsc#1178561) - udev: rework network device renaming - Revert 'Revert 'udev: network device renaming - immediately give up if the target name isn't available'' Important SUSE bug 1178561 SUSE bug 1184761 SUSE bug 1184967 SUSE bug 1185046 SUSE bug 1185331 SUSE bug 1185807 SUSE bug 1188063 CVE-2021-33910 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) Moderate SUSE bug 1188217 SUSE bug 1188218 SUSE bug 1188219 SUSE bug 1188220 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for linuxptp fixes the following issues: - CVE-2021-3570: Validate the messageLength field of incoming messages. (bsc#1187646) Important SUSE bug 1187646 CVE-2021-3570 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for qemu fixes the following issues: Security issues fixed: - CVE-2021-3595: Fixed slirp: invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366) - CVE-2021-3592: Fix for slirp: invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364) - CVE-2021-3594: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367) - CVE-2021-3593: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365) - CVE-2021-3611: Fix intel-hda segmentation fault due to stack overflow (bsc#1187529) Important SUSE bug 1187364 SUSE bug 1187365 SUSE bug 1187366 SUSE bug 1187367 SUSE bug 1187529 CVE-2021-3592 CVE-2021-3593 CVE-2021-3594 CVE-2021-3595 CVE-2021-3611 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for dbus-1 fixes the following issues: - CVE-2020-35512: Fixed a bug where users with the same numeric UID could lead to use-after-free and undefined behaviour. (bsc#1187105) - CVE-2020-12049: Fixed a bug where a truncated messages lead to resource exhaustion. (bsc#1172505) Important SUSE bug 1172505 SUSE bug 1187105 CVE-2020-12049 CVE-2020-35512 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for webkit2gtk3 fixes the following issues: Update to version 2.32.3: - CVE-2021-21775: Fixed a use-after-free vulnerability in the way certain events are processed for ImageLoader objects. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (bsc#1188697) - CVE-2021-21779: Fixed a use-after-free vulnerability in the way that WebKit GraphicsContext handles certain events. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (bsc#1188697) - CVE-2021-30663: An integer overflow was addressed with improved input validation. (bsc#1188697) - CVE-2021-30665: A memory corruption issue was addressed with improved state management. (bsc#1188697) - CVE-2021-30689: A logic issue was addressed with improved state management. (bsc#1188697) - CVE-2021-30720: A logic issue was addressed with improved restrictions. (bsc#1188697) - CVE-2021-30734: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697) - CVE-2021-30744: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. (bsc#1188697) - CVE-2021-30749: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697) - CVE-2021-30758: A type confusion issue was addressed with improved state handling. (bsc#1188697) - CVE-2021-30795: A use after free issue was addressed with improved memory management. (bsc#1188697) - CVE-2021-30797: This issue was addressed with improved checks. (bsc#1188697) - CVE-2021-30799: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697) Important SUSE bug 1188697 CVE-2021-21775 CVE-2021-21779 CVE-2021-30663 CVE-2021-30665 CVE-2021-30689 CVE-2021-30720 CVE-2021-30734 CVE-2021-30744 CVE-2021-30749 CVE-2021-30758 CVE-2021-30795 CVE-2021-30797 CVE-2021-30799 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libsndfile fixes the following issues: - CVE-2018-13139: Fixed a stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. (bsc#1100167) - CVE-2018-19432: Fixed a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service. (bsc#1116993) - CVE-2021-3246: Fixed a heap buffer overflow vulnerability in msadpcm_decode_block. (bsc#1188540) - CVE-2018-19758: Fixed a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. (bsc#1117954) Critical SUSE bug 1100167 SUSE bug 1116993 SUSE bug 1117954 SUSE bug 1188540 CVE-2018-13139 CVE-2018-19432 CVE-2018-19758 CVE-2021-3246 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for djvulibre fixes the following issues: - CVE-2021-3630: out-of-bounds write in DJVU:DjVuTXT:decode() in DjVuText.cpp (bsc#1187869) Important SUSE bug 1187869 CVE-2021-3630 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for mariadb fixes the following issues: - Update to 10.2.39 (bsc#1182739) - CVE-2021-2166: DML unspecified vulnerability lead to complete DOS. (bsc#1185870) - CVE-2021-2154: DML unspecified vulnerability can lead to complete DOS. (bsc#1185872) - CVE-2021-2180: InnoDB unspecified vulnerability lead to complete DOS. (bsc#1185868) - CVE-2021-27928: Fixed a remote code execution issue. (bsc#1183770) Important SUSE bug 1182739 SUSE bug 1183770 SUSE bug 1185868 SUSE bug 1185870 SUSE bug 1185872 SUSE bug 1188300 CVE-2021-2154 CVE-2021-2166 CVE-2021-2180 CVE-2021-27928 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) Important SUSE bug 1189206 CVE-2021-38185 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libcares2 fixes the following issues: - CVE-2021-3672: Fixed input validation on hostnames (bsc#1188881). Important SUSE bug 1188881 CVE-2021-3672 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.13.0 ESR (MFSA 2021-34, bsc#1188891): - CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption - CVE-2021-29988: Memory corruption as a result of incorrect style treatment - CVE-2021-29984: Incorrect instruction reordering during JIT optimization - CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption - CVE-2021-29985: Use-after-free media channels - CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 Important SUSE bug 1188891 CVE-2021-29980 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29988 CVE-2021-29989 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for fetchmail fixes the following issues: - CVE-2021-36386: DoS or information disclosure in some configurations (bsc#1188875) - Change PASSWORDLEN from 64 to 256 [bsc#1188034] - Set the hostname for SNI when using TLS [bsc#1182807] - Allow --syslog option in daemon mode. (bsc#1033081) - Set the hostname for SNI when using TLS. (bsc#1182807) - Change PASSWORDLEN from 64 to 256 (bsc#1188034) Moderate SUSE bug 1033081 SUSE bug 1182807 SUSE bug 1188034 SUSE bug 1188875 CVE-2021-36386 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_8_0-openjdk fixes the following issues: - Update to version jdk8u302 (icedtea 3.20.0) - CVE-2021-2341: Improve file transfers. (bsc#1188564) - CVE-2021-2369: Better jar file validation. (bsc#1188565) - CVE-2021-2388: Enhance compiler validation. (bsc#1188566) - CVE-2021-2161: Less ambiguous processing. (bsc#1185056) Important SUSE bug 1185056 SUSE bug 1188564 SUSE bug 1188565 SUSE bug 1188566 CVE-2021-2161 CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for cpio fixes the following issues: - A patch previously applied to remedy CVE-2021-38185 introduced a regression that had the potential to cause a segmentation fault in cpio. [bsc#1189465] Important SUSE bug 1189465 CVE-2021-38185 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python-PyYAML fixes the following issues: - Update to 5.3.1. - CVE-2020-14343: A vulnerability was discovered in the PyYAML library, where it was susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. Important SUSE bug 1174514 CVE-2020-14343 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssl-1_0_0 fixes the following issues: - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] Important SUSE bug 1189521 CVE-2021-3712 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssl-1_1 fixes the following security issues: - CVE-2021-3711: A bug in the implementation of the SM2 decryption code could lead to buffer overflows. [bsc#1189520] - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] Important SUSE bug 1189520 SUSE bug 1189521 CVE-2021-3711 CVE-2021-3712 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for unrar to version 5.6.1 fixes several issues. These security issues were fixed: - CVE-2017-12938: Prevent remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file (bsc#1054038). - CVE-2017-12940: Prevent out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function (bsc#1054038). - CVE-2017-12941: Prevent an out-of-bounds read in the Unpack::Unpack20 function (bsc#1054038). - CVE-2017-12942: Prevent a buffer overflow in the Unpack::LongLZ function (bsc#1054038). - CVE-2017-20006: Fixed heap-based buffer overflow in Unpack:CopyString (bsc#1187974). These non-security issues were fixed: - Added extraction support for .LZ archives created by Lzip compressor - Enable unpacking of files in ZIP archives compressed with XZ algorithm and encrypted with AES - Added support for PAX extended headers inside of TAR archive - If RAR recovery volumes (.rev files) are present in the same folder as usual RAR volumes, archive test command verifies .rev contents after completing testing .rar files - By default unrar skips symbolic links with absolute paths in link target when extracting unless -ola command line switch is specified - Added support for AES-NI CPU instructions - Support for a new RAR 5.0 archiving format - Wildcard exclusion mask for folders - Prevent conditional jumps depending on uninitialised values (bsc#1046882) Moderate SUSE bug 1046882 SUSE bug 1054038 SUSE bug 1187974 CVE-2012-6706 CVE-2017-12938 CVE-2017-12940 CVE-2017-12941 CVE-2017-12942 CVE-2017-20006 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for aspell fixes the following issues: - CVE-2019-25051: Fixed heap-buffer-overflow in acommon:ObjStack:dup_top (bsc#1188576). Important SUSE bug 1188576 CVE-2019-25051 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for compat-openssl098 fixes the following security issue: - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] Important SUSE bug 1189521 CVE-2021-3712 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openexr fixes the following issues: - CVE-2021-20298 [bsc#1188460]: Fixed Out-of-memory in B44Compressor - CVE-2021-20299 [bsc#1188459]: Fixed Null-dereference READ in Imf_2_5:Header:operator - CVE-2021-20300 [bsc#1188458]: Fixed Integer-overflow in Imf_2_5:hufUncompress - CVE-2021-20302 [bsc#1188462]: Fixed Floating-point-exception in Imf_2_5:precalculateTileInfot - CVE-2021-20303 [bsc#1188457]: Fixed Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer - CVE-2021-20304 [bsc#1188461]: Fixed Undefined-shift in Imf_2_5:hufDecode Important SUSE bug 1188457 SUSE bug 1188458 SUSE bug 1188459 SUSE bug 1188460 SUSE bug 1188461 SUSE bug 1188462 CVE-2021-20298 CVE-2021-20299 CVE-2021-20300 CVE-2021-20302 CVE-2021-20303 CVE-2021-20304 CVE-2021-3476 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libesmtp fixes the following issues: - CVE-2019-19977: Fix stack-based buffer over-read in ntlm/ntlmstruct.c (bsc#1160462). Important SUSE bug 1160462 SUSE bug 1189097 CVE-2019-19977 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for file fixes the following issues: - CVE-2019-18218: Fixed heap-based buffer overflow in cdf_read_property_info in cdf.c (bsc#1154661). Important SUSE bug 1154661 CVE-2019-18218 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xen fixes the following issues: Security issues fixed: - CVE-2021-28698: long running loops in grant table handling (XSA-380)(bsc#1189378). - CVE-2021-28697: grant table v2 status pages may remain accessible after de-allocation (XSA-379)(bsc#1189376). - CVE-2021-28694,CVE-2021-28695,CVE-2021-28696: IOMMU page mapping issues on x86 (XSA-378)(bsc#1189373). - CVE-2021-28699: inadequate grant-v2 status frames array bounds check (XSA-382)(bsc#1189380). - CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling (bsc#1186429) - CVE-2021-28690: xen: x86: TSX Async Abort protections not restored after S3 (bsc#1186434) - CVE-2021-0089: xen: Speculative Code Store Bypass (bsc#1186433) - CVE-2021-20255: Fixed stack overflow via infinite recursion in eepro100 (bsc#1182654) - CVE-2021-3592: slirp: invalid pointer initialization may lead to information disclosure (bootp)(bsc#1187369). - CVE-2021-3594: slirp: invalid pointer initialization may lead to information disclosure (udp)(bsc#1187378). - CVE-2021-3595: slirp: invalid pointer initialization may lead to information disclosure (tftp)(bsc#1187376). - CVE-2021-3308: Fixed IRQ vector leak on x86 (XSA-360)(bsc#1181254). - Prevent superpage allocation in the LAPIC and ACPI_INFO range (bsc#1189882). Important SUSE bug 1181254 SUSE bug 1182654 SUSE bug 1186429 SUSE bug 1186433 SUSE bug 1186434 SUSE bug 1187369 SUSE bug 1187376 SUSE bug 1187378 SUSE bug 1189373 SUSE bug 1189376 SUSE bug 1189378 SUSE bug 1189380 SUSE bug 1189882 CVE-2021-0089 CVE-2021-20255 CVE-2021-28690 CVE-2021-28692 CVE-2021-28694 CVE-2021-28695 CVE-2021-28696 CVE-2021-28697 CVE-2021-28698 CVE-2021-28699 CVE-2021-3308 CVE-2021-3592 CVE-2021-3594 CVE-2021-3595 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openvswitch fixes the following issues: - openvswitch was updated to 2.8.10 - CVE-2020-27827: Fixed a memory leak when parsing lldp packets (bsc#1181345) A lot more minor bugs have been fixed with this openvswitch version. Please refer to the changelog of the openvswitch.rpm file in order to obtain a list of all changes. Important SUSE bug 1117483 SUSE bug 1181345 CVE-2020-27827 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssl-1_0_0 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). Low SUSE bug 1189521 CVE-2021-3712 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). Low SUSE bug 1189521 CVE-2021-3712 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for mariadb fixes the following issues: Update to version 10.2.40 [bsc#1189320]: - fixes for the following security vulnerabilities: CVE-2021-2372 and CVE-2021-2389 Moderate SUSE bug 1182255 SUSE bug 1189320 CVE-2021-2372 CVE-2021-2389 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for compat-openssl098 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). Low SUSE bug 1189521 CVE-2021-3712 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for tomcat fixes the following issue: - CVE-2020-17527: Fixed a HTTP/2 request header mix-up (bsc#1179602). Moderate SUSE bug 1179602 CVE-2020-17527 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for transfig fixes the following issues: Update to version 3.2.8, including fixes for - CVE-2021-3561: overflow in fig2dev/read.c in function read_colordef() (bsc#1186329). - CVE-2020-21683: Fixed buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c (bsc#1189325). - CVE-2020-21682: Fixed buffer overflow in the set_fill component in genge.c (bsc#1189346). - CVE-2020-21681: Fixed buffer overflow in the set_color component in genge.c (bsc#1189345). - CVE-2020-21680: Fixed stack-based buffer overflow in the put_arrow() component in genpict2e.c (bsc#1189343). - CVE-2019-19797: out-of-bounds write in read_colordef in read.c (bsc#1159293). - CVE-2019-19555: stack-based buffer overflow because of an incorrect sscanf (bsc#1161698). - CVE-2019-19746: segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type (bsc#1159130). Moderate SUSE bug 1136882 SUSE bug 1159130 SUSE bug 1159293 SUSE bug 1161698 SUSE bug 1186329 SUSE bug 1189325 SUSE bug 1189343 SUSE bug 1189345 SUSE bug 1189346 CVE-2019-19555 CVE-2019-19746 CVE-2019-19797 CVE-2020-21680 CVE-2020-21681 CVE-2020-21682 CVE-2020-21683 CVE-2021-3561 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for gtk-vnc fixes the following issues: - CVE-2017-5885: Correctly validate color map range indexes (bsc#1024268). - CVE-2017-5884: Fix bounds checking for RRE, hextile & copyrect encodings (bsc#1024266). - Fix crash when opening connection from a GSocketAddress (bsc#1046782). - Fix possible crash on connection failure (bsc#1188292). Moderate SUSE bug 1024266 SUSE bug 1024268 SUSE bug 1046782 SUSE bug 1188292 CVE-2017-5884 CVE-2017-5885 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ghostscript fixes the following issues: - CVE-2021-3781: Fixed a trivial -dSAFER bypass command injection (bsc#1190381) Critical SUSE bug 1190381 CVE-2021-3781 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: This update contains the Firefox Extended Support Release 91.1.0 ESR. * Fixed: Various stability, functionality, and security fixes MFSA 2021-40 (bsc#1190269, bsc#1190274): * CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer * CVE-2021-38495: Memory safety bugs fixed in Firefox 92 and Firefox ESR 91.1 Firefox 91.0.1esr ESR * Fixed: Fixed an issue causing buttons on the tab bar to be resized when loading certain websites (bug 1704404) * Fixed: Fixed an issue which caused tabs from private windows to be visible in non-private windows when viewing switch-to- tab results in the address bar panel (bug 1720369) * Fixed: Various stability fixes * Fixed: Security fix MFSA 2021-37 (bsc#1189547) * CVE-2021-29991 (bmo#1724896) Header Splitting possible with HTTP/3 Responses Firefox Extended Support Release 91.0 ESR * New: Some of the highlights of the new Extended Support Release are: - A number of user interface changes. For more information, see the Firefox 89 release notes. - Firefox now supports logging into Microsoft, work, and school accounts using Windows single sign-on. Learn more - On Windows, updates can now be applied in the background while Firefox is not running. - Firefox for Windows now offers a new page about:third-party to help identify compatibility issues caused by third-party applications - Version 2 of Firefox's SmartBlock feature further improves private browsing. Third party Facebook scripts are blocked to prevent you from being tracked, but are now automatically loaded 'just in time' if you decide to 'Log in with Facebook' on any website. - Enhanced the privacy of the Firefox Browser's Private Browsing mode with Total Cookie Protection, which confines cookies to the site where they were created, preventing companis from using cookies to track your browsing across sites. This feature was originally launched in Firefox's ETP Strict mode. - PDF forms now support JavaScript embedded in PDF files. Some PDF forms use JavaScript for validation and other interactive features. - You'll encounter less website breakage in Private Browsing and Strict Enhanced Tracking Protection with SmartBlock, which provides stand-in scripts so that websites load properly. - Improved Print functionality with a cleaner design and better integration with your computer's printer settings. - Firefox now protects you from supercookies, a type of tracker that can stay hidden in your browser and track you online, even after you clear cookies. By isolating supercookies, Firefox prevents them from tracking your web browsing from one site to the next. - Firefox now remembers your preferred location for saved bookmarks, displays the bookmarks toolbar by default on new tabs, and gives you easy access to all of your bookmarks via a toolbar folder. - Native support for macOS devices built with Apple Silicon CPUs brings dramatic performance improvements over the non- native build that was shipped in Firefox 83: Firefox launches over 2.5 times faster and web apps are now twice as responsive (per the SpeedoMeter 2.0 test). If you are on a new Apple device, follow these steps to upgrade to the latest Firefox. - Pinch zooming will now be supported for our users with Windows touchscreen devices and touchpads on Mac devices. Firefox users may now use pinch to zoom on touch-capable devices to zoom in and out of webpages. - We’ve improved functionality and design for a number of Firefox search features: * Selecting a search engine at the bottom of the search panel now enters search mode for that engine, allowing you to see suggestions (if available) for your search terms. The old behavior (immediately performing a search) is available with a shift-click. * When Firefox autocompletes the URL of one of your search engines, you can now search with that engine directly in the address bar by selecting the shortcut in the address bar results. * We’ve added buttons at the bottom of the search panel to allow you to search your bookmarks, open tabs, and history. - Firefox supports AcroForm, which will allow you to fill in, print, and save supported PDF forms and the PDF viewer also has a new fresh look. - For our users in the US and Canada, Firefox can now save, manage, and auto-fill credit card information for you, making shopping on Firefox ever more convenient. - In addition to our default, dark and light themes, with this release, Firefox introduces the Alpenglow theme: a colorful appearance for buttons, menus, and windows. You can update your Firefox themes under settings or preferences. * Changed: Firefox no longer supports Adobe Flash. There is no setting available to re-enable Flash support. * Enterprise: Various bug fixes and new policies have been implemented in the latest version of Firefox. See more details in the Firefox for Enterprise 91 Release Notes. MFSA 2021-33 (bsc#1188891): * CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption * CVE-2021-29981: Live range splitting could have led to conflicting assignments in the JIT * CVE-2021-29988: Memory corruption as a result of incorrect style treatment * CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode * CVE-2021-29984: Incorrect instruction reordering during JIT optimization * CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption * CVE-2021-29987: Users could have been tricked into accepting unwanted permissions on Linux * CVE-2021-29985: Use-after-free media channels * CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and type confusion * CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 * CVE-2021-29990: Memory safety bugs fixed in Firefox 91 Important SUSE bug 1188891 SUSE bug 1189547 SUSE bug 1190269 SUSE bug 1190274 CVE-2021-29980 CVE-2021-29981 CVE-2021-29982 CVE-2021-29983 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29987 CVE-2021-29988 CVE-2021-29989 CVE-2021-29990 CVE-2021-29991 CVE-2021-38492 CVE-2021-38495 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 20 [bsc#1180063,bsc#1177943] CVE-2020-14792 CVE-2020-14797 CVE-2020-14781 CVE-2020-14779 CVE-2020-14798 CVE-2020-14796 CVE-2020-14803 * Class libraries: - SOCKETADAPTOR$SOCKETINPUTSTREAM.READ is blocking for more time that the set timeout - Z/OS specific C function send_file is changing the file pointer position * Java Virtual Machine: - Crash on iterate java stack - Java process hang on SIGTERM * JIT Compiler: - JMS performance regression from JDK8 SR5 FP40 TO FP41 * Class Libraries: - z15 high utilization following Z/VM and Linux migration from z14 To z15 * Java Virtual Machine: - Assertion failed when trying to write a class file - Assertion failure at modronapi.cpp - Improve the performance of defining and finding classes * JIT Compiler: - An assert in ppcbinaryencoding.cpp may trigger when running with traps disabled on power - AOT field offset off by n bytes - Segmentation fault in jit module on ibm z platform Moderate SUSE bug 1177943 SUSE bug 1180063 CVE-2020-14779 CVE-2020-14781 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for sqlite3 fixes the following issues: sqlite3 is sync version 3.36.0 from Factory (jsc#SLE-16032). The following CVEs have been fixed in upstream releases up to this point, but were not mentioned in the change log so far: * bsc#1173641, CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization * bsc#1164719, CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator * bsc#1160439, CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error * bsc#1160438, CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input * bsc#1160309, CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference * bsc#1159850, CVE-2019-19924: improper error handling in sqlite3WindowRewrite() * bsc#1159847, CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive * bsc#1159715, CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c * bsc#1159491, CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference * bsc#1158960, CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name * bsc#1158959, CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns * bsc#1158958, CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements * bsc#1158812, CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service * bsc#1157818, CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage * bsc#928701, CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability * bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names * CVE-2020-13434 bsc#1172115: integer overflow in sqlite3_str_vappendf * CVE-2020-13630 bsc#1172234: use-after-free in fts3EvalNextRow * CVE-2020-13631 bsc#1172236: virtual table allowed to be renamed to one of its shadow tables * CVE-2020-13632 bsc#1172240: NULL pointer dereference via crafted matchinfo() query * CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091) Important SUSE bug 1157818 SUSE bug 1158812 SUSE bug 1158958 SUSE bug 1158959 SUSE bug 1158960 SUSE bug 1159491 SUSE bug 1159715 SUSE bug 1159847 SUSE bug 1159850 SUSE bug 1160309 SUSE bug 1160438 SUSE bug 1160439 SUSE bug 1164719 SUSE bug 1172091 SUSE bug 1172115 SUSE bug 1172234 SUSE bug 1172236 SUSE bug 1172240 SUSE bug 1173641 SUSE bug 928700 SUSE bug 928701 CVE-2015-3414 CVE-2015-3415 CVE-2016-6153 CVE-2017-10989 CVE-2017-2518 CVE-2018-20346 CVE-2018-8740 CVE-2019-16168 CVE-2019-19244 CVE-2019-19317 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646 CVE-2019-19880 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926 CVE-2019-19959 CVE-2019-20218 CVE-2019-8457 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-15358 CVE-2020-9327 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python-urllib3 fixes the following security issue: - CVE-2020-26137: A CRLF injection via HTTP request method was fixed (bsc#1177120) Note that this was fixed in a previous version update to 1.25.9, this update just complements the tracking. Moderate SUSE bug 1177120 CVE-2020-26137 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for glibc fixes the following issues: - CVE-2021-33574: Fixed a use-after-free possibility in mq_notify() (bsc#1186489) Moderate SUSE bug 1186489 CVE-2021-33574 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for webkit2gtk3 fixes the following issues: - Update to version 2.32.4 - CVE-2021-30858: Fixed a security bug that could allow maliciously crafted web content to achieve arbitrary code execution. (bsc#1190701) - CVE-2021-21806: Fixed an exploitable use-after-free vulnerability via specially crafted HTML web page. (bsc#1188697) Important SUSE bug 1188697 SUSE bug 1190701 CVE-2021-21806 CVE-2021-30858 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for apache2 fixes the following issues: - CVE-2021-40438: Fixed a SRF via a crafted request uri-path. (bsc#1190703) - CVE-2021-39275: Fixed an out-of-bounds write in ap_escape_quotes() via malicious input. (bsc#1190666) - CVE-2021-34798: Fixed a NULL pointer dereference via malformed requests. (bsc#1190669) Important SUSE bug 1190666 SUSE bug 1190669 SUSE bug 1190703 CVE-2021-34798 CVE-2021-39275 CVE-2021-40438 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374). - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373). Moderate SUSE bug 1190373 SUSE bug 1190374 CVE-2021-22946 CVE-2021-22947 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python3 fixes the following issues: - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). Important SUSE bug 1176262 SUSE bug 1180686 CVE-2019-20916 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.2.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-45 (bsc#1191332) * CVE-2021-38496: Use-after-free in MessageTask * CVE-2021-38497: Validation message could have been overlaid on another origin * CVE-2021-38498: Use-after-free of nsLanguageAtomService object * CVE-2021-32810: Fixed Data race in crossbeam-deque * CVE-2021-38500: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 * CVE-2021-38501: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 - Fixed crash in FIPS mode (bsc#1190710) Important SUSE bug 1190710 SUSE bug 1191332 CVE-2021-32810 CVE-2021-38496 CVE-2021-38497 CVE-2021-38498 CVE-2021-38500 CVE-2021-38501 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for strongswan fixes the following issues: - CVE-2021-41991: Fixed an integer overflow when replacing certificates in cache. (bsc#1191435) Important SUSE bug 1191435 CVE-2021-41991 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for postgresql10 fixes the following issues: - Fix for build with llvm12 on s390x. (bsc#1185952) - Re-enable 'icu' for PostgreSQL 10. (bsc#1179945) - Add postgresqlXX-server-devel as a dependency for postgresql13-server-devel. (bsc#1187751) - Upgrade to version 10.18. (bsc#1190177) Upgrade to version 10.17 (already released for SUSE Linux Enterprise 12 SP5): - CVE-2021-32027: Fixed integer overflows in array subscripting calculations (bsc#1185924). - CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists (bsc#1185925). - Don't use %_stop_on_removal, because it was meant to be private and got removed from openSUSE. %_restart_on_update is also private, but still supported and needed for now (bsc#1183168). - Re-enable build of the llvmjit subpackage on SLE, but it will only be delivered on PackageHub for now (bsc#1183118). - Disable icu for PostgreSQL 10 (and older) on TW (bsc#1179945). - Fixed an issue droping irregular warning messages by removing the package. (bsc#1178961) - Fixed an issue when build does not build the requiements to avoid dangling symlinks in the devel package. (bsc#1179765) - Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. Important SUSE bug 1178961 SUSE bug 1179765 SUSE bug 1179945 SUSE bug 1183118 SUSE bug 1183168 SUSE bug 1185924 SUSE bug 1185925 SUSE bug 1185952 SUSE bug 1187751 SUSE bug 1190177 CVE-2021-32027 CVE-2021-32028 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for opensc fixes the following issues: - CVE-2021-42780: Fixed use after return in insert_pin() (bsc#1192005). - CVE-2021-42779: Fixed use after free in sc_file_valid() (bsc#1191992). - CVE-2021-42781: Fixed multiple heap buffer overflows in pkcs15-oberthur.c (bsc#1192000). - CVE-2021-42782: Stack buffer overflow issues in various places (bsc#1191957). Important SUSE bug 1191957 SUSE bug 1191992 SUSE bug 1192000 SUSE bug 1192005 CVE-2021-42779 CVE-2021-42780 CVE-2021-42781 CVE-2021-42782 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for transfig fixes the following issues: Update to fig2dev version 3.2.8 Patchlevel 8b (Aug 2021) - bsc#1190618, CVE-2020-21529: stack buffer overflow in the bezier_spline function in genepic.c. - bsc#1190615, CVE-2020-21530: segmentation fault in the read_objects function in read.c. - bsc#1190617, CVE-2020-21531: global buffer overflow in the conv_pattern_index function in gencgm.c. - bsc#1190616, CVE-2020-21532: global buffer overflow in the setfigfont function in genepic.c. - bsc#1190612, CVE-2020-21533: stack buffer overflow in the read_textobject function in read.c. - bsc#1190611, CVE-2020-21534: global buffer overflow in the get_line function in read.c. - bsc#1190607, CVE-2020-21535: segmentation fault in the gencgm_start function in gencgm.c. - bsc#1192019, CVE-2021-32280: NULL pointer dereference in compute_closed_spline() in trans_spline.c Important SUSE bug 1190607 SUSE bug 1190611 SUSE bug 1190612 SUSE bug 1190615 SUSE bug 1190616 SUSE bug 1190617 SUSE bug 1190618 SUSE bug 1192019 CVE-2020-21529 CVE-2020-21530 CVE-2020-21531 CVE-2020-21532 CVE-2020-21533 CVE-2020-21534 CVE-2020-21535 CVE-2021-32280 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for binutils fixes the following issues: Update to binutils 2.37: * The GNU Binutils sources now requires a C99 compiler and library to build. * Support for the arm-symbianelf format has been removed. * Support for Realm Management Extension (RME) for AArch64 has been added. * A new linker option '-z report-relative-reloc' for x86 ELF targets has been added to report dynamic relative relocations. * A new linker option '-z start-stop-gc' has been added to disable special treatment of __start_*/__stop_* references when --gc-sections. * A new linker options '-Bno-symbolic' has been added which will cancel the '-Bsymbolic' and '-Bsymbolic-functions' options. * The readelf tool has a new command line option which can be used to specify how the numeric values of symbols are reported. --sym-base=0|8|10|16 tells readelf to display the values in base 8, base 10 or base 16. A sym base of 0 represents the default action of displaying values under 10000 in base 10 and values above that in base 16. * A new format has been added to the nm program. Specifying '--format=just-symbols' (or just using -j) will tell the program to only display symbol names and nothing else. * A new command line option '--keep-section-symbols' has been added to objcopy and strip. This stops the removal of unused section symbols when the file is copied. Removing these symbols saves space, but sometimes they are needed by other tools. * The '--weaken', '--weaken-symbol' and '--weaken-symbols' options supported by objcopy now make undefined symbols weak on targets that support weak symbols. * Readelf and objdump can now display and use the contents of .debug_sup sections. * Readelf and objdump will now follow links to separate debug info files by default. This behaviour can be stopped via the use of the new '-wN' or '--debug-dump=no-follow-links' options for readelf and the '-WN' or '--dwarf=no-follow-links' options for objdump. Also the old behaviour can be restored by the use of the '--enable-follow-debug-links=no' configure time option. The semantics of the =follow-links option have also been slightly changed. When enabled, the option allows for the loading of symbol tables and string tables from the separate files which can be used to enhance the information displayed when dumping other sections, but it does not automatically imply that information from the separate files should be displayed. If other debug section display options are also enabled (eg '--debug-dump=info') then the contents of matching sections in both the main file and the separate debuginfo file *will* be displayed. This is because in most cases the debug section will only be present in one of the files. If however non-debug section display options are enabled (eg '--sections') then the contents of matching parts of the separate debuginfo file will *not* be displayed. This is because in most cases the user probably only wanted to load the symbol information from the separate debuginfo file. In order to change this behaviour a new command line option --process-links can be used. This will allow di0pslay options to applied to both the main file and any separate debuginfo files. * Nm has a new command line option: '--quiet'. This suppresses 'no symbols' diagnostic. Update to binutils 2.36: New features in the Assembler: General: * When setting the link order attribute of ELF sections, it is now possible to use a numeric section index instead of symbol name. * Added a .nop directive to generate a single no-op instruction in a target neutral manner. This instruction does have an effect on DWARF line number generation, if that is active. * Removed --reduce-memory-overheads and --hash-size as gas now uses hash tables that can be expand and shrink automatically. X86/x86_64: * Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key Locker instructions. * Support non-absolute segment values for lcall and ljmp. * Add {disp16} pseudo prefix to x86 assembler. * Configure with --enable-x86-used-note by default for Linux/x86. ARM/AArch64: * Add support for Cortex-A78, Cortex-A78AE and Cortex-X1, Cortex-R82, Neoverse V1, and Neoverse N2 cores. * Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded Trace Extension), TRBE (Trace Buffer Extension), CSRE (Call Stack Recorder Extension) and BRBE (Branch Record Buffer Extension) system registers. * Add support for Armv8-R and Armv8.7-A ISA extensions. * Add support for DSB memory nXS barrier, WFET and WFIT instruction for Armv8.7. * Add support for +csre feature for -march. Add CSR PDEC instruction for CSRE feature in AArch64. * Add support for +flagm feature for -march in Armv8.4 AArch64. * Add support for +ls64 feature for -march in Armv8.7 AArch64. Add atomic 64-byte load/store instructions for this feature. * Add support for +pauth (Pointer Authentication) feature for -march in AArch64. New features in the Linker: * Add --error-handling-script=<NAME> command line option to allow a helper script to be invoked when an undefined symbol or a missing library is encountered. This option can be suppressed via the configure time switch: --enable-error-handling-script=no. * Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark x86-64-{baseline|v[234]} ISA level as needed. * Add -z unique-symbol to avoid duplicated local symbol names. * The creation of PE format DLLs now defaults to using a more secure set of DLL characteristics. * The linker now deduplicates the types in .ctf sections. The new command-line option --ctf-share-types describes how to do this: its default value, share-unconflicted, produces the most compact output. * The linker now omits the 'variable section' from .ctf sections by default, saving space. This is almost certainly what you want unless you are working on a project that has its own analogue of symbol tables that are not reflected in the ELF symtabs. New features in other binary tools: * The ar tool's previously unused l modifier is now used for specifying dependencies of a static library. The arguments of this option (or --record-libdeps long form option) will be stored verbatim in the __.LIBDEP member of the archive, which the linker may read at link time. * Readelf can now display the contents of LTO symbol table sections when asked to do so via the --lto-syms command line option. * Readelf now accepts the -C command line option to enable the demangling of symbol names. In addition the --demangle=<style>, --no-demangle, --recurse-limit and --no-recurse-limit options are also now availale. Update to binutils 2.35.1: * This is a point release over the previous 2.35 version, containing bug fixes, and as an exception to the usual rule, one new feature. The new feature is the support for a new directive in the assembler: '.nop'. This directive creates a single no-op instruction in whatever encoding is correct for the target architecture. Unlike the .space or .fill this is a real instruction, and it does affect the generation of DWARF line number tables, should they be enabled. Update to binutils 2.35: * The assembler can now produce DWARF-5 format line number tables. * Readelf now has a 'lint' mode to enable extra checks of the files it is processing. * Readelf will now display '[...]' when it has to truncate a symbol name. The old behaviour - of displaying as many characters as possible, up to the 80 column limit - can be restored by the use of the --silent-truncation option. * The linker can now produce a dependency file listing the inputs that it has processed, much like the -M -MP option supported by the compiler. Update to binutils 2.34: * The disassembler (objdump --disassemble) now has an option to generate ascii art thats show the arcs between that start and end points of control flow instructions. * The binutils tools now have support for debuginfod. Debuginfod is a HTTP service for distributing ELF/DWARF debugging information as well as source code. The tools can now connect to debuginfod servers in order to download debug information about the files that they are processing. * The assembler and linker now support the generation of ELF format files for the Z80 architecture. Update to binutils 2.33.1: * Adds support for the Arm Scalable Vector Extension version 2 (SVE2) instructions, the Arm Transactional Memory Extension (TME) instructions and the Armv8.1-M Mainline and M-profile Vector Extension (MVE) instructions. * Adds support for the Arm Cortex-A76AE, Cortex-A77 and Cortex-M35P processors and the AArch64 Cortex-A34, Cortex-A65, Cortex-A65AE, Cortex-A76AE, and Cortex-A77 processors. * Adds a .float16 directive for both Arm and AArch64 to allow encoding of 16-bit floating point literals. * For MIPS, Add -m[no-]fix-loongson3-llsc option to fix (or not) Loongson3 LLSC Errata. Add a --enable-mips-fix-loongson3-llsc=[yes|no] configure time option to set the default behavior. Set the default if the configure option is not used to 'no'. * The Cortex-A53 Erratum 843419 workaround now supports a choice of which workaround to use. The option --fix-cortex-a53-843419 now takes an optional argument --fix-cortex-a53-843419[=full|adr|adrp] which can be used to force a particular workaround to be used. See --help for AArch64 for more details. * Add support for GNU_PROPERTY_AARCH64_FEATURE_1_BTI and GNU_PROPERTY_AARCH64_FEATURE_1_PAC in ELF GNU program properties in the AArch64 ELF linker. * Add -z force-bti for AArch64 to enable GNU_PROPERTY_AARCH64_FEATURE_1_BTI on output while warning about missing GNU_PROPERTY_AARCH64_FEATURE_1_BTI on inputs and use PLTs protected with BTI. * Add -z pac-plt for AArch64 to pick PAC enabled PLTs. * Add --source-comment[=<txt>] option to objdump which if present, provides a prefix to source code lines displayed in a disassembly. * Add --set-section-alignment <section-name>=<power-of-2-align> option to objcopy to allow the changing of section alignments. * Add --verilog-data-width option to objcopy for verilog targets to control width of data elements in verilog hex format. * The separate debug info file options of readelf (--debug-dump=links and --debug-dump=follow) and objdump (--dwarf=links and --dwarf=follow-links) will now display and/or follow multiple links if more than one are present in a file. (This usually happens when gcc's -gsplit-dwarf option is used). In addition objdump's --dwarf=follow-links now also affects its other display options, so that for example, when combined with --syms it will cause the symbol tables in any linked debug info files to also be displayed. In addition when combined with --disassemble the --dwarf= follow-links option will ensure that any symbol tables in the linked files are read and used when disassembling code in the main file. * Add support for dumping types encoded in the Compact Type Format to objdump and readelf. The following security fixes are addressed by the update: - CVE-2021-20197: Fixed a race condition which allows users to own arbitrary files (bsc#1181452). - CVE-2021-20284: Fixed a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c (bsc#1183511). - CVE-2021-3487: Fixed a denial of service via excessive debug section size causing excessive memory consumption in bfd's dwarf2.c read_section() (bsc#1184620). - CVE-2020-35448: Fixed a heap-based buffer over-read in bfd_getl_signed_32() in libbfd.c (bsc#1184794). - CVE-2020-16590: Fixed a double free vulnerability in process_symbol_table() (bsc#1179898). - CVE-2020-16591: Fixed an invalid read in process_symbol_table() (bsc#1179899). - CVE-2020-16592: Fixed an use-after-free in bfd_hash_lookup() (bsc#1179900). - CVE-2020-16593: Fixed a null pointer dereference in scan_unit_for_symbols() (bsc#1179901). - CVE-2020-16598: Fixed a null pointer dereference in debug_get_real_type() (bsc#1179902). - CVE-2020-16599: Fixed a null pointer dereference in _bfd_elf_get_symbol_version_string() (bsc#1179903) - CVE-2020-35493: Fixed heap-based buffer overflow in bfd_pef_parse_function_stubs function in bfd/pef.c via crafted PEF file (bsc#1180451). - CVE-2020-35496: Fixed multiple null pointer dereferences in bfd module due to not checking return value of bfd_malloc (bsc#1180454). - CVE-2020-35507: Fixed a null pointer dereference in bfd_pef_parse_function_stubs() (bsc#1180461). - CVE-2019-17451: Fixed an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line() in dwarf2.c (bsc#1153768). - CVE-2019-17450: Fixed a potential denial of service in find_abstract_instance() in dwarf2.c (bsc#1153770). - CVE-2019-9077: Fixed a heap-based buffer overflow in process_mips_specific() in readelf.c via a malformed MIPS option section (bsc#1126826). - CVE-2019-9075: Fixed a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap() in archive64.c (bsc#1126829). - CVE-2019-9074: Fixed a out-of-bounds read leading to a SEGV in bfd_getl32() in libbfd.c (bsc#1126831). - CVE-2019-12972: Fixed a heap-based buffer over-read in _bfd_doprnt() in bfd.c (bsc#1140126). - CVE-2019-14444: Fixed an integer overflow apply_relocations() in readelf.c (bsc#1143609). - CVE-2019-14250: Fixed an integer overflow in simple_object_elf_match() in simple-object-elf.c (bsc#1142649). Moderate SUSE bug 1126826 SUSE bug 1126829 SUSE bug 1126831 SUSE bug 1140126 SUSE bug 1142649 SUSE bug 1143609 SUSE bug 1153768 SUSE bug 1153770 SUSE bug 1157755 SUSE bug 1160254 SUSE bug 1160590 SUSE bug 1163333 SUSE bug 1163744 SUSE bug 1179036 SUSE bug 1179341 SUSE bug 1179898 SUSE bug 1179899 SUSE bug 1179900 SUSE bug 1179901 SUSE bug 1179902 SUSE bug 1179903 SUSE bug 1180451 SUSE bug 1180454 SUSE bug 1180461 SUSE bug 1181452 SUSE bug 1182252 SUSE bug 1183511 SUSE bug 1184620 SUSE bug 1184794 CVE-2019-12972 CVE-2019-14250 CVE-2019-14444 CVE-2019-17450 CVE-2019-17451 CVE-2019-9074 CVE-2019-9075 CVE-2019-9077 CVE-2020-16590 CVE-2020-16591 CVE-2020-16592 CVE-2020-16593 CVE-2020-16598 CVE-2020-16599 CVE-2020-35448 CVE-2020-35493 CVE-2020-35496 CVE-2020-35507 CVE-2021-20197 CVE-2021-20284 CVE-2021-3487 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for tomcat, javapackages-tools fixes the following issue: Security issue fixed: - CVE-2021-30640: Escape parameters in JNDI Realm queries (bsc#1188279). - CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients (bsc#1188278). - CVE-2021-41079: Fixed a denial of service caused by an unexpected TLS packet (bsc#1190558). Non-security issues fixed: - Add requires and conflicts to avoid the usage of the incompatible 'Java 11' with 'Tomcat'. (bsc#1185476) - Rebuild javapackages-tools to fix a missing package on s390. Important SUSE bug 1185476 SUSE bug 1188278 SUSE bug 1188279 SUSE bug 1190558 CVE-2021-30640 CVE-2021-33037 CVE-2021-41079 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for qemu fixes the following issues: Security issues fixed: - Fix heap use-after-free in virtio_net_receive_rcu (bsc#1189938, CVE-2021-3748) - Fix out-of-bounds write in UAS (USB Attached SCSI) device emulation (bsc#1189702, CVE-2021-3713) - usbredir: free call on invalid pointer in bufp_alloc (bsc#1189145, CVE-2021-3682) - NULL pointer dereference in ESP (bsc#1180433, CVE-2020-35504) (bsc#1180434, CVE-2020-35505) (bsc#1180435, CVE-2020-35506) - NULL pointer dereference issue in megasas-gen2 host bus adapter (bsc#1180432, CVE-2020-35503) - eepro100: stack overflow via infinite recursion (bsc#1182651, CVE-2021-20255) - usb: unbounded stack allocation in usbredir (bsc#1186012, CVE-2021-3527) Important SUSE bug 1180432 SUSE bug 1180433 SUSE bug 1180434 SUSE bug 1180435 SUSE bug 1182651 SUSE bug 1186012 SUSE bug 1189145 SUSE bug 1189702 SUSE bug 1189938 CVE-2020-35503 CVE-2020-35504 CVE-2020-35505 CVE-2020-35506 CVE-2021-20255 CVE-2021-3527 CVE-2021-3682 CVE-2021-3713 CVE-2021-3748 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for binutils fixes the following issues: - For compatibility on old code stream that expect 'brcl 0,label' to not be disassembled as 'jgnop label' on s390x. (bsc#1192267) This reverts IBM zSeries HLASM support for now. - Fixed that ppc64 optflags did not enable LTO (bsc#1188941). - Fix empty man-pages from broken release tarball - Fixed a memory corruption with rpath option (bsc#1191473). - Fixed slow performance of stripping some binaries (bsc#1183909). Security issue fixed: - CVE-2021-20294: Fixed out-of-bounds write in print_dynamic_symbol in readelf (bnc#1184519) Moderate SUSE bug 1183909 SUSE bug 1184519 SUSE bug 1188941 SUSE bug 1191473 SUSE bug 1192267 CVE-2021-20294 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973). - CVE-2017-7244: Fixed invalid read in _pcre32_xclass() (bsc#1030807). - CVE-2017-7245: Fixed buffer overflow in the pcre32_copy_substring (bsc#1030805). - CVE-2017-7246: Fixed another buffer overflow in the pcre32_copy_substring (bsc#1030803). - CVE-2017-7186: Fixed denial of service caused by an invalid Unicode property lookup (bsc#1030066). - CVE-2017-6004: Fixed denial of service via crafted regular expression (bsc#1025709). Moderate SUSE bug 1025709 SUSE bug 1030066 SUSE bug 1030803 SUSE bug 1030805 SUSE bug 1030807 SUSE bug 1172973 SUSE bug 1172974 CVE-2017-6004 CVE-2017-7186 CVE-2017-7244 CVE-2017-7245 CVE-2017-7246 CVE-2019-20838 CVE-2020-14155 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: MozillaFirefox was updated to Extended Support Release 91.3.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-49 (bsc#1192250) * CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets * CVE-2021-38504: Use-after-free in file picker dialog * CVE-2021-38505: Windows 10 Cloud Clipboard may have recorded sensitive user data * CVE-2021-38506: Firefox could be coaxed into going into fullscreen mode without notification or warning * CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports * CVE-2021-38508: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing * CVE-2021-38509: Javascript alert box could have been spoofed onto an arbitrary domain * CVE-2021-38510: Download Protections were bypassed by .inetloc files on Mac OS * MOZ-2021-0008: Use-after-free in HTTP2 Session object * MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3 Important SUSE bug 1192250 CVE-2021-38503 CVE-2021-38504 CVE-2021-38505 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509 CVE-2021-38510 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for samba fixes the following issues: - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos (bsc#1014440). - CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members (bsc#1192284). Important SUSE bug 1014440 SUSE bug 1192284 CVE-2016-2124 CVE-2020-25717 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for postgresql, postgresql13 and postgresql14 fixes the following issues: Security issues fixed: - CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). This update also ships postgresql14 to SUSE Linux Enterprise 12 SP5. (jsc#SLE-22673) On older service packs only libpq5 and libecpg6 are being replaced by the postgresql14 variants. Feature changes in postgresql14: - https://www.postgresql.org/about/news/postgresql-14-released-2318/ - https://www.postgresql.org/docs/14/release-14.html Important SUSE bug 1192516 CVE-2021-23214 CVE-2021-23222 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for postgresql10 fixes the following issues: - CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). Important SUSE bug 1192516 CVE-2021-23214 CVE-2021-23222 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for webkit2gtk3 fixes the following issues: - CVE-2021-42762: Updated seccomp rules with latest changes from flatpak (bsc#1191937). Important SUSE bug 1191937 CVE-2021-42762 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_8_0-openjdk fixes the following issues: Update to version OpenJDK 8u312 (October 2021 CPU): - CVE-2021-35550: Fixed weak ciphers preferred over stronger ones for TLS (bsc#1191901). - CVE-2021-35556: Fixed excessive memory allocation in RTFParser (bsc#1191910). - CVE-2021-35559: Fixed excessive memory allocation in RTFReader (bsc#1191911). - CVE-2021-35561: Fixed excessive memory allocation in HashMap and HashSet (bsc#1191912). - CVE-2021-35564: Fixed certificates with end dates too far in the future can corrupt keystore (bsc#1191913). - CVE-2021-35565: Fixed loop in HttpsServer triggered during TLS session close (bsc#1191909). - CVE-2021-35567: Fixed incorrect principal selection when using Kerberos Constrained Delegation (bsc#1191903). - CVE-2021-35578: Fixed unexpected exception raised during TLS handshake (bsc#1191904). - CVE-2021-35586: Fixed excessive memory allocation in BMPImageReader (bsc#1191914). - CVE-2021-35588: Fixed incomplete validation of inner class references in ClassFileParser (bsc#1191905) - CVE-2021-35603: Fixed non-constant comparison during TLS handshakes (bsc#1191906). Important SUSE bug 1191901 SUSE bug 1191903 SUSE bug 1191904 SUSE bug 1191905 SUSE bug 1191906 SUSE bug 1191909 SUSE bug 1191910 SUSE bug 1191911 SUSE bug 1191912 SUSE bug 1191913 SUSE bug 1191914 CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35567 CVE-2021-35578 CVE-2021-35586 CVE-2021-35588 CVE-2021-35603 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_7_0-openjdk fixes the following issues: Update to OpenJDK 7u321 (October 2021 CPU): - CVE-2021-35550: Fixed weak ciphers preferred over stronger ones for TLS (bsc#1191901). - CVE-2021-35556: Fixed excessive memory allocation in RTFParser (bsc#1191910). - CVE-2021-35559: Fixed excessive memory allocation in RTFReader (bsc#1191911). - CVE-2021-35561: Fixed excessive memory allocation in HashMap and HashSet (bsc#1191912). - CVE-2021-35564: Fixed certificates with end dates too far in the future can corrupt keystore (bsc#1191913). - CVE-2021-35565: Fixed loop in HttpsServer triggered during TLS session close (bsc#1191909). - CVE-2021-35586: Fixed excessive memory allocation in BMPImageReader (bsc#1191914). - CVE-2021-35588: Fixed incomplete validation of inner class references in ClassFileParser (bsc#1191905) - CVE-2021-35603: Fixed non-constant comparison during TLS handshakes (bsc#1191906). Important SUSE bug 1191901 SUSE bug 1191905 SUSE bug 1191906 SUSE bug 1191909 SUSE bug 1191910 SUSE bug 1191911 SUSE bug 1191912 SUSE bug 1191913 SUSE bug 1191914 CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35586 CVE-2021-35588 CVE-2021-35603 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ruby2.1 fixes the following issues: - CVE-2020-25613: Fixed potential HTTP request smuggling in WEBrick (bsc#1177125). - CVE-2021-31799: Fixed Command injection vulnerability in RDoc (bsc#1190375). - CVE-2021-31810: Fixed trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161). - CVE-2021-32066: Fixed StartTLS stripping vulnerability in Net:IMAP (bsc#1188160). Important SUSE bug 1177125 SUSE bug 1188160 SUSE bug 1188161 SUSE bug 1190375 CVE-2020-25613 CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xen fixes the following issues: - CVE-2021-28701: Fixed race condition in XENMAPSPACE_grant_table handling (XSA-384) (bsc#1189632). - CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs (XSA-388) (bsc#1192557). - CVE-2021-28705, CVE-2021-28709: Fixed issues with partially successful P2M updates on x86 (XSA-389) (bsc#1192559). - CVE-2021-28706: Fixed guests may exceed their designated memory limit (XSA-385) (bsc#1192554). - Integrate bugfixes (bsc#1189373, bsc#1189378) Moderate SUSE bug 1189373 SUSE bug 1189378 SUSE bug 1189632 SUSE bug 1192554 SUSE bug 1192557 SUSE bug 1192559 CVE-2021-28701 CVE-2021-28704 CVE-2021-28705 CVE-2021-28706 CVE-2021-28707 CVE-2021-28708 CVE-2021-28709 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for clamav fixes the following issues: - CVE-2018-14679: Fixed off-by-one issue in embedded libmspack that could lead to denial of service (bsc#1103032). - Update to 0.103.4 (bsc#1192346). - Update to 0.103.3 (bsc#1188284). Moderate SUSE bug 1103032 SUSE bug 1188284 SUSE bug 1192346 CVE-2018-14679 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for webkit2gtk3 fixes the following issues: - CVE-2021-30846: Fixed memory corruption issue that could lead to arbitrary code execution when processing maliciously crafted web content (bsc#1192063). - CVE-2021-30851: Fixed memory corruption vulnerability that could lead to arbitrary code execution when processing maliciously crafted web content (bsc#1192063). Important SUSE bug 1192063 CVE-2021-30846 CVE-2021-30851 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssh fixes the following issues: - CVE-2021-41617: Fixed privilege escalation when AuthorizedKeysCommand/AuthorizedPrincipalsCommand are configured (bsc#1190975). Important SUSE bug 1190975 CVE-2021-41617 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for mozilla-nss fixes the following issues: Update to version 3.68.1: - CVE-2021-43527: Fixed a Heap overflow in NSS when verifying DER-encoded DSA or RSA-PSS signatures (bsc#1193170). Important SUSE bug 1193170 CVE-2021-43527 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) The following security bugs were fixed: - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045). - CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) - CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails. (bsc#1191961) - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563). - CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349). - CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063). - CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479). - CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317). - CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access (bsc#1191315). - CVE-2021-37159: Fixed use-after-free and a double free inside hso_free_net_device in drivers/net/usb/hso.c when unregister_netdev is called without checking for the NETREG_REGISTERED state (bnc#1188601). - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193) - CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023) - CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159) - CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884) - CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534) - CVE-2021-3772: Fixed a remote denial of service in the SCTP stack, if the attacker can spoof IP addresses and knows the IP-addresses and port numbers being used (bnc#1190351). - CVE-2018-9517: Fixed possible memory corruption due to a use after free in pppol2tp_connect (bsc#1108488). - CVE-2019-3874: Fixed possible denial of service attack via SCTP socket buffer used by a userspace applications (bnc#1129898). - CVE-2019-3900: Fixed an infinite loop issue while handling incoming packets in handle_rx() (bnc#1133374). - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172). - CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399). - CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400). - CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057). - CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706). - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). - CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115). - CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) - CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262). - CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291). - CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983). - CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985). - CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases (bsc#1171420). - CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876). - CVE-2021-22543: Fixed improper handling of VM_IO|VM_PFNMAP vmas in KVM, which could bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allowed users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation (bsc#1186482). - CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM guest OS user could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). - CVE-2020-0429: In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. (bsc#1176724). The following non-security bugs were fixed: - Add arch-dependent support markers in supported.conf (bsc#1186672) - Add the support for kernel-FLAVOR-optional subpackage (jsc#SLE-11796) - NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628). - PCI: hv: Use expected affinity when unmasking IRQ (bsc#1185973). - Use /usr/lib/modules as module dir when usermerge is active in the target distro. - UsrMerge the kernel (boo#1184804) - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22913) - bpf: Disallow unprivileged bpf by default (jsc#SLE-22913). - cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (bsc#1185758,bsc#1192400). - drm: fix spectre issue in vmw_execbuf_ioctl (bsc#1192802). - drop debugging statements - ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267). - gigaset: fix spectre issue in do_data_b3_req (bsc#1192802). - handle also race conditions in /proc/net/tcp code - hisax: fix spectre issues (bsc#1192802). - hv: adjust mana_select_queue to old ndo_select_queue API - hv: mana: adjust mana_select_queue to old API (jsc#SLE-18779, bsc#1185727). - hv: mana: fake bitmap API (jsc#SLE-18779, bsc#1185726). - hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185727). - hysdn: fix spectre issue in hycapi_send_message (bsc#1192802). - infiniband: fix spectre issue in ib_uverbs_write (bsc#1192802). - ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115). - iwlwifi: fix spectre issue in iwl_dbgfs_update_pm (bsc#1192802). - media: dvb_ca_en50221: prevent using slot_info for Spectre attacs (bsc#1192802). - media: dvb_ca_en50221: sanity check slot number from userspace (bsc#1192802). - media: wl128x: get rid of a potential spectre issue (bsc#1192802). - memcg: enable accounting for file lock caches (bsc#1190115). - mm: vmscan: scan anonymous pages on file refaults (VM Performance, bsc#1183050). - mpt3sas: fix spectre issues (bsc#1192802). - net/mlx4_en: Avoid scheduling restart task if it is already running (bsc#1181854 bsc#1181855). - net/mlx4_en: Handle TX error CQE (bsc#1181854 bsc#1181855). - net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185727). - net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185727). - net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185727). - net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185727). - net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191801). - net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185727). - net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185727). - net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185727). - net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185727). - net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185727). - net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185727). - net: sched: sch_teql: fix null-pointer dereference (bsc#1190717). - net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd() (bsc#1192802). - net_sched: cls_route: remove the right filter from hashtable (networking-stable-20_03_28). - objtool: Do not fail on missing symbol table (bsc#1192379). - osst: fix spectre issue in osst_verify_frame (bsc#1192802). - ovl: check whiteout in ovl_create_over_whiteout() (bsc#1189846). - ovl: filter of trusted xattr results in audit (bsc#1189846). - ovl: fix dentry leak in ovl_get_redirect (bsc#1189846). - ovl: initialize error in ovl_copy_xattr (bsc#1189846). - ovl: relax WARN_ON() on rename to self (bsc#1189846). - s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (bsc#1190601). - s390/bpf: Fix branch shortening during codegen pass (bsc#1190601). - s390/bpf: Fix optimizing out zero-extensions (bsc#1190601). - s390/bpf: Wrap JIT macro parameter usages in parentheses (bsc#1190601). - s390/unwind: use current_frame_address() to unwind current task (bsc#1185677). - s390/vtime: fix increased steal time accounting (bsc#1183861). - s390: bpf: implement jitting of BPF_ALU | BPF_ARSH | BPF_* (bsc#1190601). - scripts/git_sort/git_sort.py: add bpf git repo - sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351). - sctp: fully initialize v4 addr in some functions (bsc#1188563). - sysvipc/sem: mitigate semnum index against spectre v1 (bsc#1192802). - x86/CPU: Add more Icelake model numbers (bsc#1185758,bsc#1192400). - x86/debug: Extend the lower bound of crash kernel low reservations (bsc#1153720). - xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377). Important SUSE bug 1087082 SUSE bug 1100416 SUSE bug 1108488 SUSE bug 1129735 SUSE bug 1129898 SUSE bug 1133374 SUSE bug 1153720 SUSE bug 1171420 SUSE bug 1176724 SUSE bug 1176931 SUSE bug 1180624 SUSE bug 1181854 SUSE bug 1181855 SUSE bug 1183050 SUSE bug 1183861 SUSE bug 1184673 SUSE bug 1184804 SUSE bug 1185377 SUSE bug 1185677 SUSE bug 1185726 SUSE bug 1185727 SUSE bug 1185758 SUSE bug 1185973 SUSE bug 1186063 SUSE bug 1186482 SUSE bug 1186483 SUSE bug 1186672 SUSE bug 1188026 SUSE bug 1188172 SUSE bug 1188563 SUSE bug 1188601 SUSE bug 1188613 SUSE bug 1188838 SUSE bug 1188842 SUSE bug 1188876 SUSE bug 1188983 SUSE bug 1188985 SUSE bug 1189057 SUSE bug 1189262 SUSE bug 1189278 SUSE bug 1189291 SUSE bug 1189399 SUSE bug 1189400 SUSE bug 1189418 SUSE bug 1189420 SUSE bug 1189706 SUSE bug 1189846 SUSE bug 1189884 SUSE bug 1190023 SUSE bug 1190025 SUSE bug 1190067 SUSE bug 1190115 SUSE bug 1190117 SUSE bug 1190118 SUSE bug 1190159 SUSE bug 1190276 SUSE bug 1190349 SUSE bug 1190350 SUSE bug 1190351 SUSE bug 1190432 SUSE bug 1190479 SUSE bug 1190534 SUSE bug 1190601 SUSE bug 1190717 SUSE bug 1191193 SUSE bug 1191315 SUSE bug 1191317 SUSE bug 1191318 SUSE bug 1191529 SUSE bug 1191530 SUSE bug 1191628 SUSE bug 1191660 SUSE bug 1191790 SUSE bug 1191801 SUSE bug 1191813 SUSE bug 1191961 SUSE bug 1192036 SUSE bug 1192045 SUSE bug 1192048 SUSE bug 1192267 SUSE bug 1192379 SUSE bug 1192400 SUSE bug 1192444 SUSE bug 1192549 SUSE bug 1192775 SUSE bug 1192781 SUSE bug 1192802 CVE-2018-13405 CVE-2018-9517 CVE-2019-3874 CVE-2019-3900 CVE-2020-0429 CVE-2020-12770 CVE-2020-3702 CVE-2021-0941 CVE-2021-20322 CVE-2021-22543 CVE-2021-31916 CVE-2021-34556 CVE-2021-34981 CVE-2021-3542 CVE-2021-35477 CVE-2021-3640 CVE-2021-3653 CVE-2021-3655 CVE-2021-3656 CVE-2021-3659 CVE-2021-3679 CVE-2021-3715 CVE-2021-37159 CVE-2021-3732 CVE-2021-3744 CVE-2021-3752 CVE-2021-3753 CVE-2021-37576 CVE-2021-3759 CVE-2021-3760 CVE-2021-3764 CVE-2021-3772 CVE-2021-38160 CVE-2021-38198 CVE-2021-38204 CVE-2021-40490 CVE-2021-41864 CVE-2021-42008 CVE-2021-42252 CVE-2021-42739 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: Update to Extended Support Release 91.4.0 (bsc#1193485): - CVE-2021-43536: URL leakage when navigating while executing asynchronous function - CVE-2021-43537: Heap buffer overflow when using structured clone - CVE-2021-43538: Missing fullscreen and pointer lock notification when requesting both - CVE-2021-43539: GC rooting failure when calling wasm instance methods - CVE-2021-43541: External protocol handler parameters were unescaped - CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence of an external protocol handler - CVE-2021-43543: Bypass of CSP sandbox directive when embedding - CVE-2021-43545: Denial of Service when using the Location API in a loop - CVE-2021-43546: Cursor spoofing could overlay user interface when native cursor is zoomed - Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 - Removed x-scheme-handler/ftp from MozillaFirefox.desktop (bsc#1193321) Important SUSE bug 1193321 SUSE bug 1193485 CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for glib-networking fixes the following issues: - CVE-2020-13645: Fixed a connection failure when the server identity is unset (bsc#1172460). Important SUSE bug 1172460 CVE-2020-13645 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xorg-x11-server fixes the following issues: - CVE-2021-4008: Fixed Privilege Escalation Vulnerability via Out-Of-Bounds Access in SProcRenderCompositeGlyphs (bsc#1193030). Important SUSE bug 1193030 CVE-2021-4008 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for log4j fixes the following issue: - CVE-2021-4104: Disable the JMSAppender class from log4j to protect against the log4jshell vulnerability. [bsc#1193662] Important SUSE bug 1193662 CVE-2021-4104 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xorg-x11-server fixes the following issues: - CVE-2021-4009: The handler for the CreatePointerBarrier request of the XFixes extension does not properly validate the request length leading to out of bounds memory write. (bsc#1190487) - CVE-2021-4011: The handlers for the RecordCreateContext and RecordRegisterClients requests of the Record extension do not properly validate the request length leading to out of bounds memory write. (bsc#1190489) Important SUSE bug 1190487 SUSE bug 1190489 CVE-2021-4009 CVE-2021-4011 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for chrony fixes the following issues: Chrony was updated to 4.1: * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Update clknetsim to snapshot f89702d. - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Enable syscallfilter unconditionally (bsc#1181826). Chrony was updated to 4.0: Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don’t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don’t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Chrony was updated to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Add chrony-pool-suse and chrony-pool-openSUSE subpackages that preconfigure chrony to use NTP servers from the respective pools for SUSE and openSUSE (bsc#1156884, SLE-11424). - Add chrony-pool-empty to still allow installing chrony without preconfigured servers. - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). - Update clknetsim to version 79ffe44 (fixes bsc#1162964). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv@.service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers (bsc#1099272) - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. - Remove discrepancies between spec file and chrony-tmpfiles (bsc#1115529) Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step - Added /etc/chrony.d/ directory to the package (bsc#1083597) Modifed default chrony.conf to add 'include /etc/chrony.d/*' - Enable pps support Upgraded to version 3.2: Enhancements * Improve stability with NTP sources and reference clocks * Improve stability with hardware timestamping * Improve support for NTP interleaved modes * Control frequency of system clock on macOS 10.13 and later * Set TAI-UTC offset of system clock with leapsectz directive * Minimise data in client requests to improve privacy * Allow transmit-only hardware timestamping * Add support for new timestamping options introduced in Linux 4.13 * Add root delay, root dispersion and maximum error to tracking log * Add mindelay and asymmetry options to server/peer/pool directive * Add extpps option to PHC refclock to timestamp external PPS signal * Add pps option to refclock directive to treat any refclock as PPS * Add width option to refclock directive to filter wrong pulse edges * Add rxfilter option to hwtimestamp directive * Add -x option to disable control of system clock * Add -l option to log to specified file instead of syslog * Allow multiple command-line options to be specified together * Allow starting without root privileges with -Q option * Update seccomp filter for new glibc versions * Dump history on exit by default with dumpdir directive * Use hardening compiler options by default Bug fixes * Don't drop PHC samples with low-resolution system clock * Ignore outliers in PHC tracking, RTC tracking, manual input * Increase polling interval when peer is not responding * Exit with error message when include directive fails * Don't allow slash after hostname in allow/deny directive/command * Try to connect to all addresses in chronyc before giving up Upgraded to version 3.1: - Enhancements - Add support for precise cross timestamping of PHC on Linux - Add minpoll, precision, nocrossts options to hwtimestamp directive - Add rawmeasurements option to log directive and modify measurements option to log only valid measurements from synchronised sources - Allow sub-second polling interval with NTP sources - Bug fixes - Fix time smoothing in interleaved mode Upgraded to version 3.0: - Enhancements - Add support for software and hardware timestamping on Linux - Add support for client/server and symmetric interleaved modes - Add support for MS-SNTP authentication in Samba - Add support for truncated MACs in NTPv4 packets - Estimate and correct for asymmetric network jitter - Increase default minsamples and polltarget to improve stability with very low jitter - Add maxjitter directive to limit source selection by jitter - Add offset option to server/pool/peer directive - Add maxlockage option to refclock directive - Add -t option to chronyd to exit after specified time - Add partial protection against replay attacks on symmetric mode - Don't reset polling interval when switching sources to online state - Allow rate limiting with very short intervals - Improve maximum server throughput on Linux and NetBSD - Remove dump files after start - Add tab-completion to chronyc with libedit/readline - Add ntpdata command to print details about NTP measurements - Allow all source options to be set in add server/peer command - Indicate truncated addresses/hostnames in chronyc output - Print reference IDs as hexadecimal numbers to avoid confusion with IPv4 addresses - Bug fixes - Fix crash with disabled asynchronous name resolving Upgraded to version 2.4.1: - Bug fixes - Fix processing of kernel timestamps on non-Linux systems - Fix crash with smoothtime directive - Fix validation of refclock sample times - Fix parsing of refclock directive update to 2.4: - Enhancements - Add orphan option to local directive for orphan mode compatible with ntpd - Add distance option to local directive to set activation threshold (1 second by default) - Add maxdrift directive to set maximum allowed drift of system clock - Try to replace NTP sources exceeding maximum distance - Randomise source replacement to avoid getting stuck with bad sources - Randomise selection of sources from pools on start - Ignore reference timestamp as ntpd doesn't always set it correctly - Modify tracking report to use same values as seen by NTP clients - Add -c option to chronyc to write reports in CSV format - Provide detailed manual pages - Bug fixes - Fix SOCK refclock to work correctly when not specified as last refclock - Fix initstepslew and -q/-Q options to accept time from own NTP clients - Fix authentication with keys using 512-bit hash functions - Fix crash on exit when multiple signals are received - Fix conversion of very small floating-point numbers in command packets Moderate SUSE bug 1063704 SUSE bug 1069468 SUSE bug 1082318 SUSE bug 1083597 SUSE bug 1099272 SUSE bug 1115529 SUSE bug 1128846 SUSE bug 1156884 SUSE bug 1159840 SUSE bug 1161119 SUSE bug 1162964 SUSE bug 1171806 SUSE bug 1172113 SUSE bug 1173277 SUSE bug 1173760 SUSE bug 1174075 SUSE bug 1174911 SUSE bug 1180689 SUSE bug 1181826 SUSE bug 1183783 SUSE bug 1184400 SUSE bug 1187906 SUSE bug 1190926 CVE-2020-14367 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for mariadb fixes the following issues: Update to 10.2.41: - CVE-2021-35604: Fixed InnoDB vulnerability that allowed an high privileged attacker with network access via multiple protocols to compromise MySQL (bsc#1192497). Moderate SUSE bug 1192497 CVE-2021-35604 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python fixes the following issues: - buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution (bsc#1181126, CVE-2021-3177). - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). Important SUSE bug 1176262 SUSE bug 1180686 SUSE bug 1181126 CVE-2019-20916 CVE-2021-3177 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3348: Fixed a use-after-free in nbd_add_socket() that could be triggered by local attackers (with access to the nbd device) via an I/O request (bnc#1181504). - CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349). - CVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found, specifically in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878). - CVE-2020-25211: Fixed a buffer overflow in ctnetlink_parse_tuple_filter() which could be triggered by a local attackers by injecting conntrack netlink configuration (bnc#1176395). - CVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl (bnc#1176846). - CVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509). - CVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508). - CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031). - CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666). - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141). - CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086). - CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107). - CVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601). - CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960). - CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745). - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589). - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886). - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182). - CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140). - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559). - CVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372). - CVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed (bsc#1179663). The following non-security bugs were fixed: - blk-mq: improve heavily contended tag case (bsc#1178198). - debugfs_lookup(): switch to lookup_one_len_unlocked() (bsc#1171979). - epoll: Keep a reference on files added to the check list (bsc#1180031). - fix regression in 'epoll: Keep a reference on files added to the check list' (bsc#1180031, git-fixes). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032). - futex: Ensure the correct return value from futex_lock_pi() (bsc#1181349 bsc#1149032). - futex: Fix incorrect should_fail_futex() handling (bsc#1181349). - futex: Handle faults correctly for PI futexes (bsc#1181349 bsc#1149032). - futex: Provide and use pi_state_update_owner() (bsc#1181349 bsc#1149032). - futex: Replace pointless printk in fixup_owner() (bsc#1181349 bsc#1149032). - futex: Simplify fixup_pi_state_owner() (bsc#1181349 bsc#1149032). - futex: Use pi_state_update_owner() in put_pi_state() (bsc#1181349 bsc#1149032). - HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052). - iommu/vt-d: Do not dereference iommu_device if IOMMU_API is not built (bsc#1181001, jsc#ECO-3191). - iommu/vt-d: Gracefully handle DMAR units with no supported address widths (bsc#1181001, jsc#ECO-3191). - kABI: Fix kABI for extended APIC-ID support (bsc#1181001, jsc#ECO-3191). - locking/futex: Allow low-level atomic operations to return -EAGAIN (bsc#1149032). - md/bitmap: fix memory leak of temporary bitmap (bsc#1163727). - md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727). - md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727). - md/cluster: block reshape with remote resync job (bsc#1163727). - md/cluster: fix deadlock when node is doing resync job (bsc#1163727). - md-cluster: Fix potential error pointer dereference in resize_bitmaps() (bsc#1163727). - md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc#1163727). - md-cluster: fix safemode_delay value when converting to clustered bitmap (bsc#1163727). - md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727). - Move upstreamed bt fixes into sorted section - nbd: Fix memory leak in nbd_add_socket (bsc#1181504). - net/x25: prevent a couple of overflows (bsc#1178590). - NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304). - rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (bsc#1181349 bsc#1149032). - s390/dasd: fix hanging device offline processing (bsc#1144912). - scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#188304). - scsi: ibmvfc: Use compiler attribute defines instead of __attribute__() (bsc#1176962 ltc#188304). - SUNRPC: cache: ignore timestamp written to 'flush' file (bsc#1178036). - x86/apic: Fix x2apic enablement without interrupt remapping (bsc#1181001, jsc#ECO-3191). - x86/apic: Support 15 bits of APIC ID in IOAPIC/MSI where available (bsc#1181001, jsc#ECO-3191). - x86/ioapic: Handle Extended Destination ID field in RTE (bsc#1181001, jsc#ECO-3191). - x86/kvm: Add KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191). - x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191). - x86/msi: Only use high bits of MSI address for DMAR unit (bsc#1181001, jsc#ECO-3191). - x86/tracing: Introduce a static key for exception tracing (bsc#1179895). - x86/traps: Simplify pagefault tracing logic (bsc#1179895). - xfrm: Fix memleak on xfrm state destroy (bsc#1158775). Important SUSE bug 1144912 SUSE bug 1149032 SUSE bug 1158775 SUSE bug 1163727 SUSE bug 1171979 SUSE bug 1176395 SUSE bug 1176846 SUSE bug 1176962 SUSE bug 1177304 SUSE bug 1177666 SUSE bug 1178036 SUSE bug 1178182 SUSE bug 1178198 SUSE bug 1178372 SUSE bug 1178589 SUSE bug 1178590 SUSE bug 1178684 SUSE bug 1178886 SUSE bug 1179107 SUSE bug 1179140 SUSE bug 1179141 SUSE bug 1179419 SUSE bug 1179429 SUSE bug 1179508 SUSE bug 1179509 SUSE bug 1179601 SUSE bug 1179616 SUSE bug 1179663 SUSE bug 1179666 SUSE bug 1179745 SUSE bug 1179877 SUSE bug 1179878 SUSE bug 1179895 SUSE bug 1179960 SUSE bug 1179961 SUSE bug 1180008 SUSE bug 1180027 SUSE bug 1180028 SUSE bug 1180029 SUSE bug 1180030 SUSE bug 1180031 SUSE bug 1180032 SUSE bug 1180052 SUSE bug 1180086 SUSE bug 1180559 SUSE bug 1180562 SUSE bug 1180676 SUSE bug 1181001 SUSE bug 1181158 SUSE bug 1181349 SUSE bug 1181504 SUSE bug 1181553 SUSE bug 1181645 CVE-2019-20934 CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-15436 CVE-2020-15437 CVE-2020-25211 CVE-2020-25639 CVE-2020-25669 CVE-2020-27068 CVE-2020-27777 CVE-2020-27786 CVE-2020-27825 CVE-2020-27835 CVE-2020-28374 CVE-2020-28915 CVE-2020-28974 CVE-2020-29371 CVE-2020-29568 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2020-4788 CVE-2021-3347 CVE-2021-3348 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for wpa_supplicant fixes the following issues: - CVE-2021-0326: P2P group information processing vulnerability (bsc#1181777). - CVE-2019-16275: AP mode PMF disconnection protection bypass (bsc#1150934) Important SUSE bug 1150934 SUSE bug 1181777 CVE-2019-16275 CVE-2021-0326 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openvswitch fixes the following issues: - CVE-2020-35498: Fixed a denial of service related to the handling of Ethernet padding (bsc#1181742). Important SUSE bug 1181742 CVE-2020-35498 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for jasper fixes the following issues: - bsc#1179748 CVE-2020-27828: Fix heap overflow by checking maxrlvls - bsc#1181483 CVE-2021-3272: Fix buffer over-read in jp2_decode Important SUSE bug 1179748 SUSE bug 1181483 CVE-2020-27828 CVE-2021-3272 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for screen fixes the following issues: - CVE-2021-26937: Fixed double width combining char handling that could lead to a denial of service or code execution (bsc#1182092). Important SUSE bug 1182092 CVE-2021-26937 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for bind fixes the following issues: - CVE-2020-8625: A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack [bsc#1182246, CVE-2020-8625] Important SUSE bug 1182246 CVE-2020-8625 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 4 Fix Pack 80 [bsc#1182186, bsc#1181239, CVE-2020-27221, CVE-2020-14803] * CVE-2020-27221: Potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. * CVE-2020-14803: Unauthenticated attacker with network access via multiple protocols allows to compromise Java SE. Important SUSE bug 1181239 SUSE bug 1182186 CVE-2020-14803 CVE-2020-27221 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for krb5-appl fixes the following issues: - CVE-2019-25017: Check the filenames sent by the server match those requested by the client (bsc#1131109). - CVE-2019-25018: Disallow empty incoming filename or ones that refer to the current directory (bsc#1131109). Important SUSE bug 1131109 CVE-2019-25017 CVE-2019-25018 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_8_0-openjdk fixes the following issues: - Update to version jdk8u282 (icedtea 3.18.0) * January 2021 CPU (bsc#1181239) * Security fixes + JDK-8247619: Improve Direct Buffering of Characters (CVE-2020-14803) * Import of OpenJDK 8 u282 build 01 + JDK-6962725: Regtest javax/swing/JFileChooser/6738668/ /bug6738668.java fails under Linux + JDK-8025936: Windows .pdb and .map files does not have proper dependencies setup + JDK-8030350: Enable additional compiler warnings for GCC + JDK-8031423: Test java/awt/dnd/DisposeFrameOnDragCrash/ /DisposeFrameOnDragTest.java fails by Timeout on Windows + JDK-8036122: Fix warning 'format not a string literal' + JDK-8051853: new URI('x/').resolve('..').getSchemeSpecificPart() returns null! + JDK-8132664: closed/javax/swing/DataTransfer/DefaultNoDrop/ /DefaultNoDrop.java locks on Windows + JDK-8134632: Mark javax/sound/midi/Devices/ /InitializationHang.java as headful + JDK-8148854: Class names 'SomeClass' and 'LSomeClass;' treated by JVM as an equivalent + JDK-8148916: Mark bug6400879.java as intermittently failing + JDK-8148983: Fix extra comma in changes for JDK-8148916 + JDK-8160438: javax/swing/plaf/nimbus/8057791/bug8057791.java fails + JDK-8165808: Add release barriers when allocating objects with concurrent collection + JDK-8185003: JMX: Add a version of ThreadMXBean.dumpAllThreads with a maxDepth argument + JDK-8202076: test/jdk/java/io/File/WinSpecialFiles.java on windows with VS2017 + JDK-8207766: [testbug] Adapt tests for Aix. + JDK-8212070: Introduce diagnostic flag to abort VM on failed JIT compilation + JDK-8213448: [TESTBUG] enhance jfr/jvm/TestDumpOnCrash + JDK-8215727: Restore JFR thread sampler loop to old / previous behavior + JDK-8220657: JFR.dump does not work when filename is set + JDK-8221342: [TESTBUG] Generate Dockerfile for docker testing + JDK-8224502: [TESTBUG] JDK docker test TestSystemMetrics.java fails with access issues and OOM + JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread + JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes + JDK-8232114: JVM crashed at imjpapi.dll in native code + JDK-8234270: [REDO] JDK-8204128 NMT might report incorrect numbers for Compiler area + JDK-8234339: replace JLI_StrTok in java_md_solinux.c + JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes + JDK-8242335: Additional Tests for RSASSA-PSS + JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in + JDK-8245400: Upgrade to LittleCMS 2.11 + JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention + JDK-8249176: Update GlobalSignR6CA test certificates + JDK-8250665: Wrong translation for the month name of May in ar_JO,LB,SY + JDK-8250928: JFR: Improve hash algorithm for stack traces + JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java + JDK-8251840: Java_sun_awt_X11_XToolkit_getDefaultScreenData should not be in make/mapfiles/libawt_xawt/mapfile-vers + JDK-8252384: [TESTBUG] Some tests refer to COMPAT provider rather than JRE + JDK-8252395: [8u] --with-native-debug-symbols=external doesn't include debuginfo files for binaries + JDK-8252497: Incorrect numeric currency code for ROL + JDK-8252754: Hash code calculation of JfrStackTrace is inconsistent + JDK-8252904: VM crashes when JFR is used and JFR event class is transformed + JDK-8252975: [8u] JDK-8252395 breaks the build for --with-native-debug-symbols=internal + JDK-8253284: Zero OrderAccess barrier mappings are incorrect + JDK-8253550: [8u] JDK-8252395 breaks the build for make STRIP_POLICY=no_strip + JDK-8253752: test/sun/management/jmxremote/bootstrap/ /RmiBootstrapTest.java fails randomly + JDK-8254081: java/security/cert/PolicyNode/ /GetPolicyQualifiers.java fails due to an expired certificate + JDK-8254144: Non-x86 Zero builds fail with return-type warning in os_linux_zero.cpp + JDK-8254166: Zero: return-type warning in zeroInterpreter_zero.cpp + JDK-8254683: [TEST_BUG] jdk/test/sun/tools/jconsole/ /WorkerDeadlockTest.java fails + JDK-8255003: Build failures on Solaris Moderate SUSE bug 1181239 CVE-2020-14803 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 25 [bsc#1182186, bsc#1181239, CVE-2020-27221, CVE-2020-14803] * CVE-2020-27221: Potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. * CVE-2020-14803: Unauthenticated attacker with network access via multiple protocols allows to compromise Java SE. Important SUSE bug 1181239 SUSE bug 1182186 CVE-2020-14803 CVE-2020-27221 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for open-iscsi fixes the following issues: Fixes for CVE-2019-17437, CVE-2020-17438, CVE-2020-13987 and CVE-2020-13988 (bsc#1179908): - check for TCP urgent pointer past end of frame - check for u8 overflow when processing TCP options - check for header length underflow during checksum calculation Important SUSE bug 1179908 CVE-2020-13987 CVE-2020-13988 CVE-2020-17437 CVE-2020-17438 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for perl-XML-Twig fixes the following issues: - Security fix [bsc#1008644, CVE-2016-9180] * Added: the no_xxe option to XML::Twig::new, which causes the parse to fail if external entities are used (to prevent malicious XML to access the filesystem). * Setting expand_external_ents to 0 or -1 currently doesn't work as expected; To completely turn off expanding external entities use no_xxe. * Update documentation for XML::Twig to mention problems with expand_external_ents and add information about new no_xxe argument Moderate SUSE bug 1008644 CVE-2016-9180 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.8.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-08 (bsc#1182614) * CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources * CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 Important SUSE bug 1182357 SUSE bug 1182614 CVE-2021-23968 CVE-2021-23969 CVE-2021-23973 CVE-2021-23978 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python-cryptography fixes the following issues: - CVE-2020-36242: Using the Fernet class to symmetrically encrypt multi gigabyte values could result in an integer overflow and buffer overflow (bsc#1182066). Important SUSE bug 1182066 CVE-2020-36242 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for grub2 fixes the following issues: grub2 now implements the new 'SBAT' method for SHIM based secure boot revocation. (bsc#1182057) Following security issues are fixed that can violate secure boot constraints: - CVE-2020-25632: Fixed a use-after-free in rmmod command (bsc#1176711) - CVE-2020-25647: Fixed an out-of-bound write in grub_usb_device_initialize() (bsc#1177883) - CVE-2020-27749: Fixed a stack buffer overflow in grub_parser_split_cmdline (bsc#1179264) - CVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi commands in secure boot mode (bsc#1179265 bsc#1175970) - CVE-2021-20225: Fixed a heap out-of-bounds write in short form option parser (bsc#1182262) - CVE-2021-20233: Fixed a heap out-of-bound write due to mis-calculation of space required for quoting (bsc#1182263) Important SUSE bug 1175970 SUSE bug 1176711 SUSE bug 1177883 SUSE bug 1179264 SUSE bug 1179265 SUSE bug 1182057 SUSE bug 1182262 SUSE bug 1182263 CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. Important SUSE bug 1182279 SUSE bug 1182408 SUSE bug 1182411 SUSE bug 1182412 SUSE bug 1182413 SUSE bug 1182415 SUSE bug 1182416 SUSE bug 1182417 SUSE bug 1182418 SUSE bug 1182419 SUSE bug 1182420 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2021-27212 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. Important SUSE bug 1182279 SUSE bug 1182408 SUSE bug 1182411 SUSE bug 1182412 SUSE bug 1182413 SUSE bug 1182415 SUSE bug 1182416 SUSE bug 1182417 SUSE bug 1182418 SUSE bug 1182419 SUSE bug 1182420 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2021-27212 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssl-1_0_0 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) Moderate SUSE bug 1182331 SUSE bug 1182333 CVE-2021-23840 CVE-2021-23841 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843). - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753). - CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747). by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372). - CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428). The following non-security bugs were fixed: - cifs: check all path components in resolved dfs target (bsc#1180906). - cifs: fix check of tcon dfs in smb1 (bsc#1180906). - cifs: fix nodfs mount option (bsc#1180906). - cifs: introduce helper for finding referral server (bsc#1180906). - kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082) - kernel-binary.spec: Add back initrd and image symlink ghosts to filelist (bsc#1182140). Fixes: 76a9256314c3 ('rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082).') - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). RPM_BUILD_ROOT is cleared before %%install. Do the unpack into RPM_BUILD_ROOT in %%install - rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014) - rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014) %split_extra still contained two. - rpm/kernel-binary.spec.in: Fix compressed module handling for in-tree KMP (jsc#SLE-10886) - rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045) egrep is only a deprecated bash wrapper for 'grep -E'. So use the latter instead. - rpm/kernel-module-subpackage: make Group tag optional (bsc#1163592) - rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls (bsc#1178401) - rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082). - rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit kernel due to various bugs (bsc#1178762 to name one). There is: ExportFilter: ^kernel-obs-build.*\.x86_64.rpm$ . i586 in Factory's prjconf now. No other actively maintained distro (i.e. merging packaging branch) builds a x86_32 kernel, hence pushing to packaging directly. - rpm/post.sh: Avoid purge-kernel for the first installed kernel (bsc#1180058) - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section - scsi: fc: add FPIN ELS definition (bsc#1181441). - scsi/fc: kABI fixes for new ELS_FPIN definition (bsc#1181441) - scsi: fc: Update Descriptor definition and add RDF and Link Integrity FPINs (bsc#1181441). - scsi: Fix trivial spelling (bsc#1181441). - scsi: qla2xxx: Add IOCB resource tracking (bsc#1181441). - scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1181441). - scsi: qla2xxx: Address a set of sparse warnings (bsc#1181441). - scsi: qla2xxx: Add rport fields in debugfs (bsc#1181441). - scsi: qla2xxx: Add SLER and PI control support (bsc#1181441). - scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (bsc#1181441). - scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (bsc#1181441). - scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (bsc#1181441). - scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (bsc#1181441). - scsi: qla2xxx: Change post del message from debug level to log level (bsc#1181441). - scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (bsc#1181441). - scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (bsc#1181441). - scsi: qla2xxx: Check if FW supports MQ before enabling (bsc#1181441). - scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (bsc#1181441). - scsi: qla2xxx: Correct the check for sscanf() return value (bsc#1181441). - scsi: qla2xxx: Do not check for fw_started while posting NVMe command (bsc#1181441). - scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (bsc#1181441). - scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1181441). - scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (bsc#1181441). - scsi: qla2xxx: Fix buffer-buffer credit extraction error (bsc#1181441). - scsi: qla2xxx: Fix compilation issue in PPC systems (bsc#1181441). - scsi: qla2xxx: Fix crash during driver load on big endian machines (bsc#1181441). - scsi: qla2xxx: Fix crash on session cleanup with unload (bsc#1181441). - scsi: qla2xxx: Fix description for parameter ql2xenforce_iocb_limit (bsc#1181441). - scsi: qla2xxx: Fix device loss on 4G and older HBAs (bsc#1181441). - scsi: qla2xxx: Fix endianness annotations in header files (bsc#1181441). - scsi: qla2xxx: Fix endianness annotations in source files (bsc#1181441). - scsi: qla2xxx: Fix failure message in qlt_disable_vha() (bsc#1181441). - scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines (bsc#1181441). - scsi: qla2xxx: Fix FW initialization error on big endian machines (bsc#1181441). - scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (bsc#1181441). - scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (bsc#1181441). - scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (bsc#1181441). - scsi: qla2xxx: Fix I/O errors during LIP reset tests (bsc#1181441). - scsi: qla2xxx: Fix I/O failures during remote port toggle testing (bsc#1181441). - scsi: qla2xxx: Fix issue with adapter's stopping state (bsc#1181441). - scsi: qla2xxx: Fix login timeout (bsc#1181441). - scsi: qla2xxx: Fix memory size truncation (bsc#1181441). - scsi: qla2xxx: Fix MPI failure AEN (8200) handling (bsc#1181441). - scsi: qla2xxx: Fix MPI reset needed message (bsc#1181441). - scsi: qla2xxx: Fix N2N and NVMe connect retry failure (bsc#1181441). - scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (bsc#1181441). - scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (bsc#1181441). - scsi: qla2xxx: Fix regression on sparc64 (bsc#1181441). - scsi: qla2xxx: Fix reset of MPI firmware (bsc#1181441). - scsi: qla2xxx: Fix return of uninitialized value in rval (bsc#1181441). - scsi: qla2xxx: Fix spelling of a variable name (bsc#1181441). - scsi: qla2xxx: Fix the call trace for flush workqueue (bsc#1181441). - scsi: qla2xxx: Fix the code that reads from mailbox registers (bsc#1181441). - scsi: qla2xxx: Fix the return value (bsc#1181441). - scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (bsc#1181441). - scsi: qla2xxx: Fix warning after FC target reset (bsc#1181441). - scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (bsc#1181441). - scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (bsc#1181441). - scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (bsc#1181441). - scsi: qla2xxx: Flush all sessions on zone disable (bsc#1181441). - scsi: qla2xxx: Flush I/O on zone disable (bsc#1181441). - scsi: qla2xxx: Handle aborts correctly for port undergoing deletion (bsc#1181441). - scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (bsc#1181441). - scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry (bsc#1181441). - scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (bsc#1181441). - scsi: qla2xxx: Indicate correct supported speeds for Mezz card (bsc#1181441). - scsi: qla2xxx: Initialize 'n' before using it (bsc#1181441). - scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (bsc#1181441). - scsi: qla2xxx: Introduce a function for computing the debug message prefix (bsc#1181441). - scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1181441). - scsi: qla2xxx: Limit interrupt vectors to number of CPUs (bsc#1181441). - scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (bsc#1181441). - scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1181441). - scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (bsc#1181441). - scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (bsc#1181441). - scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (bsc#1181441). - scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (bsc#1181441). - scsi: qla2xxx: Make qlafx00_process_aen() return void (bsc#1181441). - scsi: qla2xxx: Make qla_set_ini_mode() return void (bsc#1181441). - scsi: qla2xxx: Make tgt_port_database available in initiator mode (bsc#1181441). - scsi: qla2xxx: Move sess cmd list/lock to driver (bsc#1181441). - scsi: qla2xxx: Performance tweak (bsc#1181441). - scsi: qla2xxx: Reduce duplicate code in reporting speed (bsc#1181441). - scsi: qla2xxx: Reduce noisy debug message (bsc#1181441). - scsi: qla2xxx: Remove an unused function (bsc#1181441). - scsi: qla2xxx: Remove a superfluous cast (bsc#1181441). - scsi: qla2xxx: remove incorrect sparse #ifdef (bsc#1181441). - scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code (bsc#1181441). - scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code (bsc#1181441). - scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1181441). - scsi: qla2xxx: Remove redundant variable initialization (bsc#1181441). - scsi: qla2xxx: Remove return value from qla_nvme_ls() (bsc#1181441). - scsi: qla2xxx: Remove superfluous memset() (bsc#1181441). - scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (bsc#1181441). - scsi: qla2xxx: Remove trailing semicolon in macro definition (bsc#1181441). - scsi: qla2xxx: Remove unneeded variable 'rval' (bsc#1181441). - scsi: qla2xxx: Return EBUSY on fcport deletion (bsc#1181441). - scsi: qla2xxx: SAN congestion management implementation (bsc#1181441). - scsi: qla2xxx: Setup debugfs entries for remote ports (bsc#1181441). - scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (bsc#1181441). - scsi: qla2xxx: Simplify the functions for dumping firmware (bsc#1181441). - scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (bsc#1181441). - scsi: qla2xxx: Split qla2x00_configure_local_loop() (bsc#1181441). - scsi: qla2xxx: Tear down session if FW say it is down (bsc#1181441). - scsi: qla2xxx: Update version to 10.02.00.102-k (bsc#1181441). - scsi: qla2xxx: Update version to 10.02.00.103-k (bsc#1181441). - scsi: qla2xxx: Update version to 10.02.00.104-k (bsc#1181441). - scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (bsc#1181441). - scsi: qla2xxx: Use constant when it is known (bsc#1181441). - scsi: qla2xxx: Use make_handle() instead of open-coding it (bsc#1181441). - scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (bsc#1181441). - scsi: qla2xxx: Use register names instead of register offsets (bsc#1181441). - scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1181441). - scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1181441). - scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (bsc#1181441). - scsi: scsi_transport_fc: Add FPIN fc event codes (bsc#1181441). - scsi: scsi_transport_fc: refactor event posting routines (bsc#1181441). - scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (bsc#1181441). - x86/hyperv: Fix kexec panic/hang issues (bsc#1176831). - xen/netback: avoid race in xenvif_rx_ring_slots_available() (bsc#1065600). - xen/netback: fix spurious event detection for common event case (bsc#1182175). Important SUSE bug 1065600 SUSE bug 1163592 SUSE bug 1176831 SUSE bug 1178401 SUSE bug 1178762 SUSE bug 1179014 SUSE bug 1179015 SUSE bug 1179045 SUSE bug 1179082 SUSE bug 1179428 SUSE bug 1179660 SUSE bug 1180058 SUSE bug 1180906 SUSE bug 1181441 SUSE bug 1181747 SUSE bug 1181753 SUSE bug 1181843 SUSE bug 1182140 SUSE bug 1182175 CVE-2020-29368 CVE-2020-29374 CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for wpa_supplicant fixes the following issues: - CVE-2021-27803: P2P provision discovery processing vulnerability (bsc#1182805) Important SUSE bug 1182805 CVE-2021-27803 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) Moderate SUSE bug 1182331 SUSE bug 1182333 CVE-2021-23840 CVE-2021-23841 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for git fixes the following issues: - On case-insensitive filesystems, with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters (such as Git LFS), Git could be fooled into running remote code during a clone. (bsc#1183026, CVE-2021-21300) Important SUSE bug 1183026 CVE-2021-21300 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for compat-openssl098 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) Moderate SUSE bug 1182331 SUSE bug 1182333 CVE-2021-23840 CVE-2021-23841 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python fixes the following issues: - python27 was upgraded to 2.7.18 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator (bsc#1182379). Moderate SUSE bug 1182379 CVE-2019-18348 CVE-2021-23336 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.6.1 ESR * Fixed: Critical security issue MFSA 2021-01 (bsc#1180623) * CVE-2020-16044 Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk Important SUSE bug 1180623 CVE-2020-16044 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) Important SUSE bug 1182328 SUSE bug 1182362 CVE-2021-27218 CVE-2021-27219 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for wavpack fixes the following issues: - CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414). Important SUSE bug 1180414 CVE-2020-35738 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for nghttp2 fixes the following issues: Security issues fixed: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358). - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184). - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146182). - CVE-2018-1000168: Fixed ALTSVC frame client side denial of service (bsc#1088639). - CVE-2016-1544: Fixed out of memory due to unlimited incoming HTTP header fields (bsc#966514). Bug fixes and enhancements: - Packages must not mark license files as %doc (bsc#1082318) - Typo in description of libnghttp2_asio1 (bsc#962914) - Fixed mistake in spec file (bsc#1125689) - Fixed build issue with boost 1.70.0 (bsc#1134616) - Fixed build issue with GCC 6 (bsc#964140) - Feature: Add W&S module (FATE#326776, bsc#1112438) Important SUSE bug 1082318 SUSE bug 1088639 SUSE bug 1112438 SUSE bug 1125689 SUSE bug 1134616 SUSE bug 1146182 SUSE bug 1146184 SUSE bug 1181358 SUSE bug 962914 SUSE bug 964140 SUSE bug 966514 CVE-2016-1544 CVE-2018-1000168 CVE-2019-9511 CVE-2019-9513 CVE-2020-11080 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssl-1_1 fixes the following security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] Important SUSE bug 1183852 CVE-2021-3449 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for tomcat fixes the following issues: - CVE-2021-25122: Apache Tomcat h2c request mix-up (bsc#1182912) - CVE-2021-25329: Complete fix for CVE-2020-9484 (bsc#1182909) Important SUSE bug 1182909 SUSE bug 1182912 CVE-2021-25122 CVE-2021-25329 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.9.0 ESR (MFSA 2021-11, bsc#1183942) * CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read * CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage * CVE-2021-23984: Malicious extensions could have spoofed popup information * CVE-2021-23987: Memory safety bugs Important SUSE bug 1183942 CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openvpn fixes the following issues: - CVE-2022-0547: Fixed possible authentication bypass in external authentication plug-in (bsc#1197341). Important SUSE bug 1197341 CVE-2022-0547 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_7_1-ibm fixes the following issues: Update Java 7.1 to Service Refresh 7 Fix Pack 5 (bsc#1197126). Including fixes for the following vulnerabilities: CVE-2022-21366, CVE-2022-21365, CVE-2022-21360, CVE-2022-21349, CVE-2022-21341, CVE-2022-21340, CVE-2022-21305, CVE-2022-21277, CVE-2022-21299, CVE-2022-21296, CVE-2022-21282, CVE-2022-21294, CVE-2022-21293, CVE-2022-21291, CVE-2022-21283, CVE-2022-21248, CVE-2022-21271. Important SUSE bug 1194925 SUSE bug 1194926 SUSE bug 1194927 SUSE bug 1194928 SUSE bug 1194929 SUSE bug 1194930 SUSE bug 1194931 SUSE bug 1194932 SUSE bug 1194933 SUSE bug 1194934 SUSE bug 1194935 SUSE bug 1194937 SUSE bug 1194939 SUSE bug 1194940 SUSE bug 1194941 SUSE bug 1196500 SUSE bug 1197126 CVE-2022-21248 CVE-2022-21271 CVE-2022-21277 CVE-2022-21282 CVE-2022-21283 CVE-2022-21291 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21349 CVE-2022-21360 CVE-2022-21365 CVE-2022-21366 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_8_0-ibm fixes the following issues: Update Java 8.0 to Service Refresh 7 Fix Pack 5 (bsc#1197126). Including fixes for the following vulnerabilities: CVE-2022-21366, CVE-2022-21365, CVE-2022-21360, CVE-2022-21349, CVE-2022-21341, CVE-2022-21340, CVE-2022-21305, CVE-2022-21277, CVE-2022-21299, CVE-2022-21296, CVE-2022-21282, CVE-2022-21294, CVE-2022-21293, CVE-2022-21291, CVE-2022-21283, CVE-2022-21248, CVE-2022-21271. Non-securtiy fix: - Fixed a broken symlink for javaws (bsc#1195146). Important SUSE bug 1194925 SUSE bug 1194926 SUSE bug 1194927 SUSE bug 1194928 SUSE bug 1194929 SUSE bug 1194930 SUSE bug 1194931 SUSE bug 1194932 SUSE bug 1194933 SUSE bug 1194934 SUSE bug 1194935 SUSE bug 1194937 SUSE bug 1194939 SUSE bug 1194940 SUSE bug 1194941 SUSE bug 1195146 SUSE bug 1196500 SUSE bug 1197126 CVE-2022-21248 CVE-2022-21271 CVE-2022-21277 CVE-2022-21282 CVE-2022-21283 CVE-2022-21291 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21349 CVE-2022-21360 CVE-2022-21365 CVE-2022-21366 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). Important SUSE bug 1197459 CVE-2018-25032 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 7 Fix Pack 0 - CVE-2021-41035: before version 0.29.0, the openj9 JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. (bsc#1194198, bsc#1192052) - CVE-2021-35586: Excessive memory allocation in BMPImageReader. (bsc#1191914) - CVE-2021-35564: Certificates with end dates too far in the future can corrupt keystore. (bsc#1191913) - CVE-2021-35559: Excessive memory allocation in RTFReader. (bsc#1191911) - CVE-2021-35556: Excessive memory allocation in RTFParser. (bsc#1191910) - CVE-2021-35565: Loop in HttpsServer triggered during TLS session close. (bsc#1191909) - CVE-2021-35588: Incomplete validation of inner class references in ClassFileParser. (bsc#1191905) - CVE-2021-2341: Fixed a flaw inside the FtpClient. (bsc#1188564) - CVE-2021-2369: JAR file handling problem containing multiple MANIFEST.MF files. (bsc#1188565) - CVE-2021-2163: Incomplete enforcement of JAR signing disabled algorithms. (bsc#1185055) - CVE-2021-35560: Fixed a vulnerability in the component Deployment. (bsc#1191902) - CVE-2021-35578: Fixed unexpected exception raised during TLS handshake. (bsc#1191904) Important SUSE bug 1185055 SUSE bug 1188564 SUSE bug 1188565 SUSE bug 1191902 SUSE bug 1191904 SUSE bug 1191905 SUSE bug 1191909 SUSE bug 1191910 SUSE bug 1191911 SUSE bug 1191913 SUSE bug 1191914 SUSE bug 1192052 SUSE bug 1194198 SUSE bug 1194232 CVE-2021-2163 CVE-2021-2341 CVE-2021-2369 CVE-2021-35556 CVE-2021-35559 CVE-2021-35560 CVE-2021-35564 CVE-2021-35565 CVE-2021-35578 CVE-2021-35586 CVE-2021-35588 CVE-2021-41035 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Warn if uuidd lock state is not usable. (bsc#1194642) - Fix 'su -s' bash completion. (bsc#1172427) - CVE-2021-37600: Fixed an integer overflow which could lead to buffer overflow in get_sem_elements. (bsc#1188921) - Prevent outdated pam files (bsc#1082293, bsc#1081947#c68). - Do not trim read-only volumes (bsc#1106214). - libmount: To prevent incorrect behavior, recognize more pseudofs and netfs (bsc#1122417). - raw.service: Add `RemainAfterExit=yes` (bsc#1135534). - agetty: Reload issue only if it is really needed (bsc#1085196) - agetty: Return previous response of agetty for special characters (bsc#1085196, bsc#1125886) - blockdev: Do not fail `--report` on kpartx-style partitions on multipath. (bsc#1168235) - nologin: Add support for `-c` to prevent error from `su -c`. (bsc#1151708) - Avoid triggering autofs in lookup_umount_fs_by_statfs. (bsc#1168389) - libblkid: Do not trigger CDROM autoclose. (bsc#1084671) - Avoid sulogin failing on not existing or not functional console devices. (bsc#1175514) - Build with libudev support to support non-root users. (bsc#1169006) - lscpu: avoid segfault on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to CIFS with mount –a. (bsc#1174942) Important SUSE bug 1081947 SUSE bug 1082293 SUSE bug 1084671 SUSE bug 1085196 SUSE bug 1106214 SUSE bug 1122417 SUSE bug 1125886 SUSE bug 1135534 SUSE bug 1135708 SUSE bug 1151708 SUSE bug 1168235 SUSE bug 1168389 SUSE bug 1169006 SUSE bug 1172427 SUSE bug 1174942 SUSE bug 1175514 SUSE bug 1175623 SUSE bug 1178236 SUSE bug 1178554 SUSE bug 1178825 SUSE bug 1188921 SUSE bug 1194642 CVE-2021-37600 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for mozilla-nss fixes the following issues: Mozilla NSS 3.68.3 (bsc#1197903): - CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use. Important SUSE bug 1197903 CVE-2022-1097 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.8.0 ESR (bsc#1197903): MFSA 2022-14 (bsc#1197903) * CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use * CVE-2022-28281: Fixed an out of bounds write due to unexpected WebAuthN Extensions * CVE-2022-1196: Fixed a use-after-free after VR Process destruction * CVE-2022-28282: Fixed a use-after-free in DocumentL10n::TranslateDocument * CVE-2022-28285: Fixed incorrect AliasSet used in JIT Codegen * CVE-2022-28286: Fixed that iframe contents could be rendered outside the border * CVE-2022-24713: Fixed a denial of service via complex regular expressions * CVE-2022-28289: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8 Important SUSE bug 1197903 CVE-2022-1097 CVE-2022-1196 CVE-2022-24713 CVE-2022-28281 CVE-2022-28282 CVE-2022-28285 CVE-2022-28286 CVE-2022-28289 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openjpeg2 fixes the following issues: - CVE-2016-1924: Fixed heap buffer overflow (bsc#980504). - CVE-2016-3183: Fixed out-of-bounds read in sycc422_to_rgb function (bsc#971617). - CVE-2016-4797: Fixed heap buffer overflow (bsc#980504). - CVE-2018-14423: Fixed division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl,and pi_next_rpcl in lib/openjp3d/pi.c (bsc#1102016). - CVE-2018-16375: Fixed missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c (bsc#1106882). - CVE-2018-16376: Fixed heap-based buffer overflow function t2_encode_packet in lib/openmj2/t2.c (bsc#1106881). - CVE-2018-20845: Fixed division-by-zero in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c (bsc#1140130). - CVE-2018-20846: Fixed out-of-bounds accesses in pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c (bsc#1140205). - CVE-2020-8112: Fixed heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c (bsc#1162090). - CVE-2020-15389: Fixed use-after-free if t a mix of valid and invalid files in a directory operated on by the decompressor (bsc#1173578). - CVE-2020-27823: Fixed heap buffer over-write in opj_tcd_dc_level_shift_encode() (bsc#1180457). - CVE-2021-29338: Fixed integer overflow that allows remote attackers to crash the application (bsc#1184774). - CVE-2022-1122: Fixed segmentation fault in opj2_decompress due to uninitialized pointer (bsc#1197738). Important SUSE bug 1102016 SUSE bug 1106881 SUSE bug 1106882 SUSE bug 1140130 SUSE bug 1140205 SUSE bug 1162090 SUSE bug 1173578 SUSE bug 1180457 SUSE bug 1184774 SUSE bug 1197738 SUSE bug 971617 SUSE bug 980504 CVE-2016-1924 CVE-2016-3183 CVE-2016-4797 CVE-2018-14423 CVE-2018-16375 CVE-2018-16376 CVE-2018-20845 CVE-2018-20846 CVE-2020-15389 CVE-2020-27823 CVE-2020-8112 CVE-2021-29338 CVE-2022-1122 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python rebuilds python against a symbol versioned openssl 1.0.2 to allow usage with openssl 1.1.1. Also the following security issues are fixed: - CVE-2022-0391: Fixed sanitizing URLs containing ASCII newline and tabs in urlparse (bsc#1195396). - CVE-2021-4189: Make ftplib not trust the PASV response (bsc#1194146). Moderate SUSE bug 1187784 SUSE bug 1194146 SUSE bug 1195396 CVE-2021-4189 CVE-2022-0391 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: - CVE-2021-4140: Fixed iframe sandbox bypass with XSLT (bsc#1194547). - CVE-2022-22737: Fixed race condition when playing audio files (bsc#1194547). - CVE-2022-22738: Fixed heap-buffer-overflow in blendGaussianBlur (bsc#1194547). - CVE-2022-22739: Fixed missing throttling on external protocol launch dialog (bsc#1194547). - CVE-2022-22740: Fixed use-after-free of ChannelEventQueue::mOwner (bsc#1194547). - CVE-2022-22741: Fixed browser window spoof using fullscreen mode (bsc#1194547). - CVE-2022-22742: Fixed out-of-bounds memory access when inserting text in edit mode (bsc#1194547). - CVE-2022-22743: Fixed browser window spoof using fullscreen mode (bsc#1194547). - CVE-2022-22744: Fixed possible command injection via the 'Copy as curl' feature in DevTools (bsc#1194547). - CVE-2022-22745: Fixed leaking cross-origin URLs through securitypolicyviolation event (bsc#1194547). - CVE-2022-22746: Fixed calling into reportValidity could have lead to fullscreen window spoof (bsc#1194547). - CVE-2022-22747: Fixed crash when handling empty pkcs7 sequence(bsc#1194547). - CVE-2022-22748: Fixed spoofed origin on external protocol launch dialog (bsc#1194547). - CVE-2022-22751: Fixed memory safety bugs (bsc#1194547). Important SUSE bug 1194547 CVE-2021-4140 CVE-2022-22737 CVE-2022-22738 CVE-2022-22739 CVE-2022-22740 CVE-2022-22741 CVE-2022-22742 CVE-2022-22743 CVE-2022-22744 CVE-2022-22745 CVE-2022-22746 CVE-2022-22747 CVE-2022-22748 CVE-2022-22751 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) Important SUSE bug 1198062 CVE-2022-1271 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libexif fixes the following issues: - CVE-2020-0181: Fixed an integer overflow that could lead to denial of service (bsc#1172802). - CVE-2020-0198: Fixed and unsigned integer overflow that could lead to denial of service (bsc#1172768). - CVE-2020-0452: Fixed a buffer overflow check that could be optimized away by the compiler (bsc#1178479). Important SUSE bug 1172768 SUSE bug 1172802 SUSE bug 1178479 CVE-2020-0181 CVE-2020-0198 CVE-2020-0452 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for tomcat fixes the following issues: Security hardening, related to Spring Framework vulnerabilities: - Deprecate getResources() and always return null (bsc#1198136). Important SUSE bug 1198136 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for sssd fixes the following issues: - CVE-2021-3621: Fixed shell command injection in sssctl via the logs-fetch and cache-expire subcommands (bsc#1189492). - Add LDAPS support for the AD provider (bsc#1183735)(jsc#SLE-17773). Non-security fixes: - Fixed a crash caused by calling dbus_watch_handle with a corrupted memory value (bsc#1196564). Important SUSE bug 1183735 SUSE bug 1189492 SUSE bug 1196564 CVE-2021-3621 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated. The following security bugs were fixed: - CVE-2022-0812: Fixed an incorrect header size calculations which could lead to a memory leak. (bsc#1196639) - CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free. (bnc#1196973) - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227) - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-28356: Fixed a refcount bug in llc_ui_bind and llc_ui_autobind which could allow an unprivileged user to execute a DoS. (bnc#1197391) - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032) - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031) - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331) - CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761) - CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device. (bsc#1196836) - CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366) - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) The following non-security bugs were fixed: - ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018). - genirq: Use rcu in kstat_irqs_usr() (bsc#1193738). - llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes). - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - net: usb: ax88179_178a: fix packet alignment padding (bsc#1196018). - net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). - sr9700: sanity check for packet length (bsc#1196836). - tcp: add some entropy in __inet_hash_connect() (bsc#1180153). - tcp: change source port randomizarion at connect() time (bsc#1180153). - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - x86/tsc: Make calibration refinement more robust (bsc#1196573). - xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). Important SUSE bug 1180153 SUSE bug 1189562 SUSE bug 1193738 SUSE bug 1194943 SUSE bug 1195051 SUSE bug 1195353 SUSE bug 1196018 SUSE bug 1196114 SUSE bug 1196468 SUSE bug 1196488 SUSE bug 1196514 SUSE bug 1196573 SUSE bug 1196639 SUSE bug 1196761 SUSE bug 1196830 SUSE bug 1196836 SUSE bug 1196942 SUSE bug 1196973 SUSE bug 1197211 SUSE bug 1197227 SUSE bug 1197331 SUSE bug 1197366 SUSE bug 1197391 SUSE bug 1197462 SUSE bug 1198031 SUSE bug 1198032 SUSE bug 1198033 CVE-2021-39713 CVE-2021-45868 CVE-2022-0812 CVE-2022-0850 CVE-2022-1016 CVE-2022-1048 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-26490 CVE-2022-26966 CVE-2022-27666 CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for gzip fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) Important SUSE bug 1198062 CVE-2022-1271 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xen fixes the following issues: - CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that could cause a denial of service in the host (bsc#1197423). - CVE-2022-26357: Fixed a potential race condition in memory cleanup for hosts using VT-d IOMMU hardware, which could lead to a denial of service in the host (bsc#1197425). - CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361: Fixed various memory corruption issues for hosts using VT-d or AMD-Vi IOMMU hardware. These could be leveraged by an attacker to cause a denial of service in the host (bsc#1197426). - CVE-2022-0001, CVE-2022-0002, CVE-2021-26401: Added BHB speculation issue mitigations (bsc#1196915). Important SUSE bug 1196915 SUSE bug 1197423 SUSE bug 1197425 SUSE bug 1197426 CVE-2021-26401 CVE-2022-0001 CVE-2022-0002 CVE-2022-26356 CVE-2022-26357 CVE-2022-26358 CVE-2022-26359 CVE-2022-26360 CVE-2022-26361 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for dnsmasq fixes the following issues: - CVE-2021-3448: Fixed a potential DNS cache poisoning issue due to a constant outgoing port being used when for certain use cases of the --server option (bsc#1183709). - CVE-2022-0934: Fixed an invalid memory access that could lead to remote denial of service via crafted packet (bsc#1197872). Important SUSE bug 1183709 SUSE bug 1197872 CVE-2021-3448 CVE-2022-0934 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for git fixes the following issues: - CVE-2022-24765: Fixed a potential command injection via git worktree (bsc#1198234). Important SUSE bug 1198234 CVE-2022-24765 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed use-after-free of ID and IDREF attributes. (bsc#1196490) Important SUSE bug 1196490 CVE-2022-23308 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for SDL fixes the following issues: - CVE-2020-14409: Fixed an integer overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c. (bsc#1181202) - CVE-2020-14410: Fixed a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c. (bsc#1181201) - CVE-2021-33657: Fixed a Heap overflow problem in video/SDL_pixels.c. (bsc#1198001) Important SUSE bug 1181201 SUSE bug 1181202 SUSE bug 1198001 CVE-2020-14409 CVE-2020-14410 CVE-2021-33657 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for webkit2gtk3 fixes the following issues: - Update to version 2.34.3 (bsc#1194019). - CVE-2021-30887: Fixed logic issue allowing unexpectedly unenforced Content Security Policy when processing maliciously crafted web content. - CVE-2021-30890: Fixed logic issue allowing universal cross site scripting when processing maliciously crafted web content. Important SUSE bug 1194019 CVE-2018-8518 CVE-2018-8523 CVE-2019-8551 CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 CVE-2019-8674 CVE-2019-8681 CVE-2019-8684 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 CVE-2019-8707 CVE-2019-8719 CVE-2019-8726 CVE-2019-8733 CVE-2019-8763 CVE-2019-8765 CVE-2019-8766 CVE-2019-8768 CVE-2019-8782 CVE-2019-8808 CVE-2019-8815 CVE-2019-8821 CVE-2019-8822 CVE-2020-10018 CVE-2020-13753 CVE-2020-27918 CVE-2020-29623 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9947 CVE-2020-9948 CVE-2020-9951 CVE-2020-9952 CVE-2021-1765 CVE-2021-1788 CVE-2021-1817 CVE-2021-1820 CVE-2021-1825 CVE-2021-1826 CVE-2021-1844 CVE-2021-1871 CVE-2021-30661 CVE-2021-30666 CVE-2021-30682 CVE-2021-30761 CVE-2021-30762 CVE-2021-30809 CVE-2021-30818 CVE-2021-30823 CVE-2021-30836 CVE-2021-30846 CVE-2021-30848 CVE-2021-30849 CVE-2021-30851 CVE-2021-30858 CVE-2021-30884 CVE-2021-30887 CVE-2021-30888 CVE-2021-30889 CVE-2021-30890 CVE-2021-30897 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for cifs-utils fixes the following issues: - CVE-2022-27239: Fixed a buffer overflow in the command line ip option (bsc#1197216). Important SUSE bug 1197216 CVE-2022-27239 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for aide fixes the following issues: - CVE-2021-45417: Fix a bufferoverflow in base64 functions (bsc#1194735) Important SUSE bug 1194735 CVE-2021-45417 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: This update contains the Firefox Extended Support Release 91.1.0 ESR. * Fixed: Various stability, functionality, and security fixes MFSA 2021-40 (bsc#1190269, bsc#1190274): * CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer * CVE-2021-38495: Memory safety bugs fixed in Firefox 92 and Firefox ESR 91.1 Firefox 91.0.1esr ESR * Fixed: Fixed an issue causing buttons on the tab bar to be resized when loading certain websites (bug 1704404) * Fixed: Fixed an issue which caused tabs from private windows to be visible in non-private windows when viewing switch-to- tab results in the address bar panel (bug 1720369) * Fixed: Various stability fixes * Fixed: Security fix MFSA 2021-37 (bsc#1189547) * CVE-2021-29991 (bmo#1724896) Header Splitting possible with HTTP/3 Responses Firefox Extended Support Release 91.0 ESR * New: Some of the highlights of the new Extended Support Release are: - A number of user interface changes. For more information, see the Firefox 89 release notes. - Firefox now supports logging into Microsoft, work, and school accounts using Windows single sign-on. Learn more - On Windows, updates can now be applied in the background while Firefox is not running. - Firefox for Windows now offers a new page about:third-party to help identify compatibility issues caused by third-party applications - Version 2 of Firefox's SmartBlock feature further improves private browsing. Third party Facebook scripts are blocked to prevent you from being tracked, but are now automatically loaded 'just in time' if you decide to 'Log in with Facebook' on any website. - Enhanced the privacy of the Firefox Browser's Private Browsing mode with Total Cookie Protection, which confines cookies to the site where they were created, preventing companis from using cookies to track your browsing across sites. This feature was originally launched in Firefox's ETP Strict mode. - PDF forms now support JavaScript embedded in PDF files. Some PDF forms use JavaScript for validation and other interactive features. - You'll encounter less website breakage in Private Browsing and Strict Enhanced Tracking Protection with SmartBlock, which provides stand-in scripts so that websites load properly. - Improved Print functionality with a cleaner design and better integration with your computer's printer settings. - Firefox now protects you from supercookies, a type of tracker that can stay hidden in your browser and track you online, even after you clear cookies. By isolating supercookies, Firefox prevents them from tracking your web browsing from one site to the next. - Firefox now remembers your preferred location for saved bookmarks, displays the bookmarks toolbar by default on new tabs, and gives you easy access to all of your bookmarks via a toolbar folder. - Native support for macOS devices built with Apple Silicon CPUs brings dramatic performance improvements over the non- native build that was shipped in Firefox 83: Firefox launches over 2.5 times faster and web apps are now twice as responsive (per the SpeedoMeter 2.0 test). If you are on a new Apple device, follow these steps to upgrade to the latest Firefox. - Pinch zooming will now be supported for our users with Windows touchscreen devices and touchpads on Mac devices. Firefox users may now use pinch to zoom on touch-capable devices to zoom in and out of webpages. - We’ve improved functionality and design for a number of Firefox search features: * Selecting a search engine at the bottom of the search panel now enters search mode for that engine, allowing you to see suggestions (if available) for your search terms. The old behavior (immediately performing a search) is available with a shift-click. * When Firefox autocompletes the URL of one of your search engines, you can now search with that engine directly in the address bar by selecting the shortcut in the address bar results. * We’ve added buttons at the bottom of the search panel to allow you to search your bookmarks, open tabs, and history. - Firefox supports AcroForm, which will allow you to fill in, print, and save supported PDF forms and the PDF viewer also has a new fresh look. - For our users in the US and Canada, Firefox can now save, manage, and auto-fill credit card information for you, making shopping on Firefox ever more convenient. - In addition to our default, dark and light themes, with this release, Firefox introduces the Alpenglow theme: a colorful appearance for buttons, menus, and windows. You can update your Firefox themes under settings or preferences. * Changed: Firefox no longer supports Adobe Flash. There is no setting available to re-enable Flash support. * Enterprise: Various bug fixes and new policies have been implemented in the latest version of Firefox. See more details in the Firefox for Enterprise 91 Release Notes. MFSA 2021-33 (bsc#1188891): * CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption * CVE-2021-29981: Live range splitting could have led to conflicting assignments in the JIT * CVE-2021-29988: Memory corruption as a result of incorrect style treatment * CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode * CVE-2021-29984: Incorrect instruction reordering during JIT optimization * CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption * CVE-2021-29987: Users could have been tricked into accepting unwanted permissions on Linux * CVE-2021-29985: Use-after-free media channels * CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and type confusion * CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 * CVE-2021-29990: Memory safety bugs fixed in Firefox 91 Important SUSE bug 1188891 SUSE bug 1189547 SUSE bug 1190269 SUSE bug 1190274 CVE-2021-29980 CVE-2021-29981 CVE-2021-29982 CVE-2021-29983 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29987 CVE-2021-29988 CVE-2021-29989 CVE-2021-29990 CVE-2021-29991 CVE-2021-38492 CVE-2021-38495 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for zsh fixes the following issues: - CVE-2018-0502: Fixed execve call vulnerability to program named on the second line when the beginning of a #! script file was mishandled. (bsc#1107296, bsc#1107294) - CVE-2018-13259: Fixed execve call vulnerability to program name that is a substring of the intended one. (bsc#1107296, bsc#1107294) Important SUSE bug 1107294 SUSE bug 1107296 CVE-2018-0502 CVE-2018-13259 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 5 Fix Pack 0 - CVE-2021-41035: before version 0.29.0, the openj9 JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. (bsc#1194198, bsc#1192052) - CVE-2021-35586: Excessive memory allocation in BMPImageReader. (bsc#1191914) - CVE-2021-35564: Certificates with end dates too far in the future can corrupt keystore. (bsc#1191913) - CVE-2021-35559: Excessive memory allocation in RTFReader. (bsc#1191911) - CVE-2021-35556: Excessive memory allocation in RTFParser. (bsc#1191910) - CVE-2021-35565: Loop in HttpsServer triggered during TLS session close. (bsc#1191909) - CVE-2021-35588: Incomplete validation of inner class references in ClassFileParser. (bsc#1191905) - CVE-2021-2341: Fixed a flaw inside the FtpClient. (bsc#1188564) - CVE-2021-2369: JAR file handling problem containing multiple MANIFEST.MF files. (bsc#1188565) - CVE-2021-2432: Fixed a vulnerability in the omponent JNDI. (bsc#1188568) - CVE-2021-2163: Incomplete enforcement of JAR signing disabled algorithms. (bsc#1185055) Moderate SUSE bug 1185055 SUSE bug 1188564 SUSE bug 1188565 SUSE bug 1188568 SUSE bug 1191905 SUSE bug 1191909 SUSE bug 1191910 SUSE bug 1191911 SUSE bug 1191913 SUSE bug 1191914 SUSE bug 1192052 SUSE bug 1194198 SUSE bug 1194232 CVE-2021-2163 CVE-2021-2341 CVE-2021-2369 CVE-2021-2432 CVE-2021-35556 CVE-2021-35559 CVE-2021-35564 CVE-2021-35565 CVE-2021-35586 CVE-2021-35588 CVE-2021-41035 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for gzip fixes the following issues: - CVE-2022-1271: Add hardening for zgrep. (bsc#1198062) Important CVE-2022-1271 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for webkit2gtk3 fixes the following issues: Update to version 2.36.0 (bsc#1198290): - CVE-2022-22624: Fixed use after free that may lead to arbitrary code execution. - CVE-2022-22628: Fixed use after free that may lead to arbitrary code execution. - CVE-2022-22629: Fixed a buffer overflow that may lead to arbitrary code execution. - CVE-2022-22637: Fixed an unexpected cross-origin behavior due to a logic error. Missing CVE reference for the update to 2.34.6 (bsc#1196133): - CVE-2022-22594: Fixed a cross-origin issue in the IndexDB API. Important SUSE bug 1196133 SUSE bug 1198290 CVE-2022-22594 CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22637 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). Important SUSE bug 1199240 CVE-2022-29155 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) Important SUSE bug 1198446 CVE-2022-1304 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220510 release. (bsc#1199423) Updated to Intel CPU Microcode 20220419 release. (bsc#1198717) - CVE-2022-21151: Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access (bsc#1199423). Moderate SUSE bug 1198717 SUSE bug 1199423 CVE-2022-21151 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.9.0 ESR (MFSA 2022-17)(bsc#1198970): - CVE-2022-29914: Fullscreen notification bypass using popups - CVE-2022-29909: Bypassing permission prompt in nested browsing contexts - CVE-2022-29916: Leaking browser history with CSS variables - CVE-2022-29911: iframe Sandbox bypass - CVE-2022-29912: Reader mode bypassed SameSite cookies - CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9 Important SUSE bug 1198970 CVE-2022-29909 CVE-2022-29911 CVE-2022-29912 CVE-2022-29914 CVE-2022-29916 CVE-2022-29917 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed a dangling symlink when g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION (bsc#1183533). Low SUSE bug 1183533 CVE-2021-28153 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). - Fixed issue with SASL init that crashed slapd at startup under certain conditions (bsc#1198383). Important SUSE bug 1198383 SUSE bug 1199240 CVE-2022-29155 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251). - CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362). - CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474). - CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476). - CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477). - CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478). - CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479). - CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480). Important SUSE bug 1194251 SUSE bug 1194362 SUSE bug 1194474 SUSE bug 1194476 SUSE bug 1194477 SUSE bug 1194478 SUSE bug 1194479 SUSE bug 1194480 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for postgresql10 fixes the following issues: - CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes (bsc#1199475). Important SUSE bug 1199475 CVE-2022-1552 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.9.1 ESR - MFSA 2022-19 (bsc#1199768): - CVE-2022-1802: Prototype pollution in Top-Level Await implementation - CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution Important SUSE bug 1199768 CVE-2022-1529 CVE-2022-1802 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python-requests fixes the following issues: - CVE-2018-18074: Fixed to prevent the package to send an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect. (bsc#1111622) Moderate SUSE bug 1111622 CVE-2018-18074 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libxml2 fixes the following issues: - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c and tree.c (bsc#1199132). - CVE-2017-16932: Prevent infinite recursion in parameter entities (bsc#1069689). Important SUSE bug 1069689 SUSE bug 1199132 CVE-2017-16932 CVE-2022-29824 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed out-of-bounds read via missing Unicode property matching issue in JIT compiled regular expressions (bsc#1199232). Important SUSE bug 1199232 CVE-2022-1586 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for kernel-firmware fixes the following issues: Update AMD ucode and SEV firmware - (CVE-2021-26339, CVE-2021-26373, CVE-2021-26347, CVE-2021-26376, CVE-2021-26375, CVE-2021-26378, CVE-2021-26372, CVE-2021-26339, CVE-2021-26348, CVE-2021-26342, CVE-2021-26388, CVE-2021-26349, CVE-2021-26364, CVE-2021-26312, CVE-2021-26350, CVE-2021-46744, bsc#1199459, bsc#1199470) Moderate SUSE bug 1199459 SUSE bug 1199470 CVE-2021-26312 CVE-2021-26339 CVE-2021-26342 CVE-2021-26347 CVE-2021-26348 CVE-2021-26349 CVE-2021-26350 CVE-2021-26364 CVE-2021-26372 CVE-2021-26373 CVE-2021-26375 CVE-2021-26376 CVE-2021-26378 CVE-2021-26388 CVE-2021-46744 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for wpa_supplicant fixes the following issues: - CVE-2022-23303, CVE-2022-23304: Fixed SAE/EAP-pwd side-channel attacks (bsc#1194732, bsc#1194733) - CVE-2021-0326: Fixed P2P group information processing vulnerability (bsc#1181777) - Fix systemd device ready dependencies in wpa_supplicant@.service file. (bsc#1182805) - Limit P2P_DEVICE name to appropriate ifname size - Enable SAE support(jsc#SLE-14992). - Fix wicked wlan (bsc#1156920) - Change wpa_supplicant.service to ensure wpa_supplicant gets started before network. Fix WLAN config on boot with wicked. (bsc#1166933) - Adjust the service to start after network.target wrt bsc#1165266 Update to 2.9 release: * SAE changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * EAP-pwd changes - disable use of groups using Brainpool curves - allow the set of groups to be configured (eap_pwd_groups) - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * fixed FT-EAP initial mobility domain association using PMKSA caching (disabled by default for backwards compatibility; can be enabled with ft_eap_pmksa_caching=1) * fixed a regression in OpenSSL 1.1+ engine loading * added validation of RSNE in (Re)Association Response frames * fixed DPP bootstrapping URI parser of channel list * extended EAP-SIM/AKA fast re-authentication to allow use with FILS * extended ca_cert_blob to support PEM format * improved robustness of P2P Action frame scheduling * added support for EAP-SIM/AKA using anonymous@realm identity * fixed Hotspot 2.0 credential selection based on roaming consortium to ignore credentials without a specific EAP method * added experimental support for EAP-TEAP peer (RFC 7170) * added experimental support for EAP-TLS peer with TLS v1.3 * fixed a regression in WMM parameter configuration for a TDLS peer * fixed a regression in operation with drivers that offload 802.1X 4-way handshake * fixed an ECDH operation corner case with OpenSSL * SAE changes - added support for SAE Password Identifier - changed default configuration to enable only groups 19, 20, 21 (i.e., disable groups 25 and 26) and disable all unsuitable groups completely based on REVmd changes - do not regenerate PWE unnecessarily when the AP uses the anti-clogging token mechanisms - fixed some association cases where both SAE and FT-SAE were enabled on both the station and the selected AP - started to prefer FT-SAE over SAE AKM if both are enabled - started to prefer FT-SAE over FT-PSK if both are enabled - fixed FT-SAE when SAE PMKSA caching is used - reject use of unsuitable groups based on new implementation guidance in REVmd (allow only FFC groups with prime >= 3072 bits and ECC groups with prime >= 256) - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-1/] (CVE-2019-9494, bsc#1131868) * EAP-pwd changes - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-2/] (CVE-2019-9495, bsc#1131870) - verify server scalar/element [https://w1.fi/security/2019-4/] (CVE-2019-9497, CVE-2019-9498, CVE-2019-9499, bsc#1131874, bsc#1131872, bsc#1131871, bsc#1131644) - fix message reassembly issue with unexpected fragment [https://w1.fi/security/2019-5/] (CVE-2019-11555, bsc#1133640) - enforce rand,mask generation rules more strictly - fix a memory leak in PWE derivation - disallow ECC groups with a prime under 256 bits (groups 25, 26, and 27) - SAE/EAP-pwd side-channel attack update [https://w1.fi/security/2019-6/] (CVE-2019-13377, bsc#1144443) * fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y * Hotspot 2.0 changes - do not indicate release number that is higher than the one AP supports - added support for release number 3 - enable PMF automatically for network profiles created from credentials * fixed OWE network profile saving * fixed DPP network profile saving * added support for RSN operating channel validation (CONFIG_OCV=y and network profile parameter ocv=1) * added Multi-AP backhaul STA support * fixed build with LibreSSL * number of MKA/MACsec fixes and extensions * extended domain_match and domain_suffix_match to allow list of values * fixed dNSName matching in domain_match and domain_suffix_match when using wolfSSL * started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both are enabled * extended nl80211 Connect and external authentication to support SAE, FT-SAE, FT-EAP-SHA384 * fixed KEK2 derivation for FILS+FT * extended client_cert file to allow loading of a chain of PEM encoded certificates * extended beacon reporting functionality * extended D-Bus interface with number of new properties * fixed a regression in FT-over-DS with mac80211-based drivers * OpenSSL: allow systemwide policies to be overridden * extended driver flags indication for separate 802.1X and PSK 4-way handshake offload capability * added support for random P2P Device/Interface Address use * extended PEAP to derive EMSK to enable use with ERP/FILS * extended WPS to allow SAE configuration to be added automatically for PSK (wps_cred_add_sae=1) * removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS) * extended domain_match and domain_suffix_match to allow list of values * added a RSN workaround for misbehaving PMF APs that advertise IGTK/BIP KeyID using incorrect byte order * fixed PTK rekeying with FILS and FT * fixed WPA packet number reuse with replayed messages and key reinstallation [https://w1.fi/security/2017-1/] (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) * fixed unauthenticated EAPOL-Key decryption in wpa_supplicant [https://w1.fi/security/2018-1/] (CVE-2018-14526) * added support for FILS (IEEE 802.11ai) shared key authentication * added support for OWE (Opportunistic Wireless Encryption, RFC 8110; and transition mode defined by WFA) * added support for DPP (Wi-Fi Device Provisioning Protocol) * added support for RSA 3k key case with Suite B 192-bit level * fixed Suite B PMKSA caching not to update PMKID during each 4-way handshake * fixed EAP-pwd pre-processing with PasswordHashHash * added EAP-pwd client support for salted passwords * fixed a regression in TDLS prohibited bit validation * started to use estimated throughput to avoid undesired signal strength based roaming decision * MACsec/MKA: - new macsec_linux driver interface support for the Linux kernel macsec module - number of fixes and extensions * added support for external persistent storage of PMKSA cache (PMKSA_GET/PMKSA_ADD control interface commands; and MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case) * fixed mesh channel configuration pri/sec switch case * added support for beacon report * large number of other fixes, cleanup, and extensions * added support for randomizing local address for GAS queries (gas_rand_mac_addr parameter) * fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel * added option for using random WPS UUID (auto_uuid=1) * added SHA256-hash support for OCSP certificate matching * fixed EAP-AKA' to add AT_KDF into Synchronization-Failure * fixed a regression in RSN pre-authentication candidate selection * added option to configure allowed group management cipher suites (group_mgmt network profile parameter) * removed all PeerKey functionality * fixed nl80211 AP and mesh mode configuration regression with Linux 4.15 and newer * added ap_isolate configuration option for AP mode * added support for nl80211 to offload 4-way handshake into the driver * added support for using wolfSSL cryptographic library * SAE - added support for configuring SAE password separately of the WPA2 PSK/passphrase - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection for SAE; note: this is not backwards compatible, i.e., both the AP and station side implementations will need to be update at the same time to maintain interoperability - added support for Password Identifier - fixed FT-SAE PMKID matching * Hotspot 2.0 - added support for fetching of Operator Icon Metadata ANQP-element - added support for Roaming Consortium Selection element - added support for Terms and Conditions - added support for OSEN connection in a shared RSN BSS - added support for fetching Venue URL information * added support for using OpenSSL 1.1.1 * FT - disabled PMKSA caching with FT since it is not fully functional - added support for SHA384 based AKM - added support for BIP ciphers BIP-CMAC-256, BIP-GMAC-128, BIP-GMAC-256 in addition to previously supported BIP-CMAC-128 - fixed additional IE inclusion in Reassociation Request frame when using FT protocol - CVE-2015-8041: Using O_WRONLY flag [http://w1.fi/security/2015-5/] Important SUSE bug 1131644 SUSE bug 1131868 SUSE bug 1131870 SUSE bug 1131871 SUSE bug 1131872 SUSE bug 1131874 SUSE bug 1133640 SUSE bug 1144443 SUSE bug 1156920 SUSE bug 1165266 SUSE bug 1166933 SUSE bug 1167331 SUSE bug 1182805 SUSE bug 1194732 SUSE bug 1194733 CVE-2015-8041 CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 CVE-2018-14526 CVE-2019-11555 CVE-2019-13377 CVE-2019-9494 CVE-2019-9495 CVE-2019-9497 CVE-2019-9498 CVE-2019-9499 CVE-2022-23303 CVE-2022-23304 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for postgresql14 fixes the following issues: - CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes (bsc#1199475). Important SUSE bug 1199475 CVE-2022-1552 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ImageMagick fixes the following issues: - CVE-2022-1270: Fixed a memory corruption issue when parsing MIFF files (bsc#1198351). - CVE-2022-28463: Fixed buffer overflow in coders/cin.c (bsc#1199350). Important SUSE bug 1198351 SUSE bug 1199350 CVE-2022-1270 CVE-2022-28463 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for mailman fixes the following issues: - CVE-2021-44227: Preventing list moderator or list member accessing the admin UI (bsc#1193316). - CVE-2021-43332: Preventing list moderator from cracking the list admin password encrypted in a CSRF token (bsc#1192741). - CVE-2021-43331: Fixed XSS in Cgi/options.py (bsc#1192735). - CVE-2021-42096: Add protection against remote privilege escalation via csrf_token derived from admin password (bsc#1191959). Important SUSE bug 1191959 SUSE bug 1192735 SUSE bug 1192741 SUSE bug 1193316 CVE-2021-42096 CVE-2021-43331 CVE-2021-43332 CVE-2021-44227 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for polkit fixes the following issues: - CVE-2021-4034: Fixed a local privilege escalation in pkexec (bsc#1194568). Important SUSE bug 1194568 CVE-2021-4034 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for librelp fixes the following issues: - CVE-2018-1000140: Fixed remote attack via specially crafted x509 certificates when connecting to rsyslog to trigger a stack buffer overflow and run arbitrary code (bsc#1086730). Moderate SUSE bug 1086730 CVE-2018-1000140 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.10.0 ESR (MFSA 2022-21)(bsc#1200027) - CVE-2022-31736: Cross-Origin resource's length leaked - CVE-2022-31737: Heap buffer overflow in WebGL - CVE-2022-31738: Browser window spoof using fullscreen mode - CVE-2022-31739: Attacker-influenced path traversal when saving downloaded files - CVE-2022-31740: Register allocation problem in WASM on arm64 - CVE-2022-31741: Uninitialized variable leads to invalid memory read - CVE-2022-31742: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information - CVE-2022-31747: Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10 Important SUSE bug 1200027 CVE-2022-31736 CVE-2022-31737 CVE-2022-31738 CVE-2022-31739 CVE-2022-31740 CVE-2022-31741 CVE-2022-31742 CVE-2022-31747 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for strongswan fixes the following issues: - CVE-2021-45079: Fixed authentication bypass in EAP authentication. (bsc#1194471) Important SUSE bug 1194471 CVE-2021-45079 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for mozilla-nss fixes the following issues: Mozilla NSS 3.68.4 (bsc#1200027) * CVE-2022-31741: Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590) Important SUSE bug 1200027 CVE-2022-31741 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for grub2 fixes the following issues: Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581) - CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184) - CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185) - CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186) - CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460) - CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493) - CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496) - Update SBAT security contact (bsc#1193282) - Bump grub's SBAT generation to 2 - Use boot disks in OpenFirmware, fixing regression caused when the root LV is completely in the boot LUN (bsc#1197948) Important SUSE bug 1191184 SUSE bug 1191185 SUSE bug 1191186 SUSE bug 1193282 SUSE bug 1197948 SUSE bug 1198460 SUSE bug 1198493 SUSE bug 1198496 SUSE bug 1198581 CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2022-28733 CVE-2022-28734 CVE-2022-28736 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated. The following security bugs were fixed: - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) - CVE-2021-39711: Fixed a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1197219). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012). - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647). - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2021-43389: Fixed an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958). - CVE-2019-20811: Fixed issue in rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, where a reference count is mishandled (bnc#1172456). - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055). - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c. (bnc#1198516) - CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723). - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343) The following non-security bugs were fixed: - btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399). - btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399). - debug: Lock down kgdb (bsc#1199426). - dimlib: make DIMLIB a hidden symbol (bsc#1197099 jsc#SLE-24124). - lib/dim: Fix -Wunused-const-variable warnings (bsc#1197099 jsc#SLE-24124). - lib/dim: fix help text typos (bsc#1197099 jsc#SLE-24124). - linux/dim: Add completions count to dim_sample (bsc#1197099 jsc#SLE-24124). - linux/dim: Fix overflow in dim calculation (bsc#1197099 jsc#SLE-24124). - linux/dim: Implement RDMA adaptive moderation (DIM) (bsc#1197099 jsc#SLE-24124). - linux/dim: Move implementation to .c files (bsc#1197099 jsc#SLE-24124). - linux/dim: Move logic to dim.h (bsc#1197099 jsc#SLE-24124). - linux/dim: Remove 'net' prefix from internal DIM members (bsc#1197099 jsc#SLE-24124). - linux/dim: Rename externally exposed macros (bsc#1197099 jsc#SLE-24124). - linux/dim: Rename externally used net_dim members (bsc#1197099 jsc#SLE-24124). - linux/dim: Rename net_dim_sample() to net_dim_update_sample() (bsc#1197099 jsc#SLE-24124). - net: ena: A typo fix in the file ena_com.h (bsc#1197099 jsc#SLE-24124). - net: ena: Add capabilities field with support for ENI stats capability (bsc#1197099 jsc#SLE-24124). - net: ena: add device distinct log prefix to files (bsc#1197099 jsc#SLE-24124). - net: ena: Add first_interrupt field to napi struct (bsc#1197099 jsc#SLE-24124). - net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it (bsc#1197099 jsc#SLE-24124). - net: ena: add jiffies of last napi call to stats (bsc#1197099 jsc#SLE-24124). - net: ena: add missing ethtool TX timestamping indication (bsc#1197099 jsc#SLE-24124). - net: ena: add reserved PCI device ID (bsc#1197099 jsc#SLE-24124). - net: ena: add support for reporting of packet drops (bsc#1197099 jsc#SLE-24124). - net: ena: add support for the rx offset feature (bsc#1197099 jsc#SLE-24124). - net: ena: add support for traffic mirroring (bsc#1197099 jsc#SLE-24124). - net: ena: add unmask interrupts statistics to ethtool (bsc#1197099 jsc#SLE-24124). - net: ena: aggregate stats increase into a function (bsc#1197099 jsc#SLE-24124). - net: ena: allow setting the hash function without changing the key (bsc#1197099 jsc#SLE-24124). - net: ena: avoid memory access violation by validating req_id properly (bsc#1197099 jsc#SLE-24124). - net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1197099 jsc#SLE-24124). - net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1197099 jsc#SLE-24124). - net: ena: Capitalize all log strings and improve code readability (bsc#1197099 jsc#SLE-24124). - net: ena: change default RSS hash function to Toeplitz (bsc#1197099 jsc#SLE-24124). - net: ena: Change ENI stats support check to use capabilities field (bsc#1197099 jsc#SLE-24124). - net: ena: Change license into format to SPDX in all files (bsc#1197099 jsc#SLE-24124). - net: ena: Change log message to netif/dev function (bsc#1197099 jsc#SLE-24124). - net: ena: change num_queues to num_io_queues for clarity and consistency (bsc#1197099 jsc#SLE-24124). - net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1197099 jsc#SLE-24124). - net: ena: Change RSS related macros and variables names (bsc#1197099 jsc#SLE-24124). - net: ena: Change the name of bad_csum variable (bsc#1197099 jsc#SLE-24124). - net: ena: changes to RSS hash key allocation (bsc#1197099 jsc#SLE-24124). - net: ena: clean up indentation issue (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: code reorderings (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: fix line break issues (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: fix spacing issues (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: minor code changes (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: remove unnecessary code (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1197099 jsc#SLE-24124). - net: ena: do not wake up tx queue when down (bsc#1197099 jsc#SLE-24124). - net: ena: drop superfluous prototype (bsc#1197099 jsc#SLE-24124). - net: ena: ena-com.c: prevent NULL pointer dereference (bsc#1197099 jsc#SLE-24124). - net: ena: enable support of rss hash key and function changes (bsc#1197099 jsc#SLE-24124). - net: ena: enable the interrupt_moderation in driver_supported_features (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: Add new device statistics (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: clean up minor indentation issue (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: get_channels: use combined only (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: remove redundant non-zero check on rc (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: support set_channels callback (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: use correct value for crc32 hash (bsc#1197099 jsc#SLE-24124). - net: ena: Fix all static chekers' warnings (bsc#1197099 jsc#SLE-24124). - net: ena: Fix build warning in ena_xdp_set() (bsc#1197099 jsc#SLE-24124). - net: ena: fix coding style nits (bsc#1197099 jsc#SLE-24124). - net: ena: fix continuous keep-alive resets (bsc#1197099 jsc#SLE-24124). - net: ena: fix corruption of dev_idx_to_host_tbl (bsc#1197099 jsc#SLE-24124). - net: ena: fix default tx interrupt moderation interval (bsc#1197099 jsc#SLE-24124). - net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1197099 jsc#SLE-24124). - net: ena: Fix error handling when calculating max IO queues number (bsc#1197099 jsc#SLE-24124). - net: ena: fix error returning in ena_com_get_hash_function() (bsc#1197099 jsc#SLE-24124). - net: ena: fix inaccurate print type (bsc#1197099 jsc#SLE-24124). - net: ena: fix incorrect default RSS key (bsc#1197099 jsc#SLE-24124). - net: ena: fix incorrect setting of the number of msix vectors (bsc#1197099 jsc#SLE-24124). - net: ena: fix incorrect update of intr_delay_resolution (bsc#1197099 jsc#SLE-24124). - net: ena: fix incorrectly saving queue numbers when setting RSS indirection table (bsc#1197099 jsc#SLE-24124). - net: ena: fix issues in setting interrupt moderation params in ethtool (bsc#1197099 jsc#SLE-24124). - net: ena: fix packet's addresses for rx_offset feature (bsc#1197099 jsc#SLE-24124). - net: ena: fix potential crash when rxfh key is NULL (bsc#1197099 jsc#SLE-24124). - net: ena: fix request of incorrect number of IRQ vectors (bsc#1197099 jsc#SLE-24124). - net: ena: fix retrieval of nonadaptive interrupt moderation intervals (bsc#1197099 jsc#SLE-24124). - net: ena: fix update of interrupt moderation register (bsc#1197099 jsc#SLE-24124). - net: ena: fix uses of round_jiffies() (bsc#1197099 jsc#SLE-24124). - net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1197099 jsc#SLE-24124). - net: ena: Fix wrong rx request id by resetting device (bsc#1197099 jsc#SLE-24124). - net: ena: handle bad request id in ena_netdev (bsc#1197099 jsc#SLE-24124). - net: ena: Improve error logging in driver (bsc#1197099 jsc#SLE-24124). - net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE (bsc#1197099 jsc#SLE-24124). - net: ena: make ethtool -l show correct max number of queues (bsc#1197099 jsc#SLE-24124). - net: ena: Make missed_tx stat incremental (bsc#1197099 jsc#SLE-24124). - net: ena: make symbol 'ena_alloc_map_page' static (bsc#1197099 jsc#SLE-24124). - net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1197099 jsc#SLE-24124). - net: ena: Move reset completion print to the reset function (bsc#1197099 jsc#SLE-24124). - net: ena: multiple queue creation related cleanups (bsc#1197099 jsc#SLE-24124). - net: ena: Prevent reset after device destruction (bsc#1197099 jsc#SLE-24124). - net: ena: re-organize code to improve readability (bsc#1197099 jsc#SLE-24124). - net: ena: reduce driver load time (bsc#1197099 jsc#SLE-24124). - net: ena: reimplement set/get_coalesce() (bsc#1197099 jsc#SLE-24124). - net: ena: remove all old adaptive rx interrupt moderation code from ena_com (bsc#1197099 jsc#SLE-24124). - net: ena: remove code duplication in ena_com_update_nonadaptive_moderation_interval _*() (bsc#1197099 jsc#SLE-24124). - net: ena: remove code that does nothing (bsc#1197099 jsc#SLE-24124). - net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1197099 jsc#SLE-24124). - net: ena: remove ena_restore_ethtool_params() and relevant fields (bsc#1197099 jsc#SLE-24124). - net: ena: remove extra words from comments (bsc#1197099 jsc#SLE-24124). - net: ena: Remove module param and change message severity (bsc#1197099 jsc#SLE-24124). - net: ena: remove old adaptive interrupt moderation code from ena_netdev (bsc#1197099 jsc#SLE-24124). - net: ena: remove redundant print of number of queues (bsc#1197099 jsc#SLE-24124). - net: ena: Remove redundant print of placement policy (bsc#1197099 jsc#SLE-24124). - net: ena: Remove redundant return code check (bsc#1197099 jsc#SLE-24124). - net: ena: remove set but not used variable 'hash_key' (bsc#1197099 jsc#SLE-24124). - net: ena: Remove unused code (bsc#1197099 jsc#SLE-24124). - net: ena: rename ena_com_free_desc to make API more uniform (bsc#1197099 jsc#SLE-24124). - net: ena: rss: do not allocate key when not supported (bsc#1197099 jsc#SLE-24124). - net: ena: rss: fix failure to get indirection table (bsc#1197099 jsc#SLE-24124). - net: ena: rss: store hash function as values and not bits (bsc#1197099 jsc#SLE-24124). - net: ena: Select DIMLIB for ENA_ETHERNET (bsc#1197099 jsc#SLE-24124). - net: ena: set initial DMA width to avoid intel iommu issue (bsc#1197099 jsc#SLE-24124). - net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1197099 jsc#SLE-24124). - net: ena: store values in their appropriate variables types (bsc#1197099 jsc#SLE-24124). - net: ena: support new LLQ acceleration mode (bsc#1197099 jsc#SLE-24124). - net: ena: switch to dim algorithm for rx adaptive interrupt moderation (bsc#1197099 jsc#SLE-24124). - net: ena: use constant value for net_device allocation (bsc#1197099 jsc#SLE-24124). - net: ena: Use dev_alloc() in RX buffer allocation (bsc#1197099 jsc#SLE-24124). - net: ena: use explicit variable size for clarity (bsc#1197099 jsc#SLE-24124). - net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1197099 jsc#SLE-24124). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - net: update net_dim documentation after rename (bsc#1197099 jsc#SLE-24124). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - powerpc/pseries: extract host bridge from pci_bus prior to bus removal (bsc#1182171 ltc#190900 bsc#1198660 ltc#197803). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729 bsc#1198660 ltc#197803). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825). - x86/pm: Save the MSR validity status at context setup (bsc#1114648). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1114648). Important SUSE bug 1028340 SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1114648 SUSE bug 1172456 SUSE bug 1182171 SUSE bug 1183723 SUSE bug 1187055 SUSE bug 1191647 SUSE bug 1191958 SUSE bug 1195651 SUSE bug 1196426 SUSE bug 1197099 SUSE bug 1197219 SUSE bug 1197343 SUSE bug 1198400 SUSE bug 1198516 SUSE bug 1198660 SUSE bug 1198687 SUSE bug 1198742 SUSE bug 1198825 SUSE bug 1199012 SUSE bug 1199063 SUSE bug 1199314 SUSE bug 1199399 SUSE bug 1199426 SUSE bug 1199505 SUSE bug 1199605 SUSE bug 1199650 CVE-2019-20811 CVE-2021-20292 CVE-2021-20321 CVE-2021-33061 CVE-2021-38208 CVE-2021-39711 CVE-2021-43389 CVE-2022-1011 CVE-2022-1353 CVE-2022-1419 CVE-2022-1516 CVE-2022-1652 CVE-2022-1734 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-30594 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for webkit2gtk3 fixes the following issues: Update to version 2.36.3 (bsc#1200106) - CVE-2022-30293: Fixed heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer (bsc#1199287). - CVE-2022-26700: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26709: Fixed use after free issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26716: Fixed use after free issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26717: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26719: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). Important SUSE bug 1199287 SUSE bug 1200106 CVE-2022-26700 CVE-2022-26709 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-30293 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for apache2 fixes the following issues: - CVE-2022-26377: Fixed possible request smuggling in mod_proxy_ajp (bsc#1200338) - CVE-2022-28614: Fixed read beyond bounds via ap_rwrite() (bsc#1200340) - CVE-2022-28615: Fixed read beyond bounds in ap_strcmp_match() (bsc#1200341) - CVE-2022-29404: Fixed denial of service in mod_lua r:parsebody (bsc#1200345) - CVE-2022-30556: Fixed information disclosure in mod_lua with websockets (bsc#1200350) - CVE-2022-30522: Fixed mod_sed denial of service (bsc#1200352) - CVE-2022-31813: Fixed mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism (bsc#1200348) Important SUSE bug 1200338 SUSE bug 1200340 SUSE bug 1200341 SUSE bug 1200345 SUSE bug 1200348 SUSE bug 1200350 SUSE bug 1200352 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 CVE-2022-31813 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssl-1_0_0 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). Important SUSE bug 1199166 CVE-2022-1292 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for log4j fixes the following issues: - CVE-2022-23307: Fix deserialization issue by removing the chainsaw sub-package. (bsc#1194844) - CVE-2022-23305: Fix SQL injection by removing src/main/java/org/apache/log4j/jdbc/JDBCAppender.java. (bsc#1194843) - CVE-2022-23302: Fix remote code execution by removing src/main/java/org/apache/log4j/net/JMSSink.java. (bsc#1194842) Important SUSE bug 1194842 SUSE bug 1194843 SUSE bug 1194844 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update fixes the following issues: golang-github-QubitProducts-exporter_exporter: - Adapted to build on Enterprise Linux. - Fix build for RedHat 7 - Require Go >= 1.14 also for CentOS - Add support for CentOS - Replace %{?systemd_requires} with %{?systemd_ordering} golang-github-prometheus-alertmanager: - CVE-2022-21698: Denial of service using InstrumentHandlerCounter. * Update vendor tarball with prometheus/client_golang 1.11.1 (bsc#1196338, jsc#SLE-24077) - Update required Go version to 1.16 - Update to version 0.23.0: * amtool: Detect version drift and warn users (#2672) * Add ability to skip TLS verification for amtool (#2663) * Fix empty isEqual in amtool. (#2668) * Fix main tests (#2670) * cli: add new template render command (#2538) * OpsGenie: refer to alert instead of incident (#2609) * Docs: target_match and source_match are DEPRECATED (#2665) * Fix test not waiting for cluster member to be ready - Added hardening to systemd service(s) (bsc#1181400) golang-github-prometheus-node_exporter: - CVE-2022-21698: Denial of service using InstrumentHandlerCounter. * Update vendor tarball with prometheus/client_golang 1.11.1 (bsc#1196338, jsc#SLE-24238, jsc#SLE-24239) - Update to 1.3.0 * [CHANGE] Add path label to rapl collector #2146 * [CHANGE] Exclude filesystems under /run/credentials #2157 * [CHANGE] Add TCPTimeouts to netstat default filter #2189 * [FEATURE] Add lnstat collector for metrics from /proc/net/stat/ #1771 * [FEATURE] Add darwin powersupply collector #1777 * [FEATURE] Add support for monitoring GPUs on Linux #1998 * [FEATURE] Add Darwin thermal collector #2032 * [FEATURE] Add os release collector #2094 * [FEATURE] Add netdev.address-info collector #2105 * [FEATURE] Add clocksource metrics to time collector #2197 * [ENHANCEMENT] Support glob textfile collector directories #1985 * [ENHANCEMENT] ethtool: Expose node_ethtool_info metric #2080 * [ENHANCEMENT] Use include/exclude flags for ethtool filtering #2165 * [ENHANCEMENT] Add flag to disable guest CPU metrics #2123 * [ENHANCEMENT] Add DMI collector #2131 * [ENHANCEMENT] Add threads metrics to processes collector #2164 * [ENHANCMMENT] Reduce timer GC delays in the Linux filesystem collector #2169 * [ENHANCMMENT] Add TCPTimeouts to netstat default filter #2189 * [ENHANCMMENT] Use SysctlTimeval for boottime collector on BSD #2208 * [BUGFIX] ethtool: Sanitize metric names #2093 * [BUGFIX] Fix ethtool collector for multiple interfaces #2126 * [BUGFIX] Fix possible panic on macOS #2133 * [BUGFIX] Collect flag_info and bug_info only for one core #2156 * [BUGFIX] Prevent duplicate ethtool metric names #2187 - Update to 1.2.2 * Bug fixes Fix processes collector long int parsing #2112 - Update to 1.2.1 * Removed Remove obsolete capture permission denied error patch that is already included upstream Fix zoneinfo parsing prometheus/procfs#386 Fix nvme collector log noise #2091 Fix rapl collector log noise #2092 - Update to 1.2.0 * Changes Rename filesystem collector flags to match other collectors #2012 Make node_exporter print usage to STDOUT #203 * Features Add conntrack statistics metrics #1155 Add ethtool stats collector #1832 Add flag to ignore network speed if it is unknown #1989 Add tapestats collector for Linux #2044 Add nvme collector #2062 * Enhancements Add ErrorLog plumbing to promhttp #1887 Add more Infiniband counters #2019 netclass: retrieve interface names and filter before parsing #2033 Add time zone offset metric #2060 Handle errors from disabled PSI subsystem #1983 Fix panic when using backwards compatible flags #2000 Fix wrong value for OpenBSD memory buffer cache #2015 Only initiate collectors once #2048 Handle small backwards jumps in CPU idle #2067 - Apply patch to capture permission denied error for 'energy_uj' file (bsc#1190535) grafana: - Update to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422) + Security: * Fixes XSS vulnerability in handling data sources (bsc#1195726, CVE-2022-21702) * Fixes cross-origin request forgery vulnerability (bsc#1195727, CVE-2022-21703) * Fixes Insecure Direct Object Reference vulnerability in Teams API (bsc#1195728, CVE-2022-21713) - Update to Go 1.17. - Add build-time dependency on `wire`. - Update license to GNU Affero General Public License v3.0. - Update to version 8.3.4 * GetUserInfo: return an error if no user was found (bsc#1194873, CVE-2022-21673) + Features and enhancements: * Alerting: Allow configuration of non-ready alertmanagers. * Alerting: Allow customization of Google chat message. * AppPlugins: Support app plugins with only default nav. * InfluxDB: query editor: skip fields in metadata queries. * Postgres/MySQL/MSSQL: Cancel in-flight SQL query if user cancels query in grafana. * Prometheus: Forward oauth tokens after prometheus datasource migration. + Bug fixes: * Azure Monitor: Bug fix for variable interpolations in metrics dropdowns. * Azure Monitor: Improved error messages for variable queries. * CloudMonitoring: Fixes broken variable queries that use group bys. * Configuration: You can now see your expired API keys if you have no active ones. * Elasticsearch: Fix handling multiple datalinks for a single field. * Export: Fix error being thrown when exporting dashboards using query variables that reference the default datasource. * ImportDashboard: Fixes issue with importing dashboard and name ending up in uid. * Login: Page no longer overflows on mobile. * Plugins: Set backend metadata property for core plugins. * Prometheus: Fill missing steps with null values. * Prometheus: Fix interpolation of $__rate_interval variable. * Prometheus: Interpolate variables with curly brackets syntax. * Prometheus: Respect the http-method data source setting. * Table: Fixes issue with field config applied to wrong fields when hiding columns. * Toolkit: Fix bug with rootUrls not being properly parsed when signing a private plugin. * Variables: Fix so data source variables are added to adhoc configuration. + Plugin development fixes & changes: * Toolkit: Revert build config so tslib is bundled with plugins to prevent plugins from crashing. - Update to version 8.3.3: * BarChart: Use new data error view component to show actions in panel edit. * CloudMonitor: Iterate over pageToken for resources. * Macaron: Prevent WriteHeader invalid HTTP status code panic. * AnnoListPanel: Fix interpolation of variables in tags. * CloudWatch: Allow queries to have no dimensions specified. * CloudWatch: Fix broken queries for users migrating from 8.2.4/8.2.5 to 8.3.0. * CloudWatch: Make sure MatchExact flag gets the right value. * Dashboards: Fix so that empty folders can be deleted from the manage dashboards/folders page. * InfluxDB: Improve handling of metadata query errors in InfluxQL. * Loki: Fix adding of ad hoc filters for queries with parser and line_format expressions. * Prometheus: Fix running of exemplar queries for non-histogram metrics. * Prometheus: Interpolate template variables in interval. * StateTimeline: Fix toolitp not showing when for frames with multiple fields. * TraceView: Fix virtualized scrolling when trace view is opened in right pane in Explore. * Variables: Fix repeating panels for on time range changed variables. * Variables: Fix so queryparam option works for scoped - Update to version 8.3.2 + Security: Fixes CVE-2021-43813 and CVE-2021-43815. - Update to version 8.3.1 + Security: Fixes CVE-2021-43798. - Update to version 8.3.0 * Alerting: Prevent folders from being deleted when they contain alerts. * Alerting: Show full preview value in tooltip. * BarGauge: Limit title width when name is really long. * CloudMonitoring: Avoid to escape regexps in filters. * CloudWatch: Add support for AWS Metric Insights. * TooltipPlugin: Remove other panels' shared tooltip in edit panel. * Visualizations: Limit y label width to 40% of visualization width. * Alerting: Clear alerting rule evaluation errors after intermittent failures. * Alerting: Fix refresh on legacy Alert List panel. * Dashboard: Fix queries for panels with non-integer widths. * Explore: Fix url update inconsistency. * Prometheus: Fix range variables interpolation for time ranges smaller than 1 second. * ValueMappings: Fixes issue with regex value mapping that only sets color. - Update to version 8.3.0-beta2 + Breaking changes: * Grafana 8 Alerting enabled by default for installations that do not use legacy alerting. * Keep Last State for 'If execution error or timeout' when upgrading to Grafana 8 alerting. * Alerting: Create DatasourceError alert if evaluation returns error. * Alerting: Make Unified Alerting enabled by default for those who do not use legacy alerting. * Alerting: Support mute timings configuration through the api for the embedded alert manager. * CloudWatch: Add missing AWS/Events metrics. * Docs: Add easier to find deprecation notices to certain data sources and to the changelog. * Plugins Catalog: Enable install controls based on the pluginAdminEnabled flag. * Table: Add space between values for the DefaultCell and JSONViewCell. * Tracing: Make query editors available in dashboard for Tempo and Zipkin. * AccessControl: Renamed orgs roles, removed fixed:orgs:reader introduced in beta1. * Azure Monitor: Add trap focus for modals in grafana/ui and other small a11y fixes for Azure Monitor. * CodeEditor: Prevent suggestions from being clipped. * Dashboard: Fix cache timeout persistence. * Datasource: Fix stable sort order of query responses. * Explore: Fix error in query history when removing last item. * Logs: Fix requesting of older logs when flipped order. * Prometheus: Fix running of health check query based on access mode. * TextPanel: Fix suggestions for existing panels. * Tracing: Fix incorrect indentations due to reoccurring spanIDs. * Tracing: Show start time of trace with milliseconds precision. * Variables: Make renamed or missing variable section expandable. * Select: Select menus now properly scroll during keyboard navigation. - Update to version 8.3.0-beta1 * Alerting: Add UI for contact point testing with custom annotations and labels. * Alerting: Make alert state indicator in panel header work with Grafana 8 alerts. * Alerting: Option for Discord notifier to use webhook name. * Annotations: Deprecate AnnotationsSrv. * Auth: Omit all base64 paddings in JWT tokens for the JWT auth. * Azure Monitor: Clean up fields when editing Metrics. * AzureMonitor: Add new starter dashboards. * AzureMonitor: Add starter dashboard for app monitoring with Application Insights. * Barchart/Time series: Allow x axis label. * CLI: Improve error handling for installing plugins. * CloudMonitoring: Migrate to use backend plugin SDK contracts. * CloudWatch Logs: Add retry strategy for hitting max concurrent queries. * CloudWatch: Add AWS RoboMaker metrics and dimension. * CloudWatch: Add AWS Transfer metrics and dimension. * Dashboard: replace datasource name with a reference object. * Dashboards: Show logs on time series when hovering. * Elasticsearch: Add support for Elasticsearch 8.0 (Beta). * Elasticsearch: Add time zone setting to Date Histogram aggregation. * Elasticsearch: Enable full range log volume histogram. * Elasticsearch: Full range logs volume. * Explore: Allow changing the graph type. * Explore: Show ANSI colors when highlighting matched words in the logs panel. * Graph(old) panel: Listen to events from Time series panel. * Import: Load gcom dashboards from URL. * LibraryPanels: Improves export and import of library panels between orgs. * OAuth: Support PKCE. * Panel edit: Overrides now highlight correctly when searching. * PanelEdit: Display drag indicators on draggable sections. * Plugins: Refactor Plugin Management. * Prometheus: Add custom query parameters when creating PromLink url. * Prometheus: Remove limits on metrics, labels, and values in Metrics Browser. * StateTimeline: Share cursor with rest of the panels. * Tempo: Add error details when json upload fails. * Tempo: Add filtering for service graph query. * Tempo: Add links to nodes in Service Graph pointing to Prometheus metrics. * Time series/Bar chart panel: Add ability to sort series via legend. * TimeSeries: Allow multiple axes for the same unit. * TraceView: Allow span links defined on dataFrame. * Transformations: Support a rows mode in labels to fields. * ValueMappings: Don't apply field config defaults to time fields. * Variables: Only update panels that are impacted by variable change. * API: Fix dashboard quota limit for imports. * Alerting: Fix rule editor issues with Azure Monitor data source. * Azure monitor: Make sure alert rule editor is not enabled when template variables are being used. * CloudMonitoring: Fix annotation queries. * CodeEditor: Trigger the latest getSuggestions() passed to CodeEditor. * Dashboard: Remove the current panel from the list of options in the Dashboard datasource. * Encryption: Fix decrypting secrets in alerting migration. * InfluxDB: Fix corner case where index is too large in ALIAS * NavBar: Order App plugins alphabetically. * NodeGraph: Fix zooming sensitivity on touchpads. * Plugins: Add OAuth pass-through logic to api/ds/query endpoint. * Snapshots: Fix panel inspector for snapshot data. * Tempo: Fix basic auth password reset on adding tag. * ValueMapping: Fixes issue with regex mappings. * grafana/ui: Enable slider marks display. - Update to version 8.2.7 - Update to version 8.2.6 * Security: Upgrade Docker base image to Alpine 3.14.3. * Security: Upgrade Go to 1.17.2. * TimeSeries: Fix fillBelowTo wrongly affecting fills of unrelated series. - Update to version 8.2.5 * Fix No Data behaviour in Legacy Alerting. * Alerting: Fix a bug where the metric in the evaluation string was not correctly populated. * Alerting: Fix no data behaviour in Legacy Alerting for alert rules using the AND operator. * CloudMonitoring: Ignore min and max aggregation in MQL queries. * Dashboards: 'Copy' is no longer added to new dashboard titles. * DataProxy: Fix overriding response body when response is a WebSocket upgrade. * Elasticsearch: Use field configured in query editor as field for date_histogram aggregations. * Explore: Fix running queries without a datasource property set. * InfluxDB: Fix numeric aliases in queries. * Plugins: Ensure consistent plugin settings list response. * Tempo: Fix validation of float durations. * Tracing: Correct tags for each span are shown. - Update to version 8.2.4 + Security: Fixes CVE-2021-41244. - Update to version 8.2.3 + Security: Fixes CVE-2021-41174. - Update to version 8.2.2 * Annotations: We have improved tag search performance. * Application: You can now configure an error-template title. * AzureMonitor: We removed a restriction from the resource filter query. * Packaging: We removed the ProcSubset option in systemd. This option prevented Grafana from starting in LXC environments. * Prometheus: We removed the autocomplete limit for metrics. * Table: We improved the styling of the type icons to make them more distinct from column / field name. * ValueMappings: You can now use value mapping in stat, gauge, bar gauge, and pie chart visualizations. * Alerting: Fix panic when Slack's API sends unexpected response. * Alerting: The Create Alert button now appears on the dashboard panel when you are working with a default datasource. * Explore: We fixed the problem where the Explore log panel disappears when an Elasticsearch logs query returns no results. * Graph: You can now see annotation descriptions on hover. * Logs: The system now uses the JSON parser only if the line is parsed to an object. * Prometheus: We fixed the issue where the system did not reuse TCP connections when querying from Grafana alerting. * Prometheus: We fixed the problem that resulted in an error when a user created a query with a $__interval min step. * RowsToFields: We fixed the issue where the system was not properly interpreting number values. * Scale: We fixed how the system handles NaN percent when data min = data max. * Table panel: You can now create a filter that includes special characters. - Update to version 8.2.1 * Dashboard: Fix rendering of repeating panels. * Datasources: Fix deletion of data source if plugin is not found. * Packaging: Remove systemcallfilters sections from systemd unit files. * Prometheus: Add Headers to HTTP client options. - Update to version 8.2.0 * AWS: Updated AWS authentication documentation. * Alerting: Added support Alertmanager data source for upstream Prometheus AM implementation. * Alerting: Allows more characters in label names so notifications are sent. * Alerting: Get alert rules for a dashboard or a panel using /api/v1/rules endpoints. * Annotations: Improved rendering performance of event markers. * CloudWatch Logs: Skip caching for log queries. * Explore: Added an opt-in configuration for Node Graph in Jaeger, Zipkin, and Tempo. * Packaging: Add stricter systemd unit options. * Prometheus: Metrics browser can now handle label values with * CodeEditor: Ensure that we trigger the latest onSave callback provided to the component. * DashboardList/AlertList: Fix for missing All folder value. * Plugins: Create a mock icon component to prevent console errors. - Update to version 8.2.0-beta2 * AccessControl: Document new permissions restricting data source access. * TimePicker: Add fiscal years and search to time picker. * Alerting: Added support for Unified Alerting with Grafana HA. * Alerting: Added support for tune rule evaluation using configuration options. * Alerting: Cleanups alertmanager namespace from key-value store when disabling Grafana 8 alerts. * Alerting: Remove ngalert feature toggle and introduce two new settings for enabling Grafana 8 alerts and disabling them for specific organisations. * CloudWatch: Introduced new math expression where it is necessary to specify the period field. * InfluxDB: Added support for $__interval and $__interval_ms in Flux queries for alerting. * InfluxDB: Flux queries can use more precise start and end timestamps with nanosecond-precision. * Plugins Catalog: Make the catalog the default way to interact with plugins. * Prometheus: Removed autocomplete limit for metrics. * Alerting: Fixed an issue where the edit page crashes if you tried to preview an alert without a condition set. * Alerting: Fixed rules migration to keep existing Grafana 8 alert rules. * Alerting: Fixed the silence file content generated during * Analytics: Fixed an issue related to interaction event propagation in Azure Application Insights. * BarGauge: Fixed an issue where the cell color was lit even though there was no data. * BarGauge: Improved handling of streaming data. * CloudMonitoring: Fixed INT64 label unmarshal error. * ConfirmModal: Fixes confirm button focus on modal open. * Dashboard: Add option to generate short URL for variables with values containing spaces. * Explore: No longer hides errors containing refId property. * Fixed an issue that produced State timeline panel tooltip error when data was not in sync. * InfluxDB: InfluxQL query editor is set to always use resultFormat. * Loki: Fixed creating context query for logs with parsed labels. * PageToolbar: Fixed alignment of titles. * Plugins Catalog: Update to the list of available panels after an install, update or uninstall. * TimeSeries: Fixed an issue where the shared cursor was not showing when hovering over in old Graph panel. * Variables: Fixed issues related to change of focus or refresh pages when pressing enter in a text box variable input. * Variables: Panel no longer crash when using the adhoc variable in data links. - Update to version 8.2.0-beta1 * AccessControl: Introduce new permissions to restrict access for reloading provisioning configuration. * Alerting: Add UI to edit Cortex/Loki namespace, group names, and group evaluation interval. * Alerting: Add a Test button to test contact point. * Alerting: Allow creating/editing recording rules for Loki and Cortex. * Alerting: Metrics should have the label org instead of user. * Alerting: Sort notification channels by name to make them easier to locate. * Alerting: Support org level isolation of notification * AzureMonitor: Add data links to deep link to Azure Portal Azure Resource Graph. * AzureMonitor: Add support for annotations from Azure Monitor Metrics and Azure Resource Graph services. * AzureMonitor: Show error message when subscriptions request fails in ConfigEditor. * Chore: Update to Golang 1.16.7. * CloudWatch Logs: Add link to X-Ray data source for trace IDs in logs. * CloudWatch Logs: Disable query path using websockets (Live) feature. * CloudWatch/Logs: Don't group dataframes for non time series * Cloudwatch: Migrate queries that use multiple stats to one query per stat. * Dashboard: Keep live timeseries moving left (v2). * Datasources: Introduce response_limit for datasource responses. * Explore: Add filter by trace or span ID to trace to logs * Explore: Download traces as JSON in Explore Inspector. * Explore: Reuse Dashboard's QueryRows component. * Explore: Support custom display label for derived fields buttons for Loki datasource. * Grafana UI: Update monaco-related dependencies. * Graphite: Deprecate browser access mode. * InfluxDB: Improve handling of intervals in alerting. * InfluxDB: InfluxQL query editor: Handle unusual characters in tag values better. * Jaeger: Add ability to upload JSON file for trace data. * LibraryElements: Enable specifying UID for new and existing library elements. * LibraryPanels: Remove library panel icon from the panel header so you can no longer tell that a panel is a library panel from the dashboard view. * Logs panel: Scroll to the bottom on page refresh when sorting in ascending order. * Loki: Add fuzzy search to label browser. * Navigation: Implement active state for items in the Sidemenu. * Packaging: Update PID file location from /var/run to /run. * Plugins: Add Hide OAuth Forward config option. * Postgres/MySQL/MSSQL: Add setting to limit the maximum number of rows processed. * Prometheus: Add browser access mode deprecation warning. * Prometheus: Add interpolation for built-in-time variables to backend. * Tempo: Add ability to upload trace data in JSON format. * TimeSeries/XYChart: Allow grid lines visibility control in XYChart and TimeSeries panels. * Transformations: Convert field types to time string number or boolean. * Value mappings: Add regular-expression based value mapping. * Zipkin: Add ability to upload trace JSON. * Admin: Prevent user from deleting user's current/active organization. * LibraryPanels: Fix library panel getting saved in the dashboard's folder. * OAuth: Make generic teams URL and JMES path configurable. * QueryEditor: Fix broken copy-paste for mouse middle-click * Thresholds: Fix undefined color in 'Add threshold'. * Timeseries: Add wide-to-long, and fix multi-frame output. * TooltipPlugin: Fix behavior of Shared Crosshair when Tooltip is set to All. * Grafana UI: Fix TS error property css is missing in type. - Update to version 8.1.8 - Update to version 8.1.7 * Alerting: Fix alerts with evaluation interval more than 30 seconds resolving before notification. * Elasticsearch/Prometheus: Fix usage of proper SigV4 service namespace. - Update to version 8.1.6 + Security: Fixes CVE-2021-39226. - Update to version 8.1.5 * BarChart: Fixes panel error that happens on second refresh. - Update to version 8.1.4 + Features and enhancements * Explore: Ensure logs volume bar colors match legend colors. * LDAP: Search all DNs for users. * Alerting: Fix notification channel migration. * Annotations: Fix blank panels for queries with unknown data sources. * BarChart: Fix stale values and x axis labels. * Graph: Make old graph panel thresholds work even if ngalert is enabled. * InfluxDB: Fix regex to identify / as separator. * LibraryPanels: Fix update issues related to library panels in rows. * Variables: Fix variables not updating inside a Panel when the preceding Row uses 'Repeat For'. - Update to version 8.1.3 + Bug fixes * Alerting: Fix alert flapping in the internal alertmanager. * Alerting: Fix request handler failed to convert dataframe 'results' to plugins.DataTimeSeriesSlice: input frame is not recognized as a time series. * Dashboard: Fix UIDs are not preserved when importing/creating dashboards thru importing .json file. * Dashboard: Forces panel re-render when exiting panel edit. * Dashboard: Prevent folder from changing when navigating to general settings. * Docker: Force use of libcrypto1.1 and libssl1.1 versions to fix CVE-2021-3711. * Elasticsearch: Fix metric names for alert queries. * Elasticsearch: Limit Histogram field parameter to numeric values. * Elasticsearch: Prevent pipeline aggregations to show up in terms order by options. * LibraryPanels: Prevent duplicate repeated panels from being created. * Loki: Fix ad-hoc filter in dashboard when used with parser. * Plugins: Track signed files + add warn log for plugin assets which are not signed. * Postgres/MySQL/MSSQL: Fix region annotations not displayed correctly. * Prometheus: Fix validate selector in metrics browser. * Security: Fix stylesheet injection vulnerability. * Security: Fix short URL vulnerability. - Update to version 8.1.2 * AzureMonitor: Add support for PostgreSQL and MySQL Flexible Servers. * Datasource: Change HTTP status code for failed datasource health check to 400. * Explore: Add span duration to left panel in trace viewer. * Plugins: Use file extension allowlist when serving plugin assets instead of checking for UNIX executable. * Profiling: Add support for binding pprof server to custom network interfaces. * Search: Make search icon keyboard navigable. * Template variables: Keyboard navigation improvements. * Tooltip: Display ms within minute time range. * Alerting: Fix saving LINE contact point. * Annotations: Fix alerting annotation coloring. * Annotations: Alert annotations are now visible in the correct Panel. * Auth: Hide SigV4 config UI and disable middleware when its config flag is disabled. * Dashboard: Prevent incorrect panel layout by comparing window width against theme breakpoints. * Explore: Fix showing of full log context. * PanelEdit: Fix 'Actual' size by passing the correct panel size to Dashboard. * Plugins: Fix TLS datasource settings. * Variables: Fix issue with empty drop downs on navigation. * Variables: Fix URL util converting false into true. * Toolkit: Fix matchMedia not found error. - Update to version 8.1.1 * CloudWatch Logs: Fix crash when no region is selected. - Update to version 8.1.0 * Alerting: Deduplicate receivers during migration. * ColorPicker: Display colors as RGBA. * Select: Make portalling the menu opt-in, but opt-in everywhere. * TimeRangePicker: Improve accessibility. * Annotations: Correct annotations that are displayed upon page refresh. * Annotations: Fix Enabled button that disappeared from Grafana v8.0.6. * Annotations: Fix data source template variable that was not available for annotations. * AzureMonitor: Fix annotations query editor that does not load. * Geomap: Fix scale calculations. * GraphNG: Fix y-axis autosizing. * Live: Display stream rate and fix duplicate channels in list * Loki: Update labels in log browser when time range changes in dashboard. * NGAlert: Send resolve signal to alertmanager on alerting -> Normal. * PasswordField: Prevent a password from being displayed when you click the Enter button. * Renderer: Remove debug.log file when Grafana is stopped. * Security: Update dependencies to fix CVE-2021-36222. - Update to version 8.1.0-beta3 * Alerting: Support label matcher syntax in alert rule list filter. * IconButton: Put tooltip text as aria-label. * Live: Experimental HA with Redis. * UI: FileDropzone component. * CloudWatch: Add AWS LookoutMetrics. * Docker: Fix builds by delaying go mod verify until all required files are copied over. * Exemplars: Fix disable exemplars only on the query that failed. * SQL: Fix SQL dataframe resampling (fill mode + time intervals). - Update to version 8.1.0-beta2 * Alerting: Expand the value string in alert annotations and * Auth: Add Azure HTTP authentication middleware. * Auth: Auth: Pass user role when using the authentication proxy. * Gazetteer: Update countries.json file to allow for linking to 3-letter country codes. * Config: Fix Docker builds by correcting formatting in sample.ini. * Explore: Fix encoding of internal URLs. - Update to version 8.1.0-beta1 * Alerting: Add Alertmanager notifications tab. * Alerting: Add button to deactivate current Alertmanager * Alerting: Add toggle in Loki/Prometheus data source configuration to opt out of alerting UI. * Alerting: Allow any 'evaluate for' value >=0 in the alert rule form. * Alerting: Load default configuration from status endpoint, if Cortex Alertmanager returns empty user configuration. * Alerting: view to display alert rule and its underlying data. * Annotation panel: Release the annotation panel. * Annotations: Add typeahead support for tags in built-in annotations. * AzureMonitor: Add curated dashboards for Azure services. * AzureMonitor: Add support for deep links to Microsoft Azure portal for Metrics. * AzureMonitor: Remove support for different credentials for Azure Monitor Logs. * AzureMonitor: Support querying any Resource for Logs queries. * Elasticsearch: Add frozen indices search support. * Elasticsearch: Name fields after template variables values instead of their name. * Elasticsearch: add rate aggregation. * Email: Allow configuration of content types for email notifications. * Explore: Add more meta information when line limit is hit. * Explore: UI improvements to trace view. * FieldOverrides: Added support to change display name in an override field and have it be matched by a later rule. * HTTP Client: Introduce dataproxy_max_idle_connections config variable. * InfluxDB: InfluxQL: adds tags to timeseries data. * InfluxDB: InfluxQL: make measurement search case insensitive. Legacy Alerting: Replace simplejson with a struct in webhook notification channel. * Legend: Updates display name for Last (not null) to just Last*. * Logs panel: Add option to show common labels. * Loki: Add $__range variable. * Loki: Add support for 'label_values(log stream selector, label)' in templating. * Loki: Add support for ad-hoc filtering in dashboard. * MySQL Datasource: Add timezone parameter. * NodeGraph: Show gradient fields in legend. * PanelOptions: Don't mutate panel options/field config object when updating. * PieChart: Make pie gradient more subtle to match other charts. * Prometheus: Update PromQL typeahead and highlighting. * Prometheus: interpolate variable for step field. * Provisioning: Improve validation by validating across all dashboard providers. * SQL Datasources: Allow multiple string/labels columns with time series. * Select: Portal select menu to document.body. * Team Sync: Add group mapping to support team sync in the Generic OAuth provider. * Tooltip: Make active series more noticeable. * Tracing: Add support to configure trace to logs start and end time. * Transformations: Skip merge when there is only a single data frame. * ValueMapping: Added support for mapping text to color, boolean values, NaN and Null. Improved UI for value mapping. * Visualizations: Dynamically set any config (min, max, unit, color, thresholds) from query results. * live: Add support to handle origin without a value for the port when matching with root_url. * Alerting: Handle marshaling Inf values. * AzureMonitor: Fix macro resolution for template variables. * AzureMonitor: Fix queries with Microsoft.NetApp/../../volumes resources. * AzureMonitor: Request and concat subsequent resource pages. * Bug: Fix parse duration for day. * Datasources: Improve error handling for error messages. * Explore: Correct the functionality of shift-enter shortcut across all uses. * Explore: Show all dataFrames in data tab in Inspector. * GraphNG: Fix Tooltip mode 'All' for XYChart. * Loki: Fix highlight of logs when using filter expressions with backticks. * Modal: Force modal content to overflow with scroll. * Plugins: Ignore symlinked folders when verifying plugin signature. * Toolkit: Improve error messages when tasks fail. - Update to version 8.0.7 - Update to version 8.0.6 * Alerting: Add annotation upon alert state change. * Alerting: Allow space in label and annotation names. * InfluxDB: Improve legend labels for InfluxDB query results. * Alerting: Fix improper alert by changing the handling of empty labels. * CloudWatch/Logs: Reestablish Cloud Watch alert behavior. * Dashboard: Avoid migration breaking on fieldConfig without defaults field in folded panel. * DashboardList: Fix issue not re-fetching dashboard list after variable change. * Database: Fix incorrect format of isolation level configuration parameter for MySQL. * InfluxDB: Correct tag filtering on InfluxDB data. * Links: Fix links that caused a full page reload. * Live: Fix HTTP error when InfluxDB metrics have an incomplete or asymmetrical field set. * Postgres/MySQL/MSSQL: Change time field to 'Time' for time series queries. * Postgres: Fix the handling of a null return value in query * Tempo: Show hex strings instead of uints for IDs. * TimeSeries: Improve tooltip positioning when tooltip overflows. * Transformations: Add 'prepare time series' transformer. - Update to version 8.0.5 * Cloudwatch Logs: Send error down to client. * Folders: Return 409 Conflict status when folder already exists. * TimeSeries: Do not show series in tooltip if it's hidden in the viz. * AzureMonitor: Fix issue where resource group name is missing on the resource picker button. * Chore: Fix AWS auth assuming role with workspace IAM. * DashboardQueryRunner: Fixes unrestrained subscriptions being * DateFormats: Fix reading correct setting key for use_browser_locale. * Links: Fix links to other apps outside Grafana when under sub path. * Snapshots: Fix snapshot absolute time range issue. * Table: Fix data link color. * Time Series: Fix X-axis time format when tick increment is larger than a year. * Tooltip Plugin: Prevent tooltip render if field is undefined. - Update to version 8.0.4 * Live: Rely on app url for origin check. * PieChart: Sort legend descending, update placeholder. * TimeSeries panel: Do not reinitialize plot when thresholds mode change. * Elasticsearch: Allow case sensitive custom options in date_histogram interval. * Elasticsearch: Restore previous field naming strategy when using variables. * Explore: Fix import of queries between SQL data sources. * InfluxDB: InfluxQL query editor: fix retention policy handling. * Loki: Send correct time range in template variable queries. * TimeSeries: Preserve RegExp series overrides when migrating from old graph panel. - Update to version 8.0.3 * Alerting: Increase alertmanager_conf column if MySQL. * Time series/Bar chart panel: Handle infinite numbers as nulls when converting to plot array. * TimeSeries: Ensure series overrides that contain color are migrated, and migrate the previous fieldConfig when changing the panel type. * ValueMappings: Improve singlestat value mappings migration. * Annotations: Fix annotation line and marker colors. * AzureMonitor: Fix KQL template variable queries without default workspace. * CloudWatch/Logs: Fix missing response data for log queries. * LibraryPanels: Fix crash in library panels list when panel plugin is not found. * LogsPanel: Fix performance drop when moving logs panel in * Loki: Parse log levels when ANSI coloring is enabled. * MSSQL: Fix issue with hidden queries still being executed. * PanelEdit: Display the VisualizationPicker that was not displayed if a panel has an unknown panel plugin. * Plugins: Fix loading symbolically linked plugins. * Prometheus: Fix issue where legend name was replaced with name Value in stat and gauge panels. * State Timeline: Fix crash when hovering over panel. - Update to version 8.0.2 * Datasource: Add support for max_conns_per_host in dataproxy settings. * Configuration: Fix changing org preferences in FireFox. * PieChart: Fix legend dimension limits. * Postgres/MySQL/MSSQL: Fix panic in concurrent map writes. * Variables: Hide default data source if missing from regex. - Update to version 8.0.1 * Alerting/SSE: Fix 'count_non_null' reducer validation. * Cloudwatch: Fix duplicated time series. * Cloudwatch: Fix missing defaultRegion. * Dashboard: Fix Dashboard init failed error on dashboards with old singlestat panels in collapsed rows. * Datasource: Fix storing timeout option as numeric. * Postgres/MySQL/MSSQL: Fix annotation parsing for empty * Postgres/MySQL/MSSQL: Numeric/non-string values are now returned from query variables. * Postgres: Fix an error that was thrown when the annotation query did not return any results. * StatPanel: Fix an issue with the appearance of the graph when switching color mode. * Visualizations: Fix an issue in the Stat/BarGauge/Gauge/PieChart panels where all values mode were showing the same name if they had the same value. * Toolkit: Resolve external fonts when Grafana is served from a sub path. - Update to version 8.0.0 * The following endpoints were deprecated for Grafana v5.0 and support for them has now been removed: GET /dashboards/db/:slug GET /dashboard-solo/db/:slug GET /api/dashboard/db/:slug DELETE /api/dashboards/db/:slug * AzureMonitor: Require default subscription for workspaces() template variable query. * AzureMonitor: Use resource type display names in the UI. * Dashboard: Remove support for loading and deleting dashboard by slug. * InfluxDB: Deprecate direct browser access in data source. * VizLegend: Add a read-only property. * AzureMonitor: Fix Azure Resource Graph queries in Azure China. * Checkbox: Fix vertical layout issue with checkboxes due to fixed height. * Dashboard: Fix Table view when editing causes the panel data to not update. * Dashboard: Fix issues where unsaved-changes warning is not displayed. * Login: Fixes Unauthorized message showing when on login page or snapshot page. * NodeGraph: Fix sorting markers in grid view. * Short URL: Include orgId in generated short URLs. * Variables: Support raw values of boolean type. - Update to version 8.0.0-beta3 * The default HTTP method for Prometheus data source is now POST. * API: Support folder UID in dashboards API. * Alerting: Add support for configuring avatar URL for the Discord notifier. * Alerting: Clarify that Threema Gateway Alerts support only Basic IDs. * Azure: Expose Azure settings to external plugins. * AzureMonitor: Deprecate using separate credentials for Azure Monitor Logs. * AzureMonitor: Display variables in resource picker for Azure * AzureMonitor: Hide application insights for data sources not using it. * AzureMonitor: Support querying subscriptions and resource groups in Azure Monitor Logs. * AzureMonitor: remove requirement for default subscription. * CloudWatch: Add Lambda@Edge Amazon CloudFront metrics. * CloudWatch: Add missing AWS AppSync metrics. * ConfirmModal: Auto focus delete button. * Explore: Add caching for queries that are run from logs * Loki: Add formatting for annotations. * Loki: Bring back processed bytes as meta information. * NodeGraph: Display node graph collapsed by default with trace view. * Overrides: Include a manual override option to hide something from visualization. * PieChart: Support row data in pie charts. * Prometheus: Update default HTTP method to POST for existing data sources. * Time series panel: Position tooltip correctly when window is scrolled or resized. * Admin: Fix infinite loading edit on the profile page. * Color: Fix issues with random colors in string and date * Dashboard: Fix issue with title or folder change has no effect after exiting settings view. * DataLinks: Fix an issue __series.name is not working in data link. * Datasource: Fix dataproxy timeout should always be applied for outgoing data source HTTP requests. * Elasticsearch: Fix NewClient not passing httpClientProvider to client impl. * Explore: Fix Browser title not updated on Navigation to Explore. * GraphNG: Remove fieldName and hideInLegend properties from UPlotSeriesBuilder. * OAuth: Fix fallback to auto_assign_org_role setting for Azure AD OAuth when no role claims exists. * PanelChrome: Fix issue with empty panel after adding a non data panel and coming back from panel edit. * StatPanel: Fix data link tooltip not showing for single value. * Table: Fix sorting for number fields. * Table: Have text underline for datalink, and add support for image datalink. * Transformations: Prevent FilterByValue transform from crashing panel edit. - Update to version 8.0.0-beta2 * AppPlugins: Expose react-router to apps. * AzureMonitor: Add Azure Resource Graph. * AzureMonitor: Managed Identity configuration UI. * AzureMonitor: Token provider with support for Managed Identities. * AzureMonitor: Update Logs workspace() template variable query to return resource URIs. * BarChart: Value label sizing. * CloudMonitoring: Add support for preprocessing. * CloudWatch: Add AWS/EFS StorageBytes metric. * CloudWatch: Allow use of missing AWS namespaces using custom * Datasource: Shared HTTP client provider for core backend data sources and any data source using the data source proxy. * InfluxDB: InfluxQL: allow empty tag values in the query editor. * Instrumentation: Instrument incoming HTTP request with histograms by default. * Library Panels: Add name endpoint & unique name validation to AddLibraryPanelModal. * Logs panel: Support details view. * PieChart: Always show the calculation options dropdown in the * PieChart: Remove beta flag. * Plugins: Enforce signing for all plugins. * Plugins: Remove support for deprecated backend plugin protocol version. * Tempo/Jaeger: Add better display name to legend. * Timeline: Add time range zoom. * Timeline: Adds opacity & line width option. * Timeline: Value text alignment option. * ValueMappings: Add duplicate action, and disable dismiss on backdrop click. * Zipkin: Add node graph view to trace response. * Annotations panel: Remove subpath from dashboard links. * Content Security Policy: Allow all image sources by default. * Content Security Policy: Relax default template wrt. loading of scripts, due to nonces not working. * Datasource: Fix tracing propagation for alert execution by introducing HTTP client outgoing tracing middleware. * InfluxDB: InfluxQL always apply time interval end. * Library Panels: Fixes 'error while loading library panels'. * NewsPanel: Fixes rendering issue in Safari. * PanelChrome: Fix queries being issued again when scrolling in and out of view. * Plugins: Fix Azure token provider cache panic and auth param nil value. * Snapshots: Fix key and deleteKey being ignored when creating an external snapshot. * Table: Fix issue with cell border not showing with colored background cells. * Table: Makes tooltip scrollable for long JSON values. * TimeSeries: Fix for Connected null values threshold toggle during panel editing. * Variables: Fixes inconsistent selected states on dashboard * Variables: Refreshes all panels even if panel is full screen. * QueryField: Remove carriage return character from pasted text. - Update to version 8.0.0-beta1 + License update: * AGPL License: Update license from Apache 2.0 to the GNU Affero General Public License (AGPL). * Removes the never refresh option for Query variables. * Removes the experimental Tags feature for Variables. + Deprecations: * The InfoBox & FeatureInfoBox are now deprecated please use the Alert component instead with severity info. * API: Add org users with pagination. * API: Return 404 when deleting nonexistent API key. * API: Return query results as JSON rather than base64 encoded Arrow. * Alerting: Allow sending notification tags to Opsgenie as extra properties. * Alerts: Replaces all uses of InfoBox & FeatureInfoBox with Alert. * Auth: Add support for JWT Authentication. * AzureMonitor: Add support for Microsoft.SignalRService/SignalR metrics. * AzureMonitor: Azure settings in Grafana server config. * AzureMonitor: Migrate Metrics query editor to React. * BarChart panel: enable series toggling via legend. * BarChart panel: Adds support for Tooltip in BarChartPanel. * PieChart panel: Change look of highlighted pie slices. * CloudMonitoring: Migrate config editor from angular to react. * CloudWatch: Add Amplify Console metrics and dimensions. * CloudWatch: Add missing Redshift metrics to CloudWatch data * CloudWatch: Add metrics for managed RabbitMQ service. * DashboardList: Enable templating on search tag input. * Datasource config: correctly remove single custom http header. * Elasticsearch: Add generic support for template variables. * Elasticsearch: Allow omitting field when metric supports inline script. * Elasticsearch: Allow setting a custom limit for log queries. * Elasticsearch: Guess field type from first non-empty value. * Elasticsearch: Use application/x-ndjson content type for multisearch requests. * Elasticsearch: Use semver strings to identify ES version. * Explore: Add logs navigation to request more logs. * Explore: Map Graphite queries to Loki. * Explore: Scroll split panes in Explore independently. * Explore: Wrap each panel in separate error boundary. * FieldDisplay: Smarter naming of stat values when visualising row values (all values) in stat panels. * Graphite: Expand metric names for variables. * Graphite: Handle unknown Graphite functions without breaking the visual editor. * Graphite: Show graphite functions descriptions. * Graphite: Support request cancellation properly (Uses new backendSrv.fetch Observable request API). * InfluxDB: Flux: Improve handling of complex response-structures. * InfluxDB: Support region annotations. * Inspector: Download logs for manual processing. * Jaeger: Add node graph view for trace. * Jaeger: Search traces. * Loki: Use data source settings for alerting queries. * NodeGraph: Exploration mode. * OAuth: Add support for empty scopes. * PanelChrome: New logic-less emotion based component with no dependency on PanelModel or DashboardModel. * PanelEdit: Adds a table view toggle to quickly view data in table form. * PanelEdit: Highlight matched words when searching options. * PanelEdit: UX improvements. * Plugins: PanelRenderer and simplified QueryRunner to be used from plugins. * Plugins: AuthType in route configuration and params interpolation. * Plugins: Enable plugin runtime install/uninstall capabilities. * Plugins: Support set body content in plugin routes. * Plugins: Introduce marketplace app. * Plugins: Moving the DataSourcePicker to grafana/runtime so it can be reused in plugins. * Prometheus: Add custom query params for alert and exemplars * Prometheus: Use fuzzy string matching to autocomplete metric names and label. * Routing: Replace Angular routing with react-router. * Slack: Use chat.postMessage API by default. * Tempo: Search for Traces by querying Loki directly from Tempo. * Tempo: Show graph view of the trace. * Themes: Switch theme without reload using global shortcut. * TimeSeries panel: Add support for shared cursor. * TimeSeries panel: Do not crash the panel if there is no time series data in the response. * Variables: Do not save repeated panels, rows and scopedVars. * Variables: Removes experimental Tags feature. * Variables: Removes the never refresh option. * Visualizations: Unify tooltip options across visualizations. * Visualizations: Refactor and unify option creation between new visualizations. * Visualizations: Remove singlestat panel. * APIKeys: Fixes issue with adding first api key. * Alerting: Add checks for non supported units - disable defaulting to seconds. * Alerting: Fix issue where Slack notifications won't link to user IDs. * Alerting: Omit empty message in PagerDuty notifier. * AzureMonitor: Fix migration error from older versions of App Insights queries. * CloudWatch: Fix AWS/Connect dimensions. * CloudWatch: Fix broken AWS/MediaTailor dimension name. * Dashboards: Allow string manipulation as advanced variable format option. * DataLinks: Includes harmless extended characters like Cyrillic characters. * Drawer: Fixes title overflowing its container. * Explore: Fix issue when some query errors were not shown. * Generic OAuth: Prevent adding duplicated users. * Graphite: Handle invalid annotations. * Graphite: Fix autocomplete when tags are not available. * InfluxDB: Fix Cannot read property 'length' of undefined in when parsing response. * Instrumentation: Enable tracing when Jaeger host and port are * Instrumentation: Prefix metrics with grafana. * MSSQL: By default let driver choose port. * OAuth: Add optional strict parsing of role_attribute_path. * Panel: Fixes description markdown with inline code being rendered on newlines and full width. * PanelChrome: Ignore data updates & errors for non data panels. * Permissions: Fix inherited folder permissions can prevent new permissions being added to a dashboard. * Plugins: Remove pre-existing plugin installs when installing with grafana-cli. * Plugins: Support installing to folders with whitespace and fix pluginUrl trailing and leading whitespace failures. * Postgres/MySQL/MSSQL: Don't return connection failure details to the client. * Postgres: Fix ms precision of interval in time group macro when TimescaleDB is enabled. * Provisioning: Use dashboard checksum field as change indicator. * SQL: Fix so that all captured errors are returned from sql engine. * Shortcuts: Fixes panel shortcuts so they always work. * Table: Fixes so border is visible for cells with links. * Variables: Clear query when data source type changes. * Variables: Filters out builtin variables from unknown list. * Button: Introduce buttonStyle prop. * DataQueryRequest: Remove deprecated props showingGraph and showingTabel and exploreMode. * grafana/ui: Update React Hook Form to v7. * IconButton: Introduce variant for red and blue icon buttons. * Plugins: Expose the getTimeZone function to be able to get the current selected timeZone. * TagsInput: Add className to TagsInput. * VizLegend: Move onSeriesColorChanged to PanelContext (breaking change). - Update to version 7.5.13 * Alerting: Fix NoDataFound for alert rules using AND operator. mgr-cfg: - Version 4.3.6-1 * Corrected source URL in spec file * Fix installation problem for SLE15SP4 due missing python-selinux * Fix python selinux package name depending on build target (bsc#1193600) * Do not build python 2 package for SLE15SP4 and higher * Remove unused legacy code mgr-custom-info: - Version 4.3.3-1 * Remove unused legacy code mgr-daemon: - Version 4.3.4-1 * Corrected source URLs in spec file * Update translation strings mgr-osad: - Version 4.3.6-1 * Corrected source URL in spec file. * Do not build python 2 package for SLE15SP4 and higher * Removed spacewalk-selinux dependencies. * Updated source url. mgr-push: - Version 4.3.4-1 * Corrected source URLs in spec file mgr-virtualization: - Version 4.3.5-1 * Corrected source URLs in spec file. * Do not build python 2 package for SLE15SP4 and higher prometheus-blackbox_exporter: - Enhanced to build on Enterprise Linux 8 prometheus-postgres_exporter: - Updated for RHEL8. python-hwdata: - Require python macros for building rhnlib: - Version 4.3.4-1 * Reorganize python files spacecmd: - Version 4.3.11-1 * on full system update call schedulePackageUpdate API (bsc#1197507) * parse boolean paramaters correctly (bsc#1197689) * Add parameter to set containerized proxy SSH port * Add proxy config generation subcommand * Option 'org_createfirst' added to perform initial organization and user creation * Added gettext build requirement for RHEL. * Removed RHEL 5 references. * Include group formulas configuration in spacecmd group_backup and spacecmd group_restore. This changes backup format to json, previously used plain text is still supported for reading (bsc#1190462) * Update translation strings * Improved event history listing and added new system_eventdetails command to retrieve the details of an event * Make schedule_deletearchived to get all actions without display limit * Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223) spacewalk-client-tools: - Version 4.3.9-1 * Corrected source URLs in spec file. * do not build python 2 package for SLE15 * Remove unused legacy code * Update translation strings spacewalk-koan: - Version 4.3.5-1 * Corrected source URLs in spec file. spacewalk-oscap: - Version 4.3.5-1 * Corrected source URLs in spec file. * Do not build python 2 package for SLE15SP4 and higher spacewalk-remote-utils: - Version 4.3.3-1 * Adapt the package for changes in rhnlib supportutils-plugin-susemanager-client: - Version 4.3.2-1 * Add proxy containers config and logs suseRegisterInfo: - Version 4.3.3-1 * Bump version to 4.3.0 supportutils-plugin-salt: - Add support for Salt Bundle uyuni-common-libs: - Version 4.3.4-1 * implement more decompression algorithms for reposync (bsc#1196704) * Reorganize python files * Add decompression of zck files to fileutils Important SUSE bug 1181223 SUSE bug 1181400 SUSE bug 1190462 SUSE bug 1190535 SUSE bug 1193600 SUSE bug 1194873 SUSE bug 1195726 SUSE bug 1195727 SUSE bug 1195728 SUSE bug 1196338 SUSE bug 1196704 SUSE bug 1197507 SUSE bug 1197689 CVE-2021-36222 CVE-2021-3711 CVE-2021-39226 CVE-2021-41174 CVE-2021-41244 CVE-2021-43798 CVE-2021-43813 CVE-2021-43815 CVE-2022-21673 CVE-2022-21698 CVE-2022-21702 CVE-2022-21703 CVE-2022-21713 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update of fwupdate fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Important SUSE bug 1198581 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for mariadb fixes the following issues: - CVE-2021-46669 (bsc#1199928) - CVE-2022-21427 (bsc#1199928) - CVE-2022-27377 (bsc#1198603) - CVE-2022-27378 (bsc#1198604) - CVE-2022-27380 (bsc#1198606) - CVE-2022-27381 (bsc#1198607) - CVE-2022-27383 (bsc#1198610) - CVE-2022-27384 (bsc#1198611) - CVE-2022-27386 (bsc#1198612) - CVE-2022-27387 (bsc#1198613) - CVE-2022-27445 (bsc#1198629) Important SUSE bug 1198603 SUSE bug 1198604 SUSE bug 1198606 SUSE bug 1198607 SUSE bug 1198610 SUSE bug 1198611 SUSE bug 1198612 SUSE bug 1198613 SUSE bug 1198629 SUSE bug 1199928 CVE-2021-46669 CVE-2022-21427 CVE-2022-27377 CVE-2022-27378 CVE-2022-27380 CVE-2022-27381 CVE-2022-27383 CVE-2022-27384 CVE-2022-27386 CVE-2022-27387 CVE-2022-27445 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python3 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). Important SUSE bug 1070738 SUSE bug 1198511 SUSE bug 1199441 CVE-2015-20107 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssl fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) Moderate SUSE bug 1200550 CVE-2022-2068 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) Moderate SUSE bug 1185637 SUSE bug 1199166 SUSE bug 1200550 CVE-2022-1292 CVE-2022-2068 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update of oracleasm fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Important SUSE bug 1198581 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssl-1_0_0 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) Moderate SUSE bug 1199166 SUSE bug 1200550 CVE-2022-1292 CVE-2022-2068 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). Important SUSE bug 1198511 CVE-2015-20107 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for sysstat fixes the following issues: Security issue fixed: - CVE-2019-19725: Fixed double free in check_file_actlst in sa_common.c (bsc#1159104). Bug fixes: - Enable log information of starting/stoping services. (bsc#1144923, jsc#SLE-5958) Moderate SUSE bug 1144923 SUSE bug 1159104 CVE-2019-19725 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update of dpdk fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Important SUSE bug 1198581 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 91.11.0 ESR (MFSA 2022-25) (bsc#1200793): - CVE-2022-2200: Undesired attributes could be set as part of prototype pollution (bmo#1771381) - CVE-2022-31744: CSP bypass enabling stylesheet injection (bmo#1757604) - CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI (bmo#1768537) - CVE-2022-34470: Use-after-free in nsSHistory (bmo#1765951) - CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being blocked (bmo#1770123) - CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a prompt (bmo#1773717) - CVE-2022-34479: A popup window could be resized in a way to overlay the address bar with web content (bmo#1745595) - CVE-2022-34481: Potential integer overflow in ReplaceElementsAt (bmo#1497246) - CVE-2022-34484: Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11 (bmo#1763634, bmo#1772651) Important SUSE bug 1200793 CVE-2022-2200 CVE-2022-31744 CVE-2022-34468 CVE-2022-34470 CVE-2022-34472 CVE-2022-34478 CVE-2022-34479 CVE-2022-34481 CVE-2022-34484 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). Important SUSE bug 1201099 CVE-2022-2097 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update of crash fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Important SUSE bug 1198581 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for rsyslog fixes the following issues: - CVE-2022-24903: fix potential heap buffer overflow in modules for TCP syslog reception (bsc#1199061) Important SUSE bug 1199061 CVE-2022-24903 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) Important SUSE bug 1199232 CVE-2022-1586 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xorg-x11-server fixes the following issues: - CVE-2022-2319: Fixed out-of-bounds access in _CheckSetSections() (ZDI-CAN-16062) (bsc#1194179). - CVE-2022-2320: Fixed out-of-bounds access in CheckSetDeviceIndicators() (ZDI-CAN-16070) (bsc#1194181). Important SUSE bug 1194179 SUSE bug 1194181 CVE-2022-2319 CVE-2022-2320 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for squid fixes the following issues: - CVE-2020-25097: Fixed HTTP Request Smuggling (bsc#1183436) - CVE-2021-28651: Fixed DoS in URN processing (bsc#1185921) - CVE-2021-46784: Fixed DoS when processing gopher server responses (bsc#1200907) Important SUSE bug 1183436 SUSE bug 1185921 SUSE bug 1200907 CVE-2020-25097 CVE-2021-28651 CVE-2021-46784 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bsc#1177282) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space (bsc#1200144). - CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux kernel by simulating nfc device from user-space (bsc#1200143). - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1184: Fixed a use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (bsc#1198577). - CVE-2022-21499: Lock down kgdb to prohibit secure-boot bypass (bsc#1199426). - CVE-2019-19377: Fixed a user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image (bsc#1158266). The following non-security bugs were fixed: - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - exec: Force single empty string when argv is empty (bsc#1200571). Important SUSE bug 1158266 SUSE bug 1162338 SUSE bug 1162369 SUSE bug 1173871 SUSE bug 1177282 SUSE bug 1194013 SUSE bug 1196901 SUSE bug 1198577 SUSE bug 1199426 SUSE bug 1199487 SUSE bug 1199507 SUSE bug 1199657 SUSE bug 1200059 SUSE bug 1200143 SUSE bug 1200144 SUSE bug 1200249 SUSE bug 1200571 SUSE bug 1200599 SUSE bug 1200604 SUSE bug 1200605 SUSE bug 1200608 SUSE bug 1200619 SUSE bug 1200692 SUSE bug 1200762 SUSE bug 1201050 SUSE bug 1201080 SUSE bug 1201251 CVE-2019-19377 CVE-2020-26541 CVE-2021-26341 CVE-2021-4157 CVE-2022-1184 CVE-2022-1679 CVE-2022-1729 CVE-2022-1974 CVE-2022-1975 CVE-2022-20132 CVE-2022-20141 CVE-2022-20154 CVE-2022-21499 CVE-2022-2318 CVE-2022-26365 CVE-2022-29900 CVE-2022-29901 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33981 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for webkit2gtk3 fixes the following issues: Update to version 2.36.4 (bsc#1201221): - CVE-2022-22662: Processing maliciously crafted web content may disclose sensitive user information. - CVE-2022-22677: The video in a webRTC call may be interrupted if the audio capture gets interrupted. - CVE-2022-26710: Processing maliciously crafted web content may lead to arbitrary code execution. Important SUSE bug 1201221 CVE-2022-22662 CVE-2022-22677 CVE-2022-26710 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python-M2Crypto fixes the following issues: - CVE-2020-25657: Fixed Bleichenbacher timing attacks in the RSA decryption API (bsc#1178829). Important SUSE bug 1178829 CVE-2020-25657 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225). Important SUSE bug 1201225 CVE-2022-34903 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u332 - April 2022 CPU (icedtea-3.23.0) - CVE-2022-21426: Better XPath expression handling (bsc#1198672) - CVE-2022-21443: Improved Object Identification (bsc#1198675) - CVE-2022-21434: Better invocation handler handling (bsc#1198674) - CVE-2022-21476: Improve Santuario processing (bsc#1198671) - CVE-2022-21496: Improve URL supports (bsc#1198673) And further Security fixes, Import of OpenJDK 8 u332, Backports and Bug fixes. Important SUSE bug 1198671 SUSE bug 1198672 SUSE bug 1198673 SUSE bug 1198674 SUSE bug 1198675 CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21476 CVE-2022-21496 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to fix various issues: FIPS 140-3 enablement patches were backported from SUSE Linux Enterprise 15. - FIPS: add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980). - FIPS: mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298). - FISP: remove hard disabling of unapproved algorithms. This requirement is now fulfilled by the service level indicator (bsc#1200325). Version update to NSS 3.79 - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls. - Update mercurial in clang-format docker image. - Use of uninitialized pointer in lg_init after alloc fail. - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo. - Add SECMOD_LockedModuleHasRemovableSlots. - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP. - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts. - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version. - Correct invalid record inner and outer content type alerts. - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding. - improve error handling after nssCKFWInstance_CreateObjectHandle. - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. - NSS 3.79 should depend on NSPR 4.34 Update to NSS 3.78.1 - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple update to NSS 3.78 - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests. - Reworked overlong record size checks and added TLS1.3 specific boundaries. - Add ECH Grease Support to tstclnt - Add a strict variant of moz::pkix::CheckCertHostname. - Change SSL_REUSE_SERVER_ECDHE_KEY default to false. - Make SEC_PKCS12EnableCipher succeed - Update zlib in NSS to 1.2.12. Update to NSS 3.77: - resolve mpitests build failure on Windows. - Fix link to TLS page on wireshark wiki - Add two D-TRUST 2020 root certificates. - Add Telia Root CA v2 root certificate. - Remove expired explicitly distrusted certificates from certdata.txt. - support specific RSA-PSS parameters in mozilla::pkix - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. - Remove token member from NSSSlot struct. - Provide secure variants of mpp_pprime and mpp_make_prime. - Support UTF-8 library path in the module spec string. - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. - Add a CI Target for gcc-11. - Change to makefiles for gcc-4.8. - Update googletest to 1.11.0 - Add SetTls13GreaseEchSize to experimental API. - TLS 1.3 Illegal legacy_version handling/alerts. - Fix calculation of ECH HRR Transcript. - Allow ld path to be set as environment variable. - Ensure we don't read uninitialized memory in ssl gtests. - Fix DataBuffer Move Assignment. - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 - rework signature verification in mozilla::pkix update to NSS 3.76.1 - Remove token member from NSSSlot struct. NSS 3.76 - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. - Check return value of PK11Slot_GetNSSToken. - Use Wycheproof JSON for RSASSA-PSS - Add SHA256 fingerprint comments to old certdata.txt entries. - Avoid truncating files in nss-release-helper.py. - Throw illegal_parameter alert for illegal extensions in handshake message. update to NSS 3.75 - Make DottedOIDToCode.py compatible with python3. - Avoid undefined shift in SSL_CERT_IS while fuzzing. - Remove redundant key type check. - Update ABI expectations to match ECH changes. - Enable CKM_CHACHA20. - check return on NSS_NoDB_Init and NSS_Shutdown. - real move assignment operator. - Run ECDSA test vectors from bltest as part of the CI tests. - Add ECDSA test vectors to the bltest command line tool. - Allow to build using clang's integrated assembler. - Allow to override python for the build. - test HKDF output rather than input. - Use ASSERT macros to end failed tests early. - move assignment operator for DataBuffer. - Add test cases for ECH compression and unexpected extensions in SH. - Update tests for ECH-13. - Tidy up error handling. - Add tests for ECH HRR Changes. - Server only sends GREASE HRR extension if enabled by preference. - Update generation of the Associated Data for ECH-13. - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello. - Allow for compressed, non-contiguous, extensions. - Scramble the PSK extension in CHOuter. - Split custom extension handling for ECH. - Add ECH-13 HRR Handling. - Client side ECH padding. - Stricter ClientHelloInner Decompression. - Remove ECH_inner extension, use new enum format. - Update the version number for ECH-13 and adjust the ECHConfig size. Update to NSS 3.74: - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses - Ensure clients offer consistent ciphersuites after HRR - NSS does not properly restrict server keys based on policy - Set nssckbi version number to 2.54 - Replace Google Trust Services LLC (GTS) R4 root certificate - Replace Google Trust Services LLC (GTS) R3 root certificate - Replace Google Trust Services LLC (GTS) R2 root certificate - Replace Google Trust Services LLC (GTS) R1 root certificate - Replace GlobalSign ECC Root CA R4 - Remove Expired Root Certificates - DST Root CA X3 - Remove Expiring Cybertrust Global Root and GlobalSign root certificates - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate - Add iTrusChina ECC root certificate - Add iTrusChina RSA root certificate - Add ISRG Root X2 root certificate - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate - Avoid a clang 13 unused variable warning in opt build - Check for missing signedData field - Ensure DER encoded signatures are within size limits - enable key logging option (bsc#1195040) Update to NSS 3.73.1: - Add SHA-2 support to mozilla::pkix's OSCP implementation Update to NSS 3.73 - check for missing signedData field. - Ensure DER encoded signatures are within size limits. - NSS needs FiPS 140-3 version indicators. - pkix_CacheCert_Lookup doesn't return cached certs - sunset Coverity from NSS MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures Update to NSS 3.72 - Fix nsinstall parallel failure. - Increase KDF cache size to mitigate perf regression in about:logins Update to NSS 3.71 - Set nssckbi version number to 2.52. - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py - Import of PKCS#12 files with Camellia encryption is not supported - Add HARICA Client ECC Root CA 2021. - Add HARICA Client RSA Root CA 2021. - Add HARICA TLS ECC Root CA 2021. - Add HARICA TLS RSA Root CA 2021. - Add TunTrust Root CA certificate to NSS. update to NSS 3.70 - Update test case to verify fix. - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback - Avoid using a lookup table in nssb64d. - Use HW accelerated SHA2 on AArch64 Big Endian. - Change default value of enableHelloDowngradeCheck to true. - Cache additional PBE entries. - Read HPKE vectors from official JSON. Update to NSS 3.69.1 - Disable DTLS 1.0 and 1.1 by default - integrity checks in key4.db not happening on private components with AES_CBC NSS 3.69 - Disable DTLS 1.0 and 1.1 by default (backed out again) - integrity checks in key4.db not happening on private components with AES_CBC (backed out again) - SSL handling of signature algorithms ignores environmental invalid algorithms. - sqlite 3.34 changed it's open semantics, causing nss failures. - Gtest update changed the gtest reports, losing gtest details in all.sh reports. - NSS incorrectly accepting 1536 bit DH primes in FIPS mode - SQLite calls could timeout in starvation situations. - Coverity/cpp scanner errors found in nss 3.67 - Import the NSS documentation from MDN in nss/doc. - NSS using a tempdir to measure sql performance not active - FIPS: scan LD_LIBRARY_PATH for external libraries to be checksummed. - Run test suite at build time, and make it pass (bsc#1198486). - Enable FIPS during test certificate creation and disables the library checksum validation during same. - FIPS: allow checksumming to be disabled, but only if we entered FIPS mode due to NSS_FIPS being set, not if it came from /proc. - FIPS: This makes the PBKDF known answer test compliant with NIST SP800-132. - FIPS: update validation string to version-release format. (bsc#1192079). - FIPS: remove XCBC MAC from list of FIPS approved algorithms. - Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build. - FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080). - FIPS: allow testing of unapproved algorithms (bsc#1192228). - FIPS: adds FIPS version indicators. (bmo#1729550, bsc#1192086). - FIPS: Add CSP clearing (bmo#1697303, bsc#1192087). mozilla-nspr was updated to version 4.34: * add an API that returns a preferred loopback IP on hosts that have two IP stacks available. update to 4.33: * fixes to build system and export of private symbols Moderate SUSE bug 1191546 SUSE bug 1192079 SUSE bug 1192080 SUSE bug 1192086 SUSE bug 1192087 SUSE bug 1192228 SUSE bug 1193170 SUSE bug 1195040 SUSE bug 1198486 SUSE bug 1198980 SUSE bug 1200325 SUSE bug 1201298 CVE-2021-43527 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for git fixes the following issues: - CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree (bsc#1201431). - Allow to opt-out from the check added in the security fix for CVE-2022-24765 (bsc#1200119) Important SUSE bug 1200119 SUSE bug 1201431 CVE-2022-29187 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_7_1-ibm fixes the following issues: Update to Java 7.1 Service Refresh 5 Fix Pack 10 (bsc#1201643), including fixes for: - CVE-2022-21476 (bsc#1198671), CVE-2022-21449 (bsc#1198670), CVE-2022-21496 (bsc#1198673), CVE-2022-21434 (bsc#1198674), CVE-2022-21426 (bsc#1198672), CVE-2022-21443 (bsc#1198675), CVE-2021-35561 (bsc#1191912), CVE-2022-21299 (bsc#1194931). Important SUSE bug 1191912 SUSE bug 1194931 SUSE bug 1198670 SUSE bug 1198671 SUSE bug 1198672 SUSE bug 1198673 SUSE bug 1198674 SUSE bug 1198675 SUSE bug 1201643 CVE-2021-35561 CVE-2022-21299 CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21449 CVE-2022-21476 CVE-2022-21496 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 7 Fix Pack 10 (bsc#1201643), including fixes for: - CVE-2022-21476 (bsc#1198671), CVE-2022-21449 (bsc#1198670), CVE-2022-21496 (bsc#1198673), CVE-2022-21434 (bsc#1198674), CVE-2022-21426 (bsc#1198672), CVE-2022-21443 (bsc#1198675), CVE-2021-35561 (bsc#1191912), CVE-2022-21299 (bsc#1194931). Important SUSE bug 1191912 SUSE bug 1194931 SUSE bug 1198670 SUSE bug 1198671 SUSE bug 1198672 SUSE bug 1198673 SUSE bug 1198674 SUSE bug 1198675 SUSE bug 1201643 CVE-2021-35561 CVE-2022-21299 CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21449 CVE-2022-21476 CVE-2022-21496 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xen fixes the following issues: - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966). - CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549). - CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965). - CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394). - CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469). Important SUSE bug 1199965 SUSE bug 1199966 SUSE bug 1200549 SUSE bug 1201394 SUSE bug 1201469 CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-23816 CVE-2022-23825 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVE-2022-29900 CVE-2022-33745 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for pcre2 fixes the following issues: - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). Important SUSE bug 1199235 CVE-2022-1587 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for samba fixes the following issues: - CVE-2022-32742: Fixed incorrect length check in SMB1write, SMB1write_and_close, SMB1write_and_unlock (bsc#1201496). Moderate SUSE bug 1201496 CVE-2022-32742 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.12.0 ESR (bsc#1201758): - CVE-2022-36319: Mouse Position spoofing with CSS transforms - CVE-2022-36318: Directory indexes for bundled resources reflected URL parameters Important SUSE bug 1201758 CVE-2022-36318 CVE-2022-36319 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for dovecot22 fixes the following issues: - CVE-2022-30550: Fixed privilege escalation in dovecot when similar master and non-master passdbs are used (bsc#1201267). Important SUSE bug 1201267 CVE-2022-30550 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for qpdf fixes the following issues: - CVE-2022-34503: Fixed a heap buffer overflow via the function QPDF::processXRefStream (bsc#1201830). - CVE-2021-36978: Fixed heap-based buffer overflow in Pl_ASCII85Decoder::write (bsc#1188514). Important SUSE bug 1188514 SUSE bug 1201830 CVE-2021-36978 CVE-2022-34503 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for samba fixes the following issues: - CVE-2021-44142: Fixed out-of-Bound Read/Write on Samba vfs_fruit module. (bsc#1194859) Critical SUSE bug 1194859 CVE-2021-44142 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for mokutil fixes the following issues: - Adds SBAT revocation support to mokutil. (bsc#1198458) New options added (see manpage): - mokutil --sbat List all entries in SBAT. - mokutil --set-sbat-policy (latest | previous | delete) To set the SBAT acceptance policy. - mokutil --list-sbat-revocations To list the current SBAT revocations. Moderate SUSE bug 1198458 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT (bnc#1201636). - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829). The following non-security bugs were fixed: - Add missing recommends of kernel-install-tools to kernel-source-vanilla (bsc#1200442) - cifs: On cifs_reconnect, resolve the hostname again (bsc#1201926). - cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1201926). - cifs: To match file servers, make sure the server hostname matches (bsc#1201926). - cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1201926). - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1201926). - cifs: set a minimum of 120s for next dns resolution (bsc#1201926). - cifs: use the expiry output of dns_query to schedule next resolution (bsc#1201926). - kernel-binary.spec: Support radio selection for debuginfo. To disable debuginfo on 5.18 kernel a radio selection needs to be switched to a different selection. This requires disabling the currently active option and selecting NONE as debuginfo type. - kvm: emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - pahole 1.22 required for full BTF features. also recommend pahole for kernel-source to make the kernel buildable with standard config - rpm/*.spec.in: remove backtick usage - rpm/constraints.in: skip SLOW_DISK workers for kernel-source - rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775) - rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut module (bsc#1195775) - rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484). Important SUSE bug 1195775 SUSE bug 1195926 SUSE bug 1198484 SUSE bug 1198829 SUSE bug 1200442 SUSE bug 1201050 SUSE bug 1201635 SUSE bug 1201636 SUSE bug 1201926 SUSE bug 1201930 CVE-2021-26341 CVE-2021-33655 CVE-2021-33656 CVE-2022-1462 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for curl fixes the following issues: - CVE-2022-27781: Fixed an issue where curl will get stuck in an infinite loop when trying to retrieve details about a TLS server's certificate chain (bnc#1199223). - CVE-2022-27782: Fixed an issue where TLS and SSH connections would be reused even when a related option had been changed (bsc#1199224). - CVE-2022-32206: Fixed an uncontrolled memory consumption issue caused by an unbounded number of compression layers (bsc#1200735). - CVE-2022-32208: Fixed an incorrect message verification issue when performing FTP transfers using krb5 (bsc#1200737). Important SUSE bug 1199223 SUSE bug 1199224 SUSE bug 1200735 SUSE bug 1200737 CVE-2022-27781 CVE-2022-27782 CVE-2022-32206 CVE-2022-32208 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_8_0-openjdk fixes the following issues: - Updated to version jdk8u345 (icedtea-3.24.0) - CVE-2022-21540: Fixed a potential Java sandbox bypass (bsc#1201694). - CVE-2022-21541: Fixed a potential Java sandbox bypass (bsc#1201692). - CVE-2022-34169: Fixed an issue where arbitrary bytecode could be executed via a malicious stylesheet (bsc#1201684). - Non-security fixes: - Allowed for customization of PKCS12 keystores (bsc#1195163). Important SUSE bug 1195163 SUSE bug 1201684 SUSE bug 1201692 SUSE bug 1201694 CVE-2022-21540 CVE-2022-21541 CVE-2022-34169 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for compat-openssl098 fixes the following issues: - Fixed a regression caused by unknown option passed to 'openssl x509' from c_rehash Important SUSE bug 1201283 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220809 release (bsc#1201727): - CVE-2022-21233: Fixed an issue where stale data may have been leaked from the legacy xAPIC MMIO region, which could be used to compromise an SGX enclave (INTEL-SA-00657). See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html Other fixes: - Update for functional issues. See also: https://www.intel.com/content/www/us/en/processors/xeon/scalable/xeon-scalable-spec-update.html?wapkw=processor+specification+update - Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | SKX-SP | B1 | 06-55-03/97 | 0100015d | 0100015e | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon D-21xx | ICX-SP | D0 | 06-6a-06/87 | 0d000363 | 0d000375 | Xeon Scalable Gen3 | GLK | B0 | 06-7a-01/01 | 0000003a | 0000003c | Pentium Silver N/J5xxx, Celeron N/J4xxx | GLK-R | R0 | 06-7a-08/01 | 0000001e | 00000020 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 000000b0 | 000000b2 | Core Gen10 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000026 | 00000028 | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 0000003e | 00000040 | Core Gen11 Mobile | RKL-S | B0 | 06-a7-01/02 | 00000053 | 00000054 | Core Gen11 | ADL | C0 | 06-97-02/03 | 0000001f | 00000022 | Core Gen12 | ADL | C0 | 06-97-05/03 | 0000001f | 00000022 | Core Gen12 | ADL | L0 | 06-9a-03/80 | 0000041c | 00000421 | Core Gen12 | ADL | L0 | 06-9a-04/80 | 0000041c | 00000421 | Core Gen12 | ADL | C0 | 06-bf-02/03 | 0000001f | 00000022 | Core Gen12 | ADL | C0 | 06-bf-05/03 | 0000001f | 00000022 | Core Gen12 ------------------------------------------------------------------ Moderate SUSE bug 1201727 CVE-2022-21233 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). Important SUSE bug 1202175 CVE-2022-37434 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for rsync fixes the following issues: - CVE-2022-29154: Fixed an arbitrary file write issue that could be triggered by a malicious remote server (bsc#1201840). Important SUSE bug 1201840 CVE-2022-29154 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_7_1-ibm fixes the following issues: - Updated to Java 7.1 Service Refresh 5 Fix Pack 15 (bsc#1202427): - CVE-2022-34169: Fixed an integer truncation issue in the Xalan Java XSLT library that occurred when processing malicious stylesheets (bsc#1201684). - CVE-2022-21549: Fixed an issue that could lead to computing negative random exponentials (bsc#1201685). - CVE-2022-21541: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201692). - CVE-2022-21540: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201694). Important SUSE bug 1201684 SUSE bug 1201685 SUSE bug 1201692 SUSE bug 1201694 SUSE bug 1202427 CVE-2022-21540 CVE-2022-21541 CVE-2022-21549 CVE-2022-34169 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 7 Fix Pack 11 (bsc#1202427): - CVE-2022-34169: Fixed an integer truncation issue in the Xalan Java XSLT library that occurred when processing malicious stylesheets (bsc#1201684). - CVE-2022-21549: Fixed an issue that could lead to computing negative random exponentials (bsc#1201685). - CVE-2022-21541: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201692). - CVE-2022-21540: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201694). Important SUSE bug 1201684 SUSE bug 1201685 SUSE bug 1201692 SUSE bug 1201694 SUSE bug 1202427 CVE-2022-21540 CVE-2022-21541 CVE-2022-21549 CVE-2022-34169 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for bluez fixes the following issues: - CVE-2019-8922: Fixed a buffer overflow in the implementation of the Service Discovery Protocol (bsc#1193227). Important SUSE bug 1193227 CVE-2019-8922 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libcroco fixes the following issues: - CVE-2020-12825: Fixed an uncontrolled recursion issue (bsc#1171685). Important SUSE bug 1171685 CVE-2020-12825 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for gstreamer-plugins-good fixes the following issues: - CVE-2022-1920: Fixed integer overflow in WavPack header handling code (bsc#1201688). - CVE-2022-1921: Fixed integer overflow resulting in heap corruption in avidemux element (bsc#1201693). - CVE-2022-1922: Fixed integer overflows in mkv demuxing (bsc#1201702). - CVE-2022-1923: Fixed integer overflows in mkv demuxing using bzip (bsc#1201704). - CVE-2022-1924: Fixed integer overflows in mkv demuxing using lzo (bsc#1201706). - CVE-2022-1925: Fixed integer overflows in mkv demuxing using HEADERSTRIP (bsc#1201707). - CVE-2022-2122: Fixed integer overflows in qtdemux using zlib (bsc#1201708). Important SUSE bug 1201688 SUSE bug 1201693 SUSE bug 1201702 SUSE bug 1201704 SUSE bug 1201706 SUSE bug 1201707 SUSE bug 1201708 CVE-2022-1920 CVE-2022-1921 CVE-2022-1922 CVE-2022-1923 CVE-2022-1924 CVE-2022-1925 CVE-2022-2122 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for postgresql10 fixes the following issues: - Upgrade to 10.22: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368). Important SUSE bug 1202368 CVE-2022-2625 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for webkit2gtk3 fixes the following issues: - Update to version 2.36.5 (bsc#1201980): - Add support for PAC proxy in the WebDriver implementation. - Fix video playback when loaded through custom URIs, this fixes video playback in the Yelp documentation browser. - Fix WebKitWebView::context-menu when using GTK4. - Fix LTO builds with GCC. - Fix several crashes and rendering issues. - Security fixes: - CVE-2022-32792: Fixed processing maliciously crafted web content may lead to arbitrary code execution. - CVE-2022-32816: Fixed visiting a website that frames malicious content may lead to UI spoofing. Important SUSE bug 1201980 CVE-2022-32792 CVE-2022-32816 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for open-vm-tools fixes the following issues: - Updated to version 12.1.0 (build 20219665) (bsc#1202733): - CVE-2022-31676: Fixed an issue that could allow unprivileged users inside a virtual machine to escalate privileges (bsc#1202657). Important SUSE bug 1202657 SUSE bug 1202733 CVE-2022-31676 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for net-snmp fixes the following issues: - CVE-2020-15862: Make extended MIB read-only (bsc#1174961) Important SUSE bug 1100146 SUSE bug 1145864 SUSE bug 1152968 SUSE bug 1174961 SUSE bug 1178021 SUSE bug 1178351 SUSE bug 1179009 SUSE bug 1179699 SUSE bug 1184839 CVE-2020-15862 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for json-c fixes the following issues: - CVE-2020-12762: Fixed an integer overflow that could lead to memory corruption via a large JSON file (bsc#1171479). Non-security fixes: - Updated to version 0.12.1 (jsc#PED-1778). Important SUSE bug 1171479 CVE-2020-12762 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.13.0 ESR (bsc#1202645): - CVE-2022-38472: Fixed a potential address bar spoofing via XSLT error handling. - CVE-2022-38473: Fixed an issue where cross-origin XSLT documents could inherit the parent's permissions. - CVE-2022-38478: Fixed various memory safety issues. Important SUSE bug 1202645 CVE-2022-38472 CVE-2022-38473 CVE-2022-38478 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libgda fixes the following issues: - CVE-2021-39359: Enabled TLS certificate verification (bsc#1189849). Important SUSE bug 1189849 CVE-2021-39359 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for webkit2gtk3 fixes the following issues: - Updated to version 2.36.7 (bsc#1202807): - CVE-2022-32893: Fixed an issue that would be triggered when processing malicious web content and that could lead to arbitrary code execution. - Fixed several crashes and rendering issues. - Updated to version 2.36.6: - Fixed handling of touchpad scrolling on GTK4 builds - Fixed WebKitGTK not allowing to be used from non-main threads (bsc#1202169). - Fixed several crashes and rendering issues Important SUSE bug 1202169 SUSE bug 1202807 CVE-2022-32893 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for clamav fixes the following issues: clamav was updated to 0.103.7 (bsc#1202986) * Upgrade the vendored UnRAR library to version 6.1.7. * Fix logical signature 'Intermediates' feature. * Relax constraints on slightly malformed zip archives that contain overlapping file entries. Important SUSE bug 1202986 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_8_0-ibm fixes the following issues: Note: the issues listed below were NOT fixed with the previous update (8.0-7.11). - Update to Java 8.0 Service Refresh 7 Fix Pack 15 (bsc#1202427): - CVE-2022-34169: Fixed an integer truncation issue in the Xalan Java XSLT library that occurred when processing malicious stylesheets (bsc#1201684). - CVE-2022-21549: Fixed an issue that could lead to computing negative random exponentials (bsc#1201685). - CVE-2022-21541: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201692). - CVE-2022-21540: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201694).. Important SUSE bug 1201684 SUSE bug 1201685 SUSE bug 1201692 SUSE bug 1201694 SUSE bug 1202427 CVE-2022-21540 CVE-2022-21541 CVE-2022-21549 CVE-2022-34169 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for udisks2 fixes the following issues: - CVE-2021-3802: Fixed insecure defaults in user-accessible mount helpers (bsc#1190606). - Fixed vulnerability that allowed mounting ext4 devices over existing entries in fstab (bsc#1098797). Moderate SUSE bug 1098797 SUSE bug 1190606 CVE-2021-3802 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for postgresql12 fixes the following issues: - Update to 12.12: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368). Important SUSE bug 1198166 SUSE bug 1202368 CVE-2022-2625 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for postgresql14 fixes the following issues: - Upgrade to version 14.5: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368). - Upgrade to version 14.4 (bsc#1200437) - Release notes: https://www.postgresql.org/docs/release/14.4/ - Release announcement: https://www.postgresql.org/about/news/p-2470/ - Prevent possible corruption of indexes created or rebuilt with the CONCURRENTLY option (bsc#1200437) - Pin to llvm13 until the next patchlevel update (bsc#1198166) Important SUSE bug 1198166 SUSE bug 1200437 SUSE bug 1202368 CVE-2022-2625 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: Mozilla Firefox was updated to 102.2.0esr ESR: * Fixed: Various stability, functionality, and security fixes. - MFSA 2022-34 (bsc#1202645) * CVE-2022-38472 (bmo#1769155) Address bar spoofing via XSLT error handling * CVE-2022-38473 (bmo#1771685) Cross-origin XSLT Documents would have inherited the parent's permissions * CVE-2022-38476 (bmo#1760998) Data race and potential use-after-free in PK11_ChangePW * CVE-2022-38477 (bmo#1760611, bmo#1770219, bmo#1771159, bmo#1773363) Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2 * CVE-2022-38478 (bmo#1770630, bmo#1776658) Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2, and Firefox ESR 91.13 Firefox Extended Support Release 102.1 ESR * Fixed: Various stability, functionality, and security fixes. - MFSA 2022-30 (bsc#1201758) * CVE-2022-36319 (bmo#1737722) Mouse Position spoofing with CSS transforms * CVE-2022-36318 (bmo#1771774) Directory indexes for bundled resources reflected URL parameters * CVE-2022-36314 (bmo#1773894) Opening local <code>.lnk</code> files could cause unexpected network loads * CVE-2022-2505 (bmo#1769739, bmo#1772824) Memory safety bugs fixed in Firefox 103 and 102.1 - Firefox Extended Support Release 102.0.1 ESR * Fixed: Fixed bookmark shortcut creation by dragging to Windows File Explorer and dropping partially broken (bmo#1774683) * Fixed: Fixed bookmarks sidebar flashing white when opened in dark mode (bmo#1776157) * Fixed: Fixed multilingual spell checking not working with content in both English and a non-Latin alphabet (bmo#1773802) * Fixed: Developer tools: Fixed an issue where the console output keep getting scrolled to the bottom when the last visible message is an evaluation result (bmo#1776262) * Fixed: Fixed *Delete cookies and site data when Firefox is closed* checkbox getting disabled on startup (bmo#1777419) * Fixed: Various stability fixes Firefox 102.0 ESR: * New: - We now provide more secure connections: Firefox can now automatically upgrade to HTTPS using HTTPS RR as Alt-Svc headers. - For added viewing pleasure, full-range color levels are now supported for video playback on many systems. - Find it easier now! Mac users can now access the macOS share options from the Firefox File menu. - Voil?! Support for images containing ICC v4 profiles is enabled on macOS. - Firefox now supports the new AVIF image format, which is based on the modern and royalty-free AV1 video codec. It offers significant bandwidth savings for sites compared to existing image formats. It also supports transparency and other advanced features. - Firefox PDF viewer now supports filling more forms (e.g., XFA-based forms, used by multiple governments and banks). Learn more. - When available system memory is critically low, Firefox on Windows will automatically unload tabs based on their last access time, memory usage, and other attributes. This helps to reduce Firefox out-of-memory crashes. Forgot something? Switching to an unloaded tab automatically reloads it. - To prevent session loss for macOS users who are running Firefox from a mounted .dmg file, they’ll now be prompted to finish installation. Bear in mind, this permission prompt only appears the first time these users run Firefox on their computer. - For your safety, Firefox now blocks downloads that rely on insecure connections, protecting against potentially malicious or unsafe downloads. Learn more and see where to find downloads in Firefox. - Improved web compatibility for privacy protections with SmartBlock 3.0: In Private Browsing and Strict Tracking Protection, Firefox goes to great lengths to protect your web browsing activity from trackers. As part of this, the built- in content blocking will automatically block third-party scripts, images, and other content from being loaded from cross-site tracking companies reported by Disconnect. Learn more. - Introducing a new referrer tracking protection in Strict Tracking Protection and Private Browsing. This feature prevents sites from unknowingly leaking private information to trackers. Learn more. - Introducing Firefox Suggest, a feature that provides website suggestions as you type into the address bar. Learn more about this faster way to navigate the web and locale- specific features. - Firefox macOS now uses Apple's low-power mode for fullscreen video on sites such as YouTube and Twitch. This meaningfully extends battery life in long viewing sessions. Now your kids can find out what the fox says on a loop without you ever missing a beat… - With this release, power users can use about:unloads to release system resources by manually unloading tabs without closing them. - On Windows, there will now be fewer interruptions because Firefox won’t prompt you for updates. Instead, a background agent will download and install updates even if Firefox is closed. - On Linux, we’ve improved WebGL performance and reduced power consumption for many users. - To better protect all Firefox users against side-channel attacks, such as Spectre, we introduced Site Isolation. - Firefox no longer warns you by default when you exit the browser or close a window using a menu, button, or three-key command. This should cut back on unwelcome notifications, which is always nice—however, if you prefer a bit of notice, you’ll still have full control over the quit/close modal behavior. All warnings can be managed within Firefox Settings. No worries! More details here. - Firefox supports the new Snap Layouts menus when running on Windows 11. - RLBox—a new technology that hardens Firefox against potential security vulnerabilities in third-party libraries—is now enabled on all platforms. - We’ve reduced CPU usage on macOS in Firefox and WindowServer during event processing. - We’ve also reduced the power usage of software decoded video on macOS, especially in fullscreen. This includes streaming sites such as Netflix and Amazon Prime Video. - You can now move the Picture-in-Picture toggle button to the opposite side of the video. Simply look for the new context menu option Move Picture-in-Picture Toggle to Left (Right) Side. - We’ve made significant improvements in noise suppression and auto-gain-control, as well as slight improvements in echo-cancellation to provide you with a better overall experience. - We’ve also significantly reduced main-thread load. - When printing, you can now choose to print only the odd/even pages. - Firefox now supports and displays the new style of scrollbars on Windows 11. - Firefox has a new optimized download flow. Instead of prompting every time, files will download automatically. However, they can still be opened from the downloads panel with just one click. Easy! More information - Firefox no longer asks what to do for each file by default. You won’t be prompted to choose a helper application or save to disk before downloading a file unless you have changed your download action setting for that type of file. - Any files you download will be immediately saved on your disk. Depending on the current configuration, they’ll be saved in your preferred download folder, or you’ll be asked to select a location for each download. Windows and Linux users will find their downloaded files in the destination folder. They’ll no longer be put in the Temp folder. - Firefox allows users to choose from a number of built-in search engines to set as their default. In this release, some users who had previously configured a default engine might notice their default search engine has changed since Mozilla was unable to secure formal permission to continue including certain search engines in Firefox. - You can now toggle Narrate in ReaderMode with the keyboard shortcut 'n.' - You can find added support for search—with or without diacritics—in the PDF viewer. - The Linux sandbox has been strengthened: processes exposed to web content no longer have access to the X Window system (X11). - Firefox now supports credit card autofill and capture in Germany, France, and the United Kingdom. - We now support captions/subtitles display on YouTube, Prime Video, and Netflix videos you watch in Picture-in-Picture. Just turn on the subtitles on the in-page video player, and they will appear in PiP. - Picture-in-Picture now also supports video captions on websites that use Web Video Text Track (WebVTT) format (e.g., Coursera.org, Canadian Broadcasting Corporation, and many more). - On the first run after install, Firefox detects when its language does not match the operating system language and offers the user a choice between the two languages. - Firefox spell checking now checks spelling in multiple languages. To enable additional languages, select them in the text field’s context menu. - HDR video is now supported in Firefox on Mac—starting with YouTube! Firefox users on macOS 11+ (with HDR-compatible screens) can enjoy higher-fidelity video content. No need to manually flip any preferences to turn HDR video support on—just make sure battery preferences are NOT set to “optimize video streaming while on battery”. - Hardware-accelerated AV1 video decoding is enabled on Windows with supported GPUs (Intel Gen 11+, AMD RDNA 2 Excluding Navi 24, GeForce 30). Installing the AV1 Video Extension from the Microsoft Store may also be required. - Video overlay is enabled on Windows for Intel GPUs, reducing power usage during video playback. - Improved fairness between painting and handling other events. This noticeably improves the performance of the volume slider on Twitch. - Scrollbars on Linux and Windows 11 won't take space by default. On Linux, users can change this in Settings. On Windows, Firefox follows the system setting (System Settings > Accessibility > Visual Effects > Always show scrollbars). - Firefox now ignores less restricted referrer policies—including unsafe-url, no-referrer-when-downgrade, and origin-when-cross-origin—for cross-site subresource/iframe requests to prevent privacy leaks from the referrer. - Reading is now easier with the prefers-contrast media query, which allows sites to detect if the user has requested that web content is presented with a higher (or lower) contrast. - All non-configured MIME types can now be assigned a custom action upon download completion. - Firefox now allows users to use as many microphones as they want, at the same time, during video conferencing. The most exciting benefit is that you can easily switch your microphones at any time (if your conferencing service provider enables this flexibility). - Print preview has been updated. * Fixed: Various security fixes. - MFSA 2022-24 (bsc#1200793) * CVE-2022-34479 (bmo#1745595) A popup window could be resized in a way to overlay the address bar with web content * CVE-2022-34470 (bmo#1765951) Use-after-free in nsSHistory * CVE-2022-34468 (bmo#1768537) CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI * CVE-2022-34482 (bmo#845880) Drag and drop of malicious image could have led to malicious executable and potential code execution * CVE-2022-34483 (bmo#1335845) Drag and drop of malicious image could have led to malicious executable and potential code execution * CVE-2022-34476 (bmo#1387919) ASN.1 parser could have been tricked into accepting malformed ASN.1 * CVE-2022-34481 (bmo#1483699, bmo#1497246) Potential integer overflow in ReplaceElementsAt * CVE-2022-34474 (bmo#1677138) Sandboxed iframes could redirect to external schemes * CVE-2022-34469 (bmo#1721220) TLS certificate errors on HSTS-protected domains could be bypassed by the user on Firefox for Android * CVE-2022-34471 (bmo#1766047) Compromised server could trick a browser into an addon downgrade * CVE-2022-34472 (bmo#1770123) Unavailable PAC file resulted in OCSP requests being blocked * CVE-2022-34478 (bmo#1773717) Microsoft protocols can be attacked if a user accepts a prompt * CVE-2022-2200 (bmo#1771381) Undesired attributes could be set as part of prototype pollution * CVE-2022-34480 (bmo#1454072) Free of uninitialized pointer in lg_init * CVE-2022-34477 (bmo#1731614) MediaError message property leaked information on cross- origin same-site pages * CVE-2022-34475 (bmo#1757210) HTML Sanitizer could have been bypassed via same-origin script via use tags * CVE-2022-34473 (bmo#1770888) HTML Sanitizer could have been bypassed via use tags * CVE-2022-34484 (bmo#1763634, bmo#1772651) Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11 * CVE-2022-34485 (bmo#1768409, bmo#1768578) Memory safety bugs fixed in Firefox 102 Important SUSE bug 1200793 SUSE bug 1201758 SUSE bug 1202645 CVE-2022-2200 CVE-2022-2505 CVE-2022-34468 CVE-2022-34469 CVE-2022-34470 CVE-2022-34471 CVE-2022-34472 CVE-2022-34473 CVE-2022-34474 CVE-2022-34475 CVE-2022-34476 CVE-2022-34477 CVE-2022-34478 CVE-2022-34479 CVE-2022-34480 CVE-2022-34481 CVE-2022-34482 CVE-2022-34483 CVE-2022-34484 CVE-2022-34485 CVE-2022-36314 CVE-2022-36318 CVE-2022-36319 CVE-2022-38472 CVE-2022-38473 CVE-2022-38476 CVE-2022-38477 CVE-2022-38478 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-36946: Fixed a denial of service (panic) inside nfqnl_mangle in net/netfilter/nfnetlink_queue.c (bnc#1201940). - CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948). - CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898). - CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672). - CVE-2022-2639: Fixed an integer coercion error that was found in the openvswitch kernel module (bnc#1202154). - CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-21385: Fixed a flaw in net_rds_alloc_sgs() that allowed unprivileged local users to crash the machine (bnc#1202897). - CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347). - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346). - CVE-2022-20166: Fixed possible out of bounds write due to a heap buffer overflow in various methods of kernel base drivers (bnc#1200598). - CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535). - CVE-2020-36558: Fixed a race condition involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault (bnc#1200910). - CVE-2020-36557: Fixed a race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys that could have led to a use-after-free (bnc#1201429). - CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616). The following non-security bugs were fixed: - cifs: fix error paths in cifs_tree_connect() (bsc#1177440). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1188944). - cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440). - cifs: skip trailing separators of prefix paths (bsc#1188944). - kernel-obs-build: include qemu_fw_cfg (boo#1201705) - lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325). - mm/rmap.c: do not reuse anon_vma if we just want a copy (git-fixes, bsc#1203098). - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098). - net_sched: cls_route: disallow handle of 0 (bsc#1202393). - objtool: Add --backtrace support (bsc#1202396). - objtool: Add support for intra-function calls (bsc#1202396). - objtool: Allow no-op CFI ops in alternatives (bsc#1202396). - objtool: Convert insn type to enum (bsc#1202396). - objtool: Do not use ignore flag for fake jumps (bsc#1202396). - objtool: Fix !CFI insn_state propagation (bsc#1202396). - objtool: Fix ORC vs alternatives (bsc#1202396). - objtool: Fix sibling call detection (bsc#1202396). - objtool: Make handle_insn_ops() unconditional (bsc#1202396). - objtool: Remove INSN_STACK (bsc#1202396). - objtool: Remove check preventing branches within alternative (bsc#1202396). - objtool: Rename elf_open() to prevent conflict with libelf from elftoolchain (bsc#1202396). - objtool: Rename struct cfi_state (bsc#1202396). - objtool: Rework allocating stack_ops on decode (bsc#1202396). - objtool: Rewrite alt->skip_orig (bsc#1202396). - objtool: Set insn->func for alternatives (bsc#1202396). - objtool: Support conditional retpolines (bsc#1202396). - objtool: Support multiple stack_op per instruction (bsc#1202396). - objtool: Track original function across branches (bsc#1202396). - objtool: Uniquely identify alternative instruction groups (bsc#1202396). - objtool: Use Elf_Scn typedef instead of assuming struct name (bsc#1202396). - powerpc/pci: Fix broken INTx configuration via OF (bsc#1172145 ltc#184630 bsc#1200770 ltc#198666). - powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145 ltc#184630 bsc#1200770 ltc#198666). - powerpc/pci: Use of_irq_parse_and_map_pci() helper (bsc#1172145 ltc#184630 bsc#1200770 ltc#198666). - rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019). Important SUSE bug 1172145 SUSE bug 1177440 SUSE bug 1188944 SUSE bug 1191881 SUSE bug 1194535 SUSE bug 1196616 SUSE bug 1200598 SUSE bug 1200770 SUSE bug 1200910 SUSE bug 1201019 SUSE bug 1201420 SUSE bug 1201429 SUSE bug 1201705 SUSE bug 1201726 SUSE bug 1201940 SUSE bug 1201948 SUSE bug 1202096 SUSE bug 1202154 SUSE bug 1202346 SUSE bug 1202347 SUSE bug 1202393 SUSE bug 1202396 SUSE bug 1202672 SUSE bug 1202897 SUSE bug 1202898 SUSE bug 1203098 CVE-2020-36516 CVE-2020-36557 CVE-2020-36558 CVE-2021-4203 CVE-2022-20166 CVE-2022-20368 CVE-2022-20369 CVE-2022-21385 CVE-2022-2588 CVE-2022-26373 CVE-2022-2639 CVE-2022-2977 CVE-2022-3028 CVE-2022-36879 CVE-2022-36946 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xen fixes the following issues: - CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. (XSA-394) (bsc#1194581) - CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. (XSA-395) (bsc#1194588) Important SUSE bug 1194581 SUSE bug 1194588 CVE-2022-23034 CVE-2022-23035 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libsndfile fixes the following issues: - CVE-2021-4156: Fixed heap buffer overflow in flac_buffer_copy that could potentially lead to heap exploitation (bsc#1194006). Important SUSE bug 1194006 CVE-2021-4156 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for sqlite3 fixes the following issues: Security issues fixed: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). sqlite3 was update to 3.39.3: * Use a statement journal on DML statement affecting two or more database rows if the statement makes use of a SQL functions that might abort. * Use a mutex to protect the PRAGMA temp_store_directory and PRAGMA data_store_directory statements, even though they are decremented and documented as not being threadsafe. Update to 3.39.2: * Fix a performance regression in the query planner associated with rearranging the order of FROM clause terms in the presences of a LEFT JOIN. * Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and 1345947, forum post 3607259d3c, and other minor problems discovered by internal testing. [boo#1201783] Update to 3.39.1: * Fix an incorrect result from a query that uses a view that contains a compound SELECT in which only one arm contains a RIGHT JOIN and where the view is not the first FROM clause term of the query that contains the view * Fix a long-standing problem with ALTER TABLE RENAME that can only arise if the sqlite3_limit(SQLITE_LIMIT_SQL_LENGTH) is set to a very small value. * Fix a long-standing problem in FTS3 that can only arise when compiled with the SQLITE_ENABLE_FTS3_PARENTHESIS compile-time option. * Fix the initial-prefix optimization for the REGEXP extension so that it works correctly even if the prefix contains characters that require a 3-byte UTF8 encoding. * Enhance the sqlite_stmt virtual table so that it buffers all of its output. Update to 3.39.0: * Add (long overdue) support for RIGHT and FULL OUTER JOIN * Add new binary comparison operators IS NOT DISTINCT FROM and IS DISTINCT FROM that are equivalent to IS and IS NOT, respective, for compatibility with PostgreSQL and SQL standards * Add a new return code (value '3') from the sqlite3_vtab_distinct() interface that indicates a query that has both DISTINCT and ORDER BY clauses * Added the sqlite3_db_name() interface * The unix os interface resolves all symbolic links in database filenames to create a canonical name for the database before the file is opened * Defer materializing views until the materialization is actually needed, thus avoiding unnecessary work if the materialization turns out to never be used * The HAVING clause of a SELECT statement is now allowed on any aggregate query, even queries that do not have a GROUP BY clause * Many microoptimizations collectively reduce CPU cycles by about 2.3%. Update to 3.38.5: * Fix a blunder in the CLI of the 3.38.4 release Update to 3.38.4: * fix a byte-code problem in the Bloom filter pull-down optimization added by release 3.38.0 in which an error in the byte code causes the byte code engine to enter an infinite loop when the pull-down optimization encounters a NULL key Update to 3.38.3: * Fix a case of the query planner be overly aggressive with optimizing automatic-index and Bloom-filter construction, using inappropriate ON clause terms to restrict the size of the automatic-index or Bloom filter, and resulting in missing rows in the output. * Other minor patches. See the timeline for details. Update to 3.38.2: * Fix a problem with the Bloom filter optimization that might cause an incorrect answer when doing a LEFT JOIN with a WHERE clause constraint that says that one of the columns on the right table of the LEFT JOIN is NULL. * Other minor patches. - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). Update to 3.38.1: * Fix problems with the new Bloom filter optimization that might cause some obscure queries to get an incorrect answer. * Fix the localtime modifier of the date and time functions so that it preserves fractional seconds. * Fix the sqlite_offset SQL function so that it works correctly even in corner cases such as when the argument is a virtual column or the column of a view. * Fix row value IN operator constraints on virtual tables so that they work correctly even if the virtual table implementation relies on bytecode to filter rows that do not satisfy the constraint. * Other minor fixes to assert() statements, test cases, and documentation. See the source code timeline for details. Update to 3.38.0 * Add the -> and ->> operators for easier processing of JSON * The JSON functions are now built-ins * Enhancements to date and time functions * Rename the printf() SQL function to format() for better compatibility, with alias for backwards compatibility. * Add the sqlite3_error_offset() interface for helping localize an SQL error to a specific character in the input SQL text * Enhance the interface to virtual tables * CLI columnar output modes are enhanced to correctly handle tabs and newlines embedded in text, and add options like '--wrap N', '--wordwrap on', and '--quote' to the columnar output modes. * Query planner enhancements using a Bloom filter to speed up large analytic queries, and a balanced merge tree to evaluate UNION or UNION ALL compound SELECT statements that have an ORDER BY clause. * The ALTER TABLE statement is changed to silently ignores entries in the sqlite_schema table that do not parse when PRAGMA writable_schema=ON Update to 3.37.2: * Fix a bug introduced in version 3.35.0 (2021-03-12) that can cause database corruption if a SAVEPOINT is rolled back while in PRAGMA temp_store=MEMORY mode, and other changes are made, and then the outer transaction commits * Fix a long-standing problem with ON DELETE CASCADE and ON UPDATE CASCADE in which a cache of the bytecode used to implement the cascading change was not being reset following a local DDL change Update to 3.37.1: * Fix a bug introduced by the UPSERT enhancements of version 3.35.0 that can cause incorrect byte-code to be generated for some obscure but valid SQL, possibly resulting in a NULL- pointer dereference. * Fix an OOB read that can occur in FTS5 when reading corrupt database files. * Improved robustness of the --safe option in the CLI. * Other minor fixes to assert() statements and test cases. Update to 3.37.0: * STRICT tables provide a prescriptive style of data type management, for developers who prefer that kind of thing. * When adding columns that contain a CHECK constraint or a generated column containing a NOT NULL constraint, the ALTER TABLE ADD COLUMN now checks new constraints against preexisting rows in the database and will only proceed if no constraints are violated. * Added the PRAGMA table_list statement. * Add the .connection command, allowing the CLI to keep multiple database connections open at the same time. * Add the --safe command-line option that disables dot-commands and SQL statements that might cause side-effects that extend beyond the single database file named on the command-line. * CLI: Performance improvements when reading SQL statements that span many lines. * Added the sqlite3_autovacuum_pages() interface. * The sqlite3_deserialize() does not and has never worked for the TEMP database. That limitation is now noted in the documentation. * The query planner now omits ORDER BY clauses on subqueries and views if removing those clauses does not change the semantics of the query. * The generate_series table-valued function extension is modified so that the first parameter ('START') is now required. This is done as a way to demonstrate how to write table-valued functions with required parameters. The legacy behavior is available using the -DZERO_ARGUMENT_GENERATE_SERIES compile-time option. * Added new sqlite3_changes64() and sqlite3_total_changes64() interfaces. * Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2(). * Use less memory to hold the database schema. * bsc#1189802, CVE-2021-36690: Fix an issue with the SQLite Expert extension when a column has no collating sequence. Moderate SUSE bug 1189802 SUSE bug 1195773 SUSE bug 1201783 CVE-2021-36690 CVE-2022-35737 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: Mozilla Firefox was updated from 102.2.0esr to 102.3.0esr (bsc#1203477): - CVE-2022-40959: Fixed bypassing FeaturePolicy restrictions on transient pages. - CVE-2022-40960: Fixed data-race when parsing non-UTF-8 URLs in threads. - CVE-2022-40958: Fixed bypassing secure context restriction for cookies with __Host and __Secure prefix. - CVE-2022-40956: Fixed content-security-policy base-uri bypass. - CVE-2022-40957: Fixed incoherent instruction cache when building WASM on ARM64. - CVE-2022-40962: Fixed memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3. Important SUSE bug 1203477 CVE-2022-40956 CVE-2022-40957 CVE-2022-40958 CVE-2022-40959 CVE-2022-40960 CVE-2022-40962 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). Important SUSE bug 1203438 CVE-2022-40674 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for krb5-appl fixes the following issues: - CVE-2022-39028: Fixed NULL pointer dereference in krb5-appl telnetd (bsc#1203759). Important SUSE bug 1203759 CVE-2022-39028 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for webkit2gtk3 fixes the following issues: Updated to version 2.36.8 (bsc#1203530): - CVE-2022-32886: Fixed a buffer overflow issue that could potentially lead to code execution. - CVE-2022-32912: Fixed an out-of-bounds read that could potentially lead to code execution. Important SUSE bug 1203530 CVE-2022-32886 CVE-2022-32912 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for bind fixes the following issues: - CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations (bsc#1203614). - CVE-2022-38177: Fixed a memory leak that could be externally triggered in the DNSSEC verification code for the ECDSA algorithm (bsc#1203619). - CVE-2022-38178: Fixed memory leaks that could be externally triggered in the DNSSEC verification code for the EdDSA algorithm (bsc#1203620). Important SUSE bug 1203614 SUSE bug 1203619 SUSE bug 1203620 CVE-2022-2795 CVE-2022-38177 CVE-2022-38178 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python3 fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). Important SUSE bug 1202624 CVE-2021-28861 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for squid fixes the following issues: - CVE-2022-41317: Fixed exposure of sensitive information in cache manager (bsc#1203677). - CVE-2022-41318: Fixed buffer overread in SSPI and SMB Authentication (bsc#1203680). Important SUSE bug 1203677 SUSE bug 1203680 CVE-2022-41317 CVE-2022-41318 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for postgresql-jdbc fixes the following issues: - CVE-2022-31197: Fixed SQL injection vulnerability (bsc#1202170). Important SUSE bug 1202170 CVE-2022-31197 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). Important SUSE bug 1202624 CVE-2021-28861 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for clamav fixes the following issues: - CVE-2022-20698: Fixed invalid pointer read allowing denial of service crash. (bsc#1194731) Important SUSE bug 1194731 CVE-2022-20698 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated The following security bugs were fixed: - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-2503: Fixed a bug in dm-verity, device-mapper table reloads allowed users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allowed root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates (bnc#1202677). - CVE-2022-39188: Fixed a race condition where a device driver can free a page while it still has stale TLB entries. (bnc#1203107). - CVE-2022-2663: Fixed an issue which allowed a firewall to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured (bnc#1202097). The following non-security bugs were fixed: - dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages. - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still be possible to do so that the mitigation can still be disabled on Intel who do not use the return thunks but IBRS. Important SUSE bug 1201309 SUSE bug 1202097 SUSE bug 1202385 SUSE bug 1202677 SUSE bug 1202960 SUSE bug 1203107 SUSE bug 1203552 CVE-2022-2503 CVE-2022-2663 CVE-2022-3239 CVE-2022-39188 CVE-2022-41218 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for tiff fixes the following issues: - CVE-2022-2519: Fixed a double free in rotateImage() (bsc#1202968). - CVE-2022-2520: Fixed a assertion failure in rotateImage() (bsc#1202973). - CVE-2022-2521: Fixed invalid free in TIFFClose() (bsc#1202971). - CVE-2022-2867: Fixed out of bounds read and write in tiffcrop.c (bsc#1202466). - CVE-2022-2868: Fixed out of bounds read in reverseSamples16bits() (bsc#1202467). - CVE-2022-2869: Fixed out of bounds read and write in extractContigSamples8bits() (bsc#1202468). - CVE-2022-34526: Fixed stack overflow in the _TIFFVGetField function of Tiffsplit (bsc#1202026). Important SUSE bug 1201723 SUSE bug 1201971 SUSE bug 1202026 SUSE bug 1202466 SUSE bug 1202467 SUSE bug 1202468 SUSE bug 1202968 SUSE bug 1202971 SUSE bug 1202973 CVE-2022-0561 CVE-2022-2519 CVE-2022-2520 CVE-2022-2521 CVE-2022-2867 CVE-2022-2868 CVE-2022-2869 CVE-2022-34266 CVE-2022-34526 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). Critical SUSE bug 1204357 CVE-2022-3515 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). - CVE-2022-0322: Fixed SCTP issue with account stream padding length for reconf chunk (bsc#1194985). - CVE-2021-45486: Fixed information leak inside the IPv4 implementation caused by very small hash table (bnc#1194087). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767). - CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bnc#1192847) - CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bsc#1192845) - CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194529). - CVE-2021-4197: Use cgroup open-time credentials for process migraton perm checks (bsc#1194302). - CVE-2021-4159: Fixed kernel ptr leak vulnerability via BPF in coerce_reg_to_size (bsc#1194227). - CVE-2021-4149: Fixed btrfs unlock newly allocated extent buffer after error (bsc#1194001). - CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1193727). - CVE-2021-4002: Fixed a missing TLB flush that could lead to leak or corruption of data in hugetlbfs. (bsc#1192946) - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2021-3564: Fixed double-free memory corruption in the Linux kernel HCI device initialization subsystem that could have been used by attaching malicious HCI TTY Bluetooth devices. A local user could use this flaw to crash the system (bnc#1186207). - CVE-2021-33098: Fixed a potential denial of service in Intel(R) Ethernet ixgbe driver due to improper input validation. (bsc#1192877) - CVE-2021-28715: Fixed issue with xen/netback to do not queue unlimited number of packages (XSA-392) (bsc#1193442). - CVE-2021-28714: Fixed issue with xen/netback to add rx queue stall detection (XSA-392) (bsc#1193442). - CVE-2021-28713: Fixed issue with xen/console to harden hvc_xen against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-28712: Fixed issue with xen/netfront to harden netfront against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-28711: Fixed issue with xen/blkfront to harden blkfront against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-0935: Fixed possible out of bounds write in ip6_xmit of ip6_output.c due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192032). - CVE-2021-0920: Fixed use after free bug due to a race condition in unix_scm_to_skb of af_unix.c. This could have led to local escalation of privilege with System execution privileges needed (bnc#1193731). - CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device. (bsc#1179599) - CVE-2019-15126: Fixed a vulnerability in Broadcom and Cypress Wi-Fi chips, used in RPi family of devices aka 'Kr00k'. (bsc#1167162) - CVE-2018-25020: Fixed an overflow in the BPF subsystem due to a mishandling of a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions. This affects kernel/bpf/core.c and net/core/filter.c (bnc#1193575). The following non-security bugs were fixed: - Bluetooth: fix the erroneous flush_work() order (git-fixes). - Build: Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731). - elfcore: fix building with clang (bsc#1169514). - fget: clarify and improve __fget_files() implementation (bsc#1193727). - hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (bsc#1193507). - hv_netvsc: Set needed_headroom according to VF (bsc#1193507). - kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740). - kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable. - kernel-binary.spec: Define $image as rpm macro (bsc#1189841). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167). - kernel-binary.spec: Fix kernel-default-base scriptlets after packaging merge. - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well (bsc#1189841). - kernel-cert-subpackage: Fix certificate location in scriptlets (bsc#1189841). - kernel-source.spec: install-kernel-tools also required on 15.4 - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229). - kprobes: Limit max data_size of the kretprobe instances (bsc#1193669). - livepatch: Avoid CPU hogging with cond_resched (bsc#1071995). - memstick: rtsx_usb_ms: fix UAF (bsc#1194516). - moxart: fix potential use-after-free on remove path (bsc#1194516). - net: Using proper atomic helper (bsc#1186222). - net: mana: Add RX fencing (bsc#1193507). - net: mana: Add XDP support (bsc#1193507). - net: mana: Allow setting the number of queues while the NIC is down (bsc#1193507). - net: mana: Fix spelling mistake 'calledd' -> 'called' (bsc#1193507). - net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (bsc#1193507). - net: mana: Improve the HWC error handling (bsc#1193507). - net: mana: Support hibernation and kexec (bsc#1193507). - net: mana: Use kcalloc() instead of kzalloc() (bsc#1193507). - objtool: Support Clang non-section symbols in ORC generation (bsc#1169514). - post.sh: detect /usr mountpoint too - recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267). - recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267). - rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to use kmod with ZSTD support on non-Tumbleweed. - rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804). - rpm/kernel-binary.spec.in: do not strip vmlinux again (bsc#1193306) After usrmerge, vmlinux file is not named vmlinux-&lt;version>, but simply vmlinux. And this is not reflected in STRIP_KEEP_SYMTAB we set. So fix this by removing the dash... - rpm/kernel-binary.spec: Use only non-empty certificates. - rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305) - rpm/kernel-source.rpmlintrc: ignore new include/config files In 5.13, since 0e0345b77ac4, config files have no longer .h suffix. Adapt the zero-length check. Based on Martin Liska's change. - rpm/kernel-source.spec.in: do some more for vanilla_only Make sure: * sources are NOT executable * env is not used as interpreter * timestamps are correct We do all this for normal kernel builds, but not for vanilla_only kernels (linux-next and vanilla). - rpm: fixup support gz and zst compression methods (bsc#1190428, bsc#1190358). - rpm: use _rpmmacrodir (boo#1191384) - tty: hvc: replace BUG_ON() with negative return value (git-fixes). - vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888). - watchdog: iTCO_wdt: Export vendorsupport (bsc#1177101). - watchdog: iTCO_wdt: Make ICH_RES_IO_SMI optional (bsc#1177101). - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (bsc#1169514). - xen/blkfront: do not take local copy of a request from the ring page (git-fixes). - xen/blkfront: do not trust the backend response data blindly (git-fixes). - xen/blkfront: read response from backend only once (git-fixes). - xen/netfront: disentangle tx_skb_freelist (git-fixes). - xen/netfront: do not read data from request on the ring page (git-fixes). - xen/netfront: do not trust the backend response data blindly (git-fixes). - xen/netfront: read response from backend only once (git-fixes). - xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). Important SUSE bug 1071995 SUSE bug 1124431 SUSE bug 1167162 SUSE bug 1169514 SUSE bug 1172073 SUSE bug 1177101 SUSE bug 1179599 SUSE bug 1184804 SUSE bug 1185377 SUSE bug 1186207 SUSE bug 1186222 SUSE bug 1187167 SUSE bug 1189305 SUSE bug 1189841 SUSE bug 1190358 SUSE bug 1190428 SUSE bug 1191229 SUSE bug 1191384 SUSE bug 1191731 SUSE bug 1192032 SUSE bug 1192267 SUSE bug 1192740 SUSE bug 1192845 SUSE bug 1192847 SUSE bug 1192877 SUSE bug 1192946 SUSE bug 1193306 SUSE bug 1193440 SUSE bug 1193442 SUSE bug 1193507 SUSE bug 1193575 SUSE bug 1193669 SUSE bug 1193727 SUSE bug 1193731 SUSE bug 1193767 SUSE bug 1193861 SUSE bug 1193864 SUSE bug 1193867 SUSE bug 1194001 SUSE bug 1194048 SUSE bug 1194087 SUSE bug 1194227 SUSE bug 1194302 SUSE bug 1194516 SUSE bug 1194529 SUSE bug 1194880 SUSE bug 1194888 SUSE bug 1194985 SUSE bug 1195254 CVE-2018-25020 CVE-2019-15126 CVE-2020-27820 CVE-2021-0920 CVE-2021-0935 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-33098 CVE-2021-3564 CVE-2021-39648 CVE-2021-39657 CVE-2021-4002 CVE-2021-4083 CVE-2021-4149 CVE-2021-4197 CVE-2021-4202 CVE-2021-43975 CVE-2021-43976 CVE-2021-44733 CVE-2021-45095 CVE-2021-45486 CVE-2022-0322 CVE-2022-0330 CVE-2022-0435 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for multipath-tools fixes the following issues: - CVE-2022-41974: Fixed an authorization bypass issue in multipathd. (bsc#1202739) - Avoid linking to libreadline to avoid licensing issue (bsc#1202616) Important SUSE bug 1202616 SUSE bug 1202739 SUSE bug 1204325 CVE-2022-41974 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). Important SUSE bug 1201978 SUSE bug 1204366 SUSE bug 1204367 CVE-2016-3709 CVE-2022-40303 CVE-2022-40304 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for bluez fixes the following issues: - CVE-2019-8921: Fixed heap-based buffer overflow via crafted request (bsc#1193237). - CVE-2016-9803: Fixed memory leak (bsc#1013885). Important SUSE bug 1013885 SUSE bug 1193237 CVE-2016-9803 CVE-2019-8921 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: Updated to version 102.4.0 ESR (bsc#1204421): - CVE-2022-42927: Fixed same-origin policy violation that could have leaked cross-origin URLs. - CVE-2022-42928: Fixed memory Corruption in JS Engine. - CVE-2022-42929: Fixed denial of Service via window.print. - CVE-2022-42932: Fixed memory safety bugs. Important SUSE bug 1204421 CVE-2022-42927 CVE-2022-42928 CVE-2022-42929 CVE-2022-42932 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for telnet fixes the following issues: - CVE-2022-39028: Fixed NULL pointer dereference in telnetd (bsc#1203759). Important SUSE bug 1203759 CVE-2022-39028 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update fixes the following issues: golang-github-lusitaniae-apache_exporter: - Update to upstream release 0.11.0 (jsc#SLE-24791) * Add TLS support * Switch to logger, please check --log.level and --log.format flags - Update to version 0.10.1 * Bugfix: Reset ProxyBalancer metrics on each scrape to remove stale data - Update to version 0.10.0 * Add Apache Proxy and other metrics - Update to version 0.8.0 * Change commandline flags * Add metrics: Apache version, request duration total - Adapted to build on Enterprise Linux 8 - Require building with Go 1.15 - Add %license macro for LICENSE file golang-github-prometheus-alertmanager: - Do not include sources (bsc#1200725) golang-github-prometheus-node_exporter: - CVE-2022-21698: Denial of service using InstrumentHandlerCounter. (bsc#1196338, jsc#SLE-24243, jsc#SUMA-114) grafana: - Update to version 8.3.10 + Security: * CVE-2022-31097: Cross Site Scripting vulnerability in the Unified Alerting (bsc#1201535) * CVE-2022-31107: OAuth account takeover vulnerability (bsc#1201539) - Update to version 8.3.9 + Bug fixes: * Geomap: Display legend * Prometheus: Fix timestamp truncation - Update to version 8.3.7 + Bug fix: * Provisioning: Ensure that the default value for orgID is set when provisioning datasources to be deleted. - Update to version 8.3.6 + Features and enhancements: * Cloud Monitoring: Reduce request size when listing labels. * Explore: Show scalar data result in a table instead of graph. * Snapshots: Updates the default external snapshot server URL. * Table: Makes footer not overlap table content. * Tempo: Add request histogram to service graph datalink. * Tempo: Add time range to tempo search query behind a feature flag. * Tempo: Auto-clear results when changing query type. * Tempo: Display start time in search results as relative time. * CloudMonitoring: Fix resource labels in query editor. * Cursor sync: Apply the settings without saving the dashboard. * LibraryPanels: Fix for Error while cleaning library panels. * Logs Panel: Fix timestamp parsing for string dates without timezone. * Prometheus: Fix some of the alerting queries that use reduce/math operation. * TablePanel: Fix ad-hoc variables not working on default datasources. * Text Panel: Fix alignment of elements. * Variables: Fix for constant variables in self referencing links. - Update to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422, jsc#SLE-24565) kiwi-desc-saltboot: - Update to version 0.1.1661440542.6cbe0da * Use standard susemanager.conf * Use salt bundle * Add support fo VirtIO disks mgr-daemon: - Version 4.3.6-1 * Update translation strings spacecmd: - Version 4.3.15-1 * Process date values in spacecmd api calls (bsc#1198903) spacewalk-client-tools: - Version 4.3.12-1 * Update translation strings uyuni-common-libs: - Version 4.3.6-1 * Do not allow creating path if nonexistent user or group in fileutils. Moderate SUSE bug 1196338 SUSE bug 1198903 SUSE bug 1200725 SUSE bug 1201535 SUSE bug 1201539 CVE-2022-21698 CVE-2022-31097 CVE-2022-31107 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies (bsc#1202593). - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). Important SUSE bug 1202593 SUSE bug 1204383 CVE-2022-32221 CVE-2022-35252 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) Important SUSE bug 1200800 SUSE bug 1201680 CVE-2021-46828 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openjpeg2 fixes the following issues: - CVE-2018-21010: Fixed heap buffer overflow in color_apply_icc_profile in bin/common/color.c (bsc#1149789). - CVE-2020-27824: Fixed OOB read in opj_dwt_calc_explicit_stepsizes() (bsc#1179821). - CVE-2020-27842: Fixed null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c (bsc#1180043). - CVE-2020-27843: Fixed out-of-bounds read in opj_t2_encode_packet function in openjp2/t2.c (bsc#1180044). - CVE-2020-27845: Fixed heap-based buffer over-read in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c (bsc#1180046). Important SUSE bug 1149789 SUSE bug 1179821 SUSE bug 1180043 SUSE bug 1180044 SUSE bug 1180046 CVE-2018-21010 CVE-2020-27824 CVE-2020-27842 CVE-2020-27843 CVE-2020-27845 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). Important SUSE bug 1087072 SUSE bug 1204111 SUSE bug 1204112 SUSE bug 1204113 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690). Critical SUSE bug 1204690 CVE-2021-46848 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xorg-x11-server fixes the following issues: - CVE-2022-3550: Fixed out of bounds read/write in _GetCountedString() (bsc#1204412). - CVE-2022-3551: Fixed various leaks of the return value of GetComponentSpec() (bsc#1204416). Important SUSE bug 1204412 SUSE bug 1204416 CVE-2022-3550 CVE-2022-3551 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). Important SUSE bug 1204708 CVE-2022-43680 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for glibc fixes the following issues: - CVE-2015-8985: Fixed assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625) - x86: fix stack alignment in pthread_cond_[timed]wait (bsc#1196852) - Recognize ppc64p7 arch to build for power7 Moderate SUSE bug 1193625 SUSE bug 1196852 CVE-2015-8985 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libvirt fixes the following issues: - CVE-2021-4147: libxl: Fix libvirtd deadlocks and segfaults. (bsc#1194041) - CVE-2021-3975: Add missing lock in qemuProcessHandleMonitorEOF. (bsc#1192876) Important SUSE bug 1192876 SUSE bug 1193981 SUSE bug 1194041 CVE-2021-3975 CVE-2021-4147 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for sudo fixes the following issues: Security fixes: - CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a password of seven characters or fewer and using the crypt() password backend (bsc#1204986). Other: - Make sure SIGCHLD is not ignored when sudo is executed; fixes race condition (bsc#1203201). - Change sudo-ldap schema from ASCII to UTF8 (bsc#1197998). Important SUSE bug 1197998 SUSE bug 1203201 SUSE bug 1204986 CVE-2022-43995 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xen fixes the following issues: - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806). - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807). - CVE-2021-28689: Fixed speculative vulnerabilities with bare (non-shim) 32-bit PV guests (bsc#1185104). - CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory (bsc#1204482) - CVE-2022-42309: xen: Xenstore: Guests can crash xenstored (bsc#1204485) - CVE-2022-42310: xen: Xenstore: Guests can create orphaned Xenstore nodes (bsc#1204487) - CVE-2022-42319: xen: Xenstore: Guests can cause Xenstore to not free temporary memory (bsc#1204488) - CVE-2022-42320: xen: Xenstore: Guests can get access to Xenstore nodes of deleted domains (bsc#1204489) - CVE-2022-42321: xen: Xenstore: Guests can crash xenstored via exhausting the stack (bsc#1204490) - CVE-2022-42322,CVE-2022-42323: xen: Xenstore: cooperating guests can create arbitrary numbers of nodes (bsc#1204494) - CVE-2022-42325,CVE-2022-42326: xen: Xenstore: Guests can create arbitrary number of nodes via transactions (bsc#1204496) - xen: Frontends vulnerable to backends (bsc#1193923) Important SUSE bug 1185104 SUSE bug 1193923 SUSE bug 1203806 SUSE bug 1203807 SUSE bug 1204482 SUSE bug 1204485 SUSE bug 1204487 SUSE bug 1204488 SUSE bug 1204489 SUSE bug 1204490 SUSE bug 1204494 SUSE bug 1204496 CVE-2021-28689 CVE-2022-33746 CVE-2022-33748 CVE-2022-42309 CVE-2022-42310 CVE-2022-42311 CVE-2022-42312 CVE-2022-42313 CVE-2022-42314 CVE-2022-42315 CVE-2022-42316 CVE-2022-42317 CVE-2022-42318 CVE-2022-42319 CVE-2022-42320 CVE-2022-42321 CVE-2022-42322 CVE-2022-42323 CVE-2022-42325 CVE-2022-42326 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 102.5.0 ESR (MFSA 2022-48, bsc#1205270): - CVE-2022-45403: Service Workers might have learned size of cross-origin media files - CVE-2022-45404: Fullscreen notification bypass - CVE-2022-45405: Use-after-free in InputStream implementation - CVE-2022-45406: Use-after-free of a JavaScript Realm - CVE-2022-45408: Fullscreen notification bypass via windowName - CVE-2022-45409: Use-after-free in Garbage Collection - CVE-2022-45410: ServiceWorker-intercepted requests bypassed SameSite cookie policy - CVE-2022-45411: Cross-Site Tracing was possible via non-standard override headers - CVE-2022-45412: Symlinks may resolve to partially uninitialized buffers - CVE-2022-45416: Keystroke Side-Channel Leakage - CVE-2022-45418: Custom mouse cursor could have been drawn over browser UI - CVE-2022-45420: Iframe contents could be rendered outside the iframe - CVE-2022-45421: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5 Important SUSE bug 1205270 CVE-2022-45403 CVE-2022-45404 CVE-2022-45405 CVE-2022-45406 CVE-2022-45408 CVE-2022-45409 CVE-2022-45410 CVE-2022-45411 CVE-2022-45412 CVE-2022-45416 CVE-2022-45418 CVE-2022-45420 CVE-2022-45421 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for tiff fixes the following issues: - CVE-2022-3597: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204641). - CVE-2022-3599: Fixed out-of-bounds read in writeSingleSection in tools/tiffcrop.c (bnc#1204643). - CVE-2022-3626: Fixed out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c (bnc#1204644) - CVE-2022-3627: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204645). - CVE-2022-3970: Fixed unsigned integer overflow in TIFFReadRGBATileExt() (bnc#1205392). Important SUSE bug 1204641 SUSE bug 1204643 SUSE bug 1204644 SUSE bug 1204645 SUSE bug 1205392 CVE-2022-3597 CVE-2022-3599 CVE-2022-3626 CVE-2022-3627 CVE-2022-3970 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for pixman fixes the following issues: - CVE-2022-44638: Fixed an integer overflow in pixman_sample_floor_y leading to heap out-of-bounds write (bsc#1205033). Important SUSE bug 1205033 CVE-2022-44638 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python3 fixes the following issues: - CVE-2020-10735: Fixed possible DoS when converting text to int and vice versa (bsc#1203125). - CVE-2022-45061: Fixed possible DoS when IDNA decoding extremely long domain names (bsc#1205244). Important SUSE bug 1203125 SUSE bug 1205244 CVE-2020-10735 CVE-2022-45061 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for exiv2 fixes the following issues: - CVE-2019-13112: Fixed an uncontrolled memory allocation in PngChunk:parseChunkContent causing denial of service. (bsc#1142681) - CVE-2021-37620: Fixed out-of-bounds read in XmpTextValue:read(). (bsc#1189332) - CVE-2021-34334: Fixed a DoS due to integer overflow in loop counter. (bsc#1189338) - CVE-2021-31291: Fixed a heap-based buffer overflow vulnerability in jp2image.cpp may lead to a denial of service via crafted metadata (bsc#1188733). - CVE-2021-32815: Fixed a deny-of-service due to assertion failure in crwimage_int.cpp (bsc#1189337). - CVE-2018-20097: Fixed SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroupsu (bsc#1119562). - CVE-2021-29457: Fixed a heap buffer overflow when write metadata into a crafted image file (bsc#1185002). - CVE-2021-29473: Fixed out-of-bounds read in Exiv2::Jp2Image:doWriteMetadata (bsc#1186231). Important SUSE bug 1119562 SUSE bug 1142681 SUSE bug 1185002 SUSE bug 1186231 SUSE bug 1188733 SUSE bug 1189332 SUSE bug 1189337 SUSE bug 1189338 CVE-2018-20097 CVE-2019-13112 CVE-2021-29457 CVE-2021-29473 CVE-2021-31291 CVE-2021-32815 CVE-2021-34334 CVE-2021-37620 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for busybox fixes the following issues: - CVE-2014-9645: Fixed loading of unwanted modules with / (bsc#914660). - CVE-2017-16544: Fixed insufficient sanitization of filenames when autocompleting (bsc#1069412). - CVE-2015-9261: Fixed huft_build misuses a pointer, causing segfaults (bsc#1102912). - CVE-2016-2147: Fixed out of bounds write (heap) due to integer underflow in udhcpc (bsc#970663). - CVE-2016-2148: Fixed heap-based buffer overflow in OPTION_6RD parsing (bsc#970662). - CVE-2016-6301: Fixed NTP server denial of service flaw (bsc#991940). - CVE-2017-15873: Fixed integer overflow in get_next_block function in archival/libarchive/decompress_bunzip2.c (bsc#1064976). - CVE-2017-15874: Fixed integer overflow in archival/libarchive/decompress_unlzma (bsc#1064978). - CVE-2019-5747: Fixed out of bounds read in udhcp components (bsc#1121428). - CVE-2021-42373, CVE-2021-42374, CVE-2021-42375, CVE-2021-42376, CVE-2021-42377, CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386: v1.34.0 bugfixes (bsc#1192869). - CVE-2021-28831: Fixed invalid free or segmentation fault via malformed gzip data (bsc#1184522). - CVE-2018-20679: Fixed out of bounds read in udhcp (bsc#1121426). - CVE-2018-1000517: Fixed heap-based buffer overflow in the retrieve_file_data() (bsc#1099260). - CVE-2011-5325: Fixed tar directory traversal (bsc#951562). - CVE-2018-1000500: Fixed missing SSL certificate validation in wget (bsc#1099263). - Update to 1.35.0 - awk: fix printf %%, fix read beyond end of buffer - chrt: silence analyzer warning - libarchive: remove duplicate forward declaration - mount: 'mount -o rw ....' should not fall back to RO mount - ps: fix -o pid=PID,args interpreting entire 'PID,args' as header - tar: prevent malicious archives with long name sizes causing OOM - udhcpc6: fix udhcp_find_option to actually find DHCP6 options - xxd: fix -p -r - support for new optoins added to basename, cpio, date, find, mktemp, wget and others - Enable fdisk (jsc#CAR-16) - Update to 1.34.1: * build system: use SOURCE_DATE_EPOCH for timestamp if available * many bug fixes and new features * touch: make FEATURE_TOUCH_NODEREF unconditional - update to 1.33.1: * httpd: fix sendfile * ash: fix HISTFILE corruptio * ash: fix unset variable pattern expansion * traceroute: fix option parsing * gunzip: fix for archive corruption - Update to version 1.33.0 - many bug fixes and new features - Update to version 1.32.1 - fixes a case where in ash, 'wait' never finishes. - prepare usrmerge (bsc#1029961) - Enable testsuite and package it for later rerun (for QA, jsc#CAR-15) - Update to version 1.31.1: + Bug fix release. 1.30.1 has fixes for dc, ash (PS1 expansion fix), hush, dpkg-deb, telnet and wget. - Changes from version 1.31.0: + many bugfixes and new features. - Add busybox-no-stime.patch: stime() has been deprecated in glibc 2.31 and replaced with clock_settime(). - update to 1.25.1: * fixes for hush, gunzip, ip route, ntpd - includes changes from 1.25.0: * many added and expanded implementations of command options - includes changes from 1.24.2: * fixes for build system (static build with glibc fixed), truncate, gunzip and unzip. - Update to version 1.24.1 * for a full list of changes see http://www.busybox.net/news.html - Refresh busybox.install.patch - Update to 1.23.2 * for a full list of changes see http://www.busybox.net/news.html - Cleaned up spec file with spec-cleaner - Refreshed patches - update to 1.22.1: Many updates and fixes for most included tools, see see http://www.busybox.net/news.html Important SUSE bug 1029961 SUSE bug 1064976 SUSE bug 1064978 SUSE bug 1069412 SUSE bug 1099260 SUSE bug 1099263 SUSE bug 1102912 SUSE bug 1121426 SUSE bug 1121428 SUSE bug 1184522 SUSE bug 1191514 SUSE bug 1192869 SUSE bug 914660 SUSE bug 951562 SUSE bug 970662 SUSE bug 970663 SUSE bug 991940 CVE-2011-5325 CVE-2014-9645 CVE-2015-9261 CVE-2016-2147 CVE-2016-2148 CVE-2016-6301 CVE-2017-15873 CVE-2017-15874 CVE-2017-16544 CVE-2018-1000500 CVE-2018-1000517 CVE-2018-20679 CVE-2019-5747 CVE-2021-28831 CVE-2021-42373 CVE-2021-42374 CVE-2021-42375 CVE-2021-42376 CVE-2021-42377 CVE-2021-42378 CVE-2021-42379 CVE-2021-42380 CVE-2021-42381 CVE-2021-42382 CVE-2021-42383 CVE-2021-42384 CVE-2021-42385 CVE-2021-42386 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python fixes the following issues: - CVE-2022-45061: Fixed a quadratic IDNA decoding time (bsc#1205244). The following non-security bug was fixed: - Making compileall.py compliant with year 2038, backport of fix to Python 2.7 (bsc#1202666, gh#python/cpython#79171). Important SUSE bug 1202666 SUSE bug 1205244 CVE-2022-45061 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for binutils fixes the following issues: The following security bugs were fixed: - CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcpp_file.h (bsc#1142579). - CVE-2021-3530: Fixed stack-based buffer overflow in demangle_path() in rust-demangle.c (bsc#1185597). - CVE-2021-3648: Fixed infinite loop while demangling rust symbols (bsc#1188374). - CVE-2021-3826: Fixed heap/stack buffer overflow in the dlang_lname function in d-demangle.c (bsc#1202969). - CVE-2021-45078: Fixed out-of-bounds write in stab_xcoff_builtin_type() in stabs.c (bsc#1193929). - CVE-2021-46195: Fixed uncontrolled recursion in libiberty/rust-demangle.c (bsc#1194783). - CVE-2022-27943: Fixed stack exhaustion in demangle_const in (bsc#1197592). - CVE-2022-38126: Fixed assertion fail in the display_debug_names() function in binutils/dwarf.c (bsc#1202966). - CVE-2022-38127: Fixed NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c (bsc#1202967). - CVE-2022-38533: Fixed heap out-of-bounds read in bfd_getl32 (bsc#1202816). The following non-security bugs were fixed: - SLE toolchain update of binutils, update to 2.39 from 2.37. - Update to 2.39: * The ELF linker will now generate a warning message if the stack is made executable. Similarly it will warn if the output binary contains a segment with all three of the read, write and execute permission bits set. These warnings are intended to help developers identify programs which might be vulnerable to attack via these executable memory regions. The warnings are enabled by default but can be disabled via a command line option. It is also possible to build a linker with the warnings disabled, should that be necessary. * The ELF linker now supports a --package-metadata option that allows embedding a JSON payload in accordance to the Package Metadata specification. * In linker scripts it is now possible to use TYPE=<type> in an output section description to set the section type value. * The objdump program now supports coloured/colored syntax highlighting of its disassembler output for some architectures. (Currently: AVR, RiscV, s390, x86, x86_64). * The nm program now supports a --no-weak/-W option to make it ignore weak symbols. * The readelf and objdump programs now support a -wE option to prevent them from attempting to access debuginfod servers when following links. * The objcopy program's --weaken, --weaken-symbol, and --weaken-symbols options now works with unique symbols as well. - Update to 2.38: * elfedit: Add --output-abiversion option to update ABIVERSION. * Add support for the LoongArch instruction set. * Tools which display symbols or strings (readelf, strings, nm, objdump) have a new command line option which controls how unicode characters are handled. By default they are treated as normal for the tool. Using --unicode=locale will display them according to the current locale. Using --unicode=hex will display them as hex byte values, whilst --unicode=escape will display them as escape sequences. In addition using --unicode=highlight will display them as unicode escape sequences highlighted in red (if supported by the output device). * readelf -r dumps RELR relative relocations now. * Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been added to objcopy in order to enable UEFI development using binutils (bsc#1198458). * ar: Add --thin for creating thin archives. -T is a deprecated alias without diagnostics. In many ar implementations -T has a different meaning, as specified by X/Open System Interface. * Add support for AArch64 system registers that were missing in previous releases. * Add support for the LoongArch instruction set. * Add a command-line option, -muse-unaligned-vector-move, for x86 target to encode aligned vector move as unaligned vector move. * Add support for Cortex-R52+ for Arm. * Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64. * Add support for Cortex-A710 for Arm. * Add support for Scalable Matrix Extension (SME) for AArch64. * The --multibyte-handling=[allow|warn|warn-sym-only] option tells the assembler what to when it encoutners multibyte characters in the input. The default is to allow them. Setting the option to 'warn' will generate a warning message whenever any multibyte character is encountered. Using the option to 'warn-sym-only' will make the assembler generate a warning whenever a symbol is defined containing multibyte characters. (References to undefined symbols will not generate warnings). * Outputs of .ds.x directive and .tfloat directive with hex input from x86 assembler have been reduced from 12 bytes to 10 bytes to match the output of .tfloat directive. * Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in AArch64 GAS. * Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS. * Add support for Intel AVX512_FP16 instructions. * Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF linker to pack relative relocations in the DT_RELR section. * Add support for the LoongArch architecture. * Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF linker to control canonical function pointers and copy relocation. * Add --max-cache-size=SIZE to set the the maximum cache size to SIZE bytes. - Fixed regression that prevented .ko.debug to be loaded in crash tool (bsc#1191908). - Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes. - Add gprofng subpackage. - Include recognition of 'z16' name for 'arch14' on s390. (bsc#1198237). - Add back fix for bsc#1191473, which got lost in the update to 2.38. - Install symlinks for all target specific tools on arm-eabi-none (bsc#1185712). - Enable PRU architecture for AM335x CPU (Beagle Bone Black board) Important SUSE bug 1142579 SUSE bug 1185597 SUSE bug 1185712 SUSE bug 1188374 SUSE bug 1191473 SUSE bug 1191908 SUSE bug 1193929 SUSE bug 1194783 SUSE bug 1197592 SUSE bug 1198237 SUSE bug 1198458 SUSE bug 1202816 SUSE bug 1202966 SUSE bug 1202967 SUSE bug 1202969 CVE-2019-1010204 CVE-2021-3530 CVE-2021-3648 CVE-2021-3826 CVE-2021-45078 CVE-2021-46195 CVE-2022-27943 CVE-2022-38126 CVE-2022-38127 CVE-2022-38533 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 Security fixes: - CVE-2022-32888: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205121). - CVE-2022-32923: Fixed possible information leak via maliciously crafted web content (bsc#1205122). - CVE-2022-42799: Fixed user interface spoofing when visiting a malicious website (bsc#1205123). - CVE-2022-42823: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205120). - CVE-2022-42824: Fixed possible sensitive user information leak via maliciously crafted web content (bsc#1205124). Update to version 2.38.2: - Fix scrolling issues in some sites having fixed background. - Fix prolonged buffering during progressive live playback. - Fix the build with accessibility disabled. - Fix several crashes and rendering issues. Update to version 2.38.1: - Make xdg-dbus-proxy work if host session bus address is an abstract socket. - Use a single xdg-dbus-proxy process when sandbox is enabled. - Fix high resolution video playback due to unimplemented changeType operation. - Ensure GSubprocess uses posix_spawn() again and inherit file descriptors. - Fix player stucking in buffering (paused) state for progressive streaming. - Do not try to preconnect on link click when link preconnect setting is disabled. - Fix close status code returned when the client closes a WebSocket in some cases. - Fix media player duration calculation. - Fix several crashes and rendering issues. Update to version 2.38.0: - New media controls UI style. - Add new API to set WebView's Content-Security-Policy for web extensions support. - Make it possible to use the remote inspector from other browsers using WEBKIT_INSPECTOR_HTTP_SERVER env var. - MediaSession is enabled by default, allowing remote media control using MPRIS. - Add support for PDF documents using PDF.js. Important SUSE bug 1205120 SUSE bug 1205121 SUSE bug 1205122 SUSE bug 1205123 SUSE bug 1205124 CVE-2022-32888 CVE-2022-32923 CVE-2022-42799 CVE-2022-42823 CVE-2022-42824 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_8_0-ibm fixes the following issues: - CVE-2022-21626: An unauthenticated attacker with network access via HTTPS can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204471). - CVE-2022-21618: An unauthenticated attacker with network access via Kerberos can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204468). - CVE-2022-21619: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE (bsc#1204473). - CVE-2022-21628: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204472). - CVE-2022-21624: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise (bsc#1204475). - CVE-2022-39399: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204480). - Update to Java 8.0 Service Refresh 7 Fix Pack 20 [bsc#1205302] * Security: - The IBM ORB Does Not Support Object-Serialisation Data Filtering - Large Allocation In CipherSuite - Avoid Evaluating Sslalgorithmconstraints Twice - Cache The Results Of Constraint Checks - An incorrect ShortBufferException is thrown by IBMJCEPlus, IBMJCEPlusFIPS during cipher update operation - Disable SHA-1 Signed Jars For Ea - JSSE Performance Improvement - Oracle Road Map Kerberos Deprecation Of 3DES And RC4 Encryption * Java 8/Orb: - Upgrade ibmcfw.jar To Version o2228.02 * Class Libraries: - Crash In Libjsor.So During An Rdma Failover - High CPU Consumption Observed In ZosEventPort$EventHandlerTask.run - Update Timezone Information To The Latest tzdata2022c * Jit Compiler: - Crash During JIT Compilation - Incorrect JIT Optimization Of Java Code - Incorrect Return From Class.isArray() - Unexpected ClassCastException - Performance Regression When Calling VM Helper Code On X86 * X/Os Extentions: - Add RSA-OAEP Cipher Function To IBMJCECCA - Update to Java 8.0 Service Refresh 7 Fix Pack 16 * Java Virtual Machine - Assertion failure at ClassLoaderRememberedSet.cpp - Assertion failure at StandardAccessBarrier.cpp when -Xgc:concurrentScavenge is set. - GC can have unflushed ownable synchronizer objects which can eventually lead to heap corruption and failure when -Xgc:concurrentScavenge is set. * JIT Compiler: - Incorrect JIT optimization of Java code - JAVA JIT Power: JIT compile time assert on AIX or LINUXPPC * Reliability and Serviceability: - javacore with 'kill -3' SIGQUIT signal freezes Java process Moderate SUSE bug 1204468 SUSE bug 1204471 SUSE bug 1204472 SUSE bug 1204473 SUSE bug 1204475 SUSE bug 1204480 SUSE bug 1205302 CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-39399 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for supportutils fixes the following issues: Security issues fixed: - Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818) Moderate SUSE bug 1203818 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for grub2 fixes the following issues: Security Fixes: - CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178). - CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182). Other: - Bump upstream SBAT generation to 3 - Fix unreadable filesystem with xfs v4 superblock (bsc#1205520). - Remove zfs modules (bsc#1205554). Important SUSE bug 1205178 SUSE bug 1205182 SUSE bug 1205520 SUSE bug 1205554 CVE-2022-2601 CVE-2022-3775 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for tomcat fixes the following issues: - CVE-2022-42252: Fixed a request smuggling (bsc#1204918). Important SUSE bug 1204918 CVE-2022-42252 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for emacs fixes the following issues: - CVE-2022-45939: Fixed shell command injection via source code files when using ctags (bsc#1205822). Important SUSE bug 1205822 CVE-2022-45939 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). Important SUSE bug 1205126 CVE-2022-42898 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u352 (icedtea-3.25.0): - CVE-2022-21619,CVE-2022-21624: Fixed difficult to exploit vulnerability allows unauthenticated attacker with network access and can cause unauthorized update, insert or delete access via multiple protocols (bsc#1204473,bsc#1204475). - CVE-2022-21626: Fixed easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to cause partial denial of service (bsc#1204471). - CVE-2022-21628: Fixed easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to cause partial denial of service (bsc#1204472). Moderate SUSE bug 1204471 SUSE bug 1204472 SUSE bug 1204473 SUSE bug 1204475 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 glibc was updated to fix the following issues: Security issues fixed: - CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640) - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770) Bugs fixed: - Make endian-conversion macros always return correct types (bsc#1193478, BZ #16458) - Allow dlopen of filter object to work (bsc#1192620, BZ #16272) - x86: fix stack alignment in cancelable syscall stub (bsc#1191835) Important SUSE bug 1191835 SUSE bug 1192620 SUSE bug 1193478 SUSE bug 1194640 SUSE bug 1194768 SUSE bug 1194770 CVE-2021-3999 CVE-2022-23218 CVE-2022-23219 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 102.6.0 ESR (bsc#1206242): - CVE-2022-46880: Use-after-free in WebGL - CVE-2022-46872: Arbitrary file read from a compromised content process - CVE-2022-46881: Memory corruption in WebGL - CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions - CVE-2022-46875: Download Protections were bypassed by .atloc and .ftploc files on Mac OS - CVE-2022-46882: Use-after-free in WebGL - CVE-2022-46878: Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6 Important SUSE bug 1206242 CVE-2022-46872 CVE-2022-46874 CVE-2022-46875 CVE-2022-46878 CVE-2022-46880 CVE-2022-46881 CVE-2022-46882 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for zabbix fixes the following issues: - CVE-2022-43515: X-Forwarded-For header is active by default causes access to Zabbix sites in maintenance mode (bsc#1206083). Moderate SUSE bug 1206083 CVE-2022-43515 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xorg-x11-server fixes the following issues: - CVE-2022-46340: Server XTestSwapFakeInput stack overflow (bsc#1205874) - CVE-2022-46341: Server XIPassiveUngrabDevice out-of-bounds access (bsc#1205877) - CVE-2022-46342: Server XvdiSelectVideoNotify use-after-free (bsc#1205879) - CVE-2022-46343: Server ScreenSaverSetAttributes use-after-free (bsc#1205878) - CVE-2022-46344: Server XIChangeProperty out-of-bounds access (bsc#1205876) - CVE-2022-4283: Reset the radio_groups pointer to NULL after freeing it (bsc#1206017) - Xi: return an error from XI property changes if verification failed (bsc#1205875) Important SUSE bug 1205874 SUSE bug 1205875 SUSE bug 1205876 SUSE bug 1205877 SUSE bug 1205878 SUSE bug 1205879 SUSE bug 1206017 CVE-2022-4283 CVE-2022-46340 CVE-2022-46341 CVE-2022-46342 CVE-2022-46343 CVE-2022-46344 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_7_1-ibm fixes the following issues: IBM Security Update November 2022: (bsc#1205302, bsc#1204703) - CVE-2022-3676: A security vulnerability was fixed in version 7.1.5.15, adding the reference here. Moderate SUSE bug 1204703 SUSE bug 1205302 CVE-2022-3676 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_8_0-ibm fixes the following issues: IBM Security Update November 2022: (bsc#1205302, bsc#1204703) - CVE-2022-3676: A security vulnerability was fixed in version 8.0.7.20, adding the reference here. Moderate SUSE bug 1204703 SUSE bug 1205302 CVE-2022-3676 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-42328: Guests could trigger denial of service via the netback driver (bsc#1206114). - CVE-2022-42329: Guests could trigger denial of service via the netback driver (bsc#1206113). - CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bsc#1206113). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bsc#1202686). - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bsc#1198702). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bsc#1204653). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bsc#1204402). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bsc#1204635). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bsc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bsc#1204647). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bsc#1204574). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bsc#1204479). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204431). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bsc#1204354). - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory (bsc#1203514). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bsc#1204168). - CVE-2022-3169: Fixed an denial of service though request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290). - CVE-2022-40307: Fixed a race condition that could had been exploited to trigger a use-after-free in the efi firmware capsule-loader.c (bsc#1203322). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-3521: Fixed a race condition in kcm_tx_work() of the file net/kcm/kcmsock.c (bsc#1204355). - CVE-2022-2153: Fixed a NULL pointer dereference in the KVM subsystem, when attempting to set a SynIC IRQ (bsc#1200788). - CVE-2022-41848: Fixed a race condition in drivers/char/pcmcia/synclink_cs.c mgslpc_ioctl and mgslpc_detach (bsc#1203987). The following non-security bugs were fixed: - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - sunrpc: Re-purpose trace_svc_process (bsc#1205006). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - x86/hyperv: Set pv_info.name to 'Hyper-V' (git-fixes). Important SUSE bug 1196018 SUSE bug 1198702 SUSE bug 1200788 SUSE bug 1201455 SUSE bug 1202686 SUSE bug 1203008 SUSE bug 1203183 SUSE bug 1203290 SUSE bug 1203322 SUSE bug 1203514 SUSE bug 1203960 SUSE bug 1203987 SUSE bug 1204166 SUSE bug 1204168 SUSE bug 1204170 SUSE bug 1204354 SUSE bug 1204355 SUSE bug 1204402 SUSE bug 1204414 SUSE bug 1204415 SUSE bug 1204424 SUSE bug 1204431 SUSE bug 1204432 SUSE bug 1204439 SUSE bug 1204479 SUSE bug 1204574 SUSE bug 1204576 SUSE bug 1204631 SUSE bug 1204635 SUSE bug 1204636 SUSE bug 1204646 SUSE bug 1204647 SUSE bug 1204653 SUSE bug 1204868 SUSE bug 1205006 SUSE bug 1205128 SUSE bug 1205130 SUSE bug 1205220 SUSE bug 1205473 SUSE bug 1205514 SUSE bug 1205671 SUSE bug 1205705 SUSE bug 1205709 SUSE bug 1205796 SUSE bug 1206113 SUSE bug 1206114 SUSE bug 1206207 CVE-2021-4037 CVE-2022-2153 CVE-2022-28693 CVE-2022-28748 CVE-2022-2964 CVE-2022-3169 CVE-2022-3424 CVE-2022-3521 CVE-2022-3524 CVE-2022-3542 CVE-2022-3545 CVE-2022-3565 CVE-2022-3567 CVE-2022-3586 CVE-2022-3594 CVE-2022-3621 CVE-2022-3628 CVE-2022-3629 CVE-2022-3635 CVE-2022-3643 CVE-2022-3646 CVE-2022-3649 CVE-2022-3903 CVE-2022-40307 CVE-2022-40768 CVE-2022-4095 CVE-2022-41848 CVE-2022-41850 CVE-2022-41858 CVE-2022-42328 CVE-2022-42329 CVE-2022-42703 CVE-2022-42895 CVE-2022-42896 CVE-2022-43750 CVE-2022-4378 CVE-2022-43945 CVE-2022-45934 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for vim fixes the following issues: Updated to version 9.0.0814: * Fixing bsc#1192478 VUL-1: CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow * Fixing bsc#1203508 VUL-0: CVE-2022-3234: vim: Heap-based Buffer Overflow prior to 9.0.0483. * Fixing bsc#1203509 VUL-1: CVE-2022-3235: vim: Use After Free in GitHub prior to 9.0.0490. * Fixing bsc#1203820 VUL-0: CVE-2022-3324: vim: Stack-based Buffer Overflow in prior to 9.0.0598. * Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c * Fixing bsc#1203152 VUL-1: CVE-2022-2982: vim: use after free in qf_fill_buffer() * Fixing bsc#1203796 VUL-1: CVE-2022-3296: vim: stack out of bounds read in ex_finally() in ex_eval.c * Fixing bsc#1203797 VUL-1: CVE-2022-3297: vim: use-after-free in process_next_cpt_value() at insexpand.c * Fixing bsc#1203110 VUL-1: CVE-2022-3099: vim: Use After Free in ex_docmd.c * Fixing bsc#1203194 VUL-1: CVE-2022-3134: vim: use after free in do_tag() * Fixing bsc#1203272 VUL-1: CVE-2022-3153: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404. * Fixing bsc#1203799 VUL-1: CVE-2022-3278: vim: NULL pointer dereference in eval_next_non_blank() in eval.c * Fixing bsc#1203924 VUL-1: CVE-2022-3352: vim: vim: use after free * Fixing bsc#1203155 VUL-1: CVE-2022-2980: vim: null pointer dereference in do_mouse() * Fixing bsc#1202962 VUL-1: CVE-2022-3037: vim: Use After Free in vim prior to 9.0.0321 * Fixing bsc#1200884 Vim: Error on startup * Fixing bsc#1200902 VUL-0: CVE-2022-2183: vim: Out-of-bounds Read through get_lisp_indent() Mon 13:32 * Fixing bsc#1200903 VUL-0: CVE-2022-2182: vim: Heap-based Buffer Overflow through parse_cmd_address() Tue 08:37 * Fixing bsc#1200904 VUL-0: CVE-2022-2175: vim: Buffer Over-read through cmdline_insert_reg() Tue 08:37 * Fixing bsc#1201249 VUL-0: CVE-2022-2304: vim: stack buffer overflow in spell_dump_compl() * Fixing bsc#1201356 VUL-1: CVE-2022-2343: vim: Heap-based Buffer Overflow in GitHub repository vim prior to 9.0.0044 * Fixing bsc#1201359 VUL-1: CVE-2022-2344: vim: Another Heap-based Buffer Overflow vim prior to 9.0.0045 * Fixing bsc#1201363 VUL-1: CVE-2022-2345: vim: Use After Free in GitHub repository vim prior to 9.0.0046. * Fixing bsc#1201620 vim: SLE-15-SP4-Full-x86_64-GM-Media1 and vim-plugin-tlib-1.27-bp154.2.18.noarch issue * Fixing bsc#1202414 VUL-1: CVE-2022-2819: vim: Heap-based Buffer Overflow in compile_lock_unlock() * Fixing bsc#1202552 VUL-1: CVE-2022-2874: vim: NULL Pointer Dereference in generate_loadvar() * Fixing bsc#1200270 VUL-1: CVE-2022-1968: vim: use after free in utf_ptr2char * Fixing bsc#1200697 VUL-1: CVE-2022-2124: vim: out of bounds read in current_quote() * Fixing bsc#1200698 VUL-1: CVE-2022-2125: vim: out of bounds read in get_lisp_indent() * Fixing bsc#1200700 VUL-1: CVE-2022-2126: vim: out of bounds read in suggest_trie_walk() * Fixing bsc#1200701 VUL-1: CVE-2022-2129: vim: out of bounds write in vim_regsub_both() * Fixing bsc#1200732 VUL-1: CVE-2022-1720: vim: out of bounds read in grab_file_name() * Fixing bsc#1201132 VUL-1: CVE-2022-2264: vim: out of bounds read in inc() * Fixing bsc#1201133 VUL-1: CVE-2022-2284: vim: out of bounds read in utfc_ptr2len() * Fixing bsc#1201134 VUL-1: CVE-2022-2285: vim: negative size passed to memmove() due to integer overflow * Fixing bsc#1201135 VUL-1: CVE-2022-2286: vim: out of bounds read in ins_bytes() * Fixing bsc#1201136 VUL-1: CVE-2022-2287: vim: out of bounds read in suggest_trie_walk() * Fixing bsc#1201150 VUL-1: CVE-2022-2231: vim: null pointer dereference skipwhite() * Fixing bsc#1201151 VUL-1: CVE-2022-2210: vim: out of bounds read in ml_append_int() * Fixing bsc#1201152 VUL-1: CVE-2022-2208: vim: null pointer dereference in diff_check() * Fixing bsc#1201153 VUL-1: CVE-2022-2207: vim: out of bounds read in ins_bs() * Fixing bsc#1201154 VUL-1: CVE-2022-2257: vim: out of bounds read in msg_outtrans_special() * Fixing bsc#1201155 VUL-1: CVE-2022-2206: vim: out of bounds read in msg_outtrans_attr() * Fixing bsc#1201863 VUL-1: CVE-2022-2522: vim: out of bounds read via nested autocommand * Fixing bsc#1202046 VUL-1: CVE-2022-2571: vim: Heap-based Buffer Overflow related to ins_comp_get_next_word_or_line() * Fixing bsc#1202049 VUL-1: CVE-2022-2580: vim: Heap-based Buffer Overflow related to eval_string() * Fixing bsc#1202050 VUL-1: CVE-2022-2581: vim: Out-of-bounds Read related to cstrchr() * Fixing bsc#1202051 VUL-1: CVE-2022-2598: vim: Undefined Behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput() * Fixing bsc#1202420 VUL-1: CVE-2022-2817: vim: Use After Free in f_assert_fails() * Fixing bsc#1202421 VUL-1: CVE-2022-2816: vim: Out-of-bounds Read in check_vim9_unlet() * Fixing bsc#1202511 VUL-1: CVE-2022-2862: vim: use-after-free in compile_nested_function() * Fixing bsc#1202512 VUL-1: CVE-2022-2849: vim: Invalid memory access related to mb_ptr2len() * Fixing bsc#1202515 VUL-1: CVE-2022-2845: vim: Buffer Over-read related to display_dollar() * Fixing bsc#1202599 VUL-1: CVE-2022-2889: vim: use-after-free in find_var_also_in_script() in evalvars.c * Fixing bsc#1202687 VUL-1: CVE-2022-2923: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240 * Fixing bsc#1202689 VUL-1: CVE-2022-2946: vim: use after free in function vim_vsnprintf_typval * Fixing bsc#1202862 VUL-1: CVE-2022-3016: vim: Use After Free in vim prior to 9.0.0285 Mon 12:00 * Fixing bsc#1191770 VUL-0: CVE-2021-3875: vim: heap-based buffer overflow * Fixing bsc#1192167 VUL-0: CVE-2021-3903: vim: heap-based buffer overflow * Fixing bsc#1192902 VUL-0: CVE-2021-3968: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1192903 VUL-0: CVE-2021-3973: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1192904 VUL-0: CVE-2021-3974: vim: vim is vulnerable to Use After Free * Fixing bsc#1193466 VUL-1: CVE-2021-4069: vim: use-after-free in ex_open() in src/ex_docmd.c * Fixing bsc#1193905 VUL-0: CVE-2021-4136: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1194093 VUL-1: CVE-2021-4166: vim: vim is vulnerable to Out-of-bounds Read * Fixing bsc#1194216 VUL-1: CVE-2021-4193: vim: vulnerable to Out-of-bounds Read * Fixing bsc#1194217 VUL-0: CVE-2021-4192: vim: vulnerable to Use After Free * Fixing bsc#1194872 VUL-0: CVE-2022-0261: vim: Heap-based Buffer Overflow in vim prior to 8.2. * Fixing bsc#1194885 VUL-0: CVE-2022-0213: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1195004 VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in vim prior to 8.2. * Fixing bsc#1195203 VUL-0: CVE-2022-0359: vim: heap-based buffer overflow in init_ccline() in ex_getln.c * Fixing bsc#1195354 VUL-0: CVE-2022-0407: vim: Heap-based Buffer Overflow in Conda vim prior to 8.2. * Fixing bsc#1198596 VUL-0: CVE-2022-1381: vim: global heap buffer overflow in skip_range * Fixing bsc#1199331 VUL-0: CVE-2022-1616: vim: Use after free in append_command * Fixing bsc#1199333 VUL-0: CVE-2022-1619: vim: Heap-based Buffer Overflow in function cmdline_erase_chars * Fixing bsc#1199334 VUL-0: CVE-2022-1620: vim: NULL Pointer Dereference in function vim_regexec_string * Fixing bsc#1199747 VUL-0: CVE-2022-1796: vim: Use After in find_pattern_in_path * Fixing bsc#1200010 VUL-0: CVE-2022-1897: vim: Out-of-bounds Write in vim * Fixing bsc#1200011 VUL-0: CVE-2022-1898: vim: Use After Free in vim prior to 8.2 * Fixing bsc#1200012 VUL-0: CVE-2022-1927: vim: Buffer Over-read in vim prior to 8.2 * Fixing bsc#1070955 VUL-1: CVE-2017-17087: vim: Sets the group ownership of a .swp file to the editor's primary group, which allows local users to obtain sensitive information * Fixing bsc#1194388 VUL-1: CVE-2022-0128: vim: vim is vulnerable to Out-of-bounds Read * Fixing bsc#1195332 VUL-1: CVE-2022-0392: vim: Heap-based Buffer Overflow in vim prior to 8.2 * Fixing bsc#1196361 VUL-1: CVE-2022-0696: vim: NULL Pointer Dereference in vim prior to 8.2 * Fixing bsc#1198748 VUL-1: CVE-2022-1420: vim: Out-of-range Pointer Offset * Fixing bsc#1199651 VUL-1: CVE-2022-1735: vim: heap buffer overflow * Fixing bsc#1199655 VUL-1: CVE-2022-1733: vim: Heap-based Buffer Overflow in cindent.c * Fixing bsc#1199693 VUL-1: CVE-2022-1771: vim: stack exhaustion in vim prior to 8.2. * Fixing bsc#1199745 VUL-1: CVE-2022-1785: vim: Out-of-bounds Write * Fixing bsc#1199936 VUL-1: CVE-2022-1851: vim: out of bounds read * Fixing bsc#1195004 - (CVE-2022-0318) VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in vim prior to 8.2. * Fixing bsc#1190570 CVE-2021-3796: vim: use-after-free in nv_replace() in normal.c * Fixing bsc#1191893 CVE-2021-3872: vim: heap-based buffer overflow in win_redr_status() drawscreen.c * Fixing bsc#1192481 CVE-2021-3927: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1192478 CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow * Fixing bsc#1193294 CVE-2021-4019: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1193298 CVE-2021-3984: vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow * Fixing bsc#1190533 CVE-2021-3778: vim: Heap-based Buffer Overflow in regexp_nfa.c * Fixing bsc#1194216 CVE-2021-4193: vim: vulnerable to Out-of-bounds Read * Fixing bsc#1194556 CVE-2021-46059: vim: A Pointer Dereference vulnerability exists in Vim 8.2.3883 via the vim_regexec_multi function at regexp.c, which causes a denial of service. * Fixing bsc#1195066 CVE-2022-0319: vim: Out-of-bounds Read in vim/vim prior to 8.2. * Fixing bsc#1195126 CVE-2022-0351: vim: uncontrolled recursion in eval7() * Fixing bsc#1195202 CVE-2022-0361: vim: Heap-based Buffer Overflow in vim prior to 8.2. * Fixing bsc#1195356 CVE-2022-0413: vim: use after free in src/ex_cmds.c Moderate SUSE bug 1070955 SUSE bug 1173256 SUSE bug 1174564 SUSE bug 1176549 SUSE bug 1182324 SUSE bug 1190533 SUSE bug 1190570 SUSE bug 1191770 SUSE bug 1191893 SUSE bug 1192167 SUSE bug 1192478 SUSE bug 1192481 SUSE bug 1192902 SUSE bug 1192903 SUSE bug 1192904 SUSE bug 1193294 SUSE bug 1193298 SUSE bug 1193466 SUSE bug 1193905 SUSE bug 1194093 SUSE bug 1194216 SUSE bug 1194217 SUSE bug 1194388 SUSE bug 1194556 SUSE bug 1194872 SUSE bug 1194885 SUSE bug 1195004 SUSE bug 1195066 SUSE bug 1195126 SUSE bug 1195202 SUSE bug 1195203 SUSE bug 1195332 SUSE bug 1195354 SUSE bug 1195356 SUSE bug 1196361 SUSE bug 1198596 SUSE bug 1198748 SUSE bug 1199331 SUSE bug 1199333 SUSE bug 1199334 SUSE bug 1199651 SUSE bug 1199655 SUSE bug 1199693 SUSE bug 1199745 SUSE bug 1199747 SUSE bug 1199936 SUSE bug 1200010 SUSE bug 1200011 SUSE bug 1200012 SUSE bug 1200270 SUSE bug 1200697 SUSE bug 1200698 SUSE bug 1200700 SUSE bug 1200701 SUSE bug 1200732 SUSE bug 1200884 SUSE bug 1200902 SUSE bug 1200903 SUSE bug 1200904 SUSE bug 1201132 SUSE bug 1201133 SUSE bug 1201134 SUSE bug 1201135 SUSE bug 1201136 SUSE bug 1201150 SUSE bug 1201151 SUSE bug 1201152 SUSE bug 1201153 SUSE bug 1201154 SUSE bug 1201155 SUSE bug 1201249 SUSE bug 1201356 SUSE bug 1201359 SUSE bug 1201363 SUSE bug 1201620 SUSE bug 1201863 SUSE bug 1202046 SUSE bug 1202049 SUSE bug 1202050 SUSE bug 1202051 SUSE bug 1202414 SUSE bug 1202420 SUSE bug 1202421 SUSE bug 1202511 SUSE bug 1202512 SUSE bug 1202515 SUSE bug 1202552 SUSE bug 1202599 SUSE bug 1202687 SUSE bug 1202689 SUSE bug 1202862 SUSE bug 1202962 SUSE bug 1203110 SUSE bug 1203152 SUSE bug 1203155 SUSE bug 1203194 SUSE bug 1203272 SUSE bug 1203508 SUSE bug 1203509 SUSE bug 1203796 SUSE bug 1203797 SUSE bug 1203799 SUSE bug 1203820 SUSE bug 1203924 SUSE bug 1204779 CVE-2009-0316 CVE-2016-1248 CVE-2017-17087 CVE-2017-5953 CVE-2017-6349 CVE-2017-6350 CVE-2021-3778 CVE-2021-3796 CVE-2021-3872 CVE-2021-3875 CVE-2021-3903 CVE-2021-3927 CVE-2021-3928 CVE-2021-3968 CVE-2021-3973 CVE-2021-3974 CVE-2021-3984 CVE-2021-4019 CVE-2021-4069 CVE-2021-4136 CVE-2021-4166 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 CVE-2022-0213 CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0392 CVE-2022-0407 CVE-2022-0413 CVE-2022-0696 CVE-2022-1381 CVE-2022-1420 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1720 CVE-2022-1733 CVE-2022-1735 CVE-2022-1771 CVE-2022-1785 CVE-2022-1796 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1927 CVE-2022-1968 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2175 CVE-2022-2182 CVE-2022-2183 CVE-2022-2206 CVE-2022-2207 CVE-2022-2208 CVE-2022-2210 CVE-2022-2231 CVE-2022-2257 CVE-2022-2264 CVE-2022-2284 CVE-2022-2285 CVE-2022-2286 CVE-2022-2287 CVE-2022-2304 CVE-2022-2343 CVE-2022-2344 CVE-2022-2345 CVE-2022-2522 CVE-2022-2571 CVE-2022-2580 CVE-2022-2581 CVE-2022-2598 CVE-2022-2816 CVE-2022-2817 CVE-2022-2819 CVE-2022-2845 CVE-2022-2849 CVE-2022-2862 CVE-2022-2874 CVE-2022-2889 CVE-2022-2923 CVE-2022-2946 CVE-2022-2980 CVE-2022-2982 CVE-2022-3016 CVE-2022-3037 CVE-2022-3099 CVE-2022-3134 CVE-2022-3153 CVE-2022-3234 CVE-2022-3235 CVE-2022-3278 CVE-2022-3296 CVE-2022-3297 CVE-2022-3324 CVE-2022-3352 CVE-2022-3705 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 Important SUSE bug 1206212 SUSE bug 1206622 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for virglrenderer fixes the following issues: - CVE-2022-0135: Fixed out-of-bonds write in read_transfer_data() (bsc#1195389). Important SUSE bug 1195389 CVE-2022-0135 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). Important SUSE bug 1195054 SUSE bug 1195217 CVE-2022-23852 CVE-2022-23990 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for tiff fixes the following issues: - CVE-2017-17095: Fixed DoS in tools/pal2rgb.c in pal2rgb (bsc#1071031). - CVE-2019-17546: Fixed integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image (bsc#1154365). - CVE-2020-19131: Fixed buffer overflow in tiffcrop that may cause DoS via the invertImage() function (bsc#1190312). - CVE-2020-35521: Fixed memory allocation failure in tif_read.c (bsc#1182808). - CVE-2020-35522: Fixed memory allocation failure in tif_pixarlog.c (bsc#1182809). - CVE-2020-35523: Fixed integer overflow in tif_getimage.c (bsc#1182811). - CVE-2020-35524: Fixed heap-based buffer overflow in TIFF2PDF tool (bsc#1182812). - CVE-2022-22844: Fixed out-of-bounds read in _TIFFmemcpy in tif_unix.c (bsc#1194539). Important SUSE bug 1071031 SUSE bug 1154365 SUSE bug 1182808 SUSE bug 1182809 SUSE bug 1182811 SUSE bug 1182812 SUSE bug 1190312 SUSE bug 1194539 CVE-2017-17095 CVE-2019-17546 CVE-2020-19131 CVE-2020-35521 CVE-2020-35522 CVE-2020-35523 CVE-2020-35524 CVE-2022-22844 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for tcpdump fixes the following issues: - CVE-2018-16301: Fixed segfault when handling large files (bsc#1195825). Moderate SUSE bug 1195825 CVE-2018-16301 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xerces-j2 fixes the following issues: - CVE-2022-23437: Fixed infinite loop within Apache XercesJ xml parser (bsc#1195108). Important SUSE bug 1195108 CVE-2022-23437 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.6.0 ESR / MFSA 2022-05 (bsc#1195682) - CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance Service - CVE-2022-22754: Extensions could have bypassed permission confirmation during update - CVE-2022-22756: Drag and dropping an image could have resulted in the dropped object being an executable - CVE-2022-22759: Sandboxed iframes could have executed script if the parent appended elements - CVE-2022-22760: Cross-Origin responses could be distinguished between script and non-script content-types - CVE-2022-22761: frame-ancestors Content Security Policy directive was not enforced for framed extension pages - CVE-2022-22763: Script Execution during invalid object state - CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6 Firefox Extended Support Release 91.5.1 ESR (bsc#1195230) - Fixed an issue that allowed unexpected data to be submitted in some of our search telemetry Important SUSE bug 1195230 SUSE bug 1195682 CVE-2022-22753 CVE-2022-22754 CVE-2022-22756 CVE-2022-22759 CVE-2022-22760 CVE-2022-22761 CVE-2022-22763 CVE-2022-22764 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220207 release. - CVE-2021-0146: Fixed a potential security vulnerability in some Intel Processors may allow escalation of privilege (bsc#1192615) - CVE-2021-0127: Intel Processor Breakpoint Control Flow (bsc#1195779) - CVE-2021-0145: Fast store forward predictor - Cross Domain Training (bsc#1195780) - CVE-2021-33120: Out of bounds read for some Intel Atom processors (bsc#1195781) - Security updates for [INTEL-SA-00528](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html) - Security updates for [INTEL-SA-00532](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00532.html) Important SUSE bug 1192615 SUSE bug 1195779 SUSE bug 1195780 SUSE bug 1195781 CVE-2021-0127 CVE-2021-0145 CVE-2021-0146 CVE-2021-33120 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for apache2 fixes the following issues: - CVE-2021-44224: Fixed NULL dereference or SSRF in forward proxy configurations. (bsc#1193943) - CVE-2021-44790: Fixed buffer overflow when parsing multipart content in mod_lua. (bsc#1193942) Important SUSE bug 1193942 SUSE bug 1193943 CVE-2021-44224 CVE-2021-44790 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for webkit2gtk3 fixes the following issues: Update to version 2.34.5 (bsc#1195735): - CVE-2022-22589: A validation issue was addressed with improved input sanitization. - CVE-2022-22590: A use after free issue was addressed with improved memory management. - CVE-2022-22592: A logic issue was addressed with improved state management. Update to version 2.34.4 (bsc#1195064): - CVE-2021-30934: A buffer overflow issue was addressed with improved memory handling. - CVE-2021-30936: A use after free issue was addressed with improved memory management. - CVE-2021-30951: A use after free issue was addressed with improved memory management. - CVE-2021-30952: An integer overflow was addressed with improved input validation. - CVE-2021-30953: An out-of-bounds read was addressed with improved bounds checking. - CVE-2021-30954: A type confusion issue was addressed with improved memory handling. - CVE-2021-30984: A race condition was addressed with improved state handling. - CVE-2022-22594: A cross-origin issue in the IndexDB API was addressed with improved input validation. The following CVEs were addressed in a previous update: - CVE-2021-45481: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create. - CVE-2021-45482: A use-after-free in WebCore::ContainerNode::firstChild. - CVE-2021-45483: A use-after-free in WebCore::Frame::page. Important SUSE bug 1195064 SUSE bug 1195735 CVE-2021-30934 CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 CVE-2021-45481 CVE-2021-45482 CVE-2021-45483 CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 CVE-2022-22594 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). Important SUSE bug 1196036 CVE-2022-24407 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). Important SUSE bug 1196025 SUSE bug 1196026 SUSE bug 1196168 SUSE bug 1196169 SUSE bug 1196171 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for zsh fixes the following issues: - CVE-2021-45444: Fixed a vulnerability where arbitrary shell commands could be executed related to prompt expansion (bsc#1196435). - CVE-2019-20044: Fixed a vulnerability where shell privileges would not be properly dropped when unsetting the PRIVILEGED option (bsc#1163882). - CVE-2018-1100: Fixed a potential code execution via a stack-based buffer overflow in utils.c:checkmailpath() (bsc#1089030). Important SUSE bug 1089030 SUSE bug 1163882 SUSE bug 1196435 CVE-2018-1100 CVE-2019-20044 CVE-2021-45444 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155). - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897). - CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516). - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). - CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). The following non-security bugs were fixed: - NFSv4.x: by default serialize open/close operations (bsc#1114893 bsc#1195934). - crypto: af_alg - get_page upon reassignment to TX SGL (bsc#1195840). - hv_netvsc: fix network namespace issues with VF support (bsc#1107207). - hv_netvsc: move VF to same namespace as netvsc device (bsc#1107207). - lib/iov_iter: initialize 'flags' in new pipe_buffer (bsc#1196584). Important SUSE bug 1107207 SUSE bug 1114893 SUSE bug 1185973 SUSE bug 1191580 SUSE bug 1194516 SUSE bug 1195536 SUSE bug 1195543 SUSE bug 1195612 SUSE bug 1195840 SUSE bug 1195897 SUSE bug 1195908 SUSE bug 1195934 SUSE bug 1195949 SUSE bug 1195987 SUSE bug 1196079 SUSE bug 1196155 SUSE bug 1196584 SUSE bug 1196601 SUSE bug 1196612 CVE-2021-44879 CVE-2022-0001 CVE-2022-0002 CVE-2022-0487 CVE-2022-0492 CVE-2022-0617 CVE-2022-0644 CVE-2022-0847 CVE-2022-24448 CVE-2022-24959 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.6.1 ESR (bsc#1196809): - CVE-2022-26485: Use-after-free in XSLT parameter processing - CVE-2022-26486: Use-after-free in WebGPU IPC Framework Important SUSE bug 1196809 CVE-2022-26485 CVE-2022-26486 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for mariadb fixes the following issues: - Update to 10.2.43 (bsc#1196016): * 10.2.43: CVE-2021-46665 CVE-2021-46664 CVE-2021-46661 CVE-2021-46668 CVE-2021-46663 * 10.2.42: CVE-2022-24052 CVE-2022-24051 CVE-2022-24050 CVE-2022-24048 CVE-2021-46659, bsc#1195339 - The following issues have already been fixed in this package but weren't previously mentioned in the changes file: CVE-2021-46658, bsc#1195334 CVE-2021-46657, bsc#1195325 Important SUSE bug 1195325 SUSE bug 1195334 SUSE bug 1195339 SUSE bug 1196016 CVE-2021-46657 CVE-2021-46658 CVE-2021-46659 CVE-2021-46661 CVE-2021-46663 CVE-2021-46664 CVE-2021-46665 CVE-2021-46668 CVE-2022-24048 CVE-2022-24050 CVE-2022-24051 CVE-2022-24052 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for tomcat fixes the following issues: Security issues fixed: - CVE-2022-23181: Fixed time of check, time of use vulnerability that allowed local privilege escalation. (bsc#1195255) - Remove log4j dependency, which is currently directly in use (bsc#1196137) - Make the package RPM conflict even more specific to conflict with java-openjdk-headless >= 9 (bsc#1196091) Important SUSE bug 1195255 SUSE bug 1196091 SUSE bug 1196137 CVE-2022-23181 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for webkit2gtk3 fixes the following issues: Update to version 2.34.6 (bsc#1196133): - CVE-2022-22620: Processing maliciously crafted web content may have lead to arbitrary code execution. Important SUSE bug 1196133 CVE-2022-22620 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libcaca fixes the following issues: - CVE-2021-30498, CVE-2021-30499: If an image has a size of 0x0, when exporting, no data is written and space is allocated for the header only, not taking into account that sprintf appends a NUL byte (bsc#1184751, bsc#1184752). Important SUSE bug 1184751 SUSE bug 1184752 CVE-2021-30498 CVE-2021-30499 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.7.0 ESR (bsc#1196900): - CVE-2022-26383: Browser window spoof using fullscreen mode - CVE-2022-26384: iframe allow-scripts sandbox bypass - CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on signatures - CVE-2022-26381: Use-after-free in text reflows - CVE-2022-26386: Temporary files downloaded to /tmp and accessible by other local users Important SUSE bug 1196900 CVE-2022-26381 CVE-2022-26383 CVE-2022-26384 CVE-2022-26386 CVE-2022-26387 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). Important SUSE bug 1196025 SUSE bug 1196784 CVE-2022-25236 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssl-1_0_0 fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). - Allow CRYPTO_THREADID_set_callback to be called with NULL parameter (bsc#1196249). Important SUSE bug 1196249 SUSE bug 1196877 CVE-2022-0778 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for compat-openssl098 fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). Important SUSE bug 1196877 CVE-2022-0778 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssl-1_1 fixes the following issues: Security issue fixed: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). Non-security issues fixed: - Fix PAC pointer authentication in ARM. (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version. (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) - Fix BIO_f_zlib: Properly handle BIO_CTRL_PENDING and BIO_CTRL_WPENDING calls. Important SUSE bug 1182959 SUSE bug 1195149 SUSE bug 1195792 SUSE bug 1195856 SUSE bug 1196877 CVE-2022-0778 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u322 (icedtea-3.22.0) Including the following security fixes: - CVE-2022-21248, bsc#1194926: Enhance cross VM serialization - CVE-2022-21283, bsc#1194937: Better String matching - CVE-2022-21293, bsc#1194935: Improve String constructions - CVE-2022-21294, bsc#1194934: Enhance construction of Identity maps - CVE-2022-21282, bsc#1194933: Better resolution of URIs - CVE-2022-21296, bsc#1194932: Improve SAX Parser configuration management - CVE-2022-21299, bsc#1194931: Improved scanning of XML entities - CVE-2022-21305, bsc#1194939: Better array indexing - CVE-2022-21340, bsc#1194940: Verify Jar Verification - CVE-2022-21341, bsc#1194941: Improve serial forms for transport - CVE-2022-21349: Improve Solaris font rendering - CVE-2022-21360, bsc#1194929: Enhance BMP image support - CVE-2022-21365, bsc#1194928: Enhanced BMP processing Important SUSE bug 1193314 SUSE bug 1193444 SUSE bug 1193491 SUSE bug 1194926 SUSE bug 1194928 SUSE bug 1194929 SUSE bug 1194931 SUSE bug 1194932 SUSE bug 1194933 SUSE bug 1194934 SUSE bug 1194935 SUSE bug 1194937 SUSE bug 1194939 SUSE bug 1194940 SUSE bug 1194941 SUSE bug 1195163 CVE-2022-21248 CVE-2022-21282 CVE-2022-21283 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21349 CVE-2022-21360 CVE-2022-21365 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for bind fixes the following issues: - CVE-2021-25220: Fixed a DNS cache poisoning vulnerability due to loose caching rules (bsc#1197135). Important SUSE bug 1197135 CVE-2021-25220 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for kernel-firmware fixes the following issues: Update Intel Bluetooth firmware (INTEL-SA-00604, bsc#1195786): - CVE-2021-33139, CVE-2021-33155: Improper conditions check in the firmware for some Intel Wireless Bluetooth and Killer Bluetooth products may allow an authenticated user to potentially cause denial of service via adjacent access. Moderate SUSE bug 1195786 CVE-2021-33139 CVE-2021-33155 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for apache2 fixes the following issues: - CVE-2022-23943: heap out-of-bounds write in mod_sed (bsc#1197098). - CVE-2022-22720: HTTP request smuggling due to incorrect error handling (bsc#1197095). - CVE-2022-22719: use of uninitialized value of in r:parsebody in mod_lua (bsc#1197091). - CVE-2022-22721: possible buffer overflow with very large or unlimited LimitXMLRequestBody (bsc#1197096). Important SUSE bug 1197091 SUSE bug 1197095 SUSE bug 1197096 SUSE bug 1197098 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 CVE-2022-23943 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions (bsc#1207082). Important SUSE bug 1207082 CVE-2023-22809 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for git fixes the following issues: - CVE-2022-41903: Fixed a heap overflow in the 'git archive' and 'git log --format' commands (bsc#1207033). - CVE-2022-23521: Fixed an integer overflow that could be triggered when parsing a gitattributes file (bsc#1207032). Important SUSE bug 1207032 SUSE bug 1207033 CVE-2022-23521 CVE-2022-41903 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for saphanabootstrap-formula fixes the following issues: - Version bump 0.13.1 * revert changes to spec file to re-enable SLES RPM builds * CVE-2022-45153: Fixed privilege escalation for arbitrary users in hana/ha_cluster.sls (bsc#1205990) - Version bump 0.13.0 * pass sid to sudoers in a SLES12 compatible way * add location constraint to gcp_stonith - Version bump 0.12.1 * moved templates dir into hana dir in repository to be gitfs compatible - Version bump 0.12.0 * add SAPHanaSR takeover blocker - Version bump 0.11.0 * use check_cmd instead of tmp sudoers file * make sudoers rules more secure * migrate sudoers to template file - Version bump 0.10.1 * fix hook removal conditions * fix majority_maker code on case grain is empty - Version bump 0.10.0 * allow to disable shared HANA basepath and rework add_hosts code (enables HANA scale-out on AWS) * do not edit global.ini directly (if not needed) - Version bump 0.9.1 * fix majority_maker code on case grain is empty - Version bump 0.9.0 * define vip_mechanism for every provider and reorder resources (same schema for all SAP related formulas) - Version bump 0.8.1 * use multi-target Hook on HANA scale-out - Version bump 0.8.0 * add HANA scale-out support * add idempotence to not affect a running HANA and cluster - Version bump 0.7.2 * add native fencing for microsoft-azure - fixes a not working import of dbapi in SUSE/ha-sap-terraform-deployments#703 - removes the installation and extraction of all hdbcli files in the /hana/shared/srHook directory - fixes execution order of srTakeover/srCostOptMemConfig hook - renames and updates hook srTakeover to srCostOptMemConfig - Changing exporter stickiness to => 0 and adjusting the colocation score from +inf to -inf and changing the colocation from Master to Slave. This change fix the impact of a failed exporter in regards to the HANA DB. - Document extra_parameters in pillar.example (bsc#1185643) - Change hanadb_exporter default timeout value to 30 seconds - Set correct stickiness for the azure-lb resource The azure-lb resource receives an stickiness=0 to not influence on transitions calculations as the HANA resources have more priority Important SUSE bug 1185643 SUSE bug 1205990 CVE-2022-45153 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: - Updated to version 102.7.0 ESR (bsc#1207119): - CVE-2022-46871: Updated an out of date library (libusrsctp) which contained several vulnerabilities. - CVE-2023-23598: Fixed an arbitrary file read from GTK drag and drop on Linux. - CVE-2023-23601: Fixed a potential spoofing attack when dragging a URL from a cross-origin iframe into the same tab. - CVE-2023-23602: Fixed a mishandled security check, which caused the Content Security Policy header to be ignored for WebSockets in WebWorkers. - CVE-2022-46877: Fixed a fullscreen notification bypass which could be leveraged in spoofing attacks. - CVE-2023-23603: Fixed a Content Security Policy bypass via format directives. - CVE-2023-23605: Fixed several memory safety bugs. Important SUSE bug 1207119 CVE-2022-46871 CVE-2022-46877 CVE-2023-23598 CVE-2023-23601 CVE-2023-23602 CVE-2023-23603 CVE-2023-23605 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for mozilla-nss fixes the following issues: - CVE-2022-3479: Fixed a potential crash that could be triggered when a server requested a client authentication certificate, but the client had no certificates stored (bsc#1204272). - Updated to version 3.79.3 (bsc#1207038): - CVE-2022-23491: Removed trust for 3 root certificates from TrustCor. Important SUSE bug 1204272 SUSE bug 1207038 CVE-2022-23491 CVE-2022-3479 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for freeradius-server fixes the following issues: - CVE-2022-41859: Fixed an issue in EAP-PWD that could leak information about the password, which could facilitate dictionary attacks (bsc#1206204). - CVE-2022-41860: Fixed a crash in servers with EAP_SIM manually configured, which could be triggered via a malformed SIM option (bsc#1206205). - CVE-2022-41861: Fixed a server crash that could be triggered by sending malformed data from a system in the RADIUS circle of trust (bsc#1206206). Important SUSE bug 1206204 SUSE bug 1206205 SUSE bug 1206206 CVE-2022-41859 CVE-2022-41860 CVE-2022-41861 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for samba fixes the following issues: - CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user's password (bsc#1206546). - CVE-2022-38023: Disabled weak ciphers by default in the Netlogon Secure channel (bsc#1206504). - CVE-2022-37966: Fixed an issue where a weak cipher would be selected to encrypt session keys, which could lead to privilege escalation (bsc#1205385). Important SUSE bug 1205385 SUSE bug 1206504 SUSE bug 1206546 CVE-2021-20251 CVE-2022-37966 CVE-2022-38023 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xen fixes the following issues: - CVE-2022-23824: Fixed multiple speculative execution issues (bnc#1205209). Important SUSE bug 1027519 SUSE bug 1205209 CVE-2022-23824 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update of dpdk fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). Moderate SUSE bug 1209188 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libXpm fixes the following issues: - CVE-2022-46285: Fixed an infinite loop that could be triggered when reading a XPM image with a C-style comment that is never closed (bsc#1207029). - CVE-2022-44617: Fixed an excessive resource consumption that could be triggered when reading small crafted XPM image (bsc#1207030). - CVE-2022-4883: Fixed an issue that made decompression commands susceptible to PATH environment variable manipulation attacks (bsc#1207031). Important SUSE bug 1207029 SUSE bug 1207030 SUSE bug 1207031 CVE-2022-44617 CVE-2022-46285 CVE-2022-4883 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for bluez fixes the following issues: - CVE-2022-39176: Fixed a memory safety issue that could allow physically proximate attackers to obtain sensitive information (bsc#1203121). - CVE-2022-39177: Fixed a memory safety issue that could allow physically proximate attackers to cause a denial of service (bsc#1203120). Important SUSE bug 1203120 SUSE bug 1203121 CVE-2022-39176 CVE-2022-39177 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for tomcat fixes the following issues: - CVE-2023-28708: Fixed information disclosure by not including the secure attribute (bsc#1209622). Important SUSE bug 1209622 CVE-2023-28708 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xorg-x11-server fixes the following issues: - CVE-2023-1393: Fixed use-after-free overlay window (ZDI-CAN-19866) (bsc#1209543). Important SUSE bug 1209543 CVE-2023-1393 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for webkit2gtk3 fixes the following issues: Update to version 2.38.5 (boo#1208328): - CVE-2023-23529: Fixed possible arbitrary code execution via maliciously crafted web content. - CVE-2023-23518: Processing maliciously crafted web content may lead to Previously fixed inside update to version 2.38.4 (boo#1207997): - CVE-2022-42826: Fixed a use-after-free issue that was caused by improper memory management. Important SUSE bug 1207997 SUSE bug 1208328 CVE-2022-42826 CVE-2023-23518 CVE-2023-23529 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for sudo fixes the following issues: - CVE-2023-28486: Fixed missing control characters escaping in log messages (bsc#1209362). - CVE-2023-28487: Fixed missing control characters escaping in sudoreplay output (bsc#1209361). Moderate SUSE bug 1209361 SUSE bug 1209362 CVE-2023-28486 CVE-2023-28487 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssl-1_0_0 fixes the following issues: Security fixes: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). Other fixes: - Fix DH key generation in FIPS mode, add support for constant BN for DH parameters (bsc#1202062) Moderate SUSE bug 1202062 SUSE bug 1209624 CVE-2023-0464 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for compat-openssl098 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). Moderate SUSE bug 1209624 CVE-2023-0464 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). Moderate SUSE bug 1209624 CVE-2023-0464 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for systemd fixes the following issues: - CVE-2023-26604: Fixed a privilege escalation via the less pager. (bsc#1208958) - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). Bug fixes: - Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423). - Fixed 'systemd --user' call pam_loginuid when creating user@.service (bsc#1198507). - Fixed 'systemd-detect-virt' refine hypervisor detection (bsc#1197244). - Fixed 'udev' 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529). - Fixed 'man' tweak description of auto/noauto (bsc#1191502). Important SUSE bug 1191502 SUSE bug 1195529 SUSE bug 1197244 SUSE bug 1198507 SUSE bug 1204423 SUSE bug 1204968 SUSE bug 1205000 SUSE bug 1206985 SUSE bug 1208958 CVE-2022-3821 CVE-2022-4415 CVE-2023-26604 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). Moderate SUSE bug 1209873 SUSE bug 1209878 CVE-2023-0465 CVE-2023-0466 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ghostscript fixes the following issues: - CVE-2023-28879: Fixed buffer Overflow in s_xBCPE_process (bsc#1210062). Important SUSE bug 1210062 CVE-2023-28879 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 102.10.0 ESR (bsc#1210212) - CVE-2023-29531: Out-of-bound memory access in WebGL on macOS - CVE-2023-29532: Mozilla Maintenance Service Write-lock bypass - CVE-2023-29533: Fullscreen notification obscured - MFSA-TMP-2023-0001: Double-free in libwebp - CVE-2023-29535: Potential Memory Corruption following Garbage Collector compaction - CVE-2023-29536: Invalid free from JavaScript code - CVE-2023-29539: Content-Disposition filename truncation leads to Reflected File Download - CVE-2023-29541: Files with malicious extensions could have been downloaded unsafely on Linux - CVE-2023-29542: Bypass of file download extension restrictions - CVE-2023-29545: Windows Save As dialog resolved environment variables - CVE-2023-1945: Memory Corruption in Safe Browsing Code - CVE-2023-29548: Incorrect optimization result on ARM64 - CVE-2023-29550: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10 Important SUSE bug 1210212 CVE-2023-1945 CVE-2023-29531 CVE-2023-29532 CVE-2023-29533 CVE-2023-29535 CVE-2023-29536 CVE-2023-29539 CVE-2023-29541 CVE-2023-29542 CVE-2023-29545 CVE-2023-29548 CVE-2023-29550 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for harfbuzz fixes the following issues: - CVE-2023-25193: Fixed vulnerability that allowed attackers to trigger O(n^2) growth via consecutive marks (bsc#1207922). Important SUSE bug 1207922 CVE-2023-25193 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 8 (bsc#1208480): * Security fixes: - CVE-2023-21830: Fixed improper restrictions in CORBA deserialization (bsc#1207249). - CVE-2023-21835: Fixed handshake DoS attack against DTLS connections (bsc#1207246). - CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248). * New Features/Enhancements: - Add RSA-PSS signature to IBMJCECCA. * Defect Fixes: - IJ45437 Service, Build, Packaging and Deliver: Getting FIPSRUNTIMEEXCEPTION when calling java code: MESSAGEDIGEST.GETINSTANCE('SHA256', 'IBMJCEFIPS'); in MAC - IJ45272 Class Libraries: Fix security vulnerability CVE-2023-21843 - IJ45280 Class Libraries: Update timezone information to the latest TZDATA2022F - IJ44896 Class Libraries: Update timezone information to the latest TZDATA2022G - IJ45436 Java Virtual Machine: Stack walking code gets into endless loop, hanging the application - IJ44079 Java Virtual Machine: When -DFILE.ENCODING is specified multiple times on the same command line the first option takes precedence instead of the last - IJ44532 JIT Compiler: Java JIT: Crash in DECREFERENCECOUNT() due to a NULL pointer - IJ44596 JIT Compiler: Java JIT: Invalid hard-coding of static final field object properties - IJ44107 JIT Compiler: JIT publishes new object reference to other threads without executing a memory flush - IX90193 ORB: Fix security vulnerability CVE-2023-21830 - IJ44267 Security: 8273553: SSLENGINEIMPL.CLOSEINBOUND also has similar error of JDK-8253368 - IJ45148 Security: code changes for tech preview - IJ44621 Security: Computing Diffie-Hellman secret repeatedly, using IBMJCEPLUS, causes a small memory leak - IJ44172 Security: Disable SHA-1 signed jars for EA - IJ44040 Security: Generating Diffie-Hellman key pairs repeatedly, using IBMJCEPLUS, Causes a small memory leak - IJ45200 Security: IBMJCEPLUS provider, during CHACHA20-POLY1305 crypto operations, incorrectly throws an ILLEGALSTATEEXCEPTION - IJ45182 Security: IBMJCEPLUS provider fails in RSAPSS and ECDSA during signature operations resulting in Java cores - IJ45201 Security: IBMJCEPLUS provider failures (two) with AESGCM algorithm - IJ45202 Security: KEYTOOL NPE if signing certificate does not contain a SUBJECTKEYIDENTIFIER extension - IJ44075 Security: PKCS11KEYSTORE.JAVA - DOESPUBLICKEYMATCHPRIVATEKEY() method uses SHA1XXXX signature algorithms to match private and public keys - IJ45203 Security: RSAPSS multiple names for KEYTYPE - IJ43920 Security: The PKCS12 keystore update and the PBES2 support - IJ40002 XML: Fix security vulnerability CVE-2022-21426 Moderate SUSE bug 1207246 SUSE bug 1207248 SUSE bug 1207249 SUSE bug 1208480 CVE-2022-21426 CVE-2023-21830 CVE-2023-21835 CVE-2023-21843 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for liblouis fixes the following issues: - CVE-2023-26767: Fixed buffer overflow vulnerability in lou_logFile function (bsc#1209429). - CVE-2023-26768: Fixed buffer overflow in lou_logFile() (bsc#1209431). - CVE-2023-26769: Fixed buffer Overflow vulnerability in resolveSubtable function (bsc#1209432). Important SUSE bug 1209429 SUSE bug 1209431 SUSE bug 1209432 SUSE bug 1209855 CVE-2023-26767 CVE-2023-26768 CVE-2023-26769 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for apache2 fixes the following issues: - CVE-2022-37436: Fixed an issue in mod_proxy where a malicious backend could cause the response headers to be truncated early, resulting in some headers being incorporated into the response body (bsc#1207251). - CVE-2022-36760: Fixed an issue in mod_proxy_ajp that could allow request smuggling attacks (bsc#1207250). - CVE-2006-20001: Fixed an issue in mod_proxy_ajp where a request header could cause memory corruption (bsc#1207247). Important SUSE bug 1207247 SUSE bug 1207250 SUSE bug 1207251 CVE-2006-20001 CVE-2022-36760 CVE-2022-37436 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for apache2-mod_auth_openidc fixes the following issues: - CVE-2022-23527: Fixed open redirect in oidc_validate_redirect_url() using tab character (bsc#1206441). - CVE-2023-28625: Fixed NULL pointer dereference when OIDCStripCookies was set and a crafted Cookie header was supplied (bsc#1210073). Important SUSE bug 1190855 SUSE bug 1206441 SUSE bug 1210073 CVE-2022-23527 CVE-2023-28625 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for shim fixes the following issues: - Updated shim signature after shim 15.7 be signed back: signature-sles.x86_64.asc, signature-sles.aarch64.asc (bsc#1198458) - Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to disable the NX compatibility flag when using post-process-pe because grub2 is not ready. (bsc#1205588) - Enable the NX compatibility flag by default. (jsc#PED-127) Update to 15.7 (bsc#1198458) (jsc#PED-127): - Make SBAT variable payload introspectable - Reference MokListRT instead of MokList - Add a link to the test plan in the readme. - [V3] Enable TDX measurement to RTMR register - Discard load-options that start with a NUL - Fixed load_cert_file bugs - Add -malign-double to IA32 compiler flags - pe: Fix image section entry-point validation - make-archive: Build reproducible tarball - mok: remove MokListTrusted from PCR 7 Other fixes: - Support enhance shim measurement to TD RTMR. (jsc#PED-1273) - shim-install: ensure grub.cfg created is not overwritten after installing grub related files - Add logic to shim.spec to only set sbat policy when efivarfs is writeable. (bsc#1201066) - Add logic to shim.spec for detecting --set-sbat-policy option before using mokutil to set sbat policy. (bsc#1202120) - Change the URL in SBAT section to mail:security@suse.de. (bsc#1193282) Update to 15.6 (bsc#1198458): - MokManager: removed Locate graphic output protocol fail error message - shim: implement SBAT verification for the shim_lock protocol - post-process-pe: Fix a missing return code check - Update github actions matrix to be more useful - post-process-pe: Fix format string warnings on 32-bit platforms - Allow MokListTrusted to be enabled by default - Re-add ARM AArch64 support - Use ASCII as fallback if Unicode Box Drawing characters fail - make: don't treat cert.S specially - shim: use SHIM_DEVEL_VERBOSE when built in devel mode - Break out of the inner sbat loop if we find the entry. - Support loading additional certificates - Add support for NX (W^X) mitigations. - Fix preserve_sbat_uefi_variable() logic - SBAT Policy latest should be a one-shot - pe: Fix a buffer overflow when SizeOfRawData > VirtualSize - pe: Perform image verification earlier when loading grub - Update advertised sbat generation number for shim - Update SBAT generation requirements for 05/24/22 - Also avoid CVE-2022-28737 in verify_image() by @vathpela Update to 15.5 (bsc#1198458): - Broken ia32 relocs and an unimportant submodule change. - mok: allocate MOK config table as BootServicesData - Don't call QueryVariableInfo() on EFI 1.10 machines (bsc#1187260) - Relax the check for import_mok_state() (bsc#1185261) - SBAT.md: trivial changes - shim: another attempt to fix load options handling - Add tests for our load options parsing. - arm/aa64: fix the size of .rela* sections - mok: fix potential buffer overrun in import_mok_state - mok: relax the maximum variable size check - Don't unhook ExitBootServices when EBS protection is disabled - fallback: find_boot_option() needs to return the index for the boot entry in optnum - httpboot: Ignore case when checking HTTP headers - Fallback allocation errors - shim: avoid BOOTx64.EFI in message on other architectures - str: remove duplicate parameter check - fallback: add compile option FALLBACK_NONINTERACTIVE - Test mok mirror - Modify sbat.md to help with readability. - csv: detect end of csv file correctly - Specify that the .sbat section is ASCII not UTF-8 - tests: add 'include-fixed' GCC directory to include directories - pe: simplify generate_hash() - Don't make shim abort when TPM log event fails (RHBZ #2002265) - Fallback to default loader if parsed one does not exist - fallback: Fix for BootOrder crash when index returned - Better console checks - docs: update SBAT UEFI variable name - Don't parse load options if invoked from removable media path - fallback: fix fallback not passing arguments of the first boot option - shim: Don't stop forever at 'Secure Boot not enabled' notification - Allocate mokvar table in runtime memory. - Remove post-process-pe on 'make clean' - pe: missing perror argument - CVE-2022-28737: Fixed a buffer overflow when SizeOfRawData > VirtualSize (bsc#1198458) - Add mokutil command to post script for setting sbat policy to latest mode when the SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23 is not created. (bsc#1198458) - Updated vendor dbx binary and script (bsc#1198458) - Updated dbx-cert.tar.xz and vendor-dbx-sles.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list. - Updated dbx-cert.tar.xz and vendor-dbx-opensuse.bin for adding openSUSE-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list. - Updated vendor-dbx.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt and openSUSE-UEFI-SIGN-Certificate-2021-05.crt for testing environment. - Updated generate-vendor-dbx.sh script for generating a vendor-dbx.bin file which includes all .der for testing environment. - avoid buffer overflow when copying data to the MOK config table (bsc#1185232) - Disable exporting vendor-dbx to MokListXRT since writing a large RT variable could crash some machines (bsc#1185261) - ignore the odd LoadOptions length (bsc#1185232) - shim-install: reset def_shim_efi to 'shim.efi' if the given file doesn't exist - relax the maximum variable size check for u-boot (bsc#1185621) - handle ignore_db and user_insecure_mode correctly (bsc#1185441, bsc#1187071) - Split the keys in vendor-dbx.bin to vendor-dbx-sles and vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce the size of MokListXRT (bsc#1185261) + Also update generate-vendor-dbx.sh in dbx-cert.tar.xz Important SUSE bug 1185232 SUSE bug 1185261 SUSE bug 1185441 SUSE bug 1185621 SUSE bug 1187071 SUSE bug 1187260 SUSE bug 1193282 SUSE bug 1193315 SUSE bug 1198458 SUSE bug 1201066 SUSE bug 1202120 SUSE bug 1205588 CVE-2022-28737 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for compat-openssl098 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). Moderate SUSE bug 1209878 CVE-2023-0465 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssl-1_0_0 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). Moderate SUSE bug 1209873 SUSE bug 1209878 CVE-2023-0465 CVE-2023-0466 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ovmf fixes the following issues: - CVE-2019-14560: Fixed potential secure boot bypass via an improper check of GetEfiGlobalVariable2 (bsc#1174246). - CVE-2021-38578: Fixed underflow in MdeModulePkg/PiSmmCore SmmEntryPointAdd (bsc#1196741). Important SUSE bug 1174246 SUSE bug 1196741 CVE-2019-14560 CVE-2021-38578 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for tiff fixes the following issues: - CVE-2022-48281: Fixed a buffer overflow that could be triggered via a crafted image (bsc#1207413). Important SUSE bug 1207413 CVE-2022-48281 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for sssd fixes the following issues: - CVE-2022-4254: Fixed a bug in libsss_certmap which could allow an attacker to gain control of the admin account and perform a full domain takeover. (bsc#1207474) Important SUSE bug 1207474 CVE-2022-4254 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for dmidecode fixes the following issues: - CVE-2023-30630: Fixed potential privilege escalation vulnerability via file overwrite (bsc#1210418). Moderate SUSE bug 1210418 CVE-2023-30630 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for webkit2gtk3 fixes the following issues: Update to version 2.38.6 (bsc#1210731): - CVE-2022-0108: Fixed information leak. - CVE-2022-32885: Fixed arbitrary code execution. - CVE-2023-25358: Fixed use-after-free vulnerability in WebCore::RenderLayer. - CVE-2023-27932: Fixed Same Origin Policy bypass. - CVE-2023-27954: Fixed sensitive user information tracking. - CVE-2023-28205: Fixed arbitrary code execution (bsc#1210295). Already fixed in version 2.38.5: - CVE-2022-32886, CVE-2022-32912, CVE-2023-25360, CVE-2023-25361, CVE-2023-25362, CVE-2023-25363. Important SUSE bug 1210295 SUSE bug 1210731 CVE-2022-0108 CVE-2022-32885 CVE-2022-32886 CVE-2022-32912 CVE-2023-25358 CVE-2023-25360 CVE-2023-25361 CVE-2023-25362 CVE-2023-25363 CVE-2023-27932 CVE-2023-27954 CVE-2023-28205 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for git fixes the following issues: - CVE-2023-25652: Fixed partial overwrite of paths outside the working tree (bsc#1210686). - CVE-2023-25815: Fixed malicious placemtn of crafted message (bsc#1210686). - CVE-2023-29007: Fixed arbitrary configuration injection (bsc#1210686). Moderate SUSE bug 1210686 CVE-2023-25652 CVE-2023-25815 CVE-2023-29007 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). Moderate SUSE bug 1210507 CVE-2023-29383 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for vim fixes the following issues: - Updated to version 9.0.1234: - CVE-2023-0433: Fixed an out of bounds memory access that could cause a crash (bsc#1207396). - CVE-2023-0288: Fixed an out of bounds memory access that could cause a crash (bsc#1207162). - CVE-2023-0054: Fixed an out of bounds memory write that could cause a crash or memory corruption (bsc#1206868). - CVE-2023-0051: Fixed an out of bounds memory access that could cause a crash (bsc#1206867). - CVE-2023-0049: Fixed an out of bounds memory access that could cause a crash (bsc#1206866). - CVE-2022-3491: Fixed an out of bounds memory access that could cause a crash (bsc#1206028). - CVE-2022-3520: Fixed an out of bounds memory access that could cause a crash (bsc#1206071). - CVE-2022-3591: Fixed a use-after-free issue that could cause memory corruption or undefined behavior (bsc#1206072). - CVE-2022-4292: Fixed a use-after-free issue that could cause memory corruption or undefined behavior (bsc#1206075). - CVE-2022-4293: Fixed a floating point exception that could cause a crash (bsc#1206077). - CVE-2022-4141: Fixed an out of bounds memory write that could cause a crash or memory corruption (bsc#1205797). - CVE-2022-3705: Fixed an use-after-free issue that could cause a crash or memory corruption (bsc#1204779). Important SUSE bug 1204779 SUSE bug 1205797 SUSE bug 1206028 SUSE bug 1206071 SUSE bug 1206072 SUSE bug 1206075 SUSE bug 1206077 SUSE bug 1206866 SUSE bug 1206867 SUSE bug 1206868 SUSE bug 1207162 SUSE bug 1207396 CVE-2022-3491 CVE-2022-3520 CVE-2022-3591 CVE-2022-3705 CVE-2022-4141 CVE-2022-4292 CVE-2022-4293 CVE-2023-0049 CVE-2023-0051 CVE-2023-0054 CVE-2023-0288 CVE-2023-0433 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for shim fixes the following issues: - Update only adds the CVE reference to the previously released update (bsc#1198458, CVE-2022-28737) Important SUSE bug 1198458 CVE-2022-28737 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update of prometheus-ha_cluster_exporter fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). Important SUSE bug 1200441 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: Extended Support Release 102.11.0 ESR (bsc#1211175): - CVE-2023-32205: Browser prompts could have been obscured by popups - CVE-2023-32206: Crash in RLBox Expat driver - CVE-2023-32207: Potential permissions request bypass via clickjacking - CVE-2023-32211: Content process crash due to invalid wasm code - CVE-2023-32212: Potential spoof due to obscured address bar - CVE-2023-32213: Potential memory corruption in FileReader::DoReadData() - CVE-2023-32214: Potential DoS via exposed protocol handlers - CVE-2023-32215: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11 Important SUSE bug 1211175 CVE-2023-32205 CVE-2023-32206 CVE-2023-32207 CVE-2023-32211 CVE-2023-32212 CVE-2023-32213 CVE-2023-32214 CVE-2023-32215 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update fixes the following issues: golang-github-prometheus-alertmanager: - Security issues fixed: * CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208051) prometheus-blackbox_exporter: - Security issues fixed: * CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208062) - Other non-security bugs fixed and changes: * Add `min_version` parameter of `tls_config` to allow enabling TLS 1.0 and 1.1 (bsc#1209113) * On SUSE Linux Enterprise build always with Go >= 1.19 (bsc#1203599) prometheus-postgres_exporter: - Security issues fixed: * CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208060) - Other non-security issues fixed: * Adapt the systemd service security configuration to be able to start it on for Red Hat Linux Enterprise systems and clones * Create the prometheus user for Red Hat Linux Enterprise systems and clones * Fix broken log-level for values other than debug (bsc#1208965) golang-github-prometheus-node_exporter: - Security issues fixed in this version update to version 1.5.0 (jsc#PED-3578): * CVE-2022-27191: Update go/x/crypto (bsc#1197284) * CVE-2022-27664: Update go/x/net (bsc#1203185) * CVE-2022-46146: Update exporter-toolkit (bsc#1208064) - Other non-security bug fixes and changes in this version update to 1.5.0 (jsc#PED-3578): * NOTE: This changes the Go runtime 'GOMAXPROCS' to 1. This is done to limit the concurrency of the exporter to 1 CPU thread at a time in order to avoid a race condition problem in the Linux kernel and parallel IO issues on nodes with high numbers of CPUs/CPU threads. * [BUGFIX] Fix hwmon label sanitizer * [BUGFIX] Use native endianness when encoding InetDiagMsg * [BUGFIX] Fix btrfs device stats always being zero * [BUGFIX] Fix diskstats exclude flags * [BUGFIX] [node-mixin] Fix fsSpaceAvailableCriticalThreshold and fsSpaceAvailableWarning * [BUGFIX] Fix concurrency issue in ethtool collector * [BUGFIX] Fix concurrency issue in netdev collector * [BUGFIX] Fix diskstat reads and write metrics for disks with different sector sizes * [BUGFIX] Fix iostat on macos broken by deprecation warning * [BUGFIX] Fix NodeFileDescriptorLimit alerts * [BUGFIX] Sanitize rapl zone names * [BUGFIX] Add file descriptor close safely in test * [BUGFIX] Fix race condition in os_release.go * [BUGFIX] Skip ZFS IO metrics if their paths are missing * [BUGFIX] Handle nil CPU thermal power status on M1 * [BUGFIX] bsd: Ignore filesystems flagged as MNT_IGNORE * [BUGFIX] Sanitize UTF-8 in dmi collector * [CHANGE] Merge metrics descriptions in textfile collector * [FEATURE] Add multiple listeners and systemd socket listener activation * [FEATURE] [node-mixin] Add darwin dashboard to mixin * [FEATURE] Add 'isolated' metric on cpu collector on linux * [FEATURE] Add cgroup summary collector * [FEATURE] Add selinux collector * [FEATURE] Add slab info collector * [FEATURE] Add sysctl collector * [FEATURE] Also track the CPU Spin time for OpenBSD systems * [FEATURE] Add support for MacOS version * [ENHANCEMENT] Add RTNL version of netclass collector * [ENHANCEMENT] [node-mixin] Add missing selectors * [ENHANCEMENT] [node-mixin] Change current datasource to grafana's default * [ENHANCEMENT] [node-mixin] Change disk graph to disk table * [ENHANCEMENT] [node-mixin] Change io time units to %util * [ENHANCEMENT] Ad user_wired_bytes and laundry_bytes on *bsd * [ENHANCEMENT] Add additional vm_stat memory metrics for darwin * [ENHANCEMENT] Add device filter flags to arp collector * [ENHANCEMENT] Add diskstats include and exclude device flags * [ENHANCEMENT] Add node_softirqs_total metric * [ENHANCEMENT] Add rapl zone name label option * [ENHANCEMENT] Add slabinfo collector * [ENHANCEMENT] Allow user to select port on NTP server to query * [ENHANCEMENT] collector/diskstats: Add labels and metrics from udev * [ENHANCEMENT] Enable builds against older macOS SDK * [ENHANCEMENT] qdisk-linux: Add exclude and include flags for interface name * [ENHANCEMENT] systemd: Expose systemd minor version * [ENHANCEMENT] Use netlink for tcpstat collector * [ENHANCEMENT] Use netlink to get netdev stats * [ENHANCEMENT] Add additional perf counters for stalled frontend/backend cycles * [ENHANCEMENT] Add btrfs device error stats golang-github-prometheus-prometheus: - Security issues fixed in this version update to 2.37.6 (jsc#PED-3576): * CVE-2022-46146: Fix basic authentication bypass vulnerability (bsc#1208049, jsc#PED-3576) * CVE-2022-41715: Update our regexp library to fix upstream (bsc#1204023) - Other non-security bug fixes and changes in this version update to 2.37.6 (jsc#PED-3576): * [BUGFIX] TSDB: Turn off isolation for Head compaction to fix a memory leak. * [BUGFIX] TSDB: Fix 'invalid magic number 0' error on Prometheus startup. * [BUGFIX] Agent: Fix validation of flag options and prevent WAL from growing more than desired. * [BUGFIX] Properly close file descriptor when logging unfinished queries. * [BUGFIX] TSDB: In the WAL watcher metrics, expose the type='exemplar' label instead of type='unknown' for exemplar records. * [BUGFIX] Alerting: Fix Alertmanager targets not being updated when alerts were queued. * [BUGFIX] Hetzner SD: Make authentication files relative to Prometheus config file. * [BUGFIX] Promtool: Fix promtool check config not erroring properly on failures. * [BUGFIX] Scrape: Keep relabeled scrape interval and timeout on reloads. * [BUGFIX] TSDB: Don't increment prometheus_tsdb_compactions_failed_total when context is canceled. * [BUGFIX] TSDB: Fix panic if series is not found when deleting series. * [BUGFIX] TSDB: Increase prometheus_tsdb_mmap_chunk_corruptions_total on out of sequence errors. * [BUGFIX] Uyuni SD: Make authentication files relative to Prometheus configuration file and fix default configuration values. * [BUGFIX] Fix serving of static assets like fonts and favicon. * [BUGFIX] promtool: Add --lint-fatal option. * [BUGFIX] Changing TotalQueryableSamples from int to int64. * [BUGFIX] tsdb/agent: Ignore duplicate exemplars. * [BUGFIX] TSDB: Fix chunk overflow appending samples at a variable rate. * [BUGFIX] Stop rule manager before TSDB is stopped. * [BUGFIX] Kubernetes SD: Explicitly include gcp auth from k8s.io. * [BUGFIX] Fix OpenMetrics parser to sort uppercase labels correctly. * [BUGFIX] UI: Fix scrape interval and duration tooltip not showing on target page. * [BUGFIX] Tracing/GRPC: Set TLS credentials only when insecure is false. * [BUGFIX] Agent: Fix ID collision when loading a WAL with multiple segments. * [BUGFIX] Remote-write: Fix a deadlock between Batch and flushing the queue. * [BUGFIX] PromQL: Properly return an error from histogram_quantile when metrics have the same labelset. * [BUGFIX] UI: Fix bug that sets the range input to the resolution. * [BUGFIX] TSDB: Fix a query panic when memory-snapshot-on-shutdown is enabled. * [BUGFIX] Parser: Specify type in metadata parser errors. * [BUGFIX] Scrape: Fix label limit changes not applying. * [BUGFIX] Remote-write: Fix deadlock between adding to queue and getting batch. * [BUGFIX] TSDB: Fix panic when m-mapping head chunks onto the disk. * [BUGFIX] Azure SD: Fix a regression when public IP Address isn't set. * [BUGFIX] Azure SD: Fix panic when public IP Address isn't set. * [BUGFIX] Remote-write: Fix deadlock when stopping a shard. * [BUGFIX] SD: Fix no such file or directory in K8s SD when not running inside K8s. * [BUGFIX] Promtool: Make exit codes more consistent. * [BUGFIX] Promtool: Fix flakiness of rule testing. * [BUGFIX] Remote-write: Update prometheus_remote_storage_queue_highest_sent_timestamp_seconds metric when write irrecoverably fails. * [BUGFIX] Storage: Avoid panic in BufferedSeriesIterator. * [BUGFIX] TSDB: CompactBlockMetas should produce correct mint/maxt for overlapping blocks. * [BUGFIX] TSDB: Fix logging of exemplar storage size. * [BUGFIX] UI: Fix overlapping click targets for the alert state checkboxes. * [BUGFIX] UI: Fix Unhealthy filter on target page to actually display only Unhealthy targets. * [BUGFIX] UI: Fix autocompletion when expression is empty. * [BUGFIX] TSDB: Fix deadlock from simultaneous GC and write. * [CHANGE] TSDB: Delete *.tmp WAL files when Prometheus starts. * [CHANGE] promtool: Add new flag --lint (enabled by default) for the commands check rules and check config, resulting in a new exit code (3) for linter errors. * [CHANGE] UI: Classic UI removed. * [CHANGE] Tracing: Migrate from Jaeger to OpenTelemetry based tracing. * [CHANGE] PromQL: Promote negative offset and @ modifer to stable features. * [CHANGE] Web: Promote remote-write-receiver to stable. * [FEATURE] Nomad SD: New service discovery for Nomad built-in service discovery. * [FEATURE] Add lowercase and uppercase relabel action. * [FEATURE] SD: Add IONOS Cloud integration. * [FEATURE] SD: Add Vultr integration. * [FEATURE] SD: Add Linode SD failure count metric. * [FEATURE] Add prometheus_ready metric. * [FEATURE] Support for automatically setting the variable GOMAXPROCS to the container CPU limit. Enable with the flag `--enable-feature=auto-gomaxprocs`. * [FEATURE] PromQL: Extend statistics with total and peak number of samples in a query. Additionally, per-step statistics are available with --enable-feature=promql-per-step-stats and using stats=all in the query API. Enable with the flag `--enable-feature=per-step-stats`. * [FEATURE] Config: Add stripPort template function. * [FEATURE] Promtool: Add cardinality analysis to check metrics, enabled by flag --extended. * [FEATURE] SD: Enable target discovery in own K8s namespace. * [FEATURE] SD: Add provider ID label in K8s SD. * [FEATURE] Web: Add limit field to the rules API. * [ENHANCEMENT] Kubernetes SD: Allow attaching node labels for endpoint role. * [ENHANCEMENT] PromQL: Optimise creation of signature with/without labels. * [ENHANCEMENT] TSDB: Memory optimizations. * [ENHANCEMENT] TSDB: Reduce sleep time when reading WAL. * [ENHANCEMENT] OAuth2: Add appropriate timeouts and User-Agent header. * [ENHANCEMENT] Add stripDomain to template function. * [ENHANCEMENT] UI: Enable active search through dropped targets. * [ENHANCEMENT] promtool: support matchers when querying label * [ENHANCEMENT] Add agent mode identifier. * [ENHANCEMENT] TSDB: more efficient sorting of postings read from WAL at startup. * [ENHANCEMENT] Azure SD: Add metric to track Azure SD failures. * [ENHANCEMENT] Azure SD: Add an optional resource_group configuration. * [ENHANCEMENT] Kubernetes SD: Support discovery.k8s.io/v1 EndpointSlice (previously only discovery.k8s.io/v1beta1 EndpointSlice was supported). * [ENHANCEMENT] Kubernetes SD: Allow attaching node metadata to discovered pods. * [ENHANCEMENT] OAuth2: Support for using a proxy URL to fetch OAuth2 tokens. * [ENHANCEMENT] Configuration: Add the ability to disable HTTP2. * [ENHANCEMENT] Config: Support overriding minimum TLS version. * [ENHANCEMENT] TSDB: Disable the chunk write queue by default and allow configuration with the experimental flag `--storage.tsdb.head-chunks-write-queue-size`. * [ENHANCEMENT] HTTP SD: Add a failure counter. * [ENHANCEMENT] Azure SD: Set Prometheus User-Agent on requests. * [ENHANCEMENT] Uyuni SD: Reduce the number of logins to Uyuni. * [ENHANCEMENT] Scrape: Log when an invalid media type is encountered during a scrape. * [ENHANCEMENT] Scrape: Accept application/openmetrics-text;version=1.0.0 in addition to version=0.0.1. * [ENHANCEMENT] Remote-read: Add an option to not use external labels as selectors for remote read. * [ENHANCEMENT] UI: Optimize the alerts page and add a search bar. * [ENHANCEMENT] UI: Improve graph colors that were hard to see. * [ENHANCEMENT] Config: Allow escaping of $ with $$ when using environment variables with external labels. * [ENHANCEMENT] Remote-write: Avoid allocations by buffering concrete structs instead of interfaces. * [ENHANCEMENT] Remote-write: Log time series details for out-of-order samples in remote write receiver. * [ENHANCEMENT] Remote-write: Shard up more when backlogged. * [ENHANCEMENT] TSDB: Use simpler map key to improve exemplar ingest performance. * [ENHANCEMENT] TSDB: Avoid allocations when popping from the intersected postings heap. * [ENHANCEMENT] TSDB: Make chunk writing non-blocking, avoiding latency spikes in remote-write. * [ENHANCEMENT] TSDB: Improve label matching performance. * [ENHANCEMENT] UI: Optimize the service discovery page and add a search bar. * [ENHANCEMENT] UI: Optimize the target page and add a search bar. golang-github-prometheus-promu: - Non-security bug fixes and changes in this version update to 0.14.0 (jsc#PED-3576): * [BUGFIX] Set build date from last changelog modification (bsc#1047218) * [BUGFIX] Validate environment variable value * [BUGFIX]Set build date from SOURCE_DATE_EPOCH * [BUGFIX]Make extldflags extensible by configuration. * [BUGFIX] Avoid bind-mounting to allow building with a remote docker engine * [BUGFIX] Fix build on SmartOS by not setting gcc's -static flag * [BUGFIX] Fix git repository url parsing * [CHANGE] Remove ioutil * [CHANGE] Update common Prometheus files * [FEATURE] Add the ability to override tags per GOOS * [FEATURE] Adding changes to support s390x * [FEATURE] Added check_licenses Command to Promu * [ENHANCEMENT] Allow to customize nested options via env variables * [ENHANCEMENT] Add warning if promu info is unable to determine repo info Important SUSE bug 1047218 SUSE bug 1197284 SUSE bug 1203185 SUSE bug 1203599 SUSE bug 1204023 SUSE bug 1208049 SUSE bug 1208051 SUSE bug 1208060 SUSE bug 1208062 SUSE bug 1208064 SUSE bug 1208965 SUSE bug 1209113 CVE-2022-27191 CVE-2022-27664 CVE-2022-41715 CVE-2022-46146 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for postgresql15 fixes the following issues: Updated to version 15.3: - CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script (bsc#1211228). - CVE-2023-2455: Fixed an issue that could allow a user to see or modify rows that should have been invisible (bsc#1211229). - Internal fixes (bsc#1210303). Important SUSE bug 1210303 SUSE bug 1211228 SUSE bug 1211229 CVE-2023-2454 CVE-2023-2455 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231). - CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232). - CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233). - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). Important SUSE bug 1206309 SUSE bug 1207992 SUSE bug 1209209 SUSE bug 1209210 SUSE bug 1209211 SUSE bug 1209212 SUSE bug 1209214 SUSE bug 1211231 SUSE bug 1211232 SUSE bug 1211233 SUSE bug 1211339 CVE-2022-43552 CVE-2023-23916 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2483: Fixed a use after free bug in emac_remove due caused by a race condition (bsc#1211037). - CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). - CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). - CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). - CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). - CVE-2020-36691: Fixed a denial of service (unbounded recursion) vulnerability via a nested Netlink policy with a back reference (bsc#1209613 bsc#1209777). - CVE-2023-0394: Fixed a null pointer dereference flaw in the network subcomponent in the Linux kernel which could lead to system crash (bsc#1207168). - CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA (bsc#1209778). - CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bsc#1194535). - CVE-2022-20567: Fixed use after free that could lead to a local privilege escalation in pppol2tp_create of l2tp_ppp.c (bsc#1208850). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). - CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599). - CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777). - CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). - CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289). - CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). - CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). - CVE-2023-1855: Fixed an use-after-free flaw in xgene_hwmon_remove (bsc#1210202). - CVE-2023-1989: Fixed an use-after-free flaw in btsdio_remove (bsc#1210336). - CVE-2023-1990: Fixed an use-after-free flaw in ndlc_remove (bsc#1210337). - CVE-2023-1998: Fixed an use-after-free flaw during login when accessing the shost ipaddress (bsc#1210506). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). - CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036). - CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125). - CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291). - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1209052). - CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549). - CVE-2023-30772: Fixed race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). The following non-security bugs were fixed: - Do not sign the vanilla kernel (bsc#1209008). - Fix kABI breakage (bsc#1208333) - PCI: hv: Add a per-bus mutex state_lock (bsc#1207185). - PCI: hv: Fix a race condition bug in hv_pci_query_relations() (bsc#1207185). - PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185). - PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185). - Remove obsolete KMP obsoletes (bsc#1210469). - Replace mkinitrd dependency with dracut (bsc#1202353). - cifs: fix double free in dfs mounts (bsc#1209845). - cifs: fix negotiate context parsing (bsc#1210301). - cifs: handle reconnect of tcon when there is no cached dfs referral (bsc#1209845). - cifs: missing null pointer check in cifs_mount (bsc#1209845). - cifs: serialize all mount attempts (bsc#1209845). - cred: allow get_cred() and put_cred() to be given NULL (bsc#1209887). - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168). - k-m-s: Drop Linux 2.6 support - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). Important SUSE bug 1076830 SUSE bug 1194535 SUSE bug 1202353 SUSE bug 1205128 SUSE bug 1207036 SUSE bug 1207125 SUSE bug 1207168 SUSE bug 1207185 SUSE bug 1207795 SUSE bug 1207845 SUSE bug 1208179 SUSE bug 1208333 SUSE bug 1208599 SUSE bug 1208777 SUSE bug 1208837 SUSE bug 1208850 SUSE bug 1209008 SUSE bug 1209052 SUSE bug 1209256 SUSE bug 1209289 SUSE bug 1209291 SUSE bug 1209532 SUSE bug 1209547 SUSE bug 1209549 SUSE bug 1209613 SUSE bug 1209687 SUSE bug 1209777 SUSE bug 1209778 SUSE bug 1209845 SUSE bug 1209871 SUSE bug 1209887 SUSE bug 1210124 SUSE bug 1210202 SUSE bug 1210301 SUSE bug 1210329 SUSE bug 1210336 SUSE bug 1210337 SUSE bug 1210469 SUSE bug 1210498 SUSE bug 1210506 SUSE bug 1210647 SUSE bug 1211037 CVE-2017-5753 CVE-2020-36691 CVE-2021-3923 CVE-2021-4203 CVE-2022-20567 CVE-2022-43945 CVE-2023-0394 CVE-2023-0590 CVE-2023-0597 CVE-2023-1076 CVE-2023-1095 CVE-2023-1118 CVE-2023-1390 CVE-2023-1513 CVE-2023-1611 CVE-2023-1670 CVE-2023-1855 CVE-2023-1989 CVE-2023-1990 CVE-2023-1998 CVE-2023-2124 CVE-2023-2162 CVE-2023-23454 CVE-2023-23455 CVE-2023-2483 CVE-2023-28328 CVE-2023-28464 CVE-2023-28772 CVE-2023-30772 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_8_0-openjdk fixes the following issues: - Updated to version jdk8u372 (icedtea-3.27.0): - CVE-2023-21930: Fixed an issue in the JSSE component that could allow an attacker to access critical data without authorization (bsc#1210628). - CVE-2023-21937: Fixed an issue in the Networking component that could allow an attacker to update, insert or delete some data without authorization (bsc#1210631). - CVE-2023-21938: Fixed an issue in the Libraries component that could allow an attacker to update, insert or delete some data without authorization (bsc#1210632). - CVE-2023-21939: Fixed an issue in the Swing component that could allow an attacker to update, insert or delete some data without authorization (bsc#1210634). - CVE-2023-21954: Fixed an issue in the Hotspot component that could allow an attacker to access critical data without authorization (bsc#1210635). - CVE-2023-21967: Fixed an issue in the JSSE component that could allow an attacker to cause a hang or frequently repeatable crash without authorization (bsc#1210636). - CVE-2023-21968: Fixed an issue in the Libraries component that could allow an attacker to update, insert or delete some data without authorization (bsc#1210637). Important SUSE bug 1210628 SUSE bug 1210631 SUSE bug 1210632 SUSE bug 1210634 SUSE bug 1210635 SUSE bug 1210636 SUSE bug 1210637 CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ctags fixes the following issues: - CVE-2022-4515: Fixed a command injection issue via a tag file wih a crafted filename (bsc#1206543). Important SUSE bug 1206543 CVE-2022-4515 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ucode-intel fixes the following issues: - Updated to Intel CPU Microcode 20230512 release. (bsc#1211382) - New Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL-N | A0 | 06-be-00/01 | | 00000010 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E | AZB | A0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100 | AZB | R0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100 - Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | L0 | 06-9a-03/80 | 00000429 | 0000042a | Core Gen12 | ADL | L0 | 06-9a-04/80 | 00000429 | 0000042a | Core Gen12 | AML-Y22 | H0 | 06-8e-09/10 | | 000000f2 | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile | CFL-H | R0 | 06-9e-0d/22 | 000000f4 | 000000f8 | Core Gen9 Mobile | CFL-H/S | P0 | 06-9e-0c/22 | 000000f0 | 000000f2 | Core Gen9 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f0 | 000000f2 | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000f0 | 000000f2 | Core Gen8 | CFL-U43e | D0 | 06-8e-0a/c0 | 000000f0 | 000000f2 | Core Gen8 Mobile | CLX-SP | B0 | 06-55-06/bf | 04003303 | 04003501 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003303 | 05003501 | Xeon Scalable Gen2 | CML-H | R1 | 06-a5-02/20 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-S102 | Q0 | 06-a5-05/22 | 000000f4 | 000000f6 | Core Gen10 | CML-S62 | G1 | 06-a5-03/22 | 000000f4 | 000000f6 | Core Gen10 | CML-U62 V1 | A0 | 06-a6-00/80 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-U62 V2 | K1 | 06-a6-01/80 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile | CPX-SP | A1 | 06-55-0b/bf | 07002503 | 07002601 | Xeon Scalable Gen3 | ICL-D | B0 | 06-6c-01/10 | 01000211 | 01000230 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000b8 | 000000ba | Core Gen10 Mobile | ICX-SP | D0 | 06-6a-06/87 | 0d000389 | 0d000390 | Xeon Scalable Gen3 | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000f0 | 000000f2 | Core Gen7; Xeon E3 v6 | KBL-U/Y | H0 | 06-8e-09/c0 | | 000000f2 | Core Gen7 Mobile | LKF | B2/B3 | 06-8a-01/10 | 00000032 | 00000033 | Core w/Hybrid Technology | RKL-S | B0 | 06-a7-01/02 | 00000057 | 00000058 | Core Gen11 | RPL-H 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13 | RPL-P 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13 | RPL-S | S0 | 06-b7-01/32 | 00000112 | 00000113 | Core Gen13 | RPL-U 2+8 | Q0 | 06-ba-03/07 | 0000410e | 00004112 | Core Gen13 | SKX-D | H0 | 06-55-04/b7 | | 02006f05 | Xeon D-21xx | SKX-SP | B1 | 06-55-03/97 | 01000161 | 01000171 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | | 02006f05 | Xeon Scalable | SPR-HBM | B3 | 06-8f-08/10 | 2c000170 | 2c0001d1 | Xeon Max | SPR-SP | E0 | 06-8f-04/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E2 | 06-8f-05/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E3 | 06-8f-06/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E4 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E5 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | S2 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | S3 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | TGL | B1 | 06-8c-01/80 | 000000a6 | 000000aa | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 00000042 | 00000044 | Core Gen11 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000028 | 0000002a | Core Gen11 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | | 000000f2 | Core Gen8 Mobile Important SUSE bug 1208479 SUSE bug 1211382 CVE-2022-33972 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for tomcat fixes the following issues: - CVE-2023-28709: Mended an incomplete fix for CVE-2023-24998 (bsc#1211608). Important SUSE bug 1211608 CVE-2023-28709 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). Important SUSE bug 1211430 CVE-2023-2650 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for compat-openssl098 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). Important SUSE bug 1211430 CVE-2023-2650 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssl-1_0_0 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). Important SUSE bug 1211430 CVE-2023-2650 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for cups fixes the following issues: - CVE-2023-32324: Fixed a buffer overflow in format_log_line() which could cause a denial-of-service (bsc#1211643). Important SUSE bug 1211643 CVE-2023-32324 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openvswitch fixes the following issues: - CVE-2022-4338: Fixed Integer Underflow in Organization Specific TLV (bsc#1206580). - CVE-2022-4337: Fixed Out-of-Bounds Read in Organization Specific TLV (bsc#1206581). - CVE-2022-32166: Fixed a out of bounds read in minimask_equal() (bsc#1203865). - CVE-2021-36980: Fixed a use-after-free issue during the decoding of a RAW_ENCAP action (bsc#1188524). Important SUSE bug 1188524 SUSE bug 1203865 SUSE bug 1206580 SUSE bug 1206581 CVE-2021-36980 CVE-2022-32166 CVE-2022-4337 CVE-2022-4338 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: Extended Support Release 102.12.0 ESR (bsc#1211922): - CVE-2023-34414: Click-jacking certificate exceptions through rendering lag - CVE-2023-34416: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12 Important SUSE bug 1211922 CVE-2023-34414 CVE-2023-34416 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_8_0-ibm fixes the following issues: - CVE-2023-21930: Fixed possible compromise from unauthenticated attacker with network access via TLS (bsc#1210628). - CVE-2023-21937: Fixed vulnerability inside the networking component (bsc#1210631). - CVE-2023-21938: Fixed vulnerability inside the library component (bsc#1210632). - CVE-2023-21939: Fixed vulnerability inside the swing component (bsc#1210634). - CVE-2023-21968: Fixed vulnerability inside the library component (bsc#1210637). - CVE-2023-2597: Fixed buffer overflow in shared cache implementation (bsc#1211615). - CVE-2023-21967: Fixed vulnerability inside the JSSE component (bsc#1210636). - CVE-2023-21954: Fixed vulnerability inside the hotspot component (bsc#1210635). Additional reference fixed already in 8.0.7.15: - CVE-2023-30441: Fixed components that could have exposed sensitive information using a combination of flaws and configurations (bsc#1210711). Important SUSE bug 1210628 SUSE bug 1210631 SUSE bug 1210632 SUSE bug 1210634 SUSE bug 1210635 SUSE bug 1210636 SUSE bug 1210637 SUSE bug 1210711 SUSE bug 1210826 SUSE bug 1211615 CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968 CVE-2023-2597 CVE-2023-30441 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libcares2 fixes the following issues: - CVE-2023-32067: Fixed a denial of service that could be triggered by a 0-byte UDP payload (bsc#1211604). - CVE-2023-31147: Fixed an insufficient randomness in generation of DNS query IDs (bsc#1211605). - CVE-2023-31130: Fixed a buffer underflow when configuring specific IPv6 addresses (bsc#1211606). - CVE-2023-31124: Fixed a build issue when cross-compiling that could lead to insufficient randomness (bsc#1211607). Important SUSE bug 1211604 SUSE bug 1211605 SUSE bug 1211606 SUSE bug 1211607 CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). Moderate SUSE bug 1211795 CVE-2023-2953 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libX11 fixes the following issues: - CVE-2023-3138: Fixed buffer overflows in InitExt.c (bsc#1212102). Important SUSE bug 1212102 CVE-2023-3138 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405). - CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). - CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). - CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). - CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). - CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). - CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783). - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940 bsc#1211260). - CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715). - CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186). - CVE-2023-1380: A slab-out-of-bound read problem was fixed in brcmf_get_assoc_ies(), that could lead to a denial of service (bsc#1209287). - CVE-2023-2513: A use-after-free vulnerability was fixed in the ext4 filesystem, related to the way it handled the extra inode size for extended attributes (bsc#1211105). - CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629). The following non-security bugs were fixed: - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). - ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). Important SUSE bug 1204405 SUSE bug 1205756 SUSE bug 1205758 SUSE bug 1205760 SUSE bug 1205762 SUSE bug 1205803 SUSE bug 1206878 SUSE bug 1209287 SUSE bug 1210629 SUSE bug 1210715 SUSE bug 1210783 SUSE bug 1210940 SUSE bug 1211105 SUSE bug 1211186 SUSE bug 1211260 SUSE bug 1211592 CVE-2022-3566 CVE-2022-45884 CVE-2022-45885 CVE-2022-45886 CVE-2022-45887 CVE-2022-45919 CVE-2023-1380 CVE-2023-2176 CVE-2023-2194 CVE-2023-2513 CVE-2023-31084 CVE-2023-31436 CVE-2023-32269 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libwebp fixes the following issues: - CVE-2023-1999: Fixed double free (bsc#1210212). Important SUSE bug 1210212 CVE-2023-1999 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for bluez fixes the following issues: - CVE-2023-27349: Fixed crash while handling unsupported events (bsc#1210398). Important SUSE bug 1210398 CVE-2023-27349 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for webkit2gtk3 fixes the following issues: Add security patches (bsc#1211846): - CVE-2023-28204: Fixed processing of web content that may disclose sensitive information (bsc#1211659). - CVE-2023-32373: Fixed processing of maliciously crafted web content that may lead to arbitrary code execution (bsc#1211658). Important SUSE bug 1211658 SUSE bug 1211659 SUSE bug 1211846 CVE-2023-28204 CVE-2023-32373 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect tests [bsc#1201627] Moderate SUSE bug 1201627 SUSE bug 1207534 CVE-2022-4304 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssl-1_0_0 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). Moderate SUSE bug 1207534 CVE-2022-4304 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python fixes the following issues: - CVE-2023-24329: Fixed urllib.parse bypass when supplying a URL that starts with blank characters (bsc#1208471). Important SUSE bug 1208471 CVE-2023-24329 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). Moderate SUSE bug 1206337 CVE-2022-46908 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for prometheus-ha_cluster_exporter fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1208296). Important SUSE bug 1208296 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for prometheus-sap_host_exporter fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1208270). - fixed exporter package description (bsc#1211311). Important SUSE bug 1208270 SUSE bug 1211311 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for bind fixes the following issues: - CVE-2023-2828: Fixed denial-of-service against recursive resolvers related to cache-cleaning algorithm (bsc#1212544). Important SUSE bug 1212544 CVE-2023-2828 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update of installation-images fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). Moderate SUSE bug 1209188 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libqt5-qtbase fixes the following issues: - CVE-2020-24741: Fixed a bug that allow QLibrary to load libraries relative to CWD which could result in arbitrary code execution (bsc#1189408). - CVE-2023-32763: Fixed buffer overflow in QTextLayout (bsc#1211798). Important SUSE bug 1189408 SUSE bug 1211798 CVE-2020-24741 CVE-2023-32763 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xorg-x11-server fixes the following issues: - CVE-2023-0494: Fixed a use-after-free in DeepCopyPointerClasses (bsc#1207783). Important SUSE bug 1207783 CVE-2023-0494 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ghostscript fixes the following issues: - CVE-2023-36664: Fixed permission validation mishandling for pipe devices with the %pipe% prefix or the | pipe character prefix (bsc#1212711). Important SUSE bug 1212711 CVE-2023-36664 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues: Changes in MozillaFirefox and MozillaFirefox-branding-SLE: This update provides Firefox Extended Support Release 115.0 ESR * New: - Required fields are now highlighted in PDF forms. - Improved performance on high-refresh rate monitors (120Hz+). - Buttons in the Tabs toolbar can now be reached with Tab, Shift+Tab, and Arrow keys. View this article for additional details. - Windows' 'Make text bigger' accessibility setting now affects all the UI and content pages, rather than only applying to system font sizes. - Non-breaking spaces are now preserved—preventing automatic line breaks—when copying text from a form control. - Fixed WebGL performance issues on NVIDIA binary drivers via DMA-Buf on Linux. - Fixed an issue in which Firefox startup could be significantly slowed down by the processing of Web content local storage. This had the greatest impact on users with platter hard drives and significant local storage. - Removed a configuration option to allow SHA-1 signatures in certificates: SHA-1 signatures in certificates—long since determined to no longer be secure enough—are now not supported. - Highlight color is preserved correctly after typing `Enter` in the mail composer of Yahoo Mail and Outlook. After bypassing the https only error page navigating back would take you to the error page that was previously dismissed. Back now takes you to the previous site that was visited. - Paste unformatted shortcut (shift+ctrl/cmd+v) now works in plain text contexts, such as input and text area. - Added an option to print only the current page from the print preview dialog. - Swipe to navigate (two fingers on a touchpad swiped left or right to perform history back or forward) on Windows is now enabled. - Stability on Windows is significantly improved as Firefox handles low-memory situations much better. - Touchpad scrolling on macOS was made more accessible by reducing unintended diagonal scrolling opposite of the intended scroll axis. - Firefox is less likely to run out of memory on Linux and performs more efficiently for the rest of the system when memory runs low. - It is now possible to edit PDFs: including writing text, drawing, and adding signatures. - Setting Firefox as your default browser now also makes it the default PDF application on Windows systems. - Swipe-to-navigate (two fingers on a touchpad swiped left or right to perform history back or forward) now works for Linux users on Wayland. - Text Recognition in images allows users on macOS 10.15 and higher to extract text from the selected image (such as a meme or screenshot). - Firefox View helps you get back to content you previously discovered. A pinned tab allows you to find and open recently closed tabs on your current device and access tabs from other devices (via our “Tab Pickup” feature). - Import maps, which allow web pages to control the behavior of JavaScript imports, are now enabled by default. - Processes used for background tabs now use efficiency mode on Windows 11 to limit resource use. - The shift+esc keyboard shortcut now opens the Process Manager, offering a way to quickly identify processes that are using too many resources. - Firefox now supports properly color correcting images tagged with ICCv4 profiles. - Support for non-English characters when saving and printing PDF forms. - The bookmarks toolbar's default 'Only show on New Tab' state works correctly for blank new tabs. As before, you can change the bookmark toolbar's behavior using the toolbar context menu. - Manifest Version 3 (MV3) extension support is now enabled by default (MV2 remains enabled/supported). This major update also ushers an exciting user interface change in the form of the new extensions button. - The Arbitrary Code Guard exploit protection has been enabled in the media playback utility processes, improving security for Windows users. - The native HTML date picker for date and datetime inputs can now be used with a keyboard alone, improving its accessibility for screen reader users. Users with limited mobility can also now use common keyboard shortcuts to navigate the calendar grid and month selection spinners. - Firefox builds in the Spanish from Spain (es-ES) and Spanish from Argentina (es-AR) locales now come with a built- in dictionary for the Firefox spellchecker. - On macOS, Ctrl or Cmd + trackpad or mouse wheel now scrolls the page instead of zooming. This avoids accidental zooming and matches the behavior of other web browsers on macOS. - It's now possible to import bookmarks, history and passwords not only from Edge, Chrome or Safari but also from Opera, Opera GX, and Vivaldi. - GPU sandboxing has been enabled on Windows. - On Windows, third-party modules can now be blocked from injecting themselves into Firefox, which can be helpful if they are causing crashes or other undesirable behavior. - Date, time, and datetime-local input fields can now be cleared with `Cmd+Backspace` and `Cmd+Delete` shortcut on macOS and `Ctrl+Backspace` and `Ctrl+Delete` on Windows and Linux. - GPU-accelerated Canvas2D is enabled by default on macOS and Linux. - WebGL performance improvement on Windows, MacOS and Linux. - Enables overlay of hardware-decoded video with non-Intel GPUs on Windows 10/11, improving video playback performance and video scaling quality. - Windows native notifications are now enabled. - Firefox Relay users can now opt-in to create Relay email masks directly from the Firefox credential manager. You must be signed in with your Firefox Account. - We’ve added two new locales: Silhe Friulian (fur) and Sardinian (sc). - Right-clicking on password fields now shows an option to reveal the password. - Private windows and ETP set to strict will now include email tracking protection. This will make it harder for email trackers to learn the browsing habits of Firefox users. You can check the Tracking Content in the sub-panel on the shield icon panel. - The deprecated U2F Javascript API is now disabled by default. The U2F protocol remains usable through the WebAuthn API. The U2F API can be re-enabled using the `security.webauth.u2f` preference. - Say hello to enhanced Picture-in-Picture! Rewind, check video duration, and effortlessly switch to full-screen mode on the web's most popular video websites. - Firefox's address bar is already a great place to search for what you're looking for. Now you'll always be able to see your web search terms and refine them while viewing your search's results - no additional scrolling needed! Also, a new result menu has been added making it easier to remove history results and dismiss sponsored Firefox Suggest entries. - Private windows now protect users even better by blocking third-party cookies and storage of content trackers. - Passwords automatically generated by Firefox now include special characters, giving users more secure passwords by default. - Firefox 115 introduces a redesigned accessibility engine which significantly improves the speed, responsiveness, and stability of Firefox when used with: - Screen readers, as well as certain other accessibility software; - East Asian input methods; - Enterprise single sign-on software; and - Other applications which use accessibility frameworks to access information. - Firefox 115 now supports AV1 Image Format files containing animations (AVIS), improving support for AVIF images across the web. - The Windows GPU sandbox first shipped in the Firefox 110 release has been tightened to enhance the security benefits it provides. - A 13-year-old feature request was fulfilled and Firefox now supports files being drag-and-dropped directly from Microsoft Outlook. A special thanks to volunteer contributor Marco Spiess for helping to get this across the finish line! - Users on macOS can now access the Services sub-menu directly from Firefox context menus. - On Windows, the elastic overscroll effect has been enabled by default. When two-finger scrolling on the touchpad or scrolling on the touchscreen, you will now see a bouncing animation when scrolling past the edge of a scroll container. - Firefox is now available in the Tajik (tg) language. - Added UI to manage the DNS over HTTPS exception list. - Bookmarks can now be searched from the Bookmarks menu. The Bookmarks menu is accessible by adding the Bookmarks menu button to the toolbar. - Restrict searches to your local browsing history by selecting Search history from the History, Library or Application menu buttons. - Mac users can now capture video from their cameras in all supported native resolutions. This enables resolutions higher than 1280x720. - It is now possible to reorder the extensions listed in the extensions panel. - Users on macOS, Linux, and Windows 7 can now use FIDO2 / WebAuthn authenticators over USB. Some advanced features, such as fully passwordless logins, require a PIN to be set on the authenticator. - Pocket Recommended content can now be seen in France, Italy, and Spain. - DNS over HTTPS settings are now part of the Privacy & Security section of the Settings page and allow the user to choose from all the supported modes. - Migrating from another browser? Now you can bring over payment methods you've saved in Chrome-based browsers to Firefox. - Hardware video decoding enabled for Intel GPUs on Linux. - The Tab Manager dropdown now features close buttons, so you can close tabs more quickly. - Windows Magnifier now follows the text cursor correctly when the Firefox title bar is visible. - Undo and redo are now available in Password fields. [1]:https://support.mozilla.org/kb/access-toolbar-functions- using-keyboard?_gl=1*16it7nj*_ga*MTEzNjg4MjY5NC4xNjQ1MjAxMDU3 *_ga_MQ7767QQQW*MTY1Njk2MzExMS43LjEuMTY1Njk2MzIzMy4w [2]:https://support.mozilla.org/kb/how-set-tab-pickup-firefox-view [3]:https://support.mozilla.org/kb/task-manager-tabs-or-extensions-are-slowing-firefox [4]:https://blog.mozilla.org/addons/2022/11/17/manifest-v3-signing-available-november-21-on-firefox-nightly/ [5]:https://blog.mozilla.org/addons/2022/05/18/manifest-v3-in-firefox-recap-next-steps/ [6]:https://support.mozilla.org/kb/unified-extensions [7]:https://support.mozilla.org/kb/import-data-another-browser [8]:https://support.mozilla.org/kb/identify-problems-third-party-modules-firefox-windows [9]:https://support.mozilla.org/kb/how-generate-secure-password-firefox [10]:https://blog.mozilla.org/accessibility/firefox-113-accessibility-performance/ * Fixed: Various security fixes. MFSA 2023-22 (bsc#1212438) * CVE-2023-3482 (bmo#1839464) Block all cookies bypass for localstorage * CVE-2023-37201 (bmo#1826002) Use-after-free in WebRTC certificate generation * CVE-2023-37202 (bmo#1834711) Potential use-after-free from compartment mismatch in SpiderMonkey * CVE-2023-37203 (bmo#291640) Drag and Drop API may provide access to local system files * CVE-2023-37204 (bmo#1832195) Fullscreen notification obscured via option element * CVE-2023-37205 (bmo#1704420) URL spoofing in address bar using RTL characters * CVE-2023-37206 (bmo#1813299) Insufficient validation of symlinks in the FileSystem API * CVE-2023-37207 (bmo#1816287) Fullscreen notification obscured * CVE-2023-37208 (bmo#1837675) Lack of warning when opening Diagcab files * CVE-2023-37209 (bmo#1837993) Use-after-free in `NotifyOnHistoryReload` * CVE-2023-37210 (bmo#1821886) Full-screen mode exit prevention * CVE-2023-37211 (bmo#1832306, bmo#1834862, bmo#1835886, bmo#1836550, bmo#1837450) Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 * CVE-2023-37212 (bmo#1750870, bmo#1825552, bmo#1826206, bmo#1827076, bmo#1828690, bmo#1833503, bmo#1835710, bmo#1838587) Memory safety bugs fixed in Firefox 115 - Fixed potential SIGILL on older CPUs (bsc#1212101) * Fixed: Various security fixes and other quality Important SUSE bug 1212101 SUSE bug 1212438 CVE-2023-3482 CVE-2023-37201 CVE-2023-37202 CVE-2023-37203 CVE-2023-37204 CVE-2023-37205 CVE-2023-37206 CVE-2023-37207 CVE-2023-37208 CVE-2023-37209 CVE-2023-37210 CVE-2023-37211 CVE-2023-37212 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_8_0-ibm fixes the following issues: Updated to Java 8.0 Service Refresh 8 Fix Pack 6 (bsc#1213000): - Fixed issue in Java Virtual Machine where outofmemory (OOM) killer terminates the jvm due to failure in control groups detection. Important SUSE bug 1213000 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). Important SUSE bug 1210999 CVE-2023-31484 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for samba fixes the following issues: - CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send (bsc#1213174). Bugfixes: - Fixed trust relationship failure (bsc#1213384). Moderate SUSE bug 1213174 SUSE bug 1213384 CVE-2022-2127 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 115.0.2 ESR (MFSA 2023-26, bsc#1213230) Security fixes: - CVE-2023-3600: Fixed use-after-free in workers (bmo#1839703) Other fixes: - Fixed a startup crash experienced by some Windows users by blocking instances of a malicious injected DLL (bmo#1841751) - Fixed a bug with displaying a caret in the text editor on some websites (bmo#1840804) - Fixed a bug with broken audio rendering on some websites (bmo#1841982) - Fixed a bug with patternTransform translate using the wrong units (bmo#1840746) - Fixed a crash affecting Windows 7 users related to the DLL blocklist. Firefox Extended Support Release 115.0.1 ESR - Fixed a startup crash for Windows users with Kingsoft Antivirus software installed (bmo#1837242) Important SUSE bug 1213230 CVE-2023-3600 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for cjose fixes the following issues: - CVE-2023-37464: Fixed AES GCM decryption uses the Tag length from the actual Authentication Tag (bsc#1213385). Important SUSE bug 1213385 CVE-2023-37464 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssl-1_0_0 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). - testsuite: Update further expiring certificates that affect tests [bsc#1201627] Important SUSE bug 1201627 SUSE bug 1207533 SUSE bug 1207534 SUSE bug 1207536 CVE-2022-4304 CVE-2023-0215 CVE-2023-0286 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). Important SUSE bug 1207533 SUSE bug 1207534 SUSE bug 1207536 SUSE bug 1207538 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for compat-openssl098 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). - Update further expiring certificates that affect tests (bsc#1201627). Moderate SUSE bug 1201627 SUSE bug 1207534 SUSE bug 1213487 CVE-2022-4304 CVE-2023-3446 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). Important SUSE bug 1206579 CVE-2022-47629 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for mariadb fixes the following issues: - CVE-2022-32084: Fixed segmentation fault via the component sub_select (bsc#1201164). Moderate SUSE bug 1201164 CVE-2022-32084 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for apache2-mod_security2 fixes the following issues: - CVE-2022-48279: Fixed a potential firewall bypass due to an incorrect parsing of HTTP multipart requests (bsc#1207378). Important SUSE bug 1207378 CVE-2022-48279 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for tomcat fixes the following issues: - Remove the log4j dependency as it is not used by the tomcat package (bsc#1196137) Security hardening, related to Spring Framework vulnerabilities: - Deprecate getResources() and always return null (bsc#1198136). Important SUSE bug 1196137 SUSE bug 1198136 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libapr-util1 fixes the following issues: - CVE-2022-25147: Fixed a buffer overflow possible with specially crafted input during base64 encoding (bsc#1207866) Critical SUSE bug 1207866 CVE-2022-25147 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xrdp fixes the following issues: - CVE-2022-23468: Fixed a buffer overflow in xrdp_login_wnd_create() (bsc#1206300). - CVE-2022-23479: Fixed a buffer overflow in xrdp_mm_chan_data_in() (bsc#1206303). - CVE-2022-23480: Fixed a buffer overflow in devredir_proc_client_devlist_announce_req() (bsc#1206306). - CVE-2022-23481: Fixed an out of bound read in xrdp_caps_process_confirm_active() (bsc#1206307). - CVE-2022-23482: Fixed an out of bound read in xrdp_sec_process_mcs_data_CS_CORE() (bsc#1206310). - CVE-2022-23483: Fixed an out of bound read in libxrdp_send_to_channel() (bsc#1206311). - CVE-2022-23484: Fixed a integer overflow in xrdp_mm_process_rail_update_window_text() (bsc#1206312). Important SUSE bug 1206300 SUSE bug 1206303 SUSE bug 1206306 SUSE bug 1206307 SUSE bug 1206310 SUSE bug 1206311 SUSE bug 1206312 CVE-2022-23468 CVE-2022-23479 CVE-2022-23480 CVE-2022-23481 CVE-2022-23482 CVE-2022-23483 CVE-2022-23484 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for cups fixes the following issues: - CVE-2023-4504: Fixed heap overflow in OpenPrinting CUPS Postscript Parsing (bsc#1215204). - CVE-2023-34241: Fixed a use-after-free problem in cupsdAcceptClient() (bsc#1212230). - CVE-2023-32360: Fixed information leak through Cups-Get-Document operation (bsc#1214254). Important SUSE bug 1212230 SUSE bug 1214254 SUSE bug 1215204 CVE-2023-32360 CVE-2023-34241 CVE-2023-4504 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for postgresql15 fixes the following issues: Update to 15.2: - CVE-2022-41862: Fixed memory leak in libpq (bsc#1208102). Important SUSE bug 1208102 CVE-2022-41862 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bnc#1207237). - CVE-2023-23454: Fixed denial or service in cbq_classify in net/sched/sch_cbq.c (bnc#1207036). - CVE-2022-4662: Fixed incorrect access control in the USB core subsystem that could lead a local user to crash the system (bnc#1206664). - CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bnc#1206073). The following non-security bugs were fixed: - Added support for enabling livepatching related packages on -RT (jsc#PED-1706). - Added suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149). - Reverted 'constraints: increase disk space for all architectures' (bsc#1203693). - HID: betop: check shape of output reports (bsc#1207186). - HID: betop: fix slab-out-of-bounds Write in betop_probe (bsc#1207186). - HID: check empty report_list in hid_validate_values() (bsc#1206784). - net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036). - net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036). - sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). Important SUSE bug 1203693 SUSE bug 1205149 SUSE bug 1206073 SUSE bug 1206664 SUSE bug 1206677 SUSE bug 1206784 SUSE bug 1207036 SUSE bug 1207186 SUSE bug 1207237 CVE-2022-3564 CVE-2022-4662 CVE-2022-47929 CVE-2023-23454 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ImageMagick fixes the following issues: - CVE-2022-44267: Fixed a denial of service when parsing a PNG image (bsc#1207982). - CVE-2022-44268: Fixed arbitrary file disclosure when parsing a PNG image (bsc#1207983). Important SUSE bug 1207982 SUSE bug 1207983 CVE-2022-44267 CVE-2022-44268 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for git fixes the following issues: - CVE-2023-22490: Fixed incorrectly usable local clone optimization even when using a non-local transport (bsc#1208027). - CVE-2023-23946: Fixed issue where a path outside the working tree can be overwritten as the user who is running 'git apply' (bsc#1208028). Important SUSE bug 1208027 SUSE bug 1208028 CVE-2023-22490 CVE-2023-23946 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_8_0-openjdk fixes the following issues: Updated to version jdk8u362 (icedtea-3.26.0): - CVE-2023-21830: Fixed improper restrictions in CORBA deserialization (bsc#1207249). - CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248). Moderate SUSE bug 1207248 SUSE bug 1207249 CVE-2023-21830 CVE-2023-21843 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for clamav fixes the following issues: - CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser (bsc#1208363). - CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser (bsc#1208365). Critical SUSE bug 1208363 SUSE bug 1208365 CVE-2023-20032 CVE-2023-20052 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20230214 release. Security issues fixed: - CVE-2022-38090: Security updates for [INTEL-SA-00767](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00767.html) (bsc#1208275) - CVE-2022-33196: Security updates for [INTEL-SA-00738](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00738.html) (bsc#1208276) - CVE-2022-21216: Security updates for [INTEL-SA-00700](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00700.html) (bsc#1208277) - New Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | SPR-SP | E2 | 06-8f-05/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E3 | 06-8f-06/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E4 | 06-8f-07/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E5 | 06-8f-08/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-HBM | B3 | 06-8f-08/10 | | 2c000170 | Xeon Max | RPL-P 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13 | RPL-H 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13 | RPL-U 2+8 | Q0 | 06-ba-02/07 | | 0000410e | Core Gen13 - Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | C0 | 06-97-02/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-97-05/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-bf-02/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-bf-05/07 | 00000026 | 0000002c | Core Gen12 | ADL | L0 | 06-9a-03/80 | 00000424 | 00000429 | Core Gen12 | ADL | L0 | 06-9a-04/80 | 00000424 | 00000429 | Core Gen12 | CLX-SP | B0 | 06-55-06/bf | 04003302 | 04003303 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003302 | 05003303 | Xeon Scalable Gen2 | CPX-SP | A1 | 06-55-0b/bf | 07002501 | 07002503 | Xeon Scalable Gen3 | GLK | B0 | 06-7a-01/01 | 0000003c | 0000003e | Pentium Silver N/J5xxx, Celeron N/J4xxx | GLK-R | R0 | 06-7a-08/01 | 00000020 | 00000022 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-D | B0 | 06-6c-01/10 | 01000201 | 01000211 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000b6 | 000000b8 | Core Gen10 Mobile | ICX-SP | D0 | 06-6a-06/87 | 0d000375 | 0d000389 | Xeon Scalable Gen3 | JSL | A0/A1 | 06-9c-00/01 | 24000023 | 24000024 | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105 | LKF | B2/B3 | 06-8a-01/10 | 00000031 | 00000032 | Core w/Hybrid Technology | RKL-S | B0 | 06-a7-01/02 | 00000056 | 00000057 | Core Gen11 | RPL-S | S0 | 06-b7-01/32 | 0000010e | 00000112 | Core Gen13 | SKX-SP | B1 | 06-55-03/97 | 0100015e | 01000161 | Xeon Scalable Important SUSE bug 1208275 SUSE bug 1208276 SUSE bug 1208277 CVE-2022-21216 CVE-2022-33196 CVE-2022-38090 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: Updated to version 102.8.0 ESR (bsc#1208144): - CVE-2023-25728: Fixed content security policy leak in violation reports using iframes. - CVE-2023-25730: Fixed screen hijack via browser fullscreen mode. - CVE-2023-25743: Fixed Fullscreen notification not being shown in Firefox Focus. - CVE-2023-0767: Fixed arbitrary memory write via PKCS 12 in NSS. - CVE-2023-25735: Fixed potential use-after-free from compartment mismatch in SpiderMonkey. - CVE-2023-25737: Fixed invalid downcast in SVGUtils::SetupStrokeGeometry. - CVE-2023-25738: Fixed printing on Windows which could potentially crash Firefox with some device drivers. - CVE-2023-25739: Fixed use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext. - CVE-2023-25729: Fixed extensions opening external schemes without user knowledge. - CVE-2023-25732: Fixed out of bounds memory write from EncodeInputStream. - CVE-2023-25734: Fixed opening local .url files that causes unexpected network loads. - CVE-2023-25742: Fixed tab crash by Web Crypto ImportKey. - CVE-2023-25744: Fixed Memory safety bugs. - CVE-2023-25746: Fixed Memory safety bugs. Important SUSE bug 1208138 SUSE bug 1208144 CVE-2023-0767 CVE-2023-25728 CVE-2023-25729 CVE-2023-25730 CVE-2023-25732 CVE-2023-25734 CVE-2023-25735 CVE-2023-25737 CVE-2023-25738 CVE-2023-25739 CVE-2023-25742 CVE-2023-25743 CVE-2023-25744 CVE-2023-25746 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for prometheus-ha_cluster_exporter fixes the following issues: Updated to version 1.3.1: - CVE-2022-46146: Fixed authentication bypass via cache poisoning in prometheus/exporter-toolkit (bsc#1208046, bsc#1208047). Important SUSE bug 1208046 SUSE bug 1208047 CVE-2022-46146 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for mozilla-nss fixes the following issues: Updated to NSS 3.79.4 (bsc#1208138): - CVE-2023-0767: Fixed handling of unknown PKCS#12 safe bag types. Important SUSE bug 1208138 CVE-2023-0767 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for poppler fixes the following issues: - CVE-2022-38784: Fixed integer overflow in the JBIG2 decoder (bsc#1202692). - CVE-2019-13283: Fixed heap-based buffer over-read that could be triggered by sending a crafted PDF document to the pdftotext tool (bsc#1140877). Important SUSE bug 1140877 SUSE bug 1202692 CVE-2019-13283 CVE-2022-38784 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libxslt fixes the following issues: - CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574). Important SUSE bug 1208574 CVE-2021-30560 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for compat-openssl098 fixes the following issues: - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). Moderate SUSE bug 1207534 CVE-2022-4304 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xterm fixes the following issues: - CVE-2022-45063: Fixed command injection in ESC 50 fontoperation by disabling the change font functionality (bsc#1205305). Important SUSE bug 1205305 CVE-2022-45063 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for nrpe fixes the following issues: - CVE-2015-4000: Fixed Logjam Attack by increasing the standard size of 512 bit dh parameters to 2048 (bsc#931600, bsc#938906). Moderate SUSE bug 931600 SUSE bug 938906 CVE-2015-4000 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for emacs fixes the following issues: - CVE-2022-48337: Fixed etags local command injection vulnerability (bsc#1208515). - CVE-2022-48339: Fixed htmlfontify.el command injection vulnerability (bsc#1208512). Important SUSE bug 1208512 SUSE bug 1208515 CVE-2022-48337 CVE-2022-48339 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for webkit2gtk3 fixes the following issues: Update to version 2.38.3 (bnc#1206750): - CVE-2022-42852: Fixed disclosure of process memory by improved memory handling. - CVE-2022-42856: Fixed a potential arbitrary code execution when processing maliciously crafted web content (bsc#1206474). - CVE-2022-42863: Fixed a potential arbitrary code execution when processing maliciously crafted web content. - CVE-2022-42867: Fixed a use after free issue was addressed with improved memory management. - CVE-2022-46691: Fixed a potential arbitrary code execution when processing maliciously crafted web content. - CVE-2022-46692: Fixed bypass of Same Origin Policy through improved state management. - CVE-2022-46698: Fixed disclosure of sensitive user information with improved checks. - CVE-2022-46699: Fixed an arbitrary code execution caused by memory corruption. - CVE-2022-46700: Fixed a potential arbitrary code execution when processing maliciously crafted web content. Important SUSE bug 1206474 SUSE bug 1206750 CVE-2022-42852 CVE-2022-42856 CVE-2022-42863 CVE-2022-42867 CVE-2022-46691 CVE-2022-46692 CVE-2022-46698 CVE-2022-46699 CVE-2022-46700 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xorg-x11-server fixes the following issues: - Fixed a regression introduced with security update for CVE-2022-46340 (bsc#1205874). Important SUSE bug 1205874 CVE-2022-46340 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python3 fixes the following issues: - CVE-2023-24329: Fixed blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). - CVE-2022-40899: Fixed REDoS in http.cookiejar (gh#python/cpython#17157) (bsc#1206673). Important SUSE bug 1206673 SUSE bug 1208471 CVE-2022-40899 CVE-2023-24329 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for tomcat fixes the following issues: - CVE-2023-24998: Fixed FileUpload DoS with excessive parts (bsc#1208513). Important SUSE bug 1208513 CVE-2023-24998 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for jakarta-commons-fileupload fixes the following issues: - CVE-2016-3092: Fixed a usage of vulnerable FileUpload package can result in denial of service (bsc#986359). - CVE-2023-24998: Fixed a FileUpload deny of service with excessive parts (bsc#1208513). Important SUSE bug 1208513 SUSE bug 986359 CVE-2016-3092 CVE-2023-24998 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for vim fixes the following issues: - CVE-2023-0512: Fixed a divide By Zero (bsc#1207780). - CVE-2023-1175: vim: an incorrect calculation of buffer size (bsc#1208957). - CVE-2023-1170: Fixed a heap-based Buffer Overflow (bsc#1208959). - CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). Updated to version 9.0 with patch level 1386. - https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386 Important SUSE bug 1207780 SUSE bug 1208828 SUSE bug 1208957 SUSE bug 1208959 CVE-2023-0512 CVE-2023-1127 CVE-2023-1170 CVE-2023-1175 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: Update to version 102.9.0 ESR (bsc#1209173): - CVE-2023-28159: Fullscreen Notification could have been hidden by download popups on Android - CVE-2023-25748: Fullscreen Notification could have been hidden by window prompts on Android - CVE-2023-25749: Firefox for Android may have opened third-party apps without a prompt - CVE-2023-25750: Potential ServiceWorker cache leak during private browsing mode - CVE-2023-25751: Incorrect code generation during JIT compilation - CVE-2023-28160: Redirect to Web Extension files may have leaked local path - CVE-2023-28164: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation - CVE-2023-28161: One-time permissions granted to a local file were extended to other local files loaded in the same tab - CVE-2023-28162: Invalid downcast in Worklets - CVE-2023-25752: Potential out-of-bounds when accessing throttled streams - CVE-2023-28163: Windows Save As dialog resolved environment variables - CVE-2023-28176: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9 - CVE-2023-28177: Memory safety bugs fixed in Firefox 111 Important SUSE bug 1209173 CVE-2023-25748 CVE-2023-25749 CVE-2023-25750 CVE-2023-25751 CVE-2023-25752 CVE-2023-28159 CVE-2023-28160 CVE-2023-28161 CVE-2023-28162 CVE-2023-28163 CVE-2023-28164 CVE-2023-28176 CVE-2023-28177 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for apache2 fixes the following issues: - CVE-2023-25690: Fixed HTTP request splitting with mod_rewrite and mod_proxy (bsc#1209047). The following non-security bugs were fixed: - Fixed passing health check does not recover worker from its error state (bsc#1208708). Important SUSE bug 1208708 SUSE bug 1209047 CVE-2023-25690 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) - CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bsc#1194535). - CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051). - CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). - CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). - CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332). - CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773). - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2022-2991: Fixed an heap-based overflow in the lightnvm implemenation (bsc#1201420). The following non-security bugs were fixed: - kabi/severities: add l2tp local symbols Important SUSE bug 1191881 SUSE bug 1194535 SUSE bug 1201420 SUSE bug 1203331 SUSE bug 1203332 SUSE bug 1205711 SUSE bug 1207051 SUSE bug 1207773 SUSE bug 1207795 SUSE bug 1208700 SUSE bug 1209188 CVE-2021-4203 CVE-2022-2991 CVE-2022-36280 CVE-2022-38096 CVE-2022-4129 CVE-2023-0045 CVE-2023-0590 CVE-2023-23559 CVE-2023-26545 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update of oracleasm fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). Moderate SUSE bug 1209188 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xen fixes the following issues: - CVE-2022-42332: Fixed use-after-free in x86 shadow plus log-dirty mode (bsc#1209017). - CVE-2022-42333,CVE-2022-42334: Fixed x86/HVM pinned cache attributes mis-handling (bsc#1209018). - CVE-2022-42331: Fixed speculative vulnerability in 32bit SYSCALL path on x86 (bsc#1209019). Important SUSE bug 1209017 SUSE bug 1209018 SUSE bug 1209019 SUSE bug 1209188 CVE-2022-42331 CVE-2022-42332 CVE-2022-42333 CVE-2022-42334 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update of grub2 fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). Moderate SUSE bug 1209188 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libgcrypt fixes the following issues: The following security vulnerability was addressed: - CVE-2018-0495: Mitigate a novel side-channel attack by enabling blinding for ECDSA signatures (bsc#1097410). The following other issues were fixed: - Extended the fipsdrv dsa-sign and dsa-verify commands with the --algo parameter for the FIPS testing of DSA SigVer and SigGen (bsc#1064455). - Ensure libgcrypt20-hmac and libgcrypt20 are installed in the correct order. (bsc#1090766) Moderate SUSE bug 1064455 SUSE bug 1090766 SUSE bug 1097410 CVE-2018-0495 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libreoffice to 6.0.5.2 fixes the following issues: Security issues fixed: - CVE-2018-10583: An information disclosure vulnerability occurs during automatic processing and initiating an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document. (bsc#1091606) Non security issues fixed: - Bugfix: Table borders appear black in LibreOffice (while white in PowerPoint) (bsc#1088262) - Bugfix: LibreOffice extension 'Language Tool' fails after Tumbleweed update (bsc#1050305) - Bugfix: libreoffice-gnome can no longer be installed in parallel to libreoffice-gtk3 as there is a potential file conflict (bsc#1096673) - Bugfix: LibreOffice Writer: Text in boxes were not visible (bsc#1094359) - Use libreoffice-gtk3 if xfce is present (bsc#1092699) - Various other bug fixes - Exporting to PPTX results in vertical labels being shown horizontally (bsc#1095639) - Table in PPTX misplaced and partly blue (bsc#1098891) - Labels in chart change (from white and other colors) to black when saving as PPTX (bsc#1088263) - Exporting to PPTX shifts arrow shapes quite a bit bsc#1095601 Moderate SUSE bug 1050305 SUSE bug 1088262 SUSE bug 1088263 SUSE bug 1091606 SUSE bug 1091772 SUSE bug 1092699 SUSE bug 1094359 SUSE bug 1095601 SUSE bug 1095639 SUSE bug 1096673 SUSE bug 1098891 CVE-2018-10583 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for python, python-base fixes the following issues: Security issues fixed: - CVE-2018-1000802: Prevent command injection in shutil module (make_archive function) via passage of unfiltered user input (bsc#1109663). - CVE-2018-1061: Fixed DoS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (bsc#1088004). - CVE-2018-1060: Fixed DoS via regular expression catastrophic backtracking in apop() method in pop3lib (bsc#1088009). Bug fixes: - bsc#1086001: python tarfile uses random order. Moderate SUSE bug 1086001 SUSE bug 1088004 SUSE bug 1088009 SUSE bug 1109663 CVE-2018-1000802 CVE-2018-1060 CVE-2018-1061 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for apache2 fixes the following issues: Security issues fixed: - CVE-2018-11763: In Apache HTTP Server by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. (bsc#1109961) Important SUSE bug 1109961 CVE-2018-11763 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for audiofile fixes the following issues: - CVE-2018-17095: A heap-based buffer overflow in Expand3To4Module::run could occurred when running sfconvert leading to crashes or code execution when handling untrusted soundfiles (bsc#1111586). Moderate SUSE bug 1111586 CVE-2018-17095 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for ntfs-3g_ntfsprogs fixes the following issues: - CVE-2017-0358: Missing sanitization of the environment during a call to modprobe allowed local users to escalate fo root privilege (bsc#1022500) Low SUSE bug 1022500 CVE-2017-0358 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for wireshark fixes the following issues: Wireshark was updated to 2.4.10 (bsc#1111647). Following security issues were fixed: - CVE-2018-18227: MS-WSP dissector crash (wnpa-sec-2018-47) - CVE-2018-12086: OpcUA dissector crash (wnpa-sec-2018-50) Further bug fixes and updated protocol support that were done are listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.10.html Important SUSE bug 1111647 CVE-2018-12086 CVE-2018-18227 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for MozillaFirefox to ESR 60.2.2 fixes several issues. These general changes are part of the version 60 release. - New browser engine with speed improvements - Redesigned graphical user interface elements - Unified address and search bar for new installations - New tab page listing top visited, recently visited and recommended pages - Support for configuration policies in enterprise deployments via JSON files - Support for Web Authentication, allowing the use of USB tokens for authentication to web sites The following changes affect compatibility: - Now exclusively supports extensions built using the WebExtension API. - Unsupported legacy extensions will no longer work in Firefox 60 ESR - TLS certificates issued by Symantec before June 1st, 2016 are no longer trusted The 'security.pki.distrust_ca_policy' preference can be set to 0 to reinstate trust in those certificates The following issues affect performance: - new format for storing private keys, certificates and certificate trust If the user home or data directory is on a network file system, it is recommended that users set the following environment variable to avoid slowdowns: NSS_SDB_USE_CACHE=yes This setting is not recommended for local, fast file systems. These security issues were fixed: - CVE-2018-12381: Dragging and dropping Outlook email message results in page navigation (bsc#1107343). - CVE-2017-16541: Proxy bypass using automount and autofs (bsc#1107343). - CVE-2018-12376: Various memory safety bugs (bsc#1107343). - CVE-2018-12377: Use-after-free in refresh driver timers (bsc#1107343). - CVE-2018-12378: Use-after-free in IndexedDB (bsc#1107343). - CVE-2018-12379: Out-of-bounds write with malicious MAR file (bsc#1107343). - CVE-2018-12386: Type confusion in JavaScript allowed remote code execution (bsc#1110506) - CVE-2018-12387: Array.prototype.push stack pointer vulnerability may enable exploits in the sandboxed content process (bsc#1110507) - CVE-2018-12385: Crash in TransportSecurityInfo due to cached data (bsc#1109363) - CVE-2018-12383: Setting a master password did not delete unencrypted previously stored passwords (bsc#1107343) This update for mozilla-nspr to version 4.19 fixes the follwing issues - Added TCP Fast Open functionality - A socket without PR_NSPR_IO_LAYER will no longer trigger an assertion when polling This update for mozilla-nss to version 3.36.4 fixes the follwing issues - Connecting to a server that was recently upgraded to TLS 1.3 would result in a SSL_RX_MALFORMED_SERVER_HELLO error. - Fix a rare bug with PKCS#12 files. - Replaces existing vectorized ChaCha20 code with verified HACL* implementation. - TLS 1.3 support has been updated to draft -23. - Added formally verified implementations of non-vectorized Chacha20 and non-vectorized Poly1305 64-bit. - The following CA certificates were Removed: OU = Security Communication EV RootCA1 CN = CA Disig Root R1 CN = DST ACES CA X6 Certum CA, O=Unizeto Sp. z o.o. StartCom Certification Authority StartCom Certification Authority G2 T?BİTAK UEKAE K?k Sertifika Hizmet Sağlayıcısı - S?r?m 3 ACEDICOM Root Certinomis - Autorit? Racine T?RKTRUST Elektronik Sertifika Hizmet Sağlayıcısı PSCProcert CA 沃通根证书, O=WoSign CA Limited Certification Authority of WoSign Certification Authority of WoSign G2 CA WoSign ECC Root Subject CN = VeriSign Class 3 Secure Server CA - G2 O = Japanese Government, OU = ApplicationCA CN = WellsSecure Public Root Certificate Authority CN = T?RKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6 CN = Microsec e-Szigno Root * The following CA certificates were Removed: AddTrust Public CA Root AddTrust Qualified CA Root China Internet Network Information Center EV Certificates Root CNNIC ROOT ComSign Secured CA GeoTrust Global CA 2 Secure Certificate Services Swisscom Root CA 1 Swisscom Root EV CA 2 Trusted Certificate Services UTN-USERFirst-Hardware UTN-USERFirst-Object * The following CA certificates were Added CN = D-TRUST Root CA 3 2013 CN = TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 GDCA TrustAUTH R5 ROOT SSL.com Root Certification Authority RSA SSL.com Root Certification Authority ECC SSL.com EV Root Certification Authority RSA R2 SSL.com EV Root Certification Authority ECC TrustCor RootCert CA-1 TrustCor RootCert CA-2 TrustCor ECA-1 * The Websites (TLS/SSL) trust bit was turned off for the following CA certificates: CN = Chambers of Commerce Root CN = Global Chambersign Root * TLS servers are able to handle a ClientHello statelessly, if the client supports TLS 1.3. If the server sends a HelloRetryRequest, it is possible to discard the server socket, and make a new socket to handle any subsequent ClientHello. This better enables stateless server operation. (This feature is added in support of QUIC, but it also has utility for DTLS 1.3 servers.) Due to the update of mozilla-nss apache2-mod_nss needs to be updated to change to the SQLite certificate database, which is now the default (bsc#1108771) Important SUSE bug 1012260 SUSE bug 1021577 SUSE bug 1026191 SUSE bug 1041469 SUSE bug 1041894 SUSE bug 1049703 SUSE bug 1061204 SUSE bug 1064786 SUSE bug 1065464 SUSE bug 1066489 SUSE bug 1073210 SUSE bug 1078436 SUSE bug 1091551 SUSE bug 1092697 SUSE bug 1094767 SUSE bug 1096515 SUSE bug 1107343 SUSE bug 1108771 SUSE bug 1108986 SUSE bug 1109363 SUSE bug 1109465 SUSE bug 1110506 SUSE bug 1110507 SUSE bug 703591 SUSE bug 839074 SUSE bug 857131 SUSE bug 893359 CVE-2017-16541 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12379 CVE-2018-12381 CVE-2018-12383 CVE-2018-12385 CVE-2018-12386 CVE-2018-12387 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for soundtouch fixes the following issues: - CVE-2018-17098: The WavFileBase class allowed remote attackers to cause a denial of service (heap corruption from size inconsistency) or possibly have unspecified other impact, as demonstrated by SoundStretch. (bsc#1108632) - CVE-2018-17097: The WavFileBase class allowed remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch. (double free) (bsc#1108631) - CVE-2018-17096: The BPMDetect class allowed remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch. (bsc#1108630) Moderate SUSE bug 1108630 SUSE bug 1108631 SUSE bug 1108632 CVE-2018-17096 CVE-2018-17097 CVE-2018-17098 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libarchive fixes the following issues: - CVE-2016-10209: The archive_wstring_append_from_mbs function in archive_string.c allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file. (bsc#1032089) - CVE-2016-10349: The archive_le32dec function in archive_endian.h allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (bsc#1037008) - CVE-2016-10350: The archive_read_format_cab_read_header function in archive_read_support_format_cab.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (bsc#1037009) - CVE-2017-14166: libarchive allowed remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c. (bsc#1057514) - CVE-2017-14501: An out-of-bounds read flaw existed in parse_file_info in archive_read_support_format_iso9660.c when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. (bsc#1059139) - CVE-2017-14502: read_header in archive_read_support_format_rar.c suffered from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. (bsc#1059134) - CVE-2017-14503: libarchive suffered from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. (bsc#1059100) Moderate SUSE bug 1032089 SUSE bug 1037008 SUSE bug 1037009 SUSE bug 1057514 SUSE bug 1059100 SUSE bug 1059134 SUSE bug 1059139 CVE-2016-10209 CVE-2016-10349 CVE-2016-10350 CVE-2017-14166 CVE-2017-14501 CVE-2017-14502 CVE-2017-14503 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for MozillaFirefox fixes the following issues: Security issues fixed: - Update to Mozilla Firefox 60.3.0esr: MFSA 2018-27 (bsc#1112852) - CVE-2018-12392: Crash with nested event loops. - CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript. - CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting. - CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts. - CVE-2018-12397: WebExtension local file access vulnerability. - CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3. - CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3. Important SUSE bug 1112852 CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 CVE-2018-12395 CVE-2018-12396 CVE-2018-12397 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632) - CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. (bsc#1113665) Non-security issues fixed: - dhcp6: split assert_return() to be more debuggable when hit - core: skip unit deserialization and move to the next one when unit_deserialize() fails - core: properly handle deserialization of unknown unit types (#6476) - core: don't create Requires for workdir if 'missing ok' (bsc#1113083) - logind: use manager_get_user_by_pid() where appropriate - logind: rework manager_get_{user|session}_by_pid() a bit - login: fix user@.service case, so we don't allow nested sessions (#8051) (bsc#1112024) - core: be more defensive if we can't determine per-connection socket peer (#7329) - socket-util: introduce port argument in sockaddr_port() - service: fixup ExecStop for socket-activated shutdown (#4120) - service: Continue shutdown on socket activated unit on termination (#4108) (bsc#1106923) - cryptsetup: build fixes for 'add support for sector-size= option' - udev-rules: IMPORT cmdline does not recognize keys with similar names (bsc#1111278) - core: keep the kernel coredump defaults when systemd-coredump is disabled - core: shorten main() a bit, split out coredump initialization - core: set RLIMIT_CORE to unlimited by default (bsc#1108835) - core/mount: fstype may be NULL - journald: don't ship systemd-journald-audit.socket (bsc#1109252) - core: make 'tmpfs' dependencies on swapfs a 'default' dep, not an 'implicit' (bsc#1110445) - mount: make sure we unmount tmpfs mounts before we deactivate swaps (#7076) - tmp.mount.hm4: After swap.target (#3087) - Ship systemd-sysv-install helper via the main package This script was part of systemd-sysvinit sub-package but it was wrong since systemd-sysv-install is a script used to redirect enable/disable operations to chkconfig when the unit targets are sysv init scripts. Therefore it's never been a SySV init tool. Important SUSE bug 1106923 SUSE bug 1108835 SUSE bug 1109252 SUSE bug 1110445 SUSE bug 1111278 SUSE bug 1112024 SUSE bug 1113083 SUSE bug 1113632 SUSE bug 1113665 CVE-2018-15686 CVE-2018-15688 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2018-16850: Fixed improper quoting of transition table names when pg_dump emits CREATE TRIGGER could have caused privilege escalation (bsc#1114837). Non-security issues fixed: - Update to release 10.6: * https://www.postgresql.org/docs/current/static/release-10-6.html Moderate SUSE bug 1114837 CVE-2018-16850 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libwpd fixes the following issues: Security issue fixed: - CVE-2018-19208: Fixed illegal address access inside libwpd at function WP6ContentListener:defineTable (bsc#1115713). Important SUSE bug 1115713 CVE-2018-19208 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for rpm fixes the following issues: These security issues were fixed: - CVE-2017-7500: rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination (bsc#943457). - CVE-2017-7501: rpm used temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation (bsc#943457) This is a reissue of the above security fixes for SUSE Linux Enterprise 12 GA, SP1 and SP2 LTSS, they have already been released for SUSE Linux Enterprise Server 12 SP3. Important SUSE bug 943457 CVE-2017-7500 CVE-2017-7501 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for exiv2 fixes the following issues: - CVE-2017-11591: A floating point exception in the Exiv2::ValueType function could lead to a remote denial of service attack via crafted input. (bsc#1050257) - CVE-2017-14864: An invalid memory address dereference was discovered in Exiv2::getULong in types.cpp. The vulnerability caused a segmentation fault and application crash, which lead to denial of service. (bsc#1060995) - CVE-2017-14862: An invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp. The vulnerability caused a segmentation fault and application crash, which lead to denial of service. (bsc#1060996) - CVE-2017-14859: An invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp. The vulnerability caused a segmentation fault and application crash, which lead to denial of service. (bsc#1061000) - CVE-2017-11683: There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp that could lead to a remote denial of service attack via crafted input. (bsc#1051188) - CVE-2017-17669: There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp. A crafted PNG file would lead to a remote denial of service attack. (bsc#1072928) - CVE-2018-10958: In types.cpp a large size value might have lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call. (bsc#1092952) - CVE-2018-10998: readMetadata in jp2image.cpp allowed remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call. (bsc#1093095) - CVE-2018-11531: Exiv2 had a heap-based buffer overflow in getData in preview.cpp. (bsc#1095070) Moderate SUSE bug 1050257 SUSE bug 1051188 SUSE bug 1060995 SUSE bug 1060996 SUSE bug 1061000 SUSE bug 1072928 SUSE bug 1092952 SUSE bug 1093095 SUSE bug 1095070 CVE-2017-11591 CVE-2017-11683 CVE-2017-14859 CVE-2017-14862 CVE-2017-14864 CVE-2017-17669 CVE-2018-10958 CVE-2018-10998 CVE-2018-11531 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf (bsc#1099257). - CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tif_lzw.c (bsc#1113672). - CVE-2018-18557: Fixed JBIG decode can lead to out-of-bounds write (bsc#1113094). Non-security issues fixed: - asan_build: build ASAN included - debug_build: build more suitable for debugging Moderate SUSE bug 1099257 SUSE bug 1113094 SUSE bug 1113672 CVE-2018-12900 CVE-2018-18557 CVE-2018-18661 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 java-1_7_1-ibm was updated to Java 7.1 Service Refresh 4 Fix Pack 35 (bsc#1116574): * Consumability - IJ10515 AIX JAVA 7.1.3.10 GENERAL PROTECTION FAULT WHEN ATTEMPTING TO USE HEALTH CENTER API * Class Libraries - IJ10934 CVE-2018-13785 - IJ10935 CVE-2018-3136 - IJ10895 CVE-2018-3139 - IJ10932 CVE-2018-3149 - IJ10894 CVE-2018-3180 - IJ10933 CVE-2018-3214 - IJ09315 FLOATING POINT EXCEPTION FROM JAVA.TEXT.DECIMALFORMAT. FORMAT - IJ09088 INTRODUCING A NEW PROPERTY FOR TURKEY TIMEZONE FOR PRODUCTS NOT IDENTIFYING TRT - IJ08569 JAVA.IO.IOEXCEPTION OCCURS WHEN A FILECHANNEL IS BIGGER THAN 2GB ON AIX PLATFORM - IJ10800 REMOVE EXPIRING ROOT CERTIFICATES IN IBM JDK’S CACERTS. * Java Virtual Machine - IJ10931 CVE-2018-3169 - IV91132 SOME CORE PATTERN SPECIFIERS ARE NOT HANDLED BY THE JVM ON LINUX * JIT Compiler - IJ08205 CRASH WHILE COMPILING - IJ07886 INCORRECT CALUCATIONS WHEN USING NUMBERFORMAT.FORMAT() AND BIGDECIMAL.{FLOAT/DOUBLE }VALUE() * ORB - IX90187 CLIENTREQUESTIMPL.REINVO KE FAILS WITH JAVA.LANG.INDEXOUTOFBOUN DSEXCEPTION * Security - IJ10492 'EC KEYSIZE < 384' IS NOT HONORED USING THE 'JDK.TLS.DISABLEDALGORIT HMS' SECURITY PROPERTY - IJ10491 AES/GCM CIPHER – AAD NOT RESET TO UN-INIT STATE AFTER DOFINAL( ) AND INIT( ) - IJ08442 HTTP PUBLIC KEY PINNING FINGERPRINT,PROBLEM WITH CONVERTING TO JKS KEYSTORE - IJ09107 IBMPKCS11IMPL CRYPTO PROVIDER – INTERMITTENT ERROR WITH SECP521R1 SIGNATURE ON Z/OS - IJ10136 IBMPKCS11IMPL – INTERMITTENT ERROR WITH SECP521R1 SIG ON Z/OS AND Z/LINUX - IJ08530 IBMPKCS11IMPL PROVIDER USES THE WRONG RSA CIPHER MECHANISM FOR THE RSA/ECB/PKCS1PADDING CIPHER - IJ08723 JAAS THROWS A ‘ARRAY INDEX OUT OF RANGE’ EXCEPTION - IJ08704 THE SECURITY PROPERTY ‘JDK.CERTPATH.DISABLEDAL GORITHMS’ IS MISTAKENLY BEING USED TO FILTER JAR SIGNING ALGORITHMS * z/OS Extentions - PH01244 OUTPUT BUFFER TOO SHORT FOR GCM MODE ENCRYPTION USING IBMJCEHYBRID Important SUSE bug 1116574 CVE-2018-13785 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3214 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for openssl-1_1 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-0735: Fixed timing vulnerability in ECDSA signature generation (bsc#1113651). Non-security issues fixed: - Fixed infinite loop in DSA generation with incorrect parameters (bsc#1112209). Moderate SUSE bug 1112209 SUSE bug 1113651 SUSE bug 1113652 CVE-2018-0734 CVE-2018-0735 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for ncurses fixes the following issue: Security issue fixed: - CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929). Important SUSE bug 1115929 CVE-2018-19211 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for openssl-1_0_0 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534). - Add missing timing side channel patch for DSA signature generation (bsc#1113742). Non-security issues fixed: - Fixed infinite loop in DSA generation with incorrect parameters (bsc#1112209). - Set TLS version to 0 in msg_callback for record messages to avoid confusing applications (bsc#1100078). Moderate SUSE bug 1100078 SUSE bug 1112209 SUSE bug 1113534 SUSE bug 1113652 SUSE bug 1113742 CVE-2018-0734 CVE-2018-5407 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for php7 fixes the following issues: Security issue fixed: - CVE-2018-19518: Fixed imap_open script injection flaw (bsc#1117107). Moderate SUSE bug 1117107 CVE-2018-19518 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for php5 fixes the following issues: Security issue fixed: - CVE-2018-19518: Fixed imap_open script injection flaw (bsc#1117107). Moderate SUSE bug 1117107 CVE-2018-19518 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2018-18544: Fixed memory leak in the function WriteMSLImage (bsc#1113064). Non-security issues fixed: - Improve import documentation (bsc#1057246). - Allow override system security policy (bsc#1117463). - asan_build: build ASAN included - debug_build: build more suitable for debugging Moderate SUSE bug 1057246 SUSE bug 1113064 SUSE bug 1117463 CVE-2018-18544 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for python-cryptography, python-pyOpenSSL fixes the following issues: Security issues fixed: - CVE-2018-1000808: A memory leak due to missing reference checking in PKCS#12 store handling was fixed (bsc#1111634) - CVE-2018-1000807: A use-after-free in X509 object handling was fixed (bsc#1111635) - avoid bad interaction with python-cryptography package. (bsc#1021578) Important SUSE bug 1021578 SUSE bug 1111634 SUSE bug 1111635 CVE-2018-1000807 CVE-2018-1000808 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 java-1_8_0-ibm was updated to Java 8.0 Service Refresh 5 Fix Pack 25 (bsc#1116574) * Class Libraries: - IJ10934 CVE-2018-13785 - IJ10935 CVE-2018-3136 - IJ10895 CVE-2018-3139 - IJ10932 CVE-2018-3149 - IJ10894 CVE-2018-3180 - IJ10930 CVE-2018-3183 - IJ10933 CVE-2018-3214 - IJ09315 FLOATING POINT EXCEPTION FROM JAVA.TEXT.DECIMALFORMAT. FORMAT - IJ09088 INTRODUCING A NEW PROPERTY FOR TURKEY TIMEZONE FOR PRODUCTS NOT IDENTIFYING TRT - IJ10800 REMOVE EXPIRING ROOT CERTIFICATES IN IBM JDK’S CACERTS. - IJ10566 SUPPORT EBCDIC CODE PAGE IBM-274 – BELGIUM EBCDIC * Java Virtual Machine - IJ08730 APPLICATION SIGNAL HANDLER NOT INVOKED FOR SIGABRT - IJ10453 ASSERTION FAILURE AT CLASSPATHITEM.CPP - IJ09574 CLASSLOADER DEFINED THROUGH SYSTEM PROPERTY ‘JAVA.SYSTEM.CLASS.LOADE R’ IS NOT HONORED. - IJ10931 CVE-2018-3169 - IJ10618 GPU SORT: UNSPECIFIED LAUNCH FAILURE - IJ10619 INCORRECT ILLEGALARGUMENTEXCEPTION BECAUSE OBJECT IS NOT AN INSTANCE OF DECLARING CLASS ON REFLECTIVE INVOCATION - IJ10135 JVM HUNG IN GARBAGECOLLECTORMXBEAN.G ETLASTGCINFO() API - IJ10680 RECURRENT ABORTED SCAVENGE * ORB - IX90187 CLIENTREQUESTIMPL.REINVO KE FAILS WITH JAVA.LANG.INDEXOUTOFBOUN DSEXCEPTION * Reliability and Serviceability - IJ09600 DTFJ AND JDMPVIEW FAIL TO PARSE WIDE REGISTER VALUES * Security - IJ10492 'EC KEYSIZE < 384' IS NOT HONORED USING THE 'JDK.TLS.DISABLEDALGORIT HMS' SECURITY PROPERTY - IJ10310 ADD NULL CHECKING ON THE ENCRYPTION TYPES LIST TO CREDENTIALS.GETDEFAULTNA TIVECREDS() METHOD - IJ10491 AES/GCM CIPHER – AAD NOT RESET TO UN-INIT STATE AFTER DOFINAL( ) AND INIT( ) - IJ08442 HTTP PUBLIC KEY PINNING FINGERPRINT,PROBLEM WITH CONVERTING TO JKS KEYSTORE - IJ09107 IBMPKCS11IMPL CRYPTO PROVIDER – INTERMITTENT ERROR WITH SECP521R1 SIGNATURE ON Z/OS - IJ10136 IBMPKCS11IMPL – INTERMITTENT ERROR WITH SECP521R1 SIG ON Z/OS AND Z/LINUX - IJ08530 IBMPKCS11IMPL PROVIDER USES THE WRONG RSA CIPHER MECHANISM FOR THE RSA/ECB/PKCS1PADDING CIPHER - IJ08723 JAAS THROWS A ‘ARRAY INDEX OUT OF RANGE’ EXCEPTION - IJ08704 THE SECURITY PROPERTY ‘JDK.CERTPATH.DISABLEDAL GORITHMS’ IS MISTAKENLY BEING USED TO FILTER JAR SIGNING ALGORITHMS * z/OS Extentions - PH03889 ADD SUPPORT FOR TRY-WITH-RESOURCES TO COM.IBM.JZOS.ENQUEUE - PH03414 ROLLOVER FROM SYE TO SAE FOR ICSF REASON CODE 3059 - PH04008 ZERTJSSE – Z SYSTEMS ENCRYPTION READINESS TOOL (ZERT) NEW SUPPORT IN THE Z/OS JAVA SDK This includes the update to Java 8.0 Service Refresh 5 Fix Pack 22: * Java Virtual Machine - IJ09139 CUDA4J NOT AVAILABLE ON ALL PLATFORMS * JIT Compiler - IJ09089 CRASH DURING COMPILATION IN USEREGISTER ON X86-32 - IJ08655 FLOATING POINT ERROR (SIGFPE) IN ZJ9SYM1 OR ANY VM/JIT MODULE ON AN INSTRUCTION FOLLOWING A VECTOR INSTRUCTION - IJ08850 CRASH IN ARRAYLIST$ITR.NEXT() - IJ09601 JVM CRASHES ON A SIGBUS SIGNAL WHEN ACCESSING A DIRECTBYTEBUFFER * z/OS Extentions - PH02999 JZOS data management classes accept dataset names in code pages supported by z/OS system services - PH01244 OUTPUT BUFFER TOO SHORT FOR GCM MODE ENCRYPTION USING IBMJCEHYBRID Also the update to Java 8.0 Service Refresh 5 Fix Pack 21 * Class Libraries - IJ08569 JAVA.IO.IOEXCEPTION OCCURS WHEN A FILECHANNEL IS BIGGER THAN 2GB ON AIX PLATFORM - IJ08570 JAVA.LANG.UNSATISFIEDLIN KERROR WITH JAVA OPTION -DSUN.JAVA2D.CMM=SUN.JAV A2D.CMM.KCMS.KCMSSERVICE PROVIDER ON AIX PLATFORM * Java Virtual Machine - IJ08001 30% THROUGHPUT DROP FOR CERTAIN SYNCHRONIZATION WORKLOADS - IJ07997 TRACEASSERT IN GARBAGE COLLECTOR(MEMORYSUBSPACE) * JIT Compiler - IJ08503 ASSERTION IS HIT DUE TO UNEXPECTED STACK HEIGHT IN DEBUGGING MODE - IJ08375 CRASH DURING HARDWARE GENERATED GUARDED STORAGE EVENT WITHIN A TRANSACTIONAL EXECUTION REGION WHEN RUNNING WITH -XGC:CONCURRENTS - IJ08205 CRASH WHILE COMPILING - IJ09575 INCORRECT RESULT WHEN USING JAVA.LANG.MATH.MIN OR MAX ON 31-BIT JVM - IJ07886 INCORRECT CALUCATIONS WHEN USING NUMBERFORMAT.FORMAT() AND BIGDECIMAL.{FLOAT/DOUBLE }VALUE() Important SUSE bug 1116574 CVE-2018-13785 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2018-3214 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removed entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry could remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769). - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751). - CVE-2018-18445: Faulty computation of numeric bounds in the BPF verifier permitted out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandled 32-bit right shifts (bnc#1112372). - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). - CVE-2017-18224: fs/ocfs2/aops.c omitted use of a semaphore and consequently had a race condition for access to the extent tree during read operations in DIRECT mode, which allowed local users to cause a denial of service (BUG) by modifying a certain e_cpos field (bnc#1084831). - CVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674). The following non-security bugs were fixed: - ACPI/APEI: Handle GSIV and GPIO notification types (bsc#1115567). - ACPICA: Tables: Add WSMT support (bsc#1089350). - ACPI/IORT: Fix iort_get_platform_device_domain() uninitialized pointer value (bsc#1051510). - ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers (bsc#1051510). - ACPI, nfit: Fix ARS overflow continuation (bsc#1116895). - ACPI, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#1112128). - ACPI/nfit, x86/mce: Handle only uncorrectable machine checks (bsc#1114279). - ACPI/nfit, x86/mce: Validate a MCE's address before using it (bsc#1114279). - ACPI / platform: Add SMB0001 HID to forbidden_id_list (bsc#1051510). - ACPI / processor: Fix the return value of acpi_processor_ids_walk() (bsc#1051510). - ACPI / watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM (bsc#1051510). - act_ife: fix a potential use-after-free (networking-stable-18_09_11). - Add the cherry-picked dup id for PCI dwc fix - Add version information to KLP_SYMBOLS file - ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write (bsc#1051510). - ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bsc#1051510). - ALSA: control: Fix race between adding and removing a user element (bsc#1051510). - ALSA: hda: Add 2 more models to the power_save blacklist (bsc#1051510). - ALSA: hda: Add ASRock N68C-S UCC the power_save blacklist (bsc#1051510). - ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905) (bsc#1051510). - ALSA: hda - Add quirk for ASUS G751 laptop (bsc#1051510). - ALSA: hda/ca0132 - Call pci_iounmap() instead of iounmap() (bsc#1051510). - ALSA: hda - Fix headphone pin config for ASUS G751 (bsc#1051510). - ALSA: hda: fix unused variable warning (bsc#1051510). - ALSA: hda/realtek - Add auto-mute quirk for HP Spectre x360 laptop (bsc#1051510). - ALSA: hda/realtek - Add GPIO data update helper (bsc#1051510). - ALSA: hda/realtek - Allow skipping spec->init_amp detection (bsc#1051510). - ALSA: hda/realtek - fix headset mic detection for MSI MS-B171 (bsc#1051510). - ALSA: hda/realtek - Fix HP Headset Mic can't record (bsc#1051510). - ALSA: hda/realtek - fix the pop noise on headphone for lenovo laptops (bsc#1051510). - ALSA: hda/realtek - Fix the problem of the front MIC on the Lenovo M715 (bsc#1051510). - ALSA: hda/realtek - Manage GPIO bits commonly (bsc#1051510). - ALSA: hda/realtek - Simplify Dell XPS13 GPIO handling (bsc#1051510). - ALSA: hda/realtek - Support ALC300 (bsc#1051510). - ALSA: oss: Use kvzalloc() for local buffer allocations (bsc#1051510). - ALSA: sparc: Fix invalid snd_free_pages() at error path (bsc#1051510). - ALSA: usb-audio: Add vendor and product name for Dell WD19 Dock (bsc#1051510). - ALSA: usb-audio: update quirk for B&W PX to remove microphone (bsc#1051510). - ALSA: wss: Fix invalid snd_free_pages() at error path (bsc#1051510). - amd/iommu: Fix Guest Virtual APIC Log Tail Address Register (bsc#1106105). - arm64: KVM: Move CPU ID reg trap setup off the world switch path (bsc#1110998). - arm64: KVM: Sanitize PSTATE.M when being set from userspace (bsc#1110998). - arm64: KVM: Tighten guest core register access from userspace (bsc#1110998). - ARM: dts: at91: add new compatibility string for macb on sama5d3 (bsc#1051510). - ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE to dwc (bsc#1085535) - ASoC: Intel: cht_bsw_max98090: add support for Baytrail (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0 (bsc#1051510). - ASoC: intel: skylake: Add missing break in skl_tplg_get_token() (bsc#1051510). - ASoC: Intel: Skylake: Reset the controller in probe (bsc#1051510). - ASoC: rsnd: adg: care clock-frequency size (bsc#1051510). - ASoC: rsnd: do not fallback to PIO mode when -EPROBE_DEFER (bsc#1051510). - ASoC: rt5514: Fix the issue of the delay volume applied again (bsc#1051510). - ASoC: sigmadsp: safeload should not have lower byte limit (bsc#1051510). - ASoC: sun8i-codec: fix crash on module removal (bsc#1051510). - ASoC: wm8804: Add ACPI support (bsc#1051510). - ata: Fix racy link clearance (bsc#1107866). - ataflop: fix error handling during setup (bsc#1051510). - ath10k: fix kernel panic issue during pci probe (bsc#1051510). - ath10k: fix scan crash due to incorrect length calculation (bsc#1051510). - ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait (bsc#1051510). - ath10k: schedule hardware restart if WMI command times out (bsc#1051510). - autofs: fix autofs_sbi() does not check super block type (git-fixes). - autofs: fix slab out of bounds read in getname_kernel() (git-fixes). - autofs: mount point create should honour passed in mode (git-fixes). - badblocks: fix wrong return value in badblocks_set if badblocks are disabled (git-fixes). - batman-adv: Avoid probe ELP information leak (bsc#1051510). - batman-adv: Expand merged fragment buffer for full packet (bsc#1051510). - batman-adv: fix backbone_gw refcount on queue_work() failure (bsc#1051510). - batman-adv: fix hardif_neigh refcount on queue_work() failure (bsc#1051510). - batman-adv: Use explicit tvlv padding for ELP packets (bsc#1051510). - bdi: Fix another oops in wb_workfn() (bsc#1112746). - bdi: Preserve kabi when adding cgwb_release_mutex (bsc#1112746). - bitops: protect variables in bit_clear_unless() macro (bsc#1051510). - bitops: protect variables in set_mask_bits() macro (bsc#1051510). - Blacklist commit that modifies Scsi_Host/kabi (bsc#1114579) - Blacklist sd_zbc patch that is too invasive (bsc#1114583) - Blacklist virtio patch that uses bio_integrity_bytes() (bsc#1114585) - blk-mq: I/O and timer unplugs are inverted in blktrace (bsc#1112713). - block, bfq: fix wrong init of saved start time for weight raising (bsc#1112708). - block: bfq: swap puts in bfqg_and_blkg_put (bsc#1112712). - block: copy ioprio in __bio_clone_fast() (bsc#1082653). - block: respect virtual boundary mask in bvecs (bsc#1113412). - Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bsc#1051510). - Bluetooth: SMP: fix crash in unpairing (bsc#1051510). - bnxt_en: Fix TX timeout during netpoll (networking-stable-18_10_16). - bnxt_en: free hwrm resources, if driver probe fails (networking-stable-18_10_16). - bonding: avoid possible dead-lock (networking-stable-18_10_16). - bonding: fix length of actor system (networking-stable-18_11_02). - bonding: fix warning message (networking-stable-18_10_16). - bonding: pass link-local packets to bonding master also (networking-stable-18_10_16). - bpf: fix partial copy of map_ptr when dst is scalar (bsc#1083647). - bpf, net: add skb_mac_header_len helper (networking-stable-18_09_24). - bpf/verifier: disallow pointer subtraction (bsc#1083647). - bpf: wait for running BPF programs when updating map-in-map (bsc#1083647). - brcmfmac: fix for proper support of 160MHz bandwidth (bsc#1051510). - brcmfmac: fix reporting support for 160 MHz channels (bsc#1051510). - brcmutil: really fix decoding channel info for 160 MHz bandwidth (bsc#1051510). - bridge: do not add port to router list when receives query with source 0.0.0.0 (networking-stable-18_11_02). - Btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency for bsc#1113667). - Btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667). - Btrfs: fix assertion failure during fsync in no-holes mode (bsc#1118136). - Btrfs: fix assertion on fsync of regular file when using no-holes feature (bsc#1118137). - Btrfs: fix cur_offset in the error case for nocow (bsc#1118140). - Btrfs: fix data corruption due to cloning of eof block (bsc#1116878). - Btrfs: fix deadlock on tree root leaf when finding free extent (bsc#1116876). - Btrfs: fix deadlock when writing out free space caches (bsc#1116700). - Btrfs: fix infinite loop on inode eviction after deduplication of eof block (bsc#1116877). - Btrfs: fix missing error return in btrfs_drop_snapshot (Git-fixes bsc#1109919). - Btrfs: fix null pointer dereference on compressed write path error (bsc#1116698). - Btrfs: fix use-after-free during inode eviction (bsc#1116701). - Btrfs: fix use-after-free when dumping free space (bsc#1116862). - Btrfs: fix warning when replaying log after fsync of a tmpfile (bsc#1116692). - Btrfs: fix wrong dentries after fsync of file that got its parent replaced (bsc#1116693). - Btrfs: handle errors while updating refcounts in update_ref_for_cow (Git-fixes bsc#1109915). - Btrfs: make sure we create all new block groups (bsc#1116699). - Btrfs: protect space cache inode alloc with GFP_NOFS (bsc#1116863). - Btrfs: send, fix infinite loop due to directory rename dependencies (bsc#1118138). - cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) (bsc#1051510). - can: dev: __can_get_echo_skb(): Do not crash the kernel if can_priv::echo_skb is accessed out of bounds (bsc#1051510). - can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() (bsc#1051510). - can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb (bsc#1051510). - can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length (bsc#1051510). - can: hi311x: Use level-triggered interrupt (bsc#1051510). - can: raw: check for CAN FD capable netdev in raw_sendmsg() (bsc#1051510). - can: rcar_can: Fix erroneous registration (bsc#1051510). - can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions (bsc#1051510). - cdc-acm: correct counting of UART states in serial state notification (bsc#1051510). - cdc-acm: do not reset notification buffer index upon urb unlinking (bsc#1051510). - cdc-acm: fix race between reset and control messaging (bsc#1051510). - ceph: avoid a use-after-free in ceph_destroy_options() (bsc#1111983). - ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839). - ceph: quota: fix null pointer dereference in quota check (bsc#1114839). - cfg80211: Address some corner cases in scan result channel updating (bsc#1051510). - cfg80211: fix use-after-free in reg_process_hint() (bsc#1051510). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902). - cifs: fix memory leak in SMB2_open() (bsc#1112894). - cifs: Fix use after free of a mid_q_entry (bsc#1112903). - clk: at91: Fix division by zero in PLL recalc_rate() (bsc#1051510). - clk: fixed-factor: fix of_node_get-put imbalance (bsc#1051510). - clk: fixed-rate: fix of_node_get-put imbalance (bsc#1051510). - clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk (bsc#1051510). - clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call (bsc#1051510). - clk: s2mps11: Add used attribute to s2mps11_dt_match (bsc#1051510). - clk: s2mps11: Fix matching when built as module and DT node contains compatible (bsc#1051510). - clk: samsung: exynos5420: Enable PERIS clocks for suspend (bsc#1051510). - clk: x86: add 'ether_clk' alias for Bay Trail / Cherry Trail (bsc#1051510). - clk: x86: Stop marking clocks as CLK_IS_CRITICAL (bsc#1051510). - clockevents/drivers/i8253: Add support for PIT shutdown quirk (bsc#1051510). - clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs (bsc#1051510). - clocksource/drivers/timer-atmel-pit: Properly handle error cases (bsc#1051510). - coda: fix 'kernel memory exposure attempt' in fsync (bsc#1051510). - configfs: replace strncpy with memcpy (bsc#1051510). - crypto: caam - fix implicit casts in endianness helpers (bsc#1051510). - crypto: chelsio - Fix memory corruption in DMA Mapped buffers (bsc#1051510). - crypto: lrw - Fix out-of bounds access on counter overflow (bsc#1051510). - crypto: simd - correctly take reqsize of wrapped skcipher into account (bsc#1051510). - crypto: tcrypt - fix ghash-generic speed test (bsc#1051510). - dax: Fix deadlock in dax_lock_mapping_entry() (bsc#1109951). - debugobjects: Make stack check warning more informative (bsc#1051510). - Documentation/l1tf: Fix small spelling typo (bsc#1051510). - Documentation/l1tf: Fix typos (bsc#1051510). - Documentation/l1tf: Remove Yonah processors from not vulnerable list (bsc#1051510). - do d_instantiate/unlock_new_inode combinations safely (git-fixes). - Do not leak MNT_INTERNAL away from internal mounts (git-fixes). - driver/dma/ioat: Call del_timer_sync() without holding prep_lock (bsc#1051510). - drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type (bsc#1051510). - drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 (bsc#1051510). - drm/amdgpu: Fix vce work queue was not cancelled when suspend (bsc#1106110) - drm/amdgpu/powerplay: fix missing break in switch statements (bsc#1113722) - drm/ast: change resolution may cause screen blurred (boo#1112963). - drm/ast: fixed cursor may disappear sometimes (bsc#1051510). - drm/ast: Fix incorrect free on ioregs (bsc#1051510). - drm/ast: Remove existing framebuffers before loading driver (boo#1112963) - drm/dp_mst: Check if primary mstb is null (bsc#1051510). - drm/dp_mst: Skip validating ports during destruction, just ref (bsc#1051510). - drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510). - drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl (bsc#1113722) - drm/edid: VSDB yCBCr420 Deep Color mode bit definitions (bsc#1051510). - drm: fb-helper: Reject all pixel format changing requests (bsc#1113722) - drm/hisilicon: hibmc: Do not carry error code in HiBMC framebuffer (bsc#1113722) - drm/hisilicon: hibmc: Do not overwrite fb helper surface depth (bsc#1113722) - drm/i915/audio: Hook up component bindings even if displays are (bsc#1113722) - drm/i915: Do not oops during modeset shutdown after lpe audio deinit (bsc#1051510). - drm/i915: Do not unset intel_connector->mst_port (bsc#1051510). - drm/i915/dp: Link train Fallback on eDP only if fallback link BW can fit panel's native mode (bsc#1051510). - drm/i915/execlists: Force write serialisation into context image vs execution (bsc#1051510). - drm/i915: Fix ilk+ watermarks when disabling pipes (bsc#1051510). - drm/i915/gen9+: Fix initial readout for Y tiled framebuffers (bsc#1113722) - drm/i915/glk: Add Quirk for GLK NUC HDMI port issues (bsc#1051510). - drm/i915/glk: Remove 99% limitation (bsc#1051510). - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bsc#1051510). - drm/i915: Large page offsets for pread/pwrite (bsc#1051510). - drm/i915: Mark pin flags as u64 (bsc#1051510). - drm/i915: Restore vblank interrupts earlier (bsc#1051510). - drm/i915: Skip vcpi allocation for MSTB ports that are gone (bsc#1051510). - drm/i915: Write GPU relocs harder with gen3 (bsc#1051510). - drm: mali-dp: Call drm_crtc_vblank_reset on device init (bsc#1051510). - drm/mediatek: fix OF sibling-node lookup (bsc#1106110) - drm/meson: add support for 1080p25 mode (bsc#1051510). - drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config (bsc#1051510). - drm/meson: Fix OOB memory accesses in meson_viu_set_osd_lut() (bsc#1051510). - drm/msm: fix OF child-node lookup (bsc#1106110) - drm/nouveau: Check backlight IDs are >= 0, not > 0 (bsc#1051510). - drm/nouveau: Do not disable polling in fallback mode (bsc#1103356). - drm/omap: fix memory barrier bug in DMM driver (bsc#1051510). - drm/rockchip: Allow driver to be shutdown on reboot/kexec (bsc#1051510). - drm/sti: do not remove the drm_bridge that was never added (bsc#1100132) - drm/sun4i: Fix an ulong overflow in the dotclock driver (bsc#1106110) - drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset() (bsc#1113722) - e1000: check on netif_running() before calling e1000_up() (bsc#1051510). - e1000: ensure to free old tx/rx rings in set_ringparam() (bsc#1051510). - EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting (bsc#1114279). - EDAC: Raise the maximum number of memory controllers (bsc#1113780). - EDAC, skx_edac: Fix logical channel intermediate decoding (bsc#1114279). - EDAC, thunderx: Fix memory leak in thunderx_l2c_threaded_isr() (bsc#1114279). - eeprom: at24: change nvmem stride to 1 (bsc#1051510). - eeprom: at24: check at24_read/write arguments (bsc#1051510). - eeprom: at24: correctly set the size for at24mac402 (bsc#1051510). - Enable LSPCON instead of blindly disabling HDMI - enic: do not call enic_change_mtu in enic_probe (bsc#1051510). - enic: handle mtu change for vf properly (bsc#1051510). - enic: initialize enic->rfs_h.lock in enic_probe (bsc#1051510). - ethtool: fix a privilege escalation bug (bsc#1076830). - ext2, dax: set ext2_dax_aops for dax files (bsc#1112554). - ext4: add missing brelse() add_new_gdb_meta_bg()'s error path (bsc#1117795). - ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path (bsc#1117794). - ext4: add missing brelse() update_backups()'s error path (bsc#1117796). - ext4: avoid arithemetic overflow that can trigger a BUG (bsc#1112736). - ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802). - ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty() (bsc#1117801). - ext4: avoid divide by zero fault when deleting corrupted inline directories (bsc#1112735). - ext4: avoid potential extra brelse in setup_new_flex_group_blocks() (bsc#1117792). - ext4: check for NUL characters in extended attribute's name (bsc#1112732). - ext4: check to make sure the rename(2)'s destination is not freed (bsc#1112734). - ext4: do not mark mmp buffer head dirty (bsc#1112743). - ext4: fix buffer leak in __ext4_read_dirblock() on error path (bsc#1117807). - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806). - ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing (bsc#1117798). - ext4: fix online resize's handling of a too-small final block group (bsc#1112739). - ext4: fix online resizing for bigalloc file systems with a 1k block size (bsc#1112740). - ext4: fix possible inode leak in the retry loop of ext4_resize_fs() (bsc#1117799). - ext4: fix possible leak of sbi->s_group_desc_leak in error path (bsc#1117803). - ext4: fix possible leak of s_journal_flag_rwsem in error path (bsc#1117804). - ext4: fix setattr project check in fssetxattr ioctl (bsc#1117789). - ext4: fix spectre gadget in ext4_mb_regular_allocator() (bsc#1112733). - ext4: fix use-after-free race in ext4_remount()'s error path (bsc#1117791). - ext4: initialize retries variable in ext4_da_write_inline_data_begin() (bsc#1117788). - ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR (bsc#1117790). - ext4: recalucate superblock checksum after updating free blocks/inodes (bsc#1112738). - ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805). - ext4: reset error code in ext4_find_entry in fallback (bsc#1112731). - ext4: show test_dummy_encryption mount option in /proc/mounts (bsc#1112741). - fbdev: fix broken menu dependencies (bsc#1113722) - fbdev/omapfb: fix omapfb_memory_read infoleak (bsc#1051510). - firmware: dcdbas: Add support for WSMT ACPI table (bsc#1089350 ). - firmware: dcdbas: include linux/io.h (bsc#1089350). - Fix kABI for 'Ensure we commit after writeback is complete' (bsc#1111809). - floppy: fix race condition in __floppy_read_block_0() (bsc#1051510). - flow_dissector: do not dissect l4 ports for fragments (networking-stable-18_11_21). - fscache: fix race between enablement and dropping of object (bsc#1107385). - fs: dcache: Avoid livelock between d_alloc_parallel and __d_add (git-fixes). - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() (git-fixes). - fs: dcache: Use READ_ONCE when accessing i_dir_seq (git-fixes). - fs: Make extension of struct super_block transparent (bsc#1117822). - fsnotify: Fix busy inodes during unmount (bsc#1117822). - fsnotify: fix ignore mask logic in fsnotify() (bsc#1115074). - fs/quota: Fix spectre gadget in do_quotactl (bsc#1112745). - ftrace: Fix debug preempt config name in stack_tracer_{en,dis}able (bsc#1117172). - ftrace: Fix kmemleak in unregister_ftrace_graph (bsc#1117181). - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bsc#1117174). - ftrace: Remove incorrect setting of glob search field (bsc#1117184). - genirq: Fix race on spurious interrupt detection (bsc#1051510). - getname_kernel() needs to make sure that ->name != ->iname in long case (git-fixes). - gpio: do not free unallocated ida on gpiochip_add_data_with_key() error path (bsc#1051510). - grace: replace BUG_ON by WARN_ONCE in exit_net hook (git-fixes). - gso_segment: Reset skb->mac_len after modifying network header (networking-stable-18_09_24). - hfsplus: do not return 0 when fill_super() failed (bsc#1051510). - hfsplus: stop workqueue when fill_super() failed (bsc#1051510). - hfs: prevent crash on exit from failed search (bsc#1051510). - HID: hiddev: fix potential Spectre v1 (bsc#1051510). - HID: hid-sensor-hub: Force logical minimum to 1 for power and report state (bsc#1051510). - HID: quirks: fix support for Apple Magic Keyboards (bsc#1051510). - HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report (bsc#1051510). - HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges (bsc#1051510). - hv: avoid crash in vmbus sysfs files (bnc#1108377). - hv_netvsc: fix schedule in RCU context (). - hv_netvsc: ignore devices that are not PCI (networking-stable-18_09_11). - hwmon: (core) Fix double-free in __hwmon_device_register() (bsc#1051510). - hwmon: (ibmpowernv) Remove bogus __init annotations (bsc#1051510). - hwmon: (ina2xx) Fix current value calculation (bsc#1051510). - hwmon (ina2xx) Fix NULL id pointer in probe() (bsc#1051510). - hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510). - hwmon: (pmbus) Fix page count auto-detection (bsc#1051510). - hwmon: (pwm-fan) Set fan speed to 0 on suspend (bsc#1051510). - hwmon: (raspberrypi) Fix initial notify (bsc#1051510). - hwmon: (w83795) temp4_type has writable permission (bsc#1051510). - hwrng: core - document the quality field (bsc#1051510). - hypfs_kill_super(): deal with failed allocations (bsc#1051510). - i2c: i2c-scmi: fix for i2c_smbus_write_block_data (bsc#1051510). - i2c: rcar: cleanup DMA for all kinds of failure (bsc#1051510). - ibmvnic: fix accelerated VLAN handling (). - ibmvnic: fix index in release_rx_pools (bsc#1115440, bsc#1115433). - ibmvnic: remove ndo_poll_controller (). - ibmvnic: Update driver queues after change in ring size support (). - iio: accel: adxl345: convert address field usage in iio_chan_spec (bsc#1051510). - iio: ad5064: Fix regulator handling (bsc#1051510). - iio: adc: at91: fix acking DRDY irq on simple conversions (bsc#1051510). - iio: adc: at91: fix wrong channel number in triggered buffer mode (bsc#1051510). - iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs() (bsc#1051510). - iio:st_magn: Fix enable device after trigger (bsc#1051510). - ima: fix showing large 'violations' or 'runtime_measurements_count' (bsc#1051510). - include/linux/pfn_t.h: force '~' to be parsed as an unary operator (bsc#1051510). - inet: make sure to grab rcu_read_lock before using ireq->ireq_opt (networking-stable-18_10_16). - Input: atakbd - fix Atari CapsLock behaviour (bsc#1051510). - Input: atakbd - fix Atari keymap (bsc#1051510). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bsc#1051510). - Input: synaptics - avoid using uninitialized variable when probing (bsc#1051510). - Input: xpad - add PDP device id 0x02a4 (bsc#1051510). - Input: xpad - add support for Xbox1 PDP Camo series gamepad (bsc#1051510). - Input: xpad - avoid using __set_bit() for capabilities (bsc#1051510). - Input: xpad - fix some coding style issues (bsc#1051510). - intel_th: pci: Add Ice Lake PCH support (bsc#1051510). - iommu/arm-smmu: Ensure that page-table updates are visible before TLBI (bsc#1106237). - iommu/arm-smmu: Error out only if not enough context interrupts (bsc#1106237). - iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105). - iommu/vt-d: Add definitions for PFSID (bsc#1106237). - iommu/vt-d: Fix dev iotlb pfsid use (bsc#1106237). - iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() (bsc#1106105). - iommu/vt-d: Fix scatterlist offset handling (bsc#1106237). - iommu/vt-d: Use memunmap to free memremap (bsc#1106105). - ip6_tunnel: be careful when accessing the inner header (networking-stable-18_10_16). - ip6_tunnel: Fix encapsulation layout (networking-stable-18_11_02). - ip6_vti: fix a null pointer deference when destroy vti6 tunnel (networking-stable-18_09_11). - ipmi: Fix timer race with module unload (bsc#1051510). - ip_tunnel: be careful when accessing the inner header (networking-stable-18_10_16). - ip_tunnel: do not force DF when MTU is locked (networking-stable-18_11_21). - ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu (networking-stable-18_11_21). - ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state (networking-stable-18_09_11). - ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF (networking-stable-18_11_21). - ipv6: fix possible use-after-free in ip6_xmit() (networking-stable-18_09_24). - ipv6: mcast: fix a use-after-free in inet6_mc_check (networking-stable-18_11_02). - ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called (networking-stable-18_11_02). - ipv6: take rcu lock in rawv6_send_hdrinc() (networking-stable-18_10_16). - iwlwifi: dbg: allow wrt collection before ALIVE (bsc#1051510). - iwlwifi: dbg: do not crash if the firmware crashes in the middle of a debug dump (bsc#1051510). - iwlwifi: do not WARN on trying to dump dead firmware (bsc#1051510). - iwlwifi: mvm: Allow TKIP for AP mode (bsc#1051510). - iwlwifi: mvm: check for n_profiles validity in EWRD ACPI (bsc#1051510). - iwlwifi: mvm: check for short GI only for OFDM (bsc#1051510). - iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() (bsc#1051510). - iwlwifi: mvm: clear HW_RESTART_REQUESTED when stopping the interface (bsc#1051510). - iwlwifi: mvm: do not use SAR Geo if basic SAR is not used (bsc#1051510). - iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510). - iwlwifi: mvm: fix regulatory domain update when the firmware starts (bsc#1051510). - iwlwifi: mvm: open BA session only when sta is authorized (bsc#1051510). - iwlwifi: mvm: send BCAST management frames to the right station (bsc#1051510). - iwlwifi: mvm: support sta_statistics() even on older firmware (bsc#1051510). - iwlwifi: pcie: avoid empty free RB queue (bsc#1051510). - iwlwifi: pcie: gen2: build A-MSDU only for GSO (bsc#1051510). - iwlwifi: pcie gen2: check iwl_pcie_gen2_set_tb() return value (bsc#1051510). - jbd2: fix use after free in jbd2_log_do_checkpoint() (bsc#1113257). - KABI fix for 'NFSv4.1: Fix up replays of interrupted requests' (git-fixes). - kABI: Hide get_msr_feature() in kvm_x86_ops (bsc#1106240). - KABI: hide new member in struct iommu_table from genksyms (bsc#1061840). - KABI: mask raw in struct bpf_reg_state (bsc#1083647). - KABI: powerpc: export __find_linux_pte as __find_linux_pte_or_hugepte (bsc#1061840). - KABI: powerpc: Revert npu callback signature change (bsc#1055120). - KABI: protect struct fib_nh_exception (kabi). - KABI: protect struct rtable (kabi). - KABI/severities: ignore __xive_vm_h_* KVM internal symbols. - Kbuild: fix # escaping in .cmd files for future Make (git-fixes). - kbuild: fix kernel/bounds.c 'W=1' warning (bsc#1051510). - kbuild: move '_all' target out of $(KBUILD_SRC) conditional (bsc#1114279). - kernfs: update comment about kernfs_path() return value (bsc#1051510). - kgdboc: Passing ekgdboc to command line causes panic (bsc#1051510). - kprobes/x86: Fix %p uses in error messages (bsc#1110006). - KVM: arm/arm64: Introduce vcpu_el1_is_32bit (bsc#1110998). - KVM: Make VM ioctl do valloc for some archs (bsc#1111506). - KVM: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240). - KVM: nVMX: move check_vmentry_postreqs() call to nested_vmx_enter_non_root_mode() (bsc#1106240). - KVM: PPC: Add pt_regs into kvm_vcpu_arch and move vcpu->arch.gpr[] into it (bsc#1061840). - KVM: PPC: Avoid marking DMA-mapped pages dirty in real mode (bsc#1061840). - KVM: PPC: Book3S: Add MMIO emulation for VMX instructions (bsc#1061840). - KVM: PPC: Book3S: Allow backing bigger guest IOMMU pages with smaller physical pages (bsc#1061840). - KVM: PPC: Book3S: Check KVM_CREATE_SPAPR_TCE_64 parameters (bsc#1061840). - KVM: PPC: Book3S: Eliminate some unnecessary checks (bsc#1061840). - KVM: PPC: Book3S: Fix compile error that occurs with some gcc versions (bsc#1061840). - KVM: PPC: Book3S: Fix matching of hardware and emulated TCE tables (bsc#1061840). - KVM: PPC: Book3S HV: Add of_node_put() in success path (bsc#1061840). - KVM: PPC: Book3S HV: Add 'online' register to ONE_REG interface (bsc#1061840). - KVM: PPC: Book3S HV: Allow creating max number of VCPUs on POWER9 (bsc#1061840). - KVM: PPC: Book3S HV: Allow HPT and radix on the same core for POWER9 v2.2 (bsc#1061840). - KVM: PPC: Book3S HV: Avoid crash from THP collapse during radix page fault (bsc#1061840). - KVM: PPC: Book3S HV: Avoid shifts by negative amounts (bsc#1061840). - KVM: PPC: Book3S HV: Check DR not IR to chose real vs virt mode MMIOs (bsc#1061840). - KVM: PPC: Book3S HV: Do not truncate HPTE index in xlate function (bsc#1061840). - KVM: PPC: Book3S HV: Do not use compound_order to determine host mapping size (bsc#1061840). - KVM: PPC: Book3S HV: Do not use existing 'prodded' flag for XIVE escalations (bsc#1061840). - KVM: PPC: Book 3S HV: Do ptesync in radix guest exit path (bsc#1061840). - KVM: PPC: Book3S HV: Do SLB load/unload with guest LPCR value loaded (bsc#1061840). - KVM: PPC: Book3S HV: Enable migration of decrementer register (bsc#1061840). - KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm (bsc#1061840). - KVM: PPC: Book3S HV: Fix conditions for starting vcpu (bsc#1061840). - KVM: PPC: Book3S HV: Fix constant size warning (bsc#1061840). - KVM: PPC: Book3S HV: Fix duplication of host SLB entries (bsc#1061840). - KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds (bsc#1061840). - KVM: PPC: Book3S HV: Fix handling of large pages in radix page fault handler (bsc#1061840). - KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing code (bsc#1061840). - KVM: PPC: Book3S HV: Fix inaccurate comment (bsc#1061840). - KVM: PPC: Book3S HV: Fix kvmppc_bad_host_intr for real mode interrupts (bsc#1061840). - KVM: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry (bsc#1061840). - KVM: PPC: Book3S HV: Fix typo in kvmppc_hv_get_dirty_log_radix() (bsc#1061840). - KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing (bsc#1061840). - KVM: PPC: Book3S HV: Handle 1GB pages in radix page fault handler (bsc#1061840). - KVM: PPC: Book3S HV: Improve handling of debug-trigger HMIs on POWER9 (bsc#1061840). - KVM: PPC: Book3S HV: Keep XIVE escalation interrupt masked unless ceded (bsc#1061840). - KVM: PPC: Book3S HV: Lockless tlbie for HPT hcalls (bsc#1061840). - KVM: PPC: Book3S HV: Make HPT resizing work on POWER9 (bsc#1061840). - KVM: PPC: Book3S HV: Make radix clear pte when unmapping (bsc#1061840). - KVM: PPC: Book3S HV: Make radix use correct tlbie sequence in kvmppc_radix_tlbie_page (bsc#1061840). - KVM: PPC: Book3S HV: Make xive_pushed a byte, not a word (bsc#1061840). - KVM: PPC: Book3S HV: Pack VCORE IDs to access full VCPU ID space (bsc#1061840). - KVM: PPC: Book3S HV: radix: Do not clear partition PTE when RC or write bits do not match (bsc#1061840). - KVM: PPC: Book3S HV: Radix page fault handler optimizations (bsc#1061840). - KVM: PPC: Book3S HV: radix: Refine IO region partition scope attributes (bsc#1061840). - KVM: PPC: Book3S HV: Read kvm->arch.emul_smt_mode under kvm->lock (bsc#1061840). - KVM: PPC: Book3S HV: Recursively unmap all page table entries when unmapping (bsc#1061840). - KVM: PPC: Book3S HV: Remove useless statement (bsc#1061840). - KVM: PPC: Book3S HV: Remove vcpu->arch.dec usage (bsc#1061840). - KVM: PPC: Book3S HV: Send kvmppc_bad_interrupt NMIs to Linux handlers (bsc#1061840). - KVM: PPC: Book3S HV: Set RWMR on POWER8 so PURR/SPURR count correctly (bsc#1061840). - KVM: PPC: Book3S HV: Snapshot timebase offset on guest entry (bsc#1061840). - KVM: PPC: Book3S HV: Streamline setting of reference and change bits (bsc#1061840). - KVM: PPC: Book3S HV: Use a helper to unmap ptes in the radix fault path (bsc#1061840). - KVM: PPC: Book3S HV: Use __gfn_to_pfn_memslot() in page fault handler (bsc#1061840). - KVM: PPC: Book3S HV: XIVE: Resend re-routed interrupts on CPU priority change (bsc#1061840). - KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm() (bsc#1061840). - KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file (bsc#1061840). - KVM: PPC: Book3S: Use correct page shift in H_STUFF_TCE (bsc#1061840). - KVM: PPC: Fix a mmio_host_swabbed uninitialized usage issue (bsc#1061840). - KVM: PPC: Make iommu_table::it_userspace big endian (bsc#1061840). - KVM: PPC: Move nip/ctr/lr/xer registers to pt_regs in kvm_vcpu_arch (bsc#1061840). - KVM: PPC: Use seq_puts() in kvmppc_exit_timing_show() (bsc#1061840). - KVM: s390: vsie: copy wrapping keys to right place (git-fixes). - KVM: SVM: Add MSR-based feature support for serializing LFENCE (bsc#1106240). - KVM: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb (bsc#1114279). - KVM: VMX: re-add ple_gap module parameter (bsc#1106240). - KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR (bsc#1106240). - KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry (bsc#1106240). - KVM: x86: Add a framework for supporting MSR-based features (bsc#1106240). - KVM: x86: define SVM/VMX specific kvm_arch_[alloc|free]_vm (bsc#1111506). - KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall (bsc#1106240). - KVM: X86: Introduce kvm_get_msr_feature() (bsc#1106240). - KVM/x86: kABI fix for vm_alloc/vm_free changes (bsc#1111506). - KVM: x86: Set highest physical address bits in non-present/reserved SPTEs (bsc#1106240). - libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839). - libceph: fall back to sendmsg for slab pages (bsc#1118316). - libertas: call into generic suspend code before turning off power (bsc#1051510). - libertas: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510). - libnvdimm, badrange: remove a WARN for list_empty (bsc#1112128). - libnvdimm, dimm: Maximize label transfer size (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm: Hold reference on parent while scheduling async init (bsc#1116891). - libnvdimm: Introduce locked DIMM capacity support (bsc#1112128). - libnvdimm, label: change nvdimm_num_label_slots per UEFI 2.7 (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm, label: Fix sparse warning (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm: move poison list functions to a new 'badrange' file (bsc#1112128). - libnvdimm/nfit_test: add firmware download emulation (bsc#1112128). - libnvdimm/nfit_test: adding support for unit testing enable LSS status (bsc#1112128). - libnvdimm, region: Fail badblocks listing for inactive regions (bsc#1116899). - libnvdimm, testing: Add emulation for smart injection commands (bsc#1112128). - libnvdimm, testing: update the default smart ctrl_temperature (bsc#1112128). - lib/ubsan: add type mismatch handler for new GCC/Clang (bsc#1051510). - lib/ubsan.c: s/missaligned/misaligned/ (bsc#1051510). - livepatch: create and include UAPI headers (). - llc: set SOCK_RCU_FREE in llc_sap_add_socket() (networking-stable-18_11_02). - lockd: fix 'list_add double add' caused by legacy signal interface (git-fixes). - loop: add recursion validation to LOOP_CHANGE_FD (bsc#1112711). - loop: do not call into filesystem while holding lo_ctl_mutex (bsc#1112710). - loop: fix LOOP_GET_STATUS lock imbalance (bsc#1113284). - mac80211: Always report TX status (bsc#1051510). - mac80211: fix TX status reporting for ieee80211s (bsc#1051510). - mac80211_hwsim: do not omit multicast announce of first added radio (bsc#1051510). - mac80211: minstrel: fix using short preamble CCK rates on HT clients (bsc#1051510). - mac80211: TDLS: fix skb queue/priority assignment (bsc#1051510). - mach64: detect the dot clock divider correctly on sparc (bsc#1051510). - mach64: fix display corruption on big endian machines (bsc#1113722) - mach64: fix image corruption due to reading accelerator registers (bsc#1113722) - mailbox: PCC: handle parse error (bsc#1051510). - make sure that __dentry_kill() always invalidates d_seq, unhashed or not (git-fixes). - md: allow metadata updates while suspending an array - fix (git-fixes). - MD: fix invalid stored role for a disk - try2 (git-fixes). - md: fix NULL dereference of mddev->pers in remove_and_add_spares() (git-fixes). - md/raid10: fix that replacement cannot complete recovery after reassemble (git-fixes). - md/raid1: add error handling of read error from FailFast device (git-fixes). - md/raid5-cache: disable reshape completely (git-fixes). - md/raid5: fix data corruption of replacements after originals dropped (git-fixes). - media: af9035: prevent buffer overflow on write (bsc#1051510). - media: cx231xx: fix potential sign-extension overflow on large shift (bsc#1051510). - media: dvb: fix compat ioctl translation (bsc#1051510). - media: em28xx: fix input name for Terratec AV 350 (bsc#1051510). - media: em28xx: use a default format if TRY_FMT fails (bsc#1051510). - media: pci: cx23885: handle adding to list failure (bsc#1051510). - media: tvp5150: avoid going past array on v4l2_querymenu() (bsc#1051510). - media: tvp5150: fix switch exit in set control handler (bsc#1051510). - media: tvp5150: fix width alignment during set_selection() (bsc#1051510). - media: uvcvideo: Fix uvc_alloc_entity() allocation alignment (bsc#1051510). - media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD (bsc#1051510). - media: vsp1: Fix YCbCr planar formats pitch calculation (bsc#1051510). - memory_hotplug: cond_resched in __remove_pages (bnc#1114178). - mfd: arizona: Correct calling of runtime_put_sync (bsc#1051510). - mfd: menelaus: Fix possible race condition and leak (bsc#1051510). - mfd: omap-usb-host: Fix dts probe of children (bsc#1051510). - mlxsw: spectrum: Fix IP2ME CPU policer configuration (networking-stable-18_11_21). - mmc: block: avoid multiblock reads for the last sector in SPI mode (bsc#1051510). - mmc: dw_mmc-rockchip: correct property names in debug (bsc#1051510). - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 (bsc#1051510). - mm: handle no memcg case in memcg_kmem_charge() properly (bnc#1113677). - mm/migrate: Use spin_trylock() while resetting rate limit (). - mm: /proc/pid/pagemap: hide swap entries from unprivileged users (Git-fixes bsc#1109907). - mm: rework memcg kernel stack accounting (bnc#1113677). - modpost: ignore livepatch unresolved relocations (). - mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts (bsc#1117819). - mount: Prevent MNT_DETACH from disconnecting locked mounts (bsc#1117820). - mount: Retest MNT_LOCKED in do_umount (bsc#1117818). - move changes without Git-commit out of sorted section - neighbour: confirm neigh entries when ARP packet is received (networking-stable-18_09_24). - net/af_iucv: drop inbound packets with invalid flags (bnc#1113501, LTC#172679). - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1113501, LTC#172679). - net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT (networking-stable-18_09_24). - net: aquantia: memory corruption on jumbo frames (networking-stable-18_10_16). - net: bcmgenet: Poll internal PHY for GENETv5 (networking-stable-18_11_02). - net: bcmgenet: protect stop from timeout (networking-stable-18_11_21). - net: bcmgenet: use MAC link status for fixed phy (networking-stable-18_09_11). - net: bridge: remove ipv6 zero address check in mcast queries (git-fixes). - net: dsa: bcm_sf2: Call setup during switch resume (networking-stable-18_10_16). - net: dsa: bcm_sf2: Fix unbind ordering (networking-stable-18_10_16). - net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1111696 bsc#1117561). - net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1111696 bsc#1117561). - net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1111696 bsc#1117561). - net: ena: complete host info to match latest ENA spec (bsc#1111696 bsc#1117561). - net: ena: enable Low Latency Queues (bsc#1111696 bsc#1117561). - net: ena: explicit casting and initialization, and clearer error handling (bsc#1111696 bsc#1117561). - net: ena: fix auto casting to boolean (bsc#1111696 bsc#1117561). - net: ena: fix compilation error in xtensa architecture (bsc#1111696 bsc#1117561). - net: ena: fix crash during failed resume from hibernation (bsc#1111696 bsc#1117561). - net: ena: fix indentations in ena_defs for better readability (bsc#1111696 bsc#1117561). - net: ena: Fix Kconfig dependency on X86 (bsc#1111696 bsc#1117561). - net: ena: fix NULL dereference due to untimely napi initialization (bsc#1111696 bsc#1117561). - net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1111696 bsc#1117561). - net: ena: fix warning in rmmod caused by double iounmap (bsc#1111696 bsc#1117561). - net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1111696 bsc#1117561). - net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1111696 bsc#1117561). - net: ena: minor performance improvement (bsc#1111696 bsc#1117561). - net: ena: remove ndo_poll_controller (bsc#1111696 bsc#1117561). - net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1111696 bsc#1117561). - net: ena: update driver version to 2.0.1 (bsc#1111696 bsc#1117561). - net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1111696 bsc#1117561). - net: fec: do not dump RX FIFO register when not available (networking-stable-18_11_02). - net-gro: reset skb->pkt_type in napi_reuse_skb() (networking-stable-18_11_21). - net: hns: fix for unmapping problem when SMMU is on (networking-stable-18_10_16). - net: hp100: fix always-true check for link up state (networking-stable-18_09_24). - net: ibm: fix return type of ndo_start_xmit function (). - net/ibmnvic: Fix deadlock problem in reset (). - net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431). - net: ipmr: fix unresolved entry dumps (networking-stable-18_11_02). - net: ipv4: do not let PMTU updates increase route MTU (git-fixes). - net/ipv6: Display all addresses in output of /proc/net/if_inet6 (networking-stable-18_10_16). - net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs (networking-stable-18_11_02). - netlabel: check for IPV4MASK in addrinfo_get (networking-stable-18_10_16). - net: macb: do not disable MDIO bus at open/close time (networking-stable-18_09_11). - net/mlx5: Check for error in mlx5_attach_interface (networking-stable-18_09_18). - net/mlx5e: Fix selftest for small MTUs (networking-stable-18_11_21). - net/mlx5e: Set vlan masks for all offloaded TC rules (networking-stable-18_10_16). - net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables (networking-stable-18_09_18). - net/mlx5: E-Switch, Fix out of bound access when setting vport rate (networking-stable-18_10_16). - net/mlx5: Fix debugfs cleanup in the device init/remove flow (networking-stable-18_09_18). - net/mlx5: Fix use-after-free in self-healing flow (networking-stable-18_09_18). - net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type (networking-stable-18_11_02). - net: mvpp2: Extract the correct ethtype from the skb for tx csum offload (networking-stable-18_10_16). - net: mvpp2: fix a txq_done race condition (networking-stable-18_10_16). - net/packet: fix packet drop as of virtio gso (networking-stable-18_10_16). - net: phy: mdio-gpio: Fix working over slow can_sleep GPIOs (networking-stable-18_11_21). - net: qca_spi: Fix race condition in spi transfers (networking-stable-18_09_18). - net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510). - net: sched: action_ife: take reference to meta module (networking-stable-18_09_11). - net/sched: act_pedit: fix dump of extended layered op (networking-stable-18_09_11). - net/sched: act_sample: fix NULL dereference in the data path (networking-stable-18_09_24). - net: sched: Fix for duplicate class dump (networking-stable-18_11_02). - net: sched: Fix memory exposure from short TCA_U32_SEL (networking-stable-18_09_11). - net: sched: gred: pass the right attribute to gred_change_table_def() (networking-stable-18_11_02). - net: smsc95xx: Fix MTU range (networking-stable-18_11_21). - net: socket: fix a missing-check bug (networking-stable-18_11_02). - net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules (networking-stable-18_11_02). - net: stmmac: Fixup the tail addr setting in xmit path (networking-stable-18_10_16). - net: systemport: Fix wake-up interrupt race during resume (networking-stable-18_10_16). - net: systemport: Protect stop from timeout (networking-stable-18_11_21). - net: udp: fix handling of CHECKSUM_COMPLETE packets (networking-stable-18_11_02). - net/usb: cancel pending work when unbinding smsc75xx (networking-stable-18_10_16). - NFC: nfcmrvl_uart: fix OF child-node lookup (bsc#1051510). - nfit_test: add error injection DSMs (bsc#1112128). - nfit_test: fix buffer overrun, add sanity check (bsc#1112128). - nfit_test: improve structure offset handling (bsc#1112128). - nfit_test: prevent parsing error of nfit_test.0 (bsc#1112128). - nfit_test: when clearing poison, also remove badrange entries (bsc#1112128). - nfp: wait for posted reconfigs when disabling the device (networking-stable-18_09_11). - NFS: Avoid quadratic search when freeing delegations (bsc#1084760). - NFS: Avoid RCU usage in tracepoints (git-fixes). - NFS: commit direct writes even if they fail partially (git-fixes). - nfsd4: permit layoutget of executable-only files (git-fixes). - nfsd: check for use of the closed special stateid (git-fixes). - nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0) (git-fixes). - nfsd: deal with revoked delegations appropriately (git-fixes). - nfsd: Ensure we check stateid validity in the seqid operation checks (git-fixes). - nfsd: Fix another OPEN stateid race (git-fixes). - nfsd: fix corrupted reply to badly ordered compound (git-fixes). - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (git-fixes). - nfsd: Fix stateid races between OPEN and CLOSE (git-fixes). - NFS: do not wait on commit in nfs_commit_inode() if there were no commit requests (git-fixes). - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir (git-fixes). - NFS: Ensure we commit after writeback is complete (bsc#1111809). - NFS: Fix an incorrect type in struct nfs_direct_req (git-fixes). - NFS: Fix a typo in nfs_rename() (git-fixes). - NFS: Fix typo in nomigration mount option (git-fixes). - NFS: Fix unstable write completion (git-fixes). - NFSv4.0 fix client reference leak in callback (git-fixes). - NFSv4.1: Fix a potential layoutget/layoutrecall deadlock (git-fixes). - NFSv4.1 fix infinite loop on I/O (git-fixes). - NFSv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY (git-fixes). - NFSv4.1: Fix up replays of interrupted requests (git-fixes). - NFSv4: Fix a typo in nfs41_sequence_process (git-fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT (bsc#1051510). - nospec: Include <asm/barrier.h> dependency (bsc#1114279). - nvdimm: Clarify comment in sizeof_namespace_index (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Remove empty if statement (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Sanity check labeloff (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Split label init out from the logic for getting config data (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Use namespace index data to reduce number of label reads needed (bsc#1111921, bsc#1113408, bsc#1113972). - nvme: Free ctrl device name on init failure (). - ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry (bsc#1117817). - ocfs2: fix locking for res->tracking and dlm->tracking_list (bsc#1117816). - ocfs2: fix ocfs2 read block panic (bsc#1117815). - ocfs2: free up write context when direct IO failed (bsc#1117821). - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (bsc#1117808). - of: add helper to lookup compatible child node (bsc#1106110) - openvswitch: Fix push/pop ethernet validation (networking-stable-18_11_02). - orangefs: fix deadlock; do not write i_size in read_iter (bsc#1051510). - orangefs: initialize op on loop restart in orangefs_devreq_read (bsc#1051510). - orangefs_kill_sb(): deal with allocation failures (bsc#1051510). - orangefs: use list_for_each_entry_safe in purge_waiting_ops (bsc#1051510). - PCI: Add Device IDs for Intel GPU 'spurious interrupt' quirk (bsc#1051510). - PCI/ASPM: Do not initialize link state when aspm_disabled is set (bsc#1051510). - PCI/ASPM: Fix link_state teardown on device removal (bsc#1051510). - PCI: dwc: remove duplicate fix References: bsc#1115269 Patch has been already applied by the following commit: 9f73db8b7c PCI: dwc: Fix enumeration end when reaching root subordinate (bsc#1051510) - PCI: hv: Do not wait forever on a device that has disappeared (bsc#1109806). - PCI: hv: Use effective affinity mask (bsc#1109772). - PCI: imx6: Fix link training status detection in link up check (bsc#1109806). - PCI: iproc: Remove PAXC slot check to allow VF support (bsc#1109806). - PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice (bsc#1051510). - PCI: Reprogram bridge prefetch registers on resume (bsc#1051510). - PCI: vmd: Assign vector zero to all bridges (bsc#1109806). - PCI: vmd: Detach resources after stopping root bus (bsc#1109806). - PCI: vmd: White list for fast interrupt handlers (bsc#1109806). - pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges (bsc#1051510). - percpu: make this_cpu_generic_read() atomic w.r.t. interrupts (bsc#1114279). - perf: fix invalid bit in diagnostic entry (git-fixes). - pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() (bsc#1051510). - pinctrl: meson: fix pinconf bias disable (bsc#1051510). - pinctrl: qcom: spmi-mpp: Fix drive strength setting (bsc#1051510). - pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux (bsc#1051510). - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant (bsc#1051510). - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant (bsc#1051510). - pipe: match pipe_max_size data type with procfs (git-fixes). - platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 (bsc#1051510). - platform/x86: intel_telemetry: report debugfs failure (bsc#1051510). - pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception (git-fixes). - pNFS: Do not release the sequence slot until we've processed layoutget on open (git-fixes). - pNFS: Prevent the layout header refcount going to zero in pnfs_roc() (git-fixes). - powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9 (bsc#1065729). - powerpc/boot: Fix opal console in boot wrapper (bsc#1065729). - powerpc/kvm/booke: Fix altivec related build break (bsc#1061840). - powerpc/kvm: Switch kvm pmd allocator to custom allocator (bsc#1061840). - powerpc/mm: Fix typo in comments (bsc#1065729). - powerpc/mm/hugetlb: initialize the pagetable cache correctly for hugetlb (bsc#1091800). - powerpc/mm/keys: Move pte bits to correct headers (bsc#1078248). - powerpc/mm: Rename find_linux_pte_or_hugepte() (bsc#1061840). - powerpc/npu-dma.c: Fix crash after __mmu_notifier_register failure (bsc#1055120). - powerpc/perf: Update raw-event code encoding comment for power8 (bsc#1065729). - powerpc/powernv: Add indirect levels to it_userspace (bsc#1061840). - powerpc/powernv: Do not select the cpufreq governors (bsc#1065729). - powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage (bsc#1055120). - powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled (bsc#1065729). - powerpc/powernv/ioda2: Reduce upper limit for DMA window size (bsc#1055120). - powerpc/powernv/ioda: Allocate indirect TCE levels on demand (bsc#1061840). - powerpc/powernv/ioda: Finish removing explicit max window size check (bsc#1061840). - powerpc/powernv/ioda: Remove explicit max window size check (bsc#1061840). - powerpc/powernv: Move TCE manupulation code to its own file (bsc#1061840). - powerpc/powernv/npu: Add lock to prevent race in concurrent context init/destroy (bsc#1055120). - powerpc/powernv/npu: Do not explicitly flush nmmu tlb (bsc#1055120). - powerpc/powernv/npu: Fix deadlock in mmio_invalidate() (bsc#1055120). - powerpc/powernv/npu: Prevent overwriting of pnv_npu2_init_contex() callback parameters (bsc#1055120). - powerpc/powernv/npu: Use flush_all_mm() instead of flush_tlb_mm() (bsc#1055120). - powerpc/powernv/pci: Work around races in PCI bridge enabling (bsc#1055120). - powerpc/powernv: Rework TCE level allocation (bsc#1061840). - powerpc/pseries: Fix build break for SPLPAR=n and CPU hotplug (bsc#1079524, git-fixes). - powerpc/pseries: Fix CONFIG_NUMA=n build (bsc#1067906, git-fixes). - powerpc/pseries: Fix DTL buffer registration (bsc#1065729). - powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1065729). - powerpc/pseries: Fix 'OF: ERROR: Bad of_node_put() on /cpus' during DLPAR (bsc#1113295). - powerpc/pseries/mobility: Extend start/stop topology update scope (bsc#1116950, bsc#1115709). - powerpc: pseries: remove dlpar_attach_node dependency on full path (bsc#1113295). - powerpc/xive: Move definition of ESB bits (bsc#1061840). - powerpc/xmon: Add ISA v3.0 SPRs to SPR dump (bsc#1061840). - power: supply: max8998-charger: Fix platform data retrieval (bsc#1051510). - pppoe: fix reception of frames with no mac header (networking-stable-18_09_24). - printk: drop in_nmi check from printk_safe_flush_on_panic() (bsc#1112170). - printk: Fix panic caused by passing log_buf_len to command line (bsc#1117168). - printk/tracing: Do not trace printk_nmi_enter() (bsc#1112208). - provide linux/set_memory.h (bsc#1113295). - ptp: fix Spectre v1 vulnerability (bsc#1051510). - pwm: lpss: Release runtime-pm reference from the driver's remove callback (bsc#1051510). - pxa168fb: prepare the clock (bsc#1051510). - qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface (bsc#1051510). - qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID (bsc#1051510). - qmi_wwan: Support dynamic config on Quectel EP06 (bsc#1051510). - qrtr: add MODULE_ALIAS macro to smd (bsc#1051510). - r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED (bsc#1051510). - r8169: fix NAPI handling under high load (networking-stable-18_11_02). - race of lockd inetaddr notifiers vs nlmsvc_rqst change (git-fixes). - RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 (git-fixes). - random: rate limit unseeded randomness warnings (git-fixes). - rculist: add list_for_each_entry_from_rcu() (bsc#1084760). - rculist: Improve documentation for list_for_each_entry_from_rcu() (bsc#1084760). - rds: fix two RCU related problems (networking-stable-18_09_18). - README: Clean-up trailing whitespace - reiserfs: add check to detect corrupted directory entry (bsc#1109818). - reiserfs: do not panic on bad directory entries (bsc#1109818). - remoteproc: qcom: Fix potential device node leaks (bsc#1051510). - rename a hv patch to reduce conflicts in -AZURE - reset: hisilicon: fix potential NULL pointer dereference (bsc#1051510). - reset: imx7: Fix always writing bits as 0 (bsc#1051510). - resource: Include resource end in walk_*() interfaces (bsc#1114279). - Revert 'ceph: fix dentry leak in splice_dentry()' (bsc#1114839). - Revert 'powerpc/64: Fix checksum folding in csum_add()' (bsc#1065729). - Revert 'rpm/kernel-binary.spec.in: allow unsupported modules for -extra' - Revert 'usb: dwc3: gadget: skip Set/Clear Halt when invalid' (bsc#1051510). - rpmsg: Correct support for MODULE_DEVICE_TABLE() (git-fixes). - rtnetlink: Disallow FDB configuration for non-Ethernet device (networking-stable-18_11_02). - rtnetlink: fix rtnl_fdb_dump() for ndmsg header (networking-stable-18_10_16). - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 (networking-stable-18_10_16). - s390/cpum_sf: Add data entry sizes to sampling trailer entry (git-fixes). - s390/kvm: fix deadlock when killed by oom (bnc#1113501, LTC#172235). - s390/mm: Check for valid vma before zapping in gmap_discard (git-fixes). - s390/mm: correct allocate_pgste proc_handler callback (git-fixes). - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1113501, LTC#172682). - s390/qeth: fix HiperSockets sniffer (bnc#1113501, LTC#172953). - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1113501, LTC#172682). - s390/qeth: handle failure on workqueue creation (git-fixes). - s390/qeth: report 25Gbit link speed (bnc#1113501, LTC#172959). - s390: revert ELF_ET_DYN_BASE base changes (git-fixes). - s390/sclp_tty: enable line mode tty even if there is an ascii console (git-fixes). - s390/sthyi: add cache to store hypervisor info (LTC#160415, bsc#1068273). - s390/sthyi: add s390_sthyi system call (LTC#160415, bsc#1068273). - s390/sthyi: reorganize sthyi implementation (LTC#160415, bsc#1068273). - sched/numa: Limit the conditions where scan period is reset (). - scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246). - scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246). - scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bsc#1114578). - scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1104731). - scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1104731). - scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731). - scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731). - scsi: libsas: remove irq save in sas_ata_qc_issue() (bsc#1114580). - scsi: lpfc: add support to retrieve firmware logs (bsc#1114015). - scsi: lpfc: add Trunking support (bsc#1114015). - scsi: lpfc: Correct errors accessing fw log (bsc#1114015). - scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 (bsc#1114015). - scsi: lpfc: Correct irq handling via locks when taking adapter offline (bsc#1114015). - scsi: lpfc: Correct LCB RJT handling (bsc#1114015). - scsi: lpfc: Correct loss of fc4 type on remote port address change (bsc#1114015). - scsi: lpfc: Correct race with abort on completion path (bsc#1114015). - scsi: lpfc: Correct soft lockup when running mds diagnostics (bsc#1114015). - scsi: lpfc: Correct speeds on SFP swap (bsc#1114015). - scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces (bsc#1114015). - scsi: lpfc: Fix errors in log messages (bsc#1114015). - scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN (bsc#1114015). - scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event (bsc#1114015). - scsi: lpfc: Fix lpfc_sli4_read_config return value check (bsc#1114015). - scsi: lpfc: Fix odd recovery in duplicate FLOGIs in point-to-point (bsc#1114015). - scsi: lpfc: Implement GID_PT on Nameserver query to support faster failover (bsc#1114015). - scsi: lpfc: Raise nvme defaults to support a larger io and more connectivity (bsc#1114015). - scsi: lpfc: raise sg count for nvme to use available sg resources (bsc#1114015). - scsi: lpfc: reduce locking when updating statistics (bsc#1114015). - scsi: lpfc: Remove set but not used variable 'sgl_size' (bsc#1114015). - scsi: lpfc: Reset link or adapter instead of doing infinite nameserver PLOGI retry (bsc#1114015). - scsi: lpfc: Synchronize access to remoteport via rport (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.7 (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.8 (bsc#1114015). - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1114581). - scsi: scsi_transport_srp: Fix shost to rport translation (bsc#1114582). - scsi: sg: fix minor memory leak in error path (bsc#1114584). - scsi: sysfs: Introduce sysfs_{un,}break_active_protection() (bsc#1114578). - scsi: target: Fix fortify_panic kernel exception (bsc#1114576). - scsi: target/tcm_loop: Avoid that static checkers warn about dead code (bsc#1114577). - scsi: target: tcmu: add read length support (bsc#1097755). - sctp: fix race on sctp_id2asoc (networking-stable-18_11_02). - sctp: fix strchange_flags name for Stream Change Event (networking-stable-18_11_21). - sctp: hold transport before accessing its asoc in sctp_transport_get_next (networking-stable-18_09_11). - sctp: not allow to set asoc prsctp_enable by sockopt (networking-stable-18_11_21). - sctp: not increase stream's incnt before sending addstrm_in request (networking-stable-18_11_21). - sctp: update dst pmtu with the correct daddr (networking-stable-18_10_16). - serial: 8250: Fix clearing FIFOs in RS485 mode again (bsc#1051510). - signal: Properly deliver SIGSEGV from x86 uprobes (bsc#1110006). - skip LAYOUTRETURN if layout is invalid (git-fixes). - smb2: fix missing files in root share directory listing (bsc#1112907). - smb2: fix missing files in root share directory listing (bsc#1112907). - smb3: fill in statfs fsid and correct namelen (bsc#1112905). - smb3: fill in statfs fsid and correct namelen (bsc#1112905). - smb3: fix reset of bytes read and written stats (bsc#1112906). - smb3: fix reset of bytes read and written stats (bsc#1112906). - smb3: on reconnect set PreviousSessionId field (bsc#1112899). - smb3: on reconnect set PreviousSessionId field (bsc#1112899). - soc: fsl: qbman: qman: avoid allocating from non existing gen_pool (bsc#1051510). - soc/tegra: pmc: Fix child-node lookup (bsc#1051510). - soc: ti: QMSS: Fix usage of irq_set_affinity_hint (bsc#1051510). - sound: do not call skl_init_chip() to reset intel skl soc (bsc#1051510). - sound: enable interrupt after dma buffer initialization (bsc#1051510). - spi/bcm63xx-hsspi: keep pll clk enabled (bsc#1051510). - spi: bcm-qspi: switch back to reading flash using smaller chunks (bsc#1051510). - spi: sh-msiof: fix deferred probing (bsc#1051510). - staging: comedi: ni_mio_common: protect register write overflow (bsc#1051510). - staging:iio:ad7606: fix voltage scales (bsc#1051510). - staging: rtl8723bs: Fix the return value in case of error in 'rtw_wx_read32()' (bsc#1051510). - staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510). - sunrpc: Allow connect to return EHOSTUNREACH (git-fixes). - sunrpc: Do not use stack buffer with scatterlist (git-fixes). - sunrpc: Fix rpc_task_begin trace point (git-fixes). - sunrpc: Fix tracepoint storage issues with svc_recv and svc_rqst_status (git-fixes). - target: fix buffer offset in core_scsi3_pri_read_full_status (bsc1117349). - target: log Data-Out timeouts as errors (bsc#1095805). - target: log NOP ping timeouts as errors (bsc#1095805). - target: split out helper for cxn timeout error stashing (bsc#1095805). - target: stash sess_err_stats on Data-Out timeout (bsc#1095805). - target: use ISCSI_IQN_LEN in iscsi_target_stat (bsc#1095805). - tcp: do not restart timewait timer on rst reception (networking-stable-18_09_11). - test_firmware: fix error return getting clobbered (bsc#1051510). - tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths (networking-stable-18_11_21). - thermal: bcm2835: enable hwmon explicitly (bsc#1108468). - thermal: da9062/61: Prevent hardware access during system suspend (bsc#1051510). - thermal: rcar_thermal: Prevent hardware access during system suspend (bsc#1051510). - tipc: do not assume linear buffer when reading ancillary data (networking-stable-18_11_21). - tipc: fix a missing rhashtable_walk_exit() (networking-stable-18_09_11). - tipc: fix flow control accounting for implicit connect (networking-stable-18_10_16). - tools build: fix # escaping in .cmd files for future Make (git-fixes). - tools/testing/nvdimm: advertise a write cache for nfit_test (bsc#1112128). - tools/testing/nvdimm: allow custom error code injection (bsc#1112128). - tools/testing/nvdimm: disable labels for nfit_test.1 (bsc#1112128). - tools/testing/nvdimm: enable labels for nfit_test.1 dimms (bsc#1112128). - tools/testing/nvdimm: fix missing newline in nfit_test_dimm 'handle' attribute (bsc#1112128). - tools/testing/nvdimm: Fix support for emulating controller temperature (bsc#1112128). - tools/testing/nvdimm: force nfit_test to depend on instrumented modules (bsc#1112128). - tools/testing/nvdimm: improve emulation of smart injection (bsc#1112128). - tools/testing/nvdimm: kaddr and pfn can be NULL to ->direct_access() (bsc#1112128). - tools/testing/nvdimm: Make DSM failure code injection an override (bsc#1112128). - tools/testing/nvdimm: smart alarm/threshold control (bsc#1112128). - tools/testing/nvdimm: stricter bounds checking for error injection commands (bsc#1112128). - tools/testing/nvdimm: support nfit_test_dimm attributes under nfit_test.1 (bsc#1112128). - tools/testing/nvdimm: unit test clear-error commands (bsc#1112128). - tools/vm/page-types.c: fix 'defined but not used' warning (bsc#1051510). - tools/vm/slabinfo.c: fix sign-compare warning (bsc#1051510). - tpm2-cmd: allow more attempts for selftest execution (bsc#1082555). - tpm: add retry logic (bsc#1082555). - tpm: consolidate the TPM startup code (bsc#1082555). - tpm: do not suspend/resume if power stays on (bsc#1082555). - tpm: fix intermittent failure with self tests (bsc#1082555). - tpm: fix response size validation in tpm_get_random() (bsc#1082555). - tpm: move endianness conversion of ordinals to tpm_input_header (bsc#1082555). - tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to tpm_input_header (bsc#1082555). - tpm: move the delay_msec increment after sleep in tpm_transmit() (bsc#1082555). - tpm: React correctly to RC_TESTING from TPM 2.0 self tests (bsc#1082555). - tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers (bsc#1082555). - tpm: Restore functionality to xen vtpm driver (bsc#1082555). - tpm: self test failure should not cause suspend to fail (bsc#1082555). - tpm: tpm-interface: fix tpm_transmit/_cmd kdoc (bsc#1082555). - tpm: Trigger only missing TPM 2.0 self tests (bsc#1082555). - tpm: Use dynamic delay to wait for TPM 2.0 self test result (bsc#1082555). - tpm: use tpm2_pcr_read() in tpm2_do_selftest() (bsc#1082555). - tpm: use tpm_buf functions in tpm2_pcr_read() (bsc#1082555). - tracing: Add barrier to trace_printk() buffer nesting modification (bsc#1112219). - tracing: Apply trace_clock changes to instance max buffer (bsc#1117188). - tracing: Erase irqsoff trace with empty write (bsc#1117189). - tty: check name length in tty_find_polling_driver() (bsc#1051510). - tty: Do not block on IO when ldisc change is pending (bnc#1105428). - tty: fix data race between tty_init_dev and flush of buf (bnc#1105428). - tty: Hold tty_ldisc_lock() during tty_reopen() (bnc#1105428). - tty/ldsem: Add lockdep asserts for ldisc_sem (bnc#1105428). - tty/ldsem: Convert to regular lockdep annotations (bnc#1105428). - tty/ldsem: Decrement wait_readers on timeouted down_read() (bnc#1105428). - tty/ldsem: Wake up readers after timed out down_write() (bnc#1105428). - tty: Simplify tty->count math in tty_reopen() (bnc#1105428). - tty: wipe buffer (bsc#1051510). - tty: wipe buffer if not echoing data (bsc#1051510). - tun: Consistently configure generic netdev params via rtnetlink (bsc#1051510). - tuntap: fix multiqueue rx (networking-stable-18_11_21). - udp4: fix IP_CMSG_CHECKSUM for connected sockets (networking-stable-18_09_24). - udp6: add missing checks on edumux packet processing (networking-stable-18_09_24). - udp6: fix encap return code for resubmitting (git-fixes). - uio: ensure class is registered before devices (bsc#1051510). - uio: Fix an Oops on load (bsc#1051510). - uio: make symbol 'uio_class_registered' static (bsc#1051510). - Update config files. Enabled ENA (Amazon network driver) for arm64. - usb: cdc-acm: add entry for Hiro (Conexant) modem (bsc#1051510). - usb: chipidea: Prevent unbalanced IRQ disable (bsc#1051510). - usb: core: Fix hub port connection events lost (bsc#1051510). - usb: dwc2: host: do not delay retries for CONTROL IN transfers (bsc#1114385). - usb: dwc2: host: Do not retry NAKed transactions right away (bsc#1114385). - usb: dwc3: core: Clean up ULPI device (bsc#1051510). - usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers (bsc#1051510). - usb: dwc3: gadget: Properly check last unaligned/zero chain TRB (bsc#1051510). - usb: gadget: fsl_udc_core: check allocation return value and cleanup on failure (bsc#1051510). - usb: gadget: fsl_udc_core: fixup struct_udc_setup documentation (bsc#1051510). - usb: gadget: storage: Fix Spectre v1 vulnerability (bsc#1051510). - usb: gadget: udc: atmel: handle at91sam9rl PMC (bsc#1051510). - usb: gadget: u_ether: fix unsafe list iteration (bsc#1051510). - usb: host: ohci-at91: fix request of irq for optional gpio (bsc#1051510). - usbip: tools: fix atoi() on non-null terminated string (bsc#1051510). - usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten (bsc#1051510). - usb: misc: appledisplay: add 20' Apple Cinema Display (bsc#1051510). - usbnet: smsc95xx: disable carrier check while suspending (bsc#1051510). - usb: omap_udc: fix rejection of out transfers when DMA is used (bsc#1051510). - usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bsc#1051510). - usb: quirks: Add no-lpm quirk for Raydium touchscreens (bsc#1051510). - usb: remove LPM management from usb_driver_claim_interface() (bsc#1051510). - usb: serial: cypress_m8: fix interrupt-out transfer length (bsc#1051510). - usb: serial: option: add two-endpoints device-id flag (bsc#1051510). - usb: serial: option: drop redundant interface-class test (bsc#1051510). - usb: serial: option: improve Quectel EP06 detection (bsc#1051510). - usb: xhci: fix timeout for transition from RExit to U0 (bsc#1051510). - userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access (bsc#1109739). - Use upstream version of pci-hyperv patch (35a88a1) - VFS: close race between getcwd() and d_move() (git-fixes). - VFS: fix freeze protection in mnt_want_write_file() for overlayfs (git-fixes). - vhost: Fix Spectre V1 vulnerability (bsc#1051510). - vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bsc#1051510). - virtio_net: avoid using netif_tx_disable() for serializing tx routine (networking-stable-18_11_02). - VMCI: Resource wildcard match fixed (bsc#1051510). - w1: omap-hdq: fix missing bus unregister at removal (bsc#1051510). - Workaround for mysterious NVMe breakage with i915 CFL (bsc#1111040). - x86/acpi: Prevent X2APIC id 0xffffffff from being accounted (bsc#1110006). - x86/boot/KASLR: Work around firmware bugs by excluding EFI_BOOT_SERVICES_* and EFI_LOADER_* from KASLR's choice (bnc#1112878). - x86/boot: Move EISA setup to a separate file (bsc#1110006). - x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided (bsc#1110006). - x86/cpufeature: Add User-Mode Instruction Prevention definitions (bsc#1110006). - x86/cpufeatures: Add Intel Total Memory Encryption cpufeature (bsc#1110006). - x86/cpu/vmware: Do not trace vmware_sched_clock() (bsc#1114279). - x86/eisa: Add missing include (bsc#1110006). - x86/EISA: Do not probe EISA bus for Xen PV guests (bsc#1110006). - x86/fpu: Remove second definition of fpu in __fpu__restore_sig() (bsc#1110006). - x86, hibernate: Fix nosave_regions setup for hibernation (bsc#1110006). - x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772). - x86/kasan: Panic if there is not enough memory to boot (bsc#1110006). - x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error (bsc#1114279). - x86/ldt: Remove unused variable in map_ldt_struct() (bsc#1114279). - x86/ldt: Split out sanity check in map_ldt_struct() (bsc#1114279). - x86/ldt: Unmap PTEs for the slot before freeing LDT pages (bsc#1114279). - x86/MCE/AMD: Fix the thresholding machinery initialization order (bsc#1114279). - x86/MCE: Fix stack out-of-bounds write in mce-inject.c: Flags_read() (bsc#1110006). - x86/MCE: Make correctable error detection look at the Deferred bit (bsc#1114279). - x86/mm/pat: Disable preemption around __flush_tlb_all() (bsc#1114279). - x86, nfit_test: Add unit test for memcpy_mcsafe() (bsc#1112128). - x86/paravirt: Fix some warning messages (bnc#1065600). - x86/percpu: Fix this_cpu_read() (bsc#1110006). - x86/speculation: Support Enhanced IBRS on future CPUs (). - x86/time: Correct the attribute on jiffies' definition (bsc#1110006). - x86/xen: Fix boot loader version reported for PVH guests (bnc#1065600). - xen/balloon: Support xend-based toolstack (bnc#1065600). - xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062). - xen: fix race in xen_qlock_wait() (bnc#1107256). - xen: fix xen_qlock_wait() (bnc#1107256). - xen/gntdev: avoid out of bounds access in case of partial gntdev_mmap() (bnc#1065600). - xen: make xen_qlock_wait() nestable (bnc#1107256). - xen/netfront: do not bug in case of too many frags (bnc#1104824). - xen/pvh: do not try to unplug emulated devices (bnc#1065600). - xen/pvh: increase early stack size (bnc#1065600). - xen: Remove unnecessary BUG_ON from __unbind_from_irq() (bnc#1065600). - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent (bnc#1065600). - xen-swiotlb: use actually allocated size on check physical continuous (bnc#1065600). - xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfs: do not fail when converting shortform attr to long form during ATTR_REPLACE (bsc#1105025). - xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes). - xfs: Properly detect when DAX won't be used on any device (bsc#1115976). - xhci: Add check for invalid byte size error when UAS devices are connected (bsc#1051510). - xhci: Do not print a warning when setting link state for disabled ports (bsc#1051510). - xhci: Fix leaking USB3 shared_hcd at xhci removal (bsc#1051510). - xprtrdma: Do not defer fencing an async RPC's chunks (git-fixes). Important SUSE bug 1051510 SUSE bug 1055120 SUSE bug 1061840 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1066674 SUSE bug 1067906 SUSE bug 1068273 SUSE bug 1076830 SUSE bug 1078248 SUSE bug 1079524 SUSE bug 1082555 SUSE bug 1082653 SUSE bug 1083647 SUSE bug 1084760 SUSE bug 1084831 SUSE bug 1085535 SUSE bug 1086196 SUSE bug 1089350 SUSE bug 1091800 SUSE bug 1094825 SUSE bug 1095805 SUSE bug 1097755 SUSE bug 1100132 SUSE bug 1103356 SUSE bug 1103925 SUSE bug 1104124 SUSE bug 1104731 SUSE bug 1104824 SUSE bug 1105025 SUSE bug 1105428 SUSE bug 1106105 SUSE bug 1106110 SUSE bug 1106237 SUSE bug 1106240 SUSE bug 1107256 SUSE bug 1107385 SUSE bug 1107866 SUSE bug 1108377 SUSE bug 1108468 SUSE bug 1109330 SUSE bug 1109739 SUSE bug 1109772 SUSE bug 1109806 SUSE bug 1109818 SUSE bug 1109907 SUSE bug 1109911 SUSE bug 1109915 SUSE bug 1109919 SUSE bug 1109951 SUSE bug 1110006 SUSE bug 1110998 SUSE bug 1111040 SUSE bug 1111062 SUSE bug 1111174 SUSE bug 1111506 SUSE bug 1111696 SUSE bug 1111809 SUSE bug 1111921 SUSE bug 1111983 SUSE bug 1112128 SUSE bug 1112170 SUSE bug 1112173 SUSE bug 1112208 SUSE bug 1112219 SUSE bug 1112221 SUSE bug 1112246 SUSE bug 1112372 SUSE bug 1112514 SUSE bug 1112554 SUSE bug 1112708 SUSE bug 1112710 SUSE bug 1112711 SUSE bug 1112712 SUSE bug 1112713 SUSE bug 1112731 SUSE bug 1112732 SUSE bug 1112733 SUSE bug 1112734 SUSE bug 1112735 SUSE bug 1112736 SUSE bug 1112738 SUSE bug 1112739 SUSE bug 1112740 SUSE bug 1112741 SUSE bug 1112743 SUSE bug 1112745 SUSE bug 1112746 SUSE bug 1112878 SUSE bug 1112894 SUSE bug 1112899 SUSE bug 1112902 SUSE bug 1112903 SUSE bug 1112905 SUSE bug 1112906 SUSE bug 1112907 SUSE bug 1112963 SUSE bug 1113257 SUSE bug 1113284 SUSE bug 1113295 SUSE bug 1113408 SUSE bug 1113412 SUSE bug 1113501 SUSE bug 1113667 SUSE bug 1113677 SUSE bug 1113722 SUSE bug 1113751 SUSE bug 1113769 SUSE bug 1113780 SUSE bug 1113972 SUSE bug 1114015 SUSE bug 1114178 SUSE bug 1114279 SUSE bug 1114385 SUSE bug 1114576 SUSE bug 1114577 SUSE bug 1114578 SUSE bug 1114579 SUSE bug 1114580 SUSE bug 1114581 SUSE bug 1114582 SUSE bug 1114583 SUSE bug 1114584 SUSE bug 1114585 SUSE bug 1114839 SUSE bug 1115074 SUSE bug 1115269 SUSE bug 1115431 SUSE bug 1115433 SUSE bug 1115440 SUSE bug 1115567 SUSE bug 1115709 SUSE bug 1115976 SUSE bug 1116183 SUSE bug 1116692 SUSE bug 1116693 SUSE bug 1116698 SUSE bug 1116699 SUSE bug 1116700 SUSE bug 1116701 SUSE bug 1116862 SUSE bug 1116863 SUSE bug 1116876 SUSE bug 1116877 SUSE bug 1116878 SUSE bug 1116891 SUSE bug 1116895 SUSE bug 1116899 SUSE bug 1116950 SUSE bug 1117168 SUSE bug 1117172 SUSE bug 1117174 SUSE bug 1117181 SUSE bug 1117184 SUSE bug 1117188 SUSE bug 1117189 SUSE bug 1117349 SUSE bug 1117561 SUSE bug 1117788 SUSE bug 1117789 SUSE bug 1117790 SUSE bug 1117791 SUSE bug 1117792 SUSE bug 1117794 SUSE bug 1117795 SUSE bug 1117796 SUSE bug 1117798 SUSE bug 1117799 SUSE bug 1117801 SUSE bug 1117802 SUSE bug 1117803 SUSE bug 1117804 SUSE bug 1117805 SUSE bug 1117806 SUSE bug 1117807 SUSE bug 1117808 SUSE bug 1117815 SUSE bug 1117816 SUSE bug 1117817 SUSE bug 1117818 SUSE bug 1117819 SUSE bug 1117820 SUSE bug 1117821 SUSE bug 1117822 SUSE bug 1118102 SUSE bug 1118136 SUSE bug 1118137 SUSE bug 1118138 SUSE bug 1118140 SUSE bug 1118152 SUSE bug 1118316 CVE-2017-16533 CVE-2017-18224 CVE-2018-18281 CVE-2018-18386 CVE-2018-18445 CVE-2018-18710 CVE-2018-19824 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for ghostscript to version 9.26 fixes the following issues: Security issues fixed: - CVE-2018-19475: Fixed bypass of an intended access restriction in psi/zdevice2.c (bsc#1117327) - CVE-2018-19476: Fixed bypass of an intended access restriction in psi/zicc.c (bsc#1117313) - CVE-2018-19477: Fixed bypass of an intended access restriction in psi/zfjbig2.c (bsc#1117274) - CVE-2018-19409: Check if another device is used correctly in LockSafetyParams (bsc#1117022) - CVE-2018-18284: Fixed potential sandbox escape through 1Policy operator (bsc#1112229) - CVE-2018-18073: Fixed leaks through operator in saved execution stacks (bsc#1111480) - CVE-2018-17961: Fixed a -dSAFER sandbox escape by bypassing executeonly (bsc#1111479) - CVE-2018-17183: Fixed a potential code injection by specially crafted PostScript files (bsc#1109105) Version update to 9.26 (bsc#1117331): - Security issues have been the primary focus - Minor bug fixes and improvements - For release summary see: http://www.ghostscript.com/doc/9.26/News.htm Important SUSE bug 1109105 SUSE bug 1111479 SUSE bug 1111480 SUSE bug 1112229 SUSE bug 1117022 SUSE bug 1117274 SUSE bug 1117313 SUSE bug 1117327 SUSE bug 1117331 CVE-2018-17183 CVE-2018-17961 CVE-2018-18073 CVE-2018-18284 CVE-2018-19409 CVE-2018-19475 CVE-2018-19476 CVE-2018-19477 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for cups fixes the following issues: Security issue fixed: - CVE-2018-4700: Fixed extremely predictable cookie generation that is effectively breaking the CSRF protection of the CUPS web interface (bsc#1115750). Important SUSE bug 1115750 CVE-2018-4700 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for openldap2 fixes the following issues: Security issue fixed: - CVE-2017-17740: When both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. (bsc#1073313) Moderate SUSE bug 1073313 CVE-2017-17740 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libqt5-qtbase fixes the following issues: Security issues fixed: - CVE-2018-15518: Fixed double free in QXmlStreamReader (bsc#1118595) - CVE-2018-19873: Fixed Denial of Service on malformed BMP file in QBmpHandler (bsc#1118596) Moderate SUSE bug 1118595 SUSE bug 1118596 CVE-2018-15518 CVE-2018-19873 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for bluez fixes the following issues: Security issues fixed: - CVE-2016-9800: Fixed a buffer overflow in the pin_code_reply_dump function (bsc#1013721) - CVE-2016-9801: Fixed a buffer overflow in the set_ext_ctrl function (bsc#1013732) Moderate SUSE bug 1013721 SUSE bug 1013732 CVE-2016-9800 CVE-2016-9801 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-19210: Fixed NULL pointer dereference in the TIFFWriteDirectorySec function (bsc#1115717). - CVE-2017-12944: Fixed denial of service issue in the TIFFReadDirEntryArray function (bsc#1054594). - CVE-2016-10094: Fixed heap-based buffer overflow in the _tiffWriteProc function (bsc#1017693). - CVE-2016-10093: Fixed heap-based buffer overflow in the _TIFFmemcpy function (bsc#1017693). - CVE-2016-10092: Fixed heap-based buffer overflow in the TIFFReverseBits function (bsc#1017693). - CVE-2016-6223: Fixed out-of-bounds read on memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1() (bsc#990460). Moderate SUSE bug 1017693 SUSE bug 1054594 SUSE bug 1115717 SUSE bug 990460 CVE-2016-10092 CVE-2016-10093 CVE-2016-10094 CVE-2016-6223 CVE-2017-12944 CVE-2018-19210 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for mariadb fixes the following issues: Update to MariaDB 10.0.37 GA (bsc#1116686). Security issues fixed: - CVE-2018-3282: Server Storage Engines unspecified vulnerability (CPU Oct 2018) (bsc#1112432) - CVE-2018-3251: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112397) - CVE-2018-3174: Client programs unspecified vulnerability (CPU Oct 2018) (bsc#1112368) - CVE-2018-3156: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112417) - CVE-2018-3143: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112421) - CVE-2018-3066: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Options). (bsc#1101678) - CVE-2018-3064: InnoDB unspecified vulnerability (CPU Jul 2018) (bsc#1103342) - CVE-2018-3063: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Security Privileges). (bsc#1101677) - CVE-2018-3058: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent MyISAM). (bsc#1101676) - CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) Non-security changes: - Remove PerconaFT from the package as it has AGPL licence (bsc#1118754) - do not just remove tokudb plugin but don't build it at all (missing jemalloc dependency) Release notes and changelog: - https://kb.askmonty.org/en/mariadb-10037-release-notes - https://kb.askmonty.org/en/mariadb-10037-changelog - https://kb.askmonty.org/en/mariadb-10036-release-notes - https://kb.askmonty.org/en/mariadb-10036-changelog Important SUSE bug 1013882 SUSE bug 1101676 SUSE bug 1101677 SUSE bug 1101678 SUSE bug 1103342 SUSE bug 1112368 SUSE bug 1112397 SUSE bug 1112417 SUSE bug 1112421 SUSE bug 1112432 SUSE bug 1116686 SUSE bug 1118754 CVE-2016-9843 CVE-2018-3058 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066 CVE-2018-3143 CVE-2018-3156 CVE-2018-3174 CVE-2018-3251 CVE-2018-3282 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for netatalk fixes the following issues: Security issue fixed: - CVE-2018-1160 Fixed a missing bounds check in the handling of the DSI OPEN SESSION request, which allowed an unauthenticated to overwrite memory with data of their choice leading to arbitrary code execution with root privileges. (bsc#1119540) Important SUSE bug 1119540 CVE-2018-1160 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues: Issues fixed in MozillaFirefox: - Update to Firefox ESR 60.4 (bsc#1119105) - CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Fixed a use-after-free with select element - CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia - CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs - CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images - CVE-2018-12405: Fixed a few memory safety bugs Issues fixed in mozilla-nss: - Update to NSS 3.40.1 (bsc#1119105) - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) - CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) - Fixed a decryption failure during FFDHE key exchange - Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr: - Update mozilla-nspr to 4.20 (bsc#1119105) Important SUSE bug 1097410 SUSE bug 1106873 SUSE bug 1119069 SUSE bug 1119105 CVE-2018-0495 CVE-2018-12384 CVE-2018-12404 CVE-2018-12405 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for wireshark fixes the following issues: Update to Wireshark 2.4.11 (bsc#1117740). Security issues fixed: - CVE-2018-19625: The Wireshark dissection engine could crash (wnpa-sec-2018-51) - CVE-2018-19626: The DCOM dissector could crash (wnpa-sec-2018-52) - CVE-2018-19623: The LBMPDM dissector could crash (wnpa-sec-2018-53) - CVE-2018-19622: The MMSE dissector could go into an infinite loop (wnpa-sec-2018-54) - CVE-2018-19627: The IxVeriWave file parser could crash (wnpa-sec-2018-55) - CVE-2018-19624: The PVFS dissector could crash (wnpa-sec-2018-56) Further bug fixes and updated protocol support as listed in: - https://www.wireshark.org/docs/relnotes/wireshark-2.4.11.html Moderate SUSE bug 1117740 CVE-2018-19622 CVE-2018-19623 CVE-2018-19624 CVE-2018-19625 CVE-2018-19626 CVE-2018-19627 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for ntfs-3g_ntfsprogs fixes the following issues: Security issues fixed: - CVE-2019-9755: Fixed a heap-based buffer overflow which could lead to local privilege escalation (bsc#1130165). Moderate SUSE bug 1130165 CVE-2019-9755 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for webkit2gtk3 fixes the following issues: Security issue fixed: - CVE-2019-8375: Fixed an issue in UIProcess subsystem which could allow the script dialog size to exceed the web view size leading to Buffer Overflow or other unspecified impact (bsc#1126768). Moderate SUSE bug 1126768 CVE-2019-8375 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel() (bsc#1130330). - CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage() (bsc#1131317). - CVE-2019-7175: Fixed multiple memory leaks in DecodeImage function (bsc#1128649). - CVE-2018-20467: Fixed infinite loop in coders/bmp.c (bsc#1120381). - CVE-2019-7398: Fixed a memory leak in the function WriteDIBImage (bsc#1124365). - CVE-2019-7397: Fixed a memory leak in the function WritePDFImage (bsc#1124366). - CVE-2019-7395: Fixed a memory leak in the function WritePSDChannel (bsc#1124368). - CVE-2018-16413: Fixed a heap-based buffer over-read in PushShortPixel() (bsc#1106989). - CVE-2018-16412: Fixed a heap-based buffer over-read in ParseImageResourceBlocks() (bsc#1106996). - CVE-2018-16644: Fixed a regression in dcm coder (bsc#1107609). - CVE-2019-11007: Fixed a heap-based buffer overflow in ReadMNGImage() (bsc#1132060). - CVE-2019-11008: Fixed a heap-based buffer overflow in WriteXWDImage() (bsc#1132054). - CVE-2019-11009: Fixed a heap-based buffer over-read in ReadXWDImage() (bsc#1132053). - Added extra -config- packages with Postscript/EPS/PDF readers still enabled. Removing the PS decoders is used to harden ImageMagick against security issues within ghostscript. Enabling them might impact security. (bsc#1122033) These are two packages that can be selected: - ImageMagick-config-6-SUSE: This has the PS decoders disabled. - ImageMagick-config-6-upstream: This has the PS decoders enabled. Depending on your local needs install either one of them. The default is the -SUSE configuration. Moderate SUSE bug 1106989 SUSE bug 1106996 SUSE bug 1107609 SUSE bug 1120381 SUSE bug 1122033 SUSE bug 1124365 SUSE bug 1124366 SUSE bug 1124368 SUSE bug 1128649 SUSE bug 1130330 SUSE bug 1131317 SUSE bug 1132053 SUSE bug 1132054 SUSE bug 1132060 CVE-2018-16412 CVE-2018-16413 CVE-2018-16644 CVE-2018-20467 CVE-2019-10650 CVE-2019-11007 CVE-2019-11008 CVE-2019-11009 CVE-2019-7175 CVE-2019-7395 CVE-2019-7397 CVE-2019-7398 CVE-2019-9956 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). Non-security issues fixed: - Fix vfs_ceph ftruncate and fallocate handling (bsc#1127153). - Abide by load_printers smb.conf parameter (bsc#1124223). - s3:winbindd: let normalize_name_map() call find_domain_from_name_noinit() (bsc#1123755). - s3:passdb: Do not return OK if we don't have pinfo set up (bsc#1099590). - s3:winbind: Fix regression (bsc#1123755). Moderate SUSE bug 1099590 SUSE bug 1123755 SUSE bug 1124223 SUSE bug 1127153 SUSE bug 1131060 CVE-2019-3880 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for wireshark to version 2.4.14 fixes the following issues: Security issues fixed: - CVE-2019-10895: NetScaler file parser crash. - CVE-2019-10899: SRVLOC dissector crash. - CVE-2019-10894: GSS-API dissector crash. - CVE-2019-10896: DOF dissector crash. - CVE-2019-10901: LDSS dissector crash. - CVE-2019-10903: DCERPC SPOOLSS dissector crash. Non-security issue fixed: - Update to version 2.4.14 (bsc#1131945). Moderate SUSE bug 1131945 CVE-2019-10894 CVE-2019-10895 CVE-2019-10896 CVE-2019-10899 CVE-2019-10901 CVE-2019-10903 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for php7 fixes the following issues: Security issues fixed: - CVE-2019-9637: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128892). - CVE-2019-9675: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128886). - CVE-2019-9638: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension ((bsc#1128889). - CVE-2019-9639: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128887). - CVE-2019-9640: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128883). - CVE-2019-9024: Fixed a vulnerability in xmlrpc_decode function which could allow to a hostile XMLRPC server to cause memory read outside the allocated areas (bsc#1126821). - CVE-2019-9020: Fixed a heap out of bounds in xmlrpc_decode function (bsc#1126711). - CVE-2018-20783: Fixed a buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1127122). - CVE-2019-9021: Fixed a heap buffer-based buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1126713). - CVE-2019-9023: Fixed multiple heap-based buffer over-read instances in mbstring regular expression functions (bsc#1126823). - CVE-2019-9641: Fixed multiple invalid memory access in EXIF extension and improved insecure implementation of rename function (bsc#1128722). Other issue addressed: - Deleted README.default_socket_timeout which is not needed anymore (bsc#1129032). Moderate SUSE bug 1126711 SUSE bug 1126713 SUSE bug 1126821 SUSE bug 1126823 SUSE bug 1127122 SUSE bug 1128722 SUSE bug 1128883 SUSE bug 1128886 SUSE bug 1128887 SUSE bug 1128889 SUSE bug 1128892 SUSE bug 1129032 CVE-2018-20783 CVE-2019-9020 CVE-2019-9021 CVE-2019-9023 CVE-2019-9024 CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 CVE-2019-9641 CVE-2019-9675 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for pacemaker fixes the following issues: Security issues fixed: - CVE-2019-3885: Fixed an information disclosure in log output. (bsc#1131357) - CVE-2018-16877: Fixed a local privilege escalation through insufficient IPC client-server authentication. (bsc#1131356) - CVE-2018-16878: Fixed a denial of service through insufficient verification inflicted preference of uncontrolled processes. (bsc#1131353) Non-security issue fixed: - scheduler: Respect the order of constraints when relevant resources are being probed. (bsc#1117934, bsc#1128374) Important SUSE bug 1117381 SUSE bug 1117934 SUSE bug 1128374 SUSE bug 1128772 SUSE bug 1131353 SUSE bug 1131356 SUSE bug 1131357 CVE-2018-16877 CVE-2018-16878 CVE-2019-3885 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libssh2_org fixes the following issues: - Incorrect upstream fix for CVE-2019-3859 broke public key authentication [bsc#1133528, bsc#1130103] Important SUSE bug 1130103 SUSE bug 1133528 CVE-2019-3859 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for git fixes the following issue: - CVE-2018-17456: Git allowed remote code execution during processing of a recursive 'git clone' of a superproject if a .gitmodules file has a URL field beginning with a '-' character. (boo#1110949). Important SUSE bug 1110949 CVE-2018-17456 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for glibc fixes the following issues: Security issues fixed: - CVE-2019-9169: regex: fix read overrun (bsc#1127308, BZ #24114) - CVE-2016-10739: Fully parse IPv4 address strings (bsc#1122729, BZ #20018) - CVE-2009-5155: ERE '0|()0|\1|0' causes regexec undefined behavior (bsc#1127223, BZ #18986) Non-security issues fixed: - Enable TLE only if GLIBC_ELISION_ENABLE=yes is defined (bsc#1131994, fate#322271) - Add more checks for valid ld.so.cache file (bsc#1110661, BZ #18093) - Added cfi information for start routines in order to stop unwinding (bsc#1128574) - ja_JP locale: Add entry for the new Japanese era (bsc#1100396, fate#325570, BZ #22964) Moderate SUSE bug 1100396 SUSE bug 1110661 SUSE bug 1122729 SUSE bug 1127223 SUSE bug 1127308 SUSE bug 1128574 SUSE bug 1131994 CVE-2009-5155 CVE-2016-10739 CVE-2019-9169 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for krb5 fixes the following issues: Security issue fixed: - CVE-2018-20217: Fixed an assertion issue with older encryption types (bsc#1120489) Important SUSE bug 1120489 CVE-2018-20217 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libjpeg-turbo fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-14498: Fixed a heap-based buffer over read in get_8bit_row function which could allow to an attacker to cause denial of service (bsc#1128712). - CVE-2018-11813: Fixed the end-of-file mishandling in read_pixel in rdtarga.c, which allowed remote attackers to cause a denial-of-service via crafted JPG files due to a large loop (bsc#1096209) - CVE-2018-1152: Fixed a denial of service in start_input_bmp() rdbmp.c caused by a divide by zero when processing a crafted BMP image (bsc#1098155) Moderate SUSE bug 1096209 SUSE bug 1098155 SUSE bug 1128712 CVE-2018-1152 CVE-2018-11813 CVE-2018-14498 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for openssl-1_1 to version 1.1.1b fixes the following issues: - Changed the info callback signals for the start and end of a post-handshake message exchange in TLSv1.3. - Fixed a bug in DTLS over SCTP. This breaks interoperability with older versions of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2. - Fixed the handling of strerror_r with glibc. Moderate SUSE bug 1133925 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for webkit2gtk3 to version 2.24.1 fixes the following issues: Security issues fixed: - CVE-2019-6201, CVE-2019-6251, CVE-2019-7285, CVE-2019-7292, CVE-2019-8503, CVE-2019-8506, CVE-2019-8515, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-11070 (bsc#1132256). Important SUSE bug 1132256 CVE-2019-11070 CVE-2019-6201 CVE-2019-6251 CVE-2019-7285 CVE-2019-7292 CVE-2019-8503 CVE-2019-8506 CVE-2019-8515 CVE-2019-8524 CVE-2019-8535 CVE-2019-8536 CVE-2019-8544 CVE-2019-8551 CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for freeradius-server fixes the following issues: Security issues fixed: - CVE-2019-11235: Fixed an authentication bypass related to the EAP-PWD Commit frame and insufficent validation of elliptic curve points (bsc#1132549). - CVE-2019-11234: Fixed an authentication bypass caused by reflecting privous values back to the server (bsc#1132664). Important SUSE bug 1132549 SUSE bug 1132664 CVE-2019-11234 CVE-2019-11235 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2018-8740: Fixed a NULL pointer dereference related to corrupted databases schemas (bsc#1085790). - CVE-2017-10989: Fixed a heap-based buffer over-read in getNodeSize() (bsc#1132045). Moderate SUSE bug 1085790 SUSE bug 1132045 CVE-2017-10989 CVE-2018-8740 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libxslt fixes the following issues: - CVE-2019-11068: Fixed a protection mechanism bypass where callers of xsltCheckRead() and xsltCheckWrite() would permit access upon receiving an error (bsc#1132160). Moderate SUSE bug 1132160 CVE-2019-11068 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) This kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 The following security bugs were fixed: - CVE-2018-16880: A flaw was found in the handle_rx() function in the vhost_net driver. A malicious virtual guest, under specific conditions, could trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (bnc#1122767). - CVE-2019-3882: A flaw was found in the vfio interface implementation that permitted violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). (bnc#1131416 bnc#1131427). - CVE-2019-9003: Attackers could trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a 'service ipmievd restart' loop (bnc#1126704). - CVE-2019-9500: A brcmfmac heap buffer overflow in brcmf_wowl_nd_results was fixed. (bnc#1132681). - CVE-2019-9503: A brcmfmac frame validation bypass was fixed. (bnc#1132828). The following non-security bugs were fixed: - 9p: do not trust pdu content for stat item size (bsc#1051510). - ACPI: acpi_pad: Do not launch acpi_pad threads on idle cpus (bsc#1113399). - acpi, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#1112128) (bsc#1132426). - ACPI / SBS: Fix GPE storm on recent MacBookPro's (bsc#1051510). - alsa: core: Fix card races between register and disconnect (bsc#1051510). - alsa: echoaudio: add a check for ioremap_nocache (bsc#1051510). - alsa: firewire: add const qualifier to identifiers for read-only symbols (bsc#1051510). - alsa: firewire-motu: add a flag for AES/EBU on XLR interface (bsc#1051510). - alsa: firewire-motu: add specification flag for position of flag for MIDI messages (bsc#1051510). - alsa: firewire-motu: add support for MOTU Audio Express (bsc#1051510). - alsa: firewire-motu: add support for Motu Traveler (bsc#1051510). - alsa: firewire-motu: use 'version' field of unit directory to identify model (bsc#1051510). - alsa: hda - add Lenovo IdeaCentre B550 to the power_save_blacklist (bsc#1051510). - alsa: hda - Add two more machines to the power_save_blacklist (bsc#1051510). - alsa: hda - Enforces runtime_resume after S3 and S4 for each codec (bsc#1051510). - alsa: hda: Initialize power_state field properly (bsc#1051510). - alsa: hda/realtek - Add new Dell platform for headset mode (bsc#1051510). - alsa: hda/realtek - Add quirk for Tuxedo XC 1509 (bsc#1131442). - alsa: hda/realtek - Add support for Acer Aspire E5-523G/ES1-432 headset mic (bsc#1051510). - alsa: hda/realtek - Add support headset mode for DELL WYSE AIO (bsc#1051510). - alsa: hda/realtek - Add support headset mode for New DELL WYSE NB (bsc#1051510). - alsa: hda/realtek - add two more pin configuration sets to quirk table (bsc#1051510). - alsa: hda/realtek - Apply the fixup for ASUS Q325UAR (bsc#1051510). - alsa: hda/realtek: Enable ASUS X441MB and X705FD headset MIC with ALC256 (bsc#1051510). - alsa: hda/realtek: Enable headset MIC of Acer AIO with ALC286 (bsc#1051510). - alsa: hda/realtek: Enable headset MIC of Acer Aspire Z24-890 with ALC286 (bsc#1051510). - alsa: hda/realtek: Enable headset mic of ASUS P5440FF with ALC256 (bsc#1051510). - alsa: hda/realtek - Fixed Dell AIO speaker noise (bsc#1051510). - alsa: hda - Record the current power state before suspend/resume calls (bsc#1051510). - alsa: info: Fix racy addition/deletion of nodes (bsc#1051510). - alsa: line6: use dynamic buffers (bsc#1051510). - alsa: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration (bsc#1051510). - alsa: PCM: check if ops are defined before suspending PCM (bsc#1051510). - alsa: pcm: Do not suspend stream in unrecoverable PCM state (bsc#1051510). - alsa: pcm: Fix possible OOB access in PCM oss plugins (bsc#1051510). - alsa: rawmidi: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: sb8: add a check for request_region (bsc#1051510). - alsa: seq: Fix OOB-reads from strlcpy (bsc#1051510). - alsa: seq: oss: Fix Spectre v1 vulnerability (bsc#1051510). - ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe (bsc#1051510). - ASoC: fsl_esai: fix channel swap issue when stream starts (bsc#1051510). - ASoC: topology: free created components in tplg load error (bsc#1051510). - assume flash part size to be 4MB, if it can't be determined (bsc#1127371). - ath10k: avoid possible string overflow (bsc#1051510). - auxdisplay: hd44780: Fix memory leak on ->remove() (bsc#1051510). - auxdisplay: ht16k33: fix potential user-after-free on module unload (bsc#1051510). - batman-adv: Reduce claim hash refcnt only for removed entry (bsc#1051510). - batman-adv: Reduce tt_global hash refcnt only for removed entry (bsc#1051510). - batman-adv: Reduce tt_local hash refcnt only for removed entry (bsc#1051510). - bcm2835 MMC issues (bsc#1070872). - blkcg: Introduce blkg_root_lookup() (bsc#1131673). - blkcg: Make blkg_root_lookup() work for queues in bypass mode (bsc#1131673). - blk-mq: adjust debugfs and sysfs register when updating nr_hw_queues (bsc#1131673). - blk-mq: Avoid that submitting a bio concurrently with device removal triggers a crash (bsc#1131673). - blk-mq: change gfp flags to GFP_NOIO in blk_mq_realloc_hw_ctxs (bsc#1131673). - blk-mq: fallback to previous nr_hw_queues when updating fails (bsc#1131673). - blk-mq: init hctx sched after update ctx and hctx mapping (bsc#1131673). - blk-mq: realloc hctx when hw queue is mapped to another node (bsc#1131673). - blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter (bsc#1131673). - block: Ensure that a request queue is dissociated from the cgroup controller (bsc#1131673). - block: Fix a race between request queue removal and the block cgroup controller (bsc#1131673). - block: Introduce blk_exit_queue() (bsc#1131673). - block: kABI fixes for bio_rewind_iter() removal (bsc#1131673). - block: remove bio_rewind_iter() (bsc#1131673). - bluetooth: btusb: request wake pin with NOAUTOEN (bsc#1051510). - bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt (bsc#1051510). - bluetooth: Fix decrementing reference count twice in releasing socket (bsc#1051510). - bluetooth: hci_ldisc: Initialize hci_dev before open() (bsc#1051510). - bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto() (bsc#1051510). - bluetooth: hci_uart: Check if socket buffer is ERR_PTR in h4_recv_buf() (bsc#1133731). - bnxt_en: Drop oversize TX packets to prevent errors (networking-stable-19_03_07). - bonding: fix PACKET_ORIGDEV regression (git-fixes). - bpf: fix use after free in bpf_evict_inode (bsc#1083647). - btrfs: Avoid possible qgroup_rsv_size overflow in btrfs_calculate_inode_block_rsv_size (git-fixes). - btrfs: check for refs on snapshot delete resume (bsc#1131335). - btrfs: fix assertion failure on fsync with NO_HOLES enabled (bsc#1131848). - btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks (git-fixes). - btrfs: fix deadlock between clone/dedupe and rename (bsc#1130518). - btrfs: fix incorrect file size after shrinking truncate and fsync (bsc#1130195). - btrfs: remove WARN_ON in log_dir_items (bsc#1131847). - btrfs: save drop_progress if we drop refs at all (bsc#1131336). - cdrom: Fix race condition in cdrom_sysctl_register (bsc#1051510). - cgroup: fix parsing empty mount option string (bsc#1133094). - cifs: allow guest mounts to work for smb3.11 (bsc#1051510). - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510). - cifs: do not dereference smb_file_target before null check (bsc#1051510). - cifs: Do not hide EINTR after sending network packets (bsc#1051510). - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510). - cifs: Do not reset lease state to NONE on lease break (bsc#1051510). - cifs: Fix adjustment of credits for MTU requests (bsc#1051510). - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510). - cifs: Fix credits calculations for reads with errors (bsc#1051510). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542). - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510). - cifs: Fix potential OOB access of lock element array (bsc#1051510). - cifs: Fix read after write for files with read caching (bsc#1051510). - clk: clk-twl6040: Fix imprecise external abort for pdmclk (bsc#1051510). - clk: fractional-divider: check parent rate only if flag is set (bsc#1051510). - clk: ingenic: Fix doc of ingenic_cgu_div_info (bsc#1051510). - clk: ingenic: Fix round_rate misbehaving with non-integer dividers (bsc#1051510). - clk: rockchip: fix frac settings of GPLL clock for rk3328 (bsc#1051510). - clk: sunxi-ng: v3s: Fix TCON reset de-assert bit (bsc#1051510). - clk: vc5: Abort clock configuration without upstream clock (bsc#1051510). - clk: x86: Add system specific quirk to mark clocks as critical (bsc#1051510). - clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown (bsc#1051510). - clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR (bsc#1051510). - cpcap-charger: generate events for userspace (bsc#1051510). - cpufreq: pxa2xx: remove incorrect __init annotation (bsc#1051510). - cpufreq: tegra124: add missing of_node_put() (bsc#1051510). - cpupowerutils: bench - Fix cpu online check (bsc#1051510). - cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178). - crypto: caam - add missing put_device() call (bsc#1129770). - crypto: crypto4xx - properly set IV after de- and encrypt (bsc#1051510). - crypto: pcbc - remove bogus memcpy()s with src == dest (bsc#1051510). - crypto: sha256/arm - fix crash bug in Thumb2 build (bsc#1051510). - crypto: sha512/arm - fix crash bug in Thumb2 build (bsc#1051510). - crypto: x86/poly1305 - fix overflow during partial reduction (bsc#1051510). - cxgb4: Add capability to get/set SGE Doorbell Queue Timer Tick (bsc#1127371). - cxgb4: Added missing break in ndo_udp_tunnel_{add/del} (bsc#1127371). - cxgb4: Add flag tc_flower_initialized (bsc#1127371). - cxgb4: Add new T5 PCI device id 0x50ae (bsc#1127371). - cxgb4: Add new T5 PCI device ids 0x50af and 0x50b0 (bsc#1127371). - cxgb4: Add new T6 PCI device ids 0x608a (bsc#1127371). - cxgb4: add per rx-queue counter for packet errors (bsc#1127371). - cxgb4: Add support for FW_ETH_TX_PKT_VM_WR (bsc#1127371). - cxgb4: add support to display DCB info (bsc#1127371). - cxgb4: Add support to read actual provisioned resources (bsc#1127371). - cxgb4: collect ASIC LA dumps from ULP TX (bsc#1127371). - cxgb4: collect hardware queue descriptors (bsc#1127371). - cxgb4: collect number of free PSTRUCT page pointers (bsc#1127371). - cxgb4: convert flower table to use rhashtable (bsc#1127371). - cxgb4: cxgb4: use FW_PORT_ACTION_L1_CFG32 for 32 bit capability (bsc#1127371). - cxgb4/cxgb4vf: Add support for SGE doorbell queue timer (bsc#1127371). - cxgb4/cxgb4vf: Fix mac_hlist initialization and free (bsc#1127374). - cxgb4/cxgb4vf: Link management changes (bsc#1127371). - cxgb4/cxgb4vf: Program hash region for {t4/t4vf}_change_mac() (bsc#1127371). - cxgb4: display number of rx and tx pages free (bsc#1127371). - cxgb4: do not return DUPLEX_UNKNOWN when link is down (bsc#1127371). - cxgb4: Export sge_host_page_size to ulds (bsc#1127371). - cxgb4: fix the error path of cxgb4_uld_register() (bsc#1127371). - cxgb4: impose mandatory VLAN usage when non-zero TAG ID (bsc#1127371). - cxgb4: Mask out interrupts that are not enabled (bsc#1127175). - cxgb4: move Tx/Rx free pages collection to common code (bsc#1127371). - cxgb4: remove redundant assignment to vlan_cmd.dropnovlan_fm (bsc#1127371). - cxgb4: Remove SGE_HOST_PAGE_SIZE dependency on page size (bsc#1127371). - cxgb4: remove the unneeded locks (bsc#1127371). - cxgb4: specify IQTYPE in fw_iq_cmd (bsc#1127371). - cxgb4: Support ethtool private flags (bsc#1127371). - cxgb4: update supported DCB version (bsc#1127371). - cxgb4: use new fw interface to get the VIN and smt index (bsc#1127371). - cxgb4vf: Few more link management changes (bsc#1127374). - cxgb4vf: fix memleak in mac_hlist initialization (bsc#1127374). - cxgb4vf: Update port information in cxgb4vf_open() (bsc#1127374). - device_cgroup: fix RCU imbalance in error case (bsc#1051510). - device property: Fix the length used in PROPERTY_ENTRY_STRING() (bsc#1051510). - Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc (bsc#1051510). - dmaengine: imx-dma: fix warning comparison of distinct pointer types (bsc#1051510). - dmaengine: qcom_hidma: assign channel cookie correctly (bsc#1051510). - dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid (bsc#1051510). - dmaengine: tegra: avoid overflow of byte tracking (bsc#1051510). - dm: disable DISCARD if the underlying storage no longer supports it (bsc#1114638). - Drivers: hv: vmbus: Offload the handling of channels to two workqueues (bsc#1130567). - Drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() (bsc#1130567). - drm: Auto-set allow_fb_modifiers when given modifiers at plane init (bsc#1051510). - drm: bridge: dw-hdmi: Fix overflow workaround for Rockchip SoCs (bsc#1113722) - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers (bsc#1051510). - drm/i915/bios: assume eDP is present on port A when there is no VBT (bsc#1051510). - drm/i915/gvt: Add in context mmio 0x20D8 to gen9 mmio list (bsc#1113722) - drm/i915/gvt: Annotate iomem usage (bsc#1051510). - drm/i915/gvt: do not deliver a workload if its creation fails (bsc#1051510). - drm/i915/gvt: do not let pin count of shadow mm go negative (bsc#1113722) - drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check (bsc#1051510). - drm/i915: Relax mmap VMA check (bsc#1051510). - drm/imx: ignore plane updates on disabled crtcs (bsc#1051510). - drm/imx: imx-ldb: add missing of_node_puts (bsc#1051510). - drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata() (bsc#1113722) - drm/meson: Fix invalid pointer in meson_drv_unbind() (bsc#1051510). - drm/meson: Uninstall IRQ handler (bsc#1051510). - drm/nouveau/debugfs: Fix check of pm_runtime_get_sync failure (bsc#1051510). - drm/nouveau: Stop using drm_crtc_force_disable (bsc#1051510). - drm/nouveau/volt/gf117: fix speedo readout register (bsc#1051510). - drm/rockchip: vop: reset scale mode when win is disabled (bsc#1113722) - drm/sun4i: Add missing drm_atomic_helper_shutdown at driver unbind (bsc#1113722) - drm/sun4i: Fix component unbinding and component master deletion (bsc#1113722) - drm/sun4i: Set device driver data at bind time for use in unbind (bsc#1113722) - drm/sun4i: Unbind components before releasing DRM and memory (bsc#1113722) - drm/udl: add a release method and delay modeset teardown (bsc#1085536) - drm/vc4: Fix memory leak during gpu reset. (bsc#1113722) - dsa: mv88e6xxx: Ensure all pending interrupts are handled prior to exit (networking-stable-19_02_20). - e1000e: fix cyclic resets at link up with active tx (bsc#1051510). - e1000e: Fix -Wformat-truncation warnings (bsc#1051510). - ext2: Fix underflow in ext2_max_size() (bsc#1131174). - ext4: add mask of ext4 flags to swap (bsc#1131170). - ext4: add missing brelse() in add_new_gdb_meta_bg() (bsc#1131176). - ext4: Avoid panic during forced reboot (bsc#1126356). - ext4: brelse all indirect buffer in ext4_ind_remove_space() (bsc#1131173). - ext4: cleanup bh release code in ext4_ind_remove_space() (bsc#1131851). - ext4: cleanup pagecache before swap i_data (bsc#1131178). - ext4: fix check of inode in swap_inode_boot_loader (bsc#1131177). - ext4: fix data corruption caused by unaligned direct AIO (bsc#1131172). - ext4: fix EXT4_IOC_SWAP_BOOT (bsc#1131180). - ext4: fix NULL pointer dereference while journal is aborted (bsc#1131171). - ext4: update quota information while swapping boot loader inode (bsc#1131179). - fbdev: fbmem: fix memory access if logo is bigger than the screen (bsc#1051510). - fix cgroup_do_mount() handling of failure exits (bsc#1133095). - Fix kabi after 'md: batch flush requests.' (bsc#1119680). - Fix struct page kABI after adding atomic for ppc (bsc#1131326, bsc#1108937). - fm10k: Fix a potential NULL pointer dereference (bsc#1051510). - fs: avoid fdput() after failed fdget() in vfs_dedupe_file_range() (bsc#1132384, bsc#1132219). - fs/dax: deposit pagetable even when installing zero page (bsc#1126740). - fs/nfs: Fix nfs_parse_devname to not modify it's argument (git-fixes). - futex: Cure exit race (bsc#1050549). - futex: Ensure that futex address is aligned in handle_futex_death() (bsc#1050549). - futex: Handle early deadlock return correctly (bsc#1050549). - gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input (bsc#1051510). - gpio: gpio-omap: fix level interrupt idling (bsc#1051510). - gpio: of: Fix of_gpiochip_add() error path (bsc#1051510). - gre6: use log_ecn_error module parameter in ip6_tnl_rcv() (git-fixes). - hid: i2c-hid: Ignore input report if there's no data present on Elan touchpanels (bsc#1133486). - hid: intel-ish-hid: avoid binding wrong ishtp_cl_device (bsc#1051510). - hid: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR busy_clear bit (bsc#1051510). - hv_netvsc: Fix IP header checksum for coalesced packets (networking-stable-19_03_07). - hv: reduce storvsc_ringbuffer_size from 1M to 128K to simplify booting with 1k vcpus (). - hv: reduce storvsc_ringbuffer_size from 1M to 128K to simplify booting with 1k vcpus (fate#323887). - hwrng: virtio - Avoid repeated init of completion (bsc#1051510). - i2c: Make i2c_unregister_device() NULL-aware (bsc#1108193). - i2c: tegra: fix maximum transfer size (bsc#1051510). - ibmvnic: Enable GRO (bsc#1132227). - ibmvnic: Fix completion structure initialization (bsc#1131659). - ibmvnic: Fix netdev feature clobbering during a reset (bsc#1132227). - iio: adc: at91: disable adc channel interrupt in timeout case (bsc#1051510). - iio: adc: fix warning in Qualcomm PM8xxx HK/XOADC driver (bsc#1051510). - iio: ad_sigma_delta: select channel when reading register (bsc#1051510). - iio: core: fix a possible circular locking dependency (bsc#1051510). - iio: cros_ec: Fix the maths for gyro scale calculation (bsc#1051510). - iio: dac: mcp4725: add missing powerdown bits in store eeprom (bsc#1051510). - iio: Fix scan mask selection (bsc#1051510). - iio/gyro/bmg160: Use millidegrees for temperature scale (bsc#1051510). - iio: gyro: mpu3050: fix chip ID reading (bsc#1051510). - input: cap11xx - switch to using set_brightness_blocking() (bsc#1051510). - input: matrix_keypad - use flush_delayed_work() (bsc#1051510). - input: snvs_pwrkey - initialize necessary driver data before enabling IRQ (bsc#1051510). - input: st-keyscan - fix potential zalloc NULL dereference (bsc#1051510). - input: synaptics-rmi4 - write config register values to the right offset (bsc#1051510). - input: uinput - fix undefined behavior in uinput_validate_absinfo() (bsc#1120902). - intel_idle: add support for Jacobsville (jsc#SLE-5394). - io: accel: kxcjk1013: restore the range after resume (bsc#1051510). - iommu/amd: Fix NULL dereference bug in match_hid_uid (bsc#1130336). - iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE (bsc#1130337). - iommu/amd: Reserve exclusion range in iova-domain (bsc#1130425). - iommu/amd: Set exclusion range correctly (bsc#1130425). - iommu: Do not print warning when IOMMU driver only supports unmanaged domains (bsc#1130130). - iommu/vt-d: Check capability before disabling protected memory (bsc#1130338). - ip6: fix PMTU discovery when using /127 subnets (git-fixes). - ip6mr: Do not call __IP6_INC_STATS() from preemptible context (git-fixes). - ip6_tunnel: fix ip6 tunnel lookup in collect_md mode (git-fixes). - ipmi: Fix I2C client removal in the SSIF driver (bsc#1108193). - ipmi_ssif: Remove duplicate NULL check (bsc#1108193). - ipv4: Return error for RTA_VIA attribute (networking-stable-19_03_07). - ipv4/route: fail early when inet dev is missing (git-fixes). - ipv6: Fix dangling pointer when ipv6 fragment (git-fixes). - ipv6: propagate genlmsg_reply return code (networking-stable-19_02_24). - ipv6: Return error for RTA_VIA attribute (networking-stable-19_03_07). - ipv6: sit: reset ip header pointer in ipip6_rcv (git-fixes). - ipvlan: disallow userns cap_net_admin to change global mode/flags (networking-stable-19_03_15). - ipvs: remove IPS_NAT_MASK check to fix passive FTP (git-fixes). - irqchip/gic-v3-its: Avoid parsing _indirect_ twice for Device table (bsc#1051510). - irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable (bsc#1051510). - iscsi_ibft: Fix missing break in switch statement (bsc#1051510). - iw_cxgb4: cq/qp mask depends on bar2 pages in a host page (bsc#1127371). - iwiwifi: fix bad monitor buffer register addresses (bsc#1129770). - iwlwifi: fix send hcmd timeout recovery flow (bsc#1129770). - iwlwifi: mvm: fix firmware statistics usage (bsc#1129770). - jbd2: clear dirty flag when revoking a buffer from an older transaction (bsc#1131167). - jbd2: fix compile warning when using JBUFFER_TRACE (bsc#1131168). - kABI: restore icmp_send (kabi). - kabi/severities: add cxgb4 and cxgb4vf shared data to the whitelis (bsc#1127372) - kabi/severities: add libcxgb to cxgb intra module symbols as well - kabi/severities: exclude cxgb4 inter-module symbols - kasan: fix shadow_size calculation error in kasan_module_alloc (bsc#1051510). - kbuild: fix false positive warning/error about missing libelf (bsc#1051510). - kbuild: modversions: Fix relative CRC byte order interpretation (bsc#1131290). - kbuild: strip whitespace in cmd_record_mcount findstring (bsc#1065729). - kcm: switch order of device registration to fix a crash (bnc#1130527). - kernfs: do not set dentry->d_fsdata (boo#1133115). - keys: always initialize keyring_index_key::desc_len (bsc#1051510). - keys: user: Align the payload buffer (bsc#1051510). - kvm: Call kvm_arch_memslots_updated() before updating memslots (bsc#1132563). - kvm: Fix kABI for AMD SMAP Errata workaround (bsc#1133149). - kvm: nVMX: Apply addr size mask to effective address for VMX instructions (bsc#1132561). - kvm: nVMX: Ignore limit checks on VMX instructions using flat segments (bsc#1132564). - kvm: nVMX: Sign extend displacements of VMX instr's mem operands (bsc#1132562). - kvm: PPC: Book3S HV: Fix race between kvm_unmap_hva_range and MMU mode switch (bsc#1061840). - kvm: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation) (bsc#1133149). - kvm: VMX: Compare only a single byte for VMCS' 'launched' in vCPU-run (bsc#1132555). - kvm: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts (bsc#1114279). - kvm: x86/mmu: Detect MMIO generation wrap in any address space (bsc#1132570). - kvm: x86/mmu: Do not cache MMIO accesses while memslots are in flux (bsc#1132571). - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID (bsc#1111331). - leds: pca9532: fix a potential NULL pointer dereference (bsc#1051510). - libceph: wait for latest osdmap in ceph_monc_blacklist_add() (bsc#1130427). - libertas_tf: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510). - lightnvm: if LUNs are already allocated fix return (bsc#1085535). - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a new <linux/bits.h> file (bsc#1111331). - mac80211: do not call driver wake_tx_queue op during reconfig (bsc#1051510). - mac80211: Fix Tx aggregation session tear down with ITXQs (bsc#1051510). - mac80211_hwsim: propagate genlmsg_reply return code (bsc#1051510). - md: batch flush requests (bsc#1119680). - md: Fix failed allocation of md_register_thread (git-fixes). - md/raid1: do not clear bitmap bits on interrupted recovery (git-fixes). - md/raid5: fix 'out of memory' during raid cache recovery (git-fixes). - media: mt9m111: set initial frame size other than 0x0 (bsc#1051510). - media: mtk-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: mx2_emmaprp: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: rc: mce_kbd decoder: fix stuck keys (bsc#1100132). - media: s5p-g2d: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: s5p-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: sh_veu: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: v4l2-ctrls.c/uvc: zero v4l2_event (bsc#1051510). - media: vb2: do not call __vb2_queue_cancel if vb2_start_streaming failed (bsc#1119086). - memremap: fix softlockup reports at teardown (bnc#1130154). - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S (bsc#1051510). - missing barriers in some of unix_sock ->addr and ->path accesses (networking-stable-19_03_15). - mmc: davinci: remove extraneous __init annotation (bsc#1051510). - mmc: pxamci: fix enum type confusion (bsc#1051510). - mmc: sdhci: Fix data command CRC error handling (bsc#1051510). - mmc: sdhci: Handle auto-command errors (bsc#1051510). - mmc: sdhci: Rename SDHCI_ACMD12_ERR and SDHCI_INT_ACMD12ERR (bsc#1051510). - mmc: tmio_mmc_core: do not claim spurious interrupts (bsc#1051510). - mm/debug.c: fix __dump_page when mapping->host is not set (bsc#1131934). - mm: Fix modifying of page protection by insert_pfn() (bsc#1126740). - mm: Fix warning in insert_pfn() (bsc#1126740). - mm/huge_memory.c: fix modifying of page protection by insert_pfn_pmd() (bsc#1126740). - mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate() (bsc#1131935). - mm/vmalloc: fix size check for remap_vmalloc_range_partial() (bsc#1133825). - mpls: Return error for RTA_GATEWAY attribute (networking-stable-19_03_07). - mt7601u: bump supported EEPROM version (bsc#1051510). - mwifiex: do not advertise IBSS features without FW support (bsc#1129770). - net: Add header for usage of fls64() (networking-stable-19_02_20). - net: Add __icmp_send helper (networking-stable-19_03_07). - net: avoid false positives in untrusted gso validation (git-fixes). - net: avoid use IPCB in cipso_v4_error (networking-stable-19_03_07). - net: bridge: add vlan_tunnel to bridge port policies (git-fixes). - net: bridge: fix per-port af_packet sockets (git-fixes). - net: bridge: multicast: use rcu to access port list from br_multicast_start_querier (git-fixes). - net: datagram: fix unbounded loop in __skb_try_recv_datagram() (git-fixes). - net: Do not allocate page fragments that are not skb aligned (networking-stable-19_02_20). - net: dsa: mv88e6xxx: Fix u64 statistics (networking-stable-19_03_07). - net: ena: update driver version from 2.0.2 to 2.0.3 (bsc#1129276 bsc#1125342). - netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING (git-fixes). - netfilter: check for seqadj ext existence before adding it in nf_nat_setup_info (git-fixes). - netfilter: ip6t_MASQUERADE: add dependency on conntrack module (git-fixes). - netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit() (git-fixes). - netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt (git-fixes). - netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target} (git-fixes). - netfilter: x_tables: fix int overflow in xt_alloc_table_info() (git-fixes). - net: Fix for_each_netdev_feature on Big endian (networking-stable-19_02_20). - net: fix IPv6 prefix route residue (networking-stable-19_02_20). - net: Fix untag for vlan packets without ethernet header (git-fixes). - net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off (git-fixes). - net/hsr: Check skb_put_padto() return value (git-fixes). - net: hsr: fix memory leak in hsr_dev_finalize() (networking-stable-19_03_15). - net/hsr: fix possible crash in add_timer() (networking-stable-19_03_15). - netlabel: fix out-of-bounds memory accesses (networking-stable-19_03_07). - netlink: fix nla_put_{u8,u16,u32} for KASAN (git-fixes). - net/mlx5e: Do not overwrite pedit action when multiple pedit used (networking-stable-19_02_24). - net/ncsi: Fix AEN HNCDSC packet length (git-fixes). - net/ncsi: Stop monitor if channel times out or is inactive (git-fixes). - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails (networking-stable-19_03_07). - net/packet: fix 4gb buffer limit due to overflow check (networking-stable-19_02_24). - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec (git-fixes). - net_sched: acquire RTNL in tc_action_net_exit() (git-fixes). - net_sched: fix two more memory leaks in cls_tcindex (networking-stable-19_02_24). - net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255 (networking-stable-19_03_15). - net: sit: fix memory leak in sit_init_net() (networking-stable-19_03_07). - net: sit: fix UBSAN Undefined behaviour in check_6rd (networking-stable-19_03_15). - net: socket: set sock->sk to NULL after calling proto_ops::release() (networking-stable-19_03_07). - net-sysfs: Fix mem leak in netdev_register_kobject (git-fixes). - net: validate untrusted gso packets without csum offload (networking-stable-19_02_20). - net/x25: fix a race in x25_bind() (networking-stable-19_03_15). - net/x25: fix use-after-free in x25_device_event() (networking-stable-19_03_15). - net/x25: reset state in x25_connect() (networking-stable-19_03_15). - net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() (git-fixes). - nfc: nci: Add some bounds checking in nci_hci_cmd_received() (bsc#1051510). - nfs: Add missing encode / decode sequence_maxsz to v4.2 operations (git-fixes). - nfsd4: catch some false session retries (git-fixes). - nfsd4: fix cached replies to solo SEQUENCE compounds (git-fixes). - nfsd: fix memory corruption caused by readdir (bsc#1127445). - nfsd: fix memory corruption caused by readdir (bsc#1127445). - nfs: Do not recoalesce on error in nfs_pageio_complete_mirror() (git-fixes). - nfs: Do not use page_file_mapping after removing the page (git-fixes). - nfs: Fix an I/O request leakage in nfs_do_recoalesce (git-fixes). - nfs: Fix a soft lockup in the delegation recovery code (git-fixes). - nfs: Fix a typo in nfs_init_timeout_values() (git-fixes). - nfs: Fix dentry revalidation on NFSv4 lookup (bsc#1132618). - nfs: Fix I/O request leakages (git-fixes). - nfs: fix mount/umount race in nlmclnt (git-fixes). - nfs/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount (git-fixes). - nfsv4.1 do not free interrupted slot on open (git-fixes). - nfsv4.1: Reinitialise sequence results before retransmitting a request (git-fixes). - nfsv4/flexfiles: Fix invalid deref in FF_LAYOUT_DEVID_NODE() (git-fixes). - nvme: add proper discard setup for the multipath device (bsc#1114638). - nvme: fix the dangerous reference of namespaces list (bsc#1131673). - nvme: make sure ns head inherits underlying device limits (bsc#1131673). - nvme-multipath: avoid crash on invalid subsystem cntlid enumeration (bsc#1129273). - nvme-multipath: split bios with the ns_head bio_set before submitting (bsc#1103259, bsc#1131673). - nvme: only reconfigure discard if necessary (bsc#1114638). - nvme: schedule requeue whenever a LIVE state is entered (bsc#1123105). - ocfs2: fix inode bh swapping mixup in ocfs2_reflink_inodes_lock (bsc#1131169). - pci: Add function 1 DMA alias quirk for Marvell 9170 SATA controller (bsc#1051510). - pci: designware-ep: dw_pcie_ep_set_msi() should only set MMC bits (bsc#1051510). - pci: designware-ep: Read-only registers need DBI_RO_WR_EN to be writable (bsc#1051510). - pci: pciehp: Convert to threaded IRQ (bsc#1133005). - pci: pciehp: Ignore Link State Changes after powering off a slot (bsc#1133005). - phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs (bsc#1051510). - pM / wakeup: Rework wakeup source timer cancellation (bsc#1051510). - powercap: intel_rapl: add support for Jacobsville (). - powercap: intel_rapl: add support for Jacobsville (FATE#327454). - powerpc/64: Call setup_barrier_nospec() from setup_arch() (bsc#1131107). - powerpc/64: Disable the speculation barrier from the command line (bsc#1131107). - powerpc64/ftrace: Include ftrace.h needed for enable/disable calls (bsc#1088804, git-fixes). - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (bsc#1131107). - powerpc/64s: Add new security feature flags for count cache flush (bsc#1131107). - powerpc/64s: Add support for software count cache flush (bsc#1131107). - powerpc/64s: Fix logic when handling unknown CPU features (bsc#1055117). - powerpc/64s: Fix page table fragment refcount race vs speculative references (bsc#1131326, bsc#1108937). - powerpc/asm: Add a patch_site macro & helpers for patching instructions (bsc#1131107). - powerpc: avoid -mno-sched-epilog on GCC 4.9 and newer (bsc#1065729). - powerpc: consolidate -mno-sched-epilog into FTRACE flags (bsc#1065729). - powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest (bsc#1061840). - powerpc/fsl: Fix spectre_v2 mitigations reporting (bsc#1131107). - powerpc/hugetlb: Handle mmap_min_addr correctly in get_unmapped_area callback (bsc#1131900). - powerpc/kvm: Save and restore host AMR/IAMR/UAMOR (bsc#1061840). - powerpc/mm: Add missing tracepoint for tlbie (bsc#1055117, git-fixes). - powerpc/mm: Check secondary hash page table (bsc#1065729). - powerpc/mm: Fix page table dump to work on Radix (bsc#1055186, fate#323286, git-fixes). - powerpc/mm: Fix page table dump to work on Radix (bsc#1055186, git-fixes). - powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown search (bsc#1131900). - powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186, fate#323286, git-fixes). - powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186, git-fixes). - powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186, fate#323286, git-fixes). - powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186, git-fixes). - powerpc/numa: document topology_updates_enabled, disable by default (bsc#1133584). - powerpc/numa: improve control of topology updates (bsc#1133584). - powerpc/perf: Fix unit_sel/cache_sel checks (bsc#1053043). - powerpc/perf: Remove l2 bus events from HW cache event array (bsc#1053043). - powerpc/powernv/cpuidle: Init all present cpus for deep states (bsc#1055121). - powerpc/powernv: Do not reprogram SLW image on every KVM guest entry/exit (bsc#1061840). - powerpc/powernv/ioda2: Remove redundant free of TCE pages (bsc#1061840). - powerpc/powernv/ioda: Allocate indirect TCE levels of cached userspace addresses on demand (bsc#1061840). - powerpc/powernv/ioda: Fix locked_vm counting for memory used by IOMMU tables (bsc#1061840). - powerpc/powernv: Make opal log only readable by root (bsc#1065729). - powerpc/powernv: Query firmware for count cache flush settings (bsc#1131107). - powerpc/powernv: Remove never used pnv_power9_force_smt4 (bsc#1061840). - powerpc/pseries/mce: Fix misleading print for TLB mutlihit (bsc#1094244, git-fixes). - powerpc/pseries: Query hypervisor for count cache flush settings (bsc#1131107). - powerpc/security: Fix spectre_v2 reporting (bsc#1131107). - powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587). - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#1131587). - power: supply: charger-manager: Fix incorrect return value (bsc#1051510). - pwm-backlight: Enable/disable the PWM before/after LCD enable toggle (bsc#1051510). - qmi_wwan: Add support for Quectel EG12/EM12 (networking-stable-19_03_07). - qmi_wwan: apply SET_DTR quirk to Sierra WP7607 (bsc#1051510). - qmi_wwan: Fix qmap header retrieval in qmimux_rx_fixup (bsc#1051510). - raid10: It's wrong to add len to sector_nr in raid10 reshape twice (git-fixes). - ras/cec: Check the correct variable in the debugfs error handling (bsc#1085535). - ravb: Decrease TxFIFO depth of Q3 and Q2 to one (networking-stable-19_03_15). - rdma/cxgb4: Add support for 64Byte cqes (bsc#1127371). - rdma/cxgb4: Add support for kernel mode SRQ's (bsc#1127371). - rdma/cxgb4: Add support for srq functions & structs (bsc#1127371). - rdma/cxgb4: fix some info leaks (bsc#1127371). - rdma/cxgb4: Make c4iw_poll_cq_one() easier to analyze (bsc#1127371). - rdma/cxgb4: Remove a set-but-not-used variable (bsc#1127371). - rdma/iw_cxgb4: Drop __GFP_NOFAIL (bsc#1127371). - rds: fix refcount bug in rds_sock_addref (git-fixes). - rds: tcp: atomically purge entries from rds_tcp_conn_list during netns delete (git-fixes). - regulator: max77620: Initialize values for DT properties (bsc#1051510). - regulator: s2mpa01: Fix step values for some LDOs (bsc#1051510). - Revert drm/i915 patches that caused regressions (bsc#1131062) - Revert 'ipv4: keep skb->dst around in presence of IP options' (git-fixes). - rhashtable: Still do rehash when we get EEXIST (bsc#1051510). - ring-buffer: Check if memory is available before allocation (bsc#1132531). - rpm/config.sh: Fix build project and bugzilla product. - rtc: 88pm80x: fix unintended sign extension (bsc#1051510). - rtc: 88pm860x: fix unintended sign extension (bsc#1051510). - rtc: cmos: ignore bogus century byte (bsc#1051510). - rtc: ds1672: fix unintended sign extension (bsc#1051510). - rtc: Fix overflow when converting time64_t to rtc_time (bsc#1051510). - rtc: pm8xxx: fix unintended sign extension (bsc#1051510). - rtnetlink: bring NETDEV_CHANGE_TX_QUEUE_LEN event process back in rtnetlink_event (git-fixes). - rtnetlink: bring NETDEV_CHANGEUPPER event process back in rtnetlink_event (git-fixes). - rtnetlink: bring NETDEV_POST_TYPE_CHANGE event process back in rtnetlink_event (git-fixes). - rtnetlink: check DO_SETLINK_NOTIFY correctly in do_setlink (git-fixes). - rxrpc: Do not release call mutex on error pointer (git-fixes). - rxrpc: Do not treat call aborts as conn aborts (git-fixes). - rxrpc: Fix client call queueing, waiting for channel (networking-stable-19_03_15). - rxrpc: Fix Tx ring annotation after initial Tx failure (git-fixes). - s390/dasd: fix panic for failed online processing (bsc#1132589). - s390/pkey: move pckmo subfunction available checks away from module init (bsc#1128544). - s390/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - scsi: libiscsi: fix possible NULL pointer dereference in case of TMF (bsc#1127378). - scsi: libsas: allocate sense buffer for bsg queue (bsc#1131467). - scsi: qla2xxx: Add new FC-NVMe enable BIT to enable FC-NVMe feature (bsc#1130579). - sctp: call gso_reset_checksum when computing checksum in sctp_gso_segment (networking-stable-19_02_24). - serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart (bsc#1051510). - serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling (bsc#1051510). - serial: imx: Update cached mctrl value when changing RTS (bsc#1051510). - serial: max310x: Fix to avoid potential NULL pointer dereference (bsc#1051510). - serial: sh-sci: Fix setting SCSCR_TIE while transferring data (bsc#1051510). - sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach() (networking-stable-19_02_24). - smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510). - soc: fsl: qbman: avoid race in clearing QMan interrupt (bsc#1051510). - SoC: imx-sgtl5000: add missing put_device() (bsc#1051510). - soc: qcom: gsbi: Fix error handling in gsbi_probe() (bsc#1051510). - soc/tegra: fuse: Fix illegal free of IO base address (bsc#1051510). - spi: pxa2xx: Setup maximum supported DMA transfer length (bsc#1051510). - spi: ti-qspi: Fix mmap read when more than one CS in use (bsc#1051510). - spi/topcliff_pch: Fix potential NULL dereference on allocation error (bsc#1051510). - staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf (bsc#1051510). - staging: comedi: ni_usb6501: Fix use of uninitialized mutex (bsc#1051510). - staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf (bsc#1051510). - staging: comedi: vmk80xx: Fix use of uninitialized semaphore (bsc#1051510). - staging: iio: ad7192: Fix ad7193 channel address (bsc#1051510). - staging: rtl8712: uninitialized memory in read_bbreg_hdl() (bsc#1051510). - staging: vt6655: Fix interrupt race condition on device start up (bsc#1051510). - staging: vt6655: Remove vif check from vnt_interrupt (bsc#1051510). - sunrpc/cache: handle missing listeners better (bsc#1126221). - sunrpc: fix 4 more call sites that were using stack memory with a scatterlist (git-fixes). - supported.conf: Add vxlan to kernel-default-base (bsc#1132083). - supported.conf: dw_mmc-bluefield is not needed in kernel-default-base (bsc#1131574). - svm/avic: Fix invalidate logical APIC id entry (bsc#1132726). - svm: Fix AVIC DFR and LDR handling (bsc#1132558). - svm: Fix improper check when deactivate AVIC (bsc#1130335). - sysctl: handle overflow for file-max (bsc#1051510). - tcp: fix TCP_REPAIR_QUEUE bound checking (git-fixes). - tcp: tcp_v4_err() should be more careful (networking-stable-19_02_20). - thermal: bcm2835: Fix crash in bcm2835_thermal_debugfs (bsc#1051510). - thermal/intel_powerclamp: fix truncated kthread name (). - thermal/intel_powerclamp: fix truncated kthread name (FATE#326597). - tipc: fix race condition causing hung sendto (networking-stable-19_03_07). - tpm: Fix some name collisions with drivers/char/tpm.h (bsc#1051510). - tpm: Fix the type of the return value in calc_tpm2_event_size() (bsc#1082555). - tpm_tis_spi: Pass the SPI IRQ down to the driver (bsc#1051510). - tpm/tpm_crb: Avoid unaligned reads in crb_recv() (bsc#1051510). - tracing: Fix a memory leak by early error exit in trace_pid_write() (bsc#1133702). - tracing: Fix buffer_ref pipe ops (bsc#1133698). - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account (bsc#1132527). - tty: atmel_serial: fix a potential NULL pointer dereference (bsc#1051510). - tun: fix blocking read (networking-stable-19_03_07). - tun: remove unnecessary memory barrier (networking-stable-19_03_07). - udf: Fix crash on IO error during truncate (bsc#1131175). - uio: Reduce return paths from uio_write() (bsc#1051510). - Update patches.kabi/kabi-cxgb4-MU.patch (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584 bsc#1127371). - usb: cdc-acm: fix race during wakeup blocking TX traffic (bsc#1129770). - usb: chipidea: Grab the (legacy) USB PHY by phandle first (bsc#1051510). - usb: common: Consider only available nodes for dr_mode (bsc#1129770). - usb: core: only clean up what we allocated (bsc#1051510). - usb: dwc3: gadget: Fix the uninitialized link_state when udc starts (bsc#1051510). - usb: dwc3: gadget: synchronize_irq dwc irq in suspend (bsc#1051510). - usb: f_fs: Avoid crash due to out-of-scope stack ptr access (bsc#1051510). - usb: gadget: f_hid: fix deadlock in f_hidg_write() (bsc#1129770). - usb: gadget: Potential NULL dereference on allocation error (bsc#1051510). - usb: host: xhci-rcar: Add XHCI_TRUST_TX_LENGTH quirk (bsc#1051510). - usb: mtu3: fix EXTCON dependency (bsc#1051510). - usb: phy: fix link errors (bsc#1051510). - usb: phy: twl6030-usb: fix possible use-after-free on remove (bsc#1051510). - usb: serial: cp210x: add ID for Ingenico 3070 (bsc#1129770). - usb: serial: cp210x: add new device id (bsc#1051510). - usb: serial: cp210x: fix GPIO in autosuspend (bsc#1120902). - usb: serial: ftdi_sio: add additional NovaTech products (bsc#1051510). - usb: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485 (bsc#1129770). - usb: serial: mos7720: fix mos_parport refcount imbalance on error path (bsc#1129770). - usb: serial: option: add Olicard 600 (bsc#1051510). - usb: serial: option: add support for Quectel EM12 (bsc#1051510). - usb: serial: option: add Telit ME910 ECM composition (bsc#1129770). - usb: serial: option: set driver_info for SIM5218 and compatibles (bsc#1129770). - vfs: allow dedupe of user owned read-only files (bsc#1133778, bsc#1132219). - vfs: avoid problematic remapping requests into partial EOF block (bsc#1133850, bsc#1132219). - vfs: dedupe: extract helper for a single dedup (bsc#1133769, bsc#1132219). - vfs: dedupe should return EPERM if permission is not granted (bsc#1133779, bsc#1132219). - vfs: exit early from zero length remap operations (bsc#1132411, bsc#1132219). - vfs: export vfs_dedupe_file_range_one() to modules (bsc#1133772, bsc#1132219). - vfs: limit size of dedupe (bsc#1132397, bsc#1132219). - vfs: rename clone_verify_area to remap_verify_area (bsc#1133852, bsc#1132219). - vfs: skip zero-length dedupe requests (bsc#1133851, bsc#1132219). - vfs: swap names of {do,vfs}_clone_file_range() (bsc#1133774, bsc#1132219). - vfs: vfs_clone_file_prep_inodes should return EINVAL for a clone from beyond EOF (bsc#1133780, bsc#1132219). - video: fbdev: Set pixclock = 0 in goldfishfb (bsc#1051510). - vxlan: test dev->flags & IFF_UP before calling netif_rx() (networking-stable-19_02_20). - wil6210: check null pointer in _wil_cfg80211_merge_extra_ies (bsc#1051510). - wlcore: Fix memory leak in case wl12xx_fetch_firmware failure (bsc#1051510). - x86/cpu: Add Atom Tremont (Jacobsville) (). - x86/cpu: Add Atom Tremont (Jacobsville) (FATE#327454). - x86/CPU/AMD: Set the CPB bit unconditionally on F17h (bsc#1114279). - x86/cpu: Sanitize FAM6_ATOM naming (bsc#1111331). - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (bsc#1111331). - x86/kvm/hyper-v: avoid spurious pending stimer on vCPU init (bsc#1132572). - x86/kvm/vmx: Add MDS protection when L1D Flush is not active (bsc#1111331). - x86/MCE/AMD, EDAC/mce_amd: Add new error descriptions for some SMCA bank types (bsc#1128415). - x86/MCE/AMD, EDAC/mce_amd: Add new McaTypes for CS, PSP, and SMU units (bsc#1128415). - x86/MCE/AMD, EDAC/mce_amd: Add new MP5, NBIO, and PCIE SMCA bank types (bsc#1128415). - x86/mce/AMD, EDAC/mce_amd: Enumerate Reserved SMCA bank type (bsc#1128415). - x86/mce/AMD: Pass the bank number to smca_get_bank_type() (bsc#1128415). - x86/MCE: Fix kABI for new AMD bank names (bsc#1128415). - x86/mce: Handle varying MCA bank counts (bsc#1128415). - x86/mce: Improve error message when kernel cannot recover, p2 (bsc#1114279). - x86/msr-index: Cleanup bit defines (bsc#1111331). - x86/PCI: Fixup RTIT_BAR of Intel Denverton Trace Hub (bsc#1120318). - x86/speculation: Consolidate CPU whitelists (bsc#1111331). - x86/speculation/mds: Add basic bug infrastructure for MDS (bsc#1111331). - x86/speculation/mds: Add BUG_MSBDS_ONLY (bsc#1111331). - x86/speculation/mds: Add mds_clear_cpu_buffers() (bsc#1111331). - x86/speculation/mds: Add mds=full,nosmt cmdline option (bsc#1111331). - x86/speculation/mds: Add mitigation control for MDS (bsc#1111331). - x86/speculation/mds: Add mitigation mode VMWERV (bsc#1111331). - x86/speculation/mds: Add 'mitigations=' support for MDS (bsc#1111331). - x86/speculation/mds: Add SMT warning message (bsc#1111331). - x86/speculation/mds: Add sysfs reporting for MDS (bsc#1111331). - x86/speculation/mds: Clear CPU buffers on exit to user (bsc#1111331). - x86/speculation/mds: Conditionally clear CPU buffers on idle entry (bsc#1111331). - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (bsc#1111331). - x86/speculation: Move arch_smt_update() call to after mitigation decisions (bsc#1111331). - x86/speculation: Prevent deadlock on ssb_state::lock (bsc#1114279). - x86/speculation: Simplify the CPU bug detection logic (bsc#1111331). - x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - x86/tsc: Force inlining of cyc2ns bits (bsc#1052904). - x86/uaccess: Do not leak the AC flag into __put_user() value evaluation (bsc#1114279). - xen-netback: do not populate the hash cache on XenBus disconnect (networking-stable-19_03_07). - xen-netback: fix occasional leak of grant ref mappings under memory pressure (networking-stable-19_03_07). - xen: Prevent buffer overflow in privcmd ioctl (bsc#1065600). - xfrm: do not call rcu_read_unlock when afinfo is NULL in xfrm_get_tos (git-fixes). - xfrm: Fix ESN sequence number handling for IPsec GSO packets (git-fixes). - xfrm: fix rcu_read_unlock usage in xfrm_local_error (git-fixes). - xfs: add the ability to join a held buffer to a defer_ops (bsc#1133674). - xfs: allow xfs_lock_two_inodes to take different EXCL/SHARED modes (bsc#1132370, bsc#1132219). - xfs: call xfs_qm_dqattach before performing reflink operations (bsc#1132368, bsc#1132219). - xfs: cap the length of deduplication requests (bsc#1132373, bsc#1132219). - xfs: clean up xfs_reflink_remap_blocks call site (bsc#1132413, bsc#1132219). - xfs: fix data corruption w/ unaligned dedupe ranges (bsc#1132405, bsc#1132219). - xfs: fix data corruption w/ unaligned reflink ranges (bsc#1132407, bsc#1132219). - xfs: fix pagecache truncation prior to reflink (bsc#1132412, bsc#1132219). - xfs: fix reporting supported extra file attributes for statx() (bsc#1133529). - xfs: flush removing page cache in xfs_reflink_remap_prep (bsc#1132414, bsc#1132219). - xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute (bsc#1133675). - xfs: only grab shared inode locks for source file during reflink (bsc#1132372, bsc#1132219). - xfs: refactor clonerange preparation into a separate helper (bsc#1132402, bsc#1132219). - xfs: refactor xfs_trans_roll (bsc#1133667). - xfs: reflink find shared should take a transaction (bsc#1132226, bsc#1132219). - xfs: reflink should break pnfs leases before sharing blocks (bsc#1132369, bsc#1132219). - xfs: remove dest file's post-eof preallocations before reflinking (bsc#1132365, bsc#1132219). - xfs: remove the ip argument to xfs_defer_finish (bsc#1133672). - xfs: rename xfs_defer_join to xfs_defer_ijoin (bsc#1133668). - xfs: update ctime and remove suid before cloning files (bsc#1132404, bsc#1132219). - xfs: zero posteof blocks when cloning above eof (bsc#1132403, bsc#1132219). - xhci: Do not let USB3 ports stuck in polling state prevent suspend (bsc#1051510). - xhci: Fix port resume done detection for SS ports with LPM enabled (bsc#1051510). Important SUSE bug 1050549 SUSE bug 1051510 SUSE bug 1052904 SUSE bug 1053043 SUSE bug 1055117 SUSE bug 1055121 SUSE bug 1055186 SUSE bug 1061840 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1070872 SUSE bug 1082555 SUSE bug 1083647 SUSE bug 1085535 SUSE bug 1085536 SUSE bug 1088804 SUSE bug 1094244 SUSE bug 1097583 SUSE bug 1097584 SUSE bug 1097585 SUSE bug 1097586 SUSE bug 1097587 SUSE bug 1097588 SUSE bug 1100132 SUSE bug 1103186 SUSE bug 1103259 SUSE bug 1108193 SUSE bug 1108937 SUSE bug 1111331 SUSE bug 1112128 SUSE bug 1112178 SUSE bug 1113399 SUSE bug 1113722 SUSE bug 1114279 SUSE bug 1114542 SUSE bug 1114638 SUSE bug 1119086 SUSE bug 1119680 SUSE bug 1120318 SUSE bug 1120902 SUSE bug 1122767 SUSE bug 1123105 SUSE bug 1125342 SUSE bug 1126221 SUSE bug 1126356 SUSE bug 1126704 SUSE bug 1126740 SUSE bug 1127175 SUSE bug 1127371 SUSE bug 1127372 SUSE bug 1127374 SUSE bug 1127378 SUSE bug 1127445 SUSE bug 1128415 SUSE bug 1128544 SUSE bug 1129273 SUSE bug 1129276 SUSE bug 1129770 SUSE bug 1130130 SUSE bug 1130154 SUSE bug 1130195 SUSE bug 1130335 SUSE bug 1130336 SUSE bug 1130337 SUSE bug 1130338 SUSE bug 1130425 SUSE bug 1130427 SUSE bug 1130518 SUSE bug 1130527 SUSE bug 1130567 SUSE bug 1130579 SUSE bug 1131062 SUSE bug 1131107 SUSE bug 1131167 SUSE bug 1131168 SUSE bug 1131169 SUSE bug 1131170 SUSE bug 1131171 SUSE bug 1131172 SUSE bug 1131173 SUSE bug 1131174 SUSE bug 1131175 SUSE bug 1131176 SUSE bug 1131177 SUSE bug 1131178 SUSE bug 1131179 SUSE bug 1131180 SUSE bug 1131290 SUSE bug 1131326 SUSE bug 1131335 SUSE bug 1131336 SUSE bug 1131416 SUSE bug 1131427 SUSE bug 1131442 SUSE bug 1131467 SUSE bug 1131574 SUSE bug 1131587 SUSE bug 1131659 SUSE bug 1131673 SUSE bug 1131847 SUSE bug 1131848 SUSE bug 1131851 SUSE bug 1131900 SUSE bug 1131934 SUSE bug 1131935 SUSE bug 1132083 SUSE bug 1132219 SUSE bug 1132226 SUSE bug 1132227 SUSE bug 1132365 SUSE bug 1132368 SUSE bug 1132369 SUSE bug 1132370 SUSE bug 1132372 SUSE bug 1132373 SUSE bug 1132384 SUSE bug 1132397 SUSE bug 1132402 SUSE bug 1132403 SUSE bug 1132404 SUSE bug 1132405 SUSE bug 1132407 SUSE bug 1132411 SUSE bug 1132412 SUSE bug 1132413 SUSE bug 1132414 SUSE bug 1132426 SUSE bug 1132527 SUSE bug 1132531 SUSE bug 1132555 SUSE bug 1132558 SUSE bug 1132561 SUSE bug 1132562 SUSE bug 1132563 SUSE bug 1132564 SUSE bug 1132570 SUSE bug 1132571 SUSE bug 1132572 SUSE bug 1132589 SUSE bug 1132618 SUSE bug 1132681 SUSE bug 1132726 SUSE bug 1132828 SUSE bug 1132943 SUSE bug 1133005 SUSE bug 1133094 SUSE bug 1133095 SUSE bug 1133115 SUSE bug 1133149 SUSE bug 1133486 SUSE bug 1133529 SUSE bug 1133584 SUSE bug 1133667 SUSE bug 1133668 SUSE bug 1133672 SUSE bug 1133674 SUSE bug 1133675 SUSE bug 1133698 SUSE bug 1133702 SUSE bug 1133731 SUSE bug 1133769 SUSE bug 1133772 SUSE bug 1133774 SUSE bug 1133778 SUSE bug 1133779 SUSE bug 1133780 SUSE bug 1133825 SUSE bug 1133850 SUSE bug 1133851 SUSE bug 1133852 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-16880 CVE-2019-11091 CVE-2019-3882 CVE-2019-9003 CVE-2019-9500 CVE-2019-9503 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for xen fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the XEN Hypervisor adjustments, that additionaly also use CPU Microcode updates. The mitigation can be controlled via the 'mds' commandline option, see the documentation. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Security issue fixed: - CVE-2018-20815: Fixed a heap buffer overflow while loading device tree blob (bsc#1130680) Other fixes: - Added code to change LIBXL_HOTPLUG_TIMEOUT at runtime. The included README has details about the impact of this change (bsc#1120095) - Fixes in Live migrating PV domUs An earlier change broke live migration of PV domUs without a device model. The migration would stall for 10 seconds while the domU was paused, which caused network connections to drop. Fix this by tracking the need for a device model within libxl. (bsc#1079730, bsc#1098403, bsc#1111025) Important SUSE bug 1027519 SUSE bug 1079730 SUSE bug 1098403 SUSE bug 1111025 SUSE bug 1111331 SUSE bug 1120095 SUSE bug 1130680 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-20815 CVE-2019-11091 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-6954: Fixed a vulnerability in the symlink handling of systemd-tmpfiles which allowed a local user to obtain ownership of arbitrary files (bsc#1080919). - CVE-2019-3842: Fixed a vulnerability in pam_systemd which allowed a local user to escalate privileges (bsc#1132348). - CVE-2019-6454: Fixed a denial of service caused by long dbus messages (bsc#1125352). Non-security issues fixed: - systemd-coredump: generate a stack trace of all core dumps (jsc#SLE-5933) - udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400) - sd-bus: bump message queue size again (bsc#1132721) - core: only watch processes when it's really necessary (bsc#955942 bsc#1128657) - rules: load drivers only on 'add' events (bsc#1126056) - sysctl: Don't pass null directive argument to '%s' (bsc#1121563) - Do not automatically online memory on s390x (bsc#1127557) Important SUSE bug 1080919 SUSE bug 1121563 SUSE bug 1125352 SUSE bug 1126056 SUSE bug 1127557 SUSE bug 1128657 SUSE bug 1130230 SUSE bug 1132348 SUSE bug 1132400 SUSE bug 1132721 SUSE bug 955942 CVE-2018-6954 CVE-2019-3842 CVE-2019-6454 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libraw fixes the following issues: Security issues fixed: - CVE-2018-20365: Fixed a heap-based buffer overflow in the raw2image function of libraw_cxx.cpp (bsc#1120500) - CVE-2018-20364: Fixed a NULL pointer dereference in the copy_bayer function of libraw_cxx.cpp (bsc#1120499) - CVE-2018-20363: Fixed a NULL pointer dereference in the raw2image function of libraw_cxx.cpp (bsc#1120498) - CVE-2018-5817: Fixed an infinite loop in the unpacked_load_raw function of dcraw_common.cpp (bsc#1120515) - CVE-2018-5818: Fixed an infinite loop in the parse_rollei function of dcraw_common.cpp (bsc#1120516) - CVE-2018-5819: Fixed a denial of service in the parse_sinar_ia function of dcraw_common.cpp (bsc#1120517) Moderate SUSE bug 1120498 SUSE bug 1120499 SUSE bug 1120500 SUSE bug 1120515 SUSE bug 1120516 SUSE bug 1120517 CVE-2018-20363 CVE-2018-20364 CVE-2018-20365 CVE-2018-5817 CVE-2018-5818 CVE-2018-5819 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for PackageKit fixes the following issues: - Fixed displaying the license agreement pop up window during package update (bsc#1038425). Moderate SUSE bug 1038425 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for php5 fixes the following issues: Security issues fixed: - CVE-2019-11034: Fixed a heap-buffer overflow in php_ifd_get32si() (bsc#1132838). - CVE-2019-11035: Fixed a heap-buffer overflow in exif_iif_add_value() (bsc#1132837). - CVE-2019-9637: Fixed a potential information disclosure in rename() (bsc#1128892). - CVE-2019-9675: Fixed a potential buffer overflow in phar_tar_writeheaders_int() (bsc#1128886). - CVE-2019-9638: Fixed an uninitialized read in exif_process_IFD_in_MAKERNOTE() related to value_len (bsc#1128889). - CVE-2019-9639: Fixed an uninitialized read in exif_process_IFD_in_MAKERNOTE() related to data_len (bsc#1128887). - CVE-2019-9640: Fixed an invalid Read in exif_process_SOFn() (bsc#1128883). - CVE-2019-11036: Fixed buffer over-read in exif_process_IFD_TAG function leading to information disclosure (bsc#1134322). Moderate SUSE bug 1128883 SUSE bug 1128886 SUSE bug 1128887 SUSE bug 1128889 SUSE bug 1128892 SUSE bug 1132837 SUSE bug 1132838 SUSE bug 1134322 CVE-2019-11034 CVE-2019-11035 CVE-2019-11036 CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 CVE-2019-9675 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for bluez fixes the following issues: Security vulnerability addressed: - CVE-2016-9797: Fixed a buffer over-read in l2cap_dump() (bsc#1013708). - CVE-2016-9798: Fixed a use-after-free in conf_opt() (bsc#1013712). - CVE-2016-9917: Fixed a heap-based buffer overflow in read_n() (bsc#1015171). - CVE-2016-9802: Fixed a buffer over-read in l2cap_packet() (bsc#1013893). - CVE-2016-9918: Fixed an out-of-bounds stack read in packet_hexdump(), which could be triggered by processing a corrupted dump file and will result in a crash of the hcidump tool (bsc#1015173) Moderate SUSE bug 1013708 SUSE bug 1013712 SUSE bug 1013893 SUSE bug 1015171 SUSE bug 1015173 CVE-2016-9797 CVE-2016-9798 CVE-2016-9802 CVE-2016-9917 CVE-2016-9918 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for freerdp fixes the following issues: Security issues fixed: - CVE-2018-0886: Fix a remote code execution vulnerability (CredSSP) (bsc#1085416, bsc#1087240, bsc#1104918) - CVE-2018-8789: Fix several denial of service vulnerabilities in the in the NTLM Authentication module (bsc#1117965) - CVE-2018-8785: Fix a potential remote code execution vulnerability in the zgfx_decompress function (bsc#1117967) - CVE-2018-8786: Fix a potential remote code execution vulnerability in the update_read_bitmap_update function (bsc#1117966) - CVE-2018-8787: Fix a potential remote code execution vulnerability in the gdi_Bitmap_Decompress function (bsc#1117964) - CVE-2018-8788: Fix a potential remote code execution vulnerability in the nsc_rle_decode function (bsc#1117963) - CVE-2018-8784: Fix a potential remote code execution vulnerability in the zgfx_decompress_segment function (bsc#1116708) - CVE-2018-1000852: Fixed a remote memory access in the drdynvc_process_capability_request function (bsc#1120507) Important SUSE bug 1085416 SUSE bug 1087240 SUSE bug 1104918 SUSE bug 1116708 SUSE bug 1117963 SUSE bug 1117964 SUSE bug 1117965 SUSE bug 1117966 SUSE bug 1117967 SUSE bug 1120507 CVE-2018-0886 CVE-2018-1000852 CVE-2018-8784 CVE-2018-8785 CVE-2018-8786 CVE-2018-8787 CVE-2018-8788 CVE-2018-8789 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for java-1_7_1-ibm fixes the following issues: Update to Java 7.1 Service Refresh 4 Fix Pack 45. Security issues fixed: - CVE-2019-10245: Fixed Java bytecode verifier issue causing crashes (bsc#1134718). - CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729). - CVE-2019-2697: Fixed flaw inside the 2D component (bsc#1132734). - CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728). - CVE-2019-2684: Fixed flaw was found in the RMI registry implementation (bsc#1132732). Important SUSE bug 1132728 SUSE bug 1132729 SUSE bug 1132732 SUSE bug 1132734 SUSE bug 1134718 CVE-2019-10245 CVE-2019-2602 CVE-2019-2684 CVE-2019-2697 CVE-2019-2698 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libvirt fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the libvirt adjustments, that pass through the new 'md-clear' CPU flag (bsc#1135273). For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Important SUSE bug 1111331 SUSE bug 1135273 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for systemd provides the following fixes: Security issues fixed: - CVE-2018-16864, CVE-2018-16865: Fixed two memory corruptions through attacker-controlled alloca()s (bsc#1120323) - CVE-2018-16866: Fixed an information leak in journald (bsc#1120323) - Fixed an issue during system startup in relation to encrypted swap disks (bsc#1119971) Non-security issues fixed: - core: Queue loading transient units after setting their properties. (bsc#1115518) - logind: Stop managing VT switches if no sessions are registered on that VT. (bsc#1101591) - terminal-util: introduce vt_release() and vt_restore() helpers. - terminal: Unify code for resetting kbd utf8 mode a bit. - terminal Reset should honour default_utf8 kernel setting. - logind: Make session_restore_vt() static. - udev: Downgrade message when settting inotify watch up fails. (bsc#1005023) - log: Never log into foreign fd #2 in PID 1 or its pre-execve() children. (bsc#1114981) - udev: Ignore the exit code of systemd-detect-virt for memory hot-add. In SLE-12-SP3, 80-hotplug-cpu-mem.rules has a memory hot-add rule that uses systemd-detect-virt to detect non-zvm environment. The systemd-detect-virt returns exit failure code when it detected _none_ state. The exit failure code causes that the hot-add memory block can not be set to online. (bsc#1076696) Moderate SUSE bug 1005023 SUSE bug 1076696 SUSE bug 1101591 SUSE bug 1114981 SUSE bug 1115518 SUSE bug 1119971 SUSE bug 1120323 CVE-2018-16864 CVE-2018-16865 CVE-2018-16866 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for php72 fixes the following issues: Security issues fixed: - CVE-2019-11034: Fixed a heap-buffer overflow in php_ifd_get32si() (bsc#1132838). - CVE-2019-11035: Fixed a heap-buffer overflow in exif_iif_add_value() (bsc#1132837). - CVE-2019-11036: Fixed buffer over-read in exif_process_IFD_TAG function leading to information disclosure (bsc#1134322). Non-security issue fixed: - Use system gd (bsc#1133714). Moderate SUSE bug 1132837 SUSE bug 1132838 SUSE bug 1133714 SUSE bug 1134322 CVE-2019-11034 CVE-2019-11035 CVE-2019-11036 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for php7 fixes the following issues: Security issues fixed: - CVE-2019-11034: Fixed a heap-buffer overflow in php_ifd_get32si() (bsc#1132838). - CVE-2019-11035: Fixed a heap-buffer overflow in exif_iif_add_value() (bsc#1132837). - CVE-2019-11036: Fixed buffer over-read in exif_process_IFD_TAG function leading to information disclosure (bsc#1134322). Moderate SUSE bug 1132837 SUSE bug 1132838 SUSE bug 1134322 CVE-2019-11034 CVE-2019-11035 CVE-2019-11036 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libtasn1 fixes the following issues: Security issues fixed: - CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435). - CVE-2017-6891: Fixed a stack overflow in asn1_find_node() (bsc#1040621). Moderate SUSE bug 1040621 SUSE bug 1105435 CVE-2017-6891 CVE-2018-1000654 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for wireshark to version 2.4.12 fixes the following issues: Security issues fixed: - CVE-2019-5717: Fixed a denial of service in the P_MUL dissector (bsc#1121232) - CVE-2019-5718: Fixed a denial of service in the RTSE dissector and other dissectors (bsc#1121233) - CVE-2019-5719: Fixed a denial of service in the ISAKMP dissector (bsc#1121234) - CVE-2019-5721: Fixed a denial of service in the ISAKMP dissector (bsc#1121235) Moderate SUSE bug 1121232 SUSE bug 1121233 SUSE bug 1121234 SUSE bug 1121235 CVE-2019-5717 CVE-2019-5718 CVE-2019-5719 CVE-2019-5721 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for MozillaFirefox fixes the following issues: Security issues fixed: - CVE-2019-11691: Use-after-free in XMLHttpRequest - CVE-2019-11692: Use-after-free removing listeners in the event listener manager - CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux - CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox - CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks - CVE-2019-7317: Use-after-free in png_image_free of libpng library - CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 - CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS - CVE-2019-9816: Type confusion with object groups and UnboxedObjects - CVE-2019-9817: Stealing of cross-domain images using canvas - CVE-2019-9818: Use-after-free in crash generation server - CVE-2019-9819: Compartment mismatch with fetch API - CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell Non-security issues fixed: - Font and date adjustments to accommodate the new Reiwa era in Japan - Update to Firefox ESR 60.7 (bsc#1135824) Important SUSE bug 1135824 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11694 CVE-2019-11698 CVE-2019-7317 CVE-2019-9800 CVE-2019-9815 CVE-2019-9816 CVE-2019-9817 CVE-2019-9818 CVE-2019-9819 CVE-2019-9820 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for gnome-shell fixes the following issues: Security issue fixed: - CVE-2019-3820: Fixed a partial lock screen bypass (bsc#1124493). Fixed bugs: - Remove sessionList of endSessionDialog for security reasons (jsc#SLE-6660). Moderate SUSE bug 1124493 CVE-2019-3820 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for evolution fixes the following issue: Security issue fixed: - CVE-2018-15587: Fixed OpenPGP signatures spoofing via specially crafted email that contains a valid signature (bsc#1125230). Moderate SUSE bug 1125230 CVE-2018-15587 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for python fixes the following issues: Security issues fixed: - CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead (bsc#1130847). - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). Important SUSE bug 1129346 SUSE bug 1130847 CVE-2019-9636 CVE-2019-9948 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for ghostscript to version 9.26a fixes the following issues: Security issue fixed: - CVE-2019-6116: subroutines within pseudo-operators must themselves be pseudo-operators (bsc#1122319) Important SUSE bug 1122319 CVE-2019-6116 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libreoffice and libraries fixes the following issues: LibreOffice was updated to 6.2.3.2 (fate#327121 bsc#1128845 bsc#1123455), bringing lots of bug and stability fixes. Additional bugfixes: - If there is no firebird engine we still need java to run hsqldb (bsc#1135189) - PPTX: Rectangle turns from green to blue and loses transparency when transparency is set (bsc#1135228) - Slide deck compression doesn't, hmm, compress too much (bsc#1127760) - Psychedelic graphics in LibreOffice (but not PowerPoint) (bsc#1124869) - Image from PPTX shown in a square, not a circle (bsc#1121874) libixion was updated to 0.14.1: * Updated for new orcus liborcus was updated to 0.14.1: * Boost 1.67 support * Various cell handling issues fixed libwps was updated to 0.4.10: * QuattroPro: add parser of .qwp files * all: support complex encoding mdds was updated to 1.4.3: * Api change to 1.4 * More multivector opreations and tweaks * Various multi vector fixes * flat_segment_tree: add segment iterator and functions * fix to handle out-of-range insertions on flat_segment_tree * Another api version -> rename to mdds-1_2 myspell-dictionaries was updated to 20190423: * Serbian dictionary updated * Update af_ZA hunspell * Update Spanish dictionary * Update Slovenian dictionary * Update Breton dictionary * Update Galician dictionary Moderate SUSE bug 1089811 SUSE bug 1116451 SUSE bug 1121874 SUSE bug 1123131 SUSE bug 1123455 SUSE bug 1124062 SUSE bug 1124869 SUSE bug 1127760 SUSE bug 1127857 SUSE bug 1128845 SUSE bug 1135189 SUSE bug 1135228 CVE-2018-16858 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for webkit2gtk3 to version 2.22.5 fixes the following issues: Security issues fixed: - CVE-2018-4438: Fixed a logic issue which lead to memory corruption (bsc#1119554) - CVE-2018-4437, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464: Fixed multiple memory corruption issues with improved memory handling (bsc#1119553, bsc#1119555, bsc#1119556, bsc#1119557, bsc#1119558) Important SUSE bug 1119553 SUSE bug 1119554 SUSE bug 1119555 SUSE bug 1119556 SUSE bug 1119557 SUSE bug 1119558 CVE-2018-4437 CVE-2018-4438 CVE-2018-4441 CVE-2018-4442 CVE-2018-4443 CVE-2018-4464 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libcroco fixes the following issues: Security issues fixed: - CVE-2017-7960: Fixed heap overflow (input: check end of input before reading a byte) (bsc#1034481). - CVE-2017-7961: Fixed undefined behavior (tknzr: support only max long rgb values) (bsc#1034482). - CVE-2017-8834: Fixed denial of service (memory allocation error) via a crafted CSS file (bsc#1043898). - CVE-2017-8871: Fixed denial of service (infinite loop and CPU consumption) via a crafted CSS file (bsc#1043899). Moderate SUSE bug 1034481 SUSE bug 1034482 SUSE bug 1043898 SUSE bug 1043899 CVE-2017-7960 CVE-2017-7961 CVE-2017-8834 CVE-2017-8871 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for sssd fixes the following issues: Security issue fixed: - CVE-2018-16838: Fixed an authentication bypass related to the Group Policy Objects implementation (bsc#1124194) Non-security issues fixed: - Missing GPOs directory could have led to login problems (bsc#1132879) - Fix a crash by adding a netgroup counter to struct nss_enum_index (bsc#1132657) - Allow defaults sudoRole without sudoUser attribute (bsc#1135247) Moderate SUSE bug 1124194 SUSE bug 1132657 SUSE bug 1132879 SUSE bug 1135247 CVE-2018-16838 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2019-10130: Prevent row-level security policies from being bypassed via selectivity estimators (bsc#1134689). Bug fixes: - For a complete list of fixes check the release notes. * https://www.postgresql.org/docs/10/release-10-8.html * https://www.postgresql.org/docs/10/release-10-7.html Moderate SUSE bug 1134689 CVE-2019-10130 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. - CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power. - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) - CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) - CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) - CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM existed. It could have occured with FUSE requests. (bnc#1133190) - CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) - CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603) - CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access. (bnc#1135278) - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a hidPCONNADD command, because a name field may not end with a '\0' character. (bnc#1134848) - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions. (bnc#1133188) The following non-security bugs were fixed: - 9p locks: add mount option for lock retry interval (bsc#1051510). - Update config files. Debug kernel is not supported (bsc#1135492). - acpi / utils: Drop reference in test for device presence (bsc#1051510). - acpi: button: reinitialize button state upon resume (bsc#1051510). - acpi: fix menuconfig presentation of acpi submenu (bsc#1117158). - acpica: AML interpreter: add region addresses in global list during initialization (bsc#1051510). - acpica: Namespace: remove address node from global list after method termination (bsc#1051510). - alsa: core: Do not refer to snd_cards array directly (bsc#1051510). - alsa: emu10k1: Drop superfluous id-uniquification behavior (bsc#1051510). - alsa: hda - Register irq handler after the chip initialization (bsc#1051510). - alsa: hda - Use a macro for snd_array iteration loops (bsc#1051510). - alsa: hda/hdmi - Consider eld_valid when reporting jack event (bsc#1051510). - alsa: hda/hdmi - Read the pin sense from register when repolling (bsc#1051510). - alsa: hda/realtek - Avoid superfluous COEF EAPD setups (bsc#1051510). - alsa: hda/realtek - Corrected fixup for System76 Gazelle (gaze14) (bsc#1051510). - alsa: hda/realtek - EAPD turn on later (bsc#1051510). - alsa: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug (bsc#1051510). - alsa: hda/realtek - Fixup headphone noise via runtime suspend (bsc#1051510). - alsa: hda/realtek - Improve the headset mic for Acer Aspire laptops (bsc#1051510). - alsa: hdea/realtek - Headset fixup for System76 Gazelle (gaze14) (bsc#1051510). - alsa: line6: Avoid polluting led_* namespace (bsc#1051510). - alsa: seq: Align temporary re-locking with irqsave version (bsc#1051510). - alsa: seq: Correct unlock sequence at snd_seq_client_ioctl_unlock() (bsc#1051510). - alsa: seq: Cover unsubscribe_port() in list_mutex (bsc#1051510). - alsa: seq: Fix race of get-subscription call vs port-delete ioctls (bsc#1051510). - alsa: seq: Protect in-kernel ioctl calls with mutex (bsc#1051510). - alsa: seq: Protect racy pool manipulation from OSS sequencer (bsc#1051510). - alsa: seq: Remove superfluous irqsave flags (bsc#1051510). - alsa: seq: Simplify snd_seq_kernel_client_enqueue() helper (bsc#1051510). - alsa: timer: Check ack_list emptiness instead of bit flag (bsc#1051510). - alsa: timer: Coding style fixes (bsc#1051510). - alsa: timer: Make snd_timer_close() really kill pending actions (bsc#1051510). - alsa: timer: Make sure to clear pending ack list (bsc#1051510). - alsa: timer: Revert active callback sync check at close (bsc#1051510). - alsa: timer: Simplify error path in snd_timer_open() (bsc#1051510). - alsa: timer: Unify timer callback process code (bsc#1051510). - alsa: usb-audio: Fix a memory leak bug (bsc#1051510). - alsa: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk() (bsc#1051510). - alsa: usx2y: fix a double free bug (bsc#1051510). - appletalk: Fix compile regression (bsc#1051510). - appletalk: Fix use-after-free in atalk_proc_exit (bsc#1051510). - arch: arm64: acpi: KABI ginore includes (bsc#1117158 bsc#1134671). - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (bsc#1117158). - arm64/x86: Update config files. Use CONFIG_ARCH_SUPPORTS_acpi - arm64: Export save_stack_trace_tsk() (jsc#SLE-4214). - arm64: acpi: fix alignment fault in accessing acpi (bsc#1117158). - arm64: fix acpi dependencies (bsc#1117158). - arm: 8824/1: fix a migrating irq bug when hotplug cpu (bsc#1051510). - arm: 8833/1: Ensure that NEON code always compiles with Clang (bsc#1051510). - arm: 8839/1: kprobe: make patch_lock a raw_spinlock_t (bsc#1051510). - arm: 8840/1: use a raw_spinlock_t in unwind (bsc#1051510). - arm: OMAP2+: Variable 'reg' in function omap4_dsi_mux_pads() could be uninitialized (bsc#1051510). - arm: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug (bsc#1051510). - arm: avoid Cortex-A9 livelock on tight dmb loops (bsc#1051510). - arm: imx6q: cpuidle: fix bug that CPU might not wake up at expected time (bsc#1051510). - arm: iop: do not use using 64-bit DMA masks (bsc#1051510). - arm: orion: do not use using 64-bit DMA masks (bsc#1051510). - arm: pxa: ssp: unneeded to free devm_ allocated data (bsc#1051510). - arm: s3c24xx: Fix boolean expressions in osiris_dvs_notify (bsc#1051510). - arm: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms (bsc#1051510). - asoc: Intel: avoid Oops if DMA setup fails (bsc#1051510). - asoc: RT5677-SPI: Disable 16Bit SPI Transfers (bsc#1051510). - asoc: cs4270: Set auto-increment bit for register writes (bsc#1051510). - asoc: fix valid stream condition (bsc#1051510). - asoc: fsl_esai: Fix missing break in switch statement (bsc#1051510). - asoc: hdmi-codec: fix S/PDIF DAI (bsc#1051510). - asoc: max98090: Fix restore of DAPM Muxes (bsc#1051510). - asoc: nau8810: fix the issue of widget with prefixed name (bsc#1051510). - asoc: nau8824: fix the issue of the widget with prefix name (bsc#1051510). - asoc: samsung: odroid: Fix clock configuration for 44100 sample rate (bsc#1051510). - asoc: stm32: fix sai driver name initialisation (bsc#1051510). - asoc: tlv320aic32x4: Fix Common Pins (bsc#1051510). - asoc: wm_adsp: Add locking to wm_adsp2_bus_error (bsc#1051510). - asoc:soc-pcm:fix a codec fixup issue in TDM case (bsc#1051510). - at76c50x-usb: Do not register led_trigger if usb_register_driver failed (bsc#1051510). - audit: fix a memleak caused by auditing load module (bsc#1051510). - b43: shut up clang -Wuninitialized variable warning (bsc#1051510). - backlight: lm3630a: Return 0 on success in update_status functions (bsc#1051510). - bcache: Move couple of functions to sysfs.c (bsc#1130972). - bcache: Move couple of string arrays to sysfs.c (bsc#1130972). - bcache: Populate writeback_rate_minimum attribute (bsc#1130972). - bcache: Replace bch_read_string_list() by __sysfs_match_string() (bsc#1130972). - bcache: account size of buckets used in uuid write to ca->meta_sectors_written (bsc#1130972). - bcache: add MODULE_DESCRIPTION information (bsc#1130972). - bcache: add a comment in super.c (bsc#1130972). - bcache: add code comments for bset.c (bsc#1130972). - bcache: add comment for cache_set->fill_iter (bsc#1130972). - bcache: add identifier names to arguments of function definitions (bsc#1130972). - bcache: add missing SPDX header (bsc#1130972). - bcache: add separate workqueue for journal_write to avoid deadlock (bsc#1130972). - bcache: add static const prefix to char * array declarations (bsc#1130972). - bcache: add sysfs_strtoul_bool() for setting bit-field variables (bsc#1130972). - bcache: add the missing comments for smp_mb()/smp_wmb() (bsc#1130972). - bcache: cannot set writeback_running via sysfs if no writeback kthread created (bsc#1130972). - bcache: correct dirty data statistics (bsc#1130972). - bcache: do not assign in if condition in bcache_init() (bsc#1130972). - bcache: do not assign in if condition register_bcache() (bsc#1130972). - bcache: do not check NULL pointer before calling kmem_cache_destroy (bsc#1130972). - bcache: do not check if debug dentry is ERR or NULL explicitly on remove (bsc#1130972). - bcache: do not clone bio in bch_data_verify (bsc#1130972). - bcache: do not mark writeback_running too early (bsc#1130972). - bcache: export backing_dev_name via sysfs (bsc#1130972). - bcache: export backing_dev_uuid via sysfs (bsc#1130972). - bcache: fix code comments style (bsc#1130972). - bcache: fix indent by replacing blank by tabs (bsc#1130972). - bcache: fix indentation issue, remove tabs on a hunk of code (bsc#1130972). - bcache: fix input integer overflow of congested threshold (bsc#1130972). - bcache: fix input overflow to cache set io_error_limit (bsc#1130972). - bcache: fix input overflow to cache set sysfs file io_error_halflife (bsc#1130972). - bcache: fix input overflow to journal_delay_ms (bsc#1130972). - bcache: fix input overflow to sequential_cutoff (bsc#1130972). - bcache: fix input overflow to writeback_delay (bsc#1130972). - bcache: fix input overflow to writeback_rate_minimum (bsc#1130972). - bcache: fix ioctl in flash device (bsc#1130972). - bcache: fix mistaken code comments in bcache.h (bsc#1130972). - bcache: fix mistaken comments in request.c (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_i_term_inverse (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_p_term_inverse (bsc#1130972). - bcache: fix typo 'succesfully' to 'successfully' (bsc#1130972). - bcache: fix typo in code comments of closure_return_with_destructor() (bsc#1130972). - bcache: improve sysfs_strtoul_clamp() (bsc#1130972). - bcache: introduce force_wake_up_gc() (bsc#1130972). - bcache: make cutoff_writeback and cutoff_writeback_sync tunable (bsc#1130972). - bcache: move open brace at end of function definitions to next line (bsc#1130972). - bcache: never writeback a discard operation (bsc#1130972). - bcache: not use hard coded memset size in bch_cache_accounting_clear() (bsc#1130972). - bcache: option to automatically run gc thread after writeback (bsc#1130972). - bcache: panic fix for making cache device (bsc#1130972). - bcache: prefer 'help' in Kconfig (bsc#1130972). - bcache: print number of keys in trace_bcache_journal_write (bsc#1130972). - bcache: recal cached_dev_sectors on detach (bsc#1130972). - bcache: remove unnecessary space before ioctl function pointer arguments (bsc#1130972). - bcache: remove unused bch_passthrough_cache (bsc#1130972). - bcache: remove useless parameter of bch_debug_init() (bsc#1130972). - bcache: replace '%pF' by '%pS' in seq_printf() (bsc#1130972). - bcache: replace Symbolic permissions by octal permission numbers (bsc#1130972). - bcache: replace hard coded number with BUCKET_GC_GEN_MAX (bsc#1130972). - bcache: replace printk() by pr_*() routines (bsc#1130972). - bcache: set writeback_percent in a flexible range (bsc#1130972). - bcache: split combined if-condition code into separate ones (bsc#1130972). - bcache: stop bcache device when backing device is offline (bsc#1130972). - bcache: stop using the deprecated get_seconds() (bsc#1130972). - bcache: style fix to add a blank line after declarations (bsc#1130972). - bcache: style fix to replace 'unsigned' by 'unsigned int' (bsc#1130972). - bcache: style fixes for lines over 80 characters (bsc#1130972). - bcache: treat stale and dirty keys as bad keys (bsc#1130972). - bcache: trivial - remove tailing backslash in macro BTREE_FLAG (bsc#1130972). - bcache: update comment for bch_data_insert (bsc#1130972). - bcache: update comment in sysfs.c (bsc#1130972). - bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata (bsc#1130972). - bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set (bsc#1130972). - bcache: use REQ_PRIO to indicate bio for metadata (bsc#1130972). - bcache: use routines from lib/crc64.c for CRC64 calculation (bsc#1130972). - bcache: use sysfs_strtoul_bool() to set bit-field variables (bsc#1130972). - block: Do not revalidate bdev of hidden gendisk (bsc#1120091). - block: check_events: do not bother with events if unsupported (bsc#1110946, bsc#1119843). - block: disk_events: introduce event flags (bsc#1110946, bsc#1119843). - block: do not leak memory in bio_copy_user_iov() (bsc#1135309). - block: fix the return errno for direct IO (bsc#1135320). - block: fix use-after-free on gendisk (bsc#1135312). - bluetooth: Align minimum encryption key size for LE and BR/EDR connections (bsc#1051510). - bluetooth: Check key sizes only when Secure Simple Pairing is enabled (bsc#1135556). - bluetooth: hidp: fix buffer overflow (bsc#1051510). - bnxt_en: Free short FW command HWRM memory in error path in bnxt_init_one() (bsc#1050242). - bnxt_en: Improve RX consumer index validity check (networking-stable-19_04_10). - bnxt_en: Improve multicast address setup logic (networking-stable-19_05_04). - bnxt_en: Reset device on RX buffer errors (networking-stable-19_04_10). - bonding: fix event handling for stacked bonds (networking-stable-19_04_19). - bpf, lru: avoid messing with eviction heuristics upon syscall lookup (bsc#1083647). - bpf: Add missed newline in verifier verbose log (bsc#1056787). - bpf: add map_lookup_elem_sys_only for lookups from syscall side (bsc#1083647). - brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() (bsc#1051510). - btrfs: Do not panic when we can't find a root key (bsc#1112063). - btrfs: Factor out common delayed refs init code (bsc#1134813). - btrfs: Introduce init_delayed_ref_head (bsc#1134813). - btrfs: Open-code add_delayed_data_ref (bsc#1134813). - btrfs: Open-code add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_data_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_head in add_delayed_ref_head (bsc#1134813). - btrfs: add a helper to return a head ref (bsc#1134813). - btrfs: breakout empty head cleanup to a helper (bsc#1134813). - btrfs: delayed-ref: Introduce better documented delayed ref structures (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: do not allow trimming when a fs is mounted with the nologreplay option (bsc#1135758). - btrfs: do not double unlock on error in btrfs_punch_hole (bsc#1136881). - btrfs: extent-tree: Fix a bug that btrfs is unable to add pinned bytes (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Open-code process_func in __btrfs_mod_ref (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor add_pinned_bytes() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_free_extent() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_inc_extent_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: fix fsync not persisting changed attributes of a directory (bsc#1137151). - btrfs: fix race between ranged fsync and writeback of adjacent ranges (bsc#1136477). - btrfs: fix race updating log root item during fsync (bsc#1137153). - btrfs: fix wrong ctime and mtime of a directory after log replay (bsc#1137152). - btrfs: improve performance on fsync of files with multiple hardlinks (bsc#1123454). - btrfs: move all ref head cleanup to the helper function (bsc#1134813). - btrfs: move extent_op cleanup to a helper (bsc#1134813). - btrfs: move ref_mod modification into the if (ref) logic (bsc#1134813). - btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer dereference (bsc#1134806). - btrfs: qgroup: Do not scan leaf if we're modifying reloc tree (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: qgroup: Move reserved data accounting from btrfs_delayed_ref_head to btrfs_qgroup_extent_record (bsc#1134162). - btrfs: qgroup: Remove duplicated trace points for qgroup_rsv_add/release (bsc#1134160). - btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON() (bsc#1133612). - btrfs: remove delayed_ref_node from ref_head (bsc#1134813). - btrfs: send, flush dellaloc in order to avoid data loss (bsc#1133320). - btrfs: split delayed ref head initialization and addition (bsc#1134813). - btrfs: track refs in a rb_tree instead of a list (bsc#1134813). - btrfs: tree-checker: detect file extent items with overlapping ranges (bsc#1136478). - ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134461). - ceph: fix ci->i_head_snapc leak (bsc#1122776). - ceph: fix use-after-free on symlink traversal (bsc#1134459). - ceph: only use d_name directly when parent is locked (bsc#1134460). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565). - clk: rockchip: Fix video codec clocks on rk3288 (bsc#1051510). - clk: rockchip: fix wrong clock definitions for rk3328 (bsc#1051510). - configfs: Fix use-after-free when accessing sd->s_dentry (bsc#1051510). - configfs: fix possible use-after-free in configfs_register_group (bsc#1051510). - crypto: arm/aes-neonbs - do not access already-freed walk.iv (bsc#1051510). - crypto: caam - fix caam_dump_sg that iterates through scatterlist (bsc#1051510). - crypto: ccm - fix incompatibility between 'ccm' and 'ccm_base' (bsc#1051510). - crypto: ccp - Do not free psp_master when PLATFORM_INIT fails (bsc#1051510). - crypto: chacha20poly1305 - set cra_name correctly (bsc#1051510). - crypto: crct10dif-generic - fix use via crypto_shash_digest() (bsc#1051510). - crypto: fips - Grammar s/options/option/, s/to/the/ (bsc#1051510). - crypto: gcm - fix incompatibility between 'gcm' and 'gcm_base' (bsc#1051510). - crypto: skcipher - do not WARN on unprocessed data after slow walk step (bsc#1051510). - crypto: sun4i-ss - Fix invalid calculation of hash end (bsc#1051510). - crypto: vmx - CTR: always increment IV as quadword (bsc#1051510). - crypto: vmx - fix copy-paste error in CTR mode (bsc#1051510). - crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661, bsc#1137162). - crypto: vmx - return correct error code on failed setkey (bsc#1135661, bsc#1137162). - crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest() (bsc#1051510). - dccp: Fix memleak in __feat_register_sp (bsc#1051510). - dccp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28). - debugfs: fix use-after-free on symlink traversal (bsc#1051510). - devres: Align data[] to ARCH_KMALLOC_MINALIGN (bsc#1051510). - dmaengine: axi-dmac: Do not check the number of frames for alignment (bsc#1051510). - dmaengine: tegra210-dma: free dma controller in remove() (bsc#1051510). - documentation: Add MDS vulnerability documentation (bsc#1135642). - drivers: acpi: add dependency of EFI for arm64 (bsc#1117158). - drm/bridge: adv7511: Fix low refresh rate selection (bsc#1051510). - drm/etnaviv: lock MMU while dumping core (bsc#1113722) - drm/fb-helper: dpms_legacy(): Only set on connectors in use (bsc#1051510). - drm/i915/fbc: disable framebuffer compression on GeminiLake (bsc#1051510). - drm/i915/gvt: Fix cmd length of VEB_DI_IECP (bsc#1113722) - drm/i915/gvt: Fix incorrect mask of mmio 0x22028 in gen8/9 mmio list (bnc#1113722) - drm/i915/gvt: Tiled Resources mmios are in-context mmios for gen9+ (bsc#1113722) - drm/i915/gvt: add 0x4dfc to gen9 save-restore list (bsc#1113722) - drm/i915/gvt: do not let TRTTE and 0x4dfc write passthrough to hardware (bsc#1051510). - drm/i915/gvt: refine ggtt range validation (bsc#1113722) - drm/i915: Disable LP3 watermarks on all SNB machines (bsc#1051510). - drm/i915: Downgrade Gen9 Plane WM latency error (bsc#1051510). - drm/i915: Fix I915_EXEC_RING_MASK (bsc#1051510). - drm/imx: do not skip DP channel disable for background plane (bsc#1051510). - drm/mediatek: fix possible object reference leak (bsc#1051510). - drm/meson: add size and alignment requirements for dumb buffers (bnc#1113722) - drm/nouveau/i2c: Disable i2c bus access after ->fini() (bsc#1113722) - drm/rockchip: fix for mailbox read validation (bsc#1051510). - drm/rockchip: shutdown drm subsystem on shutdown (bsc#1051510). - drm/sun4i: rgb: Change the pixel clock validation check (bnc#1113722) - drm/ttm: Remove warning about inconsistent mapping information (bnc#1131488) - drm/vmwgfx: Do not send drm sysfs hotplug events on initial master set (bsc#1051510). - drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() (bsc#1113722) - drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read (bsc#1051510). - dt-bindings: clock: r8a7795: Remove CSIREF clock (bsc#1120902). - dt-bindings: clock: r8a7796: Remove CSIREF clock (bsc#1120902). - dt-bindings: net: Add binding for the external clock for TI WiLink (bsc#1085535). - dt-bindings: net: Fix a typo in the phy-mode list for ethernet bindings (bsc#1129770). - dt-bindings: rtc: sun6i-rtc: Fix register range in example (bsc#1120902). - dwc2: gadget: Fix completed transfer size calculation in DDMA (bsc#1051510). - efi/arm: Defer persistent reservations until after paging_init() (bsc#1117158). - efi/arm: Do not mark acpi reclaim memory as MEMBLOCK_NOMAP (bsc#1117158 bsc#1115688 bsc#1120566). - efi/arm: Revert 'Defer persistent reservations until after paging_init()' (bsc#1117158). - efi/arm: Revert deferred unmap of early memmap mapping (bsc#1117158). - efi/arm: libstub: add a root memreserve config table (bsc#1117158). - efi/arm: map UEFI memory map even w/o runtime services enabled (bsc#1117158). - efi/arm: preserve early mapping of UEFI memory map longer for BGRT (bsc#1117158). - efi: Permit calling efi_mem_reserve_persistent() from atomic context (bsc#1117158). - efi: Permit multiple entries in persistent memreserve data structure (bsc#1117158). - efi: Prevent GICv3 WARN() by mapping the memreserve table before first use (bsc#1117158). - efi: Reduce the amount of memblock reservations for persistent allocations (bsc#1117158). - efi: add API to reserve memory persistently across kexec reboot (bsc#1117158). - efi: honour memory reservations passed via a linux specific config table (bsc#1117158). - ext4: Do not warn when enabling DAX (bsc#1132894). - ext4: actually request zeroing of inode table after grow (bsc#1135315). - ext4: avoid panic during forced reboot due to aborted journal (bsc#1126356). - ext4: fix data corruption caused by overlapping unaligned and aligned IO (bsc#1136428). - ext4: fix ext4_show_options for file systems w/o journal (bsc#1135316). - ext4: fix use-after-free race with debug_want_extra_isize (bsc#1135314). - ext4: make sanity check in mballoc more strict (bsc#1136439). - ext4: wait for outstanding dio during truncate in nojournal mode (bsc#1136438). - fbdev: fix WARNING in __alloc_pages_nodemask bug (bsc#1113722) - fbdev: fix divide error in fb_var_to_videomode (bsc#1113722) - firmware: efi: factor out mem_reserve (bsc#1117158 bsc#1134671). - fix rtnh_ok() (git-fixes). - fs/sync.c: sync_file_range(2) may use WB_SYNC_ALL writeback (bsc#1136432). - fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount (bsc#1136435). - ftrace/x86_64: Emulate call function while updating in breakpoint handler (bsc#1099658). - genetlink: Fix a memory leak on error path (networking-stable-19_03_28). - ghes, EDAC: Fix ghes_edac registration (bsc#1133176). - gpio: aspeed: fix a potential NULL pointer dereference (bsc#1051510). - gpu: ipu-v3: dp: fix CSC handling (bsc#1051510). - hid: debug: fix race condition with between rdesc_show() and device removal (bsc#1051510). - hid: input: add mapping for 'Toggle Display' key (bsc#1051510). - hid: input: add mapping for Assistant key (bsc#1051510). - hid: input: add mapping for Expose/Overview key (bsc#1051510). - hid: input: add mapping for keyboard Brightness Up/Down/Toggle keys (bsc#1051510). - hid: logitech: check the return value of create_singlethread_workqueue (bsc#1051510). - hwmon: (f71805f) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (pc87427) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (vt1211) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses (bsc#1051510). - ibmvnic: Add device identification to requested IRQs (bsc#1137739). - ibmvnic: Do not close unopened driver during reset (bsc#1137752). - ibmvnic: Fix unchecked return codes of memory allocations (bsc#1137752). - ibmvnic: Refresh device multicast list after reset (bsc#1137752). - ibmvnic: remove set but not used variable 'netdev' (bsc#1137739). - igmp: fix incorrect unsolicit report count when join group (git-fixes). - iio: adc: xilinx: fix potential use-after-free on remove (bsc#1051510). - indirect call wrappers: helpers to speed-up indirect calls of builtin (bsc#1124503). - inetpeer: fix uninit-value in inet_getpeer (git-fixes). - input: elan_i2c - add hardware ID for multiple Lenovo laptops (bsc#1051510). - input: introduce KEY_ASSISTANT (bsc#1051510). - input: synaptics-rmi4 - fix possible double free (bsc#1051510). - intel_th: msu: Fix single mode with IOMMU (bsc#1051510). - intel_th: pci: Add Comet Lake support (bsc#1051510). - iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel (bsc#1117158). - iommu/arm-smmu-v3: Do not disable SMMU in kdump kernel (bsc#1117158 bsc#1134671). - iommu/vt-d: Do not request page request irq under dmar_global_lock (bsc#1135006). - iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU (bsc#1135007). - iommu/vt-d: Set intel_iommu_gfx_mapped correctly (bsc#1135008). - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type (networking-stable-19_04_10). - ip6_tunnel: collect_md xmit: Use ip_tunnel_key's provided src address (git-fixes). - ip_gre: fix parsing gre header in ipgre_err (git-fixes). - ip_tunnel: Fix name string concatenate in __ip_tunnel_create() (git-fixes). - ipconfig: Correctly initialise ic_nameservers (bsc#1051510). - ipmi:ssif: compare block number correctly for multi-part return messages (bsc#1051510). - ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled (git-fixes). - ipv4: add sanity checks in ipv4_link_failure() (git-fixes). - ipv4: ensure rcu_read_lock() in ipv4_link_failure() (networking-stable-19_04_19). - ipv4: ip_do_fragment: Preserve skb_iif during fragmentation (networking-stable-19_05_04). - ipv4: recompile ip options in ipv4_link_failure (networking-stable-19_04_19). - ipv4: set the tcp_min_rtt_wlen range from 0 to one day (networking-stable-19_04_30). - ipv6/flowlabel: wait rcu grace period before put_pid() (git-fixes). - ipv6: fix cleanup ordering for ip6_mr failure (git-fixes). - ipv6: fix cleanup ordering for pingv6 registration (git-fixes). - ipv6: invert flowlabel sharing check in process and user mode (git-fixes). - ipv6: mcast: fix unsolicited report interval after receiving querys (git-fixes). - ipvlan: Add the skb->mark as flow4's member to lookup route (bsc#1051510). - ipvlan: fix ipv6 outbound device (bsc#1051510). - ipvlan: use ETH_MAX_MTU as max mtu (bsc#1051510). - ipvs: Fix signed integer overflow when setsockopt timeout (bsc#1051510). - ipvs: call ip_vs_dst_notifier earlier than ipv6_dev_notf (git-fixes). - ipvs: fix buffer overflow with sync daemon and service (git-fixes). - ipvs: fix check on xmit to non-local addresses (git-fixes). - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() (bsc#1051510). - ipvs: fix rtnl_lock lockups caused by start_sync_thread (git-fixes). - ipvs: fix stats update from local clients (git-fixes). - iw_cxgb4: only allow 1 flush on user qps (bsc#1051510). - jbd2: check superblock mapped prior to committing (bsc#1136430). - kABI workaround for removed usb_interface.pm_usage_cnt field (bsc#1051510). - kABI workaround for snd_seq_kernel_client_enqueue() API changes (bsc#1051510). - kABI: protect dma-mapping.h include (kabi). - kABI: protect functions using struct net_generic (bsc#1130409 LTC#176346). - kABI: protect ip_options_rcv_srr (kabi). - kABI: protect struct mlx5_td (kabi). - kABI: protect struct pci_dev (kabi). - kABI: protect struct smc_ib_device (bsc#1130409 LTC#176346). - kABI: protect struct smc_link (bsc#1129857 LTC#176247). - kABI: protect struct smcd_dev (bsc#1130409 LTC#176346). - kabi: drop LINUX_Mib_TCPWQUEUETOOBIG snmp counter (bsc#1137586). - kabi: implement map_lookup_elem_sys_only in another way (bsc#1083647). - kabi: move sysctl_tcp_min_snd_mss to preserve struct net layout (bsc#1137586). - kernel/signal.c: trace_signal_deliver when signal_group_exit (git-fixes). - kernel/sys.c: prctl: fix false positive in validate_prctl_map() (git-fixes). - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv (bsc#1051510). - kernel/sysctl.c: fix out-of-bounds access when setting file-max (bsc#1051510). - keys: safe concurrent user->{session,uid}_keyring access (bsc#1135642). - kmsg: Update message catalog to latest ibM level (2019/03/08) (bsc#1128904 LTC#176078). - kmsg: Update message catalog to latest ibM level (2019/03/08) (bsc#1128905 LTC#176077). - kvm: Fix UAF in nested posted interrupt processing (bsc#1134199). - kvm: VMX: Zero out *all* general purpose registers after VM-Exit (bsc#1134202). - kvm: nVMX: Clear reserved bits of #DB exit qualification (bsc#1134200). - kvm: nVMX: restore host state in nested_vmx_vmexit for VMFail (bsc#1134201). - kvm: s390: fix memory overwrites when not using SCA entries (bsc#1136206). - kvm: s390: provide io interrupt kvm_stat (bsc#1136206). - kvm: s390: use created_vcpus in more places (bsc#1136206). - kvm: s390: vsie: fix 8k check for the itdba (bsc#1136206). - kvm: x86: Always use 32-bit SMRAM save state for 32-bit kernels (bsc#1134203). - kvm: x86: Do not clear EFER during SMM transitions for 32-bit vCPU (bsc#1134204). - kvm: x86: svm: make sure NMI is injected after nmi_singlestep (bsc#1134205). - l2tp: cleanup l2tp_tunnel_delete calls (bsc#1051510). - l2tp: filter out non-PPP sessions in pppol2tp_tunnel_ioctl() (git-fixes). - l2tp: fix missing refcount drop in pppol2tp_tunnel_ioctl() (git-fixes). - l2tp: only accept PPP sessions in pppol2tp_connect() (git-fixes). - l2tp: prevent pppol2tp_connect() from creating kernel sockets (git-fixes). - l2tp: revert 'l2tp: fix missing print session offset info' (bsc#1051510). - leds: avoid races with workqueue (bsc#1051510). - leds: pwm: silently error out on EPROBE_DEFER (bsc#1051510). - lib: add crc64 calculation routines (bsc#1130972). - lib: do not depend on linux headers being installed (bsc#1130972). - libata: fix using DMA buffers on stack (bsc#1051510). - linux/kernel.h: Use parentheses around argument in u64_to_user_ptr() (bsc#1051510). - livepatch: Convert error about unsupported reliable stacktrace into a warning (bsc#1071995). - livepatch: Remove custom kobject state handling (bsc#1071995). - livepatch: Remove duplicated code for early initialization (bsc#1071995). - lpfc: validate command in lpfc_sli4_scmd_to_wqidx_distr() (bsc#1129138). - mISDN: Check address length before reading address family (bsc#1051510). - mac80211: fix memory accounting with A-MSDU aggregation (bsc#1051510). - mac80211: fix unaligned access in mesh table hash function (bsc#1051510). - mac8390: Fix mmio access size probe (bsc#1051510). - md: fix invalid stored role for a disk (bsc#1051510). - media: atmel: atmel-isc: fix INIT_WORK misplacement (bsc#1051510). - media: cx18: update *pos correctly in cx18_read_pos() (bsc#1051510). - media: cx23885: check allocation return (bsc#1051510). - media: davinci-isif: avoid uninitialized variable use (bsc#1051510). - media: davinci/vpbe: array underflow in vpbe_enum_outputs() (bsc#1051510). - media: ivtv: update *pos correctly in ivtv_read_pos() (bsc#1051510). - media: omap_vout: potential buffer overflow in vidioc_dqbuf() (bsc#1051510). - media: ov2659: fix unbalanced mutex_lock/unlock (bsc#1051510). - media: pvrusb2: Prevent a buffer overflow (bsc#1129770). - media: serial_ir: Fix use-after-free in serial_ir_init_module (bsc#1051510). - media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame (bsc#1051510). - media: vivid: use vfree() instead of kfree() for dev->bitmap_cap (bsc#1051510). - media: wl128x: Fix an error code in fm_download_firmware() (bsc#1051510). - media: wl128x: prevent two potential buffer overflows (bsc#1051510). - memcg: make it work on sparse non-0-node systems (bnc#1133616). - memcg: make it work on sparse non-0-node systems kabi (bnc#1133616). - mlxsw: spectrum: Fix autoneg status in ethtool (networking-stable-19_04_30). - mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned addresses (bsc#1135330). - mm: Fix buggy backport leading to MAP_SYNC failures (bsc#1137372) - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (bnc#1012382). - mmc: block: Delete gendisk before cleaning up the request queue (bsc#1127616). - mmc: core: fix possible use after free of host (bsc#1051510). - mount: copy the port field into the cloned nfs_server structure (bsc#1136990). - mtd: docg3: Fix passing zero to 'PTR_ERR' warning in doc_probe_device (bsc#1051510). - mtd: docg3: fix a possible memory leak of mtd->name (bsc#1051510). - mtd: nand: omap: Fix comment in platform data using wrong Kconfig symbol (bsc#1051510). - mtd: part: fix incorrect format specifier for an unsigned long long (bsc#1051510). - mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary on read/write (bsc#1129770). - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935). - mwifiex: Fix mem leak in mwifiex_tm_cmd (bsc#1051510). - mwifiex: Fix possible buffer overflows at parsing bss descriptor - mwifiex: prevent an array overflow (bsc#1051510). - mwl8k: Fix rate_idx underflow (bsc#1051510). - neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit (git-fixes). - net-gro: Fix GRO flush when receiving a GSO packet (networking-stable-19_04_10). - net/ibmvnic: Remove tests of member address (bsc#1137739). - net/ibmvnic: Update MAC address settings after adapter reset (bsc#1134760). - net/ibmvnic: Update carrier state after link state change (bsc#1135100). - net/ipv4: defensive cipso option parsing (git-fixes). - net/ipv6: do not reinitialize ndev->cnf.addr_gen_mode on new inet6_dev (git-fixes). - net/ipv6: fix addrconf_sysctl_addr_gen_mode (git-fixes). - net/ipv6: propagate net.ipv6.conf.all.addr_gen_mode to devices (git-fixes). - net/ipv6: reserve room for IFLA_INET6_ADDR_GEN_MODE (git-fixes). - net/mlx5: Decrease default mr cache size (networking-stable-19_04_10). - net/mlx5e: Add a lock on tir list (networking-stable-19_04_10). - net/mlx5e: Fix error handling when refreshing TIRs (networking-stable-19_04_10). - net/mlx5e: Fix trailing semicolon (bsc#1075020). - net/mlx5e: IPoib, Reset QP after channels are closed (bsc#1075020). - net/mlx5e: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_04_30). - net/rose: fix unbound loop in rose_loopback_timer() (networking-stable-19_04_30). - net/sched: act_sample: fix divide by zero in the traffic path (networking-stable-19_04_10). - net/sched: do not dereference a->goto_chain to read the chain index (bsc#1064802 bsc#1066129). - net/sched: fix ->get helper of the matchall cls (networking-stable-19_04_10). - net/smc: add pnet table namespace support (bsc#1130409 LTC#176346). - net/smc: add smcd support to the pnet table (bsc#1130409 LTC#176346). - net/smc: allow 16 byte pnetids in netlink policy (bsc#1129857 LTC#176247). - net/smc: allow pci IDs as ib device names in the pnet table (bsc#1130409 LTC#176346). - net/smc: allow pnetid-less configuration (bsc#1130409 LTC#176346). - net/smc: call smc_cdc_msg_send() under send_lock (bsc#1129857 LTC#176247). - net/smc: check connections in smc_lgr_free_work (bsc#1129857 LTC#176247). - net/smc: check for ip prefix and subnet (bsc#1134607 LTC#177518). - net/smc: check port_idx of ib event (bsc#1129857 LTC#176247). - net/smc: cleanup for smcr_tx_sndbuf_nonempty (bsc#1130409 LTC#176346). - net/smc: cleanup of get vlan id (bsc#1134607 LTC#177518). - net/smc: code cleanup smc_listen_work (bsc#1134607 LTC#177518). - net/smc: consolidate function parameters (bsc#1134607 LTC#177518). - net/smc: correct state change for peer closing (bsc#1129857 LTC#176247). - net/smc: delete rkey first before switching to unused (bsc#1129857 LTC#176247). - net/smc: do not wait for send buffer space when data was already sent (bsc#1129857 LTC#176247). - net/smc: do not wait under send_lock (bsc#1129857 LTC#176247). - net/smc: fallback to TCP after connect problems (bsc#1134607 LTC#177518). - net/smc: fix a NULL pointer dereference (bsc#1134607 LTC#177518). - net/smc: fix another sizeof to int comparison (bsc#1129857 LTC#176247). - net/smc: fix byte_order for rx_curs_confirmed (bsc#1129848 LTC#176249). - net/smc: fix return code from FLUSH command (bsc#1134607 LTC#177518). - net/smc: fix sender_free computation (bsc#1129857 LTC#176247). - net/smc: fix smc_poll in SMC_INIT state (bsc#1129848 LTC#176249). - net/smc: fix use of variable in cleared area (bsc#1129857 LTC#176247). - net/smc: improve smc_conn_create reason codes (bsc#1134607 LTC#177518). - net/smc: improve smc_listen_work reason codes (bsc#1134607 LTC#177518). - net/smc: move code to clear the conn->lgr field (bsc#1129857 LTC#176247). - net/smc: move unhash before release of clcsock (bsc#1134607 LTC#177518). - net/smc: move wake up of close waiter (bsc#1129857 LTC#176247). - net/smc: no delay for free tx buffer wait (bsc#1129857 LTC#176247). - net/smc: nonblocking connect rework (bsc#1134607 LTC#177518). - net/smc: postpone release of clcsock (bsc#1129857 LTC#176247). - net/smc: preallocated memory for rdma work requests (bsc#1129857 LTC#176247). - net/smc: prevent races between smc_lgr_terminate() and smc_conn_free() (bsc#1129857 LTC#176247). - net/smc: propagate file from SMC to TCP socket (bsc#1134607 LTC#177518). - net/smc: recvmsg and splice_read should return 0 after shutdown (bsc#1129857 LTC#176247). - net/smc: reduce amount of status updates to peer (bsc#1129857 LTC#176247). - net/smc: reset cursor update required flag (bsc#1129857 LTC#176247). - net/smc: rework pnet table (bsc#1130409 LTC#176346). - net/smc: unlock LGR pending lock earlier for SMC-D (bsc#1129857 LTC#176247). - net/smc: use client and server LGR pending locks for SMC-R (bsc#1129857 LTC#176247). - net/smc: use device link provided in qp_context (bsc#1129857 LTC#176247). - net/smc: use smc_curs_copy() for SMC-D (bsc#1129857 LTC#176247). - net/smc: wait for pending work before clcsock release_sock (bsc#1134607 LTC#177518). - net: Fix a bug in removing queues from XPS map (git-fixes). - net: aquantia: fix rx checksum offload for UDP/TCP over IPv6 (networking-stable-19_03_28). - net: atm: Fix potential Spectre v1 vulnerabilities (networking-stable-19_04_19). - net: avoid skb_warn_bad_offload on IS_ERR (git-fixes). - net: do not keep lonely packets forever in the gro hash (git-fixes). - net: dsa: bcm_sf2: fix buffer overflow doing set_rxnfc (networking-stable-19_05_04). - net: dsa: legacy: do not unmask port bitmaps (git-fixes). - net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT (git-fixes). - net: ena: fix return value of ena_com_config_llq_info() (bsc#1111696 bsc#1117561). - net: ethtool: not call vzalloc for zero sized memory request (networking-stable-19_04_10). - net: fix uninit-value in __hw_addr_add_ex() (git-fixes). - net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv (networking-stable-19_04_19). - net: hns3: remove resetting check in hclgevf_reset_task_schedule (bsc#1104353 bsc#1135056). - net: initialize skb->peeked when cloning (git-fixes). - net: make skb_partial_csum_set() more robust against overflows (git-fixes). - net: phy: marvell: Fix buffer overrun with stats counters (networking-stable-19_05_04). - net: rds: exchange of 8K and 1M pool (networking-stable-19_04_30). - net: rose: fix a possible stack overflow (networking-stable-19_03_28). - net: socket: fix potential spectre v1 gadget in socketcall (git-fixes). - net: stmmac: fix memory corruption with large MTUs (networking-stable-19_03_28). - net: stmmac: move stmmac_check_ether_addr() to driver probe (networking-stable-19_04_30). - net: test tailroom before appending to linear skb (git-fixes). - net: thunderx: do not allow jumbo frames with XDP (networking-stable-19_04_19). - net: thunderx: raise XDP MTU to 1508 (networking-stable-19_04_19). - net: unbreak CONFIG_RETPOLINE=n builds (bsc#1124503). - net: use indirect call wrappers at GRO network layer (bsc#1124503). - net: use indirect call wrappers at GRO transport layer (bsc#1124503). - netfilter: bridge: Do not sabotage nf_hook calls from an l3mdev (git-fixes). - netfilter: bridge: ebt_among: add missing match size checks (git-fixes). - netfilter: bridge: ebt_among: add more missing match size checks (git-fixes). - netfilter: drop template ct when conntrack is skipped (git-fixes). - netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule (git-fixes). - netfilter: ebtables: handle string from userspace with care (git-fixes). - netfilter: ebtables: reject non-bridge targets (git-fixes). - netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel (git-fixes). - netfilter: nf_log: do not hold nf_log_mutex during user access (git-fixes). - netfilter: nf_log: fix uninit read in nf_log_proc_dostring (git-fixes). - netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v{4,6} (git-fixes). - netfilter: nf_tables: can't fail after linking rule into active rule list (git-fixes). - netfilter: nf_tables: check msg_type before nft_trans_set(trans) (git-fixes). - netfilter: nf_tables: fix NULL pointer dereference on nft_ct_helper_obj_dump() (git-fixes). - netfilter: nf_tables: fix leaking object reference count (git-fixes). - netfilter: nf_tables: release chain in flushing set (git-fixes). - netfilter: nft_compat: do not dump private area (git-fixes). - netfilter: x_tables: initialise match/target check parameter struct (git-fixes). - netlink: fix uninit-value in netlink_sendmsg (git-fixes). - nfs add module option to limit nfsv4 minor version (jsc#PM-231). - nfs: Enable nfsv4.2 support - jsc@PM-231 This requires a module parameter for nfsv4.2 to actually be available on SLE12 and SLE15-SP0 - nfsv4.x: always serialize open/close operations (bsc#1114893). - nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands (bsc#1051510). - nvme-rdma: fix possible free of a non-allocated async event buffer (bsc#1120423). - nvme: Do not remove namespaces during reset (bsc#1131673). - nvme: flush scan_work when resetting controller (bsc#1131673). - objtool: Fix function fallthrough detection (bsc#1058115). - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget (bsc#1136434). - ocfs2: turn on OCFS2_FS_STATS setting(bsc#1134393) We need to turn on OCFS2_FS_STATS kernel configuration setting, to fix bsc#1134393. - of: fix clang -Wunsequenced for be32_to_cpu() (bsc#1135642). - omapfb: add missing of_node_put after of_device_is_available (bsc#1051510). - openvswitch: add seqadj extension when NAT is used (bsc#1051510). - openvswitch: fix flow actions reallocation (bsc#1051510). - p54: drop device reference count if fails to enable device (bsc#1135642). - packet: fix reserve calculation (git-fixes). - packet: in packet_snd start writing at link layer allocation (git-fixes). - packet: refine ring v3 block size test to hold one frame (git-fixes). - packet: reset network header if packet shorter than ll reserved space (git-fixes). - packet: validate msg_namelen in send directly (git-fixes). - packets: Always register packet sk in the same order (networking-stable-19_03_28). - pci: Factor out pcie_retrain_link() function (git-fixes). - pci: Mark AMD Stoney Radeon R7 GPU ATS as broken (bsc#1051510). - pci: Mark Atheros AR9462 to avoid bus reset (bsc#1051510). - pci: Work around Pericom pcie-to-pci bridge Retrain Link erratum (git-fixes). - pci: endpoint: Use EPC's device in dma_alloc_coherent()/dma_free_coherent() (git-fixes). - phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode (bsc#1051510). - platform/x86: alienware-wmi: printing the wrong error code (bsc#1051510). - platform/x86: dell-rbtn: Add missing #include (bsc#1051510). - platform/x86: intel_pmc_ipc: adding error handling (bsc#1051510). - platform/x86: intel_punit_ipc: Revert 'Fix resource ioremap warning' (bsc#1051510). - platform/x86: pmc_atom: Add Lex 3I380D industrial PC to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Add several Beckhoff Automation boards to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Drop __initconst on dmi table (bsc#1051510). - platform/x86: sony-laptop: Fix unintentional fall-through (bsc#1051510). - power: supply: axp20x_usb_power: Fix typo in VBUS current limit macros (bsc#1051510). - power: supply: axp288_charger: Fix unchecked return value (bsc#1051510). - powerpc/eeh: Fix race with driver un/bind (bsc#1065729). - powerpc/msi: Fix NULL pointer access in teardown code (bsc#1065729). - powerpc/perf: Fix MMCRA corruption by bhrb_filter (bsc#1053043). - powerpc/powernv/idle: Restore IAMR after idle (bsc#1065729). - powerpc/process: Fix sparse address space warnings (bsc#1065729). - powerpc: Always initialize input array when calling epapr_hypercall() (bsc#1065729). - powerpc: Fix HMIs on big-endian with CONFIG_RELOCATABLE=y (bsc#1065729). - proc/kcore: do not bounds check against address 0 (bsc#1051510). - proc/sysctl: fix return error for proc_doulongvec_minmax() (bsc#1051510). - proc: revalidate kernel thread inodes to root:root (bsc#1051510). - ptrace: take into account saved_sigmask in PTRACE{GET,SET}SIGMASK (git-fixes). - pwm: Fix deadlock warning when removing PWM device (bsc#1051510). - pwm: meson: Consider 128 a valid pre-divider (bsc#1051510). - pwm: meson: Do not disable PWM when setting duty repeatedly (bsc#1051510). - pwm: meson: Use the spin-lock only to protect register modifications (bsc#1051510). - pwm: tiehrpwm: Update shadow register for disabling PWMs (bsc#1051510). - qla2xxx: allow irqbalance control in non-MQ mode (bsc#1128979). - qla2xxx: always allocate qla_tgt_wq (bsc#1131451). - qmi_wwan: add Olicard 600 (bsc#1051510). - rdma/hns: Fix bug that caused srq creation to fail (bsc#1104427 ). - rdma/rxe: Consider skb reserve space based on netdev of GID (bsc#1082387, bsc#1103992). - regulator: tps65086: Fix tps65086_ldoa1_ranges for selector 0xB (bsc#1051510). - rt2x00: do not increment sequence number while re-transmitting (bsc#1051510). - rtc: da9063: set uie_unsupported when relevant (bsc#1051510). - rtc: sh: Fix invalid alarm warning for non-enabled alarm (bsc#1051510). - rtlwifi: rtl8723ae: Fix missing break in switch statement (bsc#1051510). - rxrpc: Fix error reception on AF_INET6 sockets (git-fixes). - rxrpc: Fix transport sockopts to get IPv4 errors on an IPv6 socket (git-fixes). - s390/ism: ignore some errors during deregistration (bsc#1129857 LTC#176247). - s390/qdio: clear intparm during shutdown (bsc#1134597 LTC#177516). - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() (bsc#1051510). - sc16is7xx: move label 'err_spi' to correct section (bsc#1051510). - sc16is7xx: put err_spi and err_i2c into correct #ifdef (bsc#1051510). - scripts: override locale from environment when running recordmcount.pl (bsc#1134354). - scsi: qedf: fixup bit operations (bsc#1135542). - scsi: qedf: fixup locking in qedf_restart_rport() (bsc#1135542). - scsi: qedf: missing kref_put in qedf_xmit() (bsc#1135542). - scsi: qla2xxx: Declare local functions 'static' (bsc#1137444). - scsi: qla2xxx: Fix function argument descriptions (bsc#1118139). - scsi: qla2xxx: Fix memory corruption during hba reset test (bsc#1118139). - scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show (bsc#1132044). - scsi: qla2xxx: Improve several kernel-doc headers (bsc#1137444). - scsi: qla2xxx: Introduce a switch/case statement in qlt_xmit_tm_rsp() (bsc#1137444). - scsi: qla2xxx: Make qla2x00_sysfs_write_nvram() easier to analyze (bsc#1137444). - scsi: qla2xxx: Make sure that qlafx00_ioctl_iosb_entry() initializes 'res' (bsc#1137444). - scsi: qla2xxx: NULL check before some freeing functions is not needed (bsc#1137444). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1137444). - scsi: qla2xxx: Remove two arguments from qlafx00_error_entry() (bsc#1137444). - scsi: qla2xxx: Remove unused symbols (bsc#1118139). - scsi: qla2xxx: Split the __qla2x00_abort_all_cmds() function (bsc#1137444). - scsi: qla2xxx: Use %p for printing pointers (bsc#1118139). - scsi: qla2xxx: fix error message on qla2400 (bsc#1118139). - scsi: qla2xxx: fix spelling mistake: 'existant' -> 'existent' (bsc#1118139). - scsi: qla2xxx: fully convert to the generic DMA API (bsc#1137444). - scsi: qla2xxx: fx00 copypaste typo (bsc#1118139). - scsi: qla2xxx: remove the unused tcm_qla2xxx_cmd_wq (bsc#1118139). - scsi: qla2xxx: use lower_32_bits and upper_32_bits instead of reinventing them (bsc#1137444). - sctp: avoid running the sctp state machine recursively (networking-stable-19_05_04). - sctp: fix identification of new acks for SFR-CACC (git-fixes). - sctp: get sctphdr by offset in sctp_compute_cksum (networking-stable-19_03_28). - sctp: initialize _pad of sockaddr_in before copying to user memory (networking-stable-19_04_10). - sctp: only update outstanding_bytes for transmitted queue when doing prsctp_prune (git-fixes). - sctp: set frag_point in sctp_setsockopt_maxseg correctly` (git-fixes). - selinux: use kernel linux/socket.h for genheaders and mdp (bsc#1134810). - serial: 8250_pxa: honor the port number from devicetree (bsc#1051510). - serial: ar933x_uart: Fix build failure with disabled console (bsc#1051510). - serial: uartps: console_setup() can't be placed to init section (bsc#1051510). - signal: Always notice exiting tasks (git-fixes). - signal: Better detection of synchronous signals (git-fixes). - signal: Restore the stop PTRACE_EVENT_EXIT (git-fixes). - smc: move unhash as early as possible in smc_release() (bsc#1129857 LTC#176247). - soc/fsl/qe: Fix an error code in qe_pin_request() (bsc#1051510). - soc/tegra: pmc: Drop locking from tegra_powergate_is_powered() (bsc#1051510). - spi: Micrel eth switch: declare missing of table (bsc#1051510). - spi: ST ST95HF NFC: declare missing of table (bsc#1051510). - spi: a3700: Clear DATA_OUT when performing a read (bsc#1051510). - spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios (bsc#1051510). - spi: bcm2835aux: setup gpio-cs to output and correct level during setup (bsc#1051510). - spi: bcm2835aux: warn in dmesg that native cs is not really supported (bsc#1051510). - spi: rspi: Fix sequencer reset during initialization (bsc#1051510). - ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit (bsc#1051510). - staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc (bsc#1051510). - stm class: Fix an endless loop in channel allocation (bsc#1051510). - stm class: Fix channel free in stm output free path (bsc#1051510). - stm class: Prevent division by zero (bsc#1051510). - stmmac: pci: Adjust IOT2000 matching (networking-stable-19_04_30). - supported.conf: Add openvswitch to kernel-default-base (bsc#1124839). - supported.conf: Add openvswitch to kernel-default-base (bsc#1124839). - switchtec: Fix unintended mask of MRPC event (git-fixes). - tcp: Ensure DCTCP reacts to losses (networking-stable-19_04_10). - tcp: add tcp_min_snd_mss sysctl (bsc#1137586). - tcp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28). - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586). - tcp: limit payload size of sacked skbs (bsc#1137586). - tcp: purge write queue in tcp_connect_init() (git-fixes). - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586). - tcp: tcp_grow_window() needs to respect tcp_space() (networking-stable-19_04_19). - team: fix possible recursive locking when add slaves (networking-stable-19_04_30). - team: set slave to promisc if team is already in promisc mode (bsc#1051510). - thermal/int340x_thermal: Add additional UUIDs (bsc#1051510). - thermal/int340x_thermal: fix mode setting (bsc#1051510). - thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power (bsc#1051510). - thunderx: eliminate extra calls to put_page() for pages held for recycling (networking-stable-19_03_28). - thunderx: enable page recycling for non-XDP case (networking-stable-19_03_28). - tipc: fix hanging clients using poll with EPOLLOUT flag (git-fixes). - tipc: missing entries in name table of publications (networking-stable-19_04_19). - tools lib traceevent: Fix missing equality check for strcmp (bsc#1129770). - tracing: Fix partial reading of trace event's id file (bsc#1136573). - treewide: Use DEVICE_ATTR_WO (bsc#1137739). - tty: increase the default flip buffer limit to 2*640K (bsc#1051510). - tty: pty: Fix race condition between release_one_tty and pty_write (bsc#1051510). - tty: serial_core, add ->install (bnc#1129693). - tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if blankinterval == 0 (bsc#1051510). - tun: add a missing rcu_read_unlock() in error path (networking-stable-19_03_28). - tun: properly test for IFF_UP (networking-stable-19_03_28). - uas: fix alignment of scatter/gather segments (bsc#1129770). - udp: use indirect call wrappers for GRO socket lookup (bsc#1124503). - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour (bsc#1135323). - usb-storage: Set virt_boundary_mask to avoid SG overflows (bsc#1051510). - usb: cdc-acm: fix unthrottle races (bsc#1051510). - usb: core: Fix bug caused by duplicate interface PM usage counter (bsc#1051510). - usb: core: Fix unterminated string returned by usb_string() (bsc#1051510). - usb: dwc3: Fix default lpm_nyet_threshold value (bsc#1051510). - usb: gadget: net2272: Fix net2272_dequeue() (bsc#1051510). - usb: gadget: net2280: Fix net2280_dequeue() (bsc#1051510). - usb: gadget: net2280: Fix overrun of OUT messages (bsc#1051510). - usb: serial: f81232: fix interrupt worker not stop (bsc#1051510). - usb: serial: fix unthrottle races (bsc#1051510). - usb: u132-hcd: fix resource leak (bsc#1051510). - usb: usb251xb: fix to avoid potential NULL pointer dereference (bsc#1051510). - usb: usbip: fix isoc packet num validation in get_pipe (bsc#1051510). - usb: w1 ds2490: Fix bug caused by improper use of altsetting array (bsc#1051510). - usb: yurex: Fix protection fault after device removal (bsc#1051510). - userfaultfd: use RCU to free the task struct when fork fails (git-fixes). - vfio/mdev: Avoid release parent reference during error path (bsc#1051510). - vfio/mdev: Fix aborting mdev child device removal if one fails (bsc#1051510). - vfio/pci: use correct format characters (bsc#1051510). - vfio_pci: Enable memory accesses before calling pci_map_rom (bsc#1051510). - vhost/vsock: fix reset orphans race with close timeout (bsc#1051510). - vhost: reject zero size iova range (networking-stable-19_04_19). - virtio-blk: limit number of hw queues by nr_cpu_ids (bsc#1051510). - virtio: Honour 'may_reduce_num' in vring_create_virtqueue (bsc#1051510). - virtio_pci: fix a NULL pointer reference in vp_del_vqs (bsc#1051510). - vrf: check accept_source_route on the original netdevice (networking-stable-19_04_10). - vsock/virtio: Initialize core virtio vsock before registering the driver (bsc#1051510). - vsock/virtio: fix kernel panic after device hot-unplug (bsc#1051510). - vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock (bsc#1051510). - vsock/virtio: reset connected sockets on device removal (bsc#1051510). - vt: always call notifier with the console lock held (bsc#1051510). - vxlan: Do not call gro_cells_destroy() before device is unregistered (networking-stable-19_03_28). - x86/speculation/mds: Fix documentation typo (bsc#1135642). - x86_64: Add gap to int3 to allow for call emulation (bsc#1099658). - x86_64: Allow breakpoints to emulate call instructions (bsc#1099658). - xenbus: drop useless LIST_HEAD in xenbus_write_watch() and xenbus_file_write() (bsc#1065600). - xfrm6: avoid potential infinite loop in _decode_session6() (git-fixes). - xfrm6: call kfree_skb when skb is toobig (git-fixes). - xfrm: Fix stack-out-of-bounds read on socket policy lookup (git-fixes). - xfrm: Return error on unknown encap_type in init_state (git-fixes). - xfrm: Validate address prefix lengths in the xfrm selector (git-fixes). - xfrm: fix 'passing zero to ERR_PTR()' warning (git-fixes). - xfrm: fix missing dst_release() after policy blocking lbcast and multicast (git-fixes). - xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) (git-fixes). - xfrm: reset crypto_done when iterating over multiple input xfrms (git-fixes). - xfrm: reset transport header back to network header after all input transforms ahave been applied (git-fixes). - xfrm_user: prevent leaking 2 bytes of kernel memory (git-fixes). - xfs: add log item pinning error injection tag (bsc#1114427). - xfs: buffer lru reference count error injection tag (bsc#1114427). - xfs: check _btree_check_block value (bsc#1123663). - xfs: convert drop_writes to use the errortag mechanism (bsc#1114427). - xfs: create block pointer check functions (bsc#1123663). - xfs: create inode pointer verifiers (bsc#1114427). - xfs: detect and fix bad summary counts at mount (bsc#1114427). - xfs: export _inobt_btrec_to_irec and _ialloc_cluster_alignment for scrub (bsc#1114427). - xfs: export various function for the online scrubber (bsc#1123663). - xfs: expose errortag knobs via sysfs (bsc#1114427). - xfs: fix unused variable warning in xfs_buf_set_ref() (bsc#1114427). - xfs: force summary counter recalc at next mount (bsc#1114427). - xfs: kill meaningless variable 'zero' (bsc#1106011). - xfs: make errortag a per-mountpoint structure (bsc#1123663). - xfs: move error injection tags into their own file (bsc#1114427). - xfs: prepare xfs_break_layouts() for another layout type (bsc#1106011). - xfs: prepare xfs_break_layouts() to be called with XFS_MMAPLOCK_EXCL (bsc#1106011). - xfs: refactor btree block header checking functions (bsc#1123663). - xfs: refactor btree pointer checks (bsc#1123663). - xfs: refactor unmount record write (bsc#1114427). - xfs: remove unneeded parameter from XFS_TEST_ERROR (bsc#1123663). - xfs: remove xfs_zero_range (bsc#1106011). - xfs: rename MAXPATHLEN to XFS_SYMLINK_MAXLEN (bsc#1123663). - xfs: replace log_badcrc_factor knob with error injection tag (bsc#1114427). - xfs: sanity-check the unused space before trying to use it (bsc#1123663). - xfs: serialize unaligned dio writes against all other dio writes (bsc#1134936). Important SUSE bug 1012382 SUSE bug 1050242 SUSE bug 1051510 SUSE bug 1053043 SUSE bug 1056787 SUSE bug 1058115 SUSE bug 1063638 SUSE bug 1064802 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1066129 SUSE bug 1068546 SUSE bug 1071995 SUSE bug 1075020 SUSE bug 1082387 SUSE bug 1083647 SUSE bug 1085535 SUSE bug 1099658 SUSE bug 1103992 SUSE bug 1104353 SUSE bug 1104427 SUSE bug 1106011 SUSE bug 1106284 SUSE bug 1108838 SUSE bug 1110946 SUSE bug 1111696 SUSE bug 1112063 SUSE bug 1113722 SUSE bug 1114427 SUSE bug 1114893 SUSE bug 1115688 SUSE bug 1117158 SUSE bug 1117561 SUSE bug 1118139 SUSE bug 1119843 SUSE bug 1120091 SUSE bug 1120423 SUSE bug 1120566 SUSE bug 1120843 SUSE bug 1120902 SUSE bug 1122776 SUSE bug 1123454 SUSE bug 1123663 SUSE bug 1124503 SUSE bug 1124839 SUSE bug 1126356 SUSE bug 1127616 SUSE bug 1128052 SUSE bug 1128904 SUSE bug 1128905 SUSE bug 1128979 SUSE bug 1129138 SUSE bug 1129497 SUSE bug 1129693 SUSE bug 1129770 SUSE bug 1129848 SUSE bug 1129857 SUSE bug 1130409 SUSE bug 1130699 SUSE bug 1130972 SUSE bug 1131451 SUSE bug 1131488 SUSE bug 1131565 SUSE bug 1131673 SUSE bug 1132044 SUSE bug 1132894 SUSE bug 1133176 SUSE bug 1133188 SUSE bug 1133190 SUSE bug 1133320 SUSE bug 1133612 SUSE bug 1133616 SUSE bug 1134160 SUSE bug 1134162 SUSE bug 1134199 SUSE bug 1134200 SUSE bug 1134201 SUSE bug 1134202 SUSE bug 1134203 SUSE bug 1134204 SUSE bug 1134205 SUSE bug 1134354 SUSE bug 1134393 SUSE bug 1134459 SUSE bug 1134460 SUSE bug 1134461 SUSE bug 1134537 SUSE bug 1134591 SUSE bug 1134597 SUSE bug 1134607 SUSE bug 1134651 SUSE bug 1134671 SUSE bug 1134760 SUSE bug 1134806 SUSE bug 1134810 SUSE bug 1134813 SUSE bug 1134848 SUSE bug 1134936 SUSE bug 1135006 SUSE bug 1135007 SUSE bug 1135008 SUSE bug 1135056 SUSE bug 1135100 SUSE bug 1135120 SUSE bug 1135278 SUSE bug 1135281 SUSE bug 1135309 SUSE bug 1135312 SUSE bug 1135314 SUSE bug 1135315 SUSE bug 1135316 SUSE bug 1135320 SUSE bug 1135323 SUSE bug 1135330 SUSE bug 1135492 SUSE bug 1135542 SUSE bug 1135556 SUSE bug 1135603 SUSE bug 1135642 SUSE bug 1135661 SUSE bug 1135758 SUSE bug 1136206 SUSE bug 1136424 SUSE bug 1136428 SUSE bug 1136430 SUSE bug 1136432 SUSE bug 1136434 SUSE bug 1136435 SUSE bug 1136438 SUSE bug 1136439 SUSE bug 1136477 SUSE bug 1136478 SUSE bug 1136573 SUSE bug 1136586 SUSE bug 1136881 SUSE bug 1136935 SUSE bug 1136990 SUSE bug 1137151 SUSE bug 1137152 SUSE bug 1137153 SUSE bug 1137162 SUSE bug 1137372 SUSE bug 1137444 SUSE bug 1137586 SUSE bug 1137739 SUSE bug 1137752 CVE-2018-7191 CVE-2019-10124 CVE-2019-11085 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11486 CVE-2019-11487 CVE-2019-11815 CVE-2019-11833 CVE-2019-11884 CVE-2019-12382 CVE-2019-3846 CVE-2019-5489 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for doxygen fixes the following issues: - CVE-2016-10245: XSS was possible via insufficient sanitization of the query parameter in templates/html/search_opensearch.php (bsc#1136364) Moderate SUSE bug 1136364 CVE-2016-10245 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). - CVE-2019-10166: Fixed an issue with virDomainManagedSaveDefineXML which could have been used to alter the domain's config used for managedsave or execute arbitrary emulator binaries (bsc#1138302). - CVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303). Important SUSE bug 1138301 SUSE bug 1138302 SUSE bug 1138303 CVE-2019-10161 CVE-2019-10166 CVE-2019-10167 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for gstreamer-plugins-base fixes the following issue: Security issue fixed: - CVE-2019-9928: Fixed a heap-based overflow in the rtsp connection parser (bsc#1133375). Important SUSE bug 1133375 CVE-2019-9928 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2019-8457: Fixed a Heap out-of-bound read in rtreenode() when handling invalid rtree tables (bsc#1136976). Important SUSE bug 1136976 CVE-2019-8457 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for gstreamer-0_10-plugins-base fixes the following issues: Security issue fixed: - CVE-2019-9928: Fixed a heap-based overflow in the rtsp connection parser (bsc#1133375). Important SUSE bug 1133375 CVE-2019-9928 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libssh2_org fixes the following issues: - Fix the previous fix for CVE-2019-3860 (bsc#1136570, bsc#1128481) (Out-of-bounds reads with specially crafted SFTP packets) Moderate SUSE bug 1128481 SUSE bug 1136570 CVE-2019-3860 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for wireshark to version 2.4.15 fixes the following issues: Security issue fixed: - Fixed a denial of service in the dissection engine (bsc#1136021). Moderate SUSE bug 1136021 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 5 Fix Pack 35. Security issues fixed: - CVE-2019-10245: Fixed Java bytecode verifier issue causing crashes (bsc#1134718). - CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729). - CVE-2019-2697: Fixed flaw inside the 2D component (bsc#1132734). - CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728). - CVE-2019-2684: Fixed flaw was found in the RMI registry implementation (bsc#1132732). Important SUSE bug 1132728 SUSE bug 1132729 SUSE bug 1132732 SUSE bug 1132734 SUSE bug 1134718 CVE-2019-10245 CVE-2019-2602 CVE-2019-2684 CVE-2019-2697 CVE-2019-2698 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for netpbm fixes the following issues: Security issues fixed: - CVE-2018-8975: The pm_mallocarray2 function allowed remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file (bsc#1086777). - CVE-2017-2579: Fixed out-of-bounds read in expandCodeOntoStack() (bsc#1024288). - CVE-2017-2580: Fixed out-of-bounds write of heap data in addPixelToRaster() function (bsc#1024291). - create netpbm-vulnerable subpackage and move pstopnm there (bsc#1136936) Moderate SUSE bug 1024288 SUSE bug 1024291 SUSE bug 1086777 SUSE bug 1136936 CVE-2017-2579 CVE-2017-2580 CVE-2018-8975 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for MozillaFirefox fixes the following issues: - Mozilla Firefox Firefox 60.7.2 MFSA 2019-19 (bsc#1138872) - CVE-2019-11708: Fix sandbox escape using Prompt:Open. * Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes could result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. Important SUSE bug 1138872 CVE-2019-11708 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-11597: Fixed a heap-based buffer over-read in the WriteTIFFImage() (bsc#1138464). - Fixed a file content disclosure via SVG and WMF decoding (bsc#1138425).- CVE-2019-11472: Fixed a denial of service in ReadXWDImage() (bsc#1133204). - CVE-2019-11470: Fixed a denial of service in ReadCINImage() (bsc#1133205). - CVE-2019-11506: Fixed a heap-based buffer overflow in the WriteMATLABImage() (bsc#1133498). - CVE-2019-11505: Fixed a heap-based buffer overflow in the WritePDBImage() (bsc#1133501). - CVE-2019-10131: Fixed a off-by-one read in formatIPTCfromBuffer function in coders/meta.c (bsc#1134075). - CVE-2017-12806: Fixed a denial of service through memory exhaustion in format8BIM() (bsc#1135232). - CVE-2017-12805: Fixed a denial of service through memory exhaustion in ReadTIFFImage() (bsc#1135236). - CVE-2019-11598: Fixed a heap-based buffer over-read in WritePNMImage() (bsc#1136732) We also now disable PCL in the -SUSE configuration, as it also uses ghostscript for decoding (bsc#1136183) Moderate SUSE bug 1133204 SUSE bug 1133205 SUSE bug 1133498 SUSE bug 1133501 SUSE bug 1134075 SUSE bug 1135232 SUSE bug 1135236 SUSE bug 1136183 SUSE bug 1136732 SUSE bug 1138425 SUSE bug 1138464 CVE-2017-12805 CVE-2017-12806 CVE-2019-10131 CVE-2019-11470 CVE-2019-11472 CVE-2019-11505 CVE-2019-11506 CVE-2019-11597 CVE-2019-11598 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for glibc fixes the following issues: Security issue fixed: - CVE-2015-5180: Fixed a NULL pointer dereference with internal QTYPE (bsc#941234). Feature work: - IBM zSeries arch13 hardware support in glibc added (fate#327072, bsc#1132678) Other issue addressed: - Fixed a concurrency issue with ldconfig (bsc#1117993). Moderate SUSE bug 1117993 SUSE bug 1132678 SUSE bug 941234 CVE-2015-5180 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for glib2 provides the following fix: Security issues fixed: - CVE-2019-12450: Fixed an improper file permission when copy operation takes place (bsc#1137001). - CVE-2018-16428: Avoid a null pointer dereference that could crash glib2 users in markup processing (bnc#1107121). - CVE-2018-16429: Fixed out-of-bounds read vulnerability ing_markup_parse_context_parse() (bsc#1107116). Non-security issues fixed: - Install dummy *-mimeapps.list files to prevent dead symlinks. (bsc#1061599) Important SUSE bug 1061599 SUSE bug 1107116 SUSE bug 1107121 SUSE bug 1137001 CVE-2018-16428 CVE-2018-16429 CVE-2019-12450 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for php72 fixes the following issues: Security issues fixed: - CVE-2019-11039: Fixed a heap-buffer-overflow on php_jpg_get16 (bsc#1138173). - CVE-2019-11040: Fixed an out-of-bounds read due to an integer overflow in iconv.c:_php_iconv_mime_decode() (bsc#1138172). Moderate SUSE bug 1138172 SUSE bug 1138173 CVE-2019-11039 CVE-2019-11040 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for php7 fixes the following issues: Security issues fixed: - CVE-2019-11039: Fixed a heap-buffer-overflow on php_jpg_get16 (bsc#1138173). - CVE-2019-11040: Fixed an out-of-bounds read due to an integer overflow in iconv.c:_php_iconv_mime_decode() (bsc#1138172). Other issue addressed: - Enable php7 testsuite (bsc#1119396 Moderate SUSE bug 1119396 SUSE bug 1138172 SUSE bug 1138173 CVE-2019-11039 CVE-2019-11040 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for elfutils fixes the following issues: Security issues fixed: - CVE-2018-16403: Fixed a heap-based buffer over-read that could have led to Denial of Service (bsc#1107067). - CVE-2016-10254: Fixed a memory allocation failure in alloxate_elf (bsc#1030472). - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007). - CVE-2016-10255: Fixed a memory allocation failure in libelf_set_rawdata_wrlock (bsc#1030476). - CVE-2019-7150: Added a missing check in dwfl_segment_report_module which could have allowed truncated files to be read (bsc#1123685). - CVE-2018-16062: Fixed a heap-buffer-overflow (bsc#1106390). - CVE-2017-7611: Fixed a heap-based buffer over-read that could have led to Denial of Service (bsc#1033088). - CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file (bsc#1033090). - CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084). - CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085). - CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087). - CVE-2018-18521: Fixed multiple divide-by-zero vulnerabilities in function arlib_add_symbols() (bsc#1112723). - CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089). - CVE-2018-18310: Fixed an invalid address read in dwfl_segment_report_module.c (bsc#1111973). - CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726). Low SUSE bug 1030472 SUSE bug 1030476 SUSE bug 1033084 SUSE bug 1033085 SUSE bug 1033087 SUSE bug 1033088 SUSE bug 1033089 SUSE bug 1033090 SUSE bug 1106390 SUSE bug 1107067 SUSE bug 1111973 SUSE bug 1112723 SUSE bug 1112726 SUSE bug 1123685 SUSE bug 1125007 CVE-2016-10254 CVE-2016-10255 CVE-2017-7607 CVE-2017-7608 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7150 CVE-2019-7665 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for php5 fixes the following issues: Security issues fixed: - CVE-2019-11039: Fixed a heap-buffer-overflow on php_jpg_get16 (bsc#1138173). - CVE-2019-11040: Fixed an out-of-bounds read due to an integer overflow in iconv.c:_php_iconv_mime_decode() (bsc#1138172). - CVE-2015-1351: Fixed a use after free in opcache extension (bsc#1137633). Moderate SUSE bug 1137633 SUSE bug 1138172 SUSE bug 1138173 CVE-2015-1351 CVE-2019-11039 CVE-2019-11040 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for postgresql10 to version 10.9 fixes the following issue: Security issue fixed: - CVE-2019-10164: Fixed buffer-overflow vulnerabilities in SCRAM verifier parsing (bsc#1138034). More information at https://www.postgresql.org/docs/10/release-10-9.html Important SUSE bug 1138034 CVE-2019-10164 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for zeromq fixes the following issues: - CVE-2019-13132: An unauthenticated remote attacker could have exploited a stack overflow vulnerability on a server that is supposed to be protected by encryption and authentication to potentially gain a remote code execution. (bsc#1140255) Important SUSE bug 1140255 CVE-2019-13132 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for avahi fixes the following issues: Security issue fixed: - CVE-2018-1000845: Fixed DNS amplification and reflection to spoofed addresses (DOS) (bsc#1120281) Moderate SUSE bug 1120281 CVE-2018-1000845 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libdlm, libqb fixes the following issues: libqb to version 1.0.3: - CVE-2019-12779: Fixed an insecure treatment of IPC temporary files which could have allowed a local attacker to overwrite privileged system files (bsc#1137835). - Enabled use of filesystem sockets for linux (fate#323415). - Fixed logging with newer binutils version (bsc#1074327). libdlm: - Explicitly used and linked libstonithd from libpacemaker3 (bsc#1098449). Important SUSE bug 1069468 SUSE bug 1074327 SUSE bug 1098449 SUSE bug 1137835 CVE-2019-12779 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-13012: Fixed improper restriction of file permissions when creating directories (bsc#1139959). Non-security issue fixed: - Added explicit requires between libglib2 and libgio2 (bsc#1140122). Important SUSE bug 1139959 SUSE bug 1140122 CVE-2019-13012 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for expat fixes the following issues: Security issue fixed: - CVE-2018-20843: Fixed a denial of service triggered by high resource consumption in the XML parser when XML names contain a large amount of colons (bsc#1139937). Moderate SUSE bug 1139937 CVE-2018-20843 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for podofo fixes the following issues: Security issues fixed: - CVE-2017-8054: Fixed a vulnerability in PdfPagesTree::GetPageNodeFromArray function which could allow remote attackers to cause Denial of Service (bsc#1035596). - CVE-2018-5783: Fixed an uncontrolled memory allocation in PdfVecObjects::Reserve function (bsc#1076962). - CVE-2018-11255: Fixed a null pointer dereference in PdfPage::GetPageNumber() function which could lead to Denial of Service (bsc#1096890). - CVE-2018-20751: Fixed a null pointer dereference in crop_page function (bsc#1124357). - CVE-2018-12982: Fixed an invalid memory read in PdfVariant::DelayedLoad() function which could allow remote attackers to cause Denial of Service (bsc#1099720). - Fixed a buffer overflow in TestEncrypt function. - Fixed a null pointer dereference in PdfTranslator-setTarget function. - Fixed a heap based buffer overflow PdfVariant:DelayedLoad function. Moderate SUSE bug 1035596 SUSE bug 1076962 SUSE bug 1096890 SUSE bug 1099720 SUSE bug 1124357 CVE-2017-8054 CVE-2018-11255 CVE-2018-12982 CVE-2018-20751 CVE-2018-5783 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for webkit2gtk3 to version 2.24.2 fixes the following issues: Security issues fixed: - CVE-2019-6237, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8615, CVE-2019-8611, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623 (bsc#1135715). Important SUSE bug 1133291 SUSE bug 1135715 CVE-2019-6237 CVE-2019-8571 CVE-2019-8583 CVE-2019-8584 CVE-2019-8586 CVE-2019-8587 CVE-2019-8594 CVE-2019-8595 CVE-2019-8596 CVE-2019-8597 CVE-2019-8601 CVE-2019-8607 CVE-2019-8608 CVE-2019-8609 CVE-2019-8610 CVE-2019-8611 CVE-2019-8615 CVE-2019-8619 CVE-2019-8622 CVE-2019-8623 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-10638: A device could have been tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. (bnc#1140575) - CVE-2019-10639: Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image was exposed. This attack could have been carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic was trivial if the server answered ICMP Echo requests (ping). For client targets, if the target visited the attacker's web page, then WebRTC or gQUIC could be used to force UDP traffic to attacker-controlled IP addresses. (bnc#1140577) - CVE-2018-20836: A race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, could have lead to a use-after-free. (bnc#1134395) - CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (bnc#1133738) - CVE-2019-12614: An unchecked kstrdup might have allowed an attacker to cause denial of service (a NULL pointer dereference and system crash). (bnc#1137194) - CVE-2019-12819: The function __mdiobus_register() in drivers/net/phy/mdio_bus.c called put_device() which would trigger a fixed_mdio_bus_init use-after-free. This would cause a denial of service. (bnc#1138291) - CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may have returned NULL. If the caller did not check for this, it would trigger a NULL pointer dereference. This would cause denial of service. (bnc#1138293) The following non-security bugs were fixed: - 6lowpan: Off by one handling ->nexthdr (bsc#1051510). - acpi / property: fix handling of data_nodes in acpi_get_next_subnode() (bsc#1051510). - acpi: Add Hygon Dhyana support - af_key: unconditionally clone on broadcast (bsc#1051510). - alsa: firewire-lib/fireworks: fix miss detection of received MIDI messages (bsc#1051510). - alsa: firewire-motu: fix destruction of data for isochronous resources (bsc#1051510). - alsa: hda - Force polling mode on CNL for fixing codec communication (bsc#1051510). - alsa: hda/realtek - Change front mic location for Lenovo M710q (bsc#1051510). - alsa: hda/realtek - Set default power save node to 0 (bsc#1051510). - alsa: hda/realtek - Update headset mode for ALC256 (bsc#1051510). - alsa: hda/realtek: Add quirks for several Clevo notebook barebones (bsc#1051510). - alsa: line6: Fix write on zero-sized buffer (bsc#1051510). - alsa: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510). - alsa: seq: fix incorrect order of dest_client/dest_ports arguments (bsc#1051510). - alsa: usb-audio: fix sign unintended sign extension on left shifts (bsc#1051510). - apparmor: enforce nullbyte at end of tag string (bsc#1051510). - asoc: cs42xx8: Add regcache mask dirty (bsc#1051510). - asoc: eukrea-tlv320: fix a leaked reference by adding missing of_node_put (bsc#1051510). - asoc: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510). - asoc: fsl_sai: Update is_slave_mode with correct value (bsc#1051510). - asoc: fsl_utils: fix a leaked reference by adding missing of_node_put (bsc#1051510). - asoc: hdmi-codec: unlock the device on startup errors (bsc#1051510). - audit: fix a memory leak bug (bsc#1051510). - ax25: fix inconsistent lock state in ax25_destroy_timer (bsc#1051510). - batman-adv: allow updating DAT entry timeouts on incoming ARP Replies (bsc#1051510). - blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432). - blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637). - block: Fix a NULL pointer dereference in generic_make_request() (bsc#1139771). - bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328). - bluetooth: Replace the bluetooth fix with the upstream commit (bsc#1135556) - brcmfmac: convert dev_init_lock mutex to completion (bsc#1051510). - brcmfmac: fix Oops when bringing up interface during USB disconnect (bsc#1051510). - brcmfmac: fix WARNING during USB disconnect in case of unempty psq (bsc#1051510). - brcmfmac: fix missing checks for kmemdup (bsc#1051510). - brcmfmac: fix race during disconnect when USB completion is in progress (bsc#1051510). - can: af_can: Fix error path of can_init() (bsc#1051510). - can: flexcan: fix timeout when set small bitrate (bsc#1051510). - can: purge socket error queue on sock destruct (bsc#1051510). - ceph: flush dirty inodes before proceeding with remount (bsc#1140405). - cfg80211: fix memory leak of wiphy device name (bsc#1051510). - chardev: add additional check for minor range overlap (bsc#1051510). - clk: rockchip: Turn on 'aclk_dmac1' for suspend on rk3288 (bsc#1051510). - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider (bsc#1051510). - coresight: etb10: Fix handling of perf mode (bsc#1051510). - coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510). - cpu/topology: Export die_id (jsc#SLE-5454). - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ (). - cpufreq: Add Hygon Dhyana support (). - crypto: algapi - guard against uninitialized spawn list in crypto_remove_spawns (bsc#1133401). - crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510). - crypto: user - prevent operating on larval algorithms (bsc#1133401). - device core: Consolidate locking and unlocking of parent and device (bsc#1106383). - dm, dax: Fix detection of DAX support (bsc#1139782). - dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510). - doc: Cope with the deprecation of AutoReporter (bsc#1051510). - docs: Fix conf.py for Sphinx 2.0 (bsc#1135642). - documentation: Correct the possible MDS sysfs values (bsc#1135642). - drbd: Avoid Clang warning about pointless switch statment (bsc#1051510). - drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bsc#1051510). - drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510). - drbd: skip spurious timeout (ping-timeo) when failing promote (bsc#1051510). - driver core: Establish order of operations for device_add and device_del via bitflag (bsc#1106383). - driver core: Probe devices asynchronously instead of the driver (bsc#1106383). - drivers/base: Introduce kill_device() (bsc#1139865). - drivers/base: kABI fixes for struct device_private (bsc#1106383). - drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' (bsc#1051510). - drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() (bsc#1051510). - drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var (bsc#1051510). - drivers: thermal: tsens: Do not print error message on -EPROBE_DEFER (bsc#1051510). - drm/amdgpu: fix old fence check in amdgpu_fence_emit (bsc#1051510). - drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510). - drm/drv: Hold ref on parent device during drm_device lifetime (bsc#1051510). - drm/gma500/cdv: Check vbt config bits when detecting lvds panels (bsc#1051510). - drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510). - drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510). - drm/i915/sdvo: Implement proper HDMI audio support for SDVO (bsc#1051510). - drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration (bsc#1051510). - drm/radeon: prefer lower reference dividers (bsc#1051510). - drm: Wake up next in drm_read() chain if we are forced to putback the event (bsc#1051510). - edac, amd64: Add Hygon Dhyana support (). - edac/mc: Fix edac_mc_find() in case no device is found (bsc#1114279). - extcon: arizona: Disable mic detect if running when driver is removed (bsc#1051510). - ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995). - fuse: fallocate: fix return with locked inode (bsc#1051510). - fuse: fix writepages on 32bit (bsc#1051510). - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate (bsc#1051510). - genirq: Prevent use-after-free and work list corruption (bsc#1051510). - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bsc#1051510). - genwqe: Prevent an integer overflow in the ioctl (bsc#1051510). - gpio: Remove obsolete comment about gpiochip_free_hogs() usage (bsc#1051510). - gpio: fix gpio-adp5588 build errors (bsc#1051510). - hid: Wacom: switch Dell canvas into highres mode (bsc#1051510). - hid: input: fix a4tech horizontal wheel custom usage (bsc#1137429). - hid: logitech-hidpp: change low battery level threshold from 31 to 30 percent (bsc#1051510). - hid: logitech-hidpp: use RAP instead of FAP to get the protocol version (bsc#1051510). - hid: wacom: Add ability to provide explicit battery status info (bsc#1051510). - hid: wacom: Add support for 3rd generation Intuos BT (bsc#1051510). - hid: wacom: Add support for Pro Pen slim (bsc#1051510). - hid: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth (bsc#1051510). - hid: wacom: Do not report anything prior to the tool entering range (bsc#1051510). - hid: wacom: Do not set tool type until we're in range (bsc#1051510). - hid: wacom: Mark expected switch fall-through (bsc#1051510). - hid: wacom: Move HID fix for AES serial number into wacom_hid_usage_quirk (bsc#1051510). - hid: wacom: Move handling of HID quirks into a dedicated function (bsc#1051510). - hid: wacom: Properly handle AES serial number and tool type (bsc#1051510). - hid: wacom: Queue events with missing type/serial data for later processing (bsc#1051510). - hid: wacom: Remove comparison of u8 mode with zero and simplify (bsc#1051510). - hid: wacom: Replace touch_max fixup code with static touch_max definitions (bsc#1051510). - hid: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact (bsc#1051510). - hid: wacom: Support 'in range' for Intuos/Bamboo tablets where possible (bsc#1051510). - hid: wacom: Sync INTUOSP2_BT touch state after each frame if necessary (bsc#1051510). - hid: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 (bsc#1051510). - hid: wacom: convert Wacom custom usages to standard HID usages (bsc#1051510). - hid: wacom: fix mistake in printk (bsc#1051510). - hid: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0 (bsc#1051510). - hid: wacom: generic: Leave tool in prox until it completely leaves sense (bsc#1051510). - hid: wacom: generic: Refactor generic battery handling (bsc#1051510). - hid: wacom: generic: Report AES battery information (bsc#1051510). - hid: wacom: generic: Reset events back to zero when pen leaves (bsc#1051510). - hid: wacom: generic: Scale battery capacity measurements to percentages (bsc#1051510). - hid: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set (bsc#1051510). - hid: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range (bsc#1051510). - hid: wacom: generic: Support multiple tools per report (bsc#1051510). - hid: wacom: generic: Use generic codepath terminology in wacom_wac_pen_report (bsc#1051510). - hid: wacom: generic: add the 'Report Valid' usage (bsc#1051510). - hid: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510). - hwmon/coretemp: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - hwmon/coretemp: Support multi-die/package (jsc#SLE-5454). - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (). - hwmon: (core) add thermal sensors only if dev->of_node is present (bsc#1051510). - hwmon: (k10temp) 27C Offset needed for Threadripper2 (). - hwmon: (k10temp) Add Hygon Dhyana support (). - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics (). - hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs (). - hwmon: (k10temp) Add support for family 17h (). - hwmon: (k10temp) Add support for temperature offsets (). - hwmon: (k10temp) Add temperature offset for Ryzen 1900X (). - hwmon: (k10temp) Add temperature offset for Ryzen 2700X (). - hwmon: (k10temp) Correct model name for Ryzen 1600X (). - hwmon: (k10temp) Display both Tctl and Tdie (). - hwmon: (k10temp) Fix reading critical temperature register (). - hwmon: (k10temp) Make function get_raw_temp static (). - hwmon: (k10temp) Move chip specific code into probe function (). - hwmon: (k10temp) Only apply temperature offset if result is positive (). - hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh processors (). - hwmon: (k10temp) Use API function to access System Management Network (). - hwmon: (pmbus/core) Treat parameters as paged if on multiple pages (bsc#1051510). - hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify offset table (). - hwrng: omap - Set default quality (bsc#1051510). - i2c-piix4: Add Hygon Dhyana SMBus support (). - i2c: acorn: fix i2c warning (bsc#1135642). - i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr (bsc#1051510). - i2c: i801: Add support for Intel Comet Lake (jsc#SLE-5331). - ibmveth: Update ethtool settings to reflect virtual properties (bsc#1136157, LTC#177197). - iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion (bsc#1051510). - iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data (bsc#1051510). - iio: hmc5843: fix potential NULL pointer dereferences (bsc#1051510). - input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510). - input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD (bsc#1051510). - iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb() (bsc#1051510). - iwlwifi: pcie: do not crash on invalid RX interrupt (bsc#1051510). - kABI workaround for the new pci_dev.skip_bus_pm field addition (bsc#1051510). - kabi: x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - kabi: x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - kernel-binary: Use -c grep option in klp project detection. - kernel-binary: fix missing \ - kernel-binary: rpm does not support multiline condition - kernel-subpackage-spec: Add dummy package to ensure subpackages are rebuilt with kernel update (bsc#1106751). In factory packages are not rebuilt automatically so a dependency is needed on the old kernel to get a rebuild with the new kernel. THe subpackage itself cannot depend on the kernel so add another empty pacakge that does depend on it. - kmps: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137). - kmps: provide and conflict a kernel version specific KMP name (bsc#1127155, bsc#1109137). - kvm: PPC: Book3S HV: Avoid lockdep debugging in TCE realmode handlers (bsc#1061840). - kvm: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough interrupts (bsc#1061840). - kvm: PPC: Book3S: Protect memslots while validating user address (bsc#1061840). - kvm: PPC: Release all hardware TCE tables attached to a group (bsc#1061840). - kvm: PPC: Remove redundand permission bits removal (bsc#1061840). - kvm: PPC: Validate TCEs against preregistered memory page sizes (bsc#1061840). - kvm: PPC: Validate all tces before updating tables (bsc#1061840). - kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID (bsc#1114279). - kvm: x86: Include multiple indices with CPUID leaf 0x8000001d (bsc#1114279). - leds: avoid flush_work in atomic context (bsc#1051510). - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk (bsc#1051510). - libnvdimm, pfn: Fix over-trim in trim_pfn_device() (bsc#1140719). - libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865). - mISDN: make sure device name is NUL terminated (bsc#1051510). - mac80211/cfg80211: update bss channel on channel switch (bsc#1051510). - mac80211: Do not use stack memory with scatterlist for GMAC (bsc#1051510). - mac80211: Fix kernel panic due to use of txq after free (bsc#1051510). - mac80211: drop robust management frames from unknown TA (bsc#1051510). - mac80211: handle deauthentication/disassociation from TDLS peer (bsc#1051510). - media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() (bsc#1051510). - media: au0828: stop video streaming only when last user stops (bsc#1051510). - media: coda: clear error return value before picture run (bsc#1051510). - media: cpia2: Fix use-after-free in cpia2_exit (bsc#1051510). - media: go7007: avoid clang frame overflow warning with KASAN (bsc#1051510). - media: m88ds3103: serialize reset messages in m88ds3103_set_frontend (bsc#1051510). - media: ov2659: make S_FMT succeed even if requested format does not match (bsc#1051510). - media: saa7146: avoid high stack usage with clang (bsc#1051510). - media: smsusb: better handle optional alignment (bsc#1051510). - media: usb: siano: Fix false-positive 'uninitialized variable' warning (bsc#1051510). - media: usb: siano: Fix general protection fault in smsusb (bsc#1051510). - media: v4l2-ioctl: clear fields in s_parm (bsc#1051510). - mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L (bsc#1051510). - mfd: intel-lpss: Set the device in reset state when init (bsc#1051510). - mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values (bsc#1051510). - mfd: tps65912-spi: Add missing of table registration (bsc#1051510). - mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510). - mm: pagechage-limit: Calculate pagecache-limit based on node state (bsc#1136811) - mmc: core: Prevent processing SDIO IRQs when the card is suspended (bsc#1051510). - mmc: core: Verify SD bus width (bsc#1051510). - mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers (bsc#1051510). - mmc: mmci: Prevent polling for busy detection in IRQ context (bsc#1051510). - mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum A-009204 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC5 support (bsc#1051510). - mmc_spi: add a status check for spi_sync_locked (bsc#1051510). - module: Fix livepatch/ftrace module text permissions race (bsc#1071995). - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633). - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633). - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633). - nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814). - nfit/ars: Avoid stale ARS results (jsc#SLE-5433). - nfit/ars: Introduce scrub_flags (jsc#SLE-5433). - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642). - nvme-rdma: fix double freeing of async event data (bsc#1120423). - nvme-rdma: fix possible double free of controller async event buffer (bsc#1120423). - nvme: copy MTFA field from identify controller (bsc#1140715). - nvme: skip nvme_update_disk_info() if the controller is not live (bsc#1128432). - nvmem: Do not let a NULL cell_id for nvmem_cell_get() crash us (bsc#1051510). - nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510). - nvmem: core: fix read buffer in place (bsc#1051510). - nvmem: correct Broadcom OTP controller driver writes (bsc#1051510). - nvmem: imx-ocotp: Add i.MX7D timing write clock setup support (bsc#1051510). - nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510). - nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510). - nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function (bsc#1051510). - nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510). - nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510). - nvmem: imx-ocotp: Update module description (bsc#1051510). - nvmem: properly handle returned value nvmem_reg_read (bsc#1051510). - ocfs2: try to reuse extent block in dealloc without meta_alloc (bsc#1128902). - parport: Fix mem leak in parport_register_dev_model (bsc#1051510). - pci: PM: Avoid possible suspend-to-idle issue (bsc#1051510). - pci: PM: Skip devices in D0 for suspend-to-idle (bsc#1051510). - pci: rpadlpar: Fix leaked device_node references in add/remove paths (bsc#1051510). - perf tools: Add Hygon Dhyana support (). - perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/rapl: Cosmetic rename internal variables in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454). - platform/chrome: cros_ec_proto: check for NULL transfer function (bsc#1051510). - platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration (bsc#1051510). - pm/core: Propagate dev->power.wakeup_path when no callbacks (bsc#1051510). - power: supply: max14656: fix potential use-before-alloc (bsc#1051510). - power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510). - powercap/intel_rapl: Simplify rapl_find_package() (jsc#SLE-5454). - powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454). - powercap/intel_rapl: Update RAPL domain name and debug messages (jsc#SLE-5454). - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374, LTC#178199). - powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list (bsc#1137728, LTC#178106). - powerpc/perf: Add POWER9 alternate PM_RUN_CYC and PM_RUN_INST_CMPL events (bsc#1137728, LTC#178106). - powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199). - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199). - powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375, LTC#178204). - powerpc/rtas: retry when cpu offline races with suspend/migration (bsc#1140428, LTC#178808). - ppp: mppe: Add softdep to arc4 (bsc#1088047). - qlcnic: Avoid potential NULL pointer dereference (bsc#1051510). - qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510). - qmi_wwan: add network device usage statistics for qmimux devices (bsc#1051510). - qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510). - qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode (bsc#1051510). - qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510). - rapidio: fix a NULL pointer dereference when create_workqueue() fails (bsc#1051510). - ras/cec: Convert the timer callback to a workqueue (bsc#1114279). - ras/cec: Fix binary search function (bsc#1114279). - rpm/dtb.spec.in.in: Fix new include path Commit 89de3db69113d58cdab14d2c777de6080eac49dc ('rpm/dtb.spec.in.in: Update include path for dt-bindings') introduced an additional include path for 4.12. The commit message had it correct, but the spec file template lacked a path component, breaking the aarch64 build while succeeding on armv7hl. Fix that. - rpm/dtb.spec.in.in: Update include path for dt-bindings Kernels before 4.12 had arch/{arm,arm64}/boot/dts/include/ directories with a symlink to include/dt-bindings/. In 4.12 those include/ directories were dropped. Therefore use include/ directly. Additionally some cross-architecture .dtsi reuse was introduced, which requires scripts/dtc/include-prefixes/ that didn't exist on older kernels. - rpm/kernel-binary.spec.in: Add back kernel-binary-base subpackage (jsc#SLE-3853). - rpm/kernel-binary.spec.in: Build livepatch support in SUSE release projects (bsc#1124167). - rpm/kernel-subpackage-build: handle arm kernel zImage. - rpm/kernel-subpackage-spec: only provide firmware actually present in subpackage. - rpm/package-descriptions: fix typo in kernel-azure - rpm/post.sh: correct typo in err msg (bsc#1137625) - rpm: Add arm64 dtb-allwinner subpackage 4.10 added arch/arm64/boot/dts/allwinner/. - rpm: Add arm64 dtb-zte subpackage 4.9 added arch/arm64/boot/dts/zte/. - rtc: 88pm860x: prevent use-after-free on device remove (bsc#1051510). - rtc: do not reference bogus function pointer in kdoc (bsc#1051510). - rtlwifi: fix a potential NULL pointer dereference (bsc#1051510). - s390: fix booting problem (bsc#1140948). - s390/dasd: fix using offset into zero size array error (bsc#1051510). - s390/jump_label: Use 'jdd' constraint on gcc9 (bsc#1138589). - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event (bsc#1051510). - s390/qeth: fix race when initializing the IP address table (bsc#1051510). - s390/setup: fix early warning messages (bsc#1051510). - s390/virtio: handle find on invalid queue gracefully (bsc#1051510). - sbitmap: fix improper use of smp_mb__before_atomic() (bsc#1140658). - sched/topology: Improve load balancing on AMD EPYC (bsc#1137366). - scripts/git_sort/git_sort.py: add djbw/nvdimm nvdimm-pending. - scripts/git_sort/git_sort.py: add nvdimm/libnvdimm-fixes - scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390). - scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555). - scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555). - scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() (bsc#1140727). - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bsc#1140728). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296). - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove (bsc#1051510). - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bsc#1051510). - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bsc#1051510). - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) (bsc#1051510). - serial: sh-sci: disable DMA for uart_console (bsc#1051510). - smb3: Fix endian warning (bsc#1137884). - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher (bsc#1051510). - soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510). - spi : spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510). - spi: Fix zero length xfer bug (bsc#1051510). - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master (bsc#1051510). - spi: pxa2xx: Add support for Intel Comet Lake (jsc#SLE-5331). - spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510). - spi: spi-fsl-spi: call spi_finalize_current_message() at the end (bsc#1051510). - spi: tegra114: reset controller on probe (bsc#1051510). - staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest (bsc#1051510). - staging: vc04_services: prevent integer overflow in create_pagelist() (bsc#1051510). - staging: wlan-ng: fix adapter initialization failure (bsc#1051510). - svm: Add warning message for AVIC IPI invalid target (bsc#1140133). - svm: Fix AVIC incomplete IPI emulation (bsc#1140133). - sysctl: handle overflow in proc_get_long (bsc#1051510). - test_firmware: Use correct snprintf() limit (bsc#1135642). - thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - thermal/x86_pkg_temp_thermal: Support multi-die/package (jsc#SLE-5454). - thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510). - thunderbolt: Fix to check for kmemdup failure (bsc#1051510). - tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510). - tmpfs: fix uninitialized return value in shmem_link (bsc#1051510). - tools/cpupower: Add Hygon Dhyana support (). - topology: Create core_cpus and die_cpus sysfs attributes (jsc#SLE-5454). - topology: Create package_cpus sysfs attribute (jsc#SLE-5454). - tracing/snapshot: Resize spare buffer if size changed (bsc#1140726). - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler (bsc#1051510). - tty: ipwireless: fix missing checks for ioremap (bsc#1051510). - tty: max310x: Fix external crystal register setup (bsc#1051510). - tty: serial: msm_serial: Fix XON/XOFF (bsc#1051510). - usb: Add LPM quirk for Surface Dock GigE adapter (bsc#1051510). - usb: Fix chipmunk-like voice when using Logitech C270 for recording audio (bsc#1051510). - usb: Fix slab-out-of-bounds write in usb_get_bos_descriptor (bsc#1051510). - usb: chipidea: udc: workaround for endpoint conflict issue (bsc#1135642). - usb: core: Add PM runtime calls to usb_hcd_platform_shutdown (bsc#1051510). - usb: core: Do not unbind interfaces following device reset failure (bsc#1051510). - usb: dwc2: Fix DMA cache alignment issues (bsc#1051510). - usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression) (bsc#1135642). - usb: rio500: fix memory leak in close after disconnect (bsc#1051510). - usb: rio500: refuse more than one device at a time (bsc#1051510). - usb: serial: fix initial-termios handling (bsc#1135642). - usb: serial: option: add Telit 0x1260 and 0x1261 compositions (bsc#1051510). - usb: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode (bsc#1051510). - usb: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510). - usb: serial: pl2303: fix tranceiver suspend mode (bsc#1135642). - usb: sisusbvga: fix oops in error path of sisusb_probe (bsc#1051510). - usb: usb-storage: Add new ID to ums-realtek (bsc#1051510). - usb: xhci: avoid null pointer deref when bos field is NULL (bsc#1135642). - usbip: usbip_host: fix BUG: sleeping function called from invalid context (bsc#1051510). - usbip: usbip_host: fix stub_dev lock context imbalance regression (bsc#1051510). - usbnet: fix kernel crash after disconnect (bsc#1051510). - usbnet: ipheth: fix racing condition (bsc#1051510). - vfio: ccw: only free cp on final interrupt (bsc#1051510). - video: hgafb: fix potential NULL pointer dereference (bsc#1051510). - video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510). - virtio_console: initialize vtermno value for ports (bsc#1051510). - vlan: disable SIOCSHWTSTAMP in container (bsc#1051510). - vxlan: trivial indenting fix (bsc#1051510). - vxlan: use __be32 type for the param vni in __vxlan_fdb_delete (bsc#1051510). - w1: fix the resume command API (bsc#1051510). - watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510). - x86/CPU/AMD: Do not force the CPB cap when running under a hypervisor (bsc#1114279). - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors (). - x86/alternative: Init ideal_nops for Hygon Dhyana (). - x86/amd_nb: Add support for Raven Ridge CPUs (). - x86/amd_nb: Check vendor in AMD-only functions (). - x86/apic: Add Hygon Dhyana support (). - x86/bugs: Add Hygon Dhyana to the respective mitigation machinery (). - x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number (). - x86/cpu: Create Hygon Dhyana architecture support file (). - x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana (). - x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382). - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (jsc#SLE-5382). This changes definitions of some bits, but they are intended to be used only by the core, so hopefully, no KMP uses the definitions. - x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions (jsc#SLE-5382). - x86/events: Add Hygon Dhyana support to PMU infrastructure (). - x86/kvm: Add Hygon Dhyana support to KVM (). - x86/mce: Add Hygon Dhyana support to the MCA infrastructure (). - x86/mce: Do not disable MCA banks when offlining a CPU on AMD (). - x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279). - x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback (bsc#1114279). - x86/microcode: Fix microcode hotplug state (bsc#1114279). - x86/microcode: Fix the ancient deprecated microcode loading method (bsc#1114279). - x86/mm/mem_encrypt: Disable all instrumentation for early SME setup (bsc#1114279). - x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and northbridge (). - x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana (). - x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454). - x86/speculation/mds: Revert CPU buffer clear on double fault exit (bsc#1114279). - x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - x86/topology: Create topology_max_die_per_package() (jsc#SLE-5454). - x86/topology: Define topology_die_id() (jsc#SLE-5454). - x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - x86/xen: Add Hygon Dhyana support to Xen (). - xen/pciback: Do not disable PCI_COMMAND on PCI device reset (bsc#1065600). - xfs: do not clear imap_valid for a non-uptodate buffers (bsc#1138018). - xfs: do not look at buffer heads in xfs_add_to_ioend (bsc#1138013). - xfs: do not set the page uptodate in xfs_writepage_map (bsc#1138003). - xfs: do not use XFS_BMAPI_ENTRIRE in xfs_get_blocks (bsc#1137999). - xfs: do not use XFS_BMAPI_IGSTATE in xfs_map_blocks (bsc#1138005). - xfs: eof trim writeback mapping as soon as it is cached (bsc#1138019). - xfs: fix s_maxbytes overflow problems (bsc#1137996). - xfs: make xfs_writepage_map extent map centric (bsc#1138009). - xfs: minor cleanup for xfs_get_blocks (bsc#1138000). - xfs: move all writeback buffer_head manipulation into xfs_map_at_offset (bsc#1138014). - xfs: refactor the tail of xfs_writepage_map (bsc#1138016). - xfs: remove XFS_IO_INVALID (bsc#1138017). - xfs: remove the imap_valid flag (bsc#1138012). - xfs: remove unused parameter from xfs_writepage_map (bsc#1137995). - xfs: remove xfs_map_cow (bsc#1138007). - xfs: remove xfs_reflink_find_cow_mapping (bsc#1138010). - xfs: remove xfs_reflink_trim_irec_to_next_cow (bsc#1138006). - xfs: remove xfs_start_page_writeback (bsc#1138015). - xfs: rename the offset variable in xfs_writepage_map (bsc#1138008). - xfs: simplify xfs_map_blocks by using xfs_iext_lookup_extent directly (bsc#1138011). - xfs: skip CoW writes past EOF when writeback races with truncate (bsc#1137998). - xfs: xfs_reflink_convert_cow() memory allocation deadlock (bsc#1138002). - xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic() (bsc#1051510). - xhci: Use %zu for printing size_t type (bsc#1051510). - xhci: update bounce buffer with correct sg num (bsc#1051510). Important SUSE bug 1051510 SUSE bug 1061840 SUSE bug 1065600 SUSE bug 1071995 SUSE bug 1088047 SUSE bug 1094555 SUSE bug 1098633 SUSE bug 1106383 SUSE bug 1106751 SUSE bug 1109137 SUSE bug 1114279 SUSE bug 1119532 SUSE bug 1120423 SUSE bug 1124167 SUSE bug 1127155 SUSE bug 1128432 SUSE bug 1128902 SUSE bug 1128910 SUSE bug 1132154 SUSE bug 1132390 SUSE bug 1133401 SUSE bug 1133738 SUSE bug 1134303 SUSE bug 1134395 SUSE bug 1135296 SUSE bug 1135556 SUSE bug 1135642 SUSE bug 1136157 SUSE bug 1136811 SUSE bug 1136922 SUSE bug 1137103 SUSE bug 1137194 SUSE bug 1137221 SUSE bug 1137366 SUSE bug 1137429 SUSE bug 1137625 SUSE bug 1137728 SUSE bug 1137884 SUSE bug 1137995 SUSE bug 1137996 SUSE bug 1137998 SUSE bug 1137999 SUSE bug 1138000 SUSE bug 1138002 SUSE bug 1138003 SUSE bug 1138005 SUSE bug 1138006 SUSE bug 1138007 SUSE bug 1138008 SUSE bug 1138009 SUSE bug 1138010 SUSE bug 1138011 SUSE bug 1138012 SUSE bug 1138013 SUSE bug 1138014 SUSE bug 1138015 SUSE bug 1138016 SUSE bug 1138017 SUSE bug 1138018 SUSE bug 1138019 SUSE bug 1138291 SUSE bug 1138293 SUSE bug 1138374 SUSE bug 1138375 SUSE bug 1138589 SUSE bug 1138719 SUSE bug 1139751 SUSE bug 1139771 SUSE bug 1139782 SUSE bug 1139865 SUSE bug 1140133 SUSE bug 1140328 SUSE bug 1140405 SUSE bug 1140424 SUSE bug 1140428 SUSE bug 1140575 SUSE bug 1140577 SUSE bug 1140637 SUSE bug 1140658 SUSE bug 1140715 SUSE bug 1140719 SUSE bug 1140726 SUSE bug 1140727 SUSE bug 1140728 SUSE bug 1140814 SUSE bug 1140948 SUSE bug 821419 SUSE bug 945811 CVE-2018-16871 CVE-2018-20836 CVE-2019-10126 CVE-2019-10638 CVE-2019-10639 CVE-2019-11478 CVE-2019-11599 CVE-2019-12456 CVE-2019-12614 CVE-2019-12818 CVE-2019-12819 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for MozillaFirefox, mozilla-nss fixes the following issues: MozillaFirefox to version ESR 60.8: - CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868). - CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868). - CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868). - CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868). - CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868). - CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868). - CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868). - CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868). - CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868). - CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868). mozilla-nss to version 3.44.1: * Added IPSEC IKE support to softoken * Many new FIPS test cases Important SUSE bug 1140868 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11719 CVE-2019-11729 CVE-2019-11730 CVE-2019-9811 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libxslt fixes the following issues: Security issues fixed: - CVE-2019-13118: Fixed a read of uninitialized stack data (bsc#1140101). - CVE-2019-13117: Fixed a uninitialized read which allowed to discern whether a byte on the stack contains certain special characters (bsc#1140095). Moderate SUSE bug 1140095 SUSE bug 1140101 CVE-2019-13117 CVE-2019-13118 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libxml2 fixes the following issues: Issue fixed: - Fixed a bug related to the fix for CVE-2016-9318 which allowed xsltproc to access the internet even when --nonet was given and also was making docbook-xsl-stylesheets to have incomplete xml catalog file (bsc#1010675, bsc#1126613 and bsc#1110146). Moderate SUSE bug 1010675 SUSE bug 1110146 SUSE bug 1126613 CVE-2016-9318 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for polkit fixes the following issues: Security issue fixed: - CVE-2018-19788: Fixed handling of UIDs over MAX_UINT (bsc#1118277) Moderate SUSE bug 1118277 CVE-2018-19788 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083). - CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657). Important SUSE bug 1139083 SUSE bug 985657 CVE-2016-3189 CVE-2019-12900 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319). - CVE-2018-12232: In net/socket.c in the there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash (bnc#1097593). - CVE-2018-14625: A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (bnc#1106615). - CVE-2018-16862: A security flaw was found in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186). - CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946). - CVE-2018-18397: The userfaultfd implementation mishandled access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656). - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841). - CVE-2018-19854: An issue was discovered in the crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker did not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option) (bnc#1118428). - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). The following non-security bugs were fixed: - acpi / CPPC: Check for valid PCC subspace only if PCC is used (bsc#1117115). - acpi / CPPC: Update all pr_(debug/err) messages to log the susbspace id (bsc#1117115). - aio: fix spectre gadget in lookup_ioctx (bsc#1120594). - alsa: cs46xx: Potential NULL dereference in probe (bsc#1051510). - alsa: emu10k1: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - alsa: emux: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - alsa: fireface: fix for state to fetch PCM frames (bsc#1051510). - alsa: fireface: fix reference to wrong register for clock configuration (bsc#1051510). - alsa: firewire-lib: fix wrong assignment for 'out_packet_without_header' tracepoint (bsc#1051510). - alsa: firewire-lib: fix wrong handling payload_length as payload_quadlet (bsc#1051510). - alsa: firewire-lib: use the same print format for 'without_header' tracepoints (bsc#1051510). - alsa: hda: add mute LED support for HP EliteBook 840 G4 (bsc#1051510). - alsa: hda: Add support for AMD Stoney Ridge (bsc#1051510). - alsa: hda/ca0132 - make pci_iounmap() call conditional (bsc#1051510). - alsa: hda: fix front speakers on Huawei MBXP (bsc#1051510). - alsa: hda/realtek - Add support for Acer Aspire C24-860 headset mic (bsc#1051510). - alsa: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225 (bsc#1051510). - alsa: hda/realtek: ALC286 mic and headset-mode fixups for Acer Aspire U27-880 (bsc#1051510). - alsa: hda/realtek: ALC294 mic and headset-mode fixups for ASUS X542UN (bsc#1051510). - alsa: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX391UA with ALC294 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX433FN/UX333FA with ALC294 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX533FD with ALC294 (bsc#1051510). - alsa: hda/realtek: Enable the headset mic auto detection for ASUS laptops (bsc#1051510). - alsa: hda/realtek - Fixed headphone issue for ALC700 (bsc#1051510). - alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4660G (bsc#1051510). - alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4860G/Z6860G (bsc#1051510). - alsa: hda/realtek - Fix speaker output regression on Thinkpad T570 (bsc#1051510). - alsa: hda/realtek - Fix the mute LED regresion on Lenovo X1 Carbon (bsc#1051510). - alsa: hda/realtek - Support Dell headset mode for New AIO platform (bsc#1051510). - alsa: hda/tegra: clear pending irq handlers (bsc#1051510). - alsa: pcm: Call snd_pcm_unlink() conditionally at closing (bsc#1051510). - alsa: pcm: Fix interval evaluation with openmin/max (bsc#1051510). - alsa: pcm: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: pcm: Fix starvation on down_write_nonblock() (bsc#1051510). - alsa: rme9652: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: trident: Suppress gcc string warning (bsc#1051510). - alsa: usb-audio: Add SMSL D1 to quirks for native DSD support (bsc#1051510). - alsa: usb-audio: Add support for Encore mDSD USB DAC (bsc#1051510). - alsa: usb-audio: Avoid access before bLength check in build_audio_procunit() (bsc#1051510). - alsa: usb-audio: Fix an out-of-bound read in create_composite_quirks (bsc#1051510). - alsa: x86: Fix runtime PM for hdmi-lpe-audio (bsc#1051510). - apparmor: do not try to replace stale label in ptrace access check (git-fixes). - apparmor: do not try to replace stale label in ptraceme check (git-fixes). - apparmor: Fix uninitialized value in aa_split_fqname (git-fixes). - arm64: Add work around for Arm Cortex-A55 Erratum 1024718 (bsc#1120612). - arm64: atomics: Remove '&' from '+&' asm constraint in lse atomics (bsc#1120613). - arm64: cpu_errata: include required headers (bsc#1120615). - arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing (bsc#1120633). - arm64: Fix /proc/iomem for reserved but not memory regions (bsc#1120632). - arm64: lse: Add early clobbers to some input/output asm operands (bsc#1120614). - arm64: lse: remove -fcall-used-x0 flag (bsc#1120618). - arm64: mm: always enable CONFIG_HOLES_IN_ZONE (bsc#1120617). - arm64/numa: Report correct memblock range for the dummy node (bsc#1120620). - arm64/numa: Unify common error path in numa_init() (bsc#1120621). - arm64: remove no-op -p linker flag (bsc#1120616). - ASoC: dapm: Recalculate audio map forcely when card instantiated (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Clapper (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Gnawty (bsc#1051510). - ASoC: Intel: mrfld: fix uninitialized variable access (bsc#1051510). - ASoC: omap-abe-twl6040: Fix missing audio card caused by deferred probing (bsc#1051510). - ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE (bsc#1051510). - ASoC: omap-mcbsp: Fix latency value calculation for pm_qos (bsc#1051510). - ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE (bsc#1051510). - ASoC: rsnd: fixup clock start checker (bsc#1051510). - ASoC: wm_adsp: Fix dma-unsafe read of scratch registers (bsc#1051510). - ath10k: do not assume this is a PCI dev in generic code (bsc#1051510). - ath6kl: Only use match sets when firmware supports it (bsc#1051510). - b43: Fix error in cordic routine (bsc#1051510). - bcache: fix miss key refill->end in writeback (Git-fixes). - bcache: trace missed reading by cache_missed (Git-fixes). - Blacklist 5182f26f6f74 crypto: ccp - Make function sev_get_firmware() static - blk-mq: remove synchronize_rcu() from blk_mq_del_queue_tag_set() (Git-fixes). - block: allow max_discard_segments to be stacked (Git-fixes). - block: blk_init_allocated_queue() set q->fq as NULL in the fail case (Git-fixes). - block: really disable runtime-pm for blk-mq (Git-fixes). - block: reset bi_iter.bi_done after splitting bio (Git-fixes). - block/swim: Fix array bounds check (Git-fixes). - bnxt_en: do not try to offload VLAN 'modify' action (bsc#1050242 ). - bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request (bsc#1086282). - bnxt_en: Fix VNIC reservations on the PF (bsc#1086282 ). - bnxt_en: get the reduced max_irqs by the ones used by RDMA (bsc#1050242). - bpf: fix check of allowed specifiers in bpf_trace_printk (bsc#1083647). - bpf: use per htab salt for bucket hash (git-fixes). - btrfs: Always try all copies when reading extent buffers (git-fixes). - btrfs: delete dead code in btrfs_orphan_add() (bsc#1111469). - btrfs: delete dead code in btrfs_orphan_commit_root() (bsc#1111469). - btrfs: do not BUG_ON() in btrfs_truncate_inode_items() (bsc#1111469). - btrfs: do not check inode's runtime flags under root->orphan_lock (bsc#1111469). - btrfs: do not return ino to ino cache if inode item removal fails (bsc#1111469). - btrfs: fix ENOSPC caused by orphan items reservations (bsc#1111469). - btrfs: Fix error handling in btrfs_cleanup_ordered_extents (git-fixes). - btrfs: fix error handling in btrfs_truncate() (bsc#1111469). - btrfs: fix error handling in btrfs_truncate_inode_items() (bsc#1111469). - btrfs: fix fsync of files with multiple hard links in new directories (1120173). - btrfs: Fix memory barriers usage with device stats counters (git-fixes). - btrfs: fix use-after-free on root->orphan_block_rsv (bsc#1111469). - btrfs: get rid of BTRFS_INODE_HAS_ORPHAN_ITEM (bsc#1111469). - btrfs: get rid of unused orphan infrastructure (bsc#1111469). - btrfs: move btrfs_truncate_block out of trans handle (bsc#1111469). - btrfs: qgroup: Dirty all qgroups before rescan (bsc#1120036). - btrfs: refactor btrfs_evict_inode() reserve refill dance (bsc#1111469). - btrfs: renumber BTRFS_INODE_ runtime flags and switch to enums (bsc#1111469). - btrfs: reserve space for O_TMPFILE orphan item deletion (bsc#1111469). - btrfs: run delayed items before dropping the snapshot (bsc#1121263, bsc#1111188). - btrfs: stop creating orphan items for truncate (bsc#1111469). - btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875). - btrfs: update stale comments referencing vmtruncate() (bsc#1111469). - can: flexcan: flexcan_irq(): fix indention (bsc#1051510). - cdrom: do not attempt to fiddle with cdo->capability (bsc#1051510). - ceph: do not update importing cap's mseq when handing cap export (bsc#1121273). - char_dev: extend dynamic allocation of majors into a higher range (bsc#1121058). - char_dev: Fix off-by-one bugs in find_dynamic_major() (bsc#1121058). - clk: mmp: Off by one in mmp_clk_add() (bsc#1051510). - clk: mvebu: Off by one bugs in cp110_of_clk_get() (bsc#1051510). - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations (git-fixes). - config: arm64: enable erratum 1024718 - cpufeature: avoid warning when compiling with clang (Git-fixes). - cpufreq / CPPC: Add cpuinfo_cur_freq support for CPPC (bsc#1117115). - cpufreq: CPPC: fix build in absence of v3 support (bsc#1117115). - cpupower: remove stringop-truncation waring (git-fixes). - crypto: bcm - fix normal/non key hash algorithm failure (bsc#1051510). - crypto: ccp - Add DOWNLOAD_FIRMWARE SEV command (). - crypto: ccp - Add GET_ID SEV command (). - crypto: ccp - Add psp enabled message when initialization succeeds (). - crypto: ccp - Add support for new CCP/PSP device ID (). - crypto: ccp - Allow SEV firmware to be chosen based on Family and Model (). - crypto: ccp - Fix static checker warning (). - crypto: ccp - Remove unused #defines (). - crypto: ccp - Support register differences between PSP devices (). - dasd: fix deadlock in dasd_times_out (bsc#1121477, LTC#174111). - dax: Check page->mapping isn't NULL (bsc#1120054). - dax: Do not access a freed inode (bsc#1120055). - device property: Define type of PROPERTY_ENRTY_*() macros (bsc#1051510). - device property: fix fwnode_graph_get_next_endpoint() documentation (bsc#1051510). - disable stringop truncation warnings for now (git-fixes). - dm: allocate struct mapped_device with kvzalloc (Git-fixes). - dm cache: destroy migration_cache if cache target registration failed (Git-fixes). - dm cache: fix resize crash if user does not reload cache table (Git-fixes). - dm cache metadata: ignore hints array being too small during resize (Git-fixes). - dm cache metadata: save in-core policy_hint_size to on-disk superblock (Git-fixes). - dm cache metadata: set dirty on all cache blocks after a crash (Git-fixes). - dm cache: only allow a single io_mode cache feature to be requested (Git-fixes). - dm crypt: do not decrease device limits (Git-fixes). - dm: fix report zone remapping to account for partition offset (Git-fixes). - dm integrity: change 'suspending' variable from bool to int (Git-fixes). - dm ioctl: harden copy_params()'s copy_from_user() from malicious users (Git-fixes). - dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled (Git-fixes). - dm linear: fix linear_end_io conditional definition (Git-fixes). - dm thin: handle running out of data space vs concurrent discard (Git-fixes). - dm thin metadata: remove needless work from __commit_transaction (Git-fixes). - dm thin: stop no_space_timeout worker when switching to write-mode (Git-fixes). - dm writecache: fix a crash due to reading past end of dirty_bitmap (Git-fixes). - dm writecache: report start_sector in status line (Git-fixes). - dm zoned: fix metadata block ref counting (Git-fixes). - dm zoned: fix various dmz_get_mblock() issues (Git-fixes). - doc/README.SUSE: correct GIT url No more gitorious, github we use. - drivers/net/usb: add device id for TP-LINK UE300 USB 3.0 Ethernet (bsc#1119749). - drivers/net/usb/r8152: remove the unneeded variable 'ret' in rtl8152_system_suspend (bsc#1119749). - drivers/tty: add missing of_node_put() (bsc#1051510). - drm/amdgpu/gmc8: update MC firmware for polaris (bsc#1113722) - drm/amdgpu: update mc firmware image for polaris12 variants (bsc#1113722) - drm/amdgpu: update SMC firmware image for polaris10 variants (bsc#1113722) - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1113722) - drm/i915/execlists: Apply a full mb before execution for Braswell (bsc#1113722) - drm/ioctl: Fix Spectre v1 vulnerabilities (bsc#1113722) - drm/nouveau/kms: Fix memory leak in nv50_mstm_del() (bsc#1113722) - drm: rcar-du: Fix external clock error checks (bsc#1113722) - drm: rcar-du: Fix vblank initialization (bsc#1113722) - drm/rockchip: psr: do not dereference encoder before it is null (bsc#1113722) - drm: set is_master to 0 upon drm_new_set_master() failure (bsc#1113722) - drm/vc4: Set ->is_yuv to false when num_planes == 1 (bsc#1113722) - drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE (bsc#1113722) - dt-bindings: add compatible string for Allwinner V3s SoC (git-fixes). - dt-bindings: arm: Document SoC compatible value for Armadillo-800 EVA (git-fixes). - dt-bindings: clock: add rk3399 DDR3 standard speed bins (git-fixes). - dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4 (git-fixes). - dt-bindings: iio: update STM32 timers clock names (git-fixes). - dt-bindings: mfd: axp20x: Add AXP806 to supported list of chips (git-fixes). - dt-bindings: net: Remove duplicate NSP Ethernet MAC binding document (git-fixes). - dt-bindings: panel: lvds: Fix path to display timing bindings (git-fixes). - dt-bindings: phy: sun4i-usb-phy: Add property descriptions for H3 (git-fixes). - dt-bindings: pwm: renesas: tpu: Fix 'compatible' prop description (git-fixes). - dt-bindings: pwm: Update STM32 timers clock names (git-fixes). - dt-bindings: rcar-dmac: Document missing error interrupt (git-fixes). - efi: Move some sysfs files to be read-only by root (bsc#1051510). - ethernet: fman: fix wrong of_node_put() in probe function (bsc#1119017). - exportfs: fix 'passing zero to ERR_PTR()' warning (bsc#1118773). - ext2: fix potential use after free (bsc#1118775). - ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#1118760). - ext4: fix EXT4_IOC_GROUP_ADD ioctl (bsc#1120604). - ext4: fix possible use after free in ext4_quota_enable (bsc#1120602). - ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() (bsc#1120603). - extable: Consolidate *kernel_text_address() functions (bsc#1120092). - extable: Enable RCU if it is not watching in kernel_text_address() (bsc#1120092). - fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1113722) - fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1113722) - filesystem-dax: Fix dax_layout_busy_page() livelock (bsc#1118787). - firmware: add firmware_request_nowarn() - load firmware without warnings (). - Fix tracing sample code warning (git-fixes). - fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (Git-fixes). - fscache: Pass the correct cancelled indications to fscache_op_complete() (Git-fixes). - fs: fix lost error code in dio_complete (bsc#1118762). - fs/xfs: Use %pS printk format for direct addresses (git-fixes). - fuse: fix blocked_waitq wakeup (git-fixes). - fuse: fix leaked notify reply (git-fixes). - fuse: fix possibly missed wake-up after abort (git-fixes). - fuse: Fix use-after-free in fuse_dev_do_read() (git-fixes). - fuse: Fix use-after-free in fuse_dev_do_write() (git-fixes). - fuse: fix use-after-free in fuse_direct_IO() (git-fixes). - fuse: set FR_SENT while locked (git-fixes). - gcc-plugins: Add include required by GCC release 8 (git-fixes). - gcc-plugins: Use dynamic initializers (git-fixes). - gfs2: Do not leave s_fs_info pointing to freed memory in init_sbd (bsc#1118769). - gfs2: Fix loop in gfs2_rbm_find (bsc#1120601). - gfs2: Get rid of potential double-freeing in gfs2_create_inode (bsc#1120600). - gfs2_meta: ->mount() can get NULL dev_name (bsc#1118768). - gfs2: Put bitmap buffers in put_super (bsc#1118772). - gpio: davinci: Remove unused member of davinci_gpio_controller (git-fixes). - gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers (bsc#1051510). - gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (bsc#1051510). - gpio: max7301: fix driver for use with CONFIG_VMAP_STACK (bsc#1051510). - gpio: mvebu: only fail on missing clk if pwm is actually to be used (bsc#1051510). - hid: Add quirk for Primax PIXART OEM mice (bsc#1119410). - hid: input: Ignore battery reported by Symbol DS4308 (bsc#1051510). - hid: multitouch: Add pointstick support for Cirque Touchpad (bsc#1051510). - hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - i2c: axxia: properly handle master timeout (bsc#1051510). - i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node (bsc#1051510). - ib/hfi1: Add mtu check for operational data VLs (bsc#1060463 ). - ibmvnic: Convert reset work item mutex to spin lock (). - ibmvnic: Fix non-atomic memory allocation in IRQ context (). - ib/rxe: support for 802.1q VLAN on the listener (bsc#1082387). - ieee802154: 6lowpan: set IFLA_LINK (bsc#1051510). - ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510). - ieee802154: at86rf230: use __func__ macro for debug messages (bsc#1051510). - ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510). - Include modules.fips in kernel-binary as well as kernel-binary-base (). - initramfs: fix initramfs rebuilds w/ compression after disabling (git-fixes). - Input: add official Raspberry Pi's touchscreen driver (). - Input: cros_ec_keyb - fix button/switch capability reports (bsc#1051510). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR (bsc#1051510). - Input: elan_i2c - add ELAN0620 to the ACPI table (bsc#1051510). - Input: elan_i2c - add support for ELAN0621 touchpad (bsc#1051510). - Input: hyper-v - fix wakeup from suspend-to-idle (bsc#1051510). - Input: matrix_keypad - check for errors from of_get_named_gpio() (bsc#1051510). - Input: nomadik-ske-keypad - fix a loop timeout test (bsc#1051510). - Input: omap-keypad - fix keyboard debounce configuration (bsc#1051510). - Input: synaptics - add PNP ID for ThinkPad P50 to SMBus (bsc#1051510). - Input: synaptics - enable SMBus for HP 15-ay000 (bsc#1051510). - Input: xpad - quirk all PDP Xbox One gamepads (bsc#1051510). - integrity/security: fix digsig.c build error with header file (bsc#1051510). - intel_th: msu: Fix an off-by-one in attribute store (bsc#1051510). - iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105). - iommu/vt-d: Handle domain agaw being less than iommu agaw (bsc#1106105). - iwlwifi: add new cards for 9560, 9462, 9461 and killer series (bsc#1051510). - iwlwifi: fix LED command capability bit (bsc#1119086). - iwlwifi: fix non_shared_ant for 22000 devices (bsc#1119086). - iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE (bsc#1119086). - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT to old firmwares (bsc#1119086). - iwlwifi: nvm: get num of hw addresses from firmware (bsc#1119086). - iwlwifi: pcie: do not reset TXQ write pointer (bsc#1051510). - jffs2: free jffs2_sb_info through jffs2_kill_sb() (bsc#1118767). - jump_label: Split out code under the hotplug lock (bsc#1106913). - kabi: hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - kabi protect hnae_ae_ops (bsc#1104353). - kbuild: allow to use GCC toolchain not in Clang search path (git-fixes). - kbuild: fix linker feature test macros when cross compiling with Clang (git-fixes). - kbuild: make missing $DEPMOD a Warning instead of an Error (git-fixes). - kbuild: rpm-pkg: keep spec file until make mrproper (git-fixes). - kbuild: suppress packed-not-aligned warning for default setting only (git-fixes). - kbuild: verify that $DEPMOD is installed (git-fixes). - kdb: use memmove instead of overlapping memcpy (bsc#1120954). - kernfs: Replace strncpy with memcpy (bsc#1120053). - keys: Fix the use of the C++ keyword 'private' in uapi/linux/keyctl.h (Git-fixes). - kobject: Replace strncpy with memcpy (git-fixes). - kprobes: Make list and blacklist root user read only (git-fixes). - kvm: PPC: Book3S PR: Enable use on POWER9 inside HPT-mode guests (bsc#1118484). - libata: whitelist all SAMSUNG MZ7KM* solid-state disks (bsc#1051510). - libertas_tf: prevent underflow in process_cmdrequest() (bsc#1119086). - libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1118962). - libnvdimm, pmem: Fix badblocks population for 'raw' namespaces (bsc#1118788). - lib/raid6: Fix arm64 test build (bsc#1051510). - lib/ubsan.c: do not mark __ubsan_handle_builtin_unreachable as noreturn (bsc#1051510). - Limit max FW API version for QCA9377 (bsc#1121714, bsc#1121715). - linux/bitmap.h: fix type of nbits in bitmap_shift_right() (bsc#1051510). - locking/barriers: Convert users of lockless_dereference() to READ_ONCE() (Git-fixes). - locking/static_keys: Improve uninitialized key warning (bsc#1106913). - mac80211: Clear beacon_int in ieee80211_do_stop (bsc#1051510). - mac80211: fix reordering of buffered broadcast packets (bsc#1051510). - mac80211_hwsim: fix module init error paths for netlink (bsc#1051510). - mac80211_hwsim: Timer should be initialized before device registered (bsc#1051510). - mac80211: ignore NullFunc frames in the duplicate detection (bsc#1051510). - mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext (bsc#1051510). - Mark HI and TASKLET softirq synchronous (git-fixes). - md: fix raid10 hang issue caused by barrier (git-fixes). - media: em28xx: Fix use-after-free when disconnecting (bsc#1051510). - media: em28xx: make v4l2-compliance happier by starting sequence on zero (bsc#1051510). - media: omap3isp: Unregister media device as first (bsc#1051510). - mmc: bcm2835: reset host on timeout (bsc#1051510). - mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support (bsc#1051510). - mmc: core: Reset HPI enabled state during re-init and in case of errors (bsc#1051510). - mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl (bsc#1051510). - mmc: dw_mmc-bluefield: Add driver extension (bsc#1118752). - mmc: dw_mmc-k3: add sd support for hi3660 (bsc#1118752). - MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 (bsc#1051510). - mmc: omap_hsmmc: fix DMA API warning (bsc#1051510). - mmc: sdhci: fix the timeout check window for clock and reset (bsc#1051510). - mm: do not miss the last page because of round-off error (bnc#1118798). - mm: do not warn about large allocations for slab (git fixes (slab)). - mm/huge_memory.c: reorder operations in __split_huge_page_tail() (VM Functionality bsc#1119962). - mm/huge_memory: fix lockdep complaint on 32-bit i_size_read() (VM Functionality, bsc#1121599). - mm/huge_memory: rename freeze_page() to unmap_page() (VM Functionality, bsc#1121599). - mm/huge_memory: splitting set mapping+index before unfreeze (VM Functionality, bsc#1121599). - mm: hugetlb: yield when prepping struct pages (git fixes (memory initialisation)). - mm/khugepaged: collapse_shmem() do not crash on Compound (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() remember to clear holes (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() stop if punched or truncated (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() without freezing new_page (VM Functionality, bsc#1121599). - mm/khugepaged: fix crashes due to misaccounted holes (VM Functionality, bsc#1121599). - mm/khugepaged: minor reorderings in collapse_shmem() (VM Functionality, bsc#1121599). - mm: lower the printk loglevel for __dump_page messages (generic hotplug debugability). - mm, memory_hotplug: be more verbose for memory offline failures (generic hotplug debugability). - mm, memory_hotplug: drop pointless block alignment checks from __offline_pages (generic hotplug debugability). - mm, memory_hotplug: print reason for the offlining failure (generic hotplug debugability). - mm: migration: fix migration of huge PMD shared pages (bnc#1086423). - mm: only report isolation failures when offlining memory (generic hotplug debugability). - mm: print more information about mapping in __dump_page (generic hotplug debugability). - mm: put_and_wait_on_page_locked() while page is migrated (bnc#1109272). - mm: sections are not offlined during memory hotremove (bnc#1119968). - mm: shmem.c: Correctly annotate new inodes for lockdep (Git fixes: shmem). - mm/vmstat.c: fix NUMA statistics updates (git fixes). - Move dell_rbu fix to sorted section (bsc#1087978). - mtd: cfi: convert inline functions to macros (git-fixes). - mtd: Fix comparison in map_word_andequal() (git-fixes). - namei: allow restricted O_CREAT of FIFOs and regular files (bsc#1118766). - nbd: do not allow invalid blocksize settings (Git-fixes). - net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() (bsc#1051510). - net: dsa: mv88e6xxx: Fix binding documentation for MDIO busses (git-fixes). - net: dsa: qca8k: Add QCA8334 binding documentation (git-fixes). - net: ena: fix crash during ena_remove() (bsc#1111696 bsc#1117561). - net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1111696 bsc#1117561). - net: hns3: Add nic state check before calling netif_tx_wake_queue (bsc#1104353). - net: hns3: Add support for hns3_nic_netdev_ops.ndo_do_ioctl (bsc#1104353). - net: hns3: bugfix for buffer not free problem during resetting (bsc#1104353). - net: hns3: bugfix for handling mailbox while the command queue reinitialized (bsc#1104353). - net: hns3: bugfix for hclge_mdio_write and hclge_mdio_read (bsc#1104353). - net: hns3: bugfix for is_valid_csq_clean_head() (bsc#1104353 ). - net: hns3: bugfix for reporting unknown vector0 interrupt repeatly problem (bsc#1104353). - net: hns3: bugfix for rtnl_lock's range in the hclgevf_reset() (bsc#1104353). - net: hns3: bugfix for the initialization of command queue's spin lock (bsc#1104353). - net: hns3: Check hdev state when getting link status (bsc#1104353). - net: hns3: Clear client pointer when initialize client failed or unintialize finished (bsc#1104353). - net: hns3: Fix cmdq registers initialization issue for vf (bsc#1104353). - net: hns3: Fix error of checking used vlan id (bsc#1104353 ). - net: hns3: Fix ets validate issue (bsc#1104353). - net: hns3: Fix for netdev not up problem when setting mtu (bsc#1104353). - net: hns3: Fix for out-of-bounds access when setting pfc back pressure (bsc#1104353). - net: hns3: Fix for packet buffer setting bug (bsc#1104353 ). - net: hns3: Fix for rx vlan id handle to support Rev 0x21 hardware (bsc#1104353). - net: hns3: Fix for setting speed for phy failed problem (bsc#1104353). - net: hns3: Fix for vf vlan delete failed problem (bsc#1104353 ). - net: hns3: Fix loss of coal configuration while doing reset (bsc#1104353). - net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg() (bsc#1104353). - net: hns3: Fix ping exited problem when doing lp selftest (bsc#1104353). - net: hns3: Preserve vlan 0 in hardware table (bsc#1104353 ). - net: hns3: remove unnecessary queue reset in the hns3_uninit_all_ring() (bsc#1104353). - net: hns3: Set STATE_DOWN bit of hdev state when stopping net (bsc#1104353). - net/mlx4_core: Correctly set PFC param if global pause is turned off (bsc#1046299). - net: usb: r8152: constify usb_device_id (bsc#1119749). - net: usb: r8152: use irqsave() in USB's complete callback (bsc#1119749). - nospec: Allow index argument to have const-qualified type (git-fixes) - nospec: Kill array_index_nospec_mask_check() (git-fixes). - nvme-fc: resolve io failures during connect (bsc#1116803). - nvme-multipath: zero out ANA log buffer (bsc#1105168). - nvme: validate controller state before rescheduling keep alive (bsc#1103257). - objtool: Detect RIP-relative switch table references (bsc#1058115). - objtool: Detect RIP-relative switch table references, part 2 (bsc#1058115). - objtool: Fix another switch table detection issue (bsc#1058115). - objtool: Fix double-free in .cold detection error path (bsc#1058115). - objtool: Fix GCC 8 cold subfunction detection for aliased functions (bsc#1058115). - objtool: Fix 'noreturn' detection for recursive sibling calls (bsc#1058115). - objtool: Fix segfault in .cold detection with -ffunction-sections (bsc#1058115). - objtool: Support GCC 8's cold subfunctions (bsc#1058115). - objtool: Support GCC 8 switch tables (bsc#1058115). - panic: avoid deadlocks in re-entrant console drivers (bsc#1088386). - pci: Add ACS quirk for Ampere root ports (bsc#1120058). - pci: Add ACS quirk for APM X-Gene devices (bsc#1120058). - pci: Convert device-specific ACS quirks from NULL termination to ARRAY_SIZE (bsc#1120058). - pci: Delay after FLR of Intel DC P3700 NVMe (bsc#1120058). - pci: Disable Samsung SM961/PM961 NVMe before FLR (bsc#1120058). - pci: Export pcie_has_flr() (bsc#1120058). - pci: iproc: Activate PAXC bridge quirk for more devices (bsc#1120058). - pci: Mark Ceton InfiniTV4 INTx masking as broken (bsc#1120058). - pci: Mark fall-through switch cases before enabling -Wimplicit-fallthrough (bsc#1120058). - pci: Mark Intel XXV710 NIC INTx masking as broken (bsc#1120058). - perf tools: Fix tracing_path_mount proper path (git-fixes). - platform-msi: Free descriptors in platform_msi_domain_free() (bsc#1051510). - powerpc/64s: consolidate MCE counter increment (bsc#1094244). - powerpc/64s/radix: Fix process table entry cache invalidation (bsc#1055186, git-fixes). - powerpc/boot: Expose Kconfig symbols to wrapper (bsc#1065729). - powerpc/boot: Fix build failures with -j 1 (bsc#1065729). - powerpc/pkeys: Fix handling of pkey state across fork() (bsc#1078248, git-fixes). - powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle) (bsc#1055121). - powerpc/pseries: Track LMB nid instead of using device tree (bsc#1108270). - powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244). - power: supply: olpc_battery: correct the temperature units (bsc#1051510). - ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS (bsc#1106913). - qed: Add driver support for 20G link speed (bsc#1110558). - qed: Add support for virtual link (bsc#1111795). - qede: Add driver support for 20G link speed (bsc#1110558). - r8152: add byte_enable for ocp_read_word function (bsc#1119749). - r8152: add Linksys USB3GIGV1 id (bsc#1119749). - r8152: add r8153_phy_status function (bsc#1119749). - r8152: adjust lpm settings for RTL8153 (bsc#1119749). - r8152: adjust rtl8153_runtime_enable function (bsc#1119749). - r8152: adjust the settings about MAC clock speed down for RTL8153 (bsc#1119749). - r8152: adjust U2P3 for RTL8153 (bsc#1119749). - r8152: avoid rx queue more than 1000 packets (bsc#1119749). - r8152: check if disabling ALDPS is finished (bsc#1119749). - r8152: correct the definition (bsc#1119749). - r8152: disable RX aggregation on Dell TB16 dock (bsc#1119749). - r8152: disable RX aggregation on new Dell TB16 dock (bsc#1119749). - r8152: fix wrong checksum status for received IPv4 packets (bsc#1119749). - r8152: move calling delay_autosuspend function (bsc#1119749). - r8152: move the default coalesce setting for RTL8153 (bsc#1119749). - r8152: move the initialization to reset_resume function (bsc#1119749). - r8152: move the setting of rx aggregation (bsc#1119749). - r8152: replace napi_complete with napi_complete_done (bsc#1119749). - r8152: set rx mode early when linking on (bsc#1119749). - r8152: split rtl8152_resume function (bsc#1119749). - r8152: support new chip 8050 (bsc#1119749). - r8152: support RTL8153B (bsc#1119749). - rbd: whitelist RBD_FEATURE_OPERATIONS feature bit (Git-fixes). - rcu: Allow for page faults in NMI handlers (bsc#1120092). - rdma/bnxt_re: Add missing spin lock initialization (bsc#1050244 ). - rdma/bnxt_re: Avoid accessing the device structure after it is freed (bsc#1050244). - rdma/bnxt_re: Avoid NULL check after accessing the pointer (bsc#1086283). - rdma/bnxt_re: Fix system hang when registration with L2 driver fails (bsc#1086283). - rdma/hns: Bugfix pbl configuration for rereg mr (bsc#1104427 ). - rdma_rxe: make rxe work over 802.1q VLAN devices (bsc#1082387). - reset: remove remaining WARN_ON() in <linux/reset.h> (Git-fixes). - Revert commit ef9209b642f 'staging: rtl8723bs: Fix indenting errors and an off-by-one mistake in core/rtw_mlme_ext.c' (bsc#1051510). - Revert 'iommu/io-pgtable-arm: Check for v7s-incapable systems' (bsc#1106105). - Revert 'PCI/ASPM: Do not initialize link state when aspm_disabled is set' (bsc#1051510). - Revert 'scsi: lpfc: ls_rjt erroneus FLOGIs' (bsc#1119322). - ring-buffer: Allow for rescheduling when removing pages (bsc#1120238). - ring-buffer: Do no reuse reader page if still in use (bsc#1120096). - ring-buffer: Mask out the info bits when returning buffer page length (bsc#1120094). - rtc: hctosys: Add missing range error reporting (bsc#1051510). - rtc: m41t80: Correct alarm month range with RTC reads (bsc#1051510). - rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write (bsc#1051510). - rtc: snvs: Add timeouts to avoid kernel lockups (bsc#1051510). - rtl8xxxu: Fix missing break in switch (bsc#1051510). - s390/dasd: simplify locking in dasd_times_out (bsc#1104967,). - s390/kdump: Fix elfcorehdr size calculation (bsc#1117953, LTC#171112). - s390/kdump: Make elfcorehdr size calculation ABI compliant (bsc#1117953, LTC#171112). - s390/qeth: fix length check in SNMP processing (bsc#1117953, LTC#173657). - s390/qeth: remove outdated portname debug msg (bsc#1117953, LTC#172960). - s390/qeth: sanitize strings in debug messages (bsc#1117953, LTC#172960). - sbitmap: fix race in wait batch accounting (Git-fixes). - sched/core: Fix cpu.max vs. cpuhotplug deadlock (bsc#1106913). - sched/smt: Expose sched_smt_present static key (bsc#1106913). - sched/smt: Make sched_smt_present track topology (bsc#1106913). - sched, tracing: Fix trace_sched_pi_setprio() for deboosting (bsc#1120228). - scsi: lpfc: Cap NPIV vports to 256 (bsc#1118215). - scsi: lpfc: Correct code setting non existent bits in sli4 ABORT WQE (bsc#1118215). - scsi: lpfc: Correct topology type reporting on G7 adapters (bsc#1118215). - scsi: lpfc: Defer LS_ACC to FLOGI on point to point logins (bsc#1118215). - scsi: lpfc: Enable Management features for IF_TYPE=6 (bsc#1119322). - scsi: lpfc: Fix a duplicate 0711 log message number (bsc#1118215). - scsi: lpfc: fix block guard enablement on SLI3 adapters (bsc#1079935). - scsi: lpfc: Fix dif and first burst use in write commands (bsc#1118215). - scsi: lpfc: Fix discovery failures during port failovers with lots of vports (bsc#1118215). - scsi: lpfc: Fix driver release of fw-logging buffers (bsc#1118215). - scsi: lpfc: Fix kernel Oops due to null pring pointers (bsc#1118215). - scsi: lpfc: Fix panic when FW-log buffsize is not initialized (bsc#1118215). - scsi: lpfc: ls_rjt erroneus FLOGIs (bsc#1118215). - scsi: lpfc: refactor mailbox structure context fields (bsc#1118215). - scsi: lpfc: rport port swap discovery issue (bsc#1118215). - scsi: lpfc: update driver version to 12.0.0.9 (bsc#1118215). - scsi: lpfc: update manufacturer attribute to reflect Broadcom (bsc#1118215). - scsi: target: add emulate_pr backstore attr to toggle PR support (bsc#1091405). - scsi: target: drop unused pi_prot_format attribute storage (bsc#1091405). - scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bsc#1121483, LTC#174588). - shmem: introduce shmem_inode_acct_block (VM Functionality, bsc#1121599). - shmem: shmem_charge: verify max_block is not exceeded before inode update (VM Functionality, bsc#1121599). - skd: Avoid that module unloading triggers a use-after-free (Git-fixes). - skd: Submit requests to firmware before triggering the doorbell (Git-fixes). - soc: bcm2835: sync firmware properties with downstream () - spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode (bsc#1051510). - spi: bcm2835: Fix book-keeping of DMA termination (bsc#1051510). - spi: bcm2835: Fix race on DMA termination (bsc#1051510). - spi: bcm2835: Unbreak the build of esoteric configs (bsc#1051510). - splice: do not read more than available pipe space (bsc#1119212). - staging: bcm2835-camera: Abort probe if there is no camera (bsc#1051510). - staging: rtl8712: Fix possible buffer overrun (bsc#1051510). - staging: rtl8723bs: Add missing return for cfg80211_rtw_get_station (bsc#1051510). - staging: rts5208: fix gcc-8 logic error warning (bsc#1051510). - staging: wilc1000: fix missing read_write setting when reading data (bsc#1051510). - supported.conf: add raspberrypi-ts driver - supported.conf: whitelist bluefield eMMC driver - target/iscsi: avoid NULL dereference in CHAP auth error path (bsc#1117165). - target: se_dev_attrib.emulate_pr ABI stability (bsc#1091405). - team: no need to do team_notify_peers or team_mcast_rejoin when disabling port (bsc#1051510). - termios, tty/tty_baudrate.c: fix buffer overrun (bsc#1051510). - test_hexdump: use memcpy instead of strncpy (bsc#1051510). - tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset (bsc#1051510). - tools: hv: fcopy: set 'error' in case an unknown operation was requested (git-fixes). - Tools: hv: Fix a bug in the key delete code (git-fixes). - tools: hv: include string.h in hv_fcopy_daemon (git-fixes). - tools/lib/lockdep: Rename 'trywlock' into 'trywrlock' (bsc#1121973). - tools/power/cpupower: fix compilation with STATIC=true (git-fixes). - tools/power turbostat: fix possible sprintf buffer overflow (git-fixes). - tracing/blktrace: Fix to allow setting same value (Git-fixes). - tracing: Fix bad use of igrab in trace_uprobe.c (bsc#1120046). - tracing: Fix crash when freeing instances with event triggers (bsc#1120230). - tracing: Fix crash when it fails to alloc ring buffer (bsc#1120097). - tracing: Fix double free of event_trigger_data (bsc#1120234). - tracing: Fix missing return symbol in function_graph output (bsc#1120232). - tracing: Fix possible double free in event_enable_trigger_func() (bsc#1120235). - tracing: Fix possible double free on failure of allocating trace buffer (bsc#1120214). - tracing: Fix regex_match_front() to not over compare the test string (bsc#1120223). - tracing: Fix trace_pipe behavior for instance traces (bsc#1120088). - tracing: Remove RCU work arounds from stack tracer (bsc#1120092). - tracing/samples: Fix creation and deletion of simple_thread_fn creation (git-fixes). - tty: Do not hold ldisc lock in tty_reopen() if ldisc present (bsc#1051510). - tty: Do not return -EAGAIN in blocking read (bsc#1116040). - tty: do not set TTY_IO_ERROR flag if console port (bsc#1051510). - tty: serial: 8250_mtk: always resume the device in probe (bsc#1051510). - ubifs: Handle re-linking of inodes correctly while recovery (bsc#1120598). - ubifs-Handle-re-linking-of-inodes-correctly-while-re.patch: Fixup compilation failure due to different ubifs_assert() prototype. - udf: Allow mounting volumes with incorrect identification strings (bsc#1118774). - unifdef: use memcpy instead of strncpy (bsc#1051510). - usb: appledisplay: Add 27' Apple Cinema Display (bsc#1051510). - usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series (bsc#1051510). - usb: dwc2: host: use hrtimer for NAK retries (git-fixes). - usb: hso: Fix OOB memory access in hso_probe/hso_get_config_data (bsc#1051510). - usbip: vhci_hcd: check rhport before using in vhci_hub_control() (bsc#1090888). - usb: omap_udc: fix crashes on probe error and module removal (bsc#1051510). - usb: omap_udc: fix omap_udc_start() on 15xx machines (bsc#1051510). - usb: omap_udc: fix USB gadget functionality on Palm Tungsten E (bsc#1051510). - usb: omap_udc: use devm_request_irq() (bsc#1051510). - usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device (bsc#1051510). - usb: serial: option: add Fibocom NL668 series (bsc#1051510). - usb: serial: option: add GosunCn ZTE WeLink ME3630 (bsc#1051510). - usb: serial: option: add HP lt4132 (bsc#1051510). - usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) (bsc#1051510). - usb: serial: option: add Telit LN940 series (bsc#1051510). - usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() (bsc#1106110). - usb: usb-storage: Add new IDs to ums-realtek (bsc#1051510). - usb: xhci: fix uninitialized completion when USB3 port got wrong status (bsc#1051510). - usb: xhci: Prevent bus suspend if a port connect change or polling state is detected (bsc#1051510). - userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails (bsc#1118761). - userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (bsc#1118809). - v9fs_dir_readdir: fix double-free on p9stat_read error (bsc#1118771). - vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505). - watchdog/core: Add missing prototypes for weak functions (git-fixes). - wireless: airo: potential buffer overflow in sprintf() (bsc#1051510). - wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()' (bsc#1051510). - x86/bugs: Add AMD's SPEC_CTRL MSR usage (bsc#1106913). - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bsc#1106913). - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features (bsc#1106913). - x86/decoder: Fix and update the opcodes map (bsc#1058115). - x86/kabi: Fix cpu_tlbstate issue (bsc#1106913). - x86/l1tf: Show actual SMT state (bsc#1106913). - x86/mm: Fix decoy address handling vs 32-bit builds (bsc#1120606). - x86/pci: Add additional VMD device root ports to VMD AER quirk (bsc#1120058). - x86/pci: Add 'pci=big_root_window' option for AMD 64-bit windows (bsc#1120058). - x86/pci: Apply VMD's AERSID fixup generically (bsc#1120058). - x86/pci: Avoid AMD SB7xx EHCI USB wakeup defect (bsc#1120058). - x86/pci: Enable a 64bit BAR on AMD Family 15h (Models 00-1f, 30-3f, 60-7f) (bsc#1120058). - x86/pci: Enable AMD 64-bit window on resume (bsc#1120058). - x86/pci: Fix infinite loop in search for 64bit BAR placement (bsc#1120058). - x86/pci: Move and shrink AMD 64-bit window to avoid conflict (bsc#1120058). - x86/pci: Move VMD quirk to x86 fixups (bsc#1120058). - x86/pci: Only enable a 64bit BAR on single-socket AMD Family 15h (bsc#1120058). - x86/pci: Use is_vmd() rather than relying on the domain number (bsc#1120058). - x86/process: Consolidate and simplify switch_to_xtra() code (bsc#1106913). - x86/pti: Document fix wrong index (git-fixes). - x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support (bsc#1106913). - x86/retpoline: Remove minimal retpoline support (bsc#1106913). - x86/speculataion: Mark command line parser data __initdata (bsc#1106913). - x86/speculation: Add command line control for indirect branch speculation (bsc#1106913). - x86/speculation: Add prctl() control for indirect branch speculation (bsc#1106913). - x86/speculation: Add seccomp Spectre v2 user space protection mode (bsc#1106913). - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak (bsc#1106913). - x86/speculation: Avoid __switch_to_xtra() calls (bsc#1106913). - x86/speculation: Clean up spectre_v2_parse_cmdline() (bsc#1106913). - x86/speculation: Disable STIBP when enhanced IBRS is in use (bsc#1106913). - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1106913). - x86/speculation: Enable prctl mode for spectre_v2_user (bsc#1106913). - x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off (bnc#1114871). - x86/speculation: Mark string arrays const correctly (bsc#1106913). - x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (bsc#1106913). - x86/speculation: Prepare arch_smt_update() for PRCTL mode (bsc#1106913). - x86/speculation: Prepare for conditional IBPB in switch_mm() (bsc#1106913). - x86/speculation: Prepare for per task indirect branch speculation control (bsc#1106913). - x86/speculation: Prevent stale SPEC_CTRL msr content (bsc#1106913). - x86/speculation: Propagate information about RSB filling mitigation to sysfs (bsc#1106913). - x86/speculation: Provide IBPB always command line options (bsc#1106913). - x86/speculation: Remove unnecessary ret variable in cpu_show_common() (bsc#1106913). - x86/speculation: Rename SSBD update functions (bsc#1106913). - x86/speculation: Reorder the spec_v2 code (bsc#1106913). - x86/speculation: Reorganize speculation control MSRs update (bsc#1106913). - x86/speculation: Rework SMT state change (bsc#1106913). - x86/speculation: Split out TIF update (bsc#1106913). - x86/speculation: Unify conditional spectre v2 print functions (bsc#1106913). - x86/speculation: Update the TIF_SSBD comment (bsc#1106913). - xen/netfront: tolerate frags with no data (bnc#1119804). - xfs: Align compat attrlist_by_handle with native implementation (git-fixes). - xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621). - xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat (git-fixes). - xfs: xfs_buf: drop useless LIST_HEAD (git-fixes). - xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc (bsc#1117162). - xhci: Do not prevent USB2 bus suspend in state check intended for USB3 only (bsc#1051510). - xhci: Prevent U1/U2 link pm states if exit latency is too long (bsc#1051510). Important SUSE bug 1024718 SUSE bug 1046299 SUSE bug 1050242 SUSE bug 1050244 SUSE bug 1051510 SUSE bug 1055121 SUSE bug 1055186 SUSE bug 1058115 SUSE bug 1060463 SUSE bug 1065729 SUSE bug 1078248 SUSE bug 1079935 SUSE bug 1082387 SUSE bug 1083647 SUSE bug 1086282 SUSE bug 1086283 SUSE bug 1086423 SUSE bug 1087084 SUSE bug 1087978 SUSE bug 1088386 SUSE bug 1090888 SUSE bug 1091405 SUSE bug 1094244 SUSE bug 1097593 SUSE bug 1102875 SUSE bug 1102877 SUSE bug 1102879 SUSE bug 1102882 SUSE bug 1102896 SUSE bug 1103257 SUSE bug 1104353 SUSE bug 1104427 SUSE bug 1104967 SUSE bug 1105168 SUSE bug 1106105 SUSE bug 1106110 SUSE bug 1106615 SUSE bug 1106913 SUSE bug 1108270 SUSE bug 1109272 SUSE bug 1110558 SUSE bug 1111188 SUSE bug 1111469 SUSE bug 1111696 SUSE bug 1111795 SUSE bug 1112128 SUSE bug 1113722 SUSE bug 1114648 SUSE bug 1114871 SUSE bug 1116040 SUSE bug 1116336 SUSE bug 1116803 SUSE bug 1116841 SUSE bug 1117115 SUSE bug 1117162 SUSE bug 1117165 SUSE bug 1117186 SUSE bug 1117561 SUSE bug 1117656 SUSE bug 1117953 SUSE bug 1118215 SUSE bug 1118319 SUSE bug 1118428 SUSE bug 1118484 SUSE bug 1118505 SUSE bug 1118752 SUSE bug 1118760 SUSE bug 1118761 SUSE bug 1118762 SUSE bug 1118766 SUSE bug 1118767 SUSE bug 1118768 SUSE bug 1118769 SUSE bug 1118771 SUSE bug 1118772 SUSE bug 1118773 SUSE bug 1118774 SUSE bug 1118775 SUSE bug 1118787 SUSE bug 1118788 SUSE bug 1118798 SUSE bug 1118809 SUSE bug 1118962 SUSE bug 1119017 SUSE bug 1119086 SUSE bug 1119212 SUSE bug 1119322 SUSE bug 1119410 SUSE bug 1119714 SUSE bug 1119749 SUSE bug 1119804 SUSE bug 1119946 SUSE bug 1119962 SUSE bug 1119968 SUSE bug 1120036 SUSE bug 1120046 SUSE bug 1120053 SUSE bug 1120054 SUSE bug 1120055 SUSE bug 1120058 SUSE bug 1120088 SUSE bug 1120092 SUSE bug 1120094 SUSE bug 1120096 SUSE bug 1120097 SUSE bug 1120173 SUSE bug 1120214 SUSE bug 1120223 SUSE bug 1120228 SUSE bug 1120230 SUSE bug 1120232 SUSE bug 1120234 SUSE bug 1120235 SUSE bug 1120238 SUSE bug 1120594 SUSE bug 1120598 SUSE bug 1120600 SUSE bug 1120601 SUSE bug 1120602 SUSE bug 1120603 SUSE bug 1120604 SUSE bug 1120606 SUSE bug 1120612 SUSE bug 1120613 SUSE bug 1120614 SUSE bug 1120615 SUSE bug 1120616 SUSE bug 1120617 SUSE bug 1120618 SUSE bug 1120620 SUSE bug 1120621 SUSE bug 1120632 SUSE bug 1120633 SUSE bug 1120743 SUSE bug 1120954 SUSE bug 1121017 SUSE bug 1121058 SUSE bug 1121263 SUSE bug 1121273 SUSE bug 1121477 SUSE bug 1121483 SUSE bug 1121599 SUSE bug 1121621 SUSE bug 1121714 SUSE bug 1121715 SUSE bug 1121973 CVE-2018-12232 CVE-2018-14625 CVE-2018-16862 CVE-2018-16884 CVE-2018-18397 CVE-2018-19407 CVE-2018-19854 CVE-2018-19985 CVE-2018-20169 CVE-2018-9568 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for openexr fixes the following issues: Security issue fixed: - CVE-2017-9111: Fixed an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h (bsc#1040109). - CVE-2017-9113: Fixed an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp (bsc#1040113). - CVE-2017-9115: Fixed an invalid write of size 2 in the = operator function inhalf.h (bsc#1040115). - CVE-2018-18444: Fixed Out-of-bounds write in makeMultiView.cpp (bsc#1113455). - CVE-2017-9112: Fixed invalid read of size 1 in the getBits function in ImfHuf.cpp (bsc#1040112). Moderate SUSE bug 1040109 SUSE bug 1040112 SUSE bug 1040113 SUSE bug 1040115 SUSE bug 1113455 CVE-2017-9111 CVE-2017-9112 CVE-2017-9113 CVE-2017-9115 CVE-2018-18444 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libsolv, libzypp and zypper fixes the following issues: libsolv was updated to version 0.6.36 fixes the following issues: Security issues fixed: - CVE-2018-20532: Fixed a NULL pointer dereference in testcase_read() (bsc#1120629). - CVE-2018-20533: Fixed a NULL pointer dereference in testcase_str2dep_complex() (bsc#1120630). - CVE-2018-20534: Fixed a NULL pointer dereference in pool_whatprovides() (bsc#1120631). Non-security issues fixed: - Made cleandeps jobs on patterns work (bsc#1137977). - Fixed an issue multiversion packages that obsolete their own name (bsc#1127155). - Keep consistent package name if there are multiple alternatives (bsc#1131823). libzypp received following fixes: - Fixes a bug where locking the kernel was not possible (bsc#1113296) zypper received following fixes: - Fixes a bug where the wrong exit code was set when refreshing repos if --root was used (bsc#1134226) - Improved the displaying of locks (bsc#1112911) - Fixes an issue where `https` repository urls caused an error prompt to appear twice (bsc#1110542) - zypper will now always warn when no repositories are defined (bsc#1109893) Moderate SUSE bug 1109893 SUSE bug 1110542 SUSE bug 1111319 SUSE bug 1112911 SUSE bug 1113296 SUSE bug 1120629 SUSE bug 1120630 SUSE bug 1120631 SUSE bug 1127155 SUSE bug 1131823 SUSE bug 1134226 SUSE bug 1137977 CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libraw fixes the following issues: Security issues fixed: - CVE-2018-5808: Fixed a stack-based buffer overflow and code execution vulnerability in find_green() function internal/dcraw_common.cpp (bsc#1118894). - CVE-2018-5805: Fixed a boundary error within the quicktake_100_load_raw function (bsc#1097973) - CVE-2018-5806: Fixed a a NULL pointer dereference in the leaf_hdr_load_raw function (bsc#1097974) Moderate SUSE bug 1097973 SUSE bug 1097974 SUSE bug 1118894 CVE-2018-5805 CVE-2018-5806 CVE-2018-5808 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5436: Fixed a heap buffer overflow in tftp_receive_packet() (bsc#1135170). Important SUSE bug 1135170 CVE-2019-5436 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for ImageMagick fixes the following issues: - CVE-2019-13301: Fixed a memory leak in AcquireMagickMemory() (bsc#1140554). - CVE-2019-13310: Fixed a memory leak at AcquireMagickMemory because of an error in MagickWand/mogrify.c (bsc#1140501). - CVE-2019-13311: Fixed a memory leak at AcquireMagickMemory because of a wand/mogrify.c error (bsc#1140513). - CVE-2019-13454: Fixed a division by zero in RemoveDuplicateLayers in MagickCore/layer.c (bsc#1141171). - CVE-2019-13295: Fixed a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage (bsc#1140664). - CVE-2019-13297: Fixed a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage (bsc#1140666). - CVE-2019-12979: Fixed the use of uninitialized values in SyncImageSettings() (bsc#1139886). - CVE-2019-13391: Fixed a heap-based buffer over-read in MagickCore/fourier.c (bsc#1140673). - CVE-2019-13308: Fixed a heap-based buffer overflow in MagickCore/fourier.c (bsc#1140534). - CVE-2019-13300: Fixed a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages (bsc#1140669). - CVE-2019-13307: Fixed a heap-based buffer overflow at MagickCore/statistic.c (bsc#1140538). - CVE-2019-12975: Fixed a memory leak in the WriteDPXImage() in coders/dpx.c (bsc#1140106). - CVE-2019-13135: Fixed the use of uninitialized values in ReadCUTImage() (bsc#1140103). - CVE-2019-12978: Fixed the use of uninitialized values in ReadPANGOImage() (bsc#1139885). - CVE-2019-12974: Fixed a NULL pointer dereference in the ReadPANGOImage() (bsc#1140111). - CVE-2019-13133: Fixed a memory leak in the ReadBMPImage() (bsc#1140100). - CVE-2019-13134: Fixed a memory leak in the ReadVIFFImage() (bsc#1140102). - CVE-2019-12976: Fixed a memory leak in the ReadPCLImage() in coders/pcl.c(bsc#1140110). Moderate SUSE bug 1139885 SUSE bug 1139886 SUSE bug 1140100 SUSE bug 1140102 SUSE bug 1140103 SUSE bug 1140106 SUSE bug 1140110 SUSE bug 1140111 SUSE bug 1140501 SUSE bug 1140513 SUSE bug 1140534 SUSE bug 1140538 SUSE bug 1140554 SUSE bug 1140664 SUSE bug 1140666 SUSE bug 1140669 SUSE bug 1140673 SUSE bug 1141171 CVE-2019-12974 CVE-2019-12975 CVE-2019-12976 CVE-2019-12978 CVE-2019-12979 CVE-2019-13133 CVE-2019-13134 CVE-2019-13135 CVE-2019-13295 CVE-2019-13297 CVE-2019-13300 CVE-2019-13301 CVE-2019-13307 CVE-2019-13308 CVE-2019-13310 CVE-2019-13311 CVE-2019-13391 CVE-2019-13454 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for bzip2 fixes the following issues: - Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors (bsc#1139083). Important SUSE bug 1139083 CVE-2019-12900 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for openexr fixes the following issues: - CVE-2017-14988: Fixed a denial of service in Header::readfrom() (bsc#1061305). Moderate SUSE bug 1061305 CVE-2017-14988 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for subversion fixes the following issues: Security issues fixed: - CVE-2018-11782: Fixed a remote denial of service in svnserve 'get-deleted-rev' (bsc#1142743). - CVE-2019-0203: Fixed a remote, unauthenticated denial of service in svnserve (bsc#1142721). Non-security issues fixed: - Add instructions for running svnserve as a user different from 'svn', and remove sysconfig variables that are no longer effective with the systemd unit. bsc#1049448 Important SUSE bug 1049448 SUSE bug 1142721 SUSE bug 1142743 CVE-2018-11782 CVE-2019-0203 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for polkit fixes the following issues: Security issue fixed: - CVE-2019-6133: Fixed improper caching of auth decisions, which could bypass uid checking in the interactive backend (bsc#1121826). Important SUSE bug 1121826 CVE-2019-6133 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for python3 fixes the following issues: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). - CVE-2018-14647: Fixed a denial of service vulnerability caused by a crafted XML document (bsc#1109847). - CVE-2018-1000802: Fixed a command injection in the shutil module (bsc#1109663). Important SUSE bug 1109663 SUSE bug 1109847 SUSE bug 1138459 CVE-2018-1000802 CVE-2018-14647 CVE-2019-10160 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 The SUSE Linux Enterprise 12 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-20855: An issue was discovered in the Linux kernel In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace(bsc#1143045). - CVE-2019-1125: Exclude ATOMs from speculation through SWAPGS (bsc#1139358). - CVE-2019-14283: In the Linux kernel, set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It could be triggered by an unprivileged local user when a floppy disk was inserted. NOTE: QEMU creates the floppy device by default. (bnc#1143191) - CVE-2019-11810: An issue was discovered in the Linux kernel A NULL pointer dereference could occur when megasas_create_frame_pool() failed in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This caused a Denial of Service, related to a use-after-free (bnc#1134399). - CVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory was disabled, a local user could cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sent a crafted signal frame. (bnc#1142254) - CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel, a malicious USB device could send an HID report that triggered an out-of-bounds write during generation of debugging messages. (bnc#1142023) The following non-security bugs were fixed: - Correct the CVE and bug reference for a floppy security fix (CVE-2019-14284,bsc#1143189) A dedicated CVE was already assigned - acpi/nfit: Always dump _DSM output payload (bsc#1142351). - Add back sibling paca poiter to paca (bsc#1055117). - Add support for crct10dif-vpmsum (). - af_unix: remove redundant lockdep class (git-fixes). - alsa: compress: Be more restrictive about when a drain is allowed (bsc#1051510). - alsa: compress: Do not allow paritial drain operations on capture streams (bsc#1051510). - alsa: compress: Fix regression on compressed capture streams (bsc#1051510). - alsa: compress: Prevent bypasses of set_params (bsc#1051510). - alsa: hda - Add a conexant codec entry to let mute led work (bsc#1051510). - alsa: hda/realtek: apply ALC891 headset fixup to one Dell machine (bsc#1051510). - alsa: hda/realtek - Fixed Headphone Mic can't record on Dell platform (bsc#1051510). - alsa: hda/realtek - Headphone Mic can't record after S3 (bsc#1051510). - alsa: line6: Fix a typo (bsc#1051510). - alsa: line6: Fix wrong altsetting for LINE6_PODHD500_1 (bsc#1051510). - alsa: seq: Break too long mutex context in the write loop (bsc#1051510). - alsa: usb-audio: Add quirk for Focusrite Scarlett Solo (bsc#1051510). - alsa: usb-audio: Add quirk for MOTU MicroBook II (bsc#1051510). - alsa: usb-audio: Cleanup DSD whitelist (bsc#1051510). - alsa: usb-audio: Enable .product_name override for Emagic, Unitor 8 (bsc#1051510). - alsa: usb-audio: Sanity checks for each pipe and EP types (bsc#1051510). - asoc : cs4265 : readable register too low (bsc#1051510). - asoc: max98090: remove 24-bit format support if RJ is 0 (bsc#1051510). - asoc: soc-pcm: BE dai needs prepare when pause release after resume (bsc#1051510). - ath6kl: add some bounds checking (bsc#1051510). - batman-adv: fix for leaked TVLV handler (bsc#1051510). - bcache: acquire bch_register_lock later in cached_dev_detach_finish() (bsc#1140652). - bcache: acquire bch_register_lock later in cached_dev_free() (bsc#1140652). - bcache: add code comments for journal_read_bucket() (bsc#1140652). - bcache: Add comments for blkdev_put() in registration code path (bsc#1140652). - bcache: add comments for closure_fn to be called in closure_queue() (bsc#1140652). - bcache: add comments for kobj release callback routine (bsc#1140652). - bcache: add comments for mutex_lock(&b->write_lock) (bsc#1140652). - bcache: add error check for calling register_bdev() (bsc#1140652). - bcache: add failure check to run_cache_set() for journal replay (bsc#1140652). - bcache: add io error counting in write_bdev_super_endio() (bsc#1140652). - bcache: add more error message in bch_cached_dev_attach() (bsc#1140652). - bcache: add pendings_cleanup to stop pending bcache device (bsc#1140652). - bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652). - bcache: add return value check to bch_cached_dev_run() (bsc#1140652). - bcache: avoid a deadlock in bcache_reboot() (bsc#1140652). - bcache: avoid clang -Wunintialized warning (bsc#1140652). - bcache: avoid flushing btree node in cache_set_flush() if io disabled (bsc#1140652). - bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE bit in bch_journal() (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE in allocator code (bsc#1140652). - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush() (bsc#1140652). - bcache: Clean up bch_get_congested() (bsc#1140652). - bcache: destroy dc->writeback_write_wq if failed to create dc->writeback_thread (bsc#1140652). - bcache: do not assign in if condition in bcache_device_init() (bsc#1140652). - bcache: do not set max writeback rate if gc is running (bsc#1140652). - bcache: fix a race between cache register and cacheset unregister (bsc#1140652). - bcache: fix crashes stopping bcache device before read miss done (bsc#1140652). - bcache: fix failure in journal relplay (bsc#1140652). - bcache: fix inaccurate result of unused buckets (bsc#1140652). - bcache: fix mistaken sysfs entry for io_error counter (bsc#1140652). - bcache: fix potential deadlock in cached_def_free() (bsc#1140652). - bcache: fix race in btree_flush_write() (bsc#1140652). - bcache: fix return value error in bch_journal_read() (bsc#1140652). - bcache: fix stack corruption by PRECEDING_KEY() (bsc#1140652). - bcache: fix wrong usage use-after-freed on keylist in out_nocoalesce branch of btree_gc_coalesce (bsc#1140652). - bcache: ignore read-ahead request failure on backing device (bsc#1140652). - bcache: improve bcache_reboot() (bsc#1140652). - bcache: improve error message in bch_cached_dev_run() (bsc#1140652). - bcache: make bset_search_tree() be more understandable (bsc#1140652). - bcache: make is_discard_enabled() static (bsc#1140652). - bcache: more detailed error message to bcache_device_link() (bsc#1140652). - bcache: move definition of 'int ret' out of macro read_bucket() (bsc#1140652). - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() (bsc#1140652). - bcache: only clear BTREE_NODE_dirty bit when it is set (bsc#1140652). - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1140652). - bcache: performance improvement for btree_flush_write() (bsc#1140652). - bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652). - bcache: remove retry_flush_write from struct cache_set (bsc#1140652). - bcache: remove unncessary code in bch_btree_keys_init() (bsc#1140652). - bcache: remove unnecessary prefetch() in bset_search_tree() (bsc#1140652). - bcache: remove 'XXX:' comment line from run_cache_set() (bsc#1140652). - bcache: return error immediately in bch_journal_replay() (bsc#1140652). - bcache: Revert 'bcache: fix high CPU occupancy during journal' (bsc#1140652). - bcache: Revert 'bcache: free heap cache_set->flush_btree in bch_journal_free' (bsc#1140652). - bcache: set largest seq to ja->seq[bucket_index] in journal_read_bucket() (bsc#1140652). - bcache: shrink btree node cache after bch_btree_check() (bsc#1140652). - bcache: stop writeback kthread and kworker when bch_cached_dev_run() failed (bsc#1140652). - bcache: use sysfs_match_string() instead of __sysfs_match_string() (bsc#1140652). - be2net: Fix number of Rx queues used for flow hashing (networking-stable-19_06_18). - be2net: Signal that the device cannot transmit during reconfiguration (bsc#1127315). - be2net: Synchronize be_update_queues with dev_watchdog (bsc#1127315). - block, bfq: NULL out the bic when it's no longer valid (bsc#1142359). - bnx2x: Prevent load reordering in tx completion processing (bsc#1142868). - bnxt_en: Fix aggregation buffer leak under OOM condition (networking-stable-19_05_31). - bonding: fix arp_validate toggling in active-backup mode (networking-stable-19_05_14). - bonding: Force slave speed check after link state recovery for 802.3ad (bsc#1137584). - bpf, x64: fix stack layout of JITed bpf code (bsc#1083647). - bpf, x64: save 5 bytes in prologue when ebpf insns came from cbpf (bsc#1083647). - bridge: Fix error path for kobject_init_and_add() (networking-stable-19_05_14). - btrfs: fix race between block group removal and block group allocation (bsc#1143003). - cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() (bsc#1141478). - clk: qcom: Fix -Wunused-const-variable (bsc#1051510). - clk: rockchip: Do not yell about bad mmc phases when getting (bsc#1051510). - clk: tegra210: fix PLLU and PLLU_OUT1 (bsc#1051510). - cpufreq: acpi-cpufreq: Report if CPU does not support boost technologies (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix initial command check (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency (bsc#1051510). - cpufreq: check if policy is inactive early in __cpufreq_get() (bsc#1051510). - cpufreq: kirkwood: fix possible object reference leak (bsc#1051510). - cpufreq/pasemi: fix possible object reference leak (bsc#1051510). - cpufreq: pmac32: fix possible object reference leak (bsc#1051510). - cpufreq: ppc_cbe: fix possible object reference leak (bsc#1051510). - cpufreq: Use struct kobj_attribute instead of struct global_attr (bsc#1051510). - crypto: arm64/sha1-ce - correct digest for empty data in finup (bsc#1051510). - crypto: arm64/sha2-ce - correct digest for empty data in finup (bsc#1051510). - crypto: ccp - Fix 3DES complaint from ccp-crypto module (bsc#1051510). - crypto: ccp - fix AES CFB error exposed by new test vectors (bsc#1051510). - crypto: ccp - Fix SEV_VERSION_GREATER_OR_EQUAL (bsc#1051510). - crypto: ccp/gcm - use const time tag comparison (bsc#1051510). - crypto: ccp - memset structure fields to zero before reuse (bsc#1051510). - crypto: ccp - Validate the the error value used to index error messages (bsc#1051510). - crypto: chacha20poly1305 - fix atomic sleep when using async algorithm (bsc#1051510). - crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe (bsc#1051510). - crypto: ghash - fix unaligned memory access in ghash_setkey() (bsc#1051510). - crypto: talitos - Align SEC1 accesses to 32 bits boundaries (bsc#1051510). - crypto: talitos - check data blocksize in ablkcipher (bsc#1051510). - crypto: talitos - fix CTR alg blocksize (bsc#1051510). - crypto: talitos - fix max key size for sha384 and sha512 (bsc#1051510). - crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking (bsc#1051510). - crypto: talitos - properly handle split ICV (bsc#1051510). - crypto: talitos - reduce max key size for SEC1 (bsc#1051510). - crypto: talitos - rename alternative AEAD algos (bsc#1051510). - dasd_fba: Display '00000000' for zero page when dumping sense (bsc#1123080). - dmaengine: hsu: Revert 'set HSU_CH_MTSR to memory width' (bsc#1051510). - dpaa_eth: fix SG frame cleanup (networking-stable-19_05_14). - drm/meson: Add support for XBGR8888 & ABGR8888 formats (bsc#1051510). - drm/msm/a3xx: remove TPL1 regs from snapshot (bsc#1051510). - drm/nouveau/i2c: Enable i2c pads & busses during preinit (bsc#1051510). - drm/rockchip: Properly adjust to a true clock in adjusted_mode (bsc#1051510). - e1000e: start network tx queue only when link is up (bsc#1051510). - ethtool: check the return value of get_regs_len (git-fixes). - ethtool: fix potential userspace buffer overflow (networking-stable-19_06_09). - Fix kABI for asus-wmi quirk_entry field addition (bsc#1051510). - Fix memory leak in sctp_process_init (networking-stable-19_06_09). - fork, memcg: fix cached_stacks case (bsc#1134097). - fork, memcg: fix crash in free_thread_stack on memcg charge fail (bsc#1134097). - hid: wacom: correct touch resolution x/y typo (bsc#1051510). - hid: wacom: generic: Correct pad syncing (bsc#1051510). - hid: wacom: generic: only switch the mode on devices with LEDs (bsc#1051510). - hid: wacom: generic: read HID_DG_CONTACTMAX from any feature report (bsc#1051510). - input: elantech - enable middle button support on 2 ThinkPads (bsc#1051510). - input: imx_keypad - make sure keyboard can always wake up system (bsc#1051510). - input: psmouse - fix build error of multiple definition (bsc#1051510). - input: synaptics - enable SMBUS on T480 thinkpad trackpad (bsc#1051510). - input: tm2-touchkey - acknowledge that setting brightness is a blocking call (bsc#1129770). - intel_th: msu: Fix single mode with disabled IOMMU (bsc#1051510). - ipv4: Fix raw socket lookup for local traffic (networking-stable-19_05_14). - ipv4/igmp: fix another memory leak in igmpv3_del_delrec() (networking-stable-19_05_31). - ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST (networking-stable-19_05_31). - ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop (git-fixes). - ipv6: Consider sk_bound_dev_if when binding a raw socket to an address (networking-stable-19_05_31). - ipv6: fix EFAULT on sendto with icmpv6 and hdrincl (networking-stable-19_06_09). - ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero (networking-stable-19_06_18). - ipv6: use READ_ONCE() for inet->hdrincl as in ipv4 (networking-stable-19_06_09). - kbuild: use -flive-patching when CONFIG_LIVEPATCH is enabled (bsc#1071995). - kernel: jump label transformation performance (bsc#1137534 bsc#1137535 LTC#178058 LTC#178059). - kvm: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots (bsc#1133021). - kvm: arm/arm64: vgic-its: Take the srcu lock when writing to guest memory (bsc#1133021). - kvm: fix Guest installation fails by 'Invalid value '0-31' for 'cpuset.cpus': Invalid argument' (bsc#1143507) - kvm: mmu: Fix overflow on kvm mmu page limit calculation (bsc#1135335). - kvm/mmu: kABI fix for *_mmu_pages changes in struct kvm_arch (bsc#1135335). - kvm: polling: add architecture backend to disable polling (bsc#1119222). - kvm: s390: change default halt poll time to 50us (bsc#1119222). - kvm: s390: enable CONFIG_HAVE_KVM_NO_POLL (bsc#1119222) We need to enable CONFIG_HAVE_KVM_NO_POLL for bsc#1119222 - kvm: s390: fix typo in parameter description (bsc#1119222). - kvm: s390: kABI Workaround for 'kvm_vcpu_stat' Add halt_no_poll_steal to kvm_vcpu_stat. Hide it from the kABI checker. - kvm: s390: kABI Workaround for 'lowcore' (bsc#1119222). - kvm: s390: provide kvm_arch_no_poll function (bsc#1119222). - kvm: svm/avic: Do not send AVIC doorbell to self (bsc#1140133). - kvm: SVM: Fix detection of AMD Errata 1096 (bsc#1142354). - lapb: fixed leak of control-blocks (networking-stable-19_06_18). - lib: fix stall in __bitmap_parselist() (bsc#1051510). - libnvdimm/namespace: Fix label tracking error (bsc#1142350). - lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE (bsc#1051510). - livepatch: Remove duplicate warning about missing reliable stacktrace support (bsc#1071995). - livepatch: Use static buffer for debugging messages under rq lock (bsc#1071995). - llc: fix skb leak in llc_build_and_send_ui_pkt() (networking-stable-19_05_31). - media: cpia2_usb: first wake up, then free in disconnect (bsc#1135642). - media: marvell-ccic: fix DMA s/g desc number calculation (bsc#1051510). - media: s5p-mfc: Make additional clocks optional (bsc#1051510). - media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom() (bsc#1051510). - media: vivid: fix incorrect assignment operation when setting video mode (bsc#1051510). - mei: bus: need to unlink client before freeing (bsc#1051510). - mei: me: add denverton innovation engine device IDs (bsc#1051510). - mei: me: add gemini lake devices id (bsc#1051510). - memory: tegra: Fix integer overflow on tick value calculation (bsc#1051510). - memstick: Fix error cleanup path of memstick_init (bsc#1051510). - mfd: intel-lpss: Release IDA resources (bsc#1051510). - mmc: sdhci-pci: Try 'cd' for card-detect lookup before using NULL (bsc#1051510). - mm: migrate: Fix reference check race between __find_get_block() and migration (bnc#1137609). - mm/nvdimm: add is_ioremap_addr and use that to check ioremap address (bsc#1140322 LTC#176270). - mm, page_alloc: fix has_unmovable_pages for HugePages (bsc#1127034). - mm: replace all open encodings for NUMA_NO_NODE (bsc#1140322 LTC#176270). - neigh: fix use-after-free read in pneigh_get_next (networking-stable-19_06_18). - net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142112 bsc#1142221 LTC#179334 LTC#179332). - net: avoid weird emergency message (networking-stable-19_05_21). - net: fec: fix the clk mismatch in failed_reset path (networking-stable-19_05_31). - netfilter: conntrack: fix calculation of next bucket number in early_drop (git-fixes). - net-gro: fix use-after-free read in napi_gro_frags() (networking-stable-19_05_31). - net/mlx4_core: Change the error print to info print (networking-stable-19_05_21). - net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_06_09). - net/mlx5: Allocate root ns memory using kzalloc to match kfree (networking-stable-19_05_31). - net/mlx5: Avoid double free in fs init error unwinding path (networking-stable-19_05_31). - net: mvneta: Fix err code path of probe (networking-stable-19_05_31). - net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value (networking-stable-19_05_31). - net: openvswitch: do not free vport if register_netdevice() is failed (networking-stable-19_06_18). - net/packet: fix memory leak in packet_set_ring() (git-fixes). - net: rds: fix memory leak in rds_ib_flush_mr_pool (networking-stable-19_06_09). - net: seeq: fix crash caused by not set dev.parent (networking-stable-19_05_14). - net: stmmac: fix reset gpio free missing (networking-stable-19_05_31). - net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions (networking-stable-19_05_21). - nvme: fix memory leak caused by incorrect subsystem free (bsc#1143185). - ocfs2: add first lock wait time in locking_state (bsc#1134390). - ocfs2: add last unlock times in locking_state (bsc#1134390). - ocfs2: add locking filter debugfs file (bsc#1134390). - packet: Fix error path in packet_init (networking-stable-19_05_14). - packet: in recvmsg msg_name return at least sizeof sockaddr_ll (git-fixes). - pci: Always allow probing with driver_override (bsc#1051510). - pci: hv: Add hv_pci_remove_slots() when we unload the driver (bsc#1142701). - pci: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary (bsc#1142701). - pci: hv: Fix a memory leak in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix a use-after-free bug in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix return value check in hv_pci_assign_slots() (bsc#1142701). - pci: hv: Remove unused reason for refcount handler (bsc#1142701). - pci: hv: support reporting serial number as slot information (bsc#1142701). - pci: Return error if cannot probe VF (bsc#1051510). - pkey: Indicate old mkvp only if old and current mkvp are different (bsc#1137827 LTC#178090). - pktgen: do not sleep with the thread lock held (git-fixes). - platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ (bsc#1051510). - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510). - platform/x86: intel_turbo_max_3: Remove restriction for HWP platforms (jsc#SLE-5439). - platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to critclk_systems DMI table (bsc#1051510). - powerpc/64s: Remove POWER9 DD1 support (bsc#1055117, LTC#159753, git-fixes). - powerpc/crypto: Use cheaper random numbers for crc-vpmsum self-test (). - powerpc/mm: Change function prototype (bsc#1055117). - powerpc/mm: Consolidate numa_enable check and min_common_depth check (bsc#1140322 LTC#176270). - powerpc/mm/drconf: Use NUMA_NO_NODE on failures instead of node 0 (bsc#1140322 LTC#176270). - powerpc/mm: Fix node look up with numa=off boot (bsc#1140322 LTC#176270). - powerpc/mm/hugetlb: Update huge_ptep_set_access_flags to call __ptep_set_access_flags directly (bsc#1055117). - powerpc/mm/radix: Change pte relax sequence to handle nest MMU hang (bsc#1055117). - powerpc/mm/radix: Move function from radix.h to pgtable-radix.c (bsc#1055117). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945 bsc#1141401 bsc#1141402 bsc#1141452 bsc#1141453 bsc#1141454 LTC#178983 LTC#179191 LTC#179192 LTC#179193 LTC#179194 LTC#179195). - ppp: deflate: Fix possible crash in deflate_init (networking-stable-19_05_21). - rds: ib: fix 'passing zero to ERR_PTR()' warning (git-fixes). - Revert 'bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error()' (bsc#1140652). - Revert 'e1000e: fix cyclic resets at link up with active tx' (bsc#1051510). - Revert 'livepatch: Remove reliable stacktrace check in klp_try_switch_task()' (bsc#1071995). - Revert 'serial: 8250: Do not service RX FIFO if interrupts are disabled' (bsc#1051510). - rtnetlink: always put IFLA_LINK for links with a link-netnsid (networking-stable-19_05_21). - s390/qeth: be drop monitor friendly (bsc#1142220 LTC#179335). - s390/vtime: steal time exponential moving average (bsc#1119222). - scripts/git_sort/git_sort.py: Add mmots tree. - scsi: ibmvfc: fix WARN_ON during event pool release (bsc#1137458 LTC#178093). - sctp: Free cookie before we memdup a new one (networking-stable-19_06_18). - sctp: silence warns on sctp_stream_init allocations (bsc#1083710). - serial: uartps: Do not add a trailing semicolon to macro (bsc#1051510). - serial: uartps: Fix long line over 80 chars (bsc#1051510). - serial: uartps: Fix multiple line dereference (bsc#1051510). - serial: uartps: Remove useless return from cdns_uart_poll_put_char (bsc#1051510). - staging: comedi: amplc_pci230: fix null pointer deref on interrupt (bsc#1051510). - staging: comedi: dt282x: fix a null pointer deref on interrupt (bsc#1051510). - staging: rtl8712: reduce stack usage, again (bsc#1051510). - sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg (networking-stable-19_06_18). - tcp: reduce tcp_fastretrans_alert() verbosity (git-fixes). - team: Always enable vlan tx offload (bsc#1051510). - tty: rocket: fix incorrect forward declaration of 'rp_init()' (bsc#1051510). - tty: serial_core: Set port active bit in uart_port_activate (bsc#1051510). - tty: serial: cpm_uart - fix init when SMC is relocated (bsc#1051510). - tuntap: synchronize through tfiles array instead of tun->numqueues (networking-stable-19_05_14). - usb: gadget: ether: Fix race between gether_disconnect and rx_submit (bsc#1051510). - usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i] (bsc#1051510). - usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC (bsc#1051510). - usb: pci-quirks: Correct AMD PLL quirk detection (bsc#1051510). - usb: serial: ftdi_sio: add ID for isodebug v1 (bsc#1051510). - usb: serial: option: add support for GosunCn ME3630 RNDIS mode (bsc#1051510). - vmci: Fix integer overflow in VMCI handle arrays (bsc#1051510). - vsock/virtio: free packets during the socket release (networking-stable-19_05_21). - vsock/virtio: set SOCK_DONE on peer shutdown (networking-stable-19_06_18). - wil6210: fix potential out-of-bounds read (bsc#1051510). - x86, mm: fix fast GUP with hyper-based TLB flushing (VM Functionality, bsc#1140903). - xen: let alloc_xenballooned_pages() fail if not enough memory free (bsc#1142450 XSA-300). - xfs: do not overflow xattr listent buffer (bsc#1143105). Important SUSE bug 1051510 SUSE bug 1055117 SUSE bug 1071995 SUSE bug 1083647 SUSE bug 1083710 SUSE bug 1102247 SUSE bug 1111666 SUSE bug 1119222 SUSE bug 1123080 SUSE bug 1127034 SUSE bug 1127315 SUSE bug 1129770 SUSE bug 1130972 SUSE bug 1133021 SUSE bug 1134097 SUSE bug 1134390 SUSE bug 1134399 SUSE bug 1135335 SUSE bug 1135642 SUSE bug 1136896 SUSE bug 1137458 SUSE bug 1137534 SUSE bug 1137535 SUSE bug 1137584 SUSE bug 1137609 SUSE bug 1137811 SUSE bug 1137827 SUSE bug 1139358 SUSE bug 1140133 SUSE bug 1140139 SUSE bug 1140322 SUSE bug 1140652 SUSE bug 1140887 SUSE bug 1140888 SUSE bug 1140889 SUSE bug 1140891 SUSE bug 1140893 SUSE bug 1140903 SUSE bug 1140945 SUSE bug 1140954 SUSE bug 1140955 SUSE bug 1140956 SUSE bug 1140957 SUSE bug 1140958 SUSE bug 1140959 SUSE bug 1140960 SUSE bug 1140961 SUSE bug 1140962 SUSE bug 1140964 SUSE bug 1140971 SUSE bug 1140972 SUSE bug 1140992 SUSE bug 1141401 SUSE bug 1141402 SUSE bug 1141452 SUSE bug 1141453 SUSE bug 1141454 SUSE bug 1141478 SUSE bug 1142023 SUSE bug 1142112 SUSE bug 1142220 SUSE bug 1142221 SUSE bug 1142254 SUSE bug 1142350 SUSE bug 1142351 SUSE bug 1142354 SUSE bug 1142359 SUSE bug 1142450 SUSE bug 1142701 SUSE bug 1142868 SUSE bug 1143003 SUSE bug 1143045 SUSE bug 1143105 SUSE bug 1143185 SUSE bug 1143189 SUSE bug 1143191 SUSE bug 1143507 CVE-2018-20855 CVE-2019-1125 CVE-2019-11810 CVE-2019-13631 CVE-2019-13648 CVE-2019-14283 CVE-2019-14284 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for evince fixes the following issues: Security issues fixed: - CVE-2019-11459: Fixed an improper error handling in which could have led to use of uninitialized use of memory (bsc#1133037). - CVE-2019-1010006: Fixed a buffer overflow in backend/tiff/tiff-document.c (bsc#1141619). Important SUSE bug 1133037 SUSE bug 1141619 CVE-2019-1010006 CVE-2019-11459 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for python fixes the following issues: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853). Important SUSE bug 1138459 SUSE bug 1141853 CVE-2018-20852 CVE-2019-10160 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for wireshark to version 2.4.16 fixes the following issues: Security issue fixed: - CVE-2019-13619: ASN.1 BER and related dissectors crash (bsc#1141980). Moderate SUSE bug 1141980 CVE-2019-13619 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for mariadb-100 to version 10.0.38 fixes the following issues: - CVE-2019-2537: Fixed a denial of service vulnerability which can lead to MySQL compromise (bsc#1136037). - CVE-2019-2529: Fixed a denial of service vulnerability by an privileged attacker via a protocol compromise (bsc#1136037). Important SUSE bug 1136037 CVE-2019-2529 CVE-2019-2537 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for fontforge fixes the following security issues: fontforge was updated to 20170731, fixings lots of bugs and security issues. - CVE-2017-11568: Heap-based buffer over-read in PSCharStringToSplines (bsc#1050161) - CVE-2017-11569: Heap-based buffer over-read in readttfcopyrights (bsc#1050181) - CVE-2017-11571: Stack-based buffer overflow in addnibble (bsc#1050185) - CVE-2017-11572: Heap-based buffer over-read in readcfftopdicts (bsc#1050187) - CVE-2017-11573: Over-read in ValidatePostScriptFontName (bsc#1050193) - CVE-2017-11574: Heap-based buffer overflow in readcffset (bsc#1050194) - CVE-2017-11575: Buffer over-read in strnmatch (bsc#1050195) - CVE-2017-11576: Ensure a positive size in a weight vector memcpycall in readcfftopdict (bsc#1050196) - CVE-2017-11577: Buffer over-read in getsid (bsc#1050200) Moderate SUSE bug 1050161 SUSE bug 1050181 SUSE bug 1050185 SUSE bug 1050187 SUSE bug 1050193 SUSE bug 1050194 SUSE bug 1050195 SUSE bug 1050196 SUSE bug 1050200 CVE-2017-11568 CVE-2017-11569 CVE-2017-11571 CVE-2017-11572 CVE-2017-11573 CVE-2017-11574 CVE-2017-11575 CVE-2017-11576 CVE-2017-11577 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for php7 fixes the following issues: Security issues fixed: - CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm() (bsc#1140118). - CVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail() (bsc#1146360). - CVE-2019-11042: Fixed heap buffer over-read in exif_process_user_comment() (bsc#1145095). Important SUSE bug 1140118 SUSE bug 1145095 SUSE bug 1146360 CVE-2019-11038 CVE-2019-11041 CVE-2019-11042 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for NetworkManager fixes the following issues: Security issue fixed: - Fixed that passwords are not echoed on terminal when asking for them (bsc#990204). Low SUSE bug 990204 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for pacemaker fixes the following issues: Security issues fixed: - CVE-2018-16877: Fixed insufficient local IPC client-server authentication on the client's side. (bsc#1131356) - CVE-2018-16878: Fixed insufficient verification inflicted preference of uncontrolled processes (bsc#1131353) Other issues fixed: - stonith_admin --help: specify the usage of --cleanup (bsc#1135317) - scheduler: wait for probe actions to complete to prevent unnecessary restart/re-promote of dependent resources (bsc#1130122, bsc#1032511) - controller: confirm cancel of failed monitors (bsc#1133866) - controller: improve failed recurring action messages (bsc#1133866) - controller: directly acknowledge unrecordable operation results (bsc#1133866) - controller: be more tolerant of malformed executor events (bsc#1133866) - libcrmcommon: return error when applying XML diffs containing unknown operations (bsc#1127716) - libcrmcommon: avoid possible use-of-NULL when applying XML diffs (bsc#1127716) - libcrmcommon: correctly apply XML diffs with multiple move/create changes (bsc#1127716) - libcrmcommon: return proper code if testing pid is denied (bsc#1131353, bsc#1131356) - libcrmcommon: avoid use-of-NULL when checking whether process is active (bsc#1131353, bsc#1131356) - tools: run main loop for crm_resource clean-up with resource (bsc#1140519) - contoller,scheduler: guard hash table deletes (bsc#1136712) Important SUSE bug 1032511 SUSE bug 1127716 SUSE bug 1130122 SUSE bug 1131353 SUSE bug 1131356 SUSE bug 1133866 SUSE bug 1135317 SUSE bug 1136712 SUSE bug 1140519 CVE-2018-16877 CVE-2018-16878 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner (bsc#1145092). Important SUSE bug 1145092 CVE-2019-10208 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for php72 fixes the following issues: Security issues fixed: - CVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail() (bsc#1146360). - CVE-2019-11042: Fixed heap buffer over-read in exif_process_user_comment() (bsc#1145095). Important SUSE bug 1145095 SUSE bug 1146360 CVE-2019-11041 CVE-2019-11042 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for apache2 fixes the following issues: Security issues fixed: - CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1145575). - CVE-2019-10081: Fixed mod_http2 that is vulnerable to memory corruption on early pushes (bsc#1145742). - CVE-2019-10082: Fixed mod_http2 that is vulnerable to read-after-free in h2 connection shutdown (bsc#1145741). - CVE-2019-10092: Fixed limited cross-site scripting in mod_proxy (bsc#1145740). - CVE-2019-10098: Fixed mod_rewrite configuration vulnerablility to open redirect (bsc#1145738). Important SUSE bug 1145575 SUSE bug 1145738 SUSE bug 1145740 SUSE bug 1145741 SUSE bug 1145742 CVE-2019-10081 CVE-2019-10082 CVE-2019-10092 CVE-2019-10098 CVE-2019-9517 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for java-1_7_1-ibm fixes the following issues: Update to Java 7.1 Service Refresh 4 Fix Pack 50. Security issues fixed: - CVE-2019-11771: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-11775: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-4473: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-7317: Fixed issue inside Component AWT (libpng)(bsc#1141780). - CVE-2019-2769: Fixed issue inside Component Utilities (bsc#1141783). - CVE-2019-2762: Fixed issue inside Component Utilities (bsc#1141782). - CVE-2019-2816: Fixed issue inside Component Networking (bsc#1141785). - CVE-2019-2766: Fixed issue inside Component Networking (bsc#1141789). Important SUSE bug 1141780 SUSE bug 1141782 SUSE bug 1141783 SUSE bug 1141785 SUSE bug 1141789 SUSE bug 1147021 CVE-2019-11771 CVE-2019-11775 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2816 CVE-2019-4473 CVE-2019-7317 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for webkit2gtk3 fixes the following issues: Updated to version 2.24.4 (bsc#1148931). Security issues fixed: - CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8669, CVE-2019-8678, CVE-2019-8680, CVE-2019-8683, CVE-2019-8684, CVE-2019-8688, CVE-2019-8595, CVE-2019-8607, CVE-2019-8615, CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690 Non-security issues fixed: - Improved loading of multimedia streams to avoid memory exhaustion due to excessive caching. - Updated the user agent string to make happy certain websites which would claim that the browser being used was unsupported. Important SUSE bug 1135715 SUSE bug 1148931 CVE-2019-8595 CVE-2019-8607 CVE-2019-8615 CVE-2019-8644 CVE-2019-8649 CVE-2019-8658 CVE-2019-8666 CVE-2019-8669 CVE-2019-8671 CVE-2019-8672 CVE-2019-8673 CVE-2019-8676 CVE-2019-8677 CVE-2019-8678 CVE-2019-8679 CVE-2019-8680 CVE-2019-8681 CVE-2019-8683 CVE-2019-8684 CVE-2019-8686 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for ghostscript fixes the following issues: Security issue fixed: - CVE-2019-10216: Fix privilege escalation via specially crafted PostScript file (bsc#1144621). Moderate SUSE bug 1144621 CVE-2019-10216 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for ceph to version 12.2.12-594-g02236657ca fixes the following issues: Security issues fixed: - CVE-2018-16889: Fixed missing sanitation of customer encryption keys from log output in v4 auth. (bsc#1121567) Moderate SUSE bug 1121567 SUSE bug 1149961 CVE-2018-16889 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 5 Fix Pack 40. Security issues fixed: - CVE-2019-11771: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-11772: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-11775: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-4473: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-7317: Fixed issue inside Component AWT (libpng)(bsc#1141780). - CVE-2019-2769: Fixed issue inside Component Utilities (bsc#1141783). - CVE-2019-2762: Fixed issue inside Component Utilities (bsc#1141782). - CVE-2019-2816: Fixed issue inside Component Networking (bsc#1141785). - CVE-2019-2766: Fixed issue inside Component Networking (bsc#1141789). - CVE-2019-2786: Fixed issue inside Component Security (bsc#1141787). Important SUSE bug 1122292 SUSE bug 1122299 SUSE bug 1141780 SUSE bug 1141782 SUSE bug 1141783 SUSE bug 1141785 SUSE bug 1141787 SUSE bug 1141789 SUSE bug 1147021 CVE-2018-11212 CVE-2019-11771 CVE-2019-11772 CVE-2019-11775 CVE-2019-2449 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-4473 CVE-2019-7317 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for curl fixes the following issues: Security issues fixed: - CVE-2019-5481: Fixed a double-free during kerberos FTP data transfer. (bsc#1149495) - CVE-2019-5482: Fixed a TFTP small block size heap buffer overflow (bsc#1149496). Important SUSE bug 1149495 SUSE bug 1149496 CVE-2019-5481 CVE-2019-5482 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for ibus fixes the following issues: Security issue fixed: - CVE-2019-14822: Fixed a misconfiguration of the DBus server that allowed an unprivileged user to monitor and send method calls to the ibus bus of another user. (bsc#1150011) Important SUSE bug 1150011 CVE-2019-14822 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2019-13565: Fixed ssf memory reuse that leads to incorrect authorization of another connection, granting excess connection rights (ssf) (bsc#1143194). - CVE-2019-13057: Fixed rootDN of a backend that may proxyauth incorrectly to another backend, violating multi-tenant isolation (bsc#1143273). Moderate SUSE bug 1143194 SUSE bug 1143273 CVE-2019-13057 CVE-2019-13565 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libgit2 fixes the following issues: Security issues fixed: - CVE-2018-19456: Fixed a code execution by malicious .gitmodules file (bsc#1110949) - various string-to-integer and buffer handling fixes (bsc#1114729). Important SUSE bug 1110949 SUSE bug 1114729 CVE-2018-19456 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libreoffice to version 6.2.7.1 fixes the following issues: Security issues fixed: - CVE-2019-9849: Disabled fetching remote bullet graphics in 'stealth mode' (bsc#1141861). - CVE-2019-9848: Fixed an arbitrary script execution via LibreLogo (bsc#1141862). - CVE-2019-9851: Fixed LibreLogo global-event script execution issue (bsc#1146105). - CVE-2019-9852: Fixed insufficient URL encoding flaw in allowed script location check (bsc#1146107). - CVE-2019-9850: Fixed insufficient URL validation that allowed LibreLogo script execution (bsc#1146098). - CVE-2019-9854: Fixed unsafe URL assembly flaw (bsc#1149944). - CVE-2019-9855: Fixed path equivalence handling flaw (bsc#1149943) Non-security issue fixed: - SmartArt: Basic rendering of Trapezoid List (bsc#1133534) Moderate SUSE bug 1133534 SUSE bug 1141861 SUSE bug 1141862 SUSE bug 1146098 SUSE bug 1146105 SUSE bug 1146107 SUSE bug 1149943 SUSE bug 1149944 CVE-2019-9848 CVE-2019-9849 CVE-2019-9850 CVE-2019-9851 CVE-2019-9852 CVE-2019-9854 CVE-2019-9855 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for spice fixes the following issues: Security issue fixed: - CVE-2019-3813: Fixed a out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). Important SUSE bug 1122706 CVE-2019-3813 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following new features were implemented: - jsc#SLE-4875: [CML] New device IDs for CML - jsc#SLE-7294: Add cpufreq driver for Raspberry Pi - fate#322438: Integrate P9 XIVE support (on PowerVM only) - fate#322447: Add memory protection keys (MPK) support on POWER (on PowerVM only) - fate#322448, fate#321438: P9 hardware counter (performance counters) support (on PowerVM only) - fate#325306, fate#321840: Reduce memory required to boot capture kernel while using fadump - fate#326869: perf: pmu mem_load/store event support The following security bugs were fixed: - CVE-2017-18551: There was an out of bounds write in the function i2c_smbus_xfer_emulated. (bsc#1146163). - CVE-2018-20976: A use after free existed, related to xfs_fs_fill_super failure. (bsc#1146285) - CVE-2018-21008: A use-after-free can be caused by the function rsi_mac80211_detach (bsc#1149591). - CVE-2019-9456: In Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could have lead to local escalation of privilege with System execution privileges needed. (bsc#1150025 CVE-2019-9456). - CVE-2019-10207: Fix a NULL pointer dereference in hci_uart bluetooth driver (bsc#1142857 bsc#1123959). - CVE-2019-14814, CVE-2019-14815, CVE-2019-14816: Fix three heap-based buffer overflows in marvell wifi chip driver kernel, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code. (bnc#1146516) - CVE-2019-14835: Fix QEMU-KVM Guest to Host Kernel Escape. (bsc#1150112). - CVE-2019-15030, CVE-2019-15031: On the powerpc platform, a local user could read vector registers of other users' processes via an interrupt. (bsc#1149713) - CVE-2019-15090: In the qedi_dbg_* family of functions, there was an out-of-bounds read. (bsc#1146399) - CVE-2019-15098: USB driver net/wireless/ath/ath6kl/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor. (bsc#1146378). - CVE-2019-15099: drivers/net/wireless/ath/ath10k/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor. (bsc#1146368) - CVE-2019-15117: parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel mishandled a short descriptor, leading to out-of-bounds memory access. (bsc#1145920). - CVE-2019-15118: check_input_term in sound/usb/mixer.c in the Linux kernel mishandled recursion, leading to kernel stack exhaustion. (bsc#1145922). - CVE-2019-15211: There was a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c did not properly allocate memory. (bsc#1146519). - CVE-2019-15212: There was a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver. (bsc#1051510 bsc#1146391). - CVE-2019-15214: There was a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. (bsc#1146550) - CVE-2019-15215: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver. (bsc#1135642 bsc#1146425) - CVE-2019-15216: Fix a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. (bsc#1146361). - CVE-2019-15217: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. (bsc#1146547). - CVE-2019-15218: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver. (bsc#1051510 bsc#1146413) - CVE-2019-15219: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. (bsc#1146524) - CVE-2019-15220: There was a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver. (bsc#1146526) - CVE-2019-15221, CVE-2019-15222: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver. (bsc#1146529, bsc#1146531) - CVE-2019-15239: An incorrect backport of a certain net/ipv4/tcp_output.c fix allowed a local attacker to trigger multiple use-after-free conditions. This could result in a kernel crash, or potentially in privilege escalation. (bsc#1146589) - CVE-2019-15290: There was a NULL pointer dereference caused by a malicious USB device in the ath6kl_usb_alloc_urb_from_pipe function (bsc#1146543). - CVE-2019-15292: There was a use-after-free in atalk_proc_exit (bsc#1146678) - CVE-2019-15538: XFS partially wedged when a chgrp failed on account of being out of disk quota. This was primarily a local DoS attack vector, but it could result as well in remote DoS if the XFS filesystem was exported for instance via NFS. (bsc#1148032, bsc#1148093) - CVE-2019-15666: There was an out-of-bounds array access in __xfrm_policy_unlink, which would cause denial of service, because verify_newpolicy_info mishandled directory validation. (bsc#1148394). - CVE-2019-15902: A backporting error reintroduced the Spectre vulnerability that it aimed to eliminate. (bnc#1149376) - CVE-2019-15917: There was a use-after-free issue when hci_uart_register_dev() failed in hci_uart_set_proto() (bsc#1149539) - CVE-2019-15919: SMB2_write in fs/cifs/smb2pdu.c had a use-after-free. (bsc#1149552) - CVE-2019-15920: SMB2_read in fs/cifs/smb2pdu.c had a use-after-free. (bsc#1149626) - CVE-2019-15921: There was a memory leak issue when idr_alloc() failed (bsc#1149602) - CVE-2019-15924: Fix a NULL pointer dereference because there was no -ENOMEM upon an alloc_workqueue failure. (bsc#1149612). - CVE-2019-15926: Out of bounds access existed in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx (bsc#1149527) - CVE-2019-15927: An out-of-bounds access existed in the function build_audio_procunit (bsc#1149522) The following non-security bugs were fixed: - 9p/rdma: do not disconnect on down_interruptible EAGAIN (bsc#1051510). - 9p/rdma: remove useless check in cm_event_handler (bsc#1051510). - 9p/virtio: Add cleanup path in p9_virtio_init (bsc#1051510). - 9p/xen: Add cleanup path in p9_trans_xen_init (bsc#1051510). - 9p/xen: fix check for xenbus_read error in front_probe (bsc#1051510). - 9p: acl: fix uninitialized iattr access (bsc#1051510). - 9p: p9dirent_read: check network-provided name length (bsc#1051510). - 9p: pass the correct prototype to read_cache_page (bsc#1051510). - acpi/arm64: ignore 5.1 FADTs that are reported as 5.0 (bsc#1051510). - acpi/iort: Fix off-by-one check in iort_dev_find_its_id() (bsc#1051510). - acpi: PM: Fix regression in acpi_device_set_power() (bsc#1051510). - acpi: fix false-positive -Wuninitialized warning (bsc#1051510). - acpica: Increase total number of possible Owner IDs (bsc#1148859). - acpica: Increase total number of possible Owner IDs (bsc#1148859). - add some missing definitions (bsc#1144333). - address lock imbalance warnings in smbdirect.c (bsc#1144333). - af_key: fix leaks in key_pol_get_resp and dump_sp (bsc#1051510). - af_packet: Block execution of tasks waiting for transmit to complete in AF_PACKET (networking-stable-19_07_02). - alsa: firewire: fix a memory leak bug (bsc#1051510). - alsa: hda - Add a generic reboot_notify (bsc#1051510). - alsa: hda - Apply workaround for another AMD chip 1022:1487 (bsc#1051510). - alsa: hda - Do not override global PCM hw info flag (bsc#1051510). - alsa: hda - Fix a memory leak bug (bsc#1051510). - alsa: hda - Fix potential endless loop at applying quirks (bsc#1051510). - alsa: hda - Let all conexant codec enter D3 when rebooting (bsc#1051510). - alsa: hda - Workaround for crackled sound on AMD controller (1022:1457) (bsc#1051510). - alsa: hda/realtek - Fix overridden device-specific initialization (bsc#1051510). - alsa: hda/realtek - Fix the problem of two front mics on a ThinkCentre (bsc#1051510). - alsa: hda: kabi workaround for generic parser flag (bsc#1051510). - alsa: hiface: fix multiple memory leak bugs (bsc#1051510). - alsa: line6: Fix memory leak at line6_init_pcm() error path (bsc#1051510). - alsa: pcm: fix lost wakeup event scenarios in snd_pcm_drain (bsc#1051510). - alsa: seq: Fix potential concurrent access to the deleted pool (bsc#1051510). - alsa: usb-audio: Fix gpf in snd_usb_pipe_sanity_check (bsc#1051510). - arm64: KVM: Fix architecturally invalid reset value for FPEXC32_EL2 (bsc#1133021). - arm: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling (bsc#1133021). - arm: KVM: report support for SMCCC_ARCH_WORKAROUND_1 (bsc#1133021). - asoc: Fail card instantiation if DAI format setup fails (bsc#1051510). - asoc: dapm: Fix handling of custom_stop_condition on DAPM graph walks (bsc#1051510). - ata: libahci: do not complain in case of deferred probe (bsc#1051510). - batman-adv: Only read OGM tvlv_len after buffer len check (bsc#1051510). - batman-adv: Only read OGM2 tvlv_len after buffer len check (bsc#1051510). - batman-adv: fix uninit-value in batadv_netlink_get_ifindex() (bsc#1051510). - bcache: fix possible memory leak in bch_cached_dev_run() (git fixes). - bio: fix improper use of smp_mb__before_atomic() (git fixes). - blk-mq: Fix spelling in a source code comment (git fixes). - blk-mq: backport fixes for blk_mq_complete_e_request_sync() (bsc#1145661). - blk-mq: introduce blk_mq_complete_request_sync() (bsc#1145661). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - block, documentation: Fix wbt_lat_usec documentation (git fixes). - bluetooth: 6lowpan: search for destination address in all peers (bsc#1051510). - bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug (bsc#1051510). - bluetooth: Check state in l2cap_disconnect_rsp (bsc#1051510). - bluetooth: btqca: Add a short delay before downloading the NVM (bsc#1051510). - bluetooth: hci_bcsp: Fix memory leak in rx_skb (bsc#1051510). - bluetooth: revert 'validate BLE connection interval updates' (bsc#1051510). - bluetooth: validate BLE connection interval updates (bsc#1051510). - bnx2x: Prevent ptp_task to be rescheduled indefinitely (networking-stable-19_07_25). - bonding/802.3ad: fix link_failure_count tracking (bsc#1137069 bsc#1141013). - bonding/802.3ad: fix slave link initialization transition states (bsc#1137069 bsc#1141013). - bonding: Always enable vlan tx offload (networking-stable-19_07_02). - bonding: set default miimon value for non-arp modes if not set (bsc#1137069 bsc#1141013). - bonding: speed/duplex update at NETDEV_UP event (bsc#1137069 bsc#1141013). - bonding: validate ip header before check IPPROTO_IGMP (networking-stable-19_07_25). - btrfs: Fix delalloc inodes invalidation during transaction abort (bsc#1050911). - btrfs: Split btrfs_del_delalloc_inode into 2 functions (bsc#1050911). - btrfs: add a helper to retrive extent inline ref type (bsc#1149325). - btrfs: add cleanup_ref_head_accounting helper (bsc#1050911). - btrfs: add missing inode version, ctime and mtime updates when punching hole (bsc#1140487). - btrfs: add one more sanity check for shared ref type (bsc#1149325). - btrfs: clean up pending block groups when transaction commit aborts (bsc#1050911). - btrfs: convert to use btrfs_get_extent_inline_ref_type (bsc#1149325). - btrfs: do not abort transaction at btrfs_update_root() after failure to COW path (bsc#1150933). - btrfs: fix assertion failure during fsync and use of stale transaction (bsc#1150562). - btrfs: fix data loss after inode eviction, renaming it, and fsync it (bsc#1145941). - btrfs: fix fsync not persisting dentry deletions due to inode evictions (bsc#1145942). - btrfs: fix incremental send failure after deduplication (bsc#1145940). - btrfs: fix pinned underflow after transaction aborted (bsc#1050911). - btrfs: fix race between send and deduplication that lead to failures and crashes (bsc#1145059). - btrfs: fix race leading to fs corruption after transaction abort (bsc#1145937). - btrfs: handle delayed ref head accounting cleanup in abort (bsc#1050911). - btrfs: prevent send failures and crashes due to concurrent relocation (bsc#1145059). - btrfs: remove BUG() in add_data_reference (bsc#1149325). - btrfs: remove BUG() in btrfs_extent_inline_ref_size (bsc#1149325). - btrfs: remove BUG() in print_extent_item (bsc#1149325). - btrfs: remove BUG_ON in __add_tree_block (bsc#1149325). - btrfs: scrub: add memalloc_nofs protection around init_ipath (bsc#1086103). - btrfs: start readahead also in seed devices (bsc#1144886). - btrfs: track running balance in a simpler way (bsc#1145059). - btrfs: use GFP_KERNEL in init_ipath (bsc#1086103). - caif-hsi: fix possible deadlock in cfhsi_exit_module() (networking-stable-19_07_25). - can: m_can: implement errata 'Needless activation of MRAF irq' (bsc#1051510). - can: mcp251x: add support for mcp25625 (bsc#1051510). - can: peak_usb: fix potential double kfree_skb() (bsc#1051510). - can: peak_usb: force the string buffer NULL-terminated (bsc#1051510). - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (bsc#1051510). - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices (bsc#1051510). - can: rcar_canfd: fix possible IRQ storm on high load (bsc#1051510). - can: sja1000: force the string buffer NULL-terminated (bsc#1051510). - carl9170: fix misuse of device driver API (bsc#1142635). - ceph: always get rstat from auth mds (bsc#1146346). - ceph: clean up ceph.dir.pin vxattr name sizeof() (bsc#1146346). - ceph: decode feature bits in session message (bsc#1146346). - ceph: do not blindly unregister session that is in opening state (bsc#1148133). - ceph: do not try fill file_lock on unsuccessful GETFILELOCK reply (bsc#1148133). - ceph: fix 'ceph.dir.rctime' vxattr value (bsc#1148133 bsc#1135219). - ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in fill_inode() (bsc#1148133). - ceph: fix improper use of smp_mb__before_atomic() (bsc#1148133). - ceph: fix iov_iter issues in ceph_direct_read_write() (bsc#1141450). - ceph: hold i_ceph_lock when removing caps for freeing inode (bsc#1148133). - ceph: remove request from waiting list before unregister (bsc#1148133). - ceph: silence a checker warning in mdsc_show() (bsc#1148133). - ceph: support cephfs' own feature bits (bsc#1146346). - ceph: support getting ceph.dir.pin vxattr (bsc#1146346). - ceph: support versioned reply (bsc#1146346). - ceph: use bit flags to define vxattr attributes (bsc#1146346). - cfg80211: revert 'fix processing world regdomain when non modular' (bsc#1051510). - cifs: Accept validate negotiate if server return NT_STATUS_NOT_SUPPORTED (bsc#1144333). - cifs: Add DFS cache routines (bsc#1144333). - cifs: Add direct I/O functions to file_operations (bsc#1144333). - cifs: Add minor debug message during negprot (bsc#1144333). - cifs: Add smb2_send_recv (bsc#1144333). - cifs: Add support for FSCTL passthrough that write data to the server (bsc#1144333). - cifs: Add support for direct I/O read (bsc#1144333). - cifs: Add support for direct I/O write (bsc#1144333). - cifs: Add support for direct pages in rdata (bsc#1144333). - cifs: Add support for direct pages in wdata (bsc#1144333). - cifs: Add support for failover in cifs_mount() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect_tcon() (bsc#1144333). - cifs: Add support for failover in smb2_reconnect() (bsc#1144333). - cifs: Add support for reading attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: Add support for writing attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: Adds information-level logging function (bsc#1144333). - cifs: Adjust MTU credits before reopening a file (bsc#1144333). - cifs: Allocate memory for all iovs in smb2_ioctl (bsc#1144333). - cifs: Allocate validate negotiation request through kmalloc (bsc#1144333). - cifs: Always reset read error to -EIO if no response (bsc#1144333). - cifs: Always resolve hostname before reconnecting (bsc#1051510, bsc#1144333). - cifs: Avoid returning EBUSY to upper layer VFS (bsc#1144333). - cifs: Calculate the correct request length based on page offset and tail size (bsc#1144333). - cifs: Call MID callback before destroying transport (bsc#1144333). - cifs: Change SMB2_open to return an iov for the error parameter (bsc#1144333). - cifs: Check for reconnects before sending async requests (bsc#1144333). - cifs: Check for reconnects before sending compound requests (bsc#1144333). - cifs: Check for timeout on Negotiate stage (bsc#1091171, bsc#1144333). - cifs: Count SMB3 credits for malformed pending responses (bsc#1144333). - cifs: Display SMB2 error codes in the hex format (bsc#1144333). - cifs: Do not assume one credit for async responses (bsc#1144333). - cifs: Do not consider -ENODATA as stat failure for reads (bsc#1144333). - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510, bsc#1144333). - cifs: Do not hide EINTR after sending network packets (bsc#1051510, bsc#1144333). - cifs: Do not log credits when unmounting a share (bsc#1144333). - cifs: Do not match port on SMBDirect transport (bsc#1144333). - cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510, bsc#1144333). - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510, bsc#1144333). - cifs: Do not reset lease state to NONE on lease break (bsc#1051510, bsc#1144333). - cifs: Do not set credits to 1 if the server didn't grant anything (bsc#1144333). - cifs: Do not skip SMB2 message IDs on send failures (bsc#1144333). - cifs: Find and reopen a file before get MTU credits in writepages (bsc#1144333). - cifs: Fix DFS cache refresher for DFS links (bsc#1144333). - cifs: Fix NULL pointer deref on SMB2_tcon() failure (bsc#1071009, bsc#1144333). - cifs: Fix NULL pointer dereference of devname (bnc#1129519). - cifs: Fix NULL ptr deref (bsc#1144333). - cifs: Fix a debug message (bsc#1144333). - cifs: Fix a race condition with cifs_echo_request (bsc#1144333). - cifs: Fix a tiny potential memory leak (bsc#1144333). - cifs: Fix adjustment of credits for MTU requests (bsc#1051510, bsc#1144333). - cifs: Fix an issue with re-sending rdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix an issue with re-sending wdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix autonegotiate security settings mismatch (bsc#1087092, bsc#1144333). - cifs: Fix check for matching with existing mount (bsc#1144333). - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510, bsc#1144333). - cifs: Fix credit calculations in compound mid callback (bsc#1144333). - cifs: Fix credit computation for compounded requests (bsc#1144333). - cifs: Fix credits calculation for cancelled requests (bsc#1144333). - cifs: Fix credits calculations for reads with errors (bsc#1051510, bsc#1144333). - cifs: Fix encryption/signing (bsc#1144333). - cifs: Fix error mapping for SMB2_LOCK command which caused OFD lock problem (bsc#1051510, bsc#1144333). - cifs: Fix error paths in writeback code (bsc#1144333). - cifs: Fix infinite loop when using hard mount option (bsc#1091171, bsc#1144333). - cifs: Fix invalid check in __cifs_calc_signature() (bsc#1144333). - cifs: Fix kernel oops when traceSMB is enabled (bsc#1144333). - cifs: Fix leaking locked VFS cache pages in writeback retry (bsc#1144333). - cifs: Fix lease buffer length error (bsc#1144333). - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510, bsc#1144333). - cifs: Fix missing put_xid in cifs_file_strict_mmap (bsc#1087092, bsc#1144333). - cifs: Fix module dependency (bsc#1144333). - cifs: Fix mounts if the client is low on credits (bsc#1144333). - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510, bsc#1144333). - cifs: Fix possible oops and memory leaks in async IO (bsc#1144333). - cifs: Fix potential OOB access of lock element array (bsc#1051510, bsc#1144333). - cifs: Fix read after write for files with read caching (bsc#1051510, bsc#1144333). - cifs: Fix separator when building path from dentry (bsc#1051510, bsc#1144333). - cifs: Fix signing for SMB2/3 (bsc#1144333). - cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting (bsc#1144333). - cifs: Fix slab-out-of-bounds when tracing SMB tcon (bsc#1144333). - cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1051510, bsc#1144333). - cifs: Fix to use kmem_cache_free() instead of kfree() (bsc#1144333). - cifs: Fix trace command logging for SMB2 reads and writes (bsc#1144333). - cifs: Fix use after free of a mid_q_entry (bsc#1112903, bsc#1144333). - cifs: Fix use-after-free in SMB2_read (bsc#1144333). - cifs: Fix use-after-free in SMB2_write (bsc#1144333). - cifs: Fix validation of signed data in smb2 (bsc#1144333). - cifs: Fix validation of signed data in smb3+ (bsc#1144333). - cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510, bsc#1144333). - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs) (bsc#1144333). - cifs: Introduce helper function to get page offset and length in smb_rqst (bsc#1144333). - cifs: Introduce offset for the 1st page in data transfer structures (bsc#1144333). - cifs: Limit memory used by lock request calls to a page (bsc#1144333). - cifs: Make devname param optional in cifs_compose_mount_options() (bsc#1144333). - cifs: Make sure all data pages are signed correctly (bsc#1144333). - cifs: Make use of DFS cache to get new DFS referrals (bsc#1144333). - cifs: Mask off signals when sending SMB packets (bsc#1144333). - cifs: Minor Kconfig clarification (bsc#1144333). - cifs: Move credit processing to mid callbacks for SMB3 (bsc#1144333). - cifs: Move open file handling to writepages (bsc#1144333). - cifs: Move unlocking pages from wdata_send_pages() (bsc#1144333). - cifs: OFD locks do not conflict with eachothers (bsc#1051510, bsc#1144333). - cifs: Only free DFS target list if we actually got one (bsc#1144333). - cifs: Only send SMB2_NEGOTIATE command on new TCP connections (bsc#1144333). - cifs: Pass page offset for calculating signature (bsc#1144333). - cifs: Pass page offset for encrypting (bsc#1144333). - cifs: Print message when attempting a mount (bsc#1144333). - cifs: Properly handle auto disabling of serverino option (bsc#1144333). - cifs: Reconnect expired SMB sessions (bnc#1060662). - cifs: Refactor out cifs_mount() (bsc#1144333). - cifs: Remove custom credit adjustments for SMB2 async IO (bsc#1144333). - cifs: Reopen file before get SMB2 MTU credits for async IO (bsc#1144333). - cifs: Respect SMB2 hdr preamble size in read responses (bsc#1144333). - cifs: Respect reconnect in MTU credits calculations (bsc#1144333). - cifs: Respect reconnect in non-MTU credits calculations (bsc#1144333). - cifs: Return -EAGAIN instead of -ENOTSOCK (bsc#1144333). - cifs: Return error code when getting file handle for writeback (bsc#1144333). - cifs: SMBD: Add SMB Direct debug counters (bsc#1144333). - cifs: SMBD: Add SMB Direct protocol initial values and constants (bsc#1144333). - cifs: SMBD: Add parameter rdata to smb2_new_read_req (bsc#1144333). - cifs: SMBD: Add rdma mount option (bsc#1144333). - cifs: SMBD: Disable signing on SMB direct transport (bsc#1144333). - cifs: SMBD: Do not call ib_dereg_mr on invalidated memory registration (bsc#1144333). - cifs: SMBD: Establish SMB Direct connection (bsc#1144333). - cifs: SMBD: Fix the definition for SMB2_CHANNEL_RDMA_V1_INVALIDATE (bsc#1144333). - cifs: SMBD: Implement RDMA memory registration (bsc#1144333). - cifs: SMBD: Implement function to create a SMB Direct connection (bsc#1144333). - cifs: SMBD: Implement function to destroy a SMB Direct connection (bsc#1144333). - cifs: SMBD: Implement function to receive data via RDMA receive (bsc#1144333). - cifs: SMBD: Implement function to reconnect to a SMB Direct transport (bsc#1144333). - cifs: SMBD: Implement function to send data via RDMA send (bsc#1144333). - cifs: SMBD: Read correct returned data length for RDMA write (SMB read) I/O (bsc#1144333). - cifs: SMBD: Set SMB Direct maximum read or write size for I/O (bsc#1144333). - cifs: SMBD: Support page offset in RDMA recv (bsc#1144333). - cifs: SMBD: Support page offset in RDMA send (bsc#1144333). - cifs: SMBD: Support page offset in memory registration (bsc#1144333). - cifs: SMBD: Upper layer connects to SMBDirect session (bsc#1144333). - cifs: SMBD: Upper layer destroys SMB Direct session on shutdown or umount (bsc#1144333). - cifs: SMBD: Upper layer performs SMB read via RDMA write through memory registration (bsc#1144333). - cifs: SMBD: Upper layer performs SMB write via RDMA read through memory registration (bsc#1144333). - cifs: SMBD: Upper layer receives data via RDMA receive (bsc#1144333). - cifs: SMBD: Upper layer reconnects to SMB Direct session (bsc#1144333). - cifs: SMBD: Upper layer sends data via RDMA send (bsc#1144333). - cifs: SMBD: _smbd_get_connection() can be static (bsc#1144333). - cifs: SMBD: export protocol initial values (bsc#1144333). - cifs: SMBD: fix spelling mistake: faield and legnth (bsc#1144333). - cifs: SMBD: work around gcc -Wmaybe-uninitialized warning (bsc#1144333). - cifs: Save TTL value when parsing DFS referrals (bsc#1144333). - cifs: Select all required crypto modules (bsc#1085536, bsc#1144333). - cifs: Set reconnect instance to one initially (bsc#1144333). - cifs: Show locallease in /proc/mounts for cifs shares mounted with locallease feature (bsc#1144333). - cifs: Silence uninitialized variable warning (bsc#1144333). - cifs: Skip any trailing backslashes from UNC (bsc#1144333). - cifs: Try to acquire credits at once for compound requests (bsc#1144333). - cifs: Use GFP_ATOMIC when a lock is held in cifs_mount() (bsc#1144333). - cifs: Use ULL suffix for 64-bit constant (bsc#1051510, bsc#1144333). - cifs: Use correct packet length in SMB2_TRANSFORM header (bsc#1144333). - cifs: Use kmemdup in SMB2_ioctl_init() (bsc#1144333). - cifs: Use kmemdup rather than duplicating its implementation in smb311_posix_mkdir() (bsc#1144333). - cifs: Use kzfree() to free password (bsc#1144333). - cifs: Use offset when reading pages (bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510, bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510, bsc#1144333). - cifs: When sending data on socket, pass the correct page offset (bsc#1144333). - cifs: a smb2_validate_and_copy_iov failure does not mean the handle is invalid (bsc#1144333). - cifs: add .splice_write (bsc#1144333). - cifs: add IOCTL for QUERY_INFO passthrough to userspace (bsc#1144333). - cifs: add ONCE flag for cifs_dbg type (bsc#1144333). - cifs: add SFM mapping for 0x01-0x1F (bsc#1144333). - cifs: add SMB2_close_init()/SMB2_close_free() (bsc#1144333). - cifs: add SMB2_ioctl_init/free helpers to be used with compounding (bsc#1144333). - cifs: add SMB2_query_info_[init|free]() (bsc#1144333). - cifs: add a new SMB2_close_flags function (bsc#1144333). - cifs: add a smb2_compound_op and change QUERY_INFO to use it (bsc#1144333). - cifs: add a timeout argument to wait_for_free_credits (bsc#1144333). - cifs: add a warning if we try to to dequeue a deleted mid (bsc#1144333). - cifs: add compound_send_recv() (bsc#1144333). - cifs: add credits from unmatched responses/messages (bsc#1144333). - cifs: add debug output to show nocase mount option (bsc#1144333). - cifs: add fiemap support (bsc#1144333). - cifs: add iface info to struct cifs_ses (bsc#1144333). - cifs: add lease tracking to the cached root fid (bsc#1144333). - cifs: add missing GCM module dependency (bsc#1144333). - cifs: add missing debug entries for kconfig options (bsc#1051510, bsc#1144333). - cifs: add missing support for ACLs in SMB 3.11 (bsc#1051510, bsc#1144333). - cifs: add pdu_size to the TCP_Server_Info structure (bsc#1144333). - cifs: add resp_buf_size to the mid_q_entry structure (bsc#1144333). - cifs: add server argument to the dump_detail method (bsc#1144333). - cifs: add server->vals->header_preamble_size (bsc#1144333). - cifs: add sha512 secmech (bsc#1051510, bsc#1144333). - cifs: add spinlock for the openFileList to cifsInodeInfo (bsc#1144333). - cifs: add support for SEEK_DATA and SEEK_HOLE (bsc#1144333). - cifs: add support for ioctl on directories (bsc#1144333). - cifs: address trivial coverity warning (bsc#1144333). - cifs: allow calling SMB2_xxx_free(NULL) (bsc#1144333). - cifs: allow disabling less secure legacy dialects (bsc#1144333). - cifs: allow guest mounts to work for smb3.11 (bsc#1051510, bsc#1144333). - cifs: always add credits back for unsolicited PDUs (bsc#1144333). - cifs: auto disable 'serverino' in dfs mounts (bsc#1144333). - cifs: avoid a kmalloc in smb2_send_recv/SendReceive2 for the common case (bsc#1144333). - cifs: cache FILE_ALL_INFO for the shared root handle (bsc#1144333). - cifs: change SMB2_OP_RENAME and SMB2_OP_HARDLINK to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_EOF to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_INFO to use compounding (bsc#1144333). - cifs: change mkdir to use a compound (bsc#1144333). - cifs: change smb2_get_data_area_len to take a smb2_sync_hdr as argument (bsc#1144333). - cifs: change smb2_query_eas to use the compound query-info helper (bsc#1144333). - cifs: change unlink to use a compound (bsc#1144333). - cifs: change validate_buf to validate_iov (bsc#1144333). - cifs: change wait_for_free_request() to take flags as argument (bsc#1144333). - cifs: check CIFS_MOUNT_NO_DFS when trying to reuse existing sb (bsc#1144333). - cifs: check MaxPathNameComponentLength != 0 before using it (bsc#1085536, bsc#1144333). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902, bsc#1144333). - cifs: check if SMB2 PDU size has been padded and suppress the warning (bsc#1144333). - cifs: check kmalloc before use (bsc#1051510, bsc#1144333). - cifs: check kzalloc return (bsc#1144333). - cifs: check ntwrk_buf_start for NULL before dereferencing it (bsc#1144333). - cifs: check rsp for NULL before dereferencing in SMB2_open (bsc#1085536, bsc#1144333). - cifs: cifs_read_allocate_pages: do not iterate through whole page array on ENOMEM (bsc#1144333). - cifs: clean up indentation, replace spaces with tab (bsc#1144333). - cifs: cleanup smb2ops.c and normalize strings (bsc#1144333). - cifs: complete PDU definitions for interface queries (bsc#1144333). - cifs: connect to servername instead of IP for IPC$ share (bsc#1051510, bsc#1144333). - cifs: create SMB2_open_init()/SMB2_open_free() helpers (bsc#1144333). - cifs: create a define for how many iovs we need for an SMB2_open() (bsc#1144333). - cifs: create a define for the max number of iov we need for a SMB2 set_info (bsc#1144333). - cifs: create a helper function for compound query_info (bsc#1144333). - cifs: create helpers for SMB2_set_info_init/free() (bsc#1144333). - cifs: do not allow creating sockets except with SMB1 posix exensions (bsc#1102097, bsc#1144333). - cifs: do not attempt cifs operation on smb2+ rename error (bsc#1144333). - cifs: do not dereference smb_file_target before null check (bsc#1051510, bsc#1144333). - cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510, bsc#1144333). - cifs: do not return atime less than mtime (bsc#1144333). - cifs: do not send invalid input buffer on QUERY_INFO requests (bsc#1144333). - cifs: do not show domain= in mount output when domain is empty (bsc#1144333). - cifs: do not use __constant_cpu_to_le32() (bsc#1144333). - cifs: document tcon/ses/server refcount dance (bsc#1144333). - cifs: dump IPC tcon in debug proc file (bsc#1071306, bsc#1144333). - cifs: dump every session iface info (bsc#1144333). - cifs: fallback to older infolevels on findfirst queryinfo retry (bsc#1144333). - cifs: fix GlobalMid_Lock bug in cifs_reconnect (bsc#1144333). - cifs: fix NULL deref in SMB2_read (bsc#1085539, bsc#1144333). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542, bsc#1144333). - cifs: fix SMB1 breakage (bsc#1144333). - cifs: fix a buffer leak in smb2_query_symlink (bsc#1144333). - cifs: fix a credits leak for compund commands (bsc#1144333). - cifs: fix bi-directional fsctl passthrough calls (bsc#1144333). - cifs: fix build break when CONFIG_CIFS_DEBUG2 enabled (bsc#1144333). - cifs: fix build errors for SMB_DIRECT (bsc#1144333). - cifs: fix circular locking dependency (bsc#1064701, bsc#1144333). - cifs: fix computation for MAX_SMB2_HDR_SIZE (bsc#1144333). - cifs: fix confusing warning message on reconnect (bsc#1144333). - cifs: fix crash in cifs_dfs_do_automount (bsc#1144333). - cifs: fix crash in smb2_compound_op()/smb2_set_next_command() (bsc#1144333). - cifs: fix crash querying symlinks stored as reparse-points (bsc#1144333). - cifs: fix credits leak for SMB1 oplock breaks (bsc#1144333). - cifs: fix deadlock in cached root handling (bsc#1144333). - cifs: fix encryption in SMB3.1.1 (bsc#1144333). - cifs: fix handle leak in smb2_query_symlink() (bsc#1144333). - cifs: fix incorrect handling of smb2_set_sparse() return in smb3_simple_falloc (bsc#1144333). - cifs: fix kref underflow in close_shroot() (bsc#1144333). - cifs: fix memory leak and remove dead code (bsc#1144333). - cifs: fix memory leak in SMB2_open() (bsc#1112894, bsc#1144333). - cifs: fix memory leak in SMB2_read (bsc#1144333). - cifs: fix memory leak of an allocated cifs_ntsd structure (bsc#1144333). - cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl case (bsc#1144333). - cifs: fix page reference leak with readv/writev (bsc#1144333). - cifs: fix panic in smb2_reconnect (bsc#1144333). - cifs: fix parsing of symbolic link error response (bsc#1144333). - cifs: fix return value for cifs_listxattr (bsc#1051510, bsc#1144333). - cifs: fix rmmod regression in cifs.ko caused by force_sig changes (bsc#1144333). - cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510, bsc#1144333). - cifs: fix signed/unsigned mismatch on aio_read patch (bsc#1144333). - cifs: fix smb3_zero_range for Azure (bsc#1144333). - cifs: fix smb3_zero_range so it can expand the file-size when required (bsc#1144333). - cifs: fix sparse warning on previous patch in a few printks (bsc#1144333). - cifs: fix spelling mistake, EACCESS -> EACCES (bsc#1144333). - cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() (bsc#1144333). - cifs: fix typo in cifs_dbg (bsc#1144333). - cifs: fix typo in debug message with struct field ia_valid (bsc#1144333). - cifs: fix uninitialized ptr deref in smb2 signing (bsc#1144333). - cifs: fix use-after-free of the lease keys (bsc#1144333). - cifs: fix wrapping bugs in num_entries() (bsc#1051510, bsc#1144333). - cifs: flush before set-info if we have writeable handles (bsc#1144333). - cifs: handle large EA requests more gracefully in smb2+ (bsc#1144333). - cifs: handle netapp error codes (bsc#1136261). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: implement v3.11 preauth integrity (bsc#1051510, bsc#1144333). - cifs: integer overflow in in SMB2_ioctl() (bsc#1051510, bsc#1144333). - cifs: invalidate cache when we truncate a file (bsc#1051510, bsc#1144333). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565, bsc#1144333). - cifs: limit amount of data we request for xattrs to CIFSMaxBufSize (bsc#1144333). - cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510, bsc#1144333). - cifs: make IPC a regular tcon (bsc#1071306, bsc#1144333). - cifs: make arrays static const, reduces object code size (bsc#1144333). - cifs: make minor clarifications to module params for cifs.ko (bsc#1144333). - cifs: make mknod() an smb_version_op (bsc#1144333). - cifs: make rmdir() use compounding (bsc#1144333). - cifs: make smb_send_rqst take an array of requests (bsc#1144333). - cifs: minor clarification in comments (bsc#1144333). - cifs: minor updates to module description for cifs.ko (bsc#1144333). - cifs: move default port definitions to cifsglob.h (bsc#1144333). - cifs: move large array from stack to heap (bsc#1144333). - cifs: only wake the thread for the very last PDU in a compound (bsc#1144333). - cifs: parse and store info on iface queries (bsc#1144333). - cifs: pass flags down into wait_for_free_credits() (bsc#1144333). - cifs: pass page offsets on SMB1 read/write (bsc#1144333). - cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510, bsc#1144333). - cifs: prevent starvation in wait_for_free_credits for multi-credit requests (bsc#1144333). - cifs: print CIFSMaxBufSize as part of /proc/fs/cifs/DebugData (bsc#1144333). - cifs: protect against server returning invalid file system block size (bsc#1144333). - cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: push rfc1002 generation down the stack (bsc#1144333). - cifs: read overflow in is_valid_oplock_break() (bsc#1144333). - cifs: refactor and clean up arguments in the reparse point parsing (bsc#1144333). - cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510, bsc#1144333). - cifs: release auth_key.response for reconnect (bsc#1085536, bsc#1144333). - cifs: release cifs root_cred after exit_cifs (bsc#1085536, bsc#1144333). - cifs: remove coverity warning in calc_lanman_hash (bsc#1144333). - cifs: remove header_preamble_size where it is always 0 (bsc#1144333). - cifs: remove redundant duplicated assignment of pointer 'node' (bsc#1144333). - cifs: remove rfc1002 hardcoded constants from cifs_discard_remaining_data() (bsc#1144333). - cifs: remove rfc1002 header from all SMB2 response structures (bsc#1144333). - cifs: remove rfc1002 header from smb2 read/write requests (bsc#1144333). - cifs: remove rfc1002 header from smb2_close_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_create_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_echo_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_flush_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_ioctl_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_lease_ack (bsc#1144333). - cifs: remove rfc1002 header from smb2_lock_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_logoff_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_negotiate_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_oplock_break we get from server (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_directory_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_sess_setup_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_set_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_connect_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_disconnect_req (bsc#1144333). - cifs: remove set but not used variable 'cifs_sb' (bsc#1144333). - cifs: remove set but not used variable 'sep' (bsc#1144333). - cifs: remove set but not used variable 'server' (bsc#1144333). - cifs: remove set but not used variable 'smb_buf' (bsc#1144333). - cifs: remove small_smb2_init (bsc#1144333). - cifs: remove smb2_send_recv() (bsc#1144333). - cifs: remove struct smb2_hdr (bsc#1144333). - cifs: remove struct smb2_oplock_break_rsp (bsc#1144333). - cifs: remove the is_falloc argument to SMB2_set_eof (bsc#1144333). - cifs: remove unused stats (bsc#1144333). - cifs: remove unused value pointed out by Coverity (bsc#1144333). - cifs: remove unused variable from SMB2_read (bsc#1144333). - cifs: rename and clarify CIFS_ASYNC_OP and CIFS_NO_RESP (bsc#1144333). - cifs: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - cifs: replace snprintf with scnprintf (bsc#1144333). - cifs: return -ENODATA when deleting an xattr that does not exist (bsc#1144333). - cifs: return correct errors when pinning memory failed for direct I/O (bsc#1144333). - cifs: return error on invalid value written to cifsFYI (bsc#1144333). - cifs: set *resp_buf_type to NO_BUFFER on error (bsc#1144333). - cifs: set mapping error when page writeback fails in writepage or launder_pages (bsc#1144333). - cifs: set oparms.create_options rather than or'ing in CREATE_OPEN_BACKUP_INTENT (bsc#1144333). - cifs: show 'soft' in the mount options for hard mounts (bsc#1144333). - cifs: show the w bit for writeable /proc/fs/cifs/* files (bsc#1144333). - cifs: silence compiler warnings showing up with gcc-8.0.0 (bsc#1090734, bsc#1144333). - cifs: simple stats should always be enabled (bsc#1144333). - cifs: simplify code by removing CONFIG_CIFS_ACL ifdef (bsc#1144333). - Update config files. - cifs: simplify how we handle credits in compound_send_recv() (bsc#1144333). - cifs: smb2 commands can not be negative, remove confusing check (bsc#1144333). - cifs: smb2ops: Fix NULL check in smb2_query_symlink (bsc#1144333). - cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510, bsc#1144333). - cifs: smb2pdu: Fix potential NULL pointer dereference (bsc#1144333). - cifs: smbd: Avoid allocating iov on the stack (bsc#1144333). - cifs: smbd: Check for iov length on sending the last iov (bsc#1144333). - cifs: smbd: Do not destroy transport on RDMA disconnect (bsc#1144333). - cifs: smbd: Do not use RDMA read/write when signing is used (bsc#1144333). - cifs: smbd: Dump SMB packet when configured (bsc#1144333). - cifs: smbd: Enable signing with smbdirect (bsc#1144333). - cifs: smbd: Indicate to retry on transport sending failure (bsc#1144333). - cifs: smbd: Retry on memory registration failure (bsc#1144333). - cifs: smbd: Return EINTR when interrupted (bsc#1144333). - cifs: smbd: avoid reconnect lockup (bsc#1144333). - cifs: smbd: depend on INFINIBAND_ADDR_TRANS (bsc#1144333). - cifs: smbd: disconnect transport on RDMA errors (bsc#1144333). - cifs: smbd: take an array of reqeusts when sending upper layer data (bsc#1144333). - cifs: start DFS cache refresher in cifs_mount() (bsc#1144333). - cifs: store the leaseKey in the fid on SMB2_open (bsc#1051510, bsc#1144333). - cifs: suppress some implicit-fallthrough warnings (bsc#1144333). - cifs: track writepages in vfs operation counters (bsc#1144333). - cifs: update __smb_send_rqst() to take an array of requests (bsc#1144333). - cifs: update calc_size to take a server argument (bsc#1144333). - cifs: update init_sg, crypt_message to take an array of rqst (bsc#1144333). - cifs: update internal module number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.14 (bsc#1144333). - cifs: update module internal version number (bsc#1144333). - cifs: update multiplex loop to handle compounded responses (bsc#1144333). - cifs: update receive_encrypted_standard to handle compounded responses (bsc#1144333). - cifs: update smb2_calc_size to use smb2_sync_hdr instead of smb2_hdr (bsc#1144333). - cifs: update smb2_check_message to handle PDUs without a 4 byte length header (bsc#1144333). - cifs: update smb2_queryfs() to use compounding (bsc#1144333). - cifs: use a compound for setting an xattr (bsc#1144333). - cifs: use a refcount to protect open/closing the cached file handle (bsc#1144333). - cifs: use correct format characters (bsc#1144333). - cifs: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl (bsc#1071306, bsc#1144333). - cifs: use the correct length when pinning memory for direct I/O for write (bsc#1144333). - cifs: wait_for_free_credits() make it possible to wait for >=1 credits (bsc#1144333). - cifs: we can not use small padding iovs together with encryption (bsc#1144333). - cifs: zero sensitive data when freeing (bsc#1087092, bsc#1144333). - cifs: zero-range does not require the file is sparse (bsc#1144333). - cifs:smbd Use the correct DMA direction when sending data (bsc#1144333). - cifs:smbd When reconnecting to server, call smbd_destroy() after all MIDs have been called (bsc#1144333). - cifs_lookup(): cifs_get_inode_...() never returns 0 with *inode left NULL (bsc#1144333). - cifs_lookup(): switch to d_splice_alias() (bsc#1144333). - clk: Export clk_bulk_prepare() (bsc#1144813). - clk: add clk_bulk_get accessories (bsc#1144813). - clk: bcm2835: remove pllb (jsc#SLE-7294). - clk: bcm283x: add driver interfacing with Raspberry Pi's firmware (jsc#SLE-7294). - clk: bulk: silently error out on EPROBE_DEFER (bsc#1144718,bsc#1144813). - clk: raspberrypi: register platform device for raspberrypi-cpufreq (jsc#SLE-7294). - clk: renesas: cpg-mssr: Fix reset control race condition (bsc#1051510). - clk: rockchip: Add 1.6GHz PLL rate for rk3399 (bsc#1144718,bsc#1144813). - clk: rockchip: assign correct id for pclk_ddr and hclk_sd in rk3399 (bsc#1144718,bsc#1144813). - compat_ioctl: pppoe: fix PPPOEIOCSFWD handling (bsc#1051510). - coredump: split pipe command whitespace before expanding template (bsc#1051510). - cpu/speculation: Warn on unsupported mitigations= parameter (bsc#1114279). - cpufreq: dt: Try freeing static OPPs only if we have added them (jsc#SLE-7294). - crypto: ccp - Add support for valid authsize values less than 16 (bsc#1051510). - crypto: ccp - Fix oops by properly managing allocated structures (bsc#1051510). - crypto: ccp - Ignore tag length when decrypting GCM ciphertext (bsc#1051510). - crypto: ccp - Ignore unconfigured CCP device on suspend/resume (bnc#1145934). - crypto: ccp - Validate buffer lengths for copy operations (bsc#1051510). - crypto: talitos - fix skcipher failure due to wrong output IV (bsc#1051510). - cx82310_eth: fix a memory leak bug (bsc#1051510). - dax: dax_layout_busy_page() should not unmap cow pages (bsc#1148698). - devres: always use dev_name() in devm_ioremap_resource() (git fixes). - dfs_cache: fix a wrong use of kfree in flush_cache_ent() (bsc#1144333). - dm btree: fix order of block initialization in btree_split_beneath (git fixes). - dm bufio: fix deadlock with loop device (git fixes). - dm cache metadata: Fix loading discard bitset (git fixes). - dm crypt: do not overallocate the integrity tag space (git fixes). - dm crypt: fix parsing of extended IV arguments (git fixes). - dm delay: fix a crash when invalid device is specified (git fixes). - dm integrity: change memcmp to strncmp in dm_integrity_ctr (git fixes). - dm integrity: limit the rate of error messages (git fixes). - dm kcopyd: always complete failed jobs (git fixes). - dm raid: add missing cleanup in raid_ctr() (git fixes). - dm space map metadata: fix missing store of apply_bops() return value (git fixes). - dm table: fix invalid memory accesses with too high sector number (git fixes). - dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors (git fixes). - dm thin: fix bug where bio that overwrites thin block ignores FUA (git fixes). - dm thin: fix passdown_double_checking_shared_status() (git fixes). - dm zoned: Fix zone report handling (git fixes). - dm zoned: Silence a static checker warning (git fixes). - dm zoned: fix potential NULL dereference in dmz_do_reclaim() (git fixes). - dm zoned: fix zone state management race (git fixes). - dm zoned: improve error handling in i/o map code (git fixes). - dm zoned: improve error handling in reclaim (git fixes). - dm zoned: properly handle backing device failure (git fixes). - dm: bufio: revert: 'fix deadlock with loop device' (git fixes). - dm: fix to_sector() for 32bit (git fixes). - dm: revert 8f50e358153d ('dm: limit the max bio size as BIO_MAX_PAGES * PAGE_SIZE') (git fixes). - dma-buf: balance refcount inbalance (bsc#1051510). - dmaengine: rcar-dmac: Reject zero-length slave DMA requests (bsc#1051510). - documentation/networking: fix default_ttl typo in mpls-sysctl (bsc#1051510). - documentation: Add nospectre_v1 parameter (bsc#1051510). - driver core: Fix use-after-free and double free on glue directory (bsc#1131281). - drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl (bsc#1051510). - drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings (bsc#1051510). - drm/amdgpu/psp: move psp version specific function pointers to (bsc#1135642) - drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz (bsc#1051510). - drm/bridge: tc358767: read display_props in get_modes() (bsc#1051510). - drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry (bsc#1051510). - drm/etnaviv: add missing failure path to destroy suballoc (bsc#1135642) - drm/i915/perf: ensure we keep a reference on the driver (bsc#1142635) - drm/i915/userptr: Acquire the page lock around set_page_dirty() (bsc#1051510). - drm/i915: Do not deballoon unused ggtt drm_mm_node in linux guest (bsc#1142635) - drm/i915: Fix wrong escape clock divisor init for GLK (bsc#1142635) - drm/i915: Restore relaxed padding (OCL_OOB_SUPPRES_ENABLE) for skl+ (bsc#1142635) - drm/imx: notify drm core before sending event during crtc disable (bsc#1135642) - drm/imx: only send event on crtc disable if kept disabled (bsc#1135642) - drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver (bsc#1135642) - drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable() (bsc#1135642) - drm/mediatek: clear num_pipes when unbind driver (bsc#1135642) - drm/mediatek: fix unbind functions (bsc#1135642) - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto (bsc#1142635) - drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1135642) - drm/mediatek: use correct device to import PRIME buffers (bsc#1142635) - drm/msm/mdp5: Fix mdp5_cfg_init error return (bsc#1142635) - drm/msm: Depopulate platform on probe failure (bsc#1051510). - drm/nouveau: Do not retry infinitely when receiving no data on i2c (bsc#1142635) - drm/nouveau: fix memory leak in nouveau_conn_reset() (bsc#1051510). - drm/panel: simple: Fix panel_simple_dsi_probe (bsc#1051510). - drm/rockchip: Suspend DP late (bsc#1142635) - drm/udl: introduce a macro to convert dev to udl. (bsc#1113722) - drm/udl: move to embedding drm device inside udl device. (bsc#1113722) - drm/virtio: Add memory barriers for capset cache (bsc#1051510). - drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1135642) - drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1135642) - drm/vmwgfx: fix memory leak when too many retries have occurred (bsc#1051510). - drm: msm: Fix add_gpu_components (bsc#1051510). - drm: silence variable 'conn' set but not used (bsc#1051510). - ecryptfs: fix a couple type promotion bugs (bsc#1051510). - edac, amd64: Add Family 17h, models 10h-2fh support (bsc#1112178). - edac/amd64: Add Family 17h Model 30h PCI IDs (bsc#1112178). - edac: Fix global-out-of-bounds write when setting edac_mc_poll_msec (bsc#1114279). - efi/bgrt: Drop BGRT status field reserved bits check (bsc#1051510). - ehea: Fix a copy-paste err in ehea_init_port_res (bsc#1051510). - ext4: use jbd2_inode dirty range scoping (bsc#1148616). - firmware: raspberrypi: register clk device (jsc#SLE-7294). - firmware: ti_sci: Always request response from firmware (bsc#1051510). - fix incorrect error code mapping for OBJECTID_NOT_FOUND (bsc#1144333). - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510, bsc#1144333). - fix struct ufs_req removal of unused field (git-fixes). - fixed https://bugzilla.kernel.org/show_bug.cgi?id=202935 allow write on the same file (bsc#1144333). - fs/*/kconfig: drop links to 404-compliant http://acl.bestbits.at (bsc#1144333). - fs/cifs/cifsacl.c Fixes typo in a comment (bsc#1144333). - fs/cifs/smb2pdu.c: fix buffer free in SMB2_ioctl_free (bsc#1144333). - fs/cifs: Simplify ib_post_(send|recv|srq_recv)() calls (bsc#1144333). - fs/cifs: do not translate SFM_SLASH (U+F026) to backslash (bsc#1144333). - fs/cifs: fix uninitialised variable warnings (bsc#1144333). - fs/cifs: require sha512 (bsc#1051510, bsc#1144333). - fs/cifs: suppress a string overflow warning (bsc#1144333). - fs/xfs: Fix return code of xfs_break_leased_layouts() (bsc#1148031). - fs: cifs: Drop unlikely before IS_ERR(_OR_NULL) (bsc#1144333). - fs: cifs: Kconfig: pedantic formatting (bsc#1144333). - fs: cifs: Replace _free_xid call in cifs_root_iget function (bsc#1144333). - fs: cifs: cifsssmb: Change return type of convert_ace_to_cifs_ace (bsc#1144333). - fs: xfs: xfs_log: Do not use KM_MAYFAIL at xfs_log_reserve() (bsc#1148033). - fsl/fman: Use GFP_ATOMIC in {memac,tgec}_add_hash_mac_address() (bsc#1051510). - ftrace: Check for empty hash and comment the race with registering probes (bsc#1149418). - ftrace: Check for successful allocation of hash (bsc#1149424). - ftrace: Fix NULL pointer dereference in t_probe_next() (bsc#1149413). - gpio: Fix build error of function redefinition (bsc#1051510). - gpio: gpio-omap: add check for off wake capable gpios (bsc#1051510). - gpio: mxs: Get rid of external API call (bsc#1051510). - gpio: omap: ensure irq is enabled before wakeup (bsc#1051510). - gpio: pxa: handle corner case of unprobed device (bsc#1051510). - gpiolib: fix incorrect IRQ requesting of an active-low lineevent (bsc#1051510). - gpiolib: never report open-drain/source lines as 'input' to user-space (bsc#1051510). - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM (bsc#1142635) - hid: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT (bsc#1051510). - hid: Add quirk for HP X1200 PIXART OEM mouse (bsc#1051510). - hid: cp2112: prevent sleeping function called from invalid context (bsc#1051510). - hid: hiddev: avoid opening a disconnected device (bsc#1051510). - hid: hiddev: do cleanup in failure of opening a device (bsc#1051510). - hid: holtek: test for sanity of intfdata (bsc#1051510). - hid: sony: Fix race condition between rumble and device remove (bsc#1051510). - hid: wacom: Correct distance scale for 2nd-gen Intuos devices (bsc#1142635). - hid: wacom: correct misreported EKR ring values (bsc#1142635). - hid: wacom: fix bit shift for Cintiq Companion 2 (bsc#1051510). - hpet: Fix division by zero in hpet_time_div() (bsc#1051510). - hwmon: (nct6775) Fix register address and added missed tolerance for nct6106 (bsc#1051510). - hwmon: (nct7802) Fix wrong detection of in4 presence (bsc#1051510). - i2c: emev2: avoid race when unregistering slave client (bsc#1051510). - i2c: piix4: Fix port selection for AMD Family 16h Model 30h (bsc#1051510). - i2c: qup: fixed releasing dma without flush operation completion (bsc#1051510). - ib/mlx5: Fix MR registration flow to use UMR properly (bsc#1093205 bsc#1145678). - ibmveth: Convert multicast list size for little-endian system (bsc#1061843). - ibmvnic: Do not process reset during or after device removal (bsc#1149652 ltc#179635). - ibmvnic: Unmap DMA address of TX descriptor buffers after use (bsc#1146351 ltc#180726). - igmp: fix memory leak in igmpv3_del_delrec() (networking-stable-19_07_25). - iio: adc: max9611: Fix misuse of GENMASK macro (bsc#1051510). - iio: adc: max9611: Fix temperature reading in probe (bsc#1051510). - iio: iio-utils: Fix possible incorrect mask calculation (bsc#1051510). - include/linux/bitops.h: sanitize rotate primitives (git fixes). - input: alps - do not handle ALPS cs19 trackpoint-only device (bsc#1051510). - input: alps - fix a mismatch between a condition check and its comment (bsc#1051510). - input: iforce - add sanity checks (bsc#1051510). - input: kbtab - sanity check for endpoint type (bsc#1051510). - input: synaptics - enable RMI mode for HP Spectre X360 (bsc#1051510). - input: synaptics - whitelist Lenovo T580 SMBus intertouch (bsc#1051510). - input: trackpoint - only expose supported controls for Elan, ALPS and NXP (bsc#1051510). - intel_th: pci: Add Ice Lake NNPI support (bsc#1051510). - intel_th: pci: Add Tiger Lake support (bsc#1051510). - intel_th: pci: Add support for another Lewisburg PCH (bsc#1051510). - iommu/amd: Add support for X2APIC IOMMU interrupts (bsc#1145010). - iommu/amd: Fix race in increase_address_space() (bsc#1150860). - iommu/amd: Flush old domains in kdump kernel (bsc#1150861). - iommu/amd: Move iommu_init_pci() to .init section (bsc#1149105). - iommu/dma: Handle SG length overflow better (bsc#1146084). - iommu/iova: Fix compilation error with !CONFIG_IOMMU_IOVA (bsc#1145024). - iommu/vt-d: Do not queue_iova() if there is no flush queue (bsc#1145024). - ipip: validate header length in ipip_tunnel_xmit (git-fixes). - ipv4: do not set IPv6 only flags to IPv4 addresses (networking-stable-19_07_25). - irqchip/gic-v3-its: fix build warnings (bsc#1144880). - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack (bsc#1051510). - isdn: hfcsusb: checking idx of ep configuration (bsc#1051510). - isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain() (bsc#1051510). - iwlwifi: dbg: split iwl_fw_error_dump to two functions (bsc#1119086). - iwlwifi: do not unmap as page memory that was mapped as single (bsc#1051510). - iwlwifi: fix bad dma handling in page_mem dumping flow (bsc#1120902). - iwlwifi: fw: use helper to determine whether to dump paging (bsc#1106434). Patch needed to be adjusted, because our tree does not have the global variable IWL_FW_ERROR_DUMP_PAGING - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT on version &< 41 (bsc#1142635). - iwlwifi: mvm: fix an out-of-bound access (bsc#1051510). - iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT support (bsc#1142635). - iwlwifi: pcie: do not service an interrupt that was masked (bsc#1142635). - iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X (bsc#1142635). - jbd2: flush_descriptor(): Do not decrease buffer head's ref count (bsc#1143843). - jbd2: introduce jbd2_inode dirty range scoping (bsc#1148616). - kabi: Fix kABI for 'struct amd_iommu' (bsc#1145010). - kasan: remove redundant initialization of variable 'real_size' (git fixes). - kconfig/[mn]conf: handle backspace (^H) key (bsc#1051510). - keys: Fix missing null pointer check in request_key_auth_describe() (bsc#1051510). - kvm/eventfd: Avoid crash when assign and deassign specific eventfd in parallel (bsc#1133021). - kvm/x86: Move MSR_IA32_ARCH_CAPABILITIES to array emulated_msrs (bsc#1134881 bsc#1134882). - kvm: Disallow wraparound in kvm_gfn_to_hva_cache_init (bsc#1133021). - kvm: Fix leak vCPU's VMCS value into other pCPU (bsc#1145388). - kvm: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC (bsc#1145408). - kvm: PPC: Book3S HV: Fix CR0 setting in TM emulation (bsc#1061840). - kvm: Reject device ioctls from processes other than the VM's creator (bsc#1133021). - kvm: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT with bad value (bsc#1145393). - kvm: VMX: Fix handling of #MC that occurs during VM-Entry (bsc#1145395). - kvm: VMX: check CPUID before allowing read/write of IA32_XSS (bsc#1145394). - kvm: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083). - kvm: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083). - kvm: arm/arm64: Close VMID generation race (bsc#1133021). - kvm: arm/arm64: Convert kvm_host_cpu_state to a static per-cpu allocation (bsc#1133021). - kvm: arm/arm64: Drop resource size check for GICV window (bsc#1133021). - kvm: arm/arm64: Fix VMID alloc race by reverting to lock-less (bsc#1133021). - kvm: arm/arm64: Fix lost IRQs from emulated physcial timer when blocked (bsc#1133021). - kvm: arm/arm64: Handle CPU_PM_ENTER_FAILED (bsc#1133021). - kvm: arm/arm64: Reduce verbosity of KVM init log (bsc#1133021). - kvm: arm/arm64: Set dist->spis to NULL after kfree (bsc#1133021). - kvm: arm/arm64: Skip updating PMD entry if no change (bsc#1133021). - kvm: arm/arm64: Skip updating PTE entry if no change (bsc#1133021). - kvm: arm/arm64: vgic-its: Fix potential overrun in vgic_copy_lpi_list (bsc#1133021). - kvm: arm/arm64: vgic-v3: Tighten synchronization for guests using v2 on v3 (bsc#1133021). - kvm: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending (bsc#1133021). - kvm: arm/arm64: vgic: Fix kvm_device leak in vgic_its_destroy (bsc#1133021). - kvm: arm64: Fix caching of host MDCR_EL2 value (bsc#1133021). - kvm: mmu: Fix overlap between public and private memslots (bsc#1133021). - kvm: nVMX: Remove unnecessary sync_roots from handle_invept (bsc#1145391). - kvm: nVMX: Use adjusted pin controls for vmcs02 (bsc#1145392). - kvm: nVMX: allow setting the VMFUNC controls MSR (bsc#1145389). - kvm: nVMX: do not use dangling shadow VMCS after guest reset (bsc#1145390). - kvm: x86/vPMU: refine kvm_pmu err msg when event creation failed (bsc#1145397). - kvm: x86: Do not update RIP or do single-step on faulting emulation (bsc#1149104). - kvm: x86: Unconditionally enable irqs in guest context (bsc#1145396). - kvm: x86: degrade WARN to pr_warn_ratelimited (bsc#1145409). - kvm: x86: fix backward migration with async_PF (bsc#1146074). - lan78xx: Fix memory leaks (bsc#1051510). - libata: add SG safety checks in SFF pio transfers (bsc#1051510). - libata: do not request sense data on !ZAC ATA devices (bsc#1051510). - libata: have ata_scsi_rw_xlat() fail invalid passthrough requests (bsc#1051510). - libata: zpodd: Fix small read overflow in zpodd_get_mech_type() (bsc#1051510). - libceph, rbd, ceph: move ceph_osdc_alloc_messages() calls (bsc#1135897). - libceph, rbd: add error handling for osd_req_op_cls_init() (bsc#1135897). - libceph, rbd: new bio handling code (aka do not clone bios) (bsc#1141450). - libceph: add osd_req_op_extent_osd_data_bvecs() (bsc#1141450). - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer (bsc#1148133). - libceph: assign cookies in linger_submit() (bsc#1135897). - libceph: check reply num_data_items in setup_request_data() (bsc#1135897). - libceph: do not consume a ref on pagelist in ceph_msg_data_add_pagelist() (bsc#1135897). - libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() (bsc#1135897). - libceph: fix PG split vs OSD (re)connect race (bsc#1148133). - libceph: handle zero-length data items (bsc#1141450). - libceph: introduce BVECS data type (bsc#1141450). - libceph: introduce alloc_watch_request() (bsc#1135897). - libceph: introduce ceph_pagelist_alloc() (bsc#1135897). - libceph: preallocate message data items (bsc#1135897). - libceph: use single request data item for cmp/setxattr (bsc#1139101). - libnvdimm/pfn: Store correct value of npfns in namespace superblock (bsc#1146381 ltc#180720). - liquidio: add cleanup in octeon_setup_iq() (bsc#1051510). - loop: set PF_MEMALLOC_NOIO for the worker thread (git fixes). - mac80211: do not WARN on short WMM parameters from AP (bsc#1051510). - mac80211: do not warn about CW params when not using them (bsc#1051510). - mac80211: fix possible memory leak in ieee80211_assign_beacon (bsc#1142635). - mac80211: fix possible sta leak (bsc#1051510). - macsec: fix checksumming after decryption (bsc#1051510). - macsec: fix use-after-free of skb during RX (bsc#1051510). - macsec: let the administrator set UP state even if lowerdev is down (bsc#1051510). - macsec: update operstate when lower device changes (bsc#1051510). - mailbox: handle failed named mailbox channel request (bsc#1051510). - md/raid: raid5 preserve the writeback action after the parity check (git fixes). - md: add mddev->pers to avoid potential NULL pointer dereference (git fixes). - media: au0828: fix null dereference in error path (bsc#1051510). - media: coda: Remove unbalanced and unneeded mutex unlock (bsc#1051510). - media: coda: fix last buffer handling in V4L2_ENC_CMD_STOP (bsc#1051510). - media: coda: fix mpeg2 sequence number handling (bsc#1051510). - media: coda: increment sequence offset for the last returned frame (bsc#1051510). - media: dvb: usb: fix use after free in dvb_usb_device_exit (bsc#1051510). - media: hdpvr: fix locking and a missing msleep (bsc#1051510). - media: media_device_enum_links32: clean a reserved field (bsc#1051510). - media: pvrusb2: use a different format for warnings (bsc#1051510). - media: spi: IR LED: add missing of table registration (bsc#1051510). - media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails (bsc#1051510). - media: vpss: fix a potential NULL pointer dereference (bsc#1051510). - media: wl128x: Fix some error handling in fm_v4l2_init_video_device() (bsc#1051510). - mfd: arizona: Fix undefined behavior (bsc#1051510). - mfd: core: Set fwnode for created devices (bsc#1051510). - mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk (bsc#1051510). - mfd: intel-lpss: Add Intel Comet Lake PCI IDs (jsc#SLE-4875). - mm, page_owner: handle THP splits correctly (bsc#1149197, VM Debugging Functionality). - mm/hmm: fix bad subpage pointer in try_to_unmap_one (bsc#1148202, HMM, VM Functionality). - mm/hotplug: fix offline undo_isolate_page_range() (bsc#1148196, VM Functionality). - mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node (bsc#1148379, VM Functionality). - mm/memcontrol.c: fix use after free in mem_cgroup_iter() (bsc#1149224, VM Functionality). - mm/memory.c: recheck page table entry with page table lock held (bsc#1148363, VM Functionality). - mm/migrate.c: initialize pud_entry in migrate_vma() (bsc#1148198, HMM, VM Functionality). - mm/mlock.c: change count_mm_mlocked_page_nr return type (bsc#1148527, VM Functionality). - mm/mlock.c: mlockall error for flag MCL_ONFAULT (bsc#1148527, VM Functionality). - mm/page_alloc.c: fix calculation of pgdat->nr_zones (bsc#1148192, VM Functionality). - mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy() (bsc#1118689). - mm/vmscan.c: fix trying to reclaim unevictable LRU page (bsc#1149214, VM Functionality). - mm: add filemap_fdatawait_range_keep_errors() (bsc#1148616). - mm: do not stall register_shrinker() (bsc#1104902, VM Performance). - mm: page_mapped: do not assume compound page is huge or THP (bsc#1148574, VM Functionality). - mmc: cavium: Add the missing dma unmap when the dma has finished (bsc#1051510). - mmc: cavium: Set the correct dma max segment size for mmc_host (bsc#1051510). - mmc: core: Fix init of SD cards reporting an invalid VDD range (bsc#1051510). - mmc: dw_mmc: Fix occasional hang after tuning on eMMC (bsc#1051510). - mmc: sdhci-of-at91: add quirk for broken HS200 (bsc#1051510). - mmc: sdhci-pci: Add support for Intel CML (jsc#SLE-4875). - mmc: sdhci-pci: Add support for Intel ICP (jsc#SLE-4875). - move a few externs to smbdirect.h to eliminate warning (bsc#1144333). - move core networking kabi patches to the end of the section - move irq_data_get_effective_affinity_mask prior the sorted section - mpls: fix warning with multi-label encap (bsc#1051510). - nbd: replace kill_bdev() with __invalidate_device() again (git fixes). - net/9p: include trans_common.h to fix missing prototype warning (bsc#1051510). - net/ibmvnic: Fix missing { in __ibmvnic_reset (bsc#1149652 ltc#179635). - net/ibmvnic: free reset work of removed device from queue (bsc#1149652 ltc#179635). - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command (bsc#1145678). - net/mlx5e: IPoIB, Add error path in mlx5_rdma_setup_rn (networking-stable-19_07_25). - net/smc: do not schedule tx_work in SMC_CLOSED state (bsc#1149963). - net/smc: original socket family in inet_sock_diag (bsc#1149959). - net: Fix netdev_WARN_ONCE macro (git-fixes). - net: Introduce netdev_*_once functions (networking-stable-19_07_25). - net: bcmgenet: use promisc for unsupported filters (networking-stable-19_07_25). - net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query (networking-stable-19_07_25). - net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling (networking-stable-19_07_25). - net: bridge: stp: do not cache eth dest pointer before skb pull (networking-stable-19_07_25). - net: dsa: mv88e6xxx: wait after reset deactivation (networking-stable-19_07_25). - net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1139020 bsc#1139021). - net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1139020 bsc#1139021). - net: ena: add ethtool function for changing io queue sizes (bsc#1139020 bsc#1139021). - net: ena: add good checksum counter (bsc#1139020 bsc#1139021). - net: ena: add handling of llq max tx burst size (bsc#1139020 bsc#1139021). - net: ena: add newline at the end of pr_err prints (bsc#1139020 bsc#1139021). - net: ena: add support for changing max_header_size in LLQ mode (bsc#1139020 bsc#1139021). - net: ena: allow automatic fallback to polling mode (bsc#1139020 bsc#1139021). - net: ena: allow queue allocation backoff when low on memory (bsc#1139020 bsc#1139021). - net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1139020 bsc#1139021). - net: ena: enable negotiating larger Rx ring size (bsc#1139020 bsc#1139021). - net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1139020 bsc#1139021). - net: ena: ethtool: revert 'add extra properties retrieval via get_priv_flags' (bsc#1139020 bsc#1139021). - net: ena: fix ena_com_fill_hash_function() implementation (bsc#1139020 bsc#1139021). - net: ena: fix incorrect test of supported hash function (bsc#1139020 bsc#1139021). - net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1139020 bsc#1139021). - net: ena: fix: Free napi resources when ena_up() fails (bsc#1139020 bsc#1139021). - net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1139020 bsc#1139021). - net: ena: gcc 8: fix compilation warning (bsc#1139020 bsc#1139021). - net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1139020 bsc#1139021). - net: ena: make ethtool show correct current and max queue sizes (bsc#1139020 bsc#1139021). - net: ena: optimise calculations for CQ doorbell (bsc#1139020 bsc#1139021). - net: ena: remove inline keyword from functions in *.c (bsc#1139020 bsc#1139021). - net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1139020 bsc#1139021). - net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1139020 bsc#1139021). - net: ena: use dev_info_once instead of static variable (bsc#1139020 bsc#1139021). - net: make skb_dst_force return true when dst is refcounted (networking-stable-19_07_25). - net: neigh: fix multiple neigh timer scheduling (networking-stable-19_07_25). - net: remove duplicate fetch in sock_getsockopt (networking-stable-19_07_02). - net: sched: verify that q!=NULL before setting q->flags (git-fixes). - net: stmmac: fixed new system time seconds value calculation (networking-stable-19_07_02). - net: stmmac: set IC bit when transmitting frames with HW timestamp (networking-stable-19_07_02). - net: usb: pegasus: fix improper read if get_registers() fail (bsc#1051510). - net_sched: unset TCQ_F_CAN_BYPASS when adding filters (networking-stable-19_07_25). - netrom: fix a memory leak in nr_rx_frame() (networking-stable-19_07_25). - netrom: hold sock when setting skb->destructor (networking-stable-19_07_25). - nfc: fix potential illegal memory access (bsc#1051510). - nfs: Cleanup if nfs_match_client is interrupted (bsc#1134291). - nfs: Fix a double unlock from nfs_match,get_client (bsc#1134291). - nfs: Fix the inode request accounting when pages have subrequests (bsc#1140012). - nfs: make nfs_match_client killable (bsc#1134291). - nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header (git fixes). - nvme-core: Fix extra device_put() call on error path (bsc#1142541). - nvme-fc: fix module unloads while lports still pending (bsc#1150033). - nvme-multipath: fix ana log nsid lookup when nsid is not found (bsc#1141554). - nvme-multipath: relax ANA state check (bsc#1123105). - nvme-multipath: revalidate nvme_ns_head gendisk in nvme_validate_ns (bsc#1120876). - nvme: Return BLK_STS_TARGET if the DNR bit is set (bsc#1142076). - nvme: cancel request synchronously (bsc#1145661). - nvme: change locking for the per-subsystem controller list (bsc#1142541). - nvme: fix possible use-after-free in connect error flow (bsc#1139500, bsc#1140426) - nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN (bsc#1146938). - objtool: Add rewind_stack_do_exit() to the noreturn list (bsc#1145302). - objtool: Support GCC 9 cold subfunction naming scheme (bsc#1145300). - octeon_mgmt: Fix MIX registers configuration on MTU setup (bsc#1051510). - pci: PM/ACPI: Refresh all stale power state data in pci_pm_complete() (bsc#1149106). - pci: Restore Resizable BAR size bits correctly for 1MB BARs (bsc#1143841). - pci: hv: Fix panic by calling hv_pci_remove_slots() earlier (bsc#1142701). - pci: qcom: Ensure that PERST is asserted for at least 100 ms (bsc#1142635). - pci: xilinx-nwl: Fix Multi MSI data programming (bsc#1142635). - phy: qcom-qusb2: Fix crash if nvmem cell not specified (bsc#1051510). - phy: renesas: rcar-gen2: Fix memory leak at error paths (bsc#1051510). - pinctrl: pistachio: fix leaked of_node references (bsc#1051510). - pinctrl: rockchip: fix leaked of_node references (bsc#1051510). - pm / devfreq: rk3399_dmc: Pass ODT and auto power down parameters to TF-A (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: do not print error when get supply and clk defer (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: fix spelling mistakes (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: remove unneeded semicolon (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: remove wait for dcf irq event (bsc#1144718,bsc#1144813). - pm / devfreq: rockchip-dfi: Move GRF definitions to a common place (bsc#1144718,bsc#1144813). - pm / opp: OF: Use pr_debug() instead of pr_err() while adding OPP table (jsc#SLE-7294). - powerpc/64s: Include cpu header (bsc#1065729). - powerpc/64s: support nospectre_v2 cmdline option (bsc#1131107). - powerpc/book3s/64: check for NULL pointer in pgd_alloc() (bsc#1078248, git-fixes). - powerpc/fadump: Do not allow hot-remove memory from fadump reserved area (bsc#1120937). - powerpc/fadump: Reservationless firmware assisted dump (bsc#1120937). - powerpc/fadump: Throw proper error message on fadump registration failure (bsc#1120937). - powerpc/fadump: use kstrtoint to handle sysfs store (bsc#1146376). - powerpc/fadump: when fadump is supported register the fadump sysfs files (bsc#1146352). - powerpc/fsl: Add nospectre_v2 command line argument (bsc#1131107). - powerpc/fsl: Update Spectre v2 reporting (bsc#1131107). - powerpc/kdump: Handle crashkernel memory reservation failure (bsc#1143466 LTC#179600). - powerpc/lib: Fix feature fixup test of external branch (bsc#1065729). - powerpc/mm/hash/4k: Do not use 64K page size for vmemmap with 4K pagesize (bsc#1142685 LTC#179509). - powerpc/mm/radix: Use the right page size for vmemmap mapping (bsc#1055117 bsc#1142685 LTC#179509). - powerpc/mm: Handle page table allocation failures (bsc#1065729). - powerpc/perf: Add constraints for power9 l2/l3 bus events (bsc#1056686). - powerpc/perf: Add mem access events to sysfs (bsc#1124370). - powerpc/perf: Cleanup cache_sel bits comment (bsc#1056686). - powerpc/perf: Fix thresholding counter data for unknown type (bsc#1056686). - powerpc/perf: Remove PM_BR_CMPL_ALT from power9 event list (bsc#1047238, bsc#1056686). - powerpc/perf: Update perf_regs structure to include SIER (bsc#1056686). - powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler (bsc#1065729). - powerpc/powernv: Flush console before platform error reboot (bsc#1149940 ltc#179958). - powerpc/powernv: Return for invalid IMC domain (bsc1054914, git-fixes). - powerpc/powernv: Use kernel crash path for machine checks (bsc#1149940 ltc#179958). - powerpc/pseries, ps3: panic flush kernel messages before halting system (bsc#1149940 ltc#179958). - powerpc/pseries: Fix xive=off command line (bsc#1085030, git-fixes). - powerpc/pseries: add missing cpumask.h include file (bsc#1065729). - powerpc/pseries: correctly track irq state in default idle (bsc#1150727 ltc#178925). - powerpc/rtas: use device model APIs and serialization during LPM (bsc#1144123 ltc#178840). - powerpc/security: Show powerpc_security_features in debugfs (bsc#1131107). - powerpc/xive: Fix dump of XIVE interrupt under pseries (bsc#1142019). - powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask() (bsc#1085030, bsc#1145189, LTC#179762). - powerpc/xmon: Add a dump of all XIVE interrupts (bsc#1142019). - powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL (bsc#1142019). - powerpc: Allow flush_(inval_)dcache_range to work across ranges >4GB (bsc#1146575 ltc#180764). - powerpc: dump kernel log before carrying out fadump or kdump (bsc#1149940 ltc#179958). - qede: fix write to free'd pointer error and double free of ptp (bsc#1051510). - qlge: Deduplicate lbq_buf_size (bsc#1106061). - qlge: Deduplicate rx buffer queue management (bsc#1106061). - qlge: Factor out duplicated expression (bsc#1106061). - qlge: Fix dma_sync_single calls (bsc#1106061). - qlge: Fix irq masking in INTx mode (bsc#1106061). - qlge: Refill empty buffer queues from wq (bsc#1106061). - qlge: Refill rx buffers up to multiple of 16 (bsc#1106061). - qlge: Remove bq_desc.maplen (bsc#1106061). - qlge: Remove irq_cnt (bsc#1106061). - qlge: Remove page_chunk.last_flag (bsc#1106061). - qlge: Remove qlge_bq.len & size (bsc#1106061). - qlge: Remove rx_ring.sbq_buf_size (bsc#1106061). - qlge: Remove rx_ring.type (bsc#1106061). - qlge: Remove useless dma synchronization calls (bsc#1106061). - qlge: Remove useless memset (bsc#1106061). - qlge: Replace memset with assignment (bsc#1106061). - qlge: Update buffer queue prod index despite oom (bsc#1106061). - rbd: do not (ab)use obj_req->pages for stat requests (bsc#1141450). - rbd: do not NULL out ->obj_request in rbd_img_obj_parent_read_full() (bsc#1141450). - rbd: get rid of img_req->copyup_pages (bsc#1141450). - rbd: move from raw pages to bvec data descriptors (bsc#1141450). - rbd: remove bio cloning helpers (bsc#1141450). - rbd: start enums at 1 instead of 0 (bsc#1141450). - rbd: use kmem_cache_zalloc() in rbd_img_request_create() (bsc#1141450). - regmap: fix bulk writes on paged registers (bsc#1051510). - regulator: qcom_spmi: Fix math of spmi_regulator_set_voltage_time_sel (bsc#1051510). - rename patches according to their names in SLE15-SP1. - rpm/kernel-binary.spec.in: Enable missing modules check. - rpm/kernel-binary.spec.in: Enable missing modules check. - rpmsg: added MODULE_ALIAS for rpmsg_char (bsc#1051510). - rpmsg: smd: do not use mananged resources for endpoints and channels (bsc#1051510). - rpmsg: smd: fix memory leak on channel create (bsc#1051510). - rsi: improve kernel thread handling to fix kernel panic (bsc#1051510). - rslib: Fix decoding of shortened codes (bsc#1051510). - rslib: Fix handling of of caller provided syndrome (bsc#1051510). - rtc: pcf8523: do not return invalid date when battery is low (bsc#1051510). - rxrpc: Fix send on a connected, but unbound socket (networking-stable-19_07_25). - s390/cio: fix ccw_device_start_timeout API (bsc#1142109 LTC#179339). - s390/dasd: fix endless loop after read unit address configuration (bsc#1144912 LTC#179907). - s390/qdio: handle PENDING state for QEBSM devices (bsc#1142117 bsc#1142118 bsc#1142119 LTC#179329 LTC#179330 LTC#179331). - s390/qeth: avoid control IO completion stalls (bsc#1142109 LTC#179339). - s390/qeth: cancel cmd on early error (bsc#1142109 LTC#179339). - s390/qeth: fix request-side race during cmd IO timeout (bsc#1142109 LTC#179339). - s390/qeth: release cmd buffer in error paths (bsc#1142109 LTC#179339). - s390/qeth: simplify reply object handling (bsc#1142109 LTC#179339). - samples, bpf: fix to change the buffer size for read() (bsc#1051510). - samples: mei: use /dev/mei0 instead of /dev/mei (bsc#1051510). - sched/fair: Do not free p->numa_faults with concurrent readers (bsc#1144920). - sched/fair: Use RCU accessors consistently for ->numa_group (bsc#1144920). - scripts/checkstack.pl: Fix arm64 wrong or unknown architecture (bsc#1051510). - scripts/decode_stacktrace.sh: prefix addr2line with $CROSS_COMPILE (bsc#1051510). - scripts/decode_stacktrace: only strip base path when a prefix of the path (bsc#1051510). - scripts/gdb: fix lx-version string output (bsc#1051510). - scripts/git_sort/git_sort.py: - scsi: NCR5380: Always re-enable reselection interrupt (git-fixes). - scsi: aacraid: Fix missing break in switch statement (git-fixes). - scsi: aacraid: Fix performance issue on logical drives (git-fixes). - scsi: aic94xx: fix an error code in aic94xx_init() (git-fixes). - scsi: aic94xx: fix module loading (git-fixes). - scsi: bfa: convert to strlcpy/strlcat (git-fixes). - scsi: bnx2fc: Fix NULL dereference in error handling (git-fixes). - scsi: bnx2fc: fix incorrect cast to u64 on shift operation (git-fixes). - scsi: core: Fix race on creating sense cache (git-fixes). - scsi: core: Synchronize request queue PM status only on successful resume (git-fixes). - scsi: core: set result when the command cannot be dispatched (git-fixes). - scsi: cxlflash: Mark expected switch fall-throughs (bsc#1148868). - scsi: cxlflash: Prevent deadlock when adapter probe fails (git-fixes). - scsi: esp_scsi: Track residual for PIO transfers (git-fixes) Also, mitigate kABI changes. - scsi: fas216: fix sense buffer initialization (git-fixes). - scsi: isci: initialize shost fully before calling scsi_add_host() (git-fixes). - scsi: libfc: fix null pointer dereference on a null lport (git-fixes). - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached (git-fixes). - scsi: mac_scsi: Fix pseudo DMA implementation, take 2 (git-fixes). - scsi: mac_scsi: Increase PIO/PDMA transfer length threshold (git-fixes). - scsi: megaraid: fix out-of-bound array accesses (git-fixes). - scsi: megaraid_sas: Fix calculation of target ID (git-fixes). - scsi: ncr5380: revert 'Increase register polling limit' (git-fixes). - scsi: qedf: Add debug information for unsolicited processing (bsc#1149976). - scsi: qedf: Add shutdown callback handler (bsc#1149976). - scsi: qedf: Add support for 20 Gbps speed (bsc#1149976). - scsi: qedf: Check both the FCF and fabric ID before servicing clear virtual link (bsc#1149976). - scsi: qedf: Check for link state before processing LL2 packets and send fipvlan retries (bsc#1149976). - scsi: qedf: Check for module unloading bit before processing link update AEN (bsc#1149976). - scsi: qedf: Decrease the LL2 MTU size to 2500 (bsc#1149976). - scsi: qedf: Fix race betwen fipvlan request and response path (bsc#1149976). - scsi: qedf: Initiator fails to re-login to switch after link down (bsc#1149976). - scsi: qedf: Print message during bailout conditions (bsc#1149976). - scsi: qedf: Stop sending fipvlan request on unload (bsc#1149976). - scsi: qedf: Update module description string (bsc#1149976). - scsi: qedf: Update the driver version to 8.37.25.20 (bsc#1149976). - scsi: qedf: Update the version to 8.42.3.0 (bsc#1149976). - scsi: qedf: Use discovery list to traverse rports (bsc#1149976). - scsi: qedf: remove memset/memcpy to nfunc and use func instead (git-fixes). - scsi: qedf: remove set but not used variables (bsc#1149976). - scsi: qedi: remove declaration of nvm_image from stack (git-fixes). - scsi: qla2xxx: Add cleanup for PCI EEH recovery (bsc#1129424). - scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory (git-fixes). - scsi: qla2xxx: Fix a format specifier (git-fixes). - scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() (git-fixes). - scsi: qla2xxx: Fix device staying in blocked state (git-fixes). - scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() (git-fixes). - scsi: qla2xxx: Unregister chrdev if module initialization fails (git-fixes). - scsi: qla4xxx: avoid freeing unallocated dma memory (git-fixes). - scsi: raid_attrs: fix unused variable warning (git-fixes). - scsi: scsi_dh_alua: Fix possible null-ptr-deref (git-fixes). - scsi: sd: Defer spinning up drive while SANITIZE is in progress (git-fixes). - scsi: sd: Fix a race between closing an sd device and sd I/O (git-fixes). - scsi: sd: Fix cache_type_store() (git-fixes). - scsi: sd: Optimal I/O size should be a multiple of physical block size (git-fixes). - scsi: sd: Quiesce warning if device does not report optimal I/O size (git-fixes). - scsi: sd: use mempool for discard special page (git-fixes). - scsi: sd_zbc: Fix potential memory leak (git-fixes). - scsi: smartpqi: unlock on error in pqi_submit_raid_request_synchronous() (git-fixes). - scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled (git-fixes). - scsi: ufs: Avoid runtime suspend possibly being blocked forever (git-fixes). - scsi: ufs: Check that space was properly alloced in copy_query_response (git-fixes). - scsi: ufs: Fix NULL pointer dereference in ufshcd_config_vreg_hpm() (git-fixes). - scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value (git-fixes). - scsi: ufs: fix wrong command type of UTRD for UFSHCI v2.1 (git-fixes). - scsi: ufs: revert 'disable vccq if it's not needed by UFS device' (git-fixes). - scsi: use dma_get_cache_alignment() as minimum DMA alignment (git-fixes). - scsi: virtio_scsi: do not send sc payload with tmfs (git-fixes). - sctp: change to hold sk after auth shkey is created successfully (networking-stable-19_07_02). - serial: 8250: Fix TX interrupt handling condition (bsc#1051510). - signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig (bsc#1144333). - sis900: fix TX completion (bsc#1051510). - sky2: Disable MSI on ASUS P6T (bsc#1142496). - smb2: fix missing files in root share directory listing (bsc#1112907, bsc#1144333). - smb2: fix typo in definition of a few error flags (bsc#1144333). - smb2: fix uninitialized variable bug in smb2_ioctl_query_info (bsc#1144333). - smb3 - clean up debug output displaying network interfaces (bsc#1144333). - smb3.1.1: Add GCM crypto to the encrypt and decrypt functions (bsc#1144333). - smb3.11: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - smb311: Fix reconnect (bsc#1051510, bsc#1144333). - smb311: Improve checking of negotiate security contexts (bsc#1051510, bsc#1144333). - smb3: Add SMB3.1.1 GCM to negotiated crypto algorigthms (bsc#1144333). - smb3: Add debug message later in smb2/smb3 reconnect path (bsc#1144333). - smb3: Add defines for new negotiate contexts (bsc#1144333). - smb3: Add dynamic trace points for various compounded smb3 ops (bsc#1144333). - smb3: Add ftrace tracepoints for improved SMB3 debugging (bsc#1144333). - smb3: Add handling for different FSCTL access flags (bsc#1144333). - smb3: Add posix create context for smb3.11 posix mounts (bsc#1144333). - smb3: Add protocol structs for change notify support (bsc#1144333). - smb3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510, bsc#1144333). - smb3: Add tracepoints for read, write and query_dir enter (bsc#1144333). - smb3: Allow SMB3 FSCTL queries to be sent to server from tools (bsc#1144333). - smb3: Allow persistent handle timeout to be configurable on mount (bsc#1144333). - smb3: Allow query of symlinks stored as reparse points (bsc#1144333). - smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510, bsc#1144333). - smb3: Backup intent flag missing from compounded ops (bsc#1144333). - smb3: Clean up query symlink when reparse point (bsc#1144333). - smb3: Cleanup license mess (bsc#1144333). - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bsc#1085536, bsc#1144333). - smb3: Do not send SMB3 SET_INFO if nothing changed (bsc#1051510, bsc#1144333). - smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510, bsc#1144333). - smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510, bsc#1144333). - smb3: Fix deadlock in validate negotiate hits reconnect (bsc#1144333). - smb3: Fix endian warning (bsc#1144333, bsc#1137884). - smb3: Fix enumerating snapshots to Azure (bsc#1144333). - smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510, bsc#1144333). - smb3: Fix mode on mkdir on smb311 mounts (bsc#1144333). - smb3: Fix potential memory leak when processing compound chain (bsc#1144333). - smb3: Fix rmdir compounding regression to strict servers (bsc#1144333). - smb3: Fix root directory when server returns inode number of zero (bsc#1051510, bsc#1144333). - smb3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL (bsc#1144333). - smb3: Log at least once if tree connect fails during reconnect (bsc#1144333). - smb3: Number of requests sent should be displayed for SMB3 not just CIFS (bsc#1144333). - smb3: Send netname context during negotiate protocol (bsc#1144333). - smb3: Track total time spent on roundtrips for each SMB3 command (bsc#1144333). - smb3: Update POSIX negotiate context with POSIX ctxt GUID (bsc#1144333). - smb3: Validate negotiate request must always be signed (bsc#1064597, bsc#1144333). - smb3: Warn user if trying to sign connection that authenticated as guest (bsc#1085536, bsc#1144333). - smb3: add additional ftrace entry points for entry/exit to cifs.ko (bsc#1144333). - smb3: add credits we receive from oplock/break PDUs (bsc#1144333). - smb3: add debug for unexpected mid cancellation (bsc#1144333). - smb3: add define for id for posix create context and corresponding struct (bsc#1144333). - smb3: add dynamic trace point for query_info_enter/done (bsc#1144333). - smb3: add dynamic trace point for smb3_cmd_enter (bsc#1144333). - smb3: add dynamic tracepoint for timeout waiting for credits (bsc#1144333). - smb3: add dynamic tracepoints for simple fallocate and zero range (bsc#1144333). - smb3: add missing read completion trace point (bsc#1144333). - smb3: add module alias for smb3 to cifs.ko (bsc#1144333). - smb3: add new mount option to retrieve mode from special ACE (bsc#1144333). - smb3: add reconnect tracepoints (bsc#1144333). - smb3: add smb3.1.1 to default dialect list (bsc#1144333). - smb3: add support for posix negotiate context (bsc#1144333). - smb3: add support for statfs for smb3.1.1 posix extensions (bsc#1144333). - smb3: add trace point for tree connection (bsc#1144333). - smb3: add tracepoint for sending lease break responses to server (bsc#1144333). - smb3: add tracepoint for session expired or deleted (bsc#1144333). - smb3: add tracepoint for slow responses (bsc#1144333). - smb3: add tracepoint to catch cases where credit refund of failed op overlaps reconnect (bsc#1144333). - smb3: add tracepoints for query dir (bsc#1144333). - smb3: add tracepoints for smb2/smb3 open (bsc#1144333). - smb3: add way to control slow response threshold for logging and stats (bsc#1144333). - smb3: allow more detailed protocol info on open files for debugging (bsc#1144333). - smb3: allow posix mount option to enable new SMB311 protocol extensions (bsc#1144333). - smb3: allow previous versions to be mounted with snapshot= mount parm (bsc#1144333). - smb3: allow stats which track session and share reconnects to be reset (bsc#1051510, bsc#1144333). - smb3: check for and properly advertise directory lease support (bsc#1051510, bsc#1144333). - smb3: create smb3 equivalent alias for cifs pseudo-xattrs (bsc#1144333). - smb3: directory sync should not return an error (bsc#1051510, bsc#1144333). - smb3: display bytes_read and bytes_written in smb3 stats (bsc#1144333). - smb3: display security information in /proc/fs/cifs/DebugData more accurately (bsc#1144333). - smb3: display session id in debug data (bsc#1144333). - smb3: display stats counters for number of slow commands (bsc#1144333). - smb3: display volume serial number for shares in /proc/fs/cifs/DebugData (bsc#1144333). - smb3: do not allow insecure cifs mounts when using smb3 (bsc#1144333). - smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510, bsc#1144333). - smb3: do not display confusing message on mount to Azure servers (bsc#1144333). - smb3: do not display empty interface list (bsc#1144333). - smb3: do not request leases in symlink creation and query (bsc#1051510, bsc#1144333). - smb3: do not send compression info by default (bsc#1144333). - smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510, bsc#1144333). - smb3: fill in statfs fsid and correct namelen (bsc#1112905, bsc#1144333). - smb3: fix bytes_read statistics (bsc#1144333). - smb3: fix corrupt path in subdirs on smb311 with posix (bsc#1144333). - smb3: fix large reads on encrypted connections (bsc#1144333). - smb3: fix lease break problem introduced by compounding (bsc#1144333). - smb3: fix minor debug output for CONFIG_CIFS_STATS (bsc#1144333). - smb3: fix redundant opens on root (bsc#1144333). - smb3: fix reset of bytes read and written stats (bsc#1112906, bsc#1144333). - smb3: fix various xid leaks (bsc#1051510, bsc#1144333). - smb3: for kerberos mounts display the credential uid used (bsc#1144333). - smb3: handle new statx fields (bsc#1085536, bsc#1144333). - smb3: if max_credits is specified then display it in /proc/mounts (bsc#1144333). - smb3: if server does not support posix do not allow posix mount option (bsc#1144333). - smb3: improve dynamic tracing of open and posix mkdir (bsc#1144333). - smb3: increase initial number of credits requested to allow write (bsc#1144333). - smb3: make default i/o size for smb3 mounts larger (bsc#1144333). - smb3: minor cleanup of compound_send_recv (bsc#1144333). - smb3: minor debugging clarifications in rfc1001 len processing (bsc#1144333). - smb3: minor missing defines relating to reparse points (bsc#1144333). - smb3: missing defines and structs for reparse point handling (bsc#1144333). - smb3: note that smb3.11 posix extensions mount option is experimental (bsc#1144333). - smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510, bsc#1144333). - smb3: on reconnect set PreviousSessionId field (bsc#1112899, bsc#1144333). - smb3: optimize open to not send query file internal info (bsc#1144333). - smb3: passthru query info does not check for SMB3 FSCTL passthru (bsc#1144333). - smb3: print tree id in debugdata in proc to be able to help logging (bsc#1144333). - smb3: query inode number on open via create context (bsc#1144333). - smb3: remove noisy warning message on mount (bsc#1129664, bsc#1144333). - smb3: remove per-session operations from per-tree connection stats (bsc#1144333). - smb3: rename encryption_required to smb3_encryption_required (bsc#1144333). - smb3: request more credits on normal (non-large read/write) ops (bsc#1144333). - smb3: request more credits on tree connect (bsc#1144333). - smb3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write (bsc#1144333). - smb3: send CAP_DFS capability during session setup (bsc#1144333). - smb3: send backup intent on compounded query info (bsc#1144333). - smb3: show number of current open files in /proc/fs/cifs/Stats (bsc#1144333). - smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510, bsc#1144333). - smb3: smbdirect no longer experimental (bsc#1144333). - smb3: snapshot mounts are read-only and make sure info is displayable about the mount (bsc#1144333). - smb3: track the instance of each session for debugging (bsc#1144333). - smb3: trivial cleanup to smb2ops.c (bsc#1144333). - smb3: update comment to clarify enumerating snapshots (bsc#1144333). - smb3: update default requested iosize to 4MB from 1MB for recent dialects (bsc#1144333). - smb: Validate negotiate (to protect against downgrade) even if signing off (bsc#1085536, bsc#1144333). - smb: fix leak of validate negotiate info response buffer (bsc#1064597, bsc#1144333). - smb: fix validate negotiate info uninitialised memory use (bsc#1064597, bsc#1144333). - smbd: Make upper layer decide when to destroy the transport (bsc#1144333). - smpboot: Place the __percpu annotation correctly (git fixes). - soc: rockchip: power-domain: Add a sanity check on pd->num_clks (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: Use of_clk_get_parent_count() instead of open coding (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: use clk_bulk APIs (bsc#1144718,bsc#1144813). - sound: fix a memory leak bug (bsc#1051510). - spi: bcm2835aux: fix corruptions for longer spi transfers (bsc#1051510). - spi: bcm2835aux: remove dangerous uncontrolled read of fifo (bsc#1051510). - spi: bcm2835aux: unifying code between polling and interrupt driven code (bsc#1051510). - st21nfca_connectivity_event_received: null check the allocation (bsc#1051510). - st_nci_hci_connectivity_event_received: null check the allocation (bsc#1051510). - staging: comedi: dt3000: Fix rounding up of timer divisor (bsc#1051510). - staging: comedi: dt3000: Fix signed integer overflow 'divider * base' (bsc#1051510). - supported.conf: Add missing modules (bsc#1066369). - supported.conf: Add missing modules (bsc#1066369). - supported.conf: Add raspberrypi-cpufreq (jsc#SLE-7294). - supported.conf: Remove duplicate drivers/ata/libahci_platform - supported.conf: Sort alphabetically, align comments. - supported.conf: Sort alphabetically, align comments. - tcp: Reset bytes_acked and bytes_received when disconnecting (networking-stable-19_07_25). - test_firmware: fix a memory leak bug (bsc#1051510). - tipc: change to use register_pernet_device (networking-stable-19_07_02). - tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete (bsc#1082555). - tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations (bsc#1082555). - tpm: Fix off-by-one when reading binary_bios_measurements (bsc#1082555). - tpm: Unify the send callback behaviour (bsc#1082555). - tpm: vtpm_proxy: Suppress error logging when in closed state (bsc#1082555). - tracing: Fix header include guards in trace event headers (bsc#1144474). - treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 231 (bsc#1144333). - tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop (bsc#1051510). - tty/serial: digicolor: Fix digicolor-usart already registered warning (bsc#1051510). - tty: max310x: Fix invalid baudrate divisors calculator (bsc#1051510). - tty: serial: msm_serial: avoid system lockup condition (bsc#1051510). - tua6100: Avoid build warnings (bsc#1051510). - tun: wake up waitqueues after IFF_UP is set (networking-stable-19_07_02). - udf: Fix incorrect final NOT_ALLOCATED (hole) extent length (bsc#1148617). - update internal version number for cifs.ko (bsc#1144333). - usb-storage: Add new JMS567 revision to unusual_devs (bsc#1051510). - usb: CDC: fix sanity checks in CDC union parser (bsc#1142635). - usb: Handle USB3 remote wakeup for LPM enabled devices correctly (bsc#1051510). - usb: cdc-acm: make sure a refcount is taken early enough (bsc#1142635). - usb: cdc-wdm: fix race between write and disconnect due to flag abuse (bsc#1051510). - usb: chipidea: udc: do not do hardware access if gadget has stopped (bsc#1051510). - usb: core: Fix races in character device registration and deregistraion (bsc#1051510). - usb: core: hub: Disable hub-initiated U1/U2 (bsc#1051510). - usb: gadget: composite: Clear 'suspended' on reset/disconnect (bsc#1051510). - usb: gadget: udc: renesas_usb3: Fix sysfs interface of 'role' (bsc#1142635). - usb: host: fotg2: restart hcd after port reset (bsc#1051510). - usb: host: ohci: fix a race condition between shutdown and irq (bsc#1051510). - usb: host: xhci-rcar: Fix timeout in xhci_suspend() (bsc#1051510). - usb: host: xhci: rcar: Fix typo in compatible string matching (bsc#1051510). - usb: iowarrior: fix deadlock on disconnect (bsc#1051510). - usb: serial: option: Add Motorola modem UARTs (bsc#1051510). - usb: serial: option: Add support for ZTE MF871A (bsc#1051510). - usb: serial: option: add D-Link DWM-222 device ID (bsc#1051510). - usb: serial: option: add the BroadMobi BM818 card (bsc#1051510). - usb: storage: ums-realtek: Update module parameter description for auto_delink_en (bsc#1051510). - usb: storage: ums-realtek: Whitelist auto-delink support (bsc#1051510). - usb: usbfs: fix double-free of usb memory upon submiturb error (bsc#1051510). - usb: wusbcore: fix unbalanced get/put cluster_id (bsc#1051510). - usb: yurex: Fix use-after-free in yurex_delete (bsc#1051510). - vfs: fix page locking deadlocks when deduping files (bsc#1148619). - vmci: Release resource if the work is already queued (bsc#1051510). - vrf: make sure skb->data contains ip header to make routing (networking-stable-19_07_25). - watchdog: bcm2835_wdt: Fix module autoload (bsc#1051510). - watchdog: core: fix null pointer dereference when releasing cdev (bsc#1051510). - watchdog: f71808e_wdt: fix F81866 bit operation (bsc#1051510). - watchdog: fix compile time error of pretimeout governors (bsc#1051510). - wimax/i2400m: fix a memory leak bug (bsc#1051510). - x86/boot: Fix memory leak in default_get_smp_config() (bsc#1114279). - x86/entry/64/compat: Fix stack switching for XEN PV (bsc#1108382). - x86/microcode: Fix the microcode load on CPU hotplug for real (bsc#1114279). - x86/mm: Check for pfn instead of page in vmalloc_sync_one() (bsc#1118689). - x86/mm: Sync also unmappings in vmalloc_sync_all() (bsc#1118689). - x86/speculation/mds: Apply more accurate check on hypervisor platform (bsc#1114279). - x86/speculation: Allow guests to use SSBD even if host does not (bsc#1114279). - x86/unwind: Add hardcoded ORC entry for NULL (bsc#1114279). - x86/unwind: Handle NULL pointer calls better in frame unwinder (bsc#1114279). - xen/swiotlb: fix condition for calling xen_destroy_contiguous_region() (bsc#1065600). - xfrm: Fix NULL pointer dereference in xfrm_input when skb_dst_force clears the dst_entry (bsc#1143300). - xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry (bsc#1143300). - xfrm: Fix bucket count reported to userspace (bsc#1143300). - xfrm: Fix error return code in xfrm_output_one() (bsc#1143300). - xfs: do not crash on null attr fork xfs_bmapi_read (bsc#1148035). - xfs: do not trip over uninitialized buffer on extent read of corrupted inode (bsc#1149053). - xfs: dump transaction usage details on log reservation overrun (bsc#1145235). - xfs: eliminate duplicate icreate tx reservation functions (bsc#1145235). - xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT (bsc#1148032). - xfs: fix semicolon.cocci warnings (bsc#1145235). - xfs: fix up agi unlinked list reservations (bsc#1145235). - xfs: include an allocfree res for inobt modifications (bsc#1145235). - xfs: include inobt buffers in ifree tx log reservation (bsc#1145235). - xfs: print transaction log reservation on overrun (bsc#1145235). - xfs: refactor inode chunk alloc/free tx reservation (bsc#1145235). - xfs: refactor xlog_cil_insert_items() to facilitate transaction dump (bsc#1145235). - xfs: remove more ondisk directory corruption asserts (bsc#1148034). - xfs: separate shutdown from ticket reservation print helper (bsc#1145235). - xfs: truncate transaction does not modify the inobt (bsc#1145235). Important SUSE bug 1047238 SUSE bug 1050911 SUSE bug 1051510 SUSE bug 1054914 SUSE bug 1055117 SUSE bug 1056686 SUSE bug 1060662 SUSE bug 1061840 SUSE bug 1061843 SUSE bug 1064597 SUSE bug 1064701 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1066369 SUSE bug 1071009 SUSE bug 1071306 SUSE bug 1078248 SUSE bug 1082555 SUSE bug 1085030 SUSE bug 1085536 SUSE bug 1085539 SUSE bug 1086103 SUSE bug 1087092 SUSE bug 1090734 SUSE bug 1091171 SUSE bug 1093205 SUSE bug 1102097 SUSE bug 1104902 SUSE bug 1106061 SUSE bug 1106284 SUSE bug 1106434 SUSE bug 1108382 SUSE bug 1112178 SUSE bug 1112894 SUSE bug 1112899 SUSE bug 1112902 SUSE bug 1112903 SUSE bug 1112905 SUSE bug 1112906 SUSE bug 1112907 SUSE bug 1113722 SUSE bug 1114279 SUSE bug 1114542 SUSE bug 1118689 SUSE bug 1119086 SUSE bug 1120876 SUSE bug 1120902 SUSE bug 1120937 SUSE bug 1123105 SUSE bug 1123959 SUSE bug 1124370 SUSE bug 1129424 SUSE bug 1129519 SUSE bug 1129664 SUSE bug 1131107 SUSE bug 1131281 SUSE bug 1131565 SUSE bug 1133021 SUSE bug 1134291 SUSE bug 1134881 SUSE bug 1134882 SUSE bug 1135219 SUSE bug 1135642 SUSE bug 1135897 SUSE bug 1136261 SUSE bug 1137069 SUSE bug 1137884 SUSE bug 1138539 SUSE bug 1139020 SUSE bug 1139021 SUSE bug 1139101 SUSE bug 1139500 SUSE bug 1140012 SUSE bug 1140426 SUSE bug 1140487 SUSE bug 1141013 SUSE bug 1141450 SUSE bug 1141543 SUSE bug 1141554 SUSE bug 1142019 SUSE bug 1142076 SUSE bug 1142109 SUSE bug 1142117 SUSE bug 1142118 SUSE bug 1142119 SUSE bug 1142496 SUSE bug 1142541 SUSE bug 1142635 SUSE bug 1142685 SUSE bug 1142701 SUSE bug 1142857 SUSE bug 1143300 SUSE bug 1143466 SUSE bug 1143765 SUSE bug 1143841 SUSE bug 1143843 SUSE bug 1144123 SUSE bug 1144333 SUSE bug 1144474 SUSE bug 1144518 SUSE bug 1144718 SUSE bug 1144813 SUSE bug 1144880 SUSE bug 1144886 SUSE bug 1144912 SUSE bug 1144920 SUSE bug 1144979 SUSE bug 1145010 SUSE bug 1145024 SUSE bug 1145051 SUSE bug 1145059 SUSE bug 1145189 SUSE bug 1145235 SUSE bug 1145300 SUSE bug 1145302 SUSE bug 1145388 SUSE bug 1145389 SUSE bug 1145390 SUSE bug 1145391 SUSE bug 1145392 SUSE bug 1145393 SUSE bug 1145394 SUSE bug 1145395 SUSE bug 1145396 SUSE bug 1145397 SUSE bug 1145408 SUSE bug 1145409 SUSE bug 1145661 SUSE bug 1145678 SUSE bug 1145687 SUSE bug 1145920 SUSE bug 1145922 SUSE bug 1145934 SUSE bug 1145937 SUSE bug 1145940 SUSE bug 1145941 SUSE bug 1145942 SUSE bug 1146074 SUSE bug 1146084 SUSE bug 1146163 SUSE bug 1146285 SUSE bug 1146346 SUSE bug 1146351 SUSE bug 1146352 SUSE bug 1146361 SUSE bug 1146368 SUSE bug 1146376 SUSE bug 1146378 SUSE bug 1146381 SUSE bug 1146391 SUSE bug 1146399 SUSE bug 1146413 SUSE bug 1146425 SUSE bug 1146516 SUSE bug 1146519 SUSE bug 1146524 SUSE bug 1146526 SUSE bug 1146529 SUSE bug 1146531 SUSE bug 1146543 SUSE bug 1146547 SUSE bug 1146550 SUSE bug 1146575 SUSE bug 1146589 SUSE bug 1146678 SUSE bug 1146938 SUSE bug 1148031 SUSE bug 1148032 SUSE bug 1148033 SUSE bug 1148034 SUSE bug 1148035 SUSE bug 1148093 SUSE bug 1148133 SUSE bug 1148192 SUSE bug 1148196 SUSE bug 1148198 SUSE bug 1148202 SUSE bug 1148303 SUSE bug 1148363 SUSE bug 1148379 SUSE bug 1148394 SUSE bug 1148527 SUSE bug 1148574 SUSE bug 1148616 SUSE bug 1148617 SUSE bug 1148619 SUSE bug 1148698 SUSE bug 1148859 SUSE bug 1148868 SUSE bug 1149053 SUSE bug 1149083 SUSE bug 1149104 SUSE bug 1149105 SUSE bug 1149106 SUSE bug 1149197 SUSE bug 1149214 SUSE bug 1149224 SUSE bug 1149325 SUSE bug 1149376 SUSE bug 1149413 SUSE bug 1149418 SUSE bug 1149424 SUSE bug 1149522 SUSE bug 1149527 SUSE bug 1149539 SUSE bug 1149552 SUSE bug 1149591 SUSE bug 1149602 SUSE bug 1149612 SUSE bug 1149626 SUSE bug 1149652 SUSE bug 1149713 SUSE bug 1149940 SUSE bug 1149959 SUSE bug 1149963 SUSE bug 1149976 SUSE bug 1150025 SUSE bug 1150033 SUSE bug 1150112 SUSE bug 1150562 SUSE bug 1150727 SUSE bug 1150860 SUSE bug 1150861 SUSE bug 1150933 CVE-2017-18551 CVE-2018-20976 CVE-2018-21008 CVE-2019-10207 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14835 CVE-2019-15030 CVE-2019-15031 CVE-2019-15090 CVE-2019-15098 CVE-2019-15099 CVE-2019-15117 CVE-2019-15118 CVE-2019-15211 CVE-2019-15212 CVE-2019-15214 CVE-2019-15215 CVE-2019-15216 CVE-2019-15217 CVE-2019-15218 CVE-2019-15219 CVE-2019-15220 CVE-2019-15221 CVE-2019-15222 CVE-2019-15239 CVE-2019-15290 CVE-2019-15292 CVE-2019-15538 CVE-2019-15666 CVE-2019-15902 CVE-2019-15917 CVE-2019-15919 CVE-2019-15920 CVE-2019-15921 CVE-2019-15924 CVE-2019-15926 CVE-2019-15927 CVE-2019-9456 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191) - CVE-2018-20406: Fixed a integer overflow via a large LONG_BINPUT (bsc#1120644) Important SUSE bug 1120644 SUSE bug 1122191 CVE-2018-20406 CVE-2019-5010 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for MozillaFirefox to ESR 60.9 fixes the following issues: Security issues fixed: - CVE-2019-11742: Fixed a same-origin policy violation involving SVG filters and canvas to steal cross-origin images. (bsc#1149303) - CVE-2019-11746: Fixed a use-after-free while manipulating video. (bsc#1149297) - CVE-2019-11744: Fixed an XSS caused by breaking out of title and textarea elements using innerHTML. (bsc#1149304) - CVE-2019-11753: Fixed a privilege escalation with Mozilla Maintenance Service in custom Firefox installation location. (bsc#1149295) - CVE-2019-11752: Fixed a use-after-free while extracting a key value in IndexedDB. (bsc#1149296) - CVE-2019-11743: Fixed a timing side-channel attack on cross-origin information, utilizing unload event attributes. (bsc#1149298) - CVE-2019-11740: Fixed several memory safety bugs. (bsc#1149299) Important SUSE bug 1149294 SUSE bug 1149295 SUSE bug 1149296 SUSE bug 1149297 SUSE bug 1149298 SUSE bug 1149299 SUSE bug 1149303 SUSE bug 1149304 SUSE bug 1149324 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752 CVE-2019-11753 CVE-2019-9812 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for expat fixes the following issues: Security issue fixed: - CVE-2019-15903: Fixed a heap-based buffer over-read caused by crafted XML documents. (bsc#1149429) Moderate SUSE bug 1149429 CVE-2019-15903 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for djvulibre fixes the following issues: Security issues fixed: - CVE-2019-15142: Fixed heap-based buffer over-read (bsc#1146702). - CVE-2019-15143: Fixed resource exhaustion caused by corrupted image files (bsc#1146569). - CVE-2019-15144: Fixed denial-of-service caused by crafted PBM image files (bsc#1146571). - CVE-2019-15145: Fixed out-of-bounds read caused by corrupted JB2 image files (bsc#1146572). - Fixed segfault when libtiff encounters corrupted TIFF (upstream issue #295). Moderate SUSE bug 1146569 SUSE bug 1146571 SUSE bug 1146572 SUSE bug 1146702 CVE-2019-15142 CVE-2019-15143 CVE-2019-15144 CVE-2019-15145 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for dovecot22 fixes the following issues: - CVE-2019-11500: Fixed a potential remote code execution in the IMAP and ManageSieve protocol parsers (bsc#1145559). Important SUSE bug 1145559 CVE-2019-11500 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for ghostscript to 9.27 fixes the following issues: Security issues fixed: - CVE-2019-3835: Fixed an unauthorized file system access caused by an available superexec operator. (bsc#1129180) - CVE-2019-3839: Fixed an unauthorized file system access caused by available privileged operators. (bsc#1134156) - CVE-2019-12973: Fixed a denial-of-service vulnerability in the OpenJPEG function opj_t1_encode_cblks. (bsc#1140359) - CVE-2019-14811: Fixed a safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator. (bsc#1146882) - CVE-2019-14812: Fixed a safer mode bypass by .forceput exposure in setuserparams. (bsc#1146882) - CVE-2019-14813: Fixed a safer mode bypass by .forceput exposure in setsystemparams. (bsc#1146882) - CVE-2019-14817: Fixed a safer mode bypass by .forceput exposure in .pdfexectoken and other procedures. (bsc#1146884) Important SUSE bug 1129180 SUSE bug 1131863 SUSE bug 1134156 SUSE bug 1140359 SUSE bug 1146882 SUSE bug 1146884 CVE-2019-12973 CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 CVE-2019-14817 CVE-2019-3835 CVE-2019-3839 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for bind fixes the following issues: Security issues fixed: - CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069). - CVE-2019-6471: Fixed a reachable assert in dispatch.c. (bsc#1138687) - CVE-2018-5745: Fixed a denial of service vulnerability if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (bsc#1126068). - CVE-2018-5743: Fixed a denial of service vulnerability which could be caused by to many simultaneous TCP connections (bsc#1133185). - CVE-2018-5740: Fixed a denial of service vulnerability in the 'deny-answer-aliases' feature (bsc#1104129). Non-security issues fixed: - Don't rely on /etc/insserv.conf anymore for proper dependencies against nss-lookup.target in named.service and lwresd.service (bsc#1118367, bsc#1118368). - Fix FIPS related regression (bsc#1128220). Important SUSE bug 1104129 SUSE bug 1118367 SUSE bug 1118368 SUSE bug 1126068 SUSE bug 1126069 SUSE bug 1128220 SUSE bug 1133185 SUSE bug 1138687 CVE-2018-5740 CVE-2018-5743 CVE-2018-5745 CVE-2019-6465 CVE-2019-6471 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for openssl-1_0_0 fixes the following issues: OpenSSL Security Advisory [10 September 2019] * CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003) * CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250) In addition fixed invalid curve attacks by validating that an EC point lies on the curve (bsc#1131291). Moderate SUSE bug 1131291 SUSE bug 1150003 SUSE bug 1150250 CVE-2019-1547 CVE-2019-1563 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-13627: Mitigated ECDSA timing attack. (bsc#1148987) Moderate SUSE bug 1148987 CVE-2019-13627 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for jasper fixes the following issues: Security issues fixed: - CVE-2018-19540: Fixed a heap based overflow in jas_icctxtdesc_input (bsc#1117508). - CVE-2018-19541: Fix heap based overread in jas_image_depalettize (bsc#1117507). - CVE-2018-19542: Fixed a denial of service in jp2_decode (bsc#1117505). - CVE-2018-19539: Fixed a denial of service in jas_image_readcmpt (bsc#1117511). - CVE-2016-9396: Fixed a denial of service in jpc_cox_getcompparms (bsc#1010783). Moderate SUSE bug 1010783 SUSE bug 1117505 SUSE bug 1117507 SUSE bug 1117508 SUSE bug 1117511 CVE-2016-9396 CVE-2018-19539 CVE-2018-19540 CVE-2018-19541 CVE-2018-19542 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2019-16168: Fixed improper validation of sqlite_stat1 field that could lead to denial of service (bsc#1150137). Moderate SUSE bug 1150137 CVE-2019-16168 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for MozillaFirefox fixes the following issues: Updated to new ESR version 68.1 (bsc#1149323). In addition to the already fixed vulnerabilities released in previous ESR updates, the following were also fixed: CVE-2019-11751, CVE-2019-11736, CVE-2019-9812, CVE-2019-11748, CVE-2019-11749, CVE-2019-11750, CVE-2019-11738, CVE-2019-11747, CVE-2019-11735. Several run-time issues were also resolved (bsc#1117473, bsc#1124525, bsc#1133810). The version displayed in Help > About is now correct (bsc#1087200). Important SUSE bug 1087200 SUSE bug 1109465 SUSE bug 1117473 SUSE bug 1123482 SUSE bug 1124525 SUSE bug 1133810 SUSE bug 1140868 SUSE bug 1145665 SUSE bug 1149323 CVE-2019-11709 CVE-2019-11710 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11714 CVE-2019-11715 CVE-2019-11716 CVE-2019-11717 CVE-2019-11718 CVE-2019-11719 CVE-2019-11720 CVE-2019-11721 CVE-2019-11723 CVE-2019-11724 CVE-2019-11725 CVE-2019-11727 CVE-2019-11728 CVE-2019-11729 CVE-2019-11730 CVE-2019-11733 CVE-2019-11735 CVE-2019-11736 CVE-2019-11738 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11747 CVE-2019-11748 CVE-2019-11749 CVE-2019-11750 CVE-2019-11751 CVE-2019-11752 CVE-2019-11753 CVE-2019-9811 CVE-2019-9812 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for binutils fixes the following issues: binutils was updated to current 2.32 branch @7b468db3 [jsc#ECO-368]: Includes the following security fixes: - CVE-2018-17358: Fixed invalid memory access in _bfd_stab_section_find_nearest_line in syms.c (bsc#1109412) - CVE-2018-17359: Fixed invalid memory access exists in bfd_zalloc in opncls.c (bsc#1109413) - CVE-2018-17360: Fixed heap-based buffer over-read in bfd_getl32 in libbfd.c (bsc#1109414) - CVE-2018-17985: Fixed a stack consumption problem caused by the cplus_demangle_type (bsc#1116827) - CVE-2018-18309: Fixed an invalid memory address dereference was discovered in read_reloc in reloc.c (bsc#1111996) - CVE-2018-18483: Fixed get_count function provided by libiberty that allowed attackers to cause a denial of service or other unspecified impact (bsc#1112535) - CVE-2018-18484: Fixed stack exhaustion in the C++ demangling functions provided by libiberty, caused by recursive stack frames (bsc#1112534) - CVE-2018-18605: Fixed a heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup causing a denial of service (bsc#1113255) - CVE-2018-18606: Fixed a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments, causing denial of service (bsc#1113252) - CVE-2018-18607: Fixed a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section, causing denial of service (bsc#1113247) - CVE-2018-19931: Fixed a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h (bsc#1118831) - CVE-2018-19932: Fixed an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA (bsc#1118830) - CVE-2018-20623: Fixed a use-after-free in the error function in elfcomm.c (bsc#1121035) - CVE-2018-20651: Fixed a denial of service via a NULL pointer dereference in elf_link_add_object_symbols in elflink.c (bsc#1121034) - CVE-2018-20671: Fixed an integer overflow that can trigger a heap-based buffer overflow in load_specific_debug_section in objdump.c (bsc#1121056) - CVE-2018-1000876: Fixed integer overflow in bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc in objdump (bsc#1120640) - CVE-2019-1010180: Fixed an out of bound memory access that could lead to crashes (bsc#1142772) - Enable xtensa architecture (Tensilica lc6 and related) - Use -ffat-lto-objects in order to provide assembly for static libs (bsc#1141913). - Fixed some LTO problems (bsc#1133131 bsc#1133232). - riscv: Don't check ABI flags if no code section Update to binutils 2.32: * The binutils now support for the C-SKY processor series. * The x86 assembler now supports a -mvexwig=[0|1] option to control encoding of VEX.W-ignored (WIG) VEX instructions. It also has a new -mx86-used-note=[yes|no] option to generate (or not) x86 GNU property notes. * The MIPS assembler now supports the Loongson EXTensions R2 (EXT2), the Loongson EXTensions (EXT) instructions, the Loongson Content Address Memory (CAM) ASE and the Loongson MultiMedia extensions Instructions (MMI) ASE. * The addr2line, c++filt, nm and objdump tools now have a default limit on the maximum amount of recursion that is allowed whilst demangling strings. This limit can be disabled if necessary. * Objdump's --disassemble option can now take a parameter, specifying the starting symbol for disassembly. Disassembly will continue from this symbol up to the next symbol or the end of the function. * The BFD linker will now report property change in linker map file when merging GNU properties. * The BFD linker's -t option now doesn't report members within archives, unless -t is given twice. This makes it more useful when generating a list of files that should be packaged for a linker bug report. * The GOLD linker has improved warning messages for relocations that refer to discarded sections. - Improve relro support on s390 [fate#326356] - Handle ELF compressed header alignment correctly. Moderate SUSE bug 1109412 SUSE bug 1109413 SUSE bug 1109414 SUSE bug 1111996 SUSE bug 1112534 SUSE bug 1112535 SUSE bug 1113247 SUSE bug 1113252 SUSE bug 1113255 SUSE bug 1116827 SUSE bug 1118830 SUSE bug 1118831 SUSE bug 1120640 SUSE bug 1121034 SUSE bug 1121035 SUSE bug 1121056 SUSE bug 1133131 SUSE bug 1133232 SUSE bug 1141913 SUSE bug 1142772 CVE-2018-1000876 CVE-2018-17358 CVE-2018-17359 CVE-2018-17360 CVE-2018-17985 CVE-2018-18309 CVE-2018-18483 CVE-2018-18484 CVE-2018-18605 CVE-2018-18606 CVE-2018-18607 CVE-2018-19931 CVE-2018-19932 CVE-2018-20623 CVE-2018-20651 CVE-2018-20671 CVE-2019-1010180 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for sudo fixes the following issues: Security issue fixed: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers (bsc#1153674). Important SUSE bug 1153674 CVE-2019-14287 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libpcap fixes the following issues: - CVE-2019-15165: Added sanity checks for PHB header length before allocating memory (bsc#1153332). - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332). Important SUSE bug 1153332 CVE-2018-16301 CVE-2019-15165 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for mariadb-100 fixes the following issues: Updated to MariaDB 10.0.40-1. Security issues fixed: - CVE-2019-2805, CVE-2019-2740, CVE-2019-2739, CVE-2019-2737, CVE-2019-2614, CVE-2019-2627. (bsc#1132826) (bsc#1141798). Moderate SUSE bug 1132826 SUSE bug 1141798 CVE-2019-2614 CVE-2019-2627 CVE-2019-2737 CVE-2019-2739 CVE-2019-2740 CVE-2019-2805 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for dhcp fixes the following issues: Secuirty issue fixed: - CVE-2019-6470: Fixed DHCPv6 server crashes (bsc#1134078). Bug fixes: - Add compile option --enable-secs-byteorder to avoid duplicate lease warnings (bsc#1089524). - Use IPv6 when called as dhclient6, dhcpd6, and dhcrelay6 (bsc#1136572). Moderate SUSE bug 1089524 SUSE bug 1134078 SUSE bug 1136572 CVE-2019-6470 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libcaca fixes the following issues: Security issues fixed: - CVE-2018-20544: Fixed a floating point exception at caca/dither.c (bsc#1120502) - CVE-2018-20545: Fixed a WRITE memory access in the load_image function at common-image.c for 4bpp (bsc#1120584) - CVE-2018-20546: Fixed a READ memory access in the get_rgba_default function at caca/dither.c for bpp (bsc#1120503) - CVE-2018-20547: Fixed a READ memory access in the get_rgba_default function at caca/dither.c for 24bpp (bsc#1120504) - CVE-2018-20548: Fixed a WRITE memory access in the load_image function at common-image.c for 1bpp (bsc#1120589) - CVE-2018-20549: Fixed a WRITE memory access in the caca_file_read function at caca/file.c (bsc#1120470) Moderate SUSE bug 1120470 SUSE bug 1120502 SUSE bug 1120503 SUSE bug 1120504 SUSE bug 1120584 SUSE bug 1120589 CVE-2018-20544 CVE-2018-20545 CVE-2018-20546 CVE-2018-20547 CVE-2018-20548 CVE-2018-20549 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for python fixes the following issues: Security issue fixed: - CVE-2019-16056: Fixed a parser issue in the email module (bsc#1149955). - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238). Moderate SUSE bug 1149955 SUSE bug 1153238 CVE-2019-16056 CVE-2019-16935 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for xen to version 4.11.2 fixes the following issues: Security issues fixed: - CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator which could have led to Denial of Service (bsc#1149813). - CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of service (bsc#1146874). - CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU emulator which could have led to execution of arbitrary code with privileges of the QEMU process (bsc#1143797). Other issues fixed: - Fixed an HPS bug which did not allow to install Windows Server 2016 with 2 CPUs setting or above (bsc#1137717). - Fixed a segmentation fault in Libvrtd during live migration to a VM (bsc#1145774). - Fixed an issue where libxenlight could not create new domain (bsc#1131811). - Fixed an issue where attached pci devices were lost after reboot (bsc#1129642). - Fixed an issue where Xen could not pre-allocate 1 shadow page (bsc#1145240). Important SUSE bug 1027519 SUSE bug 1111331 SUSE bug 1126140 SUSE bug 1126141 SUSE bug 1126192 SUSE bug 1126195 SUSE bug 1126196 SUSE bug 1126197 SUSE bug 1126198 SUSE bug 1126201 SUSE bug 1127400 SUSE bug 1129642 SUSE bug 1131811 SUSE bug 1137717 SUSE bug 1138294 SUSE bug 1143797 SUSE bug 1145240 SUSE bug 1145774 SUSE bug 1146874 SUSE bug 1149813 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 CVE-2019-12068 CVE-2019-14378 CVE-2019-15890 CVE-2019-17340 CVE-2019-17341 CVE-2019-17342 CVE-2019-17343 CVE-2019-17344 CVE-2019-17345 CVE-2019-17346 CVE-2019-17347 CVE-2019-17348 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for accountsservice fixes the following issues: Security issue fixed: - CVE-2018-14036: Prevent directory traversal caused by an insufficient path check in user_change_icon_file_authorized_cb() (bsc#1099699). Non-security issue fixed: - Improved wtmp io performance (bsc#1139487). Moderate SUSE bug 1099699 SUSE bug 1139487 CVE-2018-14036 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-15139: Fixed a denial-of-service vulnerability in ReadXWDImage. (bsc#1146213) - CVE-2019-15140: Fixed a use-after-free bug in the Matlab image parser. (bsc#1146212) - CVE-2019-15141: Fixed a divide-by-zero vulnerability in the MeanShiftImage function. (bsc#1146211) - CVE-2019-14980: Fixed an application crash resulting from a heap-based buffer over-read in WriteTIFFImage. (bsc#1146068) - CVE-2019-16708: Fixed a memory leak in magick/xwindow.c (bsc#1151781). - CVE-2019-16709: Fixed a memory leak in coders/dps.c (bsc#1151782). - CVE-2019-16710: Fixed a memory leak in coders/dot.c (bsc#1151783). - CVE-2019-16711: Fixed a memory leak in Huffman2DEncodeImage in coders/ps2.c (bsc#1151784). - CVE-2019-16712: Fixed a memory leak in Huffman2DEncodeImage in coders/ps3.c (bsc#1151785). - CVE-2019-16713: Fixed a memory leak in coders/dot.c (bsc#1151786). Moderate SUSE bug 1146068 SUSE bug 1146211 SUSE bug 1146212 SUSE bug 1146213 SUSE bug 1151781 SUSE bug 1151782 SUSE bug 1151783 SUSE bug 1151784 SUSE bug 1151785 SUSE bug 1151786 CVE-2019-14980 CVE-2019-15139 CVE-2019-15140 CVE-2019-15141 CVE-2019-16708 CVE-2019-16709 CVE-2019-16710 CVE-2019-16711 CVE-2019-16712 CVE-2019-16713 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for python3 fixes the following issues: - CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955) - CVE-2018-20852: Fixed an incorrect domain validation that could lead to cookies being sent to the wrong server. (bsc#1141853) Moderate SUSE bug 1141853 SUSE bug 1149955 CVE-2018-20852 CVE-2019-16056 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for php7 fixes the following issues: Security issue fixed: - CVE-2019-11043: Fixed possible remote code execution via env_path_info underflow in fpm_main.c (bsc#1154999). Important SUSE bug 1154999 CVE-2019-11043 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libunwind fixes the following issues: Security issues fixed: - CVE-2015-3239: Fixed a off-by-one in the dwarf_to_unw_regnum function (bsc#936786) Non-security issues fixed: - Fixed a dependency issue with libzmq5 (bsc#1122012) - Fixed build on armv7 (bsc#976955) Moderate SUSE bug 1122012 SUSE bug 936786 SUSE bug 976955 CVE-2015-3239 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for MozillaFirefox to 68.2.0 ESR fixes the following issues: Mozilla Firefox was updated to version 68.2.0 ESR (bsc#1154738). Security issues fixed: - CVE-2019-15903: Fixed a heap overflow in the expat library (bsc#1149429). - CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB (bsc#1154738). - CVE-2019-11758: Fixed a potentially exploitable crash due to 360 Total Security (bsc#1154738). - CVE-2019-11759: Fixed a stack buffer overflow in HKDF output (bsc#1154738). - CVE-2019-11760: Fixed a stack buffer overflow in WebRTC networking (bsc#1154738). - CVE-2019-11761: Fixed an unintended access to a privileged JSONView object (bsc#1154738). - CVE-2019-11762: Fixed a same-origin-property violation (bsc#1154738). - CVE-2019-11763: Fixed an XSS bypass (bsc#1154738). - CVE-2019-11764: Fixed several memory safety bugs (bsc#1154738). Non-security issues fixed: - Firefox 60.7 ESR changed the user interface language (bsc#1137990). - Wrong Firefox GUI Language (bsc#1120374). - Fixed an inadvertent crash report transmission without user opt-in (bsc#1074235). - Firefox hangs randomly when browsing and scrolling (bsc#1043008). - Firefox stops loading page until mouse is moved (bsc#1025108). Important SUSE bug 1010399 SUSE bug 1010405 SUSE bug 1010406 SUSE bug 1010408 SUSE bug 1010409 SUSE bug 1010421 SUSE bug 1010423 SUSE bug 1010424 SUSE bug 1010425 SUSE bug 1010426 SUSE bug 1025108 SUSE bug 1043008 SUSE bug 1047281 SUSE bug 1074235 SUSE bug 1092611 SUSE bug 1120374 SUSE bug 1137990 SUSE bug 1149429 SUSE bug 1154738 SUSE bug 959933 SUSE bug 983922 CVE-2016-2830 CVE-2016-5289 CVE-2016-5292 CVE-2016-9063 CVE-2016-9067 CVE-2016-9068 CVE-2016-9069 CVE-2016-9071 CVE-2016-9073 CVE-2016-9075 CVE-2016-9076 CVE-2016-9077 CVE-2017-7789 CVE-2018-5150 CVE-2018-5151 CVE-2018-5152 CVE-2018-5153 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5160 CVE-2018-5163 CVE-2018-5164 CVE-2018-5165 CVE-2018-5166 CVE-2018-5167 CVE-2018-5168 CVE-2018-5169 CVE-2018-5172 CVE-2018-5173 CVE-2018-5174 CVE-2018-5175 CVE-2018-5176 CVE-2018-5177 CVE-2018-5178 CVE-2018-5179 CVE-2018-5180 CVE-2018-5181 CVE-2018-5182 CVE-2018-5183 CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-15903 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-18595: A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (bnc#1149555). - CVE-2019-14821: An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350). - CVE-2019-15291: There was a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver (bnc#1146540). - CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permitted sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation. This allowed practical brute-force attacks (aka 'KNOB') that could decrypt traffic and injected arbitrary ciphertext without the victim noticing (bnc#1137865 bnc#1146042). - CVE-2019-16232: Fixed a NULL pointer dereference in drivers/net/wireless/marvell/libertas/if_sdio.c, which did not check the alloc_workqueue return value (bnc#1150465). - CVE-2019-16234: Fixed a NULL pointer dereference in drivers/net/wireless/intel/iwlwifi/pcie/trans.c, which did not check the alloc_workqueue return value (bnc#1150452). - CVE-2019-17056: Added enforcement of CAP_NET_RAW in llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module, the lack of which allowed unprivileged users to create a raw socket, aka CID-3a359798b176 (bnc#1152788). - CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158). - CVE-2019-17666: Added an upper-bound check in rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c, the lack of which could have led to a buffer overflow (bnc#1154372). The following non-security bugs were fixed: - 9p: avoid attaching writeback_fid on mmap with type PRIVATE (bsc#1051510). - ACPI / CPPC: do not require the _PSD method (bsc#1051510). - ACPI: CPPC: Set pcc_data[pcc_ss_id] to NULL in acpi_cppc_processor_exit() (bsc#1051510). - ACPI: custom_method: fix memory leaks (bsc#1051510). - ACPI / PCI: fix acpi_pci_irq_enable() memory leak (bsc#1051510). - ACPI / processor: do not print errors for processorIDs == 0xff (bsc#1051510). - ACPI / property: Fix acpi_graph_get_remote_endpoint() name in kerneldoc (bsc#1051510). - act_mirred: Fix mirred_init_module error handling (bsc#1051510). - Add kernel module compression support (bsc#1135854) For enabling the kernel module compress, add the item COMPRESS_MODULES='xz' in config.sh, then mkspec will pass it to the spec file. - alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP (bsc#1151680). - ALSA: aoa: onyx: always initialize register read value (bsc#1051510). - ALSA: firewire-tascam: check intermediate state of clock status and retry (bsc#1051510). - ALSA: firewire-tascam: handle error code when getting current source of clock (bsc#1051510). - ALSA: hda - Add laptop imic fixup for ASUS M9V laptop (bsc#1051510). - ALSA: hda: Add support of Zhaoxin controller (bsc#1051510). - ALSA: hda - Apply AMD controller workaround for Raven platform (bsc#1051510). - ALSA: hda - Define a fallback_pin_fixup_tbl for alc269 family (bsc#1051510). - ALSA: hda - Drop unsol event handler for Intel HDMI codecs (bsc#1051510). - ALSA: hda - Expand pin_match function to match upcoming new tbls (bsc#1051510). - ALSA: hda: Flush interrupts on disabling (bsc#1051510). - ALSA: hda/hdmi: remove redundant assignment to variable pcm_idx (bsc#1051510). - ALSA: hda - Inform too slow responses (bsc#1051510). - ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93 (bsc#1051510). - ALSA: hda/realtek - Check beep whitelist before assigning in all codecs (bsc#1051510). - ALSA: hda/realtek - Fix alienware headset mic (bsc#1051510). - ALSA: hda/realtek: Reduce the Headphone static noise on XPS 9350/9360 (bsc#1051510). - ALSA: hda: Set fifo_size for both playback and capture streams (bsc#1051510). - ALSA: hda - Show the fatal CORB/RIRB error more clearly (bsc#1051510). - ALSA: hda/sigmatel - remove unused variable 'stac9200_core_init' (bsc#1051510). - ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls() (bsc#1051510). - ALSA: line6: sizeof (byte) is always 1, use that fact (bsc#1051510). - ALSA: usb-audio: Add Pioneer DDJ-SX3 PCM quirck (bsc#1051510). - ALSA: usb-audio: Disable quirks for BOSS Katana amplifiers (bsc#1051510). - ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid (bsc#1051510). - appletalk: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - ASoC: Define a set of DAPM pre/post-up events (bsc#1051510). - ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set (bsc#1051510). - ASoC: es8328: Fix copy-paste error in es8328_right_line_controls (bsc#1051510). - ASoC: Intel: Baytrail: Fix implicit fallthrough warning (bsc#1051510). - ASoC: Intel: Fix use of potentially uninitialized variable (bsc#1051510). - ASoC: Intel: NHLT: Fix debug print format (bsc#1051510). - ASoC: sgtl5000: Fix charge pump source assignment (bsc#1051510). - ASoC: sun4i-i2s: RX and TX counter registers are swapped (bsc#1051510). - ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls (bsc#1051510). - ASoC: wm8988: fix typo in wm8988_right_line_controls (bsc#1051510). - ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init (bsc#1051510). - atm: iphase: Fix Spectre v1 vulnerability (networking-stable-19_08_08). - auxdisplay: panel: need to delete scan_timer when misc_register fails in panel_attach (bsc#1051510). - ax25: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA (bsc#1051510). - blk-flush: do not run queue for requests bypassing flush (bsc#1137959). - blk-flush: use blk_mq_request_bypass_insert() (bsc#1137959). - blk-mq: do not allocate driver tag upfront for flush rq (bsc#1137959). - blk-mq: Fix memory leak in blk_mq_init_allocated_queue error handling (bsc#1151610). - blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue (bsc#1137959). - blk-mq: kABI fixes for blk-mq.h (bsc#1137959). - blk-mq: move blk_mq_put_driver_tag*() into blk-mq.h (bsc#1137959). - blk-mq: punt failed direct issue to dispatch list (bsc#1137959). - blk-mq: put the driver tag of nxt rq before first one is requeued (bsc#1137959). - blk-mq-sched: decide how to handle flush rq via RQF_FLUSH_SEQ (bsc#1137959). - blk-wbt: abstract out end IO completion handler (bsc#1135873). - blk-wbt: fix has-sleeper queueing check (bsc#1135873). - blk-wbt: improve waking of tasks (bsc#1135873). - blk-wbt: move disable check into get_limit() (bsc#1135873). - blk-wbt: use wq_has_sleeper() for wq active check (bsc#1135873). - block: add io timeout to sysfs (bsc#1148410). - block: do not show io_timeout if driver has no timeout handler (bsc#1148410). - block: fix timeout changes for legacy request drivers (bsc#1149446). - block: kABI fixes for BLK_EH_DONE renaming (bsc#1142076). - block: rename BLK_EH_NOT_HANDLED to BLK_EH_DONE (bsc#1142076). - Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices (bsc#1051510). - bnx2x: Disable multi-cos feature (networking-stable-19_08_08). - bnx2x: Fix VF's VLAN reconfiguration in reload (bsc#1086323 ). - bonding: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - bridge/mdb: remove wrong use of NLM_F_MULTI (networking-stable-19_09_15). - btrfs: bail out gracefully rather than BUG_ON (bsc#1153646). - btrfs: check for the full sync flag while holding the inode lock during fsync (bsc#1153713). - btrfs: Ensure btrfs_init_dev_replace_tgtdev sees up to date values (bsc#1154651). - btrfs: Ensure replaced device does not have pending chunk allocation (bsc#1154607). - btrfs: fix use-after-free when using the tree modification log (bsc#1151891). - btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls (bsc#1152975). - btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space (bsc#1152974). - btrfs: relocation: fix use-after-free on dead relocation roots (bsc#1152972). - btrfs: remove wrong use of volume_mutex from btrfs_dev_replace_start (bsc#1154651). - can: mcp251x: mcp251x_hw_reset(): allow more time after a reset (bsc#1051510). - can: xilinx_can: xcan_probe(): skip error message on deferred probe (bsc#1051510). - cdc_ether: fix rndis support for Mediatek based smartphones (networking-stable-19_09_15). - cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize (bsc#1051510). - ceph: fix directories inode i_blkbits initialization (bsc#1153717). - ceph: reconnect connection if session hang in opening state (bsc#1153718). - ceph: update the mtime when truncating up (bsc#1153719). - ceph: use ceph_evict_inode to cleanup inode's resource (bsc#1148133). - cfg80211: add and use strongly typed element iteration macros (bsc#1051510). - cfg80211: Purge frame registrations on iftype change (bsc#1051510). - clk: at91: fix update bit maps on CFG_MOR write (bsc#1051510). - clk: at91: select parent if main oscillator or bypass is enabled (bsc#1051510). - clk: qoriq: Fix -Wunused-const-variable (bsc#1051510). - clk: sirf: Do not reference clk_init_data after registration (bsc#1051510). - clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks (bsc#1051510). - clk: sunxi-ng: v3s: add the missing PLL_DDR1 (bsc#1051510). - clk: zx296718: Do not reference clk_init_data after registration (bsc#1051510). - crypto: caam - fix concurrency issue in givencrypt descriptor (bsc#1051510). - crypto: caam - free resources in case caam_rng registration failed (bsc#1051510). - crypto: cavium/zip - Add missing single_release() (bsc#1051510). - crypto: ccp - Reduce maximum stack usage (bsc#1051510). - crypto: qat - Silence smp_processor_id() warning (bsc#1051510). - crypto: skcipher - Unmap pages after an external error (bsc#1051510). - crypto: talitos - fix missing break in switch statement (bsc#1142635). - cxgb4: fix endianness for vlan value in cxgb4_tc_flower (bsc#1064802 bsc#1066129). - cxgb4: offload VLAN flows regardless of VLAN ethtype (bsc#1064802 bsc#1066129). - cxgb4: reduce kernel stack usage in cudbg_collect_mem_region() (bsc#1073513). - cxgb4: Signedness bug in init_one() (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: smt: Add lock for atomic_dec_and_test (bsc#1064802 bsc#1066129). - dasd_fba: Display '00000000' for zero page when dumping sense (bsc#1123080). - /dev/mem: Bail out upon SIGKILL (git-fixes). - dmaengine: dw: platform: Switch to acpi_dma_controller_register() (bsc#1051510). - dmaengine: iop-adma.c: fix printk format warning (bsc#1051510). - drivers: thermal: int340x_thermal: Fix sysfs race condition (bsc#1051510). - drm/amdgpu: Check for valid number of registers to read (bsc#1051510). - drm/amdgpu/si: fix ASIC tests (git-fixes). - drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2) (bsc#1051510). - drm/ast: Fixed reboot test may cause system hanged (bsc#1051510). - drm/bridge: tc358767: Increase AUX transfer length limit (bsc#1051510). - drm: Flush output polling on shutdown (bsc#1051510). - drm/i915: Fix various tracepoints for gen2 (bsc#1113722) - drm/imx: Drop unused imx-ipuv3-crtc.o build (bsc#1113722) - drm/msm/dsi: Implement reset correctly (bsc#1051510). - drm/panel: simple: fix AUO g185han01 horizontal blanking (bsc#1051510). - drm/radeon: Fix EEH during kexec (bsc#1051510). - drm/tilcdc: Register cpufreq notifier after we have initialized crtc (bsc#1051510). - drm/vmwgfx: Fix double free in vmw_recv_msg() (bsc#1051510). - Drop multiversion(kernel) from the KMP template (bsc#1127155). - e1000e: add workaround for possible stalled packet (bsc#1051510). - EDAC/amd64: Decode syndrome before translating address (bsc#1114279). - eeprom: at24: make spd world-readable again (git-fixes). - ext4: fix warning inside ext4_convert_unwritten_extents_endio (bsc#1152025). - ext4: set error return correctly when ext4_htree_store_dirent fails (bsc#1152024). - firmware: dmi: Fix unlikely out-of-bounds read in save_mem_devices (git-fixes). - Fix AMD IOMMU kABI (bsc#1154610). - Fix kabi for: NFSv4: Fix OPEN / CLOSE race (git-fixes). - Fix KVM kABI after x86 mmu backports (bsc#1117665). - gpio: fix line flag validation in lineevent_create (bsc#1051510). - gpio: fix line flag validation in linehandle_create (bsc#1051510). - gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist (bsc#1051510). - gpiolib: only check line handle flags once (bsc#1051510). - gpio: Move gpiochip_lock/unlock_as_irq to gpio/driver.h (bsc#1051510). - gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property() (bsc#1051510). - HID: apple: Fix stuck function keys when using FN (bsc#1051510). - HID: hidraw: Fix invalid read in hidraw_ioctl (bsc#1051510). - HID: logitech: Fix general protection fault caused by Logitech driver (bsc#1051510). - HID: prodikeys: Fix general protection fault during probe (bsc#1051510). - HID: sony: Fix memory corruption issue on cleanup (bsc#1051510). - hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap' (bsc#1051510). - hwmon: (lm75) Fix write operations for negative temperatures (bsc#1051510). - hwmon: (shtc1) fix shtc1 and shtw1 id mask (bsc#1051510). - hwrng: core - do not wait on add_early_randomness() (git-fixes). - i2c: riic: Clear NACK in tend isr (bsc#1051510). - IB/core, ipoib: Do not overreact to SM LID change event (bsc#1154108) - IB/hfi1: Remove overly conservative VM_EXEC flag check (bsc#1144449). - IB/mlx5: Consolidate use_umr checks into single function (bsc#1093205). - IB/mlx5: Fix MR re-registration flow to use UMR properly (bsc#1093205). - IB/mlx5: Report correctly tag matching rendezvous capability (bsc#1046305). - ieee802154: atusb: fix use-after-free at disconnect (bsc#1051510). - ieee802154: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - ife: error out when nla attributes are empty (networking-stable-19_08_08). - iio: adc: ad799x: fix probe error handling (bsc#1051510). - iio: dac: ad5380: fix incorrect assignment to val (bsc#1051510). - iio: light: opt3001: fix mutex unlock race (bsc#1051510). - ima: always return negative code for error (bsc#1051510). - Input: da9063 - fix capability and drop KEY_SLEEP (bsc#1051510). - Input: elan_i2c - remove Lenovo Legion Y7000 PnpID (bsc#1051510). - iommu/amd: Apply the same IVRS IOAPIC workaround to Acer Aspire A315-41 (bsc#1137799). - iommu/amd: Check PM_LEVEL_SIZE() condition in locked section (bsc#1154608). - iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge systems (bsc#1137799). - iommu/amd: Remove domain->updated (bsc#1154610). - iommu/amd: Wait for completion of IOTLB flush in attach_device (bsc#1154611). - iommu/dma: Fix for dereferencing before null checking (bsc#1151667). - iommu/iova: Avoid false sharing on fq_timer_on (bsc#1151671). - ip6_tunnel: fix possible use-after-free on xmit (networking-stable-19_08_08). - ipmi_si: Only schedule continuously in the thread in maintenance mode (bsc#1051510). - ipv6/addrconf: allow adding multicast addr if IFA_F_MCAUTOJOIN is set (networking-stable-19_08_28). - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()' (networking-stable-19_09_15). - isdn/capi: check message length in capi_write() (bsc#1051510). - ixgbe: Prevent u8 wrapping of ITR value to something less than 10us (bsc#1101674). - ixgbe: sync the first fragment unconditionally (bsc#1133140). - kABI: media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). fixes kABI - kABI: media: em28xx: stop rewriting device's struct (bsc#1051510). fixes kABI - kABI: net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05). - kABI/severities: Whitelist functions internal to radix mm. To call these functions you have to first detect if you are running in radix mm mode which can't be expected of OOT code. - kABI workaround for snd_hda_pick_pin_fixup() changes (bsc#1051510). - kernel-subpackage-build: create zero size ghost for uncompressed vmlinux (bsc#1154354). It is not strictly necessary to uncompress it so maybe the ghost file can be 0 size in this case. - kernel/sysctl.c: do not override max_threads provided by userspace (bnc#1150875). - KVM: Convert kvm_lock to a mutex (bsc#1117665). - KVM: MMU: drop vcpu param in gpte_access (bsc#1117665). - KVM: PPC: Book3S: Fix incorrect guest-to-user-translation error handling (bsc#1061840). - KVM: PPC: Book3S HV: Check for MMU ready on piggybacked virtual cores (bsc#1061840). - KVM: PPC: Book3S HV: Do not lose pending doorbell request on migration on P9 (bsc#1061840). - KVM: PPC: Book3S HV: Do not push XIVE context when not using XIVE device (bsc#1061840). - KVM: PPC: Book3S HV: Fix lockdep warning when entering the guest (bsc#1061840). - KVM: PPC: Book3S HV: Fix race in re-enabling XIVE escalation interrupts (bsc#1061840). - KVM: PPC: Book3S HV: Handle virtual mode in XIVE VCPU push code (bsc#1061840). - KVM: PPC: Book3S HV: use smp_mb() when setting/clearing host_ipi flag (bsc#1061840). - KVM: PPC: Book3S HV: XIVE: Free escalation interrupts before disabling the VP (bsc#1061840). - KVM: x86: add tracepoints around __direct_map and FNAME(fetch) (bsc#1117665). - KVM: x86: adjust kvm_mmu_page member to save 8 bytes (bsc#1117665). - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (bsc#1117665). - KVM: x86: Do not release the page inside mmu_set_spte() (bsc#1117665). - KVM: x86: make FNAME(fetch) and __direct_map more similar (bsc#1117665). - KVM: x86, powerpc: do not allow clearing largepages debugfs entry (bsc#1117665). - KVM: x86: remove now unneeded hugepage gfn adjustment (bsc#1117665). - leds: leds-lp5562 allow firmware files up to the maximum length (bsc#1051510). - leds: trigger: gpio: GPIO 0 is valid (bsc#1051510). - libertas: Add missing sentinel at end of if_usb.c fw_table (bsc#1051510). - libertas_tf: Use correct channel range in lbtf_geo_init (bsc#1051510). - libiscsi: do not try to bypass SCSI EH (bsc#1142076). - lib/mpi: Fix karactx leak in mpi_powm (bsc#1051510). - livepatch: Nullify obj->mod in klp_module_coming()'s error path (bsc#1071995). - mac80211: accept deauth frames in IBSS mode (bsc#1051510). - mac80211: minstrel_ht: fix per-group max throughput rate initialization (bsc#1051510). - macsec: drop skb sk before calling gro_cells_receive (bsc#1051510). - md: do not report active array_state until after revalidate_disk() completes (git-fixes). - md: only call set_in_sync() when it is expected to succeed (git-fixes). - md/raid6: Set R5_ReadError when there is read failure on parity disk (git-fixes). - media: atmel: atmel-isc: fix asd memory allocation (bsc#1135642). - media: atmel: atmel-isi: fix timeout value for stop streaming (bsc#1051510). - media: cpia2_usb: fix memory leaks (bsc#1051510). - media: dib0700: fix link error for dibx000_i2c_set_speed (bsc#1051510). - media: dvb-core: fix a memory leak bug (bsc#1051510). - media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). - media: em28xx: stop rewriting device's struct (bsc#1051510). - media: exynos4-is: fix leaked of_node references (bsc#1051510). - media: fdp1: Reduce FCP not found message level to debug (bsc#1051510). - media: gspca: zero usb_buf on error (bsc#1051510). - media: hdpvr: Add device num check and handling (bsc#1051510). - media: hdpvr: add terminating 0 at end of string (bsc#1051510). - media: i2c: ov5645: Fix power sequence (bsc#1051510). - media: iguanair: add sanity checks (bsc#1051510). - media: marvell-ccic: do not generate EOF on parallel bus (bsc#1051510). - media: mc-device.c: do not memset __user pointer contents (bsc#1051510). - media: omap3isp: Do not set streaming state on random subdevs (bsc#1051510). - media: omap3isp: Set device on omap3isp subdevs (bsc#1051510). - media: ov6650: Fix sensor possibly not detected on probe (bsc#1051510). - media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper (bsc#1051510). - media: ov9650: add a sanity check (bsc#1051510). - media: radio/si470x: kill urb on error (bsc#1051510). - media: replace strcpy() by strscpy() (bsc#1051510). - media: Revert '[media] marvell-ccic: reset ccic phy when stop streaming for stability' (bsc#1051510). - media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate() (bsc#1051510). - media: saa7146: add cleanup in hexium_attach() (bsc#1051510). - media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table (bsc#1051510). - media: stkwebcam: fix runtime PM after driver unbind (bsc#1051510). - media: technisat-usb2: break out of loop at end of buffer (bsc#1051510). - media: tm6000: double free if usb disconnect while streaming (bsc#1051510). - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() (bsc#1051510). - media: vb2: Fix videobuf2 to map correct area (bsc#1051510). - memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()' (bsc#1051510). - mfd: intel-lpss: Remove D3cold delay (bsc#1051510). - mic: avoid statically declaring a 'struct device' (bsc#1051510). - mISDN: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - mld: fix memory leak in mld_del_delrec() (networking-stable-19_09_05). - mmc: sdhci: Fix incorrect switch to HS mode (bsc#1051510). - mmc: sdhci: improve ADMA error reporting (bsc#1051510). - mmc: sdhci-msm: fix mutex while in spinlock (bsc#1142635). - mmc: sdhci-of-arasan: Do now show error message in case of deffered probe (bsc#1119086). - mmc: sdhci-of-esdhc: set DMA snooping based on DMA coherence (bsc#1051510). - mtd: spi-nor: Fix Cadence QSPI RCU Schedule Stall (bsc#1051510). - mvpp2: refactor MTU change code (networking-stable-19_08_08). - net: bridge: delete local fdb on device init failure (networking-stable-19_08_08). - net: bridge: mcast: do not delete permanent entries when fast leave is enabled (networking-stable-19_08_08). - net: fix ifindex collision during namespace removal (networking-stable-19_08_08). - net: Fix null de-reference of device refcount (networking-stable-19_09_15). - net: fix skb use after free in netpoll (networking-stable-19_09_05). - net: gso: Fix skb_segment splat when splitting gso_size mangled skb having linear-headed frag_list (networking-stable-19_09_15). - net/ibmvnic: Fix EOI when running in XIVE mode (bsc#1089644, ltc#166495, ltc#165544, git-fixes). - net/ibmvnic: prevent more than one thread from running in reset (bsc#1152457 ltc#174432). - net/ibmvnic: unlock rtnl_lock in reset so linkwatch_event can run (bsc#1152457 ltc#174432). - net/mlx4_en: fix a memory leak bug (bsc#1046299). - net/mlx5: Add device ID of upcoming BlueField-2 (bsc#1046303 ). - net/mlx5e: Only support tx/rx pause setting for port owner (networking-stable-19_08_21). - net/mlx5e: Prevent encap flow counter update async to user query (networking-stable-19_08_08). - net/mlx5e: Use flow keys dissector to parse packets for ARFS (networking-stable-19_08_21). - net/mlx5: Fix error handling in mlx5_load() (bsc#1046305 ). - net/mlx5: Use reversed order when unregister devices (networking-stable-19_08_08). - net/packet: fix race in tpacket_snd() (networking-stable-19_08_21). - net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05). - net: sched: Fix a possible null-pointer dereference in dequeue_func() (networking-stable-19_08_08). - net/smc: make sure EPOLLOUT is raised (networking-stable-19_08_28). - net: stmmac: dwmac-rk: Do not fail if phy regulator is absent (networking-stable-19_09_05). - nfc: fix attrs checks in netlink interface (bsc#1051510). - nfc: fix memory leak in llcp_sock_bind() (bsc#1051510). - nfc: pn533: fix use-after-free and memleaks (bsc#1051510). - NFS4: Fix v4.0 client state corruption when mount (git-fixes). - nfsd: degraded slot-count more gracefully as allocation nears exhaustion (bsc#1150381). - nfsd: Do not release the callback slot unless it was actually held (git-fixes). - nfsd: Fix overflow causing non-working mounts on 1 TB machines (bsc#1150381). - nfsd: fix performance-limiting session calculation (bsc#1150381). - nfsd: give out fewer session slots as limit approaches (bsc#1150381). - nfsd: handle drc over-allocation gracefully (bsc#1150381). - nfsd: increase DRC cache limit (bsc#1150381). - NFS: Do not interrupt file writeout due to fatal errors (git-fixes). - NFS: Do not open code clearing of delegation state (git-fixes). - NFS: Ensure O_DIRECT reports an error if the bytes read/written is 0 (git-fixes). - NFS: Fix regression whereby fscache errors are appearing on 'nofsc' mounts (git-fixes). - NFS: Forbid setting AF_INET6 to 'struct sockaddr_in'->sin_family (git-fixes). - NFS: Refactor nfs_lookup_revalidate() (git-fixes). - NFS: Remove redundant semicolon (git-fixes). - NFSv4.1: Again fix a race where CB_NOTIFY_LOCK fails to wake a waiter (git-fixes). - NFSv4.1: Fix open stateid recovery (git-fixes). - NFSv4.1: Only reap expired delegations (git-fixes). - NFSv4: Check the return value of update_open_stateid() (git-fixes). - NFSv4: Fix an Oops in nfs4_do_setattr (git-fixes). - NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim() (git-fixes). - NFSv4: Fix delegation state recovery (git-fixes). - NFSv4: Fix lookup revalidate of regular files (git-fixes). - NFSv4: Fix OPEN / CLOSE race (git-fixes). - NFSv4: Handle the special Linux file open access mode (git-fixes). - NFSv4: Only pass the delegation to setattr if we're sending a truncate (git-fixes). - NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend() (git-fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - null_blk: complete requests from ->timeout (bsc#1149446). - null_blk: wire up timeouts (bsc#1149446). - nvme: fix multipath crash when ANA is deactivated (bsc#1149446). - nvmem: Use the same permissions for eeprom as for nvmem (git-fixes). - nvme-rdma: Allow DELETING state change failure in (bsc#1104967,). - nvme-rdma: centralize admin/io queue teardown sequence (bsc#1142076). - nvme-rdma: centralize controller setup sequence (bsc#1142076). - nvme-rdma: fix a NULL deref when an admin connect times out (bsc#1149446). - nvme-rdma: fix timeout handler (bsc#1149446). - nvme-rdma: stop admin queue before freeing it (bsc#1140155). - nvme-rdma: support up to 4 segments of inline data (bsc#1142076). - nvme-rdma: unquiesce queues when deleting the controller (bsc#1142076). - nvme: remove ns sibling before clearing path (bsc#1140155). - nvme: return BLK_EH_DONE from ->timeout (bsc#1142076). - objtool: Clobber user CFLAGS variable (bsc#1153236). - PCI: Correct pci=resource_alignment parameter example (bsc#1051510). - PCI: dra7xx: Fix legacy INTD IRQ handling (bsc#1087092). - PCI: hv: Detect and fix Hyper-V PCI domain number collision (bsc#1150423). - PCI: hv: Use bytes 4 and 5 from instance ID as the PCI domain numbers (bsc#1153263). - PCI: PM: Fix pci_power_up() (bsc#1051510). - phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current (bsc#1051510). - pinctrl: tegra: Fix write barrier placement in pmx_writel (bsc#1051510). - platform/x86: classmate-laptop: remove unused variable (bsc#1051510). - platform/x86: pmc_atom: Add Siemens SIMATIC IPC227E to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Add Siemens SIMATIC IPC277E to critclk_systems DMI table (bsc#1051510). - PM: sleep: Fix possible overflow in pm_system_cancel_wakeup() (bsc#1051510). - PNFS fallback to MDS if no deviceid found (git-fixes). - pNFS/flexfiles: Fix PTR_ERR() dereferences in ff_layout_track_ds_error (git-fixes). - pNFS/flexfiles: Turn off soft RPC calls (git-fixes). - powerpc/64: Make sys_switch_endian() traceable (bsc#1065729). - powerpc/64s/pseries: radix flush translations before MMU is enabled at boot (bsc#1055186). - powerpc/64s/radix: Fix MADV_[FREE|DONTNEED] TLB flush miss problem with THP (bsc#1152161 ltc#181664). - powerpc/64s/radix: Fix memory hotplug section page table creation (bsc#1065729). - powerpc/64s/radix: Fix memory hot-unplug page table split (bsc#1065729). - powerpc/64s/radix: Implement _tlbie(l)_va_range flush functions (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve preempt handling in TLB code (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve TLB flushing for page table freeing (bsc#1152161 ltc#181664). - powerpc/64s/radix: Introduce local single page ceiling for TLB range flush (bsc#1055117 bsc#1152161 ltc#181664). - powerpc/64s/radix: keep kernel ERAT over local process/guest invalidates (bsc#1055186). - powerpc/64s/radix: Optimize flush_tlb_range (bsc#1152161 ltc#181664). - powerpc/64s/radix: tidy up TLB flushing code (bsc#1055186). - powerpc/64s: Rename PPC_INVALIDATE_ERAT to PPC_ISA_3_0_INVALIDATE_ERAT (bsc#1055186). - powerpc/book3s64/mm: Do not do tlbie fixup for some hardware revisions (bsc#1152161 ltc#181664). - powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG feature flag (bsc#1152161 ltc#181664). - powerpc: bpf: Fix generation of load/store DW instructions (bsc#1065729). - powerpc/bpf: use unsigned division instruction for 64-bit operations (bsc#1065729). - powerpc: Drop page_is_ram() and walk_system_ram_range() (bsc#1065729). - powerpc/irq: Do not WARN continuously in arch_local_irq_restore() (bsc#1065729). - powerpc/irq: drop arch_early_irq_init() (bsc#1065729). - powerpc/mm/book3s64: Move book3s64 code to pgtable-book3s64 (bsc#1055186). - powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue on POWER9 (bsc#1152161 ltc#181664). - powerpc/mm: mark more tlb functions as __always_inline (bsc#1055186). - powerpc/mm: Properly invalidate when setting process table base (bsc#1055186). - powerpc/mm/radix: Drop unneeded NULL check (bsc#1152161 ltc#181664). - powerpc/mm/radix: implement LPID based TLB flushes to be used by KVM (bsc#1152161 ltc#181664). - powerpc/mm/radix: mark as __tlbie_pid() and friends as__always_inline (bsc#1055186). - powerpc/mm/radix: mark __radix__flush_tlb_range_psize() as __always_inline (bsc#1055186). - powerpc/mm: Simplify page_is_ram by using memblock_is_memory (bsc#1065729). - powerpc/mm: Use memblock API for PPC32 page_is_ram (bsc#1065729). - powerpc/module64: Fix comment in R_PPC64_ENTRY handling (bsc#1065729). - powerpc/powernv: Fix compile without CONFIG_TRACEPOINTS (bsc#1065729). - powerpc/powernv/ioda2: Allocate TCE table levels on demand for default DMA window (bsc#1061840). - powerpc/powernv/ioda: Fix race in TCE level allocation (bsc#1061840). - powerpc/powernv: move OPAL call wrapper tracing and interrupt handling to C (bsc#1065729). - powerpc/powernv/npu: Remove obsolete comment about TCE_KILL_INVAL_ALL (bsc#1065729). - powerpc/pseries: Call H_BLOCK_REMOVE when supported (bsc#1109158). - powerpc/pseries: Export maximum memory value (bsc#1122363). - powerpc/pseries: Export raw per-CPU VPA data via debugfs (). - powerpc/pseries: Fix cpu_hotplug_lock acquisition in resize_hpt() (bsc#1065729). - powerpc/pseries/memory-hotplug: Fix return value type of find_aa_index (bsc#1065729). - powerpc/pseries/mobility: use cond_resched when updating device tree (bsc#1153112 ltc#181778). - powerpc/pseries: Read TLB Block Invalidate Characteristics (bsc#1109158). - powerpc/pseries: Remove confusing warning message (bsc#1109158). - powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning (bsc#1148868). - powerpc/rtas: allow rescheduling while changing cpu states (bsc#1153112 ltc#181778). - powerpc/xive: Fix bogus error code returned by OPAL (bsc#1065729). - powerpc/xive: Implement get_irqchip_state method for XIVE to fix shutdown race (bsc#1065729). - powerpc/xmon: Fix opcode being uninitialized in print_insn_powerpc (bsc#1065729). - power: reset: gpio-restart: Fix typo when gpio reset is not found (bsc#1051510). - power: supply: Init device wakeup after device_add() (bsc#1051510). - power: supply: sysfs: ratelimit property read error message (bsc#1051510). - ppp: Fix memory leak in ppp_write (git-fixes). - printk: Do not lose last line in kmsg buffer dump (bsc#1152460). - printk: fix printk_time race (bsc#1152466). - printk/panic: Avoid deadlock in printk() after stopping CPUs by NMI (bsc#1148712). - qed: iWARP - Fix default window size to be based on chip (bsc#1050536 bsc#1050545). - qed: iWARP - Fix tc for MPA ll2 connection (bsc#1050536 bsc#1050545). - qed: iWARP - fix uninitialized callback (bsc#1050536 bsc#1050545). - qed: iWARP - Use READ_ONCE and smp_store_release to access ep->state (bsc#1050536 bsc#1050545). - qla2xxx: kABI fixes for v10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - qla2xxx: remove SGI SN2 support (bsc#1123034 bsc#1131304 bsc#1127988). - quota: fix wrong condition in is_quota_modification() (bsc#1152026). - r8152: Set memory to all 0xFFs on failed reg reads (bsc#1051510). - RDMA/bnxt_re: Fix spelling mistake 'missin_resp' -> 'missing_resp' (bsc#1050244). - RDMA: Fix goto target to release the allocated memory (bsc#1050244). - regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg (bsc#1051510). - Revert 'mwifiex: fix system hang problem after resume' (bsc#1051510). - Revert 'Revert 'rpm/kernel-binary.spec.in: rename kGraft to KLP ()'' This reverts commit 468af43c8fd8509820798b6d8ed363fc417ca939 Should get this rename again with next SLE15 merge. - rtlwifi: rtl8192cu: Fix value set in descriptor (bsc#1142635). - s390/crypto: fix gcm-aes-s390 selftest failures (bsc#1137861 LTC#178091). - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero (networking-stable-19_09_15). - scsi: lpfc: Fix null ptr oops updating lpfc_devloss_tmo via sysfs attribute (bsc#1140845). - scsi: lpfc: Fix propagation of devloss_tmo setting to nvme transport (bsc#1140883). - scsi: lpfc: Remove bg debugfs buffers (bsc#1144375). - scsi: qedf: fc_rport_priv reference counting fixes (bsc#1098291). - scsi: qedf: Modify abort and tmf handler to handle edge condition and flush (bsc#1098291). - scsi: qla2xxx: Add 28xx flash primary/secondary status/image mechanism (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add Device ID for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add First Burst support for FC-NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add fw_attr and port_no SysFS node (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add new FW dump template entry types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add pci function reset support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add protection mask module parameters (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add Serdes support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for multiple fwdump templates/segments (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for setting port speed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Allow NVMe IO to resume with short cable pull (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: allow session delete to finish before create (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid PCI IRQ affinity mapping when multiqueue is not supported (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: avoid printf format warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that Coverity complains about dereferencing a NULL rport pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if called twice (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change abort wait_loop from msleep to wait_event_timeout (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change data_dsd into an array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change default ZIO threshold (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla24xx_read_flash_data() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla2x00_update_ms_fdmi_iocb() into void (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for FW started flag before aborting (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: check for kstrtol() failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check secondary image if reading the primary image fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the PCI info string output buffer size (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the size of firmware data structures at compile time (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup fcport memory to prevent leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds during unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: cleanup trace buffer initialization (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a command is released that is owned by the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a mailbox command times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a soft reset fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if parsing the version string fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if sp->done() is not called from the completion path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if waiting for pending commands times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain loudly about reference count underflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correct error handling during initialization failures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correction and improvement to fwdt processing (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correctly report max/min supported speeds (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: deadlock by configfs_depend_item (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare fourth qla2x00_set_model_info() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare local symbols static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla_tgt_cmd.cdb const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare the fourth ql_dump_buffer() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Do not corrupt vha->plogi_ack_list (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Downgrade driver to 10.01.00.19-k There are upstream bug reports against 10.01.00.19-k which haven't been resolved. Also the newer version failed to get a proper review. For time being it's better to got with the older version and do not introduce new bugs. - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Enable type checking for the SRB free and done callback functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix abort timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a NULL pointer dereference (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a qla24xx_enable_msix() error path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a recently introduced kernel warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a small typo in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix code indentation for qla27xx_fwdt_entry (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment alignment in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment in MODULE_PARM_DESC in qla2xxx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix different size DMA Alloc/Unmap (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA error when the DIF sg buffer crosses 4GB boundary (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA unmap leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver reload for ISP82xx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are connected (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix fcport null pointer access (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix flash read for Qlogic ISPs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix formatting of pointer types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw dump corruption (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw options handle eh_bus_reset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hang in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardirq-unsafe locking (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardlockup in abort command during driver remove (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix kernel crash after disconnecting NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix message indicating vectors used by driver (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link reset (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link up fail (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Nport ID display value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVMe port discovery after a short device port loss (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix possible fcport null-pointer dereferences (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix premature timer expiration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix read offset in qla24xx_load_risc_flash() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix routine qla27xx_dump_{mpi|ram}() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session cleanup hang (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session lookup in qlt_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake 'alredy' -> 'already' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake 'initializatin' -> 'initialization' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix SRB allocation flag to avoid sleeping in IRQ context (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stuck login session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unload when NVMe devices are configured (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix use-after-free issues in qla2xxx_qpair_sp_free_dma() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: flush IO on chip reset or sess delete (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Further limit FLASH region write access from SysFS (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve Linux kernel coding style conformance (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve logging for scan thread (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Include the <asm/unaligned.h> header file from qla_dsd.h (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the max_sgl_segments to 1024 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the size of the mailbox arrays from 4 to 8 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Insert spaces where required (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2xxx_get_next_handle() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the be_id_t and le_id_t data types for FC src/dst IDs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the dsd32 and dsd64 data structures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Leave a blank line after declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Let the compiler check the type of the SCSI command context pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Log the status code if a firmware command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make it explicit that ELS pass-through IOCBs use little endian (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_mem_free() easier to verify (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_process_response_queue() easier to read (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qlt_handle_abts_completion() more robust (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make sure that aborted commands are freed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Modify NVMe include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move debug messages before sending srb preventing panic (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: move IO flush to the front of NVME rport unregistration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move marker request behind QPair (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_clear_loop_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_is_reserved_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids() definition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the <linux/io-64-nonatomic-lo-hi.h> include directive (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the port_state_str definition from a .h to a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: no need to check return value of debugfs_create functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: on session delete, return nvme cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Pass little-endian values to the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent memory leak for CT req/rsp allocation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent multiple ADISC commands per session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent SysFS access when chip is down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Really fix qla2xxx_eh_abort() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of casts in GID list code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of forward declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the scope of three local variables in qla2xxx_queuecommand() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reject EH_{abort|device_reset|target_request} (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a comment that refers to the SCSI host lock (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove an include directive from qla_mr.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous forward declaration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous pointer check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove dead code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove double assignment in qla2x00_update_fcport (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove FW default template (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove redundant null check on pointer sess (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove set but not used variable 'ptr_dma' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove superfluous sts_entry_* casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove the fcport test from qla_nvme_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous if-tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary locking from the target code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary null check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unreachable code from qla83xx_idc_lock() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove useless set memory to zero use memset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove WARN_ON_ONCE in qla2x00_status_cont_entry() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Replace vmalloc + memset with vzalloc (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report invalid mailbox status codes (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report the firmware status code if a mailbox command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Restore FAWWPN of Physical Port only for loop down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Retry fabric Scan on IOCB queue full (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Rework key encoding in qlt_find_host_by_d_id() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Secure flash update support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remote port devloss timeout to 0 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remove flag for all VP (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the responder mode if appropriate for ELS pass-through IOCBs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the SCSI command result before calling the command done (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence fwdump template message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence Successful ELS IOCB message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplification of register address used in qla_tmpl.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify a debug statement (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify conditional check again (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_abort_sp_done() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_async_abort_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_lport_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_send_term_imm_notif() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Skip FW dump on LOOP initialization error (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress a Coveritiy complaint about integer overflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress multiple Coverity complaint about out-of-bounds accesses (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: target: Fix offline port handling and host reset handling (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Uninline qla2x00_init_timer() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Unregister resources in the opposite order of the registration order (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.13-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.14-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.15-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.16-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.19-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update flash read/write routine (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use an on-stack completion in qla24xx_control_vp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use ARRAY_SIZE() in the definition of QLA_LAST_SPEED (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use common update-firmware-options routine for ISP27xx+ (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use complete switch scan for RSCN events (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use Correct index for Q-Pair array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use get/put_unaligned where appropriate (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use __le64 instead of uint32_t for sending DMA addresses to firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use memcpy() and strlcpy() instead of strcpy() and strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use mutex protection during qla2x00_sysfs_read_fw_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use strlcpy() instead of strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs instead of spaces for indentation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs to indent code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Verify locking assumptions at runtime (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: scsi_dh_rdac: zero cdb in send_mode_select() (bsc#1149313). - scsi: scsi_transport_fc: nvme: display FC-NVMe port roles (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: storvsc: setup 1:1 mapping between hardware queue and CPU queue (bsc#1140729). - scsi: tcm_qla2xxx: Minimize #include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi_transport_fc: complete requests from ->timeout (bsc#1142076). - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()' (networking-stable-19_09_15). - sctp: fix the transport error_count check (networking-stable-19_08_21). - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike (networking-stable-19_09_15). - secure boot lockdown: Fix-up backport of /dev/mem access restriction The upstream-submitted patch set has evolved over time, align our patches (contents and description) to reflect the current status as far as /dev/mem access is concerned. - Sign non-x86 kernels when possible (boo#1134303) - sky2: Disable MSI on yet another ASUS boards (P6Xxxx) (bsc#1051510). - slip: make slhc_free() silently accept an error pointer (bsc#1051510). - slip: sl_alloc(): remove unused parameter 'dev_t line' (bsc#1051510). - sock_diag: fix autoloading of the raw_diag module (bsc#1152791). - sock_diag: request _diag module only when the family or proto has been registered (bsc#1152791). - staging: vt6655: Fix memory leak in vt6655_probe (bsc#1051510). - SUNRPC fix regression in umount of a secure mount (git-fixes). - SUNRPC: Handle connection breakages correctly in call_status() (git-fixes). - SUNRPC/nfs: Fix return value for nfs4_callback_compound() (git-fixes). - tcp: Do not dequeue SYN/FIN-segments from write-queue (git-gixes). - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR (networking-stable-19_09_15). - tcp: inherit timestamp on mtu probe (networking-stable-19_09_05). - tcp: make sure EPOLLOUT wont be missed (networking-stable-19_08_28). - tcp: remove empty skb from write queue in error cases (networking-stable-19_09_05). - team: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - thermal: Fix use-after-free when unregistering thermal zone device (bsc#1051510). - thermal_hwmon: Sanitize thermal_zone type (bsc#1051510). - tipc: add NULL pointer check before calling kfree_rcu (networking-stable-19_09_15). - tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts (bsc#1082555). - tracing: Initialize iter->seq after zeroing in tracing_read_pipe() (bsc#1151508). - tun: fix use-after-free when register netdev failed (networking-stable-19_09_15). - tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (bsc#1145099). - tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (bsc#1145099). - usb: adutux: fix NULL-derefs on disconnect (bsc#1142635). - usb: adutux: fix use-after-free on disconnect (bsc#1142635). - usb: adutux: fix use-after-free on release (bsc#1051510). - usb: chaoskey: fix use-after-free on release (bsc#1051510). - usb: dummy-hcd: fix power budget for SuperSpeed mode (bsc#1051510). - usb: iowarrior: fix use-after-free after driver unbind (bsc#1051510). - usb: iowarrior: fix use-after-free on disconnect (bsc#1051510). - usb: iowarrior: fix use-after-free on release (bsc#1051510). - usb: legousbtower: fix deadlock on disconnect (bsc#1142635). - usb: legousbtower: fix open after failed reset request (bsc#1142635). - usb: legousbtower: fix potential NULL-deref on disconnect (bsc#1142635). - usb: legousbtower: fix slab info leak at probe (bsc#1142635). - usb: legousbtower: fix use-after-free on release (bsc#1051510). - usb: microtek: fix info-leak at probe (bsc#1142635). - usbnet: ignore endpoints with invalid wMaxPacketSize (bsc#1051510). - usbnet: sanity checking of packet sizes and device mtu (bsc#1051510). - usb: serial: fix runtime PM after driver unbind (bsc#1051510). - usb: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20 (bsc#1051510). - usb: serial: keyspan: fix NULL-derefs on open() and write() (bsc#1051510). - usb: serial: option: add support for Cinterion CLS8 devices (bsc#1051510). - usb: serial: option: add Telit FN980 compositions (bsc#1051510). - usb: usbcore: Fix slab-out-of-bounds bug during device reset (bsc#1051510). - usb: usblcd: fix I/O after disconnect (bsc#1142635). - usb: usblp: fix runtime PM after driver unbind (bsc#1051510). - usb: usb-skeleton: fix NULL-deref on disconnect (bsc#1051510). - usb: usb-skeleton: fix runtime PM after driver unbind (bsc#1051510). - usb: usb-skeleton: fix use-after-free after driver unbind (bsc#1051510). - usb: xhci: wait for CNR controller not ready bit in xhci resume (bsc#1051510). - usb: yurex: Do not retry on unexpected errors (bsc#1051510). - usb: yurex: fix NULL-derefs on disconnect (bsc#1051510). - vfio_pci: Restore original state on release (bsc#1051510). - vhost_net: conditionally enable tx polling (bsc#1145099). - vhost_net: conditionally enable tx polling (bsc#1145099). - video: of: display_timing: Add of_node_put() in of_get_display_timing() (bsc#1051510). - video: ssd1307fb: Start page range at page_offset (bsc#1113722) - watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout (bsc#1051510). - x86/asm: Fix MWAITX C-state hint value (bsc#1114279). - x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h (bsc#1114279). - x86/fpu: Add FPU state copying quirk to handle XRSTOR failure on Intel Skylake CPUs (bsc#1151955). - x86/mm: Use WRITE_ONCE() when setting PTEs (bsc#1114279). - x86/tls: Fix possible spectre-v1 in do_get_thread_area() (bsc#1114279). - xen/netback: fix error path of xenvif_connect_data() (bsc#1065600). - xen/netback: Reset nr_frags before freeing skb (networking-stable-19_08_21). - xen-netfront: do not assume sk_buff_head list is empty in error handling (bsc#1065600). - xen-netfront: do not use ~0U as error return value for xennet_fill_frags() (bsc#1065600). - xen/pv: Fix Xen PV guest int3 handling (bsc#1153811). - xen/xenbus: fix self-deadlock after killing user process (bsc#1065600). - xhci: Check all endpoints for LPM timeout (bsc#1051510). - xhci: Fix false warning message about wrong bounce buffer write length (bsc#1051510). - xhci: Increase STS_SAVE timeout in xhci_suspend() (bsc#1051510). - xhci: Prevent device initiated U1/U2 link pm if exit latency is too long (bsc#1051510). Important SUSE bug 1046299 SUSE bug 1046303 SUSE bug 1046305 SUSE bug 1050244 SUSE bug 1050536 SUSE bug 1050545 SUSE bug 1051510 SUSE bug 1054914 SUSE bug 1055117 SUSE bug 1055186 SUSE bug 1061840 SUSE bug 1064802 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1066129 SUSE bug 1071995 SUSE bug 1073513 SUSE bug 1082555 SUSE bug 1086323 SUSE bug 1087092 SUSE bug 1089644 SUSE bug 1093205 SUSE bug 1097583 SUSE bug 1097584 SUSE bug 1097585 SUSE bug 1097586 SUSE bug 1097587 SUSE bug 1097588 SUSE bug 1098291 SUSE bug 1101674 SUSE bug 1104967 SUSE bug 1109158 SUSE bug 1113722 SUSE bug 1114279 SUSE bug 1117665 SUSE bug 1119086 SUSE bug 1122363 SUSE bug 1123034 SUSE bug 1123080 SUSE bug 1127155 SUSE bug 1127988 SUSE bug 1131304 SUSE bug 1133140 SUSE bug 1134303 SUSE bug 1135642 SUSE bug 1135854 SUSE bug 1135873 SUSE bug 1137799 SUSE bug 1137861 SUSE bug 1137865 SUSE bug 1137959 SUSE bug 1140155 SUSE bug 1140729 SUSE bug 1140845 SUSE bug 1140883 SUSE bug 1141600 SUSE bug 1142076 SUSE bug 1142635 SUSE bug 1142667 SUSE bug 1144375 SUSE bug 1144449 SUSE bug 1145099 SUSE bug 1146042 SUSE bug 1146519 SUSE bug 1146540 SUSE bug 1146664 SUSE bug 1148133 SUSE bug 1148410 SUSE bug 1148712 SUSE bug 1148868 SUSE bug 1149313 SUSE bug 1149446 SUSE bug 1149555 SUSE bug 1149651 SUSE bug 1150381 SUSE bug 1150423 SUSE bug 1150452 SUSE bug 1150465 SUSE bug 1150875 SUSE bug 1151350 SUSE bug 1151508 SUSE bug 1151610 SUSE bug 1151667 SUSE bug 1151671 SUSE bug 1151680 SUSE bug 1151891 SUSE bug 1151955 SUSE bug 1152024 SUSE bug 1152025 SUSE bug 1152026 SUSE bug 1152161 SUSE bug 1152325 SUSE bug 1152457 SUSE bug 1152460 SUSE bug 1152466 SUSE bug 1152788 SUSE bug 1152791 SUSE bug 1152972 SUSE bug 1152974 SUSE bug 1152975 SUSE bug 1153112 SUSE bug 1153158 SUSE bug 1153236 SUSE bug 1153263 SUSE bug 1153646 SUSE bug 1153713 SUSE bug 1153717 SUSE bug 1153718 SUSE bug 1153719 SUSE bug 1153811 SUSE bug 1154108 SUSE bug 1154189 SUSE bug 1154354 SUSE bug 1154372 SUSE bug 1154578 SUSE bug 1154607 SUSE bug 1154608 SUSE bug 1154610 SUSE bug 1154611 SUSE bug 1154651 SUSE bug 1154747 CVE-2017-18595 CVE-2019-14821 CVE-2019-15291 CVE-2019-16232 CVE-2019-16234 CVE-2019-17056 CVE-2019-17133 CVE-2019-17666 CVE-2019-9506 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for samba fixes the following issues: - CVE-2019-10218: Client code can return filenames containing path separators (bsc#1144902). Important SUSE bug 1144902 CVE-2019-10218 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for php72 fixes the following issues: Security issue fixed: - CVE-2019-11043: Fixed possible remote code execution via env_path_info underflow in fpm_main.c (bsc#1154999). Important SUSE bug 1154999 CVE-2019-11043 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for bluez fixes the following issue: - CVE-2016-9798: Fixed a use-after-free in conf_opt (bsc#1013712). Moderate SUSE bug 1013712 CVE-2016-9798 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for gdb fixes the following issues: Update to gdb 8.3.1: (jsc#ECO-368) Security issues fixed: - CVE-2019-1010180: Fixed a potential buffer overflow when loading ELF sections larger than the file. (bsc#1142772) Upgrade libipt from v2.0 to v2.0.1. - Enable librpm for version > librpm.so.3 [bsc#1145692]: * Allow any librpm.so.x * Add %build test to check for 'zypper install <rpm-packagename>' message - Copy gdbinit from fedora master @ 25caf28. Add gdbinit.without-python, and use it for --without=python. Rebase to 8.3 release (as in fedora 30 @ 1e222a3). * DWARF index cache: GDB can now automatically save indices of DWARF symbols on disk to speed up further loading of the same binaries. * Ada task switching is now supported on aarch64-elf targets when debugging a program using the Ravenscar Profile. * Terminal styling is now available for the CLI and the TUI. * Removed support for old demangling styles arm, edg, gnu, hp and lucid. * Support for new native configuration RISC-V GNU/Linux (riscv*-*-linux*). - Implemented access to more POWER8 registers. [fate#326120, fate#325178] - Also handle most new s390 arch13 instructions. [fate#327369, jsc#ECO-368] Moderate SUSE bug 1115034 SUSE bug 1142772 SUSE bug 1145692 CVE-2019-1010180 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libssh2_org fixes the following issue: - CVE-2019-17498: Fixed an integer overflow in a bounds check that might have led to the disclosure of sensitive information or a denial of service (bsc#1154862). Moderate SUSE bug 1154862 CVE-2019-17498 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libseccomp fixes the following issues: Update to new upstream release 2.4.1: * Fix a BPF generation bug where the optimizer mistakenly identified duplicate BPF code blocks. Updated to 2.4.0 (bsc#1128828 CVE-2019-9893): * Update the syscall table for Linux v5.0-rc5 * Added support for the SCMP_ACT_KILL_PROCESS action * Added support for the SCMP_ACT_LOG action and SCMP_FLTATR_CTL_LOG attribute * Added explicit 32-bit (SCMP_AX_32(...)) and 64-bit (SCMP_AX_64(...)) argument comparison macros to help protect against unexpected sign extension * Added support for the parisc and parisc64 architectures * Added the ability to query and set the libseccomp API level via seccomp_api_get(3) and seccomp_api_set(3) * Return -EDOM on an endian mismatch when adding an architecture to a filter * Renumber the pseudo syscall number for subpage_prot() so it no longer conflicts with spu_run() * Fix PFC generation when a syscall is prioritized, but no rule exists * Numerous fixes to the seccomp-bpf filter generation code * Switch our internal hashing function to jhash/Lookup3 to MurmurHash3 * Numerous tests added to the included test suite, coverage now at ~92% * Update our Travis CI configuration to use Ubuntu 16.04 * Numerous documentation fixes and updates Update to release 2.3.3: * Updated the syscall table for Linux v4.15-rc7 Update to release 2.3.2: * Achieved full compliance with the CII Best Practices program * Added Travis CI builds to the GitHub repository * Added code coverage reporting with the '--enable-code-coverage' configure flag and added Coveralls to the GitHub repository * Updated the syscall tables to match Linux v4.10-rc6+ * Support for building with Python v3.x * Allow rules with the -1 syscall if the SCMP\_FLTATR\_API\_TSKIP attribute is set to true * Several small documentation fixes - ignore make check error for ppc64/ppc64le, bypass bsc#1142614 Moderate SUSE bug 1082318 SUSE bug 1128828 SUSE bug 1142614 CVE-2019-9893 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. The Linux Kernel KVM hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack. The Linux kernel was supplemented with the option to disable TSX operation altogether (requiring CPU Microcode updates on older systems) and better flushing of microarchitectural buffers (VERW). The set of options available is described in our TID at https://www.suse.com/support/kb/doc/?id=7024251 Other security fixes: - CVE-2019-0154: Fixed a local denial of service via read of unprotected i915 registers. (bsc#1135966) - CVE-2019-0155: Fixed privilege escalation in the i915 driver. Batch buffers from usermode could have escalated privileges via blitter command stream. (bsc#1135967) - CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150457). - CVE-2019-10220: Added sanity checks on the pathnames passed to the user space. (bsc#1144903). The following non-security bugs were fixed: - alsa: bebob: Fix prototype of helper function to return negative value (bsc#1051510). - alsa: hda/realtek - Add support for ALC623 (bsc#1051510). - alsa: hda/realtek - Add support for ALC711 (bsc#1051510). - alsa: hda/realtek - Fix 2 front mics of codec 0x623 (bsc#1051510). - alsa: hda: Add Elkhart Lake PCI ID (bsc#1051510). - alsa: hda: Add Tigerlake/Jasperlake PCI ID (bsc#1051510). - alsa: timer: Fix mutex deadlock at releasing card (bsc#1051510). - arcnet: provide a buffer big enough to actually receive packets (networking-stable-19_09_30). - asoc: rockchip: i2s: Fix RPM imbalance (bsc#1051510). - asoc: rsnd: Reinitialize bit clock inversion flag for every format setting (bsc#1051510). - bpf: fix use after free in prog symbol exposure (bsc#1083647). - btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group() (bsc#1155178). - btrfs: qgroup: Always free PREALLOC META reserve in btrfs_delalloc_release_extents() (bsc#1155179). - btrfs: tracepoints: Fix bad entry members of qgroup events (bsc#1155186). - btrfs: tracepoints: Fix wrong parameter order for qgroup events (bsc#1155184). - crypto: af_alg - Fix race around ctx->rcvused by making it atomic_t (bsc#1154737). - crypto: af_alg - Initialize sg_num_bytes in error code path (bsc#1051510). - crypto: af_alg - consolidation of duplicate code (bsc#1154737). - crypto: af_alg - fix race accessing cipher request (bsc#1154737). - crypto: af_alg - remove locking in async callback (bsc#1154737). - crypto: af_alg - update correct dst SGL entry (bsc#1051510). - crypto: af_alg - wait for data at beginning of recvmsg (bsc#1154737). - crypto: algif - return error code when no data was processed (bsc#1154737). - crypto: algif_aead - copy AAD from src to dst (bsc#1154737). - crypto: algif_aead - fix reference counting of null skcipher (bsc#1154737). - crypto: algif_aead - overhaul memory management (bsc#1154737). - crypto: algif_aead - skip SGL entries with NULL page (bsc#1154737). - crypto: algif_skcipher - overhaul memory management (bsc#1154737). - cxgb4:Fix out-of-bounds MSI-X info array access (networking-stable-19_10_05). - drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50 (bsc#1051510). - drm/i915/cmdparser: Add support for backward jumps (bsc#1135967) - drm/i915/cmdparser: Ignore Length operands during command matching (bsc#1135967) - drm/i915/cmdparser: Use explicit goto for error paths (bsc#1135967) - drm/i915/gen8+: Add RC6 CTX corruption WA (bsc#1135967) - drm/i915/gtt: Add read only pages to gen8_pte_encode (bsc#1135967) - drm/i915/gtt: Disable read-only support under GVT (bsc#1135967) - drm/i915/gtt: Read-only pages for insert_entries on bdw (bsc#1135967) - drm/i915: Add gen9 BCS cmdparsing (bsc#1135967) - drm/i915: Add support for mandatory cmdparsing (bsc#1135967) - drm/i915: Allow parsing of unsized batches (bsc#1135967) - drm/i915: Disable Secure Batches for gen6+ - drm/i915: Lower RM timeout to avoid DSI hard hangs (bsc#1135967) - drm/i915: Prevent writing into a read-only object via a GGTT mmap (bsc#1135967) - drm/i915: Remove Master tables from cmdparser - drm/i915: Rename gen7 cmdparser tables (bsc#1135967) - drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (bsc#1135967) - efi/memattr: Do not bail on zero VA if it equals the region's PA (bsc#1051510). - efi: cper: print AER info of PCIe fatal error (bsc#1051510). - efivar/ssdt: Do not iterate over EFI vars if no SSDT override was specified (bsc#1051510). - hid: fix error message in hid_open_report() (bsc#1051510). - hid: logitech-hidpp: do all FF cleanup in hidpp_ff_destroy() (bsc#1051510). - hso: fix NULL-deref on tty open (bsc#1051510). - hyperv: set nvme msi interrupts to unmanaged (jsc#SLE-8953, jsc#SLE-9221, jsc#SLE-4941, bsc#1119461, bsc#1119465, bsc#1138190, bsc#1154905). - ib/core: Add mitigation for Spectre V1 (bsc#1155671) - ieee802154: ca8210: prevent memory leak (bsc#1051510). - input: synaptics-rmi4 - avoid processing unknown IRQs (bsc#1051510). - integrity: prevent deadlock during digsig verification (bsc#1090631). - ipv6: Handle missing host route in __ipv6_ifa_notify (networking-stable-19_10_05). - ipv6: drop incoming packets having a v4mapped source address (networking-stable-19_10_05). - kABI workaround for crypto/af_alg changes (bsc#1154737). - kABI workaround for drm_vma_offset_node readonly field addition (bsc#1135967) - ksm: cleanup stable_node chain collapse case (bnc#1144338). - ksm: fix use after free with merge_across_nodes = 0 (bnc#1144338). - ksm: introduce ksm_max_page_sharing per page deduplication limit (bnc#1144338). - ksm: optimize refile of stable_node_dup at the head of the chain (bnc#1144338). - ksm: swap the two output parameters of chain/chain_prune (bnc#1144338). - kvm: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (bsc#1117665). - kvm: x86: mmu: Recovery of shattered NX large pages (bsc#1117665, CVE-2018-12207). - mac80211: Reject malformed SSID elements (bsc#1051510). - mac80211: fix txq null pointer dereference (bsc#1051510). - md/raid0: avoid RAID0 data corruption due to layout confusion (bsc#1140090). - md/raid0: fix warning message for parameter default_layout (bsc#1140090). - net/phy: fix DP83865 10 Mbps HDX loopback disable function (networking-stable-19_09_30). - net/rds: Fix error handling in rds_ib_add_one() (networking-stable-19_10_05). - net/rds: fix warn in rds_message_alloc_sgs (bsc#1154848). - net/rds: remove user triggered WARN_ON in rds_sendmsg (bsc#1154848). - net/sched: act_sample: do not push mac header on ip6gre ingress (networking-stable-19_09_30). - net/smc: fix SMCD link group creation with VLAN id (bsc#1154959). - net: Replace NF_CT_ASSERT() with WARN_ON() (bsc#1146612). - net: Unpublish sk from sk_reuseport_cb before call_rcu (networking-stable-19_10_05). - net: openvswitch: free vport unless register_netdevice() succeeds (git-fixes). - net: qlogic: Fix memory leak in ql_alloc_large_buffers (networking-stable-19_10_05). - net: qrtr: Stop rx_worker before freeing node (networking-stable-19_09_30). - net_sched: add policy validation for action attributes (networking-stable-19_09_30). - net_sched: fix backward compatibility for TCA_ACT_KIND (git-fixes). - netfilter: nf_nat: do not bug when mapping already exists (bsc#1146612). - nfsv4.1 - backchannel request should hold ref on xprt (bsc#1152624). - nl80211: fix null pointer dereference (bsc#1051510). - openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC (networking-stable-19_09_30). - qmi_wwan: add support for Cinterion CLS8 devices (networking-stable-19_10_05). - r8152: Set macpassthru in reset_resume callback (bsc#1051510). - rds: Fix warning (bsc#1154848). - reiserfs: fix extended attributes on the root directory (bsc#1151225). - rpm/kernel-subpackage-spec: Mention debuginfo in the subpackage description (bsc#1149119). - s390/cmf: set_schib_wait add timeout (bsc#1153509, bsc#1153476). - sch_cbq: validate TCA_CBQ_WRROPT to avoid crash (networking-stable-19_10_05). - sch_dsmark: fix potential NULL deref in dsmark_init() (networking-stable-19_10_05). - sch_netem: fix a divide by zero in tabledist() (networking-stable-19_09_30). - sched/fair: Avoid divide by zero when rebalancing domains (bsc#1096254). - scsi: lpfc: Fix devices that do not return after devloss followed by rediscovery (bsc#1137040). - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix N2N link reset (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix N2N link up fail (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix partial flash write of MBI (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix wait condition in loop (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Improve logging for scan thread (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Initialized mailbox to prevent driver load failure (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Set remove flag for all VP (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Silence fwdump template message (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: fix a potential NULL pointer dereference (bsc#1150457 CVE-2019-16233). - scsi: qla2xxx: fixup incorrect usage of host_byte (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: remove redundant assignment to pointer host (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: stop timer in shutdown path (bsc#1143706 bsc#1082635 bsc#1123034). - skge: fix checksum byte order (networking-stable-19_09_30). - staging: wlan-ng: fix exit return when sme->key_idx >= NUM_WEPKEYS (bsc#1051510). - supporte.conf: add efivarfs to kernel-default-base (bsc#1154858). - tipc: fix unlimited bundling of small messages (networking-stable-19_10_05). - usb: ldusb: fix NULL-derefs on driver unbind (bsc#1051510). - usb: ldusb: fix memleak on disconnect (bsc#1051510). - usb: ldusb: fix read info leaks (bsc#1051510). - usb: legousbtower: fix a signedness bug in tower_probe() (bsc#1051510). - usb: legousbtower: fix memleak on disconnect (bsc#1051510). - usb: serial: ti_usb_3410_5052: fix port-close races (bsc#1051510). - usb: udc: lpc32xx: fix bad bit shift operation (bsc#1051510). - usb: usblp: fix use-after-free on disconnect (bsc#1051510). - vfs: Make filldir[64]() verify the directory entry filename is valid (bsc#1144903, CVE-2019-10220). - vsock: Fix a lockdep warning in __vsock_release() (networking-stable-19_10_05). - x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area (bnc#1153969). - x86/boot/64: Round memory hole size up to next PMD page (bnc#1153969). - x86/tsx: Add config options to set tsx=on|off|auto (bsc#1139073, CVE-2019-11135). Important SUSE bug 1051510 SUSE bug 1082635 SUSE bug 1083647 SUSE bug 1090631 SUSE bug 1096254 SUSE bug 1117665 SUSE bug 1119461 SUSE bug 1119465 SUSE bug 1123034 SUSE bug 1135966 SUSE bug 1135967 SUSE bug 1137040 SUSE bug 1138190 SUSE bug 1139073 SUSE bug 1140090 SUSE bug 1143706 SUSE bug 1144338 SUSE bug 1144903 SUSE bug 1146612 SUSE bug 1149119 SUSE bug 1150457 SUSE bug 1151225 SUSE bug 1152624 SUSE bug 1153476 SUSE bug 1153509 SUSE bug 1153969 SUSE bug 1154737 SUSE bug 1154848 SUSE bug 1154858 SUSE bug 1154905 SUSE bug 1154959 SUSE bug 1155178 SUSE bug 1155179 SUSE bug 1155184 SUSE bug 1155186 SUSE bug 1155671 CVE-2018-12207 CVE-2019-0154 CVE-2019-0155 CVE-2019-10220 CVE-2019-11135 CVE-2019-16233 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for xen fixes the following issues: - CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. (bsc#1155945) - CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack. (bsc#1152497). - CVE-2019-18424: An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. (bsc#1154461). - CVE-2019-18421: A malicious PV guest administrator may have been able to escalate their privilege to that of the host. (bsc#1154458). - CVE-2019-18425: 32-bit PV guest user mode could elevate its privileges to that of the guest kernel. (bsc#1154456). - CVE-2019-18420: Malicious x86 PV guests may have caused a hypervisor crash, resulting in a Denial of Service (Dos). (bsc#1154448) Important SUSE bug 1152497 SUSE bug 1154448 SUSE bug 1154456 SUSE bug 1154458 SUSE bug 1154461 SUSE bug 1155945 CVE-2018-12207 CVE-2019-11135 CVE-2019-18420 CVE-2019-18421 CVE-2019-18424 CVE-2019-18425 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libjpeg-turbo fixes the following issues: - CVE-2019-2201: Several integer overflow issues and subsequent segfaults occurred in libjpeg-turbo, when attempting to compress or decompress gigapixel images. [bsc#1156402] Important SUSE bug 1156402 CVE-2019-2201 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for ghostscript fixes the following issue: - CVE-2019-14869: Fixed a possible dSAFER escape which could have allowed an attacker to gain high privileges by a specially crafted Postscript code (bsc#1156275). Important SUSE bug 1156275 CVE-2019-14869 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for xen fixes the following issues: - Update to Xen 4.11.1 bug fix release (bsc#1027519) - CVE-2018-17963: Fixed an integer overflow issue in the QEMU emulator, which could occur when a packet with large packet size is processed. A user inside a guest could have used this flaw to crash the qemu process resulting in a Denial of Service (DoS). (bsc#1111014) - CVE-2018-18849: Fixed an out of bounds memory access in the LSI53C895A SCSI host bus adapter emulation, which allowed a user and/or process to crash the qemu process resulting in a Denial of Service (DoS). (bsc#1114423) - CVE-2018-18883: Fixed an issue related to inproper restriction of nested VT-x, which allowed a guest to cause Xen to crash, resulting in a Denial of Service (DoS). (XSA-278) (bsc#1114405) - CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient TLB flushing with AMD IOMMUs, which potentially allowed a guest to escalate its privileges, may cause a Denial of Service (DoS) affecting the entire host, or may be able to access data it is not supposed to access. (XSA-275) (bsc#1115040) - CVE-2018-19963: Fixed the allocation of pages used to communicate with external emulators, which may have cuased Xen to crash, resulting in a Denial of Service (DoS). (XSA-276) (bsc#1115043) - CVE-2018-19965: Fixed an issue related to the INVPCID instruction in case non-canonical addresses are accessed, which may allow a guest to cause Xen to crash, resulting in a Denial of Service (DoS) affecting the entire host. (XSA-279) (bsc#1115045) - CVE-2018-19966: Fixed an issue related to a previous fix for XSA-240, which conflicted with shadow paging and allowed a guest to cause Xen to crash, resulting in a Denial of Service (DoS) (XSA-280) (bsc#1115047) - CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the host, resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988) - CVE-2018-19964: Fixed the incorrect error handling of p2m page removals, which allowed a guest to cause a deadlock, resulting in a Denial of Service (DoS) affecting the entire host. (XSA-277) (bsc#1115044) - CVE-2018-19665: Fixed an integer overflow resulting in memory corruption in various Bluetooth functions, allowing this to crash qemu process resulting in Denial of Service (DoS). (bsc#1117756). Other bugs fixed: - Fixed an issue related to a domU hang on SLE12-SP3 HV (bsc#1108940) Important SUSE bug 1027519 SUSE bug 1108940 SUSE bug 1111014 SUSE bug 1114405 SUSE bug 1114423 SUSE bug 1114988 SUSE bug 1115040 SUSE bug 1115043 SUSE bug 1115044 SUSE bug 1115045 SUSE bug 1115047 SUSE bug 1117756 CVE-2018-17963 CVE-2018-18849 CVE-2018-18883 CVE-2018-19665 CVE-2018-19961 CVE-2018-19962 CVE-2018-19963 CVE-2018-19964 CVE-2018-19965 CVE-2018-19966 CVE-2018-19967 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for dpdk to version 17.11.7 fixes the following issues: - CVE-2019-14818: Fixed a memory leak vulnerability caused by a malicious container may lead to to denial of service (bsc#1156146). Moderate SUSE bug 1156146 CVE-2019-14818 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for aspell fixes the following issues: - CVE-2019-17544: Fixed a stack-based buffer over-read in acommon:unescape in common/getdata.cpp via an isolated backslash (bsc#1153892). Moderate SUSE bug 1153892 CVE-2019-17544 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for sqlite3 fixes the following issues: - CVE-2017-2518: Fixed a use-after-free vulnerability which could have led to buffer overflow via a crafted SQL statement (bsc#1155787). Important SUSE bug 1155787 CVE-2017-2518 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for cups fixes the following issues: - CVE-2019-8675: Fixed a stack buffer overflow in libcups's asn1_get_type function(bsc#1146358). - CVE-2019-8696: Fixed a stack buffer overflow in libcups's asn1_get_packed function (bsc#1146359). Important SUSE bug 1146358 SUSE bug 1146359 CVE-2019-8675 CVE-2019-8696 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for tiff fixes the following issues: Security issues fixed: - CVE-2019-14973: Fixed an improper check which was depended on the compiler which could have led to integer overflow (bsc#1146608). - CVE-2016-5102: Fixed a buffer overflow in readgifimage() (bsc#983268) - CVE-2018-17000: Fixed a NULL pointer dereference in the _TIFFmemcmp function (bsc#1108606). - CVE-2019-6128: Fixed a memory leak in the TIFFFdOpen function in tif_unix.c (bsc#1121626). - CVE-2019-7663: Fixed an invalid address dereference in the TIFFWriteDirectoryTagTransfer function in libtiff/tif_dirwrite.c (bsc#1125113) Moderate SUSE bug 1108606 SUSE bug 1121626 SUSE bug 1125113 SUSE bug 1146608 SUSE bug 983268 CVE-2016-5102 CVE-2018-17000 CVE-2019-14973 CVE-2019-6128 CVE-2019-7663 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for freerdp fixes the following issues: - CVE-2019-17177: Fixed multiple memory leaks in libfreerdp/codec/region.c (bsc#1153163). - CVE-2019-17178: Fixed a memory leak in HuffmanTree_makeFromFrequencies (bsc#1153164). Moderate SUSE bug 1153163 SUSE bug 1153164 CVE-2019-17177 CVE-2019-17178 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libxml2 doesn't fix any additional security issues, but correct the rpm changelog to reflect all CVEs that have been fixed over the past. Low SUSE bug 1123919 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libarchive fixes the following issues: Security issues fixed: - CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder (bsc#1120653). - CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder (bsc#1120654). - CVE-2019-1000019: Fixed an Out-Of-Bounds Read vulnerability in 7zip decompression (bsc#1124341). - CVE-2019-1000020: Fixed an Infinite Loop vulnerability in ISO9660 parser (bsc#1124342). - CVE-2019-18408: Fixed a use-after-free in RAR format support (bsc#1155079). Moderate SUSE bug 1032089 SUSE bug 1037008 SUSE bug 1037009 SUSE bug 1059134 SUSE bug 1059139 SUSE bug 1120653 SUSE bug 1120654 SUSE bug 1124341 SUSE bug 1124342 SUSE bug 1155079 CVE-2016-10209 CVE-2016-10349 CVE-2016-10350 CVE-2017-14501 CVE-2017-14502 CVE-2018-1000877 CVE-2018-1000878 CVE-2019-1000019 CVE-2019-1000020 CVE-2019-18408 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for ncurses fixes the following issues: Security issue fixed: - CVE-2018-10754: Fixed a denial of service caused by a NULL Pointer Dereference in the _nc_parse_entry() (bsc#1131830). - CVE-2019-17594: Fixed a heap-based buffer over-read in _nc_find_entry function in tinfo/comp_hash.c (bsc#1154036). - CVE-2019-17595: Fixed a heap-based buffer over-read in fmt_entry function in tinfo/comp_hash.c (bsc#1154037). Bug fixes: - Fixed ppc64le build configuration (bsc#1134550). Moderate SUSE bug 1131830 SUSE bug 1134550 SUSE bug 1154036 SUSE bug 1154037 CVE-2018-10754 CVE-2019-17594 CVE-2019-17595 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-20749: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123828) - CVE-2018-20750: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123832) - CVE-2018-20748: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1123823) Critical SUSE bug 1123823 SUSE bug 1123828 SUSE bug 1123832 CVE-2018-20748 CVE-2018-20749 CVE-2018-20750 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for apache2-mod_perl fixes the following issues: Security issue fixed: - CVE-2011-2767: Fixed a vulnerability which could have allowed perl code execution in the context of user account (bsc#1156944). Other issue addressed: - Restore process name after sv_setpv_mg() call. (bsc#1091625) Moderate SUSE bug 1091625 SUSE bug 1156944 CVE-2011-2767 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an arbitrary command execution (bsc#1158095). Important SUSE bug 1158095 CVE-2019-14889 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for xen fixes the following issues: - CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm (bsc#1158003 XSA-307). - CVE-2019-19582: Fixed a potential infinite loop when x86 accesses to bitmaps with a compile time known size of 64 (bsc#1158003 XSA-307). - CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH guest userspace code to crash the guest,leading to a guest denial of service (bsc#1158004 XSA-308). - CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could have caused hypervisor crash resulting in denial of service affecting the entire host (bsc#1158005 XSA-309). - CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest administrator could have been able to escalate their privilege to that of the host (bsc#1158006 XSA-310). - CVE-2019-19577: Fixed an issue where a malicious guest administrator could have caused Xen to access data structures while they are being modified leading to a crash (bsc#1158007 XSA-311). - CVE-2019-19579: Fixed a privilege escaltion where an untrusted domain with access to a physical device can DMA into host memory (bsc#1157888 XSA-306). - CVE-2019-18423: A malicious guest administrator may cause a hypervisor crash, resulting in a Denial of Service (DoS). (bsc#1154460). - CVE-2019-18424: An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. (bsc#1154461). - CVE-2019-18422: A malicious ARM guest might contrive to arrange for critical Xen code to run with interrupts erroneously enabled. This could lead to data corruption, denial of service, or possibly even privilege escalation. However a precise attack technique has not been identified. (bsc#1154464) Important SUSE bug 1154460 SUSE bug 1154461 SUSE bug 1154464 SUSE bug 1157888 SUSE bug 1158003 SUSE bug 1158004 SUSE bug 1158005 SUSE bug 1158006 SUSE bug 1158007 CVE-2019-18422 CVE-2019-18423 CVE-2019-18424 CVE-2019-19577 CVE-2019-19578 CVE-2019-19579 CVE-2019-19580 CVE-2019-19581 CVE-2019-19582 CVE-2019-19583 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for git fixes the following issues: Security issues fixed: - CVE-2019-1349: Fixed issue on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice (bsc#1158787). - CVE-2019-19604: Fixed a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that (bsc#1158795). - CVE-2019-1387: Fixed recursive clones that are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones (bsc#1158793). - CVE-2019-1354: Fixed issue on Windows that refuses to write tracked files with filenames that contain backslashes (bsc#1158792). - CVE-2019-1353: Fixed issue when run in the Windows Subsystem for Linux while accessing a working directory on a regular Windows drive, none of the NTFS protections were active (bsc#1158791). - CVE-2019-1352: Fixed issue on Windows was unaware of NTFS Alternate Data Streams (bsc#1158790). - CVE-2019-1351: Fixed issue on Windows mistakes drive letters outside of the US-English alphabet as relative paths (bsc#1158789). - CVE-2019-1350: Fixed incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs (bsc#1158788). - CVE-2019-1348: Fixed the --export-marks option of fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths (bsc#1158785). - Fixed an issue where git send-email fails to authenticate with SMTP server (bsc#1082023) Important SUSE bug 1082023 SUSE bug 1158785 SUSE bug 1158787 SUSE bug 1158788 SUSE bug 1158789 SUSE bug 1158790 SUSE bug 1158791 SUSE bug 1158792 SUSE bug 1158793 SUSE bug 1158795 CVE-2019-1348 CVE-2019-1349 CVE-2019-1350 CVE-2019-1351 CVE-2019-1352 CVE-2019-1353 CVE-2019-1354 CVE-2019-1387 CVE-2019-19604 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for php7 fixes the following issues: Security issue fixed: - CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function (bsc#1123354). - CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions (bsc#1123522). - CVE-2018-19935: Fixed a Denial of Service in php_imap.c which could be triggered via an empty string in the message argument to imap_mail (bsc#1118832). Moderate SUSE bug 1118832 SUSE bug 1123354 SUSE bug 1123522 CVE-2018-19935 CVE-2019-6977 CVE-2019-6978 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for zziplib fixes the following issues: Security issues fixed: - CVE-2018-16548: Avoid a memory leak from __zzip_parse_root_directory() which could lead to denial of service. (bsc#1107424) - CVE-2018-7727: Fixed a memory leak in unzzip_cat() (bsc#1084515). Non-security issue fixed: - Prevented division by zero by first checking if uncompressed size is 0. This may happen with directories which have a compressed and uncompressed size of 0. (bsc#1129403) Moderate SUSE bug 1084515 SUSE bug 1107424 SUSE bug 1129403 CVE-2018-16548 CVE-2018-7727 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for MozillaFirefox fixes the following issues: Mozilla Firefox was updated to 68.3esr (MFSA 2019-37 bsc#1158328) Security issues fixed: - CVE-2019-17008: Fixed a use-after-free in worker destruction (bmo#1546331) - CVE-2019-13722: Fixed a stack corruption due to incorrect number of arguments in WebRTC code (bmo#1580156) - CVE-2019-11745: Fixed an out of bounds write in NSS when encrypting with a block cipher (bmo#1586176) - CVE-2019-17009: Fixed an issue where updater temporary files accessible to unprivileged processes (bmo#1510494) - CVE-2019-17010: Fixed a use-after-free when performing device orientation checks (bmo#1581084) - CVE-2019-17005: Fixed a buffer overflow in plain text serializer (bmo#1584170) - CVE-2019-17011: Fixed a use-after-free when retrieving a document in antitracking (bmo#1591334) - CVE-2019-17012: Fixed multiple memmory issues (bmo#1449736, bmo#1533957, bmo#1560667,bmo#1567209, bmo#1580288, bmo#1585760, bmo#1592502) Important SUSE bug 1158328 CVE-2019-11745 CVE-2019-13722 CVE-2019-17005 CVE-2019-17008 CVE-2019-17009 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for MozillaFirefox fixes the following issues: Security issues fixed: CVE-2018-18500: Fixed a use-after-free parsing HTML5 stream (boo#1122983). CVE-2018-18501: Fixed multiple memory safety bugs (boo#1122983). CVE-2018-18505: Fixed a privilege escalation through IPC channel messages (boo#1122983). Important SUSE bug 1120374 SUSE bug 1122983 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for mariadb-100 fixes the following issues: Security issue fixed: - CVE-2019-2974: Fixed Server Optimizer (bsc#1154162). Moderate SUSE bug 1154162 CVE-2019-2974 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-14895: A heap-based buffer overflow was discovered in the Linux kernel in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could have allowed the remote device to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1157158). - CVE-2019-18660: The Linux kernel on powerpc allowed Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c (bnc#1157038). - CVE-2019-18683: An issue was discovered in drivers/media/platform/vivid in the Linux kernel. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free (bnc#1155897). - CVE-2019-18809: A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1156258). - CVE-2019-19062: A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures (bnc#1157333). - CVE-2019-19057: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197). - CVE-2019-19056: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197). - CVE-2019-19068: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157307). - CVE-2019-19063: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157298). - CVE-2019-19227: In the AppleTalk subsystem in the Linux kernel there was a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client (bnc#1157678). - CVE-2019-19065: A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures (bnc#1157191). - CVE-2019-19077: A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering copy to udata failures (bnc#1157171). - CVE-2019-19052: A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157324). - CVE-2019-19067: Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures (bsc#1157180). - CVE-2019-19060: A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157178). - CVE-2019-19049: A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures (bsc#1157173). - CVE-2019-19075: A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures (bnc#1157162). - CVE-2019-19058: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures (bnc#1157145). - CVE-2019-19074: A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157143). - CVE-2019-19073: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function (bnc#1157070). - CVE-2019-15916: An issue was discovered in the Linux kernel There was a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service (bnc#1149448). - CVE-2019-16231: drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150466). - CVE-2019-18805: An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel There was a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact (bnc#1156187). - CVE-2019-17055: base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel did not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket (bnc#1152782). The following non-security bugs were fixed: - ACPI / LPSS: Exclude I2C busses shared with PUNIT from pmc_atom_d3_mask (bsc#1051510). - ACPI / SBS: Fix rare oops when removing modules (bsc#1051510). - ACPICA: Never run _REG on system_memory and system_IO (bsc#1051510). - ACPICA: Use %d for signed int print formatting instead of %u (bsc#1051510). - ALSA: 6fire: Drop the dead code (git-fixes). - ALSA: bebob: fix to detect configured source of sampling clock for Focusrite Saffire Pro i/o series (git-fixes). - ALSA: cs4236: fix error return comparison of an unsigned integer (git-fixes). - ALSA: firewire-motu: Correct a typo in the clock proc string (git-fixes). - ALSA: hda - Add mute led support for HP ProBook 645 G4 (git-fixes). - ALSA: hda - Fix pending unsol events at shutdown (git-fixes). - ALSA: hda/ca0132 - Fix possible workqueue stall (bsc#1155836). - ALSA: hda/intel: add CometLake PCI IDs (bsc#1156729). - ALSA: hda/realtek - Move some alc236 pintbls to fallback table (git-fixes). - ALSA: hda/realtek - Move some alc256 pintbls to fallback table (git-fixes). - ALSA: hda: Add Cometlake-S PCI ID (git-fixes). - ALSA: i2c/cs8427: Fix int to char conversion (bsc#1051510). - ALSA: intel8x0m: Register irq handler after register initializations (bsc#1051510). - ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed() (git-fixes). - ALSA: pcm: signedness bug in snd_pcm_plug_alloc() (bsc#1051510). - ALSA: seq: Do error checks at creating system ports (bsc#1051510). - ALSA: timer: Fix incorrectly assigned timer instance (git-fixes). - ALSA: usb-audio: Fix Focusrite Scarlett 6i6 gen1 - input handling (git-fixes). - ALSA: usb-audio: Fix missing error check at mixer resolution test (git-fixes). - ALSA: usb-audio: not submit urb for stopped endpoint (git-fixes). - ASoC: Intel: hdac_hdmi: Limit sampling rates at dai creation (bsc#1051510). - ASoC: davinci-mcasp: Handle return value of devm_kasprintf (stable 4.14.y). - ASoC: davinci: Kill BUG_ON() usage (stable 4.14.y). - ASoC: dpcm: Properly initialise hw->rate_max (bsc#1051510). - ASoC: kirkwood: fix external clock probe defer (git-fixes). - ASoC: msm8916-wcd-analog: Fix RX1 selection in RDAC2 MUX (git-fixes). - ASoC: sgtl5000: avoid division by zero if lo_vag is zero (bsc#1051510). - ASoC: tegra_sgtl5000: fix device_node refcounting (bsc#1051510). - ASoC: tlv320aic31xx: Handle inverted BCLK in non-DSP modes (stable 4.14.y). - ASoC: tlv320dac31xx: mark expected switch fall-through (stable 4.14.y). - Bluetooth: Fix invalid-free in bcsp_close() (git-fixes). - Bluetooth: Fix memory leak in hci_connect_le_scan (bsc#1051510). - Bluetooth: L2CAP: Detect if remote is not able to use the whole MPS (bsc#1051510). - Bluetooth: btusb: fix PM leak in error case of setup (bsc#1051510). - Bluetooth: delete a stray unlock (bsc#1051510). - Bluetooth: hci_core: fix init for HCI_USER_CHANNEL (bsc#1051510). - Btrfs: fix log context list corruption after rename exchange operation (bsc#1156494). - CIFS: Fix SMB2 oplock break processing (bsc#1144333, bsc#1154355). - CIFS: Fix oplock handling for SMB 2.1+ protocols (bsc#1144333, bsc#1154355). - CIFS: Fix retry mid list corruption on reconnects (bsc#1144333, bsc#1154355). - CIFS: Fix use after free of file info structures (bsc#1144333, bsc#1154355). - CIFS: Force reval dentry if LOOKUP_REVAL flag is set (bsc#1144333, bsc#1154355). - CIFS: Force revalidate inode when dentry is stale (bsc#1144333, bsc#1154355). - CIFS: Gracefully handle QueryInfo errors during open (bsc#1144333, bsc#1154355). - CIFS: avoid using MID 0xFFFF (bsc#1144333, bsc#1154355). - CIFS: fix max ea value size (bsc#1144333, bsc#1154355). - Documentation: debugfs: Document debugfs helper for unsigned long values (git-fixes). - Documentation: x86: convert protection-keys.txt to reST (bsc#1078248). - EDAC/ghes: Fix Use after free in ghes_edac remove path (bsc#1114279). - HID: Add ASUS T100CHI keyboard dock battery quirks (bsc#1051510). - HID: Add quirk for Microsoft PIXART OEM mouse (bsc#1051510). - HID: Fix assumption that devices have inputs (git-fixes). - HID: asus: Add T100CHI bluetooth keyboard dock special keys mapping (bsc#1051510). - HID: wacom: generic: Treat serial number and related fields as unsigned (git-fixes). - Input: ff-memless - kill timer in destroy() (bsc#1051510). - Input: silead - try firmware reload after unsuccessful resume (bsc#1051510). - Input: st1232 - set INPUT_PROP_DIRECT property (bsc#1051510). - Input: synaptics-rmi4 - clear IRQ enables for F54 (bsc#1051510). - Input: synaptics-rmi4 - destroy F54 poller workqueue when removing (bsc#1051510). - Input: synaptics-rmi4 - disable the relative position IRQ in the F12 driver (bsc#1051510). - Input: synaptics-rmi4 - do not consume more data than we have (F11, F12) (bsc#1051510). - Input: synaptics-rmi4 - fix video buffer size (git-fixes). - KVM: VMX: Consider PID.PIR to determine if vCPU has pending interrupts (bsc#1158064). - KVM: VMX: Fix conditions for guest IA32_XSS support (bsc#1158065). - KVM: x86/mmu: Take slots_lock when using kvm_mmu_zap_all_fast() (bsc#1158067). - KVM: x86: Introduce vcpu->arch.xsaves_enabled (bsc#1158066). - NFC: nxp-nci: Fix NULL pointer dereference after I2C communication error (git-fixes). - PCI/ACPI: Correct error message for ASPM disabling (bsc#1051510). - PCI/PME: Fix possible use-after-free on remove (git-fixes). - PCI: sysfs: Ignore lockdep for remove attribute (git-fixes). - PM / devfreq: Check NULL governor in available_governors_show (git-fixes). - PM / devfreq: Lock devfreq in trans_stat_show (git-fixes). - PM / devfreq: exynos-bus: Correct clock enable sequence (bsc#1051510). - PM / devfreq: passive: Use non-devm notifiers (bsc#1051510). - PM / devfreq: passive: fix compiler warning (bsc#1051510). - PM / hibernate: Check the success of generating md5 digest before hibernation (bsc#1051510). - README.BRANCH: Add Denis as branch maintainer - Revert synaptics-rmi4 patch due to regression (bsc#1155982) Also blacklisting it - UAS: Revert commit 3ae62a42090f ('UAS: fix alignment of scatter/gather segments'). - USB: chaoskey: fix error case of a timeout (git-fixes). - USB: gadget: Reject endpoints with 0 maxpacket value (bsc#1051510). - USB: ldusb: fix control-message timeout (bsc#1051510). - USB: ldusb: fix ring-buffer locking (bsc#1051510). - USB: serial: mos7720: fix remote wakeup (git-fixes). - USB: serial: mos7840: add USB ID to support Moxa UPort 2210 (bsc#1051510). - USB: serial: mos7840: fix remote wakeup (git-fixes). - USB: serial: option: add support for DW5821e with eSIM support (bsc#1051510). - USB: serial: option: add support for Foxconn T77W968 LTE modules (bsc#1051510). - USB: serial: whiteheat: fix line-speed endianness (bsc#1051510). - USB: serial: whiteheat: fix potential slab corruption (bsc#1051510). - USBIP: add config dependency for SGL_ALLOC (git-fixes). - appledisplay: fix error handling in the scheduled work (git-fixes). - arm64: Update config files. (bsc#1156466) Enable HW_RANDOM_OMAP driver and mark driver omap-rng as supported. - ata: ep93xx: Use proper enums for directions (bsc#1051510). - ath10k: fix kernel panic by moving pci flush after napi_disable (bsc#1051510). - ath10k: fix vdev-start timeout on error (bsc#1051510). - ath10k: limit available channels via DT ieee80211-freq-limit (bsc#1051510). - ath10k: wmi: disable softirq's while calling ieee80211_rx (bsc#1051510). - ath9k: Fix a locking bug in ath9k_add_interface() (bsc#1051510). - ath9k: add back support for using active monitor interfaces for tx99 (bsc#1051510). - ath9k: fix reporting calculated new FFT upper max (bsc#1051510). - ath9k: fix tx99 with monitor mode interface (bsc#1051510). - ath9k_hw: fix uninitialized variable data (bsc#1051510). - ax88172a: fix information leak on short answers (bsc#1051510). - backlight: lm3639: Unconditionally call led_classdev_unregister (bsc#1051510). - brcmfmac: fix full timeout waiting for action frame on-channel tx (bsc#1051510). - brcmfmac: reduce timeout for action frame scan (bsc#1051510). - brcmsmac: AP mode: update beacon when TIM changes (bsc#1051510). - brcmsmac: never log 'tid x is not agg'able' by default (bsc#1051510). - can: c_can: c_can_poll(): only read status register after status IRQ (git-fixes). - can: dev: call netif_carrier_off() in register_candev() (bsc#1051510). - can: mcba_usb: fix use-after-free on disconnect (git-fixes). - can: peak_usb: fix a potential out-of-sync while decoding packets (git-fixes). - can: peak_usb: fix slab info leak (git-fixes). - can: rx-offload: can_rx_offload_offload_one(): do not increase the skb_queue beyond skb_queue_len_max (git-fixes). - can: rx-offload: can_rx_offload_queue_sorted(): fix error handling, avoid skb mem leak (git-fixes). - can: rx-offload: can_rx_offload_queue_tail(): fix error handling, avoid skb mem leak (git-fixes). - can: usb_8dev: fix use-after-free on disconnect (git-fixes). - ceph: add missing check in d_revalidate snapdir handling (bsc#1157183). - ceph: do not try to handle hashed dentries in non-O_CREAT atomic_open (bsc#1157184). - ceph: fix use-after-free in __ceph_remove_cap() (bsc#1154058). - ceph: just skip unrecognized info in ceph_reply_info_extra (bsc#1157182). - cfg80211: Avoid regulatory restore when COUNTRY_IE_IGNORE is set (bsc#1051510). - cfg80211: Prevent regulatory restore during STA disconnect in concurrent interfaces (bsc#1051510). - cfg80211: call disconnect_wk when AP stops (bsc#1051510). - cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (bsc#1144333, bsc#1154355). - cifs: Fix missed free operations (bsc#1144333, bsc#1154355). - cifs: Use kzfree() to zero out the password (bsc#1144333, bsc#1154355). - cifs: add a helper to find an existing readable handle to a file (bsc#1144333, bsc#1154355). - cifs: create a helper to find a writeable handle by path name (bsc#1144333, bsc#1154355). - cifs: move cifsFileInfo_put logic into a work-queue (bsc#1144333, bsc#1154355). - cifs: prepare SMB2_Flush to be usable in compounds (bsc#1144333, bsc#1154355). - cifs: set domainName when a domain-key is used in multiuser (bsc#1144333, bsc#1154355). - cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic (bsc#1144333, bsc#1154355). - cifs: use existing handle for compound_op(OP_SET_INFO) when possible (bsc#1144333, bsc#1154355). - clk: at91: avoid sleeping early (git-fixes). - clk: pxa: fix one of the pxa RTC clocks (bsc#1051510). - clk: samsung: Use clk_hw API for calling clk framework from clk notifiers (bsc#1051510). - clk: samsung: exynos5420: Preserve CPU clocks configuration during suspend/resume (bsc#1051510). - clk: samsung: exynos5420: Preserve PLL configuration during suspend/resume (git-fixes). - clk: sunxi-ng: a80: fix the zero'ing of bits 16 and 18 (git-fixes). - clocksource/drivers/sh_cmt: Fix clocksource width for 32-bit machines (bsc#1051510). - clocksource/drivers/sh_cmt: Fixup for 64-bit machines (bsc#1051510). - component: fix loop condition to call unbind() if bind() fails (bsc#1051510). - cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init() (bsc#1051510). - cpufreq: Skip cpufreq resume if it's not suspended (bsc#1051510). - cpufreq: intel_pstate: Register when ACPI PCCH is present (bsc#1051510). - cpufreq: powernv: fix stack bloat and hard limit on number of CPUs (bsc#1051510). - cpufreq: ti-cpufreq: add missing of_node_put() (bsc#1051510). - cpupower : Fix cpupower working when cpu0 is offline (bsc#1051510). - cpupower : frequency-set -r option misses the last cpu in related cpu list (bsc#1051510). - cpupower: Fix coredump on VMWare (bsc#1051510). - crypto: af_alg - cast ki_complete ternary op to int (bsc#1051510). - crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr (bsc#1051510). - crypto: ecdh - fix big endian bug in ECC library (bsc#1051510). - crypto: fix a memory leak in rsa-kcs1pad's encryption mode (bsc#1051510). - crypto: geode-aes - switch to skcipher for cbc(aes) fallback (bsc#1051510). - crypto: mxs-dcp - Fix AES issues (bsc#1051510). - crypto: mxs-dcp - Fix SHA null hashes and output length (bsc#1051510). - crypto: mxs-dcp - make symbols 'sha1_null_hash' and 'sha256_null_hash' static (bsc#1051510). - crypto: s5p-sss: Fix Fix argument list alignment (bsc#1051510). - crypto: tgr192 - remove unneeded semicolon (bsc#1051510). - cw1200: Fix a signedness bug in cw1200_load_firmware() (bsc#1051510). - cxgb4: fix panic when attaching to ULD fail (networking-stable-19_11_05). - dccp: do not leak jiffies on the wire (networking-stable-19_11_05). - dlm: do not leak kernel pointer to userspace (bsc#1051510). - dlm: fix invalid free (bsc#1051510). - dmaengine: bcm2835: Print error in case setting DMA mask fails (bsc#1051510). - dmaengine: dma-jz4780: Do not depend on MACH_JZ4780 (bsc#1051510). - dmaengine: dma-jz4780: Further residue status fix (bsc#1051510). - dmaengine: ep93xx: Return proper enum in ep93xx_dma_chan_direction (bsc#1051510). - dmaengine: imx-sdma: fix size check for sdma script_number (bsc#1051510). - dmaengine: imx-sdma: fix use-after-free on probe error path (bsc#1051510). - dmaengine: rcar-dmac: set scatter/gather max segment size (bsc#1051510). - dmaengine: timb_dma: Use proper enum in td_prep_slave_sg (bsc#1051510). - docs: move protection-keys.rst to the core-api book (bsc#1078248). - drm/etnaviv: fix dumping of iommuv2 (bsc#1113722) - drm/omap: fix max fclk divider for omap36xx (bsc#1113722) - drm/radeon: fix bad DMA from INTERRUPT_CNTL2 (git-fixes). - drm/radeon: fix si_enable_smc_cac() failed issue (bsc#1113722) - e1000e: Drop unnecessary __E1000_DOWN bit twiddling (bsc#1158049). - e1000e: Use dev_get_drvdata where possible (bsc#1158049). - e1000e: Use rtnl_lock to prevent race conditions between net and pci/pm (bsc#1158049). - extcon: cht-wc: Return from default case to avoid warnings (bsc#1051510). - fbdev: sbuslib: integer overflow in sbusfb_ioctl_helper() (bsc#1051510). - fbdev: sbuslib: use checked version of put_user() (bsc#1051510). - gpio: mpc8xxx: Do not overwrite default irq_set_type callback (bsc#1051510). - gpio: syscon: Fix possible NULL ptr usage (bsc#1051510). - gpiolib: acpi: Add Terra Pad 1061 to the run_edge_events_on_boot_blacklist (bsc#1051510). - gsmi: Fix bug in append_to_eventlog sysfs handler (bsc#1051510). - hwmon: (ina3221) Fix INA3221_CONFIG_MODE macros (bsc#1051510). - hwmon: (pwm-fan) Silence error on probe deferral (bsc#1051510). - hwrng: omap - Fix RNG wait loop timeout (bsc#1051510). - hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if not idled (bsc#1051510). - hypfs: Fix error number left in struct pointer member (bsc#1051510). - ibmvnic: Bound waits for device queries (bsc#1155689 ltc#182047). - ibmvnic: Fix completion structure initialization (bsc#1155689 ltc#182047). - ibmvnic: Serialize device queries (bsc#1155689 ltc#182047). - ibmvnic: Terminate waiting device threads after loss of service (bsc#1155689 ltc#182047). - iio: adc: max9611: explicitly cast gain_selectors (bsc#1051510). - iio: adc: stm32-adc: fix stopping dma (git-fixes). - iio: dac: mcp4922: fix error handling in mcp4922_write_raw (bsc#1051510). - iio: imu: adis16480: assign bias value only if operation succeeded (git-fixes). - iio: imu: adis16480: make sure provided frequency is positive (git-fixes). - iio: imu: adis: assign read val in debugfs hook only if op successful (git-fixes). - iio: imu: adis: assign value only if return code zero in read funcs (git-fixes). - include/linux/bitrev.h: fix constant bitrev (bsc#1114279). - inet: stop leaking jiffies on the wire (networking-stable-19_11_05). - intel_th: Fix a double put_device() in error path (git-fixes). - iommu/vt-d: Fix QI_DEV_IOTLB_PFSID and QI_DEV_EIOTLB_PFSID macros (bsc#1158063). - ipmi:dmi: Ignore IPMI SMBIOS entries with a zero base address (bsc#1051510). - ipv4: Return -ENETUNREACH if we can't create route but saddr is valid (networking-stable-19_10_24). - iwlwifi: api: annotate compressed BA notif array sizes (bsc#1051510). - iwlwifi: check kasprintf() return value (bsc#1051510). - iwlwifi: do not panic in error path on non-msix systems (bsc#1155692). - iwlwifi: exclude GEO SAR support for 3168 (git-fixes). - iwlwifi: mvm: avoid sending too many BARs (bsc#1051510). - iwlwifi: mvm: do not send keys when entering D3 (bsc#1051510). - kABI workaround for ath10k last_wmi_vdev_start_status field (bsc#1051510). - kABI workaround for struct mwifiex_power_cfg change (bsc#1051510). - kABI: Fix for 'KVM: x86: Introduce vcpu->arch.xsaves_enabled' (bsc#1158066). - lib/scatterlist: Fix chaining support in sgl_alloc_order() (git-fixes). - lib/scatterlist: Introduce sgl_alloc() and sgl_free() (git-fixes). - liquidio: fix race condition in instruction completion processing (bsc#1051510). - loop: add ioctl for changing logical block size (bsc#1108043). - mISDN: Fix type of switch control variable in ctrl_teimanager (bsc#1051510). - mac80211: consider QoS Null frames for STA_NULLFUNC_ACKED (bsc#1051510). - mac80211: minstrel: fix CCK rate group streams value (bsc#1051510). - mac80211: minstrel: fix sampling/reporting of CCK rates in HT mode (bsc#1051510). - macvlan: schedule bc_work even if error (bsc#1051510). - mailbox: reset txdone_method TXDONE_BY_POLL if client knows_txdone (git-fixes). - media: au0828: Fix incorrect error messages (bsc#1051510). - media: bdisp: fix memleak on release (git-fixes). - media: cxusb: detect cxusb_ctrl_msg error in query (bsc#1051510). - media: davinci: Fix implicit enum conversion warning (bsc#1051510). - media: exynos4-is: Fix recursive locking in isp_video_release() (git-fixes). - media: fix: media: pci: meye: validate offset to avoid arbitrary access (bsc#1051510). - media: flexcop-usb: ensure -EIO is returned on error condition (git-fixes). - media: imon: invalid dereference in imon_touch_event (bsc#1051510). - media: isif: fix a NULL pointer dereference bug (bsc#1051510). - media: pci: ivtv: Fix a sleep-in-atomic-context bug in ivtv_yuv_init() (bsc#1051510). - media: pxa_camera: Fix check for pdev->dev.of_node (bsc#1051510). - media: radio: wl1273: fix interrupt masking on release (git-fixes). - media: ti-vpe: vpe: Fix Motion Vector vpdma stride (git-fixes). - media: usbvision: Fix races among open, close, and disconnect (bsc#1051510). - media: vim2m: Fix abort issue (git-fixes). - media: vivid: Set vid_cap_streaming and vid_out_streaming to true (bsc#1051510). - mei: fix modalias documentation (git-fixes). - mei: samples: fix a signedness bug in amt_host_if_call() (bsc#1051510). - mfd: intel-lpss: Add default I2C device properties for Gemini Lake (bsc#1051510). - mfd: max8997: Enale irq-wakeup unconditionally (bsc#1051510). - mfd: mc13xxx-core: Fix PMIC shutdown when reading ADC values (bsc#1051510). - mfd: palmas: Assign the right powerhold mask for tps65917 (git-fixes). - mfd: ti_am335x_tscadc: Keep ADC interface on if child is wakeup capable (bsc#1051510). - mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d() (git fixes (mm/gup)). - mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new zone (git fixes (mm/compaction)). - mm/debug.c: PageAnon() is true for PageKsm() pages (git fixes (mm/debug)). - mmc: core: fix wl1251 sdio quirks (git-fixes). - mmc: host: omap_hsmmc: add code for special init of wl1251 to get rid of pandora_wl1251_init_card (git-fixes). - mmc: mediatek: fix cannot receive new request when msdc_cmd_is_ready fail (bsc#1051510). - mmc: sdhci-esdhc-imx: correct the fix of ERR004536 (git-fixes). - mmc: sdhci-of-at91: fix quirk2 overwrite (git-fixes). - mmc: sdio: fix wl1251 vendor id (git-fixes). - mt7601u: fix bbp version check in mt7601u_wait_bbp_ready (bsc#1051510). - mtd: nand: mtk: fix incorrect register setting order about ecc irq. - mtd: spear_smi: Fix Write Burst mode (bsc#1051510). - mtd: spi-nor: fix silent truncation in spi_nor_read() (bsc#1051510). - mwifiex: Fix NL80211_TX_POWER_LIMITED (bsc#1051510). - net/ibmvnic: Ignore H_FUNCTION return from H_EOI to tolerate XIVE mode (bsc#1089644, ltc#166495, ltc#165544, git-fixes). - net/mlx4_core: Dynamically set guaranteed amount of counters per VF (networking-stable-19_11_05). - net/mlx5e: Fix handling of compressed CQEs in case of low NAPI budget (networking-stable-19_11_05). - net/smc: Fix error path in smc_init (git-fixes). - net/smc: avoid fallback in case of non-blocking connect (git-fixes). - net/smc: fix closing of fallback SMC sockets (git-fixes). - net/smc: fix ethernet interface refcounting (git-fixes). - net/smc: fix refcounting for non-blocking connect() (git-fixes). - net/smc: keep vlan_id for SMC-R in smc_listen_work() (git-fixes). - net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol() (networking-stable-19_11_05). - net: add READ_ONCE() annotation in __skb_wait_for_more_packets() (networking-stable-19_11_05). - net: add skb_queue_empty_lockless() (networking-stable-19_11_05). - net: annotate accesses to sk->sk_incoming_cpu (networking-stable-19_11_05). - net: annotate lockless accesses to sk->sk_napi_id (networking-stable-19_11_05). - net: avoid potential infinite loop in tc_ctl_action() (networking-stable-19_10_24). - net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3 (networking-stable-19_10_24). - net: bcmgenet: Set phydev->dev_flags only for internal PHYs (networking-stable-19_10_24). - net: bcmgenet: reset 40nm EPHY on energy detect (networking-stable-19_11_05). - net: dsa: b53: Do not clear existing mirrored port mask (networking-stable-19_11_05). - net: dsa: bcm_sf2: Fix IMP setup for port different than 8 (networking-stable-19_11_05). - net: dsa: fix switch tree list (networking-stable-19_11_05). - net: ethernet: ftgmac100: Fix DMA coherency issue with SW checksum (networking-stable-19_11_05). - net: fix sk_page_frag() recursion from memory reclaim (networking-stable-19_11_05). - net: hisilicon: Fix ping latency when deal with high throughput (networking-stable-19_11_05). - net: stmmac: disable/enable ptp_ref_clk in suspend/resume flow (networking-stable-19_10_24). - net: use skb_queue_empty_lockless() in busy poll contexts (networking-stable-19_11_05). - net: use skb_queue_empty_lockless() in poll() handlers (networking-stable-19_11_05). - net: wireless: ti: remove local VENDOR_ID and DEVICE_ID definitions (git-fixes). - net: wireless: ti: wl1251 use new SDIO_VENDOR_ID_TI_WL1251 definition (git-fixes). - netns: fix GFP flags in rtnl_net_notifyid() (networking-stable-19_11_05). - nfc: netlink: fix double device reference drop (git-fixes). - nfc: port100: handle command failure cleanly (git-fixes). - nl80211: Fix a GET_KEY reply attribute (bsc#1051510). - openvswitch: fix flow command message size (git-fixes). - padata: use smp_mb in padata_reorder to avoid orphaned padata jobs (git-fixes). - phy: phy-twl4030-usb: fix denied runtime access (git-fixes). - pinctl: ti: iodelay: fix error checking on pinctrl_count_index_with_args call (git-fixes). - pinctrl: at91: do not use the same irqchip with multiple gpiochips (git-fixes). - pinctrl: cherryview: Allocate IRQ chip dynamic (git-fixes). - pinctrl: lewisburg: Update pin list according to v1.1v6 (bsc#1051510). - pinctrl: lpc18xx: Use define directive for PIN_CONFIG_GPIO_PIN_INT (bsc#1051510). - pinctrl: qcom: spmi-gpio: fix gpio-hog related boot issues (bsc#1051510). - pinctrl: samsung: Fix device node refcount leaks in S3C24xx wakeup controller init (bsc#1051510). - pinctrl: samsung: Fix device node refcount leaks in S3C64xx wakeup controller init (bsc#1051510). - pinctrl: samsung: Fix device node refcount leaks in init code (bsc#1051510). - pinctrl: sunxi: Fix a memory leak in 'sunxi_pinctrl_build_state()' (bsc#1051510). - pinctrl: zynq: Use define directive for PIN_CONFIG_IO_STANDARD (bsc#1051510). - power: reset: at91-poweroff: do not procede if at91_shdwc is allocated (bsc#1051510). - power: supply: ab8500_fg: silence uninitialized variable warnings (bsc#1051510). - power: supply: max14656: fix potential use-after-free (bsc#1051510). - power: supply: twl4030_charger: disable eoc interrupt on linear charge (bsc#1051510). - power: supply: twl4030_charger: fix charging current out-of-bounds (bsc#1051510). - powerpc/64: Make meltdown reporting Book3S 64 specific (bsc#1091041). - powerpc/book3s64/hash: Use secondary hash for bolted mapping if the primary is full (bsc#1157778 ltc#182520). - powerpc/bpf: Fix tail call implementation (bsc#1157698). - powerpc/pseries: Do not fail hash page table insert for bolted mapping (bsc#1157778 ltc#182520). - powerpc/pseries: Do not opencode HPTE_V_BOLTED (bsc#1157778 ltc#182520). - powerpc/pseries: address checkpatch warnings in dlpar_offline_cpu (bsc#1156700 ltc#182459). - powerpc/pseries: safely roll back failed DLPAR cpu add (bsc#1156700 ltc#182459). - powerpc/security/book3s64: Report L1TF status in sysfs (bsc#1091041). - powerpc/security: Fix wrong message when RFI Flush is disable (bsc#1131107). - powerpc/xive: Prevent page fault issues in the machine crash handler (bsc#1156882 ltc#182435). - ppdev: fix PPGETTIME/PPSETTIME ioctls (bsc#1051510). - pwm: bcm-iproc: Prevent unloading the driver module while in use (git-fixes). - pwm: lpss: Only set update bit if we are actually changing the settings (bsc#1051510). - r8152: add device id for Lenovo ThinkPad USB-C Dock Gen 2 (networking-stable-19_11_05). - regulator: ab8500: Remove AB8505 USB regulator (bsc#1051510). - regulator: ab8500: Remove SYSCLKREQ from enum ab8505_regulator_id (bsc#1051510). - remoteproc: Check for NULL firmwares in sysfs interface (git-fixes). - reset: Fix potential use-after-free in __of_reset_control_get() (bsc#1051510). - reset: fix of_reset_simple_xlate kerneldoc comment (bsc#1051510). - reset: fix reset_control_get_exclusive kerneldoc comment (bsc#1051510). - rpm/kernel-binary.spec.in: add COMPRESS_VMLINUX (bnc#1155921) Let COMPRESS_VMLINUX determine the compression used for vmlinux. By default (historically), it is gz. - rpm/kernel-source.spec.in: Fix dependency of kernel-devel (bsc#1154043) - rtl8187: Fix warning generated when strncpy() destination length matches the sixe argument (bsc#1051510). - rtlwifi: Remove unnecessary NULL check in rtl_regd_init (bsc#1051510). - rtlwifi: rtl8192de: Fix misleading REG_MCUFWDL information (bsc#1051510). - rtlwifi: rtl8192de: Fix missing code to retrieve RX buffer address (bsc#1051510). - rtlwifi: rtl8192de: Fix missing enable interrupt flag (bsc#1051510). - s390/bpf: fix lcgr instruction encoding (bsc#1051510). - s390/bpf: use 32-bit index for tail calls (bsc#1051510). - s390/cio: avoid calling strlen on null pointer (bsc#1051510). - s390/cio: exclude subchannels with no parent from pseudo check (bsc#1051510). - s390/cmm: fix information leak in cmm_timeout_handler() (bsc#1051510). - s390/cpumsf: Check for CPU Measurement sampling (bsc#1153681 LTC#181855). - s390/idle: fix cpu idle time calculation (bsc#1051510). - s390/process: avoid potential reading of freed stack (bsc#1051510). - s390/qdio: (re-)initialize tiqdio list entries (bsc#1051510). - s390/qdio: do not touch the dsci in tiqdio_add_input_queues() (bsc#1051510). - s390/qeth: return proper errno on IO error (bsc#1051510). - s390/setup: fix boot crash for machine without EDAT-1 (bsc#1051510 bsc#1140948). - s390/setup: fix early warning messages (bsc#1051510 bsc#1140948). - s390/topology: avoid firing events before kobjs are created (bsc#1051510). - s390: fix stfle zero padding (bsc#1051510). - sc16is7xx: Fix for 'Unexpected interrupt: 8' (bsc#1051510). - scsi: lpfc: Fix Oops in nvme_register with target logout/login (bsc#1151900). - scsi: lpfc: Honor module parameter lpfc_use_adisc (bsc#1153628). - scsi: lpfc: Limit xri count for kdump environment (bsc#1154124). - scsi: qla2xxx: Add debug dump of LOGO payload and ELS IOCB (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Allow PLOGI in target mode (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Change discovery state before PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Configure local loop for N2N target (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Do command completion on abort timeout (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Do not call qlt_async_event twice (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Do not defer relogin unconditonally (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Drop superfluous INIT_WORK of del_work (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Fix PLOGI payload and ELS IOCB dump length (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Fix SRB leak on switch command timeout (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix a dma_pool_free() call (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix device connect issues in P2P configuration (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix double scsi_done for abort path (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix driver unload hang (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix memory leak when sending I/O fails (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix qla2x00_request_irqs() for MSI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Ignore NULL pointer in tcm_qla2xxx_free_mcmd (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Ignore PORT UPDATE after N2N PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Initialize free_work before flushing it (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Remove an include directive (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Retry PLOGI on FC-NVMe PRLI failure (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Send Notify ACK after N2N PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Update driver version to 10.01.00.21-k (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Use explicit LOGO in target mode (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: do not use zero for FC4_PRIORITY_NVME (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: fix rports not being mark as lost in sync fabric scan (bsc#1138039). - scsi: qla2xxx: initialize fc4_type_priority (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: unregister ports after GPN_FT failure (bsc#1138039). - scsi: sd: Ignore a failure to sync cache due to lack of authorization (git-fixes). - scsi: storvsc: Add ability to change scsi queue depth (bsc#1155021). - scsi: zfcp: fix reaction on bit error threshold notification (bsc#1154956 LTC#182054). - scsi: zfcp: fix request object use-after-free in send path causing wrong traces (bsc#1051510). - sctp: change sctp_prot .no_autobind with true (networking-stable-19_10_24). - sctp: Fixed a regression (bsc#1158082). - selftests: net: reuseport_dualstack: fix uninitalized parameter (networking-stable-19_11_05). - serial: fix kernel-doc warning in comments (bsc#1051510). - serial: mctrl_gpio: Check for NULL pointer (bsc#1051510). - serial: mxs-auart: Fix potential infinite loop (bsc#1051510). - serial: samsung: Enable baud clock for UART reset procedure in resume (bsc#1051510). - serial: uartlite: fix exit path null pointer (bsc#1051510). - serial: uartps: Fix suspend functionality (bsc#1051510). - signal: Properly set TRACE_SIGNAL_LOSE_INFO in __send_signal (bsc#1157463). - slcan: Fix memory leak in error path (bsc#1051510). - slip: Fix memory leak in slip_open error path (bsc#1051510). - slip: Fix use-after-free Read in slip_open (bsc#1051510). - smb3: Incorrect size for netname negotiate context (bsc#1144333, bsc#1154355). - smb3: fix leak in 'open on server' perf counter (bsc#1144333, bsc#1154355). - smb3: fix signing verification of large reads (bsc#1144333, bsc#1154355). - smb3: fix unmount hang in open_shroot (bsc#1144333, bsc#1154355). - smb3: improve handling of share deleted (and share recreated) (bsc#1144333, bsc#1154355). - soc: imx: gpc: fix PDN delay (bsc#1051510). - soc: qcom: wcnss_ctrl: Avoid string overflow (bsc#1051510). - spi: atmel: Fix CS high support (bsc#1051510). - spi: atmel: fix handling of cs_change set on non-last xfer (bsc#1051510). - spi: fsl-lpspi: Prevent FIFO under/overrun by default (bsc#1051510). - spi: mediatek: Do not modify spi_transfer when transfer (bsc#1051510). - spi: mediatek: use correct mata->xfer_len when in fifo transfer (bsc#1051510). - spi: pic32: Use proper enum in dmaengine_prep_slave_rg (bsc#1051510). - spi: rockchip: initialize dma_slave_config properly (bsc#1051510). - spi: spidev: Fix OF tree warning logic (bsc#1051510). - staging: rtl8188eu: fix null dereference when kzalloc fails (bsc#1051510). - thunderbolt: Fix lockdep circular locking depedency warning (git-fixes). - tpm: add check after commands attribs tab allocation (bsc#1051510). - tracing: Get trace_array reference for available_tracers files (bsc#1156429). - udp: use skb_queue_empty_lockless() (networking-stable-19_11_05). - usb-serial: cp201x: support Mark-10 digital force gauge (bsc#1051510). - usb-storage: Revert commit 747668dbc061 ('usb-storage: Set virt_boundary_mask to avoid SG overflows') (bsc#1051510). - usb: chipidea: Fix otg event handler (bsc#1051510). - usb: chipidea: imx: enable OTG overcurrent in case USB subsystem is already started (bsc#1051510). - usb: dwc3: gadget: Check ENBLSLPM before sending ep command (bsc#1051510). - usb: gadget: udc: atmel: Fix interrupt storm in FIFO mode (bsc#1051510). - usb: gadget: udc: fotg210-udc: Fix a sleep-in-atomic-context bug in fotg210_get_status() (bsc#1051510). - usb: gadget: uvc: Factor out video USB request queueing (bsc#1051510). - usb: gadget: uvc: Only halt video streaming endpoint in bulk mode (bsc#1051510). - usb: gadget: uvc: configfs: Drop leaked references to config items (bsc#1051510). - usb: gadget: uvc: configfs: Prevent format changes after linking header (bsc#1051510). - usb: handle warm-reset port requests on hub resume (bsc#1051510). - usb: xhci-mtk: fix ISOC error when interval is zero (bsc#1051510). - usbip: Fix free of unallocated memory in vhci tx (git-fixes). - usbip: Fix vhci_urb_enqueue() URB null transfer buffer error path (git-fixes). - usbip: Implement SG support to vhci-hcd and stub driver (git-fixes). - usbip: tools: fix fd leakage in the function of read_attr_usbip_status (git-fixes). - vfio-ccw: Fix misleading comment when setting orb.cmd.c64 (bsc#1051510). - vfio-ccw: Set pa_nr to 0 if memory allocation fails for pa_iova_pfn (bsc#1051510). - vfio: ccw: push down unsupported IDA check (bsc#1156471 LTC#182362). - video/hdmi: Fix AVI bar unpack (git-fixes). - virtio/s390: fix race on airq_areas (bsc#1051510). - virtio_console: allocate inbufs in add_port() only if it is needed (git-fixes). - virtio_ring: fix return code on DMA mapping fails (git-fixes). - vmxnet3: turn off lro when rxcsum is disabled (bsc#1157499). - watchdog: meson: Fix the wrong value of left time (bsc#1051510). - x86/alternatives: Add int3_emulate_call() selftest (bsc#1153811). - x86/alternatives: Fix int3_emulate_call() selftest stack corruption (bsc#1153811). - x86/mm/pkeys: Fix typo in Documentation/x86/protection-keys.txt (bsc#1078248). - x86/pkeys: Update documentation about availability (bsc#1078248). - x86/resctrl: Fix potential lockdep warning (bsc#1114279). - x86/resctrl: Prevent NULL pointer dereference when reading mondata (bsc#1114279). - x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs (bsc#1158068). - xfrm: Fix xfrm sel prefix length validation (git-fixes). - xfrm: fix sa selector validation (bsc#1156609). Important SUSE bug 1048942 SUSE bug 1051510 SUSE bug 1078248 SUSE bug 1082635 SUSE bug 1089644 SUSE bug 1091041 SUSE bug 1108043 SUSE bug 1113722 SUSE bug 1114279 SUSE bug 1117169 SUSE bug 1131107 SUSE bug 1138039 SUSE bug 1140948 SUSE bug 1143706 SUSE bug 1144333 SUSE bug 1149448 SUSE bug 1150466 SUSE bug 1151548 SUSE bug 1151900 SUSE bug 1152782 SUSE bug 1153628 SUSE bug 1153681 SUSE bug 1153811 SUSE bug 1154043 SUSE bug 1154058 SUSE bug 1154124 SUSE bug 1154355 SUSE bug 1154526 SUSE bug 1154956 SUSE bug 1155021 SUSE bug 1155689 SUSE bug 1155692 SUSE bug 1155836 SUSE bug 1155897 SUSE bug 1155921 SUSE bug 1155982 SUSE bug 1156187 SUSE bug 1156258 SUSE bug 1156429 SUSE bug 1156466 SUSE bug 1156471 SUSE bug 1156494 SUSE bug 1156609 SUSE bug 1156700 SUSE bug 1156729 SUSE bug 1156882 SUSE bug 1157038 SUSE bug 1157042 SUSE bug 1157070 SUSE bug 1157143 SUSE bug 1157145 SUSE bug 1157158 SUSE bug 1157162 SUSE bug 1157171 SUSE bug 1157173 SUSE bug 1157178 SUSE bug 1157180 SUSE bug 1157182 SUSE bug 1157183 SUSE bug 1157184 SUSE bug 1157191 SUSE bug 1157193 SUSE bug 1157197 SUSE bug 1157298 SUSE bug 1157307 SUSE bug 1157324 SUSE bug 1157333 SUSE bug 1157424 SUSE bug 1157463 SUSE bug 1157499 SUSE bug 1157678 SUSE bug 1157698 SUSE bug 1157778 SUSE bug 1157908 SUSE bug 1158049 SUSE bug 1158063 SUSE bug 1158064 SUSE bug 1158065 SUSE bug 1158066 SUSE bug 1158067 SUSE bug 1158068 SUSE bug 1158082 CVE-2019-14895 CVE-2019-15916 CVE-2019-16231 CVE-2019-17055 CVE-2019-18660 CVE-2019-18683 CVE-2019-18805 CVE-2019-18809 CVE-2019-19049 CVE-2019-19052 CVE-2019-19056 CVE-2019-19057 CVE-2019-19058 CVE-2019-19060 CVE-2019-19062 CVE-2019-19063 CVE-2019-19065 CVE-2019-19067 CVE-2019-19068 CVE-2019-19073 CVE-2019-19074 CVE-2019-19075 CVE-2019-19077 CVE-2019-19227 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for curl fixes the following issues: Security issues fixed: - CVE-2019-3822: Fixed a NTLMv2 type-3 header stack buffer overflow (bsc#1123377). - CVE-2019-3823: Fixed an out-of-bounds read in the SMTP end-of-response (bsc#1123378). - CVE-2018-16890: Fixed an out-of-bounds buffer read in NTLM type2 (bsc#1123371). - CVE-2018-16842: Fixed an out-of-bounds read in tool_msgs.c (bsc#1113660). - CVE-2018-16840: Fixed a use-after-free in handle close (bsc#1113029). - CVE-2018-16839: Fixed an SASL password overflow caused by an integer overflow (bsc#1112758). Important SUSE bug 1112758 SUSE bug 1113029 SUSE bug 1113660 SUSE bug 1123371 SUSE bug 1123377 SUSE bug 1123378 CVE-2018-16839 CVE-2018-16840 CVE-2018-16842 CVE-2018-16890 CVE-2019-3822 CVE-2019-3823 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for dia fixes the following issue: - CVE-2019-19451: Fixed an endless loop on filenames with invalid encoding (bsc#1158194). Moderate SUSE bug 1158194 CVE-2019-19451 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for podofo fixes the following issues: These security issues were fixed: - CVE-2017-6845: The PoDoFo::PdfColor::operator function allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1027779). - CVE-2018-5308: Properly validate memcpy arguments in the PdfMemoryOutputStream::Write function to prevent remote attackers from causing a denial-of-service or possibly have unspecified other impact via a crafted pdf file (bsc#1075772) - CVE-2018-5295: Prevent integer overflow in the PdfXRefStreamParserObject::ParseStream function that allowed remote attackers to cause a denial-of-service via a crafted pdf file (bsc#1075026). - CVE-2017-6845: The PoDoFo::PdfColor::operator function allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1027779). - CVE-2018-5309: Prevent integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function that allowed remote attackers to cause a denial-of-service via a crafted pdf file (bsc#1075322). - CVE-2018-5296: Prevent uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function that allowed remote attackers to cause a denial-of-service via a crafted pdf file (bsc#1075021). - CVE-2017-7381: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1032020). - CVE-2017-7382: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1032021). - CVE-2017-7383: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1032022). - CVE-2018-11256: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1096889). - CVE-2018-5783: Prevent uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function that allowed remote attackers to cause a denial of service via a crafted pdf file (bsc#1076962). These non-security issues were fixed: - Prevent regression caused by the fix for CVE-2017-8054. - Prevent NULL dereferences when 'Kids' array is missing (bsc#1096890) - Added to detect cycles and recursions in XRef tables Moderate SUSE bug 1027779 SUSE bug 1032020 SUSE bug 1032021 SUSE bug 1032022 SUSE bug 1075021 SUSE bug 1075026 SUSE bug 1075322 SUSE bug 1075772 SUSE bug 1076962 SUSE bug 1096889 SUSE bug 1096890 CVE-2017-6845 CVE-2017-7381 CVE-2017-7382 CVE-2017-7383 CVE-2017-8054 CVE-2018-11256 CVE-2018-5295 CVE-2018-5296 CVE-2018-5308 CVE-2018-5309 CVE-2018-5783 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for python-numpy fixes the following issue: Security issue fixed: - CVE-2019-6446: Set allow_pickle to false by default to restrict loading untrusted content (bsc#1122208). With this update we decrease the possibility of allowing remote attackers to execute arbitrary code by misusing numpy.load(). A warning during runtime will show-up when the allow_pickle is not explicitly set. NOTE: By applying this update the behavior of python-numpy changes, which might break your application. In order to get the old behaviour back, you have to explicitly set `allow_pickle` to True. Be aware that this should only be done for trusted input, as loading untrusted input might lead to arbitrary code execution. Important SUSE bug 1122208 CVE-2019-6446 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for systemd fixes the following issues: Security vulnerability fixed: - CVE-2019-6454: Fixed a crash of PID1 by sending specially crafted D-BUS message on the system bus by an unprivileged user (bsc#1125352) Other bug fixes and changes: - journal-remote: set a limit on the number of fields in a message - journal-remote: verify entry length from header - journald: set a limit on the number of fields (1k) - journald: do not store the iovec entry for process commandline on stack - core: include Found state in device dumps - device: fix serialization and deserialization of DeviceFound - fix path in btrfs rule (#6844) - assemble multidevice btrfs volumes without external tools (#6607) (bsc#1117025) - Update systemd-system.conf.xml (bsc#1122000) - units: inform user that the default target is started after exiting from rescue or emergency mode - manager: don't skip sigchld handler for main and control pid for services (#3738) - core: Add helper functions unit_{main, control}_pid - manager: Fixing a debug printf formatting mistake (#3640) - manager: Only invoke a single sigchld per unit within a cleanup cycle (bsc#1117382) - core: update invoke_sigchld_event() to handle NULL ->sigchld_event() - sd-event: expose the event loop iteration counter via sd_event_get_iteration() (#3631) - unit: rework a bit how we keep the service fdstore from being destroyed during service restart (bsc#1122344) - core: when restarting services, don't close fds - cryptsetup: Add dependency on loopback setup to generated units - journal-gateway: use localStorage['cursor'] only when it has valid value - journal-gateway: explicitly declare local variables - analyze: actually select longest activated-time of services - sd-bus: fix implicit downcast of bitfield reported by LGTM - core: free lines after reading them (bsc#1123892) - pam_systemd: reword message about not creating a session (bsc#1111498) - pam_systemd: suppress LOG_DEBUG log messages if debugging is off (bsc#1111498) - main: improve RLIMIT_NOFILE handling (#5795) (bsc#1120658) - sd-bus: if we receive an invalid dbus message, ignore and proceeed - automount: don't pass non-blocking pipe to kernel. - units: make sure initrd-cleanup.service terminates before switching to rootfs (bsc#1123333) - units: add Wants=initrd-cleanup.service to initrd-switch-root.target (#4345) (bsc#1123333) Important SUSE bug 1111498 SUSE bug 1117025 SUSE bug 1117382 SUSE bug 1120658 SUSE bug 1122000 SUSE bug 1122344 SUSE bug 1123333 SUSE bug 1123892 SUSE bug 1125352 CVE-2019-6454 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for php5 fixes the following issues: Security vulnerability fixed: - CVE-2019-6977: Fixed a heap buffer overflow in gdImageColorMatch in gd_color_match.c (bsc#1123354) Moderate SUSE bug 1123354 CVE-2019-6977 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for procps fixes the following security issues: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). (These issues were previously released for SUSE Linux Enterprise 12 SP3 and SP4.) Also the following non-security issue was fixed: - Fix CPU summary showing old data. (bsc#1121753) Important SUSE bug 1092100 SUSE bug 1121753 CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for python fixes the following issues: Security issues fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191). - CVE-2018-14647: Fixed a denial-of-service vulnerability in Expat (bsc#1109847). Non-security issue fixed: - Fixed a bug where PyWeakReference struct was not initialized correctly leading to a crash (bsc#1073748). Important SUSE bug 1073748 SUSE bug 1109847 SUSE bug 1122191 CVE-2018-14647 CVE-2019-5010 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for apache2 fixes the following issues: Security issues fixed: - CVE-2018-17189: Fixed a denial of service in mod_http2, via slow and unneeded request bodies (bsc#1122838) - CVE-2018-17199: Fixed that mod_session_cookie did not respect expiry time (bsc#1122839) Non-security issue fixed: - sysconfig.d is not created anymore if it already exists (bsc#1121086) Moderate SUSE bug 1121086 SUSE bug 1122838 SUSE bug 1122839 CVE-2018-17189 CVE-2018-17199 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for ceph fixes the following issues: Security issues fixed: - CVE-2018-14662: mon: limit caps allowed to access the config store (bsc#1111177) - CVE-2018-16846: rgw: enforce bounds on max-keys/max-uploads/max-parts (bsc#1114710) - CVE-2018-16889: rgw: sanitize customer encryption keys from log output in v4 auth (bsc#1121567) Non-security issue fixed: - os/bluestore: avoid frequent allocator dump on bluefs rebalance failure (bsc#1113246) Important SUSE bug 1111177 SUSE bug 1113246 SUSE bug 1114710 SUSE bug 1121567 CVE-2018-14662 CVE-2018-16846 CVE-2018-16889 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for webkit2gtk3 to version 2.22.6 fixes the following issues: Security issues fixed: - CVE-2019-6212: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6215: Fixed a type confusion vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6216: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6217: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6226: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6227: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6229: Fixed a logic issue by improving validation which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6233: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6234: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. Other issues addressed: - Update to version 2.22.6 (bsc#1124937). - Kinetic scrolling slow down smoothly when reaching the ends of pages, instead of abruptly, to better match the GTK+ behaviour. - Fixed Web inspector magnifier under Wayland. - Fixed garbled rendering of some websites (e.g. YouTube) while scrolling under X11. - Fixed several crashes, race conditions, and rendering issues. Important SUSE bug 1124937 CVE-2019-6212 CVE-2019-6215 CVE-2019-6216 CVE-2019-6217 CVE-2019-6226 CVE-2019-6227 CVE-2019-6229 CVE-2019-6233 CVE-2019-6234 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for openssl-1_1 fixes the following issues: - The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS Implementations (bsc#1117951) Moderate SUSE bug 1117951 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for sssd fixes the following issues: Security vulnerabilities addressed: - Fix fallback_homedir returning '/' for empty home directories (CVE-2019-3811) (bsc#1121759) - Create sockets with right permissions (bsc#1098377, CVE-2018-10852) Other bug fixes and changes: - Install logrotate configuration (bsc#1004220) - Strip whitespaces in netgroup triples (bsc#1087320) - Align systemd service file with upstream * Run interactive and change service type to notify (bsc#1120852) * Replace deprecated '-f' and use '--logger' Moderate SUSE bug 1004220 SUSE bug 1087320 SUSE bug 1098377 SUSE bug 1120852 SUSE bug 1121759 CVE-2018-10852 CVE-2019-3811 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for audit fixes the following issues: Audit on SUSE Linux Enterprise 12 SP4 was updated to 2.8.1 to bring new features and bugfixes. (bsc#1125535 FATE#326346) * Many features were added to auparse_normalize * cli option added to auditd and audispd for setting config dir * In auditd, restore the umask after creating a log file * Option added to auditd for skipping email verification The full changelog can be found here: http://people.redhat.com/sgrubb/audit/ChangeLog - Change openldap dependency to client only (bsc#1085003) Minor security issue fixed: - CVE-2015-5186: Audit: log terminal emulator escape sequences handling (bsc#941922) Moderate SUSE bug 1042781 SUSE bug 1085003 SUSE bug 1125535 SUSE bug 941922 CVE-2015-5186 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for openssl-1_0_0 fixes the following issues: Security issues fixed: - The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations (bsc#1117951) - CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080). Moderate SUSE bug 1117951 SUSE bug 1127080 CVE-2019-1559 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for webkit2gtk3 to version 2.22.4 fixes the following issues: Security issues fixed: CVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4392, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361, CVE-2018-4345, CVE-2018-4372, CVE-2018-4373, CVE-2018-4375, CVE-2018-4376, CVE-2018-4416, CVE-2018-4378, CVE-2018-4382, CVE-2018-4386 (bsc#1110279, bsc#1116998). Important SUSE bug 1110279 SUSE bug 1116998 CVE-2018-4191 CVE-2018-4197 CVE-2018-4207 CVE-2018-4208 CVE-2018-4209 CVE-2018-4210 CVE-2018-4212 CVE-2018-4213 CVE-2018-4261 CVE-2018-4262 CVE-2018-4263 CVE-2018-4264 CVE-2018-4265 CVE-2018-4266 CVE-2018-4267 CVE-2018-4270 CVE-2018-4272 CVE-2018-4273 CVE-2018-4278 CVE-2018-4284 CVE-2018-4299 CVE-2018-4306 CVE-2018-4309 CVE-2018-4312 CVE-2018-4314 CVE-2018-4315 CVE-2018-4316 CVE-2018-4317 CVE-2018-4318 CVE-2018-4319 CVE-2018-4323 CVE-2018-4328 CVE-2018-4345 CVE-2018-4358 CVE-2018-4359 CVE-2018-4361 CVE-2018-4372 CVE-2018-4373 CVE-2018-4375 CVE-2018-4376 CVE-2018-4378 CVE-2018-4382 CVE-2018-4386 CVE-2018-4392 CVE-2018-4416 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-15126: Fixed use-after-free in file transfer extension (bsc#1120114) - CVE-2018-6307: Fixed use-after-free in file transfer extension server code (bsc#1120115) - CVE-2018-20020: Fixed heap out-of-bound write inside structure in VNC client code (bsc#1120116) - CVE-2018-15127: Fixed heap out-of-bounds write in rfbserver.c (bsc#1120117) - CVE-2018-20019: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1120118) - CVE-2018-20023: Fixed information disclosure through improper initialization in VNC Repeater client code (bsc#1120119) - CVE-2018-20022: Fixed information disclosure through improper initialization in VNC client code (bsc#1120120) - CVE-2018-20024: Fixed NULL pointer dereference in VNC client code (bsc#1120121) - CVE-2018-20021: Fixed infinite loop in VNC client code (bsc#1120122) Important SUSE bug 1120114 SUSE bug 1120115 SUSE bug 1120116 SUSE bug 1120117 SUSE bug 1120118 SUSE bug 1120119 SUSE bug 1120120 SUSE bug 1120121 SUSE bug 1120122 CVE-2018-15126 CVE-2018-15127 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20023 CVE-2018-20024 CVE-2018-6307 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for java-1_7_1-ibm to version 7.1.4.40 fixes the following issues: Security issues fixed: - CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl (bsc#1122293). - CVE-2018-11212: Fixed an issue in alloc_sarray function in jmemmgr.c (bsc#1122299). More information: https://developer.ibm.com/javasdk/support/security-vulnerabilities/#IBM_Security_Update_February_2019 Important SUSE bug 1122293 SUSE bug 1122299 CVE-2018-11212 CVE-2019-2422 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for java-1_8_0-ibm to version 8.0.5.30 fixes the following issues: Security issues fixed: - CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl (bsc#1122293). - CVE-2018-11212: Fixed an issue in alloc_sarray function in jmemmgr.c (bsc#1122299). - CVE-2018-1890: Fixed a local privilege escalation via RPATHs (bsc#1128158). - CVE-2019-2449: Fixed a vulnerabilit which could allow remote atackers to delete arbitrary files (bsc#1122292). More information: https://www-01.ibm.com/support/docview.wss?uid=ibm10873332 Important SUSE bug 1122292 SUSE bug 1122293 SUSE bug 1122299 SUSE bug 1128158 CVE-2018-11212 CVE-2018-1890 CVE-2019-2422 CVE-2019-2449 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libssh2_org fixes the following issues: Security issues fixed: - CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets (bsc#1128490). - CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet (bsc#1128492). - CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP packets (bsc#1128481). - CVE-2019-3863: Fixed an Integer overflow in user authenticate keyboard interactive which could allow out-of-bounds writes with specially crafted keyboard responses (bsc#1128493). - CVE-2019-3856: Fixed a potential Integer overflow in keyboard interactive handling which could allow out-of-bounds write with specially crafted payload (bsc#1128472). - CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require and _libssh2_packet_requirev (bsc#1128480). - CVE-2019-3855: Fixed a potential Integer overflow in transport read which could allow out-of-bounds write with specially crafted payload (bsc#1128471). - CVE-2019-3858: Fixed a potential zero-byte allocation which could lead to an out-of-bounds read with a specially crafted SFTP packet (bsc#1128476). - CVE-2019-3857: Fixed a potential Integer overflow which could lead to zero-byte allocation and out-of-bounds with specially crafted message channel request SSH packet (bsc#1128474). Other issue addressed: - Libbssh2 will stop using keys unsupported types in the known_hosts file (bsc#1091236). Moderate SUSE bug 1091236 SUSE bug 1128471 SUSE bug 1128472 SUSE bug 1128474 SUSE bug 1128476 SUSE bug 1128480 SUSE bug 1128481 SUSE bug 1128490 SUSE bug 1128492 SUSE bug 1128493 CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for openwsman fixes the following issues: Security issues fixed: - CVE-2019-3816: Fixed a vulnerability in openwsmand deamon which could lead to arbitary file disclosure (bsc#1122623). - CVE-2019-3833: Fixed a vulnerability in process_connection() which could allow an attacker to trigger an infinite loop which leads to Denial of Service (bsc#1122623). Important SUSE bug 1122623 CVE-2019-3816 CVE-2019-3833 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for wireshark to version 2.4.13 fixes the following issues: Security issues fixed: - CVE-2019-9214: Avoided a dereference of a null coversation which could make RPCAP dissector crash (bsc#1127367). - CVE-2019-9209: Fixed a buffer overflow in time values which could make ASN.1 BER and related dissectors crash (bsc#1127369). - CVE-2019-9208: Fixed a null pointer dereference which could make TCAP dissector crash (bsc#1127370). Release notes: https://www.wireshark.org/docs/relnotes/wireshark-2.4.13.html Moderate SUSE bug 1127367 SUSE bug 1127369 SUSE bug 1127370 CVE-2019-9208 CVE-2019-9209 CVE-2019-9214 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for ghostscript fixes the following issue: Security issue fixed: - CVE-2019-3838: Fixed a vulnerability which made forceput operator in DefineResource to be still accessible which could allow access to file system outside of the constraints of -dSAFER (bsc#1129186). Important SUSE bug 1129186 CVE-2019-3838 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for gd fixes the following issues: Security issues fixed: - CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function (bsc#1123361). - CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions (bsc#1123522). Moderate SUSE bug 1123361 SUSE bug 1123522 CVE-2019-6977 CVE-2019-6978 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-20669: Missing access control checks in ioctl of gpu/drm/i915 driver were fixed which might have lead to information leaks. (bnc#1122971). - CVE-2019-3459, CVE-2019-3460: The Bluetooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758). - CVE-2019-3819: A flaw was found in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ('root') can cause a system lock up and a denial of service. (bnc#1123161). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bnc#1124728 ). - CVE-2019-7221: Fixed a use-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124732). - CVE-2019-7222: Fixed an information leakage in the KVM hypervisor related to handling page fault exceptions, which allowed a guest user/process to use this flaw to leak the host's stack memory contents to a guest (bsc#1124735). - CVE-2019-7308: kernel/bpf/verifier.c performed undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks (bnc#1124055). - CVE-2019-8912: af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr (bnc#1125907). - CVE-2019-8980: A memory leak in the kernel_read_file function in fs/exec.c allowed attackers to cause a denial of service (memory consumption) by triggering vfs_read failures (bnc#1126209). - CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166). - CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179). The following non-security bugs were fixed: - 6lowpan: iphc: reset mac_header after decompress to fix panic (bsc#1051510). - 9p: clear dangling pointers in p9stat_free (bsc#1051510). - 9p locks: fix glock.client_id leak in do_lock (bsc#1051510). - 9p/net: fix memory leak in p9_client_create (bsc#1051510). - 9p/net: put a lower bound on msize (bsc#1051510). - 9p: use inode->i_lock to protect i_size_write() under 32-bit (bsc#1051510). - acpi/APEI: Clear GHES block_status before panic() (bsc#1051510). - acpi/device_sysfs: Avoid OF modalias creation for removed device (bsc#1051510). - acpi/nfit: Block function zero DSMs (bsc#1051510). - acpi, nfit: Fix Address Range Scrub completion tracking (bsc#1124969). - acpi/nfit: Fix bus command validation (bsc#1051510). - acpi/nfit: Fix command-supported detection (bsc#1051510). - acpi/nfit: Fix race accessing memdev in nfit_get_smbios_id() (bsc#1122662). - acpi/nfit: Fix user-initiated ARS to be 'ARS-long' rather than 'ARS-short' (bsc#1124969). - acpi: NUMA: Use correct type for printing addresses on i386-PAE (bsc#1051510). - acpi: power: Skip duplicate power resource references in _PRx (bsc#1051510). - acpi / video: Extend chassis-type detection with a 'Lunch Box' check (bsc#1051510). - acpi / video: Refactor and fix dmi_is_desktop() (bsc#1051510). - add 1 entry 2bcbd406715dca256912b9c5ae449c7968f15705 - Add delay-init quirk for Corsair K70 RGB keyboards (bsc#1087092). - af_iucv: Move sockaddr length checks to before accessing sa_family in bind and connect handlers (bsc#1051510). - alsa: bebob: fix model-id of unit for Apogee Ensemble (bsc#1051510). - alsa: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56 (bsc#1051510). - alsa: compress: Fix stop handling on compressed capture streams (bsc#1051510). - alsa: compress: prevent potential divide by zero bugs (bsc#1051510). - alsa: firewire-motu: fix construction of PCM frame for capture direction (bsc#1051510). - alsa: hda - Add mute LED support for HP ProBook 470 G5 (bsc#1051510). - alsa: hda - Add quirk for HP EliteBook 840 G5 (bsc#1051510). - alsa: hda/ca0132 - Fix build error without CONFIG_PCI (bsc#1051510). - alsa: hda/realtek: Disable PC beep in passthrough on alc285 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX362FA with ALC294 (bsc#1051510). - alsa: hda/realtek - Fixed hp_pin no value (bsc#1051510). - alsa: hda/realtek - Fix lose hp_pins for disable auto mute (bsc#1051510). - alsa: hda/realtek - Headset microphone and internal speaker support for System76 oryp5 (bsc#1051510). - alsa: hda/realtek - Headset microphone support for System76 darp5 (bsc#1051510). - alsa: hda/realtek - Reduce click noise on Dell Precision 5820 headphone (bsc#1126131). - alsa: hda/realtek - Use a common helper for hp pin reference (bsc#1051510). - alsa: hda - Serialize codec registrations (bsc#1122944). - alsa: hda - Use standard device registration for beep (bsc#1122944). - alsa: oxfw: add support for APOGEE duet FireWire (bsc#1051510). - alsa: usb-audio: Add Opus #3 to quirks for native DSD support (bsc#1051510). - alsa: usb-audio: Add support for new T+A USB DAC (bsc#1051510). - alsa: usb-audio: Fix implicit fb endpoint setup by quirk (bsc#1051510). - altera-stapl: check for a null key before strcasecmp'ing it (bsc#1051510). - amd-xgbe: Fix mdio access for non-zero ports and clause 45 PHYs (bsc#1122927). - apparmor: Fix aa_label_build() error handling for failed merges (bsc#1051510). - applicom: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - aquantia: Setup max_mtu in ndev to enable jumbo frames (bsc#1051510). - arm64: fault: avoid send SIGBUS two times (bsc#1126393). - arm: 8802/1: Call syscall_trace_exit even when system call skipped (bsc#1051510). - arm: 8808/1: kexec:offline panic_smp_self_stop CPU (bsc#1051510). - arm: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling (bsc#1051510). - arm: 8815/1: V7M: align v7m_dma_inv_range() with v7 counterpart (bsc#1051510). - arm/arm64: kvm: Rename function kvm_arch_dev_ioctl_check_extension() (bsc#1126393). - arm/arm64: kvm: vgic: Force VM halt when changing the active state of GICv3 PPIs/SGIs (bsc#1051510). - arm: cns3xxx: Fix writing to wrong PCI config registers after alignment (bsc#1051510). - arm: cns3xxx: Use actual size reads for PCIe (bsc#1051510). - arm: imx: update the cpu power up timing setting on i.mx6sx (bsc#1051510). - arm: iop32x/n2100: fix PCI IRQ mapping (bsc#1051510). - arm: kvm: Fix VTTBR_BADDR_MASK BUG_ON off-by-one (bsc#1051510). - arm: mmp/mmp2: fix cpu_is_mmp2() on mmp2-dt (bsc#1051510). - arm: OMAP1: ams-delta: Fix possible use of uninitialized field (bsc#1051510). - arm: OMAP2+: hwmod: Fix some section annotations (bsc#1051510). - arm: OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup (bsc#1051510). - arm: pxa: avoid section mismatch warning (bsc#1051510). - arm: tango: Improve ARCH_MULTIPLATFORM compatibility (bsc#1051510). - ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages (bsc#1051510). - ASoC: dapm: change snprintf to scnprintf for possible overflow (bsc#1051510). - ASoC: dma-sh7760: cleanup a debug printk (bsc#1051510). - ASoC: fsl_esai: fix register setting issue in RIGHT_J mode (bsc#1051510). - ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M (bsc#1051510). - ASoC: imx-audmux: change snprintf to scnprintf for possible overflow (bsc#1051510). - ASoC: imx-sgtl5000: put of nodes if finding codec fails (bsc#1051510). - ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field (bsc#1051510). - ASoC: msm8916-wcd-analog: add missing license information (bsc#1051510). - ASoC: qcom: Fix of-node refcount unbalance in apq8016_sbc_parse_of() (bsc#1051510). - ASoC: rsnd: fixup rsnd_ssi_master_clk_start() user count check (bsc#1051510). - ASoC: rt5514-spi: Fix potential NULL pointer dereference (bsc#1051510). - assoc_array: Fix shortcut creation (bsc#1051510). - ata: ahci: mvebu: remove stale comment (bsc#1051510). - ath9k: Avoid OF no-EEPROM quirks without qca,no-eeprom (bsc#1051510). - ath9k: dynack: check da->enabled first in sampling routines (bsc#1051510). - ath9k: dynack: make ewma estimation faster (bsc#1051510). - ath9k: dynack: use authentication messages for 'late' ack (bsc#1051510). - atm: he: fix sign-extension overflow on large shift (bsc#1051510). - ax25: fix a use-after-free in ax25_fillin_cb() (networking-stable-19_01_04). - ax25: fix possible use-after-free (bsc#1051510). - backlight: pwm_bl: Use gpiod_get_value_cansleep() to get initial (bsc#1113722) - batman-adv: Avoid WARN on net_device without parent in netns (bsc#1051510). - batman-adv: fix uninit-value in batadv_interface_tx() (bsc#1051510). - batman-adv: Force mac header to start of data on xmit (bsc#1051510). - be2net: do not flip hw_features when VXLANs are added/deleted (bsc#1050252). - bio: Introduce BIO_ALLOCED flag and check it in bio_free (bsc#1128094). - blkdev: avoid migration stalls for blkdev pages (bsc#1084216). - blk-mq: fix a hung issue when fsync (bsc#1125252). - blk-mq: fix kernel oops in blk_mq_tag_idle() (bsc#1051510). - block: break discard submissions into the user defined size (git-fixes). - block: cleanup __blkdev_issue_discard() (git-fixes). - block_dev: fix crash on chained bios with O_DIRECT (bsc#1128094). - blockdev: Fix livelocks on loop device (bsc#1124984). - block: do not deal with discard limit in blkdev_issue_discard() (git-fixes). - block: do not use bio->bi_vcnt to figure out segment number (bsc#1128895). - block: do not warn when doing fsync on read-only devices (bsc#1125252). - block: fix 32 bit overflow in __blkdev_issue_discard() (git-fixes). - block: fix infinite loop if the device loses discard capability (git-fixes). - block/loop: Use global lock for ioctl() operation (bsc#1124974). - block: make sure discard bio is aligned with logical block size (git-fixes). - block: make sure writesame bio is aligned with logical block size (git-fixes). - block: move bio_integrity_{intervals,bytes} into blkdev.h (bsc#1114585). - block/swim3: Fix -EBUSY error when re-opening device after unmount (git-fixes). - bluetooth: Fix locking in bt_accept_enqueue() for BH context (bsc#1051510). - bluetooth: Fix unnecessary error message for HCI request completion (bsc#1051510). - bnx2x: Assign unique DMAE channel number for FW DMAE transactions (bsc#1086323). - bnx2x: Clear fip MAC when fcoe offload support is disabled (bsc#1086323). - bnx2x: Fix NULL pointer dereference in bnx2x_del_all_vlans() on some hw (bsc#1086323). - bnx2x: Remove configured vlans as part of unload sequence (bsc#1086323). - bnx2x: Send update-svid ramrod with retry/poll flags enabled (bsc#1086323). - bnxt_en: Fix typo in firmware message timeout logic (bsc#1086282 ). - bnxt_en: Wait longer for the firmware message response to complete (bsc#1086282). - bonding: update nest level on unlink (git-fixes). - bpf: decrease usercnt if bpf_map_new_fd() fails in bpf_map_get_fd_by_id() (bsc#1083647). - bpf: drop refcount if bpf_map_new_fd() fails in map_create() (bsc#1083647). - bpf: fix lockdep false positive in percpu_freelist (bsc#1083647). - bpf: fix replace_map_fd_with_map_ptr's ldimm64 second imm field (bsc#1083647). - bpf: fix sanitation rewrite in case of non-pointers (bsc#1083647). - bpf: Fix syscall's stackmap lookup potential deadlock (bsc#1083647). - bpf, lpm: fix lookup bug in map_delete_elem (bsc#1083647). - bpf/verifier: fix verifier instability (bsc#1056787). - bsg: allocate sense buffer if requested (bsc#1106811). - bsg: Do not copy sense if no response buffer is allocated (bsc#1106811,bsc#1126555). - btrfs: dedupe_file_range ioctl: remove 16MiB restriction (bsc#1127494). - btrfs: do not unnecessarily pass write_lock_level when processing leaf (bsc#1126802). - btrfs: ensure that a DUP or RAID1 block group has exactly two stripes (bsc#1128451). - btrfs: fix clone vs chattr NODATASUM race (bsc#1127497). - btrfs: fix corruption reading shared and compressed extents after hole punching (bsc#1126476). - btrfs: fix deadlock when allocating tree block during leaf/node split (bsc#1126806). - btrfs: fix deadlock when using free space tree due to block group creation (bsc#1126804). - btrfs: fix fsync after succession of renames and unlink/rmdir (bsc#1126488). - btrfs: fix fsync after succession of renames of different files (bsc#1126481). - btrfs: fix invalid-free in btrfs_extent_same (bsc#1127498). - btrfs: fix reading stale metadata blocks after degraded raid1 mounts (bsc#1126803). - btrfs: fix use-after-free of cmp workspace pages (bsc#1127603). - btrfs: grab write lock directly if write_lock_level is the max level (bsc#1126802). - btrfs: Improve btrfs_search_slot description (bsc#1126802). - btrfs: move get root out of btrfs_search_slot to a helper (bsc#1126802). - btrfs: qgroup: Cleanup old subtree swap code (bsc#1063638). - btrfs: qgroup: Do not trace subtree if we're dropping reloc tree (bsc#1063638). - btrfs: qgroup: Finish rescan when hit the last leaf of extent tree (bsc#1129327). - btrfs: qgroup: Fix root item corruption when multiple same source snapshots are created with quota enabled (bsc#1122324). - btrfs: qgroup: Introduce function to find all new tree blocks of reloc tree (bsc#1063638). - btrfs: qgroup: Introduce function to trace two swaped extents (bsc#1063638). - btrfs: qgroup: Introduce per-root swapped blocks infrastructure (bsc#1063638). - btrfs: qgroup: Introduce trace event to analyse the number of dirty extents accounted (bsc#1063638 dependency). - btrfs: qgroup: Make qgroup async transaction commit more aggressive (bsc#1113042). - btrfs: qgroup: Only trace data extents in leaves if we're relocating data block group (bsc#1063638). - btrfs: qgroup: Refactor btrfs_qgroup_trace_subtree_swap (bsc#1063638). - btrfs: qgroup: Search commit root for rescan to avoid missing extent (bsc#1129326). - btrfs: qgroup: Use delayed subtree rescan for balance (bsc#1063638). - btrfs: qgroup: Use generation-aware subtree swap to mark dirty extents (bsc#1063638). - btrfs: quota: Set rescan progress to (u64)-1 if we hit last leaf (bsc#1129327). - btrfs: relocation: Delay reloc tree deletion after merge_reloc_roots (bsc#1063638). - btrfs: reloc: Fix NULL pointer dereference due to expanded reloc_root lifespan (bsc#1129497). - btrfs: remove always true check in unlock_up (bsc#1126802). - btrfs: remove superfluous free_extent_buffer in read_block_for_search (bsc#1126802). - btrfs: remove unnecessary level check in balance_level (bsc#1126802). - btrfs: remove unused check of skip_locking (bsc#1126802). - btrfs: reuse cmp workspace in EXTENT_SAME ioctl (bsc#1127495). - btrfs: send, fix race with transaction commits that create snapshots (bsc#1126802). - btrfs: simplify IS_ERR/PTR_ERR checks (bsc#1126481). - btrfs: split btrfs_extent_same (bsc#1127493). - btrfs: use kvzalloc for EXTENT_SAME temporary data (bsc#1127496). - btrfs: use more straightforward extent_buffer_uptodate check (bsc#1126802). - can: bcm: check timer values before ktime conversion (bsc#1051510). - can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it (bsc#1051510). - can: gw: ensure DLC boundaries after CAN frame modification (bsc#1051510). - cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader (bsc#1051510). - cdc-wdm: pass return value of recover_from_urb_loss (bsc#1051510). - ceph: avoid repeatedly adding inode to mdsc->snap_flush_list (bsc#1126790). - ceph: clear inode pointer when snap realm gets dropped by its inode (bsc#1125799). - cfg80211: extend range deviation for DMG (bsc#1051510). - ch: add missing mutex_lock()/mutex_unlock() in ch_release() (bsc#1124235). - char/mwave: fix potential Spectre v1 vulnerability (bsc#1051510). - checkstack.pl: fix for aarch64 (bsc#1051510). - ch: fixup refcounting imbalance for SCSI devices (bsc#1124235). - cifs: add missing debug entries for kconfig options (bsc#1051510). - cifs: add missing support for ACLs in smb 3.11 (bsc#1051510). - cifs: add sha512 secmech (bsc#1051510). - cifs: Add support for reading attributes on smb2+ (bsc#1051510). - cifs: Add support for writing attributes on smb2+ (bsc#1051510). - cifs: Always resolve hostname before reconnecting (bsc#1051510). - cifs: connect to servername instead of IP for IPC$ share (bsc#1051510). - cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510). - cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510). - cifs: Fix error mapping for smb2_LOCK command which caused OFD lock problem (bsc#1051510). - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510). - cifs: Fix NULL pointer dereference of devname (bnc#1129519). - cifs: fix return value for cifs_listxattr (bsc#1051510). - cifs: Fix separator when building path from dentry (bsc#1051510). - cifs: fix set info (bsc#1051510). - cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510). - cifs: fix wrapping bugs in num_entries() (bsc#1051510). - cifs: For smb2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510). - cifs: hide unused functions (bsc#1051510). - cifs: hide unused functions (bsc#1051510). - cifs: implement v3.11 preauth integrity (bsc#1051510). - cifs: invalidate cache when we truncate a file (bsc#1051510). - cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510). - cifs: OFD locks do not conflict with eachothers (bsc#1051510). - cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510). - cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510). - cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510). - cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510). - cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510). - cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510). - cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510). - cifs: Use ULL suffix for 64-bit constant (bsc#1051510). - clk: armada-370: fix refcount leak in a370_clk_init() (bsc#1051510). - clk: armada-xp: fix refcount leak in axp_clk_init() (bsc#1051510). - clk: dove: fix refcount leak in dove_clk_init() (bsc#1051510). - clk: highbank: fix refcount leak in hb_clk_init() (bsc#1051510). - clk: imx6q: fix refcount leak in imx6q_clocks_init() (bsc#1051510). - clk: imx6q: reset exclusive gates on init (bsc#1051510). - clk: imx6sl: ensure MMDC CH0 handshake is bypassed (bsc#1051510). - clk: imx6sx: fix refcount leak in imx6sx_clocks_init() (bsc#1051510). - clk: imx7d: fix refcount leak in imx7d_clocks_init() (bsc#1051510). - clk: kirkwood: fix refcount leak in kirkwood_clk_init() (bsc#1051510). - clk: mv98dx3236: fix refcount leak in mv98dx3236_clk_init() (bsc#1051510). - clk: qoriq: fix refcount leak in clockgen_init() (bsc#1051510). - clk: rockchip: fix typo in rk3188 spdif_frac parent (bsc#1051510). - clk: samsung: exynos4: fix refcount leak in exynos4_get_xom() (bsc#1051510). - clk: socfpga: fix refcount leak (bsc#1051510). - clk: sunxi: A31: Fix wrong AHB gate number (bsc#1051510). - clk: sunxi-ng: a33: Set CLK_SET_RATE_PARENT for all audio module clocks (bsc#1051510). - clk: sunxi-ng: enable so-said LDOs for A64 SoC's pll-mipi clock (bsc#1051510). - clk: sunxi-ng: h3/h5: Fix CSI_MCLK parent (bsc#1051510). - clk: sunxi-ng: sun8i-a23: Enable PLL-MIPI LDOs when ungating it (bsc#1051510). - clk: uniphier: Fix update register for CPU-gear (bsc#1051510). - clk: vf610: fix refcount leak in vf610_clocks_init() (bsc#1051510). - clocksource/drivers/exynos_mct: Fix error path in timer resources initialization (bsc#1051510). - clocksource/drivers/integrator-ap: Add missing of_node_put() (bsc#1051510). - clocksource/drivers/sun5i: Fail gracefully when clock rate is unavailable (bsc#1051510). - configfs: fix registered group removal (bsc#1051510). - copy_mount_string: Limit string length to PATH_MAX (bsc#1082943). - cpufreq: Cap the default transition delay value to 10 ms (bsc#1127042). - cpufreq: conservative: Take limits changes into account properly (bsc#1051510). - cpufreq: governor: Avoid accessing invalid governor_data (bsc#1051510). - cpufreq: governor: Drop min_sampling_rate (bsc#1127042). - cpufreq: governor: Ensure sufficiently large sampling intervals (bsc#1127042). - cpufreq: imx6q: add return value check for voltage scale (bsc#1051510). - cpufreq: Use transition_delay_us for legacy governors as well (bsc#1127042). - cpuidle: big.LITTLE: fix refcount leak (bsc#1051510). - cramfs: fix abad comparison when wrap-arounds occur (bsc#1051510). - crypto: aes_ti - disable interrupts while accessing S-box (bsc#1051510). - crypto: ahash - fix another early termination in hash walk (bsc#1051510). - crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling (bsc#1051510). - crypto: arm/crct10dif - revert to C code for short inputs (bsc#1051510). - crypto: authencesn - Avoid twice completion call in decrypt path (bsc#1051510). - crypto: authenc - fix parsing key with misaligned rta_len (bsc#1051510). - crypto: bcm - convert to use crypto_authenc_extractkeys() (bsc#1051510). - crypto: brcm - Fix some set-but-not-used warning (bsc#1051510). - crypto: caam - fixed handling of sg list (bsc#1051510). - crypto: caam - fix zero-length buffer DMA mapping (bsc#1051510). - crypto: cavium/zip - fix collision with generic cra_driver_name (bsc#1051510). - crypto: crypto4xx - add missing of_node_put after of_device_is_available (bsc#1051510). - crypto: crypto4xx - Fix wrong ppc4xx_trng_probe()/ppc4xx_trng_remove() arguments (bsc#1051510). - crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails (bsc#1051510). - crypto: testmgr - skip crc32c context test for ahash algorithms (bsc#1051510). - crypto: tgr192 - fix unaligned memory access (bsc#1051510). - crypto: user - support incremental algorithm dumps (bsc#1120902). - crypto: ux500 - Use proper enum in cryp_set_dma_transfer (bsc#1051510). - crypto: ux500 - Use proper enum in hash_set_dma_transfer (bsc#1051510). - cw1200: drop useless LIST_HEAD (bsc#1051510). - cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan() (bsc#1051510). - cw1200: fix missing unlock on error in cw1200_hw_scan() (bsc#1051510). - dccp: fool proof ccid_hc_[rt]x_parse_options() (bsc#1051510). - debugfs: fix debugfs_rename parameter checking (bsc#1051510). - dlm: Do not swamp the CPU with callbacks queued during recovery (bsc#1051510). - dlm: fixed memory leaks after failed ls_remove_names allocation (bsc#1051510). - dlm: lost put_lkb on error path in receive_convert() and receive_unlock() (bsc#1051510). - dlm: memory leaks on error path in dlm_user_request() (bsc#1051510). - dlm: possible memory leak on error path in create_lkb() (bsc#1051510). - dmaengine: at_hdmac: drop useless LIST_HEAD (bsc#1051510). - dmaengine: at_hdmac: fix memory leak in at_dma_xlate() (bsc#1051510). - dmaengine: at_hdmac: fix module unloading (bsc#1051510). - dmaengine: at_xdmac: Fix wrongfull report of a channel as in use (bsc#1051510). - dmaengine: bcm2835: Fix abort of transactions (bsc#1051510). - dmaengine: bcm2835: Fix interrupt race on RT (bsc#1051510). - dmaengine: dma-jz4780: Return error if not probed from DT (bsc#1051510). - dmaengine: dmatest: Abort test in case of mapping error (bsc#1051510). - dmaengine: dw: drop useless LIST_HEAD (bsc#1051510). - dmaengine: dw: Fix FIFO size for Intel Merrifield (bsc#1051510). - dmaengine: imx-dma: fix wrong callback invoke (bsc#1051510). - dmaengine: mv_xor: Use correct device for DMA API (bsc#1051510). - dmaengine: pl330: drop useless LIST_HEAD (bsc#1051510). - dmaengine: sa11x0: drop useless LIST_HEAD (bsc#1051510). - dmaengine: st_fdma: drop useless LIST_HEAD (bsc#1051510). - dmaengine: stm32-dma: fix incomplete configuration in cyclic mode (bsc#1051510). - dmaengine: xilinx_dma: Remove __aligned attribute on zynqmp_dma_desc_ll (bsc#1051510). - dma: Introduce dma_max_mapping_size() (bsc#1120008). - dm cache metadata: verify cache has blocks in blocks_are_clean_separate_dirty() (git-fixes). - dm: call blk_queue_split() to impose device limits on bios (git-fixes). - dm: do not allow readahead to limit IO size (git-fixes). - dm thin: send event about thin-pool state change _after_ making it (git-fixes). - dm zoned: Fix target BIO completion handling (git-fixes). - doc: rcu: Suspicious RCU usage is a warning (bsc#1051510). - doc/README.SUSE: Correct description for building a kernel (bsc#1123348) - Do not log confusing message on reconnect by default (bsc#1129664). - Do not log expected error on DFS referral request (bsc#1051510). - driver core: Do not resume suppliers under device_links_write_lock() (bsc#1051510). - driver core: Move async_synchronize_full call (bsc#1051510). - drivers: core: Remove glue dirs from sysfs earlier (bsc#1051510). - drivers: hv: vmbus: Check for ring when getting debug info (bsc#1126389, bsc#1126579). - drivers: hv: vmbus: preserve hv_ringbuffer_get_debuginfo kABI (bsc#1126389, bsc#1126579). - drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels (bsc#1126389, bsc#1126579). - drivers/misc/sgi-gru: fix Spectre v1 vulnerability (bsc#1051510). - drivers/net/ethernet/qlogic/qed/qed_rdma.h: fix typo (bsc#1086314 bsc#1086313 bsc#1086301 ). - drivers/sbus/char: add of_node_put() (bsc#1051510). - drm/amdgpu: Add delay after enable RLC ucode (bsc#1051510). - drm/ast: Fix connector leak during driver unload (bsc#1051510). - drm/ast: fixed reading monitor EDID not stable issue (bsc#1051510). - drm/atomic-helper: Complete fake_commit->flip_done potentially earlier (bsc#1051510). - drm: Block fb changes for async plane updates (bsc#1051510). - drm/bridge: tc358767: add defines for DP1_SRCCTRL & PHY_2LANE (bsc#1051510). - drm/bridge: tc358767: fix initial DP0/1_SRCCTRL value (bsc#1051510). - drm/bridge: tc358767: fix output H/V syncs (bsc#1051510). - drm/bridge: tc358767: fix single lane configuration (bsc#1051510). - drm/bridge: tc358767: reject modes which require too much BW (bsc#1051510). - drm/bufs: Fix Spectre v1 vulnerability (bsc#1051510). - drm: Clear state->acquire_ctx before leaving drm_atomic_helper_commit_duplicated_state() (bsc#1051510). - drm: disable uncached DMA optimization for ARM and arm64 (bsc#1051510). - drm/etnaviv: NULL vs IS_ERR() buf in etnaviv_core_dump() (bsc#1113722) - drm/etnaviv: potential NULL dereference (bsc#1113722) - drm/fb-helper: Partially bring back workaround for bugs of SDL 1.2 (bsc#1113722) - drm: Fix error handling in drm_legacy_addctx (bsc#1113722) - drm/i915: Block fbdev HPD processing during suspend (bsc#1113722) - drm/i915/fbdev: Actually configure untiled displays (bsc#1113722) - drm/i915: Flush GPU relocs harder for gen3 (bsc#1113722) - drm/i915/gvt: Fix mmap range check (bsc#1120902) - drm/i915/gvt: free VFIO region space in vgpu detach (bsc#1113722) - drm/i915/gvt: release shadow batch buffer and wa_ctx before destroy one workload (bsc#1051510). - drm/i915/opregion: fix version check (bsc#1113722) - drm/i915/opregion: rvda is relative from opregion base in opregion (bsc#1113722) - drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set (bsc#1113722) - drm/i915: Redefine some Whiskey Lake SKUs (bsc#1051510). - drm/i915: Use the correct crtc when sanitizing plane mapping (bsc#1113722) - drm/meson: add missing of_node_put (bsc#1051510). - drm/modes: Prevent division by zero htotal (bsc#1051510). - drm/msm: Fix error return checking (bsc#1051510). - drm/msm: Grab a vblank reference when waiting for commit_done (bsc#1051510). - drm/msm: Unblock writer if reader closes file (bsc#1051510). - drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON (bsc#1113722) - drm/nouveau: Do not spew kernel WARNING for each timeout (bsc#1126480). - drm/nouveau: Do not WARN_ON VCPI allocation failures (bsc#1113722) - drm/nouveau/falcon: avoid touching registers if engine is off (bsc#1051510). - drm/nouveau/pmu: do not print reply values if exec is false (bsc#1113722) - drm/nouveau/tmr: detect stalled gpu timer and break out of waits (bsc#1123538). - drm/radeon/evergreen_cs: fix missing break in switch statement (bsc#1113722) - drm: Reorder set_property_atomic to avoid returning with an active ww_ctx (bsc#1051510). - drm/rockchip: fix for mailbox read size (bsc#1051510). - drm/shmob: Fix return value check in shmob_drm_probe (bsc#1113722) - drm/sun4i: tcon: Prepare and enable TCON channel 0 clock at init (bsc#1051510). - drm/vmwgfx: Do not double-free the mode stored in par->set_mode (bsc#1103429) - drm/vmwgfx: Fix setting of dma masks (bsc#1120902) - drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user (bsc#1120902) - e1000e: allow non-monotonic SYSTIM readings (bsc#1051510). - earlycon: Initialize port->uartclk based on clock-frequency property (bsc#1051510). - earlycon: Remove hardcoded port->uartclk initialization in of_setup_earlycon (bsc#1051510). - Enable CONFIG_RDMA_RXE=m also for ppc64le (bsc#1107665,) - enic: fix build warning without CONFIG_CPUMASK_OFFSTACK (bsc#1051510). - enic: fix checksum validation for IPv6 (bsc#1051510). - esp6: fix memleak on error path in esp6_input (bsc#1051510). - esp: Fix locking on page fragment allocation (bsc#1051510). - esp: Fix memleaks on error paths (bsc#1051510). - esp: Fix skb tailroom calculation (bsc#1051510). - exportfs: do not read dentry after free (bsc#1051510). - ext4: avoid kernel warning when writing the superblock to a dead device (bsc#1124981). - ext4: check for shutdown and r/o file system in ext4_write_inode() (bsc#1124978). - ext4: fix a potential fiemap/page fault deadlock w/ inline_data (bsc#1124980). - ext4: Fix crash during online resizing (bsc#1122779). - ext4: force inode writes when nfsd calls commit_metadata() (bsc#1125125). - ext4: include terminating u32 in size of xattr entries when expanding inodes (bsc#1124976). - ext4: make sure enough credits are reserved for dioread_nolock writes (bsc#1124979). - ext4: track writeback errors using the generic tracking infrastructure (bsc#1124982). - fanotify: fix handling of events on child sub-directory (bsc#1122019). - fat: validate ->i_start before using (bsc#1051510). - fbdev: chipsfb: remove set but not used variable 'size' (bsc#1113722) - firmware/efi: Add NULL pointer checks in efivars API functions (bsc#1051510). - Fix kabi issues with new transport sharing code (bsc#1114893). - Fix problem with sharetransport= and NFSv4 (bsc#1114893). - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510). - floppy: check_events callback should not return a negative number (bsc#1051510). - fork: do not copy inconsistent signal handler state to child (bsc#1051510). - fork: record start_time late (git-fixes). - fork: unconditionally clear stack on fork (git-fixes). - fs/cifs: require sha512 (bsc#1051510). - fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() (git-fixes). - fs/devpts: always delete dcache dentry-s in dput() (git-fixes). - fuse: call pipe_buf_release() under pipe lock (bsc#1051510). - fuse: continue to send FUSE_RELEASEDIR when FUSE_OPEN returns ENOSYS (bsc#1051510). - fuse: decrement NR_WRITEBACK_TEMP on the right page (bsc#1051510). - fuse: handle zero sized retrieve correctly (bsc#1051510). - futex: Fix (possible) missed wakeup (bsc#1050549). - gdrom: fix a memory leak bug (bsc#1051510). - geneve: cleanup hard coded value for Ethernet header length (bsc#1123456). - geneve: correctly handle ipv6.disable module parameter (bsc#1051510). - geneve, vxlan: Do not check skb_dst() twice (bsc#1123456). - geneve, vxlan: Do not set exceptions if skb->len < mtu (bsc#1123456). - genwqe: Fix size check (bsc#1051510). - gfs2: Revert 'Fix loop in gfs2_rbm_find' (bsc#1120601). - gianfar: fix a flooded alignment reports because of padding issue (bsc#1051510). - gianfar: Fix Rx byte accounting for ndev stats (bsc#1051510). - gianfar: prevent integer wrapping in the rx handler (bsc#1051510). - gpio: altera-a10sr: Set proper output level for direction_output (bsc#1051510). - gpio: pcf857x: Fix interrupts on multiple instances (bsc#1051510). - gpio: pl061: handle failed allocations (bsc#1051510). - gpio: pl061: Move irq_chip definition inside struct pl061 (bsc#1051510). - gpio: vf610: Mask all GPIO interrupts (bsc#1051510). - gpu: ipu-v3: Fix CSI offsets for imx53 (bsc#1113722) - gpu: ipu-v3: Fix i.MX51 CSI control registers offset (bsc#1113722) - gpu: ipu-v3: image-convert: Prevent race between run and unprepare (bsc#1051510). - gro_cell: add napi_disable in gro_cells_destroy (networking-stable-19_01_04). - gro_cells: make sure device is up in gro_cells_receive() (git-fixes). - hfs: do not free node before using (bsc#1051510). - hfsplus: do not free node before using (bsc#1051510). - hfsplus: prevent btree data loss on root split (bsc#1051510). - hfs: prevent btree data loss on root split (bsc#1051510). - hid: lenovo: Add checks to fix of_led_classdev_register (bsc#1051510). - hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable (git-fixes). - hvc_opal: do not set tb_ticks_per_usec in udbg_init_opal_common() (bsc#1051510). - hv: v4.12 API for hyperv-iommu (bsc#1122822). - hwmon/k10temp: Add support for AMD family 17h, model 30h CPUs (). - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (). - hwmon: (lm80) fix a missing check of bus read in lm80 probe (bsc#1051510). - hwmon: (lm80) fix a missing check of the status of smbus read (bsc#1051510). - hwmon: (lm80) Fix missing unlock on error in set_fan_div() (bsc#1051510). - hwmon: (tmp421) Correct the misspelling of the tmp442 compatible attribute in OF device ID table (bsc#1051510). - HYPERV/IOMMU: Add Hyper-V stub IOMMU driver (bsc#1122822). - i2c-axxia: check for error conditions first (bsc#1051510). - i2c: bcm2835: Clear current buffer pointers and counts after a transfer (bsc#1051510). - i2c: cadence: Fix the hold bit setting (bsc#1051510). - i2c: dev: prevent adapter retries and timeout being set as minus value (bsc#1051510). - i2c: omap: Use noirq system sleep pm ops to idle device for suspend (bsc#1051510). - i2c: sh_mobile: add support for r8a77990 (R-Car E3) (bsc#1051510). - i40e: fix mac filter delete when setting mac address (bsc#1056658 bsc#1056662). - i40e: report correct statistics when XDP is enabled (bsc#1056658 bsc#1056662). - i40e: restore NETIF_F_GSO_IPXIP to netdev features (bsc#1056658 bsc#1056662). - IB/core: Destroy QP if XRC QP fails (bsc#1046306). - IB/core: Fix potential memory leak while creating MAD agents (bsc#1046306). - IB/core: Unregister notifier before freeing MAD security (bsc#1046306). - IB/hfi1: Close race condition on user context disable and close (bsc#1060463). - IB/mlx5: Unmap DMA addr from HCA before IOMMU (bsc#1046305 ). - ibmveth: Do not process frames after calling napi_reschedule (bcs#1123357). - ibmveth: fix DMA unmap error in ibmveth_xmit_start error path (networking-stable-19_01_04). - ibmvnic: Add ethtool private flag for driver-defined queue limits (bsc#1121726). - ibmvnic: Increase maximum queue size limit (bsc#1121726). - ibmvnic: Introduce driver limits for ring sizes (bsc#1121726). - ibmvnic: Report actual backing device speed and duplex values (bsc#1129923). - ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton (bsc#1119019). - ide: pmac: add of_node_put() (bsc#1051510). - ieee802154: ca8210: fix possible u8 overflow in ca8210_rx_done (bsc#1051510). - ieee802154: lowpan_header_create check must check daddr (networking-stable-19_01_04). - igb: Fix an issue that PME is not enabled during runtime suspend (bsc#1051510). - iio: accel: kxcjk1013: Add KIOX010A acpi Hardware-ID (bsc#1051510). - iio: adc: exynos-adc: Fix NULL pointer exception on unbind (bsc#1051510). - iio: chemical: atlas-ph-sensor: correct IIO_TEMP values to millicelsius (bsc#1051510). - input: bma150 - register input device after setting private data (bsc#1051510). - input: elan_i2c - add acpi ID for touchpad in ASUS Aspire F5-573G (bsc#1051510). - input: elan_i2c - add acpi ID for touchpad in Lenovo V330-15ISK (bsc#1051510). - input: elan_i2c - add id for touchpad found in Lenovo s21e-20 (bsc#1051510). - input: elantech - enable 3rd button support on Fujitsu CELSIUS H780 (bsc#1051510). - input: omap-keypad - fix idle configuration to not block SoC idle states (bsc#1051510). - input: raspberrypi-ts - fix link error (git-fixes). - input: raspberrypi-ts - select CONFIG_INPUT_POLLDEV (git-fixes). - input: restore EV_ABS ABS_RESERVED (bsc#1051510). - input: synaptics - enable RMI on ThinkPad T560 (bsc#1051510). - input: synaptics - enable smbus for HP EliteBook 840 G4 (bsc#1051510). - input: wacom_serial4 - add support for Wacom ArtPad II tablet (bsc#1051510). - input: xpad - add support for SteelSeries Stratus Duo (bsc#1111666). - intel_th: Do not reference unassigned outputs (bsc#1051510). - intel_th: gth: Fix an off-by-one in output unassigning (bsc#1051510). - iomap: fix integer truncation issues in the zeroing and dirtying helpers (bsc#1125947). - iomap: warn on zero-length mappings (bsc#1127062). - iommu/amd: Call free_iova_fast with pfn in map_sg (bsc#1106105). - iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#1106105). - iommu/amd: Unmap all mapped pages in error path of map_sg (bsc#1106105). - iommu/dmar: Fix buffer overflow during PCI bus notification (bsc#1129181). - iommu: Document iommu_ops.is_attach_deferred() (bsc#1129182). - iommu/io-pgtable-arm-v7s: Only kmemleak_ignore L2 tables (bsc#1129205). - iommu/vt-d: Check identity map for hot-added devices (bsc#1129183). - iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions() (bsc#1106105). - iommu/vt-d: Fix NULL pointer reference in intel_svm_bind_mm() (bsc#1129184). - ip6mr: Fix potential Spectre v1 vulnerability (networking-stable-19_01_04). - ip6_tunnel: get the min mtu properly in ip6_tnl_xmit (bsc#1123456). - ip6_tunnel: use the right value for ipv4 min mtu check in ip6_tnl_xmit (bsc#1123456). - ipmi:pci: Blacklist a Realtek 'IPMI' device (git-fixes). - ipmi:ssif: Fix handling of multi-part return messages (bsc#1051510). - ip: on queued skb use skb_header_pointer instead of pskb_may_pull (git-fixes). - ipsec: check return value of skb_to_sgvec always (bsc#1051510). - ipv4: Fix potential Spectre v1 vulnerability (networking-stable-19_01_04). - ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes (networking-stable-18_12_12). - ipv4: speedup ipv6 tunnels dismantle (bsc#1122982). - ipv6: addrlabel: per netns list (bsc#1122982). - ipv6: Check available headroom in ip6_xmit() even without options (networking-stable-18_12_12). - ipv6: Consider sk_bound_dev_if when binding a socket to an address (networking-stable-19_02_01). - ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address (networking-stable-19_01_22). - ipv6: explicitly initialize udp6_addr in udp_sock_create6() (networking-stable-19_01_04). - ipv6: fix kernel-infoleak in ipv6_local_error() (networking-stable-19_01_20). - ipv6: speedup ipv6 tunnels dismantle (bsc#1122982). Refresh patches.suse/ip6_vti-fix-a-null-pointer-deference-when-destroy-vt.patch - ipv6: sr: properly initialize flowi6 prior passing to ip6_route_output (networking-stable-18_12_12). - ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses (networking-stable-19_01_22). - ipv6: tunnels: fix two use-after-free (networking-stable-19_01_04). - ip: validate header length on virtual device xmit (networking-stable-19_01_04). - ipvlan, l3mdev: fix broken l3s mode wrt local routes (networking-stable-19_02_01). - irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size (bsc#1051510). - irqchip/gic-v3-its: Do not bind LPI to unavailable NUMA node (bsc#1051510). - irqchip/gic-v3-its: Fix ITT_entry_size accessor (bsc#1051510). - iscsi target: fix session creation failure handling (bsc#1051510). - isdn: avm: Fix string plus integer warning from Clang (bsc#1051510). - isdn: fix kernel-infoleak in capi_unlocked_ioctl (bsc#1051510). - isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw() (bsc#1051510). - isdn: i4l: isdn_tty: Fix some concurrency double-free bugs (bsc#1051510). - iser: set sector for ambiguous mr status errors (bsc#1051510). - iwlwifi: mvm: avoid possible access out of array (bsc#1051510). - iwlwifi: mvm: fix A-MPDU reference assignment (bsc#1051510). - iwlwifi: mvm: fix RSS config command (bsc#1051510). - iwlwifi: pcie: fix emergency path (bsc#1051510). - iwlwifi: pcie: fix TX while flushing (bsc#1120902). - ixgbe: Be more careful when modifying MAC filters (bsc#1051510). - ixgbe: check return value of napi_complete_done() (bsc#1051510). - ixgbe: recognize 1000BaseLX SFP modules as 1Gbps (bsc#1051510). - jffs2: Fix use of uninitialized delayed_work, lockdep breakage (bsc#1051510). - kabi: cpufreq: keep min_sampling_rate in struct dbs_data (bsc#1127042). - kabi: fix xhci kABI stability (bsc#1119086). - kabi: handle addition of ip6addrlbl_table into struct netns_ipv6 (bsc#1122982). - kabi: handle addition of uevent_sock into struct net (bsc#1122982). - kabi: Preserve kABI for dma_max_mapping_size() (bsc#1120008). - kabi: protect struct sctp_association (kabi). - kabi: protect struct smc_buf_desc (bnc#1117947, LTC#173662). - kabi: protect struct smc_link (bnc#1117947, LTC#173662). - kabi: protect vhost_log_write (kabi). - kabi: restore ip_tunnel_delete_net() (bsc#1122982). - kABI workaroudn for ath9k ath_node.ackto type change (bsc#1051510). - kABI workaround for bt_accept_enqueue() change (bsc#1051510). - kABI workaround for deleted snd_hda_register_beep_device() (bsc#1122944). - kABI workaround for snd_hda_bus.bus_probing addition (bsc#1122944). - kallsyms: Handle too long symbols in kallsyms.c (bsc#1126805). - kconfig: fix file name and line number of warn_ignored_character() (bsc#1051510). - kconfig: fix line numbers for if-entries in menu tree (bsc#1051510). - kconfig: fix memory leak when EOF is encountered in quotation (bsc#1051510). - kconfig: fix the rule of mainmenu_stmt symbol (bsc#1051510). - kernel/exit.c: release ptraced tasks before zap_pid_ns_processes (git-fixes). - keys: allow reaching the keys quotas exactly (bsc#1051510). - keys: Timestamp new keys (bsc#1051510). - kgdboc: fix KASAN global-out-of-bounds bug in param_set_kgdboc_var() (bsc#1051510). - kgdboc: Fix restrict error (bsc#1051510). - kgdboc: Fix warning with module build (bsc#1051510). - kobject: add kobject_uevent_net_broadcast() (bsc#1122982). - kobject: copy env blob in one go (bsc#1122982). - kobject: factorize skb setup in kobject_uevent_net_broadcast() (bsc#1122982). - kprobes: Return error if we fail to reuse kprobe instead of BUG_ON() (bsc#1051510). - kvm: arm/arm64: Properly protect VGIC locks from IRQs (bsc#1117155). - kvm: arm/arm64: VGIC/ITS: Promote irq_lock() in update_affinity (bsc#1117155). - kvm: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock (bsc#1117155). - kvm: arm/arm64: VGIC/ITS save/restore: protect kvm_read_guest() calls (bsc#1117155). - kvm: mmu: Fix race in emulated page table writes (bsc#1129284). - kvm: nVMX: Free the VMREAD/VMWRITE bitmaps if alloc_kvm_area() fails (bsc#1129291). - kvm: nVMX: NMI-window and interrupt-window exiting should wake L2 from HLT (bsc#1129292). - kvm: nVMX: Set VM instruction error for VMPTRLD of unbacked page (bsc#1129293). - kvm: PPC: Book3S PR: Set hflag to indicate that POWER9 supports 1T segments (bsc#1124589). - kvm: sev: Fail KVM_SEV_INIT if already initialized (bsc#1114279). - kvm: vmx: Set IA32_TSC_AUX for legacy mode guests (bsc#1129294). - kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs (bsc#1127082). - kvm: x86: fix L1TF's MMIO GFN calculation (bsc#1124204). - kvm: x86: Fix single-step debugging (bsc#1129295). - kvm: x86: Use jmp to invoke kvm_spurious_fault() from .fixup (bsc#1129296). - l2tp: copy 4 more bytes to linear part if necessary (networking-stable-19_02_01). - l2tp: fix infoleak in l2tp_ip6_recvmsg() (git-fixes). - l2tp: fix reading optional fields of L2TPv3 (networking-stable-19_02_01). - lan78xx: Resolve issue with changing MAC address (bsc#1051510). - leds: lp5523: fix a missing check of return value of lp55xx_read (bsc#1051510). - leds: lp55xx: fix null deref on firmware load failure (bsc#1051510). - libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive() (bsc#1125800). - libceph: handle an empty authorize reply (bsc#1126789). - lib/div64.c: off by one in shift (bsc#1051510). - libnvdimm: Fix altmap reservation size calculation (bsc#1127682). - libnvdimm/label: Clear 'updating' flag after label-set update (bsc#1129543). - libnvdimm/pmem: Honor force_raw for legacy pmem regions (bsc#1129551). - lib/rbtree-test: lower default params (git-fixes). - lightnvm: fail fast on passthrough commands (bsc#1125780). - livepatch: Change unsigned long old_addr -> void *old_func in struct klp_func (bsc#1071995). - livepatch: Consolidate klp_free functions (bsc#1071995 ). - livepatch: core: Return EOPNOTSUPP instead of ENOSYS (bsc#1071995). - livepatch: Define a macro for new API identification (bsc#1071995). - livepatch: Do not block the removal of patches loaded after a forced transition (bsc#1071995). - livepatch: Introduce klp_for_each_patch macro (bsc#1071995 ). - livepatch: Module coming and going callbacks can proceed with all listed patches (bsc#1071995). - livepatch: Proper error handling in the shadow variables selftest (bsc#1071995). - livepatch: Remove ordering (stacking) of the livepatches (bsc#1071995). - livepatch: Remove signal sysfs attribute (bsc#1071995 ). - livepatch: return -ENOMEM on ptr_id() allocation failure (bsc#1071995). - livepatch: Send a fake signal periodically (bsc#1071995 ). - livepatch: Shuffle klp_enable_patch()/klp_disable_patch() code (bsc#1071995). - livepatch: Simplify API by removing registration step (bsc#1071995). - llc: do not use sk_eat_skb() (bsc#1051510). - lockd: fix access beyond unterminated strings in prints (git-fixes). - locking/rwsem: Fix (possible) missed wakeup (bsc#1050549). - loop: drop caches if offset or block_size are changed (bsc#1124975). - loop: Reintroduce lo_ctl_mutex removed by commit 310ca162d (bsc#1124974). - LSM: Check for NULL cred-security on free (bsc#1051510). - mac80211: Add attribute aligned(2) to struct 'action' (bsc#1051510). - mac80211: do not initiate TDLS connection if station is not associated to AP (bsc#1051510). - mac80211: ensure that mgmt tx skbs have tailroom for encryption (bsc#1051510). - mac80211: fix miscounting of ttl-dropped frames (bsc#1051510). - mac80211: fix radiotap vendor presence bitmap handling (bsc#1051510). - mac80211: Free mpath object when rhashtable insertion fails (bsc#1051510). - mac80211: Restore vif beacon interval if start ap fails (bsc#1051510). - macvlan: Only deliver one copy of the frame to the macvlan interface (bsc#1051510). - mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush timeout issue (bsc#1051510). - mdio_bus: Fix use-after-free on device_register fails (bsc#1051510). - media: adv*/tc358743/ths8200: fill in min width/height/pixelclock (bsc#1051510). - media: DaVinci-VPBE: fix error handling in vpbe_initialize() (bsc#1051510). - media: dt-bindings: media: i2c: Fix i2c address for OV5645 camera sensor (bsc#1051510). - media: firewire: Fix app_info parameter type in avc_ca{,_app}_info (bsc#1051510). - media: mtk-vcodec: Release device nodes in mtk_vcodec_init_enc_pm() (bsc#1051510). - media: s5k4ecgx: delete a bogus error message (bsc#1051510). - media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration (bsc#1051510). - media: s5p-jpeg: Correct step and max values for V4L2_CID_JPEG_RESTART_INTERVAL (bsc#1051510). - media: s5p-mfc: fix incorrect bus assignment in virtual child device (bsc#1051510). - media: usb: pwc: Do not use coherent DMA buffers for ISO transfer (bsc#1054610). - media: uvcvideo: Avoid NULL pointer dereference at the end of streaming (bsc#1051510). - media: uvcvideo: Fix 'type' check leading to overflow (bsc#1051510). - media: v4l2: i2c: ov7670: Fix PLL bypass register values (bsc#1051510). - media: v4l2-tpg: array index could become negative (bsc#1051510). - media: v4l: ioctl: Validate num_planes for debug messages (bsc#1051510). - media: vb2: be sure to unlock mutex on errors (bsc#1051510). - media: vb2: vb2_mmap: move lock up (bsc#1051510). - media: vivid: fix error handling of kthread_run (bsc#1051510). - media: vivid: free bitmap_cap when updating std/timings/etc (bsc#1051510). - media: vivid: set min width/height to a value > 0 (bsc#1051510). - memstick: Prevent memstick host from getting runtime suspended during card detection (bsc#1051510). - mfd: ab8500-core: Return zero in get_register_interruptible() (bsc#1051510). - mfd: db8500-prcmu: Fix some section annotations (bsc#1051510). - mfd: mc13xxx: Fix a missing check of a register-read failure (bsc#1051510). - mfd: mt6397: Do not call irq_domain_remove if PMIC unsupported (bsc#1051510). - mfd: qcom_rpm: write fw_version to CTRL_REG (bsc#1051510). - mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells (bsc#1051510). - mfd: tps65218: Use devm_regmap_add_irq_chip and clean up error path in probe() (bsc#1051510). - mfd: tps6586x: Handle interrupts on suspend (bsc#1051510). - mfd: twl-core: Fix section annotations on {,un}protect_pm_master (bsc#1051510). - mfd: wm5110: Add missing ASRC rate register (bsc#1051510). - misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data (bsc#1051510). - misc: hmc6352: fix potential Spectre v1 (bsc#1051510). - misc: hpilo: Do not claim unsupported hardware (bsc#1129330). - misc: hpilo: Exclude unsupported device via blacklist (bsc#1129330). - misc: mic/scif: fix copy-paste error in scif_create_remote_lookup (bsc#1051510). - misc: mic: SCIF Fix scif_get_new_port() error handling (bsc#1051510). - misc: sram: enable clock before registering regions (bsc#1051510). - misc: sram: fix resource leaks in probe error path (bsc#1051510). - misc: ti-st: Fix memory leak in the error path of probe() (bsc#1051510). - misc: vexpress: Off by one in vexpress_syscfg_exec() (bsc#1051510). - mISDN: fix a race in dev_expire_timer() (bsc#1051510). - mlx4: trigger IB events needed by SMC (bnc#1117947, LTC#173662). - mlxsw: __mlxsw_sp_port_headroom_set(): Fix a use of local variable (git-fixes). - mlxsw: spectrum: Disable lag port TX before removing it (networking-stable-19_01_22). - mmap: introduce sane default mmap limits (git fixes (mm/mmap)). - mmap: relax file size limit for regular files (git fixes (mm/mmap)). - mmc: atmel-mci: do not assume idle after atmci_request_end (bsc#1051510). - mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1051510). - mmc: bcm2835: Recover from MMC_SEND_EXT_CSD (bsc#1051510). - mmc: dw_mmc-bluefield: : Fix the license information (bsc#1051510). - mmc: Kconfig: Enable CONFIG_MMC_SDHCI_IO_ACCESSORS (bsc#1051510). - mmc: omap: fix the maximum timeout setting (bsc#1051510). - mmc: sdhci-brcmstb: handle mmc_of_parse() errors during probe (bsc#1051510). - mmc: sdhci-esdhc-imx: fix HS400 timing issue (bsc#1051510). - mmc: sdhci-iproc: handle mmc_of_parse() errors during probe (bsc#1051510). - mmc: sdhci-of-esdhc: Fix timeout checks (bsc#1051510). - mmc: sdhci-xenon: Fix timeout checks (bsc#1051510). - mmc: spi: Fix card detection during probe (bsc#1051510). - mm: do not drop unused pages when userfaultd is running (git fixes (mm/userfaultfd)). - mm/hmm: hmm_pfns_bad() was accessing wrong struct (git fixes (mm/hmm)). - mm: hwpoison: use do_send_sig_info() instead of force_sig() (git fixes (mm/hwpoison)). - mm/ksm.c: ignore STABLE_FLAG of rmap_item->address in rmap_walk_ksm() (git fixes (mm/ksm)). - mm: madvise(MADV_DODUMP): allow hugetlbfs pages (git fixes (mm/madvise)). - mm,memory_hotplug: fix scan_movable_pages() for gigantic hugepages (bsc#1127731). - mm: migrate: do not rely on __PageMovable() of newpage after unlocking it (git fixes (mm/migrate)). - mm: migrate: lock buffers before migrate_page_move_mapping() (bsc#1084216). - mm: migrate: Make buffer_migrate_page_norefs() actually succeed (bsc#1084216) - mm: migrate: provide buffer_migrate_page_norefs() (bsc#1084216). - mm: migration: factor out code to compute expected number of page references (bsc#1084216). - mm, oom: fix use-after-free in oom_kill_process (git fixes (mm/oom)). - mm: use swp_offset as key in shmem_replace_page() (git fixes (mm/shmem)). - mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed (git fixes (mm/vmscan)). - Moved patches.fixes/x86-add-tsx-force-abort-cpuid-msr.patch to patches.arch/ and added upstream tags (bsc#1129363) patches.arch/x86-add-tsx-force-abort-cpuid-msr - Move the upstreamed HD-audio fix into sorted section - mpt3sas: check sense buffer before copying sense data (bsc#1106811). - mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking (bsc#1051510). - mtd: cfi_cmdset_0002: Change write buffer to check correct value (bsc#1051510). - mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips (bsc#1051510). - mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary (bsc#1051510). - mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() (bsc#1051510). - mtdchar: fix overflows in adjustment of `count` (bsc#1051510). - mtdchar: fix usage of mtd_ooblayout_ecc() (bsc#1051510). - mtd: docg3: do not set conflicting BCH_CONST_PARAMS option (bsc#1051510). - mtd/maps: fix solutionengine.c printk format warnings (bsc#1051510). - mtd: mtd_oobtest: Handle bitflips during reads (bsc#1051510). - mtd: nand: atmel: fix buffer overflow in atmel_pmecc_user (bsc#1051510). - mtd: nand: atmel: Fix get_sectorsize() function (bsc#1051510). - mtd: nand: atmel: fix of_irq_get() error check (bsc#1051510). - mtd: nand: brcmnand: Disable prefetch by default (bsc#1051510). - mtd: nand: brcmnand: Zero bitflip is not an error (bsc#1051510). - mtd: nand: denali_pci: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bsc#1051510). - mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]() (bsc#1051510). - mtd: nand: Fix nand_do_read_oob() return value (bsc#1051510). - mtd: nand: Fix writing mtdoops to nand flash (bsc#1051510). - mtd: nand: fsl_ifc: Fix nand waitfunc return value (bsc#1051510). - mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM (bsc#1051510). - mtd: nand: ifc: update bufnum mask for ver >= 2.0.0 (bsc#1051510). - mtd: nand: mtk: fix infinite ECC decode IRQ issue (bsc#1051510). - mtd: nand: omap2: Fix subpage write (bsc#1051510). - mtd: nand: pxa3xx: Fix READOOB implementation (bsc#1051510). - mtd: nand: qcom: Add a NULL check for devm_kasprintf() (bsc#1051510). - mtd: nandsim: remove debugfs entries in error path (bsc#1051510). - mtd: nand: sunxi: Fix ECC strength choice (bsc#1051510). - mtd: nand: sunxi: fix potential divide-by-zero error (bsc#1051510). - mtd: nand: vf610: set correct ooblayout (bsc#1051510). - mtd: spi-nor: cadence-quadspi: Fix page fault kernel panic (bsc#1051510). - mtd: spi-nor: Fix Cadence QSPI page fault kernel panic (bsc#1051510). - mtd: spi-nor: fsl-quadspi: fix read error for flash size larger than 16MB (bsc#1051510). - mtd: spi-nor: stm32-quadspi: Fix uninitialized error return code (bsc#1051510). - mv88e6060: disable hardware level MAC learning (bsc#1051510). - nbd: Use set_blocksize() to set device blocksize (bsc#1124984). - neighbour: Avoid writing before skb->head in neigh_hh_output() (networking-stable-18_12_12). - net: 8139cp: fix a BUG triggered by changing mtu with network traffic (networking-stable-18_12_12). - net: add uevent socket member (bsc#1122982). - net: aquantia: driver should correctly declare vlan_features bits (bsc#1051510). - net: aquantia: fixed instack structure overflow (git-fixes). - net: aquantia: Fix hardware DMA stream overload on large MRRS (bsc#1051510). - net: bcmgenet: abort suspend on error (bsc#1051510). - net: bcmgenet: code movement (bsc#1051510). - net: bcmgenet: fix OF child-node lookup (bsc#1051510). - net: bcmgenet: remove HFB_CTRL access (bsc#1051510). - net: bcmgenet: return correct value 'ret' from bcmgenet_power_down (bsc#1051510). - net: bridge: fix a bug on using a neighbour cache entry without checking its state (networking-stable-19_01_20). - net: bridge: Fix ethernet header pointer before check skb forwardable (networking-stable-19_01_26). - net: core: Fix Spectre v1 vulnerability (networking-stable-19_01_04). - net: do not call update_pmtu unconditionally (bsc#1123456). - net: Do not default Cavium PTP driver to 'y' (bsc#1110096). - net: dp83640: expire old TX-skb (networking-stable-19_02_10). - net: dsa: mv88e6xxx: handle unknown duplex modes gracefully in mv88e6xxx_port_set_duplex (git-fixes). - net: dsa: mv88x6xxx: mv88e6390 errata (networking-stable-19_01_22). - net: dsa: slave: Do not propagate flag changes on down slave interfaces (networking-stable-19_02_10). - net: ena: fix race between link up and device initalization (bsc#1083548). - netfilter: nf_tables: check the result of dereferencing base_chain->stats (git-fixes). - net: Fix usage of pskb_trim_rcsum (networking-stable-19_01_26). - net/hamradio/6pack: use mod_timer() to rearm timers (networking-stable-19_01_04). - net: hns3: add error handler for hns3_nic_init_vector_data() (bsc#1104353). - net: hns3: add handling for big TX fragment (bsc#1104353 ). - net: hns3: Fix client initialize state issue when roce client initialize failed (bsc#1104353). - net: hns3: Fix for loopback selftest failed problem (bsc#1104353 ). - net: hns3: fix for multiple unmapping DMA problem (bsc#1104353 ). - net: hns3: Fix tc setup when netdev is first up (bsc#1104353 ). - net: hns3: Fix tqp array traversal condition for vf (bsc#1104353 ). - net: hns3: move DMA map into hns3_fill_desc (bsc#1104353 ). - net: hns3: remove hns3_fill_desc_tso (bsc#1104353). - net: hns3: rename hns_nic_dma_unmap (bsc#1104353). - net: hns3: rename the interface for init_client_instance and uninit_client_instance (bsc#1104353). - net: ipv4: Fix memory leak in network namespace dismantle (networking-stable-19_01_26). - net: macb: restart tx after tx used bit read (networking-stable-19_01_04). - net/mlx4_core: Add masking for a few queries on HCA caps (networking-stable-19_02_01). - net/mlx4_core: Fix locking in SRIOV mode when switching between events and polling (git-fixes). - net/mlx4_core: Fix qp mtt size calculation (git-fixes). - net/mlx4_core: Fix reset flow when in command polling mode (git-fixes). - net/mlx4_en: Change min MTU size to ETH_MIN_MTU (networking-stable-18_12_12). - net/mlx5e: Allow MAC invalidation while spoofchk is ON (networking-stable-19_02_01). - net/mlx5e: IPoIB, Fix RX checksum statistics update (git-fixes). - net/mlx5e: Remove the false indication of software timestamping support (networking-stable-19_01_04). - net/mlx5e: RX, Fix wrong early return in receive queue poll (bsc#1046305). - net/mlx5: fix uaccess beyond 'count' in debugfs read/write handlers (git-fixes). - net/mlx5: Release resource on error flow (git-fixes). - net/mlx5: Return success for PAGE_FAULT_RESUME in internal error state (git-fixes). - net/mlx5: Typo fix in del_sw_hw_rule (networking-stable-19_01_04). - net/mlx5: Use multi threaded workqueue for page fault handling (git-fixes). - net: netem: fix skb length BUG_ON in __skb_to_sgvec (git-fixes). - netns: restrict uevents (bsc#1122982). - net: phy: do not allow __set_phy_supported to add unsupported modes (networking-stable-18_12_12). - net: phy: Fix the issue that netif always links up after resuming (networking-stable-19_01_04). - net: phy: marvell: Errata for mv88e6390 internal PHYs (networking-stable-19_01_26). - net: phy: mdio_bus: add missing device_del() in mdiobus_register() error handling (networking-stable-19_01_26). - net: phy: Micrel KSZ8061: link failure after cable connect (git-fixes). - netrom: fix locking in nr_find_socket() (networking-stable-19_01_04). - netrom: switch to sock timer API (bsc#1051510). - net/rose: fix NULL ax25_cb kernel panic (networking-stable-19_02_01). - net/sched: act_tunnel_key: fix memory leak in case of action replace (networking-stable-19_01_26). - net_sched: refetch skb protocol for each filter (networking-stable-19_01_26). - net: set default network namespace in init_dummy_netdev() (networking-stable-19_02_01). - net: skb_scrub_packet(): Scrub offload_fwd_mark (networking-stable-18_12_03). - net/smc: abort CLC connection in smc_release (bnc#1117947, LTC#173662). - net/smc: add infrastructure to send delete rkey messages (bnc#1117947, LTC#173662). - net/smc: add SMC-D shutdown signal (bnc#1117947, LTC#173662). - net/smc: allow fallback after clc timeouts (bnc#1117947, LTC#173662). - net/smc: atomic SMCD cursor handling (bnc#1117947, LTC#173662). - net/smc: avoid a delay by waiting for nothing (bnc#1117947, LTC#173662). - net/smc: cleanup listen worker mutex unlocking (bnc#1117947, LTC#173662). - net/smc: cleanup tcp_listen_worker initialization (bnc#1117947, LTC#173662). - net/smc: enable fallback for connection abort in state INIT (bnc#1117947, LTC#173662). - net/smc: fix non-blocking connect problem (bnc#1117947, LTC#173662). - net/smc: fix sizeof to int comparison (bnc#1117947, LTC#173662). - net/smc: fix smc_buf_unuse to use the lgr pointer (bnc#1117947, LTC#173662). - net/smc: fix TCP fallback socket release (networking-stable-19_01_04). - net/smc: make smc_lgr_free() static (bnc#1117947, LTC#173662). - net/smc: no link delete for a never active link (bnc#1117947, LTC#173662). - net/smc: no urgent data check for listen sockets (bnc#1117947, LTC#173662). - net/smc: remove duplicate mutex_unlock (bnc#1117947, LTC#173662). - net/smc: remove sock_error detour in clc-functions (bnc#1117947, LTC#173662). - net/smc: short wait for late smc_clc_wait_msg (bnc#1117947, LTC#173662). - net/smc: unregister rkeys of unused buffer (bnc#1117947, LTC#173662). - net/smc: use after free fix in smc_wr_tx_put_slot() (bnc#1117947, LTC#173662). - net/smc: use queue pair number when matching link group (bnc#1117947, LTC#173662). - net: stmmac: Fix a race in EEE enable callback (git-fixes). - net: stmmac: fix broken dma_interrupt handling for multi-queues (git-fixes). - net: stmmac: Fix PCI module removal leak (git-fixes). - net: stmmac: handle endianness in dwmac4_get_timestamp (git-fixes). - net: stmmac: Use mutex instead of spinlock (git-fixes). - net: systemport: Fix WoL with password after deep sleep (networking-stable-19_02_10). - net: thunderx: fix NULL pointer dereference in nic_remove (git-fixes). - net: thunderx: set tso_hdrs pointer to NULL in nicvf_free_snd_queue (networking-stable-18_12_03). - net: thunderx: set xdp_prog to NULL if bpf_prog_add fails (networking-stable-18_12_03). - net/wan: fix a double free in x25_asy_open_tty() (networking-stable-19_01_04). - nfit: acpi_nfit_ctl(): Check out_obj->type in the right place (bsc#1129547). - nfit/ars: Attempt a short-ARS whenever the ARS state is idle at boot (bsc#1051510). - nfit/ars: Attempt short-ARS even in the no_init_ars case (bsc#1051510). - nfp: bpf: fix ALU32 high bits clearance bug (git-fixes). - nfs: Allow NFSv4 mounts to not share transports (). - nfsd: COPY and CLONE operations require the saved filehandle to be set (git-fixes). - nfsd: Fix an Oops in free_session() (git-fixes). - nfs: Fix a missed page unlock after pg_doio() (git-fixes). - nfs: Fix up return value on fatal errors in nfs_page_async_flush() (git-fixes). - nfs: support 'nosharetransport' option (bnc#807502, bnc#828192, ). - nfsv4.1: Fix the r/wsize checking (git-fixes). - nfsv4: Do not exit the state manager without clearing NFS4CLNT_MANAGER_RUNNING (git-fixes). - niu: fix missing checks of niu_pci_eeprom_read (bsc#1051510). - ntb_transport: Fix bug with max_mw_size parameter (bsc#1051510). - nvme-fc: reject reconnect if io queue count is reduced to zero (bsc#1128351). - nvme: flush namespace scanning work just before removing namespaces (bsc#1108101). - nvme: kABI fix for scan_lock (bsc#1123882). - nvme: lock NS list changes while handling command effects (bsc#1123882). - nvme-loop: fix kernel oops in case of unhandled command (bsc#1126807). - nvme-multipath: drop optimization for static ANA group IDs (bsc#1113939). - nvme-multipath: round-robin I/O policy (bsc#1110705). - nvme-pci: fix out of bounds access in nvme_cqe_pending (bsc#1127595). - of, numa: Validate some distance map rules (bsc#1051510). - of: unittest: Disable interrupt node tests for old world MAC systems (bsc#1051510). - omap2fb: Fix stack memory disclosure (bsc#1120902) - openvswitch: Avoid OOB read when parsing flow nlattrs (bsc#1051510). - openvswitch: fix the incorrect flow action alloc size (bsc#1051510). - openvswitch: Remove padding from packet before L3+ conntrack processing (bsc#1051510). - packet: Do not leak dev refcounts on error exit (git-fixes). - packet: validate address length if non-zero (networking-stable-19_01_04). - packet: validate address length (networking-stable-19_01_04). - parport_pc: fix find_superio io compare code, should use equal test (bsc#1051510). - Partially revert 'block: fail op_is_write() requests to (bsc#1125252). - PCI: add USR vendor id and use it in r8169 and w6692 driver (networking-stable-19_01_22). - PCI: Disable broken RTIT_BAR of Intel TH (bsc#1120318). - pci: endpoint: functions: Use memcpy_fromio()/memcpy_toio() (bsc#1051510). - pci-hyperv: increase HV_VP_SET_BANK_COUNT_MAX to handle 1792 vcpus (bsc#1122822). - pci/PME: Fix hotplug/sysfs remove deadlock in pcie_pme_remove() (bsc#1051510). - pci: qcom: Do not deassert reset GPIO during probe (bsc#1129281). - pcrypt: use format specifier in kobject_add (bsc#1051510). - perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805). - perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805). - perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805). - perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805). - perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805). - perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805). - perf/x86/intel: Fix memory corruption (bsc#1121805). - perf/x86/intel: Fix memory corruption (bsc#1121805). - perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805). - perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805). - perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805). - perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805). - perf/x86/intel: Make cpuc allocations consistent (bsc#1121805). - perf/x86/intel: Make cpuc allocations consistent (bsc#1121805). - phonet: af_phonet: Fix Spectre v1 vulnerability (networking-stable-19_01_04). - phy: allwinner: sun4i-usb: poll vbus changes on A23/A33 when driving VBUS (bsc#1051510). - phy: qcom-qmp: Fix failure path in phy_init functions (bsc#1051510). - phy: qcom-qmp: Fix phy pipe clock gating (bsc#1051510). - phy: renesas: rcar-gen3-usb2: fix vbus_ctrl for role sysfs (bsc#1051510). - phy: rockchip-emmc: retry calpad busy trimming (bsc#1051510). - phy: sun4i-usb: add support for missing USB PHY index (bsc#1051510). - phy: tegra: remove redundant self assignment of 'map' (bsc#1051510). - phy: work around 'phys' references to usb-nop-xceiv devices (bsc#1051510). - pinctrl: max77620: Use define directive for max77620_pinconf_param values (bsc#1051510). - pinctrl: meson: fix pull enable register calculation (bsc#1051510). - pinctrl: meson: meson8b: fix the GPIO function for the GPIOAO pins (bsc#1051510). - pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins (bsc#1051510). - pinctrl: meson: meson8: fix the GPIO function for the GPIOAO pins (bsc#1051510). - pinctrl: msm: fix gpio-hog related boot issues (bsc#1051510). - pinctrl: sh-pfc: emev2: Add missing pinmux functions (bsc#1051510). - pinctrl: sh-pfc: r8a7740: Add missing LCD0 marks to lcd0_data24_1 group (bsc#1051510). - pinctrl: sh-pfc: r8a7740: Add missing REF125CK pin to gether_gmii group (bsc#1051510). - pinctrl: sh-pfc: r8a7778: Fix HSPI pin numbers and names (bsc#1051510). - pinctrl: sh-pfc: r8a7791: Fix scifb2_data_c pin group (bsc#1051510). - pinctrl: sh-pfc: r8a7791: Remove bogus ctrl marks from qspi_data4_b group (bsc#1051510). - pinctrl: sh-pfc: r8a7791: Remove bogus marks from vin1_b_data18 group (bsc#1051510). - pinctrl: sh-pfc: r8a7792: Fix vin1_data18_b pin group (bsc#1051510). - pinctrl: sh-pfc: r8a7794: Remove bogus IPSR9 field (bsc#1051510). - pinctrl: sh-pfc: sh7264: Fix PFCR3 and PFCR0 register configuration (bsc#1051510). - pinctrl: sh-pfc: sh7269: Add missing PCIOR0 field (bsc#1051510). - pinctrl: sh-pfc: sh73a0: Add missing TO pin to tpu4_to3 group (bsc#1051510). - pinctrl: sh-pfc: sh73a0: Fix fsic_spdif pin groups (bsc#1051510). - pinctrl: sh-pfc: sh7734: Add missing IPSR11 field (bsc#1051510). - pinctrl: sh-pfc: sh7734: Fix shifted values in IPSR10 (bsc#1051510). - pinctrl: sh-pfc: sh7734: Remove bogus IPSR10 value (bsc#1051510). - pinctrl: sunxi: a64: Rename function csi0 to csi (bsc#1051510). - pinctrl: sunxi: a64: Rename function ts0 to ts (bsc#1051510). - pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11 (bsc#1051510). - pinctrl: sx150x: handle failure case of devm_kstrdup (bsc#1051510). - pktcdvd: Fix possible Spectre-v1 for pkt_devs (bsc#1051510). - platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes (bsc#1051510). - platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK (bsc#1051510). - platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey (bsc#1051510). - platform/x86: Fix unmet dependency warning for SAMSUNG_Q10 (bsc#1051510). - powerpc/64s: Clear on-stack exception marker upon exception return (bsc#1071995). - powerpc: Add an option to disable static PCI bus numbering (bsc#1122159). - powerpc: Always save/restore checkpointed regs during treclaim/trecheckpoint (bsc#1118338). - powerpc/cacheinfo: Report the correct shared_cpu_map on big-cores (bsc#1109695). - powerpc: Detect the presence of big-cores via 'ibm, thread-groups' (bsc#1109695). - powerpc/livepatch: relax reliable stack tracer checks for first-frame (bsc#1071995). - powerpc/livepatch: small cleanups in save_stack_trace_tsk_reliable() (bsc#1071995). - powerpc: make use of for_each_node_by_type() instead of open-coding it (bsc#1109695). - powerpc/powernv: Clear LPCR[PECE1] via stop-api only for deep state offline (bsc#1119766, bsc#1055121). - powerpc/powernv: Clear PECE1 in LPCR via stop-api only on Hotplug (bsc#1119766, bsc#1055121). - powerpc/pseries: export timebase register sample in lparcfg (bsc#1127750). - powerpc/pseries: Perform full re-add of CPU for topology update post-migration (bsc#1125728). - powerpc: Remove facility loadups on transactional {fp, vec, vsx} unavailable (bsc#1118338). - powerpc: Remove redundant FP/Altivec giveup code (bsc#1118338). - powerpc/setup: Add cpu_to_phys_id array (bsc#1109695). - powerpc/smp: Add cpu_l2_cache_map (bsc#1109695). - powerpc/smp: Add Power9 scheduler topology (bsc#1109695). - powerpc/smp: Rework CPU topology construction (bsc#1109695). - powerpc/smp: Use cpu_to_chip_id() to find core siblings (bsc#1109695). - powerpc/tm: Avoid machine crash on rt_sigreturn (bsc#1118338). - powerpc/tm: Do not check for WARN in TM Bad Thing handling (bsc#1118338). - powerpc/tm: Fix comment (bsc#1118338). - powerpc/tm: Fix endianness flip on trap (bsc#1118338). - powerpc/tm: Fix HFSCR bit for no suspend case (bsc#1118338). - powerpc/tm: Fix HTM documentation (bsc#1118338). - powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM (bsc#1118338). - powerpc/tm: P9 disable transactionally suspended sigcontexts (bsc#1118338). - powerpc/tm: Print 64-bits MSR (bsc#1118338). - powerpc/tm: Print scratch value (bsc#1118338). - powerpc/tm: Reformat comments (bsc#1118338). - powerpc/tm: Remove msr_tm_active() (bsc#1118338). - powerpc/tm: Remove struct thread_info param from tm_reclaim_thread() (bsc#1118338). - powerpc/tm: Save MSR to PACA before RFID (bsc#1118338). - powerpc/tm: Set MSR[TS] just prior to recheckpoint (bsc#1118338, bsc#1120955). - powerpc/tm: Unset MSR[TS] if not recheckpointing (bsc#1118338). - powerpc/tm: Update function prototype comment (bsc#1118338). - powerpc: Use cpu_smallcore_sibling_mask at SMT level on bigcores (bsc#1109695). - powerpc/xmon: Fix invocation inside lock region (bsc#1122885). - pptp: dst_release sk_dst_cache in pptp_sock_destruct (git-fixes). - proc/sysctl: do not return ENOMEM on lookup when a table is unregistering (git-fixes). - pseries/energy: Use OF accessor function to read ibm,drc-indexes (bsc#1129080). - pstore/ram: Avoid allocation and leak of platform data (bsc#1051510). - pstore/ram: Avoid NULL deref in ftrace merging failure path (bsc#1051510). - pstore/ram: Correctly calculate usable PRZ bytes (bsc#1051510). - pstore/ram: Do not treat empty buffers as valid (bsc#1051510). - ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl (bsc#1051510). - ptp: Fix pass zero to ERR_PTR() in ptp_clock_register (bsc#1051510). - ptp_kvm: probe for kvm guest availability (bsc#1098382). - ptr_ring: wrap back ->producer in __ptr_ring_swap_queue() (networking-stable-19_01_04). - Put the xhci fix patch to the right place in the sorted section - qed: Avoid constant logical operation warning in qed_vf_pf_acquire (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Avoid implicit enum conversion in qed_iwarp_parse_rx_pkt (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Avoid implicit enum conversion in qed_roce_mode_to_flavor (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Avoid implicit enum conversion in qed_set_tunn_cls_info (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Fix an error code qed_ll2_start_xmit() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix bitmap_weight() check (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix blocking/unlimited SPQ entries leak (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix command number mismatch between driver and the mfw (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Fix mask parameter in qed_vf_prep_tunn_req_tlv (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix memory/entry leak in qed_init_sp_request() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix potential memory corruption (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix PTT leak in qed_drain() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix QM getters to always return a valid pq (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix rdma_info structure allocation (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix reading wrong value in loop condition (bsc#1086314 bsc#1086313 bsc#1086301). - qla2xxx: Fixup dual-protocol FCP connections (bsc#1108870). - qmi_wwan: Added support for Fibocom NL668 series (networking-stable-19_01_04). - qmi_wwan: Added support for Telit LN940 series (networking-stable-19_01_04). - qmi_wwan: add MTU default to qmap network interface (networking-stable-19_01_22). - qmi_wwan: Add support for Fibocom NL678 series (networking-stable-19_01_04). - r8169: Add support for new Realtek Ethernet (networking-stable-19_01_22). - r8169: use PCI_VDEVICE macro (networking-stable-19_01_22). - rapidio/rionet: do not free skb before reading its length (networking-stable-18_12_03). - rbd: do not return 0 on unmap if RBD_DEV_FLAG_REMOVING is set (bsc#1125797). - rcu: Fix up pending cbs check in rcu_prepare_for_idle (git fixes (kernel/rcu)). - rcu: Make need_resched() respond to urgent RCU-QS needs (git fixes (kernel/rcu)). - rdma/core: Fix unwinding flow in case of error to register device (bsc#1046306). - rdma/vmw_pvrdma: Support upto 64-bit PFNs (bsc#1127285). - Refresh patches.suse/scsi-do-not-print-reservation-conflict-for-TEST-UNIT.patch (bsc#1119843) - regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting (bsc#1051510). - regulator: pv88060: Fix array out-of-bounds access (bsc#1051510). - regulator: pv88080: Fix array out-of-bounds access (bsc#1051510). - regulator: pv88090: Fix array out-of-bounds access (bsc#1051510). - regulator: s2mps11: Fix steps for buck7, buck8 and LDO35 (bsc#1051510). - regulator: wm831x-dcdc: Fix list of wm831x_dcdc_ilim from mA to uA (bsc#1051510). - Remove blacklist of virtio patch so we can install it (bsc#1114585) - Revert 'drm/rockchip: Allow driver to be shutdown on reboot/kexec' (bsc#1051510). - Revert 'input: elan_i2c - add acpi ID for touchpad in ASUS Aspire F5-573G' (bsc#1051510). - Revert 'openvswitch: Fix template leak in error cases.' (bsc#1051510). - Revert 'scsi: qla2xxx: Fix NVMe Target discovery' (bsc#1125252). - Revert 'serial: 8250: Fix clearing FIFOs in RS485 mode again' (bsc#1051510). - Revert the previous merge of drm fixes The branch was merged mistakenly and breaks the build. Revert it. - Revert 'xhci: Reset Renesas uPD72020x USB controller for 32-bit DMA issue' (bsc#1120854). - rocker: fix rocker_tlv_put_* functions for KASAN (bsc#1051510). - rpm/kernel-binary.spec.in: fix initrd permissions (bsc#1123697) dracut has been using permissions 0600 for the initrd for a long time. - rpm/kernel-source.changes.old: Really drop old changelogs (bsc#1098995) - rt2800: enable TX_PIN_CFG_RFRX_EN only for MT7620 (bsc#1120902). - rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices (networking-stable-18_12_12). - rxrpc: bad unlock balance in rxrpc_recvmsg (networking-stable-19_02_10). - s390/cio: Fix how vfio-ccw checks pinned pages (git-fixes). - s390/cpum_cf: Reject request for sampling in event initialization (git-fixes). - s390/early: improve machine detection (git-fixes). - s390/ism: clear dmbe_mask bit before SMC IRQ handling (bnc#1117947, LTC#173662). - s390/mm: always force a load of the primary ASCE on context switch (git-fixes). - s390/mm: fix addressing exception after suspend/resume (bsc#1125252). - s390/qeth: cancel close_dev work before removing a card (LTC#175898, bsc#1127561). - s390/qeth: conclude all event processing before offlining a card (LTC#175901, bsc#1127567). - s390/qeth: fix use-after-free in error path (bsc#1127534). - s390/qeth: invoke softirqs after napi_schedule() (git-fixes). - s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU (git-fixes). - s390/smp: fix CPU hotplug deadlock with CPU rescan (git-fixes). - s390/sthyi: Fix machine name validity indication (git-fixes). - s390/zcrypt: fix specification exception on z196 during ap probe (LTC#174936, bsc#1123061). - sata_rcar: fix deferred probing (bsc#1051510). - sbus: char: add of_node_put() (bsc#1051510). - sc16is7xx: Fix for multi-channel stall (bsc#1051510). - sched: Do not re-read h_load_next during hierarchical load calculation (bnc#1120909). - sched/wait: Fix rcuwait_wake_up() ordering (git-fixes). - sched/wake_q: Document wake_q_add() (bsc#1050549). - sched/wake_q: Fix wakeup ordering for wake_q (bsc#1050549). - sched/wake_q: Reduce reference counting for special users (bsc#1050549). - sch_multiq: fix double free on init failure (bsc#1051510). - scsi: core: reset host byte in DID_NEXUS_FAILURE case (bsc#1122764). - scsi: csiostor: remove flush_scheduled_work() (bsc#1127363). - scsi: fix queue cleanup race before queue initialization is done (bsc#1125252). - scsi: ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - scsi: ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton (bsc#1119019). - scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task (bsc#1122192). - scsi: lpfc: Add log messages to aid in debugging fc4type discovery issues (bsc#1121317). - scsi: lpfc: Correct MDS loopback diagnostics support (bsc#1121317). - scsi: lpfc: do not set queue->page_count to 0 if pc_sli4_params.wqpcnt is invalid (bsc#1121317). - scsi: lpfc: Fix discovery failure when PLOGI is defered (bsc#1121317). - scsi: lpfc: Fix link state reporting for trunking when adapter is offline (bsc#1121317). - scsi: lpfc: fix remoteport access (bsc#1125252). - scsi: lpfc: remove an unnecessary NULL check (bsc#1121317). - scsi: lpfc: update fault value on successful trunk events (bsc#1121317). - scsi: lpfc: Update lpfc version to 12.0.0.10 (bsc#1121317). - scsi: mpt3sas: Add ioc_<level> logging macros (bsc#1117108). - scsi: mpt3sas: Annotate switch/case fall-through (bsc#1117108). - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT and reply_q_name to %s: (bsc#1117108). - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT without logging levels (bsc#1117108). - scsi: mpt3sas: Convert mlsleading uses of pr_<level> with MPT3SAS_FMT (bsc#1117108). - scsi: mpt3sas: Convert uses of pr_<level> with MPT3SAS_FMT to ioc_<level> (bsc#1117108). - scsi: mpt3sas: Fix a race condition in mpt3sas_base_hard_reset_handler() (bsc#1117108). - scsi: mpt3sas: Fix indentation (bsc#1117108). - scsi: mpt3sas: Improve kernel-doc headers (bsc#1117108). - scsi: mpt3sas: Introduce struct mpt3sas_nvme_cmd (bsc#1117108). - scsi: mpt3sas: Remove KERN_WARNING from panic uses (bsc#1117108). - scsi: mpt3sas: Remove set-but-not-used variables (bsc#1117108). - scsi: mpt3sas: Remove unnecessary parentheses and simplify null checks (bsc#1117108). - scsi: mpt3sas: Remove unused macro MPT3SAS_FMT (bsc#1117108). - scsi: mpt3sas: Split _base_reset_handler(), mpt3sas_scsih_reset_handler() and mpt3sas_ctl_reset_handler() (bsc#1117108). - scsi: mpt3sas: Swap I/O memory read value back to cpu endianness (bsc#1117108). - scsi: mpt3sas: switch to generic DMA API (bsc#1117108). - scsi: mpt3sas: Use dma_pool_zalloc (bsc#1117108). - scsi: mptsas: Fixup device hotplug for VMWare ESXi (bsc#1129046). - scsi: qedi: Add ep_state for login completion on un-reachable targets (bsc#1113712). - scsi: qla2xxx: Enable FC-NVME on NPIV ports (bsc#1094555). - scsi: qla2xxx: Fix a typo in MODULE_PARM_DESC (bsc#1094555). - scsi: qla2xxx: Fix for FC-NVMe discovery for NPIV port (bsc#1094555). - scsi: qla2xxx: Fix NPIV handling for FC-NVMe (bsc#1094555). - scsi: qla2xxx: Initialize port speed to avoid setting lower speed (bsc#1094555). - scsi: qla2xxx: Modify fall-through annotations (bsc#1094555). - scsi: qla2xxx: Remove unnecessary self assignment (bsc#1094555). - scsi: qla2xxx: Simplify conditional check (bsc#1094555). - scsi: qla2xxx: Timeouts occur on surprise removal of QLogic adapter (bsc#1124985). - scsi: qla2xxx: Update driver version to 10.00.00.12-k (bsc#1094555). - scsi: storvsc: Fix a race in sub-channel creation that can cause panic (). - scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315). - scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315). - scsi: target: make the pi_prot_format ConfigFS path readable (bsc#1123933). - scsi: virtio_scsi: fix pi_bytes{out,in} on 4 KiB block size devices (bsc#1114585). - sctp: add a ceiling to optlen in some sockopts (bnc#1129163). - sctp: improve the events for sctp stream adding (networking-stable-19_02_01). - sctp: improve the events for sctp stream reset (networking-stable-19_02_01). - sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event (networking-stable-19_01_04). - sctp: kfree_rcu asoc (networking-stable-18_12_12). - sd: disable logical block provisioning if 'lbpme' is not set (bsc#1086095 bsc#1078355). - selftests/livepatch: add DYNAMIC_DEBUG config dependency (bsc#1071995). - selftests/livepatch: introduce tests (bsc#1071995). - selftests/powerpc: Use snprintf to construct DSCR sysfs interface paths (bsc#1124579). - selinux: Add __GFP_NOWARN to allocation at str_read() (bsc#1051510). - selinux: always allow mounting submounts (bsc#1051510). - selinux: fix GPF on invalid policy (bsc#1051510). - seq_buf: Make seq_buf_puts() null-terminate the buffer (bsc#1051510). - serial: 8250_pci: Fix number of ports for ACCES serial cards (bsc#1051510). - serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup() (bsc#1051510). - serial: fix race between flush_to_ldisc and tty_open (bsc#1051510). - serial: fsl_lpuart: clear parity enable bit when disable parity (bsc#1051510). - serial: imx: fix error handling in console_setup (bsc#1051510). - serial: set suppress_bind_attrs flag only if builtin (bsc#1051510). - serial/sunsu: fix refcount leak (bsc#1051510). - serial: uartps: Fix interrupt mask issue to handle the RX interrupts properly (bsc#1051510). - serial: uartps: Fix stuck ISR if RX disabled with non-empty FIFO (bsc#1051510). - signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init (git-fixes). - skge: potential memory corruption in skge_get_regs() (bsc#1051510). - sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79 (bsc#1051510). - sky2: Increase D3 delay again (bsc#1051510). - slab: alien caches must not be initialized if the allocation of the alien cache failed (git fixes (mm/slab)). - smb3.1.1 dialect is no longer experimental (bsc#1051510). - smb311: Fix reconnect (bsc#1051510). - smb311: Improve checking of negotiate security contexts (bsc#1051510). - smb3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510). - smb3: allow stats which track session and share reconnects to be reset (bsc#1051510). - smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510). - smb3: check for and properly advertise directory lease support (bsc#1051510). - smb3: directory sync should not return an error (bsc#1051510). - smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510). - smb3: do not request leases in symlink creation and query (bsc#1051510). - smb3: Do not send smb3 SET_INFO if nothing changed (bsc#1051510). - smb3: Enable encryption for SMB3.1.1 (bsc#1051510). - smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510). - smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510). - smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510). - smb3: Fix root directory when server returns inode number of zero (bsc#1051510). - smb3: fix various xid leaks (bsc#1051510). - smb3: Improve security, move default dialect to smb3 from old CIFS (bsc#1051510). - smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510). - smb3: Remove ifdef since smb3 (and later) now STRONGLY preferred (bsc#1051510). - smb3: remove noisy warning message on mount (bsc#1129664). - smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510). - soc: bcm: brcmstb: Do not leak device tree node reference (bsc#1051510). - soc/tegra: Do not leak device tree node reference (bsc#1051510). - splice: do not merge into linked buffers (git-fixes). - staging: comedi: ni_660x: fix missing break in switch statement (bsc#1051510). - staging:iio:ad2s90: Make probe handle spi_setup failure (bsc#1051510). - staging: iio: ad7780: update voltage on read (bsc#1051510). - staging: iio: adc: ad7280a: handle error from __ad7280_read32() (bsc#1051510). - staging: iio: adt7316: allow adt751x to use internal vref for all dacs (bsc#1051510). - staging: iio: adt7316: fix register and bit definitions (bsc#1051510). - staging: iio: adt7316: fix the dac read calculation (bsc#1051510). - staging: iio: adt7316: fix the dac write calculation (bsc#1051510). - staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1 (bsc#1051510). - staging: rtl8723bs: Fix build error with Clang when inlining is disabled (bsc#1051510). - staging: speakup: Replace strncpy with memcpy (bsc#1051510). - staging: wilc1000: fix to set correct value for 'vif_num' (bsc#1051510). - sunrpc: correct the computation for page_ptr when truncating (git-fixes). - sunrpc: Fix a potential race in xprt_connect() (git-fixes). - sunrpc: Fix leak of krb5p encode pages (git-fixes). - sunrpc: handle ENOMEM in rpcb_getport_async (git-fixes). - sunrpc: safely reallow resvport min/max inversion (git-fixes). - svm: Add mutex_lock to protect apic_access_page_done on AMD systems (bsc#1129285). - swiotlb: Add is_swiotlb_active() function (bsc#1120008). - swiotlb: Introduce swiotlb_max_mapping_size() (bsc#1120008). - switchtec: Fix SWITCHTEC_IOCTL_EVENT_IDX_ALL flags overwrite (bsc#1051510). - switchtec: Remove immediate status check after submitting MRPC command (bsc#1051510). - sysfs: Disable lockdep for driver bind/unbind files (bsc#1051510). - tcp: batch tcp_net_metrics_exit (bsc#1122982). - tcp: change txhash on SYN-data timeout (networking-stable-19_01_20). - tcp: Do not underestimate rwnd_limited (networking-stable-18_12_12). - tcp: fix a race in inet_diag_dump_icsk() (networking-stable-19_01_04). - tcp: fix NULL ref in tail loss probe (networking-stable-18_12_12). - tcp: handle inet_csk_reqsk_queue_add() failures (git-fixes). - tcp: lack of available data can also cause TSO defer (git-fixes). - team: avoid complex list operations in team_nl_cmd_options_set() (bsc#1051510). - team: Free BPF filter when unregistering netdev (bsc#1051510). - thermal: do not clear passive state during system sleep (bsc#1051510). - thermal/drivers/hisi: Encapsulate register writes into helpers (bsc#1051510). - thermal/drivers/hisi: Fix configuration register setting (bsc#1051510). - thermal: generic-adc: Fix adc to temp interpolation (bsc#1051510). - thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set (bsc#1051510). - thermal: int340x_thermal: Fix a NULL vs IS_ERR() check (bsc#1051510). - thermal: mediatek: fix register index error (bsc#1051510). - timekeeping: Use proper seqcount initializer (bsc#1051510). - tipc: compare remote and local protocols in tipc_udp_enable() (networking-stable-19_01_04). - tipc: eliminate KMSAN uninit-value in strcmp complaint (bsc#1051510). - tipc: error path leak fixes in tipc_enable_bearer() (bsc#1051510). - tipc: fix a double kfree_skb() (networking-stable-19_01_04). - tipc: fix a race condition of releasing subscriber object (bsc#1051510). - tipc: fix bug in function tipc_nl_node_dump_monitor (bsc#1051510). - tipc: fix infinite loop when dumping link monitor summary (bsc#1051510). - tipc: fix RDM/DGRAM connect() regression (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_bearer_enable (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_doit (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_link_reset_stats (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_link_set (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_name_table_dump (bsc#1051510). - tipc: use lock_sock() in tipc_sk_reinit() (networking-stable-19_01_04). - tpm: fix kdoc for tpm2_flush_context_cmd() (bsc#1051510). - tpm: return a TPM_RC_COMMAND_CODE response if command is not implemented (bsc#1051510). - tpm: Return the actual size when receiving an unsupported command (bsc#1051510). - tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated (bsc#1051510). - tpm/tpm_i2c_infineon: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) (bsc#1051510). - tpm: tpm_i2c_nuvoton: use correct command duration for TPM 2.x (bsc#1051510). - tpm: tpm_try_transmit() refactor error flow (bsc#1051510). - tracing: Do not free iter->trace in fail path of tracing_open_pipe() (bsc#1129581). - tracing/uprobes: Fix output for multiple string arguments (bsc#1126495). - tracing: Use strncpy instead of memcpy for string keys in hist triggers (bsc#1129625). - Tree connect for smb3.1.1 must be signed for non-encrypted shares (bsc#1051510). - tty: Handle problem if line discipline does not have receive_buf (bsc#1051510). - tty: ipwireless: Fix potential NULL pointer dereference (bsc#1051510). - tty/n_hdlc: fix __might_sleep warning (bsc#1051510). - tty/serial: do not free trasnmit buffer page under port lock (bsc#1051510). - tty: serial: samsung: Properly set flags in autoCTS mode (bsc#1051510). - tun: forbid iface creation with rtnl ops (networking-stable-18_12_12). - uart: Fix crash in uart_write and uart_put_char (bsc#1051510). - ucc_geth: Reset BQL queue when stopping device (networking-stable-19_02_01). - ucma: fix a use-after-free in ucma_resolve_ip() (bsc#1051510). - uevent: add alloc_uevent_skb() helper (bsc#1122982). - Update config files. Remove conditional support for smb2 and SMB3: - Update patches.arch/s390-sles15-zcrypt-fix-specification-exception.patch (LTC#174936, bsc#1123060, bsc#1123061). - Update patches.fixes/acpi-nfit-Block-function-zero-DSMs.patch (bsc#1051510, bsc#1121789). - Update patches.fixes/acpi-nfit-Fix-command-supported-detection.patch (bsc#1051510, bsc#1121789). Add more detailed bugzilla reference. - Update patches.kabi/bpf-prevent-memory-disambiguation-attack.patch (bsc#1087082). - Update patches.kabi/bpf-properly-enforce-index-mask-to-prevent-out-of-bo.patch (bsc#1098425). - uprobes: Fix handle_swbp() vs. unregister() + register() race once more (bsc#1051510). - usb: Add new USB LPM helpers (bsc#1120902). - usb: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB (bsc#1120902). - usb: cdc-acm: send ZLP for Telit 3G Intel based modems (bsc#1120902). - usb: Consolidate LPM checks to avoid enabling LPM twice (bsc#1120902). - usb: dwc3: Correct the logic for checking TRB full in __dwc3_prepare_one_trb() (bsc#1051510). - usb: dwc3: gadget: Clear req->needs_extra_trb flag on cleanup (bsc#1120902). - usb: dwc3: gadget: Disable CSP for stream OUT ep (bsc#1051510). - usb: dwc3: gadget: Handle 0 xfer length for OUT EP (bsc#1051510). - usb: dwc3: trace: add missing break statement to make compiler happy (bsc#1120902). - usb: gadget: musb: fix short isoc packets with inventra dma (bsc#1051510). - usb: gadget: udc: net2272: Fix bitwise and boolean operations (bsc#1051510). - usb: hub: delay hub autosuspend if USB3 port is still link training (bsc#1051510). - usb: mtu3: fix the issue about SetFeature(U1/U2_Enable) (bsc#1051510). - usb: musb: dsps: fix otg state machine (bsc#1051510). - usb: musb: dsps: fix runtime pm for peripheral mode (bsc#1120902). - usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2 (networking-stable-18_12_03). - usbnet: smsc95xx: fix rx packet alignment (bsc#1051510). - usb: phy: am335x: fix race condition in _probe (bsc#1051510). - usb: serial: option: add Fibocom NL678 series (bsc#1120902). - usb: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays (bsc#1120902). - usb: serial: pl2303: add new PID to support PL2303TB (bsc#1051510). - usb: serial: simple: add Motorola Tetra TPG2200 device id (bsc#1051510). - usb: storage: add quirk for SMI SM3350 (bsc#1120902). - usb: storage: do not insert sane sense for SPC3+ when bad sense specified (bsc#1120902). - usb: xhci: fix 'broken_suspend' placement in struct xchi_hcd (bsc#1119086). - veth: set peer GSO values (bsc#1051510). - vfio: ccw: fix cleanup if cp_prefetch fails (git-fixes). - vfio: ccw: process ssch with interrupts disabled (git-fixes). - vfs: Add iomap_seek_hole and iomap_seek_data helpers (bsc#1070995). - vfs: Add page_cache_seek_hole_data helper (bsc#1070995). - vfs: in iomap seek_{hole,data}, return -ENXIO for negative offsets (bsc#1070995). - vhost: correctly check the return value of translate_desc() in log_used() (bsc#1051510). - vhost: log dirty page correctly (networking-stable-19_01_26). - vhost: make sure used idx is seen before log in vhost_add_used_n() (networking-stable-19_01_04). - vhost/vsock: fix uninitialized vhost_vsock->guest_cid (bsc#1051510). - video: clps711x-fb: release disp device node in probe() (bsc#1051510). - virtio-blk: Consider virtio_max_dma_size() for maximum segment size (bsc#1120008). - virtio: Introduce virtio_max_dma_size() (bsc#1120008). - virtio_net: Do not call free_old_xmit_skbs for xdp_frames (networking-stable-19_02_01). - virtio-net: fail XDP set if guest csum is negotiated (networking-stable-18_12_03). - virtio-net: keep vnet header zeroed after processing XDP (networking-stable-18_12_12). - virtio/s390: avoid race on vcdev->config (git-fixes). - virtio/s390: fix race in ccw_io_helper() (git-fixes). - vmci: Support upto 64-bit PPNs (bsc#1127286). - vsock: cope with memory allocation failure at socket creation time (bsc#1051510). - vsock: Send reset control packet when socket is partially bound (networking-stable-19_01_04). - vt: invoke notifier on screen size change (bsc#1051510). - vxge: ensure data0 is initialized in when fetching firmware version information (bsc#1051510). - vxlan: Fix GRO cells race condition between receive and link delete (git-fixes). - vxlan: test dev->flags & IFF_UP before calling gro_cells_receive() (git-fixes). - vxlan: update skb dst pmtu on tx path (bsc#1123456). - w90p910_ether: remove incorrect __init annotation (bsc#1051510). - watchdog: docs: kernel-api: do not reference removed functions (bsc#1051510). - watchdog: w83627hf_wdt: Add quirk for Inves system (bsc#1106434). - writeback: do not decrement wb->refcnt if !wb->bdi (git fixes (writeback)). - x86: Add TSX Force Abort CPUID/MSR (bsc#1121805). - x86: Add TSX Force Abort CPUID/MSR (bsc#1121805). - x86/amd_nb: Add PCI device IDs for family 17h, model 30h (). - x86/amd_nb: Add support for newer PCI topologies (). - x86/a.out: Clear the dump structure initially (bsc#1114279). - x86/apic: Provide apic_ack_irq() (bsc#1122822). - x86/boot/e820: Avoid overwriting e820_table_firmware (bsc#1127154). - x86/boot/e820: Introduce the bootloader provided e820_table_firmware[] table (bsc#1127154). - x86/boot/e820: Rename the e820_table_firmware to e820_table_kexec (bsc#1127154). - x86/bugs: Add AMD's variant of SSB_NO (bsc#1114279). - x86/bugs: Update when to check for the LS_CFG SSBD mitigation (bsc#1114279). - x86/efi: Allocate e820 buffer before calling efi_exit_boot_service (bsc#1127307). - x86/efi: Allocate e820 buffer before calling efi_exit_boot_service (bsc#1127307). - x86/Hyper-V: Set x2apic destination mode to physical when x2apic is available (bsc#1122822). - x86/kaslr: Fix incorrect i8254 outb() parameters (bsc#1114279). - x86/kvmclock: set pvti_cpu0_va after enabling kvmclock (bsc#1098382). - x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out() (bsc#1114279). - x86/microcode/amd: Do not falsely trick the late loading mechanism (bsc#1114279). - x86/mm: Drop usage of __flush_tlb_all() in kernel_physical_mapping_init() (bsc#1114279). - x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE (bsc#1114279). - x86/mtrr: Do not copy uninitialized gentry fields back to userspace (bsc#1114279). - x86/pkeys: Properly copy pkey state at fork() (bsc#1129366). - x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls (bsc#1125614). - x86/pvclock: add setter for pvclock_pvti_cpu0_va (bsc#1098382). - x86/resctrl: Fix rdt_find_domain() return value and checks (bsc#1114279). - x86: respect memory size limiting via mem= parameter (bsc#1117645). - x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC variant (bsc#1114279). - x86/speculation: Remove redundant arch_smt_update() invocation (bsc#1114279). - x86/vdso: Remove obsolete 'fake section table' reservation (bsc#1114279). - x86/xen: dont add memory above max allowed allocation (bsc#1117645). - x86/xen/time: Output xen sched_clock time from 0 (bsc#1098382). - x86/xen/time: set pvclock flags on xen_time_init() (bsc#1098382). - x86/xen/time: setup vcpu 0 time info page (bsc#1098382). - xen, cpu_hotplug: Prevent an out of bounds access (bsc#1065600). - xen: fix dom0 boot on huge systems (bsc#1127836). - xen: Fix x86 sched_clock() interface for xen (bsc#1098382). - xen/manage: do not complain about an empty value in control/sysrq node (bsc#1065600). - xen: remove pre-xen3 fallback handlers (bsc#1065600). - xfs: add option to mount with barrier=0 or barrier=1 (bsc#1088133). - xfs: fix contiguous dquot chunk iteration livelock (bsc#1070995). - xfs: remove filestream item xfs_inode reference (bsc#1127961). - xfs: rewrite xfs_dq_get_next_id using xfs_iext_lookup_extent (bsc#1070995). - xhci: Add quirk to zero 64bit registers on Renesas PCIe controllers (bsc#1120854). - xhci: workaround CSS timeout on AMD SNPS 3.0 xHC (bsc#1119086). - xprtrdma: Reset credit grant properly after a disconnect (git-fixes). - Yama: Check for pid death before checking ancestry (bsc#1051510). - yam: fix a missing-check bug (bsc#1051510). - zswap: re-check zswap_is_full() after do zswap_shrink() (bsc#1051510). - xfs: Switch to iomap for SEEK_HOLE / SEEK_DATA (bsc#1070995). Important SUSE bug 1046305 SUSE bug 1046306 SUSE bug 1050252 SUSE bug 1050549 SUSE bug 1051510 SUSE bug 1054610 SUSE bug 1055121 SUSE bug 1056658 SUSE bug 1056662 SUSE bug 1056787 SUSE bug 1060463 SUSE bug 1063638 SUSE bug 1065600 SUSE bug 1068032 SUSE bug 1070995 SUSE bug 1071995 SUSE bug 1074562 SUSE bug 1074578 SUSE bug 1074701 SUSE bug 1075006 SUSE bug 1075419 SUSE bug 1075748 SUSE bug 1078355 SUSE bug 1080039 SUSE bug 1082943 SUSE bug 1083548 SUSE bug 1083647 SUSE bug 1084216 SUSE bug 1086095 SUSE bug 1086282 SUSE bug 1086301 SUSE bug 1086313 SUSE bug 1086314 SUSE bug 1086323 SUSE bug 1087082 SUSE bug 1087084 SUSE bug 1087092 SUSE bug 1087939 SUSE bug 1088133 SUSE bug 1094555 SUSE bug 1098382 SUSE bug 1098425 SUSE bug 1098995 SUSE bug 1102055 SUSE bug 1103429 SUSE bug 1104353 SUSE bug 1106105 SUSE bug 1106434 SUSE bug 1106811 SUSE bug 1107078 SUSE bug 1107665 SUSE bug 1108101 SUSE bug 1108870 SUSE bug 1109695 SUSE bug 1110096 SUSE bug 1110705 SUSE bug 1111666 SUSE bug 1113042 SUSE bug 1113712 SUSE bug 1113722 SUSE bug 1113769 SUSE bug 1113939 SUSE bug 1114279 SUSE bug 1114585 SUSE bug 1114893 SUSE bug 1117108 SUSE bug 1117155 SUSE bug 1117645 SUSE bug 1117947 SUSE bug 1118338 SUSE bug 1119019 SUSE bug 1119086 SUSE bug 1119766 SUSE bug 1119843 SUSE bug 1120008 SUSE bug 1120318 SUSE bug 1120601 SUSE bug 1120758 SUSE bug 1120854 SUSE bug 1120902 SUSE bug 1120909 SUSE bug 1120955 SUSE bug 1121317 SUSE bug 1121726 SUSE bug 1121789 SUSE bug 1121805 SUSE bug 1122019 SUSE bug 1122159 SUSE bug 1122192 SUSE bug 1122292 SUSE bug 1122324 SUSE bug 1122554 SUSE bug 1122662 SUSE bug 1122764 SUSE bug 1122779 SUSE bug 1122822 SUSE bug 1122885 SUSE bug 1122927 SUSE bug 1122944 SUSE bug 1122971 SUSE bug 1122982 SUSE bug 1123060 SUSE bug 1123061 SUSE bug 1123161 SUSE bug 1123317 SUSE bug 1123348 SUSE bug 1123357 SUSE bug 1123456 SUSE bug 1123538 SUSE bug 1123697 SUSE bug 1123882 SUSE bug 1123933 SUSE bug 1124055 SUSE bug 1124204 SUSE bug 1124235 SUSE bug 1124579 SUSE bug 1124589 SUSE bug 1124728 SUSE bug 1124732 SUSE bug 1124735 SUSE bug 1124969 SUSE bug 1124974 SUSE bug 1124975 SUSE bug 1124976 SUSE bug 1124978 SUSE bug 1124979 SUSE bug 1124980 SUSE bug 1124981 SUSE bug 1124982 SUSE bug 1124984 SUSE bug 1124985 SUSE bug 1125109 SUSE bug 1125125 SUSE bug 1125252 SUSE bug 1125315 SUSE bug 1125614 SUSE bug 1125728 SUSE bug 1125780 SUSE bug 1125797 SUSE bug 1125799 SUSE bug 1125800 SUSE bug 1125907 SUSE bug 1125947 SUSE bug 1126131 SUSE bug 1126209 SUSE bug 1126389 SUSE bug 1126393 SUSE bug 1126476 SUSE bug 1126480 SUSE bug 1126481 SUSE bug 1126488 SUSE bug 1126495 SUSE bug 1126555 SUSE bug 1126579 SUSE bug 1126789 SUSE bug 1126790 SUSE bug 1126802 SUSE bug 1126803 SUSE bug 1126804 SUSE bug 1126805 SUSE bug 1126806 SUSE bug 1126807 SUSE bug 1127042 SUSE bug 1127062 SUSE bug 1127082 SUSE bug 1127154 SUSE bug 1127285 SUSE bug 1127286 SUSE bug 1127307 SUSE bug 1127363 SUSE bug 1127493 SUSE bug 1127494 SUSE bug 1127495 SUSE bug 1127496 SUSE bug 1127497 SUSE bug 1127498 SUSE bug 1127534 SUSE bug 1127561 SUSE bug 1127567 SUSE bug 1127595 SUSE bug 1127603 SUSE bug 1127682 SUSE bug 1127731 SUSE bug 1127750 SUSE bug 1127836 SUSE bug 1127961 SUSE bug 1128094 SUSE bug 1128166 SUSE bug 1128351 SUSE bug 1128451 SUSE bug 1128895 SUSE bug 1129046 SUSE bug 1129080 SUSE bug 1129163 SUSE bug 1129179 SUSE bug 1129181 SUSE bug 1129182 SUSE bug 1129183 SUSE bug 1129184 SUSE bug 1129205 SUSE bug 1129281 SUSE bug 1129284 SUSE bug 1129285 SUSE bug 1129291 SUSE bug 1129292 SUSE bug 1129293 SUSE bug 1129294 SUSE bug 1129295 SUSE bug 1129296 SUSE bug 1129326 SUSE bug 1129327 SUSE bug 1129330 SUSE bug 1129363 SUSE bug 1129366 SUSE bug 1129497 SUSE bug 1129519 SUSE bug 1129543 SUSE bug 1129547 SUSE bug 1129551 SUSE bug 1129581 SUSE bug 1129625 SUSE bug 1129664 SUSE bug 1129739 SUSE bug 1129923 SUSE bug 807502 SUSE bug 824948 SUSE bug 828192 SUSE bug 925178 CVE-2017-5753 CVE-2018-20669 CVE-2019-2024 CVE-2019-3459 CVE-2019-3460 CVE-2019-3819 CVE-2019-6974 CVE-2019-7221 CVE-2019-7222 CVE-2019-7308 CVE-2019-8912 CVE-2019-8980 CVE-2019-9213 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for openssl-1_1 (OpenSSL Security Advisory [6 March 2019]) fixes the following issues: Security issue fixed: - CVE-2019-1543: Fixed an implementation error in ChaCha20-Poly1305 where it was allowed to set IV with more than 12 bytes (bsc#1128189). Moderate SUSE bug 1128189 CVE-2019-1543 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for bash fixes the following issues: Security issue fixed: - CVE-2019-9924: Fixed a vulnerability in which shell did not prevent user BASH_CMDS allowing the user to execute any command with the permissions of the shell (bsc#1130324). Important SUSE bug 1130324 CVE-2019-9924 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for file fixes the following issues: The following security vulnerabilities were addressed: - Fixed an out-of-bounds read in the function do_core_note in readelf.c, which allowed remote attackers to cause a denial of service (application crash) via a crafted ELF file (bsc#1096974 CVE-2018-10360). - CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c (bsc#1126118) - CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c (bsc#1126119) - CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c (bsc#1126117) Moderate SUSE bug 1096974 SUSE bug 1096984 SUSE bug 1126117 SUSE bug 1126118 SUSE bug 1126119 CVE-2018-10360 CVE-2019-8905 CVE-2019-8906 CVE-2019-8907 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for MozillaFirefox fixes the following issues: Security issuess addressed: - update to Firefox ESR 60.6.1 (bsc#1130262): - CVE-2019-9813: Fixed Ionmonkey type confusion with __proto__ mutations - CVE-2019-9810: Fixed IonMonkey MArraySlice incorrect alias information - Update to Firefox ESR 60.6 (bsc#1129821): - CVE-2018-18506: Fixed an issue with Proxy Auto-Configuration file - CVE-2019-9801: Fixed an issue which could allow Windows programs to be exposed to web content - CVE-2019-9788: Fixed multiple memory safety bugs - CVE-2019-9790: Fixed a Use-after-free vulnerability when removing in-use DOM elements - CVE-2019-9791: Fixed an incorrect Type inference for constructors entered through on-stack replacement with IonMonkey - CVE-2019-9792: Fixed an issue where IonMonkey leaks JS_OPTIMIZED_OUT magic value to script - CVE-2019-9793: Fixed multiple improper bounds checks when Spectre mitigations are disabled - CVE-2019-9794: Fixed an issue where command line arguments not discarded during execution - CVE-2019-9795: Fixed a Type-confusion vulnerability in IonMonkey JIT compiler - CVE-2019-9796: Fixed a Use-after-free vulnerability in SMIL animation controller - Update to Firefox ESR 60.5.1 (bsc#1125330): - CVE-2018-18356: Fixed a use-after-free vulnerability in the Skia library which can occur when creating a path, leading to a potentially exploitable crash. - CVE-2019-5785: Fixed an integer overflow vulnerability in the Skia library which can occur after specific transform operations, leading to a potentially exploitable crash. - CVE-2018-18335: Fixed a buffer overflow vulnerability in the Skia library which can occur with Canvas 2D acceleration on macOS. This issue was addressed by disabling Canvas 2D acceleration in Firefox ESR. Note: this does not affect other versions and platforms where Canvas 2D acceleration is already disabled by default. Other issue addressed: - Fixed an issue with MozillaFirefox-translations-common which was causing error on update (bsc#1127987). Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/ Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/ Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/ Important SUSE bug 1125330 SUSE bug 1127987 SUSE bug 1129821 SUSE bug 1130262 CVE-2018-18335 CVE-2018-18356 CVE-2018-18506 CVE-2019-5785 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9794 CVE-2019-9795 CVE-2019-9796 CVE-2019-9801 CVE-2019-9810 CVE-2019-9813 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for apache2 fixes the following issues: * CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241] * CVE-2019-0217: A race condition in Apache's 'mod_auth_digest' when running in a threaded server could have allowed users with valid credentials to authenticate using another username, bypassing configured access control restrictions. [bsc#1131239] * CVE-2019-0211: A flaw in the Apache HTTP Server allowed less-privileged child processes or threads to execute arbitrary code with the privileges of the parent process. Attackers with control over CGI scripts or extension modules run by the server could have abused this issue to potentially gain super user privileges. [bsc#1131233] * CVE-2019-0197: When HTTP/2 support was enabled in the Apache server for a 'http' host or H2Upgrade was enabled for h2 on a 'https' host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. This issue could have been abused to mount a denial-of-service attack. Servers that never enabled the h2 protocol or that only enabled it for https: and did not configure the 'H2Upgrade on' are unaffected. [bsc#1131245] * CVE-2019-0196: Through specially crafted network input the Apache's http/2 request handler could be lead to access previously freed memory while determining the method of a request. This resulted in the request being misclassified and thus being processed incorrectly. [bsc#1131237] Important SUSE bug 1131233 SUSE bug 1131237 SUSE bug 1131239 SUSE bug 1131241 SUSE bug 1131245 CVE-2019-0196 CVE-2019-0197 CVE-2019-0211 CVE-2019-0217 CVE-2019-0220 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for xen fixes the following issues: Security issues fixed: - Fixed an issue which could allow malicious PV guests may cause a host crash or gain access to data pertaining to other guests.Additionally, vulnerable configurations are likely to be unstable even in the absence of an attack (bsc#1126198). - Fixed multiple access violations introduced by XENMEM_exchange hypercall which could allow a single PV guest to leak arbitrary amounts of memory, leading to a denial of service (bsc#1126192). - Fixed an issue which could allow a malicious unprivileged guest userspace process to escalate its privilege to that of other userspace processes in the same guest and potentially thereby to that of the guest operating system (bsc#1126201). - Fixed an issue which could allow malicious or buggy x86 PV guest kernels to mount a Denial of Service attack affecting the whole system (bsc#1126197). - Fixed an issue which could allow an untrusted PV domain with access to a physical device to DMA into its own pagetables leading to privilege escalation (bsc#1126195). - Fixed an issue which could allow a malicious or buggy x86 PV guest kernels can mount a Denial of Service attack affecting the whole system (bsc#1126196). - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() found in slirp (bsc#1123157). - Fixed an issue which could allow malicious 64bit PV guests to cause a host crash (bsc#1127400). - Fixed an issue which could allow malicious or buggy guests with passed through PCI devices to be able to escalate their privileges, crash the host, or access data belonging to other guests. Additionally memory leaks were also possible (bsc#1126140). - Fixed a race condition issue which could allow malicious PV guests to escalate their privilege to that of the hypervisor (bsc#1126141). - CVE-2019-9824: Fixed an information leak in SLiRP networking implementation which could allow a user/process to read uninitialised stack memory contents (bsc#1129623). Other issues addressed: - Upstream bug fixes (bsc#1027519) - Packages should no longer use /var/adm/fillup-templates (bsc#1069468). - Added Xen cmdline option 'suse_vtsc_tolerance' to avoid TSC emulation for HVM domUs (bsc#1026236). - Fixed an issue where setup of grant_tables and other variables may fail (bsc#1126325). - Fixed a building issue (bsc#1119161). - Added a requirement for xen, xl.cfg firmware='pvgrub32|pvgrub64 (bsc#1127620). - Fixed a segmetation fault in Libvirt when crash triggered on top of HVM guest (bsc#1120067). Important SUSE bug 1026236 SUSE bug 1027519 SUSE bug 1069468 SUSE bug 1119161 SUSE bug 1120067 SUSE bug 1123157 SUSE bug 1126140 SUSE bug 1126141 SUSE bug 1126192 SUSE bug 1126195 SUSE bug 1126196 SUSE bug 1126197 SUSE bug 1126198 SUSE bug 1126201 SUSE bug 1126325 SUSE bug 1127400 SUSE bug 1127620 SUSE bug 1129623 CVE-2019-6778 CVE-2019-9824 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for SDL fixes the following issues: Security issues fixed: - CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806). - CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099). - CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799). - CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805). - CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827). - CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826). - CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824). - CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803). - CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802). - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825). - CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800). Moderate SUSE bug 1124799 SUSE bug 1124800 SUSE bug 1124802 SUSE bug 1124803 SUSE bug 1124805 SUSE bug 1124806 SUSE bug 1124824 SUSE bug 1124825 SUSE bug 1124826 SUSE bug 1124827 SUSE bug 1125099 CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for dovecot22 fixes the following issues: Security issues fixed: - CVE-2019-7524: Fixed an improper file handling which could result in stack overflow allowing local root escalation (bsc#1130116). - CVE-2019-3814: Fixed a vulnerability related to SSL client certificate authentication (bsc#1123022). Other issue fixed: - Fixed handling of command continuation(bsc#1111789) Important SUSE bug 1111789 SUSE bug 1123022 SUSE bug 1130116 CVE-2019-3814 CVE-2019-7524 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for sqlite3 fixes the following issues: Security issues fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687). - CVE-2018-20506: Fixed an integer overflow when FTS3 extension is enabled (bsc#1131576). Moderate SUSE bug 1119687 SUSE bug 1131576 CVE-2018-20346 CVE-2018-20506 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for xmltooling fixes the following issue: Security issue fixed: - CVE-2019-9628: Fixed an improper handling of exception in XMLTooling library which could result in denial of service against the application using XMLTooling (bsc#1129537). Moderate SUSE bug 1129537 CVE-2019-9628 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libvirt fixes the following issues: Security issue fixed: - CVE-2019-3840: Fixed a null pointer dereference vulnerability in virJSONValueObjectHasKey function which could have resulted in a remote denial of service via the guest agent (bsc#1127458). - CVE-2019-3886: Fixed an information leak which allowed to retrieve the guest hostname under readonly mode (bsc#1131595). Other issues addressed: - libxl: support Xen's max_grant_frames setting with maxGrantFrames attribute on the xenbus controller (bsc#1126325). - conf: added new 'xenbus' controller type - util: skip RDMA detection for non-PCI network devices (bsc#1112182). - qemu: don't use CAP_DAC_OVERRIDE capability if non-root (bsc#1125665). - qemu: fix issues related to restricted permissions on /dev/sev(bsc#1102604). - libxl: save current memory value after successful balloon (bsc#1120813). - libxl: Add support for soft reset. (bsc#1081516) Moderate SUSE bug 1081516 SUSE bug 1102604 SUSE bug 1112182 SUSE bug 1120813 SUSE bug 1125665 SUSE bug 1126325 SUSE bug 1127458 SUSE bug 1131595 CVE-2019-3840 CVE-2019-3886 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for soundtouch fixes the following issues: Security issues fixed: - CVE-2018-17098: Fixed a heap corruption from size inconsistency, which allowed remote attackers to cause a denial of service or possibly have other unspecified impact (bsc#1108632) - CVE-2018-17097: Fixed a double free, which allowed remote attackers to cause a denial of service or possibly have other unspecified impact (bsc#1108631) Moderate SUSE bug 1108631 SUSE bug 1108632 CVE-2018-17097 CVE-2018-17098 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). Important SUSE bug 1129346 CVE-2019-9636 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for php5 fixes the following issues: Security issues fixed: - CVE-2019-9024: Fixed a vulnerability in xmlrpc_decode function which could allow to a hostile XMLRPC server to cause memory read outside the allocated areas (bsc#1126821). - CVE-2019-9020: Fixed a heap out of bounds in xmlrpc_decode function (bsc#1126711). - CVE-2018-20783: Fixed a buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1127122). - CVE-2019-9021: Fixed a heap buffer-based buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1126713). - CVE-2019-9023: Fixed multiple heap-based buffer over-read instances in mbstring regular expression functions (bsc#1126823). - CVE-2019-9641: Fixed multiple invalid memory access in EXIF extension and improved insecure implementation of rename function (bsc#1128722). Moderate SUSE bug 1126711 SUSE bug 1126713 SUSE bug 1126821 SUSE bug 1126823 SUSE bug 1127122 SUSE bug 1128722 CVE-2018-20783 CVE-2019-9020 CVE-2019-9021 CVE-2019-9023 CVE-2019-9024 CVE-2019-9641 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for php72 fixes the following issues: - CVE-2019-9637: Due to the way rename() across filesystems is implemented, it was possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data. (bsc#1128892) - CVE-2019-9675: phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: 'This issue allows theoretical compromise of security, but a practical attack is usually impossible.' (bsc#1128886) - CVE-2019-9638: An issue was discovered in the EXIF component in PHP. There was an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len. (bsc#1128889) - CVE-2019-9639: An issue was discovered in the EXIF component in PHP. There was an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable. (bsc#1128887) - CVE-2019-9640: An issue was discovered in the EXIF component in PHP. There was an Invalid Read in exif_process_SOFn. (bsc#1128883) Moderate SUSE bug 1128883 SUSE bug 1128886 SUSE bug 1128887 SUSE bug 1128889 SUSE bug 1128892 CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 CVE-2019-9675 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for freeradius-server fixes the following issues: - CVE-2019-13456: Fixed a side-channel password leak in EAP-pwd (bsc#1144524). - CVE-2019-17185: Fixed a debial of service due to multithreaded BN_CTX access (bsc#1166847). - Fixed an issue in TLS-EAP where the OCSP verification, when an intermediate client certificate was not explicitly trusted (bsc#1146848). Moderate SUSE bug 1144524 SUSE bug 1146848 SUSE bug 1166847 CVE-2019-13456 CVE-2019-17185 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libqt4 fixes the following issues: - CVE-2018-15518: Fixed a double free in QXmlStreamReader (bsc#1118595) - CVE-2018-19873: Fixed a segmantation fault via a malformed BMP file (bsc#1118596). - CVE-2018-19869: Fixed an improper checking which might lead to a crach via a malformed url reference (bsc#1118599). - Added stricter toplevel asm parsing by dropping volatile qualification that has no effect (bsc#1121214). Moderate SUSE bug 1118595 SUSE bug 1118596 SUSE bug 1118599 SUSE bug 1121214 CVE-2018-15518 CVE-2018-19869 CVE-2018-19873 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for cups fixes the following issues: - CVE-2020-3898: Fixed a heap buffer overflow in ppdFindOption() (bsc#1168422). Important SUSE bug 1168422 CVE-2020-3898 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for openssl-1_1 fixes the following issues: - CVE-2020-1967: Fixed a denial of service via NULL pointer dereference in SSL_check_chain (bsc#1169407). Important SUSE bug 1169407 CVE-2020-1967 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for webkit2gtk3 to version 2.28.1 fixes the following issues: Security issues fixed: - CVE-2020-10018: Fixed a denial of service because the m_deferredFocusedNodeChange data structure was mishandled (bsc#1165528). - CVE-2020-11793: Fixed a potential arbitrary code execution caused by a use-after-free vulnerability (bsc#1169658). - CVE-2019-8835: Fixed multiple memory corruption issues (bsc#1161719). - CVE-2019-8844: Fixed multiple memory corruption issues (bsc#1161719). - CVE-2019-8846: Fixed a use-after-free issue (bsc#1161719). - CVE-2020-3862: Fixed a memory handling issue (bsc#1163809). - CVE-2020-3867: Fixed an XSS issue (bsc#1163809). - CVE-2020-3868: Fixed multiple memory corruption issues that could have lead to arbitrary code execution (bsc#1163809). - CVE-2020-3864,CVE-2020-3865: Fixed logic issues in the DOM object context handling (bsc#1163809). Non-security issues fixed: - Add API to enable Process Swap on (Cross-site) Navigation. - Add user messages API for the communication with the web extension. - Add support for same-site cookies. - Service workers are enabled by default. - Add support for Pointer Lock API. - Add flatpak sandbox support. - Make ondemand hardware acceleration policy never leave accelerated compositing mode. - Always use a light theme for rendering form controls. - Add about:gpu to show information about the graphics stack. - Fixed issues while trying to play a video on NextCloud. - Fixed vertical alignment of text containing arabic diacritics. - Fixed build with icu 65.1. - Fixed page loading errors with websites using HSTS. - Fixed web process crash when displaying a KaTeX formula. - Fixed several crashes and rendering issues. - Switched to a single web process for Evolution and geary (bsc#1159329). Important SUSE bug 1155321 SUSE bug 1156318 SUSE bug 1159329 SUSE bug 1161719 SUSE bug 1163809 SUSE bug 1165528 SUSE bug 1169658 CVE-2019-8625 CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2020-10018 CVE-2020-11793 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for xen fixes the following issues: Security issues fixed: - CVE-2020-11742: Bad continuation handling in GNTTABOP_copy (bsc#1169392). - CVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple xenoprof issues (bsc#1168140). - CVE-2020-11739: Missing memory barriers in read-write unlock paths (bsc#1168142). - CVE-2020-11743: Bad error path in GNTTABOP_map_grant (bsc#1168143). - CVE-2020-7211: Fixed potential directory traversal using relative paths via tftp server on Windows host (bsc#1161181). - arm: a CPU may speculate past the ERET instruction (bsc#1160932). Non-security issues fixed: - Xenstored Crashed during VM install (bsc#1167152) - DomU hang: soft lockup CPU #0 stuck under high load (bsc#1165206, bsc#1134506) - Update API compatibility versions, fixes issues for libvirt. (bsc#1167007, bsc#1157490) - aacraid blocks xen commands (bsc#1155200) Important SUSE bug 1027519 SUSE bug 1155200 SUSE bug 1160932 SUSE bug 1161181 SUSE bug 1167152 SUSE bug 1168140 SUSE bug 1168142 SUSE bug 1168143 SUSE bug 1169392 CVE-2020-11739 CVE-2020-11740 CVE-2020-11741 CVE-2020-11742 CVE-2020-11743 CVE-2020-7211 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-8834: KVM on Power8 processors had a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability to run code in kernel space of a guest VM can cause the host kernel to panic (bnc#1168276). - CVE-2020-11494: An issue was discovered in slc_bump in drivers/net/can/slcan.c, which allowed attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL (bnc#1168424). - CVE-2020-10942: In get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls (bnc#1167629). - CVE-2019-9458: In the video driver there was a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed (bnc#1168295). - CVE-2019-3701: Fixed an issue in can_can_gw_rcv, which could cause a system crash (bnc#1120386). - CVE-2019-19770: Fixed a use-after-free in the debugfs_remove function (bsc#1159198). - CVE-2020-11669: Fixed an issue where arch/powerpc/kernel/idle_book3s.S did not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR (bnc#1169390). - CVE-2020-8647: There was a use-after-free vulnerability in the vc_do_resize function in drivers/tty/vt/vt.c (bnc#1162929). - CVE-2020-8649: There was a use-after-free vulnerability in the vgacon_invert_region function in drivers/video/console/vgacon.c (bnc#1162931). - CVE-2020-9383: An issue was discovered set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it (bnc#1165111). - CVE-2019-19768: Fixed a use-after-free in the __blk_add_trace function in kernel/trace/blktrace.c (bnc#1159285). The following non-security bugs were fixed: - ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro (bsc#1051510). - ACPI: watchdog: Fix gas->access_width usage (bsc#1051510). - ALSA: ali5451: remove redundant variable capture_flag (bsc#1051510). - ALSA: core: Replace zero-length array with flexible-array member (bsc#1051510). - ALSA: emu10k1: Fix endianness annotations (bsc#1051510). - ALSA: hda/ca0132 - Replace zero-length array with flexible-array member (bsc#1051510). - ALSA: hda_codec: Replace zero-length array with flexible-array member (bsc#1051510). - ALSA: hda: Fix potential access overflow in beep helper (bsc#1051510). - ALSA: hda/realtek: Fix pop noise on ALC225 (git-fixes). - ALSA: hda/realtek - Set principled PC Beep configuration for ALC256 (bsc#1051510). - ALSA: hda: remove redundant assignment to variable timeout (bsc#1051510). - ALSA: hda: Use scnprintf() for string truncation (bsc#1051510). - ALSA: hdsp: remove redundant assignment to variable err (bsc#1051510). - ALSA: ice1724: Fix invalid access for enumerated ctl items (bsc#1051510). - ALSA: info: remove redundant assignment to variable c (bsc#1051510). - ALSA: korg1212: fix if-statement empty body warnings (bsc#1051510). - ALSA: line6: Fix endless MIDI read loop (git-fixes). - ALSA: pcm: oss: Avoid plugin buffer overflow (git-fixes). - ALSA: pcm: oss: Fix regression by buffer overflow fix (bsc#1051510). - ALSA: pcm: oss: Remove WARNING from snd_pcm_plug_alloc() checks (git-fixes). - ALSA: seq: oss: Fix running status after receiving sysex (git-fixes). - ALSA: seq: virmidi: Fix running status after receiving sysex (git-fixes). - ALSA: usx2y: Adjust indentation in snd_usX2Y_hwdep_dsp_status (bsc#1051510). - ALSA: via82xx: Fix endianness annotations (bsc#1051510). - ASoC: dapm: Correct DAPM handling of active widgets during shutdown (bsc#1051510). - ASoC: Intel: atom: Take the drv->lock mutex before calling sst_send_slot_map() (bsc#1051510). - ASoC: Intel: mrfld: fix incorrect check on p->sink (bsc#1051510). - ASoC: Intel: mrfld: return error codes when an error occurs (bsc#1051510). - ASoC: jz4740-i2s: Fix divider written at incorrect offset in register (bsc#1051510). - ASoC: pcm512x: Fix unbalanced regulator enable call in probe error path (bsc#1051510). - ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output (bsc#1051510). - ASoC: pcm: update FE/BE trigger order based on the command (bsc#1051510). - ASoC: sun8i-codec: Remove unused dev from codec struct (bsc#1051510). - ASoC: topology: Fix memleak in soc_tplg_link_elems_load() (bsc#1051510). - ath9k: Handle txpower changes even when TPC is disabled (bsc#1051510). - atm: zatm: Fix empty body Clang warnings (bsc#1051510). - atomic: Add irqsave variant of atomic_dec_and_lock() (bsc#1166003). - b43legacy: Fix -Wcast-function-type (bsc#1051510). - batman-adv: Avoid spurious warnings from bat_v neigh_cmp implementation (bsc#1051510). - batman-adv: Do not schedule OGM for disabled interface (bsc#1051510). - batman-adv: prevent TT request storms by not sending inconsistent TT TLVLs (bsc#1051510). - blk: Fix kabi due to blk_trace_mutex addition (bsc#1159285). - blk-mq: Allow blocking queue tag iter callbacks (bsc#1167316). - blktrace: fix dereference after null check (bsc#1159285). - blktrace: fix trace mutex deadlock (bsc#1159285). - block: allow gendisk's request_queue registration to be (bsc#1104967,bsc#1159142). - block, bfq: fix use-after-free in bfq_idle_slice_timer_body (bsc#1168760). - block: keep bdi->io_pages in sync with max_sectors_kb for stacked devices (bsc#1168762). - Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl (bsc#1051510). - bnxt_en: Fix TC queue mapping (networking-stable-20_02_05). - bonding/alb: properly access headers in bond_alb_xmit() (networking-stable-20_02_09). - bpf: Explicitly memset some bpf info structures declared on the stack (bsc#1083647). - bpf: Explicitly memset the bpf_attr structure (bsc#1083647). - bpf: fix ldx in ld_abs rewrite for large offsets (bsc#1154385). - bpf: implement ld_abs/ld_ind in native bpf (bsc#1154385). - bpf: make unknown opcode handling more robust (bsc#1154385). - bpf: prefix cbpf internal helpers with bpf_ (bsc#1154385). - bpf, x64: remove ld_abs/ld_ind (bsc#1154385). - bpf, x64: save several bytes by using mov over movabsq when possible (bsc#1154385). - btrfs: Account for trans_block_rsv in may_commit_transaction (bsc#1165949). - btrfs: add a flush step for delayed iputs (bsc#1165949). - btrfs: add assertions for releasing trans handle reservations (bsc#1165949). - btrfs: add btrfs_delete_ref_head helper (bsc#1165949). - btrfs: add enospc debug messages for ticket failure (bsc#1165949). - btrfs: Add enospc_debug printing in metadata_reserve_bytes (bsc#1165949). - btrfs: add new flushing states for the delayed refs rsv (bsc#1165949). - btrfs: add space reservation tracepoint for reserved bytes (bsc#1165949). - btrfs: allow us to use up to 90% of the global rsv for unlink (bsc#1165949). - btrfs: always reserve our entire size for the global reserve (bsc#1165949). - btrfs: assert on non-empty delayed iputs (bsc##1165949). - btrfs: be more explicit about allowed flush states (bsc#1165949). - btrfs: call btrfs_create_pending_block_groups unconditionally (bsc#1165949). - btrfs: catch cow on deleting snapshots (bsc#1165949). - btrfs: change the minimum global reserve size (bsc#1165949). - btrfs: check if there are free block groups for commit (bsc#1165949). - btrfs: clean up error handling in btrfs_truncate() (bsc#1165949). - btrfs: cleanup extent_op handling (bsc#1165949). - btrfs: cleanup root usage by btrfs_get_alloc_profile (bsc#1165949). - btrfs: cleanup the target logic in __btrfs_block_rsv_release (bsc#1165949). - btrfs: clear space cache inode generation always (bsc#1165949). - btrfs: delayed-ref: pass delayed_refs directly to btrfs_delayed_ref_lock (bsc#1165949). - btrfs: do not account global reserve in can_overcommit (bsc#1165949). - btrfs: do not allow reservations if we have pending tickets (bsc#1165949). - btrfs: do not call btrfs_start_delalloc_roots in flushoncommit (bsc#1165949). - btrfs: do not end the transaction for delayed refs in throttle (bsc#1165949). - btrfs: do not enospc all tickets on flush failure (bsc#1165949). - btrfs: do not run delayed_iputs in commit (bsc##1165949). - btrfs: do not run delayed refs in the end transaction logic (bsc#1165949). - btrfs: do not use ctl->free_space for max_extent_size (bsc##1165949). - btrfs: do not use global reserve for chunk allocation (bsc#1165949). - btrfs: drop min_size from evict_refill_and_join (bsc##1165949). - btrfs: drop unused space_info parameter from create_space_info (bsc#1165949). - btrfs: dump block_rsv details when dumping space info (bsc#1165949). - btrfs: export block group accounting helpers (bsc#1165949). - btrfs: export block_rsv_use_bytes (bsc#1165949). - btrfs: export btrfs_block_rsv_add_bytes (bsc#1165949). - btrfs: export __btrfs_block_rsv_release (bsc#1165949). - btrfs: export space_info_add_*_bytes (bsc#1165949). - btrfs: export the block group caching helpers (bsc#1165949). - btrfs: export the caching control helpers (bsc#1165949). - btrfs: export the excluded extents helpers (bsc#1165949). - btrfs: extent-tree: Add lockdep assert when updating space info (bsc#1165949). - btrfs: extent-tree: Add trace events for space info numbers update (bsc#1165949). - btrfs: extent-tree: Detect bytes_may_use underflow earlier (bsc#1165949). - btrfs: extent-tree: Detect bytes_pinned underflow earlier (bsc#1165949). - btrfs: factor out the ticket flush handling (bsc#1165949). - btrfs: fix btrfs_wait_ordered_range() so that it waits for all ordered extents (bsc#1163508). - btrfs: fix insert_reserved error handling (bsc##1165949). - btrfs: fix may_commit_transaction to deal with no partial filling (bsc#1165949). - btrfs: fix missing delayed iputs on unmount (bsc#1165949). - btrfs: fix panic during relocation after ENOSPC before writeback happens (bsc#1163508). - btrfs: fix qgroup double free after failure to reserve metadata for delalloc (bsc#1165949). - btrfs: fix race leading to metadata space leak after task received signal (bsc#1165949). - btrfs: fix truncate throttling (bsc#1165949). - btrfs: force chunk allocation if our global rsv is larger than metadata (bsc#1165949). - btrfs: Improve global reserve stealing logic (bsc#1165949). - btrfs: introduce an evict flushing state (bsc#1165949). - btrfs: introduce delayed_refs_rsv (bsc#1165949). - btrfs: loop in inode_rsv_refill (bsc#1165949). - btrfs: make btrfs_destroy_delayed_refs use btrfs_delayed_ref_lock (bsc#1165949). - btrfs: make btrfs_destroy_delayed_refs use btrfs_delete_ref_head (bsc#1165949). - btrfs: make caching_thread use btrfs_find_next_key (bsc#1165949). - btrfs: migrate btrfs_trans_release_chunk_metadata (bsc#1165949). - btrfs: migrate inc/dec_block_group_ro code (bsc#1165949). - btrfs: migrate nocow and reservation helpers (bsc#1165949). - btrfs: migrate the alloc_profile helpers (bsc#1165949). - btrfs: migrate the block group caching code (bsc#1165949). - btrfs: migrate the block group cleanup code (bsc#1165949). - btrfs: migrate the block group lookup code (bsc#1165949). - btrfs: migrate the block group read/creation code (bsc#1165949). - btrfs: migrate the block group ref counting stuff (bsc#1165949). - btrfs: migrate the block group removal code (bsc#1165949). - btrfs: migrate the block group space accounting helpers (bsc#1165949). - btrfs: migrate the block-rsv code to block-rsv.c (bsc#1165949). - btrfs: migrate the chunk allocation code (bsc#1165949). - btrfs: migrate the delalloc space stuff to it's own home (bsc#1165949). - btrfs: migrate the delayed refs rsv code (bsc#1165949). - btrfs: migrate the dirty bg writeout code (bsc#1165949). - btrfs: migrate the global_block_rsv helpers to block-rsv.c (bsc#1165949). - btrfs: move and export can_overcommit (bsc#1165949). - btrfs: move basic block_group definitions to their own header (bsc#1165949). - btrfs: move btrfs_add_free_space out of a header file (bsc#1165949). - btrfs: move btrfs_block_rsv definitions into it's own header (bsc#1165949). - btrfs: move btrfs_raid_group values to btrfs_raid_attr table (bsc#1165949). - btrfs: move btrfs_space_info_add_*_bytes to space-info.c (bsc#1165949). - btrfs: move dump_space_info to space-info.c (bsc#1165949). - btrfs: move reserve_metadata_bytes and supporting code to space-info.c (bsc#1165949). - btrfs: move space_info to space-info.h (bsc#1165949). - btrfs: move the space_info handling code to space-info.c (bsc#1165949). - btrfs: move the space info update macro to space-info.h (bsc#1165949). - btrfs: move the subvolume reservation stuff out of extent-tree.c (bsc#1165949). - btrfs: only check delayed ref usage in should_end_transaction (bsc#1165949). - btrfs: only check priority tickets for priority flushing (bsc#1165949). - btrfs: only free reserved extent if we didn't insert it (bsc##1165949). - btrfs: only reserve metadata_size for inodes (bsc#1165949). - btrfs: only track ref_heads in delayed_ref_updates (bsc#1165949). - btrfs: Output ENOSPC debug info in inc_block_group_ro (bsc#1165949). - btrfs: pass root to various extent ref mod functions (bsc#1165949). - btrfs: refactor block group replication factor calculation to a helper (bsc#1165949). - btrfs: refactor priority_reclaim_metadata_space (bsc#1165949). - btrfs: refactor the ticket wakeup code (bsc#1165949). - btrfs: release metadata before running delayed refs (bsc##1165949). - btrfs: Remove btrfs_inode::delayed_iput_count (bsc#1165949). - btrfs: Remove fs_info from do_chunk_alloc (bsc#1165949). - btrfs: remove orig_bytes from reserve_ticket (bsc#1165949). - btrfs: Remove redundant argument of flush_space (bsc#1165949). - btrfs: rename btrfs_space_info_add_old_bytes (bsc#1165949). - btrfs: rename do_chunk_alloc to btrfs_chunk_alloc (bsc#1165949). - btrfs: rename the btrfs_calc_*_metadata_size helpers (bsc#1165949). - btrfs: replace cleaner_delayed_iput_mutex with a waitqueue (bsc#1165949). - btrfs: reserve delalloc metadata differently (bsc#1165949). - btrfs: reserve extra space during evict (bsc#1165949). - btrfs: reset max_extent_size on clear in a bitmap (bsc##1165949). - btrfs: reset max_extent_size properly (bsc##1165949). - btrfs: rework btrfs_check_space_for_delayed_refs (bsc#1165949). - btrfs: rework wake_all_tickets (bsc#1165949). - btrfs: roll tracepoint into btrfs_space_info_update helper (bsc#1165949). - btrfs: run btrfs_try_granting_tickets if a priority ticket fails (bsc#1165949). - btrfs: run delayed iput at unlink time (bsc#1165949). - btrfs: run delayed iputs before committing (bsc#1165949). - btrfs: set max_extent_size properly (bsc##1165949). - btrfs: stop partially refilling tickets when releasing space (bsc#1165949). - btrfs: stop using block_rsv_release_bytes everywhere (bsc#1165949). - btrfs: temporarily export btrfs_get_restripe_target (bsc#1165949). - btrfs: temporarily export fragment_free_space (bsc#1165949). - btrfs: temporarily export inc_block_group_ro (bsc#1165949). - btrfs: track DIO bytes in flight (bsc#1165949). - btrfs: unexport can_overcommit (bsc#1165949). - btrfs: unexport the temporary exported functions (bsc#1165949). - btrfs: unify error handling for ticket flushing (bsc#1165949). - btrfs: update may_commit_transaction to use the delayed refs rsv (bsc#1165949). - btrfs: use btrfs_try_granting_tickets in update_global_rsv (bsc#1165949). - btrfs: wait on caching when putting the bg cache (bsc#1165949). - btrfs: wait on ordered extents on abort cleanup (bsc#1165949). - btrfs: wakeup cleaner thread when adding delayed iput (bsc#1165949). - ceph: canonicalize server path in place (bsc#1168443). - ceph: remove the extra slashes in the server path (bsc#1168443). - cfg80211: check reg_rule for NULL in handle_channel_custom() (bsc#1051510). - cfg80211: check wiphy driver existence for drvinfo report (bsc#1051510). - cgroup: memcg: net: do not associate sock with unrelated cgroup (bsc#1167290). - cifs: add a debug macro that prints \\server\share for errors (bsc#1144333). - cifs: add missing mount option to /proc/mounts (bsc#1144333). - cifs: add new debugging macro cifs_server_dbg (bsc#1144333). - cifs: add passthrough for smb2 setinfo (bsc#1144333). - cifs: add SMB2_open() arg to return POSIX data (bsc#1144333). - cifs: add smb2 POSIX info level (bsc#1144333). - cifs: add SMB3 change notification support (bsc#1144333). - cifs: add support for fallocate mode 0 for non-sparse files (bsc#1144333). - cifs: Add support for setting owner info, dos attributes, and create time (bsc#1144333). - cifs: Add tracepoints for errors on flush or fsync (bsc#1144333). - cifs: Adjust indentation in smb2_open_file (bsc#1144333). - cifs: allow chmod to set mode bits using special sid (bsc#1144333). - cifs: Avoid doing network I/O while holding cache lock (bsc#1144333). - cifs: call wake_up(&server->response_q) inside of cifs_reconnect() (bsc#1144333). - cifs: Clean up DFS referral cache (bsc#1144333). - cifs: create a helper function to parse the query-directory response buffer (bsc#1144333). - cifs: do d_move in rename (bsc#1144333). - cifs: Do not display RDMA transport on reconnect (bsc#1144333). - cifs: do not ignore the SYNC flags in getattr (bsc#1144333). - cifs: do not leak -EAGAIN for stat() during reconnect (bsc#1144333). - cifs: do not use 'pre:' for MODULE_SOFTDEP (bsc#1144333). - cifs: enable change notification for SMB2.1 dialect (bsc#1144333). - cifs: fail i/o on soft mounts if sessionsetup errors out (bsc#1144333). - cifs: fix a comment for the timeouts when sending echos (bsc#1144333). - cifs: fix a white space issue in cifs_get_inode_info() (bsc#1144333). - cifs: fix dereference on ses before it is null checked (bsc#1144333). - cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1144333). - cifs: fix mode bits from dir listing when mounted with modefromsid (bsc#1144333). - cifs: Fix mode output in debugging statements (bsc#1144333). - cifs: Fix mount options set in automount (bsc#1144333). - cifs: fix NULL dereference in match_prepath (bsc#1144333). - cifs: Fix potential deadlock when updating vol in cifs_reconnect() (bsc#1144333). - cifs: fix potential mismatch of UNC paths (bsc#1144333). - cifs: fix rename() by ensuring source handle opened with DELETE bit (bsc#1144333). - cifs: Fix return value in __update_cache_entry (bsc#1144333). - cifs: fix soft mounts hanging in the reconnect code (bsc#1144333). - cifs: fix soft mounts hanging in the reconnect code (bsc#1144333). - cifs: Fix task struct use-after-free on reconnect (bsc#1144333). - cifs: fix unitialized variable poential problem with network I/O cache lock patch (bsc#1144333). - cifs: get mode bits from special sid on stat (bsc#1144333). - cifs: Get rid of kstrdup_const()'d paths (bsc#1144333). - cifs: handle prefix paths in reconnect (bsc#1144333). - cifs: ignore cached share root handle closing errors (bsc#1166780). - cifs: Introduce helpers for finding TCP connection (bsc#1144333). - cifs: log warning message (once) if out of disk space (bsc#1144333). - cifs: make sure we do not overflow the max EA buffer size (bsc#1144333). - cifs: make use of cap_unix(ses) in cifs_reconnect_tcon() (bsc#1144333). - cifs: Merge is_path_valid() into get_normalized_path() (bsc#1144333). - cifs: modefromsid: make room for 4 ACE (bsc#1144333). - cifs: modefromsid: write mode ACE first (bsc#1144333). - cifs: Optimize readdir on reparse points (bsc#1144333). - cifs: plumb smb2 POSIX dir enumeration (bsc#1144333). - cifs: potential unintitliazed error code in cifs_getattr() (bsc#1144333). - cifs: prepare SMB2_query_directory to be used with compounding (bsc#1144333). - cifs: print warning once if mounting with vers=1.0 (bsc#1144333). - cifs: refactor cifs_get_inode_info() (bsc#1144333). - cifs: remove redundant assignment to pointer pneg_ctxt (bsc#1144333). - cifs: remove redundant assignment to variable rc (bsc#1144333). - cifs: remove set but not used variables (bsc#1144333). - cifs: remove set but not used variable 'server' (bsc#1144333). - cifs: remove unused variable (bsc#1144333). - cifs: remove unused variable 'sid_user' (bsc#1144333). - cifs: rename a variable in SendReceive() (bsc#1144333). - cifs: rename posix create rsp (bsc#1144333). - cifs: replace various strncpy with strscpy and similar (bsc#1144333). - cifs: Return directly after a failed build_path_from_dentry() in cifs_do_create() (bsc#1144333). - cifs: set correct max-buffer-size for smb2_ioctl_init() (bsc#1144333). - cifs: smbd: Add messages on RDMA session destroy and reconnection (bsc#1144333). - cifs: smbd: Invalidate and deregister memory registration on re-send for direct I/O (bsc#1144333). - cifs: smbd: Only queue work for error recovery on memory registration (bsc#1144333). - cifs: smbd: Return -EAGAIN when transport is reconnecting (bsc#1144333). - cifs: smbd: Return -ECONNABORTED when trasnport is not in connected state (bsc#1144333). - cifs: smbd: Return -EINVAL when the number of iovs exceeds SMBDIRECT_MAX_SGE (bsc#1144333). - cifs: Use common error handling code in smb2_ioctl_query_info() (bsc#1144333). - cifs: use compounding for open and first query-dir for readdir() (bsc#1144333). - cifs: Use #define in cifs_dbg (bsc#1144333). - cifs: Use memdup_user() rather than duplicating its implementation (bsc#1144333). - cifs: use mod_delayed_work() for &server->reconnect if already queued (bsc#1144333). - cifs: use PTR_ERR_OR_ZERO() to simplify code (bsc#1144333). - clk: qcom: rcg: Return failure for RCG update (bsc#1051510). - cls_rsvp: fix rsvp_policy (networking-stable-20_02_05). - configfs: Fix bool initialization/comparison (bsc#1051510). - cpufreq: powernv: Fix unsafe notifiers (bsc#1065729). - cpufreq: powernv: Fix use-after-free (bsc#1065729). - cpufreq: Register drivers only after CPU devices have been registered (bsc#1051510). - cpuidle: Do not unset the driver if it is there already (bsc#1051510). - crypto: arm64/sha-ce - implement export/import (bsc#1051510). - crypto: mxs-dcp - fix scatterlist linearization for hash (bsc#1051510). - crypto: pcrypt - Fix user-after-free on module unload (git-fixes). - crypto: tcrypt - fix printed skcipher [a]sync mode (bsc#1051510). - debugfs: add support for more elaborate ->d_fsdata (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: call debugfs_real_fops() only after debugfs_file_get() (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: convert to debugfs_file_get() and -put() (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: debugfs_real_fops(): drop __must_hold sparse annotation (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: debugfs_use_start/finish do not exist anymore (bsc#1159198). Prerequisite for bsc#1159198. - debugfs: defer debugfs_fsdata allocation to first usage (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: fix debugfs_real_fops() build error (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: implement per-file removal protection (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: purge obsolete SRCU based removal protection (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: simplify __debugfs_remove_file() (bsc#1159198). Prerequisite for bsc#1159198. - Delete patches which cause regression (bsc#1165527 ltc#184149). - Deprecate NR_UNSTABLE_NFS, use NR_WRITEBACK (bsc#1163403). - device: Use overflow helpers for devm_kmalloc() (bsc#1166003). - dmaengine: coh901318: Fix a double lock bug in dma_tc_handle() (bsc#1051510). - dmaengine: ste_dma40: fix unneeded variable warning (bsc#1051510). - dm: fix incomplete request_queue initialization (bsc#1104967,bsc#1159142). - driver core: platform: fix u32 greater or equal to zero comparison (bsc#1051510). - driver core: platform: Prevent resouce overflow from causing infinite loops (bsc#1051510). - driver core: Print device when resources present in really_probe() (bsc#1051510). - drivers/md/raid5.c: use the new spelling of RWH_WRITE_LIFE_NOT_SET (bsc#1166003). - drivers/md/raid5: Do not disable irq on release_inactive_stripe_list() call (bsc#1166003). - drivers/md/raid5-ppl.c: use the new spelling of RWH_WRITE_LIFE_NOT_SET (bsc#1166003). - drivers/md/raid5: Use irqsave variant of atomic_dec_and_lock() (bsc#1166003). - drm/amd/display: remove duplicated assignment to grph_obj_type (bsc#1051510). - drm/amdkfd: fix a use after free race with mmu_notifer unregister (bsc#1114279) - drm: atmel-hlcdc: enable clock before configuring timing engine (bsc#1114279) - drm/bochs: downgrade pci_request_region failure from error to warning (bsc#1051510). - drm/bridge: dw-hdmi: fix AVI frame colorimetry (bsc#1051510). - drm_dp_mst_topology: fix broken drm_dp_sideband_parse_remote_dpcd_read() (bsc#1051510). - drm/drm_dp_mst:remove set but not used variable 'origlen' (bsc#1051510). - drm/etnaviv: fix dumping of iommuv2 (bsc#1114279) - drm/gma500: Fixup fbdev stolen size usage evaluation (bsc#1051510). - drm/i915/gvt: Separate display reset from ALL_ENGINES reset (bsc#1114279) - drm/i915/userptr: fix size calculation (bsc#1114279) - drm/i915/userptr: Try to acquire the page lock around (bsc#1114279) - drm/i915: Wean off drm_pci_alloc/drm_pci_free (bsc#1114279) - drm/mediatek: Add gamma property according to hardware capability (bsc#1114279) - drm/mediatek: disable all the planes in atomic_disable (bsc#1114279) - drm/mediatek: handle events when enabling/disabling crtc (bsc#1051510). - drm/mipi_dbi: Fix off-by-one bugs in mipi_dbi_blank() (bsc#1114279) - drm: msm: mdp4: Adjust indentation in mdp4_dsi_encoder_enable (bsc#1114279) - drm/msm: Set dma maximum segment size for mdss (bsc#1051510). - drm/msm: stop abusing dma_map/unmap for cache (bsc#1051510). - drm/msm: Use the correct dma_sync calls harder (bsc#1051510). - drm/msm: Use the correct dma_sync calls in msm_gem (bsc#1051510). - drm/nouveau/disp/nv50-: prevent oops when no channel method map provided (bsc#1051510). - drm/nouveau/gr/gk20a,gm200-: add terminators to method lists read from fw (bsc#1051510). - drm: rcar-du: Recognize 'renesas,vsps' in addition to 'vsps' (bsc#1114279) - drm: remove the newline for CRC source name (bsc#1051510). - dt-bindings: allow up to four clocks for orion-mdio (bsc#1051510). - EDAC/mc: Fix use-after-free and memleaks during device removal (bsc#1114279). - efi: Fix a race and a buffer overflow while reading efivars via sysfs (bsc#1164893). - ethtool: Factored out similar ethtool link settings for virtual devices to core (bsc#1136157 ltc#177197). - ext4: add cond_resched() to __ext4_find_entry() (bsc#1166862). - ext4: Avoid ENOSPC when avoiding to reuse recently deleted inodes (bsc#1165019). - ext4: Check for non-zero journal inum in ext4_calculate_overhead (bsc#1167288). - ext4: do not assume that mmp_nodename/bdevname have NUL (bsc#1166860). - ext4: fix a data race in EXT4_I(inode)->i_disksize (bsc#1166861). - ext4: fix incorrect group count in ext4_fill_super error message (bsc#1168765). - ext4: fix incorrect inodes per group in error message (bsc#1168764). - ext4: fix potential race between online resizing and write operations (bsc#1166864). - ext4: fix potential race between s_flex_groups online resizing and access (bsc#1166867). - ext4: fix potential race between s_group_info online resizing and access (bsc#1166866). - ext4: fix race between writepages and enabling EXT4_EXTENTS_FL (bsc#1166870). - ext4: fix support for inode sizes > 1024 bytes (bsc#1164284). - ext4: potential crash on allocation error in ext4_alloc_flex_bg_array() (bsc#1166940). - ext4: rename s_journal_flag_rwsem to s_writepages_rwsem (bsc#1166868). - ext4: validate the debug_want_extra_isize mount option at parse time (bsc#1163897). - fat: fix uninit-memory access for partial initialized inode (bsc#1051510). - fat: work around race with userspace's read via blockdev while mounting (bsc#1051510). - fbdev/g364fb: Fix build failure (bsc#1051510). - fbdev: potential information leak in do_fb_ioctl() (bsc#1114279) - fbmem: Adjust indentation in fb_prepare_logo and fb_blank (bsc#1114279) - fcntl: fix typo in RWH_WRITE_LIFE_NOT_SET r/w hint name (bsc#1166003). - fix memory leak in large read decrypt offload (bsc#1144333). - fs/cifs/cifssmb.c: use true,false for bool variable (bsc#1144333). - fs: cifs: cifsssmb: remove redundant assignment to variable ret (bsc#1144333). - fs: cifs: Initialize filesystem timestamp ranges (bsc#1144333). - fs: cifs: mute -Wunused-const-variable message (bsc#1144333). - fs/cifs/sess.c: Remove set but not used variable 'capabilities' (bsc#1144333). - fs/cifs/smb2ops.c: use true,false for bool variable (bsc#1144333). - fs/cifs/smb2pdu.c: Make SMB2_notify_init static (bsc#1144333). - fs/xfs: fix f_ffree value for statfs when project quota is set (bsc#1165985). - ftrace/kprobe: Show the maxactive number on kprobe_events (git-fixes). - gtp: make sure only SOCK_DGRAM UDP sockets are accepted (networking-stable-20_01_27). - gtp: use __GFP_NOWARN to avoid memalloc warning (networking-stable-20_02_05). - HID: apple: Add support for recent firmware on Magic Keyboards (bsc#1051510). - HID: core: fix off-by-one memset in hid_report_raw_event() (bsc#1051510). - HID: hiddev: Fix race in in hiddev_disconnect() (git-fixes). - hv_netvsc: Fix memory leak when removing rndis device (networking-stable-20_01_20). - hv_netvsc: pass netvsc_device to rndis halt - hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT() (bsc#1051510). - i2c: hix5hd2: add missed clk_disable_unprepare in remove (bsc#1051510). - i2c: jz4780: silence log flood on txabrt (bsc#1051510). - IB/hfi1: Close window for pq and request coliding (bsc#1060463 ). - IB/hfi1: convert to debugfs_file_get() and -put() (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - ibmvfc: do not send implicit logouts prior to NPIV login (bsc#1169625 ltc#184611). - ibmvfc: Fix NULL return compiler warning (bsc#1161951 ltc#183551). - ibmvnic: Do not process device remove during device reset (bsc#1065729). - ibmvnic: Warn unknown speed message only when carrier is present (bsc#1065729). - iio: gyro: adis16136: check ret val for non-zero vs less-than-zero (bsc#1051510). - iio: imu: adis16400: check ret val for non-zero vs less-than-zero (bsc#1051510). - iio: imu: adis: check ret val for non-zero vs less-than-zero (bsc#1051510). - iio: magnetometer: ak8974: Fix negative raw values in sysfs (bsc#1051510). - iio: potentiostat: lmp9100: fix iio_triggered_buffer_{predisable,postenable} positions (bsc#1051510). - Input: add safety guards to input_set_keycode() (bsc#1168075). - Input: avoid BIT() macro usage in the serio.h UAPI header (bsc#1051510). - Input: edt-ft5x06 - work around first register access error (bsc#1051510). - Input: raydium_i2c_ts - fix error codes in raydium_i2c_boot_trigger() (bsc#1051510). - Input: synaptics - enable RMI on HP Envy 13-ad105ng (bsc#1051510). - Input: synaptics - enable SMBus on ThinkPad L470 (bsc#1051510). - Input: synaptics - remove the LEN0049 dmi id from topbuttonpad list (bsc#1051510). - Input: synaptics - switch T470s to RMI4 by default (bsc#1051510). - intel_th: Fix user-visible error codes (bsc#1051510). - intel_th: pci: Add Elkhart Lake CPU support (bsc#1051510). - iommu/amd: Check feature support bit before accessing MSI capability registers (bsc#1166101). - iommu/amd: Fix the configuration of GCR3 table root pointer (bsc#1169057). - iommu/amd: Only support x2APIC with IVHD type 11h/40h (bsc#1166102). - iommu/dma: Fix MSI reservation allocation (bsc#1166730). - iommu/vt-d: dmar: replace WARN_TAINT with pr_warn + add_taint (bsc#1166731). - iommu/vt-d: Fix a bug in intel_iommu_iova_to_phys() for huge page (bsc#1166732). - iommu/vt-d: Fix compile warning from intel-svm.h (bsc#1166103). - iommu/vt-d: Fix the wrong printing in RHSA parsing (bsc#1166733). - iommu/vt-d: Ignore devices with out-of-spec domain number (bsc#1166734). - iommu/vt-d: quirk_ioat_snb_local_iommu: replace WARN_TAINT with pr_warn + add_taint (bsc#1166735). - ipmi:ssif: Handle a possible NULL pointer reference (bsc#1051510). - ipv4: ensure rcu_read_lock() in cipso_v4_error() (git-fixes). - ipvlan: do not add hardware address of master to its unicast filter list (bsc#1137325). - irqchip/bcm2835: Quiesce IRQs left enabled by bootloader (bsc#1051510). - irqdomain: Fix a memory leak in irq_domain_push_irq() (bsc#1051510). - iwlegacy: Fix -Wcast-function-type (bsc#1051510). - iwlwifi: mvm: Do not require PHY_SKU NVM section for 3168 devices (bsc#1166632). - iwlwifi: mvm: Fix thermal zone registration (bsc#1051510). - kABI: fixes for debugfs per-file removal protection backports (bsc#1159198 bsc#1109911). - kabi: invoke bpf_gen_ld_abs() directly (bsc#1158552). - kABI: restore debugfs_remove_recursive() (bsc#1159198). - kernel/module.c: Only return -EEXIST for modules that have finished loading (bsc#1165488). - kernel/module.c: wakeup processes in module_wq on module unload (bsc#1165488). - KVM: arm64: Store vcpu on the stack during __guest_enter() (bsc#1133021). - KVM: s390: do not clobber registers during guest reset/store status (bsc#1133021). - KVM: s390: ENOTSUPP -> EOPNOTSUPP fixups (bsc#1133021). - KVM: VMX: check descriptor table exits on instruction emulation (bsc#1166104). - l2tp: Allow duplicate session creation with UDP (networking-stable-20_02_05). - lcoking/rwsem: Add missing ACQUIRE to read_slowpath sleep loop (bsc#1050549). - libfs: fix infoleak in simple_attr_read() (bsc#1168881). - lib/raid6: add missing include for raid6test (bsc#1166003). - lib/raid6: add option to skip algo benchmarking (bsc#1166003). - lib/raid6/altivec: Add vpermxor implementation for raid6 Q syndrome (bsc#1166003). - lib/raid6: avoid __attribute_const__ redefinition (bsc#1166003). - locking/rwsem: Prevent decrement of reader count before increment (bsc#1050549). - mac80211: consider more elements in parsing CRC (bsc#1051510). - mac80211: Do not send mesh HWMP PREQ if HWMP is disabled (bsc#1051510). - mac80211: free peer keys before vif down in mesh (bsc#1051510). - mac80211: mesh: fix RCU warning (bsc#1051510). - mac80211: only warn once on chanctx_conf being NULL (bsc#1051510). - mac80211: rx: avoid RCU list traversal under mutex (bsc#1051510). - macsec: add missing attribute validation for port (bsc#1051510). - macsec: fix refcnt leak in module exit routine (bsc#1051510). - md: add __acquires/__releases annotations to handle_active_stripes (bsc#1166003). - md: add __acquires/__releases annotations to (un)lock_two_stripes (bsc#1166003). - md: add a missing endianness conversion in check_sb_changes (bsc#1166003). - md: add bitmap_abort label in md_run (bsc#1166003). - md: add feature flag MD_FEATURE_RAID0_LAYOUT (bsc#1166003). - md: allow last device to be forcibly removed from RAID1/RAID10 (bsc#1166003). - md: avoid invalid memory access for array sb->dev_roles (bsc#1166003). - md/bitmap: avoid race window between md_bitmap_resize and bitmap_file_clear_bit (bsc#1166003). - md-bitmap: create and destroy wb_info_pool with the change of backlog (bsc#1166003). - md-bitmap: create and destroy wb_info_pool with the change of bitmap (bsc#1166003). - md-bitmap: small cleanups (bsc#1166003). - md/bitmap: use mddev_suspend/resume instead of ->quiesce() (bsc#1166003). - md-cluster/bitmap: do not call md_bitmap_sync_with_cluster during reshaping stage (bsc#1166003). - md-cluster: introduce resync_info_get interface for sanity check (bsc#1166003). - md-cluster/raid10: call update_size in md_reap_sync_thread (bsc#1166003). - md-cluster/raid10: do not call remove_and_add_spares during reshaping stage (bsc#1166003). - md-cluster/raid10: resize all the bitmaps before start reshape (bsc#1166003). - md-cluster/raid10: support add disk under grow mode (bsc#1166003). - md-cluster: remove suspend_info (bsc#1166003). - md-cluster: send BITMAP_NEEDS_SYNC message if reshaping is interrupted (bsc#1166003). - md: convert to kvmalloc (bsc#1166003). - md: do not call spare_active in md_reap_sync_thread if all member devices can't work (bsc#1166003). - md: do not set In_sync if array is frozen (bsc#1166003). - md: fix an error code format and remove unsed bio_sector (bsc#1166003). - md: fix a typo s/creat/create (bsc#1166003). - md: fix for divide error in status_resync (bsc#1166003). - md: fix spelling typo and add necessary space (bsc#1166003). - md: introduce mddev_create/destroy_wb_pool for the change of member device (bsc#1166003). - md: introduce new personality funciton start() (bsc#1166003). - md-linear: use struct_size() in kzalloc() (bsc#1166003). - md: Make bio_alloc_mddev use bio_alloc_bioset (bsc#1166003). - md: make sure desc_nr less than MD_SB_DISKS (bsc#1166003). - md: md.c: Return -ENODEV when mddev is NULL in rdev_attr_show (bsc#1166003). - md: no longer compare spare disk superblock events in super_load (bsc#1166003). - md/r5cache: remove redundant pointer bio (bsc#1166003). - md/raid0: Fix an error message in raid0_make_request() (bsc#1166003). - md raid0/linear: Mark array as 'broken' and fail BIOs if a member is gone (bsc#1166003). - md/raid10: end bio when the device faulty (bsc#1166003). - md/raid10: Fix raid10 replace hang when new added disk faulty (bsc#1166003). - md/raid10: prevent access of uninitialized resync_pages offset (bsc#1166003). - md/raid10: read balance chooses idlest disk for SSD (bsc#1166003). - md: raid10: Use struct_size() in kmalloc() (bsc#1166003). - md/raid1: avoid soft lockup under high load (bsc#1166003). - md: raid1: check rdev before reference in raid1_sync_request func (bsc#1166003). - md/raid1: end bio when the device faulty (bsc#1166003). - md/raid1: fail run raid1 array when active disk less than one (bsc#1166003). - md/raid1: Fix a warning message in remove_wb() (bsc#1166003). - md/raid1: fix potential data inconsistency issue with write behind device (bsc#1166003). - md/raid1: get rid of extra blank line and space (bsc#1166003). - md/raid5: Assigning NULL to sh->batch_head before testing bit R5_Overlap of a stripe (bsc#1166003). - md/raid5: use bio_end_sector to calculate last_sector (bsc#1166003). - md/raid6: fix algorithm choice under larger PAGE_SIZE (bsc#1166003). - md/raid6: implement recovery using ARM NEON intrinsics (bsc#1166003). - md: remove a bogus comment (bsc#1166003). - md: remove redundant code that is no longer reachable (bsc#1166003). - md: remove set but not used variable 'bi_rdev' (bsc#1166003). - md: rename wb stuffs (bsc#1166003). - md: return -ENODEV if rdev has no mddev assigned (bsc#1166003). - md: use correct type in super_1_load (bsc#1166003). - md: use correct type in super_1_sync (bsc#1166003). - md: use correct types in md_bitmap_print_sb (bsc#1166003). - media: dib0700: fix rc endpoint lookup (bsc#1051510). - media: flexcop-usb: fix endpoint sanity check (git-fixes). - media: go7007: Fix URB type for interrupt handling (bsc#1051510). - media: ov519: add missing endpoint sanity checks (bsc#1168829). - media: ov6650: Fix .get_fmt() V4L2_SUBDEV_FORMAT_TRY support (bsc#1051510). - media: ov6650: Fix some format attributes not under control (bsc#1051510). - media: ov6650: Fix stored crop rectangle not in sync with hardware (bsc#1051510). - media: ov6650: Fix stored frame format not in sync with hardware (bsc#1051510). - media: stv06xx: add missing descriptor sanity checks (bsc#1168854). - media: tda10071: fix unsigned sign extension overflow (bsc#1051510). - media: usbtv: fix control-message timeouts (bsc#1051510). - media: uvcvideo: Refactor teardown of uvc on USB disconnect (bsc#1164507). - media: v4l2-core: fix entity initialization in device_register_subdev (bsc#1051510). - media: vsp1: tidyup VI6_HGT_LBn_H() macro (bsc#1051510). - media: xirlink_cit: add missing descriptor sanity checks (bsc#1051510). - mfd: dln2: Fix sanity checking for endpoints (bsc#1051510). - misc: pci_endpoint_test: Fix to support > 10 pci-endpoint-test devices (bsc#1051510). - mmc: sdhci-of-at91: fix cd-gpios for SAMA5D2 (bsc#1051510). - mm/filemap.c: do not initiate writeback if mapping has no dirty pages (bsc#1168884). - mm/memory_hotplug.c: only respect mem= parameter during boot stage (bsc#1065600). - MM: replace PF_LESS_THROTTLE with PF_LOCAL_THROTTLE (bsc#1163403). - mm: Use overflow helpers in kvmalloc() (bsc#1166003). - mwifiex: set needed_headroom, not hard_header_len (bsc#1051510). - net: core: another layer of lists, around PF_MEMALLOC skb handling (bsc#1050549). - net: cxgb3_main: Add CAP_NET_ADMIN check to CHELSIO_GET_MEM (networking-stable-20_01_27). - net: dsa: mv88e6xxx: Preserve priority when setting CPU port (networking-stable-20_01_11). - net: dsa: tag_qca: fix doubled Tx statistics (networking-stable-20_01_20). - net: dsa: tag_qca: Make sure there is headroom for tag (networking-stable-20_02_19). - net: ena: Add PCI shutdown handler to allow safe kexec (bsc#1167421, bsc#1167423). - net/ethtool: Introduce link_ksettings API for virtual network devices (bsc#1136157 ltc#177197). - netfilter: conntrack: sctp: use distinct states for new SCTP connections (bsc#1159199). - net: hns: fix soft lockup when there is not enough memory (networking-stable-20_01_20). - net: hsr: fix possible NULL deref in hsr_handle_frame() (networking-stable-20_02_05). - net: ip6_gre: fix moving ip6gre between namespaces (networking-stable-20_01_27). - net, ip6_tunnel: fix namespaces move (networking-stable-20_01_27). - net, ip_tunnel: fix namespaces move (networking-stable-20_01_27). - net: macb: Limit maximum GEM TX length in TSO (networking-stable-20_02_09). - net: macb: Remove unnecessary alignment check for TSO (networking-stable-20_02_09). - net/mlxfw: Verify FSM error code translation does not exceed array size (bsc#1051858). - net: mvneta: move rx_dropped and rx_errors in per-cpu stats (networking-stable-20_02_09). - net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL (bsc#1051510). - net: nfc: fix bounds checking bugs on 'pipe' (bsc#1051510). - net: phy: micrel: kszphy_resume(): add delay after genphy_resume() before accessing PHY registers (bsc#1051510). - net: rtnetlink: validate IFLA_MTU attribute in rtnl_create_link() (networking-stable-20_01_27). - net_sched: ematch: reject invalid TCF_EM_SIMPLE (networking-stable-20_01_30). - net_sched: fix an OOB access in cls_tcindex (networking-stable-20_02_05). - net_sched: fix a resource leak in tcindex_set_parms() (networking-stable-20_02_09). - net_sched: fix datalen for ematch (networking-stable-20_01_27). - net/sched: flower: add missing validation of TCA_FLOWER_FLAGS (networking-stable-20_02_19). - net_sched: keep alloc_hash updated after hash allocation (git-fixes). - net/sched: matchall: add missing validation of TCA_MATCHALL_FLAGS (networking-stable-20_02_19). - net: sch_prio: When ungrafting, replace with FIFO (networking-stable-20_01_11). - net/smc: add fallback check to connect() (git-fixes). - net/smc: fix leak of kernel memory to user space (networking-stable-20_02_19). - net/smc: fix refcount non-blocking connect() -part 2 (git-fixes). - net: stmmac: Delete txtimer in suspend() (networking-stable-20_02_05). - net: stmmac: dwmac-sunxi: Allow all RGMII modes (networking-stable-20_01_11). - net-sysfs: Fix reference count leak (networking-stable-20_01_27). - net: systemport: Avoid RBUF stuck in Wake-on-LAN mode (networking-stable-20_02_09). - net: usb: lan78xx: Add .ndo_features_check (networking-stable-20_01_27). - net: usb: lan78xx: fix possible skb leak (networking-stable-20_01_11). - net/wan/fsl_ucc_hdlc: fix out of bounds write on array utdm_info (networking-stable-20_01_20). - NFC: fdp: Fix a signedness bug in fdp_nci_send_patch() (bsc#1051510). - NFC: pn544: Fix a typo in a debug message (bsc#1051510). - NFC: port100: Convert cpu_to_le16(le16_to_cpu(E1) + E2) to use le16_add_cpu() (bsc#1051510). - NFS: send state management on a single connection (bsc#1167005). - nvme-multipath: fix possible I/O hang when paths are updated (bsc#1158983). - objtool: Add is_static_jump() helper (bsc#1169514). - objtool: Add relocation check for alternative sections (bsc#1169514). - OMAP: DSS2: remove non-zero check on variable r (bsc#1114279) - orinoco: avoid assertion in case of NULL pointer (bsc#1051510). - padata: always acquire cpu_hotplug_lock before pinst->lock (git-fixes). - partitions/efi: Fix partition name parsing in GUID partition entry (bsc#1168763). - PCI/ASPM: Clear the correct bits when enabling L1 substates (bsc#1051510). - PCI: endpoint: Fix clearing start entry in configfs (bsc#1051510). - PCI: pciehp: Fix MSI interrupt race (bsc#1159037). - PCI/switchtec: Fix init_completion race condition with poll_wait() (bsc#1051510). - perf/amd/uncore: Replace manual sampling check with CAP_NO_INTERRUPT flag (bsc#1114279). - perf: qcom_l2: fix column exclusion check (git-fixes). - pinctrl: baytrail: Do not clear IRQ flags on direct-irq enabled pins (bsc#1051510). - pinctrl: core: Remove extra kref_get which blocks hogs being freed (bsc#1051510). - pinctrl: sh-pfc: sh7264: Fix CAN function GPIOs (bsc#1051510). - pinctrl: sh-pfc: sh7269: Fix CAN function GPIOs (bsc#1051510). - pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM (networking-stable-20_01_11). - platform/x86: pmc_atom: Add Lex 2I385SW to critclk_systems DMI table (bsc#1051510). - PM: core: Fix handling of devices deleted during system-wide resume (git-fixes). - powerpc/64: mark start_here_multiplatform as __ref (bsc#1148868). - powerpc/64s: Fix section mismatch warnings from boot code (bsc#1148868). - powerpc/64/tm: Do not let userspace set regs->trap via sigreturn (bsc#1118338 ltc#173734). - powerpc: fix hardware PMU exception bug on PowerVM compatibility mode systems (bsc#1056686). - powerpc/hash64/devmap: Use H_PAGE_THP_HUGE when setting up huge devmap PTE entries (bsc#1065729). - powerpc/kprobes: Ignore traps that happened in real mode (bsc#1065729). - powerpc/mm: Fix section mismatch warning in stop_machine_change_mapping() (bsc#1148868). - powerpc/pseries: Avoid NULL pointer dereference when drmem is unavailable (bsc#1160659). - powerpc/pseries: group lmb operation and memblock's (bsc#1165404 ltc#183498). - powerpc/pseries/memory-hotplug: Only update DT once per memory DLPAR request (bsc#1165404 ltc#183498). - powerpc/pseries: update device tree before ejecting hotplug uevents (bsc#1165404 ltc#183498). - powerpc/smp: Use nid as fallback for package_id (bsc#1165813 ltc#184091). - powerpc/vmlinux.lds: Explicitly retain .gnu.hash (bsc#1148868). - powerpc/xive: Replace msleep(x) with msleep(OPAL_BUSY_DELAY_MS) (bsc#1085030). - powerpc/xive: Use XIVE_BAD_IRQ instead of zero to catch non configured IPIs (bsc#1085030). - pwm: bcm2835: Dynamically allocate base (bsc#1051510). - pwm: meson: Fix confusing indentation (bsc#1051510). - pwm: pca9685: Fix PWM/GPIO inter-operation (bsc#1051510). - pwm: rcar: Fix late Runtime PM enablement (bsc#1051510). - pwm: renesas-tpu: Fix late Runtime PM enablement (bsc#1051510). - pxa168fb: fix release function mismatch in probe failure (bsc#1051510). - qmi_wwan: re-add DW5821e pre-production variant (bsc#1051510). - qmi_wwan: unconditionally reject 2 ep interfaces (bsc#1051510). - raid10: refactor common wait code from regular read/write request (bsc#1166003). - raid1: factor out a common routine to handle the completion of sync write (bsc#1166003). - raid1: simplify raid1_error function (bsc#1166003). - raid1: use an int as the return value of raise_barrier() (bsc#1166003). - raid5: block failing device if raid will be failed (bsc#1166003). - raid5-cache: Need to do start() part job after adding journal device (bsc#1166003). - raid5: copy write hint from origin bio to stripe (bsc#1166003). - raid5: do not increment read_errors on EILSEQ return (bsc#1166003). - raid5: do not set STRIPE_HANDLE to stripe which is in batch list (bsc#1166003). - raid5 improve too many read errors msg by adding limits (bsc#1166003). - raid5: need to set STRIPE_HANDLE for batch head (bsc#1166003). - raid5: remove STRIPE_OPS_REQ_PENDING (bsc#1166003). - raid5: remove worker_cnt_per_group argument from alloc_thread_groups (bsc#1166003). - raid5: set write hint for PPL (bsc#1166003). - raid5: use bio_end_sector in r5_next_bio (bsc#1166003). - raid6/test: fix a compilation error (bsc#1166003). - raid6/test: fix a compilation warning (bsc#1166003). - remoteproc: Initialize rproc_class before use (bsc#1051510). - rtlwifi: rtl8192de: Fix missing callback that tests for hw release of buffer (git-fixes). - rtlwifi: rtl_pci: Fix -Wcast-function-type (bsc#1051510). - rxrpc: Fix insufficient receive notification generation (networking-stable-20_02_05). - s390/mm: fix dynamic pagetable upgrade for hugetlbfs (bsc#1165182 LTC#184102). - scsi: core: avoid repetitive logging of device offline messages (bsc#1145929). - scsi: core: kABI fix offline_already (bsc#1145929). - scsi: fnic: do not queue commands during fwreset (bsc#1146539). - scsi: ibmvfc: Add failed PRLI to cmd_status lookup array (bsc#1161951 ltc#183551). - scsi: ibmvfc: Avoid loss of all paths during SVC node reboot (bsc#1161951 ltc#183551). - scsi: ibmvfc: Byte swap status and error codes when logging (bsc#1161951 ltc#183551). - scsi: ibmvfc: Clean up transport events (bsc#1161951 ltc#183551). - scsi: ibmvfc: constify dev_pm_ops structures (bsc#1161951 ltc#183551). - scsi: ibmvfc: Do not call fc_block_scsi_eh() on host reset (bsc#1161951 ltc#183551). - scsi: ibmvfc: Fix NULL return compiler warning (bsc#1161951 ltc#183551). Refresh sorted patches. - scsi: ibmvfc: ibmvscsi: ibmvscsi_tgt: constify vio_device_id (bsc#1161951 ltc#183551). - scsi: ibmvfc: Mark expected switch fall-throughs (bsc#1161951 ltc#183551). - scsi: ibmvfc: Remove 'failed' from logged errors (bsc#1161951 ltc#183551). - scsi: ibmvfc: Remove unneeded semicolons (bsc#1161951 ltc#183551). - scsi: ibmvscsi: change strncpy+truncation to strlcpy (bsc#1161951 ltc#183551). - scsi: ibmvscsi: constify dev_pm_ops structures (bsc#1161951 ltc#183551). - scsi: ibmvscsi: Do not use rc uninitialized in ibmvscsi_do_work (bsc#1161951 ltc#183551). - scsi: ibmvscsi: fix tripping of blk_mq_run_hw_queue WARN_ON (bsc#1161951 ltc#183551). - scsi: ibmvscsi: Improve strings handling (bsc#1161951 ltc#183551). - scsi: ibmvscsi: redo driver work thread to use enum action states (bsc#1161951 ltc#183551). - scsi: ibmvscsi: Wire up host_reset() in the driver's scsi_host_template (bsc#1161951 ltc#183551). - scsi: qla2xxx: Add 16.0GT for PCI String (bsc#1157424). - scsi: qla2xxx: Add beacon LED config sysfs interface (bsc#1157424). - scsi: qla2xxx: Add changes in preparation for vendor extended FDMI/RDP (bsc#1157424). - scsi: qla2xxx: Add deferred queue for processing ABTS and RDP (bsc#1157424). - scsi: qla2xxx: Add endianizer macro calls to fc host stats (bsc#1157424). - scsi: qla2xxx: Add fixes for mailbox command (bsc#1157424). - scsi: qla2xxx: add more FW debug information (bsc#1157424). - scsi: qla2xxx: Add ql2xrdpenable module parameter for RDP (bsc#1157424). - scsi: qla2xxx: Add sysfs node for D-Port Diagnostics AEN data (bsc#1157424). - scsi: qla2xxx: Add vendor extended FDMI commands (bsc#1157424). - scsi: qla2xxx: Add vendor extended RDP additions and amendments (bsc#1157424). - scsi: qla2xxx: Avoid setting firmware options twice in 24xx_update_fw_options (bsc#1157424). - scsi: qla2xxx: Check locking assumptions at runtime in qla2x00_abort_srb() (bsc#1157424). - scsi: qla2xxx: Cleanup ELS/PUREX iocb fields (bsc#1157424). - scsi: qla2xxx: Convert MAKE_HANDLE() from a define into an inline function (bsc#1157424). - scsi: qla2xxx: Correction to selection of loopback/echo test (bsc#1157424). - scsi: qla2xxx: Display message for FCE enabled (bsc#1157424). - scsi: qla2xxx: Fix control flags for login/logout IOCB (bsc#1157424). - scsi: qla2xxx: Fix FCP-SCSI FC4 flag passing error (bsc#1157424). - scsi: qla2xxx: fix FW resource count values (bsc#1157424). - scsi: qla2xxx: Fix I/Os being passed down when FC device is being deleted (bsc#1157424). - scsi: qla2xxx: Fix NPIV instantiation after FW dump (bsc#1157424). - scsi: qla2xxx: Fix qla2x00_echo_test() based on ISP type (bsc#1157424). - scsi: qla2xxx: Fix RDP respond data format (bsc#1157424). - scsi: qla2xxx: Fix RDP response size (bsc#1157424). - scsi: qla2xxx: Fix sparse warning reported by kbuild bot (bsc#1157424). - scsi: qla2xxx: Fix sparse warnings triggered by the PCI state checking code (bsc#1157424). - scsi: qla2xxx: Force semaphore on flash validation failure (bsc#1157424). - scsi: qla2xxx: Handle cases for limiting RDP response payload length (bsc#1157424). - scsi: qla2xxx: Handle NVME status iocb correctly (bsc#1157424). - scsi: qla2xxx: Improved secure flash support messages (bsc#1157424). - scsi: qla2xxx: Move free of fcport out of interrupt context (bsc#1157424). - scsi: qla2xxx: Print portname for logging in qla24xx_logio_entry() (bsc#1157424). - scsi: qla2xxx: Remove restriction of FC T10-PI and FC-NVMe (bsc#1157424). - scsi: qla2xxx: Return appropriate failure through BSG Interface (bsc#1157424). - scsi: qla2xxx: Save rscn_gen for new fcport (bsc#1157424). - scsi: qla2xxx: Serialize fc_port alloc in N2N (bsc#1157424). - scsi: qla2xxx: Set Nport ID for N2N (bsc#1157424). - scsi: qla2xxx: Show correct port speed capabilities for RDP command (bsc#1157424). - scsi: qla2xxx: Simplify the code for aborting SCSI commands (bsc#1157424). - scsi: qla2xxx: Suppress endianness complaints in qla2x00_configure_local_loop() (bsc#1157424). - scsi: qla2xxx: Update BPM enablement semantics (bsc#1157424). - scsi: qla2xxx: Update driver version to 10.01.00.24-k (bsc#1157424). - scsi: qla2xxx: Update driver version to 10.01.00.25-k (bsc#1157424). - scsi: qla2xxx: Use a dedicated interrupt handler for 'handshake-required' ISPs (bsc#1157424). - scsi: qla2xxx: Use correct ISP28xx active FW region (bsc#1157424). - scsi: qla2xxx: Use endian macros to assign static fields in fwdump header (bsc#1157424). - scsi: qla2xxx: Use FC generic update firmware options routine for ISP27xx (bsc#1157424). - scsi: qla2xxx: Use QLA_FW_STOPPED macro to propagate flag (bsc#1157424). - scsi: tcm_qla2xxx: Make qlt_alloc_qfull_cmd() set cmd->se_cmd.map_tag (bsc#1157424). - sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY (networking-stable-20_01_11). - serdev: ttyport: restore client ops on deregistration (bsc#1051510). - smb3: add debug messages for closing unmatched open (bsc#1144333). - smb3: Add defines for new information level, FileIdInformation (bsc#1144333). - smb3: add dynamic tracepoints for flush and close (bsc#1144333). - smb3: add missing flag definitions (bsc#1144333). - smb3: Add missing reparse tags (bsc#1144333). - smb3: add missing worker function for SMB3 change notify (bsc#1144333). - smb3: add mount option to allow forced caching of read only share (bsc#1144333). - smb3: add mount option to allow RW caching of share accessed by only 1 client (bsc#1144333). - smb3: add one more dynamic tracepoint missing from strict fsync path (bsc#1144333). - smb3: add some more descriptive messages about share when mounting cache=ro (bsc#1144333). - smb3: allow decryption keys to be dumped by admin for debugging (bsc#1144333). - smb3: allow disabling requesting leases (bsc#1144333). - smb3: allow parallelizing decryption of reads (bsc#1144333). - smb3: allow skipping signature verification for perf sensitive configurations (bsc#1144333). - SMB3: Backup intent flag missing from some more ops (bsc#1144333). - smb3: cleanup some recent endian errors spotted by updated sparse (bsc#1144333). - smb3: display max smb3 requests in flight at any one time (bsc#1144333). - smb3: dump in_send and num_waiters stats counters by default (bsc#1144333). - smb3: enable offload of decryption of large reads via mount option (bsc#1144333). - smb3: fix default permissions on new files when mounting with modefromsid (bsc#1144333). - smb3: fix mode passed in on create for modetosid mount option (bsc#1144333). - smb3: fix performance regression with setting mtime (bsc#1144333). - smb3: fix potential null dereference in decrypt offload (bsc#1144333). - smb3: fix problem with null cifs super block with previous patch (bsc#1144333). - smb3: Fix regression in time handling (bsc#1144333). - smb3: improve check for when we send the security descriptor context on create (bsc#1144333). - smb3: log warning if CSC policy conflicts with cache mount option (bsc#1144333). - smb3: missing ACL related flags (bsc#1144333). - smb3: only offload decryption of read responses if multiple requests (bsc#1144333). - smb3: pass mode bits into create calls (bsc#1144333). - smb3: print warning once if posix context returned on open (bsc#1144333). - smb3: query attributes on file close (bsc#1144333). - smb3: remove noisy debug message and minor cleanup (bsc#1144333). - smb3: remove unused flag passed into close functions (bsc#1144333). - staging: ccree: use signal safe completion wait (git-fixes). - staging: rtl8188eu: Add ASUS USB-N10 Nano B1 to device table (bsc#1051510). - staging: rtl8188eu: Fix potential overuse of kernel memory (bsc#1051510). - staging: rtl8188eu: Fix potential security hole (bsc#1051510). - staging: rtl8723bs: Fix potential overuse of kernel memory (bsc#1051510). - staging: rtl8723bs: Fix potential security hole (bsc#1051510). - staging: vt6656: fix sign of rx_dbm to bb_pre_ed_rssi (bsc#1051510). - staging: wlan-ng: fix ODEBUG bug in prism2sta_disconnect_usb (bsc#1051510). - staging: wlan-ng: fix use-after-free Read in hfa384x_usbin_callback (bsc#1051510). - SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202). - tcp_bbr: improve arithmetic division in bbr_update_bw() (networking-stable-20_01_27). - tcp: clear tp->data_segs{in|out} in tcp_disconnect() (networking-stable-20_02_05). - tcp: clear tp->delivered in tcp_disconnect() (networking-stable-20_02_05). - tcp: clear tp->segs_{in|out} in tcp_disconnect() (networking-stable-20_02_05). - tcp: clear tp->total_retrans in tcp_disconnect() (networking-stable-20_02_05). - tcp: fix marked lost packets not being retransmitted (networking-stable-20_01_20). - tcp: fix 'old stuff' D-SACK causing SACK to be treated as D-SACK (networking-stable-20_01_11). - thermal: devfreq_cooling: inline all stubs for CONFIG_DEVFREQ_THERMAL=n (bsc#1051510). - thunderbolt: Prevent crash if non-active NVMem file is read (git-fixes). - tick: broadcast-hrtimer: Fix a race in bc_set_next (bsc#1044231). - tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure (git-fixes). - tools: Update include/uapi/linux/fcntl.h copy from the kernel (bsc#1166003). - tpm: ibmvtpm: Wait for buffer to be set before proceeding (bsc#1065729). - tty: evh_bytechan: Fix out of bounds accesses (bsc#1051510). - ttyprintk: fix a potential deadlock in interrupt context issue (git-fixes). - tty/serial: atmel: manage shutdown in case of RS485 or ISO7816 mode (bsc#1051510). - tty: serial: imx: setup the correct sg entry for tx dma (bsc#1051510). - USB: cdc-acm: fix rounding error in TIOCSSERIAL (git-fixes). - USB: core: add endpoint-blacklist quirk (git-fixes). - USB: core: hub: do error out if usb_autopm_get_interface() fails (git-fixes). - USB: core: port: do error out if usb_autopm_get_interface() fails (git-fixes). - USB: Disable LPM on WD19's Realtek Hub (git-fixes). - USB: dwc2: Fix in ISOC request length checking (git-fixes). - USB: Fix novation SourceControl XL after suspend (git-fixes). - USB: gadget: composite: Fix bMaxPower for SuperSpeedPlus (git-fixes). - USB: gadget: f_fs: Fix use after free issue as part of queue failure (bsc#1051510). - USB: host: xhci-plat: add a shutdown (git-fixes). - USB: host: xhci: update event ring dequeue pointer on purpose (git-fixes). - USB: hub: Do not record a connect-change event during reset-resume (git-fixes). - usbip: Fix uninitialized symbol 'nents' in stub_recv_cmd_submit() (git-fixes). - USB: misc: iowarrior: add support for 2 OEMed devices (git-fixes). - USB: misc: iowarrior: add support for the 100 device (git-fixes). - USB: misc: iowarrior: add support for the 28 and 28L devices (git-fixes). - USB: musb: Disable pullup at init (git-fixes). - USB: musb: fix crash with highmen PIO and usbmon (bsc#1051510). - USB: quirks: add NO_LPM quirk for Logitech Screen Share (git-fixes). - USB: quirks: add NO_LPM quirk for RTL8153 based ethernet adapters (git-fixes). - USB: quirks: blacklist duplicate ep on Sound Devices USBPre2 (git-fixes). - USB: serial: io_edgeport: fix slab-out-of-bounds read in edge_interrupt_callback (bsc#1051510). - USB: serial: option: add ME910G1 ECM composition 0x110b (git-fixes). - USB: serial: pl2303: add device-id for HP LD381 (git-fixes). - USB: storage: Add quirk for Samsung Fit flash (git-fixes). - USB: uas: fix a plug & unplug racing (git-fixes). - USB: xhci: apply XHCI_SUSPEND_DELAY to AMD XHCI controller 1022:145c (git-fixes). - uvcvideo: Refactor teardown of uvc on USB disconnect (bsc#1164507) - vgacon: Fix a UAF in vgacon_invert_region (bsc#1114279) - virtio-blk: fix hw_queue stopped on arbitrary error (git-fixes). - vlan: fix memory leak in vlan_dev_set_egress_priority (networking-stable-20_01_11). - vlan: vlan_changelink() should propagate errors (networking-stable-20_01_11). - vxlan: fix tos value before xmit (networking-stable-20_01_11). - x86/cpu/amd: Enable the fixed Instructions Retired counter IRPERF (bsc#1114279). - x86/mce/amd: Fix kobject lifetime (bsc#1114279). - x86/mce/amd: Publish the bank pointer only after setup has succeeded (bsc#1114279). - x86/mce: Fix logic and comments around MSR_PPIN_CTL (bsc#1114279). - x86/mm: Split vmalloc_sync_all() (bsc#1165741). - x86/pkeys: Manually set X86_FEATURE_OSPKE to preserve existing changes (bsc#1114279). - xen/blkfront: fix memory allocation flags in blkfront_setup_indirect() (bsc#1168486). - xfs: also remove cached ACLs when removing the underlying attr (bsc#1165873). - xfs: bulkstat should copy lastip whenever userspace supplies one (bsc#1165984). - xhci: apply XHCI_PME_STUCK_QUIRK to Intel Comet Lake platforms (git-fixes). - xhci: Do not open code __print_symbolic() in xhci trace events (git-fixes). - xhci: fix runtime pm enabling for quirky Intel hosts (bsc#1051510). - xhci: Force Maximum Packet size for Full-speed bulk devices to valid range (bsc#1051510). Important SUSE bug 1044231 SUSE bug 1050549 SUSE bug 1051510 SUSE bug 1051858 SUSE bug 1056686 SUSE bug 1060463 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1083647 SUSE bug 1085030 SUSE bug 1104967 SUSE bug 1109911 SUSE bug 1114279 SUSE bug 1118338 SUSE bug 1120386 SUSE bug 1133021 SUSE bug 1136157 SUSE bug 1137325 SUSE bug 1144333 SUSE bug 1145051 SUSE bug 1145929 SUSE bug 1146539 SUSE bug 1148868 SUSE bug 1154385 SUSE bug 1157424 SUSE bug 1158552 SUSE bug 1158983 SUSE bug 1159037 SUSE bug 1159142 SUSE bug 1159198 SUSE bug 1159199 SUSE bug 1159285 SUSE bug 1160659 SUSE bug 1161951 SUSE bug 1162929 SUSE bug 1162931 SUSE bug 1163403 SUSE bug 1163508 SUSE bug 1163897 SUSE bug 1164078 SUSE bug 1164284 SUSE bug 1164507 SUSE bug 1164893 SUSE bug 1165019 SUSE bug 1165111 SUSE bug 1165182 SUSE bug 1165404 SUSE bug 1165488 SUSE bug 1165527 SUSE bug 1165741 SUSE bug 1165813 SUSE bug 1165873 SUSE bug 1165949 SUSE bug 1165984 SUSE bug 1165985 SUSE bug 1166003 SUSE bug 1166101 SUSE bug 1166102 SUSE bug 1166103 SUSE bug 1166104 SUSE bug 1166632 SUSE bug 1166730 SUSE bug 1166731 SUSE bug 1166732 SUSE bug 1166733 SUSE bug 1166734 SUSE bug 1166735 SUSE bug 1166780 SUSE bug 1166860 SUSE bug 1166861 SUSE bug 1166862 SUSE bug 1166864 SUSE bug 1166866 SUSE bug 1166867 SUSE bug 1166868 SUSE bug 1166870 SUSE bug 1166940 SUSE bug 1167005 SUSE bug 1167288 SUSE bug 1167290 SUSE bug 1167316 SUSE bug 1167421 SUSE bug 1167423 SUSE bug 1167629 SUSE bug 1168075 SUSE bug 1168202 SUSE bug 1168276 SUSE bug 1168295 SUSE bug 1168424 SUSE bug 1168443 SUSE bug 1168486 SUSE bug 1168760 SUSE bug 1168762 SUSE bug 1168763 SUSE bug 1168764 SUSE bug 1168765 SUSE bug 1168829 SUSE bug 1168854 SUSE bug 1168881 SUSE bug 1168884 SUSE bug 1168952 SUSE bug 1169057 SUSE bug 1169390 SUSE bug 1169514 SUSE bug 1169625 CVE-2019-19768 CVE-2019-19770 CVE-2019-3701 CVE-2019-9458 CVE-2020-10942 CVE-2020-11494 CVE-2020-11669 CVE-2020-8647 CVE-2020-8649 CVE-2020-8834 CVE-2020-9383 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for shibboleth-sp fixes the following issues: Security issue fixed: - CVE-2019-19191: Fixed escalation to root by fixing ownership of log files (bsc#1157471). Moderate SUSE bug 1157471 CVE-2019-19191 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for ceph fixes the following issues: - CVE-2020-12059: Fixed a denial of service caused by a specially crafted XML payload on POST requests (bsc#1170170). Important SUSE bug 1170170 CVE-2020-12059 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for LibVNCServer fixes the following issues: - CVE-2019-15690: Fixed a heap buffer overflow (bsc#1160471). - CVE-2019-15681: Fixed a memory leak which could have allowed to a remote attacker to read stack memory (bsc#1155419). - CVE-2019-20788: Fixed a integer overflow and heap-based buffer overflow via a large height or width value (bsc#1170441). Important SUSE bug 1155419 SUSE bug 1160471 SUSE bug 1170441 CVE-2019-15681 CVE-2019-15690 CVE-2019-20788 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for icu fixes the following issues: - CVE-2020-10531: Fixed integer overflow in UnicodeString:doAppend() (bsc#1166844). Moderate SUSE bug 1166844 CVE-2020-10531 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for openldap2 fixes the following issues: - CVE-2020-12243: Fixed a denial of service related to recursive filters (bsc#1170771). Important SUSE bug 1170771 CVE-2020-12243 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for webkit2gtk3 fixes the following issues: Security issue fixed: - CVE-2020-3899: Fixed a memory consumption issue that could have led to remote code execution (bsc#1170643). Non-security issues fixed: - Update to version 2.28.2 (bsc#1170643): + Fix excessive CPU usage due to GdkFrameClock not being stopped. + Fix UI process crash when EGL_WL_bind_wayland_display extension is not available. + Fix position of select popup menus in X11. + Fix playing of Youtube 'live stream'/H264 URLs. + Fix a crash under X11 when cairo uses xcb. + Fix the build in MIPS64. + Fix several crashes and rendering issues. Important SUSE bug 1170643 CVE-2020-3899 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for ghostscript to version 9.52 fixes the following issues: - CVE-2020-12268: Fixed a heap-based buffer overflow in jbig2_image_compose (bsc#1170603). Important SUSE bug 1170603 CVE-2020-12268 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for MozillaFirefox fixes the following issues: Update to version 68.8.0 ESR (bsc#1171186): - CVE-2020-12387: Use-after-free during worker shutdown - CVE-2020-12388: Sandbox escape with improperly guarded Access Tokens - CVE-2020-12389: Sandbox escape with improperly separated process types - CVE-2020-6831: Buffer overflow in SCTP chunk input validation - CVE-2020-12392: Arbitrary local file access with 'Copy as cURL' - CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection - CVE-2020-12395: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 Important SUSE bug 1171186 CVE-2020-12387 CVE-2020-12388 CVE-2020-12389 CVE-2020-12392 CVE-2020-12393 CVE-2020-12395 CVE-2020-6831 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for apache2 fixes the following issues: - CVE-2020-1934: mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server (bsc#1168404). - CVE-2020-1927: mod_rewrite configurations vulnerable to open redirect (bsc#1168407). - CVE-2020-1938: mod_proxy_ajp: Add 'secret' parameter to proxy workers to implement legacy AJP13 authentication (bsc#1169066). Important SUSE bug 1168404 SUSE bug 1168407 SUSE bug 1169066 CVE-2020-1927 CVE-2020-1934 CVE-2020-1938 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libvirt fixes the following issues: Security issue fixed: - CVE-2020-10703: Fixed a daemon crash caused by pools without target paths (bsc#1168683). Non-security issues fixed: - apparmor: avoid copying empty profile name (bsc#1149100). - logging: ensure virtlogd rollover takes priority over logrotate (bsc#1137137). - qemu: Add support for overriding max threads per process limit (bsc#1133719). - util: fix copying bitmap to larger data buffer (bsc#1138734). - virsh: support for setting precopy bandwidth in migrate (bsc#1145586). - virsh: use upstream name for migration precopy bandwidth parameter (bsc#1145586). - virt-create-rootfs: add SLE 15 and SLE 12 service packs support (bsc#1154093). Important SUSE bug 1133719 SUSE bug 1137137 SUSE bug 1138734 SUSE bug 1145586 SUSE bug 1149100 SUSE bug 1154093 SUSE bug 1168683 CVE-2020-10703 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for openexr provides the following fix: Security issues fixed: - CVE-2020-11764: Fixed an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp (bsc#1169574). - CVE-2020-11763: Fixed an out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp (bsc#1169576). - CVE-2020-11758: Fixed an out-of-bounds read in ImfOptimizedPixelReading.h (bsc#1169573). - CVE-2020-11760: Fixed an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp (bsc#1169580). Non-security issue fixed: - Enable tests when building the package on x86_64. (bsc#1146648) Moderate SUSE bug 1146648 SUSE bug 1169573 SUSE bug 1169574 SUSE bug 1169576 SUSE bug 1169580 CVE-2020-11758 CVE-2020-11760 CVE-2020-11763 CVE-2020-11764 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for git to 2.26.2 fixes the following issues: Security issue fixed: - CVE-2020-11008: Specially crafted URLs may have tricked the credentials helper to providing credential information that is not appropriate for the protocol in use and host being contacted (bsc#1169936). Non-security issue fixed: - Fixed git-daemon not starting after conversion from sysvinit to systemd service (bsc#1169605). - Enabled access for git-daemon in firewall configuration (bsc#1170302). - Fixed problems with recent switch to protocol v2, which caused fetches transferring unreasonable amount of data (bsc#1170741). Moderate SUSE bug 1149792 SUSE bug 1168930 SUSE bug 1169605 SUSE bug 1169786 SUSE bug 1169936 SUSE bug 1170302 SUSE bug 1170741 SUSE bug 1170939 CVE-2020-11008 CVE-2020-5260 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for bind fixes the following issues: Security issues fixed: - CVE-2020-8616: Fixed the insufficient limit on the number of fetches performed when processing referrals (bsc#1171740). - CVE-2020-8617: Fixed a logic error in code which checks TSIG validity (bsc#1171740). Non-security issue fixed: - Fixed an invalid string comparison in the handling of cookie-secrets (bsc#1161168). Important SUSE bug 1161168 SUSE bug 1171740 CVE-2020-8616 CVE-2020-8617 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for ant fixes the following issues: Security issue fixed: - CVE-2018-10886: Fixed a path traversal vulnerability in malformed zip file paths, which allowed arbitrary file writes and could potentially lead to code execution (bsc#1100053). Non-security issues fixed: - Add rhino to the ant-apache-bsf optional tasks (bsc#1134001). - Remove jakarta-commons-logging dependencies (bsc#1133997). - Use apache-commons-logging in optional tasks Moderate SUSE bug 1100053 SUSE bug 1133997 SUSE bug 1134001 CVE-2018-10886 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location (bsc#1158095). Important SUSE bug 1158095 CVE-2019-14889 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for dpdk to 17.11.7 fixes the following issues: Security issues fixed: - CVE-2020-10722: Fixed an integer overflow in vhost_user_set_log_base() (bsc#1171477 bsc#1171930). - CVE-2020-10723: Fixed an integer truncation in vhost_user_check_and_alloc_queue_pair() (bsc#1171477). Important SUSE bug 1171477 SUSE bug 1171925 SUSE bug 1171930 CVE-2019-14818 CVE-2020-10722 CVE-2020-10723 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for Mesa fixes the following issues: Security issue fixed: - CVE-2019-5068: Fixed exploitable shared memory permissions vulnerability (bsc#1156015). Moderate SUSE bug 1156015 CVE-2019-5068 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for python to version 2.7.17 fixes the following issues: Syncing with lots of upstream bug fixes and security fixes. Bug fixes: - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825). - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen(). Now an InvalidURL exception is raised (bsc#1155094). - CVE-2020-8492: Fixed a regular expression in urllib that was prone to denial of service via HTTP (bsc#1162367). - Fixed mismatches between libpython and python-base versions (bsc#1162224). - Fixed segfault in libpython2.7.so.1 (bsc#1073748). - Unified packages among openSUSE:Factory and SLE versions (bsc#1159035). - Added idle.desktop and idle.appdata.xml to provide IDLE in menus (bsc#1153830). - Excluded tsl_check files from python-base to prevent file conflict with python-strict-tls-checks package (bsc#945401). - Changed the name of idle3 icons to idle3.png to avoid collision with Python 2 version (bsc#1165894). Additionally a new 'shared-python-startup' package is provided containing startup files. python-rpm-macros was updated to fix: - Do not write .pyc files for tests (bsc#1171561) Moderate SUSE bug 1027282 SUSE bug 1041090 SUSE bug 1042670 SUSE bug 1073269 SUSE bug 1073748 SUSE bug 1078326 SUSE bug 1078485 SUSE bug 1081750 SUSE bug 1084650 SUSE bug 1086001 SUSE bug 1149792 SUSE bug 1153830 SUSE bug 1155094 SUSE bug 1159035 SUSE bug 1162224 SUSE bug 1162367 SUSE bug 1162825 SUSE bug 1165894 SUSE bug 1170411 SUSE bug 1171561 SUSE bug 945401 CVE-2019-18348 CVE-2019-9674 CVE-2020-8492 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for osc fixes the following issues: Security issue fixed: - CVE-2019-3681: Fixed an insufficient validation of network-controlled filesystem paths (bsc#1122675). Moderate SUSE bug 1122675 CVE-2019-3681 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libexif fixes the following issues: Security issues fixed: - CVE-2016-6328: Fixed an integer overflow in parsing MNOTE entry data of the input file (bsc#1055857). - CVE-2017-7544: Fixed an out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c (bsc#1059893). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2020-0093: Fixed an out-of-bounds read in exif_data_save_data_entry (bsc#1171847). - CVE-2020-12767: Fixed a divide-by-zero error in exif_entry_get_value (bsc#1171475). - CVE-2020-13112: Fixed a time consumption DoS when parsing canon array markers (bsc#1172121). - CVE-2020-13113: Fixed a potential use of uninitialized memory (bsc#1172105). - CVE-2020-13114: Fixed various buffer overread fixes due to integer overflows in maker notes (bsc#1172116). Non-security issues fixed: - libexif was updated to version 0.6.22: * New translations: ms * Updated translations for most languages * Some useful EXIF 2.3 tag added: * EXIF_TAG_GAMMA * EXIF_TAG_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE * EXIF_TAG_GPS_H_POSITIONING_ERROR * EXIF_TAG_CAMERA_OWNER_NAME * EXIF_TAG_BODY_SERIAL_NUMBER * EXIF_TAG_LENS_SPECIFICATION * EXIF_TAG_LENS_MAKE * EXIF_TAG_LENS_MODEL * EXIF_TAG_LENS_SERIAL_NUMBER Moderate SUSE bug 1055857 SUSE bug 1059893 SUSE bug 1120943 SUSE bug 1160770 SUSE bug 1171475 SUSE bug 1171847 SUSE bug 1172105 SUSE bug 1172116 SUSE bug 1172121 CVE-2016-6328 CVE-2017-7544 CVE-2018-20030 CVE-2019-9278 CVE-2020-0093 CVE-2020-12767 CVE-2020-13112 CVE-2020-13113 CVE-2020-13114 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for php7 fixes the following issues: Security issue fixed: - CVE-2019-11048: Improved the handling of overly long filenames or field names in HTTP file uploads (bsc#1171999). Moderate SUSE bug 1171999 CVE-2019-11048 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for php72 fixes the following issues: - CVE-2020-7064: Fixed a one byte read of uninitialized memory in exif_read_data() (bsc#1168326). - CVE-2020-7066: Fixed URL truncation get_headers() if the URL contains zero (\0) character (bsc#1168352). - CVE-2019-11048: Improved the handling of overly long filenames or field names in HTTP file uploads (bsc#1171999). Moderate SUSE bug 1168326 SUSE bug 1168352 SUSE bug 1171999 CVE-2019-11048 CVE-2020-7064 CVE-2020-7066 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for MozillaFirefox fixes the following issues: - MozillaFirefox was updated to version 68.9.0 Extended Support Release (bsc#1172402). - CVE-2020-12405: Fixed a use-after-free in SharedWorkerService. - CVE-2020-12406: Fixed a JavaScript Type confusion with NativeTypes. - CVE-2020-12410: Fixed multiple memory safety bugs. Important SUSE bug 1172402 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for ruby2.1 fixes the following issues: Security issues fixed: - CVE-2015-9096: Fixed an SMTP command injection via CRLFsequences in a RCPT TO or MAIL FROM command (bsc#1043983). - CVE-2016-7798: Fixed an IV Reuse in GCM Mode (bsc#1055265). - CVE-2017-0898: Fixed a buffer underrun vulnerability in Kernel.sprintf (bsc#1058755). - CVE-2017-0899: Fixed an issue with malicious gem specifications, insufficient sanitation when printing gem specifications could have included terminal characters (bsc#1056286). - CVE-2017-0900: Fixed an issue with malicious gem specifications, the query command could have led to a denial of service attack against clients (bsc#1056286). - CVE-2017-0901: Fixed an issue with malicious gem specifications, potentially overwriting arbitrary files on the client system (bsc#1056286). - CVE-2017-0902: Fixed an issue with malicious gem specifications, that could have enabled MITM attacks against clients (bsc#1056286). - CVE-2017-0903: Fixed an unsafe object deserialization vulnerability (bsc#1062452). - CVE-2017-9228: Fixed a heap out-of-bounds write in bitset_set_range() during regex compilation (bsc#1069607). - CVE-2017-9229: Fixed an invalid pointer dereference in left_adjust_char_head() in oniguruma (bsc#1069632). - CVE-2017-10784: Fixed an escape sequence injection vulnerability in the Basic authentication of WEBrick (bsc#1058754). - CVE-2017-14033: Fixed a buffer underrun vulnerability in OpenSSL ASN1 decode (bsc#1058757). - CVE-2017-14064: Fixed an arbitrary memory exposure during a JSON.generate call (bsc#1056782). - CVE-2017-17405: Fixed a command injection vulnerability in Net::FTP (bsc#1073002). - CVE-2017-17742: Fixed an HTTP response splitting issue in WEBrick (bsc#1087434). - CVE-2017-17790: Fixed a command injection in lib/resolv.rb:lazy_initialize() (bsc#1078782). - CVE-2018-6914: Fixed an unintentional file and directory creation with directory traversal in tempfile and tmpdir (bsc#1087441). - CVE-2018-8777: Fixed a potential DoS caused by large requests in WEBrick (bsc#1087436). - CVE-2018-8778: Fixed a buffer under-read in String#unpack (bsc#1087433). - CVE-2018-8779: Fixed an unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket (bsc#1087440). - CVE-2018-8780: Fixed an unintentional directory traversal by poisoned NUL byte in Dir (bsc#1087437). - CVE-2018-16395: Fixed an issue with OpenSSL::X509::Name equality checking (bsc#1112530). - CVE-2018-16396: Fixed an issue with tainted string handling, where the flag was not propagated in Array#pack and String#unpack with some directives (bsc#1112532). - CVE-2018-1000073: Fixed a path traversal issue (bsc#1082007). - CVE-2018-1000074: Fixed an unsafe object deserialization vulnerability in gem owner, allowing arbitrary code execution with specially crafted YAML (bsc#1082008). - CVE-2018-1000075: Fixed an infinite loop vulnerability due to negative size in tar header causes Denial of Service (bsc#1082014). - CVE-2018-1000076: Fixed an improper verification of signatures in tarballs (bsc#1082009). - CVE-2018-1000077: Fixed an improper URL validation in the homepage attribute of ruby gems (bsc#1082010). - CVE-2018-1000078: Fixed a XSS vulnerability in the homepage attribute when displayed via gem server (bsc#1082011). - CVE-2018-1000079: Fixed a path traversal issue during gem installation allows to write to arbitrary filesystem locations (bsc#1082058). - CVE-2019-8320: Fixed a directory traversal issue when decompressing tar files (bsc#1130627). - CVE-2019-8321: Fixed an escape sequence injection vulnerability in verbose (bsc#1130623). - CVE-2019-8322: Fixed an escape sequence injection vulnerability in gem owner (bsc#1130622). - CVE-2019-8323: Fixed an escape sequence injection vulnerability in API response handling (bsc#1130620). - CVE-2019-8324: Fixed an issue with malicious gems that may have led to arbitrary code execution (bsc#1130617). - CVE-2019-8325: Fixed an escape sequence injection vulnerability in errors (bsc#1130611). - CVE-2019-15845: Fixed a NUL injection vulnerability in File.fnmatch and File.fnmatch? (bsc#1152994). - CVE-2019-16201: Fixed a regular expression denial of service vulnerability in WEBrick's digest access authentication (bsc#1152995). - CVE-2019-16254: Fixed an HTTP response splitting vulnerability in WEBrick (bsc#1152992). - CVE-2019-16255: Fixed a code injection vulnerability in Shell#[] and Shell#test (bsc#1152990). - CVE-2020-10663: Fixed an unsafe object creation vulnerability in JSON (bsc#1171517). Non-security issue fixed: - Add conflicts to libruby to make sure ruby and ruby-stdlib are also updated when libruby is updated (bsc#1048072). Also yast2-ruby-bindings on SLES 12 SP2 LTSS was updated to handle the updated ruby interpreter. (bsc#1172275) Important SUSE bug 1043983 SUSE bug 1048072 SUSE bug 1055265 SUSE bug 1056286 SUSE bug 1056782 SUSE bug 1058754 SUSE bug 1058755 SUSE bug 1058757 SUSE bug 1062452 SUSE bug 1069607 SUSE bug 1069632 SUSE bug 1073002 SUSE bug 1078782 SUSE bug 1082007 SUSE bug 1082008 SUSE bug 1082009 SUSE bug 1082010 SUSE bug 1082011 SUSE bug 1082014 SUSE bug 1082058 SUSE bug 1087433 SUSE bug 1087434 SUSE bug 1087436 SUSE bug 1087437 SUSE bug 1087440 SUSE bug 1087441 SUSE bug 1112530 SUSE bug 1112532 SUSE bug 1130611 SUSE bug 1130617 SUSE bug 1130620 SUSE bug 1130622 SUSE bug 1130623 SUSE bug 1130627 SUSE bug 1152990 SUSE bug 1152992 SUSE bug 1152994 SUSE bug 1152995 SUSE bug 1171517 SUSE bug 1172275 CVE-2015-9096 CVE-2016-2339 CVE-2016-7798 CVE-2017-0898 CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-0902 CVE-2017-0903 CVE-2017-10784 CVE-2017-14033 CVE-2017-14064 CVE-2017-17405 CVE-2017-17742 CVE-2017-17790 CVE-2017-9228 CVE-2017-9229 CVE-2018-1000073 CVE-2018-1000074 CVE-2018-1000075 CVE-2018-1000076 CVE-2018-1000077 CVE-2018-1000078 CVE-2018-1000079 CVE-2018-16395 CVE-2018-16396 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 CVE-2019-15845 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255 CVE-2019-8320 CVE-2019-8321 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325 CVE-2020-10663 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for texlive fixes the following issues: Security issues fixed: - CVE-2020-8016: Fixed a race condition in the spec file (bsc#1159740). - CVE-2020-8017: Fixed a race condition on a cron job (bsc#1158910). - Fixed an issue where pstopdf was crashing (bsc#1138793). Moderate SUSE bug 1138793 SUSE bug 1158910 SUSE bug 1159740 CVE-2020-8016 CVE-2020-8017 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for virglrenderer fixes the following issues: - CVE-2019-18388: Fixed a null pointer dereference which could have led to denial of service (bsc#1159479). - CVE-2019-18390: Fixed an out of bound read which could have led to denial of service (bsc#1159478). - CVE-2019-18389: Fixed a heap buffer overflow which could have led to guest escape or denial of service (bsc#1159482). - CVE-2019-18391: Fixed a heap based buffer overflow which could have led to guest escape or denial of service (bsc#1159486). Important SUSE bug 1159478 SUSE bug 1159479 SUSE bug 1159482 SUSE bug 1159486 CVE-2019-18388 CVE-2019-18389 CVE-2019-18390 CVE-2019-18391 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824). - CVE-2020-13143: Fixed an out-of-bounds read in gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c (bsc#1171982). - CVE-2020-12769: Fixed an issue which could have allowed attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one (bsc#1171983). - CVE-2020-12768: Fixed a memory leak in svm_cpu_uninit in arch/x86/kvm/svm.c (bsc#1171736). - CVE-2020-12657: An a use-after-free in block/bfq-iosched.c (bsc#1171205). - CVE-2020-12656: Fixed an improper handling of certain domain_release calls leadingch could have led to a memory leak (bsc#1171219). - CVE-2020-12655: Fixed an issue which could have allowed attackers to trigger a sync of excessive duration via an XFS v5 image with crafted metadata (bsc#1171217). - CVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171202). - CVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171195). - CVE-2020-12652: Fixed an issue which could have allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition (bsc#1171218). - CVE-2020-12464: Fixed a use-after-free due to a transfer without a reference (bsc#1170901). - CVE-2020-12114: Fixed a pivot_root race condition which could have allowed local users to cause a denial of service (panic) by corrupting a mountpoint reference counter (bsc#1171098). - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172317). - CVE-2020-10751: Fixed an improper implementation in SELinux LSM hook where it was assumed that an skb would only contain a single netlink message (bsc#1171189). - CVE-2020-10732: Fixed kernel data leak in userspace coredumps due to uninitialized data (bsc#1171220). - CVE-2020-10720: Fixed a use-after-free read in napi_gro_frags() (bsc#1170778). - CVE-2020-10711: Fixed a null pointer dereference in SELinux subsystem which could have allowed a remote network user to crash the kernel resulting in a denial of service (bsc#1171191). - CVE-2020-10690: Fixed the race between the release of ptp_clock and cdev (bsc#1170056). - CVE-2019-9455: Fixed a pointer leak due to a WARN_ON statement in a video driver. This could lead to local information disclosure with System execution privileges needed (bsc#1170345). - CVE-2019-20812: Fixed an issue in prb_calc_retire_blk_tmo() which could have resulted in a denial of service (bsc#1172453). - CVE-2019-20806: Fixed a null pointer dereference which may had lead to denial of service (bsc#1172199). - CVE-2019-19462: Fixed an issue which could have allowed local user to cause denial of service (bsc#1158265). - CVE-2018-1000199: Fixed a potential local code execution via ptrace (bsc#1089895). The following non-security bugs were fixed: - ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() (bsc#1051510). - ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() (bsc#1051510). - acpi/x86: ignore unspecified bit positions in the ACPI global lock field (bsc#1051510). - Add commit for git-fix that's not a fix This commit cleans up debug code but does not fix anything, and it relies on a new kernel function that isn't yet in this version of SLE. - agp/intel: Reinforce the barrier after GTT updates (bsc#1051510). - ALSA: ctxfi: Remove unnecessary cast in kfree (bsc#1051510). - ALSA: dummy: Fix PCM format loop in proc output (bsc#1111666). - ALSA: hda: Do not release card at firmware loading error (bsc#1051510). - ALSA: hda/hdmi: fix race in monitor detection during probe (bsc#1051510). - ALSA: hda/hdmi: fix without unlocked before return (bsc#1051510). - ALSA: hda: Keep the controller initialization even if no codecs found (bsc#1051510). - ALSA: hda/realtek - Add more fixup entries for Clevo machines (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC245 (bsc#1051510). - ALSA: hda/realtek - Add new codec supported for ALC287 (git-fixes). - ALSA: hda/realtek - Fix S3 pop noise on Dell Wyse (git-fixes). - ALSA: hda/realtek - Fix unexpected init_amp override (bsc#1051510). - ALSA: hda/realtek - Limit int mic boost for Thinkpad T530 (git-fixes bsc#1171293). - ALSA: hda/realtek - Two front mics on a Lenovo ThinkCenter (bsc#1051510). - ALSA: hwdep: fix a left shifting 1 by 31 UB bug (git-fixes). - ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option (git-fixes). - ALSA: opti9xx: shut up gcc-10 range warning (bsc#1051510). - ALSA: pcm: fix incorrect hw_base increase (git-fixes). - ALSA: pcm: oss: Place the plugin buffer overflow checks correctly (bsc#1170522). - ALSA-pcm-oss-Place-the-plugin-buffer-overflow-checks.patch - ALSA: rawmidi: Fix racy buffer resize under concurrent accesses (git-fixes). - ALSA: usb-audio: Add control message quirk delay for Kingston HyperX headset (git-fixes). - ALSA: usb-audio: Correct a typo of NuPrime DAC-10 USB ID (bsc#1051510). - ALSA: usb-audio: Do not override ignore_ctl_error value from the map (bsc#1051510). - ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif (bsc#1051510). - ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC (git-fixes). - ALSA: usx2y: Fix potential NULL dereference (bsc#1051510). - ASoC: codecs: hdac_hdmi: Fix incorrect use of list_for_each_entry (bsc#1051510). - ASoC: dapm: connect virtual mux with default value (bsc#1051510). - ASoC: dapm: fixup dapm kcontrol widget (bsc#1051510). - ASoC: dpcm: allow start or stop during pause for backend (bsc#1051510). - ASoC: fix regwmask (bsc#1051510). - ASoC: msm8916-wcd-digital: Reset RX interpolation path after use (bsc#1051510). - ASoC: samsung: Prevent clk_get_rate() calls in atomic context (bsc#1111666). - ASoC: topology: Check return value of pcm_new_ver (bsc#1051510). - ASoC: topology: use name_prefix for new kcontrol (bsc#1051510). - b43legacy: Fix case where channel status is corrupted (bsc#1051510). - batman-adv: fix batadv_nc_random_weight_tq (git-fixes). - batman-adv: Fix refcnt leak in batadv_show_throughput_override (git-fixes). - batman-adv: Fix refcnt leak in batadv_store_throughput_override (git-fixes). - batman-adv: Fix refcnt leak in batadv_v_ogm_process (git-fixes). - bcache: avoid unnecessary btree nodes flushing in btree_flush_write() (git fixes (block drivers)). - bcache: fix incorrect data type usage in btree_flush_write() (git fixes (block drivers)). - bcache: Revert 'bcache: shrink btree node cache after bch_btree_check()' (git fixes (block drivers)). - block/drbd: delete invalid function drbd_md_mark_dirty_ (bsc#1171527). - block: drbd: remove a stray unlock in __drbd_send_protocol() (bsc#1171599). - block: fix busy device checking in blk_drop_partitions again (bsc#1171948). - block: fix busy device checking in blk_drop_partitions (bsc#1171948). - block: fix memleak of bio integrity data (git fixes (block drivers)). - block: remove the bd_openers checks in blk_drop_partitions (bsc#1171948). - bnxt_en: fix memory leaks in bnxt_dcbnl_ieee_getets() (networking-stable-20_03_28). - bnxt_en: reinitialize IRQs when MTU is modified (networking-stable-20_03_14). - bonding/alb: make sure arp header is pulled before accessing it (networking-stable-20_03_14). - brcmfmac: abort and release host after error (bsc#1051510). - Btrfs: fix deadlock with memory reclaim during scrub (bsc#1172127). - btrfs: fix log context list corruption after rename whiteout error (bsc#1172342). - btrfs: fix partial loss of prealloc extent past i_size after fsync (bsc#1172343). - btrfs: move the dio_sem higher up the callchain (bsc#1171761). - btrfs: reloc: clear DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: reloc: fix reloc root leak and NULL pointer dereference (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: setup a nofs context for memory allocation at btrfs_create_tree() (bsc#1172127). - btrfs: setup a nofs context for memory allocation at __btrfs_set_acl (bsc#1172127). - btrfs: use nofs context when initializing security xattrs to avoid deadlock (bsc#1172127). - can: add missing attribute validation for termination (networking-stable-20_03_14). - cdc-acm: close race betrween suspend() and acm_softint (git-fixes). - cdc-acm: introduce a cool down (git-fixes). - ceph: fix double unlock in handle_cap_export() (bsc#1171694). - ceph: fix endianness bug when handling MDS session feature bits (bsc#1171695). - cgroup, netclassid: periodically release file_lock on classid updating (networking-stable-20_03_14). - CIFS: Allocate crypto structures on the fly for calculating signatures of incoming packets (bsc#1144333). - CIFS: Allocate encryption header through kmalloc (bsc#1144333). - CIFS: allow unlock flock and OFD lock across fork (bsc#1144333). - CIFS: check new file size when extending file by fallocate (bsc#1144333). - CIFS: cifspdu.h: Replace zero-length array with flexible-array member (bsc#1144333). - CIFS: clear PF_MEMALLOC before exiting demultiplex thread (bsc#1144333). - CIFS: do not share tcons with DFS (bsc#1144333). - CIFS: dump the session id and keys also for SMB2 sessions (bsc#1144333). - CIFS: ensure correct super block for DFS reconnect (bsc#1144333). - CIFS: Fix bug which the return value by asynchronous read is error (bsc#1144333). - CIFS: fix uninitialised lease_key in open_shroot() (bsc#1144333). - CIFS: improve read performance for page size 64KB & cache=strict & vers=2.1+ (bsc#1144333). - CIFS: Increment num_remote_opens stats counter even in case of smb2_query_dir_first (bsc#1144333). - CIFS: minor update to comments around the cifs_tcp_ses_lock mutex (bsc#1144333). - CIFS: protect updating server->dstaddr with a spinlock (bsc#1144333). - CIFS: smb2pdu.h: Replace zero-length array with flexible-array member (bsc#1144333). - CIFS: smbd: Calculate the correct maximum packet size for segmented SMBDirect send/receive (bsc#1144333). - CIFS: smbd: Check and extend sender credits in interrupt context (bsc#1144333). - CIFS: smbd: Check send queue size before posting a send (bsc#1144333). - CIFS: smbd: Do not schedule work to send immediate packet on every receive (bsc#1144333). - CIFS: smbd: Merge code to track pending packets (bsc#1144333). - CIFS: smbd: Properly process errors on ib_post_send (bsc#1144333). - CIFS: smbd: Update receive credits before sending and deal with credits roll back on failure before sending (bsc#1144333). - CIFS: Warn less noisily on default mount (bsc#1144333). - clk: Add clk_hw_unregister_composite helper function definition (bsc#1051510). - clk: imx6ull: use OSC clock during AXI rate change (bsc#1051510). - clk: imx: make mux parent strings const (bsc#1051510). - clk: mediatek: correct the clocks for MT2701 HDMI PHY module (bsc#1051510). - clk: sunxi-ng: a64: Fix gate bit of DSI DPHY (bsc#1051510). - clocksource/drivers/hyper-v: Set TSC clocksource as default w/ InvariantTSC (bsc#1170620). - clocksource: dw_apb_timer_of: Fix missing clockevent timers (bsc#1051510). - component: Silence bind error on -EPROBE_DEFER (bsc#1051510). - coresight: do not use the BIT() macro in the UAPI header (git fixes (block drivers)). - cpufreq: s3c64xx: Remove pointless NULL check in s3c64xx_cpufreq_driver_init (bsc#1051510). - crypto: ccp - AES CFB mode is a stream cipher (git-fixes). - crypto: ccp - Clean up and exit correctly on allocation failure (git-fixes). - crypto: ccp - Cleanup misc_dev on sev_exit() (bsc#1114279). - crypto: ccp - Cleanup sp_dev_master in psp_dev_destroy() (bsc#1114279). - debugfs: Add debugfs_create_xul() for hexadecimal unsigned long (git-fixes). - dmaengine: dmatest: Fix iteration non-stop logic (bsc#1051510). - dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574). - dm writecache: fix data corruption when reloading the target (git fixes (block drivers)). - dm writecache: fix incorrect flush sequence when doing SSD mode commit (git fixes (block drivers)). - dm writecache: verify watermark during resume (git fixes (block drivers)). - dm zoned: fix invalid memory access (git fixes (block drivers)). - dm zoned: reduce overhead of backing device checks (git fixes (block drivers)). - dm zoned: remove duplicate nr_rnd_zones increase in dmz_init_zone() (git fixes (block drivers)). - dm zoned: support zone sizes smaller than 128MiB (git fixes (block drivers)). - dp83640: reverse arguments to list_add_tail (git-fixes). - drivers: hv: Add a module description line to the hv_vmbus driver (bsc#1172253). - Drivers: HV: Send one page worth of kmsg dump over Hyper-V during panic (bsc#1170618). - Drivers: hv: vmbus: Fix the issue with freeing up hv_ctl_table_hdr (bsc#1170618). - Drivers: hv: vmbus: Get rid of MSR access from vmbus_drv.c (bsc#1170618). - Drivers: hv: vmus: Fix the check for return value from kmsg get dump buffer (bsc#1170618). - drivers/net/ibmvnic: Update VNIC protocol version reporting (bsc#1065729). - drm: amd/acp: fix broken menu structure (bsc#1114279) * context changes - drm/crc: Actually allow to change the crc source (bsc#1114279) * offset changes - drm/dp_mst: Fix clearing payload state on topology disable (bsc#1051510). - drm/dp_mst: Reformat drm_dp_check_act_status() a bit (bsc#1051510). - drm/edid: Fix off-by-one in DispID DTD pixel clock (bsc#1114279) - drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of (bsc#1114279) - drm/i915: properly sanity check batch_start_offset (bsc#1114279) * renamed display/intel_fbc.c -> intel_fb.c * renamed gt/intel_rc6.c -> intel_pm.c * context changes - drm/meson: Delete an error message in meson_dw_hdmi_bind() (bsc#1051510). - drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem (bsc#1114279) - drm/qxl: qxl_release leak in qxl_draw_dirty_fb() (bsc#1051510). - drm/qxl: qxl_release leak in qxl_hw_surface_alloc() (bsc#1051510). - drm/qxl: qxl_release use after free (bsc#1051510). - drm: Remove PageReserved manipulation from drm_pci_alloc (bsc#1114279) * offset changes - dump_stack: avoid the livelock of the dump_lock (git fixes (block drivers)). - EDAC, sb_edac: Add support for systems with segmented PCI buses (bsc#1169525). - ext4: do not zeroout extents beyond i_disksize (bsc#1167851). - ext4: fix extent_status fragmentation for plain files (bsc#1171949). - ext4: use non-movable memory for superblock readahead (bsc#1171952). - fanotify: fix merging marks masks with FAN_ONDIR (bsc#1171679). - fbcon: fix null-ptr-deref in fbcon_switch (bsc#1114279) * rename drivers/video/fbdev/core to drivers/video/console * context changes - fib: add missing attribute validation for tun_id (networking-stable-20_03_14). - firmware: qcom: scm: fix compilation error when disabled (bsc#1051510). - fs/cifs: fix gcc warning in sid_to_id (bsc#1144333). - fs/seq_file.c: simplify seq_file iteration code and interface (bsc#1170125). - gpio: tegra: mask GPIO IRQs during IRQ shutdown (bsc#1051510). - gre: fix uninit-value in __iptunnel_pull_header (networking-stable-20_03_14). - HID: hid-input: clear unmapped usages (git-fixes). - HID: hyperv: Add a module description line (bsc#1172253). - HID: i2c-hid: add Trekstor Primebook C11B to descriptor override (git-fixes). - HID: i2c-hid: override HID descriptors for certain devices (git-fixes). - HID: multitouch: add eGalaxTouch P80H84 support (bsc#1051510). - HID: wacom: Read HID_DG_CONTACTMAX directly for non-generic devices (git-fixes). - hrtimer: Annotate lockless access to timer->state (git fixes (block drivers)). - hsr: add restart routine into hsr_get_node_list() (networking-stable-20_03_28). - hsr: check protocol version in hsr_newlink() (networking-stable-20_04_17). - hsr: fix general protection fault in hsr_addr_is_self() (networking-stable-20_03_28). - hsr: set .netnsok flag (networking-stable-20_03_28). - hsr: use rcu_read_lock() in hsr_get_node_{list/status}() (networking-stable-20_03_28). - i2c: acpi: Force bus speed to 400KHz if a Silead touchscreen is present (git-fixes). - i2c: acpi: put device when verifying client fails (git-fixes). - i2c: brcmstb: remove unused struct member (git-fixes). - i2c: core: Allow empty id_table in ACPI case as well (git-fixes). - i2c: core: decrease reference count of device node in i2c_unregister_device (git-fixes). - i2c: dev: Fix the race between the release of i2c_dev and cdev (bsc#1051510). - i2c: fix missing pm_runtime_put_sync in i2c_device_probe (git-fixes). - i2c-hid: properly terminate i2c_hid_dmi_desc_override_table array (git-fixes). - i2c: i801: Do not add ICH_RES_IO_SMI for the iTCO_wdt device (git-fixes). - i2c: iproc: Stop advertising support of SMBUS quick cmd (git-fixes). - i2c: isch: Remove unnecessary acpi.h include (git-fixes). - i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()' (bsc#1051510). - i2c: st: fix missing struct parameter description (bsc#1051510). - IB/ipoib: Add child to parent list only if device initialized (bsc#1168503). - IB/ipoib: Consolidate checking of the proposed child interface (bsc#1168503). - IB/ipoib: Do not remove child devices from within the ndo_uninit (bsc#1168503). - IB/ipoib: Get rid of IPOIB_FLAG_GOING_DOWN (bsc#1168503). - IB/ipoib: Get rid of the sysfs_mutex (bsc#1168503). - IB/ipoib: Maintain the child_intfs list from ndo_init/uninit (bsc#1168503). - IB/ipoib: Move all uninit code into ndo_uninit (bsc#1168503). - IB/ipoib: Move init code to ndo_init (bsc#1168503). - IB/ipoib: Replace printk with pr_warn (bsc#1168503). - IB/ipoib: Use cancel_delayed_work_sync for neigh-clean task (bsc#1168503). - IB/ipoib: Warn when one port fails to initialize (bsc#1168503). - ibmvnic: Skip fatal error reset after passive init (bsc#1171078 ltc#184239). - iio:ad7797: Use correct attribute_group (bsc#1051510). - iio: adc: stm32-adc: fix device used to request dma (bsc#1051510). - iio: adc: stm32-adc: fix sleep in atomic context (git-fixes). - iio: adc: stm32-adc: Use dma_request_chan() instead dma_request_slave_channel() (bsc#1051510). - iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()' (bsc#1051510). - iio: sca3000: Remove an erroneous 'get_device()' (bsc#1051510). - iio: xilinx-xadc: Fix ADC-B powerdown (bsc#1051510). - iio: xilinx-xadc: Fix clearing interrupt when enabling trigger (bsc#1051510). - iio: xilinx-xadc: Fix sequencer configuration for aux channels in simultaneous mode (bsc#1051510). - ima: Fix return value of ima_write_policy() (git-fixes). - Input: evdev - call input_flush_device() on release(), not flush() (bsc#1051510). - Input: hyperv-keyboard - add module description (bsc#1172253). - Input: i8042 - add Acer Aspire 5738z to nomux list (bsc#1051510). - Input: i8042 - add ThinkPad S230u to i8042 reset list (bsc#1051510). - Input: raydium_i2c_ts - use true and false for boolean values (bsc#1051510). - Input: synaptics-rmi4 - fix error return code in rmi_driver_probe() (bsc#1051510). - Input: synaptics-rmi4 - really fix attn_data use-after-free (git-fixes). - Input: usbtouchscreen - add support for BonXeon TP (bsc#1051510). - Input: xpad - add custom init packet for Xbox One S controllers (bsc#1051510). - iommu/amd: Call domain_flush_complete() in update_domain() (bsc#1172096). - iommu/amd: Do not flush Device Table in iommu_map_page() (bsc#1172097). - iommu/amd: Do not loop forever when trying to increase address space (bsc#1172098). - iommu/amd: Fix legacy interrupt remapping for x2APIC-enabled system (bsc#1172099). - iommu/amd: Fix over-read of ACPI UID from IVRS table (bsc#1172101). - iommu/amd: Fix race in increase_address_space()/fetch_pte() (bsc#1172102). - iommu/amd: Update Device Table in increase_address_space() (bsc#1172103). - iommu: Fix reference count leak in iommu_group_alloc (bsc#1172397). - ipmi: fix hung processes in __get_guid() (git-fixes). - ipv4: fix a RCU-list lock in fib_triestat_seq_show (networking-stable-20_04_02). - ipv6/addrconf: call ipv6_mc_up() for non-Ethernet interface (networking-stable-20_03_14). - ipv6: do not auto-add link-local address to lag ports (networking-stable-20_04_09). - ipv6: Fix nlmsg_flags when splitting a multipath route (networking-stable-20_03_01). - ipv6: Fix route replacement with dev-only route (networking-stable-20_03_01). - ipvlan: add cond_resched_rcu() while processing muticast backlog (networking-stable-20_03_14). - ipvlan: do not deref eth hdr before checking it's set (networking-stable-20_03_14). - ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast() (networking-stable-20_03_14). - iwlwifi: pcie: actually release queue memory in TVQM (bsc#1051510). - kabi fix for early XHCI debug (git-fixes). - kabi for for md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (git-fixes). - kabi, protect struct ib_device (bsc#1168503). - kabi/severities: Do not track KVM internal symbols. - kabi/severities: Ingnore get_dev_data() The function is internal to the AMD IOMMU driver and must not be called by any third party. - kabi workaround for snd_rawmidi buffer_ref field addition (git-fixes). - KEYS: reaching the keys quotas correctly (bsc#1051510). - KVM: arm64: Change hyp_panic()s dependency on tpidr_el2 (bsc#1133021). - KVM: arm64: Stop save/restoring host tpidr_el1 on VHE (bsc#1133021). - KVM: Check validity of resolved slot when searching memslots (bsc#1172104). - KVM: s390: vsie: Fix delivery of addressing exceptions (git-fixes). - KVM: s390: vsie: Fix possible race when shadowing region 3 tables (git-fixes). - KVM: s390: vsie: Fix region 1 ASCE sanity shadow address checks (git-fixes). - KVM: SVM: Fix potential memory leak in svm_cpu_init() (bsc#1171736). - KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1152489). - l2tp: Allow management of tunnels and session in user namespace (networking-stable-20_04_17). - libata: Remove extra scsi_host_put() in ata_scsi_add_hosts() (bsc#1051510). - libata: Return correct status in sata_pmp_eh_recover_pm() when ATA_DFLAG_DETACH is set (bsc#1051510). - lib: raid6: fix awk build warnings (git fixes (block drivers)). - lib/raid6/test: fix build on distros whose /bin/sh is not bash (git fixes (block drivers)). - lib/stackdepot.c: fix global out-of-bounds in stack_slabs (git fixes (block drivers)). - locks: print unsigned ino in /proc/locks (bsc#1171951). - mac80211: add ieee80211_is_any_nullfunc() (bsc#1051510). - mac80211_hwsim: Use kstrndup() in place of kasprintf() (bsc#1051510). - mac80211: mesh: fix discovery timer re-arming issue / crash (bsc#1051510). - macsec: avoid to set wrong mtu (bsc#1051510). - macsec: restrict to ethernet devices (networking-stable-20_03_28). - macvlan: add cond_resched() during multicast processing (networking-stable-20_03_14). - macvlan: fix null dereference in macvlan_device_event() (bsc#1051510). - md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (git-fixes). - md/raid0: Fix an error message in raid0_make_request() (git fixes (block drivers)). - md/raid10: prevent access of uninitialized resync_pages offset (git-fixes). - media: dvb: return -EREMOTEIO on i2c transfer failure (bsc#1051510). - media: platform: fcp: Set appropriate DMA parameters (bsc#1051510). - media: ti-vpe: cal: fix disable_irqs to only the intended target (git-fixes). - mei: release me_cl object reference (bsc#1051510). - mlxsw: Fix some IS_ERR() vs NULL bugs (networking-stable-20_04_27). - mlxsw: spectrum_flower: Do not stop at FLOW_ACTION_VLAN_MANGLE (networking-stable-20_04_09). - mmc: atmel-mci: Fix debugfs on 64-bit platforms (git-fixes). - mmc: dw_mmc: Fix debugfs on 64-bit platforms (git-fixes). - mmc: meson-gx: make sure the descriptor is stopped on errors (git-fixes). - mmc: meson-gx: simplify interrupt handler (git-fixes). - mmc: renesas_sdhi: limit block count to 16 bit for old revisions (git-fixes). - mmc: sdhci-esdhc-imx: fix the mask for tuning start point (bsc#1051510). - mmc: sdhci-msm: Clear tuning done flag while hs400 tuning (bsc#1051510). - mmc: sdhci-of-at91: fix memleak on clk_get failure (git-fixes). - mmc: sdhci-pci: Fix eMMC driver strength for BYT-based controllers (bsc#1051510). - mmc: sdhci-xenon: fix annoying 1.8V regulator warning (bsc#1051510). - mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() (bsc#1051510). - mmc: tmio: fix access width of Block Count Register (git-fixes). - mm: thp: handle page cache THP correctly in PageTransCompoundMap (git fixes (block drivers)). - mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer (bsc#1051510). - mtd: spi-nor: cadence-quadspi: add a delay in write sequence (git-fixes). - mtd: spi-nor: enable 4B opcodes for mx66l51235l (git-fixes). - mtd: spi-nor: fsl-quadspi: Do not let -EINVAL on the bus (git-fixes). - mwifiex: avoid -Wstringop-overflow warning (bsc#1051510). - mwifiex: Fix memory corruption in dump_station (bsc#1051510). - net: bcmgenet: correct per TX/RX ring statistics (networking-stable-20_04_27). - net: dsa: b53: Fix ARL register definitions (networking-stable-20_04_27). - net: dsa: b53: Rework ARL bin logic (networking-stable-20_04_27). - net: dsa: bcm_sf2: Do not register slave MDIO bus with OF (networking-stable-20_04_09). - net: dsa: bcm_sf2: Ensure correct sub-node is parsed (networking-stable-20_04_09). - net: dsa: bcm_sf2: Fix overflow checks (git-fixes). - net: dsa: Fix duplicate frames flooded by learning (networking-stable-20_03_28). - net: dsa: mv88e6xxx: fix lockup on warm boot (networking-stable-20_03_14). - net: fec: validate the new settings in fec_enet_set_coalesce() (networking-stable-20_03_14). - net: fib_rules: Correctly set table field when table number exceeds 8 bits (networking-stable-20_03_01). - net: fix race condition in __inet_lookup_established() (bsc#1151794). - net: fq: add missing attribute validation for orphan mask (networking-stable-20_03_14). - net, ip_tunnel: fix interface lookup with no key (networking-stable-20_04_02). - net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin (networking-stable-20_04_17). - net: ipv6: do not consider routes via gateways for anycast address check (networking-stable-20_04_17). - netlink: Use netlink header as base to calculate bad attribute offset (networking-stable-20_03_14). - net: macsec: update SCI upon MAC address change (networking-stable-20_03_14). - net: memcg: fix lockdep splat in inet_csk_accept() (networking-stable-20_03_14). - net: memcg: late association of sock to memcg (networking-stable-20_03_14). - net/mlx4_en: avoid indirect call in TX completion (networking-stable-20_04_27). - net/mlx5: Add new fields to Port Type and Speed register (bsc#1171118). - net/mlx5: Add RoCE RX ICRC encapsulated counter (bsc#1171118). - net/mlx5e: Fix ethtool self test: link speed (bsc#1171118). - net/mlx5e: Move port speed code from en_ethtool.c to en/port.c (bsc#1171118). - net/mlx5: Expose link speed directly (bsc#1171118). - net/mlx5: Expose port speed when possible (bsc#1171118). - net: mvneta: Fix the case where the last poll did not process all rx (networking-stable-20_03_28). - net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node (networking-stable-20_04_27). - net/packet: tpacket_rcv: do not increment ring index on drop (networking-stable-20_03_14). - net: phy: restore mdio regs in the iproc mdio driver (networking-stable-20_03_01). - net: qmi_wwan: add support for ASKEY WWHC050 (networking-stable-20_03_28). - net: revert default NAPI poll timeout to 2 jiffies (networking-stable-20_04_17). - net_sched: cls_route: remove the right filter from hashtable (networking-stable-20_03_28). - net/x25: Fix x25_neigh refcnt leak when receiving frame (networking-stable-20_04_27). - nfc: add missing attribute validation for SE API (networking-stable-20_03_14). - nfc: add missing attribute validation for vendor subcommand (networking-stable-20_03_14). - nfc: pn544: Fix occasional HW initialization failure (networking-stable-20_03_01). - NFC: st21nfca: add missed kfree_skb() in an error path (bsc#1051510). - nfsd4: fix up replay_matches_cache() (git-fixes). - nfsd: Ensure CLONE persists data and metadata changes to the target file (git-fixes). - nfsd: fix delay timer on 32-bit architectures (git-fixes). - nfsd: fix jiffies/time_t mixup in LRU list (git-fixes). - NFS: Directory page cache pages need to be locked when read (git-fixes). - nfsd: memory corruption in nfsd4_lock() (git-fixes). - NFS: Do not call generic_error_remove_page() while holding locks (bsc#1170457). - NFS: Fix memory leaks and corruption in readdir (git-fixes). - NFS: Fix O_DIRECT accounting of number of bytes read/written (git-fixes). - NFS: Fix potential posix_acl refcnt leak in nfs3_set_acl (git-fixes). - NFS: fix racey wait in nfs_set_open_stateid_locked (bsc#1170592). - NFS/flexfiles: Use the correct TCP timeout for flexfiles I/O (git-fixes). - NFS/pnfs: Fix pnfs_generic_prepare_to_resend_writes() (git-fixes). - NFS: Revalidate the file size on a fatal write error (git-fixes). - NFSv4.0: nfs4_do_fsinfo() should not do implicit lease renewals (git-fixes). - NFSv4: Do not allow a cached open with a revoked delegation (git-fixes). - NFSv4: Fix leak of clp->cl_acceptor string (git-fixes). - NFSv4/pnfs: Return valid stateids in nfs_layout_find_inode_by_stateid() (git-fixes). - NFSv4: try lease recovery on NFS4ERR_EXPIRED (git-fixes). - NFSv4.x: Drop the slot if nfs4_delegreturn_prepare waits for layoutreturn (git-fixes). - nl802154: add missing attribute validation for dev_type (networking-stable-20_03_14). - nl802154: add missing attribute validation (networking-stable-20_03_14). - nvme-fc: print proper nvme-fc devloss_tmo value (bsc#1172391). - objtool: Fix stack offset tracking for indirect CFAs (bsc#1169514). - objtool: Fix switch table detection in .text.unlikely (bsc#1169514). - objtool: Make BP scratch register warning more robust (bsc#1169514). - padata: Remove broken queue flushing (git-fixes). - Partially revert 'kfifo: fix kfifo_alloc() and kfifo_init()' (git fixes (block drivers)). - pinctrl: baytrail: Enable pin configuration setting for GPIO chip (git-fixes). - pinctrl: cherryview: Add missing spinlock usage in chv_gpio_irq_handler (git-fixes). - platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA (bsc#1051510). - pNFS: Ensure we do clear the return-on-close layout stateid on fatal errors (git-fixes). - powerpc: Add attributes for setjmp/longjmp (bsc#1065729). - powerpc/pci/of: Parse unassigned resources (bsc#1065729). - powerpc/setup_64: Set cache-line-size based on cache-block-size (bsc#1065729). - powerpc/sstep: Fix DS operand in ld encoding to appropriate value (bsc#1065729). - qede: Fix race between rdma destroy workqueue and link change event (networking-stable-20_03_01). - r8152: check disconnect status after long sleep (networking-stable-20_03_14). - raid6/ppc: Fix build for clang (git fixes (block drivers)). - rcu: locking and unlocking need to always be at least barriers (git fixes (block drivers)). - RDMA/ipoib: Fix use of sizeof() (bsc#1168503). - RDMA/netdev: Fix netlink support in IPoIB (bsc#1168503). - RDMA/netdev: Hoist alloc_netdev_mqs out of the driver (bsc#1168503). - RDMA/netdev: Use priv_destructor for netdev cleanup (bsc#1168503). - Remove 2 git-fixes that cause build issues. (bsc#1171691) - Revert 'ALSA: hda/realtek: Fix pop noise on ALC225' (git-fixes). - Revert 'drm/panel: simple: Add support for Sharp LQ150X1LG11 panels' (bsc#1114279) * offset changes - Revert 'HID: i2c-hid: add Trekstor Primebook C11B to descriptor override' Depends on 9b5c747685982d22efffeafc5ec601bd28f6d78b, which was also reverted. - Revert 'HID: i2c-hid: override HID descriptors for certain devices' This broke i2c-hid.ko's build, there is no way around it without a big file rename or renaming the kernel module. - Revert 'i2c-hid: properly terminate i2c_hid_dmi_desc_override_table' Fixed 9b5c747685982d22efffeafc5ec601bd28f6d78b, which was also reverted. - Revert 'ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()' (bsc#1172221). - rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup() (bsc#1051510). - s390/cio: avoid duplicated 'ADD' uevents (git-fixes). - s390/cio: generate delayed uevent for vfio-ccw subchannels (git-fixes). - s390/cpuinfo: fix wrong output when CPU0 is offline (git-fixes). - s390/diag: fix display of diagnose call statistics (git-fixes). - s390/ftrace: fix potential crashes when switching tracers (git-fixes). - s390/gmap: return proper error code on ksm unsharing (git-fixes). - s390/ism: fix error return code in ism_probe() (git-fixes). - s390/pci: Fix possible deadlock in recover_store() (bsc#1165183 LTC#184103). - s390/pci: Recover handle in clp_set_pci_fn() (bsc#1165183 LTC#184103). - s390/qeth: cancel RX reclaim work earlier (git-fixes). - s390/qeth: do not return -ENOTSUPP to userspace (git-fixes). - s390/qeth: do not warn for napi with 0 budget (git-fixes). - s390/qeth: fix off-by-one in RX copybreak check (git-fixes). - s390/qeth: fix promiscuous mode after reset (git-fixes). - s390/qeth: fix qdio teardown after early init error (git-fixes). - s390/qeth: handle error due to unsupported transport mode (git-fixes). - s390/qeth: handle error when backing RX buffer (git-fixes). - s390/qeth: lock the card while changing its hsuid (git-fixes). - s390/qeth: support net namespaces for L3 devices (git-fixes). - s390/time: Fix clk type in get_tod_clock (git-fixes). - scripts/decodecode: fix trapping instruction formatting (bsc#1065729). - scripts/dtc: Remove redundant YYLOC global declaration (bsc#1160388). - scsi: bnx2i: fix potential use after free (bsc#1171600). - scsi: core: Handle drivers which set sg_tablesize to zero (bsc#1171601) This commit also required: > scsi: core: avoid preallocating big SGL for data - scsi: core: save/restore command resid for error handling (bsc#1171602). - scsi: core: scsi_trace: Use get_unaligned_be*() (bsc#1171604). - scsi: core: try to get module before removing device (bsc#1171605). - scsi: csiostor: Adjust indentation in csio_device_reset (bsc#1171606). - scsi: csiostor: Do not enable IRQs too early (bsc#1171607). - scsi: esas2r: unlock on error in esas2r_nvram_read_direct() (bsc#1171608). - scsi: fnic: fix invalid stack access (bsc#1171609). - scsi: fnic: fix msix interrupt allocation (bsc#1171610). - scsi: ibmvscsi: Fix WARN_ON during event pool release (bsc#1170791 ltc#185128). - scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func (bsc#1171611). - scsi: iscsi: Fix a potential deadlock in the timeout handler (bsc#1171612). - scsi: iscsi: qla4xxx: fix double free in probe (bsc#1171613). - scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences (bsc#1171614). - scsi: lpfc: Fix crash in target side cable pulls hitting WAIT_FOR_UNREG (bsc#1171615). - scsi: megaraid_sas: Do not initiate OCR if controller is not in ready state (bsc#1171616). - scsi: qla2xxx: add ring buffer for tracing debug logs (bsc#1157169). - scsi: qla2xxx: check UNLOADING before posting async work (bsc#1157169). - scsi: qla2xxx: Delete all sessions before unregister local nvme port (bsc#1157169). - scsi: qla2xxx: Do not log message when reading port speed via sysfs (bsc#1157169). - scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV (bsc#1157169). - scsi: qla2xxx: Fix regression warnings (bsc#1157169). - scsi: qla2xxx: Remove non functional code (bsc#1157169). - scsi: qla2xxx: set UNLOADING before waiting for session deletion (bsc#1157169). - scsi: qla4xxx: Adjust indentation in qla4xxx_mem_free (bsc#1171617). - scsi: qla4xxx: fix double free bug (bsc#1171618). - scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI (bsc#1171619). - scsi: sg: add sg_remove_request in sg_common_write (bsc#1171620). - scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6) (bsc#1171621). - scsi: ufs: change msleep to usleep_range (bsc#1171622). - scsi: ufs: Clean up ufshcd_scale_clks() and clock scaling error out path (bsc#1171623). - scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic (bsc#1171624). - scsi: ufs: Fix ufshcd_probe_hba() reture value in case ufshcd_scsi_add_wlus() fails (bsc#1171625). - scsi: ufs: Recheck bkops level if bkops is disabled (bsc#1171626). - scsi: zfcp: fix missing erp_lock in port recovery trigger for point-to-point (git-fixes). - sctp: fix possibly using a bad saddr with a given dst (networking-stable-20_04_02). - sctp: fix refcount bug in sctp_wfree (networking-stable-20_04_02). - sctp: move the format error check out of __sctp_sf_do_9_1_abort (networking-stable-20_03_01). - seq_file: fix problem when seeking mid-record (bsc#1170125). - serial: uartps: Move the spinlock after the read of the tx empty (git-fixes). - sfc: detach from cb_page in efx_copy_channel() (networking-stable-20_03_14). - signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig (bsc#1172185). - slcan: not call free_netdev before rtnl_unlock in slcan_open (networking-stable-20_03_28). - slip: make slhc_compress() more robust against malicious packets (networking-stable-20_03_14). - smb3: Additional compression structures (bsc#1144333). - smb3: Add new compression flags (bsc#1144333). - smb3: change noisy error message to FYI (bsc#1144333). - smb3: enable swap on SMB3 mounts (bsc#1144333). - smb3: Minor cleanup of protocol definitions (bsc#1144333). - smb3: remove overly noisy debug line in signing errors (bsc#1144333). - smb3: smbdirect support can be configured by default (bsc#1144333). - smb3: use SMB2_SIGNATURE_SIZE define (bsc#1144333). - spi: bcm2835: Fix 3-wire mode if DMA is enabled (git-fixes). - spi: bcm63xx-hsspi: Really keep pll clk enabled (bsc#1051510). - spi: bcm-qspi: when tx/rx buffer is NULL set to 0 (bsc#1051510). - spi: dw: Add SPI Rx-done wait method to DMA-based transfer (bsc#1051510). - spi: dw: Add SPI Tx-done wait method to DMA-based transfer (bsc#1051510). - spi: dw: Zero DMA Tx and Rx configurations on stack (bsc#1051510). - spi: fsl: do not map irq during probe (git-fixes). - spi: fsl: use platform_get_irq() instead of of_irq_to_resource() (git-fixes). - spi: pxa2xx: Add CS control clock quirk (bsc#1051510). - spi: qup: call spi_qup_pm_resume_runtime before suspending (bsc#1051510). - spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (git-fixes). - spi: spi-s3c64xx: Fix system resume support (git-fixes). - spi/zynqmp: remove entry that causes a cs glitch (bsc#1051510). - staging: comedi: dt2815: fix writing hi byte of analog output (bsc#1051510). - staging: comedi: Fix comedi_device refcnt leak in comedi_open (bsc#1051510). - staging: iio: ad2s1210: Fix SPI reading (bsc#1051510). - staging: vt6656: Do not set RCR_MULTICAST or RCR_BROADCAST by default (git-fixes). - staging: vt6656: Fix drivers TBTT timing counter (git-fixes). - staging: vt6656: Fix pairwise key entry save (git-fixes). - sunrpc: expiry_time should be seconds not timeval (git-fixes). - SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()' (git-fixes). - supported.conf: Add br_netfilter to base (bsc#1169020). - svcrdma: Fix leak of transport addresses (git-fixes). - taskstats: fix data-race (bsc#1172188). - tcp: cache line align MAX_TCP_HEADER (networking-stable-20_04_27). - tcp: repair: fix TCP_QUEUE_SEQ implementation (networking-stable-20_03_28). - team: add missing attribute validation for array index (networking-stable-20_03_14). - team: add missing attribute validation for port ifindex (networking-stable-20_03_14). - team: fix hang in team_mode_get() (networking-stable-20_04_27). - tools lib traceevent: Remove unneeded qsort and uses memmove instead (git-fixes). - tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send() (bsc#1065729). - tpm/tpm_tis: Free IRQ if probing fails (bsc#1082555). - tpm/tpm_tis: Free IRQ if probing fails (git-fixes). - tracing: Add a vmalloc_sync_mappings() for safe measure (git-fixes). - tracing: Disable trace_printk() on post poned tests (git-fixes). - tracing: Fix the race between registering 'snapshot' event trigger and triggering 'snapshot' operation (git-fixes). - tty: rocket, avoid OOB access (git-fixes). - UAS: fix deadlock in error handling and PM flushing work (git-fixes). - UAS: no use logging any details in case of ENODEV (git-fixes). - USB: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair K70 RGB RAPIDFIRE (git-fixes). - USB: cdc-acm: restore capability check order (git-fixes). - USB: core: Fix misleading driver bug report (bsc#1051510). - USB: dwc3: do not set gadget->is_otg flag (git-fixes). - USB: dwc3: gadget: Do link recovery for SS and SSP (git-fixes). - USB: early: Handle AMD's spec-compliant identifiers, too (git-fixes). - USB: f_fs: Clear OS Extended descriptor counts to zero in ffs_data_reset() (git-fixes). - USB: gadget: audio: Fix a missing error return value in audio_bind() (git-fixes). - USB: gadget: composite: Inform controller driver of self-powered (git-fixes). - USB: gadget: legacy: fix error return code in cdc_bind() (git-fixes). - USB: gadget: legacy: fix error return code in gncm_bind() (git-fixes). - USB: gadget: legacy: fix redundant initialization warnings (bsc#1051510). - USB: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()' (git-fixes). - USB: gadget: udc: atmel: Fix vbus disconnect handling (git-fixes). - USB: gadget: udc: atmel: Make some symbols static (git-fixes). - USB: gadget: udc: bdc: Remove unnecessary NULL checks in bdc_req_complete (git-fixes). - USB: host: xhci-plat: keep runtime active when removing host (git-fixes). - USB: hub: Fix handling of connect changes during sleep (git-fixes). - usbnet: silence an unnecessary warning (bsc#1170770). - USB: serial: garmin_gps: add sanity checking for data length (git-fixes). - USB: serial: option: add BroadMobi BM806U (git-fixes). - USB: serial: option: add support for ASKEY WWHC050 (git-fixes). - USB: serial: option: add Wistron Neweb D19Q1 (git-fixes). - USB: serial: qcserial: Add DW5816e support (git-fixes). - USB: sisusbvga: Change port variable from signed to unsigned (git-fixes). - usb-storage: Add unusual_devs entry for JMicron JMS566 (git-fixes). - USB: uas: add quirk for LaCie 2Big Quadra (git-fixes). - USB: xhci: Fix NULL pointer dereference when enqueuing trbs from urb sg list (git-fixes). - video: fbdev: sis: Remove unnecessary parentheses and commented code (bsc#1114279) - video: fbdev: w100fb: Fix a potential double free (bsc#1051510). - vrf: Check skb for XFRM_TRANSFORMED flag (networking-stable-20_04_27). - vt: ioctl, switch VT_IS_IN_USE and VT_BUSY to inlines (git-fixes). - vt: selection, introduce vc_is_sel (git-fixes). - vt: vt_ioctl: fix race in VT_RESIZEX (git-fixes). - vt: vt_ioctl: fix use-after-free in vt_in_use() (git-fixes). - vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (git-fixes). - vxlan: check return value of gro_cells_init() (networking-stable-20_03_28). - watchdog: reset last_hw_keepalive time at start (git-fixes). - wcn36xx: Fix error handling path in 'wcn36xx_probe()' (bsc#1051510). - wil6210: remove reset file from debugfs (git-fixes). - wimax/i2400m: Fix potential urb refcnt leak (bsc#1051510). - workqueue: do not use wq_select_unbound_cpu() for bound works (bsc#1172130). - x86/entry/64: Fix unwind hints in kernel exit path (bsc#1058115). - x86/entry/64: Fix unwind hints in register clearing code (bsc#1058115). - x86/entry/64: Fix unwind hints in rewind_stack_do_exit() (bsc#1058115). - x86/entry/64: Fix unwind hints in __switch_to_asm() (bsc#1058115). - x86/Hyper-V: Allow guests to enable InvariantTSC (bsc#1170620). - x86/Hyper-V: Free hv_panic_page when fail to register kmsg dump (bsc#1170618). - x86/Hyper-V: Report crash data in die() when panic_on_oops is set (bsc#1170618). - x86/Hyper-V: Report crash register data or kmsg before running crash kernel (bsc#1170618). - x86/Hyper-V: Report crash register data when sysctl_record_panic_msg is not set (bsc#1170618). - x86:Hyper-V: report value of misc_features (git-fixes). - x86/Hyper-V: Trigger crash enlightenment only once during system crash (bsc#1170618). - x86/Hyper-V: Unload vmbus channel in hv panic callback (bsc#1170618). - x86/kprobes: Avoid kretprobe recursion bug (bsc#1114279). - x86/resctrl: Fix invalid attempt at removing the default resource group (git-fixes). - x86/resctrl: Preserve CDP enable over CPU hotplug (bsc#1114279). - x86/unwind/orc: Do not skip the first frame for inactive tasks (bsc#1058115). - x86/unwind/orc: Fix error handling in __unwind_start() (bsc#1058115). - x86/unwind/orc: Fix error path for bad ORC entry type (bsc#1058115). - x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks (bsc#1058115). - x86/unwind/orc: Prevent unwinding before ORC initialization (bsc#1058115). - x86/unwind: Prevent false warnings for non-current tasks (bsc#1058115). - x86/xen: fix booting 32-bit pv guest (bsc#1071995). - x86/xen: Make the boot CPU idle task reliable (bsc#1071995). - x86/xen: Make the secondary CPU idle tasks reliable (bsc#1071995). - xen/pci: reserve MCFG areas earlier (bsc#1170145). - xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish (networking-stable-20_04_27). - xfs: Correctly invert xfs_buftarg LRU isolation logic (git-fixes). - xfs: do not ever return a stale pointer from __xfs_dir3_free_read (git-fixes). - xprtrdma: Fix completion wait during device removal (git-fixes). Important SUSE bug 1051510 SUSE bug 1058115 SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1082555 SUSE bug 1089895 SUSE bug 1111666 SUSE bug 1114279 SUSE bug 1133021 SUSE bug 1144333 SUSE bug 1151794 SUSE bug 1152489 SUSE bug 1154824 SUSE bug 1157169 SUSE bug 1158265 SUSE bug 1160388 SUSE bug 1160947 SUSE bug 1165183 SUSE bug 1165741 SUSE bug 1166969 SUSE bug 1167574 SUSE bug 1167851 SUSE bug 1168503 SUSE bug 1168670 SUSE bug 1169020 SUSE bug 1169514 SUSE bug 1169525 SUSE bug 1170056 SUSE bug 1170125 SUSE bug 1170145 SUSE bug 1170345 SUSE bug 1170457 SUSE bug 1170522 SUSE bug 1170592 SUSE bug 1170618 SUSE bug 1170620 SUSE bug 1170770 SUSE bug 1170778 SUSE bug 1170791 SUSE bug 1170901 SUSE bug 1171078 SUSE bug 1171098 SUSE bug 1171118 SUSE bug 1171189 SUSE bug 1171191 SUSE bug 1171195 SUSE bug 1171202 SUSE bug 1171205 SUSE bug 1171217 SUSE bug 1171218 SUSE bug 1171219 SUSE bug 1171220 SUSE bug 1171293 SUSE bug 1171417 SUSE bug 1171527 SUSE bug 1171599 SUSE bug 1171600 SUSE bug 1171601 SUSE bug 1171602 SUSE bug 1171604 SUSE bug 1171605 SUSE bug 1171606 SUSE bug 1171607 SUSE bug 1171608 SUSE bug 1171609 SUSE bug 1171610 SUSE bug 1171611 SUSE bug 1171612 SUSE bug 1171613 SUSE bug 1171614 SUSE bug 1171615 SUSE bug 1171616 SUSE bug 1171617 SUSE bug 1171618 SUSE bug 1171619 SUSE bug 1171620 SUSE bug 1171621 SUSE bug 1171622 SUSE bug 1171623 SUSE bug 1171624 SUSE bug 1171625 SUSE bug 1171626 SUSE bug 1171679 SUSE bug 1171691 SUSE bug 1171694 SUSE bug 1171695 SUSE bug 1171736 SUSE bug 1171761 SUSE bug 1171948 SUSE bug 1171949 SUSE bug 1171951 SUSE bug 1171952 SUSE bug 1171982 SUSE bug 1171983 SUSE bug 1172096 SUSE bug 1172097 SUSE bug 1172098 SUSE bug 1172099 SUSE bug 1172101 SUSE bug 1172102 SUSE bug 1172103 SUSE bug 1172104 SUSE bug 1172127 SUSE bug 1172130 SUSE bug 1172185 SUSE bug 1172188 SUSE bug 1172199 SUSE bug 1172221 SUSE bug 1172253 SUSE bug 1172317 SUSE bug 1172342 SUSE bug 1172343 SUSE bug 1172344 SUSE bug 1172366 SUSE bug 1172391 SUSE bug 1172397 SUSE bug 1172453 CVE-2018-1000199 CVE-2019-19462 CVE-2019-20806 CVE-2019-20812 CVE-2019-9455 CVE-2020-0543 CVE-2020-10690 CVE-2020-10711 CVE-2020-10720 CVE-2020-10732 CVE-2020-10751 CVE-2020-10757 CVE-2020-12114 CVE-2020-12464 CVE-2020-12652 CVE-2020-12653 CVE-2020-12654 CVE-2020-12655 CVE-2020-12656 CVE-2020-12657 CVE-2020-12768 CVE-2020-12769 CVE-2020-13143 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for adns fixes the following issues: - CVE-2017-9103,CVE-2017-9104,CVE-2017-9105,CVE-2017-9109: Fixed an issue in local recursive resolver which could have led to remote code execution (bsc#1172265). - CVE-2017-9106: Fixed an issue with upstream DNS data sources which could have led to denial of service (bsc#1172265). - CVE-2017-9107: Fixed an issue when quering domain names which could have led to denial of service (bsc#1172265). - CVE-2017-9108: Fixed an issue which could have led to denial of service (bsc#1172265). Important SUSE bug 1172265 CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9106 CVE-2017-9107 CVE-2017-9108 CVE-2017-9109 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for audiofile fixes the following issues: Security issue fixed: - CVE-2018-13440: Return AF_FAIL instead of causing NULL pointer dereferences later (bsc#1100523). Low SUSE bug 1100523 CVE-2018-13440 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libEMF fixes the following issues: - CVE-2020-11863: Fixed an issue which could have led to denial of service (bsc#1171496). - CVE-2020-11864: Fixed an issue which could have led to denial of service (bsc#1171499). - CVE-2020-11865: Fixed an out of bounds memory access (bsc#1171497). - CVE-2020-11866: Fixed a use after free (bsc#1171498). Important SUSE bug 1171496 SUSE bug 1171497 SUSE bug 1171498 SUSE bug 1171499 CVE-2020-11863 CVE-2020-11864 CVE-2020-11865 CVE-2020-11866 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for poppler fixes the following issues: These security issues were fixed: - CVE-2017-14617: Fixed a floating point exception in Stream.cc, which may lead to a potential attack when handling malicious PDF files. (bsc#1060220) - CVE-2017-1000456: Validate boundaries in TextPool::addWord to prevent overflows in subsequent calculations (bsc#1074453) - CVE-2017-15565: Prevent NULL Pointer dereference in the GfxImageColorMap::getGrayLine() function via a crafted PDF document (bsc#1064593) - CVE-2018-10768: Prevent NULL pointer dereference in the AnnotPath::getCoordsLength function. A crafted input could have lead to a remote denial of service attack (bsc#1092105). This update also fixes an additional segmentation fault that is trigger by the reproducer for CVE-2017-14517 (bsc#1059066). Moderate SUSE bug 1059066 SUSE bug 1060220 SUSE bug 1064593 SUSE bug 1074453 SUSE bug 1092105 CVE-2017-1000456 CVE-2017-14517 CVE-2017-14617 CVE-2017-15565 CVE-2018-10768 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for xen to version 4.11.4 fixes the following issues: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1172205). Important SUSE bug 1027519 SUSE bug 1172205 CVE-2020-0543 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for gegl fixes the following issues: - CVE-2018-10113: The process function in operations/external/ppm-load.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure. (bsc#1089731) Moderate SUSE bug 1089731 CVE-2018-10113 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for guile fixes the following issues: - CVE-2016-8605: Fixed thread-unsafe umask modification (bsc#1004221). Low SUSE bug 1004221 CVE-2016-8605 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for java-1_7_1-ibm fixes the following issues: java-1_7_1-ibm was updated to Java 7.1 Service Refresh 4 Fix Pack 65 (bsc#1172277 and bsc#1169511) - CVE-2020-2654: Fixed an issue which could have resulted in unauthorized ability to cause a partial denial of service - CVE-2020-2756: Improved mapping of serial ENUMs - CVE-2020-2757: Less Blocking Array Queues - CVE-2020-2781: Improved TLS session handling - CVE-2020-2800: Improved Headings for HTTP Servers - CVE-2020-2803: Enhanced buffering of byte buffers - CVE-2020-2805: Enhanced typing of methods - CVE-2020-2830: Improved Scanner conversions Important SUSE bug 1169511 SUSE bug 1172277 CVE-2020-2654 CVE-2020-2756 CVE-2020-2757 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for java-1_8_0-ibm fixes the following issues: java-1_8_0-ibm was updated to Java 8.0 Service Refresh 6 Fix Pack 10 (bsc#1172277,bsc#1169511,bsc#1160968) - CVE-2020-2654: Fixed an issue which could have resulted in unauthorized ability to cause a partial denial of service - CVE-2020-2754: Forwarded references to Nashorn - CVE-2020-2755: Improved Nashorn matching - CVE-2020-2756: Improved mapping of serial ENUMs - CVE-2020-2757: Less Blocking Array Queues - CVE-2020-2781: Improved TLS session handling - CVE-2020-2800: Improved Headings for HTTP Servers - CVE-2020-2803: Enhanced buffering of byte buffers - CVE-2020-2805: Enhanced typing of methods - CVE-2020-2830: Improved Scanner conversions - CVE-2019-2949: Fixed an issue which could have resulted in unauthorized access to critical data - Added RSA PSS SUPPORT TO IBMPKCS11IMPL - The pack200 and unpack200 alternatives should be slaves of java (bsc#1171352). Important SUSE bug 1160968 SUSE bug 1169511 SUSE bug 1171352 SUSE bug 1172277 CVE-2019-2949 CVE-2020-2654 CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libgxps fixes the following issues: - CVE-2018-10733: Fixed a heap-based buffer over-read issue in ft_font_face_hash (bsc#1092125). Moderate SUSE bug 1092125 CVE-2018-10733 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for php5 fixes the following issues: - CVE-2020-7064: Fixed a one byte read of uninitialized memory in exif_read_data() (bsc#1168326). - CVE-2020-7066: Fixed URL truncation get_headers() if the URL contains zero (\0) character (bsc#1168352). - CVE-2019-11048: Improved the handling of overly long filenames or field names in HTTP file uploads (bsc#1171999). Moderate SUSE bug 1168326 SUSE bug 1168352 SUSE bug 1171999 CVE-2019-11048 CVE-2020-7064 CVE-2020-7066 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libreoffice to 6.4.4.2 fixes the following issues: Security issue fixed: - CVE-2020-12801: Fixed an issue with encrypted MSOffice documents that could be accidentally saved unencrypted (bsc#1171997). Non-security issues fixed: - Elements on title page mixed up (bsc#1160687). - Image shadow that should be invisible shown as extraneous line below (bsc#1165870). Moderate SUSE bug 1160687 SUSE bug 1165870 SUSE bug 1167463 SUSE bug 1171997 CVE-2020-12801 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027). Important SUSE bug 1173027 CVE-2020-8177 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This is a version update for ceph to version 12.2.13: Security issue fixed: - CVE-2020-10753: Fixed an HTTP header injection via CORS ExposeHeader tag (bsc#1171921). - Notable changes in this update for ceph: * mgr: telemetry: backported and now available on SES5.5. Please consider enabling via 'ceph telemetry on' (bsc#1171670) * OSD heartbeat ping time: new health warning, options and admin commands (bsc#1171960) * 'osd_calc_pg_upmaps_max_stddev' ceph.conf parameter has been removed; use 'upmap_max_deviation' instead (bsc#1171961) * Default maximum concurrent bluestore rocksdb compaction threads raised from 1 to 2 for improved ability to keep up with rgw bucket index workloads (bsc#1171963) - Bug fixes in this ceph update: * mon: Error message displayed when mon_osd_max_split_count would be exceeded is not as user-friendly as it could be (bsc#1126230) * ceph_volume_client: remove ceph mds calls in favor of ceph fs calls (bsc#1136082) * rgw: crypt: permit RGW-AUTO/default with SSE-S3 headers (bsc#1157607) * mon/AuthMonitor: don't validate fs caps on authorize (bsc#1161096) - Additional bug fixes: * ceph-volume: strip _dmcrypt suffix in simple scan json output (bsc#1162553) Important SUSE bug 1126230 SUSE bug 1136082 SUSE bug 1157607 SUSE bug 1161096 SUSE bug 1162553 SUSE bug 1171670 SUSE bug 1171921 SUSE bug 1171960 SUSE bug 1171961 SUSE bug 1171963 CVE-2020-10753 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for mariadb-100 fixes the following issues: mariadb-100 was updated to version 10.0.44 (bsc#1171550) - CVE-2020-2752: Fixed an issue which could have resulted in unauthorized ability to cause denial of service. - CVE-2020-2812: Fixed an issue which could have resulted in unauthorized ability to cause denial of service. - Fixed some test failures Moderate SUSE bug 1171550 CVE-2020-2752 CVE-2020-2812 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for xmlgraphics-batik fixes the following issues: - CVE-2019-17566: Fixed a SSRF which might have allowed the underlying server to make arbitrary GET requests (bsc#1172961). Moderate SUSE bug 1172961 CVE-2019-17566 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for systemd fixes the following issues: - CVE-2019-20386: Fixed a memory leak when executing the udevadm trigger command (bsc#1161436). - Renamed the persistent link for ATA devices (bsc#1164538) - shared/install: try harder to find enablement symlinks when disabling a unit (bsc#1157315) - tmpfiles: removed unnecessary assert (bsc#1171145) - pid1: by default make user units inherit their umask from the user manager (bsc#1162698) - manager: fixed job mode when signalled to shutdown etc (bsc#1161262) - coredump: fixed bug that loses core dump files when core dumps are compressed and disk space is low. (bsc#1167622) - udev: inform systemd how many workers we can potentially spawn (#4036) (bsc#1165633) - libblkid: open device in nonblock mode. (bsc#1084671) - udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256) Moderate SUSE bug 1084671 SUSE bug 1154256 SUSE bug 1157315 SUSE bug 1161262 SUSE bug 1161436 SUSE bug 1162698 SUSE bug 1164538 SUSE bug 1165633 SUSE bug 1167622 SUSE bug 1171145 CVE-2019-20386 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). - Fixed an issue where slapd becomes unresponsive after many failed login/bind attempts(bsc#1170715). Important SUSE bug 1170715 SUSE bug 1172698 SUSE bug 1172704 CVE-2020-8023 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for samba fixes the following issues: - CVE-2019-14907: Fixed a Server-side crash after charset conversion failure during NTLMSSP processing (bsc#1160888). Moderate SUSE bug 1160888 CVE-2019-14907 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 [bsc#1158442, bsc#1154212] * Security fixes: CVE-2019-2933 CVE-2019-2945 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2975 CVE-2019-2978 CVE-2019-2983 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2996 CVE-2019-2999 CVE-2019-2973 CVE-2019-2981 CVE-2019-17631 Moderate SUSE bug 1154212 SUSE bug 1158442 CVE-2019-17631 CVE-2019-2933 CVE-2019-2945 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2975 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2996 CVE-2019-2999 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for php72 fixes the following issues: - CVE-2019-11045: Fixed an issue with improper input validation in the filename handling of the DirectoryIterator class (bsc#1159923). - CVE-2019-11046: Fixed an information leak in bc_shift_addsub() (bsc#1159924). - CVE-2019-11047, CVE-2019-11050: Fixed multiple information leaks in exif_read_data() (bsc#1159922, bsc#1159927). Moderate SUSE bug 1159922 SUSE bug 1159923 SUSE bug 1159924 SUSE bug 1159927 CVE-2019-11045 CVE-2019-11046 CVE-2019-11047 CVE-2019-11050 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for openssl-1_0_0 fixes the following issues: Security issue fixed: - CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). Moderate SUSE bug 1158809 CVE-2019-1551 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libqt5-qtbase fixes the following issues: Security issues fixed: - CVE-2020-0569: Fixed a potential local code execution by loading plugins from CWD (bsc#1161167). - CVE-2018-19870: Fixed an improper check in QImage allocation which could allow Denial of Service when opening crafted gif files (bsc#1118597). - CVE-2018-19872: Fixed an issue which could allow a division by zero leading to crash (bsc#1130246). Important SUSE bug 1118597 SUSE bug 1130246 SUSE bug 1161167 CVE-2018-19870 CVE-2018-19872 CVE-2020-0569 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for systemd fixes the following issues: - CVE-2020-1712 (bsc#bsc#1162108) Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted Dbus messages. - Unconfirmed fix for prevent hanging of systemctl during restart. (bsc#1139459) - Fix warnings thrown during package installation. (bsc#1154043) - Fix for system-udevd prevent crash within OES2018. (bsc#1151506) - Fragments of masked units ought not be considered for 'NeedDaemonReload'. (bsc#1156482) - Wait for workers to finish when exiting. (bsc#1106383) - Improve log message when inotify limit is reached. (bsc#1155574) - Mention in the man pages that alias names are only effective after command 'systemctl enable'. (bsc#1151377) - Introduce function for reading virtual files in 'sysfs' and 'procfs'. (bsc#1133495, bsc#1159814) Important SUSE bug 1106383 SUSE bug 1133495 SUSE bug 1139459 SUSE bug 1151377 SUSE bug 1151506 SUSE bug 1154043 SUSE bug 1155574 SUSE bug 1156482 SUSE bug 1159814 SUSE bug 1162108 CVE-2020-1712 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for php7 fixes the following issues: - CVE-2019-11045: Fixed an issue with improper input validation in the filename handling of the DirectoryIterator class (bsc#1159923). - CVE-2019-11046: Fixed an information leak in bc_shift_addsub() (bsc#1159924). - CVE-2019-11047, CVE-2019-11050: Fixed multiple information leaks in exif_read_data() (bsc#1159922, bsc#1159927). Moderate SUSE bug 1159922 SUSE bug 1159923 SUSE bug 1159924 SUSE bug 1159927 CVE-2019-11045 CVE-2019-11046 CVE-2019-11047 CVE-2019-11050 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for pcp fixes the following issues: Security issue fixed: - CVE-2019-3696: Fixed a local privilege escalation in migrate_tempdirs() (bsc#1153921). - CVE-2019-3695: Fixed a local privilege escalation of the pcp user during package update (bsc#1152763). Non-security issue fixed: - Fixed an dependency issue with pcp2csv (bsc#1129991). Important SUSE bug 1129991 SUSE bug 1152763 SUSE bug 1153921 CVE-2019-3695 CVE-2019-3696 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for e2fsprogs fixes the following issues: - CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571). Moderate SUSE bug 1160571 CVE-2019-5188 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update libreoffice and libraries fixes the following issues: LibreOffice was updated to 6.3.3 (jsc#SLE-8705), bringing many bug and stability fixes. More information for the 6.3 release at: https://wiki.documentfoundation.org/ReleaseNotes/6.3 Security issue fixed: - CVE-2019-9853: Fixed an issue where by executing macros, the security settings could have been bypassed (bsc#1152684). Other issues addressed: - Dropped disable-kde4 switch, since it is no longer known by configure - Disabled gtk2 because it will be removed in future releases - librelogo is now a standalone sub-package (bsc#1144522). - Partial fixes for an issue where Table(s) from DOCX showed wrong position or color (bsc#1061210). cmis-client was updated to 0.5.2: * Removed header for Uuid's sha1 header(bsc#1105173). * Fixed Google Drive login * Added support for Google Drive two-factor authentication * Fixed access to SharePoint root folder * Limited the maximal number of redirections to 20 * Switched library implementation to C++11 (the API remains C++98-compatible) * Fixed encoding of OAuth2 credentials * Dropped cppcheck run from 'make check'. A new 'make cppcheck' target was created for it * Added proper API symbol exporting * Speeded up building of tests a bit * Fixed a few issues found by coverity and cppcheck libixion was updated to 0.15.0: * Updated for new liborcus * Switched to spdlog for compile-time debug log outputs * Fixed various issues libmwaw was updated 0.3.15: * Fixed fuzzing issues liborcus was updated to 0.15.3: * Fixed various xml related bugs * Improved performance * Fixed multiple parser issues * Added map and structure mode to orcus-json * Other improvements and fixes mdds was updated to 1.5.0: * API changed to 1.5 * Moved the API incompatibility notes from README to the rst doc. * Added the overview section for flat_segment_tree. myspell-dictionaries was updated to 20191016: * Updated Slovenian thesaurus * Updated the da_DK dictionary * Removed the abbreviations from Thai hunspell dictionary * Updated the English dictionaries * Fixed the logo management for 'ca' spdlog was updated to 0.16.3: * Fixed sleep issue under MSVC that happens when changing the clock backwards * Ensured that macros always expand to expressions * Added global flush_on function bluez changes: * lib: Changed bluetooth.h to compile in strict C gperf was updated to 3.1: * The generated C code is now in ANSI-C by default. * Added option --constants-prefix. * Added declaration %define constants-prefix. Moderate SUSE bug 1061210 SUSE bug 1105173 SUSE bug 1144522 SUSE bug 1152684 CVE-2019-9853 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for dbus-1 fixes the following issues: Security issue fixed: - CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). Important SUSE bug 1137832 CVE-2019-12749 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 68.5.0 ESR * CVE-2020-6796 (bmo#1610426) Missing bounds check on shared memory read in the parent process * CVE-2020-6797 (bmo#1596668) Extensions granted downloads.open permission could open arbitrary applications on Mac OSX * CVE-2020-6798 (bmo#1602944) Incorrect parsing of template tag could result in JavaScript injection * CVE-2020-6799 (bmo#1606596) Arbitrary code execution when opening pdf links from other applications, when Firefox is configured as default pdf reader * CVE-2020-6800 (bmo#1595786, bmo#1596706, bmo#1598543, bmo#1604851, bmo#1605777, bmo#1608580, bmo#1608785) Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 * Fixed: Fixed various issues opening files with spaces in their path (bmo#1601905, bmo#1602726) Important SUSE bug 1161799 CVE-2020-6796 CVE-2020-6797 CVE-2020-6798 CVE-2020-6799 CVE-2020-6800 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for fontforge fixes the following issues: - CVE-2020-5395: Fixed a use-after-free in SFD_GetFontMetaData() (bsc#1160220). - CVE-2020-5496: Fixed a heap-based buffer overflow in Type2NotDefSplines() (bsc#1160236). Moderate SUSE bug 1160220 SUSE bug 1160236 CVE-2020-5395 CVE-2020-5496 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for php72 fixes the following issues: Security issues fixed: - CVE-2020-7059: Fixed an out-of-bounds read in php_strip_tags_ex (bsc#1162629). - CVE-2020-7060: Fixed a global buffer-overflow in mbfl_filt_conv_big5_wchar (bsc#1162632). - CVE-2019-20433: Fixed a buffer over-read when processing strings ending with a single '\0' byte with ucs-2 and ucs-4 encoding (bsc#1161982). Important SUSE bug 1161982 SUSE bug 1162629 SUSE bug 1162632 CVE-2019-20433 CVE-2020-7059 CVE-2020-7060 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for sudo fixes the following issues: Security issue fixed: - CVE-2019-18634: Fixed a buffer overflow in the passphrase prompt that could occur when pwfeedback was enabled in /etc/sudoers (bsc#1162202). Non-security issue fixed: - Fixed an issue where sudo -l would ask for a password even though `listpw` was set to `never` (bsc#1162675). Important SUSE bug 1162202 SUSE bug 1162675 CVE-2019-18634 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for ImageMagick fixes the following issues: Security issue fixed: - CVE-2019-19948: Fixed a heap-based buffer overflow in WriteSGIImage() (bsc#1159861). - CVE-2019-19949: Fixed a heap-based buffer over-read in WritePNGImage() (bsc#1160369). Non-security issue fixed: - Fixed an issue where converting tiff to png would lead to unviewable files (bsc#1161194). Moderate SUSE bug 1159861 SUSE bug 1160369 SUSE bug 1161194 CVE-2019-19948 CVE-2019-19949 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for java-1_7_1-ibm fixes the following issues: Java was updated to 7.1 Service Refresh 4 Fix Pack 60 [bsc#1162972, bsc#1160968]. Security issues fixed: - CVE-2020-2583: Fixed a serialization vulnerability in BeanContextSupport (bsc#1162972). - CVE-2020-2593: Fixed an incorrect check in isBuiltinStreamHandler, causing URL normalization issues (bsc#1162972). - CVE-2020-2604: Fixed a serialization issue in jdk.serialFilter (bsc#1162972). - CVE-2020-2659: Fixed the incomplete enforcement of the maxDatagramSockets limit in DatagramChannelImpl (bsc#1162972). Non-security issues fixed: * Class Libraries: IJ22333 HANG IN JAVA_JAVA_NET_SOCKETINPUTSTREAM_SOCKETREAD0 EVEN WHEN TIMEOUT IS SET IJ22350 JAVA 7 AND JAVA 8 NOT WORKING WELL WITH TRADITIONAL/SIMPLIFIED CHINESE EDITION OF WINDOWS CLIENT SYSTEM IJ22337 THE NAME OF THE REPUBLIC OF BELARUS IN THE RUSSIAN LOCALE INCONSISTENT WITH CLDR IJ22349 UPDATE TIMEZONE INFORMATION TO TZDATA2019C * JIT Compiler: IJ11368 JAVA JIT PPC: CRASH IN JIT COMPILED CODE ON PPC MACHINES Important SUSE bug 1160968 SUSE bug 1162972 CVE-2020-2583 CVE-2020-2593 CVE-2020-2604 CVE-2020-2659 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libexif fixes the following issues: - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). Moderate SUSE bug 1120943 SUSE bug 1160770 CVE-2018-20030 CVE-2019-9278 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libvpx fixes the following issues: - CVE-2019-9232: Fixed an out of bound memory access (bsc#1160613). - CVE-2019-9433: Fixdd a use-after-free in vp8_deblock() (bsc#1160614). Moderate SUSE bug 1160613 SUSE bug 1160614 CVE-2019-9232 CVE-2019-9433 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for ppp fixes the following security issue: - CVE-2020-8597: Fixed a buffer overflow in the eap_request and eap_response functions (bsc#1162610). Important SUSE bug 1162610 CVE-2020-8597 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for python3 fixes the following issues: Update to 3.4.10 (jsc#SLE-9427, bsc#1159208) from 3.4.6: Security issues fixed: - Update expat copy from 2.1.1 to 2.2.0 to fix the following issues: CVE-2012-0876, CVE-2016-0718, CVE-2016-4472, CVE-2017-9233, CVE-2016-9063 - CVE-2017-1000158: Fix an integer overflow in thePyString_DecodeEscape function in stringobject.c, resulting in heap-based bufferoverflow (bsc#1068664). Moderate SUSE bug 1068664 SUSE bug 1159208 SUSE bug 1159623 CVE-2012-0876 CVE-2016-0718 CVE-2016-4472 CVE-2016-9063 CVE-2017-1000158 CVE-2017-9233 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for java-1_7_1-ibm fixes the following issues: - Update to 7.1 Service Refresh 4 Fix Pack 55 [bsc#1158442, bsc#1154212] * Security fixes: CVE-2019-2933 CVE-2019-2945 CVE-2019-2962 CVE-2019-2964 CVE-2019-2978 CVE-2019-2983 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 CVE-2019-2973 CVE-2019-2981 Moderate SUSE bug 1154212 SUSE bug 1158442 CVE-2019-2933 CVE-2019-2945 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for texlive-filesystem fixes the following issues: Security issues fixed: - Changed default user for ls-R files and font cache directories to user nobody (bsc#1159740) - Switched to rm instead of safe-rm or safe-rmdir to avoid race conditions (bsc#1158910) . - Made cron script more failsafe (bsc#1150556) Non-security issue fixed: - Refreshed font map files on update (bsc#1155381) Moderate SUSE bug 1150556 SUSE bug 1155381 SUSE bug 1158910 SUSE bug 1159740 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for php5 fixes the following issues: Security issues fixed: - CVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail() (bsc#1146360). - CVE-2019-11042: Fixed heap buffer over-read in exif_process_user_comment() (bsc#1145095). - CVE-2019-11043: Fixed possible remote code execution via env_path_info underflow in fpm_main.c (bsc#1154999). - CVE-2019-11045: Fixed an issue with the PHP DirectoryIterator class that accepts filenames with embedded \0 bytes (bsc#1159923). - CVE-2019-11046: Fixed an out-of-bounds read in bc_shift_addsub (bsc#1159924). - CVE-2019-11047: Fixed an information disclosure in exif_read_data (bsc#1159922). - CVE-2019-11050: Fixed a buffer over-read in the EXIF extension (bsc#1159927). - CVE-2020-7059: Fixed an out-of-bounds read in php_strip_tags_ex (bsc#1162629). - CVE-2020-7060: Fixed a global buffer-overflow in mbfl_filt_conv_big5_wchar (bsc#1162632). Moderate SUSE bug 1145095 SUSE bug 1146360 SUSE bug 1154999 SUSE bug 1159922 SUSE bug 1159923 SUSE bug 1159924 SUSE bug 1159927 SUSE bug 1161982 SUSE bug 1162629 SUSE bug 1162632 CVE-2019-11041 CVE-2019-11042 CVE-2019-11043 CVE-2019-11045 CVE-2019-11046 CVE-2019-11047 CVE-2019-11050 CVE-2020-7059 CVE-2020-7060 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for mariadb-100 fixes the following issues: MariaDB was updated to version 10.0.40-3 (bsc#1162388). Security issue fixed: - CVE-2020-2574: Fixed a difficult to exploit vulnerability that allowed an attacker to crash the client (bsc#1162388). Moderate SUSE bug 1162388 CVE-2020-2574 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for java-1_8_0-ibm fixes the following issues: Java 8.0 was updated to Service Refresh 6 Fix Pack 5 (bsc#1162972, bsc#1160968) - CVE-2020-2583: Unlink Set of LinkedHashSets - CVE-2019-4732: Untrusted DLL search path vulnerability - CVE-2020-2593: Normalize normalization for all - CVE-2020-2604: Better serial filter handling - CVE-2020-2659: Enhance datagram socket support Important SUSE bug 1160968 SUSE bug 1162972 CVE-2019-4732 CVE-2020-2583 CVE-2020-2593 CVE-2020-2604 CVE-2020-2659 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for log4j fixes the following issues: - CVE-2019-17571: Fixed a remote code execution by deserialization of untrusted data in SocketServer (bsc#1159646). Important SUSE bug 1159646 CVE-2019-17571 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libpng16 fixes the following issues: Security issues fixed: - CVE-2019-7317: Fixed a use-after-free vulnerability, triggered when png_image_free() was called under png_safe_execute (bsc#1124211). - CVE-2017-12652: Fixed an Input Validation Error related to the length of chunks (bsc#1141493). Moderate SUSE bug 1124211 SUSE bug 1141493 CVE-2017-12652 CVE-2019-7317 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-2732: Fixed an issue affecting Intel CPUs where an L2 guest may trick the L0 hypervisor into accessing sensitive L1 resources (bsc#1163971). - CVE-2019-19338: There was an incomplete fix for an issue with Transactional Synchronisation Extensions in the KVM code (bsc#1158954). - CVE-2019-14615: An information disclosure vulnerability existed due to insufficient control flow in certain data structures for some Intel(R) Processors (bnc#1160195). - CVE-2019-14896: A heap overflow was found in the add_ie_rates() function of the Marvell Wifi Driver (bsc#1157157). - CVE-2019-14897: A stack overflow was found in the lbs_ibss_join_existing() function of the Marvell Wifi Driver (bsc#1157155). - CVE-2019-15213: A use-after-free bug caused by a malicious USB device was found in drivers/media/usb/dvb-usb/dvb-usb-init.c (bsc#1146544). - CVE-2019-16994: A memory leak existed in sit_init_net() in net/ipv6/sit.c which might have caused denial of service, aka CID-07f12b26e21a (bnc#1161523). - CVE-2019-18808: A memory leak in drivers/crypto/ccp/ccp-ops.c allowed attackers to cause a denial of service (memory consumption), aka CID-128c66429247 (bnc#1156259). - CVE-2019-19036: An issue discovered in btrfs_root_node in fs/btrfs/ctree.c allowed a NULL pointer dereference because rcu_dereference(root->node) can be zero (bnc#1157692). - CVE-2019-19045: A memory leak in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c allowed attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7 (bnc#1161522). - CVE-2019-19051: A memory leak in drivers/net/wimax/i2400m/op-rfkill.c allowed attackers to cause a denial of service (memory consumption), aka CID-6f3ef5c25cc7 (bnc#1159024). - CVE-2019-19054: A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c allowed attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b (bnc#1161518). - CVE-2019-19066: A memory leak in drivers/scsi/bfa/bfad_attr.c allowed attackers to cause a denial of service (memory consumption), aka CID-0e62395da2bd (bnc#1157303). - CVE-2019-19318: Mounting a crafted btrfs image twice could have caused a use-after-free (bnc#1158026). - CVE-2019-19319: A slab-out-of-bounds write access could have occured when setxattr was called after mounting of a specially crafted ext4 image (bnc#1158021). - CVE-2019-19332: An out-of-bounds memory write issue was found in the way the KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could have used this flaw to crash the system (bnc#1158827). - CVE-2019-19447: Mounting a crafted ext4 filesystem image, performing some operations, and unmounting could have led to a use-after-free in fs/ext4/super.c (bnc#1158819). - CVE-2019-19523: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79 (bsc#1158823). - CVE-2019-19524: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9 (bsc#1158413). - CVE-2019-19525: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035 (bsc#1158417). - CVE-2019-19526: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098 (bsc#1158893). - CVE-2019-19527: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e (bsc#1158900). - CVE-2019-19528: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d (bsc#1158407). - CVE-2019-19529: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41 (bnc#1158381). - CVE-2019-19530: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef (bsc#1158410). - CVE-2019-19531: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca (bsc#1158445). - CVE-2019-19532: There were multiple out-of-bounds write bugs that can be caused by a malicious USB HID device, aka CID-d9d4b1e46d95 (bsc#1158824). - CVE-2019-19533: There was an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464 (bsc#1158834). - CVE-2019-19534: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29 (bsc#1158398). - CVE-2019-19535: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042 (bsc#1158903). - CVE-2019-19536: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0 (bsc#1158394). - CVE-2019-19537: There was a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9 (bsc#1158904). - CVE-2019-19543: There was a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (bnc#1158427). - CVE-2019-19767: There were multiple use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163 (bnc#1159297). - CVE-2019-19965: There was a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5 (bnc#1159911). - CVE-2019-19966: There was a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that could have caused a denial of service, aka CID-dea37a972655 (bnc#1159841). - CVE-2019-20054: There was a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e (bnc#1159910). - CVE-2019-20095: Several memory leaks were found in drivers/net/wireless/marvell/mwifiex/cfg80211.c, aka CID-003b686ace82 (bnc#1159909). - CVE-2019-20096: There was a memory leak in __feat_register_sp() in net/dccp/feat.c, aka CID-1d3ff0950e2b (bnc#1159908). - CVE-2020-7053: There was a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c (bnc#1160966). - CVE-2020-8428: There was a use-after-free bug in fs/namei.c, which allowed local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9 (bnc#1162109). - CVE-2020-8648: There was a use-after-free vulnerability in the n_tty_receive_buf_common function in drivers/tty/n_tty.c (bnc#1162928). - CVE-2020-8992: An issue was discovered in ext4_protect_reserved_inode in fs/ext4/block_validity.c that allowed attackers to cause a soft lockup via a crafted journal size (bnc#1164069). The following non-security bugs were fixed: - 6pack,mkiss: fix possible deadlock (bsc#1051510). - ACPI / APEI: Do not wait to serialise with oops messages when panic()ing (bsc#1051510). - ACPI / APEI: Switch estatus pool to use vmalloc memory (bsc#1051510). - ACPI / LPSS: Ignore acpi_device_fix_up_power() return value (bsc#1051510). - ACPI / video: Add force_none quirk for Dell OptiPlex 9020M (bsc#1051510). - ACPI / watchdog: Fix init failure with overlapping register regions (bsc#1162557). - ACPI / watchdog: Set default timeout in probe (bsc#1162557). - ACPI: bus: Fix NULL pointer check in acpi_bus_get_private_data() (bsc#1051510). - ACPI: fix acpi_find_child_device() invocation in acpi_preset_companion() (bsc#1051510). - ACPI: OSL: only free map once in osl.c (bsc#1051510). - ACPI: PM: Avoid attaching ACPI PM domain to certain devices (bsc#1051510). - ACPI: sysfs: Change ACPI_MASKABLE_GPE_MAX to 0x100 (bsc#1051510). - ACPI: video: Do not export a non working backlight interface on MSI MS-7721 boards (bsc#1051510). - ACPI: watchdog: Allow disabling WDAT at boot (bsc#1162557). - af_packet: set defaule value for tmo (bsc#1051510). - ALSA: control: remove useless assignment in .info callback of PCM chmap element (git-fixes). - ALSA: echoaudio: simplify get_audio_levels (bsc#1051510). - ALSA: fireface: fix return value in error path of isochronous resources reservation (bsc#1051510). - ALSA: hda - Add docking station support for Lenovo Thinkpad T420s (git-fixes). - ALSA: hda - Downgrade error message for single-cmd fallback (git-fixes). - ALSA: hda/analog - Minor optimization for SPDIF mux connections (git-fixes). - ALSA: hda/ca0132 - Avoid endless loop (git-fixes). - ALSA: hda/ca0132 - Fix work handling in delayed HP detection (git-fixes). - ALSA: hda/ca0132 - Keep power on during processing DSP response (git-fixes). - ALSA: hda/hdmi - Add new pci ids for AMD GPU display audio (git-fixes). - ALSA: hda/hdmi - add retry logic to parse_intel_hdmi() (git-fixes). - ALSA: hda/hdmi - fix atpx_present when CLASS is not VGA (bsc#1051510). - ALSA: hda/hdmi - Fix duplicate unref of pci_dev (bsc#1051510). - ALSA: hda/hdmi - fix vgaswitcheroo detection for AMD (git-fixes). - ALSA: hda/realtek - Add headset Mic no shutup for ALC283 (bsc#1051510). - ALSA: hda/realtek - Dell headphone has noise on unmute for ALC236 (git-fixes). - ALSA: hda/realtek - Fix silent output on MSI-GL73 (git-fixes). - ALSA: hda/realtek - Line-out jack does not work on a Dell AIO (bsc#1051510). - ALSA: hda: Add Clevo W65_67SB the power_save blacklist (git-fixes). - ALSA: hda: Reset stream if DMA RUN bit not cleared (bsc#1111666). - ALSA: hda: Use scnprintf() for printing texts for sysfs/procfs (git-fixes). - ALSA: ice1724: Fix sleep-in-atomic in Infrasonic Quartet support code (bsc#1051510). - ALSA: oxfw: fix return value in error path of isochronous resources reservation (bsc#1051510). - ALSA: pcm: Avoid possible info leaks from PCM stream buffers (git-fixes). - ALSA: pcm: oss: Avoid potential buffer overflows (git-fixes). - ALSA: seq: Avoid concurrent access to queue flags (git-fixes). - ALSA: seq: Fix concurrent access to queue current tick/time (git-fixes). - ALSA: seq: Fix racy access for queue timer in proc read (bsc#1051510). - ALSA: sh: Fix compile warning wrt const (git-fixes). - ALSA: usb-audio: Apply sample rate quirk for Audioengine D1 (git-fixes). - ALSA: usb-audio: fix set_format altsetting sanity check (bsc#1051510). - ALSA: usb-audio: fix sync-ep altsetting sanity check (bsc#1051510). - apparmor: fix unsigned len comparison with less than zero (git-fixes). - ar5523: check NULL before memcpy() in ar5523_cmd() (bsc#1051510). - arm64: Revert support for execute-only user mappings (bsc#1160218). - ASoC: au8540: use 64-bit arithmetic instead of 32-bit (bsc#1051510). - ASoC: compress: fix unsigned integer overflow check (bsc#1051510). - ASoC: cs4349: Use PM ops 'cs4349_runtime_pm' (bsc#1051510). - ASoC: Jack: Fix NULL pointer dereference in snd_soc_jack_report (bsc#1051510). - ASoC: msm8916-wcd-analog: Fix selected events for MIC BIAS External1 (bsc#1051510). - ASoC: sun8i-codec: Fix setting DAI data format (git-fixes). - ASoC: wm8962: fix lambda value (git-fixes). - ata: ahci: Add shutdown to freeze hardware resources of ahci (bsc#1164388). - ath10k: fix fw crash by moving chip reset after napi disabled (bsc#1051510). - ath6kl: Fix off by one error in scan completion (bsc#1051510). - ath9k: fix storage endpoint lookup (git-fixes). - atl1e: checking the status of atl1e_write_phy_reg (bsc#1051510). - audit: Allow auditd to set pid to 0 to end auditing (bsc#1158094). - batman-adv: Fix DAT candidate selection on little endian systems (bsc#1051510). - bcache: add code comment bch_keylist_pop() and bch_keylist_pop_front() (bsc#1163762). - bcache: add code comments for state->pool in __btree_sort() (bsc#1163762). - bcache: add code comments in bch_btree_leaf_dirty() (bsc#1163762). - bcache: add cond_resched() in __bch_cache_cmp() (bsc#1163762). - bcache: add idle_max_writeback_rate sysfs interface (bsc#1163762). - bcache: add more accurate error messages in read_super() (bsc#1163762). - bcache: add readahead cache policy options via sysfs interface (bsc#1163762). - bcache: at least try to shrink 1 node in bch_mca_scan() (bsc#1163762). - bcache: avoid unnecessary btree nodes flushing in btree_flush_write() (bsc#1163762). - bcache: check return value of prio_read() (bsc#1163762). - bcache: deleted code comments for dead code in bch_data_insert_keys() (bsc#1163762). - bcache: do not export symbols (bsc#1163762). - bcache: explicity type cast in bset_bkey_last() (bsc#1163762). - bcache: fix a lost wake-up problem caused by mca_cannibalize_lock (bsc#1163762). - bcache: Fix an error code in bch_dump_read() (bsc#1163762). - bcache: fix deadlock in bcache_allocator (bsc#1163762). - bcache: fix incorrect data type usage in btree_flush_write() (bsc#1163762). - bcache: fix memory corruption in bch_cache_accounting_clear() (bsc#1163762). - bcache: fix static checker warning in bcache_device_free() (bsc#1163762). - bcache: ignore pending signals when creating gc and allocator thread (bsc#1163762, bsc#1112504). - bcache: print written and keys in trace_bcache_btree_write (bsc#1163762). - bcache: reap c->btree_cache_freeable from the tail in bch_mca_scan() (bsc#1163762). - bcache: reap from tail of c->btree_cache in bch_mca_scan() (bsc#1163762). - bcache: remove macro nr_to_fifo_front() (bsc#1163762). - bcache: remove member accessed from struct btree (bsc#1163762). - bcache: remove the extra cflags for request.o (bsc#1163762). - bcache: Revert 'bcache: shrink btree node cache after bch_btree_check()' (bsc#1163762, bsc#1112504). - bcma: remove set but not used variable 'sizel' (git-fixes). - blk-mq: avoid sysfs buffer overflow with too many CPU cores (bsc#1163840). - blk-mq: make sure that line break can be printed (bsc#1164098). - Bluetooth: Fix race condition in hci_release_sock() (bsc#1051510). - Bluetooth: hci_bcm: Handle specific unknown packets after firmware loading (bsc#1051510). - bonding: fix active-backup transition after link failure (git-fixes). - bonding: fix potential NULL deref in bond_update_slave_arr (bsc#1051510). - bonding: fix slave stuck in BOND_LINK_FAIL state (networking-stable-19_11_10). - bonding: fix state transition issue in link monitoring (networking-stable-19_11_10). - bonding: fix unexpected IFF_BONDING bit unset (bsc#1051510). - bpf: Make use of probe_user_write in probe write helper (bsc#1083647). - brcmfmac: fix interface sanity check (git-fixes). - brcmfmac: Fix memory leak in brcmf_usbdev_qinit (git-fixes). - brcmfmac: Fix use after free in brcmf_sdio_readframes() (git-fixes). - btrfs: abort transaction after failed inode updates in create_subvol (bsc#1161936). - btrfs: add missing extents release on file extent cluster relocation error (bsc#1159483). - btrfs: avoid fallback to transaction commit during fsync of files with holes (bsc#1159569). - btrfs: dev-replace: remove warning for unknown return codes when finished (dependency for bsc#1162067). - btrfs: do not call synchronize_srcu() in inode_tree_del (bsc#1161934). - btrfs: do not double lock the subvol_sem for rename exchange (bsc#1162943). - btrfs: Ensure we trim ranges across block group boundary (bsc#1151910). - btrfs: fix block group remaining RO forever after error during device replace (bsc#1160442). - btrfs: fix btrfs_write_inode vs delayed iput deadlock (bsc#1154243). - btrfs: fix infinite loop during fsync after rename operations (bsc#1163383). - btrfs: fix infinite loop during nocow writeback due to race (bsc#1160804). - btrfs: fix integer overflow in calc_reclaim_items_nr (bsc#1160433). - btrfs: fix missing data checksums after replaying a log tree (bsc#1161931). - btrfs: fix negative subv_writers counter and data space leak after buffered write (bsc#1160802). - btrfs: fix race between adding and putting tree mod seq elements and nodes (bsc#1163384). - btrfs: fix removal logic of the tree mod log that leads to use-after-free issues (bsc#1160803). - btrfs: fix selftests failure due to uninitialized i_mode in test inodes (Fix for dependency of bsc#1157692). - btrfs: handle ENOENT in btrfs_uuid_tree_iterate (bsc#1161937). - btrfs: harden agaist duplicate fsid on scanned devices (bsc#1134973). - btrfs: inode: Verify inode mode to avoid NULL pointer dereference (dependency for bsc#1157692). - btrfs: make tree checker detect checksum items with overlapping ranges (bsc#1161931). - btrfs: Move btrfs_check_chunk_valid() to tree-check.[ch] and export it (dependency for bsc#1157692). - btrfs: record all roots for rename exchange on a subvol (bsc#1161933). - btrfs: relocation: fix reloc_root lifespan and access (bsc#1159588). - btrfs: scrub: Require mandatory block group RO for dev-replace (bsc#1162067). - btrfs: send, skip backreference walking for extents with many references (bsc#1162139). - btrfs: simplify inode locking for RWF_NOWAIT (git-fixes). - btrfs: skip log replay on orphaned roots (bsc#1161935). - btrfs: tree-checker: Check chunk item at tree block read time (dependency for bsc#1157692). - btrfs: tree-checker: Check level for leaves and nodes (dependency for bsc#1157692). - btrfs: tree-checker: Enhance chunk checker to validate chunk profile (dependency for bsc#1157692). - btrfs: tree-checker: Fix wrong check on max devid (fixes for dependency of bsc#1157692). - btrfs: tree-checker: get fs_info from eb in block_group_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_block_group_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_csum_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_dev_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_dir_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_extent_data_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_inode_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_leaf (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_leaf_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in chunk_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in dev_item_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in dir_item_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in file_extent_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in generic_err (dependency for bsc#1157692). - btrfs: tree-checker: Make btrfs_check_chunk_valid() return EUCLEAN instead of EIO (dependency for bsc#1157692). - btrfs: tree-checker: Make chunk item checker messages more readable (dependency for bsc#1157692). - btrfs: tree-checker: Verify dev item (dependency for bsc#1157692). - btrfs: tree-checker: Verify inode item (dependency for bsc#1157692). - btrfs: volumes: Use more straightforward way to calculate map length (bsc#1151910). - can, slip: Protect tty->disc_data in write_wakeup and close with RCU (bsc#1051510). - can: can_dropped_invalid_skb(): ensure an initialized headroom in outgoing CAN sk_buffs (bsc#1051510). - can: c_can: D_CAN: c_can_chip_config(): perform a sofware reset on open (bsc#1051510). - can: gs_usb: gs_usb_probe(): use descriptors of current altsetting (bsc#1051510). - can: mscan: mscan_rx_poll(): fix rx path lockup when returning from polling to irq mode (bsc#1051510). - can: peak_usb: report bus recovery as well (bsc#1051510). - can: rx-offload: can_rx_offload_irq_offload_fifo(): continue on error (bsc#1051510). - can: rx-offload: can_rx_offload_irq_offload_timestamp(): continue on error (bsc#1051510). - can: rx-offload: can_rx_offload_offload_one(): increment rx_fifo_errors on queue overflow or OOM (bsc#1051510). - can: rx-offload: can_rx_offload_offload_one(): use ERR_PTR() to propagate error value in case of errors (bsc#1051510). - can: slcan: Fix use-after-free Read in slcan_open (bsc#1051510). - CDC-NCM: handle incomplete transfer of MTU (networking-stable-19_11_10). - cdrom: respect device capabilities during opening action (boo#1164632). - cfg80211/mac80211: make ieee80211_send_layer2_update a public function (bsc#1051510). - cfg80211: check for set_wiphy_params (bsc#1051510). - cfg80211: fix page refcount issue in A-MSDU decap (bsc#1051510). - cgroup,writeback: do not switch wbs immediately on dead wbs if the memcg is dead (bsc#1158645). - cgroup: pids: use atomic64_t for pids->limit (bsc#1161514). - chardev: Avoid potential use-after-free in 'chrdev_open()' (bsc#1163849). - cifs: add support for flock (bsc#1144333). - cifs: Close cached root handle only if it had a lease (bsc#1144333). - cifs: Close open handle after interrupted close (bsc#1144333). - cifs: close the shared root handle on tree disconnect (bsc#1144333). - cifs: Do not miss cancelled OPEN responses (bsc#1144333). - cifs: Fix lookup of root ses in DFS referral cache (bsc#1144333). - cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1144333). - cifs: fix mount option display for sec=krb5i (bsc#1161907). - cifs: Fix mount options set in automount (bsc#1144333). - cifs: Fix NULL pointer dereference in mid callback (bsc#1144333). - cifs: Fix NULL-pointer dereference in smb2_push_mandatory_locks (bsc#1144333). - cifs: Fix potential softlockups while refreshing DFS cache (bsc#1144333). - cifs: Fix retrieval of DFS referrals in cifs_mount() (bsc#1144333). - cifs: Fix use-after-free bug in cifs_reconnect() (bsc#1144333). - cifs: Properly process SMB3 lease breaks (bsc#1144333). - cifs: remove set but not used variables 'cinode' and 'netfid' (bsc#1144333). - cifs: Respect O_SYNC and O_DIRECT flags during reconnect (bsc#1144333). - clk: Do not try to enable critical clocks if prepare failed (bsc#1051510). - clk: mmp2: Fix the order of timer mux parents (bsc#1051510). - clk: qcom: rcg2: Do not crash if our parent can't be found; return an error (bsc#1051510). - clk: rockchip: fix I2S1 clock gate register for rk3328 (bsc#1051510). - clk: rockchip: fix ID of 8ch clock of I2S1 for rk3328 (bsc#1051510). - clk: rockchip: fix rk3188 sclk_mac_lbtest parameter ordering (bsc#1051510). - clk: rockchip: fix rk3188 sclk_smc gate data (bsc#1051510). - clk: sunxi-ng: add mux and pll notifiers for A64 CPU clock (bsc#1051510). - clk: sunxi: sun9i-mmc: Implement reset callback for reset controls (bsc#1051510). - clk: tegra: Mark fuse clock as critical (bsc#1051510). - clocksource/drivers/bcm2835_timer: Fix memory leak of timer (bsc#1051510). - clocksource: Prevent double add_timer_on() for watchdog_timer (bsc#1051510). - closures: fix a race on wakeup from closure_sync (bsc#1163762). - compat_ioctl: handle SIOCOUTQNSD (bsc#1051510). - configfs_register_group() shouldn't be (and isn't) called in rmdirable parts (bsc#1051510). - copy/pasted 'Recommends:' instead of 'Provides:', 'Obsoletes:' and 'Conflicts: - Cover up kABI breakage due to DH key verification (bsc#1155331). - crypto: af_alg - Use bh_lock_sock in sk_destruct (bsc#1051510). - crypto: api - Check spawn->alg under lock in crypto_drop_spawn (bsc#1051510). - crypto: api - Fix race condition in crypto_spawn_alg (bsc#1051510). - crypto: atmel-sha - fix error handling when setting hmac key (bsc#1051510). - crypto: ccp - fix uninitialized list head (bsc#1051510). - crypto: chelsio - fix writing tfm flags to wrong place (bsc#1051510). - crypto: dh - add public key verification test (bsc#1155331). - crypto: dh - fix calculating encoded key size (bsc#1155331). - crypto: dh - fix memory leak (bsc#1155331). - crypto: dh - update test for public key verification (bsc#1155331). - crypto: DRBG - add FIPS 140-2 CTRNG for noise source (bsc#1155334). - crypto: ecdh - add public key verification test (bsc#1155331). - crypto: ecdh - fix typo of P-192 b value (bsc#1155331). - crypto: mxc-scc - fix build warnings on ARM64 (bsc#1051510). - crypto: pcrypt - Do not clear MAY_SLEEP flag in original request (bsc#1051510). - crypto: picoxcell - adjust the position of tasklet_init and fix missed tasklet_kill (bsc#1051510). - crypto: reexport crypto_shoot_alg() (bsc#1051510, kABI fix). - cxgb4: request the TX CIDX updates to status page (bsc#1127371). - dma-buf: Fix memory leak in sync_file_merge() (git-fixes). - dma-mapping: fix return type of dma_set_max_seg_size() (bsc#1051510). - dmaengine: coh901318: Fix a double-lock bug (bsc#1051510). - dmaengine: coh901318: Remove unused variable (bsc#1051510). - dmaengine: Fix access to uninitialized dma_slave_caps (bsc#1051510). - Documentation: Document arm64 kpti control (bsc#1162623). - drivers/base/memory.c: cache blocks in radix tree to accelerate lookup (bsc#1159955 ltc#182993). - drivers/base/memory.c: do not access uninitialized memmaps in soft_offline_page_store() (bsc#1051510). - drivers/base/platform.c: kmemleak ignore a known leak (bsc#1051510). - drivers/regulator: fix a missing check of return value (bsc#1051510). - drm/amdgpu: add function parameter description in 'amdgpu_gart_bind' (bsc#1051510). - drm/amdgpu: fix bad DMA from INTERRUPT_CNTL2 (bsc#1114279) - drm/amdgpu: remove 4 set but not used variable in amdgpu_atombios_get_connector_info_from_object_table (bsc#1051510). - drm/amdgpu: remove always false comparison in 'amdgpu_atombios_i2c_process_i2c_ch' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'amdgpu_connector' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'dig' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'dig_connector' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'mc_shared_chmap' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'mc_shared_chmap' from 'gfx_v6_0.c' and 'gfx_v7_0.c' (bsc#1051510). - drm/dp_mst: correct the shifting in DP_REMOTE_I2C_READ (bsc#1051510). - drm/fb-helper: Round up bits_per_pixel if possible (bsc#1051510). - drm/i810: Prevent underflow in ioctl (bsc#1114279) - drm/i915: Add missing include file <linux/math64.h> (bsc#1051510). - drm/i915: Fix pid leak with banned clients (bsc#1114279) - drm/mst: Fix MST sideband up-reply failure handling (bsc#1051510). - drm/nouveau/secboot/gm20b: initialize pointer in gm20b_secboot_new() (bsc#1051510). - drm/nouveau: Fix copy-paste error in nouveau_fence_wait_uevent_handler (bsc#1051510). - drm/qxl: Return error if fbdev is not 32 bpp (bsc#1159028) - drm/radeon: fix r1xx/r2xx register checker for POT textures (bsc#1114279) - drm/rockchip: lvds: Fix indentation of a #define (bsc#1051510). - drm/rockchip: Round up _before_ giving to the clock framework (bsc#1114279) - drm/vmwgfx: prevent memory leak in vmw_cmdbuf_res_add (bsc#1051510). - drm: bridge: dw-hdmi: constify copied structure (bsc#1051510). - drm: limit to INT_MAX in create_blob ioctl (bsc#1051510). - drm: meson: venc: cvbs: fix CVBS mode matching (bsc#1051510). - drm: panel-lvds: Potential Oops in probe error handling (bsc#1114279) - e1000e: Add support for Comet Lake (bsc#1158533). - e1000e: Add support for Tiger Lake (bsc#1158533). - e1000e: Increase pause and refresh time (bsc#1158533). - e100: Fix passing zero to 'PTR_ERR' warning in e100_load_ucode_wait (bsc#1051510). - ecryptfs_lookup_interpose(): lower_dentry->d_inode is not stable (bsc#1158646). - ecryptfs_lookup_interpose(): lower_dentry->d_parent is not stable either (bsc#1158647). - EDAC/ghes: Fix locking and memory barrier issues (bsc#1114279). EDAC/ghes: Do not warn when incrementing refcount on 0 (bsc#1114279). - Enable CONFIG_BLK_DEV_SR_VENDOR (boo#1164632). - enic: prevent waking up stopped tx queues over watchdog reset (bsc#1133147). - exit: panic before exit_mm() on global init exit (bsc#1161549). - ext2: check err when partial != NULL (bsc#1163859). - ext4, jbd2: ensure panic when aborting with zero errno (bsc#1163853). - ext4: check for directory entries too close to block end (bsc#1163861). - ext4: fix a bug in ext4_wait_for_tail_page_commit (bsc#1163841). - ext4: fix checksum errors with indexed dirs (bsc#1160979). - ext4: fix deadlock allocating crypto bounce page from mempool (bsc#1163842). - ext4: Fix mount failure with quota configured as module (bsc#1164471). - ext4: fix punch hole for inline_data file systems (bsc#1158640). - ext4: improve explanation of a mount failure caused by a misconfigured kernel (bsc#1163843). - ext4: update direct I/O read lock pattern for IOCB_NOWAIT (bsc#1158639). - extcon: max8997: Fix lack of path setting in USB device mode (bsc#1051510). - firestream: fix memory leaks (bsc#1051510). - fix autofs regression caused by follow_managed() changes (bsc#1159271). - fix dget_parent() fastpath race (bsc#1159271). - Fix partial checked out tree build ... so that bisection does not break. - Fix the locking in dcache_readdir() and friends (bsc#1123328). - fjes: fix missed check in fjes_acpi_add (bsc#1051510). - fs/namei.c: fix missing barriers when checking positivity (bsc#1159271). - fs/namei.c: pull positivity check into follow_managed() (bsc#1159271). - fs/open.c: allow opening only regular files during execve() (bsc#1163845). - fs: cifs: Fix atime update check vs mtime (bsc#1144333). - fscrypt: do not set policy for a dead directory (bsc#1163846). - ftrace: Add comment to why rcu_dereference_sched() is open coded (git-fixes). - ftrace: Avoid potential division by zero in function profiler (bsc#1160784). - ftrace: Introduce PERMANENT ftrace_ops flag (bsc#1120853). - ftrace: Protect ftrace_graph_hash with ftrace_sync (git-fixes). - genirq/proc: Return proper error code when irq_set_affinity() fails (bnc#1105392). - genirq: Prevent NULL pointer dereference in resend_irqs() (bsc#1051510). - genirq: Properly pair kobject_del() with kobject_add() (bsc#1051510). - gpio: Fix error message on out-of-range GPIO in lookup table (bsc#1051510). - gtp: avoid zero size hashtable (networking-stable-20_01_01). - gtp: do not allow adding duplicate tid and ms_addr pdp context (networking-stable-20_01_01). - gtp: fix an use-after-free in ipv4_pdp_find() (networking-stable-20_01_01). - gtp: fix wrong condition in gtp_genl_dump_pdp() (networking-stable-20_01_01). - HID: doc: fix wrong data structure reference for UHID_OUTPUT (bsc#1051510). - HID: hidraw, uhid: Always report EPOLLOUT (bsc#1051510). - HID: hidraw: Fix returning EPOLLOUT from hidraw_poll (bsc#1051510). - HID: intel-ish-hid: fixes incorrect error handling (bsc#1051510). - HID: uhid: Fix returning EPOLLOUT from uhid_char_poll (bsc#1051510). - hidraw: Return EPOLLOUT from hidraw_poll (bsc#1051510). - hwmon: (adt7475) Make volt2reg return same reg as reg2volt input (bsc#1051510). - hwmon: (core) Do not use device managed functions for memory allocations (bsc#1051510). - hwmon: (nct7802) Fix voltage limits to wrong registers (bsc#1051510). - hwmon: (pmbus/ltc2978) Fix PMBus polling of MFR_COMMON definitions (bsc#1051510). - hwrng: stm32 - fix unbalanced pm_runtime_enable (bsc#1051510). - i2c: imx: do not print error message on probe defer (bsc#1051510). - ibmveth: Detect unsupported packets before sending to the hypervisor (bsc#1159484 ltc#182983). - ibmvnic: Bound waits for device queries (bsc#1155689 ltc#182047). - ibmvnic: Fix completion structure initialization (bsc#1155689 ltc#182047). - ibmvnic: Serialize device queries (bsc#1155689 ltc#182047). - ibmvnic: Terminate waiting device threads after loss of service (bsc#1155689 ltc#182047). - idr: Fix idr_alloc_u32 on 32-bit systems (bsc#1051510). - iio: adc: max9611: Fix too short conversion time delay (bsc#1051510). - iio: buffer: align the size of scan bytes to size of the largest element (bsc#1051510). - inet: protect against too small mtu values (networking-stable-19_12_16). - init: add arch_call_rest_init to allow stack switching (jsc#SLE-11179). - Input: aiptek - fix endpoint sanity check (bsc#1051510). - Input: cyttsp4_core - fix use after free bug (bsc#1051510). - Input: goodix - add upside-down quirk for Teclast X89 tablet (bsc#1051510). - Input: gtco - fix endpoint sanity check (bsc#1051510). - Input: keyspan-remote - fix control-message timeouts (bsc#1051510). - Input: pegasus_notetaker - fix endpoint sanity check (bsc#1051510). - Input: pm8xxx-vib - fix handling of separate enable register (bsc#1051510). - Input: rmi_f54 - read from FIFO in 32 byte blocks (bsc#1051510). - Input: sun4i-ts - add a check for devm_thermal_zone_of_sensor_register (bsc#1051510). - Input: sur40 - fix interface sanity checks (bsc#1051510). - Input: synaptics - switch another X1 Carbon 6 to RMI/SMbus (bsc#1051510). - Input: synaptics-rmi4 - do not increment rmiaddr for SMBus transfers (bsc#1051510). - Input: synaptics-rmi4 - simplify data read in rmi_f54_work (bsc#1051510). - iomap: Fix pipe page leakage during splicing (bsc#1158651). - iommu/amd: Fix IOMMU perf counter clobbering during init (bsc#1162617). - iommu/arm-smmu-v3: Populate VMID field for CMDQ_OP_TLBI_NH_VA (bsc#1164314). - iommu/io-pgtable-arm: Fix race handling in split_blk_unmap() (bsc#1164115). - iommu/vt-d: Unlink device if failed to add to group (bsc#1160756). - iommu: Remove device link to group on failure (bsc#1160755). - ipv4: Fix table id reference in fib_sync_down_addr (networking-stable-19_11_10). - iwlegacy: ensure loop counter addr does not wrap and cause an infinite loop (git-fixes). - iwlwifi: do not throw error when trying to remove IGTK (bsc#1051510). - iwlwifi: mvm: fix NVM check for 3168 devices (bsc#1051510). - iwlwifi: mvm: Send non offchannel traffic via AP sta (bsc#1051510). - iwlwifi: mvm: synchronize TID queue removal (bsc#1051510). - jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info when load journal (bsc#1163862). - jbd2: do not clear the BH_Mapped flag when forgetting a metadata buffer (bsc#1163836). - jbd2: Fix possible overflow in jbd2_log_space_left() (bsc#1163860). - jbd2: make sure ESHUTDOWN to be recorded in the journal superblock (bsc#1163863). - jbd2: move the clearing of b_modified flag to the journal_unmap_buffer() (bsc#1163880). - jbd2: switch to use jbd2_journal_abort() when failed to submit the commit record (bsc#1163852). - kABI workaround for can/skb.h inclusion (bsc#1051510). - kABI: add _q suffix to exports that take struct dh (bsc#1155331). - kABI: protect struct sctp_ep_common (kabi). - kconfig: fix broken dependency in randconfig-generated .config (bsc#1051510). - kernel-binary.spec.in: do not recommend firmware for kvmsmall and azure flavor (boo#1161360). - kernel/trace: Fix do not unregister tracepoints when register sched_migrate_task fail (bsc#1160787). - kernfs: Fix range checks in kernfs_get_target_path (bsc#1051510). - kexec: bail out upon SIGKILL when allocating memory (git-fixes). - KVM: Clean up __kvm_gfn_to_hva_cache_init() and its callers (bsc#1133021). - KVM: fix spectrev1 gadgets (bsc#1164705). - KVM: PPC: Book3S HV: Uninit vCPU if vcore creation fails (bsc#1061840). - KVM: PPC: Book3S PR: Fix -Werror=return-type build failure (bsc#1061840). - KVM: PPC: Book3S PR: Free shared page if mmu initialization fails (bsc#1061840). - KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl (git-fixes). - KVM: s390: Test for bad access register and size at the start of S390_MEM_OP (git-fixes). - KVM: SVM: Guard against DEACTIVATE when performing WBINVD/DF_FLUSH (bsc#1114279). - KVM: SVM: Override default MMIO mask if memory encryption is enabled (bsc#1162618). - KVM: SVM: Serialize access to the SEV ASID bitmap (bsc#1114279). - KVM: x86: Host feature SSBD does not imply guest feature SPEC_CTRL_SSBD (bsc#1160476). - KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks (bsc#1164734). - KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks (bsc#1164728). - KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks (bsc#1164729). - KVM: x86: Protect kvm_hv_msr_[get|set]_crash_data() from Spectre-v1/L1TF attacks (bsc#1164712). - KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks (bsc#1164730). - KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks in x86.c (bsc#1164733). - KVM: x86: Protect MSR-based index computations in fixed_msr_to_seg_unit() from Spectre-v1/L1TF attacks (bsc#1164731). - KVM: x86: Protect MSR-based index computations in pmu.h from Spectre-v1/L1TF attacks (bsc#1164732). - KVM: x86: Protect pmu_intel.c from Spectre-v1/L1TF attacks (bsc#1164735). - KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks (bsc#1164705). - KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks (bsc#1164727). - KVM: x86: Remove a spurious export of a static function (bsc#1158954). - leds: Allow to call led_classdev_unregister() unconditionally (bsc#1161674). - leds: class: ensure workqueue is initialized before setting brightness (bsc#1161674). - lib/scatterlist.c: adjust indentation in __sg_alloc_table (bsc#1051510). - lib/test_kasan.c: fix memory leak in kmalloc_oob_krealloc_more() (bsc#1051510). - lib: crc64: include <linux/crc64.h> for 'crc64_be' (bsc#1163762). - livepatch/samples/selftest: Use klp_shadow_alloc() API correctly (bsc#1071995). - livepatch/selftest: Clean up shadow variable names and type (bsc#1071995). - livepatch: Allow to distinguish different version of system state changes (bsc#1071995). - livepatch: Basic API to track system state changes (bsc#1071995 ). - livepatch: Keep replaced patches until post_patch callback is called (bsc#1071995). - livepatch: Selftests of the API for tracking system state changes (bsc#1071995). - livepatch: Simplify stack trace retrieval (jsc#SLE-11179). - loop: fix no-unmap write-zeroes request behavior (bsc#1158637). - mac80211: Do not send Layer 2 Update frame before authorization (bsc#1051510). - mac80211: fix station inactive_time shortly after boot (bsc#1051510). - mac80211: Fix TKIP replay protection immediately after key setup (bsc#1051510). - mac80211: mesh: restrict airtime metric to peered established plinks (bsc#1051510). - macvlan: do not assume mac_header is set in macvlan_broadcast() (bsc#1051510). - macvlan: use skb_reset_mac_header() in macvlan_queue_xmit() (bsc#1051510). - mailbox: mailbox-test: fix null pointer if no mmio (bsc#1051510). - media/v4l2-core: set pages dirty upon releasing DMA buffers (bsc#1051510). - media: af9005: uninitialized variable printked (bsc#1051510). - media: cec.h: CEC_OP_REC_FLAG_ values were swapped (bsc#1051510). - media: cec: CEC 2.0-only bcast messages were ignored (git-fixes). - media: cec: report Vendor ID after initialization (bsc#1051510). - media: digitv: do not continue if remote control state can't be read (bsc#1051510). - media: dvb-usb/dvb-usb-urb.c: initialize actlen to 0 (bsc#1051510). - media: exynos4-is: fix wrong mdev and v4l2 dev order in error path (git-fixes). - media: gspca: zero usb_buf (bsc#1051510). - media: iguanair: fix endpoint sanity check (bsc#1051510). - media: ov6650: Fix control handler not freed on init error (git-fixes). - media: ov6650: Fix crop rectangle alignment not passed back (git-fixes). - media: ov6650: Fix incorrect use of JPEG colorspace (git-fixes). - media: pulse8-cec: fix lost cec_transmit_attempt_done() call. - media: pulse8-cec: return 0 when invalidating the logical address (bsc#1051510). - media: stkwebcam: Bugfix for wrong return values (bsc#1051510). - media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors (bsc#1051510). - media: uvcvideo: Fix error path in control parsing failure (git-fixes). - media: v4l2-ctrl: fix flags for DO_WHITE_BALANCE (bsc#1051510). - media: v4l2-ioctl.c: zero reserved fields for S/TRY_FMT (bsc#1051510). - media: v4l2-rect.h: fix v4l2_rect_map_inside() top/left adjustments (bsc#1051510). - mei: bus: prefix device names on bus with the bus name (bsc#1051510). - mfd: da9062: Fix watchdog compatible string (bsc#1051510). - mfd: dln2: More sanity checking for endpoints (bsc#1051510). - mfd: rn5t618: Mark ADC control register volatile (bsc#1051510). - missing escaping of backslashes in macro expansions Fixes: f3b74b0ae86b ('rpm/kernel-subpackage-spec: Unify dependency handling.') Fixes: 3fd22e219f77 ('rpm/kernel-subpackage-spec: Fix empty Recommends tag (bsc#1143959)') - mlx5: add parameter to disable enhanced IPoIB (bsc#1142095) - mm, memory_hotplug: do not clear numa_node association after hot_remove (bnc#1115026). - mm/page-writeback.c: fix range_cyclic writeback vs writepages deadlock (bsc#1159394). - mm: memory_hotplug: use put_device() if device_register fail (bsc#1159955 ltc#182993). - mmc: mediatek: fix CMD_TA to 2 for MT8173 HS200/HS400 mode (bsc#1051510). - mmc: sdhci-of-esdhc: fix P2020 errata handling (bsc#1051510). - mmc: sdhci-of-esdhc: Revert 'mmc: sdhci-of-esdhc: add erratum A-009204 support' (bsc#1051510). - mmc: sdhci: fix minimum clock rate for v3 controller (bsc#1051510). - mmc: spi: Toggle SPI polarity, do not hardcode it (bsc#1051510). - mmc: tegra: fix SDR50 tuning override (bsc#1051510). - moduleparam: fix parameter description mismatch (bsc#1051510). - mod_devicetable: fix PHY module format (networking-stable-19_12_28). - mtd: fix mtd_oobavail() incoherent returned value (bsc#1051510). - mwifiex: debugfs: correct histogram spacing, formatting (bsc#1051510). - mwifiex: drop most magic numbers from mwifiex_process_tdls_action_frame() (git-fixes). - mwifiex: fix potential NULL dereference and use after free (bsc#1051510). - namei: only return -ECHILD from follow_dotdot_rcu() (bsc#1163851). - nbd: prevent memory leak (bsc#1158638). - net/ibmvnic: Fix typo in retry check (bsc#1155689 ltc#182047). - net/mlx4_en: fix mlx4 ethtool -N insertion (networking-stable-19_11_25). - net/mlx5: prevent memory leak in mlx5_fpga_conn_create_cq (bsc#1046303). - net/mlx5e: Fix set vf link state error flow (networking-stable-19_11_25). - net/mlx5e: Fix SFF 8472 eeprom length (git-fixes). - net/mlxfw: Fix out-of-memory error in mfa2 flash burning (bsc#1051858). - net/sched: act_pedit: fix WARN() in the traffic path (networking-stable-19_11_25). - net: bridge: deny dev_set_mac_address() when unregistering (networking-stable-19_12_16). - net: cdc_ncm: Signedness bug in cdc_ncm_set_dgram_size() (git-fixes). - net: dst: Force 4-byte alignment of dst_metrics (networking-stable-19_12_28). - net: ena: fix napi handler misbehavior when the napi budget is zero (networking-stable-20_01_01). - net: ethernet: octeon_mgmt: Account for second possible VLAN header (networking-stable-19_11_10). - net: ethernet: ti: cpsw: fix extra rx interrupt (networking-stable-19_12_16). - net: fix data-race in neigh_event_send() (networking-stable-19_11_10). - net: hisilicon: Fix a BUG trigered by wrong bytes_compl (networking-stable-19_12_28). - net: nfc: nci: fix a possible sleep-in-atomic-context bug in nci_uart_tty_receive() (networking-stable-19_12_28). - net: phy: at803x: Change error to EINVAL for invalid MAC (bsc#1051510). - net: phy: broadcom: Use strlcpy() for ethtool::get_strings (bsc#1051510). - net: phy: Check against net_device being NULL (bsc#1051510). - net: phy: dp83867: Set up RGMII TX delay (bsc#1051510). - net: phy: Fix not to call phy_resume() if PHY is not attached (bsc#1051510). - net: phy: Fix the register offsets in Broadcom iProc mdio mux driver (bsc#1051510). - net: phy: fixed_phy: Fix fixed_phy not checking GPIO (bsc#1051510). - net: phy: marvell: clear wol event before setting it (bsc#1051510). - net: phy: marvell: Use strlcpy() for ethtool::get_strings (bsc#1051510). - net: phy: meson-gxl: check phy_write return value (bsc#1051510). - net: phy: micrel: Use strlcpy() for ethtool::get_strings (bsc#1051510). - net: phy: mscc: read 'vsc8531, edge-slowdown' as an u32 (bsc#1051510). - net: phy: mscc: read 'vsc8531,vddmac' as an u32 (bsc#1051510). - net: phy: xgene: disable clk on error paths (bsc#1051510). - net: phy: xgmiitorgmii: Check phy_driver ready before accessing (bsc#1051510). - net: phy: xgmiitorgmii: Check read_status results (bsc#1051510). - net: phy: xgmiitorgmii: Support generic PHY status read (bsc#1051510). - net: psample: fix skb_over_panic (networking-stable-19_12_03). - net: qlogic: Fix error paths in ql_alloc_large_buffers() (networking-stable-19_12_28). - net: rtnetlink: prevent underflows in do_setvfinfo() (networking-stable-19_11_25). - net: sched: correct flower port blocking (git-fixes). - net: sched: fix `tc -s class show` no bstats on class with nolock subqueues (networking-stable-19_12_03). - net: usb: lan78xx: Fix suspend/resume PHY register access error (networking-stable-19_12_28). - net: usb: lan78xx: limit size of local TSO packets (bsc#1051510). - net: usb: qmi_wwan: add support for DW5821e with eSIM support (networking-stable-19_11_10). - net: usb: qmi_wwan: add support for Foxconn T77W968 LTE modules (networking-stable-19_11_18). - netfilter: nf_queue: enqueue skbs with NULL dst (git-fixes). - new helper: lookup_positive_unlocked() (bsc#1159271). - NFC: fdp: fix incorrect free object (networking-stable-19_11_10). - NFC: pn533: fix bulk-message timeout (bsc#1051510). - NFC: pn544: Adjust indentation in pn544_hci_check_presence (git-fixes). - NFC: st21nfca: fix double free (networking-stable-19_11_10). - nvme: fix the parameter order for nvme_get_log in nvme_get_fw_slot_info (bsc#1163774). - ocfs2: fix panic due to ocfs2_wq is null (bsc#1158644). - ocfs2: fix passing zero to 'PTR_ERR' warning (bsc#1158649). - openvswitch: drop unneeded BUG_ON() in ovs_flow_cmd_build_info() (networking-stable-19_12_03). - openvswitch: remove another BUG_ON() (networking-stable-19_12_03). - openvswitch: support asymmetric conntrack (networking-stable-19_12_16). - orinoco_usb: fix interface sanity check (git-fixes). - PCI/IOV: Fix memory leak in pci_iov_add_virtfn() (git-fixes). - PCI/MSI: Fix incorrect MSI-X masking on resume (bsc#1051510). - PCI/MSI: Return -ENOSPC from pci_alloc_irq_vectors_affinity() (bsc#1051510). - PCI/PTM: Remove spurious 'd' from granularity message (bsc#1051510). - PCI/switchtec: Fix vep_vector_number ioread width (bsc#1051510). - PCI: Add DMA alias quirk for Intel VCA NTB (bsc#1051510). - PCI: Apply Cavium ACS quirk to ThunderX2 and ThunderX3 (bsc#1051510). - PCI: Do not disable bridge BARs when assigning bus resources (bsc#1051510). - PCI: dwc: Fix find_next_bit() usage (bsc#1051510). - PCI: Fix Intel ACS quirk UPDCR register address (bsc#1051510). - PCI: rcar: Fix missing MACCTLR register setting in initialization sequence (bsc#1051510). - PCI: tegra: Enable Relaxed Ordering only for Tegra20 & Tegra30 (git-fixes). - percpu: Separate decrypted varaibles anytime encryption can be enabled (bsc#1114279). - perf/x86/intel: Fix inaccurate period in context switch for auto-reload (bsc#1164315). - phy: qualcomm: Adjust indentation in read_poll_timeout (bsc#1051510). - pinctrl: qcom: ssbi-gpio: fix gpio-hog related boot issues (bsc#1051510). - pinctrl: sh-pfc: r8a7778: Fix duplicate SDSELF_B and SD1_CLK_B (bsc#1051510). - pinctrl: xway: fix gpio-hog related boot issues (bsc#1051510). - pktcdvd: remove warning on attempting to register non-passthrough dev (bsc#1051510). - platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0 (bsc#1051510). - platform/x86: hp-wmi: Fix ACPI errors caused by passing 0 as input size (bsc#1051510). - platform/x86: hp-wmi: Fix ACPI errors caused by too small buffer (bsc#1051510). - platform/x86: hp-wmi: Make buffer for HPWMI_FEATURE2_QUERY 128 bytes (bsc#1051510). - platform/x86: pmc_atom: Add Siemens CONNECT X300 to critclk_systems DMI table (bsc#1051510). - PM / AVS: SmartReflex: NULL check before some freeing functions is not needed (bsc#1051510). - PM / Domains: Deal with multiple states but no governor in genpd (bsc#1051510). - power: supply: ltc2941-battery-gauge: fix use-after-free (bsc#1051510). - powerpc/archrandom: fix arch_get_random_seed_int() (bsc#1065729). - powerpc/irq: fix stack overflow verification (bsc#1065729). - powerpc/livepatch: return -ERRNO values in save_stack_trace_tsk_reliable() (bsc#1071995 bsc#1161875). - powerpc/mm: drop #ifdef CONFIG_MMU in is_ioremap_addr() (bsc#1065729). - powerpc/mm: Remove kvm radix prefetch workaround for Power9 DD2.2 (bsc#1061840). - powerpc/pkeys: remove unused pkey_allows_readwrite (bsc#1065729). - powerpc/powernv: Disable native PCIe port management (bsc#1065729). - powerpc/pseries/hotplug-memory: Change rc variable to bool (bsc#1065729). - powerpc/pseries/lparcfg: Fix display of Maximum Memory (bsc#1162028 ltc#181740). - powerpc/pseries/mobility: notify network peers after migration (bsc#1152631 ltc#181798). - powerpc/pseries/vio: Fix iommu_table use-after-free refcount warning (bsc#1065729). - powerpc/pseries: Advance pfn if section is not present in lmb_is_removable() (bsc#1065729). - powerpc/pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce for DDW (bsc#1065729). - powerpc/pseries: Drop pointless static qualifier in vpa_debugfs_init() (git-fixes). - powerpc/security: Fix debugfs data leak on 32-bit (bsc#1065729). - powerpc/tm: Fix clearing MSR[TS] in current when reclaiming on signal delivery (bsc#1118338 ltc#173734). - powerpc/tools: Do not quote $objdump in scripts (bsc#1065729). - powerpc/xive: Discard ESB load value when interrupt is invalid (bsc#1085030). - powerpc/xive: Skip ioremap() of ESB pages for LSI interrupts (bsc#1085030). - powerpc/xmon: do not access ASDR in VMs (bsc#1065729). - powerpc: Allow 64bit VDSO __kernel_sync_dicache to work across ranges >4GB (bnc#1151927 5.3.17). - powerpc: Allow flush_icache_range to work across ranges >4GB (bnc#1151927 5.3.17). - powerpc: avoid adjusting memory_limit for capture kernel memory reservation (bsc#1140025 ltc#176086). - powerpc: Fix vDSO clock_getres() (bsc#1065729). - powerpc: reserve memory for capture kernel after hugepages init (bsc#1140025 ltc#176086). - ppp: Adjust indentation into ppp_async_input (git-fixes). - prevent active file list thrashing due to refault detection (VM Performance, bsc#1156286). - printk: Export console_printk (bsc#1071995). - pstore/ram: Write new dumps to start of recycled zones (bsc#1051510). - pwm: Clear chip_data in pwm_put() (bsc#1051510). - pwm: clps711x: Fix period calculation (bsc#1051510). - pwm: omap-dmtimer: Remove PWM chip in .remove before making it unfunctional (git-fixes). - pwm: Remove set but not set variable 'pwm' (git-fixes). - pxa168fb: Fix the function used to release some memory in an error (bsc#1114279) - qede: Disable hardware gro when xdp prog is installed (bsc#1086314 bsc#1086313 bsc#1086301 ). - qede: Fix multicast mac configuration (networking-stable-19_12_28). - qede: fix NULL pointer deref in __qede_remove() (networking-stable-19_11_10). - qmi_wwan: Add support for Quectel RM500Q (bsc#1051510). - quota: Check that quota is not dirty before release (bsc#1163858). - quota: fix livelock in dquot_writeback_dquots (bsc#1163857). - r8152: add missing endpoint sanity check (bsc#1051510). - r8152: get default setting of WOL before initializing (bsc#1051510). - random: move FIPS continuous test to output functions (bsc#1155334). - RDMA/bnxt_re: Avoid freeing MR resources if dereg fails (bsc#1050244). - RDMA/hns: Prevent memory leaks of eq->buf_list (bsc#1104427 ). - regulator: Fix return value of _set_load() stub (bsc#1051510). - regulator: rk808: Lower log level on optional GPIOs being not available (bsc#1051510). - regulator: rn5t618: fix module aliases (bsc#1051510). - regulator: tps65910: fix a missing check of return value (bsc#1051510). - reiserfs: Fix memory leak of journal device string (bsc#1163867). - reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling (bsc#1163869). - reset: fix reset_control_ops kerneldoc comment (bsc#1051510). - resource: fix locking in find_next_iomem_res() (bsc#1114279). - rpm/kabi.pl: support new (>=5.4) Module.symvers format (new symbol namespace field) - rpm/kernel-binary.spec.in: Replace Novell with SUSE - rpm/kernel-subpackage-spec: Exclude kernel-firmware recommends (bsc#1143959) For reducing the dependency on kernel-firmware in sub packages - rpm/kernel-subpackage-spec: Fix empty Recommends tag (bsc#1143959) - rpm/kernel-subpackage-spec: fix kernel-default-base build There were some issues with recent changes to subpackage dependencies handling: - rpm/kernel-subpackage-spec: Unify dependency handling. - rpm/modules.fips: update module list (bsc#1157853) - rsi_91x_usb: fix interface sanity check (git-fixes). - rt2800: remove errornous duplicate condition (git-fixes). - rtc: cmos: Stop using shared IRQ (bsc#1051510). - rtc: dt-binding: abx80x: fix resistance scale (bsc#1051510). - rtc: hym8563: Return -EINVAL if the time is known to be invalid (bsc#1051510). - rtc: max8997: Fix the returned value in case of error in 'max8997_rtc_read_alarm()' (bsc#1051510). - rtc: msm6242: Fix reading of 10-hour digit (bsc#1051510). - rtc: pcf8523: set xtal load capacitance from DT (bsc#1051510). - rtc: s35390a: Change buf's type to u8 in s35390a_init (bsc#1051510). - rtl818x: fix potential use after free (bsc#1051510). - rtl8xxxu: fix interface sanity check (git-fixes). - rtlwifi: Fix MAX MPDU of VHT capability (git-fixes). - rtlwifi: Remove redundant semicolon in wifi.h (git-fixes). - s390/ftrace: generate traced function stack frame (jsc#SLE-11178 jsc#SLE-11179). - s390/ftrace: save traced function caller (jsc#SLE-11179). - s390/ftrace: use HAVE_FUNCTION_GRAPH_RET_ADDR_PTR (jsc#SLE-11179). - s390/head64: correct init_task stack setup (jsc#SLE-11179). - s390/kasan: avoid false positives during stack unwind (jsc#SLE-11179). - s390/kasan: avoid report in get_wchan (jsc#SLE-11179). - s390/livepatch: Implement reliable stack tracing for the consistency model (jsc#SLE-11179). - s390/mm: properly clear _PAGE_NOEXEC bit when it is not supported (bsc#1051510). - s390/process: avoid custom stack unwinding in get_wchan (jsc#SLE-11179). - s390/qeth: clean up page frag creation (git-fixes). - s390/qeth: consolidate skb allocation (git-fixes). - s390/qeth: ensure linear access to packet headers (git-fixes). - s390/qeth: guard against runt packets (git-fixes). - s390/stacktrace: use common arch_stack_walk infrastructure (jsc#SLE-11179). - s390/suspend: fix stack setup in swsusp_arch_suspend (jsc#SLE-11179). - s390/test_unwind: print verbose unwinding results (jsc#SLE-11179). - s390/unwind: add stack pointer alignment sanity checks (jsc#SLE-11179). - s390/unwind: always inline get_stack_pointer (jsc#SLE-11179). - s390/unwind: avoid int overflow in outside_of_stack (jsc#SLE-11179). - s390/unwind: cleanup unused READ_ONCE_TASK_STACK (jsc#SLE-11179). - s390/unwind: correct stack switching during unwind (jsc#SLE-11179). - s390/unwind: drop unnecessary code around calling ftrace_graph_ret_addr() (jsc#SLE-11179). - s390/unwind: filter out unreliable bogus %r14 (jsc#SLE-11179). - s390/unwind: fix get_stack_pointer(NULL, NULL) (jsc#SLE-11179). - s390/unwind: fix mixing regs and sp (jsc#SLE-11179). - s390/unwind: introduce stack unwind API (jsc#SLE-11179). - s390/unwind: make reuse_sp default when unwinding pt_regs (jsc#SLE-11179). - s390/unwind: remove stack recursion warning (jsc#SLE-11179). - s390/unwind: report an error if pt_regs are not on stack (jsc#SLE-11179). - s390/unwind: start unwinding from reliable state (jsc#SLE-11179). - s390/unwind: stop gracefully at task pt_regs (jsc#SLE-11179). - s390/unwind: stop gracefully at user mode pt_regs in irq stack (jsc#SLE-11179). - s390/unwind: unify task is current checks (jsc#SLE-11179). - s390: add stack switch helper (jsc#SLE-11179). - s390: add support for virtually mapped kernel stacks (jsc#SLE-11179). - s390: always inline current_stack_pointer() (jsc#SLE-11179). - s390: always inline disabled_wait (jsc#SLE-11179). - s390: avoid misusing CALL_ON_STACK for task stack setup (jsc#SLE-11179). - s390: clean up stacks setup (jsc#SLE-11179). - s390: correct CALL_ON_STACK back_chain saving (jsc#SLE-11179). - s390: disable preemption when switching to nodat stack with CALL_ON_STACK (jsc#SLE-11179). - s390: fine-tune stack switch helper (jsc#SLE-11179). - s390: fix register clobbering in CALL_ON_STACK (jsc#SLE-11179). - s390: kabi workaround for ftrace_ret_stack (jsc#SLE-11179). - s390: kabi workaround for lowcore changes due to vmap stack (jsc#SLE-11179). - s390: kabi workaround for reliable stack tracing (jsc#SLE-11179). - s390: preserve kabi for stack unwind API (jsc#SLE-11179). - s390: unify stack size definitions (jsc#SLE-11179). - sched/fair: Add tmp_alone_branch assertion (bnc#1156462). - sched/fair: Fix insertion in rq->leaf_cfs_rq_list (bnc#1156462). - sched/fair: Fix O(nr_cgroups) in the load balancing path (bnc#1156462). - sched/fair: Optimize update_blocked_averages() (bnc#1156462). - sched/fair: WARN() and refuse to set buddy when !se->on_rq (bsc#1158132). - scsi: qla2xxx: Add a shadow variable to hold disc_state history of fcport (bsc#1158013). - scsi: qla2xxx: Add D-Port Diagnostic reason explanation logs (bsc#1158013). - scsi: qla2xxx: Added support for MPI and PEP regions for ISP28XX (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548). - scsi: qla2xxx: Cleanup unused async_logout_done (bsc#1158013). - scsi: qla2xxx: Consolidate fabric scan (bsc#1158013). - scsi: qla2xxx: Correct fcport flags handling (bsc#1158013). - scsi: qla2xxx: Correctly retrieve and interpret active flash region (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548). - scsi: qla2xxx: Fix a NULL pointer dereference in an error path (bsc#1157966 bsc#1158013 bsc#1157424). - scsi: qla2xxx: Fix fabric scan hang (bsc#1158013). - scsi: qla2xxx: Fix incorrect SFUB length used for Secure Flash Update MB Cmd (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548). - scsi: qla2xxx: Fix mtcp dump collection failure (bsc#1158013). - scsi: qla2xxx: Fix RIDA Format-2 (bsc#1158013). - scsi: qla2xxx: Fix stuck login session using prli_pend_timer (bsc#1158013). - scsi: qla2xxx: Fix stuck session in GNL (bsc#1158013). - scsi: qla2xxx: Fix the endianness of the qla82xx_get_fw_size() return type (bsc#1158013). - scsi: qla2xxx: Fix unbound NVME response length (bsc#1157966 bsc#1158013 bsc#1157424). - scsi: qla2xxx: Fix update_fcport for current_topology (bsc#1158013). - scsi: qla2xxx: Improve readability of the code that handles qla_flt_header (bsc#1158013). - scsi: qla2xxx: Remove defer flag to indicate immeadiate port loss (bsc#1158013). - scsi: qla2xxx: Update driver version to 10.01.00.22-k (bsc#1158013). - scsi: qla2xxx: Use common routine to free fcport struct (bsc#1158013). - scsi: qla2xxx: Use get_unaligned_*() instead of open-coding these functions (bsc#1158013). - scsi: zfcp: trace channel log even for FCP command responses (git-fixes). - sctp: cache netns in sctp_ep_common (networking-stable-19_12_03). - sctp: fully initialize v4 addr in some functions (networking-stable-19_12_28). - serial: 8250_bcm2835aux: Fix line mismatch on driver unbind (bsc#1051510). - serial: ifx6x60: add missed pm_runtime_disable (bsc#1051510). - serial: max310x: Fix tx_empty() callback (bsc#1051510). - serial: pl011: Fix DMA ->flush_buffer() (bsc#1051510). - serial: serial_core: Perform NULL checks for break_ctl ops (bsc#1051510). - serial: stm32: fix transmit_chars when tx is stopped (bsc#1051510). - sfc: Only cancel the PPS workqueue if it exists (networking-stable-19_11_25). - sh_eth: check sh_eth_cpu_data::dual_port when dumping registers (bsc#1051510). - sh_eth: fix dumping ARSTR (bsc#1051510). - sh_eth: fix invalid context bug while calling auto-negotiation by ethtool (bsc#1051510). - sh_eth: fix invalid context bug while changing link options by ethtool (bsc#1051510). - sh_eth: fix TSU init on SH7734/R8A7740 (bsc#1051510). - sh_eth: fix TXALCR1 offsets (bsc#1051510). - sh_eth: TSU_QTAG0/1 registers the same as TSU_QTAGM0/1 (bsc#1051510). - smb3: Fix crash in SMB2_open_init due to uninitialized field in compounding path (bsc#1144333). - smb3: Fix persistent handles reconnect (bsc#1144333). - smb3: fix refcount underflow warning on unmount when no directory leases (bsc#1144333). - smb3: remove confusing dmesg when mounting with encryption ('seal') (bsc#1144333). - soc/tegra: fuse: Correct straps' address for older Tegra124 device trees (bsc#1051510). - soc: renesas: rcar-sysc: Add goto to of_node_put() before return (bsc#1051510). - soc: ti: wkup_m3_ipc: Fix race condition with rproc_boot (bsc#1051510). - spi: omap2-mcspi: Fix DMA and FIFO event trigger size mismatch (bsc#1051510). - spi: omap2-mcspi: Set FIFO DMA trigger level to word length (bsc#1051510). - spi: tegra114: clear packed bit for unpacked mode (bsc#1051510). - spi: tegra114: configure dma burst size to fifo trig level (bsc#1051510). - spi: tegra114: fix for unpacked mode transfers (bsc#1051510). - spi: tegra114: flush fifos (bsc#1051510). - spi: tegra114: terminate dma and reset on transfer timeout (bsc#1051510). - sr_vendor: support Beurer GL50 evo CD-on-a-chip devices (boo#1164632). - stacktrace: Do not skip first entry on noncurrent tasks (jsc#SLE-11179). - stacktrace: Force USER_DS for stack_trace_save_user() (jsc#SLE-11179). - stacktrace: Get rid of unneeded '!!' pattern (jsc#SLE-11179). - stacktrace: Provide common infrastructure (jsc#SLE-11179). - stacktrace: Provide helpers for common stack trace operations (jsc#SLE-11179). - stacktrace: Unbreak stack_trace_save_tsk_reliable() (jsc#SLE-11179). - stacktrace: Use PF_KTHREAD to check for kernel threads (jsc#SLE-11179). - staging: comedi: adv_pci1710: fix AI channels 16-31 for PCI-1713 (bsc#1051510). - staging: iio: adt7316: Fix i2c data reading, set the data field (bsc#1051510). - staging: rtl8188eu: fix interface sanity check (bsc#1051510). - staging: rtl8192e: fix potential use after free (bsc#1051510). - staging: rtl8723bs: Add 024c:0525 to the list of SDIO device-ids (bsc#1051510). - staging: rtl8723bs: Drop ACPI device ids (bsc#1051510). - staging: vt6656: correct packet types for CTS protect, mode (bsc#1051510). - staging: vt6656: Fix false Tx excessive retries reporting (bsc#1051510). - staging: vt6656: use NULLFUCTION stack on mac80211 (bsc#1051510). - staging: wlan-ng: ensure error return is actually returned (bsc#1051510). - stm class: Fix a double free of stm_source_device (bsc#1051510). - stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock (bsc#1088810, bsc#1161702). - stop_machine: Atomically queue and wake stopper threads (bsc#1088810, bsc#1161702). - stop_machine: Disable preemption after queueing stopper threads (bsc#1088810, bsc#1161702). - stop_machine: Disable preemption when waking two stopper threads (bsc#1088810, bsc#1161702). - supported.conf: - synclink_gt(): fix compat_ioctl() (bsc#1051510). - tcp: clear tp->packets_out when purging write queue (bsc#1160560). - tcp: do not send empty skb from tcp_write_xmit() (networking-stable-20_01_01). - tcp: exit if nothing to retransmit on RTO timeout (bsc#1160560, stable 4.14.159). - tcp: md5: fix potential overestimation of TCP option space (networking-stable-19_12_16). - tcp_nv: fix potential integer overflow in tcpnv_acked (bsc#1051510). - thermal: Fix deadlock in thermal thermal_zone_device_check (bsc#1051510). - tipc: Avoid copying bytes beyond the supplied data (bsc#1051510). - tipc: check bearer name with right length in tipc_nl_compat_bearer_enable (bsc#1051510). - tipc: check link name with right length in tipc_nl_compat_link_set (bsc#1051510). - tipc: check msg->req data len in tipc_nl_compat_bearer_disable (bsc#1051510). - tipc: compat: allow tipc commands without arguments (bsc#1051510). - tipc: fix a missing check of genlmsg_put (bsc#1051510). - tipc: fix link name length check (bsc#1051510). - tipc: fix memory leak in tipc_nl_compat_publ_dump (bsc#1051510). - tipc: fix skb may be leaky in tipc_link_input (bsc#1051510). - tipc: fix tipc_mon_delete() oops in tipc_enable_bearer() error path (bsc#1051510). - tipc: fix wrong timeout input for tipc_wait_for_cond() (bsc#1051510). - tipc: handle the err returned from cmd header function (bsc#1051510). - tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb (bsc#1051510). - tipc: tipc clang warning (bsc#1051510). - tracing: Annotate ftrace_graph_hash pointer with __rcu (git-fixes). - tracing: Annotate ftrace_graph_notrace_hash pointer with __rcu (git-fixes). - tracing: Cleanup stack trace code (jsc#SLE-11179). - tracing: Fix tracing_stat return values in error handling paths (git-fixes). - tracing: Fix very unlikely race of registering two stat tracers (git-fixes). - tracing: Have the histogram compare functions convert to u64 first (bsc#1160210). - tracing: xen: Ordered comparison of function pointers (git-fixes). - tty/serial: atmel: Add is_half_duplex helper (bsc#1051510). - tty: n_hdlc: fix build on SPARC (bsc#1051510). - tty: serial: fsl_lpuart: use the sg count from dma_map_sg (bsc#1051510). - tty: serial: imx: use the sg count from dma_map_sg (bsc#1051510). - tty: serial: msm_serial: Fix flow control (bsc#1051510). - tty: serial: msm_serial: Fix lockup for sysrq and oops (bsc#1051510). - tty: serial: pch_uart: correct usage of dma_unmap_sg (bsc#1051510). - tty: vt: keyboard: reject invalid keycodes (bsc#1051510). - uaccess: Add non-pagefault user-space write function (bsc#1083647). - ubifs: Correctly initialize c->min_log_bytes (bsc#1158641). - ubifs: do not trigger assertion on invalid no-key filename (bsc#1163850). - ubifs: Fix deadlock in concurrent bulk-read and writepage (bsc#1163856). - ubifs: Fix FS_IOC_SETFLAGS unexpectedly clearing encrypt flag (bsc#1163855). - ubifs: Limit the number of pages in shrink_liability (bsc#1158643). - ubifs: Reject unsupported ioctl flags explicitly (bsc#1163844). - udp: fix integer overflow while computing available space in sk_rcvbuf (networking-stable-20_01_01). - usb-storage: Disable UAS on JMicron SATA enclosure (bsc#1051510). - usb: adutux: fix interface sanity check (bsc#1051510). - usb: Allow USB device to be warm reset in suspended state (bsc#1051510). - usb: atm: ueagle-atm: add missing endpoint check (bsc#1051510). - usb: chipidea: host: Disable port power only if previously enabled (bsc#1051510). - usb: core: fix check for duplicate endpoints (git-fixes). - usb: core: hub: Improved device recognition on remote wakeup (bsc#1051510). - usb: core: urb: fix URB structure initialization function (bsc#1051510). - usb: documentation: flags on usb-storage versus UAS (bsc#1051510). - usb: dwc3: debugfs: Properly print/set link state for HS (bsc#1051510). - usb: dwc3: do not log probe deferrals; but do log other error codes (bsc#1051510). - usb: dwc3: ep0: Clear started flag on completion (bsc#1051510). - usb: dwc3: turn off VBUS when leaving host mode (bsc#1051510). - usb: EHCI: Do not return -EPIPE when hub is disconnected (git-fixes). - usb: gadget: f_ecm: Use atomic_t to track in-flight request (bsc#1051510). - usb: gadget: f_ncm: Use atomic_t to track in-flight request (bsc#1051510). - usb: gadget: legacy: set max_speed to super-speed (bsc#1051510). - usb: gadget: pch_udc: fix use after free (bsc#1051510). - usb: gadget: u_serial: add missing port entry locking (bsc#1051510). - usb: gadget: Zero ffs_io_data (bsc#1051510). - usb: host: xhci-hub: fix extra endianness conversion (bsc#1051510). - usb: idmouse: fix interface sanity checks (bsc#1051510). - usb: misc: appledisplay: fix backlight update_status return code (bsc#1051510). - usb: mon: Fix a deadlock in usbmon between mmap and read (bsc#1051510). - usb: mtu3: fix dbginfo in qmu_tx_zlp_error_handler (bsc#1051510). - usb: musb: dma: Correct parameter passed to IRQ handler (bsc#1051510). - usb: musb: fix idling for suspend after disconnect interrupt (bsc#1051510). - usb: serial: ch341: handle unbound port at reset_resume (bsc#1051510). - usb: serial: ftdi_sio: add device IDs for U-Blox C099-F9P (bsc#1051510). - usb: serial: io_edgeport: add missing active-port sanity check (bsc#1051510). - usb: serial: io_edgeport: fix epic endpoint lookup (bsc#1051510). - usb: serial: io_edgeport: handle unbound ports on URB completion (bsc#1051510). - usb: serial: io_edgeport: use irqsave() in USB's complete callback (bsc#1051510). - usb: serial: ir-usb: add missing endpoint sanity check (bsc#1051510). - usb: serial: ir-usb: fix IrLAP framing (bsc#1051510). - usb: serial: ir-usb: fix link-speed handling (bsc#1051510). - usb: serial: keyspan: handle unbound ports (bsc#1051510). - usb: serial: opticon: fix control-message timeouts (bsc#1051510). - usb: serial: option: Add support for Quectel RM500Q (bsc#1051510). - usb: serial: option: add support for Quectel RM500Q in QDL mode (git-fixes). - usb: serial: option: add Telit ME910G1 0x110a composition (git-fixes). - usb: serial: option: add ZLP support for 0x1bc7/0x9010 (git-fixes). - usb: serial: quatech2: handle unbound ports (bsc#1051510). - usb: serial: simple: Add Motorola Solutions TETRA MTP3xxx and MTP85xx (bsc#1051510). - usb: serial: suppress driver bind attributes (bsc#1051510). - usb: typec: tcpci: mask event interrupts when remove driver (bsc#1051510). - usb: uas: heed CAPACITY_HEURISTICS (bsc#1051510). - usb: uas: honor flag to avoid CAPACITY16 (bsc#1051510). - usb: xhci: Fix build warning seen with CONFIG_PM=n (bsc#1051510). - usb: xhci: only set D3hot for pci device (bsc#1051510). - usbip: Fix error path of vhci_recv_ret_submit() (git-fixes). - usbip: Fix receive error in vhci-hcd when using scatter-gather (bsc#1051510). - vfs: fix preadv64v2 and pwritev64v2 compat syscalls with offset == -1 (bsc#1051510). - vhost/vsock: accept only packets with the right dst_cid (networking-stable-20_01_01). - video: backlight: Add devres versions of of_find_backlight (bsc#1090888) Taken for 6010831dde5. - video: backlight: Add of_find_backlight helper in backlight.c (bsc#1090888) Taken for 6010831dde5. - vsock/virtio: fix sock refcnt holding during the shutdown (git-fixes). - watchdog: max77620_wdt: fix potential build errors (bsc#1051510). - watchdog: rn5t618_wdt: fix module aliases (bsc#1051510). - watchdog: sama5d4: fix WDD value to be always set to max (bsc#1051510). - watchdog: wdat_wdt: fix get_timeleft call for wdat_wdt (bsc#1162557). - wireless: fix enabling channel 12 for custom regulatory domain (bsc#1051510). - wireless: wext: avoid gcc -O3 warning (bsc#1051510). - workqueue: Fix pwq ref leak in rescuer_thread() (bsc#1160211). - x86/cpu: Update cached HLE state on write to TSX_CTRL_CPUID_CLEAR (bsc#1162619). - x86/intel_rdt: Split resource group removal in two (bsc#1112178). - x86/kgbd: Use NMI_VECTOR not APIC_DM_NMI (bsc#1114279). - x86/mce/AMD: Allow any CPU to initialize the smca_banks array (bsc#1114279). - x86/MCE/AMD: Allow Reserved types to be overwritten in smca_banks (bsc#1114279). - x86/MCE/AMD: Do not use rdmsr_safe_on_cpu() in smca_configure() (bsc#1114279). - x86/mce: Fix possibly incorrect severity calculation on AMD (bsc#1114279). - x86/resctrl: Check monitoring static key in the MBM overflow handler (bsc#1114279). - x86/resctrl: Fix a deadlock due to inaccurate reference (bsc#1112178). - x86/resctrl: Fix an imbalance in domain_remove_cpu() (bsc#1114279). - x86/resctrl: Fix potential memory leak (bsc#1114279). - x86/resctrl: Fix use-after-free due to inaccurate refcount of rdtgroup (bsc#1112178). - x86/resctrl: Fix use-after-free when deleting resource groups (bsc#1114279). - x86/speculation: Fix incorrect MDS/TAA mitigation status (bsc#1114279). - x86/speculation: Fix redundant MDS mitigation message (bsc#1114279). - xen-blkfront: switch kcalloc to kvcalloc for large array allocation (bsc#1160917). - xen/balloon: Support xend-based toolstack take two (bsc#1065600). - xen/blkback: Avoid unmapping unmapped grant pages (bsc#1065600). - xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk (bsc#1065600). - xen: Enable interrupts when calling _cond_resched() (bsc#1065600). - xfrm: Fix transport mode skb control buffer usage (bsc#1161552). - xfs: Fix tail rounding in xfs_alloc_file_space() (bsc#1161087, bsc#1153917). - xfs: Sanity check flags of Q_XQUOTARM call (bsc#1158652). - xhci: Fix memory leak in xhci_add_in_port() (bsc#1051510). - xhci: fix USB3 device initiated resume race with roothub autosuspend (bsc#1051510). - xhci: handle some XHCI_TRUST_TX_LENGTH quirks cases as default behaviour (bsc#1051510). - xhci: Increase STS_HALT timeout in xhci_suspend() (bsc#1051510). - xhci: make sure interrupts are restored to correct state (bsc#1051510). - zd1211rw: fix storage endpoint lookup (git-fixes). Important SUSE bug 1046303 SUSE bug 1050244 SUSE bug 1051510 SUSE bug 1051858 SUSE bug 1061840 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1083647 SUSE bug 1085030 SUSE bug 1086301 SUSE bug 1086313 SUSE bug 1086314 SUSE bug 1088810 SUSE bug 1090888 SUSE bug 1104427 SUSE bug 1105392 SUSE bug 1111666 SUSE bug 1112178 SUSE bug 1112504 SUSE bug 1114279 SUSE bug 1115026 SUSE bug 1118338 SUSE bug 1120853 SUSE bug 1123328 SUSE bug 1127371 SUSE bug 1133021 SUSE bug 1133147 SUSE bug 1134973 SUSE bug 1140025 SUSE bug 1141054 SUSE bug 1142095 SUSE bug 1143959 SUSE bug 1144333 SUSE bug 1146519 SUSE bug 1146544 SUSE bug 1151548 SUSE bug 1151910 SUSE bug 1151927 SUSE bug 1152631 SUSE bug 1153917 SUSE bug 1154243 SUSE bug 1155331 SUSE bug 1155334 SUSE bug 1155689 SUSE bug 1156259 SUSE bug 1156286 SUSE bug 1156462 SUSE bug 1157155 SUSE bug 1157157 SUSE bug 1157169 SUSE bug 1157303 SUSE bug 1157424 SUSE bug 1157692 SUSE bug 1157853 SUSE bug 1157908 SUSE bug 1157966 SUSE bug 1158013 SUSE bug 1158021 SUSE bug 1158026 SUSE bug 1158094 SUSE bug 1158132 SUSE bug 1158381 SUSE bug 1158394 SUSE bug 1158398 SUSE bug 1158407 SUSE bug 1158410 SUSE bug 1158413 SUSE bug 1158417 SUSE bug 1158427 SUSE bug 1158445 SUSE bug 1158533 SUSE bug 1158637 SUSE bug 1158638 SUSE bug 1158639 SUSE bug 1158640 SUSE bug 1158641 SUSE bug 1158643 SUSE bug 1158644 SUSE bug 1158645 SUSE bug 1158646 SUSE bug 1158647 SUSE bug 1158649 SUSE bug 1158651 SUSE bug 1158652 SUSE bug 1158819 SUSE bug 1158823 SUSE bug 1158824 SUSE bug 1158827 SUSE bug 1158834 SUSE bug 1158893 SUSE bug 1158900 SUSE bug 1158903 SUSE bug 1158904 SUSE bug 1158954 SUSE bug 1159024 SUSE bug 1159028 SUSE bug 1159271 SUSE bug 1159297 SUSE bug 1159394 SUSE bug 1159483 SUSE bug 1159484 SUSE bug 1159569 SUSE bug 1159588 SUSE bug 1159841 SUSE bug 1159908 SUSE bug 1159909 SUSE bug 1159910 SUSE bug 1159911 SUSE bug 1159955 SUSE bug 1160195 SUSE bug 1160210 SUSE bug 1160211 SUSE bug 1160218 SUSE bug 1160433 SUSE bug 1160442 SUSE bug 1160476 SUSE bug 1160560 SUSE bug 1160755 SUSE bug 1160756 SUSE bug 1160784 SUSE bug 1160787 SUSE bug 1160802 SUSE bug 1160803 SUSE bug 1160804 SUSE bug 1160917 SUSE bug 1160966 SUSE bug 1160979 SUSE bug 1161087 SUSE bug 1161360 SUSE bug 1161514 SUSE bug 1161518 SUSE bug 1161522 SUSE bug 1161523 SUSE bug 1161549 SUSE bug 1161552 SUSE bug 1161674 SUSE bug 1161702 SUSE bug 1161875 SUSE bug 1161907 SUSE bug 1161931 SUSE bug 1161933 SUSE bug 1161934 SUSE bug 1161935 SUSE bug 1161936 SUSE bug 1161937 SUSE bug 1162028 SUSE bug 1162067 SUSE bug 1162109 SUSE bug 1162139 SUSE bug 1162557 SUSE bug 1162617 SUSE bug 1162618 SUSE bug 1162619 SUSE bug 1162623 SUSE bug 1162928 SUSE bug 1162943 SUSE bug 1163383 SUSE bug 1163384 SUSE bug 1163762 SUSE bug 1163774 SUSE bug 1163836 SUSE bug 1163840 SUSE bug 1163841 SUSE bug 1163842 SUSE bug 1163843 SUSE bug 1163844 SUSE bug 1163845 SUSE bug 1163846 SUSE bug 1163849 SUSE bug 1163850 SUSE bug 1163851 SUSE bug 1163852 SUSE bug 1163853 SUSE bug 1163855 SUSE bug 1163856 SUSE bug 1163857 SUSE bug 1163858 SUSE bug 1163859 SUSE bug 1163860 SUSE bug 1163861 SUSE bug 1163862 SUSE bug 1163863 SUSE bug 1163867 SUSE bug 1163869 SUSE bug 1163880 SUSE bug 1163971 SUSE bug 1164069 SUSE bug 1164098 SUSE bug 1164115 SUSE bug 1164314 SUSE bug 1164315 SUSE bug 1164388 SUSE bug 1164471 SUSE bug 1164632 SUSE bug 1164705 SUSE bug 1164712 SUSE bug 1164727 SUSE bug 1164728 SUSE bug 1164729 SUSE bug 1164730 SUSE bug 1164731 SUSE bug 1164732 SUSE bug 1164733 SUSE bug 1164734 SUSE bug 1164735 CVE-2019-14615 CVE-2019-14896 CVE-2019-14897 CVE-2019-15213 CVE-2019-16994 CVE-2019-18808 CVE-2019-19036 CVE-2019-19045 CVE-2019-19051 CVE-2019-19054 CVE-2019-19066 CVE-2019-19318 CVE-2019-19319 CVE-2019-19332 CVE-2019-19338 CVE-2019-19447 CVE-2019-19523 CVE-2019-19524 CVE-2019-19525 CVE-2019-19526 CVE-2019-19527 CVE-2019-19528 CVE-2019-19529 CVE-2019-19530 CVE-2019-19531 CVE-2019-19532 CVE-2019-19533 CVE-2019-19534 CVE-2019-19535 CVE-2019-19536 CVE-2019-19537 CVE-2019-19543 CVE-2019-19767 CVE-2019-19965 CVE-2019-19966 CVE-2019-20054 CVE-2019-20095 CVE-2019-20096 CVE-2020-2732 CVE-2020-7053 CVE-2020-8428 CVE-2020-8648 CVE-2020-8992 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for gimp fixes the following issues: - Fix for crashing due to segmentation fault caused by importing ghostscript files. (bsc#1161998) Security issues fixed: - CVE-2017-17785: Fixed an heap-based buffer overflow in FLI import (bsc#1073625) - CVE-2017-17786: Fixed an out-of-bounds read in TGA (bsc#1073626) - CVE-2017-17788: Fixed an out-of-bounds read in XCF (bsc#1073629) Moderate SUSE bug 1073625 SUSE bug 1073626 SUSE bug 1073629 SUSE bug 1161998 CVE-2017-17785 CVE-2017-17786 CVE-2017-17788 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for librsvg to version 2.40.21 fixes the following issues: librsvg was updated to version 2.40.21 fixing the following issues: - CVE-2019-20446: Fixed an issue where a crafted SVG file with nested patterns can cause denial of service (bsc#1162501). NOTE: Librsvg now has limits on the number of loaded XML elements, and the number of referenced elements within an SVG document. - Fixed a stack exhaustion with circular references in <use> elements. - Fixed a denial-of-service condition from exponential explosion of rendered elements, through nested use of SVG 'use' elements in malicious SVGs. Moderate SUSE bug 1162501 CVE-2019-20446 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for gd fixes the following issues: - CVE-2017-7890: Fixed a buffer over-read into uninitialized memory (bsc#1050241). - CVE-2018-14553: Fixed a null pointer dereference in gdImageClone() (bsc#1165471). - CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm() (bsc#1140120). Moderate SUSE bug 1050241 SUSE bug 1140120 SUSE bug 1165471 CVE-2017-7890 CVE-2018-14553 CVE-2019-11038 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for php72 fixes the following issues: - CVE-2020-7062: Fixed a null pointer dereference when using file upload functionality under specific circumstances (bsc#1165280). - CVE-2020-7063: Fixed an issue where adding files change the permissions to default (bsc#1165289). Moderate SUSE bug 1165280 SUSE bug 1165289 CVE-2020-7062 CVE-2020-7063 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for php5 fixes the following issues: - CVE-2020-7062: Fixed a null pointer dereference when using file upload functionality under specific circumstances (bsc#1165280). - CVE-2020-7063: Fixed an issue where adding files change the permissions to default (bsc#1165289). Moderate SUSE bug 1165280 SUSE bug 1165289 CVE-2020-7062 CVE-2020-7063 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 68.4.1 ESR * Fixed: Security fix MFSA 2020-03 (bsc#1160498) * CVE-2019-17026 (bmo#1607443) IonMonkey type confusion with StoreElementHole and FallibleStoreElement - Firefox Extended Support Release 68.4.0 ESR * Fixed: Various security fixes MFSA 2020-02 (bsc#1160305) * CVE-2019-17015 (bmo#1599005) Memory corruption in parent process during new content process initialization on Windows * CVE-2019-17016 (bmo#1599181) Bypass of @namespace CSS sanitization during pasting * CVE-2019-17017 (bmo#1603055) Type Confusion in XPCVariant.cpp * CVE-2019-17021 (bmo#1599008) Heap address disclosure in parent process during content process initialization on Windows * CVE-2019-17022 (bmo#1602843) CSS sanitization does not escape HTML tags * CVE-2019-17024 (bmo#1507180, bmo#1595470, bmo#1598605, bmo#1601826) Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 Important SUSE bug 1160305 SUSE bug 1160498 CVE-2019-17015 CVE-2019-17016 CVE-2019-17017 CVE-2019-17021 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for postgresql10 fixes the following issues: PostgreSQL was updated to version 10.12. Security issue fixed: - CVE-2020-1720: Fixed a missing authorization check in the ALTER ... DEPENDS ON extension (bsc#1163985). Low SUSE bug 1163985 CVE-2020-1720 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for MozillaFirefox fixes the following issues: MozillaFirefox was updated to 68.6.0 ESR (MFSA 2020-09 bsc#1132665 bsc#1166238) - CVE-2020-6805: Fixed a use-after-free when removing data about origins - CVE-2020-6806: Fixed improper protections against state confusion - CVE-2020-6807: Fixed a use-after-free in cubeb during stream destruction - CVE-2020-6811: Fixed an issue where copy as cURL' feature did not fully escape website-controlled data potentially leading to command injection - CVE-2019-20503: Fixed out of bounds reads in sctp_load_addresses_from_init - CVE-2020-6812: Fixed an issue where the names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission - CVE-2020-6814: Fixed multiple memory safety bugs - Fixed an issue with minimizing a window (bsc#1132665). Important SUSE bug 1132665 SUSE bug 1166238 CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libzypp fixes the following issues: Security issue fixed: - CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763). Moderate SUSE bug 1158763 CVE-2019-18900 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for glibc fixes the following issues: - CVE-2020-1752: Fixed a use after free in glob which could have allowed a local attacker to create a specially crafted path that, when processed by the glob function, could potentially have led to arbitrary code execution (bsc#1167631). - CVE-2020-1751: Fixed an array overflow in backtrace for PowerPC (bsc#1158996). - CVE-2020-10029: Fixed a stack buffer overflow during range reduction (bsc#1165784). - Use 'posix_spawn' on popen preventing crash caused by 'subprocess'. (bsc#1149332, BZ #22834) - Fix handling of needles crossing a page, preventing incorrect results to return during the cross page boundary search. (bsc#1157893, BZ #25226) Important SUSE bug 1149332 SUSE bug 1157893 SUSE bug 1158996 SUSE bug 1165784 SUSE bug 1167631 CVE-2020-10029 CVE-2020-1751 CVE-2020-1752 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for memcached fixes the following issues: Security issue fixed: - CVE-2019-11596: Fixed a NULL pointer dereference in process_lru_command (bsc#1133817). - CVE-2019-15026: Fixed a stack-based buffer over-read (bsc#1149110). Moderate SUSE bug 1133817 SUSE bug 1149110 CVE-2019-11596 CVE-2019-15026 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for python3 fixes the following issue: - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen(). Now an InvalidURL exception is raised (bsc#1155094). - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825). - CVE-2020-8492: Fixed a regular expression in urllib that was prone to denial of service via HTTP (bsc#1162367). - Fixed an issue with version missmatch (bsc#1162224). - Rename idle icons to idle3 in order to not conflict with python2 variant of the package. (bsc#1165894) Moderate SUSE bug 1155094 SUSE bug 1162224 SUSE bug 1162367 SUSE bug 1162825 SUSE bug 1165894 CVE-2019-18348 CVE-2019-9674 CVE-2020-8492 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for exiv2 fixes the following issues: - CVE-2018-17581: Fixed an excessive stack consumption in CiffDirectory:readDirectory() which might have led to denial of service (bsc#1110282). - CVE-2019-13110: Fixed an integer overflow and an out of bounds read in CiffDirectory:readDirectory which might have led to denial of service (bsc#1142678). - CVE-2019-13113: Fixed a potential denial of service via an invalid data location in a CRW image (bsc#1142683). - CVE-2019-17402: Fixed an improper validation of the relationship of the total size to the offset and size in Exiv2::getULong (bsc#1153577). - CVE-2019-20421: Fixed an infinite loop triggered via an input file (bsc#1161901). - CVE-2017-9239: Fixed a segmentation fault in TiffImageEntry::doWriteImage function (bsc#1040973). Moderate SUSE bug 1040973 SUSE bug 1110282 SUSE bug 1142678 SUSE bug 1142683 SUSE bug 1153577 SUSE bug 1161901 CVE-2017-9239 CVE-2018-17581 CVE-2019-13110 CVE-2019-13113 CVE-2019-17402 CVE-2019-20421 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.47.1: Security issues fixed: - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). - CVE-2019-11745: EncryptUpdate should use maxout, not block size (bsc#1158527). - CVE-2019-11727: Fixed vulnerability sign CertificateVerify with PKCS#1 v1.5 signatures issue (bsc#1141322). mozilla-nspr was updated to version 4.23: - Whitespace in C files was cleaned up and no longer uses tab characters for indenting. Moderate SUSE bug 1141322 SUSE bug 1158527 SUSE bug 1159819 CVE-2019-11745 CVE-2019-17006 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libpng12 fixes the following issues: Security issue fixed: - CVE-2017-12652: Fixed an Input Validation Error related to the length of chunks (bsc#1141493). Moderate SUSE bug 1141493 CVE-2017-12652 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for libxslt fixes the following issue: - CVE-2019-18197: Fixed a dangling pointer in xsltCopyText which may have led to information disclosure (bsc#1154609). Moderate SUSE bug 1154609 CVE-2019-18197 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for MozillaFirefox fixes the following issues: - Mozilla Firefox 68.6.1esr MFSA 2020-11 (bsc#1168630) * CVE-2020-6819 (bmo#1620818) Use-after-free while running the nsDocShell destructor * CVE-2020-6820 (bmo#1626728) Use-after-free when handling a ReadableStream Important SUSE bug 1168630 CVE-2020-6819 CVE-2020-6820 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for ceph fixes the following issues: - CVE-2020-1760: Fixed XSS due to RGW GetObject header-splitting (bsc#1166484). Important SUSE bug 1166484 CVE-2020-1760 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for djvulibre fixes the following issues: - CVE-2019-18804: Fixed a null pointer dereference (bsc#1156188). Low SUSE bug 1156188 CVE-2019-18804 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for MozillaFirefox to version 68.7.0 ESR fixes the following issues: - CVE-2020-6821: Uninitialized memory could be read when using the WebGL copyTexSubImage method (bsc#1168874). - CVE-2020-6822: Fixed out of bounds write in GMPDecodeData when processing large images (bsc#1168874). - CVE-2020-6825: Fixed Memory safety bugs (bsc#1168874). - CVE-2020-6827: Custom Tabs could have the URI spoofed (bsc#1168874). - CVE-2020-6828: Preference overwrite via crafted Intent (bsc#1168874). Important SUSE bug 1168874 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825 CVE-2020-6827 CVE-2020-6828 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for openssl-1_1 fixes the following issues: Security issue fixed: - CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). - CVE-2019-1563: Fixed bleichenbacher attack against cms/pkcs7 encryptioon transported key (bsc#1150250). - CVE-2019-1551: Fixed integer overflow in RSAZ modular exponentiation on x86_64 (bsc#1158809). - CVE-2019-1549: Fixed fork problem with random generator (bsc#1150247). - CVE-2019-1547: Fixed EC_GROUP_set_generator side channel attack avoidance (bsc#1150003). Bug fixes: - Ship the openssl 1.1.1 binary as openssl-1_1, and make it installable in parallel with the system openssl (bsc#1140277). - Update to 1.1.1d (bsc#1133925, jsc#SLE-6430). Moderate SUSE bug 1133925 SUSE bug 1140277 SUSE bug 1150003 SUSE bug 1150247 SUSE bug 1150250 SUSE bug 1158809 CVE-2019-1547 CVE-2019-1549 CVE-2019-1551 CVE-2019-1563 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 This update for git fixes the following issues: Security issue fixed: - CVE-2020-5260: With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host (bsc#1168930). Non-security issue fixed: git was updated to 2.26.0 for SHA256 support (bsc#1167890, jsc#SLE-11608): - the xinetd snippet was removed - the System V init script for the git-daemon was replaced by a systemd service file of the same name. git 2.26.0: * 'git rebase' now uses a different backend that is based on the 'merge' machinery by default. The 'rebase.backend' configuration variable reverts to old behaviour when set to 'apply' * Improved handling of sparse checkouts * Improvements to many commands and internal features git 2.25.1: * 'git commit' now honors advise.statusHints * various updates, bug fixes and documentation updates git 2.25.0: * The branch description ('git branch --edit-description') has been used to fill the body of the cover letters by the format-patch command; this has been enhanced so that the subject can also be filled. * A few commands learned to take the pathspec from the standard input or a named file, instead of taking it as the command line arguments, with the '--pathspec-from-file' option. * Test updates to prepare for SHA-2 transition continues. * Redo 'git name-rev' to avoid recursive calls. * When all files from some subdirectory were renamed to the root directory, the directory rename heuristics would fail to detect that as a rename/merge of the subdirectory to the root directory, which has been corrected. * HTTP transport had possible allocator/deallocator mismatch, which has been corrected. git 2.24.1: * CVE-2019-1348: The --export-marks option of fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths (bsc#1158785) * CVE-2019-1349: on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice (bsc#1158787) * CVE-2019-1350: Incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs (bsc#1158788) * CVE-2019-1351: on Windows mistakes drive letters outside of the US-English alphabet as relative paths (bsc#1158789) * CVE-2019-1352: on Windows was unaware of NTFS Alternate Data Streams (bsc#1158790) * CVE-2019-1353: when run in the Windows Subsystem for Linux while accessing a working directory on a regular Windows drive, none of the NTFS protections were active (bsc#1158791) * CVE-2019-1354: on Windows refuses to write tracked files with filenames that contain backslashes (bsc#1158792) * CVE-2019-1387: Recursive clones vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones (bsc#1158793) * CVE-2019-19604: a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that (bsc#1158795) - Fix building with asciidoctor and without DocBook4 stylesheets. git 2.24.0 * The command line parser learned '--end-of-options' notation. * A mechanism to affect the default setting for a (related) group of configuration variables is introduced. * 'git fetch' learned '--set-upstream' option to help those who first clone from their private fork they intend to push to, add the true upstream via 'git remote add' and then 'git fetch' from it. * fixes and improvements to UI, workflow and features, bash completion fixes * part of it merged upstream * the Makefile attempted to download some documentation, banned git 2.23.0: * The '--base' option of 'format-patch' computed the patch-ids for prerequisite patches in an unstable way, which has been updated to compute in a way that is compatible with 'git patch-id --stable'. * The 'git log' command by default behaves as if the --mailmap option was given. * fixes and improvements to UI, workflow and features git 2.22.1: * A relative pathname given to 'git init --template=<path> <repo>' ought to be relative to the directory 'git init' gets invoked in, but it instead was made relative to the repository, which has been corrected. * 'git worktree add' used to fail when another worktree connected to the same repository was corrupt, which has been corrected. * 'git am -i --resolved' segfaulted after trying to see a commit as if it were a tree, which has been corrected. * 'git merge --squash' is designed to update the working tree and the index without creating the commit, and this cannot be countermanded by adding the '--commit' option; the command now refuses to work when both options are given. * Update to Unicode 12.1 width table. * 'git request-pull' learned to warn when the ref we ask them to pull from in the local repository and in the published repository are different. * 'git fetch' into a lazy clone forgot to fetch base objects that are necessary to complete delta in a thin packfile, which has been corrected. * The URL decoding code has been updated to avoid going past the end of the string while parsing %-<hex>-<hex> sequence. * 'git clean' silently skipped a path when it cannot lstat() it; now it gives a warning. * 'git rm' to resolve a conflicted path leaked an internal message 'needs merge' before actually removing the path, which was confusing. This has been corrected. * Many more bugfixes and code cleanups. - removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by firewalld, see [1]. [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html git 2.22.0: * The filter specification '--filter=sparse:path=<path>' used to create a lazy/partial clone has been removed. Using a blob that is part of the project as sparse specification is still supported with the '--filter=sparse:oid=<blob>' option * 'git checkout --no-overlay' can be used to trigger a new mode of checking out paths out of the tree-ish, that allows paths that match the pathspec that are in the current index and working tree and are not in the tree-ish. * Four new configuration variables {author,committer}.{name,email} have been introduced to override user.{name,email} in more specific cases. * 'git branch' learned a new subcommand '--show-current'. * The command line completion (in contrib/) has been taught to complete more subcommand parameters. * The completion helper code now pays attention to repository-local configuration (when available), which allows --list-cmds to honour a repository specific setting of completion.commands, for example. * The list of conflicted paths shown in the editor while concluding a conflicted merge was shown above the scissors line when the clean-up mode is set to 'scissors', even though it was commented out just like the list of updated paths and other information to help the user explain the merge better. * 'git rebase' that was reimplemented in C did not set ORIG_HEAD correctly, which has been corrected. * 'git worktree add' used to do a 'find an available name with stat and then mkdir', which is race-prone. This has been fixed by using mkdir and reacting to EEXIST in a loop. - update git-web AppArmor profile for bash and tar usrMerge (bsc#1132350) git 2.21.0: * Historically, the '-m' (mainline) option can only be used for 'git cherry-pick' and 'git revert' when working with a merge commit. This version of Git no longer warns or errors out when working with a single-parent commit, as long as the argument to the '-m' option is 1 (i.e. it has only one parent, and the request is to pick or revert relative to that first parent). Scripts that relied on the behaviour may get broken with this change. * Small fixes and features for fast-export and fast-import. * The 'http.version' configuration variable can be used with recent enough versions of cURL library to force the version of HTTP used to talk when fetching and pushing. * 'git push $there $src:$dst' rejects when $dst is not a fully qualified refname and it is not clear what the end user meant. * Update 'git multimail' from the upstream. * A new date format '--date=human' that morphs its output depending on how far the time is from the current time has been introduced. '--date=auto:human' can be used to use this new format (or any existing format) when the output is going to the pager or to the terminal, and otherwise the default format. - Fix worktree creation race (bsc#1114225). git 2.20.1: * portability fixes * 'git help -a' did not work well when an overly long alias was defined * no longer squelched an error message when the run_command API failed to run a missing command git 2.20.0: * 'git help -a' now gives verbose output (same as 'git help -av'). Those who want the old output may say 'git help --no-verbose -a'.. * 'git send-email' learned to grab address-looking string on any trailer whose name ends with '-by'. * 'git format-patch' learned new '--interdiff' and '--range-diff' options to explain the difference between this version and the previous attempt in the cover letter (or after the three-dashes as a comment). * Developer builds now use -Wunused-function compilation option. * Fix a bug in which the same path could be registered under multiple worktree entries if the path was missing (for instance, was removed manually). Also, as a convenience, expand the number of cases in which --force is applicable. * The overly large Documentation/config.txt file have been split into million little pieces. This potentially allows each individual piece to be included into the manual page of the command it affects more easily. * Malformed or crafted data in packstream can make our code attempt to read or write past the allocated buffer and abort, instead of reporting an error, which has been fixed. * Fix for a long-standing bug that leaves the index file corrupt when it shrinks during a partial commit. * 'git merge' and 'git pull' that merges into an unborn branch used to completely ignore '--verify-signatures', which has been corrected. * ...and much more features and fixes - fix CVE-2018-19486 (bsc#1117257) git 2.19.2: * various bug fixes for multiple subcommands and operations git 2.19.1: * CVE-2018-17456: Specially crafted .gitmodules files may have allowed arbitrary code execution when the repository is cloned with --recurse-submodules (bsc#1110949) git 2.19.0: * 'git diff' compares the index and the working tree. For paths added with intent-to-add bit, the command shows the full contents of them as added, but the paths themselves were not marked as new files. They are now shown as new by default. * 'git apply' learned the '--intent-to-add' option so that an otherwise working-tree-only application of a patch will add new paths to the index marked with the 'intent-to-add' bit. * 'git grep' learned the '--column' option that gives not just the line number but the column number of the hit. * The '-l' option in 'git branch -l' is an unfortunate short-hand for '--create-reflog', but many users, both old and new, somehow expect it to be something else, perhaps '--list'. This step warns when '-l' is used as a short-hand for '--create-reflog' and warns about the future repurposing of the it when it is used. * The userdiff pattern for .php has been updated. * The content-transfer-encoding of the message 'git send-email' sends out by default was 8bit, which can cause trouble when there is an overlong line to bust RFC 5322/2822 limit. A new option 'auto' to automatically switch to quoted-printable when there is such a line in the payload has been introduced and is made the default. * 'git checkout' and 'git worktree add' learned to honor checkout.defaultRemote when auto-vivifying a local branch out of a remote tracking branch in a repository with multiple remotes that have tracking branches that share the same names. (merge 8d7b558bae ab/checkout-default-remote later to maint). * 'git grep' learned the '--only-matching' option. * 'git rebase --rebase-merges' mode now handles octopus merges as well. * Add a server-side knob to skip commits in exponential/fibbonacci stride in an attempt to cover wider swath of history with a smaller number of iterations, potentially accepting a larger packfile transfer, instead of going back one commit a time during common ancestor discovery during the 'git fetch' transaction. (merge 42cc7485a2 jt/fetch-negotiator-skipping later to maint). * A new configuration variable core.usereplacerefs has been added, primarily to help server installations that want to ignore the replace mechanism altogether. * Teach 'git tag -s' etc. a few configuration variables (gpg.format that can be set to 'openpgp' or 'x509', and gpg.<format>.program that is used to specify what program to use to deal with the format) to allow x.509 certs with CMS via 'gpgsm' to be used instead of openpgp via 'gnupg'. * Many more strings are prepared for l10n. * 'git p4 submit' learns to ask its own pre-submit hook if it should continue with submitting. * The test performed at the receiving end of 'git push' to prevent bad objects from entering repository can be customized via receive.fsck.* configuration variables; we now have gained a counterpart to do the same on the 'git fetch' side, with fetch.fsck.* configuration variables. * 'git pull --rebase=interactive' learned 'i' as a short-hand for 'interactive'. * 'git instaweb' has been adjusted to run better with newer Apache on RedHat based distros. * 'git range-diff' is a reimplementation of 'git tbdiff' that lets us compare individual patches in two iterations of a topic. * The sideband code learned to optionally paint selected keywords at the beginning of incoming lines on the receiving end. * 'git branch --list' learned to take the default sort order from the 'branch.sort' configuration variable, just like 'git tag --list' pays attention to 'tag.sort'. * 'git worktree' command learned '--quiet' option to make it less verbose. git 2.18.0: * improvements to rename detection logic * When built with more recent cURL, GIT_SSL_VERSION can now specify 'tlsv1.3' as its value. * 'git mergetools' learned talking to guiffy. * various other workflow improvements and fixes * performance improvements and other developer visible fixes Update to git 2.16.4: security fix release git 2.17.1: * Submodule 'names' come from the untrusted .gitmodules file, but we blindly append them to $GIT_DIR/modules to create our on-disk repo paths. This means you can do bad things by putting '../' into the name. We now enforce some rules for submodule names which will cause Git to ignore these malicious names (CVE-2018-11235, bsc#1095219) * It was possible to trick the code that sanity-checks paths on NTFS into reading random piece of memory (CVE-2018-11233, bsc#1095218) * Support on the server side to reject pushes to repositories that attempt to create such problematic .gitmodules file etc. as tracked contents, to help hosting sites protect their customers by preventing malicious contents from spreading. git 2.17.0: * 'diff' family of commands learned '--find-object=<object-id>' option to limit the findings to changes that involve the named object. * 'git format-patch' learned to give 72-cols to diffstat, which is consistent with other line length limits the subcommand uses for its output meant for e-mails. * The log from 'git daemon' can be redirected with a new option; one relevant use case is to send the log to standard error (instead of syslog) when running it from inetd. * 'git rebase' learned to take '--allow-empty-message' option. * 'git am' has learned the '--quit' option, in addition to the existing '--abort' option; having the pair mirrors a few other commands like 'rebase' and 'cherry-pick'. * 'git worktree add' learned to run the post-checkout hook, just like 'git clone' runs it upon the initial checkout. * 'git tag' learned an explicit '--edit' option that allows the message given via '-m' and '-F' to be further edited. * 'git fetch --prune-tags' may be used as a handy short-hand for getting rid of stale tags that are locally held. * The new '--show-current-patch' option gives an end-user facing way to get the diff being applied when 'git rebase' (and 'git am') stops with a conflict. * 'git add -p' used to offer '/' (look for a matching hunk) as a choice, even there was only one hunk, which has been corrected. Also the single-key help is now given only for keys that are enabled (e.g. help for '/' won't be shown when there is only one hunk). * Since Git 1.7.9, 'git merge' defaulted to --no-ff (i.e. even when the side branch being merged is a descendant of the current commit, create a merge commit instead of fast-forwarding) when merging a tag object. This was appropriate default for integrators who pull signed tags from their downstream contributors, but caused an unnecessary merges when used by downstream contributors who habitually 'catch up' their topic branches with tagged releases from the upstream. Update 'git merge' to default to --no-ff only when merging a tag object that does *not* sit at its usual place in refs/tags/ hierarchy, and allow fast-forwarding otherwise, to mitigate the problem. * 'git status' can spend a lot of cycles to compute the relation between the current branch and its upstream, which can now be disabled with '--no-ahead-behind' option. * 'git diff' and friends learned funcname patterns for Go language source files. * 'git send-email' learned '--reply-to=<address>' option. * Funcname pattern used for C# now recognizes 'async' keyword. * In a way similar to how 'git tag' learned to honor the pager setting only in the list mode, 'git config' learned to ignore the pager setting when it is used for setting values (i.e. when the purpose of the operation is not to 'show'). - Use %license instead of %doc [bsc#1082318] git 2.16.3: * 'git status' after moving a path in the working tree (hence making it appear 'removed') and then adding with the -N option (hence making that appear 'added') detected it as a rename, but did not report the old and new pathnames correctly. * 'git commit --fixup' did not allow '-m<message>' option to be used at the same time; allow it to annotate resulting commit with more text. * When resetting the working tree files recursively, the working tree of submodules are now also reset to match. * Fix for a commented-out code to adjust it to a rather old API change around object ID. * When there are too many changed paths, 'git diff' showed a warning message but in the middle of a line. * The http tracing code, often used to debug connection issues, learned to redact potentially sensitive information from its output so that it can be more safely sharable. * Crash fix for a corner case where an error codepath tried to unlock what it did not acquire lock on. * The split-index mode had a few corner case bugs fixed. * Assorted fixes to 'git daemon'. * Completion of 'git merge -s<strategy>' (in contrib/) did not work well in non-C locale. * Workaround for segfault with more recent versions of SVN. * Recently introduced leaks in fsck have been plugged. * Travis CI integration now builds the executable in 'script' phase to follow the established practice, rather than during 'before_script' phase. This allows the CI categorize the failures better ('failed' is project's fault, 'errored' is build environment's). - Drop superfluous xinetd snippet, no longer used (bsc#1084460) - Build with asciidoctor for the recent distros (bsc#1075764) - Move %{?systemd_requires} to daemon subpackage - Create subpackage for libsecret credential helper. git 2.16.2: * An old regression in 'git describe --all $annotated_tag^0' has been fixed. * 'git svn dcommit' did not take into account the fact that a svn+ssh:// URL with a username@ (typically used for pushing) refers to the same SVN repository without the username@ and failed when svn.pushmergeinfo option is set. * 'git merge -Xours/-Xtheirs' learned to use our/their version when resolving a conflicting updates to a symbolic link. * 'git clone $there $here' is allowed even when here directory exists as long as it is an empty directory, but the command incorrectly removed it upon a failure of the operation. * 'git stash -- <pathspec>' incorrectly blew away untracked files in the directory that matched the pathspec, which has been corrected. * 'git add -p' was taught to ignore local changes to submodules as they do not interfere with the partial addition of regular changes anyway. git 2.16.1: * 'git clone' segfaulted when cloning a project that happens to track two paths that differ only in case on a case insensitive filesystem git 2.16.0 (CVE-2017-15298, bsc#1063412): * See https://raw.github.com/git/git/master/Documentation/RelNotes/2.16.0.txt git 2.15.1: * fix 'auto' column output * fixes to moved lines diffing * documentation updates * fix use of repositories immediately under the root directory * improve usage of libsecret * fixes to various error conditions in git commands - Rewrite from sysv init to systemd unit file for git-daemon (bsc#1069803) - Replace references to /var/adm/fillup-templates with new %_fillupdir macro (bsc#1069468) - split off p4 to a subpackage (bsc#1067502) - Build with the external libsha1detectcoll (bsc#1042644) git 2.15.0: * Use of an empty string as a pathspec element that is used for 'everything matches' is still warned and Git asks users to use a more explicit '.' for that instead. Removal scheduled for 2.16 * Git now avoids blindly falling back to '.git' when the setup sequence said we are _not_ in Git repository (another corner case removed) * 'branch --set-upstream' was retired, deprecated since 1.8 * many other improvements and updates git 2.14.3: * git send-email understands more cc: formats * fixes so gitk --bisect * git commit-tree fixed to handle -F file alike * Prevent segfault in 'git cat-file --textconv' * Fix function header parsing for HTML * Various small fixes to user commands and and internal functions git 2.14.2: * fixes to color output * http.{sslkey,sslCert} now interpret '~[username]/' prefix * fixes to walking of reflogs via 'log -g' and friends * various fixes to output correctness * 'git push --recurse-submodules $there HEAD:$target' is now propagated down to the submodules * 'git clone --recurse-submodules --quiet' c$how propagates quiet option down to submodules. * 'git svn --localtime' correctness fixes * 'git grep -L' and 'git grep --quiet -L' now report same exit code * fixes to 'git apply' when converting line endings * Various Perl scripts did not use safe_pipe_capture() instead of backticks, leaving them susceptible to end-user input. CVE-2017-14867 bsc#1061041 * 'git cvsserver' no longer is invoked by 'git daemon' by default git 2.14.1 (bsc#1052481): * Security fix for CVE-2017-1000117: A malicious third-party can give a crafted 'ssh://...' URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running 'git clone --recurse-submodules' to trigger the vulnerability. * A 'ssh://...' URL can result in a 'ssh' command line with a hostname that begins with a dash '-', which would cause the 'ssh' command to instead (mis)treat it as an option. This is now prevented by forbidding such a hostname (which should not impact any real-world usage). * Similarly, when GIT_PROXY_COMMAND is configured, the command is run with host and port that are parsed out from 'ssh://...' URL; a poorly written GIT_PROXY_COMMAND could be tricked into treating a string that begins with a dash '-' as an option. This is now prevented by forbidding such a hostname and port number (again, which should not impact any real-world usage). * In the same spirit, a repository name that begins with a dash '-' is also forbidden now. git 2.14.0: * Use of an empty string as a pathspec element that is used for 'everything matches' is deprecated, use '.' * Avoid blindly falling back to '.git' when the setup sequence indicates operation not on a Git repository * 'indent heuristics' are now the default. * Builds with pcre2 * Many bug fixes, improvements and updates git 2.13.4: * Update the character width tables. * Fix an alias that contained an uppercase letter * Progress meter fixes * git gc concurrency fixes git 2.13.3: * various internal bug fixes * Fix a regression to 'git rebase -i' * Correct unaligned 32-bit access in pack-bitmap code * Tighten error checks for invalid 'git apply' input * The split index code did not honor core.sharedrepository setting correctly * Fix 'git branch --list' handling of color.branch.local git 2.13.2: * 'collision detecting' SHA-1 update for platform fixes * 'git checkout --recurse-submodules' did not quite work with a submodule that itself has submodules. * The 'run-command' API implementation has been made more robust against dead-locking in a threaded environment. * 'git clean -d' now only cleans ignored files with '-x' * 'git status --ignored' did not list ignored and untracked files without '-uall' * 'git pull --rebase --autostash' didn't auto-stash when the local history fast-forwards to the upstream. * 'git describe --contains' gives as much weight to lightweight tags as annotated tags * Fix 'git stash push <pathspec>' from a subdirectory git 2.13.1: * Setting 'log.decorate=false' in the configuration file did not take effect in v2.13, which has been corrected. * corrections to documentation and command help output * garbage collection fixes * memory leaks fixed * receive-pack now makes sure that the push certificate records the same set of push options used for pushing * shell completion corrections for git stash * fix 'git clone --config var=val' with empty strings * internal efficiency improvements * Update sha1 collision detection code for big-endian platforms and platforms not supporting unaligned fetches - Fix packaging of documentation git 2.13.0: * empty string as a pathspec element for 'everything matches' is still warned, for future removal. * deprecated argument order 'git merge <msg> HEAD <commit>...' was removed * default location '~/.git-credential-cache/socket' for the socket used to communicate with the credential-cache daemon moved to '~/.cache/git/credential/socket'. * now avoid blindly falling back to '.git' when the setup sequence indicated otherwise * many workflow features, improvements and bug fixes * add a hardened implementation of SHA1 in response to practical collision attacks (CVE-2005-4900, bsc#1042640) * CVE-2017-8386: On a server running git-shell as login shell to restrict user to git commands, remote users may have been able to have git service programs spawn an interactive pager and thus escape the shell restrictions. (bsc#1038395) Changes in pcre2: - Include the libraries, development and tools packages. git uses only libpcre2-8 so far, but this allows further application usage of pcre2. Important SUSE bug 1167890 SUSE bug 1168930 CVE-2020-5260 cpe:/o:suse:sle-sdk:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libgcrypt fixes the following issues: The following security vulnerability was addressed: - CVE-2018-0495: Mitigate a novel side-channel attack by enabling blinding for ECDSA signatures (bsc#1097410). The following other issues were fixed: - Extended the fipsdrv dsa-sign and dsa-verify commands with the --algo parameter for the FIPS testing of DSA SigVer and SigGen (bsc#1064455). - Ensure libgcrypt20-hmac and libgcrypt20 are installed in the correct order. (bsc#1090766) Moderate SUSE bug 1064455 SUSE bug 1090766 SUSE bug 1097410 CVE-2018-0495 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python, python-base fixes the following issues: Security issues fixed: - CVE-2018-1000802: Prevent command injection in shutil module (make_archive function) via passage of unfiltered user input (bsc#1109663). - CVE-2018-1061: Fixed DoS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (bsc#1088004). - CVE-2018-1060: Fixed DoS via regular expression catastrophic backtracking in apop() method in pop3lib (bsc#1088009). Bug fixes: - bsc#1086001: python tarfile uses random order. Moderate SUSE bug 1086001 SUSE bug 1088004 SUSE bug 1088009 SUSE bug 1109663 CVE-2018-1000802 CVE-2018-1060 CVE-2018-1061 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for apache2 fixes the following issues: Security issues fixed: - CVE-2018-11763: In Apache HTTP Server by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. (bsc#1109961) Important SUSE bug 1109961 CVE-2018-11763 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for audiofile fixes the following issues: - CVE-2018-17095: A heap-based buffer overflow in Expand3To4Module::run could occurred when running sfconvert leading to crashes or code execution when handling untrusted soundfiles (bsc#1111586). Moderate SUSE bug 1111586 CVE-2018-17095 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for wireshark fixes the following issues: Wireshark was updated to 2.4.10 (bsc#1111647). Following security issues were fixed: - CVE-2018-18227: MS-WSP dissector crash (wnpa-sec-2018-47) - CVE-2018-12086: OpcUA dissector crash (wnpa-sec-2018-50) Further bug fixes and updated protocol support that were done are listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.10.html Important SUSE bug 1111647 CVE-2018-12086 CVE-2018-18227 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox to ESR 60.2.2 fixes several issues. These general changes are part of the version 60 release. - New browser engine with speed improvements - Redesigned graphical user interface elements - Unified address and search bar for new installations - New tab page listing top visited, recently visited and recommended pages - Support for configuration policies in enterprise deployments via JSON files - Support for Web Authentication, allowing the use of USB tokens for authentication to web sites The following changes affect compatibility: - Now exclusively supports extensions built using the WebExtension API. - Unsupported legacy extensions will no longer work in Firefox 60 ESR - TLS certificates issued by Symantec before June 1st, 2016 are no longer trusted The 'security.pki.distrust_ca_policy' preference can be set to 0 to reinstate trust in those certificates The following issues affect performance: - new format for storing private keys, certificates and certificate trust If the user home or data directory is on a network file system, it is recommended that users set the following environment variable to avoid slowdowns: NSS_SDB_USE_CACHE=yes This setting is not recommended for local, fast file systems. These security issues were fixed: - CVE-2018-12381: Dragging and dropping Outlook email message results in page navigation (bsc#1107343). - CVE-2017-16541: Proxy bypass using automount and autofs (bsc#1107343). - CVE-2018-12376: Various memory safety bugs (bsc#1107343). - CVE-2018-12377: Use-after-free in refresh driver timers (bsc#1107343). - CVE-2018-12378: Use-after-free in IndexedDB (bsc#1107343). - CVE-2018-12379: Out-of-bounds write with malicious MAR file (bsc#1107343). - CVE-2018-12386: Type confusion in JavaScript allowed remote code execution (bsc#1110506) - CVE-2018-12387: Array.prototype.push stack pointer vulnerability may enable exploits in the sandboxed content process (bsc#1110507) - CVE-2018-12385: Crash in TransportSecurityInfo due to cached data (bsc#1109363) - CVE-2018-12383: Setting a master password did not delete unencrypted previously stored passwords (bsc#1107343) This update for mozilla-nspr to version 4.19 fixes the follwing issues - Added TCP Fast Open functionality - A socket without PR_NSPR_IO_LAYER will no longer trigger an assertion when polling This update for mozilla-nss to version 3.36.4 fixes the follwing issues - Connecting to a server that was recently upgraded to TLS 1.3 would result in a SSL_RX_MALFORMED_SERVER_HELLO error. - Fix a rare bug with PKCS#12 files. - Replaces existing vectorized ChaCha20 code with verified HACL* implementation. - TLS 1.3 support has been updated to draft -23. - Added formally verified implementations of non-vectorized Chacha20 and non-vectorized Poly1305 64-bit. - The following CA certificates were Removed: OU = Security Communication EV RootCA1 CN = CA Disig Root R1 CN = DST ACES CA X6 Certum CA, O=Unizeto Sp. z o.o. StartCom Certification Authority StartCom Certification Authority G2 T?BİTAK UEKAE K?k Sertifika Hizmet Sağlayıcısı - S?r?m 3 ACEDICOM Root Certinomis - Autorit? Racine T?RKTRUST Elektronik Sertifika Hizmet Sağlayıcısı PSCProcert CA 沃通根证书, O=WoSign CA Limited Certification Authority of WoSign Certification Authority of WoSign G2 CA WoSign ECC Root Subject CN = VeriSign Class 3 Secure Server CA - G2 O = Japanese Government, OU = ApplicationCA CN = WellsSecure Public Root Certificate Authority CN = T?RKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6 CN = Microsec e-Szigno Root * The following CA certificates were Removed: AddTrust Public CA Root AddTrust Qualified CA Root China Internet Network Information Center EV Certificates Root CNNIC ROOT ComSign Secured CA GeoTrust Global CA 2 Secure Certificate Services Swisscom Root CA 1 Swisscom Root EV CA 2 Trusted Certificate Services UTN-USERFirst-Hardware UTN-USERFirst-Object * The following CA certificates were Added CN = D-TRUST Root CA 3 2013 CN = TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 GDCA TrustAUTH R5 ROOT SSL.com Root Certification Authority RSA SSL.com Root Certification Authority ECC SSL.com EV Root Certification Authority RSA R2 SSL.com EV Root Certification Authority ECC TrustCor RootCert CA-1 TrustCor RootCert CA-2 TrustCor ECA-1 * The Websites (TLS/SSL) trust bit was turned off for the following CA certificates: CN = Chambers of Commerce Root CN = Global Chambersign Root * TLS servers are able to handle a ClientHello statelessly, if the client supports TLS 1.3. If the server sends a HelloRetryRequest, it is possible to discard the server socket, and make a new socket to handle any subsequent ClientHello. This better enables stateless server operation. (This feature is added in support of QUIC, but it also has utility for DTLS 1.3 servers.) Due to the update of mozilla-nss apache2-mod_nss needs to be updated to change to the SQLite certificate database, which is now the default (bsc#1108771) Important SUSE bug 1012260 SUSE bug 1021577 SUSE bug 1026191 SUSE bug 1041469 SUSE bug 1041894 SUSE bug 1049703 SUSE bug 1061204 SUSE bug 1064786 SUSE bug 1065464 SUSE bug 1066489 SUSE bug 1073210 SUSE bug 1078436 SUSE bug 1091551 SUSE bug 1092697 SUSE bug 1094767 SUSE bug 1096515 SUSE bug 1107343 SUSE bug 1108771 SUSE bug 1108986 SUSE bug 1109363 SUSE bug 1109465 SUSE bug 1110506 SUSE bug 1110507 SUSE bug 703591 SUSE bug 839074 SUSE bug 857131 SUSE bug 893359 CVE-2017-16541 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12379 CVE-2018-12381 CVE-2018-12383 CVE-2018-12385 CVE-2018-12386 CVE-2018-12387 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for soundtouch fixes the following issues: - CVE-2018-17098: The WavFileBase class allowed remote attackers to cause a denial of service (heap corruption from size inconsistency) or possibly have unspecified other impact, as demonstrated by SoundStretch. (bsc#1108632) - CVE-2018-17097: The WavFileBase class allowed remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch. (double free) (bsc#1108631) - CVE-2018-17096: The BPMDetect class allowed remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch. (bsc#1108630) Moderate SUSE bug 1108630 SUSE bug 1108631 SUSE bug 1108632 CVE-2018-17096 CVE-2018-17097 CVE-2018-17098 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for opensc fixes the following issues: - CVE-2018-16391: Fixed a denial of service when handling responses from a Muscle Card (bsc#1106998) - CVE-2018-16392: Fixed a denial of service when handling responses from a TCOS Card (bsc#1106999) - CVE-2018-16393: Fixed buffer overflows when handling responses from Gemsafe V1 Smartcards (bsc#1108318) - CVE-2018-16418: Fixed buffer overflow when handling string concatenation in util_acl_to_str (bsc#1107039) - CVE-2018-16419: Fixed several buffer overflows when handling responses from a Cryptoflex card (bsc#1107107) - CVE-2018-16420: Fixed buffer overflows when handling responses from an ePass 2003 Card (bsc#1107097) - CVE-2018-16422: Fixed single byte buffer overflow when handling responses from an esteid Card (bsc#1107038) - CVE-2018-16423: Fixed double free when handling responses from a smartcard (bsc#1107037) - CVE-2018-16426: Fixed endless recursion when handling responses from an IAS-ECC card (bsc#1107034) - CVE-2018-16427: Fixed out of bounds reads when handling responses in OpenSC (bsc#1107033) Moderate SUSE bug 1104812 SUSE bug 1106998 SUSE bug 1106999 SUSE bug 1107033 SUSE bug 1107034 SUSE bug 1107037 SUSE bug 1107038 SUSE bug 1107039 SUSE bug 1107097 SUSE bug 1107107 SUSE bug 1108318 CVE-2018-16391 CVE-2018-16392 CVE-2018-16393 CVE-2018-16418 CVE-2018-16419 CVE-2018-16420 CVE-2018-16422 CVE-2018-16423 CVE-2018-16426 CVE-2018-16427 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libarchive fixes the following issues: - CVE-2016-10209: The archive_wstring_append_from_mbs function in archive_string.c allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file. (bsc#1032089) - CVE-2016-10349: The archive_le32dec function in archive_endian.h allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (bsc#1037008) - CVE-2016-10350: The archive_read_format_cab_read_header function in archive_read_support_format_cab.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (bsc#1037009) - CVE-2017-14166: libarchive allowed remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c. (bsc#1057514) - CVE-2017-14501: An out-of-bounds read flaw existed in parse_file_info in archive_read_support_format_iso9660.c when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. (bsc#1059139) - CVE-2017-14502: read_header in archive_read_support_format_rar.c suffered from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. (bsc#1059134) - CVE-2017-14503: libarchive suffered from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. (bsc#1059100) Moderate SUSE bug 1032089 SUSE bug 1037008 SUSE bug 1037009 SUSE bug 1057514 SUSE bug 1059100 SUSE bug 1059134 SUSE bug 1059139 CVE-2016-10209 CVE-2016-10349 CVE-2016-10350 CVE-2017-14166 CVE-2017-14501 CVE-2017-14502 CVE-2017-14503 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: Security issues fixed: - Update to Mozilla Firefox 60.3.0esr: MFSA 2018-27 (bsc#1112852) - CVE-2018-12392: Crash with nested event loops. - CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript. - CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting. - CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts. - CVE-2018-12397: WebExtension local file access vulnerability. - CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3. - CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3. Important SUSE bug 1112852 CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 CVE-2018-12395 CVE-2018-12396 CVE-2018-12397 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632) - CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. (bsc#1113665) Non-security issues fixed: - dhcp6: split assert_return() to be more debuggable when hit - core: skip unit deserialization and move to the next one when unit_deserialize() fails - core: properly handle deserialization of unknown unit types (#6476) - core: don't create Requires for workdir if 'missing ok' (bsc#1113083) - logind: use manager_get_user_by_pid() where appropriate - logind: rework manager_get_{user|session}_by_pid() a bit - login: fix user@.service case, so we don't allow nested sessions (#8051) (bsc#1112024) - core: be more defensive if we can't determine per-connection socket peer (#7329) - socket-util: introduce port argument in sockaddr_port() - service: fixup ExecStop for socket-activated shutdown (#4120) - service: Continue shutdown on socket activated unit on termination (#4108) (bsc#1106923) - cryptsetup: build fixes for 'add support for sector-size= option' - udev-rules: IMPORT cmdline does not recognize keys with similar names (bsc#1111278) - core: keep the kernel coredump defaults when systemd-coredump is disabled - core: shorten main() a bit, split out coredump initialization - core: set RLIMIT_CORE to unlimited by default (bsc#1108835) - core/mount: fstype may be NULL - journald: don't ship systemd-journald-audit.socket (bsc#1109252) - core: make 'tmpfs' dependencies on swapfs a 'default' dep, not an 'implicit' (bsc#1110445) - mount: make sure we unmount tmpfs mounts before we deactivate swaps (#7076) - tmp.mount.hm4: After swap.target (#3087) - Ship systemd-sysv-install helper via the main package This script was part of systemd-sysvinit sub-package but it was wrong since systemd-sysv-install is a script used to redirect enable/disable operations to chkconfig when the unit targets are sysv init scripts. Therefore it's never been a SySV init tool. Important SUSE bug 1106923 SUSE bug 1108835 SUSE bug 1109252 SUSE bug 1110445 SUSE bug 1111278 SUSE bug 1112024 SUSE bug 1113083 SUSE bug 1113632 SUSE bug 1113665 CVE-2018-15686 CVE-2018-15688 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2018-16850: Fixed improper quoting of transition table names when pg_dump emits CREATE TRIGGER could have caused privilege escalation (bsc#1114837). Non-security issues fixed: - Update to release 10.6: * https://www.postgresql.org/docs/current/static/release-10-6.html Moderate SUSE bug 1114837 CVE-2018-16850 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for squid fixes the following issues: Security issues fixed: - CVE-2018-19131: Fixed Cross-Site-Scripting vulnerability in the TLS error handling (bsc#1113668). - CVE-2018-19132: Fixed small memory leak in processing of SNMP packets (bsc#1113669). Non-security issues fixed: - Create runtime directories needed when SMP mode is enabled (bsc#1112695, bsc#1112066). - Install license correctly (bsc#1082318). Important SUSE bug 1082318 SUSE bug 1112066 SUSE bug 1112695 SUSE bug 1113668 SUSE bug 1113669 CVE-2018-19131 CVE-2018-19132 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for rpm fixes the following issues: These security issues were fixed: - CVE-2017-7500: rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination (bsc#943457). - CVE-2017-7501: rpm used temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation (bsc#943457) This is a reissue of the above security fixes for SUSE Linux Enterprise 12 GA, SP1 and SP2 LTSS, they have already been released for SUSE Linux Enterprise Server 12 SP3. Important SUSE bug 943457 CVE-2017-7500 CVE-2017-7501 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for exiv2 fixes the following issues: - CVE-2017-11591: A floating point exception in the Exiv2::ValueType function could lead to a remote denial of service attack via crafted input. (bsc#1050257) - CVE-2017-14864: An invalid memory address dereference was discovered in Exiv2::getULong in types.cpp. The vulnerability caused a segmentation fault and application crash, which lead to denial of service. (bsc#1060995) - CVE-2017-14862: An invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp. The vulnerability caused a segmentation fault and application crash, which lead to denial of service. (bsc#1060996) - CVE-2017-14859: An invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp. The vulnerability caused a segmentation fault and application crash, which lead to denial of service. (bsc#1061000) - CVE-2017-11683: There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp that could lead to a remote denial of service attack via crafted input. (bsc#1051188) - CVE-2017-17669: There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp. A crafted PNG file would lead to a remote denial of service attack. (bsc#1072928) - CVE-2018-10958: In types.cpp a large size value might have lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call. (bsc#1092952) - CVE-2018-10998: readMetadata in jp2image.cpp allowed remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call. (bsc#1093095) - CVE-2018-11531: Exiv2 had a heap-based buffer overflow in getData in preview.cpp. (bsc#1095070) Moderate SUSE bug 1050257 SUSE bug 1051188 SUSE bug 1060995 SUSE bug 1060996 SUSE bug 1061000 SUSE bug 1072928 SUSE bug 1092952 SUSE bug 1093095 SUSE bug 1095070 CVE-2017-11591 CVE-2017-11683 CVE-2017-14859 CVE-2017-14862 CVE-2017-14864 CVE-2017-17669 CVE-2018-10958 CVE-2018-10998 CVE-2018-11531 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf (bsc#1099257). - CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tif_lzw.c (bsc#1113672). - CVE-2018-18557: Fixed JBIG decode can lead to out-of-bounds write (bsc#1113094). Non-security issues fixed: - asan_build: build ASAN included - debug_build: build more suitable for debugging Moderate SUSE bug 1099257 SUSE bug 1113094 SUSE bug 1113672 CVE-2018-12900 CVE-2018-18557 CVE-2018-18661 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssh fixes the following issues: Following security issues have been fixed: - CVE-2018-15473: OpenSSH was prone to a user existance oracle vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. (bsc#1105010) The following non-security issues were fixed: - Stop leaking File descriptors (bsc#964336) - sftp-client.c returns wrong error code upon failure [bsc#1091396] Moderate SUSE bug 1091396 SUSE bug 1105010 SUSE bug 964336 CVE-2018-15473 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 java-1_7_1-ibm was updated to Java 7.1 Service Refresh 4 Fix Pack 35 (bsc#1116574): * Consumability - IJ10515 AIX JAVA 7.1.3.10 GENERAL PROTECTION FAULT WHEN ATTEMPTING TO USE HEALTH CENTER API * Class Libraries - IJ10934 CVE-2018-13785 - IJ10935 CVE-2018-3136 - IJ10895 CVE-2018-3139 - IJ10932 CVE-2018-3149 - IJ10894 CVE-2018-3180 - IJ10933 CVE-2018-3214 - IJ09315 FLOATING POINT EXCEPTION FROM JAVA.TEXT.DECIMALFORMAT. FORMAT - IJ09088 INTRODUCING A NEW PROPERTY FOR TURKEY TIMEZONE FOR PRODUCTS NOT IDENTIFYING TRT - IJ08569 JAVA.IO.IOEXCEPTION OCCURS WHEN A FILECHANNEL IS BIGGER THAN 2GB ON AIX PLATFORM - IJ10800 REMOVE EXPIRING ROOT CERTIFICATES IN IBM JDK’S CACERTS. * Java Virtual Machine - IJ10931 CVE-2018-3169 - IV91132 SOME CORE PATTERN SPECIFIERS ARE NOT HANDLED BY THE JVM ON LINUX * JIT Compiler - IJ08205 CRASH WHILE COMPILING - IJ07886 INCORRECT CALUCATIONS WHEN USING NUMBERFORMAT.FORMAT() AND BIGDECIMAL.{FLOAT/DOUBLE }VALUE() * ORB - IX90187 CLIENTREQUESTIMPL.REINVO KE FAILS WITH JAVA.LANG.INDEXOUTOFBOUN DSEXCEPTION * Security - IJ10492 'EC KEYSIZE < 384' IS NOT HONORED USING THE 'JDK.TLS.DISABLEDALGORIT HMS' SECURITY PROPERTY - IJ10491 AES/GCM CIPHER – AAD NOT RESET TO UN-INIT STATE AFTER DOFINAL( ) AND INIT( ) - IJ08442 HTTP PUBLIC KEY PINNING FINGERPRINT,PROBLEM WITH CONVERTING TO JKS KEYSTORE - IJ09107 IBMPKCS11IMPL CRYPTO PROVIDER – INTERMITTENT ERROR WITH SECP521R1 SIGNATURE ON Z/OS - IJ10136 IBMPKCS11IMPL – INTERMITTENT ERROR WITH SECP521R1 SIG ON Z/OS AND Z/LINUX - IJ08530 IBMPKCS11IMPL PROVIDER USES THE WRONG RSA CIPHER MECHANISM FOR THE RSA/ECB/PKCS1PADDING CIPHER - IJ08723 JAAS THROWS A ‘ARRAY INDEX OUT OF RANGE’ EXCEPTION - IJ08704 THE SECURITY PROPERTY ‘JDK.CERTPATH.DISABLEDAL GORITHMS’ IS MISTAKENLY BEING USED TO FILTER JAR SIGNING ALGORITHMS * z/OS Extentions - PH01244 OUTPUT BUFFER TOO SHORT FOR GCM MODE ENCRYPTION USING IBMJCEHYBRID Important SUSE bug 1116574 CVE-2018-13785 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3214 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel for Azure was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751). - CVE-2018-18445: Faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandled 32-bit right shifts (bnc#1112372). - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). - CVE-2017-18224: fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allowed local users to cause a denial of service (BUG) by modifying a certain e_cpos field (bnc#1084831). - CVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674). The following non-security bugs were fixed: - acpi, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#112128). - acpi / processor: Fix the return value of acpi_processor_ids_walk() (bsc#1051510). - aio: fix io_destroy(2) vs. lookup_ioctx() race (git-fixes). - alsa: hda: Add 2 more models to the power_save blacklist (bsc#1051510). - alsa: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905) (bsc#1051510). - alsa: hda - Add quirk for ASUS G751 laptop (bsc#1051510). - alsa: hda - Fix headphone pin config for ASUS G751 (bsc#1051510). - alsa: hda: fix unused variable warning (bsc#1051510). - alsa: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 (bsc#1051510). - alsa: hda/realtek - Fix the problem of the front MIC on the Lenovo M715 (bsc#1051510). - alsa: usb-audio: update quirk for B&W PX to remove microphone (bsc#1051510). - apparmor: Check buffer bounds when mapping permissions mask (git-fixes). - ARM: bcm2835: Add GET_THROTTLED firmware property (bsc#1108468). - ASoC: intel: skylake: Add missing break in skl_tplg_get_token() (bsc#1051510). - ASoC: Intel: Skylake: Reset the controller in probe (bsc#1051510). - ASoC: rsnd: adg: care clock-frequency size (bsc#1051510). - ASoC: rsnd: do not fallback to PIO mode when -EPROBE_DEFER (bsc#1051510). - ASoC: rt5514: Fix the issue of the delay volume applied again (bsc#1051510). - ASoC: sigmadsp: safeload should not have lower byte limit (bsc#1051510). - ASoC: wm8804: Add ACPI support (bsc#1051510). - ath10k: fix kernel panic issue during pci probe (bsc#1051510). - ath10k: fix scan crash due to incorrect length calculation (bsc#1051510). - ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait (bsc#1051510). - autofs: fix autofs_sbi() does not check super block type (git-fixes). - autofs: fix slab out of bounds read in getname_kernel() (git-fixes). - autofs: mount point create should honour passed in mode (git-fixes). - badblocks: fix wrong return value in badblocks_set if badblocks are disabled (git-fixes). - batman-adv: Avoid probe ELP information leak (bsc#1051510). - batman-adv: fix backbone_gw refcount on queue_work() failure (bsc#1051510). - batman-adv: fix hardif_neigh refcount on queue_work() failure (bsc#1051510). - bdi: Fix another oops in wb_workfn() (bsc#1112746). - bdi: Preserve kabi when adding cgwb_release_mutex (bsc#1112746). - blkdev_report_zones_ioctl(): Use vmalloc() to allocate large buffers (bsc#1111819). - blk-mq: I/O and timer unplugs are inverted in blktrace (bsc#1112713). - block, bfq: fix wrong init of saved start time for weight raising (bsc#1112708). - block: bfq: swap puts in bfqg_and_blkg_put (bsc#1112712). - block: bvec_nr_vecs() returns value for wrong slab (bsc#1111834). - bpf/verifier: disallow pointer subtraction (bsc#1083647). - btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency for bsc#1113667). - btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667). - btrfs: fix file data corruption after cloning a range and fsync (bsc#1111901). - btrfs: fix missing error return in btrfs_drop_snapshot (Git-fixes bsc#1109919). - btrfs: fix mount failure after fsync due to hard link recreation (bsc#1103543). - btrfs: handle errors while updating refcounts in update_ref_for_cow (Git-fixes bsc#1109915). - btrfs: send, fix invalid access to commit roots due to concurrent snapshotting (bsc#1111904). - cdc-acm: fix race between reset and control messaging (bsc#1051510). - ceph: avoid a use-after-free in ceph_destroy_options() (bsc#1111983). - cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() (bsc#1051510). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902). - cifs: connect to servername instead of IP for IPC$ share (bsc#1106359). - cifs: fix memory leak in SMB2_open() (bsc#1112894). - cifs: fix memory leak in SMB2_open() (bsc#1112894). - cifs: Fix use after free of a mid_q_entry (bsc#1112903). - cifs: Fix use after free of a mid_q_entry (bsc#1112903). - clk: x86: add 'ether_clk' alias for Bay Trail / Cherry Trail (bsc#1051510). - clk: x86: Stop marking clocks as CLK_IS_CRITICAL (bsc#1051510). - clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs (bsc#1051510). - clocksource/drivers/timer-atmel-pit: Properly handle error cases (bsc#1051510). - coda: fix 'kernel memory exposure attempt' in fsync (bsc#1051510). - crypto: caam - fix implicit casts in endianness helpers (bsc#1051510). - crypto: ccp - add timeout support in the SEV command (bsc#1106838). - crypto: chelsio - Fix memory corruption in DMA Mapped buffers (bsc#1051510). - crypto: lrw - Fix out-of bounds access on counter overflow (bsc#1051510). - crypto: mxs-dcp - Fix wait logic on chan threads (bsc#1051510). - crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe() (bsc#1051510). - crypto: tcrypt - fix ghash-generic speed test (bsc#1051510). - dax: Fix deadlock in dax_lock_mapping_entry() (bsc#1109951). - debugobjects: Make stack check warning more informative (bsc#1051510). - Disable DRM patches that broke vbox video driver KMP (bsc#1111076) - Documentation/l1tf: Fix small spelling typo (bsc#1051510). - do d_instantiate/unlock_new_inode combinations safely (git-fixes). - Do not leak MNT_INTERNAL away from internal mounts (git-fixes). - drm/amdgpu: add another ATPX quirk for TOPAZ (bsc#1051510). - drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk (bsc#1106110) - drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 (bsc#1051510). - drm/amdgpu: Fix vce work queue was not cancelled when suspend (bsc#1106110) - drm/amdgpu/powerplay: fix missing break in switch statements (bsc#1113722) - drm/amdgpu: Pulling old prepare and submit for flip back (bsc#1051510). - drm/amdgpu: revert 'fix deadlock of reservation between cs and gpu reset v2' (bsc#1051510). - drm/edid: VSDB yCBCr420 Deep Color mode bit definitions (bsc#1051510). - drm/hisilicon: hibmc: Do not carry error code in HiBMC framebuffer (bsc#1113722) - drm/hisilicon: hibmc: Do not overwrite fb helper surface depth (bsc#1113722) - drm/i915/audio: Hook up component bindings even if displays are (bsc#1113722) - drm/i915/dp: Link train Fallback on eDP only if fallback link BW can fit panel's native mode (bsc#1051510). - drm/i915/gen9+: Fix initial readout for Y tiled framebuffers (bsc#1113722) - drm/i915/glk: Add Quirk for GLK NUC HDMI port issues (bsc#1051510). - drm/i915: Restore vblank interrupts earlier (bsc#1051510). - drm: mali-dp: Call drm_crtc_vblank_reset on device init (bsc#1051510). - drm/mediatek: fix OF sibling-node lookup (bsc#1106110) - drm/msm: fix OF child-node lookup (bsc#1106110) - drm/nouveau/disp: fix DP disable race (bsc#1051510). - drm/nouveau: Do not disable polling in fallback mode (bsc#1103356). - drm/nouveau/TBDdevinit: do not fail when PMU/PRE_OS is missing from VBIOS (bsc#1051510). - drm/sti: do not remove the drm_bridge that was never added (bsc#1100132) - drm/sun4i: Fix an ulong overflow in the dotclock driver (bsc#1106110) - drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset() (bsc#1113722) - e1000: check on netif_running() before calling e1000_up() (bsc#1051510). - e1000: ensure to free old tx/rx rings in set_ringparam() (bsc#1051510). - edac: Raise the maximum number of memory controllers (bsc#1113780). - edac, thunderx: Fix memory leak in thunderx_l2c_threaded_isr() (bsc#1114279). - eeprom: at24: change nvmem stride to 1 (bsc#1051510). - eeprom: at24: check at24_read/write arguments (bsc#1051510). - eeprom: at24: correctly set the size for at24mac402 (bsc#1051510). - enic: do not call enic_change_mtu in enic_probe (bsc#1051510). - enic: handle mtu change for vf properly (bsc#1051510). - enic: initialize enic->rfs_h.lock in enic_probe (bsc#1051510). - ethtool: fix a privilege escalation bug (bsc#1076830). - ext2, dax: set ext2_dax_aops for dax files (bsc#1112554). - ext4: avoid arithemetic overflow that can trigger a BUG (bsc#1112736). - ext4: avoid divide by zero fault when deleting corrupted inline directories (bsc#1112735). - ext4: check for NUL characters in extended attribute's name (bsc#1112732). - ext4: check to make sure the rename(2)'s destination is not freed (bsc#1112734). - ext4: do not mark mmp buffer head dirty (bsc#1112743). - ext4: fix online resize's handling of a too-small final block group (bsc#1112739). - ext4: fix online resizing for bigalloc file systems with a 1k block size (bsc#1112740). - ext4: fix spectre gadget in ext4_mb_regular_allocator() (bsc#1112733). - ext4: recalucate superblock checksum after updating free blocks/inodes (bsc#1112738). - ext4: reset error code in ext4_find_entry in fallback (bsc#1112731). - ext4: show test_dummy_encryption mount option in /proc/mounts (bsc#1112741). - fbdev/omapfb: fix omapfb_memory_read infoleak (bsc#1051510). - firmware: raspberrypi: Register hwmon driver (bsc#1108468). - floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl (bsc#1051510). - fs: dcache: Avoid livelock between d_alloc_parallel and __d_add (git-fixes). - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() (git-fixes). - fs: dcache: Use READ_ONCE when accessing i_dir_seq (git-fixes). - fs/quota: Fix spectre gadget in do_quotactl (bsc#1112745). - getname_kernel() needs to make sure that ->name != ->iname in long case (git-fixes). - gpio: adp5588: Fix sleep-in-atomic-context bug (bsc#1051510). - gpio: Fix crash due to registration race (bsc#1051510). - gpiolib-acpi: Register GpioInt ACPI event handlers from a late_initcall (bsc#1051510). - gpio: mb86s70: Revert 'Return error if requesting an already assigned gpio' (bsc#1051510). - hfsplus: do not return 0 when fill_super() failed (bsc#1051510). - hfsplus: stop workqueue when fill_super() failed (bsc#1051510). - hfs: prevent crash on exit from failed search (bsc#1051510). - hid: add support for Apple Magic Keyboards (bsc#1051510). - hid: hid-saitek: Add device ID for RAT 7 Contagion (bsc#1051510). - hid: hid-sensor-hub: Force logical minimum to 1 for power and report state (bsc#1051510). - hid: quirks: fix support for Apple Magic Keyboards (bsc#1051510). - hid: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report (bsc#1051510). - hv: avoid crash in vmbus sysfs files (bnc#1108377). - hv_netvsc: Fix a deadlock by getting rtnl lock earlier in netvsc_probe() (bsc#1109772). - hv_netvsc: fix schedule in RCU context (). - hwmon: Add support for RPi voltage sensor (bsc#1108468). - hwmon: (adt7475) Make adt7475_read_word() return errors (bsc#1051510). - hwmon: (ina2xx) fix sysfs shunt resistor read access (bsc#1051510). - hwmon: rpi: add module alias to raspberrypi-hwmon (bsc#1108468). - hwrng: core - document the quality field (bsc#1051510). - hypfs_kill_super(): deal with failed allocations (bsc#1051510). - i2c: i2c-scmi: fix for i2c_smbus_write_block_data (bsc#1051510). - i2c: rcar: cleanup DMA for all kinds of failure (bsc#1051510). - iio: adc: at91: fix acking DRDY irq on simple conversions (bsc#1051510). - iio: adc: at91: fix wrong channel number in triggered buffer mode (bsc#1051510). - iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs() (bsc#1051510). - Input: atakbd - fix Atari CapsLock behaviour (bsc#1051510). - Input: atakbd - fix Atari keymap (bsc#1051510). - intel_th: pci: Add Ice Lake PCH support (bsc#1051510). - iommu/arm-smmu: Error out only if not enough context interrupts (bsc#1106237). - iommu/vt-d: Add definitions for PFSID (bsc#1106237). - iommu/vt-d: Fix dev iotlb pfsid use (bsc#1106237). - iommu/vt-d: Fix scatterlist offset handling (bsc#1106237). - ipc/shm.c add ->pagesize function to shm_vm_ops (bsc#1111811). - iwlwifi: dbg: do not crash if the firmware crashes in the middle of a debug dump (bsc#1051510). - iwlwifi: mvm: Allow TKIP for AP mode (bsc#1051510). - iwlwifi: mvm: check for n_profiles validity in EWRD ACPI (bsc#1051510). - iwlwifi: mvm: clear HW_RESTART_REQUESTED when stopping the interface (bsc#1051510). - iwlwifi: mvm: open BA session only when sta is authorized (bsc#1051510). - iwlwifi: mvm: send BCAST management frames to the right station (bsc#1051510). - iwlwifi: pcie: gen2: build A-MSDU only for GSO (bsc#1051510). - iwlwifi: pcie gen2: check iwl_pcie_gen2_set_tb() return value (bsc#1051510). - jbd2: fix use after free in jbd2_log_do_checkpoint() (bsc#1113257). - kABI: Hide get_msr_feature() in kvm_x86_ops (bsc#1106240). - KABI: hide new member in struct iommu_table from genksyms (bsc#1061840). - KABI: powerpc: export __find_linux_pte as __find_linux_pte_or_hugepte (bsc#1061840). - kabi/severities: correct nvdimm kabi exclusion - kabi/severities: ignore ppc64 realmode helpers. KVM fixes remove exports of realmode_pfn_to_page iommu_tce_xchg_rm mm_iommu_lookup_rm mm_iommu_ua_to_hpa_rm. Some are no longer used and others are no longer exported because the code was consolideted in one place. These helpers are to be called in realmode and linking to them from non-KVM modules is a bug. Hence removing them does not break KABI. - kabi/severities: ignore __xive_vm_h_* KVM internal symbols. - Kbuild: fix # escaping in .cmd files for future Make (git-fixes). - kernfs: update comment about kernfs_path() return value (bsc#1051510). - kprobes/x86: Fix %p uses in error messages (bsc#1110006). - ksm: fix unlocked iteration over vmas in cmp_and_merge_page() (VM Functionality bsc#1111806). - kvm: Make VM ioctl do valloc for some archs (bsc#1111506). - KVM: PPC: Add pt_regs into kvm_vcpu_arch and move vcpu->arch.gpr[] into it (bsc#1061840). - KVM: PPC: Avoid marking DMA-mapped pages dirty in real mode (bsc#1061840). - KVM: PPC: Book3S: Add MMIO emulation for VMX instructions (bsc#1061840). - KVM: PPC: Book3S: Allow backing bigger guest IOMMU pages with smaller physical pages (bsc#1061840). - KVM: PPC: Book3S: Check KVM_CREATE_SPAPR_TCE_64 parameters (bsc#1061840). - KVM: PPC: Book3S: Eliminate some unnecessary checks (bsc#1061840). - KVM: PPC: Book3S: Fix compile error that occurs with some gcc versions (bsc#1061840). - KVM: PPC: Book3S: Fix matching of hardware and emulated TCE tables (bsc#1061840). - KVM: PPC: Book3S HV: Add of_node_put() in success path (bsc#1061840). - KVM: PPC: Book3S HV: Add 'online' register to ONE_REG interface (bsc#1061840). - KVM: PPC: Book3S HV: Allow creating max number of VCPUs on POWER9 (bsc#1061840). - KVM: PPC: Book3S HV: Allow HPT and radix on the same core for POWER9 v2.2 (bsc#1061840). - KVM: PPC: Book3S HV: Avoid crash from THP collapse during radix page fault (bsc#1061840). - KVM: PPC: Book3S HV: Avoid shifts by negative amounts (bsc#1061840). - KVM: PPC: Book3S HV: Check DR not IR to chose real vs virt mode MMIOs (bsc#1061840). - KVM: PPC: Book3S HV: Do not truncate HPTE index in xlate function (bsc#1061840). - KVM: PPC: Book3S HV: Do not use compound_order to determine host mapping size (bsc#1061840). - KVM: PPC: Book3S HV: Do not use existing 'prodded' flag for XIVE escalations (bsc#1061840). - KVM: PPC: Book 3S HV: Do ptesync in radix guest exit path (bsc#1061840). - KVM: PPC: Book3S HV: Do SLB load/unload with guest LPCR value loaded (bsc#1061840). - KVM: PPC: Book3S HV: Enable migration of decrementer register (bsc#1061840). - KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm (bsc#1061840). - KVM: PPC: Book3S HV: Fix conditions for starting vcpu (bsc#1061840). - KVM: PPC: Book3S HV: Fix constant size warning (bsc#1061840). - KVM: PPC: Book3S HV: Fix duplication of host SLB entries (bsc#1061840). - KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds (bsc#1061840). - KVM: PPC: Book3S HV: Fix handling of large pages in radix page fault handler (bsc#1061840). - KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing code (bsc#1061840). - KVM: PPC: Book3S HV: Fix inaccurate comment (bsc#1061840). - KVM: PPC: Book3S HV: Fix kvmppc_bad_host_intr for real mode interrupts (bsc#1061840). - KVM: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry (bsc#1061840). - KVM: PPC: Book3S HV: Fix typo in kvmppc_hv_get_dirty_log_radix() (bsc#1061840). - KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing (bsc#1061840). - KVM: PPC: Book3S HV: Handle 1GB pages in radix page fault handler (bsc#1061840). - KVM: PPC: Book3S HV: Improve handling of debug-trigger HMIs on POWER9 (bsc#1061840). - KVM: PPC: Book3S HV: Keep XIVE escalation interrupt masked unless ceded (bsc#1061840). - KVM: PPC: Book3S HV: Lockless tlbie for HPT hcalls (bsc#1061840). - KVM: PPC: Book3S HV: Make HPT resizing work on POWER9 (bsc#1061840). - KVM: PPC: Book3S HV: Make radix clear pte when unmapping (bsc#1061840). - KVM: PPC: Book3S HV: Make radix use correct tlbie sequence in kvmppc_radix_tlbie_page (bsc#1061840). - KVM: PPC: Book3S HV: Make xive_pushed a byte, not a word (bsc#1061840). - KVM: PPC: Book3S HV: Pack VCORE IDs to access full VCPU ID space (bsc#1061840). - KVM: PPC: Book3S HV: radix: Do not clear partition PTE when RC or write bits do not match (bsc#1061840). - KVM: PPC: Book3S HV: Radix page fault handler optimizations (bsc#1061840). - KVM: PPC: Book3S HV: radix: Refine IO region partition scope attributes (bsc#1061840). - KVM: PPC: Book3S HV: Read kvm->arch.emul_smt_mode under kvm->lock (bsc#1061840). - KVM: PPC: Book3S HV: Recursively unmap all page table entries when unmapping (bsc#1061840). - KVM: PPC: Book3S HV: Remove useless statement (bsc#1061840). - KVM: PPC: Book3S HV: Remove vcpu->arch.dec usage (bsc#1061840). - KVM: PPC: Book3S HV: Send kvmppc_bad_interrupt NMIs to Linux handlers (bsc#1061840). - KVM: PPC: Book3S HV: Set RWMR on POWER8 so PURR/SPURR count correctly (bsc#1061840). - KVM: PPC: Book3S HV: Snapshot timebase offset on guest entry (bsc#1061840). - KVM: PPC: Book3S HV: Streamline setting of reference and change bits (bsc#1061840). - KVM: PPC: Book3S HV: Use a helper to unmap ptes in the radix fault path (bsc#1061840). - KVM: PPC: Book3S HV: Use __gfn_to_pfn_memslot() in page fault handler (bsc#1061840). - KVM: PPC: Book3S HV: XIVE: Resend re-routed interrupts on CPU priority change (bsc#1061840). - KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm() (bsc#1061840). - KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file (bsc#1061840). - KVM: PPC: Book3S: Use correct page shift in H_STUFF_TCE (bsc#1061840). - KVM: PPC: Fix a mmio_host_swabbed uninitialized usage issue (bsc#1061840). - KVM: PPC: Make iommu_table::it_userspace big endian (bsc#1061840). - KVM: PPC: Move nip/ctr/lr/xer registers to pt_regs in kvm_vcpu_arch (bsc#1061840). - KVM: PPC: Use seq_puts() in kvmppc_exit_timing_show() (bsc#1061840). - KVM: SVM: Add MSR-based feature support for serializing LFENCE (bsc#1106240). - KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR (bsc#1106240). - KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry (bsc#1106240). - KVM: x86: Add a framework for supporting MSR-based features (bsc#1106240). - KVM: x86: define SVM/VMX specific kvm_arch_[alloc|free]_vm (bsc#1111506). - KVM: X86: Introduce kvm_get_msr_feature() (bsc#1106240). - kvm/x86: kABI fix for vm_alloc/vm_free changes (bsc#1111506). - kvm: x86: Set highest physical address bits in non-present/reserved SPTEs (bsc#1106240). - libertas: call into generic suspend code before turning off power (bsc#1051510). - libnvdimm, badrange: remove a WARN for list_empty (bsc#112128). - libnvdimm, dimm: Maximize label transfer size (bsc#1111921, bsc#1113408). - libnvdimm, dimm: Maximize label transfer size (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm: Introduce locked DIMM capacity support (bsc#112128). - libnvdimm, label: change nvdimm_num_label_slots per UEFI 2.7 (bsc#1111921, bsc#1113408). - libnvdimm, label: change nvdimm_num_label_slots per UEFI 2.7 (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm, label: Fix sparse warning (bsc#1111921, bsc#1113408, ). - libnvdimm, label: Fix sparse warning (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm: move poison list functions to a new 'badrange' file (bsc#112128). - libnvdimm/nfit_test: add firmware download emulation (bsc#112128). - libnvdimm/nfit_test: adding support for unit testing enable LSS status (bsc#112128). - libnvdimm, testing: Add emulation for smart injection commands (bsc#112128). - libnvdimm, testing: update the default smart ctrl_temperature (bsc#112128). - lib/ubsan: add type mismatch handler for new GCC/Clang (bsc#1051510). - lib/ubsan.c: s/missaligned/misaligned/ (bsc#1051510). - livepatch: create and include UAPI headers (). - lockd: fix 'list_add double add' caused by legacy signal interface (git-fixes). - loop: add recursion validation to LOOP_CHANGE_FD (bsc#1112711). - loop: do not call into filesystem while holding lo_ctl_mutex (bsc#1112710). - loop: fix LOOP_GET_STATUS lock imbalance (bsc#1113284). - mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X (bsc#1051510). - mac80211: do not convert to A-MSDU if frag/subframe limited (bsc#1051510). - mac80211: do not Tx a deauth frame if the AP forbade Tx (bsc#1051510). - mac80211: fix a race between restart and CSA flows (bsc#1051510). - mac80211: Fix station bandwidth setting after channel switch (bsc#1051510). - mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X (bsc#1051510). - mac80211_hwsim: require at least one channel (bsc#1051510). - mac80211: mesh: fix HWMP sequence numbering to follow standard (bsc#1051510). - mac80211: minstrel: fix using short preamble CCK rates on HT clients (bsc#1051510). - mac80211: Run TXQ teardown code before de-registering interfaces (bsc#1051510). - mac80211: shorten the IBSS debug messages (bsc#1051510). - mach64: detect the dot clock divider correctly on sparc (bsc#1051510). - make sure that __dentry_kill() always invalidates d_seq, unhashed or not (git-fixes). - md: fix NULL dereference of mddev->pers in remove_and_add_spares() (git-fixes). - md/raid10: fix that replacement cannot complete recovery after reassemble (git-fixes). - md/raid1: add error handling of read error from FailFast device (git-fixes). - md/raid5-cache: disable reshape completely (git-fixes). - md/raid5: fix data corruption of replacements after originals dropped (git-fixes). - media: af9035: prevent buffer overflow on write (bsc#1051510). - media: cx231xx: fix potential sign-extension overflow on large shift (bsc#1051510). - media: dvb: fix compat ioctl translation (bsc#1051510). - media: em28xx: fix input name for Terratec AV 350 (bsc#1051510). - media: em28xx: use a default format if TRY_FMT fails (bsc#1051510). - media: pci: cx23885: handle adding to list failure (bsc#1051510). - media: tvp5150: avoid going past array on v4l2_querymenu() (bsc#1051510). - media: tvp5150: fix switch exit in set control handler (bsc#1051510). - media: tvp5150: fix width alignment during set_selection() (bsc#1051510). - media: uvcvideo: Fix uvc_alloc_entity() allocation alignment (bsc#1051510). - media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD (bsc#1051510). - media: videobuf-dma-sg: Fix dma_{sync,unmap}_sg() calls (bsc#1051510). - media: vsp1: Fix YCbCr planar formats pitch calculation (bsc#1051510). - mfd: arizona: Correct calling of runtime_put_sync (bsc#1051510). - mmc: block: avoid multiblock reads for the last sector in SPI mode (bsc#1051510). - mm: fix BUG_ON() in vmf_insert_pfn_pud() from VM_MIXEDMAP removal (bsc#1111841). - mm/migrate: Use spin_trylock() while resetting rate limit (). - mm: /proc/pid/pagemap: hide swap entries from unprivileged users (Git-fixes bsc#1109907). - modpost: ignore livepatch unresolved relocations (). - move changes without Git-commit out of sorted section - mwifiex: handle race during mwifiex_usb_disconnect (bsc#1051510). - net/smc: retain old name for diag_mode field (bsc#1106287, LTC#170892). - net/smc: use __aligned_u64 for 64-bit smc_diag fields (bsc#1101138, LTC#164002). - NFC: nfcmrvl_uart: fix OF child-node lookup (bsc#1051510). - nfit_test: add error injection DSMs (bsc#112128). - nfit_test: fix buffer overrun, add sanity check (bsc#112128). - nfit_test: improve structure offset handling (bsc#112128). - nfit_test: prevent parsing error of nfit_test.0 (bsc#112128). - nfit_test: when clearing poison, also remove badrange entries (bsc#112128). - NFS: Avoid quadratic search when freeing delegations (bsc#1084760). - nvdimm: Clarify comment in sizeof_namespace_index (bsc#1111921, bsc#1113408). - nvdimm: Clarify comment in sizeof_namespace_index (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Remove empty if statement (bsc#1111921, bsc#1113408, ). - nvdimm: Remove empty if statement (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Sanity check labeloff (bsc#1111921, bsc#1113408, ). - nvdimm: Sanity check labeloff (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Split label init out from the logic for getting config data (bsc#1111921, bsc#1113408). - nvdimm: Split label init out from the logic for getting config data (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Use namespace index data to reduce number of label reads needed (bsc#1111921, bsc#1113408). - nvdimm: Use namespace index data to reduce number of label reads needed (bsc#1111921, bsc#1113408, bsc#1113972). - of: add helper to lookup compatible child node (bsc#1106110) - orangefs: fix deadlock; do not write i_size in read_iter (bsc#1051510). - orangefs: initialize op on loop restart in orangefs_devreq_read (bsc#1051510). - orangefs_kill_sb(): deal with allocation failures (bsc#1051510). - orangefs: use list_for_each_entry_safe in purge_waiting_ops (bsc#1051510). - ovl: fix format of setxattr debug (git-fixes). - ovl: Sync upper dirty data when syncing overlayfs (git-fixes). - PCI/ASPM: Fix link_state teardown on device removal (bsc#1051510). - PCI: hv: Do not wait forever on a device that has disappeared (bsc#1109806). - PCI: hv: Use effective affinity mask (bsc#1109772). - PCI: Reprogram bridge prefetch registers on resume (bsc#1051510). - pipe: match pipe_max_size data type with procfs (git-fixes). - PM / Domains: Fix genpd to deal with drivers returning 1 from ->prepare() (bsc#1051510). - powerpc/kvm/booke: Fix altivec related build break (bsc#1061840). - powerpc/kvm: Switch kvm pmd allocator to custom allocator (bsc#1061840). - powerpc/mm/hugetlb: initialize the pagetable cache correctly for hugetlb (bsc#1091800). - powerpc/mm: Rename find_linux_pte_or_hugepte() (bsc#1061840). - powerpc/numa: Skip onlining a offline node in kdump path (bsc#1109784). - powerpc/powernv: Add indirect levels to it_userspace (bsc#1061840). - powerpc/powernv/ioda2: Reduce upper limit for DMA window size (bsc#1055120). - powerpc/powernv/ioda: Allocate indirect TCE levels on demand (bsc#1061840). - powerpc/powernv/ioda: Finish removing explicit max window size check (bsc#1061840). - powerpc/powernv/ioda: Remove explicit max window size check (bsc#1061840). - powerpc/powernv: Move TCE manupulation code to its own file (bsc#1061840). - powerpc/powernv: Rework TCE level allocation (bsc#1061840). - powerpc/pseries: Fix build break for SPLPAR=n and CPU hotplug (bsc#1079524, git-fixes). - powerpc/pseries: Fix CONFIG_NUMA=n build (bsc#1067906, git-fixes). - powerpc/pseries: Fix 'OF: ERROR: Bad of_node_put() on /cpus' during DLPAR (bsc#1113295). - powerpc: pseries: remove dlpar_attach_node dependency on full path (bsc#1113295). - powerpc/rtas: Fix a potential race between CPU-Offline & Migration (bsc#1111870). - powerpc/xive: Move definition of ESB bits (bsc#1061840). - powerpc/xmon: Add ISA v3.0 SPRs to SPR dump (bsc#1061840). - printk: drop in_nmi check from printk_safe_flush_on_panic() (bsc#1112170). - printk/tracing: Do not trace printk_nmi_enter() (bsc#1112208). - proc: restrict kernel stack dumps to root (git-fixes). blacklist.conf: - qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface (bsc#1051510). - qrtr: add MODULE_ALIAS macro to smd (bsc#1051510). - r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED (bsc#1051510). - race of lockd inetaddr notifiers vs nlmsvc_rqst change (git-fixes). - RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 (git-fixes). - random: rate limit unseeded randomness warnings (git-fixes). - rculist: add list_for_each_entry_from_rcu() (bsc#1084760). - rculist: Improve documentation for list_for_each_entry_from_rcu() (bsc#1084760). - reiserfs: add check to detect corrupted directory entry (bsc#1109818). - reiserfs: do not panic on bad directory entries (bsc#1109818). - rename a hv patch to reduce conflicts in -AZURE - reorder a qedi patch to allow further work in this branch - resource: Include resource end in walk_*() interfaces (bsc#1114279). - Revert 'drm/amdgpu: Add an ATPX quirk for hybrid laptop' (bsc#1051510). - Revert 'drm/i915/gvt: set max priority for gvt context' (bsc#1051510). - Revert 'gpio: set up initial state from .get_direction()' (bsc#1051510). - Revert 'iommu/io-pgtable: Avoid redundant TLB syncs' (bsc#1106237). - Revert 'mwifiex: fix incorrect ht capability problem' (bsc#1051510). - Revert 'mwifiex: handle race during mwifiex_usb_disconnect' (bsc#1051510). - Revert 'pinctrl: sunxi: Do not enforce bias disable (for now)' (bsc#1051510). - rpc_pipefs: fix double-dput() (bsc#1051510). - rpmsg: Correct support for MODULE_DEVICE_TABLE() (git-fixes). - sched/numa: Limit the conditions where scan period is reset (). - scripts/series2git: - scripts/series2git: Revert the change mistakenly taken A 'fix' for series2git went in mistakenly among other patches. Revert it here. It'll be picked up from a proper branch if need. - scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246). - scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246). - scsi: ipr: Eliminate duplicate barriers (). - scsi: ipr: fix incorrect indentation of assignment statement (). - scsi: ipr: Use dma_pool_zalloc() (). - scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1104731). - scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1104731). - scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731). - scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731). - scsi: qla2xxx: do not allow negative thresholds (bsc#1108870). - scsi: qla2xxx: Fix driver hang when FC-NVMe LUNs are configured (bsc#1108870). - scsi: qla2xxx: Fix duplicate switch database entries (bsc#1108870). - scsi: qla2xxx: Fix for double free of SRB structure (bsc#1108870). - scsi: qla2xxx: Fix memory leak for allocating abort IOCB (bsc#1111830). - scsi: qla2xxx: Fix NVMe session hang on unload (bsc#1108870). - scsi: qla2xxx: Fix NVMe Target discovery (bsc#1108870). - scsi: qla2xxx: Fix recursive mailbox timeout (bsc#1108870). - scsi: qla2xxx: Fix re-using LoopID when handle is in use (bsc#1108870). - scsi: qla2xxx: Move log messages before issuing command to firmware (bsc#1108870). - scsi: qla2xxx: Return switch command on a timeout (bsc#1108870). - scsi: target: prefer dbroot of /etc/target over /var/target (bsc#1111928). - serial: 8250: Fix clearing FIFOs in RS485 mode again (bsc#1051510). - signal: Properly deliver SIGSEGV from x86 uprobes (bsc#1110006). - smb2: fix missing files in root share directory listing (bsc#1112907). - smb2: fix missing files in root share directory listing (bsc#1112907). - smb3: fill in statfs fsid and correct namelen (bsc#1112905). - smb3: fill in statfs fsid and correct namelen (bsc#1112905). - smb3: fix reset of bytes read and written stats (bsc#1112906). - smb3: fix reset of bytes read and written stats (bsc#1112906). - smb3: on reconnect set PreviousSessionId field (bsc#1112899). - smb3: on reconnect set PreviousSessionId field (bsc#1112899). - sock_diag: fix use-after-free read in __sk_free (bsc#1051510). - soc/tegra: pmc: Fix child-node lookup (bsc#1051510). - soreuseport: initialise timewait reuseport field (bsc#1051510). - sound: do not call skl_init_chip() to reset intel skl soc (bsc#1051510). - sound: enable interrupt after dma buffer initialization (bsc#1051510). - spi/bcm63xx-hsspi: keep pll clk enabled (bsc#1051510). - spi: bcm-qspi: switch back to reading flash using smaller chunks (bsc#1051510). - spi: sh-msiof: fix deferred probing (bsc#1051510). - squashfs: be more careful about metadata corruption (bsc#1051510). - Squashfs: Compute expected length from inode size rather than block length (bsc#1051510). - squashfs metadata 2: electric boogaloo (bsc#1051510). - squashfs: more metadata hardening (bsc#1051510). - squashfs: more metadata hardening (bsc#1051510). - staging: comedi: ni_mio_common: protect register write overflow (bsc#1051510). - stm: Potential read overflow in stm_char_policy_set_ioctl() (bsc#1051510). - supported.conf: mark raspberrypi-hwmon as supported - switchtec: Fix Spectre v1 vulnerability (bsc#1051510). - sysfs: Do not return POSIX ACL xattrs via listxattr (git-fixes). - target: log Data-Out timeouts as errors (bsc#1095805). - target: log NOP ping timeouts as errors (bsc#1095805). - target: split out helper for cxn timeout error stashing (bsc#1095805). - target: stash sess_err_stats on Data-Out timeout (bsc#1095805). - target: use ISCSI_IQN_LEN in iscsi_target_stat (bsc#1095805). - team: Forbid enslaving team device to itself (bsc#1051510). - tools build: fix # escaping in .cmd files for future Make (git-fixes). - tools/testing/nvdimm: advertise a write cache for nfit_test (bsc#112128). - tools/testing/nvdimm: allow custom error code injection (bsc#112128). - tools/testing/nvdimm: disable labels for nfit_test.1 (bsc#112128). - tools/testing/nvdimm: enable labels for nfit_test.1 dimms (bsc#112128). - tools/testing/nvdimm: fix missing newline in nfit_test_dimm 'handle' attribute (bsc#112128). - tools/testing/nvdimm: Fix support for emulating controller temperature (bsc#112128). - tools/testing/nvdimm: force nfit_test to depend on instrumented modules (bsc#112128). - tools/testing/nvdimm: improve emulation of smart injection (bsc#112128). - tools/testing/nvdimm: kaddr and pfn can be NULL to ->direct_access() (bsc#112128). - tools/testing/nvdimm: Make DSM failure code injection an override (bsc#112128). - tools/testing/nvdimm: smart alarm/threshold control (bsc#112128). - tools/testing/nvdimm: stricter bounds checking for error injection commands (bsc#112128). - tools/testing/nvdimm: support nfit_test_dimm attributes under nfit_test.1 (bsc#112128). - tools/testing/nvdimm: unit test clear-error commands (bsc#112128). - tools/vm/page-types.c: fix 'defined but not used' warning (bsc#1051510). - tools/vm/slabinfo.c: fix sign-compare warning (bsc#1051510). - tracing: Add barrier to trace_printk() buffer nesting modification (bsc#1112219). - tty: Do not block on IO when ldisc change is pending (bnc#1105428). - tty: fix data race between tty_init_dev and flush of buf (bnc#1105428). - tty: Hold tty_ldisc_lock() during tty_reopen() (bnc#1105428). - tty/ldsem: Add lockdep asserts for ldisc_sem (bnc#1105428). - tty/ldsem: Convert to regular lockdep annotations (bnc#1105428). - tty/ldsem: Decrement wait_readers on timeouted down_read() (bnc#1105428). - tty/ldsem: Wake up readers after timed out down_write() (bnc#1105428). - tty: Simplify tty->count math in tty_reopen() (bnc#1105428). - Update patches.arch/KVM-PPC-Book3S-HV-Snapshot-timebase-offset-on-guest-.patch (bsc#1061840, bsc#1086196). - Update patches.arch/powerpc-powernv-ioda2-Reduce-upper-limit-for-DMA-win.patch (bsc#1061840, bsc#1055120). - Update patches.fixes/0002-nfs41-do-not-return-ENOMEM-on-LAYOUTUNAVAILABLE.patch (git-fixes, bsc#1103925). - Update patches.fixes/libnvdimm-dimm-maximize-label-transfer-size.patch (bsc#1111921, bsc#1113408, bsc#1113972). - Update patches.fixes/libnvdimm-label-change-nvdimm_num_label_slots-per-uefi-2-7.patch (bsc#1111921, bsc#1113408, bsc#1113972). - Update patches.fixes/libnvdimm-label-fix-sparse-warning.patch (bsc#1111921, bsc#1113408, bsc#1113972). - Update patches.fixes/nvdimm-clarify-comment-in-sizeof_namespace_index.patch (bsc#1111921, bsc#1113408, bsc#1113972). - Update patches.fixes/nvdimm-remove-empty-if-statement.patch (bsc#1111921, bsc#1113408, bsc#1113972). - Update patches.fixes/nvdimm-sanity-check-labeloff.patch (bsc#1111921, bsc#1113408, bsc#1113972). - Update patches.fixes/nvdimm-split-label-init-out-from-the-logic-for-getting-config-data.patch (bsc#1111921, bsc#1113408, bsc#1113972). - Update patches.fixes/nvdimm-use-namespace-index-data-to-reduce-number-of-label-reads-needed.patch (bsc#1111921, bsc#1113408, bsc#1113972). - usb: chipidea: Prevent unbalanced IRQ disable (bsc#1051510). - usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] (bsc#1051510). - usb: gadget: fsl_udc_core: check allocation return value and cleanup on failure (bsc#1051510). - usb: gadget: fsl_udc_core: fixup struct_udc_setup documentation (bsc#1051510). - usbip: tools: fix atoi() on non-null terminated string (bsc#1051510). - USB: remove LPM management from usb_driver_claim_interface() (bsc#1051510). - USB: serial: cypress_m8: fix interrupt-out transfer length (bsc#1051510). - USB: serial: simple: add Motorola Tetra MTP6550 id (bsc#1051510). - usb: xhci-mtk: resume USB3 roothub first (bsc#1051510). - USB: yurex: Check for truncation in yurex_read() (bsc#1051510). - userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access (bsc#1109739). - use the new async probing feature for the hyperv drivers (bsc#1109772). - Use upstream version of pci-hyperv patch (35a88a1) - VFS: close race between getcwd() and d_move() (git-fixes). - vfs: fix freeze protection in mnt_want_write_file() for overlayfs (git-fixes). - vmbus: do not return values for uninitalized channels (bsc#1051510). - vti4: Do not count header length twice on tunnel setup (bsc#1051510). - vti6: fix PMTU caching and reporting on xmit (bsc#1051510). - vti6: remove !skb->ignore_df check from vti6_xmit() (bsc#1051510). - Workaround for mysterious NVMe breakage with i915 CFL (bsc#1111040). - x86/acpi: Prevent X2APIC id 0xffffffff from being accounted (bsc#1110006). - x86/boot/KASLR: Work around firmware bugs by excluding EFI_BOOT_SERVICES_* and EFI_LOADER_* from KASLR's choice (bnc#1112878). - x86/boot: Move EISA setup to a separate file (bsc#1110006). - x86/cpufeature: Add User-Mode Instruction Prevention definitions (bsc#1110006). - x86/cpufeatures: Add Intel Total Memory Encryption cpufeature (bsc#1110006). - x86/eisa: Add missing include (bsc#1110006). - x86/EISA: Do not probe EISA bus for Xen PV guests (bsc#1110006). - x86/fpu: Remove second definition of fpu in __fpu__restore_sig() (bsc#1110006). - x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772). - x86/kasan: Panic if there is not enough memory to boot (bsc#1110006). - x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error (bsc#1114279). - x86/MCE: Fix stack out-of-bounds write in mce-inject.c: Flags_read() (bsc#1110006). - x86, nfit_test: Add unit test for memcpy_mcsafe() (bsc#112128). - x86/paravirt: Fix some warning messages (bnc#1065600). - x86/percpu: Fix this_cpu_read() (bsc#1110006). - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bsc#1105536). - x86/time: Correct the attribute on jiffies' definition (bsc#1110006). - xen/gntdev: avoid out of bounds access in case of partial gntdev_mmap() (bnc#1065600). - xen: Remove unnecessary BUG_ON from __unbind_from_irq() (bnc#1065600). - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent (bnc#1065600). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfs: do not fail when converting shortform attr to long form during ATTR_REPLACE (bsc#1105025). - xfs: do not fail when converting shortform attr to long form during ATTR_REPLACE (bsc#1105025). - xhci: Add missing CAS workaround for Intel Sunrise Point xHCI (bsc#1051510). - xhci: Do not print a warning when setting link state for disabled ports (bsc#1051510). Important SUSE bug 1051510 SUSE bug 1055120 SUSE bug 1061840 SUSE bug 1065600 SUSE bug 1066674 SUSE bug 1067906 SUSE bug 1076830 SUSE bug 1079524 SUSE bug 1083647 SUSE bug 1084760 SUSE bug 1084831 SUSE bug 1086196 SUSE bug 1091800 SUSE bug 1094825 SUSE bug 1095805 SUSE bug 1100132 SUSE bug 1101138 SUSE bug 1103356 SUSE bug 1103543 SUSE bug 1103925 SUSE bug 1104124 SUSE bug 1104731 SUSE bug 1105025 SUSE bug 1105428 SUSE bug 1105536 SUSE bug 1106110 SUSE bug 1106237 SUSE bug 1106240 SUSE bug 1106287 SUSE bug 1106359 SUSE bug 1106838 SUSE bug 1108377 SUSE bug 1108468 SUSE bug 1108870 SUSE bug 1109330 SUSE bug 1109739 SUSE bug 1109772 SUSE bug 1109784 SUSE bug 1109806 SUSE bug 1109818 SUSE bug 1109907 SUSE bug 1109911 SUSE bug 1109915 SUSE bug 1109919 SUSE bug 1109951 SUSE bug 1110006 SUSE bug 1111040 SUSE bug 1111076 SUSE bug 1111506 SUSE bug 1111806 SUSE bug 1111811 SUSE bug 1111819 SUSE bug 1111830 SUSE bug 1111834 SUSE bug 1111841 SUSE bug 1111870 SUSE bug 1111901 SUSE bug 1111904 SUSE bug 1111921 SUSE bug 1111928 SUSE bug 1111983 SUSE bug 1112170 SUSE bug 1112173 SUSE bug 1112208 SUSE bug 1112219 SUSE bug 1112221 SUSE bug 1112246 SUSE bug 1112372 SUSE bug 1112514 SUSE bug 1112554 SUSE bug 1112708 SUSE bug 1112710 SUSE bug 1112711 SUSE bug 1112712 SUSE bug 1112713 SUSE bug 1112731 SUSE bug 1112732 SUSE bug 1112733 SUSE bug 1112734 SUSE bug 1112735 SUSE bug 1112736 SUSE bug 1112738 SUSE bug 1112739 SUSE bug 1112740 SUSE bug 1112741 SUSE bug 1112743 SUSE bug 1112745 SUSE bug 1112746 SUSE bug 1112878 SUSE bug 1112894 SUSE bug 1112899 SUSE bug 1112902 SUSE bug 1112903 SUSE bug 1112905 SUSE bug 1112906 SUSE bug 1112907 SUSE bug 1113257 SUSE bug 1113284 SUSE bug 1113295 SUSE bug 1113408 SUSE bug 1113667 SUSE bug 1113722 SUSE bug 1113751 SUSE bug 1113780 SUSE bug 1113972 SUSE bug 1114279 CVE-2017-16533 CVE-2017-18224 CVE-2018-18386 CVE-2018-18445 CVE-2018-18710 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssl-1_1 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-0735: Fixed timing vulnerability in ECDSA signature generation (bsc#1113651). Non-security issues fixed: - Fixed infinite loop in DSA generation with incorrect parameters (bsc#1112209). Moderate SUSE bug 1112209 SUSE bug 1113651 SUSE bug 1113652 CVE-2018-0734 CVE-2018-0735 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ncurses fixes the following issue: Security issue fixed: - CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929). Important SUSE bug 1115929 CVE-2018-19211 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssl-1_0_0 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534). - Add missing timing side channel patch for DSA signature generation (bsc#1113742). Non-security issues fixed: - Fixed infinite loop in DSA generation with incorrect parameters (bsc#1112209). - Set TLS version to 0 in msg_callback for record messages to avoid confusing applications (bsc#1100078). Moderate SUSE bug 1100078 SUSE bug 1112209 SUSE bug 1113534 SUSE bug 1113652 SUSE bug 1113742 CVE-2018-0734 CVE-2018-5407 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2018-18544: Fixed memory leak in the function WriteMSLImage (bsc#1113064). Non-security issues fixed: - Improve import documentation (bsc#1057246). - Allow override system security policy (bsc#1117463). - asan_build: build ASAN included - debug_build: build more suitable for debugging Moderate SUSE bug 1057246 SUSE bug 1113064 SUSE bug 1117463 CVE-2018-18544 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python-cryptography, python-pyOpenSSL fixes the following issues: Security issues fixed: - CVE-2018-1000808: A memory leak due to missing reference checking in PKCS#12 store handling was fixed (bsc#1111634) - CVE-2018-1000807: A use-after-free in X509 object handling was fixed (bsc#1111635) - avoid bad interaction with python-cryptography package. (bsc#1021578) Important SUSE bug 1021578 SUSE bug 1111634 SUSE bug 1111635 CVE-2018-1000807 CVE-2018-1000808 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 java-1_8_0-ibm was updated to Java 8.0 Service Refresh 5 Fix Pack 25 (bsc#1116574) * Class Libraries: - IJ10934 CVE-2018-13785 - IJ10935 CVE-2018-3136 - IJ10895 CVE-2018-3139 - IJ10932 CVE-2018-3149 - IJ10894 CVE-2018-3180 - IJ10930 CVE-2018-3183 - IJ10933 CVE-2018-3214 - IJ09315 FLOATING POINT EXCEPTION FROM JAVA.TEXT.DECIMALFORMAT. FORMAT - IJ09088 INTRODUCING A NEW PROPERTY FOR TURKEY TIMEZONE FOR PRODUCTS NOT IDENTIFYING TRT - IJ10800 REMOVE EXPIRING ROOT CERTIFICATES IN IBM JDK’S CACERTS. - IJ10566 SUPPORT EBCDIC CODE PAGE IBM-274 – BELGIUM EBCDIC * Java Virtual Machine - IJ08730 APPLICATION SIGNAL HANDLER NOT INVOKED FOR SIGABRT - IJ10453 ASSERTION FAILURE AT CLASSPATHITEM.CPP - IJ09574 CLASSLOADER DEFINED THROUGH SYSTEM PROPERTY ‘JAVA.SYSTEM.CLASS.LOADE R’ IS NOT HONORED. - IJ10931 CVE-2018-3169 - IJ10618 GPU SORT: UNSPECIFIED LAUNCH FAILURE - IJ10619 INCORRECT ILLEGALARGUMENTEXCEPTION BECAUSE OBJECT IS NOT AN INSTANCE OF DECLARING CLASS ON REFLECTIVE INVOCATION - IJ10135 JVM HUNG IN GARBAGECOLLECTORMXBEAN.G ETLASTGCINFO() API - IJ10680 RECURRENT ABORTED SCAVENGE * ORB - IX90187 CLIENTREQUESTIMPL.REINVO KE FAILS WITH JAVA.LANG.INDEXOUTOFBOUN DSEXCEPTION * Reliability and Serviceability - IJ09600 DTFJ AND JDMPVIEW FAIL TO PARSE WIDE REGISTER VALUES * Security - IJ10492 'EC KEYSIZE < 384' IS NOT HONORED USING THE 'JDK.TLS.DISABLEDALGORIT HMS' SECURITY PROPERTY - IJ10310 ADD NULL CHECKING ON THE ENCRYPTION TYPES LIST TO CREDENTIALS.GETDEFAULTNA TIVECREDS() METHOD - IJ10491 AES/GCM CIPHER – AAD NOT RESET TO UN-INIT STATE AFTER DOFINAL( ) AND INIT( ) - IJ08442 HTTP PUBLIC KEY PINNING FINGERPRINT,PROBLEM WITH CONVERTING TO JKS KEYSTORE - IJ09107 IBMPKCS11IMPL CRYPTO PROVIDER – INTERMITTENT ERROR WITH SECP521R1 SIGNATURE ON Z/OS - IJ10136 IBMPKCS11IMPL – INTERMITTENT ERROR WITH SECP521R1 SIG ON Z/OS AND Z/LINUX - IJ08530 IBMPKCS11IMPL PROVIDER USES THE WRONG RSA CIPHER MECHANISM FOR THE RSA/ECB/PKCS1PADDING CIPHER - IJ08723 JAAS THROWS A ‘ARRAY INDEX OUT OF RANGE’ EXCEPTION - IJ08704 THE SECURITY PROPERTY ‘JDK.CERTPATH.DISABLEDAL GORITHMS’ IS MISTAKENLY BEING USED TO FILTER JAR SIGNING ALGORITHMS * z/OS Extentions - PH03889 ADD SUPPORT FOR TRY-WITH-RESOURCES TO COM.IBM.JZOS.ENQUEUE - PH03414 ROLLOVER FROM SYE TO SAE FOR ICSF REASON CODE 3059 - PH04008 ZERTJSSE – Z SYSTEMS ENCRYPTION READINESS TOOL (ZERT) NEW SUPPORT IN THE Z/OS JAVA SDK This includes the update to Java 8.0 Service Refresh 5 Fix Pack 22: * Java Virtual Machine - IJ09139 CUDA4J NOT AVAILABLE ON ALL PLATFORMS * JIT Compiler - IJ09089 CRASH DURING COMPILATION IN USEREGISTER ON X86-32 - IJ08655 FLOATING POINT ERROR (SIGFPE) IN ZJ9SYM1 OR ANY VM/JIT MODULE ON AN INSTRUCTION FOLLOWING A VECTOR INSTRUCTION - IJ08850 CRASH IN ARRAYLIST$ITR.NEXT() - IJ09601 JVM CRASHES ON A SIGBUS SIGNAL WHEN ACCESSING A DIRECTBYTEBUFFER * z/OS Extentions - PH02999 JZOS data management classes accept dataset names in code pages supported by z/OS system services - PH01244 OUTPUT BUFFER TOO SHORT FOR GCM MODE ENCRYPTION USING IBMJCEHYBRID Also the update to Java 8.0 Service Refresh 5 Fix Pack 21 * Class Libraries - IJ08569 JAVA.IO.IOEXCEPTION OCCURS WHEN A FILECHANNEL IS BIGGER THAN 2GB ON AIX PLATFORM - IJ08570 JAVA.LANG.UNSATISFIEDLIN KERROR WITH JAVA OPTION -DSUN.JAVA2D.CMM=SUN.JAV A2D.CMM.KCMS.KCMSSERVICE PROVIDER ON AIX PLATFORM * Java Virtual Machine - IJ08001 30% THROUGHPUT DROP FOR CERTAIN SYNCHRONIZATION WORKLOADS - IJ07997 TRACEASSERT IN GARBAGE COLLECTOR(MEMORYSUBSPACE) * JIT Compiler - IJ08503 ASSERTION IS HIT DUE TO UNEXPECTED STACK HEIGHT IN DEBUGGING MODE - IJ08375 CRASH DURING HARDWARE GENERATED GUARDED STORAGE EVENT WITHIN A TRANSACTIONAL EXECUTION REGION WHEN RUNNING WITH -XGC:CONCURRENTS - IJ08205 CRASH WHILE COMPILING - IJ09575 INCORRECT RESULT WHEN USING JAVA.LANG.MATH.MIN OR MAX ON 31-BIT JVM - IJ07886 INCORRECT CALUCATIONS WHEN USING NUMBERFORMAT.FORMAT() AND BIGDECIMAL.{FLOAT/DOUBLE }VALUE() Important SUSE bug 1116574 CVE-2018-13785 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2018-3214 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removed entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry could remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769). - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751). - CVE-2018-18445: Faulty computation of numeric bounds in the BPF verifier permitted out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandled 32-bit right shifts (bnc#1112372). - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). - CVE-2017-18224: fs/ocfs2/aops.c omitted use of a semaphore and consequently had a race condition for access to the extent tree during read operations in DIRECT mode, which allowed local users to cause a denial of service (BUG) by modifying a certain e_cpos field (bnc#1084831). - CVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674). The following non-security bugs were fixed: - ACPI/APEI: Handle GSIV and GPIO notification types (bsc#1115567). - ACPICA: Tables: Add WSMT support (bsc#1089350). - ACPI/IORT: Fix iort_get_platform_device_domain() uninitialized pointer value (bsc#1051510). - ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers (bsc#1051510). - ACPI, nfit: Fix ARS overflow continuation (bsc#1116895). - ACPI, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#1112128). - ACPI/nfit, x86/mce: Handle only uncorrectable machine checks (bsc#1114279). - ACPI/nfit, x86/mce: Validate a MCE's address before using it (bsc#1114279). - ACPI / platform: Add SMB0001 HID to forbidden_id_list (bsc#1051510). - ACPI / processor: Fix the return value of acpi_processor_ids_walk() (bsc#1051510). - ACPI / watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM (bsc#1051510). - act_ife: fix a potential use-after-free (networking-stable-18_09_11). - Add the cherry-picked dup id for PCI dwc fix - Add version information to KLP_SYMBOLS file - ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write (bsc#1051510). - ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bsc#1051510). - ALSA: control: Fix race between adding and removing a user element (bsc#1051510). - ALSA: hda: Add 2 more models to the power_save blacklist (bsc#1051510). - ALSA: hda: Add ASRock N68C-S UCC the power_save blacklist (bsc#1051510). - ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905) (bsc#1051510). - ALSA: hda - Add quirk for ASUS G751 laptop (bsc#1051510). - ALSA: hda/ca0132 - Call pci_iounmap() instead of iounmap() (bsc#1051510). - ALSA: hda - Fix headphone pin config for ASUS G751 (bsc#1051510). - ALSA: hda: fix unused variable warning (bsc#1051510). - ALSA: hda/realtek - Add auto-mute quirk for HP Spectre x360 laptop (bsc#1051510). - ALSA: hda/realtek - Add GPIO data update helper (bsc#1051510). - ALSA: hda/realtek - Allow skipping spec->init_amp detection (bsc#1051510). - ALSA: hda/realtek - fix headset mic detection for MSI MS-B171 (bsc#1051510). - ALSA: hda/realtek - Fix HP Headset Mic can't record (bsc#1051510). - ALSA: hda/realtek - fix the pop noise on headphone for lenovo laptops (bsc#1051510). - ALSA: hda/realtek - Fix the problem of the front MIC on the Lenovo M715 (bsc#1051510). - ALSA: hda/realtek - Manage GPIO bits commonly (bsc#1051510). - ALSA: hda/realtek - Simplify Dell XPS13 GPIO handling (bsc#1051510). - ALSA: hda/realtek - Support ALC300 (bsc#1051510). - ALSA: oss: Use kvzalloc() for local buffer allocations (bsc#1051510). - ALSA: sparc: Fix invalid snd_free_pages() at error path (bsc#1051510). - ALSA: usb-audio: Add vendor and product name for Dell WD19 Dock (bsc#1051510). - ALSA: usb-audio: update quirk for B&W PX to remove microphone (bsc#1051510). - ALSA: wss: Fix invalid snd_free_pages() at error path (bsc#1051510). - amd/iommu: Fix Guest Virtual APIC Log Tail Address Register (bsc#1106105). - arm64: KVM: Move CPU ID reg trap setup off the world switch path (bsc#1110998). - arm64: KVM: Sanitize PSTATE.M when being set from userspace (bsc#1110998). - arm64: KVM: Tighten guest core register access from userspace (bsc#1110998). - ARM: dts: at91: add new compatibility string for macb on sama5d3 (bsc#1051510). - ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE to dwc (bsc#1085535) - ASoC: Intel: cht_bsw_max98090: add support for Baytrail (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0 (bsc#1051510). - ASoC: intel: skylake: Add missing break in skl_tplg_get_token() (bsc#1051510). - ASoC: Intel: Skylake: Reset the controller in probe (bsc#1051510). - ASoC: rsnd: adg: care clock-frequency size (bsc#1051510). - ASoC: rsnd: do not fallback to PIO mode when -EPROBE_DEFER (bsc#1051510). - ASoC: rt5514: Fix the issue of the delay volume applied again (bsc#1051510). - ASoC: sigmadsp: safeload should not have lower byte limit (bsc#1051510). - ASoC: sun8i-codec: fix crash on module removal (bsc#1051510). - ASoC: wm8804: Add ACPI support (bsc#1051510). - ata: Fix racy link clearance (bsc#1107866). - ataflop: fix error handling during setup (bsc#1051510). - ath10k: fix kernel panic issue during pci probe (bsc#1051510). - ath10k: fix scan crash due to incorrect length calculation (bsc#1051510). - ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait (bsc#1051510). - ath10k: schedule hardware restart if WMI command times out (bsc#1051510). - autofs: fix autofs_sbi() does not check super block type (git-fixes). - autofs: fix slab out of bounds read in getname_kernel() (git-fixes). - autofs: mount point create should honour passed in mode (git-fixes). - badblocks: fix wrong return value in badblocks_set if badblocks are disabled (git-fixes). - batman-adv: Avoid probe ELP information leak (bsc#1051510). - batman-adv: Expand merged fragment buffer for full packet (bsc#1051510). - batman-adv: fix backbone_gw refcount on queue_work() failure (bsc#1051510). - batman-adv: fix hardif_neigh refcount on queue_work() failure (bsc#1051510). - batman-adv: Use explicit tvlv padding for ELP packets (bsc#1051510). - bdi: Fix another oops in wb_workfn() (bsc#1112746). - bdi: Preserve kabi when adding cgwb_release_mutex (bsc#1112746). - bitops: protect variables in bit_clear_unless() macro (bsc#1051510). - bitops: protect variables in set_mask_bits() macro (bsc#1051510). - Blacklist commit that modifies Scsi_Host/kabi (bsc#1114579) - Blacklist sd_zbc patch that is too invasive (bsc#1114583) - Blacklist virtio patch that uses bio_integrity_bytes() (bsc#1114585) - blk-mq: I/O and timer unplugs are inverted in blktrace (bsc#1112713). - block, bfq: fix wrong init of saved start time for weight raising (bsc#1112708). - block: bfq: swap puts in bfqg_and_blkg_put (bsc#1112712). - block: copy ioprio in __bio_clone_fast() (bsc#1082653). - block: respect virtual boundary mask in bvecs (bsc#1113412). - Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bsc#1051510). - Bluetooth: SMP: fix crash in unpairing (bsc#1051510). - bnxt_en: Fix TX timeout during netpoll (networking-stable-18_10_16). - bnxt_en: free hwrm resources, if driver probe fails (networking-stable-18_10_16). - bonding: avoid possible dead-lock (networking-stable-18_10_16). - bonding: fix length of actor system (networking-stable-18_11_02). - bonding: fix warning message (networking-stable-18_10_16). - bonding: pass link-local packets to bonding master also (networking-stable-18_10_16). - bpf: fix partial copy of map_ptr when dst is scalar (bsc#1083647). - bpf, net: add skb_mac_header_len helper (networking-stable-18_09_24). - bpf/verifier: disallow pointer subtraction (bsc#1083647). - bpf: wait for running BPF programs when updating map-in-map (bsc#1083647). - brcmfmac: fix for proper support of 160MHz bandwidth (bsc#1051510). - brcmfmac: fix reporting support for 160 MHz channels (bsc#1051510). - brcmutil: really fix decoding channel info for 160 MHz bandwidth (bsc#1051510). - bridge: do not add port to router list when receives query with source 0.0.0.0 (networking-stable-18_11_02). - Btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency for bsc#1113667). - Btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667). - Btrfs: fix assertion failure during fsync in no-holes mode (bsc#1118136). - Btrfs: fix assertion on fsync of regular file when using no-holes feature (bsc#1118137). - Btrfs: fix cur_offset in the error case for nocow (bsc#1118140). - Btrfs: fix data corruption due to cloning of eof block (bsc#1116878). - Btrfs: fix deadlock on tree root leaf when finding free extent (bsc#1116876). - Btrfs: fix deadlock when writing out free space caches (bsc#1116700). - Btrfs: fix infinite loop on inode eviction after deduplication of eof block (bsc#1116877). - Btrfs: fix missing error return in btrfs_drop_snapshot (Git-fixes bsc#1109919). - Btrfs: fix null pointer dereference on compressed write path error (bsc#1116698). - Btrfs: fix use-after-free during inode eviction (bsc#1116701). - Btrfs: fix use-after-free when dumping free space (bsc#1116862). - Btrfs: fix warning when replaying log after fsync of a tmpfile (bsc#1116692). - Btrfs: fix wrong dentries after fsync of file that got its parent replaced (bsc#1116693). - Btrfs: handle errors while updating refcounts in update_ref_for_cow (Git-fixes bsc#1109915). - Btrfs: make sure we create all new block groups (bsc#1116699). - Btrfs: protect space cache inode alloc with GFP_NOFS (bsc#1116863). - Btrfs: send, fix infinite loop due to directory rename dependencies (bsc#1118138). - cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) (bsc#1051510). - can: dev: __can_get_echo_skb(): Do not crash the kernel if can_priv::echo_skb is accessed out of bounds (bsc#1051510). - can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() (bsc#1051510). - can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb (bsc#1051510). - can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length (bsc#1051510). - can: hi311x: Use level-triggered interrupt (bsc#1051510). - can: raw: check for CAN FD capable netdev in raw_sendmsg() (bsc#1051510). - can: rcar_can: Fix erroneous registration (bsc#1051510). - can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions (bsc#1051510). - cdc-acm: correct counting of UART states in serial state notification (bsc#1051510). - cdc-acm: do not reset notification buffer index upon urb unlinking (bsc#1051510). - cdc-acm: fix race between reset and control messaging (bsc#1051510). - ceph: avoid a use-after-free in ceph_destroy_options() (bsc#1111983). - ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839). - ceph: quota: fix null pointer dereference in quota check (bsc#1114839). - cfg80211: Address some corner cases in scan result channel updating (bsc#1051510). - cfg80211: fix use-after-free in reg_process_hint() (bsc#1051510). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902). - cifs: fix memory leak in SMB2_open() (bsc#1112894). - cifs: Fix use after free of a mid_q_entry (bsc#1112903). - clk: at91: Fix division by zero in PLL recalc_rate() (bsc#1051510). - clk: fixed-factor: fix of_node_get-put imbalance (bsc#1051510). - clk: fixed-rate: fix of_node_get-put imbalance (bsc#1051510). - clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk (bsc#1051510). - clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call (bsc#1051510). - clk: s2mps11: Add used attribute to s2mps11_dt_match (bsc#1051510). - clk: s2mps11: Fix matching when built as module and DT node contains compatible (bsc#1051510). - clk: samsung: exynos5420: Enable PERIS clocks for suspend (bsc#1051510). - clk: x86: add 'ether_clk' alias for Bay Trail / Cherry Trail (bsc#1051510). - clk: x86: Stop marking clocks as CLK_IS_CRITICAL (bsc#1051510). - clockevents/drivers/i8253: Add support for PIT shutdown quirk (bsc#1051510). - clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs (bsc#1051510). - clocksource/drivers/timer-atmel-pit: Properly handle error cases (bsc#1051510). - coda: fix 'kernel memory exposure attempt' in fsync (bsc#1051510). - configfs: replace strncpy with memcpy (bsc#1051510). - crypto: caam - fix implicit casts in endianness helpers (bsc#1051510). - crypto: chelsio - Fix memory corruption in DMA Mapped buffers (bsc#1051510). - crypto: lrw - Fix out-of bounds access on counter overflow (bsc#1051510). - crypto: simd - correctly take reqsize of wrapped skcipher into account (bsc#1051510). - crypto: tcrypt - fix ghash-generic speed test (bsc#1051510). - dax: Fix deadlock in dax_lock_mapping_entry() (bsc#1109951). - debugobjects: Make stack check warning more informative (bsc#1051510). - Documentation/l1tf: Fix small spelling typo (bsc#1051510). - Documentation/l1tf: Fix typos (bsc#1051510). - Documentation/l1tf: Remove Yonah processors from not vulnerable list (bsc#1051510). - do d_instantiate/unlock_new_inode combinations safely (git-fixes). - Do not leak MNT_INTERNAL away from internal mounts (git-fixes). - driver/dma/ioat: Call del_timer_sync() without holding prep_lock (bsc#1051510). - drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type (bsc#1051510). - drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 (bsc#1051510). - drm/amdgpu: Fix vce work queue was not cancelled when suspend (bsc#1106110) - drm/amdgpu/powerplay: fix missing break in switch statements (bsc#1113722) - drm/ast: change resolution may cause screen blurred (boo#1112963). - drm/ast: fixed cursor may disappear sometimes (bsc#1051510). - drm/ast: Fix incorrect free on ioregs (bsc#1051510). - drm/ast: Remove existing framebuffers before loading driver (boo#1112963) - drm/dp_mst: Check if primary mstb is null (bsc#1051510). - drm/dp_mst: Skip validating ports during destruction, just ref (bsc#1051510). - drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510). - drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl (bsc#1113722) - drm/edid: VSDB yCBCr420 Deep Color mode bit definitions (bsc#1051510). - drm: fb-helper: Reject all pixel format changing requests (bsc#1113722) - drm/hisilicon: hibmc: Do not carry error code in HiBMC framebuffer (bsc#1113722) - drm/hisilicon: hibmc: Do not overwrite fb helper surface depth (bsc#1113722) - drm/i915/audio: Hook up component bindings even if displays are (bsc#1113722) - drm/i915: Do not oops during modeset shutdown after lpe audio deinit (bsc#1051510). - drm/i915: Do not unset intel_connector->mst_port (bsc#1051510). - drm/i915/dp: Link train Fallback on eDP only if fallback link BW can fit panel's native mode (bsc#1051510). - drm/i915/execlists: Force write serialisation into context image vs execution (bsc#1051510). - drm/i915: Fix ilk+ watermarks when disabling pipes (bsc#1051510). - drm/i915/gen9+: Fix initial readout for Y tiled framebuffers (bsc#1113722) - drm/i915/glk: Add Quirk for GLK NUC HDMI port issues (bsc#1051510). - drm/i915/glk: Remove 99% limitation (bsc#1051510). - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bsc#1051510). - drm/i915: Large page offsets for pread/pwrite (bsc#1051510). - drm/i915: Mark pin flags as u64 (bsc#1051510). - drm/i915: Restore vblank interrupts earlier (bsc#1051510). - drm/i915: Skip vcpi allocation for MSTB ports that are gone (bsc#1051510). - drm/i915: Write GPU relocs harder with gen3 (bsc#1051510). - drm: mali-dp: Call drm_crtc_vblank_reset on device init (bsc#1051510). - drm/mediatek: fix OF sibling-node lookup (bsc#1106110) - drm/meson: add support for 1080p25 mode (bsc#1051510). - drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config (bsc#1051510). - drm/meson: Fix OOB memory accesses in meson_viu_set_osd_lut() (bsc#1051510). - drm/msm: fix OF child-node lookup (bsc#1106110) - drm/nouveau: Check backlight IDs are >= 0, not > 0 (bsc#1051510). - drm/nouveau: Do not disable polling in fallback mode (bsc#1103356). - drm/omap: fix memory barrier bug in DMM driver (bsc#1051510). - drm/rockchip: Allow driver to be shutdown on reboot/kexec (bsc#1051510). - drm/sti: do not remove the drm_bridge that was never added (bsc#1100132) - drm/sun4i: Fix an ulong overflow in the dotclock driver (bsc#1106110) - drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset() (bsc#1113722) - e1000: check on netif_running() before calling e1000_up() (bsc#1051510). - e1000: ensure to free old tx/rx rings in set_ringparam() (bsc#1051510). - EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting (bsc#1114279). - EDAC: Raise the maximum number of memory controllers (bsc#1113780). - EDAC, skx_edac: Fix logical channel intermediate decoding (bsc#1114279). - EDAC, thunderx: Fix memory leak in thunderx_l2c_threaded_isr() (bsc#1114279). - eeprom: at24: change nvmem stride to 1 (bsc#1051510). - eeprom: at24: check at24_read/write arguments (bsc#1051510). - eeprom: at24: correctly set the size for at24mac402 (bsc#1051510). - Enable LSPCON instead of blindly disabling HDMI - enic: do not call enic_change_mtu in enic_probe (bsc#1051510). - enic: handle mtu change for vf properly (bsc#1051510). - enic: initialize enic->rfs_h.lock in enic_probe (bsc#1051510). - ethtool: fix a privilege escalation bug (bsc#1076830). - ext2, dax: set ext2_dax_aops for dax files (bsc#1112554). - ext4: add missing brelse() add_new_gdb_meta_bg()'s error path (bsc#1117795). - ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path (bsc#1117794). - ext4: add missing brelse() update_backups()'s error path (bsc#1117796). - ext4: avoid arithemetic overflow that can trigger a BUG (bsc#1112736). - ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802). - ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty() (bsc#1117801). - ext4: avoid divide by zero fault when deleting corrupted inline directories (bsc#1112735). - ext4: avoid potential extra brelse in setup_new_flex_group_blocks() (bsc#1117792). - ext4: check for NUL characters in extended attribute's name (bsc#1112732). - ext4: check to make sure the rename(2)'s destination is not freed (bsc#1112734). - ext4: do not mark mmp buffer head dirty (bsc#1112743). - ext4: fix buffer leak in __ext4_read_dirblock() on error path (bsc#1117807). - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806). - ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing (bsc#1117798). - ext4: fix online resize's handling of a too-small final block group (bsc#1112739). - ext4: fix online resizing for bigalloc file systems with a 1k block size (bsc#1112740). - ext4: fix possible inode leak in the retry loop of ext4_resize_fs() (bsc#1117799). - ext4: fix possible leak of sbi->s_group_desc_leak in error path (bsc#1117803). - ext4: fix possible leak of s_journal_flag_rwsem in error path (bsc#1117804). - ext4: fix setattr project check in fssetxattr ioctl (bsc#1117789). - ext4: fix spectre gadget in ext4_mb_regular_allocator() (bsc#1112733). - ext4: fix use-after-free race in ext4_remount()'s error path (bsc#1117791). - ext4: initialize retries variable in ext4_da_write_inline_data_begin() (bsc#1117788). - ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR (bsc#1117790). - ext4: recalucate superblock checksum after updating free blocks/inodes (bsc#1112738). - ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805). - ext4: reset error code in ext4_find_entry in fallback (bsc#1112731). - ext4: show test_dummy_encryption mount option in /proc/mounts (bsc#1112741). - fbdev: fix broken menu dependencies (bsc#1113722) - fbdev/omapfb: fix omapfb_memory_read infoleak (bsc#1051510). - firmware: dcdbas: Add support for WSMT ACPI table (bsc#1089350 ). - firmware: dcdbas: include linux/io.h (bsc#1089350). - Fix kABI for 'Ensure we commit after writeback is complete' (bsc#1111809). - floppy: fix race condition in __floppy_read_block_0() (bsc#1051510). - flow_dissector: do not dissect l4 ports for fragments (networking-stable-18_11_21). - fscache: fix race between enablement and dropping of object (bsc#1107385). - fs: dcache: Avoid livelock between d_alloc_parallel and __d_add (git-fixes). - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() (git-fixes). - fs: dcache: Use READ_ONCE when accessing i_dir_seq (git-fixes). - fs: Make extension of struct super_block transparent (bsc#1117822). - fsnotify: Fix busy inodes during unmount (bsc#1117822). - fsnotify: fix ignore mask logic in fsnotify() (bsc#1115074). - fs/quota: Fix spectre gadget in do_quotactl (bsc#1112745). - ftrace: Fix debug preempt config name in stack_tracer_{en,dis}able (bsc#1117172). - ftrace: Fix kmemleak in unregister_ftrace_graph (bsc#1117181). - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bsc#1117174). - ftrace: Remove incorrect setting of glob search field (bsc#1117184). - genirq: Fix race on spurious interrupt detection (bsc#1051510). - getname_kernel() needs to make sure that ->name != ->iname in long case (git-fixes). - gpio: do not free unallocated ida on gpiochip_add_data_with_key() error path (bsc#1051510). - grace: replace BUG_ON by WARN_ONCE in exit_net hook (git-fixes). - gso_segment: Reset skb->mac_len after modifying network header (networking-stable-18_09_24). - hfsplus: do not return 0 when fill_super() failed (bsc#1051510). - hfsplus: stop workqueue when fill_super() failed (bsc#1051510). - hfs: prevent crash on exit from failed search (bsc#1051510). - HID: hiddev: fix potential Spectre v1 (bsc#1051510). - HID: hid-sensor-hub: Force logical minimum to 1 for power and report state (bsc#1051510). - HID: quirks: fix support for Apple Magic Keyboards (bsc#1051510). - HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report (bsc#1051510). - HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges (bsc#1051510). - hv: avoid crash in vmbus sysfs files (bnc#1108377). - hv_netvsc: fix schedule in RCU context (). - hv_netvsc: ignore devices that are not PCI (networking-stable-18_09_11). - hwmon: (core) Fix double-free in __hwmon_device_register() (bsc#1051510). - hwmon: (ibmpowernv) Remove bogus __init annotations (bsc#1051510). - hwmon: (ina2xx) Fix current value calculation (bsc#1051510). - hwmon (ina2xx) Fix NULL id pointer in probe() (bsc#1051510). - hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510). - hwmon: (pmbus) Fix page count auto-detection (bsc#1051510). - hwmon: (pwm-fan) Set fan speed to 0 on suspend (bsc#1051510). - hwmon: (raspberrypi) Fix initial notify (bsc#1051510). - hwmon: (w83795) temp4_type has writable permission (bsc#1051510). - hwrng: core - document the quality field (bsc#1051510). - hypfs_kill_super(): deal with failed allocations (bsc#1051510). - i2c: i2c-scmi: fix for i2c_smbus_write_block_data (bsc#1051510). - i2c: rcar: cleanup DMA for all kinds of failure (bsc#1051510). - ibmvnic: fix accelerated VLAN handling (). - ibmvnic: fix index in release_rx_pools (bsc#1115440, bsc#1115433). - ibmvnic: remove ndo_poll_controller (). - ibmvnic: Update driver queues after change in ring size support (). - iio: accel: adxl345: convert address field usage in iio_chan_spec (bsc#1051510). - iio: ad5064: Fix regulator handling (bsc#1051510). - iio: adc: at91: fix acking DRDY irq on simple conversions (bsc#1051510). - iio: adc: at91: fix wrong channel number in triggered buffer mode (bsc#1051510). - iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs() (bsc#1051510). - iio:st_magn: Fix enable device after trigger (bsc#1051510). - ima: fix showing large 'violations' or 'runtime_measurements_count' (bsc#1051510). - include/linux/pfn_t.h: force '~' to be parsed as an unary operator (bsc#1051510). - inet: make sure to grab rcu_read_lock before using ireq->ireq_opt (networking-stable-18_10_16). - Input: atakbd - fix Atari CapsLock behaviour (bsc#1051510). - Input: atakbd - fix Atari keymap (bsc#1051510). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bsc#1051510). - Input: synaptics - avoid using uninitialized variable when probing (bsc#1051510). - Input: xpad - add PDP device id 0x02a4 (bsc#1051510). - Input: xpad - add support for Xbox1 PDP Camo series gamepad (bsc#1051510). - Input: xpad - avoid using __set_bit() for capabilities (bsc#1051510). - Input: xpad - fix some coding style issues (bsc#1051510). - intel_th: pci: Add Ice Lake PCH support (bsc#1051510). - iommu/arm-smmu: Ensure that page-table updates are visible before TLBI (bsc#1106237). - iommu/arm-smmu: Error out only if not enough context interrupts (bsc#1106237). - iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105). - iommu/vt-d: Add definitions for PFSID (bsc#1106237). - iommu/vt-d: Fix dev iotlb pfsid use (bsc#1106237). - iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() (bsc#1106105). - iommu/vt-d: Fix scatterlist offset handling (bsc#1106237). - iommu/vt-d: Use memunmap to free memremap (bsc#1106105). - ip6_tunnel: be careful when accessing the inner header (networking-stable-18_10_16). - ip6_tunnel: Fix encapsulation layout (networking-stable-18_11_02). - ip6_vti: fix a null pointer deference when destroy vti6 tunnel (networking-stable-18_09_11). - ipmi: Fix timer race with module unload (bsc#1051510). - ip_tunnel: be careful when accessing the inner header (networking-stable-18_10_16). - ip_tunnel: do not force DF when MTU is locked (networking-stable-18_11_21). - ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu (networking-stable-18_11_21). - ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state (networking-stable-18_09_11). - ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF (networking-stable-18_11_21). - ipv6: fix possible use-after-free in ip6_xmit() (networking-stable-18_09_24). - ipv6: mcast: fix a use-after-free in inet6_mc_check (networking-stable-18_11_02). - ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called (networking-stable-18_11_02). - ipv6: take rcu lock in rawv6_send_hdrinc() (networking-stable-18_10_16). - iwlwifi: dbg: allow wrt collection before ALIVE (bsc#1051510). - iwlwifi: dbg: do not crash if the firmware crashes in the middle of a debug dump (bsc#1051510). - iwlwifi: do not WARN on trying to dump dead firmware (bsc#1051510). - iwlwifi: mvm: Allow TKIP for AP mode (bsc#1051510). - iwlwifi: mvm: check for n_profiles validity in EWRD ACPI (bsc#1051510). - iwlwifi: mvm: check for short GI only for OFDM (bsc#1051510). - iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() (bsc#1051510). - iwlwifi: mvm: clear HW_RESTART_REQUESTED when stopping the interface (bsc#1051510). - iwlwifi: mvm: do not use SAR Geo if basic SAR is not used (bsc#1051510). - iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510). - iwlwifi: mvm: fix regulatory domain update when the firmware starts (bsc#1051510). - iwlwifi: mvm: open BA session only when sta is authorized (bsc#1051510). - iwlwifi: mvm: send BCAST management frames to the right station (bsc#1051510). - iwlwifi: mvm: support sta_statistics() even on older firmware (bsc#1051510). - iwlwifi: pcie: avoid empty free RB queue (bsc#1051510). - iwlwifi: pcie: gen2: build A-MSDU only for GSO (bsc#1051510). - iwlwifi: pcie gen2: check iwl_pcie_gen2_set_tb() return value (bsc#1051510). - jbd2: fix use after free in jbd2_log_do_checkpoint() (bsc#1113257). - KABI fix for 'NFSv4.1: Fix up replays of interrupted requests' (git-fixes). - kABI: Hide get_msr_feature() in kvm_x86_ops (bsc#1106240). - KABI: hide new member in struct iommu_table from genksyms (bsc#1061840). - KABI: mask raw in struct bpf_reg_state (bsc#1083647). - KABI: powerpc: export __find_linux_pte as __find_linux_pte_or_hugepte (bsc#1061840). - KABI: powerpc: Revert npu callback signature change (bsc#1055120). - KABI: protect struct fib_nh_exception (kabi). - KABI: protect struct rtable (kabi). - KABI/severities: ignore __xive_vm_h_* KVM internal symbols. - Kbuild: fix # escaping in .cmd files for future Make (git-fixes). - kbuild: fix kernel/bounds.c 'W=1' warning (bsc#1051510). - kbuild: move '_all' target out of $(KBUILD_SRC) conditional (bsc#1114279). - kernfs: update comment about kernfs_path() return value (bsc#1051510). - kgdboc: Passing ekgdboc to command line causes panic (bsc#1051510). - kprobes/x86: Fix %p uses in error messages (bsc#1110006). - KVM: arm/arm64: Introduce vcpu_el1_is_32bit (bsc#1110998). - KVM: Make VM ioctl do valloc for some archs (bsc#1111506). - KVM: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240). - KVM: nVMX: move check_vmentry_postreqs() call to nested_vmx_enter_non_root_mode() (bsc#1106240). - KVM: PPC: Add pt_regs into kvm_vcpu_arch and move vcpu->arch.gpr[] into it (bsc#1061840). - KVM: PPC: Avoid marking DMA-mapped pages dirty in real mode (bsc#1061840). - KVM: PPC: Book3S: Add MMIO emulation for VMX instructions (bsc#1061840). - KVM: PPC: Book3S: Allow backing bigger guest IOMMU pages with smaller physical pages (bsc#1061840). - KVM: PPC: Book3S: Check KVM_CREATE_SPAPR_TCE_64 parameters (bsc#1061840). - KVM: PPC: Book3S: Eliminate some unnecessary checks (bsc#1061840). - KVM: PPC: Book3S: Fix compile error that occurs with some gcc versions (bsc#1061840). - KVM: PPC: Book3S: Fix matching of hardware and emulated TCE tables (bsc#1061840). - KVM: PPC: Book3S HV: Add of_node_put() in success path (bsc#1061840). - KVM: PPC: Book3S HV: Add 'online' register to ONE_REG interface (bsc#1061840). - KVM: PPC: Book3S HV: Allow creating max number of VCPUs on POWER9 (bsc#1061840). - KVM: PPC: Book3S HV: Allow HPT and radix on the same core for POWER9 v2.2 (bsc#1061840). - KVM: PPC: Book3S HV: Avoid crash from THP collapse during radix page fault (bsc#1061840). - KVM: PPC: Book3S HV: Avoid shifts by negative amounts (bsc#1061840). - KVM: PPC: Book3S HV: Check DR not IR to chose real vs virt mode MMIOs (bsc#1061840). - KVM: PPC: Book3S HV: Do not truncate HPTE index in xlate function (bsc#1061840). - KVM: PPC: Book3S HV: Do not use compound_order to determine host mapping size (bsc#1061840). - KVM: PPC: Book3S HV: Do not use existing 'prodded' flag for XIVE escalations (bsc#1061840). - KVM: PPC: Book 3S HV: Do ptesync in radix guest exit path (bsc#1061840). - KVM: PPC: Book3S HV: Do SLB load/unload with guest LPCR value loaded (bsc#1061840). - KVM: PPC: Book3S HV: Enable migration of decrementer register (bsc#1061840). - KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm (bsc#1061840). - KVM: PPC: Book3S HV: Fix conditions for starting vcpu (bsc#1061840). - KVM: PPC: Book3S HV: Fix constant size warning (bsc#1061840). - KVM: PPC: Book3S HV: Fix duplication of host SLB entries (bsc#1061840). - KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds (bsc#1061840). - KVM: PPC: Book3S HV: Fix handling of large pages in radix page fault handler (bsc#1061840). - KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing code (bsc#1061840). - KVM: PPC: Book3S HV: Fix inaccurate comment (bsc#1061840). - KVM: PPC: Book3S HV: Fix kvmppc_bad_host_intr for real mode interrupts (bsc#1061840). - KVM: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry (bsc#1061840). - KVM: PPC: Book3S HV: Fix typo in kvmppc_hv_get_dirty_log_radix() (bsc#1061840). - KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing (bsc#1061840). - KVM: PPC: Book3S HV: Handle 1GB pages in radix page fault handler (bsc#1061840). - KVM: PPC: Book3S HV: Improve handling of debug-trigger HMIs on POWER9 (bsc#1061840). - KVM: PPC: Book3S HV: Keep XIVE escalation interrupt masked unless ceded (bsc#1061840). - KVM: PPC: Book3S HV: Lockless tlbie for HPT hcalls (bsc#1061840). - KVM: PPC: Book3S HV: Make HPT resizing work on POWER9 (bsc#1061840). - KVM: PPC: Book3S HV: Make radix clear pte when unmapping (bsc#1061840). - KVM: PPC: Book3S HV: Make radix use correct tlbie sequence in kvmppc_radix_tlbie_page (bsc#1061840). - KVM: PPC: Book3S HV: Make xive_pushed a byte, not a word (bsc#1061840). - KVM: PPC: Book3S HV: Pack VCORE IDs to access full VCPU ID space (bsc#1061840). - KVM: PPC: Book3S HV: radix: Do not clear partition PTE when RC or write bits do not match (bsc#1061840). - KVM: PPC: Book3S HV: Radix page fault handler optimizations (bsc#1061840). - KVM: PPC: Book3S HV: radix: Refine IO region partition scope attributes (bsc#1061840). - KVM: PPC: Book3S HV: Read kvm->arch.emul_smt_mode under kvm->lock (bsc#1061840). - KVM: PPC: Book3S HV: Recursively unmap all page table entries when unmapping (bsc#1061840). - KVM: PPC: Book3S HV: Remove useless statement (bsc#1061840). - KVM: PPC: Book3S HV: Remove vcpu->arch.dec usage (bsc#1061840). - KVM: PPC: Book3S HV: Send kvmppc_bad_interrupt NMIs to Linux handlers (bsc#1061840). - KVM: PPC: Book3S HV: Set RWMR on POWER8 so PURR/SPURR count correctly (bsc#1061840). - KVM: PPC: Book3S HV: Snapshot timebase offset on guest entry (bsc#1061840). - KVM: PPC: Book3S HV: Streamline setting of reference and change bits (bsc#1061840). - KVM: PPC: Book3S HV: Use a helper to unmap ptes in the radix fault path (bsc#1061840). - KVM: PPC: Book3S HV: Use __gfn_to_pfn_memslot() in page fault handler (bsc#1061840). - KVM: PPC: Book3S HV: XIVE: Resend re-routed interrupts on CPU priority change (bsc#1061840). - KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm() (bsc#1061840). - KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file (bsc#1061840). - KVM: PPC: Book3S: Use correct page shift in H_STUFF_TCE (bsc#1061840). - KVM: PPC: Fix a mmio_host_swabbed uninitialized usage issue (bsc#1061840). - KVM: PPC: Make iommu_table::it_userspace big endian (bsc#1061840). - KVM: PPC: Move nip/ctr/lr/xer registers to pt_regs in kvm_vcpu_arch (bsc#1061840). - KVM: PPC: Use seq_puts() in kvmppc_exit_timing_show() (bsc#1061840). - KVM: s390: vsie: copy wrapping keys to right place (git-fixes). - KVM: SVM: Add MSR-based feature support for serializing LFENCE (bsc#1106240). - KVM: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb (bsc#1114279). - KVM: VMX: re-add ple_gap module parameter (bsc#1106240). - KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR (bsc#1106240). - KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry (bsc#1106240). - KVM: x86: Add a framework for supporting MSR-based features (bsc#1106240). - KVM: x86: define SVM/VMX specific kvm_arch_[alloc|free]_vm (bsc#1111506). - KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall (bsc#1106240). - KVM: X86: Introduce kvm_get_msr_feature() (bsc#1106240). - KVM/x86: kABI fix for vm_alloc/vm_free changes (bsc#1111506). - KVM: x86: Set highest physical address bits in non-present/reserved SPTEs (bsc#1106240). - libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839). - libceph: fall back to sendmsg for slab pages (bsc#1118316). - libertas: call into generic suspend code before turning off power (bsc#1051510). - libertas: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510). - libnvdimm, badrange: remove a WARN for list_empty (bsc#1112128). - libnvdimm, dimm: Maximize label transfer size (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm: Hold reference on parent while scheduling async init (bsc#1116891). - libnvdimm: Introduce locked DIMM capacity support (bsc#1112128). - libnvdimm, label: change nvdimm_num_label_slots per UEFI 2.7 (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm, label: Fix sparse warning (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm: move poison list functions to a new 'badrange' file (bsc#1112128). - libnvdimm/nfit_test: add firmware download emulation (bsc#1112128). - libnvdimm/nfit_test: adding support for unit testing enable LSS status (bsc#1112128). - libnvdimm, region: Fail badblocks listing for inactive regions (bsc#1116899). - libnvdimm, testing: Add emulation for smart injection commands (bsc#1112128). - libnvdimm, testing: update the default smart ctrl_temperature (bsc#1112128). - lib/ubsan: add type mismatch handler for new GCC/Clang (bsc#1051510). - lib/ubsan.c: s/missaligned/misaligned/ (bsc#1051510). - livepatch: create and include UAPI headers (). - llc: set SOCK_RCU_FREE in llc_sap_add_socket() (networking-stable-18_11_02). - lockd: fix 'list_add double add' caused by legacy signal interface (git-fixes). - loop: add recursion validation to LOOP_CHANGE_FD (bsc#1112711). - loop: do not call into filesystem while holding lo_ctl_mutex (bsc#1112710). - loop: fix LOOP_GET_STATUS lock imbalance (bsc#1113284). - mac80211: Always report TX status (bsc#1051510). - mac80211: fix TX status reporting for ieee80211s (bsc#1051510). - mac80211_hwsim: do not omit multicast announce of first added radio (bsc#1051510). - mac80211: minstrel: fix using short preamble CCK rates on HT clients (bsc#1051510). - mac80211: TDLS: fix skb queue/priority assignment (bsc#1051510). - mach64: detect the dot clock divider correctly on sparc (bsc#1051510). - mach64: fix display corruption on big endian machines (bsc#1113722) - mach64: fix image corruption due to reading accelerator registers (bsc#1113722) - mailbox: PCC: handle parse error (bsc#1051510). - make sure that __dentry_kill() always invalidates d_seq, unhashed or not (git-fixes). - md: allow metadata updates while suspending an array - fix (git-fixes). - MD: fix invalid stored role for a disk - try2 (git-fixes). - md: fix NULL dereference of mddev->pers in remove_and_add_spares() (git-fixes). - md/raid10: fix that replacement cannot complete recovery after reassemble (git-fixes). - md/raid1: add error handling of read error from FailFast device (git-fixes). - md/raid5-cache: disable reshape completely (git-fixes). - md/raid5: fix data corruption of replacements after originals dropped (git-fixes). - media: af9035: prevent buffer overflow on write (bsc#1051510). - media: cx231xx: fix potential sign-extension overflow on large shift (bsc#1051510). - media: dvb: fix compat ioctl translation (bsc#1051510). - media: em28xx: fix input name for Terratec AV 350 (bsc#1051510). - media: em28xx: use a default format if TRY_FMT fails (bsc#1051510). - media: pci: cx23885: handle adding to list failure (bsc#1051510). - media: tvp5150: avoid going past array on v4l2_querymenu() (bsc#1051510). - media: tvp5150: fix switch exit in set control handler (bsc#1051510). - media: tvp5150: fix width alignment during set_selection() (bsc#1051510). - media: uvcvideo: Fix uvc_alloc_entity() allocation alignment (bsc#1051510). - media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD (bsc#1051510). - media: vsp1: Fix YCbCr planar formats pitch calculation (bsc#1051510). - memory_hotplug: cond_resched in __remove_pages (bnc#1114178). - mfd: arizona: Correct calling of runtime_put_sync (bsc#1051510). - mfd: menelaus: Fix possible race condition and leak (bsc#1051510). - mfd: omap-usb-host: Fix dts probe of children (bsc#1051510). - mlxsw: spectrum: Fix IP2ME CPU policer configuration (networking-stable-18_11_21). - mmc: block: avoid multiblock reads for the last sector in SPI mode (bsc#1051510). - mmc: dw_mmc-rockchip: correct property names in debug (bsc#1051510). - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 (bsc#1051510). - mm: handle no memcg case in memcg_kmem_charge() properly (bnc#1113677). - mm/migrate: Use spin_trylock() while resetting rate limit (). - mm: /proc/pid/pagemap: hide swap entries from unprivileged users (Git-fixes bsc#1109907). - mm: rework memcg kernel stack accounting (bnc#1113677). - modpost: ignore livepatch unresolved relocations (). - mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts (bsc#1117819). - mount: Prevent MNT_DETACH from disconnecting locked mounts (bsc#1117820). - mount: Retest MNT_LOCKED in do_umount (bsc#1117818). - move changes without Git-commit out of sorted section - neighbour: confirm neigh entries when ARP packet is received (networking-stable-18_09_24). - net/af_iucv: drop inbound packets with invalid flags (bnc#1113501, LTC#172679). - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1113501, LTC#172679). - net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT (networking-stable-18_09_24). - net: aquantia: memory corruption on jumbo frames (networking-stable-18_10_16). - net: bcmgenet: Poll internal PHY for GENETv5 (networking-stable-18_11_02). - net: bcmgenet: protect stop from timeout (networking-stable-18_11_21). - net: bcmgenet: use MAC link status for fixed phy (networking-stable-18_09_11). - net: bridge: remove ipv6 zero address check in mcast queries (git-fixes). - net: dsa: bcm_sf2: Call setup during switch resume (networking-stable-18_10_16). - net: dsa: bcm_sf2: Fix unbind ordering (networking-stable-18_10_16). - net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1111696 bsc#1117561). - net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1111696 bsc#1117561). - net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1111696 bsc#1117561). - net: ena: complete host info to match latest ENA spec (bsc#1111696 bsc#1117561). - net: ena: enable Low Latency Queues (bsc#1111696 bsc#1117561). - net: ena: explicit casting and initialization, and clearer error handling (bsc#1111696 bsc#1117561). - net: ena: fix auto casting to boolean (bsc#1111696 bsc#1117561). - net: ena: fix compilation error in xtensa architecture (bsc#1111696 bsc#1117561). - net: ena: fix crash during failed resume from hibernation (bsc#1111696 bsc#1117561). - net: ena: fix indentations in ena_defs for better readability (bsc#1111696 bsc#1117561). - net: ena: Fix Kconfig dependency on X86 (bsc#1111696 bsc#1117561). - net: ena: fix NULL dereference due to untimely napi initialization (bsc#1111696 bsc#1117561). - net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1111696 bsc#1117561). - net: ena: fix warning in rmmod caused by double iounmap (bsc#1111696 bsc#1117561). - net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1111696 bsc#1117561). - net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1111696 bsc#1117561). - net: ena: minor performance improvement (bsc#1111696 bsc#1117561). - net: ena: remove ndo_poll_controller (bsc#1111696 bsc#1117561). - net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1111696 bsc#1117561). - net: ena: update driver version to 2.0.1 (bsc#1111696 bsc#1117561). - net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1111696 bsc#1117561). - net: fec: do not dump RX FIFO register when not available (networking-stable-18_11_02). - net-gro: reset skb->pkt_type in napi_reuse_skb() (networking-stable-18_11_21). - net: hns: fix for unmapping problem when SMMU is on (networking-stable-18_10_16). - net: hp100: fix always-true check for link up state (networking-stable-18_09_24). - net: ibm: fix return type of ndo_start_xmit function (). - net/ibmnvic: Fix deadlock problem in reset (). - net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431). - net: ipmr: fix unresolved entry dumps (networking-stable-18_11_02). - net: ipv4: do not let PMTU updates increase route MTU (git-fixes). - net/ipv6: Display all addresses in output of /proc/net/if_inet6 (networking-stable-18_10_16). - net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs (networking-stable-18_11_02). - netlabel: check for IPV4MASK in addrinfo_get (networking-stable-18_10_16). - net: macb: do not disable MDIO bus at open/close time (networking-stable-18_09_11). - net/mlx5: Check for error in mlx5_attach_interface (networking-stable-18_09_18). - net/mlx5e: Fix selftest for small MTUs (networking-stable-18_11_21). - net/mlx5e: Set vlan masks for all offloaded TC rules (networking-stable-18_10_16). - net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables (networking-stable-18_09_18). - net/mlx5: E-Switch, Fix out of bound access when setting vport rate (networking-stable-18_10_16). - net/mlx5: Fix debugfs cleanup in the device init/remove flow (networking-stable-18_09_18). - net/mlx5: Fix use-after-free in self-healing flow (networking-stable-18_09_18). - net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type (networking-stable-18_11_02). - net: mvpp2: Extract the correct ethtype from the skb for tx csum offload (networking-stable-18_10_16). - net: mvpp2: fix a txq_done race condition (networking-stable-18_10_16). - net/packet: fix packet drop as of virtio gso (networking-stable-18_10_16). - net: phy: mdio-gpio: Fix working over slow can_sleep GPIOs (networking-stable-18_11_21). - net: qca_spi: Fix race condition in spi transfers (networking-stable-18_09_18). - net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510). - net: sched: action_ife: take reference to meta module (networking-stable-18_09_11). - net/sched: act_pedit: fix dump of extended layered op (networking-stable-18_09_11). - net/sched: act_sample: fix NULL dereference in the data path (networking-stable-18_09_24). - net: sched: Fix for duplicate class dump (networking-stable-18_11_02). - net: sched: Fix memory exposure from short TCA_U32_SEL (networking-stable-18_09_11). - net: sched: gred: pass the right attribute to gred_change_table_def() (networking-stable-18_11_02). - net: smsc95xx: Fix MTU range (networking-stable-18_11_21). - net: socket: fix a missing-check bug (networking-stable-18_11_02). - net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules (networking-stable-18_11_02). - net: stmmac: Fixup the tail addr setting in xmit path (networking-stable-18_10_16). - net: systemport: Fix wake-up interrupt race during resume (networking-stable-18_10_16). - net: systemport: Protect stop from timeout (networking-stable-18_11_21). - net: udp: fix handling of CHECKSUM_COMPLETE packets (networking-stable-18_11_02). - net/usb: cancel pending work when unbinding smsc75xx (networking-stable-18_10_16). - NFC: nfcmrvl_uart: fix OF child-node lookup (bsc#1051510). - nfit_test: add error injection DSMs (bsc#1112128). - nfit_test: fix buffer overrun, add sanity check (bsc#1112128). - nfit_test: improve structure offset handling (bsc#1112128). - nfit_test: prevent parsing error of nfit_test.0 (bsc#1112128). - nfit_test: when clearing poison, also remove badrange entries (bsc#1112128). - nfp: wait for posted reconfigs when disabling the device (networking-stable-18_09_11). - NFS: Avoid quadratic search when freeing delegations (bsc#1084760). - NFS: Avoid RCU usage in tracepoints (git-fixes). - NFS: commit direct writes even if they fail partially (git-fixes). - nfsd4: permit layoutget of executable-only files (git-fixes). - nfsd: check for use of the closed special stateid (git-fixes). - nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0) (git-fixes). - nfsd: deal with revoked delegations appropriately (git-fixes). - nfsd: Ensure we check stateid validity in the seqid operation checks (git-fixes). - nfsd: Fix another OPEN stateid race (git-fixes). - nfsd: fix corrupted reply to badly ordered compound (git-fixes). - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (git-fixes). - nfsd: Fix stateid races between OPEN and CLOSE (git-fixes). - NFS: do not wait on commit in nfs_commit_inode() if there were no commit requests (git-fixes). - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir (git-fixes). - NFS: Ensure we commit after writeback is complete (bsc#1111809). - NFS: Fix an incorrect type in struct nfs_direct_req (git-fixes). - NFS: Fix a typo in nfs_rename() (git-fixes). - NFS: Fix typo in nomigration mount option (git-fixes). - NFS: Fix unstable write completion (git-fixes). - NFSv4.0 fix client reference leak in callback (git-fixes). - NFSv4.1: Fix a potential layoutget/layoutrecall deadlock (git-fixes). - NFSv4.1 fix infinite loop on I/O (git-fixes). - NFSv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY (git-fixes). - NFSv4.1: Fix up replays of interrupted requests (git-fixes). - NFSv4: Fix a typo in nfs41_sequence_process (git-fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT (bsc#1051510). - nospec: Include <asm/barrier.h> dependency (bsc#1114279). - nvdimm: Clarify comment in sizeof_namespace_index (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Remove empty if statement (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Sanity check labeloff (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Split label init out from the logic for getting config data (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Use namespace index data to reduce number of label reads needed (bsc#1111921, bsc#1113408, bsc#1113972). - nvme: Free ctrl device name on init failure (). - ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry (bsc#1117817). - ocfs2: fix locking for res->tracking and dlm->tracking_list (bsc#1117816). - ocfs2: fix ocfs2 read block panic (bsc#1117815). - ocfs2: free up write context when direct IO failed (bsc#1117821). - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (bsc#1117808). - of: add helper to lookup compatible child node (bsc#1106110) - openvswitch: Fix push/pop ethernet validation (networking-stable-18_11_02). - orangefs: fix deadlock; do not write i_size in read_iter (bsc#1051510). - orangefs: initialize op on loop restart in orangefs_devreq_read (bsc#1051510). - orangefs_kill_sb(): deal with allocation failures (bsc#1051510). - orangefs: use list_for_each_entry_safe in purge_waiting_ops (bsc#1051510). - PCI: Add Device IDs for Intel GPU 'spurious interrupt' quirk (bsc#1051510). - PCI/ASPM: Do not initialize link state when aspm_disabled is set (bsc#1051510). - PCI/ASPM: Fix link_state teardown on device removal (bsc#1051510). - PCI: dwc: remove duplicate fix References: bsc#1115269 Patch has been already applied by the following commit: 9f73db8b7c PCI: dwc: Fix enumeration end when reaching root subordinate (bsc#1051510) - PCI: hv: Do not wait forever on a device that has disappeared (bsc#1109806). - PCI: hv: Use effective affinity mask (bsc#1109772). - PCI: imx6: Fix link training status detection in link up check (bsc#1109806). - PCI: iproc: Remove PAXC slot check to allow VF support (bsc#1109806). - PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice (bsc#1051510). - PCI: Reprogram bridge prefetch registers on resume (bsc#1051510). - PCI: vmd: Assign vector zero to all bridges (bsc#1109806). - PCI: vmd: Detach resources after stopping root bus (bsc#1109806). - PCI: vmd: White list for fast interrupt handlers (bsc#1109806). - pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges (bsc#1051510). - percpu: make this_cpu_generic_read() atomic w.r.t. interrupts (bsc#1114279). - perf: fix invalid bit in diagnostic entry (git-fixes). - pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() (bsc#1051510). - pinctrl: meson: fix pinconf bias disable (bsc#1051510). - pinctrl: qcom: spmi-mpp: Fix drive strength setting (bsc#1051510). - pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux (bsc#1051510). - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant (bsc#1051510). - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant (bsc#1051510). - pipe: match pipe_max_size data type with procfs (git-fixes). - platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 (bsc#1051510). - platform/x86: intel_telemetry: report debugfs failure (bsc#1051510). - pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception (git-fixes). - pNFS: Do not release the sequence slot until we've processed layoutget on open (git-fixes). - pNFS: Prevent the layout header refcount going to zero in pnfs_roc() (git-fixes). - powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9 (bsc#1065729). - powerpc/boot: Fix opal console in boot wrapper (bsc#1065729). - powerpc/kvm/booke: Fix altivec related build break (bsc#1061840). - powerpc/kvm: Switch kvm pmd allocator to custom allocator (bsc#1061840). - powerpc/mm: Fix typo in comments (bsc#1065729). - powerpc/mm/hugetlb: initialize the pagetable cache correctly for hugetlb (bsc#1091800). - powerpc/mm/keys: Move pte bits to correct headers (bsc#1078248). - powerpc/mm: Rename find_linux_pte_or_hugepte() (bsc#1061840). - powerpc/npu-dma.c: Fix crash after __mmu_notifier_register failure (bsc#1055120). - powerpc/perf: Update raw-event code encoding comment for power8 (bsc#1065729). - powerpc/powernv: Add indirect levels to it_userspace (bsc#1061840). - powerpc/powernv: Do not select the cpufreq governors (bsc#1065729). - powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage (bsc#1055120). - powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled (bsc#1065729). - powerpc/powernv/ioda2: Reduce upper limit for DMA window size (bsc#1055120). - powerpc/powernv/ioda: Allocate indirect TCE levels on demand (bsc#1061840). - powerpc/powernv/ioda: Finish removing explicit max window size check (bsc#1061840). - powerpc/powernv/ioda: Remove explicit max window size check (bsc#1061840). - powerpc/powernv: Move TCE manupulation code to its own file (bsc#1061840). - powerpc/powernv/npu: Add lock to prevent race in concurrent context init/destroy (bsc#1055120). - powerpc/powernv/npu: Do not explicitly flush nmmu tlb (bsc#1055120). - powerpc/powernv/npu: Fix deadlock in mmio_invalidate() (bsc#1055120). - powerpc/powernv/npu: Prevent overwriting of pnv_npu2_init_contex() callback parameters (bsc#1055120). - powerpc/powernv/npu: Use flush_all_mm() instead of flush_tlb_mm() (bsc#1055120). - powerpc/powernv/pci: Work around races in PCI bridge enabling (bsc#1055120). - powerpc/powernv: Rework TCE level allocation (bsc#1061840). - powerpc/pseries: Fix build break for SPLPAR=n and CPU hotplug (bsc#1079524, git-fixes). - powerpc/pseries: Fix CONFIG_NUMA=n build (bsc#1067906, git-fixes). - powerpc/pseries: Fix DTL buffer registration (bsc#1065729). - powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1065729). - powerpc/pseries: Fix 'OF: ERROR: Bad of_node_put() on /cpus' during DLPAR (bsc#1113295). - powerpc/pseries/mobility: Extend start/stop topology update scope (bsc#1116950, bsc#1115709). - powerpc: pseries: remove dlpar_attach_node dependency on full path (bsc#1113295). - powerpc/xive: Move definition of ESB bits (bsc#1061840). - powerpc/xmon: Add ISA v3.0 SPRs to SPR dump (bsc#1061840). - power: supply: max8998-charger: Fix platform data retrieval (bsc#1051510). - pppoe: fix reception of frames with no mac header (networking-stable-18_09_24). - printk: drop in_nmi check from printk_safe_flush_on_panic() (bsc#1112170). - printk: Fix panic caused by passing log_buf_len to command line (bsc#1117168). - printk/tracing: Do not trace printk_nmi_enter() (bsc#1112208). - provide linux/set_memory.h (bsc#1113295). - ptp: fix Spectre v1 vulnerability (bsc#1051510). - pwm: lpss: Release runtime-pm reference from the driver's remove callback (bsc#1051510). - pxa168fb: prepare the clock (bsc#1051510). - qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface (bsc#1051510). - qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID (bsc#1051510). - qmi_wwan: Support dynamic config on Quectel EP06 (bsc#1051510). - qrtr: add MODULE_ALIAS macro to smd (bsc#1051510). - r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED (bsc#1051510). - r8169: fix NAPI handling under high load (networking-stable-18_11_02). - race of lockd inetaddr notifiers vs nlmsvc_rqst change (git-fixes). - RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 (git-fixes). - random: rate limit unseeded randomness warnings (git-fixes). - rculist: add list_for_each_entry_from_rcu() (bsc#1084760). - rculist: Improve documentation for list_for_each_entry_from_rcu() (bsc#1084760). - rds: fix two RCU related problems (networking-stable-18_09_18). - README: Clean-up trailing whitespace - reiserfs: add check to detect corrupted directory entry (bsc#1109818). - reiserfs: do not panic on bad directory entries (bsc#1109818). - remoteproc: qcom: Fix potential device node leaks (bsc#1051510). - rename a hv patch to reduce conflicts in -AZURE - reset: hisilicon: fix potential NULL pointer dereference (bsc#1051510). - reset: imx7: Fix always writing bits as 0 (bsc#1051510). - resource: Include resource end in walk_*() interfaces (bsc#1114279). - Revert 'ceph: fix dentry leak in splice_dentry()' (bsc#1114839). - Revert 'powerpc/64: Fix checksum folding in csum_add()' (bsc#1065729). - Revert 'rpm/kernel-binary.spec.in: allow unsupported modules for -extra' - Revert 'usb: dwc3: gadget: skip Set/Clear Halt when invalid' (bsc#1051510). - rpmsg: Correct support for MODULE_DEVICE_TABLE() (git-fixes). - rtnetlink: Disallow FDB configuration for non-Ethernet device (networking-stable-18_11_02). - rtnetlink: fix rtnl_fdb_dump() for ndmsg header (networking-stable-18_10_16). - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 (networking-stable-18_10_16). - s390/cpum_sf: Add data entry sizes to sampling trailer entry (git-fixes). - s390/kvm: fix deadlock when killed by oom (bnc#1113501, LTC#172235). - s390/mm: Check for valid vma before zapping in gmap_discard (git-fixes). - s390/mm: correct allocate_pgste proc_handler callback (git-fixes). - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1113501, LTC#172682). - s390/qeth: fix HiperSockets sniffer (bnc#1113501, LTC#172953). - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1113501, LTC#172682). - s390/qeth: handle failure on workqueue creation (git-fixes). - s390/qeth: report 25Gbit link speed (bnc#1113501, LTC#172959). - s390: revert ELF_ET_DYN_BASE base changes (git-fixes). - s390/sclp_tty: enable line mode tty even if there is an ascii console (git-fixes). - s390/sthyi: add cache to store hypervisor info (LTC#160415, bsc#1068273). - s390/sthyi: add s390_sthyi system call (LTC#160415, bsc#1068273). - s390/sthyi: reorganize sthyi implementation (LTC#160415, bsc#1068273). - sched/numa: Limit the conditions where scan period is reset (). - scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246). - scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246). - scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bsc#1114578). - scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1104731). - scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1104731). - scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731). - scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731). - scsi: libsas: remove irq save in sas_ata_qc_issue() (bsc#1114580). - scsi: lpfc: add support to retrieve firmware logs (bsc#1114015). - scsi: lpfc: add Trunking support (bsc#1114015). - scsi: lpfc: Correct errors accessing fw log (bsc#1114015). - scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 (bsc#1114015). - scsi: lpfc: Correct irq handling via locks when taking adapter offline (bsc#1114015). - scsi: lpfc: Correct LCB RJT handling (bsc#1114015). - scsi: lpfc: Correct loss of fc4 type on remote port address change (bsc#1114015). - scsi: lpfc: Correct race with abort on completion path (bsc#1114015). - scsi: lpfc: Correct soft lockup when running mds diagnostics (bsc#1114015). - scsi: lpfc: Correct speeds on SFP swap (bsc#1114015). - scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces (bsc#1114015). - scsi: lpfc: Fix errors in log messages (bsc#1114015). - scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN (bsc#1114015). - scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event (bsc#1114015). - scsi: lpfc: Fix lpfc_sli4_read_config return value check (bsc#1114015). - scsi: lpfc: Fix odd recovery in duplicate FLOGIs in point-to-point (bsc#1114015). - scsi: lpfc: Implement GID_PT on Nameserver query to support faster failover (bsc#1114015). - scsi: lpfc: Raise nvme defaults to support a larger io and more connectivity (bsc#1114015). - scsi: lpfc: raise sg count for nvme to use available sg resources (bsc#1114015). - scsi: lpfc: reduce locking when updating statistics (bsc#1114015). - scsi: lpfc: Remove set but not used variable 'sgl_size' (bsc#1114015). - scsi: lpfc: Reset link or adapter instead of doing infinite nameserver PLOGI retry (bsc#1114015). - scsi: lpfc: Synchronize access to remoteport via rport (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.7 (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.8 (bsc#1114015). - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1114581). - scsi: scsi_transport_srp: Fix shost to rport translation (bsc#1114582). - scsi: sg: fix minor memory leak in error path (bsc#1114584). - scsi: sysfs: Introduce sysfs_{un,}break_active_protection() (bsc#1114578). - scsi: target: Fix fortify_panic kernel exception (bsc#1114576). - scsi: target/tcm_loop: Avoid that static checkers warn about dead code (bsc#1114577). - scsi: target: tcmu: add read length support (bsc#1097755). - sctp: fix race on sctp_id2asoc (networking-stable-18_11_02). - sctp: fix strchange_flags name for Stream Change Event (networking-stable-18_11_21). - sctp: hold transport before accessing its asoc in sctp_transport_get_next (networking-stable-18_09_11). - sctp: not allow to set asoc prsctp_enable by sockopt (networking-stable-18_11_21). - sctp: not increase stream's incnt before sending addstrm_in request (networking-stable-18_11_21). - sctp: update dst pmtu with the correct daddr (networking-stable-18_10_16). - serial: 8250: Fix clearing FIFOs in RS485 mode again (bsc#1051510). - signal: Properly deliver SIGSEGV from x86 uprobes (bsc#1110006). - skip LAYOUTRETURN if layout is invalid (git-fixes). - smb2: fix missing files in root share directory listing (bsc#1112907). - smb2: fix missing files in root share directory listing (bsc#1112907). - smb3: fill in statfs fsid and correct namelen (bsc#1112905). - smb3: fill in statfs fsid and correct namelen (bsc#1112905). - smb3: fix reset of bytes read and written stats (bsc#1112906). - smb3: fix reset of bytes read and written stats (bsc#1112906). - smb3: on reconnect set PreviousSessionId field (bsc#1112899). - smb3: on reconnect set PreviousSessionId field (bsc#1112899). - soc: fsl: qbman: qman: avoid allocating from non existing gen_pool (bsc#1051510). - soc/tegra: pmc: Fix child-node lookup (bsc#1051510). - soc: ti: QMSS: Fix usage of irq_set_affinity_hint (bsc#1051510). - sound: do not call skl_init_chip() to reset intel skl soc (bsc#1051510). - sound: enable interrupt after dma buffer initialization (bsc#1051510). - spi/bcm63xx-hsspi: keep pll clk enabled (bsc#1051510). - spi: bcm-qspi: switch back to reading flash using smaller chunks (bsc#1051510). - spi: sh-msiof: fix deferred probing (bsc#1051510). - staging: comedi: ni_mio_common: protect register write overflow (bsc#1051510). - staging:iio:ad7606: fix voltage scales (bsc#1051510). - staging: rtl8723bs: Fix the return value in case of error in 'rtw_wx_read32()' (bsc#1051510). - staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510). - sunrpc: Allow connect to return EHOSTUNREACH (git-fixes). - sunrpc: Do not use stack buffer with scatterlist (git-fixes). - sunrpc: Fix rpc_task_begin trace point (git-fixes). - sunrpc: Fix tracepoint storage issues with svc_recv and svc_rqst_status (git-fixes). - target: fix buffer offset in core_scsi3_pri_read_full_status (bsc1117349). - target: log Data-Out timeouts as errors (bsc#1095805). - target: log NOP ping timeouts as errors (bsc#1095805). - target: split out helper for cxn timeout error stashing (bsc#1095805). - target: stash sess_err_stats on Data-Out timeout (bsc#1095805). - target: use ISCSI_IQN_LEN in iscsi_target_stat (bsc#1095805). - tcp: do not restart timewait timer on rst reception (networking-stable-18_09_11). - test_firmware: fix error return getting clobbered (bsc#1051510). - tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths (networking-stable-18_11_21). - thermal: bcm2835: enable hwmon explicitly (bsc#1108468). - thermal: da9062/61: Prevent hardware access during system suspend (bsc#1051510). - thermal: rcar_thermal: Prevent hardware access during system suspend (bsc#1051510). - tipc: do not assume linear buffer when reading ancillary data (networking-stable-18_11_21). - tipc: fix a missing rhashtable_walk_exit() (networking-stable-18_09_11). - tipc: fix flow control accounting for implicit connect (networking-stable-18_10_16). - tools build: fix # escaping in .cmd files for future Make (git-fixes). - tools/testing/nvdimm: advertise a write cache for nfit_test (bsc#1112128). - tools/testing/nvdimm: allow custom error code injection (bsc#1112128). - tools/testing/nvdimm: disable labels for nfit_test.1 (bsc#1112128). - tools/testing/nvdimm: enable labels for nfit_test.1 dimms (bsc#1112128). - tools/testing/nvdimm: fix missing newline in nfit_test_dimm 'handle' attribute (bsc#1112128). - tools/testing/nvdimm: Fix support for emulating controller temperature (bsc#1112128). - tools/testing/nvdimm: force nfit_test to depend on instrumented modules (bsc#1112128). - tools/testing/nvdimm: improve emulation of smart injection (bsc#1112128). - tools/testing/nvdimm: kaddr and pfn can be NULL to ->direct_access() (bsc#1112128). - tools/testing/nvdimm: Make DSM failure code injection an override (bsc#1112128). - tools/testing/nvdimm: smart alarm/threshold control (bsc#1112128). - tools/testing/nvdimm: stricter bounds checking for error injection commands (bsc#1112128). - tools/testing/nvdimm: support nfit_test_dimm attributes under nfit_test.1 (bsc#1112128). - tools/testing/nvdimm: unit test clear-error commands (bsc#1112128). - tools/vm/page-types.c: fix 'defined but not used' warning (bsc#1051510). - tools/vm/slabinfo.c: fix sign-compare warning (bsc#1051510). - tpm2-cmd: allow more attempts for selftest execution (bsc#1082555). - tpm: add retry logic (bsc#1082555). - tpm: consolidate the TPM startup code (bsc#1082555). - tpm: do not suspend/resume if power stays on (bsc#1082555). - tpm: fix intermittent failure with self tests (bsc#1082555). - tpm: fix response size validation in tpm_get_random() (bsc#1082555). - tpm: move endianness conversion of ordinals to tpm_input_header (bsc#1082555). - tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to tpm_input_header (bsc#1082555). - tpm: move the delay_msec increment after sleep in tpm_transmit() (bsc#1082555). - tpm: React correctly to RC_TESTING from TPM 2.0 self tests (bsc#1082555). - tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers (bsc#1082555). - tpm: Restore functionality to xen vtpm driver (bsc#1082555). - tpm: self test failure should not cause suspend to fail (bsc#1082555). - tpm: tpm-interface: fix tpm_transmit/_cmd kdoc (bsc#1082555). - tpm: Trigger only missing TPM 2.0 self tests (bsc#1082555). - tpm: Use dynamic delay to wait for TPM 2.0 self test result (bsc#1082555). - tpm: use tpm2_pcr_read() in tpm2_do_selftest() (bsc#1082555). - tpm: use tpm_buf functions in tpm2_pcr_read() (bsc#1082555). - tracing: Add barrier to trace_printk() buffer nesting modification (bsc#1112219). - tracing: Apply trace_clock changes to instance max buffer (bsc#1117188). - tracing: Erase irqsoff trace with empty write (bsc#1117189). - tty: check name length in tty_find_polling_driver() (bsc#1051510). - tty: Do not block on IO when ldisc change is pending (bnc#1105428). - tty: fix data race between tty_init_dev and flush of buf (bnc#1105428). - tty: Hold tty_ldisc_lock() during tty_reopen() (bnc#1105428). - tty/ldsem: Add lockdep asserts for ldisc_sem (bnc#1105428). - tty/ldsem: Convert to regular lockdep annotations (bnc#1105428). - tty/ldsem: Decrement wait_readers on timeouted down_read() (bnc#1105428). - tty/ldsem: Wake up readers after timed out down_write() (bnc#1105428). - tty: Simplify tty->count math in tty_reopen() (bnc#1105428). - tty: wipe buffer (bsc#1051510). - tty: wipe buffer if not echoing data (bsc#1051510). - tun: Consistently configure generic netdev params via rtnetlink (bsc#1051510). - tuntap: fix multiqueue rx (networking-stable-18_11_21). - udp4: fix IP_CMSG_CHECKSUM for connected sockets (networking-stable-18_09_24). - udp6: add missing checks on edumux packet processing (networking-stable-18_09_24). - udp6: fix encap return code for resubmitting (git-fixes). - uio: ensure class is registered before devices (bsc#1051510). - uio: Fix an Oops on load (bsc#1051510). - uio: make symbol 'uio_class_registered' static (bsc#1051510). - Update config files. Enabled ENA (Amazon network driver) for arm64. - usb: cdc-acm: add entry for Hiro (Conexant) modem (bsc#1051510). - usb: chipidea: Prevent unbalanced IRQ disable (bsc#1051510). - usb: core: Fix hub port connection events lost (bsc#1051510). - usb: dwc2: host: do not delay retries for CONTROL IN transfers (bsc#1114385). - usb: dwc2: host: Do not retry NAKed transactions right away (bsc#1114385). - usb: dwc3: core: Clean up ULPI device (bsc#1051510). - usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers (bsc#1051510). - usb: dwc3: gadget: Properly check last unaligned/zero chain TRB (bsc#1051510). - usb: gadget: fsl_udc_core: check allocation return value and cleanup on failure (bsc#1051510). - usb: gadget: fsl_udc_core: fixup struct_udc_setup documentation (bsc#1051510). - usb: gadget: storage: Fix Spectre v1 vulnerability (bsc#1051510). - usb: gadget: udc: atmel: handle at91sam9rl PMC (bsc#1051510). - usb: gadget: u_ether: fix unsafe list iteration (bsc#1051510). - usb: host: ohci-at91: fix request of irq for optional gpio (bsc#1051510). - usbip: tools: fix atoi() on non-null terminated string (bsc#1051510). - usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten (bsc#1051510). - usb: misc: appledisplay: add 20' Apple Cinema Display (bsc#1051510). - usbnet: smsc95xx: disable carrier check while suspending (bsc#1051510). - usb: omap_udc: fix rejection of out transfers when DMA is used (bsc#1051510). - usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bsc#1051510). - usb: quirks: Add no-lpm quirk for Raydium touchscreens (bsc#1051510). - usb: remove LPM management from usb_driver_claim_interface() (bsc#1051510). - usb: serial: cypress_m8: fix interrupt-out transfer length (bsc#1051510). - usb: serial: option: add two-endpoints device-id flag (bsc#1051510). - usb: serial: option: drop redundant interface-class test (bsc#1051510). - usb: serial: option: improve Quectel EP06 detection (bsc#1051510). - usb: xhci: fix timeout for transition from RExit to U0 (bsc#1051510). - userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access (bsc#1109739). - Use upstream version of pci-hyperv patch (35a88a1) - VFS: close race between getcwd() and d_move() (git-fixes). - VFS: fix freeze protection in mnt_want_write_file() for overlayfs (git-fixes). - vhost: Fix Spectre V1 vulnerability (bsc#1051510). - vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bsc#1051510). - virtio_net: avoid using netif_tx_disable() for serializing tx routine (networking-stable-18_11_02). - VMCI: Resource wildcard match fixed (bsc#1051510). - w1: omap-hdq: fix missing bus unregister at removal (bsc#1051510). - Workaround for mysterious NVMe breakage with i915 CFL (bsc#1111040). - x86/acpi: Prevent X2APIC id 0xffffffff from being accounted (bsc#1110006). - x86/boot/KASLR: Work around firmware bugs by excluding EFI_BOOT_SERVICES_* and EFI_LOADER_* from KASLR's choice (bnc#1112878). - x86/boot: Move EISA setup to a separate file (bsc#1110006). - x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided (bsc#1110006). - x86/cpufeature: Add User-Mode Instruction Prevention definitions (bsc#1110006). - x86/cpufeatures: Add Intel Total Memory Encryption cpufeature (bsc#1110006). - x86/cpu/vmware: Do not trace vmware_sched_clock() (bsc#1114279). - x86/eisa: Add missing include (bsc#1110006). - x86/EISA: Do not probe EISA bus for Xen PV guests (bsc#1110006). - x86/fpu: Remove second definition of fpu in __fpu__restore_sig() (bsc#1110006). - x86, hibernate: Fix nosave_regions setup for hibernation (bsc#1110006). - x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772). - x86/kasan: Panic if there is not enough memory to boot (bsc#1110006). - x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error (bsc#1114279). - x86/ldt: Remove unused variable in map_ldt_struct() (bsc#1114279). - x86/ldt: Split out sanity check in map_ldt_struct() (bsc#1114279). - x86/ldt: Unmap PTEs for the slot before freeing LDT pages (bsc#1114279). - x86/MCE/AMD: Fix the thresholding machinery initialization order (bsc#1114279). - x86/MCE: Fix stack out-of-bounds write in mce-inject.c: Flags_read() (bsc#1110006). - x86/MCE: Make correctable error detection look at the Deferred bit (bsc#1114279). - x86/mm/pat: Disable preemption around __flush_tlb_all() (bsc#1114279). - x86, nfit_test: Add unit test for memcpy_mcsafe() (bsc#1112128). - x86/paravirt: Fix some warning messages (bnc#1065600). - x86/percpu: Fix this_cpu_read() (bsc#1110006). - x86/speculation: Support Enhanced IBRS on future CPUs (). - x86/time: Correct the attribute on jiffies' definition (bsc#1110006). - x86/xen: Fix boot loader version reported for PVH guests (bnc#1065600). - xen/balloon: Support xend-based toolstack (bnc#1065600). - xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062). - xen: fix race in xen_qlock_wait() (bnc#1107256). - xen: fix xen_qlock_wait() (bnc#1107256). - xen/gntdev: avoid out of bounds access in case of partial gntdev_mmap() (bnc#1065600). - xen: make xen_qlock_wait() nestable (bnc#1107256). - xen/netfront: do not bug in case of too many frags (bnc#1104824). - xen/pvh: do not try to unplug emulated devices (bnc#1065600). - xen/pvh: increase early stack size (bnc#1065600). - xen: Remove unnecessary BUG_ON from __unbind_from_irq() (bnc#1065600). - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent (bnc#1065600). - xen-swiotlb: use actually allocated size on check physical continuous (bnc#1065600). - xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfs: do not fail when converting shortform attr to long form during ATTR_REPLACE (bsc#1105025). - xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes). - xfs: Properly detect when DAX won't be used on any device (bsc#1115976). - xhci: Add check for invalid byte size error when UAS devices are connected (bsc#1051510). - xhci: Do not print a warning when setting link state for disabled ports (bsc#1051510). - xhci: Fix leaking USB3 shared_hcd at xhci removal (bsc#1051510). - xprtrdma: Do not defer fencing an async RPC's chunks (git-fixes). Important SUSE bug 1051510 SUSE bug 1055120 SUSE bug 1061840 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1066674 SUSE bug 1067906 SUSE bug 1068273 SUSE bug 1076830 SUSE bug 1078248 SUSE bug 1079524 SUSE bug 1082555 SUSE bug 1082653 SUSE bug 1083647 SUSE bug 1084760 SUSE bug 1084831 SUSE bug 1085535 SUSE bug 1086196 SUSE bug 1089350 SUSE bug 1091800 SUSE bug 1094825 SUSE bug 1095805 SUSE bug 1097755 SUSE bug 1100132 SUSE bug 1103356 SUSE bug 1103925 SUSE bug 1104124 SUSE bug 1104731 SUSE bug 1104824 SUSE bug 1105025 SUSE bug 1105428 SUSE bug 1106105 SUSE bug 1106110 SUSE bug 1106237 SUSE bug 1106240 SUSE bug 1107256 SUSE bug 1107385 SUSE bug 1107866 SUSE bug 1108377 SUSE bug 1108468 SUSE bug 1109330 SUSE bug 1109739 SUSE bug 1109772 SUSE bug 1109806 SUSE bug 1109818 SUSE bug 1109907 SUSE bug 1109911 SUSE bug 1109915 SUSE bug 1109919 SUSE bug 1109951 SUSE bug 1110006 SUSE bug 1110998 SUSE bug 1111040 SUSE bug 1111062 SUSE bug 1111174 SUSE bug 1111506 SUSE bug 1111696 SUSE bug 1111809 SUSE bug 1111921 SUSE bug 1111983 SUSE bug 1112128 SUSE bug 1112170 SUSE bug 1112173 SUSE bug 1112208 SUSE bug 1112219 SUSE bug 1112221 SUSE bug 1112246 SUSE bug 1112372 SUSE bug 1112514 SUSE bug 1112554 SUSE bug 1112708 SUSE bug 1112710 SUSE bug 1112711 SUSE bug 1112712 SUSE bug 1112713 SUSE bug 1112731 SUSE bug 1112732 SUSE bug 1112733 SUSE bug 1112734 SUSE bug 1112735 SUSE bug 1112736 SUSE bug 1112738 SUSE bug 1112739 SUSE bug 1112740 SUSE bug 1112741 SUSE bug 1112743 SUSE bug 1112745 SUSE bug 1112746 SUSE bug 1112878 SUSE bug 1112894 SUSE bug 1112899 SUSE bug 1112902 SUSE bug 1112903 SUSE bug 1112905 SUSE bug 1112906 SUSE bug 1112907 SUSE bug 1112963 SUSE bug 1113257 SUSE bug 1113284 SUSE bug 1113295 SUSE bug 1113408 SUSE bug 1113412 SUSE bug 1113501 SUSE bug 1113667 SUSE bug 1113677 SUSE bug 1113722 SUSE bug 1113751 SUSE bug 1113769 SUSE bug 1113780 SUSE bug 1113972 SUSE bug 1114015 SUSE bug 1114178 SUSE bug 1114279 SUSE bug 1114385 SUSE bug 1114576 SUSE bug 1114577 SUSE bug 1114578 SUSE bug 1114579 SUSE bug 1114580 SUSE bug 1114581 SUSE bug 1114582 SUSE bug 1114583 SUSE bug 1114584 SUSE bug 1114585 SUSE bug 1114839 SUSE bug 1115074 SUSE bug 1115269 SUSE bug 1115431 SUSE bug 1115433 SUSE bug 1115440 SUSE bug 1115567 SUSE bug 1115709 SUSE bug 1115976 SUSE bug 1116183 SUSE bug 1116692 SUSE bug 1116693 SUSE bug 1116698 SUSE bug 1116699 SUSE bug 1116700 SUSE bug 1116701 SUSE bug 1116862 SUSE bug 1116863 SUSE bug 1116876 SUSE bug 1116877 SUSE bug 1116878 SUSE bug 1116891 SUSE bug 1116895 SUSE bug 1116899 SUSE bug 1116950 SUSE bug 1117168 SUSE bug 1117172 SUSE bug 1117174 SUSE bug 1117181 SUSE bug 1117184 SUSE bug 1117188 SUSE bug 1117189 SUSE bug 1117349 SUSE bug 1117561 SUSE bug 1117788 SUSE bug 1117789 SUSE bug 1117790 SUSE bug 1117791 SUSE bug 1117792 SUSE bug 1117794 SUSE bug 1117795 SUSE bug 1117796 SUSE bug 1117798 SUSE bug 1117799 SUSE bug 1117801 SUSE bug 1117802 SUSE bug 1117803 SUSE bug 1117804 SUSE bug 1117805 SUSE bug 1117806 SUSE bug 1117807 SUSE bug 1117808 SUSE bug 1117815 SUSE bug 1117816 SUSE bug 1117817 SUSE bug 1117818 SUSE bug 1117819 SUSE bug 1117820 SUSE bug 1117821 SUSE bug 1117822 SUSE bug 1118102 SUSE bug 1118136 SUSE bug 1118137 SUSE bug 1118138 SUSE bug 1118140 SUSE bug 1118152 SUSE bug 1118316 CVE-2017-16533 CVE-2017-18224 CVE-2018-18281 CVE-2018-18386 CVE-2018-18445 CVE-2018-18710 CVE-2018-19824 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ghostscript to version 9.26 fixes the following issues: Security issues fixed: - CVE-2018-19475: Fixed bypass of an intended access restriction in psi/zdevice2.c (bsc#1117327) - CVE-2018-19476: Fixed bypass of an intended access restriction in psi/zicc.c (bsc#1117313) - CVE-2018-19477: Fixed bypass of an intended access restriction in psi/zfjbig2.c (bsc#1117274) - CVE-2018-19409: Check if another device is used correctly in LockSafetyParams (bsc#1117022) - CVE-2018-18284: Fixed potential sandbox escape through 1Policy operator (bsc#1112229) - CVE-2018-18073: Fixed leaks through operator in saved execution stacks (bsc#1111480) - CVE-2018-17961: Fixed a -dSAFER sandbox escape by bypassing executeonly (bsc#1111479) - CVE-2018-17183: Fixed a potential code injection by specially crafted PostScript files (bsc#1109105) Version update to 9.26 (bsc#1117331): - Security issues have been the primary focus - Minor bug fixes and improvements - For release summary see: http://www.ghostscript.com/doc/9.26/News.htm Important SUSE bug 1109105 SUSE bug 1111479 SUSE bug 1111480 SUSE bug 1112229 SUSE bug 1117022 SUSE bug 1117274 SUSE bug 1117313 SUSE bug 1117327 SUSE bug 1117331 CVE-2018-17183 CVE-2018-17961 CVE-2018-18073 CVE-2018-18284 CVE-2018-19409 CVE-2018-19475 CVE-2018-19476 CVE-2018-19477 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for cups fixes the following issues: Security issue fixed: - CVE-2018-4700: Fixed extremely predictable cookie generation that is effectively breaking the CSRF protection of the CUPS web interface (bsc#1115750). Important SUSE bug 1115750 CVE-2018-4700 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for tcpdump fixes the following issues: Security issues fixed: - CVE-2018-19519: Fixed a stack-based buffer over-read in the print_prefix function (bsc#1117267) Moderate SUSE bug 1117267 CVE-2018-19519 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openldap2 fixes the following issues: Security issue fixed: - CVE-2017-17740: When both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. (bsc#1073313) Moderate SUSE bug 1073313 CVE-2017-17740 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libqt5-qtbase fixes the following issues: Security issues fixed: - CVE-2018-15518: Fixed double free in QXmlStreamReader (bsc#1118595) - CVE-2018-19873: Fixed Denial of Service on malformed BMP file in QBmpHandler (bsc#1118596) Moderate SUSE bug 1118595 SUSE bug 1118596 CVE-2018-15518 CVE-2018-19873 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for qemu fixes the following issues: Security issues fixed: - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910). - CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222). - CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006). - CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010). - CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013) - CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422). - CVE-2018-16847: Fixed an out of bounds r/w buffer access in cmb operations (bsc#1114529). Non-security issue fixed: - Fixed a condition when retry logic does not have been executed in case of data transmit failure or connection hungup (bsc#1108474). Moderate SUSE bug 1106222 SUSE bug 1108474 SUSE bug 1110910 SUSE bug 1111006 SUSE bug 1111010 SUSE bug 1111013 SUSE bug 1114422 SUSE bug 1114529 CVE-2018-10839 CVE-2018-15746 CVE-2018-16847 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18849 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for bluez fixes the following issues: Security issues fixed: - CVE-2016-9800: Fixed a buffer overflow in the pin_code_reply_dump function (bsc#1013721) - CVE-2016-9801: Fixed a buffer overflow in the set_ext_ctrl function (bsc#1013732) Moderate SUSE bug 1013721 SUSE bug 1013732 CVE-2016-9800 CVE-2016-9801 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ovmf fixes the following issues: Security issues fixed: - CVE-2018-3613: Fixed AuthVariable Timestamp zeroing issue on APPEND_WRITE (bsc#1115916). - CVE-2017-5731: Fixed privilege escalation via processing of malformed files in TianoCompress.c (bsc#1115917). - CVE-2017-5732: Fixed privilege escalation via processing of malformed files in BaseUefiDecompressLib.c (bsc#1115917). - CVE-2017-5733: Fixed privilege escalation via heap-based buffer overflow in MakeTable() function (bsc#1115917). - CVE-2017-5734: Fixed privilege escalation via stack-based buffer overflow in MakeTable() function (bsc#1115917). - CVE-2017-5735: Fixed privilege escalation via heap-based buffer overflow in Decode() function (bsc#1115917). Non security issues fixed: - Fixed an issue with the default owner of PK/KEK/db/dbx and make the auto-enrollment only happen at the very first time. (bsc#1117998) Moderate SUSE bug 1115916 SUSE bug 1115917 SUSE bug 1117998 CVE-2017-5731 CVE-2017-5732 CVE-2017-5733 CVE-2017-5734 CVE-2017-5735 CVE-2018-3613 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-19210: Fixed NULL pointer dereference in the TIFFWriteDirectorySec function (bsc#1115717). - CVE-2017-12944: Fixed denial of service issue in the TIFFReadDirEntryArray function (bsc#1054594). - CVE-2016-10094: Fixed heap-based buffer overflow in the _tiffWriteProc function (bsc#1017693). - CVE-2016-10093: Fixed heap-based buffer overflow in the _TIFFmemcpy function (bsc#1017693). - CVE-2016-10092: Fixed heap-based buffer overflow in the TIFFReverseBits function (bsc#1017693). - CVE-2016-6223: Fixed out-of-bounds read on memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1() (bsc#990460). Moderate SUSE bug 1017693 SUSE bug 1054594 SUSE bug 1115717 SUSE bug 990460 CVE-2016-10092 CVE-2016-10093 CVE-2016-10094 CVE-2016-6223 CVE-2017-12944 CVE-2018-19210 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for mariadb fixes the following issues: Update to MariaDB 10.0.37 GA (bsc#1116686). Security issues fixed: - CVE-2018-3282: Server Storage Engines unspecified vulnerability (CPU Oct 2018) (bsc#1112432) - CVE-2018-3251: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112397) - CVE-2018-3174: Client programs unspecified vulnerability (CPU Oct 2018) (bsc#1112368) - CVE-2018-3156: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112417) - CVE-2018-3143: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112421) - CVE-2018-3066: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Options). (bsc#1101678) - CVE-2018-3064: InnoDB unspecified vulnerability (CPU Jul 2018) (bsc#1103342) - CVE-2018-3063: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Security Privileges). (bsc#1101677) - CVE-2018-3058: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent MyISAM). (bsc#1101676) - CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) Non-security changes: - Remove PerconaFT from the package as it has AGPL licence (bsc#1118754) - do not just remove tokudb plugin but don't build it at all (missing jemalloc dependency) Release notes and changelog: - https://kb.askmonty.org/en/mariadb-10037-release-notes - https://kb.askmonty.org/en/mariadb-10037-changelog - https://kb.askmonty.org/en/mariadb-10036-release-notes - https://kb.askmonty.org/en/mariadb-10036-changelog Important SUSE bug 1013882 SUSE bug 1101676 SUSE bug 1101677 SUSE bug 1101678 SUSE bug 1103342 SUSE bug 1112368 SUSE bug 1112397 SUSE bug 1112417 SUSE bug 1112421 SUSE bug 1112432 SUSE bug 1116686 SUSE bug 1118754 CVE-2016-9843 CVE-2018-3058 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066 CVE-2018-3143 CVE-2018-3156 CVE-2018-3174 CVE-2018-3251 CVE-2018-3282 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues: Issues fixed in MozillaFirefox: - Update to Firefox ESR 60.4 (bsc#1119105) - CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Fixed a use-after-free with select element - CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia - CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs - CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images - CVE-2018-12405: Fixed a few memory safety bugs Issues fixed in mozilla-nss: - Update to NSS 3.40.1 (bsc#1119105) - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) - CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) - Fixed a decryption failure during FFDHE key exchange - Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr: - Update mozilla-nspr to 4.20 (bsc#1119105) Important SUSE bug 1097410 SUSE bug 1106873 SUSE bug 1119069 SUSE bug 1119105 CVE-2018-0495 CVE-2018-12384 CVE-2018-12404 CVE-2018-12405 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for mailman fixes the following security vulnerabilities: - Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user's browser via specially encoded URLs (bsc#1077358 CVE-2018-5950) - Fixed a directory traversal vulnerability in MTA transports when using the recommended Mailman Transport for Exim (bsc#925502 CVE-2015-2775) - Fixed a XSS vulnerability, which allowed malicious listowners to inject scripts into the listinfo pages (bsc#1099510 CVE-2018-0618) - Fixed arbitrary text injection vulnerability in several mailman CGIs (CVE-2018-13796 bsc#1101288) - Fixed a CSRF vulnerability on the user options page (CVE-2016-6893 bsc#995352) Important SUSE bug 1077358 SUSE bug 1099510 SUSE bug 1101288 SUSE bug 925502 SUSE bug 995352 CVE-2015-2775 CVE-2016-6893 CVE-2018-0618 CVE-2018-13796 CVE-2018-5950 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for wireshark fixes the following issues: Update to Wireshark 2.4.11 (bsc#1117740). Security issues fixed: - CVE-2018-19625: The Wireshark dissection engine could crash (wnpa-sec-2018-51) - CVE-2018-19626: The DCOM dissector could crash (wnpa-sec-2018-52) - CVE-2018-19623: The LBMPDM dissector could crash (wnpa-sec-2018-53) - CVE-2018-19622: The MMSE dissector could go into an infinite loop (wnpa-sec-2018-54) - CVE-2018-19627: The IxVeriWave file parser could crash (wnpa-sec-2018-55) - CVE-2018-19624: The PVFS dissector could crash (wnpa-sec-2018-56) Further bug fixes and updated protocol support as listed in: - https://www.wireshark.org/docs/relnotes/wireshark-2.4.11.html Moderate SUSE bug 1117740 CVE-2018-19622 CVE-2018-19623 CVE-2018-19624 CVE-2018-19625 CVE-2018-19626 CVE-2018-19627 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for webkit2gtk3 fixes the following issues: Security issue fixed: - CVE-2019-8375: Fixed an issue in UIProcess subsystem which could allow the script dialog size to exceed the web view size leading to Buffer Overflow or other unspecified impact (bsc#1126768). Moderate SUSE bug 1126768 CVE-2019-8375 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel() (bsc#1130330). - CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage() (bsc#1131317). - CVE-2019-7175: Fixed multiple memory leaks in DecodeImage function (bsc#1128649). - CVE-2018-20467: Fixed infinite loop in coders/bmp.c (bsc#1120381). - CVE-2019-7398: Fixed a memory leak in the function WriteDIBImage (bsc#1124365). - CVE-2019-7397: Fixed a memory leak in the function WritePDFImage (bsc#1124366). - CVE-2019-7395: Fixed a memory leak in the function WritePSDChannel (bsc#1124368). - CVE-2018-16413: Fixed a heap-based buffer over-read in PushShortPixel() (bsc#1106989). - CVE-2018-16412: Fixed a heap-based buffer over-read in ParseImageResourceBlocks() (bsc#1106996). - CVE-2018-16644: Fixed a regression in dcm coder (bsc#1107609). - CVE-2019-11007: Fixed a heap-based buffer overflow in ReadMNGImage() (bsc#1132060). - CVE-2019-11008: Fixed a heap-based buffer overflow in WriteXWDImage() (bsc#1132054). - CVE-2019-11009: Fixed a heap-based buffer over-read in ReadXWDImage() (bsc#1132053). - Added extra -config- packages with Postscript/EPS/PDF readers still enabled. Removing the PS decoders is used to harden ImageMagick against security issues within ghostscript. Enabling them might impact security. (bsc#1122033) These are two packages that can be selected: - ImageMagick-config-6-SUSE: This has the PS decoders disabled. - ImageMagick-config-6-upstream: This has the PS decoders enabled. Depending on your local needs install either one of them. The default is the -SUSE configuration. Moderate SUSE bug 1106989 SUSE bug 1106996 SUSE bug 1107609 SUSE bug 1120381 SUSE bug 1122033 SUSE bug 1124365 SUSE bug 1124366 SUSE bug 1124368 SUSE bug 1128649 SUSE bug 1130330 SUSE bug 1131317 SUSE bug 1132053 SUSE bug 1132054 SUSE bug 1132060 CVE-2018-16412 CVE-2018-16413 CVE-2018-16644 CVE-2018-20467 CVE-2019-10650 CVE-2019-11007 CVE-2019-11008 CVE-2019-11009 CVE-2019-7175 CVE-2019-7395 CVE-2019-7397 CVE-2019-7398 CVE-2019-9956 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). Non-security issues fixed: - Fix vfs_ceph ftruncate and fallocate handling (bsc#1127153). - Abide by load_printers smb.conf parameter (bsc#1124223). - s3:winbindd: let normalize_name_map() call find_domain_from_name_noinit() (bsc#1123755). - s3:passdb: Do not return OK if we don't have pinfo set up (bsc#1099590). - s3:winbind: Fix regression (bsc#1123755). Moderate SUSE bug 1099590 SUSE bug 1123755 SUSE bug 1124223 SUSE bug 1127153 SUSE bug 1131060 CVE-2019-3880 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for wireshark to version 2.4.14 fixes the following issues: Security issues fixed: - CVE-2019-10895: NetScaler file parser crash. - CVE-2019-10899: SRVLOC dissector crash. - CVE-2019-10894: GSS-API dissector crash. - CVE-2019-10896: DOF dissector crash. - CVE-2019-10901: LDSS dissector crash. - CVE-2019-10903: DCERPC SPOOLSS dissector crash. Non-security issue fixed: - Update to version 2.4.14 (bsc#1131945). Moderate SUSE bug 1131945 CVE-2019-10894 CVE-2019-10895 CVE-2019-10896 CVE-2019-10899 CVE-2019-10901 CVE-2019-10903 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libssh2_org fixes the following issues: - Incorrect upstream fix for CVE-2019-3859 broke public key authentication [bsc#1133528, bsc#1130103] Important SUSE bug 1130103 SUSE bug 1133528 CVE-2019-3859 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for git fixes the following issue: - CVE-2018-17456: Git allowed remote code execution during processing of a recursive 'git clone' of a superproject if a .gitmodules file has a URL field beginning with a '-' character. (boo#1110949). Important SUSE bug 1110949 CVE-2018-17456 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for wpa_supplicant fixes the following issues: This security issue was fixed: - CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key messages was not checked, leading to a decryption oracle. An attacker within range of the Access Point and client could have abused the vulnerability to recover sensitive information (bsc#1104205). This non-security issue was fixed: - Enabled PWD as EAP method. This allows for password-based authentication, which is easier to setup than most of the other methods, and is used by the Eduroam network (bsc#1109209). Moderate SUSE bug 1104205 SUSE bug 1109209 CVE-2018-14526 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for atftp fixes the following issues: Security issues fixed: - CVE-2019-11366: Fixed a denial of service caused by a NULL pointer dereference because thread_list_mutex was not locked (bsc#1133145). - CVE-2019-11365: Fixed a buffer overflow which could lead to remote code execution caused by an insecure use of strncpy() (bsc#1133114). Important SUSE bug 1133114 SUSE bug 1133145 CVE-2019-11365 CVE-2019-11366 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for glibc fixes the following issues: Security issues fixed: - CVE-2019-9169: regex: fix read overrun (bsc#1127308, BZ #24114) - CVE-2016-10739: Fully parse IPv4 address strings (bsc#1122729, BZ #20018) - CVE-2009-5155: ERE '0|()0|\1|0' causes regexec undefined behavior (bsc#1127223, BZ #18986) Non-security issues fixed: - Enable TLE only if GLIBC_ELISION_ENABLE=yes is defined (bsc#1131994, fate#322271) - Add more checks for valid ld.so.cache file (bsc#1110661, BZ #18093) - Added cfi information for start routines in order to stop unwinding (bsc#1128574) - ja_JP locale: Add entry for the new Japanese era (bsc#1100396, fate#325570, BZ #22964) Moderate SUSE bug 1100396 SUSE bug 1110661 SUSE bug 1122729 SUSE bug 1127223 SUSE bug 1127308 SUSE bug 1128574 SUSE bug 1131994 CVE-2009-5155 CVE-2016-10739 CVE-2019-9169 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for krb5 fixes the following issues: Security issue fixed: - CVE-2018-20217: Fixed an assertion issue with older encryption types (bsc#1120489) Important SUSE bug 1120489 CVE-2018-20217 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libjpeg-turbo fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-14498: Fixed a heap-based buffer over read in get_8bit_row function which could allow to an attacker to cause denial of service (bsc#1128712). - CVE-2018-11813: Fixed the end-of-file mishandling in read_pixel in rdtarga.c, which allowed remote attackers to cause a denial-of-service via crafted JPG files due to a large loop (bsc#1096209) - CVE-2018-1152: Fixed a denial of service in start_input_bmp() rdbmp.c caused by a divide by zero when processing a crafted BMP image (bsc#1098155) Moderate SUSE bug 1096209 SUSE bug 1098155 SUSE bug 1128712 CVE-2018-1152 CVE-2018-11813 CVE-2018-14498 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for hostinfo, supportutils fixes the following issues: Security issues fixed for supportutils: - CVE-2018-19640: Fixed an issue where users could kill arbitrary processes (bsc#1118463). - CVE-2018-19638: Fixed an issue where users could overwrite arbitrary log files (bsc#1118460). - CVE-2018-19639: Fixed a code execution if run with -v (bsc#1118462). - CVE-2018-19637: Fixed an issue where static temporary filename could allow overwriting of files (bsc#1117776). - CVE-2018-19636: Fixed a local root exploit via inclusion of attacker controlled shell script (bsc#1117751). Other issues fixed for supportutils: - Fixed invalid exit code commands (bsc#1125666) - SUSE separation in supportconfig (bsc#1125623) - Clarified supportconfig(8) -x option (bsc#1115245) - supportconfig: 3.0.127 - btrfs filesystem usage - List products.d - Dump lsof errors - Added ha commands for corosync - Dumped find errors in ib_info Issues fixed in hostinfo: - Removed extra kernel install dates (bsc#1099498) - Resolved network bond issue (bsc#1054979) Important SUSE bug 1054979 SUSE bug 1099498 SUSE bug 1115245 SUSE bug 1117751 SUSE bug 1117776 SUSE bug 1118460 SUSE bug 1118462 SUSE bug 1118463 SUSE bug 1125623 SUSE bug 1125666 CVE-2018-19636 CVE-2018-19637 CVE-2018-19638 CVE-2018-19639 CVE-2018-19640 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssl-1_1 to version 1.1.1b fixes the following issues: - Changed the info callback signals for the start and end of a post-handshake message exchange in TLSv1.3. - Fixed a bug in DTLS over SCTP. This breaks interoperability with older versions of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2. - Fixed the handling of strerror_r with glibc. Moderate SUSE bug 1133925 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for webkit2gtk3 to version 2.24.1 fixes the following issues: Security issues fixed: - CVE-2019-6201, CVE-2019-6251, CVE-2019-7285, CVE-2019-7292, CVE-2019-8503, CVE-2019-8506, CVE-2019-8515, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-11070 (bsc#1132256). Important SUSE bug 1132256 CVE-2019-11070 CVE-2019-6201 CVE-2019-6251 CVE-2019-7285 CVE-2019-7292 CVE-2019-8503 CVE-2019-8506 CVE-2019-8515 CVE-2019-8524 CVE-2019-8535 CVE-2019-8536 CVE-2019-8544 CVE-2019-8551 CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ovmf fixes the following issues: Security issue fixed: - CVE-2019-0161: Fixed a stack overflow in UsbBusDxe and UsbBusPei, which could potentially be triggered by a local unauthenticated user (bsc#1131361). Moderate SUSE bug 1131361 CVE-2019-0161 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for freeradius-server fixes the following issues: Security issues fixed: - CVE-2019-11235: Fixed an authentication bypass related to the EAP-PWD Commit frame and insufficent validation of elliptic curve points (bsc#1132549). - CVE-2019-11234: Fixed an authentication bypass caused by reflecting privous values back to the server (bsc#1132664). Important SUSE bug 1132549 SUSE bug 1132664 CVE-2019-11234 CVE-2019-11235 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for mariadb to version 10.2.19 fixes the following issues: (bsc#1116686) Security issues fixed: - CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) - CVE-2018-3282, CVE-2018-3174, CVE-2018-3143, CVE-2018-3156, CVE-2018-3251, CVE-2018-3185, CVE-2018-3277, CVE-2018-3162, CVE-2018-3173, CVE-2018-3200, CVE-2018-3284: Fixed multiple denial of service vulnerabilities (bsc#1112432, bsc#1112368, bsc#1112421, bsc#1112417, bsc#1112397, bsc#1112391, bsc#1112415, bsc#1112386, bsc#1112404, bsc#1112377, bsc#1112384) Non-security issues fixed: - Fixed database corruption after renaming a prefix-indexed column (bsc#1120041) - Remove PerconaFT from the package as it has a AGPL license (bsc#1118754) - Enable testing for client plugins (bsc#1111859) - Improve test coverage by keeping debug_key_management.so (bsc#1111858) Important SUSE bug 1013882 SUSE bug 1111858 SUSE bug 1111859 SUSE bug 1112368 SUSE bug 1112377 SUSE bug 1112384 SUSE bug 1112386 SUSE bug 1112391 SUSE bug 1112397 SUSE bug 1112404 SUSE bug 1112415 SUSE bug 1112417 SUSE bug 1112421 SUSE bug 1112432 SUSE bug 1116686 SUSE bug 1118754 SUSE bug 1120041 CVE-2016-9843 CVE-2018-3143 CVE-2018-3156 CVE-2018-3162 CVE-2018-3173 CVE-2018-3174 CVE-2018-3185 CVE-2018-3200 CVE-2018-3251 CVE-2018-3277 CVE-2018-3282 CVE-2018-3284 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2018-8740: Fixed a NULL pointer dereference related to corrupted databases schemas (bsc#1085790). - CVE-2017-10989: Fixed a heap-based buffer over-read in getNodeSize() (bsc#1132045). Moderate SUSE bug 1085790 SUSE bug 1132045 CVE-2017-10989 CVE-2018-8740 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for jakarta-commons-fileupload fixes the following issue: Security issue fixed: - CVE-2016-1000031: Fixed remote execution (bsc#1128963, bsc#1128829). Important SUSE bug 1128829 SUSE bug 1128963 CVE-2016-1000031 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_8_0-openjdk to version 8u212 fixes the following issues: Security issues fixed: - CVE-2019-2602: Better String parsing (bsc#1132728). - CVE-2019-2684: More dynamic RMI interactions (bsc#1132732). - CVE-2019-2698: Fuzzing TrueType fonts - setCurrGlyphID() (bsc#1132729). - CVE-2019-2422: Better FileChannel (bsc#1122293). - CVE-2018-11212: Improve JPEG (bsc#1122299). Non-Security issue fixed: - Disable LTO (bsc#1133135). - Added Japanese new era name. Important SUSE bug 1122293 SUSE bug 1122299 SUSE bug 1132728 SUSE bug 1132729 SUSE bug 1132732 SUSE bug 1133135 CVE-2018-11212 CVE-2018-3639 CVE-2019-2422 CVE-2019-2426 CVE-2019-2602 CVE-2019-2684 CVE-2019-2698 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libxslt fixes the following issues: - CVE-2019-11068: Fixed a protection mechanism bypass where callers of xsltCheckRead() and xsltCheckWrite() would permit access upon receiving an error (bsc#1132160). Moderate SUSE bug 1132160 CVE-2019-11068 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ucode-intel fixes the following issues: This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331) Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the CPU Microcode adjustments for the software mitigations. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Release notes: - Processor Identifier Version Products - Model Stepping F-MO-S/PI Old->New - ---- new platforms ---------------------------------------- - CLX-SP B1 6-55-7/bf 05000021 Xeon Scalable Gen2 - ---- updated platforms ------------------------------------ - SNB D2/G1/Q0 6-2a-7/12 0000002e->0000002f Core Gen2 - IVB E1/L1 6-3a-9/12 00000020->00000021 Core Gen3 - HSW C0 6-3c-3/32 00000025->00000027 Core Gen4 - BDW-U/Y E0/F0 6-3d-4/c0 0000002b->0000002d Core Gen5 - IVB-E/EP C1/M1/S1 6-3e-4/ed 0000042e->0000042f Core Gen3 X Series; Xeon E5 v2 - IVB-EX D1 6-3e-7/ed 00000714->00000715 Xeon E7 v2 - HSX-E/EP Cx/M1 6-3f-2/6f 00000041->00000043 Core Gen4 X series; Xeon E5 v3 - HSX-EX E0 6-3f-4/80 00000013->00000014 Xeon E7 v3 - HSW-U C0/D0 6-45-1/72 00000024->00000025 Core Gen4 - HSW-H C0 6-46-1/32 0000001a->0000001b Core Gen4 - BDW-H/E3 E0/G0 6-47-1/22 0000001e->00000020 Core Gen5 - SKL-U/Y D0/K1 6-4e-3/c0 000000c6->000000cc Core Gen6 - SKX-SP H0/M0/U0 6-55-4/b7 0200005a->0000005e Xeon Scalable - SKX-D M1 6-55-4/b7 0200005a->0000005e Xeon D-21xx - BDX-DE V1 6-56-2/10 00000019->0000001a Xeon D-1520/40 - BDX-DE V2/3 6-56-3/10 07000016->07000017 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 - BDX-DE Y0 6-56-4/10 0f000014->0f000015 Xeon D-1557/59/67/71/77/81/87 - BDX-NS A0 6-56-5/10 0e00000c->0e00000d Xeon D-1513N/23/33/43/53 - APL D0 6-5c-9/03 00000036->00000038 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx - SKL-H/S R0/N0 6-5e-3/36 000000c6->000000cc Core Gen6; Xeon E3 v5 - DNV B0 6-5f-1/01 00000024->0000002e Atom Processor C Series - GLK B0 6-7a-1/01 0000002c->0000002e Pentium Silver N/J5xxx, Celeron N/J4xxx - AML-Y22 H0 6-8e-9/10 0000009e->000000b4 Core Gen8 Mobile - KBL-U/Y H0 6-8e-9/c0 0000009a->000000b4 Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 0000009e->000000b4 Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000a4->000000b8 Core Gen8 Mobile - WHL-U V0 6-8e-d/94 000000b2->000000b8 Core Gen8 Mobile - KBL-G/H/S/E3 B0 6-9e-9/2a 0000009a->000000b4 Core Gen7; Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 000000aa->000000b4 Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 000000aa->000000b4 Core Gen8 - CFL-H/S P0 6-9e-c/22 000000a2->000000ae Core Gen9 Important SUSE bug 1111331 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for qemu fixes the following issues: - CVE-2019-9824: Fixed an information leak in slirp (bsc#1129622) - CVE-2019-8934: Added method to specify whether or not to expose certain ppc64 host information, which can be considered a security issue (bsc#1126455) - CVE-2019-3812: Fixed OOB memory access and information leak in virtual monitor interface (bsc#1125721) - CVE-2018-20815: Fix DOS possibility in device tree processing (bsc#1130675) - Adjust fix for CVE-2019-8934 (bsc#1126455) to match the latest upstream adjustments for the same. Basically now the security fix is to provide a dummy host-model and host-serial value, which overrides getting that value from the host - CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091: Added x86 cpu feature 'md-clear' (bsc#1111331) Other bugs fixed: - Use a new approach to handling the file input to -smbios option, which accepts either legacy or per-spec formats regardless of the machine type. - Drop the 'ampersand 0x25 shift altgr' line in pt-br keymap file (bsc#1129962) Important SUSE bug 1111331 SUSE bug 1125721 SUSE bug 1126455 SUSE bug 1129622 SUSE bug 1129962 SUSE bug 1130675 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-20815 CVE-2019-11091 CVE-2019-3812 CVE-2019-8934 CVE-2019-9824 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) This kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 The following security bugs were fixed: - CVE-2018-16880: A flaw was found in the handle_rx() function in the vhost_net driver. A malicious virtual guest, under specific conditions, could trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (bnc#1122767). - CVE-2019-3882: A flaw was found in the vfio interface implementation that permitted violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). (bnc#1131416 bnc#1131427). - CVE-2019-9003: Attackers could trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a 'service ipmievd restart' loop (bnc#1126704). - CVE-2019-9500: A brcmfmac heap buffer overflow in brcmf_wowl_nd_results was fixed. (bnc#1132681). - CVE-2019-9503: A brcmfmac frame validation bypass was fixed. (bnc#1132828). The following non-security bugs were fixed: - 9p: do not trust pdu content for stat item size (bsc#1051510). - ACPI: acpi_pad: Do not launch acpi_pad threads on idle cpus (bsc#1113399). - acpi, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#1112128) (bsc#1132426). - ACPI / SBS: Fix GPE storm on recent MacBookPro's (bsc#1051510). - alsa: core: Fix card races between register and disconnect (bsc#1051510). - alsa: echoaudio: add a check for ioremap_nocache (bsc#1051510). - alsa: firewire: add const qualifier to identifiers for read-only symbols (bsc#1051510). - alsa: firewire-motu: add a flag for AES/EBU on XLR interface (bsc#1051510). - alsa: firewire-motu: add specification flag for position of flag for MIDI messages (bsc#1051510). - alsa: firewire-motu: add support for MOTU Audio Express (bsc#1051510). - alsa: firewire-motu: add support for Motu Traveler (bsc#1051510). - alsa: firewire-motu: use 'version' field of unit directory to identify model (bsc#1051510). - alsa: hda - add Lenovo IdeaCentre B550 to the power_save_blacklist (bsc#1051510). - alsa: hda - Add two more machines to the power_save_blacklist (bsc#1051510). - alsa: hda - Enforces runtime_resume after S3 and S4 for each codec (bsc#1051510). - alsa: hda: Initialize power_state field properly (bsc#1051510). - alsa: hda/realtek - Add new Dell platform for headset mode (bsc#1051510). - alsa: hda/realtek - Add quirk for Tuxedo XC 1509 (bsc#1131442). - alsa: hda/realtek - Add support for Acer Aspire E5-523G/ES1-432 headset mic (bsc#1051510). - alsa: hda/realtek - Add support headset mode for DELL WYSE AIO (bsc#1051510). - alsa: hda/realtek - Add support headset mode for New DELL WYSE NB (bsc#1051510). - alsa: hda/realtek - add two more pin configuration sets to quirk table (bsc#1051510). - alsa: hda/realtek - Apply the fixup for ASUS Q325UAR (bsc#1051510). - alsa: hda/realtek: Enable ASUS X441MB and X705FD headset MIC with ALC256 (bsc#1051510). - alsa: hda/realtek: Enable headset MIC of Acer AIO with ALC286 (bsc#1051510). - alsa: hda/realtek: Enable headset MIC of Acer Aspire Z24-890 with ALC286 (bsc#1051510). - alsa: hda/realtek: Enable headset mic of ASUS P5440FF with ALC256 (bsc#1051510). - alsa: hda/realtek - Fixed Dell AIO speaker noise (bsc#1051510). - alsa: hda - Record the current power state before suspend/resume calls (bsc#1051510). - alsa: info: Fix racy addition/deletion of nodes (bsc#1051510). - alsa: line6: use dynamic buffers (bsc#1051510). - alsa: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration (bsc#1051510). - alsa: PCM: check if ops are defined before suspending PCM (bsc#1051510). - alsa: pcm: Do not suspend stream in unrecoverable PCM state (bsc#1051510). - alsa: pcm: Fix possible OOB access in PCM oss plugins (bsc#1051510). - alsa: rawmidi: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: sb8: add a check for request_region (bsc#1051510). - alsa: seq: Fix OOB-reads from strlcpy (bsc#1051510). - alsa: seq: oss: Fix Spectre v1 vulnerability (bsc#1051510). - ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe (bsc#1051510). - ASoC: fsl_esai: fix channel swap issue when stream starts (bsc#1051510). - ASoC: topology: free created components in tplg load error (bsc#1051510). - assume flash part size to be 4MB, if it can't be determined (bsc#1127371). - ath10k: avoid possible string overflow (bsc#1051510). - auxdisplay: hd44780: Fix memory leak on ->remove() (bsc#1051510). - auxdisplay: ht16k33: fix potential user-after-free on module unload (bsc#1051510). - batman-adv: Reduce claim hash refcnt only for removed entry (bsc#1051510). - batman-adv: Reduce tt_global hash refcnt only for removed entry (bsc#1051510). - batman-adv: Reduce tt_local hash refcnt only for removed entry (bsc#1051510). - bcm2835 MMC issues (bsc#1070872). - blkcg: Introduce blkg_root_lookup() (bsc#1131673). - blkcg: Make blkg_root_lookup() work for queues in bypass mode (bsc#1131673). - blk-mq: adjust debugfs and sysfs register when updating nr_hw_queues (bsc#1131673). - blk-mq: Avoid that submitting a bio concurrently with device removal triggers a crash (bsc#1131673). - blk-mq: change gfp flags to GFP_NOIO in blk_mq_realloc_hw_ctxs (bsc#1131673). - blk-mq: fallback to previous nr_hw_queues when updating fails (bsc#1131673). - blk-mq: init hctx sched after update ctx and hctx mapping (bsc#1131673). - blk-mq: realloc hctx when hw queue is mapped to another node (bsc#1131673). - blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter (bsc#1131673). - block: Ensure that a request queue is dissociated from the cgroup controller (bsc#1131673). - block: Fix a race between request queue removal and the block cgroup controller (bsc#1131673). - block: Introduce blk_exit_queue() (bsc#1131673). - block: kABI fixes for bio_rewind_iter() removal (bsc#1131673). - block: remove bio_rewind_iter() (bsc#1131673). - bluetooth: btusb: request wake pin with NOAUTOEN (bsc#1051510). - bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt (bsc#1051510). - bluetooth: Fix decrementing reference count twice in releasing socket (bsc#1051510). - bluetooth: hci_ldisc: Initialize hci_dev before open() (bsc#1051510). - bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto() (bsc#1051510). - bluetooth: hci_uart: Check if socket buffer is ERR_PTR in h4_recv_buf() (bsc#1133731). - bnxt_en: Drop oversize TX packets to prevent errors (networking-stable-19_03_07). - bonding: fix PACKET_ORIGDEV regression (git-fixes). - bpf: fix use after free in bpf_evict_inode (bsc#1083647). - btrfs: Avoid possible qgroup_rsv_size overflow in btrfs_calculate_inode_block_rsv_size (git-fixes). - btrfs: check for refs on snapshot delete resume (bsc#1131335). - btrfs: fix assertion failure on fsync with NO_HOLES enabled (bsc#1131848). - btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks (git-fixes). - btrfs: fix deadlock between clone/dedupe and rename (bsc#1130518). - btrfs: fix incorrect file size after shrinking truncate and fsync (bsc#1130195). - btrfs: remove WARN_ON in log_dir_items (bsc#1131847). - btrfs: save drop_progress if we drop refs at all (bsc#1131336). - cdrom: Fix race condition in cdrom_sysctl_register (bsc#1051510). - cgroup: fix parsing empty mount option string (bsc#1133094). - cifs: allow guest mounts to work for smb3.11 (bsc#1051510). - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510). - cifs: do not dereference smb_file_target before null check (bsc#1051510). - cifs: Do not hide EINTR after sending network packets (bsc#1051510). - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510). - cifs: Do not reset lease state to NONE on lease break (bsc#1051510). - cifs: Fix adjustment of credits for MTU requests (bsc#1051510). - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510). - cifs: Fix credits calculations for reads with errors (bsc#1051510). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542). - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510). - cifs: Fix potential OOB access of lock element array (bsc#1051510). - cifs: Fix read after write for files with read caching (bsc#1051510). - clk: clk-twl6040: Fix imprecise external abort for pdmclk (bsc#1051510). - clk: fractional-divider: check parent rate only if flag is set (bsc#1051510). - clk: ingenic: Fix doc of ingenic_cgu_div_info (bsc#1051510). - clk: ingenic: Fix round_rate misbehaving with non-integer dividers (bsc#1051510). - clk: rockchip: fix frac settings of GPLL clock for rk3328 (bsc#1051510). - clk: sunxi-ng: v3s: Fix TCON reset de-assert bit (bsc#1051510). - clk: vc5: Abort clock configuration without upstream clock (bsc#1051510). - clk: x86: Add system specific quirk to mark clocks as critical (bsc#1051510). - clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown (bsc#1051510). - clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR (bsc#1051510). - cpcap-charger: generate events for userspace (bsc#1051510). - cpufreq: pxa2xx: remove incorrect __init annotation (bsc#1051510). - cpufreq: tegra124: add missing of_node_put() (bsc#1051510). - cpupowerutils: bench - Fix cpu online check (bsc#1051510). - cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178). - crypto: caam - add missing put_device() call (bsc#1129770). - crypto: crypto4xx - properly set IV after de- and encrypt (bsc#1051510). - crypto: pcbc - remove bogus memcpy()s with src == dest (bsc#1051510). - crypto: sha256/arm - fix crash bug in Thumb2 build (bsc#1051510). - crypto: sha512/arm - fix crash bug in Thumb2 build (bsc#1051510). - crypto: x86/poly1305 - fix overflow during partial reduction (bsc#1051510). - cxgb4: Add capability to get/set SGE Doorbell Queue Timer Tick (bsc#1127371). - cxgb4: Added missing break in ndo_udp_tunnel_{add/del} (bsc#1127371). - cxgb4: Add flag tc_flower_initialized (bsc#1127371). - cxgb4: Add new T5 PCI device id 0x50ae (bsc#1127371). - cxgb4: Add new T5 PCI device ids 0x50af and 0x50b0 (bsc#1127371). - cxgb4: Add new T6 PCI device ids 0x608a (bsc#1127371). - cxgb4: add per rx-queue counter for packet errors (bsc#1127371). - cxgb4: Add support for FW_ETH_TX_PKT_VM_WR (bsc#1127371). - cxgb4: add support to display DCB info (bsc#1127371). - cxgb4: Add support to read actual provisioned resources (bsc#1127371). - cxgb4: collect ASIC LA dumps from ULP TX (bsc#1127371). - cxgb4: collect hardware queue descriptors (bsc#1127371). - cxgb4: collect number of free PSTRUCT page pointers (bsc#1127371). - cxgb4: convert flower table to use rhashtable (bsc#1127371). - cxgb4: cxgb4: use FW_PORT_ACTION_L1_CFG32 for 32 bit capability (bsc#1127371). - cxgb4/cxgb4vf: Add support for SGE doorbell queue timer (bsc#1127371). - cxgb4/cxgb4vf: Fix mac_hlist initialization and free (bsc#1127374). - cxgb4/cxgb4vf: Link management changes (bsc#1127371). - cxgb4/cxgb4vf: Program hash region for {t4/t4vf}_change_mac() (bsc#1127371). - cxgb4: display number of rx and tx pages free (bsc#1127371). - cxgb4: do not return DUPLEX_UNKNOWN when link is down (bsc#1127371). - cxgb4: Export sge_host_page_size to ulds (bsc#1127371). - cxgb4: fix the error path of cxgb4_uld_register() (bsc#1127371). - cxgb4: impose mandatory VLAN usage when non-zero TAG ID (bsc#1127371). - cxgb4: Mask out interrupts that are not enabled (bsc#1127175). - cxgb4: move Tx/Rx free pages collection to common code (bsc#1127371). - cxgb4: remove redundant assignment to vlan_cmd.dropnovlan_fm (bsc#1127371). - cxgb4: Remove SGE_HOST_PAGE_SIZE dependency on page size (bsc#1127371). - cxgb4: remove the unneeded locks (bsc#1127371). - cxgb4: specify IQTYPE in fw_iq_cmd (bsc#1127371). - cxgb4: Support ethtool private flags (bsc#1127371). - cxgb4: update supported DCB version (bsc#1127371). - cxgb4: use new fw interface to get the VIN and smt index (bsc#1127371). - cxgb4vf: Few more link management changes (bsc#1127374). - cxgb4vf: fix memleak in mac_hlist initialization (bsc#1127374). - cxgb4vf: Update port information in cxgb4vf_open() (bsc#1127374). - device_cgroup: fix RCU imbalance in error case (bsc#1051510). - device property: Fix the length used in PROPERTY_ENTRY_STRING() (bsc#1051510). - Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc (bsc#1051510). - dmaengine: imx-dma: fix warning comparison of distinct pointer types (bsc#1051510). - dmaengine: qcom_hidma: assign channel cookie correctly (bsc#1051510). - dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid (bsc#1051510). - dmaengine: tegra: avoid overflow of byte tracking (bsc#1051510). - dm: disable DISCARD if the underlying storage no longer supports it (bsc#1114638). - Drivers: hv: vmbus: Offload the handling of channels to two workqueues (bsc#1130567). - Drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() (bsc#1130567). - drm: Auto-set allow_fb_modifiers when given modifiers at plane init (bsc#1051510). - drm: bridge: dw-hdmi: Fix overflow workaround for Rockchip SoCs (bsc#1113722) - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers (bsc#1051510). - drm/i915/bios: assume eDP is present on port A when there is no VBT (bsc#1051510). - drm/i915/gvt: Add in context mmio 0x20D8 to gen9 mmio list (bsc#1113722) - drm/i915/gvt: Annotate iomem usage (bsc#1051510). - drm/i915/gvt: do not deliver a workload if its creation fails (bsc#1051510). - drm/i915/gvt: do not let pin count of shadow mm go negative (bsc#1113722) - drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check (bsc#1051510). - drm/i915: Relax mmap VMA check (bsc#1051510). - drm/imx: ignore plane updates on disabled crtcs (bsc#1051510). - drm/imx: imx-ldb: add missing of_node_puts (bsc#1051510). - drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata() (bsc#1113722) - drm/meson: Fix invalid pointer in meson_drv_unbind() (bsc#1051510). - drm/meson: Uninstall IRQ handler (bsc#1051510). - drm/nouveau/debugfs: Fix check of pm_runtime_get_sync failure (bsc#1051510). - drm/nouveau: Stop using drm_crtc_force_disable (bsc#1051510). - drm/nouveau/volt/gf117: fix speedo readout register (bsc#1051510). - drm/rockchip: vop: reset scale mode when win is disabled (bsc#1113722) - drm/sun4i: Add missing drm_atomic_helper_shutdown at driver unbind (bsc#1113722) - drm/sun4i: Fix component unbinding and component master deletion (bsc#1113722) - drm/sun4i: Set device driver data at bind time for use in unbind (bsc#1113722) - drm/sun4i: Unbind components before releasing DRM and memory (bsc#1113722) - drm/udl: add a release method and delay modeset teardown (bsc#1085536) - drm/vc4: Fix memory leak during gpu reset. (bsc#1113722) - dsa: mv88e6xxx: Ensure all pending interrupts are handled prior to exit (networking-stable-19_02_20). - e1000e: fix cyclic resets at link up with active tx (bsc#1051510). - e1000e: Fix -Wformat-truncation warnings (bsc#1051510). - ext2: Fix underflow in ext2_max_size() (bsc#1131174). - ext4: add mask of ext4 flags to swap (bsc#1131170). - ext4: add missing brelse() in add_new_gdb_meta_bg() (bsc#1131176). - ext4: Avoid panic during forced reboot (bsc#1126356). - ext4: brelse all indirect buffer in ext4_ind_remove_space() (bsc#1131173). - ext4: cleanup bh release code in ext4_ind_remove_space() (bsc#1131851). - ext4: cleanup pagecache before swap i_data (bsc#1131178). - ext4: fix check of inode in swap_inode_boot_loader (bsc#1131177). - ext4: fix data corruption caused by unaligned direct AIO (bsc#1131172). - ext4: fix EXT4_IOC_SWAP_BOOT (bsc#1131180). - ext4: fix NULL pointer dereference while journal is aborted (bsc#1131171). - ext4: update quota information while swapping boot loader inode (bsc#1131179). - fbdev: fbmem: fix memory access if logo is bigger than the screen (bsc#1051510). - fix cgroup_do_mount() handling of failure exits (bsc#1133095). - Fix kabi after 'md: batch flush requests.' (bsc#1119680). - Fix struct page kABI after adding atomic for ppc (bsc#1131326, bsc#1108937). - fm10k: Fix a potential NULL pointer dereference (bsc#1051510). - fs: avoid fdput() after failed fdget() in vfs_dedupe_file_range() (bsc#1132384, bsc#1132219). - fs/dax: deposit pagetable even when installing zero page (bsc#1126740). - fs/nfs: Fix nfs_parse_devname to not modify it's argument (git-fixes). - futex: Cure exit race (bsc#1050549). - futex: Ensure that futex address is aligned in handle_futex_death() (bsc#1050549). - futex: Handle early deadlock return correctly (bsc#1050549). - gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input (bsc#1051510). - gpio: gpio-omap: fix level interrupt idling (bsc#1051510). - gpio: of: Fix of_gpiochip_add() error path (bsc#1051510). - gre6: use log_ecn_error module parameter in ip6_tnl_rcv() (git-fixes). - hid: i2c-hid: Ignore input report if there's no data present on Elan touchpanels (bsc#1133486). - hid: intel-ish-hid: avoid binding wrong ishtp_cl_device (bsc#1051510). - hid: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR busy_clear bit (bsc#1051510). - hv_netvsc: Fix IP header checksum for coalesced packets (networking-stable-19_03_07). - hv: reduce storvsc_ringbuffer_size from 1M to 128K to simplify booting with 1k vcpus (). - hv: reduce storvsc_ringbuffer_size from 1M to 128K to simplify booting with 1k vcpus (fate#323887). - hwrng: virtio - Avoid repeated init of completion (bsc#1051510). - i2c: Make i2c_unregister_device() NULL-aware (bsc#1108193). - i2c: tegra: fix maximum transfer size (bsc#1051510). - ibmvnic: Enable GRO (bsc#1132227). - ibmvnic: Fix completion structure initialization (bsc#1131659). - ibmvnic: Fix netdev feature clobbering during a reset (bsc#1132227). - iio: adc: at91: disable adc channel interrupt in timeout case (bsc#1051510). - iio: adc: fix warning in Qualcomm PM8xxx HK/XOADC driver (bsc#1051510). - iio: ad_sigma_delta: select channel when reading register (bsc#1051510). - iio: core: fix a possible circular locking dependency (bsc#1051510). - iio: cros_ec: Fix the maths for gyro scale calculation (bsc#1051510). - iio: dac: mcp4725: add missing powerdown bits in store eeprom (bsc#1051510). - iio: Fix scan mask selection (bsc#1051510). - iio/gyro/bmg160: Use millidegrees for temperature scale (bsc#1051510). - iio: gyro: mpu3050: fix chip ID reading (bsc#1051510). - input: cap11xx - switch to using set_brightness_blocking() (bsc#1051510). - input: matrix_keypad - use flush_delayed_work() (bsc#1051510). - input: snvs_pwrkey - initialize necessary driver data before enabling IRQ (bsc#1051510). - input: st-keyscan - fix potential zalloc NULL dereference (bsc#1051510). - input: synaptics-rmi4 - write config register values to the right offset (bsc#1051510). - input: uinput - fix undefined behavior in uinput_validate_absinfo() (bsc#1120902). - intel_idle: add support for Jacobsville (jsc#SLE-5394). - io: accel: kxcjk1013: restore the range after resume (bsc#1051510). - iommu/amd: Fix NULL dereference bug in match_hid_uid (bsc#1130336). - iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE (bsc#1130337). - iommu/amd: Reserve exclusion range in iova-domain (bsc#1130425). - iommu/amd: Set exclusion range correctly (bsc#1130425). - iommu: Do not print warning when IOMMU driver only supports unmanaged domains (bsc#1130130). - iommu/vt-d: Check capability before disabling protected memory (bsc#1130338). - ip6: fix PMTU discovery when using /127 subnets (git-fixes). - ip6mr: Do not call __IP6_INC_STATS() from preemptible context (git-fixes). - ip6_tunnel: fix ip6 tunnel lookup in collect_md mode (git-fixes). - ipmi: Fix I2C client removal in the SSIF driver (bsc#1108193). - ipmi_ssif: Remove duplicate NULL check (bsc#1108193). - ipv4: Return error for RTA_VIA attribute (networking-stable-19_03_07). - ipv4/route: fail early when inet dev is missing (git-fixes). - ipv6: Fix dangling pointer when ipv6 fragment (git-fixes). - ipv6: propagate genlmsg_reply return code (networking-stable-19_02_24). - ipv6: Return error for RTA_VIA attribute (networking-stable-19_03_07). - ipv6: sit: reset ip header pointer in ipip6_rcv (git-fixes). - ipvlan: disallow userns cap_net_admin to change global mode/flags (networking-stable-19_03_15). - ipvs: remove IPS_NAT_MASK check to fix passive FTP (git-fixes). - irqchip/gic-v3-its: Avoid parsing _indirect_ twice for Device table (bsc#1051510). - irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable (bsc#1051510). - iscsi_ibft: Fix missing break in switch statement (bsc#1051510). - iw_cxgb4: cq/qp mask depends on bar2 pages in a host page (bsc#1127371). - iwiwifi: fix bad monitor buffer register addresses (bsc#1129770). - iwlwifi: fix send hcmd timeout recovery flow (bsc#1129770). - iwlwifi: mvm: fix firmware statistics usage (bsc#1129770). - jbd2: clear dirty flag when revoking a buffer from an older transaction (bsc#1131167). - jbd2: fix compile warning when using JBUFFER_TRACE (bsc#1131168). - kABI: restore icmp_send (kabi). - kabi/severities: add cxgb4 and cxgb4vf shared data to the whitelis (bsc#1127372) - kabi/severities: add libcxgb to cxgb intra module symbols as well - kabi/severities: exclude cxgb4 inter-module symbols - kasan: fix shadow_size calculation error in kasan_module_alloc (bsc#1051510). - kbuild: fix false positive warning/error about missing libelf (bsc#1051510). - kbuild: modversions: Fix relative CRC byte order interpretation (bsc#1131290). - kbuild: strip whitespace in cmd_record_mcount findstring (bsc#1065729). - kcm: switch order of device registration to fix a crash (bnc#1130527). - kernfs: do not set dentry->d_fsdata (boo#1133115). - keys: always initialize keyring_index_key::desc_len (bsc#1051510). - keys: user: Align the payload buffer (bsc#1051510). - kvm: Call kvm_arch_memslots_updated() before updating memslots (bsc#1132563). - kvm: Fix kABI for AMD SMAP Errata workaround (bsc#1133149). - kvm: nVMX: Apply addr size mask to effective address for VMX instructions (bsc#1132561). - kvm: nVMX: Ignore limit checks on VMX instructions using flat segments (bsc#1132564). - kvm: nVMX: Sign extend displacements of VMX instr's mem operands (bsc#1132562). - kvm: PPC: Book3S HV: Fix race between kvm_unmap_hva_range and MMU mode switch (bsc#1061840). - kvm: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation) (bsc#1133149). - kvm: VMX: Compare only a single byte for VMCS' 'launched' in vCPU-run (bsc#1132555). - kvm: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts (bsc#1114279). - kvm: x86/mmu: Detect MMIO generation wrap in any address space (bsc#1132570). - kvm: x86/mmu: Do not cache MMIO accesses while memslots are in flux (bsc#1132571). - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID (bsc#1111331). - leds: pca9532: fix a potential NULL pointer dereference (bsc#1051510). - libceph: wait for latest osdmap in ceph_monc_blacklist_add() (bsc#1130427). - libertas_tf: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510). - lightnvm: if LUNs are already allocated fix return (bsc#1085535). - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a new <linux/bits.h> file (bsc#1111331). - mac80211: do not call driver wake_tx_queue op during reconfig (bsc#1051510). - mac80211: Fix Tx aggregation session tear down with ITXQs (bsc#1051510). - mac80211_hwsim: propagate genlmsg_reply return code (bsc#1051510). - md: batch flush requests (bsc#1119680). - md: Fix failed allocation of md_register_thread (git-fixes). - md/raid1: do not clear bitmap bits on interrupted recovery (git-fixes). - md/raid5: fix 'out of memory' during raid cache recovery (git-fixes). - media: mt9m111: set initial frame size other than 0x0 (bsc#1051510). - media: mtk-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: mx2_emmaprp: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: rc: mce_kbd decoder: fix stuck keys (bsc#1100132). - media: s5p-g2d: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: s5p-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: sh_veu: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: v4l2-ctrls.c/uvc: zero v4l2_event (bsc#1051510). - media: vb2: do not call __vb2_queue_cancel if vb2_start_streaming failed (bsc#1119086). - memremap: fix softlockup reports at teardown (bnc#1130154). - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S (bsc#1051510). - missing barriers in some of unix_sock ->addr and ->path accesses (networking-stable-19_03_15). - mmc: davinci: remove extraneous __init annotation (bsc#1051510). - mmc: pxamci: fix enum type confusion (bsc#1051510). - mmc: sdhci: Fix data command CRC error handling (bsc#1051510). - mmc: sdhci: Handle auto-command errors (bsc#1051510). - mmc: sdhci: Rename SDHCI_ACMD12_ERR and SDHCI_INT_ACMD12ERR (bsc#1051510). - mmc: tmio_mmc_core: do not claim spurious interrupts (bsc#1051510). - mm/debug.c: fix __dump_page when mapping->host is not set (bsc#1131934). - mm: Fix modifying of page protection by insert_pfn() (bsc#1126740). - mm: Fix warning in insert_pfn() (bsc#1126740). - mm/huge_memory.c: fix modifying of page protection by insert_pfn_pmd() (bsc#1126740). - mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate() (bsc#1131935). - mm/vmalloc: fix size check for remap_vmalloc_range_partial() (bsc#1133825). - mpls: Return error for RTA_GATEWAY attribute (networking-stable-19_03_07). - mt7601u: bump supported EEPROM version (bsc#1051510). - mwifiex: do not advertise IBSS features without FW support (bsc#1129770). - net: Add header for usage of fls64() (networking-stable-19_02_20). - net: Add __icmp_send helper (networking-stable-19_03_07). - net: avoid false positives in untrusted gso validation (git-fixes). - net: avoid use IPCB in cipso_v4_error (networking-stable-19_03_07). - net: bridge: add vlan_tunnel to bridge port policies (git-fixes). - net: bridge: fix per-port af_packet sockets (git-fixes). - net: bridge: multicast: use rcu to access port list from br_multicast_start_querier (git-fixes). - net: datagram: fix unbounded loop in __skb_try_recv_datagram() (git-fixes). - net: Do not allocate page fragments that are not skb aligned (networking-stable-19_02_20). - net: dsa: mv88e6xxx: Fix u64 statistics (networking-stable-19_03_07). - net: ena: update driver version from 2.0.2 to 2.0.3 (bsc#1129276 bsc#1125342). - netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING (git-fixes). - netfilter: check for seqadj ext existence before adding it in nf_nat_setup_info (git-fixes). - netfilter: ip6t_MASQUERADE: add dependency on conntrack module (git-fixes). - netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit() (git-fixes). - netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt (git-fixes). - netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target} (git-fixes). - netfilter: x_tables: fix int overflow in xt_alloc_table_info() (git-fixes). - net: Fix for_each_netdev_feature on Big endian (networking-stable-19_02_20). - net: fix IPv6 prefix route residue (networking-stable-19_02_20). - net: Fix untag for vlan packets without ethernet header (git-fixes). - net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off (git-fixes). - net/hsr: Check skb_put_padto() return value (git-fixes). - net: hsr: fix memory leak in hsr_dev_finalize() (networking-stable-19_03_15). - net/hsr: fix possible crash in add_timer() (networking-stable-19_03_15). - netlabel: fix out-of-bounds memory accesses (networking-stable-19_03_07). - netlink: fix nla_put_{u8,u16,u32} for KASAN (git-fixes). - net/mlx5e: Do not overwrite pedit action when multiple pedit used (networking-stable-19_02_24). - net/ncsi: Fix AEN HNCDSC packet length (git-fixes). - net/ncsi: Stop monitor if channel times out or is inactive (git-fixes). - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails (networking-stable-19_03_07). - net/packet: fix 4gb buffer limit due to overflow check (networking-stable-19_02_24). - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec (git-fixes). - net_sched: acquire RTNL in tc_action_net_exit() (git-fixes). - net_sched: fix two more memory leaks in cls_tcindex (networking-stable-19_02_24). - net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255 (networking-stable-19_03_15). - net: sit: fix memory leak in sit_init_net() (networking-stable-19_03_07). - net: sit: fix UBSAN Undefined behaviour in check_6rd (networking-stable-19_03_15). - net: socket: set sock->sk to NULL after calling proto_ops::release() (networking-stable-19_03_07). - net-sysfs: Fix mem leak in netdev_register_kobject (git-fixes). - net: validate untrusted gso packets without csum offload (networking-stable-19_02_20). - net/x25: fix a race in x25_bind() (networking-stable-19_03_15). - net/x25: fix use-after-free in x25_device_event() (networking-stable-19_03_15). - net/x25: reset state in x25_connect() (networking-stable-19_03_15). - net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() (git-fixes). - nfc: nci: Add some bounds checking in nci_hci_cmd_received() (bsc#1051510). - nfs: Add missing encode / decode sequence_maxsz to v4.2 operations (git-fixes). - nfsd4: catch some false session retries (git-fixes). - nfsd4: fix cached replies to solo SEQUENCE compounds (git-fixes). - nfsd: fix memory corruption caused by readdir (bsc#1127445). - nfsd: fix memory corruption caused by readdir (bsc#1127445). - nfs: Do not recoalesce on error in nfs_pageio_complete_mirror() (git-fixes). - nfs: Do not use page_file_mapping after removing the page (git-fixes). - nfs: Fix an I/O request leakage in nfs_do_recoalesce (git-fixes). - nfs: Fix a soft lockup in the delegation recovery code (git-fixes). - nfs: Fix a typo in nfs_init_timeout_values() (git-fixes). - nfs: Fix dentry revalidation on NFSv4 lookup (bsc#1132618). - nfs: Fix I/O request leakages (git-fixes). - nfs: fix mount/umount race in nlmclnt (git-fixes). - nfs/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount (git-fixes). - nfsv4.1 do not free interrupted slot on open (git-fixes). - nfsv4.1: Reinitialise sequence results before retransmitting a request (git-fixes). - nfsv4/flexfiles: Fix invalid deref in FF_LAYOUT_DEVID_NODE() (git-fixes). - nvme: add proper discard setup for the multipath device (bsc#1114638). - nvme: fix the dangerous reference of namespaces list (bsc#1131673). - nvme: make sure ns head inherits underlying device limits (bsc#1131673). - nvme-multipath: avoid crash on invalid subsystem cntlid enumeration (bsc#1129273). - nvme-multipath: split bios with the ns_head bio_set before submitting (bsc#1103259, bsc#1131673). - nvme: only reconfigure discard if necessary (bsc#1114638). - nvme: schedule requeue whenever a LIVE state is entered (bsc#1123105). - ocfs2: fix inode bh swapping mixup in ocfs2_reflink_inodes_lock (bsc#1131169). - pci: Add function 1 DMA alias quirk for Marvell 9170 SATA controller (bsc#1051510). - pci: designware-ep: dw_pcie_ep_set_msi() should only set MMC bits (bsc#1051510). - pci: designware-ep: Read-only registers need DBI_RO_WR_EN to be writable (bsc#1051510). - pci: pciehp: Convert to threaded IRQ (bsc#1133005). - pci: pciehp: Ignore Link State Changes after powering off a slot (bsc#1133005). - phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs (bsc#1051510). - pM / wakeup: Rework wakeup source timer cancellation (bsc#1051510). - powercap: intel_rapl: add support for Jacobsville (). - powercap: intel_rapl: add support for Jacobsville (FATE#327454). - powerpc/64: Call setup_barrier_nospec() from setup_arch() (bsc#1131107). - powerpc/64: Disable the speculation barrier from the command line (bsc#1131107). - powerpc64/ftrace: Include ftrace.h needed for enable/disable calls (bsc#1088804, git-fixes). - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (bsc#1131107). - powerpc/64s: Add new security feature flags for count cache flush (bsc#1131107). - powerpc/64s: Add support for software count cache flush (bsc#1131107). - powerpc/64s: Fix logic when handling unknown CPU features (bsc#1055117). - powerpc/64s: Fix page table fragment refcount race vs speculative references (bsc#1131326, bsc#1108937). - powerpc/asm: Add a patch_site macro & helpers for patching instructions (bsc#1131107). - powerpc: avoid -mno-sched-epilog on GCC 4.9 and newer (bsc#1065729). - powerpc: consolidate -mno-sched-epilog into FTRACE flags (bsc#1065729). - powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest (bsc#1061840). - powerpc/fsl: Fix spectre_v2 mitigations reporting (bsc#1131107). - powerpc/hugetlb: Handle mmap_min_addr correctly in get_unmapped_area callback (bsc#1131900). - powerpc/kvm: Save and restore host AMR/IAMR/UAMOR (bsc#1061840). - powerpc/mm: Add missing tracepoint for tlbie (bsc#1055117, git-fixes). - powerpc/mm: Check secondary hash page table (bsc#1065729). - powerpc/mm: Fix page table dump to work on Radix (bsc#1055186, fate#323286, git-fixes). - powerpc/mm: Fix page table dump to work on Radix (bsc#1055186, git-fixes). - powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown search (bsc#1131900). - powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186, fate#323286, git-fixes). - powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186, git-fixes). - powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186, fate#323286, git-fixes). - powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186, git-fixes). - powerpc/numa: document topology_updates_enabled, disable by default (bsc#1133584). - powerpc/numa: improve control of topology updates (bsc#1133584). - powerpc/perf: Fix unit_sel/cache_sel checks (bsc#1053043). - powerpc/perf: Remove l2 bus events from HW cache event array (bsc#1053043). - powerpc/powernv/cpuidle: Init all present cpus for deep states (bsc#1055121). - powerpc/powernv: Do not reprogram SLW image on every KVM guest entry/exit (bsc#1061840). - powerpc/powernv/ioda2: Remove redundant free of TCE pages (bsc#1061840). - powerpc/powernv/ioda: Allocate indirect TCE levels of cached userspace addresses on demand (bsc#1061840). - powerpc/powernv/ioda: Fix locked_vm counting for memory used by IOMMU tables (bsc#1061840). - powerpc/powernv: Make opal log only readable by root (bsc#1065729). - powerpc/powernv: Query firmware for count cache flush settings (bsc#1131107). - powerpc/powernv: Remove never used pnv_power9_force_smt4 (bsc#1061840). - powerpc/pseries/mce: Fix misleading print for TLB mutlihit (bsc#1094244, git-fixes). - powerpc/pseries: Query hypervisor for count cache flush settings (bsc#1131107). - powerpc/security: Fix spectre_v2 reporting (bsc#1131107). - powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587). - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#1131587). - power: supply: charger-manager: Fix incorrect return value (bsc#1051510). - pwm-backlight: Enable/disable the PWM before/after LCD enable toggle (bsc#1051510). - qmi_wwan: Add support for Quectel EG12/EM12 (networking-stable-19_03_07). - qmi_wwan: apply SET_DTR quirk to Sierra WP7607 (bsc#1051510). - qmi_wwan: Fix qmap header retrieval in qmimux_rx_fixup (bsc#1051510). - raid10: It's wrong to add len to sector_nr in raid10 reshape twice (git-fixes). - ras/cec: Check the correct variable in the debugfs error handling (bsc#1085535). - ravb: Decrease TxFIFO depth of Q3 and Q2 to one (networking-stable-19_03_15). - rdma/cxgb4: Add support for 64Byte cqes (bsc#1127371). - rdma/cxgb4: Add support for kernel mode SRQ's (bsc#1127371). - rdma/cxgb4: Add support for srq functions & structs (bsc#1127371). - rdma/cxgb4: fix some info leaks (bsc#1127371). - rdma/cxgb4: Make c4iw_poll_cq_one() easier to analyze (bsc#1127371). - rdma/cxgb4: Remove a set-but-not-used variable (bsc#1127371). - rdma/iw_cxgb4: Drop __GFP_NOFAIL (bsc#1127371). - rds: fix refcount bug in rds_sock_addref (git-fixes). - rds: tcp: atomically purge entries from rds_tcp_conn_list during netns delete (git-fixes). - regulator: max77620: Initialize values for DT properties (bsc#1051510). - regulator: s2mpa01: Fix step values for some LDOs (bsc#1051510). - Revert drm/i915 patches that caused regressions (bsc#1131062) - Revert 'ipv4: keep skb->dst around in presence of IP options' (git-fixes). - rhashtable: Still do rehash when we get EEXIST (bsc#1051510). - ring-buffer: Check if memory is available before allocation (bsc#1132531). - rpm/config.sh: Fix build project and bugzilla product. - rtc: 88pm80x: fix unintended sign extension (bsc#1051510). - rtc: 88pm860x: fix unintended sign extension (bsc#1051510). - rtc: cmos: ignore bogus century byte (bsc#1051510). - rtc: ds1672: fix unintended sign extension (bsc#1051510). - rtc: Fix overflow when converting time64_t to rtc_time (bsc#1051510). - rtc: pm8xxx: fix unintended sign extension (bsc#1051510). - rtnetlink: bring NETDEV_CHANGE_TX_QUEUE_LEN event process back in rtnetlink_event (git-fixes). - rtnetlink: bring NETDEV_CHANGEUPPER event process back in rtnetlink_event (git-fixes). - rtnetlink: bring NETDEV_POST_TYPE_CHANGE event process back in rtnetlink_event (git-fixes). - rtnetlink: check DO_SETLINK_NOTIFY correctly in do_setlink (git-fixes). - rxrpc: Do not release call mutex on error pointer (git-fixes). - rxrpc: Do not treat call aborts as conn aborts (git-fixes). - rxrpc: Fix client call queueing, waiting for channel (networking-stable-19_03_15). - rxrpc: Fix Tx ring annotation after initial Tx failure (git-fixes). - s390/dasd: fix panic for failed online processing (bsc#1132589). - s390/pkey: move pckmo subfunction available checks away from module init (bsc#1128544). - s390/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - scsi: libiscsi: fix possible NULL pointer dereference in case of TMF (bsc#1127378). - scsi: libsas: allocate sense buffer for bsg queue (bsc#1131467). - scsi: qla2xxx: Add new FC-NVMe enable BIT to enable FC-NVMe feature (bsc#1130579). - sctp: call gso_reset_checksum when computing checksum in sctp_gso_segment (networking-stable-19_02_24). - serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart (bsc#1051510). - serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling (bsc#1051510). - serial: imx: Update cached mctrl value when changing RTS (bsc#1051510). - serial: max310x: Fix to avoid potential NULL pointer dereference (bsc#1051510). - serial: sh-sci: Fix setting SCSCR_TIE while transferring data (bsc#1051510). - sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach() (networking-stable-19_02_24). - smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510). - soc: fsl: qbman: avoid race in clearing QMan interrupt (bsc#1051510). - SoC: imx-sgtl5000: add missing put_device() (bsc#1051510). - soc: qcom: gsbi: Fix error handling in gsbi_probe() (bsc#1051510). - soc/tegra: fuse: Fix illegal free of IO base address (bsc#1051510). - spi: pxa2xx: Setup maximum supported DMA transfer length (bsc#1051510). - spi: ti-qspi: Fix mmap read when more than one CS in use (bsc#1051510). - spi/topcliff_pch: Fix potential NULL dereference on allocation error (bsc#1051510). - staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf (bsc#1051510). - staging: comedi: ni_usb6501: Fix use of uninitialized mutex (bsc#1051510). - staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf (bsc#1051510). - staging: comedi: vmk80xx: Fix use of uninitialized semaphore (bsc#1051510). - staging: iio: ad7192: Fix ad7193 channel address (bsc#1051510). - staging: rtl8712: uninitialized memory in read_bbreg_hdl() (bsc#1051510). - staging: vt6655: Fix interrupt race condition on device start up (bsc#1051510). - staging: vt6655: Remove vif check from vnt_interrupt (bsc#1051510). - sunrpc/cache: handle missing listeners better (bsc#1126221). - sunrpc: fix 4 more call sites that were using stack memory with a scatterlist (git-fixes). - supported.conf: Add vxlan to kernel-default-base (bsc#1132083). - supported.conf: dw_mmc-bluefield is not needed in kernel-default-base (bsc#1131574). - svm/avic: Fix invalidate logical APIC id entry (bsc#1132726). - svm: Fix AVIC DFR and LDR handling (bsc#1132558). - svm: Fix improper check when deactivate AVIC (bsc#1130335). - sysctl: handle overflow for file-max (bsc#1051510). - tcp: fix TCP_REPAIR_QUEUE bound checking (git-fixes). - tcp: tcp_v4_err() should be more careful (networking-stable-19_02_20). - thermal: bcm2835: Fix crash in bcm2835_thermal_debugfs (bsc#1051510). - thermal/intel_powerclamp: fix truncated kthread name (). - thermal/intel_powerclamp: fix truncated kthread name (FATE#326597). - tipc: fix race condition causing hung sendto (networking-stable-19_03_07). - tpm: Fix some name collisions with drivers/char/tpm.h (bsc#1051510). - tpm: Fix the type of the return value in calc_tpm2_event_size() (bsc#1082555). - tpm_tis_spi: Pass the SPI IRQ down to the driver (bsc#1051510). - tpm/tpm_crb: Avoid unaligned reads in crb_recv() (bsc#1051510). - tracing: Fix a memory leak by early error exit in trace_pid_write() (bsc#1133702). - tracing: Fix buffer_ref pipe ops (bsc#1133698). - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account (bsc#1132527). - tty: atmel_serial: fix a potential NULL pointer dereference (bsc#1051510). - tun: fix blocking read (networking-stable-19_03_07). - tun: remove unnecessary memory barrier (networking-stable-19_03_07). - udf: Fix crash on IO error during truncate (bsc#1131175). - uio: Reduce return paths from uio_write() (bsc#1051510). - Update patches.kabi/kabi-cxgb4-MU.patch (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584 bsc#1127371). - usb: cdc-acm: fix race during wakeup blocking TX traffic (bsc#1129770). - usb: chipidea: Grab the (legacy) USB PHY by phandle first (bsc#1051510). - usb: common: Consider only available nodes for dr_mode (bsc#1129770). - usb: core: only clean up what we allocated (bsc#1051510). - usb: dwc3: gadget: Fix the uninitialized link_state when udc starts (bsc#1051510). - usb: dwc3: gadget: synchronize_irq dwc irq in suspend (bsc#1051510). - usb: f_fs: Avoid crash due to out-of-scope stack ptr access (bsc#1051510). - usb: gadget: f_hid: fix deadlock in f_hidg_write() (bsc#1129770). - usb: gadget: Potential NULL dereference on allocation error (bsc#1051510). - usb: host: xhci-rcar: Add XHCI_TRUST_TX_LENGTH quirk (bsc#1051510). - usb: mtu3: fix EXTCON dependency (bsc#1051510). - usb: phy: fix link errors (bsc#1051510). - usb: phy: twl6030-usb: fix possible use-after-free on remove (bsc#1051510). - usb: serial: cp210x: add ID for Ingenico 3070 (bsc#1129770). - usb: serial: cp210x: add new device id (bsc#1051510). - usb: serial: cp210x: fix GPIO in autosuspend (bsc#1120902). - usb: serial: ftdi_sio: add additional NovaTech products (bsc#1051510). - usb: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485 (bsc#1129770). - usb: serial: mos7720: fix mos_parport refcount imbalance on error path (bsc#1129770). - usb: serial: option: add Olicard 600 (bsc#1051510). - usb: serial: option: add support for Quectel EM12 (bsc#1051510). - usb: serial: option: add Telit ME910 ECM composition (bsc#1129770). - usb: serial: option: set driver_info for SIM5218 and compatibles (bsc#1129770). - vfs: allow dedupe of user owned read-only files (bsc#1133778, bsc#1132219). - vfs: avoid problematic remapping requests into partial EOF block (bsc#1133850, bsc#1132219). - vfs: dedupe: extract helper for a single dedup (bsc#1133769, bsc#1132219). - vfs: dedupe should return EPERM if permission is not granted (bsc#1133779, bsc#1132219). - vfs: exit early from zero length remap operations (bsc#1132411, bsc#1132219). - vfs: export vfs_dedupe_file_range_one() to modules (bsc#1133772, bsc#1132219). - vfs: limit size of dedupe (bsc#1132397, bsc#1132219). - vfs: rename clone_verify_area to remap_verify_area (bsc#1133852, bsc#1132219). - vfs: skip zero-length dedupe requests (bsc#1133851, bsc#1132219). - vfs: swap names of {do,vfs}_clone_file_range() (bsc#1133774, bsc#1132219). - vfs: vfs_clone_file_prep_inodes should return EINVAL for a clone from beyond EOF (bsc#1133780, bsc#1132219). - video: fbdev: Set pixclock = 0 in goldfishfb (bsc#1051510). - vxlan: test dev->flags & IFF_UP before calling netif_rx() (networking-stable-19_02_20). - wil6210: check null pointer in _wil_cfg80211_merge_extra_ies (bsc#1051510). - wlcore: Fix memory leak in case wl12xx_fetch_firmware failure (bsc#1051510). - x86/cpu: Add Atom Tremont (Jacobsville) (). - x86/cpu: Add Atom Tremont (Jacobsville) (FATE#327454). - x86/CPU/AMD: Set the CPB bit unconditionally on F17h (bsc#1114279). - x86/cpu: Sanitize FAM6_ATOM naming (bsc#1111331). - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (bsc#1111331). - x86/kvm/hyper-v: avoid spurious pending stimer on vCPU init (bsc#1132572). - x86/kvm/vmx: Add MDS protection when L1D Flush is not active (bsc#1111331). - x86/MCE/AMD, EDAC/mce_amd: Add new error descriptions for some SMCA bank types (bsc#1128415). - x86/MCE/AMD, EDAC/mce_amd: Add new McaTypes for CS, PSP, and SMU units (bsc#1128415). - x86/MCE/AMD, EDAC/mce_amd: Add new MP5, NBIO, and PCIE SMCA bank types (bsc#1128415). - x86/mce/AMD, EDAC/mce_amd: Enumerate Reserved SMCA bank type (bsc#1128415). - x86/mce/AMD: Pass the bank number to smca_get_bank_type() (bsc#1128415). - x86/MCE: Fix kABI for new AMD bank names (bsc#1128415). - x86/mce: Handle varying MCA bank counts (bsc#1128415). - x86/mce: Improve error message when kernel cannot recover, p2 (bsc#1114279). - x86/msr-index: Cleanup bit defines (bsc#1111331). - x86/PCI: Fixup RTIT_BAR of Intel Denverton Trace Hub (bsc#1120318). - x86/speculation: Consolidate CPU whitelists (bsc#1111331). - x86/speculation/mds: Add basic bug infrastructure for MDS (bsc#1111331). - x86/speculation/mds: Add BUG_MSBDS_ONLY (bsc#1111331). - x86/speculation/mds: Add mds_clear_cpu_buffers() (bsc#1111331). - x86/speculation/mds: Add mds=full,nosmt cmdline option (bsc#1111331). - x86/speculation/mds: Add mitigation control for MDS (bsc#1111331). - x86/speculation/mds: Add mitigation mode VMWERV (bsc#1111331). - x86/speculation/mds: Add 'mitigations=' support for MDS (bsc#1111331). - x86/speculation/mds: Add SMT warning message (bsc#1111331). - x86/speculation/mds: Add sysfs reporting for MDS (bsc#1111331). - x86/speculation/mds: Clear CPU buffers on exit to user (bsc#1111331). - x86/speculation/mds: Conditionally clear CPU buffers on idle entry (bsc#1111331). - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (bsc#1111331). - x86/speculation: Move arch_smt_update() call to after mitigation decisions (bsc#1111331). - x86/speculation: Prevent deadlock on ssb_state::lock (bsc#1114279). - x86/speculation: Simplify the CPU bug detection logic (bsc#1111331). - x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - x86/tsc: Force inlining of cyc2ns bits (bsc#1052904). - x86/uaccess: Do not leak the AC flag into __put_user() value evaluation (bsc#1114279). - xen-netback: do not populate the hash cache on XenBus disconnect (networking-stable-19_03_07). - xen-netback: fix occasional leak of grant ref mappings under memory pressure (networking-stable-19_03_07). - xen: Prevent buffer overflow in privcmd ioctl (bsc#1065600). - xfrm: do not call rcu_read_unlock when afinfo is NULL in xfrm_get_tos (git-fixes). - xfrm: Fix ESN sequence number handling for IPsec GSO packets (git-fixes). - xfrm: fix rcu_read_unlock usage in xfrm_local_error (git-fixes). - xfs: add the ability to join a held buffer to a defer_ops (bsc#1133674). - xfs: allow xfs_lock_two_inodes to take different EXCL/SHARED modes (bsc#1132370, bsc#1132219). - xfs: call xfs_qm_dqattach before performing reflink operations (bsc#1132368, bsc#1132219). - xfs: cap the length of deduplication requests (bsc#1132373, bsc#1132219). - xfs: clean up xfs_reflink_remap_blocks call site (bsc#1132413, bsc#1132219). - xfs: fix data corruption w/ unaligned dedupe ranges (bsc#1132405, bsc#1132219). - xfs: fix data corruption w/ unaligned reflink ranges (bsc#1132407, bsc#1132219). - xfs: fix pagecache truncation prior to reflink (bsc#1132412, bsc#1132219). - xfs: fix reporting supported extra file attributes for statx() (bsc#1133529). - xfs: flush removing page cache in xfs_reflink_remap_prep (bsc#1132414, bsc#1132219). - xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute (bsc#1133675). - xfs: only grab shared inode locks for source file during reflink (bsc#1132372, bsc#1132219). - xfs: refactor clonerange preparation into a separate helper (bsc#1132402, bsc#1132219). - xfs: refactor xfs_trans_roll (bsc#1133667). - xfs: reflink find shared should take a transaction (bsc#1132226, bsc#1132219). - xfs: reflink should break pnfs leases before sharing blocks (bsc#1132369, bsc#1132219). - xfs: remove dest file's post-eof preallocations before reflinking (bsc#1132365, bsc#1132219). - xfs: remove the ip argument to xfs_defer_finish (bsc#1133672). - xfs: rename xfs_defer_join to xfs_defer_ijoin (bsc#1133668). - xfs: update ctime and remove suid before cloning files (bsc#1132404, bsc#1132219). - xfs: zero posteof blocks when cloning above eof (bsc#1132403, bsc#1132219). - xhci: Do not let USB3 ports stuck in polling state prevent suspend (bsc#1051510). - xhci: Fix port resume done detection for SS ports with LPM enabled (bsc#1051510). Important SUSE bug 1050549 SUSE bug 1051510 SUSE bug 1052904 SUSE bug 1053043 SUSE bug 1055117 SUSE bug 1055121 SUSE bug 1055186 SUSE bug 1061840 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1070872 SUSE bug 1082555 SUSE bug 1083647 SUSE bug 1085535 SUSE bug 1085536 SUSE bug 1088804 SUSE bug 1094244 SUSE bug 1097583 SUSE bug 1097584 SUSE bug 1097585 SUSE bug 1097586 SUSE bug 1097587 SUSE bug 1097588 SUSE bug 1100132 SUSE bug 1103186 SUSE bug 1103259 SUSE bug 1108193 SUSE bug 1108937 SUSE bug 1111331 SUSE bug 1112128 SUSE bug 1112178 SUSE bug 1113399 SUSE bug 1113722 SUSE bug 1114279 SUSE bug 1114542 SUSE bug 1114638 SUSE bug 1119086 SUSE bug 1119680 SUSE bug 1120318 SUSE bug 1120902 SUSE bug 1122767 SUSE bug 1123105 SUSE bug 1125342 SUSE bug 1126221 SUSE bug 1126356 SUSE bug 1126704 SUSE bug 1126740 SUSE bug 1127175 SUSE bug 1127371 SUSE bug 1127372 SUSE bug 1127374 SUSE bug 1127378 SUSE bug 1127445 SUSE bug 1128415 SUSE bug 1128544 SUSE bug 1129273 SUSE bug 1129276 SUSE bug 1129770 SUSE bug 1130130 SUSE bug 1130154 SUSE bug 1130195 SUSE bug 1130335 SUSE bug 1130336 SUSE bug 1130337 SUSE bug 1130338 SUSE bug 1130425 SUSE bug 1130427 SUSE bug 1130518 SUSE bug 1130527 SUSE bug 1130567 SUSE bug 1130579 SUSE bug 1131062 SUSE bug 1131107 SUSE bug 1131167 SUSE bug 1131168 SUSE bug 1131169 SUSE bug 1131170 SUSE bug 1131171 SUSE bug 1131172 SUSE bug 1131173 SUSE bug 1131174 SUSE bug 1131175 SUSE bug 1131176 SUSE bug 1131177 SUSE bug 1131178 SUSE bug 1131179 SUSE bug 1131180 SUSE bug 1131290 SUSE bug 1131326 SUSE bug 1131335 SUSE bug 1131336 SUSE bug 1131416 SUSE bug 1131427 SUSE bug 1131442 SUSE bug 1131467 SUSE bug 1131574 SUSE bug 1131587 SUSE bug 1131659 SUSE bug 1131673 SUSE bug 1131847 SUSE bug 1131848 SUSE bug 1131851 SUSE bug 1131900 SUSE bug 1131934 SUSE bug 1131935 SUSE bug 1132083 SUSE bug 1132219 SUSE bug 1132226 SUSE bug 1132227 SUSE bug 1132365 SUSE bug 1132368 SUSE bug 1132369 SUSE bug 1132370 SUSE bug 1132372 SUSE bug 1132373 SUSE bug 1132384 SUSE bug 1132397 SUSE bug 1132402 SUSE bug 1132403 SUSE bug 1132404 SUSE bug 1132405 SUSE bug 1132407 SUSE bug 1132411 SUSE bug 1132412 SUSE bug 1132413 SUSE bug 1132414 SUSE bug 1132426 SUSE bug 1132527 SUSE bug 1132531 SUSE bug 1132555 SUSE bug 1132558 SUSE bug 1132561 SUSE bug 1132562 SUSE bug 1132563 SUSE bug 1132564 SUSE bug 1132570 SUSE bug 1132571 SUSE bug 1132572 SUSE bug 1132589 SUSE bug 1132618 SUSE bug 1132681 SUSE bug 1132726 SUSE bug 1132828 SUSE bug 1132943 SUSE bug 1133005 SUSE bug 1133094 SUSE bug 1133095 SUSE bug 1133115 SUSE bug 1133149 SUSE bug 1133486 SUSE bug 1133529 SUSE bug 1133584 SUSE bug 1133667 SUSE bug 1133668 SUSE bug 1133672 SUSE bug 1133674 SUSE bug 1133675 SUSE bug 1133698 SUSE bug 1133702 SUSE bug 1133731 SUSE bug 1133769 SUSE bug 1133772 SUSE bug 1133774 SUSE bug 1133778 SUSE bug 1133779 SUSE bug 1133780 SUSE bug 1133825 SUSE bug 1133850 SUSE bug 1133851 SUSE bug 1133852 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-16880 CVE-2019-11091 CVE-2019-3882 CVE-2019-9003 CVE-2019-9500 CVE-2019-9503 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 Azure kernel was updated to receive various security and bugfixes. Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) This kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel. For more information on this set of information leaks, check out https://www.suse.com/support/kb/doc/?id=7023736 The following security bugs were fixed: - CVE-2018-16880: A flaw was found in the handle_rx() function in the vhost_net driver. A malicious virtual guest, under specific conditions, could trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (bnc#1122767). - CVE-2019-9003: Attackers could trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a 'service ipmievd restart' loop (bnc#1126704). - CVE-2019-9503: A brcmfmac frame validation bypass was fixed. (bnc#1132828). - CVE-2019-9500: A brcmfmac heap buffer overflow in brcmf_wowl_nd_results was fixed. (bnc#1132681). - CVE-2019-3882: A flaw was found in the vfio interface implementation that permitted violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). (bnc#1131416 bnc#1131427). The following non-security bugs were fixed: - 9p: do not trust pdu content for stat item size (bsc#1051510). - acpi: acpi_pad: Do not launch acpi_pad threads on idle cpus (bsc#1113399). - acpi, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#112128) (bsc#1132426). - acpi / sbs: Fix GPE storm on recent MacBookPro's (bsc#1051510). - alsa: core: Fix card races between register and disconnect (bsc#1051510). - alsa: echoaudio: add a check for ioremap_nocache (bsc#1051510). - alsa: firewire: add const qualifier to identifiers for read-only symbols (bsc#1051510). - alsa: firewire-motu: add a flag for AES/EBU on XLR interface (bsc#1051510). - alsa: firewire-motu: add specification flag for position of flag for MIDI messages (bsc#1051510). - alsa: firewire-motu: add support for MOTU Audio Express (bsc#1051510). - alsa: firewire-motu: add support for Motu Traveler (bsc#1051510). - alsa: firewire-motu: use 'version' field of unit directory to identify model (bsc#1051510). - alsa: hda - add Lenovo IdeaCentre B550 to the power_save_blacklist (bsc#1051510). - alsa: hda - Add two more machines to the power_save_blacklist (bsc#1051510). - alsa: hda - Enforces runtime_resume after S3 and S4 for each codec (bsc#1051510). - alsa: hda: Initialize power_state field properly (bsc#1051510). - alsa: hda/realtek - Add new Dell platform for headset mode (bsc#1051510). - alsa: hda/realtek - Add quirk for Tuxedo XC 1509 (bsc#1131442). - alsa: hda/realtek - Add support for Acer Aspire E5-523G/ES1-432 headset mic (bsc#1051510). - alsa: hda/realtek - Add support headset mode for DELL WYSE AIO (bsc#1051510). - alsa: hda/realtek - Add support headset mode for New DELL WYSE NB (bsc#1051510). - alsa: hda/realtek - add two more pin configuration sets to quirk table (bsc#1051510). - alsa: hda/realtek - Apply the fixup for ASUS Q325UAR (bsc#1051510). - alsa: hda/realtek: Enable ASUS X441MB and X705FD headset MIC with ALC256 (bsc#1051510). - alsa: hda/realtek: Enable headset MIC of Acer AIO with ALC286 (bsc#1051510). - alsa: hda/realtek: Enable headset MIC of Acer Aspire Z24-890 with ALC286 (bsc#1051510). - alsa: hda/realtek: Enable headset mic of ASUS P5440FF with ALC256 (bsc#1051510). - alsa: hda/realtek - Fixed Dell AIO speaker noise (bsc#1051510). - alsa: hda - Record the current power state before suspend/resume calls (bsc#1051510). - alsa: info: Fix racy addition/deletion of nodes (bsc#1051510). - alsa: line6: use dynamic buffers (bsc#1051510). - alsa: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration (bsc#1051510). - alsa: PCM: check if ops are defined before suspending PCM (bsc#1051510). - alsa: pcm: Do not suspend stream in unrecoverable PCM state (bsc#1051510). - alsa: pcm: Fix possible OOB access in PCM oss plugins (bsc#1051510). - alsa: rawmidi: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: sb8: add a check for request_region (bsc#1051510). - alsa: seq: Fix OOB-reads from strlcpy (bsc#1051510). - alsa: seq: oss: Fix Spectre v1 vulnerability (bsc#1051510). - ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe (bsc#1051510). - ASoC: fsl_esai: fix channel swap issue when stream starts (bsc#1051510). - ASoC: topology: free created components in tplg load error (bsc#1051510). - assume flash part size to be 4MB, if it can't be determined (bsc#1127371). - ath10k: avoid possible string overflow (bsc#1051510). - auxdisplay: hd44780: Fix memory leak on ->remove() (bsc#1051510). - auxdisplay: ht16k33: fix potential user-after-free on module unload (bsc#1051510). - batman-adv: Reduce claim hash refcnt only for removed entry (bsc#1051510). - batman-adv: Reduce tt_global hash refcnt only for removed entry (bsc#1051510). - batman-adv: Reduce tt_local hash refcnt only for removed entry (bsc#1051510). - bcm2835 MMC issues (bsc#1070872). - blkcg: Introduce blkg_root_lookup() (bsc#1131673). - blkcg: Make blkg_root_lookup() work for queues in bypass mode (bsc#1131673). - blk-mq: adjust debugfs and sysfs register when updating nr_hw_queues (bsc#1131673). - blk-mq: Avoid that submitting a bio concurrently with device removal triggers a crash (bsc#1131673). - blk-mq: change gfp flags to GFP_NOIO in blk_mq_realloc_hw_ctxs (bsc#1131673). - blk-mq: fallback to previous nr_hw_queues when updating fails (bsc#1131673). - blk-mq: init hctx sched after update ctx and hctx mapping (bsc#1131673). - blk-mq: realloc hctx when hw queue is mapped to another node (bsc#1131673). - blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter (bsc#1131673). - block: Ensure that a request queue is dissociated from the cgroup controller (bsc#1131673). - block: Fix a race between request queue removal and the block cgroup controller (bsc#1131673). - block: Introduce blk_exit_queue() (bsc#1131673). - block: kABI fixes for bio_rewind_iter() removal (bsc#1131673). - block: remove bio_rewind_iter() (bsc#1131673). - bluetooth: btusb: request wake pin with NOAUTOEN (bsc#1051510). - bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt (bsc#1051510). - bluetooth: Fix decrementing reference count twice in releasing socket (bsc#1051510). - bluetooth: hci_ldisc: Initialize hci_dev before open() (bsc#1051510). - bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto() (bsc#1051510). - bluetooth: hci_uart: Check if socket buffer is ERR_PTR in h4_recv_buf() (bsc#1133731). - bnxt_en: Drop oversize TX packets to prevent errors (networking-stable-19_03_07). - bonding: fix PACKET_ORIGDEV regression (git-fixes). - bpf: fix use after free in bpf_evict_inode (bsc#1083647). - btrfs: Avoid possible qgroup_rsv_size overflow in btrfs_calculate_inode_block_rsv_size (git-fixes). - btrfs: check for refs on snapshot delete resume (bsc#1131335). - btrfs: fix assertion failure on fsync with NO_HOLES enabled (bsc#1131848). - btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks (git-fixes). - btrfs: fix deadlock between clone/dedupe and rename (bsc#1130518). - btrfs: fix incorrect file size after shrinking truncate and fsync (bsc#1130195). - btrfs: remove WARN_ON in log_dir_items (bsc#1131847). - btrfs: save drop_progress if we drop refs at all (bsc#1131336). - cdrom: Fix race condition in cdrom_sysctl_register (bsc#1051510). - cgroup: fix parsing empty mount option string (bsc#1133094). - cifs: allow guest mounts to work for smb3.11 (bsc#1051510). - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510). - cifs: do not dereference smb_file_target before null check (bsc#1051510). - cifs: Do not hide EINTR after sending network packets (bsc#1051510). - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510). - cifs: Do not reset lease state to NONE on lease break (bsc#1051510). - cifs: Fix adjustment of credits for MTU requests (bsc#1051510). - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510). - cifs: Fix credits calculations for reads with errors (bsc#1051510). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542). - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510). - cifs: Fix potential OOB access of lock element array (bsc#1051510). - cifs: Fix read after write for files with read caching (bsc#1051510). - clk: clk-twl6040: Fix imprecise external abort for pdmclk (bsc#1051510). - clk: fractional-divider: check parent rate only if flag is set (bsc#1051510). - clk: ingenic: Fix doc of ingenic_cgu_div_info (bsc#1051510). - clk: ingenic: Fix round_rate misbehaving with non-integer dividers (bsc#1051510). - clk: rockchip: fix frac settings of GPLL clock for rk3328 (bsc#1051510). - clk: sunxi-ng: v3s: Fix TCON reset de-assert bit (bsc#1051510). - clk: vc5: Abort clock configuration without upstream clock (bsc#1051510). - clk: x86: Add system specific quirk to mark clocks as critical (bsc#1051510). - clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown (bsc#1051510). - clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR (bsc#1051510). - cpcap-charger: generate events for userspace (bsc#1051510). - cpufreq: pxa2xx: remove incorrect __init annotation (bsc#1051510). - cpufreq: tegra124: add missing of_node_put() (bsc#1051510). - cpupowerutils: bench - Fix cpu online check (bsc#1051510). - cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178). - crypto: caam - add missing put_device() call (bsc#1129770). - crypto: crypto4xx - properly set IV after de- and encrypt (bsc#1051510). - crypto: pcbc - remove bogus memcpy()s with src == dest (bsc#1051510). - crypto: sha256/arm - fix crash bug in Thumb2 build (bsc#1051510). - crypto: sha512/arm - fix crash bug in Thumb2 build (bsc#1051510). - crypto: x86/poly1305 - fix overflow during partial reduction (bsc#1051510). - cxgb4: Add capability to get/set SGE Doorbell Queue Timer Tick (bsc#1127371). - cxgb4: Added missing break in ndo_udp_tunnel_{add/del} (bsc#1127371). - cxgb4: Add flag tc_flower_initialized (bsc#1127371). - cxgb4: Add new T5 PCI device id 0x50ae (bsc#1127371). - cxgb4: Add new T5 PCI device ids 0x50af and 0x50b0 (bsc#1127371). - cxgb4: Add new T6 PCI device ids 0x608a (bsc#1127371). - cxgb4: add per rx-queue counter for packet errors (bsc#1127371). - cxgb4: Add support for FW_ETH_TX_PKT_VM_WR (bsc#1127371). - cxgb4: add support to display DCB info (bsc#1127371). - cxgb4: Add support to read actual provisioned resources (bsc#1127371). - cxgb4: collect ASIC LA dumps from ULP TX (bsc#1127371). - cxgb4: collect hardware queue descriptors (bsc#1127371). - cxgb4: collect number of free PSTRUCT page pointers (bsc#1127371). - cxgb4: convert flower table to use rhashtable (bsc#1127371). - cxgb4: cxgb4: use FW_PORT_ACTION_L1_CFG32 for 32 bit capability (bsc#1127371). - cxgb4/cxgb4vf: Add support for SGE doorbell queue timer (bsc#1127371). - cxgb4/cxgb4vf: Fix mac_hlist initialization and free (bsc#1127374). - cxgb4/cxgb4vf: Link management changes (bsc#1127371). - cxgb4/cxgb4vf: Program hash region for {t4/t4vf}_change_mac() (bsc#1127371). - cxgb4: display number of rx and tx pages free (bsc#1127371). - cxgb4: do not return DUPLEX_UNKNOWN when link is down (bsc#1127371). - cxgb4: Export sge_host_page_size to ulds (bsc#1127371). - cxgb4: fix the error path of cxgb4_uld_register() (bsc#1127371). - cxgb4: impose mandatory VLAN usage when non-zero TAG ID (bsc#1127371). - cxgb4: Mask out interrupts that are not enabled (bsc#1127175). - cxgb4: move Tx/Rx free pages collection to common code (bsc#1127371). - cxgb4: remove redundant assignment to vlan_cmd.dropnovlan_fm (bsc#1127371). - cxgb4: Remove SGE_HOST_PAGE_SIZE dependency on page size (bsc#1127371). - cxgb4: remove the unneeded locks (bsc#1127371). - cxgb4: specify IQTYPE in fw_iq_cmd (bsc#1127371). - cxgb4: Support ethtool private flags (bsc#1127371). - cxgb4: update supported DCB version (bsc#1127371). - cxgb4: use new fw interface to get the VIN and smt index (bsc#1127371). - cxgb4vf: Few more link management changes (bsc#1127374). - cxgb4vf: fix memleak in mac_hlist initialization (bsc#1127374). - cxgb4vf: Update port information in cxgb4vf_open() (bsc#1127374). - device_cgroup: fix RCU imbalance in error case (bsc#1051510). - device property: Fix the length used in PROPERTY_ENTRY_STRING() (bsc#1051510). - Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc (bsc#1051510). - dmaengine: imx-dma: fix warning comparison of distinct pointer types (bsc#1051510). - dmaengine: qcom_hidma: assign channel cookie correctly (bsc#1051510). - dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid (bsc#1051510). - dmaengine: tegra: avoid overflow of byte tracking (bsc#1051510). - dm: disable DISCARD if the underlying storage no longer supports it (bsc#1114638). - drivers: hv: vmbus: Offload the handling of channels to two workqueues (bsc#1130567). - drivers: hv: vmbus: Offload the handling of channels to two workqueues (bsc#1130567). - drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() (bsc#1130567). - drm: Auto-set allow_fb_modifiers when given modifiers at plane init (bsc#1051510). - drm: bridge: dw-hdmi: Fix overflow workaround for Rockchip SoCs (bsc#1113722) - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers (bsc#1051510). - drm/i915/bios: assume eDP is present on port A when there is no VBT (bsc#1051510). - drm/i915/gvt: Add in context mmio 0x20D8 to gen9 mmio list (bsc#1113722) - drm/i915/gvt: Annotate iomem usage (bsc#1051510). - drm/i915/gvt: do not deliver a workload if its creation fails (bsc#1051510). - drm/i915/gvt: do not let pin count of shadow mm go negative (bsc#1113722) - drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check (bsc#1051510). - drm/i915: Relax mmap VMA check (bsc#1051510). - drm/imx: ignore plane updates on disabled crtcs (bsc#1051510). - drm/imx: imx-ldb: add missing of_node_puts (bsc#1051510). - drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata() (bsc#1113722) - drm/meson: Fix invalid pointer in meson_drv_unbind() (bsc#1051510). - drm/meson: Uninstall IRQ handler (bsc#1051510). - drm/nouveau/debugfs: Fix check of pm_runtime_get_sync failure (bsc#1051510). - drm/nouveau: Stop using drm_crtc_force_disable (bsc#1051510). - drm/nouveau/volt/gf117: fix speedo readout register (bsc#1051510). - drm/rockchip: vop: reset scale mode when win is disabled (bsc#1113722) - drm/sun4i: Add missing drm_atomic_helper_shutdown at driver unbind (bsc#1113722) - drm/sun4i: Fix component unbinding and component master deletion (bsc#1113722) - drm/sun4i: Set device driver data at bind time for use in unbind (bsc#1113722) - drm/sun4i: Unbind components before releasing DRM and memory (bsc#1113722) - drm/udl: add a release method and delay modeset teardown (bsc#1085536) - drm/vc4: Fix memory leak during gpu reset. (bsc#1113722) - dsa: mv88e6xxx: Ensure all pending interrupts are handled prior to exit (networking-stable-19_02_20). - e1000e: fix cyclic resets at link up with active tx (bsc#1051510). - e1000e: Fix -Wformat-truncation warnings (bsc#1051510). - ext2: Fix underflow in ext2_max_size() (bsc#1131174). - ext4: add mask of ext4 flags to swap (bsc#1131170). - ext4: add missing brelse() in add_new_gdb_meta_bg() (bsc#1131176). - ext4: Avoid panic during forced reboot (bsc#1126356). - ext4: brelse all indirect buffer in ext4_ind_remove_space() (bsc#1131173). - ext4: cleanup bh release code in ext4_ind_remove_space() (bsc#1131851). - ext4: cleanup pagecache before swap i_data (bsc#1131178). - ext4: fix check of inode in swap_inode_boot_loader (bsc#1131177). - ext4: fix data corruption caused by unaligned direct AIO (bsc#1131172). - ext4: fix EXT4_IOC_SWAP_BOOT (bsc#1131180). - ext4: fix NULL pointer dereference while journal is aborted (bsc#1131171). - ext4: update quota information while swapping boot loader inode (bsc#1131179). - fbdev: fbmem: fix memory access if logo is bigger than the screen (bsc#1051510). - fix cgroup_do_mount() handling of failure exits (bsc#1133095). - Fix kabi after 'md: batch flush requests.' (bsc#1119680). - Fix struct page kABI after adding atomic for ppc (bsc#1131326, bsc#1108937). - fm10k: Fix a potential NULL pointer dereference (bsc#1051510). - fs: avoid fdput() after failed fdget() in vfs_dedupe_file_range() (bsc#1132384, bsc#1132219). - fs/dax: deposit pagetable even when installing zero page (bsc#1126740). - fs/nfs: Fix nfs_parse_devname to not modify it's argument (git-fixes). - futex: Cure exit race (bsc#1050549). - futex: Ensure that futex address is aligned in handle_futex_death() (bsc#1050549). - futex: Handle early deadlock return correctly (bsc#1050549). - gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input (bsc#1051510). - gpio: gpio-omap: fix level interrupt idling (bsc#1051510). - gpio: of: Fix of_gpiochip_add() error path (bsc#1051510). - gre6: use log_ecn_error module parameter in ip6_tnl_rcv() (git-fixes). - hid: i2c-hid: Ignore input report if there's no data present on Elan touchpanels (bsc#1133486). - hid: intel-ish-hid: avoid binding wrong ishtp_cl_device (bsc#1051510). - hid: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR busy_clear bit (bsc#1051510). - hv_netvsc: Fix IP header checksum for coalesced packets (networking-stable-19_03_07). - hv: reduce storvsc_ringbuffer_size from 1M to 128K to simplify booting with 1k vcpus (). - hv: reduce storvsc_ringbuffer_size from 1M to 128K to simplify booting with 1k vcpus (fate#323887). - hwrng: virtio - Avoid repeated init of completion (bsc#1051510). - i2c: Make i2c_unregister_device() NULL-aware (bsc#1108193). - i2c: tegra: fix maximum transfer size (bsc#1051510). - ibmvnic: Enable GRO (bsc#1132227). - ibmvnic: Fix completion structure initialization (bsc#1131659). - ibmvnic: Fix netdev feature clobbering during a reset (bsc#1132227). - iio: adc: at91: disable adc channel interrupt in timeout case (bsc#1051510). - iio: adc: fix warning in Qualcomm PM8xxx HK/XOADC driver (bsc#1051510). - iio: ad_sigma_delta: select channel when reading register (bsc#1051510). - iio: core: fix a possible circular locking dependency (bsc#1051510). - iio: cros_ec: Fix the maths for gyro scale calculation (bsc#1051510). - iio: dac: mcp4725: add missing powerdown bits in store eeprom (bsc#1051510). - iio: Fix scan mask selection (bsc#1051510). - iio/gyro/bmg160: Use millidegrees for temperature scale (bsc#1051510). - iio: gyro: mpu3050: fix chip ID reading (bsc#1051510). - input: cap11xx - switch to using set_brightness_blocking() (bsc#1051510). - input: matrix_keypad - use flush_delayed_work() (bsc#1051510). - input: snvs_pwrkey - initialize necessary driver data before enabling IRQ (bsc#1051510). - input: st-keyscan - fix potential zalloc NULL dereference (bsc#1051510). - input: synaptics-rmi4 - write config register values to the right offset (bsc#1051510). - input: uinput - fix undefined behavior in uinput_validate_absinfo() (bsc#1120902). - intel_idle: add support for Jacobsville (jsc#SLE-5394). - io: accel: kxcjk1013: restore the range after resume (bsc#1051510). - iommu/amd: Fix NULL dereference bug in match_hid_uid (bsc#1130336). - iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE (bsc#1130337). - iommu/amd: Reserve exclusion range in iova-domain (bsc#1130425). - iommu/amd: Set exclusion range correctly (bsc#1130425). - iommu: Do not print warning when IOMMU driver only supports unmanaged domains (bsc#1130130). - iommu/vt-d: Check capability before disabling protected memory (bsc#1130338). - ip6: fix PMTU discovery when using /127 subnets (git-fixes). - ip6mr: Do not call __IP6_INC_STATS() from preemptible context (git-fixes). - ip6_tunnel: fix ip6 tunnel lookup in collect_md mode (git-fixes). - ipmi: Fix I2C client removal in the SSIF driver (bsc#1108193). - ipmi_ssif: Remove duplicate NULL check (bsc#1108193). - ipv4: Return error for RTA_VIA attribute (networking-stable-19_03_07). - ipv4/route: fail early when inet dev is missing (git-fixes). - ipv6: Fix dangling pointer when ipv6 fragment (git-fixes). - ipv6: propagate genlmsg_reply return code (networking-stable-19_02_24). - ipv6: Return error for RTA_VIA attribute (networking-stable-19_03_07). - ipv6: sit: reset ip header pointer in ipip6_rcv (git-fixes). - ipvlan: disallow userns cap_net_admin to change global mode/flags (networking-stable-19_03_15). - ipvs: remove IPS_NAT_MASK check to fix passive FTP (git-fixes). - irqchip/gic-v3-its: Avoid parsing _indirect_ twice for Device table (bsc#1051510). - irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable (bsc#1051510). - iscsi_ibft: Fix missing break in switch statement (bsc#1051510). - iw_cxgb4: cq/qp mask depends on bar2 pages in a host page (bsc#1127371). - iwiwifi: fix bad monitor buffer register addresses (bsc#1129770). - iwlwifi: fix send hcmd timeout recovery flow (bsc#1129770). - iwlwifi: mvm: fix firmware statistics usage (bsc#1129770). - jbd2: clear dirty flag when revoking a buffer from an older transaction (bsc#1131167). - jbd2: fix compile warning when using JBUFFER_TRACE (bsc#1131168). - kabi/severities: add cxgb4 and cxgb4vf shared data to the whitelis (bsc#1127372) - kasan: fix shadow_size calculation error in kasan_module_alloc (bsc#1051510). - kbuild: fix false positive warning/error about missing libelf (bsc#1051510). - kbuild: modversions: Fix relative CRC byte order interpretation (bsc#1131290). - kbuild: strip whitespace in cmd_record_mcount findstring (bsc#1065729). - kcm: switch order of device registration to fix a crash (bnc#1130527). - kernfs: do not set dentry->d_fsdata (boo#1133115). - keys: always initialize keyring_index_key::desc_len (bsc#1051510). - keys: user: Align the payload buffer (bsc#1051510). - kvm: Call kvm_arch_memslots_updated() before updating memslots (bsc#1132563). - kvm: Fix kABI for AMD SMAP Errata workaround (bsc#1133149). - kvm: nVMX: Apply addr size mask to effective address for VMX instructions (bsc#1132561). - kvm: nVMX: Ignore limit checks on VMX instructions using flat segments (bsc#1132564). - kvm: nVMX: Sign extend displacements of VMX instr's mem operands (bsc#1132562). - kvm: PPC: Book3S HV: Fix race between kvm_unmap_hva_range and MMU mode switch (bsc#1061840). - kvm: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation) (bsc#1133149). - kvm: VMX: Compare only a single byte for VMCS' 'launched' in vCPU-run (bsc#1132555). - kvm: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts (bsc#1114279). - kvm: x86/mmu: Detect MMIO generation wrap in any address space (bsc#1132570). - kvm: x86/mmu: Do not cache MMIO accesses while memslots are in flux (bsc#1132571). - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID (bsc#1111331). - leds: pca9532: fix a potential NULL pointer dereference (bsc#1051510). - libceph: wait for latest osdmap in ceph_monc_blacklist_add() (bsc#1130427). - libertas_tf: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510). - lightnvm: if LUNs are already allocated fix return (bsc#1085535). - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a new <linux/bits.h> file (bsc#1111331). - mac80211: do not call driver wake_tx_queue op during reconfig (bsc#1051510). - mac80211: Fix Tx aggregation session tear down with ITXQs (bsc#1051510). - mac80211_hwsim: propagate genlmsg_reply return code (bsc#1051510). - md: batch flush requests (bsc#1119680). - md: Fix failed allocation of md_register_thread (git-fixes). - md/raid1: do not clear bitmap bits on interrupted recovery (git-fixes). - md/raid5: fix 'out of memory' during raid cache recovery (git-fixes). - media: mt9m111: set initial frame size other than 0x0 (bsc#1051510). - media: mtk-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: mx2_emmaprp: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: rc: mce_kbd decoder: fix stuck keys (bsc#1100132). - media: s5p-g2d: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: s5p-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: sh_veu: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: v4l2-ctrls.c/uvc: zero v4l2_event (bsc#1051510). - media: vb2: do not call __vb2_queue_cancel if vb2_start_streaming failed (bsc#1119086). - memremap: fix softlockup reports at teardown (bnc#1130154). - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S (bsc#1051510). - missing barriers in some of unix_sock ->addr and ->path accesses (networking-stable-19_03_15). - mmc: davinci: remove extraneous __init annotation (bsc#1051510). - mmc: pxamci: fix enum type confusion (bsc#1051510). - mmc: sdhci: Fix data command CRC error handling (bsc#1051510). - mmc: sdhci: Handle auto-command errors (bsc#1051510). - mmc: sdhci: Rename SDHCI_ACMD12_ERR and SDHCI_INT_ACMD12ERR (bsc#1051510). - mmc: tmio_mmc_core: do not claim spurious interrupts (bsc#1051510). - mm/debug.c: fix __dump_page when mapping->host is not set (bsc#1131934). - mm: Fix modifying of page protection by insert_pfn() (bsc#1126740). - mm: Fix warning in insert_pfn() (bsc#1126740). - mm/huge_memory.c: fix modifying of page protection by insert_pfn_pmd() (bsc#1126740). - mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate() (bsc#1131935). - mm/vmalloc: fix size check for remap_vmalloc_range_partial() (bsc#1133825). - mpls: Return error for RTA_GATEWAY attribute (networking-stable-19_03_07). - mt7601u: bump supported EEPROM version (bsc#1051510). - mwifiex: do not advertise IBSS features without FW support (bsc#1129770). - net: Add header for usage of fls64() (networking-stable-19_02_20). - net: Add __icmp_send helper (networking-stable-19_03_07). - net: avoid false positives in untrusted gso validation (git-fixes). - net: avoid use IPCB in cipso_v4_error (networking-stable-19_03_07). - net: bridge: add vlan_tunnel to bridge port policies (git-fixes). - net: bridge: fix per-port af_packet sockets (git-fixes). - net: bridge: multicast: use rcu to access port list from br_multicast_start_querier (git-fixes). - net: datagram: fix unbounded loop in __skb_try_recv_datagram() (git-fixes). - net: Do not allocate page fragments that are not skb aligned (networking-stable-19_02_20). - net: dsa: mv88e6xxx: Fix u64 statistics (networking-stable-19_03_07). - net: ena: update driver version from 2.0.2 to 2.0.3 (bsc#1129276 bsc#1125342). - netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING (git-fixes). - netfilter: check for seqadj ext existence before adding it in nf_nat_setup_info (git-fixes). - netfilter: ip6t_MASQUERADE: add dependency on conntrack module (git-fixes). - netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit() (git-fixes). - netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt (git-fixes). - netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target} (git-fixes). - netfilter: x_tables: fix int overflow in xt_alloc_table_info() (git-fixes). - net: Fix for_each_netdev_feature on Big endian (networking-stable-19_02_20). - net: fix IPv6 prefix route residue (networking-stable-19_02_20). - net: Fix untag for vlan packets without ethernet header (git-fixes). - net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off (git-fixes). - net/hsr: Check skb_put_padto() return value (git-fixes). - net: hsr: fix memory leak in hsr_dev_finalize() (networking-stable-19_03_15). - net/hsr: fix possible crash in add_timer() (networking-stable-19_03_15). - netlabel: fix out-of-bounds memory accesses (networking-stable-19_03_07). - netlink: fix nla_put_{u8,u16,u32} for KASAN (git-fixes). - net/mlx5e: Do not overwrite pedit action when multiple pedit used (networking-stable-19_02_24). - net/ncsi: Fix AEN HNCDSC packet length (git-fixes). - net/ncsi: Stop monitor if channel times out or is inactive (git-fixes). - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails (networking-stable-19_03_07). - net/packet: fix 4gb buffer limit due to overflow check (networking-stable-19_02_24). - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec (git-fixes). - net_sched: acquire RTNL in tc_action_net_exit() (git-fixes). - net_sched: fix two more memory leaks in cls_tcindex (networking-stable-19_02_24). - net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255 (networking-stable-19_03_15). - net: sit: fix memory leak in sit_init_net() (networking-stable-19_03_07). - net: sit: fix UBSAN Undefined behaviour in check_6rd (networking-stable-19_03_15). - net: socket: set sock->sk to NULL after calling proto_ops::release() (networking-stable-19_03_07). - net-sysfs: Fix mem leak in netdev_register_kobject (git-fixes). - net: validate untrusted gso packets without csum offload (networking-stable-19_02_20). - net/x25: fix a race in x25_bind() (networking-stable-19_03_15). - net/x25: fix use-after-free in x25_device_event() (networking-stable-19_03_15). - net/x25: reset state in x25_connect() (networking-stable-19_03_15). - net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() (git-fixes). - nfc: nci: Add some bounds checking in nci_hci_cmd_received() (bsc#1051510). - nfs: Add missing encode / decode sequence_maxsz to v4.2 operations (git-fixes). - nfsd4: catch some false session retries (git-fixes). - nfsd4: fix cached replies to solo SEQUENCE compounds (git-fixes). - nfsd: fix memory corruption caused by readdir (bsc#1127445). - nfsd: fix memory corruption caused by readdir (bsc#1127445). - nfs: Do not recoalesce on error in nfs_pageio_complete_mirror() (git-fixes). - nfs: Do not use page_file_mapping after removing the page (git-fixes). - nfs: Fix an I/O request leakage in nfs_do_recoalesce (git-fixes). - nfs: Fix a soft lockup in the delegation recovery code (git-fixes). - nfs: Fix a typo in nfs_init_timeout_values() (git-fixes). - nfs: Fix dentry revalidation on NFSv4 lookup (bsc#1132618). - nfs: Fix I/O request leakages (git-fixes). - nfs: fix mount/umount race in nlmclnt (git-fixes). - nfs/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount (git-fixes). - nfsv4.1 do not free interrupted slot on open (git-fixes). - nfsv4.1: Reinitialise sequence results before retransmitting a request (git-fixes). - nfsv4/flexfiles: Fix invalid deref in FF_LAYOUT_DEVID_NODE() (git-fixes). - nvme: add proper discard setup for the multipath device (bsc#1114638). - nvme: fix the dangerous reference of namespaces list (bsc#1131673). - nvme: make sure ns head inherits underlying device limits (bsc#1131673). - nvme-multipath: avoid crash on invalid subsystem cntlid enumeration (bsc#1129273). - nvme-multipath: split bios with the ns_head bio_set before submitting (bsc#1103259, bsc#1131673). - nvme: only reconfigure discard if necessary (bsc#1114638). - nvme: schedule requeue whenever a LIVE state is entered (bsc#1123105). - ocfs2: fix inode bh swapping mixup in ocfs2_reflink_inodes_lock (bsc#1131169). - pci: Add function 1 DMA alias quirk for Marvell 9170 SATA controller (bsc#1051510). - pci: designware-ep: dw_pcie_ep_set_msi() should only set MMC bits (bsc#1051510). - pci: designware-ep: Read-only registers need DBI_RO_WR_EN to be writable (bsc#1051510). - pci: pciehp: Convert to threaded IRQ (bsc#1133005). - pci: pciehp: Ignore Link State Changes after powering off a slot (bsc#1133005). - phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs (bsc#1051510). - pm / wakeup: Rework wakeup source timer cancellation (bsc#1051510). - powercap: intel_rapl: add support for Jacobsville (). - powercap: intel_rapl: add support for Jacobsville (FATE#327454). - powerpc/64: Call setup_barrier_nospec() from setup_arch() (bsc#1131107). - powerpc/64: Disable the speculation barrier from the command line (bsc#1131107). - powerpc64/ftrace: Include ftrace.h needed for enable/disable calls (bsc#1088804, git-fixes). - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (bsc#1131107). - powerpc/64s: Add new security feature flags for count cache flush (bsc#1131107). - powerpc/64s: Add support for software count cache flush (bsc#1131107). - powerpc/64s: Fix logic when handling unknown CPU features (bsc#1055117). - powerpc/64s: Fix page table fragment refcount race vs speculative references (bsc#1131326, bsc#1108937). - powerpc/asm: Add a patch_site macro & helpers for patching instructions (bsc#1131107). - powerpc: avoid -mno-sched-epilog on GCC 4.9 and newer (bsc#1065729). - powerpc: consolidate -mno-sched-epilog into FTRACE flags (bsc#1065729). - powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest (bsc#1061840). - powerpc/fsl: Fix spectre_v2 mitigations reporting (bsc#1131107). - powerpc/hugetlb: Handle mmap_min_addr correctly in get_unmapped_area callback (bsc#1131900). - powerpc/kvm: Save and restore host AMR/IAMR/UAMOR (bsc#1061840). - powerpc/mm: Add missing tracepoint for tlbie (bsc#1055117, git-fixes). - powerpc/mm: Check secondary hash page table (bsc#1065729). - powerpc/mm: Fix page table dump to work on Radix (bsc#1055186, fate#323286, git-fixes). - powerpc/mm: Fix page table dump to work on Radix (bsc#1055186, git-fixes). - powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown search (bsc#1131900). - powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186, fate#323286, git-fixes). - powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186, git-fixes). - powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186, fate#323286, git-fixes). - powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186, git-fixes). - powerpc/numa: document topology_updates_enabled, disable by default (bsc#1133584). - powerpc/numa: improve control of topology updates (bsc#1133584). - powerpc/perf: Fix unit_sel/cache_sel checks (bsc#1053043). - powerpc/perf: Remove l2 bus events from HW cache event array (bsc#1053043). - powerpc/powernv/cpuidle: Init all present cpus for deep states (bsc#1055121). - powerpc/powernv: Do not reprogram SLW image on every KVM guest entry/exit (bsc#1061840). - powerpc/powernv/ioda2: Remove redundant free of TCE pages (bsc#1061840). - powerpc/powernv/ioda: Allocate indirect TCE levels of cached userspace addresses on demand (bsc#1061840). - powerpc/powernv/ioda: Fix locked_vm counting for memory used by IOMMU tables (bsc#1061840). - powerpc/powernv: Make opal log only readable by root (bsc#1065729). - powerpc/powernv: Query firmware for count cache flush settings (bsc#1131107). - powerpc/powernv: Remove never used pnv_power9_force_smt4 (bsc#1061840). - powerpc/pseries/mce: Fix misleading print for TLB mutlihit (bsc#1094244, git-fixes). - powerpc/pseries: Query hypervisor for count cache flush settings (bsc#1131107). - powerpc/security: Fix spectre_v2 reporting (bsc#1131107). - powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587). - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#1131587). - power: supply: charger-manager: Fix incorrect return value (bsc#1051510). - pwm-backlight: Enable/disable the PWM before/after LCD enable toggle (bsc#1051510). - qmi_wwan: Add support for Quectel EG12/EM12 (networking-stable-19_03_07). - qmi_wwan: apply SET_DTR quirk to Sierra WP7607 (bsc#1051510). - qmi_wwan: Fix qmap header retrieval in qmimux_rx_fixup (bsc#1051510). - raid10: It's wrong to add len to sector_nr in raid10 reshape twice (git-fixes). - ras/CEC: Check the correct variable in the debugfs error handling (bsc#1085535). - ravb: Decrease TxFIFO depth of Q3 and Q2 to one (networking-stable-19_03_15). - rdma/cxgb4: Add support for 64Byte cqes (bsc#1127371). - rdma/cxgb4: Add support for kernel mode SRQ's (bsc#1127371). - rdma/cxgb4: Add support for srq functions & structs (bsc#1127371). - rdma/cxgb4: fix some info leaks (bsc#1127371). - rdma/cxgb4: Make c4iw_poll_cq_one() easier to analyze (bsc#1127371). - rdma/cxgb4: Remove a set-but-not-used variable (bsc#1127371). - rdma/iw_cxgb4: Drop __GFP_NOFAIL (bsc#1127371). - rds: fix refcount bug in rds_sock_addref (git-fixes). - rds: tcp: atomically purge entries from rds_tcp_conn_list during netns delete (git-fixes). - regulator: max77620: Initialize values for DT properties (bsc#1051510). - regulator: s2mpa01: Fix step values for some LDOs (bsc#1051510). - Revert drm/i915 patches that caused regressions (bsc#1131062) - rhashtable: Still do rehash when we get EEXIST (bsc#1051510). - ring-buffer: Check if memory is available before allocation (bsc#1132531). - rpm/config.sh: Fix build project and bugzilla product. - rtc: 88pm80x: fix unintended sign extension (bsc#1051510). - rtc: 88pm860x: fix unintended sign extension (bsc#1051510). - rtc: cmos: ignore bogus century byte (bsc#1051510). - rtc: ds1672: fix unintended sign extension (bsc#1051510). - rtc: Fix overflow when converting time64_t to rtc_time (bsc#1051510). - rtc: pm8xxx: fix unintended sign extension (bsc#1051510). - rtnetlink: bring NETDEV_CHANGE_TX_QUEUE_LEN event process back in rtnetlink_event (git-fixes). - rtnetlink: bring NETDEV_CHANGEUPPER event process back in rtnetlink_event (git-fixes). - rtnetlink: bring NETDEV_POST_TYPE_CHANGE event process back in rtnetlink_event (git-fixes). - rtnetlink: check DO_SETLINK_NOTIFY correctly in do_setlink (git-fixes). - rxrpc: Do not release call mutex on error pointer (git-fixes). - rxrpc: Do not treat call aborts as conn aborts (git-fixes). - rxrpc: Fix client call queueing, waiting for channel (networking-stable-19_03_15). - rxrpc: Fix Tx ring annotation after initial Tx failure (git-fixes). - s390/dasd: fix panic for failed online processing (bsc#1132589). - s390/pkey: move pckmo subfunction available checks away from module init (bsc#1128544). - s390/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - scsi: libiscsi: fix possible NULL pointer dereference in case of TMF (bsc#1127378). - scsi: libsas: allocate sense buffer for bsg queue (bsc#1131467). - scsi: qla2xxx: Add new FC-NVMe enable BIT to enable FC-NVMe feature (bsc#1130579). - sctp: call gso_reset_checksum when computing checksum in sctp_gso_segment (networking-stable-19_02_24). - serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart (bsc#1051510). - serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling (bsc#1051510). - serial: imx: Update cached mctrl value when changing RTS (bsc#1051510). - serial: max310x: Fix to avoid potential NULL pointer dereference (bsc#1051510). - serial: sh-sci: Fix setting SCSCR_TIE while transferring data (bsc#1051510). - sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach() (networking-stable-19_02_24). - smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510). - soc: fsl: qbman: avoid race in clearing QMan interrupt (bsc#1051510). - SoC: imx-sgtl5000: add missing put_device() (bsc#1051510). - soc: qcom: gsbi: Fix error handling in gsbi_probe() (bsc#1051510). - soc/tegra: fuse: Fix illegal free of IO base address (bsc#1051510). - spi: pxa2xx: Setup maximum supported DMA transfer length (bsc#1051510). - spi: ti-qspi: Fix mmap read when more than one CS in use (bsc#1051510). - spi/topcliff_pch: Fix potential NULL dereference on allocation error (bsc#1051510). - staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf (bsc#1051510). - staging: comedi: ni_usb6501: Fix use of uninitialized mutex (bsc#1051510). - staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf (bsc#1051510). - staging: comedi: vmk80xx: Fix use of uninitialized semaphore (bsc#1051510). - staging: iio: ad7192: Fix ad7193 channel address (bsc#1051510). - staging: rtl8712: uninitialized memory in read_bbreg_hdl() (bsc#1051510). - staging: vt6655: Fix interrupt race condition on device start up (bsc#1051510). - staging: vt6655: Remove vif check from vnt_interrupt (bsc#1051510). - sunrpc/cache: handle missing listeners better (bsc#1126221). - sunrpc: fix 4 more call sites that were using stack memory with a scatterlist (git-fixes). - supported.conf: Add vxlan to kernel-default-base (bsc#1132083). - supported.conf: dw_mmc-bluefield is not needed in kernel-default-base (bsc#1131574). - svm/avic: Fix invalidate logical APIC id entry (bsc#1132726). - svm: Fix AVIC DFR and LDR handling (bsc#1132558). - svm: Fix improper check when deactivate AVIC (bsc#1130335). - sysctl: handle overflow for file-max (bsc#1051510). - tcp: fix TCP_REPAIR_QUEUE bound checking (git-fixes). - tcp: tcp_v4_err() should be more careful (networking-stable-19_02_20). - thermal: bcm2835: Fix crash in bcm2835_thermal_debugfs (bsc#1051510). - thermal/intel_powerclamp: fix truncated kthread name (). - thermal/intel_powerclamp: fix truncated kthread name (FATE#326597). - tipc: fix race condition causing hung sendto (networking-stable-19_03_07). - tpm: Fix some name collisions with drivers/char/tpm.h (bsc#1051510). - tpm: Fix the type of the return value in calc_tpm2_event_size() (bsc#1082555). - tpm_tis_spi: Pass the SPI IRQ down to the driver (bsc#1051510). - tpm/tpm_crb: Avoid unaligned reads in crb_recv() (bsc#1051510). - tracing: Fix a memory leak by early error exit in trace_pid_write() (bsc#1133702). - tracing: Fix buffer_ref pipe ops (bsc#1133698). - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account (bsc#1132527). - tty: atmel_serial: fix a potential NULL pointer dereference (bsc#1051510). - tun: fix blocking read (networking-stable-19_03_07). - tun: remove unnecessary memory barrier (networking-stable-19_03_07). - udf: Fix crash on IO error during truncate (bsc#1131175). - uio: Reduce return paths from uio_write() (bsc#1051510). - Update patches.kabi/kabi-cxgb4-MU.patch (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584 bsc#1127371). - usb: cdc-acm: fix race during wakeup blocking TX traffic (bsc#1129770). - usb: chipidea: Grab the (legacy) USB PHY by phandle first (bsc#1051510). - usb: common: Consider only available nodes for dr_mode (bsc#1129770). - usb: core: only clean up what we allocated (bsc#1051510). - usb: dwc3: gadget: Fix the uninitialized link_state when udc starts (bsc#1051510). - usb: dwc3: gadget: synchronize_irq dwc irq in suspend (bsc#1051510). - usb: f_fs: Avoid crash due to out-of-scope stack ptr access (bsc#1051510). - usb: gadget: f_hid: fix deadlock in f_hidg_write() (bsc#1129770). - usb: gadget: Potential NULL dereference on allocation error (bsc#1051510). - usb: host: xhci-rcar: Add XHCI_TRUST_TX_LENGTH quirk (bsc#1051510). - usb: mtu3: fix EXTCON dependency (bsc#1051510). - usb: phy: fix link errors (bsc#1051510). - usb: phy: twl6030-usb: fix possible use-after-free on remove (bsc#1051510). - usb: serial: cp210x: add ID for Ingenico 3070 (bsc#1129770). - usb: serial: cp210x: add new device id (bsc#1051510). - usb: serial: cp210x: fix GPIO in autosuspend (bsc#1120902). - usb: serial: ftdi_sio: add additional NovaTech products (bsc#1051510). - usb: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485 (bsc#1129770). - usb: serial: mos7720: fix mos_parport refcount imbalance on error path (bsc#1129770). - usb: serial: option: add Olicard 600 (bsc#1051510). - usb: serial: option: add support for Quectel EM12 (bsc#1051510). - usb: serial: option: add Telit ME910 ECM composition (bsc#1129770). - usb: serial: option: set driver_info for SIM5218 and compatibles (bsc#1129770). - vfs: allow dedupe of user owned read-only files (bsc#1133778, bsc#1132219). - vfs: avoid problematic remapping requests into partial EOF block (bsc#1133850, bsc#1132219). - vfs: dedupe: extract helper for a single dedup (bsc#1133769, bsc#1132219). - vfs: dedupe should return EPERM if permission is not granted (bsc#1133779, bsc#1132219). - vfs: exit early from zero length remap operations (bsc#1132411, bsc#1132219). - vfs: export vfs_dedupe_file_range_one() to modules (bsc#1133772, bsc#1132219). - vfs: limit size of dedupe (bsc#1132397, bsc#1132219). - vfs: rename clone_verify_area to remap_verify_area (bsc#1133852, bsc#1132219). - vfs: skip zero-length dedupe requests (bsc#1133851, bsc#1132219). - vfs: swap names of {do,vfs}_clone_file_range() (bsc#1133774, bsc#1132219). - vfs: vfs_clone_file_prep_inodes should return EINVAL for a clone from beyond EOF (bsc#1133780, bsc#1132219). - video: fbdev: Set pixclock = 0 in goldfishfb (bsc#1051510). - vxlan: test dev->flags & IFF_UP before calling netif_rx() (networking-stable-19_02_20). - wil6210: check null pointer in _wil_cfg80211_merge_extra_ies (bsc#1051510). - wlcore: Fix memory leak in case wl12xx_fetch_firmware failure (bsc#1051510). - x86/cpu: Add Atom Tremont (Jacobsville) (). - x86/cpu: Add Atom Tremont (Jacobsville) (FATE#327454). - x86/CPU/AMD: Set the CPB bit unconditionally on F17h (bsc#1114279). - x86/cpu: Sanitize FAM6_ATOM naming (bsc#1111331). - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (bsc#1111331). - x86/kvm/hyper-v: avoid spurious pending stimer on vCPU init (bsc#1132572). - x86/kvm/vmx: Add MDS protection when L1D Flush is not active (bsc#1111331). - x86/MCE/AMD, EDAC/mce_amd: Add new error descriptions for some SMCA bank types (bsc#1128415). - x86/MCE/AMD, EDAC/mce_amd: Add new McaTypes for CS, PSP, and SMU units (bsc#1128415). - x86/MCE/AMD, EDAC/mce_amd: Add new MP5, NBIO, and PCIE SMCA bank types (bsc#1128415). - x86/mce/AMD, EDAC/mce_amd: Enumerate Reserved SMCA bank type (bsc#1128415). - x86/mce/AMD: Pass the bank number to smca_get_bank_type() (bsc#1128415). - x86/MCE: Fix kABI for new AMD bank names (bsc#1128415). - x86/mce: Handle varying MCA bank counts (bsc#1128415). - x86/mce: Improve error message when kernel cannot recover, p2 (bsc#1114279). - x86/msr-index: Cleanup bit defines (bsc#1111331). - x86/PCI: Fixup RTIT_BAR of Intel Denverton Trace Hub (bsc#1120318). - x86/speculation: Consolidate CPU whitelists (bsc#1111331). - x86/speculation/mds: Add basic bug infrastructure for MDS (bsc#1111331). - x86/speculation/mds: Add BUG_MSBDS_ONLY (bsc#1111331). - x86/speculation/mds: Add mds_clear_cpu_buffers() (bsc#1111331). - x86/speculation/mds: Add mds=full,nosmt cmdline option (bsc#1111331). - x86/speculation/mds: Add mitigation control for MDS (bsc#1111331). - x86/speculation/mds: Add mitigation mode VMWERV (bsc#1111331). - x86/speculation/mds: Add 'mitigations=' support for MDS (bsc#1111331). - x86/speculation/mds: Add SMT warning message (bsc#1111331). - x86/speculation/mds: Add sysfs reporting for MDS (bsc#1111331). - x86/speculation/mds: Clear CPU buffers on exit to user (bsc#1111331). - x86/speculation/mds: Conditionally clear CPU buffers on idle entry (bsc#1111331). - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (bsc#1111331). - x86/speculation: Move arch_smt_update() call to after mitigation decisions (bsc#1111331). - x86/speculation: Prevent deadlock on ssb_state::lock (bsc#1114279). - x86/speculation: Simplify the CPU bug detection logic (bsc#1111331). - x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - x86/tsc: Force inlining of cyc2ns bits (bsc#1052904). - x86/uaccess: Do not leak the AC flag into __put_user() value evaluation (bsc#1114279). - xen-netback: do not populate the hash cache on XenBus disconnect (networking-stable-19_03_07). - xen-netback: fix occasional leak of grant ref mappings under memory pressure (networking-stable-19_03_07). - xen: Prevent buffer overflow in privcmd ioctl (bsc#1065600). - xfrm: do not call rcu_read_unlock when afinfo is NULL in xfrm_get_tos (git-fixes). - xfrm: Fix ESN sequence number handling for IPsec GSO packets (git-fixes). - xfrm: fix rcu_read_unlock usage in xfrm_local_error (git-fixes). - xfs: add the ability to join a held buffer to a defer_ops (bsc#1133674). - xfs: allow xfs_lock_two_inodes to take different EXCL/SHARED modes (bsc#1132370, bsc#1132219). - xfs: call xfs_qm_dqattach before performing reflink operations (bsc#1132368, bsc#1132219). - xfs: cap the length of deduplication requests (bsc#1132373, bsc#1132219). - xfs: clean up xfs_reflink_remap_blocks call site (bsc#1132413, bsc#1132219). - xfs: fix data corruption w/ unaligned dedupe ranges (bsc#1132405, bsc#1132219). - xfs: fix data corruption w/ unaligned reflink ranges (bsc#1132407, bsc#1132219). - xfs: fix pagecache truncation prior to reflink (bsc#1132412, bsc#1132219). - xfs: fix reporting supported extra file attributes for statx() (bsc#1133529). - xfs: flush removing page cache in xfs_reflink_remap_prep (bsc#1132414, bsc#1132219). - xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute (bsc#1133675). - xfs: only grab shared inode locks for source file during reflink (bsc#1132372, bsc#1132219). - xfs: refactor clonerange preparation into a separate helper (bsc#1132402, bsc#1132219). - xfs: refactor xfs_trans_roll (bsc#1133667). - xfs: reflink find shared should take a transaction (bsc#1132226, bsc#1132219). - xfs: reflink should break pnfs leases before sharing blocks (bsc#1132369, bsc#1132219). - xfs: remove dest file's post-eof preallocations before reflinking (bsc#1132365, bsc#1132219). - xfs: remove the ip argument to xfs_defer_finish (bsc#1133672). - xfs: rename xfs_defer_join to xfs_defer_ijoin (bsc#1133668). - xfs: update ctime and remove suid before cloning files (bsc#1132404, bsc#1132219). - xfs: zero posteof blocks when cloning above eof (bsc#1132403, bsc#1132219). - xhci: Do not let USB3 ports stuck in polling state prevent suspend (bsc#1051510). - xhci: Fix port resume done detection for SS ports with LPM enabled (bsc#1051510). Important SUSE bug 1050549 SUSE bug 1051510 SUSE bug 1052904 SUSE bug 1053043 SUSE bug 1055117 SUSE bug 1055121 SUSE bug 1055186 SUSE bug 1061840 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1070872 SUSE bug 1078216 SUSE bug 1082555 SUSE bug 1083647 SUSE bug 1085535 SUSE bug 1085536 SUSE bug 1088804 SUSE bug 1093777 SUSE bug 1094120 SUSE bug 1094244 SUSE bug 1097583 SUSE bug 1097584 SUSE bug 1097585 SUSE bug 1097586 SUSE bug 1097587 SUSE bug 1097588 SUSE bug 1100132 SUSE bug 1103186 SUSE bug 1103259 SUSE bug 1107937 SUSE bug 1108193 SUSE bug 1108937 SUSE bug 1111331 SUSE bug 1112128 SUSE bug 1112178 SUSE bug 1113399 SUSE bug 1113722 SUSE bug 1114279 SUSE bug 1114542 SUSE bug 1114638 SUSE bug 1119086 SUSE bug 1119680 SUSE bug 1120318 SUSE bug 1120902 SUSE bug 1122767 SUSE bug 1123105 SUSE bug 1125342 SUSE bug 1126221 SUSE bug 1126356 SUSE bug 1126704 SUSE bug 1126740 SUSE bug 1127175 SUSE bug 1127371 SUSE bug 1127372 SUSE bug 1127374 SUSE bug 1127378 SUSE bug 1127445 SUSE bug 1128415 SUSE bug 1128544 SUSE bug 1129273 SUSE bug 1129276 SUSE bug 1129770 SUSE bug 1130130 SUSE bug 1130154 SUSE bug 1130195 SUSE bug 1130335 SUSE bug 1130336 SUSE bug 1130337 SUSE bug 1130338 SUSE bug 1130425 SUSE bug 1130427 SUSE bug 1130518 SUSE bug 1130527 SUSE bug 1130567 SUSE bug 1130579 SUSE bug 1131062 SUSE bug 1131107 SUSE bug 1131167 SUSE bug 1131168 SUSE bug 1131169 SUSE bug 1131170 SUSE bug 1131171 SUSE bug 1131172 SUSE bug 1131173 SUSE bug 1131174 SUSE bug 1131175 SUSE bug 1131176 SUSE bug 1131177 SUSE bug 1131178 SUSE bug 1131179 SUSE bug 1131180 SUSE bug 1131290 SUSE bug 1131326 SUSE bug 1131335 SUSE bug 1131336 SUSE bug 1131416 SUSE bug 1131427 SUSE bug 1131442 SUSE bug 1131467 SUSE bug 1131574 SUSE bug 1131587 SUSE bug 1131659 SUSE bug 1131673 SUSE bug 1131847 SUSE bug 1131848 SUSE bug 1131851 SUSE bug 1131900 SUSE bug 1131934 SUSE bug 1131935 SUSE bug 1132083 SUSE bug 1132219 SUSE bug 1132226 SUSE bug 1132227 SUSE bug 1132365 SUSE bug 1132368 SUSE bug 1132369 SUSE bug 1132370 SUSE bug 1132372 SUSE bug 1132373 SUSE bug 1132384 SUSE bug 1132397 SUSE bug 1132402 SUSE bug 1132403 SUSE bug 1132404 SUSE bug 1132405 SUSE bug 1132407 SUSE bug 1132411 SUSE bug 1132412 SUSE bug 1132413 SUSE bug 1132414 SUSE bug 1132426 SUSE bug 1132527 SUSE bug 1132531 SUSE bug 1132555 SUSE bug 1132558 SUSE bug 1132561 SUSE bug 1132562 SUSE bug 1132563 SUSE bug 1132564 SUSE bug 1132570 SUSE bug 1132571 SUSE bug 1132572 SUSE bug 1132589 SUSE bug 1132618 SUSE bug 1132681 SUSE bug 1132726 SUSE bug 1132828 SUSE bug 1132943 SUSE bug 1133005 SUSE bug 1133094 SUSE bug 1133095 SUSE bug 1133115 SUSE bug 1133149 SUSE bug 1133486 SUSE bug 1133529 SUSE bug 1133584 SUSE bug 1133667 SUSE bug 1133668 SUSE bug 1133672 SUSE bug 1133674 SUSE bug 1133675 SUSE bug 1133698 SUSE bug 1133702 SUSE bug 1133731 SUSE bug 1133769 SUSE bug 1133772 SUSE bug 1133774 SUSE bug 1133778 SUSE bug 1133779 SUSE bug 1133780 SUSE bug 1133825 SUSE bug 1133850 SUSE bug 1133851 SUSE bug 1133852 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-16880 CVE-2019-11091 CVE-2019-3882 CVE-2019-9003 CVE-2019-9500 CVE-2019-9503 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xen fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the XEN Hypervisor adjustments, that additionaly also use CPU Microcode updates. The mitigation can be controlled via the 'mds' commandline option, see the documentation. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Security issue fixed: - CVE-2018-20815: Fixed a heap buffer overflow while loading device tree blob (bsc#1130680) Other fixes: - Added code to change LIBXL_HOTPLUG_TIMEOUT at runtime. The included README has details about the impact of this change (bsc#1120095) - Fixes in Live migrating PV domUs An earlier change broke live migration of PV domUs without a device model. The migration would stall for 10 seconds while the domU was paused, which caused network connections to drop. Fix this by tracking the need for a device model within libxl. (bsc#1079730, bsc#1098403, bsc#1111025) Important SUSE bug 1027519 SUSE bug 1079730 SUSE bug 1098403 SUSE bug 1111025 SUSE bug 1111331 SUSE bug 1120095 SUSE bug 1130680 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-20815 CVE-2019-11091 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-6954: Fixed a vulnerability in the symlink handling of systemd-tmpfiles which allowed a local user to obtain ownership of arbitrary files (bsc#1080919). - CVE-2019-3842: Fixed a vulnerability in pam_systemd which allowed a local user to escalate privileges (bsc#1132348). - CVE-2019-6454: Fixed a denial of service caused by long dbus messages (bsc#1125352). Non-security issues fixed: - systemd-coredump: generate a stack trace of all core dumps (jsc#SLE-5933) - udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400) - sd-bus: bump message queue size again (bsc#1132721) - core: only watch processes when it's really necessary (bsc#955942 bsc#1128657) - rules: load drivers only on 'add' events (bsc#1126056) - sysctl: Don't pass null directive argument to '%s' (bsc#1121563) - Do not automatically online memory on s390x (bsc#1127557) Important SUSE bug 1080919 SUSE bug 1121563 SUSE bug 1125352 SUSE bug 1126056 SUSE bug 1127557 SUSE bug 1128657 SUSE bug 1130230 SUSE bug 1132348 SUSE bug 1132400 SUSE bug 1132721 SUSE bug 955942 CVE-2018-6954 CVE-2019-3842 CVE-2019-6454 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for PackageKit fixes the following issues: - Fixed displaying the license agreement pop up window during package update (bsc#1038425). Moderate SUSE bug 1038425 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for nmap fixes the following issues: Security issue fixed: - CVE-2018-15173: Fixed a remote denial of service attack via a crafted TCP-based service (bsc#1104139). Moderate SUSE bug 1104139 CVE-2018-15173 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ucode-intel fixes the following issues: ucode-intel was updated to official QSR 2019.1 microcode release (bsc#1111331 CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091) ---- new platforms ---------------------------------------- VLV C0 6-37-8/02 00000838 Atom Z series VLV C0 6-37-8/0C 00000838 Celeron N2xxx, Pentium N35xx VLV D0 6-37-9/0F 0000090c Atom E38xx CHV C0 6-4c-3/01 00000368 Atom X series CHV D0 6-4c-4/01 00000411 Atom X series Readded Broadwell CPU ucode that was missing in last update: BDX-ML B0/M0/R0 6-4f-1/ef 0b00002e->00000036 Xeon E5/E7 v4; Core i7-69xx/68xx Important SUSE bug 1111331 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssh fixes the following issues: Security issue fixed: - CVE-2018-20685: Fixed an issue where scp client allows remote SSH servers to bypass intended access restrictions (bsc#1121571) - CVE-2019-6109: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate terminal output via the object name, e.g. by inserting ANSI escape sequences (bsc#1121816) - CVE-2019-6110: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate stderr output, e.g. by inserting ANSI escape sequences (bsc#1121818) - CVE-2019-6111: Fixed an issue where the scp client would allow malicious remote SSH servers to execute directory traversal attacks and overwrite files (bsc#1121821) Important SUSE bug 1121571 SUSE bug 1121816 SUSE bug 1121818 SUSE bug 1121821 CVE-2018-20685 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for sysstat fixes the following issues: Security issues fixed: - CVE-2018-19416: Fixed out-of-bounds read during a memmove call inside the remap_struct function (bsc#1117001). - CVE-2018-19517: Fixed out-of-bounds read during a memset call inside the remap_struct function (bsc#1117260). Low SUSE bug 1117001 SUSE bug 1117260 CVE-2018-19416 CVE-2018-19517 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for bluez fixes the following issues: Security vulnerability addressed: - CVE-2016-9797: Fixed a buffer over-read in l2cap_dump() (bsc#1013708). - CVE-2016-9798: Fixed a use-after-free in conf_opt() (bsc#1013712). - CVE-2016-9917: Fixed a heap-based buffer overflow in read_n() (bsc#1015171). - CVE-2016-9802: Fixed a buffer over-read in l2cap_packet() (bsc#1013893). - CVE-2016-9918: Fixed an out-of-bounds stack read in packet_hexdump(), which could be triggered by processing a corrupted dump file and will result in a crash of the hcidump tool (bsc#1015173) Moderate SUSE bug 1013708 SUSE bug 1013712 SUSE bug 1013893 SUSE bug 1015171 SUSE bug 1015173 CVE-2016-9797 CVE-2016-9798 CVE-2016-9802 CVE-2016-9917 CVE-2016-9918 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_7_1-ibm fixes the following issues: Update to Java 7.1 Service Refresh 4 Fix Pack 45. Security issues fixed: - CVE-2019-10245: Fixed Java bytecode verifier issue causing crashes (bsc#1134718). - CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729). - CVE-2019-2697: Fixed flaw inside the 2D component (bsc#1132734). - CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728). - CVE-2019-2684: Fixed flaw was found in the RMI registry implementation (bsc#1132732). Important SUSE bug 1132728 SUSE bug 1132729 SUSE bug 1132732 SUSE bug 1132734 SUSE bug 1134718 CVE-2019-10245 CVE-2019-2602 CVE-2019-2684 CVE-2019-2697 CVE-2019-2698 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libvirt fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the libvirt adjustments, that pass through the new 'md-clear' CPU flag (bsc#1135273). For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Important SUSE bug 1111331 SUSE bug 1135273 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for systemd provides the following fixes: Security issues fixed: - CVE-2018-16864, CVE-2018-16865: Fixed two memory corruptions through attacker-controlled alloca()s (bsc#1120323) - CVE-2018-16866: Fixed an information leak in journald (bsc#1120323) - Fixed an issue during system startup in relation to encrypted swap disks (bsc#1119971) Non-security issues fixed: - core: Queue loading transient units after setting their properties. (bsc#1115518) - logind: Stop managing VT switches if no sessions are registered on that VT. (bsc#1101591) - terminal-util: introduce vt_release() and vt_restore() helpers. - terminal: Unify code for resetting kbd utf8 mode a bit. - terminal Reset should honour default_utf8 kernel setting. - logind: Make session_restore_vt() static. - udev: Downgrade message when settting inotify watch up fails. (bsc#1005023) - log: Never log into foreign fd #2 in PID 1 or its pre-execve() children. (bsc#1114981) - udev: Ignore the exit code of systemd-detect-virt for memory hot-add. In SLE-12-SP3, 80-hotplug-cpu-mem.rules has a memory hot-add rule that uses systemd-detect-virt to detect non-zvm environment. The systemd-detect-virt returns exit failure code when it detected _none_ state. The exit failure code causes that the hot-add memory block can not be set to online. (bsc#1076696) Moderate SUSE bug 1005023 SUSE bug 1076696 SUSE bug 1101591 SUSE bug 1114981 SUSE bug 1115518 SUSE bug 1119971 SUSE bug 1120323 CVE-2018-16864 CVE-2018-16865 CVE-2018-16866 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for screen fixes the following issues: Security issue fixed: - CVE-2015-6806: Fixed a stack overflow due to deep recursion (bsc#944458). Non-security issue fixed: - Fixed segmentation faults related to altscreen and resizing screen (bsc#1130831). Moderate SUSE bug 1130831 SUSE bug 944458 CVE-2015-6806 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libtasn1 fixes the following issues: Security issues fixed: - CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435). - CVE-2017-6891: Fixed a stack overflow in asn1_find_node() (bsc#1040621). Moderate SUSE bug 1040621 SUSE bug 1105435 CVE-2017-6891 CVE-2018-1000654 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for wireshark to version 2.4.12 fixes the following issues: Security issues fixed: - CVE-2019-5717: Fixed a denial of service in the P_MUL dissector (bsc#1121232) - CVE-2019-5718: Fixed a denial of service in the RTSE dissector and other dissectors (bsc#1121233) - CVE-2019-5719: Fixed a denial of service in the ISAKMP dissector (bsc#1121234) - CVE-2019-5721: Fixed a denial of service in the ISAKMP dissector (bsc#1121235) Moderate SUSE bug 1121232 SUSE bug 1121233 SUSE bug 1121234 SUSE bug 1121235 CVE-2019-5717 CVE-2019-5718 CVE-2019-5719 CVE-2019-5721 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for axis fixes the following issues: Security issue fixed: - CVE-2012-5784, CVE-2014-3596: Fixed missing connection hostname check against X.509 certificate name (bsc#1134598). Moderate SUSE bug 1134598 CVE-2012-5784 CVE-2014-3596 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: Security issues fixed: - CVE-2019-11691: Use-after-free in XMLHttpRequest - CVE-2019-11692: Use-after-free removing listeners in the event listener manager - CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux - CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox - CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks - CVE-2019-7317: Use-after-free in png_image_free of libpng library - CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 - CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS - CVE-2019-9816: Type confusion with object groups and UnboxedObjects - CVE-2019-9817: Stealing of cross-domain images using canvas - CVE-2019-9818: Use-after-free in crash generation server - CVE-2019-9819: Compartment mismatch with fetch API - CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell Non-security issues fixed: - Font and date adjustments to accommodate the new Reiwa era in Japan - Update to Firefox ESR 60.7 (bsc#1135824) Important SUSE bug 1135824 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11694 CVE-2019-11698 CVE-2019-7317 CVE-2019-9800 CVE-2019-9815 CVE-2019-9816 CVE-2019-9817 CVE-2019-9818 CVE-2019-9819 CVE-2019-9820 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for gnome-shell fixes the following issues: Security issue fixed: - CVE-2019-3820: Fixed a partial lock screen bypass (bsc#1124493). Fixed bugs: - Remove sessionList of endSessionDialog for security reasons (jsc#SLE-6660). Moderate SUSE bug 1124493 CVE-2019-3820 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_7_0-openjdk fixes the following issues: Update to 2.6.18 - OpenJDK 7u221 (April 2019 CPU) Security issues fixed: - CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728). - CVE-2019-2684: Fixed flaw inside the RMI registry implementation (bsc#1132732). - CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729). - CVE-2019-2422: Fixed memory disclosure in FileChannelImpl (bsc#1122293). - CVE-2018-11212: Fixed a Divide By Zero in alloc_sarray function in jmemmgr.c (bsc#1122299). - CVE-2019-2426: Improve web server connections (bsc#1134297). Bug fixes: - Please check the package Changelog for detailed information. Moderate SUSE bug 1122293 SUSE bug 1122299 SUSE bug 1132728 SUSE bug 1132729 SUSE bug 1132732 SUSE bug 1134297 CVE-2018-11212 CVE-2019-2422 CVE-2019-2426 CVE-2019-2602 CVE-2019-2684 CVE-2019-2698 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for apache2-mod_jk fixes the following issue: Security issue fixed: - CVE-2018-11759: Fixed connector path traversal due to mishandled HTTP requests in httpd (bsc#1114612). Important SUSE bug 1114612 CVE-2018-11759 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python fixes the following issues: Security issues fixed: - CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead (bsc#1130847). - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). Important SUSE bug 1129346 SUSE bug 1130847 CVE-2019-9636 CVE-2019-9948 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ghostscript to version 9.26a fixes the following issues: Security issue fixed: - CVE-2019-6116: subroutines within pseudo-operators must themselves be pseudo-operators (bsc#1122319) Important SUSE bug 1122319 CVE-2019-6116 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for vim fixes the following issue: Security issue fixed: - CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c (bsc#1137443). Important SUSE bug 1137443 CVE-2019-12735 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for webkit2gtk3 to version 2.22.5 fixes the following issues: Security issues fixed: - CVE-2018-4438: Fixed a logic issue which lead to memory corruption (bsc#1119554) - CVE-2018-4437, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464: Fixed multiple memory corruption issues with improved memory handling (bsc#1119553, bsc#1119555, bsc#1119556, bsc#1119557, bsc#1119558) Important SUSE bug 1119553 SUSE bug 1119554 SUSE bug 1119555 SUSE bug 1119556 SUSE bug 1119557 SUSE bug 1119558 CVE-2018-4437 CVE-2018-4438 CVE-2018-4441 CVE-2018-4442 CVE-2018-4443 CVE-2018-4464 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libcroco fixes the following issues: Security issues fixed: - CVE-2017-7960: Fixed heap overflow (input: check end of input before reading a byte) (bsc#1034481). - CVE-2017-7961: Fixed undefined behavior (tknzr: support only max long rgb values) (bsc#1034482). - CVE-2017-8834: Fixed denial of service (memory allocation error) via a crafted CSS file (bsc#1043898). - CVE-2017-8871: Fixed denial of service (infinite loop and CPU consumption) via a crafted CSS file (bsc#1043899). Moderate SUSE bug 1034481 SUSE bug 1034482 SUSE bug 1043898 SUSE bug 1043899 CVE-2017-7960 CVE-2017-7961 CVE-2017-8834 CVE-2017-8871 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for sssd fixes the following issues: Security issue fixed: - CVE-2018-16838: Fixed an authentication bypass related to the Group Policy Objects implementation (bsc#1124194) Non-security issues fixed: - Missing GPOs directory could have led to login problems (bsc#1132879) - Fix a crash by adding a netgroup counter to struct nss_enum_index (bsc#1132657) - Allow defaults sudoRole without sudoUser attribute (bsc#1135247) Moderate SUSE bug 1124194 SUSE bug 1132657 SUSE bug 1132879 SUSE bug 1135247 CVE-2018-16838 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2019-10130: Prevent row-level security policies from being bypassed via selectivity estimators (bsc#1134689). Bug fixes: - For a complete list of fixes check the release notes. * https://www.postgresql.org/docs/10/release-10-8.html * https://www.postgresql.org/docs/10/release-10-7.html Moderate SUSE bug 1134689 CVE-2019-10130 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers (bsc#1121816). - CVE-2019-6111: Properly validate object names received by the scp client to prevent arbitrary file overwrites when interacting with a malicious SSH server (bsc#1121821). Other issues fixed: - Fixed two race conditions in sshd relating to SIGHUP (bsc#1119183). - Returned proper reason for port forwarding failures (bsc#1090671). - Fixed a double free() in the KDF CAVS testing tool (bsc#1065237). Moderate SUSE bug 1065237 SUSE bug 1090671 SUSE bug 1119183 SUSE bug 1121816 SUSE bug 1121821 SUSE bug 1131709 CVE-2019-6109 CVE-2019-6111 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. - CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power. - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) - CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) - CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) - CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM existed. It could have occured with FUSE requests. (bnc#1133190) - CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) - CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603) - CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access. (bnc#1135278) - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a hidPCONNADD command, because a name field may not end with a '\0' character. (bnc#1134848) - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions. (bnc#1133188) The following non-security bugs were fixed: - 9p locks: add mount option for lock retry interval (bsc#1051510). - Update config files. Debug kernel is not supported (bsc#1135492). - acpi / utils: Drop reference in test for device presence (bsc#1051510). - acpi: button: reinitialize button state upon resume (bsc#1051510). - acpi: fix menuconfig presentation of acpi submenu (bsc#1117158). - acpica: AML interpreter: add region addresses in global list during initialization (bsc#1051510). - acpica: Namespace: remove address node from global list after method termination (bsc#1051510). - alsa: core: Do not refer to snd_cards array directly (bsc#1051510). - alsa: emu10k1: Drop superfluous id-uniquification behavior (bsc#1051510). - alsa: hda - Register irq handler after the chip initialization (bsc#1051510). - alsa: hda - Use a macro for snd_array iteration loops (bsc#1051510). - alsa: hda/hdmi - Consider eld_valid when reporting jack event (bsc#1051510). - alsa: hda/hdmi - Read the pin sense from register when repolling (bsc#1051510). - alsa: hda/realtek - Avoid superfluous COEF EAPD setups (bsc#1051510). - alsa: hda/realtek - Corrected fixup for System76 Gazelle (gaze14) (bsc#1051510). - alsa: hda/realtek - EAPD turn on later (bsc#1051510). - alsa: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug (bsc#1051510). - alsa: hda/realtek - Fixup headphone noise via runtime suspend (bsc#1051510). - alsa: hda/realtek - Improve the headset mic for Acer Aspire laptops (bsc#1051510). - alsa: hdea/realtek - Headset fixup for System76 Gazelle (gaze14) (bsc#1051510). - alsa: line6: Avoid polluting led_* namespace (bsc#1051510). - alsa: seq: Align temporary re-locking with irqsave version (bsc#1051510). - alsa: seq: Correct unlock sequence at snd_seq_client_ioctl_unlock() (bsc#1051510). - alsa: seq: Cover unsubscribe_port() in list_mutex (bsc#1051510). - alsa: seq: Fix race of get-subscription call vs port-delete ioctls (bsc#1051510). - alsa: seq: Protect in-kernel ioctl calls with mutex (bsc#1051510). - alsa: seq: Protect racy pool manipulation from OSS sequencer (bsc#1051510). - alsa: seq: Remove superfluous irqsave flags (bsc#1051510). - alsa: seq: Simplify snd_seq_kernel_client_enqueue() helper (bsc#1051510). - alsa: timer: Check ack_list emptiness instead of bit flag (bsc#1051510). - alsa: timer: Coding style fixes (bsc#1051510). - alsa: timer: Make snd_timer_close() really kill pending actions (bsc#1051510). - alsa: timer: Make sure to clear pending ack list (bsc#1051510). - alsa: timer: Revert active callback sync check at close (bsc#1051510). - alsa: timer: Simplify error path in snd_timer_open() (bsc#1051510). - alsa: timer: Unify timer callback process code (bsc#1051510). - alsa: usb-audio: Fix a memory leak bug (bsc#1051510). - alsa: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk() (bsc#1051510). - alsa: usx2y: fix a double free bug (bsc#1051510). - appletalk: Fix compile regression (bsc#1051510). - appletalk: Fix use-after-free in atalk_proc_exit (bsc#1051510). - arch: arm64: acpi: KABI ginore includes (bsc#1117158 bsc#1134671). - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (bsc#1117158). - arm64/x86: Update config files. Use CONFIG_ARCH_SUPPORTS_acpi - arm64: Export save_stack_trace_tsk() (jsc#SLE-4214). - arm64: acpi: fix alignment fault in accessing acpi (bsc#1117158). - arm64: fix acpi dependencies (bsc#1117158). - arm: 8824/1: fix a migrating irq bug when hotplug cpu (bsc#1051510). - arm: 8833/1: Ensure that NEON code always compiles with Clang (bsc#1051510). - arm: 8839/1: kprobe: make patch_lock a raw_spinlock_t (bsc#1051510). - arm: 8840/1: use a raw_spinlock_t in unwind (bsc#1051510). - arm: OMAP2+: Variable 'reg' in function omap4_dsi_mux_pads() could be uninitialized (bsc#1051510). - arm: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug (bsc#1051510). - arm: avoid Cortex-A9 livelock on tight dmb loops (bsc#1051510). - arm: imx6q: cpuidle: fix bug that CPU might not wake up at expected time (bsc#1051510). - arm: iop: do not use using 64-bit DMA masks (bsc#1051510). - arm: orion: do not use using 64-bit DMA masks (bsc#1051510). - arm: pxa: ssp: unneeded to free devm_ allocated data (bsc#1051510). - arm: s3c24xx: Fix boolean expressions in osiris_dvs_notify (bsc#1051510). - arm: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms (bsc#1051510). - asoc: Intel: avoid Oops if DMA setup fails (bsc#1051510). - asoc: RT5677-SPI: Disable 16Bit SPI Transfers (bsc#1051510). - asoc: cs4270: Set auto-increment bit for register writes (bsc#1051510). - asoc: fix valid stream condition (bsc#1051510). - asoc: fsl_esai: Fix missing break in switch statement (bsc#1051510). - asoc: hdmi-codec: fix S/PDIF DAI (bsc#1051510). - asoc: max98090: Fix restore of DAPM Muxes (bsc#1051510). - asoc: nau8810: fix the issue of widget with prefixed name (bsc#1051510). - asoc: nau8824: fix the issue of the widget with prefix name (bsc#1051510). - asoc: samsung: odroid: Fix clock configuration for 44100 sample rate (bsc#1051510). - asoc: stm32: fix sai driver name initialisation (bsc#1051510). - asoc: tlv320aic32x4: Fix Common Pins (bsc#1051510). - asoc: wm_adsp: Add locking to wm_adsp2_bus_error (bsc#1051510). - asoc:soc-pcm:fix a codec fixup issue in TDM case (bsc#1051510). - at76c50x-usb: Do not register led_trigger if usb_register_driver failed (bsc#1051510). - audit: fix a memleak caused by auditing load module (bsc#1051510). - b43: shut up clang -Wuninitialized variable warning (bsc#1051510). - backlight: lm3630a: Return 0 on success in update_status functions (bsc#1051510). - bcache: Move couple of functions to sysfs.c (bsc#1130972). - bcache: Move couple of string arrays to sysfs.c (bsc#1130972). - bcache: Populate writeback_rate_minimum attribute (bsc#1130972). - bcache: Replace bch_read_string_list() by __sysfs_match_string() (bsc#1130972). - bcache: account size of buckets used in uuid write to ca->meta_sectors_written (bsc#1130972). - bcache: add MODULE_DESCRIPTION information (bsc#1130972). - bcache: add a comment in super.c (bsc#1130972). - bcache: add code comments for bset.c (bsc#1130972). - bcache: add comment for cache_set->fill_iter (bsc#1130972). - bcache: add identifier names to arguments of function definitions (bsc#1130972). - bcache: add missing SPDX header (bsc#1130972). - bcache: add separate workqueue for journal_write to avoid deadlock (bsc#1130972). - bcache: add static const prefix to char * array declarations (bsc#1130972). - bcache: add sysfs_strtoul_bool() for setting bit-field variables (bsc#1130972). - bcache: add the missing comments for smp_mb()/smp_wmb() (bsc#1130972). - bcache: cannot set writeback_running via sysfs if no writeback kthread created (bsc#1130972). - bcache: correct dirty data statistics (bsc#1130972). - bcache: do not assign in if condition in bcache_init() (bsc#1130972). - bcache: do not assign in if condition register_bcache() (bsc#1130972). - bcache: do not check NULL pointer before calling kmem_cache_destroy (bsc#1130972). - bcache: do not check if debug dentry is ERR or NULL explicitly on remove (bsc#1130972). - bcache: do not clone bio in bch_data_verify (bsc#1130972). - bcache: do not mark writeback_running too early (bsc#1130972). - bcache: export backing_dev_name via sysfs (bsc#1130972). - bcache: export backing_dev_uuid via sysfs (bsc#1130972). - bcache: fix code comments style (bsc#1130972). - bcache: fix indent by replacing blank by tabs (bsc#1130972). - bcache: fix indentation issue, remove tabs on a hunk of code (bsc#1130972). - bcache: fix input integer overflow of congested threshold (bsc#1130972). - bcache: fix input overflow to cache set io_error_limit (bsc#1130972). - bcache: fix input overflow to cache set sysfs file io_error_halflife (bsc#1130972). - bcache: fix input overflow to journal_delay_ms (bsc#1130972). - bcache: fix input overflow to sequential_cutoff (bsc#1130972). - bcache: fix input overflow to writeback_delay (bsc#1130972). - bcache: fix input overflow to writeback_rate_minimum (bsc#1130972). - bcache: fix ioctl in flash device (bsc#1130972). - bcache: fix mistaken code comments in bcache.h (bsc#1130972). - bcache: fix mistaken comments in request.c (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_i_term_inverse (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_p_term_inverse (bsc#1130972). - bcache: fix typo 'succesfully' to 'successfully' (bsc#1130972). - bcache: fix typo in code comments of closure_return_with_destructor() (bsc#1130972). - bcache: improve sysfs_strtoul_clamp() (bsc#1130972). - bcache: introduce force_wake_up_gc() (bsc#1130972). - bcache: make cutoff_writeback and cutoff_writeback_sync tunable (bsc#1130972). - bcache: move open brace at end of function definitions to next line (bsc#1130972). - bcache: never writeback a discard operation (bsc#1130972). - bcache: not use hard coded memset size in bch_cache_accounting_clear() (bsc#1130972). - bcache: option to automatically run gc thread after writeback (bsc#1130972). - bcache: panic fix for making cache device (bsc#1130972). - bcache: prefer 'help' in Kconfig (bsc#1130972). - bcache: print number of keys in trace_bcache_journal_write (bsc#1130972). - bcache: recal cached_dev_sectors on detach (bsc#1130972). - bcache: remove unnecessary space before ioctl function pointer arguments (bsc#1130972). - bcache: remove unused bch_passthrough_cache (bsc#1130972). - bcache: remove useless parameter of bch_debug_init() (bsc#1130972). - bcache: replace '%pF' by '%pS' in seq_printf() (bsc#1130972). - bcache: replace Symbolic permissions by octal permission numbers (bsc#1130972). - bcache: replace hard coded number with BUCKET_GC_GEN_MAX (bsc#1130972). - bcache: replace printk() by pr_*() routines (bsc#1130972). - bcache: set writeback_percent in a flexible range (bsc#1130972). - bcache: split combined if-condition code into separate ones (bsc#1130972). - bcache: stop bcache device when backing device is offline (bsc#1130972). - bcache: stop using the deprecated get_seconds() (bsc#1130972). - bcache: style fix to add a blank line after declarations (bsc#1130972). - bcache: style fix to replace 'unsigned' by 'unsigned int' (bsc#1130972). - bcache: style fixes for lines over 80 characters (bsc#1130972). - bcache: treat stale and dirty keys as bad keys (bsc#1130972). - bcache: trivial - remove tailing backslash in macro BTREE_FLAG (bsc#1130972). - bcache: update comment for bch_data_insert (bsc#1130972). - bcache: update comment in sysfs.c (bsc#1130972). - bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata (bsc#1130972). - bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set (bsc#1130972). - bcache: use REQ_PRIO to indicate bio for metadata (bsc#1130972). - bcache: use routines from lib/crc64.c for CRC64 calculation (bsc#1130972). - bcache: use sysfs_strtoul_bool() to set bit-field variables (bsc#1130972). - block: Do not revalidate bdev of hidden gendisk (bsc#1120091). - block: check_events: do not bother with events if unsupported (bsc#1110946, bsc#1119843). - block: disk_events: introduce event flags (bsc#1110946, bsc#1119843). - block: do not leak memory in bio_copy_user_iov() (bsc#1135309). - block: fix the return errno for direct IO (bsc#1135320). - block: fix use-after-free on gendisk (bsc#1135312). - bluetooth: Align minimum encryption key size for LE and BR/EDR connections (bsc#1051510). - bluetooth: Check key sizes only when Secure Simple Pairing is enabled (bsc#1135556). - bluetooth: hidp: fix buffer overflow (bsc#1051510). - bnxt_en: Free short FW command HWRM memory in error path in bnxt_init_one() (bsc#1050242). - bnxt_en: Improve RX consumer index validity check (networking-stable-19_04_10). - bnxt_en: Improve multicast address setup logic (networking-stable-19_05_04). - bnxt_en: Reset device on RX buffer errors (networking-stable-19_04_10). - bonding: fix event handling for stacked bonds (networking-stable-19_04_19). - bpf, lru: avoid messing with eviction heuristics upon syscall lookup (bsc#1083647). - bpf: Add missed newline in verifier verbose log (bsc#1056787). - bpf: add map_lookup_elem_sys_only for lookups from syscall side (bsc#1083647). - brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() (bsc#1051510). - btrfs: Do not panic when we can't find a root key (bsc#1112063). - btrfs: Factor out common delayed refs init code (bsc#1134813). - btrfs: Introduce init_delayed_ref_head (bsc#1134813). - btrfs: Open-code add_delayed_data_ref (bsc#1134813). - btrfs: Open-code add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_data_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_head in add_delayed_ref_head (bsc#1134813). - btrfs: add a helper to return a head ref (bsc#1134813). - btrfs: breakout empty head cleanup to a helper (bsc#1134813). - btrfs: delayed-ref: Introduce better documented delayed ref structures (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: do not allow trimming when a fs is mounted with the nologreplay option (bsc#1135758). - btrfs: do not double unlock on error in btrfs_punch_hole (bsc#1136881). - btrfs: extent-tree: Fix a bug that btrfs is unable to add pinned bytes (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Open-code process_func in __btrfs_mod_ref (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor add_pinned_bytes() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_free_extent() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_inc_extent_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: fix fsync not persisting changed attributes of a directory (bsc#1137151). - btrfs: fix race between ranged fsync and writeback of adjacent ranges (bsc#1136477). - btrfs: fix race updating log root item during fsync (bsc#1137153). - btrfs: fix wrong ctime and mtime of a directory after log replay (bsc#1137152). - btrfs: improve performance on fsync of files with multiple hardlinks (bsc#1123454). - btrfs: move all ref head cleanup to the helper function (bsc#1134813). - btrfs: move extent_op cleanup to a helper (bsc#1134813). - btrfs: move ref_mod modification into the if (ref) logic (bsc#1134813). - btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer dereference (bsc#1134806). - btrfs: qgroup: Do not scan leaf if we're modifying reloc tree (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: qgroup: Move reserved data accounting from btrfs_delayed_ref_head to btrfs_qgroup_extent_record (bsc#1134162). - btrfs: qgroup: Remove duplicated trace points for qgroup_rsv_add/release (bsc#1134160). - btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON() (bsc#1133612). - btrfs: remove delayed_ref_node from ref_head (bsc#1134813). - btrfs: send, flush dellaloc in order to avoid data loss (bsc#1133320). - btrfs: split delayed ref head initialization and addition (bsc#1134813). - btrfs: track refs in a rb_tree instead of a list (bsc#1134813). - btrfs: tree-checker: detect file extent items with overlapping ranges (bsc#1136478). - ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134461). - ceph: fix ci->i_head_snapc leak (bsc#1122776). - ceph: fix use-after-free on symlink traversal (bsc#1134459). - ceph: only use d_name directly when parent is locked (bsc#1134460). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565). - clk: rockchip: Fix video codec clocks on rk3288 (bsc#1051510). - clk: rockchip: fix wrong clock definitions for rk3328 (bsc#1051510). - configfs: Fix use-after-free when accessing sd->s_dentry (bsc#1051510). - configfs: fix possible use-after-free in configfs_register_group (bsc#1051510). - crypto: arm/aes-neonbs - do not access already-freed walk.iv (bsc#1051510). - crypto: caam - fix caam_dump_sg that iterates through scatterlist (bsc#1051510). - crypto: ccm - fix incompatibility between 'ccm' and 'ccm_base' (bsc#1051510). - crypto: ccp - Do not free psp_master when PLATFORM_INIT fails (bsc#1051510). - crypto: chacha20poly1305 - set cra_name correctly (bsc#1051510). - crypto: crct10dif-generic - fix use via crypto_shash_digest() (bsc#1051510). - crypto: fips - Grammar s/options/option/, s/to/the/ (bsc#1051510). - crypto: gcm - fix incompatibility between 'gcm' and 'gcm_base' (bsc#1051510). - crypto: skcipher - do not WARN on unprocessed data after slow walk step (bsc#1051510). - crypto: sun4i-ss - Fix invalid calculation of hash end (bsc#1051510). - crypto: vmx - CTR: always increment IV as quadword (bsc#1051510). - crypto: vmx - fix copy-paste error in CTR mode (bsc#1051510). - crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661, bsc#1137162). - crypto: vmx - return correct error code on failed setkey (bsc#1135661, bsc#1137162). - crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest() (bsc#1051510). - dccp: Fix memleak in __feat_register_sp (bsc#1051510). - dccp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28). - debugfs: fix use-after-free on symlink traversal (bsc#1051510). - devres: Align data[] to ARCH_KMALLOC_MINALIGN (bsc#1051510). - dmaengine: axi-dmac: Do not check the number of frames for alignment (bsc#1051510). - dmaengine: tegra210-dma: free dma controller in remove() (bsc#1051510). - documentation: Add MDS vulnerability documentation (bsc#1135642). - drivers: acpi: add dependency of EFI for arm64 (bsc#1117158). - drm/bridge: adv7511: Fix low refresh rate selection (bsc#1051510). - drm/etnaviv: lock MMU while dumping core (bsc#1113722) - drm/fb-helper: dpms_legacy(): Only set on connectors in use (bsc#1051510). - drm/i915/fbc: disable framebuffer compression on GeminiLake (bsc#1051510). - drm/i915/gvt: Fix cmd length of VEB_DI_IECP (bsc#1113722) - drm/i915/gvt: Fix incorrect mask of mmio 0x22028 in gen8/9 mmio list (bnc#1113722) - drm/i915/gvt: Tiled Resources mmios are in-context mmios for gen9+ (bsc#1113722) - drm/i915/gvt: add 0x4dfc to gen9 save-restore list (bsc#1113722) - drm/i915/gvt: do not let TRTTE and 0x4dfc write passthrough to hardware (bsc#1051510). - drm/i915/gvt: refine ggtt range validation (bsc#1113722) - drm/i915: Disable LP3 watermarks on all SNB machines (bsc#1051510). - drm/i915: Downgrade Gen9 Plane WM latency error (bsc#1051510). - drm/i915: Fix I915_EXEC_RING_MASK (bsc#1051510). - drm/imx: do not skip DP channel disable for background plane (bsc#1051510). - drm/mediatek: fix possible object reference leak (bsc#1051510). - drm/meson: add size and alignment requirements for dumb buffers (bnc#1113722) - drm/nouveau/i2c: Disable i2c bus access after ->fini() (bsc#1113722) - drm/rockchip: fix for mailbox read validation (bsc#1051510). - drm/rockchip: shutdown drm subsystem on shutdown (bsc#1051510). - drm/sun4i: rgb: Change the pixel clock validation check (bnc#1113722) - drm/ttm: Remove warning about inconsistent mapping information (bnc#1131488) - drm/vmwgfx: Do not send drm sysfs hotplug events on initial master set (bsc#1051510). - drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() (bsc#1113722) - drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read (bsc#1051510). - dt-bindings: clock: r8a7795: Remove CSIREF clock (bsc#1120902). - dt-bindings: clock: r8a7796: Remove CSIREF clock (bsc#1120902). - dt-bindings: net: Add binding for the external clock for TI WiLink (bsc#1085535). - dt-bindings: net: Fix a typo in the phy-mode list for ethernet bindings (bsc#1129770). - dt-bindings: rtc: sun6i-rtc: Fix register range in example (bsc#1120902). - dwc2: gadget: Fix completed transfer size calculation in DDMA (bsc#1051510). - efi/arm: Defer persistent reservations until after paging_init() (bsc#1117158). - efi/arm: Do not mark acpi reclaim memory as MEMBLOCK_NOMAP (bsc#1117158 bsc#1115688 bsc#1120566). - efi/arm: Revert 'Defer persistent reservations until after paging_init()' (bsc#1117158). - efi/arm: Revert deferred unmap of early memmap mapping (bsc#1117158). - efi/arm: libstub: add a root memreserve config table (bsc#1117158). - efi/arm: map UEFI memory map even w/o runtime services enabled (bsc#1117158). - efi/arm: preserve early mapping of UEFI memory map longer for BGRT (bsc#1117158). - efi: Permit calling efi_mem_reserve_persistent() from atomic context (bsc#1117158). - efi: Permit multiple entries in persistent memreserve data structure (bsc#1117158). - efi: Prevent GICv3 WARN() by mapping the memreserve table before first use (bsc#1117158). - efi: Reduce the amount of memblock reservations for persistent allocations (bsc#1117158). - efi: add API to reserve memory persistently across kexec reboot (bsc#1117158). - efi: honour memory reservations passed via a linux specific config table (bsc#1117158). - ext4: Do not warn when enabling DAX (bsc#1132894). - ext4: actually request zeroing of inode table after grow (bsc#1135315). - ext4: avoid panic during forced reboot due to aborted journal (bsc#1126356). - ext4: fix data corruption caused by overlapping unaligned and aligned IO (bsc#1136428). - ext4: fix ext4_show_options for file systems w/o journal (bsc#1135316). - ext4: fix use-after-free race with debug_want_extra_isize (bsc#1135314). - ext4: make sanity check in mballoc more strict (bsc#1136439). - ext4: wait for outstanding dio during truncate in nojournal mode (bsc#1136438). - fbdev: fix WARNING in __alloc_pages_nodemask bug (bsc#1113722) - fbdev: fix divide error in fb_var_to_videomode (bsc#1113722) - firmware: efi: factor out mem_reserve (bsc#1117158 bsc#1134671). - fix rtnh_ok() (git-fixes). - fs/sync.c: sync_file_range(2) may use WB_SYNC_ALL writeback (bsc#1136432). - fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount (bsc#1136435). - ftrace/x86_64: Emulate call function while updating in breakpoint handler (bsc#1099658). - genetlink: Fix a memory leak on error path (networking-stable-19_03_28). - ghes, EDAC: Fix ghes_edac registration (bsc#1133176). - gpio: aspeed: fix a potential NULL pointer dereference (bsc#1051510). - gpu: ipu-v3: dp: fix CSC handling (bsc#1051510). - hid: debug: fix race condition with between rdesc_show() and device removal (bsc#1051510). - hid: input: add mapping for 'Toggle Display' key (bsc#1051510). - hid: input: add mapping for Assistant key (bsc#1051510). - hid: input: add mapping for Expose/Overview key (bsc#1051510). - hid: input: add mapping for keyboard Brightness Up/Down/Toggle keys (bsc#1051510). - hid: logitech: check the return value of create_singlethread_workqueue (bsc#1051510). - hwmon: (f71805f) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (pc87427) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (vt1211) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses (bsc#1051510). - ibmvnic: Add device identification to requested IRQs (bsc#1137739). - ibmvnic: Do not close unopened driver during reset (bsc#1137752). - ibmvnic: Fix unchecked return codes of memory allocations (bsc#1137752). - ibmvnic: Refresh device multicast list after reset (bsc#1137752). - ibmvnic: remove set but not used variable 'netdev' (bsc#1137739). - igmp: fix incorrect unsolicit report count when join group (git-fixes). - iio: adc: xilinx: fix potential use-after-free on remove (bsc#1051510). - indirect call wrappers: helpers to speed-up indirect calls of builtin (bsc#1124503). - inetpeer: fix uninit-value in inet_getpeer (git-fixes). - input: elan_i2c - add hardware ID for multiple Lenovo laptops (bsc#1051510). - input: introduce KEY_ASSISTANT (bsc#1051510). - input: synaptics-rmi4 - fix possible double free (bsc#1051510). - intel_th: msu: Fix single mode with IOMMU (bsc#1051510). - intel_th: pci: Add Comet Lake support (bsc#1051510). - iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel (bsc#1117158). - iommu/arm-smmu-v3: Do not disable SMMU in kdump kernel (bsc#1117158 bsc#1134671). - iommu/vt-d: Do not request page request irq under dmar_global_lock (bsc#1135006). - iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU (bsc#1135007). - iommu/vt-d: Set intel_iommu_gfx_mapped correctly (bsc#1135008). - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type (networking-stable-19_04_10). - ip6_tunnel: collect_md xmit: Use ip_tunnel_key's provided src address (git-fixes). - ip_gre: fix parsing gre header in ipgre_err (git-fixes). - ip_tunnel: Fix name string concatenate in __ip_tunnel_create() (git-fixes). - ipconfig: Correctly initialise ic_nameservers (bsc#1051510). - ipmi:ssif: compare block number correctly for multi-part return messages (bsc#1051510). - ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled (git-fixes). - ipv4: add sanity checks in ipv4_link_failure() (git-fixes). - ipv4: ensure rcu_read_lock() in ipv4_link_failure() (networking-stable-19_04_19). - ipv4: ip_do_fragment: Preserve skb_iif during fragmentation (networking-stable-19_05_04). - ipv4: recompile ip options in ipv4_link_failure (networking-stable-19_04_19). - ipv4: set the tcp_min_rtt_wlen range from 0 to one day (networking-stable-19_04_30). - ipv6/flowlabel: wait rcu grace period before put_pid() (git-fixes). - ipv6: fix cleanup ordering for ip6_mr failure (git-fixes). - ipv6: fix cleanup ordering for pingv6 registration (git-fixes). - ipv6: invert flowlabel sharing check in process and user mode (git-fixes). - ipv6: mcast: fix unsolicited report interval after receiving querys (git-fixes). - ipvlan: Add the skb->mark as flow4's member to lookup route (bsc#1051510). - ipvlan: fix ipv6 outbound device (bsc#1051510). - ipvlan: use ETH_MAX_MTU as max mtu (bsc#1051510). - ipvs: Fix signed integer overflow when setsockopt timeout (bsc#1051510). - ipvs: call ip_vs_dst_notifier earlier than ipv6_dev_notf (git-fixes). - ipvs: fix buffer overflow with sync daemon and service (git-fixes). - ipvs: fix check on xmit to non-local addresses (git-fixes). - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() (bsc#1051510). - ipvs: fix rtnl_lock lockups caused by start_sync_thread (git-fixes). - ipvs: fix stats update from local clients (git-fixes). - iw_cxgb4: only allow 1 flush on user qps (bsc#1051510). - jbd2: check superblock mapped prior to committing (bsc#1136430). - kABI workaround for removed usb_interface.pm_usage_cnt field (bsc#1051510). - kABI workaround for snd_seq_kernel_client_enqueue() API changes (bsc#1051510). - kABI: protect dma-mapping.h include (kabi). - kABI: protect functions using struct net_generic (bsc#1130409 LTC#176346). - kABI: protect ip_options_rcv_srr (kabi). - kABI: protect struct mlx5_td (kabi). - kABI: protect struct pci_dev (kabi). - kABI: protect struct smc_ib_device (bsc#1130409 LTC#176346). - kABI: protect struct smc_link (bsc#1129857 LTC#176247). - kABI: protect struct smcd_dev (bsc#1130409 LTC#176346). - kabi: drop LINUX_Mib_TCPWQUEUETOOBIG snmp counter (bsc#1137586). - kabi: implement map_lookup_elem_sys_only in another way (bsc#1083647). - kabi: move sysctl_tcp_min_snd_mss to preserve struct net layout (bsc#1137586). - kernel/signal.c: trace_signal_deliver when signal_group_exit (git-fixes). - kernel/sys.c: prctl: fix false positive in validate_prctl_map() (git-fixes). - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv (bsc#1051510). - kernel/sysctl.c: fix out-of-bounds access when setting file-max (bsc#1051510). - keys: safe concurrent user->{session,uid}_keyring access (bsc#1135642). - kmsg: Update message catalog to latest ibM level (2019/03/08) (bsc#1128904 LTC#176078). - kmsg: Update message catalog to latest ibM level (2019/03/08) (bsc#1128905 LTC#176077). - kvm: Fix UAF in nested posted interrupt processing (bsc#1134199). - kvm: VMX: Zero out *all* general purpose registers after VM-Exit (bsc#1134202). - kvm: nVMX: Clear reserved bits of #DB exit qualification (bsc#1134200). - kvm: nVMX: restore host state in nested_vmx_vmexit for VMFail (bsc#1134201). - kvm: s390: fix memory overwrites when not using SCA entries (bsc#1136206). - kvm: s390: provide io interrupt kvm_stat (bsc#1136206). - kvm: s390: use created_vcpus in more places (bsc#1136206). - kvm: s390: vsie: fix 8k check for the itdba (bsc#1136206). - kvm: x86: Always use 32-bit SMRAM save state for 32-bit kernels (bsc#1134203). - kvm: x86: Do not clear EFER during SMM transitions for 32-bit vCPU (bsc#1134204). - kvm: x86: svm: make sure NMI is injected after nmi_singlestep (bsc#1134205). - l2tp: cleanup l2tp_tunnel_delete calls (bsc#1051510). - l2tp: filter out non-PPP sessions in pppol2tp_tunnel_ioctl() (git-fixes). - l2tp: fix missing refcount drop in pppol2tp_tunnel_ioctl() (git-fixes). - l2tp: only accept PPP sessions in pppol2tp_connect() (git-fixes). - l2tp: prevent pppol2tp_connect() from creating kernel sockets (git-fixes). - l2tp: revert 'l2tp: fix missing print session offset info' (bsc#1051510). - leds: avoid races with workqueue (bsc#1051510). - leds: pwm: silently error out on EPROBE_DEFER (bsc#1051510). - lib: add crc64 calculation routines (bsc#1130972). - lib: do not depend on linux headers being installed (bsc#1130972). - libata: fix using DMA buffers on stack (bsc#1051510). - linux/kernel.h: Use parentheses around argument in u64_to_user_ptr() (bsc#1051510). - livepatch: Convert error about unsupported reliable stacktrace into a warning (bsc#1071995). - livepatch: Remove custom kobject state handling (bsc#1071995). - livepatch: Remove duplicated code for early initialization (bsc#1071995). - lpfc: validate command in lpfc_sli4_scmd_to_wqidx_distr() (bsc#1129138). - mISDN: Check address length before reading address family (bsc#1051510). - mac80211: fix memory accounting with A-MSDU aggregation (bsc#1051510). - mac80211: fix unaligned access in mesh table hash function (bsc#1051510). - mac8390: Fix mmio access size probe (bsc#1051510). - md: fix invalid stored role for a disk (bsc#1051510). - media: atmel: atmel-isc: fix INIT_WORK misplacement (bsc#1051510). - media: cx18: update *pos correctly in cx18_read_pos() (bsc#1051510). - media: cx23885: check allocation return (bsc#1051510). - media: davinci-isif: avoid uninitialized variable use (bsc#1051510). - media: davinci/vpbe: array underflow in vpbe_enum_outputs() (bsc#1051510). - media: ivtv: update *pos correctly in ivtv_read_pos() (bsc#1051510). - media: omap_vout: potential buffer overflow in vidioc_dqbuf() (bsc#1051510). - media: ov2659: fix unbalanced mutex_lock/unlock (bsc#1051510). - media: pvrusb2: Prevent a buffer overflow (bsc#1129770). - media: serial_ir: Fix use-after-free in serial_ir_init_module (bsc#1051510). - media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame (bsc#1051510). - media: vivid: use vfree() instead of kfree() for dev->bitmap_cap (bsc#1051510). - media: wl128x: Fix an error code in fm_download_firmware() (bsc#1051510). - media: wl128x: prevent two potential buffer overflows (bsc#1051510). - memcg: make it work on sparse non-0-node systems (bnc#1133616). - memcg: make it work on sparse non-0-node systems kabi (bnc#1133616). - mlxsw: spectrum: Fix autoneg status in ethtool (networking-stable-19_04_30). - mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned addresses (bsc#1135330). - mm: Fix buggy backport leading to MAP_SYNC failures (bsc#1137372) - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (bnc#1012382). - mmc: block: Delete gendisk before cleaning up the request queue (bsc#1127616). - mmc: core: fix possible use after free of host (bsc#1051510). - mount: copy the port field into the cloned nfs_server structure (bsc#1136990). - mtd: docg3: Fix passing zero to 'PTR_ERR' warning in doc_probe_device (bsc#1051510). - mtd: docg3: fix a possible memory leak of mtd->name (bsc#1051510). - mtd: nand: omap: Fix comment in platform data using wrong Kconfig symbol (bsc#1051510). - mtd: part: fix incorrect format specifier for an unsigned long long (bsc#1051510). - mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary on read/write (bsc#1129770). - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935). - mwifiex: Fix mem leak in mwifiex_tm_cmd (bsc#1051510). - mwifiex: Fix possible buffer overflows at parsing bss descriptor - mwifiex: prevent an array overflow (bsc#1051510). - mwl8k: Fix rate_idx underflow (bsc#1051510). - neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit (git-fixes). - net-gro: Fix GRO flush when receiving a GSO packet (networking-stable-19_04_10). - net/ibmvnic: Remove tests of member address (bsc#1137739). - net/ibmvnic: Update MAC address settings after adapter reset (bsc#1134760). - net/ibmvnic: Update carrier state after link state change (bsc#1135100). - net/ipv4: defensive cipso option parsing (git-fixes). - net/ipv6: do not reinitialize ndev->cnf.addr_gen_mode on new inet6_dev (git-fixes). - net/ipv6: fix addrconf_sysctl_addr_gen_mode (git-fixes). - net/ipv6: propagate net.ipv6.conf.all.addr_gen_mode to devices (git-fixes). - net/ipv6: reserve room for IFLA_INET6_ADDR_GEN_MODE (git-fixes). - net/mlx5: Decrease default mr cache size (networking-stable-19_04_10). - net/mlx5e: Add a lock on tir list (networking-stable-19_04_10). - net/mlx5e: Fix error handling when refreshing TIRs (networking-stable-19_04_10). - net/mlx5e: Fix trailing semicolon (bsc#1075020). - net/mlx5e: IPoib, Reset QP after channels are closed (bsc#1075020). - net/mlx5e: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_04_30). - net/rose: fix unbound loop in rose_loopback_timer() (networking-stable-19_04_30). - net/sched: act_sample: fix divide by zero in the traffic path (networking-stable-19_04_10). - net/sched: do not dereference a->goto_chain to read the chain index (bsc#1064802 bsc#1066129). - net/sched: fix ->get helper of the matchall cls (networking-stable-19_04_10). - net/smc: add pnet table namespace support (bsc#1130409 LTC#176346). - net/smc: add smcd support to the pnet table (bsc#1130409 LTC#176346). - net/smc: allow 16 byte pnetids in netlink policy (bsc#1129857 LTC#176247). - net/smc: allow pci IDs as ib device names in the pnet table (bsc#1130409 LTC#176346). - net/smc: allow pnetid-less configuration (bsc#1130409 LTC#176346). - net/smc: call smc_cdc_msg_send() under send_lock (bsc#1129857 LTC#176247). - net/smc: check connections in smc_lgr_free_work (bsc#1129857 LTC#176247). - net/smc: check for ip prefix and subnet (bsc#1134607 LTC#177518). - net/smc: check port_idx of ib event (bsc#1129857 LTC#176247). - net/smc: cleanup for smcr_tx_sndbuf_nonempty (bsc#1130409 LTC#176346). - net/smc: cleanup of get vlan id (bsc#1134607 LTC#177518). - net/smc: code cleanup smc_listen_work (bsc#1134607 LTC#177518). - net/smc: consolidate function parameters (bsc#1134607 LTC#177518). - net/smc: correct state change for peer closing (bsc#1129857 LTC#176247). - net/smc: delete rkey first before switching to unused (bsc#1129857 LTC#176247). - net/smc: do not wait for send buffer space when data was already sent (bsc#1129857 LTC#176247). - net/smc: do not wait under send_lock (bsc#1129857 LTC#176247). - net/smc: fallback to TCP after connect problems (bsc#1134607 LTC#177518). - net/smc: fix a NULL pointer dereference (bsc#1134607 LTC#177518). - net/smc: fix another sizeof to int comparison (bsc#1129857 LTC#176247). - net/smc: fix byte_order for rx_curs_confirmed (bsc#1129848 LTC#176249). - net/smc: fix return code from FLUSH command (bsc#1134607 LTC#177518). - net/smc: fix sender_free computation (bsc#1129857 LTC#176247). - net/smc: fix smc_poll in SMC_INIT state (bsc#1129848 LTC#176249). - net/smc: fix use of variable in cleared area (bsc#1129857 LTC#176247). - net/smc: improve smc_conn_create reason codes (bsc#1134607 LTC#177518). - net/smc: improve smc_listen_work reason codes (bsc#1134607 LTC#177518). - net/smc: move code to clear the conn->lgr field (bsc#1129857 LTC#176247). - net/smc: move unhash before release of clcsock (bsc#1134607 LTC#177518). - net/smc: move wake up of close waiter (bsc#1129857 LTC#176247). - net/smc: no delay for free tx buffer wait (bsc#1129857 LTC#176247). - net/smc: nonblocking connect rework (bsc#1134607 LTC#177518). - net/smc: postpone release of clcsock (bsc#1129857 LTC#176247). - net/smc: preallocated memory for rdma work requests (bsc#1129857 LTC#176247). - net/smc: prevent races between smc_lgr_terminate() and smc_conn_free() (bsc#1129857 LTC#176247). - net/smc: propagate file from SMC to TCP socket (bsc#1134607 LTC#177518). - net/smc: recvmsg and splice_read should return 0 after shutdown (bsc#1129857 LTC#176247). - net/smc: reduce amount of status updates to peer (bsc#1129857 LTC#176247). - net/smc: reset cursor update required flag (bsc#1129857 LTC#176247). - net/smc: rework pnet table (bsc#1130409 LTC#176346). - net/smc: unlock LGR pending lock earlier for SMC-D (bsc#1129857 LTC#176247). - net/smc: use client and server LGR pending locks for SMC-R (bsc#1129857 LTC#176247). - net/smc: use device link provided in qp_context (bsc#1129857 LTC#176247). - net/smc: use smc_curs_copy() for SMC-D (bsc#1129857 LTC#176247). - net/smc: wait for pending work before clcsock release_sock (bsc#1134607 LTC#177518). - net: Fix a bug in removing queues from XPS map (git-fixes). - net: aquantia: fix rx checksum offload for UDP/TCP over IPv6 (networking-stable-19_03_28). - net: atm: Fix potential Spectre v1 vulnerabilities (networking-stable-19_04_19). - net: avoid skb_warn_bad_offload on IS_ERR (git-fixes). - net: do not keep lonely packets forever in the gro hash (git-fixes). - net: dsa: bcm_sf2: fix buffer overflow doing set_rxnfc (networking-stable-19_05_04). - net: dsa: legacy: do not unmask port bitmaps (git-fixes). - net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT (git-fixes). - net: ena: fix return value of ena_com_config_llq_info() (bsc#1111696 bsc#1117561). - net: ethtool: not call vzalloc for zero sized memory request (networking-stable-19_04_10). - net: fix uninit-value in __hw_addr_add_ex() (git-fixes). - net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv (networking-stable-19_04_19). - net: hns3: remove resetting check in hclgevf_reset_task_schedule (bsc#1104353 bsc#1135056). - net: initialize skb->peeked when cloning (git-fixes). - net: make skb_partial_csum_set() more robust against overflows (git-fixes). - net: phy: marvell: Fix buffer overrun with stats counters (networking-stable-19_05_04). - net: rds: exchange of 8K and 1M pool (networking-stable-19_04_30). - net: rose: fix a possible stack overflow (networking-stable-19_03_28). - net: socket: fix potential spectre v1 gadget in socketcall (git-fixes). - net: stmmac: fix memory corruption with large MTUs (networking-stable-19_03_28). - net: stmmac: move stmmac_check_ether_addr() to driver probe (networking-stable-19_04_30). - net: test tailroom before appending to linear skb (git-fixes). - net: thunderx: do not allow jumbo frames with XDP (networking-stable-19_04_19). - net: thunderx: raise XDP MTU to 1508 (networking-stable-19_04_19). - net: unbreak CONFIG_RETPOLINE=n builds (bsc#1124503). - net: use indirect call wrappers at GRO network layer (bsc#1124503). - net: use indirect call wrappers at GRO transport layer (bsc#1124503). - netfilter: bridge: Do not sabotage nf_hook calls from an l3mdev (git-fixes). - netfilter: bridge: ebt_among: add missing match size checks (git-fixes). - netfilter: bridge: ebt_among: add more missing match size checks (git-fixes). - netfilter: drop template ct when conntrack is skipped (git-fixes). - netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule (git-fixes). - netfilter: ebtables: handle string from userspace with care (git-fixes). - netfilter: ebtables: reject non-bridge targets (git-fixes). - netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel (git-fixes). - netfilter: nf_log: do not hold nf_log_mutex during user access (git-fixes). - netfilter: nf_log: fix uninit read in nf_log_proc_dostring (git-fixes). - netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v{4,6} (git-fixes). - netfilter: nf_tables: can't fail after linking rule into active rule list (git-fixes). - netfilter: nf_tables: check msg_type before nft_trans_set(trans) (git-fixes). - netfilter: nf_tables: fix NULL pointer dereference on nft_ct_helper_obj_dump() (git-fixes). - netfilter: nf_tables: fix leaking object reference count (git-fixes). - netfilter: nf_tables: release chain in flushing set (git-fixes). - netfilter: nft_compat: do not dump private area (git-fixes). - netfilter: x_tables: initialise match/target check parameter struct (git-fixes). - netlink: fix uninit-value in netlink_sendmsg (git-fixes). - nfs add module option to limit nfsv4 minor version (jsc#PM-231). - nfs: Enable nfsv4.2 support - jsc@PM-231 This requires a module parameter for nfsv4.2 to actually be available on SLE12 and SLE15-SP0 - nfsv4.x: always serialize open/close operations (bsc#1114893). - nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands (bsc#1051510). - nvme-rdma: fix possible free of a non-allocated async event buffer (bsc#1120423). - nvme: Do not remove namespaces during reset (bsc#1131673). - nvme: flush scan_work when resetting controller (bsc#1131673). - objtool: Fix function fallthrough detection (bsc#1058115). - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget (bsc#1136434). - ocfs2: turn on OCFS2_FS_STATS setting(bsc#1134393) We need to turn on OCFS2_FS_STATS kernel configuration setting, to fix bsc#1134393. - of: fix clang -Wunsequenced for be32_to_cpu() (bsc#1135642). - omapfb: add missing of_node_put after of_device_is_available (bsc#1051510). - openvswitch: add seqadj extension when NAT is used (bsc#1051510). - openvswitch: fix flow actions reallocation (bsc#1051510). - p54: drop device reference count if fails to enable device (bsc#1135642). - packet: fix reserve calculation (git-fixes). - packet: in packet_snd start writing at link layer allocation (git-fixes). - packet: refine ring v3 block size test to hold one frame (git-fixes). - packet: reset network header if packet shorter than ll reserved space (git-fixes). - packet: validate msg_namelen in send directly (git-fixes). - packets: Always register packet sk in the same order (networking-stable-19_03_28). - pci: Factor out pcie_retrain_link() function (git-fixes). - pci: Mark AMD Stoney Radeon R7 GPU ATS as broken (bsc#1051510). - pci: Mark Atheros AR9462 to avoid bus reset (bsc#1051510). - pci: Work around Pericom pcie-to-pci bridge Retrain Link erratum (git-fixes). - pci: endpoint: Use EPC's device in dma_alloc_coherent()/dma_free_coherent() (git-fixes). - phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode (bsc#1051510). - platform/x86: alienware-wmi: printing the wrong error code (bsc#1051510). - platform/x86: dell-rbtn: Add missing #include (bsc#1051510). - platform/x86: intel_pmc_ipc: adding error handling (bsc#1051510). - platform/x86: intel_punit_ipc: Revert 'Fix resource ioremap warning' (bsc#1051510). - platform/x86: pmc_atom: Add Lex 3I380D industrial PC to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Add several Beckhoff Automation boards to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Drop __initconst on dmi table (bsc#1051510). - platform/x86: sony-laptop: Fix unintentional fall-through (bsc#1051510). - power: supply: axp20x_usb_power: Fix typo in VBUS current limit macros (bsc#1051510). - power: supply: axp288_charger: Fix unchecked return value (bsc#1051510). - powerpc/eeh: Fix race with driver un/bind (bsc#1065729). - powerpc/msi: Fix NULL pointer access in teardown code (bsc#1065729). - powerpc/perf: Fix MMCRA corruption by bhrb_filter (bsc#1053043). - powerpc/powernv/idle: Restore IAMR after idle (bsc#1065729). - powerpc/process: Fix sparse address space warnings (bsc#1065729). - powerpc: Always initialize input array when calling epapr_hypercall() (bsc#1065729). - powerpc: Fix HMIs on big-endian with CONFIG_RELOCATABLE=y (bsc#1065729). - proc/kcore: do not bounds check against address 0 (bsc#1051510). - proc/sysctl: fix return error for proc_doulongvec_minmax() (bsc#1051510). - proc: revalidate kernel thread inodes to root:root (bsc#1051510). - ptrace: take into account saved_sigmask in PTRACE{GET,SET}SIGMASK (git-fixes). - pwm: Fix deadlock warning when removing PWM device (bsc#1051510). - pwm: meson: Consider 128 a valid pre-divider (bsc#1051510). - pwm: meson: Do not disable PWM when setting duty repeatedly (bsc#1051510). - pwm: meson: Use the spin-lock only to protect register modifications (bsc#1051510). - pwm: tiehrpwm: Update shadow register for disabling PWMs (bsc#1051510). - qla2xxx: allow irqbalance control in non-MQ mode (bsc#1128979). - qla2xxx: always allocate qla_tgt_wq (bsc#1131451). - qmi_wwan: add Olicard 600 (bsc#1051510). - rdma/hns: Fix bug that caused srq creation to fail (bsc#1104427 ). - rdma/rxe: Consider skb reserve space based on netdev of GID (bsc#1082387, bsc#1103992). - regulator: tps65086: Fix tps65086_ldoa1_ranges for selector 0xB (bsc#1051510). - rt2x00: do not increment sequence number while re-transmitting (bsc#1051510). - rtc: da9063: set uie_unsupported when relevant (bsc#1051510). - rtc: sh: Fix invalid alarm warning for non-enabled alarm (bsc#1051510). - rtlwifi: rtl8723ae: Fix missing break in switch statement (bsc#1051510). - rxrpc: Fix error reception on AF_INET6 sockets (git-fixes). - rxrpc: Fix transport sockopts to get IPv4 errors on an IPv6 socket (git-fixes). - s390/ism: ignore some errors during deregistration (bsc#1129857 LTC#176247). - s390/qdio: clear intparm during shutdown (bsc#1134597 LTC#177516). - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() (bsc#1051510). - sc16is7xx: move label 'err_spi' to correct section (bsc#1051510). - sc16is7xx: put err_spi and err_i2c into correct #ifdef (bsc#1051510). - scripts: override locale from environment when running recordmcount.pl (bsc#1134354). - scsi: qedf: fixup bit operations (bsc#1135542). - scsi: qedf: fixup locking in qedf_restart_rport() (bsc#1135542). - scsi: qedf: missing kref_put in qedf_xmit() (bsc#1135542). - scsi: qla2xxx: Declare local functions 'static' (bsc#1137444). - scsi: qla2xxx: Fix function argument descriptions (bsc#1118139). - scsi: qla2xxx: Fix memory corruption during hba reset test (bsc#1118139). - scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show (bsc#1132044). - scsi: qla2xxx: Improve several kernel-doc headers (bsc#1137444). - scsi: qla2xxx: Introduce a switch/case statement in qlt_xmit_tm_rsp() (bsc#1137444). - scsi: qla2xxx: Make qla2x00_sysfs_write_nvram() easier to analyze (bsc#1137444). - scsi: qla2xxx: Make sure that qlafx00_ioctl_iosb_entry() initializes 'res' (bsc#1137444). - scsi: qla2xxx: NULL check before some freeing functions is not needed (bsc#1137444). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1137444). - scsi: qla2xxx: Remove two arguments from qlafx00_error_entry() (bsc#1137444). - scsi: qla2xxx: Remove unused symbols (bsc#1118139). - scsi: qla2xxx: Split the __qla2x00_abort_all_cmds() function (bsc#1137444). - scsi: qla2xxx: Use %p for printing pointers (bsc#1118139). - scsi: qla2xxx: fix error message on qla2400 (bsc#1118139). - scsi: qla2xxx: fix spelling mistake: 'existant' -> 'existent' (bsc#1118139). - scsi: qla2xxx: fully convert to the generic DMA API (bsc#1137444). - scsi: qla2xxx: fx00 copypaste typo (bsc#1118139). - scsi: qla2xxx: remove the unused tcm_qla2xxx_cmd_wq (bsc#1118139). - scsi: qla2xxx: use lower_32_bits and upper_32_bits instead of reinventing them (bsc#1137444). - sctp: avoid running the sctp state machine recursively (networking-stable-19_05_04). - sctp: fix identification of new acks for SFR-CACC (git-fixes). - sctp: get sctphdr by offset in sctp_compute_cksum (networking-stable-19_03_28). - sctp: initialize _pad of sockaddr_in before copying to user memory (networking-stable-19_04_10). - sctp: only update outstanding_bytes for transmitted queue when doing prsctp_prune (git-fixes). - sctp: set frag_point in sctp_setsockopt_maxseg correctly` (git-fixes). - selinux: use kernel linux/socket.h for genheaders and mdp (bsc#1134810). - serial: 8250_pxa: honor the port number from devicetree (bsc#1051510). - serial: ar933x_uart: Fix build failure with disabled console (bsc#1051510). - serial: uartps: console_setup() can't be placed to init section (bsc#1051510). - signal: Always notice exiting tasks (git-fixes). - signal: Better detection of synchronous signals (git-fixes). - signal: Restore the stop PTRACE_EVENT_EXIT (git-fixes). - smc: move unhash as early as possible in smc_release() (bsc#1129857 LTC#176247). - soc/fsl/qe: Fix an error code in qe_pin_request() (bsc#1051510). - soc/tegra: pmc: Drop locking from tegra_powergate_is_powered() (bsc#1051510). - spi: Micrel eth switch: declare missing of table (bsc#1051510). - spi: ST ST95HF NFC: declare missing of table (bsc#1051510). - spi: a3700: Clear DATA_OUT when performing a read (bsc#1051510). - spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios (bsc#1051510). - spi: bcm2835aux: setup gpio-cs to output and correct level during setup (bsc#1051510). - spi: bcm2835aux: warn in dmesg that native cs is not really supported (bsc#1051510). - spi: rspi: Fix sequencer reset during initialization (bsc#1051510). - ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit (bsc#1051510). - staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc (bsc#1051510). - stm class: Fix an endless loop in channel allocation (bsc#1051510). - stm class: Fix channel free in stm output free path (bsc#1051510). - stm class: Prevent division by zero (bsc#1051510). - stmmac: pci: Adjust IOT2000 matching (networking-stable-19_04_30). - supported.conf: Add openvswitch to kernel-default-base (bsc#1124839). - supported.conf: Add openvswitch to kernel-default-base (bsc#1124839). - switchtec: Fix unintended mask of MRPC event (git-fixes). - tcp: Ensure DCTCP reacts to losses (networking-stable-19_04_10). - tcp: add tcp_min_snd_mss sysctl (bsc#1137586). - tcp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28). - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586). - tcp: limit payload size of sacked skbs (bsc#1137586). - tcp: purge write queue in tcp_connect_init() (git-fixes). - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586). - tcp: tcp_grow_window() needs to respect tcp_space() (networking-stable-19_04_19). - team: fix possible recursive locking when add slaves (networking-stable-19_04_30). - team: set slave to promisc if team is already in promisc mode (bsc#1051510). - thermal/int340x_thermal: Add additional UUIDs (bsc#1051510). - thermal/int340x_thermal: fix mode setting (bsc#1051510). - thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power (bsc#1051510). - thunderx: eliminate extra calls to put_page() for pages held for recycling (networking-stable-19_03_28). - thunderx: enable page recycling for non-XDP case (networking-stable-19_03_28). - tipc: fix hanging clients using poll with EPOLLOUT flag (git-fixes). - tipc: missing entries in name table of publications (networking-stable-19_04_19). - tools lib traceevent: Fix missing equality check for strcmp (bsc#1129770). - tracing: Fix partial reading of trace event's id file (bsc#1136573). - treewide: Use DEVICE_ATTR_WO (bsc#1137739). - tty: increase the default flip buffer limit to 2*640K (bsc#1051510). - tty: pty: Fix race condition between release_one_tty and pty_write (bsc#1051510). - tty: serial_core, add ->install (bnc#1129693). - tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if blankinterval == 0 (bsc#1051510). - tun: add a missing rcu_read_unlock() in error path (networking-stable-19_03_28). - tun: properly test for IFF_UP (networking-stable-19_03_28). - uas: fix alignment of scatter/gather segments (bsc#1129770). - udp: use indirect call wrappers for GRO socket lookup (bsc#1124503). - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour (bsc#1135323). - usb-storage: Set virt_boundary_mask to avoid SG overflows (bsc#1051510). - usb: cdc-acm: fix unthrottle races (bsc#1051510). - usb: core: Fix bug caused by duplicate interface PM usage counter (bsc#1051510). - usb: core: Fix unterminated string returned by usb_string() (bsc#1051510). - usb: dwc3: Fix default lpm_nyet_threshold value (bsc#1051510). - usb: gadget: net2272: Fix net2272_dequeue() (bsc#1051510). - usb: gadget: net2280: Fix net2280_dequeue() (bsc#1051510). - usb: gadget: net2280: Fix overrun of OUT messages (bsc#1051510). - usb: serial: f81232: fix interrupt worker not stop (bsc#1051510). - usb: serial: fix unthrottle races (bsc#1051510). - usb: u132-hcd: fix resource leak (bsc#1051510). - usb: usb251xb: fix to avoid potential NULL pointer dereference (bsc#1051510). - usb: usbip: fix isoc packet num validation in get_pipe (bsc#1051510). - usb: w1 ds2490: Fix bug caused by improper use of altsetting array (bsc#1051510). - usb: yurex: Fix protection fault after device removal (bsc#1051510). - userfaultfd: use RCU to free the task struct when fork fails (git-fixes). - vfio/mdev: Avoid release parent reference during error path (bsc#1051510). - vfio/mdev: Fix aborting mdev child device removal if one fails (bsc#1051510). - vfio/pci: use correct format characters (bsc#1051510). - vfio_pci: Enable memory accesses before calling pci_map_rom (bsc#1051510). - vhost/vsock: fix reset orphans race with close timeout (bsc#1051510). - vhost: reject zero size iova range (networking-stable-19_04_19). - virtio-blk: limit number of hw queues by nr_cpu_ids (bsc#1051510). - virtio: Honour 'may_reduce_num' in vring_create_virtqueue (bsc#1051510). - virtio_pci: fix a NULL pointer reference in vp_del_vqs (bsc#1051510). - vrf: check accept_source_route on the original netdevice (networking-stable-19_04_10). - vsock/virtio: Initialize core virtio vsock before registering the driver (bsc#1051510). - vsock/virtio: fix kernel panic after device hot-unplug (bsc#1051510). - vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock (bsc#1051510). - vsock/virtio: reset connected sockets on device removal (bsc#1051510). - vt: always call notifier with the console lock held (bsc#1051510). - vxlan: Do not call gro_cells_destroy() before device is unregistered (networking-stable-19_03_28). - x86/speculation/mds: Fix documentation typo (bsc#1135642). - x86_64: Add gap to int3 to allow for call emulation (bsc#1099658). - x86_64: Allow breakpoints to emulate call instructions (bsc#1099658). - xenbus: drop useless LIST_HEAD in xenbus_write_watch() and xenbus_file_write() (bsc#1065600). - xfrm6: avoid potential infinite loop in _decode_session6() (git-fixes). - xfrm6: call kfree_skb when skb is toobig (git-fixes). - xfrm: Fix stack-out-of-bounds read on socket policy lookup (git-fixes). - xfrm: Return error on unknown encap_type in init_state (git-fixes). - xfrm: Validate address prefix lengths in the xfrm selector (git-fixes). - xfrm: fix 'passing zero to ERR_PTR()' warning (git-fixes). - xfrm: fix missing dst_release() after policy blocking lbcast and multicast (git-fixes). - xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) (git-fixes). - xfrm: reset crypto_done when iterating over multiple input xfrms (git-fixes). - xfrm: reset transport header back to network header after all input transforms ahave been applied (git-fixes). - xfrm_user: prevent leaking 2 bytes of kernel memory (git-fixes). - xfs: add log item pinning error injection tag (bsc#1114427). - xfs: buffer lru reference count error injection tag (bsc#1114427). - xfs: check _btree_check_block value (bsc#1123663). - xfs: convert drop_writes to use the errortag mechanism (bsc#1114427). - xfs: create block pointer check functions (bsc#1123663). - xfs: create inode pointer verifiers (bsc#1114427). - xfs: detect and fix bad summary counts at mount (bsc#1114427). - xfs: export _inobt_btrec_to_irec and _ialloc_cluster_alignment for scrub (bsc#1114427). - xfs: export various function for the online scrubber (bsc#1123663). - xfs: expose errortag knobs via sysfs (bsc#1114427). - xfs: fix unused variable warning in xfs_buf_set_ref() (bsc#1114427). - xfs: force summary counter recalc at next mount (bsc#1114427). - xfs: kill meaningless variable 'zero' (bsc#1106011). - xfs: make errortag a per-mountpoint structure (bsc#1123663). - xfs: move error injection tags into their own file (bsc#1114427). - xfs: prepare xfs_break_layouts() for another layout type (bsc#1106011). - xfs: prepare xfs_break_layouts() to be called with XFS_MMAPLOCK_EXCL (bsc#1106011). - xfs: refactor btree block header checking functions (bsc#1123663). - xfs: refactor btree pointer checks (bsc#1123663). - xfs: refactor unmount record write (bsc#1114427). - xfs: remove unneeded parameter from XFS_TEST_ERROR (bsc#1123663). - xfs: remove xfs_zero_range (bsc#1106011). - xfs: rename MAXPATHLEN to XFS_SYMLINK_MAXLEN (bsc#1123663). - xfs: replace log_badcrc_factor knob with error injection tag (bsc#1114427). - xfs: sanity-check the unused space before trying to use it (bsc#1123663). - xfs: serialize unaligned dio writes against all other dio writes (bsc#1134936). Important SUSE bug 1012382 SUSE bug 1050242 SUSE bug 1051510 SUSE bug 1053043 SUSE bug 1056787 SUSE bug 1058115 SUSE bug 1063638 SUSE bug 1064802 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1066129 SUSE bug 1068546 SUSE bug 1071995 SUSE bug 1075020 SUSE bug 1082387 SUSE bug 1083647 SUSE bug 1085535 SUSE bug 1099658 SUSE bug 1103992 SUSE bug 1104353 SUSE bug 1104427 SUSE bug 1106011 SUSE bug 1106284 SUSE bug 1108838 SUSE bug 1110946 SUSE bug 1111696 SUSE bug 1112063 SUSE bug 1113722 SUSE bug 1114427 SUSE bug 1114893 SUSE bug 1115688 SUSE bug 1117158 SUSE bug 1117561 SUSE bug 1118139 SUSE bug 1119843 SUSE bug 1120091 SUSE bug 1120423 SUSE bug 1120566 SUSE bug 1120843 SUSE bug 1120902 SUSE bug 1122776 SUSE bug 1123454 SUSE bug 1123663 SUSE bug 1124503 SUSE bug 1124839 SUSE bug 1126356 SUSE bug 1127616 SUSE bug 1128052 SUSE bug 1128904 SUSE bug 1128905 SUSE bug 1128979 SUSE bug 1129138 SUSE bug 1129497 SUSE bug 1129693 SUSE bug 1129770 SUSE bug 1129848 SUSE bug 1129857 SUSE bug 1130409 SUSE bug 1130699 SUSE bug 1130972 SUSE bug 1131451 SUSE bug 1131488 SUSE bug 1131565 SUSE bug 1131673 SUSE bug 1132044 SUSE bug 1132894 SUSE bug 1133176 SUSE bug 1133188 SUSE bug 1133190 SUSE bug 1133320 SUSE bug 1133612 SUSE bug 1133616 SUSE bug 1134160 SUSE bug 1134162 SUSE bug 1134199 SUSE bug 1134200 SUSE bug 1134201 SUSE bug 1134202 SUSE bug 1134203 SUSE bug 1134204 SUSE bug 1134205 SUSE bug 1134354 SUSE bug 1134393 SUSE bug 1134459 SUSE bug 1134460 SUSE bug 1134461 SUSE bug 1134537 SUSE bug 1134591 SUSE bug 1134597 SUSE bug 1134607 SUSE bug 1134651 SUSE bug 1134671 SUSE bug 1134760 SUSE bug 1134806 SUSE bug 1134810 SUSE bug 1134813 SUSE bug 1134848 SUSE bug 1134936 SUSE bug 1135006 SUSE bug 1135007 SUSE bug 1135008 SUSE bug 1135056 SUSE bug 1135100 SUSE bug 1135120 SUSE bug 1135278 SUSE bug 1135281 SUSE bug 1135309 SUSE bug 1135312 SUSE bug 1135314 SUSE bug 1135315 SUSE bug 1135316 SUSE bug 1135320 SUSE bug 1135323 SUSE bug 1135330 SUSE bug 1135492 SUSE bug 1135542 SUSE bug 1135556 SUSE bug 1135603 SUSE bug 1135642 SUSE bug 1135661 SUSE bug 1135758 SUSE bug 1136206 SUSE bug 1136424 SUSE bug 1136428 SUSE bug 1136430 SUSE bug 1136432 SUSE bug 1136434 SUSE bug 1136435 SUSE bug 1136438 SUSE bug 1136439 SUSE bug 1136477 SUSE bug 1136478 SUSE bug 1136573 SUSE bug 1136586 SUSE bug 1136881 SUSE bug 1136935 SUSE bug 1136990 SUSE bug 1137151 SUSE bug 1137152 SUSE bug 1137153 SUSE bug 1137162 SUSE bug 1137372 SUSE bug 1137444 SUSE bug 1137586 SUSE bug 1137739 SUSE bug 1137752 CVE-2018-7191 CVE-2019-10124 CVE-2019-11085 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11486 CVE-2019-11487 CVE-2019-11815 CVE-2019-11833 CVE-2019-11884 CVE-2019-12382 CVE-2019-3846 CVE-2019-5489 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to 4.12.14 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. - CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power. - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) - CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel There was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) - CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM existed. It could have occured with FUSE requests. (bnc#1133190) - CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) - CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) - CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603) - CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access. (bnc#1135278) - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a hidPCONNADD command, because a name field may not end with a '\0' character. (bnc#1134848) - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions. (bnc#1133188) The following non-security bugs were fixed: - 9p locks: add mount option for lock retry interval (bsc#1051510). - acpi: button: reinitialize button state upon resume (bsc#1051510). - acpica: AML interpreter: add region addresses in global list during initialization (bsc#1051510). - acpica: Namespace: remove address node from global list after method termination (bsc#1051510). - acpi: fix menuconfig presentation of ACPI submenu (bsc#1117158). - acpi / utils: Drop reference in test for device presence (bsc#1051510). - alsa: core: Do not refer to snd_cards array directly (bsc#1051510). - alsa: emu10k1: Drop superfluous id-uniquification behavior (bsc#1051510). - alsa: hda/hdmi - Consider eld_valid when reporting jack event (bsc#1051510). - alsa: hda/hdmi - Read the pin sense from register when repolling (bsc#1051510). - alsa: hda/realtek - Avoid superfluous COEF EAPD setups (bsc#1051510). - alsa: hda/realtek - Corrected fixup for System76 Gazelle (gaze14) (bsc#1051510). - alsa: hda/realtek - EAPD turn on later (bsc#1051510). - alsa: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug (bsc#1051510). - alsa: hda/realtek - Fixup headphone noise via runtime suspend (bsc#1051510). - alsa: hda/realtek - Improve the headset mic for Acer Aspire laptops (bsc#1051510). - alsa: hda - Register irq handler after the chip initialization (bsc#1051510). - alsa: hda - Use a macro for snd_array iteration loops (bsc#1051510). - alsa: hdea/realtek - Headset fixup for System76 Gazelle (gaze14) (bsc#1051510). - alsa: line6: Avoid polluting led_* namespace (bsc#1051510). - alsa: seq: Align temporary re-locking with irqsave version (bsc#1051510). - alsa: seq: Correct unlock sequence at snd_seq_client_ioctl_unlock() (bsc#1051510). - alsa: seq: Cover unsubscribe_port() in list_mutex (bsc#1051510). - alsa: seq: Fix race of get-subscription call vs port-delete ioctls (bsc#1051510). - alsa: seq: Protect in-kernel ioctl calls with mutex (bsc#1051510). - alsa: seq: Protect racy pool manipulation from OSS sequencer (bsc#1051510). - alsa: seq: Remove superfluous irqsave flags (bsc#1051510). - alsa: seq: Simplify snd_seq_kernel_client_enqueue() helper (bsc#1051510). - alsa: timer: Check ack_list emptiness instead of bit flag (bsc#1051510). - alsa: timer: Coding style fixes (bsc#1051510). - alsa: timer: Make snd_timer_close() really kill pending actions (bsc#1051510). - alsa: timer: Make sure to clear pending ack list (bsc#1051510). - alsa: timer: Revert active callback sync check at close (bsc#1051510). - alsa: timer: Simplify error path in snd_timer_open() (bsc#1051510). - alsa: timer: Unify timer callback process code (bsc#1051510). - alsa: usb-audio: Fix a memory leak bug (bsc#1051510). - alsa: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk() (bsc#1051510). - alsa: usx2y: fix a double free bug (bsc#1051510). - appletalk: Fix compile regression (bsc#1051510). - appletalk: Fix use-after-free in atalk_proc_exit (bsc#1051510). - arch: arm64: acpi: KABI ginore includes (bsc#1117158 bsc#1134671). - arm64: acpi: fix alignment fault in accessing ACPI (bsc#1117158). - arm64: Export save_stack_trace_tsk() (jsc#SLE-4214). - arm64: fix ACPI dependencies (bsc#1117158). - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (bsc#1117158). - arm: 8824/1: fix a migrating irq bug when hotplug cpu (bsc#1051510). - arm: 8833/1: Ensure that NEON code always compiles with Clang (bsc#1051510). - arm: 8839/1: kprobe: make patch_lock a raw_spinlock_t (bsc#1051510). - arm: 8840/1: use a raw_spinlock_t in unwind (bsc#1051510). - arm: avoid Cortex-A9 livelock on tight dmb loops (bsc#1051510). - arm: imx6q: cpuidle: fix bug that CPU might not wake up at expected time (bsc#1051510). - arm: iop: do not use using 64-bit DMA masks (bsc#1051510). - arm: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug (bsc#1051510). - arm: OMAP2+: Variable 'reg' in function omap4_dsi_mux_pads() could be uninitialized (bsc#1051510). - arm: orion: do not use using 64-bit DMA masks (bsc#1051510). - arm: pxa: ssp: unneeded to free devm_ allocated data (bsc#1051510). - arm: s3c24xx: Fix boolean expressions in osiris_dvs_notify (bsc#1051510). - arm: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms (bsc#1051510). - asoc: cs4270: Set auto-increment bit for register writes (bsc#1051510). - asoc: fix valid stream condition (bsc#1051510). - asoc: fsl_esai: Fix missing break in switch statement (bsc#1051510). - asoc: hdmi-codec: fix S/PDIF DAI (bsc#1051510). - asoc: Intel: avoid Oops if DMA setup fails (bsc#1051510). - asoc: max98090: Fix restore of DAPM Muxes (bsc#1051510). - asoc: nau8810: fix the issue of widget with prefixed name (bsc#1051510). - asoc: nau8824: fix the issue of the widget with prefix name (bsc#1051510). - asoc: RT5677-SPI: Disable 16Bit SPI Transfers (bsc#1051510). - asoc: samsung: odroid: Fix clock configuration for 44100 sample rate (bsc#1051510). - asoc:soc-pcm:fix a codec fixup issue in TDM case (bsc#1051510). - asoc: stm32: fix sai driver name initialisation (bsc#1051510). - asoc: tlv320aic32x4: Fix Common Pins (bsc#1051510). - asoc: wm_adsp: Add locking to wm_adsp2_bus_error (bsc#1051510). - at76c50x-usb: Do not register led_trigger if usb_register_driver failed (bsc#1051510). - audit: fix a memleak caused by auditing load module (bsc#1051510). - b43: shut up clang -Wuninitialized variable warning (bsc#1051510). - backlight: lm3630a: Return 0 on success in update_status functions (bsc#1051510). - bcache: account size of buckets used in uuid write to ca->meta_sectors_written (bsc#1130972). - bcache: add a comment in super.c (bsc#1130972). - bcache: add code comments for bset.c (bsc#1130972). - bcache: add comment for cache_set->fill_iter (bsc#1130972). - bcache: add identifier names to arguments of function definitions (bsc#1130972). - bcache: add missing SPDX header (bsc#1130972). - bcache: add MODULE_DESCRIPTION information (bsc#1130972). - bcache: add separate workqueue for journal_write to avoid deadlock (bsc#1130972). - bcache: add static const prefix to char * array declarations (bsc#1130972). - bcache: add sysfs_strtoul_bool() for setting bit-field variables (bsc#1130972). - bcache: add the missing comments for smp_mb()/smp_wmb() (bsc#1130972). - bcache: cannot set writeback_running via sysfs if no writeback kthread created (bsc#1130972). - bcache: correct dirty data statistics (bsc#1130972). - bcache: do not assign in if condition in bcache_init() (bsc#1130972). - bcache: do not assign in if condition register_bcache() (bsc#1130972). - bcache: do not check if debug dentry is ERR or NULL explicitly on remove (bsc#1130972). - bcache: do not check NULL pointer before calling kmem_cache_destroy (bsc#1130972). - bcache: do not clone bio in bch_data_verify (bsc#1130972). - bcache: do not mark writeback_running too early (bsc#1130972). - bcache: export backing_dev_name via sysfs (bsc#1130972). - bcache: export backing_dev_uuid via sysfs (bsc#1130972). - bcache: fix code comments style (bsc#1130972). - bcache: fix indentation issue, remove tabs on a hunk of code (bsc#1130972). - bcache: fix indent by replacing blank by tabs (bsc#1130972). - bcache: fix input integer overflow of congested threshold (bsc#1130972). - bcache: fix input overflow to cache set io_error_limit (bsc#1130972). - bcache: fix input overflow to cache set sysfs file io_error_halflife (bsc#1130972). - bcache: fix input overflow to journal_delay_ms (bsc#1130972). - bcache: fix input overflow to sequential_cutoff (bsc#1130972). - bcache: fix input overflow to writeback_delay (bsc#1130972). - bcache: fix input overflow to writeback_rate_minimum (bsc#1130972). - bcache: fix ioctl in flash device (bsc#1130972). - bcache: fix mistaken code comments in bcache.h (bsc#1130972). - bcache: fix mistaken comments in request.c (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_i_term_inverse (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_p_term_inverse (bsc#1130972). - bcache: fix typo in code comments of closure_return_with_destructor() (bsc#1130972). - bcache: fix typo 'succesfully' to 'successfully' (bsc#1130972). - bcache: improve sysfs_strtoul_clamp() (bsc#1130972). - bcache: introduce force_wake_up_gc() (bsc#1130972). - bcache: make cutoff_writeback and cutoff_writeback_sync tunable (bsc#1130972). - bcache: Move couple of functions to sysfs.c (bsc#1130972). - bcache: Move couple of string arrays to sysfs.c (bsc#1130972). - bcache: move open brace at end of function definitions to next line (bsc#1130972). - bcache: never writeback a discard operation (bsc#1130972). - bcache: not use hard coded memset size in bch_cache_accounting_clear() (bsc#1130972). - bcache: option to automatically run gc thread after writeback (bsc#1130972). - bcache: panic fix for making cache device (bsc#1130972). - bcache: Populate writeback_rate_minimum attribute (bsc#1130972). - bcache: prefer 'help' in Kconfig (bsc#1130972). - bcache: print number of keys in trace_bcache_journal_write (bsc#1130972). - bcache: recal cached_dev_sectors on detach (bsc#1130972). - bcache: remove unnecessary space before ioctl function pointer arguments (bsc#1130972). - bcache: remove unused bch_passthrough_cache (bsc#1130972). - bcache: remove useless parameter of bch_debug_init() (bsc#1130972). - bcache: Replace bch_read_string_list() by __sysfs_match_string() (bsc#1130972). - bcache: replace hard coded number with BUCKET_GC_GEN_MAX (bsc#1130972). - bcache: replace '%pF' by '%pS' in seq_printf() (bsc#1130972). - bcache: replace printk() by pr_*() routines (bsc#1130972). - bcache: replace Symbolic permissions by octal permission numbers (bsc#1130972). - bcache: set writeback_percent in a flexible range (bsc#1130972). - bcache: split combined if-condition code into separate ones (bsc#1130972). - bcache: stop bcache device when backing device is offline (bsc#1130972). - bcache: stop using the deprecated get_seconds() (bsc#1130972). - bcache: style fixes for lines over 80 characters (bsc#1130972). - bcache: style fix to add a blank line after declarations (bsc#1130972). - bcache: style fix to replace 'unsigned' by 'unsigned int' (bsc#1130972). - bcache: treat stale dirty keys as bad keys (bsc#1130972). - bcache: trivial - remove tailing backslash in macro BTREE_FLAG (bsc#1130972). - bcache: update comment for bch_data_insert (bsc#1130972). - bcache: update comment in sysfs.c (bsc#1130972). - bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set (bsc#1130972). - bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata (bsc#1130972). - bcache: use REQ_PRIO to indicate bio for metadata (bsc#1130972). - bcache: use routines from lib/crc64.c for CRC64 calculation (bsc#1130972). - bcache: use sysfs_strtoul_bool() to set bit-field variables (bsc#1130972). - block: check_events: do not bother with events if unsupported (bsc#1110946, bsc#1119843). - block: disk_events: introduce event flags (bsc#1110946, bsc#1119843). - block: do not leak memory in bio_copy_user_iov() (bsc#1135309). - block: Do not revalidate bdev of hidden gendisk (bsc#1120091). - block: fix the return errno for direct IO (bsc#1135320). - block: fix use-after-free on gendisk (bsc#1135312). - bluetooth: Align minimum encryption key size for LE and BR/EDR connections (bsc#1051510). - bluetooth: Check key sizes only when Secure Simple Pairing is enabled (bsc#1135556). - bluetooth: hidp: fix buffer overflow (bsc#1051510). - bnxt_en: Free short FW command HWRM memory in error path in bnxt_init_one() (bsc#1050242). - bnxt_en: Improve multicast address setup logic (networking-stable-19_05_04). - bnxt_en: Improve RX consumer index validity check (networking-stable-19_04_10). - bnxt_en: Reset device on RX buffer errors (networking-stable-19_04_10). - bonding: fix event handling for stacked bonds (networking-stable-19_04_19). - bpf: add map_lookup_elem_sys_only for lookups from syscall side (bsc#1083647). - bpf: Add missed newline in verifier verbose log (bsc#1056787). - bpf, lru: avoid messing with eviction heuristics upon syscall lookup (bsc#1083647). - brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() (bsc#1051510). - btrfs: add a helper to return a head ref (bsc#1134813). - btrfs: breakout empty head cleanup to a helper (bsc#1134813). - btrfs: delayed-ref: Introduce better documented delayed ref structures (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: do not allow trimming when a fs is mounted with the nologreplay option (bsc#1135758). - btrfs: do not double unlock on error in btrfs_punch_hole (bsc#1136881). - btrfs: Do not panic when we can't find a root key (bsc#1112063). - btrfs: extent-tree: Fix a bug that btrfs is unable to add pinned bytes (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Open-code process_func in __btrfs_mod_ref (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor add_pinned_bytes() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_free_extent() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_inc_extent_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: Factor out common delayed refs init code (bsc#1134813). - btrfs: fix fsync not persisting changed attributes of a directory (bsc#1137151). - btrfs: fix race between ranged fsync and writeback of adjacent ranges (bsc#1136477). - btrfs: fix race updating log root item during fsync (bsc#1137153). - btrfs: fix wrong ctime and mtime of a directory after log replay (bsc#1137152). - btrfs: improve performance on fsync of files with multiple hardlinks (bsc#1123454). - btrfs: Introduce init_delayed_ref_head (bsc#1134813). - btrfs: move all ref head cleanup to the helper function (bsc#1134813). - btrfs: move extent_op cleanup to a helper (bsc#1134813). - btrfs: move ref_mod modification into the if (ref) logic (bsc#1134813). - btrfs: Open-code add_delayed_data_ref (bsc#1134813). - btrfs: Open-code add_delayed_tree_ref (bsc#1134813). - btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer dereference (bsc#1134806). - btrfs: qgroup: Do not scan leaf if we're modifying reloc tree (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: qgroup: Move reserved data accounting from btrfs_delayed_ref_head to btrfs_qgroup_extent_record (bsc#1134162). - btrfs: qgroup: Remove duplicated trace points for qgroup_rsv_add/release (bsc#1134160). - btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON() (bsc#1133612). - btrfs: remove delayed_ref_node from ref_head (bsc#1134813). - btrfs: send, flush dellaloc in order to avoid data loss (bsc#1133320). - btrfs: split delayed ref head initialization and addition (bsc#1134813). - btrfs: track refs in a rb_tree instead of a list (bsc#1134813). - btrfs: tree-checker: detect file extent items with overlapping ranges (bsc#1136478). - btrfs: Use init_delayed_ref_common in add_delayed_data_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_head in add_delayed_ref_head (bsc#1134813). - ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134461). - ceph: fix ci->i_head_snapc leak (bsc#1122776). - ceph: fix use-after-free on symlink traversal (bsc#1134459). - ceph: only use d_name directly when parent is locked (bsc#1134460). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565). - clk: rockchip: Fix video codec clocks on rk3288 (bsc#1051510). - clk: rockchip: fix wrong clock definitions for rk3328 (bsc#1051510). - configfs: fix possible use-after-free in configfs_register_group (bsc#1051510). - configfs: Fix use-after-free when accessing sd->s_dentry (bsc#1051510). - crypto: arm/aes-neonbs - do not access already-freed walk.iv (bsc#1051510). - crypto: caam - fix caam_dump_sg that iterates through scatterlist (bsc#1051510). - crypto: ccm - fix incompatibility between 'ccm' and 'ccm_base' (bsc#1051510). - crypto: ccp - Do not free psp_master when PLATFORM_INIT fails (bsc#1051510). - crypto: chacha20poly1305 - set cra_name correctly (bsc#1051510). - crypto: crct10dif-generic - fix use via crypto_shash_digest() (bsc#1051510). - crypto: fips - Grammar s/options/option/, s/to/the/ (bsc#1051510). - crypto: gcm - fix incompatibility between 'gcm' and 'gcm_base' (bsc#1051510). - crypto: skcipher - do not WARN on unprocessed data after slow walk step (bsc#1051510). - crypto: sun4i-ss - Fix invalid calculation of hash end (bsc#1051510). - crypto: vmx - CTR: always increment IV as quadword (bsc#1051510). - crypto: vmx - fix copy-paste error in CTR mode (bsc#1051510). - crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661, bsc#1137162). - crypto: vmx - return correct error code on failed setkey (bsc#1135661, bsc#1137162). - crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest() (bsc#1051510). - dccp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28). - dccp: Fix memleak in __feat_register_sp (bsc#1051510). - debugfs: fix use-after-free on symlink traversal (bsc#1051510). - devres: Align data[] to ARCH_KMALLOC_MINALIGN (bsc#1051510). - dmaengine: axi-dmac: Do not check the number of frames for alignment (bsc#1051510). - dmaengine: tegra210-dma: free dma controller in remove() (bsc#1051510). - documentation: Add MDS vulnerability documentation (bsc#1135642). - drivers: acpi: add dependency of EFI for arm64 (bsc#1117158). - drm/bridge: adv7511: Fix low refresh rate selection (bsc#1051510). - drm/etnaviv: lock MMU while dumping core (bsc#1113722) - drm/fb-helper: dpms_legacy(): Only set on connectors in use (bsc#1051510). - drm/i915: Disable LP3 watermarks on all SNB machines (bsc#1051510). - drm/i915: Downgrade Gen9 Plane WM latency error (bsc#1051510). - drm/i915/fbc: disable framebuffer compression on GeminiLake (bsc#1051510). - drm/i915: Fix I915_EXEC_RING_MASK (bsc#1051510). - drm/i915/gvt: add 0x4dfc to gen9 save-restore list (bsc#1113722) - drm/i915/gvt: do not let TRTTE and 0x4dfc write passthrough to hardware (bsc#1051510). - drm/i915/gvt: Fix cmd length of VEB_DI_IECP (bsc#1113722) - drm/i915/gvt: Fix incorrect mask of mmio 0x22028 in gen8/9 mmio list (bnc#1113722) - drm/i915/gvt: refine ggtt range validation (bsc#1113722) - drm/i915/gvt: Tiled Resources mmios are in-context mmios for gen9+ (bsc#1113722) - drm/imx: do not skip DP channel disable for background plane (bsc#1051510). - drm/mediatek: fix possible object reference leak (bsc#1051510). - drm/meson: add size and alignment requirements for dumb buffers (bnc#1113722) - drm/nouveau/i2c: Disable i2c bus access after ->fini() (bsc#1113722) - drm/rockchip: fix for mailbox read validation (bsc#1051510). - drm/rockchip: shutdown drm subsystem on shutdown (bsc#1051510). - drm/sun4i: rgb: Change the pixel clock validation check (bnc#1113722) - drm/ttm: Remove warning about inconsistent mapping information (bnc#1131488) - drm/vmwgfx: Do not send drm sysfs hotplug events on initial master set (bsc#1051510). - drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read (bsc#1051510). - drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() (bsc#1113722) - dt-bindings: clock: r8a7795: Remove CSIREF clock (bsc#1120902). - dt-bindings: clock: r8a7796: Remove CSIREF clock (bsc#1120902). - dt-bindings: net: Add binding for the external clock for TI WiLink (bsc#1085535). - dt-bindings: net: Fix a typo in the phy-mode list for ethernet bindings (bsc#1129770). - dt-bindings: rtc: sun6i-rtc: Fix register range in example (bsc#1120902). - dwc2: gadget: Fix completed transfer size calculation in DDMA (bsc#1051510). - efi: add API to reserve memory persistently across kexec reboot (bsc#1117158). - efi/arm: Defer persistent reservations until after paging_init() (bsc#1117158). - efi/arm: Do not mark ACPI reclaim memory as MEMBLOCK_NOMAP (bsc#1117158 bsc#1115688 bsc#1120566). - efi/arm: libstub: add a root memreserve config table (bsc#1117158). - efi/arm: map UEFI memory map even w/o runtime services enabled (bsc#1117158). - efi/arm: preserve early mapping of UEFI memory map longer for BGRT (bsc#1117158). - efi/arm: Revert 'Defer persistent reservations until after paging_init()' (bsc#1117158). - efi/arm: Revert deferred unmap of early memmap mapping (bsc#1117158). - efi: honour memory reservations passed via a linux specific config table (bsc#1117158). - efi: Permit calling efi_mem_reserve_persistent() from atomic context (bsc#1117158). - efi: Permit multiple entries in persistent memreserve data structure (bsc#1117158). - efi: Prevent GICv3 WARN() by mapping the memreserve table before first use (bsc#1117158). - efi: Reduce the amount of memblock reservations for persistent allocations (bsc#1117158). - ext4: actually request zeroing of inode table after grow (bsc#1135315). - ext4: avoid panic during forced reboot due to aborted journal (bsc#1126356). - ext4: Do not warn when enabling DAX (bsc#1132894). - ext4: fix data corruption caused by overlapping unaligned and aligned IO (bsc#1136428). - ext4: fix ext4_show_options for file systems w/o journal (bsc#1135316). - ext4: fix use-after-free race with debug_want_extra_isize (bsc#1135314). - ext4: make sanity check in mballoc more strict (bsc#1136439). - ext4: wait for outstanding dio during truncate in nojournal mode (bsc#1136438). - fbdev: fix divide error in fb_var_to_videomode (bsc#1113722) - fbdev: fix WARNING in __alloc_pages_nodemask bug (bsc#1113722) - firmware: efi: factor out mem_reserve (bsc#1117158 bsc#1134671). - fix rtnh_ok() (git-fixes). - fs/sync.c: sync_file_range(2) may use WB_SYNC_ALL writeback (bsc#1136432). - fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount (bsc#1136435). - ftrace/x86_64: Emulate call function while updating in breakpoint handler (bsc#1099658). - genetlink: Fix a memory leak on error path (networking-stable-19_03_28). - ghes, EDAC: Fix ghes_edac registration (bsc#1133176). - git_sort: add crypto maintainer tree. - git-sort: Always explicitely handle a pygit2 import error As pointed out by Michal Suchanek, the limitation in commit 6d67b1042a73 ('series_sort: Catch pygit2 import failure.') is wrong; given that there is no explicit installation step of the git-sort scripts and that they are 'just there' in the kernel-source repository, every user-callable script needs to check that the user followed installation requirements. - git-sort: Handle new pygit2.discover_repository behavior A consequence of pygit2 commit c32ee0c25384 ('Now discover_repository returns None if repo not found'). - git-sort: Move mainline remote check to series_sort git_sort can be used on any git repository. series_sort() OTOH expects the reference repository to be a clone of the mainline Linux kernel repository. Move the warning accordingly and make it an error since further operations would fail. Fixes: 027d52475873 ('scripts: git_sort: Warn about missing upstream repo') - git-sort: README: Add information about how to report problems - gpio: aspeed: fix a potential NULL pointer dereference (bsc#1051510). - gpu: ipu-v3: dp: fix CSC handling (bsc#1051510). - hid: debug: fix race condition with between rdesc_show() and device removal (bsc#1051510). - hid: input: add mapping for Assistant key (bsc#1051510). - hid: input: add mapping for Expose/Overview key (bsc#1051510). - hid: input: add mapping for keyboard Brightness Up/Down/Toggle keys (bsc#1051510). - hid: input: add mapping for 'Toggle Display' key (bsc#1051510). - hid: logitech: check the return value of create_singlethread_workqueue (bsc#1051510). - hwmon: (f71805f) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (pc87427) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (vt1211) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses (bsc#1051510). - ibmvnic: Add device identification to requested IRQs (bsc#1137739). - ibmvnic: Do not close unopened driver during reset (bsc#1137752). - ibmvnic: Fix unchecked return codes of memory allocations (bsc#1137752). - ibmvnic: Refresh device multicast list after reset (bsc#1137752). - ibmvnic: remove set but not used variable 'netdev' (bsc#1137739). - igmp: fix incorrect unsolicit report count when join group (git-fixes). - iio: adc: xilinx: fix potential use-after-free on remove (bsc#1051510). - indirect call wrappers: helpers to speed-up indirect calls of builtin (bsc#1124503). - inetpeer: fix uninit-value in inet_getpeer (git-fixes). - input: elan_i2c - add hardware ID for multiple Lenovo laptops (bsc#1051510). - input: introduce KEY_ASSISTANT (bsc#1051510). - input: synaptics-rmi4 - fix possible double free (bsc#1051510). - intel_th: msu: Fix single mode with IOMMU (bsc#1051510). - intel_th: pci: Add Comet Lake support (bsc#1051510). - iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel (bsc#1117158). - iommu/arm-smmu-v3: Do not disable SMMU in kdump kernel (bsc#1117158 bsc#1134671). - iommu/vt-d: Do not request page request irq under dmar_global_lock (bsc#1135006). - iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU (bsc#1135007). - iommu/vt-d: Set intel_iommu_gfx_mapped correctly (bsc#1135008). - ip6_tunnel: collect_md xmit: Use ip_tunnel_key's provided src address (git-fixes). - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type (networking-stable-19_04_10). - ipconfig: Correctly initialise ic_nameservers (bsc#1051510). - ip_gre: fix parsing gre header in ipgre_err (git-fixes). - ipmi:ssif: compare block number correctly for multi-part return messages (bsc#1051510). - ip_tunnel: Fix name string concatenate in __ip_tunnel_create() (git-fixes). - ipv4: add sanity checks in ipv4_link_failure() (git-fixes). - ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled (git-fixes). - ipv4: ensure rcu_read_lock() in ipv4_link_failure() (networking-stable-19_04_19). - ipv4: ip_do_fragment: Preserve skb_iif during fragmentation (networking-stable-19_05_04). - ipv4: recompile ip options in ipv4_link_failure (networking-stable-19_04_19). - ipv4: set the tcp_min_rtt_wlen range from 0 to one day (networking-stable-19_04_30). - ipv6: fix cleanup ordering for ip6_mr failure (git-fixes). - ipv6: fix cleanup ordering for pingv6 registration (git-fixes). - ipv6/flowlabel: wait rcu grace period before put_pid() (git-fixes). - ipv6: invert flowlabel sharing check in process and user mode (git-fixes). - ipv6: mcast: fix unsolicited report interval after receiving querys (git-fixes). - ipvlan: Add the skb->mark as flow4's member to lookup route (bsc#1051510). - ipvlan: fix ipv6 outbound device (bsc#1051510). - ipvlan: use ETH_MAX_MTU as max mtu (bsc#1051510). - ipvs: call ip_vs_dst_notifier earlier than ipv6_dev_notf (git-fixes). - ipvs: fix buffer overflow with sync daemon and service (git-fixes). - ipvs: fix check on xmit to non-local addresses (git-fixes). - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() (bsc#1051510). - ipvs: fix rtnl_lock lockups caused by start_sync_thread (git-fixes). - ipvs: Fix signed integer overflow when setsockopt timeout (bsc#1051510). - ipvs: fix stats update from local clients (git-fixes). - iw_cxgb4: only allow 1 flush on user qps (bsc#1051510). - jbd2: check superblock mapped prior to committing (bsc#1136430). - kabi: drop LINUX_MIB_TCPWQUEUETOOBIG snmp counter (bsc#1137586). - kabi: implement map_lookup_elem_sys_only in another way (bsc#1083647). - kabi: move sysctl_tcp_min_snd_mss to preserve struct net layout (bsc#1137586). - kABI: protect dma-mapping.h include (kabi). - kABI: protect functions using struct net_generic (bsc#1130409 LTC#176346). - kABI: protect ip_options_rcv_srr (kabi). - kABI: protect struct mlx5_td (kabi). - kABI: protect struct pci_dev (kabi). - kABI: protect struct smcd_dev (bsc#1130409 LTC#176346). - kABI: protect struct smc_ib_device (bsc#1130409 LTC#176346). - kABI: protect struct smc_link (bsc#1129857 LTC#176247). - kABI workaround for removed usb_interface.pm_usage_cnt field (bsc#1051510). - kABI workaround for snd_seq_kernel_client_enqueue() API changes (bsc#1051510). - kernel/signal.c: trace_signal_deliver when signal_group_exit (git-fixes). - kernel/sys.c: prctl: fix false positive in validate_prctl_map() (git-fixes). - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv (bsc#1051510). - kernel/sysctl.c: fix out-of-bounds access when setting file-max (bsc#1051510). - keys: safe concurrent user->{session,uid}_keyring access (bsc#1135642). - kmsg: Update message catalog to latest IBM level (2019/03/08) (bsc#1128904 LTC#176078). - kmsg: Update message catalog to latest IBM level (2019/03/08) (bsc#1128905 LTC#176077). - kvm: Fix UAF in nested posted interrupt processing (bsc#1134199). - kvm: nVMX: Clear reserved bits of #DB exit qualification (bsc#1134200). - kvm: nVMX: restore host state in nested_vmx_vmexit for VMFail (bsc#1134201). - kvm: s390: fix memory overwrites when not using SCA entries (bsc#1136206). - kvm: s390: provide io interrupt kvm_stat (bsc#1136206). - kvm: s390: use created_vcpus in more places (bsc#1136206). - kvm: s390: vsie: fix 8k check for the itdba (bsc#1136206). - kvm: VMX: Zero out *all* general purpose registers after VM-Exit (bsc#1134202). - kvm: x86: Always use 32-bit SMRAM save state for 32-bit kernels (bsc#1134203). - kvm: x86: Do not clear EFER during SMM transitions for 32-bit vCPU (bsc#1134204). - kvm: x86: svm: make sure NMI is injected after nmi_singlestep (bsc#1134205). - l2tp: cleanup l2tp_tunnel_delete calls (bsc#1051510). - l2tp: filter out non-PPP sessions in pppol2tp_tunnel_ioctl() (git-fixes). - l2tp: fix missing refcount drop in pppol2tp_tunnel_ioctl() (git-fixes). - l2tp: only accept PPP sessions in pppol2tp_connect() (git-fixes). - l2tp: prevent pppol2tp_connect() from creating kernel sockets (git-fixes). - l2tp: revert 'l2tp: fix missing print session offset info' (bsc#1051510). - leds: avoid races with workqueue (bsc#1051510). - leds: pwm: silently error out on EPROBE_DEFER (bsc#1051510). - lib: add crc64 calculation routines (bsc#1130972). - libata: fix using DMA buffers on stack (bsc#1051510). - lib: do not depend on linux headers being installed (bsc#1130972). - linux/kernel.h: Use parentheses around argument in u64_to_user_ptr() (bsc#1051510). - livepatch: Convert error about unsupported reliable stacktrace into a warning (bsc#1071995). - livepatch: Remove custom kobject state handling (bsc#1071995). - livepatch: Remove duplicated code for early initialization (bsc#1071995). - lpfc: validate command in lpfc_sli4_scmd_to_wqidx_distr() (bsc#1129138). - mac80211: fix memory accounting with A-MSDU aggregation (bsc#1051510). - mac80211: fix unaligned access in mesh table hash function (bsc#1051510). - mac8390: Fix mmio access size probe (bsc#1051510). - md: fix invalid stored role for a disk (bsc#1051510). - media: atmel: atmel-isc: fix INIT_WORK misplacement (bsc#1051510). - media: cx18: update *pos correctly in cx18_read_pos() (bsc#1051510). - media: cx23885: check allocation return (bsc#1051510). - media: davinci-isif: avoid uninitialized variable use (bsc#1051510). - media: davinci/vpbe: array underflow in vpbe_enum_outputs() (bsc#1051510). - media: ivtv: update *pos correctly in ivtv_read_pos() (bsc#1051510). - media: omap_vout: potential buffer overflow in vidioc_dqbuf() (bsc#1051510). - media: ov2659: fix unbalanced mutex_lock/unlock (bsc#1051510). - media: pvrusb2: Prevent a buffer overflow (bsc#1129770). - media: serial_ir: Fix use-after-free in serial_ir_init_module (bsc#1051510). - media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame (bsc#1051510). - media: vivid: use vfree() instead of kfree() for dev->bitmap_cap (bsc#1051510). - media: wl128x: Fix an error code in fm_download_firmware() (bsc#1051510). - media: wl128x: prevent two potential buffer overflows (bsc#1051510). - memcg: make it work on sparse non-0-node systems (bnc#1133616). - memcg: make it work on sparse non-0-node systems kabi (bnc#1133616). - mISDN: Check address length before reading address family (bsc#1051510). - mlxsw: spectrum: Fix autoneg status in ethtool (networking-stable-19_04_30). - mmc: block: Delete gendisk before cleaning up the request queue (bsc#1127616). - mmc: core: fix possible use after free of host (bsc#1051510). - mm: Fix buggy backport leading to MAP_SYNC failures (bsc#1137372) - mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned addresses (bsc#1135330). - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (bnc#1012382). - mount: copy the port field into the cloned nfs_server structure (bsc#1136990). - mtd: docg3: fix a possible memory leak of mtd->name (bsc#1051510). - mtd: docg3: Fix passing zero to 'PTR_ERR' warning in doc_probe_device (bsc#1051510). - mtd: nand: omap: Fix comment in platform data using wrong Kconfig symbol (bsc#1051510). - mtd: part: fix incorrect format specifier for an unsigned long long (bsc#1051510). - mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary on read/write (bsc#1129770). - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935). - mwifiex: Fix mem leak in mwifiex_tm_cmd (bsc#1051510). - mwifiex: Fix possible buffer overflows at parsing bss descriptor - mwifiex: prevent an array overflow (bsc#1051510). - mwl8k: Fix rate_idx underflow (bsc#1051510). - neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit (git-fixes). - net: aquantia: fix rx checksum offload for UDP/TCP over IPv6 (networking-stable-19_03_28). - net: atm: Fix potential Spectre v1 vulnerabilities (networking-stable-19_04_19). - net: avoid skb_warn_bad_offload on IS_ERR (git-fixes). - net: do not keep lonely packets forever in the gro hash (git-fixes). - net: dsa: bcm_sf2: fix buffer overflow doing set_rxnfc (networking-stable-19_05_04). - net: dsa: legacy: do not unmask port bitmaps (git-fixes). - net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT (git-fixes). - net: ena: fix return value of ena_com_config_llq_info() (bsc#1111696 bsc#1117561). - net: ethtool: not call vzalloc for zero sized memory request (networking-stable-19_04_10). - netfilter: bridge: Do not sabotage nf_hook calls from an l3mdev (git-fixes). - netfilter: bridge: ebt_among: add missing match size checks (git-fixes). - netfilter: bridge: ebt_among: add more missing match size checks (git-fixes). - netfilter: drop template ct when conntrack is skipped (git-fixes). - netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule (git-fixes). - netfilter: ebtables: handle string from userspace with care (git-fixes). - netfilter: ebtables: reject non-bridge targets (git-fixes). - netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel (git-fixes). - netfilter: nf_log: do not hold nf_log_mutex during user access (git-fixes). - netfilter: nf_log: fix uninit read in nf_log_proc_dostring (git-fixes). - netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v{4,6} (git-fixes). - netfilter: nf_tables: can't fail after linking rule into active rule list (git-fixes). - netfilter: nf_tables: check msg_type before nft_trans_set(trans) (git-fixes). - netfilter: nf_tables: fix leaking object reference count (git-fixes). - netfilter: nf_tables: fix NULL pointer dereference on nft_ct_helper_obj_dump() (git-fixes). - netfilter: nf_tables: release chain in flushing set (git-fixes). - netfilter: nft_compat: do not dump private area (git-fixes). - netfilter: x_tables: initialise match/target check parameter struct (git-fixes). - net: Fix a bug in removing queues from XPS map (git-fixes). - net: fix uninit-value in __hw_addr_add_ex() (git-fixes). - net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv (networking-stable-19_04_19). - net-gro: Fix GRO flush when receiving a GSO packet (networking-stable-19_04_10). - net: hns3: remove resetting check in hclgevf_reset_task_schedule (bsc#1104353 bsc#1135056). - net/ibmvnic: Remove tests of member address (bsc#1137739). - net/ibmvnic: Update carrier state after link state change (bsc#1135100). - net/ibmvnic: Update MAC address settings after adapter reset (bsc#1134760). - net: initialize skb->peeked when cloning (git-fixes). - net/ipv4: defensive cipso option parsing (git-fixes). - net/ipv6: do not reinitialize ndev->cnf.addr_gen_mode on new inet6_dev (git-fixes). - net/ipv6: fix addrconf_sysctl_addr_gen_mode (git-fixes). - net/ipv6: propagate net.ipv6.conf.all.addr_gen_mode to devices (git-fixes). - net/ipv6: reserve room for IFLA_INET6_ADDR_GEN_MODE (git-fixes). - netlink: fix uninit-value in netlink_sendmsg (git-fixes). - net: make skb_partial_csum_set() more robust against overflows (git-fixes). - net/mlx5: Decrease default mr cache size (networking-stable-19_04_10). - net/mlx5e: Add a lock on tir list (networking-stable-19_04_10). - net/mlx5e: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_04_30). - net/mlx5e: Fix trailing semicolon (bsc#1075020). - net/mlx5e: IPoIB, Reset QP after channels are closed (bsc#1075020). - net: phy: marvell: Fix buffer overrun with stats counters (networking-stable-19_05_04). - net: rds: exchange of 8K and 1M pool (networking-stable-19_04_30). - net: rose: fix a possible stack overflow (networking-stable-19_03_28). - net/rose: fix unbound loop in rose_loopback_timer() (networking-stable-19_04_30). - net/sched: act_sample: fix divide by zero in the traffic path (networking-stable-19_04_10). - net/sched: do not dereference a->goto_chain to read the chain index (bsc#1064802 bsc#1066129). - net/sched: fix ->get helper of the matchall cls (networking-stable-19_04_10). - net/smc: add pnet table namespace support (bsc#1130409 LTC#176346). - net/smc: add smcd support to the pnet table (bsc#1130409 LTC#176346). - net/smc: allow 16 byte pnetids in netlink policy (bsc#1129857 LTC#176247). - net/smc: allow pci IDs as ib device names in the pnet table (bsc#1130409 LTC#176346). - net/smc: allow pnetid-less configuration (bsc#1130409 LTC#176346). - net/smc: call smc_cdc_msg_send() under send_lock (bsc#1129857 LTC#176247). - net/smc: check connections in smc_lgr_free_work (bsc#1129857 LTC#176247). - net/smc: check for ip prefix and subnet (bsc#1134607 LTC#177518). - net/smc: check port_idx of ib event (bsc#1129857 LTC#176247). - net/smc: cleanup for smcr_tx_sndbuf_nonempty (bsc#1130409 LTC#176346). - net/smc: cleanup of get vlan id (bsc#1134607 LTC#177518). - net/smc: code cleanup smc_listen_work (bsc#1134607 LTC#177518). - net/smc: consolidate function parameters (bsc#1134607 LTC#177518). - net/smc: correct state change for peer closing (bsc#1129857 LTC#176247). - net/smc: delete rkey first before switching to unused (bsc#1129857 LTC#176247). - net/smc: do not wait for send buffer space when data was already sent (bsc#1129857 LTC#176247). - net/smc: do not wait under send_lock (bsc#1129857 LTC#176247). - net/smc: fallback to TCP after connect problems (bsc#1134607 LTC#177518). - net/smc: fix another sizeof to int comparison (bsc#1129857 LTC#176247). - net/smc: fix a NULL pointer dereference (bsc#1134607 LTC#177518). - net/smc: fix byte_order for rx_curs_confirmed (bsc#1129848 LTC#176249). - net/smc: fix return code from FLUSH command (bsc#1134607 LTC#177518). - net/smc: fix sender_free computation (bsc#1129857 LTC#176247). - net/smc: fix smc_poll in SMC_INIT state (bsc#1129848 LTC#176249). - net/smc: fix use of variable in cleared area (bsc#1129857 LTC#176247). - net/smc: improve smc_conn_create reason codes (bsc#1134607 LTC#177518). - net/smc: improve smc_listen_work reason codes (bsc#1134607 LTC#177518). - net/smc: move code to clear the conn->lgr field (bsc#1129857 LTC#176247). - net/smc: move unhash before release of clcsock (bsc#1134607 LTC#177518). - net/smc: move wake up of close waiter (bsc#1129857 LTC#176247). - net/smc: no delay for free tx buffer wait (bsc#1129857 LTC#176247). - net/smc: nonblocking connect rework (bsc#1134607 LTC#177518). - net/smc: postpone release of clcsock (bsc#1129857 LTC#176247). - net/smc: preallocated memory for rdma work requests (bsc#1129857 LTC#176247). - net/smc: prevent races between smc_lgr_terminate() and smc_conn_free() (bsc#1129857 LTC#176247). - net/smc: propagate file from SMC to TCP socket (bsc#1134607 LTC#177518). - net/smc: recvmsg and splice_read should return 0 after shutdown (bsc#1129857 LTC#176247). - net/smc: reduce amount of status updates to peer (bsc#1129857 LTC#176247). - net/smc: reset cursor update required flag (bsc#1129857 LTC#176247). - net/smc: rework pnet table (bsc#1130409 LTC#176346). - net/smc: unlock LGR pending lock earlier for SMC-D (bsc#1129857 LTC#176247). - net/smc: use client and server LGR pending locks for SMC-R (bsc#1129857 LTC#176247). - net/smc: use device link provided in qp_context (bsc#1129857 LTC#176247). - net/smc: use smc_curs_copy() for SMC-D (bsc#1129857 LTC#176247). - net/smc: wait for pending work before clcsock release_sock (bsc#1134607 LTC#177518). - net: socket: fix potential spectre v1 gadget in socketcall (git-fixes). - net: stmmac: fix memory corruption with large MTUs (networking-stable-19_03_28). - net: stmmac: move stmmac_check_ether_addr() to driver probe (networking-stable-19_04_30). - net: test tailroom before appending to linear skb (git-fixes). - net: thunderx: do not allow jumbo frames with XDP (networking-stable-19_04_19). - net: thunderx: raise XDP MTU to 1508 (networking-stable-19_04_19). - net: unbreak CONFIG_RETPOLINE=n builds (bsc#1124503). - net: use indirect call wrappers at GRO network layer (bsc#1124503). - net: use indirect call wrappers at GRO transport layer (bsc#1124503). - nfs: add module option to limit NFSv4 minor version (jsc#PM-231). - nfs: Update config files for NFSv4.2 Enable NFSv4.2 support - jsc@PM-231 This requires a module parameter for NFSv4.2 to actually be available on SLE12 and SLE15-SP0 - nfsv4.x: always serialize open/close operations (bsc#1114893). - nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands (bsc#1051510). - nvme: Do not remove namespaces during reset (bsc#1131673). - nvme: flush scan_work when resetting controller (bsc#1131673). - nvme-rdma: fix possible free of a non-allocated async event buffer (bsc#1120423). - objtool: Fix function fallthrough detection (bsc#1058115). - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget (bsc#1136434). - ocfs2: turn on OCFS2_FS_STATS setting(bsc#1134393) We need to turn on OCFS2_FS_STATS kernel configuration setting, to fix bsc#1134393. - of: fix clang -Wunsequenced for be32_to_cpu() (bsc#1135642). - omapfb: add missing of_node_put after of_device_is_available (bsc#1051510). - openvswitch: add seqadj extension when NAT is used (bsc#1051510). - openvswitch: fix flow actions reallocation (bsc#1051510). - p54: drop device reference count if fails to enable device (bsc#1135642). - packet: fix reserve calculation (git-fixes). - packet: in packet_snd start writing at link layer allocation (git-fixes). - packet: refine ring v3 block size test to hold one frame (git-fixes). - packet: reset network header if packet shorter than ll reserved space (git-fixes). - packets: Always register packet sk in the same order (networking-stable-19_03_28). - packet: validate msg_namelen in send directly (git-fixes). - pci: endpoint: Use EPC's device in dma_alloc_coherent()/dma_free_coherent() (git-fixes). - pci: Factor out pcie_retrain_link() function (git-fixes). - pci: Mark AMD Stoney Radeon R7 GPU ATS as broken (bsc#1051510). - pci: Mark Atheros AR9462 to avoid bus reset (bsc#1051510). - pci: Work around Pericom pcie-to-pci bridge Retrain Link erratum (git-fixes). - phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode (bsc#1051510). - platform/x86: alienware-wmi: printing the wrong error code (bsc#1051510). - platform/x86: dell-rbtn: Add missing #include (bsc#1051510). - platform/x86: intel_pmc_ipc: adding error handling (bsc#1051510). - platform/x86: intel_punit_ipc: Revert 'Fix resource ioremap warning' (bsc#1051510). - platform/x86: pmc_atom: Add Lex 3I380D industrial PC to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Add several Beckhoff Automation boards to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Drop __initconst on dmi table (bsc#1051510). - platform/x86: sony-laptop: Fix unintentional fall-through (bsc#1051510). - powerpc: Always initialize input array when calling epapr_hypercall() (bsc#1065729). - powerpc/eeh: Fix race with driver un/bind (bsc#1065729). - powerpc: Fix HMIs on big-endian with CONFIG_RELOCATABLE=y (bsc#1065729). - powerpc/msi: Fix NULL pointer access in teardown code (bsc#1065729). - powerpc/perf: Fix MMCRA corruption by bhrb_filter (bsc#1053043). - powerpc/powernv/idle: Restore IAMR after idle (bsc#1065729). - powerpc/process: Fix sparse address space warnings (bsc#1065729). - power: supply: axp20x_usb_power: Fix typo in VBUS current limit macros (bsc#1051510). - power: supply: axp288_charger: Fix unchecked return value (bsc#1051510). - proc/kcore: do not bounds check against address 0 (bsc#1051510). - proc: revalidate kernel thread inodes to root:root (bsc#1051510). - proc/sysctl: fix return error for proc_doulongvec_minmax() (bsc#1051510). - ptrace: take into account saved_sigmask in PTRACE{GET,SET}SIGMASK (git-fixes). - pwm: Fix deadlock warning when removing PWM device (bsc#1051510). - pwm: meson: Consider 128 a valid pre-divider (bsc#1051510). - pwm: meson: Do not disable PWM when setting duty repeatedly (bsc#1051510). - pwm: meson: Use the spin-lock only to protect register modifications (bsc#1051510). - pwm: tiehrpwm: Update shadow register for disabling PWMs (bsc#1051510). - qla2xxx: allow irqbalance control in non-MQ mode (bsc#1128979). - qla2xxx: always allocate qla_tgt_wq (bsc#1131451). - qmi_wwan: add Olicard 600 (bsc#1051510). - rdma/hns: Fix bug that caused srq creation to fail (bsc#1104427 ). - rdma/rxe: Consider skb reserve space based on netdev of GID (bsc#1082387, bsc#1103992). - re-export snd_cards for kABI compatibility (bsc#1051510). - regulator: tps65086: Fix tps65086_ldoa1_ranges for selector 0xB (bsc#1051510). - Revert 'ALSA: seq: Protect in-kernel ioctl calls with mutex' (bsc#1051510). - Revert 'block: unexport DISK_EVENT_MEDIA_CHANGE for legacy/fringe drivers' (bsc#1110946, bsc#1119843). - Revert 'drm/sun4i: rgb: Change the pixel clock validation check (bnc#1113722)' The patch seems buggy, breaks the build for armv7hl/pae config. - Revert 'ide: unexport DISK_EVENT_MEDIA_CHANGE for ide-gd and ide-cd' (bsc#1110946). - Revert 'tty: pty: Fix race condition between release_one_tty and pty_write' (bsc#1051510). - rt2x00: do not increment sequence number while re-transmitting (bsc#1051510). - rtc: da9063: set uie_unsupported when relevant (bsc#1051510). - rtc: sh: Fix invalid alarm warning for non-enabled alarm (bsc#1051510). - rtlwifi: rtl8723ae: Fix missing break in switch statement (bsc#1051510). - rxrpc: Fix error reception on AF_INET6 sockets (git-fixes). - rxrpc: Fix transport sockopts to get IPv4 errors on an IPv6 socket (git-fixes). - s390/ism: ignore some errors during deregistration (bsc#1129857 LTC#176247). - s390/qdio: clear intparm during shutdown (bsc#1134597 LTC#177516). - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() (bsc#1051510). - sc16is7xx: move label 'err_spi' to correct section (bsc#1051510). - sc16is7xx: put err_spi and err_i2c into correct #ifdef (bsc#1051510). - scripts/bugzilla-create: Set 'Proactive-Upstream-Fix' keyword - scripts/git_sort/git_sort.py: Add mkp/scsi 5.0/scsi-fixes - scripts: override locale from environment when running recordmcount.pl (bsc#1134354). - scsi: qedf: fixup bit operations (bsc#1135542). - scsi: qedf: fixup locking in qedf_restart_rport() (bsc#1135542). - scsi: qedf: missing kref_put in qedf_xmit() (bsc#1135542). - scsi: qla2xxx: Declare local functions 'static' (bsc#1137444). - scsi: qla2xxx: fix error message on qla2400 (bsc#1118139). - scsi: qla2xxx: Fix function argument descriptions (bsc#1118139). - scsi: qla2xxx: Fix memory corruption during hba reset test (bsc#1118139). - scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show (bsc#1132044). - scsi: qla2xxx: fix spelling mistake: 'existant' -> 'existent' (bsc#1118139). - scsi: qla2xxx: fully convert to the generic DMA API (bsc#1137444). - scsi: qla2xxx: fx00 copypaste typo (bsc#1118139). - scsi: qla2xxx: Improve several kernel-doc headers (bsc#1137444). - scsi: qla2xxx: Introduce a switch/case statement in qlt_xmit_tm_rsp() (bsc#1137444). - scsi: qla2xxx: Make qla2x00_sysfs_write_nvram() easier to analyze (bsc#1137444). - scsi: qla2xxx: Make sure that qlafx00_ioctl_iosb_entry() initializes 'res' (bsc#1137444). - scsi: qla2xxx: NULL check before some freeing functions is not needed (bsc#1137444). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1137444). - scsi: qla2xxx: remove the unused tcm_qla2xxx_cmd_wq (bsc#1118139). - scsi: qla2xxx: Remove two arguments from qlafx00_error_entry() (bsc#1137444). - scsi: qla2xxx: Remove unused symbols (bsc#1118139). - scsi: qla2xxx: Split the __qla2x00_abort_all_cmds() function (bsc#1137444). - scsi: qla2xxx: use lower_32_bits and upper_32_bits instead of reinventing them (bsc#1137444). - scsi: qla2xxx: Use %p for printing pointers (bsc#1118139). - sctp: avoid running the sctp state machine recursively (networking-stable-19_05_04). - sctp: fix identification of new acks for SFR-CACC (git-fixes). - sctp: get sctphdr by offset in sctp_compute_cksum (networking-stable-19_03_28). - sctp: initialize _pad of sockaddr_in before copying to user memory (networking-stable-19_04_10). - sctp: only update outstanding_bytes for transmitted queue when doing prsctp_prune (git-fixes). - sctp: set frag_point in sctp_setsockopt_maxseg correctly` (git-fixes). - selinux: use kernel linux/socket.h for genheaders and mdp (bsc#1134810). - serial: 8250_pxa: honor the port number from devicetree (bsc#1051510). - serial: ar933x_uart: Fix build failure with disabled console (bsc#1051510). - serial: uartps: console_setup() can't be placed to init section (bsc#1051510). - signal: Always notice exiting tasks (git-fixes). - signal: Better detection of synchronous signals (git-fixes). - signal: Restore the stop PTRACE_EVENT_EXIT (git-fixes). - smc: move unhash as early as possible in smc_release() (bsc#1129857 LTC#176247). - soc/fsl/qe: Fix an error code in qe_pin_request() (bsc#1051510). - soc/tegra: pmc: Drop locking from tegra_powergate_is_powered() (bsc#1051510). - spi: a3700: Clear DATA_OUT when performing a read (bsc#1051510). - spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios (bsc#1051510). - spi: bcm2835aux: setup gpio-cs to output and correct level during setup (bsc#1051510). - spi: bcm2835aux: warn in dmesg that native cs is not really supported (bsc#1051510). - spi: Micrel eth switch: declare missing of table (bsc#1051510). - spi: rspi: Fix sequencer reset during initialization (bsc#1051510). - spi: ST ST95HF NFC: declare missing of table (bsc#1051510). - ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit (bsc#1051510). - staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc (bsc#1051510). - stm class: Fix an endless loop in channel allocation (bsc#1051510). - stm class: Fix channel free in stm output free path (bsc#1051510). - stm class: Prevent division by zero (bsc#1051510). - stmmac: pci: Adjust IOT2000 matching (networking-stable-19_04_30). - supported.conf: Add openvswitch to kernel-default-base (bsc#1124839). - supported.conf: Add openvswitch to kernel-default-base (bsc#1124839). - switchtec: Fix unintended mask of MRPC event (git-fixes). - tcp: add tcp_min_snd_mss sysctl (bsc#1137586). - tcp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28). - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586). - tcp: Ensure DCTCP reacts to losses (networking-stable-19_04_10). - tcp: limit payload size of sacked skbs (bsc#1137586). - tcp: purge write queue in tcp_connect_init() (git-fixes). - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586). - tcp: tcp_grow_window() needs to respect tcp_space() (networking-stable-19_04_19). - team: fix possible recursive locking when add slaves (networking-stable-19_04_30). - team: set slave to promisc if team is already in promisc mode (bsc#1051510). - thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power (bsc#1051510). - thermal/int340x_thermal: Add additional UUIDs (bsc#1051510). - thermal/int340x_thermal: fix mode setting (bsc#1051510). - thunderx: eliminate extra calls to put_page() for pages held for recycling (networking-stable-19_03_28). - thunderx: enable page recycling for non-XDP case (networking-stable-19_03_28). - tipc: fix hanging clients using poll with EPOLLOUT flag (git-fixes). - tipc: missing entries in name table of publications (networking-stable-19_04_19). - tools lib traceevent: Fix missing equality check for strcmp (bsc#1129770). - tracing: Fix partial reading of trace event's id file (bsc#1136573). - treewide: Use DEVICE_ATTR_WO (bsc#1137739). - tty: increase the default flip buffer limit to 2*640K (bsc#1051510). - tty: pty: Fix race condition between release_one_tty and pty_write (bsc#1051510). - tty: serial_core, add ->install (bnc#1129693). - tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if blankinterval == 0 (bsc#1051510). - tun: add a missing rcu_read_unlock() in error path (networking-stable-19_03_28). - tun: properly test for IFF_UP (networking-stable-19_03_28). - uas: fix alignment of scatter/gather segments (bsc#1129770). - udp: use indirect call wrappers for GRO socket lookup (bsc#1124503). - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour (bsc#1135323). - usb: cdc-acm: fix unthrottle races (bsc#1051510). - usb: core: Fix bug caused by duplicate interface PM usage counter (bsc#1051510). - usb: core: Fix unterminated string returned by usb_string() (bsc#1051510). - usb: dwc3: Fix default lpm_nyet_threshold value (bsc#1051510). - usb: gadget: net2272: Fix net2272_dequeue() (bsc#1051510). - usb: gadget: net2280: Fix net2280_dequeue() (bsc#1051510). - usb: gadget: net2280: Fix overrun of OUT messages (bsc#1051510). - usb: serial: f81232: fix interrupt worker not stop (bsc#1051510). - usb: serial: fix unthrottle races (bsc#1051510). - usb-storage: Set virt_boundary_mask to avoid SG overflows (bsc#1051510). - usb: u132-hcd: fix resource leak (bsc#1051510). - usb: usb251xb: fix to avoid potential NULL pointer dereference (bsc#1051510). - usb: usbip: fix isoc packet num validation in get_pipe (bsc#1051510). - usb: w1 ds2490: Fix bug caused by improper use of altsetting array (bsc#1051510). - usb: yurex: Fix protection fault after device removal (bsc#1051510). - userfaultfd: use RCU to free the task struct when fork fails (git-fixes). - vfio/mdev: Avoid release parent reference during error path (bsc#1051510). - vfio/mdev: Fix aborting mdev child device removal if one fails (bsc#1051510). - vfio_pci: Enable memory accesses before calling pci_map_rom (bsc#1051510). - vfio/pci: use correct format characters (bsc#1051510). - vhost: reject zero size iova range (networking-stable-19_04_19). - vhost/vsock: fix reset orphans race with close timeout (bsc#1051510). - virtio-blk: limit number of hw queues by nr_cpu_ids (bsc#1051510). - virtio: Honour 'may_reduce_num' in vring_create_virtqueue (bsc#1051510). - virtio_pci: fix a NULL pointer reference in vp_del_vqs (bsc#1051510). - vrf: check accept_source_route on the original netdevice (networking-stable-19_04_10). - vsock/virtio: fix kernel panic after device hot-unplug (bsc#1051510). - vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock (bsc#1051510). - vsock/virtio: Initialize core virtio vsock before registering the driver (bsc#1051510). - vsock/virtio: reset connected sockets on device removal (bsc#1051510). - vt: always call notifier with the console lock held (bsc#1051510). - vxlan: Do not call gro_cells_destroy() before device is unregistered (networking-stable-19_03_28). - x86_64: Add gap to int3 to allow for call emulation (bsc#1099658). - x86_64: Allow breakpoints to emulate call instructions (bsc#1099658). - x86/speculation/mds: Fix documentation typo (bsc#1135642). - xenbus: drop useless LIST_HEAD in xenbus_write_watch() and xenbus_file_write() (bsc#1065600). - xfrm6: avoid potential infinite loop in _decode_session6() (git-fixes). - xfrm6: call kfree_skb when skb is toobig (git-fixes). - xfrm: fix missing dst_release() after policy blocking lbcast and multicast (git-fixes). - xfrm: fix 'passing zero to ERR_PTR()' warning (git-fixes). - xfrm: Fix stack-out-of-bounds read on socket policy lookup (git-fixes). - xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) (git-fixes). - xfrm: reset crypto_done when iterating over multiple input xfrms (git-fixes). - xfrm: reset transport header back to network header after all input transforms ahave been applied (git-fixes). - xfrm: Return error on unknown encap_type in init_state (git-fixes). - xfrm_user: prevent leaking 2 bytes of kernel memory (git-fixes). - xfrm: Validate address prefix lengths in the xfrm selector (git-fixes). - xfs: add log item pinning error injection tag (bsc#1114427). - xfs: buffer lru reference count error injection tag (bsc#1114427). - xfs: check _btree_check_block value (bsc#1123663). - xfs: convert drop_writes to use the errortag mechanism (bsc#1114427). - xfs: create block pointer check functions (bsc#1123663). - xfs: create inode pointer verifiers (bsc#1114427). - xfs: detect and fix bad summary counts at mount (bsc#1114427). - xfs: export _inobt_btrec_to_irec and _ialloc_cluster_alignment for scrub (bsc#1114427). - xfs: export various function for the online scrubber (bsc#1123663). - xfs: expose errortag knobs via sysfs (bsc#1114427). - xfs: fix unused variable warning in xfs_buf_set_ref() (bsc#1114427). - xfs: force summary counter recalc at next mount (bsc#1114427). - xfs: kill meaningless variable 'zero' (bsc#1106011). - xfs: make errortag a per-mountpoint structure (bsc#1123663). - xfs: move error injection tags into their own file (bsc#1114427). - xfs: prepare xfs_break_layouts() for another layout type (bsc#1106011). - xfs: prepare xfs_break_layouts() to be called with XFS_MMAPLOCK_EXCL (bsc#1106011). - xfs: refactor btree block header checking functions (bsc#1123663). - xfs: refactor btree pointer checks (bsc#1123663). - xfs: refactor unmount record write (bsc#1114427). - xfs: remove unneeded parameter from XFS_TEST_ERROR (bsc#1123663). - xfs: remove xfs_zero_range (bsc#1106011). - xfs: rename MAXPATHLEN to XFS_SYMLINK_MAXLEN (bsc#1123663). - xfs: replace log_badcrc_factor knob with error injection tag (bsc#1114427). - xfs: sanity-check the unused space before trying to use it (bsc#1123663). - xfs: serialize unaligned dio writes against all other dio writes (bsc#1134936). Important SUSE bug 1012382 SUSE bug 1050242 SUSE bug 1051510 SUSE bug 1053043 SUSE bug 1056787 SUSE bug 1058115 SUSE bug 1063638 SUSE bug 1064802 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1066129 SUSE bug 1068546 SUSE bug 1071995 SUSE bug 1075020 SUSE bug 1082387 SUSE bug 1083647 SUSE bug 1085535 SUSE bug 1099658 SUSE bug 1103992 SUSE bug 1104353 SUSE bug 1104427 SUSE bug 1106011 SUSE bug 1106284 SUSE bug 1108838 SUSE bug 1110946 SUSE bug 1111696 SUSE bug 1112063 SUSE bug 1113722 SUSE bug 1114427 SUSE bug 1114893 SUSE bug 1115688 SUSE bug 1117158 SUSE bug 1117561 SUSE bug 1118139 SUSE bug 1119843 SUSE bug 1120091 SUSE bug 1120423 SUSE bug 1120566 SUSE bug 1120843 SUSE bug 1120902 SUSE bug 1122776 SUSE bug 1123454 SUSE bug 1123663 SUSE bug 1124503 SUSE bug 1124839 SUSE bug 1126356 SUSE bug 1127616 SUSE bug 1128052 SUSE bug 1128904 SUSE bug 1128905 SUSE bug 1128979 SUSE bug 1129138 SUSE bug 1129497 SUSE bug 1129693 SUSE bug 1129770 SUSE bug 1129848 SUSE bug 1129857 SUSE bug 1130409 SUSE bug 1130972 SUSE bug 1131451 SUSE bug 1131488 SUSE bug 1131565 SUSE bug 1131673 SUSE bug 1132044 SUSE bug 1132894 SUSE bug 1133176 SUSE bug 1133188 SUSE bug 1133190 SUSE bug 1133320 SUSE bug 1133612 SUSE bug 1133616 SUSE bug 1134160 SUSE bug 1134162 SUSE bug 1134199 SUSE bug 1134200 SUSE bug 1134201 SUSE bug 1134202 SUSE bug 1134203 SUSE bug 1134204 SUSE bug 1134205 SUSE bug 1134354 SUSE bug 1134393 SUSE bug 1134459 SUSE bug 1134460 SUSE bug 1134461 SUSE bug 1134537 SUSE bug 1134591 SUSE bug 1134597 SUSE bug 1134607 SUSE bug 1134651 SUSE bug 1134671 SUSE bug 1134760 SUSE bug 1134806 SUSE bug 1134810 SUSE bug 1134813 SUSE bug 1134848 SUSE bug 1134936 SUSE bug 1135006 SUSE bug 1135007 SUSE bug 1135008 SUSE bug 1135056 SUSE bug 1135100 SUSE bug 1135120 SUSE bug 1135278 SUSE bug 1135281 SUSE bug 1135309 SUSE bug 1135312 SUSE bug 1135314 SUSE bug 1135315 SUSE bug 1135316 SUSE bug 1135320 SUSE bug 1135323 SUSE bug 1135330 SUSE bug 1135492 SUSE bug 1135542 SUSE bug 1135556 SUSE bug 1135603 SUSE bug 1135642 SUSE bug 1135661 SUSE bug 1135758 SUSE bug 1136206 SUSE bug 1136424 SUSE bug 1136428 SUSE bug 1136430 SUSE bug 1136432 SUSE bug 1136434 SUSE bug 1136435 SUSE bug 1136438 SUSE bug 1136439 SUSE bug 1136477 SUSE bug 1136478 SUSE bug 1136573 SUSE bug 1136586 SUSE bug 1136881 SUSE bug 1136935 SUSE bug 1136990 SUSE bug 1137151 SUSE bug 1137152 SUSE bug 1137153 SUSE bug 1137162 SUSE bug 1137372 SUSE bug 1137444 SUSE bug 1137586 SUSE bug 1137739 SUSE bug 1137752 CVE-2018-7191 CVE-2019-10124 CVE-2019-11085 CVE-2019-11477 CVE-2019-11479 CVE-2019-11486 CVE-2019-11487 CVE-2019-11815 CVE-2019-11833 CVE-2019-11884 CVE-2019-12382 CVE-2019-3846 CVE-2019-5489 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). - CVE-2019-10166: Fixed an issue with virDomainManagedSaveDefineXML which could have been used to alter the domain's config used for managedsave or execute arbitrary emulator binaries (bsc#1138302). - CVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303). Important SUSE bug 1138301 SUSE bug 1138302 SUSE bug 1138303 CVE-2019-10161 CVE-2019-10166 CVE-2019-10167 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for gstreamer-plugins-base fixes the following issue: Security issue fixed: - CVE-2019-9928: Fixed a heap-based overflow in the rtsp connection parser (bsc#1133375). Important SUSE bug 1133375 CVE-2019-9928 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2019-8457: Fixed a Heap out-of-bound read in rtreenode() when handling invalid rtree tables (bsc#1136976). Important SUSE bug 1136976 CVE-2019-8457 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libssh2_org fixes the following issues: - Fix the previous fix for CVE-2019-3860 (bsc#1136570, bsc#1128481) (Out-of-bounds reads with specially crafted SFTP packets) Moderate SUSE bug 1128481 SUSE bug 1136570 CVE-2019-3860 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for wireshark to version 2.4.15 fixes the following issues: Security issue fixed: - Fixed a denial of service in the dissection engine (bsc#1136021). Moderate SUSE bug 1136021 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 5 Fix Pack 35. Security issues fixed: - CVE-2019-10245: Fixed Java bytecode verifier issue causing crashes (bsc#1134718). - CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729). - CVE-2019-2697: Fixed flaw inside the 2D component (bsc#1132734). - CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728). - CVE-2019-2684: Fixed flaw was found in the RMI registry implementation (bsc#1132732). Important SUSE bug 1132728 SUSE bug 1132729 SUSE bug 1132732 SUSE bug 1132734 SUSE bug 1134718 CVE-2019-10245 CVE-2019-2602 CVE-2019-2684 CVE-2019-2697 CVE-2019-2698 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for netpbm fixes the following issues: Security issues fixed: - CVE-2018-8975: The pm_mallocarray2 function allowed remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file (bsc#1086777). - CVE-2017-2579: Fixed out-of-bounds read in expandCodeOntoStack() (bsc#1024288). - CVE-2017-2580: Fixed out-of-bounds write of heap data in addPixelToRaster() function (bsc#1024291). - create netpbm-vulnerable subpackage and move pstopnm there (bsc#1136936) Moderate SUSE bug 1024288 SUSE bug 1024291 SUSE bug 1086777 SUSE bug 1136936 CVE-2017-2579 CVE-2017-2580 CVE-2018-8975 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: - Mozilla Firefox Firefox 60.7.2 MFSA 2019-19 (bsc#1138872) - CVE-2019-11708: Fix sandbox escape using Prompt:Open. * Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes could result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. Important SUSE bug 1138872 CVE-2019-11708 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-11597: Fixed a heap-based buffer over-read in the WriteTIFFImage() (bsc#1138464). - Fixed a file content disclosure via SVG and WMF decoding (bsc#1138425).- CVE-2019-11472: Fixed a denial of service in ReadXWDImage() (bsc#1133204). - CVE-2019-11470: Fixed a denial of service in ReadCINImage() (bsc#1133205). - CVE-2019-11506: Fixed a heap-based buffer overflow in the WriteMATLABImage() (bsc#1133498). - CVE-2019-11505: Fixed a heap-based buffer overflow in the WritePDBImage() (bsc#1133501). - CVE-2019-10131: Fixed a off-by-one read in formatIPTCfromBuffer function in coders/meta.c (bsc#1134075). - CVE-2017-12806: Fixed a denial of service through memory exhaustion in format8BIM() (bsc#1135232). - CVE-2017-12805: Fixed a denial of service through memory exhaustion in ReadTIFFImage() (bsc#1135236). - CVE-2019-11598: Fixed a heap-based buffer over-read in WritePNMImage() (bsc#1136732) We also now disable PCL in the -SUSE configuration, as it also uses ghostscript for decoding (bsc#1136183) Moderate SUSE bug 1133204 SUSE bug 1133205 SUSE bug 1133498 SUSE bug 1133501 SUSE bug 1134075 SUSE bug 1135232 SUSE bug 1135236 SUSE bug 1136183 SUSE bug 1136732 SUSE bug 1138425 SUSE bug 1138464 CVE-2017-12805 CVE-2017-12806 CVE-2019-10131 CVE-2019-11470 CVE-2019-11472 CVE-2019-11505 CVE-2019-11506 CVE-2019-11597 CVE-2019-11598 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for glibc fixes the following issues: Security issue fixed: - CVE-2015-5180: Fixed a NULL pointer dereference with internal QTYPE (bsc#941234). Feature work: - IBM zSeries arch13 hardware support in glibc added (fate#327072, bsc#1132678) Other issue addressed: - Fixed a concurrency issue with ldconfig (bsc#1117993). Moderate SUSE bug 1117993 SUSE bug 1132678 SUSE bug 941234 CVE-2015-5180 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for dnsmasq fixes the following issues: Security issue fixed: - CVE-2017-15107: Fixed a vulnerability in DNSSEC implementation. Processing of wildcard synthesized NSEC records may result improper validation for non-existance. (bsc#1076958) Non-security issue fixed: - Reload system dbus to pick up policy change on install (bsc#1054429). Moderate SUSE bug 1054429 SUSE bug 1076958 CVE-2017-15107 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for glib2 provides the following fix: Security issues fixed: - CVE-2019-12450: Fixed an improper file permission when copy operation takes place (bsc#1137001). - CVE-2018-16428: Avoid a null pointer dereference that could crash glib2 users in markup processing (bnc#1107121). - CVE-2018-16429: Fixed out-of-bounds read vulnerability ing_markup_parse_context_parse() (bsc#1107116). Non-security issues fixed: - Install dummy *-mimeapps.list files to prevent dead symlinks. (bsc#1061599) Important SUSE bug 1061599 SUSE bug 1107116 SUSE bug 1107121 SUSE bug 1137001 CVE-2018-16428 CVE-2018-16429 CVE-2019-12450 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for elfutils fixes the following issues: Security issues fixed: - CVE-2018-16403: Fixed a heap-based buffer over-read that could have led to Denial of Service (bsc#1107067). - CVE-2016-10254: Fixed a memory allocation failure in alloxate_elf (bsc#1030472). - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007). - CVE-2016-10255: Fixed a memory allocation failure in libelf_set_rawdata_wrlock (bsc#1030476). - CVE-2019-7150: Added a missing check in dwfl_segment_report_module which could have allowed truncated files to be read (bsc#1123685). - CVE-2018-16062: Fixed a heap-buffer-overflow (bsc#1106390). - CVE-2017-7611: Fixed a heap-based buffer over-read that could have led to Denial of Service (bsc#1033088). - CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file (bsc#1033090). - CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084). - CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085). - CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087). - CVE-2018-18521: Fixed multiple divide-by-zero vulnerabilities in function arlib_add_symbols() (bsc#1112723). - CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089). - CVE-2018-18310: Fixed an invalid address read in dwfl_segment_report_module.c (bsc#1111973). - CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726). Low SUSE bug 1030472 SUSE bug 1030476 SUSE bug 1033084 SUSE bug 1033085 SUSE bug 1033087 SUSE bug 1033088 SUSE bug 1033089 SUSE bug 1033090 SUSE bug 1106390 SUSE bug 1107067 SUSE bug 1111973 SUSE bug 1112723 SUSE bug 1112726 SUSE bug 1123685 SUSE bug 1125007 CVE-2016-10254 CVE-2016-10255 CVE-2017-7607 CVE-2017-7608 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7150 CVE-2019-7665 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libu2f-host and pam_u2f to version 1.0.8 fixes the following issues: Security issues fixed for libu2f-host: - CVE-2019-9578: Fixed a memory leak due to a wrong parse of init's response (bsc#1128140). - CVE-2018-20340: Fixed an unchecked buffer, which could allow a buffer overflow with a custom made malicious USB device (bsc#1124781). Security issues fixed for pam_u2f: - CVE-2019-12209: Fixed an issue where symlinks in the user's directory were followed (bsc#1135729). - CVE-2019-12210: Fixed file descriptor leaks (bsc#1135727). Moderate SUSE bug 1124781 SUSE bug 1128140 SUSE bug 1135727 SUSE bug 1135729 CVE-2018-20340 CVE-2019-12209 CVE-2019-12210 CVE-2019-9578 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for postgresql10 to version 10.9 fixes the following issue: Security issue fixed: - CVE-2019-10164: Fixed buffer-overflow vulnerabilities in SCRAM verifier parsing (bsc#1138034). More information at https://www.postgresql.org/docs/10/release-10-9.html Important SUSE bug 1138034 CVE-2019-10164 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for avahi fixes the following issues: Security issue fixed: - CVE-2018-1000845: Fixed DNS amplification and reflection to spoofed addresses (DOS) (bsc#1120281) Moderate SUSE bug 1120281 CVE-2018-1000845 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for kernel-firmware aligns the firmware code with SUSE Linux Enterprise Server 15. The version is now at 20190618. Please refer to the kernel-firmware rpm changelog file to see the full history of changes. Moderate SUSE bug 1091203 SUSE bug 1104289 SUSE bug 1110720 SUSE bug 1122456 SUSE bug 1128292 SUSE bug 1132303 SUSE bug 1136334 SUSE bug 1136498 SUSE bug 1139383 CVE-2019-9836 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-13012: Fixed improper restriction of file permissions when creating directories (bsc#1139959). Non-security issue fixed: - Added explicit requires between libglib2 and libgio2 (bsc#1140122). Important SUSE bug 1139959 SUSE bug 1140122 CVE-2019-13012 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for expat fixes the following issues: Security issue fixed: - CVE-2018-20843: Fixed a denial of service triggered by high resource consumption in the XML parser when XML names contain a large amount of colons (bsc#1139937). Moderate SUSE bug 1139937 CVE-2018-20843 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xrdp fixes the following issues: These security issues were fixed: - CVE-2013-1430: When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd was created. Its content was the equivalent of the user's cleartext password, DES encrypted with a known key (bsc#1015567). - CVE-2017-16927: The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp through used an untrusted integer as a write length, which could lead to a local denial of service (bsc#1069591). - CVE-2017-6967: Fixed call of the PAM function auth_start_session(). This lead to to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass (bsc#1029912). These non-security issues were fixed: - The KillDisconnected option for TigerVNC Xvnc sessions is now supported (bsc#1101506) - Fixed an issue with delayed X KeyRelease events (bsc#1100453) - Force xrdp-sesman.service to start after xrdp.service. (bsc#1014524) - Avoid use of hard-coded sesman port. (bsc#1060644) - Fixed a regression connecting from Windows 10. (bsc#1090174) Important SUSE bug 1014524 SUSE bug 1015567 SUSE bug 1029912 SUSE bug 1060644 SUSE bug 1069591 SUSE bug 1090174 SUSE bug 1100453 SUSE bug 1101506 CVE-2013-1430 CVE-2017-16927 CVE-2017-6967 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for webkit2gtk3 to version 2.24.2 fixes the following issues: Security issues fixed: - CVE-2019-6237, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8615, CVE-2019-8611, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623 (bsc#1135715). Important SUSE bug 1133291 SUSE bug 1135715 CVE-2019-6237 CVE-2019-8571 CVE-2019-8583 CVE-2019-8584 CVE-2019-8586 CVE-2019-8587 CVE-2019-8594 CVE-2019-8595 CVE-2019-8596 CVE-2019-8597 CVE-2019-8601 CVE-2019-8607 CVE-2019-8608 CVE-2019-8609 CVE-2019-8610 CVE-2019-8611 CVE-2019-8615 CVE-2019-8619 CVE-2019-8622 CVE-2019-8623 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-10638: A device could have been tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. (bnc#1140575) - CVE-2019-10639: Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image was exposed. This attack could have been carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic was trivial if the server answered ICMP Echo requests (ping). For client targets, if the target visited the attacker's web page, then WebRTC or gQUIC could be used to force UDP traffic to attacker-controlled IP addresses. (bnc#1140577) - CVE-2018-20836: A race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, could have lead to a use-after-free. (bnc#1134395) - CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (bnc#1133738) - CVE-2019-12614: An unchecked kstrdup might have allowed an attacker to cause denial of service (a NULL pointer dereference and system crash). (bnc#1137194) - CVE-2019-12819: The function __mdiobus_register() in drivers/net/phy/mdio_bus.c called put_device() which would trigger a fixed_mdio_bus_init use-after-free. This would cause a denial of service. (bnc#1138291) - CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may have returned NULL. If the caller did not check for this, it would trigger a NULL pointer dereference. This would cause denial of service. (bnc#1138293) The following non-security bugs were fixed: - 6lowpan: Off by one handling ->nexthdr (bsc#1051510). - acpi / property: fix handling of data_nodes in acpi_get_next_subnode() (bsc#1051510). - acpi: Add Hygon Dhyana support - af_key: unconditionally clone on broadcast (bsc#1051510). - alsa: firewire-lib/fireworks: fix miss detection of received MIDI messages (bsc#1051510). - alsa: firewire-motu: fix destruction of data for isochronous resources (bsc#1051510). - alsa: hda - Force polling mode on CNL for fixing codec communication (bsc#1051510). - alsa: hda/realtek - Change front mic location for Lenovo M710q (bsc#1051510). - alsa: hda/realtek - Set default power save node to 0 (bsc#1051510). - alsa: hda/realtek - Update headset mode for ALC256 (bsc#1051510). - alsa: hda/realtek: Add quirks for several Clevo notebook barebones (bsc#1051510). - alsa: line6: Fix write on zero-sized buffer (bsc#1051510). - alsa: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510). - alsa: seq: fix incorrect order of dest_client/dest_ports arguments (bsc#1051510). - alsa: usb-audio: fix sign unintended sign extension on left shifts (bsc#1051510). - apparmor: enforce nullbyte at end of tag string (bsc#1051510). - asoc: cs42xx8: Add regcache mask dirty (bsc#1051510). - asoc: eukrea-tlv320: fix a leaked reference by adding missing of_node_put (bsc#1051510). - asoc: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510). - asoc: fsl_sai: Update is_slave_mode with correct value (bsc#1051510). - asoc: fsl_utils: fix a leaked reference by adding missing of_node_put (bsc#1051510). - asoc: hdmi-codec: unlock the device on startup errors (bsc#1051510). - audit: fix a memory leak bug (bsc#1051510). - ax25: fix inconsistent lock state in ax25_destroy_timer (bsc#1051510). - batman-adv: allow updating DAT entry timeouts on incoming ARP Replies (bsc#1051510). - blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432). - blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637). - block: Fix a NULL pointer dereference in generic_make_request() (bsc#1139771). - bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328). - bluetooth: Replace the bluetooth fix with the upstream commit (bsc#1135556) - brcmfmac: convert dev_init_lock mutex to completion (bsc#1051510). - brcmfmac: fix Oops when bringing up interface during USB disconnect (bsc#1051510). - brcmfmac: fix WARNING during USB disconnect in case of unempty psq (bsc#1051510). - brcmfmac: fix missing checks for kmemdup (bsc#1051510). - brcmfmac: fix race during disconnect when USB completion is in progress (bsc#1051510). - can: af_can: Fix error path of can_init() (bsc#1051510). - can: flexcan: fix timeout when set small bitrate (bsc#1051510). - can: purge socket error queue on sock destruct (bsc#1051510). - ceph: flush dirty inodes before proceeding with remount (bsc#1140405). - cfg80211: fix memory leak of wiphy device name (bsc#1051510). - chardev: add additional check for minor range overlap (bsc#1051510). - clk: rockchip: Turn on 'aclk_dmac1' for suspend on rk3288 (bsc#1051510). - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider (bsc#1051510). - coresight: etb10: Fix handling of perf mode (bsc#1051510). - coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510). - cpu/topology: Export die_id (jsc#SLE-5454). - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ (). - cpufreq: Add Hygon Dhyana support (). - crypto: algapi - guard against uninitialized spawn list in crypto_remove_spawns (bsc#1133401). - crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510). - crypto: user - prevent operating on larval algorithms (bsc#1133401). - device core: Consolidate locking and unlocking of parent and device (bsc#1106383). - dm, dax: Fix detection of DAX support (bsc#1139782). - dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510). - doc: Cope with the deprecation of AutoReporter (bsc#1051510). - docs: Fix conf.py for Sphinx 2.0 (bsc#1135642). - documentation: Correct the possible MDS sysfs values (bsc#1135642). - drbd: Avoid Clang warning about pointless switch statment (bsc#1051510). - drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bsc#1051510). - drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510). - drbd: skip spurious timeout (ping-timeo) when failing promote (bsc#1051510). - driver core: Establish order of operations for device_add and device_del via bitflag (bsc#1106383). - driver core: Probe devices asynchronously instead of the driver (bsc#1106383). - drivers/base: Introduce kill_device() (bsc#1139865). - drivers/base: kABI fixes for struct device_private (bsc#1106383). - drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' (bsc#1051510). - drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() (bsc#1051510). - drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var (bsc#1051510). - drivers: thermal: tsens: Do not print error message on -EPROBE_DEFER (bsc#1051510). - drm/amdgpu: fix old fence check in amdgpu_fence_emit (bsc#1051510). - drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510). - drm/drv: Hold ref on parent device during drm_device lifetime (bsc#1051510). - drm/gma500/cdv: Check vbt config bits when detecting lvds panels (bsc#1051510). - drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510). - drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510). - drm/i915/sdvo: Implement proper HDMI audio support for SDVO (bsc#1051510). - drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration (bsc#1051510). - drm/radeon: prefer lower reference dividers (bsc#1051510). - drm: Wake up next in drm_read() chain if we are forced to putback the event (bsc#1051510). - edac, amd64: Add Hygon Dhyana support (). - edac/mc: Fix edac_mc_find() in case no device is found (bsc#1114279). - extcon: arizona: Disable mic detect if running when driver is removed (bsc#1051510). - ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995). - fuse: fallocate: fix return with locked inode (bsc#1051510). - fuse: fix writepages on 32bit (bsc#1051510). - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate (bsc#1051510). - genirq: Prevent use-after-free and work list corruption (bsc#1051510). - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bsc#1051510). - genwqe: Prevent an integer overflow in the ioctl (bsc#1051510). - gpio: Remove obsolete comment about gpiochip_free_hogs() usage (bsc#1051510). - gpio: fix gpio-adp5588 build errors (bsc#1051510). - hid: Wacom: switch Dell canvas into highres mode (bsc#1051510). - hid: input: fix a4tech horizontal wheel custom usage (bsc#1137429). - hid: logitech-hidpp: change low battery level threshold from 31 to 30 percent (bsc#1051510). - hid: logitech-hidpp: use RAP instead of FAP to get the protocol version (bsc#1051510). - hid: wacom: Add ability to provide explicit battery status info (bsc#1051510). - hid: wacom: Add support for 3rd generation Intuos BT (bsc#1051510). - hid: wacom: Add support for Pro Pen slim (bsc#1051510). - hid: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth (bsc#1051510). - hid: wacom: Do not report anything prior to the tool entering range (bsc#1051510). - hid: wacom: Do not set tool type until we're in range (bsc#1051510). - hid: wacom: Mark expected switch fall-through (bsc#1051510). - hid: wacom: Move HID fix for AES serial number into wacom_hid_usage_quirk (bsc#1051510). - hid: wacom: Move handling of HID quirks into a dedicated function (bsc#1051510). - hid: wacom: Properly handle AES serial number and tool type (bsc#1051510). - hid: wacom: Queue events with missing type/serial data for later processing (bsc#1051510). - hid: wacom: Remove comparison of u8 mode with zero and simplify (bsc#1051510). - hid: wacom: Replace touch_max fixup code with static touch_max definitions (bsc#1051510). - hid: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact (bsc#1051510). - hid: wacom: Support 'in range' for Intuos/Bamboo tablets where possible (bsc#1051510). - hid: wacom: Sync INTUOSP2_BT touch state after each frame if necessary (bsc#1051510). - hid: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 (bsc#1051510). - hid: wacom: convert Wacom custom usages to standard HID usages (bsc#1051510). - hid: wacom: fix mistake in printk (bsc#1051510). - hid: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0 (bsc#1051510). - hid: wacom: generic: Leave tool in prox until it completely leaves sense (bsc#1051510). - hid: wacom: generic: Refactor generic battery handling (bsc#1051510). - hid: wacom: generic: Report AES battery information (bsc#1051510). - hid: wacom: generic: Reset events back to zero when pen leaves (bsc#1051510). - hid: wacom: generic: Scale battery capacity measurements to percentages (bsc#1051510). - hid: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set (bsc#1051510). - hid: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range (bsc#1051510). - hid: wacom: generic: Support multiple tools per report (bsc#1051510). - hid: wacom: generic: Use generic codepath terminology in wacom_wac_pen_report (bsc#1051510). - hid: wacom: generic: add the 'Report Valid' usage (bsc#1051510). - hid: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510). - hwmon/coretemp: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - hwmon/coretemp: Support multi-die/package (jsc#SLE-5454). - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (). - hwmon: (core) add thermal sensors only if dev->of_node is present (bsc#1051510). - hwmon: (k10temp) 27C Offset needed for Threadripper2 (). - hwmon: (k10temp) Add Hygon Dhyana support (). - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics (). - hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs (). - hwmon: (k10temp) Add support for family 17h (). - hwmon: (k10temp) Add support for temperature offsets (). - hwmon: (k10temp) Add temperature offset for Ryzen 1900X (). - hwmon: (k10temp) Add temperature offset for Ryzen 2700X (). - hwmon: (k10temp) Correct model name for Ryzen 1600X (). - hwmon: (k10temp) Display both Tctl and Tdie (). - hwmon: (k10temp) Fix reading critical temperature register (). - hwmon: (k10temp) Make function get_raw_temp static (). - hwmon: (k10temp) Move chip specific code into probe function (). - hwmon: (k10temp) Only apply temperature offset if result is positive (). - hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh processors (). - hwmon: (k10temp) Use API function to access System Management Network (). - hwmon: (pmbus/core) Treat parameters as paged if on multiple pages (bsc#1051510). - hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify offset table (). - hwrng: omap - Set default quality (bsc#1051510). - i2c-piix4: Add Hygon Dhyana SMBus support (). - i2c: acorn: fix i2c warning (bsc#1135642). - i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr (bsc#1051510). - i2c: i801: Add support for Intel Comet Lake (jsc#SLE-5331). - ibmveth: Update ethtool settings to reflect virtual properties (bsc#1136157, LTC#177197). - iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion (bsc#1051510). - iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data (bsc#1051510). - iio: hmc5843: fix potential NULL pointer dereferences (bsc#1051510). - input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510). - input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD (bsc#1051510). - iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb() (bsc#1051510). - iwlwifi: pcie: do not crash on invalid RX interrupt (bsc#1051510). - kABI workaround for the new pci_dev.skip_bus_pm field addition (bsc#1051510). - kabi: x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - kabi: x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - kernel-binary: Use -c grep option in klp project detection. - kernel-binary: fix missing \ - kernel-binary: rpm does not support multiline condition - kernel-subpackage-spec: Add dummy package to ensure subpackages are rebuilt with kernel update (bsc#1106751). In factory packages are not rebuilt automatically so a dependency is needed on the old kernel to get a rebuild with the new kernel. THe subpackage itself cannot depend on the kernel so add another empty pacakge that does depend on it. - kmps: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137). - kmps: provide and conflict a kernel version specific KMP name (bsc#1127155, bsc#1109137). - kvm: PPC: Book3S HV: Avoid lockdep debugging in TCE realmode handlers (bsc#1061840). - kvm: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough interrupts (bsc#1061840). - kvm: PPC: Book3S: Protect memslots while validating user address (bsc#1061840). - kvm: PPC: Release all hardware TCE tables attached to a group (bsc#1061840). - kvm: PPC: Remove redundand permission bits removal (bsc#1061840). - kvm: PPC: Validate TCEs against preregistered memory page sizes (bsc#1061840). - kvm: PPC: Validate all tces before updating tables (bsc#1061840). - kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID (bsc#1114279). - kvm: x86: Include multiple indices with CPUID leaf 0x8000001d (bsc#1114279). - leds: avoid flush_work in atomic context (bsc#1051510). - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk (bsc#1051510). - libnvdimm, pfn: Fix over-trim in trim_pfn_device() (bsc#1140719). - libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865). - mISDN: make sure device name is NUL terminated (bsc#1051510). - mac80211/cfg80211: update bss channel on channel switch (bsc#1051510). - mac80211: Do not use stack memory with scatterlist for GMAC (bsc#1051510). - mac80211: Fix kernel panic due to use of txq after free (bsc#1051510). - mac80211: drop robust management frames from unknown TA (bsc#1051510). - mac80211: handle deauthentication/disassociation from TDLS peer (bsc#1051510). - media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() (bsc#1051510). - media: au0828: stop video streaming only when last user stops (bsc#1051510). - media: coda: clear error return value before picture run (bsc#1051510). - media: cpia2: Fix use-after-free in cpia2_exit (bsc#1051510). - media: go7007: avoid clang frame overflow warning with KASAN (bsc#1051510). - media: m88ds3103: serialize reset messages in m88ds3103_set_frontend (bsc#1051510). - media: ov2659: make S_FMT succeed even if requested format does not match (bsc#1051510). - media: saa7146: avoid high stack usage with clang (bsc#1051510). - media: smsusb: better handle optional alignment (bsc#1051510). - media: usb: siano: Fix false-positive 'uninitialized variable' warning (bsc#1051510). - media: usb: siano: Fix general protection fault in smsusb (bsc#1051510). - media: v4l2-ioctl: clear fields in s_parm (bsc#1051510). - mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L (bsc#1051510). - mfd: intel-lpss: Set the device in reset state when init (bsc#1051510). - mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values (bsc#1051510). - mfd: tps65912-spi: Add missing of table registration (bsc#1051510). - mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510). - mm: pagechage-limit: Calculate pagecache-limit based on node state (bsc#1136811) - mmc: core: Prevent processing SDIO IRQs when the card is suspended (bsc#1051510). - mmc: core: Verify SD bus width (bsc#1051510). - mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers (bsc#1051510). - mmc: mmci: Prevent polling for busy detection in IRQ context (bsc#1051510). - mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum A-009204 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC5 support (bsc#1051510). - mmc_spi: add a status check for spi_sync_locked (bsc#1051510). - module: Fix livepatch/ftrace module text permissions race (bsc#1071995). - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633). - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633). - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633). - nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814). - nfit/ars: Avoid stale ARS results (jsc#SLE-5433). - nfit/ars: Introduce scrub_flags (jsc#SLE-5433). - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642). - nvme-rdma: fix double freeing of async event data (bsc#1120423). - nvme-rdma: fix possible double free of controller async event buffer (bsc#1120423). - nvme: copy MTFA field from identify controller (bsc#1140715). - nvme: skip nvme_update_disk_info() if the controller is not live (bsc#1128432). - nvmem: Do not let a NULL cell_id for nvmem_cell_get() crash us (bsc#1051510). - nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510). - nvmem: core: fix read buffer in place (bsc#1051510). - nvmem: correct Broadcom OTP controller driver writes (bsc#1051510). - nvmem: imx-ocotp: Add i.MX7D timing write clock setup support (bsc#1051510). - nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510). - nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510). - nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function (bsc#1051510). - nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510). - nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510). - nvmem: imx-ocotp: Update module description (bsc#1051510). - nvmem: properly handle returned value nvmem_reg_read (bsc#1051510). - ocfs2: try to reuse extent block in dealloc without meta_alloc (bsc#1128902). - parport: Fix mem leak in parport_register_dev_model (bsc#1051510). - pci: PM: Avoid possible suspend-to-idle issue (bsc#1051510). - pci: PM: Skip devices in D0 for suspend-to-idle (bsc#1051510). - pci: rpadlpar: Fix leaked device_node references in add/remove paths (bsc#1051510). - perf tools: Add Hygon Dhyana support (). - perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/rapl: Cosmetic rename internal variables in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454). - platform/chrome: cros_ec_proto: check for NULL transfer function (bsc#1051510). - platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration (bsc#1051510). - pm/core: Propagate dev->power.wakeup_path when no callbacks (bsc#1051510). - power: supply: max14656: fix potential use-before-alloc (bsc#1051510). - power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510). - powercap/intel_rapl: Simplify rapl_find_package() (jsc#SLE-5454). - powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454). - powercap/intel_rapl: Update RAPL domain name and debug messages (jsc#SLE-5454). - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374, LTC#178199). - powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list (bsc#1137728, LTC#178106). - powerpc/perf: Add POWER9 alternate PM_RUN_CYC and PM_RUN_INST_CMPL events (bsc#1137728, LTC#178106). - powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199). - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199). - powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375, LTC#178204). - powerpc/rtas: retry when cpu offline races with suspend/migration (bsc#1140428, LTC#178808). - ppp: mppe: Add softdep to arc4 (bsc#1088047). - qlcnic: Avoid potential NULL pointer dereference (bsc#1051510). - qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510). - qmi_wwan: add network device usage statistics for qmimux devices (bsc#1051510). - qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510). - qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode (bsc#1051510). - qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510). - rapidio: fix a NULL pointer dereference when create_workqueue() fails (bsc#1051510). - ras/cec: Convert the timer callback to a workqueue (bsc#1114279). - ras/cec: Fix binary search function (bsc#1114279). - rpm/dtb.spec.in.in: Fix new include path Commit 89de3db69113d58cdab14d2c777de6080eac49dc ('rpm/dtb.spec.in.in: Update include path for dt-bindings') introduced an additional include path for 4.12. The commit message had it correct, but the spec file template lacked a path component, breaking the aarch64 build while succeeding on armv7hl. Fix that. - rpm/dtb.spec.in.in: Update include path for dt-bindings Kernels before 4.12 had arch/{arm,arm64}/boot/dts/include/ directories with a symlink to include/dt-bindings/. In 4.12 those include/ directories were dropped. Therefore use include/ directly. Additionally some cross-architecture .dtsi reuse was introduced, which requires scripts/dtc/include-prefixes/ that didn't exist on older kernels. - rpm/kernel-binary.spec.in: Add back kernel-binary-base subpackage (jsc#SLE-3853). - rpm/kernel-binary.spec.in: Build livepatch support in SUSE release projects (bsc#1124167). - rpm/kernel-subpackage-build: handle arm kernel zImage. - rpm/kernel-subpackage-spec: only provide firmware actually present in subpackage. - rpm/package-descriptions: fix typo in kernel-azure - rpm/post.sh: correct typo in err msg (bsc#1137625) - rpm: Add arm64 dtb-allwinner subpackage 4.10 added arch/arm64/boot/dts/allwinner/. - rpm: Add arm64 dtb-zte subpackage 4.9 added arch/arm64/boot/dts/zte/. - rtc: 88pm860x: prevent use-after-free on device remove (bsc#1051510). - rtc: do not reference bogus function pointer in kdoc (bsc#1051510). - rtlwifi: fix a potential NULL pointer dereference (bsc#1051510). - s390: fix booting problem (bsc#1140948). - s390/dasd: fix using offset into zero size array error (bsc#1051510). - s390/jump_label: Use 'jdd' constraint on gcc9 (bsc#1138589). - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event (bsc#1051510). - s390/qeth: fix race when initializing the IP address table (bsc#1051510). - s390/setup: fix early warning messages (bsc#1051510). - s390/virtio: handle find on invalid queue gracefully (bsc#1051510). - sbitmap: fix improper use of smp_mb__before_atomic() (bsc#1140658). - sched/topology: Improve load balancing on AMD EPYC (bsc#1137366). - scripts/git_sort/git_sort.py: add djbw/nvdimm nvdimm-pending. - scripts/git_sort/git_sort.py: add nvdimm/libnvdimm-fixes - scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390). - scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555). - scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555). - scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() (bsc#1140727). - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bsc#1140728). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296). - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove (bsc#1051510). - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bsc#1051510). - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bsc#1051510). - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) (bsc#1051510). - serial: sh-sci: disable DMA for uart_console (bsc#1051510). - smb3: Fix endian warning (bsc#1137884). - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher (bsc#1051510). - soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510). - spi : spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510). - spi: Fix zero length xfer bug (bsc#1051510). - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master (bsc#1051510). - spi: pxa2xx: Add support for Intel Comet Lake (jsc#SLE-5331). - spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510). - spi: spi-fsl-spi: call spi_finalize_current_message() at the end (bsc#1051510). - spi: tegra114: reset controller on probe (bsc#1051510). - staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest (bsc#1051510). - staging: vc04_services: prevent integer overflow in create_pagelist() (bsc#1051510). - staging: wlan-ng: fix adapter initialization failure (bsc#1051510). - svm: Add warning message for AVIC IPI invalid target (bsc#1140133). - svm: Fix AVIC incomplete IPI emulation (bsc#1140133). - sysctl: handle overflow in proc_get_long (bsc#1051510). - test_firmware: Use correct snprintf() limit (bsc#1135642). - thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - thermal/x86_pkg_temp_thermal: Support multi-die/package (jsc#SLE-5454). - thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510). - thunderbolt: Fix to check for kmemdup failure (bsc#1051510). - tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510). - tmpfs: fix uninitialized return value in shmem_link (bsc#1051510). - tools/cpupower: Add Hygon Dhyana support (). - topology: Create core_cpus and die_cpus sysfs attributes (jsc#SLE-5454). - topology: Create package_cpus sysfs attribute (jsc#SLE-5454). - tracing/snapshot: Resize spare buffer if size changed (bsc#1140726). - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler (bsc#1051510). - tty: ipwireless: fix missing checks for ioremap (bsc#1051510). - tty: max310x: Fix external crystal register setup (bsc#1051510). - tty: serial: msm_serial: Fix XON/XOFF (bsc#1051510). - usb: Add LPM quirk for Surface Dock GigE adapter (bsc#1051510). - usb: Fix chipmunk-like voice when using Logitech C270 for recording audio (bsc#1051510). - usb: Fix slab-out-of-bounds write in usb_get_bos_descriptor (bsc#1051510). - usb: chipidea: udc: workaround for endpoint conflict issue (bsc#1135642). - usb: core: Add PM runtime calls to usb_hcd_platform_shutdown (bsc#1051510). - usb: core: Do not unbind interfaces following device reset failure (bsc#1051510). - usb: dwc2: Fix DMA cache alignment issues (bsc#1051510). - usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression) (bsc#1135642). - usb: rio500: fix memory leak in close after disconnect (bsc#1051510). - usb: rio500: refuse more than one device at a time (bsc#1051510). - usb: serial: fix initial-termios handling (bsc#1135642). - usb: serial: option: add Telit 0x1260 and 0x1261 compositions (bsc#1051510). - usb: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode (bsc#1051510). - usb: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510). - usb: serial: pl2303: fix tranceiver suspend mode (bsc#1135642). - usb: sisusbvga: fix oops in error path of sisusb_probe (bsc#1051510). - usb: usb-storage: Add new ID to ums-realtek (bsc#1051510). - usb: xhci: avoid null pointer deref when bos field is NULL (bsc#1135642). - usbip: usbip_host: fix BUG: sleeping function called from invalid context (bsc#1051510). - usbip: usbip_host: fix stub_dev lock context imbalance regression (bsc#1051510). - usbnet: fix kernel crash after disconnect (bsc#1051510). - usbnet: ipheth: fix racing condition (bsc#1051510). - vfio: ccw: only free cp on final interrupt (bsc#1051510). - video: hgafb: fix potential NULL pointer dereference (bsc#1051510). - video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510). - virtio_console: initialize vtermno value for ports (bsc#1051510). - vlan: disable SIOCSHWTSTAMP in container (bsc#1051510). - vxlan: trivial indenting fix (bsc#1051510). - vxlan: use __be32 type for the param vni in __vxlan_fdb_delete (bsc#1051510). - w1: fix the resume command API (bsc#1051510). - watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510). - x86/CPU/AMD: Do not force the CPB cap when running under a hypervisor (bsc#1114279). - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors (). - x86/alternative: Init ideal_nops for Hygon Dhyana (). - x86/amd_nb: Add support for Raven Ridge CPUs (). - x86/amd_nb: Check vendor in AMD-only functions (). - x86/apic: Add Hygon Dhyana support (). - x86/bugs: Add Hygon Dhyana to the respective mitigation machinery (). - x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number (). - x86/cpu: Create Hygon Dhyana architecture support file (). - x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana (). - x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382). - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (jsc#SLE-5382). This changes definitions of some bits, but they are intended to be used only by the core, so hopefully, no KMP uses the definitions. - x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions (jsc#SLE-5382). - x86/events: Add Hygon Dhyana support to PMU infrastructure (). - x86/kvm: Add Hygon Dhyana support to KVM (). - x86/mce: Add Hygon Dhyana support to the MCA infrastructure (). - x86/mce: Do not disable MCA banks when offlining a CPU on AMD (). - x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279). - x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback (bsc#1114279). - x86/microcode: Fix microcode hotplug state (bsc#1114279). - x86/microcode: Fix the ancient deprecated microcode loading method (bsc#1114279). - x86/mm/mem_encrypt: Disable all instrumentation for early SME setup (bsc#1114279). - x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and northbridge (). - x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana (). - x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454). - x86/speculation/mds: Revert CPU buffer clear on double fault exit (bsc#1114279). - x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - x86/topology: Create topology_max_die_per_package() (jsc#SLE-5454). - x86/topology: Define topology_die_id() (jsc#SLE-5454). - x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - x86/xen: Add Hygon Dhyana support to Xen (). - xen/pciback: Do not disable PCI_COMMAND on PCI device reset (bsc#1065600). - xfs: do not clear imap_valid for a non-uptodate buffers (bsc#1138018). - xfs: do not look at buffer heads in xfs_add_to_ioend (bsc#1138013). - xfs: do not set the page uptodate in xfs_writepage_map (bsc#1138003). - xfs: do not use XFS_BMAPI_ENTRIRE in xfs_get_blocks (bsc#1137999). - xfs: do not use XFS_BMAPI_IGSTATE in xfs_map_blocks (bsc#1138005). - xfs: eof trim writeback mapping as soon as it is cached (bsc#1138019). - xfs: fix s_maxbytes overflow problems (bsc#1137996). - xfs: make xfs_writepage_map extent map centric (bsc#1138009). - xfs: minor cleanup for xfs_get_blocks (bsc#1138000). - xfs: move all writeback buffer_head manipulation into xfs_map_at_offset (bsc#1138014). - xfs: refactor the tail of xfs_writepage_map (bsc#1138016). - xfs: remove XFS_IO_INVALID (bsc#1138017). - xfs: remove the imap_valid flag (bsc#1138012). - xfs: remove unused parameter from xfs_writepage_map (bsc#1137995). - xfs: remove xfs_map_cow (bsc#1138007). - xfs: remove xfs_reflink_find_cow_mapping (bsc#1138010). - xfs: remove xfs_reflink_trim_irec_to_next_cow (bsc#1138006). - xfs: remove xfs_start_page_writeback (bsc#1138015). - xfs: rename the offset variable in xfs_writepage_map (bsc#1138008). - xfs: simplify xfs_map_blocks by using xfs_iext_lookup_extent directly (bsc#1138011). - xfs: skip CoW writes past EOF when writeback races with truncate (bsc#1137998). - xfs: xfs_reflink_convert_cow() memory allocation deadlock (bsc#1138002). - xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic() (bsc#1051510). - xhci: Use %zu for printing size_t type (bsc#1051510). - xhci: update bounce buffer with correct sg num (bsc#1051510). Important SUSE bug 1051510 SUSE bug 1061840 SUSE bug 1065600 SUSE bug 1071995 SUSE bug 1088047 SUSE bug 1094555 SUSE bug 1098633 SUSE bug 1106383 SUSE bug 1106751 SUSE bug 1109137 SUSE bug 1114279 SUSE bug 1119532 SUSE bug 1120423 SUSE bug 1124167 SUSE bug 1127155 SUSE bug 1128432 SUSE bug 1128902 SUSE bug 1128910 SUSE bug 1132154 SUSE bug 1132390 SUSE bug 1133401 SUSE bug 1133738 SUSE bug 1134303 SUSE bug 1134395 SUSE bug 1135296 SUSE bug 1135556 SUSE bug 1135642 SUSE bug 1136157 SUSE bug 1136811 SUSE bug 1136922 SUSE bug 1137103 SUSE bug 1137194 SUSE bug 1137221 SUSE bug 1137366 SUSE bug 1137429 SUSE bug 1137625 SUSE bug 1137728 SUSE bug 1137884 SUSE bug 1137995 SUSE bug 1137996 SUSE bug 1137998 SUSE bug 1137999 SUSE bug 1138000 SUSE bug 1138002 SUSE bug 1138003 SUSE bug 1138005 SUSE bug 1138006 SUSE bug 1138007 SUSE bug 1138008 SUSE bug 1138009 SUSE bug 1138010 SUSE bug 1138011 SUSE bug 1138012 SUSE bug 1138013 SUSE bug 1138014 SUSE bug 1138015 SUSE bug 1138016 SUSE bug 1138017 SUSE bug 1138018 SUSE bug 1138019 SUSE bug 1138291 SUSE bug 1138293 SUSE bug 1138374 SUSE bug 1138375 SUSE bug 1138589 SUSE bug 1138719 SUSE bug 1139751 SUSE bug 1139771 SUSE bug 1139782 SUSE bug 1139865 SUSE bug 1140133 SUSE bug 1140328 SUSE bug 1140405 SUSE bug 1140424 SUSE bug 1140428 SUSE bug 1140575 SUSE bug 1140577 SUSE bug 1140637 SUSE bug 1140658 SUSE bug 1140715 SUSE bug 1140719 SUSE bug 1140726 SUSE bug 1140727 SUSE bug 1140728 SUSE bug 1140814 SUSE bug 1140948 SUSE bug 821419 SUSE bug 945811 CVE-2018-16871 CVE-2018-20836 CVE-2019-10126 CVE-2019-10638 CVE-2019-10639 CVE-2019-11478 CVE-2019-11599 CVE-2019-12456 CVE-2019-12614 CVE-2019-12818 CVE-2019-12819 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox, mozilla-nss fixes the following issues: MozillaFirefox to version ESR 60.8: - CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868). - CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868). - CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868). - CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868). - CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868). - CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868). - CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868). - CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868). - CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868). - CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868). mozilla-nss to version 3.44.1: * Added IPSEC IKE support to softoken * Many new FIPS test cases Important SUSE bug 1140868 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11719 CVE-2019-11729 CVE-2019-11730 CVE-2019-9811 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for tomcat to version 9.0.21 fixes the following issues: Security issues fixed: - CVE-2019-0199: Fixed a denial of service in the HTTP/2 implementation related to streams with excessive numbers of SETTINGS frames (bsc#1131055). - CVE-2019-0221: Fixed a cross site scripting vulnerability with the SSI printenv command (bsc#1136085). - CVE-2019-10072: Fixed incomplete patch for CVE-2019-0199 (bsc#1139924). Please also see http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.21_(markt) and http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.20_(markt) Moderate SUSE bug 1131055 SUSE bug 1136085 SUSE bug 1139924 CVE-2019-0199 CVE-2019-0221 CVE-2019-10072 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libxslt fixes the following issues: Security issues fixed: - CVE-2019-13118: Fixed a read of uninitialized stack data (bsc#1140101). - CVE-2019-13117: Fixed a uninitialized read which allowed to discern whether a byte on the stack contains certain special characters (bsc#1140095). Moderate SUSE bug 1140095 SUSE bug 1140101 CVE-2019-13117 CVE-2019-13118 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libxml2 fixes the following issues: Issue fixed: - Fixed a bug related to the fix for CVE-2016-9318 which allowed xsltproc to access the internet even when --nonet was given and also was making docbook-xsl-stylesheets to have incomplete xml catalog file (bsc#1010675, bsc#1126613 and bsc#1110146). Moderate SUSE bug 1010675 SUSE bug 1110146 SUSE bug 1126613 CVE-2016-9318 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for polkit fixes the following issues: Security issue fixed: - CVE-2018-19788: Fixed handling of UIDs over MAX_UINT (bsc#1118277) Moderate SUSE bug 1118277 CVE-2018-19788 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ucode-intel fixes the following issues: This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331) Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the CPU Microcode adjustments for the software mitigations. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Release notes: ---- updated platforms ------------------------------------ SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061d->0000061f Xeon E3/E5, Core X SNB-E/EN/EP C2/M1 6-2d-7/6d 00000714->00000718 Xeon E3/E5, Core X Important SUSE bug 1111331 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083). - CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657). Important SUSE bug 1139083 SUSE bug 985657 CVE-2016-3189 CVE-2019-12900 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319). - CVE-2018-12232: In net/socket.c in the there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash (bnc#1097593). - CVE-2018-14625: A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (bnc#1106615). - CVE-2018-16862: A security flaw was found in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186). - CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946). - CVE-2018-18397: The userfaultfd implementation mishandled access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656). - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841). - CVE-2018-19854: An issue was discovered in the crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker did not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option) (bnc#1118428). - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). The following non-security bugs were fixed: - acpi / CPPC: Check for valid PCC subspace only if PCC is used (bsc#1117115). - acpi / CPPC: Update all pr_(debug/err) messages to log the susbspace id (bsc#1117115). - aio: fix spectre gadget in lookup_ioctx (bsc#1120594). - alsa: cs46xx: Potential NULL dereference in probe (bsc#1051510). - alsa: emu10k1: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - alsa: emux: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - alsa: fireface: fix for state to fetch PCM frames (bsc#1051510). - alsa: fireface: fix reference to wrong register for clock configuration (bsc#1051510). - alsa: firewire-lib: fix wrong assignment for 'out_packet_without_header' tracepoint (bsc#1051510). - alsa: firewire-lib: fix wrong handling payload_length as payload_quadlet (bsc#1051510). - alsa: firewire-lib: use the same print format for 'without_header' tracepoints (bsc#1051510). - alsa: hda: add mute LED support for HP EliteBook 840 G4 (bsc#1051510). - alsa: hda: Add support for AMD Stoney Ridge (bsc#1051510). - alsa: hda/ca0132 - make pci_iounmap() call conditional (bsc#1051510). - alsa: hda: fix front speakers on Huawei MBXP (bsc#1051510). - alsa: hda/realtek - Add support for Acer Aspire C24-860 headset mic (bsc#1051510). - alsa: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225 (bsc#1051510). - alsa: hda/realtek: ALC286 mic and headset-mode fixups for Acer Aspire U27-880 (bsc#1051510). - alsa: hda/realtek: ALC294 mic and headset-mode fixups for ASUS X542UN (bsc#1051510). - alsa: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX391UA with ALC294 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX433FN/UX333FA with ALC294 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX533FD with ALC294 (bsc#1051510). - alsa: hda/realtek: Enable the headset mic auto detection for ASUS laptops (bsc#1051510). - alsa: hda/realtek - Fixed headphone issue for ALC700 (bsc#1051510). - alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4660G (bsc#1051510). - alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4860G/Z6860G (bsc#1051510). - alsa: hda/realtek - Fix speaker output regression on Thinkpad T570 (bsc#1051510). - alsa: hda/realtek - Fix the mute LED regresion on Lenovo X1 Carbon (bsc#1051510). - alsa: hda/realtek - Support Dell headset mode for New AIO platform (bsc#1051510). - alsa: hda/tegra: clear pending irq handlers (bsc#1051510). - alsa: pcm: Call snd_pcm_unlink() conditionally at closing (bsc#1051510). - alsa: pcm: Fix interval evaluation with openmin/max (bsc#1051510). - alsa: pcm: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: pcm: Fix starvation on down_write_nonblock() (bsc#1051510). - alsa: rme9652: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: trident: Suppress gcc string warning (bsc#1051510). - alsa: usb-audio: Add SMSL D1 to quirks for native DSD support (bsc#1051510). - alsa: usb-audio: Add support for Encore mDSD USB DAC (bsc#1051510). - alsa: usb-audio: Avoid access before bLength check in build_audio_procunit() (bsc#1051510). - alsa: usb-audio: Fix an out-of-bound read in create_composite_quirks (bsc#1051510). - alsa: x86: Fix runtime PM for hdmi-lpe-audio (bsc#1051510). - apparmor: do not try to replace stale label in ptrace access check (git-fixes). - apparmor: do not try to replace stale label in ptraceme check (git-fixes). - apparmor: Fix uninitialized value in aa_split_fqname (git-fixes). - arm64: Add work around for Arm Cortex-A55 Erratum 1024718 (bsc#1120612). - arm64: atomics: Remove '&' from '+&' asm constraint in lse atomics (bsc#1120613). - arm64: cpu_errata: include required headers (bsc#1120615). - arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing (bsc#1120633). - arm64: Fix /proc/iomem for reserved but not memory regions (bsc#1120632). - arm64: lse: Add early clobbers to some input/output asm operands (bsc#1120614). - arm64: lse: remove -fcall-used-x0 flag (bsc#1120618). - arm64: mm: always enable CONFIG_HOLES_IN_ZONE (bsc#1120617). - arm64/numa: Report correct memblock range for the dummy node (bsc#1120620). - arm64/numa: Unify common error path in numa_init() (bsc#1120621). - arm64: remove no-op -p linker flag (bsc#1120616). - ASoC: dapm: Recalculate audio map forcely when card instantiated (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Clapper (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Gnawty (bsc#1051510). - ASoC: Intel: mrfld: fix uninitialized variable access (bsc#1051510). - ASoC: omap-abe-twl6040: Fix missing audio card caused by deferred probing (bsc#1051510). - ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE (bsc#1051510). - ASoC: omap-mcbsp: Fix latency value calculation for pm_qos (bsc#1051510). - ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE (bsc#1051510). - ASoC: rsnd: fixup clock start checker (bsc#1051510). - ASoC: wm_adsp: Fix dma-unsafe read of scratch registers (bsc#1051510). - ath10k: do not assume this is a PCI dev in generic code (bsc#1051510). - ath6kl: Only use match sets when firmware supports it (bsc#1051510). - b43: Fix error in cordic routine (bsc#1051510). - bcache: fix miss key refill->end in writeback (Git-fixes). - bcache: trace missed reading by cache_missed (Git-fixes). - Blacklist 5182f26f6f74 crypto: ccp - Make function sev_get_firmware() static - blk-mq: remove synchronize_rcu() from blk_mq_del_queue_tag_set() (Git-fixes). - block: allow max_discard_segments to be stacked (Git-fixes). - block: blk_init_allocated_queue() set q->fq as NULL in the fail case (Git-fixes). - block: really disable runtime-pm for blk-mq (Git-fixes). - block: reset bi_iter.bi_done after splitting bio (Git-fixes). - block/swim: Fix array bounds check (Git-fixes). - bnxt_en: do not try to offload VLAN 'modify' action (bsc#1050242 ). - bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request (bsc#1086282). - bnxt_en: Fix VNIC reservations on the PF (bsc#1086282 ). - bnxt_en: get the reduced max_irqs by the ones used by RDMA (bsc#1050242). - bpf: fix check of allowed specifiers in bpf_trace_printk (bsc#1083647). - bpf: use per htab salt for bucket hash (git-fixes). - btrfs: Always try all copies when reading extent buffers (git-fixes). - btrfs: delete dead code in btrfs_orphan_add() (bsc#1111469). - btrfs: delete dead code in btrfs_orphan_commit_root() (bsc#1111469). - btrfs: do not BUG_ON() in btrfs_truncate_inode_items() (bsc#1111469). - btrfs: do not check inode's runtime flags under root->orphan_lock (bsc#1111469). - btrfs: do not return ino to ino cache if inode item removal fails (bsc#1111469). - btrfs: fix ENOSPC caused by orphan items reservations (bsc#1111469). - btrfs: Fix error handling in btrfs_cleanup_ordered_extents (git-fixes). - btrfs: fix error handling in btrfs_truncate() (bsc#1111469). - btrfs: fix error handling in btrfs_truncate_inode_items() (bsc#1111469). - btrfs: fix fsync of files with multiple hard links in new directories (1120173). - btrfs: Fix memory barriers usage with device stats counters (git-fixes). - btrfs: fix use-after-free on root->orphan_block_rsv (bsc#1111469). - btrfs: get rid of BTRFS_INODE_HAS_ORPHAN_ITEM (bsc#1111469). - btrfs: get rid of unused orphan infrastructure (bsc#1111469). - btrfs: move btrfs_truncate_block out of trans handle (bsc#1111469). - btrfs: qgroup: Dirty all qgroups before rescan (bsc#1120036). - btrfs: refactor btrfs_evict_inode() reserve refill dance (bsc#1111469). - btrfs: renumber BTRFS_INODE_ runtime flags and switch to enums (bsc#1111469). - btrfs: reserve space for O_TMPFILE orphan item deletion (bsc#1111469). - btrfs: run delayed items before dropping the snapshot (bsc#1121263, bsc#1111188). - btrfs: stop creating orphan items for truncate (bsc#1111469). - btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875). - btrfs: update stale comments referencing vmtruncate() (bsc#1111469). - can: flexcan: flexcan_irq(): fix indention (bsc#1051510). - cdrom: do not attempt to fiddle with cdo->capability (bsc#1051510). - ceph: do not update importing cap's mseq when handing cap export (bsc#1121273). - char_dev: extend dynamic allocation of majors into a higher range (bsc#1121058). - char_dev: Fix off-by-one bugs in find_dynamic_major() (bsc#1121058). - clk: mmp: Off by one in mmp_clk_add() (bsc#1051510). - clk: mvebu: Off by one bugs in cp110_of_clk_get() (bsc#1051510). - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations (git-fixes). - config: arm64: enable erratum 1024718 - cpufeature: avoid warning when compiling with clang (Git-fixes). - cpufreq / CPPC: Add cpuinfo_cur_freq support for CPPC (bsc#1117115). - cpufreq: CPPC: fix build in absence of v3 support (bsc#1117115). - cpupower: remove stringop-truncation waring (git-fixes). - crypto: bcm - fix normal/non key hash algorithm failure (bsc#1051510). - crypto: ccp - Add DOWNLOAD_FIRMWARE SEV command (). - crypto: ccp - Add GET_ID SEV command (). - crypto: ccp - Add psp enabled message when initialization succeeds (). - crypto: ccp - Add support for new CCP/PSP device ID (). - crypto: ccp - Allow SEV firmware to be chosen based on Family and Model (). - crypto: ccp - Fix static checker warning (). - crypto: ccp - Remove unused #defines (). - crypto: ccp - Support register differences between PSP devices (). - dasd: fix deadlock in dasd_times_out (bsc#1121477, LTC#174111). - dax: Check page->mapping isn't NULL (bsc#1120054). - dax: Do not access a freed inode (bsc#1120055). - device property: Define type of PROPERTY_ENRTY_*() macros (bsc#1051510). - device property: fix fwnode_graph_get_next_endpoint() documentation (bsc#1051510). - disable stringop truncation warnings for now (git-fixes). - dm: allocate struct mapped_device with kvzalloc (Git-fixes). - dm cache: destroy migration_cache if cache target registration failed (Git-fixes). - dm cache: fix resize crash if user does not reload cache table (Git-fixes). - dm cache metadata: ignore hints array being too small during resize (Git-fixes). - dm cache metadata: save in-core policy_hint_size to on-disk superblock (Git-fixes). - dm cache metadata: set dirty on all cache blocks after a crash (Git-fixes). - dm cache: only allow a single io_mode cache feature to be requested (Git-fixes). - dm crypt: do not decrease device limits (Git-fixes). - dm: fix report zone remapping to account for partition offset (Git-fixes). - dm integrity: change 'suspending' variable from bool to int (Git-fixes). - dm ioctl: harden copy_params()'s copy_from_user() from malicious users (Git-fixes). - dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled (Git-fixes). - dm linear: fix linear_end_io conditional definition (Git-fixes). - dm thin: handle running out of data space vs concurrent discard (Git-fixes). - dm thin metadata: remove needless work from __commit_transaction (Git-fixes). - dm thin: stop no_space_timeout worker when switching to write-mode (Git-fixes). - dm writecache: fix a crash due to reading past end of dirty_bitmap (Git-fixes). - dm writecache: report start_sector in status line (Git-fixes). - dm zoned: fix metadata block ref counting (Git-fixes). - dm zoned: fix various dmz_get_mblock() issues (Git-fixes). - doc/README.SUSE: correct GIT url No more gitorious, github we use. - drivers/net/usb: add device id for TP-LINK UE300 USB 3.0 Ethernet (bsc#1119749). - drivers/net/usb/r8152: remove the unneeded variable 'ret' in rtl8152_system_suspend (bsc#1119749). - drivers/tty: add missing of_node_put() (bsc#1051510). - drm/amdgpu/gmc8: update MC firmware for polaris (bsc#1113722) - drm/amdgpu: update mc firmware image for polaris12 variants (bsc#1113722) - drm/amdgpu: update SMC firmware image for polaris10 variants (bsc#1113722) - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1113722) - drm/i915/execlists: Apply a full mb before execution for Braswell (bsc#1113722) - drm/ioctl: Fix Spectre v1 vulnerabilities (bsc#1113722) - drm/nouveau/kms: Fix memory leak in nv50_mstm_del() (bsc#1113722) - drm: rcar-du: Fix external clock error checks (bsc#1113722) - drm: rcar-du: Fix vblank initialization (bsc#1113722) - drm/rockchip: psr: do not dereference encoder before it is null (bsc#1113722) - drm: set is_master to 0 upon drm_new_set_master() failure (bsc#1113722) - drm/vc4: Set ->is_yuv to false when num_planes == 1 (bsc#1113722) - drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE (bsc#1113722) - dt-bindings: add compatible string for Allwinner V3s SoC (git-fixes). - dt-bindings: arm: Document SoC compatible value for Armadillo-800 EVA (git-fixes). - dt-bindings: clock: add rk3399 DDR3 standard speed bins (git-fixes). - dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4 (git-fixes). - dt-bindings: iio: update STM32 timers clock names (git-fixes). - dt-bindings: mfd: axp20x: Add AXP806 to supported list of chips (git-fixes). - dt-bindings: net: Remove duplicate NSP Ethernet MAC binding document (git-fixes). - dt-bindings: panel: lvds: Fix path to display timing bindings (git-fixes). - dt-bindings: phy: sun4i-usb-phy: Add property descriptions for H3 (git-fixes). - dt-bindings: pwm: renesas: tpu: Fix 'compatible' prop description (git-fixes). - dt-bindings: pwm: Update STM32 timers clock names (git-fixes). - dt-bindings: rcar-dmac: Document missing error interrupt (git-fixes). - efi: Move some sysfs files to be read-only by root (bsc#1051510). - ethernet: fman: fix wrong of_node_put() in probe function (bsc#1119017). - exportfs: fix 'passing zero to ERR_PTR()' warning (bsc#1118773). - ext2: fix potential use after free (bsc#1118775). - ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#1118760). - ext4: fix EXT4_IOC_GROUP_ADD ioctl (bsc#1120604). - ext4: fix possible use after free in ext4_quota_enable (bsc#1120602). - ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() (bsc#1120603). - extable: Consolidate *kernel_text_address() functions (bsc#1120092). - extable: Enable RCU if it is not watching in kernel_text_address() (bsc#1120092). - fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1113722) - fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1113722) - filesystem-dax: Fix dax_layout_busy_page() livelock (bsc#1118787). - firmware: add firmware_request_nowarn() - load firmware without warnings (). - Fix tracing sample code warning (git-fixes). - fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (Git-fixes). - fscache: Pass the correct cancelled indications to fscache_op_complete() (Git-fixes). - fs: fix lost error code in dio_complete (bsc#1118762). - fs/xfs: Use %pS printk format for direct addresses (git-fixes). - fuse: fix blocked_waitq wakeup (git-fixes). - fuse: fix leaked notify reply (git-fixes). - fuse: fix possibly missed wake-up after abort (git-fixes). - fuse: Fix use-after-free in fuse_dev_do_read() (git-fixes). - fuse: Fix use-after-free in fuse_dev_do_write() (git-fixes). - fuse: fix use-after-free in fuse_direct_IO() (git-fixes). - fuse: set FR_SENT while locked (git-fixes). - gcc-plugins: Add include required by GCC release 8 (git-fixes). - gcc-plugins: Use dynamic initializers (git-fixes). - gfs2: Do not leave s_fs_info pointing to freed memory in init_sbd (bsc#1118769). - gfs2: Fix loop in gfs2_rbm_find (bsc#1120601). - gfs2: Get rid of potential double-freeing in gfs2_create_inode (bsc#1120600). - gfs2_meta: ->mount() can get NULL dev_name (bsc#1118768). - gfs2: Put bitmap buffers in put_super (bsc#1118772). - gpio: davinci: Remove unused member of davinci_gpio_controller (git-fixes). - gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers (bsc#1051510). - gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (bsc#1051510). - gpio: max7301: fix driver for use with CONFIG_VMAP_STACK (bsc#1051510). - gpio: mvebu: only fail on missing clk if pwm is actually to be used (bsc#1051510). - hid: Add quirk for Primax PIXART OEM mice (bsc#1119410). - hid: input: Ignore battery reported by Symbol DS4308 (bsc#1051510). - hid: multitouch: Add pointstick support for Cirque Touchpad (bsc#1051510). - hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - i2c: axxia: properly handle master timeout (bsc#1051510). - i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node (bsc#1051510). - ib/hfi1: Add mtu check for operational data VLs (bsc#1060463 ). - ibmvnic: Convert reset work item mutex to spin lock (). - ibmvnic: Fix non-atomic memory allocation in IRQ context (). - ib/rxe: support for 802.1q VLAN on the listener (bsc#1082387). - ieee802154: 6lowpan: set IFLA_LINK (bsc#1051510). - ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510). - ieee802154: at86rf230: use __func__ macro for debug messages (bsc#1051510). - ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510). - Include modules.fips in kernel-binary as well as kernel-binary-base (). - initramfs: fix initramfs rebuilds w/ compression after disabling (git-fixes). - Input: add official Raspberry Pi's touchscreen driver (). - Input: cros_ec_keyb - fix button/switch capability reports (bsc#1051510). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR (bsc#1051510). - Input: elan_i2c - add ELAN0620 to the ACPI table (bsc#1051510). - Input: elan_i2c - add support for ELAN0621 touchpad (bsc#1051510). - Input: hyper-v - fix wakeup from suspend-to-idle (bsc#1051510). - Input: matrix_keypad - check for errors from of_get_named_gpio() (bsc#1051510). - Input: nomadik-ske-keypad - fix a loop timeout test (bsc#1051510). - Input: omap-keypad - fix keyboard debounce configuration (bsc#1051510). - Input: synaptics - add PNP ID for ThinkPad P50 to SMBus (bsc#1051510). - Input: synaptics - enable SMBus for HP 15-ay000 (bsc#1051510). - Input: xpad - quirk all PDP Xbox One gamepads (bsc#1051510). - integrity/security: fix digsig.c build error with header file (bsc#1051510). - intel_th: msu: Fix an off-by-one in attribute store (bsc#1051510). - iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105). - iommu/vt-d: Handle domain agaw being less than iommu agaw (bsc#1106105). - iwlwifi: add new cards for 9560, 9462, 9461 and killer series (bsc#1051510). - iwlwifi: fix LED command capability bit (bsc#1119086). - iwlwifi: fix non_shared_ant for 22000 devices (bsc#1119086). - iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE (bsc#1119086). - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT to old firmwares (bsc#1119086). - iwlwifi: nvm: get num of hw addresses from firmware (bsc#1119086). - iwlwifi: pcie: do not reset TXQ write pointer (bsc#1051510). - jffs2: free jffs2_sb_info through jffs2_kill_sb() (bsc#1118767). - jump_label: Split out code under the hotplug lock (bsc#1106913). - kabi: hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - kabi protect hnae_ae_ops (bsc#1104353). - kbuild: allow to use GCC toolchain not in Clang search path (git-fixes). - kbuild: fix linker feature test macros when cross compiling with Clang (git-fixes). - kbuild: make missing $DEPMOD a Warning instead of an Error (git-fixes). - kbuild: rpm-pkg: keep spec file until make mrproper (git-fixes). - kbuild: suppress packed-not-aligned warning for default setting only (git-fixes). - kbuild: verify that $DEPMOD is installed (git-fixes). - kdb: use memmove instead of overlapping memcpy (bsc#1120954). - kernfs: Replace strncpy with memcpy (bsc#1120053). - keys: Fix the use of the C++ keyword 'private' in uapi/linux/keyctl.h (Git-fixes). - kobject: Replace strncpy with memcpy (git-fixes). - kprobes: Make list and blacklist root user read only (git-fixes). - kvm: PPC: Book3S PR: Enable use on POWER9 inside HPT-mode guests (bsc#1118484). - libata: whitelist all SAMSUNG MZ7KM* solid-state disks (bsc#1051510). - libertas_tf: prevent underflow in process_cmdrequest() (bsc#1119086). - libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1118962). - libnvdimm, pmem: Fix badblocks population for 'raw' namespaces (bsc#1118788). - lib/raid6: Fix arm64 test build (bsc#1051510). - lib/ubsan.c: do not mark __ubsan_handle_builtin_unreachable as noreturn (bsc#1051510). - Limit max FW API version for QCA9377 (bsc#1121714, bsc#1121715). - linux/bitmap.h: fix type of nbits in bitmap_shift_right() (bsc#1051510). - locking/barriers: Convert users of lockless_dereference() to READ_ONCE() (Git-fixes). - locking/static_keys: Improve uninitialized key warning (bsc#1106913). - mac80211: Clear beacon_int in ieee80211_do_stop (bsc#1051510). - mac80211: fix reordering of buffered broadcast packets (bsc#1051510). - mac80211_hwsim: fix module init error paths for netlink (bsc#1051510). - mac80211_hwsim: Timer should be initialized before device registered (bsc#1051510). - mac80211: ignore NullFunc frames in the duplicate detection (bsc#1051510). - mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext (bsc#1051510). - Mark HI and TASKLET softirq synchronous (git-fixes). - md: fix raid10 hang issue caused by barrier (git-fixes). - media: em28xx: Fix use-after-free when disconnecting (bsc#1051510). - media: em28xx: make v4l2-compliance happier by starting sequence on zero (bsc#1051510). - media: omap3isp: Unregister media device as first (bsc#1051510). - mmc: bcm2835: reset host on timeout (bsc#1051510). - mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support (bsc#1051510). - mmc: core: Reset HPI enabled state during re-init and in case of errors (bsc#1051510). - mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl (bsc#1051510). - mmc: dw_mmc-bluefield: Add driver extension (bsc#1118752). - mmc: dw_mmc-k3: add sd support for hi3660 (bsc#1118752). - MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 (bsc#1051510). - mmc: omap_hsmmc: fix DMA API warning (bsc#1051510). - mmc: sdhci: fix the timeout check window for clock and reset (bsc#1051510). - mm: do not miss the last page because of round-off error (bnc#1118798). - mm: do not warn about large allocations for slab (git fixes (slab)). - mm/huge_memory.c: reorder operations in __split_huge_page_tail() (VM Functionality bsc#1119962). - mm/huge_memory: fix lockdep complaint on 32-bit i_size_read() (VM Functionality, bsc#1121599). - mm/huge_memory: rename freeze_page() to unmap_page() (VM Functionality, bsc#1121599). - mm/huge_memory: splitting set mapping+index before unfreeze (VM Functionality, bsc#1121599). - mm: hugetlb: yield when prepping struct pages (git fixes (memory initialisation)). - mm/khugepaged: collapse_shmem() do not crash on Compound (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() remember to clear holes (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() stop if punched or truncated (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() without freezing new_page (VM Functionality, bsc#1121599). - mm/khugepaged: fix crashes due to misaccounted holes (VM Functionality, bsc#1121599). - mm/khugepaged: minor reorderings in collapse_shmem() (VM Functionality, bsc#1121599). - mm: lower the printk loglevel for __dump_page messages (generic hotplug debugability). - mm, memory_hotplug: be more verbose for memory offline failures (generic hotplug debugability). - mm, memory_hotplug: drop pointless block alignment checks from __offline_pages (generic hotplug debugability). - mm, memory_hotplug: print reason for the offlining failure (generic hotplug debugability). - mm: migration: fix migration of huge PMD shared pages (bnc#1086423). - mm: only report isolation failures when offlining memory (generic hotplug debugability). - mm: print more information about mapping in __dump_page (generic hotplug debugability). - mm: put_and_wait_on_page_locked() while page is migrated (bnc#1109272). - mm: sections are not offlined during memory hotremove (bnc#1119968). - mm: shmem.c: Correctly annotate new inodes for lockdep (Git fixes: shmem). - mm/vmstat.c: fix NUMA statistics updates (git fixes). - Move dell_rbu fix to sorted section (bsc#1087978). - mtd: cfi: convert inline functions to macros (git-fixes). - mtd: Fix comparison in map_word_andequal() (git-fixes). - namei: allow restricted O_CREAT of FIFOs and regular files (bsc#1118766). - nbd: do not allow invalid blocksize settings (Git-fixes). - net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() (bsc#1051510). - net: dsa: mv88e6xxx: Fix binding documentation for MDIO busses (git-fixes). - net: dsa: qca8k: Add QCA8334 binding documentation (git-fixes). - net: ena: fix crash during ena_remove() (bsc#1111696 bsc#1117561). - net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1111696 bsc#1117561). - net: hns3: Add nic state check before calling netif_tx_wake_queue (bsc#1104353). - net: hns3: Add support for hns3_nic_netdev_ops.ndo_do_ioctl (bsc#1104353). - net: hns3: bugfix for buffer not free problem during resetting (bsc#1104353). - net: hns3: bugfix for handling mailbox while the command queue reinitialized (bsc#1104353). - net: hns3: bugfix for hclge_mdio_write and hclge_mdio_read (bsc#1104353). - net: hns3: bugfix for is_valid_csq_clean_head() (bsc#1104353 ). - net: hns3: bugfix for reporting unknown vector0 interrupt repeatly problem (bsc#1104353). - net: hns3: bugfix for rtnl_lock's range in the hclgevf_reset() (bsc#1104353). - net: hns3: bugfix for the initialization of command queue's spin lock (bsc#1104353). - net: hns3: Check hdev state when getting link status (bsc#1104353). - net: hns3: Clear client pointer when initialize client failed or unintialize finished (bsc#1104353). - net: hns3: Fix cmdq registers initialization issue for vf (bsc#1104353). - net: hns3: Fix error of checking used vlan id (bsc#1104353 ). - net: hns3: Fix ets validate issue (bsc#1104353). - net: hns3: Fix for netdev not up problem when setting mtu (bsc#1104353). - net: hns3: Fix for out-of-bounds access when setting pfc back pressure (bsc#1104353). - net: hns3: Fix for packet buffer setting bug (bsc#1104353 ). - net: hns3: Fix for rx vlan id handle to support Rev 0x21 hardware (bsc#1104353). - net: hns3: Fix for setting speed for phy failed problem (bsc#1104353). - net: hns3: Fix for vf vlan delete failed problem (bsc#1104353 ). - net: hns3: Fix loss of coal configuration while doing reset (bsc#1104353). - net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg() (bsc#1104353). - net: hns3: Fix ping exited problem when doing lp selftest (bsc#1104353). - net: hns3: Preserve vlan 0 in hardware table (bsc#1104353 ). - net: hns3: remove unnecessary queue reset in the hns3_uninit_all_ring() (bsc#1104353). - net: hns3: Set STATE_DOWN bit of hdev state when stopping net (bsc#1104353). - net/mlx4_core: Correctly set PFC param if global pause is turned off (bsc#1046299). - net: usb: r8152: constify usb_device_id (bsc#1119749). - net: usb: r8152: use irqsave() in USB's complete callback (bsc#1119749). - nospec: Allow index argument to have const-qualified type (git-fixes) - nospec: Kill array_index_nospec_mask_check() (git-fixes). - nvme-fc: resolve io failures during connect (bsc#1116803). - nvme-multipath: zero out ANA log buffer (bsc#1105168). - nvme: validate controller state before rescheduling keep alive (bsc#1103257). - objtool: Detect RIP-relative switch table references (bsc#1058115). - objtool: Detect RIP-relative switch table references, part 2 (bsc#1058115). - objtool: Fix another switch table detection issue (bsc#1058115). - objtool: Fix double-free in .cold detection error path (bsc#1058115). - objtool: Fix GCC 8 cold subfunction detection for aliased functions (bsc#1058115). - objtool: Fix 'noreturn' detection for recursive sibling calls (bsc#1058115). - objtool: Fix segfault in .cold detection with -ffunction-sections (bsc#1058115). - objtool: Support GCC 8's cold subfunctions (bsc#1058115). - objtool: Support GCC 8 switch tables (bsc#1058115). - panic: avoid deadlocks in re-entrant console drivers (bsc#1088386). - pci: Add ACS quirk for Ampere root ports (bsc#1120058). - pci: Add ACS quirk for APM X-Gene devices (bsc#1120058). - pci: Convert device-specific ACS quirks from NULL termination to ARRAY_SIZE (bsc#1120058). - pci: Delay after FLR of Intel DC P3700 NVMe (bsc#1120058). - pci: Disable Samsung SM961/PM961 NVMe before FLR (bsc#1120058). - pci: Export pcie_has_flr() (bsc#1120058). - pci: iproc: Activate PAXC bridge quirk for more devices (bsc#1120058). - pci: Mark Ceton InfiniTV4 INTx masking as broken (bsc#1120058). - pci: Mark fall-through switch cases before enabling -Wimplicit-fallthrough (bsc#1120058). - pci: Mark Intel XXV710 NIC INTx masking as broken (bsc#1120058). - perf tools: Fix tracing_path_mount proper path (git-fixes). - platform-msi: Free descriptors in platform_msi_domain_free() (bsc#1051510). - powerpc/64s: consolidate MCE counter increment (bsc#1094244). - powerpc/64s/radix: Fix process table entry cache invalidation (bsc#1055186, git-fixes). - powerpc/boot: Expose Kconfig symbols to wrapper (bsc#1065729). - powerpc/boot: Fix build failures with -j 1 (bsc#1065729). - powerpc/pkeys: Fix handling of pkey state across fork() (bsc#1078248, git-fixes). - powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle) (bsc#1055121). - powerpc/pseries: Track LMB nid instead of using device tree (bsc#1108270). - powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244). - power: supply: olpc_battery: correct the temperature units (bsc#1051510). - ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS (bsc#1106913). - qed: Add driver support for 20G link speed (bsc#1110558). - qed: Add support for virtual link (bsc#1111795). - qede: Add driver support for 20G link speed (bsc#1110558). - r8152: add byte_enable for ocp_read_word function (bsc#1119749). - r8152: add Linksys USB3GIGV1 id (bsc#1119749). - r8152: add r8153_phy_status function (bsc#1119749). - r8152: adjust lpm settings for RTL8153 (bsc#1119749). - r8152: adjust rtl8153_runtime_enable function (bsc#1119749). - r8152: adjust the settings about MAC clock speed down for RTL8153 (bsc#1119749). - r8152: adjust U2P3 for RTL8153 (bsc#1119749). - r8152: avoid rx queue more than 1000 packets (bsc#1119749). - r8152: check if disabling ALDPS is finished (bsc#1119749). - r8152: correct the definition (bsc#1119749). - r8152: disable RX aggregation on Dell TB16 dock (bsc#1119749). - r8152: disable RX aggregation on new Dell TB16 dock (bsc#1119749). - r8152: fix wrong checksum status for received IPv4 packets (bsc#1119749). - r8152: move calling delay_autosuspend function (bsc#1119749). - r8152: move the default coalesce setting for RTL8153 (bsc#1119749). - r8152: move the initialization to reset_resume function (bsc#1119749). - r8152: move the setting of rx aggregation (bsc#1119749). - r8152: replace napi_complete with napi_complete_done (bsc#1119749). - r8152: set rx mode early when linking on (bsc#1119749). - r8152: split rtl8152_resume function (bsc#1119749). - r8152: support new chip 8050 (bsc#1119749). - r8152: support RTL8153B (bsc#1119749). - rbd: whitelist RBD_FEATURE_OPERATIONS feature bit (Git-fixes). - rcu: Allow for page faults in NMI handlers (bsc#1120092). - rdma/bnxt_re: Add missing spin lock initialization (bsc#1050244 ). - rdma/bnxt_re: Avoid accessing the device structure after it is freed (bsc#1050244). - rdma/bnxt_re: Avoid NULL check after accessing the pointer (bsc#1086283). - rdma/bnxt_re: Fix system hang when registration with L2 driver fails (bsc#1086283). - rdma/hns: Bugfix pbl configuration for rereg mr (bsc#1104427 ). - rdma_rxe: make rxe work over 802.1q VLAN devices (bsc#1082387). - reset: remove remaining WARN_ON() in <linux/reset.h> (Git-fixes). - Revert commit ef9209b642f 'staging: rtl8723bs: Fix indenting errors and an off-by-one mistake in core/rtw_mlme_ext.c' (bsc#1051510). - Revert 'iommu/io-pgtable-arm: Check for v7s-incapable systems' (bsc#1106105). - Revert 'PCI/ASPM: Do not initialize link state when aspm_disabled is set' (bsc#1051510). - Revert 'scsi: lpfc: ls_rjt erroneus FLOGIs' (bsc#1119322). - ring-buffer: Allow for rescheduling when removing pages (bsc#1120238). - ring-buffer: Do no reuse reader page if still in use (bsc#1120096). - ring-buffer: Mask out the info bits when returning buffer page length (bsc#1120094). - rtc: hctosys: Add missing range error reporting (bsc#1051510). - rtc: m41t80: Correct alarm month range with RTC reads (bsc#1051510). - rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write (bsc#1051510). - rtc: snvs: Add timeouts to avoid kernel lockups (bsc#1051510). - rtl8xxxu: Fix missing break in switch (bsc#1051510). - s390/dasd: simplify locking in dasd_times_out (bsc#1104967,). - s390/kdump: Fix elfcorehdr size calculation (bsc#1117953, LTC#171112). - s390/kdump: Make elfcorehdr size calculation ABI compliant (bsc#1117953, LTC#171112). - s390/qeth: fix length check in SNMP processing (bsc#1117953, LTC#173657). - s390/qeth: remove outdated portname debug msg (bsc#1117953, LTC#172960). - s390/qeth: sanitize strings in debug messages (bsc#1117953, LTC#172960). - sbitmap: fix race in wait batch accounting (Git-fixes). - sched/core: Fix cpu.max vs. cpuhotplug deadlock (bsc#1106913). - sched/smt: Expose sched_smt_present static key (bsc#1106913). - sched/smt: Make sched_smt_present track topology (bsc#1106913). - sched, tracing: Fix trace_sched_pi_setprio() for deboosting (bsc#1120228). - scsi: lpfc: Cap NPIV vports to 256 (bsc#1118215). - scsi: lpfc: Correct code setting non existent bits in sli4 ABORT WQE (bsc#1118215). - scsi: lpfc: Correct topology type reporting on G7 adapters (bsc#1118215). - scsi: lpfc: Defer LS_ACC to FLOGI on point to point logins (bsc#1118215). - scsi: lpfc: Enable Management features for IF_TYPE=6 (bsc#1119322). - scsi: lpfc: Fix a duplicate 0711 log message number (bsc#1118215). - scsi: lpfc: fix block guard enablement on SLI3 adapters (bsc#1079935). - scsi: lpfc: Fix dif and first burst use in write commands (bsc#1118215). - scsi: lpfc: Fix discovery failures during port failovers with lots of vports (bsc#1118215). - scsi: lpfc: Fix driver release of fw-logging buffers (bsc#1118215). - scsi: lpfc: Fix kernel Oops due to null pring pointers (bsc#1118215). - scsi: lpfc: Fix panic when FW-log buffsize is not initialized (bsc#1118215). - scsi: lpfc: ls_rjt erroneus FLOGIs (bsc#1118215). - scsi: lpfc: refactor mailbox structure context fields (bsc#1118215). - scsi: lpfc: rport port swap discovery issue (bsc#1118215). - scsi: lpfc: update driver version to 12.0.0.9 (bsc#1118215). - scsi: lpfc: update manufacturer attribute to reflect Broadcom (bsc#1118215). - scsi: target: add emulate_pr backstore attr to toggle PR support (bsc#1091405). - scsi: target: drop unused pi_prot_format attribute storage (bsc#1091405). - scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bsc#1121483, LTC#174588). - shmem: introduce shmem_inode_acct_block (VM Functionality, bsc#1121599). - shmem: shmem_charge: verify max_block is not exceeded before inode update (VM Functionality, bsc#1121599). - skd: Avoid that module unloading triggers a use-after-free (Git-fixes). - skd: Submit requests to firmware before triggering the doorbell (Git-fixes). - soc: bcm2835: sync firmware properties with downstream () - spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode (bsc#1051510). - spi: bcm2835: Fix book-keeping of DMA termination (bsc#1051510). - spi: bcm2835: Fix race on DMA termination (bsc#1051510). - spi: bcm2835: Unbreak the build of esoteric configs (bsc#1051510). - splice: do not read more than available pipe space (bsc#1119212). - staging: bcm2835-camera: Abort probe if there is no camera (bsc#1051510). - staging: rtl8712: Fix possible buffer overrun (bsc#1051510). - staging: rtl8723bs: Add missing return for cfg80211_rtw_get_station (bsc#1051510). - staging: rts5208: fix gcc-8 logic error warning (bsc#1051510). - staging: wilc1000: fix missing read_write setting when reading data (bsc#1051510). - supported.conf: add raspberrypi-ts driver - supported.conf: whitelist bluefield eMMC driver - target/iscsi: avoid NULL dereference in CHAP auth error path (bsc#1117165). - target: se_dev_attrib.emulate_pr ABI stability (bsc#1091405). - team: no need to do team_notify_peers or team_mcast_rejoin when disabling port (bsc#1051510). - termios, tty/tty_baudrate.c: fix buffer overrun (bsc#1051510). - test_hexdump: use memcpy instead of strncpy (bsc#1051510). - tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset (bsc#1051510). - tools: hv: fcopy: set 'error' in case an unknown operation was requested (git-fixes). - Tools: hv: Fix a bug in the key delete code (git-fixes). - tools: hv: include string.h in hv_fcopy_daemon (git-fixes). - tools/lib/lockdep: Rename 'trywlock' into 'trywrlock' (bsc#1121973). - tools/power/cpupower: fix compilation with STATIC=true (git-fixes). - tools/power turbostat: fix possible sprintf buffer overflow (git-fixes). - tracing/blktrace: Fix to allow setting same value (Git-fixes). - tracing: Fix bad use of igrab in trace_uprobe.c (bsc#1120046). - tracing: Fix crash when freeing instances with event triggers (bsc#1120230). - tracing: Fix crash when it fails to alloc ring buffer (bsc#1120097). - tracing: Fix double free of event_trigger_data (bsc#1120234). - tracing: Fix missing return symbol in function_graph output (bsc#1120232). - tracing: Fix possible double free in event_enable_trigger_func() (bsc#1120235). - tracing: Fix possible double free on failure of allocating trace buffer (bsc#1120214). - tracing: Fix regex_match_front() to not over compare the test string (bsc#1120223). - tracing: Fix trace_pipe behavior for instance traces (bsc#1120088). - tracing: Remove RCU work arounds from stack tracer (bsc#1120092). - tracing/samples: Fix creation and deletion of simple_thread_fn creation (git-fixes). - tty: Do not hold ldisc lock in tty_reopen() if ldisc present (bsc#1051510). - tty: Do not return -EAGAIN in blocking read (bsc#1116040). - tty: do not set TTY_IO_ERROR flag if console port (bsc#1051510). - tty: serial: 8250_mtk: always resume the device in probe (bsc#1051510). - ubifs: Handle re-linking of inodes correctly while recovery (bsc#1120598). - ubifs-Handle-re-linking-of-inodes-correctly-while-re.patch: Fixup compilation failure due to different ubifs_assert() prototype. - udf: Allow mounting volumes with incorrect identification strings (bsc#1118774). - unifdef: use memcpy instead of strncpy (bsc#1051510). - usb: appledisplay: Add 27' Apple Cinema Display (bsc#1051510). - usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series (bsc#1051510). - usb: dwc2: host: use hrtimer for NAK retries (git-fixes). - usb: hso: Fix OOB memory access in hso_probe/hso_get_config_data (bsc#1051510). - usbip: vhci_hcd: check rhport before using in vhci_hub_control() (bsc#1090888). - usb: omap_udc: fix crashes on probe error and module removal (bsc#1051510). - usb: omap_udc: fix omap_udc_start() on 15xx machines (bsc#1051510). - usb: omap_udc: fix USB gadget functionality on Palm Tungsten E (bsc#1051510). - usb: omap_udc: use devm_request_irq() (bsc#1051510). - usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device (bsc#1051510). - usb: serial: option: add Fibocom NL668 series (bsc#1051510). - usb: serial: option: add GosunCn ZTE WeLink ME3630 (bsc#1051510). - usb: serial: option: add HP lt4132 (bsc#1051510). - usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) (bsc#1051510). - usb: serial: option: add Telit LN940 series (bsc#1051510). - usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() (bsc#1106110). - usb: usb-storage: Add new IDs to ums-realtek (bsc#1051510). - usb: xhci: fix uninitialized completion when USB3 port got wrong status (bsc#1051510). - usb: xhci: Prevent bus suspend if a port connect change or polling state is detected (bsc#1051510). - userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails (bsc#1118761). - userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (bsc#1118809). - v9fs_dir_readdir: fix double-free on p9stat_read error (bsc#1118771). - vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505). - watchdog/core: Add missing prototypes for weak functions (git-fixes). - wireless: airo: potential buffer overflow in sprintf() (bsc#1051510). - wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()' (bsc#1051510). - x86/bugs: Add AMD's SPEC_CTRL MSR usage (bsc#1106913). - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bsc#1106913). - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features (bsc#1106913). - x86/decoder: Fix and update the opcodes map (bsc#1058115). - x86/kabi: Fix cpu_tlbstate issue (bsc#1106913). - x86/l1tf: Show actual SMT state (bsc#1106913). - x86/mm: Fix decoy address handling vs 32-bit builds (bsc#1120606). - x86/pci: Add additional VMD device root ports to VMD AER quirk (bsc#1120058). - x86/pci: Add 'pci=big_root_window' option for AMD 64-bit windows (bsc#1120058). - x86/pci: Apply VMD's AERSID fixup generically (bsc#1120058). - x86/pci: Avoid AMD SB7xx EHCI USB wakeup defect (bsc#1120058). - x86/pci: Enable a 64bit BAR on AMD Family 15h (Models 00-1f, 30-3f, 60-7f) (bsc#1120058). - x86/pci: Enable AMD 64-bit window on resume (bsc#1120058). - x86/pci: Fix infinite loop in search for 64bit BAR placement (bsc#1120058). - x86/pci: Move and shrink AMD 64-bit window to avoid conflict (bsc#1120058). - x86/pci: Move VMD quirk to x86 fixups (bsc#1120058). - x86/pci: Only enable a 64bit BAR on single-socket AMD Family 15h (bsc#1120058). - x86/pci: Use is_vmd() rather than relying on the domain number (bsc#1120058). - x86/process: Consolidate and simplify switch_to_xtra() code (bsc#1106913). - x86/pti: Document fix wrong index (git-fixes). - x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support (bsc#1106913). - x86/retpoline: Remove minimal retpoline support (bsc#1106913). - x86/speculataion: Mark command line parser data __initdata (bsc#1106913). - x86/speculation: Add command line control for indirect branch speculation (bsc#1106913). - x86/speculation: Add prctl() control for indirect branch speculation (bsc#1106913). - x86/speculation: Add seccomp Spectre v2 user space protection mode (bsc#1106913). - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak (bsc#1106913). - x86/speculation: Avoid __switch_to_xtra() calls (bsc#1106913). - x86/speculation: Clean up spectre_v2_parse_cmdline() (bsc#1106913). - x86/speculation: Disable STIBP when enhanced IBRS is in use (bsc#1106913). - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1106913). - x86/speculation: Enable prctl mode for spectre_v2_user (bsc#1106913). - x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off (bnc#1114871). - x86/speculation: Mark string arrays const correctly (bsc#1106913). - x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (bsc#1106913). - x86/speculation: Prepare arch_smt_update() for PRCTL mode (bsc#1106913). - x86/speculation: Prepare for conditional IBPB in switch_mm() (bsc#1106913). - x86/speculation: Prepare for per task indirect branch speculation control (bsc#1106913). - x86/speculation: Prevent stale SPEC_CTRL msr content (bsc#1106913). - x86/speculation: Propagate information about RSB filling mitigation to sysfs (bsc#1106913). - x86/speculation: Provide IBPB always command line options (bsc#1106913). - x86/speculation: Remove unnecessary ret variable in cpu_show_common() (bsc#1106913). - x86/speculation: Rename SSBD update functions (bsc#1106913). - x86/speculation: Reorder the spec_v2 code (bsc#1106913). - x86/speculation: Reorganize speculation control MSRs update (bsc#1106913). - x86/speculation: Rework SMT state change (bsc#1106913). - x86/speculation: Split out TIF update (bsc#1106913). - x86/speculation: Unify conditional spectre v2 print functions (bsc#1106913). - x86/speculation: Update the TIF_SSBD comment (bsc#1106913). - xen/netfront: tolerate frags with no data (bnc#1119804). - xfs: Align compat attrlist_by_handle with native implementation (git-fixes). - xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621). - xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat (git-fixes). - xfs: xfs_buf: drop useless LIST_HEAD (git-fixes). - xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc (bsc#1117162). - xhci: Do not prevent USB2 bus suspend in state check intended for USB3 only (bsc#1051510). - xhci: Prevent U1/U2 link pm states if exit latency is too long (bsc#1051510). Important SUSE bug 1024718 SUSE bug 1046299 SUSE bug 1050242 SUSE bug 1050244 SUSE bug 1051510 SUSE bug 1055121 SUSE bug 1055186 SUSE bug 1058115 SUSE bug 1060463 SUSE bug 1065729 SUSE bug 1078248 SUSE bug 1079935 SUSE bug 1082387 SUSE bug 1083647 SUSE bug 1086282 SUSE bug 1086283 SUSE bug 1086423 SUSE bug 1087084 SUSE bug 1087978 SUSE bug 1088386 SUSE bug 1090888 SUSE bug 1091405 SUSE bug 1094244 SUSE bug 1097593 SUSE bug 1102875 SUSE bug 1102877 SUSE bug 1102879 SUSE bug 1102882 SUSE bug 1102896 SUSE bug 1103257 SUSE bug 1104353 SUSE bug 1104427 SUSE bug 1104967 SUSE bug 1105168 SUSE bug 1106105 SUSE bug 1106110 SUSE bug 1106615 SUSE bug 1106913 SUSE bug 1108270 SUSE bug 1109272 SUSE bug 1110558 SUSE bug 1111188 SUSE bug 1111469 SUSE bug 1111696 SUSE bug 1111795 SUSE bug 1112128 SUSE bug 1113722 SUSE bug 1114648 SUSE bug 1114871 SUSE bug 1116040 SUSE bug 1116336 SUSE bug 1116803 SUSE bug 1116841 SUSE bug 1117115 SUSE bug 1117162 SUSE bug 1117165 SUSE bug 1117186 SUSE bug 1117561 SUSE bug 1117656 SUSE bug 1117953 SUSE bug 1118215 SUSE bug 1118319 SUSE bug 1118428 SUSE bug 1118484 SUSE bug 1118505 SUSE bug 1118752 SUSE bug 1118760 SUSE bug 1118761 SUSE bug 1118762 SUSE bug 1118766 SUSE bug 1118767 SUSE bug 1118768 SUSE bug 1118769 SUSE bug 1118771 SUSE bug 1118772 SUSE bug 1118773 SUSE bug 1118774 SUSE bug 1118775 SUSE bug 1118787 SUSE bug 1118788 SUSE bug 1118798 SUSE bug 1118809 SUSE bug 1118962 SUSE bug 1119017 SUSE bug 1119086 SUSE bug 1119212 SUSE bug 1119322 SUSE bug 1119410 SUSE bug 1119714 SUSE bug 1119749 SUSE bug 1119804 SUSE bug 1119946 SUSE bug 1119962 SUSE bug 1119968 SUSE bug 1120036 SUSE bug 1120046 SUSE bug 1120053 SUSE bug 1120054 SUSE bug 1120055 SUSE bug 1120058 SUSE bug 1120088 SUSE bug 1120092 SUSE bug 1120094 SUSE bug 1120096 SUSE bug 1120097 SUSE bug 1120173 SUSE bug 1120214 SUSE bug 1120223 SUSE bug 1120228 SUSE bug 1120230 SUSE bug 1120232 SUSE bug 1120234 SUSE bug 1120235 SUSE bug 1120238 SUSE bug 1120594 SUSE bug 1120598 SUSE bug 1120600 SUSE bug 1120601 SUSE bug 1120602 SUSE bug 1120603 SUSE bug 1120604 SUSE bug 1120606 SUSE bug 1120612 SUSE bug 1120613 SUSE bug 1120614 SUSE bug 1120615 SUSE bug 1120616 SUSE bug 1120617 SUSE bug 1120618 SUSE bug 1120620 SUSE bug 1120621 SUSE bug 1120632 SUSE bug 1120633 SUSE bug 1120743 SUSE bug 1120954 SUSE bug 1121017 SUSE bug 1121058 SUSE bug 1121263 SUSE bug 1121273 SUSE bug 1121477 SUSE bug 1121483 SUSE bug 1121599 SUSE bug 1121621 SUSE bug 1121714 SUSE bug 1121715 SUSE bug 1121973 CVE-2018-12232 CVE-2018-14625 CVE-2018-16862 CVE-2018-16884 CVE-2018-18397 CVE-2018-19407 CVE-2018-19854 CVE-2018-19985 CVE-2018-20169 CVE-2018-9568 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for spamassassin to version 3.4.2 fixes the following issues: Security issues fixed: - CVE-2017-15705: Fixed denial of service via unclosed tags in crafted emails (bsc#1108745). - CVE-2018-11781: Fixed a code injection in the meta rule syntax by local users (bsc#1108748). - CVE-2018-11780: Fixed a potential remote code execution vulnerability in PDFInfo plugin (bsc#1108750). Non-security issues fixed: - Added four new plugins (disabled by default): HashBL, ResourceLimits, FromNameSpoof, Phishing - sa-update script: optional support for SHA-256 / SHA-512 been added for better validation of rules - GeoIP2 support has been added to RelayCountry and URILocalBL plugins - Several new or enhanced configuration options Important SUSE bug 1108745 SUSE bug 1108748 SUSE bug 1108750 CVE-2016-1238 CVE-2017-15705 CVE-2018-11780 CVE-2018-11781 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openexr fixes the following issues: Security issue fixed: - CVE-2017-9111: Fixed an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h (bsc#1040109). - CVE-2017-9113: Fixed an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp (bsc#1040113). - CVE-2017-9115: Fixed an invalid write of size 2 in the = operator function inhalf.h (bsc#1040115). - CVE-2018-18444: Fixed Out-of-bounds write in makeMultiView.cpp (bsc#1113455). - CVE-2017-9112: Fixed invalid read of size 1 in the getBits function in ImfHuf.cpp (bsc#1040112). Moderate SUSE bug 1040109 SUSE bug 1040112 SUSE bug 1040113 SUSE bug 1040115 SUSE bug 1113455 CVE-2017-9111 CVE-2017-9112 CVE-2017-9113 CVE-2017-9115 CVE-2018-18444 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libsolv, libzypp and zypper fixes the following issues: libsolv was updated to version 0.6.36 fixes the following issues: Security issues fixed: - CVE-2018-20532: Fixed a NULL pointer dereference in testcase_read() (bsc#1120629). - CVE-2018-20533: Fixed a NULL pointer dereference in testcase_str2dep_complex() (bsc#1120630). - CVE-2018-20534: Fixed a NULL pointer dereference in pool_whatprovides() (bsc#1120631). Non-security issues fixed: - Made cleandeps jobs on patterns work (bsc#1137977). - Fixed an issue multiversion packages that obsolete their own name (bsc#1127155). - Keep consistent package name if there are multiple alternatives (bsc#1131823). libzypp received following fixes: - Fixes a bug where locking the kernel was not possible (bsc#1113296) zypper received following fixes: - Fixes a bug where the wrong exit code was set when refreshing repos if --root was used (bsc#1134226) - Improved the displaying of locks (bsc#1112911) - Fixes an issue where `https` repository urls caused an error prompt to appear twice (bsc#1110542) - zypper will now always warn when no repositories are defined (bsc#1109893) Moderate SUSE bug 1109893 SUSE bug 1110542 SUSE bug 1111319 SUSE bug 1112911 SUSE bug 1113296 SUSE bug 1120629 SUSE bug 1120630 SUSE bug 1120631 SUSE bug 1127155 SUSE bug 1131823 SUSE bug 1134226 SUSE bug 1137977 CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for cronie fixes the following issues: Security issues fixed: - CVE-2019-9704: Fixed an insufficient check in the return value of calloc which could allow a local user to create Denial of Service by crashing the deamon (bsc#1128937). - CVE-2019-9705: Fixed an implementation vulnerability which could allow a local user to exhaust the memory resulting in Denial of Service (bsc#1128935). Bug fixes: - Manual start of cron is possible even when it's already started using systemd (bsc#1133100). - Cron schedules only one job of crontab (bsc#1130746). Low SUSE bug 1128935 SUSE bug 1128937 SUSE bug 1130746 SUSE bug 1133100 CVE-2019-9704 CVE-2019-9705 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5436: Fixed a heap buffer overflow in tftp_receive_packet() (bsc#1135170). Important SUSE bug 1135170 CVE-2019-5436 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ImageMagick fixes the following issues: - CVE-2019-13301: Fixed a memory leak in AcquireMagickMemory() (bsc#1140554). - CVE-2019-13310: Fixed a memory leak at AcquireMagickMemory because of an error in MagickWand/mogrify.c (bsc#1140501). - CVE-2019-13311: Fixed a memory leak at AcquireMagickMemory because of a wand/mogrify.c error (bsc#1140513). - CVE-2019-13454: Fixed a division by zero in RemoveDuplicateLayers in MagickCore/layer.c (bsc#1141171). - CVE-2019-13295: Fixed a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage (bsc#1140664). - CVE-2019-13297: Fixed a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage (bsc#1140666). - CVE-2019-12979: Fixed the use of uninitialized values in SyncImageSettings() (bsc#1139886). - CVE-2019-13391: Fixed a heap-based buffer over-read in MagickCore/fourier.c (bsc#1140673). - CVE-2019-13308: Fixed a heap-based buffer overflow in MagickCore/fourier.c (bsc#1140534). - CVE-2019-13300: Fixed a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages (bsc#1140669). - CVE-2019-13307: Fixed a heap-based buffer overflow at MagickCore/statistic.c (bsc#1140538). - CVE-2019-12975: Fixed a memory leak in the WriteDPXImage() in coders/dpx.c (bsc#1140106). - CVE-2019-13135: Fixed the use of uninitialized values in ReadCUTImage() (bsc#1140103). - CVE-2019-12978: Fixed the use of uninitialized values in ReadPANGOImage() (bsc#1139885). - CVE-2019-12974: Fixed a NULL pointer dereference in the ReadPANGOImage() (bsc#1140111). - CVE-2019-13133: Fixed a memory leak in the ReadBMPImage() (bsc#1140100). - CVE-2019-13134: Fixed a memory leak in the ReadVIFFImage() (bsc#1140102). - CVE-2019-12976: Fixed a memory leak in the ReadPCLImage() in coders/pcl.c(bsc#1140110). Moderate SUSE bug 1139885 SUSE bug 1139886 SUSE bug 1140100 SUSE bug 1140102 SUSE bug 1140103 SUSE bug 1140106 SUSE bug 1140110 SUSE bug 1140111 SUSE bug 1140501 SUSE bug 1140513 SUSE bug 1140534 SUSE bug 1140538 SUSE bug 1140554 SUSE bug 1140664 SUSE bug 1140666 SUSE bug 1140669 SUSE bug 1140673 SUSE bug 1141171 CVE-2019-12974 CVE-2019-12975 CVE-2019-12976 CVE-2019-12978 CVE-2019-12979 CVE-2019-13133 CVE-2019-13134 CVE-2019-13135 CVE-2019-13295 CVE-2019-13297 CVE-2019-13300 CVE-2019-13301 CVE-2019-13307 CVE-2019-13308 CVE-2019-13310 CVE-2019-13311 CVE-2019-13391 CVE-2019-13454 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for bzip2 fixes the following issues: - Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors (bsc#1139083). Important SUSE bug 1139083 CVE-2019-12900 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openexr fixes the following issues: - CVE-2017-14988: Fixed a denial of service in Header::readfrom() (bsc#1061305). Moderate SUSE bug 1061305 CVE-2017-14988 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_7_0-openjdk to version 7u231 fixes the following issues: Security issues fixed: - CVE_2019-2426: Improve web server connections (bsc#1134297). - CVE-2019-2745: Improved ECC Implementation (bsc#1141784). - CVE-2019-2762: Exceptional throw cases (bsc#1141782). - CVE-2019-2766: Improve file protocol handling (bsc#1141789). - CVE-2019-2769: Better copies of CopiesList (bsc#1141783). - CVE-2019-2786: More limited privilege usage (bsc#1141787). - CVE-2019-2816: Normalize normalization (bsc#1141785). - CVE-2019-2842: Extended AES support (bsc#1141786). - CVE-2019-7317: Improve PNG support (bsc#1141780). - CVE-2018-3639: fix revision to prefer PR_SPEC_DISABLE_NOEXEC to PR_SPEC_DISABLE (bsc#1087082). - Certificate validation improvements Important SUSE bug 1087082 SUSE bug 1134297 SUSE bug 1141780 SUSE bug 1141782 SUSE bug 1141783 SUSE bug 1141784 SUSE bug 1141785 SUSE bug 1141786 SUSE bug 1141787 SUSE bug 1141789 CVE-2018-3639 CVE-2019-2426 CVE-2019-2745 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-2842 CVE-2019-7317 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for polkit fixes the following issues: Security issue fixed: - CVE-2019-6133: Fixed improper caching of auth decisions, which could bypass uid checking in the interactive backend (bsc#1121826). Important SUSE bug 1121826 CVE-2019-6133 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_8_0-openjdk to version 8u222 fixes the following issues: Security issues fixed: - CVE-2019-2745: Improved ECC Implementation (bsc#1141784). - CVE-2019-2762: Exceptional throw cases (bsc#1141782). - CVE-2019-2766: Improve file protocol handling (bsc#1141789). - CVE-2019-2769: Better copies of CopiesList (bsc#1141783). - CVE-2019-2786: More limited privilege usage (bsc#1141787). - CVE-2019-2816: Normalize normalization (bsc#1141785). - CVE-2019-2842: Extended AES support (bsc#1141786). - CVE-2019-7317: Improve PNG support (bsc#1141780). - Certificate validation improvements Non-security issue fixed: - Fixed an issue where the installation failed when the manpages are not present (bsc#1115375) Important SUSE bug 1115375 SUSE bug 1141780 SUSE bug 1141782 SUSE bug 1141783 SUSE bug 1141784 SUSE bug 1141785 SUSE bug 1141786 SUSE bug 1141787 SUSE bug 1141789 CVE-2019-2745 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-2842 CVE-2019-7317 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python3 fixes the following issues: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). - CVE-2018-14647: Fixed a denial of service vulnerability caused by a crafted XML document (bsc#1109847). - CVE-2018-1000802: Fixed a command injection in the shutil module (bsc#1109663). Important SUSE bug 1109663 SUSE bug 1109847 SUSE bug 1138459 CVE-2018-1000802 CVE-2018-14647 CVE-2019-10160 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-20855: An issue was discovered in the Linux kernel In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace(bsc#1143045). - CVE-2019-1125: Exclude ATOMs from speculation through SWAPGS (bsc#1139358). - CVE-2019-14283: In the Linux kernel, set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It could be triggered by an unprivileged local user when a floppy disk was inserted. NOTE: QEMU creates the floppy device by default. (bnc#1143191) - CVE-2019-11810: An issue was discovered in the Linux kernel A NULL pointer dereference could occur when megasas_create_frame_pool() failed in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This caused a Denial of Service, related to a use-after-free (bnc#1134399). - CVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory was disabled, a local user could cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sent a crafted signal frame. (bnc#1142254) - CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel, a malicious USB device could send an HID report that triggered an out-of-bounds write during generation of debugging messages. (bnc#1142023) The following non-security bugs were fixed: - Correct the CVE and bug reference for a floppy security fix (CVE-2019-14284,bsc#1143189) A dedicated CVE was already assigned - acpi/nfit: Always dump _DSM output payload (bsc#1142351). - Add back sibling paca poiter to paca (bsc#1055117). - Add support for crct10dif-vpmsum (). - af_unix: remove redundant lockdep class (git-fixes). - alsa: compress: Be more restrictive about when a drain is allowed (bsc#1051510). - alsa: compress: Do not allow paritial drain operations on capture streams (bsc#1051510). - alsa: compress: Fix regression on compressed capture streams (bsc#1051510). - alsa: compress: Prevent bypasses of set_params (bsc#1051510). - alsa: hda - Add a conexant codec entry to let mute led work (bsc#1051510). - alsa: hda - Do not resume forcibly i915 HDMI/DP codec (bsc#1111666). - alsa: hda - Fix intermittent CORB/RIRB stall on Intel chips (bsc#1111666). - alsa: hda/hdmi - Fix i915 reverse port/pin mapping (bsc#1111666). - alsa: hda/hdmi - Remove duplicated define (bsc#1111666). - alsa: hda - Optimize resume for codecs without jack detection (bsc#1111666). - alsa: hda/realtek: apply ALC891 headset fixup to one Dell machine (bsc#1051510). - alsa: hda/realtek - Fixed Headphone Mic can't record on Dell platform (bsc#1051510). - alsa: hda/realtek - Headphone Mic can't record after S3 (bsc#1051510). - alsa: line6: Fix a typo (bsc#1051510). - alsa: line6: Fix wrong altsetting for LINE6_PODHD500_1 (bsc#1051510). - alsa: seq: Break too long mutex context in the write loop (bsc#1051510). - alsa: usb-audio: Add quirk for Focusrite Scarlett Solo (bsc#1051510). - alsa: usb-audio: Add quirk for MOTU MicroBook II (bsc#1051510). - alsa: usb-audio: Cleanup DSD whitelist (bsc#1051510). - alsa: usb-audio: Enable .product_name override for Emagic, Unitor 8 (bsc#1051510). - alsa: usb-audio: fix Line6 Helix audio format rates (bsc#1111666). - alsa: usb-audio: Sanity checks for each pipe and EP types (bsc#1051510). - arm64: do not override dma_max_pfn (jsc#SLE-6197 bsc#1140559 LTC#173150). - asoc : cs4265 : readable register too low (bsc#1051510). - asoc: max98090: remove 24-bit format support if RJ is 0 (bsc#1051510). - asoc: soc-pcm: BE dai needs prepare when pause release after resume (bsc#1051510). - ath10k: add missing error handling (bsc#1111666). - ath10k: add peer id check in ath10k_peer_find_by_id (bsc#1111666). - ath10k: destroy sdio workqueue while remove sdio module (bsc#1111666). - ath10k: Do not send probe response template for mesh (bsc#1111666). - ath10k: Fix encoding for protected management frames (bsc#1111666). - ath10k: fix incorrect multicast/broadcast rate setting (bsc#1111666). - ath10k: fix PCIE device wake up failed (bsc#1111666). - ath6kl: add some bounds checking (bsc#1051510). - ath9k: Check for errors when reading SREV register (bsc#1111666). - ath9k: correctly handle short radar pulses (bsc#1111666). - ath: DFS JP domain W56 fixed pulse type 3 RADAR detection (bsc#1111666). - batman-adv: fix for leaked TVLV handler (bsc#1051510). - bcache: acquire bch_register_lock later in cached_dev_detach_finish() (bsc#1140652). - bcache: acquire bch_register_lock later in cached_dev_free() (bsc#1140652). - bcache: add code comments for journal_read_bucket() (bsc#1140652). - bcache: Add comments for blkdev_put() in registration code path (bsc#1140652). - bcache: add comments for closure_fn to be called in closure_queue() (bsc#1140652). - bcache: add comments for kobj release callback routine (bsc#1140652). - bcache: add comments for mutex_lock(b->write_lock) (bsc#1140652). - bcache: add error check for calling register_bdev() (bsc#1140652). - bcache: add failure check to run_cache_set() for journal replay (bsc#1140652). - bcache: add io error counting in write_bdev_super_endio() (bsc#1140652). - bcache: add more error message in bch_cached_dev_attach() (bsc#1140652). - bcache: add pendings_cleanup to stop pending bcache device (bsc#1140652). - bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652). - bcache: add return value check to bch_cached_dev_run() (bsc#1140652). - bcache: avoid a deadlock in bcache_reboot() (bsc#1140652). - bcache: avoid clang -Wunintialized warning (bsc#1140652). - bcache: avoid flushing btree node in cache_set_flush() if io disabled (bsc#1140652). - bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE bit in bch_journal() (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE in allocator code (bsc#1140652). - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush() (bsc#1140652). - bcache: Clean up bch_get_congested() (bsc#1140652). - bcache: destroy dc->writeback_write_wq if failed to create dc->writeback_thread (bsc#1140652). - bcache: do not assign in if condition in bcache_device_init() (bsc#1140652). - bcache: do not set max writeback rate if gc is running (bsc#1140652). - bcache: fix a race between cache register and cacheset unregister (bsc#1140652). - bcache: fix crashes stopping bcache device before read miss done (bsc#1140652). - bcache: fix failure in journal relplay (bsc#1140652). - bcache: fix inaccurate result of unused buckets (bsc#1140652). - bcache: fix mistaken sysfs entry for io_error counter (bsc#1140652). - bcache: fix potential deadlock in cached_def_free() (bsc#1140652). - bcache: fix race in btree_flush_write() (bsc#1140652). - bcache: fix return value error in bch_journal_read() (bsc#1140652). - bcache: fix stack corruption by PRECEDING_KEY() (bsc#1140652). - bcache: fix wrong usage use-after-freed on keylist in out_nocoalesce branch of btree_gc_coalesce (bsc#1140652). - bcache: ignore read-ahead request failure on backing device (bsc#1140652). - bcache: improve bcache_reboot() (bsc#1140652). - bcache: improve error message in bch_cached_dev_run() (bsc#1140652). - bcache: make bset_search_tree() be more understandable (bsc#1140652). - bcache: make is_discard_enabled() static (bsc#1140652). - bcache: more detailed error message to bcache_device_link() (bsc#1140652). - bcache: move definition of 'int ret' out of macro read_bucket() (bsc#1140652). - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() (bsc#1140652). - bcache: only clear BTREE_NODE_dirty bit when it is set (bsc#1140652). - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1140652). - bcache: performance improvement for btree_flush_write() (bsc#1140652). bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652). - bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652). - bcache: remove retry_flush_write from struct cache_set (bsc#1140652). - bcache: remove unncessary code in bch_btree_keys_init() (bsc#1140652). - bcache: remove unnecessary prefetch() in bset_search_tree() (bsc#1140652). - bcache: return error immediately in bch_journal_replay() (bsc#1140652). - bcache: Revert 'bcache: fix high CPU occupancy during journal' (bsc#1140652). - bcache: Revert 'bcache: free heap cache_set->flush_btree in bch_journal_free' (bsc#1140652). - bcache: set largest seq to ja->seq[bucket_index] in journal_read_bucket() (bsc#1140652). - bcache: shrink btree node cache after bch_btree_check() (bsc#1140652). - bcache: stop writeback kthread and kworker when bch_cached_dev_run() failed (bsc#1140652). - bcache: use sysfs_match_string() instead of __sysfs_match_string() (bsc#1140652). - be2net: Fix number of Rx queues used for flow hashing (networking-stable-19_06_18). - be2net: Signal that the device cannot transmit during reconfiguration (bsc#1127315). - be2net: Synchronize be_update_queues with dev_watchdog (bsc#1127315). - block, bfq: NULL out the bic when it's no longer valid (bsc#1142359). - bnx2x: Prevent load reordering in tx completion processing (bsc#1142868). - bnxt_en: Cap the returned MSIX vectors to the RDMA driver (bsc#1134090 jsc#SLE-5954). - bnxt_en: Disable bus master during PCI shutdown and driver unload (bsc#1104745). - bnxt_en: Fix aggregation buffer leak under OOM condition (networking-stable-19_05_31). - bnxt_en: Fix statistics context reservation logic for RDMA driver (bsc#1104745). - bnxt_en: Suppress error messages when querying DSCP DCB capabilities (bsc#1104745). - bonding: fix arp_validate toggling in active-backup mode (networking-stable-19_05_14). - bonding: Force slave speed check after link state recovery for 802.3ad (bsc#1137584). - bpf: btf: fix the brackets of BTF_INT_OFFSET() (bsc#1083647). - bpf: fix callees pruning callers (bsc#1109837). - bpf: fix nested bpf tracepoints with per-cpu data (bsc#1083647). - bpf, x64: fix stack layout of JITed bpf code (bsc#1083647). - bpf, x64: save 5 bytes in prologue when ebpf insns came from cbpf (bsc#1083647). - bridge: Fix error path for kobject_init_and_add() (networking-stable-19_05_14). - btrfs: fix race between block group removal and block group allocation (bsc#1143003). - carl9170: fix misuse of device driver API (bsc#1111666). - cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() (bsc#1141478). - clk: qcom: Fix -Wunused-const-variable (bsc#1051510). - clk: rockchip: Do not yell about bad mmc phases when getting (bsc#1051510). - clk: tegra210: fix PLLU and PLLU_OUT1 (bsc#1051510). - Correct iwlwifi 22000 series ucode file name (bsc#1142673) - Correct the buggy backport about AER / DPC pcie stuff (bsc#1142623) - cpufreq: acpi-cpufreq: Report if CPU does not support boost technologies (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix initial command check (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency (bsc#1051510). - cpufreq: check if policy is inactive early in __cpufreq_get() (bsc#1051510). - cpufreq: kirkwood: fix possible object reference leak (bsc#1051510). - cpufreq/pasemi: fix possible object reference leak (bsc#1051510). - cpufreq: pmac32: fix possible object reference leak (bsc#1051510). - cpufreq: ppc_cbe: fix possible object reference leak (bsc#1051510). - cpufreq: Use struct kobj_attribute instead of struct global_attr (bsc#1051510). - crypto: arm64/sha1-ce - correct digest for empty data in finup (bsc#1051510). - crypto: arm64/sha2-ce - correct digest for empty data in finup (bsc#1051510). - crypto: ccp - Fix 3DES complaint from ccp-crypto module (bsc#1051510). - crypto: ccp - fix AES CFB error exposed by new test vectors (bsc#1051510). - crypto: ccp - Fix SEV_VERSION_GREATER_OR_EQUAL (bsc#1051510). - crypto: ccp/gcm - use const time tag comparison (bsc#1051510). - crypto: ccp - memset structure fields to zero before reuse (bsc#1051510). - crypto: ccp - Validate the the error value used to index error messages (bsc#1051510). - crypto: chacha20poly1305 - fix atomic sleep when using async algorithm (bsc#1051510). - crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe (bsc#1051510). - crypto: ghash - fix unaligned memory access in ghash_setkey() (bsc#1051510). - crypto: talitos - Align SEC1 accesses to 32 bits boundaries (bsc#1051510). - crypto: talitos - check data blocksize in ablkcipher (bsc#1051510). - crypto: talitos - fix CTR alg blocksize (bsc#1051510). - crypto: talitos - fix max key size for sha384 and sha512 (bsc#1051510). - crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking (bsc#1051510). - crypto: talitos - properly handle split ICV (bsc#1051510). - crypto: talitos - reduce max key size for SEC1 (bsc#1051510). - crypto: talitos - rename alternative AEAD algos (bsc#1051510). - dasd_fba: Display '00000000' for zero page when dumping sense (bsc#1123080). - Delete patches.fixes/s390-setup-fix-early-warning-messages (bsc#1140948). - dma-buf: Discard old fence_excl on retrying get_fences_rcu for realloc (bsc#1111666). - dma-direct: add support for allocation from ZONE_DMA and ZONE_DMA32 (jsc#SLE-6197 bsc#1140559 LTC#173150). - dma-direct: do not retry allocation for no-op GFP_DMA (jsc#SLE-6197 bsc#1140559 LTC#173150). - dma-direct: retry allocations using GFP_DMA for small masks (jsc#SLE-6197 bsc#1140559 LTC#173150). - dmaengine: hsu: Revert 'set HSU_CH_MTSR to memory width' (bsc#1051510). - dma-mapping: move dma_mark_clean to dma-direct.h (jsc#SLE-6197 bsc#1140559 LTC#173150). - dma-mapping: move swiotlb arch helpers to a new header (jsc#SLE-6197 bsc#1140559 LTC#173150). - dma-mapping: take dma_pfn_offset into account in dma_max_pfn (jsc#SLE-6197 bsc#1140559 LTC#173150). - dpaa_eth: fix SG frame cleanup (networking-stable-19_05_14). - drm/amd/display: Make some functions static (bsc#1111666). - drm/atmel-hlcdc: revert shift by 8 (bsc#1111666). - drm/i915/cml: Introduce Comet Lake PCH (jsc#SLE-6681). - drm/i915/icl: Add WaDisableBankHangMode (bsc#1111666). - drm/meson: Add support for XBGR8888 + ABGR8888 formats (bsc#1051510). - drm/msm/a3xx: remove TPL1 regs from snapshot (bsc#1051510). - drm/msm/mdp5: Fix mdp5_cfg_init error return (bsc#1111666). - drm/nouveau/i2c: Enable i2c pads + busses during preinit (bsc#1051510). - drm: return -EFAULT if copy_to_user() fails (bsc#1111666). - drm/rockchip: Properly adjust to a true clock in adjusted_mode (bsc#1051510). - drm/udl: introduce a macro to convert dev to udl (bsc#1111666). - drm/udl: move to embedding drm device inside udl device (bsc#1111666). - drm/udl: Replace drm_dev_unref with drm_dev_put (bsc#1111666). - drm/vc4: fix fb references in async update (bsc#1141312). - drm/vmwgfx: Honor the sg list segment size limitation (bsc#1111666). - e1000e: start network tx queue only when link is up (bsc#1051510). - Enable intel-speed-select driver and update supported.conf (jsc#SLE-5364) - ethtool: check the return value of get_regs_len (git-fixes). - ethtool: fix potential userspace buffer overflow (networking-stable-19_06_09). - Fix kABI for asus-wmi quirk_entry field addition (bsc#1051510). - Fix memory leak in sctp_process_init (networking-stable-19_06_09). - fork, memcg: fix cached_stacks case (bsc#1134097). - fork, memcg: fix crash in free_thread_stack on memcg charge fail (bsc#1134097). - fpga: add intel stratix10 soc fpga manager driver (jsc#SLE-7057). - fpga: stratix10-soc: fix use-after-free on s10_init() (jsc#SLE-7057). - fpga: stratix10-soc: fix wrong of_node_put() in init function (jsc#jsc#SLE-7057). - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM (bsc#1111666). - hid: wacom: correct touch resolution x/y typo (bsc#1051510). - hid: wacom: generic: Correct pad syncing (bsc#1051510). - hid: wacom: generic: only switch the mode on devices with LEDs (bsc#1051510). - hid: wacom: generic: read HID_DG_CONTACTMAX from any feature report (bsc#1051510). - ib/ipoib: Add child to parent list only if device initialized (bsc#1103992). - ib/mlx5: Fixed reporting counters on 2nd port for Dual port RoCE (bsc#1103991). - idr: fix overflow case for idr_for_each_entry_ul() (bsc#1109837). - input: elantech - enable middle button support on 2 ThinkPads (bsc#1051510). - input: imx_keypad - make sure keyboard can always wake up system (bsc#1051510). - input: psmouse - fix build error of multiple definition (bsc#1051510). - input: synaptics - enable SMBUS on T480 thinkpad trackpad (bsc#1051510). - input: tm2-touchkey - acknowledge that setting brightness is a blocking call (bsc#1129770). - intel_th: msu: Fix single mode with disabled IOMMU (bsc#1051510). - iommu-helper: mark iommu_is_span_boundary as inline (jsc#SLE-6197 bsc#1140559 LTC#173150). - ipv4: Fix raw socket lookup for local traffic (networking-stable-19_05_14). - ipv4/igmp: fix another memory leak in igmpv3_del_delrec() (networking-stable-19_05_31). - ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST (networking-stable-19_05_31). - ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop (git-fixes). - ipv6: Consider sk_bound_dev_if when binding a raw socket to an address (networking-stable-19_05_31). - ipv6: fix EFAULT on sendto with icmpv6 and hdrincl (networking-stable-19_06_09). - ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero (networking-stable-19_06_18). - ipv6: use READ_ONCE() for inet->hdrincl as in ipv4 (networking-stable-19_06_09). - iwlwifi: correct one of the PCI struct names (bsc#1111666). - iwlwifi: do not WARN when calling iwl_get_shared_mem_conf with RF-Kill (bsc#1111666). - iwlwifi: fix cfg structs for 22000 with different RF modules (bsc#1111666). - iwlwifi: fix devices with PCI Device ID 0x34F0 and 11ac RF modules (bsc#1111666). - iwlwifi: Fix double-free problems in iwl_req_fw_callback() (bsc#1111666). - iwlwifi: fix RF-Kill interrupt while FW load for gen2 devices (bsc#1111666). - iwlwifi: mvm: Drop large non sta frames (bsc#1111666). - iwlwifi: pcie: do not service an interrupt that was masked (bsc#1111666). - iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X (bsc#1111666). - kabi fix for hda_codec.relaxed_resume flag (bsc#1111666). - kabi: Fix lost iommu-helper symbols on arm64 (jsc#SLE-6197 bsc#1140559 LTC#173150). - kabi: mask changes made by basic protected virtualization support (jsc#SLE-6197 bsc#1140559 LTC#173150). - kabi: mask changes made by swiotlb for protected virtualization (jsc#SLE-6197 bsc#1140559 LTC#173150). - kabi: mask changes made by use of DMA memory for adapter interrupts (jsc#SLE-6197 bsc#1140559 LTC#173150). - kabi: remove unused hcall definition (bsc#1140322 LTC#176270). - kbuild: use -flive-patching when CONFIG_LIVEPATCH is enabled (bsc#1071995). - kernel: jump label transformation performance (bsc#1137534 bsc#1137535 LTC#178058 LTC#178059). - kvm: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots (bsc#1133021). - kvm: arm/arm64: vgic-its: Take the srcu lock when writing to guest memory (bsc#1133021). - kvm: mmu: Fix overflow on kvm mmu page limit calculation (bsc#1135335). - kvm/mmu: kABI fix for *_mmu_pages changes in struct kvm_arch (bsc#1135335). - kvm: polling: add architecture backend to disable polling (bsc#1119222). - kvm: s390: change default halt poll time to 50us (bsc#1119222). - kvm: s390: enable CONFIG_HAVE_kvm_NO_POLL (bsc#1119222) We need to enable CONFIG_HAVE_kvm_NO_POLL for bsc#1119222 - kvm: s390: fix typo in parameter description (bsc#1119222). - kvm: s390: kABI Workaround for 'kvm_vcpu_stat' Add halt_no_poll_steal to kvm_vcpu_stat. Hide it from the kABI checker. - kvm: s390: kABI Workaround for 'lowcore' (bsc#1119222). - kvm: s390: provide kvm_arch_no_poll function (bsc#1119222). - kvm: svm/avic: Do not send AVIC doorbell to self (bsc#1140133). - kvm: SVM: Fix detection of AMD Errata 1096 (bsc#1142354). - lapb: fixed leak of control-blocks (networking-stable-19_06_18). - lib: fix stall in __bitmap_parselist() (bsc#1051510). - lib/bitmap.c: make bitmap_parselist() thread-safe and much faster (bsc#1143507). - libnvdimm/namespace: Fix label tracking error (bsc#1142350). - libnvdimm/region: Register badblocks before namespaces (bsc#1143209). - lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE (bsc#1051510). - livepatch: Remove duplicate warning about missing reliable stacktrace support (bsc#1071995). - livepatch: Use static buffer for debugging messages under rq lock (bsc#1071995). - llc: fix skb leak in llc_build_and_send_ui_pkt() (networking-stable-19_05_31). - mac80211: do not start any work during reconfigure flow (bsc#1111666). - mac80211: fix rate reporting inside cfg80211_calculate_bitrate_he() (bsc#1111666). - mac80211: free peer keys before vif down in mesh (bsc#1111666). - mac80211: mesh: fix RCU warning (bsc#1111666). - mac80211: only warn once on chanctx_conf being NULL (bsc#1111666). - media: cpia2_usb: first wake up, then free in disconnect (bsc#1135642). - media: marvell-ccic: fix DMA s/g desc number calculation (bsc#1051510). - media: s5p-mfc: Make additional clocks optional (bsc#1051510). - media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom() (bsc#1051510). - media: vivid: fix incorrect assignment operation when setting video mode (bsc#1051510). - mei: bus: need to unlink client before freeing (bsc#1051510). - mei: me: add denverton innovation engine device IDs (bsc#1051510). - mei: me: add gemini lake devices id (bsc#1051510). - memory: tegra: Fix integer overflow on tick value calculation (bsc#1051510). - memstick: Fix error cleanup path of memstick_init (bsc#1051510). - mfd: intel-lpss: Release IDA resources (bsc#1051510). - mips: fix an off-by-one in dma_capable (jsc#SLE-6197 bsc#1140559 LTC#173150). - mlxsw: spectrum_dcb: Configure DSCP map as the last rule is removed (bsc#1112374). - mmc: sdhci-pci: Try 'cd' for card-detect lookup before using NULL (bsc#1051510). - mm: migrate: Fix reference check race between __find_get_block() and migration (bnc#1137609). - mm/nvdimm: add is_ioremap_addr and use that to check ioremap address (bsc#1140322 LTC#176270). - mm, page_alloc: fix has_unmovable_pages for HugePages (bsc#1127034). - mm: replace all open encodings for NUMA_NO_NODE (bsc#1140322 LTC#176270). - mt7601u: do not schedule rx_tasklet when the device has been disconnected (bsc#1111666). - mt7601u: fix possible memory leak when the device is disconnected (bsc#1111666). - neigh: fix use-after-free read in pneigh_get_next (networking-stable-19_06_18). - net/af_iucv: build proper skbs for HiperTransport (bsc#1142221 LTC#179332). - net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142112 bsc#1142221 LTC#179334 LTC#179332). - net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142221 LTC#179332). - net: avoid weird emergency message (networking-stable-19_05_21). - net: fec: fix the clk mismatch in failed_reset path (networking-stable-19_05_31). - netfilter: conntrack: fix calculation of next bucket number in early_drop (git-fixes). - net-gro: fix use-after-free read in napi_gro_frags() (networking-stable-19_05_31). - net: hns3: Fix inconsistent indenting (bsc#1140676). - net: hns: fix ICMP6 neighbor solicitation messages discard problem (bsc#1140676). - net: hns: fix KASAN: use-after-free in hns_nic_net_xmit_hw() (bsc#1140676). - net: hns: Fix loopback test failed at copper ports (bsc#1140676). - net: hns: Fix probabilistic memory overwrite when HNS driver initialized (bsc#1140676). - net: hns: fix unsigned comparison to less than zero (bsc#1140676). - net: hns: Fix WARNING when remove HNS driver with SMMU enabled (bsc#1140676). - net: hns: Use NAPI_POLL_WEIGHT for hns driver (bsc#1140676). - net/mlx4_core: Change the error print to info print (networking-stable-19_05_21). - net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_06_09). - net/mlx5: Allocate root ns memory using kzalloc to match kfree (networking-stable-19_05_31). - net/mlx5: Avoid double free in fs init error unwinding path (networking-stable-19_05_31). - net/mlx5e: Rx, Fix checksum calculation for new hardware (bsc#1127611). - net: mvneta: Fix err code path of probe (networking-stable-19_05_31). - net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value (networking-stable-19_05_31). - net: openvswitch: do not free vport if register_netdevice() is failed (networking-stable-19_06_18). - net/packet: fix memory leak in packet_set_ring() (git-fixes). - net: rds: fix memory leak in rds_ib_flush_mr_pool (networking-stable-19_06_09). - net: seeq: fix crash caused by not set dev.parent (networking-stable-19_05_14). - net: stmmac: fix reset gpio free missing (networking-stable-19_05_31). - net/tls: fix socket wmem accounting on fallback with netem (bsc#1109837). - net/tls: make sure offload also gets the keys wiped (bsc#1109837). - net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions (networking-stable-19_05_21). - nvme: fix memory leak caused by incorrect subsystem free (bsc#1143185). - ocfs2: add first lock wait time in locking_state (bsc#1134390). - ocfs2: add last unlock times in locking_state (bsc#1134390). - ocfs2: add locking filter debugfs file (bsc#1134390). - p54usb: Fix race between disconnect and firmware loading (bsc#1111666). - packet: Fix error path in packet_init (networking-stable-19_05_14). - packet: in recvmsg msg_name return at least sizeof sockaddr_ll (git-fixes). - pci/aer: Use cached AER Capability offset (bsc#1142623). - pci: Always allow probing with driver_override (bsc#1051510). - pci: hv: Add hv_pci_remove_slots() when we unload the driver (bsc#1142701). - pci: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary (bsc#1142701). - pci: hv: Fix a memory leak in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix a use-after-free bug in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix return value check in hv_pci_assign_slots() (bsc#1142701). - pci: hv: Remove unused reason for refcount handler (bsc#1142701). - pci: hv: support reporting serial number as slot information (bsc#1142701). - pci/P2PDMA: Fix missing check for dma_virt_ops (bsc#1111666). - pci / PM: Use SMART_SUSPEND and LEAVE_SUSPENDED flags for PCIe ports (bsc#1142623). - pci/portdrv: Add #defines for AER and DPC Interrupt Message Number masks (bsc#1142623). - pci/portdrv: Consolidate comments (bsc#1142623). - pci/portdrv: Disable port driver in compat mode (bsc#1142623). - pci/portdrv: Remove pcie_portdrv_err_handler.slot_reset (bsc#1142623). - pci: portdrv: Restore PCI config state on slot reset (bsc#1142623). - pci/portdrv: Support PCIe services on subtractive decode bridges (bsc#1142623). - pci/portdrv: Use conventional Device ID table formatting (bsc#1142623). - pci: Return error if cannot probe VF (bsc#1051510). - pkey: Indicate old mkvp only if old and current mkvp are different (bsc#1137827 LTC#178090). - pktgen: do not sleep with the thread lock held (git-fixes). - platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ (bsc#1051510). - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510). - platform/x86: intel_turbo_max_3: Remove restriction for HWP platforms (jsc#SLE-5439). - platform/x86: ISST: Add common API to register and handle ioctls (jsc#SLE-5364). - platform/x86: ISST: Add Intel Speed Select mailbox interface via MSRs (jsc#SLE-5364). - platform/x86: ISST: Add Intel Speed Select mailbox interface via PCI (jsc#SLE-5364). - platform/x86: ISST: Add Intel Speed Select mmio interface (jsc#SLE-5364). - platform/x86: ISST: Add Intel Speed Select PUNIT MSR interface (jsc#SLE-5364). - platform/x86: ISST: Add IOCTL to Translate Linux logical CPU to PUNIT CPU number (jsc#SLE-5364). - platform/x86: ISST: Restore state on resume (jsc#SLE-5364). - platform/x86: ISST: Store per CPU information (jsc#SLE-5364). - platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to critclk_systems DMI table (bsc#1051510). - powerpc/64s: Remove POWER9 DD1 support (bsc#1055117, LTC#159753, git-fixes). - powerpc/crypto: Use cheaper random numbers for crc-vpmsum self-test (). - powerpc/mm: Change function prototype (bsc#1055117). - powerpc/mm: Consolidate numa_enable check and min_common_depth check (bsc#1140322 LTC#176270). - powerpc/mm/drconf: Use NUMA_NO_NODE on failures instead of node 0 (bsc#1140322 LTC#176270). - powerpc/mm: Fix node look up with numa=off boot (bsc#1140322 LTC#176270). - powerpc/mm/hugetlb: Update huge_ptep_set_access_flags to call __ptep_set_access_flags directly (bsc#1055117). - powerpc/mm/radix: Change pte relax sequence to handle nest MMU hang (bsc#1055117). - powerpc/mm/radix: Move function from radix.h to pgtable-radix.c (bsc#1055117). - powerpc/papr_scm: Force a scm-unbind if initial scm-bind fails (bsc#1140322 LTC#176270). - powerpc/papr_scm: Update drc_pmem_unbind() to use H_SCM_UNBIND_ALL (bsc#1140322 LTC#176270). - powerpc/pseries: Update SCM hcall op-codes in hvcall.h (bsc#1140322 LTC#176270). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945 bsc#1141401 bsc#1141402 bsc#1141452 bsc#1141453 bsc#1141454 LTC#178983 LTC#179191 LTC#179192 LTC#179193 LTC#179194 LTC#179195). - ppc: Convert mmu context allocation to new IDA API (bsc#1139619 LTC#178538). - ppp: deflate: Fix possible crash in deflate_init (networking-stable-19_05_21). - qed: Fix build error without CONFIG_DEVLINK (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qed: Fix -Wmaybe-uninitialized false positive (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - qedi: Use hwfns and affin_hwfn_idx to get MSI-X vector index (jsc#SLE-4693 bsc#1136462). - rdma/odp: Fix missed unlock in non-blocking invalidate_start (bsc#1103992). - rdma/srp: Accept again source addresses that do not have a port number (bsc#1103992). - rdma/srp: Document srp_parse_in() arguments (bsc#1103992 ). - rdma/uverbs: check for allocation failure in uapi_add_elm() (bsc#1103992). - rds: ib: fix 'passing zero to ERR_PTR()' warning (git-fixes). - Revert 'bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error()' (bsc#1140652). - Revert 'e1000e: fix cyclic resets at link up with active tx' (bsc#1051510). - Revert 'livepatch: Remove reliable stacktrace check in klp_try_switch_task()' (bsc#1071995). - Revert 'serial: 8250: Do not service RX FIFO if interrupts are disabled' (bsc#1051510). - rtlwifi: rtl8192cu: fix error handle when usb probe failed (bsc#1111666). - rtnetlink: always put IFLA_LINK for links with a link-netnsid (networking-stable-19_05_21). - s390: add alignment hints to vector load and store (jsc#SLE-6907 LTC#175887). - s390/airq: use DMA memory for adapter interrupts (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/cio: add basic protected virtualization support (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/cio: introduce DMA pools to cio (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/cpum_cf: add ctr_stcctm() function (jsc#SLE-6904 ). - s390/cpum_cf: Add minimal in-kernel interface for counter measurements (jsc#SLE-6904). - s390/cpum_cf: Add support for CPU-MF SVN 6 (jsc#SLE-6904 ). - s390/cpum_cf_diag: Add support for CPU-MF SVN 6 (jsc#SLE-6904 ). - s390/cpum_cf_diag: Add support for s390 counter facility diagnostic trace (jsc#SLE-6904). - s390/cpum_cf: introduce kernel_cpumcf_alert() to obtain measurement alerts (jsc#SLE-6904). - s390/cpum_cf: introduce kernel_cpumcf_avail() function (jsc#SLE-6904). - s390/cpum_cf: move counter set controls to a new header file (jsc#SLE-6904). - s390/cpum_cf: prepare for in-kernel counter measurements (jsc#SLE-6904). - s390/cpum_cf: rename per-CPU counter facility structure and variables (jsc#SLE-6904). - s390/cpumf: Add extended counter set definitions for model 8561 and 8562 (bsc#1142052 LTC#179320). - s390/cpu_mf: add store cpu counter multiple instruction support (jsc#SLE-6904). - s390/cpumf: Fix warning from check_processor_id (jsc#SLE-6904 ). - s390/cpu_mf: move struct cpu_cf_events and per-CPU variable to header file (jsc#SLE-6904). - s390/cpu_mf: replace stcctm5() with the stcctm() function (jsc#SLE-6904). - s390/dma: provide proper ARCH_ZONE_DMA_BITS value (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/mm: force swiotlb for protected virtualization (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390/qdio: handle PENDING state for QEBSM devices (bsc#1142119 LTC#179331). - s390/qeth: be drop monitor friendly (bsc#1142115 LTC#179337). - s390/qeth: be drop monitor friendly (bsc#1142220 LTC#179335). - s390: remove the unused dma_capable helper (jsc#SLE-6197 bsc#1140559 LTC#173150). - s390: report new CPU capabilities (jsc#SLE-6907 LTC#175887). - s390/vtime: steal time exponential moving average (bsc#1119222). - s390/zcrypt: Fix wrong dispatching for control domain CPRBs (bsc#1137811 LTC#178088). - scripts/git_sort/git_sort.py: Add mmots tree. - scsi: cxgb4i: add wait_for_completion() (jsc#SLE-4678 bsc#1136342). - scsi: cxgbi: KABI: fix handle completion etc (jsc#SLE-4678 bsc#1136342). - scsi: cxgbi: remove redundant __kfree_skb call on skb and free cst->atid (jsc#SLE-4678 bsc#1136342). - scsi: fc: add FPIN ELS definition (bsc#1136217,jsc#SLE-4722). - scsi/fc: kABI fixes for new ELS_FPIN definition (bsc#1136217,jsc#SLE-4722). - scsi: ibmvfc: fix WARN_ON during event pool release (bsc#1137458 LTC#178093). - scsi: lpfc: Add loopback testing to trunking mode (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: add support for posting FC events on FPIN reception (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Annotate switch/case fall-through (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: avoid uninitialized variable warning (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Cancel queued work for an IO when processing a received ABTS (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Change smp_processor_id() into raw_smp_processor_id() (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Convert bootstrap mbx polling from msleep to udelay (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Coordinate adapter error handling with offline handling (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Correct boot bios information to FDMI registration (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Correct localport timeout duration error (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Correct __lpfc_sli_issue_iocb_s4 lockdep check (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Correct nvmet buffer free race condition (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Declare local functions static (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Enhance 6072 log string (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: fix 32-bit format string warning (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: fix a handful of indentation issues (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix alloc context on oas lun creations (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix a recently introduced compiler warning (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix BFS crash with DIX enabled (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix build error (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: fix calls to dma_set_mask_and_coherent() (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix deadlock due to nested hbalock call (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix driver crash in target reset handler (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix duplicate log message numbers (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix error code if kcalloc() fails (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix error codes in lpfc_sli4_pci_mem_setup() (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix fc4type information for FDMI (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix fcp_rsp_len checking on lun reset (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix FDMI fc4type for nvme support (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix FDMI manufacturer attribute value (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix handling of trunk links state reporting (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix hardlockup in scsi_cmd_iocb_cmpl (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix HDMI2 registration string for symbolic name (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix incorrect logical link speed on trunks when links down (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix indentation and balance braces (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix io lost on host resets (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix kernel warnings related to smp_processor_id() (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix link speed reporting for 4-link trunk (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix location of SCSI ktime counters (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix lpfc_nvmet_mrq attribute handling when 0 (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix mailbox hang on adapter init (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix memory leak in abnormal exit path from lpfc_eq_create (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix missing wakeups on abort threads (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix nvmet async receive buffer replenishment (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix nvmet handling of first burst cmd (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix nvmet handling of received ABTS for unmapped frames (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix nvmet target abort cmd matching (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix oops when driver is loaded with 1 interrupt vector (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix poor use of hardware queues if fewer irq vectors (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix protocol support on G6 and G7 adapters (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix PT2PT PLOGI collison stopping discovery (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: fix unused variable warning (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fixup eq_clr_intr references (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Fix use-after-free mailbox cmd completion (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Make lpfc_sli4_oas_verify static (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Move trunk_errmsg[] from a header file into a .c file (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Prevent 'use after free' memory overwrite in nvmet LS handling (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Reduce memory footprint for lpfc_queue (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Remove set but not used variable 'phys_id' (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Remove set-but-not-used variables (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Remove unused functions (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Resolve inconsistent check of hdwq in lpfc_scsi_cmd_iocb_cmpl (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Resolve irq-unsafe lockdep heirarchy warning in lpfc_io_free (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: resolve static checker warning in lpfc_sli4_hba_unset (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Revert message logging on unsupported topology (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Revise message when stuck due to unresponsive adapter (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Rework misleading nvme not supported in firmware message (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Separate CQ processing for nvmet_fc upcalls (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Specify node affinity for queue memory allocation (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Stop adapter if pci errors detected (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Update Copyright in driver version (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Update lpfc version to 12.2.0.1 (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: Update lpfc version to 12.2.0.3 (bsc#1136217,jsc#SLE-4722). - scsi: lpfc: use dma_set_mask_and_coherent (bsc#1136217,jsc#SLE-4722). - scsi: qedf: Add additional checks for io_req->sc_cmd validity (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add a flag to help debugging io_req which could not be cleaned (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add comment to display logging levels (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add driver state to 'driver_stats' debugfs node (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add LBA to underrun debug messages (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add missing return in qedf_post_io_req() in the fcport offload check (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add missing return in qedf_scsi_done() (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add port_id for fcport into initiate_cleanup debug message (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Add return value to log message if scsi_add_host fails (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Change MSI-X load error message (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Check both the FCF and fabric ID before servicing clear virtual link (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Check for fcoe_libfc_config failure (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Check for tm_flags instead of cmd_type during cleanup (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Check the return value of start_xmit (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Cleanup rrq_work after QEDF_CMD_OUTSTANDING is cleared (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Correctly handle refcounting of rdata (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Do not queue anything if upload is in progress (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Do not send ABTS for under run scenario (bsc#1136467 jsc#SLE-4694). - scsi: qedf: fc_rport_priv reference counting fixes (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Fix lport may be used uninitialized warning (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Log message if scsi_add_host fails (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Modify abort and tmf handler to handle edge condition and flush (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Modify flush routine to handle all I/Os and TMF (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Print fcport information on wait for upload timeout (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Print scsi_cmd backpointer in good completion path if the command is still being used (bsc#1136467 jsc#SLE-4694). - scsi: qedf: remove memset/memcpy to nfunc and use func instead (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Remove set but not used variable 'fr_len' (bsc#1136467 jsc#SLE-4694). - scsi: qedf: remove set but not used variables (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Update the driver version to 8.37.25.19 (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Update the driver version to 8.37.25.20 (bsc#1136467 jsc#SLE-4694). - scsi: qedf: Wait for upload and link down processing during soft ctx reset (bsc#1136467 jsc#SLE-4694). - scsi: qedi: add module param to set ping packet size (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Add packet filter in light L2 Rx path (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Check for session online before getting iSCSI TLV data (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Cleanup redundant QEDI_PAGE_SIZE macro definition (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Fix spelling mistake 'OUSTANDING' -> 'OUTSTANDING' (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Move LL2 producer index processing in BH (jsc#SLE-4693 bsc#1136462). - scsi: qedi: remove set but not used variables 'cdev' and 'udev' (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Replace PAGE_SIZE with QEDI_PAGE_SIZE (jsc#SLE-4693 bsc#1136462). - scsi: qedi: Update driver version to 8.33.0.21 (jsc#SLE-4693 bsc#1136462). - scsi: qla2xxx: do not crash on uninitialized pool list (boo#1138874). - scsi: scsi_transport_fc: Add FPIN fc event codes (bsc#1136217,jsc#SLE-4722). - scsi: scsi_transport_fc: refactor event posting routines (bsc#1136217,jsc#SLE-4722). - sctp: Free cookie before we memdup a new one (networking-stable-19_06_18). - sctp: silence warns on sctp_stream_init allocations (bsc#1083710). - serial: uartps: Do not add a trailing semicolon to macro (bsc#1051510). - serial: uartps: Fix long line over 80 chars (bsc#1051510). - serial: uartps: Fix multiple line dereference (bsc#1051510). - serial: uartps: Remove useless return from cdns_uart_poll_put_char (bsc#1051510). - staging: comedi: amplc_pci230: fix null pointer deref on interrupt (bsc#1051510). - staging: comedi: dt282x: fix a null pointer deref on interrupt (bsc#1051510). - staging: rtl8712: reduce stack usage, again (bsc#1051510). - sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg (networking-stable-19_06_18). - tcp: fix tcp_set_congestion_control() use from bpf hook (bsc#1109837). - tcp: reduce tcp_fastretrans_alert() verbosity (git-fixes). - team: Always enable vlan tx offload (bsc#1051510). - tools: bpftool: Fix json dump crash on powerpc (bsc#1109837). - tools: bpftool: use correct argument in cgroup errors (bsc#1109837). - tools/power/x86: A tool to validate Intel Speed Select commands (jsc#SLE-5364). - tty: rocket: fix incorrect forward declaration of 'rp_init()' (bsc#1051510). - tty: serial_core: Set port active bit in uart_port_activate (bsc#1051510). - tty: serial: cpm_uart - fix init when SMC is relocated (bsc#1051510). - tuntap: synchronize through tfiles array instead of tun->numqueues (networking-stable-19_05_14). - usb: gadget: ether: Fix race between gether_disconnect and rx_submit (bsc#1051510). - usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i] (bsc#1051510). - usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC (bsc#1051510). - usb: pci-quirks: Correct AMD PLL quirk detection (bsc#1051510). - usb: serial: ftdi_sio: add ID for isodebug v1 (bsc#1051510). - usb: serial: option: add support for GosunCn ME3630 RNDIS mode (bsc#1051510). - virtio/s390: add indirection to indicators access (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: DMA support for virtio-ccw (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: make airq summary indicators DMA (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: use cacheline aligned airq bit vectors (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: use DMA memory for ccw I/O and classic notifiers (jsc#SLE-6197 bsc#1140559 LTC#173150). - virtio/s390: use vring_create_virtqueue (jsc#SLE-6197 bsc#1140559 LTC#173150). - vmci: Fix integer overflow in VMCI handle arrays (bsc#1051510). - vrf: sit mtu should not be updated when vrf netdev is the link (networking-stable-19_05_14). - vsock/virtio: free packets during the socket release (networking-stable-19_05_21). - vsock/virtio: set SOCK_DONE on peer shutdown (networking-stable-19_06_18). - wil6210: drop old event after wmi_call timeout (bsc#1111666). - wil6210: fix potential out-of-bounds read (bsc#1051510). - wil6210: fix spurious interrupts in 3-msi (bsc#1111666). - x86, mm: fix fast GUP with hyper-based TLB flushing (VM Functionality, bsc#1140903). - xdp: fix possible cq entry leak (bsc#1109837). - xdp: fix race on generic receive path (bsc#1109837). - xdp: hold device for umem regardless of zero-copy mode (bsc#1109837). - xen: let alloc_xenballooned_pages() fail if not enough memory free (bsc#1142450 XSA-300). - xfs: do not overflow xattr listent buffer (bsc#1143105). - xprtrdma: Fix use-after-free in rpcrdma_post_recvs (bsc#1103992 ). - xsk: Properly terminate assignment in xskq_produce_flush_desc (bsc#1109837). Important SUSE bug 1051510 SUSE bug 1055117 SUSE bug 1071995 SUSE bug 1083647 SUSE bug 1083710 SUSE bug 1102247 SUSE bug 1103991 SUSE bug 1103992 SUSE bug 1104745 SUSE bug 1109837 SUSE bug 1111666 SUSE bug 1112374 SUSE bug 1119222 SUSE bug 1123080 SUSE bug 1127034 SUSE bug 1127315 SUSE bug 1127611 SUSE bug 1129770 SUSE bug 1130972 SUSE bug 1133021 SUSE bug 1134090 SUSE bug 1134097 SUSE bug 1134390 SUSE bug 1134399 SUSE bug 1135335 SUSE bug 1135642 SUSE bug 1136217 SUSE bug 1136342 SUSE bug 1136460 SUSE bug 1136461 SUSE bug 1136462 SUSE bug 1136467 SUSE bug 1136896 SUSE bug 1137458 SUSE bug 1137534 SUSE bug 1137535 SUSE bug 1137584 SUSE bug 1137609 SUSE bug 1137811 SUSE bug 1137827 SUSE bug 1138874 SUSE bug 1139358 SUSE bug 1139619 SUSE bug 1140133 SUSE bug 1140139 SUSE bug 1140322 SUSE bug 1140559 SUSE bug 1140652 SUSE bug 1140676 SUSE bug 1140887 SUSE bug 1140888 SUSE bug 1140889 SUSE bug 1140891 SUSE bug 1140893 SUSE bug 1140903 SUSE bug 1140945 SUSE bug 1140948 SUSE bug 1140954 SUSE bug 1140955 SUSE bug 1140956 SUSE bug 1140957 SUSE bug 1140958 SUSE bug 1140959 SUSE bug 1140960 SUSE bug 1140961 SUSE bug 1140962 SUSE bug 1140964 SUSE bug 1140971 SUSE bug 1140972 SUSE bug 1140992 SUSE bug 1141312 SUSE bug 1141401 SUSE bug 1141402 SUSE bug 1141452 SUSE bug 1141453 SUSE bug 1141454 SUSE bug 1141478 SUSE bug 1142023 SUSE bug 1142052 SUSE bug 1142112 SUSE bug 1142115 SUSE bug 1142119 SUSE bug 1142220 SUSE bug 1142221 SUSE bug 1142254 SUSE bug 1142350 SUSE bug 1142351 SUSE bug 1142354 SUSE bug 1142359 SUSE bug 1142450 SUSE bug 1142623 SUSE bug 1142673 SUSE bug 1142701 SUSE bug 1142868 SUSE bug 1143003 SUSE bug 1143045 SUSE bug 1143105 SUSE bug 1143185 SUSE bug 1143189 SUSE bug 1143191 SUSE bug 1143209 SUSE bug 1143507 CVE-2018-20855 CVE-2019-1125 CVE-2019-11810 CVE-2019-13631 CVE-2019-13648 CVE-2019-14283 CVE-2019-14284 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-20855: An issue was discovered in the Linux kernel In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace(bsc#1143045). - CVE-2019-1125: Exclude ATOMs from speculation through SWAPGS (bsc#1139358). - CVE-2019-14283: In the Linux kernel, set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It could be triggered by an unprivileged local user when a floppy disk was inserted. NOTE: QEMU creates the floppy device by default. (bnc#1143191) - CVE-2019-11810: An issue was discovered in the Linux kernel A NULL pointer dereference could occur when megasas_create_frame_pool() failed in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This caused a Denial of Service, related to a use-after-free (bnc#1134399). - CVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory was disabled, a local user could cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sent a crafted signal frame. (bnc#1142254) - CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel, a malicious USB device could send an HID report that triggered an out-of-bounds write during generation of debugging messages. (bnc#1142023) The following non-security bugs were fixed: - Correct the CVE and bug reference for a floppy security fix (CVE-2019-14284,bsc#1143189) A dedicated CVE was already assigned - acpi/nfit: Always dump _DSM output payload (bsc#1142351). - Add back sibling paca poiter to paca (bsc#1055117). - Add support for crct10dif-vpmsum (). - af_unix: remove redundant lockdep class (git-fixes). - alsa: compress: Be more restrictive about when a drain is allowed (bsc#1051510). - alsa: compress: Do not allow paritial drain operations on capture streams (bsc#1051510). - alsa: compress: Fix regression on compressed capture streams (bsc#1051510). - alsa: compress: Prevent bypasses of set_params (bsc#1051510). - alsa: hda - Add a conexant codec entry to let mute led work (bsc#1051510). - alsa: hda/realtek: apply ALC891 headset fixup to one Dell machine (bsc#1051510). - alsa: hda/realtek - Fixed Headphone Mic can't record on Dell platform (bsc#1051510). - alsa: hda/realtek - Headphone Mic can't record after S3 (bsc#1051510). - alsa: line6: Fix a typo (bsc#1051510). - alsa: line6: Fix wrong altsetting for LINE6_PODHD500_1 (bsc#1051510). - alsa: seq: Break too long mutex context in the write loop (bsc#1051510). - alsa: usb-audio: Add quirk for Focusrite Scarlett Solo (bsc#1051510). - alsa: usb-audio: Add quirk for MOTU MicroBook II (bsc#1051510). - alsa: usb-audio: Cleanup DSD whitelist (bsc#1051510). - alsa: usb-audio: Enable .product_name override for Emagic, Unitor 8 (bsc#1051510). - alsa: usb-audio: Sanity checks for each pipe and EP types (bsc#1051510). - asoc : cs4265 : readable register too low (bsc#1051510). - asoc: max98090: remove 24-bit format support if RJ is 0 (bsc#1051510). - asoc: soc-pcm: BE dai needs prepare when pause release after resume (bsc#1051510). - ath6kl: add some bounds checking (bsc#1051510). - batman-adv: fix for leaked TVLV handler (bsc#1051510). - bcache: acquire bch_register_lock later in cached_dev_detach_finish() (bsc#1140652). - bcache: acquire bch_register_lock later in cached_dev_free() (bsc#1140652). - bcache: add code comments for journal_read_bucket() (bsc#1140652). - bcache: Add comments for blkdev_put() in registration code path (bsc#1140652). - bcache: add comments for closure_fn to be called in closure_queue() (bsc#1140652). - bcache: add comments for kobj release callback routine (bsc#1140652). - bcache: add comments for mutex_lock(&b->write_lock) (bsc#1140652). - bcache: add error check for calling register_bdev() (bsc#1140652). - bcache: add failure check to run_cache_set() for journal replay (bsc#1140652). - bcache: add io error counting in write_bdev_super_endio() (bsc#1140652). - bcache: add more error message in bch_cached_dev_attach() (bsc#1140652). - bcache: add pendings_cleanup to stop pending bcache device (bsc#1140652). - bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652). - bcache: add return value check to bch_cached_dev_run() (bsc#1140652). - bcache: avoid a deadlock in bcache_reboot() (bsc#1140652). - bcache: avoid clang -Wunintialized warning (bsc#1140652). - bcache: avoid flushing btree node in cache_set_flush() if io disabled (bsc#1140652). - bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE bit in bch_journal() (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE in allocator code (bsc#1140652). - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush() (bsc#1140652). - bcache: Clean up bch_get_congested() (bsc#1140652). - bcache: destroy dc->writeback_write_wq if failed to create dc->writeback_thread (bsc#1140652). - bcache: do not assign in if condition in bcache_device_init() (bsc#1140652). - bcache: do not set max writeback rate if gc is running (bsc#1140652). - bcache: fix a race between cache register and cacheset unregister (bsc#1140652). - bcache: fix crashes stopping bcache device before read miss done (bsc#1140652). - bcache: fix failure in journal relplay (bsc#1140652). - bcache: fix inaccurate result of unused buckets (bsc#1140652). - bcache: fix mistaken sysfs entry for io_error counter (bsc#1140652). - bcache: fix potential deadlock in cached_def_free() (bsc#1140652). - bcache: fix race in btree_flush_write() (bsc#1140652). - bcache: fix return value error in bch_journal_read() (bsc#1140652). - bcache: fix stack corruption by PRECEDING_KEY() (bsc#1140652). - bcache: fix wrong usage use-after-freed on keylist in out_nocoalesce branch of btree_gc_coalesce (bsc#1140652). - bcache: ignore read-ahead request failure on backing device (bsc#1140652). - bcache: improve bcache_reboot() (bsc#1140652). - bcache: improve error message in bch_cached_dev_run() (bsc#1140652). - bcache: make bset_search_tree() be more understandable (bsc#1140652). - bcache: make is_discard_enabled() static (bsc#1140652). - bcache: more detailed error message to bcache_device_link() (bsc#1140652). - bcache: move definition of 'int ret' out of macro read_bucket() (bsc#1140652). - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() (bsc#1140652). - bcache: only clear BTREE_NODE_dirty bit when it is set (bsc#1140652). - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1140652). - bcache: performance improvement for btree_flush_write() (bsc#1140652). - bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652). - bcache: remove retry_flush_write from struct cache_set (bsc#1140652). - bcache: remove unncessary code in bch_btree_keys_init() (bsc#1140652). - bcache: remove unnecessary prefetch() in bset_search_tree() (bsc#1140652). - bcache: remove 'XXX:' comment line from run_cache_set() (bsc#1140652). - bcache: return error immediately in bch_journal_replay() (bsc#1140652). - bcache: Revert 'bcache: fix high CPU occupancy during journal' (bsc#1140652). - bcache: Revert 'bcache: free heap cache_set->flush_btree in bch_journal_free' (bsc#1140652). - bcache: set largest seq to ja->seq[bucket_index] in journal_read_bucket() (bsc#1140652). - bcache: shrink btree node cache after bch_btree_check() (bsc#1140652). - bcache: stop writeback kthread and kworker when bch_cached_dev_run() failed (bsc#1140652). - bcache: use sysfs_match_string() instead of __sysfs_match_string() (bsc#1140652). - be2net: Fix number of Rx queues used for flow hashing (networking-stable-19_06_18). - be2net: Signal that the device cannot transmit during reconfiguration (bsc#1127315). - be2net: Synchronize be_update_queues with dev_watchdog (bsc#1127315). - block, bfq: NULL out the bic when it's no longer valid (bsc#1142359). - bnx2x: Prevent load reordering in tx completion processing (bsc#1142868). - bnxt_en: Fix aggregation buffer leak under OOM condition (networking-stable-19_05_31). - bonding: fix arp_validate toggling in active-backup mode (networking-stable-19_05_14). - bonding: Force slave speed check after link state recovery for 802.3ad (bsc#1137584). - bpf, x64: fix stack layout of JITed bpf code (bsc#1083647). - bpf, x64: save 5 bytes in prologue when ebpf insns came from cbpf (bsc#1083647). - bridge: Fix error path for kobject_init_and_add() (networking-stable-19_05_14). - btrfs: fix race between block group removal and block group allocation (bsc#1143003). - cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() (bsc#1141478). - clk: qcom: Fix -Wunused-const-variable (bsc#1051510). - clk: rockchip: Do not yell about bad mmc phases when getting (bsc#1051510). - clk: tegra210: fix PLLU and PLLU_OUT1 (bsc#1051510). - cpufreq: acpi-cpufreq: Report if CPU does not support boost technologies (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix initial command check (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency (bsc#1051510). - cpufreq: check if policy is inactive early in __cpufreq_get() (bsc#1051510). - cpufreq: kirkwood: fix possible object reference leak (bsc#1051510). - cpufreq/pasemi: fix possible object reference leak (bsc#1051510). - cpufreq: pmac32: fix possible object reference leak (bsc#1051510). - cpufreq: ppc_cbe: fix possible object reference leak (bsc#1051510). - cpufreq: Use struct kobj_attribute instead of struct global_attr (bsc#1051510). - crypto: arm64/sha1-ce - correct digest for empty data in finup (bsc#1051510). - crypto: arm64/sha2-ce - correct digest for empty data in finup (bsc#1051510). - crypto: ccp - Fix 3DES complaint from ccp-crypto module (bsc#1051510). - crypto: ccp - fix AES CFB error exposed by new test vectors (bsc#1051510). - crypto: ccp - Fix SEV_VERSION_GREATER_OR_EQUAL (bsc#1051510). - crypto: ccp/gcm - use const time tag comparison (bsc#1051510). - crypto: ccp - memset structure fields to zero before reuse (bsc#1051510). - crypto: ccp - Validate the the error value used to index error messages (bsc#1051510). - crypto: chacha20poly1305 - fix atomic sleep when using async algorithm (bsc#1051510). - crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe (bsc#1051510). - crypto: ghash - fix unaligned memory access in ghash_setkey() (bsc#1051510). - crypto: talitos - Align SEC1 accesses to 32 bits boundaries (bsc#1051510). - crypto: talitos - check data blocksize in ablkcipher (bsc#1051510). - crypto: talitos - fix CTR alg blocksize (bsc#1051510). - crypto: talitos - fix max key size for sha384 and sha512 (bsc#1051510). - crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking (bsc#1051510). - crypto: talitos - properly handle split ICV (bsc#1051510). - crypto: talitos - reduce max key size for SEC1 (bsc#1051510). - crypto: talitos - rename alternative AEAD algos (bsc#1051510). - dasd_fba: Display '00000000' for zero page when dumping sense (bsc#1123080). - dmaengine: hsu: Revert 'set HSU_CH_MTSR to memory width' (bsc#1051510). - dpaa_eth: fix SG frame cleanup (networking-stable-19_05_14). - drm/meson: Add support for XBGR8888 & ABGR8888 formats (bsc#1051510). - drm/msm/a3xx: remove TPL1 regs from snapshot (bsc#1051510). - drm/nouveau/i2c: Enable i2c pads & busses during preinit (bsc#1051510). - drm/rockchip: Properly adjust to a true clock in adjusted_mode (bsc#1051510). - e1000e: start network tx queue only when link is up (bsc#1051510). - ethtool: check the return value of get_regs_len (git-fixes). - ethtool: fix potential userspace buffer overflow (networking-stable-19_06_09). - Fix kABI for asus-wmi quirk_entry field addition (bsc#1051510). - Fix memory leak in sctp_process_init (networking-stable-19_06_09). - fork, memcg: fix cached_stacks case (bsc#1134097). - fork, memcg: fix crash in free_thread_stack on memcg charge fail (bsc#1134097). - hid: wacom: correct touch resolution x/y typo (bsc#1051510). - hid: wacom: generic: Correct pad syncing (bsc#1051510). - hid: wacom: generic: only switch the mode on devices with LEDs (bsc#1051510). - hid: wacom: generic: read HID_DG_CONTACTMAX from any feature report (bsc#1051510). - input: elantech - enable middle button support on 2 ThinkPads (bsc#1051510). - input: imx_keypad - make sure keyboard can always wake up system (bsc#1051510). - input: psmouse - fix build error of multiple definition (bsc#1051510). - input: synaptics - enable SMBUS on T480 thinkpad trackpad (bsc#1051510). - input: tm2-touchkey - acknowledge that setting brightness is a blocking call (bsc#1129770). - intel_th: msu: Fix single mode with disabled IOMMU (bsc#1051510). - ipv4: Fix raw socket lookup for local traffic (networking-stable-19_05_14). - ipv4/igmp: fix another memory leak in igmpv3_del_delrec() (networking-stable-19_05_31). - ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST (networking-stable-19_05_31). - ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop (git-fixes). - ipv6: Consider sk_bound_dev_if when binding a raw socket to an address (networking-stable-19_05_31). - ipv6: fix EFAULT on sendto with icmpv6 and hdrincl (networking-stable-19_06_09). - ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero (networking-stable-19_06_18). - ipv6: use READ_ONCE() for inet->hdrincl as in ipv4 (networking-stable-19_06_09). - kbuild: use -flive-patching when CONFIG_LIVEPATCH is enabled (bsc#1071995). - kernel: jump label transformation performance (bsc#1137534 bsc#1137535 LTC#178058 LTC#178059). - kvm: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots (bsc#1133021). - kvm: arm/arm64: vgic-its: Take the srcu lock when writing to guest memory (bsc#1133021). - kvm: fix Guest installation fails by 'Invalid value '0-31' for 'cpuset.cpus': Invalid argument' (bsc#1143507) - kvm: mmu: Fix overflow on kvm mmu page limit calculation (bsc#1135335). - kvm/mmu: kABI fix for *_mmu_pages changes in struct kvm_arch (bsc#1135335). - kvm: polling: add architecture backend to disable polling (bsc#1119222). - kvm: s390: change default halt poll time to 50us (bsc#1119222). - kvm: s390: enable CONFIG_HAVE_KVM_NO_POLL (bsc#1119222) We need to enable CONFIG_HAVE_KVM_NO_POLL for bsc#1119222 - kvm: s390: fix typo in parameter description (bsc#1119222). - kvm: s390: kABI Workaround for 'kvm_vcpu_stat' Add halt_no_poll_steal to kvm_vcpu_stat. Hide it from the kABI checker. - kvm: s390: kABI Workaround for 'lowcore' (bsc#1119222). - kvm: s390: provide kvm_arch_no_poll function (bsc#1119222). - kvm: svm/avic: Do not send AVIC doorbell to self (bsc#1140133). - kvm: SVM: Fix detection of AMD Errata 1096 (bsc#1142354). - lapb: fixed leak of control-blocks (networking-stable-19_06_18). - lib: fix stall in __bitmap_parselist() (bsc#1051510). - libnvdimm/namespace: Fix label tracking error (bsc#1142350). - lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE (bsc#1051510). - livepatch: Remove duplicate warning about missing reliable stacktrace support (bsc#1071995). - livepatch: Use static buffer for debugging messages under rq lock (bsc#1071995). - llc: fix skb leak in llc_build_and_send_ui_pkt() (networking-stable-19_05_31). - media: cpia2_usb: first wake up, then free in disconnect (bsc#1135642). - media: marvell-ccic: fix DMA s/g desc number calculation (bsc#1051510). - media: s5p-mfc: Make additional clocks optional (bsc#1051510). - media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom() (bsc#1051510). - media: vivid: fix incorrect assignment operation when setting video mode (bsc#1051510). - mei: bus: need to unlink client before freeing (bsc#1051510). - mei: me: add denverton innovation engine device IDs (bsc#1051510). - mei: me: add gemini lake devices id (bsc#1051510). - memory: tegra: Fix integer overflow on tick value calculation (bsc#1051510). - memstick: Fix error cleanup path of memstick_init (bsc#1051510). - mfd: intel-lpss: Release IDA resources (bsc#1051510). - mmc: sdhci-pci: Try 'cd' for card-detect lookup before using NULL (bsc#1051510). - mm: migrate: Fix reference check race between __find_get_block() and migration (bnc#1137609). - mm/nvdimm: add is_ioremap_addr and use that to check ioremap address (bsc#1140322 LTC#176270). - mm, page_alloc: fix has_unmovable_pages for HugePages (bsc#1127034). - mm: replace all open encodings for NUMA_NO_NODE (bsc#1140322 LTC#176270). - neigh: fix use-after-free read in pneigh_get_next (networking-stable-19_06_18). - net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142112 bsc#1142221 LTC#179334 LTC#179332). - net: avoid weird emergency message (networking-stable-19_05_21). - net: fec: fix the clk mismatch in failed_reset path (networking-stable-19_05_31). - netfilter: conntrack: fix calculation of next bucket number in early_drop (git-fixes). - net-gro: fix use-after-free read in napi_gro_frags() (networking-stable-19_05_31). - net/mlx4_core: Change the error print to info print (networking-stable-19_05_21). - net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_06_09). - net/mlx5: Allocate root ns memory using kzalloc to match kfree (networking-stable-19_05_31). - net/mlx5: Avoid double free in fs init error unwinding path (networking-stable-19_05_31). - net: mvneta: Fix err code path of probe (networking-stable-19_05_31). - net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value (networking-stable-19_05_31). - net: openvswitch: do not free vport if register_netdevice() is failed (networking-stable-19_06_18). - net/packet: fix memory leak in packet_set_ring() (git-fixes). - net: rds: fix memory leak in rds_ib_flush_mr_pool (networking-stable-19_06_09). - net: seeq: fix crash caused by not set dev.parent (networking-stable-19_05_14). - net: stmmac: fix reset gpio free missing (networking-stable-19_05_31). - net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions (networking-stable-19_05_21). - nvme: fix memory leak caused by incorrect subsystem free (bsc#1143185). - ocfs2: add first lock wait time in locking_state (bsc#1134390). - ocfs2: add last unlock times in locking_state (bsc#1134390). - ocfs2: add locking filter debugfs file (bsc#1134390). - packet: Fix error path in packet_init (networking-stable-19_05_14). - packet: in recvmsg msg_name return at least sizeof sockaddr_ll (git-fixes). - pci: Always allow probing with driver_override (bsc#1051510). - pci: hv: Add hv_pci_remove_slots() when we unload the driver (bsc#1142701). - pci: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary (bsc#1142701). - pci: hv: Fix a memory leak in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix a use-after-free bug in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix return value check in hv_pci_assign_slots() (bsc#1142701). - pci: hv: Remove unused reason for refcount handler (bsc#1142701). - pci: hv: support reporting serial number as slot information (bsc#1142701). - pci: Return error if cannot probe VF (bsc#1051510). - pkey: Indicate old mkvp only if old and current mkvp are different (bsc#1137827 LTC#178090). - pktgen: do not sleep with the thread lock held (git-fixes). - platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ (bsc#1051510). - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510). - platform/x86: intel_turbo_max_3: Remove restriction for HWP platforms (jsc#SLE-5439). - platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to critclk_systems DMI table (bsc#1051510). - powerpc/64s: Remove POWER9 DD1 support (bsc#1055117, LTC#159753, git-fixes). - powerpc/crypto: Use cheaper random numbers for crc-vpmsum self-test (). - powerpc/mm: Change function prototype (bsc#1055117). - powerpc/mm: Consolidate numa_enable check and min_common_depth check (bsc#1140322 LTC#176270). - powerpc/mm/drconf: Use NUMA_NO_NODE on failures instead of node 0 (bsc#1140322 LTC#176270). - powerpc/mm: Fix node look up with numa=off boot (bsc#1140322 LTC#176270). - powerpc/mm/hugetlb: Update huge_ptep_set_access_flags to call __ptep_set_access_flags directly (bsc#1055117). - powerpc/mm/radix: Change pte relax sequence to handle nest MMU hang (bsc#1055117). - powerpc/mm/radix: Move function from radix.h to pgtable-radix.c (bsc#1055117). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945 bsc#1141401 bsc#1141402 bsc#1141452 bsc#1141453 bsc#1141454 LTC#178983 LTC#179191 LTC#179192 LTC#179193 LTC#179194 LTC#179195). - ppp: deflate: Fix possible crash in deflate_init (networking-stable-19_05_21). - rds: ib: fix 'passing zero to ERR_PTR()' warning (git-fixes). - Revert 'bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error()' (bsc#1140652). - Revert 'e1000e: fix cyclic resets at link up with active tx' (bsc#1051510). - Revert 'livepatch: Remove reliable stacktrace check in klp_try_switch_task()' (bsc#1071995). - Revert 'serial: 8250: Do not service RX FIFO if interrupts are disabled' (bsc#1051510). - rtnetlink: always put IFLA_LINK for links with a link-netnsid (networking-stable-19_05_21). - s390/qeth: be drop monitor friendly (bsc#1142220 LTC#179335). - s390/vtime: steal time exponential moving average (bsc#1119222). - scripts/git_sort/git_sort.py: Add mmots tree. - scsi: ibmvfc: fix WARN_ON during event pool release (bsc#1137458 LTC#178093). - sctp: Free cookie before we memdup a new one (networking-stable-19_06_18). - sctp: silence warns on sctp_stream_init allocations (bsc#1083710). - serial: uartps: Do not add a trailing semicolon to macro (bsc#1051510). - serial: uartps: Fix long line over 80 chars (bsc#1051510). - serial: uartps: Fix multiple line dereference (bsc#1051510). - serial: uartps: Remove useless return from cdns_uart_poll_put_char (bsc#1051510). - staging: comedi: amplc_pci230: fix null pointer deref on interrupt (bsc#1051510). - staging: comedi: dt282x: fix a null pointer deref on interrupt (bsc#1051510). - staging: rtl8712: reduce stack usage, again (bsc#1051510). - sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg (networking-stable-19_06_18). - tcp: reduce tcp_fastretrans_alert() verbosity (git-fixes). - team: Always enable vlan tx offload (bsc#1051510). - tty: rocket: fix incorrect forward declaration of 'rp_init()' (bsc#1051510). - tty: serial_core: Set port active bit in uart_port_activate (bsc#1051510). - tty: serial: cpm_uart - fix init when SMC is relocated (bsc#1051510). - tuntap: synchronize through tfiles array instead of tun->numqueues (networking-stable-19_05_14). - usb: gadget: ether: Fix race between gether_disconnect and rx_submit (bsc#1051510). - usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i] (bsc#1051510). - usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC (bsc#1051510). - usb: pci-quirks: Correct AMD PLL quirk detection (bsc#1051510). - usb: serial: ftdi_sio: add ID for isodebug v1 (bsc#1051510). - usb: serial: option: add support for GosunCn ME3630 RNDIS mode (bsc#1051510). - vmci: Fix integer overflow in VMCI handle arrays (bsc#1051510). - vsock/virtio: free packets during the socket release (networking-stable-19_05_21). - vsock/virtio: set SOCK_DONE on peer shutdown (networking-stable-19_06_18). - wil6210: fix potential out-of-bounds read (bsc#1051510). - x86, mm: fix fast GUP with hyper-based TLB flushing (VM Functionality, bsc#1140903). - xen: let alloc_xenballooned_pages() fail if not enough memory free (bsc#1142450 XSA-300). - xfs: do not overflow xattr listent buffer (bsc#1143105). Important SUSE bug 1051510 SUSE bug 1055117 SUSE bug 1071995 SUSE bug 1083647 SUSE bug 1083710 SUSE bug 1102247 SUSE bug 1111666 SUSE bug 1119222 SUSE bug 1123080 SUSE bug 1127034 SUSE bug 1127315 SUSE bug 1129770 SUSE bug 1130972 SUSE bug 1133021 SUSE bug 1134097 SUSE bug 1134390 SUSE bug 1134399 SUSE bug 1135335 SUSE bug 1135642 SUSE bug 1136896 SUSE bug 1137458 SUSE bug 1137534 SUSE bug 1137535 SUSE bug 1137584 SUSE bug 1137609 SUSE bug 1137811 SUSE bug 1137827 SUSE bug 1139358 SUSE bug 1140133 SUSE bug 1140139 SUSE bug 1140322 SUSE bug 1140652 SUSE bug 1140887 SUSE bug 1140888 SUSE bug 1140889 SUSE bug 1140891 SUSE bug 1140893 SUSE bug 1140903 SUSE bug 1140945 SUSE bug 1140954 SUSE bug 1140955 SUSE bug 1140956 SUSE bug 1140957 SUSE bug 1140958 SUSE bug 1140959 SUSE bug 1140960 SUSE bug 1140961 SUSE bug 1140962 SUSE bug 1140964 SUSE bug 1140971 SUSE bug 1140972 SUSE bug 1140992 SUSE bug 1141401 SUSE bug 1141402 SUSE bug 1141452 SUSE bug 1141453 SUSE bug 1141454 SUSE bug 1141478 SUSE bug 1142023 SUSE bug 1142112 SUSE bug 1142220 SUSE bug 1142221 SUSE bug 1142254 SUSE bug 1142350 SUSE bug 1142351 SUSE bug 1142354 SUSE bug 1142359 SUSE bug 1142450 SUSE bug 1142701 SUSE bug 1142868 SUSE bug 1143003 SUSE bug 1143045 SUSE bug 1143105 SUSE bug 1143185 SUSE bug 1143189 SUSE bug 1143191 SUSE bug 1143507 CVE-2018-20855 CVE-2019-1125 CVE-2019-11810 CVE-2019-13631 CVE-2019-13648 CVE-2019-14283 CVE-2019-14284 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for evince fixes the following issues: Security issues fixed: - CVE-2019-11459: Fixed an improper error handling in which could have led to use of uninitialized use of memory (bsc#1133037). - CVE-2019-1010006: Fixed a buffer overflow in backend/tiff/tiff-document.c (bsc#1141619). Important SUSE bug 1133037 SUSE bug 1141619 CVE-2019-1010006 CVE-2019-11459 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for tcpdump fixes the following issues: Security issues fixed: - CVE-2019-1010220: Fixed a buffer over-read in print_prefix() which may expose data (bsc#1142439). - CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print() and lookup_emem() (bsc#1068716). Moderate SUSE bug 1068716 SUSE bug 1142439 CVE-2017-16808 CVE-2019-1010220 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for squid fixes the following issues: Security issue fixed: - CVE-2019-12529: Fixed a potential denial of service associated with HTTP Basic Authentication credentials (bsc#1141329). - CVE-2019-12525: Fixed a denial of service during processing of HTTP Digest Authentication credentials (bsc#1141332). - CVE-2019-13345: Fixed a cross site scripting vulnerability via user_name or auth parameter in cachemgr.cgi (bsc#1140738). Moderate SUSE bug 1140738 SUSE bug 1141329 SUSE bug 1141332 CVE-2019-12525 CVE-2019-12529 CVE-2019-13345 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for rsyslog fixes the following issues: Security issue fixed: - CVE-2018-16881: Fixed a denial of service when both the imtcp module and Octet-Counted TCP Framing is enabled (bsc#1123164). Important SUSE bug 1123164 CVE-2018-16881 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python fixes the following issues: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853). Important SUSE bug 1138459 SUSE bug 1141853 CVE-2018-20852 CVE-2019-10160 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for wireshark to version 2.4.16 fixes the following issues: Security issue fixed: - CVE-2019-13619: ASN.1 BER and related dissectors crash (bsc#1141980). Moderate SUSE bug 1141980 CVE-2019-13619 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for mariadb-100 to version 10.0.38 fixes the following issues: - CVE-2019-2537: Fixed a denial of service vulnerability which can lead to MySQL compromise (bsc#1136037). - CVE-2019-2529: Fixed a denial of service vulnerability by an privileged attacker via a protocol compromise (bsc#1136037). Important SUSE bug 1136037 CVE-2019-2529 CVE-2019-2537 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openjpeg2 fixes the following issues: Security issue fixed: - CVE-2016-1923: Fixed anout of bounds read int opj_j2k_update_image_data() and opj_tgt_reset () (bsc#962522). Moderate SUSE bug 962522 CVE-2016-1923 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel for Azure was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic was uninitialized (bnc#1116841). - CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1118319). - CVE-2018-16862: A security flaw was found in the way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186). - CVE-2018-14625: A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (bnc#1106615). - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-12232: In net/socket.c there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash (bnc#1097593). - CVE-2018-18397: The userfaultfd implementation mishandled access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656). - CVE-2018-19854: An issue was discovered in the crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker did not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option) (bnc#1118428). - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769). - CVE-2017-5753: Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1074578) The following non-security bugs were fixed: - ACPI/APEI: Handle GSIV and GPIO notification types (bsc#1115567). - ACPICA: Tables: Add WSMT support (bsc#1089350). - ACPI/CPPC: Check for valid PCC subspace only if PCC is used (bsc#1117115). - ACPI/CPPC: Update all pr_(debug/err) messages to log the susbspace id (bsc#1117115). - ACPI/IORT: Fix iort_get_platform_device_domain() uninitialized pointer value (bsc#1051510). - ACPI/LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers (bsc#1051510). - ACPI/NFTI: Fix ARS overflow continuation (bsc#1116895). - ACPI/NFIT: x86/mce: Handle only uncorrectable machine checks (bsc#1114279). - ACPI/NFIT: x86/mce: Validate a MCE's address before using it (bsc#1114279). - ACPI/platform: Add SMB0001 HID to forbidden_id_list (bsc#1051510). - ACPI/watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM (bsc#1051510). - act_ife: fix a potential use-after-free (networking-stable-18_09_11). - Add the cherry-picked dup id for PCI dwc fix - aio: fix spectre gadget in lookup_ioctx (bsc#1120594). - ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write (bsc#1051510). - ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bsc#1051510). - ALSA: control: Fix race between adding and removing a user element (bsc#1051510). - ALSA: cs46xx: Potential NULL dereference in probe (bsc#1051510). - ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - ALSA: emux: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - ALSA: fireface: fix for state to fetch PCM frames (bsc#1051510). - ALSA: fireface: fix reference to wrong register for clock configuration (bsc#1051510). - ALSA: firewire-lib: fix wrong assignment for 'out_packet_without_header' tracepoint (bsc#1051510). - ALSA: firewire-lib: fix wrong handling payload_length as payload_quadlet (bsc#1051510). - ALSA: firewire-lib: use the same print format for 'without_header' tracepoints (bsc#1051510). - ALSA: hda: Add ASRock N68C-S UCC the power_save blacklist (bsc#1051510). - ALSA: hda: add mute LED support for HP EliteBook 840 G4 (bsc#1051510). - ALSA: hda: Add support for AMD Stoney Ridge (bsc#1051510). - ALSA: hda/ca0132 - Call pci_iounmap() instead of iounmap() (bsc#1051510). - ALSA: hda/ca0132 - make pci_iounmap() call conditional (bsc#1051510). - ALSA: hda: fix front speakers on Huawei MBXP (bsc#1051510). - ALSA: hda/realtek - Add auto-mute quirk for HP Spectre x360 laptop (bsc#1051510). - ALSA: hda/realtek - Add GPIO data update helper (bsc#1051510). - ALSA: hda/realtek - Add support for Acer Aspire C24-860 headset mic (bsc#1051510). - ALSA: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225 (bsc#1051510). - ALSA: hda/realtek: ALC286 mic and headset-mode fixups for Acer Aspire U27-880 (bsc#1051510). - ALSA: hda/realtek: ALC294 mic and headset-mode fixups for ASUS X542UN (bsc#1051510). - ALSA: hda/realtek - Allow skipping spec->init_amp detection (bsc#1051510). - ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bsc#1051510). - ALSA: hda/realtek: Enable audio jacks of ASUS UX391UA with ALC294 (bsc#1051510). - ALSA: hda/realtek: Enable audio jacks of ASUS UX433FN/UX333FA with ALC294 (bsc#1051510). - ALSA: hda/realtek: Enable audio jacks of ASUS UX533FD with ALC294 (bsc#1051510). - ALSA: hda/realtek: Enable the headset mic auto detection for ASUS laptops (bsc#1051510). - ALSA: hda/realtek - Fixed headphone issue for ALC700 (bsc#1051510). - ALSA: hda/realtek - fix headset mic detection for MSI MS-B171 (bsc#1051510). - ALSA: hda/realtek - Fix HP Headset Mic can't record (bsc#1051510). - ALSA: hda/realtek: Fix mic issue on Acer AIO Veriton Z4660G (bsc#1051510). - ALSA: hda/realtek: Fix mic issue on Acer AIO Veriton Z4860G/Z6860G (bsc#1051510). - ALSA: hda/realtek - Fix speaker output regression on Thinkpad T570 (bsc#1051510). - ALSA: hda/realtek - Fix the mute LED regresion on Lenovo X1 Carbon (bsc#1051510). - ALSA: hda/realtek - fix the pop noise on headphone for lenovo laptops (bsc#1051510). - ALSA: hda/realtek - Manage GPIO bits commonly (bsc#1051510). - ALSA: hda/realtek - Simplify Dell XPS13 GPIO handling (bsc#1051510). - ALSA: hda/realtek - Support ALC300 (bsc#1051510). - ALSA: hda/realtek - Support Dell headset mode for New AIO platform (bsc#1051510). - ALSA: hda/tegra: clear pending irq handlers (bsc#1051510). - ALSA: oss: Use kvzalloc() for local buffer allocations (bsc#1051510). - ALSA: pcm: Call snd_pcm_unlink() conditionally at closing (bsc#1051510). - ALSA: pcm: Fix interval evaluation with openmin/max (bsc#1051510). - ALSA: pcm: Fix potential Spectre v1 vulnerability (bsc#1051510). - ALSA: pcm: Fix starvation on down_write_nonblock() (bsc#1051510). - ALSA: rme9652: Fix potential Spectre v1 vulnerability (bsc#1051510). - ALSA: sparc: Fix invalid snd_free_pages() at error path (bsc#1051510). - ALSA: trident: Suppress gcc string warning (bsc#1051510). - ALSA: usb-audio: Add SMSL D1 to quirks for native DSD support (bsc#1051510). - ALSA: usb-audio: Add support for Encore mDSD USB DAC (bsc#1051510). - ALSA: usb-audio: Add vendor and product name for Dell WD19 Dock (bsc#1051510). - ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit() (bsc#1051510). - ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks (bsc#1051510). - ALSA: wss: Fix invalid snd_free_pages() at error path (bsc#1051510). - ALSA: x86: Fix runtime PM for hdmi-lpe-audio (bsc#1051510). - amd/iommu: Fix Guest Virtual APIC Log Tail Address Register (bsc#1106105). - apparmor: do not try to replace stale label in ptrace access check (git-fixes). - apparmor: do not try to replace stale label in ptraceme check (git-fixes). - apparmor: Fix uninitialized value in aa_split_fqname (git-fixes). - arm64: Add work around for Arm Cortex-A55 Erratum 1024718 (bsc#1120612). - arm64: atomics: Remove '&' from '+&' asm constraint in lse atomics (bsc#1120613). - arm64: cpu_errata: include required headers (bsc#1120615). - arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing (bsc#1120633). - arm64: Fix /proc/iomem for reserved but not memory regions (bsc#1120632). - arm64: KVM: Move CPU ID reg trap setup off the world switch path (bsc#1110998). - arm64: KVM: Sanitize PSTATE.M when being set from userspace (bsc#1110998). - arm64: KVM: Tighten guest core register access from userspace (bsc#1110998). - arm64: lse: Add early clobbers to some input/output asm operands (bsc#1120614). - arm64: lse: remove -fcall-used-x0 flag (bsc#1120618). - arm64: mm: always enable CONFIG_HOLES_IN_ZONE (bsc#1120617). - arm64/numa: Report correct memblock range for the dummy node (bsc#1120620). - arm64/numa: Unify common error path in numa_init() (bsc#1120621). - arm64: remove no-op -p linker flag (bsc#1120616). - arm: dts: at91: add new compatibility string for macb on sama5d3 (bsc#1051510). - ASoC: dapm: Recalculate audio map forcely when card instantiated (bsc#1051510). - ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE to dwc (bsc#1085535) - ASoC: Intel: cht_bsw_max98090: add support for Baytrail (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Clapper (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Gnawty (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0 (bsc#1051510). - ASoC: Intel: mrfld: fix uninitialized variable access (bsc#1051510). - ASoC: omap-abe-twl6040: Fix missing audio card caused by deferred probing (bsc#1051510). - ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE (bsc#1051510). - ASoC: omap-mcbsp: Fix latency value calculation for pm_qos (bsc#1051510). - ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE (bsc#1051510). - ASoC: rsnd: fixup clock start checker (bsc#1051510). - ASoC: sun8i-codec: fix crash on module removal (bsc#1051510). - ASoC: wm_adsp: Fix dma-unsafe read of scratch registers (bsc#1051510). - ata: Fix racy link clearance (bsc#1107866). - ataflop: fix error handling during setup (bsc#1051510). - ath10k: do not assume this is a PCI dev in generic code (bsc#1051510). - ath10k: schedule hardware restart if WMI command times out (bsc#1051510). - ath6kl: Only use match sets when firmware supports it (bsc#1051510). - b43: Fix error in cordic routine (bsc#1051510). - batman-adv: Expand merged fragment buffer for full packet (bsc#1051510). - batman-adv: Use explicit tvlv padding for ELP packets (bsc#1051510). - bcache: fix miss key refill->end in writeback (Git-fixes). - bcache: trace missed reading by cache_missed (Git-fixes). - bitops: protect variables in bit_clear_unless() macro (bsc#1051510). - bitops: protect variables in set_mask_bits() macro (bsc#1051510). - blk-mq: remove synchronize_rcu() from blk_mq_del_queue_tag_set() (Git-fixes). - block: allow max_discard_segments to be stacked (Git-fixes). - block: blk_init_allocated_queue() set q->fq as NULL in the fail case (Git-fixes). - block: copy ioprio in __bio_clone_fast() (bsc#1082653). - block: really disable runtime-pm for blk-mq (Git-fixes). - block: reset bi_iter.bi_done after splitting bio (Git-fixes). - block: respect virtual boundary mask in bvecs (bsc#1113412). - block/swim: Fix array bounds check (Git-fixes). - Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bsc#1051510). - Bluetooth: SMP: fix crash in unpairing (bsc#1051510). - bnxt_en: do not try to offload VLAN 'modify' action (bsc#1050242 ). - bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request (bsc#1086282). - bnxt_en: Fix TX timeout during netpoll (networking-stable-18_10_16). - bnxt_en: Fix VNIC reservations on the PF (bsc#1086282 ). - bnxt_en: free hwrm resources, if driver probe fails (networking-stable-18_10_16). - bnxt_en: get the reduced max_irqs by the ones used by RDMA (bsc#1050242). - bonding: avoid possible dead-lock (networking-stable-18_10_16). - bonding: fix length of actor system (networking-stable-18_11_02). - bonding: fix warning message (networking-stable-18_10_16). - bonding: pass link-local packets to bonding master also (networking-stable-18_10_16). - bpf: fix check of allowed specifiers in bpf_trace_printk (bsc#1083647). - bpf: fix partial copy of map_ptr when dst is scalar (bsc#1083647). - bpf, net: add skb_mac_header_len helper (networking-stable-18_09_24). - bpf: use per htab salt for bucket hash (git-fixes). - bpf: wait for running BPF programs when updating map-in-map (bsc#1083647). - brcmfmac: fix for proper support of 160MHz bandwidth (bsc#1051510). - brcmfmac: fix reporting support for 160 MHz channels (bsc#1051510). - brcmutil: really fix decoding channel info for 160 MHz bandwidth (bsc#1051510). - bridge: do not add port to router list when receives query with source 0.0.0.0 (networking-stable-18_11_02). - Btrfs: Always try all copies when reading extent buffers (git-fixes). - Btrfs: delete dead code in btrfs_orphan_add() (bsc#1111469). - Btrfs: delete dead code in btrfs_orphan_commit_root() (bsc#1111469). - Btrfs: do not BUG_ON() in btrfs_truncate_inode_items() (bsc#1111469). - Btrfs: do not check inode's runtime flags under root->orphan_lock (bsc#1111469). - Btrfs: do not return ino to ino cache if inode item removal fails (bsc#1111469). - Btrfs: fix assertion failure during fsync in no-holes mode (bsc#1118136). - Btrfs: fix assertion on fsync of regular file when using no-holes feature (bsc#1118137). - Btrfs: fix cur_offset in the error case for nocow (bsc#1118140). - Btrfs: fix data corruption due to cloning of eof block (bsc#1116878). - Btrfs: fix deadlock on tree root leaf when finding free extent (bsc#1116876). - Btrfs: fix deadlock when writing out free space caches (bsc#1116700). - Btrfs: fix ENOSPC caused by orphan items reservations (bsc#1111469). - btrfs: Fix error handling in btrfs_cleanup_ordered_extents (git-fixes). - Btrfs: fix error handling in btrfs_truncate() (bsc#1111469). - Btrfs: fix error handling in btrfs_truncate_inode_items() (bsc#1111469). - Btrfs: fix fsync of files with multiple hard links in new directories (1120173). - Btrfs: fix infinite loop on inode eviction after deduplication of eof block (bsc#1116877). - Btrfs: Fix memory barriers usage with device stats counters (git-fixes). - Btrfs: fix null pointer dereference on compressed write path error (bsc#1116698). - Btrfs: fix use-after-free during inode eviction (bsc#1116701). - Btrfs: fix use-after-free on root->orphan_block_rsv (bsc#1111469). - Btrfs: fix use-after-free when dumping free space (bsc#1116862). - Btrfs: fix warning when replaying log after fsync of a tmpfile (bsc#1116692). - Btrfs: fix wrong dentries after fsync of file that got its parent replaced (bsc#1116693). - Btrfs: get rid of BTRFS_INODE_HAS_ORPHAN_ITEM (bsc#1111469). - Btrfs: get rid of unused orphan infrastructure (bsc#1111469). - Btrfs: make sure we create all new block groups (bsc#1116699). - Btrfs: move btrfs_truncate_block out of trans handle (bsc#1111469). - Btrfs: protect space cache inode alloc with GFP_NOFS (bsc#1116863). - Btrfs: qgroup: Dirty all qgroups before rescan (bsc#1120036). - Btrfs: refactor btrfs_evict_inode() reserve refill dance (bsc#1111469). - Btrfs: renumber BTRFS_INODE_ runtime flags and switch to enums (bsc#1111469). - Btrfs: reserve space for O_TMPFILE orphan item deletion (bsc#1111469). - btrfs: run delayed items before dropping the snapshot (bsc#1121263, bsc#1111188). - Btrfs: send, fix infinite loop due to directory rename dependencies (bsc#1118138). - Btrfs: stop creating orphan items for truncate (bsc#1111469). - Btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875). - Btrfs: update stale comments referencing vmtruncate() (bsc#1111469). - cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) (bsc#1051510). - can: dev: __can_get_echo_skb(): Do not crash the kernel if can_priv::echo_skb is accessed out of bounds (bsc#1051510). - can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() (bsc#1051510). - can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb (bsc#1051510). - can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length (bsc#1051510). - can: flexcan: flexcan_irq(): fix indention (bsc#1051510). - can: hi311x: Use level-triggered interrupt (bsc#1051510). - can: raw: check for CAN FD capable netdev in raw_sendmsg() (bsc#1051510). - can: rcar_can: Fix erroneous registration (bsc#1051510). - can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions (bsc#1051510). - cdc-acm: correct counting of UART states in serial state notification (bsc#1051510). - cdc-acm: do not reset notification buffer index upon urb unlinking (bsc#1051510). - cdrom: do not attempt to fiddle with cdo->capability (bsc#1051510). - ceph: do not update importing cap's mseq when handing cap export (bsc#1121273). - ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839). - ceph: quota: fix null pointer dereference in quota check (bsc#1114839). - cfg80211: Address some corner cases in scan result channel updating (bsc#1051510). - cfg80211: fix use-after-free in reg_process_hint() (bsc#1051510). - char_dev: extend dynamic allocation of majors into a higher range (bsc#1121058). - char_dev: Fix off-by-one bugs in find_dynamic_major() (bsc#1121058). - clk: at91: Fix division by zero in PLL recalc_rate() (bsc#1051510). - clk: fixed-factor: fix of_node_get-put imbalance (bsc#1051510). - clk: fixed-rate: fix of_node_get-put imbalance (bsc#1051510). - clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk (bsc#1051510). - clk: mmp: Off by one in mmp_clk_add() (bsc#1051510). - clk: mvebu: Off by one bugs in cp110_of_clk_get() (bsc#1051510). - clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call (bsc#1051510). - clk: s2mps11: Add used attribute to s2mps11_dt_match (bsc#1051510). - clk: s2mps11: Fix matching when built as module and DT node contains compatible (bsc#1051510). - clk: samsung: exynos5420: Enable PERIS clocks for suspend (bsc#1051510). - clockevents/drivers/i8253: Add support for PIT shutdown quirk (bsc#1051510). - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations (git-fixes). - config: arm64: enable erratum 1024718 - configfs: replace strncpy with memcpy (bsc#1051510). - cpufeature: avoid warning when compiling with clang (Git-fixes). - cpufreq / CPPC: Add cpuinfo_cur_freq support for CPPC (bsc#1117115). - cpufreq: CPPC: fix build in absence of v3 support (bsc#1117115). - cpupower: remove stringop-truncation waring (git-fixes). - crypto: bcm - fix normal/non key hash algorithm failure (bsc#1051510). - crypto: ccp - Add DOWNLOAD_FIRMWARE SEV command (). - crypto: ccp - Add GET_ID SEV command (). - crypto: ccp - Add psp enabled message when initialization succeeds (). - crypto: ccp - Add support for new CCP/PSP device ID (). - crypto: ccp - Allow SEV firmware to be chosen based on Family and Model (). - crypto: ccp - Fix static checker warning (). - crypto: ccp - Remove unused #defines (). - crypto: ccp - Support register differences between PSP devices (). - crypto: simd - correctly take reqsize of wrapped skcipher into account (bsc#1051510). - dasd: fix deadlock in dasd_times_out (bsc#1121477, LTC#174111). - dax: Check page->mapping isn't NULL (bsc#1120054). - dax: Do not access a freed inode (bsc#1120055). - device property: Define type of PROPERTY_ENRTY_*() macros (bsc#1051510). - device property: fix fwnode_graph_get_next_endpoint() documentation (bsc#1051510). - disable INFINIBAND_USNIC - disable SERIAL_NONSTANDARD - disable stringop truncation warnings for now (git-fixes). - dm: allocate struct mapped_device with kvzalloc (Git-fixes). - dm cache: destroy migration_cache if cache target registration failed (Git-fixes). - dm cache: fix resize crash if user does not reload cache table (Git-fixes). - dm cache metadata: ignore hints array being too small during resize (Git-fixes). - dm cache metadata: save in-core policy_hint_size to on-disk superblock (Git-fixes). - dm cache metadata: set dirty on all cache blocks after a crash (Git-fixes). - dm cache: only allow a single io_mode cache feature to be requested (Git-fixes). - dm crypt: do not decrease device limits (Git-fixes). - dm: fix report zone remapping to account for partition offset (Git-fixes). - dm integrity: change 'suspending' variable from bool to int (Git-fixes). - dm ioctl: harden copy_params()'s copy_from_user() from malicious users (Git-fixes). - dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled (Git-fixes). - dm linear: fix linear_end_io conditional definition (Git-fixes). - dm thin: handle running out of data space vs concurrent discard (Git-fixes). - dm thin metadata: remove needless work from __commit_transaction (Git-fixes). - dm thin: stop no_space_timeout worker when switching to write-mode (Git-fixes). - dm writecache: fix a crash due to reading past end of dirty_bitmap (Git-fixes). - dm writecache: report start_sector in status line (Git-fixes). - dm zoned: fix metadata block ref counting (Git-fixes). - dm zoned: fix various dmz_get_mblock() issues (Git-fixes). - doc/README.SUSE: correct GIT url No more gitorious, github we use. - Documentation/l1tf: Fix typos (bsc#1051510). - Documentation/l1tf: Remove Yonah processors from not vulnerable list (bsc#1051510). - driver/dma/ioat: Call del_timer_sync() without holding prep_lock (bsc#1051510). - Drivers: HV: Send one page worth of kmsg dump over Hyper-V during panic (bsc#1107207). - Drivers: hv: vmbus: Add comments on ring buffer signaling (bsc#1107207). - Drivers: hv: vmbus: add numa_node to sysfs (bsc#1107207). - Drivers: hv: vmbus: Cleanup synic memory free path (bsc#1107207). - Drivers: hv: vmbus: enable VMBus protocol version 5.0 (bsc#1107207). - Drivers: hv: vmbus: Fix the issue with freeing up hv_ctl_table_hdr (bsc#1107207). - Drivers: hv: vmbus: Get rid of MSR access from vmbus_drv.c (bsc#1107207). - Drivers: hv: vmbus: Implement Direct Mode for stimer0 (bsc#1107207). - Drivers: hv: vmbus: Make TLFS #define names architecture neutral (bsc#1107207). - Drivers: hv: vmbus: Removed an unnecessary cast from void * (bsc#1107207). - Drivers: hv: vmbus: Remove use of slow_virt_to_phys() (bsc#1107207). - Drivers: hv: vmbus: Remove x86-isms from arch independent drivers (bsc#1107207). - Drivers: hv: vmbus: Remove x86 MSR refs in arch independent code (bsc#1107207). - Drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() (bsc#1107207). - Drivers: hv: vmbus: respect what we get from hv_get_synint_state() (bsc#1107207). - Drivers: hv: vmbus: Use get/put_cpu() in vmbus_connect() (bsc#1107207). - Drivers: hv: vmus: Fix the check for return value from kmsg get dump buffer (bsc#1107207). - Drivers/net/usb: add device id for TP-LINK UE300 USB 3.0 Ethernet (bsc#1119749). - Drivers/net/usb/r8152: remove the unneeded variable 'ret' in rtl8152_system_suspend (bsc#1119749). - Drivers/tty: add missing of_node_put() (bsc#1051510). - drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type (bsc#1051510). - drm/amdgpu/gmc8: update MC firmware for polaris (bsc#1113722) - drm/amdgpu: update mc firmware image for polaris12 variants (bsc#1113722) - drm/amdgpu: update SMC firmware image for polaris10 variants (bsc#1113722) - drm/ast: change resolution may cause screen blurred (boo#1112963). - drm/ast: fixed cursor may disappear sometimes (bsc#1051510). - drm/ast: Fix incorrect free on ioregs (bsc#1051510). - drm/ast: Remove existing framebuffers before loading driver (boo#1112963) - drm/dp_mst: Check if primary mstb is null (bsc#1051510). - drm/dp_mst: Skip validating ports during destruction, just ref (bsc#1051510). - drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510). - drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl (bsc#1113722) - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1113722) - drm: fb-helper: Reject all pixel format changing requests (bsc#1113722) - drm/i915: Do not oops during modeset shutdown after lpe audio deinit (bsc#1051510). - drm/i915: Do not unset intel_connector->mst_port (bsc#1051510). - drm/i915/execlists: Apply a full mb before execution for Braswell (bsc#1113722) - drm/i915/execlists: Force write serialisation into context image vs execution (bsc#1051510). - drm/i915: Fix ilk+ watermarks when disabling pipes (bsc#1051510). - drm/i915/glk: Remove 99% limitation (bsc#1051510). - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bsc#1051510). - drm/i915: Large page offsets for pread/pwrite (bsc#1051510). - drm/i915: Mark pin flags as u64 (bsc#1051510). - drm/i915: Skip vcpi allocation for MSTB ports that are gone (bsc#1051510). - drm/i915: Write GPU relocs harder with gen3 (bsc#1051510). - drm/ioctl: Fix Spectre v1 vulnerabilities (bsc#1113722) - drm/meson: add support for 1080p25 mode (bsc#1051510). - drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config (bsc#1051510). - drm/meson: Fix OOB memory accesses in meson_viu_set_osd_lut() (bsc#1051510). - drm/nouveau: Check backlight IDs are >= 0, not > 0 (bsc#1051510). - drm/nouveau/kms: Fix memory leak in nv50_mstm_del() (bsc#1113722) - drm/omap: fix memory barrier bug in DMM driver (bsc#1051510). - drm: rcar-du: Fix external clock error checks (bsc#1113722) - drm: rcar-du: Fix vblank initialization (bsc#1113722) - drm/rockchip: Allow driver to be shutdown on reboot/kexec (bsc#1051510). - drm/rockchip: psr: do not dereference encoder before it is null (bsc#1113722) - drm: set is_master to 0 upon drm_new_set_master() failure (bsc#1113722) - drm/vc4: Set ->is_yuv to false when num_planes == 1 (bsc#1113722) - drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE (bsc#1113722) - dt-bindings: add compatible string for Allwinner V3s SoC (git-fixes). - dt-bindings: arm: Document SoC compatible value for Armadillo-800 EVA (git-fixes). - dt-bindings: clock: add rk3399 DDR3 standard speed bins (git-fixes). - dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4 (git-fixes). - dt-bindings: iio: update STM32 timers clock names (git-fixes). - dt-bindings: mfd: axp20x: Add AXP806 to supported list of chips (git-fixes). - dt-bindings: net: Remove duplicate NSP Ethernet MAC binding document (git-fixes). - dt-bindings: panel: lvds: Fix path to display timing bindings (git-fixes). - dt-bindings: phy: sun4i-usb-phy: Add property descriptions for H3 (git-fixes). - dt-bindings: pwm: renesas: tpu: Fix 'compatible' prop description (git-fixes). - dt-bindings: pwm: Update STM32 timers clock names (git-fixes). - dt-bindings: rcar-dmac: Document missing error interrupt (git-fixes). - EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting (bsc#1114279). - EDAC, skx_edac: Fix logical channel intermediate decoding (bsc#1114279). - efi: Move some sysfs files to be read-only by root (bsc#1051510). - enable CONFIG_SCSI_MQ_DEFAULT (bsc#1107207) - ethernet: fman: fix wrong of_node_put() in probe function (bsc#1119017). - exportfs: fix 'passing zero to ERR_PTR()' warning (bsc#1118773). - ext2: fix potential use after free (bsc#1118775). - ext4: add missing brelse() add_new_gdb_meta_bg()'s error path (bsc#1117795). - ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path (bsc#1117794). - ext4: add missing brelse() update_backups()'s error path (bsc#1117796). - ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802). - ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty() (bsc#1117801). - ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#1118760). - ext4: avoid potential extra brelse in setup_new_flex_group_blocks() (bsc#1117792). - ext4: fix buffer leak in __ext4_read_dirblock() on error path (bsc#1117807). - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806). - ext4: fix EXT4_IOC_GROUP_ADD ioctl (bsc#1120604). - ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing (bsc#1117798). - ext4: fix possible inode leak in the retry loop of ext4_resize_fs() (bsc#1117799). - ext4: fix possible leak of sbi->s_group_desc_leak in error path (bsc#1117803). - ext4: fix possible leak of s_journal_flag_rwsem in error path (bsc#1117804). - ext4: fix possible use after free in ext4_quota_enable (bsc#1120602). - ext4: fix setattr project check in fssetxattr ioctl (bsc#1117789). - ext4: fix use-after-free race in ext4_remount()'s error path (bsc#1117791). - ext4: initialize retries variable in ext4_da_write_inline_data_begin() (bsc#1117788). - ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() (bsc#1120603). - ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR (bsc#1117790). - ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805). - extable: Consolidate *kernel_text_address() functions (bsc#1120092). - extable: Enable RCU if it is not watching in kernel_text_address() (bsc#1120092). - fanotify: fix handling of events on child sub-directory (bsc#1122019). - fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1113722) - fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1113722) - fbdev: fix broken menu dependencies (bsc#1113722) - filesystem-dax: Fix dax_layout_busy_page() livelock (bsc#1118787). - firmware: add firmware_request_nowarn() - load firmware without warnings (). - firmware: dcdbas: Add support for WSMT ACPI table (bsc#1089350 ). - firmware: dcdbas: include linux/io.h (bsc#1089350). - Fix kABI for 'Ensure we commit after writeback is complete' (bsc#1111809). - Fix the breakage of KMP build on x86_64 (bsc#1121017) The backport of the commit 4cd24de3a098 broke KMP builds because of the failure of make kernelrelease call in spec file. Clear the blacklist and backport the fix from the upstream. - Fix tracing sample code warning (git-fixes). - floppy: fix race condition in __floppy_read_block_0() (bsc#1051510). - flow_dissector: do not dissect l4 ports for fragments (networking-stable-18_11_21). - fscache: fix race between enablement and dropping of object (bsc#1107385). - fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (Git-fixes). - fscache: Pass the correct cancelled indications to fscache_op_complete() (Git-fixes). - fs: fix lost error code in dio_complete (bsc#1118762). - fs: Make extension of struct super_block transparent (bsc#1117822). - fsnotify: Fix busy inodes during unmount (bsc#1117822). - fsnotify: fix ignore mask logic in fsnotify() (bsc#1115074). - fs/xfs: Use %pS printk format for direct addresses (git-fixes). - ftrace: Fix debug preempt config name in stack_tracer_{en,dis}able (bsc#1117172). - ftrace: Fix kmemleak in unregister_ftrace_graph (bsc#1117181). - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bsc#1117174). - ftrace: Remove incorrect setting of glob search field (bsc#1117184). - fuse: fix blocked_waitq wakeup (git-fixes). - fuse: fix leaked notify reply (git-fixes). - fuse: fix possibly missed wake-up after abort (git-fixes). - fuse: Fix use-after-free in fuse_dev_do_read() (git-fixes). - fuse: Fix use-after-free in fuse_dev_do_write() (git-fixes). - fuse: fix use-after-free in fuse_direct_IO() (git-fixes). - fuse: set FR_SENT while locked (git-fixes). - gcc-plugins: Add include required by GCC release 8 (git-fixes). - gcc-plugins: Use dynamic initializers (git-fixes). - genirq: Fix race on spurious interrupt detection (bsc#1051510). - gfs2: Do not leave s_fs_info pointing to freed memory in init_sbd (bsc#1118769). - gfs2: Fix loop in gfs2_rbm_find (bsc#1120601). - gfs2: Get rid of potential double-freeing in gfs2_create_inode (bsc#1120600). - gfs2_meta: ->mount() can get NULL dev_name (bsc#1118768). - gfs2: Put bitmap buffers in put_super (bsc#1118772). - git_sort.py: Remove non-existent remote tj/libata - gpio: davinci: Remove unused member of davinci_gpio_controller (git-fixes). - gpio: do not free unallocated ida on gpiochip_add_data_with_key() error path (bsc#1051510). - gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers (bsc#1051510). - gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (bsc#1051510). - gpio: max7301: fix driver for use with CONFIG_VMAP_STACK (bsc#1051510). - gpio: mvebu: only fail on missing clk if pwm is actually to be used (bsc#1051510). - grace: replace BUG_ON by WARN_ONCE in exit_net hook (git-fixes). - gso_segment: Reset skb->mac_len after modifying network header (networking-stable-18_09_24). - HID: Add quirk for Primax PIXART OEM mice (bsc#1119410). - HID: hiddev: fix potential Spectre v1 (bsc#1051510). - HID: input: Ignore battery reported by Symbol DS4308 (bsc#1051510). - HID: multitouch: Add pointstick support for Cirque Touchpad (bsc#1051510). - HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges (bsc#1051510). - hv: add SPDX license id to Kconfig (bsc#1107207). - hv: add SPDX license to trace (bsc#1107207). - hv_balloon: trace post_status (bsc#1107207). - hv_netvsc: Add handlers for ethtool get/set msg level (bsc#1107207). - hv_netvsc: Add NetVSP v6 and v6.1 into version negotiation (bsc#1107207). - hv_netvsc: Add per-cpu ethtool stats for netvsc (bsc#1107207). - hv_netvsc: Add range checking for rx packet offset and length (bsc#1107207). - hv_netvsc: add trace points (bsc#1107207). - hv_netvsc: Clean up extra parameter from rndis_filter_receive_data() (bsc#1107207). - hv_netvsc: fix bogus ifalias on network device (bsc#1107207). - hv_netvsc: fix network namespace issues with VF support (bsc#1107207). - hv_netvsc: Fix the return status in RX path (bsc#1107207). - hv_netvsc: Fix the variable sizes in ipsecv2 and rsc offload (bsc#1107207). - hv_netvsc: fix vf serial matching with pci slot info (bsc#1107207). - hv_netvsc: ignore devices that are not PCI (networking-stable-18_09_11). - hv_netvsc: move VF to same namespace as netvsc device (bsc#1107207). - hv_netvsc: pair VF based on serial number (bsc#1107207). - hv_netvsc: Pass net_device parameter to revoke and teardown functions (bsc#1107207). - hv_netvsc: pass netvsc_device to rndis halt (bsc#1107207). - hv_netvsc: propogate Hyper-V friendly name into interface alias (bsc#1107207). - hv_netvsc: select needed ucs2_string routine (bsc#1107207). - hv_netvsc: simplify receive side calling arguments (bsc#1107207). - hv_netvsc: typo in NDIS RSS parameters structure (bsc#1107207). - hv: Synthetic typo correction (bsc#1107207). - hv_vmbus: Correct the stale comments regarding cpu affinity (bsc#1107207). - hwmon: (core) Fix double-free in __hwmon_device_register() (bsc#1051510). - hwmon: (ibmpowernv) Remove bogus __init annotations (bsc#1051510). - hwmon: (ina2xx) Fix current value calculation (bsc#1051510). - hwmon (ina2xx) Fix NULL id pointer in probe() (bsc#1051510). - hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510). - hwmon: (pmbus) Fix page count auto-detection (bsc#1051510). - hwmon: (pwm-fan) Set fan speed to 0 on suspend (bsc#1051510). - hwmon: (raspberrypi) Fix initial notify (bsc#1051510). - hwmon: (w83795) temp4_type has writable permission (bsc#1051510). - hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - hyper-v: use GFP_KERNEL for hv_context.hv_numa_map (bsc#1107207). - i2c: axxia: properly handle master timeout (bsc#1051510). - i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node (bsc#1051510). - IB/hfi1: Add mtu check for operational data VLs (bsc#1060463 ). - ibmvnic: Convert reset work item mutex to spin lock (). - ibmvnic: fix accelerated VLAN handling (). - ibmvnic: fix index in release_rx_pools (bsc#1115440, bsc#1115433). - ibmvnic: Fix non-atomic memory allocation in IRQ context (). - ibmvnic: remove ndo_poll_controller (). - ibmvnic: Update driver queues after change in ring size support (). - IB/rxe: support for 802.1q VLAN on the listener (bsc#1082387). - ieee802154: 6lowpan: set IFLA_LINK (bsc#1051510). - ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510). - ieee802154: at86rf230: use __func__ macro for debug messages (bsc#1051510). - ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510). - iio: accel: adxl345: convert address field usage in iio_chan_spec (bsc#1051510). - iio: ad5064: Fix regulator handling (bsc#1051510). - iio:st_magn: Fix enable device after trigger (bsc#1051510). - ima: fix showing large 'violations' or 'runtime_measurements_count' (bsc#1051510). - include/linux/pfn_t.h: force '~' to be parsed as an unary operator (bsc#1051510). - include modules.fips in kernel-binary as well as kernel-binary-base (). - inet: make sure to grab rcu_read_lock before using ireq->ireq_opt (networking-stable-18_10_16). - initramfs: fix initramfs rebuilds w/ compression after disabling (git-fixes). - Input: add official Raspberry Pi's touchscreen driver (). - Input: cros_ec_keyb - fix button/switch capability reports (bsc#1051510). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR (bsc#1051510). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bsc#1051510). - Input: elan_i2c - add ELAN0620 to the ACPI table (bsc#1051510). - Input: elan_i2c - add support for ELAN0621 touchpad (bsc#1051510). - Input: hyper-v - fix wakeup from suspend-to-idle (bsc#1051510). - Input: matrix_keypad - check for errors from of_get_named_gpio() (bsc#1051510). - Input: nomadik-ske-keypad - fix a loop timeout test (bsc#1051510). - Input: omap-keypad - fix keyboard debounce configuration (bsc#1051510). - Input: synaptics - add PNP ID for ThinkPad P50 to SMBus (bsc#1051510). - Input: synaptics - avoid using uninitialized variable when probing (bsc#1051510). - Input: synaptics - enable SMBus for HP 15-ay000 (bsc#1051510). - Input: xpad - add PDP device id 0x02a4 (bsc#1051510). - Input: xpad - add support for Xbox1 PDP Camo series gamepad (bsc#1051510). - Input: xpad - avoid using __set_bit() for capabilities (bsc#1051510). - Input: xpad - fix some coding style issues (bsc#1051510). - Input: xpad - quirk all PDP Xbox One gamepads (bsc#1051510). - integrity/security: fix digsig.c build error with header file (bsc#1051510). - intel_th: msu: Fix an off-by-one in attribute store (bsc#1051510). - iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105). - iommu/arm-smmu: Ensure that page-table updates are visible before TLBI (bsc#1106237). - iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105). - iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() (bsc#1106105). - iommu/vt-d: Handle domain agaw being less than iommu agaw (bsc#1106105). - iommu/vt-d: Use memunmap to free memremap (bsc#1106105). - ip6_tunnel: be careful when accessing the inner header (networking-stable-18_10_16). - ip6_tunnel: Fix encapsulation layout (networking-stable-18_11_02). - ip6_vti: fix a null pointer deference when destroy vti6 tunnel (networking-stable-18_09_11). - ipmi: Fix timer race with module unload (bsc#1051510). - ip_tunnel: be careful when accessing the inner header (networking-stable-18_10_16). - ip_tunnel: do not force DF when MTU is locked (networking-stable-18_11_21). - ipv4: lock mtu in fnhe when received PMTU &lt; net.ipv4.route.min_pmtu (networking-stable-18_11_21). - ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state (networking-stable-18_09_11). - ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF (networking-stable-18_11_21). - ipv6: fix possible use-after-free in ip6_xmit() (networking-stable-18_09_24). - ipv6: mcast: fix a use-after-free in inet6_mc_check (networking-stable-18_11_02). - ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called (networking-stable-18_11_02). - ipv6: take rcu lock in rawv6_send_hdrinc() (networking-stable-18_10_16). - iwlwifi: add new cards for 9560, 9462, 9461 and killer series (bsc#1051510). - iwlwifi: dbg: allow wrt collection before ALIVE (bsc#1051510). - iwlwifi: do not WARN on trying to dump dead firmware (bsc#1051510). - iwlwifi: fix LED command capability bit (bsc#1119086). - iwlwifi: fix non_shared_ant for 22000 devices (bsc#1119086). - iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE (bsc#1119086). - iwlwifi: mvm: check for short GI only for OFDM (bsc#1051510). - iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() (bsc#1051510). - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT to old firmwares (bsc#1119086). - iwlwifi: mvm: do not use SAR Geo if basic SAR is not used (bsc#1051510). - iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510). - iwlwifi: mvm: fix regulatory domain update when the firmware starts (bsc#1051510). - iwlwifi: mvm: support sta_statistics() even on older firmware (bsc#1051510). - iwlwifi: nvm: get num of hw addresses from firmware (bsc#1119086). - iwlwifi: pcie: avoid empty free RB queue (bsc#1051510). - iwlwifi: pcie: do not reset TXQ write pointer (bsc#1051510). - jffs2: free jffs2_sb_info through jffs2_kill_sb() (bsc#1118767). - jump_label: Split out code under the hotplug lock (bsc#1106913). - KABI fix for 'NFSv4.1: Fix up replays of interrupted requests' (git-fixes). - KABI: hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - KABI: mask raw in struct bpf_reg_state (bsc#1083647). - KABI: powerpc: Revert npu callback signature change (bsc#1055120). - KABI protect hnae_ae_ops (bsc#1104353). - KABI: protect struct fib_nh_exception (kabi). - KABI: protect struct rtable (kabi). - kbuild: allow to use GCC toolchain not in Clang search path (git-fixes). - kbuild: fix kernel/bounds.c 'W=1' warning (bsc#1051510). - kbuild: fix linker feature test macros when cross compiling with Clang (git-fixes). - kbuild: make missing $DEPMOD a Warning instead of an Error (git-fixes). - kbuild: move '_all' target out of $(KBUILD_SRC) conditional (bsc#1114279). - kbuild: rpm-pkg: keep spec file until make mrproper (git-fixes). - Kbuild: suppress packed-not-aligned warning for default setting only (git-fixes). - kbuild: verify that $DEPMOD is installed (git-fixes). - kdb: use memmove instead of overlapping memcpy (bsc#1120954). - kernfs: Replace strncpy with memcpy (bsc#1120053). - keys: Fix the use of the C++ keyword 'private' in uapi/linux/keyctl.h (Git-fixes). - kgdboc: Passing ekgdboc to command line causes panic (bsc#1051510). - kobject: Replace strncpy with memcpy (git-fixes). - kprobes: Make list and blacklist root user read only (git-fixes). - KVM: arm/arm64: Introduce vcpu_el1_is_32bit (bsc#1110998). - KVM: hyperv: idr_find needs RCU protection (bsc#1107207). - KVM: introduce kvm_make_vcpus_request_mask() API (bsc#1107207). - KVM: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240). - KVM: nVMX: move check_vmentry_postreqs() call to nested_vmx_enter_non_root_mode() (bsc#1106240). - KVM: PPC: Book3S PR: Enable use on POWER9 inside HPT-mode guests (bsc#1118484). - KVM: s390: vsie: copy wrapping keys to right place (git-fixes). - KVM: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb (bsc#1114279). - KVM: VMX: re-add ple_gap module parameter (bsc#1106240). - KVM: x86: ensure all MSRs can always be KVM_GET/SET_MSR'd (bsc#1107207). - KVM: x86: factor out kvm.arch.hyperv (de)init (bsc#1107207). - KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall (bsc#1106240). - KVM: x86: hyperv: delete dead code in kvm_hv_hypercall() (bsc#1107207). - KVM: x86: hyperv: do rep check for each hypercall separately (bsc#1107207). - KVM: x86: hyperv: guest->host event signaling via eventfd (bsc#1107207). - KVM: x86: hyperv: simplistic HVCALL_FLUSH_VIRTUAL_ADDRESS_{LIST,SPACE}_EX implementation (bsc#1107207). - KVM: x86: hyperv: simplistic HVCALL_FLUSH_VIRTUAL_ADDRESS_{LIST,SPACE} implementation (bsc#1107207). - KVM: x86: hyperv: use defines when parsing hypercall parameters (bsc#1107207). - KVM: x86: VMX: hyper-v: Enlightened MSR-Bitmap support (bsc#1107207). - libata: whitelist all SAMSUNG MZ7KM* solid-state disks (bsc#1051510). - libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839). - libceph: fall back to sendmsg for slab pages (bsc#1118316). - libertas: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510). - libertas_tf: prevent underflow in process_cmdrequest() (bsc#1119086). - libnvdimm: Hold reference on parent while scheduling async init (bsc#1116891). - libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1118962). - libnvdimm, pmem: Fix badblocks population for 'raw' namespaces (bsc#1118788). - libnvdimm, region: Fail badblocks listing for inactive regions (bsc#1116899). - lib/raid6: Fix arm64 test build (bsc#1051510). - lib/ubsan.c: do not mark __ubsan_handle_builtin_unreachable as noreturn (bsc#1051510). - Limit max FW API version for QCA9377 (bsc#1121714, bsc#1121715). - linux/bitmap.h: fix type of nbits in bitmap_shift_right() (bsc#1051510). - llc: set SOCK_RCU_FREE in llc_sap_add_socket() (networking-stable-18_11_02). - locking/barriers: Convert users of lockless_dereference() to READ_ONCE() (Git-fixes). - locking/static_keys: Improve uninitialized key warning (bsc#1106913). - mac80211: Always report TX status (bsc#1051510). - mac80211: Clear beacon_int in ieee80211_do_stop (bsc#1051510). - mac80211: fix reordering of buffered broadcast packets (bsc#1051510). - mac80211: fix TX status reporting for ieee80211s (bsc#1051510). - mac80211_hwsim: do not omit multicast announce of first added radio (bsc#1051510). - mac80211_hwsim: fix module init error paths for netlink (bsc#1051510). - mac80211_hwsim: Timer should be initialized before device registered (bsc#1051510). - mac80211: ignore NullFunc frames in the duplicate detection (bsc#1051510). - mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext (bsc#1051510). - mac80211: TDLS: fix skb queue/priority assignment (bsc#1051510). - mach64: fix display corruption on big endian machines (bsc#1113722) - mach64: fix image corruption due to reading accelerator registers (bsc#1113722) - mailbox: PCC: handle parse error (bsc#1051510). - Mark HI and TASKLET softirq synchronous (git-fixes). - md: allow metadata updates while suspending an array - fix (git-fixes). - MD: fix invalid stored role for a disk - try2 (git-fixes). - md: fix raid10 hang issue caused by barrier (git-fixes). - media: em28xx: Fix use-after-free when disconnecting (bsc#1051510). - media: em28xx: make v4l2-compliance happier by starting sequence on zero (bsc#1051510). - media: omap3isp: Unregister media device as first (bsc#1051510). - memory_hotplug: cond_resched in __remove_pages (bnc#1114178). - mfd: menelaus: Fix possible race condition and leak (bsc#1051510). - mfd: omap-usb-host: Fix dts probe of children (bsc#1051510). - mlxsw: spectrum: Fix IP2ME CPU policer configuration (networking-stable-18_11_21). - mmc: bcm2835: reset host on timeout (bsc#1051510). - mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support (bsc#1051510). - mmc: core: Reset HPI enabled state during re-init and in case of errors (bsc#1051510). - mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl (bsc#1051510). - mmc: dw_mmc-bluefield: Add driver extension (bsc#1118752). - mmc: dw_mmc-k3: add sd support for hi3660 (bsc#1118752). - mmc: dw_mmc-rockchip: correct property names in debug (bsc#1051510). - MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 (bsc#1051510). - mmc: omap_hsmmc: fix DMA API warning (bsc#1051510). - mmc: sdhci: fix the timeout check window for clock and reset (bsc#1051510). - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 (bsc#1051510). - mm: do not miss the last page because of round-off error (bnc#1118798). - mm: do not warn about large allocations for slab (git fixes (slab)). - mm: handle no memcg case in memcg_kmem_charge() properly (bnc#1113677). - mm/huge_memory.c: reorder operations in __split_huge_page_tail() (VM Functionality bsc#1119962). - mm/huge_memory: fix lockdep complaint on 32-bit i_size_read() (VM Functionality, bsc#1121599). - mm/huge_memory: rename freeze_page() to unmap_page() (VM Functionality, bsc#1121599). - mm/huge_memory: splitting set mapping+index before unfreeze (VM Functionality, bsc#1121599). - mm: hugetlb: yield when prepping struct pages (git fixes (memory initialisation)). - mm/khugepaged: collapse_shmem() do not crash on Compound (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() remember to clear holes (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() stop if punched or truncated (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() without freezing new_page (VM Functionality, bsc#1121599). - mm/khugepaged: fix crashes due to misaccounted holes (VM Functionality, bsc#1121599). - mm/khugepaged: minor reorderings in collapse_shmem() (VM Functionality, bsc#1121599). - mm: lower the printk loglevel for __dump_page messages (generic hotplug debugability). - mm, memory_hotplug: be more verbose for memory offline failures (generic hotplug debugability). - mm, memory_hotplug: drop pointless block alignment checks from __offline_pages (generic hotplug debugability). - mm, memory_hotplug: print reason for the offlining failure (generic hotplug debugability). - mm: migration: fix migration of huge PMD shared pages (bnc#1086423). - mm: only report isolation failures when offlining memory (generic hotplug debugability). - mm: print more information about mapping in __dump_page (generic hotplug debugability). - mm: put_and_wait_on_page_locked() while page is migrated (bnc#1109272). - mm: rework memcg kernel stack accounting (bnc#1113677). - mm: sections are not offlined during memory hotremove (bnc#1119968). - mm: shmem.c: Correctly annotate new inodes for lockdep (Git fixes: shmem). - mm/vmstat.c: fix NUMA statistics updates (git fixes). - mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts (bsc#1117819). - mount: Prevent MNT_DETACH from disconnecting locked mounts (bsc#1117820). - mount: Retest MNT_LOCKED in do_umount (bsc#1117818). - Move dell_rbu fix to sorted section (bsc#1087978). - Move USB-audio UAF fix patch to sorted section - mtd: cfi: convert inline functions to macros (git-fixes). - mtd: Fix comparison in map_word_andequal() (git-fixes). - namei: allow restricted O_CREAT of FIFOs and regular files (bsc#1118766). - nbd: do not allow invalid blocksize settings (Git-fixes). - neighbour: confirm neigh entries when ARP packet is received (networking-stable-18_09_24). - net/af_iucv: drop inbound packets with invalid flags (bnc#1113501, LTC#172679). - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1113501, LTC#172679). - net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT (networking-stable-18_09_24). - net: aquantia: memory corruption on jumbo frames (networking-stable-18_10_16). - net: bcmgenet: Poll internal PHY for GENETv5 (networking-stable-18_11_02). - net: bcmgenet: protect stop from timeout (networking-stable-18_11_21). - net: bcmgenet: use MAC link status for fixed phy (networking-stable-18_09_11). - net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() (bsc#1051510). - net: bridge: remove ipv6 zero address check in mcast queries (git-fixes). - net: dsa: bcm_sf2: Call setup during switch resume (networking-stable-18_10_16). - net: dsa: bcm_sf2: Fix unbind ordering (networking-stable-18_10_16). - net: dsa: mv88e6xxx: Fix binding documentation for MDIO busses (git-fixes). - net: dsa: qca8k: Add QCA8334 binding documentation (git-fixes). - net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1111696 bsc#1117561). - net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1111696 bsc#1117561). - net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1111696 bsc#1117561). - net: ena: complete host info to match latest ENA spec (bsc#1111696 bsc#1117561). - net: ena: enable Low Latency Queues (bsc#1111696 bsc#1117561). - net: ena: explicit casting and initialization, and clearer error handling (bsc#1111696 bsc#1117561). - net: ena: fix auto casting to boolean (bsc#1111696 bsc#1117561). - net: ena: fix compilation error in xtensa architecture (bsc#1111696 bsc#1117561). - net: ena: fix crash during ena_remove() (bsc#1111696 bsc#1117561). - net: ena: fix crash during failed resume from hibernation (bsc#1111696 bsc#1117561). - net: ena: fix indentations in ena_defs for better readability (bsc#1111696 bsc#1117561). - net: ena: Fix Kconfig dependency on X86 (bsc#1111696 bsc#1117561). - net: ena: fix NULL dereference due to untimely napi initialization (bsc#1111696 bsc#1117561). - net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1111696 bsc#1117561). - net: ena: fix warning in rmmod caused by double iounmap (bsc#1111696 bsc#1117561). - net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1111696 bsc#1117561). - net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1111696 bsc#1117561). - net: ena: minor performance improvement (bsc#1111696 bsc#1117561). - net: ena: remove ndo_poll_controller (bsc#1111696 bsc#1117561). - net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1111696 bsc#1117561). - net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1111696 bsc#1117561). - net: ena: update driver version to 2.0.1 (bsc#1111696 bsc#1117561). - net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1111696 bsc#1117561). - net: fec: do not dump RX FIFO register when not available (networking-stable-18_11_02). - net-gro: reset skb->pkt_type in napi_reuse_skb() (networking-stable-18_11_21). - net: hns3: Add nic state check before calling netif_tx_wake_queue (bsc#1104353). - net: hns3: Add support for hns3_nic_netdev_ops.ndo_do_ioctl (bsc#1104353). - net: hns3: bugfix for buffer not free problem during resetting (bsc#1104353). - net: hns3: bugfix for handling mailbox while the command queue reinitialized (bsc#1104353). - net: hns3: bugfix for hclge_mdio_write and hclge_mdio_read (bsc#1104353). - net: hns3: bugfix for is_valid_csq_clean_head() (bsc#1104353 ). - net: hns3: bugfix for reporting unknown vector0 interrupt repeatly problem (bsc#1104353). - net: hns3: bugfix for rtnl_lock's range in the hclgevf_reset() (bsc#1104353). - net: hns3: bugfix for the initialization of command queue's spin lock (bsc#1104353). - net: hns3: Check hdev state when getting link status (bsc#1104353). - net: hns3: Clear client pointer when initialize client failed or unintialize finished (bsc#1104353). - net: hns3: Fix cmdq registers initialization issue for vf (bsc#1104353). - net: hns3: Fix error of checking used vlan id (bsc#1104353 ). - net: hns3: Fix ets validate issue (bsc#1104353). - net: hns3: Fix for netdev not up problem when setting mtu (bsc#1104353). - net: hns3: Fix for out-of-bounds access when setting pfc back pressure (bsc#1104353). - net: hns3: Fix for packet buffer setting bug (bsc#1104353 ). - net: hns3: Fix for rx vlan id handle to support Rev 0x21 hardware (bsc#1104353). - net: hns3: Fix for setting speed for phy failed problem (bsc#1104353). - net: hns3: Fix for vf vlan delete failed problem (bsc#1104353 ). - net: hns3: Fix loss of coal configuration while doing reset (bsc#1104353). - net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg() (bsc#1104353). - net: hns3: Fix ping exited problem when doing lp selftest (bsc#1104353). - net: hns3: Preserve vlan 0 in hardware table (bsc#1104353 ). - net: hns3: remove unnecessary queue reset in the hns3_uninit_all_ring() (bsc#1104353). - net: hns3: Set STATE_DOWN bit of hdev state when stopping net (bsc#1104353). - net: hns: fix for unmapping problem when SMMU is on (networking-stable-18_10_16). - net: hp100: fix always-true check for link up state (networking-stable-18_09_24). - net: ibm: fix return type of ndo_start_xmit function (). - net/ibmnvic: Fix deadlock problem in reset (). - net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431). - net: ipmr: fix unresolved entry dumps (networking-stable-18_11_02). - net: ipv4: do not let PMTU updates increase route MTU (git-fixes). - net/ipv6: Display all addresses in output of /proc/net/if_inet6 (networking-stable-18_10_16). - net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs (networking-stable-18_11_02). - netlabel: check for IPV4MASK in addrinfo_get (networking-stable-18_10_16). - net: macb: do not disable MDIO bus at open/close time (networking-stable-18_09_11). - net/mlx4_core: Correctly set PFC param if global pause is turned off (bsc#1046299). - net/mlx5: Check for error in mlx5_attach_interface (networking-stable-18_09_18). - net/mlx5e: Fix selftest for small MTUs (networking-stable-18_11_21). - net/mlx5e: Set vlan masks for all offloaded TC rules (networking-stable-18_10_16). - net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables (networking-stable-18_09_18). - net/mlx5: E-Switch, Fix out of bound access when setting vport rate (networking-stable-18_10_16). - net/mlx5: Fix debugfs cleanup in the device init/remove flow (networking-stable-18_09_18). - net/mlx5: Fix use-after-free in self-healing flow (networking-stable-18_09_18). - net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type (networking-stable-18_11_02). - net: mvpp2: Extract the correct ethtype from the skb for tx csum offload (networking-stable-18_10_16). - net: mvpp2: fix a txq_done race condition (networking-stable-18_10_16). - net/packet: fix packet drop as of virtio gso (networking-stable-18_10_16). - net: phy: mdio-gpio: Fix working over slow can_sleep GPIOs (networking-stable-18_11_21). - net: qca_spi: Fix race condition in spi transfers (networking-stable-18_09_18). - net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510). - net: sched: action_ife: take reference to meta module (networking-stable-18_09_11). - net/sched: act_pedit: fix dump of extended layered op (networking-stable-18_09_11). - net/sched: act_sample: fix NULL dereference in the data path (networking-stable-18_09_24). - net: sched: Fix for duplicate class dump (networking-stable-18_11_02). - net: sched: Fix memory exposure from short TCA_U32_SEL (networking-stable-18_09_11). - net: sched: gred: pass the right attribute to gred_change_table_def() (networking-stable-18_11_02). - net: smsc95xx: Fix MTU range (networking-stable-18_11_21). - net: socket: fix a missing-check bug (networking-stable-18_11_02). - net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules (networking-stable-18_11_02). - net: stmmac: Fixup the tail addr setting in xmit path (networking-stable-18_10_16). - net: systemport: Fix wake-up interrupt race during resume (networking-stable-18_10_16). - net: systemport: Protect stop from timeout (networking-stable-18_11_21). - net: udp: fix handling of CHECKSUM_COMPLETE packets (networking-stable-18_11_02). - net/usb: cancel pending work when unbinding smsc75xx (networking-stable-18_10_16). - net: usb: r8152: constify usb_device_id (bsc#1119749). - net: usb: r8152: use irqsave() in USB's complete callback (bsc#1119749). - nfp: wait for posted reconfigs when disabling the device (networking-stable-18_09_11). - nfs: Avoid RCU usage in tracepoints (git-fixes). - nfs: commit direct writes even if they fail partially (git-fixes). - nfsd4: permit layoutget of executable-only files (git-fixes). - nfsd: check for use of the closed special stateid (git-fixes). - nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0) (git-fixes). - nfsd: deal with revoked delegations appropriately (git-fixes). - nfsd: Ensure we check stateid validity in the seqid operation checks (git-fixes). - nfsd: Fix another OPEN stateid race (git-fixes). - nfsd: fix corrupted reply to badly ordered compound (git-fixes). - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (git-fixes). - nfsd: Fix stateid races between OPEN and CLOSE (git-fixes). - nfs: do not wait on commit in nfs_commit_inode() if there were no commit requests (git-fixes). - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir (git-fixes). - nfs: Ensure we commit after writeback is complete (bsc#1111809). - nfs: Fix an incorrect type in struct nfs_direct_req (git-fixes). - nfs: Fix a typo in nfs_rename() (git-fixes). - nfs: Fix typo in nomigration mount option (git-fixes). - nfs: Fix unstable write completion (git-fixes). - nfsv4.0 fix client reference leak in callback (git-fixes). - nfsv4.1: Fix a potential layoutget/layoutrecall deadlock (git-fixes). - nfsv4.1 fix infinite loop on I/O (git-fixes). - nfsv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY (git-fixes). - nfsv4.1: Fix up replays of interrupted requests (git-fixes). - nfsv4: Fix a typo in nfs41_sequence_process (git-fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT (bsc#1051510). - nospec: Allow index argument to have const-qualified type (git-fixes) - nospec: Include &lt;asm/barrier.h> dependency (bsc#1114279). - nospec: Kill array_index_nospec_mask_check() (git-fixes). - nvme-fc: resolve io failures during connect (bsc#1116803). - nvme: Free ctrl device name on init failure (). - nvme-multipath: zero out ANA log buffer (bsc#1105168). - nvme: validate controller state before rescheduling keep alive (bsc#1103257). - objtool: Detect RIP-relative switch table references (bsc#1058115). - objtool: Detect RIP-relative switch table references, part 2 (bsc#1058115). - objtool: Fix another switch table detection issue (bsc#1058115). - objtool: Fix double-free in .cold detection error path (bsc#1058115). - objtool: Fix GCC 8 cold subfunction detection for aliased functions (bsc#1058115). - objtool: Fix 'noreturn' detection for recursive sibling calls (bsc#1058115). - objtool: Fix segfault in .cold detection with -ffunction-sections (bsc#1058115). - objtool: Support GCC 8's cold subfunctions (bsc#1058115). - objtool: Support GCC 8 switch tables (bsc#1058115). - ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry (bsc#1117817). - ocfs2: fix locking for res->tracking and dlm->tracking_list (bsc#1117816). - ocfs2: fix ocfs2 read block panic (bsc#1117815). - ocfs2: free up write context when direct IO failed (bsc#1117821). - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (bsc#1117808). - openvswitch: Fix push/pop ethernet validation (networking-stable-18_11_02). - panic: avoid deadlocks in re-entrant console drivers (bsc#1088386). - PCI: Add ACS quirk for Ampere root ports (bsc#1120058). - PCI: Add ACS quirk for APM X-Gene devices (bsc#1120058). - PCI: Add Device IDs for Intel GPU 'spurious interrupt' quirk (bsc#1051510). - PCI/ASPM: Do not initialize link state when aspm_disabled is set (bsc#1051510). - PCI: Convert device-specific ACS quirks from NULL termination to ARRAY_SIZE (bsc#1120058). - PCI: Delay after FLR of Intel DC P3700 NVMe (bsc#1120058). - PCI: Disable Samsung SM961/PM961 NVMe before FLR (bsc#1120058). - PCI: dwc: remove duplicate fix References: bsc#1115269 Patch has been already applied by the following commit: 9f73db8b7c PCI: dwc: Fix enumeration end when reaching root subordinate (bsc#1051510) - PCI: Export pcie_has_flr() (bsc#1120058). - PCI: hv: Convert remove_lock to refcount (bsc#1107207). - PCI: hv: Fix return value check in hv_pci_assign_slots() (bsc#1107207). - PCI: hv: Remove unused reason for refcount handler (bsc#1107207). - PCI: hv: Replace GFP_ATOMIC with GFP_KERNEL in new_pcichild_device() (bsc#1107207). - PCI: hv: support reporting serial number as slot information (bsc#1107207). - PCI: hv: Use effective affinity mask (bsc#1109772). - PCI: hv: Use list_for_each_entry() (bsc#1107207). - PCI: imx6: Fix link training status detection in link up check (bsc#1109806). - PCI: iproc: Activate PAXC bridge quirk for more devices (bsc#1120058). - PCI: iproc: Remove PAXC slot check to allow VF support (bsc#1109806). - PCI: Mark Ceton InfiniTV4 INTx masking as broken (bsc#1120058). - PCI: Mark fall-through switch cases before enabling -Wimplicit-fallthrough (bsc#1120058). - PCI: Mark Intel XXV710 NIC INTx masking as broken (bsc#1120058). - PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice (bsc#1051510). - PCI: vmd: Assign vector zero to all bridges (bsc#1109806). - PCI: vmd: Detach resources after stopping root bus (bsc#1109806). - PCI: vmd: White list for fast interrupt handlers (bsc#1109806). - pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges (bsc#1051510). - percpu: make this_cpu_generic_read() atomic w.r.t. interrupts (bsc#1114279). - perf: fix invalid bit in diagnostic entry (git-fixes). - perf tools: Fix tracing_path_mount proper path (git-fixes). - pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() (bsc#1051510). - pinctrl: meson: fix pinconf bias disable (bsc#1051510). - pinctrl: qcom: spmi-mpp: Fix drive strength setting (bsc#1051510). - pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux (bsc#1051510). - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant (bsc#1051510). - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant (bsc#1051510). - platform-msi: Free descriptors in platform_msi_domain_free() (bsc#1051510). - platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 (bsc#1051510). - platform/x86: intel_telemetry: report debugfs failure (bsc#1051510). - pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception (git-fixes). - pNFS: Do not release the sequence slot until we've processed layoutget on open (git-fixes). - pNFS: Prevent the layout header refcount going to zero in pnfs_roc() (git-fixes). - powerpc/64s: consolidate MCE counter increment (bsc#1094244). - powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9 (bsc#1065729). - powerpc/64s/radix: Fix process table entry cache invalidation (bsc#1055186, git-fixes). - powerpc/boot: Expose Kconfig symbols to wrapper (bsc#1065729). - powerpc/boot: Fix build failures with -j 1 (bsc#1065729). - powerpc/boot: Fix opal console in boot wrapper (bsc#1065729). - powerpc/mm: Fix typo in comments (bsc#1065729). - powerpc/mm/keys: Move pte bits to correct headers (bsc#1078248). - powerpc/npu-dma.c: Fix crash after __mmu_notifier_register failure (bsc#1055120). - powerpc/perf: Update raw-event code encoding comment for power8 (bsc#1065729). - powerpc/pkeys: Fix handling of pkey state across fork() (bsc#1078248, git-fixes). - powerpc/powernv: Do not select the cpufreq governors (bsc#1065729). - powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage (bsc#1055120). - powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled (bsc#1065729). - powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle) (bsc#1055121). - powerpc/powernv/npu: Add lock to prevent race in concurrent context init/destroy (bsc#1055120). - powerpc/powernv/npu: Do not explicitly flush nmmu tlb (bsc#1055120). - powerpc/powernv/npu: Fix deadlock in mmio_invalidate() (bsc#1055120). - powerpc/powernv/npu: Prevent overwriting of pnv_npu2_init_contex() callback parameters (bsc#1055120). - powerpc/powernv/npu: Use flush_all_mm() instead of flush_tlb_mm() (bsc#1055120). - powerpc/powernv/pci: Work around races in PCI bridge enabling (bsc#1055120). - powerpc/pseries: Fix DTL buffer registration (bsc#1065729). - powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1065729). - powerpc/pseries/mobility: Extend start/stop topology update scope (bsc#1116950, bsc#1115709). - powerpc/pseries: Track LMB nid instead of using device tree (bsc#1108270). - powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244). - power: supply: max8998-charger: Fix platform data retrieval (bsc#1051510). - power: supply: olpc_battery: correct the temperature units (bsc#1051510). - pppoe: fix reception of frames with no mac header (networking-stable-18_09_24). - printk: Fix panic caused by passing log_buf_len to command line (bsc#1117168). - provide linux/set_memory.h (bsc#1113295). - ptp: fix Spectre v1 vulnerability (bsc#1051510). - ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS (bsc#1106913). - pwm: lpss: Release runtime-pm reference from the driver's remove callback (bsc#1051510). - pxa168fb: prepare the clock (bsc#1051510). - qed: Add driver support for 20G link speed (bsc#1110558). - qed: Add support for virtual link (bsc#1111795). - qede: Add driver support for 20G link speed (bsc#1110558). - qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID (bsc#1051510). - qmi_wwan: Support dynamic config on Quectel EP06 (bsc#1051510). - r8152: add byte_enable for ocp_read_word function (bsc#1119749). - r8152: add Linksys USB3GIGV1 id (bsc#1119749). - r8152: add r8153_phy_status function (bsc#1119749). - r8152: adjust lpm settings for RTL8153 (bsc#1119749). - r8152: adjust rtl8153_runtime_enable function (bsc#1119749). - r8152: adjust the settings about MAC clock speed down for RTL8153 (bsc#1119749). - r8152: adjust U2P3 for RTL8153 (bsc#1119749). - r8152: avoid rx queue more than 1000 packets (bsc#1119749). - r8152: check if disabling ALDPS is finished (bsc#1119749). - r8152: correct the definition (bsc#1119749). - r8152: disable RX aggregation on Dell TB16 dock (bsc#1119749). - r8152: disable RX aggregation on new Dell TB16 dock (bsc#1119749). - r8152: fix wrong checksum status for received IPv4 packets (bsc#1119749). - r8152: move calling delay_autosuspend function (bsc#1119749). - r8152: move the default coalesce setting for RTL8153 (bsc#1119749). - r8152: move the initialization to reset_resume function (bsc#1119749). - r8152: move the setting of rx aggregation (bsc#1119749). - r8152: replace napi_complete with napi_complete_done (bsc#1119749). - r8152: set rx mode early when linking on (bsc#1119749). - r8152: split rtl8152_resume function (bsc#1119749). - r8152: support new chip 8050 (bsc#1119749). - r8152: support RTL8153B (bsc#1119749). - r8169: fix NAPI handling under high load (networking-stable-18_11_02). - rbd: whitelist RBD_FEATURE_OPERATIONS feature bit (Git-fixes). - rcu: Allow for page faults in NMI handlers (bsc#1120092). - RDMA/bnxt_re: Add missing spin lock initialization (bsc#1050244 ). - RDMA/bnxt_re: Avoid accessing the device structure after it is freed (bsc#1050244). - RDMA/bnxt_re: Avoid NULL check after accessing the pointer (bsc#1086283). - RDMA/bnxt_re: Fix system hang when registration with L2 driver fails (bsc#1086283). - RDMA/hns: Bugfix pbl configuration for rereg mr (bsc#1104427 ). - RDMA/RXE: make rxe work over 802.1q VLAN devices (bsc#1082387). - rds: fix two RCU related problems (networking-stable-18_09_18). - README: Clean-up trailing whitespace - Reenable support for KVM guest Earlier trimming of config-azure disabled also KVM. But since parts of QA are done within KVM guests, this flavor must be able to run within such guest type. - remoteproc: qcom: Fix potential device node leaks (bsc#1051510). - reset: hisilicon: fix potential NULL pointer dereference (bsc#1051510). - reset: imx7: Fix always writing bits as 0 (bsc#1051510). - reset: remove remaining WARN_ON() in &lt;linux/reset.h> (Git-fixes). - Revert 'ceph: fix dentry leak in splice_dentry()' (bsc#1114839). - Revert commit ef9209b642f 'staging: rtl8723bs: Fix indenting errors and an off-by-one mistake in core/rtw_mlme_ext.c' (bsc#1051510). - Revert 'iommu/io-pgtable-arm: Check for v7s-incapable systems' (bsc#1106105). - Revert 'PCI/ASPM: Do not initialize link state when aspm_disabled is set' (bsc#1051510). - Revert 'powerpc/64: Fix checksum folding in csum_add()' (bsc#1065729). - Revert 'rpm/kernel-binary.spec.in: allow unsupported modules for -extra' This reverts commit 0d585a8c2d17de86869cc695fc7a5d10c6b96abb. - Revert 'scsi: lpfc: ls_rjt erroneus FLOGIs' (bsc#1119322). - Revert 'usb: dwc3: gadget: skip Set/Clear Halt when invalid' (bsc#1051510). - Revert wlcore patch to follow stable tree develpment - ring-buffer: Allow for rescheduling when removing pages (bsc#1120238). - ring-buffer: Do no reuse reader page if still in use (bsc#1120096). - ring-buffer: Mask out the info bits when returning buffer page length (bsc#1120094). - rpm/kernel-binary.spec.in: add macros.s into kernel-*-devel Starting with 4.20-rc1, file arch/*/kernel/macros.s is needed to build out of tree modules. Add it to kernel-${flavor}-devel packages if it exists. - rpm: use syncconfig instead of silentoldconfig where available Since mainline commit 0085b4191f3e ('kconfig: remove silentoldconfig target'), 'make silentoldconfig' can be no longer used. Use 'make syncconfig' instead if available. - rtc: hctosys: Add missing range error reporting (bsc#1051510). - rtc: m41t80: Correct alarm month range with RTC reads (bsc#1051510). - rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write (bsc#1051510). - rtc: snvs: Add timeouts to avoid kernel lockups (bsc#1051510). - rtl8xxxu: Fix missing break in switch (bsc#1051510). - rtnetlink: Disallow FDB configuration for non-Ethernet device (networking-stable-18_11_02). - rtnetlink: fix rtnl_fdb_dump() for ndmsg header (networking-stable-18_10_16). - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 (networking-stable-18_10_16). - s390/cpum_sf: Add data entry sizes to sampling trailer entry (git-fixes). - s390/dasd: simplify locking in dasd_times_out (bsc#1104967,). - s390/kdump: Fix elfcorehdr size calculation (bsc#1117953, LTC#171112). - s390/kdump: Make elfcorehdr size calculation ABI compliant (bsc#1117953, LTC#171112). - s390/kvm: fix deadlock when killed by oom (bnc#1113501, LTC#172235). - s390/mm: Check for valid vma before zapping in gmap_discard (git-fixes). - s390/mm: correct allocate_pgste proc_handler callback (git-fixes). - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1113501, LTC#172682). - s390/qeth: fix HiperSockets sniffer (bnc#1113501, LTC#172953). - s390/qeth: fix length check in SNMP processing (bsc#1117953, LTC#173657). - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1113501, LTC#172682). - s390/qeth: handle failure on workqueue creation (git-fixes). - s390/qeth: remove outdated portname debug msg (bsc#1117953, LTC#172960). - s390/qeth: report 25Gbit link speed (bnc#1113501, LTC#172959). - s390/qeth: sanitize strings in debug messages (bsc#1117953, LTC#172960). - s390: revert ELF_ET_DYN_BASE base changes (git-fixes). - s390/sclp_tty: enable line mode tty even if there is an ascii console (git-fixes). - s390/sthyi: add cache to store hypervisor info (LTC#160415, bsc#1068273). - s390/sthyi: add s390_sthyi system call (LTC#160415, bsc#1068273). - s390/sthyi: reorganize sthyi implementation (LTC#160415, bsc#1068273). - sbitmap: fix race in wait batch accounting (Git-fixes). - sched/core: Fix cpu.max vs. cpuhotplug deadlock (bsc#1106913). - sched/fair: Fix infinite loop in update_blocked_averages() by reverting a9e7f6544b9c (Git fixes (scheduler)). - sched/isolcpus: Fix 'isolcpus=' boot parameter handling when !CONFIG_CPUMASK_OFFSTACK (bsc#1107207). - sched/smt: Expose sched_smt_present static key (bsc#1106913). - sched/smt: Make sched_smt_present track topology (bsc#1106913). - sched, tracing: Fix trace_sched_pi_setprio() for deboosting (bsc#1120228). - scripts/git-pre-commit: make executable. - scripts/git_sort/git_sort.py: add mkp/scsi.git 4.21/scsi-queue - scripts/git_sort/git_sort.py: change SCSI git repos to make series sorting more failsafe. - scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bsc#1114578). - scsi: libsas: remove irq save in sas_ata_qc_issue() (bsc#1114580). - scsi: lpfc: add support to retrieve firmware logs (bsc#1114015). - scsi: lpfc: add Trunking support (bsc#1114015). - scsi: lpfc: Cap NPIV vports to 256 (bsc#1118215). - scsi: lpfc: Correct code setting non existent bits in sli4 ABORT WQE (bsc#1118215). - scsi: lpfc: Correct errors accessing fw log (bsc#1114015). - scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 (bsc#1114015). - scsi: lpfc: Correct irq handling via locks when taking adapter offline (bsc#1114015). - scsi: lpfc: Correct LCB RJT handling (bsc#1114015). - scsi: lpfc: Correct loss of fc4 type on remote port address change (bsc#1114015). - scsi: lpfc: Correct race with abort on completion path (bsc#1114015). - scsi: lpfc: Correct soft lockup when running mds diagnostics (bsc#1114015). - scsi: lpfc: Correct speeds on SFP swap (bsc#1114015). - scsi: lpfc: Correct topology type reporting on G7 adapters (bsc#1118215). - scsi: lpfc: Defer LS_ACC to FLOGI on point to point logins (bsc#1118215). - scsi: lpfc: Enable Management features for IF_TYPE=6 (bsc#1119322). - scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces (bsc#1114015). - scsi: lpfc: Fix a duplicate 0711 log message number (bsc#1118215). - scsi: lpfc: fix block guard enablement on SLI3 adapters (bsc#1079935). - scsi: lpfc: Fix dif and first burst use in write commands (bsc#1118215). - scsi: lpfc: Fix discovery failures during port failovers with lots of vports (bsc#1118215). - scsi: lpfc: Fix driver release of fw-logging buffers (bsc#1118215). - scsi: lpfc: Fix errors in log messages (bsc#1114015). - scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN (bsc#1114015). - scsi: lpfc: Fix kernel Oops due to null pring pointers (bsc#1118215). - scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event (bsc#1114015). - scsi: lpfc: Fix lpfc_sli4_read_config return value check (bsc#1114015). - scsi: lpfc: Fix odd recovery in duplicate FLOGIs in point-to-point (bsc#1114015). - scsi: lpfc: Fix panic when FW-log buffsize is not initialized (bsc#1118215). - scsi: lpfc: Implement GID_PT on Nameserver query to support faster failover (bsc#1114015). - scsi: lpfc: ls_rjt erroneus FLOGIs (bsc#1118215). - scsi: lpfc: Raise nvme defaults to support a larger io and more connectivity (bsc#1114015). - scsi: lpfc: raise sg count for nvme to use available sg resources (bsc#1114015). - scsi: lpfc: reduce locking when updating statistics (bsc#1114015). - scsi: lpfc: refactor mailbox structure context fields (bsc#1118215). - scsi: lpfc: Remove set but not used variable 'sgl_size' (bsc#1114015). - scsi: lpfc: Reset link or adapter instead of doing infinite nameserver PLOGI retry (bsc#1114015). - scsi: lpfc: rport port swap discovery issue (bsc#1118215). - scsi: lpfc: Synchronize access to remoteport via rport (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.7 (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.8 (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.9 (bsc#1118215). - scsi: lpfc: update manufacturer attribute to reflect Broadcom (bsc#1118215). - scsi: netvsc: Use the vmbus function to calculate ring buffer percentage (bsc#1107207). - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1114581). - scsi: scsi_transport_srp: Fix shost to rport translation (bsc#1114582). - scsi: sg: fix minor memory leak in error path (bsc#1114584). - scsi: storsvc: do not set a bounce limit (bsc#1107207). - scsi: storvsc: Avoid allocating memory for temp cpumasks (bsc#1107207). - scsi: storvsc: Select channel based on available percentage of ring buffer to write (bsc#1107207). - scsi: storvsc: Set up correct queue depth values for IDE devices (bsc#1107207). - scsi: sysfs: Introduce sysfs_{un,}break_active_protection() (bsc#1114578). - scsi: target: add emulate_pr backstore attr to toggle PR support (bsc#1091405). - scsi: target: drop unused pi_prot_format attribute storage (bsc#1091405). - scsi: target: Fix fortify_panic kernel exception (bsc#1114576). - scsi: target/tcm_loop: Avoid that static checkers warn about dead code (bsc#1114577). - scsi: target: tcmu: add read length support (bsc#1097755). - scsi: vmbus: Add function to report available ring buffer to write in total ring size percentage (bsc#1107207). - scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bsc#1121483, LTC#174588). - sctp: fix race on sctp_id2asoc (networking-stable-18_11_02). - sctp: fix strchange_flags name for Stream Change Event (networking-stable-18_11_21). - sctp: hold transport before accessing its asoc in sctp_transport_get_next (networking-stable-18_09_11). - sctp: not allow to set asoc prsctp_enable by sockopt (networking-stable-18_11_21). - sctp: not increase stream's incnt before sending addstrm_in request (networking-stable-18_11_21). - sctp: update dst pmtu with the correct daddr (networking-stable-18_10_16). - shmem: introduce shmem_inode_acct_block (VM Functionality, bsc#1121599). - shmem: shmem_charge: verify max_block is not exceeded before inode update (VM Functionality, bsc#1121599). - skd: Avoid that module unloading triggers a use-after-free (Git-fixes). - skd: Submit requests to firmware before triggering the doorbell (Git-fixes). - skip LAYOUTRETURN if layout is invalid (git-fixes). - soc: bcm2835: sync firmware properties with downstream () - soc: fsl: qbman: qman: avoid allocating from non existing gen_pool (bsc#1051510). - soc: ti: QMSS: Fix usage of irq_set_affinity_hint (bsc#1051510). - spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode (bsc#1051510). - spi: bcm2835: Fix book-keeping of DMA termination (bsc#1051510). - spi: bcm2835: Fix race on DMA termination (bsc#1051510). - spi: bcm2835: Unbreak the build of esoteric configs (bsc#1051510). - splice: do not read more than available pipe space (bsc#1119212). - staging: bcm2835-camera: Abort probe if there is no camera (bsc#1051510). - staging:iio:ad7606: fix voltage scales (bsc#1051510). - staging: rtl8712: Fix possible buffer overrun (bsc#1051510). - staging: rtl8723bs: Add missing return for cfg80211_rtw_get_station (bsc#1051510). - staging: rtl8723bs: Fix the return value in case of error in 'rtw_wx_read32()' (bsc#1051510). - staging: rts5208: fix gcc-8 logic error warning (bsc#1051510). - staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510). - staging: wilc1000: fix missing read_write setting when reading data (bsc#1051510). - SUNRPC: Allow connect to return EHOSTUNREACH (git-fixes). - sunrpc: Do not use stack buffer with scatterlist (git-fixes). - sunrpc: Fix rpc_task_begin trace point (git-fixes). - SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status (git-fixes). - supported.conf: add raspberrypi-ts driver - supported.conf: whitelist bluefield eMMC driver - target: fix buffer offset in core_scsi3_pri_read_full_status (bsc1117349). - target/iscsi: avoid NULL dereference in CHAP auth error path (bsc#1117165). - target: se_dev_attrib.emulate_pr ABI stability (bsc#1091405). - tcp: do not restart timewait timer on rst reception (networking-stable-18_09_11). - team: no need to do team_notify_peers or team_mcast_rejoin when disabling port (bsc#1051510). - termios, tty/tty_baudrate.c: fix buffer overrun (bsc#1051510). - test_firmware: fix error return getting clobbered (bsc#1051510). - test_hexdump: use memcpy instead of strncpy (bsc#1051510). - tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths (networking-stable-18_11_21). - thermal: bcm2835: enable hwmon explicitly (bsc#1108468). - thermal: da9062/61: Prevent hardware access during system suspend (bsc#1051510). - thermal: rcar_thermal: Prevent hardware access during system suspend (bsc#1051510). - tipc: do not assume linear buffer when reading ancillary data (networking-stable-18_11_21). - tipc: fix a missing rhashtable_walk_exit() (networking-stable-18_09_11). - tipc: fix flow control accounting for implicit connect (networking-stable-18_10_16). - tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset (bsc#1051510). - tools: hv: fcopy: set 'error' in case an unknown operation was requested (bsc#1107207). - tools: hv: fcopy: set 'error' in case an unknown operation was requested (git-fixes). - tools: hv: Fix a bug in the key delete code (bsc#1107207). - tools: hv: Fix a bug in the key delete code (git-fixes). - tools: hv: fix compiler warnings about major/target_fname (bsc#1107207). - tools/hv: Fix IP reporting by KVP daemon with SRIOV (bsc#1107207). - tools: hv: include string.h in hv_fcopy_daemon (bsc#1107207). - tools: hv: include string.h in hv_fcopy_daemon (git-fixes). - tools: hv: update lsvmbus to be compatible with python3 (bsc#1107207). - tools/lib/lockdep: Rename 'trywlock' into 'trywrlock' (bsc#1121973). - tools/power/cpupower: fix compilation with STATIC=true (git-fixes). - tools/power turbostat: fix possible sprintf buffer overflow (git-fixes). - tpm2-cmd: allow more attempts for selftest execution (bsc#1082555). - tpm: add retry logic (bsc#1082555). - tpm: consolidate the TPM startup code (bsc#1082555). - tpm: do not suspend/resume if power stays on (bsc#1082555). - tpm: fix intermittent failure with self tests (bsc#1082555). - tpm: fix response size validation in tpm_get_random() (bsc#1082555). - tpm: move endianness conversion of ordinals to tpm_input_header (bsc#1082555). - tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to tpm_input_header (bsc#1082555). - tpm: move the delay_msec increment after sleep in tpm_transmit() (bsc#1082555). - tpm: React correctly to RC_TESTING from TPM 2.0 self tests (bsc#1082555). - tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers (bsc#1082555). - tpm: Restore functionality to xen vtpm driver (bsc#1082555). - tpm: self test failure should not cause suspend to fail (bsc#1082555). - tpm: tpm-interface: fix tpm_transmit/_cmd kdoc (bsc#1082555). - tpm: Trigger only missing TPM 2.0 self tests (bsc#1082555). - tpm: Use dynamic delay to wait for TPM 2.0 self test result (bsc#1082555). - tpm: use tpm2_pcr_read() in tpm2_do_selftest() (bsc#1082555). - tpm: use tpm_buf functions in tpm2_pcr_read() (bsc#1082555). - tracing: Apply trace_clock changes to instance max buffer (bsc#1117188). - tracing/blktrace: Fix to allow setting same value (Git-fixes). - tracing: Erase irqsoff trace with empty write (bsc#1117189). - tracing: Fix bad use of igrab in trace_uprobe.c (bsc#1120046). - tracing: Fix crash when freeing instances with event triggers (bsc#1120230). - tracing: Fix crash when it fails to alloc ring buffer (bsc#1120097). - tracing: Fix double free of event_trigger_data (bsc#1120234). - tracing: Fix missing return symbol in function_graph output (bsc#1120232). - tracing: Fix possible double free in event_enable_trigger_func() (bsc#1120235). - tracing: Fix possible double free on failure of allocating trace buffer (bsc#1120214). - tracing: Fix regex_match_front() to not over compare the test string (bsc#1120223). - tracing: Fix trace_pipe behavior for instance traces (bsc#1120088). - tracing: Remove RCU work arounds from stack tracer (bsc#1120092). - tracing/samples: Fix creation and deletion of simple_thread_fn creation (git-fixes). - tty: check name length in tty_find_polling_driver() (bsc#1051510). - tty: Do not hold ldisc lock in tty_reopen() if ldisc present (bsc#1051510). - tty: Do not return -EAGAIN in blocking read (bsc#1116040). - tty: do not set TTY_IO_ERROR flag if console port (bsc#1051510). - tty: serial: 8250_mtk: always resume the device in probe (bsc#1051510). - tty: wipe buffer (bsc#1051510). - tty: wipe buffer if not echoing data (bsc#1051510). - tun: Consistently configure generic netdev params via rtnetlink (bsc#1051510). - tuntap: fix multiqueue rx (networking-stable-18_11_21). - ubifs: Fixup compilation failure due to different ubifs_assert() prototype. - ubifs: Handle re-linking of inodes correctly while recovery (bsc#1120598). - udf: Allow mounting volumes with incorrect identification strings (bsc#1118774). - udp4: fix IP_CMSG_CHECKSUM for connected sockets (networking-stable-18_09_24). - udp6: add missing checks on edumux packet processing (networking-stable-18_09_24). - udp6: fix encap return code for resubmitting (git-fixes). - uio: ensure class is registered before devices (bsc#1051510). - uio: Fix an Oops on load (bsc#1051510). - uio_hv_generic: fix subchannel ring mmap (bsc#1107207). - uio_hv_generic: make ring buffer attribute for primary channel (bsc#1107207). - uio_hv_generic: set size of ring buffer attribute (bsc#1107207). - uio_hv_generic: support sub-channels (bsc#1107207). - uio_hv_generic: use correct channel in isr (bsc#1107207). - uio: make symbol 'uio_class_registered' static (bsc#1051510). - unifdef: use memcpy instead of strncpy (bsc#1051510). - usb: appledisplay: Add 27' Apple Cinema Display (bsc#1051510). - usb: cdc-acm: add entry for Hiro (Conexant) modem (bsc#1051510). - usb: core: Fix hub port connection events lost (bsc#1051510). - usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series (bsc#1051510). - usb: dwc2: host: do not delay retries for CONTROL IN transfers (bsc#1114385). - usb: dwc2: host: Do not retry NAKed transactions right away (bsc#1114385). - usb: dwc2: host: use hrtimer for NAK retries (git-fixes). - usb: dwc3: core: Clean up ULPI device (bsc#1051510). - usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers (bsc#1051510). - usb: dwc3: gadget: Properly check last unaligned/zero chain TRB (bsc#1051510). - usb: gadget: storage: Fix Spectre v1 vulnerability (bsc#1051510). - usb: gadget: udc: atmel: handle at91sam9rl PMC (bsc#1051510). - usb: gadget: u_ether: fix unsafe list iteration (bsc#1051510). - usb: host: ohci-at91: fix request of irq for optional gpio (bsc#1051510). - usb: hso: Fix OOB memory access in hso_probe/hso_get_config_data (bsc#1051510). - usbip: vhci_hcd: check rhport before using in vhci_hub_control() (bsc#1090888). - usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten (bsc#1051510). - usb: misc: appledisplay: add 20' Apple Cinema Display (bsc#1051510). - usbnet: smsc95xx: disable carrier check while suspending (bsc#1051510). - usb: omap_udc: fix crashes on probe error and module removal (bsc#1051510). - usb: omap_udc: fix omap_udc_start() on 15xx machines (bsc#1051510). - usb: omap_udc: fix rejection of out transfers when DMA is used (bsc#1051510). - usb: omap_udc: fix USB gadget functionality on Palm Tungsten E (bsc#1051510). - usb: omap_udc: use devm_request_irq() (bsc#1051510). - usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device (bsc#1051510). - usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bsc#1051510). - usb: quirks: Add no-lpm quirk for Raydium touchscreens (bsc#1051510). - usb: serial: option: add Fibocom NL668 series (bsc#1051510). - usb: serial: option: add GosunCn ZTE WeLink ME3630 (bsc#1051510). - usb: serial: option: add HP lt4132 (bsc#1051510). - usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) (bsc#1051510). - usb: serial: option: add Telit LN940 series (bsc#1051510). - usb: serial: option: add two-endpoints device-id flag (bsc#1051510). - usb: serial: option: drop redundant interface-class test (bsc#1051510). - usb: serial: option: improve Quectel EP06 detection (bsc#1051510). - usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() (bsc#1106110). - usb: usb-storage: Add new IDs to ums-realtek (bsc#1051510). - usb: xhci: fix timeout for transition from RExit to U0 (bsc#1051510). - usb: xhci: fix uninitialized completion when USB3 port got wrong status (bsc#1051510). - usb: xhci: Prevent bus suspend if a port connect change or polling state is detected (bsc#1051510). - userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails (bsc#1118761). - userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (bsc#1118809). - v9fs_dir_readdir: fix double-free on p9stat_read error (bsc#1118771). - vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505). - vhost: Fix Spectre V1 vulnerability (bsc#1051510). - vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bsc#1051510). - virtio_net: avoid using netif_tx_disable() for serializing tx routine (networking-stable-18_11_02). - VMCI: Resource wildcard match fixed (bsc#1051510). - w1: omap-hdq: fix missing bus unregister at removal (bsc#1051510). - watchdog/core: Add missing prototypes for weak functions (git-fixes). - wireless: airo: potential buffer overflow in sprintf() (bsc#1051510). - wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()' (bsc#1051510). - x86/bugs: Add AMD's SPEC_CTRL MSR usage (bsc#1106913). - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bsc#1106913). - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features (bsc#1106913). - x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided (bsc#1110006). - x86/cpu/vmware: Do not trace vmware_sched_clock() (bsc#1114279). - x86/decoder: Fix and update the opcodes map (bsc#1058115). - x86/headers/UAPI: Use __u64 instead of u64 in &lt;uapi/asm/hyperv.h> (bsc#1107207). - x86, hibernate: Fix nosave_regions setup for hibernation (bsc#1110006). - x86/hyperv: Add a function to read both TSC and TSC page value simulateneously (bsc#1107207). - x86/hyper-v: Add flush HvFlushGuestPhysicalAddressSpace hypercall support (bsc#1107207). - x86/hyper-v: Add hyperv_nested_flush_guest_mapping ftrace support (bsc#1107207). - x86/hyperv: Add interrupt handler annotations (bsc#1107207). - x86/hyper-v: allocate and use Virtual Processor Assist Pages (bsc#1107207). - x86/hyper-v: Allocate the IDT entry early in boot (bsc#1107207). - x86/hyper-v: Check cpumask_to_vpset() return value in hyperv_flush_tlb_others_ex() (bsc#1107207). - x86/hyper-v: Check for VP_INVAL in hyperv_flush_tlb_others() (bsc#1107207). - x86/hyper-v: Consolidate code for converting cpumask to vpset (bsc#1107207). - x86/hyper-v: Consolidate the allocation of the hypercall input page (bsc#1107207). - x86/hyper-v: define struct hv_enlightened_vmcs and clean field bits (bsc#1107207). - x86/hyper-v: detect nested features (bsc#1107207). - x86/hyper-v: Enable IPI enlightenments (bsc#1107207). - x86/hyper-v: Enhanced IPI enlightenment (bsc#1107207). - x86/hyper-v: Enlighten APIC access (bsc#1107207). - x86/hyper-v: Fix the circular dependency in IPI enlightenment (bsc#1107207). - x86/hyper-v: Fix wrong merge conflict resolution (bsc#1107207). - x86/hyper-v/hv_apic: Build the Hyper-V APIC conditionally (bsc#1107207). - x86/hyper-v/hv_apic: Include asm/apic.h (bsc#1107207). - x86/hyper-v: Implement hv_do_fast_hypercall16 (bsc#1107207). - x86/hyper-v: move definitions from TLFS to hyperv-tlfs.h (bsc#1107207). - x86/hyper-v: move hyperv.h out of uapi (bsc#1107207). - x86/hyper-v: move struct hv_flush_pcpu{,ex} definitions to common header (bsc#1107207). - x86/hyperv: Redirect reenlightment notifications on CPU offlining (bsc#1107207). - x86/hyperv: Reenlightenment notifications support (bsc#1107207). - x86/hyper-v: rename ipi_arg_{ex,non_ex} structures (bsc#1107207). - x86/hyper-v: Trace PV IPI send (bsc#1107207). - x86/hyper-v: Use cheaper HVCALL_FLUSH_VIRTUAL_ADDRESS_{LIST,SPACE} hypercalls when possible (bsc#1107207). - x86/hyper-v: Use cheaper HVCALL_SEND_IPI hypercall when possible (bsc#1107207). - x86/hyper-v: Use 'fast' hypercall for HVCALL_SEND_IPI (bsc#1107207). - x86/irq: Count Hyper-V reenlightenment interrupts (bsc#1107207). - x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772). - x86/kabi: Fix cpu_tlbstate issue (bsc#1106913). - x86/kvm/hyper-v: add reenlightenment MSRs support (bsc#1107207). - x86/kvm/hyper-v: inject #GP only when invalid SINTx vector is unmasked (bsc#1107207). - x86/kvm/hyper-v: remove stale entries from vec_bitmap/auto_eoi_bitmap on vector change (bsc#1107207). - x86/kvm: rename HV_X64_MSR_APIC_ASSIST_PAGE to HV_X64_MSR_VP_ASSIST_PAGE (bsc#1107207). - x86/l1tf: Show actual SMT state (bsc#1106913). - x86/ldt: Remove unused variable in map_ldt_struct() (bsc#1114279). - x86/ldt: Split out sanity check in map_ldt_struct() (bsc#1114279). - x86/ldt: Unmap PTEs for the slot before freeing LDT pages (bsc#1114279). - x86/MCE/AMD: Fix the thresholding machinery initialization order (bsc#1114279). - x86/MCE: Make correctable error detection look at the Deferred bit (bsc#1114279). - x86/mm: Fix decoy address handling vs 32-bit builds (bsc#1120606). - x86/mm/pat: Disable preemption around __flush_tlb_all() (bsc#1114279). - x86/PCI: Add additional VMD device root ports to VMD AER quirk (bsc#1120058). - x86/PCI: Add 'pci=big_root_window' option for AMD 64-bit windows (bsc#1120058). - x86/PCI: Apply VMD's AERSID fixup generically (bsc#1120058). - x86/PCI: Avoid AMD SB7xx EHCI USB wakeup defect (bsc#1120058). - x86/PCI: Enable a 64bit BAR on AMD Family 15h (Models 00-1f, 30-3f, 60-7f) (bsc#1120058). - x86/PCI: Enable AMD 64-bit window on resume (bsc#1120058). - x86/PCI: Fix infinite loop in search for 64bit BAR placement (bsc#1120058). - x86/PCI: Move and shrink AMD 64-bit window to avoid conflict (bsc#1120058). - x86/PCI: Move VMD quirk to x86 fixups (bsc#1120058). - x86/PCI: Only enable a 64bit BAR on single-socket AMD Family 15h (bsc#1120058). - x86/PCI: Use is_vmd() rather than relying on the domain number (bsc#1120058). - x86/process: Consolidate and simplify switch_to_xtra() code (bsc#1106913). - x86/pti: Document fix wrong index (git-fixes). - x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support (bsc#1106913). - x86/retpoline: Remove minimal retpoline support (bsc#1106913). - x86/speculataion: Mark command line parser data __initdata (bsc#1106913). - x86/speculation: Add command line control for indirect branch speculation (bsc#1106913). - x86/speculation: Add prctl() control for indirect branch speculation (bsc#1106913). - x86/speculation: Add seccomp Spectre v2 user space protection mode (bsc#1106913). - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak (bsc#1106913). - x86/speculation: Avoid __switch_to_xtra() calls (bsc#1106913). - x86/speculation: Clean up spectre_v2_parse_cmdline() (bsc#1106913). - x86/speculation: Disable STIBP when enhanced IBRS is in use (bsc#1106913). - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1106913). - x86/speculation: Enable prctl mode for spectre_v2_user (bsc#1106913). - x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off (bnc#1114871). - x86/speculation: Mark string arrays const correctly (bsc#1106913). - x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (bsc#1106913). - x86/speculation: Prepare arch_smt_update() for PRCTL mode (bsc#1106913). - x86/speculation: Prepare for conditional IBPB in switch_mm() (bsc#1106913). - x86/speculation: Prepare for per task indirect branch speculation control (bsc#1106913). - x86/speculation: Prevent stale SPEC_CTRL msr content (bsc#1106913). - x86/speculation: Propagate information about RSB filling mitigation to sysfs (bsc#1106913). - x86/speculation: Provide IBPB always command line options (bsc#1106913). - x86/speculation: Remove unnecessary ret variable in cpu_show_common() (bsc#1106913). - x86/speculation: Rename SSBD update functions (bsc#1106913). - x86/speculation: Reorder the spec_v2 code (bsc#1106913). - x86/speculation: Reorganize speculation control MSRs update (bsc#1106913). - x86/speculation: Rework SMT state change (bsc#1106913). - x86/speculation: Split out TIF update (bsc#1106913). - x86/speculation: Support Enhanced IBRS on future CPUs (). - x86/speculation: Unify conditional spectre v2 print functions (bsc#1106913). - x86/speculation: Update the TIF_SSBD comment (bsc#1106913). - x86/xen: Fix boot loader version reported for PVH guests (bnc#1065600). - xen/balloon: Support xend-based toolstack (bnc#1065600). - xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062). - xen: fix race in xen_qlock_wait() (bnc#1107256). - xen: fix xen_qlock_wait() (bnc#1107256). - xen: make xen_qlock_wait() nestable (bnc#1107256). - xen/netfront: do not bug in case of too many frags (bnc#1104824). - xen/netfront: tolerate frags with no data (bnc#1119804). - xen/pvh: do not try to unplug emulated devices (bnc#1065600). - xen/pvh: increase early stack size (bnc#1065600). - xen-swiotlb: use actually allocated size on check physical continuous (bnc#1065600). - xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183). - xfs: Align compat attrlist_by_handle with native implementation (git-fixes). - xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes). - xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621). - xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat (git-fixes). - xfs: Properly detect when DAX won't be used on any device (bsc#1115976). - xfs: xfs_buf: drop useless LIST_HEAD (git-fixes). - xhci: Add check for invalid byte size error when UAS devices are connected (bsc#1051510). - xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc (bsc#1117162). - xhci: Do not prevent USB2 bus suspend in state check intended for USB3 only (bsc#1051510). - xhci: Fix leaking USB3 shared_hcd at xhci removal (bsc#1051510). - xhci: Prevent U1/U2 link pm states if exit latency is too long (bsc#1051510). - xprtrdma: Do not defer fencing an async RPC's chunks (git-fixes). Important SUSE bug 1024718 SUSE bug 1046299 SUSE bug 1050242 SUSE bug 1050244 SUSE bug 1051510 SUSE bug 1055120 SUSE bug 1055121 SUSE bug 1055186 SUSE bug 1058115 SUSE bug 1060463 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1068032 SUSE bug 1068273 SUSE bug 1074562 SUSE bug 1074578 SUSE bug 1074701 SUSE bug 1075006 SUSE bug 1075419 SUSE bug 1075748 SUSE bug 1078248 SUSE bug 1079935 SUSE bug 1080039 SUSE bug 1082387 SUSE bug 1082555 SUSE bug 1082653 SUSE bug 1083647 SUSE bug 1085535 SUSE bug 1086282 SUSE bug 1086283 SUSE bug 1086423 SUSE bug 1087082 SUSE bug 1087084 SUSE bug 1087939 SUSE bug 1087978 SUSE bug 1088386 SUSE bug 1089350 SUSE bug 1090888 SUSE bug 1091405 SUSE bug 1094244 SUSE bug 1097593 SUSE bug 1097755 SUSE bug 1102055 SUSE bug 1102875 SUSE bug 1102877 SUSE bug 1102879 SUSE bug 1102882 SUSE bug 1102896 SUSE bug 1103257 SUSE bug 1104353 SUSE bug 1104427 SUSE bug 1104824 SUSE bug 1104967 SUSE bug 1105168 SUSE bug 1106105 SUSE bug 1106110 SUSE bug 1106237 SUSE bug 1106240 SUSE bug 1106615 SUSE bug 1106913 SUSE bug 1107207 SUSE bug 1107256 SUSE bug 1107385 SUSE bug 1107866 SUSE bug 1108270 SUSE bug 1108468 SUSE bug 1109272 SUSE bug 1109772 SUSE bug 1109806 SUSE bug 1110006 SUSE bug 1110558 SUSE bug 1110998 SUSE bug 1111062 SUSE bug 1111174 SUSE bug 1111188 SUSE bug 1111469 SUSE bug 1111696 SUSE bug 1111795 SUSE bug 1111809 SUSE bug 1112128 SUSE bug 1112963 SUSE bug 1113295 SUSE bug 1113412 SUSE bug 1113501 SUSE bug 1113677 SUSE bug 1113722 SUSE bug 1113769 SUSE bug 1114015 SUSE bug 1114178 SUSE bug 1114279 SUSE bug 1114385 SUSE bug 1114576 SUSE bug 1114577 SUSE bug 1114578 SUSE bug 1114579 SUSE bug 1114580 SUSE bug 1114581 SUSE bug 1114582 SUSE bug 1114583 SUSE bug 1114584 SUSE bug 1114585 SUSE bug 1114648 SUSE bug 1114839 SUSE bug 1114871 SUSE bug 1115074 SUSE bug 1115269 SUSE bug 1115431 SUSE bug 1115433 SUSE bug 1115440 SUSE bug 1115567 SUSE bug 1115709 SUSE bug 1115976 SUSE bug 1116040 SUSE bug 1116183 SUSE bug 1116336 SUSE bug 1116692 SUSE bug 1116693 SUSE bug 1116698 SUSE bug 1116699 SUSE bug 1116700 SUSE bug 1116701 SUSE bug 1116803 SUSE bug 1116841 SUSE bug 1116862 SUSE bug 1116863 SUSE bug 1116876 SUSE bug 1116877 SUSE bug 1116878 SUSE bug 1116891 SUSE bug 1116895 SUSE bug 1116899 SUSE bug 1116950 SUSE bug 1117115 SUSE bug 1117162 SUSE bug 1117165 SUSE bug 1117168 SUSE bug 1117172 SUSE bug 1117174 SUSE bug 1117181 SUSE bug 1117184 SUSE bug 1117186 SUSE bug 1117188 SUSE bug 1117189 SUSE bug 1117349 SUSE bug 1117561 SUSE bug 1117656 SUSE bug 1117788 SUSE bug 1117789 SUSE bug 1117790 SUSE bug 1117791 SUSE bug 1117792 SUSE bug 1117794 SUSE bug 1117795 SUSE bug 1117796 SUSE bug 1117798 SUSE bug 1117799 SUSE bug 1117801 SUSE bug 1117802 SUSE bug 1117803 SUSE bug 1117804 SUSE bug 1117805 SUSE bug 1117806 SUSE bug 1117807 SUSE bug 1117808 SUSE bug 1117815 SUSE bug 1117816 SUSE bug 1117817 SUSE bug 1117818 SUSE bug 1117819 SUSE bug 1117820 SUSE bug 1117821 SUSE bug 1117822 SUSE bug 1117953 SUSE bug 1118102 SUSE bug 1118136 SUSE bug 1118137 SUSE bug 1118138 SUSE bug 1118140 SUSE bug 1118152 SUSE bug 1118215 SUSE bug 1118316 SUSE bug 1118319 SUSE bug 1118320 SUSE bug 1118428 SUSE bug 1118484 SUSE bug 1118505 SUSE bug 1118752 SUSE bug 1118760 SUSE bug 1118761 SUSE bug 1118762 SUSE bug 1118766 SUSE bug 1118767 SUSE bug 1118768 SUSE bug 1118769 SUSE bug 1118771 SUSE bug 1118772 SUSE bug 1118773 SUSE bug 1118774 SUSE bug 1118775 SUSE bug 1118787 SUSE bug 1118788 SUSE bug 1118798 SUSE bug 1118809 SUSE bug 1118962 SUSE bug 1119017 SUSE bug 1119086 SUSE bug 1119212 SUSE bug 1119322 SUSE bug 1119410 SUSE bug 1119714 SUSE bug 1119749 SUSE bug 1119804 SUSE bug 1119946 SUSE bug 1119947 SUSE bug 1119962 SUSE bug 1119968 SUSE bug 1119974 SUSE bug 1120036 SUSE bug 1120046 SUSE bug 1120053 SUSE bug 1120054 SUSE bug 1120055 SUSE bug 1120058 SUSE bug 1120088 SUSE bug 1120092 SUSE bug 1120094 SUSE bug 1120096 SUSE bug 1120097 SUSE bug 1120173 SUSE bug 1120214 SUSE bug 1120223 SUSE bug 1120228 SUSE bug 1120230 SUSE bug 1120232 SUSE bug 1120234 SUSE bug 1120235 SUSE bug 1120238 SUSE bug 1120594 SUSE bug 1120598 SUSE bug 1120600 SUSE bug 1120601 SUSE bug 1120602 SUSE bug 1120603 SUSE bug 1120604 SUSE bug 1120606 SUSE bug 1120612 SUSE bug 1120613 SUSE bug 1120614 SUSE bug 1120615 SUSE bug 1120616 SUSE bug 1120617 SUSE bug 1120618 SUSE bug 1120620 SUSE bug 1120621 SUSE bug 1120632 SUSE bug 1120633 SUSE bug 1120743 SUSE bug 1120954 SUSE bug 1121017 SUSE bug 1121058 SUSE bug 1121263 SUSE bug 1121273 SUSE bug 1121477 SUSE bug 1121483 SUSE bug 1121599 SUSE bug 1121621 SUSE bug 1121714 SUSE bug 1121715 SUSE bug 1121973 SUSE bug 1122019 SUSE bug 1122292 CVE-2017-5753 CVE-2018-12232 CVE-2018-14625 CVE-2018-16862 CVE-2018-16884 CVE-2018-18281 CVE-2018-18397 CVE-2018-19407 CVE-2018-19824 CVE-2018-19854 CVE-2018-19985 CVE-2018-20169 CVE-2018-9568 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for apache-commons-beanutils fixes the following issues: Security issue fixed: - CVE-2019-10086: Added special BeanIntrospector class which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects (bsc#1146657). Important SUSE bug 1146657 CVE-2019-10086 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for NetworkManager fixes the following issues: Security issue fixed: - Fixed that passwords are not echoed on terminal when asking for them (bsc#990204). Low SUSE bug 990204 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for perl fixes the following issues: Security issue fixed: - CVE-2018-18311: Fixed integer overflow with oversize environment (bsc#1114674). Important SUSE bug 1114674 CVE-2018-18311 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libsolv, libzypp and zypper fixes the following issues: libsolv was updated to version 0.6.36 and fixes the following issues: Security issues fixed: - CVE-2018-20532: Fixed a NULL pointer dereference in testcase_read() (bsc#1120629). - CVE-2018-20533: Fixed a NULL pointer dereference in testcase_str2dep_complex() (bsc#1120630). - CVE-2018-20534: Fixed a NULL pointer dereference in pool_whatprovides() (bsc#1120631). Non-security issues fixed: - Made cleandeps jobs on patterns work (bsc#1137977). - Fixed an issue multiversion packages that obsolete their own name (bsc#1127155). - Keep consistent package name if there are multiple alternatives (bsc#1131823). Fixes for libzypp: - Fixes a bug where locking the kernel was not possible (bsc#1113296) - Fixes a file descriptor leak (bsc#1116995) - Will now run file conflict check on dry-run (best with download-only) (bsc#1140039) Fixes for zypper: - Fixes a bug where the wrong exit code was set when refreshing repos if --root was used (bsc#1134226) - Improved the displaying of locks (bsc#1112911) - Fixes an issue where `https` repository urls caused an error prompt to appear twice (bsc#1110542) - zypper will now always warn when no repositories are defined (bsc#1109893) - Fixes bash completion option detection (bsc#1049825) Moderate SUSE bug 1049825 SUSE bug 1109893 SUSE bug 1110542 SUSE bug 1111319 SUSE bug 1112911 SUSE bug 1113296 SUSE bug 1116995 SUSE bug 1120629 SUSE bug 1120630 SUSE bug 1120631 SUSE bug 1127155 SUSE bug 1131823 SUSE bug 1134226 SUSE bug 1137977 SUSE bug 1140039 SUSE bug 1145521 CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner (bsc#1145092). Important SUSE bug 1145092 CVE-2019-10208 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for apache2 fixes the following issues: Security issues fixed: - CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1145575). - CVE-2019-10081: Fixed mod_http2 that is vulnerable to memory corruption on early pushes (bsc#1145742). - CVE-2019-10082: Fixed mod_http2 that is vulnerable to read-after-free in h2 connection shutdown (bsc#1145741). - CVE-2019-10092: Fixed limited cross-site scripting in mod_proxy (bsc#1145740). - CVE-2019-10098: Fixed mod_rewrite configuration vulnerablility to open redirect (bsc#1145738). Important SUSE bug 1145575 SUSE bug 1145738 SUSE bug 1145740 SUSE bug 1145741 SUSE bug 1145742 CVE-2019-10081 CVE-2019-10082 CVE-2019-10092 CVE-2019-10098 CVE-2019-9517 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for mariadb and mariadb-connector-c fixes the following issues: mariadb: - Update to version 10.2.25 (bsc#1136035) - CVE-2019-2628: Fixed a remote denial of service by an privileged attacker (bsc#1136035). - CVE-2019-2627: Fixed another remote denial of service by an privileged attacker (bsc#1136035). - CVE-2019-2614: Fixed a potential remote denial of service by an privileged attacker (bsc#1136035). - Fixed reading options for multiple instances if my${INSTANCE}.cnf is used (bsc#1132666). - Adjust mysql-systemd-helper ('shutdown protected MySQL' section) so it checks both ping response and the pid in a process list as it can take some time till the process is terminated. Otherwise it can lead to 'found left-over process' situation when regular mariadb is started (bsc#1143215). mariadb-connector-c: - Update to version 3.1.2 (bsc#1136035) - Moved libmariadb.pc from /usr/lib/pkgconfig to /usr/lib64/pkgconfig for x86_64 (bsc#1126088) Important SUSE bug 1126088 SUSE bug 1132666 SUSE bug 1136035 SUSE bug 1143215 CVE-2019-2614 CVE-2019-2627 CVE-2019-2628 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_7_1-ibm fixes the following issues: Update to Java 7.1 Service Refresh 4 Fix Pack 50. Security issues fixed: - CVE-2019-11771: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-11775: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-4473: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-7317: Fixed issue inside Component AWT (libpng)(bsc#1141780). - CVE-2019-2769: Fixed issue inside Component Utilities (bsc#1141783). - CVE-2019-2762: Fixed issue inside Component Utilities (bsc#1141782). - CVE-2019-2816: Fixed issue inside Component Networking (bsc#1141785). - CVE-2019-2766: Fixed issue inside Component Networking (bsc#1141789). Important SUSE bug 1141780 SUSE bug 1141782 SUSE bug 1141783 SUSE bug 1141785 SUSE bug 1141789 SUSE bug 1147021 CVE-2019-11771 CVE-2019-11775 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2816 CVE-2019-4473 CVE-2019-7317 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for webkit2gtk3 fixes the following issues: Updated to version 2.24.4 (bsc#1148931). Security issues fixed: - CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8669, CVE-2019-8678, CVE-2019-8680, CVE-2019-8683, CVE-2019-8684, CVE-2019-8688, CVE-2019-8595, CVE-2019-8607, CVE-2019-8615, CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690 Non-security issues fixed: - Improved loading of multimedia streams to avoid memory exhaustion due to excessive caching. - Updated the user agent string to make happy certain websites which would claim that the browser being used was unsupported. Important SUSE bug 1135715 SUSE bug 1148931 CVE-2019-8595 CVE-2019-8607 CVE-2019-8615 CVE-2019-8644 CVE-2019-8649 CVE-2019-8658 CVE-2019-8666 CVE-2019-8669 CVE-2019-8671 CVE-2019-8672 CVE-2019-8673 CVE-2019-8676 CVE-2019-8677 CVE-2019-8678 CVE-2019-8679 CVE-2019-8680 CVE-2019-8681 CVE-2019-8683 CVE-2019-8684 CVE-2019-8686 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ghostscript fixes the following issues: Security issue fixed: - CVE-2019-10216: Fix privilege escalation via specially crafted PostScript file (bsc#1144621). Moderate SUSE bug 1144621 CVE-2019-10216 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794). - CVE-2019-12155: Security fix for null pointer dereference while releasing spice resources (bsc#1135902). - CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402). Bug fixes and enhancements: - Add vcpu features needed for Cascadelake-Server, Icelake-Client and Icelake-Server, especially the foundational arch-capabilities to help with security and performance on Intel hosts (bsc#1134880) (fate#327764). - Add support for one more security/performance related vcpu feature (bsc#1136777) (fate#327795). - Disable file locking in the Xen PV disk backend to avoid locking issues with PV domUs during migration. The issues triggered by the locking can not be properly handled in libxl. The locking introduced in qemu-2.10 was removed again in qemu-4.0 (bsc#1079730, bsc#1098403, bsc#1111025). - Ignore csske for expanding the cpu model (bsc#1136528). - Provide qcow2 L2 caching improvements, which allows for better storage performance in certain configurations (bsc#1139926, ECO-130). - Fixed virsh migrate-setspeed (bsc#1127077, bsc#1141043). Important SUSE bug 1079730 SUSE bug 1098403 SUSE bug 1111025 SUSE bug 1127077 SUSE bug 1134880 SUSE bug 1135902 SUSE bug 1136528 SUSE bug 1136777 SUSE bug 1139926 SUSE bug 1140402 SUSE bug 1141043 SUSE bug 1143794 CVE-2019-12155 CVE-2019-13164 CVE-2019-14378 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ceph to version 12.2.12-594-g02236657ca fixes the following issues: Security issues fixed: - CVE-2018-16889: Fixed missing sanitation of customer encryption keys from log output in v4 auth. (bsc#1121567) Moderate SUSE bug 1121567 SUSE bug 1149961 CVE-2018-16889 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 5 Fix Pack 40. Security issues fixed: - CVE-2019-11771: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-11772: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-11775: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-4473: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-7317: Fixed issue inside Component AWT (libpng)(bsc#1141780). - CVE-2019-2769: Fixed issue inside Component Utilities (bsc#1141783). - CVE-2019-2762: Fixed issue inside Component Utilities (bsc#1141782). - CVE-2019-2816: Fixed issue inside Component Networking (bsc#1141785). - CVE-2019-2766: Fixed issue inside Component Networking (bsc#1141789). - CVE-2019-2786: Fixed issue inside Component Security (bsc#1141787). Important SUSE bug 1122292 SUSE bug 1122299 SUSE bug 1141780 SUSE bug 1141782 SUSE bug 1141783 SUSE bug 1141785 SUSE bug 1141787 SUSE bug 1141789 SUSE bug 1147021 CVE-2018-11212 CVE-2019-11771 CVE-2019-11772 CVE-2019-11775 CVE-2019-2449 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-4473 CVE-2019-7317 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for curl fixes the following issues: Security issues fixed: - CVE-2019-5481: Fixed a double-free during kerberos FTP data transfer. (bsc#1149495) - CVE-2019-5482: Fixed a TFTP small block size heap buffer overflow (bsc#1149496). Important SUSE bug 1149495 SUSE bug 1149496 CVE-2019-5481 CVE-2019-5482 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ibus fixes the following issues: Security issue fixed: - CVE-2019-14822: Fixed a misconfiguration of the DBus server that allowed an unprivileged user to monitor and send method calls to the ibus bus of another user. (bsc#1150011) Important SUSE bug 1150011 CVE-2019-14822 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2019-13565: Fixed ssf memory reuse that leads to incorrect authorization of another connection, granting excess connection rights (ssf) (bsc#1143194). - CVE-2019-13057: Fixed rootDN of a backend that may proxyauth incorrectly to another backend, violating multi-tenant isolation (bsc#1143273). Moderate SUSE bug 1143194 SUSE bug 1143273 CVE-2019-13057 CVE-2019-13565 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for spice fixes the following issues: Security issue fixed: - CVE-2019-3813: Fixed a out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). Important SUSE bug 1122706 CVE-2019-3813 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following new features were implemented: - jsc#SLE-4875: [CML] New device IDs for CML - jsc#SLE-7294: Add cpufreq driver for Raspberry Pi - fate#322438: Integrate P9 XIVE support (on PowerVM only) - fate#322447: Add memory protection keys (MPK) support on POWER (on PowerVM only) - fate#322448, fate#321438: P9 hardware counter (performance counters) support (on PowerVM only) - fate#325306, fate#321840: Reduce memory required to boot capture kernel while using fadump - fate#326869: perf: pmu mem_load/store event support The following security bugs were fixed: - CVE-2017-18551: There was an out of bounds write in the function i2c_smbus_xfer_emulated. (bsc#1146163). - CVE-2018-20976: A use after free existed, related to xfs_fs_fill_super failure. (bsc#1146285) - CVE-2018-21008: A use-after-free can be caused by the function rsi_mac80211_detach (bsc#1149591). - CVE-2019-9456: In Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could have lead to local escalation of privilege with System execution privileges needed. (bsc#1150025 CVE-2019-9456). - CVE-2019-10207: Fix a NULL pointer dereference in hci_uart bluetooth driver (bsc#1142857 bsc#1123959). - CVE-2019-14814, CVE-2019-14815, CVE-2019-14816: Fix three heap-based buffer overflows in marvell wifi chip driver kernel, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code. (bnc#1146516) - CVE-2019-14835: Fix QEMU-KVM Guest to Host Kernel Escape. (bsc#1150112). - CVE-2019-15030, CVE-2019-15031: On the powerpc platform, a local user could read vector registers of other users' processes via an interrupt. (bsc#1149713) - CVE-2019-15090: In the qedi_dbg_* family of functions, there was an out-of-bounds read. (bsc#1146399) - CVE-2019-15098: USB driver net/wireless/ath/ath6kl/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor. (bsc#1146378). - CVE-2019-15099: drivers/net/wireless/ath/ath10k/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor. (bsc#1146368) - CVE-2019-15117: parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel mishandled a short descriptor, leading to out-of-bounds memory access. (bsc#1145920). - CVE-2019-15118: check_input_term in sound/usb/mixer.c in the Linux kernel mishandled recursion, leading to kernel stack exhaustion. (bsc#1145922). - CVE-2019-15211: There was a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c did not properly allocate memory. (bsc#1146519). - CVE-2019-15212: There was a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver. (bsc#1051510 bsc#1146391). - CVE-2019-15214: There was a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. (bsc#1146550) - CVE-2019-15215: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver. (bsc#1135642 bsc#1146425) - CVE-2019-15216: Fix a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. (bsc#1146361). - CVE-2019-15217: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. (bsc#1146547). - CVE-2019-15218: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver. (bsc#1051510 bsc#1146413) - CVE-2019-15219: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. (bsc#1146524) - CVE-2019-15220: There was a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver. (bsc#1146526) - CVE-2019-15221, CVE-2019-15222: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver. (bsc#1146529, bsc#1146531) - CVE-2019-15239: An incorrect backport of a certain net/ipv4/tcp_output.c fix allowed a local attacker to trigger multiple use-after-free conditions. This could result in a kernel crash, or potentially in privilege escalation. (bsc#1146589) - CVE-2019-15290: There was a NULL pointer dereference caused by a malicious USB device in the ath6kl_usb_alloc_urb_from_pipe function (bsc#1146543). - CVE-2019-15292: There was a use-after-free in atalk_proc_exit (bsc#1146678) - CVE-2019-15538: XFS partially wedged when a chgrp failed on account of being out of disk quota. This was primarily a local DoS attack vector, but it could result as well in remote DoS if the XFS filesystem was exported for instance via NFS. (bsc#1148032, bsc#1148093) - CVE-2019-15666: There was an out-of-bounds array access in __xfrm_policy_unlink, which would cause denial of service, because verify_newpolicy_info mishandled directory validation. (bsc#1148394). - CVE-2019-15902: A backporting error reintroduced the Spectre vulnerability that it aimed to eliminate. (bnc#1149376) - CVE-2019-15917: There was a use-after-free issue when hci_uart_register_dev() failed in hci_uart_set_proto() (bsc#1149539) - CVE-2019-15919: SMB2_write in fs/cifs/smb2pdu.c had a use-after-free. (bsc#1149552) - CVE-2019-15920: SMB2_read in fs/cifs/smb2pdu.c had a use-after-free. (bsc#1149626) - CVE-2019-15921: There was a memory leak issue when idr_alloc() failed (bsc#1149602) - CVE-2019-15924: Fix a NULL pointer dereference because there was no -ENOMEM upon an alloc_workqueue failure. (bsc#1149612). - CVE-2019-15926: Out of bounds access existed in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx (bsc#1149527) - CVE-2019-15927: An out-of-bounds access existed in the function build_audio_procunit (bsc#1149522) The following non-security bugs were fixed: - 9p/rdma: do not disconnect on down_interruptible EAGAIN (bsc#1051510). - 9p/rdma: remove useless check in cm_event_handler (bsc#1051510). - 9p/virtio: Add cleanup path in p9_virtio_init (bsc#1051510). - 9p/xen: Add cleanup path in p9_trans_xen_init (bsc#1051510). - 9p/xen: fix check for xenbus_read error in front_probe (bsc#1051510). - 9p: acl: fix uninitialized iattr access (bsc#1051510). - 9p: p9dirent_read: check network-provided name length (bsc#1051510). - 9p: pass the correct prototype to read_cache_page (bsc#1051510). - acpi/arm64: ignore 5.1 FADTs that are reported as 5.0 (bsc#1051510). - acpi/iort: Fix off-by-one check in iort_dev_find_its_id() (bsc#1051510). - acpi: PM: Fix regression in acpi_device_set_power() (bsc#1051510). - acpi: fix false-positive -Wuninitialized warning (bsc#1051510). - acpica: Increase total number of possible Owner IDs (bsc#1148859). - acpica: Increase total number of possible Owner IDs (bsc#1148859). - add some missing definitions (bsc#1144333). - address lock imbalance warnings in smbdirect.c (bsc#1144333). - af_key: fix leaks in key_pol_get_resp and dump_sp (bsc#1051510). - af_packet: Block execution of tasks waiting for transmit to complete in AF_PACKET (networking-stable-19_07_02). - alsa: firewire: fix a memory leak bug (bsc#1051510). - alsa: hda - Add a generic reboot_notify (bsc#1051510). - alsa: hda - Apply workaround for another AMD chip 1022:1487 (bsc#1051510). - alsa: hda - Do not override global PCM hw info flag (bsc#1051510). - alsa: hda - Fix a memory leak bug (bsc#1051510). - alsa: hda - Fix potential endless loop at applying quirks (bsc#1051510). - alsa: hda - Let all conexant codec enter D3 when rebooting (bsc#1051510). - alsa: hda - Workaround for crackled sound on AMD controller (1022:1457) (bsc#1051510). - alsa: hda/realtek - Fix overridden device-specific initialization (bsc#1051510). - alsa: hda/realtek - Fix the problem of two front mics on a ThinkCentre (bsc#1051510). - alsa: hda: kabi workaround for generic parser flag (bsc#1051510). - alsa: hiface: fix multiple memory leak bugs (bsc#1051510). - alsa: line6: Fix memory leak at line6_init_pcm() error path (bsc#1051510). - alsa: pcm: fix lost wakeup event scenarios in snd_pcm_drain (bsc#1051510). - alsa: seq: Fix potential concurrent access to the deleted pool (bsc#1051510). - alsa: usb-audio: Fix gpf in snd_usb_pipe_sanity_check (bsc#1051510). - arm64: KVM: Fix architecturally invalid reset value for FPEXC32_EL2 (bsc#1133021). - arm: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling (bsc#1133021). - arm: KVM: report support for SMCCC_ARCH_WORKAROUND_1 (bsc#1133021). - asoc: Fail card instantiation if DAI format setup fails (bsc#1051510). - asoc: dapm: Fix handling of custom_stop_condition on DAPM graph walks (bsc#1051510). - ata: libahci: do not complain in case of deferred probe (bsc#1051510). - batman-adv: Only read OGM tvlv_len after buffer len check (bsc#1051510). - batman-adv: Only read OGM2 tvlv_len after buffer len check (bsc#1051510). - batman-adv: fix uninit-value in batadv_netlink_get_ifindex() (bsc#1051510). - bcache: fix possible memory leak in bch_cached_dev_run() (git fixes). - bio: fix improper use of smp_mb__before_atomic() (git fixes). - blk-mq: Fix spelling in a source code comment (git fixes). - blk-mq: backport fixes for blk_mq_complete_e_request_sync() (bsc#1145661). - blk-mq: introduce blk_mq_complete_request_sync() (bsc#1145661). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - block, documentation: Fix wbt_lat_usec documentation (git fixes). - bluetooth: 6lowpan: search for destination address in all peers (bsc#1051510). - bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug (bsc#1051510). - bluetooth: Check state in l2cap_disconnect_rsp (bsc#1051510). - bluetooth: btqca: Add a short delay before downloading the NVM (bsc#1051510). - bluetooth: hci_bcsp: Fix memory leak in rx_skb (bsc#1051510). - bluetooth: revert 'validate BLE connection interval updates' (bsc#1051510). - bluetooth: validate BLE connection interval updates (bsc#1051510). - bnx2x: Prevent ptp_task to be rescheduled indefinitely (networking-stable-19_07_25). - bonding/802.3ad: fix link_failure_count tracking (bsc#1137069 bsc#1141013). - bonding/802.3ad: fix slave link initialization transition states (bsc#1137069 bsc#1141013). - bonding: Always enable vlan tx offload (networking-stable-19_07_02). - bonding: set default miimon value for non-arp modes if not set (bsc#1137069 bsc#1141013). - bonding: speed/duplex update at NETDEV_UP event (bsc#1137069 bsc#1141013). - bonding: validate ip header before check IPPROTO_IGMP (networking-stable-19_07_25). - btrfs: Fix delalloc inodes invalidation during transaction abort (bsc#1050911). - btrfs: Split btrfs_del_delalloc_inode into 2 functions (bsc#1050911). - btrfs: add a helper to retrive extent inline ref type (bsc#1149325). - btrfs: add cleanup_ref_head_accounting helper (bsc#1050911). - btrfs: add missing inode version, ctime and mtime updates when punching hole (bsc#1140487). - btrfs: add one more sanity check for shared ref type (bsc#1149325). - btrfs: clean up pending block groups when transaction commit aborts (bsc#1050911). - btrfs: convert to use btrfs_get_extent_inline_ref_type (bsc#1149325). - btrfs: do not abort transaction at btrfs_update_root() after failure to COW path (bsc#1150933). - btrfs: fix assertion failure during fsync and use of stale transaction (bsc#1150562). - btrfs: fix data loss after inode eviction, renaming it, and fsync it (bsc#1145941). - btrfs: fix fsync not persisting dentry deletions due to inode evictions (bsc#1145942). - btrfs: fix incremental send failure after deduplication (bsc#1145940). - btrfs: fix pinned underflow after transaction aborted (bsc#1050911). - btrfs: fix race between send and deduplication that lead to failures and crashes (bsc#1145059). - btrfs: fix race leading to fs corruption after transaction abort (bsc#1145937). - btrfs: handle delayed ref head accounting cleanup in abort (bsc#1050911). - btrfs: prevent send failures and crashes due to concurrent relocation (bsc#1145059). - btrfs: remove BUG() in add_data_reference (bsc#1149325). - btrfs: remove BUG() in btrfs_extent_inline_ref_size (bsc#1149325). - btrfs: remove BUG() in print_extent_item (bsc#1149325). - btrfs: remove BUG_ON in __add_tree_block (bsc#1149325). - btrfs: scrub: add memalloc_nofs protection around init_ipath (bsc#1086103). - btrfs: start readahead also in seed devices (bsc#1144886). - btrfs: track running balance in a simpler way (bsc#1145059). - btrfs: use GFP_KERNEL in init_ipath (bsc#1086103). - caif-hsi: fix possible deadlock in cfhsi_exit_module() (networking-stable-19_07_25). - can: m_can: implement errata 'Needless activation of MRAF irq' (bsc#1051510). - can: mcp251x: add support for mcp25625 (bsc#1051510). - can: peak_usb: fix potential double kfree_skb() (bsc#1051510). - can: peak_usb: force the string buffer NULL-terminated (bsc#1051510). - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (bsc#1051510). - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices (bsc#1051510). - can: rcar_canfd: fix possible IRQ storm on high load (bsc#1051510). - can: sja1000: force the string buffer NULL-terminated (bsc#1051510). - carl9170: fix misuse of device driver API (bsc#1142635). - ceph: always get rstat from auth mds (bsc#1146346). - ceph: clean up ceph.dir.pin vxattr name sizeof() (bsc#1146346). - ceph: decode feature bits in session message (bsc#1146346). - ceph: do not blindly unregister session that is in opening state (bsc#1148133). - ceph: do not try fill file_lock on unsuccessful GETFILELOCK reply (bsc#1148133). - ceph: fix 'ceph.dir.rctime' vxattr value (bsc#1148133 bsc#1135219). - ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in fill_inode() (bsc#1148133). - ceph: fix improper use of smp_mb__before_atomic() (bsc#1148133). - ceph: fix iov_iter issues in ceph_direct_read_write() (bsc#1141450). - ceph: hold i_ceph_lock when removing caps for freeing inode (bsc#1148133). - ceph: remove request from waiting list before unregister (bsc#1148133). - ceph: silence a checker warning in mdsc_show() (bsc#1148133). - ceph: support cephfs' own feature bits (bsc#1146346). - ceph: support getting ceph.dir.pin vxattr (bsc#1146346). - ceph: support versioned reply (bsc#1146346). - ceph: use bit flags to define vxattr attributes (bsc#1146346). - cfg80211: revert 'fix processing world regdomain when non modular' (bsc#1051510). - cifs: Accept validate negotiate if server return NT_STATUS_NOT_SUPPORTED (bsc#1144333). - cifs: Add DFS cache routines (bsc#1144333). - cifs: Add direct I/O functions to file_operations (bsc#1144333). - cifs: Add minor debug message during negprot (bsc#1144333). - cifs: Add smb2_send_recv (bsc#1144333). - cifs: Add support for FSCTL passthrough that write data to the server (bsc#1144333). - cifs: Add support for direct I/O read (bsc#1144333). - cifs: Add support for direct I/O write (bsc#1144333). - cifs: Add support for direct pages in rdata (bsc#1144333). - cifs: Add support for direct pages in wdata (bsc#1144333). - cifs: Add support for failover in cifs_mount() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect_tcon() (bsc#1144333). - cifs: Add support for failover in smb2_reconnect() (bsc#1144333). - cifs: Add support for reading attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: Add support for writing attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: Adds information-level logging function (bsc#1144333). - cifs: Adjust MTU credits before reopening a file (bsc#1144333). - cifs: Allocate memory for all iovs in smb2_ioctl (bsc#1144333). - cifs: Allocate validate negotiation request through kmalloc (bsc#1144333). - cifs: Always reset read error to -EIO if no response (bsc#1144333). - cifs: Always resolve hostname before reconnecting (bsc#1051510, bsc#1144333). - cifs: Avoid returning EBUSY to upper layer VFS (bsc#1144333). - cifs: Calculate the correct request length based on page offset and tail size (bsc#1144333). - cifs: Call MID callback before destroying transport (bsc#1144333). - cifs: Change SMB2_open to return an iov for the error parameter (bsc#1144333). - cifs: Check for reconnects before sending async requests (bsc#1144333). - cifs: Check for reconnects before sending compound requests (bsc#1144333). - cifs: Check for timeout on Negotiate stage (bsc#1091171, bsc#1144333). - cifs: Count SMB3 credits for malformed pending responses (bsc#1144333). - cifs: Display SMB2 error codes in the hex format (bsc#1144333). - cifs: Do not assume one credit for async responses (bsc#1144333). - cifs: Do not consider -ENODATA as stat failure for reads (bsc#1144333). - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510, bsc#1144333). - cifs: Do not hide EINTR after sending network packets (bsc#1051510, bsc#1144333). - cifs: Do not log credits when unmounting a share (bsc#1144333). - cifs: Do not match port on SMBDirect transport (bsc#1144333). - cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510, bsc#1144333). - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510, bsc#1144333). - cifs: Do not reset lease state to NONE on lease break (bsc#1051510, bsc#1144333). - cifs: Do not set credits to 1 if the server didn't grant anything (bsc#1144333). - cifs: Do not skip SMB2 message IDs on send failures (bsc#1144333). - cifs: Find and reopen a file before get MTU credits in writepages (bsc#1144333). - cifs: Fix DFS cache refresher for DFS links (bsc#1144333). - cifs: Fix NULL pointer deref on SMB2_tcon() failure (bsc#1071009, bsc#1144333). - cifs: Fix NULL pointer dereference of devname (bnc#1129519). - cifs: Fix NULL ptr deref (bsc#1144333). - cifs: Fix a debug message (bsc#1144333). - cifs: Fix a race condition with cifs_echo_request (bsc#1144333). - cifs: Fix a tiny potential memory leak (bsc#1144333). - cifs: Fix adjustment of credits for MTU requests (bsc#1051510, bsc#1144333). - cifs: Fix an issue with re-sending rdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix an issue with re-sending wdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix autonegotiate security settings mismatch (bsc#1087092, bsc#1144333). - cifs: Fix check for matching with existing mount (bsc#1144333). - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510, bsc#1144333). - cifs: Fix credit calculations in compound mid callback (bsc#1144333). - cifs: Fix credit computation for compounded requests (bsc#1144333). - cifs: Fix credits calculation for cancelled requests (bsc#1144333). - cifs: Fix credits calculations for reads with errors (bsc#1051510, bsc#1144333). - cifs: Fix encryption/signing (bsc#1144333). - cifs: Fix error mapping for SMB2_LOCK command which caused OFD lock problem (bsc#1051510, bsc#1144333). - cifs: Fix error paths in writeback code (bsc#1144333). - cifs: Fix infinite loop when using hard mount option (bsc#1091171, bsc#1144333). - cifs: Fix invalid check in __cifs_calc_signature() (bsc#1144333). - cifs: Fix kernel oops when traceSMB is enabled (bsc#1144333). - cifs: Fix leaking locked VFS cache pages in writeback retry (bsc#1144333). - cifs: Fix lease buffer length error (bsc#1144333). - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510, bsc#1144333). - cifs: Fix missing put_xid in cifs_file_strict_mmap (bsc#1087092, bsc#1144333). - cifs: Fix module dependency (bsc#1144333). - cifs: Fix mounts if the client is low on credits (bsc#1144333). - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510, bsc#1144333). - cifs: Fix possible oops and memory leaks in async IO (bsc#1144333). - cifs: Fix potential OOB access of lock element array (bsc#1051510, bsc#1144333). - cifs: Fix read after write for files with read caching (bsc#1051510, bsc#1144333). - cifs: Fix separator when building path from dentry (bsc#1051510, bsc#1144333). - cifs: Fix signing for SMB2/3 (bsc#1144333). - cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting (bsc#1144333). - cifs: Fix slab-out-of-bounds when tracing SMB tcon (bsc#1144333). - cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1051510, bsc#1144333). - cifs: Fix to use kmem_cache_free() instead of kfree() (bsc#1144333). - cifs: Fix trace command logging for SMB2 reads and writes (bsc#1144333). - cifs: Fix use after free of a mid_q_entry (bsc#1112903, bsc#1144333). - cifs: Fix use-after-free in SMB2_read (bsc#1144333). - cifs: Fix use-after-free in SMB2_write (bsc#1144333). - cifs: Fix validation of signed data in smb2 (bsc#1144333). - cifs: Fix validation of signed data in smb3+ (bsc#1144333). - cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510, bsc#1144333). - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs) (bsc#1144333). - cifs: Introduce helper function to get page offset and length in smb_rqst (bsc#1144333). - cifs: Introduce offset for the 1st page in data transfer structures (bsc#1144333). - cifs: Limit memory used by lock request calls to a page (bsc#1144333). - cifs: Make devname param optional in cifs_compose_mount_options() (bsc#1144333). - cifs: Make sure all data pages are signed correctly (bsc#1144333). - cifs: Make use of DFS cache to get new DFS referrals (bsc#1144333). - cifs: Mask off signals when sending SMB packets (bsc#1144333). - cifs: Minor Kconfig clarification (bsc#1144333). - cifs: Move credit processing to mid callbacks for SMB3 (bsc#1144333). - cifs: Move open file handling to writepages (bsc#1144333). - cifs: Move unlocking pages from wdata_send_pages() (bsc#1144333). - cifs: OFD locks do not conflict with eachothers (bsc#1051510, bsc#1144333). - cifs: Only free DFS target list if we actually got one (bsc#1144333). - cifs: Only send SMB2_NEGOTIATE command on new TCP connections (bsc#1144333). - cifs: Pass page offset for calculating signature (bsc#1144333). - cifs: Pass page offset for encrypting (bsc#1144333). - cifs: Print message when attempting a mount (bsc#1144333). - cifs: Properly handle auto disabling of serverino option (bsc#1144333). - cifs: Reconnect expired SMB sessions (bnc#1060662). - cifs: Refactor out cifs_mount() (bsc#1144333). - cifs: Remove custom credit adjustments for SMB2 async IO (bsc#1144333). - cifs: Reopen file before get SMB2 MTU credits for async IO (bsc#1144333). - cifs: Respect SMB2 hdr preamble size in read responses (bsc#1144333). - cifs: Respect reconnect in MTU credits calculations (bsc#1144333). - cifs: Respect reconnect in non-MTU credits calculations (bsc#1144333). - cifs: Return -EAGAIN instead of -ENOTSOCK (bsc#1144333). - cifs: Return error code when getting file handle for writeback (bsc#1144333). - cifs: SMBD: Add SMB Direct debug counters (bsc#1144333). - cifs: SMBD: Add SMB Direct protocol initial values and constants (bsc#1144333). - cifs: SMBD: Add parameter rdata to smb2_new_read_req (bsc#1144333). - cifs: SMBD: Add rdma mount option (bsc#1144333). - cifs: SMBD: Disable signing on SMB direct transport (bsc#1144333). - cifs: SMBD: Do not call ib_dereg_mr on invalidated memory registration (bsc#1144333). - cifs: SMBD: Establish SMB Direct connection (bsc#1144333). - cifs: SMBD: Fix the definition for SMB2_CHANNEL_RDMA_V1_INVALIDATE (bsc#1144333). - cifs: SMBD: Implement RDMA memory registration (bsc#1144333). - cifs: SMBD: Implement function to create a SMB Direct connection (bsc#1144333). - cifs: SMBD: Implement function to destroy a SMB Direct connection (bsc#1144333). - cifs: SMBD: Implement function to receive data via RDMA receive (bsc#1144333). - cifs: SMBD: Implement function to reconnect to a SMB Direct transport (bsc#1144333). - cifs: SMBD: Implement function to send data via RDMA send (bsc#1144333). - cifs: SMBD: Read correct returned data length for RDMA write (SMB read) I/O (bsc#1144333). - cifs: SMBD: Set SMB Direct maximum read or write size for I/O (bsc#1144333). - cifs: SMBD: Support page offset in RDMA recv (bsc#1144333). - cifs: SMBD: Support page offset in RDMA send (bsc#1144333). - cifs: SMBD: Support page offset in memory registration (bsc#1144333). - cifs: SMBD: Upper layer connects to SMBDirect session (bsc#1144333). - cifs: SMBD: Upper layer destroys SMB Direct session on shutdown or umount (bsc#1144333). - cifs: SMBD: Upper layer performs SMB read via RDMA write through memory registration (bsc#1144333). - cifs: SMBD: Upper layer performs SMB write via RDMA read through memory registration (bsc#1144333). - cifs: SMBD: Upper layer receives data via RDMA receive (bsc#1144333). - cifs: SMBD: Upper layer reconnects to SMB Direct session (bsc#1144333). - cifs: SMBD: Upper layer sends data via RDMA send (bsc#1144333). - cifs: SMBD: _smbd_get_connection() can be static (bsc#1144333). - cifs: SMBD: export protocol initial values (bsc#1144333). - cifs: SMBD: fix spelling mistake: faield and legnth (bsc#1144333). - cifs: SMBD: work around gcc -Wmaybe-uninitialized warning (bsc#1144333). - cifs: Save TTL value when parsing DFS referrals (bsc#1144333). - cifs: Select all required crypto modules (bsc#1085536, bsc#1144333). - cifs: Set reconnect instance to one initially (bsc#1144333). - cifs: Show locallease in /proc/mounts for cifs shares mounted with locallease feature (bsc#1144333). - cifs: Silence uninitialized variable warning (bsc#1144333). - cifs: Skip any trailing backslashes from UNC (bsc#1144333). - cifs: Try to acquire credits at once for compound requests (bsc#1144333). - cifs: Use GFP_ATOMIC when a lock is held in cifs_mount() (bsc#1144333). - cifs: Use ULL suffix for 64-bit constant (bsc#1051510, bsc#1144333). - cifs: Use correct packet length in SMB2_TRANSFORM header (bsc#1144333). - cifs: Use kmemdup in SMB2_ioctl_init() (bsc#1144333). - cifs: Use kmemdup rather than duplicating its implementation in smb311_posix_mkdir() (bsc#1144333). - cifs: Use kzfree() to free password (bsc#1144333). - cifs: Use offset when reading pages (bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510, bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510, bsc#1144333). - cifs: When sending data on socket, pass the correct page offset (bsc#1144333). - cifs: a smb2_validate_and_copy_iov failure does not mean the handle is invalid (bsc#1144333). - cifs: add .splice_write (bsc#1144333). - cifs: add IOCTL for QUERY_INFO passthrough to userspace (bsc#1144333). - cifs: add ONCE flag for cifs_dbg type (bsc#1144333). - cifs: add SFM mapping for 0x01-0x1F (bsc#1144333). - cifs: add SMB2_close_init()/SMB2_close_free() (bsc#1144333). - cifs: add SMB2_ioctl_init/free helpers to be used with compounding (bsc#1144333). - cifs: add SMB2_query_info_[init|free]() (bsc#1144333). - cifs: add a new SMB2_close_flags function (bsc#1144333). - cifs: add a smb2_compound_op and change QUERY_INFO to use it (bsc#1144333). - cifs: add a timeout argument to wait_for_free_credits (bsc#1144333). - cifs: add a warning if we try to to dequeue a deleted mid (bsc#1144333). - cifs: add compound_send_recv() (bsc#1144333). - cifs: add credits from unmatched responses/messages (bsc#1144333). - cifs: add debug output to show nocase mount option (bsc#1144333). - cifs: add fiemap support (bsc#1144333). - cifs: add iface info to struct cifs_ses (bsc#1144333). - cifs: add lease tracking to the cached root fid (bsc#1144333). - cifs: add missing GCM module dependency (bsc#1144333). - cifs: add missing debug entries for kconfig options (bsc#1051510, bsc#1144333). - cifs: add missing support for ACLs in SMB 3.11 (bsc#1051510, bsc#1144333). - cifs: add pdu_size to the TCP_Server_Info structure (bsc#1144333). - cifs: add resp_buf_size to the mid_q_entry structure (bsc#1144333). - cifs: add server argument to the dump_detail method (bsc#1144333). - cifs: add server->vals->header_preamble_size (bsc#1144333). - cifs: add sha512 secmech (bsc#1051510, bsc#1144333). - cifs: add spinlock for the openFileList to cifsInodeInfo (bsc#1144333). - cifs: add support for SEEK_DATA and SEEK_HOLE (bsc#1144333). - cifs: add support for ioctl on directories (bsc#1144333). - cifs: address trivial coverity warning (bsc#1144333). - cifs: allow calling SMB2_xxx_free(NULL) (bsc#1144333). - cifs: allow disabling less secure legacy dialects (bsc#1144333). - cifs: allow guest mounts to work for smb3.11 (bsc#1051510, bsc#1144333). - cifs: always add credits back for unsolicited PDUs (bsc#1144333). - cifs: auto disable 'serverino' in dfs mounts (bsc#1144333). - cifs: avoid a kmalloc in smb2_send_recv/SendReceive2 for the common case (bsc#1144333). - cifs: cache FILE_ALL_INFO for the shared root handle (bsc#1144333). - cifs: change SMB2_OP_RENAME and SMB2_OP_HARDLINK to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_EOF to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_INFO to use compounding (bsc#1144333). - cifs: change mkdir to use a compound (bsc#1144333). - cifs: change smb2_get_data_area_len to take a smb2_sync_hdr as argument (bsc#1144333). - cifs: change smb2_query_eas to use the compound query-info helper (bsc#1144333). - cifs: change unlink to use a compound (bsc#1144333). - cifs: change validate_buf to validate_iov (bsc#1144333). - cifs: change wait_for_free_request() to take flags as argument (bsc#1144333). - cifs: check CIFS_MOUNT_NO_DFS when trying to reuse existing sb (bsc#1144333). - cifs: check MaxPathNameComponentLength != 0 before using it (bsc#1085536, bsc#1144333). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902, bsc#1144333). - cifs: check if SMB2 PDU size has been padded and suppress the warning (bsc#1144333). - cifs: check kmalloc before use (bsc#1051510, bsc#1144333). - cifs: check kzalloc return (bsc#1144333). - cifs: check ntwrk_buf_start for NULL before dereferencing it (bsc#1144333). - cifs: check rsp for NULL before dereferencing in SMB2_open (bsc#1085536, bsc#1144333). - cifs: cifs_read_allocate_pages: do not iterate through whole page array on ENOMEM (bsc#1144333). - cifs: clean up indentation, replace spaces with tab (bsc#1144333). - cifs: cleanup smb2ops.c and normalize strings (bsc#1144333). - cifs: complete PDU definitions for interface queries (bsc#1144333). - cifs: connect to servername instead of IP for IPC$ share (bsc#1051510, bsc#1144333). - cifs: create SMB2_open_init()/SMB2_open_free() helpers (bsc#1144333). - cifs: create a define for how many iovs we need for an SMB2_open() (bsc#1144333). - cifs: create a define for the max number of iov we need for a SMB2 set_info (bsc#1144333). - cifs: create a helper function for compound query_info (bsc#1144333). - cifs: create helpers for SMB2_set_info_init/free() (bsc#1144333). - cifs: do not allow creating sockets except with SMB1 posix exensions (bsc#1102097, bsc#1144333). - cifs: do not attempt cifs operation on smb2+ rename error (bsc#1144333). - cifs: do not dereference smb_file_target before null check (bsc#1051510, bsc#1144333). - cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510, bsc#1144333). - cifs: do not return atime less than mtime (bsc#1144333). - cifs: do not send invalid input buffer on QUERY_INFO requests (bsc#1144333). - cifs: do not show domain= in mount output when domain is empty (bsc#1144333). - cifs: do not use __constant_cpu_to_le32() (bsc#1144333). - cifs: document tcon/ses/server refcount dance (bsc#1144333). - cifs: dump IPC tcon in debug proc file (bsc#1071306, bsc#1144333). - cifs: dump every session iface info (bsc#1144333). - cifs: fallback to older infolevels on findfirst queryinfo retry (bsc#1144333). - cifs: fix GlobalMid_Lock bug in cifs_reconnect (bsc#1144333). - cifs: fix NULL deref in SMB2_read (bsc#1085539, bsc#1144333). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542, bsc#1144333). - cifs: fix SMB1 breakage (bsc#1144333). - cifs: fix a buffer leak in smb2_query_symlink (bsc#1144333). - cifs: fix a credits leak for compund commands (bsc#1144333). - cifs: fix bi-directional fsctl passthrough calls (bsc#1144333). - cifs: fix build break when CONFIG_CIFS_DEBUG2 enabled (bsc#1144333). - cifs: fix build errors for SMB_DIRECT (bsc#1144333). - cifs: fix circular locking dependency (bsc#1064701, bsc#1144333). - cifs: fix computation for MAX_SMB2_HDR_SIZE (bsc#1144333). - cifs: fix confusing warning message on reconnect (bsc#1144333). - cifs: fix crash in cifs_dfs_do_automount (bsc#1144333). - cifs: fix crash in smb2_compound_op()/smb2_set_next_command() (bsc#1144333). - cifs: fix crash querying symlinks stored as reparse-points (bsc#1144333). - cifs: fix credits leak for SMB1 oplock breaks (bsc#1144333). - cifs: fix deadlock in cached root handling (bsc#1144333). - cifs: fix encryption in SMB3.1.1 (bsc#1144333). - cifs: fix handle leak in smb2_query_symlink() (bsc#1144333). - cifs: fix incorrect handling of smb2_set_sparse() return in smb3_simple_falloc (bsc#1144333). - cifs: fix kref underflow in close_shroot() (bsc#1144333). - cifs: fix memory leak and remove dead code (bsc#1144333). - cifs: fix memory leak in SMB2_open() (bsc#1112894, bsc#1144333). - cifs: fix memory leak in SMB2_read (bsc#1144333). - cifs: fix memory leak of an allocated cifs_ntsd structure (bsc#1144333). - cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl case (bsc#1144333). - cifs: fix page reference leak with readv/writev (bsc#1144333). - cifs: fix panic in smb2_reconnect (bsc#1144333). - cifs: fix parsing of symbolic link error response (bsc#1144333). - cifs: fix return value for cifs_listxattr (bsc#1051510, bsc#1144333). - cifs: fix rmmod regression in cifs.ko caused by force_sig changes (bsc#1144333). - cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510, bsc#1144333). - cifs: fix signed/unsigned mismatch on aio_read patch (bsc#1144333). - cifs: fix smb3_zero_range for Azure (bsc#1144333). - cifs: fix smb3_zero_range so it can expand the file-size when required (bsc#1144333). - cifs: fix sparse warning on previous patch in a few printks (bsc#1144333). - cifs: fix spelling mistake, EACCESS -> EACCES (bsc#1144333). - cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() (bsc#1144333). - cifs: fix typo in cifs_dbg (bsc#1144333). - cifs: fix typo in debug message with struct field ia_valid (bsc#1144333). - cifs: fix uninitialized ptr deref in smb2 signing (bsc#1144333). - cifs: fix use-after-free of the lease keys (bsc#1144333). - cifs: fix wrapping bugs in num_entries() (bsc#1051510, bsc#1144333). - cifs: flush before set-info if we have writeable handles (bsc#1144333). - cifs: handle large EA requests more gracefully in smb2+ (bsc#1144333). - cifs: handle netapp error codes (bsc#1136261). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: implement v3.11 preauth integrity (bsc#1051510, bsc#1144333). - cifs: integer overflow in in SMB2_ioctl() (bsc#1051510, bsc#1144333). - cifs: invalidate cache when we truncate a file (bsc#1051510, bsc#1144333). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565, bsc#1144333). - cifs: limit amount of data we request for xattrs to CIFSMaxBufSize (bsc#1144333). - cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510, bsc#1144333). - cifs: make IPC a regular tcon (bsc#1071306, bsc#1144333). - cifs: make arrays static const, reduces object code size (bsc#1144333). - cifs: make minor clarifications to module params for cifs.ko (bsc#1144333). - cifs: make mknod() an smb_version_op (bsc#1144333). - cifs: make rmdir() use compounding (bsc#1144333). - cifs: make smb_send_rqst take an array of requests (bsc#1144333). - cifs: minor clarification in comments (bsc#1144333). - cifs: minor updates to module description for cifs.ko (bsc#1144333). - cifs: move default port definitions to cifsglob.h (bsc#1144333). - cifs: move large array from stack to heap (bsc#1144333). - cifs: only wake the thread for the very last PDU in a compound (bsc#1144333). - cifs: parse and store info on iface queries (bsc#1144333). - cifs: pass flags down into wait_for_free_credits() (bsc#1144333). - cifs: pass page offsets on SMB1 read/write (bsc#1144333). - cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510, bsc#1144333). - cifs: prevent starvation in wait_for_free_credits for multi-credit requests (bsc#1144333). - cifs: print CIFSMaxBufSize as part of /proc/fs/cifs/DebugData (bsc#1144333). - cifs: protect against server returning invalid file system block size (bsc#1144333). - cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: push rfc1002 generation down the stack (bsc#1144333). - cifs: read overflow in is_valid_oplock_break() (bsc#1144333). - cifs: refactor and clean up arguments in the reparse point parsing (bsc#1144333). - cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510, bsc#1144333). - cifs: release auth_key.response for reconnect (bsc#1085536, bsc#1144333). - cifs: release cifs root_cred after exit_cifs (bsc#1085536, bsc#1144333). - cifs: remove coverity warning in calc_lanman_hash (bsc#1144333). - cifs: remove header_preamble_size where it is always 0 (bsc#1144333). - cifs: remove redundant duplicated assignment of pointer 'node' (bsc#1144333). - cifs: remove rfc1002 hardcoded constants from cifs_discard_remaining_data() (bsc#1144333). - cifs: remove rfc1002 header from all SMB2 response structures (bsc#1144333). - cifs: remove rfc1002 header from smb2 read/write requests (bsc#1144333). - cifs: remove rfc1002 header from smb2_close_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_create_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_echo_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_flush_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_ioctl_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_lease_ack (bsc#1144333). - cifs: remove rfc1002 header from smb2_lock_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_logoff_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_negotiate_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_oplock_break we get from server (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_directory_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_sess_setup_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_set_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_connect_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_disconnect_req (bsc#1144333). - cifs: remove set but not used variable 'cifs_sb' (bsc#1144333). - cifs: remove set but not used variable 'sep' (bsc#1144333). - cifs: remove set but not used variable 'server' (bsc#1144333). - cifs: remove set but not used variable 'smb_buf' (bsc#1144333). - cifs: remove small_smb2_init (bsc#1144333). - cifs: remove smb2_send_recv() (bsc#1144333). - cifs: remove struct smb2_hdr (bsc#1144333). - cifs: remove struct smb2_oplock_break_rsp (bsc#1144333). - cifs: remove the is_falloc argument to SMB2_set_eof (bsc#1144333). - cifs: remove unused stats (bsc#1144333). - cifs: remove unused value pointed out by Coverity (bsc#1144333). - cifs: remove unused variable from SMB2_read (bsc#1144333). - cifs: rename and clarify CIFS_ASYNC_OP and CIFS_NO_RESP (bsc#1144333). - cifs: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - cifs: replace snprintf with scnprintf (bsc#1144333). - cifs: return -ENODATA when deleting an xattr that does not exist (bsc#1144333). - cifs: return correct errors when pinning memory failed for direct I/O (bsc#1144333). - cifs: return error on invalid value written to cifsFYI (bsc#1144333). - cifs: set *resp_buf_type to NO_BUFFER on error (bsc#1144333). - cifs: set mapping error when page writeback fails in writepage or launder_pages (bsc#1144333). - cifs: set oparms.create_options rather than or'ing in CREATE_OPEN_BACKUP_INTENT (bsc#1144333). - cifs: show 'soft' in the mount options for hard mounts (bsc#1144333). - cifs: show the w bit for writeable /proc/fs/cifs/* files (bsc#1144333). - cifs: silence compiler warnings showing up with gcc-8.0.0 (bsc#1090734, bsc#1144333). - cifs: simple stats should always be enabled (bsc#1144333). - cifs: simplify code by removing CONFIG_CIFS_ACL ifdef (bsc#1144333). - Update config files. - cifs: simplify how we handle credits in compound_send_recv() (bsc#1144333). - cifs: smb2 commands can not be negative, remove confusing check (bsc#1144333). - cifs: smb2ops: Fix NULL check in smb2_query_symlink (bsc#1144333). - cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510, bsc#1144333). - cifs: smb2pdu: Fix potential NULL pointer dereference (bsc#1144333). - cifs: smbd: Avoid allocating iov on the stack (bsc#1144333). - cifs: smbd: Check for iov length on sending the last iov (bsc#1144333). - cifs: smbd: Do not destroy transport on RDMA disconnect (bsc#1144333). - cifs: smbd: Do not use RDMA read/write when signing is used (bsc#1144333). - cifs: smbd: Dump SMB packet when configured (bsc#1144333). - cifs: smbd: Enable signing with smbdirect (bsc#1144333). - cifs: smbd: Indicate to retry on transport sending failure (bsc#1144333). - cifs: smbd: Retry on memory registration failure (bsc#1144333). - cifs: smbd: Return EINTR when interrupted (bsc#1144333). - cifs: smbd: avoid reconnect lockup (bsc#1144333). - cifs: smbd: depend on INFINIBAND_ADDR_TRANS (bsc#1144333). - cifs: smbd: disconnect transport on RDMA errors (bsc#1144333). - cifs: smbd: take an array of reqeusts when sending upper layer data (bsc#1144333). - cifs: start DFS cache refresher in cifs_mount() (bsc#1144333). - cifs: store the leaseKey in the fid on SMB2_open (bsc#1051510, bsc#1144333). - cifs: suppress some implicit-fallthrough warnings (bsc#1144333). - cifs: track writepages in vfs operation counters (bsc#1144333). - cifs: update __smb_send_rqst() to take an array of requests (bsc#1144333). - cifs: update calc_size to take a server argument (bsc#1144333). - cifs: update init_sg, crypt_message to take an array of rqst (bsc#1144333). - cifs: update internal module number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.14 (bsc#1144333). - cifs: update module internal version number (bsc#1144333). - cifs: update multiplex loop to handle compounded responses (bsc#1144333). - cifs: update receive_encrypted_standard to handle compounded responses (bsc#1144333). - cifs: update smb2_calc_size to use smb2_sync_hdr instead of smb2_hdr (bsc#1144333). - cifs: update smb2_check_message to handle PDUs without a 4 byte length header (bsc#1144333). - cifs: update smb2_queryfs() to use compounding (bsc#1144333). - cifs: use a compound for setting an xattr (bsc#1144333). - cifs: use a refcount to protect open/closing the cached file handle (bsc#1144333). - cifs: use correct format characters (bsc#1144333). - cifs: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl (bsc#1071306, bsc#1144333). - cifs: use the correct length when pinning memory for direct I/O for write (bsc#1144333). - cifs: wait_for_free_credits() make it possible to wait for >=1 credits (bsc#1144333). - cifs: we can not use small padding iovs together with encryption (bsc#1144333). - cifs: zero sensitive data when freeing (bsc#1087092, bsc#1144333). - cifs: zero-range does not require the file is sparse (bsc#1144333). - cifs:smbd Use the correct DMA direction when sending data (bsc#1144333). - cifs:smbd When reconnecting to server, call smbd_destroy() after all MIDs have been called (bsc#1144333). - cifs_lookup(): cifs_get_inode_...() never returns 0 with *inode left NULL (bsc#1144333). - cifs_lookup(): switch to d_splice_alias() (bsc#1144333). - clk: Export clk_bulk_prepare() (bsc#1144813). - clk: add clk_bulk_get accessories (bsc#1144813). - clk: bcm2835: remove pllb (jsc#SLE-7294). - clk: bcm283x: add driver interfacing with Raspberry Pi's firmware (jsc#SLE-7294). - clk: bulk: silently error out on EPROBE_DEFER (bsc#1144718,bsc#1144813). - clk: raspberrypi: register platform device for raspberrypi-cpufreq (jsc#SLE-7294). - clk: renesas: cpg-mssr: Fix reset control race condition (bsc#1051510). - clk: rockchip: Add 1.6GHz PLL rate for rk3399 (bsc#1144718,bsc#1144813). - clk: rockchip: assign correct id for pclk_ddr and hclk_sd in rk3399 (bsc#1144718,bsc#1144813). - compat_ioctl: pppoe: fix PPPOEIOCSFWD handling (bsc#1051510). - coredump: split pipe command whitespace before expanding template (bsc#1051510). - cpu/speculation: Warn on unsupported mitigations= parameter (bsc#1114279). - cpufreq: dt: Try freeing static OPPs only if we have added them (jsc#SLE-7294). - crypto: ccp - Add support for valid authsize values less than 16 (bsc#1051510). - crypto: ccp - Fix oops by properly managing allocated structures (bsc#1051510). - crypto: ccp - Ignore tag length when decrypting GCM ciphertext (bsc#1051510). - crypto: ccp - Ignore unconfigured CCP device on suspend/resume (bnc#1145934). - crypto: ccp - Validate buffer lengths for copy operations (bsc#1051510). - crypto: talitos - fix skcipher failure due to wrong output IV (bsc#1051510). - cx82310_eth: fix a memory leak bug (bsc#1051510). - dax: dax_layout_busy_page() should not unmap cow pages (bsc#1148698). - devres: always use dev_name() in devm_ioremap_resource() (git fixes). - dfs_cache: fix a wrong use of kfree in flush_cache_ent() (bsc#1144333). - dm btree: fix order of block initialization in btree_split_beneath (git fixes). - dm bufio: fix deadlock with loop device (git fixes). - dm cache metadata: Fix loading discard bitset (git fixes). - dm crypt: do not overallocate the integrity tag space (git fixes). - dm crypt: fix parsing of extended IV arguments (git fixes). - dm delay: fix a crash when invalid device is specified (git fixes). - dm integrity: change memcmp to strncmp in dm_integrity_ctr (git fixes). - dm integrity: limit the rate of error messages (git fixes). - dm kcopyd: always complete failed jobs (git fixes). - dm raid: add missing cleanup in raid_ctr() (git fixes). - dm space map metadata: fix missing store of apply_bops() return value (git fixes). - dm table: fix invalid memory accesses with too high sector number (git fixes). - dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors (git fixes). - dm thin: fix bug where bio that overwrites thin block ignores FUA (git fixes). - dm thin: fix passdown_double_checking_shared_status() (git fixes). - dm zoned: Fix zone report handling (git fixes). - dm zoned: Silence a static checker warning (git fixes). - dm zoned: fix potential NULL dereference in dmz_do_reclaim() (git fixes). - dm zoned: fix zone state management race (git fixes). - dm zoned: improve error handling in i/o map code (git fixes). - dm zoned: improve error handling in reclaim (git fixes). - dm zoned: properly handle backing device failure (git fixes). - dm: bufio: revert: 'fix deadlock with loop device' (git fixes). - dm: fix to_sector() for 32bit (git fixes). - dm: revert 8f50e358153d ('dm: limit the max bio size as BIO_MAX_PAGES * PAGE_SIZE') (git fixes). - dma-buf: balance refcount inbalance (bsc#1051510). - dmaengine: rcar-dmac: Reject zero-length slave DMA requests (bsc#1051510). - documentation/networking: fix default_ttl typo in mpls-sysctl (bsc#1051510). - documentation: Add nospectre_v1 parameter (bsc#1051510). - driver core: Fix use-after-free and double free on glue directory (bsc#1131281). - drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl (bsc#1051510). - drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings (bsc#1051510). - drm/amdgpu/psp: move psp version specific function pointers to (bsc#1135642) - drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz (bsc#1051510). - drm/bridge: tc358767: read display_props in get_modes() (bsc#1051510). - drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry (bsc#1051510). - drm/etnaviv: add missing failure path to destroy suballoc (bsc#1135642) - drm/i915/perf: ensure we keep a reference on the driver (bsc#1142635) - drm/i915/userptr: Acquire the page lock around set_page_dirty() (bsc#1051510). - drm/i915: Do not deballoon unused ggtt drm_mm_node in linux guest (bsc#1142635) - drm/i915: Fix wrong escape clock divisor init for GLK (bsc#1142635) - drm/i915: Restore relaxed padding (OCL_OOB_SUPPRES_ENABLE) for skl+ (bsc#1142635) - drm/imx: notify drm core before sending event during crtc disable (bsc#1135642) - drm/imx: only send event on crtc disable if kept disabled (bsc#1135642) - drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver (bsc#1135642) - drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable() (bsc#1135642) - drm/mediatek: clear num_pipes when unbind driver (bsc#1135642) - drm/mediatek: fix unbind functions (bsc#1135642) - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto (bsc#1142635) - drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1135642) - drm/mediatek: use correct device to import PRIME buffers (bsc#1142635) - drm/msm/mdp5: Fix mdp5_cfg_init error return (bsc#1142635) - drm/msm: Depopulate platform on probe failure (bsc#1051510). - drm/nouveau: Do not retry infinitely when receiving no data on i2c (bsc#1142635) - drm/nouveau: fix memory leak in nouveau_conn_reset() (bsc#1051510). - drm/panel: simple: Fix panel_simple_dsi_probe (bsc#1051510). - drm/rockchip: Suspend DP late (bsc#1142635) - drm/udl: introduce a macro to convert dev to udl. (bsc#1113722) - drm/udl: move to embedding drm device inside udl device. (bsc#1113722) - drm/virtio: Add memory barriers for capset cache (bsc#1051510). - drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1135642) - drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1135642) - drm/vmwgfx: fix memory leak when too many retries have occurred (bsc#1051510). - drm: msm: Fix add_gpu_components (bsc#1051510). - drm: silence variable 'conn' set but not used (bsc#1051510). - ecryptfs: fix a couple type promotion bugs (bsc#1051510). - edac, amd64: Add Family 17h, models 10h-2fh support (bsc#1112178). - edac/amd64: Add Family 17h Model 30h PCI IDs (bsc#1112178). - edac: Fix global-out-of-bounds write when setting edac_mc_poll_msec (bsc#1114279). - efi/bgrt: Drop BGRT status field reserved bits check (bsc#1051510). - ehea: Fix a copy-paste err in ehea_init_port_res (bsc#1051510). - ext4: use jbd2_inode dirty range scoping (bsc#1148616). - firmware: raspberrypi: register clk device (jsc#SLE-7294). - firmware: ti_sci: Always request response from firmware (bsc#1051510). - fix incorrect error code mapping for OBJECTID_NOT_FOUND (bsc#1144333). - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510, bsc#1144333). - fix struct ufs_req removal of unused field (git-fixes). - fixed https://bugzilla.kernel.org/show_bug.cgi?id=202935 allow write on the same file (bsc#1144333). - fs/*/kconfig: drop links to 404-compliant http://acl.bestbits.at (bsc#1144333). - fs/cifs/cifsacl.c Fixes typo in a comment (bsc#1144333). - fs/cifs/smb2pdu.c: fix buffer free in SMB2_ioctl_free (bsc#1144333). - fs/cifs: Simplify ib_post_(send|recv|srq_recv)() calls (bsc#1144333). - fs/cifs: do not translate SFM_SLASH (U+F026) to backslash (bsc#1144333). - fs/cifs: fix uninitialised variable warnings (bsc#1144333). - fs/cifs: require sha512 (bsc#1051510, bsc#1144333). - fs/cifs: suppress a string overflow warning (bsc#1144333). - fs/xfs: Fix return code of xfs_break_leased_layouts() (bsc#1148031). - fs: cifs: Drop unlikely before IS_ERR(_OR_NULL) (bsc#1144333). - fs: cifs: Kconfig: pedantic formatting (bsc#1144333). - fs: cifs: Replace _free_xid call in cifs_root_iget function (bsc#1144333). - fs: cifs: cifsssmb: Change return type of convert_ace_to_cifs_ace (bsc#1144333). - fs: xfs: xfs_log: Do not use KM_MAYFAIL at xfs_log_reserve() (bsc#1148033). - fsl/fman: Use GFP_ATOMIC in {memac,tgec}_add_hash_mac_address() (bsc#1051510). - ftrace: Check for empty hash and comment the race with registering probes (bsc#1149418). - ftrace: Check for successful allocation of hash (bsc#1149424). - ftrace: Fix NULL pointer dereference in t_probe_next() (bsc#1149413). - gpio: Fix build error of function redefinition (bsc#1051510). - gpio: gpio-omap: add check for off wake capable gpios (bsc#1051510). - gpio: mxs: Get rid of external API call (bsc#1051510). - gpio: omap: ensure irq is enabled before wakeup (bsc#1051510). - gpio: pxa: handle corner case of unprobed device (bsc#1051510). - gpiolib: fix incorrect IRQ requesting of an active-low lineevent (bsc#1051510). - gpiolib: never report open-drain/source lines as 'input' to user-space (bsc#1051510). - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM (bsc#1142635) - hid: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT (bsc#1051510). - hid: Add quirk for HP X1200 PIXART OEM mouse (bsc#1051510). - hid: cp2112: prevent sleeping function called from invalid context (bsc#1051510). - hid: hiddev: avoid opening a disconnected device (bsc#1051510). - hid: hiddev: do cleanup in failure of opening a device (bsc#1051510). - hid: holtek: test for sanity of intfdata (bsc#1051510). - hid: sony: Fix race condition between rumble and device remove (bsc#1051510). - hid: wacom: Correct distance scale for 2nd-gen Intuos devices (bsc#1142635). - hid: wacom: correct misreported EKR ring values (bsc#1142635). - hid: wacom: fix bit shift for Cintiq Companion 2 (bsc#1051510). - hpet: Fix division by zero in hpet_time_div() (bsc#1051510). - hwmon: (nct6775) Fix register address and added missed tolerance for nct6106 (bsc#1051510). - hwmon: (nct7802) Fix wrong detection of in4 presence (bsc#1051510). - i2c: emev2: avoid race when unregistering slave client (bsc#1051510). - i2c: piix4: Fix port selection for AMD Family 16h Model 30h (bsc#1051510). - i2c: qup: fixed releasing dma without flush operation completion (bsc#1051510). - ib/mlx5: Fix MR registration flow to use UMR properly (bsc#1093205 bsc#1145678). - ibmveth: Convert multicast list size for little-endian system (bsc#1061843). - ibmvnic: Do not process reset during or after device removal (bsc#1149652 ltc#179635). - ibmvnic: Unmap DMA address of TX descriptor buffers after use (bsc#1146351 ltc#180726). - igmp: fix memory leak in igmpv3_del_delrec() (networking-stable-19_07_25). - iio: adc: max9611: Fix misuse of GENMASK macro (bsc#1051510). - iio: adc: max9611: Fix temperature reading in probe (bsc#1051510). - iio: iio-utils: Fix possible incorrect mask calculation (bsc#1051510). - include/linux/bitops.h: sanitize rotate primitives (git fixes). - input: alps - do not handle ALPS cs19 trackpoint-only device (bsc#1051510). - input: alps - fix a mismatch between a condition check and its comment (bsc#1051510). - input: iforce - add sanity checks (bsc#1051510). - input: kbtab - sanity check for endpoint type (bsc#1051510). - input: synaptics - enable RMI mode for HP Spectre X360 (bsc#1051510). - input: synaptics - whitelist Lenovo T580 SMBus intertouch (bsc#1051510). - input: trackpoint - only expose supported controls for Elan, ALPS and NXP (bsc#1051510). - intel_th: pci: Add Ice Lake NNPI support (bsc#1051510). - intel_th: pci: Add Tiger Lake support (bsc#1051510). - intel_th: pci: Add support for another Lewisburg PCH (bsc#1051510). - iommu/amd: Add support for X2APIC IOMMU interrupts (bsc#1145010). - iommu/amd: Fix race in increase_address_space() (bsc#1150860). - iommu/amd: Flush old domains in kdump kernel (bsc#1150861). - iommu/amd: Move iommu_init_pci() to .init section (bsc#1149105). - iommu/dma: Handle SG length overflow better (bsc#1146084). - iommu/iova: Fix compilation error with !CONFIG_IOMMU_IOVA (bsc#1145024). - iommu/vt-d: Do not queue_iova() if there is no flush queue (bsc#1145024). - ipip: validate header length in ipip_tunnel_xmit (git-fixes). - ipv4: do not set IPv6 only flags to IPv4 addresses (networking-stable-19_07_25). - irqchip/gic-v3-its: fix build warnings (bsc#1144880). - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack (bsc#1051510). - isdn: hfcsusb: checking idx of ep configuration (bsc#1051510). - isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain() (bsc#1051510). - iwlwifi: dbg: split iwl_fw_error_dump to two functions (bsc#1119086). - iwlwifi: do not unmap as page memory that was mapped as single (bsc#1051510). - iwlwifi: fix bad dma handling in page_mem dumping flow (bsc#1120902). - iwlwifi: fw: use helper to determine whether to dump paging (bsc#1106434). Patch needed to be adjusted, because our tree does not have the global variable IWL_FW_ERROR_DUMP_PAGING - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT on version &< 41 (bsc#1142635). - iwlwifi: mvm: fix an out-of-bound access (bsc#1051510). - iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT support (bsc#1142635). - iwlwifi: pcie: do not service an interrupt that was masked (bsc#1142635). - iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X (bsc#1142635). - jbd2: flush_descriptor(): Do not decrease buffer head's ref count (bsc#1143843). - jbd2: introduce jbd2_inode dirty range scoping (bsc#1148616). - kabi: Fix kABI for 'struct amd_iommu' (bsc#1145010). - kasan: remove redundant initialization of variable 'real_size' (git fixes). - kconfig/[mn]conf: handle backspace (^H) key (bsc#1051510). - keys: Fix missing null pointer check in request_key_auth_describe() (bsc#1051510). - kvm/eventfd: Avoid crash when assign and deassign specific eventfd in parallel (bsc#1133021). - kvm/x86: Move MSR_IA32_ARCH_CAPABILITIES to array emulated_msrs (bsc#1134881 bsc#1134882). - kvm: Disallow wraparound in kvm_gfn_to_hva_cache_init (bsc#1133021). - kvm: Fix leak vCPU's VMCS value into other pCPU (bsc#1145388). - kvm: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC (bsc#1145408). - kvm: PPC: Book3S HV: Fix CR0 setting in TM emulation (bsc#1061840). - kvm: Reject device ioctls from processes other than the VM's creator (bsc#1133021). - kvm: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT with bad value (bsc#1145393). - kvm: VMX: Fix handling of #MC that occurs during VM-Entry (bsc#1145395). - kvm: VMX: check CPUID before allowing read/write of IA32_XSS (bsc#1145394). - kvm: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083). - kvm: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083). - kvm: arm/arm64: Close VMID generation race (bsc#1133021). - kvm: arm/arm64: Convert kvm_host_cpu_state to a static per-cpu allocation (bsc#1133021). - kvm: arm/arm64: Drop resource size check for GICV window (bsc#1133021). - kvm: arm/arm64: Fix VMID alloc race by reverting to lock-less (bsc#1133021). - kvm: arm/arm64: Fix lost IRQs from emulated physcial timer when blocked (bsc#1133021). - kvm: arm/arm64: Handle CPU_PM_ENTER_FAILED (bsc#1133021). - kvm: arm/arm64: Reduce verbosity of KVM init log (bsc#1133021). - kvm: arm/arm64: Set dist->spis to NULL after kfree (bsc#1133021). - kvm: arm/arm64: Skip updating PMD entry if no change (bsc#1133021). - kvm: arm/arm64: Skip updating PTE entry if no change (bsc#1133021). - kvm: arm/arm64: vgic-its: Fix potential overrun in vgic_copy_lpi_list (bsc#1133021). - kvm: arm/arm64: vgic-v3: Tighten synchronization for guests using v2 on v3 (bsc#1133021). - kvm: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending (bsc#1133021). - kvm: arm/arm64: vgic: Fix kvm_device leak in vgic_its_destroy (bsc#1133021). - kvm: arm64: Fix caching of host MDCR_EL2 value (bsc#1133021). - kvm: mmu: Fix overlap between public and private memslots (bsc#1133021). - kvm: nVMX: Remove unnecessary sync_roots from handle_invept (bsc#1145391). - kvm: nVMX: Use adjusted pin controls for vmcs02 (bsc#1145392). - kvm: nVMX: allow setting the VMFUNC controls MSR (bsc#1145389). - kvm: nVMX: do not use dangling shadow VMCS after guest reset (bsc#1145390). - kvm: x86/vPMU: refine kvm_pmu err msg when event creation failed (bsc#1145397). - kvm: x86: Do not update RIP or do single-step on faulting emulation (bsc#1149104). - kvm: x86: Unconditionally enable irqs in guest context (bsc#1145396). - kvm: x86: degrade WARN to pr_warn_ratelimited (bsc#1145409). - kvm: x86: fix backward migration with async_PF (bsc#1146074). - lan78xx: Fix memory leaks (bsc#1051510). - libata: add SG safety checks in SFF pio transfers (bsc#1051510). - libata: do not request sense data on !ZAC ATA devices (bsc#1051510). - libata: have ata_scsi_rw_xlat() fail invalid passthrough requests (bsc#1051510). - libata: zpodd: Fix small read overflow in zpodd_get_mech_type() (bsc#1051510). - libceph, rbd, ceph: move ceph_osdc_alloc_messages() calls (bsc#1135897). - libceph, rbd: add error handling for osd_req_op_cls_init() (bsc#1135897). - libceph, rbd: new bio handling code (aka do not clone bios) (bsc#1141450). - libceph: add osd_req_op_extent_osd_data_bvecs() (bsc#1141450). - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer (bsc#1148133). - libceph: assign cookies in linger_submit() (bsc#1135897). - libceph: check reply num_data_items in setup_request_data() (bsc#1135897). - libceph: do not consume a ref on pagelist in ceph_msg_data_add_pagelist() (bsc#1135897). - libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() (bsc#1135897). - libceph: fix PG split vs OSD (re)connect race (bsc#1148133). - libceph: handle zero-length data items (bsc#1141450). - libceph: introduce BVECS data type (bsc#1141450). - libceph: introduce alloc_watch_request() (bsc#1135897). - libceph: introduce ceph_pagelist_alloc() (bsc#1135897). - libceph: preallocate message data items (bsc#1135897). - libceph: use single request data item for cmp/setxattr (bsc#1139101). - libnvdimm/pfn: Store correct value of npfns in namespace superblock (bsc#1146381 ltc#180720). - liquidio: add cleanup in octeon_setup_iq() (bsc#1051510). - loop: set PF_MEMALLOC_NOIO for the worker thread (git fixes). - mac80211: do not WARN on short WMM parameters from AP (bsc#1051510). - mac80211: do not warn about CW params when not using them (bsc#1051510). - mac80211: fix possible memory leak in ieee80211_assign_beacon (bsc#1142635). - mac80211: fix possible sta leak (bsc#1051510). - macsec: fix checksumming after decryption (bsc#1051510). - macsec: fix use-after-free of skb during RX (bsc#1051510). - macsec: let the administrator set UP state even if lowerdev is down (bsc#1051510). - macsec: update operstate when lower device changes (bsc#1051510). - mailbox: handle failed named mailbox channel request (bsc#1051510). - md/raid: raid5 preserve the writeback action after the parity check (git fixes). - md: add mddev->pers to avoid potential NULL pointer dereference (git fixes). - media: au0828: fix null dereference in error path (bsc#1051510). - media: coda: Remove unbalanced and unneeded mutex unlock (bsc#1051510). - media: coda: fix last buffer handling in V4L2_ENC_CMD_STOP (bsc#1051510). - media: coda: fix mpeg2 sequence number handling (bsc#1051510). - media: coda: increment sequence offset for the last returned frame (bsc#1051510). - media: dvb: usb: fix use after free in dvb_usb_device_exit (bsc#1051510). - media: hdpvr: fix locking and a missing msleep (bsc#1051510). - media: media_device_enum_links32: clean a reserved field (bsc#1051510). - media: pvrusb2: use a different format for warnings (bsc#1051510). - media: spi: IR LED: add missing of table registration (bsc#1051510). - media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails (bsc#1051510). - media: vpss: fix a potential NULL pointer dereference (bsc#1051510). - media: wl128x: Fix some error handling in fm_v4l2_init_video_device() (bsc#1051510). - mfd: arizona: Fix undefined behavior (bsc#1051510). - mfd: core: Set fwnode for created devices (bsc#1051510). - mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk (bsc#1051510). - mfd: intel-lpss: Add Intel Comet Lake PCI IDs (jsc#SLE-4875). - mm, page_owner: handle THP splits correctly (bsc#1149197, VM Debugging Functionality). - mm/hmm: fix bad subpage pointer in try_to_unmap_one (bsc#1148202, HMM, VM Functionality). - mm/hotplug: fix offline undo_isolate_page_range() (bsc#1148196, VM Functionality). - mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node (bsc#1148379, VM Functionality). - mm/memcontrol.c: fix use after free in mem_cgroup_iter() (bsc#1149224, VM Functionality). - mm/memory.c: recheck page table entry with page table lock held (bsc#1148363, VM Functionality). - mm/migrate.c: initialize pud_entry in migrate_vma() (bsc#1148198, HMM, VM Functionality). - mm/mlock.c: change count_mm_mlocked_page_nr return type (bsc#1148527, VM Functionality). - mm/mlock.c: mlockall error for flag MCL_ONFAULT (bsc#1148527, VM Functionality). - mm/page_alloc.c: fix calculation of pgdat->nr_zones (bsc#1148192, VM Functionality). - mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy() (bsc#1118689). - mm/vmscan.c: fix trying to reclaim unevictable LRU page (bsc#1149214, VM Functionality). - mm: add filemap_fdatawait_range_keep_errors() (bsc#1148616). - mm: do not stall register_shrinker() (bsc#1104902, VM Performance). - mm: page_mapped: do not assume compound page is huge or THP (bsc#1148574, VM Functionality). - mmc: cavium: Add the missing dma unmap when the dma has finished (bsc#1051510). - mmc: cavium: Set the correct dma max segment size for mmc_host (bsc#1051510). - mmc: core: Fix init of SD cards reporting an invalid VDD range (bsc#1051510). - mmc: dw_mmc: Fix occasional hang after tuning on eMMC (bsc#1051510). - mmc: sdhci-of-at91: add quirk for broken HS200 (bsc#1051510). - mmc: sdhci-pci: Add support for Intel CML (jsc#SLE-4875). - mmc: sdhci-pci: Add support for Intel ICP (jsc#SLE-4875). - move a few externs to smbdirect.h to eliminate warning (bsc#1144333). - move core networking kabi patches to the end of the section - move irq_data_get_effective_affinity_mask prior the sorted section - mpls: fix warning with multi-label encap (bsc#1051510). - nbd: replace kill_bdev() with __invalidate_device() again (git fixes). - net/9p: include trans_common.h to fix missing prototype warning (bsc#1051510). - net/ibmvnic: Fix missing { in __ibmvnic_reset (bsc#1149652 ltc#179635). - net/ibmvnic: free reset work of removed device from queue (bsc#1149652 ltc#179635). - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command (bsc#1145678). - net/mlx5e: IPoIB, Add error path in mlx5_rdma_setup_rn (networking-stable-19_07_25). - net/smc: do not schedule tx_work in SMC_CLOSED state (bsc#1149963). - net/smc: original socket family in inet_sock_diag (bsc#1149959). - net: Fix netdev_WARN_ONCE macro (git-fixes). - net: Introduce netdev_*_once functions (networking-stable-19_07_25). - net: bcmgenet: use promisc for unsupported filters (networking-stable-19_07_25). - net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query (networking-stable-19_07_25). - net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling (networking-stable-19_07_25). - net: bridge: stp: do not cache eth dest pointer before skb pull (networking-stable-19_07_25). - net: dsa: mv88e6xxx: wait after reset deactivation (networking-stable-19_07_25). - net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1139020 bsc#1139021). - net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1139020 bsc#1139021). - net: ena: add ethtool function for changing io queue sizes (bsc#1139020 bsc#1139021). - net: ena: add good checksum counter (bsc#1139020 bsc#1139021). - net: ena: add handling of llq max tx burst size (bsc#1139020 bsc#1139021). - net: ena: add newline at the end of pr_err prints (bsc#1139020 bsc#1139021). - net: ena: add support for changing max_header_size in LLQ mode (bsc#1139020 bsc#1139021). - net: ena: allow automatic fallback to polling mode (bsc#1139020 bsc#1139021). - net: ena: allow queue allocation backoff when low on memory (bsc#1139020 bsc#1139021). - net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1139020 bsc#1139021). - net: ena: enable negotiating larger Rx ring size (bsc#1139020 bsc#1139021). - net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1139020 bsc#1139021). - net: ena: ethtool: revert 'add extra properties retrieval via get_priv_flags' (bsc#1139020 bsc#1139021). - net: ena: fix ena_com_fill_hash_function() implementation (bsc#1139020 bsc#1139021). - net: ena: fix incorrect test of supported hash function (bsc#1139020 bsc#1139021). - net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1139020 bsc#1139021). - net: ena: fix: Free napi resources when ena_up() fails (bsc#1139020 bsc#1139021). - net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1139020 bsc#1139021). - net: ena: gcc 8: fix compilation warning (bsc#1139020 bsc#1139021). - net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1139020 bsc#1139021). - net: ena: make ethtool show correct current and max queue sizes (bsc#1139020 bsc#1139021). - net: ena: optimise calculations for CQ doorbell (bsc#1139020 bsc#1139021). - net: ena: remove inline keyword from functions in *.c (bsc#1139020 bsc#1139021). - net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1139020 bsc#1139021). - net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1139020 bsc#1139021). - net: ena: use dev_info_once instead of static variable (bsc#1139020 bsc#1139021). - net: make skb_dst_force return true when dst is refcounted (networking-stable-19_07_25). - net: neigh: fix multiple neigh timer scheduling (networking-stable-19_07_25). - net: remove duplicate fetch in sock_getsockopt (networking-stable-19_07_02). - net: sched: verify that q!=NULL before setting q->flags (git-fixes). - net: stmmac: fixed new system time seconds value calculation (networking-stable-19_07_02). - net: stmmac: set IC bit when transmitting frames with HW timestamp (networking-stable-19_07_02). - net: usb: pegasus: fix improper read if get_registers() fail (bsc#1051510). - net_sched: unset TCQ_F_CAN_BYPASS when adding filters (networking-stable-19_07_25). - netrom: fix a memory leak in nr_rx_frame() (networking-stable-19_07_25). - netrom: hold sock when setting skb->destructor (networking-stable-19_07_25). - nfc: fix potential illegal memory access (bsc#1051510). - nfs: Cleanup if nfs_match_client is interrupted (bsc#1134291). - nfs: Fix a double unlock from nfs_match,get_client (bsc#1134291). - nfs: Fix the inode request accounting when pages have subrequests (bsc#1140012). - nfs: make nfs_match_client killable (bsc#1134291). - nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header (git fixes). - nvme-core: Fix extra device_put() call on error path (bsc#1142541). - nvme-fc: fix module unloads while lports still pending (bsc#1150033). - nvme-multipath: fix ana log nsid lookup when nsid is not found (bsc#1141554). - nvme-multipath: relax ANA state check (bsc#1123105). - nvme-multipath: revalidate nvme_ns_head gendisk in nvme_validate_ns (bsc#1120876). - nvme: Return BLK_STS_TARGET if the DNR bit is set (bsc#1142076). - nvme: cancel request synchronously (bsc#1145661). - nvme: change locking for the per-subsystem controller list (bsc#1142541). - nvme: fix possible use-after-free in connect error flow (bsc#1139500, bsc#1140426) - nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN (bsc#1146938). - objtool: Add rewind_stack_do_exit() to the noreturn list (bsc#1145302). - objtool: Support GCC 9 cold subfunction naming scheme (bsc#1145300). - octeon_mgmt: Fix MIX registers configuration on MTU setup (bsc#1051510). - pci: PM/ACPI: Refresh all stale power state data in pci_pm_complete() (bsc#1149106). - pci: Restore Resizable BAR size bits correctly for 1MB BARs (bsc#1143841). - pci: hv: Fix panic by calling hv_pci_remove_slots() earlier (bsc#1142701). - pci: qcom: Ensure that PERST is asserted for at least 100 ms (bsc#1142635). - pci: xilinx-nwl: Fix Multi MSI data programming (bsc#1142635). - phy: qcom-qusb2: Fix crash if nvmem cell not specified (bsc#1051510). - phy: renesas: rcar-gen2: Fix memory leak at error paths (bsc#1051510). - pinctrl: pistachio: fix leaked of_node references (bsc#1051510). - pinctrl: rockchip: fix leaked of_node references (bsc#1051510). - pm / devfreq: rk3399_dmc: Pass ODT and auto power down parameters to TF-A (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: do not print error when get supply and clk defer (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: fix spelling mistakes (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: remove unneeded semicolon (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: remove wait for dcf irq event (bsc#1144718,bsc#1144813). - pm / devfreq: rockchip-dfi: Move GRF definitions to a common place (bsc#1144718,bsc#1144813). - pm / opp: OF: Use pr_debug() instead of pr_err() while adding OPP table (jsc#SLE-7294). - powerpc/64s: Include cpu header (bsc#1065729). - powerpc/64s: support nospectre_v2 cmdline option (bsc#1131107). - powerpc/book3s/64: check for NULL pointer in pgd_alloc() (bsc#1078248, git-fixes). - powerpc/fadump: Do not allow hot-remove memory from fadump reserved area (bsc#1120937). - powerpc/fadump: Reservationless firmware assisted dump (bsc#1120937). - powerpc/fadump: Throw proper error message on fadump registration failure (bsc#1120937). - powerpc/fadump: use kstrtoint to handle sysfs store (bsc#1146376). - powerpc/fadump: when fadump is supported register the fadump sysfs files (bsc#1146352). - powerpc/fsl: Add nospectre_v2 command line argument (bsc#1131107). - powerpc/fsl: Update Spectre v2 reporting (bsc#1131107). - powerpc/kdump: Handle crashkernel memory reservation failure (bsc#1143466 LTC#179600). - powerpc/lib: Fix feature fixup test of external branch (bsc#1065729). - powerpc/mm/hash/4k: Do not use 64K page size for vmemmap with 4K pagesize (bsc#1142685 LTC#179509). - powerpc/mm/radix: Use the right page size for vmemmap mapping (bsc#1055117 bsc#1142685 LTC#179509). - powerpc/mm: Handle page table allocation failures (bsc#1065729). - powerpc/perf: Add constraints for power9 l2/l3 bus events (bsc#1056686). - powerpc/perf: Add mem access events to sysfs (bsc#1124370). - powerpc/perf: Cleanup cache_sel bits comment (bsc#1056686). - powerpc/perf: Fix thresholding counter data for unknown type (bsc#1056686). - powerpc/perf: Remove PM_BR_CMPL_ALT from power9 event list (bsc#1047238, bsc#1056686). - powerpc/perf: Update perf_regs structure to include SIER (bsc#1056686). - powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler (bsc#1065729). - powerpc/powernv: Flush console before platform error reboot (bsc#1149940 ltc#179958). - powerpc/powernv: Return for invalid IMC domain (bsc1054914, git-fixes). - powerpc/powernv: Use kernel crash path for machine checks (bsc#1149940 ltc#179958). - powerpc/pseries, ps3: panic flush kernel messages before halting system (bsc#1149940 ltc#179958). - powerpc/pseries: Fix xive=off command line (bsc#1085030, git-fixes). - powerpc/pseries: add missing cpumask.h include file (bsc#1065729). - powerpc/pseries: correctly track irq state in default idle (bsc#1150727 ltc#178925). - powerpc/rtas: use device model APIs and serialization during LPM (bsc#1144123 ltc#178840). - powerpc/security: Show powerpc_security_features in debugfs (bsc#1131107). - powerpc/xive: Fix dump of XIVE interrupt under pseries (bsc#1142019). - powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask() (bsc#1085030, bsc#1145189, LTC#179762). - powerpc/xmon: Add a dump of all XIVE interrupts (bsc#1142019). - powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL (bsc#1142019). - powerpc: Allow flush_(inval_)dcache_range to work across ranges >4GB (bsc#1146575 ltc#180764). - powerpc: dump kernel log before carrying out fadump or kdump (bsc#1149940 ltc#179958). - qede: fix write to free'd pointer error and double free of ptp (bsc#1051510). - qlge: Deduplicate lbq_buf_size (bsc#1106061). - qlge: Deduplicate rx buffer queue management (bsc#1106061). - qlge: Factor out duplicated expression (bsc#1106061). - qlge: Fix dma_sync_single calls (bsc#1106061). - qlge: Fix irq masking in INTx mode (bsc#1106061). - qlge: Refill empty buffer queues from wq (bsc#1106061). - qlge: Refill rx buffers up to multiple of 16 (bsc#1106061). - qlge: Remove bq_desc.maplen (bsc#1106061). - qlge: Remove irq_cnt (bsc#1106061). - qlge: Remove page_chunk.last_flag (bsc#1106061). - qlge: Remove qlge_bq.len & size (bsc#1106061). - qlge: Remove rx_ring.sbq_buf_size (bsc#1106061). - qlge: Remove rx_ring.type (bsc#1106061). - qlge: Remove useless dma synchronization calls (bsc#1106061). - qlge: Remove useless memset (bsc#1106061). - qlge: Replace memset with assignment (bsc#1106061). - qlge: Update buffer queue prod index despite oom (bsc#1106061). - rbd: do not (ab)use obj_req->pages for stat requests (bsc#1141450). - rbd: do not NULL out ->obj_request in rbd_img_obj_parent_read_full() (bsc#1141450). - rbd: get rid of img_req->copyup_pages (bsc#1141450). - rbd: move from raw pages to bvec data descriptors (bsc#1141450). - rbd: remove bio cloning helpers (bsc#1141450). - rbd: start enums at 1 instead of 0 (bsc#1141450). - rbd: use kmem_cache_zalloc() in rbd_img_request_create() (bsc#1141450). - regmap: fix bulk writes on paged registers (bsc#1051510). - regulator: qcom_spmi: Fix math of spmi_regulator_set_voltage_time_sel (bsc#1051510). - rename patches according to their names in SLE15-SP1. - rpm/kernel-binary.spec.in: Enable missing modules check. - rpm/kernel-binary.spec.in: Enable missing modules check. - rpmsg: added MODULE_ALIAS for rpmsg_char (bsc#1051510). - rpmsg: smd: do not use mananged resources for endpoints and channels (bsc#1051510). - rpmsg: smd: fix memory leak on channel create (bsc#1051510). - rsi: improve kernel thread handling to fix kernel panic (bsc#1051510). - rslib: Fix decoding of shortened codes (bsc#1051510). - rslib: Fix handling of of caller provided syndrome (bsc#1051510). - rtc: pcf8523: do not return invalid date when battery is low (bsc#1051510). - rxrpc: Fix send on a connected, but unbound socket (networking-stable-19_07_25). - s390/cio: fix ccw_device_start_timeout API (bsc#1142109 LTC#179339). - s390/dasd: fix endless loop after read unit address configuration (bsc#1144912 LTC#179907). - s390/qdio: handle PENDING state for QEBSM devices (bsc#1142117 bsc#1142118 bsc#1142119 LTC#179329 LTC#179330 LTC#179331). - s390/qeth: avoid control IO completion stalls (bsc#1142109 LTC#179339). - s390/qeth: cancel cmd on early error (bsc#1142109 LTC#179339). - s390/qeth: fix request-side race during cmd IO timeout (bsc#1142109 LTC#179339). - s390/qeth: release cmd buffer in error paths (bsc#1142109 LTC#179339). - s390/qeth: simplify reply object handling (bsc#1142109 LTC#179339). - samples, bpf: fix to change the buffer size for read() (bsc#1051510). - samples: mei: use /dev/mei0 instead of /dev/mei (bsc#1051510). - sched/fair: Do not free p->numa_faults with concurrent readers (bsc#1144920). - sched/fair: Use RCU accessors consistently for ->numa_group (bsc#1144920). - scripts/checkstack.pl: Fix arm64 wrong or unknown architecture (bsc#1051510). - scripts/decode_stacktrace.sh: prefix addr2line with $CROSS_COMPILE (bsc#1051510). - scripts/decode_stacktrace: only strip base path when a prefix of the path (bsc#1051510). - scripts/gdb: fix lx-version string output (bsc#1051510). - scripts/git_sort/git_sort.py: - scsi: NCR5380: Always re-enable reselection interrupt (git-fixes). - scsi: aacraid: Fix missing break in switch statement (git-fixes). - scsi: aacraid: Fix performance issue on logical drives (git-fixes). - scsi: aic94xx: fix an error code in aic94xx_init() (git-fixes). - scsi: aic94xx: fix module loading (git-fixes). - scsi: bfa: convert to strlcpy/strlcat (git-fixes). - scsi: bnx2fc: Fix NULL dereference in error handling (git-fixes). - scsi: bnx2fc: fix incorrect cast to u64 on shift operation (git-fixes). - scsi: core: Fix race on creating sense cache (git-fixes). - scsi: core: Synchronize request queue PM status only on successful resume (git-fixes). - scsi: core: set result when the command cannot be dispatched (git-fixes). - scsi: cxlflash: Mark expected switch fall-throughs (bsc#1148868). - scsi: cxlflash: Prevent deadlock when adapter probe fails (git-fixes). - scsi: esp_scsi: Track residual for PIO transfers (git-fixes) Also, mitigate kABI changes. - scsi: fas216: fix sense buffer initialization (git-fixes). - scsi: isci: initialize shost fully before calling scsi_add_host() (git-fixes). - scsi: libfc: fix null pointer dereference on a null lport (git-fixes). - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached (git-fixes). - scsi: mac_scsi: Fix pseudo DMA implementation, take 2 (git-fixes). - scsi: mac_scsi: Increase PIO/PDMA transfer length threshold (git-fixes). - scsi: megaraid: fix out-of-bound array accesses (git-fixes). - scsi: megaraid_sas: Fix calculation of target ID (git-fixes). - scsi: ncr5380: revert 'Increase register polling limit' (git-fixes). - scsi: qedf: Add debug information for unsolicited processing (bsc#1149976). - scsi: qedf: Add shutdown callback handler (bsc#1149976). - scsi: qedf: Add support for 20 Gbps speed (bsc#1149976). - scsi: qedf: Check both the FCF and fabric ID before servicing clear virtual link (bsc#1149976). - scsi: qedf: Check for link state before processing LL2 packets and send fipvlan retries (bsc#1149976). - scsi: qedf: Check for module unloading bit before processing link update AEN (bsc#1149976). - scsi: qedf: Decrease the LL2 MTU size to 2500 (bsc#1149976). - scsi: qedf: Fix race betwen fipvlan request and response path (bsc#1149976). - scsi: qedf: Initiator fails to re-login to switch after link down (bsc#1149976). - scsi: qedf: Print message during bailout conditions (bsc#1149976). - scsi: qedf: Stop sending fipvlan request on unload (bsc#1149976). - scsi: qedf: Update module description string (bsc#1149976). - scsi: qedf: Update the driver version to 8.37.25.20 (bsc#1149976). - scsi: qedf: Update the version to 8.42.3.0 (bsc#1149976). - scsi: qedf: Use discovery list to traverse rports (bsc#1149976). - scsi: qedf: remove memset/memcpy to nfunc and use func instead (git-fixes). - scsi: qedf: remove set but not used variables (bsc#1149976). - scsi: qedi: remove declaration of nvm_image from stack (git-fixes). - scsi: qla2xxx: Add cleanup for PCI EEH recovery (bsc#1129424). - scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory (git-fixes). - scsi: qla2xxx: Fix a format specifier (git-fixes). - scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() (git-fixes). - scsi: qla2xxx: Fix device staying in blocked state (git-fixes). - scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() (git-fixes). - scsi: qla2xxx: Unregister chrdev if module initialization fails (git-fixes). - scsi: qla4xxx: avoid freeing unallocated dma memory (git-fixes). - scsi: raid_attrs: fix unused variable warning (git-fixes). - scsi: scsi_dh_alua: Fix possible null-ptr-deref (git-fixes). - scsi: sd: Defer spinning up drive while SANITIZE is in progress (git-fixes). - scsi: sd: Fix a race between closing an sd device and sd I/O (git-fixes). - scsi: sd: Fix cache_type_store() (git-fixes). - scsi: sd: Optimal I/O size should be a multiple of physical block size (git-fixes). - scsi: sd: Quiesce warning if device does not report optimal I/O size (git-fixes). - scsi: sd: use mempool for discard special page (git-fixes). - scsi: sd_zbc: Fix potential memory leak (git-fixes). - scsi: smartpqi: unlock on error in pqi_submit_raid_request_synchronous() (git-fixes). - scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled (git-fixes). - scsi: ufs: Avoid runtime suspend possibly being blocked forever (git-fixes). - scsi: ufs: Check that space was properly alloced in copy_query_response (git-fixes). - scsi: ufs: Fix NULL pointer dereference in ufshcd_config_vreg_hpm() (git-fixes). - scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value (git-fixes). - scsi: ufs: fix wrong command type of UTRD for UFSHCI v2.1 (git-fixes). - scsi: ufs: revert 'disable vccq if it's not needed by UFS device' (git-fixes). - scsi: use dma_get_cache_alignment() as minimum DMA alignment (git-fixes). - scsi: virtio_scsi: do not send sc payload with tmfs (git-fixes). - sctp: change to hold sk after auth shkey is created successfully (networking-stable-19_07_02). - serial: 8250: Fix TX interrupt handling condition (bsc#1051510). - signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig (bsc#1144333). - sis900: fix TX completion (bsc#1051510). - sky2: Disable MSI on ASUS P6T (bsc#1142496). - smb2: fix missing files in root share directory listing (bsc#1112907, bsc#1144333). - smb2: fix typo in definition of a few error flags (bsc#1144333). - smb2: fix uninitialized variable bug in smb2_ioctl_query_info (bsc#1144333). - smb3 - clean up debug output displaying network interfaces (bsc#1144333). - smb3.1.1: Add GCM crypto to the encrypt and decrypt functions (bsc#1144333). - smb3.11: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - smb311: Fix reconnect (bsc#1051510, bsc#1144333). - smb311: Improve checking of negotiate security contexts (bsc#1051510, bsc#1144333). - smb3: Add SMB3.1.1 GCM to negotiated crypto algorigthms (bsc#1144333). - smb3: Add debug message later in smb2/smb3 reconnect path (bsc#1144333). - smb3: Add defines for new negotiate contexts (bsc#1144333). - smb3: Add dynamic trace points for various compounded smb3 ops (bsc#1144333). - smb3: Add ftrace tracepoints for improved SMB3 debugging (bsc#1144333). - smb3: Add handling for different FSCTL access flags (bsc#1144333). - smb3: Add posix create context for smb3.11 posix mounts (bsc#1144333). - smb3: Add protocol structs for change notify support (bsc#1144333). - smb3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510, bsc#1144333). - smb3: Add tracepoints for read, write and query_dir enter (bsc#1144333). - smb3: Allow SMB3 FSCTL queries to be sent to server from tools (bsc#1144333). - smb3: Allow persistent handle timeout to be configurable on mount (bsc#1144333). - smb3: Allow query of symlinks stored as reparse points (bsc#1144333). - smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510, bsc#1144333). - smb3: Backup intent flag missing from compounded ops (bsc#1144333). - smb3: Clean up query symlink when reparse point (bsc#1144333). - smb3: Cleanup license mess (bsc#1144333). - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bsc#1085536, bsc#1144333). - smb3: Do not send SMB3 SET_INFO if nothing changed (bsc#1051510, bsc#1144333). - smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510, bsc#1144333). - smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510, bsc#1144333). - smb3: Fix deadlock in validate negotiate hits reconnect (bsc#1144333). - smb3: Fix endian warning (bsc#1144333, bsc#1137884). - smb3: Fix enumerating snapshots to Azure (bsc#1144333). - smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510, bsc#1144333). - smb3: Fix mode on mkdir on smb311 mounts (bsc#1144333). - smb3: Fix potential memory leak when processing compound chain (bsc#1144333). - smb3: Fix rmdir compounding regression to strict servers (bsc#1144333). - smb3: Fix root directory when server returns inode number of zero (bsc#1051510, bsc#1144333). - smb3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL (bsc#1144333). - smb3: Log at least once if tree connect fails during reconnect (bsc#1144333). - smb3: Number of requests sent should be displayed for SMB3 not just CIFS (bsc#1144333). - smb3: Send netname context during negotiate protocol (bsc#1144333). - smb3: Track total time spent on roundtrips for each SMB3 command (bsc#1144333). - smb3: Update POSIX negotiate context with POSIX ctxt GUID (bsc#1144333). - smb3: Validate negotiate request must always be signed (bsc#1064597, bsc#1144333). - smb3: Warn user if trying to sign connection that authenticated as guest (bsc#1085536, bsc#1144333). - smb3: add additional ftrace entry points for entry/exit to cifs.ko (bsc#1144333). - smb3: add credits we receive from oplock/break PDUs (bsc#1144333). - smb3: add debug for unexpected mid cancellation (bsc#1144333). - smb3: add define for id for posix create context and corresponding struct (bsc#1144333). - smb3: add dynamic trace point for query_info_enter/done (bsc#1144333). - smb3: add dynamic trace point for smb3_cmd_enter (bsc#1144333). - smb3: add dynamic tracepoint for timeout waiting for credits (bsc#1144333). - smb3: add dynamic tracepoints for simple fallocate and zero range (bsc#1144333). - smb3: add missing read completion trace point (bsc#1144333). - smb3: add module alias for smb3 to cifs.ko (bsc#1144333). - smb3: add new mount option to retrieve mode from special ACE (bsc#1144333). - smb3: add reconnect tracepoints (bsc#1144333). - smb3: add smb3.1.1 to default dialect list (bsc#1144333). - smb3: add support for posix negotiate context (bsc#1144333). - smb3: add support for statfs for smb3.1.1 posix extensions (bsc#1144333). - smb3: add trace point for tree connection (bsc#1144333). - smb3: add tracepoint for sending lease break responses to server (bsc#1144333). - smb3: add tracepoint for session expired or deleted (bsc#1144333). - smb3: add tracepoint for slow responses (bsc#1144333). - smb3: add tracepoint to catch cases where credit refund of failed op overlaps reconnect (bsc#1144333). - smb3: add tracepoints for query dir (bsc#1144333). - smb3: add tracepoints for smb2/smb3 open (bsc#1144333). - smb3: add way to control slow response threshold for logging and stats (bsc#1144333). - smb3: allow more detailed protocol info on open files for debugging (bsc#1144333). - smb3: allow posix mount option to enable new SMB311 protocol extensions (bsc#1144333). - smb3: allow previous versions to be mounted with snapshot= mount parm (bsc#1144333). - smb3: allow stats which track session and share reconnects to be reset (bsc#1051510, bsc#1144333). - smb3: check for and properly advertise directory lease support (bsc#1051510, bsc#1144333). - smb3: create smb3 equivalent alias for cifs pseudo-xattrs (bsc#1144333). - smb3: directory sync should not return an error (bsc#1051510, bsc#1144333). - smb3: display bytes_read and bytes_written in smb3 stats (bsc#1144333). - smb3: display security information in /proc/fs/cifs/DebugData more accurately (bsc#1144333). - smb3: display session id in debug data (bsc#1144333). - smb3: display stats counters for number of slow commands (bsc#1144333). - smb3: display volume serial number for shares in /proc/fs/cifs/DebugData (bsc#1144333). - smb3: do not allow insecure cifs mounts when using smb3 (bsc#1144333). - smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510, bsc#1144333). - smb3: do not display confusing message on mount to Azure servers (bsc#1144333). - smb3: do not display empty interface list (bsc#1144333). - smb3: do not request leases in symlink creation and query (bsc#1051510, bsc#1144333). - smb3: do not send compression info by default (bsc#1144333). - smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510, bsc#1144333). - smb3: fill in statfs fsid and correct namelen (bsc#1112905, bsc#1144333). - smb3: fix bytes_read statistics (bsc#1144333). - smb3: fix corrupt path in subdirs on smb311 with posix (bsc#1144333). - smb3: fix large reads on encrypted connections (bsc#1144333). - smb3: fix lease break problem introduced by compounding (bsc#1144333). - smb3: fix minor debug output for CONFIG_CIFS_STATS (bsc#1144333). - smb3: fix redundant opens on root (bsc#1144333). - smb3: fix reset of bytes read and written stats (bsc#1112906, bsc#1144333). - smb3: fix various xid leaks (bsc#1051510, bsc#1144333). - smb3: for kerberos mounts display the credential uid used (bsc#1144333). - smb3: handle new statx fields (bsc#1085536, bsc#1144333). - smb3: if max_credits is specified then display it in /proc/mounts (bsc#1144333). - smb3: if server does not support posix do not allow posix mount option (bsc#1144333). - smb3: improve dynamic tracing of open and posix mkdir (bsc#1144333). - smb3: increase initial number of credits requested to allow write (bsc#1144333). - smb3: make default i/o size for smb3 mounts larger (bsc#1144333). - smb3: minor cleanup of compound_send_recv (bsc#1144333). - smb3: minor debugging clarifications in rfc1001 len processing (bsc#1144333). - smb3: minor missing defines relating to reparse points (bsc#1144333). - smb3: missing defines and structs for reparse point handling (bsc#1144333). - smb3: note that smb3.11 posix extensions mount option is experimental (bsc#1144333). - smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510, bsc#1144333). - smb3: on reconnect set PreviousSessionId field (bsc#1112899, bsc#1144333). - smb3: optimize open to not send query file internal info (bsc#1144333). - smb3: passthru query info does not check for SMB3 FSCTL passthru (bsc#1144333). - smb3: print tree id in debugdata in proc to be able to help logging (bsc#1144333). - smb3: query inode number on open via create context (bsc#1144333). - smb3: remove noisy warning message on mount (bsc#1129664, bsc#1144333). - smb3: remove per-session operations from per-tree connection stats (bsc#1144333). - smb3: rename encryption_required to smb3_encryption_required (bsc#1144333). - smb3: request more credits on normal (non-large read/write) ops (bsc#1144333). - smb3: request more credits on tree connect (bsc#1144333). - smb3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write (bsc#1144333). - smb3: send CAP_DFS capability during session setup (bsc#1144333). - smb3: send backup intent on compounded query info (bsc#1144333). - smb3: show number of current open files in /proc/fs/cifs/Stats (bsc#1144333). - smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510, bsc#1144333). - smb3: smbdirect no longer experimental (bsc#1144333). - smb3: snapshot mounts are read-only and make sure info is displayable about the mount (bsc#1144333). - smb3: track the instance of each session for debugging (bsc#1144333). - smb3: trivial cleanup to smb2ops.c (bsc#1144333). - smb3: update comment to clarify enumerating snapshots (bsc#1144333). - smb3: update default requested iosize to 4MB from 1MB for recent dialects (bsc#1144333). - smb: Validate negotiate (to protect against downgrade) even if signing off (bsc#1085536, bsc#1144333). - smb: fix leak of validate negotiate info response buffer (bsc#1064597, bsc#1144333). - smb: fix validate negotiate info uninitialised memory use (bsc#1064597, bsc#1144333). - smbd: Make upper layer decide when to destroy the transport (bsc#1144333). - smpboot: Place the __percpu annotation correctly (git fixes). - soc: rockchip: power-domain: Add a sanity check on pd->num_clks (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: Use of_clk_get_parent_count() instead of open coding (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: use clk_bulk APIs (bsc#1144718,bsc#1144813). - sound: fix a memory leak bug (bsc#1051510). - spi: bcm2835aux: fix corruptions for longer spi transfers (bsc#1051510). - spi: bcm2835aux: remove dangerous uncontrolled read of fifo (bsc#1051510). - spi: bcm2835aux: unifying code between polling and interrupt driven code (bsc#1051510). - st21nfca_connectivity_event_received: null check the allocation (bsc#1051510). - st_nci_hci_connectivity_event_received: null check the allocation (bsc#1051510). - staging: comedi: dt3000: Fix rounding up of timer divisor (bsc#1051510). - staging: comedi: dt3000: Fix signed integer overflow 'divider * base' (bsc#1051510). - supported.conf: Add missing modules (bsc#1066369). - supported.conf: Add missing modules (bsc#1066369). - supported.conf: Add raspberrypi-cpufreq (jsc#SLE-7294). - supported.conf: Remove duplicate drivers/ata/libahci_platform - supported.conf: Sort alphabetically, align comments. - supported.conf: Sort alphabetically, align comments. - tcp: Reset bytes_acked and bytes_received when disconnecting (networking-stable-19_07_25). - test_firmware: fix a memory leak bug (bsc#1051510). - tipc: change to use register_pernet_device (networking-stable-19_07_02). - tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete (bsc#1082555). - tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations (bsc#1082555). - tpm: Fix off-by-one when reading binary_bios_measurements (bsc#1082555). - tpm: Unify the send callback behaviour (bsc#1082555). - tpm: vtpm_proxy: Suppress error logging when in closed state (bsc#1082555). - tracing: Fix header include guards in trace event headers (bsc#1144474). - treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 231 (bsc#1144333). - tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop (bsc#1051510). - tty/serial: digicolor: Fix digicolor-usart already registered warning (bsc#1051510). - tty: max310x: Fix invalid baudrate divisors calculator (bsc#1051510). - tty: serial: msm_serial: avoid system lockup condition (bsc#1051510). - tua6100: Avoid build warnings (bsc#1051510). - tun: wake up waitqueues after IFF_UP is set (networking-stable-19_07_02). - udf: Fix incorrect final NOT_ALLOCATED (hole) extent length (bsc#1148617). - update internal version number for cifs.ko (bsc#1144333). - usb-storage: Add new JMS567 revision to unusual_devs (bsc#1051510). - usb: CDC: fix sanity checks in CDC union parser (bsc#1142635). - usb: Handle USB3 remote wakeup for LPM enabled devices correctly (bsc#1051510). - usb: cdc-acm: make sure a refcount is taken early enough (bsc#1142635). - usb: cdc-wdm: fix race between write and disconnect due to flag abuse (bsc#1051510). - usb: chipidea: udc: do not do hardware access if gadget has stopped (bsc#1051510). - usb: core: Fix races in character device registration and deregistraion (bsc#1051510). - usb: core: hub: Disable hub-initiated U1/U2 (bsc#1051510). - usb: gadget: composite: Clear 'suspended' on reset/disconnect (bsc#1051510). - usb: gadget: udc: renesas_usb3: Fix sysfs interface of 'role' (bsc#1142635). - usb: host: fotg2: restart hcd after port reset (bsc#1051510). - usb: host: ohci: fix a race condition between shutdown and irq (bsc#1051510). - usb: host: xhci-rcar: Fix timeout in xhci_suspend() (bsc#1051510). - usb: host: xhci: rcar: Fix typo in compatible string matching (bsc#1051510). - usb: iowarrior: fix deadlock on disconnect (bsc#1051510). - usb: serial: option: Add Motorola modem UARTs (bsc#1051510). - usb: serial: option: Add support for ZTE MF871A (bsc#1051510). - usb: serial: option: add D-Link DWM-222 device ID (bsc#1051510). - usb: serial: option: add the BroadMobi BM818 card (bsc#1051510). - usb: storage: ums-realtek: Update module parameter description for auto_delink_en (bsc#1051510). - usb: storage: ums-realtek: Whitelist auto-delink support (bsc#1051510). - usb: usbfs: fix double-free of usb memory upon submiturb error (bsc#1051510). - usb: wusbcore: fix unbalanced get/put cluster_id (bsc#1051510). - usb: yurex: Fix use-after-free in yurex_delete (bsc#1051510). - vfs: fix page locking deadlocks when deduping files (bsc#1148619). - vmci: Release resource if the work is already queued (bsc#1051510). - vrf: make sure skb->data contains ip header to make routing (networking-stable-19_07_25). - watchdog: bcm2835_wdt: Fix module autoload (bsc#1051510). - watchdog: core: fix null pointer dereference when releasing cdev (bsc#1051510). - watchdog: f71808e_wdt: fix F81866 bit operation (bsc#1051510). - watchdog: fix compile time error of pretimeout governors (bsc#1051510). - wimax/i2400m: fix a memory leak bug (bsc#1051510). - x86/boot: Fix memory leak in default_get_smp_config() (bsc#1114279). - x86/entry/64/compat: Fix stack switching for XEN PV (bsc#1108382). - x86/microcode: Fix the microcode load on CPU hotplug for real (bsc#1114279). - x86/mm: Check for pfn instead of page in vmalloc_sync_one() (bsc#1118689). - x86/mm: Sync also unmappings in vmalloc_sync_all() (bsc#1118689). - x86/speculation/mds: Apply more accurate check on hypervisor platform (bsc#1114279). - x86/speculation: Allow guests to use SSBD even if host does not (bsc#1114279). - x86/unwind: Add hardcoded ORC entry for NULL (bsc#1114279). - x86/unwind: Handle NULL pointer calls better in frame unwinder (bsc#1114279). - xen/swiotlb: fix condition for calling xen_destroy_contiguous_region() (bsc#1065600). - xfrm: Fix NULL pointer dereference in xfrm_input when skb_dst_force clears the dst_entry (bsc#1143300). - xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry (bsc#1143300). - xfrm: Fix bucket count reported to userspace (bsc#1143300). - xfrm: Fix error return code in xfrm_output_one() (bsc#1143300). - xfs: do not crash on null attr fork xfs_bmapi_read (bsc#1148035). - xfs: do not trip over uninitialized buffer on extent read of corrupted inode (bsc#1149053). - xfs: dump transaction usage details on log reservation overrun (bsc#1145235). - xfs: eliminate duplicate icreate tx reservation functions (bsc#1145235). - xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT (bsc#1148032). - xfs: fix semicolon.cocci warnings (bsc#1145235). - xfs: fix up agi unlinked list reservations (bsc#1145235). - xfs: include an allocfree res for inobt modifications (bsc#1145235). - xfs: include inobt buffers in ifree tx log reservation (bsc#1145235). - xfs: print transaction log reservation on overrun (bsc#1145235). - xfs: refactor inode chunk alloc/free tx reservation (bsc#1145235). - xfs: refactor xlog_cil_insert_items() to facilitate transaction dump (bsc#1145235). - xfs: remove more ondisk directory corruption asserts (bsc#1148034). - xfs: separate shutdown from ticket reservation print helper (bsc#1145235). - xfs: truncate transaction does not modify the inobt (bsc#1145235). Important SUSE bug 1047238 SUSE bug 1050911 SUSE bug 1051510 SUSE bug 1054914 SUSE bug 1055117 SUSE bug 1056686 SUSE bug 1060662 SUSE bug 1061840 SUSE bug 1061843 SUSE bug 1064597 SUSE bug 1064701 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1066369 SUSE bug 1071009 SUSE bug 1071306 SUSE bug 1078248 SUSE bug 1082555 SUSE bug 1085030 SUSE bug 1085536 SUSE bug 1085539 SUSE bug 1086103 SUSE bug 1087092 SUSE bug 1090734 SUSE bug 1091171 SUSE bug 1093205 SUSE bug 1102097 SUSE bug 1104902 SUSE bug 1106061 SUSE bug 1106284 SUSE bug 1106434 SUSE bug 1108382 SUSE bug 1112178 SUSE bug 1112894 SUSE bug 1112899 SUSE bug 1112902 SUSE bug 1112903 SUSE bug 1112905 SUSE bug 1112906 SUSE bug 1112907 SUSE bug 1113722 SUSE bug 1114279 SUSE bug 1114542 SUSE bug 1118689 SUSE bug 1119086 SUSE bug 1120876 SUSE bug 1120902 SUSE bug 1120937 SUSE bug 1123105 SUSE bug 1123959 SUSE bug 1124370 SUSE bug 1129424 SUSE bug 1129519 SUSE bug 1129664 SUSE bug 1131107 SUSE bug 1131281 SUSE bug 1131565 SUSE bug 1133021 SUSE bug 1134291 SUSE bug 1134881 SUSE bug 1134882 SUSE bug 1135219 SUSE bug 1135642 SUSE bug 1135897 SUSE bug 1136261 SUSE bug 1137069 SUSE bug 1137884 SUSE bug 1138539 SUSE bug 1139020 SUSE bug 1139021 SUSE bug 1139101 SUSE bug 1139500 SUSE bug 1140012 SUSE bug 1140426 SUSE bug 1140487 SUSE bug 1141013 SUSE bug 1141450 SUSE bug 1141543 SUSE bug 1141554 SUSE bug 1142019 SUSE bug 1142076 SUSE bug 1142109 SUSE bug 1142117 SUSE bug 1142118 SUSE bug 1142119 SUSE bug 1142496 SUSE bug 1142541 SUSE bug 1142635 SUSE bug 1142685 SUSE bug 1142701 SUSE bug 1142857 SUSE bug 1143300 SUSE bug 1143466 SUSE bug 1143765 SUSE bug 1143841 SUSE bug 1143843 SUSE bug 1144123 SUSE bug 1144333 SUSE bug 1144474 SUSE bug 1144518 SUSE bug 1144718 SUSE bug 1144813 SUSE bug 1144880 SUSE bug 1144886 SUSE bug 1144912 SUSE bug 1144920 SUSE bug 1144979 SUSE bug 1145010 SUSE bug 1145024 SUSE bug 1145051 SUSE bug 1145059 SUSE bug 1145189 SUSE bug 1145235 SUSE bug 1145300 SUSE bug 1145302 SUSE bug 1145388 SUSE bug 1145389 SUSE bug 1145390 SUSE bug 1145391 SUSE bug 1145392 SUSE bug 1145393 SUSE bug 1145394 SUSE bug 1145395 SUSE bug 1145396 SUSE bug 1145397 SUSE bug 1145408 SUSE bug 1145409 SUSE bug 1145661 SUSE bug 1145678 SUSE bug 1145687 SUSE bug 1145920 SUSE bug 1145922 SUSE bug 1145934 SUSE bug 1145937 SUSE bug 1145940 SUSE bug 1145941 SUSE bug 1145942 SUSE bug 1146074 SUSE bug 1146084 SUSE bug 1146163 SUSE bug 1146285 SUSE bug 1146346 SUSE bug 1146351 SUSE bug 1146352 SUSE bug 1146361 SUSE bug 1146368 SUSE bug 1146376 SUSE bug 1146378 SUSE bug 1146381 SUSE bug 1146391 SUSE bug 1146399 SUSE bug 1146413 SUSE bug 1146425 SUSE bug 1146516 SUSE bug 1146519 SUSE bug 1146524 SUSE bug 1146526 SUSE bug 1146529 SUSE bug 1146531 SUSE bug 1146543 SUSE bug 1146547 SUSE bug 1146550 SUSE bug 1146575 SUSE bug 1146589 SUSE bug 1146678 SUSE bug 1146938 SUSE bug 1148031 SUSE bug 1148032 SUSE bug 1148033 SUSE bug 1148034 SUSE bug 1148035 SUSE bug 1148093 SUSE bug 1148133 SUSE bug 1148192 SUSE bug 1148196 SUSE bug 1148198 SUSE bug 1148202 SUSE bug 1148303 SUSE bug 1148363 SUSE bug 1148379 SUSE bug 1148394 SUSE bug 1148527 SUSE bug 1148574 SUSE bug 1148616 SUSE bug 1148617 SUSE bug 1148619 SUSE bug 1148698 SUSE bug 1148859 SUSE bug 1148868 SUSE bug 1149053 SUSE bug 1149083 SUSE bug 1149104 SUSE bug 1149105 SUSE bug 1149106 SUSE bug 1149197 SUSE bug 1149214 SUSE bug 1149224 SUSE bug 1149325 SUSE bug 1149376 SUSE bug 1149413 SUSE bug 1149418 SUSE bug 1149424 SUSE bug 1149522 SUSE bug 1149527 SUSE bug 1149539 SUSE bug 1149552 SUSE bug 1149591 SUSE bug 1149602 SUSE bug 1149612 SUSE bug 1149626 SUSE bug 1149652 SUSE bug 1149713 SUSE bug 1149940 SUSE bug 1149959 SUSE bug 1149963 SUSE bug 1149976 SUSE bug 1150025 SUSE bug 1150033 SUSE bug 1150112 SUSE bug 1150562 SUSE bug 1150727 SUSE bug 1150860 SUSE bug 1150861 SUSE bug 1150933 CVE-2017-18551 CVE-2018-20976 CVE-2018-21008 CVE-2019-10207 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14835 CVE-2019-15030 CVE-2019-15031 CVE-2019-15090 CVE-2019-15098 CVE-2019-15099 CVE-2019-15117 CVE-2019-15118 CVE-2019-15211 CVE-2019-15212 CVE-2019-15214 CVE-2019-15215 CVE-2019-15216 CVE-2019-15217 CVE-2019-15218 CVE-2019-15219 CVE-2019-15220 CVE-2019-15221 CVE-2019-15222 CVE-2019-15239 CVE-2019-15290 CVE-2019-15292 CVE-2019-15538 CVE-2019-15666 CVE-2019-15902 CVE-2019-15917 CVE-2019-15919 CVE-2019-15920 CVE-2019-15921 CVE-2019-15924 CVE-2019-15926 CVE-2019-15927 CVE-2019-9456 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for nmap fixes the following issues: - Fixed a regression in the version scanner, caused by the fix for CVE-2018-15173. (bsc#1135350) Important SUSE bug 1135350 CVE-2018-15173 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191) - CVE-2018-20406: Fixed a integer overflow via a large LONG_BINPUT (bsc#1120644) Important SUSE bug 1120644 SUSE bug 1122191 CVE-2018-20406 CVE-2019-5010 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox to ESR 60.9 fixes the following issues: Security issues fixed: - CVE-2019-11742: Fixed a same-origin policy violation involving SVG filters and canvas to steal cross-origin images. (bsc#1149303) - CVE-2019-11746: Fixed a use-after-free while manipulating video. (bsc#1149297) - CVE-2019-11744: Fixed an XSS caused by breaking out of title and textarea elements using innerHTML. (bsc#1149304) - CVE-2019-11753: Fixed a privilege escalation with Mozilla Maintenance Service in custom Firefox installation location. (bsc#1149295) - CVE-2019-11752: Fixed a use-after-free while extracting a key value in IndexedDB. (bsc#1149296) - CVE-2019-11743: Fixed a timing side-channel attack on cross-origin information, utilizing unload event attributes. (bsc#1149298) - CVE-2019-11740: Fixed several memory safety bugs. (bsc#1149299) Important SUSE bug 1149294 SUSE bug 1149295 SUSE bug 1149296 SUSE bug 1149297 SUSE bug 1149298 SUSE bug 1149299 SUSE bug 1149303 SUSE bug 1149304 SUSE bug 1149324 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752 CVE-2019-11753 CVE-2019-9812 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for expat fixes the following issues: Security issue fixed: - CVE-2019-15903: Fixed a heap-based buffer over-read caused by crafted XML documents. (bsc#1149429) Moderate SUSE bug 1149429 CVE-2019-15903 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for djvulibre fixes the following issues: Security issues fixed: - CVE-2019-15142: Fixed heap-based buffer over-read (bsc#1146702). - CVE-2019-15143: Fixed resource exhaustion caused by corrupted image files (bsc#1146569). - CVE-2019-15144: Fixed denial-of-service caused by crafted PBM image files (bsc#1146571). - CVE-2019-15145: Fixed out-of-bounds read caused by corrupted JB2 image files (bsc#1146572). - Fixed segfault when libtiff encounters corrupted TIFF (upstream issue #295). Moderate SUSE bug 1146569 SUSE bug 1146571 SUSE bug 1146572 SUSE bug 1146702 CVE-2019-15142 CVE-2019-15143 CVE-2019-15144 CVE-2019-15145 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for dovecot22 fixes the following issues: - CVE-2019-11500: Fixed a potential remote code execution in the IMAP and ManageSieve protocol parsers (bsc#1145559). Important SUSE bug 1145559 CVE-2019-11500 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ghostscript to 9.27 fixes the following issues: Security issues fixed: - CVE-2019-3835: Fixed an unauthorized file system access caused by an available superexec operator. (bsc#1129180) - CVE-2019-3839: Fixed an unauthorized file system access caused by available privileged operators. (bsc#1134156) - CVE-2019-12973: Fixed a denial-of-service vulnerability in the OpenJPEG function opj_t1_encode_cblks. (bsc#1140359) - CVE-2019-14811: Fixed a safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator. (bsc#1146882) - CVE-2019-14812: Fixed a safer mode bypass by .forceput exposure in setuserparams. (bsc#1146882) - CVE-2019-14813: Fixed a safer mode bypass by .forceput exposure in setsystemparams. (bsc#1146882) - CVE-2019-14817: Fixed a safer mode bypass by .forceput exposure in .pdfexectoken and other procedures. (bsc#1146884) Important SUSE bug 1129180 SUSE bug 1131863 SUSE bug 1134156 SUSE bug 1140359 SUSE bug 1146882 SUSE bug 1146884 CVE-2019-12973 CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 CVE-2019-14817 CVE-2019-3835 CVE-2019-3839 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for gpg2 fixes the following issues: Security issue fixed: - CVE-2019-13050: Fixed denial-of-service attacks via big keys. (bsc#1141093) Non-security issue fixed: - Allow coredumps in X11 desktop sessions (bsc#1124847). Moderate SUSE bug 1124847 SUSE bug 1141093 CVE-2019-13050 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for bind fixes the following issues: Security issues fixed: - CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069). - CVE-2019-6471: Fixed a reachable assert in dispatch.c. (bsc#1138687) - CVE-2018-5745: Fixed a denial of service vulnerability if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (bsc#1126068). - CVE-2018-5743: Fixed a denial of service vulnerability which could be caused by to many simultaneous TCP connections (bsc#1133185). - CVE-2018-5740: Fixed a denial of service vulnerability in the 'deny-answer-aliases' feature (bsc#1104129). Non-security issues fixed: - Don't rely on /etc/insserv.conf anymore for proper dependencies against nss-lookup.target in named.service and lwresd.service (bsc#1118367, bsc#1118368). - Fix FIPS related regression (bsc#1128220). Important SUSE bug 1104129 SUSE bug 1118367 SUSE bug 1118368 SUSE bug 1126068 SUSE bug 1126069 SUSE bug 1128220 SUSE bug 1133185 SUSE bug 1138687 CVE-2018-5740 CVE-2018-5743 CVE-2018-5745 CVE-2019-6465 CVE-2019-6471 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssl-1_0_0 fixes the following issues: OpenSSL Security Advisory [10 September 2019] * CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003) * CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250) In addition fixed invalid curve attacks by validating that an EC point lies on the curve (bsc#1131291). Moderate SUSE bug 1131291 SUSE bug 1150003 SUSE bug 1150250 CVE-2019-1547 CVE-2019-1563 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-13627: Mitigated ECDSA timing attack. (bsc#1148987) Moderate SUSE bug 1148987 CVE-2019-13627 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for jasper fixes the following issues: Security issues fixed: - CVE-2018-19540: Fixed a heap based overflow in jas_icctxtdesc_input (bsc#1117508). - CVE-2018-19541: Fix heap based overread in jas_image_depalettize (bsc#1117507). - CVE-2018-19542: Fixed a denial of service in jp2_decode (bsc#1117505). - CVE-2018-19539: Fixed a denial of service in jas_image_readcmpt (bsc#1117511). - CVE-2016-9396: Fixed a denial of service in jpc_cox_getcompparms (bsc#1010783). Moderate SUSE bug 1010783 SUSE bug 1117505 SUSE bug 1117507 SUSE bug 1117508 SUSE bug 1117511 CVE-2016-9396 CVE-2018-19539 CVE-2018-19540 CVE-2018-19541 CVE-2018-19542 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2019-16168: Fixed improper validation of sqlite_stat1 field that could lead to denial of service (bsc#1150137). Moderate SUSE bug 1150137 CVE-2019-16168 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: Updated to new ESR version 68.1 (bsc#1149323). In addition to the already fixed vulnerabilities released in previous ESR updates, the following were also fixed: CVE-2019-11751, CVE-2019-11736, CVE-2019-9812, CVE-2019-11748, CVE-2019-11749, CVE-2019-11750, CVE-2019-11738, CVE-2019-11747, CVE-2019-11735. Several run-time issues were also resolved (bsc#1117473, bsc#1124525, bsc#1133810). The version displayed in Help > About is now correct (bsc#1087200). Important SUSE bug 1087200 SUSE bug 1109465 SUSE bug 1117473 SUSE bug 1123482 SUSE bug 1124525 SUSE bug 1133810 SUSE bug 1140868 SUSE bug 1145665 SUSE bug 1149323 CVE-2019-11709 CVE-2019-11710 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11714 CVE-2019-11715 CVE-2019-11716 CVE-2019-11717 CVE-2019-11718 CVE-2019-11719 CVE-2019-11720 CVE-2019-11721 CVE-2019-11723 CVE-2019-11724 CVE-2019-11725 CVE-2019-11727 CVE-2019-11728 CVE-2019-11729 CVE-2019-11730 CVE-2019-11733 CVE-2019-11735 CVE-2019-11736 CVE-2019-11738 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11747 CVE-2019-11748 CVE-2019-11749 CVE-2019-11750 CVE-2019-11751 CVE-2019-11752 CVE-2019-11753 CVE-2019-9811 CVE-2019-9812 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 for Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-15291: There was a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver (bnc#1146540). - CVE-2019-14821: An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350). - CVE-2017-18595: A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (bnc#1149555). - CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permitted sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation. This allowed practical brute-force attacks (aka 'KNOB') that could decrypt traffic and injected arbitrary ciphertext without the victim noticing (bnc#1137865 bnc#1146042). - CVE-2019-14835: A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could have used this flaw to increase their privileges on the host (bnc#1150112). - CVE-2019-15216: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver (bnc#1146361). - CVE-2019-15924: fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c had a NULL pointer dereference because there was no -ENOMEM upon an alloc_workqueue failure (bnc#1149612). - CVE-2019-9456: In the Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could have led to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1150025). - CVE-2019-15031: In the Linux kernel on the powerpc platform, a local user could have read vector registers of other users' processes via an interrupt. To exploit the vulnerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE was misused in arch/powerpc/kernel/process.c (bnc#1149713). - CVE-2019-15030: In the Linux kernel on the powerpc platform, a local user could have read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check (bnc#1149713). - CVE-2019-15920: SMB2_read in fs/cifs/smb2pdu.c had a use-after-free. (bnc#1149626). - CVE-2019-15921: There was a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c (bnc#1149602). - CVE-2018-21008: A use-after-free could have been caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c (bnc#1149591). - CVE-2019-15919: SMB2_write in fs/cifs/smb2pdu.c had a use-after-free (bnc#1149552). - CVE-2019-15917: There was a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c (bnc#1149539). - CVE-2019-15926: An out-of-bounds access existed in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c (bnc#1149527). - CVE-2019-15927: An out-of-bounds access existed in the function build_audio_procunit in the file sound/usb/mixer.c (bnc#1149522). - CVE-2019-15902: Misuse of the upstream 'x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()' commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped (bnc#1149376). - CVE-2019-15666: There was an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandled directory validation (bnc#1148394). - CVE-2019-15219: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver (bnc#1146524). - CVE-2019-14814: There was a heap-based buffer overflow in the Marvell wifi chip driver, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146512). - CVE-2019-14815: There was a heap-based buffer overflow in the Marvell wifi chip driver, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code. (bsc#1146514) - CVE-2019-14816: There was a heap-based buffer overflow in the Marvell wifi chip driver, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146516). - CVE-2019-15220: There was a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver (bnc#1146526). - CVE-2019-15538: An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS (bnc#1148093). - CVE-2019-15290: There was a NULL pointer dereference caused by a malicious USB device in the ath6kl_usb_alloc_urb_from_pipe function (bsc#1146543). - CVE-2019-15098: drivers/net/wireless/ath/ath6kl/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor (bnc#1146378). - CVE-2019-15239: An incorrect backport of a certain net/ipv4/tcp_output.c fix allowed a local attacker to trigger multiple use-after-free conditions. This could result in a kernel crash, or potentially in privilege escalation. (bsc#1146589) - CVE-2019-15212: There was a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver (bnc#1146391). - CVE-2019-15292: There was a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c (bnc#1146678). - CVE-2019-15217: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver (bnc#1146547). - CVE-2019-15211: There was a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c did not properly allocate memory (bnc#1146519). - CVE-2019-15214: There was a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is related to sound/core/init.c and sound/core/info.c (bnc#1146550). - CVE-2019-15221: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver (bnc#1146529). - CVE-2019-15222: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/helper.c (motu_microbookii) driver (bnc#1146531). - CVE-2019-15218: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver (bnc#1146413). - CVE-2019-15215: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver (bnc#1146425). - CVE-2019-15090: An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the qedi_dbg_* family of functions, there is an out-of-bounds read (bnc#1146399). - CVE-2018-20976: An issue was discovered in fs/xfs/xfs_super.c. A use after free exists, related to xfs_fs_fill_super failure (bnc#1146285). - CVE-2017-18551: An issue was discovered in drivers/i2c/i2c-core-smbus.c. There was an out of bounds write in the function i2c_smbus_xfer_emulated (bnc#1146163). - CVE-2019-15118: check_input_term in sound/usb/mixer.c mishandled recursion, leading to kernel stack exhaustion (bnc#1145922). - CVE-2019-15117: parse_audio_mixer_unit in sound/usb/mixer.c mishandled a short descriptor, leading to out-of-bounds memory access (bnc#1145920). - CVE-2019-10207: Fix a NULL pointer dereference in hci_uart bluetooth driver (bsc#1142857 bsc#1123959). The following non-security bugs were fixed: - 9p: acl: fix uninitialized iattr access (bsc#1051510). - 9p: p9dirent_read: check network-provided name length (bsc#1051510). - 9p: pass the correct prototype to read_cache_page (bsc#1051510). - 9p/rdma: do not disconnect on down_interruptible EAGAIN (bsc#1051510). - 9p/rdma: remove useless check in cm_event_handler (bsc#1051510). - 9p/virtio: Add cleanup path in p9_virtio_init (bsc#1051510). - 9p/xen: Add cleanup path in p9_trans_xen_init (bsc#1051510). - 9p/xen: fix check for xenbus_read error in front_probe (bsc#1051510). - acpi/arm64: ignore 5.1 FADTs that are reported as 5.0 (bsc#1051510). - ACPICA: Increase total number of possible Owner IDs (bsc#1148859). - ACPICA: Increase total number of possible Owner IDs (bsc#1148859). - ACPI: custom_method: fix memory leaks (bsc#1051510). - ACPI: fix false-positive -Wuninitialized warning (bsc#1051510). - ACPI/IORT: Fix off-by-one check in iort_dev_find_its_id() (bsc#1051510). - ACPI / PCI: fix acpi_pci_irq_enable() memory leak (bsc#1051510). - ACPI: PM: Fix regression in acpi_device_set_power() (bsc#1051510). - ACPI / property: Fix acpi_graph_get_remote_endpoint() name in kerneldoc (bsc#1051510). - Add 3 not-needeed commits to blacklist.conf from git-fixes. - Add missing structs and defines from recent SMB3.1.1 documentation (bsc#1144333). - Add new flag on SMB3.1.1 read (bsc#1144333). - address lock imbalance warnings in smbdirect.c (bsc#1144333). - Add some missing debug fields in server and tcon structs (bsc#1144333). - add some missing definitions (bsc#1144333). - Add some qedf commits to blacklist file (bsc#1149976) - Add vers=3.0.2 as a valid option for SMBv3.0.2 (bsc#1144333). - af_key: fix leaks in key_pol_get_resp and dump_sp (bsc#1051510). - af_packet: Block execution of tasks waiting for transmit to complete in AF_PACKET (networking-stable-19_07_02). - ALSA: aoa: onyx: always initialize register read value (bsc#1051510). - ALSA: firewire: fix a memory leak bug (bsc#1051510). - ALSA: firewire-tascam: check intermediate state of clock status and retry (bsc#1051510). - ALSA: firewire-tascam: handle error code when getting current source of clock (bsc#1051510). - ALSA: hda - Add a generic reboot_notify (bsc#1051510). - ALSA: hda - Apply workaround for another AMD chip 1022:1487 (bsc#1051510). - ALSA: hda - Do not override global PCM hw info flag (bsc#1051510). - ALSA: hda - Fix a memory leak bug (bsc#1051510). - ALSA: hda - Fix potential endless loop at applying quirks (bsc#1051510). - ALSA: hda: kabi workaround for generic parser flag (bsc#1051510). - ALSA: hda - Let all conexant codec enter D3 when rebooting (bsc#1051510). - ALSA: hda/realtek - Fix overridden device-specific initialization (bsc#1051510). - ALSA: hda/realtek - Fix the problem of two front mics on a ThinkCentre (bsc#1051510). - ALSA: hda - Workaround for crackled sound on AMD controller (1022:1457) (bsc#1051510). - ALSA: hiface: fix multiple memory leak bugs (bsc#1051510). - ALSA: line6: Fix memory leak at line6_init_pcm() error path (bsc#1051510). - ALSA: pcm: fix lost wakeup event scenarios in snd_pcm_drain (bsc#1051510). - ALSA: seq: Fix potential concurrent access to the deleted pool (bsc#1051510). - ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check (bsc#1051510). - arm64: KVM: Fix architecturally invalid reset value for FPEXC32_EL2 (bsc#1133021). - ARM: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling (bsc#1133021). - ARM: KVM: report support for SMCCC_ARCH_WORKAROUND_1 (bsc#1133021). - ASoC: dapm: Fix handling of custom_stop_condition on DAPM graph walks (bsc#1051510). - ASoC: es8328: Fix copy-paste error in es8328_right_line_controls (bsc#1051510). - ASoC: Fail card instantiation if DAI format setup fails (bsc#1051510). - ASoC: Intel: Baytrail: Fix implicit fallthrough warning (bsc#1051510). - ASoC: sun4i-i2s: RX and TX counter registers are swapped (bsc#1051510). - ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls (bsc#1051510). - ASoC: wm8988: fix typo in wm8988_right_line_controls (bsc#1051510). - ata: libahci: do not complain in case of deferred probe (bsc#1051510). - ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init (bsc#1051510). - atm: iphase: Fix Spectre v1 vulnerability (networking-stable-19_08_08). - batman-adv: fix uninit-value in batadv_netlink_get_ifindex() (bsc#1051510). - batman-adv: Only read OGM2 tvlv_len after buffer len check (bsc#1051510). - batman-adv: Only read OGM tvlv_len after buffer len check (bsc#1051510). - bcache: fix possible memory leak in bch_cached_dev_run() (git fixes). - bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA (bsc#1051510). - bio: fix improper use of smp_mb__before_atomic() (git fixes). - blk-flush: do not run queue for requests bypassing flush (bsc#1137959). - blk-flush: use blk_mq_request_bypass_insert() (bsc#1137959). - blk-mq: backport fixes for blk_mq_complete_e_request_sync() (bsc#1145661). - blk-mq: do not allocate driver tag upfront for flush rq (bsc#1137959). - blk-mq: Fix memory leak in blk_mq_init_allocated_queue error handling (bsc#1151610). - blk-mq: Fix spelling in a source code comment (git fixes). - blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue (bsc#1137959). - blk-mq: introduce blk_mq_complete_request_sync() (bsc#1145661). - blk-mq: kABI fixes for blk-mq.h (bsc#1137959). - blk-mq: move blk_mq_put_driver_tag*() into blk-mq.h (bsc#1137959). - blk-mq: punt failed direct issue to dispatch list (bsc#1137959). - blk-mq: put the driver tag of nxt rq before first one is requeued (bsc#1137959). - blk-mq-sched: decide how to handle flush rq via RQF_FLUSH_SEQ (bsc#1137959). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - block, documentation: Fix wbt_lat_usec documentation (git fixes). - block: fix timeout changes for legacy request drivers (bsc#1149446). - block: kABI fixes for BLK_EH_DONE renaming (bsc#1142076). - block: rename BLK_EH_NOT_HANDLED to BLK_EH_DONE (bsc#1142076). - Bluetooth: 6lowpan: search for destination address in all peers (bsc#1051510). - Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug (bsc#1051510). - Bluetooth: btqca: Add a short delay before downloading the NVM (bsc#1051510). - Bluetooth: Check state in l2cap_disconnect_rsp (bsc#1051510). - Bluetooth: hci_bcsp: Fix memory leak in rx_skb (bsc#1051510). - Bluetooth: validate BLE connection interval updates (bsc#1051510). - bnx2x: Disable multi-cos feature (networking-stable-19_08_08). - bnx2x: Prevent ptp_task to be rescheduled indefinitely (networking-stable-19_07_25). - bonding/802.3ad: fix link_failure_count tracking (bsc#1137069 bsc#1141013). - bonding/802.3ad: fix slave link initialization transition states (bsc#1137069 bsc#1141013). - bonding: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - bonding: Always enable vlan tx offload (networking-stable-19_07_02). - bonding: set default miimon value for non-arp modes if not set (bsc#1137069 bsc#1141013). - bonding: speed/duplex update at NETDEV_UP event (bsc#1137069 bsc#1141013). - bonding: validate ip header before check IPPROTO_IGMP (networking-stable-19_07_25). - btrfs: add a helper to retrive extent inline ref type (bsc#1149325). - btrfs: add cleanup_ref_head_accounting helper (bsc#1050911). - btrfs: add missing inode version, ctime and mtime updates when punching hole (bsc#1140487). - btrfs: add one more sanity check for shared ref type (bsc#1149325). - btrfs: clean up pending block groups when transaction commit aborts (bsc#1050911). - btrfs: convert to use btrfs_get_extent_inline_ref_type (bsc#1149325). - btrfs: do not abort transaction at btrfs_update_root() after failure to COW path (bsc#1150933). - btrfs: fix assertion failure during fsync and use of stale transaction (bsc#1150562). - btrfs: fix data loss after inode eviction, renaming it, and fsync it (bsc#1145941). - btrfs: Fix delalloc inodes invalidation during transaction abort (bsc#1050911). - btrfs: fix fsync not persisting dentry deletions due to inode evictions (bsc#1145942). - btrfs: fix incremental send failure after deduplication (bsc#1145940). - btrfs: fix pinned underflow after transaction aborted (bsc#1050911). - btrfs: fix race between send and deduplication that lead to failures and crashes (bsc#1145059). - btrfs: fix race leading to fs corruption after transaction abort (bsc#1145937). - btrfs: fix use-after-free when using the tree modification log (bsc#1151891). - btrfs: handle delayed ref head accounting cleanup in abort (bsc#1050911). - btrfs: prevent send failures and crashes due to concurrent relocation (bsc#1145059). - btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls (bsc#1152975). - btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space (bsc#1152974). - btrfs: relocation: fix use-after-free on dead relocation roots (bsc#1152972). - btrfs: remove BUG() in add_data_reference (bsc#1149325). - btrfs: remove BUG() in btrfs_extent_inline_ref_size (bsc#1149325). - btrfs: remove BUG() in print_extent_item (bsc#1149325). - btrfs: remove BUG_ON in __add_tree_block (bsc#1149325). - btrfs: scrub: add memalloc_nofs protection around init_ipath (bsc#1086103). - btrfs: Split btrfs_del_delalloc_inode into 2 functions (bsc#1050911). - btrfs: start readahead also in seed devices (bsc#1144886). - btrfs: track running balance in a simpler way (bsc#1145059). - btrfs: use GFP_KERNEL in init_ipath (bsc#1086103). - caif-hsi: fix possible deadlock in cfhsi_exit_module() (networking-stable-19_07_25). - can: m_can: implement errata 'Needless activation of MRAF irq' (bsc#1051510). - can: mcp251x: add support for mcp25625 (bsc#1051510). - can: peak_usb: fix potential double kfree_skb() (bsc#1051510). - can: peak_usb: force the string buffer NULL-terminated (bsc#1051510). - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (bsc#1051510). - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices (bsc#1051510). - can: rcar_canfd: fix possible IRQ storm on high load (bsc#1051510). - can: sja1000: force the string buffer NULL-terminated (bsc#1051510). - carl9170: fix misuse of device driver API (bsc#1142635). - ceph: always get rstat from auth mds (bsc#1146346). - ceph: clean up ceph.dir.pin vxattr name sizeof() (bsc#1146346). - ceph: decode feature bits in session message (bsc#1146346). - ceph: do not blindly unregister session that is in opening state (bsc#1148133). - ceph: do not try fill file_lock on unsuccessful GETFILELOCK reply (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in fill_inode() (bsc#1148133). - ceph: fix 'ceph.dir.rctime' vxattr value (bsc#1148133 bsc#1135219). - ceph: fix improper use of smp_mb__before_atomic() (bsc#1148133). - ceph: fix iov_iter issues in ceph_direct_read_write() (bsc#1141450). - ceph: hold i_ceph_lock when removing caps for freeing inode (bsc#1148133). - ceph: remove request from waiting list before unregister (bsc#1148133). - ceph: silence a checker warning in mdsc_show() (bsc#1148133). - ceph: support cephfs' own feature bits (bsc#1146346). - ceph: support getting ceph.dir.pin vxattr (bsc#1146346). - ceph: support versioned reply (bsc#1146346). - ceph: use bit flags to define vxattr attributes (bsc#1146346). - ceph: use ceph_evict_inode to cleanup inode's resource (bsc#1148133). - cifs: Accept validate negotiate if server return NT_STATUS_NOT_SUPPORTED (bsc#1144333). - cifs: add a new SMB2_close_flags function (bsc#1144333). - cifs: add a smb2_compound_op and change QUERY_INFO to use it (bsc#1144333). - cifs: add a timeout argument to wait_for_free_credits (bsc#1144333). - cifs: add a warning if we try to to dequeue a deleted mid (bsc#1144333). - cifs: add compound_send_recv() (bsc#1144333). - cifs: add credits from unmatched responses/messages (bsc#1144333). - cifs: add debug output to show nocase mount option (bsc#1144333). - cifs: Add DFS cache routines (bsc#1144333). - cifs: Add direct I/O functions to file_operations (bsc#1144333). - cifs: add fiemap support (bsc#1144333). - cifs: add iface info to struct cifs_ses (bsc#1144333). - cifs: add IOCTL for QUERY_INFO passthrough to userspace (bsc#1144333). - cifs: add lease tracking to the cached root fid (bsc#1144333). - cifs: Add minor debug message during negprot (bsc#1144333). - cifs: add missing debug entries for kconfig options (bsc#1051510, bsc#1144333). - cifs: add missing GCM module dependency (bsc#1144333). - cifs: add missing support for ACLs in SMB 3.11 (bsc#1051510, bsc#1144333). - cifs: add ONCE flag for cifs_dbg type (bsc#1144333). - cifs: add pdu_size to the TCP_Server_Info structure (bsc#1144333). - cifs: add resp_buf_size to the mid_q_entry structure (bsc#1144333). - cifs: address trivial coverity warning (bsc#1144333). - cifs: add server argument to the dump_detail method (bsc#1144333). - cifs: add server->vals->header_preamble_size (bsc#1144333). - cifs: add SFM mapping for 0x01-0x1F (bsc#1144333). - cifs: add sha512 secmech (bsc#1051510, bsc#1144333). - cifs: Adds information-level logging function (bsc#1144333). - cifs: add SMB2_close_init()/SMB2_close_free() (bsc#1144333). - cifs: add SMB2_ioctl_init/free helpers to be used with compounding (bsc#1144333). - cifs: add SMB2_query_info_[init|free]() (bsc#1144333). - cifs: Add smb2_send_recv (bsc#1144333). - cifs: add spinlock for the openFileList to cifsInodeInfo (bsc#1144333). - cifs: add .splice_write (bsc#1144333). - cifs: Add support for direct I/O read (bsc#1144333). - cifs: Add support for direct I/O write (bsc#1144333). - cifs: Add support for direct pages in rdata (bsc#1144333). - cifs: Add support for direct pages in wdata (bsc#1144333). - cifs: Add support for failover in cifs_mount() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect_tcon() (bsc#1144333). - cifs: Add support for failover in smb2_reconnect() (bsc#1144333). - cifs: Add support for FSCTL passthrough that write data to the server (bsc#1144333). - cifs: add support for ioctl on directories (bsc#1144333). - cifs: Add support for reading attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: add support for SEEK_DATA and SEEK_HOLE (bsc#1144333). - cifs: Add support for writing attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: Adjust MTU credits before reopening a file (bsc#1144333). - cifs: Allocate memory for all iovs in smb2_ioctl (bsc#1144333). - cifs: Allocate validate negotiation request through kmalloc (bsc#1144333). - cifs: allow calling SMB2_xxx_free(NULL) (bsc#1144333). - cifs: allow disabling less secure legacy dialects (bsc#1144333). - cifs: allow guest mounts to work for smb3.11 (bsc#1051510, bsc#1144333). - cifs: always add credits back for unsolicited PDUs (bsc#1144333). - cifs: Always reset read error to -EIO if no response (bsc#1144333). - cifs: Always resolve hostname before reconnecting (bsc#1051510, bsc#1144333). - cifs: a smb2_validate_and_copy_iov failure does not mean the handle is invalid (bsc#1144333). - cifs: auto disable 'serverino' in dfs mounts (bsc#1144333). - cifs: avoid a kmalloc in smb2_send_recv/SendReceive2 for the common case (bsc#1144333). - cifs: Avoid returning EBUSY to upper layer VFS (bsc#1144333). - cifs: cache FILE_ALL_INFO for the shared root handle (bsc#1144333). - cifs: Calculate the correct request length based on page offset and tail size (bsc#1144333). - cifs: Call MID callback before destroying transport (bsc#1144333). - cifs: change mkdir to use a compound (bsc#1144333). - cifs: change smb2_get_data_area_len to take a smb2_sync_hdr as argument (bsc#1144333). - cifs: Change SMB2_open to return an iov for the error parameter (bsc#1144333). - cifs: change SMB2_OP_RENAME and SMB2_OP_HARDLINK to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_EOF to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_INFO to use compounding (bsc#1144333). - cifs: change smb2_query_eas to use the compound query-info helper (bsc#1144333). - cifs: change unlink to use a compound (bsc#1144333). - cifs: change validate_buf to validate_iov (bsc#1144333). - cifs: change wait_for_free_request() to take flags as argument (bsc#1144333). - cifs: check CIFS_MOUNT_NO_DFS when trying to reuse existing sb (bsc#1144333). - cifs: Check for reconnects before sending async requests (bsc#1144333). - cifs: Check for reconnects before sending compound requests (bsc#1144333). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902, bsc#1144333). - cifs: Check for timeout on Negotiate stage (bsc#1091171, bsc#1144333). - cifs: check if SMB2 PDU size has been padded and suppress the warning (bsc#1144333). - cifs: check kmalloc before use (bsc#1051510, bsc#1144333). - cifs: check kzalloc return (bsc#1144333). - cifs: check MaxPathNameComponentLength != 0 before using it (bsc#1085536, bsc#1144333). - cifs: check ntwrk_buf_start for NULL before dereferencing it (bsc#1144333). - cifs: check rsp for NULL before dereferencing in SMB2_open (bsc#1085536, bsc#1144333). - cifs: cifs_read_allocate_pages: do not iterate through whole page array on ENOMEM (bsc#1144333). - cifs: clean up indentation, replace spaces with tab (bsc#1144333). - cifs: cleanup smb2ops.c and normalize strings (bsc#1144333). - cifs: complete PDU definitions for interface queries (bsc#1144333). - cifs: connect to servername instead of IP for IPC$ share (bsc#1051510, bsc#1144333). - cifs: Count SMB3 credits for malformed pending responses (bsc#1144333). - cifs: create a define for how many iovs we need for an SMB2_open() (bsc#1144333). - cifs: create a define for the max number of iov we need for a SMB2 set_info (bsc#1144333). - cifs: create a helper function for compound query_info (bsc#1144333). - cifs: create helpers for SMB2_set_info_init/free() (bsc#1144333). - cifs: create SMB2_open_init()/SMB2_open_free() helpers (bsc#1144333). - cifs: Display SMB2 error codes in the hex format (bsc#1144333). - cifs: document tcon/ses/server refcount dance (bsc#1144333). - cifs: do not allow creating sockets except with SMB1 posix exensions (bsc#1102097, bsc#1144333). - cifs: Do not assume one credit for async responses (bsc#1144333). - cifs: do not attempt cifs operation on smb2+ rename error (bsc#1144333). - cifs: Do not consider -ENODATA as stat failure for reads (bsc#1144333). - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510, bsc#1144333). - cifs: do not dereference smb_file_target before null check (bsc#1051510, bsc#1144333). - cifs: Do not hide EINTR after sending network packets (bsc#1051510, bsc#1144333). - cifs: Do not log credits when unmounting a share (bsc#1144333). - cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510, bsc#1144333). - cifs: Do not match port on SMBDirect transport (bsc#1144333). - cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510, bsc#1144333). - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510, bsc#1144333). - cifs: Do not reset lease state to NONE on lease break (bsc#1051510, bsc#1144333). - cifs: do not return atime less than mtime (bsc#1144333). - cifs: do not send invalid input buffer on QUERY_INFO requests (bsc#1144333). - cifs: Do not set credits to 1 if the server didn't grant anything (bsc#1144333). - cifs: do not show domain= in mount output when domain is empty (bsc#1144333). - cifs: Do not skip SMB2 message IDs on send failures (bsc#1144333). - cifs: do not use __constant_cpu_to_le32() (bsc#1144333). - cifs: dump every session iface info (bsc#1144333). - cifs: dump IPC tcon in debug proc file (bsc#1071306, bsc#1144333). - cifs: fallback to older infolevels on findfirst queryinfo retry (bsc#1144333). - cifs: Find and reopen a file before get MTU credits in writepages (bsc#1144333). - cifs: fix a buffer leak in smb2_query_symlink (bsc#1144333). - cifs: fix a credits leak for compund commands (bsc#1144333). - cifs: Fix a debug message (bsc#1144333). - cifs: Fix adjustment of credits for MTU requests (bsc#1051510, bsc#1144333). - cifs: Fix an issue with re-sending rdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix an issue with re-sending wdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix a race condition with cifs_echo_request (bsc#1144333). - cifs: Fix a tiny potential memory leak (bsc#1144333). - cifs: Fix autonegotiate security settings mismatch (bsc#1087092, bsc#1144333). - cifs: fix bi-directional fsctl passthrough calls (bsc#1144333). - cifs: fix build break when CONFIG_CIFS_DEBUG2 enabled (bsc#1144333). - cifs: fix build errors for SMB_DIRECT (bsc#1144333). - cifs: Fix check for matching with existing mount (bsc#1144333). - cifs: fix circular locking dependency (bsc#1064701, bsc#1144333). - cifs: fix computation for MAX_SMB2_HDR_SIZE (bsc#1144333). - cifs: fix confusing warning message on reconnect (bsc#1144333). - cifs: fix crash in cifs_dfs_do_automount (bsc#1144333). - cifs: fix crash in smb2_compound_op()/smb2_set_next_command() (bsc#1144333). - cifs: fix crash querying symlinks stored as reparse-points (bsc#1144333). - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510, bsc#1144333). - cifs: Fix credit calculations in compound mid callback (bsc#1144333). - cifs: Fix credit computation for compounded requests (bsc#1144333). - cifs: Fix credits calculation for cancelled requests (bsc#1144333). - cifs: Fix credits calculations for reads with errors (bsc#1051510, bsc#1144333). - cifs: fix credits leak for SMB1 oplock breaks (bsc#1144333). - cifs: fix deadlock in cached root handling (bsc#1144333). - cifs: Fix DFS cache refresher for DFS links (bsc#1144333). - cifs: fix encryption in SMB3.1.1 (bsc#1144333). - cifs: Fix encryption/signing (bsc#1144333). - cifs: Fix error mapping for SMB2_LOCK command which caused OFD lock problem (bsc#1051510, bsc#1144333). - cifs: Fix error paths in writeback code (bsc#1144333). - cifs: fix GlobalMid_Lock bug in cifs_reconnect (bsc#1144333). - cifs: fix handle leak in smb2_query_symlink() (bsc#1144333). - cifs: fix incorrect handling of smb2_set_sparse() return in smb3_simple_falloc (bsc#1144333). - cifs: Fix infinite loop when using hard mount option (bsc#1091171, bsc#1144333). - cifs: Fix invalid check in __cifs_calc_signature() (bsc#1144333). - cifs: Fix kernel oops when traceSMB is enabled (bsc#1144333). - cifs: fix kref underflow in close_shroot() (bsc#1144333). - cifs: Fix leaking locked VFS cache pages in writeback retry (bsc#1144333). - cifs: Fix lease buffer length error (bsc#1144333). - cifs: fix memory leak and remove dead code (bsc#1144333). - cifs: fix memory leak in SMB2_open() (bsc#1112894, bsc#1144333). - cifs: fix memory leak in SMB2_read (bsc#1144333). - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510, bsc#1144333). - cifs: fix memory leak of an allocated cifs_ntsd structure (bsc#1144333). - cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl case (bsc#1144333). - cifs: Fix missing put_xid in cifs_file_strict_mmap (bsc#1087092, bsc#1144333). - cifs: Fix module dependency (bsc#1144333). - cifs: Fix mounts if the client is low on credits (bsc#1144333). - cifs: fix NULL deref in SMB2_read (bsc#1085539, bsc#1144333). - cifs: Fix NULL pointer dereference of devname (bnc#1129519). - cifs: Fix NULL pointer deref on SMB2_tcon() failure (bsc#1071009, bsc#1144333). - cifs: Fix NULL ptr deref (bsc#1144333). - cifs: fix page reference leak with readv/writev (bsc#1144333). - cifs: fix panic in smb2_reconnect (bsc#1144333). - cifs: fix parsing of symbolic link error response (bsc#1144333). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542, bsc#1144333). - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510, bsc#1144333). - cifs: Fix possible oops and memory leaks in async IO (bsc#1144333). - cifs: Fix potential OOB access of lock element array (bsc#1051510, bsc#1144333). - cifs: Fix read after write for files with read caching (bsc#1051510, bsc#1144333). - cifs: fix return value for cifs_listxattr (bsc#1051510, bsc#1144333). - cifs: fix rmmod regression in cifs.ko caused by force_sig changes (bsc#1144333). - cifs: Fix separator when building path from dentry (bsc#1051510, bsc#1144333). - cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510, bsc#1144333). - cifs: fix signed/unsigned mismatch on aio_read patch (bsc#1144333). - cifs: Fix signing for SMB2/3 (bsc#1144333). - cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting (bsc#1144333). - cifs: Fix slab-out-of-bounds when tracing SMB tcon (bsc#1144333). - cifs: fix SMB1 breakage (bsc#1144333). - cifs: fix smb3_zero_range for Azure (bsc#1144333). - cifs: fix smb3_zero_range so it can expand the file-size when required (bsc#1144333). - cifs: fix sparse warning on previous patch in a few printks (bsc#1144333). - cifs: fix spelling mistake, EACCESS -> EACCES (bsc#1144333). - cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1051510, bsc#1144333). - cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() (bsc#1144333). - cifs: Fix to use kmem_cache_free() instead of kfree() (bsc#1144333). - cifs: Fix trace command logging for SMB2 reads and writes (bsc#1144333). - cifs: fix typo in cifs_dbg (bsc#1144333). - cifs: fix typo in debug message with struct field ia_valid (bsc#1144333). - cifs: fix uninitialized ptr deref in smb2 signing (bsc#1144333). - cifs: Fix use-after-free in SMB2_read (bsc#1144333). - cifs: Fix use-after-free in SMB2_write (bsc#1144333). - cifs: Fix use after free of a mid_q_entry (bsc#1112903, bsc#1144333). - cifs: fix use-after-free of the lease keys (bsc#1144333). - cifs: Fix validation of signed data in smb2 (bsc#1144333). - cifs: Fix validation of signed data in smb3+ (bsc#1144333). - cifs: fix wrapping bugs in num_entries() (bsc#1051510, bsc#1144333). - cifs: flush before set-info if we have writeable handles (bsc#1144333). - cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510, bsc#1144333). - cifs: handle large EA requests more gracefully in smb2+ (bsc#1144333). - cifs: handle netapp error codes (bsc#1136261). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: implement v3.11 preauth integrity (bsc#1051510, bsc#1144333). - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs) (bsc#1144333). - cifs: integer overflow in in SMB2_ioctl() (bsc#1051510, bsc#1144333). - cifs: Introduce helper function to get page offset and length in smb_rqst (bsc#1144333). - cifs: Introduce offset for the 1st page in data transfer structures (bsc#1144333). - cifs: invalidate cache when we truncate a file (bsc#1051510, bsc#1144333). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565, bsc#1144333). - cifs: limit amount of data we request for xattrs to CIFSMaxBufSize (bsc#1144333). - cifs: Limit memory used by lock request calls to a page (bsc#1144333). - cifs_lookup(): cifs_get_inode_...() never returns 0 with *inode left NULL (bsc#1144333). - cifs_lookup(): switch to d_splice_alias() (bsc#1144333). - cifs: make arrays static const, reduces object code size (bsc#1144333). - cifs: Make devname param optional in cifs_compose_mount_options() (bsc#1144333). - cifs: make IPC a regular tcon (bsc#1071306, bsc#1144333). - cifs: make minor clarifications to module params for cifs.ko (bsc#1144333). - cifs: make mknod() an smb_version_op (bsc#1144333). - cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510, bsc#1144333). - cifs: make rmdir() use compounding (bsc#1144333). - cifs: make smb_send_rqst take an array of requests (bsc#1144333). - cifs: Make sure all data pages are signed correctly (bsc#1144333). - cifs: Make use of DFS cache to get new DFS referrals (bsc#1144333). - cifs: Mask off signals when sending SMB packets (bsc#1144333). - cifs: minor clarification in comments (bsc#1144333). - cifs: Minor Kconfig clarification (bsc#1144333). - cifs: minor updates to module description for cifs.ko (bsc#1144333). - cifs: Move credit processing to mid callbacks for SMB3 (bsc#1144333). - cifs: move default port definitions to cifsglob.h (bsc#1144333). - cifs: move large array from stack to heap (bsc#1144333). - cifs: Move open file handling to writepages (bsc#1144333). - cifs: Move unlocking pages from wdata_send_pages() (bsc#1144333). - cifs: OFD locks do not conflict with eachothers (bsc#1051510, bsc#1144333). - cifs: Only free DFS target list if we actually got one (bsc#1144333). - cifs: Only send SMB2_NEGOTIATE command on new TCP connections (bsc#1144333). - cifs: only wake the thread for the very last PDU in a compound (bsc#1144333). - cifs: parse and store info on iface queries (bsc#1144333). - cifs: pass flags down into wait_for_free_credits() (bsc#1144333). - cifs: Pass page offset for calculating signature (bsc#1144333). - cifs: Pass page offset for encrypting (bsc#1144333). - cifs: pass page offsets on SMB1 read/write (bsc#1144333). - cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510, bsc#1144333). - cifs: prevent starvation in wait_for_free_credits for multi-credit requests (bsc#1144333). - cifs: print CIFSMaxBufSize as part of /proc/fs/cifs/DebugData (bsc#1144333). - cifs: Print message when attempting a mount (bsc#1144333). - cifs: Properly handle auto disabling of serverino option (bsc#1144333). - cifs: protect against server returning invalid file system block size (bsc#1144333). - cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: push rfc1002 generation down the stack (bsc#1144333). - cifs: read overflow in is_valid_oplock_break() (bsc#1144333). - cifs: Reconnect expired SMB sessions (bnc#1060662). - cifs: refactor and clean up arguments in the reparse point parsing (bsc#1144333). - cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510, bsc#1144333). - cifs: Refactor out cifs_mount() (bsc#1144333). - cifs: release auth_key.response for reconnect (bsc#1085536, bsc#1144333). - cifs: release cifs root_cred after exit_cifs (bsc#1085536, bsc#1144333). - cifs: remove coverity warning in calc_lanman_hash (bsc#1144333). - cifs: Remove custom credit adjustments for SMB2 async IO (bsc#1144333). - cifs: remove header_preamble_size where it is always 0 (bsc#1144333). - cifs: remove redundant duplicated assignment of pointer 'node' (bsc#1144333). - cifs: remove rfc1002 hardcoded constants from cifs_discard_remaining_data() (bsc#1144333). - cifs: remove rfc1002 header from all SMB2 response structures (bsc#1144333). - cifs: remove rfc1002 header from smb2_close_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_create_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_echo_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_flush_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_ioctl_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_lease_ack (bsc#1144333). - cifs: remove rfc1002 header from smb2_lock_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_logoff_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_negotiate_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_oplock_break we get from server (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_directory_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2 read/write requests (bsc#1144333). - cifs: remove rfc1002 header from smb2_sess_setup_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_set_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_connect_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_disconnect_req (bsc#1144333). - cifs: remove set but not used variable 'cifs_sb' (bsc#1144333). - cifs: remove set but not used variable 'sep' (bsc#1144333). - cifs: remove set but not used variable 'server' (bsc#1144333). - cifs: remove set but not used variable 'smb_buf' (bsc#1144333). - cifs: remove small_smb2_init (bsc#1144333). - cifs: remove smb2_send_recv() (bsc#1144333). - cifs: remove struct smb2_hdr (bsc#1144333). - cifs: remove struct smb2_oplock_break_rsp (bsc#1144333). - cifs: remove the is_falloc argument to SMB2_set_eof (bsc#1144333). - cifs: remove unused stats (bsc#1144333). - cifs: remove unused value pointed out by Coverity (bsc#1144333). - cifs: remove unused variable from SMB2_read (bsc#1144333). - cifs: rename and clarify CIFS_ASYNC_OP and CIFS_NO_RESP (bsc#1144333). - cifs: Reopen file before get SMB2 MTU credits for async IO (bsc#1144333). - cifs: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - cifs: replace snprintf with scnprintf (bsc#1144333). - cifs: Respect reconnect in MTU credits calculations (bsc#1144333). - cifs: Respect reconnect in non-MTU credits calculations (bsc#1144333). - cifs: Respect SMB2 hdr preamble size in read responses (bsc#1144333). - cifs: return correct errors when pinning memory failed for direct I/O (bsc#1144333). - cifs: Return -EAGAIN instead of -ENOTSOCK (bsc#1144333). - cifs: return -ENODATA when deleting an xattr that does not exist (bsc#1144333). - cifs: Return error code when getting file handle for writeback (bsc#1144333). - cifs: return error on invalid value written to cifsFYI (bsc#1144333). - cifs: Save TTL value when parsing DFS referrals (bsc#1144333). - cifs: Select all required crypto modules (bsc#1085536, bsc#1144333). - cifs: set mapping error when page writeback fails in writepage or launder_pages (bsc#1144333). - cifs: set oparms.create_options rather than or'ing in CREATE_OPEN_BACKUP_INTENT (bsc#1144333). - cifs: Set reconnect instance to one initially (bsc#1144333). - cifs: set *resp_buf_type to NO_BUFFER on error (bsc#1144333). - cifs: Show locallease in /proc/mounts for cifs shares mounted with locallease feature (bsc#1144333). - cifs: show 'soft' in the mount options for hard mounts (bsc#1144333). - cifs: show the w bit for writeable /proc/fs/cifs/* files (bsc#1144333). - cifs: silence compiler warnings showing up with gcc-8.0.0 (bsc#1090734, bsc#1144333). - cifs: Silence uninitialized variable warning (bsc#1144333). - cifs: simple stats should always be enabled (bsc#1144333). - cifs: simplify code by removing CONFIG_CIFS_ACL ifdef (bsc#1144333). - Update config files. - cifs: simplify how we handle credits in compound_send_recv() (bsc#1144333). - cifs: Skip any trailing backslashes from UNC (bsc#1144333). - cifs: smb2 commands can not be negative, remove confusing check (bsc#1144333). - cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510, bsc#1144333). - cifs: smb2ops: Fix NULL check in smb2_query_symlink (bsc#1144333). - cifs: smb2pdu: Fix potential NULL pointer dereference (bsc#1144333). - cifs: SMBD: Add parameter rdata to smb2_new_read_req (bsc#1144333). - cifs: SMBD: Add rdma mount option (bsc#1144333). - cifs: SMBD: Add SMB Direct debug counters (bsc#1144333). - cifs: SMBD: Add SMB Direct protocol initial values and constants (bsc#1144333). - cifs: smbd: Avoid allocating iov on the stack (bsc#1144333). - cifs: smbd: avoid reconnect lockup (bsc#1144333). - cifs: smbd: Check for iov length on sending the last iov (bsc#1144333). - cifs: smbd: depend on INFINIBAND_ADDR_TRANS (bsc#1144333). - cifs: SMBD: Disable signing on SMB direct transport (bsc#1144333). - cifs: smbd: disconnect transport on RDMA errors (bsc#1144333). - cifs: SMBD: Do not call ib_dereg_mr on invalidated memory registration (bsc#1144333). - cifs: smbd: Do not destroy transport on RDMA disconnect (bsc#1144333). - cifs: smbd: Do not use RDMA read/write when signing is used (bsc#1144333). - cifs: smbd: Dump SMB packet when configured (bsc#1144333). - cifs: smbd: Enable signing with smbdirect (bsc#1144333). - cifs: SMBD: Establish SMB Direct connection (bsc#1144333). - cifs: SMBD: export protocol initial values (bsc#1144333). - cifs: SMBD: fix spelling mistake: faield and legnth (bsc#1144333). - cifs: SMBD: Fix the definition for SMB2_CHANNEL_RDMA_V1_INVALIDATE (bsc#1144333). - cifs: SMBD: Implement function to create a SMB Direct connection (bsc#1144333). - cifs: SMBD: Implement function to destroy a SMB Direct connection (bsc#1144333). - cifs: SMBD: Implement function to receive data via RDMA receive (bsc#1144333). - cifs: SMBD: Implement function to reconnect to a SMB Direct transport (bsc#1144333). - cifs: SMBD: Implement function to send data via RDMA send (bsc#1144333). - cifs: SMBD: Implement RDMA memory registration (bsc#1144333). - cifs: smbd: Indicate to retry on transport sending failure (bsc#1144333). - cifs: SMBD: Read correct returned data length for RDMA write (SMB read) I/O (bsc#1144333). - cifs: smbd: Retry on memory registration failure (bsc#1144333). - cifs: smbd: Return EINTR when interrupted (bsc#1144333). - cifs: SMBD: Set SMB Direct maximum read or write size for I/O (bsc#1144333). - cifs: SMBD: _smbd_get_connection() can be static (bsc#1144333). - cifs: SMBD: Support page offset in memory registration (bsc#1144333). - cifs: SMBD: Support page offset in RDMA recv (bsc#1144333). - cifs: SMBD: Support page offset in RDMA send (bsc#1144333). - cifs: smbd: take an array of reqeusts when sending upper layer data (bsc#1144333). - cifs: SMBD: Upper layer connects to SMBDirect session (bsc#1144333). - cifs: SMBD: Upper layer destroys SMB Direct session on shutdown or umount (bsc#1144333). - cifs: SMBD: Upper layer performs SMB read via RDMA write through memory registration (bsc#1144333). - cifs: SMBD: Upper layer performs SMB write via RDMA read through memory registration (bsc#1144333). - cifs: SMBD: Upper layer receives data via RDMA receive (bsc#1144333). - cifs: SMBD: Upper layer reconnects to SMB Direct session (bsc#1144333). - cifs: SMBD: Upper layer sends data via RDMA send (bsc#1144333). - cifs:smbd Use the correct DMA direction when sending data (bsc#1144333). - cifs:smbd When reconnecting to server, call smbd_destroy() after all MIDs have been called (bsc#1144333). - cifs: SMBD: work around gcc -Wmaybe-uninitialized warning (bsc#1144333). - cifs: start DFS cache refresher in cifs_mount() (bsc#1144333). - cifs: store the leaseKey in the fid on SMB2_open (bsc#1051510, bsc#1144333). - cifs: suppress some implicit-fallthrough warnings (bsc#1144333). - cifs: track writepages in vfs operation counters (bsc#1144333). - cifs: Try to acquire credits at once for compound requests (bsc#1144333). - cifs: update calc_size to take a server argument (bsc#1144333). - cifs: update init_sg, crypt_message to take an array of rqst (bsc#1144333). - cifs: update internal module number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.14 (bsc#1144333). - cifs: update module internal version number (bsc#1144333). - cifs: update multiplex loop to handle compounded responses (bsc#1144333). - cifs: update receive_encrypted_standard to handle compounded responses (bsc#1144333). - cifs: update smb2_calc_size to use smb2_sync_hdr instead of smb2_hdr (bsc#1144333). - cifs: update smb2_check_message to handle PDUs without a 4 byte length header (bsc#1144333). - cifs: update smb2_queryfs() to use compounding (bsc#1144333). - cifs: update __smb_send_rqst() to take an array of requests (bsc#1144333). - cifs: use a compound for setting an xattr (bsc#1144333). - cifs: use a refcount to protect open/closing the cached file handle (bsc#1144333). - cifs: use correct format characters (bsc#1144333). - cifs: Use correct packet length in SMB2_TRANSFORM header (bsc#1144333). - cifs: Use GFP_ATOMIC when a lock is held in cifs_mount() (bsc#1144333). - cifs: Use kmemdup in SMB2_ioctl_init() (bsc#1144333). - cifs: Use kmemdup rather than duplicating its implementation in smb311_posix_mkdir() (bsc#1144333). - cifs: Use kzfree() to free password (bsc#1144333). - cifs: Use offset when reading pages (bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510, bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510, bsc#1144333). - cifs: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl (bsc#1071306, bsc#1144333). - cifs: use the correct length when pinning memory for direct I/O for write (bsc#1144333). - cifs: Use ULL suffix for 64-bit constant (bsc#1051510, bsc#1144333). - cifs: wait_for_free_credits() make it possible to wait for >=1 credits (bsc#1144333). - cifs: we can not use small padding iovs together with encryption (bsc#1144333). - cifs: When sending data on socket, pass the correct page offset (bsc#1144333). - cifs: zero-range does not require the file is sparse (bsc#1144333). - cifs: zero sensitive data when freeing (bsc#1087092, bsc#1144333). - Cleanup some minor endian issues in smb3 rdma (bsc#1144333). - clk: add clk_bulk_get accessories (bsc#1144813). - clk: at91: fix update bit maps on CFG_MOR write (bsc#1051510). - clk: bcm2835: remove pllb (jsc#SLE-7294). - clk: bcm283x: add driver interfacing with Raspberry Pi's firmware (jsc#SLE-7294). - clk: bulk: silently error out on EPROBE_DEFER (bsc#1144718,bsc#1144813). - clk: Export clk_bulk_prepare() (bsc#1144813). - clk: raspberrypi: register platform device for raspberrypi-cpufreq (jsc#SLE-7294). - clk: renesas: cpg-mssr: Fix reset control race condition (bsc#1051510). - clk: rockchip: Add 1.6GHz PLL rate for rk3399 (bsc#1144718,bsc#1144813). - clk: rockchip: assign correct id for pclk_ddr and hclk_sd in rk3399 (bsc#1144718,bsc#1144813). - clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks (bsc#1051510). - clk: sunxi-ng: v3s: add the missing PLL_DDR1 (bsc#1051510). - compat_ioctl: pppoe: fix PPPOEIOCSFWD handling (bsc#1051510). - coredump: split pipe command whitespace before expanding template (bsc#1051510). - cpufreq: add driver for Raspberry Pi (jsc#SLE-7294). - cpufreq: dt: Try freeing static OPPs only if we have added them (jsc#SLE-7294). - cpu/speculation: Warn on unsupported mitigations= parameter (bsc#1114279). - crypto: caam - fix concurrency issue in givencrypt descriptor (bsc#1051510). - crypto: caam - free resources in case caam_rng registration failed (bsc#1051510). - crypto: cavium/zip - Add missing single_release() (bsc#1051510). - crypto: ccp - Add support for valid authsize values less than 16 (bsc#1051510). - crypto: ccp - Fix oops by properly managing allocated structures (bsc#1051510). - crypto: ccp - Ignore tag length when decrypting GCM ciphertext (bsc#1051510). - crypto: ccp - Ignore unconfigured CCP device on suspend/resume (bnc#1145934). - crypto: ccp - Reduce maximum stack usage (bsc#1051510). - crypto: ccp - Validate buffer lengths for copy operations (bsc#1051510). - crypto: qat - Silence smp_processor_id() warning (bsc#1051510). - crypto: skcipher - Unmap pages after an external error (bsc#1051510). - crypto: talitos - fix skcipher failure due to wrong output IV (bsc#1051510). - cx82310_eth: fix a memory leak bug (bsc#1051510). - dax: dax_layout_busy_page() should not unmap cow pages (bsc#1148698). - devres: always use dev_name() in devm_ioremap_resource() (git fixes). - dfs_cache: fix a wrong use of kfree in flush_cache_ent() (bsc#1144333). - dma-buf: balance refcount inbalance (bsc#1051510). - dmaengine: dw: platform: Switch to acpi_dma_controller_register() (bsc#1051510). - dmaengine: iop-adma.c: fix printk format warning (bsc#1051510). - dmaengine: rcar-dmac: Reject zero-length slave DMA requests (bsc#1051510). - dm btree: fix order of block initialization in btree_split_beneath (git fixes). - dm bufio: fix deadlock with loop device (git fixes). - dm cache metadata: Fix loading discard bitset (git fixes). - dm crypt: do not overallocate the integrity tag space (git fixes). - dm crypt: fix parsing of extended IV arguments (git fixes). - dm delay: fix a crash when invalid device is specified (git fixes). - dm: fix to_sector() for 32bit (git fixes). - dm integrity: change memcmp to strncmp in dm_integrity_ctr (git fixes). - dm integrity: limit the rate of error messages (git fixes). - dm kcopyd: always complete failed jobs (git fixes). - dm log writes: make sure super sector log updates are written in order (git fixes). - dm raid: add missing cleanup in raid_ctr() (git fixes). - dm: revert 8f50e358153d ('dm: limit the max bio size as BIO_MAX_PAGES * PAGE_SIZE') (git fixes). - dm space map metadata: fix missing store of apply_bops() return value (git fixes). - dm table: fix invalid memory accesses with too high sector number (git fixes). - dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors (git fixes). - dm thin: fix bug where bio that overwrites thin block ignores FUA (git fixes). - dm thin: fix passdown_double_checking_shared_status() (git fixes). - dm zoned: fix potential NULL dereference in dmz_do_reclaim() (git fixes). - dm zoned: Fix zone report handling (git fixes). - dm zoned: fix zone state management race (git fixes). - dm zoned: improve error handling in i/o map code (git fixes). - dm zoned: improve error handling in reclaim (git fixes). - dm zoned: properly handle backing device failure (git fixes). - dm zoned: Silence a static checker warning (git fixes). - Documentation: Add nospectre_v1 parameter (bsc#1051510). - Documentation/networking: fix default_ttl typo in mpls-sysctl (bsc#1051510). - Do not log confusing message on reconnect by default (bsc#1129664, bsc#1144333). - Do not log expected error on DFS referral request (bsc#1051510, bsc#1144333). - driver core: Fix use-after-free and double free on glue directory (bsc#1131281). - drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl (bsc#1051510). - drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings (bsc#1051510). - drivers: thermal: int340x_thermal: Fix sysfs race condition (bsc#1051510). - drm/amdgpu/psp: move psp version specific function pointers to (bsc#1135642) - drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz (bsc#1051510). - drm/bridge: tc358767: read display_props in get_modes() (bsc#1051510). - drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry (bsc#1051510). - drm/etnaviv: add missing failure path to destroy suballoc (bsc#1135642) - drm/i915: Do not deballoon unused ggtt drm_mm_node in linux guest (bsc#1142635) - drm/i915: Fix various tracepoints for gen2 (bsc#1113722) - drm/i915: Fix wrong escape clock divisor init for GLK (bsc#1142635) - drm/i915/perf: ensure we keep a reference on the driver (bsc#1142635) - drm/i915: Restore relaxed padding (OCL_OOB_SUPPRES_ENABLE) for skl+ (bsc#1142635) - drm/i915/userptr: Acquire the page lock around set_page_dirty() (bsc#1051510). - drm/imx: Drop unused imx-ipuv3-crtc.o build (bsc#1113722) - drm/imx: notify drm core before sending event during crtc disable (bsc#1135642) - drm/imx: only send event on crtc disable if kept disabled (bsc#1135642) - drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver (bsc#1135642) - drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable() (bsc#1135642) - drm/mediatek: clear num_pipes when unbind driver (bsc#1135642) - drm/mediatek: fix unbind functions (bsc#1135642) - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto (bsc#1142635) - drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1135642) - drm/mediatek: use correct device to import PRIME buffers (bsc#1142635) - drm/msm: Depopulate platform on probe failure (bsc#1051510). - drm: msm: Fix add_gpu_components (bsc#1051510). - drm/msm/mdp5: Fix mdp5_cfg_init error return (bsc#1142635) - drm/nouveau: Do not retry infinitely when receiving no data on i2c (bsc#1142635) - drm/nouveau: fix memory leak in nouveau_conn_reset() (bsc#1051510). - drm/panel: simple: Fix panel_simple_dsi_probe (bsc#1051510). - drm/rockchip: Suspend DP late (bsc#1142635) - drm: silence variable 'conn' set but not used (bsc#1051510). - drm/udl: introduce a macro to convert dev to udl. (bsc#1113722) - drm/udl: move to embedding drm device inside udl device. (bsc#1113722) - drm/virtio: Add memory barriers for capset cache (bsc#1051510). - drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1135642) - drm/vmwgfx: fix memory leak when too many retries have occurred (bsc#1051510). - drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1135642) - Drop an ASoC fix that was reverted in 4.14.y stable - eCryptfs: fix a couple type promotion bugs (bsc#1051510). - EDAC/amd64: Add Family 17h Model 30h PCI IDs (bsc#1112178). - EDAC, amd64: Add Family 17h, models 10h-2fh support (bsc#1112178). - EDAC/amd64: Decode syndrome before translating address (bsc#1114279). - EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec (bsc#1114279). - eeprom: at24: make spd world-readable again (git-fixes). - efi/bgrt: Drop BGRT status field reserved bits check (bsc#1051510). - ehea: Fix a copy-paste err in ehea_init_port_res (bsc#1051510). - ext4: fix warning inside ext4_convert_unwritten_extents_endio (bsc#1152025). - ext4: set error return correctly when ext4_htree_store_dirent fails (bsc#1152024). - ext4: use jbd2_inode dirty range scoping (bsc#1148616). - firmware: raspberrypi: register clk device (jsc#SLE-7294). - firmware: ti_sci: Always request response from firmware (bsc#1051510). - Fixed https://bugzilla.kernel.org/show_bug.cgi?id=202935 allow write on the same file (bsc#1144333). - Fix encryption labels and lengths for SMB3.1.1 (bsc#1085536, bsc#1144333). - fix incorrect error code mapping for OBJECTID_NOT_FOUND (bsc#1144333). - Fix kABI after KVM fixes - Fix kabi for: NFSv4: Fix OPEN / CLOSE race (git-fixes). - Fix match_server check to allow for auto dialect negotiate (bsc#1144333). - Fix SMB3.1.1 guest authentication to Samba (bsc#1085536, bsc#1144333). - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510, bsc#1144333). - fix struct ufs_req removal of unused field (git-fixes). - Fix warning messages when mounting to older servers (bsc#1144333). - fs/cifs/cifsacl.c Fixes typo in a comment (bsc#1144333). - fs: cifs: cifsssmb: Change return type of convert_ace_to_cifs_ace (bsc#1144333). - fs/cifs: do not translate SFM_SLASH (U+F026) to backslash (bsc#1144333). - fs: cifs: Drop unlikely before IS_ERR(_OR_NULL) (bsc#1144333). - fs/cifs: fix uninitialised variable warnings (bsc#1144333). - fs: cifs: Kconfig: pedantic formatting (bsc#1144333). - fs: cifs: Replace _free_xid call in cifs_root_iget function (bsc#1144333). - fs/cifs: require sha512 (bsc#1051510, bsc#1144333). - fs/cifs: Simplify ib_post_(send|recv|srq_recv)() calls (bsc#1144333). - fs/cifs/smb2pdu.c: fix buffer free in SMB2_ioctl_free (bsc#1144333). - fs/cifs: suppress a string overflow warning (bsc#1144333). - fs/*/Kconfig: drop links to 404-compliant http://acl.bestbits.at (bsc#1144333). - fsl/fman: Use GFP_ATOMIC in {memac,tgec}_add_hash_mac_address() (bsc#1051510). - fs/xfs: Fix return code of xfs_break_leased_layouts() (bsc#1148031). - fs: xfs: xfs_log: Do not use KM_MAYFAIL at xfs_log_reserve() (bsc#1148033). - ftrace: Check for empty hash and comment the race with registering probes (bsc#1149418). - ftrace: Check for successful allocation of hash (bsc#1149424). - ftrace: Fix NULL pointer dereference in t_probe_next() (bsc#1149413). - gpio: Fix build error of function redefinition (bsc#1051510). - gpio: fix line flag validation in lineevent_create (bsc#1051510). - gpio: fix line flag validation in linehandle_create (bsc#1051510). - gpio: gpio-omap: add check for off wake capable gpios (bsc#1051510). - gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist (bsc#1051510). - gpiolib: fix incorrect IRQ requesting of an active-low lineevent (bsc#1051510). - gpiolib: never report open-drain/source lines as 'input' to user-space (bsc#1051510). - gpiolib: only check line handle flags once (bsc#1051510). - gpio: Move gpiochip_lock/unlock_as_irq to gpio/driver.h (bsc#1051510). - gpio: mxs: Get rid of external API call (bsc#1051510). - gpio: omap: ensure irq is enabled before wakeup (bsc#1051510). - gpio: pxa: handle corner case of unprobed device (bsc#1051510). - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM (bsc#1142635) - HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT (bsc#1051510). - HID: Add quirk for HP X1200 PIXART OEM mouse (bsc#1051510). - HID: cp2112: prevent sleeping function called from invalid context (bsc#1051510). - HID: hiddev: avoid opening a disconnected device (bsc#1051510). - HID: hiddev: do cleanup in failure of opening a device (bsc#1051510). - HID: holtek: test for sanity of intfdata (bsc#1051510). - HID: sony: Fix race condition between rumble and device remove (bsc#1051510). - HID: wacom: Correct distance scale for 2nd-gen Intuos devices (bsc#1142635). - HID: wacom: correct misreported EKR ring values (bsc#1142635). - HID: wacom: fix bit shift for Cintiq Companion 2 (bsc#1051510). - hpet: Fix division by zero in hpet_time_div() (bsc#1051510). - hwmon: (lm75) Fix write operations for negative temperatures (bsc#1051510). - hwmon: (nct6775) Fix register address and added missed tolerance for nct6106 (bsc#1051510). - hwmon: (nct7802) Fix wrong detection of in4 presence (bsc#1051510). - hwmon: (shtc1) fix shtc1 and shtw1 id mask (bsc#1051510). - i2c: emev2: avoid race when unregistering slave client (bsc#1051510). - i2c: piix4: Fix port selection for AMD Family 16h Model 30h (bsc#1051510). - i2c: qup: fixed releasing dma without flush operation completion (bsc#1051510). - IB/mlx5: Fix MR registration flow to use UMR properly (bsc#1093205 bsc#1145678). - ibmveth: Convert multicast list size for little-endian system (bsc#1061843). - ibmvnic: Do not process reset during or after device removal (bsc#1149652 ltc#179635). - ibmvnic: Unmap DMA address of TX descriptor buffers after use (bsc#1146351 ltc#180726). - ife: error out when nla attributes are empty (networking-stable-19_08_08). - igmp: fix memory leak in igmpv3_del_delrec() (networking-stable-19_07_25). - iio: adc: max9611: Fix misuse of GENMASK macro (bsc#1051510). - iio: adc: max9611: Fix temperature reading in probe (bsc#1051510). - iio: dac: ad5380: fix incorrect assignment to val (bsc#1051510). - iio: iio-utils: Fix possible incorrect mask calculation (bsc#1051510). - Improve security, move default dialect to SMB3 from old CIFS (bsc#1051510, bsc#1144333). - include/linux/bitops.h: sanitize rotate primitives (git fixes). - Input: alps - do not handle ALPS cs19 trackpoint-only device (bsc#1051510). - Input: alps - fix a mismatch between a condition check and its comment (bsc#1051510). - Input: elan_i2c - remove Lenovo Legion Y7000 PnpID (bsc#1051510). - Input: iforce - add sanity checks (bsc#1051510). - Input: kbtab - sanity check for endpoint type (bsc#1051510). - Input: synaptics - enable RMI mode for HP Spectre X360 (bsc#1051510). - Input: synaptics - whitelist Lenovo T580 SMBus intertouch (bsc#1051510). - Input: trackpoint - only expose supported controls for Elan, ALPS and NXP (bsc#1051510). - intel_th: pci: Add Ice Lake NNPI support (bsc#1051510). - intel_th: pci: Add support for another Lewisburg PCH (bsc#1051510). - intel_th: pci: Add Tiger Lake support (bsc#1051510). - iommu/amd: Add support for X2APIC IOMMU interrupts (bsc#1145010). - iommu/amd: Fix race in increase_address_space() (bsc#1150860). - iommu/amd: Flush old domains in kdump kernel (bsc#1150861). - iommu/amd: Move iommu_init_pci() to .init section (bsc#1149105). - iommu/dma: Fix for dereferencing before null checking (bsc#1151667). - iommu/dma: Handle SG length overflow better (bsc#1146084). - iommu/iova: Avoid false sharing on fq_timer_on (bsc#1151671). - iommu/iova: Fix compilation error with !CONFIG_IOMMU_IOVA (bsc#1145024). - iommu/vt-d: Do not queue_iova() if there is no flush queue (bsc#1145024). - ip6_tunnel: fix possible use-after-free on xmit (networking-stable-19_08_08). - ipip: validate header length in ipip_tunnel_xmit (git-fixes). - ipv4: do not set IPv6 only flags to IPv4 addresses (networking-stable-19_07_25). - ipv6/addrconf: allow adding multicast addr if IFA_F_MCAUTOJOIN is set (networking-stable-19_08_28). - irqchip/gic-v3-its: fix build warnings (bsc#1144880). - isdn/capi: check message length in capi_write() (bsc#1051510). - isdn: hfcsusb: checking idx of ep configuration (bsc#1051510). - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack (bsc#1051510). - isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain() (bsc#1051510). - iwlwifi: dbg: split iwl_fw_error_dump to two functions (bsc#1119086). - iwlwifi: do not unmap as page memory that was mapped as single (bsc#1051510). - iwlwifi: fix bad dma handling in page_mem dumping flow (bsc#1120902). - iwlwifi: fw: use helper to determine whether to dump paging (bsc#1106434). - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT on version < 41 (bsc#1142635). - iwlwifi: mvm: fix an out-of-bound access (bsc#1051510). - iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT support (bsc#1142635). - iwlwifi: pcie: do not service an interrupt that was masked (bsc#1142635). - iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X (bsc#1142635). - jbd2: flush_descriptor(): Do not decrease buffer head's ref count (bsc#1143843). - jbd2: introduce jbd2_inode dirty range scoping (bsc#1148616). - kABI: Fix kABI for 'struct amd_iommu' (bsc#1145010). - kABI: media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). fixes kABI - kABI: media: em28xx: stop rewriting device's struct (bsc#1051510). fixes kABI - kabi/severities: Whitelist a couple of xive functions xive_cleanup_irq_data and xive_native_populate_irq_data are exported by the xive interupt controller driver and used by KVM. I do not expect any out-of-tree driver can sanely use these. - kasan: remove redundant initialization of variable 'real_size' (git fixes). - kconfig/[mn]conf: handle backspace (^H) key (bsc#1051510). - keys: Fix missing null pointer check in request_key_auth_describe() (bsc#1051510). - kvm: arm64: Fix caching of host MDCR_EL2 value (bsc#1133021). - kvm: arm/arm64: Close VMID generation race (bsc#1133021). - kvm: arm/arm64: Convert kvm_host_cpu_state to a static per-cpu allocation (bsc#1133021). - kvm: arm/arm64: Drop resource size check for GICV window (bsc#1133021). - kvm: arm/arm64: Fix lost IRQs from emulated physcial timer when blocked (bsc#1133021). - kvm: arm/arm64: Fix VMID alloc race by reverting to lock-less (bsc#1133021). - kvm: arm/arm64: Handle CPU_PM_ENTER_FAILED (bsc#1133021). - kvm: arm/arm64: Reduce verbosity of KVM init log (bsc#1133021). - kvm: arm/arm64: Set dist->spis to NULL after kfree (bsc#1133021). - kvm: arm/arm64: Skip updating PMD entry if no change (bsc#1133021). - kvm: arm/arm64: Skip updating PTE entry if no change (bsc#1133021). - kvm: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending (bsc#1133021). - kvm: arm/arm64: vgic: Fix kvm_device leak in vgic_its_destroy (bsc#1133021). - kvm: arm/arm64: vgic-its: Fix potential overrun in vgic_copy_lpi_list (bsc#1133021). - kvm: arm/arm64: vgic-v3: Tighten synchronization for guests using v2 on v3 (bsc#1133021). - kvm: Disallow wraparound in kvm_gfn_to_hva_cache_init (bsc#1133021). - kvm/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel (bsc#1133021). - kvm: Fix leak vCPU's VMCS value into other pCPU (bsc#1145388). - kvm: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC (bsc#1145408). - kvm: mmu: Fix overlap between public and private memslots (bsc#1133021). - kvm: nVMX: allow setting the VMFUNC controls MSR (bsc#1145389). - kvm: nVMX: do not use dangling shadow VMCS after guest reset (bsc#1145390). - kvm: nVMX: Remove unnecessary sync_roots from handle_invept (bsc#1145391). - kvm: nVMX: Use adjusted pin controls for vmcs02 (bsc#1145392). - kvm: PPC: Book3S: Fix incorrect guest-to-user-translation error handling (bsc#1061840). - kvm: PPC: Book3S HV: Check for MMU ready on piggybacked virtual cores (bsc#1061840). - kvm: PPC: Book3S HV: Do not lose pending doorbell request on migration on P9 (bsc#1061840). - kvm: PPC: Book3S HV: Do not push XIVE context when not using XIVE device (bsc#1061840). - kvm: PPC: Book3S HV: Fix CR0 setting in TM emulation (bsc#1061840). - kvm: PPC: Book3S HV: Fix lockdep warning when entering the guest (bsc#1061840). - kvm: PPC: Book3S HV: Fix race in re-enabling XIVE escalation interrupts (bsc#1061840). - kvm: PPC: Book3S HV: Handle virtual mode in XIVE VCPU push code (bsc#1061840). - kvm: PPC: Book3S HV: XIVE: Free escalation interrupts before disabling the VP (bsc#1061840). - kvm: Reject device ioctls from processes other than the VM's creator (bsc#1133021). - kvm: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT with bad value (bsc#1145393). - kvm: VMX: check CPUID before allowing read/write of IA32_XSS (bsc#1145394). - kvm: VMX: Fix handling of #MC that occurs during VM-Entry (bsc#1145395). - kvm: x86: degrade WARN to pr_warn_ratelimited (bsc#1145409). - kvm: x86: Do not update RIP or do single-step on faulting emulation (bsc#1149104). - kvm: x86: fix backward migration with async_PF (bsc#1146074). - kvm/x86: Move MSR_IA32_ARCH_CAPABILITIES to array emulated_msrs (bsc#1134881 bsc#1134882). - kvm: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083). - kvm: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083). - kvm: x86: Unconditionally enable irqs in guest context (bsc#1145396). - kvm: x86/vPMU: refine kvm_pmu err msg when event creation failed (bsc#1145397). - lan78xx: Fix memory leaks (bsc#1051510). - leds: leds-lp5562 allow firmware files up to the maximum length (bsc#1051510). - leds: trigger: gpio: GPIO 0 is valid (bsc#1051510). - libata: add SG safety checks in SFF pio transfers (bsc#1051510). - libata: do not request sense data on !ZAC ATA devices (bsc#1051510). - libata: have ata_scsi_rw_xlat() fail invalid passthrough requests (bsc#1051510). - libata: zpodd: Fix small read overflow in zpodd_get_mech_type() (bsc#1051510). - libceph: add osd_req_op_extent_osd_data_bvecs() (bsc#1141450). - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer (bsc#1148133). - libceph: assign cookies in linger_submit() (bsc#1135897). - libceph: check reply num_data_items in setup_request_data() (bsc#1135897). - libceph: do not consume a ref on pagelist in ceph_msg_data_add_pagelist() (bsc#1135897). - libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() (bsc#1135897). - libceph: fix PG split vs OSD (re)connect race (bsc#1148133). - libceph: handle zero-length data items (bsc#1141450). - libceph: introduce alloc_watch_request() (bsc#1135897). - libceph: introduce BVECS data type (bsc#1141450). - libceph: introduce ceph_pagelist_alloc() (bsc#1135897). - libceph: preallocate message data items (bsc#1135897). - libceph, rbd: add error handling for osd_req_op_cls_init() (bsc#1135897). - libceph, rbd, ceph: move ceph_osdc_alloc_messages() calls (bsc#1135897). - libceph, rbd: new bio handling code (aka do not clone bios) (bsc#1141450). - libceph: use single request data item for cmp/setxattr (bsc#1139101). - libertas_tf: Use correct channel range in lbtf_geo_init (bsc#1051510). - libiscsi: do not try to bypass SCSI EH (bsc#1142076). - libnvdimm/pfn: Store correct value of npfns in namespace superblock (bsc#1146381 ltc#180720). - liquidio: add cleanup in octeon_setup_iq() (bsc#1051510). - livepatch: Nullify obj->mod in klp_module_coming()'s error path (bsc#1071995). - loop: set PF_MEMALLOC_NOIO for the worker thread (git fixes). - mac80211: do not warn about CW params when not using them (bsc#1051510). - mac80211: do not WARN on short WMM parameters from AP (bsc#1051510). - mac80211: fix possible memory leak in ieee80211_assign_beacon (bsc#1142635). - mac80211: fix possible sta leak (bsc#1051510). - mac80211: minstrel_ht: fix per-group max throughput rate initialization (bsc#1051510). - macsec: fix checksumming after decryption (bsc#1051510). - macsec: fix use-after-free of skb during RX (bsc#1051510). - macsec: let the administrator set UP state even if lowerdev is down (bsc#1051510). - macsec: update operstate when lower device changes (bsc#1051510). - mailbox: handle failed named mailbox channel request (bsc#1051510). - md: add mddev->pers to avoid potential NULL pointer dereference (git fixes). - md: do not report active array_state until after revalidate_disk() completes (git-fixes). - md: only call set_in_sync() when it is expected to succeed (git-fixes). - md/raid6: Set R5_ReadError when there is read failure on parity disk (git-fixes). - md/raid: raid5 preserve the writeback action after the parity check (git fixes). - media: atmel: atmel-isi: fix timeout value for stop streaming (bsc#1051510). - media: au0828: fix null dereference in error path (bsc#1051510). - media: coda: fix last buffer handling in V4L2_ENC_CMD_STOP (bsc#1051510). - media: coda: fix mpeg2 sequence number handling (bsc#1051510). - media: coda: increment sequence offset for the last returned frame (bsc#1051510). - media: coda: Remove unbalanced and unneeded mutex unlock (bsc#1051510). - media: dib0700: fix link error for dibx000_i2c_set_speed (bsc#1051510). - media: dvb: usb: fix use after free in dvb_usb_device_exit (bsc#1051510). - media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). - media: em28xx: stop rewriting device's struct (bsc#1051510). - media: fdp1: Reduce FCP not found message level to debug (bsc#1051510). - media: hdpvr: fix locking and a missing msleep (bsc#1051510). - media: marvell-ccic: do not generate EOF on parallel bus (bsc#1051510). - media: mc-device.c: do not memset __user pointer contents (bsc#1051510). - media: media_device_enum_links32: clean a reserved field (bsc#1051510). - media: ov6650: Fix sensor possibly not detected on probe (bsc#1051510). - media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper (bsc#1051510). - media: pvrusb2: use a different format for warnings (bsc#1051510). - media: replace strcpy() by strscpy() (bsc#1051510). - media: Revert '[media] marvell-ccic: reset ccic phy when stop streaming for stability' (bsc#1051510). - media: spi: IR LED: add missing of table registration (bsc#1051510). - media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails (bsc#1051510). - media: technisat-usb2: break out of loop at end of buffer (bsc#1051510). - media: tm6000: double free if usb disconnect while streaming (bsc#1051510). - media: vb2: Fix videobuf2 to map correct area (bsc#1051510). - media: vpss: fix a potential NULL pointer dereference (bsc#1051510). - media: wl128x: Fix some error handling in fm_v4l2_init_video_device() (bsc#1051510). - mfd: arizona: Fix undefined behavior (bsc#1051510). - mfd: core: Set fwnode for created devices (bsc#1051510). - mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk (bsc#1051510). - mfd: intel-lpss: Add Intel Comet Lake PCI IDs (jsc#SLE-4875). - mic: avoid statically declaring a 'struct device' (bsc#1051510). - mm: add filemap_fdatawait_range_keep_errors() (bsc#1148616). - mmc: cavium: Add the missing dma unmap when the dma has finished (bsc#1051510). - mmc: cavium: Set the correct dma max segment size for mmc_host (bsc#1051510). - mmc: core: Fix init of SD cards reporting an invalid VDD range (bsc#1051510). - mmc: dw_mmc: Fix occasional hang after tuning on eMMC (bsc#1051510). - mmc: sdhci-msm: fix mutex while in spinlock (bsc#1142635). - mmc: sdhci-of-arasan: Do now show error message in case of deffered probe (bsc#1119086). - mmc: sdhci-of-at91: add quirk for broken HS200 (bsc#1051510). - mmc: sdhci-pci: Add support for Intel CML (jsc#SLE-4875). - mmc: sdhci-pci: Add support for Intel ICP (jsc#SLE-4875). - mm: do not stall register_shrinker() (bsc#1104902, VM Performance). - mm/hmm: fix bad subpage pointer in try_to_unmap_one (bsc#1148202, HMM, VM Functionality). - mm/hotplug: fix offline undo_isolate_page_range() (bsc#1148196, VM Functionality). - mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node (bsc#1148379, VM Functionality). - mm/memcontrol.c: fix use after free in mem_cgroup_iter() (bsc#1149224, VM Functionality). - mm/memory.c: recheck page table entry with page table lock held (bsc#1148363, VM Functionality). - mm/migrate.c: initialize pud_entry in migrate_vma() (bsc#1148198, HMM, VM Functionality). - mm/mlock.c: change count_mm_mlocked_page_nr return type (bsc#1148527, VM Functionality). - mm/mlock.c: mlockall error for flag MCL_ONFAULT (bsc#1148527, VM Functionality). - mm/page_alloc.c: fix calculation of pgdat->nr_zones (bsc#1148192, VM Functionality). - mm: page_mapped: do not assume compound page is huge or THP (bsc#1148574, VM Functionality). - mm, page_owner: handle THP splits correctly (bsc#1149197, VM Debugging Functionality). - mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy() (bsc#1118689). - mm/vmscan.c: fix trying to reclaim unevictable LRU page (bsc#1149214, VM Functionality). - move a few externs to smbdirect.h to eliminate warning (bsc#1144333). - move irq_data_get_effective_affinity_mask prior the sorted section - Move upstreamed BT fix into sorted section - Move upstreamed nvme fix into sorted section - mpls: fix warning with multi-label encap (bsc#1051510). - mtd: spi-nor: Fix Cadence QSPI RCU Schedule Stall (bsc#1051510). - mvpp2: refactor MTU change code (networking-stable-19_08_08). - nbd: replace kill_bdev() with __invalidate_device() again (git fixes). - Negotiate and save preferred compression algorithms (bsc#1144333). - net/9p: include trans_common.h to fix missing prototype warning (bsc#1051510). - net: bcmgenet: use promisc for unsupported filters (networking-stable-19_07_25). - net: bridge: delete local fdb on device init failure (networking-stable-19_08_08). - net: bridge: mcast: do not delete permanent entries when fast leave is enabled (networking-stable-19_08_08). - net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query (networking-stable-19_07_25). - net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling (networking-stable-19_07_25). - net: bridge: stp: do not cache eth dest pointer before skb pull (networking-stable-19_07_25). - net: dsa: mv88e6xxx: wait after reset deactivation (networking-stable-19_07_25). - net: ena: add ethtool function for changing io queue sizes (bsc#1139020 bsc#1139021). - net: ena: add good checksum counter (bsc#1139020 bsc#1139021). - net: ena: add handling of llq max tx burst size (bsc#1139020 bsc#1139021). - net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1139020 bsc#1139021). - net: ena: add newline at the end of pr_err prints (bsc#1139020 bsc#1139021). - net: ena: add support for changing max_header_size in LLQ mode (bsc#1139020 bsc#1139021). - net: ena: allow automatic fallback to polling mode (bsc#1139020 bsc#1139021). - net: ena: allow queue allocation backoff when low on memory (bsc#1139020 bsc#1139021). - net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1139020 bsc#1139021). - net: ena: enable negotiating larger Rx ring size (bsc#1139020 bsc#1139021). - net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1139020 bsc#1139021). - net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1139020 bsc#1139021). - net: ena: fix ena_com_fill_hash_function() implementation (bsc#1139020 bsc#1139021). - net: ena: fix: Free napi resources when ena_up() fails (bsc#1139020 bsc#1139021). - net: ena: fix incorrect test of supported hash function (bsc#1139020 bsc#1139021). - net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1139020 bsc#1139021). - net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1139020 bsc#1139021). - net: ena: gcc 8: fix compilation warning (bsc#1139020 bsc#1139021). - net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1139020 bsc#1139021). - net: ena: make ethtool show correct current and max queue sizes (bsc#1139020 bsc#1139021). - net: ena: optimise calculations for CQ doorbell (bsc#1139020 bsc#1139021). - net: ena: remove inline keyword from functions in *.c (bsc#1139020 bsc#1139021). - net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1139020 bsc#1139021). - net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1139020 bsc#1139021). - net: ena: use dev_info_once instead of static variable (bsc#1139020 bsc#1139021). - net: fix ifindex collision during namespace removal (networking-stable-19_08_08). - net: Fix netdev_WARN_ONCE macro (git-fixes). - net/ibmvnic: Fix missing { in __ibmvnic_reset (bsc#1149652 ltc#179635). - net/ibmvnic: free reset work of removed device from queue (bsc#1149652 ltc#179635). - net/ibmvnic: prevent more than one thread from running in reset (bsc#1152457 ltc#174432). - net/ibmvnic: unlock rtnl_lock in reset so linkwatch_event can run (bsc#1152457 ltc#174432). - net: Introduce netdev_*_once functions (networking-stable-19_07_25). - net: make skb_dst_force return true when dst is refcounted (networking-stable-19_07_25). - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command (bsc#1145678). - net/mlx5e: IPoIB, Add error path in mlx5_rdma_setup_rn (networking-stable-19_07_25). - net/mlx5e: Only support tx/rx pause setting for port owner (networking-stable-19_08_21). - net/mlx5e: Prevent encap flow counter update async to user query (networking-stable-19_08_08). - net/mlx5e: Use flow keys dissector to parse packets for ARFS (networking-stable-19_08_21). - net/mlx5: Use reversed order when unregister devices (networking-stable-19_08_08). - net: neigh: fix multiple neigh timer scheduling (networking-stable-19_07_25). - net: openvswitch: fix csum updates for MPLS actions (networking-stable-19_07_25). - net/packet: fix race in tpacket_snd() (networking-stable-19_08_21). - net: remove duplicate fetch in sock_getsockopt (networking-stable-19_07_02). - netrom: fix a memory leak in nr_rx_frame() (networking-stable-19_07_25). - netrom: hold sock when setting skb->destructor (networking-stable-19_07_25). - net: sched: Fix a possible null-pointer dereference in dequeue_func() (networking-stable-19_08_08). - net_sched: unset TCQ_F_CAN_BYPASS when adding filters (networking-stable-19_07_25). - net: sched: verify that q!=NULL before setting q->flags (git-fixes). - net/smc: do not schedule tx_work in SMC_CLOSED state (bsc#1149963). - net/smc: make sure EPOLLOUT is raised (networking-stable-19_08_28). - net/smc: original socket family in inet_sock_diag (bsc#1149959). - net: stmmac: fixed new system time seconds value calculation (networking-stable-19_07_02). - net: stmmac: set IC bit when transmitting frames with HW timestamp (networking-stable-19_07_02). - net: usb: pegasus: fix improper read if get_registers() fail (bsc#1051510). - nfc: fix potential illegal memory access (bsc#1051510). - NFS4: Fix v4.0 client state corruption when mount (git-fixes). - NFS: Cleanup if nfs_match_client is interrupted (bsc#1134291). - nfsd: degraded slot-count more gracefully as allocation nears exhaustion (bsc#1150381). - nfsd: Do not release the callback slot unless it was actually held (git-fixes). - nfsd: Fix overflow causing non-working mounts on 1 TB machines (bsc#1150381). - nfsd: fix performance-limiting session calculation (bsc#1150381). - nfsd: give out fewer session slots as limit approaches (bsc#1150381). - nfsd: handle drc over-allocation gracefully (bsc#1150381). - nfsd: increase DRC cache limit (bsc#1150381). - NFS: Do not interrupt file writeout due to fatal errors (git-fixes). - NFS: Do not open code clearing of delegation state (git-fixes). - NFS: Ensure O_DIRECT reports an error if the bytes read/written is 0 (git-fixes). - NFS: Fix a double unlock from nfs_match,get_client (bsc#1134291). - NFS: Fix regression whereby fscache errors are appearing on 'nofsc' mounts (git-fixes). - NFS: Fix the inode request accounting when pages have subrequests (bsc#1140012). - NFS: Forbid setting AF_INET6 to 'struct sockaddr_in'->sin_family (git-fixes). - NFS: make nfs_match_client killable (bsc#1134291). - NFS: Refactor nfs_lookup_revalidate() (git-fixes). - NFS: Remove redundant semicolon (git-fixes). - NFSv4.1: Again fix a race where CB_NOTIFY_LOCK fails to wake a waiter (git-fixes). - NFSv4.1: Fix open stateid recovery (git-fixes). - NFSv4.1: Only reap expired delegations (git-fixes). - NFSv4: Check the return value of update_open_stateid() (git-fixes). - NFSv4: Fix an Oops in nfs4_do_setattr (git-fixes). - NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim() (git-fixes). - NFSv4: Fix delegation state recovery (git-fixes). - NFSv4: Fix lookup revalidate of regular files (git-fixes). - NFSv4: Fix OPEN / CLOSE race (git-fixes). - NFSv4: Handle the special Linux file open access mode (git-fixes). - NFSv4: Only pass the delegation to setattr if we're sending a truncate (git-fixes). - NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend() (git-fixes). - nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header (git fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - null_blk: complete requests from ->timeout (bsc#1149446). - null_blk: wire up timeouts (bsc#1149446). - nvme: cancel request synchronously (bsc#1145661). - nvme: change locking for the per-subsystem controller list (bsc#1142541). - nvme-core: Fix extra device_put() call on error path (bsc#1142541). - nvme-fc: fix module unloads while lports still pending (bsc#1150033). - nvme: fix multipath crash when ANA is deactivated (bsc#1149446). - nvme: fix possible use-after-free in connect error flow (bsc#1139500, bsc#1140426) - nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN (bsc#1146938). - nvme-multipath: fix ana log nsid lookup when nsid is not found (bsc#1141554). - nvme-multipath: relax ANA state check (bsc#1123105). - nvme-multipath: revalidate nvme_ns_head gendisk in nvme_validate_ns (bsc#1120876). - nvmem: Use the same permissions for eeprom as for nvmem (git-fixes). - nvme-rdma: Allow DELETING state change failure in (bsc#1104967,). - nvme-rdma: centralize admin/io queue teardown sequence (bsc#1142076). - nvme-rdma: centralize controller setup sequence (bsc#1142076). - nvme-rdma: fix a NULL deref when an admin connect times out (bsc#1149446). - nvme-rdma: fix timeout handler (bsc#1149446). - nvme-rdma: stop admin queue before freeing it (bsc#1140155). - nvme-rdma: support up to 4 segments of inline data (bsc#1142076). - nvme-rdma: unquiesce queues when deleting the controller (bsc#1142076). - nvme: remove ns sibling before clearing path (bsc#1140155). - nvme: return BLK_EH_DONE from ->timeout (bsc#1142076). - nvme: Return BLK_STS_TARGET if the DNR bit is set (bsc#1142076). - objtool: Add rewind_stack_do_exit() to the noreturn list (bsc#1145302). - objtool: Support GCC 9 cold subfunction naming scheme (bsc#1145300). - octeon_mgmt: Fix MIX registers configuration on MTU setup (bsc#1051510). - PCI: hv: Detect and fix Hyper-V PCI domain number collision (bsc#1150423). - PCI: hv: Fix panic by calling hv_pci_remove_slots() earlier (bsc#1142701). - PCI: PM/ACPI: Refresh all stale power state data in pci_pm_complete() (bsc#1149106). - PCI: qcom: Ensure that PERST is asserted for at least 100 ms (bsc#1142635). - PCI: Restore Resizable BAR size bits correctly for 1MB BARs (bsc#1143841). - PCI: xilinx-nwl: Fix Multi MSI data programming (bsc#1142635). - phy: qcom-qusb2: Fix crash if nvmem cell not specified (bsc#1051510). - phy: renesas: rcar-gen2: Fix memory leak at error paths (bsc#1051510). - phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current (bsc#1051510). - pinctrl: pistachio: fix leaked of_node references (bsc#1051510). - pinctrl: rockchip: fix leaked of_node references (bsc#1051510). - platform/x86: pmc_atom: Add Siemens SIMATIC IPC227E to critclk_systems DMI table (bsc#1051510). - PM / devfreq: rk3399_dmc: do not print error when get supply and clk defer (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: fix spelling mistakes (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: Pass ODT and auto power down parameters to TF-A (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: remove unneeded semicolon (bsc#1144718,bsc#1144813). - PM / devfreq: rk3399_dmc: remove wait for dcf irq event (bsc#1144718,bsc#1144813). - PM / devfreq: rockchip-dfi: Move GRF definitions to a common place (bsc#1144718,bsc#1144813). - PM / OPP: OF: Use pr_debug() instead of pr_err() while adding OPP table (jsc#SLE-7294). - PM: sleep: Fix possible overflow in pm_system_cancel_wakeup() (bsc#1051510). - pnfs fallback to MDS if no deviceid found (git-fixes). - pnfs/flexfiles: Fix PTR_ERR() dereferences in ff_layout_track_ds_error (git-fixes). - pnfs/flexfiles: Turn off soft RPC calls (git-fixes). - powerpc/64: Make sys_switch_endian() traceable (bsc#1065729). - powerpc/64s: Include cpu header (bsc#1065729). - powerpc/64s/radix: Fix MADV_[FREE|DONTNEED] TLB flush miss problem with THP (bsc#1152161 ltc#181664). - powerpc/64s/radix: Fix memory hotplug section page table creation (bsc#1065729). - powerpc/64s/radix: Fix memory hot-unplug page table split (bsc#1065729). - powerpc/64s/radix: Implement _tlbie(l)_va_range flush functions (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve preempt handling in TLB code (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve TLB flushing for page table freeing (bsc#1152161 ltc#181664). - powerpc/64s/radix: Introduce local single page ceiling for TLB range flush (bsc#1055117 bsc#1152161 ltc#181664). - powerpc/64s/radix: Optimize flush_tlb_range (bsc#1152161 ltc#181664). - powerpc/64s: support nospectre_v2 cmdline option (bsc#1131107). - powerpc: Allow flush_(inval_)dcache_range to work across ranges >4GB (bsc#1146575 ltc#180764). - powerpc/book3s/64: check for NULL pointer in pgd_alloc() (bsc#1078248, git-fixes). - powerpc/book3s64/mm: Do not do tlbie fixup for some hardware revisions (bsc#1152161 ltc#181664). - powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG feature flag (bsc#1152161 ltc#181664). - powerpc: bpf: Fix generation of load/store DW instructions (bsc#1065729). - powerpc/bpf: use unsigned division instruction for 64-bit operations (bsc#1065729). - powerpc: Drop page_is_ram() and walk_system_ram_range() (bsc#1065729). - powerpc: dump kernel log before carrying out fadump or kdump (bsc#1149940 ltc#179958). - powerpc/fadump: Do not allow hot-remove memory from fadump reserved area (bsc#1120937). - powerpc/fadump: Reservationless firmware assisted dump (bsc#1120937). - powerpc/fadump: Throw proper error message on fadump registration failure (bsc#1120937). - powerpc/fadump: use kstrtoint to handle sysfs store (bsc#1146376). - powerpc/fadump: when fadump is supported register the fadump sysfs files (bsc#1146352). - powerpc/fsl: Add nospectre_v2 command line argument (bsc#1131107). - powerpc/fsl: Update Spectre v2 reporting (bsc#1131107). - powerpc/irq: Do not WARN continuously in arch_local_irq_restore() (bsc#1065729). - powerpc/irq: drop arch_early_irq_init() (bsc#1065729). - powerpc/kdump: Handle crashkernel memory reservation failure (bsc#1143466 LTC#179600). - powerpc/lib: Fix feature fixup test of external branch (bsc#1065729). - powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue on POWER9 (bsc#1152161 ltc#181664). - powerpc/mm: Handle page table allocation failures (bsc#1065729). - powerpc/mm/hash/4k: Do not use 64K page size for vmemmap with 4K pagesize (bsc#1142685 LTC#179509). - powerpc/mm/radix: Drop unneeded NULL check (bsc#1152161 ltc#181664). - powerpc/mm/radix: implement LPID based TLB flushes to be used by KVM (bsc#1152161 ltc#181664). - powerpc/mm/radix: Use the right page size for vmemmap mapping (bsc#1055117 bsc#1142685 LTC#179509). - powerpc/mm: Simplify page_is_ram by using memblock_is_memory (bsc#1065729). - powerpc/mm: Use memblock API for PPC32 page_is_ram (bsc#1065729). - powerpc/module64: Fix comment in R_PPC64_ENTRY handling (bsc#1065729). - powerpc/perf: Add constraints for power9 l2/l3 bus events (bsc#1056686). - powerpc/perf: Add mem access events to sysfs (bsc#1124370). - powerpc/perf: Cleanup cache_sel bits comment (bsc#1056686). - powerpc/perf: Fix thresholding counter data for unknown type (bsc#1056686). - powerpc/perf: Remove PM_BR_CMPL_ALT from power9 event list (bsc#1047238, bsc#1056686). - powerpc/perf: Update perf_regs structure to include SIER (bsc#1056686). - powerpc/powernv: Fix compile without CONFIG_TRACEPOINTS (bsc#1065729). - powerpc/powernv: Flush console before platform error reboot (bsc#1149940 ltc#179958). - powerpc/powernv/ioda2: Allocate TCE table levels on demand for default DMA window (bsc#1061840). - powerpc/powernv/ioda: Fix race in TCE level allocation (bsc#1061840). - powerpc/powernv: move OPAL call wrapper tracing and interrupt handling to C (bsc#1065729). - powerpc/powernv/npu: Remove obsolete comment about TCE_KILL_INVAL_ALL (bsc#1065729). - powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler (bsc#1065729). - powerpc/powernv: Return for invalid IMC domain (bsc1054914, git-fixes). - powerpc/powernv: Use kernel crash path for machine checks (bsc#1149940 ltc#179958). - powerpc/pseries: add missing cpumask.h include file (bsc#1065729). - powerpc/pseries: Call H_BLOCK_REMOVE when supported (bsc#1109158). - powerpc/pseries: correctly track irq state in default idle (bsc#1150727 ltc#178925). - powerpc/pseries: Fix cpu_hotplug_lock acquisition in resize_hpt() (bsc#1065729). - powerpc/pseries: Fix xive=off command line (bsc#1085030, git-fixes). - powerpc/pseries/memory-hotplug: Fix return value type of find_aa_index (bsc#1065729). - powerpc/pseries, ps3: panic flush kernel messages before halting system (bsc#1149940 ltc#179958). - powerpc/pseries: Read TLB Block Invalidate Characteristics (bsc#1109158). - powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning (bsc#1148868). - powerpc/rtas: use device model APIs and serialization during LPM (bsc#1144123 ltc#178840). - powerpc/security: Show powerpc_security_features in debugfs (bsc#1131107). - powerpc/xive: Fix bogus error code returned by OPAL (bsc#1065729). - powerpc/xive: Fix dump of XIVE interrupt under pseries (bsc#1142019). - powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask() (bsc#1085030, bsc#1145189, LTC#179762). - powerpc/xive: Implement get_irqchip_state method for XIVE to fix shutdown race (bsc#1065729). - powerpc/xmon: Add a dump of all XIVE interrupts (bsc#1142019). - powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL (bsc#1142019). - powerpc/xmon: Fix opcode being uninitialized in print_insn_powerpc (bsc#1065729). - power: reset: gpio-restart: Fix typo when gpio reset is not found (bsc#1051510). - power: supply: Init device wakeup after device_add() (bsc#1051510). - ppp: Fix memory leak in ppp_write (git-fixes). - printk: Do not lose last line in kmsg buffer dump (bsc#1152460). - printk: fix printk_time race (bsc#1152466). - printk/panic: Avoid deadlock in printk() after stopping CPUs by NMI (bsc#1148712). - qede: fix write to free'd pointer error and double free of ptp (bsc#1051510). - qla2xxx: kABI fixes for v10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - qla2xxx: remove SGI SN2 support (bsc#1123034 bsc#1131304 bsc#1127988). - qlge: Deduplicate lbq_buf_size (bsc#1106061). - qlge: Deduplicate rx buffer queue management (bsc#1106061). - qlge: Factor out duplicated expression (bsc#1106061). - qlge: Fix dma_sync_single calls (bsc#1106061). - qlge: Fix irq masking in INTx mode (bsc#1106061). - qlge: Refill empty buffer queues from wq (bsc#1106061). - qlge: Refill rx buffers up to multiple of 16 (bsc#1106061). - qlge: Remove bq_desc.maplen (bsc#1106061). - qlge: Remove irq_cnt (bsc#1106061). - qlge: Remove page_chunk.last_flag (bsc#1106061). - qlge: Remove qlge_bq.len & size (bsc#1106061). - qlge: Remove rx_ring.sbq_buf_size (bsc#1106061). - qlge: Remove rx_ring.type (bsc#1106061). - qlge: Remove useless dma synchronization calls (bsc#1106061). - qlge: Remove useless memset (bsc#1106061). - qlge: Replace memset with assignment (bsc#1106061). - qlge: Update buffer queue prod index despite oom (bsc#1106061). - quota: fix wrong condition in is_quota_modification() (bsc#1152026). - r8152: Set memory to all 0xFFs on failed reg reads (bsc#1051510). - rbd: do not (ab)use obj_req->pages for stat requests (bsc#1141450). - rbd: do not NULL out ->obj_request in rbd_img_obj_parent_read_full() (bsc#1141450). - rbd: get rid of img_req->copyup_pages (bsc#1141450). - rbd: move from raw pages to bvec data descriptors (bsc#1141450). - rbd: remove bio cloning helpers (bsc#1141450). - rbd: start enums at 1 instead of 0 (bsc#1141450). - rbd: use kmem_cache_zalloc() in rbd_img_request_create() (bsc#1141450). - regmap: fix bulk writes on paged registers (bsc#1051510). - regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg (bsc#1051510). - regulator: qcom_spmi: Fix math of spmi_regulator_set_voltage_time_sel (bsc#1051510). - Remove ifdef since SMB3 (and later) now STRONGLY preferred (bsc#1051510, bsc#1144333). - Revert 'Bluetooth: validate BLE connection interval updates' (bsc#1051510). - Revert 'cfg80211: fix processing world regdomain when non modular' (bsc#1051510). - Revert 'dm bufio: fix deadlock with loop device' (git fixes). - Revert i915 userptr page lock patch (bsc#1145051) - Revert 'mwifiex: fix system hang problem after resume' (bsc#1051510). - Revert 'net: ena: ethtool: add extra properties retrieval via get_priv_flags' (bsc#1139020 bsc#1139021). - Revert 'scsi: ncr5380: Increase register polling limit' (git-fixes). - Revert 'scsi: ufs: disable vccq if it's not needed by UFS device' (git-fixes). - rpm/kernel-binary.spec.in: Enable missing modules check. - rpm/kernel-binary.spec.in: Enable missing modules check. - rpmsg: added MODULE_ALIAS for rpmsg_char (bsc#1051510). - rpmsg: smd: do not use mananged resources for endpoints and channels (bsc#1051510). - rpmsg: smd: fix memory leak on channel create (bsc#1051510). - rsi: improve kernel thread handling to fix kernel panic (bsc#1051510). - rslib: Fix decoding of shortened codes (bsc#1051510). - rslib: Fix handling of of caller provided syndrome (bsc#1051510). - rtc: pcf8523: do not return invalid date when battery is low (bsc#1051510). - rxrpc: Fix send on a connected, but unbound socket (networking-stable-19_07_25). - s390/cio: fix ccw_device_start_timeout API (bsc#1142109 LTC#179339). - s390/dasd: fix endless loop after read unit address configuration (bsc#1144912 LTC#179907). - s390/qdio: handle PENDING state for QEBSM devices (bsc#1142117 bsc#1142118 bsc#1142119 LTC#179329 LTC#179330 LTC#179331). - s390/qeth: avoid control IO completion stalls (bsc#1142109 LTC#179339). - s390/qeth: cancel cmd on early error (bsc#1142109 LTC#179339). - s390/qeth: fix request-side race during cmd IO timeout (bsc#1142109 LTC#179339). - s390/qeth: release cmd buffer in error paths (bsc#1142109 LTC#179339). - s390/qeth: simplify reply object handling (bsc#1142109 LTC#179339). - samples, bpf: fix to change the buffer size for read() (bsc#1051510). - samples: mei: use /dev/mei0 instead of /dev/mei (bsc#1051510). - sched/fair: Do not free p->numa_faults with concurrent readers (bsc#1144920). - sched/fair: Use RCU accessors consistently for ->numa_group (bsc#1144920). - scripts/checkstack.pl: Fix arm64 wrong or unknown architecture (bsc#1051510). - scripts/decode_stacktrace: only strip base path when a prefix of the path (bsc#1051510). - scripts/decode_stacktrace.sh: prefix addr2line with $CROSS_COMPILE (bsc#1051510). - scripts/gdb: fix lx-version string output (bsc#1051510). - scripts/git_sort/git_sort.py: - scsi: aacraid: Fix missing break in switch statement (git-fixes). - scsi: aacraid: Fix performance issue on logical drives (git-fixes). - scsi: aic94xx: fix an error code in aic94xx_init() (git-fixes). - scsi: aic94xx: fix module loading (git-fixes). - scsi: bfa: convert to strlcpy/strlcat (git-fixes). - scsi: bnx2fc: fix incorrect cast to u64 on shift operation (git-fixes). - scsi: bnx2fc: Fix NULL dereference in error handling (git-fixes). - scsi: core: Fix race on creating sense cache (git-fixes). - scsi: core: set result when the command cannot be dispatched (git-fixes). - scsi: core: Synchronize request queue PM status only on successful resume (git-fixes). - scsi: cxlflash: Mark expected switch fall-throughs (bsc#1148868). - scsi: cxlflash: Prevent deadlock when adapter probe fails (git-fixes). - scsi: esp_scsi: Track residual for PIO transfers (git-fixes) Also, mitigate kABI changes. - scsi: fas216: fix sense buffer initialization (git-fixes). - scsi: isci: initialize shost fully before calling scsi_add_host() (git-fixes). - scsi: libfc: fix null pointer dereference on a null lport (git-fixes). - scsi: libsas: delete sas port if expander discover failed (git-fixes). - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached (git-fixes). - scsi: mac_scsi: Fix pseudo DMA implementation, take 2 (git-fixes). - scsi: mac_scsi: Increase PIO/PDMA transfer length threshold (git-fixes). - scsi: megaraid: fix out-of-bound array accesses (git-fixes). - scsi: megaraid_sas: Fix calculation of target ID (git-fixes). - scsi: NCR5380: Always re-enable reselection interrupt (git-fixes). - scsi: qedf: Add debug information for unsolicited processing (bsc#1149976). - scsi: qedf: Add shutdown callback handler (bsc#1149976). - scsi: qedf: Add support for 20 Gbps speed (bsc#1149976). - scsi: qedf: Check both the FCF and fabric ID before servicing clear virtual link (bsc#1149976). - scsi: qedf: Check for link state before processing LL2 packets and send fipvlan retries (bsc#1149976). - scsi: qedf: Check for module unloading bit before processing link update AEN (bsc#1149976). - scsi: qedf: Decrease the LL2 MTU size to 2500 (bsc#1149976). - scsi: qedf: Fix race betwen fipvlan request and response path (bsc#1149976). - scsi: qedf: Initiator fails to re-login to switch after link down (bsc#1149976). - scsi: qedf: Print message during bailout conditions (bsc#1149976). - scsi: qedf: remove memset/memcpy to nfunc and use func instead (git-fixes). - scsi: qedf: remove set but not used variables (bsc#1149976). - scsi: qedf: Stop sending fipvlan request on unload (bsc#1149976). - scsi: qedf: Update module description string (bsc#1149976). - scsi: qedf: Update the driver version to 8.37.25.20 (bsc#1149976). - scsi: qedf: Update the version to 8.42.3.0 (bsc#1149976). - scsi: qedf: Use discovery list to traverse rports (bsc#1149976). - scsi: qedi: remove declaration of nvm_image from stack (git-fixes). - scsi: qla2xxx: Add 28xx flash primary/secondary status/image mechanism (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add cleanup for PCI EEH recovery (bsc#1129424). - scsi: qla2xxx: Add Device ID for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add First Burst support for FC-NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add fw_attr and port_no SysFS node (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add new FW dump template entry types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add pci function reset support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add protection mask module parameters (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add Serdes support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for multiple fwdump templates/segments (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for setting port speed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Allow NVMe IO to resume with short cable pull (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: allow session delete to finish before create (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid PCI IRQ affinity mapping when multiqueue is not supported (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: avoid printf format warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that Coverity complains about dereferencing a NULL rport pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if called twice (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory (git-fixes). - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change abort wait_loop from msleep to wait_event_timeout (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change data_dsd into an array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change default ZIO threshold (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla24xx_read_flash_data() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla2x00_update_ms_fdmi_iocb() into void (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for FW started flag before aborting (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: check for kstrtol() failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check secondary image if reading the primary image fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the PCI info string output buffer size (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the size of firmware data structures at compile time (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup fcport memory to prevent leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds during unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: cleanup trace buffer initialization (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a command is released that is owned by the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a mailbox command times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a soft reset fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if parsing the version string fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if sp->done() is not called from the completion path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if waiting for pending commands times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain loudly about reference count underflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correct error handling during initialization failures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correction and improvement to fwdt processing (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correctly report max/min supported speeds (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: deadlock by configfs_depend_item (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare fourth qla2x00_set_model_info() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare local symbols static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla_tgt_cmd.cdb const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare the fourth ql_dump_buffer() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Do not corrupt vha->plogi_ack_list (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Downgrade driver to 10.01.00.19-k There are upstream bug reports against 10.01.00.19-k which haven't been resolved. Also the newer version failed to get a proper review. For time being it's better to got with the older version and do not introduce new bugs. - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Enable type checking for the SRB free and done callback functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix abort timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a format specifier (git-fixes). - scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() (git-fixes). - scsi: qla2xxx: Fix a NULL pointer dereference (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a qla24xx_enable_msix() error path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a recently introduced kernel warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a small typo in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix code indentation for qla27xx_fwdt_entry (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment alignment in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment in MODULE_PARM_DESC in qla2xxx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix device staying in blocked state (git-fixes). - scsi: qla2xxx: Fix different size DMA Alloc/Unmap (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA error when the DIF sg buffer crosses 4GB boundary (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA unmap leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver reload for ISP82xx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are connected (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() (git-fixes). - scsi: qla2xxx: fix fcport null pointer access (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix flash read for Qlogic ISPs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix formatting of pointer types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw dump corruption (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw options handle eh_bus_reset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hang in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardirq-unsafe locking (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardlockup in abort command during driver remove (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix kernel crash after disconnecting NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix message indicating vectors used by driver (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link reset (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link up fail (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Nport ID display value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVMe port discovery after a short device port loss (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix possible fcport null-pointer dereferences (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix premature timer expiration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix read offset in qla24xx_load_risc_flash() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix routine qla27xx_dump_{mpi|ram}() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session cleanup hang (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session lookup in qlt_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake 'alredy' -> 'already' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake 'initializatin' -> 'initialization' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix SRB allocation flag to avoid sleeping in IRQ context (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stuck login session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unload when NVMe devices are configured (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix use-after-free issues in qla2xxx_qpair_sp_free_dma() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: flush IO on chip reset or sess delete (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Further limit FLASH region write access from SysFS (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve Linux kernel coding style conformance (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve logging for scan thread (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Include the <asm/unaligned.h> header file from qla_dsd.h (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the max_sgl_segments to 1024 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the size of the mailbox arrays from 4 to 8 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Insert spaces where required (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2xxx_get_next_handle() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the be_id_t and le_id_t data types for FC src/dst IDs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the dsd32 and dsd64 data structures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Leave a blank line after declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Let the compiler check the type of the SCSI command context pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Log the status code if a firmware command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make it explicit that ELS pass-through IOCBs use little endian (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_mem_free() easier to verify (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_process_response_queue() easier to read (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qlt_handle_abts_completion() more robust (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make sure that aborted commands are freed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Modify NVMe include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move debug messages before sending srb preventing panic (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: move IO flush to the front of NVME rport unregistration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move marker request behind QPair (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_clear_loop_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_is_reserved_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids() definition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the <linux/io-64-nonatomic-lo-hi.h> include directive (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the port_state_str definition from a .h to a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: no need to check return value of debugfs_create functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: on session delete, return nvme cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Pass little-endian values to the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent memory leak for CT req/rsp allocation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent multiple ADISC commands per session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent SysFS access when chip is down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Really fix qla2xxx_eh_abort() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of casts in GID list code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of forward declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the scope of three local variables in qla2xxx_queuecommand() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reject EH_{abort|device_reset|target_request} (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a comment that refers to the SCSI host lock (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove an include directive from qla_mr.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous forward declaration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous pointer check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove dead code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove double assignment in qla2x00_update_fcport (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove FW default template (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove redundant null check on pointer sess (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove set but not used variable 'ptr_dma' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove superfluous sts_entry_* casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove the fcport test from qla_nvme_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous if-tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary locking from the target code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary null check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unreachable code from qla83xx_idc_lock() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove useless set memory to zero use memset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove WARN_ON_ONCE in qla2x00_status_cont_entry() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Replace vmalloc + memset with vzalloc (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report invalid mailbox status codes (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report the firmware status code if a mailbox command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Restore FAWWPN of Physical Port only for loop down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Retry fabric Scan on IOCB queue full (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Rework key encoding in qlt_find_host_by_d_id() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Secure flash update support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remote port devloss timeout to 0 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remove flag for all VP (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the responder mode if appropriate for ELS pass-through IOCBs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the SCSI command result before calling the command done (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence fwdump template message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence Successful ELS IOCB message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplification of register address used in qla_tmpl.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify a debug statement (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify conditional check again (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_abort_sp_done() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_async_abort_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_lport_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_send_term_imm_notif() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Skip FW dump on LOOP initialization error (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress a Coveritiy complaint about integer overflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress multiple Coverity complaint about out-of-bounds accesses (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: target: Fix offline port handling and host reset handling (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Uninline qla2x00_init_timer() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Unregister chrdev if module initialization fails (git-fixes). - scsi: qla2xxx: Unregister resources in the opposite order of the registration order (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.13-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.14-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.15-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.16-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.19-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update flash read/write routine (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update two source code comments (git-fixes). - scsi: qla2xxx: Use an on-stack completion in qla24xx_control_vp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use ARRAY_SIZE() in the definition of QLA_LAST_SPEED (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use common update-firmware-options routine for ISP27xx+ (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use complete switch scan for RSCN events (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use Correct index for Q-Pair array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use get/put_unaligned where appropriate (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use __le64 instead of uint32_t for sending DMA addresses to firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use memcpy() and strlcpy() instead of strcpy() and strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use mutex protection during qla2x00_sysfs_read_fw_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use strlcpy() instead of strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs instead of spaces for indentation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs to indent code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Verify locking assumptions at runtime (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla4xxx: avoid freeing unallocated dma memory (git-fixes). - scsi: raid_attrs: fix unused variable warning (git-fixes). - scsi: scsi_dh_alua: Fix possible null-ptr-deref (git-fixes). - scsi: scsi_dh_rdac: zero cdb in send_mode_select() (bsc#1149313). - scsi: scsi_transport_fc: nvme: display FC-NVMe port roles (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: sd: Defer spinning up drive while SANITIZE is in progress (git-fixes). - scsi: sd: Fix a race between closing an sd device and sd I/O (git-fixes). - scsi: sd: Fix cache_type_store() (git-fixes). - scsi: sd: Optimal I/O size should be a multiple of physical block size (git-fixes). - scsi: sd: Quiesce warning if device does not report optimal I/O size (git-fixes). - scsi: sd: use mempool for discard special page (git-fixes). - scsi: sd_zbc: Fix potential memory leak (git-fixes). - scsi: smartpqi: unlock on error in pqi_submit_raid_request_synchronous() (git-fixes). - scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled (git-fixes). - scsi: tcm_qla2xxx: Minimize #include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi_transport_fc: complete requests from ->timeout (bsc#1142076). - scsi: ufs: Avoid runtime suspend possibly being blocked forever (git-fixes). - scsi: ufs: Check that space was properly alloced in copy_query_response (git-fixes). - scsi: ufs: Fix NULL pointer dereference in ufshcd_config_vreg_hpm() (git-fixes). - scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value (git-fixes). - scsi: ufs: fix wrong command type of UTRD for UFSHCI v2.1 (git-fixes). - scsi: use dma_get_cache_alignment() as minimum DMA alignment (git-fixes). - scsi: virtio_scsi: do not send sc payload with tmfs (git-fixes). - sctp: change to hold sk after auth shkey is created successfully (networking-stable-19_07_02). - sctp: fix the transport error_count check (networking-stable-19_08_21). - secure boot lockdown: Fix-up backport of /dev/mem access restriction. The upstream-submitted patch set has evolved over time, align our patches (contents and description) to reflect the current status as far as /dev/mem access is concerned. - serial: 8250: Fix TX interrupt handling condition (bsc#1051510). - set CONFIG_FB_HYPERV=m to avoid conflict with efifb (bsc#1145134) - signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig (bsc#1144333). - sis900: fix TX completion (bsc#1051510). - sky2: Disable MSI on ASUS P6T (bsc#1142496). - sky2: Disable MSI on yet another ASUS boards (P6Xxxx) (bsc#1051510). - slip: make slhc_free() silently accept an error pointer (bsc#1051510). - slip: sl_alloc(): remove unused parameter 'dev_t line' (bsc#1051510). - smb2: fix missing files in root share directory listing (bsc#1112907, bsc#1144333). - smb2: fix typo in definition of a few error flags (bsc#1144333). - smb2: fix uninitialized variable bug in smb2_ioctl_query_info (bsc#1144333). - smb3.1.1: Add GCM crypto to the encrypt and decrypt functions (bsc#1144333). - smb3.1.1 dialect is no longer experimental (bsc#1051510, bsc#1144333). - smb311: Fix reconnect (bsc#1051510, bsc#1144333). - smb311: Improve checking of negotiate security contexts (bsc#1051510, bsc#1144333). - smb3.11: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - smb3: add additional ftrace entry points for entry/exit to cifs.ko (bsc#1144333). - smb3: add credits we receive from oplock/break PDUs (bsc#1144333). - smb3: add debug for unexpected mid cancellation (bsc#1144333). - smb3: Add debug message later in smb2/smb3 reconnect path (bsc#1144333). - smb3: add define for id for posix create context and corresponding struct (bsc#1144333). - smb3: Add defines for new negotiate contexts (bsc#1144333). - smb3: add dynamic trace point for query_info_enter/done (bsc#1144333). - smb3: add dynamic trace point for smb3_cmd_enter (bsc#1144333). - smb3: add dynamic tracepoint for timeout waiting for credits (bsc#1144333). - smb3: add dynamic tracepoints for simple fallocate and zero range (bsc#1144333). - smb3: Add dynamic trace points for various compounded smb3 ops (bsc#1144333). - smb3: Add ftrace tracepoints for improved SMB3 debugging (bsc#1144333). - smb3: Add handling for different FSCTL access flags (bsc#1144333). - smb3: add missing read completion trace point (bsc#1144333). - smb3: add module alias for smb3 to cifs.ko (bsc#1144333). - smb3: add new mount option to retrieve mode from special ACE (bsc#1144333). - smb3: Add posix create context for smb3.11 posix mounts (bsc#1144333). - smb3: Add protocol structs for change notify support (bsc#1144333). - smb3: add reconnect tracepoints (bsc#1144333). - smb3: Add SMB3.1.1 GCM to negotiated crypto algorigthms (bsc#1144333). - smb3: add smb3.1.1 to default dialect list (bsc#1144333). - smb3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510, bsc#1144333). - smb3: add support for posix negotiate context (bsc#1144333). - smb3: add support for statfs for smb3.1.1 posix extensions (bsc#1144333). - smb3: add tracepoint for sending lease break responses to server (bsc#1144333). - smb3: add tracepoint for session expired or deleted (bsc#1144333). - smb3: add tracepoint for slow responses (bsc#1144333). - smb3: add trace point for tree connection (bsc#1144333). - smb3: add tracepoints for query dir (bsc#1144333). - smb3: Add tracepoints for read, write and query_dir enter (bsc#1144333). - smb3: add tracepoints for smb2/smb3 open (bsc#1144333). - smb3: add tracepoint to catch cases where credit refund of failed op overlaps reconnect (bsc#1144333). - smb3: add way to control slow response threshold for logging and stats (bsc#1144333). - smb3: allow more detailed protocol info on open files for debugging (bsc#1144333). - smb3: Allow persistent handle timeout to be configurable on mount (bsc#1144333). - smb3: allow posix mount option to enable new SMB311 protocol extensions (bsc#1144333). - smb3: allow previous versions to be mounted with snapshot= mount parm (bsc#1144333). - smb3: Allow query of symlinks stored as reparse points (bsc#1144333). - smb3: Allow SMB3 FSCTL queries to be sent to server from tools (bsc#1144333). - smb3: allow stats which track session and share reconnects to be reset (bsc#1051510, bsc#1144333). - smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510, bsc#1144333). - smb3: Backup intent flag missing from compounded ops (bsc#1144333). - smb3: check for and properly advertise directory lease support (bsc#1051510, bsc#1144333). - smb3 - clean up debug output displaying network interfaces (bsc#1144333). - smb3: Cleanup license mess (bsc#1144333). - smb3: Clean up query symlink when reparse point (bsc#1144333). - smb3: create smb3 equivalent alias for cifs pseudo-xattrs (bsc#1144333). - smb3: directory sync should not return an error (bsc#1051510, bsc#1144333). - smb3: display bytes_read and bytes_written in smb3 stats (bsc#1144333). - smb3: display security information in /proc/fs/cifs/DebugData more accurately (bsc#1144333). - smb3: display session id in debug data (bsc#1144333). - smb3: display stats counters for number of slow commands (bsc#1144333). - smb3: display volume serial number for shares in /proc/fs/cifs/DebugData (bsc#1144333). - smb3: do not allow insecure cifs mounts when using smb3 (bsc#1144333). - smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510, bsc#1144333). - smb3: do not display confusing message on mount to Azure servers (bsc#1144333). - smb3: do not display empty interface list (bsc#1144333). - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bsc#1085536, bsc#1144333). - smb3: do not request leases in symlink creation and query (bsc#1051510, bsc#1144333). - smb3: do not send compression info by default (bsc#1144333). - smb3: Do not send SMB3 SET_INFO if nothing changed (bsc#1051510, bsc#1144333). - smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510, bsc#1144333). - smb3: fill in statfs fsid and correct namelen (bsc#1112905, bsc#1144333). - smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510, bsc#1144333). - smb3: fix bytes_read statistics (bsc#1144333). - smb3: fix corrupt path in subdirs on smb311 with posix (bsc#1144333). - smb3: Fix deadlock in validate negotiate hits reconnect (bsc#1144333). - smb3: Fix endian warning (bsc#1144333, bsc#1137884). - smb3: Fix enumerating snapshots to Azure (bsc#1144333). - smb3: fix large reads on encrypted connections (bsc#1144333). - smb3: fix lease break problem introduced by compounding (bsc#1144333). - smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510, bsc#1144333). - smb3: fix minor debug output for CONFIG_CIFS_STATS (bsc#1144333). - smb3: Fix mode on mkdir on smb311 mounts (bsc#1144333). - smb3: Fix potential memory leak when processing compound chain (bsc#1144333). - smb3: fix redundant opens on root (bsc#1144333). - smb3: fix reset of bytes read and written stats (bsc#1112906, bsc#1144333). - smb3: Fix rmdir compounding regression to strict servers (bsc#1144333). - smb3: Fix root directory when server returns inode number of zero (bsc#1051510, bsc#1144333). - smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510, bsc#1144333). - smb3: fix various xid leaks (bsc#1051510, bsc#1144333). - smb3: for kerberos mounts display the credential uid used (bsc#1144333). - smb3: handle new statx fields (bsc#1085536, bsc#1144333). - smb3: if max_credits is specified then display it in /proc/mounts (bsc#1144333). - smb3: if server does not support posix do not allow posix mount option (bsc#1144333). - smb3: improve dynamic tracing of open and posix mkdir (bsc#1144333). - smb3: increase initial number of credits requested to allow write (bsc#1144333). - smb3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL (bsc#1144333). - smb3: Log at least once if tree connect fails during reconnect (bsc#1144333). - smb3: make default i/o size for smb3 mounts larger (bsc#1144333). - smb3: minor cleanup of compound_send_recv (bsc#1144333). - smb3: minor debugging clarifications in rfc1001 len processing (bsc#1144333). - smb3: minor missing defines relating to reparse points (bsc#1144333). - smb3: missing defines and structs for reparse point handling (bsc#1144333). - smb3: note that smb3.11 posix extensions mount option is experimental (bsc#1144333). - smb3: Number of requests sent should be displayed for SMB3 not just CIFS (bsc#1144333). - smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510, bsc#1144333). - smb3: on reconnect set PreviousSessionId field (bsc#1112899, bsc#1144333). - smb3: optimize open to not send query file internal info (bsc#1144333). - smb3: passthru query info does not check for SMB3 FSCTL passthru (bsc#1144333). - smb3: print tree id in debugdata in proc to be able to help logging (bsc#1144333). - smb3: query inode number on open via create context (bsc#1144333). - smb3: remove noisy warning message on mount (bsc#1129664, bsc#1144333). - smb3: remove per-session operations from per-tree connection stats (bsc#1144333). - smb3: rename encryption_required to smb3_encryption_required (bsc#1144333). - smb3: request more credits on normal (non-large read/write) ops (bsc#1144333). - smb3: request more credits on tree connect (bsc#1144333). - smb3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write (bsc#1144333). - smb3: send backup intent on compounded query info (bsc#1144333). - smb3: send CAP_DFS capability during session setup (bsc#1144333). - smb3: Send netname context during negotiate protocol (bsc#1144333). - smb3: show number of current open files in /proc/fs/cifs/Stats (bsc#1144333). - smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510, bsc#1144333). - smb3: smbdirect no longer experimental (bsc#1144333). - smb3: snapshot mounts are read-only and make sure info is displayable about the mount (bsc#1144333). - smb3: track the instance of each session for debugging (bsc#1144333). - smb3: Track total time spent on roundtrips for each SMB3 command (bsc#1144333). - smb3: trivial cleanup to smb2ops.c (bsc#1144333). - smb3: update comment to clarify enumerating snapshots (bsc#1144333). - smb3: update default requested iosize to 4MB from 1MB for recent dialects (bsc#1144333). - smb3: Update POSIX negotiate context with POSIX ctxt GUID (bsc#1144333). - smb3: Validate negotiate request must always be signed (bsc#1064597, bsc#1144333). - smb3: Warn user if trying to sign connection that authenticated as guest (bsc#1085536, bsc#1144333). - smbd: Make upper layer decide when to destroy the transport (bsc#1144333). - smb: fix leak of validate negotiate info response buffer (bsc#1064597, bsc#1144333). - smb: fix validate negotiate info uninitialised memory use (bsc#1064597, bsc#1144333). - smb: Validate negotiate (to protect against downgrade) even if signing off (bsc#1085536, bsc#1144333). - smpboot: Place the __percpu annotation correctly (git fixes). - soc: rockchip: power-domain: Add a sanity check on pd->num_clks (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: use clk_bulk APIs (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: Use of_clk_get_parent_count() instead of open coding (bsc#1144718,bsc#1144813). - sound: fix a memory leak bug (bsc#1051510). - spi: bcm2835aux: fix corruptions for longer spi transfers (bsc#1051510). - spi: bcm2835aux: remove dangerous uncontrolled read of fifo (bsc#1051510). - spi: bcm2835aux: unifying code between polling and interrupt driven code (bsc#1051510). - st21nfca_connectivity_event_received: null check the allocation (bsc#1051510). - staging: comedi: dt3000: Fix rounding up of timer divisor (bsc#1051510). - staging: comedi: dt3000: Fix signed integer overflow 'divider * base' (bsc#1051510). - st_nci_hci_connectivity_event_received: null check the allocation (bsc#1051510). - SUNRPC fix regression in umount of a secure mount (git-fixes). - SUNRPC: Handle connection breakages correctly in call_status() (git-fixes). - SUNRPC/nfs: Fix return value for nfs4_callback_compound() (git-fixes). - supported.conf: Add missing modules (bsc#1066369). - supported.conf: Add missing modules (bsc#1066369). - supported.conf: Add raspberrypi-cpufreq (jsc#SLE-7294). - supported.conf: Remove duplicate drivers/ata/libahci_platform - supported.conf: Sort alphabetically, align comments. - supported.conf: Sort alphabetically, align comments. - tcp: make sure EPOLLOUT wont be missed (networking-stable-19_08_28). - tcp: Reset bytes_acked and bytes_received when disconnecting (networking-stable-19_07_25). - team: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - test_firmware: fix a memory leak bug (bsc#1051510). - tipc: change to use register_pernet_device (networking-stable-19_07_02). - tpm: Fix off-by-one when reading binary_bios_measurements (bsc#1082555). - tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations (bsc#1082555). - tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts (bsc#1082555). - tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete (bsc#1082555). - tpm: Unify the send callback behaviour (bsc#1082555). - tpm: vtpm_proxy: Suppress error logging when in closed state (bsc#1082555). - tracing: Fix header include guards in trace event headers (bsc#1144474). - Tree connect for SMB3.1.1 must be signed for non-encrypted shares (bsc#1051510, bsc#1144333). - treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 231 (bsc#1144333). - tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop (bsc#1051510). - tty: max310x: Fix invalid baudrate divisors calculator (bsc#1051510). - tty/serial: digicolor: Fix digicolor-usart already registered warning (bsc#1051510). - tty: serial: msm_serial: avoid system lockup condition (bsc#1051510). - tua6100: Avoid build warnings (bsc#1051510). - tun: wake up waitqueues after IFF_UP is set (networking-stable-19_07_02). - udf: Fix incorrect final NOT_ALLOCATED (hole) extent length (bsc#1148617). - Update azure config, enable *NVME* (bsc#1143478) - Update config files. (bsc#1145687) Add the following kernel config to ARM64: CONFIG_ACPI_PCI_SLOT=y CONFIG_HOTPLUG_PCI_ACPI=y - Update config files. - cifs: add CONFIG_CIFS_DEBUG_KEYS to dump encryption keys (bsc#1144333). - Update config files. - cifs: allow disabling insecure dialects in the config (bsc#1144333). - Update config files. - cifs: SMBD: Introduce kernel config option CONFIG_CIFS_SMB_DIRECT (bsc#1144333). - update internal version number for cifs.ko (bsc#1144333). - Update session and share information displayed for debugging SMB2/SMB3 (bsc#1144333). - Update version of cifs module (bsc#1144333). - usb: cdc-acm: make sure a refcount is taken early enough (bsc#1142635). - usb: CDC: fix sanity checks in CDC union parser (bsc#1142635). - usb: cdc-wdm: fix race between write and disconnect due to flag abuse (bsc#1051510). - usb: chipidea: udc: do not do hardware access if gadget has stopped (bsc#1051510). - usb: core: Fix races in character device registration and deregistraion (bsc#1051510). - usb: core: hub: Disable hub-initiated U1/U2 (bsc#1051510). - usb: gadget: composite: Clear 'suspended' on reset/disconnect (bsc#1051510). - usb: gadget: udc: renesas_usb3: Fix sysfs interface of 'role' (bsc#1142635). - usb: Handle USB3 remote wakeup for LPM enabled devices correctly (bsc#1051510). - usb: host: fotg2: restart hcd after port reset (bsc#1051510). - usb: host: ohci: fix a race condition between shutdown and irq (bsc#1051510). - usb: host: xhci-rcar: Fix timeout in xhci_suspend() (bsc#1051510). - usb: host: xhci: rcar: Fix typo in compatible string matching (bsc#1051510). - usb: iowarrior: fix deadlock on disconnect (bsc#1051510). - usb: serial: option: add D-Link DWM-222 device ID (bsc#1051510). - usb: serial: option: Add Motorola modem UARTs (bsc#1051510). - usb: serial: option: Add support for ZTE MF871A (bsc#1051510). - usb: serial: option: add the BroadMobi BM818 card (bsc#1051510). - usb-storage: Add new JMS567 revision to unusual_devs (bsc#1051510). - usb: storage: ums-realtek: Update module parameter description for auto_delink_en (bsc#1051510). - usb: storage: ums-realtek: Whitelist auto-delink support (bsc#1051510). - usb: usbcore: Fix slab-out-of-bounds bug during device reset (bsc#1051510). - usb: usbfs: fix double-free of usb memory upon submiturb error (bsc#1051510). - usb: wusbcore: fix unbalanced get/put cluster_id (bsc#1051510). - usb: yurex: Fix use-after-free in yurex_delete (bsc#1051510). - vfs: fix page locking deadlocks when deduping files (bsc#1148619). - video: ssd1307fb: Start page range at page_offset (bsc#1113722) - VMCI: Release resource if the work is already queued (bsc#1051510). - vrf: make sure skb->data contains ip header to make routing (networking-stable-19_07_25). - watchdog: bcm2835_wdt: Fix module autoload (bsc#1051510). - watchdog: core: fix null pointer dereference when releasing cdev (bsc#1051510). - watchdog: f71808e_wdt: fix F81866 bit operation (bsc#1051510). - watchdog: fix compile time error of pretimeout governors (bsc#1051510). - wimax/i2400m: fix a memory leak bug (bsc#1051510). - x86/boot: Fix memory leak in default_get_smp_config() (bsc#1114279). - x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h (bsc#1114279). - x86/entry/64/compat: Fix stack switching for XEN PV (bsc#1108382). - x86/fpu: Add FPU state copying quirk to handle XRSTOR failure on Intel Skylake CPUs (bsc#1151955). - x86/microcode: Fix the microcode load on CPU hotplug for real (bsc#1114279). - x86/mm: Check for pfn instead of page in vmalloc_sync_one() (bsc#1118689). - x86/mm: Sync also unmappings in vmalloc_sync_all() (bsc#1118689). - x86/speculation: Allow guests to use SSBD even if host does not (bsc#1114279). - x86/speculation/mds: Apply more accurate check on hypervisor platform (bsc#1114279). - x86/tls: Fix possible spectre-v1 in do_get_thread_area() (bsc#1114279). - x86/unwind: Add hardcoded ORC entry for NULL (bsc#1114279). - x86/unwind: Handle NULL pointer calls better in frame unwinder (bsc#1114279). - xen/netback: Reset nr_frags before freeing skb (networking-stable-19_08_21). - xen-netfront: do not assume sk_buff_head list is empty in error handling (bsc#1065600). - xen/swiotlb: fix condition for calling xen_destroy_contiguous_region() (bsc#1065600). - xfrm: Fix bucket count reported to userspace (bsc#1143300). - xfrm: Fix error return code in xfrm_output_one() (bsc#1143300). - xfrm: Fix NULL pointer dereference in xfrm_input when skb_dst_force clears the dst_entry (bsc#1143300). - xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry (bsc#1143300). - xfs: do not crash on null attr fork xfs_bmapi_read (bsc#1148035). - xfs: do not trip over uninitialized buffer on extent read of corrupted inode (bsc#1149053). - xfs: dump transaction usage details on log reservation overrun (bsc#1145235). - xfs: eliminate duplicate icreate tx reservation functions (bsc#1145235). - xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT (bsc#1148032). - xfs: fix semicolon.cocci warnings (bsc#1145235). - xfs: fix up agi unlinked list reservations (bsc#1145235). - xfs: include an allocfree res for inobt modifications (bsc#1145235). - xfs: include inobt buffers in ifree tx log reservation (bsc#1145235). - xfs: print transaction log reservation on overrun (bsc#1145235). - xfs: refactor inode chunk alloc/free tx reservation (bsc#1145235). - xfs: refactor xlog_cil_insert_items() to facilitate transaction dump (bsc#1145235). - xfs: remove more ondisk directory corruption asserts (bsc#1148034). - xfs: separate shutdown from ticket reservation print helper (bsc#1145235). - xfs: truncate transaction does not modify the inobt (bsc#1145235). Important SUSE bug 1047238 SUSE bug 1050911 SUSE bug 1051510 SUSE bug 1054914 SUSE bug 1055117 SUSE bug 1056686 SUSE bug 1060662 SUSE bug 1061840 SUSE bug 1061843 SUSE bug 1064597 SUSE bug 1064701 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1066369 SUSE bug 1071009 SUSE bug 1071306 SUSE bug 1071995 SUSE bug 1078248 SUSE bug 1082555 SUSE bug 1085030 SUSE bug 1085536 SUSE bug 1085539 SUSE bug 1086103 SUSE bug 1087092 SUSE bug 1090734 SUSE bug 1091171 SUSE bug 1093205 SUSE bug 1102097 SUSE bug 1104902 SUSE bug 1104967 SUSE bug 1106061 SUSE bug 1106284 SUSE bug 1106434 SUSE bug 1108382 SUSE bug 1109158 SUSE bug 1112178 SUSE bug 1112894 SUSE bug 1112899 SUSE bug 1112902 SUSE bug 1112903 SUSE bug 1112905 SUSE bug 1112906 SUSE bug 1112907 SUSE bug 1113722 SUSE bug 1114279 SUSE bug 1114542 SUSE bug 1118689 SUSE bug 1119086 SUSE bug 1120876 SUSE bug 1120902 SUSE bug 1120937 SUSE bug 1123034 SUSE bug 1123105 SUSE bug 1123959 SUSE bug 1124370 SUSE bug 1127988 SUSE bug 1129424 SUSE bug 1129519 SUSE bug 1129664 SUSE bug 1131107 SUSE bug 1131281 SUSE bug 1131304 SUSE bug 1131565 SUSE bug 1133021 SUSE bug 1134291 SUSE bug 1134881 SUSE bug 1134882 SUSE bug 1135219 SUSE bug 1135642 SUSE bug 1135897 SUSE bug 1136261 SUSE bug 1137069 SUSE bug 1137865 SUSE bug 1137884 SUSE bug 1137959 SUSE bug 1138539 SUSE bug 1139020 SUSE bug 1139021 SUSE bug 1139101 SUSE bug 1139500 SUSE bug 1140012 SUSE bug 1140155 SUSE bug 1140426 SUSE bug 1140487 SUSE bug 1141013 SUSE bug 1141450 SUSE bug 1141543 SUSE bug 1141554 SUSE bug 1142019 SUSE bug 1142076 SUSE bug 1142109 SUSE bug 1142117 SUSE bug 1142118 SUSE bug 1142119 SUSE bug 1142496 SUSE bug 1142541 SUSE bug 1142635 SUSE bug 1142685 SUSE bug 1142701 SUSE bug 1142857 SUSE bug 1143300 SUSE bug 1143466 SUSE bug 1143478 SUSE bug 1143765 SUSE bug 1143841 SUSE bug 1143843 SUSE bug 1144123 SUSE bug 1144333 SUSE bug 1144474 SUSE bug 1144518 SUSE bug 1144718 SUSE bug 1144813 SUSE bug 1144880 SUSE bug 1144886 SUSE bug 1144912 SUSE bug 1144920 SUSE bug 1144979 SUSE bug 1145010 SUSE bug 1145024 SUSE bug 1145051 SUSE bug 1145059 SUSE bug 1145134 SUSE bug 1145189 SUSE bug 1145235 SUSE bug 1145300 SUSE bug 1145302 SUSE bug 1145388 SUSE bug 1145389 SUSE bug 1145390 SUSE bug 1145391 SUSE bug 1145392 SUSE bug 1145393 SUSE bug 1145394 SUSE bug 1145395 SUSE bug 1145396 SUSE bug 1145397 SUSE bug 1145408 SUSE bug 1145409 SUSE bug 1145661 SUSE bug 1145678 SUSE bug 1145687 SUSE bug 1145920 SUSE bug 1145922 SUSE bug 1145934 SUSE bug 1145937 SUSE bug 1145940 SUSE bug 1145941 SUSE bug 1145942 SUSE bug 1146042 SUSE bug 1146074 SUSE bug 1146084 SUSE bug 1146163 SUSE bug 1146285 SUSE bug 1146346 SUSE bug 1146351 SUSE bug 1146352 SUSE bug 1146361 SUSE bug 1146376 SUSE bug 1146378 SUSE bug 1146381 SUSE bug 1146391 SUSE bug 1146399 SUSE bug 1146413 SUSE bug 1146425 SUSE bug 1146512 SUSE bug 1146514 SUSE bug 1146516 SUSE bug 1146519 SUSE bug 1146524 SUSE bug 1146526 SUSE bug 1146529 SUSE bug 1146531 SUSE bug 1146540 SUSE bug 1146543 SUSE bug 1146547 SUSE bug 1146550 SUSE bug 1146575 SUSE bug 1146589 SUSE bug 1146664 SUSE bug 1146678 SUSE bug 1146938 SUSE bug 1148031 SUSE bug 1148032 SUSE bug 1148033 SUSE bug 1148034 SUSE bug 1148035 SUSE bug 1148093 SUSE bug 1148133 SUSE bug 1148192 SUSE bug 1148196 SUSE bug 1148198 SUSE bug 1148202 SUSE bug 1148303 SUSE bug 1148363 SUSE bug 1148379 SUSE bug 1148394 SUSE bug 1148527 SUSE bug 1148574 SUSE bug 1148616 SUSE bug 1148617 SUSE bug 1148619 SUSE bug 1148698 SUSE bug 1148712 SUSE bug 1148859 SUSE bug 1148868 SUSE bug 1149053 SUSE bug 1149083 SUSE bug 1149104 SUSE bug 1149105 SUSE bug 1149106 SUSE bug 1149197 SUSE bug 1149214 SUSE bug 1149224 SUSE bug 1149313 SUSE bug 1149325 SUSE bug 1149376 SUSE bug 1149413 SUSE bug 1149418 SUSE bug 1149424 SUSE bug 1149446 SUSE bug 1149522 SUSE bug 1149527 SUSE bug 1149539 SUSE bug 1149552 SUSE bug 1149555 SUSE bug 1149591 SUSE bug 1149602 SUSE bug 1149612 SUSE bug 1149626 SUSE bug 1149651 SUSE bug 1149652 SUSE bug 1149713 SUSE bug 1149940 SUSE bug 1149959 SUSE bug 1149963 SUSE bug 1149976 SUSE bug 1150025 SUSE bug 1150033 SUSE bug 1150112 SUSE bug 1150381 SUSE bug 1150423 SUSE bug 1150562 SUSE bug 1150727 SUSE bug 1150860 SUSE bug 1150861 SUSE bug 1150933 SUSE bug 1151350 SUSE bug 1151610 SUSE bug 1151667 SUSE bug 1151671 SUSE bug 1151891 SUSE bug 1151955 SUSE bug 1152024 SUSE bug 1152025 SUSE bug 1152026 SUSE bug 1152161 SUSE bug 1152325 SUSE bug 1152457 SUSE bug 1152460 SUSE bug 1152466 SUSE bug 1152972 SUSE bug 1152974 SUSE bug 1152975 CVE-2017-18551 CVE-2017-18595 CVE-2018-20976 CVE-2018-21008 CVE-2019-10207 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14821 CVE-2019-14835 CVE-2019-15030 CVE-2019-15031 CVE-2019-15090 CVE-2019-15098 CVE-2019-15117 CVE-2019-15118 CVE-2019-15211 CVE-2019-15212 CVE-2019-15214 CVE-2019-15215 CVE-2019-15216 CVE-2019-15217 CVE-2019-15218 CVE-2019-15219 CVE-2019-15220 CVE-2019-15221 CVE-2019-15222 CVE-2019-15239 CVE-2019-15290 CVE-2019-15291 CVE-2019-15292 CVE-2019-15538 CVE-2019-15666 CVE-2019-15902 CVE-2019-15917 CVE-2019-15919 CVE-2019-15920 CVE-2019-15921 CVE-2019-15924 CVE-2019-15926 CVE-2019-15927 CVE-2019-9456 CVE-2019-9506 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for binutils fixes the following issues: binutils was updated to current 2.32 branch @7b468db3 [jsc#ECO-368]: Includes the following security fixes: - CVE-2018-17358: Fixed invalid memory access in _bfd_stab_section_find_nearest_line in syms.c (bsc#1109412) - CVE-2018-17359: Fixed invalid memory access exists in bfd_zalloc in opncls.c (bsc#1109413) - CVE-2018-17360: Fixed heap-based buffer over-read in bfd_getl32 in libbfd.c (bsc#1109414) - CVE-2018-17985: Fixed a stack consumption problem caused by the cplus_demangle_type (bsc#1116827) - CVE-2018-18309: Fixed an invalid memory address dereference was discovered in read_reloc in reloc.c (bsc#1111996) - CVE-2018-18483: Fixed get_count function provided by libiberty that allowed attackers to cause a denial of service or other unspecified impact (bsc#1112535) - CVE-2018-18484: Fixed stack exhaustion in the C++ demangling functions provided by libiberty, caused by recursive stack frames (bsc#1112534) - CVE-2018-18605: Fixed a heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup causing a denial of service (bsc#1113255) - CVE-2018-18606: Fixed a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments, causing denial of service (bsc#1113252) - CVE-2018-18607: Fixed a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section, causing denial of service (bsc#1113247) - CVE-2018-19931: Fixed a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h (bsc#1118831) - CVE-2018-19932: Fixed an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA (bsc#1118830) - CVE-2018-20623: Fixed a use-after-free in the error function in elfcomm.c (bsc#1121035) - CVE-2018-20651: Fixed a denial of service via a NULL pointer dereference in elf_link_add_object_symbols in elflink.c (bsc#1121034) - CVE-2018-20671: Fixed an integer overflow that can trigger a heap-based buffer overflow in load_specific_debug_section in objdump.c (bsc#1121056) - CVE-2018-1000876: Fixed integer overflow in bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc in objdump (bsc#1120640) - CVE-2019-1010180: Fixed an out of bound memory access that could lead to crashes (bsc#1142772) - Enable xtensa architecture (Tensilica lc6 and related) - Use -ffat-lto-objects in order to provide assembly for static libs (bsc#1141913). - Fixed some LTO problems (bsc#1133131 bsc#1133232). - riscv: Don't check ABI flags if no code section Update to binutils 2.32: * The binutils now support for the C-SKY processor series. * The x86 assembler now supports a -mvexwig=[0|1] option to control encoding of VEX.W-ignored (WIG) VEX instructions. It also has a new -mx86-used-note=[yes|no] option to generate (or not) x86 GNU property notes. * The MIPS assembler now supports the Loongson EXTensions R2 (EXT2), the Loongson EXTensions (EXT) instructions, the Loongson Content Address Memory (CAM) ASE and the Loongson MultiMedia extensions Instructions (MMI) ASE. * The addr2line, c++filt, nm and objdump tools now have a default limit on the maximum amount of recursion that is allowed whilst demangling strings. This limit can be disabled if necessary. * Objdump's --disassemble option can now take a parameter, specifying the starting symbol for disassembly. Disassembly will continue from this symbol up to the next symbol or the end of the function. * The BFD linker will now report property change in linker map file when merging GNU properties. * The BFD linker's -t option now doesn't report members within archives, unless -t is given twice. This makes it more useful when generating a list of files that should be packaged for a linker bug report. * The GOLD linker has improved warning messages for relocations that refer to discarded sections. - Improve relro support on s390 [fate#326356] - Handle ELF compressed header alignment correctly. Moderate SUSE bug 1109412 SUSE bug 1109413 SUSE bug 1109414 SUSE bug 1111996 SUSE bug 1112534 SUSE bug 1112535 SUSE bug 1113247 SUSE bug 1113252 SUSE bug 1113255 SUSE bug 1116827 SUSE bug 1118830 SUSE bug 1118831 SUSE bug 1120640 SUSE bug 1121034 SUSE bug 1121035 SUSE bug 1121056 SUSE bug 1133131 SUSE bug 1133232 SUSE bug 1141913 SUSE bug 1142772 CVE-2018-1000876 CVE-2018-17358 CVE-2018-17359 CVE-2018-17360 CVE-2018-17985 CVE-2018-18309 CVE-2018-18483 CVE-2018-18484 CVE-2018-18605 CVE-2018-18606 CVE-2018-18607 CVE-2018-19931 CVE-2018-19932 CVE-2018-20623 CVE-2018-20651 CVE-2018-20671 CVE-2019-1010180 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for sudo fixes the following issues: Security issue fixed: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers (bsc#1153674). Important SUSE bug 1153674 CVE-2019-14287 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libpcap fixes the following issues: - CVE-2019-15165: Added sanity checks for PHB header length before allocating memory (bsc#1153332). - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332). Important SUSE bug 1153332 CVE-2018-16301 CVE-2019-15165 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for mariadb-100 fixes the following issues: Updated to MariaDB 10.0.40-1. Security issues fixed: - CVE-2019-2805, CVE-2019-2740, CVE-2019-2739, CVE-2019-2737, CVE-2019-2614, CVE-2019-2627. (bsc#1132826) (bsc#1141798). Moderate SUSE bug 1132826 SUSE bug 1141798 CVE-2019-2614 CVE-2019-2627 CVE-2019-2737 CVE-2019-2739 CVE-2019-2740 CVE-2019-2805 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python-xdg fixes the following issues: Security issue fixed: - CVE-2014-1624: Fixed a TOCTOU race condition in get_runtime_dir(). (bsc#859835) Moderate SUSE bug 859835 CVE-2014-1624 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for dhcp fixes the following issues: Secuirty issue fixed: - CVE-2019-6470: Fixed DHCPv6 server crashes (bsc#1134078). Bug fixes: - Add compile option --enable-secs-byteorder to avoid duplicate lease warnings (bsc#1089524). - Use IPv6 when called as dhclient6, dhcpd6, and dhcrelay6 (bsc#1136572). Moderate SUSE bug 1089524 SUSE bug 1134078 SUSE bug 1136572 CVE-2019-6470 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libcaca fixes the following issues: Security issues fixed: - CVE-2018-20544: Fixed a floating point exception at caca/dither.c (bsc#1120502) - CVE-2018-20545: Fixed a WRITE memory access in the load_image function at common-image.c for 4bpp (bsc#1120584) - CVE-2018-20546: Fixed a READ memory access in the get_rgba_default function at caca/dither.c for bpp (bsc#1120503) - CVE-2018-20547: Fixed a READ memory access in the get_rgba_default function at caca/dither.c for 24bpp (bsc#1120504) - CVE-2018-20548: Fixed a WRITE memory access in the load_image function at common-image.c for 1bpp (bsc#1120589) - CVE-2018-20549: Fixed a WRITE memory access in the caca_file_read function at caca/file.c (bsc#1120470) Moderate SUSE bug 1120470 SUSE bug 1120502 SUSE bug 1120503 SUSE bug 1120504 SUSE bug 1120584 SUSE bug 1120589 CVE-2018-20544 CVE-2018-20545 CVE-2018-20546 CVE-2018-20547 CVE-2018-20548 CVE-2018-20549 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python fixes the following issues: Security issue fixed: - CVE-2019-16056: Fixed a parser issue in the email module (bsc#1149955). - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238). Moderate SUSE bug 1149955 SUSE bug 1153238 CVE-2019-16056 CVE-2019-16935 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for sysstat fixes the following issue: - CVE-2019-16167: Fixed a memory corruption due to an integer overflow. (bsc#1150114) Moderate SUSE bug 1150114 CVE-2019-16167 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xen to version 4.11.2 fixes the following issues: Security issues fixed: - CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator which could have led to Denial of Service (bsc#1149813). - CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of service (bsc#1146874). - CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU emulator which could have led to execution of arbitrary code with privileges of the QEMU process (bsc#1143797). Other issues fixed: - Fixed an HPS bug which did not allow to install Windows Server 2016 with 2 CPUs setting or above (bsc#1137717). - Fixed a segmentation fault in Libvrtd during live migration to a VM (bsc#1145774). - Fixed an issue where libxenlight could not create new domain (bsc#1131811). - Fixed an issue where attached pci devices were lost after reboot (bsc#1129642). - Fixed an issue where Xen could not pre-allocate 1 shadow page (bsc#1145240). Important SUSE bug 1027519 SUSE bug 1111331 SUSE bug 1126140 SUSE bug 1126141 SUSE bug 1126192 SUSE bug 1126195 SUSE bug 1126196 SUSE bug 1126197 SUSE bug 1126198 SUSE bug 1126201 SUSE bug 1127400 SUSE bug 1129642 SUSE bug 1131811 SUSE bug 1137717 SUSE bug 1138294 SUSE bug 1143797 SUSE bug 1145240 SUSE bug 1145774 SUSE bug 1146874 SUSE bug 1149813 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 CVE-2019-12068 CVE-2019-14378 CVE-2019-15890 CVE-2019-17340 CVE-2019-17341 CVE-2019-17342 CVE-2019-17343 CVE-2019-17344 CVE-2019-17345 CVE-2019-17346 CVE-2019-17347 CVE-2019-17348 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for accountsservice fixes the following issues: Security issue fixed: - CVE-2018-14036: Prevent directory traversal caused by an insufficient path check in user_change_icon_file_authorized_cb() (bsc#1099699). Non-security issue fixed: - Improved wtmp io performance (bsc#1139487). Moderate SUSE bug 1099699 SUSE bug 1139487 CVE-2018-14036 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for nfs-utils fixes the following issues: - CVE-2019-3689: Fixed root-owned files stored in insecure /var/lib/nfs. (bsc#1150733) Moderate SUSE bug 1150733 CVE-2019-3689 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-15139: Fixed a denial-of-service vulnerability in ReadXWDImage. (bsc#1146213) - CVE-2019-15140: Fixed a use-after-free bug in the Matlab image parser. (bsc#1146212) - CVE-2019-15141: Fixed a divide-by-zero vulnerability in the MeanShiftImage function. (bsc#1146211) - CVE-2019-14980: Fixed an application crash resulting from a heap-based buffer over-read in WriteTIFFImage. (bsc#1146068) - CVE-2019-16708: Fixed a memory leak in magick/xwindow.c (bsc#1151781). - CVE-2019-16709: Fixed a memory leak in coders/dps.c (bsc#1151782). - CVE-2019-16710: Fixed a memory leak in coders/dot.c (bsc#1151783). - CVE-2019-16711: Fixed a memory leak in Huffman2DEncodeImage in coders/ps2.c (bsc#1151784). - CVE-2019-16712: Fixed a memory leak in Huffman2DEncodeImage in coders/ps3.c (bsc#1151785). - CVE-2019-16713: Fixed a memory leak in coders/dot.c (bsc#1151786). Moderate SUSE bug 1146068 SUSE bug 1146211 SUSE bug 1146212 SUSE bug 1146213 SUSE bug 1151781 SUSE bug 1151782 SUSE bug 1151783 SUSE bug 1151784 SUSE bug 1151785 SUSE bug 1151786 CVE-2019-14980 CVE-2019-15139 CVE-2019-15140 CVE-2019-15141 CVE-2019-16708 CVE-2019-16709 CVE-2019-16710 CVE-2019-16711 CVE-2019-16712 CVE-2019-16713 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python3 fixes the following issues: - CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955) - CVE-2018-20852: Fixed an incorrect domain validation that could lead to cookies being sent to the wrong server. (bsc#1141853) Moderate SUSE bug 1141853 SUSE bug 1149955 CVE-2018-20852 CVE-2019-16056 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libunwind fixes the following issues: Security issues fixed: - CVE-2015-3239: Fixed a off-by-one in the dwarf_to_unw_regnum function (bsc#936786) Non-security issues fixed: - Fixed a dependency issue with libzmq5 (bsc#1122012) - Fixed build on armv7 (bsc#976955) Moderate SUSE bug 1122012 SUSE bug 936786 SUSE bug 976955 CVE-2015-3239 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox to 68.2.0 ESR fixes the following issues: Mozilla Firefox was updated to version 68.2.0 ESR (bsc#1154738). Security issues fixed: - CVE-2019-15903: Fixed a heap overflow in the expat library (bsc#1149429). - CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB (bsc#1154738). - CVE-2019-11758: Fixed a potentially exploitable crash due to 360 Total Security (bsc#1154738). - CVE-2019-11759: Fixed a stack buffer overflow in HKDF output (bsc#1154738). - CVE-2019-11760: Fixed a stack buffer overflow in WebRTC networking (bsc#1154738). - CVE-2019-11761: Fixed an unintended access to a privileged JSONView object (bsc#1154738). - CVE-2019-11762: Fixed a same-origin-property violation (bsc#1154738). - CVE-2019-11763: Fixed an XSS bypass (bsc#1154738). - CVE-2019-11764: Fixed several memory safety bugs (bsc#1154738). Non-security issues fixed: - Firefox 60.7 ESR changed the user interface language (bsc#1137990). - Wrong Firefox GUI Language (bsc#1120374). - Fixed an inadvertent crash report transmission without user opt-in (bsc#1074235). - Firefox hangs randomly when browsing and scrolling (bsc#1043008). - Firefox stops loading page until mouse is moved (bsc#1025108). Important SUSE bug 1010399 SUSE bug 1010405 SUSE bug 1010406 SUSE bug 1010408 SUSE bug 1010409 SUSE bug 1010421 SUSE bug 1010423 SUSE bug 1010424 SUSE bug 1010425 SUSE bug 1010426 SUSE bug 1025108 SUSE bug 1043008 SUSE bug 1047281 SUSE bug 1074235 SUSE bug 1092611 SUSE bug 1120374 SUSE bug 1137990 SUSE bug 1149429 SUSE bug 1154738 SUSE bug 959933 SUSE bug 983922 CVE-2016-2830 CVE-2016-5289 CVE-2016-5292 CVE-2016-9063 CVE-2016-9067 CVE-2016-9068 CVE-2016-9069 CVE-2016-9071 CVE-2016-9073 CVE-2016-9075 CVE-2016-9076 CVE-2016-9077 CVE-2017-7789 CVE-2018-5150 CVE-2018-5151 CVE-2018-5152 CVE-2018-5153 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5160 CVE-2018-5163 CVE-2018-5164 CVE-2018-5165 CVE-2018-5166 CVE-2018-5167 CVE-2018-5168 CVE-2018-5169 CVE-2018-5172 CVE-2018-5173 CVE-2018-5174 CVE-2018-5175 CVE-2018-5176 CVE-2018-5177 CVE-2018-5178 CVE-2018-5179 CVE-2018-5180 CVE-2018-5181 CVE-2018-5182 CVE-2018-5183 CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-15903 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-18595: A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (bnc#1149555). - CVE-2019-14821: An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350). - CVE-2019-15291: There was a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver (bnc#1146540). - CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permitted sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation. This allowed practical brute-force attacks (aka 'KNOB') that could decrypt traffic and injected arbitrary ciphertext without the victim noticing (bnc#1137865 bnc#1146042). - CVE-2019-16232: Fixed a NULL pointer dereference in drivers/net/wireless/marvell/libertas/if_sdio.c, which did not check the alloc_workqueue return value (bnc#1150465). - CVE-2019-16234: Fixed a NULL pointer dereference in drivers/net/wireless/intel/iwlwifi/pcie/trans.c, which did not check the alloc_workqueue return value (bnc#1150452). - CVE-2019-17056: Added enforcement of CAP_NET_RAW in llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module, the lack of which allowed unprivileged users to create a raw socket, aka CID-3a359798b176 (bnc#1152788). - CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158). - CVE-2019-17666: Added an upper-bound check in rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c, the lack of which could have led to a buffer overflow (bnc#1154372). The following non-security bugs were fixed: - 9p: avoid attaching writeback_fid on mmap with type PRIVATE (bsc#1051510). - ACPI / CPPC: do not require the _PSD method (bsc#1051510). - ACPI: CPPC: Set pcc_data[pcc_ss_id] to NULL in acpi_cppc_processor_exit() (bsc#1051510). - ACPI: custom_method: fix memory leaks (bsc#1051510). - ACPI / PCI: fix acpi_pci_irq_enable() memory leak (bsc#1051510). - ACPI / processor: do not print errors for processorIDs == 0xff (bsc#1051510). - ACPI / property: Fix acpi_graph_get_remote_endpoint() name in kerneldoc (bsc#1051510). - act_mirred: Fix mirred_init_module error handling (bsc#1051510). - Add kernel module compression support (bsc#1135854) For enabling the kernel module compress, add the item COMPRESS_MODULES='xz' in config.sh, then mkspec will pass it to the spec file. - alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP (bsc#1151680). - ALSA: aoa: onyx: always initialize register read value (bsc#1051510). - ALSA: firewire-tascam: check intermediate state of clock status and retry (bsc#1051510). - ALSA: firewire-tascam: handle error code when getting current source of clock (bsc#1051510). - ALSA: hda - Add laptop imic fixup for ASUS M9V laptop (bsc#1051510). - ALSA: hda: Add support of Zhaoxin controller (bsc#1051510). - ALSA: hda - Apply AMD controller workaround for Raven platform (bsc#1051510). - ALSA: hda - Define a fallback_pin_fixup_tbl for alc269 family (bsc#1051510). - ALSA: hda - Drop unsol event handler for Intel HDMI codecs (bsc#1051510). - ALSA: hda - Expand pin_match function to match upcoming new tbls (bsc#1051510). - ALSA: hda: Flush interrupts on disabling (bsc#1051510). - ALSA: hda/hdmi: remove redundant assignment to variable pcm_idx (bsc#1051510). - ALSA: hda - Inform too slow responses (bsc#1051510). - ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93 (bsc#1051510). - ALSA: hda/realtek - Check beep whitelist before assigning in all codecs (bsc#1051510). - ALSA: hda/realtek - Fix alienware headset mic (bsc#1051510). - ALSA: hda/realtek: Reduce the Headphone static noise on XPS 9350/9360 (bsc#1051510). - ALSA: hda: Set fifo_size for both playback and capture streams (bsc#1051510). - ALSA: hda - Show the fatal CORB/RIRB error more clearly (bsc#1051510). - ALSA: hda/sigmatel - remove unused variable 'stac9200_core_init' (bsc#1051510). - ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls() (bsc#1051510). - ALSA: line6: sizeof (byte) is always 1, use that fact (bsc#1051510). - ALSA: usb-audio: Add Pioneer DDJ-SX3 PCM quirck (bsc#1051510). - ALSA: usb-audio: Disable quirks for BOSS Katana amplifiers (bsc#1051510). - ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid (bsc#1051510). - appletalk: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - ASoC: Define a set of DAPM pre/post-up events (bsc#1051510). - ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set (bsc#1051510). - ASoC: es8328: Fix copy-paste error in es8328_right_line_controls (bsc#1051510). - ASoC: Intel: Baytrail: Fix implicit fallthrough warning (bsc#1051510). - ASoC: Intel: Fix use of potentially uninitialized variable (bsc#1051510). - ASoC: Intel: NHLT: Fix debug print format (bsc#1051510). - ASoC: sgtl5000: Fix charge pump source assignment (bsc#1051510). - ASoC: sun4i-i2s: RX and TX counter registers are swapped (bsc#1051510). - ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls (bsc#1051510). - ASoC: wm8988: fix typo in wm8988_right_line_controls (bsc#1051510). - ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init (bsc#1051510). - atm: iphase: Fix Spectre v1 vulnerability (networking-stable-19_08_08). - auxdisplay: panel: need to delete scan_timer when misc_register fails in panel_attach (bsc#1051510). - ax25: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA (bsc#1051510). - blk-flush: do not run queue for requests bypassing flush (bsc#1137959). - blk-flush: use blk_mq_request_bypass_insert() (bsc#1137959). - blk-mq: do not allocate driver tag upfront for flush rq (bsc#1137959). - blk-mq: Fix memory leak in blk_mq_init_allocated_queue error handling (bsc#1151610). - blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue (bsc#1137959). - blk-mq: kABI fixes for blk-mq.h (bsc#1137959). - blk-mq: move blk_mq_put_driver_tag*() into blk-mq.h (bsc#1137959). - blk-mq: punt failed direct issue to dispatch list (bsc#1137959). - blk-mq: put the driver tag of nxt rq before first one is requeued (bsc#1137959). - blk-mq-sched: decide how to handle flush rq via RQF_FLUSH_SEQ (bsc#1137959). - blk-wbt: abstract out end IO completion handler (bsc#1135873). - blk-wbt: fix has-sleeper queueing check (bsc#1135873). - blk-wbt: improve waking of tasks (bsc#1135873). - blk-wbt: move disable check into get_limit() (bsc#1135873). - blk-wbt: use wq_has_sleeper() for wq active check (bsc#1135873). - block: add io timeout to sysfs (bsc#1148410). - block: do not show io_timeout if driver has no timeout handler (bsc#1148410). - block: fix timeout changes for legacy request drivers (bsc#1149446). - block: kABI fixes for BLK_EH_DONE renaming (bsc#1142076). - block: rename BLK_EH_NOT_HANDLED to BLK_EH_DONE (bsc#1142076). - Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices (bsc#1051510). - bnx2x: Disable multi-cos feature (networking-stable-19_08_08). - bnx2x: Fix VF's VLAN reconfiguration in reload (bsc#1086323 ). - bonding: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - bridge/mdb: remove wrong use of NLM_F_MULTI (networking-stable-19_09_15). - btrfs: bail out gracefully rather than BUG_ON (bsc#1153646). - btrfs: check for the full sync flag while holding the inode lock during fsync (bsc#1153713). - btrfs: Ensure btrfs_init_dev_replace_tgtdev sees up to date values (bsc#1154651). - btrfs: Ensure replaced device does not have pending chunk allocation (bsc#1154607). - btrfs: fix use-after-free when using the tree modification log (bsc#1151891). - btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls (bsc#1152975). - btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space (bsc#1152974). - btrfs: relocation: fix use-after-free on dead relocation roots (bsc#1152972). - btrfs: remove wrong use of volume_mutex from btrfs_dev_replace_start (bsc#1154651). - can: mcp251x: mcp251x_hw_reset(): allow more time after a reset (bsc#1051510). - can: xilinx_can: xcan_probe(): skip error message on deferred probe (bsc#1051510). - cdc_ether: fix rndis support for Mediatek based smartphones (networking-stable-19_09_15). - cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize (bsc#1051510). - ceph: fix directories inode i_blkbits initialization (bsc#1153717). - ceph: reconnect connection if session hang in opening state (bsc#1153718). - ceph: update the mtime when truncating up (bsc#1153719). - ceph: use ceph_evict_inode to cleanup inode's resource (bsc#1148133). - cfg80211: add and use strongly typed element iteration macros (bsc#1051510). - cfg80211: Purge frame registrations on iftype change (bsc#1051510). - clk: at91: fix update bit maps on CFG_MOR write (bsc#1051510). - clk: at91: select parent if main oscillator or bypass is enabled (bsc#1051510). - clk: qoriq: Fix -Wunused-const-variable (bsc#1051510). - clk: sirf: Do not reference clk_init_data after registration (bsc#1051510). - clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks (bsc#1051510). - clk: sunxi-ng: v3s: add the missing PLL_DDR1 (bsc#1051510). - clk: zx296718: Do not reference clk_init_data after registration (bsc#1051510). - crypto: caam - fix concurrency issue in givencrypt descriptor (bsc#1051510). - crypto: caam - free resources in case caam_rng registration failed (bsc#1051510). - crypto: cavium/zip - Add missing single_release() (bsc#1051510). - crypto: ccp - Reduce maximum stack usage (bsc#1051510). - crypto: qat - Silence smp_processor_id() warning (bsc#1051510). - crypto: skcipher - Unmap pages after an external error (bsc#1051510). - crypto: talitos - fix missing break in switch statement (bsc#1142635). - cxgb4: fix endianness for vlan value in cxgb4_tc_flower (bsc#1064802 bsc#1066129). - cxgb4: offload VLAN flows regardless of VLAN ethtype (bsc#1064802 bsc#1066129). - cxgb4: reduce kernel stack usage in cudbg_collect_mem_region() (bsc#1073513). - cxgb4: Signedness bug in init_one() (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: smt: Add lock for atomic_dec_and_test (bsc#1064802 bsc#1066129). - dasd_fba: Display '00000000' for zero page when dumping sense (bsc#1123080). - /dev/mem: Bail out upon SIGKILL (git-fixes). - dmaengine: dw: platform: Switch to acpi_dma_controller_register() (bsc#1051510). - dmaengine: iop-adma.c: fix printk format warning (bsc#1051510). - drivers: thermal: int340x_thermal: Fix sysfs race condition (bsc#1051510). - drm/amdgpu: Check for valid number of registers to read (bsc#1051510). - drm/amdgpu/si: fix ASIC tests (git-fixes). - drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2) (bsc#1051510). - drm/ast: Fixed reboot test may cause system hanged (bsc#1051510). - drm/bridge: tc358767: Increase AUX transfer length limit (bsc#1051510). - drm: Flush output polling on shutdown (bsc#1051510). - drm/i915: Fix various tracepoints for gen2 (bsc#1113722) - drm/imx: Drop unused imx-ipuv3-crtc.o build (bsc#1113722) - drm/msm/dsi: Implement reset correctly (bsc#1051510). - drm/panel: simple: fix AUO g185han01 horizontal blanking (bsc#1051510). - drm/radeon: Fix EEH during kexec (bsc#1051510). - drm/tilcdc: Register cpufreq notifier after we have initialized crtc (bsc#1051510). - drm/vmwgfx: Fix double free in vmw_recv_msg() (bsc#1051510). - Drop multiversion(kernel) from the KMP template (bsc#1127155). - e1000e: add workaround for possible stalled packet (bsc#1051510). - EDAC/amd64: Decode syndrome before translating address (bsc#1114279). - eeprom: at24: make spd world-readable again (git-fixes). - ext4: fix warning inside ext4_convert_unwritten_extents_endio (bsc#1152025). - ext4: set error return correctly when ext4_htree_store_dirent fails (bsc#1152024). - firmware: dmi: Fix unlikely out-of-bounds read in save_mem_devices (git-fixes). - Fix AMD IOMMU kABI (bsc#1154610). - Fix kabi for: NFSv4: Fix OPEN / CLOSE race (git-fixes). - Fix KVM kABI after x86 mmu backports (bsc#1117665). - gpio: fix line flag validation in lineevent_create (bsc#1051510). - gpio: fix line flag validation in linehandle_create (bsc#1051510). - gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist (bsc#1051510). - gpiolib: only check line handle flags once (bsc#1051510). - gpio: Move gpiochip_lock/unlock_as_irq to gpio/driver.h (bsc#1051510). - gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property() (bsc#1051510). - HID: apple: Fix stuck function keys when using FN (bsc#1051510). - HID: hidraw: Fix invalid read in hidraw_ioctl (bsc#1051510). - HID: logitech: Fix general protection fault caused by Logitech driver (bsc#1051510). - HID: prodikeys: Fix general protection fault during probe (bsc#1051510). - HID: sony: Fix memory corruption issue on cleanup (bsc#1051510). - hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap' (bsc#1051510). - hwmon: (lm75) Fix write operations for negative temperatures (bsc#1051510). - hwmon: (shtc1) fix shtc1 and shtw1 id mask (bsc#1051510). - hwrng: core - do not wait on add_early_randomness() (git-fixes). - i2c: riic: Clear NACK in tend isr (bsc#1051510). - IB/core, ipoib: Do not overreact to SM LID change event (bsc#1154108) - IB/hfi1: Remove overly conservative VM_EXEC flag check (bsc#1144449). - IB/mlx5: Consolidate use_umr checks into single function (bsc#1093205). - IB/mlx5: Fix MR re-registration flow to use UMR properly (bsc#1093205). - IB/mlx5: Report correctly tag matching rendezvous capability (bsc#1046305). - ieee802154: atusb: fix use-after-free at disconnect (bsc#1051510). - ieee802154: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - ife: error out when nla attributes are empty (networking-stable-19_08_08). - iio: adc: ad799x: fix probe error handling (bsc#1051510). - iio: dac: ad5380: fix incorrect assignment to val (bsc#1051510). - iio: light: opt3001: fix mutex unlock race (bsc#1051510). - ima: always return negative code for error (bsc#1051510). - Input: da9063 - fix capability and drop KEY_SLEEP (bsc#1051510). - Input: elan_i2c - remove Lenovo Legion Y7000 PnpID (bsc#1051510). - iommu/amd: Apply the same IVRS IOAPIC workaround to Acer Aspire A315-41 (bsc#1137799). - iommu/amd: Check PM_LEVEL_SIZE() condition in locked section (bsc#1154608). - iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge systems (bsc#1137799). - iommu/amd: Remove domain->updated (bsc#1154610). - iommu/amd: Wait for completion of IOTLB flush in attach_device (bsc#1154611). - iommu/dma: Fix for dereferencing before null checking (bsc#1151667). - iommu/iova: Avoid false sharing on fq_timer_on (bsc#1151671). - ip6_tunnel: fix possible use-after-free on xmit (networking-stable-19_08_08). - ipmi_si: Only schedule continuously in the thread in maintenance mode (bsc#1051510). - ipv6/addrconf: allow adding multicast addr if IFA_F_MCAUTOJOIN is set (networking-stable-19_08_28). - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()' (networking-stable-19_09_15). - isdn/capi: check message length in capi_write() (bsc#1051510). - ixgbe: Prevent u8 wrapping of ITR value to something less than 10us (bsc#1101674). - ixgbe: sync the first fragment unconditionally (bsc#1133140). - kABI: media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). fixes kABI - kABI: media: em28xx: stop rewriting device's struct (bsc#1051510). fixes kABI - kABI: net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05). - kABI/severities: Whitelist functions internal to radix mm. To call these functions you have to first detect if you are running in radix mm mode which can't be expected of OOT code. - kABI workaround for snd_hda_pick_pin_fixup() changes (bsc#1051510). - kernel-subpackage-build: create zero size ghost for uncompressed vmlinux (bsc#1154354). It is not strictly necessary to uncompress it so maybe the ghost file can be 0 size in this case. - kernel/sysctl.c: do not override max_threads provided by userspace (bnc#1150875). - KVM: Convert kvm_lock to a mutex (bsc#1117665). - KVM: MMU: drop vcpu param in gpte_access (bsc#1117665). - KVM: PPC: Book3S: Fix incorrect guest-to-user-translation error handling (bsc#1061840). - KVM: PPC: Book3S HV: Check for MMU ready on piggybacked virtual cores (bsc#1061840). - KVM: PPC: Book3S HV: Do not lose pending doorbell request on migration on P9 (bsc#1061840). - KVM: PPC: Book3S HV: Do not push XIVE context when not using XIVE device (bsc#1061840). - KVM: PPC: Book3S HV: Fix lockdep warning when entering the guest (bsc#1061840). - KVM: PPC: Book3S HV: Fix race in re-enabling XIVE escalation interrupts (bsc#1061840). - KVM: PPC: Book3S HV: Handle virtual mode in XIVE VCPU push code (bsc#1061840). - KVM: PPC: Book3S HV: use smp_mb() when setting/clearing host_ipi flag (bsc#1061840). - KVM: PPC: Book3S HV: XIVE: Free escalation interrupts before disabling the VP (bsc#1061840). - KVM: x86: add tracepoints around __direct_map and FNAME(fetch) (bsc#1117665). - KVM: x86: adjust kvm_mmu_page member to save 8 bytes (bsc#1117665). - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (bsc#1117665). - KVM: x86: Do not release the page inside mmu_set_spte() (bsc#1117665). - KVM: x86: make FNAME(fetch) and __direct_map more similar (bsc#1117665). - KVM: x86, powerpc: do not allow clearing largepages debugfs entry (bsc#1117665). - KVM: x86: remove now unneeded hugepage gfn adjustment (bsc#1117665). - leds: leds-lp5562 allow firmware files up to the maximum length (bsc#1051510). - leds: trigger: gpio: GPIO 0 is valid (bsc#1051510). - libertas: Add missing sentinel at end of if_usb.c fw_table (bsc#1051510). - libertas_tf: Use correct channel range in lbtf_geo_init (bsc#1051510). - libiscsi: do not try to bypass SCSI EH (bsc#1142076). - lib/mpi: Fix karactx leak in mpi_powm (bsc#1051510). - livepatch: Nullify obj->mod in klp_module_coming()'s error path (bsc#1071995). - mac80211: accept deauth frames in IBSS mode (bsc#1051510). - mac80211: minstrel_ht: fix per-group max throughput rate initialization (bsc#1051510). - macsec: drop skb sk before calling gro_cells_receive (bsc#1051510). - md: do not report active array_state until after revalidate_disk() completes (git-fixes). - md: only call set_in_sync() when it is expected to succeed (git-fixes). - md/raid6: Set R5_ReadError when there is read failure on parity disk (git-fixes). - media: atmel: atmel-isc: fix asd memory allocation (bsc#1135642). - media: atmel: atmel-isi: fix timeout value for stop streaming (bsc#1051510). - media: cpia2_usb: fix memory leaks (bsc#1051510). - media: dib0700: fix link error for dibx000_i2c_set_speed (bsc#1051510). - media: dvb-core: fix a memory leak bug (bsc#1051510). - media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). - media: em28xx: stop rewriting device's struct (bsc#1051510). - media: exynos4-is: fix leaked of_node references (bsc#1051510). - media: fdp1: Reduce FCP not found message level to debug (bsc#1051510). - media: gspca: zero usb_buf on error (bsc#1051510). - media: hdpvr: Add device num check and handling (bsc#1051510). - media: hdpvr: add terminating 0 at end of string (bsc#1051510). - media: i2c: ov5645: Fix power sequence (bsc#1051510). - media: iguanair: add sanity checks (bsc#1051510). - media: marvell-ccic: do not generate EOF on parallel bus (bsc#1051510). - media: mc-device.c: do not memset __user pointer contents (bsc#1051510). - media: omap3isp: Do not set streaming state on random subdevs (bsc#1051510). - media: omap3isp: Set device on omap3isp subdevs (bsc#1051510). - media: ov6650: Fix sensor possibly not detected on probe (bsc#1051510). - media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper (bsc#1051510). - media: ov9650: add a sanity check (bsc#1051510). - media: radio/si470x: kill urb on error (bsc#1051510). - media: replace strcpy() by strscpy() (bsc#1051510). - media: Revert '[media] marvell-ccic: reset ccic phy when stop streaming for stability' (bsc#1051510). - media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate() (bsc#1051510). - media: saa7146: add cleanup in hexium_attach() (bsc#1051510). - media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table (bsc#1051510). - media: stkwebcam: fix runtime PM after driver unbind (bsc#1051510). - media: technisat-usb2: break out of loop at end of buffer (bsc#1051510). - media: tm6000: double free if usb disconnect while streaming (bsc#1051510). - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() (bsc#1051510). - media: vb2: Fix videobuf2 to map correct area (bsc#1051510). - memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()' (bsc#1051510). - mfd: intel-lpss: Remove D3cold delay (bsc#1051510). - mic: avoid statically declaring a 'struct device' (bsc#1051510). - mISDN: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - mld: fix memory leak in mld_del_delrec() (networking-stable-19_09_05). - mmc: sdhci: Fix incorrect switch to HS mode (bsc#1051510). - mmc: sdhci: improve ADMA error reporting (bsc#1051510). - mmc: sdhci-msm: fix mutex while in spinlock (bsc#1142635). - mmc: sdhci-of-arasan: Do now show error message in case of deffered probe (bsc#1119086). - mmc: sdhci-of-esdhc: set DMA snooping based on DMA coherence (bsc#1051510). - mtd: spi-nor: Fix Cadence QSPI RCU Schedule Stall (bsc#1051510). - mvpp2: refactor MTU change code (networking-stable-19_08_08). - net: bridge: delete local fdb on device init failure (networking-stable-19_08_08). - net: bridge: mcast: do not delete permanent entries when fast leave is enabled (networking-stable-19_08_08). - net: fix ifindex collision during namespace removal (networking-stable-19_08_08). - net: Fix null de-reference of device refcount (networking-stable-19_09_15). - net: fix skb use after free in netpoll (networking-stable-19_09_05). - net: gso: Fix skb_segment splat when splitting gso_size mangled skb having linear-headed frag_list (networking-stable-19_09_15). - net/ibmvnic: Fix EOI when running in XIVE mode (bsc#1089644, ltc#166495, ltc#165544, git-fixes). - net/ibmvnic: prevent more than one thread from running in reset (bsc#1152457 ltc#174432). - net/ibmvnic: unlock rtnl_lock in reset so linkwatch_event can run (bsc#1152457 ltc#174432). - net/mlx4_en: fix a memory leak bug (bsc#1046299). - net/mlx5: Add device ID of upcoming BlueField-2 (bsc#1046303 ). - net/mlx5e: Only support tx/rx pause setting for port owner (networking-stable-19_08_21). - net/mlx5e: Prevent encap flow counter update async to user query (networking-stable-19_08_08). - net/mlx5e: Use flow keys dissector to parse packets for ARFS (networking-stable-19_08_21). - net/mlx5: Fix error handling in mlx5_load() (bsc#1046305 ). - net/mlx5: Use reversed order when unregister devices (networking-stable-19_08_08). - net/packet: fix race in tpacket_snd() (networking-stable-19_08_21). - net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05). - net: sched: Fix a possible null-pointer dereference in dequeue_func() (networking-stable-19_08_08). - net/smc: make sure EPOLLOUT is raised (networking-stable-19_08_28). - net: stmmac: dwmac-rk: Do not fail if phy regulator is absent (networking-stable-19_09_05). - nfc: fix attrs checks in netlink interface (bsc#1051510). - nfc: fix memory leak in llcp_sock_bind() (bsc#1051510). - nfc: pn533: fix use-after-free and memleaks (bsc#1051510). - NFS4: Fix v4.0 client state corruption when mount (git-fixes). - nfsd: degraded slot-count more gracefully as allocation nears exhaustion (bsc#1150381). - nfsd: Do not release the callback slot unless it was actually held (git-fixes). - nfsd: Fix overflow causing non-working mounts on 1 TB machines (bsc#1150381). - nfsd: fix performance-limiting session calculation (bsc#1150381). - nfsd: give out fewer session slots as limit approaches (bsc#1150381). - nfsd: handle drc over-allocation gracefully (bsc#1150381). - nfsd: increase DRC cache limit (bsc#1150381). - NFS: Do not interrupt file writeout due to fatal errors (git-fixes). - NFS: Do not open code clearing of delegation state (git-fixes). - NFS: Ensure O_DIRECT reports an error if the bytes read/written is 0 (git-fixes). - NFS: Fix regression whereby fscache errors are appearing on 'nofsc' mounts (git-fixes). - NFS: Forbid setting AF_INET6 to 'struct sockaddr_in'->sin_family (git-fixes). - NFS: Refactor nfs_lookup_revalidate() (git-fixes). - NFS: Remove redundant semicolon (git-fixes). - NFSv4.1: Again fix a race where CB_NOTIFY_LOCK fails to wake a waiter (git-fixes). - NFSv4.1: Fix open stateid recovery (git-fixes). - NFSv4.1: Only reap expired delegations (git-fixes). - NFSv4: Check the return value of update_open_stateid() (git-fixes). - NFSv4: Fix an Oops in nfs4_do_setattr (git-fixes). - NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim() (git-fixes). - NFSv4: Fix delegation state recovery (git-fixes). - NFSv4: Fix lookup revalidate of regular files (git-fixes). - NFSv4: Fix OPEN / CLOSE race (git-fixes). - NFSv4: Handle the special Linux file open access mode (git-fixes). - NFSv4: Only pass the delegation to setattr if we're sending a truncate (git-fixes). - NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend() (git-fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - null_blk: complete requests from ->timeout (bsc#1149446). - null_blk: wire up timeouts (bsc#1149446). - nvme: fix multipath crash when ANA is deactivated (bsc#1149446). - nvmem: Use the same permissions for eeprom as for nvmem (git-fixes). - nvme-rdma: Allow DELETING state change failure in (bsc#1104967,). - nvme-rdma: centralize admin/io queue teardown sequence (bsc#1142076). - nvme-rdma: centralize controller setup sequence (bsc#1142076). - nvme-rdma: fix a NULL deref when an admin connect times out (bsc#1149446). - nvme-rdma: fix timeout handler (bsc#1149446). - nvme-rdma: stop admin queue before freeing it (bsc#1140155). - nvme-rdma: support up to 4 segments of inline data (bsc#1142076). - nvme-rdma: unquiesce queues when deleting the controller (bsc#1142076). - nvme: remove ns sibling before clearing path (bsc#1140155). - nvme: return BLK_EH_DONE from ->timeout (bsc#1142076). - objtool: Clobber user CFLAGS variable (bsc#1153236). - PCI: Correct pci=resource_alignment parameter example (bsc#1051510). - PCI: dra7xx: Fix legacy INTD IRQ handling (bsc#1087092). - PCI: hv: Detect and fix Hyper-V PCI domain number collision (bsc#1150423). - PCI: hv: Use bytes 4 and 5 from instance ID as the PCI domain numbers (bsc#1153263). - PCI: PM: Fix pci_power_up() (bsc#1051510). - phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current (bsc#1051510). - pinctrl: tegra: Fix write barrier placement in pmx_writel (bsc#1051510). - platform/x86: classmate-laptop: remove unused variable (bsc#1051510). - platform/x86: pmc_atom: Add Siemens SIMATIC IPC227E to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Add Siemens SIMATIC IPC277E to critclk_systems DMI table (bsc#1051510). - PM: sleep: Fix possible overflow in pm_system_cancel_wakeup() (bsc#1051510). - PNFS fallback to MDS if no deviceid found (git-fixes). - pNFS/flexfiles: Fix PTR_ERR() dereferences in ff_layout_track_ds_error (git-fixes). - pNFS/flexfiles: Turn off soft RPC calls (git-fixes). - powerpc/64: Make sys_switch_endian() traceable (bsc#1065729). - powerpc/64s/pseries: radix flush translations before MMU is enabled at boot (bsc#1055186). - powerpc/64s/radix: Fix MADV_[FREE|DONTNEED] TLB flush miss problem with THP (bsc#1152161 ltc#181664). - powerpc/64s/radix: Fix memory hotplug section page table creation (bsc#1065729). - powerpc/64s/radix: Fix memory hot-unplug page table split (bsc#1065729). - powerpc/64s/radix: Implement _tlbie(l)_va_range flush functions (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve preempt handling in TLB code (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve TLB flushing for page table freeing (bsc#1152161 ltc#181664). - powerpc/64s/radix: Introduce local single page ceiling for TLB range flush (bsc#1055117 bsc#1152161 ltc#181664). - powerpc/64s/radix: keep kernel ERAT over local process/guest invalidates (bsc#1055186). - powerpc/64s/radix: Optimize flush_tlb_range (bsc#1152161 ltc#181664). - powerpc/64s/radix: tidy up TLB flushing code (bsc#1055186). - powerpc/64s: Rename PPC_INVALIDATE_ERAT to PPC_ISA_3_0_INVALIDATE_ERAT (bsc#1055186). - powerpc/book3s64/mm: Do not do tlbie fixup for some hardware revisions (bsc#1152161 ltc#181664). - powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG feature flag (bsc#1152161 ltc#181664). - powerpc: bpf: Fix generation of load/store DW instructions (bsc#1065729). - powerpc/bpf: use unsigned division instruction for 64-bit operations (bsc#1065729). - powerpc: Drop page_is_ram() and walk_system_ram_range() (bsc#1065729). - powerpc/irq: Do not WARN continuously in arch_local_irq_restore() (bsc#1065729). - powerpc/irq: drop arch_early_irq_init() (bsc#1065729). - powerpc/mm/book3s64: Move book3s64 code to pgtable-book3s64 (bsc#1055186). - powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue on POWER9 (bsc#1152161 ltc#181664). - powerpc/mm: mark more tlb functions as __always_inline (bsc#1055186). - powerpc/mm: Properly invalidate when setting process table base (bsc#1055186). - powerpc/mm/radix: Drop unneeded NULL check (bsc#1152161 ltc#181664). - powerpc/mm/radix: implement LPID based TLB flushes to be used by KVM (bsc#1152161 ltc#181664). - powerpc/mm/radix: mark as __tlbie_pid() and friends as__always_inline (bsc#1055186). - powerpc/mm/radix: mark __radix__flush_tlb_range_psize() as __always_inline (bsc#1055186). - powerpc/mm: Simplify page_is_ram by using memblock_is_memory (bsc#1065729). - powerpc/mm: Use memblock API for PPC32 page_is_ram (bsc#1065729). - powerpc/module64: Fix comment in R_PPC64_ENTRY handling (bsc#1065729). - powerpc/powernv: Fix compile without CONFIG_TRACEPOINTS (bsc#1065729). - powerpc/powernv/ioda2: Allocate TCE table levels on demand for default DMA window (bsc#1061840). - powerpc/powernv/ioda: Fix race in TCE level allocation (bsc#1061840). - powerpc/powernv: move OPAL call wrapper tracing and interrupt handling to C (bsc#1065729). - powerpc/powernv/npu: Remove obsolete comment about TCE_KILL_INVAL_ALL (bsc#1065729). - powerpc/pseries: Call H_BLOCK_REMOVE when supported (bsc#1109158). - powerpc/pseries: Export maximum memory value (bsc#1122363). - powerpc/pseries: Export raw per-CPU VPA data via debugfs (). - powerpc/pseries: Fix cpu_hotplug_lock acquisition in resize_hpt() (bsc#1065729). - powerpc/pseries/memory-hotplug: Fix return value type of find_aa_index (bsc#1065729). - powerpc/pseries/mobility: use cond_resched when updating device tree (bsc#1153112 ltc#181778). - powerpc/pseries: Read TLB Block Invalidate Characteristics (bsc#1109158). - powerpc/pseries: Remove confusing warning message (bsc#1109158). - powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning (bsc#1148868). - powerpc/rtas: allow rescheduling while changing cpu states (bsc#1153112 ltc#181778). - powerpc/xive: Fix bogus error code returned by OPAL (bsc#1065729). - powerpc/xive: Implement get_irqchip_state method for XIVE to fix shutdown race (bsc#1065729). - powerpc/xmon: Fix opcode being uninitialized in print_insn_powerpc (bsc#1065729). - power: reset: gpio-restart: Fix typo when gpio reset is not found (bsc#1051510). - power: supply: Init device wakeup after device_add() (bsc#1051510). - power: supply: sysfs: ratelimit property read error message (bsc#1051510). - ppp: Fix memory leak in ppp_write (git-fixes). - printk: Do not lose last line in kmsg buffer dump (bsc#1152460). - printk: fix printk_time race (bsc#1152466). - printk/panic: Avoid deadlock in printk() after stopping CPUs by NMI (bsc#1148712). - qed: iWARP - Fix default window size to be based on chip (bsc#1050536 bsc#1050545). - qed: iWARP - Fix tc for MPA ll2 connection (bsc#1050536 bsc#1050545). - qed: iWARP - fix uninitialized callback (bsc#1050536 bsc#1050545). - qed: iWARP - Use READ_ONCE and smp_store_release to access ep->state (bsc#1050536 bsc#1050545). - qla2xxx: kABI fixes for v10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - qla2xxx: remove SGI SN2 support (bsc#1123034 bsc#1131304 bsc#1127988). - quota: fix wrong condition in is_quota_modification() (bsc#1152026). - r8152: Set memory to all 0xFFs on failed reg reads (bsc#1051510). - RDMA/bnxt_re: Fix spelling mistake 'missin_resp' -> 'missing_resp' (bsc#1050244). - RDMA: Fix goto target to release the allocated memory (bsc#1050244). - regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg (bsc#1051510). - Revert 'mwifiex: fix system hang problem after resume' (bsc#1051510). - Revert 'Revert 'rpm/kernel-binary.spec.in: rename kGraft to KLP ()'' This reverts commit 468af43c8fd8509820798b6d8ed363fc417ca939 Should get this rename again with next SLE15 merge. - rtlwifi: rtl8192cu: Fix value set in descriptor (bsc#1142635). - s390/crypto: fix gcm-aes-s390 selftest failures (bsc#1137861 LTC#178091). - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero (networking-stable-19_09_15). - scsi: lpfc: Fix null ptr oops updating lpfc_devloss_tmo via sysfs attribute (bsc#1140845). - scsi: lpfc: Fix propagation of devloss_tmo setting to nvme transport (bsc#1140883). - scsi: lpfc: Remove bg debugfs buffers (bsc#1144375). - scsi: qedf: fc_rport_priv reference counting fixes (bsc#1098291). - scsi: qedf: Modify abort and tmf handler to handle edge condition and flush (bsc#1098291). - scsi: qla2xxx: Add 28xx flash primary/secondary status/image mechanism (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add Device ID for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add First Burst support for FC-NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add fw_attr and port_no SysFS node (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add new FW dump template entry types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add pci function reset support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add protection mask module parameters (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add Serdes support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for multiple fwdump templates/segments (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for setting port speed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Allow NVMe IO to resume with short cable pull (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: allow session delete to finish before create (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid PCI IRQ affinity mapping when multiqueue is not supported (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: avoid printf format warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that Coverity complains about dereferencing a NULL rport pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if called twice (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change abort wait_loop from msleep to wait_event_timeout (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change data_dsd into an array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change default ZIO threshold (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla24xx_read_flash_data() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla2x00_update_ms_fdmi_iocb() into void (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for FW started flag before aborting (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: check for kstrtol() failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check secondary image if reading the primary image fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the PCI info string output buffer size (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the size of firmware data structures at compile time (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup fcport memory to prevent leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds during unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: cleanup trace buffer initialization (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a command is released that is owned by the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a mailbox command times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a soft reset fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if parsing the version string fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if sp->done() is not called from the completion path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if waiting for pending commands times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain loudly about reference count underflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correct error handling during initialization failures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correction and improvement to fwdt processing (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correctly report max/min supported speeds (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: deadlock by configfs_depend_item (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare fourth qla2x00_set_model_info() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare local symbols static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla_tgt_cmd.cdb const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare the fourth ql_dump_buffer() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Do not corrupt vha->plogi_ack_list (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Downgrade driver to 10.01.00.19-k There are upstream bug reports against 10.01.00.19-k which haven't been resolved. Also the newer version failed to get a proper review. For time being it's better to got with the older version and do not introduce new bugs. - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Enable type checking for the SRB free and done callback functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix abort timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a NULL pointer dereference (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a qla24xx_enable_msix() error path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a recently introduced kernel warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a small typo in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix code indentation for qla27xx_fwdt_entry (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment alignment in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment in MODULE_PARM_DESC in qla2xxx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix different size DMA Alloc/Unmap (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA error when the DIF sg buffer crosses 4GB boundary (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA unmap leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver reload for ISP82xx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are connected (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix fcport null pointer access (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix flash read for Qlogic ISPs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix formatting of pointer types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw dump corruption (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw options handle eh_bus_reset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hang in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardirq-unsafe locking (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardlockup in abort command during driver remove (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix kernel crash after disconnecting NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix message indicating vectors used by driver (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link reset (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link up fail (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Nport ID display value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVMe port discovery after a short device port loss (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix possible fcport null-pointer dereferences (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix premature timer expiration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix read offset in qla24xx_load_risc_flash() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix routine qla27xx_dump_{mpi|ram}() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session cleanup hang (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session lookup in qlt_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake 'alredy' -> 'already' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake 'initializatin' -> 'initialization' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix SRB allocation flag to avoid sleeping in IRQ context (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stuck login session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unload when NVMe devices are configured (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix use-after-free issues in qla2xxx_qpair_sp_free_dma() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: flush IO on chip reset or sess delete (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Further limit FLASH region write access from SysFS (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve Linux kernel coding style conformance (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve logging for scan thread (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Include the <asm/unaligned.h> header file from qla_dsd.h (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the max_sgl_segments to 1024 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the size of the mailbox arrays from 4 to 8 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Insert spaces where required (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2xxx_get_next_handle() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the be_id_t and le_id_t data types for FC src/dst IDs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the dsd32 and dsd64 data structures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Leave a blank line after declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Let the compiler check the type of the SCSI command context pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Log the status code if a firmware command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make it explicit that ELS pass-through IOCBs use little endian (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_mem_free() easier to verify (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_process_response_queue() easier to read (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qlt_handle_abts_completion() more robust (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make sure that aborted commands are freed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Modify NVMe include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move debug messages before sending srb preventing panic (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: move IO flush to the front of NVME rport unregistration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move marker request behind QPair (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_clear_loop_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_is_reserved_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids() definition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the <linux/io-64-nonatomic-lo-hi.h> include directive (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the port_state_str definition from a .h to a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: no need to check return value of debugfs_create functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: on session delete, return nvme cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Pass little-endian values to the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent memory leak for CT req/rsp allocation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent multiple ADISC commands per session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent SysFS access when chip is down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Really fix qla2xxx_eh_abort() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of casts in GID list code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of forward declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the scope of three local variables in qla2xxx_queuecommand() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reject EH_{abort|device_reset|target_request} (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a comment that refers to the SCSI host lock (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove an include directive from qla_mr.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous forward declaration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous pointer check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove dead code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove double assignment in qla2x00_update_fcport (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove FW default template (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove redundant null check on pointer sess (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove set but not used variable 'ptr_dma' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove superfluous sts_entry_* casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove the fcport test from qla_nvme_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous if-tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary locking from the target code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary null check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unreachable code from qla83xx_idc_lock() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove useless set memory to zero use memset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove WARN_ON_ONCE in qla2x00_status_cont_entry() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Replace vmalloc + memset with vzalloc (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report invalid mailbox status codes (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report the firmware status code if a mailbox command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Restore FAWWPN of Physical Port only for loop down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Retry fabric Scan on IOCB queue full (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Rework key encoding in qlt_find_host_by_d_id() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Secure flash update support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remote port devloss timeout to 0 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remove flag for all VP (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the responder mode if appropriate for ELS pass-through IOCBs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the SCSI command result before calling the command done (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence fwdump template message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence Successful ELS IOCB message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplification of register address used in qla_tmpl.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify a debug statement (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify conditional check again (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_abort_sp_done() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_async_abort_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_lport_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_send_term_imm_notif() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Skip FW dump on LOOP initialization error (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress a Coveritiy complaint about integer overflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress multiple Coverity complaint about out-of-bounds accesses (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: target: Fix offline port handling and host reset handling (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Uninline qla2x00_init_timer() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Unregister resources in the opposite order of the registration order (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.13-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.14-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.15-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.16-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.19-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update flash read/write routine (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use an on-stack completion in qla24xx_control_vp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use ARRAY_SIZE() in the definition of QLA_LAST_SPEED (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use common update-firmware-options routine for ISP27xx+ (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use complete switch scan for RSCN events (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use Correct index for Q-Pair array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use get/put_unaligned where appropriate (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use __le64 instead of uint32_t for sending DMA addresses to firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use memcpy() and strlcpy() instead of strcpy() and strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use mutex protection during qla2x00_sysfs_read_fw_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use strlcpy() instead of strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs instead of spaces for indentation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs to indent code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Verify locking assumptions at runtime (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: scsi_dh_rdac: zero cdb in send_mode_select() (bsc#1149313). - scsi: scsi_transport_fc: nvme: display FC-NVMe port roles (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: storvsc: setup 1:1 mapping between hardware queue and CPU queue (bsc#1140729). - scsi: tcm_qla2xxx: Minimize #include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi_transport_fc: complete requests from ->timeout (bsc#1142076). - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()' (networking-stable-19_09_15). - sctp: fix the transport error_count check (networking-stable-19_08_21). - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike (networking-stable-19_09_15). - secure boot lockdown: Fix-up backport of /dev/mem access restriction The upstream-submitted patch set has evolved over time, align our patches (contents and description) to reflect the current status as far as /dev/mem access is concerned. - Sign non-x86 kernels when possible (boo#1134303) - sky2: Disable MSI on yet another ASUS boards (P6Xxxx) (bsc#1051510). - slip: make slhc_free() silently accept an error pointer (bsc#1051510). - slip: sl_alloc(): remove unused parameter 'dev_t line' (bsc#1051510). - sock_diag: fix autoloading of the raw_diag module (bsc#1152791). - sock_diag: request _diag module only when the family or proto has been registered (bsc#1152791). - staging: vt6655: Fix memory leak in vt6655_probe (bsc#1051510). - SUNRPC fix regression in umount of a secure mount (git-fixes). - SUNRPC: Handle connection breakages correctly in call_status() (git-fixes). - SUNRPC/nfs: Fix return value for nfs4_callback_compound() (git-fixes). - tcp: Do not dequeue SYN/FIN-segments from write-queue (git-gixes). - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR (networking-stable-19_09_15). - tcp: inherit timestamp on mtu probe (networking-stable-19_09_05). - tcp: make sure EPOLLOUT wont be missed (networking-stable-19_08_28). - tcp: remove empty skb from write queue in error cases (networking-stable-19_09_05). - team: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - thermal: Fix use-after-free when unregistering thermal zone device (bsc#1051510). - thermal_hwmon: Sanitize thermal_zone type (bsc#1051510). - tipc: add NULL pointer check before calling kfree_rcu (networking-stable-19_09_15). - tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts (bsc#1082555). - tracing: Initialize iter->seq after zeroing in tracing_read_pipe() (bsc#1151508). - tun: fix use-after-free when register netdev failed (networking-stable-19_09_15). - tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (bsc#1145099). - tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (bsc#1145099). - usb: adutux: fix NULL-derefs on disconnect (bsc#1142635). - usb: adutux: fix use-after-free on disconnect (bsc#1142635). - usb: adutux: fix use-after-free on release (bsc#1051510). - usb: chaoskey: fix use-after-free on release (bsc#1051510). - usb: dummy-hcd: fix power budget for SuperSpeed mode (bsc#1051510). - usb: iowarrior: fix use-after-free after driver unbind (bsc#1051510). - usb: iowarrior: fix use-after-free on disconnect (bsc#1051510). - usb: iowarrior: fix use-after-free on release (bsc#1051510). - usb: legousbtower: fix deadlock on disconnect (bsc#1142635). - usb: legousbtower: fix open after failed reset request (bsc#1142635). - usb: legousbtower: fix potential NULL-deref on disconnect (bsc#1142635). - usb: legousbtower: fix slab info leak at probe (bsc#1142635). - usb: legousbtower: fix use-after-free on release (bsc#1051510). - usb: microtek: fix info-leak at probe (bsc#1142635). - usbnet: ignore endpoints with invalid wMaxPacketSize (bsc#1051510). - usbnet: sanity checking of packet sizes and device mtu (bsc#1051510). - usb: serial: fix runtime PM after driver unbind (bsc#1051510). - usb: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20 (bsc#1051510). - usb: serial: keyspan: fix NULL-derefs on open() and write() (bsc#1051510). - usb: serial: option: add support for Cinterion CLS8 devices (bsc#1051510). - usb: serial: option: add Telit FN980 compositions (bsc#1051510). - usb: usbcore: Fix slab-out-of-bounds bug during device reset (bsc#1051510). - usb: usblcd: fix I/O after disconnect (bsc#1142635). - usb: usblp: fix runtime PM after driver unbind (bsc#1051510). - usb: usb-skeleton: fix NULL-deref on disconnect (bsc#1051510). - usb: usb-skeleton: fix runtime PM after driver unbind (bsc#1051510). - usb: usb-skeleton: fix use-after-free after driver unbind (bsc#1051510). - usb: xhci: wait for CNR controller not ready bit in xhci resume (bsc#1051510). - usb: yurex: Do not retry on unexpected errors (bsc#1051510). - usb: yurex: fix NULL-derefs on disconnect (bsc#1051510). - vfio_pci: Restore original state on release (bsc#1051510). - vhost_net: conditionally enable tx polling (bsc#1145099). - vhost_net: conditionally enable tx polling (bsc#1145099). - video: of: display_timing: Add of_node_put() in of_get_display_timing() (bsc#1051510). - video: ssd1307fb: Start page range at page_offset (bsc#1113722) - watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout (bsc#1051510). - x86/asm: Fix MWAITX C-state hint value (bsc#1114279). - x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h (bsc#1114279). - x86/fpu: Add FPU state copying quirk to handle XRSTOR failure on Intel Skylake CPUs (bsc#1151955). - x86/mm: Use WRITE_ONCE() when setting PTEs (bsc#1114279). - x86/tls: Fix possible spectre-v1 in do_get_thread_area() (bsc#1114279). - xen/netback: fix error path of xenvif_connect_data() (bsc#1065600). - xen/netback: Reset nr_frags before freeing skb (networking-stable-19_08_21). - xen-netfront: do not assume sk_buff_head list is empty in error handling (bsc#1065600). - xen-netfront: do not use ~0U as error return value for xennet_fill_frags() (bsc#1065600). - xen/pv: Fix Xen PV guest int3 handling (bsc#1153811). - xen/xenbus: fix self-deadlock after killing user process (bsc#1065600). - xhci: Check all endpoints for LPM timeout (bsc#1051510). - xhci: Fix false warning message about wrong bounce buffer write length (bsc#1051510). - xhci: Increase STS_SAVE timeout in xhci_suspend() (bsc#1051510). - xhci: Prevent device initiated U1/U2 link pm if exit latency is too long (bsc#1051510). Important SUSE bug 1046299 SUSE bug 1046303 SUSE bug 1046305 SUSE bug 1050244 SUSE bug 1050536 SUSE bug 1050545 SUSE bug 1051510 SUSE bug 1054914 SUSE bug 1055117 SUSE bug 1055186 SUSE bug 1061840 SUSE bug 1064802 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1066129 SUSE bug 1071995 SUSE bug 1073513 SUSE bug 1082555 SUSE bug 1086323 SUSE bug 1087092 SUSE bug 1089644 SUSE bug 1093205 SUSE bug 1097583 SUSE bug 1097584 SUSE bug 1097585 SUSE bug 1097586 SUSE bug 1097587 SUSE bug 1097588 SUSE bug 1098291 SUSE bug 1101674 SUSE bug 1104967 SUSE bug 1109158 SUSE bug 1113722 SUSE bug 1114279 SUSE bug 1117665 SUSE bug 1119086 SUSE bug 1122363 SUSE bug 1123034 SUSE bug 1123080 SUSE bug 1127155 SUSE bug 1127988 SUSE bug 1131304 SUSE bug 1133140 SUSE bug 1134303 SUSE bug 1135642 SUSE bug 1135854 SUSE bug 1135873 SUSE bug 1137799 SUSE bug 1137861 SUSE bug 1137865 SUSE bug 1137959 SUSE bug 1140155 SUSE bug 1140729 SUSE bug 1140845 SUSE bug 1140883 SUSE bug 1141600 SUSE bug 1142076 SUSE bug 1142635 SUSE bug 1142667 SUSE bug 1144375 SUSE bug 1144449 SUSE bug 1145099 SUSE bug 1146042 SUSE bug 1146519 SUSE bug 1146540 SUSE bug 1146664 SUSE bug 1148133 SUSE bug 1148410 SUSE bug 1148712 SUSE bug 1148868 SUSE bug 1149313 SUSE bug 1149446 SUSE bug 1149555 SUSE bug 1149651 SUSE bug 1150381 SUSE bug 1150423 SUSE bug 1150452 SUSE bug 1150465 SUSE bug 1150875 SUSE bug 1151350 SUSE bug 1151508 SUSE bug 1151610 SUSE bug 1151667 SUSE bug 1151671 SUSE bug 1151680 SUSE bug 1151891 SUSE bug 1151955 SUSE bug 1152024 SUSE bug 1152025 SUSE bug 1152026 SUSE bug 1152161 SUSE bug 1152325 SUSE bug 1152457 SUSE bug 1152460 SUSE bug 1152466 SUSE bug 1152788 SUSE bug 1152791 SUSE bug 1152972 SUSE bug 1152974 SUSE bug 1152975 SUSE bug 1153112 SUSE bug 1153158 SUSE bug 1153236 SUSE bug 1153263 SUSE bug 1153646 SUSE bug 1153713 SUSE bug 1153717 SUSE bug 1153718 SUSE bug 1153719 SUSE bug 1153811 SUSE bug 1154108 SUSE bug 1154189 SUSE bug 1154354 SUSE bug 1154372 SUSE bug 1154578 SUSE bug 1154607 SUSE bug 1154608 SUSE bug 1154610 SUSE bug 1154611 SUSE bug 1154651 SUSE bug 1154747 CVE-2017-18595 CVE-2019-14821 CVE-2019-15291 CVE-2019-16232 CVE-2019-16234 CVE-2019-17056 CVE-2019-17133 CVE-2019-17666 CVE-2019-9506 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for samba fixes the following issues: - CVE-2019-10218: Client code can return filenames containing path separators (bsc#1144902). Important SUSE bug 1144902 CVE-2019-10218 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for bluez fixes the following issue: - CVE-2016-9798: Fixed a use-after-free in conf_opt (bsc#1013712). Moderate SUSE bug 1013712 CVE-2016-9798 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for gdb fixes the following issues: Update to gdb 8.3.1: (jsc#ECO-368) Security issues fixed: - CVE-2019-1010180: Fixed a potential buffer overflow when loading ELF sections larger than the file. (bsc#1142772) Upgrade libipt from v2.0 to v2.0.1. - Enable librpm for version > librpm.so.3 [bsc#1145692]: * Allow any librpm.so.x * Add %build test to check for 'zypper install <rpm-packagename>' message - Copy gdbinit from fedora master @ 25caf28. Add gdbinit.without-python, and use it for --without=python. Rebase to 8.3 release (as in fedora 30 @ 1e222a3). * DWARF index cache: GDB can now automatically save indices of DWARF symbols on disk to speed up further loading of the same binaries. * Ada task switching is now supported on aarch64-elf targets when debugging a program using the Ravenscar Profile. * Terminal styling is now available for the CLI and the TUI. * Removed support for old demangling styles arm, edg, gnu, hp and lucid. * Support for new native configuration RISC-V GNU/Linux (riscv*-*-linux*). - Implemented access to more POWER8 registers. [fate#326120, fate#325178] - Also handle most new s390 arch13 instructions. [fate#327369, jsc#ECO-368] Moderate SUSE bug 1115034 SUSE bug 1142772 SUSE bug 1145692 CVE-2019-1010180 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for apache2-mod_auth_openidc fixes the following issues: - CVE-2019-14857: Fixed an open redirect issue that exists in URLs with trailing slashes (bsc#1153666). Important SUSE bug 1153666 CVE-2019-14857 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libssh2_org fixes the following issue: - CVE-2019-17498: Fixed an integer overflow in a bounds check that might have led to the disclosure of sensitive information or a denial of service (bsc#1154862). Moderate SUSE bug 1154862 CVE-2019-17498 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libseccomp fixes the following issues: Update to new upstream release 2.4.1: * Fix a BPF generation bug where the optimizer mistakenly identified duplicate BPF code blocks. Updated to 2.4.0 (bsc#1128828 CVE-2019-9893): * Update the syscall table for Linux v5.0-rc5 * Added support for the SCMP_ACT_KILL_PROCESS action * Added support for the SCMP_ACT_LOG action and SCMP_FLTATR_CTL_LOG attribute * Added explicit 32-bit (SCMP_AX_32(...)) and 64-bit (SCMP_AX_64(...)) argument comparison macros to help protect against unexpected sign extension * Added support for the parisc and parisc64 architectures * Added the ability to query and set the libseccomp API level via seccomp_api_get(3) and seccomp_api_set(3) * Return -EDOM on an endian mismatch when adding an architecture to a filter * Renumber the pseudo syscall number for subpage_prot() so it no longer conflicts with spu_run() * Fix PFC generation when a syscall is prioritized, but no rule exists * Numerous fixes to the seccomp-bpf filter generation code * Switch our internal hashing function to jhash/Lookup3 to MurmurHash3 * Numerous tests added to the included test suite, coverage now at ~92% * Update our Travis CI configuration to use Ubuntu 16.04 * Numerous documentation fixes and updates Update to release 2.3.3: * Updated the syscall table for Linux v4.15-rc7 Update to release 2.3.2: * Achieved full compliance with the CII Best Practices program * Added Travis CI builds to the GitHub repository * Added code coverage reporting with the '--enable-code-coverage' configure flag and added Coveralls to the GitHub repository * Updated the syscall tables to match Linux v4.10-rc6+ * Support for building with Python v3.x * Allow rules with the -1 syscall if the SCMP\_FLTATR\_API\_TSKIP attribute is set to true * Several small documentation fixes - ignore make check error for ppc64/ppc64le, bypass bsc#1142614 Moderate SUSE bug 1082318 SUSE bug 1128828 SUSE bug 1142614 CVE-2019-9893 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. The Linux Kernel KVM hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack. The Linux kernel was supplemented with the option to disable TSX operation altogether (requiring CPU Microcode updates on older systems) and better flushing of microarchitectural buffers (VERW). The set of options available is described in our TID at https://www.suse.com/support/kb/doc/?id=7024251 Other security fixes: - CVE-2019-0154: Fixed a local denial of service via read of unprotected i915 registers. (bsc#1135966) - CVE-2019-0155: Fixed privilege escalation in the i915 driver. Batch buffers from usermode could have escalated privileges via blitter command stream. (bsc#1135967) - CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150457). - CVE-2019-10220: Added sanity checks on the pathnames passed to the user space. (bsc#1144903). The following non-security bugs were fixed: - alsa: bebob: Fix prototype of helper function to return negative value (bsc#1051510). - alsa: hda/realtek - Add support for ALC623 (bsc#1051510). - alsa: hda/realtek - Add support for ALC711 (bsc#1051510). - alsa: hda/realtek - Fix 2 front mics of codec 0x623 (bsc#1051510). - alsa: hda: Add Elkhart Lake PCI ID (bsc#1051510). - alsa: hda: Add Tigerlake/Jasperlake PCI ID (bsc#1051510). - alsa: timer: Fix mutex deadlock at releasing card (bsc#1051510). - arcnet: provide a buffer big enough to actually receive packets (networking-stable-19_09_30). - asoc: rockchip: i2s: Fix RPM imbalance (bsc#1051510). - asoc: rsnd: Reinitialize bit clock inversion flag for every format setting (bsc#1051510). - bpf: fix use after free in prog symbol exposure (bsc#1083647). - btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group() (bsc#1155178). - btrfs: qgroup: Always free PREALLOC META reserve in btrfs_delalloc_release_extents() (bsc#1155179). - btrfs: tracepoints: Fix bad entry members of qgroup events (bsc#1155186). - btrfs: tracepoints: Fix wrong parameter order for qgroup events (bsc#1155184). - crypto: af_alg - Fix race around ctx->rcvused by making it atomic_t (bsc#1154737). - crypto: af_alg - Initialize sg_num_bytes in error code path (bsc#1051510). - crypto: af_alg - consolidation of duplicate code (bsc#1154737). - crypto: af_alg - fix race accessing cipher request (bsc#1154737). - crypto: af_alg - remove locking in async callback (bsc#1154737). - crypto: af_alg - update correct dst SGL entry (bsc#1051510). - crypto: af_alg - wait for data at beginning of recvmsg (bsc#1154737). - crypto: algif - return error code when no data was processed (bsc#1154737). - crypto: algif_aead - copy AAD from src to dst (bsc#1154737). - crypto: algif_aead - fix reference counting of null skcipher (bsc#1154737). - crypto: algif_aead - overhaul memory management (bsc#1154737). - crypto: algif_aead - skip SGL entries with NULL page (bsc#1154737). - crypto: algif_skcipher - overhaul memory management (bsc#1154737). - cxgb4:Fix out-of-bounds MSI-X info array access (networking-stable-19_10_05). - drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50 (bsc#1051510). - drm/i915/cmdparser: Add support for backward jumps (bsc#1135967) - drm/i915/cmdparser: Ignore Length operands during command matching (bsc#1135967) - drm/i915/cmdparser: Use explicit goto for error paths (bsc#1135967) - drm/i915/gen8+: Add RC6 CTX corruption WA (bsc#1135967) - drm/i915/gtt: Add read only pages to gen8_pte_encode (bsc#1135967) - drm/i915/gtt: Disable read-only support under GVT (bsc#1135967) - drm/i915/gtt: Read-only pages for insert_entries on bdw (bsc#1135967) - drm/i915: Add gen9 BCS cmdparsing (bsc#1135967) - drm/i915: Add support for mandatory cmdparsing (bsc#1135967) - drm/i915: Allow parsing of unsized batches (bsc#1135967) - drm/i915: Disable Secure Batches for gen6+ - drm/i915: Lower RM timeout to avoid DSI hard hangs (bsc#1135967) - drm/i915: Prevent writing into a read-only object via a GGTT mmap (bsc#1135967) - drm/i915: Remove Master tables from cmdparser - drm/i915: Rename gen7 cmdparser tables (bsc#1135967) - drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (bsc#1135967) - efi/memattr: Do not bail on zero VA if it equals the region's PA (bsc#1051510). - efi: cper: print AER info of PCIe fatal error (bsc#1051510). - efivar/ssdt: Do not iterate over EFI vars if no SSDT override was specified (bsc#1051510). - hid: fix error message in hid_open_report() (bsc#1051510). - hid: logitech-hidpp: do all FF cleanup in hidpp_ff_destroy() (bsc#1051510). - hso: fix NULL-deref on tty open (bsc#1051510). - hyperv: set nvme msi interrupts to unmanaged (jsc#SLE-8953, jsc#SLE-9221, jsc#SLE-4941, bsc#1119461, bsc#1119465, bsc#1138190, bsc#1154905). - ib/core: Add mitigation for Spectre V1 (bsc#1155671) - ieee802154: ca8210: prevent memory leak (bsc#1051510). - input: synaptics-rmi4 - avoid processing unknown IRQs (bsc#1051510). - integrity: prevent deadlock during digsig verification (bsc#1090631). - ipv6: Handle missing host route in __ipv6_ifa_notify (networking-stable-19_10_05). - ipv6: drop incoming packets having a v4mapped source address (networking-stable-19_10_05). - kABI workaround for crypto/af_alg changes (bsc#1154737). - kABI workaround for drm_vma_offset_node readonly field addition (bsc#1135967) - ksm: cleanup stable_node chain collapse case (bnc#1144338). - ksm: fix use after free with merge_across_nodes = 0 (bnc#1144338). - ksm: introduce ksm_max_page_sharing per page deduplication limit (bnc#1144338). - ksm: optimize refile of stable_node_dup at the head of the chain (bnc#1144338). - ksm: swap the two output parameters of chain/chain_prune (bnc#1144338). - kvm: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (bsc#1117665). - kvm: x86: mmu: Recovery of shattered NX large pages (bsc#1117665, CVE-2018-12207). - mac80211: Reject malformed SSID elements (bsc#1051510). - mac80211: fix txq null pointer dereference (bsc#1051510). - md/raid0: avoid RAID0 data corruption due to layout confusion (bsc#1140090). - md/raid0: fix warning message for parameter default_layout (bsc#1140090). - net/phy: fix DP83865 10 Mbps HDX loopback disable function (networking-stable-19_09_30). - net/rds: Fix error handling in rds_ib_add_one() (networking-stable-19_10_05). - net/rds: fix warn in rds_message_alloc_sgs (bsc#1154848). - net/rds: remove user triggered WARN_ON in rds_sendmsg (bsc#1154848). - net/sched: act_sample: do not push mac header on ip6gre ingress (networking-stable-19_09_30). - net/smc: fix SMCD link group creation with VLAN id (bsc#1154959). - net: Replace NF_CT_ASSERT() with WARN_ON() (bsc#1146612). - net: Unpublish sk from sk_reuseport_cb before call_rcu (networking-stable-19_10_05). - net: openvswitch: free vport unless register_netdevice() succeeds (git-fixes). - net: qlogic: Fix memory leak in ql_alloc_large_buffers (networking-stable-19_10_05). - net: qrtr: Stop rx_worker before freeing node (networking-stable-19_09_30). - net_sched: add policy validation for action attributes (networking-stable-19_09_30). - net_sched: fix backward compatibility for TCA_ACT_KIND (git-fixes). - netfilter: nf_nat: do not bug when mapping already exists (bsc#1146612). - nfsv4.1 - backchannel request should hold ref on xprt (bsc#1152624). - nl80211: fix null pointer dereference (bsc#1051510). - openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC (networking-stable-19_09_30). - qmi_wwan: add support for Cinterion CLS8 devices (networking-stable-19_10_05). - r8152: Set macpassthru in reset_resume callback (bsc#1051510). - rds: Fix warning (bsc#1154848). - reiserfs: fix extended attributes on the root directory (bsc#1151225). - rpm/kernel-subpackage-spec: Mention debuginfo in the subpackage description (bsc#1149119). - s390/cmf: set_schib_wait add timeout (bsc#1153509, bsc#1153476). - sch_cbq: validate TCA_CBQ_WRROPT to avoid crash (networking-stable-19_10_05). - sch_dsmark: fix potential NULL deref in dsmark_init() (networking-stable-19_10_05). - sch_netem: fix a divide by zero in tabledist() (networking-stable-19_09_30). - sched/fair: Avoid divide by zero when rebalancing domains (bsc#1096254). - scsi: lpfc: Fix devices that do not return after devloss followed by rediscovery (bsc#1137040). - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix N2N link reset (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix N2N link up fail (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix partial flash write of MBI (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix wait condition in loop (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Improve logging for scan thread (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Initialized mailbox to prevent driver load failure (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Set remove flag for all VP (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Silence fwdump template message (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: fix a potential NULL pointer dereference (bsc#1150457 CVE-2019-16233). - scsi: qla2xxx: fixup incorrect usage of host_byte (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: remove redundant assignment to pointer host (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: stop timer in shutdown path (bsc#1143706 bsc#1082635 bsc#1123034). - skge: fix checksum byte order (networking-stable-19_09_30). - staging: wlan-ng: fix exit return when sme->key_idx >= NUM_WEPKEYS (bsc#1051510). - supporte.conf: add efivarfs to kernel-default-base (bsc#1154858). - tipc: fix unlimited bundling of small messages (networking-stable-19_10_05). - usb: ldusb: fix NULL-derefs on driver unbind (bsc#1051510). - usb: ldusb: fix memleak on disconnect (bsc#1051510). - usb: ldusb: fix read info leaks (bsc#1051510). - usb: legousbtower: fix a signedness bug in tower_probe() (bsc#1051510). - usb: legousbtower: fix memleak on disconnect (bsc#1051510). - usb: serial: ti_usb_3410_5052: fix port-close races (bsc#1051510). - usb: udc: lpc32xx: fix bad bit shift operation (bsc#1051510). - usb: usblp: fix use-after-free on disconnect (bsc#1051510). - vfs: Make filldir[64]() verify the directory entry filename is valid (bsc#1144903, CVE-2019-10220). - vsock: Fix a lockdep warning in __vsock_release() (networking-stable-19_10_05). - x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area (bnc#1153969). - x86/boot/64: Round memory hole size up to next PMD page (bnc#1153969). - x86/tsx: Add config options to set tsx=on|off|auto (bsc#1139073, CVE-2019-11135). Important SUSE bug 1051510 SUSE bug 1082635 SUSE bug 1083647 SUSE bug 1090631 SUSE bug 1096254 SUSE bug 1117665 SUSE bug 1119461 SUSE bug 1119465 SUSE bug 1123034 SUSE bug 1135966 SUSE bug 1135967 SUSE bug 1137040 SUSE bug 1138190 SUSE bug 1139073 SUSE bug 1140090 SUSE bug 1143706 SUSE bug 1144338 SUSE bug 1144903 SUSE bug 1146612 SUSE bug 1149119 SUSE bug 1150457 SUSE bug 1151225 SUSE bug 1152624 SUSE bug 1153476 SUSE bug 1153509 SUSE bug 1153969 SUSE bug 1154737 SUSE bug 1154848 SUSE bug 1154858 SUSE bug 1154905 SUSE bug 1154959 SUSE bug 1155178 SUSE bug 1155179 SUSE bug 1155184 SUSE bug 1155186 SUSE bug 1155671 CVE-2018-12207 CVE-2019-0154 CVE-2019-0155 CVE-2019-10220 CVE-2019-11135 CVE-2019-16233 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 15-SP1 Azure Kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. The Linux Kernel kvm hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 (bnc#1117665 1152505 1155812 1155817 1155945) - CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack. The Linux kernel was supplemented with the option to disable TSX operation altogether (requiring CPU Microcode updates on older systems) and better flushing of microarchitectural buffers (VERW). The set of options available is described in our TID at https://www.suse.com/support/kb/doc/?id=7024251 (bnc#1139073 1152497 1152505 1152506). - CVE-2019-18805: There was a signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6 (bnc#1156187). - CVE-2019-17055: The AF_NFC network module did not enforce CAP_NET_RAW, which meant that unprivileged users could create a raw socket (bnc#1152782). - CVE-2019-16995: Fix a memory leak in hsr_dev_finalize() if hsr_add_port failed to add a port, which may have caused denial of service (bsc#1152685). - CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150457). - CVE-2019-10220: Added sanity checks on the pathnames passed to the user space. (bsc#1144903). - CVE-2019-17666: rtlwifi: Fix potential overflow in P2P code (bsc#1154372). - CVE-2019-16232: Fix a potential NULL pointer dereference in the Marwell libertas driver (bsc#1150465). - CVE-2019-16234: iwlwifi pcie driver did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150452). - CVE-2019-17133: cfg80211 wireless extension did not reject a long SSID IE, leading to a Buffer Overflow (bsc#1153158). - CVE-2019-17056: The AF_NFC network module did not enforce CAP_NET_RAW, which meant that unprivileged users could create a raw socket (bsc#1152788). The following non-security bugs were fixed: - /dev/mem: Bail out upon SIGKILL (git-fixes). - 9p: avoid attaching writeback_fid on mmap with type PRIVATE (bsc#1051510). - ACPI / CPPC: do not require the _PSD method (bsc#1051510). - ACPI / processor: do not print errors for processorIDs == 0xff (bsc#1051510). - ACPI: CPPC: Set pcc_data[pcc_ss_id] to NULL in acpi_cppc_processor_exit() (bsc#1051510). - act_mirred: Fix mirred_init_module error handling (bsc#1051510). - Add kernel module compression support (bsc#1135854) For enabling the kernel module compress, add the item COMPRESS_MODULES='xz' in config.sh, then mkspec will pass it to the spec file. - alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP (bsc#1151680). - ALSA: bebob: Fix prototype of helper function to return negative value (bsc#1051510). - ALSA: hda - Add laptop imic fixup for ASUS M9V laptop (bsc#1051510). - ALSA: hda - Apply AMD controller workaround for Raven platform (bsc#1051510). - ALSA: hda - Define a fallback_pin_fixup_tbl for alc269 family (bsc#1051510). - ALSA: hda - Drop unsol event handler for Intel HDMI codecs (bsc#1051510). - ALSA: hda - Expand pin_match function to match upcoming new tbls (bsc#1051510). - ALSA: hda - Inform too slow responses (bsc#1051510). - ALSA: hda - Show the fatal CORB/RIRB error more clearly (bsc#1051510). - ALSA: hda/ca0132 - Fix possible workqueue stall (bsc#1155836). - ALSA: hda/hdmi: remove redundant assignment to variable pcm_idx (bsc#1051510). - ALSA: hda/realtek - Add support for ALC623 (bsc#1051510). - ALSA: hda/realtek - Add support for ALC711 (bsc#1051510). - ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93 (bsc#1051510). - ALSA: hda/realtek - Check beep whitelist before assigning in all codecs (bsc#1051510). - ALSA: hda/realtek - Fix 2 front mics of codec 0x623 (bsc#1051510). - ALSA: hda/realtek - Fix alienware headset mic (bsc#1051510). - ALSA: hda/realtek: Reduce the Headphone static noise on XPS 9350/9360 (bsc#1051510). - ALSA: hda/sigmatel - remove unused variable 'stac9200_core_init' (bsc#1051510). - ALSA: hda: Add Elkhart Lake PCI ID (bsc#1051510). - ALSA: hda: Add support of Zhaoxin controller (bsc#1051510). - ALSA: hda: Add Tigerlake/Jasperlake PCI ID (bsc#1051510). - ALSA: hda: Flush interrupts on disabling (bsc#1051510). - ALSA: hda: Set fifo_size for both playback and capture streams (bsc#1051510). - ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls() (bsc#1051510). - ALSA: line6: sizeof (byte) is always 1, use that fact (bsc#1051510). - ALSA: timer: Fix mutex deadlock at releasing card (bsc#1051510). - ALSA: usb-audio: Add Pioneer DDJ-SX3 PCM quirck (bsc#1051510). - ALSA: usb-audio: Disable quirks for BOSS Katana amplifiers (bsc#1051510). - ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid (bsc#1051510). - appletalk: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - arcnet: provide a buffer big enough to actually receive packets (networking-stable-19_09_30). - ASoC: Define a set of DAPM pre/post-up events (bsc#1051510). - ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set (bsc#1051510). - ASoC: Intel: Fix use of potentially uninitialized variable (bsc#1051510). - ASoC: Intel: NHLT: Fix debug print format (bsc#1051510). - ASoc: rockchip: i2s: Fix RPM imbalance (bsc#1051510). - ASoC: rsnd: Reinitialize bit clock inversion flag for every format setting (bsc#1051510). - ASoC: sgtl5000: Fix charge pump source assignment (bsc#1051510). - auxdisplay: panel: need to delete scan_timer when misc_register fails in panel_attach (bsc#1051510). - ax25: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - Blacklist 'signal: Correct namespace fixups of si_pid and si_uid' (bsc#1142667) - blk-wbt: abstract out end IO completion handler (bsc#1135873). - blk-wbt: fix has-sleeper queueing check (bsc#1135873). - blk-wbt: improve waking of tasks (bsc#1135873). - blk-wbt: move disable check into get_limit() (bsc#1135873). - blk-wbt: use wq_has_sleeper() for wq active check (bsc#1135873). - block: add io timeout to sysfs (bsc#1148410). - block: do not show io_timeout if driver has no timeout handler (bsc#1148410). - Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices (bsc#1051510). - bnx2x: Fix VF's VLAN reconfiguration in reload (bsc#1086323 ). - bpf: fix use after free in prog symbol exposure (bsc#1083647). - bridge/mdb: remove wrong use of NLM_F_MULTI (networking-stable-19_09_15). - Btrfs: bail out gracefully rather than BUG_ON (bsc#1153646). - btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group() (bsc#1155178). - Btrfs: check for the full sync flag while holding the inode lock during fsync (bsc#1153713). - btrfs: Ensure btrfs_init_dev_replace_tgtdev sees up to date values (bsc#1154651). - btrfs: Ensure replaced device does not have pending chunk allocation (bsc#1154607). - btrfs: qgroup: Always free PREALLOC META reserve in btrfs_delalloc_release_extents() (bsc#1155179). - btrfs: remove wrong use of volume_mutex from btrfs_dev_replace_start (bsc#1154651). - btrfs: tracepoints: Fix bad entry members of qgroup events (bsc#1155186). - btrfs: tracepoints: Fix wrong parameter order for qgroup events (bsc#1155184). - can: dev: call netif_carrier_off() in register_candev() (bsc#1051510). - can: mcp251x: mcp251x_hw_reset(): allow more time after a reset (bsc#1051510). - can: xilinx_can: xcan_probe(): skip error message on deferred probe (bsc#1051510). - cdc_ether: fix rndis support for Mediatek based smartphones (networking-stable-19_09_15). - cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize (bsc#1051510). - ceph: fix directories inode i_blkbits initialization (bsc#1153717). - ceph: reconnect connection if session hang in opening state (bsc#1153718). - ceph: update the mtime when truncating up (bsc#1153719). - cfg80211: add and use strongly typed element iteration macros (bsc#1051510). - cfg80211: Purge frame registrations on iftype change (bsc#1051510). - clk: at91: select parent if main oscillator or bypass is enabled (bsc#1051510). - clk: qoriq: Fix -Wunused-const-variable (bsc#1051510). - clk: sirf: Do not reference clk_init_data after registration (bsc#1051510). - clk: zx296718: Do not reference clk_init_data after registration (bsc#1051510). - crypto: af_alg - consolidation of duplicate code (bsc#1154737). - crypto: af_alg - fix race accessing cipher request (bsc#1154737). - crypto: af_alg - Fix race around ctx->rcvused by making it atomic_t (bsc#1154737). - crypto: af_alg - Initialize sg_num_bytes in error code path (bsc#1051510). - crypto: af_alg - remove locking in async callback (bsc#1154737). - crypto: af_alg - update correct dst SGL entry (bsc#1051510). - crypto: af_alg - wait for data at beginning of recvmsg (bsc#1154737). - crypto: algif - return error code when no data was processed (bsc#1154737). - crypto: algif_aead - copy AAD from src to dst (bsc#1154737). - crypto: algif_aead - fix reference counting of null skcipher (bsc#1154737). - crypto: algif_aead - overhaul memory management (bsc#1154737). - crypto: algif_aead - skip SGL entries with NULL page (bsc#1154737). - crypto: algif_skcipher - overhaul memory management (bsc#1154737). - crypto: talitos - fix missing break in switch statement (bsc#1142635). - cxgb4: fix endianness for vlan value in cxgb4_tc_flower (bsc#1064802 bsc#1066129). - cxgb4: offload VLAN flows regardless of VLAN ethtype (bsc#1064802 bsc#1066129). - cxgb4: reduce kernel stack usage in cudbg_collect_mem_region() (bsc#1073513). - cxgb4: Signedness bug in init_one() (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: smt: Add lock for atomic_dec_and_test (bsc#1064802 bsc#1066129). - cxgb4:Fix out-of-bounds MSI-X info array access (networking-stable-19_10_05). - dmaengine: bcm2835: Print error in case setting DMA mask fails (bsc#1051510). - dmaengine: imx-sdma: fix size check for sdma script_number (bsc#1051510). - drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2) (bsc#1051510). - drm/amdgpu/si: fix ASIC tests (git-fixes). - drm/amdgpu: Check for valid number of registers to read (bsc#1051510). - drm/ast: Fixed reboot test may cause system hanged (bsc#1051510). - drm/bridge: tc358767: Increase AUX transfer length limit (bsc#1051510). - drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50 (bsc#1051510). - drm/i915/cmdparser: Add support for backward jumps (bsc#1135967) - drm/i915/cmdparser: Ignore Length operands during command matching (bsc#1135967) - drm/i915/cmdparser: Use explicit goto for error paths (bsc#1135967) - drm/i915/gen8+: Add RC6 CTX corruption WA (bsc#1135967) - drm/i915/gtt: Add read only pages to gen8_pte_encode (bsc#1135967) - drm/i915/gtt: Disable read-only support under GVT (bsc#1135967) - drm/i915/gtt: Read-only pages for insert_entries on bdw (bsc#1135967) - drm/i915: Add gen9 BCS cmdparsing (bsc#1135967) - drm/i915: Add support for mandatory cmdparsing (bsc#1135967) - drm/i915: Allow parsing of unsized batches (bsc#1135967) - drm/i915: Disable Secure Batches for gen6+ - drm/i915: Lower RM timeout to avoid DSI hard hangs (bsc#1135967) - drm/i915: Prevent writing into a read-only object via a GGTT mmap (bsc#1135967) - drm/i915: Remove Master tables from cmdparser - drm/i915: Rename gen7 cmdparser tables (bsc#1135967) - drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (bsc#1135967) - drm/msm/dsi: Implement reset correctly (bsc#1051510). - drm/panel: simple: fix AUO g185han01 horizontal blanking (bsc#1051510). - drm/radeon: Fix EEH during kexec (bsc#1051510). - drm/tilcdc: Register cpufreq notifier after we have initialized crtc (bsc#1051510). - drm/vmwgfx: Fix double free in vmw_recv_msg() (bsc#1051510). - drm: Flush output polling on shutdown (bsc#1051510). - e1000e: add workaround for possible stalled packet (bsc#1051510). - efi/memattr: Do not bail on zero VA if it equals the region's PA (bsc#1051510). - efi: cper: print AER info of PCIe fatal error (bsc#1051510). - efivar/ssdt: Do not iterate over EFI vars if no SSDT override was specified (bsc#1051510). - firmware: dmi: Fix unlikely out-of-bounds read in save_mem_devices (git-fixes). - gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property() (bsc#1051510). - HID: apple: Fix stuck function keys when using FN (bsc#1051510). - HID: fix error message in hid_open_report() (bsc#1051510). - HID: hidraw: Fix invalid read in hidraw_ioctl (bsc#1051510). - HID: logitech-hidpp: do all FF cleanup in hidpp_ff_destroy() (bsc#1051510). - HID: logitech: Fix general protection fault caused by Logitech driver (bsc#1051510). - HID: prodikeys: Fix general protection fault during probe (bsc#1051510). - HID: sony: Fix memory corruption issue on cleanup (bsc#1051510). - hso: fix NULL-deref on tty open (bsc#1051510). - hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap' (bsc#1051510). - hwrng: core - do not wait on add_early_randomness() (git-fixes). - hyperv: set nvme msi interrupts to unmanaged (jsc#SLE-8953, jsc#SLE-9221, jsc#SLE-4941, bsc#1119461, bsc#1119465, bsc#1138190, bsc#1154905). - i2c: riic: Clear NACK in tend isr (bsc#1051510). - IB/core, ipoib: Do not overreact to SM LID change event (bsc#1154108) - IB/core: Add mitigation for Spectre V1 (bsc#1155671) - IB/hfi1: Remove overly conservative VM_EXEC flag check (bsc#1144449). - IB/mlx5: Consolidate use_umr checks into single function (bsc#1093205). - IB/mlx5: Fix MR re-registration flow to use UMR properly (bsc#1093205). - IB/mlx5: Report correctly tag matching rendezvous capability (bsc#1046305). - ieee802154: atusb: fix use-after-free at disconnect (bsc#1051510). - ieee802154: ca8210: prevent memory leak (bsc#1051510). - ieee802154: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - iio: adc: ad799x: fix probe error handling (bsc#1051510). - iio: light: opt3001: fix mutex unlock race (bsc#1051510). - ima: always return negative code for error (bsc#1051510). - Input: da9063 - fix capability and drop KEY_SLEEP (bsc#1051510). - Input: synaptics-rmi4 - avoid processing unknown IRQs (bsc#1051510). - integrity: prevent deadlock during digsig verification (bsc#1090631). - iommu/amd: Apply the same IVRS IOAPIC workaround to Acer Aspire A315-41 (bsc#1137799). - iommu/amd: Check PM_LEVEL_SIZE() condition in locked section (bsc#1154608). - iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge systems (bsc#1137799). - iommu/amd: Remove domain->updated (bsc#1154610). - iommu/amd: Wait for completion of IOTLB flush in attach_device (bsc#1154611). - ipmi_si: Only schedule continuously in the thread in maintenance mode (bsc#1051510). - ipv6: drop incoming packets having a v4mapped source address (networking-stable-19_10_05). - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()' (networking-stable-19_09_15). - ipv6: Handle missing host route in __ipv6_ifa_notify (networking-stable-19_10_05). - iwlwifi: do not panic in error path on non-msix systems (bsc#1155692). - ixgbe: Prevent u8 wrapping of ITR value to something less than 10us (bsc#1101674). - ixgbe: sync the first fragment unconditionally (bsc#1133140). - kABI workaround for crypto/af_alg changes (bsc#1154737). - kABI workaround for drm_vma_offset_node readonly field addition (bsc#1135967) - kABI workaround for snd_hda_pick_pin_fixup() changes (bsc#1051510). - kabi/severities: Whitelist functions internal to radix mm. To call these functions you have to first detect if you are running in radix mm mode which can't be expected of OOT code. - kabi: net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05). - kernel-binary.spec.in: Fix build of non-modular kernels (boo#1154578). - kernel-binary.spec.in: Obsolete kgraft packages only when not building them. - kernel-binary: check also bzImage on s390/s390x Starting with 4.19-rc1, uncompressed image is no longer built on s390x. If file 'image' is not found in arch/s390/boot after the build, try bzImage instead. For now, install bzImage under the name image-* until we know grub2 and our grub2 scripts can handle correct name. - kernel-subpackage-build: create zero size ghost for uncompressed vmlinux (bsc#1154354). It is not strictly necessary to uncompress it so maybe the ghost file can be 0 size in this case. - kernel/sysctl.c: do not override max_threads provided by userspace (bnc#1150875). - ksm: cleanup stable_node chain collapse case (bnc#1144338). - ksm: fix use after free with merge_across_nodes = 0 (bnc#1144338). - ksm: introduce ksm_max_page_sharing per page deduplication limit (bnc#1144338). - ksm: optimize refile of stable_node_dup at the head of the chain (bnc#1144338). - ksm: swap the two output parameters of chain/chain_prune (bnc#1144338). - kvm: Convert kvm_lock to a mutex (bsc#1117665). - KVM: MMU: drop vcpu param in gpte_access (bsc#1117665). - KVM: PPC: Book3S HV: use smp_mb() when setting/clearing host_ipi flag (bsc#1061840). - KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (bsc#1117665). - kvm: x86, powerpc: do not allow clearing largepages debugfs entry (bsc#1117665). - KVM: x86: add tracepoints around __direct_map and FNAME(fetch) (bsc#1117665). - KVM: x86: adjust kvm_mmu_page member to save 8 bytes (bsc#1117665). - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (bsc#1117665). - kvm: x86: Do not release the page inside mmu_set_spte() (bsc#1117665). - KVM: x86: make FNAME(fetch) and __direct_map more similar (bsc#1117665). - KVM: x86: remove now unneeded hugepage gfn adjustment (bsc#1117665). - lib/mpi: Fix karactx leak in mpi_powm (bsc#1051510). - libertas: Add missing sentinel at end of if_usb.c fw_table (bsc#1051510). - mac80211: accept deauth frames in IBSS mode (bsc#1051510). - mac80211: fix txq null pointer dereference (bsc#1051510). - mac80211: Reject malformed SSID elements (bsc#1051510). - macsec: drop skb sk before calling gro_cells_receive (bsc#1051510). - md/raid0: avoid RAID0 data corruption due to layout confusion (bsc#1140090). - md/raid0: fix warning message for parameter default_layout (bsc#1140090). - media: atmel: atmel-isc: fix asd memory allocation (bsc#1135642). - media: cpia2_usb: fix memory leaks (bsc#1051510). - media: dvb-core: fix a memory leak bug (bsc#1051510). - media: exynos4-is: fix leaked of_node references (bsc#1051510). - media: gspca: zero usb_buf on error (bsc#1051510). - media: hdpvr: Add device num check and handling (bsc#1051510). - media: hdpvr: add terminating 0 at end of string (bsc#1051510). - media: i2c: ov5645: Fix power sequence (bsc#1051510). - media: iguanair: add sanity checks (bsc#1051510). - media: omap3isp: Do not set streaming state on random subdevs (bsc#1051510). - media: omap3isp: Set device on omap3isp subdevs (bsc#1051510). - media: ov9650: add a sanity check (bsc#1051510). - media: radio/si470x: kill urb on error (bsc#1051510). - media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate() (bsc#1051510). - media: saa7146: add cleanup in hexium_attach() (bsc#1051510). - media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table (bsc#1051510). - media: stkwebcam: fix runtime PM after driver unbind (bsc#1051510). - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() (bsc#1051510). - memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()' (bsc#1051510). - mfd: intel-lpss: Remove D3cold delay (bsc#1051510). - mISDN: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - mld: fix memory leak in mld_del_delrec() (networking-stable-19_09_05). - mmc: sdhci-of-esdhc: set DMA snooping based on DMA coherence (bsc#1051510). - mmc: sdhci: Fix incorrect switch to HS mode (bsc#1051510). - mmc: sdhci: improve ADMA error reporting (bsc#1051510). - Move the upstreamed ath6kl fix into the sorted section - Move the upstreamed cfg80211 fix into the sorted section - net/ibmvnic: Fix EOI when running in XIVE mode (bsc#1089644, ltc#166495, ltc#165544, git-fixes). - net/mlx4_en: fix a memory leak bug (bsc#1046299). - net/mlx5: Add device ID of upcoming BlueField-2 (bsc#1046303 ). - net/mlx5: Fix error handling in mlx5_load() (bsc#1046305 ). - net/phy: fix DP83865 10 Mbps HDX loopback disable function (networking-stable-19_09_30). - net/rds: Fix error handling in rds_ib_add_one() (networking-stable-19_10_05). - net/rds: fix warn in rds_message_alloc_sgs (bsc#1154848). - net/rds: remove user triggered WARN_ON in rds_sendmsg (bsc#1154848). - net/sched: act_sample: do not push mac header on ip6gre ingress (networking-stable-19_09_30). - net/smc: fix SMCD link group creation with VLAN id (bsc#1154959). - net: Fix null de-reference of device refcount (networking-stable-19_09_15). - net: fix skb use after free in netpoll (networking-stable-19_09_05). - net: gso: Fix skb_segment splat when splitting gso_size mangled skb having linear-headed frag_list (networking-stable-19_09_15). - net: openvswitch: free vport unless register_netdevice() succeeds (git-fixes). - net: qlogic: Fix memory leak in ql_alloc_large_buffers (networking-stable-19_10_05). - net: qrtr: Stop rx_worker before freeing node (networking-stable-19_09_30). - net: Replace NF_CT_ASSERT() with WARN_ON() (bsc#1146612). - net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05). - net: stmmac: dwmac-rk: Do not fail if phy regulator is absent (networking-stable-19_09_05). - net: Unpublish sk from sk_reuseport_cb before call_rcu (networking-stable-19_10_05). - netfilter: nf_nat: do not bug when mapping already exists (bsc#1146612). - net_sched: add policy validation for action attributes (networking-stable-19_09_30). - net_sched: fix backward compatibility for TCA_ACT_KIND (git-fixes). - NFC: fix attrs checks in netlink interface (bsc#1051510). - nfc: fix memory leak in llcp_sock_bind() (bsc#1051510). - NFC: pn533: fix use-after-free and memleaks (bsc#1051510). - NFSv4.1 - backchannel request should hold ref on xprt (bsc#1152624). - nl80211: fix null pointer dereference (bsc#1051510). - objtool: Clobber user CFLAGS variable (bsc#1153236). - openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC (networking-stable-19_09_30). - packaging: add support for riscv64 - Parametrize kgraft vs livepatch. - PCI: Correct pci=resource_alignment parameter example (bsc#1051510). - PCI: dra7xx: Fix legacy INTD IRQ handling (bsc#1087092). - PCI: hv: Use bytes 4 and 5 from instance ID as the PCI domain numbers (bsc#1153263). - PCI: PM: Fix pci_power_up() (bsc#1051510). - pinctrl: tegra: Fix write barrier placement in pmx_writel (bsc#1051510). - platform/x86: classmate-laptop: remove unused variable (bsc#1051510). - platform/x86: pmc_atom: Add Siemens SIMATIC IPC277E to critclk_systems DMI table (bsc#1051510). - power: supply: sysfs: ratelimit property read error message (bsc#1051510). - powerpc/64s/pseries: radix flush translations before MMU is enabled at boot (bsc#1055186). - powerpc/64s/radix: keep kernel ERAT over local process/guest invalidates (bsc#1055186). - powerpc/64s/radix: tidy up TLB flushing code (bsc#1055186). - powerpc/64s: Rename PPC_INVALIDATE_ERAT to PPC_ISA_3_0_INVALIDATE_ERAT (bsc#1055186). - powerpc/mm/book3s64: Move book3s64 code to pgtable-book3s64 (bsc#1055186). - powerpc/mm/radix: mark as __tlbie_pid() and friends as__always_inline (bsc#1055186). - powerpc/mm/radix: mark __radix__flush_tlb_range_psize() as __always_inline (bsc#1055186). - powerpc/mm: mark more tlb functions as __always_inline (bsc#1055186). - powerpc/mm: Properly invalidate when setting process table base (bsc#1055186). - powerpc/pseries/mobility: use cond_resched when updating device tree (bsc#1153112 ltc#181778). - powerpc/pseries: Export maximum memory value (bsc#1122363). - powerpc/pseries: Export raw per-CPU VPA data via debugfs (). - powerpc/pseries: Remove confusing warning message (bsc#1109158). - powerpc/rtas: allow rescheduling while changing cpu states (bsc#1153112 ltc#181778). - Pull packaging cleanup from mkubecek. - qed: iWARP - Fix default window size to be based on chip (bsc#1050536 bsc#1050545). - qed: iWARP - Fix tc for MPA ll2 connection (bsc#1050536 bsc#1050545). - qed: iWARP - fix uninitialized callback (bsc#1050536 bsc#1050545). - qed: iWARP - Use READ_ONCE and smp_store_release to access ep->state (bsc#1050536 bsc#1050545). - qmi_wwan: add support for Cinterion CLS8 devices (networking-stable-19_10_05). - r8152: Set macpassthru in reset_resume callback (bsc#1051510). - RDMA/bnxt_re: Fix spelling mistake 'missin_resp' -> 'missing_resp' (bsc#1050244). - RDMA: Fix goto target to release the allocated memory (bsc#1050244). - rds: Fix warning (bsc#1154848). - README.BRANCH: Add Denis as branch maintainer - reiserfs: fix extended attributes on the root directory (bsc#1151225). - Revert 'ALSA: hda: Flush interrupts on disabling' (bsc#1051510). - Revert 'drm/radeon: Fix EEH during kexec' (bsc#1051510). - Revert 'Revert 'rpm/kernel-binary.spec.in: rename kGraft to KLP ()'' This reverts commit 468af43c8fd8509820798b6d8ed363fc417ca939 Should get this rename again with next SLE15 merge. - Revert synaptics-rmi4 patch due to regression (bsc#1155982) Also blacklisting it - rpm/constraints.in: lower disk space required for ARM With a requirement of 35GB, only 2 slow workers are usable for ARM. Current aarch64 build requires 27G and armv6/7 requires 14G. Set requirements respectively to 30GB and 20GB. - rpm/dtb.spec.in.in: do not make dtb directory inaccessible There is no reason to lock down the dtb directory for ordinary users. - rpm/kernel-binary.spec.in: build kernel-*-kgraft only for default SLE kernel RT and Azure variants are excluded for the moment. (bsc#1141600) - rpm/kernel-binary.spec.in: Fix kernel-livepatch description typo. - rpm/kernel-binary.spec.in: handle modules.builtin.modinfo It was added in 5.2. - rpm/kernel-binary.spec.in: support partial rt debug config. - rpm/kernel-subpackage-spec: Mention debuginfo in the subpackage description (bsc#1149119). - rpm/macros.kernel-source: KMPs should depend on kmod-compat to build. kmod-compat links are used in find-provides.ksyms, find-requires.ksyms, and find-supplements.ksyms in rpm-config-SUSE. - rpm/mkspec: Correct tarball URL for rc kernels. - rpm/mkspec: Make building DTBs optional. - rpm/modflist: Simplify compression support. - rpm: raise required disk space for binary packages Current disk space constraints (10 GB on s390x, 25 GB on other architectures) no longer suffice for 5.3 kernel builds. The statistics show ~30 GB of disk consumption on x86_64 and ~11 GB on s390x so raise the constraints to 35 GB in general and 14 GB on s390x. - rpm: support compressed modules Some of our scripts and scriptlets in rpm/ do not expect module files not ending with '.ko' which currently leads to failure in preuninstall scriptlet of cluster-md-kmp-default (and probably also other subpackages). Let those which could be run on compressed module files recognize '.ko.xz' in addition to '.ko'. - rtlwifi: rtl8192cu: Fix value set in descriptor (bsc#1142635). - s390/cmf: set_schib_wait add timeout (bsc#1153509, bsc#1153476). - s390/cpumsf: Check for CPU Measurement sampling (bsc#1153681 LTC#181855). - s390/crypto: fix gcm-aes-s390 selftest failures (bsc#1137861 LTC#178091). - sched/fair: Avoid divide by zero when rebalancing domains (bsc#1096254). - sch_cbq: validate TCA_CBQ_WRROPT to avoid crash (networking-stable-19_10_05). - sch_dsmark: fix potential NULL deref in dsmark_init() (networking-stable-19_10_05). - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero (networking-stable-19_09_15). - sch_netem: fix a divide by zero in tabledist() (networking-stable-19_09_30). - scripts/arch-symbols: add missing link. - scsi: lpfc: Fix devices that do not return after devloss followed by rediscovery (bsc#1137040). - scsi: lpfc: Fix null ptr oops updating lpfc_devloss_tmo via sysfs attribute (bsc#1140845). - scsi: lpfc: Fix propagation of devloss_tmo setting to nvme transport (bsc#1140883). - scsi: lpfc: Remove bg debugfs buffers (bsc#1144375). - scsi: qedf: fc_rport_priv reference counting fixes (bsc#1098291). - scsi: qedf: Modify abort and tmf handler to handle edge condition and flush (bsc#1098291). - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix N2N link reset (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix N2N link up fail (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix partial flash write of MBI (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix wait condition in loop (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: fixup incorrect usage of host_byte (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Improve logging for scan thread (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Initialized mailbox to prevent driver load failure (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: remove redundant assignment to pointer host (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Set remove flag for all VP (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Silence fwdump template message (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: stop timer in shutdown path (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: storvsc: setup 1:1 mapping between hardware queue and CPU queue (bsc#1140729). - scsi: zfcp: fix reaction on bit error threshold notification (bsc#1154956 LTC#182054). - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()' (networking-stable-19_09_15). - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike (networking-stable-19_09_15). - Sign non-x86 kernels when possible (boo#1134303) - skge: fix checksum byte order (networking-stable-19_09_30). - sock_diag: fix autoloading of the raw_diag module (bsc#1152791). - sock_diag: request _diag module only when the family or proto has been registered (bsc#1152791). - staging: vt6655: Fix memory leak in vt6655_probe (bsc#1051510). - staging: wlan-ng: fix exit return when sme->key_idx >= NUM_WEPKEYS (bsc#1051510). - supporte.conf: add efivarfs to kernel-default-base (bsc#1154858). - tcp: Do not dequeue SYN/FIN-segments from write-queue (git-gixes). - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR (networking-stable-19_09_15). - tcp: inherit timestamp on mtu probe (networking-stable-19_09_05). - tcp: remove empty skb from write queue in error cases (networking-stable-19_09_05). - thermal: Fix use-after-free when unregistering thermal zone device (bsc#1051510). - thermal_hwmon: Sanitize thermal_zone type (bsc#1051510). - tipc: add NULL pointer check before calling kfree_rcu (networking-stable-19_09_15). - tipc: fix unlimited bundling of small messages (networking-stable-19_10_05). - tracing: Initialize iter->seq after zeroing in tracing_read_pipe() (bsc#1151508). - tun: fix use-after-free when register netdev failed (networking-stable-19_09_15). - tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (bsc#1145099). - tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (bsc#1145099). - USB: adutux: fix NULL-derefs on disconnect (bsc#1142635). - USB: adutux: fix use-after-free on disconnect (bsc#1142635). - USB: adutux: fix use-after-free on release (bsc#1051510). - USB: chaoskey: fix use-after-free on release (bsc#1051510). - USB: dummy-hcd: fix power budget for SuperSpeed mode (bsc#1051510). - usb: gadget: udc: atmel: Fix interrupt storm in FIFO mode (bsc#1051510). - USB: iowarrior: fix use-after-free after driver unbind (bsc#1051510). - USB: iowarrior: fix use-after-free on disconnect (bsc#1051510). - USB: iowarrior: fix use-after-free on release (bsc#1051510). - USB: ldusb: fix control-message timeout (bsc#1051510). - USB: ldusb: fix memleak on disconnect (bsc#1051510). - USB: ldusb: fix NULL-derefs on driver unbind (bsc#1051510). - USB: ldusb: fix read info leaks (bsc#1051510). - USB: ldusb: fix ring-buffer locking (bsc#1051510). - USB: legousbtower: fix a signedness bug in tower_probe() (bsc#1051510). - USB: legousbtower: fix deadlock on disconnect (bsc#1142635). - USB: legousbtower: fix memleak on disconnect (bsc#1051510). - USB: legousbtower: fix open after failed reset request (bsc#1142635). - USB: legousbtower: fix potential NULL-deref on disconnect (bsc#1142635). - USB: legousbtower: fix slab info leak at probe (bsc#1142635). - USB: legousbtower: fix use-after-free on release (bsc#1051510). - USB: microtek: fix info-leak at probe (bsc#1142635). - USB: serial: fix runtime PM after driver unbind (bsc#1051510). - USB: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20 (bsc#1051510). - USB: serial: keyspan: fix NULL-derefs on open() and write() (bsc#1051510). - USB: serial: option: add support for Cinterion CLS8 devices (bsc#1051510). - USB: serial: option: add Telit FN980 compositions (bsc#1051510). - USB: serial: ti_usb_3410_5052: fix port-close races (bsc#1051510). - USB: serial: whiteheat: fix potential slab corruption (bsc#1051510). - usb: udc: lpc32xx: fix bad bit shift operation (bsc#1051510). - USB: usb-skeleton: fix NULL-deref on disconnect (bsc#1051510). - USB: usb-skeleton: fix runtime PM after driver unbind (bsc#1051510). - USB: usb-skeleton: fix use-after-free after driver unbind (bsc#1051510). - USB: usblcd: fix I/O after disconnect (bsc#1142635). - USB: usblp: fix runtime PM after driver unbind (bsc#1051510). - USB: usblp: fix use-after-free on disconnect (bsc#1051510). - usb: xhci: wait for CNR controller not ready bit in xhci resume (bsc#1051510). - USB: yurex: Do not retry on unexpected errors (bsc#1051510). - USB: yurex: fix NULL-derefs on disconnect (bsc#1051510). - usbnet: ignore endpoints with invalid wMaxPacketSize (bsc#1051510). - usbnet: sanity checking of packet sizes and device mtu (bsc#1051510). - vfio_pci: Restore original state on release (bsc#1051510). - vhost_net: conditionally enable tx polling (bsc#1145099). - vhost_net: conditionally enable tx polling (bsc#1145099). - video: of: display_timing: Add of_node_put() in of_get_display_timing() (bsc#1051510). - vsock: Fix a lockdep warning in __vsock_release() (networking-stable-19_10_05). - watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout (bsc#1051510). - x86/asm: Fix MWAITX C-state hint value (bsc#1114279). - x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area (bnc#1153969). - x86/boot/64: Round memory hole size up to next PMD page (bnc#1153969). - x86/mm: Use WRITE_ONCE() when setting PTEs (bsc#1114279). - xen-netfront: do not use ~0U as error return value for xennet_fill_frags() (bsc#1065600). - xen/netback: fix error path of xenvif_connect_data() (bsc#1065600). - xen/pv: Fix Xen PV guest int3 handling (bsc#1153811). - xen/xenbus: fix self-deadlock after killing user process (bsc#1065600). - xhci: Check all endpoints for LPM timeout (bsc#1051510). - xhci: Fix false warning message about wrong bounce buffer write length (bsc#1051510). - xhci: Increase STS_SAVE timeout in xhci_suspend() (bsc#1051510). - xhci: Prevent device initiated U1/U2 link pm if exit latency is too long (bsc#1051510). Important SUSE bug 1046299 SUSE bug 1046303 SUSE bug 1046305 SUSE bug 1050244 SUSE bug 1050536 SUSE bug 1050545 SUSE bug 1051510 SUSE bug 1055186 SUSE bug 1061840 SUSE bug 1064802 SUSE bug 1065600 SUSE bug 1066129 SUSE bug 1073513 SUSE bug 1082635 SUSE bug 1083647 SUSE bug 1086323 SUSE bug 1087092 SUSE bug 1089644 SUSE bug 1090631 SUSE bug 1093205 SUSE bug 1096254 SUSE bug 1097583 SUSE bug 1097584 SUSE bug 1097585 SUSE bug 1097586 SUSE bug 1097587 SUSE bug 1097588 SUSE bug 1098291 SUSE bug 1101674 SUSE bug 1109158 SUSE bug 1114279 SUSE bug 1117665 SUSE bug 1119461 SUSE bug 1119465 SUSE bug 1122363 SUSE bug 1123034 SUSE bug 1123080 SUSE bug 1127155 SUSE bug 1133140 SUSE bug 1134303 SUSE bug 1135642 SUSE bug 1135854 SUSE bug 1135873 SUSE bug 1135967 SUSE bug 1137040 SUSE bug 1137799 SUSE bug 1137861 SUSE bug 1138190 SUSE bug 1139073 SUSE bug 1140090 SUSE bug 1140729 SUSE bug 1140845 SUSE bug 1140883 SUSE bug 1141600 SUSE bug 1142635 SUSE bug 1142667 SUSE bug 1143706 SUSE bug 1144338 SUSE bug 1144375 SUSE bug 1144449 SUSE bug 1144903 SUSE bug 1145099 SUSE bug 1146612 SUSE bug 1148410 SUSE bug 1149119 SUSE bug 1150452 SUSE bug 1150457 SUSE bug 1150465 SUSE bug 1150875 SUSE bug 1151225 SUSE bug 1151508 SUSE bug 1151680 SUSE bug 1152497 SUSE bug 1152505 SUSE bug 1152506 SUSE bug 1152624 SUSE bug 1152685 SUSE bug 1152782 SUSE bug 1152788 SUSE bug 1152791 SUSE bug 1153108 SUSE bug 1153112 SUSE bug 1153158 SUSE bug 1153236 SUSE bug 1153263 SUSE bug 1153476 SUSE bug 1153509 SUSE bug 1153646 SUSE bug 1153681 SUSE bug 1153713 SUSE bug 1153717 SUSE bug 1153718 SUSE bug 1153719 SUSE bug 1153811 SUSE bug 1153969 SUSE bug 1154108 SUSE bug 1154189 SUSE bug 1154354 SUSE bug 1154372 SUSE bug 1154578 SUSE bug 1154607 SUSE bug 1154608 SUSE bug 1154610 SUSE bug 1154611 SUSE bug 1154651 SUSE bug 1154737 SUSE bug 1154747 SUSE bug 1154848 SUSE bug 1154858 SUSE bug 1154905 SUSE bug 1154956 SUSE bug 1154959 SUSE bug 1155178 SUSE bug 1155179 SUSE bug 1155184 SUSE bug 1155186 SUSE bug 1155671 SUSE bug 1155692 SUSE bug 1155812 SUSE bug 1155817 SUSE bug 1155836 SUSE bug 1155945 SUSE bug 1155982 SUSE bug 1156187 SUSE bug 919448 SUSE bug 987367 SUSE bug 998153 CVE-2018-12207 CVE-2019-10220 CVE-2019-11135 CVE-2019-16232 CVE-2019-16233 CVE-2019-16234 CVE-2019-16995 CVE-2019-17055 CVE-2019-17056 CVE-2019-17133 CVE-2019-17666 CVE-2019-18805 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for qemu fixes the following issues: - Remove a backslash '\' escape character from 80-qemu-ga.rules (bsc#1153358) Unlike sles 15 or newer guests, The udev rule file of qemu guest agent in sles 12 sp4 or newer guest only needs one escape character. - Fix use-after-free in slirp (CVE-2018-20126 bsc#1119991) - Fix potential DOS in lsi scsi controller emulation (CVE-2019-12068 bsc#1146873) - Expose taa-no 'feature', indicating CPU does not have the TSX Async Abort vulnerability. (CVE-2019-11135 bsc#1152506) - Expose pschange-mc-no 'feature', indicating CPU does not have the page size change machine check vulnerability (CVE-2018-12207 bsc#1155812) - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE12-SP4 Important SUSE bug 1119991 SUSE bug 1146873 SUSE bug 1152506 SUSE bug 1153358 SUSE bug 1155812 CVE-2018-12207 CVE-2018-20126 CVE-2019-11135 CVE-2019-12068 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ucode-intel fixes the following issues: - Updated to 20191112 security release (bsc#1155988) - Processor Identifier Version Products - Model Stepping F-MO-S/PI Old->New - ---- new platforms ---------------------------------------- - CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile - CNL-U D0 6-66-3/80 0000002a Core Gen8 Mobile - SKX-SP B1 6-55-3/97 01000150 Xeon Scalable - ICL U/Y D1 6-7e-5/80 00000046 Core Gen10 Mobile - ---- updated platforms ------------------------------------ - SKL U/Y D0 6-4e-3/c0 000000cc->000000d4 Core Gen6 Mobile - SKL H/S/E3 R0/N0 6-5e-3/36 000000cc->000000d4 Core Gen6 - AML-Y22 H0 6-8e-9/10 000000b4->000000c6 Core Gen8 Mobile - KBL-U/Y H0 6-8e-9/c0 000000b4->000000c6 Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 000000b4->000000c6 Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000b8->000000c6 Core Gen8 Mobile - AML-Y V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile - CML-U42 V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile - WHL-U V0 6-8e-c/94 000000b8->000000c6 Core Gen8 Mobile - KBL-G/X H0 6-9e-9/2a 000000b4->000000c6 Core Gen7/Gen8 - KBL-H/S/E3 B0 6-9e-9/2a 000000b4->000000c6 Core Gen7; Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 000000b4->000000c6 Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 000000b4->000000c6 Core Gen8 - CFL-H R0 6-9e-d/22 000000b8->000000c6 Core Gen9 Mobile - Includes security fixes for: - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073) - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035) - requires coreutils for the %post script (bsc#1154043) Important SUSE bug 1139073 SUSE bug 1141035 SUSE bug 1154043 SUSE bug 1155988 CVE-2019-11135 CVE-2019-11139 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xen fixes the following issues: - CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. (bsc#1155945) - CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack. (bsc#1152497). - CVE-2019-18424: An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. (bsc#1154461). - CVE-2019-18421: A malicious PV guest administrator may have been able to escalate their privilege to that of the host. (bsc#1154458). - CVE-2019-18425: 32-bit PV guest user mode could elevate its privileges to that of the guest kernel. (bsc#1154456). - CVE-2019-18420: Malicious x86 PV guests may have caused a hypervisor crash, resulting in a Denial of Service (Dos). (bsc#1154448) Important SUSE bug 1152497 SUSE bug 1154448 SUSE bug 1154456 SUSE bug 1154458 SUSE bug 1154461 SUSE bug 1155945 CVE-2018-12207 CVE-2019-11135 CVE-2019-18420 CVE-2019-18421 CVE-2019-18424 CVE-2019-18425 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libjpeg-turbo fixes the following issues: - CVE-2019-2201: Several integer overflow issues and subsequent segfaults occurred in libjpeg-turbo, when attempting to compress or decompress gigapixel images. [bsc#1156402] Important SUSE bug 1156402 CVE-2019-2201 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ghostscript fixes the following issue: - CVE-2019-14869: Fixed a possible dSAFER escape which could have allowed an attacker to gain high privileges by a specially crafted Postscript code (bsc#1156275). Important SUSE bug 1156275 CVE-2019-14869 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ucode-intel fixes the following issues: - Updated to 20191112 official security release (bsc#1155988) - Includes security fixes for: - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073) - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035) Important SUSE bug 1139073 SUSE bug 1141035 SUSE bug 1155988 CVE-2019-11135 CVE-2019-11139 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xen fixes the following issues: - Update to Xen 4.11.1 bug fix release (bsc#1027519) - CVE-2018-17963: Fixed an integer overflow issue in the QEMU emulator, which could occur when a packet with large packet size is processed. A user inside a guest could have used this flaw to crash the qemu process resulting in a Denial of Service (DoS). (bsc#1111014) - CVE-2018-18849: Fixed an out of bounds memory access in the LSI53C895A SCSI host bus adapter emulation, which allowed a user and/or process to crash the qemu process resulting in a Denial of Service (DoS). (bsc#1114423) - CVE-2018-18883: Fixed an issue related to inproper restriction of nested VT-x, which allowed a guest to cause Xen to crash, resulting in a Denial of Service (DoS). (XSA-278) (bsc#1114405) - CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient TLB flushing with AMD IOMMUs, which potentially allowed a guest to escalate its privileges, may cause a Denial of Service (DoS) affecting the entire host, or may be able to access data it is not supposed to access. (XSA-275) (bsc#1115040) - CVE-2018-19963: Fixed the allocation of pages used to communicate with external emulators, which may have cuased Xen to crash, resulting in a Denial of Service (DoS). (XSA-276) (bsc#1115043) - CVE-2018-19965: Fixed an issue related to the INVPCID instruction in case non-canonical addresses are accessed, which may allow a guest to cause Xen to crash, resulting in a Denial of Service (DoS) affecting the entire host. (XSA-279) (bsc#1115045) - CVE-2018-19966: Fixed an issue related to a previous fix for XSA-240, which conflicted with shadow paging and allowed a guest to cause Xen to crash, resulting in a Denial of Service (DoS) (XSA-280) (bsc#1115047) - CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the host, resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988) - CVE-2018-19964: Fixed the incorrect error handling of p2m page removals, which allowed a guest to cause a deadlock, resulting in a Denial of Service (DoS) affecting the entire host. (XSA-277) (bsc#1115044) - CVE-2018-19665: Fixed an integer overflow resulting in memory corruption in various Bluetooth functions, allowing this to crash qemu process resulting in Denial of Service (DoS). (bsc#1117756). Other bugs fixed: - Fixed an issue related to a domU hang on SLE12-SP3 HV (bsc#1108940) Important SUSE bug 1027519 SUSE bug 1108940 SUSE bug 1111014 SUSE bug 1114405 SUSE bug 1114423 SUSE bug 1114988 SUSE bug 1115040 SUSE bug 1115043 SUSE bug 1115044 SUSE bug 1115045 SUSE bug 1115047 SUSE bug 1117756 CVE-2018-17963 CVE-2018-18849 CVE-2018-18883 CVE-2018-19665 CVE-2018-19961 CVE-2018-19962 CVE-2018-19963 CVE-2018-19964 CVE-2018-19965 CVE-2018-19966 CVE-2018-19967 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for dpdk to version 17.11.7 fixes the following issues: - CVE-2019-14818: Fixed a memory leak vulnerability caused by a malicious container may lead to to denial of service (bsc#1156146). Moderate SUSE bug 1156146 CVE-2019-14818 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for aspell fixes the following issues: - CVE-2019-17544: Fixed a stack-based buffer over-read in acommon:unescape in common/getdata.cpp via an isolated backslash (bsc#1153892). Moderate SUSE bug 1153892 CVE-2019-17544 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for sqlite3 fixes the following issues: - CVE-2017-2518: Fixed a use-after-free vulnerability which could have led to buffer overflow via a crafted SQL statement (bsc#1155787). Important SUSE bug 1155787 CVE-2017-2518 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for cups fixes the following issues: - CVE-2019-8675: Fixed a stack buffer overflow in libcups's asn1_get_type function(bsc#1146358). - CVE-2019-8696: Fixed a stack buffer overflow in libcups's asn1_get_packed function (bsc#1146359). Important SUSE bug 1146358 SUSE bug 1146359 CVE-2019-8675 CVE-2019-8696 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for tiff fixes the following issues: Security issues fixed: - CVE-2019-14973: Fixed an improper check which was depended on the compiler which could have led to integer overflow (bsc#1146608). - CVE-2016-5102: Fixed a buffer overflow in readgifimage() (bsc#983268) - CVE-2018-17000: Fixed a NULL pointer dereference in the _TIFFmemcmp function (bsc#1108606). - CVE-2019-6128: Fixed a memory leak in the TIFFFdOpen function in tif_unix.c (bsc#1121626). - CVE-2019-7663: Fixed an invalid address dereference in the TIFFWriteDirectoryTagTransfer function in libtiff/tif_dirwrite.c (bsc#1125113) Moderate SUSE bug 1108606 SUSE bug 1121626 SUSE bug 1125113 SUSE bug 1146608 SUSE bug 983268 CVE-2016-5102 CVE-2018-17000 CVE-2019-14973 CVE-2019-6128 CVE-2019-7663 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for cpio fixes the following issues: - CVE-2019-14866: Fixed an improper validation of the values written in the header of a TAR file through the to_oct() function which could have led to unexpected TAR generation (bsc#1155199). Moderate SUSE bug 1155199 CVE-2019-14866 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for clamav fixes the following issues: Security issue fixed: - CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and heuristics for zips with overlapping files (bsc#1144504). - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1149458). Non-security issues fixed: - Added the --max-scantime clamscan option and MaxScanTime clamd configuration option (bsc#1144504). - Increased the startup timeout of clamd to 5 minutes to cater for the grown virus database as a workaround until clamd has learned to talk to systemd to extend the timeout as long as needed (bsc#1151839). Moderate SUSE bug 1144504 SUSE bug 1149458 SUSE bug 1151839 CVE-2019-12625 CVE-2019-12900 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for mailman fixes the following issues: - CVE-2019-3693: Fixed a local privilege escalation from wwwrun to root (bsc#1154328). Important SUSE bug 1154328 CVE-2019-3693 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_7_0-openjdk fixes the following issues: Security issues fixed (October 2019 CPU bsc#1154212): - CVE-2019-2933: Windows file handling redux - CVE-2019-2945: Better socket support - CVE-2019-2949: Better Kerberos ccache handling - CVE-2019-2958: Build Better Processes - CVE-2019-2964: Better support for patterns - CVE-2019-2962: Better Glyph Images - CVE-2019-2973: Better pattern compilation - CVE-2019-2978: Improved handling of jar files - CVE-2019-2981: Better Path supports - CVE-2019-2983: Better serial attributes - CVE-2019-2987: Better rendering of native glyphs - CVE-2019-2988: Better Graphics2D drawing - CVE-2019-2989: Improve TLS connection support - CVE-2019-2992: Enhance font glyph mapping - CVE-2019-2999: Commentary on Javadoc comments - CVE-2019-2894: Enhance ECDSA operations (bsc#1152856). Important SUSE bug 1152856 SUSE bug 1154212 CVE-2019-2894 CVE-2019-2933 CVE-2019-2945 CVE-2019-2949 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libxml2 doesn't fix any additional security issues, but correct the rpm changelog to reflect all CVEs that have been fixed over the past. Low SUSE bug 1123919 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libarchive fixes the following issues: Security issues fixed: - CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder (bsc#1120653). - CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder (bsc#1120654). - CVE-2019-1000019: Fixed an Out-Of-Bounds Read vulnerability in 7zip decompression (bsc#1124341). - CVE-2019-1000020: Fixed an Infinite Loop vulnerability in ISO9660 parser (bsc#1124342). - CVE-2019-18408: Fixed a use-after-free in RAR format support (bsc#1155079). Moderate SUSE bug 1032089 SUSE bug 1037008 SUSE bug 1037009 SUSE bug 1059134 SUSE bug 1059139 SUSE bug 1120653 SUSE bug 1120654 SUSE bug 1124341 SUSE bug 1124342 SUSE bug 1155079 CVE-2016-10209 CVE-2016-10349 CVE-2016-10350 CVE-2017-14501 CVE-2017-14502 CVE-2018-1000877 CVE-2018-1000878 CVE-2019-1000019 CVE-2019-1000020 CVE-2019-18408 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ncurses fixes the following issues: Security issue fixed: - CVE-2018-10754: Fixed a denial of service caused by a NULL Pointer Dereference in the _nc_parse_entry() (bsc#1131830). - CVE-2019-17594: Fixed a heap-based buffer over-read in _nc_find_entry function in tinfo/comp_hash.c (bsc#1154036). - CVE-2019-17595: Fixed a heap-based buffer over-read in fmt_entry function in tinfo/comp_hash.c (bsc#1154037). Bug fixes: - Fixed ppc64le build configuration (bsc#1134550). Moderate SUSE bug 1131830 SUSE bug 1134550 SUSE bug 1154036 SUSE bug 1154037 CVE-2018-10754 CVE-2019-17594 CVE-2019-17595 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-20749: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123828) - CVE-2018-20750: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123832) - CVE-2018-20748: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1123823) Critical SUSE bug 1123823 SUSE bug 1123828 SUSE bug 1123832 CVE-2018-20748 CVE-2018-20749 CVE-2018-20750 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for clamav fixes the following issues: - CVE-2019-15961: Fixed a denial of service which might occur when scanning a specially crafted email file as (bsc#1157763). Important SUSE bug 1157763 CVE-2019-15961 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for permissions fixes the following issues: Security issues fixed: - CVE-2019-3688: Changed wrong ownership in /usr/sbin/pinger to root:squid which could have allowed a squid user to gain persistence by changing the binary (bsc#1093414). - CVE-2019-3690: Fixed a privilege escalation through untrusted symbolic links (bsc#1150734). Other issue addressed: - Corrected a badly constracted file which could have allowed treating of the shell environment as permissions files (bsc#1097665,bsc#1047247). - Fixed a regression which caused sagmentation fault (bsc#1157198). Moderate SUSE bug 1047247 SUSE bug 1093414 SUSE bug 1097665 SUSE bug 1150734 SUSE bug 1157198 CVE-2019-3688 CVE-2019-3690 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for apache2-mod_perl fixes the following issues: Security issue fixed: - CVE-2011-2767: Fixed a vulnerability which could have allowed perl code execution in the context of user account (bsc#1156944). Other issue addressed: - Restore process name after sv_setpv_mg() call. (bsc#1091625) Moderate SUSE bug 1091625 SUSE bug 1156944 CVE-2011-2767 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for strongswan provides the following fixes: Security issues fixed: - CVE-2018-5388: Fixed a buffer underflow which may allow to a remote attacker with local user credentials to resource exhaustion and denial of service while reading from the socket (bsc#1094462). - CVE-2018-10811: Fixed a denial of service during the IKEv2 key derivation if the openssl plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF (bsc#1093536). - CVE-2018-16151,CVE-2018-16152: Fixed multiple flaws in the gmp plugin which might lead to authorization bypass (bsc#1107874). - CVE-2018-17540: Fixed an improper input validation in gmp plugin (bsc#1109845). Other issues addressed: - Fixed some client fails when the scep server URL is used with HTTPS protocol (bsc#1071853). - Reject Diffie-Hellman key exchanges using primes smaller than 1024 bit. - Handle unexpected informational message from SonicWall. (bsc#1009254) Important SUSE bug 1009254 SUSE bug 1071853 SUSE bug 1093536 SUSE bug 1094462 SUSE bug 1107874 SUSE bug 1109845 CVE-2018-10811 CVE-2018-16151 CVE-2018-16152 CVE-2018-17540 CVE-2018-5388 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an arbitrary command execution (bsc#1158095). Important SUSE bug 1158095 CVE-2019-14889 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xen fixes the following issues: - CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm (bsc#1158003 XSA-307). - CVE-2019-19582: Fixed a potential infinite loop when x86 accesses to bitmaps with a compile time known size of 64 (bsc#1158003 XSA-307). - CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH guest userspace code to crash the guest,leading to a guest denial of service (bsc#1158004 XSA-308). - CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could have caused hypervisor crash resulting in denial of service affecting the entire host (bsc#1158005 XSA-309). - CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest administrator could have been able to escalate their privilege to that of the host (bsc#1158006 XSA-310). - CVE-2019-19577: Fixed an issue where a malicious guest administrator could have caused Xen to access data structures while they are being modified leading to a crash (bsc#1158007 XSA-311). - CVE-2019-19579: Fixed a privilege escaltion where an untrusted domain with access to a physical device can DMA into host memory (bsc#1157888 XSA-306). - CVE-2019-18423: A malicious guest administrator may cause a hypervisor crash, resulting in a Denial of Service (DoS). (bsc#1154460). - CVE-2019-18424: An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. (bsc#1154461). - CVE-2019-18422: A malicious ARM guest might contrive to arrange for critical Xen code to run with interrupts erroneously enabled. This could lead to data corruption, denial of service, or possibly even privilege escalation. However a precise attack technique has not been identified. (bsc#1154464) Important SUSE bug 1154460 SUSE bug 1154461 SUSE bug 1154464 SUSE bug 1157888 SUSE bug 1158003 SUSE bug 1158004 SUSE bug 1158005 SUSE bug 1158006 SUSE bug 1158007 CVE-2019-18422 CVE-2019-18423 CVE-2019-18424 CVE-2019-19577 CVE-2019-19578 CVE-2019-19579 CVE-2019-19580 CVE-2019-19581 CVE-2019-19582 CVE-2019-19583 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for git fixes the following issues: Security issues fixed: - CVE-2019-1349: Fixed issue on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice (bsc#1158787). - CVE-2019-19604: Fixed a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that (bsc#1158795). - CVE-2019-1387: Fixed recursive clones that are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones (bsc#1158793). - CVE-2019-1354: Fixed issue on Windows that refuses to write tracked files with filenames that contain backslashes (bsc#1158792). - CVE-2019-1353: Fixed issue when run in the Windows Subsystem for Linux while accessing a working directory on a regular Windows drive, none of the NTFS protections were active (bsc#1158791). - CVE-2019-1352: Fixed issue on Windows was unaware of NTFS Alternate Data Streams (bsc#1158790). - CVE-2019-1351: Fixed issue on Windows mistakes drive letters outside of the US-English alphabet as relative paths (bsc#1158789). - CVE-2019-1350: Fixed incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs (bsc#1158788). - CVE-2019-1348: Fixed the --export-marks option of fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths (bsc#1158785). - Fixed an issue where git send-email fails to authenticate with SMTP server (bsc#1082023) Important SUSE bug 1082023 SUSE bug 1158785 SUSE bug 1158787 SUSE bug 1158788 SUSE bug 1158789 SUSE bug 1158790 SUSE bug 1158791 SUSE bug 1158792 SUSE bug 1158793 SUSE bug 1158795 CVE-2019-1348 CVE-2019-1349 CVE-2019-1350 CVE-2019-1351 CVE-2019-1352 CVE-2019-1353 CVE-2019-1354 CVE-2019-1387 CVE-2019-19604 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel-azure was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-19051: There was a memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/net/wimax/i2400m/op-rfkill.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1159024). - CVE-2019-19338: There was an incomplete fix for Transaction Asynchronous Abort (TAA) (bnc#1158954). - CVE-2019-19332: There was an OOB memory write via kvm_dev_ioctl_get_cpuid (bnc#1158827). - CVE-2019-19537: There was a race condition bug that can be caused by a malicious USB device in the USB character device driver layer (bnc#1158904). - CVE-2019-19535: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver (bnc#1158903). - CVE-2019-19527: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver (bnc#1158900). - CVE-2019-19526: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver (bnc#1158893). - CVE-2019-19533: There was an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver (bnc#1158834). - CVE-2019-19532: There were multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers (bnc#1158824). - CVE-2019-19523: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79 (bnc#1158381 1158823 1158834). - CVE-2019-15213: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver (bnc#1146544). - CVE-2019-19531: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver (bnc#1158445). - CVE-2019-19543: There was a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (bnc#1158427). - CVE-2019-19525: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver (bnc#1158417). - CVE-2019-19530: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver (bnc#1158410). - CVE-2019-19536: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver (bnc#1158394). - CVE-2019-19524: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver (bnc#1158413). - CVE-2019-19528: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver (bnc#1158407). - CVE-2019-19534: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (bnc#1158398). - CVE-2019-19529: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver (bnc#1158381). - CVE-2019-14901: A heap overflow flaw was found in the Linux kernel in Marvell WiFi chip driver. The vulnerability allowed a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system (bnc#1157042). - CVE-2019-14895: A heap-based buffer overflow was discovered in the Linux kernel in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could have allowed the remote device to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1157158). - CVE-2019-18660: The Linux kernel on powerpc allowed Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c (bnc#1157038). - CVE-2019-18683: An issue was discovered in drivers/media/platform/vivid in the Linux kernel. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free (bnc#1155897). - CVE-2019-18809: A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1156258). - CVE-2019-19062: A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures (bnc#1157333). - CVE-2019-19057: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197). - CVE-2019-19056: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197). - CVE-2019-19068: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157307). - CVE-2019-19063: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157298). - CVE-2019-19227: In the AppleTalk subsystem in the Linux kernel there was a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client (bnc#1157678). - CVE-2019-19065: A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures (bnc#1157191). - CVE-2019-19077: A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering copy to udata failures (bnc#1157171). - CVE-2019-19052: A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157324). - CVE-2019-19067: Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures (bsc#1157180). - CVE-2019-19060: A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157178). - CVE-2019-19049: A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures (bsc#1157173). - CVE-2019-19075: A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures (bnc#1157162). - CVE-2019-19058: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures (bnc#1157145). - CVE-2019-19074: A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157143). - CVE-2019-19073: Fixed memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c allowed attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures (bnc#1157070). - CVE-2019-15916: An issue was discovered in the Linux kernel There was a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service (bnc#1149448). - CVE-2019-0154: Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1135966). - CVE-2019-16231: drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150466). The following non-security bugs were fixed: - ACPI / APEI: Do not wait to serialise with oops messages when panic()ing (bsc#1051510). - ACPI / LPSS: Exclude I2C busses shared with PUNIT from pmc_atom_d3_mask (bsc#1051510). - ACPI / LPSS: Ignore acpi_device_fix_up_power() return value (bsc#1051510). - ACPI / SBS: Fix rare oops when removing modules (bsc#1051510). - ACPI: OSL: only free map once in osl.c (bsc#1051510). - ACPI: sysfs: Change ACPI_MASKABLE_GPE_MAX to 0x100 (bsc#1051510). - ACPICA: Never run _REG on system_memory and system_IO (bsc#1051510). - ACPICA: Use %d for signed int print formatting instead of %u (bsc#1051510). - ALSA: 6fire: Drop the dead code (git-fixes). - ALSA: bebob: fix to detect configured source of sampling clock for Focusrite Saffire Pro i/o series (git-fixes). - ALSA: cs4236: fix error return comparison of an unsigned integer (git-fixes). - ALSA: firewire-motu: Correct a typo in the clock proc string (git-fixes). - ALSA: hda - Add mute led support for HP ProBook 645 G4 (git-fixes). - ALSA: hda - Fix pending unsol events at shutdown (git-fixes). - ALSA: hda/hdmi - Add new pci ids for AMD GPU display audio (git-fixes). - ALSA: hda/hdmi - fix vgaswitcheroo detection for AMD (git-fixes). - ALSA: hda/intel: add CometLake PCI IDs (bsc#1156729). - ALSA: hda/realtek - Dell headphone has noise on unmute for ALC236 (git-fixes). - ALSA: hda/realtek - Move some alc236 pintbls to fallback table (git-fixes). - ALSA: hda/realtek - Move some alc256 pintbls to fallback table (git-fixes). - ALSA: hda: Add Cometlake-S PCI ID (git-fixes). - ALSA: i2c/cs8427: Fix int to char conversion (bsc#1051510). - ALSA: intel8x0m: Register irq handler after register initializations (bsc#1051510). - ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed() (git-fixes). - ALSA: pcm: oss: Avoid potential buffer overflows (git-fixes). - ALSA: pcm: signedness bug in snd_pcm_plug_alloc() (bsc#1051510). - ALSA: seq: Do error checks at creating system ports (bsc#1051510). - ALSA: timer: Fix incorrectly assigned timer instance (git-fixes). - ALSA: usb-audio: Fix Focusrite Scarlett 6i6 gen1 - input handling (git-fixes). - ALSA: usb-audio: Fix missing error check at mixer resolution test (git-fixes). - ALSA: usb-audio: not submit urb for stopped endpoint (git-fixes). - ASoC: Intel: hdac_hdmi: Limit sampling rates at dai creation (bsc#1051510). - ASoC: compress: fix unsigned integer overflow check (bsc#1051510). - ASoC: davinci-mcasp: Handle return value of devm_kasprintf (stable 4.14.y). - ASoC: davinci: Kill BUG_ON() usage (stable 4.14.y). - ASoC: dpcm: Properly initialise hw->rate_max (bsc#1051510). - ASoC: kirkwood: fix external clock probe defer (git-fixes). - ASoC: msm8916-wcd-analog: Fix RX1 selection in RDAC2 MUX (git-fixes). - ASoC: sgtl5000: avoid division by zero if lo_vag is zero (bsc#1051510). - ASoC: tegra_sgtl5000: fix device_node refcounting (bsc#1051510). - ASoC: tlv320aic31xx: Handle inverted BCLK in non-DSP modes (stable 4.14.y). - ASoC: tlv320dac31xx: mark expected switch fall-through (stable 4.14.y). - Bluetooth: Fix invalid-free in bcsp_close() (git-fixes). - Bluetooth: Fix memory leak in hci_connect_le_scan (bsc#1051510). - Bluetooth: L2CAP: Detect if remote is not able to use the whole MPS (bsc#1051510). - Bluetooth: btusb: fix PM leak in error case of setup (bsc#1051510). - Bluetooth: delete a stray unlock (bsc#1051510). - Bluetooth: hci_bcm: Handle specific unknown packets after firmware loading (bsc#1051510). - Bluetooth: hci_core: fix init for HCI_USER_CHANNEL (bsc#1051510). - Btrfs: fix log context list corruption after rename exchange operation (bsc#1156494). - CIFS: Fix SMB2 oplock break processing (bsc#1144333, bsc#1154355). - CIFS: Fix oplock handling for SMB 2.1+ protocols (bsc#1144333, bsc#1154355). - CIFS: Fix retry mid list corruption on reconnects (bsc#1144333, bsc#1154355). - CIFS: Fix use after free of file info structures (bsc#1144333, bsc#1154355). - CIFS: Force reval dentry if LOOKUP_REVAL flag is set (bsc#1144333, bsc#1154355). - CIFS: Force revalidate inode when dentry is stale (bsc#1144333, bsc#1154355). - CIFS: Gracefully handle QueryInfo errors during open (bsc#1144333, bsc#1154355). - CIFS: avoid using MID 0xFFFF (bsc#1144333, bsc#1154355). - CIFS: fix max ea value size (bsc#1144333, bsc#1154355). - Documentation: debugfs: Document debugfs helper for unsigned long values (git-fixes). - Documentation: x86: convert protection-keys.txt to reST (bsc#1078248). - EDAC/ghes: Fix Use after free in ghes_edac remove path (bsc#1114279). - EDAC/ghes: Fix locking and memory barrier issues (bsc#1114279). EDAC/ghes: Do not warn when incrementing refcount on 0 (bsc#1114279). - HID: Add ASUS T100CHI keyboard dock battery quirks (bsc#1051510). - HID: Add quirk for Microsoft PIXART OEM mouse (bsc#1051510). - HID: Fix assumption that devices have inputs (git-fixes). - HID: asus: Add T100CHI bluetooth keyboard dock special keys mapping (bsc#1051510). - HID: doc: fix wrong data structure reference for UHID_OUTPUT (bsc#1051510). - HID: intel-ish-hid: fixes incorrect error handling (bsc#1051510). - HID: wacom: generic: Treat serial number and related fields as unsigned (git-fixes). - Input: ff-memless - kill timer in destroy() (bsc#1051510). - Input: silead - try firmware reload after unsuccessful resume (bsc#1051510). - Input: st1232 - set INPUT_PROP_DIRECT property (bsc#1051510). - Input: synaptics-rmi4 - clear IRQ enables for F54 (bsc#1051510). - Input: synaptics-rmi4 - destroy F54 poller workqueue when removing (bsc#1051510). - Input: synaptics-rmi4 - disable the relative position IRQ in the F12 driver (bsc#1051510). - Input: synaptics-rmi4 - do not consume more data than we have (F11, F12) (bsc#1051510). - Input: synaptics-rmi4 - fix video buffer size (git-fixes). - KVM: SVM: Guard against DEACTIVATE when performing WBINVD/DF_FLUSH (bsc#1114279). - KVM: SVM: Serialize access to the SEV ASID bitmap (bsc#1114279). - KVM: VMX: Consider PID.PIR to determine if vCPU has pending interrupts (bsc#1158064). - KVM: VMX: Fix conditions for guest IA32_XSS support (bsc#1158065). - KVM: x86/mmu: Take slots_lock when using kvm_mmu_zap_all_fast() (bsc#1158067). - KVM: x86: Introduce vcpu->arch.xsaves_enabled (bsc#1158066). - KVM: x86: Remove a spurious export of a static function (bsc#1158954). - NFC: nxp-nci: Fix NULL pointer dereference after I2C communication error (git-fixes). - PCI/ACPI: Correct error message for ASPM disabling (bsc#1051510). - PCI/MSI: Fix incorrect MSI-X masking on resume (bsc#1051510). - PCI/MSI: Return -ENOSPC from pci_alloc_irq_vectors_affinity() (bsc#1051510). - PCI/PME: Fix possible use-after-free on remove (git-fixes). - PCI/PTM: Remove spurious 'd' from granularity message (bsc#1051510). - PCI: Apply Cavium ACS quirk to ThunderX2 and ThunderX3 (bsc#1051510). - PCI: Fix Intel ACS quirk UPDCR register address (bsc#1051510). - PCI: dwc: Fix find_next_bit() usage (bsc#1051510). - PCI: rcar: Fix missing MACCTLR register setting in initialization sequence (bsc#1051510). - PCI: sysfs: Ignore lockdep for remove attribute (git-fixes). - PCI: tegra: Enable Relaxed Ordering only for Tegra20 & Tegra30 (git-fixes). - PM / AVS: SmartReflex: NULL check before some freeing functions is not needed (bsc#1051510). - PM / Domains: Deal with multiple states but no governor in genpd (bsc#1051510). - PM / devfreq: Check NULL governor in available_governors_show (git-fixes). - PM / devfreq: Lock devfreq in trans_stat_show (git-fixes). - PM / devfreq: exynos-bus: Correct clock enable sequence (bsc#1051510). - PM / devfreq: passive: Use non-devm notifiers (bsc#1051510). - PM / devfreq: passive: fix compiler warning (bsc#1051510). - PM / hibernate: Check the success of generating md5 digest before hibernation (bsc#1051510). - UAS: Revert commit 3ae62a42090f ('UAS: fix alignment of scatter/gather segments'). - USB: chaoskey: fix error case of a timeout (git-fixes). - USB: gadget: Reject endpoints with 0 maxpacket value (bsc#1051510). - USB: misc: appledisplay: fix backlight update_status return code (bsc#1051510). - USB: serial: ftdi_sio: add device IDs for U-Blox C099-F9P (bsc#1051510). - USB: serial: mos7720: fix remote wakeup (git-fixes). - USB: serial: mos7840: add USB ID to support Moxa UPort 2210 (bsc#1051510). - USB: serial: mos7840: fix remote wakeup (git-fixes). - USB: serial: option: add support for DW5821e with eSIM support (bsc#1051510). - USB: serial: option: add support for Foxconn T77W968 LTE modules (bsc#1051510). - USB: serial: whiteheat: fix line-speed endianness (bsc#1051510). - USBIP: add config dependency for SGL_ALLOC (git-fixes). - appledisplay: fix error handling in the scheduled work (git-fixes). - arm64: Update config files. (bsc#1156466) Enable HW_RANDOM_OMAP driver and mark driver omap-rng as supported. - ata: ep93xx: Use proper enums for directions (bsc#1051510). - ath10k: fix kernel panic by moving pci flush after napi_disable (bsc#1051510). - ath10k: fix vdev-start timeout on error (bsc#1051510). - ath10k: limit available channels via DT ieee80211-freq-limit (bsc#1051510). - ath10k: wmi: disable softirq's while calling ieee80211_rx (bsc#1051510). - ath6kl: Fix off by one error in scan completion (bsc#1051510). - ath9k: Fix a locking bug in ath9k_add_interface() (bsc#1051510). - ath9k: add back support for using active monitor interfaces for tx99 (bsc#1051510). - ath9k: fix reporting calculated new FFT upper max (bsc#1051510). - ath9k: fix tx99 with monitor mode interface (bsc#1051510). - ath9k_hw: fix uninitialized variable data (bsc#1051510). - atl1e: checking the status of atl1e_write_phy_reg (bsc#1051510). - audit: Allow auditd to set pid to 0 to end auditing (bsc#1158094). - ax88172a: fix information leak on short answers (bsc#1051510). - backlight: lm3639: Unconditionally call led_classdev_unregister (bsc#1051510). - bpf: Make use of probe_user_write in probe write helper (bsc#1083647). - brcmfmac: fix full timeout waiting for action frame on-channel tx (bsc#1051510). - brcmfmac: reduce timeout for action frame scan (bsc#1051510). - brcmsmac: AP mode: update beacon when TIM changes (bsc#1051510). - brcmsmac: never log 'tid x is not agg'able' by default (bsc#1051510). - can: c_can: D_CAN: c_can_chip_config(): perform a sofware reset on open (bsc#1051510). - can: c_can: c_can_poll(): only read status register after status IRQ (git-fixes). - can: mcba_usb: fix use-after-free on disconnect (git-fixes). - can: peak_usb: fix a potential out-of-sync while decoding packets (git-fixes). - can: peak_usb: fix slab info leak (git-fixes). - can: peak_usb: report bus recovery as well (bsc#1051510). - can: rx-offload: can_rx_offload_irq_offload_fifo(): continue on error (bsc#1051510). - can: rx-offload: can_rx_offload_irq_offload_timestamp(): continue on error (bsc#1051510). - can: rx-offload: can_rx_offload_offload_one(): do not increase the skb_queue beyond skb_queue_len_max (git-fixes). - can: rx-offload: can_rx_offload_offload_one(): increment rx_fifo_errors on queue overflow or OOM (bsc#1051510). - can: rx-offload: can_rx_offload_offload_one(): use ERR_PTR() to propagate error value in case of errors (bsc#1051510). - can: rx-offload: can_rx_offload_queue_sorted(): fix error handling, avoid skb mem leak (git-fixes). - can: rx-offload: can_rx_offload_queue_tail(): fix error handling, avoid skb mem leak (git-fixes). - can: usb_8dev: fix use-after-free on disconnect (git-fixes). - ceph: add missing check in d_revalidate snapdir handling (bsc#1157183). - ceph: do not try to handle hashed dentries in non-O_CREAT atomic_open (bsc#1157184). - ceph: fix use-after-free in __ceph_remove_cap() (bsc#1154058). - ceph: just skip unrecognized info in ceph_reply_info_extra (bsc#1157182). - cfg80211: Avoid regulatory restore when COUNTRY_IE_IGNORE is set (bsc#1051510). - cfg80211: Prevent regulatory restore during STA disconnect in concurrent interfaces (bsc#1051510). - cfg80211: call disconnect_wk when AP stops (bsc#1051510). - cgroup,writeback: do not switch wbs immediately on dead wbs if the memcg is dead (bsc#1158645). - cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (bsc#1144333, bsc#1154355). - cifs: Fix missed free operations (bsc#1144333, bsc#1154355). - cifs: Use kzfree() to zero out the password (bsc#1144333, bsc#1154355). - cifs: add a helper to find an existing readable handle to a file (bsc#1144333, bsc#1154355). - cifs: create a helper to find a writeable handle by path name (bsc#1144333, bsc#1154355). - cifs: move cifsFileInfo_put logic into a work-queue (bsc#1144333, bsc#1154355). - cifs: prepare SMB2_Flush to be usable in compounds (bsc#1144333, bsc#1154355). - cifs: set domainName when a domain-key is used in multiuser (bsc#1144333, bsc#1154355). - cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic (bsc#1144333, bsc#1154355). - cifs: use existing handle for compound_op(OP_SET_INFO) when possible (bsc#1144333, bsc#1154355). - clk: at91: avoid sleeping early (git-fixes). - clk: pxa: fix one of the pxa RTC clocks (bsc#1051510). - clk: samsung: Use clk_hw API for calling clk framework from clk notifiers (bsc#1051510). - clk: samsung: exynos5420: Preserve CPU clocks configuration during suspend/resume (bsc#1051510). - clk: samsung: exynos5420: Preserve PLL configuration during suspend/resume (git-fixes). - clk: sunxi-ng: a80: fix the zero'ing of bits 16 and 18 (git-fixes). - clocksource/drivers/sh_cmt: Fix clocksource width for 32-bit machines (bsc#1051510). - clocksource/drivers/sh_cmt: Fixup for 64-bit machines (bsc#1051510). - compat_ioctl: handle SIOCOUTQNSD (bsc#1051510). - component: fix loop condition to call unbind() if bind() fails (bsc#1051510). - cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init() (bsc#1051510). - cpufreq: Skip cpufreq resume if it's not suspended (bsc#1051510). - cpufreq: intel_pstate: Register when ACPI PCCH is present (bsc#1051510). - cpufreq: powernv: fix stack bloat and hard limit on number of CPUs (bsc#1051510). - cpufreq: ti-cpufreq: add missing of_node_put() (bsc#1051510). - cpupower : Fix cpupower working when cpu0 is offline (bsc#1051510). - cpupower : frequency-set -r option misses the last cpu in related cpu list (bsc#1051510). - cpupower: Fix coredump on VMWare (bsc#1051510). - crypto: af_alg - cast ki_complete ternary op to int (bsc#1051510). - crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr (bsc#1051510). - crypto: ecdh - fix big endian bug in ECC library (bsc#1051510). - crypto: fix a memory leak in rsa-kcs1pad's encryption mode (bsc#1051510). - crypto: geode-aes - switch to skcipher for cbc(aes) fallback (bsc#1051510). - crypto: mxc-scc - fix build warnings on ARM64 (bsc#1051510). - crypto: mxs-dcp - Fix AES issues (bsc#1051510). - crypto: mxs-dcp - Fix SHA null hashes and output length (bsc#1051510). - crypto: mxs-dcp - make symbols 'sha1_null_hash' and 'sha256_null_hash' static (bsc#1051510). - crypto: s5p-sss: Fix Fix argument list alignment (bsc#1051510). - crypto: tgr192 - remove unneeded semicolon (bsc#1051510). - cw1200: Fix a signedness bug in cw1200_load_firmware() (bsc#1051510). - cxgb4: fix panic when attaching to ULD fail (networking-stable-19_11_05). - dccp: do not leak jiffies on the wire (networking-stable-19_11_05). - dlm: do not leak kernel pointer to userspace (bsc#1051510). - dlm: fix invalid free (bsc#1051510). - dmaengine: dma-jz4780: Do not depend on MACH_JZ4780 (bsc#1051510). - dmaengine: dma-jz4780: Further residue status fix (bsc#1051510). - dmaengine: ep93xx: Return proper enum in ep93xx_dma_chan_direction (bsc#1051510). - dmaengine: imx-sdma: fix use-after-free on probe error path (bsc#1051510). - dmaengine: rcar-dmac: set scatter/gather max segment size (bsc#1051510). - dmaengine: timb_dma: Use proper enum in td_prep_slave_sg (bsc#1051510). - docs: move protection-keys.rst to the core-api book (bsc#1078248). - drivers/base/platform.c: kmemleak ignore a known leak (bsc#1051510). - drivers/regulator: fix a missing check of return value (bsc#1051510). - drm/amdgpu: fix bad DMA from INTERRUPT_CNTL2 (bsc#1114279) - drm/etnaviv: fix dumping of iommuv2 (bsc#1113722) - drm/omap: fix max fclk divider for omap36xx (bsc#1113722) - drm/radeon: fix bad DMA from INTERRUPT_CNTL2 (git-fixes). - drm/radeon: fix si_enable_smc_cac() failed issue (bsc#1113722) - drm/rockchip: Round up _before_ giving to the clock framework (bsc#1114279) - drm: panel-lvds: Potential Oops in probe error handling (bsc#1114279) - e1000e: Drop unnecessary __E1000_DOWN bit twiddling (bsc#1158049). - e1000e: Use dev_get_drvdata where possible (bsc#1158049). - e1000e: Use rtnl_lock to prevent race conditions between net and pci/pm (bsc#1158049). - ecryptfs_lookup_interpose(): lower_dentry->d_inode is not stable (bsc#1158646). - ecryptfs_lookup_interpose(): lower_dentry->d_parent is not stable either (bsc#1158647). - ext4: fix punch hole for inline_data file systems (bsc#1158640). - ext4: update direct I/O read lock pattern for IOCB_NOWAIT (bsc#1158639). - extcon: cht-wc: Return from default case to avoid warnings (bsc#1051510). - fbdev: sbuslib: integer overflow in sbusfb_ioctl_helper() (bsc#1051510). - fbdev: sbuslib: use checked version of put_user() (bsc#1051510). - sctp: Fixed regression (bsc#1158082). - ftrace: Introduce PERMANENT ftrace_ops flag (bsc#1120853). - gpio: mpc8xxx: Do not overwrite default irq_set_type callback (bsc#1051510). - gpio: syscon: Fix possible NULL ptr usage (bsc#1051510). - gpiolib: acpi: Add Terra Pad 1061 to the run_edge_events_on_boot_blacklist (bsc#1051510). - gsmi: Fix bug in append_to_eventlog sysfs handler (bsc#1051510). - hwmon: (ina3221) Fix INA3221_CONFIG_MODE macros (bsc#1051510). - hwmon: (pwm-fan) Silence error on probe deferral (bsc#1051510). - hwrng: omap - Fix RNG wait loop timeout (bsc#1051510). - hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if not idled (bsc#1051510). - hwrng: stm32 - fix unbalanced pm_runtime_enable (bsc#1051510). - hypfs: Fix error number left in struct pointer member (bsc#1051510). - ibmvnic: Bound waits for device queries (bsc#1155689 ltc#182047). - ibmvnic: Bound waits for device queries (bsc#1155689 ltc#182047). - ibmvnic: Fix completion structure initialization (bsc#1155689 ltc#182047). - ibmvnic: Fix completion structure initialization (bsc#1155689 ltc#182047). - ibmvnic: Serialize device queries (bsc#1155689 ltc#182047). - ibmvnic: Serialize device queries (bsc#1155689 ltc#182047). - ibmvnic: Terminate waiting device threads after loss of service (bsc#1155689 ltc#182047). - ibmvnic: Terminate waiting device threads after loss of service (bsc#1155689 ltc#182047). - idr: Fix idr_alloc_u32 on 32-bit systems (bsc#1051510). - iio: adc: max9611: explicitly cast gain_selectors (bsc#1051510). - iio: adc: stm32-adc: fix stopping dma (git-fixes). - iio: dac: mcp4922: fix error handling in mcp4922_write_raw (bsc#1051510). - iio: imu: adis16480: assign bias value only if operation succeeded (git-fixes). - iio: imu: adis16480: make sure provided frequency is positive (git-fixes). - iio: imu: adis: assign read val in debugfs hook only if op successful (git-fixes). - iio: imu: adis: assign value only if return code zero in read funcs (git-fixes). - include/linux/bitrev.h: fix constant bitrev (bsc#1114279). - inet: stop leaking jiffies on the wire (networking-stable-19_11_05). - intel_th: Fix a double put_device() in error path (git-fixes). - iomap: Fix pipe page leakage during splicing (bsc#1158651). - iommu/vt-d: Fix QI_DEV_IOTLB_PFSID and QI_DEV_EIOTLB_PFSID macros (bsc#1158063). - ipmi:dmi: Ignore IPMI SMBIOS entries with a zero base address (bsc#1051510). - ipv4: Return -ENETUNREACH if we can't create route but saddr is valid (networking-stable-19_10_24). - iwlwifi: api: annotate compressed BA notif array sizes (bsc#1051510). - iwlwifi: check kasprintf() return value (bsc#1051510). - iwlwifi: exclude GEO SAR support for 3168 (git-fixes). - iwlwifi: mvm: avoid sending too many BARs (bsc#1051510). - iwlwifi: mvm: do not send keys when entering D3 (bsc#1051510). - kABI workaround for ath10k last_wmi_vdev_start_status field (bsc#1051510). - kABI workaround for struct mwifiex_power_cfg change (bsc#1051510). - kABI: Fix for 'KVM: x86: Introduce vcpu->arch.xsaves_enabled' (bsc#1158066). - lib/scatterlist: Fix chaining support in sgl_alloc_order() (git-fixes). - lib/scatterlist: Introduce sgl_alloc() and sgl_free() (git-fixes). - liquidio: fix race condition in instruction completion processing (bsc#1051510). - livepatch: Allow to distinguish different version of system state changes (bsc#1071995). - livepatch: Basic API to track system state changes (bsc#1071995 ). - livepatch: Keep replaced patches until post_patch callback is called (bsc#1071995). - livepatch: Selftests of the API for tracking system state changes (bsc#1071995). - loop: add ioctl for changing logical block size (bsc#1108043). - loop: fix no-unmap write-zeroes request behavior (bsc#1158637). - mISDN: Fix type of switch control variable in ctrl_teimanager (bsc#1051510). - mac80211: consider QoS Null frames for STA_NULLFUNC_ACKED (bsc#1051510). - mac80211: fix station inactive_time shortly after boot (bsc#1051510). - mac80211: minstrel: fix CCK rate group streams value (bsc#1051510). - mac80211: minstrel: fix sampling/reporting of CCK rates in HT mode (bsc#1051510). - macvlan: schedule bc_work even if error (bsc#1051510). - mailbox: mailbox-test: fix null pointer if no mmio (bsc#1051510). - mailbox: reset txdone_method TXDONE_BY_POLL if client knows_txdone (git-fixes). - media: au0828: Fix incorrect error messages (bsc#1051510). - media: bdisp: fix memleak on release (git-fixes). - media: cxusb: detect cxusb_ctrl_msg error in query (bsc#1051510). - media: davinci: Fix implicit enum conversion warning (bsc#1051510). - media: exynos4-is: Fix recursive locking in isp_video_release() (git-fixes). - media: fix: media: pci: meye: validate offset to avoid arbitrary access (bsc#1051510). - media: flexcop-usb: ensure -EIO is returned on error condition (git-fixes). - media: imon: invalid dereference in imon_touch_event (bsc#1051510). - media: isif: fix a NULL pointer dereference bug (bsc#1051510). - media: ov6650: Fix control handler not freed on init error (git-fixes). - media: pci: ivtv: Fix a sleep-in-atomic-context bug in ivtv_yuv_init() (bsc#1051510). - media: pxa_camera: Fix check for pdev->dev.of_node (bsc#1051510). - media: radio: wl1273: fix interrupt masking on release (git-fixes). - media: ti-vpe: vpe: Fix Motion Vector vpdma stride (git-fixes). - media: usbvision: Fix races among open, close, and disconnect (bsc#1051510). - media: uvcvideo: Fix error path in control parsing failure (git-fixes). - media: v4l2-ctrl: fix flags for DO_WHITE_BALANCE (bsc#1051510). - media: vim2m: Fix abort issue (git-fixes). - media: vivid: Set vid_cap_streaming and vid_out_streaming to true (bsc#1051510). - mei: bus: prefix device names on bus with the bus name (bsc#1051510). - mei: fix modalias documentation (git-fixes). - mei: samples: fix a signedness bug in amt_host_if_call() (bsc#1051510). - mfd: intel-lpss: Add default I2C device properties for Gemini Lake (bsc#1051510). - mfd: max8997: Enale irq-wakeup unconditionally (bsc#1051510). - mfd: mc13xxx-core: Fix PMIC shutdown when reading ADC values (bsc#1051510). - mfd: palmas: Assign the right powerhold mask for tps65917 (git-fixes). - mfd: ti_am335x_tscadc: Keep ADC interface on if child is wakeup capable (bsc#1051510). - mlx5: add parameter to disable enhanced IPoIB (bsc#1142095) - mm, memory_hotplug: do not clear numa_node association after hot_remove (bnc#1115026). - mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d() (git fixes (mm/gup)). - mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new zone (git fixes (mm/compaction)). - mm/debug.c: PageAnon() is true for PageKsm() pages (git fixes (mm/debug)). - mmc: core: fix wl1251 sdio quirks (git-fixes). - mmc: host: omap_hsmmc: add code for special init of wl1251 to get rid of pandora_wl1251_init_card (git-fixes). - mmc: mediatek: fix cannot receive new request when msdc_cmd_is_ready fail (bsc#1051510). - mmc: sdhci-esdhc-imx: correct the fix of ERR004536 (git-fixes). - mmc: sdhci-of-at91: fix quirk2 overwrite (git-fixes). - mmc: sdio: fix wl1251 vendor id (git-fixes). - moduleparam: fix parameter description mismatch (bsc#1051510). - mt7601u: fix bbp version check in mt7601u_wait_bbp_ready (bsc#1051510). - mtd: nand: mtk: fix incorrect register setting order about ecc irq. - mtd: spear_smi: Fix Write Burst mode (bsc#1051510). - mtd: spi-nor: fix silent truncation in spi_nor_read() (bsc#1051510). - mwifiex: Fix NL80211_TX_POWER_LIMITED (bsc#1051510). - mwifiex: debugfs: correct histogram spacing, formatting (bsc#1051510). - mwifiex: fix potential NULL dereference and use after free (bsc#1051510). - nbd: prevent memory leak (bsc#1158638). - net/ibmvnic: Fix typo in retry check (bsc#1155689 ltc#182047). - net/ibmvnic: Ignore H_FUNCTION return from H_EOI to tolerate XIVE mode (bsc#1089644, ltc#166495, ltc#165544, git-fixes). - net/mlx4_core: Dynamically set guaranteed amount of counters per VF (networking-stable-19_11_05). - net/mlx5e: Fix handling of compressed CQEs in case of low NAPI budget (networking-stable-19_11_05). - net/smc: Fix error path in smc_init (git-fixes). - net/smc: avoid fallback in case of non-blocking connect (git-fixes). - net/smc: fix closing of fallback SMC sockets (git-fixes). - net/smc: fix ethernet interface refcounting (git-fixes). - net/smc: fix refcounting for non-blocking connect() (git-fixes). - net/smc: keep vlan_id for SMC-R in smc_listen_work() (git-fixes). - net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol() (networking-stable-19_11_05). - net: add READ_ONCE() annotation in __skb_wait_for_more_packets() (networking-stable-19_11_05). - net: add skb_queue_empty_lockless() (networking-stable-19_11_05). - net: annotate accesses to sk->sk_incoming_cpu (networking-stable-19_11_05). - net: annotate lockless accesses to sk->sk_napi_id (networking-stable-19_11_05). - net: avoid potential infinite loop in tc_ctl_action() (networking-stable-19_10_24). - net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3 (networking-stable-19_10_24). - net: bcmgenet: Set phydev->dev_flags only for internal PHYs (networking-stable-19_10_24). - net: bcmgenet: reset 40nm EPHY on energy detect (networking-stable-19_11_05). - net: dsa: b53: Do not clear existing mirrored port mask (networking-stable-19_11_05). - net: dsa: bcm_sf2: Fix IMP setup for port different than 8 (networking-stable-19_11_05). - net: dsa: fix switch tree list (networking-stable-19_11_05). - net: ethernet: ftgmac100: Fix DMA coherency issue with SW checksum (networking-stable-19_11_05). - net: fix sk_page_frag() recursion from memory reclaim (networking-stable-19_11_05). - net: hisilicon: Fix ping latency when deal with high throughput (networking-stable-19_11_05). - net: phy: Check against net_device being NULL (bsc#1051510). - net: phy: Fix not to call phy_resume() if PHY is not attached (bsc#1051510). - net: phy: Fix the register offsets in Broadcom iProc mdio mux driver (bsc#1051510). - net: phy: at803x: Change error to EINVAL for invalid MAC (bsc#1051510). - net: phy: broadcom: Use strlcpy() for ethtool::get_strings (bsc#1051510). - net: phy: dp83867: Set up RGMII TX delay (bsc#1051510). - net: phy: fixed_phy: Fix fixed_phy not checking GPIO (bsc#1051510). - net: phy: marvell: Use strlcpy() for ethtool::get_strings (bsc#1051510). - net: phy: marvell: clear wol event before setting it (bsc#1051510). - net: phy: meson-gxl: check phy_write return value (bsc#1051510). - net: phy: micrel: Use strlcpy() for ethtool::get_strings (bsc#1051510). - net: phy: mscc: read 'vsc8531, edge-slowdown' as an u32 (bsc#1051510). - net: phy: mscc: read 'vsc8531,vddmac' as an u32 (bsc#1051510). - net: phy: xgene: disable clk on error paths (bsc#1051510). - net: phy: xgmiitorgmii: Check phy_driver ready before accessing (bsc#1051510). - net: phy: xgmiitorgmii: Check read_status results (bsc#1051510). - net: phy: xgmiitorgmii: Support generic PHY status read (bsc#1051510). - net: stmmac: disable/enable ptp_ref_clk in suspend/resume flow (networking-stable-19_10_24). - net: use skb_queue_empty_lockless() in busy poll contexts (networking-stable-19_11_05). - net: use skb_queue_empty_lockless() in poll() handlers (networking-stable-19_11_05). - net: wireless: ti: remove local VENDOR_ID and DEVICE_ID definitions (git-fixes). - net: wireless: ti: wl1251 use new SDIO_VENDOR_ID_TI_WL1251 definition (git-fixes). - netns: fix GFP flags in rtnl_net_notifyid() (networking-stable-19_11_05). - nfc: netlink: fix double device reference drop (git-fixes). - nfc: port100: handle command failure cleanly (git-fixes). - nl80211: Fix a GET_KEY reply attribute (bsc#1051510). - ocfs2: fix panic due to ocfs2_wq is null (bsc#1158644). - ocfs2: fix passing zero to 'PTR_ERR' warning (bsc#1158649). - openvswitch: fix flow command message size (git-fixes). - padata: use smp_mb in padata_reorder to avoid orphaned padata jobs (git-fixes). - phy: phy-twl4030-usb: fix denied runtime access (git-fixes). - pinctl: ti: iodelay: fix error checking on pinctrl_count_index_with_args call (git-fixes). - pinctrl: at91: do not use the same irqchip with multiple gpiochips (git-fixes). - pinctrl: cherryview: Allocate IRQ chip dynamic (git-fixes). - pinctrl: lewisburg: Update pin list according to v1.1v6 (bsc#1051510). - pinctrl: lpc18xx: Use define directive for PIN_CONFIG_GPIO_PIN_INT (bsc#1051510). - pinctrl: qcom: spmi-gpio: fix gpio-hog related boot issues (bsc#1051510). - pinctrl: samsung: Fix device node refcount leaks in S3C24xx wakeup controller init (bsc#1051510). - pinctrl: samsung: Fix device node refcount leaks in S3C64xx wakeup controller init (bsc#1051510). - pinctrl: samsung: Fix device node refcount leaks in init code (bsc#1051510). - pinctrl: sunxi: Fix a memory leak in 'sunxi_pinctrl_build_state()' (bsc#1051510). - pinctrl: xway: fix gpio-hog related boot issues (bsc#1051510). - pinctrl: zynq: Use define directive for PIN_CONFIG_IO_STANDARD (bsc#1051510). - pktcdvd: remove warning on attempting to register non-passthrough dev (bsc#1051510). - platform/x86: hp-wmi: Fix ACPI errors caused by passing 0 as input size (bsc#1051510). - platform/x86: hp-wmi: Fix ACPI errors caused by too small buffer (bsc#1051510). - power: reset: at91-poweroff: do not procede if at91_shdwc is allocated (bsc#1051510). - power: supply: ab8500_fg: silence uninitialized variable warnings (bsc#1051510). - power: supply: max14656: fix potential use-after-free (bsc#1051510). - power: supply: twl4030_charger: disable eoc interrupt on linear charge (bsc#1051510). - power: supply: twl4030_charger: fix charging current out-of-bounds (bsc#1051510). - powerpc/64: Make meltdown reporting Book3S 64 specific (bsc#1091041). - powerpc/book3s64/hash: Use secondary hash for bolted mapping if the primary is full (bsc#1157778 ltc#182520). - powerpc/bpf: Fix tail call implementation (bsc#1157698). - powerpc/pseries/mobility: notify network peers after migration (bsc#1152631 ltc#181798). - powerpc/pseries: Do not fail hash page table insert for bolted mapping (bsc#1157778 ltc#182520). - powerpc/pseries: Do not opencode HPTE_V_BOLTED (bsc#1157778 ltc#182520). - powerpc/pseries: address checkpatch warnings in dlpar_offline_cpu (bsc#1156700 ltc#182459). - powerpc/pseries: safely roll back failed DLPAR cpu add (bsc#1156700 ltc#182459). - powerpc/security/book3s64: Report L1TF status in sysfs (bsc#1091041). - powerpc/security: Fix wrong message when RFI Flush is disable (bsc#1131107). - powerpc/xive: Prevent page fault issues in the machine crash handler (bsc#1156882 ltc#182435). - ppdev: fix PPGETTIME/PPSETTIME ioctls (bsc#1051510). - printk: Export console_printk (bsc#1071995). - pwm: Clear chip_data in pwm_put() (bsc#1051510). - pwm: bcm-iproc: Prevent unloading the driver module while in use (git-fixes). - pwm: clps711x: Fix period calculation (bsc#1051510). - pwm: lpss: Only set update bit if we are actually changing the settings (bsc#1051510). - r8152: add device id for Lenovo ThinkPad USB-C Dock Gen 2 (networking-stable-19_11_05). - regulator: ab8500: Remove AB8505 USB regulator (bsc#1051510). - regulator: ab8500: Remove SYSCLKREQ from enum ab8505_regulator_id (bsc#1051510). - regulator: tps65910: fix a missing check of return value (bsc#1051510). - remoteproc: Check for NULL firmwares in sysfs interface (git-fixes). - reset: Fix potential use-after-free in __of_reset_control_get() (bsc#1051510). - reset: fix of_reset_simple_xlate kerneldoc comment (bsc#1051510). - reset: fix reset_control_get_exclusive kerneldoc comment (bsc#1051510). - reset: fix reset_control_ops kerneldoc comment (bsc#1051510). - rpm/kernel-binary.spec.in: add COMPRESS_VMLINUX (bnc#1155921) Let COMPRESS_VMLINUX determine the compression used for vmlinux. By default (historically), it is gz. - rpm/kernel-source.spec.in: Fix dependency of kernel-devel (bsc#1154043) - rt2800: remove errornous duplicate condition (git-fixes). - rtl8187: Fix warning generated when strncpy() destination length matches the sixe argument (bsc#1051510). - rtl818x: fix potential use after free (bsc#1051510). - rtlwifi: Remove unnecessary NULL check in rtl_regd_init (bsc#1051510). - rtlwifi: rtl8192de: Fix misleading REG_MCUFWDL information (bsc#1051510). - rtlwifi: rtl8192de: Fix missing code to retrieve RX buffer address (bsc#1051510). - rtlwifi: rtl8192de: Fix missing enable interrupt flag (bsc#1051510). - s390/bpf: fix lcgr instruction encoding (bsc#1051510). - s390/bpf: use 32-bit index for tail calls (bsc#1051510). - s390/cio: avoid calling strlen on null pointer (bsc#1051510). - s390/cio: exclude subchannels with no parent from pseudo check (bsc#1051510). - s390/cmm: fix information leak in cmm_timeout_handler() (bsc#1051510). - s390/idle: fix cpu idle time calculation (bsc#1051510). - s390/mm: properly clear _PAGE_NOEXEC bit when it is not supported (bsc#1051510). - s390/process: avoid potential reading of freed stack (bsc#1051510). - s390/qdio: (re-)initialize tiqdio list entries (bsc#1051510). - s390/qdio: do not touch the dsci in tiqdio_add_input_queues() (bsc#1051510). - s390/qeth: return proper errno on IO error (bsc#1051510). - s390/setup: fix boot crash for machine without EDAT-1 (bsc#1051510 bsc#1140948). - s390/setup: fix early warning messages (bsc#1051510 bsc#1140948). - s390/topology: avoid firing events before kobjs are created (bsc#1051510). - s390: fix stfle zero padding (bsc#1051510). - sc16is7xx: Fix for 'Unexpected interrupt: 8' (bsc#1051510). - sched/fair: WARN() and refuse to set buddy when !se->on_rq (bsc#1158132). - scsi: lpfc: Fix Oops in nvme_register with target logout/login (bsc#1151900). - scsi: lpfc: Honor module parameter lpfc_use_adisc (bsc#1153628). - scsi: lpfc: Limit xri count for kdump environment (bsc#1154124). - scsi: qla2xxx: Add debug dump of LOGO payload and ELS IOCB (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Added support for MPI and PEP regions for ISP28XX (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548). - scsi: qla2xxx: Allow PLOGI in target mode (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Change discovery state before PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Configure local loop for N2N target (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Correctly retrieve and interpret active flash region (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548). - scsi: qla2xxx: Do command completion on abort timeout (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Do not call qlt_async_event twice (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Do not defer relogin unconditonally (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Drop superfluous INIT_WORK of del_work (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Fix PLOGI payload and ELS IOCB dump length (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Fix SRB leak on switch command timeout (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix a dma_pool_free() call (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix device connect issues in P2P configuration (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix double scsi_done for abort path (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix driver unload hang (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix incorrect SFUB length used for Secure Flash Update MB Cmd (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548). - scsi: qla2xxx: Fix memory leak when sending I/O fails (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix qla2x00_request_irqs() for MSI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Ignore NULL pointer in tcm_qla2xxx_free_mcmd (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Ignore PORT UPDATE after N2N PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Initialize free_work before flushing it (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Remove an include directive (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Retry PLOGI on FC-NVMe PRLI failure (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Send Notify ACK after N2N PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Update driver version to 10.01.00.21-k (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Use explicit LOGO in target mode (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: do not use zero for FC4_PRIORITY_NVME (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: fix rports not being mark as lost in sync fabric scan (bsc#1138039). - scsi: qla2xxx: initialize fc4_type_priority (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: unregister ports after GPN_FT failure (bsc#1138039). - scsi: sd: Ignore a failure to sync cache due to lack of authorization (git-fixes). - scsi: storvsc: Add ability to change scsi queue depth (bsc#1155021). - scsi: zfcp: fix request object use-after-free in send path causing wrong traces (bsc#1051510). - sctp: change sctp_prot .no_autobind with true (networking-stable-19_10_24). - selftests: net: reuseport_dualstack: fix uninitalized parameter (networking-stable-19_11_05). - serial: fix kernel-doc warning in comments (bsc#1051510). - serial: max310x: Fix tx_empty() callback (bsc#1051510). - serial: mctrl_gpio: Check for NULL pointer (bsc#1051510). - serial: mxs-auart: Fix potential infinite loop (bsc#1051510). - serial: samsung: Enable baud clock for UART reset procedure in resume (bsc#1051510). - serial: uartlite: fix exit path null pointer (bsc#1051510). - serial: uartps: Fix suspend functionality (bsc#1051510). - signal: Properly set TRACE_SIGNAL_LOSE_INFO in __send_signal (bsc#1157463). - slcan: Fix memory leak in error path (bsc#1051510). - slip: Fix memory leak in slip_open error path (bsc#1051510). - slip: Fix use-after-free Read in slip_open (bsc#1051510). - smb3: Incorrect size for netname negotiate context (bsc#1144333, bsc#1154355). - smb3: fix leak in 'open on server' perf counter (bsc#1144333, bsc#1154355). - smb3: fix signing verification of large reads (bsc#1144333, bsc#1154355). - smb3: fix unmount hang in open_shroot (bsc#1144333, bsc#1154355). - smb3: improve handling of share deleted (and share recreated) (bsc#1144333, bsc#1154355). - soc: imx: gpc: fix PDN delay (bsc#1051510). - soc: qcom: wcnss_ctrl: Avoid string overflow (bsc#1051510). - spi: atmel: Fix CS high support (bsc#1051510). - spi: atmel: fix handling of cs_change set on non-last xfer (bsc#1051510). - spi: fsl-lpspi: Prevent FIFO under/overrun by default (bsc#1051510). - spi: mediatek: Do not modify spi_transfer when transfer (bsc#1051510). - spi: mediatek: use correct mata->xfer_len when in fifo transfer (bsc#1051510). - spi: omap2-mcspi: Fix DMA and FIFO event trigger size mismatch (bsc#1051510). - spi: omap2-mcspi: Set FIFO DMA trigger level to word length (bsc#1051510). - spi: pic32: Use proper enum in dmaengine_prep_slave_rg (bsc#1051510). - spi: rockchip: initialize dma_slave_config properly (bsc#1051510). - spi: spidev: Fix OF tree warning logic (bsc#1051510). - staging: rtl8188eu: fix null dereference when kzalloc fails (bsc#1051510). - staging: rtl8192e: fix potential use after free (bsc#1051510). - staging: rtl8723bs: Add 024c:0525 to the list of SDIO device-ids (bsc#1051510). - staging: rtl8723bs: Drop ACPI device ids (bsc#1051510). - stm class: Fix a double free of stm_source_device (bsc#1051510). - supported.conf: - synclink_gt(): fix compat_ioctl() (bsc#1051510). - tcp_nv: fix potential integer overflow in tcpnv_acked (bsc#1051510). - thermal: Fix deadlock in thermal thermal_zone_device_check (bsc#1051510). - thunderbolt: Fix lockdep circular locking depedency warning (git-fixes). - tipc: Avoid copying bytes beyond the supplied data (bsc#1051510). - tipc: check bearer name with right length in tipc_nl_compat_bearer_enable (bsc#1051510). - tipc: check link name with right length in tipc_nl_compat_link_set (bsc#1051510). - tipc: check msg->req data len in tipc_nl_compat_bearer_disable (bsc#1051510). - tipc: compat: allow tipc commands without arguments (bsc#1051510). - tipc: fix a missing check of genlmsg_put (bsc#1051510). - tipc: fix link name length check (bsc#1051510). - tipc: fix memory leak in tipc_nl_compat_publ_dump (bsc#1051510). - tipc: fix skb may be leaky in tipc_link_input (bsc#1051510). - tipc: fix tipc_mon_delete() oops in tipc_enable_bearer() error path (bsc#1051510). - tipc: fix wrong timeout input for tipc_wait_for_cond() (bsc#1051510). - tipc: handle the err returned from cmd header function (bsc#1051510). - tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb (bsc#1051510). - tipc: tipc clang warning (bsc#1051510). - tpm: add check after commands attribs tab allocation (bsc#1051510). - tracing: Get trace_array reference for available_tracers files (bsc#1156429). - tty: serial: fsl_lpuart: use the sg count from dma_map_sg (bsc#1051510). - tty: serial: imx: use the sg count from dma_map_sg (bsc#1051510). - tty: serial: msm_serial: Fix flow control (bsc#1051510). - tty: serial: pch_uart: correct usage of dma_unmap_sg (bsc#1051510). - uaccess: Add non-pagefault user-space write function (bsc#1083647). - ubifs: Correctly initialize c->min_log_bytes (bsc#1158641). - ubifs: Limit the number of pages in shrink_liability (bsc#1158643). - udp: use skb_queue_empty_lockless() (networking-stable-19_11_05). - usb-serial: cp201x: support Mark-10 digital force gauge (bsc#1051510). - usb-storage: Revert commit 747668dbc061 ('usb-storage: Set virt_boundary_mask to avoid SG overflows') (bsc#1051510). - usb: chipidea: Fix otg event handler (bsc#1051510). - usb: chipidea: imx: enable OTG overcurrent in case USB subsystem is already started (bsc#1051510). - usb: dwc3: gadget: Check ENBLSLPM before sending ep command (bsc#1051510). - usb: gadget: udc: fotg210-udc: Fix a sleep-in-atomic-context bug in fotg210_get_status() (bsc#1051510). - usb: gadget: uvc: Factor out video USB request queueing (bsc#1051510). - usb: gadget: uvc: Only halt video streaming endpoint in bulk mode (bsc#1051510). - usb: gadget: uvc: configfs: Drop leaked references to config items (bsc#1051510). - usb: gadget: uvc: configfs: Prevent format changes after linking header (bsc#1051510). - usb: handle warm-reset port requests on hub resume (bsc#1051510). - usb: xhci-mtk: fix ISOC error when interval is zero (bsc#1051510). - usbip: Fix free of unallocated memory in vhci tx (git-fixes). - usbip: Fix vhci_urb_enqueue() URB null transfer buffer error path (git-fixes). - usbip: Implement SG support to vhci-hcd and stub driver (git-fixes). - usbip: tools: fix fd leakage in the function of read_attr_usbip_status (git-fixes). - vfio-ccw: Fix misleading comment when setting orb.cmd.c64 (bsc#1051510). - vfio-ccw: Set pa_nr to 0 if memory allocation fails for pa_iova_pfn (bsc#1051510). - vfio: ccw: push down unsupported IDA check (bsc#1156471 LTC#182362). - vfs: fix preadv64v2 and pwritev64v2 compat syscalls with offset == -1 (bsc#1051510). - video/hdmi: Fix AVI bar unpack (git-fixes). - video: backlight: Add devres versions of of_find_backlight (bsc#1090888) Taken for 6010831dde5. - video: backlight: Add of_find_backlight helper in backlight.c (bsc#1090888) Taken for 6010831dde5. - virtio/s390: fix race on airq_areas (bsc#1051510). - virtio_console: allocate inbufs in add_port() only if it is needed (git-fixes). - virtio_ring: fix return code on DMA mapping fails (git-fixes). - vmxnet3: turn off lro when rxcsum is disabled (bsc#1157499). - vsock/virtio: fix sock refcnt holding during the shutdown (git-fixes). - watchdog: meson: Fix the wrong value of left time (bsc#1051510). - watchdog: sama5d4: fix WDD value to be always set to max (bsc#1051510). - x86/alternatives: Add int3_emulate_call() selftest (bsc#1153811). - x86/alternatives: Fix int3_emulate_call() selftest stack corruption (bsc#1153811). - x86/mm/pkeys: Fix typo in Documentation/x86/protection-keys.txt (bsc#1078248). - x86/pkeys: Update documentation about availability (bsc#1078248). - x86/resctrl: Fix potential lockdep warning (bsc#1114279). - x86/resctrl: Prevent NULL pointer dereference when reading mondata (bsc#1114279). - x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs (bsc#1158068). - x86/speculation: Fix incorrect MDS/TAA mitigation status (bsc#1114279). - x86/speculation: Fix redundant MDS mitigation message (bsc#1114279). - xfrm: Fix xfrm sel prefix length validation (git-fixes). - xfrm: fix sa selector validation (bsc#1156609). - xfs: Sanity check flags of Q_XQUOTARM call (bsc#1158652). Important SUSE bug 1048942 SUSE bug 1051510 SUSE bug 1071995 SUSE bug 1078248 SUSE bug 1082635 SUSE bug 1083647 SUSE bug 1089644 SUSE bug 1090888 SUSE bug 1091041 SUSE bug 1108043 SUSE bug 1113722 SUSE bug 1114279 SUSE bug 1115026 SUSE bug 1117169 SUSE bug 1120853 SUSE bug 1131107 SUSE bug 1135966 SUSE bug 1138039 SUSE bug 1140948 SUSE bug 1142095 SUSE bug 1143706 SUSE bug 1144333 SUSE bug 1146519 SUSE bug 1146544 SUSE bug 1149448 SUSE bug 1150466 SUSE bug 1151548 SUSE bug 1151900 SUSE bug 1152631 SUSE bug 1153628 SUSE bug 1153811 SUSE bug 1154043 SUSE bug 1154058 SUSE bug 1154124 SUSE bug 1154355 SUSE bug 1154526 SUSE bug 1155021 SUSE bug 1155689 SUSE bug 1155897 SUSE bug 1155921 SUSE bug 1156258 SUSE bug 1156429 SUSE bug 1156466 SUSE bug 1156471 SUSE bug 1156494 SUSE bug 1156609 SUSE bug 1156700 SUSE bug 1156729 SUSE bug 1156882 SUSE bug 1157038 SUSE bug 1157042 SUSE bug 1157070 SUSE bug 1157143 SUSE bug 1157145 SUSE bug 1157158 SUSE bug 1157162 SUSE bug 1157169 SUSE bug 1157171 SUSE bug 1157173 SUSE bug 1157178 SUSE bug 1157180 SUSE bug 1157182 SUSE bug 1157183 SUSE bug 1157184 SUSE bug 1157191 SUSE bug 1157193 SUSE bug 1157197 SUSE bug 1157298 SUSE bug 1157307 SUSE bug 1157324 SUSE bug 1157333 SUSE bug 1157424 SUSE bug 1157463 SUSE bug 1157499 SUSE bug 1157678 SUSE bug 1157698 SUSE bug 1157778 SUSE bug 1157908 SUSE bug 1158049 SUSE bug 1158063 SUSE bug 1158064 SUSE bug 1158065 SUSE bug 1158066 SUSE bug 1158067 SUSE bug 1158068 SUSE bug 1158082 SUSE bug 1158094 SUSE bug 1158132 SUSE bug 1158381 SUSE bug 1158394 SUSE bug 1158398 SUSE bug 1158407 SUSE bug 1158410 SUSE bug 1158413 SUSE bug 1158417 SUSE bug 1158427 SUSE bug 1158445 SUSE bug 1158637 SUSE bug 1158638 SUSE bug 1158639 SUSE bug 1158640 SUSE bug 1158641 SUSE bug 1158643 SUSE bug 1158644 SUSE bug 1158645 SUSE bug 1158646 SUSE bug 1158647 SUSE bug 1158649 SUSE bug 1158651 SUSE bug 1158652 SUSE bug 1158823 SUSE bug 1158824 SUSE bug 1158827 SUSE bug 1158834 SUSE bug 1158893 SUSE bug 1158900 SUSE bug 1158903 SUSE bug 1158904 SUSE bug 1158954 SUSE bug 1159024 CVE-2019-0154 CVE-2019-14895 CVE-2019-14901 CVE-2019-15213 CVE-2019-15916 CVE-2019-16231 CVE-2019-18660 CVE-2019-18683 CVE-2019-18809 CVE-2019-19049 CVE-2019-19051 CVE-2019-19052 CVE-2019-19056 CVE-2019-19057 CVE-2019-19058 CVE-2019-19060 CVE-2019-19062 CVE-2019-19063 CVE-2019-19065 CVE-2019-19067 CVE-2019-19068 CVE-2019-19073 CVE-2019-19074 CVE-2019-19075 CVE-2019-19077 CVE-2019-19227 CVE-2019-19332 CVE-2019-19338 CVE-2019-19523 CVE-2019-19524 CVE-2019-19525 CVE-2019-19526 CVE-2019-19527 CVE-2019-19528 CVE-2019-19529 CVE-2019-19530 CVE-2019-19531 CVE-2019-19532 CVE-2019-19533 CVE-2019-19534 CVE-2019-19535 CVE-2019-19536 CVE-2019-19537 CVE-2019-19543 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: Mozilla Firefox was updated to 68.3esr (MFSA 2019-37 bsc#1158328) Security issues fixed: - CVE-2019-17008: Fixed a use-after-free in worker destruction (bmo#1546331) - CVE-2019-13722: Fixed a stack corruption due to incorrect number of arguments in WebRTC code (bmo#1580156) - CVE-2019-11745: Fixed an out of bounds write in NSS when encrypting with a block cipher (bmo#1586176) - CVE-2019-17009: Fixed an issue where updater temporary files accessible to unprivileged processes (bmo#1510494) - CVE-2019-17010: Fixed a use-after-free when performing device orientation checks (bmo#1581084) - CVE-2019-17005: Fixed a buffer overflow in plain text serializer (bmo#1584170) - CVE-2019-17011: Fixed a use-after-free when retrieving a document in antitracking (bmo#1591334) - CVE-2019-17012: Fixed multiple memmory issues (bmo#1449736, bmo#1533957, bmo#1560667,bmo#1567209, bmo#1580288, bmo#1585760, bmo#1592502) Important SUSE bug 1158328 CVE-2019-11745 CVE-2019-13722 CVE-2019-17005 CVE-2019-17008 CVE-2019-17009 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: Security issues fixed: CVE-2018-18500: Fixed a use-after-free parsing HTML5 stream (boo#1122983). CVE-2018-18501: Fixed multiple memory safety bugs (boo#1122983). CVE-2018-18505: Fixed a privilege escalation through IPC channel messages (boo#1122983). Important SUSE bug 1120374 SUSE bug 1122983 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for mariadb to version 10.2.29 fixes the following issues: MariaDB was updated to 10.2.29 (bsc#1156669) Security issues fixed: - CVE-2019-2737: Fixed an issue where could lead a remote attacker to cause denial of service - CVE-2019-2938: Fixed an issue where could lead a remote attacker to cause denial of service - CVE-2019-2740: Fixed an issue where could lead a local attacker to cause denial of service - CVE-2019-2805: Fixed an issue where could lead a local attacker to cause denial of service - CVE-2019-2974: Fixed an issue where could lead a remote attacker to cause denial of service - CVE-2019-2758: Fixed an issue where could lead a local attacker to cause denial of service or data corruption - CVE-2019-2739: Fixed an issue where could lead a local attacker to cause denial of service or data corruption Moderate SUSE bug 1156669 CVE-2019-2737 CVE-2019-2739 CVE-2019-2740 CVE-2019-2758 CVE-2019-2805 CVE-2019-2938 CVE-2019-2974 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for mariadb-100 fixes the following issues: Security issue fixed: - CVE-2019-2974: Fixed Server Optimizer (bsc#1154162). Moderate SUSE bug 1154162 CVE-2019-2974 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-14895: A heap-based buffer overflow was discovered in the Linux kernel in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could have allowed the remote device to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1157158). - CVE-2019-18660: The Linux kernel on powerpc allowed Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c (bnc#1157038). - CVE-2019-18683: An issue was discovered in drivers/media/platform/vivid in the Linux kernel. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free (bnc#1155897). - CVE-2019-18809: A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1156258). - CVE-2019-19062: A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures (bnc#1157333). - CVE-2019-19057: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197). - CVE-2019-19056: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197). - CVE-2019-19068: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157307). - CVE-2019-19063: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157298). - CVE-2019-19227: In the AppleTalk subsystem in the Linux kernel there was a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client (bnc#1157678). - CVE-2019-19065: A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures (bnc#1157191). - CVE-2019-19077: A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering copy to udata failures (bnc#1157171). - CVE-2019-19052: A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157324). - CVE-2019-19067: Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures (bsc#1157180). - CVE-2019-19060: A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157178). - CVE-2019-19049: A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures (bsc#1157173). - CVE-2019-19075: A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures (bnc#1157162). - CVE-2019-19058: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures (bnc#1157145). - CVE-2019-19074: A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157143). - CVE-2019-19073: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function (bnc#1157070). - CVE-2019-15916: An issue was discovered in the Linux kernel There was a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service (bnc#1149448). - CVE-2019-16231: drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150466). - CVE-2019-18805: An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel There was a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact (bnc#1156187). - CVE-2019-17055: base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel did not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket (bnc#1152782). The following non-security bugs were fixed: - ACPI / LPSS: Exclude I2C busses shared with PUNIT from pmc_atom_d3_mask (bsc#1051510). - ACPI / SBS: Fix rare oops when removing modules (bsc#1051510). - ACPICA: Never run _REG on system_memory and system_IO (bsc#1051510). - ACPICA: Use %d for signed int print formatting instead of %u (bsc#1051510). - ALSA: 6fire: Drop the dead code (git-fixes). - ALSA: bebob: fix to detect configured source of sampling clock for Focusrite Saffire Pro i/o series (git-fixes). - ALSA: cs4236: fix error return comparison of an unsigned integer (git-fixes). - ALSA: firewire-motu: Correct a typo in the clock proc string (git-fixes). - ALSA: hda - Add mute led support for HP ProBook 645 G4 (git-fixes). - ALSA: hda - Fix pending unsol events at shutdown (git-fixes). - ALSA: hda/ca0132 - Fix possible workqueue stall (bsc#1155836). - ALSA: hda/intel: add CometLake PCI IDs (bsc#1156729). - ALSA: hda/realtek - Move some alc236 pintbls to fallback table (git-fixes). - ALSA: hda/realtek - Move some alc256 pintbls to fallback table (git-fixes). - ALSA: hda: Add Cometlake-S PCI ID (git-fixes). - ALSA: i2c/cs8427: Fix int to char conversion (bsc#1051510). - ALSA: intel8x0m: Register irq handler after register initializations (bsc#1051510). - ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed() (git-fixes). - ALSA: pcm: signedness bug in snd_pcm_plug_alloc() (bsc#1051510). - ALSA: seq: Do error checks at creating system ports (bsc#1051510). - ALSA: timer: Fix incorrectly assigned timer instance (git-fixes). - ALSA: usb-audio: Fix Focusrite Scarlett 6i6 gen1 - input handling (git-fixes). - ALSA: usb-audio: Fix missing error check at mixer resolution test (git-fixes). - ALSA: usb-audio: not submit urb for stopped endpoint (git-fixes). - ASoC: Intel: hdac_hdmi: Limit sampling rates at dai creation (bsc#1051510). - ASoC: davinci-mcasp: Handle return value of devm_kasprintf (stable 4.14.y). - ASoC: davinci: Kill BUG_ON() usage (stable 4.14.y). - ASoC: dpcm: Properly initialise hw->rate_max (bsc#1051510). - ASoC: kirkwood: fix external clock probe defer (git-fixes). - ASoC: msm8916-wcd-analog: Fix RX1 selection in RDAC2 MUX (git-fixes). - ASoC: sgtl5000: avoid division by zero if lo_vag is zero (bsc#1051510). - ASoC: tegra_sgtl5000: fix device_node refcounting (bsc#1051510). - ASoC: tlv320aic31xx: Handle inverted BCLK in non-DSP modes (stable 4.14.y). - ASoC: tlv320dac31xx: mark expected switch fall-through (stable 4.14.y). - Bluetooth: Fix invalid-free in bcsp_close() (git-fixes). - Bluetooth: Fix memory leak in hci_connect_le_scan (bsc#1051510). - Bluetooth: L2CAP: Detect if remote is not able to use the whole MPS (bsc#1051510). - Bluetooth: btusb: fix PM leak in error case of setup (bsc#1051510). - Bluetooth: delete a stray unlock (bsc#1051510). - Bluetooth: hci_core: fix init for HCI_USER_CHANNEL (bsc#1051510). - Btrfs: fix log context list corruption after rename exchange operation (bsc#1156494). - CIFS: Fix SMB2 oplock break processing (bsc#1144333, bsc#1154355). - CIFS: Fix oplock handling for SMB 2.1+ protocols (bsc#1144333, bsc#1154355). - CIFS: Fix retry mid list corruption on reconnects (bsc#1144333, bsc#1154355). - CIFS: Fix use after free of file info structures (bsc#1144333, bsc#1154355). - CIFS: Force reval dentry if LOOKUP_REVAL flag is set (bsc#1144333, bsc#1154355). - CIFS: Force revalidate inode when dentry is stale (bsc#1144333, bsc#1154355). - CIFS: Gracefully handle QueryInfo errors during open (bsc#1144333, bsc#1154355). - CIFS: avoid using MID 0xFFFF (bsc#1144333, bsc#1154355). - CIFS: fix max ea value size (bsc#1144333, bsc#1154355). - Documentation: debugfs: Document debugfs helper for unsigned long values (git-fixes). - Documentation: x86: convert protection-keys.txt to reST (bsc#1078248). - EDAC/ghes: Fix Use after free in ghes_edac remove path (bsc#1114279). - HID: Add ASUS T100CHI keyboard dock battery quirks (bsc#1051510). - HID: Add quirk for Microsoft PIXART OEM mouse (bsc#1051510). - HID: Fix assumption that devices have inputs (git-fixes). - HID: asus: Add T100CHI bluetooth keyboard dock special keys mapping (bsc#1051510). - HID: wacom: generic: Treat serial number and related fields as unsigned (git-fixes). - Input: ff-memless - kill timer in destroy() (bsc#1051510). - Input: silead - try firmware reload after unsuccessful resume (bsc#1051510). - Input: st1232 - set INPUT_PROP_DIRECT property (bsc#1051510). - Input: synaptics-rmi4 - clear IRQ enables for F54 (bsc#1051510). - Input: synaptics-rmi4 - destroy F54 poller workqueue when removing (bsc#1051510). - Input: synaptics-rmi4 - disable the relative position IRQ in the F12 driver (bsc#1051510). - Input: synaptics-rmi4 - do not consume more data than we have (F11, F12) (bsc#1051510). - Input: synaptics-rmi4 - fix video buffer size (git-fixes). - KVM: VMX: Consider PID.PIR to determine if vCPU has pending interrupts (bsc#1158064). - KVM: VMX: Fix conditions for guest IA32_XSS support (bsc#1158065). - KVM: x86/mmu: Take slots_lock when using kvm_mmu_zap_all_fast() (bsc#1158067). - KVM: x86: Introduce vcpu->arch.xsaves_enabled (bsc#1158066). - NFC: nxp-nci: Fix NULL pointer dereference after I2C communication error (git-fixes). - PCI/ACPI: Correct error message for ASPM disabling (bsc#1051510). - PCI/PME: Fix possible use-after-free on remove (git-fixes). - PCI: sysfs: Ignore lockdep for remove attribute (git-fixes). - PM / devfreq: Check NULL governor in available_governors_show (git-fixes). - PM / devfreq: Lock devfreq in trans_stat_show (git-fixes). - PM / devfreq: exynos-bus: Correct clock enable sequence (bsc#1051510). - PM / devfreq: passive: Use non-devm notifiers (bsc#1051510). - PM / devfreq: passive: fix compiler warning (bsc#1051510). - PM / hibernate: Check the success of generating md5 digest before hibernation (bsc#1051510). - README.BRANCH: Add Denis as branch maintainer - Revert synaptics-rmi4 patch due to regression (bsc#1155982) Also blacklisting it - UAS: Revert commit 3ae62a42090f ('UAS: fix alignment of scatter/gather segments'). - USB: chaoskey: fix error case of a timeout (git-fixes). - USB: gadget: Reject endpoints with 0 maxpacket value (bsc#1051510). - USB: ldusb: fix control-message timeout (bsc#1051510). - USB: ldusb: fix ring-buffer locking (bsc#1051510). - USB: serial: mos7720: fix remote wakeup (git-fixes). - USB: serial: mos7840: add USB ID to support Moxa UPort 2210 (bsc#1051510). - USB: serial: mos7840: fix remote wakeup (git-fixes). - USB: serial: option: add support for DW5821e with eSIM support (bsc#1051510). - USB: serial: option: add support for Foxconn T77W968 LTE modules (bsc#1051510). - USB: serial: whiteheat: fix line-speed endianness (bsc#1051510). - USB: serial: whiteheat: fix potential slab corruption (bsc#1051510). - USBIP: add config dependency for SGL_ALLOC (git-fixes). - appledisplay: fix error handling in the scheduled work (git-fixes). - arm64: Update config files. (bsc#1156466) Enable HW_RANDOM_OMAP driver and mark driver omap-rng as supported. - ata: ep93xx: Use proper enums for directions (bsc#1051510). - ath10k: fix kernel panic by moving pci flush after napi_disable (bsc#1051510). - ath10k: fix vdev-start timeout on error (bsc#1051510). - ath10k: limit available channels via DT ieee80211-freq-limit (bsc#1051510). - ath10k: wmi: disable softirq's while calling ieee80211_rx (bsc#1051510). - ath9k: Fix a locking bug in ath9k_add_interface() (bsc#1051510). - ath9k: add back support for using active monitor interfaces for tx99 (bsc#1051510). - ath9k: fix reporting calculated new FFT upper max (bsc#1051510). - ath9k: fix tx99 with monitor mode interface (bsc#1051510). - ath9k_hw: fix uninitialized variable data (bsc#1051510). - ax88172a: fix information leak on short answers (bsc#1051510). - backlight: lm3639: Unconditionally call led_classdev_unregister (bsc#1051510). - brcmfmac: fix full timeout waiting for action frame on-channel tx (bsc#1051510). - brcmfmac: reduce timeout for action frame scan (bsc#1051510). - brcmsmac: AP mode: update beacon when TIM changes (bsc#1051510). - brcmsmac: never log 'tid x is not agg'able' by default (bsc#1051510). - can: c_can: c_can_poll(): only read status register after status IRQ (git-fixes). - can: dev: call netif_carrier_off() in register_candev() (bsc#1051510). - can: mcba_usb: fix use-after-free on disconnect (git-fixes). - can: peak_usb: fix a potential out-of-sync while decoding packets (git-fixes). - can: peak_usb: fix slab info leak (git-fixes). - can: rx-offload: can_rx_offload_offload_one(): do not increase the skb_queue beyond skb_queue_len_max (git-fixes). - can: rx-offload: can_rx_offload_queue_sorted(): fix error handling, avoid skb mem leak (git-fixes). - can: rx-offload: can_rx_offload_queue_tail(): fix error handling, avoid skb mem leak (git-fixes). - can: usb_8dev: fix use-after-free on disconnect (git-fixes). - ceph: add missing check in d_revalidate snapdir handling (bsc#1157183). - ceph: do not try to handle hashed dentries in non-O_CREAT atomic_open (bsc#1157184). - ceph: fix use-after-free in __ceph_remove_cap() (bsc#1154058). - ceph: just skip unrecognized info in ceph_reply_info_extra (bsc#1157182). - cfg80211: Avoid regulatory restore when COUNTRY_IE_IGNORE is set (bsc#1051510). - cfg80211: Prevent regulatory restore during STA disconnect in concurrent interfaces (bsc#1051510). - cfg80211: call disconnect_wk when AP stops (bsc#1051510). - cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (bsc#1144333, bsc#1154355). - cifs: Fix missed free operations (bsc#1144333, bsc#1154355). - cifs: Use kzfree() to zero out the password (bsc#1144333, bsc#1154355). - cifs: add a helper to find an existing readable handle to a file (bsc#1144333, bsc#1154355). - cifs: create a helper to find a writeable handle by path name (bsc#1144333, bsc#1154355). - cifs: move cifsFileInfo_put logic into a work-queue (bsc#1144333, bsc#1154355). - cifs: prepare SMB2_Flush to be usable in compounds (bsc#1144333, bsc#1154355). - cifs: set domainName when a domain-key is used in multiuser (bsc#1144333, bsc#1154355). - cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic (bsc#1144333, bsc#1154355). - cifs: use existing handle for compound_op(OP_SET_INFO) when possible (bsc#1144333, bsc#1154355). - clk: at91: avoid sleeping early (git-fixes). - clk: pxa: fix one of the pxa RTC clocks (bsc#1051510). - clk: samsung: Use clk_hw API for calling clk framework from clk notifiers (bsc#1051510). - clk: samsung: exynos5420: Preserve CPU clocks configuration during suspend/resume (bsc#1051510). - clk: samsung: exynos5420: Preserve PLL configuration during suspend/resume (git-fixes). - clk: sunxi-ng: a80: fix the zero'ing of bits 16 and 18 (git-fixes). - clocksource/drivers/sh_cmt: Fix clocksource width for 32-bit machines (bsc#1051510). - clocksource/drivers/sh_cmt: Fixup for 64-bit machines (bsc#1051510). - component: fix loop condition to call unbind() if bind() fails (bsc#1051510). - cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init() (bsc#1051510). - cpufreq: Skip cpufreq resume if it's not suspended (bsc#1051510). - cpufreq: intel_pstate: Register when ACPI PCCH is present (bsc#1051510). - cpufreq: powernv: fix stack bloat and hard limit on number of CPUs (bsc#1051510). - cpufreq: ti-cpufreq: add missing of_node_put() (bsc#1051510). - cpupower : Fix cpupower working when cpu0 is offline (bsc#1051510). - cpupower : frequency-set -r option misses the last cpu in related cpu list (bsc#1051510). - cpupower: Fix coredump on VMWare (bsc#1051510). - crypto: af_alg - cast ki_complete ternary op to int (bsc#1051510). - crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr (bsc#1051510). - crypto: ecdh - fix big endian bug in ECC library (bsc#1051510). - crypto: fix a memory leak in rsa-kcs1pad's encryption mode (bsc#1051510). - crypto: geode-aes - switch to skcipher for cbc(aes) fallback (bsc#1051510). - crypto: mxs-dcp - Fix AES issues (bsc#1051510). - crypto: mxs-dcp - Fix SHA null hashes and output length (bsc#1051510). - crypto: mxs-dcp - make symbols 'sha1_null_hash' and 'sha256_null_hash' static (bsc#1051510). - crypto: s5p-sss: Fix Fix argument list alignment (bsc#1051510). - crypto: tgr192 - remove unneeded semicolon (bsc#1051510). - cw1200: Fix a signedness bug in cw1200_load_firmware() (bsc#1051510). - cxgb4: fix panic when attaching to ULD fail (networking-stable-19_11_05). - dccp: do not leak jiffies on the wire (networking-stable-19_11_05). - dlm: do not leak kernel pointer to userspace (bsc#1051510). - dlm: fix invalid free (bsc#1051510). - dmaengine: bcm2835: Print error in case setting DMA mask fails (bsc#1051510). - dmaengine: dma-jz4780: Do not depend on MACH_JZ4780 (bsc#1051510). - dmaengine: dma-jz4780: Further residue status fix (bsc#1051510). - dmaengine: ep93xx: Return proper enum in ep93xx_dma_chan_direction (bsc#1051510). - dmaengine: imx-sdma: fix size check for sdma script_number (bsc#1051510). - dmaengine: imx-sdma: fix use-after-free on probe error path (bsc#1051510). - dmaengine: rcar-dmac: set scatter/gather max segment size (bsc#1051510). - dmaengine: timb_dma: Use proper enum in td_prep_slave_sg (bsc#1051510). - docs: move protection-keys.rst to the core-api book (bsc#1078248). - drm/etnaviv: fix dumping of iommuv2 (bsc#1113722) - drm/omap: fix max fclk divider for omap36xx (bsc#1113722) - drm/radeon: fix bad DMA from INTERRUPT_CNTL2 (git-fixes). - drm/radeon: fix si_enable_smc_cac() failed issue (bsc#1113722) - e1000e: Drop unnecessary __E1000_DOWN bit twiddling (bsc#1158049). - e1000e: Use dev_get_drvdata where possible (bsc#1158049). - e1000e: Use rtnl_lock to prevent race conditions between net and pci/pm (bsc#1158049). - extcon: cht-wc: Return from default case to avoid warnings (bsc#1051510). - fbdev: sbuslib: integer overflow in sbusfb_ioctl_helper() (bsc#1051510). - fbdev: sbuslib: use checked version of put_user() (bsc#1051510). - gpio: mpc8xxx: Do not overwrite default irq_set_type callback (bsc#1051510). - gpio: syscon: Fix possible NULL ptr usage (bsc#1051510). - gpiolib: acpi: Add Terra Pad 1061 to the run_edge_events_on_boot_blacklist (bsc#1051510). - gsmi: Fix bug in append_to_eventlog sysfs handler (bsc#1051510). - hwmon: (ina3221) Fix INA3221_CONFIG_MODE macros (bsc#1051510). - hwmon: (pwm-fan) Silence error on probe deferral (bsc#1051510). - hwrng: omap - Fix RNG wait loop timeout (bsc#1051510). - hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if not idled (bsc#1051510). - hypfs: Fix error number left in struct pointer member (bsc#1051510). - ibmvnic: Bound waits for device queries (bsc#1155689 ltc#182047). - ibmvnic: Fix completion structure initialization (bsc#1155689 ltc#182047). - ibmvnic: Serialize device queries (bsc#1155689 ltc#182047). - ibmvnic: Terminate waiting device threads after loss of service (bsc#1155689 ltc#182047). - iio: adc: max9611: explicitly cast gain_selectors (bsc#1051510). - iio: adc: stm32-adc: fix stopping dma (git-fixes). - iio: dac: mcp4922: fix error handling in mcp4922_write_raw (bsc#1051510). - iio: imu: adis16480: assign bias value only if operation succeeded (git-fixes). - iio: imu: adis16480: make sure provided frequency is positive (git-fixes). - iio: imu: adis: assign read val in debugfs hook only if op successful (git-fixes). - iio: imu: adis: assign value only if return code zero in read funcs (git-fixes). - include/linux/bitrev.h: fix constant bitrev (bsc#1114279). - inet: stop leaking jiffies on the wire (networking-stable-19_11_05). - intel_th: Fix a double put_device() in error path (git-fixes). - iommu/vt-d: Fix QI_DEV_IOTLB_PFSID and QI_DEV_EIOTLB_PFSID macros (bsc#1158063). - ipmi:dmi: Ignore IPMI SMBIOS entries with a zero base address (bsc#1051510). - ipv4: Return -ENETUNREACH if we can't create route but saddr is valid (networking-stable-19_10_24). - iwlwifi: api: annotate compressed BA notif array sizes (bsc#1051510). - iwlwifi: check kasprintf() return value (bsc#1051510). - iwlwifi: do not panic in error path on non-msix systems (bsc#1155692). - iwlwifi: exclude GEO SAR support for 3168 (git-fixes). - iwlwifi: mvm: avoid sending too many BARs (bsc#1051510). - iwlwifi: mvm: do not send keys when entering D3 (bsc#1051510). - kABI workaround for ath10k last_wmi_vdev_start_status field (bsc#1051510). - kABI workaround for struct mwifiex_power_cfg change (bsc#1051510). - kABI: Fix for 'KVM: x86: Introduce vcpu->arch.xsaves_enabled' (bsc#1158066). - lib/scatterlist: Fix chaining support in sgl_alloc_order() (git-fixes). - lib/scatterlist: Introduce sgl_alloc() and sgl_free() (git-fixes). - liquidio: fix race condition in instruction completion processing (bsc#1051510). - loop: add ioctl for changing logical block size (bsc#1108043). - mISDN: Fix type of switch control variable in ctrl_teimanager (bsc#1051510). - mac80211: consider QoS Null frames for STA_NULLFUNC_ACKED (bsc#1051510). - mac80211: minstrel: fix CCK rate group streams value (bsc#1051510). - mac80211: minstrel: fix sampling/reporting of CCK rates in HT mode (bsc#1051510). - macvlan: schedule bc_work even if error (bsc#1051510). - mailbox: reset txdone_method TXDONE_BY_POLL if client knows_txdone (git-fixes). - media: au0828: Fix incorrect error messages (bsc#1051510). - media: bdisp: fix memleak on release (git-fixes). - media: cxusb: detect cxusb_ctrl_msg error in query (bsc#1051510). - media: davinci: Fix implicit enum conversion warning (bsc#1051510). - media: exynos4-is: Fix recursive locking in isp_video_release() (git-fixes). - media: fix: media: pci: meye: validate offset to avoid arbitrary access (bsc#1051510). - media: flexcop-usb: ensure -EIO is returned on error condition (git-fixes). - media: imon: invalid dereference in imon_touch_event (bsc#1051510). - media: isif: fix a NULL pointer dereference bug (bsc#1051510). - media: pci: ivtv: Fix a sleep-in-atomic-context bug in ivtv_yuv_init() (bsc#1051510). - media: pxa_camera: Fix check for pdev->dev.of_node (bsc#1051510). - media: radio: wl1273: fix interrupt masking on release (git-fixes). - media: ti-vpe: vpe: Fix Motion Vector vpdma stride (git-fixes). - media: usbvision: Fix races among open, close, and disconnect (bsc#1051510). - media: vim2m: Fix abort issue (git-fixes). - media: vivid: Set vid_cap_streaming and vid_out_streaming to true (bsc#1051510). - mei: fix modalias documentation (git-fixes). - mei: samples: fix a signedness bug in amt_host_if_call() (bsc#1051510). - mfd: intel-lpss: Add default I2C device properties for Gemini Lake (bsc#1051510). - mfd: max8997: Enale irq-wakeup unconditionally (bsc#1051510). - mfd: mc13xxx-core: Fix PMIC shutdown when reading ADC values (bsc#1051510). - mfd: palmas: Assign the right powerhold mask for tps65917 (git-fixes). - mfd: ti_am335x_tscadc: Keep ADC interface on if child is wakeup capable (bsc#1051510). - mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d() (git fixes (mm/gup)). - mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new zone (git fixes (mm/compaction)). - mm/debug.c: PageAnon() is true for PageKsm() pages (git fixes (mm/debug)). - mmc: core: fix wl1251 sdio quirks (git-fixes). - mmc: host: omap_hsmmc: add code for special init of wl1251 to get rid of pandora_wl1251_init_card (git-fixes). - mmc: mediatek: fix cannot receive new request when msdc_cmd_is_ready fail (bsc#1051510). - mmc: sdhci-esdhc-imx: correct the fix of ERR004536 (git-fixes). - mmc: sdhci-of-at91: fix quirk2 overwrite (git-fixes). - mmc: sdio: fix wl1251 vendor id (git-fixes). - mt7601u: fix bbp version check in mt7601u_wait_bbp_ready (bsc#1051510). - mtd: nand: mtk: fix incorrect register setting order about ecc irq. - mtd: spear_smi: Fix Write Burst mode (bsc#1051510). - mtd: spi-nor: fix silent truncation in spi_nor_read() (bsc#1051510). - mwifiex: Fix NL80211_TX_POWER_LIMITED (bsc#1051510). - net/ibmvnic: Ignore H_FUNCTION return from H_EOI to tolerate XIVE mode (bsc#1089644, ltc#166495, ltc#165544, git-fixes). - net/mlx4_core: Dynamically set guaranteed amount of counters per VF (networking-stable-19_11_05). - net/mlx5e: Fix handling of compressed CQEs in case of low NAPI budget (networking-stable-19_11_05). - net/smc: Fix error path in smc_init (git-fixes). - net/smc: avoid fallback in case of non-blocking connect (git-fixes). - net/smc: fix closing of fallback SMC sockets (git-fixes). - net/smc: fix ethernet interface refcounting (git-fixes). - net/smc: fix refcounting for non-blocking connect() (git-fixes). - net/smc: keep vlan_id for SMC-R in smc_listen_work() (git-fixes). - net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol() (networking-stable-19_11_05). - net: add READ_ONCE() annotation in __skb_wait_for_more_packets() (networking-stable-19_11_05). - net: add skb_queue_empty_lockless() (networking-stable-19_11_05). - net: annotate accesses to sk->sk_incoming_cpu (networking-stable-19_11_05). - net: annotate lockless accesses to sk->sk_napi_id (networking-stable-19_11_05). - net: avoid potential infinite loop in tc_ctl_action() (networking-stable-19_10_24). - net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3 (networking-stable-19_10_24). - net: bcmgenet: Set phydev->dev_flags only for internal PHYs (networking-stable-19_10_24). - net: bcmgenet: reset 40nm EPHY on energy detect (networking-stable-19_11_05). - net: dsa: b53: Do not clear existing mirrored port mask (networking-stable-19_11_05). - net: dsa: bcm_sf2: Fix IMP setup for port different than 8 (networking-stable-19_11_05). - net: dsa: fix switch tree list (networking-stable-19_11_05). - net: ethernet: ftgmac100: Fix DMA coherency issue with SW checksum (networking-stable-19_11_05). - net: fix sk_page_frag() recursion from memory reclaim (networking-stable-19_11_05). - net: hisilicon: Fix ping latency when deal with high throughput (networking-stable-19_11_05). - net: stmmac: disable/enable ptp_ref_clk in suspend/resume flow (networking-stable-19_10_24). - net: use skb_queue_empty_lockless() in busy poll contexts (networking-stable-19_11_05). - net: use skb_queue_empty_lockless() in poll() handlers (networking-stable-19_11_05). - net: wireless: ti: remove local VENDOR_ID and DEVICE_ID definitions (git-fixes). - net: wireless: ti: wl1251 use new SDIO_VENDOR_ID_TI_WL1251 definition (git-fixes). - netns: fix GFP flags in rtnl_net_notifyid() (networking-stable-19_11_05). - nfc: netlink: fix double device reference drop (git-fixes). - nfc: port100: handle command failure cleanly (git-fixes). - nl80211: Fix a GET_KEY reply attribute (bsc#1051510). - openvswitch: fix flow command message size (git-fixes). - padata: use smp_mb in padata_reorder to avoid orphaned padata jobs (git-fixes). - phy: phy-twl4030-usb: fix denied runtime access (git-fixes). - pinctl: ti: iodelay: fix error checking on pinctrl_count_index_with_args call (git-fixes). - pinctrl: at91: do not use the same irqchip with multiple gpiochips (git-fixes). - pinctrl: cherryview: Allocate IRQ chip dynamic (git-fixes). - pinctrl: lewisburg: Update pin list according to v1.1v6 (bsc#1051510). - pinctrl: lpc18xx: Use define directive for PIN_CONFIG_GPIO_PIN_INT (bsc#1051510). - pinctrl: qcom: spmi-gpio: fix gpio-hog related boot issues (bsc#1051510). - pinctrl: samsung: Fix device node refcount leaks in S3C24xx wakeup controller init (bsc#1051510). - pinctrl: samsung: Fix device node refcount leaks in S3C64xx wakeup controller init (bsc#1051510). - pinctrl: samsung: Fix device node refcount leaks in init code (bsc#1051510). - pinctrl: sunxi: Fix a memory leak in 'sunxi_pinctrl_build_state()' (bsc#1051510). - pinctrl: zynq: Use define directive for PIN_CONFIG_IO_STANDARD (bsc#1051510). - power: reset: at91-poweroff: do not procede if at91_shdwc is allocated (bsc#1051510). - power: supply: ab8500_fg: silence uninitialized variable warnings (bsc#1051510). - power: supply: max14656: fix potential use-after-free (bsc#1051510). - power: supply: twl4030_charger: disable eoc interrupt on linear charge (bsc#1051510). - power: supply: twl4030_charger: fix charging current out-of-bounds (bsc#1051510). - powerpc/64: Make meltdown reporting Book3S 64 specific (bsc#1091041). - powerpc/book3s64/hash: Use secondary hash for bolted mapping if the primary is full (bsc#1157778 ltc#182520). - powerpc/bpf: Fix tail call implementation (bsc#1157698). - powerpc/pseries: Do not fail hash page table insert for bolted mapping (bsc#1157778 ltc#182520). - powerpc/pseries: Do not opencode HPTE_V_BOLTED (bsc#1157778 ltc#182520). - powerpc/pseries: address checkpatch warnings in dlpar_offline_cpu (bsc#1156700 ltc#182459). - powerpc/pseries: safely roll back failed DLPAR cpu add (bsc#1156700 ltc#182459). - powerpc/security/book3s64: Report L1TF status in sysfs (bsc#1091041). - powerpc/security: Fix wrong message when RFI Flush is disable (bsc#1131107). - powerpc/xive: Prevent page fault issues in the machine crash handler (bsc#1156882 ltc#182435). - ppdev: fix PPGETTIME/PPSETTIME ioctls (bsc#1051510). - pwm: bcm-iproc: Prevent unloading the driver module while in use (git-fixes). - pwm: lpss: Only set update bit if we are actually changing the settings (bsc#1051510). - r8152: add device id for Lenovo ThinkPad USB-C Dock Gen 2 (networking-stable-19_11_05). - regulator: ab8500: Remove AB8505 USB regulator (bsc#1051510). - regulator: ab8500: Remove SYSCLKREQ from enum ab8505_regulator_id (bsc#1051510). - remoteproc: Check for NULL firmwares in sysfs interface (git-fixes). - reset: Fix potential use-after-free in __of_reset_control_get() (bsc#1051510). - reset: fix of_reset_simple_xlate kerneldoc comment (bsc#1051510). - reset: fix reset_control_get_exclusive kerneldoc comment (bsc#1051510). - rpm/kernel-binary.spec.in: add COMPRESS_VMLINUX (bnc#1155921) Let COMPRESS_VMLINUX determine the compression used for vmlinux. By default (historically), it is gz. - rpm/kernel-source.spec.in: Fix dependency of kernel-devel (bsc#1154043) - rtl8187: Fix warning generated when strncpy() destination length matches the sixe argument (bsc#1051510). - rtlwifi: Remove unnecessary NULL check in rtl_regd_init (bsc#1051510). - rtlwifi: rtl8192de: Fix misleading REG_MCUFWDL information (bsc#1051510). - rtlwifi: rtl8192de: Fix missing code to retrieve RX buffer address (bsc#1051510). - rtlwifi: rtl8192de: Fix missing enable interrupt flag (bsc#1051510). - s390/bpf: fix lcgr instruction encoding (bsc#1051510). - s390/bpf: use 32-bit index for tail calls (bsc#1051510). - s390/cio: avoid calling strlen on null pointer (bsc#1051510). - s390/cio: exclude subchannels with no parent from pseudo check (bsc#1051510). - s390/cmm: fix information leak in cmm_timeout_handler() (bsc#1051510). - s390/cpumsf: Check for CPU Measurement sampling (bsc#1153681 LTC#181855). - s390/idle: fix cpu idle time calculation (bsc#1051510). - s390/process: avoid potential reading of freed stack (bsc#1051510). - s390/qdio: (re-)initialize tiqdio list entries (bsc#1051510). - s390/qdio: do not touch the dsci in tiqdio_add_input_queues() (bsc#1051510). - s390/qeth: return proper errno on IO error (bsc#1051510). - s390/setup: fix boot crash for machine without EDAT-1 (bsc#1051510 bsc#1140948). - s390/setup: fix early warning messages (bsc#1051510 bsc#1140948). - s390/topology: avoid firing events before kobjs are created (bsc#1051510). - s390: fix stfle zero padding (bsc#1051510). - sc16is7xx: Fix for 'Unexpected interrupt: 8' (bsc#1051510). - scsi: lpfc: Fix Oops in nvme_register with target logout/login (bsc#1151900). - scsi: lpfc: Honor module parameter lpfc_use_adisc (bsc#1153628). - scsi: lpfc: Limit xri count for kdump environment (bsc#1154124). - scsi: qla2xxx: Add debug dump of LOGO payload and ELS IOCB (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Allow PLOGI in target mode (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Change discovery state before PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Configure local loop for N2N target (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Do command completion on abort timeout (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Do not call qlt_async_event twice (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Do not defer relogin unconditonally (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Drop superfluous INIT_WORK of del_work (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Fix PLOGI payload and ELS IOCB dump length (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Fix SRB leak on switch command timeout (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix a dma_pool_free() call (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix device connect issues in P2P configuration (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix double scsi_done for abort path (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix driver unload hang (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix memory leak when sending I/O fails (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix qla2x00_request_irqs() for MSI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Ignore NULL pointer in tcm_qla2xxx_free_mcmd (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Ignore PORT UPDATE after N2N PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Initialize free_work before flushing it (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Remove an include directive (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Retry PLOGI on FC-NVMe PRLI failure (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Send Notify ACK after N2N PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Update driver version to 10.01.00.21-k (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Use explicit LOGO in target mode (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: do not use zero for FC4_PRIORITY_NVME (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: fix rports not being mark as lost in sync fabric scan (bsc#1138039). - scsi: qla2xxx: initialize fc4_type_priority (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: unregister ports after GPN_FT failure (bsc#1138039). - scsi: sd: Ignore a failure to sync cache due to lack of authorization (git-fixes). - scsi: storvsc: Add ability to change scsi queue depth (bsc#1155021). - scsi: zfcp: fix reaction on bit error threshold notification (bsc#1154956 LTC#182054). - scsi: zfcp: fix request object use-after-free in send path causing wrong traces (bsc#1051510). - sctp: change sctp_prot .no_autobind with true (networking-stable-19_10_24). - sctp: Fixed a regression (bsc#1158082). - selftests: net: reuseport_dualstack: fix uninitalized parameter (networking-stable-19_11_05). - serial: fix kernel-doc warning in comments (bsc#1051510). - serial: mctrl_gpio: Check for NULL pointer (bsc#1051510). - serial: mxs-auart: Fix potential infinite loop (bsc#1051510). - serial: samsung: Enable baud clock for UART reset procedure in resume (bsc#1051510). - serial: uartlite: fix exit path null pointer (bsc#1051510). - serial: uartps: Fix suspend functionality (bsc#1051510). - signal: Properly set TRACE_SIGNAL_LOSE_INFO in __send_signal (bsc#1157463). - slcan: Fix memory leak in error path (bsc#1051510). - slip: Fix memory leak in slip_open error path (bsc#1051510). - slip: Fix use-after-free Read in slip_open (bsc#1051510). - smb3: Incorrect size for netname negotiate context (bsc#1144333, bsc#1154355). - smb3: fix leak in 'open on server' perf counter (bsc#1144333, bsc#1154355). - smb3: fix signing verification of large reads (bsc#1144333, bsc#1154355). - smb3: fix unmount hang in open_shroot (bsc#1144333, bsc#1154355). - smb3: improve handling of share deleted (and share recreated) (bsc#1144333, bsc#1154355). - soc: imx: gpc: fix PDN delay (bsc#1051510). - soc: qcom: wcnss_ctrl: Avoid string overflow (bsc#1051510). - spi: atmel: Fix CS high support (bsc#1051510). - spi: atmel: fix handling of cs_change set on non-last xfer (bsc#1051510). - spi: fsl-lpspi: Prevent FIFO under/overrun by default (bsc#1051510). - spi: mediatek: Do not modify spi_transfer when transfer (bsc#1051510). - spi: mediatek: use correct mata->xfer_len when in fifo transfer (bsc#1051510). - spi: pic32: Use proper enum in dmaengine_prep_slave_rg (bsc#1051510). - spi: rockchip: initialize dma_slave_config properly (bsc#1051510). - spi: spidev: Fix OF tree warning logic (bsc#1051510). - staging: rtl8188eu: fix null dereference when kzalloc fails (bsc#1051510). - thunderbolt: Fix lockdep circular locking depedency warning (git-fixes). - tpm: add check after commands attribs tab allocation (bsc#1051510). - tracing: Get trace_array reference for available_tracers files (bsc#1156429). - udp: use skb_queue_empty_lockless() (networking-stable-19_11_05). - usb-serial: cp201x: support Mark-10 digital force gauge (bsc#1051510). - usb-storage: Revert commit 747668dbc061 ('usb-storage: Set virt_boundary_mask to avoid SG overflows') (bsc#1051510). - usb: chipidea: Fix otg event handler (bsc#1051510). - usb: chipidea: imx: enable OTG overcurrent in case USB subsystem is already started (bsc#1051510). - usb: dwc3: gadget: Check ENBLSLPM before sending ep command (bsc#1051510). - usb: gadget: udc: atmel: Fix interrupt storm in FIFO mode (bsc#1051510). - usb: gadget: udc: fotg210-udc: Fix a sleep-in-atomic-context bug in fotg210_get_status() (bsc#1051510). - usb: gadget: uvc: Factor out video USB request queueing (bsc#1051510). - usb: gadget: uvc: Only halt video streaming endpoint in bulk mode (bsc#1051510). - usb: gadget: uvc: configfs: Drop leaked references to config items (bsc#1051510). - usb: gadget: uvc: configfs: Prevent format changes after linking header (bsc#1051510). - usb: handle warm-reset port requests on hub resume (bsc#1051510). - usb: xhci-mtk: fix ISOC error when interval is zero (bsc#1051510). - usbip: Fix free of unallocated memory in vhci tx (git-fixes). - usbip: Fix vhci_urb_enqueue() URB null transfer buffer error path (git-fixes). - usbip: Implement SG support to vhci-hcd and stub driver (git-fixes). - usbip: tools: fix fd leakage in the function of read_attr_usbip_status (git-fixes). - vfio-ccw: Fix misleading comment when setting orb.cmd.c64 (bsc#1051510). - vfio-ccw: Set pa_nr to 0 if memory allocation fails for pa_iova_pfn (bsc#1051510). - vfio: ccw: push down unsupported IDA check (bsc#1156471 LTC#182362). - video/hdmi: Fix AVI bar unpack (git-fixes). - virtio/s390: fix race on airq_areas (bsc#1051510). - virtio_console: allocate inbufs in add_port() only if it is needed (git-fixes). - virtio_ring: fix return code on DMA mapping fails (git-fixes). - vmxnet3: turn off lro when rxcsum is disabled (bsc#1157499). - watchdog: meson: Fix the wrong value of left time (bsc#1051510). - x86/alternatives: Add int3_emulate_call() selftest (bsc#1153811). - x86/alternatives: Fix int3_emulate_call() selftest stack corruption (bsc#1153811). - x86/mm/pkeys: Fix typo in Documentation/x86/protection-keys.txt (bsc#1078248). - x86/pkeys: Update documentation about availability (bsc#1078248). - x86/resctrl: Fix potential lockdep warning (bsc#1114279). - x86/resctrl: Prevent NULL pointer dereference when reading mondata (bsc#1114279). - x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs (bsc#1158068). - xfrm: Fix xfrm sel prefix length validation (git-fixes). - xfrm: fix sa selector validation (bsc#1156609). Important SUSE bug 1048942 SUSE bug 1051510 SUSE bug 1078248 SUSE bug 1082635 SUSE bug 1089644 SUSE bug 1091041 SUSE bug 1108043 SUSE bug 1113722 SUSE bug 1114279 SUSE bug 1117169 SUSE bug 1131107 SUSE bug 1138039 SUSE bug 1140948 SUSE bug 1143706 SUSE bug 1144333 SUSE bug 1149448 SUSE bug 1150466 SUSE bug 1151548 SUSE bug 1151900 SUSE bug 1152782 SUSE bug 1153628 SUSE bug 1153681 SUSE bug 1153811 SUSE bug 1154043 SUSE bug 1154058 SUSE bug 1154124 SUSE bug 1154355 SUSE bug 1154526 SUSE bug 1154956 SUSE bug 1155021 SUSE bug 1155689 SUSE bug 1155692 SUSE bug 1155836 SUSE bug 1155897 SUSE bug 1155921 SUSE bug 1155982 SUSE bug 1156187 SUSE bug 1156258 SUSE bug 1156429 SUSE bug 1156466 SUSE bug 1156471 SUSE bug 1156494 SUSE bug 1156609 SUSE bug 1156700 SUSE bug 1156729 SUSE bug 1156882 SUSE bug 1157038 SUSE bug 1157042 SUSE bug 1157070 SUSE bug 1157143 SUSE bug 1157145 SUSE bug 1157158 SUSE bug 1157162 SUSE bug 1157171 SUSE bug 1157173 SUSE bug 1157178 SUSE bug 1157180 SUSE bug 1157182 SUSE bug 1157183 SUSE bug 1157184 SUSE bug 1157191 SUSE bug 1157193 SUSE bug 1157197 SUSE bug 1157298 SUSE bug 1157307 SUSE bug 1157324 SUSE bug 1157333 SUSE bug 1157424 SUSE bug 1157463 SUSE bug 1157499 SUSE bug 1157678 SUSE bug 1157698 SUSE bug 1157778 SUSE bug 1157908 SUSE bug 1158049 SUSE bug 1158063 SUSE bug 1158064 SUSE bug 1158065 SUSE bug 1158066 SUSE bug 1158067 SUSE bug 1158068 SUSE bug 1158082 CVE-2019-14895 CVE-2019-15916 CVE-2019-16231 CVE-2019-17055 CVE-2019-18660 CVE-2019-18683 CVE-2019-18805 CVE-2019-18809 CVE-2019-19049 CVE-2019-19052 CVE-2019-19056 CVE-2019-19057 CVE-2019-19058 CVE-2019-19060 CVE-2019-19062 CVE-2019-19063 CVE-2019-19065 CVE-2019-19067 CVE-2019-19068 CVE-2019-19073 CVE-2019-19074 CVE-2019-19075 CVE-2019-19077 CVE-2019-19227 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for curl fixes the following issues: Security issues fixed: - CVE-2019-3822: Fixed a NTLMv2 type-3 header stack buffer overflow (bsc#1123377). - CVE-2019-3823: Fixed an out-of-bounds read in the SMTP end-of-response (bsc#1123378). - CVE-2018-16890: Fixed an out-of-bounds buffer read in NTLM type2 (bsc#1123371). - CVE-2018-16842: Fixed an out-of-bounds read in tool_msgs.c (bsc#1113660). - CVE-2018-16840: Fixed a use-after-free in handle close (bsc#1113029). - CVE-2018-16839: Fixed an SASL password overflow caused by an integer overflow (bsc#1112758). Important SUSE bug 1112758 SUSE bug 1113029 SUSE bug 1113660 SUSE bug 1123371 SUSE bug 1123377 SUSE bug 1123378 CVE-2018-16839 CVE-2018-16840 CVE-2018-16842 CVE-2018-16890 CVE-2019-3822 CVE-2019-3823 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python-numpy fixes the following issue: Security issue fixed: - CVE-2019-6446: Set allow_pickle to false by default to restrict loading untrusted content (bsc#1122208). With this update we decrease the possibility of allowing remote attackers to execute arbitrary code by misusing numpy.load(). A warning during runtime will show-up when the allow_pickle is not explicitly set. NOTE: By applying this update the behavior of python-numpy changes, which might break your application. In order to get the old behaviour back, you have to explicitly set `allow_pickle` to True. Be aware that this should only be done for trusted input, as loading untrusted input might lead to arbitrary code execution. Important SUSE bug 1122208 CVE-2019-6446 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for systemd fixes the following issues: Security vulnerability fixed: - CVE-2019-6454: Fixed a crash of PID1 by sending specially crafted D-BUS message on the system bus by an unprivileged user (bsc#1125352) Other bug fixes and changes: - journal-remote: set a limit on the number of fields in a message - journal-remote: verify entry length from header - journald: set a limit on the number of fields (1k) - journald: do not store the iovec entry for process commandline on stack - core: include Found state in device dumps - device: fix serialization and deserialization of DeviceFound - fix path in btrfs rule (#6844) - assemble multidevice btrfs volumes without external tools (#6607) (bsc#1117025) - Update systemd-system.conf.xml (bsc#1122000) - units: inform user that the default target is started after exiting from rescue or emergency mode - manager: don't skip sigchld handler for main and control pid for services (#3738) - core: Add helper functions unit_{main, control}_pid - manager: Fixing a debug printf formatting mistake (#3640) - manager: Only invoke a single sigchld per unit within a cleanup cycle (bsc#1117382) - core: update invoke_sigchld_event() to handle NULL ->sigchld_event() - sd-event: expose the event loop iteration counter via sd_event_get_iteration() (#3631) - unit: rework a bit how we keep the service fdstore from being destroyed during service restart (bsc#1122344) - core: when restarting services, don't close fds - cryptsetup: Add dependency on loopback setup to generated units - journal-gateway: use localStorage['cursor'] only when it has valid value - journal-gateway: explicitly declare local variables - analyze: actually select longest activated-time of services - sd-bus: fix implicit downcast of bitfield reported by LGTM - core: free lines after reading them (bsc#1123892) - pam_systemd: reword message about not creating a session (bsc#1111498) - pam_systemd: suppress LOG_DEBUG log messages if debugging is off (bsc#1111498) - main: improve RLIMIT_NOFILE handling (#5795) (bsc#1120658) - sd-bus: if we receive an invalid dbus message, ignore and proceeed - automount: don't pass non-blocking pipe to kernel. - units: make sure initrd-cleanup.service terminates before switching to rootfs (bsc#1123333) - units: add Wants=initrd-cleanup.service to initrd-switch-root.target (#4345) (bsc#1123333) Important SUSE bug 1111498 SUSE bug 1117025 SUSE bug 1117382 SUSE bug 1120658 SUSE bug 1122000 SUSE bug 1122344 SUSE bug 1123333 SUSE bug 1123892 SUSE bug 1125352 CVE-2019-6454 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation (bsc#1123156). - CVE-2018-16872: Fixed a host security vulnerability related to handling symlinks in usb-mtp (bsc#1119493). - CVE-2018-19489: Fixed a denial of service vulnerability in virtfs (bsc#1117275). - CVE-2018-19364: Fixed a use-after-free if the virtfs interface resulting in a denial of service (bsc#1116717). - CVE-2018-18954: Fixed a denial of service vulnerability related to PowerPC PowerNV memory operations (bsc#1114957). Non-security issues fixed: - Improved disk performance for qemu on xen (bsc#1100408). - Fixed xen offline migration (bsc#1079730, bsc#1101982, bsc#1063993). - Fixed pwrite64/pread64/write to return 0 over -1 for a zero length NULL buffer in qemu (bsc#1121600). - Use /bin/bash to echo value into sys fs for ksm control (bsc#1112646). - Return specification exception for unimplemented diag 308 subcodes rather than a hardware error (bsc#1123179). Important SUSE bug 1063993 SUSE bug 1079730 SUSE bug 1100408 SUSE bug 1101982 SUSE bug 1112646 SUSE bug 1114957 SUSE bug 1116717 SUSE bug 1117275 SUSE bug 1119493 SUSE bug 1121600 SUSE bug 1123156 SUSE bug 1123179 CVE-2018-16872 CVE-2018-18954 CVE-2018-19364 CVE-2018-19489 CVE-2019-6778 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for procps fixes the following security issues: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). (These issues were previously released for SUSE Linux Enterprise 12 SP3 and SP4.) Also the following non-security issue was fixed: - Fix CPU summary showing old data. (bsc#1121753) Important SUSE bug 1092100 SUSE bug 1121753 CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python fixes the following issues: Security issues fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191). - CVE-2018-14647: Fixed a denial-of-service vulnerability in Expat (bsc#1109847). Non-security issue fixed: - Fixed a bug where PyWeakReference struct was not initialized correctly leading to a crash (bsc#1073748). Important SUSE bug 1073748 SUSE bug 1109847 SUSE bug 1122191 CVE-2018-14647 CVE-2019-5010 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_7_0-openjdk to version 7u201 fixes the following issues: Security issues fixed: - CVE-2018-3136: Manifest better support (bsc#1112142) - CVE-2018-3139: Better HTTP Redirection (bsc#1112143) - CVE-2018-3149: Enhance JNDI lookups (bsc#1112144) - CVE-2018-3169: Improve field accesses (bsc#1112146) - CVE-2018-3180: Improve TLS connections stability (bsc#1112147) - CVE-2018-3214: Better RIFF reading support (bsc#1112152) - CVE-2018-13785: Upgrade JDK 8u to libpng 1.6.35 (bsc#1112153) - CVE-2018-16435: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile - CVE-2018-2938: Support Derby connections (bsc#1101644) - CVE-2018-2940: Better stack walking (bsc#1101645) - CVE-2018-2952: Exception to Pattern Syntax (bsc#1101651) - CVE-2018-2973: Improve LDAP support (bsc#1101656) - CVE-2018-3639 cpu speculative store bypass mitigation Important SUSE bug 1101644 SUSE bug 1101645 SUSE bug 1101651 SUSE bug 1101656 SUSE bug 1112142 SUSE bug 1112143 SUSE bug 1112144 SUSE bug 1112146 SUSE bug 1112147 SUSE bug 1112152 SUSE bug 1112153 CVE-2018-13785 CVE-2018-16435 CVE-2018-2938 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3214 CVE-2018-3639 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for apache2 fixes the following issues: Security issues fixed: - CVE-2018-17189: Fixed a denial of service in mod_http2, via slow and unneeded request bodies (bsc#1122838) - CVE-2018-17199: Fixed that mod_session_cookie did not respect expiry time (bsc#1122839) Non-security issue fixed: - sysconfig.d is not created anymore if it already exists (bsc#1121086) Moderate SUSE bug 1121086 SUSE bug 1122838 SUSE bug 1122839 CVE-2018-17189 CVE-2018-17199 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ceph fixes the following issues: Security issues fixed: - CVE-2018-14662: mon: limit caps allowed to access the config store (bsc#1111177) - CVE-2018-16846: rgw: enforce bounds on max-keys/max-uploads/max-parts (bsc#1114710) - CVE-2018-16889: rgw: sanitize customer encryption keys from log output in v4 auth (bsc#1121567) Non-security issue fixed: - os/bluestore: avoid frequent allocator dump on bluefs rebalance failure (bsc#1113246) Important SUSE bug 1111177 SUSE bug 1113246 SUSE bug 1114710 SUSE bug 1121567 CVE-2018-14662 CVE-2018-16846 CVE-2018-16889 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for webkit2gtk3 to version 2.22.6 fixes the following issues: Security issues fixed: - CVE-2019-6212: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6215: Fixed a type confusion vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6216: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6217: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6226: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6227: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6229: Fixed a logic issue by improving validation which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6233: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6234: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. Other issues addressed: - Update to version 2.22.6 (bsc#1124937). - Kinetic scrolling slow down smoothly when reaching the ends of pages, instead of abruptly, to better match the GTK+ behaviour. - Fixed Web inspector magnifier under Wayland. - Fixed garbled rendering of some websites (e.g. YouTube) while scrolling under X11. - Fixed several crashes, race conditions, and rendering issues. Important SUSE bug 1124937 CVE-2019-6212 CVE-2019-6215 CVE-2019-6216 CVE-2019-6217 CVE-2019-6226 CVE-2019-6227 CVE-2019-6229 CVE-2019-6233 CVE-2019-6234 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssl-1_1 fixes the following issues: - The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS Implementations (bsc#1117951) Moderate SUSE bug 1117951 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for sssd fixes the following issues: Security vulnerabilities addressed: - Fix fallback_homedir returning '/' for empty home directories (CVE-2019-3811) (bsc#1121759) - Create sockets with right permissions (bsc#1098377, CVE-2018-10852) Other bug fixes and changes: - Install logrotate configuration (bsc#1004220) - Strip whitespaces in netgroup triples (bsc#1087320) - Align systemd service file with upstream * Run interactive and change service type to notify (bsc#1120852) * Replace deprecated '-f' and use '--logger' Moderate SUSE bug 1004220 SUSE bug 1087320 SUSE bug 1098377 SUSE bug 1120852 SUSE bug 1121759 CVE-2018-10852 CVE-2019-3811 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for audit fixes the following issues: Audit on SUSE Linux Enterprise 12 SP4 was updated to 2.8.1 to bring new features and bugfixes. (bsc#1125535 FATE#326346) * Many features were added to auparse_normalize * cli option added to auditd and audispd for setting config dir * In auditd, restore the umask after creating a log file * Option added to auditd for skipping email verification The full changelog can be found here: http://people.redhat.com/sgrubb/audit/ChangeLog - Change openldap dependency to client only (bsc#1085003) Minor security issue fixed: - CVE-2015-5186: Audit: log terminal emulator escape sequences handling (bsc#941922) Moderate SUSE bug 1042781 SUSE bug 1085003 SUSE bug 1125535 SUSE bug 941922 CVE-2015-5186 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_8_0-openjdk to version 8u191 fixes the following issues: Security issues fixed: - CVE-2018-3136: Manifest better support (bsc#1112142) - CVE-2018-3139: Better HTTP Redirection (bsc#1112143) - CVE-2018-3149: Enhance JNDI lookups (bsc#1112144) - CVE-2018-3169: Improve field accesses (bsc#1112146) - CVE-2018-3180: Improve TLS connections stability (bsc#1112147) - CVE-2018-3214: Better RIFF reading support (bsc#1112152) - CVE-2018-13785: Upgrade JDK 8u to libpng 1.6.35 (bsc#1112153) - CVE-2018-3183: Improve script engine support (bsc#1112148) - CVE-2018-16435: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile Important SUSE bug 1112142 SUSE bug 1112143 SUSE bug 1112144 SUSE bug 1112146 SUSE bug 1112147 SUSE bug 1112148 SUSE bug 1112152 SUSE bug 1112153 CVE-2018-13785 CVE-2018-16435 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2018-3214 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssl-1_0_0 fixes the following issues: Security issues fixed: - The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations (bsc#1117951) - CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080). Moderate SUSE bug 1117951 SUSE bug 1127080 CVE-2019-1559 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ovmf fixes the following issues: Security issues fixed: - CVE-2018-12180: Fixed a buffer overflow in BlockIo service, which could lead to memory read/write overrun (bsc#1127820). - CVE-2018-12178: Fixed an improper DNS check upon receiving a new DNS packet (bsc#1127821). - CVE-2018-3630: Fixed a logic error in FV parsing which could allow a local attacker to bypass the chain of trust checks (bsc#1127822). Important SUSE bug 1127820 SUSE bug 1127821 SUSE bug 1127822 CVE-2018-12178 CVE-2018-12180 CVE-2018-3630 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for webkit2gtk3 to version 2.22.4 fixes the following issues: Security issues fixed: CVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4392, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361, CVE-2018-4345, CVE-2018-4372, CVE-2018-4373, CVE-2018-4375, CVE-2018-4376, CVE-2018-4416, CVE-2018-4378, CVE-2018-4382, CVE-2018-4386 (bsc#1110279, bsc#1116998). Important SUSE bug 1110279 SUSE bug 1116998 CVE-2018-4191 CVE-2018-4197 CVE-2018-4207 CVE-2018-4208 CVE-2018-4209 CVE-2018-4210 CVE-2018-4212 CVE-2018-4213 CVE-2018-4261 CVE-2018-4262 CVE-2018-4263 CVE-2018-4264 CVE-2018-4265 CVE-2018-4266 CVE-2018-4267 CVE-2018-4270 CVE-2018-4272 CVE-2018-4273 CVE-2018-4278 CVE-2018-4284 CVE-2018-4299 CVE-2018-4306 CVE-2018-4309 CVE-2018-4312 CVE-2018-4314 CVE-2018-4315 CVE-2018-4316 CVE-2018-4317 CVE-2018-4318 CVE-2018-4319 CVE-2018-4323 CVE-2018-4328 CVE-2018-4345 CVE-2018-4358 CVE-2018-4359 CVE-2018-4361 CVE-2018-4372 CVE-2018-4373 CVE-2018-4375 CVE-2018-4376 CVE-2018-4378 CVE-2018-4382 CVE-2018-4386 CVE-2018-4392 CVE-2018-4416 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-15126: Fixed use-after-free in file transfer extension (bsc#1120114) - CVE-2018-6307: Fixed use-after-free in file transfer extension server code (bsc#1120115) - CVE-2018-20020: Fixed heap out-of-bound write inside structure in VNC client code (bsc#1120116) - CVE-2018-15127: Fixed heap out-of-bounds write in rfbserver.c (bsc#1120117) - CVE-2018-20019: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1120118) - CVE-2018-20023: Fixed information disclosure through improper initialization in VNC Repeater client code (bsc#1120119) - CVE-2018-20022: Fixed information disclosure through improper initialization in VNC client code (bsc#1120120) - CVE-2018-20024: Fixed NULL pointer dereference in VNC client code (bsc#1120121) - CVE-2018-20021: Fixed infinite loop in VNC client code (bsc#1120122) Important SUSE bug 1120114 SUSE bug 1120115 SUSE bug 1120116 SUSE bug 1120117 SUSE bug 1120118 SUSE bug 1120119 SUSE bug 1120120 SUSE bug 1120121 SUSE bug 1120122 CVE-2018-15126 CVE-2018-15127 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20023 CVE-2018-20024 CVE-2018-6307 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_7_1-ibm to version 7.1.4.40 fixes the following issues: Security issues fixed: - CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl (bsc#1122293). - CVE-2018-11212: Fixed an issue in alloc_sarray function in jmemmgr.c (bsc#1122299). More information: https://developer.ibm.com/javasdk/support/security-vulnerabilities/#IBM_Security_Update_February_2019 Important SUSE bug 1122293 SUSE bug 1122299 CVE-2018-11212 CVE-2019-2422 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for mariadb to version 10.2.22 fixes the following issues: Security issues fixed (bsc#1122198): - CVE-2019-2510: Fixed a vulnerability which can lead to MySQL compromise and lead to Denial of Service. - CVE-2019-2537: Fixed a vulnerability which can lead to MySQL compromise and lead to Denial of Service. Other issues fixed: - Fixed an issue where mysl_install_db fails due to incorrect basedir (bsc#1127027). - Fixed an issue where the lograte was not working (bsc#1112767). - Backport Information Schema CHECK_CONSTRAINTS Table. - Maximum value of table_definition_cache is now 2097152. - InnoDB ALTER TABLE fixes. - Galera crash recovery fixes. - Encryption fixes. - Remove xtrabackup dependency as MariaDB ships a build in mariabackup so xtrabackup is not needed (bsc#1122475). The complete changelog can be found at: https://mariadb.com/kb/en/library/mariadb-10222-changelog/ Moderate SUSE bug 1112767 SUSE bug 1122198 SUSE bug 1122475 SUSE bug 1127027 CVE-2019-2510 CVE-2019-2537 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_8_0-ibm to version 8.0.5.30 fixes the following issues: Security issues fixed: - CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl (bsc#1122293). - CVE-2018-11212: Fixed an issue in alloc_sarray function in jmemmgr.c (bsc#1122299). - CVE-2018-1890: Fixed a local privilege escalation via RPATHs (bsc#1128158). - CVE-2019-2449: Fixed a vulnerabilit which could allow remote atackers to delete arbitrary files (bsc#1122292). More information: https://www-01.ibm.com/support/docview.wss?uid=ibm10873332 Important SUSE bug 1122292 SUSE bug 1122293 SUSE bug 1122299 SUSE bug 1128158 CVE-2018-11212 CVE-2018-1890 CVE-2019-2422 CVE-2019-2449 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for lftp fixes the following issues: Security issue fixed: - CVE-2018-10916: Fixed an improper file name sanitization which could lead to loss of integrity of the local system (bsc#1103367). Other issue addressed: - The SSH login handling code detects password prompts more reliably (bsc#1120946). Moderate SUSE bug 1103367 SUSE bug 1120946 CVE-2018-10916 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libssh2_org fixes the following issues: Security issues fixed: - CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets (bsc#1128490). - CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet (bsc#1128492). - CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP packets (bsc#1128481). - CVE-2019-3863: Fixed an Integer overflow in user authenticate keyboard interactive which could allow out-of-bounds writes with specially crafted keyboard responses (bsc#1128493). - CVE-2019-3856: Fixed a potential Integer overflow in keyboard interactive handling which could allow out-of-bounds write with specially crafted payload (bsc#1128472). - CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require and _libssh2_packet_requirev (bsc#1128480). - CVE-2019-3855: Fixed a potential Integer overflow in transport read which could allow out-of-bounds write with specially crafted payload (bsc#1128471). - CVE-2019-3858: Fixed a potential zero-byte allocation which could lead to an out-of-bounds read with a specially crafted SFTP packet (bsc#1128476). - CVE-2019-3857: Fixed a potential Integer overflow which could lead to zero-byte allocation and out-of-bounds with specially crafted message channel request SSH packet (bsc#1128474). Other issue addressed: - Libbssh2 will stop using keys unsupported types in the known_hosts file (bsc#1091236). Moderate SUSE bug 1091236 SUSE bug 1128471 SUSE bug 1128472 SUSE bug 1128474 SUSE bug 1128476 SUSE bug 1128480 SUSE bug 1128481 SUSE bug 1128490 SUSE bug 1128492 SUSE bug 1128493 CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openwsman fixes the following issues: Security issues fixed: - CVE-2019-3816: Fixed a vulnerability in openwsmand deamon which could lead to arbitary file disclosure (bsc#1122623). - CVE-2019-3833: Fixed a vulnerability in process_connection() which could allow an attacker to trigger an infinite loop which leads to Denial of Service (bsc#1122623). Important SUSE bug 1122623 CVE-2019-3816 CVE-2019-3833 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for wireshark to version 2.4.13 fixes the following issues: Security issues fixed: - CVE-2019-9214: Avoided a dereference of a null coversation which could make RPCAP dissector crash (bsc#1127367). - CVE-2019-9209: Fixed a buffer overflow in time values which could make ASN.1 BER and related dissectors crash (bsc#1127369). - CVE-2019-9208: Fixed a null pointer dereference which could make TCAP dissector crash (bsc#1127370). Release notes: https://www.wireshark.org/docs/relnotes/wireshark-2.4.13.html Moderate SUSE bug 1127367 SUSE bug 1127369 SUSE bug 1127370 CVE-2019-9208 CVE-2019-9209 CVE-2019-9214 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ghostscript fixes the following issue: Security issue fixed: - CVE-2019-3838: Fixed a vulnerability which made forceput operator in DefineResource to be still accessible which could allow access to file system outside of the constraints of -dSAFER (bsc#1129186). Important SUSE bug 1129186 CVE-2019-3838 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ucode-intel fixes the following issues: Updated to the 20190312 bundle release (bsc#1129231) New Platforms: - AML-Y22 H0 6-8e-9/10 0000009e Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000a4 Core Gen8 Mobile - WHL-U V0 6-8e-d/94 000000b2 Core Gen8 Mobile - CFL-S P0 6-9e-c/22 000000a2 Core Gen9 Desktop - CFL-H R0 6-9e-d/22 000000b0 Core Gen9 Mobile Updated Platforms: - HSX-E/EP Cx/M1 6-3f-2/6f 0000003d->00000041 Core Gen4 X series; Xeon E5 v3 - HSX-EX E0 6-3f-4/80 00000012->00000013 Xeon E7 v3 - SKX-SP H0/M0/U0 6-55-4/b7 0200004d->0000005a Xeon Scalable - SKX-D M1 6-55-4/b7 0200004d->0000005a Xeon D-21xx - BDX-DE V1 6-56-2/10 00000017->00000019 Xeon D-1520/40 - BDX-DE V2/3 6-56-3/10 07000013->07000016 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 - BDX-DE Y0 6-56-4/10 0f000012->0f000014 Xeon D-1557/59/67/71/77/81/87 - BDX-NS A0 6-56-5/10 0e00000a->0e00000c Xeon D-1513N/23/33/43/53 - APL D0 6-5c-9/03 00000032->00000036 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx - APL E0 6-5c-a/03 0000000c->00000010 Atom x5/7-E39xx - GLK B0 6-7a-1/01 00000028->0000002c Pentium Silver N/J5xxx, Celeron N/J4xxx - KBL-U/Y H0 6-8e-9/c0 0000008e->0000009a Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 00000096->0000009e Core Gen8 Mobile - KBL-H/S/E3 B0 6-9e-9/2a 0000008e->0000009a Core Gen7; Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 00000096->000000aa Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 0000008e->000000aa Core Gen8 Moderate SUSE bug 1129231 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for gd fixes the following issues: Security issues fixed: - CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function (bsc#1123361). - CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions (bsc#1123522). Moderate SUSE bug 1123361 SUSE bug 1123522 CVE-2019-6977 CVE-2019-6978 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-20669: Missing access control checks in ioctl of gpu/drm/i915 driver were fixed which might have lead to information leaks. (bnc#1122971). - CVE-2019-3459, CVE-2019-3460: The Bluetooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758). - CVE-2019-3819: A flaw was found in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ('root') can cause a system lock up and a denial of service. (bnc#1123161). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bnc#1124728 ). - CVE-2019-7221: Fixed a use-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124732). - CVE-2019-7222: Fixed an information leakage in the KVM hypervisor related to handling page fault exceptions, which allowed a guest user/process to use this flaw to leak the host's stack memory contents to a guest (bsc#1124735). - CVE-2019-7308: kernel/bpf/verifier.c performed undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks (bnc#1124055). - CVE-2019-8912: af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr (bnc#1125907). - CVE-2019-8980: A memory leak in the kernel_read_file function in fs/exec.c allowed attackers to cause a denial of service (memory consumption) by triggering vfs_read failures (bnc#1126209). - CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166). - CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179). The following non-security bugs were fixed: - 6lowpan: iphc: reset mac_header after decompress to fix panic (bsc#1051510). - 9p: clear dangling pointers in p9stat_free (bsc#1051510). - 9p locks: fix glock.client_id leak in do_lock (bsc#1051510). - 9p/net: fix memory leak in p9_client_create (bsc#1051510). - 9p/net: put a lower bound on msize (bsc#1051510). - 9p: use inode->i_lock to protect i_size_write() under 32-bit (bsc#1051510). - acpi/APEI: Clear GHES block_status before panic() (bsc#1051510). - acpi/device_sysfs: Avoid OF modalias creation for removed device (bsc#1051510). - acpi/nfit: Block function zero DSMs (bsc#1051510). - acpi, nfit: Fix Address Range Scrub completion tracking (bsc#1124969). - acpi/nfit: Fix bus command validation (bsc#1051510). - acpi/nfit: Fix command-supported detection (bsc#1051510). - acpi/nfit: Fix race accessing memdev in nfit_get_smbios_id() (bsc#1122662). - acpi/nfit: Fix user-initiated ARS to be 'ARS-long' rather than 'ARS-short' (bsc#1124969). - acpi: NUMA: Use correct type for printing addresses on i386-PAE (bsc#1051510). - acpi: power: Skip duplicate power resource references in _PRx (bsc#1051510). - acpi / video: Extend chassis-type detection with a 'Lunch Box' check (bsc#1051510). - acpi / video: Refactor and fix dmi_is_desktop() (bsc#1051510). - add 1 entry 2bcbd406715dca256912b9c5ae449c7968f15705 - Add delay-init quirk for Corsair K70 RGB keyboards (bsc#1087092). - af_iucv: Move sockaddr length checks to before accessing sa_family in bind and connect handlers (bsc#1051510). - alsa: bebob: fix model-id of unit for Apogee Ensemble (bsc#1051510). - alsa: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56 (bsc#1051510). - alsa: compress: Fix stop handling on compressed capture streams (bsc#1051510). - alsa: compress: prevent potential divide by zero bugs (bsc#1051510). - alsa: firewire-motu: fix construction of PCM frame for capture direction (bsc#1051510). - alsa: hda - Add mute LED support for HP ProBook 470 G5 (bsc#1051510). - alsa: hda - Add quirk for HP EliteBook 840 G5 (bsc#1051510). - alsa: hda/ca0132 - Fix build error without CONFIG_PCI (bsc#1051510). - alsa: hda/realtek: Disable PC beep in passthrough on alc285 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX362FA with ALC294 (bsc#1051510). - alsa: hda/realtek - Fixed hp_pin no value (bsc#1051510). - alsa: hda/realtek - Fix lose hp_pins for disable auto mute (bsc#1051510). - alsa: hda/realtek - Headset microphone and internal speaker support for System76 oryp5 (bsc#1051510). - alsa: hda/realtek - Headset microphone support for System76 darp5 (bsc#1051510). - alsa: hda/realtek - Reduce click noise on Dell Precision 5820 headphone (bsc#1126131). - alsa: hda/realtek - Use a common helper for hp pin reference (bsc#1051510). - alsa: hda - Serialize codec registrations (bsc#1122944). - alsa: hda - Use standard device registration for beep (bsc#1122944). - alsa: oxfw: add support for APOGEE duet FireWire (bsc#1051510). - alsa: usb-audio: Add Opus #3 to quirks for native DSD support (bsc#1051510). - alsa: usb-audio: Add support for new T+A USB DAC (bsc#1051510). - alsa: usb-audio: Fix implicit fb endpoint setup by quirk (bsc#1051510). - altera-stapl: check for a null key before strcasecmp'ing it (bsc#1051510). - amd-xgbe: Fix mdio access for non-zero ports and clause 45 PHYs (bsc#1122927). - apparmor: Fix aa_label_build() error handling for failed merges (bsc#1051510). - applicom: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - aquantia: Setup max_mtu in ndev to enable jumbo frames (bsc#1051510). - arm64: fault: avoid send SIGBUS two times (bsc#1126393). - arm: 8802/1: Call syscall_trace_exit even when system call skipped (bsc#1051510). - arm: 8808/1: kexec:offline panic_smp_self_stop CPU (bsc#1051510). - arm: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling (bsc#1051510). - arm: 8815/1: V7M: align v7m_dma_inv_range() with v7 counterpart (bsc#1051510). - arm/arm64: kvm: Rename function kvm_arch_dev_ioctl_check_extension() (bsc#1126393). - arm/arm64: kvm: vgic: Force VM halt when changing the active state of GICv3 PPIs/SGIs (bsc#1051510). - arm: cns3xxx: Fix writing to wrong PCI config registers after alignment (bsc#1051510). - arm: cns3xxx: Use actual size reads for PCIe (bsc#1051510). - arm: imx: update the cpu power up timing setting on i.mx6sx (bsc#1051510). - arm: iop32x/n2100: fix PCI IRQ mapping (bsc#1051510). - arm: kvm: Fix VTTBR_BADDR_MASK BUG_ON off-by-one (bsc#1051510). - arm: mmp/mmp2: fix cpu_is_mmp2() on mmp2-dt (bsc#1051510). - arm: OMAP1: ams-delta: Fix possible use of uninitialized field (bsc#1051510). - arm: OMAP2+: hwmod: Fix some section annotations (bsc#1051510). - arm: OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup (bsc#1051510). - arm: pxa: avoid section mismatch warning (bsc#1051510). - arm: tango: Improve ARCH_MULTIPLATFORM compatibility (bsc#1051510). - ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages (bsc#1051510). - ASoC: dapm: change snprintf to scnprintf for possible overflow (bsc#1051510). - ASoC: dma-sh7760: cleanup a debug printk (bsc#1051510). - ASoC: fsl_esai: fix register setting issue in RIGHT_J mode (bsc#1051510). - ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M (bsc#1051510). - ASoC: imx-audmux: change snprintf to scnprintf for possible overflow (bsc#1051510). - ASoC: imx-sgtl5000: put of nodes if finding codec fails (bsc#1051510). - ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field (bsc#1051510). - ASoC: msm8916-wcd-analog: add missing license information (bsc#1051510). - ASoC: qcom: Fix of-node refcount unbalance in apq8016_sbc_parse_of() (bsc#1051510). - ASoC: rsnd: fixup rsnd_ssi_master_clk_start() user count check (bsc#1051510). - ASoC: rt5514-spi: Fix potential NULL pointer dereference (bsc#1051510). - assoc_array: Fix shortcut creation (bsc#1051510). - ata: ahci: mvebu: remove stale comment (bsc#1051510). - ath9k: Avoid OF no-EEPROM quirks without qca,no-eeprom (bsc#1051510). - ath9k: dynack: check da->enabled first in sampling routines (bsc#1051510). - ath9k: dynack: make ewma estimation faster (bsc#1051510). - ath9k: dynack: use authentication messages for 'late' ack (bsc#1051510). - atm: he: fix sign-extension overflow on large shift (bsc#1051510). - ax25: fix a use-after-free in ax25_fillin_cb() (networking-stable-19_01_04). - ax25: fix possible use-after-free (bsc#1051510). - backlight: pwm_bl: Use gpiod_get_value_cansleep() to get initial (bsc#1113722) - batman-adv: Avoid WARN on net_device without parent in netns (bsc#1051510). - batman-adv: fix uninit-value in batadv_interface_tx() (bsc#1051510). - batman-adv: Force mac header to start of data on xmit (bsc#1051510). - be2net: do not flip hw_features when VXLANs are added/deleted (bsc#1050252). - bio: Introduce BIO_ALLOCED flag and check it in bio_free (bsc#1128094). - blkdev: avoid migration stalls for blkdev pages (bsc#1084216). - blk-mq: fix a hung issue when fsync (bsc#1125252). - blk-mq: fix kernel oops in blk_mq_tag_idle() (bsc#1051510). - block: break discard submissions into the user defined size (git-fixes). - block: cleanup __blkdev_issue_discard() (git-fixes). - block_dev: fix crash on chained bios with O_DIRECT (bsc#1128094). - blockdev: Fix livelocks on loop device (bsc#1124984). - block: do not deal with discard limit in blkdev_issue_discard() (git-fixes). - block: do not use bio->bi_vcnt to figure out segment number (bsc#1128895). - block: do not warn when doing fsync on read-only devices (bsc#1125252). - block: fix 32 bit overflow in __blkdev_issue_discard() (git-fixes). - block: fix infinite loop if the device loses discard capability (git-fixes). - block/loop: Use global lock for ioctl() operation (bsc#1124974). - block: make sure discard bio is aligned with logical block size (git-fixes). - block: make sure writesame bio is aligned with logical block size (git-fixes). - block: move bio_integrity_{intervals,bytes} into blkdev.h (bsc#1114585). - block/swim3: Fix -EBUSY error when re-opening device after unmount (git-fixes). - bluetooth: Fix locking in bt_accept_enqueue() for BH context (bsc#1051510). - bluetooth: Fix unnecessary error message for HCI request completion (bsc#1051510). - bnx2x: Assign unique DMAE channel number for FW DMAE transactions (bsc#1086323). - bnx2x: Clear fip MAC when fcoe offload support is disabled (bsc#1086323). - bnx2x: Fix NULL pointer dereference in bnx2x_del_all_vlans() on some hw (bsc#1086323). - bnx2x: Remove configured vlans as part of unload sequence (bsc#1086323). - bnx2x: Send update-svid ramrod with retry/poll flags enabled (bsc#1086323). - bnxt_en: Fix typo in firmware message timeout logic (bsc#1086282 ). - bnxt_en: Wait longer for the firmware message response to complete (bsc#1086282). - bonding: update nest level on unlink (git-fixes). - bpf: decrease usercnt if bpf_map_new_fd() fails in bpf_map_get_fd_by_id() (bsc#1083647). - bpf: drop refcount if bpf_map_new_fd() fails in map_create() (bsc#1083647). - bpf: fix lockdep false positive in percpu_freelist (bsc#1083647). - bpf: fix replace_map_fd_with_map_ptr's ldimm64 second imm field (bsc#1083647). - bpf: fix sanitation rewrite in case of non-pointers (bsc#1083647). - bpf: Fix syscall's stackmap lookup potential deadlock (bsc#1083647). - bpf, lpm: fix lookup bug in map_delete_elem (bsc#1083647). - bpf/verifier: fix verifier instability (bsc#1056787). - bsg: allocate sense buffer if requested (bsc#1106811). - bsg: Do not copy sense if no response buffer is allocated (bsc#1106811,bsc#1126555). - btrfs: dedupe_file_range ioctl: remove 16MiB restriction (bsc#1127494). - btrfs: do not unnecessarily pass write_lock_level when processing leaf (bsc#1126802). - btrfs: ensure that a DUP or RAID1 block group has exactly two stripes (bsc#1128451). - btrfs: fix clone vs chattr NODATASUM race (bsc#1127497). - btrfs: fix corruption reading shared and compressed extents after hole punching (bsc#1126476). - btrfs: fix deadlock when allocating tree block during leaf/node split (bsc#1126806). - btrfs: fix deadlock when using free space tree due to block group creation (bsc#1126804). - btrfs: fix fsync after succession of renames and unlink/rmdir (bsc#1126488). - btrfs: fix fsync after succession of renames of different files (bsc#1126481). - btrfs: fix invalid-free in btrfs_extent_same (bsc#1127498). - btrfs: fix reading stale metadata blocks after degraded raid1 mounts (bsc#1126803). - btrfs: fix use-after-free of cmp workspace pages (bsc#1127603). - btrfs: grab write lock directly if write_lock_level is the max level (bsc#1126802). - btrfs: Improve btrfs_search_slot description (bsc#1126802). - btrfs: move get root out of btrfs_search_slot to a helper (bsc#1126802). - btrfs: qgroup: Cleanup old subtree swap code (bsc#1063638). - btrfs: qgroup: Do not trace subtree if we're dropping reloc tree (bsc#1063638). - btrfs: qgroup: Finish rescan when hit the last leaf of extent tree (bsc#1129327). - btrfs: qgroup: Fix root item corruption when multiple same source snapshots are created with quota enabled (bsc#1122324). - btrfs: qgroup: Introduce function to find all new tree blocks of reloc tree (bsc#1063638). - btrfs: qgroup: Introduce function to trace two swaped extents (bsc#1063638). - btrfs: qgroup: Introduce per-root swapped blocks infrastructure (bsc#1063638). - btrfs: qgroup: Introduce trace event to analyse the number of dirty extents accounted (bsc#1063638 dependency). - btrfs: qgroup: Make qgroup async transaction commit more aggressive (bsc#1113042). - btrfs: qgroup: Only trace data extents in leaves if we're relocating data block group (bsc#1063638). - btrfs: qgroup: Refactor btrfs_qgroup_trace_subtree_swap (bsc#1063638). - btrfs: qgroup: Search commit root for rescan to avoid missing extent (bsc#1129326). - btrfs: qgroup: Use delayed subtree rescan for balance (bsc#1063638). - btrfs: qgroup: Use generation-aware subtree swap to mark dirty extents (bsc#1063638). - btrfs: quota: Set rescan progress to (u64)-1 if we hit last leaf (bsc#1129327). - btrfs: relocation: Delay reloc tree deletion after merge_reloc_roots (bsc#1063638). - btrfs: reloc: Fix NULL pointer dereference due to expanded reloc_root lifespan (bsc#1129497). - btrfs: remove always true check in unlock_up (bsc#1126802). - btrfs: remove superfluous free_extent_buffer in read_block_for_search (bsc#1126802). - btrfs: remove unnecessary level check in balance_level (bsc#1126802). - btrfs: remove unused check of skip_locking (bsc#1126802). - btrfs: reuse cmp workspace in EXTENT_SAME ioctl (bsc#1127495). - btrfs: send, fix race with transaction commits that create snapshots (bsc#1126802). - btrfs: simplify IS_ERR/PTR_ERR checks (bsc#1126481). - btrfs: split btrfs_extent_same (bsc#1127493). - btrfs: use kvzalloc for EXTENT_SAME temporary data (bsc#1127496). - btrfs: use more straightforward extent_buffer_uptodate check (bsc#1126802). - can: bcm: check timer values before ktime conversion (bsc#1051510). - can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it (bsc#1051510). - can: gw: ensure DLC boundaries after CAN frame modification (bsc#1051510). - cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader (bsc#1051510). - cdc-wdm: pass return value of recover_from_urb_loss (bsc#1051510). - ceph: avoid repeatedly adding inode to mdsc->snap_flush_list (bsc#1126790). - ceph: clear inode pointer when snap realm gets dropped by its inode (bsc#1125799). - cfg80211: extend range deviation for DMG (bsc#1051510). - ch: add missing mutex_lock()/mutex_unlock() in ch_release() (bsc#1124235). - char/mwave: fix potential Spectre v1 vulnerability (bsc#1051510). - checkstack.pl: fix for aarch64 (bsc#1051510). - ch: fixup refcounting imbalance for SCSI devices (bsc#1124235). - cifs: add missing debug entries for kconfig options (bsc#1051510). - cifs: add missing support for ACLs in smb 3.11 (bsc#1051510). - cifs: add sha512 secmech (bsc#1051510). - cifs: Add support for reading attributes on smb2+ (bsc#1051510). - cifs: Add support for writing attributes on smb2+ (bsc#1051510). - cifs: Always resolve hostname before reconnecting (bsc#1051510). - cifs: connect to servername instead of IP for IPC$ share (bsc#1051510). - cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510). - cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510). - cifs: Fix error mapping for smb2_LOCK command which caused OFD lock problem (bsc#1051510). - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510). - cifs: Fix NULL pointer dereference of devname (bnc#1129519). - cifs: fix return value for cifs_listxattr (bsc#1051510). - cifs: Fix separator when building path from dentry (bsc#1051510). - cifs: fix set info (bsc#1051510). - cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510). - cifs: fix wrapping bugs in num_entries() (bsc#1051510). - cifs: For smb2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510). - cifs: hide unused functions (bsc#1051510). - cifs: hide unused functions (bsc#1051510). - cifs: implement v3.11 preauth integrity (bsc#1051510). - cifs: invalidate cache when we truncate a file (bsc#1051510). - cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510). - cifs: OFD locks do not conflict with eachothers (bsc#1051510). - cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510). - cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510). - cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510). - cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510). - cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510). - cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510). - cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510). - cifs: Use ULL suffix for 64-bit constant (bsc#1051510). - clk: armada-370: fix refcount leak in a370_clk_init() (bsc#1051510). - clk: armada-xp: fix refcount leak in axp_clk_init() (bsc#1051510). - clk: dove: fix refcount leak in dove_clk_init() (bsc#1051510). - clk: highbank: fix refcount leak in hb_clk_init() (bsc#1051510). - clk: imx6q: fix refcount leak in imx6q_clocks_init() (bsc#1051510). - clk: imx6q: reset exclusive gates on init (bsc#1051510). - clk: imx6sl: ensure MMDC CH0 handshake is bypassed (bsc#1051510). - clk: imx6sx: fix refcount leak in imx6sx_clocks_init() (bsc#1051510). - clk: imx7d: fix refcount leak in imx7d_clocks_init() (bsc#1051510). - clk: kirkwood: fix refcount leak in kirkwood_clk_init() (bsc#1051510). - clk: mv98dx3236: fix refcount leak in mv98dx3236_clk_init() (bsc#1051510). - clk: qoriq: fix refcount leak in clockgen_init() (bsc#1051510). - clk: rockchip: fix typo in rk3188 spdif_frac parent (bsc#1051510). - clk: samsung: exynos4: fix refcount leak in exynos4_get_xom() (bsc#1051510). - clk: socfpga: fix refcount leak (bsc#1051510). - clk: sunxi: A31: Fix wrong AHB gate number (bsc#1051510). - clk: sunxi-ng: a33: Set CLK_SET_RATE_PARENT for all audio module clocks (bsc#1051510). - clk: sunxi-ng: enable so-said LDOs for A64 SoC's pll-mipi clock (bsc#1051510). - clk: sunxi-ng: h3/h5: Fix CSI_MCLK parent (bsc#1051510). - clk: sunxi-ng: sun8i-a23: Enable PLL-MIPI LDOs when ungating it (bsc#1051510). - clk: uniphier: Fix update register for CPU-gear (bsc#1051510). - clk: vf610: fix refcount leak in vf610_clocks_init() (bsc#1051510). - clocksource/drivers/exynos_mct: Fix error path in timer resources initialization (bsc#1051510). - clocksource/drivers/integrator-ap: Add missing of_node_put() (bsc#1051510). - clocksource/drivers/sun5i: Fail gracefully when clock rate is unavailable (bsc#1051510). - configfs: fix registered group removal (bsc#1051510). - copy_mount_string: Limit string length to PATH_MAX (bsc#1082943). - cpufreq: Cap the default transition delay value to 10 ms (bsc#1127042). - cpufreq: conservative: Take limits changes into account properly (bsc#1051510). - cpufreq: governor: Avoid accessing invalid governor_data (bsc#1051510). - cpufreq: governor: Drop min_sampling_rate (bsc#1127042). - cpufreq: governor: Ensure sufficiently large sampling intervals (bsc#1127042). - cpufreq: imx6q: add return value check for voltage scale (bsc#1051510). - cpufreq: Use transition_delay_us for legacy governors as well (bsc#1127042). - cpuidle: big.LITTLE: fix refcount leak (bsc#1051510). - cramfs: fix abad comparison when wrap-arounds occur (bsc#1051510). - crypto: aes_ti - disable interrupts while accessing S-box (bsc#1051510). - crypto: ahash - fix another early termination in hash walk (bsc#1051510). - crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling (bsc#1051510). - crypto: arm/crct10dif - revert to C code for short inputs (bsc#1051510). - crypto: authencesn - Avoid twice completion call in decrypt path (bsc#1051510). - crypto: authenc - fix parsing key with misaligned rta_len (bsc#1051510). - crypto: bcm - convert to use crypto_authenc_extractkeys() (bsc#1051510). - crypto: brcm - Fix some set-but-not-used warning (bsc#1051510). - crypto: caam - fixed handling of sg list (bsc#1051510). - crypto: caam - fix zero-length buffer DMA mapping (bsc#1051510). - crypto: cavium/zip - fix collision with generic cra_driver_name (bsc#1051510). - crypto: crypto4xx - add missing of_node_put after of_device_is_available (bsc#1051510). - crypto: crypto4xx - Fix wrong ppc4xx_trng_probe()/ppc4xx_trng_remove() arguments (bsc#1051510). - crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails (bsc#1051510). - crypto: testmgr - skip crc32c context test for ahash algorithms (bsc#1051510). - crypto: tgr192 - fix unaligned memory access (bsc#1051510). - crypto: user - support incremental algorithm dumps (bsc#1120902). - crypto: ux500 - Use proper enum in cryp_set_dma_transfer (bsc#1051510). - crypto: ux500 - Use proper enum in hash_set_dma_transfer (bsc#1051510). - cw1200: drop useless LIST_HEAD (bsc#1051510). - cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan() (bsc#1051510). - cw1200: fix missing unlock on error in cw1200_hw_scan() (bsc#1051510). - dccp: fool proof ccid_hc_[rt]x_parse_options() (bsc#1051510). - debugfs: fix debugfs_rename parameter checking (bsc#1051510). - dlm: Do not swamp the CPU with callbacks queued during recovery (bsc#1051510). - dlm: fixed memory leaks after failed ls_remove_names allocation (bsc#1051510). - dlm: lost put_lkb on error path in receive_convert() and receive_unlock() (bsc#1051510). - dlm: memory leaks on error path in dlm_user_request() (bsc#1051510). - dlm: possible memory leak on error path in create_lkb() (bsc#1051510). - dmaengine: at_hdmac: drop useless LIST_HEAD (bsc#1051510). - dmaengine: at_hdmac: fix memory leak in at_dma_xlate() (bsc#1051510). - dmaengine: at_hdmac: fix module unloading (bsc#1051510). - dmaengine: at_xdmac: Fix wrongfull report of a channel as in use (bsc#1051510). - dmaengine: bcm2835: Fix abort of transactions (bsc#1051510). - dmaengine: bcm2835: Fix interrupt race on RT (bsc#1051510). - dmaengine: dma-jz4780: Return error if not probed from DT (bsc#1051510). - dmaengine: dmatest: Abort test in case of mapping error (bsc#1051510). - dmaengine: dw: drop useless LIST_HEAD (bsc#1051510). - dmaengine: dw: Fix FIFO size for Intel Merrifield (bsc#1051510). - dmaengine: imx-dma: fix wrong callback invoke (bsc#1051510). - dmaengine: mv_xor: Use correct device for DMA API (bsc#1051510). - dmaengine: pl330: drop useless LIST_HEAD (bsc#1051510). - dmaengine: sa11x0: drop useless LIST_HEAD (bsc#1051510). - dmaengine: st_fdma: drop useless LIST_HEAD (bsc#1051510). - dmaengine: stm32-dma: fix incomplete configuration in cyclic mode (bsc#1051510). - dmaengine: xilinx_dma: Remove __aligned attribute on zynqmp_dma_desc_ll (bsc#1051510). - dma: Introduce dma_max_mapping_size() (bsc#1120008). - dm cache metadata: verify cache has blocks in blocks_are_clean_separate_dirty() (git-fixes). - dm: call blk_queue_split() to impose device limits on bios (git-fixes). - dm: do not allow readahead to limit IO size (git-fixes). - dm thin: send event about thin-pool state change _after_ making it (git-fixes). - dm zoned: Fix target BIO completion handling (git-fixes). - doc: rcu: Suspicious RCU usage is a warning (bsc#1051510). - doc/README.SUSE: Correct description for building a kernel (bsc#1123348) - Do not log confusing message on reconnect by default (bsc#1129664). - Do not log expected error on DFS referral request (bsc#1051510). - driver core: Do not resume suppliers under device_links_write_lock() (bsc#1051510). - driver core: Move async_synchronize_full call (bsc#1051510). - drivers: core: Remove glue dirs from sysfs earlier (bsc#1051510). - drivers: hv: vmbus: Check for ring when getting debug info (bsc#1126389, bsc#1126579). - drivers: hv: vmbus: preserve hv_ringbuffer_get_debuginfo kABI (bsc#1126389, bsc#1126579). - drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels (bsc#1126389, bsc#1126579). - drivers/misc/sgi-gru: fix Spectre v1 vulnerability (bsc#1051510). - drivers/net/ethernet/qlogic/qed/qed_rdma.h: fix typo (bsc#1086314 bsc#1086313 bsc#1086301 ). - drivers/sbus/char: add of_node_put() (bsc#1051510). - drm/amdgpu: Add delay after enable RLC ucode (bsc#1051510). - drm/ast: Fix connector leak during driver unload (bsc#1051510). - drm/ast: fixed reading monitor EDID not stable issue (bsc#1051510). - drm/atomic-helper: Complete fake_commit->flip_done potentially earlier (bsc#1051510). - drm: Block fb changes for async plane updates (bsc#1051510). - drm/bridge: tc358767: add defines for DP1_SRCCTRL & PHY_2LANE (bsc#1051510). - drm/bridge: tc358767: fix initial DP0/1_SRCCTRL value (bsc#1051510). - drm/bridge: tc358767: fix output H/V syncs (bsc#1051510). - drm/bridge: tc358767: fix single lane configuration (bsc#1051510). - drm/bridge: tc358767: reject modes which require too much BW (bsc#1051510). - drm/bufs: Fix Spectre v1 vulnerability (bsc#1051510). - drm: Clear state->acquire_ctx before leaving drm_atomic_helper_commit_duplicated_state() (bsc#1051510). - drm: disable uncached DMA optimization for ARM and arm64 (bsc#1051510). - drm/etnaviv: NULL vs IS_ERR() buf in etnaviv_core_dump() (bsc#1113722) - drm/etnaviv: potential NULL dereference (bsc#1113722) - drm/fb-helper: Partially bring back workaround for bugs of SDL 1.2 (bsc#1113722) - drm: Fix error handling in drm_legacy_addctx (bsc#1113722) - drm/i915: Block fbdev HPD processing during suspend (bsc#1113722) - drm/i915/fbdev: Actually configure untiled displays (bsc#1113722) - drm/i915: Flush GPU relocs harder for gen3 (bsc#1113722) - drm/i915/gvt: Fix mmap range check (bsc#1120902) - drm/i915/gvt: free VFIO region space in vgpu detach (bsc#1113722) - drm/i915/gvt: release shadow batch buffer and wa_ctx before destroy one workload (bsc#1051510). - drm/i915/opregion: fix version check (bsc#1113722) - drm/i915/opregion: rvda is relative from opregion base in opregion (bsc#1113722) - drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set (bsc#1113722) - drm/i915: Redefine some Whiskey Lake SKUs (bsc#1051510). - drm/i915: Use the correct crtc when sanitizing plane mapping (bsc#1113722) - drm/meson: add missing of_node_put (bsc#1051510). - drm/modes: Prevent division by zero htotal (bsc#1051510). - drm/msm: Fix error return checking (bsc#1051510). - drm/msm: Grab a vblank reference when waiting for commit_done (bsc#1051510). - drm/msm: Unblock writer if reader closes file (bsc#1051510). - drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON (bsc#1113722) - drm/nouveau: Do not spew kernel WARNING for each timeout (bsc#1126480). - drm/nouveau: Do not WARN_ON VCPI allocation failures (bsc#1113722) - drm/nouveau/falcon: avoid touching registers if engine is off (bsc#1051510). - drm/nouveau/pmu: do not print reply values if exec is false (bsc#1113722) - drm/nouveau/tmr: detect stalled gpu timer and break out of waits (bsc#1123538). - drm/radeon/evergreen_cs: fix missing break in switch statement (bsc#1113722) - drm: Reorder set_property_atomic to avoid returning with an active ww_ctx (bsc#1051510). - drm/rockchip: fix for mailbox read size (bsc#1051510). - drm/shmob: Fix return value check in shmob_drm_probe (bsc#1113722) - drm/sun4i: tcon: Prepare and enable TCON channel 0 clock at init (bsc#1051510). - drm/vmwgfx: Do not double-free the mode stored in par->set_mode (bsc#1103429) - drm/vmwgfx: Fix setting of dma masks (bsc#1120902) - drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user (bsc#1120902) - e1000e: allow non-monotonic SYSTIM readings (bsc#1051510). - earlycon: Initialize port->uartclk based on clock-frequency property (bsc#1051510). - earlycon: Remove hardcoded port->uartclk initialization in of_setup_earlycon (bsc#1051510). - Enable CONFIG_RDMA_RXE=m also for ppc64le (bsc#1107665,) - enic: fix build warning without CONFIG_CPUMASK_OFFSTACK (bsc#1051510). - enic: fix checksum validation for IPv6 (bsc#1051510). - esp6: fix memleak on error path in esp6_input (bsc#1051510). - esp: Fix locking on page fragment allocation (bsc#1051510). - esp: Fix memleaks on error paths (bsc#1051510). - esp: Fix skb tailroom calculation (bsc#1051510). - exportfs: do not read dentry after free (bsc#1051510). - ext4: avoid kernel warning when writing the superblock to a dead device (bsc#1124981). - ext4: check for shutdown and r/o file system in ext4_write_inode() (bsc#1124978). - ext4: fix a potential fiemap/page fault deadlock w/ inline_data (bsc#1124980). - ext4: Fix crash during online resizing (bsc#1122779). - ext4: force inode writes when nfsd calls commit_metadata() (bsc#1125125). - ext4: include terminating u32 in size of xattr entries when expanding inodes (bsc#1124976). - ext4: make sure enough credits are reserved for dioread_nolock writes (bsc#1124979). - ext4: track writeback errors using the generic tracking infrastructure (bsc#1124982). - fanotify: fix handling of events on child sub-directory (bsc#1122019). - fat: validate ->i_start before using (bsc#1051510). - fbdev: chipsfb: remove set but not used variable 'size' (bsc#1113722) - firmware/efi: Add NULL pointer checks in efivars API functions (bsc#1051510). - Fix kabi issues with new transport sharing code (bsc#1114893). - Fix problem with sharetransport= and NFSv4 (bsc#1114893). - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510). - floppy: check_events callback should not return a negative number (bsc#1051510). - fork: do not copy inconsistent signal handler state to child (bsc#1051510). - fork: record start_time late (git-fixes). - fork: unconditionally clear stack on fork (git-fixes). - fs/cifs: require sha512 (bsc#1051510). - fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() (git-fixes). - fs/devpts: always delete dcache dentry-s in dput() (git-fixes). - fuse: call pipe_buf_release() under pipe lock (bsc#1051510). - fuse: continue to send FUSE_RELEASEDIR when FUSE_OPEN returns ENOSYS (bsc#1051510). - fuse: decrement NR_WRITEBACK_TEMP on the right page (bsc#1051510). - fuse: handle zero sized retrieve correctly (bsc#1051510). - futex: Fix (possible) missed wakeup (bsc#1050549). - gdrom: fix a memory leak bug (bsc#1051510). - geneve: cleanup hard coded value for Ethernet header length (bsc#1123456). - geneve: correctly handle ipv6.disable module parameter (bsc#1051510). - geneve, vxlan: Do not check skb_dst() twice (bsc#1123456). - geneve, vxlan: Do not set exceptions if skb->len < mtu (bsc#1123456). - genwqe: Fix size check (bsc#1051510). - gfs2: Revert 'Fix loop in gfs2_rbm_find' (bsc#1120601). - gianfar: fix a flooded alignment reports because of padding issue (bsc#1051510). - gianfar: Fix Rx byte accounting for ndev stats (bsc#1051510). - gianfar: prevent integer wrapping in the rx handler (bsc#1051510). - gpio: altera-a10sr: Set proper output level for direction_output (bsc#1051510). - gpio: pcf857x: Fix interrupts on multiple instances (bsc#1051510). - gpio: pl061: handle failed allocations (bsc#1051510). - gpio: pl061: Move irq_chip definition inside struct pl061 (bsc#1051510). - gpio: vf610: Mask all GPIO interrupts (bsc#1051510). - gpu: ipu-v3: Fix CSI offsets for imx53 (bsc#1113722) - gpu: ipu-v3: Fix i.MX51 CSI control registers offset (bsc#1113722) - gpu: ipu-v3: image-convert: Prevent race between run and unprepare (bsc#1051510). - gro_cell: add napi_disable in gro_cells_destroy (networking-stable-19_01_04). - gro_cells: make sure device is up in gro_cells_receive() (git-fixes). - hfs: do not free node before using (bsc#1051510). - hfsplus: do not free node before using (bsc#1051510). - hfsplus: prevent btree data loss on root split (bsc#1051510). - hfs: prevent btree data loss on root split (bsc#1051510). - hid: lenovo: Add checks to fix of_led_classdev_register (bsc#1051510). - hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable (git-fixes). - hvc_opal: do not set tb_ticks_per_usec in udbg_init_opal_common() (bsc#1051510). - hv: v4.12 API for hyperv-iommu (bsc#1122822). - hwmon/k10temp: Add support for AMD family 17h, model 30h CPUs (). - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (). - hwmon: (lm80) fix a missing check of bus read in lm80 probe (bsc#1051510). - hwmon: (lm80) fix a missing check of the status of smbus read (bsc#1051510). - hwmon: (lm80) Fix missing unlock on error in set_fan_div() (bsc#1051510). - hwmon: (tmp421) Correct the misspelling of the tmp442 compatible attribute in OF device ID table (bsc#1051510). - HYPERV/IOMMU: Add Hyper-V stub IOMMU driver (bsc#1122822). - i2c-axxia: check for error conditions first (bsc#1051510). - i2c: bcm2835: Clear current buffer pointers and counts after a transfer (bsc#1051510). - i2c: cadence: Fix the hold bit setting (bsc#1051510). - i2c: dev: prevent adapter retries and timeout being set as minus value (bsc#1051510). - i2c: omap: Use noirq system sleep pm ops to idle device for suspend (bsc#1051510). - i2c: sh_mobile: add support for r8a77990 (R-Car E3) (bsc#1051510). - i40e: fix mac filter delete when setting mac address (bsc#1056658 bsc#1056662). - i40e: report correct statistics when XDP is enabled (bsc#1056658 bsc#1056662). - i40e: restore NETIF_F_GSO_IPXIP to netdev features (bsc#1056658 bsc#1056662). - IB/core: Destroy QP if XRC QP fails (bsc#1046306). - IB/core: Fix potential memory leak while creating MAD agents (bsc#1046306). - IB/core: Unregister notifier before freeing MAD security (bsc#1046306). - IB/hfi1: Close race condition on user context disable and close (bsc#1060463). - IB/mlx5: Unmap DMA addr from HCA before IOMMU (bsc#1046305 ). - ibmveth: Do not process frames after calling napi_reschedule (bcs#1123357). - ibmveth: fix DMA unmap error in ibmveth_xmit_start error path (networking-stable-19_01_04). - ibmvnic: Add ethtool private flag for driver-defined queue limits (bsc#1121726). - ibmvnic: Increase maximum queue size limit (bsc#1121726). - ibmvnic: Introduce driver limits for ring sizes (bsc#1121726). - ibmvnic: Report actual backing device speed and duplex values (bsc#1129923). - ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton (bsc#1119019). - ide: pmac: add of_node_put() (bsc#1051510). - ieee802154: ca8210: fix possible u8 overflow in ca8210_rx_done (bsc#1051510). - ieee802154: lowpan_header_create check must check daddr (networking-stable-19_01_04). - igb: Fix an issue that PME is not enabled during runtime suspend (bsc#1051510). - iio: accel: kxcjk1013: Add KIOX010A acpi Hardware-ID (bsc#1051510). - iio: adc: exynos-adc: Fix NULL pointer exception on unbind (bsc#1051510). - iio: chemical: atlas-ph-sensor: correct IIO_TEMP values to millicelsius (bsc#1051510). - input: bma150 - register input device after setting private data (bsc#1051510). - input: elan_i2c - add acpi ID for touchpad in ASUS Aspire F5-573G (bsc#1051510). - input: elan_i2c - add acpi ID for touchpad in Lenovo V330-15ISK (bsc#1051510). - input: elan_i2c - add id for touchpad found in Lenovo s21e-20 (bsc#1051510). - input: elantech - enable 3rd button support on Fujitsu CELSIUS H780 (bsc#1051510). - input: omap-keypad - fix idle configuration to not block SoC idle states (bsc#1051510). - input: raspberrypi-ts - fix link error (git-fixes). - input: raspberrypi-ts - select CONFIG_INPUT_POLLDEV (git-fixes). - input: restore EV_ABS ABS_RESERVED (bsc#1051510). - input: synaptics - enable RMI on ThinkPad T560 (bsc#1051510). - input: synaptics - enable smbus for HP EliteBook 840 G4 (bsc#1051510). - input: wacom_serial4 - add support for Wacom ArtPad II tablet (bsc#1051510). - input: xpad - add support for SteelSeries Stratus Duo (bsc#1111666). - intel_th: Do not reference unassigned outputs (bsc#1051510). - intel_th: gth: Fix an off-by-one in output unassigning (bsc#1051510). - iomap: fix integer truncation issues in the zeroing and dirtying helpers (bsc#1125947). - iomap: warn on zero-length mappings (bsc#1127062). - iommu/amd: Call free_iova_fast with pfn in map_sg (bsc#1106105). - iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#1106105). - iommu/amd: Unmap all mapped pages in error path of map_sg (bsc#1106105). - iommu/dmar: Fix buffer overflow during PCI bus notification (bsc#1129181). - iommu: Document iommu_ops.is_attach_deferred() (bsc#1129182). - iommu/io-pgtable-arm-v7s: Only kmemleak_ignore L2 tables (bsc#1129205). - iommu/vt-d: Check identity map for hot-added devices (bsc#1129183). - iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions() (bsc#1106105). - iommu/vt-d: Fix NULL pointer reference in intel_svm_bind_mm() (bsc#1129184). - ip6mr: Fix potential Spectre v1 vulnerability (networking-stable-19_01_04). - ip6_tunnel: get the min mtu properly in ip6_tnl_xmit (bsc#1123456). - ip6_tunnel: use the right value for ipv4 min mtu check in ip6_tnl_xmit (bsc#1123456). - ipmi:pci: Blacklist a Realtek 'IPMI' device (git-fixes). - ipmi:ssif: Fix handling of multi-part return messages (bsc#1051510). - ip: on queued skb use skb_header_pointer instead of pskb_may_pull (git-fixes). - ipsec: check return value of skb_to_sgvec always (bsc#1051510). - ipv4: Fix potential Spectre v1 vulnerability (networking-stable-19_01_04). - ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes (networking-stable-18_12_12). - ipv4: speedup ipv6 tunnels dismantle (bsc#1122982). - ipv6: addrlabel: per netns list (bsc#1122982). - ipv6: Check available headroom in ip6_xmit() even without options (networking-stable-18_12_12). - ipv6: Consider sk_bound_dev_if when binding a socket to an address (networking-stable-19_02_01). - ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address (networking-stable-19_01_22). - ipv6: explicitly initialize udp6_addr in udp_sock_create6() (networking-stable-19_01_04). - ipv6: fix kernel-infoleak in ipv6_local_error() (networking-stable-19_01_20). - ipv6: speedup ipv6 tunnels dismantle (bsc#1122982). Refresh patches.suse/ip6_vti-fix-a-null-pointer-deference-when-destroy-vt.patch - ipv6: sr: properly initialize flowi6 prior passing to ip6_route_output (networking-stable-18_12_12). - ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses (networking-stable-19_01_22). - ipv6: tunnels: fix two use-after-free (networking-stable-19_01_04). - ip: validate header length on virtual device xmit (networking-stable-19_01_04). - ipvlan, l3mdev: fix broken l3s mode wrt local routes (networking-stable-19_02_01). - irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size (bsc#1051510). - irqchip/gic-v3-its: Do not bind LPI to unavailable NUMA node (bsc#1051510). - irqchip/gic-v3-its: Fix ITT_entry_size accessor (bsc#1051510). - iscsi target: fix session creation failure handling (bsc#1051510). - isdn: avm: Fix string plus integer warning from Clang (bsc#1051510). - isdn: fix kernel-infoleak in capi_unlocked_ioctl (bsc#1051510). - isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw() (bsc#1051510). - isdn: i4l: isdn_tty: Fix some concurrency double-free bugs (bsc#1051510). - iser: set sector for ambiguous mr status errors (bsc#1051510). - iwlwifi: mvm: avoid possible access out of array (bsc#1051510). - iwlwifi: mvm: fix A-MPDU reference assignment (bsc#1051510). - iwlwifi: mvm: fix RSS config command (bsc#1051510). - iwlwifi: pcie: fix emergency path (bsc#1051510). - iwlwifi: pcie: fix TX while flushing (bsc#1120902). - ixgbe: Be more careful when modifying MAC filters (bsc#1051510). - ixgbe: check return value of napi_complete_done() (bsc#1051510). - ixgbe: recognize 1000BaseLX SFP modules as 1Gbps (bsc#1051510). - jffs2: Fix use of uninitialized delayed_work, lockdep breakage (bsc#1051510). - kabi: cpufreq: keep min_sampling_rate in struct dbs_data (bsc#1127042). - kabi: fix xhci kABI stability (bsc#1119086). - kabi: handle addition of ip6addrlbl_table into struct netns_ipv6 (bsc#1122982). - kabi: handle addition of uevent_sock into struct net (bsc#1122982). - kabi: Preserve kABI for dma_max_mapping_size() (bsc#1120008). - kabi: protect struct sctp_association (kabi). - kabi: protect struct smc_buf_desc (bnc#1117947, LTC#173662). - kabi: protect struct smc_link (bnc#1117947, LTC#173662). - kabi: protect vhost_log_write (kabi). - kabi: restore ip_tunnel_delete_net() (bsc#1122982). - kABI workaroudn for ath9k ath_node.ackto type change (bsc#1051510). - kABI workaround for bt_accept_enqueue() change (bsc#1051510). - kABI workaround for deleted snd_hda_register_beep_device() (bsc#1122944). - kABI workaround for snd_hda_bus.bus_probing addition (bsc#1122944). - kallsyms: Handle too long symbols in kallsyms.c (bsc#1126805). - kconfig: fix file name and line number of warn_ignored_character() (bsc#1051510). - kconfig: fix line numbers for if-entries in menu tree (bsc#1051510). - kconfig: fix memory leak when EOF is encountered in quotation (bsc#1051510). - kconfig: fix the rule of mainmenu_stmt symbol (bsc#1051510). - kernel/exit.c: release ptraced tasks before zap_pid_ns_processes (git-fixes). - keys: allow reaching the keys quotas exactly (bsc#1051510). - keys: Timestamp new keys (bsc#1051510). - kgdboc: fix KASAN global-out-of-bounds bug in param_set_kgdboc_var() (bsc#1051510). - kgdboc: Fix restrict error (bsc#1051510). - kgdboc: Fix warning with module build (bsc#1051510). - kobject: add kobject_uevent_net_broadcast() (bsc#1122982). - kobject: copy env blob in one go (bsc#1122982). - kobject: factorize skb setup in kobject_uevent_net_broadcast() (bsc#1122982). - kprobes: Return error if we fail to reuse kprobe instead of BUG_ON() (bsc#1051510). - kvm: arm/arm64: Properly protect VGIC locks from IRQs (bsc#1117155). - kvm: arm/arm64: VGIC/ITS: Promote irq_lock() in update_affinity (bsc#1117155). - kvm: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock (bsc#1117155). - kvm: arm/arm64: VGIC/ITS save/restore: protect kvm_read_guest() calls (bsc#1117155). - kvm: mmu: Fix race in emulated page table writes (bsc#1129284). - kvm: nVMX: Free the VMREAD/VMWRITE bitmaps if alloc_kvm_area() fails (bsc#1129291). - kvm: nVMX: NMI-window and interrupt-window exiting should wake L2 from HLT (bsc#1129292). - kvm: nVMX: Set VM instruction error for VMPTRLD of unbacked page (bsc#1129293). - kvm: PPC: Book3S PR: Set hflag to indicate that POWER9 supports 1T segments (bsc#1124589). - kvm: sev: Fail KVM_SEV_INIT if already initialized (bsc#1114279). - kvm: vmx: Set IA32_TSC_AUX for legacy mode guests (bsc#1129294). - kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs (bsc#1127082). - kvm: x86: fix L1TF's MMIO GFN calculation (bsc#1124204). - kvm: x86: Fix single-step debugging (bsc#1129295). - kvm: x86: Use jmp to invoke kvm_spurious_fault() from .fixup (bsc#1129296). - l2tp: copy 4 more bytes to linear part if necessary (networking-stable-19_02_01). - l2tp: fix infoleak in l2tp_ip6_recvmsg() (git-fixes). - l2tp: fix reading optional fields of L2TPv3 (networking-stable-19_02_01). - lan78xx: Resolve issue with changing MAC address (bsc#1051510). - leds: lp5523: fix a missing check of return value of lp55xx_read (bsc#1051510). - leds: lp55xx: fix null deref on firmware load failure (bsc#1051510). - libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive() (bsc#1125800). - libceph: handle an empty authorize reply (bsc#1126789). - lib/div64.c: off by one in shift (bsc#1051510). - libnvdimm: Fix altmap reservation size calculation (bsc#1127682). - libnvdimm/label: Clear 'updating' flag after label-set update (bsc#1129543). - libnvdimm/pmem: Honor force_raw for legacy pmem regions (bsc#1129551). - lib/rbtree-test: lower default params (git-fixes). - lightnvm: fail fast on passthrough commands (bsc#1125780). - livepatch: Change unsigned long old_addr -> void *old_func in struct klp_func (bsc#1071995). - livepatch: Consolidate klp_free functions (bsc#1071995 ). - livepatch: core: Return EOPNOTSUPP instead of ENOSYS (bsc#1071995). - livepatch: Define a macro for new API identification (bsc#1071995). - livepatch: Do not block the removal of patches loaded after a forced transition (bsc#1071995). - livepatch: Introduce klp_for_each_patch macro (bsc#1071995 ). - livepatch: Module coming and going callbacks can proceed with all listed patches (bsc#1071995). - livepatch: Proper error handling in the shadow variables selftest (bsc#1071995). - livepatch: Remove ordering (stacking) of the livepatches (bsc#1071995). - livepatch: Remove signal sysfs attribute (bsc#1071995 ). - livepatch: return -ENOMEM on ptr_id() allocation failure (bsc#1071995). - livepatch: Send a fake signal periodically (bsc#1071995 ). - livepatch: Shuffle klp_enable_patch()/klp_disable_patch() code (bsc#1071995). - livepatch: Simplify API by removing registration step (bsc#1071995). - llc: do not use sk_eat_skb() (bsc#1051510). - lockd: fix access beyond unterminated strings in prints (git-fixes). - locking/rwsem: Fix (possible) missed wakeup (bsc#1050549). - loop: drop caches if offset or block_size are changed (bsc#1124975). - loop: Reintroduce lo_ctl_mutex removed by commit 310ca162d (bsc#1124974). - LSM: Check for NULL cred-security on free (bsc#1051510). - mac80211: Add attribute aligned(2) to struct 'action' (bsc#1051510). - mac80211: do not initiate TDLS connection if station is not associated to AP (bsc#1051510). - mac80211: ensure that mgmt tx skbs have tailroom for encryption (bsc#1051510). - mac80211: fix miscounting of ttl-dropped frames (bsc#1051510). - mac80211: fix radiotap vendor presence bitmap handling (bsc#1051510). - mac80211: Free mpath object when rhashtable insertion fails (bsc#1051510). - mac80211: Restore vif beacon interval if start ap fails (bsc#1051510). - macvlan: Only deliver one copy of the frame to the macvlan interface (bsc#1051510). - mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush timeout issue (bsc#1051510). - mdio_bus: Fix use-after-free on device_register fails (bsc#1051510). - media: adv*/tc358743/ths8200: fill in min width/height/pixelclock (bsc#1051510). - media: DaVinci-VPBE: fix error handling in vpbe_initialize() (bsc#1051510). - media: dt-bindings: media: i2c: Fix i2c address for OV5645 camera sensor (bsc#1051510). - media: firewire: Fix app_info parameter type in avc_ca{,_app}_info (bsc#1051510). - media: mtk-vcodec: Release device nodes in mtk_vcodec_init_enc_pm() (bsc#1051510). - media: s5k4ecgx: delete a bogus error message (bsc#1051510). - media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration (bsc#1051510). - media: s5p-jpeg: Correct step and max values for V4L2_CID_JPEG_RESTART_INTERVAL (bsc#1051510). - media: s5p-mfc: fix incorrect bus assignment in virtual child device (bsc#1051510). - media: usb: pwc: Do not use coherent DMA buffers for ISO transfer (bsc#1054610). - media: uvcvideo: Avoid NULL pointer dereference at the end of streaming (bsc#1051510). - media: uvcvideo: Fix 'type' check leading to overflow (bsc#1051510). - media: v4l2: i2c: ov7670: Fix PLL bypass register values (bsc#1051510). - media: v4l2-tpg: array index could become negative (bsc#1051510). - media: v4l: ioctl: Validate num_planes for debug messages (bsc#1051510). - media: vb2: be sure to unlock mutex on errors (bsc#1051510). - media: vb2: vb2_mmap: move lock up (bsc#1051510). - media: vivid: fix error handling of kthread_run (bsc#1051510). - media: vivid: free bitmap_cap when updating std/timings/etc (bsc#1051510). - media: vivid: set min width/height to a value > 0 (bsc#1051510). - memstick: Prevent memstick host from getting runtime suspended during card detection (bsc#1051510). - mfd: ab8500-core: Return zero in get_register_interruptible() (bsc#1051510). - mfd: db8500-prcmu: Fix some section annotations (bsc#1051510). - mfd: mc13xxx: Fix a missing check of a register-read failure (bsc#1051510). - mfd: mt6397: Do not call irq_domain_remove if PMIC unsupported (bsc#1051510). - mfd: qcom_rpm: write fw_version to CTRL_REG (bsc#1051510). - mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells (bsc#1051510). - mfd: tps65218: Use devm_regmap_add_irq_chip and clean up error path in probe() (bsc#1051510). - mfd: tps6586x: Handle interrupts on suspend (bsc#1051510). - mfd: twl-core: Fix section annotations on {,un}protect_pm_master (bsc#1051510). - mfd: wm5110: Add missing ASRC rate register (bsc#1051510). - misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data (bsc#1051510). - misc: hmc6352: fix potential Spectre v1 (bsc#1051510). - misc: hpilo: Do not claim unsupported hardware (bsc#1129330). - misc: hpilo: Exclude unsupported device via blacklist (bsc#1129330). - misc: mic/scif: fix copy-paste error in scif_create_remote_lookup (bsc#1051510). - misc: mic: SCIF Fix scif_get_new_port() error handling (bsc#1051510). - misc: sram: enable clock before registering regions (bsc#1051510). - misc: sram: fix resource leaks in probe error path (bsc#1051510). - misc: ti-st: Fix memory leak in the error path of probe() (bsc#1051510). - misc: vexpress: Off by one in vexpress_syscfg_exec() (bsc#1051510). - mISDN: fix a race in dev_expire_timer() (bsc#1051510). - mlx4: trigger IB events needed by SMC (bnc#1117947, LTC#173662). - mlxsw: __mlxsw_sp_port_headroom_set(): Fix a use of local variable (git-fixes). - mlxsw: spectrum: Disable lag port TX before removing it (networking-stable-19_01_22). - mmap: introduce sane default mmap limits (git fixes (mm/mmap)). - mmap: relax file size limit for regular files (git fixes (mm/mmap)). - mmc: atmel-mci: do not assume idle after atmci_request_end (bsc#1051510). - mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1051510). - mmc: bcm2835: Recover from MMC_SEND_EXT_CSD (bsc#1051510). - mmc: dw_mmc-bluefield: : Fix the license information (bsc#1051510). - mmc: Kconfig: Enable CONFIG_MMC_SDHCI_IO_ACCESSORS (bsc#1051510). - mmc: omap: fix the maximum timeout setting (bsc#1051510). - mmc: sdhci-brcmstb: handle mmc_of_parse() errors during probe (bsc#1051510). - mmc: sdhci-esdhc-imx: fix HS400 timing issue (bsc#1051510). - mmc: sdhci-iproc: handle mmc_of_parse() errors during probe (bsc#1051510). - mmc: sdhci-of-esdhc: Fix timeout checks (bsc#1051510). - mmc: sdhci-xenon: Fix timeout checks (bsc#1051510). - mmc: spi: Fix card detection during probe (bsc#1051510). - mm: do not drop unused pages when userfaultd is running (git fixes (mm/userfaultfd)). - mm/hmm: hmm_pfns_bad() was accessing wrong struct (git fixes (mm/hmm)). - mm: hwpoison: use do_send_sig_info() instead of force_sig() (git fixes (mm/hwpoison)). - mm/ksm.c: ignore STABLE_FLAG of rmap_item->address in rmap_walk_ksm() (git fixes (mm/ksm)). - mm: madvise(MADV_DODUMP): allow hugetlbfs pages (git fixes (mm/madvise)). - mm,memory_hotplug: fix scan_movable_pages() for gigantic hugepages (bsc#1127731). - mm: migrate: do not rely on __PageMovable() of newpage after unlocking it (git fixes (mm/migrate)). - mm: migrate: lock buffers before migrate_page_move_mapping() (bsc#1084216). - mm: migrate: Make buffer_migrate_page_norefs() actually succeed (bsc#1084216) - mm: migrate: provide buffer_migrate_page_norefs() (bsc#1084216). - mm: migration: factor out code to compute expected number of page references (bsc#1084216). - mm, oom: fix use-after-free in oom_kill_process (git fixes (mm/oom)). - mm: use swp_offset as key in shmem_replace_page() (git fixes (mm/shmem)). - mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed (git fixes (mm/vmscan)). - Moved patches.fixes/x86-add-tsx-force-abort-cpuid-msr.patch to patches.arch/ and added upstream tags (bsc#1129363) patches.arch/x86-add-tsx-force-abort-cpuid-msr - Move the upstreamed HD-audio fix into sorted section - mpt3sas: check sense buffer before copying sense data (bsc#1106811). - mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking (bsc#1051510). - mtd: cfi_cmdset_0002: Change write buffer to check correct value (bsc#1051510). - mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips (bsc#1051510). - mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary (bsc#1051510). - mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() (bsc#1051510). - mtdchar: fix overflows in adjustment of `count` (bsc#1051510). - mtdchar: fix usage of mtd_ooblayout_ecc() (bsc#1051510). - mtd: docg3: do not set conflicting BCH_CONST_PARAMS option (bsc#1051510). - mtd/maps: fix solutionengine.c printk format warnings (bsc#1051510). - mtd: mtd_oobtest: Handle bitflips during reads (bsc#1051510). - mtd: nand: atmel: fix buffer overflow in atmel_pmecc_user (bsc#1051510). - mtd: nand: atmel: Fix get_sectorsize() function (bsc#1051510). - mtd: nand: atmel: fix of_irq_get() error check (bsc#1051510). - mtd: nand: brcmnand: Disable prefetch by default (bsc#1051510). - mtd: nand: brcmnand: Zero bitflip is not an error (bsc#1051510). - mtd: nand: denali_pci: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bsc#1051510). - mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]() (bsc#1051510). - mtd: nand: Fix nand_do_read_oob() return value (bsc#1051510). - mtd: nand: Fix writing mtdoops to nand flash (bsc#1051510). - mtd: nand: fsl_ifc: Fix nand waitfunc return value (bsc#1051510). - mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM (bsc#1051510). - mtd: nand: ifc: update bufnum mask for ver >= 2.0.0 (bsc#1051510). - mtd: nand: mtk: fix infinite ECC decode IRQ issue (bsc#1051510). - mtd: nand: omap2: Fix subpage write (bsc#1051510). - mtd: nand: pxa3xx: Fix READOOB implementation (bsc#1051510). - mtd: nand: qcom: Add a NULL check for devm_kasprintf() (bsc#1051510). - mtd: nandsim: remove debugfs entries in error path (bsc#1051510). - mtd: nand: sunxi: Fix ECC strength choice (bsc#1051510). - mtd: nand: sunxi: fix potential divide-by-zero error (bsc#1051510). - mtd: nand: vf610: set correct ooblayout (bsc#1051510). - mtd: spi-nor: cadence-quadspi: Fix page fault kernel panic (bsc#1051510). - mtd: spi-nor: Fix Cadence QSPI page fault kernel panic (bsc#1051510). - mtd: spi-nor: fsl-quadspi: fix read error for flash size larger than 16MB (bsc#1051510). - mtd: spi-nor: stm32-quadspi: Fix uninitialized error return code (bsc#1051510). - mv88e6060: disable hardware level MAC learning (bsc#1051510). - nbd: Use set_blocksize() to set device blocksize (bsc#1124984). - neighbour: Avoid writing before skb->head in neigh_hh_output() (networking-stable-18_12_12). - net: 8139cp: fix a BUG triggered by changing mtu with network traffic (networking-stable-18_12_12). - net: add uevent socket member (bsc#1122982). - net: aquantia: driver should correctly declare vlan_features bits (bsc#1051510). - net: aquantia: fixed instack structure overflow (git-fixes). - net: aquantia: Fix hardware DMA stream overload on large MRRS (bsc#1051510). - net: bcmgenet: abort suspend on error (bsc#1051510). - net: bcmgenet: code movement (bsc#1051510). - net: bcmgenet: fix OF child-node lookup (bsc#1051510). - net: bcmgenet: remove HFB_CTRL access (bsc#1051510). - net: bcmgenet: return correct value 'ret' from bcmgenet_power_down (bsc#1051510). - net: bridge: fix a bug on using a neighbour cache entry without checking its state (networking-stable-19_01_20). - net: bridge: Fix ethernet header pointer before check skb forwardable (networking-stable-19_01_26). - net: core: Fix Spectre v1 vulnerability (networking-stable-19_01_04). - net: do not call update_pmtu unconditionally (bsc#1123456). - net: Do not default Cavium PTP driver to 'y' (bsc#1110096). - net: dp83640: expire old TX-skb (networking-stable-19_02_10). - net: dsa: mv88e6xxx: handle unknown duplex modes gracefully in mv88e6xxx_port_set_duplex (git-fixes). - net: dsa: mv88x6xxx: mv88e6390 errata (networking-stable-19_01_22). - net: dsa: slave: Do not propagate flag changes on down slave interfaces (networking-stable-19_02_10). - net: ena: fix race between link up and device initalization (bsc#1083548). - netfilter: nf_tables: check the result of dereferencing base_chain->stats (git-fixes). - net: Fix usage of pskb_trim_rcsum (networking-stable-19_01_26). - net/hamradio/6pack: use mod_timer() to rearm timers (networking-stable-19_01_04). - net: hns3: add error handler for hns3_nic_init_vector_data() (bsc#1104353). - net: hns3: add handling for big TX fragment (bsc#1104353 ). - net: hns3: Fix client initialize state issue when roce client initialize failed (bsc#1104353). - net: hns3: Fix for loopback selftest failed problem (bsc#1104353 ). - net: hns3: fix for multiple unmapping DMA problem (bsc#1104353 ). - net: hns3: Fix tc setup when netdev is first up (bsc#1104353 ). - net: hns3: Fix tqp array traversal condition for vf (bsc#1104353 ). - net: hns3: move DMA map into hns3_fill_desc (bsc#1104353 ). - net: hns3: remove hns3_fill_desc_tso (bsc#1104353). - net: hns3: rename hns_nic_dma_unmap (bsc#1104353). - net: hns3: rename the interface for init_client_instance and uninit_client_instance (bsc#1104353). - net: ipv4: Fix memory leak in network namespace dismantle (networking-stable-19_01_26). - net: macb: restart tx after tx used bit read (networking-stable-19_01_04). - net/mlx4_core: Add masking for a few queries on HCA caps (networking-stable-19_02_01). - net/mlx4_core: Fix locking in SRIOV mode when switching between events and polling (git-fixes). - net/mlx4_core: Fix qp mtt size calculation (git-fixes). - net/mlx4_core: Fix reset flow when in command polling mode (git-fixes). - net/mlx4_en: Change min MTU size to ETH_MIN_MTU (networking-stable-18_12_12). - net/mlx5e: Allow MAC invalidation while spoofchk is ON (networking-stable-19_02_01). - net/mlx5e: IPoIB, Fix RX checksum statistics update (git-fixes). - net/mlx5e: Remove the false indication of software timestamping support (networking-stable-19_01_04). - net/mlx5e: RX, Fix wrong early return in receive queue poll (bsc#1046305). - net/mlx5: fix uaccess beyond 'count' in debugfs read/write handlers (git-fixes). - net/mlx5: Release resource on error flow (git-fixes). - net/mlx5: Return success for PAGE_FAULT_RESUME in internal error state (git-fixes). - net/mlx5: Typo fix in del_sw_hw_rule (networking-stable-19_01_04). - net/mlx5: Use multi threaded workqueue for page fault handling (git-fixes). - net: netem: fix skb length BUG_ON in __skb_to_sgvec (git-fixes). - netns: restrict uevents (bsc#1122982). - net: phy: do not allow __set_phy_supported to add unsupported modes (networking-stable-18_12_12). - net: phy: Fix the issue that netif always links up after resuming (networking-stable-19_01_04). - net: phy: marvell: Errata for mv88e6390 internal PHYs (networking-stable-19_01_26). - net: phy: mdio_bus: add missing device_del() in mdiobus_register() error handling (networking-stable-19_01_26). - net: phy: Micrel KSZ8061: link failure after cable connect (git-fixes). - netrom: fix locking in nr_find_socket() (networking-stable-19_01_04). - netrom: switch to sock timer API (bsc#1051510). - net/rose: fix NULL ax25_cb kernel panic (networking-stable-19_02_01). - net/sched: act_tunnel_key: fix memory leak in case of action replace (networking-stable-19_01_26). - net_sched: refetch skb protocol for each filter (networking-stable-19_01_26). - net: set default network namespace in init_dummy_netdev() (networking-stable-19_02_01). - net: skb_scrub_packet(): Scrub offload_fwd_mark (networking-stable-18_12_03). - net/smc: abort CLC connection in smc_release (bnc#1117947, LTC#173662). - net/smc: add infrastructure to send delete rkey messages (bnc#1117947, LTC#173662). - net/smc: add SMC-D shutdown signal (bnc#1117947, LTC#173662). - net/smc: allow fallback after clc timeouts (bnc#1117947, LTC#173662). - net/smc: atomic SMCD cursor handling (bnc#1117947, LTC#173662). - net/smc: avoid a delay by waiting for nothing (bnc#1117947, LTC#173662). - net/smc: cleanup listen worker mutex unlocking (bnc#1117947, LTC#173662). - net/smc: cleanup tcp_listen_worker initialization (bnc#1117947, LTC#173662). - net/smc: enable fallback for connection abort in state INIT (bnc#1117947, LTC#173662). - net/smc: fix non-blocking connect problem (bnc#1117947, LTC#173662). - net/smc: fix sizeof to int comparison (bnc#1117947, LTC#173662). - net/smc: fix smc_buf_unuse to use the lgr pointer (bnc#1117947, LTC#173662). - net/smc: fix TCP fallback socket release (networking-stable-19_01_04). - net/smc: make smc_lgr_free() static (bnc#1117947, LTC#173662). - net/smc: no link delete for a never active link (bnc#1117947, LTC#173662). - net/smc: no urgent data check for listen sockets (bnc#1117947, LTC#173662). - net/smc: remove duplicate mutex_unlock (bnc#1117947, LTC#173662). - net/smc: remove sock_error detour in clc-functions (bnc#1117947, LTC#173662). - net/smc: short wait for late smc_clc_wait_msg (bnc#1117947, LTC#173662). - net/smc: unregister rkeys of unused buffer (bnc#1117947, LTC#173662). - net/smc: use after free fix in smc_wr_tx_put_slot() (bnc#1117947, LTC#173662). - net/smc: use queue pair number when matching link group (bnc#1117947, LTC#173662). - net: stmmac: Fix a race in EEE enable callback (git-fixes). - net: stmmac: fix broken dma_interrupt handling for multi-queues (git-fixes). - net: stmmac: Fix PCI module removal leak (git-fixes). - net: stmmac: handle endianness in dwmac4_get_timestamp (git-fixes). - net: stmmac: Use mutex instead of spinlock (git-fixes). - net: systemport: Fix WoL with password after deep sleep (networking-stable-19_02_10). - net: thunderx: fix NULL pointer dereference in nic_remove (git-fixes). - net: thunderx: set tso_hdrs pointer to NULL in nicvf_free_snd_queue (networking-stable-18_12_03). - net: thunderx: set xdp_prog to NULL if bpf_prog_add fails (networking-stable-18_12_03). - net/wan: fix a double free in x25_asy_open_tty() (networking-stable-19_01_04). - nfit: acpi_nfit_ctl(): Check out_obj->type in the right place (bsc#1129547). - nfit/ars: Attempt a short-ARS whenever the ARS state is idle at boot (bsc#1051510). - nfit/ars: Attempt short-ARS even in the no_init_ars case (bsc#1051510). - nfp: bpf: fix ALU32 high bits clearance bug (git-fixes). - nfs: Allow NFSv4 mounts to not share transports (). - nfsd: COPY and CLONE operations require the saved filehandle to be set (git-fixes). - nfsd: Fix an Oops in free_session() (git-fixes). - nfs: Fix a missed page unlock after pg_doio() (git-fixes). - nfs: Fix up return value on fatal errors in nfs_page_async_flush() (git-fixes). - nfs: support 'nosharetransport' option (bnc#807502, bnc#828192, ). - nfsv4.1: Fix the r/wsize checking (git-fixes). - nfsv4: Do not exit the state manager without clearing NFS4CLNT_MANAGER_RUNNING (git-fixes). - niu: fix missing checks of niu_pci_eeprom_read (bsc#1051510). - ntb_transport: Fix bug with max_mw_size parameter (bsc#1051510). - nvme-fc: reject reconnect if io queue count is reduced to zero (bsc#1128351). - nvme: flush namespace scanning work just before removing namespaces (bsc#1108101). - nvme: kABI fix for scan_lock (bsc#1123882). - nvme: lock NS list changes while handling command effects (bsc#1123882). - nvme-loop: fix kernel oops in case of unhandled command (bsc#1126807). - nvme-multipath: drop optimization for static ANA group IDs (bsc#1113939). - nvme-multipath: round-robin I/O policy (bsc#1110705). - nvme-pci: fix out of bounds access in nvme_cqe_pending (bsc#1127595). - of, numa: Validate some distance map rules (bsc#1051510). - of: unittest: Disable interrupt node tests for old world MAC systems (bsc#1051510). - omap2fb: Fix stack memory disclosure (bsc#1120902) - openvswitch: Avoid OOB read when parsing flow nlattrs (bsc#1051510). - openvswitch: fix the incorrect flow action alloc size (bsc#1051510). - openvswitch: Remove padding from packet before L3+ conntrack processing (bsc#1051510). - packet: Do not leak dev refcounts on error exit (git-fixes). - packet: validate address length if non-zero (networking-stable-19_01_04). - packet: validate address length (networking-stable-19_01_04). - parport_pc: fix find_superio io compare code, should use equal test (bsc#1051510). - Partially revert 'block: fail op_is_write() requests to (bsc#1125252). - PCI: add USR vendor id and use it in r8169 and w6692 driver (networking-stable-19_01_22). - PCI: Disable broken RTIT_BAR of Intel TH (bsc#1120318). - pci: endpoint: functions: Use memcpy_fromio()/memcpy_toio() (bsc#1051510). - pci-hyperv: increase HV_VP_SET_BANK_COUNT_MAX to handle 1792 vcpus (bsc#1122822). - pci/PME: Fix hotplug/sysfs remove deadlock in pcie_pme_remove() (bsc#1051510). - pci: qcom: Do not deassert reset GPIO during probe (bsc#1129281). - pcrypt: use format specifier in kobject_add (bsc#1051510). - perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805). - perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805). - perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805). - perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805). - perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805). - perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805). - perf/x86/intel: Fix memory corruption (bsc#1121805). - perf/x86/intel: Fix memory corruption (bsc#1121805). - perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805). - perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805). - perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805). - perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805). - perf/x86/intel: Make cpuc allocations consistent (bsc#1121805). - perf/x86/intel: Make cpuc allocations consistent (bsc#1121805). - phonet: af_phonet: Fix Spectre v1 vulnerability (networking-stable-19_01_04). - phy: allwinner: sun4i-usb: poll vbus changes on A23/A33 when driving VBUS (bsc#1051510). - phy: qcom-qmp: Fix failure path in phy_init functions (bsc#1051510). - phy: qcom-qmp: Fix phy pipe clock gating (bsc#1051510). - phy: renesas: rcar-gen3-usb2: fix vbus_ctrl for role sysfs (bsc#1051510). - phy: rockchip-emmc: retry calpad busy trimming (bsc#1051510). - phy: sun4i-usb: add support for missing USB PHY index (bsc#1051510). - phy: tegra: remove redundant self assignment of 'map' (bsc#1051510). - phy: work around 'phys' references to usb-nop-xceiv devices (bsc#1051510). - pinctrl: max77620: Use define directive for max77620_pinconf_param values (bsc#1051510). - pinctrl: meson: fix pull enable register calculation (bsc#1051510). - pinctrl: meson: meson8b: fix the GPIO function for the GPIOAO pins (bsc#1051510). - pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins (bsc#1051510). - pinctrl: meson: meson8: fix the GPIO function for the GPIOAO pins (bsc#1051510). - pinctrl: msm: fix gpio-hog related boot issues (bsc#1051510). - pinctrl: sh-pfc: emev2: Add missing pinmux functions (bsc#1051510). - pinctrl: sh-pfc: r8a7740: Add missing LCD0 marks to lcd0_data24_1 group (bsc#1051510). - pinctrl: sh-pfc: r8a7740: Add missing REF125CK pin to gether_gmii group (bsc#1051510). - pinctrl: sh-pfc: r8a7778: Fix HSPI pin numbers and names (bsc#1051510). - pinctrl: sh-pfc: r8a7791: Fix scifb2_data_c pin group (bsc#1051510). - pinctrl: sh-pfc: r8a7791: Remove bogus ctrl marks from qspi_data4_b group (bsc#1051510). - pinctrl: sh-pfc: r8a7791: Remove bogus marks from vin1_b_data18 group (bsc#1051510). - pinctrl: sh-pfc: r8a7792: Fix vin1_data18_b pin group (bsc#1051510). - pinctrl: sh-pfc: r8a7794: Remove bogus IPSR9 field (bsc#1051510). - pinctrl: sh-pfc: sh7264: Fix PFCR3 and PFCR0 register configuration (bsc#1051510). - pinctrl: sh-pfc: sh7269: Add missing PCIOR0 field (bsc#1051510). - pinctrl: sh-pfc: sh73a0: Add missing TO pin to tpu4_to3 group (bsc#1051510). - pinctrl: sh-pfc: sh73a0: Fix fsic_spdif pin groups (bsc#1051510). - pinctrl: sh-pfc: sh7734: Add missing IPSR11 field (bsc#1051510). - pinctrl: sh-pfc: sh7734: Fix shifted values in IPSR10 (bsc#1051510). - pinctrl: sh-pfc: sh7734: Remove bogus IPSR10 value (bsc#1051510). - pinctrl: sunxi: a64: Rename function csi0 to csi (bsc#1051510). - pinctrl: sunxi: a64: Rename function ts0 to ts (bsc#1051510). - pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11 (bsc#1051510). - pinctrl: sx150x: handle failure case of devm_kstrdup (bsc#1051510). - pktcdvd: Fix possible Spectre-v1 for pkt_devs (bsc#1051510). - platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes (bsc#1051510). - platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK (bsc#1051510). - platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey (bsc#1051510). - platform/x86: Fix unmet dependency warning for SAMSUNG_Q10 (bsc#1051510). - powerpc/64s: Clear on-stack exception marker upon exception return (bsc#1071995). - powerpc: Add an option to disable static PCI bus numbering (bsc#1122159). - powerpc: Always save/restore checkpointed regs during treclaim/trecheckpoint (bsc#1118338). - powerpc/cacheinfo: Report the correct shared_cpu_map on big-cores (bsc#1109695). - powerpc: Detect the presence of big-cores via 'ibm, thread-groups' (bsc#1109695). - powerpc/livepatch: relax reliable stack tracer checks for first-frame (bsc#1071995). - powerpc/livepatch: small cleanups in save_stack_trace_tsk_reliable() (bsc#1071995). - powerpc: make use of for_each_node_by_type() instead of open-coding it (bsc#1109695). - powerpc/powernv: Clear LPCR[PECE1] via stop-api only for deep state offline (bsc#1119766, bsc#1055121). - powerpc/powernv: Clear PECE1 in LPCR via stop-api only on Hotplug (bsc#1119766, bsc#1055121). - powerpc/pseries: export timebase register sample in lparcfg (bsc#1127750). - powerpc/pseries: Perform full re-add of CPU for topology update post-migration (bsc#1125728). - powerpc: Remove facility loadups on transactional {fp, vec, vsx} unavailable (bsc#1118338). - powerpc: Remove redundant FP/Altivec giveup code (bsc#1118338). - powerpc/setup: Add cpu_to_phys_id array (bsc#1109695). - powerpc/smp: Add cpu_l2_cache_map (bsc#1109695). - powerpc/smp: Add Power9 scheduler topology (bsc#1109695). - powerpc/smp: Rework CPU topology construction (bsc#1109695). - powerpc/smp: Use cpu_to_chip_id() to find core siblings (bsc#1109695). - powerpc/tm: Avoid machine crash on rt_sigreturn (bsc#1118338). - powerpc/tm: Do not check for WARN in TM Bad Thing handling (bsc#1118338). - powerpc/tm: Fix comment (bsc#1118338). - powerpc/tm: Fix endianness flip on trap (bsc#1118338). - powerpc/tm: Fix HFSCR bit for no suspend case (bsc#1118338). - powerpc/tm: Fix HTM documentation (bsc#1118338). - powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM (bsc#1118338). - powerpc/tm: P9 disable transactionally suspended sigcontexts (bsc#1118338). - powerpc/tm: Print 64-bits MSR (bsc#1118338). - powerpc/tm: Print scratch value (bsc#1118338). - powerpc/tm: Reformat comments (bsc#1118338). - powerpc/tm: Remove msr_tm_active() (bsc#1118338). - powerpc/tm: Remove struct thread_info param from tm_reclaim_thread() (bsc#1118338). - powerpc/tm: Save MSR to PACA before RFID (bsc#1118338). - powerpc/tm: Set MSR[TS] just prior to recheckpoint (bsc#1118338, bsc#1120955). - powerpc/tm: Unset MSR[TS] if not recheckpointing (bsc#1118338). - powerpc/tm: Update function prototype comment (bsc#1118338). - powerpc: Use cpu_smallcore_sibling_mask at SMT level on bigcores (bsc#1109695). - powerpc/xmon: Fix invocation inside lock region (bsc#1122885). - pptp: dst_release sk_dst_cache in pptp_sock_destruct (git-fixes). - proc/sysctl: do not return ENOMEM on lookup when a table is unregistering (git-fixes). - pseries/energy: Use OF accessor function to read ibm,drc-indexes (bsc#1129080). - pstore/ram: Avoid allocation and leak of platform data (bsc#1051510). - pstore/ram: Avoid NULL deref in ftrace merging failure path (bsc#1051510). - pstore/ram: Correctly calculate usable PRZ bytes (bsc#1051510). - pstore/ram: Do not treat empty buffers as valid (bsc#1051510). - ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl (bsc#1051510). - ptp: Fix pass zero to ERR_PTR() in ptp_clock_register (bsc#1051510). - ptp_kvm: probe for kvm guest availability (bsc#1098382). - ptr_ring: wrap back ->producer in __ptr_ring_swap_queue() (networking-stable-19_01_04). - Put the xhci fix patch to the right place in the sorted section - qed: Avoid constant logical operation warning in qed_vf_pf_acquire (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Avoid implicit enum conversion in qed_iwarp_parse_rx_pkt (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Avoid implicit enum conversion in qed_roce_mode_to_flavor (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Avoid implicit enum conversion in qed_set_tunn_cls_info (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Fix an error code qed_ll2_start_xmit() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix bitmap_weight() check (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix blocking/unlimited SPQ entries leak (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix command number mismatch between driver and the mfw (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Fix mask parameter in qed_vf_prep_tunn_req_tlv (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix memory/entry leak in qed_init_sp_request() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix potential memory corruption (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix PTT leak in qed_drain() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix QM getters to always return a valid pq (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix rdma_info structure allocation (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix reading wrong value in loop condition (bsc#1086314 bsc#1086313 bsc#1086301). - qla2xxx: Fixup dual-protocol FCP connections (bsc#1108870). - qmi_wwan: Added support for Fibocom NL668 series (networking-stable-19_01_04). - qmi_wwan: Added support for Telit LN940 series (networking-stable-19_01_04). - qmi_wwan: add MTU default to qmap network interface (networking-stable-19_01_22). - qmi_wwan: Add support for Fibocom NL678 series (networking-stable-19_01_04). - r8169: Add support for new Realtek Ethernet (networking-stable-19_01_22). - r8169: use PCI_VDEVICE macro (networking-stable-19_01_22). - rapidio/rionet: do not free skb before reading its length (networking-stable-18_12_03). - rbd: do not return 0 on unmap if RBD_DEV_FLAG_REMOVING is set (bsc#1125797). - rcu: Fix up pending cbs check in rcu_prepare_for_idle (git fixes (kernel/rcu)). - rcu: Make need_resched() respond to urgent RCU-QS needs (git fixes (kernel/rcu)). - rdma/core: Fix unwinding flow in case of error to register device (bsc#1046306). - rdma/vmw_pvrdma: Support upto 64-bit PFNs (bsc#1127285). - Refresh patches.suse/scsi-do-not-print-reservation-conflict-for-TEST-UNIT.patch (bsc#1119843) - regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting (bsc#1051510). - regulator: pv88060: Fix array out-of-bounds access (bsc#1051510). - regulator: pv88080: Fix array out-of-bounds access (bsc#1051510). - regulator: pv88090: Fix array out-of-bounds access (bsc#1051510). - regulator: s2mps11: Fix steps for buck7, buck8 and LDO35 (bsc#1051510). - regulator: wm831x-dcdc: Fix list of wm831x_dcdc_ilim from mA to uA (bsc#1051510). - Remove blacklist of virtio patch so we can install it (bsc#1114585) - Revert 'drm/rockchip: Allow driver to be shutdown on reboot/kexec' (bsc#1051510). - Revert 'input: elan_i2c - add acpi ID for touchpad in ASUS Aspire F5-573G' (bsc#1051510). - Revert 'openvswitch: Fix template leak in error cases.' (bsc#1051510). - Revert 'scsi: qla2xxx: Fix NVMe Target discovery' (bsc#1125252). - Revert 'serial: 8250: Fix clearing FIFOs in RS485 mode again' (bsc#1051510). - Revert the previous merge of drm fixes The branch was merged mistakenly and breaks the build. Revert it. - Revert 'xhci: Reset Renesas uPD72020x USB controller for 32-bit DMA issue' (bsc#1120854). - rocker: fix rocker_tlv_put_* functions for KASAN (bsc#1051510). - rpm/kernel-binary.spec.in: fix initrd permissions (bsc#1123697) dracut has been using permissions 0600 for the initrd for a long time. - rpm/kernel-source.changes.old: Really drop old changelogs (bsc#1098995) - rt2800: enable TX_PIN_CFG_RFRX_EN only for MT7620 (bsc#1120902). - rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices (networking-stable-18_12_12). - rxrpc: bad unlock balance in rxrpc_recvmsg (networking-stable-19_02_10). - s390/cio: Fix how vfio-ccw checks pinned pages (git-fixes). - s390/cpum_cf: Reject request for sampling in event initialization (git-fixes). - s390/early: improve machine detection (git-fixes). - s390/ism: clear dmbe_mask bit before SMC IRQ handling (bnc#1117947, LTC#173662). - s390/mm: always force a load of the primary ASCE on context switch (git-fixes). - s390/mm: fix addressing exception after suspend/resume (bsc#1125252). - s390/qeth: cancel close_dev work before removing a card (LTC#175898, bsc#1127561). - s390/qeth: conclude all event processing before offlining a card (LTC#175901, bsc#1127567). - s390/qeth: fix use-after-free in error path (bsc#1127534). - s390/qeth: invoke softirqs after napi_schedule() (git-fixes). - s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU (git-fixes). - s390/smp: fix CPU hotplug deadlock with CPU rescan (git-fixes). - s390/sthyi: Fix machine name validity indication (git-fixes). - s390/zcrypt: fix specification exception on z196 during ap probe (LTC#174936, bsc#1123061). - sata_rcar: fix deferred probing (bsc#1051510). - sbus: char: add of_node_put() (bsc#1051510). - sc16is7xx: Fix for multi-channel stall (bsc#1051510). - sched: Do not re-read h_load_next during hierarchical load calculation (bnc#1120909). - sched/wait: Fix rcuwait_wake_up() ordering (git-fixes). - sched/wake_q: Document wake_q_add() (bsc#1050549). - sched/wake_q: Fix wakeup ordering for wake_q (bsc#1050549). - sched/wake_q: Reduce reference counting for special users (bsc#1050549). - sch_multiq: fix double free on init failure (bsc#1051510). - scsi: core: reset host byte in DID_NEXUS_FAILURE case (bsc#1122764). - scsi: csiostor: remove flush_scheduled_work() (bsc#1127363). - scsi: fix queue cleanup race before queue initialization is done (bsc#1125252). - scsi: ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - scsi: ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton (bsc#1119019). - scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task (bsc#1122192). - scsi: lpfc: Add log messages to aid in debugging fc4type discovery issues (bsc#1121317). - scsi: lpfc: Correct MDS loopback diagnostics support (bsc#1121317). - scsi: lpfc: do not set queue->page_count to 0 if pc_sli4_params.wqpcnt is invalid (bsc#1121317). - scsi: lpfc: Fix discovery failure when PLOGI is defered (bsc#1121317). - scsi: lpfc: Fix link state reporting for trunking when adapter is offline (bsc#1121317). - scsi: lpfc: fix remoteport access (bsc#1125252). - scsi: lpfc: remove an unnecessary NULL check (bsc#1121317). - scsi: lpfc: update fault value on successful trunk events (bsc#1121317). - scsi: lpfc: Update lpfc version to 12.0.0.10 (bsc#1121317). - scsi: mpt3sas: Add ioc_<level> logging macros (bsc#1117108). - scsi: mpt3sas: Annotate switch/case fall-through (bsc#1117108). - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT and reply_q_name to %s: (bsc#1117108). - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT without logging levels (bsc#1117108). - scsi: mpt3sas: Convert mlsleading uses of pr_<level> with MPT3SAS_FMT (bsc#1117108). - scsi: mpt3sas: Convert uses of pr_<level> with MPT3SAS_FMT to ioc_<level> (bsc#1117108). - scsi: mpt3sas: Fix a race condition in mpt3sas_base_hard_reset_handler() (bsc#1117108). - scsi: mpt3sas: Fix indentation (bsc#1117108). - scsi: mpt3sas: Improve kernel-doc headers (bsc#1117108). - scsi: mpt3sas: Introduce struct mpt3sas_nvme_cmd (bsc#1117108). - scsi: mpt3sas: Remove KERN_WARNING from panic uses (bsc#1117108). - scsi: mpt3sas: Remove set-but-not-used variables (bsc#1117108). - scsi: mpt3sas: Remove unnecessary parentheses and simplify null checks (bsc#1117108). - scsi: mpt3sas: Remove unused macro MPT3SAS_FMT (bsc#1117108). - scsi: mpt3sas: Split _base_reset_handler(), mpt3sas_scsih_reset_handler() and mpt3sas_ctl_reset_handler() (bsc#1117108). - scsi: mpt3sas: Swap I/O memory read value back to cpu endianness (bsc#1117108). - scsi: mpt3sas: switch to generic DMA API (bsc#1117108). - scsi: mpt3sas: Use dma_pool_zalloc (bsc#1117108). - scsi: mptsas: Fixup device hotplug for VMWare ESXi (bsc#1129046). - scsi: qedi: Add ep_state for login completion on un-reachable targets (bsc#1113712). - scsi: qla2xxx: Enable FC-NVME on NPIV ports (bsc#1094555). - scsi: qla2xxx: Fix a typo in MODULE_PARM_DESC (bsc#1094555). - scsi: qla2xxx: Fix for FC-NVMe discovery for NPIV port (bsc#1094555). - scsi: qla2xxx: Fix NPIV handling for FC-NVMe (bsc#1094555). - scsi: qla2xxx: Initialize port speed to avoid setting lower speed (bsc#1094555). - scsi: qla2xxx: Modify fall-through annotations (bsc#1094555). - scsi: qla2xxx: Remove unnecessary self assignment (bsc#1094555). - scsi: qla2xxx: Simplify conditional check (bsc#1094555). - scsi: qla2xxx: Timeouts occur on surprise removal of QLogic adapter (bsc#1124985). - scsi: qla2xxx: Update driver version to 10.00.00.12-k (bsc#1094555). - scsi: storvsc: Fix a race in sub-channel creation that can cause panic (). - scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315). - scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315). - scsi: target: make the pi_prot_format ConfigFS path readable (bsc#1123933). - scsi: virtio_scsi: fix pi_bytes{out,in} on 4 KiB block size devices (bsc#1114585). - sctp: add a ceiling to optlen in some sockopts (bnc#1129163). - sctp: improve the events for sctp stream adding (networking-stable-19_02_01). - sctp: improve the events for sctp stream reset (networking-stable-19_02_01). - sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event (networking-stable-19_01_04). - sctp: kfree_rcu asoc (networking-stable-18_12_12). - sd: disable logical block provisioning if 'lbpme' is not set (bsc#1086095 bsc#1078355). - selftests/livepatch: add DYNAMIC_DEBUG config dependency (bsc#1071995). - selftests/livepatch: introduce tests (bsc#1071995). - selftests/powerpc: Use snprintf to construct DSCR sysfs interface paths (bsc#1124579). - selinux: Add __GFP_NOWARN to allocation at str_read() (bsc#1051510). - selinux: always allow mounting submounts (bsc#1051510). - selinux: fix GPF on invalid policy (bsc#1051510). - seq_buf: Make seq_buf_puts() null-terminate the buffer (bsc#1051510). - serial: 8250_pci: Fix number of ports for ACCES serial cards (bsc#1051510). - serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup() (bsc#1051510). - serial: fix race between flush_to_ldisc and tty_open (bsc#1051510). - serial: fsl_lpuart: clear parity enable bit when disable parity (bsc#1051510). - serial: imx: fix error handling in console_setup (bsc#1051510). - serial: set suppress_bind_attrs flag only if builtin (bsc#1051510). - serial/sunsu: fix refcount leak (bsc#1051510). - serial: uartps: Fix interrupt mask issue to handle the RX interrupts properly (bsc#1051510). - serial: uartps: Fix stuck ISR if RX disabled with non-empty FIFO (bsc#1051510). - signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init (git-fixes). - skge: potential memory corruption in skge_get_regs() (bsc#1051510). - sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79 (bsc#1051510). - sky2: Increase D3 delay again (bsc#1051510). - slab: alien caches must not be initialized if the allocation of the alien cache failed (git fixes (mm/slab)). - smb3.1.1 dialect is no longer experimental (bsc#1051510). - smb311: Fix reconnect (bsc#1051510). - smb311: Improve checking of negotiate security contexts (bsc#1051510). - smb3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510). - smb3: allow stats which track session and share reconnects to be reset (bsc#1051510). - smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510). - smb3: check for and properly advertise directory lease support (bsc#1051510). - smb3: directory sync should not return an error (bsc#1051510). - smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510). - smb3: do not request leases in symlink creation and query (bsc#1051510). - smb3: Do not send smb3 SET_INFO if nothing changed (bsc#1051510). - smb3: Enable encryption for SMB3.1.1 (bsc#1051510). - smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510). - smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510). - smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510). - smb3: Fix root directory when server returns inode number of zero (bsc#1051510). - smb3: fix various xid leaks (bsc#1051510). - smb3: Improve security, move default dialect to smb3 from old CIFS (bsc#1051510). - smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510). - smb3: Remove ifdef since smb3 (and later) now STRONGLY preferred (bsc#1051510). - smb3: remove noisy warning message on mount (bsc#1129664). - smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510). - soc: bcm: brcmstb: Do not leak device tree node reference (bsc#1051510). - soc/tegra: Do not leak device tree node reference (bsc#1051510). - splice: do not merge into linked buffers (git-fixes). - staging: comedi: ni_660x: fix missing break in switch statement (bsc#1051510). - staging:iio:ad2s90: Make probe handle spi_setup failure (bsc#1051510). - staging: iio: ad7780: update voltage on read (bsc#1051510). - staging: iio: adc: ad7280a: handle error from __ad7280_read32() (bsc#1051510). - staging: iio: adt7316: allow adt751x to use internal vref for all dacs (bsc#1051510). - staging: iio: adt7316: fix register and bit definitions (bsc#1051510). - staging: iio: adt7316: fix the dac read calculation (bsc#1051510). - staging: iio: adt7316: fix the dac write calculation (bsc#1051510). - staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1 (bsc#1051510). - staging: rtl8723bs: Fix build error with Clang when inlining is disabled (bsc#1051510). - staging: speakup: Replace strncpy with memcpy (bsc#1051510). - staging: wilc1000: fix to set correct value for 'vif_num' (bsc#1051510). - sunrpc: correct the computation for page_ptr when truncating (git-fixes). - sunrpc: Fix a potential race in xprt_connect() (git-fixes). - sunrpc: Fix leak of krb5p encode pages (git-fixes). - sunrpc: handle ENOMEM in rpcb_getport_async (git-fixes). - sunrpc: safely reallow resvport min/max inversion (git-fixes). - svm: Add mutex_lock to protect apic_access_page_done on AMD systems (bsc#1129285). - swiotlb: Add is_swiotlb_active() function (bsc#1120008). - swiotlb: Introduce swiotlb_max_mapping_size() (bsc#1120008). - switchtec: Fix SWITCHTEC_IOCTL_EVENT_IDX_ALL flags overwrite (bsc#1051510). - switchtec: Remove immediate status check after submitting MRPC command (bsc#1051510). - sysfs: Disable lockdep for driver bind/unbind files (bsc#1051510). - tcp: batch tcp_net_metrics_exit (bsc#1122982). - tcp: change txhash on SYN-data timeout (networking-stable-19_01_20). - tcp: Do not underestimate rwnd_limited (networking-stable-18_12_12). - tcp: fix a race in inet_diag_dump_icsk() (networking-stable-19_01_04). - tcp: fix NULL ref in tail loss probe (networking-stable-18_12_12). - tcp: handle inet_csk_reqsk_queue_add() failures (git-fixes). - tcp: lack of available data can also cause TSO defer (git-fixes). - team: avoid complex list operations in team_nl_cmd_options_set() (bsc#1051510). - team: Free BPF filter when unregistering netdev (bsc#1051510). - thermal: do not clear passive state during system sleep (bsc#1051510). - thermal/drivers/hisi: Encapsulate register writes into helpers (bsc#1051510). - thermal/drivers/hisi: Fix configuration register setting (bsc#1051510). - thermal: generic-adc: Fix adc to temp interpolation (bsc#1051510). - thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set (bsc#1051510). - thermal: int340x_thermal: Fix a NULL vs IS_ERR() check (bsc#1051510). - thermal: mediatek: fix register index error (bsc#1051510). - timekeeping: Use proper seqcount initializer (bsc#1051510). - tipc: compare remote and local protocols in tipc_udp_enable() (networking-stable-19_01_04). - tipc: eliminate KMSAN uninit-value in strcmp complaint (bsc#1051510). - tipc: error path leak fixes in tipc_enable_bearer() (bsc#1051510). - tipc: fix a double kfree_skb() (networking-stable-19_01_04). - tipc: fix a race condition of releasing subscriber object (bsc#1051510). - tipc: fix bug in function tipc_nl_node_dump_monitor (bsc#1051510). - tipc: fix infinite loop when dumping link monitor summary (bsc#1051510). - tipc: fix RDM/DGRAM connect() regression (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_bearer_enable (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_doit (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_link_reset_stats (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_link_set (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_name_table_dump (bsc#1051510). - tipc: use lock_sock() in tipc_sk_reinit() (networking-stable-19_01_04). - tpm: fix kdoc for tpm2_flush_context_cmd() (bsc#1051510). - tpm: return a TPM_RC_COMMAND_CODE response if command is not implemented (bsc#1051510). - tpm: Return the actual size when receiving an unsupported command (bsc#1051510). - tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated (bsc#1051510). - tpm/tpm_i2c_infineon: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) (bsc#1051510). - tpm: tpm_i2c_nuvoton: use correct command duration for TPM 2.x (bsc#1051510). - tpm: tpm_try_transmit() refactor error flow (bsc#1051510). - tracing: Do not free iter->trace in fail path of tracing_open_pipe() (bsc#1129581). - tracing/uprobes: Fix output for multiple string arguments (bsc#1126495). - tracing: Use strncpy instead of memcpy for string keys in hist triggers (bsc#1129625). - Tree connect for smb3.1.1 must be signed for non-encrypted shares (bsc#1051510). - tty: Handle problem if line discipline does not have receive_buf (bsc#1051510). - tty: ipwireless: Fix potential NULL pointer dereference (bsc#1051510). - tty/n_hdlc: fix __might_sleep warning (bsc#1051510). - tty/serial: do not free trasnmit buffer page under port lock (bsc#1051510). - tty: serial: samsung: Properly set flags in autoCTS mode (bsc#1051510). - tun: forbid iface creation with rtnl ops (networking-stable-18_12_12). - uart: Fix crash in uart_write and uart_put_char (bsc#1051510). - ucc_geth: Reset BQL queue when stopping device (networking-stable-19_02_01). - ucma: fix a use-after-free in ucma_resolve_ip() (bsc#1051510). - uevent: add alloc_uevent_skb() helper (bsc#1122982). - Update config files. Remove conditional support for smb2 and SMB3: - Update patches.arch/s390-sles15-zcrypt-fix-specification-exception.patch (LTC#174936, bsc#1123060, bsc#1123061). - Update patches.fixes/acpi-nfit-Block-function-zero-DSMs.patch (bsc#1051510, bsc#1121789). - Update patches.fixes/acpi-nfit-Fix-command-supported-detection.patch (bsc#1051510, bsc#1121789). Add more detailed bugzilla reference. - Update patches.kabi/bpf-prevent-memory-disambiguation-attack.patch (bsc#1087082). - Update patches.kabi/bpf-properly-enforce-index-mask-to-prevent-out-of-bo.patch (bsc#1098425). - uprobes: Fix handle_swbp() vs. unregister() + register() race once more (bsc#1051510). - usb: Add new USB LPM helpers (bsc#1120902). - usb: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB (bsc#1120902). - usb: cdc-acm: send ZLP for Telit 3G Intel based modems (bsc#1120902). - usb: Consolidate LPM checks to avoid enabling LPM twice (bsc#1120902). - usb: dwc3: Correct the logic for checking TRB full in __dwc3_prepare_one_trb() (bsc#1051510). - usb: dwc3: gadget: Clear req->needs_extra_trb flag on cleanup (bsc#1120902). - usb: dwc3: gadget: Disable CSP for stream OUT ep (bsc#1051510). - usb: dwc3: gadget: Handle 0 xfer length for OUT EP (bsc#1051510). - usb: dwc3: trace: add missing break statement to make compiler happy (bsc#1120902). - usb: gadget: musb: fix short isoc packets with inventra dma (bsc#1051510). - usb: gadget: udc: net2272: Fix bitwise and boolean operations (bsc#1051510). - usb: hub: delay hub autosuspend if USB3 port is still link training (bsc#1051510). - usb: mtu3: fix the issue about SetFeature(U1/U2_Enable) (bsc#1051510). - usb: musb: dsps: fix otg state machine (bsc#1051510). - usb: musb: dsps: fix runtime pm for peripheral mode (bsc#1120902). - usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2 (networking-stable-18_12_03). - usbnet: smsc95xx: fix rx packet alignment (bsc#1051510). - usb: phy: am335x: fix race condition in _probe (bsc#1051510). - usb: serial: option: add Fibocom NL678 series (bsc#1120902). - usb: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays (bsc#1120902). - usb: serial: pl2303: add new PID to support PL2303TB (bsc#1051510). - usb: serial: simple: add Motorola Tetra TPG2200 device id (bsc#1051510). - usb: storage: add quirk for SMI SM3350 (bsc#1120902). - usb: storage: do not insert sane sense for SPC3+ when bad sense specified (bsc#1120902). - usb: xhci: fix 'broken_suspend' placement in struct xchi_hcd (bsc#1119086). - veth: set peer GSO values (bsc#1051510). - vfio: ccw: fix cleanup if cp_prefetch fails (git-fixes). - vfio: ccw: process ssch with interrupts disabled (git-fixes). - vfs: Add iomap_seek_hole and iomap_seek_data helpers (bsc#1070995). - vfs: Add page_cache_seek_hole_data helper (bsc#1070995). - vfs: in iomap seek_{hole,data}, return -ENXIO for negative offsets (bsc#1070995). - vhost: correctly check the return value of translate_desc() in log_used() (bsc#1051510). - vhost: log dirty page correctly (networking-stable-19_01_26). - vhost: make sure used idx is seen before log in vhost_add_used_n() (networking-stable-19_01_04). - vhost/vsock: fix uninitialized vhost_vsock->guest_cid (bsc#1051510). - video: clps711x-fb: release disp device node in probe() (bsc#1051510). - virtio-blk: Consider virtio_max_dma_size() for maximum segment size (bsc#1120008). - virtio: Introduce virtio_max_dma_size() (bsc#1120008). - virtio_net: Do not call free_old_xmit_skbs for xdp_frames (networking-stable-19_02_01). - virtio-net: fail XDP set if guest csum is negotiated (networking-stable-18_12_03). - virtio-net: keep vnet header zeroed after processing XDP (networking-stable-18_12_12). - virtio/s390: avoid race on vcdev->config (git-fixes). - virtio/s390: fix race in ccw_io_helper() (git-fixes). - vmci: Support upto 64-bit PPNs (bsc#1127286). - vsock: cope with memory allocation failure at socket creation time (bsc#1051510). - vsock: Send reset control packet when socket is partially bound (networking-stable-19_01_04). - vt: invoke notifier on screen size change (bsc#1051510). - vxge: ensure data0 is initialized in when fetching firmware version information (bsc#1051510). - vxlan: Fix GRO cells race condition between receive and link delete (git-fixes). - vxlan: test dev->flags & IFF_UP before calling gro_cells_receive() (git-fixes). - vxlan: update skb dst pmtu on tx path (bsc#1123456). - w90p910_ether: remove incorrect __init annotation (bsc#1051510). - watchdog: docs: kernel-api: do not reference removed functions (bsc#1051510). - watchdog: w83627hf_wdt: Add quirk for Inves system (bsc#1106434). - writeback: do not decrement wb->refcnt if !wb->bdi (git fixes (writeback)). - x86: Add TSX Force Abort CPUID/MSR (bsc#1121805). - x86: Add TSX Force Abort CPUID/MSR (bsc#1121805). - x86/amd_nb: Add PCI device IDs for family 17h, model 30h (). - x86/amd_nb: Add support for newer PCI topologies (). - x86/a.out: Clear the dump structure initially (bsc#1114279). - x86/apic: Provide apic_ack_irq() (bsc#1122822). - x86/boot/e820: Avoid overwriting e820_table_firmware (bsc#1127154). - x86/boot/e820: Introduce the bootloader provided e820_table_firmware[] table (bsc#1127154). - x86/boot/e820: Rename the e820_table_firmware to e820_table_kexec (bsc#1127154). - x86/bugs: Add AMD's variant of SSB_NO (bsc#1114279). - x86/bugs: Update when to check for the LS_CFG SSBD mitigation (bsc#1114279). - x86/efi: Allocate e820 buffer before calling efi_exit_boot_service (bsc#1127307). - x86/efi: Allocate e820 buffer before calling efi_exit_boot_service (bsc#1127307). - x86/Hyper-V: Set x2apic destination mode to physical when x2apic is available (bsc#1122822). - x86/kaslr: Fix incorrect i8254 outb() parameters (bsc#1114279). - x86/kvmclock: set pvti_cpu0_va after enabling kvmclock (bsc#1098382). - x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out() (bsc#1114279). - x86/microcode/amd: Do not falsely trick the late loading mechanism (bsc#1114279). - x86/mm: Drop usage of __flush_tlb_all() in kernel_physical_mapping_init() (bsc#1114279). - x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE (bsc#1114279). - x86/mtrr: Do not copy uninitialized gentry fields back to userspace (bsc#1114279). - x86/pkeys: Properly copy pkey state at fork() (bsc#1129366). - x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls (bsc#1125614). - x86/pvclock: add setter for pvclock_pvti_cpu0_va (bsc#1098382). - x86/resctrl: Fix rdt_find_domain() return value and checks (bsc#1114279). - x86: respect memory size limiting via mem= parameter (bsc#1117645). - x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC variant (bsc#1114279). - x86/speculation: Remove redundant arch_smt_update() invocation (bsc#1114279). - x86/vdso: Remove obsolete 'fake section table' reservation (bsc#1114279). - x86/xen: dont add memory above max allowed allocation (bsc#1117645). - x86/xen/time: Output xen sched_clock time from 0 (bsc#1098382). - x86/xen/time: set pvclock flags on xen_time_init() (bsc#1098382). - x86/xen/time: setup vcpu 0 time info page (bsc#1098382). - xen, cpu_hotplug: Prevent an out of bounds access (bsc#1065600). - xen: fix dom0 boot on huge systems (bsc#1127836). - xen: Fix x86 sched_clock() interface for xen (bsc#1098382). - xen/manage: do not complain about an empty value in control/sysrq node (bsc#1065600). - xen: remove pre-xen3 fallback handlers (bsc#1065600). - xfs: add option to mount with barrier=0 or barrier=1 (bsc#1088133). - xfs: fix contiguous dquot chunk iteration livelock (bsc#1070995). - xfs: remove filestream item xfs_inode reference (bsc#1127961). - xfs: rewrite xfs_dq_get_next_id using xfs_iext_lookup_extent (bsc#1070995). - xhci: Add quirk to zero 64bit registers on Renesas PCIe controllers (bsc#1120854). - xhci: workaround CSS timeout on AMD SNPS 3.0 xHC (bsc#1119086). - xprtrdma: Reset credit grant properly after a disconnect (git-fixes). - Yama: Check for pid death before checking ancestry (bsc#1051510). - yam: fix a missing-check bug (bsc#1051510). - zswap: re-check zswap_is_full() after do zswap_shrink() (bsc#1051510). - xfs: Switch to iomap for SEEK_HOLE / SEEK_DATA (bsc#1070995). Important SUSE bug 1046305 SUSE bug 1046306 SUSE bug 1050252 SUSE bug 1050549 SUSE bug 1051510 SUSE bug 1054610 SUSE bug 1055121 SUSE bug 1056658 SUSE bug 1056662 SUSE bug 1056787 SUSE bug 1060463 SUSE bug 1063638 SUSE bug 1065600 SUSE bug 1068032 SUSE bug 1070995 SUSE bug 1071995 SUSE bug 1074562 SUSE bug 1074578 SUSE bug 1074701 SUSE bug 1075006 SUSE bug 1075419 SUSE bug 1075748 SUSE bug 1078355 SUSE bug 1080039 SUSE bug 1082943 SUSE bug 1083548 SUSE bug 1083647 SUSE bug 1084216 SUSE bug 1086095 SUSE bug 1086282 SUSE bug 1086301 SUSE bug 1086313 SUSE bug 1086314 SUSE bug 1086323 SUSE bug 1087082 SUSE bug 1087084 SUSE bug 1087092 SUSE bug 1087939 SUSE bug 1088133 SUSE bug 1094555 SUSE bug 1098382 SUSE bug 1098425 SUSE bug 1098995 SUSE bug 1102055 SUSE bug 1103429 SUSE bug 1104353 SUSE bug 1106105 SUSE bug 1106434 SUSE bug 1106811 SUSE bug 1107078 SUSE bug 1107665 SUSE bug 1108101 SUSE bug 1108870 SUSE bug 1109695 SUSE bug 1110096 SUSE bug 1110705 SUSE bug 1111666 SUSE bug 1113042 SUSE bug 1113712 SUSE bug 1113722 SUSE bug 1113769 SUSE bug 1113939 SUSE bug 1114279 SUSE bug 1114585 SUSE bug 1114893 SUSE bug 1117108 SUSE bug 1117155 SUSE bug 1117645 SUSE bug 1117947 SUSE bug 1118338 SUSE bug 1119019 SUSE bug 1119086 SUSE bug 1119766 SUSE bug 1119843 SUSE bug 1120008 SUSE bug 1120318 SUSE bug 1120601 SUSE bug 1120758 SUSE bug 1120854 SUSE bug 1120902 SUSE bug 1120909 SUSE bug 1120955 SUSE bug 1121317 SUSE bug 1121726 SUSE bug 1121789 SUSE bug 1121805 SUSE bug 1122019 SUSE bug 1122159 SUSE bug 1122192 SUSE bug 1122292 SUSE bug 1122324 SUSE bug 1122554 SUSE bug 1122662 SUSE bug 1122764 SUSE bug 1122779 SUSE bug 1122822 SUSE bug 1122885 SUSE bug 1122927 SUSE bug 1122944 SUSE bug 1122971 SUSE bug 1122982 SUSE bug 1123060 SUSE bug 1123061 SUSE bug 1123161 SUSE bug 1123317 SUSE bug 1123348 SUSE bug 1123357 SUSE bug 1123456 SUSE bug 1123538 SUSE bug 1123697 SUSE bug 1123882 SUSE bug 1123933 SUSE bug 1124055 SUSE bug 1124204 SUSE bug 1124235 SUSE bug 1124579 SUSE bug 1124589 SUSE bug 1124728 SUSE bug 1124732 SUSE bug 1124735 SUSE bug 1124969 SUSE bug 1124974 SUSE bug 1124975 SUSE bug 1124976 SUSE bug 1124978 SUSE bug 1124979 SUSE bug 1124980 SUSE bug 1124981 SUSE bug 1124982 SUSE bug 1124984 SUSE bug 1124985 SUSE bug 1125109 SUSE bug 1125125 SUSE bug 1125252 SUSE bug 1125315 SUSE bug 1125614 SUSE bug 1125728 SUSE bug 1125780 SUSE bug 1125797 SUSE bug 1125799 SUSE bug 1125800 SUSE bug 1125907 SUSE bug 1125947 SUSE bug 1126131 SUSE bug 1126209 SUSE bug 1126389 SUSE bug 1126393 SUSE bug 1126476 SUSE bug 1126480 SUSE bug 1126481 SUSE bug 1126488 SUSE bug 1126495 SUSE bug 1126555 SUSE bug 1126579 SUSE bug 1126789 SUSE bug 1126790 SUSE bug 1126802 SUSE bug 1126803 SUSE bug 1126804 SUSE bug 1126805 SUSE bug 1126806 SUSE bug 1126807 SUSE bug 1127042 SUSE bug 1127062 SUSE bug 1127082 SUSE bug 1127154 SUSE bug 1127285 SUSE bug 1127286 SUSE bug 1127307 SUSE bug 1127363 SUSE bug 1127493 SUSE bug 1127494 SUSE bug 1127495 SUSE bug 1127496 SUSE bug 1127497 SUSE bug 1127498 SUSE bug 1127534 SUSE bug 1127561 SUSE bug 1127567 SUSE bug 1127595 SUSE bug 1127603 SUSE bug 1127682 SUSE bug 1127731 SUSE bug 1127750 SUSE bug 1127836 SUSE bug 1127961 SUSE bug 1128094 SUSE bug 1128166 SUSE bug 1128351 SUSE bug 1128451 SUSE bug 1128895 SUSE bug 1129046 SUSE bug 1129080 SUSE bug 1129163 SUSE bug 1129179 SUSE bug 1129181 SUSE bug 1129182 SUSE bug 1129183 SUSE bug 1129184 SUSE bug 1129205 SUSE bug 1129281 SUSE bug 1129284 SUSE bug 1129285 SUSE bug 1129291 SUSE bug 1129292 SUSE bug 1129293 SUSE bug 1129294 SUSE bug 1129295 SUSE bug 1129296 SUSE bug 1129326 SUSE bug 1129327 SUSE bug 1129330 SUSE bug 1129363 SUSE bug 1129366 SUSE bug 1129497 SUSE bug 1129519 SUSE bug 1129543 SUSE bug 1129547 SUSE bug 1129551 SUSE bug 1129581 SUSE bug 1129625 SUSE bug 1129664 SUSE bug 1129739 SUSE bug 1129923 SUSE bug 807502 SUSE bug 824948 SUSE bug 828192 SUSE bug 925178 CVE-2017-5753 CVE-2018-20669 CVE-2019-2024 CVE-2019-3459 CVE-2019-3460 CVE-2019-3819 CVE-2019-6974 CVE-2019-7221 CVE-2019-7222 CVE-2019-7308 CVE-2019-8912 CVE-2019-8980 CVE-2019-9213 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ovmf fixes the following issues: Security issues fixed: - CVE-2019-0160: Fixed multiple buffer overflows in UDF-related codes in MdeModulePkg\Universal\Disk\PartitionDxe\Udf.c and MdeModulePkg\Universal\Disk\UdfDxe (bsc#1130267). - CVE-2018-12181: Fixed a stack buffer overflow in the HII database when a corrupted Bitmap was used (bsc#1128503). Moderate SUSE bug 1128503 SUSE bug 1130267 CVE-2018-12181 CVE-2019-0160 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise Server 12 SP4 Azure kernel was updated to fix various issues. The following security bugs were fixed: - CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179). - CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166 1128378 1129016). - CVE-2019-8980: A memory leak in the kernel_read_file function in fs/exec.c allowed attackers to cause a denial of service (memory consumption) by triggering vfs_read failures (bnc#1126209). - CVE-2019-3819: A flaw was found in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ('root') can cause a system lock up and a denial of service. (bnc#1123161). - CVE-2019-8912: af_alg_release() in crypto/af_alg.c neglected to set a NULL value for a certain structure member, which led to a use-after-free in sockfs_setattr (bnc#1125907 1126284). - CVE-2019-7308: kernel/bpf/verifier.c performed undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks (bnc#1124055). - CVE-2019-3459, CVE-2019-3460: The Bluetooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758). - CVE-2019-7221: Fixed a use-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124732). - CVE-2019-7222: Fixed an information leakage in the KVM hypervisor related to handling page fault exceptions, which allowed a guest user/process to use this flaw to leak the host's stack memory contents to a guest (bsc#1124735). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bnc#1124728). - CVE-2018-20669: An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c where a local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation (bnc#1122971). The following non-security bugs were fixed: - 6lowpan: iphc: reset mac_header after decompress to fix panic (bsc#1051510). - 9p: clear dangling pointers in p9stat_free (bsc#1051510). - 9p locks: fix glock.client_id leak in do_lock (bsc#1051510). - 9p/net: fix memory leak in p9_client_create (bsc#1051510). - 9p/net: put a lower bound on msize (bsc#1051510). - 9p: use inode->i_lock to protect i_size_write() under 32-bit (bsc#1051510). - acpi/APEI: Clear GHES block_status before panic() (bsc#1051510). - acpi / device_sysfs: Avoid OF modalias creation for removed device (bsc#1051510). - acpi/nfit: Block function zero DSMs (bsc#1051510). - acpi, nfit: Fix Address Range Scrub completion tracking (bsc#1124969). - acpi/nfit: Fix bus command validation (bsc#1051510). - acpi/nfit: Fix command-supported detection (bsc#1051510). - acpi/nfit: Fix race accessing memdev in nfit_get_smbios_id() (bsc#1122662). - acpi/nfit: Fix user-initiated ARS to be 'ARS-long' rather than 'ARS-short' (bsc#1124969). - acpi: NUMA: Use correct type for printing addresses on i386-PAE (bsc#1051510). - acpi: power: Skip duplicate power resource references in _PRx (bsc#1051510). - acpi / video: Extend chassis-type detection with a 'Lunch Box' check (bsc#1051510). - acpi / video: Refactor and fix dmi_is_desktop() (bsc#1051510). - add 1 entry 2bcbd406715dca256912b9c5ae449c7968f15705 - Add delay-init quirk for Corsair K70 RGB keyboards (bsc#1087092). - add mainline tags for two hyperv iommu patches - Adjust a commit id in a nvme patch to make our scripts happy - af_iucv: Move sockaddr length checks to before accessing sa_family in bind and connect handlers (bsc#1051510). - alsa: bebob: fix model-id of unit for Apogee Ensemble (bsc#1051510). - alsa: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56 (bsc#1051510). - alsa: compress: Fix stop handling on compressed capture streams (bsc#1051510). - alsa: compress: prevent potential divide by zero bugs (bsc#1051510). - alsa: firewire-motu: fix construction of PCM frame for capture direction (bsc#1051510). - alsa: hda - Add mute LED support for HP ProBook 470 G5 (bsc#1051510). - alsa: hda - Add quirk for HP EliteBook 840 G5 (bsc#1051510). - alsa: hda/ca0132 - Fix build error without CONFIG_PCI (bsc#1051510). - alsa: hda/realtek: Disable PC beep in passthrough on alc285 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX362FA with ALC294 (bsc#1051510). - alsa: hda/realtek - Fixed hp_pin no value (bsc#1051510). - alsa: hda/realtek - Fix lose hp_pins for disable auto mute (bsc#1051510). - alsa: hda/realtek - Headset microphone and internal speaker support for System76 oryp5 (bsc#1051510). - alsa: hda/realtek - Headset microphone support for System76 darp5 (bsc#1051510). - alsa: hda/realtek - Reduce click noise on Dell Precision 5820 headphone (bsc#1126131). - alsa: hda/realtek - Use a common helper for hp pin reference (bsc#1051510). - alsa: hda - Serialize codec registrations (bsc#1122944). - alsa: hda - Use standard device registration for beep (bsc#1122944). - alsa: oxfw: add support for APOGEE duet FireWire (bsc#1051510). - alsa: usb-audio: Add Opus #3 to quirks for native DSD support (bsc#1051510). - alsa: usb-audio: Add support for new T+A USB DAC (bsc#1051510). - alsa: usb-audio: Fix implicit fb endpoint setup by quirk (bsc#1051510). - altera-stapl: check for a null key before strcasecmp'ing it (bsc#1051510). - amd-xgbe: Fix mdio access for non-zero ports and clause 45 PHYs (bsc#1122927). - apparmor: Fix aa_label_build() error handling for failed merges (bsc#1051510). - applicom: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - aquantia: Setup max_mtu in ndev to enable jumbo frames (bsc#1051510). - arm64: fault: avoid send SIGBUS two times (bsc#1126393). - arm: 8802/1: Call syscall_trace_exit even when system call skipped (bsc#1051510). - arm: 8808/1: kexec:offline panic_smp_self_stop CPU (bsc#1051510). - arm: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling (bsc#1051510). - arm: 8815/1: V7M: align v7m_dma_inv_range() with v7 counterpart (bsc#1051510). - arm/arm64: KVM: Rename function kvm_arch_dev_ioctl_check_extension() (bsc#1126393). - arm/arm64: KVM: vgic: Force VM halt when changing the active state of GICv3 PPIs/SGIs (bsc#1051510). - arm: cns3xxx: Fix writing to wrong PCI config registers after alignment (bsc#1051510). - arm: cns3xxx: Use actual size reads for PCIe (bsc#1051510). - arm: imx: update the cpu power up timing setting on i.mx6sx (bsc#1051510). - arm: iop32x/n2100: fix PCI IRQ mapping (bsc#1051510). - arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one (bsc#1051510). - arm: mmp/mmp2: fix cpu_is_mmp2() on mmp2-dt (bsc#1051510). - arm: OMAP1: ams-delta: Fix possible use of uninitialized field (bsc#1051510). - arm: OMAP2+: hwmod: Fix some section annotations (bsc#1051510). - arm: OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup (bsc#1051510). - arm: pxa: avoid section mismatch warning (bsc#1051510). - arm: tango: Improve ARCH_MULTIPLATFORM compatibility (bsc#1051510). - ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages (bsc#1051510). - ASoC: dapm: change snprintf to scnprintf for possible overflow (bsc#1051510). - ASoC: dma-sh7760: cleanup a debug printk (bsc#1051510). - ASoC: fsl_esai: fix register setting issue in RIGHT_J mode (bsc#1051510). - ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M (bsc#1051510). - ASoC: imx-audmux: change snprintf to scnprintf for possible overflow (bsc#1051510). - ASoC: imx-sgtl5000: put of nodes if finding codec fails (bsc#1051510). - ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field (bsc#1051510). - ASoC: msm8916-wcd-analog: add missing license information (bsc#1051510). - ASoC: qcom: Fix of-node refcount unbalance in apq8016_sbc_parse_of() (bsc#1051510). - ASoC: rsnd: fixup rsnd_ssi_master_clk_start() user count check (bsc#1051510). - ASoC: rt5514-spi: Fix potential NULL pointer dereference (bsc#1051510). - assoc_array: Fix shortcut creation (bsc#1051510). - ata: ahci: mvebu: remove stale comment (bsc#1051510). - ath9k: Avoid OF no-EEPROM quirks without qca,no-eeprom (bsc#1051510). - ath9k: dynack: check da->enabled first in sampling routines (bsc#1051510). - ath9k: dynack: make ewma estimation faster (bsc#1051510). - ath9k: dynack: use authentication messages for 'late' ack (bsc#1051510). - atm: he: fix sign-extension overflow on large shift (bsc#1051510). - ax25: fix a use-after-free in ax25_fillin_cb() (networking-stable-19_01_04). - ax25: fix possible use-after-free (bsc#1051510). - backlight: pwm_bl: Use gpiod_get_value_cansleep() to get initial (bsc#1113722) - batman-adv: Avoid WARN on net_device without parent in netns (bsc#1051510). - batman-adv: fix uninit-value in batadv_interface_tx() (bsc#1051510). - batman-adv: Force mac header to start of data on xmit (bsc#1051510). - be2net: do not flip hw_features when VXLANs are added/deleted (bsc#1050252). - bio: Introduce BIO_ALLOCED flag and check it in bio_free (bsc#1128094). - blkdev: avoid migration stalls for blkdev pages (bsc#1084216). - blk-mq: fix a hung issue when fsync (bsc#1125252). - blk-mq: fix kernel oops in blk_mq_tag_idle() (bsc#1051510). - block: break discard submissions into the user defined size (git-fixes). - block: cleanup __blkdev_issue_discard() (git-fixes). - block_dev: fix crash on chained bios with O_DIRECT (bsc#1128094). - block_dev: fix crash on chained bios with O_DIRECT (bsc#1128094). - blockdev: Fix livelocks on loop device (bsc#1124984). - block: do not deal with discard limit in blkdev_issue_discard() (git-fixes). - block: do not use bio->bi_vcnt to figure out segment number (bsc#1128895). - block: do not warn when doing fsync on read-only devices (bsc#1125252). - block: fix 32 bit overflow in __blkdev_issue_discard() (git-fixes). - block: fix infinite loop if the device loses discard capability (git-fixes). - block/loop: Use global lock for ioctl() operation (bsc#1124974). - block: make sure discard bio is aligned with logical block size (git-fixes). - block: make sure writesame bio is aligned with logical block size (git-fixes). - block: move bio_integrity_{intervals,bytes} into blkdev.h (bsc#1114585). - block/swim3: Fix -EBUSY error when re-opening device after unmount (git-fixes). - bluetooth: Fix locking in bt_accept_enqueue() for BH context (bsc#1051510). - bluetooth: Fix unnecessary error message for HCI request completion (bsc#1051510). - bnx2x: Assign unique DMAE channel number for FW DMAE transactions (bsc#1086323). - bnx2x: Clear fip MAC when fcoe offload support is disabled (bsc#1086323). - bnx2x: Fix NULL pointer dereference in bnx2x_del_all_vlans() on some hw (bsc#1086323). - bnx2x: Remove configured vlans as part of unload sequence (bsc#1086323). - bnx2x: Send update-svid ramrod with retry/poll flags enabled (bsc#1086323). - bnxt_en: Fix typo in firmware message timeout logic (bsc#1086282 ). - bnxt_en: Wait longer for the firmware message response to complete (bsc#1086282). - bonding: update nest level on unlink (git-fixes). - bpf: decrease usercnt if bpf_map_new_fd() fails in bpf_map_get_fd_by_id() (bsc#1083647). - bpf: drop refcount if bpf_map_new_fd() fails in map_create() (bsc#1083647). - bpf: fix lockdep false positive in percpu_freelist (bsc#1083647). - bpf: fix replace_map_fd_with_map_ptr's ldimm64 second imm field (bsc#1083647). - bpf: fix sanitation rewrite in case of non-pointers (bsc#1083647). - bpf: Fix syscall's stackmap lookup potential deadlock (bsc#1083647). - bpf, lpm: fix lookup bug in map_delete_elem (bsc#1083647). - bpf/verifier: fix verifier instability (bsc#1056787). - bsg: allocate sense buffer if requested (bsc#1106811). - bsg: Do not copy sense if no response buffer is allocated (bsc#1106811,bsc#1126555). - btrfs: dedupe_file_range ioctl: remove 16MiB restriction (bsc#1127494). - btrfs: do not unnecessarily pass write_lock_level when processing leaf (bsc#1126802). - btrfs: ensure that a DUP or RAID1 block group has exactly two stripes (bsc#1128451). - btrfs: fix clone vs chattr NODATASUM race (bsc#1127497). - btrfs: fix corruption reading shared and compressed extents after hole punching (bsc#1126476). - btrfs: fix deadlock when allocating tree block during leaf/node split (bsc#1126806). - btrfs: fix deadlock when using free space tree due to block group creation (bsc#1126804). - btrfs: fix fsync after succession of renames and unlink/rmdir (bsc#1126488). - btrfs: fix fsync after succession of renames of different files (bsc#1126481). - btrfs: fix invalid-free in btrfs_extent_same (bsc#1127498). - btrfs: fix reading stale metadata blocks after degraded raid1 mounts (bsc#1126803). - btrfs: fix use-after-free of cmp workspace pages (bsc#1127603). - btrfs: grab write lock directly if write_lock_level is the max level (bsc#1126802). - btrfs: Improve btrfs_search_slot description (bsc#1126802). - btrfs: move get root out of btrfs_search_slot to a helper (bsc#1126802). - btrfs: qgroup: Cleanup old subtree swap code (bsc#1063638). - btrfs: qgroup: Do not trace subtree if we're dropping reloc tree (bsc#1063638). - btrfs: qgroup: Finish rescan when hit the last leaf of extent tree (bsc#1129327). - btrfs: qgroup: Fix root item corruption when multiple same source snapshots are created with quota enabled (bsc#1122324). - btrfs: qgroup: Introduce function to find all new tree blocks of reloc tree (bsc#1063638). - btrfs: qgroup: Introduce function to trace two swaped extents (bsc#1063638). - btrfs: qgroup: Introduce per-root swapped blocks infrastructure (bsc#1063638). - btrfs: qgroup: Introduce trace event to analyse the number of dirty extents accounted (bsc#1063638 dependency). - btrfs: qgroup: Make qgroup async transaction commit more aggressive (bsc#1113042). - btrfs: qgroup: Only trace data extents in leaves if we're relocating data block group (bsc#1063638). - btrfs: qgroup: Refactor btrfs_qgroup_trace_subtree_swap (bsc#1063638). - btrfs: qgroup: Search commit root for rescan to avoid missing extent (bsc#1129326). - btrfs: qgroup: Use delayed subtree rescan for balance (bsc#1063638). - btrfs: qgroup: Use generation-aware subtree swap to mark dirty extents (bsc#1063638). - btrfs: quota: Set rescan progress to (u64)-1 if we hit last leaf (bsc#1129327). - btrfs: relocation: Delay reloc tree deletion after merge_reloc_roots (bsc#1063638). - btrfs: reloc: Fix NULL pointer dereference due to expanded reloc_root lifespan (bsc#1129497). - btrfs: remove always true check in unlock_up (bsc#1126802). - btrfs: remove superfluous free_extent_buffer in read_block_for_search (bsc#1126802). - btrfs: remove unnecessary level check in balance_level (bsc#1126802). - btrfs: remove unused check of skip_locking (bsc#1126802). - btrfs: reuse cmp workspace in EXTENT_SAME ioctl (bsc#1127495). - btrfs: send, fix race with transaction commits that create snapshots (bsc#1126802). - btrfs: simplify IS_ERR/PTR_ERR checks (bsc#1126481). - btrfs: split btrfs_extent_same (bsc#1127493). - btrfs: use kvzalloc for EXTENT_SAME temporary data (bsc#1127496). - btrfs: use more straightforward extent_buffer_uptodate check (bsc#1126802). - can: bcm: check timer values before ktime conversion (bsc#1051510). - can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it (bsc#1051510). - can: gw: ensure DLC boundaries after CAN frame modification (bsc#1051510). - cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader (bsc#1051510). - cdc-wdm: pass return value of recover_from_urb_loss (bsc#1051510). - ceph: avoid repeatedly adding inode to mdsc->snap_flush_list (bsc#1126790). - ceph: clear inode pointer when snap realm gets dropped by its inode (bsc#1125799). - cfg80211: extend range deviation for DMG (bsc#1051510). - ch: add missing mutex_lock()/mutex_unlock() in ch_release() (bsc#1124235). - char/mwave: fix potential Spectre v1 vulnerability (bsc#1051510). - checkstack.pl: fix for aarch64 (bsc#1051510). - ch: fixup refcounting imbalance for SCSI devices (bsc#1124235). - cifs: add missing debug entries for kconfig options (bsc#1051510). - cifs: add missing support for ACLs in SMB 3.11 (bsc#1051510). - cifs: add sha512 secmech (bsc#1051510). - cifs: Add support for reading attributes on SMB2+ (bsc#1051510). - cifs: Add support for writing attributes on SMB2+ (bsc#1051510). - cifs: Always resolve hostname before reconnecting (bsc#1051510). - cifs: connect to servername instead of IP for IPC$ share (bsc#1051510). - cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510). - cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510). - cifs: Fix error mapping for SMB2_LOCK command which caused OFD lock problem (bsc#1051510). - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510). - cifs: Fix NULL pointer dereference of devname (bnc#1129519). - cifs: fix return value for cifs_listxattr (bsc#1051510). - cifs: Fix separator when building path from dentry (bsc#1051510). - cifs: fix set info (bsc#1051510). - cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510). - cifs: fix wrapping bugs in num_entries() (bsc#1051510). - cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510). - cifs: hide unused functions (bsc#1051510). - cifs: hide unused functions (bsc#1051510). - cifs: implement v3.11 preauth integrity (bsc#1051510). - cifs: invalidate cache when we truncate a file (bsc#1051510). - cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510). - cifs: OFD locks do not conflict with eachothers (bsc#1051510). - cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510). - cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510). - cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510). - cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510). - cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510). - cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510). - cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510). - cifs: Use ULL suffix for 64-bit constant (bsc#1051510). - clk: armada-370: fix refcount leak in a370_clk_init() (bsc#1051510). - clk: armada-xp: fix refcount leak in axp_clk_init() (bsc#1051510). - clk: dove: fix refcount leak in dove_clk_init() (bsc#1051510). - clk: highbank: fix refcount leak in hb_clk_init() (bsc#1051510). - clk: imx6q: fix refcount leak in imx6q_clocks_init() (bsc#1051510). - clk: imx6q: reset exclusive gates on init (bsc#1051510). - clk: imx6sl: ensure MMDC CH0 handshake is bypassed (bsc#1051510). - clk: imx6sx: fix refcount leak in imx6sx_clocks_init() (bsc#1051510). - clk: imx7d: fix refcount leak in imx7d_clocks_init() (bsc#1051510). - clk: kirkwood: fix refcount leak in kirkwood_clk_init() (bsc#1051510). - clk: mv98dx3236: fix refcount leak in mv98dx3236_clk_init() (bsc#1051510). - clk: qoriq: fix refcount leak in clockgen_init() (bsc#1051510). - clk: rockchip: fix typo in rk3188 spdif_frac parent (bsc#1051510). - clk: samsung: exynos4: fix refcount leak in exynos4_get_xom() (bsc#1051510). - clk: socfpga: fix refcount leak (bsc#1051510). - clk: sunxi: A31: Fix wrong AHB gate number (bsc#1051510). - clk: sunxi-ng: a33: Set CLK_SET_RATE_PARENT for all audio module clocks (bsc#1051510). - clk: sunxi-ng: enable so-said LDOs for A64 SoC's pll-mipi clock (bsc#1051510). - clk: sunxi-ng: h3/h5: Fix CSI_MCLK parent (bsc#1051510). - clk: sunxi-ng: sun8i-a23: Enable PLL-MIPI LDOs when ungating it (bsc#1051510). - clk: uniphier: Fix update register for CPU-gear (bsc#1051510). - clk: vf610: fix refcount leak in vf610_clocks_init() (bsc#1051510). - clocksource/drivers/exynos_mct: Fix error path in timer resources initialization (bsc#1051510). - clocksource/drivers/integrator-ap: Add missing of_node_put() (bsc#1051510). - clocksource/drivers/sun5i: Fail gracefully when clock rate is unavailable (bsc#1051510). - configfs: fix registered group removal (bsc#1051510). - copy_mount_string: Limit string length to PATH_MAX (bsc#1082943). - cpufreq: Cap the default transition delay value to 10 ms (bsc#1127042). - cpufreq: conservative: Take limits changes into account properly (bsc#1051510). - cpufreq: governor: Avoid accessing invalid governor_data (bsc#1051510). - cpufreq: governor: Drop min_sampling_rate (bsc#1127042). - cpufreq: governor: Ensure sufficiently large sampling intervals (bsc#1127042). - cpufreq: imx6q: add return value check for voltage scale (bsc#1051510). - cpufreq: Use transition_delay_us for legacy governors as well (bsc#1127042). - cpuidle: big.LITTLE: fix refcount leak (bsc#1051510). - cramfs: fix abad comparison when wrap-arounds occur (bsc#1051510). - crypto: aes_ti - disable interrupts while accessing S-box (bsc#1051510). - crypto: ahash - fix another early termination in hash walk (bsc#1051510). - crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling (bsc#1051510). - crypto: arm/crct10dif - revert to C code for short inputs (bsc#1051510). - crypto: authencesn - Avoid twice completion call in decrypt path (bsc#1051510). - crypto: authenc - fix parsing key with misaligned rta_len (bsc#1051510). - crypto: bcm - convert to use crypto_authenc_extractkeys() (bsc#1051510). - crypto: brcm - Fix some set-but-not-used warning (bsc#1051510). - crypto: caam - fixed handling of sg list (bsc#1051510). - crypto: caam - fix zero-length buffer DMA mapping (bsc#1051510). - crypto: cavium/zip - fix collision with generic cra_driver_name (bsc#1051510). - crypto: crypto4xx - add missing of_node_put after of_device_is_available (bsc#1051510). - crypto: crypto4xx - Fix wrong ppc4xx_trng_probe()/ppc4xx_trng_remove() arguments (bsc#1051510). - crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails (bsc#1051510). - crypto: testmgr - skip crc32c context test for ahash algorithms (bsc#1051510). - crypto: tgr192 - fix unaligned memory access (bsc#1051510). - crypto: user - support incremental algorithm dumps (bsc#1120902). - crypto: ux500 - Use proper enum in cryp_set_dma_transfer (bsc#1051510). - crypto: ux500 - Use proper enum in hash_set_dma_transfer (bsc#1051510). - cw1200: drop useless LIST_HEAD (bsc#1051510). - cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan() (bsc#1051510). - cw1200: fix missing unlock on error in cw1200_hw_scan() (bsc#1051510). - dccp: fool proof ccid_hc_[rt]x_parse_options() (bsc#1051510). - debugfs: fix debugfs_rename parameter checking (bsc#1051510). - dlm: Do not swamp the CPU with callbacks queued during recovery (bsc#1051510). - dlm: fixed memory leaks after failed ls_remove_names allocation (bsc#1051510). - dlm: lost put_lkb on error path in receive_convert() and receive_unlock() (bsc#1051510). - dlm: memory leaks on error path in dlm_user_request() (bsc#1051510). - dlm: possible memory leak on error path in create_lkb() (bsc#1051510). - dmaengine: at_hdmac: drop useless LIST_HEAD (bsc#1051510). - dmaengine: at_hdmac: fix memory leak in at_dma_xlate() (bsc#1051510). - dmaengine: at_hdmac: fix module unloading (bsc#1051510). - dmaengine: at_xdmac: Fix wrongfull report of a channel as in use (bsc#1051510). - dmaengine: bcm2835: Fix abort of transactions (bsc#1051510). - dmaengine: bcm2835: Fix interrupt race on RT (bsc#1051510). - dmaengine: dma-jz4780: Return error if not probed from DT (bsc#1051510). - dmaengine: dmatest: Abort test in case of mapping error (bsc#1051510). - dmaengine: dw: drop useless LIST_HEAD (bsc#1051510). - dmaengine: dw: Fix FIFO size for Intel Merrifield (bsc#1051510). - dmaengine: imx-dma: fix wrong callback invoke (bsc#1051510). - dmaengine: mv_xor: Use correct device for DMA API (bsc#1051510). - dmaengine: pl330: drop useless LIST_HEAD (bsc#1051510). - dmaengine: sa11x0: drop useless LIST_HEAD (bsc#1051510). - dmaengine: st_fdma: drop useless LIST_HEAD (bsc#1051510). - dmaengine: stm32-dma: fix incomplete configuration in cyclic mode (bsc#1051510). - dmaengine: xilinx_dma: Remove __aligned attribute on zynqmp_dma_desc_ll (bsc#1051510). - dma: Introduce dma_max_mapping_size() (bsc#1120008). - dm cache metadata: verify cache has blocks in blocks_are_clean_separate_dirty() (git-fixes). - dm: call blk_queue_split() to impose device limits on bios (git-fixes). - dm: do not allow readahead to limit IO size (git-fixes). - dm thin: send event about thin-pool state change _after_ making it (git-fixes). - dm zoned: Fix target BIO completion handling (git-fixes). - doc: rcu: Suspicious RCU usage is a warning (bsc#1051510). - doc/README.SUSE: Correct description for building a kernel (bsc#1123348) - Do not log confusing message on reconnect by default (bsc#1129664). - Do not log expected error on DFS referral request (bsc#1051510). - driver core: Do not resume suppliers under device_links_write_lock() (bsc#1051510). - driver core: Move async_synchronize_full call (bsc#1051510). - drivers: core: Remove glue dirs from sysfs earlier (bsc#1051510). - drivers: hv: vmbus: Check for ring when getting debug info (bsc#1126389, bsc#1126579). - drivers: hv: vmbus: preserve hv_ringbuffer_get_debuginfo kABI (bsc#1126389, bsc#1126579). - drivers: hv: vmbus: Remove the useless API vmbus_get_outgoing_channel() (bsc#1127577). - drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels (bsc#1126389, bsc#1126579). - drivers/misc/sgi-gru: fix Spectre v1 vulnerability (bsc#1051510). - drivers/net/ethernet/qlogic/qed/qed_rdma.h: fix typo (bsc#1086314 bsc#1086313 bsc#1086301 ). - drivers/sbus/char: add of_node_put() (bsc#1051510). - drm/amdgpu: Add delay after enable RLC ucode (bsc#1051510). - drm/ast: Fix connector leak during driver unload (bsc#1051510). - drm/ast: fixed reading monitor EDID not stable issue (bsc#1051510). - drm/atomic-helper: Complete fake_commit->flip_done potentially earlier (bsc#1051510). - drm: Block fb changes for async plane updates (bsc#1051510). - drm/bridge: tc358767: add defines for DP1_SRCCTRL & PHY_2LANE (bsc#1051510). - drm/bridge: tc358767: fix initial DP0/1_SRCCTRL value (bsc#1051510). - drm/bridge: tc358767: fix output H/V syncs (bsc#1051510). - drm/bridge: tc358767: fix single lane configuration (bsc#1051510). - drm/bridge: tc358767: reject modes which require too much BW (bsc#1051510). - drm/bufs: Fix Spectre v1 vulnerability (bsc#1051510). - drm: Clear state->acquire_ctx before leaving drm_atomic_helper_commit_duplicated_state() (bsc#1051510). - drm: disable uncached DMA optimization for ARM and arm64 (bsc#1051510). - drm/etnaviv: NULL vs IS_ERR() buf in etnaviv_core_dump() (bsc#1113722) - drm/etnaviv: potential NULL dereference (bsc#1113722) - drm/fb-helper: Partially bring back workaround for bugs of SDL 1.2 (bsc#1113722) - drm: Fix error handling in drm_legacy_addctx (bsc#1113722) - drm/i915: Block fbdev HPD processing during suspend (bsc#1113722) - drm/i915/fbdev: Actually configure untiled displays (bsc#1113722) - drm/i915: Flush GPU relocs harder for gen3 (bsc#1113722) - drm/i915/gvt: Fix mmap range check (bsc#1120902) - drm/i915/gvt: free VFIO region space in vgpu detach (bsc#1113722) - drm/i915/gvt: release shadow batch buffer and wa_ctx before destroy one workload (bsc#1051510). - drm/i915/opregion: fix version check (bsc#1113722) - drm/i915/opregion: rvda is relative from opregion base in opregion (bsc#1113722) - drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set (bsc#1113722) - drm/i915: Redefine some Whiskey Lake SKUs (bsc#1051510). - drm/i915: Use the correct crtc when sanitizing plane mapping (bsc#1113722) - drm/meson: add missing of_node_put (bsc#1051510). - drm/modes: Prevent division by zero htotal (bsc#1051510). - drm/msm: Fix error return checking (bsc#1051510). - drm/msm: Grab a vblank reference when waiting for commit_done (bsc#1051510). - drm/msm: Unblock writer if reader closes file (bsc#1051510). - drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON (bsc#1113722) - drm/nouveau: Do not spew kernel WARNING for each timeout (bsc#1126480). - drm/nouveau: Do not WARN_ON VCPI allocation failures (bsc#1113722) - drm/nouveau/falcon: avoid touching registers if engine is off (bsc#1051510). - drm/nouveau/pmu: do not print reply values if exec is false (bsc#1113722) - drm/nouveau/tmr: detect stalled gpu timer and break out of waits (bsc#1123538). - drm/radeon/evergreen_cs: fix missing break in switch statement (bsc#1113722) - drm: Reorder set_property_atomic to avoid returning with an active ww_ctx (bsc#1051510). - drm/rockchip: fix for mailbox read size (bsc#1051510). - drm/shmob: Fix return value check in shmob_drm_probe (bsc#1113722) - drm/sun4i: tcon: Prepare and enable TCON channel 0 clock at init (bsc#1051510). - drm/vmwgfx: Do not double-free the mode stored in par->set_mode (bsc#1103429) - drm/vmwgfx: Fix setting of dma masks (bsc#1120902) - drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user (bsc#1120902) - e1000e: allow non-monotonic SYSTIM readings (bsc#1051510). - earlycon: Initialize port->uartclk based on clock-frequency property (bsc#1051510). - earlycon: Remove hardcoded port->uartclk initialization in of_setup_earlycon (bsc#1051510). - Enable CONFIG_RDMA_RXE=m also for ppc64le (bsc#1107665,) - Enable livepatch test drivers in lib/ Livepatch kselftests need those. - enic: fix build warning without CONFIG_CPUMASK_OFFSTACK (bsc#1051510). - enic: fix checksum validation for IPv6 (bsc#1051510). - esp6: fix memleak on error path in esp6_input (bsc#1051510). - esp: Fix locking on page fragment allocation (bsc#1051510). - esp: Fix memleaks on error paths (bsc#1051510). - esp: Fix skb tailroom calculation (bsc#1051510). - exportfs: do not read dentry after free (bsc#1051510). - ext4: avoid kernel warning when writing the superblock to a dead device (bsc#1124981). - ext4: check for shutdown and r/o file system in ext4_write_inode() (bsc#1124978). - ext4: fix a potential fiemap/page fault deadlock w/ inline_data (bsc#1124980). - ext4: Fix crash during online resizing (bsc#1122779). - ext4: force inode writes when nfsd calls commit_metadata() (bsc#1125125). - ext4: include terminating u32 in size of xattr entries when expanding inodes (bsc#1124976). - ext4: make sure enough credits are reserved for dioread_nolock writes (bsc#1124979). - ext4: track writeback errors using the generic tracking infrastructure (bsc#1124982). - fat: validate ->i_start before using (bsc#1051510). - fbdev: chipsfb: remove set but not used variable 'size' (bsc#1113722) - firmware/efi: Add NULL pointer checks in efivars API functions (bsc#1051510). - Fix kabi issues with new transport sharing code (bsc#1114893). - Fix problem with sharetransport= and NFSv4 (bsc#1114893). - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510). - floppy: check_events callback should not return a negative number (bsc#1051510). - fork: do not copy inconsistent signal handler state to child (bsc#1051510). - fork: record start_time late (git-fixes). - fork: unconditionally clear stack on fork (git-fixes). - fs/cifs: require sha512 (bsc#1051510). - fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() (git-fixes). - fuse: call pipe_buf_release() under pipe lock (bsc#1051510). - fuse: continue to send FUSE_RELEASEDIR when FUSE_OPEN returns ENOSYS (bsc#1051510). - fuse: decrement NR_WRITEBACK_TEMP on the right page (bsc#1051510). - fuse: handle zero sized retrieve correctly (bsc#1051510). - futex: Fix (possible) missed wakeup (bsc#1050549). - gdrom: fix a memory leak bug (bsc#1051510). - geneve: cleanup hard coded value for Ethernet header length (bsc#1123456). - geneve: correctly handle ipv6.disable module parameter (bsc#1051510). - geneve, vxlan: Do not check skb_dst() twice (bsc#1123456). - geneve, vxlan: Do not set exceptions if skb->len < mtu (bsc#1123456). - genwqe: Fix size check (bsc#1051510). - gfs2: Revert 'Fix loop in gfs2_rbm_find' (bsc#1120601). - gianfar: fix a flooded alignment reports because of padding issue (bsc#1051510). - gianfar: Fix Rx byte accounting for ndev stats (bsc#1051510). - gianfar: prevent integer wrapping in the rx handler (bsc#1051510). - gpio: altera-a10sr: Set proper output level for direction_output (bsc#1051510). - gpio: pcf857x: Fix interrupts on multiple instances (bsc#1051510). - gpio: pl061: handle failed allocations (bsc#1051510). - gpio: pl061: Move irq_chip definition inside struct pl061 (bsc#1051510). - gpio: vf610: Mask all GPIO interrupts (bsc#1051510). - gpu: ipu-v3: Fix CSI offsets for imx53 (bsc#1113722) - gpu: ipu-v3: Fix i.MX51 CSI control registers offset (bsc#1113722) - gpu: ipu-v3: image-convert: Prevent race between run and unprepare (bsc#1051510). - gro_cell: add napi_disable in gro_cells_destroy (networking-stable-19_01_04). - gro_cells: make sure device is up in gro_cells_receive() (git-fixes). - hfs: do not free node before using (bsc#1051510). - hfsplus: do not free node before using (bsc#1051510). - hfsplus: prevent btree data loss on root split (bsc#1051510). - hfs: prevent btree data loss on root split (bsc#1051510). - hid: lenovo: Add checks to fix of_led_classdev_register (bsc#1051510). - hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable (git-fixes). - hvc_opal: do not set tb_ticks_per_usec in udbg_init_opal_common() (bsc#1051510). - hv_uio_generic: map ringbuffer phys addr (bsc#1127577). - hv: v4.12 API for hyperv-iommu (bsc#1122822). - hwmon/k10temp: Add support for AMD family 17h, model 30h CPUs (). - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (). - hwmon: (lm80) fix a missing check of bus read in lm80 probe (bsc#1051510). - hwmon: (lm80) fix a missing check of the status of SMBus read (bsc#1051510). - hwmon: (lm80) Fix missing unlock on error in set_fan_div() (bsc#1051510). - hwmon: (tmp421) Correct the misspelling of the tmp442 compatible attribute in OF device ID table (bsc#1051510). - hyperv/IOMMU: Add Hyper-V stub IOMMU driver (bsc#1122822). - i2c-axxia: check for error conditions first (bsc#1051510). - i2c: bcm2835: Clear current buffer pointers and counts after a transfer (bsc#1051510). - i2c: cadence: Fix the hold bit setting (bsc#1051510). - i2c: dev: prevent adapter retries and timeout being set as minus value (bsc#1051510). - i2c: omap: Use noirq system sleep pm ops to idle device for suspend (bsc#1051510). - i2c: sh_mobile: add support for r8a77990 (R-Car E3) (bsc#1051510). - i40e: fix mac filter delete when setting mac address (bsc#1056658 bsc#1056662). - i40e: report correct statistics when XDP is enabled (bsc#1056658 bsc#1056662). - i40e: restore NETIF_F_GSO_IPXIP to netdev features (bsc#1056658 bsc#1056662). - ib/core: Destroy QP if XRC QP fails (bsc#1046306). - ib/core: Fix potential memory leak while creating MAD agents (bsc#1046306). - ib/core: Unregister notifier before freeing MAD security (bsc#1046306). - ib/hfi1: Close race condition on user context disable and close (bsc#1060463). - ib/mlx5: Unmap DMA addr from HCA before IOMMU (bsc#1046305 ). - ibmveth: Do not process frames after calling napi_reschedule (bcs#1123357). - ibmveth: fix DMA unmap error in ibmveth_xmit_start error path (networking-stable-19_01_04). - ibmvnic: Add ethtool private flag for driver-defined queue limits (bsc#1121726). - ibmvnic: Increase maximum queue size limit (bsc#1121726). - ibmvnic: Introduce driver limits for ring sizes (bsc#1121726). - ibmvnic: Report actual backing device speed and duplex values (bsc#1129923). - ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton (bsc#1119019). - ide: pmac: add of_node_put() (bsc#1051510). - ieee802154: ca8210: fix possible u8 overflow in ca8210_rx_done (bsc#1051510). - ieee802154: lowpan_header_create check must check daddr (networking-stable-19_01_04). - igb: Fix an issue that PME is not enabled during runtime suspend (bsc#1051510). - iio: accel: kxcjk1013: Add KIOX010A ACPI Hardware-ID (bsc#1051510). - iio: adc: exynos-adc: Fix NULL pointer exception on unbind (bsc#1051510). - iio: chemical: atlas-ph-sensor: correct IIO_TEMP values to millicelsius (bsc#1051510). - input: bma150 - register input device after setting private data (bsc#1051510). - input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G (bsc#1051510). - input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK (bsc#1051510). - input: elan_i2c - add id for touchpad found in Lenovo s21e-20 (bsc#1051510). - input: elantech - enable 3rd button support on Fujitsu CELSIUS H780 (bsc#1051510). - input: omap-keypad - fix idle configuration to not block SoC idle states (bsc#1051510). - input: raspberrypi-ts - fix link error (git-fixes). - input: raspberrypi-ts - select CONFIG_INPUT_POLLDEV (git-fixes). - input: restore EV_ABS ABS_RESERVED (bsc#1051510). - input: synaptics - enable RMI on ThinkPad T560 (bsc#1051510). - input: synaptics - enable SMBus for HP EliteBook 840 G4 (bsc#1051510). - input: wacom_serial4 - add support for Wacom ArtPad II tablet (bsc#1051510). - input: xpad - add support for SteelSeries Stratus Duo (bsc#1111666). - intel_th: Do not reference unassigned outputs (bsc#1051510). - intel_th: gth: Fix an off-by-one in output unassigning (bsc#1051510). - iomap: fix integer truncation issues in the zeroing and dirtying helpers (bsc#1125947). - iomap: warn on zero-length mappings (bsc#1127062). - iommu/amd: Call free_iova_fast with pfn in map_sg (bsc#1106105). - iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#1106105). - iommu/amd: Unmap all mapped pages in error path of map_sg (bsc#1106105). - iommu/dmar: Fix buffer overflow during PCI bus notification (bsc#1129181). - iommu: Document iommu_ops.is_attach_deferred() (bsc#1129182). - iommu/io-pgtable-arm-v7s: Only kmemleak_ignore L2 tables (bsc#1129205). - iommu/vt-d: Check identity map for hot-added devices (bsc#1129183). - iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions() (bsc#1106105). - iommu/vt-d: Fix NULL pointer reference in intel_svm_bind_mm() (bsc#1129184). - ip6mr: Fix potential Spectre v1 vulnerability (networking-stable-19_01_04). - ip6_tunnel: get the min mtu properly in ip6_tnl_xmit (bsc#1123456). - ip6_tunnel: use the right value for ipv4 min mtu check in ip6_tnl_xmit (bsc#1123456). - ipmi:pci: Blacklist a Realtek 'IPMI' device (git-fixes). - ipmi:ssif: Fix handling of multi-part return messages (bsc#1051510). - ip: on queued skb use skb_header_pointer instead of pskb_may_pull (git-fixes). - ipsec: check return value of skb_to_sgvec always (bsc#1051510). - ipv4: Fix potential Spectre v1 vulnerability (networking-stable-19_01_04). - ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes (networking-stable-18_12_12). - ipv4: speedup ipv6 tunnels dismantle (bsc#1122982). - ipv6: addrlabel: per netns list (bsc#1122982). - ipv6: Check available headroom in ip6_xmit() even without options (networking-stable-18_12_12). - ipv6: Consider sk_bound_dev_if when binding a socket to an address (networking-stable-19_02_01). - ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address (networking-stable-19_01_22). - ipv6: explicitly initialize udp6_addr in udp_sock_create6() (networking-stable-19_01_04). - ipv6: fix kernel-infoleak in ipv6_local_error() (networking-stable-19_01_20). - ipv6: speedup ipv6 tunnels dismantle (bsc#1122982). Refresh patches.suse/ip6_vti-fix-a-null-pointer-deference-when-destroy-vt.patch - ipv6: sr: properly initialize flowi6 prior passing to ip6_route_output (networking-stable-18_12_12). - ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses (networking-stable-19_01_22). - ipv6: tunnels: fix two use-after-free (networking-stable-19_01_04). - ip: validate header length on virtual device xmit (networking-stable-19_01_04). - ipvlan, l3mdev: fix broken l3s mode wrt local routes (networking-stable-19_02_01). - irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size (bsc#1051510). - irqchip/gic-v3-its: Do not bind LPI to unavailable NUMA node (bsc#1051510). - irqchip/gic-v3-its: Fix ITT_entry_size accessor (bsc#1051510). - iscsi target: fix session creation failure handling (bsc#1051510). - isdn: avm: Fix string plus integer warning from Clang (bsc#1051510). - isdn: fix kernel-infoleak in capi_unlocked_ioctl (bsc#1051510). - isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw() (bsc#1051510). - isdn: i4l: isdn_tty: Fix some concurrency double-free bugs (bsc#1051510). - iser: set sector for ambiguous mr status errors (bsc#1051510). - iwlwifi: mvm: avoid possible access out of array (bsc#1051510). - iwlwifi: mvm: fix A-MPDU reference assignment (bsc#1051510). - iwlwifi: mvm: fix RSS config command (bsc#1051510). - iwlwifi: pcie: fix emergency path (bsc#1051510). - iwlwifi: pcie: fix TX while flushing (bsc#1120902). - ixgbe: Be more careful when modifying MAC filters (bsc#1051510). - ixgbe: check return value of napi_complete_done() (bsc#1051510). - ixgbe: recognize 1000BaseLX SFP modules as 1Gbps (bsc#1051510). - jffs2: Fix use of uninitialized delayed_work, lockdep breakage (bsc#1051510). - kabi: cpufreq: keep min_sampling_rate in struct dbs_data (bsc#1127042). - kABI: fix xhci kABI stability (bsc#1119086). - kabi: handle addition of ip6addrlbl_table into struct netns_ipv6 (bsc#1122982). - kabi: handle addition of uevent_sock into struct net (bsc#1122982). - kABI: Preserve kABI for dma_max_mapping_size() (bsc#1120008). - kABI: protect struct sctp_association (kabi). - kABI: protect struct smc_buf_desc (bnc#1117947, LTC#173662). - kABI: protect struct smc_link (bnc#1117947, LTC#173662). - kABI: protect vhost_log_write (kabi). - kabi: restore ip_tunnel_delete_net() (bsc#1122982). - kABI workaroudn for ath9k ath_node.ackto type change (bsc#1051510). - kABI workaround for bt_accept_enqueue() change (bsc#1051510). - kABI workaround for deleted snd_hda_register_beep_device() (bsc#1122944). - kABI workaround for snd_hda_bus.bus_probing addition (bsc#1122944). - kallsyms: Handle too long symbols in kallsyms.c (bsc#1126805). - kconfig: fix file name and line number of warn_ignored_character() (bsc#1051510). - kconfig: fix line numbers for if-entries in menu tree (bsc#1051510). - kconfig: fix memory leak when EOF is encountered in quotation (bsc#1051510). - kconfig: fix the rule of mainmenu_stmt symbol (bsc#1051510). - kernel/exit.c: release ptraced tasks before zap_pid_ns_processes (git-fixes). - keys: allow reaching the keys quotas exactly (bsc#1051510). - keys: Timestamp new keys (bsc#1051510). - kgdboc: fix KASAN global-out-of-bounds bug in param_set_kgdboc_var() (bsc#1051510). - kgdboc: Fix restrict error (bsc#1051510). - kgdboc: Fix warning with module build (bsc#1051510). - kobject: add kobject_uevent_net_broadcast() (bsc#1122982). - kobject: copy env blob in one go (bsc#1122982). - kobject: factorize skb setup in kobject_uevent_net_broadcast() (bsc#1122982). - kprobes: Return error if we fail to reuse kprobe instead of BUG_ON() (bsc#1051510). - kvm: arm/arm64: Properly protect VGIC locks from IRQs (bsc#1117155). - kvm: arm/arm64: VGIC/ITS: Promote irq_lock() in update_affinity (bsc#1117155). - kvm: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock (bsc#1117155). - kvm: arm/arm64: VGIC/ITS save/restore: protect kvm_read_guest() calls (bsc#1117155). - kvm: mmu: Fix race in emulated page table writes (bsc#1129284). - kvm: nVMX: Free the VMREAD/VMWRITE bitmaps if alloc_kvm_area() fails (bsc#1129291). - kvm: nVMX: NMI-window and interrupt-window exiting should wake L2 from HLT (bsc#1129292). - kvm: nVMX: Set VM instruction error for VMPTRLD of unbacked page (bsc#1129293). - kvm: PPC: Book3S PR: Set hflag to indicate that POWER9 supports 1T segments (bsc#1124589). - kvm: sev: Fail KVM_SEV_INIT if already initialized (bsc#1114279). - kvm: vmx: Set IA32_TSC_AUX for legacy mode guests (bsc#1129294). - kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs (bsc#1127082). - kvm: x86: fix L1TF's MMIO GFN calculation (bsc#1124204). - kvm: x86: Fix single-step debugging (bsc#1129295). - kvm: x86: Use jmp to invoke kvm_spurious_fault() from .fixup (bsc#1129296). - l2tp: copy 4 more bytes to linear part if necessary (networking-stable-19_02_01). - l2tp: fix infoleak in l2tp_ip6_recvmsg() (git-fixes). - l2tp: fix reading optional fields of L2TPv3 (networking-stable-19_02_01). - lan78xx: Resolve issue with changing MAC address (bsc#1051510). - leds: lp5523: fix a missing check of return value of lp55xx_read (bsc#1051510). - leds: lp55xx: fix null deref on firmware load failure (bsc#1051510). - libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive() (bsc#1125800). - libceph: handle an empty authorize reply (bsc#1126789). - lib/div64.c: off by one in shift (bsc#1051510). - libnvdimm: Fix altmap reservation size calculation (bsc#1127682). - libnvdimm/label: Clear 'updating' flag after label-set update (bsc#1129543). - libnvdimm/pmem: Honor force_raw for legacy pmem regions (bsc#1129551). - lib/rbtree-test: lower default params (git-fixes). - lightnvm: fail fast on passthrough commands (bsc#1125780). - livepatch: Change unsigned long old_addr -> void *old_func in struct klp_func (bsc#1071995). - livepatch: Consolidate klp_free functions (bsc#1071995 ). - livepatch: core: Return EOPNOTSUPP instead of ENOSYS (bsc#1071995). - livepatch: Define a macro for new API identification (bsc#1071995). - livepatch: Do not block the removal of patches loaded after a forced transition (bsc#1071995). - livepatch: Introduce klp_for_each_patch macro (bsc#1071995 ). - livepatch: Module coming and going callbacks can proceed with all listed patches (bsc#1071995). - livepatch: Proper error handling in the shadow variables selftest (bsc#1071995). - livepatch: Remove ordering (stacking) of the livepatches (bsc#1071995). - livepatch: Remove signal sysfs attribute (bsc#1071995 ). - livepatch: return -ENOMEM on ptr_id() allocation failure (bsc#1071995). - livepatch: Send a fake signal periodically (bsc#1071995 ). - livepatch: Shuffle klp_enable_patch()/klp_disable_patch() code (bsc#1071995). - livepatch: Simplify API by removing registration step (bsc#1071995). - llc: do not use sk_eat_skb() (bsc#1051510). - lockd: fix access beyond unterminated strings in prints (git-fixes). - locking/rwsem: Fix (possible) missed wakeup (bsc#1050549). - loop: drop caches if offset or block_size are changed (bsc#1124975). - loop: Reintroduce lo_ctl_mutex removed by commit 310ca162d (bsc#1124974). - lsm: Check for NULL cred-security on free (bsc#1051510). - mac80211: Add attribute aligned(2) to struct 'action' (bsc#1051510). - mac80211: do not initiate TDLS connection if station is not associated to AP (bsc#1051510). - mac80211: ensure that mgmt tx skbs have tailroom for encryption (bsc#1051510). - mac80211: fix miscounting of ttl-dropped frames (bsc#1051510). - mac80211: fix radiotap vendor presence bitmap handling (bsc#1051510). - mac80211: Free mpath object when rhashtable insertion fails (bsc#1051510). - mac80211: Restore vif beacon interval if start ap fails (bsc#1051510). - macvlan: Only deliver one copy of the frame to the macvlan interface (bsc#1051510). - mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush timeout issue (bsc#1051510). - mdio_bus: Fix use-after-free on device_register fails (bsc#1051510). - media: adv*/tc358743/ths8200: fill in min width/height/pixelclock (bsc#1051510). - media: DaVinci-VPBE: fix error handling in vpbe_initialize() (bsc#1051510). - media: dt-bindings: media: i2c: Fix i2c address for OV5645 camera sensor (bsc#1051510). - media: firewire: Fix app_info parameter type in avc_ca{,_app}_info (bsc#1051510). - media: mtk-vcodec: Release device nodes in mtk_vcodec_init_enc_pm() (bsc#1051510). - media: s5k4ecgx: delete a bogus error message (bsc#1051510). - media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration (bsc#1051510). - media: s5p-jpeg: Correct step and max values for V4L2_CID_JPEG_RESTART_INTERVAL (bsc#1051510). - media: s5p-mfc: fix incorrect bus assignment in virtual child device (bsc#1051510). - media: usb: pwc: Do not use coherent DMA buffers for ISO transfer (bsc#1054610). - media: uvcvideo: Avoid NULL pointer dereference at the end of streaming (bsc#1051510). - media: uvcvideo: Fix 'type' check leading to overflow (bsc#1051510). - media: v4l2: i2c: ov7670: Fix PLL bypass register values (bsc#1051510). - media: v4l2-tpg: array index could become negative (bsc#1051510). - media: v4l: ioctl: Validate num_planes for debug messages (bsc#1051510). - media: vb2: be sure to unlock mutex on errors (bsc#1051510). - media: vb2: vb2_mmap: move lock up (bsc#1051510). - media: vivid: fix error handling of kthread_run (bsc#1051510). - media: vivid: free bitmap_cap when updating std/timings/etc (bsc#1051510). - media: vivid: set min width/height to a value > 0 (bsc#1051510). - memstick: Prevent memstick host from getting runtime suspended during card detection (bsc#1051510). - mfd: ab8500-core: Return zero in get_register_interruptible() (bsc#1051510). - mfd: db8500-prcmu: Fix some section annotations (bsc#1051510). - mfd: mc13xxx: Fix a missing check of a register-read failure (bsc#1051510). - mfd: mt6397: Do not call irq_domain_remove if PMIC unsupported (bsc#1051510). - mfd: qcom_rpm: write fw_version to CTRL_REG (bsc#1051510). - mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells (bsc#1051510). - mfd: tps65218: Use devm_regmap_add_irq_chip and clean up error path in probe() (bsc#1051510). - mfd: tps6586x: Handle interrupts on suspend (bsc#1051510). - mfd: twl-core: Fix section annotations on {,un}protect_pm_master (bsc#1051510). - mfd: wm5110: Add missing ASRC rate register (bsc#1051510). - misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data (bsc#1051510). - misc: hmc6352: fix potential Spectre v1 (bsc#1051510). - misc: hpilo: Do not claim unsupported hardware (bsc#1129330). - misc: hpilo: Exclude unsupported device via blacklist (bsc#1129330). - misc: mic/scif: fix copy-paste error in scif_create_remote_lookup (bsc#1051510). - misc: mic: SCIF Fix scif_get_new_port() error handling (bsc#1051510). - misc: sram: enable clock before registering regions (bsc#1051510). - misc: sram: fix resource leaks in probe error path (bsc#1051510). - misc: ti-st: Fix memory leak in the error path of probe() (bsc#1051510). - misc: vexpress: Off by one in vexpress_syscfg_exec() (bsc#1051510). - mISDN: fix a race in dev_expire_timer() (bsc#1051510). - mlx4: trigger IB events needed by SMC (bnc#1117947, LTC#173662). - mlxsw: __mlxsw_sp_port_headroom_set(): Fix a use of local variable (git-fixes). - mlxsw: spectrum: Disable lag port TX before removing it (networking-stable-19_01_22). - mmap: introduce sane default mmap limits (git fixes (mm/mmap)). - mmap: relax file size limit for regular files (git fixes (mm/mmap)). - mmc: atmel-mci: do not assume idle after atmci_request_end (bsc#1051510). - mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1051510). - mmc: bcm2835: Recover from MMC_SEND_EXT_CSD (bsc#1051510). - mmc: dw_mmc-bluefield: : Fix the license information (bsc#1051510). - mmc: Kconfig: Enable CONFIG_MMC_SDHCI_IO_ACCESSORS (bsc#1051510). - mmc: omap: fix the maximum timeout setting (bsc#1051510). - mmc: sdhci-brcmstb: handle mmc_of_parse() errors during probe (bsc#1051510). - mmc: sdhci-esdhc-imx: fix HS400 timing issue (bsc#1051510). - mmc: sdhci-iproc: handle mmc_of_parse() errors during probe (bsc#1051510). - mmc: sdhci-of-esdhc: Fix timeout checks (bsc#1051510). - mmc: sdhci-xenon: Fix timeout checks (bsc#1051510). - mmc: spi: Fix card detection during probe (bsc#1051510). - mm: do not drop unused pages when userfaultd is running (git fixes (mm/userfaultfd)). - mm/hmm: hmm_pfns_bad() was accessing wrong struct (git fixes (mm/hmm)). - mm: hwpoison: use do_send_sig_info() instead of force_sig() (git fixes (mm/hwpoison)). - mm/ksm.c: ignore STABLE_FLAG of rmap_item->address in rmap_walk_ksm() (git fixes (mm/ksm)). - mm: madvise(MADV_DODUMP): allow hugetlbfs pages (git fixes (mm/madvise)). - mm,memory_hotplug: fix scan_movable_pages() for gigantic hugepages (bsc#1127731). - mm: migrate: do not rely on __PageMovable() of newpage after unlocking it (git fixes (mm/migrate)). - mm: migrate: lock buffers before migrate_page_move_mapping() (bsc#1084216). - mm: migrate: Make buffer_migrate_page_norefs() actually succeed (bsc#1084216) - mm: migrate: provide buffer_migrate_page_norefs() (bsc#1084216). - mm: migration: factor out code to compute expected number of page references (bsc#1084216). - mm, oom: fix use-after-free in oom_kill_process (git fixes (mm/oom)). - mm: use swp_offset as key in shmem_replace_page() (git fixes (mm/shmem)). - mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed (git fixes (mm/vmscan)). - Moved patches.fixes/x86-add-tsx-force-abort-cpuid-msr.patch to patches.arch/ and added upstream tags (bsc#1129363) - mpt3sas: check sense buffer before copying sense data (bsc#1106811). - mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking (bsc#1051510). - mtd: cfi_cmdset_0002: Change write buffer to check correct value (bsc#1051510). - mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips (bsc#1051510). - mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary (bsc#1051510). - mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() (bsc#1051510). - mtdchar: fix overflows in adjustment of `count` (bsc#1051510). - mtdchar: fix usage of mtd_ooblayout_ecc() (bsc#1051510). - mtd: docg3: do not set conflicting BCH_CONST_PARAMS option (bsc#1051510). - mtd/maps: fix solutionengine.c printk format warnings (bsc#1051510). - mtd: mtd_oobtest: Handle bitflips during reads (bsc#1051510). - mtd: nand: atmel: fix buffer overflow in atmel_pmecc_user (bsc#1051510). - mtd: nand: atmel: Fix get_sectorsize() function (bsc#1051510). - mtd: nand: atmel: fix of_irq_get() error check (bsc#1051510). - mtd: nand: brcmnand: Disable prefetch by default (bsc#1051510). - mtd: nand: brcmnand: Zero bitflip is not an error (bsc#1051510). - mtd: nand: denali_pci: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bsc#1051510). - mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]() (bsc#1051510). - mtd: nand: Fix nand_do_read_oob() return value (bsc#1051510). - mtd: nand: Fix writing mtdoops to nand flash (bsc#1051510). - mtd: nand: fsl_ifc: Fix nand waitfunc return value (bsc#1051510). - mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM (bsc#1051510). - mtd: nand: ifc: update bufnum mask for ver >= 2.0.0 (bsc#1051510). - mtd: nand: mtk: fix infinite ECC decode IRQ issue (bsc#1051510). - mtd: nand: omap2: Fix subpage write (bsc#1051510). - mtd: nand: pxa3xx: Fix READOOB implementation (bsc#1051510). - mtd: nand: qcom: Add a NULL check for devm_kasprintf() (bsc#1051510). - mtd: nandsim: remove debugfs entries in error path (bsc#1051510). - mtd: nand: sunxi: Fix ECC strength choice (bsc#1051510). - mtd: nand: sunxi: fix potential divide-by-zero error (bsc#1051510). - mtd: nand: vf610: set correct ooblayout (bsc#1051510). - mtd: spi-nor: cadence-quadspi: Fix page fault kernel panic (bsc#1051510). - mtd: spi-nor: Fix Cadence QSPI page fault kernel panic (bsc#1051510). - mtd: spi-nor: fsl-quadspi: fix read error for flash size larger than 16MB (bsc#1051510). - mtd: spi-nor: stm32-quadspi: Fix uninitialized error return code (bsc#1051510). - mv88e6060: disable hardware level MAC learning (bsc#1051510). - nbd: Use set_blocksize() to set device blocksize (bsc#1124984). - neighbour: Avoid writing before skb->head in neigh_hh_output() (networking-stable-18_12_12). - net: 8139cp: fix a BUG triggered by changing mtu with network traffic (networking-stable-18_12_12). - net: add uevent socket member (bsc#1122982). - net: aquantia: driver should correctly declare vlan_features bits (bsc#1051510). - net: aquantia: fixed instack structure overflow (git-fixes). - net: aquantia: Fix hardware DMA stream overload on large MRRS (bsc#1051510). - net: bcmgenet: abort suspend on error (bsc#1051510). - net: bcmgenet: code movement (bsc#1051510). - net: bcmgenet: fix OF child-node lookup (bsc#1051510). - net: bcmgenet: remove HFB_CTRL access (bsc#1051510). - net: bcmgenet: return correct value 'ret' from bcmgenet_power_down (bsc#1051510). - net: bridge: fix a bug on using a neighbour cache entry without checking its state (networking-stable-19_01_20). - net: bridge: Fix ethernet header pointer before check skb forwardable (networking-stable-19_01_26). - net: core: Fix Spectre v1 vulnerability (networking-stable-19_01_04). - net: do not call update_pmtu unconditionally (bsc#1123456). - net: Do not default Cavium PTP driver to 'y' (bsc#1110096). - net: dp83640: expire old TX-skb (networking-stable-19_02_10). - net: dsa: mv88e6xxx: handle unknown duplex modes gracefully in mv88e6xxx_port_set_duplex (git-fixes). - net: dsa: mv88x6xxx: mv88e6390 errata (networking-stable-19_01_22). - net: dsa: slave: Do not propagate flag changes on down slave interfaces (networking-stable-19_02_10). - net: ena: fix race between link up and device initalization (bsc#1083548). - netfilter: nf_tables: check the result of dereferencing base_chain->stats (git-fixes). - net: Fix usage of pskb_trim_rcsum (networking-stable-19_01_26). - net/hamradio/6pack: use mod_timer() to rearm timers (networking-stable-19_01_04). - net: hns3: add error handler for hns3_nic_init_vector_data() (bsc#1104353). - net: hns3: add handling for big TX fragment (bsc#1104353 ). - net: hns3: Fix client initialize state issue when roce client initialize failed (bsc#1104353). - net: hns3: Fix for loopback selftest failed problem (bsc#1104353 ). - net: hns3: fix for multiple unmapping DMA problem (bsc#1104353 ). - net: hns3: Fix tc setup when netdev is first up (bsc#1104353 ). - net: hns3: Fix tqp array traversal condition for vf (bsc#1104353 ). - net: hns3: move DMA map into hns3_fill_desc (bsc#1104353 ). - net: hns3: remove hns3_fill_desc_tso (bsc#1104353). - net: hns3: rename hns_nic_dma_unmap (bsc#1104353). - net: hns3: rename the interface for init_client_instance and uninit_client_instance (bsc#1104353). - net: ipv4: Fix memory leak in network namespace dismantle (networking-stable-19_01_26). - net: macb: restart tx after tx used bit read (networking-stable-19_01_04). - net/mlx4_core: Add masking for a few queries on HCA caps (networking-stable-19_02_01). - net/mlx4_core: Fix locking in SRIOV mode when switching between events and polling (git-fixes). - net/mlx4_core: Fix qp mtt size calculation (git-fixes). - net/mlx4_core: Fix reset flow when in command polling mode (git-fixes). - net/mlx4_en: Change min MTU size to ETH_MIN_MTU (networking-stable-18_12_12). - net/mlx5e: Allow MAC invalidation while spoofchk is ON (networking-stable-19_02_01). - net/mlx5e: IPoIB, Fix RX checksum statistics update (git-fixes). - net/mlx5e: Remove the false indication of software timestamping support (networking-stable-19_01_04). - net/mlx5e: RX, Fix wrong early return in receive queue poll (bsc#1046305). - net/mlx5: fix uaccess beyond 'count' in debugfs read/write handlers (git-fixes). - net/mlx5: Release resource on error flow (git-fixes). - net/mlx5: Return success for PAGE_FAULT_RESUME in internal error state (git-fixes). - net/mlx5: Typo fix in del_sw_hw_rule (networking-stable-19_01_04). - net/mlx5: Use multi threaded workqueue for page fault handling (git-fixes). - net: netem: fix skb length BUG_ON in __skb_to_sgvec (git-fixes). - netns: restrict uevents (bsc#1122982). - net: phy: do not allow __set_phy_supported to add unsupported modes (networking-stable-18_12_12). - net: phy: Fix the issue that netif always links up after resuming (networking-stable-19_01_04). - net: phy: marvell: Errata for mv88e6390 internal PHYs (networking-stable-19_01_26). - net: phy: mdio_bus: add missing device_del() in mdiobus_register() error handling (networking-stable-19_01_26). - net: phy: Micrel KSZ8061: link failure after cable connect (git-fixes). - netrom: fix locking in nr_find_socket() (networking-stable-19_01_04). - netrom: switch to sock timer API (bsc#1051510). - net/rose: fix NULL ax25_cb kernel panic (networking-stable-19_02_01). - net/sched: act_tunnel_key: fix memory leak in case of action replace (networking-stable-19_01_26). - net_sched: refetch skb protocol for each filter (networking-stable-19_01_26). - net: set default network namespace in init_dummy_netdev() (networking-stable-19_02_01). - net: skb_scrub_packet(): Scrub offload_fwd_mark (networking-stable-18_12_03). - net/smc: abort CLC connection in smc_release (bnc#1117947, LTC#173662). - net/smc: add infrastructure to send delete rkey messages (bnc#1117947, LTC#173662). - net/smc: add SMC-D shutdown signal (bnc#1117947, LTC#173662). - net/smc: allow fallback after clc timeouts (bnc#1117947, LTC#173662). - net/smc: atomic SMCD cursor handling (bnc#1117947, LTC#173662). - net/smc: avoid a delay by waiting for nothing (bnc#1117947, LTC#173662). - net/smc: cleanup listen worker mutex unlocking (bnc#1117947, LTC#173662). - net/smc: cleanup tcp_listen_worker initialization (bnc#1117947, LTC#173662). - net/smc: enable fallback for connection abort in state INIT (bnc#1117947, LTC#173662). - net/smc: fix non-blocking connect problem (bnc#1117947, LTC#173662). - net/smc: fix sizeof to int comparison (bnc#1117947, LTC#173662). - net/smc: fix smc_buf_unuse to use the lgr pointer (bnc#1117947, LTC#173662). - net/smc: fix TCP fallback socket release (networking-stable-19_01_04). - net/smc: make smc_lgr_free() static (bnc#1117947, LTC#173662). - net/smc: no link delete for a never active link (bnc#1117947, LTC#173662). - net/smc: no urgent data check for listen sockets (bnc#1117947, LTC#173662). - net/smc: remove duplicate mutex_unlock (bnc#1117947, LTC#173662). - net/smc: remove sock_error detour in clc-functions (bnc#1117947, LTC#173662). - net/smc: short wait for late smc_clc_wait_msg (bnc#1117947, LTC#173662). - net/smc: unregister rkeys of unused buffer (bnc#1117947, LTC#173662). - net/smc: use after free fix in smc_wr_tx_put_slot() (bnc#1117947, LTC#173662). - net/smc: use queue pair number when matching link group (bnc#1117947, LTC#173662). - net: stmmac: Fix a race in EEE enable callback (git-fixes). - net: stmmac: fix broken dma_interrupt handling for multi-queues (git-fixes). - net: stmmac: Fix PCI module removal leak (git-fixes). - net: stmmac: handle endianness in dwmac4_get_timestamp (git-fixes). - net: stmmac: Use mutex instead of spinlock (git-fixes). - net: systemport: Fix WoL with password after deep sleep (networking-stable-19_02_10). - net: thunderx: fix NULL pointer dereference in nic_remove (git-fixes). - net: thunderx: set tso_hdrs pointer to NULL in nicvf_free_snd_queue (networking-stable-18_12_03). - net: thunderx: set xdp_prog to NULL if bpf_prog_add fails (networking-stable-18_12_03). - net/wan: fix a double free in x25_asy_open_tty() (networking-stable-19_01_04). - nfit: acpi_nfit_ctl(): Check out_obj->type in the right place (bsc#1129547). - nfit/ars: Attempt a short-ARS whenever the ARS state is idle at boot (bsc#1051510). - nfit/ars: Attempt short-ARS even in the no_init_ars case (bsc#1051510). - nfp: bpf: fix ALU32 high bits clearance bug (git-fixes). - nfs: Allow NFSv4 mounts to not share transports (). - nfsd: COPY and CLONE operations require the saved filehandle to be set (git-fixes). - nfsd: Fix an Oops in free_session() (git-fixes). - nfs: Fix a missed page unlock after pg_doio() (git-fixes). - nfs: Fix up return value on fatal errors in nfs_page_async_flush() (git-fixes). - nfs: support 'nosharetransport' option (bnc#807502, bnc#828192, ). - nfsv4.1: Fix the r/wsize checking (git-fixes). - nfsv4: Do not exit the state manager without clearing NFS4CLNT_MANAGER_RUNNING (git-fixes). - niu: fix missing checks of niu_pci_eeprom_read (bsc#1051510). - ntb_transport: Fix bug with max_mw_size parameter (bsc#1051510). - nvme-fc: reject reconnect if io queue count is reduced to zero (bsc#1128351). - nvme: flush namespace scanning work just before removing namespaces (bsc#1108101). - nvme: kABI fix for scan_lock (bsc#1123882). - nvme: lock NS list changes while handling command effects (bsc#1123882). - nvme-loop: fix kernel oops in case of unhandled command (bsc#1126807). - nvme-multipath: drop optimization for static ANA group IDs (bsc#1113939). - nvme-multipath: round-robin I/O policy (bsc#1110705). - nvme-pci: fix out of bounds access in nvme_cqe_pending (bsc#1127595). - of, numa: Validate some distance map rules (bsc#1051510). - of: unittest: Disable interrupt node tests for old world MAC systems (bsc#1051510). - omap2fb: Fix stack memory disclosure (bsc#1120902) - openvswitch: Avoid OOB read when parsing flow nlattrs (bsc#1051510). - openvswitch: fix the incorrect flow action alloc size (bsc#1051510). - openvswitch: Remove padding from packet before L3+ conntrack processing (bsc#1051510). - packet: Do not leak dev refcounts on error exit (git-fixes). - packet: validate address length if non-zero (networking-stable-19_01_04). - packet: validate address length (networking-stable-19_01_04). - parport_pc: fix find_superio io compare code, should use equal test (bsc#1051510). - Partially revert 'block: fail op_is_write() requests to (bsc#1125252). - pci: add USR vendor id and use it in r8169 and w6692 driver (networking-stable-19_01_22). - pci: Disable broken RTIT_BAR of Intel TH (bsc#1120318). - pci: endpoint: functions: Use memcpy_fromio()/memcpy_toio() (bsc#1051510). - pci-hyperv: increase HV_VP_SET_BANK_COUNT_MAX to handle 1792 vcpus (bsc#1122822). - pci/PME: Fix hotplug/sysfs remove deadlock in pcie_pme_remove() (bsc#1051510). - pci: qcom: Do not deassert reset GPIO during probe (bsc#1129281). - pcrypt: use format specifier in kobject_add (bsc#1051510). - perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805). - perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805). - perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805). - perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805). - perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805). - perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805). - perf/x86/intel: Fix memory corruption (bsc#1121805). - perf/x86/intel: Fix memory corruption (bsc#1121805). - perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805). - perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805). - perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805). - perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805). - perf/x86/intel: Make cpuc allocations consistent (bsc#1121805). - perf/x86/intel: Make cpuc allocations consistent (bsc#1121805). - phonet: af_phonet: Fix Spectre v1 vulnerability (networking-stable-19_01_04). - phy: allwinner: sun4i-usb: poll vbus changes on A23/A33 when driving VBUS (bsc#1051510). - phy: qcom-qmp: Fix failure path in phy_init functions (bsc#1051510). - phy: qcom-qmp: Fix phy pipe clock gating (bsc#1051510). - phy: renesas: rcar-gen3-usb2: fix vbus_ctrl for role sysfs (bsc#1051510). - phy: rockchip-emmc: retry calpad busy trimming (bsc#1051510). - phy: sun4i-usb: add support for missing USB PHY index (bsc#1051510). - phy: tegra: remove redundant self assignment of 'map' (bsc#1051510). - phy: work around 'phys' references to usb-nop-xceiv devices (bsc#1051510). - pinctrl: max77620: Use define directive for max77620_pinconf_param values (bsc#1051510). - pinctrl: meson: fix pull enable register calculation (bsc#1051510). - pinctrl: meson: meson8b: fix the GPIO function for the GPIOAO pins (bsc#1051510). - pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins (bsc#1051510). - pinctrl: meson: meson8: fix the GPIO function for the GPIOAO pins (bsc#1051510). - pinctrl: msm: fix gpio-hog related boot issues (bsc#1051510). - pinctrl: sh-pfc: emev2: Add missing pinmux functions (bsc#1051510). - pinctrl: sh-pfc: r8a7740: Add missing LCD0 marks to lcd0_data24_1 group (bsc#1051510). - pinctrl: sh-pfc: r8a7740: Add missing REF125CK pin to gether_gmii group (bsc#1051510). - pinctrl: sh-pfc: r8a7778: Fix HSPI pin numbers and names (bsc#1051510). - pinctrl: sh-pfc: r8a7791: Fix scifb2_data_c pin group (bsc#1051510). - pinctrl: sh-pfc: r8a7791: Remove bogus ctrl marks from qspi_data4_b group (bsc#1051510). - pinctrl: sh-pfc: r8a7791: Remove bogus marks from vin1_b_data18 group (bsc#1051510). - pinctrl: sh-pfc: r8a7792: Fix vin1_data18_b pin group (bsc#1051510). - pinctrl: sh-pfc: r8a7794: Remove bogus IPSR9 field (bsc#1051510). - pinctrl: sh-pfc: sh7264: Fix PFCR3 and PFCR0 register configuration (bsc#1051510). - pinctrl: sh-pfc: sh7269: Add missing PCIOR0 field (bsc#1051510). - pinctrl: sh-pfc: sh73a0: Add missing TO pin to tpu4_to3 group (bsc#1051510). - pinctrl: sh-pfc: sh73a0: Fix fsic_spdif pin groups (bsc#1051510). - pinctrl: sh-pfc: sh7734: Add missing IPSR11 field (bsc#1051510). - pinctrl: sh-pfc: sh7734: Fix shifted values in IPSR10 (bsc#1051510). - pinctrl: sh-pfc: sh7734: Remove bogus IPSR10 value (bsc#1051510). - pinctrl: sunxi: a64: Rename function csi0 to csi (bsc#1051510). - pinctrl: sunxi: a64: Rename function ts0 to ts (bsc#1051510). - pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11 (bsc#1051510). - pinctrl: sx150x: handle failure case of devm_kstrdup (bsc#1051510). - pktcdvd: Fix possible Spectre-v1 for pkt_devs (bsc#1051510). - platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes (bsc#1051510). - platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK (bsc#1051510). - platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey (bsc#1051510). - platform/x86: Fix unmet dependency warning for SAMSUNG_Q10 (bsc#1051510). - powerpc/64s: Clear on-stack exception marker upon exception return (bsc#1071995). - powerpc: Add an option to disable static PCI bus numbering (bsc#1122159). - powerpc: Always save/restore checkpointed regs during treclaim/trecheckpoint (bsc#1118338). - powerpc/cacheinfo: Report the correct shared_cpu_map on big-cores (bsc#1109695). - powerpc: Detect the presence of big-cores via 'ibm, thread-groups' (bsc#1109695). - powerpc/livepatch: relax reliable stack tracer checks for first-frame (bsc#1071995). - powerpc/livepatch: small cleanups in save_stack_trace_tsk_reliable() (bsc#1071995). - powerpc: make use of for_each_node_by_type() instead of open-coding it (bsc#1109695). - powerpc/powernv: Clear LPCR[PECE1] via stop-api only for deep state offline (bsc#1119766, bsc#1055121). - powerpc/powernv: Clear PECE1 in LPCR via stop-api only on Hotplug (bsc#1119766, bsc#1055121). - powerpc/pseries: export timebase register sample in lparcfg (bsc#1127750). - powerpc/pseries: Perform full re-add of CPU for topology update post-migration (bsc#1125728). - powerpc: Remove facility loadups on transactional {fp, vec, vsx} unavailable (bsc#1118338). - powerpc: Remove redundant FP/Altivec giveup code (bsc#1118338). - powerpc/setup: Add cpu_to_phys_id array (bsc#1109695). - powerpc/smp: Add cpu_l2_cache_map (bsc#1109695). - powerpc/smp: Add Power9 scheduler topology (bsc#1109695). - powerpc/smp: Rework CPU topology construction (bsc#1109695). - powerpc/smp: Use cpu_to_chip_id() to find core siblings (bsc#1109695). - powerpc/tm: Avoid machine crash on rt_sigreturn (bsc#1118338). - powerpc/tm: Do not check for WARN in TM Bad Thing handling (bsc#1118338). - powerpc/tm: Fix comment (bsc#1118338). - powerpc/tm: Fix endianness flip on trap (bsc#1118338). - powerpc/tm: Fix HFSCR bit for no suspend case (bsc#1118338). - powerpc/tm: Fix HTM documentation (bsc#1118338). - powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM (bsc#1118338). - powerpc/tm: P9 disable transactionally suspended sigcontexts (bsc#1118338). - powerpc/tm: Print 64-bits MSR (bsc#1118338). - powerpc/tm: Print scratch value (bsc#1118338). - powerpc/tm: Reformat comments (bsc#1118338). - powerpc/tm: Remove msr_tm_active() (bsc#1118338). - powerpc/tm: Remove struct thread_info param from tm_reclaim_thread() (bsc#1118338). - powerpc/tm: Save MSR to PACA before RFID (bsc#1118338). - powerpc/tm: Set MSR[TS] just prior to recheckpoint (bsc#1118338, bsc#1120955). - powerpc/tm: Unset MSR[TS] if not recheckpointing (bsc#1118338). - powerpc/tm: Update function prototype comment (bsc#1118338). - powerpc: Use cpu_smallcore_sibling_mask at SMT level on bigcores (bsc#1109695). - powerpc/xmon: Fix invocation inside lock region (bsc#1122885). - pptp: dst_release sk_dst_cache in pptp_sock_destruct (git-fixes). - proc/sysctl: do not return ENOMEM on lookup when a table is unregistering (git-fixes). - pseries/energy: Use OF accessor function to read ibm,drc-indexes (bsc#1129080). - pstore/ram: Avoid allocation and leak of platform data (bsc#1051510). - pstore/ram: Avoid NULL deref in ftrace merging failure path (bsc#1051510). - pstore/ram: Correctly calculate usable PRZ bytes (bsc#1051510). - pstore/ram: Do not treat empty buffers as valid (bsc#1051510). - ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl (bsc#1051510). - ptp: Fix pass zero to ERR_PTR() in ptp_clock_register (bsc#1051510). - ptp_kvm: probe for kvm guest availability (bsc#1098382). - ptr_ring: wrap back ->producer in __ptr_ring_swap_queue() (networking-stable-19_01_04). - Put the xhci fix patch to the right place in the sorted section - qed: Avoid constant logical operation warning in qed_vf_pf_acquire (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Avoid implicit enum conversion in qed_iwarp_parse_rx_pkt (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Avoid implicit enum conversion in qed_roce_mode_to_flavor (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Avoid implicit enum conversion in qed_set_tunn_cls_info (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Fix an error code qed_ll2_start_xmit() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix bitmap_weight() check (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix blocking/unlimited SPQ entries leak (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix command number mismatch between driver and the mfw (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Fix mask parameter in qed_vf_prep_tunn_req_tlv (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix memory/entry leak in qed_init_sp_request() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix potential memory corruption (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix PTT leak in qed_drain() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix QM getters to always return a valid pq (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix rdma_info structure allocation (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix reading wrong value in loop condition (bsc#1086314 bsc#1086313 bsc#1086301). - qla2xxx: Fixup dual-protocol FCP connections (bsc#1108870). - qmi_wwan: Added support for Fibocom NL668 series (networking-stable-19_01_04). - qmi_wwan: Added support for Telit LN940 series (networking-stable-19_01_04). - qmi_wwan: add MTU default to qmap network interface (networking-stable-19_01_22). - qmi_wwan: Add support for Fibocom NL678 series (networking-stable-19_01_04). - r8169: Add support for new Realtek Ethernet (networking-stable-19_01_22). - r8169: use PCI_VDEVICE macro (networking-stable-19_01_22). - rapidio/rionet: do not free skb before reading its length (networking-stable-18_12_03). - rbd: do not return 0 on unmap if RBD_DEV_FLAG_REMOVING is set (bsc#1125797). - rcu: Fix up pending cbs check in rcu_prepare_for_idle (git fixes (kernel/rcu)). - rcu: Make need_resched() respond to urgent RCU-QS needs (git fixes (kernel/rcu)). - rdma/core: Fix unwinding flow in case of error to register device (bsc#1046306). - rdma/vmw_pvrdma: Support upto 64-bit PFNs (bsc#1127285). - Reenable iscsi_tcp module (bsc#1127081) - Refresh patches.suse/scsi-do-not-print-reservation-conflict-for-TEST-UNIT.patch (bsc#1119843) - regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting (bsc#1051510). - regulator: pv88060: Fix array out-of-bounds access (bsc#1051510). - regulator: pv88080: Fix array out-of-bounds access (bsc#1051510). - regulator: pv88090: Fix array out-of-bounds access (bsc#1051510). - regulator: s2mps11: Fix steps for buck7, buck8 and LDO35 (bsc#1051510). - regulator: wm831x-dcdc: Fix list of wm831x_dcdc_ilim from mA to uA (bsc#1051510). - remove 2 entries since now we have them, 744889b7cbb56a64f957e65ade7cb65fe3f35714 1adfc5e4136f5967d591c399aff95b3b035f16b7 - Remove blacklist of virtio patch so we can install it (bsc#1114585) - Remove conditional support for SMB2 and SMB3: - Revert 'drm/rockchip: Allow driver to be shutdown on reboot/kexec' (bsc#1051510). - Revert 'Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G' (bsc#1051510). - Revert 'openvswitch: Fix template leak in error cases.' (bsc#1051510). - Revert 'rpm/kernel-binary.spec.in: rename kGraft to KLP ()' This reverts commit f84e065a0c26b5f0777e94ceb67dd494bb7b4d2f. The patch should not have gone to SLE12-SP4. SLE12-SP4 still follows kGraft naming. - Revert 'scsi: qla2xxx: Fix NVMe Target discovery' (bsc#1125252). - Revert 'sd: disable logical block provisioning if 'lbpme' is not set' This reverts commit e365f138cb9c9c48b710864a9f37a91b4b93381d. Patch not accepted upstream. - Revert 'serial: 8250: Fix clearing FIFOs in RS485 mode again' (bsc#1051510). - Revert the previous merge of drm fixes The branch was merged mistakenly and breaks the build. Revert it. - Revert 'xhci: Reset Renesas uPD72020x USB controller for 32-bit DMA issue' (bsc#1120854). - rocker: fix rocker_tlv_put_* functions for KASAN (bsc#1051510). - rpm/kernel-binary.spec.in: fix initrd permissions (bsc#1123697) - rpm/kernel-source.changes.old: Really drop old changelogs (bsc#1098995) - rt2800: enable TX_PIN_CFG_RFRX_EN only for MT7620 (bsc#1120902). - rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices (networking-stable-18_12_12). - rxrpc: bad unlock balance in rxrpc_recvmsg (networking-stable-19_02_10). - s390/cio: Fix how vfio-ccw checks pinned pages (git-fixes). - s390/cpum_cf: Reject request for sampling in event initialization (git-fixes). - s390/early: improve machine detection (git-fixes). - s390/ism: clear dmbe_mask bit before SMC IRQ handling (bnc#1117947, LTC#173662). - s390/mm: always force a load of the primary ASCE on context switch (git-fixes). - s390/mm: fix addressing exception after suspend/resume (bsc#1125252). - s390/qeth: cancel close_dev work before removing a card (LTC#175898, bsc#1127561). - s390/qeth: conclude all event processing before offlining a card (LTC#175901, bsc#1127567). - s390/qeth: fix use-after-free in error path (bsc#1127534). - s390/qeth: invoke softirqs after napi_schedule() (git-fixes). - s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU (git-fixes). - s390/smp: fix CPU hotplug deadlock with CPU rescan (git-fixes). - s390/sthyi: Fix machine name validity indication (git-fixes). - s390/zcrypt: fix specification exception on z196 during ap probe (LTC#174936, bsc#1123061). - sata_rcar: fix deferred probing (bsc#1051510). - sbus: char: add of_node_put() (bsc#1051510). - sc16is7xx: Fix for multi-channel stall (bsc#1051510). - sched: Do not re-read h_load_next during hierarchical load calculation (bnc#1120909). - sched/wait: Fix rcuwait_wake_up() ordering (git-fixes). - sched/wake_q: Document wake_q_add() (bsc#1050549). - sched/wake_q: Fix wakeup ordering for wake_q (bsc#1050549). - sched/wake_q: Reduce reference counting for special users (bsc#1050549). - sch_multiq: fix double free on init failure (bsc#1051510). - scripts/git_sort/git_sort.py: Add mkp/scsi 5.0/scsi-fixes - scripts/git_sort/git_sort.py: Add s390/linux.git fixes. - scripts/git_sort/git_sort.py: add vfs 'fixes' branch - scsi: core: reset host byte in DID_NEXUS_FAILURE case (bsc#1122764). - scsi: csiostor: remove flush_scheduled_work() (bsc#1127363). - SCSI: fix queue cleanup race before queue initialization is done (bsc#1125252). - scsi: ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - scsi: ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton (bsc#1119019). - scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task (bsc#1122192). - scsi: lpfc: Add log messages to aid in debugging fc4type discovery issues (bsc#1121317). - scsi: lpfc: Correct MDS loopback diagnostics support (bsc#1121317). - scsi: lpfc: do not set queue->page_count to 0 if pc_sli4_params.wqpcnt is invalid (bsc#1121317). - scsi: lpfc: Fix discovery failure when PLOGI is defered (bsc#1121317). - scsi: lpfc: Fix link state reporting for trunking when adapter is offline (bsc#1121317). - scsi: lpfc: fix remoteport access (bsc#1125252). - scsi: lpfc: remove an unnecessary NULL check (bsc#1121317). - scsi: lpfc: update fault value on successful trunk events (bsc#1121317). - scsi: lpfc: Update lpfc version to 12.0.0.10 (bsc#1121317). - scsi: mpt3sas: Add ioc_<level> logging macros (bsc#1117108). - scsi: mpt3sas: Annotate switch/case fall-through (bsc#1117108). - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT and reply_q_name to %s: (bsc#1117108). - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT without logging levels (bsc#1117108). - scsi: mpt3sas: Convert mlsleading uses of pr_<level> with MPT3SAS_FMT (bsc#1117108). - scsi: mpt3sas: Convert uses of pr_<level> with MPT3SAS_FMT to ioc_<level> (bsc#1117108). - scsi: mpt3sas: Fix a race condition in mpt3sas_base_hard_reset_handler() (bsc#1117108). - scsi: mpt3sas: Fix indentation (bsc#1117108). - scsi: mpt3sas: Improve kernel-doc headers (bsc#1117108). - scsi: mpt3sas: Introduce struct mpt3sas_nvme_cmd (bsc#1117108). - scsi: mpt3sas: Remove KERN_WARNING from panic uses (bsc#1117108). - scsi: mpt3sas: Remove set-but-not-used variables (bsc#1117108). - scsi: mpt3sas: Remove unnecessary parentheses and simplify null checks (bsc#1117108). - scsi: mpt3sas: Remove unused macro MPT3SAS_FMT (bsc#1117108). - scsi: mpt3sas: Split _base_reset_handler(), mpt3sas_scsih_reset_handler() and mpt3sas_ctl_reset_handler() (bsc#1117108). - scsi: mpt3sas: Swap I/O memory read value back to cpu endianness (bsc#1117108). - scsi: mpt3sas: switch to generic DMA API (bsc#1117108). - scsi: mpt3sas: Use dma_pool_zalloc (bsc#1117108). - scsi: mptsas: Fixup device hotplug for VMWare ESXi (bsc#1129046). - scsi: qedi: Add ep_state for login completion on un-reachable targets (bsc#1113712). - scsi: qla2xxx: Enable FC-NVME on NPIV ports (bsc#1094555). - scsi: qla2xxx: Fix a typo in MODULE_PARM_DESC (bsc#1094555). - scsi: qla2xxx: Fix for FC-NVMe discovery for NPIV port (bsc#1094555). - scsi: qla2xxx: Fix NPIV handling for FC-NVMe (bsc#1094555). - scsi: qla2xxx: Initialize port speed to avoid setting lower speed (bsc#1094555). - scsi: qla2xxx: Modify fall-through annotations (bsc#1094555). - scsi: qla2xxx: Remove unnecessary self assignment (bsc#1094555). - scsi: qla2xxx: Simplify conditional check (bsc#1094555). - scsi: qla2xxx: Timeouts occur on surprise removal of QLogic adapter (bsc#1124985). - scsi: qla2xxx: Update driver version to 10.00.00.12-k (bsc#1094555). - scsi: storvsc: Fix a race in sub-channel creation that can cause panic (). - scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315). - scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315). - scsi: target: make the pi_prot_format ConfigFS path readable (bsc#1123933). - scsi: virtio_scsi: fix pi_bytes{out,in} on 4 KiB block size devices (bsc#1114585). - sctp: add a ceiling to optlen in some sockopts (bnc#1129163). - sctp: improve the events for sctp stream adding (networking-stable-19_02_01). - sctp: improve the events for sctp stream reset (networking-stable-19_02_01). - sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event (networking-stable-19_01_04). - sctp: kfree_rcu asoc (networking-stable-18_12_12). - sd: disable logical block provisioning if 'lbpme' is not set (bsc#1086095 bsc#1078355). - selftests/livepatch: add DYNAMIC_DEBUG config dependency (bsc#1071995). - selftests/livepatch: introduce tests (bsc#1071995). - selftests/powerpc: Use snprintf to construct DSCR sysfs interface paths (bsc#1124579). - selinux: Add __GFP_NOWARN to allocation at str_read() (bsc#1051510). - selinux: always allow mounting submounts (bsc#1051510). - selinux: fix GPF on invalid policy (bsc#1051510). - seq_buf: Make seq_buf_puts() null-terminate the buffer (bsc#1051510). - serial: 8250_pci: Fix number of ports for ACCES serial cards (bsc#1051510). - serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup() (bsc#1051510). - serial: fix race between flush_to_ldisc and tty_open (bsc#1051510). - serial: fsl_lpuart: clear parity enable bit when disable parity (bsc#1051510). - serial: imx: fix error handling in console_setup (bsc#1051510). - serial: set suppress_bind_attrs flag only if builtin (bsc#1051510). - serial/sunsu: fix refcount leak (bsc#1051510). - serial: uartps: Fix interrupt mask issue to handle the RX interrupts properly (bsc#1051510). - serial: uartps: Fix stuck ISR if RX disabled with non-empty FIFO (bsc#1051510). - signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init (git-fixes). - skge: potential memory corruption in skge_get_regs() (bsc#1051510). - sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79 (bsc#1051510). - sky2: Increase D3 delay again (bsc#1051510). - slab: alien caches must not be initialized if the allocation of the alien cache failed (git fixes (mm/slab)). - smb3.1.1 dialect is no longer experimental (bsc#1051510). - smb311: Fix reconnect (bsc#1051510). - smb311: Improve checking of negotiate security contexts (bsc#1051510). - smb3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510). - smb3: allow stats which track session and share reconnects to be reset (bsc#1051510). - smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510). - smb3: check for and properly advertise directory lease support (bsc#1051510). - smb3: directory sync should not return an error (bsc#1051510). - smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510). - smb3: do not request leases in symlink creation and query (bsc#1051510). - smb3: Do not send SMB3 SET_INFO if nothing changed (bsc#1051510). - smb3: Enable encryption for SMB3.1.1 (bsc#1051510). - smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510). - smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510). - smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510). - smb3: Fix root directory when server returns inode number of zero (bsc#1051510). - smb3: fix various xid leaks (bsc#1051510). - [SMB3] Improve security, move default dialect to SMB3 from old CIFS (bsc#1051510). - smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510). - [SMB3] Remove ifdef since SMB3 (and later) now STRONGLY preferred (bsc#1051510). - smb3: remove noisy warning message on mount (bsc#1129664). - smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510). - soc: bcm: brcmstb: Do not leak device tree node reference (bsc#1051510). - soc/tegra: Do not leak device tree node reference (bsc#1051510). - splice: do not merge into linked buffers (git-fixes). - staging: comedi: ni_660x: fix missing break in switch statement (bsc#1051510). - staging:iio:ad2s90: Make probe handle spi_setup failure (bsc#1051510). - staging: iio: ad7780: update voltage on read (bsc#1051510). - staging: iio: adc: ad7280a: handle error from __ad7280_read32() (bsc#1051510). - staging: iio: adt7316: allow adt751x to use internal vref for all dacs (bsc#1051510). - staging: iio: adt7316: fix register and bit definitions (bsc#1051510). - staging: iio: adt7316: fix the dac read calculation (bsc#1051510). - staging: iio: adt7316: fix the dac write calculation (bsc#1051510). - staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1 (bsc#1051510). - staging: rtl8723bs: Fix build error with Clang when inlining is disabled (bsc#1051510). - staging: speakup: Replace strncpy with memcpy (bsc#1051510). - staging: wilc1000: fix to set correct value for 'vif_num' (bsc#1051510). - sunrpc: correct the computation for page_ptr when truncating (git-fixes). - sunrpc: Fix a potential race in xprt_connect() (git-fixes). - sunrpc: Fix leak of krb5p encode pages (git-fixes). - sunrpc: handle ENOMEM in rpcb_getport_async (git-fixes). - sunrpc: safely reallow resvport min/max inversion (git-fixes). - supported.conf - svm: Add mutex_lock to protect apic_access_page_done on AMD systems (bsc#1129285). - swiotlb: Add is_swiotlb_active() function (bsc#1120008). - swiotlb: Introduce swiotlb_max_mapping_size() (bsc#1120008). - switchtec: Fix SWITCHTEC_IOCTL_EVENT_IDX_ALL flags overwrite (bsc#1051510). - switchtec: Remove immediate status check after submitting MRPC command (bsc#1051510). - sysfs: Disable lockdep for driver bind/unbind files (bsc#1051510). - tcp: batch tcp_net_metrics_exit (bsc#1122982). - tcp: change txhash on SYN-data timeout (networking-stable-19_01_20). - tcp: Do not underestimate rwnd_limited (networking-stable-18_12_12). - tcp: fix a race in inet_diag_dump_icsk() (networking-stable-19_01_04). - tcp: fix NULL ref in tail loss probe (networking-stable-18_12_12). - tcp: handle inet_csk_reqsk_queue_add() failures (git-fixes). - tcp: lack of available data can also cause TSO defer (git-fixes). - team: avoid complex list operations in team_nl_cmd_options_set() (bsc#1051510). - team: Free BPF filter when unregistering netdev (bsc#1051510). - Thermal: do not clear passive state during system sleep (bsc#1051510). - thermal/drivers/hisi: Encapsulate register writes into helpers (bsc#1051510). - thermal/drivers/hisi: Fix configuration register setting (bsc#1051510). - thermal: generic-adc: Fix adc to temp interpolation (bsc#1051510). - thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set (bsc#1051510). - thermal: int340x_thermal: Fix a NULL vs IS_ERR() check (bsc#1051510). - thermal: mediatek: fix register index error (bsc#1051510). - timekeeping: Use proper seqcount initializer (bsc#1051510). - tipc: compare remote and local protocols in tipc_udp_enable() (networking-stable-19_01_04). - tipc: eliminate KMSAN uninit-value in strcmp complaint (bsc#1051510). - tipc: error path leak fixes in tipc_enable_bearer() (bsc#1051510). - tipc: fix a double kfree_skb() (networking-stable-19_01_04). - tipc: fix a race condition of releasing subscriber object (bsc#1051510). - tipc: fix bug in function tipc_nl_node_dump_monitor (bsc#1051510). - tipc: fix infinite loop when dumping link monitor summary (bsc#1051510). - tipc: fix RDM/DGRAM connect() regression (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_bearer_enable (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_doit (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_link_reset_stats (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_link_set (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_name_table_dump (bsc#1051510). - tipc: use lock_sock() in tipc_sk_reinit() (networking-stable-19_01_04). - tpm: fix kdoc for tpm2_flush_context_cmd() (bsc#1051510). - tpm: return a TPM_RC_COMMAND_CODE response if command is not implemented (bsc#1051510). - tpm: Return the actual size when receiving an unsupported command (bsc#1051510). - tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated (bsc#1051510). - tpm/tpm_i2c_infineon: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) (bsc#1051510). - tpm: tpm_i2c_nuvoton: use correct command duration for TPM 2.x (bsc#1051510). - tpm: tpm_try_transmit() refactor error flow (bsc#1051510). - tracing: Do not free iter->trace in fail path of tracing_open_pipe() (bsc#1129581). - tracing/uprobes: Fix output for multiple string arguments (bsc#1126495). - tracing: Use strncpy instead of memcpy for string keys in hist triggers (bsc#1129625). - Tree connect for SMB3.1.1 must be signed for non-encrypted shares (bsc#1051510). - tty: Handle problem if line discipline does not have receive_buf (bsc#1051510). - tty: ipwireless: Fix potential NULL pointer dereference (bsc#1051510). - tty/n_hdlc: fix __might_sleep warning (bsc#1051510). - tty/serial: do not free trasnmit buffer page under port lock (bsc#1051510). - tty: serial: samsung: Properly set flags in autoCTS mode (bsc#1051510). - tun: forbid iface creation with rtnl ops (networking-stable-18_12_12). - uart: Fix crash in uart_write and uart_put_char (bsc#1051510). - ucc_geth: Reset BQL queue when stopping device (networking-stable-19_02_01). - ucma: fix a use-after-free in ucma_resolve_ip() (bsc#1051510). - uevent: add alloc_uevent_skb() helper (bsc#1122982). - uio_hv_generic: defer opening vmbus until first use (bsc#1127577). - uio_hv_generic: set callbacks on open (bsc#1127577). - uio: introduce UIO_MEM_IOVA (bsc#1127577). - Update patches.arch/s390-sles15-zcrypt-fix-specification-exception.patch (LTC#174936, bsc#1123060, bsc#1123061). - Update patches.fixes/acpi-nfit-Block-function-zero-DSMs.patch (bsc#1051510, bsc#1121789). - Update patches.fixes/acpi-nfit-Fix-command-supported-detection.patch (bsc#1051510, bsc#1121789). Add more detailed bugzilla reference. - Update patches.kabi/bpf-prevent-memory-disambiguation-attack.patch (bsc#1087082). - Update patches.kabi/bpf-properly-enforce-index-mask-to-prevent-out-of-bo.patch (bsc#1098425). - uprobes: Fix handle_swbp() vs. unregister() + register() race once more (bsc#1051510). - usb: Add new USB LPM helpers (bsc#1120902). - usb: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB (bsc#1120902). - usb: cdc-acm: send ZLP for Telit 3G Intel based modems (bsc#1120902). - usb: Consolidate LPM checks to avoid enabling LPM twice (bsc#1120902). - usb: dwc3: Correct the logic for checking TRB full in __dwc3_prepare_one_trb() (bsc#1051510). - usb: dwc3: gadget: Clear req->needs_extra_trb flag on cleanup (bsc#1120902). - usb: dwc3: gadget: Disable CSP for stream OUT ep (bsc#1051510). - usb: dwc3: gadget: Handle 0 xfer length for OUT EP (bsc#1051510). - usb: dwc3: trace: add missing break statement to make compiler happy (bsc#1120902). - usb: gadget: musb: fix short isoc packets with inventra dma (bsc#1051510). - usb: gadget: udc: net2272: Fix bitwise and boolean operations (bsc#1051510). - usb: hub: delay hub autosuspend if USB3 port is still link training (bsc#1051510). - usb: mtu3: fix the issue about SetFeature(U1/U2_Enable) (bsc#1051510). - usb: musb: dsps: fix otg state machine (bsc#1051510). - usb: musb: dsps: fix runtime pm for peripheral mode (bsc#1120902). - usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2 (networking-stable-18_12_03). - usbnet: smsc95xx: fix rx packet alignment (bsc#1051510). - usb: phy: am335x: fix race condition in _probe (bsc#1051510). - usb: serial: option: add Fibocom NL678 series (bsc#1120902). - usb: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays (bsc#1120902). - usb: serial: pl2303: add new PID to support PL2303TB (bsc#1051510). - usb: serial: simple: add Motorola Tetra TPG2200 device id (bsc#1051510). - usb: storage: add quirk for SMI SM3350 (bsc#1120902). - usb: storage: do not insert sane sense for SPC3+ when bad sense specified (bsc#1120902). - usb: xhci: fix 'broken_suspend' placement in struct xchi_hcd (bsc#1119086). - veth: set peer GSO values (bsc#1051510). - vfio: ccw: fix cleanup if cp_prefetch fails (git-fixes). - vfio: ccw: process ssch with interrupts disabled (git-fixes). - vfs: Add iomap_seek_hole and iomap_seek_data helpers (bsc#1070995). - vfs: Add page_cache_seek_hole_data helper (bsc#1070995). - vfs: in iomap seek_{hole,data}, return -ENXIO for negative offsets (bsc#1070995). - vhost: correctly check the return value of translate_desc() in log_used() (bsc#1051510). - vhost: log dirty page correctly (networking-stable-19_01_26). - vhost: make sure used idx is seen before log in vhost_add_used_n() (networking-stable-19_01_04). - vhost/vsock: fix uninitialized vhost_vsock->guest_cid (bsc#1051510). - video: clps711x-fb: release disp device node in probe() (bsc#1051510). - virtio-blk: Consider virtio_max_dma_size() for maximum segment size (bsc#1120008). - virtio: Introduce virtio_max_dma_size() (bsc#1120008). - virtio_net: Do not call free_old_xmit_skbs for xdp_frames (networking-stable-19_02_01). - virtio-net: fail XDP set if guest csum is negotiated (networking-stable-18_12_03). - virtio-net: keep vnet header zeroed after processing XDP (networking-stable-18_12_12). - virtio/s390: avoid race on vcdev->config (git-fixes). - virtio/s390: fix race in ccw_io_helper() (git-fixes). - vmbus: fix subchannel removal (bsc#1127577). - vmbus: keep pointer to ring buffer page (bsc#1127577). - vmbus: pass channel to hv_process_channel_removal (bsc#1127577). - vmbus: split ring buffer allocation from open (bsc#1127577). - VMCI: Support upto 64-bit PPNs (bsc#1127286). - vsock: cope with memory allocation failure at socket creation time (bsc#1051510). - VSOCK: Send reset control packet when socket is partially bound (networking-stable-19_01_04). - vt: invoke notifier on screen size change (bsc#1051510). - vxge: ensure data0 is initialized in when fetching firmware version information (bsc#1051510). - vxlan: Fix GRO cells race condition between receive and link delete (git-fixes). - vxlan: test dev->flags & IFF_UP before calling gro_cells_receive() (git-fixes). - vxlan: update skb dst pmtu on tx path (bsc#1123456). - w90p910_ether: remove incorrect __init annotation (bsc#1051510). - watchdog: docs: kernel-api: do not reference removed functions (bsc#1051510). - watchdog: w83627hf_wdt: Add quirk for Inves system (bsc#1106434). - writeback: do not decrement wb->refcnt if !wb->bdi (git fixes (writeback)). - x86: Add TSX Force Abort CPUID/MSR (bsc#1121805). - x86: Add TSX Force Abort CPUID/MSR (bsc#1121805). - x86/amd_nb: Add PCI device IDs for family 17h, model 30h (). - x86/amd_nb: Add support for newer PCI topologies (). - x86/a.out: Clear the dump structure initially (bsc#1114279). - x86/apic: Provide apic_ack_irq() (bsc#1122822). - x86/boot/e820: Avoid overwriting e820_table_firmware (bsc#1127154). - x86/boot/e820: Introduce the bootloader provided e820_table_firmware[] table (bsc#1127154). - x86/boot/e820: Rename the e820_table_firmware to e820_table_kexec (bsc#1127154). - x86/bugs: Add AMD's variant of SSB_NO (bsc#1114279). - x86/bugs: Update when to check for the LS_CFG SSBD mitigation (bsc#1114279). - x86/efi: Allocate e820 buffer before calling efi_exit_boot_service (bsc#1127307). - x86/efi: Allocate e820 buffer before calling efi_exit_boot_service (bsc#1127307). - x86/Hyper-V: Set x2apic destination mode to physical when x2apic is available (bsc#1122822). - x86/kaslr: Fix incorrect i8254 outb() parameters (bsc#1114279). - x86/kvmclock: set pvti_cpu0_va after enabling kvmclock (bsc#1098382). - x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out() (bsc#1114279). - x86/microcode/amd: Do not falsely trick the late loading mechanism (bsc#1114279). - x86/mm: Drop usage of __flush_tlb_all() in kernel_physical_mapping_init() (bsc#1114279). - x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE (bsc#1114279). - x86/mtrr: Do not copy uninitialized gentry fields back to userspace (bsc#1114279). - x86/pkeys: Properly copy pkey state at fork() (bsc#1129366). - x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls (bsc#1125614). - x86/pvclock: add setter for pvclock_pvti_cpu0_va (bsc#1098382). - x86/resctrl: Fix rdt_find_domain() return value and checks (bsc#1114279). - x86: respect memory size limiting via mem= parameter (bsc#1117645). - x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC variant (bsc#1114279). - x86/speculation: Remove redundant arch_smt_update() invocation (bsc#1114279). - x86/vdso: Remove obsolete 'fake section table' reservation (bsc#1114279). - x86/xen: dont add memory above max allowed allocation (bsc#1117645). - x86/xen/time: Output xen sched_clock time from 0 (bsc#1098382). - x86/xen/time: set pvclock flags on xen_time_init() (bsc#1098382). - x86/xen/time: setup vcpu 0 time info page (bsc#1098382). - xen, cpu_hotplug: Prevent an out of bounds access (bsc#1065600). - xen: fix dom0 boot on huge systems (bsc#1127836). - xen: Fix x86 sched_clock() interface for xen (bsc#1098382). - xen/manage: do not complain about an empty value in control/sysrq node (bsc#1065600). - xen: remove pre-xen3 fallback handlers (bsc#1065600). - xfs: add option to mount with barrier=0 or barrier=1 (bsc#1088133). - xfs: fix contiguous dquot chunk iteration livelock (bsc#1070995). - xfs: remove filestream item xfs_inode reference (bsc#1127961). - xfs: rewrite xfs_dq_get_next_id using xfs_iext_lookup_extent (bsc#1070995). - xfs: Switch to iomap for SEEK_HOLE / SEEK_DATA (bsc#1070995). - xhci: Add quirk to zero 64bit registers on Renesas PCIe controllers (bsc#1120854). - xhci: workaround CSS timeout on AMD SNPS 3.0 xHC (bsc#1119086). - xprtrdma: Reset credit grant properly after a disconnect (git-fixes). - Yama: Check for pid death before checking ancestry (bsc#1051510). - yam: fix a missing-check bug (bsc#1051510). - zswap: re-check zswap_is_full() after do zswap_shrink() (bsc#1051510). Important SUSE bug 1046305 SUSE bug 1046306 SUSE bug 1050252 SUSE bug 1050549 SUSE bug 1051510 SUSE bug 1054610 SUSE bug 1055121 SUSE bug 1056658 SUSE bug 1056662 SUSE bug 1056787 SUSE bug 1060463 SUSE bug 1063638 SUSE bug 1065600 SUSE bug 1070995 SUSE bug 1071995 SUSE bug 1078355 SUSE bug 1082943 SUSE bug 1083548 SUSE bug 1083647 SUSE bug 1084216 SUSE bug 1086095 SUSE bug 1086282 SUSE bug 1086301 SUSE bug 1086313 SUSE bug 1086314 SUSE bug 1086323 SUSE bug 1087082 SUSE bug 1087092 SUSE bug 1088133 SUSE bug 1094555 SUSE bug 1098382 SUSE bug 1098425 SUSE bug 1098995 SUSE bug 1103429 SUSE bug 1104353 SUSE bug 1106105 SUSE bug 1106434 SUSE bug 1106811 SUSE bug 1107078 SUSE bug 1107665 SUSE bug 1108101 SUSE bug 1108870 SUSE bug 1109695 SUSE bug 1110096 SUSE bug 1110705 SUSE bug 1111666 SUSE bug 1113042 SUSE bug 1113712 SUSE bug 1113722 SUSE bug 1113939 SUSE bug 1114279 SUSE bug 1114585 SUSE bug 1114893 SUSE bug 1117108 SUSE bug 1117155 SUSE bug 1117645 SUSE bug 1117947 SUSE bug 1118338 SUSE bug 1119019 SUSE bug 1119086 SUSE bug 1119766 SUSE bug 1119843 SUSE bug 1120008 SUSE bug 1120318 SUSE bug 1120601 SUSE bug 1120758 SUSE bug 1120854 SUSE bug 1120902 SUSE bug 1120909 SUSE bug 1120955 SUSE bug 1121317 SUSE bug 1121726 SUSE bug 1121789 SUSE bug 1121805 SUSE bug 1122159 SUSE bug 1122192 SUSE bug 1122324 SUSE bug 1122554 SUSE bug 1122662 SUSE bug 1122764 SUSE bug 1122779 SUSE bug 1122822 SUSE bug 1122885 SUSE bug 1122927 SUSE bug 1122944 SUSE bug 1122971 SUSE bug 1122982 SUSE bug 1123060 SUSE bug 1123061 SUSE bug 1123161 SUSE bug 1123317 SUSE bug 1123348 SUSE bug 1123357 SUSE bug 1123456 SUSE bug 1123538 SUSE bug 1123697 SUSE bug 1123882 SUSE bug 1123933 SUSE bug 1124055 SUSE bug 1124204 SUSE bug 1124235 SUSE bug 1124579 SUSE bug 1124589 SUSE bug 1124728 SUSE bug 1124732 SUSE bug 1124735 SUSE bug 1124969 SUSE bug 1124974 SUSE bug 1124975 SUSE bug 1124976 SUSE bug 1124978 SUSE bug 1124979 SUSE bug 1124980 SUSE bug 1124981 SUSE bug 1124982 SUSE bug 1124984 SUSE bug 1124985 SUSE bug 1125109 SUSE bug 1125125 SUSE bug 1125252 SUSE bug 1125315 SUSE bug 1125614 SUSE bug 1125728 SUSE bug 1125780 SUSE bug 1125797 SUSE bug 1125799 SUSE bug 1125800 SUSE bug 1125907 SUSE bug 1125947 SUSE bug 1126131 SUSE bug 1126209 SUSE bug 1126284 SUSE bug 1126389 SUSE bug 1126393 SUSE bug 1126476 SUSE bug 1126480 SUSE bug 1126481 SUSE bug 1126488 SUSE bug 1126495 SUSE bug 1126555 SUSE bug 1126579 SUSE bug 1126789 SUSE bug 1126790 SUSE bug 1126802 SUSE bug 1126803 SUSE bug 1126804 SUSE bug 1126805 SUSE bug 1126806 SUSE bug 1126807 SUSE bug 1127042 SUSE bug 1127062 SUSE bug 1127081 SUSE bug 1127082 SUSE bug 1127154 SUSE bug 1127285 SUSE bug 1127286 SUSE bug 1127307 SUSE bug 1127363 SUSE bug 1127493 SUSE bug 1127494 SUSE bug 1127495 SUSE bug 1127496 SUSE bug 1127497 SUSE bug 1127498 SUSE bug 1127534 SUSE bug 1127561 SUSE bug 1127567 SUSE bug 1127577 SUSE bug 1127595 SUSE bug 1127603 SUSE bug 1127682 SUSE bug 1127731 SUSE bug 1127750 SUSE bug 1127836 SUSE bug 1127961 SUSE bug 1128094 SUSE bug 1128166 SUSE bug 1128351 SUSE bug 1128378 SUSE bug 1128451 SUSE bug 1128895 SUSE bug 1129016 SUSE bug 1129046 SUSE bug 1129080 SUSE bug 1129163 SUSE bug 1129179 SUSE bug 1129181 SUSE bug 1129182 SUSE bug 1129183 SUSE bug 1129184 SUSE bug 1129205 SUSE bug 1129281 SUSE bug 1129284 SUSE bug 1129285 SUSE bug 1129291 SUSE bug 1129292 SUSE bug 1129293 SUSE bug 1129294 SUSE bug 1129295 SUSE bug 1129296 SUSE bug 1129326 SUSE bug 1129327 SUSE bug 1129330 SUSE bug 1129363 SUSE bug 1129366 SUSE bug 1129497 SUSE bug 1129519 SUSE bug 1129543 SUSE bug 1129547 SUSE bug 1129551 SUSE bug 1129581 SUSE bug 1129625 SUSE bug 1129664 SUSE bug 1129739 SUSE bug 1129923 SUSE bug 807502 SUSE bug 828192 CVE-2018-20669 CVE-2019-2024 CVE-2019-3459 CVE-2019-3460 CVE-2019-3819 CVE-2019-6974 CVE-2019-7221 CVE-2019-7222 CVE-2019-7308 CVE-2019-8912 CVE-2019-8980 CVE-2019-9213 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for w3m fixes several issues. These security issues were fixed: - CVE-2018-6196: Prevent infinite recursion in HTMLlineproc0 caused by the feed_table_block_tag function which did not prevent a negative indent value (bsc#1077559) - CVE-2018-6197: Prevent NULL pointer dereference in formUpdateBuffer (bsc#1077568) - CVE-2018-6198: w3m did not properly handle temporary files when the ~/.w3m directory is unwritable, which allowed a local attacker to craft a symlink attack to overwrite arbitrary files (bsc#1077572) Moderate SUSE bug 1077559 SUSE bug 1077568 SUSE bug 1077572 CVE-2018-6196 CVE-2018-6197 CVE-2018-6198 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssl-1_1 (OpenSSL Security Advisory [6 March 2019]) fixes the following issues: Security issue fixed: - CVE-2019-1543: Fixed an implementation error in ChaCha20-Poly1305 where it was allowed to set IV with more than 12 bytes (bsc#1128189). Moderate SUSE bug 1128189 CVE-2019-1543 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ntp fixes the following issues: Security issue fixed: - CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause segmentation fault to ntpd (bsc#1128525). Other isses addressed: - Fixed an issue which caused openSSL mismatch (bsc#1125401) - Fixed several bugs in the BANCOMM reclock driver. - Fixed ntp_loopfilter.c snprintf compilation warnings. - Fixed spurious initgroups() error message. - Fixed STA_NANO struct timex units. - Fixed GPS week rollover in libparse. - Fixed incorrect poll interval in packet. - Added a missing check for ENABLE_CMAC. Moderate SUSE bug 1125401 SUSE bug 1128525 CVE-2019-8936 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for bash fixes the following issues: Security issue fixed: - CVE-2019-9924: Fixed a vulnerability in which shell did not prevent user BASH_CMDS allowing the user to execute any command with the permissions of the shell (bsc#1130324). Important SUSE bug 1130324 CVE-2019-9924 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for file fixes the following issues: The following security vulnerabilities were addressed: - Fixed an out-of-bounds read in the function do_core_note in readelf.c, which allowed remote attackers to cause a denial of service (application crash) via a crafted ELF file (bsc#1096974 CVE-2018-10360). - CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c (bsc#1126118) - CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c (bsc#1126119) - CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c (bsc#1126117) Moderate SUSE bug 1096974 SUSE bug 1096984 SUSE bug 1126117 SUSE bug 1126118 SUSE bug 1126119 CVE-2018-10360 CVE-2019-8905 CVE-2019-8906 CVE-2019-8907 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: Security issuess addressed: - update to Firefox ESR 60.6.1 (bsc#1130262): - CVE-2019-9813: Fixed Ionmonkey type confusion with __proto__ mutations - CVE-2019-9810: Fixed IonMonkey MArraySlice incorrect alias information - Update to Firefox ESR 60.6 (bsc#1129821): - CVE-2018-18506: Fixed an issue with Proxy Auto-Configuration file - CVE-2019-9801: Fixed an issue which could allow Windows programs to be exposed to web content - CVE-2019-9788: Fixed multiple memory safety bugs - CVE-2019-9790: Fixed a Use-after-free vulnerability when removing in-use DOM elements - CVE-2019-9791: Fixed an incorrect Type inference for constructors entered through on-stack replacement with IonMonkey - CVE-2019-9792: Fixed an issue where IonMonkey leaks JS_OPTIMIZED_OUT magic value to script - CVE-2019-9793: Fixed multiple improper bounds checks when Spectre mitigations are disabled - CVE-2019-9794: Fixed an issue where command line arguments not discarded during execution - CVE-2019-9795: Fixed a Type-confusion vulnerability in IonMonkey JIT compiler - CVE-2019-9796: Fixed a Use-after-free vulnerability in SMIL animation controller - Update to Firefox ESR 60.5.1 (bsc#1125330): - CVE-2018-18356: Fixed a use-after-free vulnerability in the Skia library which can occur when creating a path, leading to a potentially exploitable crash. - CVE-2019-5785: Fixed an integer overflow vulnerability in the Skia library which can occur after specific transform operations, leading to a potentially exploitable crash. - CVE-2018-18335: Fixed a buffer overflow vulnerability in the Skia library which can occur with Canvas 2D acceleration on macOS. This issue was addressed by disabling Canvas 2D acceleration in Firefox ESR. Note: this does not affect other versions and platforms where Canvas 2D acceleration is already disabled by default. Other issue addressed: - Fixed an issue with MozillaFirefox-translations-common which was causing error on update (bsc#1127987). Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/ Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/ Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/ Important SUSE bug 1125330 SUSE bug 1127987 SUSE bug 1129821 SUSE bug 1130262 CVE-2018-18335 CVE-2018-18356 CVE-2018-18506 CVE-2019-5785 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9794 CVE-2019-9795 CVE-2019-9796 CVE-2019-9801 CVE-2019-9810 CVE-2019-9813 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for apache2 fixes the following issues: * CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241] * CVE-2019-0217: A race condition in Apache's 'mod_auth_digest' when running in a threaded server could have allowed users with valid credentials to authenticate using another username, bypassing configured access control restrictions. [bsc#1131239] * CVE-2019-0211: A flaw in the Apache HTTP Server allowed less-privileged child processes or threads to execute arbitrary code with the privileges of the parent process. Attackers with control over CGI scripts or extension modules run by the server could have abused this issue to potentially gain super user privileges. [bsc#1131233] * CVE-2019-0197: When HTTP/2 support was enabled in the Apache server for a 'http' host or H2Upgrade was enabled for h2 on a 'https' host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. This issue could have been abused to mount a denial-of-service attack. Servers that never enabled the h2 protocol or that only enabled it for https: and did not configure the 'H2Upgrade on' are unaffected. [bsc#1131245] * CVE-2019-0196: Through specially crafted network input the Apache's http/2 request handler could be lead to access previously freed memory while determining the method of a request. This resulted in the request being misclassified and thus being processed incorrectly. [bsc#1131237] Important SUSE bug 1131233 SUSE bug 1131237 SUSE bug 1131239 SUSE bug 1131241 SUSE bug 1131245 CVE-2019-0196 CVE-2019-0197 CVE-2019-0211 CVE-2019-0217 CVE-2019-0220 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xen fixes the following issues: Security issues fixed: - Fixed an issue which could allow malicious PV guests may cause a host crash or gain access to data pertaining to other guests.Additionally, vulnerable configurations are likely to be unstable even in the absence of an attack (bsc#1126198). - Fixed multiple access violations introduced by XENMEM_exchange hypercall which could allow a single PV guest to leak arbitrary amounts of memory, leading to a denial of service (bsc#1126192). - Fixed an issue which could allow a malicious unprivileged guest userspace process to escalate its privilege to that of other userspace processes in the same guest and potentially thereby to that of the guest operating system (bsc#1126201). - Fixed an issue which could allow malicious or buggy x86 PV guest kernels to mount a Denial of Service attack affecting the whole system (bsc#1126197). - Fixed an issue which could allow an untrusted PV domain with access to a physical device to DMA into its own pagetables leading to privilege escalation (bsc#1126195). - Fixed an issue which could allow a malicious or buggy x86 PV guest kernels can mount a Denial of Service attack affecting the whole system (bsc#1126196). - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() found in slirp (bsc#1123157). - Fixed an issue which could allow malicious 64bit PV guests to cause a host crash (bsc#1127400). - Fixed an issue which could allow malicious or buggy guests with passed through PCI devices to be able to escalate their privileges, crash the host, or access data belonging to other guests. Additionally memory leaks were also possible (bsc#1126140). - Fixed a race condition issue which could allow malicious PV guests to escalate their privilege to that of the hypervisor (bsc#1126141). - CVE-2019-9824: Fixed an information leak in SLiRP networking implementation which could allow a user/process to read uninitialised stack memory contents (bsc#1129623). Other issues addressed: - Upstream bug fixes (bsc#1027519) - Packages should no longer use /var/adm/fillup-templates (bsc#1069468). - Added Xen cmdline option 'suse_vtsc_tolerance' to avoid TSC emulation for HVM domUs (bsc#1026236). - Fixed an issue where setup of grant_tables and other variables may fail (bsc#1126325). - Fixed a building issue (bsc#1119161). - Added a requirement for xen, xl.cfg firmware='pvgrub32|pvgrub64 (bsc#1127620). - Fixed a segmetation fault in Libvirt when crash triggered on top of HVM guest (bsc#1120067). Important SUSE bug 1026236 SUSE bug 1027519 SUSE bug 1069468 SUSE bug 1119161 SUSE bug 1120067 SUSE bug 1123157 SUSE bug 1126140 SUSE bug 1126141 SUSE bug 1126192 SUSE bug 1126195 SUSE bug 1126196 SUSE bug 1126197 SUSE bug 1126198 SUSE bug 1126201 SUSE bug 1126325 SUSE bug 1127400 SUSE bug 1127620 SUSE bug 1129623 CVE-2019-6778 CVE-2019-9824 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for clamav to version 0.100.3 fixes the following issues: Security issues fixed (bsc#1130721): - CVE-2019-1787: Fixed an out-of-bounds heap read condition which may occur when scanning PDF documents. - CVE-2019-1789: Fixed an out-of-bounds heap read condition which may occur when scanning PE files (i.e. Windows EXE and DLL files). - CVE-2019-1788: Fixed an out-of-bounds heap write condition which may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. Important SUSE bug 1130721 CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for SDL fixes the following issues: Security issues fixed: - CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806). - CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099). - CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799). - CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805). - CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827). - CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826). - CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824). - CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803). - CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802). - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825). - CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800). Moderate SUSE bug 1124799 SUSE bug 1124800 SUSE bug 1124802 SUSE bug 1124803 SUSE bug 1124805 SUSE bug 1124806 SUSE bug 1124824 SUSE bug 1124825 SUSE bug 1124826 SUSE bug 1124827 SUSE bug 1125099 CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for dovecot22 fixes the following issues: Security issues fixed: - CVE-2019-7524: Fixed an improper file handling which could result in stack overflow allowing local root escalation (bsc#1130116). - CVE-2019-3814: Fixed a vulnerability related to SSL client certificate authentication (bsc#1123022). Other issue fixed: - Fixed handling of command continuation(bsc#1111789) Important SUSE bug 1111789 SUSE bug 1123022 SUSE bug 1130116 CVE-2019-3814 CVE-2019-7524 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for sqlite3 fixes the following issues: Security issues fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687). - CVE-2018-20506: Fixed an integer overflow when FTS3 extension is enabled (bsc#1131576). Moderate SUSE bug 1119687 SUSE bug 1131576 CVE-2018-20346 CVE-2018-20506 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xmltooling fixes the following issue: Security issue fixed: - CVE-2019-9628: Fixed an improper handling of exception in XMLTooling library which could result in denial of service against the application using XMLTooling (bsc#1129537). Moderate SUSE bug 1129537 CVE-2019-9628 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libvirt fixes the following issues: Security issue fixed: - CVE-2019-3840: Fixed a null pointer dereference vulnerability in virJSONValueObjectHasKey function which could have resulted in a remote denial of service via the guest agent (bsc#1127458). - CVE-2019-3886: Fixed an information leak which allowed to retrieve the guest hostname under readonly mode (bsc#1131595). Other issues addressed: - libxl: support Xen's max_grant_frames setting with maxGrantFrames attribute on the xenbus controller (bsc#1126325). - conf: added new 'xenbus' controller type - util: skip RDMA detection for non-PCI network devices (bsc#1112182). - qemu: don't use CAP_DAC_OVERRIDE capability if non-root (bsc#1125665). - qemu: fix issues related to restricted permissions on /dev/sev(bsc#1102604). - libxl: save current memory value after successful balloon (bsc#1120813). - libxl: Add support for soft reset. (bsc#1081516) Moderate SUSE bug 1081516 SUSE bug 1102604 SUSE bug 1112182 SUSE bug 1120813 SUSE bug 1125665 SUSE bug 1126325 SUSE bug 1127458 SUSE bug 1131595 CVE-2019-3840 CVE-2019-3886 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for wget fixes the following issues: Security issue fixed: - CVE-2019-5953: Fixed a buffer overflow vulnerability which might cause code execution (bsc#1131493). Important SUSE bug 1131493 CVE-2019-5953 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for soundtouch fixes the following issues: Security issues fixed: - CVE-2018-17098: Fixed a heap corruption from size inconsistency, which allowed remote attackers to cause a denial of service or possibly have other unspecified impact (bsc#1108632) - CVE-2018-17097: Fixed a double free, which allowed remote attackers to cause a denial of service or possibly have other unspecified impact (bsc#1108631) Moderate SUSE bug 1108631 SUSE bug 1108632 CVE-2018-17097 CVE-2018-17098 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). Important SUSE bug 1129346 CVE-2019-9636 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for freeradius-server fixes the following issues: - CVE-2019-13456: Fixed a side-channel password leak in EAP-pwd (bsc#1144524). - CVE-2019-17185: Fixed a debial of service due to multithreaded BN_CTX access (bsc#1166847). - Fixed an issue in TLS-EAP where the OCSP verification, when an intermediate client certificate was not explicitly trusted (bsc#1146848). Moderate SUSE bug 1144524 SUSE bug 1146848 SUSE bug 1166847 CVE-2019-13456 CVE-2019-17185 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for man fixes the following issues: - Skip using 'safe-rm' in cron job below cache directory (bsc#1159105). Moderate SUSE bug 1159105 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libqt4 fixes the following issues: - CVE-2018-15518: Fixed a double free in QXmlStreamReader (bsc#1118595) - CVE-2018-19873: Fixed a segmantation fault via a malformed BMP file (bsc#1118596). - CVE-2018-19869: Fixed an improper checking which might lead to a crach via a malformed url reference (bsc#1118599). - Added stricter toplevel asm parsing by dropping volatile qualification that has no effect (bsc#1121214). Moderate SUSE bug 1118595 SUSE bug 1118596 SUSE bug 1118599 SUSE bug 1121214 CVE-2018-15518 CVE-2018-19869 CVE-2018-19873 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for cups fixes the following issues: - CVE-2020-3898: Fixed a heap buffer overflow in ppdFindOption() (bsc#1168422). Important SUSE bug 1168422 CVE-2020-3898 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssl-1_1 fixes the following issues: - CVE-2020-1967: Fixed a denial of service via NULL pointer dereference in SSL_check_chain (bsc#1169407). Important SUSE bug 1169407 CVE-2020-1967 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ovmf fixes the following issues: - CVE-2019-14559: Fixed a memory leak in ArpOnFrameRcvdDpc() (bsc#1163927). Moderate SUSE bug 1163927 CVE-2019-14559 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for file-roller fixes the following issues: - CVE-2019-16680: Fixed a path traversal vulnerability which could have allowed an overwriting of a file during extraction (bsc#1151585). Low SUSE bug 1151585 CVE-2019-16680 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for pam_radius fixes the following issues: - CVE-2015-9542: Fixed a buffer overflow in password field (bsc#1163933). - On s390x didn't decrypt passwords correctly (bsc#1141670). Important SUSE bug 1141670 SUSE bug 1163933 CVE-2015-9542 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-8834: KVM on Power8 processors had a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability to run code in kernel space of a guest VM can cause the host kernel to panic (bnc#1168276). - CVE-2020-11494: An issue was discovered in slc_bump in drivers/net/can/slcan.c, which allowed attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL (bnc#1168424). - CVE-2020-10942: In get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls (bnc#1167629). - CVE-2019-9458: In the video driver there was a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed (bnc#1168295). - CVE-2019-3701: Fixed an issue in can_can_gw_rcv, which could cause a system crash (bnc#1120386). - CVE-2019-19770: Fixed a use-after-free in the debugfs_remove function (bsc#1159198). - CVE-2020-11669: Fixed an issue where arch/powerpc/kernel/idle_book3s.S did not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR (bnc#1169390). - CVE-2020-8647: There was a use-after-free vulnerability in the vc_do_resize function in drivers/tty/vt/vt.c (bnc#1162929). - CVE-2020-8649: There was a use-after-free vulnerability in the vgacon_invert_region function in drivers/video/console/vgacon.c (bnc#1162931). - CVE-2020-9383: An issue was discovered set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it (bnc#1165111). - CVE-2019-19768: Fixed a use-after-free in the __blk_add_trace function in kernel/trace/blktrace.c (bnc#1159285). The following non-security bugs were fixed: - ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro (bsc#1051510). - ACPI: watchdog: Fix gas->access_width usage (bsc#1051510). - ALSA: ali5451: remove redundant variable capture_flag (bsc#1051510). - ALSA: core: Replace zero-length array with flexible-array member (bsc#1051510). - ALSA: dummy: Fix PCM format loop in proc output (bsc#1111666). - ALSA: emu10k1: Fix endianness annotations (bsc#1051510). - ALSA: hda/ca0132 - Replace zero-length array with flexible-array member (bsc#1051510). - ALSA: hda_codec: Replace zero-length array with flexible-array member (bsc#1051510). - ALSA: hda: Fix potential access overflow in beep helper (bsc#1051510). - ALSA: hda/realtek: Fix pop noise on ALC225 (git-fixes). - ALSA: hda/realtek - Set principled PC Beep configuration for ALC256 (bsc#1051510). - ALSA: hda: remove redundant assignment to variable timeout (bsc#1051510). - ALSA: hda: Use scnprintf() for string truncation (bsc#1051510). - ALSA: hdsp: remove redundant assignment to variable err (bsc#1051510). - ALSA: ice1724: Fix invalid access for enumerated ctl items (bsc#1051510). - ALSA: info: remove redundant assignment to variable c (bsc#1051510). - ALSA: korg1212: fix if-statement empty body warnings (bsc#1051510). - ALSA: line6: Fix endless MIDI read loop (git-fixes). - ALSA: pcm: oss: Avoid plugin buffer overflow (git-fixes). - ALSA: pcm: oss: Fix regression by buffer overflow fix (bsc#1051510). - ALSA: pcm: oss: Remove WARNING from snd_pcm_plug_alloc() checks (git-fixes). - ALSA: seq: oss: Fix running status after receiving sysex (git-fixes). - ALSA: seq: virmidi: Fix running status after receiving sysex (git-fixes). - ALSA: usx2y: Adjust indentation in snd_usX2Y_hwdep_dsp_status (bsc#1051510). - ALSA: via82xx: Fix endianness annotations (bsc#1051510). - ASoC: dapm: Correct DAPM handling of active widgets during shutdown (bsc#1051510). - ASoC: Intel: atom: Take the drv->lock mutex before calling sst_send_slot_map() (bsc#1051510). - ASoC: Intel: mrfld: fix incorrect check on p->sink (bsc#1051510). - ASoC: Intel: mrfld: return error codes when an error occurs (bsc#1051510). - ASoC: jz4740-i2s: Fix divider written at incorrect offset in register (bsc#1051510). - ASoC: pcm512x: Fix unbalanced regulator enable call in probe error path (bsc#1051510). - ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output (bsc#1051510). - ASoC: pcm: update FE/BE trigger order based on the command (bsc#1051510). - ASoC: samsung: Prevent clk_get_rate() calls in atomic context (bsc#1111666). - ASoC: sun8i-codec: Remove unused dev from codec struct (bsc#1051510). - ASoC: topology: Fix memleak in soc_tplg_link_elems_load() (bsc#1051510). - ath9k: Handle txpower changes even when TPC is disabled (bsc#1051510). - atm: zatm: Fix empty body Clang warnings (bsc#1051510). - atomic: Add irqsave variant of atomic_dec_and_lock() (bsc#1166003). - b43legacy: Fix -Wcast-function-type (bsc#1051510). - batman-adv: Avoid spurious warnings from bat_v neigh_cmp implementation (bsc#1051510). - batman-adv: Do not schedule OGM for disabled interface (bsc#1051510). - batman-adv: prevent TT request storms by not sending inconsistent TT TLVLs (bsc#1051510). - blk: Fix kabi due to blk_trace_mutex addition (bsc#1159285). - blk-mq: Allow blocking queue tag iter callbacks (bsc#1167316). - blktrace: fix dereference after null check (bsc#1159285). - blktrace: fix trace mutex deadlock (bsc#1159285). - block: allow gendisk's request_queue registration to be (bsc#1104967,bsc#1159142). - block, bfq: fix use-after-free in bfq_idle_slice_timer_body (bsc#1168760). - block: keep bdi->io_pages in sync with max_sectors_kb for stacked devices (bsc#1168762). - Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl (bsc#1051510). - bnxt_en: Fix TC queue mapping (networking-stable-20_02_05). - bonding/alb: properly access headers in bond_alb_xmit() (networking-stable-20_02_09). - bpf: Explicitly memset some bpf info structures declared on the stack (bsc#1083647). - bpf: Explicitly memset the bpf_attr structure (bsc#1083647). - bpf: fix ldx in ld_abs rewrite for large offsets (bsc#1154385). - bpf: implement ld_abs/ld_ind in native bpf (bsc#1154385). - bpf: make unknown opcode handling more robust (bsc#1154385). - bpf: prefix cbpf internal helpers with bpf_ (bsc#1154385). - bpf, x64: remove ld_abs/ld_ind (bsc#1154385). - bpf, x64: save several bytes by using mov over movabsq when possible (bsc#1154385). - btrfs: Account for trans_block_rsv in may_commit_transaction (bsc#1165949). - btrfs: add a flush step for delayed iputs (bsc#1165949). - btrfs: add assertions for releasing trans handle reservations (bsc#1165949). - btrfs: add btrfs_delete_ref_head helper (bsc#1165949). - btrfs: add enospc debug messages for ticket failure (bsc#1165949). - btrfs: Add enospc_debug printing in metadata_reserve_bytes (bsc#1165949). - btrfs: add new flushing states for the delayed refs rsv (bsc#1165949). - btrfs: add space reservation tracepoint for reserved bytes (bsc#1165949). - btrfs: allow us to use up to 90% of the global rsv for unlink (bsc#1165949). - btrfs: always reserve our entire size for the global reserve (bsc#1165949). - btrfs: assert on non-empty delayed iputs (bsc##1165949). - btrfs: be more explicit about allowed flush states (bsc#1165949). - btrfs: call btrfs_create_pending_block_groups unconditionally (bsc#1165949). - btrfs: catch cow on deleting snapshots (bsc#1165949). - btrfs: change the minimum global reserve size (bsc#1165949). - btrfs: check if there are free block groups for commit (bsc#1165949). - btrfs: clean up error handling in btrfs_truncate() (bsc#1165949). - btrfs: cleanup extent_op handling (bsc#1165949). - btrfs: cleanup root usage by btrfs_get_alloc_profile (bsc#1165949). - btrfs: cleanup the target logic in __btrfs_block_rsv_release (bsc#1165949). - btrfs: clear space cache inode generation always (bsc#1165949). - btrfs: delayed-ref: pass delayed_refs directly to btrfs_delayed_ref_lock (bsc#1165949). - btrfs: do not account global reserve in can_overcommit (bsc#1165949). - btrfs: do not allow reservations if we have pending tickets (bsc#1165949). - btrfs: do not call btrfs_start_delalloc_roots in flushoncommit (bsc#1165949). - btrfs: do not end the transaction for delayed refs in throttle (bsc#1165949). - btrfs: do not enospc all tickets on flush failure (bsc#1165949). - btrfs: do not run delayed_iputs in commit (bsc##1165949). - btrfs: do not run delayed refs in the end transaction logic (bsc#1165949). - btrfs: do not use ctl->free_space for max_extent_size (bsc##1165949). - btrfs: do not use global reserve for chunk allocation (bsc#1165949). - btrfs: drop min_size from evict_refill_and_join (bsc##1165949). - btrfs: drop unused space_info parameter from create_space_info (bsc#1165949). - btrfs: dump block_rsv details when dumping space info (bsc#1165949). - btrfs: export block group accounting helpers (bsc#1165949). - btrfs: export block_rsv_use_bytes (bsc#1165949). - btrfs: export btrfs_block_rsv_add_bytes (bsc#1165949). - btrfs: export __btrfs_block_rsv_release (bsc#1165949). - btrfs: export space_info_add_*_bytes (bsc#1165949). - btrfs: export the block group caching helpers (bsc#1165949). - btrfs: export the caching control helpers (bsc#1165949). - btrfs: export the excluded extents helpers (bsc#1165949). - btrfs: extent-tree: Add lockdep assert when updating space info (bsc#1165949). - btrfs: extent-tree: Add trace events for space info numbers update (bsc#1165949). - btrfs: extent-tree: Detect bytes_may_use underflow earlier (bsc#1165949). - btrfs: extent-tree: Detect bytes_pinned underflow earlier (bsc#1165949). - btrfs: factor out the ticket flush handling (bsc#1165949). - btrfs: fix btrfs_wait_ordered_range() so that it waits for all ordered extents (bsc#1163508). - btrfs: fix insert_reserved error handling (bsc##1165949). - btrfs: fix may_commit_transaction to deal with no partial filling (bsc#1165949). - btrfs: fix missing delayed iputs on unmount (bsc#1165949). - btrfs: fix panic during relocation after ENOSPC before writeback happens (bsc#1163508). - btrfs: fix qgroup double free after failure to reserve metadata for delalloc (bsc#1165949). - btrfs: fix race leading to metadata space leak after task received signal (bsc#1165949). - btrfs: fix truncate throttling (bsc#1165949). - btrfs: force chunk allocation if our global rsv is larger than metadata (bsc#1165949). - btrfs: Improve global reserve stealing logic (bsc#1165949). - btrfs: introduce an evict flushing state (bsc#1165949). - btrfs: introduce delayed_refs_rsv (bsc#1165949). - btrfs: loop in inode_rsv_refill (bsc#1165949). - btrfs: make btrfs_destroy_delayed_refs use btrfs_delayed_ref_lock (bsc#1165949). - btrfs: make btrfs_destroy_delayed_refs use btrfs_delete_ref_head (bsc#1165949). - btrfs: make caching_thread use btrfs_find_next_key (bsc#1165949). - btrfs: migrate btrfs_trans_release_chunk_metadata (bsc#1165949). - btrfs: migrate inc/dec_block_group_ro code (bsc#1165949). - btrfs: migrate nocow and reservation helpers (bsc#1165949). - btrfs: migrate the alloc_profile helpers (bsc#1165949). - btrfs: migrate the block group caching code (bsc#1165949). - btrfs: migrate the block group cleanup code (bsc#1165949). - btrfs: migrate the block group lookup code (bsc#1165949). - btrfs: migrate the block group read/creation code (bsc#1165949). - btrfs: migrate the block group ref counting stuff (bsc#1165949). - btrfs: migrate the block group removal code (bsc#1165949). - btrfs: migrate the block group space accounting helpers (bsc#1165949). - btrfs: migrate the block-rsv code to block-rsv.c (bsc#1165949). - btrfs: migrate the chunk allocation code (bsc#1165949). - btrfs: migrate the delalloc space stuff to it's own home (bsc#1165949). - btrfs: migrate the delayed refs rsv code (bsc#1165949). - btrfs: migrate the dirty bg writeout code (bsc#1165949). - btrfs: migrate the global_block_rsv helpers to block-rsv.c (bsc#1165949). - btrfs: move and export can_overcommit (bsc#1165949). - btrfs: move basic block_group definitions to their own header (bsc#1165949). - btrfs: move btrfs_add_free_space out of a header file (bsc#1165949). - btrfs: move btrfs_block_rsv definitions into it's own header (bsc#1165949). - btrfs: move btrfs_raid_group values to btrfs_raid_attr table (bsc#1165949). - btrfs: move btrfs_space_info_add_*_bytes to space-info.c (bsc#1165949). - btrfs: move dump_space_info to space-info.c (bsc#1165949). - btrfs: move reserve_metadata_bytes and supporting code to space-info.c (bsc#1165949). - btrfs: move space_info to space-info.h (bsc#1165949). - btrfs: move the space_info handling code to space-info.c (bsc#1165949). - btrfs: move the space info update macro to space-info.h (bsc#1165949). - btrfs: move the subvolume reservation stuff out of extent-tree.c (bsc#1165949). - btrfs: only check delayed ref usage in should_end_transaction (bsc#1165949). - btrfs: only check priority tickets for priority flushing (bsc#1165949). - btrfs: only free reserved extent if we didn't insert it (bsc##1165949). - btrfs: only reserve metadata_size for inodes (bsc#1165949). - btrfs: only track ref_heads in delayed_ref_updates (bsc#1165949). - btrfs: Output ENOSPC debug info in inc_block_group_ro (bsc#1165949). - btrfs: pass root to various extent ref mod functions (bsc#1165949). - btrfs: refactor block group replication factor calculation to a helper (bsc#1165949). - btrfs: refactor priority_reclaim_metadata_space (bsc#1165949). - btrfs: refactor the ticket wakeup code (bsc#1165949). - btrfs: release metadata before running delayed refs (bsc##1165949). - btrfs: Remove btrfs_inode::delayed_iput_count (bsc#1165949). - btrfs: Remove fs_info from do_chunk_alloc (bsc#1165949). - btrfs: remove orig_bytes from reserve_ticket (bsc#1165949). - btrfs: Remove redundant argument of flush_space (bsc#1165949). - btrfs: rename btrfs_space_info_add_old_bytes (bsc#1165949). - btrfs: rename do_chunk_alloc to btrfs_chunk_alloc (bsc#1165949). - btrfs: rename the btrfs_calc_*_metadata_size helpers (bsc#1165949). - btrfs: replace cleaner_delayed_iput_mutex with a waitqueue (bsc#1165949). - btrfs: reserve delalloc metadata differently (bsc#1165949). - btrfs: reserve extra space during evict (bsc#1165949). - btrfs: reset max_extent_size on clear in a bitmap (bsc##1165949). - btrfs: reset max_extent_size properly (bsc##1165949). - btrfs: rework btrfs_check_space_for_delayed_refs (bsc#1165949). - btrfs: rework wake_all_tickets (bsc#1165949). - btrfs: roll tracepoint into btrfs_space_info_update helper (bsc#1165949). - btrfs: run btrfs_try_granting_tickets if a priority ticket fails (bsc#1165949). - btrfs: run delayed iput at unlink time (bsc#1165949). - btrfs: run delayed iputs before committing (bsc#1165949). - btrfs: set max_extent_size properly (bsc##1165949). - btrfs: stop partially refilling tickets when releasing space (bsc#1165949). - btrfs: stop using block_rsv_release_bytes everywhere (bsc#1165949). - btrfs: temporarily export btrfs_get_restripe_target (bsc#1165949). - btrfs: temporarily export fragment_free_space (bsc#1165949). - btrfs: temporarily export inc_block_group_ro (bsc#1165949). - btrfs: track DIO bytes in flight (bsc#1165949). - btrfs: unexport can_overcommit (bsc#1165949). - btrfs: unexport the temporary exported functions (bsc#1165949). - btrfs: unify error handling for ticket flushing (bsc#1165949). - btrfs: update may_commit_transaction to use the delayed refs rsv (bsc#1165949). - btrfs: use btrfs_try_granting_tickets in update_global_rsv (bsc#1165949). - btrfs: wait on caching when putting the bg cache (bsc#1165949). - btrfs: wait on ordered extents on abort cleanup (bsc#1165949). - btrfs: wakeup cleaner thread when adding delayed iput (bsc#1165949). - ceph: canonicalize server path in place (bsc#1168443). - ceph: remove the extra slashes in the server path (bsc#1168443). - cfg80211: check reg_rule for NULL in handle_channel_custom() (bsc#1051510). - cfg80211: check wiphy driver existence for drvinfo report (bsc#1051510). - cgroup: memcg: net: do not associate sock with unrelated cgroup (bsc#1167290). - cifs: add a debug macro that prints \\server\share for errors (bsc#1144333). - cifs: add missing mount option to /proc/mounts (bsc#1144333). - cifs: add new debugging macro cifs_server_dbg (bsc#1144333). - cifs: add passthrough for smb2 setinfo (bsc#1144333). - cifs: add SMB2_open() arg to return POSIX data (bsc#1144333). - cifs: add smb2 POSIX info level (bsc#1144333). - cifs: add SMB3 change notification support (bsc#1144333). - cifs: add support for fallocate mode 0 for non-sparse files (bsc#1144333). - cifs: Add support for setting owner info, dos attributes, and create time (bsc#1144333). - cifs: Add tracepoints for errors on flush or fsync (bsc#1144333). - cifs: Adjust indentation in smb2_open_file (bsc#1144333). - cifs: allow chmod to set mode bits using special sid (bsc#1144333). - cifs: Avoid doing network I/O while holding cache lock (bsc#1144333). - cifs: call wake_up(&server->response_q) inside of cifs_reconnect() (bsc#1144333). - cifs: Clean up DFS referral cache (bsc#1144333). - cifs: create a helper function to parse the query-directory response buffer (bsc#1144333). - cifs: do d_move in rename (bsc#1144333). - cifs: Do not display RDMA transport on reconnect (bsc#1144333). - cifs: do not ignore the SYNC flags in getattr (bsc#1144333). - cifs: do not leak -EAGAIN for stat() during reconnect (bsc#1144333). - cifs: do not use 'pre:' for MODULE_SOFTDEP (bsc#1144333). - cifs: enable change notification for SMB2.1 dialect (bsc#1144333). - cifs: fail i/o on soft mounts if sessionsetup errors out (bsc#1144333). - cifs: fix a comment for the timeouts when sending echos (bsc#1144333). - cifs: fix a white space issue in cifs_get_inode_info() (bsc#1144333). - cifs: fix dereference on ses before it is null checked (bsc#1144333). - cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1144333). - cifs: fix mode bits from dir listing when mounted with modefromsid (bsc#1144333). - cifs: Fix mode output in debugging statements (bsc#1144333). - cifs: Fix mount options set in automount (bsc#1144333). - cifs: fix NULL dereference in match_prepath (bsc#1144333). - cifs: Fix potential deadlock when updating vol in cifs_reconnect() (bsc#1144333). - cifs: fix potential mismatch of UNC paths (bsc#1144333). - cifs: fix rename() by ensuring source handle opened with DELETE bit (bsc#1144333). - cifs: Fix return value in __update_cache_entry (bsc#1144333). - cifs: fix soft mounts hanging in the reconnect code (bsc#1144333). - cifs: Fix task struct use-after-free on reconnect (bsc#1144333). - cifs: fix unitialized variable poential problem with network I/O cache lock patch (bsc#1144333). - cifs: get mode bits from special sid on stat (bsc#1144333). - cifs: Get rid of kstrdup_const()'d paths (bsc#1144333). - cifs: handle prefix paths in reconnect (bsc#1144333). - cifs: ignore cached share root handle closing errors (bsc#1166780). - cifs: Introduce helpers for finding TCP connection (bsc#1144333). - cifs: log warning message (once) if out of disk space (bsc#1144333). - cifs: make sure we do not overflow the max EA buffer size (bsc#1144333). - cifs: make use of cap_unix(ses) in cifs_reconnect_tcon() (bsc#1144333). - cifs: Merge is_path_valid() into get_normalized_path() (bsc#1144333). - cifs: modefromsid: make room for 4 ACE (bsc#1144333). - cifs: modefromsid: write mode ACE first (bsc#1144333). - cifs: Optimize readdir on reparse points (bsc#1144333). - cifs: plumb smb2 POSIX dir enumeration (bsc#1144333). - cifs: potential unintitliazed error code in cifs_getattr() (bsc#1144333). - cifs: prepare SMB2_query_directory to be used with compounding (bsc#1144333). - cifs: print warning once if mounting with vers=1.0 (bsc#1144333). - cifs: refactor cifs_get_inode_info() (bsc#1144333). - cifs: remove redundant assignment to pointer pneg_ctxt (bsc#1144333). - cifs: remove redundant assignment to variable rc (bsc#1144333). - cifs: remove set but not used variables (bsc#1144333). - cifs: remove set but not used variable 'server' (bsc#1144333). - cifs: remove unused variable (bsc#1144333). - cifs: remove unused variable 'sid_user' (bsc#1144333). - cifs: rename a variable in SendReceive() (bsc#1144333). - cifs: rename posix create rsp (bsc#1144333). - cifs: replace various strncpy with strscpy and similar (bsc#1144333). - cifs: Return directly after a failed build_path_from_dentry() in cifs_do_create() (bsc#1144333). - cifs: set correct max-buffer-size for smb2_ioctl_init() (bsc#1144333). - cifs: smbd: Add messages on RDMA session destroy and reconnection (bsc#1144333). - cifs: smbd: Invalidate and deregister memory registration on re-send for direct I/O (bsc#1144333). - cifs: smbd: Only queue work for error recovery on memory registration (bsc#1144333). - cifs: smbd: Return -EAGAIN when transport is reconnecting (bsc#1144333). - cifs: smbd: Return -ECONNABORTED when trasnport is not in connected state (bsc#1144333). - cifs: smbd: Return -EINVAL when the number of iovs exceeds SMBDIRECT_MAX_SGE (bsc#1144333). - cifs: Use common error handling code in smb2_ioctl_query_info() (bsc#1144333). - cifs: use compounding for open and first query-dir for readdir() (bsc#1144333). - cifs: Use #define in cifs_dbg (bsc#1144333). - cifs: Use memdup_user() rather than duplicating its implementation (bsc#1144333). - cifs: use mod_delayed_work() for &server->reconnect if already queued (bsc#1144333). - cifs: use PTR_ERR_OR_ZERO() to simplify code (bsc#1144333). - clk: qcom: rcg: Return failure for RCG update (bsc#1051510). - cls_rsvp: fix rsvp_policy (networking-stable-20_02_05). - configfs: Fix bool initialization/comparison (bsc#1051510). - cpufreq: powernv: Fix unsafe notifiers (bsc#1065729). - cpufreq: powernv: Fix use-after-free (bsc#1065729). - cpufreq: Register drivers only after CPU devices have been registered (bsc#1051510). - cpuidle: Do not unset the driver if it is there already (bsc#1051510). - crypto: arm64/sha-ce - implement export/import (bsc#1051510). - crypto: mxs-dcp - fix scatterlist linearization for hash (bsc#1051510). - crypto: pcrypt - Fix user-after-free on module unload (git-fixes). - crypto: tcrypt - fix printed skcipher [a]sync mode (bsc#1051510). - debugfs: add support for more elaborate ->d_fsdata (bsc#1159198 bsc#1109911). - debugfs: call debugfs_real_fops() only after debugfs_file_get() (bsc#1159198 bsc#1109911). - debugfs: convert to debugfs_file_get() and -put() (bsc#1159198 bsc#1109911). - debugfs: debugfs_real_fops(): drop __must_hold sparse annotation (bsc#1159198 bsc#1109911). - debugfs: debugfs_use_start/finish do not exist anymore (bsc#1159198). - debugfs: defer debugfs_fsdata allocation to first usage (bsc#1159198 bsc#1109911). - debugfs: fix debugfs_real_fops() build error (bsc#1159198 bsc#1109911). - debugfs: implement per-file removal protection (bsc#1159198 bsc#1109911). - debugfs: purge obsolete SRCU based removal protection (bsc#1159198 bsc#1109911). - debugfs: simplify __debugfs_remove_file() (bsc#1159198). - Delete patches which cause regression (bsc#1165527 ltc#184149). - Deprecate NR_UNSTABLE_NFS, use NR_WRITEBACK (bsc#1163403). - device: Use overflow helpers for devm_kmalloc() (bsc#1166003). - dmaengine: coh901318: Fix a double lock bug in dma_tc_handle() (bsc#1051510). - dmaengine: ste_dma40: fix unneeded variable warning (bsc#1051510). - dm: fix incomplete request_queue initialization (bsc#1104967,bsc#1159142). - driver core: platform: fix u32 greater or equal to zero comparison (bsc#1051510). - driver core: platform: Prevent resouce overflow from causing infinite loops (bsc#1051510). - driver core: Print device when resources present in really_probe() (bsc#1051510). - drivers/md/raid5.c: use the new spelling of RWH_WRITE_LIFE_NOT_SET (bsc#1166003). - drivers/md/raid5: Do not disable irq on release_inactive_stripe_list() call (bsc#1166003). - drivers/md/raid5-ppl.c: use the new spelling of RWH_WRITE_LIFE_NOT_SET (bsc#1166003). - drivers/md/raid5: Use irqsave variant of atomic_dec_and_lock() (bsc#1166003). - drm/amd/display: remove duplicated assignment to grph_obj_type (bsc#1051510). - drm/amdkfd: fix a use after free race with mmu_notifer unregister (bsc#1114279) - drm: atmel-hlcdc: enable clock before configuring timing engine (bsc#1114279) - drm/bochs: downgrade pci_request_region failure from error to warning (bsc#1051510). - drm/bridge: dw-hdmi: fix AVI frame colorimetry (bsc#1051510). - drm_dp_mst_topology: fix broken drm_dp_sideband_parse_remote_dpcd_read() (bsc#1051510). - drm/drm_dp_mst:remove set but not used variable 'origlen' (bsc#1051510). - drm/etnaviv: fix dumping of iommuv2 (bsc#1114279) - drm/gma500: Fixup fbdev stolen size usage evaluation (bsc#1051510). - drm/i915/gvt: Separate display reset from ALL_ENGINES reset (bsc#1114279) - drm/i915/selftests: Fix return in assert_mmap_offset() (bsc#1114279) - drm/i915/userptr: fix size calculation (bsc#1114279) - drm/i915/userptr: Try to acquire the page lock around (bsc#1114279) - drm/i915: Wean off drm_pci_alloc/drm_pci_free (bsc#1114279) - drm/mediatek: Add gamma property according to hardware capability (bsc#1114279) - drm/mediatek: disable all the planes in atomic_disable (bsc#1114279) - drm/mediatek: handle events when enabling/disabling crtc (bsc#1051510). - drm/mipi_dbi: Fix off-by-one bugs in mipi_dbi_blank() (bsc#1114279) - drm: msm: mdp4: Adjust indentation in mdp4_dsi_encoder_enable (bsc#1114279) - drm/msm: Set dma maximum segment size for mdss (bsc#1051510). - drm/msm: stop abusing dma_map/unmap for cache (bsc#1051510). - drm/msm: Use the correct dma_sync calls harder (bsc#1051510). - drm/msm: Use the correct dma_sync calls in msm_gem (bsc#1051510). - drm/nouveau/disp/nv50-: prevent oops when no channel method map provided (bsc#1051510). - drm/nouveau/gr/gk20a,gm200-: add terminators to method lists read from fw (bsc#1051510). - drm: rcar-du: Recognize 'renesas,vsps' in addition to 'vsps' (bsc#1114279) - drm: remove the newline for CRC source name (bsc#1051510). - dt-bindings: allow up to four clocks for orion-mdio (bsc#1051510). - EDAC/mc: Fix use-after-free and memleaks during device removal (bsc#1114279). - efi: Fix a race and a buffer overflow while reading efivars via sysfs (bsc#1164893). - ethtool: Factored out similar ethtool link settings for virtual devices to core (bsc#1136157 ltc#177197). - ext4: add cond_resched() to __ext4_find_entry() (bsc#1166862). - ext4: Avoid ENOSPC when avoiding to reuse recently deleted inodes (bsc#1165019). - ext4: Check for non-zero journal inum in ext4_calculate_overhead (bsc#1167288). - ext4: do not assume that mmp_nodename/bdevname have NUL (bsc#1166860). - ext4: fix a data race in EXT4_I(inode)->i_disksize (bsc#1166861). - ext4: fix incorrect group count in ext4_fill_super error message (bsc#1168765). - ext4: fix incorrect inodes per group in error message (bsc#1168764). - ext4: fix potential race between online resizing and write operations (bsc#1166864). - ext4: fix potential race between s_flex_groups online resizing and access (bsc#1166867). - ext4: fix potential race between s_group_info online resizing and access (bsc#1166866). - ext4: fix race between writepages and enabling EXT4_EXTENTS_FL (bsc#1166870). - ext4: fix support for inode sizes > 1024 bytes (bsc#1164284). - ext4: potential crash on allocation error in ext4_alloc_flex_bg_array() (bsc#1166940). - ext4: rename s_journal_flag_rwsem to s_writepages_rwsem (bsc#1166868). - ext4: validate the debug_want_extra_isize mount option at parse time (bsc#1163897). - fat: fix uninit-memory access for partial initialized inode (bsc#1051510). - fat: work around race with userspace's read via blockdev while mounting (bsc#1051510). - fbdev/g364fb: Fix build failure (bsc#1051510). - fbdev: potential information leak in do_fb_ioctl() (bsc#1114279) - fbmem: Adjust indentation in fb_prepare_logo and fb_blank (bsc#1114279) - fcntl: fix typo in RWH_WRITE_LIFE_NOT_SET r/w hint name (bsc#1166003). - fix memory leak in large read decrypt offload (bsc#1144333). - fs/cifs/cifssmb.c: use true,false for bool variable (bsc#1144333). - fs: cifs: cifsssmb: remove redundant assignment to variable ret (bsc#1144333). - fs: cifs: Initialize filesystem timestamp ranges (bsc#1144333). - fs: cifs: mute -Wunused-const-variable message (bsc#1144333). - fs/cifs/sess.c: Remove set but not used variable 'capabilities' (bsc#1144333). - fs/cifs/smb2ops.c: use true,false for bool variable (bsc#1144333). - fs/cifs/smb2pdu.c: Make SMB2_notify_init static (bsc#1144333). - fs/xfs: fix f_ffree value for statfs when project quota is set (bsc#1165985). - ftrace/kprobe: Show the maxactive number on kprobe_events (git-fixes). - gtp: make sure only SOCK_DGRAM UDP sockets are accepted (networking-stable-20_01_27). - gtp: use __GFP_NOWARN to avoid memalloc warning (networking-stable-20_02_05). - HID: apple: Add support for recent firmware on Magic Keyboards (bsc#1051510). - HID: core: fix off-by-one memset in hid_report_raw_event() (bsc#1051510). - HID: hiddev: Fix race in in hiddev_disconnect() (git-fixes). - hv_netvsc: Fix memory leak when removing rndis device (networking-stable-20_01_20). - hv_netvsc: pass netvsc_device to rndis halt - hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT() (bsc#1051510). - i2c: hix5hd2: add missed clk_disable_unprepare in remove (bsc#1051510). - i2c: jz4780: silence log flood on txabrt (bsc#1051510). - IB/hfi1: Close window for pq and request coliding (bsc#1060463 ). - IB/hfi1: convert to debugfs_file_get() and -put() (bsc#1159198 bsc#1109911). - ibmvfc: do not send implicit logouts prior to NPIV login (bsc#1169625 ltc#184611). - ibmvfc: Fix NULL return compiler warning (bsc#1161951 ltc#183551). - ibmvnic: Do not process device remove during device reset (bsc#1065729). - ibmvnic: Warn unknown speed message only when carrier is present (bsc#1065729). - iio: gyro: adis16136: check ret val for non-zero vs less-than-zero (bsc#1051510). - iio: imu: adis16400: check ret val for non-zero vs less-than-zero (bsc#1051510). - iio: imu: adis16480: check ret val for non-zero vs less-than-zero (bsc#1051510). - iio: imu: adis: check ret val for non-zero vs less-than-zero (bsc#1051510). - iio: magnetometer: ak8974: Fix negative raw values in sysfs (bsc#1051510). - iio: potentiostat: lmp9100: fix iio_triggered_buffer_{predisable,postenable} positions (bsc#1051510). - Input: add safety guards to input_set_keycode() (bsc#1168075). - Input: avoid BIT() macro usage in the serio.h UAPI header (bsc#1051510). - Input: edt-ft5x06 - work around first register access error (bsc#1051510). - Input: raydium_i2c_ts - fix error codes in raydium_i2c_boot_trigger() (bsc#1051510). - Input: synaptics - enable RMI on HP Envy 13-ad105ng (bsc#1051510). - Input: synaptics - enable SMBus on ThinkPad L470 (bsc#1051510). - Input: synaptics - remove the LEN0049 dmi id from topbuttonpad list (bsc#1051510). - Input: synaptics - switch T470s to RMI4 by default (bsc#1051510). - intel_th: Fix user-visible error codes (bsc#1051510). - intel_th: pci: Add Elkhart Lake CPU support (bsc#1051510). - iommu/amd: Check feature support bit before accessing MSI capability registers (bsc#1166101). - iommu/amd: Fix the configuration of GCR3 table root pointer (bsc#1169057). - iommu/amd: Only support x2APIC with IVHD type 11h/40h (bsc#1166102). - iommu/dma: Fix MSI reservation allocation (bsc#1166730). - iommu/vt-d: dmar: replace WARN_TAINT with pr_warn + add_taint (bsc#1166731). - iommu/vt-d: Fix a bug in intel_iommu_iova_to_phys() for huge page (bsc#1166732). - iommu/vt-d: Fix compile warning from intel-svm.h (bsc#1166103). - iommu/vt-d: Fix the wrong printing in RHSA parsing (bsc#1166733). - iommu/vt-d: Ignore devices with out-of-spec domain number (bsc#1166734). - iommu/vt-d: quirk_ioat_snb_local_iommu: replace WARN_TAINT with pr_warn + add_taint (bsc#1166735). - ipmi: fix hung processes in __get_guid() (git-fixes). - ipmi:ssif: Handle a possible NULL pointer reference (bsc#1051510). - ipv4: ensure rcu_read_lock() in cipso_v4_error() (git-fixes). - ipv6: Fix nlmsg_flags when splitting a multipath route (networking-stable-20_03_01). - ipv6: Fix route replacement with dev-only route (networking-stable-20_03_01). - ipvlan: do not add hardware address of master to its unicast filter list (bsc#1137325). - irqchip/bcm2835: Quiesce IRQs left enabled by bootloader (bsc#1051510). - irqdomain: Fix a memory leak in irq_domain_push_irq() (bsc#1051510). - iwlegacy: Fix -Wcast-function-type (bsc#1051510). - iwlwifi: mvm: Do not require PHY_SKU NVM section for 3168 devices (bsc#1166632). - iwlwifi: mvm: Fix thermal zone registration (bsc#1051510). - kABI: fixes for debugfs per-file removal protection backports (bsc#1159198 bsc#1109911). - kabi fix for (bsc#1168202). - kabi: invoke bpf_gen_ld_abs() directly (bsc#1158552). - kABI: restore debugfs_remove_recursive() (bsc#1159198). - kernel/module.c: Only return -EEXIST for modules that have finished loading (bsc#1165488). - kernel/module.c: wakeup processes in module_wq on module unload (bsc#1165488). - KVM: arm64: Store vcpu on the stack during __guest_enter() (bsc#1133021). - KVM: s390: do not clobber registers during guest reset/store status (bsc#1133021). - KVM: s390: ENOTSUPP -> EOPNOTSUPP fixups (bsc#1133021). - KVM: s390: vsie: Fix possible race when shadowing region 3 tables (git-fixes). - KVM: s390: vsie: Fix region 1 ASCE sanity shadow address checks (git-fixes). - KVM: VMX: check descriptor table exits on instruction emulation (bsc#1166104). - l2tp: Allow duplicate session creation with UDP (networking-stable-20_02_05). - lcoking/rwsem: Add missing ACQUIRE to read_slowpath sleep loop (bsc#1050549). - libfs: fix infoleak in simple_attr_read() (bsc#1168881). - lib/raid6: add missing include for raid6test (bsc#1166003). - lib/raid6: add option to skip algo benchmarking (bsc#1166003). - lib/raid6/altivec: Add vpermxor implementation for raid6 Q syndrome (bsc#1166003). - lib/raid6: avoid __attribute_const__ redefinition (bsc#1166003). - locking/rwsem: Prevent decrement of reader count before increment (bsc#1050549). - mac80211: consider more elements in parsing CRC (bsc#1051510). - mac80211: Do not send mesh HWMP PREQ if HWMP is disabled (bsc#1051510). - mac80211: free peer keys before vif down in mesh (bsc#1051510). - mac80211: mesh: fix RCU warning (bsc#1051510). - mac80211: only warn once on chanctx_conf being NULL (bsc#1051510). - mac80211: rx: avoid RCU list traversal under mutex (bsc#1051510). - macsec: add missing attribute validation for port (bsc#1051510). - macsec: fix refcnt leak in module exit routine (bsc#1051510). - md: add __acquires/__releases annotations to handle_active_stripes (bsc#1166003). - md: add __acquires/__releases annotations to (un)lock_two_stripes (bsc#1166003). - md: add a missing endianness conversion in check_sb_changes (bsc#1166003). - md: add bitmap_abort label in md_run (bsc#1166003). - md: add feature flag MD_FEATURE_RAID0_LAYOUT (bsc#1166003). - md: allow last device to be forcibly removed from RAID1/RAID10 (bsc#1166003). - md: avoid invalid memory access for array sb->dev_roles (bsc#1166003). - md/bitmap: avoid race window between md_bitmap_resize and bitmap_file_clear_bit (bsc#1166003). - md-bitmap: create and destroy wb_info_pool with the change of backlog (bsc#1166003). - md-bitmap: create and destroy wb_info_pool with the change of bitmap (bsc#1166003). - md-bitmap: small cleanups (bsc#1166003). - md/bitmap: use mddev_suspend/resume instead of ->quiesce() (bsc#1166003). - md-cluster/bitmap: do not call md_bitmap_sync_with_cluster during reshaping stage (bsc#1166003). - md-cluster: introduce resync_info_get interface for sanity check (bsc#1166003). - md-cluster/raid10: call update_size in md_reap_sync_thread (bsc#1166003). - md-cluster/raid10: do not call remove_and_add_spares during reshaping stage (bsc#1166003). - md-cluster/raid10: resize all the bitmaps before start reshape (bsc#1166003). - md-cluster/raid10: support add disk under grow mode (bsc#1166003). - md-cluster: remove suspend_info (bsc#1166003). - md-cluster: send BITMAP_NEEDS_SYNC message if reshaping is interrupted (bsc#1166003). - md: convert to kvmalloc (bsc#1166003). - md: do not call spare_active in md_reap_sync_thread if all member devices can't work (bsc#1166003). - md: do not set In_sync if array is frozen (bsc#1166003). - md: fix an error code format and remove unsed bio_sector (bsc#1166003). - md: fix a typo s/creat/create (bsc#1166003). - md: fix for divide error in status_resync (bsc#1166003). - md: fix spelling typo and add necessary space (bsc#1166003). - md: introduce mddev_create/destroy_wb_pool for the change of member device (bsc#1166003). - md: introduce new personality funciton start() (bsc#1166003). - md-linear: use struct_size() in kzalloc() (bsc#1166003). - md: Make bio_alloc_mddev use bio_alloc_bioset (bsc#1166003). - md: make sure desc_nr less than MD_SB_DISKS (bsc#1166003). - md: md.c: Return -ENODEV when mddev is NULL in rdev_attr_show (bsc#1166003). - md: no longer compare spare disk superblock events in super_load (bsc#1166003). - md/r5cache: remove redundant pointer bio (bsc#1166003). - md/raid0: Fix an error message in raid0_make_request() (bsc#1166003). - md raid0/linear: Mark array as 'broken' and fail BIOs if a member is gone (bsc#1166003). - md/raid10: end bio when the device faulty (bsc#1166003). - md/raid10: Fix raid10 replace hang when new added disk faulty (bsc#1166003). - md/raid10: prevent access of uninitialized resync_pages offset (bsc#1166003). - md/raid10: read balance chooses idlest disk for SSD (bsc#1166003). - md: raid10: Use struct_size() in kmalloc() (bsc#1166003). - md/raid1: avoid soft lockup under high load (bsc#1166003). - md: raid1: check rdev before reference in raid1_sync_request func (bsc#1166003). - md/raid1: end bio when the device faulty (bsc#1166003). - md/raid1: fail run raid1 array when active disk less than one (bsc#1166003). - md/raid1: Fix a warning message in remove_wb() (bsc#1166003). - md/raid1: fix potential data inconsistency issue with write behind device (bsc#1166003). - md/raid1: get rid of extra blank line and space (bsc#1166003). - md/raid5: Assigning NULL to sh->batch_head before testing bit R5_Overlap of a stripe (bsc#1166003). - md/raid5: use bio_end_sector to calculate last_sector (bsc#1166003). - md/raid6: fix algorithm choice under larger PAGE_SIZE (bsc#1166003). - md/raid6: implement recovery using ARM NEON intrinsics (bsc#1166003). - md: remove a bogus comment (bsc#1166003). - md: remove redundant code that is no longer reachable (bsc#1166003). - md: remove set but not used variable 'bi_rdev' (bsc#1166003). - md: rename wb stuffs (bsc#1166003). - md: return -ENODEV if rdev has no mddev assigned (bsc#1166003). - md: use correct type in super_1_load (bsc#1166003). - md: use correct type in super_1_sync (bsc#1166003). - md: use correct types in md_bitmap_print_sb (bsc#1166003). - media: dib0700: fix rc endpoint lookup (bsc#1051510). - media: flexcop-usb: fix endpoint sanity check (git-fixes). - media: go7007: Fix URB type for interrupt handling (bsc#1051510). - media: ov519: add missing endpoint sanity checks (bsc#1168829). - media: ov6650: Fix .get_fmt() V4L2_SUBDEV_FORMAT_TRY support (bsc#1051510). - media: ov6650: Fix some format attributes not under control (bsc#1051510). - media: ov6650: Fix stored crop rectangle not in sync with hardware (bsc#1051510). - media: ov6650: Fix stored frame format not in sync with hardware (bsc#1051510). - media: stv06xx: add missing descriptor sanity checks (bsc#1168854). - media: tda10071: fix unsigned sign extension overflow (bsc#1051510). - media: usbtv: fix control-message timeouts (bsc#1051510). - media: uvcvideo: Refactor teardown of uvc on USB disconnect (bsc#1164507). - media: v4l2-core: fix entity initialization in device_register_subdev (bsc#1051510). - media: vsp1: tidyup VI6_HGT_LBn_H() macro (bsc#1051510). - media: xirlink_cit: add missing descriptor sanity checks (bsc#1051510). - mfd: dln2: Fix sanity checking for endpoints (bsc#1051510). - misc: pci_endpoint_test: Fix to support > 10 pci-endpoint-test devices (bsc#1051510). - mmc: sdhci-of-at91: fix cd-gpios for SAMA5D2 (bsc#1051510). - mm/filemap.c: do not initiate writeback if mapping has no dirty pages (bsc#1168884). - mm/memory_hotplug.c: only respect mem= parameter during boot stage (bsc#1065600). - MM: replace PF_LESS_THROTTLE with PF_LOCAL_THROTTLE (bsc#1163403). - mm: Use overflow helpers in kvmalloc() (bsc#1166003). - mwifiex: set needed_headroom, not hard_header_len (bsc#1051510). - net: core: another layer of lists, around PF_MEMALLOC skb handling (bsc#1050549). - net: cxgb3_main: Add CAP_NET_ADMIN check to CHELSIO_GET_MEM (networking-stable-20_01_27). - net: dsa: bcm_sf2: Fix overflow checks (git-fixes). - net: dsa: mv88e6xxx: Preserve priority when setting CPU port (networking-stable-20_01_11). - net: dsa: tag_qca: fix doubled Tx statistics (networking-stable-20_01_20). - net: dsa: tag_qca: Make sure there is headroom for tag (networking-stable-20_02_19). - net: ena: Add PCI shutdown handler to allow safe kexec (bsc#1167421, bsc#1167423). - net/ethtool: Introduce link_ksettings API for virtual network devices (bsc#1136157 ltc#177197). - net: fib_rules: Correctly set table field when table number exceeds 8 bits (networking-stable-20_03_01). - netfilter: conntrack: sctp: use distinct states for new SCTP connections (bsc#1159199). - net: hns: fix soft lockup when there is not enough memory (networking-stable-20_01_20). - net: hsr: fix possible NULL deref in hsr_handle_frame() (networking-stable-20_02_05). - net: ip6_gre: fix moving ip6gre between namespaces (networking-stable-20_01_27). - net, ip6_tunnel: fix namespaces move (networking-stable-20_01_27). - net, ip_tunnel: fix namespaces move (networking-stable-20_01_27). - net: macb: Limit maximum GEM TX length in TSO (networking-stable-20_02_09). - net: macb: Remove unnecessary alignment check for TSO (networking-stable-20_02_09). - net/mlxfw: Verify FSM error code translation does not exceed array size (bsc#1051858). - net: mvneta: move rx_dropped and rx_errors in per-cpu stats (networking-stable-20_02_09). - net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL (bsc#1051510). - net: nfc: fix bounds checking bugs on 'pipe' (bsc#1051510). - net: phy: micrel: kszphy_resume(): add delay after genphy_resume() before accessing PHY registers (bsc#1051510). - net: phy: restore mdio regs in the iproc mdio driver (networking-stable-20_03_01). - net: rtnetlink: validate IFLA_MTU attribute in rtnl_create_link() (networking-stable-20_01_27). - net_sched: ematch: reject invalid TCF_EM_SIMPLE (networking-stable-20_01_30). - net_sched: fix an OOB access in cls_tcindex (networking-stable-20_02_05). - net_sched: fix a resource leak in tcindex_set_parms() (networking-stable-20_02_09). - net_sched: fix datalen for ematch (networking-stable-20_01_27). - net/sched: flower: add missing validation of TCA_FLOWER_FLAGS (networking-stable-20_02_19). - net_sched: keep alloc_hash updated after hash allocation (git-fixes). - net/sched: matchall: add missing validation of TCA_MATCHALL_FLAGS (networking-stable-20_02_19). - net: sch_prio: When ungrafting, replace with FIFO (networking-stable-20_01_11). - net/smc: add fallback check to connect() (git-fixes). - net/smc: fix leak of kernel memory to user space (networking-stable-20_02_19). - net/smc: fix refcount non-blocking connect() -part 2 (git-fixes). - net: stmmac: Delete txtimer in suspend() (networking-stable-20_02_05). - net: stmmac: dwmac-sunxi: Allow all RGMII modes (networking-stable-20_01_11). - net-sysfs: Fix reference count leak (networking-stable-20_01_27). - net: systemport: Avoid RBUF stuck in Wake-on-LAN mode (networking-stable-20_02_09). - net: usb: lan78xx: Add .ndo_features_check (networking-stable-20_01_27). - net: usb: lan78xx: fix possible skb leak (networking-stable-20_01_11). - net/wan/fsl_ucc_hdlc: fix out of bounds write on array utdm_info (networking-stable-20_01_20). - NFC: fdp: Fix a signedness bug in fdp_nci_send_patch() (bsc#1051510). - NFC: pn544: Fix a typo in a debug message (bsc#1051510). - nfc: pn544: Fix occasional HW initialization failure (networking-stable-20_03_01). - NFC: port100: Convert cpu_to_le16(le16_to_cpu(E1) + E2) to use le16_add_cpu() (bsc#1051510). - NFS: send state management on a single connection (bsc#1167005). - nvme-multipath: fix possible I/O hang when paths are updated (bsc#1158983). - objtool: Add is_static_jump() helper (bsc#1169514). - objtool: Add relocation check for alternative sections (bsc#1169514). - OMAP: DSS2: remove non-zero check on variable r (bsc#1114279) - orinoco: avoid assertion in case of NULL pointer (bsc#1051510). - padata: always acquire cpu_hotplug_lock before pinst->lock (git-fixes). - partitions/efi: Fix partition name parsing in GUID partition entry (bsc#1168763). - PCI/ASPM: Clear the correct bits when enabling L1 substates (bsc#1051510). - PCI: endpoint: Fix clearing start entry in configfs (bsc#1051510). - PCI: pciehp: Fix MSI interrupt race (bsc#1159037). - PCI/switchtec: Fix init_completion race condition with poll_wait() (bsc#1051510). - perf/amd/uncore: Replace manual sampling check with CAP_NO_INTERRUPT flag (bsc#1114279). - perf: qcom_l2: fix column exclusion check (git-fixes). - pinctrl: baytrail: Do not clear IRQ flags on direct-irq enabled pins (bsc#1051510). - pinctrl: core: Remove extra kref_get which blocks hogs being freed (bsc#1051510). - pinctrl: sh-pfc: sh7264: Fix CAN function GPIOs (bsc#1051510). - pinctrl: sh-pfc: sh7269: Fix CAN function GPIOs (bsc#1051510). - pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM (networking-stable-20_01_11). - platform/x86: pmc_atom: Add Lex 2I385SW to critclk_systems DMI table (bsc#1051510). - PM: core: Fix handling of devices deleted during system-wide resume (git-fixes). - powerpc/64: mark start_here_multiplatform as __ref (bsc#1148868). - powerpc/64s: Fix section mismatch warnings from boot code (bsc#1148868). - powerpc/64/tm: Do not let userspace set regs->trap via sigreturn (bsc#1118338 ltc#173734). - powerpc: fix hardware PMU exception bug on PowerVM compatibility mode systems (bsc#1056686). - powerpc/hash64/devmap: Use H_PAGE_THP_HUGE when setting up huge devmap PTE entries (bsc#1065729). - powerpc/kprobes: Ignore traps that happened in real mode (bsc#1065729). - powerpc/mm: Fix section mismatch warning in stop_machine_change_mapping() (bsc#1148868). - powerpc/pseries: Avoid NULL pointer dereference when drmem is unavailable (bsc#1160659). - powerpc/pseries: group lmb operation and memblock's (bsc#1165404 ltc#183498). - powerpc/pseries/memory-hotplug: Only update DT once per memory DLPAR request (bsc#1165404 ltc#183498). - powerpc/pseries: update device tree before ejecting hotplug uevents (bsc#1165404 ltc#183498). - powerpc/smp: Use nid as fallback for package_id (bsc#1165813 ltc#184091). - powerpc/vmlinux.lds: Explicitly retain .gnu.hash (bsc#1148868). - powerpc/xive: Replace msleep(x) with msleep(OPAL_BUSY_DELAY_MS) (bsc#1085030). - powerpc/xive: Use XIVE_BAD_IRQ instead of zero to catch non configured IPIs (bsc#1085030). - pwm: bcm2835: Dynamically allocate base (bsc#1051510). - pwm: meson: Fix confusing indentation (bsc#1051510). - pwm: pca9685: Fix PWM/GPIO inter-operation (bsc#1051510). - pwm: rcar: Fix late Runtime PM enablement (bsc#1051510). - pwm: renesas-tpu: Fix late Runtime PM enablement (bsc#1051510). - pxa168fb: fix release function mismatch in probe failure (bsc#1051510). - qede: Fix race between rdma destroy workqueue and link change event (networking-stable-20_03_01). - qmi_wwan: re-add DW5821e pre-production variant (bsc#1051510). - qmi_wwan: unconditionally reject 2 ep interfaces (bsc#1051510). - raid10: refactor common wait code from regular read/write request (bsc#1166003). - raid1: factor out a common routine to handle the completion of sync write (bsc#1166003). - raid1: simplify raid1_error function (bsc#1166003). - raid1: use an int as the return value of raise_barrier() (bsc#1166003). - raid5: block failing device if raid will be failed (bsc#1166003). - raid5-cache: Need to do start() part job after adding journal device (bsc#1166003). - raid5: copy write hint from origin bio to stripe (bsc#1166003). - raid5: do not increment read_errors on EILSEQ return (bsc#1166003). - raid5: do not set STRIPE_HANDLE to stripe which is in batch list (bsc#1166003). - raid5 improve too many read errors msg by adding limits (bsc#1166003). - raid5: need to set STRIPE_HANDLE for batch head (bsc#1166003). - raid5: remove STRIPE_OPS_REQ_PENDING (bsc#1166003). - raid5: remove worker_cnt_per_group argument from alloc_thread_groups (bsc#1166003). - raid5: set write hint for PPL (bsc#1166003). - raid5: use bio_end_sector in r5_next_bio (bsc#1166003). - raid6/test: fix a compilation error (bsc#1166003). - raid6/test: fix a compilation warning (bsc#1166003). - remoteproc: Initialize rproc_class before use (bsc#1051510). - Revert 'HID: add NOGET quirk for Eaton Ellipse MAX UPS' (git-fixes). - Revert 'locking/pvqspinlock: Do not wait if vCPU is preempted' (bsc#1050549). - rtlwifi: rtl8192de: Fix missing callback that tests for hw release of buffer (git-fixes). - rtlwifi: rtl_pci: Fix -Wcast-function-type (bsc#1051510). - rxrpc: Fix insufficient receive notification generation (networking-stable-20_02_05). - s390/cio: avoid duplicated 'ADD' uevents (git-fixes). - s390/cio: generate delayed uevent for vfio-ccw subchannels (git-fixes). - s390/cpuinfo: fix wrong output when CPU0 is offline (git-fixes). - s390/diag: fix display of diagnose call statistics (git-fixes). - s390/gmap: return proper error code on ksm unsharing (git-fixes). - s390/mm: fix dynamic pagetable upgrade for hugetlbfs (bsc#1165182 LTC#184102). - s390/qeth: cancel RX reclaim work earlier (git-fixes). - s390/qeth: do not return -ENOTSUPP to userspace (git-fixes). - s390/qeth: do not warn for napi with 0 budget (git-fixes). - s390/qeth: fix off-by-one in RX copybreak check (git-fixes). - s390/qeth: fix promiscuous mode after reset (git-fixes). - s390/qeth: fix qdio teardown after early init error (git-fixes). - s390/qeth: handle error due to unsupported transport mode (git-fixes). - s390/qeth: handle error when backing RX buffer (git-fixes). - s390/qeth: lock the card while changing its hsuid (git-fixes). - s390/qeth: support net namespaces for L3 devices (git-fixes). - s390/time: Fix clk type in get_tod_clock (git-fixes). - scsi: core: avoid repetitive logging of device offline messages (bsc#1145929). - scsi: core: kABI fix offline_already (bsc#1145929). - scsi: fnic: do not queue commands during fwreset (bsc#1146539). - scsi: ibmvfc: Add failed PRLI to cmd_status lookup array (bsc#1161951 ltc#183551). - scsi: ibmvfc: Avoid loss of all paths during SVC node reboot (bsc#1161951 ltc#183551). - scsi: ibmvfc: Byte swap status and error codes when logging (bsc#1161951 ltc#183551). - scsi: ibmvfc: Clean up transport events (bsc#1161951 ltc#183551). - scsi: ibmvfc: constify dev_pm_ops structures (bsc#1161951 ltc#183551). - scsi: ibmvfc: Do not call fc_block_scsi_eh() on host reset (bsc#1161951 ltc#183551). - scsi: ibmvfc: Fix NULL return compiler warning (bsc#1161951 ltc#183551). Refresh sorted patches. - scsi: ibmvfc: ibmvscsi: ibmvscsi_tgt: constify vio_device_id (bsc#1161951 ltc#183551). - scsi: ibmvfc: Mark expected switch fall-throughs (bsc#1161951 ltc#183551). - scsi: ibmvfc: Remove 'failed' from logged errors (bsc#1161951 ltc#183551). - scsi: ibmvfc: Remove unneeded semicolons (bsc#1161951 ltc#183551). - scsi: ibmvscsi: change strncpy+truncation to strlcpy (bsc#1161951 ltc#183551). - scsi: ibmvscsi: constify dev_pm_ops structures (bsc#1161951 ltc#183551). - scsi: ibmvscsi: Do not use rc uninitialized in ibmvscsi_do_work (bsc#1161951 ltc#183551). - scsi: ibmvscsi: fix tripping of blk_mq_run_hw_queue WARN_ON (bsc#1161951 ltc#183551). - scsi: ibmvscsi: Improve strings handling (bsc#1161951 ltc#183551). - scsi: ibmvscsi: redo driver work thread to use enum action states (bsc#1161951 ltc#183551). - scsi: ibmvscsi: Wire up host_reset() in the driver's scsi_host_template (bsc#1161951 ltc#183551). - scsi: qla2xxx: Add 16.0GT for PCI String (bsc#1157424). - scsi: qla2xxx: Add beacon LED config sysfs interface (bsc#1157424). - scsi: qla2xxx: Add changes in preparation for vendor extended FDMI/RDP (bsc#1157424). - scsi: qla2xxx: Add deferred queue for processing ABTS and RDP (bsc#1157424). - scsi: qla2xxx: Add endianizer macro calls to fc host stats (bsc#1157424). - scsi: qla2xxx: Add fixes for mailbox command (bsc#1157424). - scsi: qla2xxx: add more FW debug information (bsc#1157424). - scsi: qla2xxx: Add ql2xrdpenable module parameter for RDP (bsc#1157424). - scsi: qla2xxx: Add sysfs node for D-Port Diagnostics AEN data (bsc#1157424). - scsi: qla2xxx: Add vendor extended FDMI commands (bsc#1157424). - scsi: qla2xxx: Add vendor extended RDP additions and amendments (bsc#1157424). - scsi: qla2xxx: Avoid setting firmware options twice in 24xx_update_fw_options (bsc#1157424). - scsi: qla2xxx: Check locking assumptions at runtime in qla2x00_abort_srb() (bsc#1157424). - scsi: qla2xxx: Cleanup ELS/PUREX iocb fields (bsc#1157424). - scsi: qla2xxx: Convert MAKE_HANDLE() from a define into an inline function (bsc#1157424). - scsi: qla2xxx: Correction to selection of loopback/echo test (bsc#1157424). - scsi: qla2xxx: Display message for FCE enabled (bsc#1157424). - scsi: qla2xxx: Fix control flags for login/logout IOCB (bsc#1157424). - scsi: qla2xxx: Fix FCP-SCSI FC4 flag passing error (bsc#1157424). - scsi: qla2xxx: fix FW resource count values (bsc#1157424). - scsi: qla2xxx: Fix I/Os being passed down when FC device is being deleted (bsc#1157424). - scsi: qla2xxx: Fix NPIV instantiation after FW dump (bsc#1157424). - scsi: qla2xxx: Fix qla2x00_echo_test() based on ISP type (bsc#1157424). - scsi: qla2xxx: Fix RDP respond data format (bsc#1157424). - scsi: qla2xxx: Fix RDP response size (bsc#1157424). - scsi: qla2xxx: Fix sparse warning reported by kbuild bot (bsc#1157424). - scsi: qla2xxx: Fix sparse warnings triggered by the PCI state checking code (bsc#1157424). - scsi: qla2xxx: Force semaphore on flash validation failure (bsc#1157424). - scsi: qla2xxx: Handle cases for limiting RDP response payload length (bsc#1157424). - scsi: qla2xxx: Handle NVME status iocb correctly (bsc#1157424). - scsi: qla2xxx: Improved secure flash support messages (bsc#1157424). - scsi: qla2xxx: Move free of fcport out of interrupt context (bsc#1157424). - scsi: qla2xxx: Print portname for logging in qla24xx_logio_entry() (bsc#1157424). - scsi: qla2xxx: Remove restriction of FC T10-PI and FC-NVMe (bsc#1157424). - scsi: qla2xxx: Return appropriate failure through BSG Interface (bsc#1157424). - scsi: qla2xxx: Save rscn_gen for new fcport (bsc#1157424). - scsi: qla2xxx: Serialize fc_port alloc in N2N (bsc#1157424). - scsi: qla2xxx: Set Nport ID for N2N (bsc#1157424). - scsi: qla2xxx: Show correct port speed capabilities for RDP command (bsc#1157424). - scsi: qla2xxx: Simplify the code for aborting SCSI commands (bsc#1157424). - scsi: qla2xxx: Suppress endianness complaints in qla2x00_configure_local_loop() (bsc#1157424). - scsi: qla2xxx: Update BPM enablement semantics (bsc#1157424). - scsi: qla2xxx: Update driver version to 10.01.00.24-k (bsc#1157424). - scsi: qla2xxx: Update driver version to 10.01.00.25-k (bsc#1157424). - scsi: qla2xxx: Use a dedicated interrupt handler for 'handshake-required' ISPs (bsc#1157424). - scsi: qla2xxx: Use correct ISP28xx active FW region (bsc#1157424). - scsi: qla2xxx: Use endian macros to assign static fields in fwdump header (bsc#1157424). - scsi: qla2xxx: Use FC generic update firmware options routine for ISP27xx (bsc#1157424). - scsi: qla2xxx: Use QLA_FW_STOPPED macro to propagate flag (bsc#1157424). - scsi: tcm_qla2xxx: Make qlt_alloc_qfull_cmd() set cmd->se_cmd.map_tag (bsc#1157424). - scsi: zfcp: fix missing erp_lock in port recovery trigger for point-to-point (git-fixes). - sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY (networking-stable-20_01_11). - sctp: move the format error check out of __sctp_sf_do_9_1_abort (networking-stable-20_03_01). - serdev: ttyport: restore client ops on deregistration (bsc#1051510). - smb3: add debug messages for closing unmatched open (bsc#1144333). - smb3: Add defines for new information level, FileIdInformation (bsc#1144333). - smb3: add dynamic tracepoints for flush and close (bsc#1144333). - smb3: add missing flag definitions (bsc#1144333). - smb3: Add missing reparse tags (bsc#1144333). - smb3: add missing worker function for SMB3 change notify (bsc#1144333). - smb3: add mount option to allow forced caching of read only share (bsc#1144333). - smb3: add mount option to allow RW caching of share accessed by only 1 client (bsc#1144333). - smb3: add one more dynamic tracepoint missing from strict fsync path (bsc#1144333). - smb3: add some more descriptive messages about share when mounting cache=ro (bsc#1144333). - smb3: allow decryption keys to be dumped by admin for debugging (bsc#1144333). - smb3: allow disabling requesting leases (bsc#1144333). - smb3: allow parallelizing decryption of reads (bsc#1144333). - smb3: allow skipping signature verification for perf sensitive configurations (bsc#1144333). - SMB3: Backup intent flag missing from some more ops (bsc#1144333). - smb3: cleanup some recent endian errors spotted by updated sparse (bsc#1144333). - smb3: display max smb3 requests in flight at any one time (bsc#1144333). - smb3: dump in_send and num_waiters stats counters by default (bsc#1144333). - smb3: enable offload of decryption of large reads via mount option (bsc#1144333). - smb3: fix default permissions on new files when mounting with modefromsid (bsc#1144333). - smb3: fix mode passed in on create for modetosid mount option (bsc#1144333). - smb3: fix performance regression with setting mtime (bsc#1144333). - smb3: fix potential null dereference in decrypt offload (bsc#1144333). - smb3: fix problem with null cifs super block with previous patch (bsc#1144333). - smb3: Fix regression in time handling (bsc#1144333). - smb3: improve check for when we send the security descriptor context on create (bsc#1144333). - smb3: log warning if CSC policy conflicts with cache mount option (bsc#1144333). - smb3: missing ACL related flags (bsc#1144333). - smb3: only offload decryption of read responses if multiple requests (bsc#1144333). - smb3: pass mode bits into create calls (bsc#1144333). - smb3: print warning once if posix context returned on open (bsc#1144333). - smb3: query attributes on file close (bsc#1144333). - smb3: remove noisy debug message and minor cleanup (bsc#1144333). - smb3: remove unused flag passed into close functions (bsc#1144333). - staging: ccree: use signal safe completion wait (git-fixes). - staging: rtl8188eu: Add ASUS USB-N10 Nano B1 to device table (bsc#1051510). - staging: rtl8188eu: Fix potential overuse of kernel memory (bsc#1051510). - staging: rtl8188eu: Fix potential security hole (bsc#1051510). - staging: rtl8723bs: Fix potential overuse of kernel memory (bsc#1051510). - staging: rtl8723bs: Fix potential security hole (bsc#1051510). - staging: vt6656: fix sign of rx_dbm to bb_pre_ed_rssi (bsc#1051510). - staging: wlan-ng: fix ODEBUG bug in prism2sta_disconnect_usb (bsc#1051510). - staging: wlan-ng: fix use-after-free Read in hfa384x_usbin_callback (bsc#1051510). - SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202). - tcp_bbr: improve arithmetic division in bbr_update_bw() (networking-stable-20_01_27). - tcp: clear tp->data_segs{in|out} in tcp_disconnect() (networking-stable-20_02_05). - tcp: clear tp->delivered in tcp_disconnect() (networking-stable-20_02_05). - tcp: clear tp->segs_{in|out} in tcp_disconnect() (networking-stable-20_02_05). - tcp: clear tp->total_retrans in tcp_disconnect() (networking-stable-20_02_05). - tcp: fix marked lost packets not being retransmitted (networking-stable-20_01_20). - tcp: fix 'old stuff' D-SACK causing SACK to be treated as D-SACK (networking-stable-20_01_11). - thermal: devfreq_cooling: inline all stubs for CONFIG_DEVFREQ_THERMAL=n (bsc#1051510). - thunderbolt: Prevent crash if non-active NVMem file is read (git-fixes). - tick: broadcast-hrtimer: Fix a race in bc_set_next (bsc#1044231). - tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure (git-fixes). - tools: Update include/uapi/linux/fcntl.h copy from the kernel (bsc#1166003). - tpm: ibmvtpm: Wait for buffer to be set before proceeding (bsc#1065729). - tty: evh_bytechan: Fix out of bounds accesses (bsc#1051510). - ttyprintk: fix a potential deadlock in interrupt context issue (git-fixes). - tty/serial: atmel: manage shutdown in case of RS485 or ISO7816 mode (bsc#1051510). - tty: serial: imx: setup the correct sg entry for tx dma (bsc#1051510). - USB: cdc-acm: fix rounding error in TIOCSSERIAL (git-fixes). - USB: core: add endpoint-blacklist quirk (git-fixes). - USB: core: hub: do error out if usb_autopm_get_interface() fails (git-fixes). - USB: core: port: do error out if usb_autopm_get_interface() fails (git-fixes). - USB: Disable LPM on WD19's Realtek Hub (git-fixes). - USB: dwc2: Fix in ISOC request length checking (git-fixes). - USB: Fix novation SourceControl XL after suspend (git-fixes). - USB: gadget: composite: Fix bMaxPower for SuperSpeedPlus (git-fixes). - USB: gadget: f_fs: Fix use after free issue as part of queue failure (bsc#1051510). - USB: host: xhci-plat: add a shutdown (git-fixes). - USB: host: xhci: update event ring dequeue pointer on purpose (git-fixes). - USB: hub: Do not record a connect-change event during reset-resume (git-fixes). - usbip: Fix uninitialized symbol 'nents' in stub_recv_cmd_submit() (git-fixes). - USB: misc: iowarrior: add support for 2 OEMed devices (git-fixes). - USB: misc: iowarrior: add support for the 100 device (git-fixes). - USB: misc: iowarrior: add support for the 28 and 28L devices (git-fixes). - USB: musb: Disable pullup at init (git-fixes). - USB: musb: fix crash with highmen PIO and usbmon (bsc#1051510). - USB: quirks: add NO_LPM quirk for Logitech Screen Share (git-fixes). - USB: quirks: add NO_LPM quirk for RTL8153 based ethernet adapters (git-fixes). - USB: quirks: blacklist duplicate ep on Sound Devices USBPre2 (git-fixes). - USB: serial: io_edgeport: fix slab-out-of-bounds read in edge_interrupt_callback (bsc#1051510). - USB: serial: option: add ME910G1 ECM composition 0x110b (git-fixes). - USB: serial: pl2303: add device-id for HP LD381 (git-fixes). - USB: storage: Add quirk for Samsung Fit flash (git-fixes). - USB: uas: fix a plug & unplug racing (git-fixes). - USB: xhci: apply XHCI_SUSPEND_DELAY to AMD XHCI controller 1022:145c (git-fixes). - uvcvideo: Refactor teardown of uvc on USB disconnect (bsc#1164507) - vgacon: Fix a UAF in vgacon_invert_region (bsc#1114279) - virtio-blk: fix hw_queue stopped on arbitrary error (git-fixes). - vlan: fix memory leak in vlan_dev_set_egress_priority (networking-stable-20_01_11). - vlan: vlan_changelink() should propagate errors (networking-stable-20_01_11). - vxlan: fix tos value before xmit (networking-stable-20_01_11). - x86/cpu/amd: Enable the fixed Instructions Retired counter IRPERF (bsc#1114279). - x86/mce/amd: Fix kobject lifetime (bsc#1114279). - x86/mce/amd: Publish the bank pointer only after setup has succeeded (bsc#1114279). - x86/mce: Fix logic and comments around MSR_PPIN_CTL (bsc#1114279). - x86/mm: Split vmalloc_sync_all() (bsc#1165741). - x86/pkeys: Manually set X86_FEATURE_OSPKE to preserve existing changes (bsc#1114279). - x86/xen: fix booting 32-bit pv guest (bsc#1071995). - x86/xen: Make the boot CPU idle task reliable (bsc#1071995). - x86/xen: Make the secondary CPU idle tasks reliable (bsc#1071995). - xen/blkfront: fix memory allocation flags in blkfront_setup_indirect() (bsc#1168486). - xfs: also remove cached ACLs when removing the underlying attr (bsc#1165873). - xfs: bulkstat should copy lastip whenever userspace supplies one (bsc#1165984). - xhci: apply XHCI_PME_STUCK_QUIRK to Intel Comet Lake platforms (git-fixes). - xhci: Do not open code __print_symbolic() in xhci trace events (git-fixes). - xhci: fix runtime pm enabling for quirky Intel hosts (bsc#1051510). - xhci: Force Maximum Packet size for Full-speed bulk devices to valid range (bsc#1051510). Important SUSE bug 1044231 SUSE bug 1050549 SUSE bug 1051510 SUSE bug 1051858 SUSE bug 1056686 SUSE bug 1060463 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1083647 SUSE bug 1085030 SUSE bug 1104967 SUSE bug 1109911 SUSE bug 1111666 SUSE bug 1114279 SUSE bug 1118338 SUSE bug 1120386 SUSE bug 1133021 SUSE bug 1136157 SUSE bug 1137325 SUSE bug 1144333 SUSE bug 1145051 SUSE bug 1145929 SUSE bug 1146539 SUSE bug 1148868 SUSE bug 1154385 SUSE bug 1157424 SUSE bug 1158552 SUSE bug 1158983 SUSE bug 1159037 SUSE bug 1159142 SUSE bug 1159198 SUSE bug 1159199 SUSE bug 1159285 SUSE bug 1160659 SUSE bug 1161951 SUSE bug 1162929 SUSE bug 1162931 SUSE bug 1163403 SUSE bug 1163508 SUSE bug 1163897 SUSE bug 1164078 SUSE bug 1164284 SUSE bug 1164507 SUSE bug 1164893 SUSE bug 1165019 SUSE bug 1165111 SUSE bug 1165182 SUSE bug 1165404 SUSE bug 1165488 SUSE bug 1165527 SUSE bug 1165741 SUSE bug 1165813 SUSE bug 1165873 SUSE bug 1165949 SUSE bug 1165984 SUSE bug 1165985 SUSE bug 1166003 SUSE bug 1166101 SUSE bug 1166102 SUSE bug 1166103 SUSE bug 1166104 SUSE bug 1166632 SUSE bug 1166730 SUSE bug 1166731 SUSE bug 1166732 SUSE bug 1166733 SUSE bug 1166734 SUSE bug 1166735 SUSE bug 1166780 SUSE bug 1166860 SUSE bug 1166861 SUSE bug 1166862 SUSE bug 1166864 SUSE bug 1166866 SUSE bug 1166867 SUSE bug 1166868 SUSE bug 1166870 SUSE bug 1166940 SUSE bug 1167005 SUSE bug 1167288 SUSE bug 1167290 SUSE bug 1167316 SUSE bug 1167421 SUSE bug 1167423 SUSE bug 1167629 SUSE bug 1168075 SUSE bug 1168202 SUSE bug 1168276 SUSE bug 1168295 SUSE bug 1168424 SUSE bug 1168443 SUSE bug 1168486 SUSE bug 1168760 SUSE bug 1168762 SUSE bug 1168763 SUSE bug 1168764 SUSE bug 1168765 SUSE bug 1168829 SUSE bug 1168854 SUSE bug 1168881 SUSE bug 1168884 SUSE bug 1168952 SUSE bug 1169057 SUSE bug 1169390 SUSE bug 1169514 SUSE bug 1169625 CVE-2019-19768 CVE-2019-19770 CVE-2019-3701 CVE-2019-9458 CVE-2020-10942 CVE-2020-11494 CVE-2020-11669 CVE-2020-8647 CVE-2020-8649 CVE-2020-8834 CVE-2020-9383 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for webkit2gtk3 to version 2.28.1 fixes the following issues: Security issues fixed: - CVE-2020-10018: Fixed a denial of service because the m_deferredFocusedNodeChange data structure was mishandled (bsc#1165528). - CVE-2020-11793: Fixed a potential arbitrary code execution caused by a use-after-free vulnerability (bsc#1169658). - CVE-2019-8835: Fixed multiple memory corruption issues (bsc#1161719). - CVE-2019-8844: Fixed multiple memory corruption issues (bsc#1161719). - CVE-2019-8846: Fixed a use-after-free issue (bsc#1161719). - CVE-2020-3862: Fixed a memory handling issue (bsc#1163809). - CVE-2020-3867: Fixed an XSS issue (bsc#1163809). - CVE-2020-3868: Fixed multiple memory corruption issues that could have lead to arbitrary code execution (bsc#1163809). - CVE-2020-3864,CVE-2020-3865: Fixed logic issues in the DOM object context handling (bsc#1163809). Non-security issues fixed: - Add API to enable Process Swap on (Cross-site) Navigation. - Add user messages API for the communication with the web extension. - Add support for same-site cookies. - Service workers are enabled by default. - Add support for Pointer Lock API. - Add flatpak sandbox support. - Make ondemand hardware acceleration policy never leave accelerated compositing mode. - Always use a light theme for rendering form controls. - Add about:gpu to show information about the graphics stack. - Fixed issues while trying to play a video on NextCloud. - Fixed vertical alignment of text containing arabic diacritics. - Fixed build with icu 65.1. - Fixed page loading errors with websites using HSTS. - Fixed web process crash when displaying a KaTeX formula. - Fixed several crashes and rendering issues. - Switched to a single web process for Evolution and geary (bsc#1159329). Important SUSE bug 1155321 SUSE bug 1156318 SUSE bug 1159329 SUSE bug 1161719 SUSE bug 1163809 SUSE bug 1165528 SUSE bug 1169658 CVE-2019-8625 CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2020-10018 CVE-2020-11793 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xen fixes the following issues: Security issues fixed: - CVE-2020-11742: Bad continuation handling in GNTTABOP_copy (bsc#1169392). - CVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple xenoprof issues (bsc#1168140). - CVE-2020-11739: Missing memory barriers in read-write unlock paths (bsc#1168142). - CVE-2020-11743: Bad error path in GNTTABOP_map_grant (bsc#1168143). - CVE-2020-7211: Fixed potential directory traversal using relative paths via tftp server on Windows host (bsc#1161181). - arm: a CPU may speculate past the ERET instruction (bsc#1160932). Non-security issues fixed: - Xenstored Crashed during VM install (bsc#1167152) - DomU hang: soft lockup CPU #0 stuck under high load (bsc#1165206, bsc#1134506) - Update API compatibility versions, fixes issues for libvirt. (bsc#1167007, bsc#1157490) - aacraid blocks xen commands (bsc#1155200) Important SUSE bug 1027519 SUSE bug 1155200 SUSE bug 1160932 SUSE bug 1161181 SUSE bug 1167152 SUSE bug 1168140 SUSE bug 1168142 SUSE bug 1168143 SUSE bug 1169392 CVE-2020-11739 CVE-2020-11740 CVE-2020-11741 CVE-2020-11742 CVE-2020-11743 CVE-2020-7211 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-8834: KVM on Power8 processors had a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability to run code in kernel space of a guest VM can cause the host kernel to panic (bnc#1168276). - CVE-2020-11494: An issue was discovered in slc_bump in drivers/net/can/slcan.c, which allowed attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL (bnc#1168424). - CVE-2020-10942: In get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls (bnc#1167629). - CVE-2019-9458: In the video driver there was a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed (bnc#1168295). - CVE-2019-3701: Fixed an issue in can_can_gw_rcv, which could cause a system crash (bnc#1120386). - CVE-2019-19770: Fixed a use-after-free in the debugfs_remove function (bsc#1159198). - CVE-2020-11669: Fixed an issue where arch/powerpc/kernel/idle_book3s.S did not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR (bnc#1169390). - CVE-2020-8647: There was a use-after-free vulnerability in the vc_do_resize function in drivers/tty/vt/vt.c (bnc#1162929). - CVE-2020-8649: There was a use-after-free vulnerability in the vgacon_invert_region function in drivers/video/console/vgacon.c (bnc#1162931). - CVE-2020-9383: An issue was discovered set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it (bnc#1165111). - CVE-2019-19768: Fixed a use-after-free in the __blk_add_trace function in kernel/trace/blktrace.c (bnc#1159285). The following non-security bugs were fixed: - ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro (bsc#1051510). - ACPI: watchdog: Fix gas->access_width usage (bsc#1051510). - ALSA: ali5451: remove redundant variable capture_flag (bsc#1051510). - ALSA: core: Replace zero-length array with flexible-array member (bsc#1051510). - ALSA: emu10k1: Fix endianness annotations (bsc#1051510). - ALSA: hda/ca0132 - Replace zero-length array with flexible-array member (bsc#1051510). - ALSA: hda_codec: Replace zero-length array with flexible-array member (bsc#1051510). - ALSA: hda: Fix potential access overflow in beep helper (bsc#1051510). - ALSA: hda/realtek: Fix pop noise on ALC225 (git-fixes). - ALSA: hda/realtek - Set principled PC Beep configuration for ALC256 (bsc#1051510). - ALSA: hda: remove redundant assignment to variable timeout (bsc#1051510). - ALSA: hda: Use scnprintf() for string truncation (bsc#1051510). - ALSA: hdsp: remove redundant assignment to variable err (bsc#1051510). - ALSA: ice1724: Fix invalid access for enumerated ctl items (bsc#1051510). - ALSA: info: remove redundant assignment to variable c (bsc#1051510). - ALSA: korg1212: fix if-statement empty body warnings (bsc#1051510). - ALSA: line6: Fix endless MIDI read loop (git-fixes). - ALSA: pcm: oss: Avoid plugin buffer overflow (git-fixes). - ALSA: pcm: oss: Fix regression by buffer overflow fix (bsc#1051510). - ALSA: pcm: oss: Remove WARNING from snd_pcm_plug_alloc() checks (git-fixes). - ALSA: seq: oss: Fix running status after receiving sysex (git-fixes). - ALSA: seq: virmidi: Fix running status after receiving sysex (git-fixes). - ALSA: usx2y: Adjust indentation in snd_usX2Y_hwdep_dsp_status (bsc#1051510). - ALSA: via82xx: Fix endianness annotations (bsc#1051510). - ASoC: dapm: Correct DAPM handling of active widgets during shutdown (bsc#1051510). - ASoC: Intel: atom: Take the drv->lock mutex before calling sst_send_slot_map() (bsc#1051510). - ASoC: Intel: mrfld: fix incorrect check on p->sink (bsc#1051510). - ASoC: Intel: mrfld: return error codes when an error occurs (bsc#1051510). - ASoC: jz4740-i2s: Fix divider written at incorrect offset in register (bsc#1051510). - ASoC: pcm512x: Fix unbalanced regulator enable call in probe error path (bsc#1051510). - ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output (bsc#1051510). - ASoC: pcm: update FE/BE trigger order based on the command (bsc#1051510). - ASoC: sun8i-codec: Remove unused dev from codec struct (bsc#1051510). - ASoC: topology: Fix memleak in soc_tplg_link_elems_load() (bsc#1051510). - ath9k: Handle txpower changes even when TPC is disabled (bsc#1051510). - atm: zatm: Fix empty body Clang warnings (bsc#1051510). - atomic: Add irqsave variant of atomic_dec_and_lock() (bsc#1166003). - b43legacy: Fix -Wcast-function-type (bsc#1051510). - batman-adv: Avoid spurious warnings from bat_v neigh_cmp implementation (bsc#1051510). - batman-adv: Do not schedule OGM for disabled interface (bsc#1051510). - batman-adv: prevent TT request storms by not sending inconsistent TT TLVLs (bsc#1051510). - blk: Fix kabi due to blk_trace_mutex addition (bsc#1159285). - blk-mq: Allow blocking queue tag iter callbacks (bsc#1167316). - blktrace: fix dereference after null check (bsc#1159285). - blktrace: fix trace mutex deadlock (bsc#1159285). - block: allow gendisk's request_queue registration to be (bsc#1104967,bsc#1159142). - block, bfq: fix use-after-free in bfq_idle_slice_timer_body (bsc#1168760). - block: keep bdi->io_pages in sync with max_sectors_kb for stacked devices (bsc#1168762). - Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl (bsc#1051510). - bnxt_en: Fix TC queue mapping (networking-stable-20_02_05). - bonding/alb: properly access headers in bond_alb_xmit() (networking-stable-20_02_09). - bpf: Explicitly memset some bpf info structures declared on the stack (bsc#1083647). - bpf: Explicitly memset the bpf_attr structure (bsc#1083647). - bpf: fix ldx in ld_abs rewrite for large offsets (bsc#1154385). - bpf: implement ld_abs/ld_ind in native bpf (bsc#1154385). - bpf: make unknown opcode handling more robust (bsc#1154385). - bpf: prefix cbpf internal helpers with bpf_ (bsc#1154385). - bpf, x64: remove ld_abs/ld_ind (bsc#1154385). - bpf, x64: save several bytes by using mov over movabsq when possible (bsc#1154385). - btrfs: Account for trans_block_rsv in may_commit_transaction (bsc#1165949). - btrfs: add a flush step for delayed iputs (bsc#1165949). - btrfs: add assertions for releasing trans handle reservations (bsc#1165949). - btrfs: add btrfs_delete_ref_head helper (bsc#1165949). - btrfs: add enospc debug messages for ticket failure (bsc#1165949). - btrfs: Add enospc_debug printing in metadata_reserve_bytes (bsc#1165949). - btrfs: add new flushing states for the delayed refs rsv (bsc#1165949). - btrfs: add space reservation tracepoint for reserved bytes (bsc#1165949). - btrfs: allow us to use up to 90% of the global rsv for unlink (bsc#1165949). - btrfs: always reserve our entire size for the global reserve (bsc#1165949). - btrfs: assert on non-empty delayed iputs (bsc##1165949). - btrfs: be more explicit about allowed flush states (bsc#1165949). - btrfs: call btrfs_create_pending_block_groups unconditionally (bsc#1165949). - btrfs: catch cow on deleting snapshots (bsc#1165949). - btrfs: change the minimum global reserve size (bsc#1165949). - btrfs: check if there are free block groups for commit (bsc#1165949). - btrfs: clean up error handling in btrfs_truncate() (bsc#1165949). - btrfs: cleanup extent_op handling (bsc#1165949). - btrfs: cleanup root usage by btrfs_get_alloc_profile (bsc#1165949). - btrfs: cleanup the target logic in __btrfs_block_rsv_release (bsc#1165949). - btrfs: clear space cache inode generation always (bsc#1165949). - btrfs: delayed-ref: pass delayed_refs directly to btrfs_delayed_ref_lock (bsc#1165949). - btrfs: do not account global reserve in can_overcommit (bsc#1165949). - btrfs: do not allow reservations if we have pending tickets (bsc#1165949). - btrfs: do not call btrfs_start_delalloc_roots in flushoncommit (bsc#1165949). - btrfs: do not end the transaction for delayed refs in throttle (bsc#1165949). - btrfs: do not enospc all tickets on flush failure (bsc#1165949). - btrfs: do not run delayed_iputs in commit (bsc##1165949). - btrfs: do not run delayed refs in the end transaction logic (bsc#1165949). - btrfs: do not use ctl->free_space for max_extent_size (bsc##1165949). - btrfs: do not use global reserve for chunk allocation (bsc#1165949). - btrfs: drop min_size from evict_refill_and_join (bsc##1165949). - btrfs: drop unused space_info parameter from create_space_info (bsc#1165949). - btrfs: dump block_rsv details when dumping space info (bsc#1165949). - btrfs: export block group accounting helpers (bsc#1165949). - btrfs: export block_rsv_use_bytes (bsc#1165949). - btrfs: export btrfs_block_rsv_add_bytes (bsc#1165949). - btrfs: export __btrfs_block_rsv_release (bsc#1165949). - btrfs: export space_info_add_*_bytes (bsc#1165949). - btrfs: export the block group caching helpers (bsc#1165949). - btrfs: export the caching control helpers (bsc#1165949). - btrfs: export the excluded extents helpers (bsc#1165949). - btrfs: extent-tree: Add lockdep assert when updating space info (bsc#1165949). - btrfs: extent-tree: Add trace events for space info numbers update (bsc#1165949). - btrfs: extent-tree: Detect bytes_may_use underflow earlier (bsc#1165949). - btrfs: extent-tree: Detect bytes_pinned underflow earlier (bsc#1165949). - btrfs: factor out the ticket flush handling (bsc#1165949). - btrfs: fix btrfs_wait_ordered_range() so that it waits for all ordered extents (bsc#1163508). - btrfs: fix insert_reserved error handling (bsc##1165949). - btrfs: fix may_commit_transaction to deal with no partial filling (bsc#1165949). - btrfs: fix missing delayed iputs on unmount (bsc#1165949). - btrfs: fix panic during relocation after ENOSPC before writeback happens (bsc#1163508). - btrfs: fix qgroup double free after failure to reserve metadata for delalloc (bsc#1165949). - btrfs: fix race leading to metadata space leak after task received signal (bsc#1165949). - btrfs: fix truncate throttling (bsc#1165949). - btrfs: force chunk allocation if our global rsv is larger than metadata (bsc#1165949). - btrfs: Improve global reserve stealing logic (bsc#1165949). - btrfs: introduce an evict flushing state (bsc#1165949). - btrfs: introduce delayed_refs_rsv (bsc#1165949). - btrfs: loop in inode_rsv_refill (bsc#1165949). - btrfs: make btrfs_destroy_delayed_refs use btrfs_delayed_ref_lock (bsc#1165949). - btrfs: make btrfs_destroy_delayed_refs use btrfs_delete_ref_head (bsc#1165949). - btrfs: make caching_thread use btrfs_find_next_key (bsc#1165949). - btrfs: migrate btrfs_trans_release_chunk_metadata (bsc#1165949). - btrfs: migrate inc/dec_block_group_ro code (bsc#1165949). - btrfs: migrate nocow and reservation helpers (bsc#1165949). - btrfs: migrate the alloc_profile helpers (bsc#1165949). - btrfs: migrate the block group caching code (bsc#1165949). - btrfs: migrate the block group cleanup code (bsc#1165949). - btrfs: migrate the block group lookup code (bsc#1165949). - btrfs: migrate the block group read/creation code (bsc#1165949). - btrfs: migrate the block group ref counting stuff (bsc#1165949). - btrfs: migrate the block group removal code (bsc#1165949). - btrfs: migrate the block group space accounting helpers (bsc#1165949). - btrfs: migrate the block-rsv code to block-rsv.c (bsc#1165949). - btrfs: migrate the chunk allocation code (bsc#1165949). - btrfs: migrate the delalloc space stuff to it's own home (bsc#1165949). - btrfs: migrate the delayed refs rsv code (bsc#1165949). - btrfs: migrate the dirty bg writeout code (bsc#1165949). - btrfs: migrate the global_block_rsv helpers to block-rsv.c (bsc#1165949). - btrfs: move and export can_overcommit (bsc#1165949). - btrfs: move basic block_group definitions to their own header (bsc#1165949). - btrfs: move btrfs_add_free_space out of a header file (bsc#1165949). - btrfs: move btrfs_block_rsv definitions into it's own header (bsc#1165949). - btrfs: move btrfs_raid_group values to btrfs_raid_attr table (bsc#1165949). - btrfs: move btrfs_space_info_add_*_bytes to space-info.c (bsc#1165949). - btrfs: move dump_space_info to space-info.c (bsc#1165949). - btrfs: move reserve_metadata_bytes and supporting code to space-info.c (bsc#1165949). - btrfs: move space_info to space-info.h (bsc#1165949). - btrfs: move the space_info handling code to space-info.c (bsc#1165949). - btrfs: move the space info update macro to space-info.h (bsc#1165949). - btrfs: move the subvolume reservation stuff out of extent-tree.c (bsc#1165949). - btrfs: only check delayed ref usage in should_end_transaction (bsc#1165949). - btrfs: only check priority tickets for priority flushing (bsc#1165949). - btrfs: only free reserved extent if we didn't insert it (bsc##1165949). - btrfs: only reserve metadata_size for inodes (bsc#1165949). - btrfs: only track ref_heads in delayed_ref_updates (bsc#1165949). - btrfs: Output ENOSPC debug info in inc_block_group_ro (bsc#1165949). - btrfs: pass root to various extent ref mod functions (bsc#1165949). - btrfs: refactor block group replication factor calculation to a helper (bsc#1165949). - btrfs: refactor priority_reclaim_metadata_space (bsc#1165949). - btrfs: refactor the ticket wakeup code (bsc#1165949). - btrfs: release metadata before running delayed refs (bsc##1165949). - btrfs: Remove btrfs_inode::delayed_iput_count (bsc#1165949). - btrfs: Remove fs_info from do_chunk_alloc (bsc#1165949). - btrfs: remove orig_bytes from reserve_ticket (bsc#1165949). - btrfs: Remove redundant argument of flush_space (bsc#1165949). - btrfs: rename btrfs_space_info_add_old_bytes (bsc#1165949). - btrfs: rename do_chunk_alloc to btrfs_chunk_alloc (bsc#1165949). - btrfs: rename the btrfs_calc_*_metadata_size helpers (bsc#1165949). - btrfs: replace cleaner_delayed_iput_mutex with a waitqueue (bsc#1165949). - btrfs: reserve delalloc metadata differently (bsc#1165949). - btrfs: reserve extra space during evict (bsc#1165949). - btrfs: reset max_extent_size on clear in a bitmap (bsc##1165949). - btrfs: reset max_extent_size properly (bsc##1165949). - btrfs: rework btrfs_check_space_for_delayed_refs (bsc#1165949). - btrfs: rework wake_all_tickets (bsc#1165949). - btrfs: roll tracepoint into btrfs_space_info_update helper (bsc#1165949). - btrfs: run btrfs_try_granting_tickets if a priority ticket fails (bsc#1165949). - btrfs: run delayed iput at unlink time (bsc#1165949). - btrfs: run delayed iputs before committing (bsc#1165949). - btrfs: set max_extent_size properly (bsc##1165949). - btrfs: stop partially refilling tickets when releasing space (bsc#1165949). - btrfs: stop using block_rsv_release_bytes everywhere (bsc#1165949). - btrfs: temporarily export btrfs_get_restripe_target (bsc#1165949). - btrfs: temporarily export fragment_free_space (bsc#1165949). - btrfs: temporarily export inc_block_group_ro (bsc#1165949). - btrfs: track DIO bytes in flight (bsc#1165949). - btrfs: unexport can_overcommit (bsc#1165949). - btrfs: unexport the temporary exported functions (bsc#1165949). - btrfs: unify error handling for ticket flushing (bsc#1165949). - btrfs: update may_commit_transaction to use the delayed refs rsv (bsc#1165949). - btrfs: use btrfs_try_granting_tickets in update_global_rsv (bsc#1165949). - btrfs: wait on caching when putting the bg cache (bsc#1165949). - btrfs: wait on ordered extents on abort cleanup (bsc#1165949). - btrfs: wakeup cleaner thread when adding delayed iput (bsc#1165949). - ceph: canonicalize server path in place (bsc#1168443). - ceph: remove the extra slashes in the server path (bsc#1168443). - cfg80211: check reg_rule for NULL in handle_channel_custom() (bsc#1051510). - cfg80211: check wiphy driver existence for drvinfo report (bsc#1051510). - cgroup: memcg: net: do not associate sock with unrelated cgroup (bsc#1167290). - cifs: add a debug macro that prints \\server\share for errors (bsc#1144333). - cifs: add missing mount option to /proc/mounts (bsc#1144333). - cifs: add new debugging macro cifs_server_dbg (bsc#1144333). - cifs: add passthrough for smb2 setinfo (bsc#1144333). - cifs: add SMB2_open() arg to return POSIX data (bsc#1144333). - cifs: add smb2 POSIX info level (bsc#1144333). - cifs: add SMB3 change notification support (bsc#1144333). - cifs: add support for fallocate mode 0 for non-sparse files (bsc#1144333). - cifs: Add support for setting owner info, dos attributes, and create time (bsc#1144333). - cifs: Add tracepoints for errors on flush or fsync (bsc#1144333). - cifs: Adjust indentation in smb2_open_file (bsc#1144333). - cifs: allow chmod to set mode bits using special sid (bsc#1144333). - cifs: Avoid doing network I/O while holding cache lock (bsc#1144333). - cifs: call wake_up(&server->response_q) inside of cifs_reconnect() (bsc#1144333). - cifs: Clean up DFS referral cache (bsc#1144333). - cifs: create a helper function to parse the query-directory response buffer (bsc#1144333). - cifs: do d_move in rename (bsc#1144333). - cifs: Do not display RDMA transport on reconnect (bsc#1144333). - cifs: do not ignore the SYNC flags in getattr (bsc#1144333). - cifs: do not leak -EAGAIN for stat() during reconnect (bsc#1144333). - cifs: do not use 'pre:' for MODULE_SOFTDEP (bsc#1144333). - cifs: enable change notification for SMB2.1 dialect (bsc#1144333). - cifs: fail i/o on soft mounts if sessionsetup errors out (bsc#1144333). - cifs: fix a comment for the timeouts when sending echos (bsc#1144333). - cifs: fix a white space issue in cifs_get_inode_info() (bsc#1144333). - cifs: fix dereference on ses before it is null checked (bsc#1144333). - cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1144333). - cifs: fix mode bits from dir listing when mounted with modefromsid (bsc#1144333). - cifs: Fix mode output in debugging statements (bsc#1144333). - cifs: Fix mount options set in automount (bsc#1144333). - cifs: fix NULL dereference in match_prepath (bsc#1144333). - cifs: Fix potential deadlock when updating vol in cifs_reconnect() (bsc#1144333). - cifs: fix potential mismatch of UNC paths (bsc#1144333). - cifs: fix rename() by ensuring source handle opened with DELETE bit (bsc#1144333). - cifs: Fix return value in __update_cache_entry (bsc#1144333). - cifs: fix soft mounts hanging in the reconnect code (bsc#1144333). - cifs: fix soft mounts hanging in the reconnect code (bsc#1144333). - cifs: Fix task struct use-after-free on reconnect (bsc#1144333). - cifs: fix unitialized variable poential problem with network I/O cache lock patch (bsc#1144333). - cifs: get mode bits from special sid on stat (bsc#1144333). - cifs: Get rid of kstrdup_const()'d paths (bsc#1144333). - cifs: handle prefix paths in reconnect (bsc#1144333). - cifs: ignore cached share root handle closing errors (bsc#1166780). - cifs: Introduce helpers for finding TCP connection (bsc#1144333). - cifs: log warning message (once) if out of disk space (bsc#1144333). - cifs: make sure we do not overflow the max EA buffer size (bsc#1144333). - cifs: make use of cap_unix(ses) in cifs_reconnect_tcon() (bsc#1144333). - cifs: Merge is_path_valid() into get_normalized_path() (bsc#1144333). - cifs: modefromsid: make room for 4 ACE (bsc#1144333). - cifs: modefromsid: write mode ACE first (bsc#1144333). - cifs: Optimize readdir on reparse points (bsc#1144333). - cifs: plumb smb2 POSIX dir enumeration (bsc#1144333). - cifs: potential unintitliazed error code in cifs_getattr() (bsc#1144333). - cifs: prepare SMB2_query_directory to be used with compounding (bsc#1144333). - cifs: print warning once if mounting with vers=1.0 (bsc#1144333). - cifs: refactor cifs_get_inode_info() (bsc#1144333). - cifs: remove redundant assignment to pointer pneg_ctxt (bsc#1144333). - cifs: remove redundant assignment to variable rc (bsc#1144333). - cifs: remove set but not used variables (bsc#1144333). - cifs: remove set but not used variable 'server' (bsc#1144333). - cifs: remove unused variable (bsc#1144333). - cifs: remove unused variable 'sid_user' (bsc#1144333). - cifs: rename a variable in SendReceive() (bsc#1144333). - cifs: rename posix create rsp (bsc#1144333). - cifs: replace various strncpy with strscpy and similar (bsc#1144333). - cifs: Return directly after a failed build_path_from_dentry() in cifs_do_create() (bsc#1144333). - cifs: set correct max-buffer-size for smb2_ioctl_init() (bsc#1144333). - cifs: smbd: Add messages on RDMA session destroy and reconnection (bsc#1144333). - cifs: smbd: Invalidate and deregister memory registration on re-send for direct I/O (bsc#1144333). - cifs: smbd: Only queue work for error recovery on memory registration (bsc#1144333). - cifs: smbd: Return -EAGAIN when transport is reconnecting (bsc#1144333). - cifs: smbd: Return -ECONNABORTED when trasnport is not in connected state (bsc#1144333). - cifs: smbd: Return -EINVAL when the number of iovs exceeds SMBDIRECT_MAX_SGE (bsc#1144333). - cifs: Use common error handling code in smb2_ioctl_query_info() (bsc#1144333). - cifs: use compounding for open and first query-dir for readdir() (bsc#1144333). - cifs: Use #define in cifs_dbg (bsc#1144333). - cifs: Use memdup_user() rather than duplicating its implementation (bsc#1144333). - cifs: use mod_delayed_work() for &server->reconnect if already queued (bsc#1144333). - cifs: use PTR_ERR_OR_ZERO() to simplify code (bsc#1144333). - clk: qcom: rcg: Return failure for RCG update (bsc#1051510). - cls_rsvp: fix rsvp_policy (networking-stable-20_02_05). - configfs: Fix bool initialization/comparison (bsc#1051510). - cpufreq: powernv: Fix unsafe notifiers (bsc#1065729). - cpufreq: powernv: Fix use-after-free (bsc#1065729). - cpufreq: Register drivers only after CPU devices have been registered (bsc#1051510). - cpuidle: Do not unset the driver if it is there already (bsc#1051510). - crypto: arm64/sha-ce - implement export/import (bsc#1051510). - crypto: mxs-dcp - fix scatterlist linearization for hash (bsc#1051510). - crypto: pcrypt - Fix user-after-free on module unload (git-fixes). - crypto: tcrypt - fix printed skcipher [a]sync mode (bsc#1051510). - debugfs: add support for more elaborate ->d_fsdata (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: call debugfs_real_fops() only after debugfs_file_get() (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: convert to debugfs_file_get() and -put() (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: debugfs_real_fops(): drop __must_hold sparse annotation (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: debugfs_use_start/finish do not exist anymore (bsc#1159198). Prerequisite for bsc#1159198. - debugfs: defer debugfs_fsdata allocation to first usage (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: fix debugfs_real_fops() build error (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: implement per-file removal protection (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: purge obsolete SRCU based removal protection (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: simplify __debugfs_remove_file() (bsc#1159198). Prerequisite for bsc#1159198. - Delete patches which cause regression (bsc#1165527 ltc#184149). - Deprecate NR_UNSTABLE_NFS, use NR_WRITEBACK (bsc#1163403). - device: Use overflow helpers for devm_kmalloc() (bsc#1166003). - dmaengine: coh901318: Fix a double lock bug in dma_tc_handle() (bsc#1051510). - dmaengine: ste_dma40: fix unneeded variable warning (bsc#1051510). - dm: fix incomplete request_queue initialization (bsc#1104967,bsc#1159142). - driver core: platform: fix u32 greater or equal to zero comparison (bsc#1051510). - driver core: platform: Prevent resouce overflow from causing infinite loops (bsc#1051510). - driver core: Print device when resources present in really_probe() (bsc#1051510). - drivers/md/raid5.c: use the new spelling of RWH_WRITE_LIFE_NOT_SET (bsc#1166003). - drivers/md/raid5: Do not disable irq on release_inactive_stripe_list() call (bsc#1166003). - drivers/md/raid5-ppl.c: use the new spelling of RWH_WRITE_LIFE_NOT_SET (bsc#1166003). - drivers/md/raid5: Use irqsave variant of atomic_dec_and_lock() (bsc#1166003). - drm/amd/display: remove duplicated assignment to grph_obj_type (bsc#1051510). - drm/amdkfd: fix a use after free race with mmu_notifer unregister (bsc#1114279) - drm: atmel-hlcdc: enable clock before configuring timing engine (bsc#1114279) - drm/bochs: downgrade pci_request_region failure from error to warning (bsc#1051510). - drm/bridge: dw-hdmi: fix AVI frame colorimetry (bsc#1051510). - drm_dp_mst_topology: fix broken drm_dp_sideband_parse_remote_dpcd_read() (bsc#1051510). - drm/drm_dp_mst:remove set but not used variable 'origlen' (bsc#1051510). - drm/etnaviv: fix dumping of iommuv2 (bsc#1114279) - drm/gma500: Fixup fbdev stolen size usage evaluation (bsc#1051510). - drm/i915/gvt: Separate display reset from ALL_ENGINES reset (bsc#1114279) - drm/i915/userptr: fix size calculation (bsc#1114279) - drm/i915/userptr: Try to acquire the page lock around (bsc#1114279) - drm/i915: Wean off drm_pci_alloc/drm_pci_free (bsc#1114279) - drm/mediatek: Add gamma property according to hardware capability (bsc#1114279) - drm/mediatek: disable all the planes in atomic_disable (bsc#1114279) - drm/mediatek: handle events when enabling/disabling crtc (bsc#1051510). - drm/mipi_dbi: Fix off-by-one bugs in mipi_dbi_blank() (bsc#1114279) - drm: msm: mdp4: Adjust indentation in mdp4_dsi_encoder_enable (bsc#1114279) - drm/msm: Set dma maximum segment size for mdss (bsc#1051510). - drm/msm: stop abusing dma_map/unmap for cache (bsc#1051510). - drm/msm: Use the correct dma_sync calls harder (bsc#1051510). - drm/msm: Use the correct dma_sync calls in msm_gem (bsc#1051510). - drm/nouveau/disp/nv50-: prevent oops when no channel method map provided (bsc#1051510). - drm/nouveau/gr/gk20a,gm200-: add terminators to method lists read from fw (bsc#1051510). - drm: rcar-du: Recognize 'renesas,vsps' in addition to 'vsps' (bsc#1114279) - drm: remove the newline for CRC source name (bsc#1051510). - dt-bindings: allow up to four clocks for orion-mdio (bsc#1051510). - EDAC/mc: Fix use-after-free and memleaks during device removal (bsc#1114279). - efi: Fix a race and a buffer overflow while reading efivars via sysfs (bsc#1164893). - ethtool: Factored out similar ethtool link settings for virtual devices to core (bsc#1136157 ltc#177197). - ext4: add cond_resched() to __ext4_find_entry() (bsc#1166862). - ext4: Avoid ENOSPC when avoiding to reuse recently deleted inodes (bsc#1165019). - ext4: Check for non-zero journal inum in ext4_calculate_overhead (bsc#1167288). - ext4: do not assume that mmp_nodename/bdevname have NUL (bsc#1166860). - ext4: fix a data race in EXT4_I(inode)->i_disksize (bsc#1166861). - ext4: fix incorrect group count in ext4_fill_super error message (bsc#1168765). - ext4: fix incorrect inodes per group in error message (bsc#1168764). - ext4: fix potential race between online resizing and write operations (bsc#1166864). - ext4: fix potential race between s_flex_groups online resizing and access (bsc#1166867). - ext4: fix potential race between s_group_info online resizing and access (bsc#1166866). - ext4: fix race between writepages and enabling EXT4_EXTENTS_FL (bsc#1166870). - ext4: fix support for inode sizes > 1024 bytes (bsc#1164284). - ext4: potential crash on allocation error in ext4_alloc_flex_bg_array() (bsc#1166940). - ext4: rename s_journal_flag_rwsem to s_writepages_rwsem (bsc#1166868). - ext4: validate the debug_want_extra_isize mount option at parse time (bsc#1163897). - fat: fix uninit-memory access for partial initialized inode (bsc#1051510). - fat: work around race with userspace's read via blockdev while mounting (bsc#1051510). - fbdev/g364fb: Fix build failure (bsc#1051510). - fbdev: potential information leak in do_fb_ioctl() (bsc#1114279) - fbmem: Adjust indentation in fb_prepare_logo and fb_blank (bsc#1114279) - fcntl: fix typo in RWH_WRITE_LIFE_NOT_SET r/w hint name (bsc#1166003). - fix memory leak in large read decrypt offload (bsc#1144333). - fs/cifs/cifssmb.c: use true,false for bool variable (bsc#1144333). - fs: cifs: cifsssmb: remove redundant assignment to variable ret (bsc#1144333). - fs: cifs: Initialize filesystem timestamp ranges (bsc#1144333). - fs: cifs: mute -Wunused-const-variable message (bsc#1144333). - fs/cifs/sess.c: Remove set but not used variable 'capabilities' (bsc#1144333). - fs/cifs/smb2ops.c: use true,false for bool variable (bsc#1144333). - fs/cifs/smb2pdu.c: Make SMB2_notify_init static (bsc#1144333). - fs/xfs: fix f_ffree value for statfs when project quota is set (bsc#1165985). - ftrace/kprobe: Show the maxactive number on kprobe_events (git-fixes). - gtp: make sure only SOCK_DGRAM UDP sockets are accepted (networking-stable-20_01_27). - gtp: use __GFP_NOWARN to avoid memalloc warning (networking-stable-20_02_05). - HID: apple: Add support for recent firmware on Magic Keyboards (bsc#1051510). - HID: core: fix off-by-one memset in hid_report_raw_event() (bsc#1051510). - HID: hiddev: Fix race in in hiddev_disconnect() (git-fixes). - hv_netvsc: Fix memory leak when removing rndis device (networking-stable-20_01_20). - hv_netvsc: pass netvsc_device to rndis halt - hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT() (bsc#1051510). - i2c: hix5hd2: add missed clk_disable_unprepare in remove (bsc#1051510). - i2c: jz4780: silence log flood on txabrt (bsc#1051510). - IB/hfi1: Close window for pq and request coliding (bsc#1060463 ). - IB/hfi1: convert to debugfs_file_get() and -put() (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - ibmvfc: do not send implicit logouts prior to NPIV login (bsc#1169625 ltc#184611). - ibmvfc: Fix NULL return compiler warning (bsc#1161951 ltc#183551). - ibmvnic: Do not process device remove during device reset (bsc#1065729). - ibmvnic: Warn unknown speed message only when carrier is present (bsc#1065729). - iio: gyro: adis16136: check ret val for non-zero vs less-than-zero (bsc#1051510). - iio: imu: adis16400: check ret val for non-zero vs less-than-zero (bsc#1051510). - iio: imu: adis: check ret val for non-zero vs less-than-zero (bsc#1051510). - iio: magnetometer: ak8974: Fix negative raw values in sysfs (bsc#1051510). - iio: potentiostat: lmp9100: fix iio_triggered_buffer_{predisable,postenable} positions (bsc#1051510). - Input: add safety guards to input_set_keycode() (bsc#1168075). - Input: avoid BIT() macro usage in the serio.h UAPI header (bsc#1051510). - Input: edt-ft5x06 - work around first register access error (bsc#1051510). - Input: raydium_i2c_ts - fix error codes in raydium_i2c_boot_trigger() (bsc#1051510). - Input: synaptics - enable RMI on HP Envy 13-ad105ng (bsc#1051510). - Input: synaptics - enable SMBus on ThinkPad L470 (bsc#1051510). - Input: synaptics - remove the LEN0049 dmi id from topbuttonpad list (bsc#1051510). - Input: synaptics - switch T470s to RMI4 by default (bsc#1051510). - intel_th: Fix user-visible error codes (bsc#1051510). - intel_th: pci: Add Elkhart Lake CPU support (bsc#1051510). - iommu/amd: Check feature support bit before accessing MSI capability registers (bsc#1166101). - iommu/amd: Fix the configuration of GCR3 table root pointer (bsc#1169057). - iommu/amd: Only support x2APIC with IVHD type 11h/40h (bsc#1166102). - iommu/dma: Fix MSI reservation allocation (bsc#1166730). - iommu/vt-d: dmar: replace WARN_TAINT with pr_warn + add_taint (bsc#1166731). - iommu/vt-d: Fix a bug in intel_iommu_iova_to_phys() for huge page (bsc#1166732). - iommu/vt-d: Fix compile warning from intel-svm.h (bsc#1166103). - iommu/vt-d: Fix the wrong printing in RHSA parsing (bsc#1166733). - iommu/vt-d: Ignore devices with out-of-spec domain number (bsc#1166734). - iommu/vt-d: quirk_ioat_snb_local_iommu: replace WARN_TAINT with pr_warn + add_taint (bsc#1166735). - ipmi:ssif: Handle a possible NULL pointer reference (bsc#1051510). - ipv4: ensure rcu_read_lock() in cipso_v4_error() (git-fixes). - ipvlan: do not add hardware address of master to its unicast filter list (bsc#1137325). - irqchip/bcm2835: Quiesce IRQs left enabled by bootloader (bsc#1051510). - irqdomain: Fix a memory leak in irq_domain_push_irq() (bsc#1051510). - iwlegacy: Fix -Wcast-function-type (bsc#1051510). - iwlwifi: mvm: Do not require PHY_SKU NVM section for 3168 devices (bsc#1166632). - iwlwifi: mvm: Fix thermal zone registration (bsc#1051510). - kABI: fixes for debugfs per-file removal protection backports (bsc#1159198 bsc#1109911). - kabi: invoke bpf_gen_ld_abs() directly (bsc#1158552). - kABI: restore debugfs_remove_recursive() (bsc#1159198). - kernel/module.c: Only return -EEXIST for modules that have finished loading (bsc#1165488). - kernel/module.c: wakeup processes in module_wq on module unload (bsc#1165488). - KVM: arm64: Store vcpu on the stack during __guest_enter() (bsc#1133021). - KVM: s390: do not clobber registers during guest reset/store status (bsc#1133021). - KVM: s390: ENOTSUPP -> EOPNOTSUPP fixups (bsc#1133021). - KVM: VMX: check descriptor table exits on instruction emulation (bsc#1166104). - l2tp: Allow duplicate session creation with UDP (networking-stable-20_02_05). - lcoking/rwsem: Add missing ACQUIRE to read_slowpath sleep loop (bsc#1050549). - libfs: fix infoleak in simple_attr_read() (bsc#1168881). - lib/raid6: add missing include for raid6test (bsc#1166003). - lib/raid6: add option to skip algo benchmarking (bsc#1166003). - lib/raid6/altivec: Add vpermxor implementation for raid6 Q syndrome (bsc#1166003). - lib/raid6: avoid __attribute_const__ redefinition (bsc#1166003). - locking/rwsem: Prevent decrement of reader count before increment (bsc#1050549). - mac80211: consider more elements in parsing CRC (bsc#1051510). - mac80211: Do not send mesh HWMP PREQ if HWMP is disabled (bsc#1051510). - mac80211: free peer keys before vif down in mesh (bsc#1051510). - mac80211: mesh: fix RCU warning (bsc#1051510). - mac80211: only warn once on chanctx_conf being NULL (bsc#1051510). - mac80211: rx: avoid RCU list traversal under mutex (bsc#1051510). - macsec: add missing attribute validation for port (bsc#1051510). - macsec: fix refcnt leak in module exit routine (bsc#1051510). - md: add __acquires/__releases annotations to handle_active_stripes (bsc#1166003). - md: add __acquires/__releases annotations to (un)lock_two_stripes (bsc#1166003). - md: add a missing endianness conversion in check_sb_changes (bsc#1166003). - md: add bitmap_abort label in md_run (bsc#1166003). - md: add feature flag MD_FEATURE_RAID0_LAYOUT (bsc#1166003). - md: allow last device to be forcibly removed from RAID1/RAID10 (bsc#1166003). - md: avoid invalid memory access for array sb->dev_roles (bsc#1166003). - md/bitmap: avoid race window between md_bitmap_resize and bitmap_file_clear_bit (bsc#1166003). - md-bitmap: create and destroy wb_info_pool with the change of backlog (bsc#1166003). - md-bitmap: create and destroy wb_info_pool with the change of bitmap (bsc#1166003). - md-bitmap: small cleanups (bsc#1166003). - md/bitmap: use mddev_suspend/resume instead of ->quiesce() (bsc#1166003). - md-cluster/bitmap: do not call md_bitmap_sync_with_cluster during reshaping stage (bsc#1166003). - md-cluster: introduce resync_info_get interface for sanity check (bsc#1166003). - md-cluster/raid10: call update_size in md_reap_sync_thread (bsc#1166003). - md-cluster/raid10: do not call remove_and_add_spares during reshaping stage (bsc#1166003). - md-cluster/raid10: resize all the bitmaps before start reshape (bsc#1166003). - md-cluster/raid10: support add disk under grow mode (bsc#1166003). - md-cluster: remove suspend_info (bsc#1166003). - md-cluster: send BITMAP_NEEDS_SYNC message if reshaping is interrupted (bsc#1166003). - md: convert to kvmalloc (bsc#1166003). - md: do not call spare_active in md_reap_sync_thread if all member devices can't work (bsc#1166003). - md: do not set In_sync if array is frozen (bsc#1166003). - md: fix an error code format and remove unsed bio_sector (bsc#1166003). - md: fix a typo s/creat/create (bsc#1166003). - md: fix for divide error in status_resync (bsc#1166003). - md: fix spelling typo and add necessary space (bsc#1166003). - md: introduce mddev_create/destroy_wb_pool for the change of member device (bsc#1166003). - md: introduce new personality funciton start() (bsc#1166003). - md-linear: use struct_size() in kzalloc() (bsc#1166003). - md: Make bio_alloc_mddev use bio_alloc_bioset (bsc#1166003). - md: make sure desc_nr less than MD_SB_DISKS (bsc#1166003). - md: md.c: Return -ENODEV when mddev is NULL in rdev_attr_show (bsc#1166003). - md: no longer compare spare disk superblock events in super_load (bsc#1166003). - md/r5cache: remove redundant pointer bio (bsc#1166003). - md/raid0: Fix an error message in raid0_make_request() (bsc#1166003). - md raid0/linear: Mark array as 'broken' and fail BIOs if a member is gone (bsc#1166003). - md/raid10: end bio when the device faulty (bsc#1166003). - md/raid10: Fix raid10 replace hang when new added disk faulty (bsc#1166003). - md/raid10: prevent access of uninitialized resync_pages offset (bsc#1166003). - md/raid10: read balance chooses idlest disk for SSD (bsc#1166003). - md: raid10: Use struct_size() in kmalloc() (bsc#1166003). - md/raid1: avoid soft lockup under high load (bsc#1166003). - md: raid1: check rdev before reference in raid1_sync_request func (bsc#1166003). - md/raid1: end bio when the device faulty (bsc#1166003). - md/raid1: fail run raid1 array when active disk less than one (bsc#1166003). - md/raid1: Fix a warning message in remove_wb() (bsc#1166003). - md/raid1: fix potential data inconsistency issue with write behind device (bsc#1166003). - md/raid1: get rid of extra blank line and space (bsc#1166003). - md/raid5: Assigning NULL to sh->batch_head before testing bit R5_Overlap of a stripe (bsc#1166003). - md/raid5: use bio_end_sector to calculate last_sector (bsc#1166003). - md/raid6: fix algorithm choice under larger PAGE_SIZE (bsc#1166003). - md/raid6: implement recovery using ARM NEON intrinsics (bsc#1166003). - md: remove a bogus comment (bsc#1166003). - md: remove redundant code that is no longer reachable (bsc#1166003). - md: remove set but not used variable 'bi_rdev' (bsc#1166003). - md: rename wb stuffs (bsc#1166003). - md: return -ENODEV if rdev has no mddev assigned (bsc#1166003). - md: use correct type in super_1_load (bsc#1166003). - md: use correct type in super_1_sync (bsc#1166003). - md: use correct types in md_bitmap_print_sb (bsc#1166003). - media: dib0700: fix rc endpoint lookup (bsc#1051510). - media: flexcop-usb: fix endpoint sanity check (git-fixes). - media: go7007: Fix URB type for interrupt handling (bsc#1051510). - media: ov519: add missing endpoint sanity checks (bsc#1168829). - media: ov6650: Fix .get_fmt() V4L2_SUBDEV_FORMAT_TRY support (bsc#1051510). - media: ov6650: Fix some format attributes not under control (bsc#1051510). - media: ov6650: Fix stored crop rectangle not in sync with hardware (bsc#1051510). - media: ov6650: Fix stored frame format not in sync with hardware (bsc#1051510). - media: stv06xx: add missing descriptor sanity checks (bsc#1168854). - media: tda10071: fix unsigned sign extension overflow (bsc#1051510). - media: usbtv: fix control-message timeouts (bsc#1051510). - media: uvcvideo: Refactor teardown of uvc on USB disconnect (bsc#1164507). - media: v4l2-core: fix entity initialization in device_register_subdev (bsc#1051510). - media: vsp1: tidyup VI6_HGT_LBn_H() macro (bsc#1051510). - media: xirlink_cit: add missing descriptor sanity checks (bsc#1051510). - mfd: dln2: Fix sanity checking for endpoints (bsc#1051510). - misc: pci_endpoint_test: Fix to support > 10 pci-endpoint-test devices (bsc#1051510). - mmc: sdhci-of-at91: fix cd-gpios for SAMA5D2 (bsc#1051510). - mm/filemap.c: do not initiate writeback if mapping has no dirty pages (bsc#1168884). - mm/memory_hotplug.c: only respect mem= parameter during boot stage (bsc#1065600). - MM: replace PF_LESS_THROTTLE with PF_LOCAL_THROTTLE (bsc#1163403). - mm: Use overflow helpers in kvmalloc() (bsc#1166003). - mwifiex: set needed_headroom, not hard_header_len (bsc#1051510). - net: core: another layer of lists, around PF_MEMALLOC skb handling (bsc#1050549). - net: cxgb3_main: Add CAP_NET_ADMIN check to CHELSIO_GET_MEM (networking-stable-20_01_27). - net: dsa: mv88e6xxx: Preserve priority when setting CPU port (networking-stable-20_01_11). - net: dsa: tag_qca: fix doubled Tx statistics (networking-stable-20_01_20). - net: dsa: tag_qca: Make sure there is headroom for tag (networking-stable-20_02_19). - net: ena: Add PCI shutdown handler to allow safe kexec (bsc#1167421, bsc#1167423). - net/ethtool: Introduce link_ksettings API for virtual network devices (bsc#1136157 ltc#177197). - netfilter: conntrack: sctp: use distinct states for new SCTP connections (bsc#1159199). - net: hns: fix soft lockup when there is not enough memory (networking-stable-20_01_20). - net: hsr: fix possible NULL deref in hsr_handle_frame() (networking-stable-20_02_05). - net: ip6_gre: fix moving ip6gre between namespaces (networking-stable-20_01_27). - net, ip6_tunnel: fix namespaces move (networking-stable-20_01_27). - net, ip_tunnel: fix namespaces move (networking-stable-20_01_27). - net: macb: Limit maximum GEM TX length in TSO (networking-stable-20_02_09). - net: macb: Remove unnecessary alignment check for TSO (networking-stable-20_02_09). - net/mlxfw: Verify FSM error code translation does not exceed array size (bsc#1051858). - net: mvneta: move rx_dropped and rx_errors in per-cpu stats (networking-stable-20_02_09). - net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL (bsc#1051510). - net: nfc: fix bounds checking bugs on 'pipe' (bsc#1051510). - net: phy: micrel: kszphy_resume(): add delay after genphy_resume() before accessing PHY registers (bsc#1051510). - net: rtnetlink: validate IFLA_MTU attribute in rtnl_create_link() (networking-stable-20_01_27). - net_sched: ematch: reject invalid TCF_EM_SIMPLE (networking-stable-20_01_30). - net_sched: fix an OOB access in cls_tcindex (networking-stable-20_02_05). - net_sched: fix a resource leak in tcindex_set_parms() (networking-stable-20_02_09). - net_sched: fix datalen for ematch (networking-stable-20_01_27). - net/sched: flower: add missing validation of TCA_FLOWER_FLAGS (networking-stable-20_02_19). - net_sched: keep alloc_hash updated after hash allocation (git-fixes). - net/sched: matchall: add missing validation of TCA_MATCHALL_FLAGS (networking-stable-20_02_19). - net: sch_prio: When ungrafting, replace with FIFO (networking-stable-20_01_11). - net/smc: add fallback check to connect() (git-fixes). - net/smc: fix leak of kernel memory to user space (networking-stable-20_02_19). - net/smc: fix refcount non-blocking connect() -part 2 (git-fixes). - net: stmmac: Delete txtimer in suspend() (networking-stable-20_02_05). - net: stmmac: dwmac-sunxi: Allow all RGMII modes (networking-stable-20_01_11). - net-sysfs: Fix reference count leak (networking-stable-20_01_27). - net: systemport: Avoid RBUF stuck in Wake-on-LAN mode (networking-stable-20_02_09). - net: usb: lan78xx: Add .ndo_features_check (networking-stable-20_01_27). - net: usb: lan78xx: fix possible skb leak (networking-stable-20_01_11). - net/wan/fsl_ucc_hdlc: fix out of bounds write on array utdm_info (networking-stable-20_01_20). - NFC: fdp: Fix a signedness bug in fdp_nci_send_patch() (bsc#1051510). - NFC: pn544: Fix a typo in a debug message (bsc#1051510). - NFC: port100: Convert cpu_to_le16(le16_to_cpu(E1) + E2) to use le16_add_cpu() (bsc#1051510). - NFS: send state management on a single connection (bsc#1167005). - nvme-multipath: fix possible I/O hang when paths are updated (bsc#1158983). - objtool: Add is_static_jump() helper (bsc#1169514). - objtool: Add relocation check for alternative sections (bsc#1169514). - OMAP: DSS2: remove non-zero check on variable r (bsc#1114279) - orinoco: avoid assertion in case of NULL pointer (bsc#1051510). - padata: always acquire cpu_hotplug_lock before pinst->lock (git-fixes). - partitions/efi: Fix partition name parsing in GUID partition entry (bsc#1168763). - PCI/ASPM: Clear the correct bits when enabling L1 substates (bsc#1051510). - PCI: endpoint: Fix clearing start entry in configfs (bsc#1051510). - PCI: pciehp: Fix MSI interrupt race (bsc#1159037). - PCI/switchtec: Fix init_completion race condition with poll_wait() (bsc#1051510). - perf/amd/uncore: Replace manual sampling check with CAP_NO_INTERRUPT flag (bsc#1114279). - perf: qcom_l2: fix column exclusion check (git-fixes). - pinctrl: baytrail: Do not clear IRQ flags on direct-irq enabled pins (bsc#1051510). - pinctrl: core: Remove extra kref_get which blocks hogs being freed (bsc#1051510). - pinctrl: sh-pfc: sh7264: Fix CAN function GPIOs (bsc#1051510). - pinctrl: sh-pfc: sh7269: Fix CAN function GPIOs (bsc#1051510). - pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM (networking-stable-20_01_11). - platform/x86: pmc_atom: Add Lex 2I385SW to critclk_systems DMI table (bsc#1051510). - PM: core: Fix handling of devices deleted during system-wide resume (git-fixes). - powerpc/64: mark start_here_multiplatform as __ref (bsc#1148868). - powerpc/64s: Fix section mismatch warnings from boot code (bsc#1148868). - powerpc/64/tm: Do not let userspace set regs->trap via sigreturn (bsc#1118338 ltc#173734). - powerpc: fix hardware PMU exception bug on PowerVM compatibility mode systems (bsc#1056686). - powerpc/hash64/devmap: Use H_PAGE_THP_HUGE when setting up huge devmap PTE entries (bsc#1065729). - powerpc/kprobes: Ignore traps that happened in real mode (bsc#1065729). - powerpc/mm: Fix section mismatch warning in stop_machine_change_mapping() (bsc#1148868). - powerpc/pseries: Avoid NULL pointer dereference when drmem is unavailable (bsc#1160659). - powerpc/pseries: group lmb operation and memblock's (bsc#1165404 ltc#183498). - powerpc/pseries/memory-hotplug: Only update DT once per memory DLPAR request (bsc#1165404 ltc#183498). - powerpc/pseries: update device tree before ejecting hotplug uevents (bsc#1165404 ltc#183498). - powerpc/smp: Use nid as fallback for package_id (bsc#1165813 ltc#184091). - powerpc/vmlinux.lds: Explicitly retain .gnu.hash (bsc#1148868). - powerpc/xive: Replace msleep(x) with msleep(OPAL_BUSY_DELAY_MS) (bsc#1085030). - powerpc/xive: Use XIVE_BAD_IRQ instead of zero to catch non configured IPIs (bsc#1085030). - pwm: bcm2835: Dynamically allocate base (bsc#1051510). - pwm: meson: Fix confusing indentation (bsc#1051510). - pwm: pca9685: Fix PWM/GPIO inter-operation (bsc#1051510). - pwm: rcar: Fix late Runtime PM enablement (bsc#1051510). - pwm: renesas-tpu: Fix late Runtime PM enablement (bsc#1051510). - pxa168fb: fix release function mismatch in probe failure (bsc#1051510). - qmi_wwan: re-add DW5821e pre-production variant (bsc#1051510). - qmi_wwan: unconditionally reject 2 ep interfaces (bsc#1051510). - raid10: refactor common wait code from regular read/write request (bsc#1166003). - raid1: factor out a common routine to handle the completion of sync write (bsc#1166003). - raid1: simplify raid1_error function (bsc#1166003). - raid1: use an int as the return value of raise_barrier() (bsc#1166003). - raid5: block failing device if raid will be failed (bsc#1166003). - raid5-cache: Need to do start() part job after adding journal device (bsc#1166003). - raid5: copy write hint from origin bio to stripe (bsc#1166003). - raid5: do not increment read_errors on EILSEQ return (bsc#1166003). - raid5: do not set STRIPE_HANDLE to stripe which is in batch list (bsc#1166003). - raid5 improve too many read errors msg by adding limits (bsc#1166003). - raid5: need to set STRIPE_HANDLE for batch head (bsc#1166003). - raid5: remove STRIPE_OPS_REQ_PENDING (bsc#1166003). - raid5: remove worker_cnt_per_group argument from alloc_thread_groups (bsc#1166003). - raid5: set write hint for PPL (bsc#1166003). - raid5: use bio_end_sector in r5_next_bio (bsc#1166003). - raid6/test: fix a compilation error (bsc#1166003). - raid6/test: fix a compilation warning (bsc#1166003). - remoteproc: Initialize rproc_class before use (bsc#1051510). - rtlwifi: rtl8192de: Fix missing callback that tests for hw release of buffer (git-fixes). - rtlwifi: rtl_pci: Fix -Wcast-function-type (bsc#1051510). - rxrpc: Fix insufficient receive notification generation (networking-stable-20_02_05). - s390/mm: fix dynamic pagetable upgrade for hugetlbfs (bsc#1165182 LTC#184102). - scsi: core: avoid repetitive logging of device offline messages (bsc#1145929). - scsi: core: kABI fix offline_already (bsc#1145929). - scsi: fnic: do not queue commands during fwreset (bsc#1146539). - scsi: ibmvfc: Add failed PRLI to cmd_status lookup array (bsc#1161951 ltc#183551). - scsi: ibmvfc: Avoid loss of all paths during SVC node reboot (bsc#1161951 ltc#183551). - scsi: ibmvfc: Byte swap status and error codes when logging (bsc#1161951 ltc#183551). - scsi: ibmvfc: Clean up transport events (bsc#1161951 ltc#183551). - scsi: ibmvfc: constify dev_pm_ops structures (bsc#1161951 ltc#183551). - scsi: ibmvfc: Do not call fc_block_scsi_eh() on host reset (bsc#1161951 ltc#183551). - scsi: ibmvfc: Fix NULL return compiler warning (bsc#1161951 ltc#183551). Refresh sorted patches. - scsi: ibmvfc: ibmvscsi: ibmvscsi_tgt: constify vio_device_id (bsc#1161951 ltc#183551). - scsi: ibmvfc: Mark expected switch fall-throughs (bsc#1161951 ltc#183551). - scsi: ibmvfc: Remove 'failed' from logged errors (bsc#1161951 ltc#183551). - scsi: ibmvfc: Remove unneeded semicolons (bsc#1161951 ltc#183551). - scsi: ibmvscsi: change strncpy+truncation to strlcpy (bsc#1161951 ltc#183551). - scsi: ibmvscsi: constify dev_pm_ops structures (bsc#1161951 ltc#183551). - scsi: ibmvscsi: Do not use rc uninitialized in ibmvscsi_do_work (bsc#1161951 ltc#183551). - scsi: ibmvscsi: fix tripping of blk_mq_run_hw_queue WARN_ON (bsc#1161951 ltc#183551). - scsi: ibmvscsi: Improve strings handling (bsc#1161951 ltc#183551). - scsi: ibmvscsi: redo driver work thread to use enum action states (bsc#1161951 ltc#183551). - scsi: ibmvscsi: Wire up host_reset() in the driver's scsi_host_template (bsc#1161951 ltc#183551). - scsi: qla2xxx: Add 16.0GT for PCI String (bsc#1157424). - scsi: qla2xxx: Add beacon LED config sysfs interface (bsc#1157424). - scsi: qla2xxx: Add changes in preparation for vendor extended FDMI/RDP (bsc#1157424). - scsi: qla2xxx: Add deferred queue for processing ABTS and RDP (bsc#1157424). - scsi: qla2xxx: Add endianizer macro calls to fc host stats (bsc#1157424). - scsi: qla2xxx: Add fixes for mailbox command (bsc#1157424). - scsi: qla2xxx: add more FW debug information (bsc#1157424). - scsi: qla2xxx: Add ql2xrdpenable module parameter for RDP (bsc#1157424). - scsi: qla2xxx: Add sysfs node for D-Port Diagnostics AEN data (bsc#1157424). - scsi: qla2xxx: Add vendor extended FDMI commands (bsc#1157424). - scsi: qla2xxx: Add vendor extended RDP additions and amendments (bsc#1157424). - scsi: qla2xxx: Avoid setting firmware options twice in 24xx_update_fw_options (bsc#1157424). - scsi: qla2xxx: Check locking assumptions at runtime in qla2x00_abort_srb() (bsc#1157424). - scsi: qla2xxx: Cleanup ELS/PUREX iocb fields (bsc#1157424). - scsi: qla2xxx: Convert MAKE_HANDLE() from a define into an inline function (bsc#1157424). - scsi: qla2xxx: Correction to selection of loopback/echo test (bsc#1157424). - scsi: qla2xxx: Display message for FCE enabled (bsc#1157424). - scsi: qla2xxx: Fix control flags for login/logout IOCB (bsc#1157424). - scsi: qla2xxx: Fix FCP-SCSI FC4 flag passing error (bsc#1157424). - scsi: qla2xxx: fix FW resource count values (bsc#1157424). - scsi: qla2xxx: Fix I/Os being passed down when FC device is being deleted (bsc#1157424). - scsi: qla2xxx: Fix NPIV instantiation after FW dump (bsc#1157424). - scsi: qla2xxx: Fix qla2x00_echo_test() based on ISP type (bsc#1157424). - scsi: qla2xxx: Fix RDP respond data format (bsc#1157424). - scsi: qla2xxx: Fix RDP response size (bsc#1157424). - scsi: qla2xxx: Fix sparse warning reported by kbuild bot (bsc#1157424). - scsi: qla2xxx: Fix sparse warnings triggered by the PCI state checking code (bsc#1157424). - scsi: qla2xxx: Force semaphore on flash validation failure (bsc#1157424). - scsi: qla2xxx: Handle cases for limiting RDP response payload length (bsc#1157424). - scsi: qla2xxx: Handle NVME status iocb correctly (bsc#1157424). - scsi: qla2xxx: Improved secure flash support messages (bsc#1157424). - scsi: qla2xxx: Move free of fcport out of interrupt context (bsc#1157424). - scsi: qla2xxx: Print portname for logging in qla24xx_logio_entry() (bsc#1157424). - scsi: qla2xxx: Remove restriction of FC T10-PI and FC-NVMe (bsc#1157424). - scsi: qla2xxx: Return appropriate failure through BSG Interface (bsc#1157424). - scsi: qla2xxx: Save rscn_gen for new fcport (bsc#1157424). - scsi: qla2xxx: Serialize fc_port alloc in N2N (bsc#1157424). - scsi: qla2xxx: Set Nport ID for N2N (bsc#1157424). - scsi: qla2xxx: Show correct port speed capabilities for RDP command (bsc#1157424). - scsi: qla2xxx: Simplify the code for aborting SCSI commands (bsc#1157424). - scsi: qla2xxx: Suppress endianness complaints in qla2x00_configure_local_loop() (bsc#1157424). - scsi: qla2xxx: Update BPM enablement semantics (bsc#1157424). - scsi: qla2xxx: Update driver version to 10.01.00.24-k (bsc#1157424). - scsi: qla2xxx: Update driver version to 10.01.00.25-k (bsc#1157424). - scsi: qla2xxx: Use a dedicated interrupt handler for 'handshake-required' ISPs (bsc#1157424). - scsi: qla2xxx: Use correct ISP28xx active FW region (bsc#1157424). - scsi: qla2xxx: Use endian macros to assign static fields in fwdump header (bsc#1157424). - scsi: qla2xxx: Use FC generic update firmware options routine for ISP27xx (bsc#1157424). - scsi: qla2xxx: Use QLA_FW_STOPPED macro to propagate flag (bsc#1157424). - scsi: tcm_qla2xxx: Make qlt_alloc_qfull_cmd() set cmd->se_cmd.map_tag (bsc#1157424). - sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY (networking-stable-20_01_11). - serdev: ttyport: restore client ops on deregistration (bsc#1051510). - smb3: add debug messages for closing unmatched open (bsc#1144333). - smb3: Add defines for new information level, FileIdInformation (bsc#1144333). - smb3: add dynamic tracepoints for flush and close (bsc#1144333). - smb3: add missing flag definitions (bsc#1144333). - smb3: Add missing reparse tags (bsc#1144333). - smb3: add missing worker function for SMB3 change notify (bsc#1144333). - smb3: add mount option to allow forced caching of read only share (bsc#1144333). - smb3: add mount option to allow RW caching of share accessed by only 1 client (bsc#1144333). - smb3: add one more dynamic tracepoint missing from strict fsync path (bsc#1144333). - smb3: add some more descriptive messages about share when mounting cache=ro (bsc#1144333). - smb3: allow decryption keys to be dumped by admin for debugging (bsc#1144333). - smb3: allow disabling requesting leases (bsc#1144333). - smb3: allow parallelizing decryption of reads (bsc#1144333). - smb3: allow skipping signature verification for perf sensitive configurations (bsc#1144333). - SMB3: Backup intent flag missing from some more ops (bsc#1144333). - smb3: cleanup some recent endian errors spotted by updated sparse (bsc#1144333). - smb3: display max smb3 requests in flight at any one time (bsc#1144333). - smb3: dump in_send and num_waiters stats counters by default (bsc#1144333). - smb3: enable offload of decryption of large reads via mount option (bsc#1144333). - smb3: fix default permissions on new files when mounting with modefromsid (bsc#1144333). - smb3: fix mode passed in on create for modetosid mount option (bsc#1144333). - smb3: fix performance regression with setting mtime (bsc#1144333). - smb3: fix potential null dereference in decrypt offload (bsc#1144333). - smb3: fix problem with null cifs super block with previous patch (bsc#1144333). - smb3: Fix regression in time handling (bsc#1144333). - smb3: improve check for when we send the security descriptor context on create (bsc#1144333). - smb3: log warning if CSC policy conflicts with cache mount option (bsc#1144333). - smb3: missing ACL related flags (bsc#1144333). - smb3: only offload decryption of read responses if multiple requests (bsc#1144333). - smb3: pass mode bits into create calls (bsc#1144333). - smb3: print warning once if posix context returned on open (bsc#1144333). - smb3: query attributes on file close (bsc#1144333). - smb3: remove noisy debug message and minor cleanup (bsc#1144333). - smb3: remove unused flag passed into close functions (bsc#1144333). - staging: ccree: use signal safe completion wait (git-fixes). - staging: rtl8188eu: Add ASUS USB-N10 Nano B1 to device table (bsc#1051510). - staging: rtl8188eu: Fix potential overuse of kernel memory (bsc#1051510). - staging: rtl8188eu: Fix potential security hole (bsc#1051510). - staging: rtl8723bs: Fix potential overuse of kernel memory (bsc#1051510). - staging: rtl8723bs: Fix potential security hole (bsc#1051510). - staging: vt6656: fix sign of rx_dbm to bb_pre_ed_rssi (bsc#1051510). - staging: wlan-ng: fix ODEBUG bug in prism2sta_disconnect_usb (bsc#1051510). - staging: wlan-ng: fix use-after-free Read in hfa384x_usbin_callback (bsc#1051510). - SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202). - tcp_bbr: improve arithmetic division in bbr_update_bw() (networking-stable-20_01_27). - tcp: clear tp->data_segs{in|out} in tcp_disconnect() (networking-stable-20_02_05). - tcp: clear tp->delivered in tcp_disconnect() (networking-stable-20_02_05). - tcp: clear tp->segs_{in|out} in tcp_disconnect() (networking-stable-20_02_05). - tcp: clear tp->total_retrans in tcp_disconnect() (networking-stable-20_02_05). - tcp: fix marked lost packets not being retransmitted (networking-stable-20_01_20). - tcp: fix 'old stuff' D-SACK causing SACK to be treated as D-SACK (networking-stable-20_01_11). - thermal: devfreq_cooling: inline all stubs for CONFIG_DEVFREQ_THERMAL=n (bsc#1051510). - thunderbolt: Prevent crash if non-active NVMem file is read (git-fixes). - tick: broadcast-hrtimer: Fix a race in bc_set_next (bsc#1044231). - tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure (git-fixes). - tools: Update include/uapi/linux/fcntl.h copy from the kernel (bsc#1166003). - tpm: ibmvtpm: Wait for buffer to be set before proceeding (bsc#1065729). - tty: evh_bytechan: Fix out of bounds accesses (bsc#1051510). - ttyprintk: fix a potential deadlock in interrupt context issue (git-fixes). - tty/serial: atmel: manage shutdown in case of RS485 or ISO7816 mode (bsc#1051510). - tty: serial: imx: setup the correct sg entry for tx dma (bsc#1051510). - USB: cdc-acm: fix rounding error in TIOCSSERIAL (git-fixes). - USB: core: add endpoint-blacklist quirk (git-fixes). - USB: core: hub: do error out if usb_autopm_get_interface() fails (git-fixes). - USB: core: port: do error out if usb_autopm_get_interface() fails (git-fixes). - USB: Disable LPM on WD19's Realtek Hub (git-fixes). - USB: dwc2: Fix in ISOC request length checking (git-fixes). - USB: Fix novation SourceControl XL after suspend (git-fixes). - USB: gadget: composite: Fix bMaxPower for SuperSpeedPlus (git-fixes). - USB: gadget: f_fs: Fix use after free issue as part of queue failure (bsc#1051510). - USB: host: xhci-plat: add a shutdown (git-fixes). - USB: host: xhci: update event ring dequeue pointer on purpose (git-fixes). - USB: hub: Do not record a connect-change event during reset-resume (git-fixes). - usbip: Fix uninitialized symbol 'nents' in stub_recv_cmd_submit() (git-fixes). - USB: misc: iowarrior: add support for 2 OEMed devices (git-fixes). - USB: misc: iowarrior: add support for the 100 device (git-fixes). - USB: misc: iowarrior: add support for the 28 and 28L devices (git-fixes). - USB: musb: Disable pullup at init (git-fixes). - USB: musb: fix crash with highmen PIO and usbmon (bsc#1051510). - USB: quirks: add NO_LPM quirk for Logitech Screen Share (git-fixes). - USB: quirks: add NO_LPM quirk for RTL8153 based ethernet adapters (git-fixes). - USB: quirks: blacklist duplicate ep on Sound Devices USBPre2 (git-fixes). - USB: serial: io_edgeport: fix slab-out-of-bounds read in edge_interrupt_callback (bsc#1051510). - USB: serial: option: add ME910G1 ECM composition 0x110b (git-fixes). - USB: serial: pl2303: add device-id for HP LD381 (git-fixes). - USB: storage: Add quirk for Samsung Fit flash (git-fixes). - USB: uas: fix a plug & unplug racing (git-fixes). - USB: xhci: apply XHCI_SUSPEND_DELAY to AMD XHCI controller 1022:145c (git-fixes). - uvcvideo: Refactor teardown of uvc on USB disconnect (bsc#1164507) - vgacon: Fix a UAF in vgacon_invert_region (bsc#1114279) - virtio-blk: fix hw_queue stopped on arbitrary error (git-fixes). - vlan: fix memory leak in vlan_dev_set_egress_priority (networking-stable-20_01_11). - vlan: vlan_changelink() should propagate errors (networking-stable-20_01_11). - vxlan: fix tos value before xmit (networking-stable-20_01_11). - x86/cpu/amd: Enable the fixed Instructions Retired counter IRPERF (bsc#1114279). - x86/mce/amd: Fix kobject lifetime (bsc#1114279). - x86/mce/amd: Publish the bank pointer only after setup has succeeded (bsc#1114279). - x86/mce: Fix logic and comments around MSR_PPIN_CTL (bsc#1114279). - x86/mm: Split vmalloc_sync_all() (bsc#1165741). - x86/pkeys: Manually set X86_FEATURE_OSPKE to preserve existing changes (bsc#1114279). - xen/blkfront: fix memory allocation flags in blkfront_setup_indirect() (bsc#1168486). - xfs: also remove cached ACLs when removing the underlying attr (bsc#1165873). - xfs: bulkstat should copy lastip whenever userspace supplies one (bsc#1165984). - xhci: apply XHCI_PME_STUCK_QUIRK to Intel Comet Lake platforms (git-fixes). - xhci: Do not open code __print_symbolic() in xhci trace events (git-fixes). - xhci: fix runtime pm enabling for quirky Intel hosts (bsc#1051510). - xhci: Force Maximum Packet size for Full-speed bulk devices to valid range (bsc#1051510). Important SUSE bug 1044231 SUSE bug 1050549 SUSE bug 1051510 SUSE bug 1051858 SUSE bug 1056686 SUSE bug 1060463 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1083647 SUSE bug 1085030 SUSE bug 1104967 SUSE bug 1109911 SUSE bug 1114279 SUSE bug 1118338 SUSE bug 1120386 SUSE bug 1133021 SUSE bug 1136157 SUSE bug 1137325 SUSE bug 1144333 SUSE bug 1145051 SUSE bug 1145929 SUSE bug 1146539 SUSE bug 1148868 SUSE bug 1154385 SUSE bug 1157424 SUSE bug 1158552 SUSE bug 1158983 SUSE bug 1159037 SUSE bug 1159142 SUSE bug 1159198 SUSE bug 1159199 SUSE bug 1159285 SUSE bug 1160659 SUSE bug 1161951 SUSE bug 1162929 SUSE bug 1162931 SUSE bug 1163403 SUSE bug 1163508 SUSE bug 1163897 SUSE bug 1164078 SUSE bug 1164284 SUSE bug 1164507 SUSE bug 1164893 SUSE bug 1165019 SUSE bug 1165111 SUSE bug 1165182 SUSE bug 1165404 SUSE bug 1165488 SUSE bug 1165527 SUSE bug 1165741 SUSE bug 1165813 SUSE bug 1165873 SUSE bug 1165949 SUSE bug 1165984 SUSE bug 1165985 SUSE bug 1166003 SUSE bug 1166101 SUSE bug 1166102 SUSE bug 1166103 SUSE bug 1166104 SUSE bug 1166632 SUSE bug 1166730 SUSE bug 1166731 SUSE bug 1166732 SUSE bug 1166733 SUSE bug 1166734 SUSE bug 1166735 SUSE bug 1166780 SUSE bug 1166860 SUSE bug 1166861 SUSE bug 1166862 SUSE bug 1166864 SUSE bug 1166866 SUSE bug 1166867 SUSE bug 1166868 SUSE bug 1166870 SUSE bug 1166940 SUSE bug 1167005 SUSE bug 1167288 SUSE bug 1167290 SUSE bug 1167316 SUSE bug 1167421 SUSE bug 1167423 SUSE bug 1167629 SUSE bug 1168075 SUSE bug 1168202 SUSE bug 1168276 SUSE bug 1168295 SUSE bug 1168424 SUSE bug 1168443 SUSE bug 1168486 SUSE bug 1168760 SUSE bug 1168762 SUSE bug 1168763 SUSE bug 1168764 SUSE bug 1168765 SUSE bug 1168829 SUSE bug 1168854 SUSE bug 1168881 SUSE bug 1168884 SUSE bug 1168952 SUSE bug 1169057 SUSE bug 1169390 SUSE bug 1169514 SUSE bug 1169625 CVE-2019-19768 CVE-2019-19770 CVE-2019-3701 CVE-2019-9458 CVE-2020-10942 CVE-2020-11494 CVE-2020-11669 CVE-2020-8647 CVE-2020-8649 CVE-2020-8834 CVE-2020-9383 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for shibboleth-sp fixes the following issues: Security issue fixed: - CVE-2019-19191: Fixed escalation to root by fixing ownership of log files (bsc#1157471). Moderate SUSE bug 1157471 CVE-2019-19191 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ceph fixes the following issues: - CVE-2020-12059: Fixed a denial of service caused by a specially crafted XML payload on POST requests (bsc#1170170). Important SUSE bug 1170170 CVE-2020-12059 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for LibVNCServer fixes the following issues: - CVE-2019-15690: Fixed a heap buffer overflow (bsc#1160471). - CVE-2019-15681: Fixed a memory leak which could have allowed to a remote attacker to read stack memory (bsc#1155419). - CVE-2019-20788: Fixed a integer overflow and heap-based buffer overflow via a large height or width value (bsc#1170441). Important SUSE bug 1155419 SUSE bug 1160471 SUSE bug 1170441 CVE-2019-15681 CVE-2019-15690 CVE-2019-20788 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for icu fixes the following issues: - CVE-2020-10531: Fixed integer overflow in UnicodeString:doAppend() (bsc#1166844). Moderate SUSE bug 1166844 CVE-2020-10531 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openldap2 fixes the following issues: - CVE-2020-12243: Fixed a denial of service related to recursive filters (bsc#1170771). Important SUSE bug 1170771 CVE-2020-12243 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for webkit2gtk3 fixes the following issues: Security issue fixed: - CVE-2020-3899: Fixed a memory consumption issue that could have led to remote code execution (bsc#1170643). Non-security issues fixed: - Update to version 2.28.2 (bsc#1170643): + Fix excessive CPU usage due to GdkFrameClock not being stopped. + Fix UI process crash when EGL_WL_bind_wayland_display extension is not available. + Fix position of select popup menus in X11. + Fix playing of Youtube 'live stream'/H264 URLs. + Fix a crash under X11 when cairo uses xcb. + Fix the build in MIPS64. + Fix several crashes and rendering issues. Important SUSE bug 1170643 CVE-2020-3899 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ghostscript to version 9.52 fixes the following issues: - CVE-2020-12268: Fixed a heap-based buffer overflow in jbig2_image_compose (bsc#1170603). Important SUSE bug 1170603 CVE-2020-12268 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: Update to version 68.8.0 ESR (bsc#1171186): - CVE-2020-12387: Use-after-free during worker shutdown - CVE-2020-12388: Sandbox escape with improperly guarded Access Tokens - CVE-2020-12389: Sandbox escape with improperly separated process types - CVE-2020-6831: Buffer overflow in SCTP chunk input validation - CVE-2020-12392: Arbitrary local file access with 'Copy as cURL' - CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection - CVE-2020-12395: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 Important SUSE bug 1171186 CVE-2020-12387 CVE-2020-12388 CVE-2020-12389 CVE-2020-12392 CVE-2020-12393 CVE-2020-12395 CVE-2020-6831 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for squid fixes the following issues: - CVE-2019-12519, CVE-2019-12521: fixes incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses (bsc#1169659). - CVE-2020-11945: fixes a potential remote execution vulnerability when using HTTP Digest Authentication (bsc#1170313). - CVE-2019-12520, CVE-2019-12524: fixes a potential ACL bypass, cache-bypass and cross-site scripting attack when processing invalid HTTP Request messages (bsc#1170423). Important SUSE bug 1169659 SUSE bug 1170313 SUSE bug 1170423 CVE-2019-12519 CVE-2019-12520 CVE-2019-12521 CVE-2019-12524 CVE-2020-11945 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for apache2 fixes the following issues: - CVE-2020-1934: mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server (bsc#1168404). - CVE-2020-1927: mod_rewrite configurations vulnerable to open redirect (bsc#1168407). - CVE-2020-1938: mod_proxy_ajp: Add 'secret' parameter to proxy workers to implement legacy AJP13 authentication (bsc#1169066). Important SUSE bug 1168404 SUSE bug 1168407 SUSE bug 1169066 CVE-2020-1927 CVE-2020-1934 CVE-2020-1938 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python-PyYAML fixes the following issues: - CVE-2020-1747: Fixed an arbitrary code execution when YAML files are parsed by FullLoader (bsc#1165439). Important SUSE bug 1165439 CVE-2020-1747 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libvirt fixes the following issues: Security issue fixed: - CVE-2020-10703: Fixed a daemon crash caused by pools without target paths (bsc#1168683). Non-security issues fixed: - apparmor: avoid copying empty profile name (bsc#1149100). - logging: ensure virtlogd rollover takes priority over logrotate (bsc#1137137). - qemu: Add support for overriding max threads per process limit (bsc#1133719). - util: fix copying bitmap to larger data buffer (bsc#1138734). - virsh: support for setting precopy bandwidth in migrate (bsc#1145586). - virsh: use upstream name for migration precopy bandwidth parameter (bsc#1145586). - virt-create-rootfs: add SLE 15 and SLE 12 service packs support (bsc#1154093). Important SUSE bug 1133719 SUSE bug 1137137 SUSE bug 1138734 SUSE bug 1145586 SUSE bug 1149100 SUSE bug 1154093 SUSE bug 1168683 CVE-2020-10703 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openexr provides the following fix: Security issues fixed: - CVE-2020-11764: Fixed an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp (bsc#1169574). - CVE-2020-11763: Fixed an out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp (bsc#1169576). - CVE-2020-11758: Fixed an out-of-bounds read in ImfOptimizedPixelReading.h (bsc#1169573). - CVE-2020-11760: Fixed an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp (bsc#1169580). Non-security issue fixed: - Enable tests when building the package on x86_64. (bsc#1146648) Moderate SUSE bug 1146648 SUSE bug 1169573 SUSE bug 1169574 SUSE bug 1169576 SUSE bug 1169580 CVE-2020-11758 CVE-2020-11760 CVE-2020-11763 CVE-2020-11764 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for git to 2.26.2 fixes the following issues: Security issue fixed: - CVE-2020-11008: Specially crafted URLs may have tricked the credentials helper to providing credential information that is not appropriate for the protocol in use and host being contacted (bsc#1169936). Non-security issue fixed: - Fixed git-daemon not starting after conversion from sysvinit to systemd service (bsc#1169605). - Enabled access for git-daemon in firewall configuration (bsc#1170302). - Fixed problems with recent switch to protocol v2, which caused fetches transferring unreasonable amount of data (bsc#1170741). Moderate SUSE bug 1149792 SUSE bug 1168930 SUSE bug 1169605 SUSE bug 1169786 SUSE bug 1169936 SUSE bug 1170302 SUSE bug 1170741 SUSE bug 1170939 CVE-2020-11008 CVE-2020-5260 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for mailman fixes the following issues: Security issue fixed: - CVE-2020-12108: Fixed a content injection bug (bsc#1171363). - CVE-2020-12137: Fixed a XSS vulnerability caused by MIME type confusion (bsc#1170558). Non-security issue fixed: - Fixed rights and ownership on /var/lib/mailman/archives (bsc#1167068). - Don't default to invalid hosts for DEFAULT_EMAIL_HOST (bsc#682920). Important SUSE bug 1167068 SUSE bug 1170558 SUSE bug 1171363 SUSE bug 682920 CVE-2020-12108 CVE-2020-12137 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for bind fixes the following issues: Security issues fixed: - CVE-2020-8616: Fixed the insufficient limit on the number of fetches performed when processing referrals (bsc#1171740). - CVE-2020-8617: Fixed a logic error in code which checks TSIG validity (bsc#1171740). Non-security issue fixed: - Fixed an invalid string comparison in the handling of cookie-secrets (bsc#1161168). Important SUSE bug 1161168 SUSE bug 1171740 CVE-2020-8616 CVE-2020-8617 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ant fixes the following issues: Security issue fixed: - CVE-2018-10886: Fixed a path traversal vulnerability in malformed zip file paths, which allowed arbitrary file writes and could potentially lead to code execution (bsc#1100053). Non-security issues fixed: - Add rhino to the ant-apache-bsf optional tasks (bsc#1134001). - Remove jakarta-commons-logging dependencies (bsc#1133997). - Use apache-commons-logging in optional tasks Moderate SUSE bug 1100053 SUSE bug 1133997 SUSE bug 1134001 CVE-2018-10886 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for tomcat fixes the following issues: - Update to Tomcat 9.0.35. See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.35_(markt) * CVE-2020-9484 (bsc#1171928) Apache Tomcat Remote Code Execution via session persistence If an attacker was able to control the contents and name of a file on a server configured to use the PersistenceManager, then the attacker could have triggered a remote code execution via deserialization of the file under their control. Important SUSE bug 1171928 CVE-2020-9484 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location (bsc#1158095). Important SUSE bug 1158095 CVE-2019-14889 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for dpdk to 17.11.7 fixes the following issues: Security issues fixed: - CVE-2020-10722: Fixed an integer overflow in vhost_user_set_log_base() (bsc#1171477 bsc#1171930). - CVE-2020-10723: Fixed an integer truncation in vhost_user_check_and_alloc_queue_pair() (bsc#1171477). Important SUSE bug 1171477 SUSE bug 1171925 SUSE bug 1171930 CVE-2019-14818 CVE-2020-10722 CVE-2020-10723 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for mariadb-connector-c fixes the following issues: Security issue fixed: - CVE-2020-13249: Fixed an improper validation of OK packets received from clients (bsc#1171550). Non-security issues fixed: - Update to release 3.1.8 (bsc#1171550) * CONC-304: Rename the static library to libmariadb.a and other libmariadb files in a consistent manner * CONC-441: Default user name for C/C is wrong if login user is different from effective user * CONC-449: Check $MARIADB_HOME/my.cnf in addition to $MYSQL_HOME/my.cnf * CONC-457: mysql_list_processes crashes in unpack_fields * CONC-458: mysql_get_timeout_value crashes when used improper * CONC-464: Fix static build for auth_gssapi_client plugin Important SUSE bug 1171550 CVE-2020-13249 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for Mesa fixes the following issues: Security issue fixed: - CVE-2019-5068: Fixed exploitable shared memory permissions vulnerability (bsc#1156015). Moderate SUSE bug 1156015 CVE-2019-5068 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for qemu fixes the following issues: Security issues fixed: - CVE-2020-1983: Fixed a use-after-free in the ip_reass function of slirp (bsc#1170940). - CVE-2019-20382: Fixed a potential DoS due to a memory leak in VNC disconnect (bsc#1165776). - CVE-2020-1711: Fixed a potential OOB access in the iSCSI client code (bsc#1166240). - CVE-2020-8608: Fixed a potential OOB access in slirp (bsc#1163018). - CVE-2020-7039: Fixed a potential OOB access in slirp (bsc#1161066). - Fixed multiple potential DoS issues in SLIRP, similar to CVE-2019-6778 (bsc#1123156). Non-security issue fixed: - Miscellaneous fixes to the in-package support documentation. Moderate SUSE bug 1123156 SUSE bug 1161066 SUSE bug 1163018 SUSE bug 1165776 SUSE bug 1166240 SUSE bug 1170940 CVE-2019-20382 CVE-2019-6778 CVE-2020-1711 CVE-2020-1983 CVE-2020-7039 CVE-2020-8608 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for file-roller fixes the following issues: Security issue fixed: - CVE-2020-11736: Fixed a directory traversal vulnerability due to improper checking whether a file's parent is an external symlink (bsc#1169428). Moderate SUSE bug 1169428 CVE-2020-11736 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python to version 2.7.17 fixes the following issues: Syncing with lots of upstream bug fixes and security fixes. Bug fixes: - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825). - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen(). Now an InvalidURL exception is raised (bsc#1155094). - CVE-2020-8492: Fixed a regular expression in urllib that was prone to denial of service via HTTP (bsc#1162367). - Fixed mismatches between libpython and python-base versions (bsc#1162224). - Fixed segfault in libpython2.7.so.1 (bsc#1073748). - Unified packages among openSUSE:Factory and SLE versions (bsc#1159035). - Added idle.desktop and idle.appdata.xml to provide IDLE in menus (bsc#1153830). - Excluded tsl_check files from python-base to prevent file conflict with python-strict-tls-checks package (bsc#945401). - Changed the name of idle3 icons to idle3.png to avoid collision with Python 2 version (bsc#1165894). Additionally a new 'shared-python-startup' package is provided containing startup files. python-rpm-macros was updated to fix: - Do not write .pyc files for tests (bsc#1171561) Moderate SUSE bug 1027282 SUSE bug 1041090 SUSE bug 1042670 SUSE bug 1073269 SUSE bug 1073748 SUSE bug 1078326 SUSE bug 1078485 SUSE bug 1081750 SUSE bug 1084650 SUSE bug 1086001 SUSE bug 1149792 SUSE bug 1153830 SUSE bug 1155094 SUSE bug 1159035 SUSE bug 1162224 SUSE bug 1162367 SUSE bug 1162825 SUSE bug 1165894 SUSE bug 1170411 SUSE bug 1171561 SUSE bug 945401 CVE-2019-18348 CVE-2019-9674 CVE-2020-8492 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for krb5-appl fixes the following issues: - CVE-2020-10188: Fixed a remote root execution (bsc#1165787). Important SUSE bug 1165787 CVE-2020-10188 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libexif fixes the following issues: Security issues fixed: - CVE-2016-6328: Fixed an integer overflow in parsing MNOTE entry data of the input file (bsc#1055857). - CVE-2017-7544: Fixed an out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c (bsc#1059893). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2020-0093: Fixed an out-of-bounds read in exif_data_save_data_entry (bsc#1171847). - CVE-2020-12767: Fixed a divide-by-zero error in exif_entry_get_value (bsc#1171475). - CVE-2020-13112: Fixed a time consumption DoS when parsing canon array markers (bsc#1172121). - CVE-2020-13113: Fixed a potential use of uninitialized memory (bsc#1172105). - CVE-2020-13114: Fixed various buffer overread fixes due to integer overflows in maker notes (bsc#1172116). Non-security issues fixed: - libexif was updated to version 0.6.22: * New translations: ms * Updated translations for most languages * Some useful EXIF 2.3 tag added: * EXIF_TAG_GAMMA * EXIF_TAG_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE * EXIF_TAG_GPS_H_POSITIONING_ERROR * EXIF_TAG_CAMERA_OWNER_NAME * EXIF_TAG_BODY_SERIAL_NUMBER * EXIF_TAG_LENS_SPECIFICATION * EXIF_TAG_LENS_MAKE * EXIF_TAG_LENS_MODEL * EXIF_TAG_LENS_SERIAL_NUMBER Moderate SUSE bug 1055857 SUSE bug 1059893 SUSE bug 1120943 SUSE bug 1160770 SUSE bug 1171475 SUSE bug 1171847 SUSE bug 1172105 SUSE bug 1172116 SUSE bug 1172121 CVE-2016-6328 CVE-2017-7544 CVE-2018-20030 CVE-2019-9278 CVE-2020-0093 CVE-2020-12767 CVE-2020-13112 CVE-2020-13113 CVE-2020-13114 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for vim fixes the following issues: - CVE-2019-20807: Fixed an issue where escaping from the restrictive mode of vim was possible using interfaces (bsc#1172225 and bsc#1172031). Moderate SUSE bug 1172031 SUSE bug 1172225 CVE-2019-20807 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: - MozillaFirefox was updated to version 68.9.0 Extended Support Release (bsc#1172402). - CVE-2020-12405: Fixed a use-after-free in SharedWorkerService. - CVE-2020-12406: Fixed a JavaScript Type confusion with NativeTypes. - CVE-2020-12410: Fixed multiple memory safety bugs. Important SUSE bug 1172402 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ruby2.1 fixes the following issues: Security issues fixed: - CVE-2015-9096: Fixed an SMTP command injection via CRLFsequences in a RCPT TO or MAIL FROM command (bsc#1043983). - CVE-2016-7798: Fixed an IV Reuse in GCM Mode (bsc#1055265). - CVE-2017-0898: Fixed a buffer underrun vulnerability in Kernel.sprintf (bsc#1058755). - CVE-2017-0899: Fixed an issue with malicious gem specifications, insufficient sanitation when printing gem specifications could have included terminal characters (bsc#1056286). - CVE-2017-0900: Fixed an issue with malicious gem specifications, the query command could have led to a denial of service attack against clients (bsc#1056286). - CVE-2017-0901: Fixed an issue with malicious gem specifications, potentially overwriting arbitrary files on the client system (bsc#1056286). - CVE-2017-0902: Fixed an issue with malicious gem specifications, that could have enabled MITM attacks against clients (bsc#1056286). - CVE-2017-0903: Fixed an unsafe object deserialization vulnerability (bsc#1062452). - CVE-2017-9228: Fixed a heap out-of-bounds write in bitset_set_range() during regex compilation (bsc#1069607). - CVE-2017-9229: Fixed an invalid pointer dereference in left_adjust_char_head() in oniguruma (bsc#1069632). - CVE-2017-10784: Fixed an escape sequence injection vulnerability in the Basic authentication of WEBrick (bsc#1058754). - CVE-2017-14033: Fixed a buffer underrun vulnerability in OpenSSL ASN1 decode (bsc#1058757). - CVE-2017-14064: Fixed an arbitrary memory exposure during a JSON.generate call (bsc#1056782). - CVE-2017-17405: Fixed a command injection vulnerability in Net::FTP (bsc#1073002). - CVE-2017-17742: Fixed an HTTP response splitting issue in WEBrick (bsc#1087434). - CVE-2017-17790: Fixed a command injection in lib/resolv.rb:lazy_initialize() (bsc#1078782). - CVE-2018-6914: Fixed an unintentional file and directory creation with directory traversal in tempfile and tmpdir (bsc#1087441). - CVE-2018-8777: Fixed a potential DoS caused by large requests in WEBrick (bsc#1087436). - CVE-2018-8778: Fixed a buffer under-read in String#unpack (bsc#1087433). - CVE-2018-8779: Fixed an unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket (bsc#1087440). - CVE-2018-8780: Fixed an unintentional directory traversal by poisoned NUL byte in Dir (bsc#1087437). - CVE-2018-16395: Fixed an issue with OpenSSL::X509::Name equality checking (bsc#1112530). - CVE-2018-16396: Fixed an issue with tainted string handling, where the flag was not propagated in Array#pack and String#unpack with some directives (bsc#1112532). - CVE-2018-1000073: Fixed a path traversal issue (bsc#1082007). - CVE-2018-1000074: Fixed an unsafe object deserialization vulnerability in gem owner, allowing arbitrary code execution with specially crafted YAML (bsc#1082008). - CVE-2018-1000075: Fixed an infinite loop vulnerability due to negative size in tar header causes Denial of Service (bsc#1082014). - CVE-2018-1000076: Fixed an improper verification of signatures in tarballs (bsc#1082009). - CVE-2018-1000077: Fixed an improper URL validation in the homepage attribute of ruby gems (bsc#1082010). - CVE-2018-1000078: Fixed a XSS vulnerability in the homepage attribute when displayed via gem server (bsc#1082011). - CVE-2018-1000079: Fixed a path traversal issue during gem installation allows to write to arbitrary filesystem locations (bsc#1082058). - CVE-2019-8320: Fixed a directory traversal issue when decompressing tar files (bsc#1130627). - CVE-2019-8321: Fixed an escape sequence injection vulnerability in verbose (bsc#1130623). - CVE-2019-8322: Fixed an escape sequence injection vulnerability in gem owner (bsc#1130622). - CVE-2019-8323: Fixed an escape sequence injection vulnerability in API response handling (bsc#1130620). - CVE-2019-8324: Fixed an issue with malicious gems that may have led to arbitrary code execution (bsc#1130617). - CVE-2019-8325: Fixed an escape sequence injection vulnerability in errors (bsc#1130611). - CVE-2019-15845: Fixed a NUL injection vulnerability in File.fnmatch and File.fnmatch? (bsc#1152994). - CVE-2019-16201: Fixed a regular expression denial of service vulnerability in WEBrick's digest access authentication (bsc#1152995). - CVE-2019-16254: Fixed an HTTP response splitting vulnerability in WEBrick (bsc#1152992). - CVE-2019-16255: Fixed a code injection vulnerability in Shell#[] and Shell#test (bsc#1152990). - CVE-2020-10663: Fixed an unsafe object creation vulnerability in JSON (bsc#1171517). Non-security issue fixed: - Add conflicts to libruby to make sure ruby and ruby-stdlib are also updated when libruby is updated (bsc#1048072). Also yast2-ruby-bindings on SLES 12 SP2 LTSS was updated to handle the updated ruby interpreter. (bsc#1172275) Important SUSE bug 1043983 SUSE bug 1048072 SUSE bug 1055265 SUSE bug 1056286 SUSE bug 1056782 SUSE bug 1058754 SUSE bug 1058755 SUSE bug 1058757 SUSE bug 1062452 SUSE bug 1069607 SUSE bug 1069632 SUSE bug 1073002 SUSE bug 1078782 SUSE bug 1082007 SUSE bug 1082008 SUSE bug 1082009 SUSE bug 1082010 SUSE bug 1082011 SUSE bug 1082014 SUSE bug 1082058 SUSE bug 1087433 SUSE bug 1087434 SUSE bug 1087436 SUSE bug 1087437 SUSE bug 1087440 SUSE bug 1087441 SUSE bug 1112530 SUSE bug 1112532 SUSE bug 1130611 SUSE bug 1130617 SUSE bug 1130620 SUSE bug 1130622 SUSE bug 1130623 SUSE bug 1130627 SUSE bug 1152990 SUSE bug 1152992 SUSE bug 1152994 SUSE bug 1152995 SUSE bug 1171517 SUSE bug 1172275 CVE-2015-9096 CVE-2016-2339 CVE-2016-7798 CVE-2017-0898 CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-0902 CVE-2017-0903 CVE-2017-10784 CVE-2017-14033 CVE-2017-14064 CVE-2017-17405 CVE-2017-17742 CVE-2017-17790 CVE-2017-9228 CVE-2017-9229 CVE-2018-1000073 CVE-2018-1000074 CVE-2018-1000075 CVE-2018-1000076 CVE-2018-1000077 CVE-2018-1000078 CVE-2018-1000079 CVE-2018-16395 CVE-2018-16396 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 CVE-2019-15845 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255 CVE-2019-8320 CVE-2019-8321 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325 CVE-2020-10663 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_7_0-openjdk to version 7u261 fixes the following issues: - CVE-2020-2756: Better mapping of serial ENUMs (bsc#1169511) - CVE-2020-2757: Less Blocking Array Queues (bsc#1169511) - CVE-2020-2773: Better signatures in XML (bsc#1169511) - CVE-2020-2781: Improve TLS session handling (bsc#1169511) - CVE-2020-2800: Better Headings for HTTP Servers (bsc#1169511) - CVE-2020-2803: Enhance buffering of byte buffers (bsc#1169511) - CVE-2020-2805: Enhance typing of methods (bsc#1169511) - CVE-2020-2830: Better Scanner conversions (bsc#1169511) Important SUSE bug 1169511 CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for texlive fixes the following issues: Security issues fixed: - CVE-2020-8016: Fixed a race condition in the spec file (bsc#1159740). - CVE-2020-8017: Fixed a race condition on a cron job (bsc#1158910). - Fixed an issue where pstopdf was crashing (bsc#1138793). Moderate SUSE bug 1138793 SUSE bug 1158910 SUSE bug 1159740 CVE-2020-8016 CVE-2020-8017 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ucode-intel fixes the following issues: Updated Intel CPU Microcode to 20200602 (prerelease) (bsc#1172466) This update contains security mitigations for: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824). - CVE-2020-0548,CVE-2020-0549: Additional ucode updates were supplied to mitigate the Vector Register and L1D Eviction Sampling aka 'CacheOutAttack' attacks. (bsc#1156353) Microcode Table: Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- ---- updated platforms ------------------------------------ HSW C0 6-3c-3/32 00000027->00000028 Core Gen4 BDW-U/Y E0/F0 6-3d-4/c0 0000002e->0000002f Core Gen5 HSW-U C0/D0 6-45-1/72 00000025->00000026 Core Gen4 HSW-H C0 6-46-1/32 0000001b->0000001c Core Gen4 BDW-H/E3 E0/G0 6-47-1/22 00000021->00000022 Core Gen5 SKL-U/Y D0 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile SKL-U23e K1 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile SKX-SP B1 6-55-3/97 01000151->01000157 Xeon Scalable SKX-SP H0/M0/U0 6-55-4/b7 02000065->02006906 Xeon Scalable SKX-D M1 6-55-4/b7 02000065->02006906 Xeon D-21xx CLX-SP B0 6-55-6/bf 0400002c->04002f01 Xeon Scalable Gen2 CLX-SP B1 6-55-7/bf 0500002c->04002f01 Xeon Scalable Gen2 SKL-H/S R0/N0 6-5e-3/36 000000d6->000000dc Core Gen6; Xeon E3 v5 AML-Y22 H0 6-8e-9/10 000000ca->000000d6 Core Gen8 Mobile KBL-U/Y H0 6-8e-9/c0 000000ca->000000d6 Core Gen7 Mobile CFL-U43e D0 6-8e-a/c0 000000ca->000000d6 Core Gen8 Mobile WHL-U W0 6-8e-b/d0 000000ca->000000d6 Core Gen8 Mobile AML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile CML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile WHL-U V0 6-8e-c/94 000000ca->000000d6 Core Gen8 Mobile KBL-G/H/S/E3 B0 6-9e-9/2a 000000ca->000000d6 Core Gen7; Xeon E3 v6 CFL-H/S/E3 U0 6-9e-a/22 000000ca->000000d6 Core Gen8 Desktop, Mobile, Xeon E CFL-S B0 6-9e-b/02 000000ca->000000d6 Core Gen8 CFL-H/S P0 6-9e-c/22 000000ca->000000d6 Core Gen9 CFL-H R0 6-9e-d/22 000000ca->000000d6 Core Gen9 Mobile Also contains the Intel CPU Microcode update to 20200520: Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- ---- updated platforms ------------------------------------ SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061f->00000621 Xeon E3/E5, Core X SNB-E/EN/EP C2/M1 6-2d-7/6d 00000718->0000071a Xeon E3/E5, Core X Moderate SUSE bug 1154824 SUSE bug 1156353 SUSE bug 1172466 CVE-2020-0543 CVE-2020-0548 CVE-2020-0549 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for virglrenderer fixes the following issues: - CVE-2019-18388: Fixed a null pointer dereference which could have led to denial of service (bsc#1159479). - CVE-2019-18390: Fixed an out of bound read which could have led to denial of service (bsc#1159478). - CVE-2019-18389: Fixed a heap buffer overflow which could have led to guest escape or denial of service (bsc#1159482). - CVE-2019-18391: Fixed a heap based buffer overflow which could have led to guest escape or denial of service (bsc#1159486). Important SUSE bug 1159478 SUSE bug 1159479 SUSE bug 1159482 SUSE bug 1159486 CVE-2019-18388 CVE-2019-18389 CVE-2019-18390 CVE-2019-18391 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824). - CVE-2020-13143: Fixed an out-of-bounds read in gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c (bsc#1171982). - CVE-2020-12769: Fixed an issue which could have allowed attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one (bsc#1171983). - CVE-2020-12768: Fixed a memory leak in svm_cpu_uninit in arch/x86/kvm/svm.c (bsc#1171736). - CVE-2020-12657: An a use-after-free in block/bfq-iosched.c (bsc#1171205). - CVE-2020-12656: Fixed an improper handling of certain domain_release calls leadingch could have led to a memory leak (bsc#1171219). - CVE-2020-12655: Fixed an issue which could have allowed attackers to trigger a sync of excessive duration via an XFS v5 image with crafted metadata (bsc#1171217). - CVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171202). - CVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171195). - CVE-2020-12652: Fixed an issue which could have allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition (bsc#1171218). - CVE-2020-12464: Fixed a use-after-free due to a transfer without a reference (bsc#1170901). - CVE-2020-12114: Fixed a pivot_root race condition which could have allowed local users to cause a denial of service (panic) by corrupting a mountpoint reference counter (bsc#1171098). - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172317). - CVE-2020-10751: Fixed an improper implementation in SELinux LSM hook where it was assumed that an skb would only contain a single netlink message (bsc#1171189). - CVE-2020-10732: Fixed kernel data leak in userspace coredumps due to uninitialized data (bsc#1171220). - CVE-2020-10720: Fixed a use-after-free read in napi_gro_frags() (bsc#1170778). - CVE-2020-10711: Fixed a null pointer dereference in SELinux subsystem which could have allowed a remote network user to crash the kernel resulting in a denial of service (bsc#1171191). - CVE-2020-10690: Fixed the race between the release of ptp_clock and cdev (bsc#1170056). - CVE-2019-9455: Fixed a pointer leak due to a WARN_ON statement in a video driver. This could lead to local information disclosure with System execution privileges needed (bsc#1170345). - CVE-2019-20812: Fixed an issue in prb_calc_retire_blk_tmo() which could have resulted in a denial of service (bsc#1172453). - CVE-2019-20806: Fixed a null pointer dereference which may had lead to denial of service (bsc#1172199). - CVE-2019-19462: Fixed an issue which could have allowed local user to cause denial of service (bsc#1158265). - CVE-2018-1000199: Fixed a potential local code execution via ptrace (bsc#1089895). The following non-security bugs were fixed: - ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() (bsc#1051510). - ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() (bsc#1051510). - acpi/x86: ignore unspecified bit positions in the ACPI global lock field (bsc#1051510). - Add commit for git-fix that's not a fix This commit cleans up debug code but does not fix anything, and it relies on a new kernel function that isn't yet in this version of SLE. - agp/intel: Reinforce the barrier after GTT updates (bsc#1051510). - ALSA: ctxfi: Remove unnecessary cast in kfree (bsc#1051510). - ALSA: hda: Do not release card at firmware loading error (bsc#1051510). - ALSA: hda/hdmi: fix race in monitor detection during probe (bsc#1051510). - ALSA: hda/hdmi: fix without unlocked before return (bsc#1051510). - ALSA: hda: Keep the controller initialization even if no codecs found (bsc#1051510). - ALSA: hda/realtek - Add more fixup entries for Clevo machines (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC245 (bsc#1051510). - ALSA: hda/realtek - Add new codec supported for ALC287 (git-fixes). - ALSA: hda/realtek - Fix S3 pop noise on Dell Wyse (git-fixes). - ALSA: hda/realtek - Fix unexpected init_amp override (bsc#1051510). - ALSA: hda/realtek - Limit int mic boost for Thinkpad T530 (git-fixes bsc#1171293). - ALSA: hda/realtek - Two front mics on a Lenovo ThinkCenter (bsc#1051510). - ALSA: hwdep: fix a left shifting 1 by 31 UB bug (git-fixes). - ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option (git-fixes). - ALSA: opti9xx: shut up gcc-10 range warning (bsc#1051510). - ALSA: pcm: fix incorrect hw_base increase (git-fixes). - ALSA: pcm: oss: Place the plugin buffer overflow checks correctly (bsc#1170522). - ALSA: rawmidi: Fix racy buffer resize under concurrent accesses (git-fixes). - ALSA: usb-audio: Add control message quirk delay for Kingston HyperX headset (git-fixes). - ALSA: usb-audio: Correct a typo of NuPrime DAC-10 USB ID (bsc#1051510). - ALSA: usb-audio: Do not override ignore_ctl_error value from the map (bsc#1051510). - ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif (bsc#1051510). - ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC (git-fixes). - ALSA: usx2y: Fix potential NULL dereference (bsc#1051510). - ASoC: codecs: hdac_hdmi: Fix incorrect use of list_for_each_entry (bsc#1051510). - ASoC: dapm: connect virtual mux with default value (bsc#1051510). - ASoC: dapm: fixup dapm kcontrol widget (bsc#1051510). - ASoC: dpcm: allow start or stop during pause for backend (bsc#1051510). - ASoC: fix regwmask (bsc#1051510). - ASoC: msm8916-wcd-digital: Reset RX interpolation path after use (bsc#1051510). - ASoC: topology: Check return value of pcm_new_ver (bsc#1051510). - ASoC: topology: use name_prefix for new kcontrol (bsc#1051510). - b43legacy: Fix case where channel status is corrupted (bsc#1051510). - batman-adv: fix batadv_nc_random_weight_tq (git-fixes). - batman-adv: Fix refcnt leak in batadv_show_throughput_override (git-fixes). - batman-adv: Fix refcnt leak in batadv_store_throughput_override (git-fixes). - batman-adv: Fix refcnt leak in batadv_v_ogm_process (git-fixes). - bcache: avoid unnecessary btree nodes flushing in btree_flush_write() (git fixes (block drivers)). - bcache: fix incorrect data type usage in btree_flush_write() (git fixes (block drivers)). - bcache: Revert 'bcache: shrink btree node cache after bch_btree_check()' (git fixes (block drivers)). - block/drbd: delete invalid function drbd_md_mark_dirty_ (bsc#1171527). - block: drbd: remove a stray unlock in __drbd_send_protocol() (bsc#1171599). - block: fix busy device checking in blk_drop_partitions again (bsc#1171948). - block: fix busy device checking in blk_drop_partitions (bsc#1171948). - block: fix memleak of bio integrity data (git fixes (block drivers)). - block: remove the bd_openers checks in blk_drop_partitions (bsc#1171948). - bnxt_en: fix memory leaks in bnxt_dcbnl_ieee_getets() (networking-stable-20_03_28). - bnxt_en: reinitialize IRQs when MTU is modified (networking-stable-20_03_14). - bonding/alb: make sure arp header is pulled before accessing it (networking-stable-20_03_14). - brcmfmac: abort and release host after error (bsc#1051510). - btrfs: fix deadlock with memory reclaim during scrub (bsc#1172127). - btrfs: fix log context list corruption after rename whiteout error (bsc#1172342). - btrfs: fix partial loss of prealloc extent past i_size after fsync (bsc#1172343). - btrfs: move the dio_sem higher up the callchain (bsc#1171761). - btrfs: reloc: clear DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: reloc: fix reloc root leak and NULL pointer dereference (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: setup a nofs context for memory allocation at btrfs_create_tree() (bsc#1172127). - btrfs: setup a nofs context for memory allocation at __btrfs_set_acl (bsc#1172127). - btrfs: use nofs context when initializing security xattrs to avoid deadlock (bsc#1172127). - can: add missing attribute validation for termination (networking-stable-20_03_14). - cdc-acm: close race betrween suspend() and acm_softint (git-fixes). - cdc-acm: introduce a cool down (git-fixes). - ceph: fix double unlock in handle_cap_export() (bsc#1171694). - ceph: fix endianness bug when handling MDS session feature bits (bsc#1171695). - cgroup, netclassid: periodically release file_lock on classid updating (networking-stable-20_03_14). - CIFS: Allocate crypto structures on the fly for calculating signatures of incoming packets (bsc#1144333). - CIFS: Allocate encryption header through kmalloc (bsc#1144333). - CIFS: allow unlock flock and OFD lock across fork (bsc#1144333). - CIFS: check new file size when extending file by fallocate (bsc#1144333). - CIFS: cifspdu.h: Replace zero-length array with flexible-array member (bsc#1144333). - CIFS: clear PF_MEMALLOC before exiting demultiplex thread (bsc#1144333). - CIFS: do not share tcons with DFS (bsc#1144333). - CIFS: dump the session id and keys also for SMB2 sessions (bsc#1144333). - CIFS: ensure correct super block for DFS reconnect (bsc#1144333). - CIFS: Fix bug which the return value by asynchronous read is error (bsc#1144333). - CIFS: fix uninitialised lease_key in open_shroot() (bsc#1144333). - CIFS: improve read performance for page size 64KB & cache=strict & vers=2.1+ (bsc#1144333). - CIFS: Increment num_remote_opens stats counter even in case of smb2_query_dir_first (bsc#1144333). - CIFS: minor update to comments around the cifs_tcp_ses_lock mutex (bsc#1144333). - CIFS: protect updating server->dstaddr with a spinlock (bsc#1144333). - CIFS: smb2pdu.h: Replace zero-length array with flexible-array member (bsc#1144333). - CIFS: smbd: Calculate the correct maximum packet size for segmented SMBDirect send/receive (bsc#1144333). - CIFS: smbd: Check and extend sender credits in interrupt context (bsc#1144333). - CIFS: smbd: Check send queue size before posting a send (bsc#1144333). - CIFS: smbd: Do not schedule work to send immediate packet on every receive (bsc#1144333). - CIFS: smbd: Merge code to track pending packets (bsc#1144333). - CIFS: smbd: Properly process errors on ib_post_send (bsc#1144333). - CIFS: smbd: Update receive credits before sending and deal with credits roll back on failure before sending (bsc#1144333). - CIFS: Warn less noisily on default mount (bsc#1144333). - clk: Add clk_hw_unregister_composite helper function definition (bsc#1051510). - clk: imx6ull: use OSC clock during AXI rate change (bsc#1051510). - clk: imx: make mux parent strings const (bsc#1051510). - clk: mediatek: correct the clocks for MT2701 HDMI PHY module (bsc#1051510). - clk: sunxi-ng: a64: Fix gate bit of DSI DPHY (bsc#1051510). - clocksource/drivers/hyper-v: Set TSC clocksource as default w/ InvariantTSC (bsc#1170620). - clocksource: dw_apb_timer_of: Fix missing clockevent timers (bsc#1051510). - component: Silence bind error on -EPROBE_DEFER (bsc#1051510). - coresight: do not use the BIT() macro in the UAPI header (git fixes (block drivers)). - cpufreq: s3c64xx: Remove pointless NULL check in s3c64xx_cpufreq_driver_init (bsc#1051510). - crypto: ccp - AES CFB mode is a stream cipher (git-fixes). - crypto: ccp - Clean up and exit correctly on allocation failure (git-fixes). - crypto: ccp - Cleanup misc_dev on sev_exit() (bsc#1114279). - crypto: ccp - Cleanup sp_dev_master in psp_dev_destroy() (bsc#1114279). - debugfs: Add debugfs_create_xul() for hexadecimal unsigned long (git-fixes). - dmaengine: dmatest: Fix iteration non-stop logic (bsc#1051510). - dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574). - dm writecache: fix data corruption when reloading the target (git fixes (block drivers)). - dm writecache: fix incorrect flush sequence when doing SSD mode commit (git fixes (block drivers)). - dm writecache: verify watermark during resume (git fixes (block drivers)). - dm zoned: fix invalid memory access (git fixes (block drivers)). - dm zoned: reduce overhead of backing device checks (git fixes (block drivers)). - dm zoned: remove duplicate nr_rnd_zones increase in dmz_init_zone() (git fixes (block drivers)). - dm zoned: support zone sizes smaller than 128MiB (git fixes (block drivers)). - dp83640: reverse arguments to list_add_tail (git-fixes). - Drivers: hv: Add a module description line to the hv_vmbus driver (bsc#1172253). - Drivers: HV: Send one page worth of kmsg dump over Hyper-V during panic (bsc#1170618). - Drivers: hv: vmbus: Fix the issue with freeing up hv_ctl_table_hdr (bsc#1170618). - Drivers: hv: vmbus: Get rid of MSR access from vmbus_drv.c (bsc#1170618). - Drivers: hv: vmus: Fix the check for return value from kmsg get dump buffer (bsc#1170618). - drivers/net/ibmvnic: Update VNIC protocol version reporting (bsc#1065729). - drm: amd/acp: fix broken menu structure (bsc#1114279) * context changes - drm/crc: Actually allow to change the crc source (bsc#1114279) * offset changes - drm/dp_mst: Fix clearing payload state on topology disable (bsc#1051510). - drm/dp_mst: Reformat drm_dp_check_act_status() a bit (bsc#1051510). - drm/edid: Fix off-by-one in DispID DTD pixel clock (bsc#1114279) - drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of (bsc#1114279) - drm/i915: properly sanity check batch_start_offset (bsc#1114279) * renamed display/intel_fbc.c -> intel_fb.c * renamed gt/intel_rc6.c -> intel_pm.c * context changes - drm/meson: Delete an error message in meson_dw_hdmi_bind() (bsc#1051510). - drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem (bsc#1114279) - drm/qxl: qxl_release leak in qxl_draw_dirty_fb() (bsc#1051510). - drm/qxl: qxl_release leak in qxl_hw_surface_alloc() (bsc#1051510). - drm/qxl: qxl_release use after free (bsc#1051510). - drm: Remove PageReserved manipulation from drm_pci_alloc (bsc#1114279) * offset changes - dump_stack: avoid the livelock of the dump_lock (git fixes (block drivers)). - EDAC, sb_edac: Add support for systems with segmented PCI buses (bsc#1169525). - ext4: do not zeroout extents beyond i_disksize (bsc#1167851). - ext4: fix extent_status fragmentation for plain files (bsc#1171949). - ext4: use non-movable memory for superblock readahead (bsc#1171952). - fanotify: fix merging marks masks with FAN_ONDIR (bsc#1171679). - fbcon: fix null-ptr-deref in fbcon_switch (bsc#1114279) * rename drivers/video/fbdev/core to drivers/video/console * context changes - fib: add missing attribute validation for tun_id (networking-stable-20_03_14). - firmware: qcom: scm: fix compilation error when disabled (bsc#1051510). - fs/cifs: fix gcc warning in sid_to_id (bsc#1144333). - fs/seq_file.c: simplify seq_file iteration code and interface (bsc#1170125). - gpio: tegra: mask GPIO IRQs during IRQ shutdown (bsc#1051510). - gre: fix uninit-value in __iptunnel_pull_header (networking-stable-20_03_14). - HID: hid-input: clear unmapped usages (git-fixes). - HID: hyperv: Add a module description line (bsc#1172253). - HID: i2c-hid: add Trekstor Primebook C11B to descriptor override (git-fixes). - HID: i2c-hid: override HID descriptors for certain devices (git-fixes). - HID: multitouch: add eGalaxTouch P80H84 support (bsc#1051510). - HID: wacom: Read HID_DG_CONTACTMAX directly for non-generic devices (git-fixes). - hrtimer: Annotate lockless access to timer->state (git fixes (block drivers)). - hsr: add restart routine into hsr_get_node_list() (networking-stable-20_03_28). - hsr: check protocol version in hsr_newlink() (networking-stable-20_04_17). - hsr: fix general protection fault in hsr_addr_is_self() (networking-stable-20_03_28). - hsr: set .netnsok flag (networking-stable-20_03_28). - hsr: use rcu_read_lock() in hsr_get_node_{list/status}() (networking-stable-20_03_28). - i2c: acpi: Force bus speed to 400KHz if a Silead touchscreen is present (git-fixes). - i2c: acpi: put device when verifying client fails (git-fixes). - i2c: brcmstb: remove unused struct member (git-fixes). - i2c: core: Allow empty id_table in ACPI case as well (git-fixes). - i2c: core: decrease reference count of device node in i2c_unregister_device (git-fixes). - i2c: dev: Fix the race between the release of i2c_dev and cdev (bsc#1051510). - i2c: fix missing pm_runtime_put_sync in i2c_device_probe (git-fixes). - i2c-hid: properly terminate i2c_hid_dmi_desc_override_table array (git-fixes). - i2c: i801: Do not add ICH_RES_IO_SMI for the iTCO_wdt device (git-fixes). - i2c: iproc: Stop advertising support of SMBUS quick cmd (git-fixes). - i2c: isch: Remove unnecessary acpi.h include (git-fixes). - i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()' (bsc#1051510). - i2c: st: fix missing struct parameter description (bsc#1051510). - IB/ipoib: Add child to parent list only if device initialized (bsc#1168503). - IB/ipoib: Consolidate checking of the proposed child interface (bsc#1168503). - IB/ipoib: Do not remove child devices from within the ndo_uninit (bsc#1168503). - IB/ipoib: Get rid of IPOIB_FLAG_GOING_DOWN (bsc#1168503). - IB/ipoib: Get rid of the sysfs_mutex (bsc#1168503). - IB/ipoib: Maintain the child_intfs list from ndo_init/uninit (bsc#1168503). - IB/ipoib: Move all uninit code into ndo_uninit (bsc#1168503). - IB/ipoib: Move init code to ndo_init (bsc#1168503). - IB/ipoib: Replace printk with pr_warn (bsc#1168503). - IB/ipoib: Use cancel_delayed_work_sync for neigh-clean task (bsc#1168503). - IB/ipoib: Warn when one port fails to initialize (bsc#1168503). - ibmvnic: Skip fatal error reset after passive init (bsc#1171078 ltc#184239). - iio:ad7797: Use correct attribute_group (bsc#1051510). - iio: adc: stm32-adc: fix device used to request dma (bsc#1051510). - iio: adc: stm32-adc: fix sleep in atomic context (git-fixes). - iio: adc: stm32-adc: Use dma_request_chan() instead dma_request_slave_channel() (bsc#1051510). - iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()' (bsc#1051510). - iio: sca3000: Remove an erroneous 'get_device()' (bsc#1051510). - iio: xilinx-xadc: Fix ADC-B powerdown (bsc#1051510). - iio: xilinx-xadc: Fix clearing interrupt when enabling trigger (bsc#1051510). - iio: xilinx-xadc: Fix sequencer configuration for aux channels in simultaneous mode (bsc#1051510). - ima: Fix return value of ima_write_policy() (git-fixes). - Input: evdev - call input_flush_device() on release(), not flush() (bsc#1051510). - Input: hyperv-keyboard - add module description (bsc#1172253). - Input: i8042 - add Acer Aspire 5738z to nomux list (bsc#1051510). - Input: i8042 - add ThinkPad S230u to i8042 reset list (bsc#1051510). - Input: raydium_i2c_ts - use true and false for boolean values (bsc#1051510). - Input: synaptics-rmi4 - fix error return code in rmi_driver_probe() (bsc#1051510). - Input: synaptics-rmi4 - really fix attn_data use-after-free (git-fixes). - Input: usbtouchscreen - add support for BonXeon TP (bsc#1051510). - Input: xpad - add custom init packet for Xbox One S controllers (bsc#1051510). - iommu/amd: Call domain_flush_complete() in update_domain() (bsc#1172096). - iommu/amd: Do not flush Device Table in iommu_map_page() (bsc#1172097). - iommu/amd: Do not loop forever when trying to increase address space (bsc#1172098). - iommu/amd: Fix legacy interrupt remapping for x2APIC-enabled system (bsc#1172099). - iommu/amd: Fix over-read of ACPI UID from IVRS table (bsc#1172101). - iommu/amd: Fix race in increase_address_space()/fetch_pte() (bsc#1172102). - iommu/amd: Update Device Table in increase_address_space() (bsc#1172103). - iommu: Fix reference count leak in iommu_group_alloc (bsc#1172397). - ipv4: fix a RCU-list lock in fib_triestat_seq_show (networking-stable-20_04_02). - ipv6/addrconf: call ipv6_mc_up() for non-Ethernet interface (networking-stable-20_03_14). - ipv6: do not auto-add link-local address to lag ports (networking-stable-20_04_09). - ipvlan: add cond_resched_rcu() while processing muticast backlog (networking-stable-20_03_14). - ipvlan: do not deref eth hdr before checking it's set (networking-stable-20_03_14). - ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast() (networking-stable-20_03_14). - iwlwifi: pcie: actually release queue memory in TVQM (bsc#1051510). - kabi fix for early XHCI debug (git-fixes). - kabi for for md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (git-fixes). - kabi, protect struct ib_device (bsc#1168503). - kabi/severities: Do not track KVM internal symbols. - kabi/severities: Ingnore get_dev_data() The function is internal to the AMD IOMMU driver and must not be called by any third party. - kabi workaround for snd_rawmidi buffer_ref field addition (git-fixes). - KEYS: reaching the keys quotas correctly (bsc#1051510). - KVM: arm64: Change hyp_panic()s dependency on tpidr_el2 (bsc#1133021). - KVM: arm64: Stop save/restoring host tpidr_el1 on VHE (bsc#1133021). - KVM: Check validity of resolved slot when searching memslots (bsc#1172104). - KVM: s390: vsie: Fix delivery of addressing exceptions (git-fixes). - KVM: SVM: Fix potential memory leak in svm_cpu_init() (bsc#1171736). - KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1152489). - l2tp: Allow management of tunnels and session in user namespace (networking-stable-20_04_17). - libata: Remove extra scsi_host_put() in ata_scsi_add_hosts() (bsc#1051510). - libata: Return correct status in sata_pmp_eh_recover_pm() when ATA_DFLAG_DETACH is set (bsc#1051510). - lib: raid6: fix awk build warnings (git fixes (block drivers)). - lib/raid6/test: fix build on distros whose /bin/sh is not bash (git fixes (block drivers)). - lib/stackdepot.c: fix global out-of-bounds in stack_slabs (git fixes (block drivers)). - locks: print unsigned ino in /proc/locks (bsc#1171951). - mac80211: add ieee80211_is_any_nullfunc() (bsc#1051510). - mac80211_hwsim: Use kstrndup() in place of kasprintf() (bsc#1051510). - mac80211: mesh: fix discovery timer re-arming issue / crash (bsc#1051510). - macsec: avoid to set wrong mtu (bsc#1051510). - macsec: restrict to ethernet devices (networking-stable-20_03_28). - macvlan: add cond_resched() during multicast processing (networking-stable-20_03_14). - macvlan: fix null dereference in macvlan_device_event() (bsc#1051510). - md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (git-fixes). - md/raid0: Fix an error message in raid0_make_request() (git fixes (block drivers)). - md/raid10: prevent access of uninitialized resync_pages offset (git-fixes). - media: dvb: return -EREMOTEIO on i2c transfer failure (bsc#1051510). - media: platform: fcp: Set appropriate DMA parameters (bsc#1051510). - media: ti-vpe: cal: fix disable_irqs to only the intended target (git-fixes). - mei: release me_cl object reference (bsc#1051510). - mlxsw: Fix some IS_ERR() vs NULL bugs (networking-stable-20_04_27). - mlxsw: spectrum_flower: Do not stop at FLOW_ACTION_VLAN_MANGLE (networking-stable-20_04_09). - mmc: atmel-mci: Fix debugfs on 64-bit platforms (git-fixes). - mmc: dw_mmc: Fix debugfs on 64-bit platforms (git-fixes). - mmc: meson-gx: make sure the descriptor is stopped on errors (git-fixes). - mmc: meson-gx: simplify interrupt handler (git-fixes). - mmc: renesas_sdhi: limit block count to 16 bit for old revisions (git-fixes). - mmc: sdhci-esdhc-imx: fix the mask for tuning start point (bsc#1051510). - mmc: sdhci-msm: Clear tuning done flag while hs400 tuning (bsc#1051510). - mmc: sdhci-of-at91: fix memleak on clk_get failure (git-fixes). - mmc: sdhci-pci: Fix eMMC driver strength for BYT-based controllers (bsc#1051510). - mmc: sdhci-xenon: fix annoying 1.8V regulator warning (bsc#1051510). - mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() (bsc#1051510). - mmc: tmio: fix access width of Block Count Register (git-fixes). - mm: thp: handle page cache THP correctly in PageTransCompoundMap (git fixes (block drivers)). - mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer (bsc#1051510). - mtd: spi-nor: cadence-quadspi: add a delay in write sequence (git-fixes). - mtd: spi-nor: enable 4B opcodes for mx66l51235l (git-fixes). - mtd: spi-nor: fsl-quadspi: Do not let -EINVAL on the bus (git-fixes). - mwifiex: avoid -Wstringop-overflow warning (bsc#1051510). - mwifiex: Fix memory corruption in dump_station (bsc#1051510). - net: bcmgenet: correct per TX/RX ring statistics (networking-stable-20_04_27). - net: dsa: b53: Fix ARL register definitions (networking-stable-20_04_27). - net: dsa: b53: Rework ARL bin logic (networking-stable-20_04_27). - net: dsa: bcm_sf2: Do not register slave MDIO bus with OF (networking-stable-20_04_09). - net: dsa: bcm_sf2: Ensure correct sub-node is parsed (networking-stable-20_04_09). - net: dsa: Fix duplicate frames flooded by learning (networking-stable-20_03_28). - net: dsa: mv88e6xxx: fix lockup on warm boot (networking-stable-20_03_14). - net: fec: validate the new settings in fec_enet_set_coalesce() (networking-stable-20_03_14). - net: fix race condition in __inet_lookup_established() (bsc#1151794). - net: fq: add missing attribute validation for orphan mask (networking-stable-20_03_14). - net, ip_tunnel: fix interface lookup with no key (networking-stable-20_04_02). - net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin (networking-stable-20_04_17). - net: ipv6: do not consider routes via gateways for anycast address check (networking-stable-20_04_17). - netlink: Use netlink header as base to calculate bad attribute offset (networking-stable-20_03_14). - net: memcg: fix lockdep splat in inet_csk_accept() (networking-stable-20_03_14). - net: memcg: late association of sock to memcg (networking-stable-20_03_14). - net/mlx4_en: avoid indirect call in TX completion (networking-stable-20_04_27). - net/mlx5: Add new fields to Port Type and Speed register (bsc#1171118). - net/mlx5: Add RoCE RX ICRC encapsulated counter (bsc#1171118). - net/mlx5e: Fix ethtool self test: link speed (bsc#1171118). - net/mlx5e: Move port speed code from en_ethtool.c to en/port.c (bsc#1171118). - net/mlx5: Expose link speed directly (bsc#1171118). - net/mlx5: Expose port speed when possible (bsc#1171118). - net: mvneta: Fix the case where the last poll did not process all rx (networking-stable-20_03_28). - net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node (networking-stable-20_04_27). - net/packet: tpacket_rcv: do not increment ring index on drop (networking-stable-20_03_14). - net: qmi_wwan: add support for ASKEY WWHC050 (networking-stable-20_03_28). - net: revert default NAPI poll timeout to 2 jiffies (networking-stable-20_04_17). - net_sched: cls_route: remove the right filter from hashtable (networking-stable-20_03_28). - net/x25: Fix x25_neigh refcnt leak when receiving frame (networking-stable-20_04_27). - nfc: add missing attribute validation for SE API (networking-stable-20_03_14). - nfc: add missing attribute validation for vendor subcommand (networking-stable-20_03_14). - nfc: st21nfca: add missed kfree_skb() in an error path (bsc#1051510). - nfsd4: fix up replay_matches_cache() (git-fixes). - nfsd: Ensure CLONE persists data and metadata changes to the target file (git-fixes). - nfsd: fix delay timer on 32-bit architectures (git-fixes). - nfsd: fix jiffies/time_t mixup in LRU list (git-fixes). - NFS: Directory page cache pages need to be locked when read (git-fixes). - nfsd: memory corruption in nfsd4_lock() (git-fixes). - NFS: Do not call generic_error_remove_page() while holding locks (bsc#1170457). - NFS: Fix memory leaks and corruption in readdir (git-fixes). - NFS: Fix O_DIRECT accounting of number of bytes read/written (git-fixes). - nfs: Fix potential posix_acl refcnt leak in nfs3_set_acl (git-fixes). - NFS: fix racey wait in nfs_set_open_stateid_locked (bsc#1170592). - NFS/flexfiles: Use the correct TCP timeout for flexfiles I/O (git-fixes). - NFS/pnfs: Fix pnfs_generic_prepare_to_resend_writes() (git-fixes). - NFS: Revalidate the file size on a fatal write error (git-fixes). - NFSv4.0: nfs4_do_fsinfo() should not do implicit lease renewals (git-fixes). - NFSv4: Do not allow a cached open with a revoked delegation (git-fixes). - NFSv4: Fix leak of clp->cl_acceptor string (git-fixes). - NFSv4/pnfs: Return valid stateids in nfs_layout_find_inode_by_stateid() (git-fixes). - NFSv4: try lease recovery on NFS4ERR_EXPIRED (git-fixes). - NFSv4.x: Drop the slot if nfs4_delegreturn_prepare waits for layoutreturn (git-fixes). - nl802154: add missing attribute validation for dev_type (networking-stable-20_03_14). - nl802154: add missing attribute validation (networking-stable-20_03_14). - nvme-fc: print proper nvme-fc devloss_tmo value (bsc#1172391). - objtool: Fix stack offset tracking for indirect CFAs (bsc#1169514). - objtool: Fix switch table detection in .text.unlikely (bsc#1169514). - objtool: Make BP scratch register warning more robust (bsc#1169514). - padata: Remove broken queue flushing (git-fixes). - Partially revert 'kfifo: fix kfifo_alloc() and kfifo_init()' (git fixes (block drivers)). - pinctrl: baytrail: Enable pin configuration setting for GPIO chip (git-fixes). - pinctrl: cherryview: Add missing spinlock usage in chv_gpio_irq_handler (git-fixes). - platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA (bsc#1051510). - pNFS: Ensure we do clear the return-on-close layout stateid on fatal errors (git-fixes). - powerpc: Add attributes for setjmp/longjmp (bsc#1065729). - powerpc/pci/of: Parse unassigned resources (bsc#1065729). - powerpc/setup_64: Set cache-line-size based on cache-block-size (bsc#1065729). - powerpc/sstep: Fix DS operand in ld encoding to appropriate value (bsc#1065729). - r8152: check disconnect status after long sleep (networking-stable-20_03_14). - raid6/ppc: Fix build for clang (git fixes (block drivers)). - rcu: locking and unlocking need to always be at least barriers (git fixes (block drivers)). - RDMA/ipoib: Fix use of sizeof() (bsc#1168503). - RDMA/netdev: Fix netlink support in IPoIB (bsc#1168503). - RDMA/netdev: Hoist alloc_netdev_mqs out of the driver (bsc#1168503). - RDMA/netdev: Use priv_destructor for netdev cleanup (bsc#1168503). - Remove 2 git-fixes that cause build issues. (bsc#1171691) - Revert 'ALSA: hda/realtek: Fix pop noise on ALC225' (git-fixes). - Revert 'drm/panel: simple: Add support for Sharp LQ150X1LG11 panels' (bsc#1114279) - Revert 'ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()' (bsc#1172221). - rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup() (bsc#1051510). - s390/ftrace: fix potential crashes when switching tracers (git-fixes). - s390/ism: fix error return code in ism_probe() (git-fixes). - s390/pci: Fix possible deadlock in recover_store() (bsc#1165183 LTC#184103). - s390/pci: Recover handle in clp_set_pci_fn() (bsc#1165183 LTC#184103). - scripts/decodecode: fix trapping instruction formatting (bsc#1065729). - scripts/dtc: Remove redundant YYLOC global declaration (bsc#1160388). - scsi: bnx2i: fix potential use after free (bsc#1171600). - scsi: core: Handle drivers which set sg_tablesize to zero (bsc#1171601) This commit also required: > scsi: core: avoid preallocating big SGL for data - scsi: core: save/restore command resid for error handling (bsc#1171602). - scsi: core: scsi_trace: Use get_unaligned_be*() (bsc#1171604). - scsi: core: try to get module before removing device (bsc#1171605). - scsi: csiostor: Adjust indentation in csio_device_reset (bsc#1171606). - scsi: csiostor: Do not enable IRQs too early (bsc#1171607). - scsi: esas2r: unlock on error in esas2r_nvram_read_direct() (bsc#1171608). - scsi: fnic: fix invalid stack access (bsc#1171609). - scsi: fnic: fix msix interrupt allocation (bsc#1171610). - scsi: ibmvscsi: Fix WARN_ON during event pool release (bsc#1170791 ltc#185128). - scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func (bsc#1171611). - scsi: iscsi: Fix a potential deadlock in the timeout handler (bsc#1171612). - scsi: iscsi: qla4xxx: fix double free in probe (bsc#1171613). - scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences (bsc#1171614). - scsi: lpfc: Fix crash in target side cable pulls hitting WAIT_FOR_UNREG (bsc#1171615). - scsi: megaraid_sas: Do not initiate OCR if controller is not in ready state (bsc#1171616). - scsi: qla2xxx: add ring buffer for tracing debug logs (bsc#1157169). - scsi: qla2xxx: check UNLOADING before posting async work (bsc#1157169). - scsi: qla2xxx: Delete all sessions before unregister local nvme port (bsc#1157169). - scsi: qla2xxx: Do not log message when reading port speed via sysfs (bsc#1157169). - scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV (bsc#1157169). - scsi: qla2xxx: Fix regression warnings (bsc#1157169). - scsi: qla2xxx: Remove non functional code (bsc#1157169). - scsi: qla2xxx: set UNLOADING before waiting for session deletion (bsc#1157169). - scsi: qla4xxx: Adjust indentation in qla4xxx_mem_free (bsc#1171617). - scsi: qla4xxx: fix double free bug (bsc#1171618). - scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI (bsc#1171619). - scsi: sg: add sg_remove_request in sg_common_write (bsc#1171620). - scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6) (bsc#1171621). - scsi: ufs: change msleep to usleep_range (bsc#1171622). - scsi: ufs: Clean up ufshcd_scale_clks() and clock scaling error out path (bsc#1171623). - scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic (bsc#1171624). - scsi: ufs: Fix ufshcd_probe_hba() reture value in case ufshcd_scsi_add_wlus() fails (bsc#1171625). - scsi: ufs: Recheck bkops level if bkops is disabled (bsc#1171626). - sctp: fix possibly using a bad saddr with a given dst (networking-stable-20_04_02). - sctp: fix refcount bug in sctp_wfree (networking-stable-20_04_02). - seq_file: fix problem when seeking mid-record (bsc#1170125). - serial: uartps: Move the spinlock after the read of the tx empty (git-fixes). - sfc: detach from cb_page in efx_copy_channel() (networking-stable-20_03_14). - signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig (bsc#1172185). - slcan: not call free_netdev before rtnl_unlock in slcan_open (networking-stable-20_03_28). - slip: make slhc_compress() more robust against malicious packets (networking-stable-20_03_14). - smb3: Additional compression structures (bsc#1144333). - smb3: Add new compression flags (bsc#1144333). - smb3: change noisy error message to FYI (bsc#1144333). - smb3: enable swap on SMB3 mounts (bsc#1144333). - smb3: Minor cleanup of protocol definitions (bsc#1144333). - smb3: remove overly noisy debug line in signing errors (bsc#1144333). - smb3: smbdirect support can be configured by default (bsc#1144333). - smb3: use SMB2_SIGNATURE_SIZE define (bsc#1144333). - spi: bcm2835: Fix 3-wire mode if DMA is enabled (git-fixes). - spi: bcm63xx-hsspi: Really keep pll clk enabled (bsc#1051510). - spi: bcm-qspi: when tx/rx buffer is NULL set to 0 (bsc#1051510). - spi: dw: Add SPI Rx-done wait method to DMA-based transfer (bsc#1051510). - spi: dw: Add SPI Tx-done wait method to DMA-based transfer (bsc#1051510). - spi: dw: Zero DMA Tx and Rx configurations on stack (bsc#1051510). - spi: fsl: do not map irq during probe (git-fixes). - spi: fsl: use platform_get_irq() instead of of_irq_to_resource() (git-fixes). - spi: pxa2xx: Add CS control clock quirk (bsc#1051510). - spi: qup: call spi_qup_pm_resume_runtime before suspending (bsc#1051510). - spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (git-fixes). - spi: spi-s3c64xx: Fix system resume support (git-fixes). - spi/zynqmp: remove entry that causes a cs glitch (bsc#1051510). - staging: comedi: dt2815: fix writing hi byte of analog output (bsc#1051510). - staging: comedi: Fix comedi_device refcnt leak in comedi_open (bsc#1051510). - staging: iio: ad2s1210: Fix SPI reading (bsc#1051510). - staging: vt6656: Do not set RCR_MULTICAST or RCR_BROADCAST by default (git-fixes). - staging: vt6656: Fix drivers TBTT timing counter (git-fixes). - staging: vt6656: Fix pairwise key entry save (git-fixes). - sunrpc: expiry_time should be seconds not timeval (git-fixes). - SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()' (git-fixes). - supported.conf: Add br_netfilter to base (bsc#1169020). - svcrdma: Fix leak of transport addresses (git-fixes). - taskstats: fix data-race (bsc#1172188). - tcp: cache line align MAX_TCP_HEADER (networking-stable-20_04_27). - tcp: repair: fix TCP_QUEUE_SEQ implementation (networking-stable-20_03_28). - team: add missing attribute validation for array index (networking-stable-20_03_14). - team: add missing attribute validation for port ifindex (networking-stable-20_03_14). - team: fix hang in team_mode_get() (networking-stable-20_04_27). - tools lib traceevent: Remove unneeded qsort and uses memmove instead (git-fixes). - tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send() (bsc#1065729). - tpm/tpm_tis: Free IRQ if probing fails (bsc#1082555). - tpm/tpm_tis: Free IRQ if probing fails (git-fixes). - tracing: Add a vmalloc_sync_mappings() for safe measure (git-fixes). - tracing: Disable trace_printk() on post poned tests (git-fixes). - tracing: Fix the race between registering 'snapshot' event trigger and triggering 'snapshot' operation (git-fixes). - tty: rocket, avoid OOB access (git-fixes). - UAS: fix deadlock in error handling and PM flushing work (git-fixes). - UAS: no use logging any details in case of ENODEV (git-fixes). - USB: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair K70 RGB RAPIDFIRE (git-fixes). - USB: cdc-acm: restore capability check order (git-fixes). - USB: core: Fix misleading driver bug report (bsc#1051510). - USB: dwc3: do not set gadget->is_otg flag (git-fixes). - USB: dwc3: gadget: Do link recovery for SS and SSP (git-fixes). - USB: early: Handle AMD's spec-compliant identifiers, too (git-fixes). - USB: f_fs: Clear OS Extended descriptor counts to zero in ffs_data_reset() (git-fixes). - USB: gadget: audio: Fix a missing error return value in audio_bind() (git-fixes). - USB: gadget: composite: Inform controller driver of self-powered (git-fixes). - USB: gadget: legacy: fix error return code in cdc_bind() (git-fixes). - USB: gadget: legacy: fix error return code in gncm_bind() (git-fixes). - USB: gadget: legacy: fix redundant initialization warnings (bsc#1051510). - USB: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()' (git-fixes). - USB: gadget: udc: atmel: Fix vbus disconnect handling (git-fixes). - USB: gadget: udc: atmel: Make some symbols static (git-fixes). - USB: gadget: udc: bdc: Remove unnecessary NULL checks in bdc_req_complete (git-fixes). - USB: host: xhci-plat: keep runtime active when removing host (git-fixes). - USB: hub: Fix handling of connect changes during sleep (git-fixes). - usbnet: silence an unnecessary warning (bsc#1170770). - USB: serial: garmin_gps: add sanity checking for data length (git-fixes). - USB: serial: option: add BroadMobi BM806U (git-fixes). - USB: serial: option: add support for ASKEY WWHC050 (git-fixes). - USB: serial: option: add Wistron Neweb D19Q1 (git-fixes). - USB: serial: qcserial: Add DW5816e support (git-fixes). - USB: sisusbvga: Change port variable from signed to unsigned (git-fixes). - usb-storage: Add unusual_devs entry for JMicron JMS566 (git-fixes). - USB: uas: add quirk for LaCie 2Big Quadra (git-fixes). - USB: xhci: Fix NULL pointer dereference when enqueuing trbs from urb sg list (git-fixes). - video: fbdev: sis: Remove unnecessary parentheses and commented code (bsc#1114279) - video: fbdev: w100fb: Fix a potential double free (bsc#1051510). - vrf: Check skb for XFRM_TRANSFORMED flag (networking-stable-20_04_27). - vt: ioctl, switch VT_IS_IN_USE and VT_BUSY to inlines (git-fixes). - vt: selection, introduce vc_is_sel (git-fixes). - vt: vt_ioctl: fix race in VT_RESIZEX (git-fixes). - vt: vt_ioctl: fix use-after-free in vt_in_use() (git-fixes). - vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (git-fixes). - vxlan: check return value of gro_cells_init() (networking-stable-20_03_28). - watchdog: reset last_hw_keepalive time at start (git-fixes). - wcn36xx: Fix error handling path in 'wcn36xx_probe()' (bsc#1051510). - wil6210: remove reset file from debugfs (git-fixes). - wimax/i2400m: Fix potential urb refcnt leak (bsc#1051510). - workqueue: do not use wq_select_unbound_cpu() for bound works (bsc#1172130). - x86/entry/64: Fix unwind hints in kernel exit path (bsc#1058115). - x86/entry/64: Fix unwind hints in register clearing code (bsc#1058115). - x86/entry/64: Fix unwind hints in rewind_stack_do_exit() (bsc#1058115). - x86/entry/64: Fix unwind hints in __switch_to_asm() (bsc#1058115). - x86/Hyper-V: Allow guests to enable InvariantTSC (bsc#1170620). - x86/Hyper-V: Free hv_panic_page when fail to register kmsg dump (bsc#1170618). - x86/Hyper-V: Report crash data in die() when panic_on_oops is set (bsc#1170618). - x86/Hyper-V: Report crash register data or kmsg before running crash kernel (bsc#1170618). - x86/Hyper-V: Report crash register data when sysctl_record_panic_msg is not set (bsc#1170618). - x86/Hyper-V: report value of misc_features (git-fixes). - x86/Hyper-V: Trigger crash enlightenment only once during system crash (bsc#1170618). - x86/Hyper-V: Unload vmbus channel in hv panic callback (bsc#1170618). - x86/kprobes: Avoid kretprobe recursion bug (bsc#1114279). - x86/resctrl: Fix invalid attempt at removing the default resource group (git-fixes). - x86/resctrl: Preserve CDP enable over CPU hotplug (bsc#1114279). - x86/unwind/orc: Do not skip the first frame for inactive tasks (bsc#1058115). - x86/unwind/orc: Fix error handling in __unwind_start() (bsc#1058115). - x86/unwind/orc: Fix error path for bad ORC entry type (bsc#1058115). - x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks (bsc#1058115). - x86/unwind/orc: Prevent unwinding before ORC initialization (bsc#1058115). - x86/unwind: Prevent false warnings for non-current tasks (bsc#1058115). - xen/pci: reserve MCFG areas earlier (bsc#1170145). - xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish (networking-stable-20_04_27). - xfs: Correctly invert xfs_buftarg LRU isolation logic (git-fixes). - xfs: do not ever return a stale pointer from __xfs_dir3_free_read (git-fixes). - xprtrdma: Fix completion wait during device removal (git-fixes). Important SUSE bug 1051510 SUSE bug 1058115 SUSE bug 1065729 SUSE bug 1082555 SUSE bug 1089895 SUSE bug 1114279 SUSE bug 1133021 SUSE bug 1144333 SUSE bug 1151794 SUSE bug 1152489 SUSE bug 1154824 SUSE bug 1157169 SUSE bug 1158265 SUSE bug 1160388 SUSE bug 1160947 SUSE bug 1165183 SUSE bug 1165741 SUSE bug 1166969 SUSE bug 1167574 SUSE bug 1167851 SUSE bug 1168503 SUSE bug 1168670 SUSE bug 1169020 SUSE bug 1169514 SUSE bug 1169525 SUSE bug 1170056 SUSE bug 1170125 SUSE bug 1170145 SUSE bug 1170345 SUSE bug 1170457 SUSE bug 1170522 SUSE bug 1170592 SUSE bug 1170618 SUSE bug 1170620 SUSE bug 1170770 SUSE bug 1170778 SUSE bug 1170791 SUSE bug 1170901 SUSE bug 1171078 SUSE bug 1171098 SUSE bug 1171118 SUSE bug 1171189 SUSE bug 1171191 SUSE bug 1171195 SUSE bug 1171202 SUSE bug 1171205 SUSE bug 1171217 SUSE bug 1171218 SUSE bug 1171219 SUSE bug 1171220 SUSE bug 1171293 SUSE bug 1171417 SUSE bug 1171527 SUSE bug 1171599 SUSE bug 1171600 SUSE bug 1171601 SUSE bug 1171602 SUSE bug 1171604 SUSE bug 1171605 SUSE bug 1171606 SUSE bug 1171607 SUSE bug 1171608 SUSE bug 1171609 SUSE bug 1171610 SUSE bug 1171611 SUSE bug 1171612 SUSE bug 1171613 SUSE bug 1171614 SUSE bug 1171615 SUSE bug 1171616 SUSE bug 1171617 SUSE bug 1171618 SUSE bug 1171619 SUSE bug 1171620 SUSE bug 1171621 SUSE bug 1171622 SUSE bug 1171623 SUSE bug 1171624 SUSE bug 1171625 SUSE bug 1171626 SUSE bug 1171679 SUSE bug 1171691 SUSE bug 1171694 SUSE bug 1171695 SUSE bug 1171736 SUSE bug 1171761 SUSE bug 1171948 SUSE bug 1171949 SUSE bug 1171951 SUSE bug 1171952 SUSE bug 1171982 SUSE bug 1171983 SUSE bug 1172096 SUSE bug 1172097 SUSE bug 1172098 SUSE bug 1172099 SUSE bug 1172101 SUSE bug 1172102 SUSE bug 1172103 SUSE bug 1172104 SUSE bug 1172127 SUSE bug 1172130 SUSE bug 1172185 SUSE bug 1172188 SUSE bug 1172199 SUSE bug 1172221 SUSE bug 1172253 SUSE bug 1172317 SUSE bug 1172342 SUSE bug 1172343 SUSE bug 1172344 SUSE bug 1172366 SUSE bug 1172391 SUSE bug 1172397 SUSE bug 1172453 CVE-2018-1000199 CVE-2019-19462 CVE-2019-20806 CVE-2019-20812 CVE-2019-9455 CVE-2020-0543 CVE-2020-10690 CVE-2020-10711 CVE-2020-10720 CVE-2020-10732 CVE-2020-10751 CVE-2020-10757 CVE-2020-12114 CVE-2020-12464 CVE-2020-12652 CVE-2020-12653 CVE-2020-12654 CVE-2020-12655 CVE-2020-12656 CVE-2020-12657 CVE-2020-12768 CVE-2020-12769 CVE-2020-13143 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824). - CVE-2020-13143: Fixed an out-of-bounds read in gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c (bsc#1171982). - CVE-2020-12769: Fixed an issue which could have allowed attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one (bsc#1171983). - CVE-2020-12768: Fixed a memory leak in svm_cpu_uninit in arch/x86/kvm/svm.c (bsc#1171736). - CVE-2020-12657: An a use-after-free in block/bfq-iosched.c (bsc#1171205). - CVE-2020-12656: Fixed an improper handling of certain domain_release calls leadingch could have led to a memory leak (bsc#1171219). - CVE-2020-12655: Fixed an issue which could have allowed attackers to trigger a sync of excessive duration via an XFS v5 image with crafted metadata (bsc#1171217). - CVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171202). - CVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171195). - CVE-2020-12652: Fixed an issue which could have allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition (bsc#1171218). - CVE-2020-12464: Fixed a use-after-free due to a transfer without a reference (bsc#1170901). - CVE-2020-12114: Fixed a pivot_root race condition which could have allowed local users to cause a denial of service (panic) by corrupting a mountpoint reference counter (bsc#1171098). - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172317). - CVE-2020-10751: Fixed an improper implementation in SELinux LSM hook where it was assumed that an skb would only contain a single netlink message (bsc#1171189). - CVE-2020-10732: Fixed kernel data leak in userspace coredumps due to uninitialized data (bsc#1171220). - CVE-2020-10720: Fixed a use-after-free read in napi_gro_frags() (bsc#1170778). - CVE-2020-10711: Fixed a null pointer dereference in SELinux subsystem which could have allowed a remote network user to crash the kernel resulting in a denial of service (bsc#1171191). - CVE-2020-10690: Fixed the race between the release of ptp_clock and cdev (bsc#1170056). - CVE-2019-9455: Fixed a pointer leak due to a WARN_ON statement in a video driver. This could lead to local information disclosure with System execution privileges needed (bsc#1170345). - CVE-2019-20812: Fixed an issue in prb_calc_retire_blk_tmo() which could have resulted in a denial of service (bsc#1172453). - CVE-2019-20806: Fixed a null pointer dereference which may had lead to denial of service (bsc#1172199). - CVE-2019-19462: Fixed an issue which could have allowed local user to cause denial of service (bsc#1158265). - CVE-2018-1000199: Fixed a potential local code execution via ptrace (bsc#1089895). The following non-security bugs were fixed: - ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() (bsc#1051510). - ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() (bsc#1051510). - acpi/x86: ignore unspecified bit positions in the ACPI global lock field (bsc#1051510). - Add commit for git-fix that's not a fix This commit cleans up debug code but does not fix anything, and it relies on a new kernel function that isn't yet in this version of SLE. - agp/intel: Reinforce the barrier after GTT updates (bsc#1051510). - ALSA: ctxfi: Remove unnecessary cast in kfree (bsc#1051510). - ALSA: dummy: Fix PCM format loop in proc output (bsc#1111666). - ALSA: hda: Do not release card at firmware loading error (bsc#1051510). - ALSA: hda/hdmi: fix race in monitor detection during probe (bsc#1051510). - ALSA: hda/hdmi: fix without unlocked before return (bsc#1051510). - ALSA: hda: Keep the controller initialization even if no codecs found (bsc#1051510). - ALSA: hda/realtek - Add more fixup entries for Clevo machines (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC245 (bsc#1051510). - ALSA: hda/realtek - Add new codec supported for ALC287 (git-fixes). - ALSA: hda/realtek - Fix S3 pop noise on Dell Wyse (git-fixes). - ALSA: hda/realtek - Fix unexpected init_amp override (bsc#1051510). - ALSA: hda/realtek - Limit int mic boost for Thinkpad T530 (git-fixes bsc#1171293). - ALSA: hda/realtek - Two front mics on a Lenovo ThinkCenter (bsc#1051510). - ALSA: hwdep: fix a left shifting 1 by 31 UB bug (git-fixes). - ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option (git-fixes). - ALSA: opti9xx: shut up gcc-10 range warning (bsc#1051510). - ALSA: pcm: fix incorrect hw_base increase (git-fixes). - ALSA: pcm: oss: Place the plugin buffer overflow checks correctly (bsc#1170522). - ALSA-pcm-oss-Place-the-plugin-buffer-overflow-checks.patch - ALSA: rawmidi: Fix racy buffer resize under concurrent accesses (git-fixes). - ALSA: usb-audio: Add control message quirk delay for Kingston HyperX headset (git-fixes). - ALSA: usb-audio: Correct a typo of NuPrime DAC-10 USB ID (bsc#1051510). - ALSA: usb-audio: Do not override ignore_ctl_error value from the map (bsc#1051510). - ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif (bsc#1051510). - ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC (git-fixes). - ALSA: usx2y: Fix potential NULL dereference (bsc#1051510). - ASoC: codecs: hdac_hdmi: Fix incorrect use of list_for_each_entry (bsc#1051510). - ASoC: dapm: connect virtual mux with default value (bsc#1051510). - ASoC: dapm: fixup dapm kcontrol widget (bsc#1051510). - ASoC: dpcm: allow start or stop during pause for backend (bsc#1051510). - ASoC: fix regwmask (bsc#1051510). - ASoC: msm8916-wcd-digital: Reset RX interpolation path after use (bsc#1051510). - ASoC: samsung: Prevent clk_get_rate() calls in atomic context (bsc#1111666). - ASoC: topology: Check return value of pcm_new_ver (bsc#1051510). - ASoC: topology: use name_prefix for new kcontrol (bsc#1051510). - b43legacy: Fix case where channel status is corrupted (bsc#1051510). - batman-adv: fix batadv_nc_random_weight_tq (git-fixes). - batman-adv: Fix refcnt leak in batadv_show_throughput_override (git-fixes). - batman-adv: Fix refcnt leak in batadv_store_throughput_override (git-fixes). - batman-adv: Fix refcnt leak in batadv_v_ogm_process (git-fixes). - bcache: avoid unnecessary btree nodes flushing in btree_flush_write() (git fixes (block drivers)). - bcache: fix incorrect data type usage in btree_flush_write() (git fixes (block drivers)). - bcache: Revert 'bcache: shrink btree node cache after bch_btree_check()' (git fixes (block drivers)). - block/drbd: delete invalid function drbd_md_mark_dirty_ (bsc#1171527). - block: drbd: remove a stray unlock in __drbd_send_protocol() (bsc#1171599). - block: fix busy device checking in blk_drop_partitions again (bsc#1171948). - block: fix busy device checking in blk_drop_partitions (bsc#1171948). - block: fix memleak of bio integrity data (git fixes (block drivers)). - block: remove the bd_openers checks in blk_drop_partitions (bsc#1171948). - bnxt_en: fix memory leaks in bnxt_dcbnl_ieee_getets() (networking-stable-20_03_28). - bnxt_en: reinitialize IRQs when MTU is modified (networking-stable-20_03_14). - bonding/alb: make sure arp header is pulled before accessing it (networking-stable-20_03_14). - brcmfmac: abort and release host after error (bsc#1051510). - Btrfs: fix deadlock with memory reclaim during scrub (bsc#1172127). - btrfs: fix log context list corruption after rename whiteout error (bsc#1172342). - btrfs: fix partial loss of prealloc extent past i_size after fsync (bsc#1172343). - btrfs: move the dio_sem higher up the callchain (bsc#1171761). - btrfs: reloc: clear DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: reloc: fix reloc root leak and NULL pointer dereference (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: setup a nofs context for memory allocation at btrfs_create_tree() (bsc#1172127). - btrfs: setup a nofs context for memory allocation at __btrfs_set_acl (bsc#1172127). - btrfs: use nofs context when initializing security xattrs to avoid deadlock (bsc#1172127). - can: add missing attribute validation for termination (networking-stable-20_03_14). - cdc-acm: close race betrween suspend() and acm_softint (git-fixes). - cdc-acm: introduce a cool down (git-fixes). - ceph: fix double unlock in handle_cap_export() (bsc#1171694). - ceph: fix endianness bug when handling MDS session feature bits (bsc#1171695). - cgroup, netclassid: periodically release file_lock on classid updating (networking-stable-20_03_14). - CIFS: Allocate crypto structures on the fly for calculating signatures of incoming packets (bsc#1144333). - CIFS: Allocate encryption header through kmalloc (bsc#1144333). - CIFS: allow unlock flock and OFD lock across fork (bsc#1144333). - CIFS: check new file size when extending file by fallocate (bsc#1144333). - CIFS: cifspdu.h: Replace zero-length array with flexible-array member (bsc#1144333). - CIFS: clear PF_MEMALLOC before exiting demultiplex thread (bsc#1144333). - CIFS: do not share tcons with DFS (bsc#1144333). - CIFS: dump the session id and keys also for SMB2 sessions (bsc#1144333). - CIFS: ensure correct super block for DFS reconnect (bsc#1144333). - CIFS: Fix bug which the return value by asynchronous read is error (bsc#1144333). - CIFS: fix uninitialised lease_key in open_shroot() (bsc#1144333). - CIFS: improve read performance for page size 64KB & cache=strict & vers=2.1+ (bsc#1144333). - CIFS: Increment num_remote_opens stats counter even in case of smb2_query_dir_first (bsc#1144333). - CIFS: minor update to comments around the cifs_tcp_ses_lock mutex (bsc#1144333). - CIFS: protect updating server->dstaddr with a spinlock (bsc#1144333). - CIFS: smb2pdu.h: Replace zero-length array with flexible-array member (bsc#1144333). - CIFS: smbd: Calculate the correct maximum packet size for segmented SMBDirect send/receive (bsc#1144333). - CIFS: smbd: Check and extend sender credits in interrupt context (bsc#1144333). - CIFS: smbd: Check send queue size before posting a send (bsc#1144333). - CIFS: smbd: Do not schedule work to send immediate packet on every receive (bsc#1144333). - CIFS: smbd: Merge code to track pending packets (bsc#1144333). - CIFS: smbd: Properly process errors on ib_post_send (bsc#1144333). - CIFS: smbd: Update receive credits before sending and deal with credits roll back on failure before sending (bsc#1144333). - CIFS: Warn less noisily on default mount (bsc#1144333). - clk: Add clk_hw_unregister_composite helper function definition (bsc#1051510). - clk: imx6ull: use OSC clock during AXI rate change (bsc#1051510). - clk: imx: make mux parent strings const (bsc#1051510). - clk: mediatek: correct the clocks for MT2701 HDMI PHY module (bsc#1051510). - clk: sunxi-ng: a64: Fix gate bit of DSI DPHY (bsc#1051510). - clocksource/drivers/hyper-v: Set TSC clocksource as default w/ InvariantTSC (bsc#1170620). - clocksource: dw_apb_timer_of: Fix missing clockevent timers (bsc#1051510). - component: Silence bind error on -EPROBE_DEFER (bsc#1051510). - coresight: do not use the BIT() macro in the UAPI header (git fixes (block drivers)). - cpufreq: s3c64xx: Remove pointless NULL check in s3c64xx_cpufreq_driver_init (bsc#1051510). - crypto: ccp - AES CFB mode is a stream cipher (git-fixes). - crypto: ccp - Clean up and exit correctly on allocation failure (git-fixes). - crypto: ccp - Cleanup misc_dev on sev_exit() (bsc#1114279). - crypto: ccp - Cleanup sp_dev_master in psp_dev_destroy() (bsc#1114279). - debugfs: Add debugfs_create_xul() for hexadecimal unsigned long (git-fixes). - dmaengine: dmatest: Fix iteration non-stop logic (bsc#1051510). - dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574). - dm writecache: fix data corruption when reloading the target (git fixes (block drivers)). - dm writecache: fix incorrect flush sequence when doing SSD mode commit (git fixes (block drivers)). - dm writecache: verify watermark during resume (git fixes (block drivers)). - dm zoned: fix invalid memory access (git fixes (block drivers)). - dm zoned: reduce overhead of backing device checks (git fixes (block drivers)). - dm zoned: remove duplicate nr_rnd_zones increase in dmz_init_zone() (git fixes (block drivers)). - dm zoned: support zone sizes smaller than 128MiB (git fixes (block drivers)). - dp83640: reverse arguments to list_add_tail (git-fixes). - drivers: hv: Add a module description line to the hv_vmbus driver (bsc#1172253). - Drivers: HV: Send one page worth of kmsg dump over Hyper-V during panic (bsc#1170618). - Drivers: hv: vmbus: Fix the issue with freeing up hv_ctl_table_hdr (bsc#1170618). - Drivers: hv: vmbus: Get rid of MSR access from vmbus_drv.c (bsc#1170618). - Drivers: hv: vmus: Fix the check for return value from kmsg get dump buffer (bsc#1170618). - drivers/net/ibmvnic: Update VNIC protocol version reporting (bsc#1065729). - drm: amd/acp: fix broken menu structure (bsc#1114279) * context changes - drm/crc: Actually allow to change the crc source (bsc#1114279) * offset changes - drm/dp_mst: Fix clearing payload state on topology disable (bsc#1051510). - drm/dp_mst: Reformat drm_dp_check_act_status() a bit (bsc#1051510). - drm/edid: Fix off-by-one in DispID DTD pixel clock (bsc#1114279) - drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of (bsc#1114279) - drm/i915: properly sanity check batch_start_offset (bsc#1114279) * renamed display/intel_fbc.c -> intel_fb.c * renamed gt/intel_rc6.c -> intel_pm.c * context changes - drm/meson: Delete an error message in meson_dw_hdmi_bind() (bsc#1051510). - drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem (bsc#1114279) - drm/qxl: qxl_release leak in qxl_draw_dirty_fb() (bsc#1051510). - drm/qxl: qxl_release leak in qxl_hw_surface_alloc() (bsc#1051510). - drm/qxl: qxl_release use after free (bsc#1051510). - drm: Remove PageReserved manipulation from drm_pci_alloc (bsc#1114279) * offset changes - dump_stack: avoid the livelock of the dump_lock (git fixes (block drivers)). - EDAC, sb_edac: Add support for systems with segmented PCI buses (bsc#1169525). - ext4: do not zeroout extents beyond i_disksize (bsc#1167851). - ext4: fix extent_status fragmentation for plain files (bsc#1171949). - ext4: use non-movable memory for superblock readahead (bsc#1171952). - fanotify: fix merging marks masks with FAN_ONDIR (bsc#1171679). - fbcon: fix null-ptr-deref in fbcon_switch (bsc#1114279) * rename drivers/video/fbdev/core to drivers/video/console * context changes - fib: add missing attribute validation for tun_id (networking-stable-20_03_14). - firmware: qcom: scm: fix compilation error when disabled (bsc#1051510). - fs/cifs: fix gcc warning in sid_to_id (bsc#1144333). - fs/seq_file.c: simplify seq_file iteration code and interface (bsc#1170125). - gpio: tegra: mask GPIO IRQs during IRQ shutdown (bsc#1051510). - gre: fix uninit-value in __iptunnel_pull_header (networking-stable-20_03_14). - HID: hid-input: clear unmapped usages (git-fixes). - HID: hyperv: Add a module description line (bsc#1172253). - HID: i2c-hid: add Trekstor Primebook C11B to descriptor override (git-fixes). - HID: i2c-hid: override HID descriptors for certain devices (git-fixes). - HID: multitouch: add eGalaxTouch P80H84 support (bsc#1051510). - HID: wacom: Read HID_DG_CONTACTMAX directly for non-generic devices (git-fixes). - hrtimer: Annotate lockless access to timer->state (git fixes (block drivers)). - hsr: add restart routine into hsr_get_node_list() (networking-stable-20_03_28). - hsr: check protocol version in hsr_newlink() (networking-stable-20_04_17). - hsr: fix general protection fault in hsr_addr_is_self() (networking-stable-20_03_28). - hsr: set .netnsok flag (networking-stable-20_03_28). - hsr: use rcu_read_lock() in hsr_get_node_{list/status}() (networking-stable-20_03_28). - i2c: acpi: Force bus speed to 400KHz if a Silead touchscreen is present (git-fixes). - i2c: acpi: put device when verifying client fails (git-fixes). - i2c: brcmstb: remove unused struct member (git-fixes). - i2c: core: Allow empty id_table in ACPI case as well (git-fixes). - i2c: core: decrease reference count of device node in i2c_unregister_device (git-fixes). - i2c: dev: Fix the race between the release of i2c_dev and cdev (bsc#1051510). - i2c: fix missing pm_runtime_put_sync in i2c_device_probe (git-fixes). - i2c-hid: properly terminate i2c_hid_dmi_desc_override_table array (git-fixes). - i2c: i801: Do not add ICH_RES_IO_SMI for the iTCO_wdt device (git-fixes). - i2c: iproc: Stop advertising support of SMBUS quick cmd (git-fixes). - i2c: isch: Remove unnecessary acpi.h include (git-fixes). - i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()' (bsc#1051510). - i2c: st: fix missing struct parameter description (bsc#1051510). - IB/ipoib: Add child to parent list only if device initialized (bsc#1168503). - IB/ipoib: Consolidate checking of the proposed child interface (bsc#1168503). - IB/ipoib: Do not remove child devices from within the ndo_uninit (bsc#1168503). - IB/ipoib: Get rid of IPOIB_FLAG_GOING_DOWN (bsc#1168503). - IB/ipoib: Get rid of the sysfs_mutex (bsc#1168503). - IB/ipoib: Maintain the child_intfs list from ndo_init/uninit (bsc#1168503). - IB/ipoib: Move all uninit code into ndo_uninit (bsc#1168503). - IB/ipoib: Move init code to ndo_init (bsc#1168503). - IB/ipoib: Replace printk with pr_warn (bsc#1168503). - IB/ipoib: Use cancel_delayed_work_sync for neigh-clean task (bsc#1168503). - IB/ipoib: Warn when one port fails to initialize (bsc#1168503). - ibmvnic: Skip fatal error reset after passive init (bsc#1171078 ltc#184239). - iio:ad7797: Use correct attribute_group (bsc#1051510). - iio: adc: stm32-adc: fix device used to request dma (bsc#1051510). - iio: adc: stm32-adc: fix sleep in atomic context (git-fixes). - iio: adc: stm32-adc: Use dma_request_chan() instead dma_request_slave_channel() (bsc#1051510). - iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()' (bsc#1051510). - iio: sca3000: Remove an erroneous 'get_device()' (bsc#1051510). - iio: xilinx-xadc: Fix ADC-B powerdown (bsc#1051510). - iio: xilinx-xadc: Fix clearing interrupt when enabling trigger (bsc#1051510). - iio: xilinx-xadc: Fix sequencer configuration for aux channels in simultaneous mode (bsc#1051510). - ima: Fix return value of ima_write_policy() (git-fixes). - Input: evdev - call input_flush_device() on release(), not flush() (bsc#1051510). - Input: hyperv-keyboard - add module description (bsc#1172253). - Input: i8042 - add Acer Aspire 5738z to nomux list (bsc#1051510). - Input: i8042 - add ThinkPad S230u to i8042 reset list (bsc#1051510). - Input: raydium_i2c_ts - use true and false for boolean values (bsc#1051510). - Input: synaptics-rmi4 - fix error return code in rmi_driver_probe() (bsc#1051510). - Input: synaptics-rmi4 - really fix attn_data use-after-free (git-fixes). - Input: usbtouchscreen - add support for BonXeon TP (bsc#1051510). - Input: xpad - add custom init packet for Xbox One S controllers (bsc#1051510). - iommu/amd: Call domain_flush_complete() in update_domain() (bsc#1172096). - iommu/amd: Do not flush Device Table in iommu_map_page() (bsc#1172097). - iommu/amd: Do not loop forever when trying to increase address space (bsc#1172098). - iommu/amd: Fix legacy interrupt remapping for x2APIC-enabled system (bsc#1172099). - iommu/amd: Fix over-read of ACPI UID from IVRS table (bsc#1172101). - iommu/amd: Fix race in increase_address_space()/fetch_pte() (bsc#1172102). - iommu/amd: Update Device Table in increase_address_space() (bsc#1172103). - iommu: Fix reference count leak in iommu_group_alloc (bsc#1172397). - ipmi: fix hung processes in __get_guid() (git-fixes). - ipv4: fix a RCU-list lock in fib_triestat_seq_show (networking-stable-20_04_02). - ipv6/addrconf: call ipv6_mc_up() for non-Ethernet interface (networking-stable-20_03_14). - ipv6: do not auto-add link-local address to lag ports (networking-stable-20_04_09). - ipv6: Fix nlmsg_flags when splitting a multipath route (networking-stable-20_03_01). - ipv6: Fix route replacement with dev-only route (networking-stable-20_03_01). - ipvlan: add cond_resched_rcu() while processing muticast backlog (networking-stable-20_03_14). - ipvlan: do not deref eth hdr before checking it's set (networking-stable-20_03_14). - ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast() (networking-stable-20_03_14). - iwlwifi: pcie: actually release queue memory in TVQM (bsc#1051510). - kabi fix for early XHCI debug (git-fixes). - kabi for for md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (git-fixes). - kabi, protect struct ib_device (bsc#1168503). - kabi/severities: Do not track KVM internal symbols. - kabi/severities: Ingnore get_dev_data() The function is internal to the AMD IOMMU driver and must not be called by any third party. - kabi workaround for snd_rawmidi buffer_ref field addition (git-fixes). - KEYS: reaching the keys quotas correctly (bsc#1051510). - KVM: arm64: Change hyp_panic()s dependency on tpidr_el2 (bsc#1133021). - KVM: arm64: Stop save/restoring host tpidr_el1 on VHE (bsc#1133021). - KVM: Check validity of resolved slot when searching memslots (bsc#1172104). - KVM: s390: vsie: Fix delivery of addressing exceptions (git-fixes). - KVM: s390: vsie: Fix possible race when shadowing region 3 tables (git-fixes). - KVM: s390: vsie: Fix region 1 ASCE sanity shadow address checks (git-fixes). - KVM: SVM: Fix potential memory leak in svm_cpu_init() (bsc#1171736). - KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1152489). - l2tp: Allow management of tunnels and session in user namespace (networking-stable-20_04_17). - libata: Remove extra scsi_host_put() in ata_scsi_add_hosts() (bsc#1051510). - libata: Return correct status in sata_pmp_eh_recover_pm() when ATA_DFLAG_DETACH is set (bsc#1051510). - lib: raid6: fix awk build warnings (git fixes (block drivers)). - lib/raid6/test: fix build on distros whose /bin/sh is not bash (git fixes (block drivers)). - lib/stackdepot.c: fix global out-of-bounds in stack_slabs (git fixes (block drivers)). - locks: print unsigned ino in /proc/locks (bsc#1171951). - mac80211: add ieee80211_is_any_nullfunc() (bsc#1051510). - mac80211_hwsim: Use kstrndup() in place of kasprintf() (bsc#1051510). - mac80211: mesh: fix discovery timer re-arming issue / crash (bsc#1051510). - macsec: avoid to set wrong mtu (bsc#1051510). - macsec: restrict to ethernet devices (networking-stable-20_03_28). - macvlan: add cond_resched() during multicast processing (networking-stable-20_03_14). - macvlan: fix null dereference in macvlan_device_event() (bsc#1051510). - md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (git-fixes). - md/raid0: Fix an error message in raid0_make_request() (git fixes (block drivers)). - md/raid10: prevent access of uninitialized resync_pages offset (git-fixes). - media: dvb: return -EREMOTEIO on i2c transfer failure (bsc#1051510). - media: platform: fcp: Set appropriate DMA parameters (bsc#1051510). - media: ti-vpe: cal: fix disable_irqs to only the intended target (git-fixes). - mei: release me_cl object reference (bsc#1051510). - mlxsw: Fix some IS_ERR() vs NULL bugs (networking-stable-20_04_27). - mlxsw: spectrum_flower: Do not stop at FLOW_ACTION_VLAN_MANGLE (networking-stable-20_04_09). - mmc: atmel-mci: Fix debugfs on 64-bit platforms (git-fixes). - mmc: dw_mmc: Fix debugfs on 64-bit platforms (git-fixes). - mmc: meson-gx: make sure the descriptor is stopped on errors (git-fixes). - mmc: meson-gx: simplify interrupt handler (git-fixes). - mmc: renesas_sdhi: limit block count to 16 bit for old revisions (git-fixes). - mmc: sdhci-esdhc-imx: fix the mask for tuning start point (bsc#1051510). - mmc: sdhci-msm: Clear tuning done flag while hs400 tuning (bsc#1051510). - mmc: sdhci-of-at91: fix memleak on clk_get failure (git-fixes). - mmc: sdhci-pci: Fix eMMC driver strength for BYT-based controllers (bsc#1051510). - mmc: sdhci-xenon: fix annoying 1.8V regulator warning (bsc#1051510). - mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() (bsc#1051510). - mmc: tmio: fix access width of Block Count Register (git-fixes). - mm: thp: handle page cache THP correctly in PageTransCompoundMap (git fixes (block drivers)). - mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer (bsc#1051510). - mtd: spi-nor: cadence-quadspi: add a delay in write sequence (git-fixes). - mtd: spi-nor: enable 4B opcodes for mx66l51235l (git-fixes). - mtd: spi-nor: fsl-quadspi: Do not let -EINVAL on the bus (git-fixes). - mwifiex: avoid -Wstringop-overflow warning (bsc#1051510). - mwifiex: Fix memory corruption in dump_station (bsc#1051510). - net: bcmgenet: correct per TX/RX ring statistics (networking-stable-20_04_27). - net: dsa: b53: Fix ARL register definitions (networking-stable-20_04_27). - net: dsa: b53: Rework ARL bin logic (networking-stable-20_04_27). - net: dsa: bcm_sf2: Do not register slave MDIO bus with OF (networking-stable-20_04_09). - net: dsa: bcm_sf2: Ensure correct sub-node is parsed (networking-stable-20_04_09). - net: dsa: bcm_sf2: Fix overflow checks (git-fixes). - net: dsa: Fix duplicate frames flooded by learning (networking-stable-20_03_28). - net: dsa: mv88e6xxx: fix lockup on warm boot (networking-stable-20_03_14). - net: fec: validate the new settings in fec_enet_set_coalesce() (networking-stable-20_03_14). - net: fib_rules: Correctly set table field when table number exceeds 8 bits (networking-stable-20_03_01). - net: fix race condition in __inet_lookup_established() (bsc#1151794). - net: fq: add missing attribute validation for orphan mask (networking-stable-20_03_14). - net, ip_tunnel: fix interface lookup with no key (networking-stable-20_04_02). - net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin (networking-stable-20_04_17). - net: ipv6: do not consider routes via gateways for anycast address check (networking-stable-20_04_17). - netlink: Use netlink header as base to calculate bad attribute offset (networking-stable-20_03_14). - net: macsec: update SCI upon MAC address change (networking-stable-20_03_14). - net: memcg: fix lockdep splat in inet_csk_accept() (networking-stable-20_03_14). - net: memcg: late association of sock to memcg (networking-stable-20_03_14). - net/mlx4_en: avoid indirect call in TX completion (networking-stable-20_04_27). - net/mlx5: Add new fields to Port Type and Speed register (bsc#1171118). - net/mlx5: Add RoCE RX ICRC encapsulated counter (bsc#1171118). - net/mlx5e: Fix ethtool self test: link speed (bsc#1171118). - net/mlx5e: Move port speed code from en_ethtool.c to en/port.c (bsc#1171118). - net/mlx5: Expose link speed directly (bsc#1171118). - net/mlx5: Expose port speed when possible (bsc#1171118). - net: mvneta: Fix the case where the last poll did not process all rx (networking-stable-20_03_28). - net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node (networking-stable-20_04_27). - net/packet: tpacket_rcv: do not increment ring index on drop (networking-stable-20_03_14). - net: phy: restore mdio regs in the iproc mdio driver (networking-stable-20_03_01). - net: qmi_wwan: add support for ASKEY WWHC050 (networking-stable-20_03_28). - net: revert default NAPI poll timeout to 2 jiffies (networking-stable-20_04_17). - net_sched: cls_route: remove the right filter from hashtable (networking-stable-20_03_28). - net/x25: Fix x25_neigh refcnt leak when receiving frame (networking-stable-20_04_27). - nfc: add missing attribute validation for SE API (networking-stable-20_03_14). - nfc: add missing attribute validation for vendor subcommand (networking-stable-20_03_14). - nfc: pn544: Fix occasional HW initialization failure (networking-stable-20_03_01). - NFC: st21nfca: add missed kfree_skb() in an error path (bsc#1051510). - nfsd4: fix up replay_matches_cache() (git-fixes). - nfsd: Ensure CLONE persists data and metadata changes to the target file (git-fixes). - nfsd: fix delay timer on 32-bit architectures (git-fixes). - nfsd: fix jiffies/time_t mixup in LRU list (git-fixes). - NFS: Directory page cache pages need to be locked when read (git-fixes). - nfsd: memory corruption in nfsd4_lock() (git-fixes). - NFS: Do not call generic_error_remove_page() while holding locks (bsc#1170457). - NFS: Fix memory leaks and corruption in readdir (git-fixes). - NFS: Fix O_DIRECT accounting of number of bytes read/written (git-fixes). - NFS: Fix potential posix_acl refcnt leak in nfs3_set_acl (git-fixes). - NFS: fix racey wait in nfs_set_open_stateid_locked (bsc#1170592). - NFS/flexfiles: Use the correct TCP timeout for flexfiles I/O (git-fixes). - NFS/pnfs: Fix pnfs_generic_prepare_to_resend_writes() (git-fixes). - NFS: Revalidate the file size on a fatal write error (git-fixes). - NFSv4.0: nfs4_do_fsinfo() should not do implicit lease renewals (git-fixes). - NFSv4: Do not allow a cached open with a revoked delegation (git-fixes). - NFSv4: Fix leak of clp->cl_acceptor string (git-fixes). - NFSv4/pnfs: Return valid stateids in nfs_layout_find_inode_by_stateid() (git-fixes). - NFSv4: try lease recovery on NFS4ERR_EXPIRED (git-fixes). - NFSv4.x: Drop the slot if nfs4_delegreturn_prepare waits for layoutreturn (git-fixes). - nl802154: add missing attribute validation for dev_type (networking-stable-20_03_14). - nl802154: add missing attribute validation (networking-stable-20_03_14). - nvme-fc: print proper nvme-fc devloss_tmo value (bsc#1172391). - objtool: Fix stack offset tracking for indirect CFAs (bsc#1169514). - objtool: Fix switch table detection in .text.unlikely (bsc#1169514). - objtool: Make BP scratch register warning more robust (bsc#1169514). - padata: Remove broken queue flushing (git-fixes). - Partially revert 'kfifo: fix kfifo_alloc() and kfifo_init()' (git fixes (block drivers)). - pinctrl: baytrail: Enable pin configuration setting for GPIO chip (git-fixes). - pinctrl: cherryview: Add missing spinlock usage in chv_gpio_irq_handler (git-fixes). - platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA (bsc#1051510). - pNFS: Ensure we do clear the return-on-close layout stateid on fatal errors (git-fixes). - powerpc: Add attributes for setjmp/longjmp (bsc#1065729). - powerpc/pci/of: Parse unassigned resources (bsc#1065729). - powerpc/setup_64: Set cache-line-size based on cache-block-size (bsc#1065729). - powerpc/sstep: Fix DS operand in ld encoding to appropriate value (bsc#1065729). - qede: Fix race between rdma destroy workqueue and link change event (networking-stable-20_03_01). - r8152: check disconnect status after long sleep (networking-stable-20_03_14). - raid6/ppc: Fix build for clang (git fixes (block drivers)). - rcu: locking and unlocking need to always be at least barriers (git fixes (block drivers)). - RDMA/ipoib: Fix use of sizeof() (bsc#1168503). - RDMA/netdev: Fix netlink support in IPoIB (bsc#1168503). - RDMA/netdev: Hoist alloc_netdev_mqs out of the driver (bsc#1168503). - RDMA/netdev: Use priv_destructor for netdev cleanup (bsc#1168503). - Remove 2 git-fixes that cause build issues. (bsc#1171691) - Revert 'ALSA: hda/realtek: Fix pop noise on ALC225' (git-fixes). - Revert 'drm/panel: simple: Add support for Sharp LQ150X1LG11 panels' (bsc#1114279) * offset changes - Revert 'HID: i2c-hid: add Trekstor Primebook C11B to descriptor override' Depends on 9b5c747685982d22efffeafc5ec601bd28f6d78b, which was also reverted. - Revert 'HID: i2c-hid: override HID descriptors for certain devices' This broke i2c-hid.ko's build, there is no way around it without a big file rename or renaming the kernel module. - Revert 'i2c-hid: properly terminate i2c_hid_dmi_desc_override_table' Fixed 9b5c747685982d22efffeafc5ec601bd28f6d78b, which was also reverted. - Revert 'ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()' (bsc#1172221). - rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup() (bsc#1051510). - s390/cio: avoid duplicated 'ADD' uevents (git-fixes). - s390/cio: generate delayed uevent for vfio-ccw subchannels (git-fixes). - s390/cpuinfo: fix wrong output when CPU0 is offline (git-fixes). - s390/diag: fix display of diagnose call statistics (git-fixes). - s390/ftrace: fix potential crashes when switching tracers (git-fixes). - s390/gmap: return proper error code on ksm unsharing (git-fixes). - s390/ism: fix error return code in ism_probe() (git-fixes). - s390/pci: Fix possible deadlock in recover_store() (bsc#1165183 LTC#184103). - s390/pci: Recover handle in clp_set_pci_fn() (bsc#1165183 LTC#184103). - s390/qeth: cancel RX reclaim work earlier (git-fixes). - s390/qeth: do not return -ENOTSUPP to userspace (git-fixes). - s390/qeth: do not warn for napi with 0 budget (git-fixes). - s390/qeth: fix off-by-one in RX copybreak check (git-fixes). - s390/qeth: fix promiscuous mode after reset (git-fixes). - s390/qeth: fix qdio teardown after early init error (git-fixes). - s390/qeth: handle error due to unsupported transport mode (git-fixes). - s390/qeth: handle error when backing RX buffer (git-fixes). - s390/qeth: lock the card while changing its hsuid (git-fixes). - s390/qeth: support net namespaces for L3 devices (git-fixes). - s390/time: Fix clk type in get_tod_clock (git-fixes). - scripts/decodecode: fix trapping instruction formatting (bsc#1065729). - scripts/dtc: Remove redundant YYLOC global declaration (bsc#1160388). - scsi: bnx2i: fix potential use after free (bsc#1171600). - scsi: core: Handle drivers which set sg_tablesize to zero (bsc#1171601) This commit also required: > scsi: core: avoid preallocating big SGL for data - scsi: core: save/restore command resid for error handling (bsc#1171602). - scsi: core: scsi_trace: Use get_unaligned_be*() (bsc#1171604). - scsi: core: try to get module before removing device (bsc#1171605). - scsi: csiostor: Adjust indentation in csio_device_reset (bsc#1171606). - scsi: csiostor: Do not enable IRQs too early (bsc#1171607). - scsi: esas2r: unlock on error in esas2r_nvram_read_direct() (bsc#1171608). - scsi: fnic: fix invalid stack access (bsc#1171609). - scsi: fnic: fix msix interrupt allocation (bsc#1171610). - scsi: ibmvscsi: Fix WARN_ON during event pool release (bsc#1170791 ltc#185128). - scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func (bsc#1171611). - scsi: iscsi: Fix a potential deadlock in the timeout handler (bsc#1171612). - scsi: iscsi: qla4xxx: fix double free in probe (bsc#1171613). - scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences (bsc#1171614). - scsi: lpfc: Fix crash in target side cable pulls hitting WAIT_FOR_UNREG (bsc#1171615). - scsi: megaraid_sas: Do not initiate OCR if controller is not in ready state (bsc#1171616). - scsi: qla2xxx: add ring buffer for tracing debug logs (bsc#1157169). - scsi: qla2xxx: check UNLOADING before posting async work (bsc#1157169). - scsi: qla2xxx: Delete all sessions before unregister local nvme port (bsc#1157169). - scsi: qla2xxx: Do not log message when reading port speed via sysfs (bsc#1157169). - scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV (bsc#1157169). - scsi: qla2xxx: Fix regression warnings (bsc#1157169). - scsi: qla2xxx: Remove non functional code (bsc#1157169). - scsi: qla2xxx: set UNLOADING before waiting for session deletion (bsc#1157169). - scsi: qla4xxx: Adjust indentation in qla4xxx_mem_free (bsc#1171617). - scsi: qla4xxx: fix double free bug (bsc#1171618). - scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI (bsc#1171619). - scsi: sg: add sg_remove_request in sg_common_write (bsc#1171620). - scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6) (bsc#1171621). - scsi: ufs: change msleep to usleep_range (bsc#1171622). - scsi: ufs: Clean up ufshcd_scale_clks() and clock scaling error out path (bsc#1171623). - scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic (bsc#1171624). - scsi: ufs: Fix ufshcd_probe_hba() reture value in case ufshcd_scsi_add_wlus() fails (bsc#1171625). - scsi: ufs: Recheck bkops level if bkops is disabled (bsc#1171626). - scsi: zfcp: fix missing erp_lock in port recovery trigger for point-to-point (git-fixes). - sctp: fix possibly using a bad saddr with a given dst (networking-stable-20_04_02). - sctp: fix refcount bug in sctp_wfree (networking-stable-20_04_02). - sctp: move the format error check out of __sctp_sf_do_9_1_abort (networking-stable-20_03_01). - seq_file: fix problem when seeking mid-record (bsc#1170125). - serial: uartps: Move the spinlock after the read of the tx empty (git-fixes). - sfc: detach from cb_page in efx_copy_channel() (networking-stable-20_03_14). - signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig (bsc#1172185). - slcan: not call free_netdev before rtnl_unlock in slcan_open (networking-stable-20_03_28). - slip: make slhc_compress() more robust against malicious packets (networking-stable-20_03_14). - smb3: Additional compression structures (bsc#1144333). - smb3: Add new compression flags (bsc#1144333). - smb3: change noisy error message to FYI (bsc#1144333). - smb3: enable swap on SMB3 mounts (bsc#1144333). - smb3: Minor cleanup of protocol definitions (bsc#1144333). - smb3: remove overly noisy debug line in signing errors (bsc#1144333). - smb3: smbdirect support can be configured by default (bsc#1144333). - smb3: use SMB2_SIGNATURE_SIZE define (bsc#1144333). - spi: bcm2835: Fix 3-wire mode if DMA is enabled (git-fixes). - spi: bcm63xx-hsspi: Really keep pll clk enabled (bsc#1051510). - spi: bcm-qspi: when tx/rx buffer is NULL set to 0 (bsc#1051510). - spi: dw: Add SPI Rx-done wait method to DMA-based transfer (bsc#1051510). - spi: dw: Add SPI Tx-done wait method to DMA-based transfer (bsc#1051510). - spi: dw: Zero DMA Tx and Rx configurations on stack (bsc#1051510). - spi: fsl: do not map irq during probe (git-fixes). - spi: fsl: use platform_get_irq() instead of of_irq_to_resource() (git-fixes). - spi: pxa2xx: Add CS control clock quirk (bsc#1051510). - spi: qup: call spi_qup_pm_resume_runtime before suspending (bsc#1051510). - spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (git-fixes). - spi: spi-s3c64xx: Fix system resume support (git-fixes). - spi/zynqmp: remove entry that causes a cs glitch (bsc#1051510). - staging: comedi: dt2815: fix writing hi byte of analog output (bsc#1051510). - staging: comedi: Fix comedi_device refcnt leak in comedi_open (bsc#1051510). - staging: iio: ad2s1210: Fix SPI reading (bsc#1051510). - staging: vt6656: Do not set RCR_MULTICAST or RCR_BROADCAST by default (git-fixes). - staging: vt6656: Fix drivers TBTT timing counter (git-fixes). - staging: vt6656: Fix pairwise key entry save (git-fixes). - sunrpc: expiry_time should be seconds not timeval (git-fixes). - SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()' (git-fixes). - supported.conf: Add br_netfilter to base (bsc#1169020). - svcrdma: Fix leak of transport addresses (git-fixes). - taskstats: fix data-race (bsc#1172188). - tcp: cache line align MAX_TCP_HEADER (networking-stable-20_04_27). - tcp: repair: fix TCP_QUEUE_SEQ implementation (networking-stable-20_03_28). - team: add missing attribute validation for array index (networking-stable-20_03_14). - team: add missing attribute validation for port ifindex (networking-stable-20_03_14). - team: fix hang in team_mode_get() (networking-stable-20_04_27). - tools lib traceevent: Remove unneeded qsort and uses memmove instead (git-fixes). - tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send() (bsc#1065729). - tpm/tpm_tis: Free IRQ if probing fails (bsc#1082555). - tpm/tpm_tis: Free IRQ if probing fails (git-fixes). - tracing: Add a vmalloc_sync_mappings() for safe measure (git-fixes). - tracing: Disable trace_printk() on post poned tests (git-fixes). - tracing: Fix the race between registering 'snapshot' event trigger and triggering 'snapshot' operation (git-fixes). - tty: rocket, avoid OOB access (git-fixes). - UAS: fix deadlock in error handling and PM flushing work (git-fixes). - UAS: no use logging any details in case of ENODEV (git-fixes). - USB: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair K70 RGB RAPIDFIRE (git-fixes). - USB: cdc-acm: restore capability check order (git-fixes). - USB: core: Fix misleading driver bug report (bsc#1051510). - USB: dwc3: do not set gadget->is_otg flag (git-fixes). - USB: dwc3: gadget: Do link recovery for SS and SSP (git-fixes). - USB: early: Handle AMD's spec-compliant identifiers, too (git-fixes). - USB: f_fs: Clear OS Extended descriptor counts to zero in ffs_data_reset() (git-fixes). - USB: gadget: audio: Fix a missing error return value in audio_bind() (git-fixes). - USB: gadget: composite: Inform controller driver of self-powered (git-fixes). - USB: gadget: legacy: fix error return code in cdc_bind() (git-fixes). - USB: gadget: legacy: fix error return code in gncm_bind() (git-fixes). - USB: gadget: legacy: fix redundant initialization warnings (bsc#1051510). - USB: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()' (git-fixes). - USB: gadget: udc: atmel: Fix vbus disconnect handling (git-fixes). - USB: gadget: udc: atmel: Make some symbols static (git-fixes). - USB: gadget: udc: bdc: Remove unnecessary NULL checks in bdc_req_complete (git-fixes). - USB: host: xhci-plat: keep runtime active when removing host (git-fixes). - USB: hub: Fix handling of connect changes during sleep (git-fixes). - usbnet: silence an unnecessary warning (bsc#1170770). - USB: serial: garmin_gps: add sanity checking for data length (git-fixes). - USB: serial: option: add BroadMobi BM806U (git-fixes). - USB: serial: option: add support for ASKEY WWHC050 (git-fixes). - USB: serial: option: add Wistron Neweb D19Q1 (git-fixes). - USB: serial: qcserial: Add DW5816e support (git-fixes). - USB: sisusbvga: Change port variable from signed to unsigned (git-fixes). - usb-storage: Add unusual_devs entry for JMicron JMS566 (git-fixes). - USB: uas: add quirk for LaCie 2Big Quadra (git-fixes). - USB: xhci: Fix NULL pointer dereference when enqueuing trbs from urb sg list (git-fixes). - video: fbdev: sis: Remove unnecessary parentheses and commented code (bsc#1114279) - video: fbdev: w100fb: Fix a potential double free (bsc#1051510). - vrf: Check skb for XFRM_TRANSFORMED flag (networking-stable-20_04_27). - vt: ioctl, switch VT_IS_IN_USE and VT_BUSY to inlines (git-fixes). - vt: selection, introduce vc_is_sel (git-fixes). - vt: vt_ioctl: fix race in VT_RESIZEX (git-fixes). - vt: vt_ioctl: fix use-after-free in vt_in_use() (git-fixes). - vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (git-fixes). - vxlan: check return value of gro_cells_init() (networking-stable-20_03_28). - watchdog: reset last_hw_keepalive time at start (git-fixes). - wcn36xx: Fix error handling path in 'wcn36xx_probe()' (bsc#1051510). - wil6210: remove reset file from debugfs (git-fixes). - wimax/i2400m: Fix potential urb refcnt leak (bsc#1051510). - workqueue: do not use wq_select_unbound_cpu() for bound works (bsc#1172130). - x86/entry/64: Fix unwind hints in kernel exit path (bsc#1058115). - x86/entry/64: Fix unwind hints in register clearing code (bsc#1058115). - x86/entry/64: Fix unwind hints in rewind_stack_do_exit() (bsc#1058115). - x86/entry/64: Fix unwind hints in __switch_to_asm() (bsc#1058115). - x86/Hyper-V: Allow guests to enable InvariantTSC (bsc#1170620). - x86/Hyper-V: Free hv_panic_page when fail to register kmsg dump (bsc#1170618). - x86/Hyper-V: Report crash data in die() when panic_on_oops is set (bsc#1170618). - x86/Hyper-V: Report crash register data or kmsg before running crash kernel (bsc#1170618). - x86/Hyper-V: Report crash register data when sysctl_record_panic_msg is not set (bsc#1170618). - x86:Hyper-V: report value of misc_features (git-fixes). - x86/Hyper-V: Trigger crash enlightenment only once during system crash (bsc#1170618). - x86/Hyper-V: Unload vmbus channel in hv panic callback (bsc#1170618). - x86/kprobes: Avoid kretprobe recursion bug (bsc#1114279). - x86/resctrl: Fix invalid attempt at removing the default resource group (git-fixes). - x86/resctrl: Preserve CDP enable over CPU hotplug (bsc#1114279). - x86/unwind/orc: Do not skip the first frame for inactive tasks (bsc#1058115). - x86/unwind/orc: Fix error handling in __unwind_start() (bsc#1058115). - x86/unwind/orc: Fix error path for bad ORC entry type (bsc#1058115). - x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks (bsc#1058115). - x86/unwind/orc: Prevent unwinding before ORC initialization (bsc#1058115). - x86/unwind: Prevent false warnings for non-current tasks (bsc#1058115). - x86/xen: fix booting 32-bit pv guest (bsc#1071995). - x86/xen: Make the boot CPU idle task reliable (bsc#1071995). - x86/xen: Make the secondary CPU idle tasks reliable (bsc#1071995). - xen/pci: reserve MCFG areas earlier (bsc#1170145). - xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish (networking-stable-20_04_27). - xfs: Correctly invert xfs_buftarg LRU isolation logic (git-fixes). - xfs: do not ever return a stale pointer from __xfs_dir3_free_read (git-fixes). - xprtrdma: Fix completion wait during device removal (git-fixes). Important SUSE bug 1051510 SUSE bug 1058115 SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1082555 SUSE bug 1089895 SUSE bug 1111666 SUSE bug 1114279 SUSE bug 1133021 SUSE bug 1144333 SUSE bug 1151794 SUSE bug 1152489 SUSE bug 1154824 SUSE bug 1157169 SUSE bug 1158265 SUSE bug 1160388 SUSE bug 1160947 SUSE bug 1165183 SUSE bug 1165741 SUSE bug 1166969 SUSE bug 1167574 SUSE bug 1167851 SUSE bug 1168503 SUSE bug 1168670 SUSE bug 1169020 SUSE bug 1169514 SUSE bug 1169525 SUSE bug 1170056 SUSE bug 1170125 SUSE bug 1170145 SUSE bug 1170345 SUSE bug 1170457 SUSE bug 1170522 SUSE bug 1170592 SUSE bug 1170618 SUSE bug 1170620 SUSE bug 1170770 SUSE bug 1170778 SUSE bug 1170791 SUSE bug 1170901 SUSE bug 1171078 SUSE bug 1171098 SUSE bug 1171118 SUSE bug 1171189 SUSE bug 1171191 SUSE bug 1171195 SUSE bug 1171202 SUSE bug 1171205 SUSE bug 1171217 SUSE bug 1171218 SUSE bug 1171219 SUSE bug 1171220 SUSE bug 1171293 SUSE bug 1171417 SUSE bug 1171527 SUSE bug 1171599 SUSE bug 1171600 SUSE bug 1171601 SUSE bug 1171602 SUSE bug 1171604 SUSE bug 1171605 SUSE bug 1171606 SUSE bug 1171607 SUSE bug 1171608 SUSE bug 1171609 SUSE bug 1171610 SUSE bug 1171611 SUSE bug 1171612 SUSE bug 1171613 SUSE bug 1171614 SUSE bug 1171615 SUSE bug 1171616 SUSE bug 1171617 SUSE bug 1171618 SUSE bug 1171619 SUSE bug 1171620 SUSE bug 1171621 SUSE bug 1171622 SUSE bug 1171623 SUSE bug 1171624 SUSE bug 1171625 SUSE bug 1171626 SUSE bug 1171679 SUSE bug 1171691 SUSE bug 1171694 SUSE bug 1171695 SUSE bug 1171736 SUSE bug 1171761 SUSE bug 1171948 SUSE bug 1171949 SUSE bug 1171951 SUSE bug 1171952 SUSE bug 1171982 SUSE bug 1171983 SUSE bug 1172096 SUSE bug 1172097 SUSE bug 1172098 SUSE bug 1172099 SUSE bug 1172101 SUSE bug 1172102 SUSE bug 1172103 SUSE bug 1172104 SUSE bug 1172127 SUSE bug 1172130 SUSE bug 1172185 SUSE bug 1172188 SUSE bug 1172199 SUSE bug 1172221 SUSE bug 1172253 SUSE bug 1172317 SUSE bug 1172342 SUSE bug 1172343 SUSE bug 1172344 SUSE bug 1172366 SUSE bug 1172391 SUSE bug 1172397 SUSE bug 1172453 CVE-2018-1000199 CVE-2019-19462 CVE-2019-20806 CVE-2019-20812 CVE-2019-9455 CVE-2020-0543 CVE-2020-10690 CVE-2020-10711 CVE-2020-10720 CVE-2020-10732 CVE-2020-10751 CVE-2020-10757 CVE-2020-12114 CVE-2020-12464 CVE-2020-12652 CVE-2020-12653 CVE-2020-12654 CVE-2020-12655 CVE-2020-12656 CVE-2020-12657 CVE-2020-12768 CVE-2020-12769 CVE-2020-13143 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ed fixes the following security issue: - CVE-2017-5357: An invalid free in the regular expression handling of the 'ed' command processing could allow local users to crash ed. (bsc#1019807) Low SUSE bug 1019807 CVE-2017-5357 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for adns fixes the following issues: - CVE-2017-9103,CVE-2017-9104,CVE-2017-9105,CVE-2017-9109: Fixed an issue in local recursive resolver which could have led to remote code execution (bsc#1172265). - CVE-2017-9106: Fixed an issue with upstream DNS data sources which could have led to denial of service (bsc#1172265). - CVE-2017-9107: Fixed an issue when quering domain names which could have led to denial of service (bsc#1172265). - CVE-2017-9108: Fixed an issue which could have led to denial of service (bsc#1172265). Important SUSE bug 1172265 CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9106 CVE-2017-9107 CVE-2017-9108 CVE-2017-9109 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for audiofile fixes the following issues: Security issue fixed: - CVE-2018-13440: Return AF_FAIL instead of causing NULL pointer dereferences later (bsc#1100523). Low SUSE bug 1100523 CVE-2018-13440 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for xen to version 4.11.4 fixes the following issues: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1172205). Important SUSE bug 1027519 SUSE bug 1172205 CVE-2020-0543 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for gnuplot fixes the following issues: Following security issues were fixed: - CVE-2018-19492: Fixed a buffer overflow in cairotrm_options function (bsc#1117463) - CVE-2018-19491: Fixed a buffer overlow in the PS_options function (bsc#1117464) - CVE-2018-19490: Fixed a heap-based buffer overflow in the df_generate_ascii_array_entry function (bsc#1117465) - CVE-2017-9670: Fixed a uninitialized stack variable vulnerability which could lead to a Denial of Service (bsc#1044638) Moderate SUSE bug 1044638 SUSE bug 1117463 SUSE bug 1117464 SUSE bug 1117465 CVE-2017-9670 CVE-2018-19490 CVE-2018-19491 CVE-2018-19492 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for perl fixes the following issues: - CVE-2020-10543: Fixed a heap buffer overflow in regular expression compiler which could have allowed overwriting of allocated memory with attacker's data (bsc#1171863). - CVE-2020-10878: Fixed multiple integer overflows which could have allowed the insertion of instructions into the compiled form of Perl regular expression (bsc#1171864). - CVE-2020-12723: Fixed an attacker's corruption of the intermediate language state of a compiled regular expression (bsc#1171866). - Fixed utf8 handling in perldoc by useing 'term' instead of 'man' (bsc#1170601). - Some packages make assumptions about the date and time they are built. This update will solve the issues caused by calling the perl function timelocal expressing the year with two digit only instead of four digits. (bsc#1102840) (bsc#1160039) Important SUSE bug 1102840 SUSE bug 1160039 SUSE bug 1170601 SUSE bug 1171863 SUSE bug 1171864 SUSE bug 1171866 CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_7_1-ibm fixes the following issues: java-1_7_1-ibm was updated to Java 7.1 Service Refresh 4 Fix Pack 65 (bsc#1172277 and bsc#1169511) - CVE-2020-2654: Fixed an issue which could have resulted in unauthorized ability to cause a partial denial of service - CVE-2020-2756: Improved mapping of serial ENUMs - CVE-2020-2757: Less Blocking Array Queues - CVE-2020-2781: Improved TLS session handling - CVE-2020-2800: Improved Headings for HTTP Servers - CVE-2020-2803: Enhanced buffering of byte buffers - CVE-2020-2805: Enhanced typing of methods - CVE-2020-2830: Improved Scanner conversions Important SUSE bug 1169511 SUSE bug 1172277 CVE-2020-2654 CVE-2020-2756 CVE-2020-2757 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_8_0-ibm fixes the following issues: java-1_8_0-ibm was updated to Java 8.0 Service Refresh 6 Fix Pack 10 (bsc#1172277,bsc#1169511,bsc#1160968) - CVE-2020-2654: Fixed an issue which could have resulted in unauthorized ability to cause a partial denial of service - CVE-2020-2754: Forwarded references to Nashorn - CVE-2020-2755: Improved Nashorn matching - CVE-2020-2756: Improved mapping of serial ENUMs - CVE-2020-2757: Less Blocking Array Queues - CVE-2020-2781: Improved TLS session handling - CVE-2020-2800: Improved Headings for HTTP Servers - CVE-2020-2803: Enhanced buffering of byte buffers - CVE-2020-2805: Enhanced typing of methods - CVE-2020-2830: Improved Scanner conversions - CVE-2019-2949: Fixed an issue which could have resulted in unauthorized access to critical data - Added RSA PSS SUPPORT TO IBMPKCS11IMPL - The pack200 and unpack200 alternatives should be slaves of java (bsc#1171352). Important SUSE bug 1160968 SUSE bug 1169511 SUSE bug 1171352 SUSE bug 1172277 CVE-2019-2949 CVE-2020-2654 CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_8_0-openjdk to version jdk8u252 fixes the following issues: - CVE-2020-2754: Forward references to Nashorn (bsc#1169511) - CVE-2020-2755: Improve Nashorn matching (bsc#1169511) - CVE-2020-2756: Better mapping of serial ENUMs (bsc#1169511) - CVE-2020-2757: Less Blocking Array Queues (bsc#1169511) - CVE-2020-2773: Better signatures in XML (bsc#1169511) - CVE-2020-2781: Improve TLS session handling (bsc#1169511) - CVE-2020-2800: Better Headings for HTTP Servers (bsc#1169511) - CVE-2020-2803: Enhance buffering of byte buffers (bsc#1169511) - CVE-2020-2805: Enhance typing of methods (bsc#1169511) - CVE-2020-2830: Better Scanner conversions (bsc#1169511) Important SUSE bug 1160398 SUSE bug 1169511 CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libgxps fixes the following issues: - CVE-2018-10733: Fixed a heap-based buffer over-read issue in ft_font_face_hash (bsc#1092125). Moderate SUSE bug 1092125 CVE-2018-10733 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for mariadb fixes the following issues: mariadb was updated to version 10.2.32 (bsc#1171550) - CVE-2020-2752: Fixed an issue which could have resulted in unauthorized ability to cause denial of service. - CVE-2020-2812: Fixed an issue which could have resulted in unauthorized ability to cause denial of service. - CVE-2020-2814: Fixed an issue which could have resulted in unauthorized ability to cause denial of service. - CVE-2020-2760: Fixed an issue which could have resulted in unauthorized ability to cause denial of service. - CVE-2020-13249: Fixed an improper validation of the content of an OK packet received from a server. Release notes and changelog: - https://mariadb.com/kb/en/library/mariadb-10232-release-notes - https://mariadb.com/kb/en/library/mariadb-10232-changelog - Update to 10.2.32 GA [bsc#1171550] Moderate SUSE bug 1171550 CVE-2020-13249 CVE-2020-2752 CVE-2020-2760 CVE-2020-2812 CVE-2020-2814 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027). Important SUSE bug 1173027 CVE-2020-8177 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This is a version update for ceph to version 12.2.13: Security issue fixed: - CVE-2020-10753: Fixed an HTTP header injection via CORS ExposeHeader tag (bsc#1171921). - Notable changes in this update for ceph: * mgr: telemetry: backported and now available on SES5.5. Please consider enabling via 'ceph telemetry on' (bsc#1171670) * OSD heartbeat ping time: new health warning, options and admin commands (bsc#1171960) * 'osd_calc_pg_upmaps_max_stddev' ceph.conf parameter has been removed; use 'upmap_max_deviation' instead (bsc#1171961) * Default maximum concurrent bluestore rocksdb compaction threads raised from 1 to 2 for improved ability to keep up with rgw bucket index workloads (bsc#1171963) - Bug fixes in this ceph update: * mon: Error message displayed when mon_osd_max_split_count would be exceeded is not as user-friendly as it could be (bsc#1126230) * ceph_volume_client: remove ceph mds calls in favor of ceph fs calls (bsc#1136082) * rgw: crypt: permit RGW-AUTO/default with SSE-S3 headers (bsc#1157607) * mon/AuthMonitor: don't validate fs caps on authorize (bsc#1161096) - Additional bug fixes: * ceph-volume: strip _dmcrypt suffix in simple scan json output (bsc#1162553) Important SUSE bug 1126230 SUSE bug 1136082 SUSE bug 1157607 SUSE bug 1161096 SUSE bug 1162553 SUSE bug 1171670 SUSE bug 1171921 SUSE bug 1171960 SUSE bug 1171961 SUSE bug 1171963 CVE-2020-10753 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for tigervnc fixes the following issues: - CVE-2019-15691: Fixed a use-after-return due to incorrect usage of stack memory in ZRLEDecoder (bsc#1159856). - CVE-2019-15692: Fixed a heap-based buffer overflow in CopyRectDecode (bsc#1160250). - CVE-2019-15693: Fixed a heap-based buffer overflow in TightDecoder::FilterGradient (bsc#1159858). - CVE-2019-15694: Fixed a heap-based buffer overflow, caused by improper error handling in processing MemOutStream (bsc#1160251). - CVE-2019-15695: Fixed a stack-based buffer overflow, which could be triggered from CMsgReader::readSetCursor (bsc#1159860). Other bugs fixed: - Fix random connection freezes (bsc#1169952, bsc#1160249, bsc#1165680): Important SUSE bug 1159856 SUSE bug 1159858 SUSE bug 1159860 SUSE bug 1160249 SUSE bug 1160250 SUSE bug 1160251 SUSE bug 1160937 SUSE bug 1165680 SUSE bug 1169952 CVE-2019-15691 CVE-2019-15692 CVE-2019-15693 CVE-2019-15694 CVE-2019-15695 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for tomcat fixes the following issues: - CVE-2020-8022: Fixed a local root exploit due to improper permissions (bsc#1172405) Important SUSE bug 1172405 CVE-2020-8022 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python3-requests provides the following fix: python-requests was updated to 2.20.1. Update to version 2.20.1: * Fixed bug with unintended Authorization header stripping for redirects using default ports (http/80, https/443). Update to version 2.20.0: * Bugfixes + Content-Type header parsing is now case-insensitive (e.g. charset=utf8 v Charset=utf8). + Fixed exception leak where certain redirect urls would raise uncaught urllib3 exceptions. + Requests removes Authorization header from requests redirected from https to http on the same hostname. (CVE-2018-18074) + should_bypass_proxies now handles URIs without hostnames (e.g. files). Update to version 2.19.1: * Fixed issue where status_codes.py’s init function failed trying to append to a __doc__ value of None. Update to version 2.19.0: * Improvements + Warn about possible slowdown with cryptography version < 1.3.4 + Check host in proxy URL, before forwarding request to adapter. + Maintain fragments properly across redirects. (RFC7231 7.1.2) + Removed use of cgi module to expedite library load time. + Added support for SHA-256 and SHA-512 digest auth algorithms. + Minor performance improvement to Request.content. * Bugfixes + Parsing empty Link headers with parse_header_links() no longer return one bogus entry. + Fixed issue where loading the default certificate bundle from a zip archive would raise an IOError. + Fixed issue with unexpected ImportError on windows system which do not support winreg module. + DNS resolution in proxy bypass no longer includes the username and password in the request. This also fixes the issue of DNS queries failing on macOS. + Properly normalize adapter prefixes for url comparison. + Passing None as a file pointer to the files param no longer raises an exception. + Calling copy on a RequestsCookieJar will now preserve the cookie policy correctly. Update to version 2.18.4: * Improvements + Error messages for invalid headers now include the header name for easier debugging Update to version 2.18.3: * Improvements + Running $ python -m requests.help now includes the installed version of idna. * Bugfixes + Fixed issue where Requests would raise ConnectionError instead of SSLError when encountering SSL problems when using urllib3 v1.22. - Add ca-certificates (and ca-certificates-mozilla) to dependencies, otherwise https connections will fail. Moderate SUSE bug 1054413 SUSE bug 1073879 SUSE bug 1111622 SUSE bug 1122668 SUSE bug 761500 SUSE bug 922448 SUSE bug 929736 SUSE bug 935252 SUSE bug 945455 SUSE bug 947357 SUSE bug 961596 SUSE bug 967128 CVE-2015-2296 CVE-2018-18074 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for mutt fixes the following issues: - CVE-2020-14954: Fixed a response injection due to a STARTTLS buffering issue which was affecting IMAP, SMTP, and POP3 (bsc#1173197). - CVE-2020-14093: Fixed a potential IMAP Man-in-the-Middle attack via a PREAUTH response (bsc#1172906, bsc#1172935). - CVE-2020-14154: Fixed an issue where Mutt was ignoring an expired certificate and was proceeding with a connection (bsc#1172906, bsc#1172935). Important SUSE bug 1172906 SUSE bug 1172935 SUSE bug 1173197 CVE-2020-14093 CVE-2020-14154 CVE-2020-14954 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for unzip fixes the following issues: - CVE-2018-18384: Fixed a buffer overflow when listing files (bsc#1110194) Moderate SUSE bug 1110194 CVE-2018-18384 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for mariadb-100 fixes the following issues: mariadb-100 was updated to version 10.0.44 (bsc#1171550) - CVE-2020-2752: Fixed an issue which could have resulted in unauthorized ability to cause denial of service. - CVE-2020-2812: Fixed an issue which could have resulted in unauthorized ability to cause denial of service. - Fixed some test failures Moderate SUSE bug 1171550 CVE-2020-2752 CVE-2020-2812 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for squid fixes the following issues: - CVE-2020-14059: Fixed an issue where a client could potentially deny the service of a server during TLS Handshake (bsc#1173304). - CVE-2019-18860: Fixed handling of invalid domain names in cachemgr.cgi (bsc#1167373). Important SUSE bug 1167373 SUSE bug 1173304 CVE-2019-18860 CVE-2020-14059 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ntp fixes the following issues: ntp was updated to 4.2.8p15 - CVE-2020-11868: Fixed an issue which a server mode packet with spoofed source address frequently send to the client ntpd could have caused denial of service (bsc#1169740). - CVE-2018-8956: Fixed an issue which could have allowed remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed mode 3 and mode 5 packets (bsc#1171355). - CVE-2020-13817: Fixed an issue which an off-path attacker with the ability to query time from victim's ntpd instance could have modified the victim's clock by a limited amount (bsc#1172651). - CVE-2020-15025: Fixed an issue which remote attacker could have caused denial of service by consuming the memory when a CMAC key was used andassociated with a CMAC algorithm in the ntp.keys (bsc#1173334). Moderate SUSE bug 1169740 SUSE bug 1171355 SUSE bug 1172651 SUSE bug 1173334 CVE-2018-8956 CVE-2020-11868 CVE-2020-13817 CVE-2020-15025 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for transfig fixes the following issues: Security issue fixed: - CVE-2019-14275: Fixed stack-based buffer overflow in the calc_arrow function (bsc#1143650). - CVE-2018-16140: Fixed a buffer underwrite vulnerability in get_line() in read.c, which allowed an attacker to write prior to the beginning of the buffer via specially crafted .fig file (bsc#1106531) Low SUSE bug 1106531 SUSE bug 1143650 CVE-2018-16140 CVE-2019-14275 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for systemd fixes the following issues: - CVE-2019-20386: Fixed a memory leak when executing the udevadm trigger command (bsc#1161436). - Renamed the persistent link for ATA devices (bsc#1164538) - shared/install: try harder to find enablement symlinks when disabling a unit (bsc#1157315) - tmpfiles: removed unnecessary assert (bsc#1171145) - pid1: by default make user units inherit their umask from the user manager (bsc#1162698) - manager: fixed job mode when signalled to shutdown etc (bsc#1161262) - coredump: fixed bug that loses core dump files when core dumps are compressed and disk space is low. (bsc#1167622) - udev: inform systemd how many workers we can potentially spawn (#4036) (bsc#1165633) - libblkid: open device in nonblock mode. (bsc#1084671) - udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256) Moderate SUSE bug 1084671 SUSE bug 1154256 SUSE bug 1157315 SUSE bug 1161262 SUSE bug 1161436 SUSE bug 1162698 SUSE bug 1164538 SUSE bug 1165633 SUSE bug 1167622 SUSE bug 1171145 CVE-2019-20386 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for permissions fixes the following issues: - Removed conflicting entries which might expose pcp to security issues (bsc#1171883) Moderate SUSE bug 1171883 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). - Fixed an issue where slapd becomes unresponsive after many failed login/bind attempts(bsc#1170715). Important SUSE bug 1170715 SUSE bug 1172698 SUSE bug 1172704 CVE-2020-8023 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for samba fixes the following issues: - CVE-2019-14907: Fixed a Server-side crash after charset conversion failure during NTLMSSP processing (bsc#1160888). Moderate SUSE bug 1160888 CVE-2019-14907 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 [bsc#1158442, bsc#1154212] * Security fixes: CVE-2019-2933 CVE-2019-2945 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2975 CVE-2019-2978 CVE-2019-2983 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2996 CVE-2019-2999 CVE-2019-2973 CVE-2019-2981 CVE-2019-17631 Moderate SUSE bug 1154212 SUSE bug 1158442 CVE-2019-17631 CVE-2019-2933 CVE-2019-2945 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2975 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2996 CVE-2019-2999 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u232 (icedtea 3.14.0) (October 2019 CPU, bsc#1154212) Security issues fixed: - CVE-2019-2933: Windows file handling redux - CVE-2019-2945: Better socket support - CVE-2019-2949: Better Kerberos ccache handling - CVE-2019-2958: Build Better Processes - CVE-2019-2964: Better support for patterns - CVE-2019-2962: Better Glyph Images - CVE-2019-2973: Better pattern compilation - CVE-2019-2975: Unexpected exception in jjs - CVE-2019-2978: Improved handling of jar files - CVE-2019-2981: Better Path supports - CVE-2019-2983: Better serial attributes - CVE-2019-2987: Better rendering of native glyphs - CVE-2019-2988: Better Graphics2D drawing - CVE-2019-2989: Improve TLS connection support - CVE-2019-2992: Enhance font glyph mapping - CVE-2019-2999: Commentary on Javadoc comments - CVE-2019-2894: Enhance ECDSA operations (bsc#1152856) Bug fixes: - Add patch to fix hotspot-aarch64 (bsc#1138529). Moderate SUSE bug 1138529 SUSE bug 1152856 SUSE bug 1154212 CVE-2019-2894 CVE-2019-2933 CVE-2019-2945 CVE-2019-2949 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2975 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for sysstat fixes the following issues: Security issue fixed: - CVE-2019-19725: Fixed double free in check_file_actlst in sa_common.c (bsc#1159104). Bug fixes: - Enable log information of starting/stoping services. (bsc#1144923, jsc#SLE-5958) Moderate SUSE bug 1144923 SUSE bug 1159104 CVE-2019-19725 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_8_0-openjdk fixes the following issues: Update java-1_8_0-openjdk to version jdk8u242 (icedtea 3.15.0) (January 2020 CPU, bsc#1160968): - CVE-2020-2583: Unlink Set of LinkedHashSets - CVE-2020-2590: Improve Kerberos interop capabilities - CVE-2020-2593: Normalize normalization for all - CVE-2020-2601: Better Ticket Granting Services - CVE-2020-2604: Better serial filter handling - CVE-2020-2659: Enhance datagram socket support - CVE-2020-2654: Improve Object Identifier Processing Important SUSE bug 1160968 CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2659 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssl-1_0_0 fixes the following issues: Security issue fixed: - CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). Moderate SUSE bug 1158809 CVE-2019-1551 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libqt5-qtbase fixes the following issues: Security issues fixed: - CVE-2020-0569: Fixed a potential local code execution by loading plugins from CWD (bsc#1161167). - CVE-2018-19870: Fixed an improper check in QImage allocation which could allow Denial of Service when opening crafted gif files (bsc#1118597). - CVE-2018-19872: Fixed an issue which could allow a division by zero leading to crash (bsc#1130246). Important SUSE bug 1118597 SUSE bug 1130246 SUSE bug 1161167 CVE-2018-19870 CVE-2018-19872 CVE-2020-0569 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for systemd fixes the following issues: - CVE-2020-1712 (bsc#bsc#1162108) Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted Dbus messages. - Unconfirmed fix for prevent hanging of systemctl during restart. (bsc#1139459) - Fix warnings thrown during package installation. (bsc#1154043) - Fix for system-udevd prevent crash within OES2018. (bsc#1151506) - Fragments of masked units ought not be considered for 'NeedDaemonReload'. (bsc#1156482) - Wait for workers to finish when exiting. (bsc#1106383) - Improve log message when inotify limit is reached. (bsc#1155574) - Mention in the man pages that alias names are only effective after command 'systemctl enable'. (bsc#1151377) - Introduce function for reading virtual files in 'sysfs' and 'procfs'. (bsc#1133495, bsc#1159814) Important SUSE bug 1106383 SUSE bug 1133495 SUSE bug 1139459 SUSE bug 1151377 SUSE bug 1151506 SUSE bug 1154043 SUSE bug 1155574 SUSE bug 1156482 SUSE bug 1159814 SUSE bug 1162108 CVE-2020-1712 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for e2fsprogs fixes the following issues: - CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571). Moderate SUSE bug 1160571 CVE-2019-5188 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for wicked fixes the following issues: - CVE-2019-18902: Fixed a use-after-free when receiving invalid DHCP6 client options (bsc#1160903). - CVE-2019-18903: Fixed a use-after-free when receiving invalid DHCP6 IA_PD option (bsc#1160904). - CVE-2020-7216: Fixed a potential denial of service via a memory leak when processing packets with missing message type option in DHCP4 (bsc#1160905). - CVE-2020-7217: Fixed a memory leak in DHCP4 fsm when processing packets for other client ids (bsc#1160906). Important SUSE bug 1160903 SUSE bug 1160904 SUSE bug 1160905 SUSE bug 1160906 CVE-2019-18902 CVE-2019-18903 CVE-2020-7216 CVE-2020-7217 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update libreoffice and libraries fixes the following issues: LibreOffice was updated to 6.3.3 (jsc#SLE-8705), bringing many bug and stability fixes. More information for the 6.3 release at: https://wiki.documentfoundation.org/ReleaseNotes/6.3 Security issue fixed: - CVE-2019-9853: Fixed an issue where by executing macros, the security settings could have been bypassed (bsc#1152684). Other issues addressed: - Dropped disable-kde4 switch, since it is no longer known by configure - Disabled gtk2 because it will be removed in future releases - librelogo is now a standalone sub-package (bsc#1144522). - Partial fixes for an issue where Table(s) from DOCX showed wrong position or color (bsc#1061210). cmis-client was updated to 0.5.2: * Removed header for Uuid's sha1 header(bsc#1105173). * Fixed Google Drive login * Added support for Google Drive two-factor authentication * Fixed access to SharePoint root folder * Limited the maximal number of redirections to 20 * Switched library implementation to C++11 (the API remains C++98-compatible) * Fixed encoding of OAuth2 credentials * Dropped cppcheck run from 'make check'. A new 'make cppcheck' target was created for it * Added proper API symbol exporting * Speeded up building of tests a bit * Fixed a few issues found by coverity and cppcheck libixion was updated to 0.15.0: * Updated for new liborcus * Switched to spdlog for compile-time debug log outputs * Fixed various issues libmwaw was updated 0.3.15: * Fixed fuzzing issues liborcus was updated to 0.15.3: * Fixed various xml related bugs * Improved performance * Fixed multiple parser issues * Added map and structure mode to orcus-json * Other improvements and fixes mdds was updated to 1.5.0: * API changed to 1.5 * Moved the API incompatibility notes from README to the rst doc. * Added the overview section for flat_segment_tree. myspell-dictionaries was updated to 20191016: * Updated Slovenian thesaurus * Updated the da_DK dictionary * Removed the abbreviations from Thai hunspell dictionary * Updated the English dictionaries * Fixed the logo management for 'ca' spdlog was updated to 0.16.3: * Fixed sleep issue under MSVC that happens when changing the clock backwards * Ensured that macros always expand to expressions * Added global flush_on function bluez changes: * lib: Changed bluetooth.h to compile in strict C gperf was updated to 3.1: * The generated C code is now in ANSI-C by default. * Added option --constants-prefix. * Added declaration %define constants-prefix. Moderate SUSE bug 1061210 SUSE bug 1105173 SUSE bug 1144522 SUSE bug 1152684 CVE-2019-9853 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for dbus-1 fixes the following issues: Security issue fixed: - CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). Important SUSE bug 1137832 CVE-2019-12749 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 68.5.0 ESR * CVE-2020-6796 (bmo#1610426) Missing bounds check on shared memory read in the parent process * CVE-2020-6797 (bmo#1596668) Extensions granted downloads.open permission could open arbitrary applications on Mac OSX * CVE-2020-6798 (bmo#1602944) Incorrect parsing of template tag could result in JavaScript injection * CVE-2020-6799 (bmo#1606596) Arbitrary code execution when opening pdf links from other applications, when Firefox is configured as default pdf reader * CVE-2020-6800 (bmo#1595786, bmo#1596706, bmo#1598543, bmo#1604851, bmo#1605777, bmo#1608580, bmo#1608785) Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 * Fixed: Fixed various issues opening files with spaces in their path (bmo#1601905, bmo#1602726) Important SUSE bug 1161799 CVE-2020-6796 CVE-2020-6797 CVE-2020-6798 CVE-2020-6799 CVE-2020-6800 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for gcc9 fixes the following issues: The GNU Compiler Collection is shipped in version 9. A detailed changelog on what changed in GCC 9 is available at https://gcc.gnu.org/gcc-9/changes.html The compilers have been added to the SUSE Linux Enterprise Toolchain Module. To use these compilers, install e.g. gcc9, gcc9-c++ and build with CC=gcc-9 CXX=g++-9 set. For SUSE Linux Enterprise base products, the libstdc++6, libgcc_s1 and other compiler libraries have been switched from their gcc8 variants to their gcc9 variants. Security issues fixed: - CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145) - CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649) Non-security issues fixed: - Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254) - Fixed miscompilation for vector shift on s390. (bsc#1141897) Moderate SUSE bug 1114592 SUSE bug 1135254 SUSE bug 1141897 SUSE bug 1142649 SUSE bug 1142654 SUSE bug 1148517 SUSE bug 1149145 CVE-2019-14250 CVE-2019-15847 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for sudo fixes the following issues: Security issue fixed: - CVE-2019-18634: Fixed a buffer overflow in the passphrase prompt that could occur when pwfeedback was enabled in /etc/sudoers (bsc#1162202). Non-security issue fixed: - Fixed an issue where sudo -l would ask for a password even though `listpw` was set to `never` (bsc#1162675). Important SUSE bug 1162202 SUSE bug 1162675 CVE-2019-18634 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ImageMagick fixes the following issues: Security issue fixed: - CVE-2019-19948: Fixed a heap-based buffer overflow in WriteSGIImage() (bsc#1159861). - CVE-2019-19949: Fixed a heap-based buffer over-read in WritePNGImage() (bsc#1160369). Non-security issue fixed: - Fixed an issue where converting tiff to png would lead to unviewable files (bsc#1161194). Moderate SUSE bug 1159861 SUSE bug 1160369 SUSE bug 1161194 CVE-2019-19948 CVE-2019-19949 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for dnsmasq fixes the following issues: Security issue fixed: - CVE-2019-14834: Fixed a memory leak which could have allowed to remote attackers to cause denial of service via DHCP response creation (bsc#1154849) Other issue addressed: - Removed cache size limit (bsc#1138743). Moderate SUSE bug 1138743 SUSE bug 1154849 CVE-2019-14834 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_7_1-ibm fixes the following issues: Java was updated to 7.1 Service Refresh 4 Fix Pack 60 [bsc#1162972, bsc#1160968]. Security issues fixed: - CVE-2020-2583: Fixed a serialization vulnerability in BeanContextSupport (bsc#1162972). - CVE-2020-2593: Fixed an incorrect check in isBuiltinStreamHandler, causing URL normalization issues (bsc#1162972). - CVE-2020-2604: Fixed a serialization issue in jdk.serialFilter (bsc#1162972). - CVE-2020-2659: Fixed the incomplete enforcement of the maxDatagramSockets limit in DatagramChannelImpl (bsc#1162972). Non-security issues fixed: * Class Libraries: IJ22333 HANG IN JAVA_JAVA_NET_SOCKETINPUTSTREAM_SOCKETREAD0 EVEN WHEN TIMEOUT IS SET IJ22350 JAVA 7 AND JAVA 8 NOT WORKING WELL WITH TRADITIONAL/SIMPLIFIED CHINESE EDITION OF WINDOWS CLIENT SYSTEM IJ22337 THE NAME OF THE REPUBLIC OF BELARUS IN THE RUSSIAN LOCALE INCONSISTENT WITH CLDR IJ22349 UPDATE TIMEZONE INFORMATION TO TZDATA2019C * JIT Compiler: IJ11368 JAVA JIT PPC: CRASH IN JIT COMPILED CODE ON PPC MACHINES Important SUSE bug 1160968 SUSE bug 1162972 CVE-2020-2583 CVE-2020-2593 CVE-2020-2604 CVE-2020-2659 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libexif fixes the following issues: - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). Moderate SUSE bug 1120943 SUSE bug 1160770 CVE-2018-20030 CVE-2019-9278 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libvpx fixes the following issues: - CVE-2019-9232: Fixed an out of bound memory access (bsc#1160613). - CVE-2019-9433: Fixdd a use-after-free in vp8_deblock() (bsc#1160614). Moderate SUSE bug 1160613 SUSE bug 1160614 CVE-2019-9232 CVE-2019-9433 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ppp fixes the following security issue: - CVE-2020-8597: Fixed a buffer overflow in the eap_request and eap_response functions (bsc#1162610). Important SUSE bug 1162610 CVE-2020-8597 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python3 fixes the following issues: Update to 3.4.10 (jsc#SLE-9427, bsc#1159208) from 3.4.6: Security issues fixed: - Update expat copy from 2.1.1 to 2.2.0 to fix the following issues: CVE-2012-0876, CVE-2016-0718, CVE-2016-4472, CVE-2017-9233, CVE-2016-9063 - CVE-2017-1000158: Fix an integer overflow in thePyString_DecodeEscape function in stringobject.c, resulting in heap-based bufferoverflow (bsc#1068664). Moderate SUSE bug 1068664 SUSE bug 1159208 SUSE bug 1159623 CVE-2012-0876 CVE-2016-0718 CVE-2016-4472 CVE-2016-9063 CVE-2017-1000158 CVE-2017-9233 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for mariadb fixes the following issues: MariaDB was updated to version 10.2.31 GA (bsc#1162388). Security issues fixed: - CVE-2020-2574: Fixed a difficult to exploit vulnerability that allowed an attacker to crash the client (bsc#1162388). - CVE-2019-18901: Fixed an unsafe path handling behavior in mysql-systemd-helper (bsc#1160895). - Enabled security hardenings in MariaDB's systemd service, namely ProtectSystem, ProtectHome and UMask (bsc#1160878). - Fixed a permissions issue in /var/lib/mysql (bsc#1077717). Moderate SUSE bug 1077717 SUSE bug 1160878 SUSE bug 1160883 SUSE bug 1160895 SUSE bug 1160912 SUSE bug 1162388 CVE-2019-18901 CVE-2020-2574 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_7_1-ibm fixes the following issues: - Update to 7.1 Service Refresh 4 Fix Pack 55 [bsc#1158442, bsc#1154212] * Security fixes: CVE-2019-2933 CVE-2019-2945 CVE-2019-2962 CVE-2019-2964 CVE-2019-2978 CVE-2019-2983 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 CVE-2019-2973 CVE-2019-2981 Moderate SUSE bug 1154212 SUSE bug 1158442 CVE-2019-2933 CVE-2019-2945 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for mariadb-100 fixes the following issues: MariaDB was updated to version 10.0.40-3 (bsc#1162388). Security issue fixed: - CVE-2020-2574: Fixed a difficult to exploit vulnerability that allowed an attacker to crash the client (bsc#1162388). Moderate SUSE bug 1162388 CVE-2020-2574 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_8_0-ibm fixes the following issues: Java 8.0 was updated to Service Refresh 6 Fix Pack 5 (bsc#1162972, bsc#1160968) - CVE-2020-2583: Unlink Set of LinkedHashSets - CVE-2019-4732: Untrusted DLL search path vulnerability - CVE-2020-2593: Normalize normalization for all - CVE-2020-2604: Better serial filter handling - CVE-2020-2659: Enhance datagram socket support Important SUSE bug 1160968 SUSE bug 1162972 CVE-2019-4732 CVE-2020-2583 CVE-2020-2593 CVE-2020-2604 CVE-2020-2659 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for log4j fixes the following issues: - CVE-2019-17571: Fixed a remote code execution by deserialization of untrusted data in SocketServer (bsc#1159646). Important SUSE bug 1159646 CVE-2019-17571 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer, python-jsonpatch, python-jsonpointer, python-scandir, python-PyYAML fixes the following issues: python-cfn-lint was included as a new package in 0.21.4. python-aws-sam-translator was updated to 1.11.0: * Add ReservedConcurrentExecutions to globals * Fix ElasticsearchHttpPostPolicy resource reference * Support using AWS::Region in Ref and Sub * Documentation and examples updates * Add VersionDescription property to Serverless::Function * Update ServerlessRepoReadWriteAccessPolicy * Add additional template validation Upgrade to 1.10.0: * Add GSIs to DynamoDBReadPolicy and DynamoDBCrudPolicy * Add DynamoDBReconfigurePolicy * Add CostExplorerReadOnlyPolicy and OrganizationsListAccountsPolicy * Add EKSDescribePolicy * Add SESBulkTemplatedCrudPolicy * Add FilterLogEventsPolicy * Add SSMParameterReadPolicy * Add SESEmailTemplateCrudPolicy * Add s3:PutObjectAcl to S3CrudPolicy * Add allow_credentials CORS option * Add support for AccessLogSetting and CanarySetting Serverless::Api properties * Add support for X-Ray in Serverless::Api * Add support for MinimumCompressionSize in Serverless::Api * Add Auth to Serverless::Api globals * Remove trailing slashes from APIGW permissions * Add SNS FilterPolicy and an example application * Add Enabled property to Serverless::Function event sources * Add support for PermissionsBoundary in Serverless::Function * Fix boto3 client initialization * Add PublicAccessBlockConfiguration property to S3 bucket resource * Make PAY_PER_REQUEST default mode for Serverless::SimpleTable * Add limited support for resolving intrinsics in Serverless::LayerVersion * SAM now uses Flake8 * Add example application for S3 Events written in Go * Updated several example applications - Initial build + Version 1.9.0 - Add patch to drop compatible releases operator from setup.py, required for SLES12 as the setuptools version is too old + ast_drop-compatible-releases-operator.patch python-jsonschema was updated to 2.6.0: * Improved performance on CPython by adding caching around ref resolution Update to version 2.5.0: * Improved performance on CPython by adding caching around ref resolution (#203) Update to version 2.4.0: * Added a CLI (#134) * Added absolute path and absolute schema path to errors (#120) * Added ``relevance`` * Meta-schemas are now loaded via ``pkgutil`` * Added ``by_relevance`` and ``best_match`` (#91) * Fixed ``format`` to allow adding formats for non-strings (#125) * Fixed the ``uri`` format to reject URI references (#131) - Install /usr/bin/jsonschema with update-alternatives support python-nose2 was updated to 0.9.1: * the prof plugin now uses cProfile instead of hotshot for profiling * skipped tests now include the user's reason in junit XML's message field * the prettyassert plugin mishandled multi-line function definitions * Using a plugin's CLI flag when the plugin is already enabled via config no longer errors * nose2.plugins.prettyassert, enabled with --pretty-assert * Cleanup code for EOLed python versions * Dropped support for distutils. * Result reporter respects failure status set by other plugins * JUnit XML plugin now includes the skip reason in its output Upgrade to 0.8.0: List of changes is too long to show here, see https://github.com/nose-devs/nose2/blob/master/docs/changelog.rst changes between 0.6.5 and 0.8.0 Update to 0.7.0: * Added parameterized_class feature, for parameterizing entire test classes (many thanks to @TobyLL for their suggestions and help testing!) * Fix DeprecationWarning on `inspect.getargs` (thanks @brettdh; https://github.com/wolever/parameterized/issues/67) * Make sure that `setUp` and `tearDown` methods work correctly (#40) * Raise a ValueError when input is empty (thanks @danielbradburn; https://github.com/wolever/parameterized/pull/48) * Fix the order when number of cases exceeds 10 (thanks @ntflc; https://github.com/wolever/parameterized/pull/49) python-scandir was included in version 2.3.2. python-requests was updated to version 2.20.1 (bsc#1111622) * Fixed bug with unintended Authorization header stripping for redirects using default ports (http/80, https/443). * remove restriction for urllib3 < 1.24 Update to version 2.20.0: * Bugfixes + Content-Type header parsing is now case-insensitive (e.g. charset=utf8 v Charset=utf8). + Fixed exception leak where certain redirect urls would raise uncaught urllib3 exceptions. + Requests removes Authorization header from requests redirected from https to http on the same hostname. (CVE-2018-18074) + should_bypass_proxies now handles URIs without hostnames (e.g. files). * Dependencies + Requests now supports urllib3 v1.24. * Deprecations + Requests has officially stopped support for Python 2.6. Update to version 2.19.1: * Fixed issue where status_codes.py’s init function failed trying to append to a __doc__ value of None. Update to version 2.19.0: * Improvements + Warn about possible slowdown with cryptography version < 1.3.4 + Check host in proxy URL, before forwarding request to adapter. + Maintain fragments properly across redirects. (RFC7231 7.1.2) + Removed use of cgi module to expedite library load time. + Added support for SHA-256 and SHA-512 digest auth algorithms. + Minor performance improvement to Request.content. + Migrate to using collections.abc for 3.7 compatibility. * Bugfixes + Parsing empty Link headers with parse_header_links() no longer return one bogus entry. + Fixed issue where loading the default certificate bundle from a zip archive would raise an IOError. + Fixed issue with unexpected ImportError on windows system which do not support winreg module. + DNS resolution in proxy bypass no longer includes the username and password in the request. This also fixes the issue of DNS queries failing on macOS. + Properly normalize adapter prefixes for url comparison. + Passing None as a file pointer to the files param no longer raises an exception. + Calling copy on a RequestsCookieJar will now preserve the cookie policy correctly. * We now support idna v2.7 and urllib3 v1.23. update to version 2.18.4: * Improvements + Error messages for invalid headers now include the header name for easier debugging * Dependencies + We now support idna v2.6. update to version 2.18.3: * Improvements + Running $ python -m requests.help now includes the installed version of idna. * Bugfixes + Fixed issue where Requests would raise ConnectionError instead of SSLError when encountering SSL problems when using urllib3 v1.22. Moderate SUSE bug 1111622 SUSE bug 1122668 CVE-2018-18074 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-2732: Fixed an issue affecting Intel CPUs where an L2 guest may trick the L0 hypervisor into accessing sensitive L1 resources (bsc#1163971). - CVE-2020-8992: An issue was discovered in ext4_protect_reserved_inode in fs/ext4/block_validity.c that allowed attackers to cause a soft lockup via a crafted journal size (bnc#1164069). - CVE-2020-8648: There was a use-after-free vulnerability in the n_tty_receive_buf_common function in drivers/tty/n_tty.c (bnc#1162928). - CVE-2020-8428: There was a use-after-free bug in fs/namei.c, which allowed local users to cause a denial of service or possibly obtain sensitive information from kernel memory (bnc#1162109). - CVE-2020-7053: There was a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c (bnc#1160966). - CVE-2019-19045: A memory leak in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c allowed attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures (bnc#1161522). - CVE-2019-16994: A memory leak existed in sit_init_net() in net/ipv6/sit.c which might have caused denial of service (bnc#1161523). - CVE-2019-19054: A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c allowed attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures (bnc#1161518). - CVE-2019-14896: A heap overflow was found in the add_ie_rates() function of the Marvell Wifi Driver (bsc#1157157). - CVE-2019-14897: A stack overflow was found in the lbs_ibss_join_existing() function of the Marvell Wifi Driver (bsc#1157155). - CVE-2019-19318: Mounting a crafted btrfs image twice could have caused a use-after-free (bnc#1158026). - CVE-2019-19036: An issue discovered in btrfs_root_node in fs/btrfs/ctree.c allowed a NULL pointer dereference because rcu_dereference(root->node) can be zero (bnc#1157692). - CVE-2019-14615: An information disclosure vulnerability existed due to insufficient control flow in certain data structures for some Intel(R) Processors (bnc#1160195). - CVE-2019-19965: There was a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition (bnc#1159911). - CVE-2019-20095: Fixed a memory leak and denial of service in mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c, where some error-handling cases did not free allocated hostcmd memory (bnc#1159909). - CVE-2019-20054: Fixed a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c related to put_links (bnc#1159910). - CVE-2019-20096: Fixed a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service (bnc#1159908). - CVE-2019-19966: Fixed a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service (bnc#1159841). - CVE-2019-19447: Mounting a crafted ext4 filesystem image, performing some operations, and unmounting could have led to a use-after-free in fs/ext4/super.c (bnc#1158819). - CVE-2019-19319: A setxattr operation, after a mount of a crafted ext4 image, could cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call (bnc#1158021). - CVE-2019-19767: The Linux kernel mishandled ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c (bnc#1159297). - CVE-2019-18808: A memory leak in the ccp_run_sha_cmd() in drivers/crypto/ccp/ccp-ops.c allowed attackers to cause a denial of service (memory consumption) (bnc#1156259). - CVE-2019-19066: A memory leak in the bfad_im_get_stats() in drivers/scsi/bfa/bfad_attr.c allowed attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures (bnc#1157303). The following non-security bugs were fixed: - 6pack,mkiss: fix possible deadlock (bsc#1051510). - ACPI / APEI: Switch estatus pool to use vmalloc memory (bsc#1051510). - ACPI: bus: Fix NULL pointer check in acpi_bus_get_private_data() (bsc#1051510). - ACPI: fix acpi_find_child_device() invocation in acpi_preset_companion() (bsc#1051510). - ACPI: PM: Avoid attaching ACPI PM domain to certain devices (bsc#1051510). - ACPI / video: Add force_none quirk for Dell OptiPlex 9020M (bsc#1051510). - ACPI: video: Do not export a non working backlight interface on MSI MS-7721 boards (bsc#1051510). - ACPI: watchdog: Allow disabling WDAT at boot (bsc#1162557). - ACPI / watchdog: Fix init failure with overlapping register regions (bsc#1162557). - ACPI / watchdog: Set default timeout in probe (bsc#1162557). - af_packet: set defaule value for tmo (bsc#1051510). - ALSA: control: remove useless assignment in .info callback of PCM chmap element (git-fixes). - ALSA: echoaudio: simplify get_audio_levels (bsc#1051510). - ALSA: fireface: fix return value in error path of isochronous resources reservation (bsc#1051510). - ALSA: hda: Add Clevo W65_67SB the power_save blacklist (git-fixes). - ALSA: hda - Add docking station support for Lenovo Thinkpad T420s (git-fixes). - ALSA: hda/analog - Minor optimization for SPDIF mux connections (git-fixes). - ALSA: hda/ca0132 - Avoid endless loop (git-fixes). - ALSA: hda/ca0132 - Fix work handling in delayed HP detection (git-fixes). - ALSA: hda/ca0132 - Keep power on during processing DSP response (git-fixes). - ALSA: hda - Downgrade error message for single-cmd fallback (git-fixes). - ALSA: hda/hdmi - add retry logic to parse_intel_hdmi() (git-fixes). - ALSA: hda/hdmi - fix atpx_present when CLASS is not VGA (bsc#1051510). - ALSA: hda/hdmi - Fix duplicate unref of pci_dev (bsc#1051510). - ALSA: hda/realtek - Add headset Mic no shutup for ALC283 (bsc#1051510). - ALSA: hda/realtek - Fix silent output on MSI-GL73 (git-fixes). - ALSA: hda/realtek - Line-out jack does not work on a Dell AIO (bsc#1051510). - ALSA: hda: Reset stream if DMA RUN bit not cleared (bsc#1111666). - ALSA: hda: Use scnprintf() for printing texts for sysfs/procfs (git-fixes). - ALSA: ice1724: Fix sleep-in-atomic in Infrasonic Quartet support code (bsc#1051510). - ALSA: oxfw: fix return value in error path of isochronous resources reservation (bsc#1051510). - ALSA: pcm: Avoid possible info leaks from PCM stream buffers (git-fixes). - ALSA: seq: Avoid concurrent access to queue flags (git-fixes). - ALSA: seq: Fix concurrent access to queue current tick/time (git-fixes). - ALSA: seq: Fix racy access for queue timer in proc read (bsc#1051510). - ALSA: sh: Fix compile warning wrt const (git-fixes). - ALSA: usb-audio: Apply sample rate quirk for Audioengine D1 (git-fixes). - ALSA: usb-audio: fix set_format altsetting sanity check (bsc#1051510). - ALSA: usb-audio: fix sync-ep altsetting sanity check (bsc#1051510). - apparmor: fix unsigned len comparison with less than zero (git-fixes). - ar5523: check NULL before memcpy() in ar5523_cmd() (bsc#1051510). - arm64: Revert support for execute-only user mappings (bsc#1160218). - ASoC: au8540: use 64-bit arithmetic instead of 32-bit (bsc#1051510). - ASoC: cs4349: Use PM ops 'cs4349_runtime_pm' (bsc#1051510). - ASoC: Jack: Fix NULL pointer dereference in snd_soc_jack_report (bsc#1051510). - ASoC: msm8916-wcd-analog: Fix selected events for MIC BIAS External1 (bsc#1051510). - ASoC: sun8i-codec: Fix setting DAI data format (git-fixes). - ASoC: wm8962: fix lambda value (git-fixes). - ata: ahci: Add shutdown to freeze hardware resources of ahci (bsc#1164388). - ath10k: fix fw crash by moving chip reset after napi disabled (bsc#1051510). - ath9k: fix storage endpoint lookup (git-fixes). - batman-adv: Fix DAT candidate selection on little endian systems (bsc#1051510). - bcache: add code comment bch_keylist_pop() and bch_keylist_pop_front() (bsc#1163762). - bcache: add code comments for state->pool in __btree_sort() (bsc#1163762). - bcache: add code comments in bch_btree_leaf_dirty() (bsc#1163762). - bcache: add cond_resched() in __bch_cache_cmp() (bsc#1163762). - bcache: add idle_max_writeback_rate sysfs interface (bsc#1163762). - bcache: add more accurate error messages in read_super() (bsc#1163762). - bcache: add readahead cache policy options via sysfs interface (bsc#1163762). - bcache: at least try to shrink 1 node in bch_mca_scan() (bsc#1163762). - bcache: avoid unnecessary btree nodes flushing in btree_flush_write() (bsc#1163762). - bcache: check return value of prio_read() (bsc#1163762). - bcache: deleted code comments for dead code in bch_data_insert_keys() (bsc#1163762). - bcache: do not export symbols (bsc#1163762). - bcache: explicity type cast in bset_bkey_last() (bsc#1163762). - bcache: fix a lost wake-up problem caused by mca_cannibalize_lock (bsc#1163762). - bcache: Fix an error code in bch_dump_read() (bsc#1163762). - bcache: fix deadlock in bcache_allocator (bsc#1163762). - bcache: fix incorrect data type usage in btree_flush_write() (bsc#1163762). - bcache: fix memory corruption in bch_cache_accounting_clear() (bsc#1163762). - bcache: fix static checker warning in bcache_device_free() (bsc#1163762). - bcache: ignore pending signals when creating gc and allocator thread (bsc#1163762, bsc#1112504). - bcache: print written and keys in trace_bcache_btree_write (bsc#1163762). - bcache: reap c->btree_cache_freeable from the tail in bch_mca_scan() (bsc#1163762). - bcache: reap from tail of c->btree_cache in bch_mca_scan() (bsc#1163762). - bcache: remove macro nr_to_fifo_front() (bsc#1163762). - bcache: remove member accessed from struct btree (bsc#1163762). - bcache: remove the extra cflags for request.o (bsc#1163762). - bcache: Revert 'bcache: shrink btree node cache after bch_btree_check()' (bsc#1163762, bsc#1112504). - bcma: remove set but not used variable 'sizel' (git-fixes). - blk-mq: avoid sysfs buffer overflow with too many CPU cores (bsc#1163840). - blk-mq: make sure that line break can be printed (bsc#1164098). - Bluetooth: Fix race condition in hci_release_sock() (bsc#1051510). - bonding: fix active-backup transition after link failure (git-fixes). - bonding: fix potential NULL deref in bond_update_slave_arr (bsc#1051510). - bonding: fix slave stuck in BOND_LINK_FAIL state (networking-stable-19_11_10). - bonding: fix state transition issue in link monitoring (networking-stable-19_11_10). - bonding: fix unexpected IFF_BONDING bit unset (bsc#1051510). - brcmfmac: fix interface sanity check (git-fixes). - brcmfmac: Fix memory leak in brcmf_usbdev_qinit (git-fixes). - brcmfmac: Fix use after free in brcmf_sdio_readframes() (git-fixes). - Btrfs: abort transaction after failed inode updates in create_subvol (bsc#1161936). - Btrfs: add missing extents release on file extent cluster relocation error (bsc#1159483). - Btrfs: avoid fallback to transaction commit during fsync of files with holes (bsc#1159569). - Btrfs: dev-replace: remove warning for unknown return codes when finished (dependency for bsc#1162067). - Btrfs: do not call synchronize_srcu() in inode_tree_del (bsc#1161934). - Btrfs: do not double lock the subvol_sem for rename exchange (bsc#1162943). - Btrfs: Ensure we trim ranges across block group boundary (bsc#1151910). - Btrfs: fix block group remaining RO forever after error during device replace (bsc#1160442). - Btrfs: fix btrfs_write_inode vs delayed iput deadlock (bsc#1154243). - Btrfs: fix infinite loop during fsync after rename operations (bsc#1163383). - Btrfs: fix infinite loop during nocow writeback due to race (bsc#1160804). - Btrfs: fix integer overflow in calc_reclaim_items_nr (bsc#1160433). - Btrfs: fix missing data checksums after replaying a log tree (bsc#1161931). - Btrfs: fix negative subv_writers counter and data space leak after buffered write (bsc#1160802). - Btrfs: fix race between adding and putting tree mod seq elements and nodes (bsc#1163384). - Btrfs: fix removal logic of the tree mod log that leads to use-after-free issues (bsc#1160803). - Btrfs: fix selftests failure due to uninitialized i_mode in test inodes (Fix for dependency of bsc#1157692). - Btrfs: handle ENOENT in btrfs_uuid_tree_iterate (bsc#1161937). - Btrfs: harden agaist duplicate fsid on scanned devices (bsc#1134973). - Btrfs: inode: Verify inode mode to avoid NULL pointer dereference (dependency for bsc#1157692). - Btrfs: make tree checker detect checksum items with overlapping ranges (bsc#1161931). - Btrfs: Move btrfs_check_chunk_valid() to tree-check.[ch] and export it (dependency for bsc#1157692). - Btrfs: record all roots for rename exchange on a subvol (bsc#1161933). - Btrfs: relocation: fix reloc_root lifespan and access (bsc#1159588). - Btrfs: scrub: Require mandatory block group RO for dev-replace (bsc#1162067). - Btrfs: send, skip backreference walking for extents with many references (bsc#1162139). - Btrfs: simplify inode locking for RWF_NOWAIT (git-fixes). - Btrfs: skip log replay on orphaned roots (bsc#1161935). - Btrfs: tree-checker: Check chunk item at tree block read time (dependency for bsc#1157692). - Btrfs: tree-checker: Check level for leaves and nodes (dependency for bsc#1157692). - Btrfs: tree-checker: Enhance chunk checker to validate chunk profile (dependency for bsc#1157692). - Btrfs: tree-checker: Fix wrong check on max devid (fixes for dependency of bsc#1157692). - Btrfs: tree-checker: get fs_info from eb in block_group_err (dependency for bsc#1157692). - Btrfs: tree-checker: get fs_info from eb in check_block_group_item (dependency for bsc#1157692). - Btrfs: tree-checker: get fs_info from eb in check_csum_item (dependency for bsc#1157692). - Btrfs: tree-checker: get fs_info from eb in check_dev_item (dependency for bsc#1157692). - Btrfs: tree-checker: get fs_info from eb in check_dir_item (dependency for bsc#1157692). - Btrfs: tree-checker: get fs_info from eb in check_extent_data_item (dependency for bsc#1157692). - Btrfs: tree-checker: get fs_info from eb in check_inode_item (dependency for bsc#1157692). - Btrfs: tree-checker: get fs_info from eb in check_leaf (dependency for bsc#1157692). - Btrfs: tree-checker: get fs_info from eb in check_leaf_item (dependency for bsc#1157692). - Btrfs: tree-checker: get fs_info from eb in chunk_err (dependency for bsc#1157692). - Btrfs: tree-checker: get fs_info from eb in dev_item_err (dependency for bsc#1157692). - Btrfs: tree-checker: get fs_info from eb in dir_item_err (dependency for bsc#1157692). - Btrfs: tree-checker: get fs_info from eb in file_extent_err (dependency for bsc#1157692). - Btrfs: tree-checker: get fs_info from eb in generic_err (dependency for bsc#1157692). - Btrfs: tree-checker: Make btrfs_check_chunk_valid() return EUCLEAN instead of EIO (dependency for bsc#1157692). - Btrfs: tree-checker: Make chunk item checker messages more readable (dependency for bsc#1157692). - Btrfs: tree-checker: Verify dev item (dependency for bsc#1157692). - Btrfs: tree-checker: Verify inode item (dependency for bsc#1157692). - Btrfs: volumes: Use more straightforward way to calculate map length (bsc#1151910). - can: can_dropped_invalid_skb(): ensure an initialized headroom in outgoing CAN sk_buffs (bsc#1051510). - can: gs_usb: gs_usb_probe(): use descriptors of current altsetting (bsc#1051510). - can: mscan: mscan_rx_poll(): fix rx path lockup when returning from polling to irq mode (bsc#1051510). - can: slcan: Fix use-after-free Read in slcan_open (bsc#1051510). - can, slip: Protect tty->disc_data in write_wakeup and close with RCU (bsc#1051510). - CDC-NCM: handle incomplete transfer of MTU (networking-stable-19_11_10). - cdrom: respect device capabilities during opening action (boo#1164632). - cfg80211: check for set_wiphy_params (bsc#1051510). - cfg80211: fix page refcount issue in A-MSDU decap (bsc#1051510). - cfg80211/mac80211: make ieee80211_send_layer2_update a public function (bsc#1051510). - cgroup: pids: use atomic64_t for pids->limit (bsc#1161514). - chardev: Avoid potential use-after-free in 'chrdev_open()' (bsc#1163849). - cifs: add support for flock (bsc#1144333). - CIFS: Close cached root handle only if it had a lease (bsc#1144333). - CIFS: Close open handle after interrupted close (bsc#1144333). - CIFS: close the shared root handle on tree disconnect (bsc#1144333). - CIFS: Do not miss cancelled OPEN responses (bsc#1144333). - CIFS: Fix lookup of root ses in DFS referral cache (bsc#1144333). - CIFS: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1144333). - CIFS: fix mount option display for sec=krb5i (bsc#1161907). - CIFS: Fix mount options set in automount (bsc#1144333). - CIFS: Fix NULL pointer dereference in mid callback (bsc#1144333). - CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks (bsc#1144333). - CIFS: Fix potential softlockups while refreshing DFS cache (bsc#1144333). - CIFS: Fix retrieval of DFS referrals in cifs_mount() (bsc#1144333). - CIFS: Fix use-after-free bug in cifs_reconnect() (bsc#1144333). - CIFS: Properly process SMB3 lease breaks (bsc#1144333). - CIFS: remove set but not used variables 'cinode' and 'netfid' (bsc#1144333). - CIFS: Respect O_SYNC and O_DIRECT flags during reconnect (bsc#1144333). - clk: Do not try to enable critical clocks if prepare failed (bsc#1051510). - clk: mmp2: Fix the order of timer mux parents (bsc#1051510). - clk: qcom: rcg2: Do not crash if our parent can't be found; return an error (bsc#1051510). - clk: rockchip: fix I2S1 clock gate register for rk3328 (bsc#1051510). - clk: rockchip: fix ID of 8ch clock of I2S1 for rk3328 (bsc#1051510). - clk: rockchip: fix rk3188 sclk_mac_lbtest parameter ordering (bsc#1051510). - clk: rockchip: fix rk3188 sclk_smc gate data (bsc#1051510). - clk: sunxi-ng: add mux and pll notifiers for A64 CPU clock (bsc#1051510). - clk: sunxi: sun9i-mmc: Implement reset callback for reset controls (bsc#1051510). - clk: tegra: Mark fuse clock as critical (bsc#1051510). - clocksource/drivers/bcm2835_timer: Fix memory leak of timer (bsc#1051510). - clocksource: Prevent double add_timer_on() for watchdog_timer (bsc#1051510). - closures: fix a race on wakeup from closure_sync (bsc#1163762). - configfs_register_group() shouldn't be (and isn't) called in rmdirable parts (bsc#1051510). - copy/pasted 'Recommends:' instead of 'Provides:', 'Obsoletes:' and 'Conflicts: - Cover up kABI breakage due to DH key verification (bsc#1155331). - crypto: af_alg - Use bh_lock_sock in sk_destruct (bsc#1051510). - crypto: api - Check spawn->alg under lock in crypto_drop_spawn (bsc#1051510). - crypto: api - Fix race condition in crypto_spawn_alg (bsc#1051510). - crypto: atmel-sha - fix error handling when setting hmac key (bsc#1051510). - crypto: ccp - fix uninitialized list head (bsc#1051510). - crypto: chelsio - fix writing tfm flags to wrong place (bsc#1051510). - crypto: dh - add public key verification test (bsc#1155331). - crypto: dh - fix calculating encoded key size (bsc#1155331). - crypto: dh - fix memory leak (bsc#1155331). - crypto: dh - update test for public key verification (bsc#1155331). - crypto: DRBG - add FIPS 140-2 CTRNG for noise source (bsc#1155334). - crypto: ecdh - add public key verification test (bsc#1155331). - crypto: ecdh - fix typo of P-192 b value (bsc#1155331). - crypto: pcrypt - Do not clear MAY_SLEEP flag in original request (bsc#1051510). - crypto: picoxcell - adjust the position of tasklet_init and fix missed tasklet_kill (bsc#1051510). - crypto: reexport crypto_shoot_alg() (bsc#1051510, kABI fix). - cxgb4: request the TX CIDX updates to status page (bsc#1127371). - dma-buf: Fix memory leak in sync_file_merge() (git-fixes). - dmaengine: coh901318: Fix a double-lock bug (bsc#1051510). - dmaengine: coh901318: Remove unused variable (bsc#1051510). - dmaengine: Fix access to uninitialized dma_slave_caps (bsc#1051510). - dma-mapping: fix return type of dma_set_max_seg_size() (bsc#1051510). - Documentation: Document arm64 kpti control (bsc#1162623). - drivers/base/memory.c: cache blocks in radix tree to accelerate lookup (bsc#1159955 ltc#182993). - drivers/base/memory.c: do not access uninitialized memmaps in soft_offline_page_store() (bsc#1051510). - drm/amdgpu: add function parameter description in 'amdgpu_gart_bind' (bsc#1051510). - drm/amdgpu: remove 4 set but not used variable in amdgpu_atombios_get_connector_info_from_object_table (bsc#1051510). - drm/amdgpu: remove always false comparison in 'amdgpu_atombios_i2c_process_i2c_ch' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'amdgpu_connector' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'dig' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'dig_connector' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'mc_shared_chmap' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'mc_shared_chmap' from 'gfx_v6_0.c' and 'gfx_v7_0.c' (bsc#1051510). - drm: bridge: dw-hdmi: constify copied structure (bsc#1051510). - drm/dp_mst: correct the shifting in DP_REMOTE_I2C_READ (bsc#1051510). - drm/fb-helper: Round up bits_per_pixel if possible (bsc#1051510). - drm/i810: Prevent underflow in ioctl (bsc#1114279) - drm/i915: Add missing include file &lt;linux/math64.h> (bsc#1051510). - drm/i915: Fix pid leak with banned clients (bsc#1114279) - drm: limit to INT_MAX in create_blob ioctl (bsc#1051510). - drm: meson: venc: cvbs: fix CVBS mode matching (bsc#1051510). - drm/mst: Fix MST sideband up-reply failure handling (bsc#1051510). - drm/nouveau: Fix copy-paste error in nouveau_fence_wait_uevent_handler (bsc#1051510). - drm/nouveau/secboot/gm20b: initialize pointer in gm20b_secboot_new() (bsc#1051510). - drm/qxl: Return error if fbdev is not 32 bpp (bsc#1159028) - drm/radeon: fix r1xx/r2xx register checker for POT textures (bsc#1114279) - drm/rockchip: lvds: Fix indentation of a #define (bsc#1051510). - drm/vmwgfx: prevent memory leak in vmw_cmdbuf_res_add (bsc#1051510). - e1000e: Add support for Comet Lake (bsc#1158533). - e1000e: Add support for Tiger Lake (bsc#1158533). - e1000e: Increase pause and refresh time (bsc#1158533). - e100: Fix passing zero to 'PTR_ERR' warning in e100_load_ucode_wait (bsc#1051510). - Enable CONFIG_BLK_DEV_SR_VENDOR (boo#1164632). - enic: prevent waking up stopped tx queues over watchdog reset (bsc#1133147). - exit: panic before exit_mm() on global init exit (bsc#1161549). - ext2: check err when partial != NULL (bsc#1163859). - ext4: check for directory entries too close to block end (bsc#1163861). - ext4: fix a bug in ext4_wait_for_tail_page_commit (bsc#1163841). - ext4: fix checksum errors with indexed dirs (bsc#1160979). - ext4: fix deadlock allocating crypto bounce page from mempool (bsc#1163842). - ext4: Fix mount failure with quota configured as module (bsc#1164471). - ext4: improve explanation of a mount failure caused by a misconfigured kernel (bsc#1163843). - ext4, jbd2: ensure panic when aborting with zero errno (bsc#1163853). - extcon: max8997: Fix lack of path setting in USB device mode (bsc#1051510). - firestream: fix memory leaks (bsc#1051510). - fix autofs regression caused by follow_managed() changes (bsc#1159271). - fix dget_parent() fastpath race (bsc#1159271). - Fix partial checked out tree build ... so that bisection does not break. - Fix the locking in dcache_readdir() and friends (bsc#1123328). - fjes: fix missed check in fjes_acpi_add (bsc#1051510). - fs: cifs: Fix atime update check vs mtime (bsc#1144333). - fscrypt: do not set policy for a dead directory (bsc#1163846). - fs/namei.c: fix missing barriers when checking positivity (bsc#1159271). - fs/namei.c: pull positivity check into follow_managed() (bsc#1159271). - fs/open.c: allow opening only regular files during execve() (bsc#1163845). - ftrace: Add comment to why rcu_dereference_sched() is open coded (git-fixes). - ftrace: Avoid potential division by zero in function profiler (bsc#1160784). - ftrace: Protect ftrace_graph_hash with ftrace_sync (git-fixes). - genirq: Prevent NULL pointer dereference in resend_irqs() (bsc#1051510). - genirq/proc: Return proper error code when irq_set_affinity() fails (bnc#1105392). - genirq: Properly pair kobject_del() with kobject_add() (bsc#1051510). - gpio: Fix error message on out-of-range GPIO in lookup table (bsc#1051510). - gtp: avoid zero size hashtable (networking-stable-20_01_01). - gtp: do not allow adding duplicate tid and ms_addr pdp context (networking-stable-20_01_01). - gtp: fix an use-after-free in ipv4_pdp_find() (networking-stable-20_01_01). - gtp: fix wrong condition in gtp_genl_dump_pdp() (networking-stable-20_01_01). - HID: hidraw: Fix returning EPOLLOUT from hidraw_poll (bsc#1051510). - HID: hidraw, uhid: Always report EPOLLOUT (bsc#1051510). - hidraw: Return EPOLLOUT from hidraw_poll (bsc#1051510). - HID: uhid: Fix returning EPOLLOUT from uhid_char_poll (bsc#1051510). - hwmon: (adt7475) Make volt2reg return same reg as reg2volt input (bsc#1051510). - hwmon: (core) Do not use device managed functions for memory allocations (bsc#1051510). - hwmon: (nct7802) Fix voltage limits to wrong registers (bsc#1051510). - hwmon: (pmbus/ltc2978) Fix PMBus polling of MFR_COMMON definitions (bsc#1051510). - i2c: imx: do not print error message on probe defer (bsc#1051510). - ibmveth: Detect unsupported packets before sending to the hypervisor (bsc#1159484 ltc#182983). - iio: adc: max9611: Fix too short conversion time delay (bsc#1051510). - iio: buffer: align the size of scan bytes to size of the largest element (bsc#1051510). - inet: protect against too small mtu values (networking-stable-19_12_16). - init: add arch_call_rest_init to allow stack switching (jsc#SLE-11179). - Input: aiptek - fix endpoint sanity check (bsc#1051510). - Input: cyttsp4_core - fix use after free bug (bsc#1051510). - Input: goodix - add upside-down quirk for Teclast X89 tablet (bsc#1051510). - Input: gtco - fix endpoint sanity check (bsc#1051510). - Input: keyspan-remote - fix control-message timeouts (bsc#1051510). - Input: pegasus_notetaker - fix endpoint sanity check (bsc#1051510). - Input: pm8xxx-vib - fix handling of separate enable register (bsc#1051510). - Input: rmi_f54 - read from FIFO in 32 byte blocks (bsc#1051510). - Input: sun4i-ts - add a check for devm_thermal_zone_of_sensor_register (bsc#1051510). - Input: sur40 - fix interface sanity checks (bsc#1051510). - Input: synaptics-rmi4 - do not increment rmiaddr for SMBus transfers (bsc#1051510). - Input: synaptics-rmi4 - simplify data read in rmi_f54_work (bsc#1051510). - Input: synaptics - switch another X1 Carbon 6 to RMI/SMbus (bsc#1051510). - iommu/amd: Fix IOMMU perf counter clobbering during init (bsc#1162617). - iommu/arm-smmu-v3: Populate VMID field for CMDQ_OP_TLBI_NH_VA (bsc#1164314). - iommu/io-pgtable-arm: Fix race handling in split_blk_unmap() (bsc#1164115). - iommu: Remove device link to group on failure (bsc#1160755). - iommu/vt-d: Unlink device if failed to add to group (bsc#1160756). - ipv4: Fix table id reference in fib_sync_down_addr (networking-stable-19_11_10). - iwlegacy: ensure loop counter addr does not wrap and cause an infinite loop (git-fixes). - iwlwifi: do not throw error when trying to remove IGTK (bsc#1051510). - iwlwifi: mvm: fix NVM check for 3168 devices (bsc#1051510). - iwlwifi: mvm: Send non offchannel traffic via AP sta (bsc#1051510). - iwlwifi: mvm: synchronize TID queue removal (bsc#1051510). - jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info when load journal (bsc#1163862). - jbd2: do not clear the BH_Mapped flag when forgetting a metadata buffer (bsc#1163836). - jbd2: Fix possible overflow in jbd2_log_space_left() (bsc#1163860). - jbd2: make sure ESHUTDOWN to be recorded in the journal superblock (bsc#1163863). - jbd2: move the clearing of b_modified flag to the journal_unmap_buffer() (bsc#1163880). - jbd2: switch to use jbd2_journal_abort() when failed to submit the commit record (bsc#1163852). - kABI: add _q suffix to exports that take struct dh (bsc#1155331). - kABI: protect struct sctp_ep_common (kabi). - kABI workaround for can/skb.h inclusion (bsc#1051510). - kconfig: fix broken dependency in randconfig-generated .config (bsc#1051510). - kernel-binary.spec.in: do not recommend firmware for kvmsmall and azure flavor (boo#1161360). - kernel/trace: Fix do not unregister tracepoints when register sched_migrate_task fail (bsc#1160787). - kernfs: Fix range checks in kernfs_get_target_path (bsc#1051510). - kexec: bail out upon SIGKILL when allocating memory (git-fixes). - KVM: Clean up __kvm_gfn_to_hva_cache_init() and its callers (bsc#1133021). - KVM: fix spectrev1 gadgets (bsc#1164705). - KVM: PPC: Book3S HV: Uninit vCPU if vcore creation fails (bsc#1061840). - KVM: PPC: Book3S PR: Fix -Werror=return-type build failure (bsc#1061840). - KVM: PPC: Book3S PR: Free shared page if mmu initialization fails (bsc#1061840). - KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl (git-fixes). - KVM: s390: Test for bad access register and size at the start of S390_MEM_OP (git-fixes). - KVM: SVM: Override default MMIO mask if memory encryption is enabled (bsc#1162618). - KVM: x86: Host feature SSBD does not imply guest feature SPEC_CTRL_SSBD (bsc#1160476). - KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks (bsc#1164734). - KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks (bsc#1164728). - KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks (bsc#1164729). - KVM: x86: Protect kvm_hv_msr_[get|set]_crash_data() from Spectre-v1/L1TF attacks (bsc#1164712). - KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks (bsc#1164730). - KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks in x86.c (bsc#1164733). - KVM: x86: Protect MSR-based index computations in fixed_msr_to_seg_unit() from Spectre-v1/L1TF attacks (bsc#1164731). - KVM: x86: Protect MSR-based index computations in pmu.h from Spectre-v1/L1TF attacks (bsc#1164732). - KVM: x86: Protect pmu_intel.c from Spectre-v1/L1TF attacks (bsc#1164735). - KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks (bsc#1164705). - KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks (bsc#1164727). - leds: Allow to call led_classdev_unregister() unconditionally (bsc#1161674). - leds: class: ensure workqueue is initialized before setting brightness (bsc#1161674). - lib: crc64: include &lt;linux/crc64.h> for 'crc64_be' (bsc#1163762). - lib/scatterlist.c: adjust indentation in __sg_alloc_table (bsc#1051510). - lib/test_kasan.c: fix memory leak in kmalloc_oob_krealloc_more() (bsc#1051510). - livepatch/samples/selftest: Use klp_shadow_alloc() API correctly (bsc#1071995). - livepatch/selftest: Clean up shadow variable names and type (bsc#1071995). - livepatch: Simplify stack trace retrieval (jsc#SLE-11179). - mac80211: Do not send Layer 2 Update frame before authorization (bsc#1051510). - mac80211: Fix TKIP replay protection immediately after key setup (bsc#1051510). - mac80211: mesh: restrict airtime metric to peered established plinks (bsc#1051510). - macvlan: do not assume mac_header is set in macvlan_broadcast() (bsc#1051510). - macvlan: use skb_reset_mac_header() in macvlan_queue_xmit() (bsc#1051510). - media: af9005: uninitialized variable printked (bsc#1051510). - media: cec: CEC 2.0-only bcast messages were ignored (git-fixes). - media: cec.h: CEC_OP_REC_FLAG_ values were swapped (bsc#1051510). - media: cec: report Vendor ID after initialization (bsc#1051510). - media: digitv: do not continue if remote control state can't be read (bsc#1051510). - media: dvb-usb/dvb-usb-urb.c: initialize actlen to 0 (bsc#1051510). - media: exynos4-is: fix wrong mdev and v4l2 dev order in error path (git-fixes). - media: gspca: zero usb_buf (bsc#1051510). - media: iguanair: fix endpoint sanity check (bsc#1051510). - media: ov6650: Fix crop rectangle alignment not passed back (git-fixes). - media: ov6650: Fix incorrect use of JPEG colorspace (git-fixes). - media: pulse8-cec: fix lost cec_transmit_attempt_done() call. - media: pulse8-cec: return 0 when invalidating the logical address (bsc#1051510). - media: stkwebcam: Bugfix for wrong return values (bsc#1051510). - media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors (bsc#1051510). - media/v4l2-core: set pages dirty upon releasing DMA buffers (bsc#1051510). - media: v4l2-ioctl.c: zero reserved fields for S/TRY_FMT (bsc#1051510). - media: v4l2-rect.h: fix v4l2_rect_map_inside() top/left adjustments (bsc#1051510). - mfd: da9062: Fix watchdog compatible string (bsc#1051510). - mfd: dln2: More sanity checking for endpoints (bsc#1051510). - mfd: rn5t618: Mark ADC control register volatile (bsc#1051510). - mmc: mediatek: fix CMD_TA to 2 for MT8173 HS200/HS400 mode (bsc#1051510). - mmc: sdhci: fix minimum clock rate for v3 controller (bsc#1051510). - mmc: sdhci-of-esdhc: fix P2020 errata handling (bsc#1051510). - mmc: sdhci-of-esdhc: Revert 'mmc: sdhci-of-esdhc: add erratum A-009204 support' (bsc#1051510). - mmc: spi: Toggle SPI polarity, do not hardcode it (bsc#1051510). - mmc: tegra: fix SDR50 tuning override (bsc#1051510). - mm: memory_hotplug: use put_device() if device_register fail (bsc#1159955 ltc#182993). - mm/page-writeback.c: fix range_cyclic writeback vs writepages deadlock (bsc#1159394). - mod_devicetable: fix PHY module format (networking-stable-19_12_28). - mtd: fix mtd_oobavail() incoherent returned value (bsc#1051510). - mwifiex: drop most magic numbers from mwifiex_process_tdls_action_frame() (git-fixes). - namei: only return -ECHILD from follow_dotdot_rcu() (bsc#1163851). - net: bridge: deny dev_set_mac_address() when unregistering (networking-stable-19_12_16). - net: cdc_ncm: Signedness bug in cdc_ncm_set_dgram_size() (git-fixes). - net: dst: Force 4-byte alignment of dst_metrics (networking-stable-19_12_28). - net: ena: fix napi handler misbehavior when the napi budget is zero (networking-stable-20_01_01). - net: ethernet: octeon_mgmt: Account for second possible VLAN header (networking-stable-19_11_10). - net: ethernet: ti: cpsw: fix extra rx interrupt (networking-stable-19_12_16). - netfilter: nf_queue: enqueue skbs with NULL dst (git-fixes). - net: fix data-race in neigh_event_send() (networking-stable-19_11_10). - net: hisilicon: Fix a BUG trigered by wrong bytes_compl (networking-stable-19_12_28). - net/mlx4_en: fix mlx4 ethtool -N insertion (networking-stable-19_11_25). - net/mlx5e: Fix set vf link state error flow (networking-stable-19_11_25). - net/mlx5e: Fix SFF 8472 eeprom length (git-fixes). - net/mlx5: prevent memory leak in mlx5_fpga_conn_create_cq (bsc#1046303). - net/mlxfw: Fix out-of-memory error in mfa2 flash burning (bsc#1051858). - net: nfc: nci: fix a possible sleep-in-atomic-context bug in nci_uart_tty_receive() (networking-stable-19_12_28). - net: psample: fix skb_over_panic (networking-stable-19_12_03). - net: qlogic: Fix error paths in ql_alloc_large_buffers() (networking-stable-19_12_28). - net: rtnetlink: prevent underflows in do_setvfinfo() (networking-stable-19_11_25). - net/sched: act_pedit: fix WARN() in the traffic path (networking-stable-19_11_25). - net: sched: correct flower port blocking (git-fixes). - net: sched: fix `tc -s class show` no bstats on class with nolock subqueues (networking-stable-19_12_03). - net: usb: lan78xx: Fix suspend/resume PHY register access error (networking-stable-19_12_28). - net: usb: lan78xx: limit size of local TSO packets (bsc#1051510). - net: usb: qmi_wwan: add support for DW5821e with eSIM support (networking-stable-19_11_10). - net: usb: qmi_wwan: add support for Foxconn T77W968 LTE modules (networking-stable-19_11_18). - new helper: lookup_positive_unlocked() (bsc#1159271). - NFC: fdp: fix incorrect free object (networking-stable-19_11_10). - NFC: pn533: fix bulk-message timeout (bsc#1051510). - NFC: pn544: Adjust indentation in pn544_hci_check_presence (git-fixes). - NFC: st21nfca: fix double free (networking-stable-19_11_10). - nvme: fix the parameter order for nvme_get_log in nvme_get_fw_slot_info (bsc#1163774). - openvswitch: drop unneeded BUG_ON() in ovs_flow_cmd_build_info() (networking-stable-19_12_03). - openvswitch: remove another BUG_ON() (networking-stable-19_12_03). - openvswitch: support asymmetric conntrack (networking-stable-19_12_16). - orinoco_usb: fix interface sanity check (git-fixes). - PCI: Add DMA alias quirk for Intel VCA NTB (bsc#1051510). - PCI: Do not disable bridge BARs when assigning bus resources (bsc#1051510). - PCI/IOV: Fix memory leak in pci_iov_add_virtfn() (git-fixes). - PCI/switchtec: Fix vep_vector_number ioread width (bsc#1051510). - percpu: Separate decrypted varaibles anytime encryption can be enabled (bsc#1114279). - perf/x86/intel: Fix inaccurate period in context switch for auto-reload (bsc#1164315). - phy: qualcomm: Adjust indentation in read_poll_timeout (bsc#1051510). - pinctrl: qcom: ssbi-gpio: fix gpio-hog related boot issues (bsc#1051510). - pinctrl: sh-pfc: r8a7778: Fix duplicate SDSELF_B and SD1_CLK_B (bsc#1051510). - platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0 (bsc#1051510). - platform/x86: hp-wmi: Make buffer for HPWMI_FEATURE2_QUERY 128 bytes (bsc#1051510). - platform/x86: pmc_atom: Add Siemens CONNECT X300 to critclk_systems DMI table (bsc#1051510). - powerpc: Allow 64bit VDSO __kernel_sync_dicache to work across ranges >4GB (bnc#1151927 5.3.17). - powerpc: Allow flush_icache_range to work across ranges >4GB (bnc#1151927 5.3.17). - powerpc/archrandom: fix arch_get_random_seed_int() (bsc#1065729). - powerpc: avoid adjusting memory_limit for capture kernel memory reservation (bsc#1140025 ltc#176086). - powerpc: Fix vDSO clock_getres() (bsc#1065729). - powerpc/irq: fix stack overflow verification (bsc#1065729). - powerpc/livepatch: return -ERRNO values in save_stack_trace_tsk_reliable() (bsc#1071995 bsc#1161875). - powerpc/mm: drop #ifdef CONFIG_MMU in is_ioremap_addr() (bsc#1065729). - powerpc/mm: Remove kvm radix prefetch workaround for Power9 DD2.2 (bsc#1061840). - powerpc/pkeys: remove unused pkey_allows_readwrite (bsc#1065729). - powerpc/powernv: Disable native PCIe port management (bsc#1065729). - powerpc/pseries: Advance pfn if section is not present in lmb_is_removable() (bsc#1065729). - powerpc/pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce for DDW (bsc#1065729). - powerpc/pseries: Drop pointless static qualifier in vpa_debugfs_init() (git-fixes). - powerpc/pseries/hotplug-memory: Change rc variable to bool (bsc#1065729). - powerpc/pseries/lparcfg: Fix display of Maximum Memory (bsc#1162028 ltc#181740). - powerpc/pseries/vio: Fix iommu_table use-after-free refcount warning (bsc#1065729). - powerpc: reserve memory for capture kernel after hugepages init (bsc#1140025 ltc#176086). - powerpc/security: Fix debugfs data leak on 32-bit (bsc#1065729). - powerpc/tm: Fix clearing MSR[TS] in current when reclaiming on signal delivery (bsc#1118338 ltc#173734). - powerpc/tools: Do not quote $objdump in scripts (bsc#1065729). - powerpc/xive: Discard ESB load value when interrupt is invalid (bsc#1085030). - powerpc/xive: Skip ioremap() of ESB pages for LSI interrupts (bsc#1085030). - powerpc/xmon: do not access ASDR in VMs (bsc#1065729). - power: supply: ltc2941-battery-gauge: fix use-after-free (bsc#1051510). - ppp: Adjust indentation into ppp_async_input (git-fixes). - prevent active file list thrashing due to refault detection (VM Performance, bsc#1156286). - pstore/ram: Write new dumps to start of recycled zones (bsc#1051510). - pwm: omap-dmtimer: Remove PWM chip in .remove before making it unfunctional (git-fixes). - pwm: Remove set but not set variable 'pwm' (git-fixes). - pxa168fb: Fix the function used to release some memory in an error (bsc#1114279) - qede: Disable hardware gro when xdp prog is installed (bsc#1086314 bsc#1086313 bsc#1086301 ). - qede: Fix multicast mac configuration (networking-stable-19_12_28). - qede: fix NULL pointer deref in __qede_remove() (networking-stable-19_11_10). - qmi_wwan: Add support for Quectel RM500Q (bsc#1051510). - quota: Check that quota is not dirty before release (bsc#1163858). - quota: fix livelock in dquot_writeback_dquots (bsc#1163857). - r8152: add missing endpoint sanity check (bsc#1051510). - r8152: get default setting of WOL before initializing (bsc#1051510). - random: move FIPS continuous test to output functions (bsc#1155334). - RDMA/bnxt_re: Avoid freeing MR resources if dereg fails (bsc#1050244). - RDMA/hns: Prevent memory leaks of eq->buf_list (bsc#1104427 ). - README.BRANCH: Update the branch name to cve/linux-4.12 - regulator: Fix return value of _set_load() stub (bsc#1051510). - regulator: rk808: Lower log level on optional GPIOs being not available (bsc#1051510). - regulator: rn5t618: fix module aliases (bsc#1051510). - reiserfs: Fix memory leak of journal device string (bsc#1163867). - reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling (bsc#1163869). - resource: fix locking in find_next_iomem_res() (bsc#1114279). - Revert 'ath10k: fix DMA related firmware crashes on multiple devices' (git-fixes). - Revert 'Input: synaptics-rmi4 - do not increment rmiaddr for SMBus transfers' (bsc#1051510). - Revert 'mmc: sdhci: Fix incorrect switch to HS mode' (bsc#1051510). - rpm/kabi.pl: support new (>=5.4) Module.symvers format (new symbol namespace field) - rpm/kernel-binary.spec.in: Replace Novell with SUSE - rpm/kernel-subpackage-spec: Exclude kernel-firmware recommends (bsc#1143959) For reducing the dependency on kernel-firmware in sub packages - rpm/kernel-subpackage-spec: Fix empty Recommends tag (bsc#1143959) - rpm/kernel-subpackage-spec: fix kernel-default-base build There were some issues with recent changes to subpackage dependencies handling: - rpm/kernel-subpackage-spec: Unify dependency handling. - rpm/modules.fips: update module list (bsc#1157853) - rsi_91x_usb: fix interface sanity check (git-fixes). - rtc: cmos: Stop using shared IRQ (bsc#1051510). - rtc: dt-binding: abx80x: fix resistance scale (bsc#1051510). - rtc: hym8563: Return -EINVAL if the time is known to be invalid (bsc#1051510). - rtc: max8997: Fix the returned value in case of error in 'max8997_rtc_read_alarm()' (bsc#1051510). - rtc: msm6242: Fix reading of 10-hour digit (bsc#1051510). - rtc: pcf8523: set xtal load capacitance from DT (bsc#1051510). - rtc: s35390a: Change buf's type to u8 in s35390a_init (bsc#1051510). - rtl8xxxu: fix interface sanity check (git-fixes). - rtlwifi: Fix MAX MPDU of VHT capability (git-fixes). - rtlwifi: Remove redundant semicolon in wifi.h (git-fixes). - s390: add stack switch helper (jsc#SLE-11179). - s390: add support for virtually mapped kernel stacks (jsc#SLE-11179). - s390: always inline current_stack_pointer() (jsc#SLE-11179). - s390: always inline disabled_wait (jsc#SLE-11179). - s390: avoid misusing CALL_ON_STACK for task stack setup (jsc#SLE-11179). - s390: clean up stacks setup (jsc#SLE-11179). - s390: correct CALL_ON_STACK back_chain saving (jsc#SLE-11179). - s390: disable preemption when switching to nodat stack with CALL_ON_STACK (jsc#SLE-11179). - s390: fine-tune stack switch helper (jsc#SLE-11179). - s390: fix register clobbering in CALL_ON_STACK (jsc#SLE-11179). - s390/ftrace: generate traced function stack frame (jsc#SLE-11178 jsc#SLE-11179). - s390/ftrace: save traced function caller (jsc#SLE-11179). - s390/ftrace: use HAVE_FUNCTION_GRAPH_RET_ADDR_PTR (jsc#SLE-11179). - s390/head64: correct init_task stack setup (jsc#SLE-11179). - s390: kabi workaround for ftrace_ret_stack (jsc#SLE-11179). - s390: kabi workaround for lowcore changes due to vmap stack (jsc#SLE-11179). - s390: kabi workaround for reliable stack tracing (jsc#SLE-11179). - s390/kasan: avoid false positives during stack unwind (jsc#SLE-11179). - s390/kasan: avoid report in get_wchan (jsc#SLE-11179). - s390/livepatch: Implement reliable stack tracing for the consistency model (jsc#SLE-11179). - s390: preserve kabi for stack unwind API (jsc#SLE-11179). - s390/process: avoid custom stack unwinding in get_wchan (jsc#SLE-11179). - s390/qeth: clean up page frag creation (git-fixes). - s390/qeth: consolidate skb allocation (git-fixes). - s390/qeth: ensure linear access to packet headers (git-fixes). - s390/qeth: guard against runt packets (git-fixes). - s390/stacktrace: use common arch_stack_walk infrastructure (jsc#SLE-11179). - s390/suspend: fix stack setup in swsusp_arch_suspend (jsc#SLE-11179). - s390/test_unwind: print verbose unwinding results (jsc#SLE-11179). - s390: unify stack size definitions (jsc#SLE-11179). - s390/unwind: add stack pointer alignment sanity checks (jsc#SLE-11179). - s390/unwind: always inline get_stack_pointer (jsc#SLE-11179). - s390/unwind: avoid int overflow in outside_of_stack (jsc#SLE-11179). - s390/unwind: cleanup unused READ_ONCE_TASK_STACK (jsc#SLE-11179). - s390/unwind: correct stack switching during unwind (jsc#SLE-11179). - s390/unwind: drop unnecessary code around calling ftrace_graph_ret_addr() (jsc#SLE-11179). - s390/unwind: filter out unreliable bogus %r14 (jsc#SLE-11179). - s390/unwind: fix get_stack_pointer(NULL, NULL) (jsc#SLE-11179). - s390/unwind: fix mixing regs and sp (jsc#SLE-11179). - s390/unwind: introduce stack unwind API (jsc#SLE-11179). - s390/unwind: make reuse_sp default when unwinding pt_regs (jsc#SLE-11179). - s390/unwind: remove stack recursion warning (jsc#SLE-11179). - s390/unwind: report an error if pt_regs are not on stack (jsc#SLE-11179). - s390/unwind: start unwinding from reliable state (jsc#SLE-11179). - s390/unwind: stop gracefully at task pt_regs (jsc#SLE-11179). - s390/unwind: stop gracefully at user mode pt_regs in irq stack (jsc#SLE-11179). - s390/unwind: unify task is current checks (jsc#SLE-11179). - sched/fair: Add tmp_alone_branch assertion (bnc#1156462). - sched/fair: Fix insertion in rq->leaf_cfs_rq_list (bnc#1156462). - sched/fair: Fix O(nr_cgroups) in the load balancing path (bnc#1156462). - sched/fair: Optimize update_blocked_averages() (bnc#1156462). - scsi: qla2xxx: Add a shadow variable to hold disc_state history of fcport (bsc#1158013). - scsi: qla2xxx: Add D-Port Diagnostic reason explanation logs (bsc#1158013). - scsi: qla2xxx: Cleanup unused async_logout_done (bsc#1158013). - scsi: qla2xxx: Consolidate fabric scan (bsc#1158013). - scsi: qla2xxx: Correct fcport flags handling (bsc#1158013). - scsi: qla2xxx: Fix a NULL pointer dereference in an error path (bsc#1157966 bsc#1158013 bsc#1157424). - scsi: qla2xxx: Fix fabric scan hang (bsc#1158013). - scsi: qla2xxx: Fix mtcp dump collection failure (bsc#1158013). - scsi: qla2xxx: Fix RIDA Format-2 (bsc#1158013). - scsi: qla2xxx: Fix stuck login session using prli_pend_timer (bsc#1158013). - scsi: qla2xxx: Fix stuck session in GNL (bsc#1158013). - scsi: qla2xxx: Fix the endianness of the qla82xx_get_fw_size() return type (bsc#1158013). - scsi: qla2xxx: Fix unbound NVME response length (bsc#1157966 bsc#1158013 bsc#1157424). - scsi: qla2xxx: Fix update_fcport for current_topology (bsc#1158013). - scsi: qla2xxx: Improve readability of the code that handles qla_flt_header (bsc#1158013). - scsi: qla2xxx: Remove defer flag to indicate immeadiate port loss (bsc#1158013). - scsi: qla2xxx: Update driver version to 10.01.00.22-k (bsc#1158013). - scsi: qla2xxx: Use common routine to free fcport struct (bsc#1158013). - scsi: qla2xxx: Use get_unaligned_*() instead of open-coding these functions (bsc#1158013). - scsi: zfcp: trace channel log even for FCP command responses (git-fixes). - sctp: cache netns in sctp_ep_common (networking-stable-19_12_03). - sctp: fully initialize v4 addr in some functions (networking-stable-19_12_28). - serial: 8250_bcm2835aux: Fix line mismatch on driver unbind (bsc#1051510). - serial: ifx6x60: add missed pm_runtime_disable (bsc#1051510). - serial: pl011: Fix DMA ->flush_buffer() (bsc#1051510). - serial: serial_core: Perform NULL checks for break_ctl ops (bsc#1051510). - serial: stm32: fix transmit_chars when tx is stopped (bsc#1051510). - sfc: Only cancel the PPS workqueue if it exists (networking-stable-19_11_25). - sh_eth: check sh_eth_cpu_data::dual_port when dumping registers (bsc#1051510). - sh_eth: fix dumping ARSTR (bsc#1051510). - sh_eth: fix invalid context bug while calling auto-negotiation by ethtool (bsc#1051510). - sh_eth: fix invalid context bug while changing link options by ethtool (bsc#1051510). - sh_eth: fix TSU init on SH7734/R8A7740 (bsc#1051510). - sh_eth: fix TXALCR1 offsets (bsc#1051510). - sh_eth: TSU_QTAG0/1 registers the same as TSU_QTAGM0/1 (bsc#1051510). - SMB3: Fix crash in SMB2_open_init due to uninitialized field in compounding path (bsc#1144333). - SMB3: Fix persistent handles reconnect (bsc#1144333). - smb3: fix refcount underflow warning on unmount when no directory leases (bsc#1144333). - smb3: remove confusing dmesg when mounting with encryption ('seal') (bsc#1144333). - soc: renesas: rcar-sysc: Add goto to of_node_put() before return (bsc#1051510). - soc/tegra: fuse: Correct straps' address for older Tegra124 device trees (bsc#1051510). - soc: ti: wkup_m3_ipc: Fix race condition with rproc_boot (bsc#1051510). - spi: tegra114: clear packed bit for unpacked mode (bsc#1051510). - spi: tegra114: configure dma burst size to fifo trig level (bsc#1051510). - spi: tegra114: fix for unpacked mode transfers (bsc#1051510). - spi: tegra114: flush fifos (bsc#1051510). - spi: tegra114: terminate dma and reset on transfer timeout (bsc#1051510). - sr_vendor: support Beurer GL50 evo CD-on-a-chip devices (boo#1164632). - stacktrace: Do not skip first entry on noncurrent tasks (jsc#SLE-11179). - stacktrace: Force USER_DS for stack_trace_save_user() (jsc#SLE-11179). - stacktrace: Get rid of unneeded '!!' pattern (jsc#SLE-11179). - stacktrace: Provide common infrastructure (jsc#SLE-11179). - stacktrace: Provide helpers for common stack trace operations (jsc#SLE-11179). - stacktrace: Unbreak stack_trace_save_tsk_reliable() (jsc#SLE-11179). - stacktrace: Use PF_KTHREAD to check for kernel threads (jsc#SLE-11179). - staging: comedi: adv_pci1710: fix AI channels 16-31 for PCI-1713 (bsc#1051510). - Staging: iio: adt7316: Fix i2c data reading, set the data field (bsc#1051510). - staging: rtl8188eu: fix interface sanity check (bsc#1051510). - staging: vt6656: correct packet types for CTS protect, mode (bsc#1051510). - staging: vt6656: Fix false Tx excessive retries reporting (bsc#1051510). - staging: vt6656: use NULLFUCTION stack on mac80211 (bsc#1051510). - staging: wlan-ng: ensure error return is actually returned (bsc#1051510). - stop_machine: Atomically queue and wake stopper threads (bsc#1088810, bsc#1161702). - stop_machine: Disable preemption after queueing stopper threads (bsc#1088810, bsc#1161702). - stop_machine: Disable preemption when waking two stopper threads (bsc#1088810, bsc#1161702). - stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock (bsc#1088810, bsc#1161702). - tcp: clear tp->packets_out when purging write queue (bsc#1160560). - tcp: do not send empty skb from tcp_write_xmit() (networking-stable-20_01_01). - tcp: exit if nothing to retransmit on RTO timeout (bsc#1160560, stable 4.14.159). - tcp: md5: fix potential overestimation of TCP option space (networking-stable-19_12_16). - tracing: Annotate ftrace_graph_hash pointer with __rcu (git-fixes). - tracing: Annotate ftrace_graph_notrace_hash pointer with __rcu (git-fixes). - tracing: Cleanup stack trace code (jsc#SLE-11179). - tracing: Fix tracing_stat return values in error handling paths (git-fixes). - tracing: Fix very unlikely race of registering two stat tracers (git-fixes). - tracing: Have the histogram compare functions convert to u64 first (bsc#1160210). - tracing: xen: Ordered comparison of function pointers (git-fixes). - tty: n_hdlc: fix build on SPARC (bsc#1051510). - tty/serial: atmel: Add is_half_duplex helper (bsc#1051510). - tty: serial: msm_serial: Fix lockup for sysrq and oops (bsc#1051510). - tty: vt: keyboard: reject invalid keycodes (bsc#1051510). - ubifs: do not trigger assertion on invalid no-key filename (bsc#1163850). - ubifs: Fix deadlock in concurrent bulk-read and writepage (bsc#1163856). - ubifs: Fix FS_IOC_SETFLAGS unexpectedly clearing encrypt flag (bsc#1163855). - ubifs: Reject unsupported ioctl flags explicitly (bsc#1163844). - udp: fix integer overflow while computing available space in sk_rcvbuf (networking-stable-20_01_01). - USB: adutux: fix interface sanity check (bsc#1051510). - USB: Allow USB device to be warm reset in suspended state (bsc#1051510). - USB: atm: ueagle-atm: add missing endpoint check (bsc#1051510). - USB: chipidea: host: Disable port power only if previously enabled (bsc#1051510). - USB: core: fix check for duplicate endpoints (git-fixes). - USB: core: hub: Improved device recognition on remote wakeup (bsc#1051510). - USB: core: urb: fix URB structure initialization function (bsc#1051510). - USB: documentation: flags on usb-storage versus UAS (bsc#1051510). - USB: dwc3: debugfs: Properly print/set link state for HS (bsc#1051510). - USB: dwc3: do not log probe deferrals; but do log other error codes (bsc#1051510). - USB: dwc3: ep0: Clear started flag on completion (bsc#1051510). - USB: dwc3: turn off VBUS when leaving host mode (bsc#1051510). - USB: EHCI: Do not return -EPIPE when hub is disconnected (git-fixes). - USB: gadget: f_ecm: Use atomic_t to track in-flight request (bsc#1051510). - USB: gadget: f_ncm: Use atomic_t to track in-flight request (bsc#1051510). - USB: gadget: legacy: set max_speed to super-speed (bsc#1051510). - USB: gadget: pch_udc: fix use after free (bsc#1051510). - USB: gadget: u_serial: add missing port entry locking (bsc#1051510). - USB: gadget: Zero ffs_io_data (bsc#1051510). - USB: host: xhci-hub: fix extra endianness conversion (bsc#1051510). - USB: idmouse: fix interface sanity checks (bsc#1051510). - usbip: Fix error path of vhci_recv_ret_submit() (git-fixes). - usbip: Fix receive error in vhci-hcd when using scatter-gather (bsc#1051510). - USB: mon: Fix a deadlock in usbmon between mmap and read (bsc#1051510). - USB: mtu3: fix dbginfo in qmu_tx_zlp_error_handler (bsc#1051510). - USB: musb: dma: Correct parameter passed to IRQ handler (bsc#1051510). - USB: musb: fix idling for suspend after disconnect interrupt (bsc#1051510). - USB: serial: ch341: handle unbound port at reset_resume (bsc#1051510). - USB: serial: io_edgeport: add missing active-port sanity check (bsc#1051510). - USB: serial: io_edgeport: fix epic endpoint lookup (bsc#1051510). - USB: serial: io_edgeport: handle unbound ports on URB completion (bsc#1051510). - USB: serial: io_edgeport: use irqsave() in USB's complete callback (bsc#1051510). - USB: serial: ir-usb: add missing endpoint sanity check (bsc#1051510). - USB: serial: ir-usb: fix IrLAP framing (bsc#1051510). - USB: serial: ir-usb: fix link-speed handling (bsc#1051510). - USB: serial: keyspan: handle unbound ports (bsc#1051510). - USB: serial: opticon: fix control-message timeouts (bsc#1051510). - USB: serial: option: Add support for Quectel RM500Q (bsc#1051510). - USB: serial: option: add support for Quectel RM500Q in QDL mode (git-fixes). - USB: serial: option: add Telit ME910G1 0x110a composition (git-fixes). - USB: serial: option: add ZLP support for 0x1bc7/0x9010 (git-fixes). - USB: serial: quatech2: handle unbound ports (bsc#1051510). - USB: serial: simple: Add Motorola Solutions TETRA MTP3xxx and MTP85xx (bsc#1051510). - USB: serial: suppress driver bind attributes (bsc#1051510). - usb-storage: Disable UAS on JMicron SATA enclosure (bsc#1051510). - USB: typec: tcpci: mask event interrupts when remove driver (bsc#1051510). - USB: uas: heed CAPACITY_HEURISTICS (bsc#1051510). - USB: uas: honor flag to avoid CAPACITY16 (bsc#1051510). - USB: xhci: Fix build warning seen with CONFIG_PM=n (bsc#1051510). - USB: xhci: only set D3hot for pci device (bsc#1051510). - vhost/vsock: accept only packets with the right dst_cid (networking-stable-20_01_01). - watchdog: max77620_wdt: fix potential build errors (bsc#1051510). - watchdog: rn5t618_wdt: fix module aliases (bsc#1051510). - watchdog: wdat_wdt: fix get_timeleft call for wdat_wdt (bsc#1162557). - wireless: fix enabling channel 12 for custom regulatory domain (bsc#1051510). - wireless: wext: avoid gcc -O3 warning (bsc#1051510). - workqueue: Fix pwq ref leak in rescuer_thread() (bsc#1160211). - x86/cpu: Update cached HLE state on write to TSX_CTRL_CPUID_CLEAR (bsc#1162619). - x86/intel_rdt: Split resource group removal in two (bsc#1112178). - x86/kgbd: Use NMI_VECTOR not APIC_DM_NMI (bsc#1114279). - x86/MCE/AMD: Allow any CPU to initialize the smca_banks array (bsc#1114279). - x86/MCE/AMD: Allow Reserved types to be overwritten in smca_banks (bsc#1114279). - x86/MCE/AMD: Do not use rdmsr_safe_on_cpu() in smca_configure() (bsc#1114279). - x86/MCE: Fix possibly incorrect severity calculation on AMD (bsc#1114279). - x86/resctrl: Check monitoring static key in the MBM overflow handler (bsc#1114279). - x86/resctrl: Fix a deadlock due to inaccurate reference (bsc#1112178). - x86/resctrl: Fix an imbalance in domain_remove_cpu() (bsc#1114279). - x86/resctrl: Fix potential memory leak (bsc#1114279). - x86/resctrl: Fix use-after-free due to inaccurate refcount of rdtgroup (bsc#1112178). - x86/resctrl: Fix use-after-free when deleting resource groups (bsc#1114279). - xen/balloon: Support xend-based toolstack take two (bsc#1065600). - xen/blkback: Avoid unmapping unmapped grant pages (bsc#1065600). - xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk (bsc#1065600). - xen-blkfront: switch kcalloc to kvcalloc for large array allocation (bsc#1160917). - xen: Enable interrupts when calling _cond_resched() (bsc#1065600). - xfrm: Fix transport mode skb control buffer usage (bsc#1161552). - xfs: Fix tail rounding in xfs_alloc_file_space() (bsc#1161087, bsc#1153917). - xhci: Fix memory leak in xhci_add_in_port() (bsc#1051510). - xhci: fix USB3 device initiated resume race with roothub autosuspend (bsc#1051510). - xhci: handle some XHCI_TRUST_TX_LENGTH quirks cases as default behaviour (bsc#1051510). - xhci: Increase STS_HALT timeout in xhci_suspend() (bsc#1051510). - xhci: make sure interrupts are restored to correct state (bsc#1051510). - zd1211rw: fix storage endpoint lookup (git-fixes). Important SUSE bug 1046303 SUSE bug 1050244 SUSE bug 1051510 SUSE bug 1051858 SUSE bug 1061840 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1085030 SUSE bug 1086301 SUSE bug 1086313 SUSE bug 1086314 SUSE bug 1088810 SUSE bug 1104427 SUSE bug 1105392 SUSE bug 1111666 SUSE bug 1112178 SUSE bug 1112504 SUSE bug 1114279 SUSE bug 1118338 SUSE bug 1123328 SUSE bug 1127371 SUSE bug 1133021 SUSE bug 1133147 SUSE bug 1134973 SUSE bug 1140025 SUSE bug 1143959 SUSE bug 1144333 SUSE bug 1151910 SUSE bug 1151927 SUSE bug 1153917 SUSE bug 1154243 SUSE bug 1155331 SUSE bug 1155334 SUSE bug 1156259 SUSE bug 1156286 SUSE bug 1156462 SUSE bug 1157155 SUSE bug 1157157 SUSE bug 1157303 SUSE bug 1157424 SUSE bug 1157692 SUSE bug 1157853 SUSE bug 1157966 SUSE bug 1158013 SUSE bug 1158021 SUSE bug 1158026 SUSE bug 1158533 SUSE bug 1158819 SUSE bug 1159028 SUSE bug 1159271 SUSE bug 1159297 SUSE bug 1159394 SUSE bug 1159483 SUSE bug 1159484 SUSE bug 1159569 SUSE bug 1159588 SUSE bug 1159841 SUSE bug 1159908 SUSE bug 1159909 SUSE bug 1159910 SUSE bug 1159911 SUSE bug 1159955 SUSE bug 1160195 SUSE bug 1160210 SUSE bug 1160211 SUSE bug 1160218 SUSE bug 1160433 SUSE bug 1160442 SUSE bug 1160476 SUSE bug 1160560 SUSE bug 1160755 SUSE bug 1160756 SUSE bug 1160784 SUSE bug 1160787 SUSE bug 1160802 SUSE bug 1160803 SUSE bug 1160804 SUSE bug 1160917 SUSE bug 1160966 SUSE bug 1160979 SUSE bug 1161087 SUSE bug 1161360 SUSE bug 1161514 SUSE bug 1161518 SUSE bug 1161522 SUSE bug 1161523 SUSE bug 1161549 SUSE bug 1161552 SUSE bug 1161674 SUSE bug 1161702 SUSE bug 1161875 SUSE bug 1161907 SUSE bug 1161931 SUSE bug 1161933 SUSE bug 1161934 SUSE bug 1161935 SUSE bug 1161936 SUSE bug 1161937 SUSE bug 1162028 SUSE bug 1162067 SUSE bug 1162109 SUSE bug 1162139 SUSE bug 1162557 SUSE bug 1162617 SUSE bug 1162618 SUSE bug 1162619 SUSE bug 1162623 SUSE bug 1162928 SUSE bug 1162943 SUSE bug 1163383 SUSE bug 1163384 SUSE bug 1163762 SUSE bug 1163774 SUSE bug 1163836 SUSE bug 1163840 SUSE bug 1163841 SUSE bug 1163842 SUSE bug 1163843 SUSE bug 1163844 SUSE bug 1163845 SUSE bug 1163846 SUSE bug 1163849 SUSE bug 1163850 SUSE bug 1163851 SUSE bug 1163852 SUSE bug 1163853 SUSE bug 1163855 SUSE bug 1163856 SUSE bug 1163857 SUSE bug 1163858 SUSE bug 1163859 SUSE bug 1163860 SUSE bug 1163861 SUSE bug 1163862 SUSE bug 1163863 SUSE bug 1163867 SUSE bug 1163869 SUSE bug 1163880 SUSE bug 1163971 SUSE bug 1164069 SUSE bug 1164098 SUSE bug 1164115 SUSE bug 1164314 SUSE bug 1164315 SUSE bug 1164388 SUSE bug 1164471 SUSE bug 1164632 SUSE bug 1164705 SUSE bug 1164712 SUSE bug 1164727 SUSE bug 1164728 SUSE bug 1164729 SUSE bug 1164730 SUSE bug 1164731 SUSE bug 1164732 SUSE bug 1164733 SUSE bug 1164734 SUSE bug 1164735 CVE-2019-14615 CVE-2019-14896 CVE-2019-14897 CVE-2019-16994 CVE-2019-18808 CVE-2019-19036 CVE-2019-19045 CVE-2019-19054 CVE-2019-19066 CVE-2019-19318 CVE-2019-19319 CVE-2019-19447 CVE-2019-19767 CVE-2019-19965 CVE-2019-19966 CVE-2019-20054 CVE-2019-20095 CVE-2019-20096 CVE-2020-2732 CVE-2020-7053 CVE-2020-8428 CVE-2020-8648 CVE-2020-8992 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libpng16 fixes the following issues: Security issues fixed: - CVE-2019-7317: Fixed a use-after-free vulnerability, triggered when png_image_free() was called under png_safe_execute (bsc#1124211). - CVE-2017-12652: Fixed an Input Validation Error related to the length of chunks (bsc#1141493). Moderate SUSE bug 1124211 SUSE bug 1141493 CVE-2017-12652 CVE-2019-7317 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-2732: Fixed an issue affecting Intel CPUs where an L2 guest may trick the L0 hypervisor into accessing sensitive L1 resources (bsc#1163971). - CVE-2019-19338: There was an incomplete fix for an issue with Transactional Synchronisation Extensions in the KVM code (bsc#1158954). - CVE-2019-14615: An information disclosure vulnerability existed due to insufficient control flow in certain data structures for some Intel(R) Processors (bnc#1160195). - CVE-2019-14896: A heap overflow was found in the add_ie_rates() function of the Marvell Wifi Driver (bsc#1157157). - CVE-2019-14897: A stack overflow was found in the lbs_ibss_join_existing() function of the Marvell Wifi Driver (bsc#1157155). - CVE-2019-15213: A use-after-free bug caused by a malicious USB device was found in drivers/media/usb/dvb-usb/dvb-usb-init.c (bsc#1146544). - CVE-2019-16994: A memory leak existed in sit_init_net() in net/ipv6/sit.c which might have caused denial of service, aka CID-07f12b26e21a (bnc#1161523). - CVE-2019-18808: A memory leak in drivers/crypto/ccp/ccp-ops.c allowed attackers to cause a denial of service (memory consumption), aka CID-128c66429247 (bnc#1156259). - CVE-2019-19036: An issue discovered in btrfs_root_node in fs/btrfs/ctree.c allowed a NULL pointer dereference because rcu_dereference(root->node) can be zero (bnc#1157692). - CVE-2019-19045: A memory leak in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c allowed attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7 (bnc#1161522). - CVE-2019-19051: A memory leak in drivers/net/wimax/i2400m/op-rfkill.c allowed attackers to cause a denial of service (memory consumption), aka CID-6f3ef5c25cc7 (bnc#1159024). - CVE-2019-19054: A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c allowed attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b (bnc#1161518). - CVE-2019-19066: A memory leak in drivers/scsi/bfa/bfad_attr.c allowed attackers to cause a denial of service (memory consumption), aka CID-0e62395da2bd (bnc#1157303). - CVE-2019-19318: Mounting a crafted btrfs image twice could have caused a use-after-free (bnc#1158026). - CVE-2019-19319: A slab-out-of-bounds write access could have occured when setxattr was called after mounting of a specially crafted ext4 image (bnc#1158021). - CVE-2019-19332: An out-of-bounds memory write issue was found in the way the KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could have used this flaw to crash the system (bnc#1158827). - CVE-2019-19447: Mounting a crafted ext4 filesystem image, performing some operations, and unmounting could have led to a use-after-free in fs/ext4/super.c (bnc#1158819). - CVE-2019-19523: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79 (bsc#1158823). - CVE-2019-19524: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9 (bsc#1158413). - CVE-2019-19525: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035 (bsc#1158417). - CVE-2019-19526: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098 (bsc#1158893). - CVE-2019-19527: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e (bsc#1158900). - CVE-2019-19528: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d (bsc#1158407). - CVE-2019-19529: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41 (bnc#1158381). - CVE-2019-19530: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef (bsc#1158410). - CVE-2019-19531: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca (bsc#1158445). - CVE-2019-19532: There were multiple out-of-bounds write bugs that can be caused by a malicious USB HID device, aka CID-d9d4b1e46d95 (bsc#1158824). - CVE-2019-19533: There was an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464 (bsc#1158834). - CVE-2019-19534: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29 (bsc#1158398). - CVE-2019-19535: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042 (bsc#1158903). - CVE-2019-19536: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0 (bsc#1158394). - CVE-2019-19537: There was a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9 (bsc#1158904). - CVE-2019-19543: There was a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (bnc#1158427). - CVE-2019-19767: There were multiple use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163 (bnc#1159297). - CVE-2019-19965: There was a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5 (bnc#1159911). - CVE-2019-19966: There was a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that could have caused a denial of service, aka CID-dea37a972655 (bnc#1159841). - CVE-2019-20054: There was a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e (bnc#1159910). - CVE-2019-20095: Several memory leaks were found in drivers/net/wireless/marvell/mwifiex/cfg80211.c, aka CID-003b686ace82 (bnc#1159909). - CVE-2019-20096: There was a memory leak in __feat_register_sp() in net/dccp/feat.c, aka CID-1d3ff0950e2b (bnc#1159908). - CVE-2020-7053: There was a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c (bnc#1160966). - CVE-2020-8428: There was a use-after-free bug in fs/namei.c, which allowed local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9 (bnc#1162109). - CVE-2020-8648: There was a use-after-free vulnerability in the n_tty_receive_buf_common function in drivers/tty/n_tty.c (bnc#1162928). - CVE-2020-8992: An issue was discovered in ext4_protect_reserved_inode in fs/ext4/block_validity.c that allowed attackers to cause a soft lockup via a crafted journal size (bnc#1164069). The following non-security bugs were fixed: - 6pack,mkiss: fix possible deadlock (bsc#1051510). - ACPI / APEI: Do not wait to serialise with oops messages when panic()ing (bsc#1051510). - ACPI / APEI: Switch estatus pool to use vmalloc memory (bsc#1051510). - ACPI / LPSS: Ignore acpi_device_fix_up_power() return value (bsc#1051510). - ACPI / video: Add force_none quirk for Dell OptiPlex 9020M (bsc#1051510). - ACPI / watchdog: Fix init failure with overlapping register regions (bsc#1162557). - ACPI / watchdog: Set default timeout in probe (bsc#1162557). - ACPI: bus: Fix NULL pointer check in acpi_bus_get_private_data() (bsc#1051510). - ACPI: fix acpi_find_child_device() invocation in acpi_preset_companion() (bsc#1051510). - ACPI: OSL: only free map once in osl.c (bsc#1051510). - ACPI: PM: Avoid attaching ACPI PM domain to certain devices (bsc#1051510). - ACPI: sysfs: Change ACPI_MASKABLE_GPE_MAX to 0x100 (bsc#1051510). - ACPI: video: Do not export a non working backlight interface on MSI MS-7721 boards (bsc#1051510). - ACPI: watchdog: Allow disabling WDAT at boot (bsc#1162557). - af_packet: set defaule value for tmo (bsc#1051510). - ALSA: control: remove useless assignment in .info callback of PCM chmap element (git-fixes). - ALSA: echoaudio: simplify get_audio_levels (bsc#1051510). - ALSA: fireface: fix return value in error path of isochronous resources reservation (bsc#1051510). - ALSA: hda - Add docking station support for Lenovo Thinkpad T420s (git-fixes). - ALSA: hda - Downgrade error message for single-cmd fallback (git-fixes). - ALSA: hda/analog - Minor optimization for SPDIF mux connections (git-fixes). - ALSA: hda/ca0132 - Avoid endless loop (git-fixes). - ALSA: hda/ca0132 - Fix work handling in delayed HP detection (git-fixes). - ALSA: hda/ca0132 - Keep power on during processing DSP response (git-fixes). - ALSA: hda/hdmi - Add new pci ids for AMD GPU display audio (git-fixes). - ALSA: hda/hdmi - add retry logic to parse_intel_hdmi() (git-fixes). - ALSA: hda/hdmi - fix atpx_present when CLASS is not VGA (bsc#1051510). - ALSA: hda/hdmi - Fix duplicate unref of pci_dev (bsc#1051510). - ALSA: hda/hdmi - fix vgaswitcheroo detection for AMD (git-fixes). - ALSA: hda/realtek - Add headset Mic no shutup for ALC283 (bsc#1051510). - ALSA: hda/realtek - Dell headphone has noise on unmute for ALC236 (git-fixes). - ALSA: hda/realtek - Fix silent output on MSI-GL73 (git-fixes). - ALSA: hda/realtek - Line-out jack does not work on a Dell AIO (bsc#1051510). - ALSA: hda: Add Clevo W65_67SB the power_save blacklist (git-fixes). - ALSA: hda: Reset stream if DMA RUN bit not cleared (bsc#1111666). - ALSA: hda: Use scnprintf() for printing texts for sysfs/procfs (git-fixes). - ALSA: ice1724: Fix sleep-in-atomic in Infrasonic Quartet support code (bsc#1051510). - ALSA: oxfw: fix return value in error path of isochronous resources reservation (bsc#1051510). - ALSA: pcm: Avoid possible info leaks from PCM stream buffers (git-fixes). - ALSA: pcm: oss: Avoid potential buffer overflows (git-fixes). - ALSA: seq: Avoid concurrent access to queue flags (git-fixes). - ALSA: seq: Fix concurrent access to queue current tick/time (git-fixes). - ALSA: seq: Fix racy access for queue timer in proc read (bsc#1051510). - ALSA: sh: Fix compile warning wrt const (git-fixes). - ALSA: usb-audio: Apply sample rate quirk for Audioengine D1 (git-fixes). - ALSA: usb-audio: fix set_format altsetting sanity check (bsc#1051510). - ALSA: usb-audio: fix sync-ep altsetting sanity check (bsc#1051510). - apparmor: fix unsigned len comparison with less than zero (git-fixes). - ar5523: check NULL before memcpy() in ar5523_cmd() (bsc#1051510). - arm64: Revert support for execute-only user mappings (bsc#1160218). - ASoC: au8540: use 64-bit arithmetic instead of 32-bit (bsc#1051510). - ASoC: compress: fix unsigned integer overflow check (bsc#1051510). - ASoC: cs4349: Use PM ops 'cs4349_runtime_pm' (bsc#1051510). - ASoC: Jack: Fix NULL pointer dereference in snd_soc_jack_report (bsc#1051510). - ASoC: msm8916-wcd-analog: Fix selected events for MIC BIAS External1 (bsc#1051510). - ASoC: sun8i-codec: Fix setting DAI data format (git-fixes). - ASoC: wm8962: fix lambda value (git-fixes). - ata: ahci: Add shutdown to freeze hardware resources of ahci (bsc#1164388). - ath10k: fix fw crash by moving chip reset after napi disabled (bsc#1051510). - ath6kl: Fix off by one error in scan completion (bsc#1051510). - ath9k: fix storage endpoint lookup (git-fixes). - atl1e: checking the status of atl1e_write_phy_reg (bsc#1051510). - audit: Allow auditd to set pid to 0 to end auditing (bsc#1158094). - batman-adv: Fix DAT candidate selection on little endian systems (bsc#1051510). - bcache: add code comment bch_keylist_pop() and bch_keylist_pop_front() (bsc#1163762). - bcache: add code comments for state->pool in __btree_sort() (bsc#1163762). - bcache: add code comments in bch_btree_leaf_dirty() (bsc#1163762). - bcache: add cond_resched() in __bch_cache_cmp() (bsc#1163762). - bcache: add idle_max_writeback_rate sysfs interface (bsc#1163762). - bcache: add more accurate error messages in read_super() (bsc#1163762). - bcache: add readahead cache policy options via sysfs interface (bsc#1163762). - bcache: at least try to shrink 1 node in bch_mca_scan() (bsc#1163762). - bcache: avoid unnecessary btree nodes flushing in btree_flush_write() (bsc#1163762). - bcache: check return value of prio_read() (bsc#1163762). - bcache: deleted code comments for dead code in bch_data_insert_keys() (bsc#1163762). - bcache: do not export symbols (bsc#1163762). - bcache: explicity type cast in bset_bkey_last() (bsc#1163762). - bcache: fix a lost wake-up problem caused by mca_cannibalize_lock (bsc#1163762). - bcache: Fix an error code in bch_dump_read() (bsc#1163762). - bcache: fix deadlock in bcache_allocator (bsc#1163762). - bcache: fix incorrect data type usage in btree_flush_write() (bsc#1163762). - bcache: fix memory corruption in bch_cache_accounting_clear() (bsc#1163762). - bcache: fix static checker warning in bcache_device_free() (bsc#1163762). - bcache: ignore pending signals when creating gc and allocator thread (bsc#1163762, bsc#1112504). - bcache: print written and keys in trace_bcache_btree_write (bsc#1163762). - bcache: reap c->btree_cache_freeable from the tail in bch_mca_scan() (bsc#1163762). - bcache: reap from tail of c->btree_cache in bch_mca_scan() (bsc#1163762). - bcache: remove macro nr_to_fifo_front() (bsc#1163762). - bcache: remove member accessed from struct btree (bsc#1163762). - bcache: remove the extra cflags for request.o (bsc#1163762). - bcache: Revert 'bcache: shrink btree node cache after bch_btree_check()' (bsc#1163762, bsc#1112504). - bcma: remove set but not used variable 'sizel' (git-fixes). - blk-mq: avoid sysfs buffer overflow with too many CPU cores (bsc#1163840). - blk-mq: make sure that line break can be printed (bsc#1164098). - Bluetooth: Fix race condition in hci_release_sock() (bsc#1051510). - Bluetooth: hci_bcm: Handle specific unknown packets after firmware loading (bsc#1051510). - bonding: fix active-backup transition after link failure (git-fixes). - bonding: fix potential NULL deref in bond_update_slave_arr (bsc#1051510). - bonding: fix slave stuck in BOND_LINK_FAIL state (networking-stable-19_11_10). - bonding: fix state transition issue in link monitoring (networking-stable-19_11_10). - bonding: fix unexpected IFF_BONDING bit unset (bsc#1051510). - bpf: Make use of probe_user_write in probe write helper (bsc#1083647). - brcmfmac: fix interface sanity check (git-fixes). - brcmfmac: Fix memory leak in brcmf_usbdev_qinit (git-fixes). - brcmfmac: Fix use after free in brcmf_sdio_readframes() (git-fixes). - btrfs: abort transaction after failed inode updates in create_subvol (bsc#1161936). - btrfs: add missing extents release on file extent cluster relocation error (bsc#1159483). - btrfs: avoid fallback to transaction commit during fsync of files with holes (bsc#1159569). - btrfs: dev-replace: remove warning for unknown return codes when finished (dependency for bsc#1162067). - btrfs: do not call synchronize_srcu() in inode_tree_del (bsc#1161934). - btrfs: do not double lock the subvol_sem for rename exchange (bsc#1162943). - btrfs: Ensure we trim ranges across block group boundary (bsc#1151910). - btrfs: fix block group remaining RO forever after error during device replace (bsc#1160442). - btrfs: fix btrfs_write_inode vs delayed iput deadlock (bsc#1154243). - btrfs: fix infinite loop during fsync after rename operations (bsc#1163383). - btrfs: fix infinite loop during nocow writeback due to race (bsc#1160804). - btrfs: fix integer overflow in calc_reclaim_items_nr (bsc#1160433). - btrfs: fix missing data checksums after replaying a log tree (bsc#1161931). - btrfs: fix negative subv_writers counter and data space leak after buffered write (bsc#1160802). - btrfs: fix race between adding and putting tree mod seq elements and nodes (bsc#1163384). - btrfs: fix removal logic of the tree mod log that leads to use-after-free issues (bsc#1160803). - btrfs: fix selftests failure due to uninitialized i_mode in test inodes (Fix for dependency of bsc#1157692). - btrfs: handle ENOENT in btrfs_uuid_tree_iterate (bsc#1161937). - btrfs: harden agaist duplicate fsid on scanned devices (bsc#1134973). - btrfs: inode: Verify inode mode to avoid NULL pointer dereference (dependency for bsc#1157692). - btrfs: make tree checker detect checksum items with overlapping ranges (bsc#1161931). - btrfs: Move btrfs_check_chunk_valid() to tree-check.[ch] and export it (dependency for bsc#1157692). - btrfs: record all roots for rename exchange on a subvol (bsc#1161933). - btrfs: relocation: fix reloc_root lifespan and access (bsc#1159588). - btrfs: scrub: Require mandatory block group RO for dev-replace (bsc#1162067). - btrfs: send, skip backreference walking for extents with many references (bsc#1162139). - btrfs: simplify inode locking for RWF_NOWAIT (git-fixes). - btrfs: skip log replay on orphaned roots (bsc#1161935). - btrfs: tree-checker: Check chunk item at tree block read time (dependency for bsc#1157692). - btrfs: tree-checker: Check level for leaves and nodes (dependency for bsc#1157692). - btrfs: tree-checker: Enhance chunk checker to validate chunk profile (dependency for bsc#1157692). - btrfs: tree-checker: Fix wrong check on max devid (fixes for dependency of bsc#1157692). - btrfs: tree-checker: get fs_info from eb in block_group_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_block_group_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_csum_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_dev_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_dir_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_extent_data_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_inode_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_leaf (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_leaf_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in chunk_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in dev_item_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in dir_item_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in file_extent_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in generic_err (dependency for bsc#1157692). - btrfs: tree-checker: Make btrfs_check_chunk_valid() return EUCLEAN instead of EIO (dependency for bsc#1157692). - btrfs: tree-checker: Make chunk item checker messages more readable (dependency for bsc#1157692). - btrfs: tree-checker: Verify dev item (dependency for bsc#1157692). - btrfs: tree-checker: Verify inode item (dependency for bsc#1157692). - btrfs: volumes: Use more straightforward way to calculate map length (bsc#1151910). - can, slip: Protect tty->disc_data in write_wakeup and close with RCU (bsc#1051510). - can: can_dropped_invalid_skb(): ensure an initialized headroom in outgoing CAN sk_buffs (bsc#1051510). - can: c_can: D_CAN: c_can_chip_config(): perform a sofware reset on open (bsc#1051510). - can: gs_usb: gs_usb_probe(): use descriptors of current altsetting (bsc#1051510). - can: mscan: mscan_rx_poll(): fix rx path lockup when returning from polling to irq mode (bsc#1051510). - can: peak_usb: report bus recovery as well (bsc#1051510). - can: rx-offload: can_rx_offload_irq_offload_fifo(): continue on error (bsc#1051510). - can: rx-offload: can_rx_offload_irq_offload_timestamp(): continue on error (bsc#1051510). - can: rx-offload: can_rx_offload_offload_one(): increment rx_fifo_errors on queue overflow or OOM (bsc#1051510). - can: rx-offload: can_rx_offload_offload_one(): use ERR_PTR() to propagate error value in case of errors (bsc#1051510). - can: slcan: Fix use-after-free Read in slcan_open (bsc#1051510). - CDC-NCM: handle incomplete transfer of MTU (networking-stable-19_11_10). - cdrom: respect device capabilities during opening action (boo#1164632). - cfg80211/mac80211: make ieee80211_send_layer2_update a public function (bsc#1051510). - cfg80211: check for set_wiphy_params (bsc#1051510). - cfg80211: fix page refcount issue in A-MSDU decap (bsc#1051510). - cgroup,writeback: do not switch wbs immediately on dead wbs if the memcg is dead (bsc#1158645). - cgroup: pids: use atomic64_t for pids->limit (bsc#1161514). - chardev: Avoid potential use-after-free in 'chrdev_open()' (bsc#1163849). - cifs: add support for flock (bsc#1144333). - cifs: Close cached root handle only if it had a lease (bsc#1144333). - cifs: Close open handle after interrupted close (bsc#1144333). - cifs: close the shared root handle on tree disconnect (bsc#1144333). - cifs: Do not miss cancelled OPEN responses (bsc#1144333). - cifs: Fix lookup of root ses in DFS referral cache (bsc#1144333). - cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1144333). - cifs: fix mount option display for sec=krb5i (bsc#1161907). - cifs: Fix mount options set in automount (bsc#1144333). - cifs: Fix NULL pointer dereference in mid callback (bsc#1144333). - cifs: Fix NULL-pointer dereference in smb2_push_mandatory_locks (bsc#1144333). - cifs: Fix potential softlockups while refreshing DFS cache (bsc#1144333). - cifs: Fix retrieval of DFS referrals in cifs_mount() (bsc#1144333). - cifs: Fix use-after-free bug in cifs_reconnect() (bsc#1144333). - cifs: Properly process SMB3 lease breaks (bsc#1144333). - cifs: remove set but not used variables 'cinode' and 'netfid' (bsc#1144333). - cifs: Respect O_SYNC and O_DIRECT flags during reconnect (bsc#1144333). - clk: Do not try to enable critical clocks if prepare failed (bsc#1051510). - clk: mmp2: Fix the order of timer mux parents (bsc#1051510). - clk: qcom: rcg2: Do not crash if our parent can't be found; return an error (bsc#1051510). - clk: rockchip: fix I2S1 clock gate register for rk3328 (bsc#1051510). - clk: rockchip: fix ID of 8ch clock of I2S1 for rk3328 (bsc#1051510). - clk: rockchip: fix rk3188 sclk_mac_lbtest parameter ordering (bsc#1051510). - clk: rockchip: fix rk3188 sclk_smc gate data (bsc#1051510). - clk: sunxi-ng: add mux and pll notifiers for A64 CPU clock (bsc#1051510). - clk: sunxi: sun9i-mmc: Implement reset callback for reset controls (bsc#1051510). - clk: tegra: Mark fuse clock as critical (bsc#1051510). - clocksource/drivers/bcm2835_timer: Fix memory leak of timer (bsc#1051510). - clocksource: Prevent double add_timer_on() for watchdog_timer (bsc#1051510). - closures: fix a race on wakeup from closure_sync (bsc#1163762). - compat_ioctl: handle SIOCOUTQNSD (bsc#1051510). - configfs_register_group() shouldn't be (and isn't) called in rmdirable parts (bsc#1051510). - copy/pasted 'Recommends:' instead of 'Provides:', 'Obsoletes:' and 'Conflicts: - Cover up kABI breakage due to DH key verification (bsc#1155331). - crypto: af_alg - Use bh_lock_sock in sk_destruct (bsc#1051510). - crypto: api - Check spawn->alg under lock in crypto_drop_spawn (bsc#1051510). - crypto: api - Fix race condition in crypto_spawn_alg (bsc#1051510). - crypto: atmel-sha - fix error handling when setting hmac key (bsc#1051510). - crypto: ccp - fix uninitialized list head (bsc#1051510). - crypto: chelsio - fix writing tfm flags to wrong place (bsc#1051510). - crypto: dh - add public key verification test (bsc#1155331). - crypto: dh - fix calculating encoded key size (bsc#1155331). - crypto: dh - fix memory leak (bsc#1155331). - crypto: dh - update test for public key verification (bsc#1155331). - crypto: DRBG - add FIPS 140-2 CTRNG for noise source (bsc#1155334). - crypto: ecdh - add public key verification test (bsc#1155331). - crypto: ecdh - fix typo of P-192 b value (bsc#1155331). - crypto: mxc-scc - fix build warnings on ARM64 (bsc#1051510). - crypto: pcrypt - Do not clear MAY_SLEEP flag in original request (bsc#1051510). - crypto: picoxcell - adjust the position of tasklet_init and fix missed tasklet_kill (bsc#1051510). - crypto: reexport crypto_shoot_alg() (bsc#1051510, kABI fix). - cxgb4: request the TX CIDX updates to status page (bsc#1127371). - dma-buf: Fix memory leak in sync_file_merge() (git-fixes). - dma-mapping: fix return type of dma_set_max_seg_size() (bsc#1051510). - dmaengine: coh901318: Fix a double-lock bug (bsc#1051510). - dmaengine: coh901318: Remove unused variable (bsc#1051510). - dmaengine: Fix access to uninitialized dma_slave_caps (bsc#1051510). - Documentation: Document arm64 kpti control (bsc#1162623). - drivers/base/memory.c: cache blocks in radix tree to accelerate lookup (bsc#1159955 ltc#182993). - drivers/base/memory.c: do not access uninitialized memmaps in soft_offline_page_store() (bsc#1051510). - drivers/base/platform.c: kmemleak ignore a known leak (bsc#1051510). - drivers/regulator: fix a missing check of return value (bsc#1051510). - drm/amdgpu: add function parameter description in 'amdgpu_gart_bind' (bsc#1051510). - drm/amdgpu: fix bad DMA from INTERRUPT_CNTL2 (bsc#1114279) - drm/amdgpu: remove 4 set but not used variable in amdgpu_atombios_get_connector_info_from_object_table (bsc#1051510). - drm/amdgpu: remove always false comparison in 'amdgpu_atombios_i2c_process_i2c_ch' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'amdgpu_connector' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'dig' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'dig_connector' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'mc_shared_chmap' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'mc_shared_chmap' from 'gfx_v6_0.c' and 'gfx_v7_0.c' (bsc#1051510). - drm/dp_mst: correct the shifting in DP_REMOTE_I2C_READ (bsc#1051510). - drm/fb-helper: Round up bits_per_pixel if possible (bsc#1051510). - drm/i810: Prevent underflow in ioctl (bsc#1114279) - drm/i915: Add missing include file <linux/math64.h> (bsc#1051510). - drm/i915: Fix pid leak with banned clients (bsc#1114279) - drm/mst: Fix MST sideband up-reply failure handling (bsc#1051510). - drm/nouveau/secboot/gm20b: initialize pointer in gm20b_secboot_new() (bsc#1051510). - drm/nouveau: Fix copy-paste error in nouveau_fence_wait_uevent_handler (bsc#1051510). - drm/qxl: Return error if fbdev is not 32 bpp (bsc#1159028) - drm/radeon: fix r1xx/r2xx register checker for POT textures (bsc#1114279) - drm/rockchip: lvds: Fix indentation of a #define (bsc#1051510). - drm/rockchip: Round up _before_ giving to the clock framework (bsc#1114279) - drm/vmwgfx: prevent memory leak in vmw_cmdbuf_res_add (bsc#1051510). - drm: bridge: dw-hdmi: constify copied structure (bsc#1051510). - drm: limit to INT_MAX in create_blob ioctl (bsc#1051510). - drm: meson: venc: cvbs: fix CVBS mode matching (bsc#1051510). - drm: panel-lvds: Potential Oops in probe error handling (bsc#1114279) - e1000e: Add support for Comet Lake (bsc#1158533). - e1000e: Add support for Tiger Lake (bsc#1158533). - e1000e: Increase pause and refresh time (bsc#1158533). - e100: Fix passing zero to 'PTR_ERR' warning in e100_load_ucode_wait (bsc#1051510). - ecryptfs_lookup_interpose(): lower_dentry->d_inode is not stable (bsc#1158646). - ecryptfs_lookup_interpose(): lower_dentry->d_parent is not stable either (bsc#1158647). - EDAC/ghes: Fix locking and memory barrier issues (bsc#1114279). EDAC/ghes: Do not warn when incrementing refcount on 0 (bsc#1114279). - Enable CONFIG_BLK_DEV_SR_VENDOR (boo#1164632). - enic: prevent waking up stopped tx queues over watchdog reset (bsc#1133147). - exit: panic before exit_mm() on global init exit (bsc#1161549). - ext2: check err when partial != NULL (bsc#1163859). - ext4, jbd2: ensure panic when aborting with zero errno (bsc#1163853). - ext4: check for directory entries too close to block end (bsc#1163861). - ext4: fix a bug in ext4_wait_for_tail_page_commit (bsc#1163841). - ext4: fix checksum errors with indexed dirs (bsc#1160979). - ext4: fix deadlock allocating crypto bounce page from mempool (bsc#1163842). - ext4: Fix mount failure with quota configured as module (bsc#1164471). - ext4: fix punch hole for inline_data file systems (bsc#1158640). - ext4: improve explanation of a mount failure caused by a misconfigured kernel (bsc#1163843). - ext4: update direct I/O read lock pattern for IOCB_NOWAIT (bsc#1158639). - extcon: max8997: Fix lack of path setting in USB device mode (bsc#1051510). - firestream: fix memory leaks (bsc#1051510). - fix autofs regression caused by follow_managed() changes (bsc#1159271). - fix dget_parent() fastpath race (bsc#1159271). - Fix partial checked out tree build ... so that bisection does not break. - Fix the locking in dcache_readdir() and friends (bsc#1123328). - fjes: fix missed check in fjes_acpi_add (bsc#1051510). - fs/namei.c: fix missing barriers when checking positivity (bsc#1159271). - fs/namei.c: pull positivity check into follow_managed() (bsc#1159271). - fs/open.c: allow opening only regular files during execve() (bsc#1163845). - fs: cifs: Fix atime update check vs mtime (bsc#1144333). - fscrypt: do not set policy for a dead directory (bsc#1163846). - ftrace: Add comment to why rcu_dereference_sched() is open coded (git-fixes). - ftrace: Avoid potential division by zero in function profiler (bsc#1160784). - ftrace: Introduce PERMANENT ftrace_ops flag (bsc#1120853). - ftrace: Protect ftrace_graph_hash with ftrace_sync (git-fixes). - genirq/proc: Return proper error code when irq_set_affinity() fails (bnc#1105392). - genirq: Prevent NULL pointer dereference in resend_irqs() (bsc#1051510). - genirq: Properly pair kobject_del() with kobject_add() (bsc#1051510). - gpio: Fix error message on out-of-range GPIO in lookup table (bsc#1051510). - gtp: avoid zero size hashtable (networking-stable-20_01_01). - gtp: do not allow adding duplicate tid and ms_addr pdp context (networking-stable-20_01_01). - gtp: fix an use-after-free in ipv4_pdp_find() (networking-stable-20_01_01). - gtp: fix wrong condition in gtp_genl_dump_pdp() (networking-stable-20_01_01). - HID: doc: fix wrong data structure reference for UHID_OUTPUT (bsc#1051510). - HID: hidraw, uhid: Always report EPOLLOUT (bsc#1051510). - HID: hidraw: Fix returning EPOLLOUT from hidraw_poll (bsc#1051510). - HID: intel-ish-hid: fixes incorrect error handling (bsc#1051510). - HID: uhid: Fix returning EPOLLOUT from uhid_char_poll (bsc#1051510). - hidraw: Return EPOLLOUT from hidraw_poll (bsc#1051510). - hwmon: (adt7475) Make volt2reg return same reg as reg2volt input (bsc#1051510). - hwmon: (core) Do not use device managed functions for memory allocations (bsc#1051510). - hwmon: (nct7802) Fix voltage limits to wrong registers (bsc#1051510). - hwmon: (pmbus/ltc2978) Fix PMBus polling of MFR_COMMON definitions (bsc#1051510). - hwrng: stm32 - fix unbalanced pm_runtime_enable (bsc#1051510). - i2c: imx: do not print error message on probe defer (bsc#1051510). - ibmveth: Detect unsupported packets before sending to the hypervisor (bsc#1159484 ltc#182983). - ibmvnic: Bound waits for device queries (bsc#1155689 ltc#182047). - ibmvnic: Fix completion structure initialization (bsc#1155689 ltc#182047). - ibmvnic: Serialize device queries (bsc#1155689 ltc#182047). - ibmvnic: Terminate waiting device threads after loss of service (bsc#1155689 ltc#182047). - idr: Fix idr_alloc_u32 on 32-bit systems (bsc#1051510). - iio: adc: max9611: Fix too short conversion time delay (bsc#1051510). - iio: buffer: align the size of scan bytes to size of the largest element (bsc#1051510). - inet: protect against too small mtu values (networking-stable-19_12_16). - init: add arch_call_rest_init to allow stack switching (jsc#SLE-11179). - Input: aiptek - fix endpoint sanity check (bsc#1051510). - Input: cyttsp4_core - fix use after free bug (bsc#1051510). - Input: goodix - add upside-down quirk for Teclast X89 tablet (bsc#1051510). - Input: gtco - fix endpoint sanity check (bsc#1051510). - Input: keyspan-remote - fix control-message timeouts (bsc#1051510). - Input: pegasus_notetaker - fix endpoint sanity check (bsc#1051510). - Input: pm8xxx-vib - fix handling of separate enable register (bsc#1051510). - Input: rmi_f54 - read from FIFO in 32 byte blocks (bsc#1051510). - Input: sun4i-ts - add a check for devm_thermal_zone_of_sensor_register (bsc#1051510). - Input: sur40 - fix interface sanity checks (bsc#1051510). - Input: synaptics - switch another X1 Carbon 6 to RMI/SMbus (bsc#1051510). - Input: synaptics-rmi4 - do not increment rmiaddr for SMBus transfers (bsc#1051510). - Input: synaptics-rmi4 - simplify data read in rmi_f54_work (bsc#1051510). - iomap: Fix pipe page leakage during splicing (bsc#1158651). - iommu/amd: Fix IOMMU perf counter clobbering during init (bsc#1162617). - iommu/arm-smmu-v3: Populate VMID field for CMDQ_OP_TLBI_NH_VA (bsc#1164314). - iommu/io-pgtable-arm: Fix race handling in split_blk_unmap() (bsc#1164115). - iommu/vt-d: Unlink device if failed to add to group (bsc#1160756). - iommu: Remove device link to group on failure (bsc#1160755). - ipv4: Fix table id reference in fib_sync_down_addr (networking-stable-19_11_10). - iwlegacy: ensure loop counter addr does not wrap and cause an infinite loop (git-fixes). - iwlwifi: do not throw error when trying to remove IGTK (bsc#1051510). - iwlwifi: mvm: fix NVM check for 3168 devices (bsc#1051510). - iwlwifi: mvm: Send non offchannel traffic via AP sta (bsc#1051510). - iwlwifi: mvm: synchronize TID queue removal (bsc#1051510). - jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info when load journal (bsc#1163862). - jbd2: do not clear the BH_Mapped flag when forgetting a metadata buffer (bsc#1163836). - jbd2: Fix possible overflow in jbd2_log_space_left() (bsc#1163860). - jbd2: make sure ESHUTDOWN to be recorded in the journal superblock (bsc#1163863). - jbd2: move the clearing of b_modified flag to the journal_unmap_buffer() (bsc#1163880). - jbd2: switch to use jbd2_journal_abort() when failed to submit the commit record (bsc#1163852). - kABI workaround for can/skb.h inclusion (bsc#1051510). - kABI: add _q suffix to exports that take struct dh (bsc#1155331). - kABI: protect struct sctp_ep_common (kabi). - kconfig: fix broken dependency in randconfig-generated .config (bsc#1051510). - kernel-binary.spec.in: do not recommend firmware for kvmsmall and azure flavor (boo#1161360). - kernel/trace: Fix do not unregister tracepoints when register sched_migrate_task fail (bsc#1160787). - kernfs: Fix range checks in kernfs_get_target_path (bsc#1051510). - kexec: bail out upon SIGKILL when allocating memory (git-fixes). - KVM: Clean up __kvm_gfn_to_hva_cache_init() and its callers (bsc#1133021). - KVM: fix spectrev1 gadgets (bsc#1164705). - KVM: PPC: Book3S HV: Uninit vCPU if vcore creation fails (bsc#1061840). - KVM: PPC: Book3S PR: Fix -Werror=return-type build failure (bsc#1061840). - KVM: PPC: Book3S PR: Free shared page if mmu initialization fails (bsc#1061840). - KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl (git-fixes). - KVM: s390: Test for bad access register and size at the start of S390_MEM_OP (git-fixes). - KVM: SVM: Guard against DEACTIVATE when performing WBINVD/DF_FLUSH (bsc#1114279). - KVM: SVM: Override default MMIO mask if memory encryption is enabled (bsc#1162618). - KVM: SVM: Serialize access to the SEV ASID bitmap (bsc#1114279). - KVM: x86: Host feature SSBD does not imply guest feature SPEC_CTRL_SSBD (bsc#1160476). - KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks (bsc#1164734). - KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks (bsc#1164728). - KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks (bsc#1164729). - KVM: x86: Protect kvm_hv_msr_[get|set]_crash_data() from Spectre-v1/L1TF attacks (bsc#1164712). - KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks (bsc#1164730). - KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks in x86.c (bsc#1164733). - KVM: x86: Protect MSR-based index computations in fixed_msr_to_seg_unit() from Spectre-v1/L1TF attacks (bsc#1164731). - KVM: x86: Protect MSR-based index computations in pmu.h from Spectre-v1/L1TF attacks (bsc#1164732). - KVM: x86: Protect pmu_intel.c from Spectre-v1/L1TF attacks (bsc#1164735). - KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks (bsc#1164705). - KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks (bsc#1164727). - KVM: x86: Remove a spurious export of a static function (bsc#1158954). - leds: Allow to call led_classdev_unregister() unconditionally (bsc#1161674). - leds: class: ensure workqueue is initialized before setting brightness (bsc#1161674). - lib/scatterlist.c: adjust indentation in __sg_alloc_table (bsc#1051510). - lib/test_kasan.c: fix memory leak in kmalloc_oob_krealloc_more() (bsc#1051510). - lib: crc64: include <linux/crc64.h> for 'crc64_be' (bsc#1163762). - livepatch/samples/selftest: Use klp_shadow_alloc() API correctly (bsc#1071995). - livepatch/selftest: Clean up shadow variable names and type (bsc#1071995). - livepatch: Allow to distinguish different version of system state changes (bsc#1071995). - livepatch: Basic API to track system state changes (bsc#1071995 ). - livepatch: Keep replaced patches until post_patch callback is called (bsc#1071995). - livepatch: Selftests of the API for tracking system state changes (bsc#1071995). - livepatch: Simplify stack trace retrieval (jsc#SLE-11179). - loop: fix no-unmap write-zeroes request behavior (bsc#1158637). - mac80211: Do not send Layer 2 Update frame before authorization (bsc#1051510). - mac80211: fix station inactive_time shortly after boot (bsc#1051510). - mac80211: Fix TKIP replay protection immediately after key setup (bsc#1051510). - mac80211: mesh: restrict airtime metric to peered established plinks (bsc#1051510). - macvlan: do not assume mac_header is set in macvlan_broadcast() (bsc#1051510). - macvlan: use skb_reset_mac_header() in macvlan_queue_xmit() (bsc#1051510). - mailbox: mailbox-test: fix null pointer if no mmio (bsc#1051510). - media/v4l2-core: set pages dirty upon releasing DMA buffers (bsc#1051510). - media: af9005: uninitialized variable printked (bsc#1051510). - media: cec.h: CEC_OP_REC_FLAG_ values were swapped (bsc#1051510). - media: cec: CEC 2.0-only bcast messages were ignored (git-fixes). - media: cec: report Vendor ID after initialization (bsc#1051510). - media: digitv: do not continue if remote control state can't be read (bsc#1051510). - media: dvb-usb/dvb-usb-urb.c: initialize actlen to 0 (bsc#1051510). - media: exynos4-is: fix wrong mdev and v4l2 dev order in error path (git-fixes). - media: gspca: zero usb_buf (bsc#1051510). - media: iguanair: fix endpoint sanity check (bsc#1051510). - media: ov6650: Fix control handler not freed on init error (git-fixes). - media: ov6650: Fix crop rectangle alignment not passed back (git-fixes). - media: ov6650: Fix incorrect use of JPEG colorspace (git-fixes). - media: pulse8-cec: fix lost cec_transmit_attempt_done() call. - media: pulse8-cec: return 0 when invalidating the logical address (bsc#1051510). - media: stkwebcam: Bugfix for wrong return values (bsc#1051510). - media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors (bsc#1051510). - media: uvcvideo: Fix error path in control parsing failure (git-fixes). - media: v4l2-ctrl: fix flags for DO_WHITE_BALANCE (bsc#1051510). - media: v4l2-ioctl.c: zero reserved fields for S/TRY_FMT (bsc#1051510). - media: v4l2-rect.h: fix v4l2_rect_map_inside() top/left adjustments (bsc#1051510). - mei: bus: prefix device names on bus with the bus name (bsc#1051510). - mfd: da9062: Fix watchdog compatible string (bsc#1051510). - mfd: dln2: More sanity checking for endpoints (bsc#1051510). - mfd: rn5t618: Mark ADC control register volatile (bsc#1051510). - missing escaping of backslashes in macro expansions Fixes: f3b74b0ae86b ('rpm/kernel-subpackage-spec: Unify dependency handling.') Fixes: 3fd22e219f77 ('rpm/kernel-subpackage-spec: Fix empty Recommends tag (bsc#1143959)') - mlx5: add parameter to disable enhanced IPoIB (bsc#1142095) - mm, memory_hotplug: do not clear numa_node association after hot_remove (bnc#1115026). - mm/page-writeback.c: fix range_cyclic writeback vs writepages deadlock (bsc#1159394). - mm: memory_hotplug: use put_device() if device_register fail (bsc#1159955 ltc#182993). - mmc: mediatek: fix CMD_TA to 2 for MT8173 HS200/HS400 mode (bsc#1051510). - mmc: sdhci-of-esdhc: fix P2020 errata handling (bsc#1051510). - mmc: sdhci-of-esdhc: Revert 'mmc: sdhci-of-esdhc: add erratum A-009204 support' (bsc#1051510). - mmc: sdhci: fix minimum clock rate for v3 controller (bsc#1051510). - mmc: spi: Toggle SPI polarity, do not hardcode it (bsc#1051510). - mmc: tegra: fix SDR50 tuning override (bsc#1051510). - moduleparam: fix parameter description mismatch (bsc#1051510). - mod_devicetable: fix PHY module format (networking-stable-19_12_28). - mtd: fix mtd_oobavail() incoherent returned value (bsc#1051510). - mwifiex: debugfs: correct histogram spacing, formatting (bsc#1051510). - mwifiex: drop most magic numbers from mwifiex_process_tdls_action_frame() (git-fixes). - mwifiex: fix potential NULL dereference and use after free (bsc#1051510). - namei: only return -ECHILD from follow_dotdot_rcu() (bsc#1163851). - nbd: prevent memory leak (bsc#1158638). - net/ibmvnic: Fix typo in retry check (bsc#1155689 ltc#182047). - net/mlx4_en: fix mlx4 ethtool -N insertion (networking-stable-19_11_25). - net/mlx5: prevent memory leak in mlx5_fpga_conn_create_cq (bsc#1046303). - net/mlx5e: Fix set vf link state error flow (networking-stable-19_11_25). - net/mlx5e: Fix SFF 8472 eeprom length (git-fixes). - net/mlxfw: Fix out-of-memory error in mfa2 flash burning (bsc#1051858). - net/sched: act_pedit: fix WARN() in the traffic path (networking-stable-19_11_25). - net: bridge: deny dev_set_mac_address() when unregistering (networking-stable-19_12_16). - net: cdc_ncm: Signedness bug in cdc_ncm_set_dgram_size() (git-fixes). - net: dst: Force 4-byte alignment of dst_metrics (networking-stable-19_12_28). - net: ena: fix napi handler misbehavior when the napi budget is zero (networking-stable-20_01_01). - net: ethernet: octeon_mgmt: Account for second possible VLAN header (networking-stable-19_11_10). - net: ethernet: ti: cpsw: fix extra rx interrupt (networking-stable-19_12_16). - net: fix data-race in neigh_event_send() (networking-stable-19_11_10). - net: hisilicon: Fix a BUG trigered by wrong bytes_compl (networking-stable-19_12_28). - net: nfc: nci: fix a possible sleep-in-atomic-context bug in nci_uart_tty_receive() (networking-stable-19_12_28). - net: phy: at803x: Change error to EINVAL for invalid MAC (bsc#1051510). - net: phy: broadcom: Use strlcpy() for ethtool::get_strings (bsc#1051510). - net: phy: Check against net_device being NULL (bsc#1051510). - net: phy: dp83867: Set up RGMII TX delay (bsc#1051510). - net: phy: Fix not to call phy_resume() if PHY is not attached (bsc#1051510). - net: phy: Fix the register offsets in Broadcom iProc mdio mux driver (bsc#1051510). - net: phy: fixed_phy: Fix fixed_phy not checking GPIO (bsc#1051510). - net: phy: marvell: clear wol event before setting it (bsc#1051510). - net: phy: marvell: Use strlcpy() for ethtool::get_strings (bsc#1051510). - net: phy: meson-gxl: check phy_write return value (bsc#1051510). - net: phy: micrel: Use strlcpy() for ethtool::get_strings (bsc#1051510). - net: phy: mscc: read 'vsc8531, edge-slowdown' as an u32 (bsc#1051510). - net: phy: mscc: read 'vsc8531,vddmac' as an u32 (bsc#1051510). - net: phy: xgene: disable clk on error paths (bsc#1051510). - net: phy: xgmiitorgmii: Check phy_driver ready before accessing (bsc#1051510). - net: phy: xgmiitorgmii: Check read_status results (bsc#1051510). - net: phy: xgmiitorgmii: Support generic PHY status read (bsc#1051510). - net: psample: fix skb_over_panic (networking-stable-19_12_03). - net: qlogic: Fix error paths in ql_alloc_large_buffers() (networking-stable-19_12_28). - net: rtnetlink: prevent underflows in do_setvfinfo() (networking-stable-19_11_25). - net: sched: correct flower port blocking (git-fixes). - net: sched: fix `tc -s class show` no bstats on class with nolock subqueues (networking-stable-19_12_03). - net: usb: lan78xx: Fix suspend/resume PHY register access error (networking-stable-19_12_28). - net: usb: lan78xx: limit size of local TSO packets (bsc#1051510). - net: usb: qmi_wwan: add support for DW5821e with eSIM support (networking-stable-19_11_10). - net: usb: qmi_wwan: add support for Foxconn T77W968 LTE modules (networking-stable-19_11_18). - netfilter: nf_queue: enqueue skbs with NULL dst (git-fixes). - new helper: lookup_positive_unlocked() (bsc#1159271). - NFC: fdp: fix incorrect free object (networking-stable-19_11_10). - NFC: pn533: fix bulk-message timeout (bsc#1051510). - NFC: pn544: Adjust indentation in pn544_hci_check_presence (git-fixes). - NFC: st21nfca: fix double free (networking-stable-19_11_10). - nvme: fix the parameter order for nvme_get_log in nvme_get_fw_slot_info (bsc#1163774). - ocfs2: fix panic due to ocfs2_wq is null (bsc#1158644). - ocfs2: fix passing zero to 'PTR_ERR' warning (bsc#1158649). - openvswitch: drop unneeded BUG_ON() in ovs_flow_cmd_build_info() (networking-stable-19_12_03). - openvswitch: remove another BUG_ON() (networking-stable-19_12_03). - openvswitch: support asymmetric conntrack (networking-stable-19_12_16). - orinoco_usb: fix interface sanity check (git-fixes). - PCI/IOV: Fix memory leak in pci_iov_add_virtfn() (git-fixes). - PCI/MSI: Fix incorrect MSI-X masking on resume (bsc#1051510). - PCI/MSI: Return -ENOSPC from pci_alloc_irq_vectors_affinity() (bsc#1051510). - PCI/PTM: Remove spurious 'd' from granularity message (bsc#1051510). - PCI/switchtec: Fix vep_vector_number ioread width (bsc#1051510). - PCI: Add DMA alias quirk for Intel VCA NTB (bsc#1051510). - PCI: Apply Cavium ACS quirk to ThunderX2 and ThunderX3 (bsc#1051510). - PCI: Do not disable bridge BARs when assigning bus resources (bsc#1051510). - PCI: dwc: Fix find_next_bit() usage (bsc#1051510). - PCI: Fix Intel ACS quirk UPDCR register address (bsc#1051510). - PCI: rcar: Fix missing MACCTLR register setting in initialization sequence (bsc#1051510). - PCI: tegra: Enable Relaxed Ordering only for Tegra20 & Tegra30 (git-fixes). - percpu: Separate decrypted varaibles anytime encryption can be enabled (bsc#1114279). - perf/x86/intel: Fix inaccurate period in context switch for auto-reload (bsc#1164315). - phy: qualcomm: Adjust indentation in read_poll_timeout (bsc#1051510). - pinctrl: qcom: ssbi-gpio: fix gpio-hog related boot issues (bsc#1051510). - pinctrl: sh-pfc: r8a7778: Fix duplicate SDSELF_B and SD1_CLK_B (bsc#1051510). - pinctrl: xway: fix gpio-hog related boot issues (bsc#1051510). - pktcdvd: remove warning on attempting to register non-passthrough dev (bsc#1051510). - platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0 (bsc#1051510). - platform/x86: hp-wmi: Fix ACPI errors caused by passing 0 as input size (bsc#1051510). - platform/x86: hp-wmi: Fix ACPI errors caused by too small buffer (bsc#1051510). - platform/x86: hp-wmi: Make buffer for HPWMI_FEATURE2_QUERY 128 bytes (bsc#1051510). - platform/x86: pmc_atom: Add Siemens CONNECT X300 to critclk_systems DMI table (bsc#1051510). - PM / AVS: SmartReflex: NULL check before some freeing functions is not needed (bsc#1051510). - PM / Domains: Deal with multiple states but no governor in genpd (bsc#1051510). - power: supply: ltc2941-battery-gauge: fix use-after-free (bsc#1051510). - powerpc/archrandom: fix arch_get_random_seed_int() (bsc#1065729). - powerpc/irq: fix stack overflow verification (bsc#1065729). - powerpc/livepatch: return -ERRNO values in save_stack_trace_tsk_reliable() (bsc#1071995 bsc#1161875). - powerpc/mm: drop #ifdef CONFIG_MMU in is_ioremap_addr() (bsc#1065729). - powerpc/mm: Remove kvm radix prefetch workaround for Power9 DD2.2 (bsc#1061840). - powerpc/pkeys: remove unused pkey_allows_readwrite (bsc#1065729). - powerpc/powernv: Disable native PCIe port management (bsc#1065729). - powerpc/pseries/hotplug-memory: Change rc variable to bool (bsc#1065729). - powerpc/pseries/lparcfg: Fix display of Maximum Memory (bsc#1162028 ltc#181740). - powerpc/pseries/mobility: notify network peers after migration (bsc#1152631 ltc#181798). - powerpc/pseries/vio: Fix iommu_table use-after-free refcount warning (bsc#1065729). - powerpc/pseries: Advance pfn if section is not present in lmb_is_removable() (bsc#1065729). - powerpc/pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce for DDW (bsc#1065729). - powerpc/pseries: Drop pointless static qualifier in vpa_debugfs_init() (git-fixes). - powerpc/security: Fix debugfs data leak on 32-bit (bsc#1065729). - powerpc/tm: Fix clearing MSR[TS] in current when reclaiming on signal delivery (bsc#1118338 ltc#173734). - powerpc/tools: Do not quote $objdump in scripts (bsc#1065729). - powerpc/xive: Discard ESB load value when interrupt is invalid (bsc#1085030). - powerpc/xive: Skip ioremap() of ESB pages for LSI interrupts (bsc#1085030). - powerpc/xmon: do not access ASDR in VMs (bsc#1065729). - powerpc: Allow 64bit VDSO __kernel_sync_dicache to work across ranges >4GB (bnc#1151927 5.3.17). - powerpc: Allow flush_icache_range to work across ranges >4GB (bnc#1151927 5.3.17). - powerpc: avoid adjusting memory_limit for capture kernel memory reservation (bsc#1140025 ltc#176086). - powerpc: Fix vDSO clock_getres() (bsc#1065729). - powerpc: reserve memory for capture kernel after hugepages init (bsc#1140025 ltc#176086). - ppp: Adjust indentation into ppp_async_input (git-fixes). - prevent active file list thrashing due to refault detection (VM Performance, bsc#1156286). - printk: Export console_printk (bsc#1071995). - pstore/ram: Write new dumps to start of recycled zones (bsc#1051510). - pwm: Clear chip_data in pwm_put() (bsc#1051510). - pwm: clps711x: Fix period calculation (bsc#1051510). - pwm: omap-dmtimer: Remove PWM chip in .remove before making it unfunctional (git-fixes). - pwm: Remove set but not set variable 'pwm' (git-fixes). - pxa168fb: Fix the function used to release some memory in an error (bsc#1114279) - qede: Disable hardware gro when xdp prog is installed (bsc#1086314 bsc#1086313 bsc#1086301 ). - qede: Fix multicast mac configuration (networking-stable-19_12_28). - qede: fix NULL pointer deref in __qede_remove() (networking-stable-19_11_10). - qmi_wwan: Add support for Quectel RM500Q (bsc#1051510). - quota: Check that quota is not dirty before release (bsc#1163858). - quota: fix livelock in dquot_writeback_dquots (bsc#1163857). - r8152: add missing endpoint sanity check (bsc#1051510). - r8152: get default setting of WOL before initializing (bsc#1051510). - random: move FIPS continuous test to output functions (bsc#1155334). - RDMA/bnxt_re: Avoid freeing MR resources if dereg fails (bsc#1050244). - RDMA/hns: Prevent memory leaks of eq->buf_list (bsc#1104427 ). - regulator: Fix return value of _set_load() stub (bsc#1051510). - regulator: rk808: Lower log level on optional GPIOs being not available (bsc#1051510). - regulator: rn5t618: fix module aliases (bsc#1051510). - regulator: tps65910: fix a missing check of return value (bsc#1051510). - reiserfs: Fix memory leak of journal device string (bsc#1163867). - reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling (bsc#1163869). - reset: fix reset_control_ops kerneldoc comment (bsc#1051510). - resource: fix locking in find_next_iomem_res() (bsc#1114279). - rpm/kabi.pl: support new (>=5.4) Module.symvers format (new symbol namespace field) - rpm/kernel-binary.spec.in: Replace Novell with SUSE - rpm/kernel-subpackage-spec: Exclude kernel-firmware recommends (bsc#1143959) For reducing the dependency on kernel-firmware in sub packages - rpm/kernel-subpackage-spec: Fix empty Recommends tag (bsc#1143959) - rpm/kernel-subpackage-spec: fix kernel-default-base build There were some issues with recent changes to subpackage dependencies handling: - rpm/kernel-subpackage-spec: Unify dependency handling. - rpm/modules.fips: update module list (bsc#1157853) - rsi_91x_usb: fix interface sanity check (git-fixes). - rt2800: remove errornous duplicate condition (git-fixes). - rtc: cmos: Stop using shared IRQ (bsc#1051510). - rtc: dt-binding: abx80x: fix resistance scale (bsc#1051510). - rtc: hym8563: Return -EINVAL if the time is known to be invalid (bsc#1051510). - rtc: max8997: Fix the returned value in case of error in 'max8997_rtc_read_alarm()' (bsc#1051510). - rtc: msm6242: Fix reading of 10-hour digit (bsc#1051510). - rtc: pcf8523: set xtal load capacitance from DT (bsc#1051510). - rtc: s35390a: Change buf's type to u8 in s35390a_init (bsc#1051510). - rtl818x: fix potential use after free (bsc#1051510). - rtl8xxxu: fix interface sanity check (git-fixes). - rtlwifi: Fix MAX MPDU of VHT capability (git-fixes). - rtlwifi: Remove redundant semicolon in wifi.h (git-fixes). - s390/ftrace: generate traced function stack frame (jsc#SLE-11178 jsc#SLE-11179). - s390/ftrace: save traced function caller (jsc#SLE-11179). - s390/ftrace: use HAVE_FUNCTION_GRAPH_RET_ADDR_PTR (jsc#SLE-11179). - s390/head64: correct init_task stack setup (jsc#SLE-11179). - s390/kasan: avoid false positives during stack unwind (jsc#SLE-11179). - s390/kasan: avoid report in get_wchan (jsc#SLE-11179). - s390/livepatch: Implement reliable stack tracing for the consistency model (jsc#SLE-11179). - s390/mm: properly clear _PAGE_NOEXEC bit when it is not supported (bsc#1051510). - s390/process: avoid custom stack unwinding in get_wchan (jsc#SLE-11179). - s390/qeth: clean up page frag creation (git-fixes). - s390/qeth: consolidate skb allocation (git-fixes). - s390/qeth: ensure linear access to packet headers (git-fixes). - s390/qeth: guard against runt packets (git-fixes). - s390/stacktrace: use common arch_stack_walk infrastructure (jsc#SLE-11179). - s390/suspend: fix stack setup in swsusp_arch_suspend (jsc#SLE-11179). - s390/test_unwind: print verbose unwinding results (jsc#SLE-11179). - s390/unwind: add stack pointer alignment sanity checks (jsc#SLE-11179). - s390/unwind: always inline get_stack_pointer (jsc#SLE-11179). - s390/unwind: avoid int overflow in outside_of_stack (jsc#SLE-11179). - s390/unwind: cleanup unused READ_ONCE_TASK_STACK (jsc#SLE-11179). - s390/unwind: correct stack switching during unwind (jsc#SLE-11179). - s390/unwind: drop unnecessary code around calling ftrace_graph_ret_addr() (jsc#SLE-11179). - s390/unwind: filter out unreliable bogus %r14 (jsc#SLE-11179). - s390/unwind: fix get_stack_pointer(NULL, NULL) (jsc#SLE-11179). - s390/unwind: fix mixing regs and sp (jsc#SLE-11179). - s390/unwind: introduce stack unwind API (jsc#SLE-11179). - s390/unwind: make reuse_sp default when unwinding pt_regs (jsc#SLE-11179). - s390/unwind: remove stack recursion warning (jsc#SLE-11179). - s390/unwind: report an error if pt_regs are not on stack (jsc#SLE-11179). - s390/unwind: start unwinding from reliable state (jsc#SLE-11179). - s390/unwind: stop gracefully at task pt_regs (jsc#SLE-11179). - s390/unwind: stop gracefully at user mode pt_regs in irq stack (jsc#SLE-11179). - s390/unwind: unify task is current checks (jsc#SLE-11179). - s390: add stack switch helper (jsc#SLE-11179). - s390: add support for virtually mapped kernel stacks (jsc#SLE-11179). - s390: always inline current_stack_pointer() (jsc#SLE-11179). - s390: always inline disabled_wait (jsc#SLE-11179). - s390: avoid misusing CALL_ON_STACK for task stack setup (jsc#SLE-11179). - s390: clean up stacks setup (jsc#SLE-11179). - s390: correct CALL_ON_STACK back_chain saving (jsc#SLE-11179). - s390: disable preemption when switching to nodat stack with CALL_ON_STACK (jsc#SLE-11179). - s390: fine-tune stack switch helper (jsc#SLE-11179). - s390: fix register clobbering in CALL_ON_STACK (jsc#SLE-11179). - s390: kabi workaround for ftrace_ret_stack (jsc#SLE-11179). - s390: kabi workaround for lowcore changes due to vmap stack (jsc#SLE-11179). - s390: kabi workaround for reliable stack tracing (jsc#SLE-11179). - s390: preserve kabi for stack unwind API (jsc#SLE-11179). - s390: unify stack size definitions (jsc#SLE-11179). - sched/fair: Add tmp_alone_branch assertion (bnc#1156462). - sched/fair: Fix insertion in rq->leaf_cfs_rq_list (bnc#1156462). - sched/fair: Fix O(nr_cgroups) in the load balancing path (bnc#1156462). - sched/fair: Optimize update_blocked_averages() (bnc#1156462). - sched/fair: WARN() and refuse to set buddy when !se->on_rq (bsc#1158132). - scsi: qla2xxx: Add a shadow variable to hold disc_state history of fcport (bsc#1158013). - scsi: qla2xxx: Add D-Port Diagnostic reason explanation logs (bsc#1158013). - scsi: qla2xxx: Added support for MPI and PEP regions for ISP28XX (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548). - scsi: qla2xxx: Cleanup unused async_logout_done (bsc#1158013). - scsi: qla2xxx: Consolidate fabric scan (bsc#1158013). - scsi: qla2xxx: Correct fcport flags handling (bsc#1158013). - scsi: qla2xxx: Correctly retrieve and interpret active flash region (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548). - scsi: qla2xxx: Fix a NULL pointer dereference in an error path (bsc#1157966 bsc#1158013 bsc#1157424). - scsi: qla2xxx: Fix fabric scan hang (bsc#1158013). - scsi: qla2xxx: Fix incorrect SFUB length used for Secure Flash Update MB Cmd (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548). - scsi: qla2xxx: Fix mtcp dump collection failure (bsc#1158013). - scsi: qla2xxx: Fix RIDA Format-2 (bsc#1158013). - scsi: qla2xxx: Fix stuck login session using prli_pend_timer (bsc#1158013). - scsi: qla2xxx: Fix stuck session in GNL (bsc#1158013). - scsi: qla2xxx: Fix the endianness of the qla82xx_get_fw_size() return type (bsc#1158013). - scsi: qla2xxx: Fix unbound NVME response length (bsc#1157966 bsc#1158013 bsc#1157424). - scsi: qla2xxx: Fix update_fcport for current_topology (bsc#1158013). - scsi: qla2xxx: Improve readability of the code that handles qla_flt_header (bsc#1158013). - scsi: qla2xxx: Remove defer flag to indicate immeadiate port loss (bsc#1158013). - scsi: qla2xxx: Update driver version to 10.01.00.22-k (bsc#1158013). - scsi: qla2xxx: Use common routine to free fcport struct (bsc#1158013). - scsi: qla2xxx: Use get_unaligned_*() instead of open-coding these functions (bsc#1158013). - scsi: zfcp: trace channel log even for FCP command responses (git-fixes). - sctp: cache netns in sctp_ep_common (networking-stable-19_12_03). - sctp: fully initialize v4 addr in some functions (networking-stable-19_12_28). - serial: 8250_bcm2835aux: Fix line mismatch on driver unbind (bsc#1051510). - serial: ifx6x60: add missed pm_runtime_disable (bsc#1051510). - serial: max310x: Fix tx_empty() callback (bsc#1051510). - serial: pl011: Fix DMA ->flush_buffer() (bsc#1051510). - serial: serial_core: Perform NULL checks for break_ctl ops (bsc#1051510). - serial: stm32: fix transmit_chars when tx is stopped (bsc#1051510). - sfc: Only cancel the PPS workqueue if it exists (networking-stable-19_11_25). - sh_eth: check sh_eth_cpu_data::dual_port when dumping registers (bsc#1051510). - sh_eth: fix dumping ARSTR (bsc#1051510). - sh_eth: fix invalid context bug while calling auto-negotiation by ethtool (bsc#1051510). - sh_eth: fix invalid context bug while changing link options by ethtool (bsc#1051510). - sh_eth: fix TSU init on SH7734/R8A7740 (bsc#1051510). - sh_eth: fix TXALCR1 offsets (bsc#1051510). - sh_eth: TSU_QTAG0/1 registers the same as TSU_QTAGM0/1 (bsc#1051510). - smb3: Fix crash in SMB2_open_init due to uninitialized field in compounding path (bsc#1144333). - smb3: Fix persistent handles reconnect (bsc#1144333). - smb3: fix refcount underflow warning on unmount when no directory leases (bsc#1144333). - smb3: remove confusing dmesg when mounting with encryption ('seal') (bsc#1144333). - soc/tegra: fuse: Correct straps' address for older Tegra124 device trees (bsc#1051510). - soc: renesas: rcar-sysc: Add goto to of_node_put() before return (bsc#1051510). - soc: ti: wkup_m3_ipc: Fix race condition with rproc_boot (bsc#1051510). - spi: omap2-mcspi: Fix DMA and FIFO event trigger size mismatch (bsc#1051510). - spi: omap2-mcspi: Set FIFO DMA trigger level to word length (bsc#1051510). - spi: tegra114: clear packed bit for unpacked mode (bsc#1051510). - spi: tegra114: configure dma burst size to fifo trig level (bsc#1051510). - spi: tegra114: fix for unpacked mode transfers (bsc#1051510). - spi: tegra114: flush fifos (bsc#1051510). - spi: tegra114: terminate dma and reset on transfer timeout (bsc#1051510). - sr_vendor: support Beurer GL50 evo CD-on-a-chip devices (boo#1164632). - stacktrace: Do not skip first entry on noncurrent tasks (jsc#SLE-11179). - stacktrace: Force USER_DS for stack_trace_save_user() (jsc#SLE-11179). - stacktrace: Get rid of unneeded '!!' pattern (jsc#SLE-11179). - stacktrace: Provide common infrastructure (jsc#SLE-11179). - stacktrace: Provide helpers for common stack trace operations (jsc#SLE-11179). - stacktrace: Unbreak stack_trace_save_tsk_reliable() (jsc#SLE-11179). - stacktrace: Use PF_KTHREAD to check for kernel threads (jsc#SLE-11179). - staging: comedi: adv_pci1710: fix AI channels 16-31 for PCI-1713 (bsc#1051510). - staging: iio: adt7316: Fix i2c data reading, set the data field (bsc#1051510). - staging: rtl8188eu: fix interface sanity check (bsc#1051510). - staging: rtl8192e: fix potential use after free (bsc#1051510). - staging: rtl8723bs: Add 024c:0525 to the list of SDIO device-ids (bsc#1051510). - staging: rtl8723bs: Drop ACPI device ids (bsc#1051510). - staging: vt6656: correct packet types for CTS protect, mode (bsc#1051510). - staging: vt6656: Fix false Tx excessive retries reporting (bsc#1051510). - staging: vt6656: use NULLFUCTION stack on mac80211 (bsc#1051510). - staging: wlan-ng: ensure error return is actually returned (bsc#1051510). - stm class: Fix a double free of stm_source_device (bsc#1051510). - stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock (bsc#1088810, bsc#1161702). - stop_machine: Atomically queue and wake stopper threads (bsc#1088810, bsc#1161702). - stop_machine: Disable preemption after queueing stopper threads (bsc#1088810, bsc#1161702). - stop_machine: Disable preemption when waking two stopper threads (bsc#1088810, bsc#1161702). - supported.conf: - synclink_gt(): fix compat_ioctl() (bsc#1051510). - tcp: clear tp->packets_out when purging write queue (bsc#1160560). - tcp: do not send empty skb from tcp_write_xmit() (networking-stable-20_01_01). - tcp: exit if nothing to retransmit on RTO timeout (bsc#1160560, stable 4.14.159). - tcp: md5: fix potential overestimation of TCP option space (networking-stable-19_12_16). - tcp_nv: fix potential integer overflow in tcpnv_acked (bsc#1051510). - thermal: Fix deadlock in thermal thermal_zone_device_check (bsc#1051510). - tipc: Avoid copying bytes beyond the supplied data (bsc#1051510). - tipc: check bearer name with right length in tipc_nl_compat_bearer_enable (bsc#1051510). - tipc: check link name with right length in tipc_nl_compat_link_set (bsc#1051510). - tipc: check msg->req data len in tipc_nl_compat_bearer_disable (bsc#1051510). - tipc: compat: allow tipc commands without arguments (bsc#1051510). - tipc: fix a missing check of genlmsg_put (bsc#1051510). - tipc: fix link name length check (bsc#1051510). - tipc: fix memory leak in tipc_nl_compat_publ_dump (bsc#1051510). - tipc: fix skb may be leaky in tipc_link_input (bsc#1051510). - tipc: fix tipc_mon_delete() oops in tipc_enable_bearer() error path (bsc#1051510). - tipc: fix wrong timeout input for tipc_wait_for_cond() (bsc#1051510). - tipc: handle the err returned from cmd header function (bsc#1051510). - tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb (bsc#1051510). - tipc: tipc clang warning (bsc#1051510). - tracing: Annotate ftrace_graph_hash pointer with __rcu (git-fixes). - tracing: Annotate ftrace_graph_notrace_hash pointer with __rcu (git-fixes). - tracing: Cleanup stack trace code (jsc#SLE-11179). - tracing: Fix tracing_stat return values in error handling paths (git-fixes). - tracing: Fix very unlikely race of registering two stat tracers (git-fixes). - tracing: Have the histogram compare functions convert to u64 first (bsc#1160210). - tracing: xen: Ordered comparison of function pointers (git-fixes). - tty/serial: atmel: Add is_half_duplex helper (bsc#1051510). - tty: n_hdlc: fix build on SPARC (bsc#1051510). - tty: serial: fsl_lpuart: use the sg count from dma_map_sg (bsc#1051510). - tty: serial: imx: use the sg count from dma_map_sg (bsc#1051510). - tty: serial: msm_serial: Fix flow control (bsc#1051510). - tty: serial: msm_serial: Fix lockup for sysrq and oops (bsc#1051510). - tty: serial: pch_uart: correct usage of dma_unmap_sg (bsc#1051510). - tty: vt: keyboard: reject invalid keycodes (bsc#1051510). - uaccess: Add non-pagefault user-space write function (bsc#1083647). - ubifs: Correctly initialize c->min_log_bytes (bsc#1158641). - ubifs: do not trigger assertion on invalid no-key filename (bsc#1163850). - ubifs: Fix deadlock in concurrent bulk-read and writepage (bsc#1163856). - ubifs: Fix FS_IOC_SETFLAGS unexpectedly clearing encrypt flag (bsc#1163855). - ubifs: Limit the number of pages in shrink_liability (bsc#1158643). - ubifs: Reject unsupported ioctl flags explicitly (bsc#1163844). - udp: fix integer overflow while computing available space in sk_rcvbuf (networking-stable-20_01_01). - usb-storage: Disable UAS on JMicron SATA enclosure (bsc#1051510). - usb: adutux: fix interface sanity check (bsc#1051510). - usb: Allow USB device to be warm reset in suspended state (bsc#1051510). - usb: atm: ueagle-atm: add missing endpoint check (bsc#1051510). - usb: chipidea: host: Disable port power only if previously enabled (bsc#1051510). - usb: core: fix check for duplicate endpoints (git-fixes). - usb: core: hub: Improved device recognition on remote wakeup (bsc#1051510). - usb: core: urb: fix URB structure initialization function (bsc#1051510). - usb: documentation: flags on usb-storage versus UAS (bsc#1051510). - usb: dwc3: debugfs: Properly print/set link state for HS (bsc#1051510). - usb: dwc3: do not log probe deferrals; but do log other error codes (bsc#1051510). - usb: dwc3: ep0: Clear started flag on completion (bsc#1051510). - usb: dwc3: turn off VBUS when leaving host mode (bsc#1051510). - usb: EHCI: Do not return -EPIPE when hub is disconnected (git-fixes). - usb: gadget: f_ecm: Use atomic_t to track in-flight request (bsc#1051510). - usb: gadget: f_ncm: Use atomic_t to track in-flight request (bsc#1051510). - usb: gadget: legacy: set max_speed to super-speed (bsc#1051510). - usb: gadget: pch_udc: fix use after free (bsc#1051510). - usb: gadget: u_serial: add missing port entry locking (bsc#1051510). - usb: gadget: Zero ffs_io_data (bsc#1051510). - usb: host: xhci-hub: fix extra endianness conversion (bsc#1051510). - usb: idmouse: fix interface sanity checks (bsc#1051510). - usb: misc: appledisplay: fix backlight update_status return code (bsc#1051510). - usb: mon: Fix a deadlock in usbmon between mmap and read (bsc#1051510). - usb: mtu3: fix dbginfo in qmu_tx_zlp_error_handler (bsc#1051510). - usb: musb: dma: Correct parameter passed to IRQ handler (bsc#1051510). - usb: musb: fix idling for suspend after disconnect interrupt (bsc#1051510). - usb: serial: ch341: handle unbound port at reset_resume (bsc#1051510). - usb: serial: ftdi_sio: add device IDs for U-Blox C099-F9P (bsc#1051510). - usb: serial: io_edgeport: add missing active-port sanity check (bsc#1051510). - usb: serial: io_edgeport: fix epic endpoint lookup (bsc#1051510). - usb: serial: io_edgeport: handle unbound ports on URB completion (bsc#1051510). - usb: serial: io_edgeport: use irqsave() in USB's complete callback (bsc#1051510). - usb: serial: ir-usb: add missing endpoint sanity check (bsc#1051510). - usb: serial: ir-usb: fix IrLAP framing (bsc#1051510). - usb: serial: ir-usb: fix link-speed handling (bsc#1051510). - usb: serial: keyspan: handle unbound ports (bsc#1051510). - usb: serial: opticon: fix control-message timeouts (bsc#1051510). - usb: serial: option: Add support for Quectel RM500Q (bsc#1051510). - usb: serial: option: add support for Quectel RM500Q in QDL mode (git-fixes). - usb: serial: option: add Telit ME910G1 0x110a composition (git-fixes). - usb: serial: option: add ZLP support for 0x1bc7/0x9010 (git-fixes). - usb: serial: quatech2: handle unbound ports (bsc#1051510). - usb: serial: simple: Add Motorola Solutions TETRA MTP3xxx and MTP85xx (bsc#1051510). - usb: serial: suppress driver bind attributes (bsc#1051510). - usb: typec: tcpci: mask event interrupts when remove driver (bsc#1051510). - usb: uas: heed CAPACITY_HEURISTICS (bsc#1051510). - usb: uas: honor flag to avoid CAPACITY16 (bsc#1051510). - usb: xhci: Fix build warning seen with CONFIG_PM=n (bsc#1051510). - usb: xhci: only set D3hot for pci device (bsc#1051510). - usbip: Fix error path of vhci_recv_ret_submit() (git-fixes). - usbip: Fix receive error in vhci-hcd when using scatter-gather (bsc#1051510). - vfs: fix preadv64v2 and pwritev64v2 compat syscalls with offset == -1 (bsc#1051510). - vhost/vsock: accept only packets with the right dst_cid (networking-stable-20_01_01). - video: backlight: Add devres versions of of_find_backlight (bsc#1090888) Taken for 6010831dde5. - video: backlight: Add of_find_backlight helper in backlight.c (bsc#1090888) Taken for 6010831dde5. - vsock/virtio: fix sock refcnt holding during the shutdown (git-fixes). - watchdog: max77620_wdt: fix potential build errors (bsc#1051510). - watchdog: rn5t618_wdt: fix module aliases (bsc#1051510). - watchdog: sama5d4: fix WDD value to be always set to max (bsc#1051510). - watchdog: wdat_wdt: fix get_timeleft call for wdat_wdt (bsc#1162557). - wireless: fix enabling channel 12 for custom regulatory domain (bsc#1051510). - wireless: wext: avoid gcc -O3 warning (bsc#1051510). - workqueue: Fix pwq ref leak in rescuer_thread() (bsc#1160211). - x86/cpu: Update cached HLE state on write to TSX_CTRL_CPUID_CLEAR (bsc#1162619). - x86/intel_rdt: Split resource group removal in two (bsc#1112178). - x86/kgbd: Use NMI_VECTOR not APIC_DM_NMI (bsc#1114279). - x86/mce/AMD: Allow any CPU to initialize the smca_banks array (bsc#1114279). - x86/MCE/AMD: Allow Reserved types to be overwritten in smca_banks (bsc#1114279). - x86/MCE/AMD: Do not use rdmsr_safe_on_cpu() in smca_configure() (bsc#1114279). - x86/mce: Fix possibly incorrect severity calculation on AMD (bsc#1114279). - x86/resctrl: Check monitoring static key in the MBM overflow handler (bsc#1114279). - x86/resctrl: Fix a deadlock due to inaccurate reference (bsc#1112178). - x86/resctrl: Fix an imbalance in domain_remove_cpu() (bsc#1114279). - x86/resctrl: Fix potential memory leak (bsc#1114279). - x86/resctrl: Fix use-after-free due to inaccurate refcount of rdtgroup (bsc#1112178). - x86/resctrl: Fix use-after-free when deleting resource groups (bsc#1114279). - x86/speculation: Fix incorrect MDS/TAA mitigation status (bsc#1114279). - x86/speculation: Fix redundant MDS mitigation message (bsc#1114279). - xen-blkfront: switch kcalloc to kvcalloc for large array allocation (bsc#1160917). - xen/balloon: Support xend-based toolstack take two (bsc#1065600). - xen/blkback: Avoid unmapping unmapped grant pages (bsc#1065600). - xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk (bsc#1065600). - xen: Enable interrupts when calling _cond_resched() (bsc#1065600). - xfrm: Fix transport mode skb control buffer usage (bsc#1161552). - xfs: Fix tail rounding in xfs_alloc_file_space() (bsc#1161087, bsc#1153917). - xfs: Sanity check flags of Q_XQUOTARM call (bsc#1158652). - xhci: Fix memory leak in xhci_add_in_port() (bsc#1051510). - xhci: fix USB3 device initiated resume race with roothub autosuspend (bsc#1051510). - xhci: handle some XHCI_TRUST_TX_LENGTH quirks cases as default behaviour (bsc#1051510). - xhci: Increase STS_HALT timeout in xhci_suspend() (bsc#1051510). - xhci: make sure interrupts are restored to correct state (bsc#1051510). - zd1211rw: fix storage endpoint lookup (git-fixes). Important SUSE bug 1046303 SUSE bug 1050244 SUSE bug 1051510 SUSE bug 1051858 SUSE bug 1061840 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1083647 SUSE bug 1085030 SUSE bug 1086301 SUSE bug 1086313 SUSE bug 1086314 SUSE bug 1088810 SUSE bug 1090888 SUSE bug 1104427 SUSE bug 1105392 SUSE bug 1111666 SUSE bug 1112178 SUSE bug 1112504 SUSE bug 1114279 SUSE bug 1115026 SUSE bug 1118338 SUSE bug 1120853 SUSE bug 1123328 SUSE bug 1127371 SUSE bug 1133021 SUSE bug 1133147 SUSE bug 1134973 SUSE bug 1140025 SUSE bug 1141054 SUSE bug 1142095 SUSE bug 1143959 SUSE bug 1144333 SUSE bug 1146519 SUSE bug 1146544 SUSE bug 1151548 SUSE bug 1151910 SUSE bug 1151927 SUSE bug 1152631 SUSE bug 1153917 SUSE bug 1154243 SUSE bug 1155331 SUSE bug 1155334 SUSE bug 1155689 SUSE bug 1156259 SUSE bug 1156286 SUSE bug 1156462 SUSE bug 1157155 SUSE bug 1157157 SUSE bug 1157169 SUSE bug 1157303 SUSE bug 1157424 SUSE bug 1157692 SUSE bug 1157853 SUSE bug 1157908 SUSE bug 1157966 SUSE bug 1158013 SUSE bug 1158021 SUSE bug 1158026 SUSE bug 1158094 SUSE bug 1158132 SUSE bug 1158381 SUSE bug 1158394 SUSE bug 1158398 SUSE bug 1158407 SUSE bug 1158410 SUSE bug 1158413 SUSE bug 1158417 SUSE bug 1158427 SUSE bug 1158445 SUSE bug 1158533 SUSE bug 1158637 SUSE bug 1158638 SUSE bug 1158639 SUSE bug 1158640 SUSE bug 1158641 SUSE bug 1158643 SUSE bug 1158644 SUSE bug 1158645 SUSE bug 1158646 SUSE bug 1158647 SUSE bug 1158649 SUSE bug 1158651 SUSE bug 1158652 SUSE bug 1158819 SUSE bug 1158823 SUSE bug 1158824 SUSE bug 1158827 SUSE bug 1158834 SUSE bug 1158893 SUSE bug 1158900 SUSE bug 1158903 SUSE bug 1158904 SUSE bug 1158954 SUSE bug 1159024 SUSE bug 1159028 SUSE bug 1159271 SUSE bug 1159297 SUSE bug 1159394 SUSE bug 1159483 SUSE bug 1159484 SUSE bug 1159569 SUSE bug 1159588 SUSE bug 1159841 SUSE bug 1159908 SUSE bug 1159909 SUSE bug 1159910 SUSE bug 1159911 SUSE bug 1159955 SUSE bug 1160195 SUSE bug 1160210 SUSE bug 1160211 SUSE bug 1160218 SUSE bug 1160433 SUSE bug 1160442 SUSE bug 1160476 SUSE bug 1160560 SUSE bug 1160755 SUSE bug 1160756 SUSE bug 1160784 SUSE bug 1160787 SUSE bug 1160802 SUSE bug 1160803 SUSE bug 1160804 SUSE bug 1160917 SUSE bug 1160966 SUSE bug 1160979 SUSE bug 1161087 SUSE bug 1161360 SUSE bug 1161514 SUSE bug 1161518 SUSE bug 1161522 SUSE bug 1161523 SUSE bug 1161549 SUSE bug 1161552 SUSE bug 1161674 SUSE bug 1161702 SUSE bug 1161875 SUSE bug 1161907 SUSE bug 1161931 SUSE bug 1161933 SUSE bug 1161934 SUSE bug 1161935 SUSE bug 1161936 SUSE bug 1161937 SUSE bug 1162028 SUSE bug 1162067 SUSE bug 1162109 SUSE bug 1162139 SUSE bug 1162557 SUSE bug 1162617 SUSE bug 1162618 SUSE bug 1162619 SUSE bug 1162623 SUSE bug 1162928 SUSE bug 1162943 SUSE bug 1163383 SUSE bug 1163384 SUSE bug 1163762 SUSE bug 1163774 SUSE bug 1163836 SUSE bug 1163840 SUSE bug 1163841 SUSE bug 1163842 SUSE bug 1163843 SUSE bug 1163844 SUSE bug 1163845 SUSE bug 1163846 SUSE bug 1163849 SUSE bug 1163850 SUSE bug 1163851 SUSE bug 1163852 SUSE bug 1163853 SUSE bug 1163855 SUSE bug 1163856 SUSE bug 1163857 SUSE bug 1163858 SUSE bug 1163859 SUSE bug 1163860 SUSE bug 1163861 SUSE bug 1163862 SUSE bug 1163863 SUSE bug 1163867 SUSE bug 1163869 SUSE bug 1163880 SUSE bug 1163971 SUSE bug 1164069 SUSE bug 1164098 SUSE bug 1164115 SUSE bug 1164314 SUSE bug 1164315 SUSE bug 1164388 SUSE bug 1164471 SUSE bug 1164632 SUSE bug 1164705 SUSE bug 1164712 SUSE bug 1164727 SUSE bug 1164728 SUSE bug 1164729 SUSE bug 1164730 SUSE bug 1164731 SUSE bug 1164732 SUSE bug 1164733 SUSE bug 1164734 SUSE bug 1164735 CVE-2019-14615 CVE-2019-14896 CVE-2019-14897 CVE-2019-15213 CVE-2019-16994 CVE-2019-18808 CVE-2019-19036 CVE-2019-19045 CVE-2019-19051 CVE-2019-19054 CVE-2019-19066 CVE-2019-19318 CVE-2019-19319 CVE-2019-19332 CVE-2019-19338 CVE-2019-19447 CVE-2019-19523 CVE-2019-19524 CVE-2019-19525 CVE-2019-19526 CVE-2019-19527 CVE-2019-19528 CVE-2019-19529 CVE-2019-19530 CVE-2019-19531 CVE-2019-19532 CVE-2019-19533 CVE-2019-19534 CVE-2019-19535 CVE-2019-19536 CVE-2019-19537 CVE-2019-19543 CVE-2019-19767 CVE-2019-19965 CVE-2019-19966 CVE-2019-20054 CVE-2019-20095 CVE-2019-20096 CVE-2020-2732 CVE-2020-7053 CVE-2020-8428 CVE-2020-8648 CVE-2020-8992 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for librsvg to version 2.40.21 fixes the following issues: librsvg was updated to version 2.40.21 fixing the following issues: - CVE-2019-20446: Fixed an issue where a crafted SVG file with nested patterns can cause denial of service (bsc#1162501). NOTE: Librsvg now has limits on the number of loaded XML elements, and the number of referenced elements within an SVG document. - Fixed a stack exhaustion with circular references in <use> elements. - Fixed a denial-of-service condition from exponential explosion of rendered elements, through nested use of SVG 'use' elements in malicious SVGs. Moderate SUSE bug 1162501 CVE-2019-20446 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for gd fixes the following issues: - CVE-2017-7890: Fixed a buffer over-read into uninitialized memory (bsc#1050241). - CVE-2018-14553: Fixed a null pointer dereference in gdImageClone() (bsc#1165471). - CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm() (bsc#1140120). Moderate SUSE bug 1050241 SUSE bug 1140120 SUSE bug 1165471 CVE-2017-7890 CVE-2018-14553 CVE-2019-11038 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for java-1_7_0-openjdk fixes the following issues: Update java-1_7_0-openjdk to version jdk7u251 (January 2020 CPU, bsc#1160968): - CVE-2020-2583: Unlink Set of LinkedHashSets - CVE-2020-2590: Improve Kerberos interop capabilities - CVE-2020-2593: Normalize normalization for all - CVE-2020-2601: Better Ticket Granting Services - CVE-2020-2604: Better serial filter handling - CVE-2020-2659: Enhance datagram socket support - CVE-2020-2654: Improve Object Identifier Processing Important SUSE bug 1160968 CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2659 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ipmitool fixes the following issues: - CVE-2020-5208: Fixed multiple remote code executtion vulnerabilities (bsc#1163026). - picmg discover messages are now DEBUG and not INFO messages (bsc#1085469). Important SUSE bug 1085469 SUSE bug 1163026 CVE-2020-5208 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for tomcat to version 9.0.31 fixes the following issues: Security issues fixed: - CVE-2019-10072: Fixed a denial-of-service that could have been caused by clients omitting WINDOW_UPDATE messages in HTTP/2 streams (bsc#1139924). - CVE-2019-12418: Fixed a local privilege escalation by manipulating the RMI registry (bsc#1159723). - CVE-2019-17563: Fixed a session fixation attack when using FORM authentication (bsc#1159729). - CVE-2019-17569: Fixed a regression in the handling of Transfer-Encoding headers that would have allowed HTTP Request Smuggling (bsc#1164825). - CVE-2020-1935: Fixed an HTTP Request Smuggling issue (bsc#1164860). - CVE-2020-1938: Fixed a file contents disclosure vulnerability (bsc#1164692). Important SUSE bug 1139924 SUSE bug 1159723 SUSE bug 1159729 SUSE bug 1164692 SUSE bug 1164825 SUSE bug 1164860 CVE-2019-10072 CVE-2019-12418 CVE-2019-17563 CVE-2019-17569 CVE-2020-1935 CVE-2020-1938 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for squid fixes the following issues: - CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway (bsc#1162689). - CVE-2019-12526: Fixed potential remote code execution during URN processing (bsc#1156326). - CVE-2019-12523,CVE-2019-18676: Fixed multiple improper validations in URI processing (bsc#1156329). - CVE-2019-18677: Fixed Cross-Site Request Forgery in HTTP Request processing (bsc#1156328). - CVE-2019-18678: Fixed incorrect message parsing which could have led to HTTP request splitting issue (bsc#1156323). - CVE-2019-18679: Fixed information disclosure when processing HTTP Digest Authentication (bsc#1156324). - CVE-2020-8449: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). - CVE-2020-8450: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). - CVE-2020-8517: Fixed a buffer overflow in ext_lm_group_acl when processing NTLM Authentication credentials (bsc#1162691). Important SUSE bug 1156323 SUSE bug 1156324 SUSE bug 1156326 SUSE bug 1156328 SUSE bug 1156329 SUSE bug 1162687 SUSE bug 1162689 SUSE bug 1162691 CVE-2019-12523 CVE-2019-12526 CVE-2019-12528 CVE-2019-18676 CVE-2019-18677 CVE-2019-18678 CVE-2019-18679 CVE-2020-8449 CVE-2020-8450 CVE-2020-8517 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 68.4.1 ESR * Fixed: Security fix MFSA 2020-03 (bsc#1160498) * CVE-2019-17026 (bmo#1607443) IonMonkey type confusion with StoreElementHole and FallibleStoreElement - Firefox Extended Support Release 68.4.0 ESR * Fixed: Various security fixes MFSA 2020-02 (bsc#1160305) * CVE-2019-17015 (bmo#1599005) Memory corruption in parent process during new content process initialization on Windows * CVE-2019-17016 (bmo#1599181) Bypass of @namespace CSS sanitization during pasting * CVE-2019-17017 (bmo#1603055) Type Confusion in XPCVariant.cpp * CVE-2019-17021 (bmo#1599008) Heap address disclosure in parent process during content process initialization on Windows * CVE-2019-17022 (bmo#1602843) CSS sanitization does not escape HTML tags * CVE-2019-17024 (bmo#1507180, bmo#1595470, bmo#1598605, bmo#1601826) Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 Important SUSE bug 1160305 SUSE bug 1160498 CVE-2019-17015 CVE-2019-17016 CVE-2019-17017 CVE-2019-17021 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ovmf fixes the following issues: Security issues fixed: - CVE-2019-14563: Fixed a memory corruption caused by insufficient numeric truncation (bsc#1163959). - CVE-2019-14553: Fixed the TLS certification verification in HTTPS-over-IPv6 boot sequences (bsc#1153072). - CVE-2019-14559: Fixed a remotely exploitable memory leak in the ARP handling code (bsc#1163927). - CVE-2019-14575: Fixed an insufficient signature check in the DxeImageVerificationHandler (bsc#1163969). - Enabled HTTPS-over-IPv6 (bsc#1153072). Low SUSE bug 1153072 SUSE bug 1163927 SUSE bug 1163959 SUSE bug 1163969 CVE-2019-14553 CVE-2019-14559 CVE-2019-14563 CVE-2019-14575 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for apache2-mod_auth_openidc fixes the following issues: - CVE-2019-20479: Fixed an open redirect issue in URLs with slash and backslash (bsc#1164459). Moderate SUSE bug 1164459 CVE-2019-20479 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for postgresql10 fixes the following issues: PostgreSQL was updated to version 10.12. Security issue fixed: - CVE-2020-1720: Fixed a missing authorization check in the ALTER ... DEPENDS ON extension (bsc#1163985). Low SUSE bug 1163985 CVE-2020-1720 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: MozillaFirefox was updated to 68.6.0 ESR (MFSA 2020-09 bsc#1132665 bsc#1166238) - CVE-2020-6805: Fixed a use-after-free when removing data about origins - CVE-2020-6806: Fixed improper protections against state confusion - CVE-2020-6807: Fixed a use-after-free in cubeb during stream destruction - CVE-2020-6811: Fixed an issue where copy as cURL' feature did not fully escape website-controlled data potentially leading to command injection - CVE-2019-20503: Fixed out of bounds reads in sctp_load_addresses_from_init - CVE-2020-6812: Fixed an issue where the names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission - CVE-2020-6814: Fixed multiple memory safety bugs - Fixed an issue with minimizing a window (bsc#1132665). Important SUSE bug 1132665 SUSE bug 1166238 CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libzypp fixes the following issues: Security issue fixed: - CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763). Moderate SUSE bug 1158763 CVE-2019-18900 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python-cffi, python-cryptography fixes the following issues: Security issue fixed: - CVE-2018-10903: Fixed GCM tag forgery via truncated tag in finalize_with_tag API (bsc#1101820). Non-security issues fixed: python-cffi was updated to 1.11.2 (bsc#1138748, jsc#ECO-1256, jsc#PM-1598): - fixed a build failure on i586 (bsc#1111657) - Salt was unable to highstate in snapshot 20171129 (bsc#1070737) - Update pytest in spec to add c directory tests in addition to testing directory. - update to version 1.11.2: * Fix Windows issue with managing the thread-state on CPython 3.0 to 3.5 - Update pytest in spec to add c directory tests in addition to testing directory. - Omit test_init_once_multithread tests as they rely on multiple threads finishing in a given time. Returns sporadic pass/fail within build. - Update to 1.11.1: * Fix tests, remove deprecated C API usage * Fix (hack) for 3.6.0/3.6.1/3.6.2 giving incompatible binary extensions (cpython issue #29943) * Fix for 3.7.0a1+ - Update to 1.11.0: * Support the modern standard types char16_t and char32_t. These work like wchar_t: they represent one unicode character, or when used as charN_t * or charN_t[] they represent a unicode string. The difference with wchar_t is that they have a known, fixed size. They should work at all places that used to work with wchar_t (please report an issue if I missed something). Note that with set_source(), you need to make sure that these types are actually defined by the C source you provide (if used in cdef()). * Support the C99 types float _Complex and double _Complex. Note that libffi doesn't support them, which means that in the ABI mode you still cannot call C functions that take complex numbers directly as arguments or return type. * Fixed a rare race condition when creating multiple FFI instances from multiple threads. (Note that you aren't meant to create many FFI instances: in inline mode, you should write ffi = cffi.FFI() at module level just after import cffi; and in out-of-line mode you don't instantiate FFI explicitly at all.) * Windows: using callbacks can be messy because the CFFI internal error messages show up to stderr-but stderr goes nowhere in many applications. This makes it particularly hard to get started with the embedding mode. (Once you get started, you can at least use @ffi.def_extern(onerror=...) and send the error logs where it makes sense for your application, or record them in log files, and so on.) So what is new in CFFI is that now, on Windows CFFI will try to open a non-modal MessageBox (in addition to sending raw messages to stderr). The MessageBox is only visible if the process stays alive: typically, console applications that crash close immediately, but that is also the situation where stderr should be visible anyway. * Progress on support for callbacks in NetBSD. * Functions returning booleans would in some case still return 0 or 1 instead of False or True. Fixed. * ffi.gc() now takes an optional third parameter, which gives an estimate of the size (in bytes) of the object. So far, this is only used by PyPy, to make the next GC occur more quickly (issue #320). In the future, this might have an effect on CPython too (provided the CPython issue 31105 is addressed). * Add a note to the documentation: the ABI mode gives function objects that are slower to call than the API mode does. For some reason it is often thought to be faster. It is not! - Update to 1.10.1: * Fixed the line numbers reported in case of cdef() errors. Also, I just noticed, but pycparser always supported the preprocessor directive # 42 'foo.h' to mean 'from the next line, we're in file foo.h starting from line 42';, which it puts in the error messages. - update to 1.10.0: * Issue #295: use calloc() directly instead of PyObject_Malloc()+memset() to handle ffi.new() with a default allocator. Speeds up ffi.new(large-array) where most of the time you never touch most of the array. * Some OS/X build fixes ('only with Xcode but without CLT';). * Improve a couple of error messages: when getting mismatched versions of cffi and its backend; and when calling functions which cannot be called with libffi because an argument is a struct that is 'too complicated'; (and not a struct pointer, which always works). * Add support for some unusual compilers (non-msvc, non-gcc, non-icc, non-clang) * Implemented the remaining cases for ffi.from_buffer. Now all buffer/memoryview objects can be passed. The one remaining check is against passing unicode strings in Python 2. (They support the buffer interface, but that gives the raw bytes behind the UTF16/UCS4 storage, which is most of the times not what you expect. In Python 3 this has been fixed and the unicode strings don't support the memoryview interface any more.) * The C type _Bool or bool now converts to a Python boolean when reading, instead of the content of the byte as an integer. The potential incompatibility here is what occurs if the byte contains a value different from 0 and 1. Previously, it would just return it; with this change, CFFI raises an exception in this case. But this case means 'undefined behavior'; in C; if you really have to interface with a library relying on this, don't use bool in the CFFI side. Also, it is still valid to use a byte string as initializer for a bool[], but now it must only contain \x00 or \x01. As an aside, ffi.string() no longer works on bool[] (but it never made much sense, as this function stops at the first zero). * ffi.buffer is now the name of cffi's buffer type, and ffi.buffer() works like before but is the constructor of that type. * ffi.addressof(lib, 'name') now works also in in-line mode, not only in out-of-line mode. This is useful for taking the address of global variables. * Issue #255: cdata objects of a primitive type (integers, floats, char) are now compared and ordered by value. For example, <cdata 'int' 42> compares equal to 42 and <cdata 'char' b'A'> compares equal to b'A'. Unlike C, <cdata 'int' -1> does not compare equal to ffi.cast('unsigned int', -1): it compares smaller, because -1 < 4294967295. * PyPy: ffi.new() and ffi.new_allocator()() did not record 'memory pressure';, causing the GC to run too infrequently if you call ffi.new() very often and/or with large arrays. Fixed in PyPy 5.7. * Support in ffi.cdef() for numeric expressions with + or -. Assumes that there is no overflow; it should be fixed first before we add more general support for arbitrary arithmetic on constants. - do not generate HTML documentation for packages that are indirect dependencies of Sphinx (see docs at https://cffi.readthedocs.org/ ) - update to 1.9.1 - Structs with variable-sized arrays as their last field: now we track the length of the array after ffi.new() is called, just like we always tracked the length of ffi.new('int[]', 42). This lets us detect out-of-range accesses to array items. This also lets us display a better repr(), and have the total size returned by ffi.sizeof() and ffi.buffer(). Previously both functions would return a result based on the size of the declared structure type, with an assumed empty array. (Thanks andrew for starting this refactoring.) - Add support in cdef()/set_source() for unspecified-length arrays in typedefs: typedef int foo_t[...];. It was already supported for global variables or structure fields. - I turned in v1.8 a warning from cffi/model.py into an error: 'enum xxx' has no values explicitly defined: refusing to guess which integer type it is meant to be (unsigned/signed, int/long). Now I'm turning it back to a warning again; it seems that guessing that the enum has size int is a 99%-safe bet. (But not 100%, so it stays as a warning.) - Fix leaks in the code handling FILE * arguments. In CPython 3 there is a remaining issue that is hard to fix: if you pass a Python file object to a FILE * argument, then os.dup() is used and the new file descriptor is only closed when the GC reclaims the Python file object-and not at the earlier time when you call close(), which only closes the original file descriptor. If this is an issue, you should avoid this automatic convertion of Python file objects: instead, explicitly manipulate file descriptors and call fdopen() from C (...via cffi). - When passing a void * argument to a function with a different pointer type, or vice-versa, the cast occurs automatically, like in C. The same occurs for initialization with ffi.new() and a few other places. However, I thought that char * had the same property-but I was mistaken. In C you get the usual warning if you try to give a char * to a char ** argument, for example. Sorry about the confusion. This has been fixed in CFFI by giving for now a warning, too. It will turn into an error in a future version. - Issue #283: fixed ffi.new() on structures/unions with nested anonymous structures/unions, when there is at least one union in the mix. When initialized with a list or a dict, it should now behave more closely like the { } syntax does in GCC. - CPython 3.x: experimental: the generated C extension modules now use the 'limited API';, which means that, as a compiled .so/.dll, it should work directly on any version of CPython >= 3.2. The name produced by distutils is still version-specific. To get the version-independent name, you can rename it manually to NAME.abi3.so, or use the very recent setuptools 26. - Added ffi.compile(debug=...), similar to python setup.py build --debug but defaulting to True if we are running a debugging version of Python itself. - Removed the restriction that ffi.from_buffer() cannot be used on byte strings. Now you can get a char * out of a byte string, which is valid as long as the string object is kept alive. (But don't use it to modify the string object! If you need this, use bytearray or other official techniques.) - PyPy 5.4 can now pass a byte string directly to a char * argument (in older versions, a copy would be made). This used to be a CPython-only optimization. - ffi.gc(p, None) removes the destructor on an object previously created by another call to ffi.gc() - bool(ffi.cast('primitive type', x)) now returns False if the value is zero (including -0.0), and True otherwise. Previously this would only return False for cdata objects of a pointer type when the pointer is NULL. - bytearrays: ffi.from_buffer(bytearray-object) is now supported. (The reason it was not supported was that it was hard to do in PyPy, but it works since PyPy 5.3.) To call a C function with a char * argument from a buffer object-now including bytearrays-you write lib.foo(ffi.from_buffer(x)). Additionally, this is now supported: p[0:length] = bytearray-object. The problem with this was that a iterating over bytearrays gives numbers instead of characters. (Now it is implemented with just a memcpy, of course, not actually iterating over the characters.) - C++: compiling the generated C code with C++ was supposed to work, but failed if you make use the bool type (because that is rendered as the C _Bool type, which doesn't exist in C++). - help(lib) and help(lib.myfunc) now give useful information, as well as dir(p) where p is a struct or pointer-to-struct. - update for multipython build - disable 'negative left shift' warning in test suite to prevent failures with gcc6, until upstream fixes the undefined code in question (bsc#981848) - Update to version 1.6.0: * ffi.list_types() * ffi.unpack() * extern 'Python+C'; * in API mode, lib.foo.__doc__ contains the C signature now. * Yet another attempt at robustness of ffi.def_extern() against CPython's interpreter shutdown logic. - Update in SLE-12 (bsc#1138748, jsc#ECO-1256, jsc#PM-1598) - Make this version of the package compatible with OpenSSL 1.1.1d, thus fixing bsc#1149792. - bsc#1101820 CVE-2018-10903 GCM tag forgery via truncated tag in finalize_with_tag API - Add proper conditional for the python2, the ifpython works only for the requires/etc - add missing dependency on python ssl - update to version 2.1.4: * Added X509_up_ref for an upcoming pyOpenSSL release. - update to version 2.1.3: * Updated Windows, macOS, and manylinux1 wheels to be compiled with OpenSSL 1.1.0g. - update to version 2.1.2: * Corrected a bug with the manylinux1 wheels where OpenSSL's stack was marked executable. - fix BuildRequires conditions for python3 - update to 2.1.1 - Fix cffi version requirement. - Disable memleak tests to fix build with OpenSSL 1.1 (bsc#1055478) - update to 2.0.3 - update to 2.0.2 - update to 2.0 - update to 1.9 - add python-packaging to requirements explicitly instead of relying on setuptools to pull it in - Switch to singlespec approach - update to 1.8.1 - Adust Requires and BuildRequires Moderate SUSE bug 1055478 SUSE bug 1070737 SUSE bug 1101820 SUSE bug 1111657 SUSE bug 1138748 SUSE bug 1149792 SUSE bug 981848 CVE-2018-10903 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for spamassassin fixes the following issues: - CVE-2018-11805: Fixed an issue with delimiter handling in rule files related to is_regexp_valid() (bsc#1118987). - CVE-2020-1930: Fixed an issue with rule configuration (.cf) files which can be configured to run system commands (bsc#1162197). - CVE-2020-1931: Fixed an issue with rule configuration (.cf) files which can be configured to run system commands with warnings (bsc#1162200). Important SUSE bug 1118987 SUSE bug 1162197 SUSE bug 1162200 CVE-2018-11805 CVE-2020-1930 CVE-2020-1931 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for glibc fixes the following issues: - CVE-2020-1752: Fixed a use after free in glob which could have allowed a local attacker to create a specially crafted path that, when processed by the glob function, could potentially have led to arbitrary code execution (bsc#1167631). - CVE-2020-1751: Fixed an array overflow in backtrace for PowerPC (bsc#1158996). - CVE-2020-10029: Fixed a stack buffer overflow during range reduction (bsc#1165784). - Use 'posix_spawn' on popen preventing crash caused by 'subprocess'. (bsc#1149332, BZ #22834) - Fix handling of needles crossing a page, preventing incorrect results to return during the cross page boundary search. (bsc#1157893, BZ #25226) Important SUSE bug 1149332 SUSE bug 1157893 SUSE bug 1158996 SUSE bug 1165784 SUSE bug 1167631 CVE-2020-10029 CVE-2020-1751 CVE-2020-1752 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for memcached fixes the following issues: Security issue fixed: - CVE-2019-11596: Fixed a NULL pointer dereference in process_lru_command (bsc#1133817). - CVE-2019-15026: Fixed a stack-based buffer over-read (bsc#1149110). Moderate SUSE bug 1133817 SUSE bug 1149110 CVE-2019-11596 CVE-2019-15026 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for mgetty fixes the following issues: - CVE-2019-1010190: Fixed a denial of service which could be caused by a local attacker in putwhitespan() (bsc#1142770). Moderate SUSE bug 1142770 CVE-2019-1010190 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for python3 fixes the following issue: - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen(). Now an InvalidURL exception is raised (bsc#1155094). - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825). - CVE-2020-8492: Fixed a regular expression in urllib that was prone to denial of service via HTTP (bsc#1162367). - Fixed an issue with version missmatch (bsc#1162224). - Rename idle icons to idle3 in order to not conflict with python2 variant of the package. (bsc#1165894) Moderate SUSE bug 1155094 SUSE bug 1162224 SUSE bug 1162367 SUSE bug 1162825 SUSE bug 1165894 CVE-2019-18348 CVE-2019-9674 CVE-2020-8492 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for exiv2 fixes the following issues: - CVE-2018-17581: Fixed an excessive stack consumption in CiffDirectory:readDirectory() which might have led to denial of service (bsc#1110282). - CVE-2019-13110: Fixed an integer overflow and an out of bounds read in CiffDirectory:readDirectory which might have led to denial of service (bsc#1142678). - CVE-2019-13113: Fixed a potential denial of service via an invalid data location in a CRW image (bsc#1142683). - CVE-2019-17402: Fixed an improper validation of the relationship of the total size to the offset and size in Exiv2::getULong (bsc#1153577). - CVE-2019-20421: Fixed an infinite loop triggered via an input file (bsc#1161901). - CVE-2017-9239: Fixed a segmentation fault in TiffImageEntry::doWriteImage function (bsc#1040973). Moderate SUSE bug 1040973 SUSE bug 1110282 SUSE bug 1142678 SUSE bug 1142683 SUSE bug 1153577 SUSE bug 1161901 CVE-2017-9239 CVE-2018-17581 CVE-2019-13110 CVE-2019-13113 CVE-2019-17402 CVE-2019-20421 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.47.1: Security issues fixed: - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). - CVE-2019-11745: EncryptUpdate should use maxout, not block size (bsc#1158527). - CVE-2019-11727: Fixed vulnerability sign CertificateVerify with PKCS#1 v1.5 signatures issue (bsc#1141322). mozilla-nspr was updated to version 4.23: - Whitespace in C files was cleaned up and no longer uses tab characters for indenting. Moderate SUSE bug 1141322 SUSE bug 1158527 SUSE bug 1159819 CVE-2019-11745 CVE-2019-17006 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libpng12 fixes the following issues: Security issue fixed: - CVE-2017-12652: Fixed an Input Validation Error related to the length of chunks (bsc#1141493). Moderate SUSE bug 1141493 CVE-2017-12652 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for libxslt fixes the following issue: - CVE-2019-18197: Fixed a dangling pointer in xsltCopyText which may have led to information disclosure (bsc#1154609). Moderate SUSE bug 1154609 CVE-2019-18197 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox fixes the following issues: - Mozilla Firefox 68.6.1esr MFSA 2020-11 (bsc#1168630) * CVE-2020-6819 (bmo#1620818) Use-after-free while running the nsDocShell destructor * CVE-2020-6820 (bmo#1626728) Use-after-free when handling a ReadableStream Important SUSE bug 1168630 CVE-2020-6819 CVE-2020-6820 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for vino fixes the following issues: - CVE-2019-15681: Fixed a memory leak which could have allowed to a remote attacker to read stack memory (bsc#1155419). Moderate SUSE bug 1155419 CVE-2019-15681 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for ceph fixes the following issues: - CVE-2020-1760: Fixed XSS due to RGW GetObject header-splitting (bsc#1166484). Important SUSE bug 1166484 CVE-2020-1760 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for djvulibre fixes the following issues: - CVE-2019-18804: Fixed a null pointer dereference (bsc#1156188). Low SUSE bug 1156188 CVE-2019-18804 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for MozillaFirefox to version 68.7.0 ESR fixes the following issues: - CVE-2020-6821: Uninitialized memory could be read when using the WebGL copyTexSubImage method (bsc#1168874). - CVE-2020-6822: Fixed out of bounds write in GMPDecodeData when processing large images (bsc#1168874). - CVE-2020-6825: Fixed Memory safety bugs (bsc#1168874). - CVE-2020-6827: Custom Tabs could have the URI spoofed (bsc#1168874). - CVE-2020-6828: Preference overwrite via crafted Intent (bsc#1168874). Important SUSE bug 1168874 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825 CVE-2020-6827 CVE-2020-6828 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for openssl-1_1 fixes the following issues: Security issue fixed: - CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). - CVE-2019-1563: Fixed bleichenbacher attack against cms/pkcs7 encryptioon transported key (bsc#1150250). - CVE-2019-1551: Fixed integer overflow in RSAZ modular exponentiation on x86_64 (bsc#1158809). - CVE-2019-1549: Fixed fork problem with random generator (bsc#1150247). - CVE-2019-1547: Fixed EC_GROUP_set_generator side channel attack avoidance (bsc#1150003). Bug fixes: - Ship the openssl 1.1.1 binary as openssl-1_1, and make it installable in parallel with the system openssl (bsc#1140277). - Update to 1.1.1d (bsc#1133925, jsc#SLE-6430). Moderate SUSE bug 1133925 SUSE bug 1140277 SUSE bug 1150003 SUSE bug 1150247 SUSE bug 1150250 SUSE bug 1158809 CVE-2019-1547 CVE-2019-1549 CVE-2019-1551 CVE-2019-1563 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 This update for git fixes the following issues: Security issue fixed: - CVE-2020-5260: With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host (bsc#1168930). Non-security issue fixed: git was updated to 2.26.0 for SHA256 support (bsc#1167890, jsc#SLE-11608): - the xinetd snippet was removed - the System V init script for the git-daemon was replaced by a systemd service file of the same name. git 2.26.0: * 'git rebase' now uses a different backend that is based on the 'merge' machinery by default. The 'rebase.backend' configuration variable reverts to old behaviour when set to 'apply' * Improved handling of sparse checkouts * Improvements to many commands and internal features git 2.25.1: * 'git commit' now honors advise.statusHints * various updates, bug fixes and documentation updates git 2.25.0: * The branch description ('git branch --edit-description') has been used to fill the body of the cover letters by the format-patch command; this has been enhanced so that the subject can also be filled. * A few commands learned to take the pathspec from the standard input or a named file, instead of taking it as the command line arguments, with the '--pathspec-from-file' option. * Test updates to prepare for SHA-2 transition continues. * Redo 'git name-rev' to avoid recursive calls. * When all files from some subdirectory were renamed to the root directory, the directory rename heuristics would fail to detect that as a rename/merge of the subdirectory to the root directory, which has been corrected. * HTTP transport had possible allocator/deallocator mismatch, which has been corrected. git 2.24.1: * CVE-2019-1348: The --export-marks option of fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths (bsc#1158785) * CVE-2019-1349: on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice (bsc#1158787) * CVE-2019-1350: Incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs (bsc#1158788) * CVE-2019-1351: on Windows mistakes drive letters outside of the US-English alphabet as relative paths (bsc#1158789) * CVE-2019-1352: on Windows was unaware of NTFS Alternate Data Streams (bsc#1158790) * CVE-2019-1353: when run in the Windows Subsystem for Linux while accessing a working directory on a regular Windows drive, none of the NTFS protections were active (bsc#1158791) * CVE-2019-1354: on Windows refuses to write tracked files with filenames that contain backslashes (bsc#1158792) * CVE-2019-1387: Recursive clones vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones (bsc#1158793) * CVE-2019-19604: a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that (bsc#1158795) - Fix building with asciidoctor and without DocBook4 stylesheets. git 2.24.0 * The command line parser learned '--end-of-options' notation. * A mechanism to affect the default setting for a (related) group of configuration variables is introduced. * 'git fetch' learned '--set-upstream' option to help those who first clone from their private fork they intend to push to, add the true upstream via 'git remote add' and then 'git fetch' from it. * fixes and improvements to UI, workflow and features, bash completion fixes * part of it merged upstream * the Makefile attempted to download some documentation, banned git 2.23.0: * The '--base' option of 'format-patch' computed the patch-ids for prerequisite patches in an unstable way, which has been updated to compute in a way that is compatible with 'git patch-id --stable'. * The 'git log' command by default behaves as if the --mailmap option was given. * fixes and improvements to UI, workflow and features git 2.22.1: * A relative pathname given to 'git init --template=<path> <repo>' ought to be relative to the directory 'git init' gets invoked in, but it instead was made relative to the repository, which has been corrected. * 'git worktree add' used to fail when another worktree connected to the same repository was corrupt, which has been corrected. * 'git am -i --resolved' segfaulted after trying to see a commit as if it were a tree, which has been corrected. * 'git merge --squash' is designed to update the working tree and the index without creating the commit, and this cannot be countermanded by adding the '--commit' option; the command now refuses to work when both options are given. * Update to Unicode 12.1 width table. * 'git request-pull' learned to warn when the ref we ask them to pull from in the local repository and in the published repository are different. * 'git fetch' into a lazy clone forgot to fetch base objects that are necessary to complete delta in a thin packfile, which has been corrected. * The URL decoding code has been updated to avoid going past the end of the string while parsing %-<hex>-<hex> sequence. * 'git clean' silently skipped a path when it cannot lstat() it; now it gives a warning. * 'git rm' to resolve a conflicted path leaked an internal message 'needs merge' before actually removing the path, which was confusing. This has been corrected. * Many more bugfixes and code cleanups. - removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by firewalld, see [1]. [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html git 2.22.0: * The filter specification '--filter=sparse:path=<path>' used to create a lazy/partial clone has been removed. Using a blob that is part of the project as sparse specification is still supported with the '--filter=sparse:oid=<blob>' option * 'git checkout --no-overlay' can be used to trigger a new mode of checking out paths out of the tree-ish, that allows paths that match the pathspec that are in the current index and working tree and are not in the tree-ish. * Four new configuration variables {author,committer}.{name,email} have been introduced to override user.{name,email} in more specific cases. * 'git branch' learned a new subcommand '--show-current'. * The command line completion (in contrib/) has been taught to complete more subcommand parameters. * The completion helper code now pays attention to repository-local configuration (when available), which allows --list-cmds to honour a repository specific setting of completion.commands, for example. * The list of conflicted paths shown in the editor while concluding a conflicted merge was shown above the scissors line when the clean-up mode is set to 'scissors', even though it was commented out just like the list of updated paths and other information to help the user explain the merge better. * 'git rebase' that was reimplemented in C did not set ORIG_HEAD correctly, which has been corrected. * 'git worktree add' used to do a 'find an available name with stat and then mkdir', which is race-prone. This has been fixed by using mkdir and reacting to EEXIST in a loop. - update git-web AppArmor profile for bash and tar usrMerge (bsc#1132350) git 2.21.0: * Historically, the '-m' (mainline) option can only be used for 'git cherry-pick' and 'git revert' when working with a merge commit. This version of Git no longer warns or errors out when working with a single-parent commit, as long as the argument to the '-m' option is 1 (i.e. it has only one parent, and the request is to pick or revert relative to that first parent). Scripts that relied on the behaviour may get broken with this change. * Small fixes and features for fast-export and fast-import. * The 'http.version' configuration variable can be used with recent enough versions of cURL library to force the version of HTTP used to talk when fetching and pushing. * 'git push $there $src:$dst' rejects when $dst is not a fully qualified refname and it is not clear what the end user meant. * Update 'git multimail' from the upstream. * A new date format '--date=human' that morphs its output depending on how far the time is from the current time has been introduced. '--date=auto:human' can be used to use this new format (or any existing format) when the output is going to the pager or to the terminal, and otherwise the default format. - Fix worktree creation race (bsc#1114225). git 2.20.1: * portability fixes * 'git help -a' did not work well when an overly long alias was defined * no longer squelched an error message when the run_command API failed to run a missing command git 2.20.0: * 'git help -a' now gives verbose output (same as 'git help -av'). Those who want the old output may say 'git help --no-verbose -a'.. * 'git send-email' learned to grab address-looking string on any trailer whose name ends with '-by'. * 'git format-patch' learned new '--interdiff' and '--range-diff' options to explain the difference between this version and the previous attempt in the cover letter (or after the three-dashes as a comment). * Developer builds now use -Wunused-function compilation option. * Fix a bug in which the same path could be registered under multiple worktree entries if the path was missing (for instance, was removed manually). Also, as a convenience, expand the number of cases in which --force is applicable. * The overly large Documentation/config.txt file have been split into million little pieces. This potentially allows each individual piece to be included into the manual page of the command it affects more easily. * Malformed or crafted data in packstream can make our code attempt to read or write past the allocated buffer and abort, instead of reporting an error, which has been fixed. * Fix for a long-standing bug that leaves the index file corrupt when it shrinks during a partial commit. * 'git merge' and 'git pull' that merges into an unborn branch used to completely ignore '--verify-signatures', which has been corrected. * ...and much more features and fixes - fix CVE-2018-19486 (bsc#1117257) git 2.19.2: * various bug fixes for multiple subcommands and operations git 2.19.1: * CVE-2018-17456: Specially crafted .gitmodules files may have allowed arbitrary code execution when the repository is cloned with --recurse-submodules (bsc#1110949) git 2.19.0: * 'git diff' compares the index and the working tree. For paths added with intent-to-add bit, the command shows the full contents of them as added, but the paths themselves were not marked as new files. They are now shown as new by default. * 'git apply' learned the '--intent-to-add' option so that an otherwise working-tree-only application of a patch will add new paths to the index marked with the 'intent-to-add' bit. * 'git grep' learned the '--column' option that gives not just the line number but the column number of the hit. * The '-l' option in 'git branch -l' is an unfortunate short-hand for '--create-reflog', but many users, both old and new, somehow expect it to be something else, perhaps '--list'. This step warns when '-l' is used as a short-hand for '--create-reflog' and warns about the future repurposing of the it when it is used. * The userdiff pattern for .php has been updated. * The content-transfer-encoding of the message 'git send-email' sends out by default was 8bit, which can cause trouble when there is an overlong line to bust RFC 5322/2822 limit. A new option 'auto' to automatically switch to quoted-printable when there is such a line in the payload has been introduced and is made the default. * 'git checkout' and 'git worktree add' learned to honor checkout.defaultRemote when auto-vivifying a local branch out of a remote tracking branch in a repository with multiple remotes that have tracking branches that share the same names. (merge 8d7b558bae ab/checkout-default-remote later to maint). * 'git grep' learned the '--only-matching' option. * 'git rebase --rebase-merges' mode now handles octopus merges as well. * Add a server-side knob to skip commits in exponential/fibbonacci stride in an attempt to cover wider swath of history with a smaller number of iterations, potentially accepting a larger packfile transfer, instead of going back one commit a time during common ancestor discovery during the 'git fetch' transaction. (merge 42cc7485a2 jt/fetch-negotiator-skipping later to maint). * A new configuration variable core.usereplacerefs has been added, primarily to help server installations that want to ignore the replace mechanism altogether. * Teach 'git tag -s' etc. a few configuration variables (gpg.format that can be set to 'openpgp' or 'x509', and gpg.<format>.program that is used to specify what program to use to deal with the format) to allow x.509 certs with CMS via 'gpgsm' to be used instead of openpgp via 'gnupg'. * Many more strings are prepared for l10n. * 'git p4 submit' learns to ask its own pre-submit hook if it should continue with submitting. * The test performed at the receiving end of 'git push' to prevent bad objects from entering repository can be customized via receive.fsck.* configuration variables; we now have gained a counterpart to do the same on the 'git fetch' side, with fetch.fsck.* configuration variables. * 'git pull --rebase=interactive' learned 'i' as a short-hand for 'interactive'. * 'git instaweb' has been adjusted to run better with newer Apache on RedHat based distros. * 'git range-diff' is a reimplementation of 'git tbdiff' that lets us compare individual patches in two iterations of a topic. * The sideband code learned to optionally paint selected keywords at the beginning of incoming lines on the receiving end. * 'git branch --list' learned to take the default sort order from the 'branch.sort' configuration variable, just like 'git tag --list' pays attention to 'tag.sort'. * 'git worktree' command learned '--quiet' option to make it less verbose. git 2.18.0: * improvements to rename detection logic * When built with more recent cURL, GIT_SSL_VERSION can now specify 'tlsv1.3' as its value. * 'git mergetools' learned talking to guiffy. * various other workflow improvements and fixes * performance improvements and other developer visible fixes Update to git 2.16.4: security fix release git 2.17.1: * Submodule 'names' come from the untrusted .gitmodules file, but we blindly append them to $GIT_DIR/modules to create our on-disk repo paths. This means you can do bad things by putting '../' into the name. We now enforce some rules for submodule names which will cause Git to ignore these malicious names (CVE-2018-11235, bsc#1095219) * It was possible to trick the code that sanity-checks paths on NTFS into reading random piece of memory (CVE-2018-11233, bsc#1095218) * Support on the server side to reject pushes to repositories that attempt to create such problematic .gitmodules file etc. as tracked contents, to help hosting sites protect their customers by preventing malicious contents from spreading. git 2.17.0: * 'diff' family of commands learned '--find-object=<object-id>' option to limit the findings to changes that involve the named object. * 'git format-patch' learned to give 72-cols to diffstat, which is consistent with other line length limits the subcommand uses for its output meant for e-mails. * The log from 'git daemon' can be redirected with a new option; one relevant use case is to send the log to standard error (instead of syslog) when running it from inetd. * 'git rebase' learned to take '--allow-empty-message' option. * 'git am' has learned the '--quit' option, in addition to the existing '--abort' option; having the pair mirrors a few other commands like 'rebase' and 'cherry-pick'. * 'git worktree add' learned to run the post-checkout hook, just like 'git clone' runs it upon the initial checkout. * 'git tag' learned an explicit '--edit' option that allows the message given via '-m' and '-F' to be further edited. * 'git fetch --prune-tags' may be used as a handy short-hand for getting rid of stale tags that are locally held. * The new '--show-current-patch' option gives an end-user facing way to get the diff being applied when 'git rebase' (and 'git am') stops with a conflict. * 'git add -p' used to offer '/' (look for a matching hunk) as a choice, even there was only one hunk, which has been corrected. Also the single-key help is now given only for keys that are enabled (e.g. help for '/' won't be shown when there is only one hunk). * Since Git 1.7.9, 'git merge' defaulted to --no-ff (i.e. even when the side branch being merged is a descendant of the current commit, create a merge commit instead of fast-forwarding) when merging a tag object. This was appropriate default for integrators who pull signed tags from their downstream contributors, but caused an unnecessary merges when used by downstream contributors who habitually 'catch up' their topic branches with tagged releases from the upstream. Update 'git merge' to default to --no-ff only when merging a tag object that does *not* sit at its usual place in refs/tags/ hierarchy, and allow fast-forwarding otherwise, to mitigate the problem. * 'git status' can spend a lot of cycles to compute the relation between the current branch and its upstream, which can now be disabled with '--no-ahead-behind' option. * 'git diff' and friends learned funcname patterns for Go language source files. * 'git send-email' learned '--reply-to=<address>' option. * Funcname pattern used for C# now recognizes 'async' keyword. * In a way similar to how 'git tag' learned to honor the pager setting only in the list mode, 'git config' learned to ignore the pager setting when it is used for setting values (i.e. when the purpose of the operation is not to 'show'). - Use %license instead of %doc [bsc#1082318] git 2.16.3: * 'git status' after moving a path in the working tree (hence making it appear 'removed') and then adding with the -N option (hence making that appear 'added') detected it as a rename, but did not report the old and new pathnames correctly. * 'git commit --fixup' did not allow '-m<message>' option to be used at the same time; allow it to annotate resulting commit with more text. * When resetting the working tree files recursively, the working tree of submodules are now also reset to match. * Fix for a commented-out code to adjust it to a rather old API change around object ID. * When there are too many changed paths, 'git diff' showed a warning message but in the middle of a line. * The http tracing code, often used to debug connection issues, learned to redact potentially sensitive information from its output so that it can be more safely sharable. * Crash fix for a corner case where an error codepath tried to unlock what it did not acquire lock on. * The split-index mode had a few corner case bugs fixed. * Assorted fixes to 'git daemon'. * Completion of 'git merge -s<strategy>' (in contrib/) did not work well in non-C locale. * Workaround for segfault with more recent versions of SVN. * Recently introduced leaks in fsck have been plugged. * Travis CI integration now builds the executable in 'script' phase to follow the established practice, rather than during 'before_script' phase. This allows the CI categorize the failures better ('failed' is project's fault, 'errored' is build environment's). - Drop superfluous xinetd snippet, no longer used (bsc#1084460) - Build with asciidoctor for the recent distros (bsc#1075764) - Move %{?systemd_requires} to daemon subpackage - Create subpackage for libsecret credential helper. git 2.16.2: * An old regression in 'git describe --all $annotated_tag^0' has been fixed. * 'git svn dcommit' did not take into account the fact that a svn+ssh:// URL with a username@ (typically used for pushing) refers to the same SVN repository without the username@ and failed when svn.pushmergeinfo option is set. * 'git merge -Xours/-Xtheirs' learned to use our/their version when resolving a conflicting updates to a symbolic link. * 'git clone $there $here' is allowed even when here directory exists as long as it is an empty directory, but the command incorrectly removed it upon a failure of the operation. * 'git stash -- <pathspec>' incorrectly blew away untracked files in the directory that matched the pathspec, which has been corrected. * 'git add -p' was taught to ignore local changes to submodules as they do not interfere with the partial addition of regular changes anyway. git 2.16.1: * 'git clone' segfaulted when cloning a project that happens to track two paths that differ only in case on a case insensitive filesystem git 2.16.0 (CVE-2017-15298, bsc#1063412): * See https://raw.github.com/git/git/master/Documentation/RelNotes/2.16.0.txt git 2.15.1: * fix 'auto' column output * fixes to moved lines diffing * documentation updates * fix use of repositories immediately under the root directory * improve usage of libsecret * fixes to various error conditions in git commands - Rewrite from sysv init to systemd unit file for git-daemon (bsc#1069803) - Replace references to /var/adm/fillup-templates with new %_fillupdir macro (bsc#1069468) - split off p4 to a subpackage (bsc#1067502) - Build with the external libsha1detectcoll (bsc#1042644) git 2.15.0: * Use of an empty string as a pathspec element that is used for 'everything matches' is still warned and Git asks users to use a more explicit '.' for that instead. Removal scheduled for 2.16 * Git now avoids blindly falling back to '.git' when the setup sequence said we are _not_ in Git repository (another corner case removed) * 'branch --set-upstream' was retired, deprecated since 1.8 * many other improvements and updates git 2.14.3: * git send-email understands more cc: formats * fixes so gitk --bisect * git commit-tree fixed to handle -F file alike * Prevent segfault in 'git cat-file --textconv' * Fix function header parsing for HTML * Various small fixes to user commands and and internal functions git 2.14.2: * fixes to color output * http.{sslkey,sslCert} now interpret '~[username]/' prefix * fixes to walking of reflogs via 'log -g' and friends * various fixes to output correctness * 'git push --recurse-submodules $there HEAD:$target' is now propagated down to the submodules * 'git clone --recurse-submodules --quiet' c$how propagates quiet option down to submodules. * 'git svn --localtime' correctness fixes * 'git grep -L' and 'git grep --quiet -L' now report same exit code * fixes to 'git apply' when converting line endings * Various Perl scripts did not use safe_pipe_capture() instead of backticks, leaving them susceptible to end-user input. CVE-2017-14867 bsc#1061041 * 'git cvsserver' no longer is invoked by 'git daemon' by default git 2.14.1 (bsc#1052481): * Security fix for CVE-2017-1000117: A malicious third-party can give a crafted 'ssh://...' URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running 'git clone --recurse-submodules' to trigger the vulnerability. * A 'ssh://...' URL can result in a 'ssh' command line with a hostname that begins with a dash '-', which would cause the 'ssh' command to instead (mis)treat it as an option. This is now prevented by forbidding such a hostname (which should not impact any real-world usage). * Similarly, when GIT_PROXY_COMMAND is configured, the command is run with host and port that are parsed out from 'ssh://...' URL; a poorly written GIT_PROXY_COMMAND could be tricked into treating a string that begins with a dash '-' as an option. This is now prevented by forbidding such a hostname and port number (again, which should not impact any real-world usage). * In the same spirit, a repository name that begins with a dash '-' is also forbidden now. git 2.14.0: * Use of an empty string as a pathspec element that is used for 'everything matches' is deprecated, use '.' * Avoid blindly falling back to '.git' when the setup sequence indicates operation not on a Git repository * 'indent heuristics' are now the default. * Builds with pcre2 * Many bug fixes, improvements and updates git 2.13.4: * Update the character width tables. * Fix an alias that contained an uppercase letter * Progress meter fixes * git gc concurrency fixes git 2.13.3: * various internal bug fixes * Fix a regression to 'git rebase -i' * Correct unaligned 32-bit access in pack-bitmap code * Tighten error checks for invalid 'git apply' input * The split index code did not honor core.sharedrepository setting correctly * Fix 'git branch --list' handling of color.branch.local git 2.13.2: * 'collision detecting' SHA-1 update for platform fixes * 'git checkout --recurse-submodules' did not quite work with a submodule that itself has submodules. * The 'run-command' API implementation has been made more robust against dead-locking in a threaded environment. * 'git clean -d' now only cleans ignored files with '-x' * 'git status --ignored' did not list ignored and untracked files without '-uall' * 'git pull --rebase --autostash' didn't auto-stash when the local history fast-forwards to the upstream. * 'git describe --contains' gives as much weight to lightweight tags as annotated tags * Fix 'git stash push <pathspec>' from a subdirectory git 2.13.1: * Setting 'log.decorate=false' in the configuration file did not take effect in v2.13, which has been corrected. * corrections to documentation and command help output * garbage collection fixes * memory leaks fixed * receive-pack now makes sure that the push certificate records the same set of push options used for pushing * shell completion corrections for git stash * fix 'git clone --config var=val' with empty strings * internal efficiency improvements * Update sha1 collision detection code for big-endian platforms and platforms not supporting unaligned fetches - Fix packaging of documentation git 2.13.0: * empty string as a pathspec element for 'everything matches' is still warned, for future removal. * deprecated argument order 'git merge <msg> HEAD <commit>...' was removed * default location '~/.git-credential-cache/socket' for the socket used to communicate with the credential-cache daemon moved to '~/.cache/git/credential/socket'. * now avoid blindly falling back to '.git' when the setup sequence indicated otherwise * many workflow features, improvements and bug fixes * add a hardened implementation of SHA1 in response to practical collision attacks (CVE-2005-4900, bsc#1042640) * CVE-2017-8386: On a server running git-shell as login shell to restrict user to git commands, remote users may have been able to have git service programs spawn an interactive pager and thus escape the shell restrictions. (bsc#1038395) Changes in pcre2: - Include the libraries, development and tools packages. git uses only libpcre2-8 so far, but this allows further application usage of pcre2. Important SUSE bug 1167890 SUSE bug 1168930 CVE-2020-5260 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53.1 - CVE-2020-12402: Fixed a potential side channel attack during RSA key generation (bsc#1173032). - CVE-2020-12399: Fixed a timing attack on DSA signature generation (bsc#1171978). - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). - Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony (bsc#1168669). - Fixed an issue where Firefox tab was crashing (bsc#1170908). Release notes: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53_release_notes mozilla-nspr to version 4.25 Important SUSE bug 1159819 SUSE bug 1168669 SUSE bug 1169746 SUSE bug 1170908 SUSE bug 1171978 SUSE bug 1173022 CVE-2019-17006 CVE-2020-12399 CVE-2020-12402 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for xen fixes the following issues: - CVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking (bsc#1173377). - CVE-2020-15565: Fixed insufficient cache write-back under VT-d (bsc#1173378). - CVE-2020-15566: Fixed incorrect error handling in event channel port allocation (bsc#1173376). - CVE-2020-15567: Fixed non-atomic modification of live EPT PTE (bsc#1173380). Important SUSE bug 1173376 SUSE bug 1173377 SUSE bug 1173378 SUSE bug 1173380 CVE-2020-15563 CVE-2020-15565 CVE-2020-15566 CVE-2020-15567 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox to version 78.0.1 ESR fixes the following issues: Security issues fixed: - CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing (bsc#1173576). - CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster (bsc#1173576). - CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 (bsc#1173576). - CVE-2020-12418: Information disclosure due to manipulated URL object (bsc#1173576). - CVE-2020-12419: Use-after-free in nsGlobalWindowInner (bsc#1173576). - CVE-2020-12420: Use-After-Free when trying to connect to a STUN server (bsc#1173576). - CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack (bsc#1173576). - CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates (bsc#1173576). - CVE-2020-12422: Integer overflow in nsJPEGEncoder::emptyOutputBuffer (bsc#1173576). - CVE-2020-12423: DLL Hijacking due to searching %PATH% for a library (bsc#1173576). - CVE-2020-12424: WebRTC permission prompt could have been bypassed by a compromised content process (bsc#1173576). - CVE-2020-12425: Out of bound read in Date.parse() (bsc#1173576). - CVE-2020-12426: Memory safety bugs fixed in Firefox 78 (bsc#1173576). - FIPS: MozillaFirefox: allow /proc/sys/crypto/fips_enabled (bsc#1167231). Non-security issues fixed: - Fixed interaction with freetype6 (bsc#1173613). Important SUSE bug 1167231 SUSE bug 1173576 SUSE bug 1173613 CVE-2020-12402 CVE-2020-12415 CVE-2020-12416 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 CVE-2020-12422 CVE-2020-12423 CVE-2020-12424 CVE-2020-12425 CVE-2020-12426 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for squid fixes the following issues: - CVE-2020-15049.patch: fixes a Cache Poisoning and Request Smuggling attack (CVE-2020-15049, bsc#1173455) Important SUSE bug 1173455 CVE-2020-15049 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for tomcat fixes the following issues: Tomcat was updated to 9.0.36 See changelog at - CVE-2020-11996: Fixed an issue which by sending a specially crafted sequence of HTTP/2 requests could have triggered high CPU usage for several seconds making potentially the server unresponsive (bsc#1173389). Important SUSE bug 1173389 CVE-2020-11996 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update fixes the following issues: cobbler: - Calculate relative path for kernel and inited when generating grub entry (bsc#1170231) Added: fix-grub2-entry-paths.diff - Fix os-release version detection for SUSE Modified: sles15.patch - Jinja2 template library fix (bsc#1141661) - Removes string replace for textmode fix (bsc#1134195) golang-github-prometheus-node_exporter: - Update to 0.18.1 * [BUGFIX] Fix incorrect sysctl call in BSD meminfo collector, resulting in broken swap metrics on FreeBSD #1345 * [BUGFIX] Fix rollover bug in mountstats collector #1364 * Renamed interface label to device in netclass collector for consistency with * other network metrics #1224 * The cpufreq metrics now separate the cpufreq and scaling data based on what the driver provides. #1248 * The labels for the network_up metric have changed, see issue #1236 * Bonding collector now uses mii_status instead of operstatus #1124 * Several systemd metrics have been turned off by default to improve performance #1254 * These include unit_tasks_current, unit_tasks_max, service_restart_total, and unit_start_time_seconds * The systemd collector blacklist now includes automount, device, mount, and slice units by default. #1255 * [CHANGE] Bonding state uses mii_status #1124 * [CHANGE] Add a limit to the number of in-flight requests #1166 * [CHANGE] Renamed interface label to device in netclass collector #1224 * [CHANGE] Add separate cpufreq and scaling metrics #1248 * [CHANGE] Several systemd metrics have been turned off by default to improve performance #1254 * [CHANGE] Expand systemd collector blacklist #1255 * [CHANGE] Split cpufreq metrics into a separate collector #1253 * [FEATURE] Add a flag to disable exporter metrics #1148 * [FEATURE] Add kstat-based Solaris metrics for boottime, cpu and zfs collectors #1197 * [FEATURE] Add uname collector for FreeBSD #1239 * [FEATURE] Add diskstats collector for OpenBSD #1250 * [FEATURE] Add pressure collector exposing pressure stall information for Linux #1174 * [FEATURE] Add perf exporter for Linux #1274 * [ENHANCEMENT] Add Infiniband counters #1120 * [ENHANCEMENT] Add TCPSynRetrans to netstat default filter #1143 * [ENHANCEMENT] Move network_up labels into new metric network_info #1236 * [ENHANCEMENT] Use 64-bit counters for Darwin netstat * [BUGFIX] Add fallback for missing /proc/1/mounts #1172 * [BUGFIX] Fix node_textfile_mtime_seconds to work properly on symlinks #1326 - Add network-online (Wants and After) dependency to systemd unit bsc#1143913 golang-github-prometheus-prometheus: - Update change log and spec file + Modified spec file: default to golang 1.14 to avoid 'have choice' build issues in OBS. + Rebase and update patches for version 2.18.0 + Changed: * 0002-Default-settings.patch Changed - Update to 2.18.0 + Features * Tracing: Added experimental Jaeger support #7148 + Changes * Federation: Only use local TSDB for federation (ignore remote read). #7096 * Rules: `rule_evaluations_total` and `rule_evaluation_failures_total` have a `rule_group` label now. #7094 + Enhancements * TSDB: Significantly reduce WAL size kept around after a block cut. #7098 * Discovery: Add `architecture` meta label for EC2. #7000 + Bug fixes * UI: Fixed wrong MinTime reported by /status. #7182 * React UI: Fixed multiselect legend on OSX. #6880 * Remote Write: Fixed blocked resharding edge case. #7122 * Remote Write: Fixed remote write not updating on relabel configs change. #7073 - Changes from 2.17.2 + Bug fixes * Federation: Register federation metrics #7081 * PromQL: Fix panic in parser error handling #7132 * Rules: Fix reloads hanging when deleting a rule group that is being evaluated #7138 * TSDB: Fix a memory leak when prometheus starts with an empty TSDB WAL #7135 * TSDB: Make isolation more robust to panics in web handlers #7129 #7136 - Changes from 2.17.1 + Bug fixes * TSDB: Fix query performance regression that increased memory and CPU usage #7051 - Changes from 2.17.0 + Features * TSDB: Support isolation #6841 * This release implements isolation in TSDB. API queries and recording rules are guaranteed to only see full scrapes and full recording rules. This comes with a certain overhead in resource usage. Depending on the situation, there might be some increase in memory usage, CPU usage, or query latency. + Enhancements * PromQL: Allow more keywords as metric names #6933 * React UI: Add normalization of localhost URLs in targets page #6794 * Remote read: Read from remote storage concurrently #6770 * Rules: Mark deleted rule series as stale after a reload #6745 * Scrape: Log scrape append failures as debug rather than warn #6852 * TSDB: Improve query performance for queries that partially hit the head #6676 * Consul SD: Expose service health as meta label #5313 * EC2 SD: Expose EC2 instance lifecycle as meta label #6914 * Kubernetes SD: Expose service type as meta label for K8s service role #6684 * Kubernetes SD: Expose label_selector and field_selector #6807 * Openstack SD: Expose hypervisor id as meta label #6962 + Bug fixes * PromQL: Do not escape HTML-like chars in query log #6834 #6795 * React UI: Fix data table matrix values #6896 * React UI: Fix new targets page not loading when using non-ASCII characters #6892 * Remote read: Fix duplication of metrics read from remote storage with external labels #6967 #7018 * Remote write: Register WAL watcher and live reader metrics for all remotes, not just the first one #6998 * Scrape: Prevent removal of metric names upon relabeling #6891 * Scrape: Fix 'superfluous response.WriteHeader call' errors when scrape fails under some circonstances #6986 * Scrape: Fix crash when reloads are separated by two scrape intervals #7011 - Changes from 2.16.0 + Features * React UI: Support local timezone on /graph #6692 * PromQL: add absent_over_time query function #6490 * Adding optional logging of queries to their own file #6520 + Enhancements * React UI: Add support for rules page and 'Xs ago' duration displays #6503 * React UI: alerts page, replace filtering togglers tabs with checkboxes #6543 * TSDB: Export metric for WAL write errors #6647 * TSDB: Improve query performance for queries that only touch the most recent 2h of data. #6651 * PromQL: Refactoring in parser errors to improve error messages #6634 * PromQL: Support trailing commas in grouping opts #6480 * Scrape: Reduce memory usage on reloads by reusing scrape cache #6670 * Scrape: Add metrics to track bytes and entries in the metadata cache #6675 * promtool: Add support for line-column numbers for invalid rules output #6533 * Avoid restarting rule groups when it is unnecessary #6450 + Bug fixes * React UI: Send cookies on fetch() on older browsers #6553 * React UI: adopt grafana flot fix for stacked graphs #6603 * React UI: broken graph page browser history so that back button works as expected #6659 * TSDB: ensure compactionsSkipped metric is registered, and log proper error if one is returned from head.Init #6616 * TSDB: return an error on ingesting series with duplicate labels #6664 * PromQL: Fix unary operator precedence #6579 * PromQL: Respect query.timeout even when we reach query.max-concurrency #6712 * PromQL: Fix string and parentheses handling in engine, which affected React UI #6612 * PromQL: Remove output labels returned by absent() if they are produced by multiple identical label matchers #6493 * Scrape: Validate that OpenMetrics input ends with `# EOF` #6505 * Remote read: return the correct error if configs can't be marshal'd to JSON #6622 * Remote write: Make remote client `Store` use passed context, which can affect shutdown timing #6673 * Remote write: Improve sharding calculation in cases where we would always be consistently behind by tracking pendingSamples #6511 * Ensure prometheus_rule_group metrics are deleted when a rule group is removed #6693 - Changes from 2.15.2 + Bug fixes * TSDB: Fixed support for TSDB blocks built with Prometheus before 2.1.0. #6564 * TSDB: Fixed block compaction issues on Windows. #6547 - Changes from 2.15.1 + Bug fixes * TSDB: Fixed race on concurrent queries against same data. #6512 - Changes from 2.15.0 + Features * API: Added new endpoint for exposing per metric metadata `/metadata`. #6420 #6442 + Changes * Discovery: Removed `prometheus_sd_kubernetes_cache_*` metrics. Additionally `prometheus_sd_kubernetes_workqueue_latency_seconds` and `prometheus_sd_kubernetes_workqueue_work_duration_seconds` metrics now show correct values in seconds. #6393 * Remote write: Changed `query` label on `prometheus_remote_storage_*` metrics to `remote_name` and `url`. #6043 + Enhancements * TSDB: Significantly reduced memory footprint of loaded TSDB blocks. #6418 #6461 * TSDB: Significantly optimized what we buffer during compaction which should result in lower memory footprint during compaction. #6422 #6452 #6468 #6475 * TSDB: Improve replay latency. #6230 * TSDB: WAL size is now used for size based retention calculation. #5886 * Remote read: Added query grouping and range hints to the remote read request #6401 * Remote write: Added `prometheus_remote_storage_sent_bytes_total` counter per queue. #6344 * promql: Improved PromQL parser performance. #6356 * React UI: Implemented missing pages like `/targets` #6276, TSDB status page #6281 #6267 and many other fixes and performance improvements. * promql: Prometheus now accepts spaces between time range and square bracket. e.g `[ 5m]` #6065 + Bug fixes * Config: Fixed alertmanager configuration to not miss targets when configurations are similar. #6455 * Remote write: Value of `prometheus_remote_storage_shards_desired` gauge shows raw value of desired shards and it's updated correctly. #6378 * Rules: Prometheus now fails the evaluation of rules and alerts where metric results collide with labels specified in `labels` field. #6469 * API: Targets Metadata API `/targets/metadata` now accepts empty `match_targets` parameter as in the spec. #6303 - Changes from 2.14.0 + Features * API: `/api/v1/status/runtimeinfo` and `/api/v1/status/buildinfo` endpoints added for use by the React UI. #6243 * React UI: implement the new experimental React based UI. #5694 and many more * Can be found by under `/new`. * Not all pages are implemented yet. * Status: Cardinality statistics added to the Runtime & Build Information page. #6125 + Enhancements * Remote write: fix delays in remote write after a compaction. #6021 * UI: Alerts can be filtered by state. #5758 + Bug fixes * Ensure warnings from the API are escaped. #6279 * API: lifecycle endpoints return 403 when not enabled. #6057 * Build: Fix Solaris build. #6149 * Promtool: Remove false duplicate rule warnings when checking rule files with alerts. #6270 * Remote write: restore use of deduplicating logger in remote write. #6113 * Remote write: do not reshard when unable to send samples. #6111 * Service discovery: errors are no longer logged on context cancellation. #6116, #6133 * UI: handle null response from API properly. #6071 - Changes from 2.13.1 + Bug fixes * Fix panic in ARM builds of Prometheus. #6110 * promql: fix potential panic in the query logger. #6094 * Multiple errors of http: superfluous response.WriteHeader call in the logs. #6145 - Changes from 2.13.0 + Enhancements * Metrics: renamed prometheus_sd_configs_failed_total to prometheus_sd_failed_configs and changed to Gauge #5254 * Include the tsdb tool in builds. #6089 * Service discovery: add new node address types for kubernetes. #5902 * UI: show warnings if query have returned some warnings. #5964 * Remote write: reduce memory usage of the series cache. #5849 * Remote read: use remote read streaming to reduce memory usage. #5703 * Metrics: added metrics for remote write max/min/desired shards to queue manager. #5787 * Promtool: show the warnings during label query. #5924 * Promtool: improve error messages when parsing bad rules. #5965 * Promtool: more promlint rules. #5515 + Bug fixes * UI: Fix a Stored DOM XSS vulnerability with query history [CVE-2019-10215](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10215). #6098 * Promtool: fix recording inconsistency due to duplicate labels. #6026 * UI: fixes service-discovery view when accessed from unhealthy targets. #5915 * Metrics format: OpenMetrics parser crashes on short input. #5939 * UI: avoid truncated Y-axis values. #6014 - Changes from 2.12.0 + Features * Track currently active PromQL queries in a log file. #5794 * Enable and provide binaries for `mips64` / `mips64le` architectures. #5792 + Enhancements * Improve responsiveness of targets web UI and API endpoint. #5740 * Improve remote write desired shards calculation. #5763 * Flush TSDB pages more precisely. tsdb#660 * Add `prometheus_tsdb_retention_limit_bytes` metric. tsdb#667 * Add logging during TSDB WAL replay on startup. tsdb#662 * Improve TSDB memory usage. tsdb#653, tsdb#643, tsdb#654, tsdb#642, tsdb#627 + Bug fixes * Check for duplicate label names in remote read. #5829 * Mark deleted rules' series as stale on next evaluation. #5759 * Fix JavaScript error when showing warning about out-of-sync server time. #5833 * Fix `promtool test rules` panic when providing empty `exp_labels`. #5774 * Only check last directory when discovering checkpoint number. #5756 * Fix error propagation in WAL watcher helper functions. #5741 * Correctly handle empty labels from alert templates. #5845 - Update Uyuni/SUSE Manager service discovery patch + Modified 0003-Add-Uyuni-service-discovery.patch: + Adapt service discovery to the new Uyuni API endpoints + Modified spec file: force golang 1.12 to fix build issues in SLE15SP2 - Update to Prometheus 2.11.2 grafana: - Update to version 7.0.3 * Features / Enhancements - Stats: include all fields. #24829, @ryantxu - Variables: change VariableEditorList row action Icon to IconButton. #25217, @hshoff * Bug fixes - Cloudwatch: Fix dimensions of DDoSProtection. #25317, @papagian - Configuration: Fix env var override of sections containing hyphen. #25178, @marefr - Dashboard: Get panels in collapsed rows. #25079, @peterholmberg - Do not show alerts tab when alerting is disabled. #25285, @dprokop - Jaeger: fixes cascader option label duration value. #25129, @Estrax - Transformations: Fixed Transform tab crash & no update after adding first transform. #25152, @torkelo - Update to version 7.0.2 * Bug fixes - Security: Urgent security patch release to fix CVE-2020-13379 - Update to version 7.0.1 * Features / Enhancements - Datasource/CloudWatch: Makes CloudWatch Logs query history more readable. #24795, @kaydelaney - Download CSV: Add date and time formatting. #24992, @ryantxu - Table: Make last cell value visible when right aligned. #24921, @peterholmberg - TablePanel: Adding sort order persistance. #24705, @torkelo - Transformations: Display correct field name when using reduce transformation. #25068, @peterholmberg - Transformations: Allow custom number input for binary operations. #24752, @ryantxu * Bug fixes - Dashboard/Links: Fixes dashboard links by tags not working. #24773, @KamalGalrani - Dashboard/Links: Fixes open in new window for dashboard link. #24772, @KamalGalrani - Dashboard/Links: Variables are resolved and limits to 100. #25076, @hugohaggmark - DataLinks: Bring back variables interpolation in title. #24970, @dprokop - Datasource/CloudWatch: Field suggestions no longer limited to prefix-only. #24855, @kaydelaney - Explore/Table: Keep existing field types if possible. #24944, @kaydelaney - Explore: Fix wrap lines toggle for results of queries with filter expression. #24915, @ivanahuckova - Explore: fix undo in query editor. #24797, @zoltanbedi - Explore: fix word break in type head info. #25014, @zoltanbedi - Graph: Legend decimals now work as expected. #24931, @torkelo - LoginPage: Fix hover color for service buttons. #25009, @tskarhed - LogsPanel: Fix scrollbar. #24850, @ivanahuckova - MoveDashboard: Fix for moving dashboard caused all variables to be lost. #25005, @torkelo - Organize transformer: Use display name in field order comparer. #24984, @dprokop - Panel: shows correct panel menu items in view mode. #24912, @hugohaggmark - PanelEditor Fix missing labels and description if there is only single option in category. #24905, @dprokop - PanelEditor: Overrides name matcher still show all original field names even after Field default display name is specified. #24933, @torkelo - PanelInspector: Makes sure Data display options are visible. #24902, @hugohaggmark - PanelInspector: Hides unsupported data display options for Panel type. #24918, @hugohaggmark - PanelMenu: Make menu disappear on button press. #25015, @tskarhed - Postgres: Fix add button. #25087, @phemmer - Prometheus: Fix recording rules expansion. #24977, @ivanahuckova - Stackdriver: Fix creating Service Level Objectives (SLO) datasource query variable. #25023, @papagian - Update to version 7.0.0 * Breaking changes - Removed PhantomJS: PhantomJS was deprecated in Grafana v6.4 and starting from Grafana v7.0.0, all PhantomJS support has been removed. This means that Grafana no longer ships with a built-in image renderer, and we advise you to install the Grafana Image Renderer plugin. - Dashboard: A global minimum dashboard refresh interval is now enforced and defaults to 5 seconds. - Interval calculation: There is now a new option Max data points that controls the auto interval $__interval calculation. Interval was previously calculated by dividing the panel width by the time range. With the new max data points option it is now easy to set $__interval to a dynamic value that is time range agnostic. For example if you set Max data points to 10 Grafana will dynamically set $__interval by dividing the current time range by 10. - Datasource/Loki: Support for deprecated Loki endpoints has been removed. - Backend plugins: Grafana now requires backend plugins to be signed, otherwise Grafana will not load/start them. This is an additional security measure to make sure backend plugin binaries and files haven't been tampered with. Refer to Upgrade Grafana for more information. - @grafana/ui: Forms migration notice, see @grafana/ui changelog - @grafana/ui: Select API change for creating custom values, see @grafana/ui changelog + Deprecation warnings - Scripted dashboards is now deprecated. The feature is not removed but will be in a future release. We hope to address the underlying requirement of dynamic dashboards in a different way. #24059 - The unofficial first version of backend plugins together with usage of grafana/grafana-plugin-model is now deprecated and support for that will be removed in a future release. Please refer to backend plugins documentation for information about the new officially supported backend plugins. * Features / Enhancements - Backend plugins: Log deprecation warning when using the unofficial first version of backend plugins. #24675, @marefr - Editor: New line on Enter, run query on Shift+Enter. #24654, @davkal - Loki: Allow multiple derived fields with the same name. #24437, @aocenas - Orgs: Add future deprecation notice. #24502, @torkelo * Bug Fixes - @grafana/toolkit: Use process.cwd() instead of PWD to get directory. #24677, @zoltanbedi - Admin: Makes long settings values line break in settings page. #24559, @hugohaggmark - Dashboard: Allow editing provisioned dashboard JSON and add confirmation when JSON is copied to dashboard. #24680, @dprokop - Dashboard: Fix for strange 'dashboard not found' errors when opening links in dashboard settings. #24416, @torkelo - Dashboard: Fix so default data source is selected when data source can't be found in panel editor. #24526, @mckn - Dashboard: Fixed issue changing a panel from transparent back to normal in panel editor. #24483, @torkelo - Dashboard: Make header names reflect the field name when exporting to CSV file from the the panel inspector. #24624, @peterholmberg - Dashboard: Make sure side pane is displayed with tabs by default in panel editor. #24636, @dprokop - Data source: Fix query/annotation help content formatting. #24687, @AgnesToulet - Data source: Fixes async mount errors. #24579, @Estrax - Data source: Fixes saving a data source without failure when URL doesn't specify a protocol. #24497, @aknuds1 - Explore/Prometheus: Show results of instant queries only in table. #24508, @ivanahuckova - Explore: Fix rendering of react query editors. #24593, @ivanahuckova - Explore: Fixes loading more logs in logs context view. #24135, @Estrax - Graphite: Fix schema and dedupe strategy in rollup indicators for Metrictank queries. #24685, @torkelo - Graphite: Makes query annotations work again. #24556, @hugohaggmark - Logs: Clicking 'Load more' from context overlay doesn't expand log row. #24299, @kaydelaney - Logs: Fix total bytes process calculation. #24691, @davkal - Org/user/team preferences: Fixes so UI Theme can be set back to Default. #24628, @AgnesToulet - Plugins: Fix manifest validation. #24573, @aknuds1 - Provisioning: Use proxy as default access mode in provisioning. #24669, @bergquist - Search: Fix select item when pressing enter and Grafana is served using a sub path. #24634, @tskarhed - Search: Save folder expanded state. #24496, @Clarity-89 - Security: Tag value sanitization fix in OpenTSDB data source. #24539, @rotemreiss - Table: Do not include angular options in options when switching from angular panel. #24684, @torkelo - Table: Fixed persisting column resize for time series fields. #24505, @torkelo - Table: Fixes Cannot read property subRows of null. #24578, @hugohaggmark - Time picker: Fixed so you can enter a relative range in the time picker without being converted to absolute range. #24534, @mckn - Transformations: Make transform dropdowns not cropped. #24615, @dprokop - Transformations: Sort order should be preserved as entered by user when using the reduce transformation. #24494, @hugohaggmark - Units: Adds scale symbol for currencies with suffixed symbol. #24678, @hugohaggmark - Variables: Fixes filtering options with more than 1000 entries. #24614, @hugohaggmark - Variables: Fixes so Textbox variables read value from url. #24623, @hugohaggmark - Zipkin: Fix error when span contains remoteEndpoint. #24524, @aocenas - SAML: Switch from email to login for user login attribute mapping (Enterprise) - Update Makefile and spec file * Remove phantomJS patch from Makefile * Fix multiline strings in Makefile * Exclude s390 from SLE12 builds, golang 1.14 is not built for s390 - Add instructions for patching the Grafana javascript frontend. - BuildRequires golang(API) instead of go metapackage version range * BuildRequires: golang(API) >= 1.14 from BuildRequires: ( go >= 1.14 with go < 1.15 ) - Update to version 6.7.3 - This version fixes bsc#1170557 and its corresponding CVE-2020-12245 - Admin: Fix Synced via LDAP message for non-LDAP external users. #23477, @alexanderzobnin - Alerting: Fixes notifications for alerts with empty message in Google Hangouts notifier. #23559, @hugohaggmark - AuthProxy: Fixes bug where long username could not be cached.. #22926, @jcmcken - Dashboard: Fix saving dashboard when editing raw dashboard JSON model. #23314, @peterholmberg - Dashboard: Try to parse 8 and 15 digit numbers as timestamps if parsing of time range as date fails. #21694, @jessetan - DashboardListPanel: Fixed problem with empty panel after going into edit mode (General folder filter being automatically added) . #23426, @torkelo - Data source: Handle datasource withCredentials option properly. #23380, @hvtuananh - Security: Fix annotation popup XSS vulnerability. #23813, @torkelo - Server: Exit Grafana with status code 0 if no error. #23312, @aknuds1 - TablePanel: Fix XSS issue in header column rename (backport). #23814, @torkelo - Variables: Fixes error when setting adhoc variable values. #23580, @hugohaggmark - Update to version 6.7.2: (see installed changelog for the full list of changes) - BackendSrv: Adds config to response to fix issue for external plugins that used this property . #23032, @torkelo - Dashboard: Fixed issue with saving new dashboard after changing title . #23104, @dprokop - DataLinks: make sure we use the correct datapoint when dataset contains null value.. #22981, @mckn - Plugins: Fixed issue for plugins that imported dateMath util . #23069, @mckn - Security: Fix for dashboard snapshot original dashboard link could contain XSS vulnerability in url. #23254, @torkelo - Variables: Fixes issue with too many queries being issued for nested template variables after value change. #23220, @torkelo - Plugins: Expose promiseToDigest. #23249, @torkelo - Reporting (Enterprise): Fixes issue updating a report created by someone else - Update to 6.7.1: (see installed changelog for the full list of changes) Bug Fixes - Azure: Fixed dropdowns not showing current value. #22914, @torkelo - BackendSrv: only add content-type on POST, PUT requests. #22910, @hugohaggmark - Panels: Fixed size issue with panel internal size when exiting panel edit mode. #22912, @torkelo - Reporting: fixes migrations compatibility with mysql (Enterprise) - Reporting: Reduce default concurrency limit to 4 (Enterprise) - Update to 6.7.0: (see installed changelog for the full list of changes) Bug Fixes - AngularPanels: Fixed inner height calculation for angular panels . #22796, @torkelo - BackendSrv: makes sure provided headers are correctly recognized and set. #22778, @hugohaggmark - Forms: Fix input suffix position (caret-down in Select) . #22780, @torkelo - Graphite: Fixed issue with query editor and next select metric now showing after selecting metric node . #22856, @torkelo - Rich History: UX adjustments and fixes. #22729, @ivanahuckova - Update to 6.7.0-beta1: Breaking changes - Slack: Removed Mention setting and instead introduce Mention Users, Mention Groups, and Mention Channel. The first two settings require user and group IDs, respectively. This change was necessary because the way of mentioning via the Slack API changed and mentions in Slack notifications no longer worked. - Alerting: Reverts the behavior of diff and percent_diff to not always be absolute. Something we introduced by mistake in 6.1.0. Alerting now support diff(), diff_abs(), percent_diff() and percent_diff_abs(). #21338 - Notice about changes in backendSrv for plugin authors In our mission to migrate away from AngularJS to React we have removed all AngularJS dependencies in the core data retrieval service backendSrv. Removing the AngularJS dependencies in backendSrv has the unfortunate side effect of AngularJS digest no longer being triggered for any request made with backendSrv. Because of this, external plugins using backendSrv directly may suffer from strange behaviour in the UI. To remedy this issue, as a plugin author you need to trigger the digest after a direct call to backendSrv. Bug Fixes API: Fix redirect issues. #22285, @papagian Alerting: Don't include image_url field with Slack message if empty. #22372, @aknuds1 Alerting: Fixed bad background color for default notifications in alert tab . #22660, @krvajal Annotations: In table panel when setting transform to annotation, they will now show up right away without a manual refresh. #22323, @krvajal Azure Monitor: Fix app insights source to allow for new __timeFrom and __timeTo. #21879, @ChadNedzlek BackendSrv: Fixes POST body for form data. gmark CloudWatch: Credentials cache invalidation fix. #22473, @sunker CloudWatch: Expand alias variables when query yields no result. #22695, @sunker Dashboard: Fix bug with NaN in alerting. #22053, @a-melnyk Explore: Fix display of multiline logs in log panel and explore. #22057, @thomasdraebing Heatmap: Legend color range is incorrect when using custom min/max. #21748, @sv5d Security: Fixed XSS issue in dashboard history diff . #22680, @torkelo StatPanel: Fixes base color is being used for null values . #22646, @torkelo - Update to version 6.6.2: (see installed changelog for the full list of changes) - Update to version 6.6.1: (see installed changelog for the full list of changes) - Update to version 6.6.0: (see installed changelog for the full list of changes) - Update to version 6.5.3: (see installed changelog for the full list of changes) - Update to version 6.5.2: (see installed changelog for the full list of changes) - Update to version 6.5.1: (see installed changelog for the full list of changes) - Update to version 6.5.0 (see installed changelog for the full list of changes) - Update to version 6.4.5: * Create version 6.4.5 * CloudWatch: Fix high CPU load (#20579) - Add obs-service-go_modules to download required modules into vendor.tar.gz - Adjusted spec file to use vendor.tar.gz - Adjusted Makefile to work with new filenames - BuildRequire go1.14 - Update to version 6.4.4: * DataLinks: Fix blur issues. #19883, @aocenas * Docker: Makes it possible to parse timezones in the docker image. #20081, @xlson * LDAP: All LDAP servers should be tried even if one of them returns a connection error. #20077, @jongyllen * LDAP: No longer shows incorrectly matching groups based on role in debug page. #20018, @xlson * Singlestat: Fix no data / null value mapping . #19951, @ryantxu - Revert the spec file and make script - Remove PhantomJS dependency - Update to 6.4.3 * Bug Fixes - Alerting: All notification channels should send even if one fails to send. #19807, @jan25 - AzureMonitor: Fix slate interference with dropdowns. #19799, @aocenas - ContextMenu: make ContextMenu positioning aware of the viewport width. #19699, @krvajal - DataLinks: Fix context menu not showing in singlestat-ish visualisations. #19809, @dprokop - DataLinks: Fix url field not releasing focus. #19804, @aocenas - Datasource: Fixes clicking outside of some query editors required 2 clicks. #19822, @aocenas - Panels: Fixes default tab for visualizations without Queries Tab. #19803, @hugohaggmark - Singlestat: Fixed issue with mapping null to text. #19689, @torkelo - @grafana/toolkit: Don't fail plugin creation when git user.name config is not set. #19821, @dprokop - @grafana/toolkit: TSLint line number off by 1. #19782, @fredwangwang - Update to 6.4.2 * Bug Fixes - CloudWatch: Changes incorrect dimension wmlid to wlmid . #19679, @ATTron - Grafana Image Renderer: Fixes plugin page. #19664, @hugohaggmark - Graph: Fixes auto decimals logic for y axis ticks that results in too many decimals for high values. #19618, @torkelo - Graph: Switching to series mode should re-render graph. #19623, @torkelo - Loki: Fix autocomplete on label values. #19579, @aocenas - Loki: Removes live option for logs panel. #19533, @davkal - Profile: Fix issue with user profile not showing more than sessions sessions in some cases. #19578, @huynhsamha - Prometheus: Fixes so results in Panel always are sorted by query order. #19597, @hugohaggmark - sted keys in YAML provisioning caused a server crash, #19547 - ImageRendering: Fixed issue with image rendering in enterprise build (Enterprise) - Reporting: Fixed issue with reporting service when STMP was disabled (Enterprise). - Changes from 6.4.0 * Features / Enhancements - Build: Upgrade go to 1.12.10. #19499, @marefr - DataLinks: Suggestions menu improvements. #19396, @dprokop - Explore: Take root_url setting into account when redirecting from dashboard to explore. #19447, @ivanahuckova - Explore: Update broken link to logql docs. #19510, @ivanahuckova - Logs: Adds Logs Panel as a visualization. #19504, @davkal * Bug Fixes - CLI: Fix version selection for plugin install. #19498, @aocenas - Graph: Fixes minor issue with series override color picker and custom color . #19516, @torkelo - Changes from 6.4.0 Beta 2 * Features / Enhancements - Azure Monitor: Remove support for cross resource queries (#19115)'. #19346, @sunker - Docker: Upgrade packages to resolve reported vulnerabilities. #19188, @marefr - Graphite: Time range expansion reduced from 1 minute to 1 second. #19246, @torkelo - grafana/toolkit: Add plugin creation task. #19207, @dprokop * Bug Fixes - Alerting: Prevents creating alerts from unsupported queries. #19250, @hugohaggmark - Alerting: Truncate PagerDuty summary when greater than 1024 characters. #18730, @nvllsvm - Cloudwatch: Fix autocomplete for Gamelift dimensions. #19146, @kevinpz - Dashboard: Fix export for sharing when panels use default data source. #19315, @torkelo - Database: Rewrite system statistics query to perform better. #19178, @papagian - Gauge/BarGauge: Fix issue with [object Object] in titles . #19217, @ryantxu - MSSQL: Revert usage of new connectionstring format introduced by #18384. #19203, @marefr - Multi-LDAP: Do not fail-fast on invalid credentials. #19261, @gotjosh - MySQL, Postgres, MSSQL: Fix validating query with template variables in alert . #19237, @marefr - MySQL, Postgres: Update raw sql when query builder updates. #19209, @marefr - MySQL: Limit datasource error details returned from the backend. #19373, @marefr - Changes from 6.4.0 Beta 1 * Features / Enhancements - API: Readonly datasources should not be created via the API. #19006, @papagian - Alerting: Include configured AlertRuleTags in Webhooks notifier. #18233, @dominic-miglar - Annotations: Add annotations support to Loki. #18949, @aocenas - Annotations: Use a single row to represent a region. #17673, @ryantxu - Auth: Allow inviting existing users when login form is disabled. #19048, @548017 - Azure Monitor: Add support for cross resource queries. #19115, @sunker - CLI: Allow installing custom binary plugins. #17551, @aocenas - Dashboard: Adds Logs Panel (alpha) as visualization option for Dashboards. #18641, @hugohaggmark - Dashboard: Reuse query results between panels . #16660, @ryantxu - Dashboard: Set time to to 23:59:59 when setting To time using calendar. #18595, @simPod - DataLinks: Add DataLinks support to Gauge, BarGauge and SingleStat2 panel. #18605, @ryantxu - DataLinks: Enable access to labels & field names. #18918, @torkelo - DataLinks: Enable multiple data links per panel. #18434, @dprokop - Docker: switch docker image to alpine base with phantomjs support. #18468, @DanCech - Elasticsearch: allow templating queries to order by doc_count. #18870, @hackery - Explore: Add throttling when doing live queries. #19085, @aocenas - Explore: Adds ability to go back to dashboard, optionally with query changes. #17982, @kaydelaney - Explore: Reduce default time range to last hour. #18212, @davkal - Gauge/BarGauge: Support decimals for min/max. #18368, @ryantxu - Graph: New series override transform constant that renders a single point as a line across the whole graph. #19102, @davkal - Image rendering: Add deprecation warning when PhantomJS is used for rendering images. #18933, @papagian - InfluxDB: Enable interpolation within ad-hoc filter values. #18077, @kvc-code - LDAP: Allow an user to be synchronized against LDAP. #18976, @gotjosh - Ldap: Add ldap debug page. #18759, @peterholmberg - Loki: Remove prefetching of default label values. #18213, @davkal - Metrics: Add failed alert notifications metric. #18089, @koorgoo - OAuth: Support JMES path lookup when retrieving user email. #14683, @bobmshannon - OAuth: return GitLab groups as a part of user info (enable team sync). #18388, @alexanderzobnin - Panels: Add unit for electrical charge - ampere-hour. #18950, @anirudh-ramesh - Plugin: AzureMonitor - Reapply MetricNamespace support. #17282, @raphaelquati - Plugins: better warning when plugins fail to load. #18671, @ryantxu - Postgres: Add support for scram sha 256 authentication. #18397, @nonamef - RemoteCache: Support SSL with Redis. #18511, @kylebrandt - SingleStat: The gauge option in now disabled/hidden (unless it's an old panel with it already enabled) . #18610, @ryantxu - Stackdriver: Add extra alignment period options. #18909, @sunker - Units: Add South African Rand (ZAR) to currencies. #18893, @jeteon - Units: Adding T,P,E,Z,and Y bytes. #18706, @chiqomar * Bug Fixes - Alerting: Notification is sent when state changes from no_data to ok. #18920, @papagian - Alerting: fix duplicate alert states when the alert fails to save to the database. #18216, @kylebrandt - Alerting: fix response popover prompt when add notification channels. #18967, @lzdw - CloudWatch: Fix alerting for queries with Id (using GetMetricData). #17899, @alex-berger - Explore: Fix auto completion on label values for Loki. #18988, @aocenas - Explore: Fixes crash using back button with a zoomed in graph. #19122, @hugohaggmark - Explore: Fixes so queries in Explore are only run if Graph/Table is shown. #19000, @hugohaggmark - MSSQL: Change connectionstring to URL format to fix using passwords with semicolon. #18384, @Russiancold - MSSQL: Fix memory leak when debug enabled. #19049, @briangann - Provisioning: Allow escaping literal '$' with '$$' in configs to avoid interpolation. #18045, @kylebrandt - TimePicker: Fixes hiding time picker dropdown in FireFox. #19154, @hugohaggmark * Breaking changes + Annotations There are some breaking changes in the annotations HTTP API for region annotations. Region annotations are now represented using a single event instead of two seperate events. Check breaking changes in HTTP API below and HTTP API documentation for more details. + Docker Grafana is now using Alpine 3.10 as docker base image. + HTTP API - GET /api/alert-notifications now requires at least editor access. New /api/alert-notifications/lookup returns less information than /api/alert-notifications and can be access by any authenticated user. - GET /api/alert-notifiers now requires at least editor access - GET /api/org/users now requires org admin role. New /api/org/users/lookup returns less information than /api/org/users and can be access by users that are org admins, admin in any folder or admin of any team. - GET /api/annotations no longer returns regionId property. - POST /api/annotations no longer supports isRegion property. - PUT /api/annotations/:id no longer supports isRegion property. - PATCH /api/annotations/:id no longer supports isRegion property. - DELETE /api/annotations/region/:id has been removed. * Deprecation notes + PhantomJS - PhantomJS, which is used for rendering images of dashboards and panels, is deprecated and will be removed in a future Grafana release. A deprecation warning will from now on be logged when Grafana starts up if PhantomJS is in use. Please consider migrating from PhantomJS to the Grafana Image Renderer plugin. - Changes from 6.3.6 * Features / Enhancements - Metrics: Adds setting for turning off total stats metrics. #19142, @marefr * Bug Fixes - Database: Rewrite system statistics query to perform better. #19178, @papagian - Explore: Fixes error when switching from prometheus to loki data sources. #18599, @kaydelaney - Rebase package spec. Use mostly from fedora, fix suse specified things and fix some errors. - Add missing directories provisioning/datasources and provisioning/notifiers and sample.yaml as described in packaging/rpm/control from upstream. Missing directories are shown in logfiles. - Version 6.3.5 * Upgrades + Build: Upgrade to go 1.12.9. * Bug Fixes + Dashboard: Fixes dashboards init failed loading error for dashboards with panel links that had missing properties. + Editor: Fixes issue where only entire lines were being copied. + Explore: Fixes query field layout in splitted view for Safari browsers. + LDAP: multildap + ldap integration. + Profile/UserAdmin: Fix for user agent parser crashes grafana-server on 32-bit builds. + Prometheus: Prevents panel editor crash when switching to Prometheus datasource. + Prometheus: Changes brace-insertion behavior to be less annoying. - Version 6.3.4 * Security: CVE-2019-15043 - Parts of the HTTP API allow unauthenticated use. - Version 6.3.3 * Bug Fixes + Annotations: Fix failing annotation query when time series query is cancelled. #18532 1, @dprokop 1 + Auth: Do not set SameSite cookie attribute if cookie_samesite is none. #18462 1, @papagian 3 + DataLinks: Apply scoped variables to data links correctly. #18454 1, @dprokop 1 + DataLinks: Respect timezone when displaying datapoint’s timestamp in graph context menu. #18461 2, @dprokop 1 + DataLinks: Use datapoint timestamp correctly when interpolating variables. #18459 1, @dprokop 1 + Explore: Fix loading error for empty queries. #18488 1, @davkal + Graph: Fixes legend issue clicking on series line icon and issue with horizontal scrollbar being visible on windows. #18563 1, @torkelo 2 + Graphite: Avoid glob of single-value array variables . #18420, @gotjosh + Prometheus: Fix queries with label_replace remove the $1 match when loading query editor. #18480 5, @hugohaggmark 3 + Prometheus: More consistently allows for multi-line queries in editor. #18362 2, @kaydelaney 2 + TimeSeries: Assume values are all numbers. #18540 4, @ryantxu - Version 6.3.2 * Bug Fixes + Gauge/BarGauge: Fixes issue with losts thresholds and issue loading Gauge with avg stat. #18375 12 - Version 6.3.1 * Bug Fixes + PanelLinks: Fix crash issue Gauge & Bar Gauge for panels with panel links (drill down links). #18430 2 - Version 6.3.0 * Features / Enhancements + OAuth: Do not set SameSite OAuth cookie if cookie_samesite is None. #18392 4, @papagian 3 + Auth Proxy: Include additional headers as part of the cache key. #18298 6, @gotjosh + Build grafana images consistently. #18224 12, @hassanfarid + Docs: SAML. #18069 11, @gotjosh + Permissions: Show plugins in nav for non admin users but hide plugin configuration. #18234 1, @aocenas + TimePicker: Increase max height of quick range dropdown. #18247 2, @torkelo 2 + Alerting: Add tags to alert rules. #10989 13, @Thib17 1 + Alerting: Attempt to send email notifications to all given email addresses. #16881 1, @zhulongcheng + Alerting: Improve alert rule testing. #16286 2, @marefr + Alerting: Support for configuring content field for Discord alert notifier. #17017 2, @jan25 + Alertmanager: Replace illegal chars with underscore in label names. #17002 5, @bergquist 1 + Auth: Allow expiration of API keys. #17678, @papagian 3 + Auth: Return device, os and browser when listing user auth tokens in HTTP API. #17504, @shavonn 1 + Auth: Support list and revoke of user auth tokens in UI. #17434 2, @shavonn 1 + AzureMonitor: change clashing built-in Grafana variables/macro names for Azure Logs. #17140, @shavonn 1 + CloudWatch: Made region visible for AWS Cloudwatch Expressions. #17243 2, @utkarshcmu + Cloudwatch: Add AWS DocDB metrics. #17241, @utkarshcmu + Dashboard: Use timezone dashboard setting when exporting to CSV. #18002 1, @dehrax + Data links. #17267 11, @torkelo 2 + Docker: Switch base image to ubuntu:latest from debian:stretch to avoid security issues… #17066 5, @bergquist 1 + Elasticsearch: Support for visualizing logs in Explore . #17605 7, @marefr + Explore: Adds Live option for supported datasources. #17062 1, @hugohaggmark 3 + Explore: Adds orgId to URL for sharing purposes. #17895 1, @kaydelaney 2 + Explore: Adds support for new loki ‘start’ and ‘end’ params for labels endpoint. #17512, @kaydelaney 2 + Explore: Adds support for toggling raw query mode in explore. #17870, @kaydelaney 2 + Explore: Allow switching between metrics and logs . #16959 2, @marefr + Explore: Combines the timestamp and local time columns into one. #17775, @hugohaggmark 3 + Explore: Display log lines context . #17097, @dprokop 1 + Explore: Don’t parse log levels if provided by field or label. #17180 1, @marefr + Explore: Improves performance of Logs element by limiting re-rendering. #17685, @kaydelaney 2 + Explore: Support for new LogQL filtering syntax. #16674 4, @davkal + Explore: Use new TimePicker from Grafana/UI. #17793, @hugohaggmark 3 + Explore: handle newlines in LogRow Highlighter. #17425, @rrfeng 1 + Graph: Added new fill gradient option. #17528 3, @torkelo 2 + GraphPanel: Don’t sort series when legend table & sort column is not visible . #17095, @shavonn 1 + InfluxDB: Support for visualizing logs in Explore. #17450 9, @hugohaggmark 3 + Logging: Login and Logout actions (#17760). #17883 1, @ATTron + Logging: Move log package to pkg/infra. #17023, @zhulongcheng + Metrics: Expose stats about roles as metrics. #17469 2, @bergquist 1 + MySQL/Postgres/MSSQL: Add parsing for day, weeks and year intervals in macros. #13086 6, @bernardd + MySQL: Add support for periodically reloading client certs. #14892, @tpetr + Plugins: replace dataFormats list with skipDataQuery flag in plugin.json. #16984, @ryantxu + Prometheus: Take timezone into account for step alignment. #17477, @fxmiii + Prometheus: Use overridden panel range for $__range instead of dashboard range. #17352, @patrick246 + Prometheus: added time range filter to series labels query. #16851 3, @FUSAKLA + Provisioning: Support folder that doesn’t exist yet in dashboard provisioning. #17407 1, @Nexucis + Refresh picker: Handle empty intervals. #17585 1, @dehrax + Singlestat: Add y min/max config to singlestat sparklines. #17527 4, @pitr + Snapshot: use given key and deleteKey. #16876, @zhulongcheng + Templating: Correctly display __text in multi-value variable after page reload. #17840 1, @EduardSergeev + Templating: Support selecting all filtered values of a multi-value variable. #16873 2, @r66ad + Tracing: allow propagation with Zipkin headers. #17009 4, @jrockway + Users: Disable users removed from LDAP. #16820 2, @alexanderzobnin * Bug Fixes + PanelLinks: Fix render issue when there is no panel description. #18408 3, @dehrax + OAuth: Fix “missing saved state” OAuth login failure due to SameSite cookie policy. #18332 1, @papagian 3 + cli: fix for recognizing when in dev mode… #18334, @xlson + DataLinks: Fixes incorrect interpolation of ${__series_name} . #18251 1, @torkelo 2 + Loki: Display live tailed logs in correct order in Explore. #18031 3, @kaydelaney 2 + PhantomJS: Fixes rendering on Debian Buster. #18162 2, @xlson + TimePicker: Fixed style issue for custom range popover. #18244, @torkelo 2 + Timerange: Fixes a bug where custom time ranges didn’t respect UTC. #18248 1, @kaydelaney 2 + remote_cache: Fix redis connstr parsing. #18204 1, @mblaschke + AddPanel: Fix issue when removing moved add panel widget . #17659 2, @dehrax + CLI: Fix encrypt-datasource-passwords fails with sql error. #18014, @marefr + Elasticsearch: Fix default max concurrent shard requests. #17770 4, @marefr + Explore: Fix browsing back to dashboard panel. #17061, @jschill + Explore: Fix filter by series level in logs graph. #17798, @marefr + Explore: Fix issues when loading and both graph/table are collapsed. #17113, @marefr + Explore: Fix selection/copy of log lines. #17121, @marefr + Fix: Wrap value of multi variable in array when coming from URL. #16992 1, @aocenas + Frontend: Fix for Json tree component not working. #17608, @srid12 + Graphite: Fix for issue with alias function being moved last. #17791, @torkelo 2 + Graphite: Fixes issue with seriesByTag & function with variable param. #17795, @torkelo 2 + Graphite: use POST for /metrics/find requests. #17814 2, @papagian 3 + HTTP Server: Serve Grafana with a custom URL path prefix. #17048 6, @jan25 + InfluxDB: Fixes single quotes are not escaped in label value filters. #17398 1, @Panzki + Prometheus: Correctly escape ‘|’ literals in interpolated PromQL variables. #16932, @Limess + Prometheus: Fix when adding label for metrics which contains colons in Explore. #16760, @tolwi + SinglestatPanel: Remove background color when value turns null. #17552 1, @druggieri - Make phantomjs dependency configurable - Create plugin directory and clean up (create in %install, add to %files) handling of /var/lib/grafana/* and mgr-cfg: - Remove commented code in test files - Replace spacewalk-usix with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) - Add mgr manpage links mgr-custom-info: - Bump version to 4.1.0 (bsc#1154940) mgr-daemon: - Bump version to 4.1.0 (bsc#1154940) - Fix systemd timer configuration on SLE12 (bsc#1142038) mgr-osad: - Separate osa-dispatcher and jabberd so it can be disabled independently - Replace spacewalk-usix with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) - Move /usr/share/rhn/config-defaults to uyuni-base-common - Require uyuni-base-common for /etc/rhn (for osa-dispatcher) - Ensure bytes type when using hashlib to avoid traceback (bsc#1138822) mgr-push: - Replace spacewalk-usix and spacewalk-backend-libs with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) mgr-virtualization: - Replace spacewalk-usix with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) - Fix mgr-virtualization timer rhnlib: - Fix building - Fix malformed XML response when data contains non-ASCII chars (bsc#1154968) - Bump version to 4.1.0 (bsc#1154940) - Fix bootstrapping SLE11SP4 trad client with SSL enabled (bsc#1148177) spacecmd: - Only report real error, not result (bsc#1171687) - Use defined return values for spacecmd methods so scripts can check for failure (bsc#1171687) - Disable globbing for api subcommand to allow wildcards in filter settings (bsc#1163871) - Bugfix: attempt to purge SSM when it is empty (bsc#1155372) - Bump version to 4.1.0 (bsc#1154940) - Prevent error when piping stdout in Python 2 (bsc#1153090) - Java api expects content as encoded string instead of encoded bytes like before (bsc#1153277) - Enable building and installing for Ubuntu 16.04 and Ubuntu 18.04 - Add unit test for schedule, errata, user, utils, misc, configchannel and kickstart modules - Multiple minor bugfixes alongside the unit tests - Bugfix: referenced variable before assignment. - Add unit test for report, package, org, repo and group spacewalk-client-tools: - Add workaround for uptime overflow to spacewalk-update-status as well (bsc#1165921) - Spell correctly 'successful' and 'successfully' - Skip dmidecode data on aarch64 to prevent coredump (bsc#1113160) - Replace spacewalk-usix with uyuni-common-libs - Return a non-zero exit status on errors in rhn_check - Bump version to 4.1.0 (bsc#1154940) - Make a explicit requirement to systemd for spacewalk-client-tools when rhnsd timer is installed spacewalk-koan: - Bump version to 4.1.0 (bsc#1154940) - Require commands we use in merge-rd.sh spacewalk-oscap: - Bump version to 4.1.0 (bsc#1154940) spacewalk-remote-utils: - Update spacewalk-create-channel with RHEL 7.7 channel definitions - Bump version to 4.1.0 (bsc#1154940) supportutils-plugin-susemanager-client: - Bump version to 4.1.0 (bsc#1154940) suseRegisterInfo: - SuseRegisterInfo only needs perl-base, not full perl (bsc#1168310) - Bump version to 4.1.0 (bsc#1154940) zypp-plugin-spacewalk: - Prevent issue with non-ASCII characters in Python 2 systems (bsc#1172462) Moderate SUSE bug 1113160 SUSE bug 1134195 SUSE bug 1138822 SUSE bug 1141661 SUSE bug 1142038 SUSE bug 1143913 SUSE bug 1148177 SUSE bug 1153090 SUSE bug 1153277 SUSE bug 1154940 SUSE bug 1154968 SUSE bug 1155372 SUSE bug 1163871 SUSE bug 1165921 SUSE bug 1168310 SUSE bug 1170231 SUSE bug 1170557 SUSE bug 1171687 SUSE bug 1172462 CVE-2019-10215 CVE-2019-15043 CVE-2020-12245 CVE-2020-13379 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for xrdp fixes the following issues: - Security fixes (bsc#1173580, CVE-2020-4044): + Add patches: * xrdp-cve-2020-4044-fix-0.patch * xrdp-cve-2020-4044-fix-1.patch + Rebase SLE patch: * xrdp-fate318398-change-expired-password.patch - Update patch: + xrdp-Allow-sessions-with-32-bpp.patch.patch Important SUSE bug 1173580 CVE-2020-4044 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for tomcat fixes the following issues: - Fixed CVEs: * CVE-2020-13934 (bsc#1174121) * CVE-2020-13935 (bsc#1174117) Important SUSE bug 1174117 SUSE bug 1174121 CVE-2020-13934 CVE-2020-13935 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for mailman fixes the following issues: - CVE-2020-15011: Fixed a possible Arbitrary Content Injection via the private archive login page (bsc#1173369). Important SUSE bug 1173369 CVE-2020-15011 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for samba fixes the following issues: - CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU (bsc#1173160). Moderate SUSE bug 1173160 CVE-2020-10745 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for webkit2gtk3 fixes the following issues: - Update to version 2.28.3 (bsc#1173998): + Enable kinetic scrolling with async scrolling. + Fix web process hangs on large GitHub pages. + Bubblewrap sandbox should not attempt to bind empty paths. + Fix threading issues in the media player. + Fix several crashes and rendering issues. + Security fixes: CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-13753. Important SUSE bug 1173998 CVE-2020-13753 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for grub2 fixes the following issues: - Fix for CVE-2020-10713 (bsc#1168994) - Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812) - Fix for CVE-2020-15706 (bsc#1174463) - Fix for CVE-2020-15707 (bsc#1174570) - Use overflow checking primitives where the arithmetic expression for buffer allocations may include unvalidated data - Use grub_calloc for overflow check and return NULL when it would occur - Use gcc-9 compiler for overflow check builtins - Backport gcc-9 build fixes Important SUSE bug 1168994 SUSE bug 1173812 SUSE bug 1174463 SUSE bug 1174570 CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15706 CVE-2020-15707 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for ghostscript fixes the following issues: - fixed CVE-2020-15900 Memory Corruption (SAFER Sandbox Breakout) cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582 (bsc#1174415) Important SUSE bug 1174415 CVE-2020-15900 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.1.0 ESR * Fixed: Various stability, functionality, and security fixes (bsc#1174538) * CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker * CVE-2020-6514: WebRTC data channel leaks internal address to peer * CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy * CVE-2020-15653: Bypassing iframe sandbox when allowing popups * CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture * CVE-2020-15656: Type confusion for special arguments in IonMonkey * CVE-2020-15658: Overriding file type when saving to disk * CVE-2020-15657: DLL hijacking due to incorrect loading path * CVE-2020-15654: Custom cursor can overlay user interface * CVE-2020-15659: Memory safety bugs fixed in Firefox 79 and Firefox ESR 78.1 Moderate SUSE bug 1173948 SUSE bug 1174538 CVE-2020-15652 CVE-2020-15653 CVE-2020-15654 CVE-2020-15655 CVE-2020-15656 CVE-2020-15657 CVE-2020-15658 CVE-2020-15659 CVE-2020-6463 CVE-2020-6514 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628) Important SUSE bug 1174628 CVE-2020-14344 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c where incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bnc#1173567). - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573). - CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770 (bnc#1173514). - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c had a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2019-16746: net/wireless/nl80211.c did not check the length of variable elements in a beacon head, leading to a buffer overflow (bnc#1152107). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265). - CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999). - CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-10768: Indirect branch speculation could have been enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (bnc#1172783). - CVE-2020-10766: Fixed Rogue cross-process SSBD shutdown, where a Linux scheduler logical bug allows an attacker to turn off the SSBD protection. (bnc#1172781). - CVE-2020-10767: Indirect Branch Prediction Barrier was force-disabled when STIBP is unavailable or enhanced IBRS is available. (bnc#1172782). - CVE-2020-13974: drivers/tty/vt/keyboard.c had an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. (bnc#1172775). - CVE-2019-20810: go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel did not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586 (bnc#1172458). The following non-security bugs were fixed: - ACPI: PM: Avoid using power resources if there are none for D0 (bsc#1051510). - ALSA: es1688: Add the missed snd_card_free() (bsc#1051510). - bcache: Fix an error code in bch_dump_read() (git fixes (block drivers)). - block, bfq: add requeue-request hook (bsc#1104967 bsc#1171673). - block, bfq: postpone rq preparation to insert or merge (bsc#1104967 bsc#1171673). - block: remove QUEUE_FLAG_STACKABLE (git fixes (block drivers)). - block: sed-opal: fix sparse warning: convert __be64 data (git fixes (block drivers)). - btrfs: always wait on ordered extents at fsync time (bsc#1171761). - btrfs: clean up the left over logged_list usage (bsc#1171761). - btrfs: do not zero f_bavail if we have available space (bsc#1168081). - btrfs: fix list_add corruption and soft lockups in fsync (bsc#1171761). - btrfs: fix missing data checksums after a ranged fsync (msync) (bsc#1171761). - btrfs: fix missing file extent item for hole after ranged fsync (bsc#1171761). - btrfs: fix missing hole after hole punching and fsync when using NO_HOLES (bsc#1171761). - btrfs: fix missing semaphore unlock in btrfs_sync_file (bsc#1171761). - btrfs: fix rare chances for data loss when doing a fast fsync (bsc#1171761). - btrfs: Remove extra parentheses from condition in copy_items() (bsc#1171761). - btrfs: remove no longer used io_err from btrfs_log_ctx (bsc#1171761). - btrfs: remove no longer used logged range variables when logging extents (bsc#1171761). - btrfs: remove no longer used 'sync' member from transaction handle (bsc#1171761). - btrfs: remove remaing full_sync logic from btrfs_sync_file (bsc#1171761). - btrfs: remove the logged extents infrastructure (bsc#1171761). - btrfs: remove the wait ordered logic in the log_one_extent path (bsc#1171761). - btrfs: volumes: Remove ENOSPC-prone btrfs_can_relocate() (bsc#1171124). - CDC-ACM: heed quirk also in error handling (git-fixes). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1144333). - cifs: handle hostnames that resolve to same ip in failover (bsc#1144333 bsc#1161016). - cifs: set up next DFS target before generic_ip_connect() (bsc#1144333 bsc#1161016). - clk: bcm2835: Fix return type of bcm2835_register_gate (bsc#1051510). - clk: clk-flexgen: fix clock-critical handling (bsc#1051510). - clk: sunxi: Fix incorrect usage of round_down() (bsc#1051510). - compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE (git fixes (block drivers)). - compat_ioctl: block: handle Persistent Reservations (git fixes (block drivers)). - copy_{to,from}_user(): consolidate object size checks (git fixes). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes). - dm btree: increase rebalance threshold in __rebalance2() (git fixes (block drivers)). - dm cache: fix a crash due to incorrect work item cancelling (git fixes (block drivers)). - dm crypt: fix benbi IV constructor crash if used in authenticated mode (git fixes (block drivers)). - dm: fix potential for q->make_request_fn NULL pointer (git fixes (block drivers)). - dm space map common: fix to ensure new block isn't already in use (git fixes (block drivers)). - dm: various cleanups to md->queue initialization code (git fixes). - dm verity fec: fix hash block number in verity_fec_decode (git fixes (block drivers)). - dm verity fec: fix memory leak in verity_fec_dtr (git fixes (block drivers)). - Drivers: hv: Change flag to write log level in panic msg to false (bsc#1170618). - drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static (bsc#1051510). - drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1152472) * context changes - drm: encoder_slave: fix refcouting error for modules (bsc#1114279) - drm/mediatek: Check plane visibility in atomic_update (bsc#1152472) * context changes - drm/qxl: Use correct notify port address when creating cursor ring (bsc#1152472) - drm/radeon: fix double free (bsc#1152472) - drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1152472) - e1000e: Disable TSO for buffer overrun workaround (bsc#1051510). - e1000e: Do not wake up the system via WOL if device wakeup is disabled (bsc#1051510). - EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1114279). - evm: Check also if *tfm is an error pointer in init_desc() (bsc#1051510). - evm: Fix a small race in init_desc() (bsc#1051510). - extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' (bsc#1051510). - gpiolib: Document that GPIO line names are not globally unique (bsc#1051510). - HID: sony: Fix for broken buttons on DS3 USB dongles (bsc#1051510). - ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - iio: buffer: Do not allow buffers without any channels enabled to be activated (bsc#1051510). - iio: pressure: bmp280: Tolerate IRQ before registering (bsc#1051510). - ima: Directly assign the ima_default_policy pointer to ima_rules (bsc#1051510). - ima: Fix ima digest hash table key calculation (bsc#1051510). - include/asm-generic/topology.h: guard cpumask_of_node() macro argument (bsc#1148868). - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - KVM: nVMX: Do not reread VMCS-agnostic state when switching VMCS (bsc#1114279). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1114279). - kvm: x86: Fix L1TF mitigation for shadow MMU (bsc#1171904). - KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated (bsc#1171904). - KVM: x86: only do L1TF workaround on affected processors (bsc#1171904). - libceph: do not omit recovery_deletes in target_copy() (bsc#1173462). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - md: Avoid namespace collision with bitmap API (git fixes (block drivers)). - md: use memalloc scope APIs in mddev_suspend()/mddev_resume() (git fixes (block drivers)). - mmc: fix compilation of user API (bsc#1051510). - netfilter: connlabels: prefer static lock initialiser (git-fixes). - netfilter: ctnetlink: netns exit must wait for callbacks (bsc#1169795). - netfilter: not mark a spinlock as __read_mostly (git-fixes). - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484). - NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid() (bsc#1170592). - NFSv4: Retry CLOSE and DELEGRETURN on NFS4ERR_OLD_STATEID (bsc#1170592). - nvme: check for NVME_CTRL_LIVE in nvme_report_ns_ids() (bcs#1171558 bsc#1159058). - nvme: do not update multipath disk information if the controller is down (bcs#1171558 bsc#1159058). - objtool: Clean instruction state before each function validation (bsc#1169514). - objtool: Ignore empty alternatives (bsc#1169514). - overflow: Fix -Wtype-limits compilation warnings (git fixes). - overflow.h: Add arithmetic shift helper (git fixes). - p54usb: add AirVasT USB stick device-id (bsc#1051510). - PCI: Allow pci_resize_resource() for devices on root bus (bsc#1051510). - PCI: Fix pci_register_host_bridge() device_register() error handling (bsc#1051510). - PCI: Program MPS for RCiEP devices (bsc#1051510). - PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port (bsc#1051510). - perf: Allocate context task_ctx_data for child event (git-fixes). - perf/cgroup: Fix perf cgroup hierarchy support (git-fixes). - perf: Copy parent's address filter offsets on clone (git-fixes). - perf/core: Add sanity check to deal with pinned event failure (git-fixes). - perf/core: Avoid freeing static PMU contexts when PMU is unregistered (git-fixes). - perf/core: Correct event creation with PERF_FORMAT_GROUP (git-fixes). - perf/core: Do not WARN() for impossible ring-buffer sizes (git-fixes). - perf/core: Fix bad use of igrab() (git fixes (dependent patch)). - perf/core: Fix crash when using HW tracing kernel filters (git-fixes). - perf/core: Fix ctx_event_type in ctx_resched() (git-fixes). - perf/core: Fix error handling in perf_event_alloc() (git-fixes). - perf/core: Fix exclusive events' grouping (git-fixes). - perf/core: Fix group scheduling with mixed hw and sw events (git-fixes). - perf/core: Fix impossible ring-buffer sizes warning (git-fixes). - perf/core: Fix locking for children siblings group read (git-fixes). - perf/core: Fix lock inversion between perf,trace,cpuhp (git-fixes (dependent patch for 18736eef1213)). - perf/core: Fix perf_event_read_value() locking (git-fixes). - perf/core: Fix perf_pmu_unregister() locking (git-fixes). - perf/core: Fix __perf_read_group_add() locking (git-fixes (dependent patch)). - perf/core: Fix perf_sample_regs_user() mm check (git-fixes). - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages (git-fixes). - perf/core: Fix race between close() and fork() (git-fixes). - perf/core: Fix the address filtering fix (git-fixes). - perf/core: Fix use-after-free in uprobe_perf_close() (git-fixes). - perf/core: Force USER_DS when recording user stack data (git-fixes). - perf/core: Restore mmap record type correctly (git-fixes). - perf: Fix header.size for namespace events (git-fixes). - perf/ioctl: Add check for the sample_period value (git-fixes). - perf, pt, coresight: Fix address filters for vmas with non-zero offset (git-fixes). - perf: Return proper values for user stack errors (git-fixes). - perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes). - perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity (git-fixes). - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes). - perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) (git-fixes). - perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static (git-fixes). - perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs (git-fixes stable). - perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes). - perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events (git-fixes stable). - perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes). - perf/x86: Fix incorrect PEBS_REGS (git-fixes). - perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts() (git-fixes). - perf/x86/intel: Add proper condition to run sched_task callbacks (git-fixes). - perf/x86/intel/bts: Fix the use of page_private() (git-fixes). - perf/x86/intel: Fix PT PMI handling (git-fixes). - perf/x86/intel: Move branch tracing setup to the Intel-specific source file (git-fixes). - perf/x86/intel/uncore: Add Node ID mask (git-fixes). - perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes). - perf/x86/pt, coresight: Clean up address filter structure (git fixes (dependent patch)). - perf/x86/uncore: Fix event group support (git-fixes). - pid: Improve the comment about waiting in zap_pid_ns_processes (git fixes)). - pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' (bsc#1051510). - pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' (bsc#1051510). - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs (bsc#1051510). - pnp: Use list_for_each_entry() instead of open coding (git fixes). - powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729). - powerpc/64s: Save FSCR to init_task.thread.fscr after feature init (bsc#1065729). - powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030). - power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select (bsc#1051510). - power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' (bsc#1051510). - power: supply: smb347-charger: IRQSTAT_D is volatile (bsc#1051510). - raid5: remove gfp flags from scribble_alloc() (git fixes (block drivers)). - resolve KABI warning for perf-pt-coresight (git-fixes). - Revert 'bcache: ignore pending signals when creating gc and allocator thread' (git fixes (block drivers)). - Revert 'dm crypt: use WQ_HIGHPRI for the IO and crypt workqueues' (git fixes (block drivers)). - Revert 'tools lib traceevent: Remove unneeded qsort and uses memmove' - rpm/kernel-docs.spec.in: Require python-packaging for build. - s390/bpf: Maintain 8-byte stack alignment (bsc#1169194). - s390: fix syscall_get_error for compat processes (git-fixes). - s390/qdio: consistently restore the IRQ handler (git-fixes). - s390/qdio: lock device while installing IRQ handler (git-fixes). - s390/qdio: put thinint indicator after early error (git-fixes). - s390/qdio: tear down thinint indicator after early error (git-fixes). - s390/qeth: fix error handling for isolation mode cmds (git-fixes). - scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM (bsc#1172759 ltc#184814). - scsi: qedf: Add port_id getter (bsc#1150660). - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983). - spi: dw: use 'smp_mb()' to avoid sending spi data error (bsc#1051510). - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (bsc#1051510). - staging: sm750fb: add missing case while setting FB_VISUAL (bsc#1051510). - SUNRPC: The TCP back channel mustn't disappear while requests are outstanding (bsc#1152624). - tracing: Fix event trigger to accept redundant spaces (git-fixes). - tty: n_gsm: Fix bogus i++ in gsm_data_kick (bsc#1051510). - tty: n_gsm: Fix SOF skipping (bsc#1051510). - tty: n_gsm: Fix waking up upper tty layer when room available (bsc#1051510). - usb: dwc2: gadget: move gadget resume after the core is in L0 state (bsc#1051510). - usb: gadget: lpc32xx_udc: do not dereference ep pointer before null check (bsc#1051510). - usb: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke (bsc#1051510). - usb: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() (bsc#1051510). - usb: musb: Fix runtime PM imbalance on error (bsc#1051510). - usb: musb: start session in resume for host port (bsc#1051510). - usb: serial: option: add Telit LE910C1-EUX compositions (bsc#1051510). - usb: serial: qcserial: add DW5816e QDL support (bsc#1051510). - usb: serial: usb_wwan: do not resubmit rx urb on fatal errors (bsc#1051510). - usb: serial: usb_wwan: do not resubmit rx urb on fatal errors (git-fixes). - virtio-blk: handle block_device_operations callbacks after hot unplug (git fixes (block drivers)). - vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484). - vmxnet3: add support to get/set rx flow hash (bsc#1172484). - vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484). - vmxnet3: avoid format strint overflow warning (bsc#1172484). - vmxnet3: prepare for version 4 changes (bsc#1172484). - vmxnet3: Remove always false conditional statement (bsc#1172484). - vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1172484). - vmxnet3: remove unused flag 'rxcsum' from struct vmxnet3_adapter (bsc#1172484). - vmxnet3: Replace msleep(1) with usleep_range() (bsc#1172484). - vmxnet3: update to version 4 (bsc#1172484). - vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484). - w1: omap-hdq: cleanup to add missing newline for some dev_dbg (bsc#1051510). - work around mvfs bug (bsc#1162063). - x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1114279). - x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS (git-fixes). - x86: Fix early boot crash on gcc-10, third try (bsc#1114279). - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257). - x86/reboot/quirks: Add MacBook6,1 reboot quirk (bsc#1114279). - xfrm: fix error in comment (git fixes). Important SUSE bug 1051510 SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1085030 SUSE bug 1104967 SUSE bug 1114279 SUSE bug 1144333 SUSE bug 1148868 SUSE bug 1150660 SUSE bug 1152107 SUSE bug 1152472 SUSE bug 1152624 SUSE bug 1158983 SUSE bug 1159058 SUSE bug 1161016 SUSE bug 1162002 SUSE bug 1162063 SUSE bug 1168081 SUSE bug 1169194 SUSE bug 1169514 SUSE bug 1169795 SUSE bug 1170011 SUSE bug 1170592 SUSE bug 1170618 SUSE bug 1171124 SUSE bug 1171424 SUSE bug 1171558 SUSE bug 1171673 SUSE bug 1171732 SUSE bug 1171761 SUSE bug 1171868 SUSE bug 1171904 SUSE bug 1172257 SUSE bug 1172344 SUSE bug 1172458 SUSE bug 1172484 SUSE bug 1172759 SUSE bug 1172775 SUSE bug 1172781 SUSE bug 1172782 SUSE bug 1172783 SUSE bug 1172999 SUSE bug 1173265 SUSE bug 1173280 SUSE bug 1173428 SUSE bug 1173462 SUSE bug 1173514 SUSE bug 1173567 SUSE bug 1173573 SUSE bug 1174115 SUSE bug 1174462 SUSE bug 1174543 CVE-2019-16746 CVE-2019-20810 CVE-2019-20908 CVE-2020-0305 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10769 CVE-2020-10773 CVE-2020-12771 CVE-2020-12888 CVE-2020-13974 CVE-2020-14416 CVE-2020-15393 CVE-2020-15780 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for xen fixes the following issues: - bsc#1174543 - secure boot related fixes - bsc#1163019 - CVE-2020-8608: Potential OOB access due to unsafe snprintf() usages Important SUSE bug 1163019 SUSE bug 1174543 CVE-2020-8608 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for python-ipaddress fixes the following issues: - Add CVE-2020-14422-ipaddress-hash-collision.patch fixing CVE-2020-14422 (bsc#1173274, bpo#41004), where hash collisions in IPv4Interface and IPv6Interface could lead to DOS. Important SUSE bug 1173274 CVE-2020-14422 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for LibVNCServer fixes the following issues: - security update fix CVE-2018-21247 [bsc#1173874], uninitialized memory contents are vulnerable to Information leak fix CVE-2019-20839 [bsc#1173875], buffer overflow in ConnectClientToUnixSock() fix CVE-2019-20840 [bsc#1173876], unaligned accesses in hybiReadAndDecode can lead to denial of service fix CVE-2020-14398 [bsc#1173880], improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c fix CVE-2020-14397 [bsc#1173700], NULL pointer dereference in libvncserver/rfbregion.c fix CVE-2020-14399 [bsc#1173743], Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. fix CVE-2020-14400 [bsc#1173691], Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. fix CVE-2020-14401 [bsc#1173694], potential integer overflows in libvncserver/scale.c fix CVE-2020-14402 [bsc#1173701], out-of-bounds access via encodings. fix CVE-2020-14403 [bsc#1173701], out-of-bounds access via encodings. fix CVE-2020-14404 [bsc#1173701], out-of-bounds access via encodings. fix CVE-2017-18922 [bsc#1173477], preauth buffer overwrite Important SUSE bug 1173477 SUSE bug 1173691 SUSE bug 1173694 SUSE bug 1173700 SUSE bug 1173701 SUSE bug 1173743 SUSE bug 1173874 SUSE bug 1173875 SUSE bug 1173876 SUSE bug 1173880 CVE-2017-18922 CVE-2018-21247 CVE-2019-20839 CVE-2019-20840 CVE-2020-14397 CVE-2020-14398 CVE-2020-14399 CVE-2020-14400 CVE-2020-14401 CVE-2020-14402 CVE-2020-14403 CVE-2020-14404 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628). Important SUSE bug 1174628 CVE-2020-14344 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for xerces-c fixes the following issues: - CVE-2017-12627: Processing of external DTD paths could have resulted in a null pointer dereference under certain conditions (bsc#1083630) Moderate SUSE bug 1083630 CVE-2017-12627 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for webkit2gtk3 fixes the following issues: - Update to version 2.28.4 (bsc#1174662): + Fix several crashes and rendering issues. + Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925. Important SUSE bug 1174662 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for dovecot22 fixes the following issues: - CVE-2020-12673: improper implementation of NTLM does not check message buffer size (bsc#1174922). - CVE-2020-12674: improper implementation of RPA mechanism (bsc#1174923). Important SUSE bug 1174922 SUSE bug 1174923 CVE-2020-12673 CVE-2020-12674 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for grub2 fixes the following issues: - CVE-2020-15705: Fail kernel validation without shim protocol (bsc#1174421). - Add fibre channel device's ofpath support to grub-ofpathname and search hint to speed up root device discovery (bsc#1172745). Important SUSE bug 1172745 SUSE bug 1174421 CVE-2020-15705 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for xorg-x11-server fixes the following issues: - CVE-2020-14347: Leak of uninitialized heap memory from the X server to clients on pixmap allocation (bsc#1174633, ZDI-CAN-11426). - CVE-2020-14346: XIChangeHierarchy Integer Underflow Privilege Escalation Vulnerability (bsc#1174638, ZDI-CAN-11429). - CVE-2020-14345: XKB out-of-bounds access privilege escalation vulnerability (bsc#1174635, ZDI-CAN-11428). Important SUSE bug 1174633 SUSE bug 1174635 SUSE bug 1174638 CVE-2020-14345 CVE-2020-14346 CVE-2020-14347 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for xorg-x11-server fixes the following issues: - CVE-2020-14361: Fix XkbSelectEvents() integer underflow (bsc#1174910 ZDI-CAN-11573). - CVE-2020-14362: Fix XRecordRegisterClients() Integer underflow (bsc#1174913 ZDI-CAN-11574). Important SUSE bug 1174910 SUSE bug 1174913 CVE-2020-14361 CVE-2020-14362 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for apache2 fixes the following issues: - CVE-2020-9490: Fixed a crash caused by a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request (bsc#1175071). - CVE-2020-11985: IP address spoofing when proxying using mod_remoteip and mod_rewrite (bsc#1175072). - CVE-2020-11993: When trace/debug was enabled for the HTTP/2 module logging statements were made on the wrong connection (bsc#1175070). Moderate SUSE bug 1175070 SUSE bug 1175071 SUSE bug 1175072 CVE-2020-11985 CVE-2020-11993 CVE-2020-9490 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 15 [bsc#1175259, bsc#1174157] CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14556 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583 CVE-2019-17639 * Class Libraries: - JAVA.UTIL.ZIP.DEFLATER OPERATIONS THROW JAVA.LANG.INTERNALERROR - JAVA 8 DECODER OBJECTS CONSUME A LARGE AMOUNT OF JAVA HEAP - TRANSLATION MESSAGES UPDATE FOR JCL - UPDATE TIMEZONE INFORMATION TO TZDATA2020A * Java Virtual Machine: - IBM JAVA REGISTERS A HANDLER BY DEFAULT FOR SIGABRT - LARGE MEMORY FOOTPRINT HELD BY TRACECONTEXT OBJECT * JIT Compiler: - CRASH IN THE INTERPRETER AFTER OSR FROM INLINED SYNCHRONIZED METHOD IN DEBUGGING MODE - INTERMITTENT ASSERTION FAILURE REPORTED - CRASH IN RESOLVECLASSREF() DURING AOT LOAD - JIT CRASH DURING CLASS UNLOADING IN J9METHOD_HT::ONCLASSUNLOADING() - SEGMENTATION FAULT WHILE COMPILING A METHOD - UNEXPECTED CLASSCASTEXCEPTION THROWN IN HIGH LEVEL PARALLEL APPLICATION ON IBM Z PLATFORM * Security: - CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO NON DEFAULT VALUE - CHANGES TO IBMJCE AND IBMJCEPLUS PROVIDERS - IBMJCEPLUS FAILS, WHEN THE SECURITY MANAGER IS ENABLED, WITH DEFAULT PERMISSIONS, SPECIFIED IN JAVA.POLICY FILE - IN CERTAIN INSTANCES, IBMJCEPLUS PROVIDER THROWS EXCEPTION FROM KEYFACTORY CLASS Moderate SUSE bug 1174157 SUSE bug 1175259 CVE-2019-17639 CVE-2020-14556 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for squid fixes the following issues: - CVE-2020-24606: Fix livelocking in peerDigestHandleReply (bsc#1175671). - CVE-2020-15811: Improve Transfer-Encoding handling (bsc#1175665). - CVE-2020-15810: Enforce token characters for field-name (bsc#1175664). Critical SUSE bug 1175664 SUSE bug 1175665 SUSE bug 1175671 CVE-2020-15810 CVE-2020-15811 CVE-2020-24606 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for libX11 fixes the following issues: - CVE-2020-14363: Fix an integer overflow in init_om() (bsc#1175239). Moderate SUSE bug 1175239 CVE-2020-14363 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 4 Fix Pack 70 [bsc#1175259, bsc#1174157] CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583 CVE-2019-17639 * Class Libraries: - UPDATE TIMEZONE INFORMATION TO TZDATA2020A * Security: - CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO NON DEFAULT VALUE Moderate SUSE bug 1174157 SUSE bug 1175259 CVE-2019-17639 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.2.0 ESR * Fixed: Various stability, functionality, and security fixes - Mozilla Firefox ESR 78.2 MFSA 2020-38 (bsc#1175686) * CVE-2020-15663 (bmo#1643199) Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege * CVE-2020-15664 (bmo#1658214) Attacker-induced prompt for extension installation * CVE-2020-15670 (bmo#1651001, bmo#1651449, bmo#1653626, bmo#1656957) Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2 - Fixed Firefox tab crash in FIPS mode (bsc#1174284). - Fix broken translation-loading. (bsc#1173991) * allow addon sideloading * mark signatures for langpacks non-mandatory * do not autodisable user profile scopes - Google API key is not usable for geolocation service any more Moderate SUSE bug 1173991 SUSE bug 1174284 SUSE bug 1175686 CVE-2020-15663 CVE-2020-15664 CVE-2020-15670 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165629). - CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798). - CVE-2020-14356: Fixed a null pointer dereference in cgroupv2 subsystem which could have led to privilege escalation (bsc#1175213). - CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205). - CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757). - CVE-2020-24394: Fixed an issue which could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support (bsc#1175518). - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication Bluetooth might have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access (bsc#1171988). - CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069). The following non-security bugs were fixed: - btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1174784). - cifs: document and cleanup dfs mount (bsc#1144333 bsc#1172428). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1144333 bsc#1172428). - cifs: fix double free error on share and prefix (bsc#1144333 bsc#1172428). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1144333 bsc#1172428). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1144333 bsc#1172428). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: reduce number of referral requests in DFS link lookups (bsc#1144333 bsc#1172428). - cifs: rename reconn_inval_dfs_target() (bsc#1144333 bsc#1172428). - Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175127). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL (bsc#1175515). - ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL (bsc#1175515). - ipvs: fix the connection sync failed in some cases (bsc#1174699). - kabi: hide new parameter of ip6_dst_lookup_flow() (bsc#1165629). - kabi: mask changes to struct ipv6_stub (bsc#1165629). - mm: Avoid calling build_all_zonelists_init under hotplug context (bsc#1154366). - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). - ocfs2: add trimfs dlm lock resource (bsc#1175228). - ocfs2: add trimfs lock to avoid duplicated trims in cluster (bsc#1175228). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix remounting needed after setfacl command (bsc#1173954). - ocfs2: fix the application IO timeout when fstrim is running (bsc#1175228). - ocfs2: load global_inode_alloc (bsc#1172963). - ocfs2: load global_inode_alloc (bsc#1172963). - powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689). - powerpc/pseries: PCIE PHB reset (bsc#1174689). - Revert 'ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963).' This reverts commit 2638f62c6bc33d4c10ce0dddbf240aa80d366d7b. - Revert 'ocfs2: load global_inode_alloc (bsc#1172963).' This reverts commit f04f670651f505cb354f26601ec5f5e4428f2f47. - scsi: scsi_dh_alua: skip RTPG for devices only supporting active/optimized (bsc#1174978). - selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995). - Update patch reference for a tipc fix patch (bsc#1175515) - x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115). - xen: do not reschedule in preemption off sections (bsc#1175749). Important SUSE bug 1058115 SUSE bug 1071995 SUSE bug 1144333 SUSE bug 1154366 SUSE bug 1165629 SUSE bug 1171988 SUSE bug 1172428 SUSE bug 1172963 SUSE bug 1173798 SUSE bug 1173954 SUSE bug 1174205 SUSE bug 1174689 SUSE bug 1174699 SUSE bug 1174757 SUSE bug 1174784 SUSE bug 1174978 SUSE bug 1175112 SUSE bug 1175127 SUSE bug 1175213 SUSE bug 1175228 SUSE bug 1175515 SUSE bug 1175518 SUSE bug 1175691 SUSE bug 1175749 SUSE bug 1176069 CVE-2020-10135 CVE-2020-14314 CVE-2020-14331 CVE-2020-14356 CVE-2020-14386 CVE-2020-16166 CVE-2020-1749 CVE-2020-24394 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for shim fixes the following issues: - Update to the unified shim binary from SUSE Linux Enterprise 15-SP1 (bsc#1168994) This update addresses the 'BootHole' security issue (master CVE CVE-2020-10713), by disallowing binaries signed by the previous SUSE UEFI signing key from booting. This update should only be installed after updates of grub2, the Linux kernel and (if used) Xen from July / August 2020 are applied. Additional fixes: + shim-install: install MokManager to \EFI\boot to process the pending MOK request (bsc#1175626, bsc#1175656) Moderate SUSE bug 1168994 SUSE bug 1175626 SUSE bug 1175656 CVE-2020-10713 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for libsolv fixes the following issues: This is a reissue of an existing libsolv update that also included libsolv-devel for LTSS products. libsolv was updated to version 0.6.36 fixes the following issues: Security issues fixed: - CVE-2018-20532: Fixed a NULL pointer dereference in testcase_read() (bsc#1120629). - CVE-2018-20533: Fixed a NULL pointer dereference in testcase_str2dep_complex() (bsc#1120630). - CVE-2018-20534: Fixed a NULL pointer dereference in pool_whatprovides() (bsc#1120631). Non-security issues fixed: - Made cleandeps jobs on patterns work (bsc#1137977). - Fixed an issue multiversion packages that obsolete their own name (bsc#1127155). - Keep consistent package name if there are multiple alternatives (bsc#1131823). Moderate SUSE bug 1120629 SUSE bug 1120630 SUSE bug 1120631 SUSE bug 1127155 SUSE bug 1131823 SUSE bug 1137977 CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for perl-DBI fixes the following issues: Security issues fixed: - CVE-2020-14392: Memory corruption in XS functions when Perl stack is reallocated (bsc#1176412). - CVE-2020-14393: Fixed a buffer overflow on an overlong DBD class name (bsc#1176409). Important SUSE bug 1176409 SUSE bug 1176412 CVE-2020-14392 CVE-2020-14393 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for python3 fixes the following issues: - CVE-2019-20907: Fixed denial of service by avoiding possible infinite loop in specifically crafted tarball (bsc#1174091). - CVE-2020-14422: Fixed an improper computation of hash values in the IPv4Interface and IPv6Interface could have led to denial of service (bsc#1173274). - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238). - CVE-2019-9947: Fixed an issue in urllib2 which allowed CRLF injection if the attacker controls a url parameter (bsc#1130840). - If the locale is 'C', coerce it to C.UTF-8 (bsc#1162423). Important SUSE bug 1088004 SUSE bug 1088009 SUSE bug 1130840 SUSE bug 1141853 SUSE bug 1149955 SUSE bug 1153238 SUSE bug 1162423 SUSE bug 1173274 SUSE bug 1174091 SUSE bug 1174701 CVE-2018-14647 CVE-2018-20852 CVE-2019-16056 CVE-2019-16935 CVE-2019-20907 CVE-2019-9947 CVE-2020-14422 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for ovmf fixes the following issues: - CVE-2019-14562: Fixed an overflow in DxeImageVerificationHandler (bsc#1175476). - Use openSUSE CA for the opensuse flavor (bsc#1175674) Moderate SUSE bug 1175476 SUSE bug 1175674 CVE-2019-14562 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for samba fixes the following issues: - ZeroLogon: An elevation of privilege was possible with some configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579). - Fixed an issue where multiple home folders were created(bsc#1174316, bso#13369). - Fixed an issue where the net command was unable to negotiate SMB2 (bsc#1174120); Important SUSE bug 1174120 SUSE bug 1174316 SUSE bug 1176579 CVE-2020-1472 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for libqt5-qtbase fixes the following issues: - CVE-2020-17507: Fixed a buffer overflow in XBM parser (bsc#1176315) - Made handling of XDG_RUNTIME_DIR more secure (bsc#1172515) Important SUSE bug 1172515 SUSE bug 1176315 CVE-2020-17507 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: -Firefox was updated to 78.3.0 ESR (bsc#1176756, MFSA 2020-43) - CVE-2020-15677: Download origin spoofing via redirect - CVE-2020-15676: Fixed an XSS when pasting attacker-controlled data into a contenteditable element - CVE-2020-15678: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario - CVE-2020-15673: Fixed memory safety bugs - Enhance fix for wayland-detection (bsc#1174420) - Attempt to fix langpack-parallelization by introducing separate obj-dirs for each lang (bsc#1173986, bsc#1167976) Important SUSE bug 1167976 SUSE bug 1173986 SUSE bug 1174420 SUSE bug 1176756 CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for xen fixes the following issues: - CVE-2020-25602: Fixed an issue where there was a crash when handling guest access to MSR_MISC_ENABLE was thrown (bsc#1176339,XSA-333) - CVE-2020-25598: Added a missing unlock in XENMEM_acquire_resource error path (bsc#1176341,XSA-334) - CVE-2020-25604: Fixed a race condition when migrating timers between x86 HVM vCPU-s (bsc#1176343,XSA-336) - CVE-2020-25595: Fixed an issue where PCI passthrough code was reading back hardware registers (bsc#1176344,XSA-337) - CVE-2020-25597: Fixed an issue where a valid event channels may not turn invalid (bsc#1176346,XSA-338) - CVE-2020-25596: Fixed a potential denial of service in x86 pv guest kernel via SYSENTER (bsc#1176345,XSA-339) - CVE-2020-25603: Fixed an issue due to missing barriers when accessing/allocating an event channel (bsc#1176347,XSA-340) - CVE-2020-25600: Fixed out of bounds event channels available to 32-bit x86 domains (bsc#1176348,XSA-342) - CVE-2020-25599: Fixed race conditions with evtchn_reset() (bsc#1176349,XSA-343) - CVE-2020-25601: Fixed an issue due to lack of preemption in evtchn_reset() / evtchn_destroy() (bsc#1176350,XSA-344) - CVE-2020-14364: Fixed an out-of-bounds read/write access while processing usb packets (bsc#1175534). - Various bug fixes (bsc#1027519) Important SUSE bug 1027519 SUSE bug 1175534 SUSE bug 1176339 SUSE bug 1176343 SUSE bug 1176344 SUSE bug 1176345 SUSE bug 1176346 SUSE bug 1176347 SUSE bug 1176348 SUSE bug 1176349 SUSE bug 1176350 CVE-2020-14364 CVE-2020-25595 CVE-2020-25596 CVE-2020-25597 CVE-2020-25599 CVE-2020-25600 CVE-2020-25601 CVE-2020-25602 CVE-2020-25603 CVE-2020-25604 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for perl-DBI fixes the following issues: - CVE-2019-20919: Fixed a NULL profile dereference in dbi_profile (bsc#1176764). - CVE-2013-7490: Fixed memory corruption when using many arguments to methods for CallbacksUsing (bsc#1176496). Important SUSE bug 1176496 SUSE bug 1176764 CVE-2013-7490 CVE-2019-20919 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for java-1_7_0-openjdk fixes the following issues: - java-1_7_0-openjdk was updated to 2.6.23 (July 2020 CPU, bsc#1174157) - JDK-8028431, CVE-2020-14579: NullPointerException in - DerValue.equals(DerValue) - JDK-8028591, CVE-2020-14578: NegativeArraySizeException in - sun.security.util.DerInputStream.getUnalignedBitString() - JDK-8230613: Better ASCII conversions - JDK-8231800: Better listing of arrays - JDK-8232014: Expand DTD support - JDK-8233255: Better Swing Buttons - JDK-8234032: Improve basic calendar services - JDK-8234042: Better factory production of certificates - JDK-8234418: Better parsing with CertificateFactory - JDK-8234836: Improve serialization handling - JDK-8236191: Enhance OID processing - JDK-8237592, CVE-2020-14577: Enhance certificate verification - JDK-8238002, CVE-2020-14581: Better matrix operations - JDK-8238804: Enhance key handling process - JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable - JDK-8238843: Enhanced font handing - JDK-8238920, CVE-2020-14583: Better Buffer support - JDK-8238925: Enhance WAV file playback - JDK-8240119, CVE-2020-14593: Less Affine Transformations - JDK-8240482: Improved WAV file playback - JDK-8241379: Update JCEKS support - JDK-8241522: Manifest improved jar headers redux - JDK-8242136, CVE-2020-14621: Better XML namespace handling - JDK-8040113: File not initialized in src/share/native/sun/awt/giflib/dgif_lib.c - JDK-8054446: Repeated offer and remove on ConcurrentLinkedQueue lead to an OutOfMemoryError - JDK-8077982: GIFLIB upgrade - JDK-8081315: 8077982 giflib upgrade breaks system giflib builds with earlier versions - JDK-8147087: Race when reusing PerRegionTable bitmaps may result in dropped remembered set entries - JDK-8151582: (ch) test java/nio/channels/AsyncCloseAndInterrupt.java failing due to 'Connection succeeded' - JDK-8155691: Update GIFlib library to the latest up-to-date - JDK-8181841: A TSA server returns timestamp with precision higher than milliseconds - JDK-8203190: SessionId.hashCode generates too many collisions - JDK-8217676: Upgrade libpng to 1.6.37 - JDK-8220495: Update GIFlib library to the 5.1.8 - JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys - JDK-8229899: Make java.io.File.isInvalid() less racy - JDK-8230597: Update GIFlib library to the 5.2.1 - JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return - JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a - JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result Important SUSE bug 1174157 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for tigervnc fixes the following issues: - CVE-2020-26117: Server certificates were stored as certiticate authorities, allowing malicious owners of these certificates to impersonate any server after a client had added an exception (bsc#1176733) Critical SUSE bug 1176733 CVE-2020-26117 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). Important SUSE bug 1176410 SUSE bug 1177143 CVE-2020-25219 CVE-2020-26154 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for bcm43xx-firmware fixes the following issues: - Update bluetooth firmware to address Sweyntooth and Spectra issues (bsc#1176631): Moderate SUSE bug 1176631 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for freetype2 fixes the following issues: - CVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps (bsc#1177914). Important SUSE bug 1177914 CVE-2020-15999 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for libvirt fixes the following issues: - CVE-2020-15708: Added a note to libvirtd.conf about polkit auth in SUSE distros (bsc#1174955). - CVE-2020-25637: Fixed a double free in qemuAgentGetInterfaces() (bsc#1177155). - libxl: Fixed lock manager lock ordering (bsc#1171701). Important SUSE bug 1171701 SUSE bug 1174955 SUSE bug 1177155 CVE-2020-15708 CVE-2020-25637 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.4.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2020-46 (bsc#1177872, bsc#1176756) * CVE-2020-15969 Use-after-free in usersctp * CVE-2020-15683 Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 * Fixed: Fixed legacy preferences not being properly applied when set via GPO Important SUSE bug 1176756 SUSE bug 1177872 CVE-2020-15683 CVE-2020-15969 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for spice fixes the following issues: - CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC image decoding (bsc#1177158). Moderate SUSE bug 1177158 CVE-2020-14355 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for spice-gtk fixes the following issues: - CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC image decoding (bsc#1177158). Moderate SUSE bug 1177158 CVE-2020-14355 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for xen fixes the following issues: - bsc#1177409 - VUL-0: CVE-2020-27673: xen: x86 PV guest INVLPG-like flushes may leave stale TLB entries (XSA-286) - bsc#1177412 - VUL-0: CVE-2020-27672: xen: Race condition in Xen mapping code (XSA-345) - bsc#1177413 - VUL-0: CVE-2020-27671: xen: undue deferral of IOMMU TLB flushes (XSA-346) - bsc#1177414 - VUL-0: CVE-2020-27670: xen: unsafe AMD IOMMU page table updates (XSA-347) Important SUSE bug 1177409 SUSE bug 1177412 SUSE bug 1177413 SUSE bug 1177414 CVE-2020-27670 CVE-2020-27671 CVE-2020-27672 CVE-2020-27673 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for samba fixes the following issues: - CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records (bsc#1177613). - CVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994). - CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify (bsc#1173902). Important SUSE bug 1173902 SUSE bug 1173994 SUSE bug 1177613 CVE-2020-14318 CVE-2020-14323 CVE-2020-14383 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for sane-backends fixes the following issues: - sane-backends version upgrade to 1.0.31: * sane-backends version upgrade to 1.0.30 fixes memory corruption bugs CVE-2020-12861, CVE-2020-12862, CVE-2020-12863, CVE-2020-12864, CVE-2020-12865, CVE-2020-12866, CVE-2020-12867 (bsc#1172524) * sane-backends version upgrade to 1.0.31 to further improve hardware enablement for scanner devices (jsc#SLE-15561 and jsc#SLE-15560 with jsc#ECO-2418) * The new escl backend cannot be provided for SLE12 because it requires more additional software (avahi-client, libcurl, and libpoppler-glib-devel) where in particular for libcurl the one that is in SLE12 (via libcurl-devel-7.37.0) is likely too old because with that building the escl backend fails with 'escl/escl.c:1267:34: error: 'CURLOPT_UNIX_SOCKET_PATH' undeclared curl_easy_setopt(handle, CURLOPT_UNIX_SOCKET_PATH' Important SUSE bug 1172524 CVE-2017-6318 CVE-2020-12861 CVE-2020-12862 CVE-2020-12863 CVE-2020-12864 CVE-2020-12865 CVE-2020-12866 CVE-2020-12867 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for apache-commons-httpclient fixes the following issues: - http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. [bsc#945190, CVE-2015-5262] - org.apache.http.conn.ssl.AbstractVerifier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows MITM attackers to spoof SSL servers via a 'CN=' string in a field in the distinguished name (DN) of a certificate. [bsc#1178171, CVE-2014-3577] Important SUSE bug 1178171 SUSE bug 945190 CVE-2014-3577 CVE-2015-5262 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for java-1_8_0-openjdk fixes the following issues: - Fix regression '8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)', introduced in October 2020 CPU. - Update to version jdk8u272 (icedtea 3.17.0) (July 2020 CPU, bsc#1174157, and October 2020 CPU, bsc#1177943) * New features + JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7 + PR3796: Allow the number of curves supported to be specified * Security fixes + JDK-8028431, CVE-2020-14579: NullPointerException in DerValue.equals(DerValue) + JDK-8028591, CVE-2020-14578: NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString() + JDK-8230613: Better ASCII conversions + JDK-8231800: Better listing of arrays + JDK-8232014: Expand DTD support + JDK-8233255: Better Swing Buttons + JDK-8233624: Enhance JNI linkage + JDK-8234032: Improve basic calendar services + JDK-8234042: Better factory production of certificates + JDK-8234418: Better parsing with CertificateFactory + JDK-8234836: Improve serialization handling + JDK-8236191: Enhance OID processing + JDK-8236196: Improve string pooling + JDK-8236862, CVE-2020-14779: Enhance support of Proxy class + JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior + JDK-8237592, CVE-2020-14577: Enhance certificate verification + JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts + JDK-8237995, CVE-2020-14782: Enhance certificate processing + JDK-8238002, CVE-2020-14581: Better matrix operations + JDK-8238804: Enhance key handling process + JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable + JDK-8238843: Enhanced font handing + JDK-8238920, CVE-2020-14583: Better Buffer support + JDK-8238925: Enhance WAV file playback + JDK-8240119, CVE-2020-14593: Less Affine Transformations + JDK-8240124: Better VM Interning + JDK-8240482: Improved WAV file playback + JDK-8241114, CVE-2020-14792: Better range handling + JDK-8241379: Update JCEKS support + JDK-8241522: Manifest improved jar headers redux + JDK-8242136, CVE-2020-14621: Better XML namespace handling + JDK-8242680, CVE-2020-14796: Improved URI Support + JDK-8242685, CVE-2020-14797: Better Path Validation + JDK-8242695, CVE-2020-14798: Enhanced buffer support + JDK-8243302: Advanced class supports + JDK-8244136, CVE-2020-14803: Improved Buffer supports + JDK-8244479: Further constrain certificates + JDK-8244955: Additional Fix for JDK-8240124 + JDK-8245407: Enhance zoning of times + JDK-8245412: Better class definitions + JDK-8245417: Improve certificate chain handling + JDK-8248574: Improve jpeg processing + JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit + JDK-8253019: Enhanced JPEG decoding * Import of OpenJDK 8 u262 build 01 + JDK-4949105: Access Bridge lacks html tags parsing + JDK-8003209: JFR events for network utilization + JDK-8030680: 292 cleanup from default method code assessment + JDK-8035633: TEST_BUG: java/net/NetworkInterface/Equals.java and some tests failed on windows intermittently + JDK-8041626: Shutdown tracing event + JDK-8141056: Erroneous assignment in HeapRegionSet.cpp + JDK-8149338: JVM Crash caused by Marlin renderer not handling NaN coordinates + JDK-8151582: (ch) test java/nio/channels/ /AsyncCloseAndInterrupt.java failing due to 'Connection succeeded' + JDK-8165675: Trace event for thread park has incorrect unit for timeout + JDK-8176182: 4 security tests are not run + JDK-8178910: Problemlist sample tests + JDK-8183925: Decouple crash protection from watcher thread + JDK-8191393: Random crashes during cfree+0x1c + JDK-8195817: JFR.stop should require name of recording + JDK-8195818: JFR.start should increase autogenerated name by one + JDK-8195819: Remove recording=x from jcmd JFR.check output + JDK-8199712: Flight Recorder + JDK-8202578: Revisit location for class unload events + JDK-8202835: jfr/event/os/TestSystemProcess.java fails on missing events + JDK-8203287: Zero fails to build after JDK-8199712 (Flight Recorder) + JDK-8203346: JFR: Inconsistent signature of jfr_add_string_constant + JDK-8203664: JFR start failure after AppCDS archive created with JFR StartFlightRecording + JDK-8203921: JFR thread sampling is missing fixes from JDK-8194552 + JDK-8203929: Limit amount of data for JFR.dump + JDK-8205516: JFR tool + JDK-8207392: [PPC64] Implement JFR profiling + JDK-8207829: FlightRecorderMXBeanImpl is leaking the first classloader which calls it + JDK-8209960: -Xlog:jfr* doesn't work with the JFR + JDK-8210024: JFR calls virtual is_Java_thread from ~Thread() + JDK-8210776: Upgrade X Window System 6.8.2 to the latest XWD 1.0.7 + JDK-8211239: Build fails without JFR: empty JFR events signatures mismatch + JDK-8212232: Wrong metadata for the configuration of the cutoff for old object sample events + JDK-8213015: Inconsistent settings between JFR.configure and -XX:FlightRecorderOptions + JDK-8213421: Line number information for execution samples always 0 + JDK-8213617: JFR should record the PID of the recorded process + JDK-8213734: SAXParser.parse(File, ..) does not close resources when Exception occurs. + JDK-8213914: [TESTBUG] Several JFR VM events are not covered by tests + JDK-8213917: [TESTBUG] Shutdown JFR event is not covered by test + JDK-8213966: The ZGC JFR events should be marked as experimental + JDK-8214542: JFR: Old Object Sample event slow on a deep heap in debug builds + JDK-8214750: Unnecessary <p> tags in jfr classes + JDK-8214896: JFR Tool left files behind + JDK-8214906: [TESTBUG] jfr/event/sampling/TestNative.java fails with UnsatisfiedLinkError + JDK-8214925: JFR tool fails to execute + JDK-8215175: Inconsistencies in JFR event metadata + JDK-8215237: jdk.jfr.Recording javadoc does not compile + JDK-8215284: Reduce noise induced by periodic task getFileSize() + JDK-8215355: Object monitor deadlock with no threads holding the monitor (using jemalloc 5.1) + JDK-8215362: JFR GTest JfrTestNetworkUtilization fails + JDK-8215771: The jfr tool should pretty print reference chains + JDK-8216064: -XX:StartFlightRecording:settings= doesn't work properly + JDK-8216486: Possibility of integer overflow in JfrThreadSampler::run() + JDK-8216528: test/jdk/java/rmi/transport/ /runtimeThreadInheritanceLeak/ /RuntimeThreadInheritanceLeak.java failing with Xcomp + JDK-8216559: [JFR] Native libraries not correctly parsed from /proc/self/maps + JDK-8216578: Remove unused/obsolete method in JFR code + JDK-8216995: Clean up JFR command line processing + JDK-8217744: [TESTBUG] JFR TestShutdownEvent fails on some systems due to process surviving SIGINT + JDK-8217748: [TESTBUG] Exclude TestSig test case from JFR TestShutdownEvent + JDK-8218935: Make jfr strncpy uses GCC 8.x friendly + JDK-8223147: JFR Backport + JDK-8223689: Add JFR Thread Sampling Support + JDK-8223690: Add JFR BiasedLock Event Support + JDK-8223691: Add JFR G1 Region Type Change Event Support + JDK-8223692: Add JFR G1 Heap Summary Event Support + JDK-8224172: assert(jfr_is_event_enabled(id)) failed: invariant + JDK-8224475: JTextPane does not show images in HTML rendering + JDK-8226253: JAWS reports wrong number of radio buttons when buttons are hidden. + JDK-8226779: [TESTBUG] Test JFR API from Java agent + JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys + JDK-8227011: Starting a JFR recording in response to JVMTI VMInit and / or Java agent premain corrupts memory + JDK-8227605: Kitchensink fails 'assert((((klass)->trace_id() & (JfrTraceIdEpoch::leakp_in_use_this_epoch_bit())) != 0)) failed: invariant' + JDK-8229366: JFR backport allows unchecked writing to memory + JDK-8229401: Fix JFR code cache test failures + JDK-8229708: JFR backport code does not initialize + JDK-8229873: 8229401 broke jdk8u-jfr-incubator + JDK-8230448: [test] JFRSecurityTestSuite.java is failing on Windows + JDK-8230707: JFR related tests are failing + JDK-8230782: Robot.createScreenCapture() fails if 'awt.robot.gtk' is set to false + JDK-8230856: Java_java_net_NetworkInterface_getByName0 on unix misses ReleaseStringUTFChars in early return + JDK-8230947: TestLookForUntestedEvents.java is failing after JDK-8230707 + JDK-8231995: two jtreg tests failed after 8229366 is fixed + JDK-8233623: Add classpath exception to copyright in EventHandlerProxyCreator.java file + JDK-8236002: CSR for JFR backport suggests not leaving out the package-info + JDK-8236008: Some backup files were accidentally left in the hotspot tree + JDK-8236074: Missed package-info + JDK-8236174: Should update javadoc since tags + JDK-8238076: Fix OpenJDK 7 Bootstrap Broken by JFR Backport + JDK-8238452: Keytool generates wrong expiration date if validity is set to 2050/01/01 + JDK-8238555: Allow Initialization of SunPKCS11 with NSS when there are external FIPS modules in the NSSDB + JDK-8238589: Necessary code cleanup in JFR for JDK8u + JDK-8238590: Enable JFR by default during compilation in 8u + JDK-8239055: Wrong implementation of VMState.hasListener + JDK-8239476: JDK-8238589 broke windows build by moving OrderedPair + JDK-8239479: minimal1 and zero builds are failing + JDK-8239867: correct over use of INCLUDE_JFR macro + JDK-8240375: Disable JFR by default for July 2020 release + JDK-8241444: Metaspace::_class_vsm not initialized if compressed class pointers are disabled + JDK-8241902: AIX Build broken after integration of JDK-8223147 (JFR Backport) + JDK-8242788: Non-PCH build is broken after JDK-8191393 * Import of OpenJDK 8 u262 build 02 + JDK-8130737: AffineTransformOp can't handle child raster with non-zero x-offset + JDK-8172559: [PIT][TEST_BUG] Move @test to be 1st annotation in java/awt/image/Raster/TestChildRasterOp.java + JDK-8230926: [macosx] Two apostrophes are entered instead of one with 'U.S. International - PC' layout + JDK-8240576: JVM crashes after transformation in C2 IdealLoopTree::merge_many_backedges + JDK-8242883: Incomplete backport of JDK-8078268: backport test part * Import of OpenJDK 8 u262 build 03 + JDK-8037866: Replace the Fun class in tests with lambdas + JDK-8146612: C2: Precedence edges specification violated + JDK-8150986: serviceability/sa/jmap-hprof/ /JMapHProfLargeHeapTest.java failing because expects HPROF JAVA PROFILE 1.0.1 file format + JDK-8229888: (zipfs) Updating an existing zip file does not preserve original permissions + JDK-8230597: Update GIFlib library to the 5.2.1 + JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return + JDK-8233880, PR3798: Support compilers with multi-digit major version numbers + JDK-8239852: java/util/concurrent tests fail with -XX:+VerifyGraphEdges: assert(!VerifyGraphEdges) failed: verification should have failed + JDK-8241638: launcher time metrics always report 1 on Linux when _JAVA_LAUNCHER_DEBUG set + JDK-8243059: Build fails when --with-vendor-name contains a comma + JDK-8243474: [TESTBUG] removed three tests of 0 bytes + JDK-8244461: [JDK 8u] Build fails with glibc 2.32 + JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result * Import of OpenJDK 8 u262 build 04 + JDK-8067796: (process) Process.waitFor(timeout, unit) doesn't throw NPE if timeout is less than, or equal to zero when unit == null + JDK-8148886: SEGV in sun.java2d.marlin.Renderer._endRendering + JDK-8171934: ObjectSizeCalculator.getEffectiveMemoryLayoutSpecification() does not recognize OpenJDK's HotSpot VM + JDK-8196969: JTreg Failure: serviceability/sa/ClhsdbJstack.java causes NPE + JDK-8243539: Copyright info (Year) should be updated for fix of 8241638 + JDK-8244777: ClassLoaderStats VM Op uses constant hash value * Import of OpenJDK 8 u262 build 05 + JDK-7147060: com/sun/org/apache/xml/internal/security/ /transforms/ClassLoaderTest.java doesn't run in agentvm mode + JDK-8178374: Problematic ByteBuffer handling in CipherSpi.bufferCrypt method + JDK-8181841: A TSA server returns timestamp with precision higher than milliseconds + JDK-8227269: Slow class loading when running with JDWP + JDK-8229899: Make java.io.File.isInvalid() less racy + JDK-8236996: Incorrect Roboto font rendering on Windows with subpixel antialiasing + JDK-8241750: x86_32 build failure after JDK-8227269 + JDK-8244407: JVM crashes after transformation in C2 IdealLoopTree::split_fall_in + JDK-8244843: JapanEraNameCompatTest fails * Import of OpenJDK 8 u262 build 06 + JDK-8246223: Windows build fails after JDK-8227269 * Import of OpenJDK 8 u262 build 07 + JDK-8233197: Invert JvmtiExport::post_vm_initialized() and Jfr:on_vm_start() start-up order for correct option parsing + JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a + JDK-8245167: Top package in method profiling shows null in JMC + JDK-8246703: [TESTBUG] Add test for JDK-8233197 * Import of OpenJDK 8 u262 build 08 + JDK-8220293: Deadlock in JFR string pool + JDK-8225068: Remove DocuSign root certificate that is expiring in May 2020 + JDK-8225069: Remove Comodo root certificate that is expiring in May 2020 * Import of OpenJDK 8 u262 build 09 + JDK-8248399: Build installs jfr binary when JFR is disabled * Import of OpenJDK 8 u262 build 10 + JDK-8248715: New JavaTimeSupplementary localisation for 'in' installed in wrong package * Import of OpenJDK 8 u265 build 01 + JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior + JDK-8250546: Expect changed behaviour reported in JDK-8249846 * Import of OpenJDK 8 u272 build 01 + JDK-8006205: [TESTBUG] NEED_TEST: please JTREGIFY test/compiler/7177917/Test7177917.java + JDK-8035493: JVMTI PopFrame capability must instruct compilers not to prune locals + JDK-8036088: Replace strtok() with its safe equivalent strtok_s() in DefaultProxySelector.c + JDK-8039082: [TEST_BUG] Test java/awt/dnd/ /BadSerializationTest/BadSerializationTest.java fails + JDK-8075774: Small readability and performance improvements for zipfs + JDK-8132206: move ScanTest.java into OpenJDK + JDK-8132376: Add @requires os.family to the client tests with access to internal OS-specific API + JDK-8132745: minor cleanup of java/util/Scanner/ScanTest.java + JDK-8137087: [TEST_BUG] Cygwin failure of java/awt/ /appletviewer/IOExceptionIfEncodedURLTest/ /IOExceptionIfEncodedURLTest.sh + JDK-8145808: java/awt/Graphics2D/MTGraphicsAccessTest/ /MTGraphicsAccessTest.java hangs on Win. 8 + JDK-8151788: NullPointerException from ntlm.Client.type3 + JDK-8151834: Test SmallPrimeExponentP.java times out intermittently + JDK-8153430: jdk regression test MletParserLocaleTest, ParserInfiniteLoopTest reduce default timeout + JDK-8153583: Make OutputAnalyzer.reportDiagnosticSummary public + JDK-8156169: Some sound tests rarely hangs because of incorrect synchronization + JDK-8165936: Potential Heap buffer overflow when seaching timezone info files + JDK-8166148: Fix for JDK-8165936 broke solaris builds + JDK-8167300: Scheduling failures during gcm should be fatal + JDK-8167615: Opensource unit/regression tests for JavaSound + JDK-8172012: [TEST_BUG] delays needed in javax/swing/JTree/4633594/bug4633594.java + JDK-8177628: Opensource unit/regression tests for ImageIO + JDK-8183341: Better cleanup for javax/imageio/AllowSearch.java + JDK-8183351: Better cleanup for jdk/test/javax/imageio/spi/ /AppletContextTest/BadPluginConfigurationTest.sh + JDK-8193137: Nashorn crashes when given an empty script file + JDK-8194298: Add support for per Socket configuration of TCP keepalive + JDK-8198004: javax/swing/JFileChooser/6868611/bug6868611.java throws error + JDK-8200313: java/awt/Gtk/GtkVersionTest/GtkVersionTest.java fails + JDK-8210147: adjust some WSAGetLastError usages in windows network coding + JDK-8211714: Need to update vm_version.cpp to recognise VS2017 minor versions + JDK-8214862: assert(proj != __null) at compile.cpp:3251 + JDK-8217606: LdapContext#reconnect always opens a new connection + JDK-8217647: JFR: recordings on 32-bit systems unreadable + JDK-8226697: Several tests which need the @key headful keyword are missing it. + JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow + JDK-8230303: JDB hangs when running monitor command + JDK-8230711: ConnectionGraph::unique_java_object(Node* N) return NULL if n is not in the CG + JDK-8234617: C1: Incorrect result of field load due to missing narrowing conversion + JDK-8235243: handle VS2017 15.9 and VS2019 in abstract_vm_version + JDK-8235325: build failure on Linux after 8235243 + JDK-8235687: Contents/MacOS/libjli.dylib cannot be a symlink + JDK-8237951: CTW: C2 compilation fails with 'malformed control flow' + JDK-8238225: Issues reported after replacing symlink at Contents/MacOS/libjli.dylib with binary + JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD + JDK-8239819: XToolkit: Misread of screen information memory + JDK-8240295: hs_err elapsed time in seconds is not accurate enough + JDK-8241888: Mirror jdk.security.allowNonCaAnchor system property with a security one + JDK-8242498: Invalid 'sun.awt.TimedWindowEvent' object leads to JVM crash + JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions + JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor + JDK-8246310: Clean commented-out code about ModuleEntry and PackageEntry in JFR + JDK-8246384: Enable JFR by default on supported architectures for October 2020 release + JDK-8248643: Remove extra leading space in JDK-8240295 8u backport + JDK-8249610: Make sun.security.krb5.Config.getBooleanObject(String... keys) method public * Import of OpenJDK 8 u272 build 02 + JDK-8023697: failed class resolution reports different class name in detail message for the first and subsequent times + JDK-8025886: replace [[ and == bash extensions in regtest + JDK-8046274: Removing dependency on jakarta-regexp + JDK-8048933: -XX:+TraceExceptions output should include the message + JDK-8076151: [TESTBUG] Test java/awt/FontClass/CreateFont/ /fileaccess/FontFile.java fails + JDK-8148854: Class names 'SomeClass' and 'LSomeClass;' treated by JVM as an equivalent + JDK-8154313: Generated javadoc scattered all over the place + JDK-8163251: Hard coded loop limit prevents reading of smart card data greater than 8k + JDK-8173300: [TESTBUG]compiler/tiered/NonTieredLevelsTest.java fails with compiler.whitebox.SimpleTestCaseHelper(int) must be compiled + JDK-8183349: Better cleanup for jdk/test/javax/imageio/ /plugins/shared/CanWriteSequence.java and WriteAfterAbort.java + JDK-8191678: [TESTBUG] Add keyword headful in java/awt FocusTransitionTest test. + JDK-8201633: Problems with AES-GCM native acceleration + JDK-8211049: Second parameter of 'initialize' method is not used + JDK-8219566: JFR did not collect call stacks when MaxJavaStackTraceDepth is set to zero + JDK-8220165: Encryption using GCM results in RuntimeException- input length out of bound + JDK-8220555: JFR tool shows potentially misleading message when it cannot access a file + JDK-8224217: RecordingInfo should use textual representation of path + JDK-8231779: crash HeapWord*ParallelScavengeHeap::failed_mem_allocate + JDK-8238380, PR3798: java.base/unix/native/libjava/childproc.c 'multiple definition' link errors with GCC10 + JDK-8238386, PR3798: (sctp) jdk.sctp/unix/native/libsctp/ /SctpNet.c 'multiple definition' link errors with GCC10 + JDK-8238388, PR3798: libj2gss/NativeFunc.o 'multiple definition' link errors with GCC10 + JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array + JDK-8250755: Better cleanup for jdk/test/javax/imageio/ /plugins/shared/CanWriteSequence.java * Import of OpenJDK 8 u272 build 03 + JDK-6574989: TEST_BUG: javax/sound/sampled/Clip/bug5070081.java fails sometimes + JDK-8148754: C2 loop unrolling fails due to unexpected graph shape + JDK-8192953: sun/management/jmxremote/bootstrap/*.sh tests fail with error : revokeall.exe: Permission denied + JDK-8203357: Container Metrics + JDK-8209113: Use WeakReference for lastFontStrike for created Fonts + JDK-8216283: Allow shorter method sampling interval than 10 ms + JDK-8221569: JFR tool produces incorrect output when both --categories and --events are specified + JDK-8233097: Fontmetrics for large Fonts has zero width + JDK-8248851: CMS: Missing memory fences between free chunk check and klass read + JDK-8250875: Incorrect parameter type for update_number in JDK_Version::jdk_update * Import of OpenJDK 8 u272 build 04 + JDK-8061616: HotspotDiagnosticMXBean.getVMOption() throws IllegalArgumentException for flags of type double + JDK-8177334: Update xmldsig implementation to Apache Santuario 2.1.1 + JDK-8217878: ENVELOPING XML signature no longer works in JDK 11 + JDK-8218629: XML Digital Signature throws NAMESPACE_ERR exception on OpenJDK 11, works 8/9/10 + JDK-8243138: Enhance BaseLdapServer to support starttls extended request * Import of OpenJDK 8 u272 build 05 + JDK-8026236: Add PrimeTest for BigInteger + JDK-8057003: Large reference arrays cause extremely long synchronization times + JDK-8060721: Test runtime/SharedArchiveFile/ /LimitSharedSizes.java fails in jdk 9 fcs new platforms/compiler + JDK-8152077: (cal) Calendar.roll does not always roll the hours during daylight savings + JDK-8168517: java/lang/ProcessBuilder/Basic.java failed + JDK-8211163: UNIX version of Java_java_io_Console_echo does not return a clean boolean + JDK-8220674: [TESTBUG] MetricsMemoryTester failcount test in docker container only works with debug JVMs + JDK-8231213: Migrate SimpleDateFormatConstTest to JDK Repo + JDK-8236645: JDK 8u231 introduces a regression with incompatible handling of XML messages + JDK-8240676: Meet not symmetric failure when running lucene on jdk8 + JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program + JDK-8249158: THREAD_START and THREAD_END event posted in primordial phase + JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics + JDK-8251546: 8u backport of JDK-8194298 breaks AIX and Solaris builds + JDK-8252084: Minimal VM fails to bootcycle: undefined symbol: AgeTableTracer::is_tenuring_distribution_event_enabled * Import of OpenJDK 8 u272 build 06 + JDK-8064319: Need to enable -XX:+TraceExceptions in release builds + JDK-8080462, PR3801: Update SunPKCS11 provider with PKCS11 v2.40 support + JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider + JDK-8161973: PKIXRevocationChecker.getSoftFailExceptions() not working + JDK-8169925, PR3801: PKCS #11 Cryptographic Token Interface license + JDK-8184762: ZapStackSegments should use optimized memset + JDK-8193234: When using -Xcheck:jni an internally allocated buffer can leak + JDK-8219919: RuntimeStub name lost with PrintFrameConverterAssembly + JDK-8220313: [TESTBUG] Update base image for Docker testing to OL 7.6 + JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp + JDK-8225695: 32-bit build failures after JDK-8080462 (Update SunPKCS11 provider with PKCS11 v2.40 support) + JDK-8226575: OperatingSystemMXBean should be made container aware + JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous + JDK-8228835: Memory leak in PKCS11 provider when using AES GCM + JDK-8233621: Mismatch in jsse.enableMFLNExtension property name + JDK-8238898, PR3801: Missing hash characters for header on license file + JDK-8243320: Add SSL root certificates to Oracle Root CA program + JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26 + JDK-8245467: Remove 8u TLSv1.2 implementation files + JDK-8245469: Remove DTLS protocol implementation + JDK-8245470: Fix JDK8 compatibility issues + JDK-8245471: Revert JDK-8148188 + JDK-8245472: Backport JDK-8038893 to JDK8 + JDK-8245473: OCSP stapling support + JDK-8245474: Add TLS_KRB5 cipher suites support according to RFC-2712 + JDK-8245476: Disable TLSv1.3 protocol in the ClientHello message by default + JDK-8245477: Adjust TLS tests location + JDK-8245653: Remove 8u TLS tests + JDK-8245681: Add TLSv1.3 regression test from 11.0.7 + JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher + JDK-8251120, PR3793: [8u] HotSpot build assumes ENABLE_JFR is set to either true or false + JDK-8251341: Minimal Java specification change + JDK-8251478: Backport TLSv1.3 regression tests to JDK8u * Import of OpenJDK 8 u272 build 07 + JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ * Import of OpenJDK 8 u272 build 08 + JDK-8062947: Fix exception message to correctly represent LDAP connection failure + JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect + JDK-8252573: 8u: Windows build failed after 8222079 backport * Import of OpenJDK 8 u272 build 09 + JDK-8252886: [TESTBUG] sun/security/ec/TestEC.java : Compilation failed * Import of OpenJDK 8 u272 build 10 + JDK-8254673: Call to JvmtiExport::post_vm_start() was removed by the fix for JDK-8249158 + JDK-8254937: Revert JDK-8148854 for 8u272 * Backports + JDK-8038723, PR3806: Openup some PrinterJob tests + JDK-8041480, PR3806: ArrayIndexOutOfBoundsException when JTable contains certain string + JDK-8058779, PR3805: Faster implementation of String.replace(CharSequence, CharSequence) + JDK-8130125, PR3806: [TEST_BUG] add @modules to the several client tests unaffected by the automated bulk update + JDK-8144015, PR3806: [PIT] failures of text layout font tests + JDK-8144023, PR3806: [PIT] failure of text measurements in javax/swing/text/html/parser/Parser/6836089/bug6836089.java + JDK-8144240, PR3806: [macosx][PIT] AIOOB in closed/javax/swing/text/GlyphPainter2/6427244/bug6427244.java + JDK-8145542, PR3806: The case failed automatically and thrown java.lang.ArrayIndexOutOfBoundsException exception + JDK-8151725, PR3806: [macosx] ArrayIndexOOB exception when displaying Devanagari text in JEditorPane + JDK-8152358, PR3800: code and comment cleanups found during the hunt for 8077392 + JDK-8152545, PR3804: Use preprocessor instead of compiling a program to generate native nio constants + JDK-8152680, PR3806: Regression in GlyphVector.getGlyphCharIndex behaviour + JDK-8158924, PR3806: Incorrect i18n text document layout + JDK-8166003, PR3806: [PIT][TEST_BUG] missing helper for javax/swing/text/GlyphPainter2/6427244/bug6427244.java + JDK-8166068, PR3806: test/java/awt/font/GlyphVector/ /GetGlyphCharIndexTest.java does not compile + JDK-8169879, PR3806: [TEST_BUG] javax/swing/text/ /GlyphPainter2/6427244/bug6427244.java - compilation failed + JDK-8191512, PR3806: T2K font rasterizer code removal + JDK-8191522, PR3806: Remove Bigelow&Holmes Lucida fonts from JDK sources + JDK-8236512, PR3801: PKCS11 Connection closed after Cipher.doFinal and NoPadding + JDK-8254177, PR3809: (tz) Upgrade time-zone data to tzdata2020b * Bug fixes + PR3798: Fix format-overflow error on GCC 10, caused by passing NULL to a '%s' directive + PR3795: ECDSAUtils for XML digital signatures should support the same curve set as the rest of the JDK + PR3799: Adapt elliptic curve patches to JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7 + PR3808: IcedTea does not install the JFR *.jfc files + PR3810: Enable JFR on x86 (32-bit) now that JDK-8252096 has fixed its use with Shenandoah + PR3811: Don't attempt to install JFR files when JFR is disabled * Shenandoah + [backport] 8221435: Shenandoah should not mark through weak roots + [backport] 8221629: Shenandoah: Cleanup class unloading logic + [backport] 8222992: Shenandoah: Pre-evacuate all roots + [backport] 8223215: Shenandoah: Support verifying subset of roots + [backport] 8223774: Shenandoah: Refactor ShenandoahRootProcessor and family + [backport] 8224210: Shenandoah: Refactor ShenandoahRootScanner to support scanning CSet codecache roots + [backport] 8224508: Shenandoah: Need to update thread roots in final mark for piggyback ref update cycle + [backport] 8224579: ResourceMark not declared in shenandoahRootProcessor.inline.hpp with --disable-precompiled-headers + [backport] 8224679: Shenandoah: Make ShenandoahParallelCodeCacheIterator noncopyable + [backport] 8224751: Shenandoah: Shenandoah Verifier should select proper roots according to current GC cycle + [backport] 8225014: Separate ShenandoahRootScanner method for object_iterate + [backport] 8225216: gc/logging/TestMetaSpaceLog.java doesn't work for Shenandoah + [backport] 8225573: Shenandoah: Enhance ShenandoahVerifier to ensure roots to-space invariant + [backport] 8225590: Shenandoah: Refactor ShenandoahClassLoaderDataRoots API + [backport] 8226413: Shenandoah: Separate root scanner for SH::object_iterate() + [backport] 8230853: Shenandoah: replace leftover assert(is_in(...)) with rich asserts + [backport] 8231198: Shenandoah: heap walking should visit all roots most of the time + [backport] 8231244: Shenandoah: all-roots heap walking misses some weak roots + [backport] 8237632: Shenandoah: accept NULL fwdptr to cooperate with JVMTI and JFR + [backport] 8239786: Shenandoah: print per-cycle statistics + [backport] 8239926: Shenandoah: Shenandoah needs to mark nmethod's metadata + [backport] 8240671: Shenandoah: refactor ShenandoahPhaseTimings + [backport] 8240749: Shenandoah: refactor ShenandoahUtils + [backport] 8240750: Shenandoah: remove leftover files and mentions of ShenandoahAllocTracker + [backport] 8240868: Shenandoah: remove CM-with-UR piggybacking cycles + [backport] 8240872: Shenandoah: Avoid updating new regions from start of evacuation + [backport] 8240873: Shenandoah: Short-cut arraycopy barriers + [backport] 8240915: Shenandoah: Remove unused fields in init mark tasks + [backport] 8240948: Shenandoah: cleanup not-forwarded-objects paths after JDK-8240868 + [backport] 8241007: Shenandoah: remove ShenandoahCriticalControlThreadPriority support + [backport] 8241062: Shenandoah: rich asserts trigger 'empty statement' inspection + [backport] 8241081: Shenandoah: Do not modify update-watermark concurrently + [backport] 8241093: Shenandoah: editorial changes in flag descriptions + [backport] 8241139: Shenandoah: distribute mark-compact work exactly to minimize fragmentation + [backport] 8241142: Shenandoah: should not use parallel reference processing with single GC thread + [backport] 8241351: Shenandoah: fragmentation metrics overhaul + [backport] 8241435: Shenandoah: avoid disabling pacing with 'aggressive' + [backport] 8241520: Shenandoah: simplify region sequence numbers handling + [backport] 8241534: Shenandoah: region status should include update watermark + [backport] 8241574: Shenandoah: remove ShenandoahAssertToSpaceClosure + [backport] 8241583: Shenandoah: turn heap lock asserts into macros + [backport] 8241668: Shenandoah: make ShenandoahHeapRegion not derive from ContiguousSpace + [backport] 8241673: Shenandoah: refactor anti-false-sharing padding + [backport] 8241675: Shenandoah: assert(n->outcnt() > 0) at shenandoahSupport.cpp:2858 with java/util/Collections/FindSubList.java + [backport] 8241692: Shenandoah: remove ShenandoahHeapRegion::_reserved + [backport] 8241700: Shenandoah: Fold ShenandoahKeepAliveBarrier flag into ShenandoahSATBBarrier + [backport] 8241740: Shenandoah: remove ShenandoahHeapRegion::_heap + [backport] 8241743: Shenandoah: refactor and inline ShenandoahHeap::heap() + [backport] 8241748: Shenandoah: inline MarkingContext TAMS methods + [backport] 8241838: Shenandoah: no need to trash cset during final mark + [backport] 8241841: Shenandoah: ditch one of allocation type counters in ShenandoahHeapRegion + [backport] 8241842: Shenandoah: inline ShenandoahHeapRegion::region_number + [backport] 8241844: Shenandoah: rename ShenandoahHeapRegion::region_number + [backport] 8241845: Shenandoah: align ShenandoahHeapRegions to cache lines + [backport] 8241926: Shenandoah: only print heap changes for operations that directly affect it + [backport] 8241983: Shenandoah: simplify FreeSet logging + [backport] 8241985: Shenandoah: simplify collectable garbage logging + [backport] 8242040: Shenandoah: print allocation failure type + [backport] 8242041: Shenandoah: adaptive heuristics should account evac reserve in free target + [backport] 8242042: Shenandoah: tune down ShenandoahGarbageThreshold + [backport] 8242054: Shenandoah: New incremental-update mode + [backport] 8242075: Shenandoah: rename ShenandoahHeapRegionSize flag + [backport] 8242082: Shenandoah: Purge Traversal mode + [backport] 8242083: Shenandoah: split 'Prepare Evacuation' tracking into cset/freeset counters + [backport] 8242089: Shenandoah: per-worker stats should be summed up, not averaged + [backport] 8242101: Shenandoah: coalesce and parallelise heap region walks during the pauses + [backport] 8242114: Shenandoah: remove ShenandoahHeapRegion::reset_alloc_metadata_to_shared + [backport] 8242130: Shenandoah: Simplify arraycopy-barrier dispatching + [backport] 8242211: Shenandoah: remove ShenandoahHeuristics::RegionData::_seqnum_last_alloc + [backport] 8242212: Shenandoah: initialize ShenandoahHeuristics::_region_data eagerly + [backport] 8242213: Shenandoah: remove ShenandoahHeuristics::_bytes_in_cset + [backport] 8242217: Shenandoah: Enable GC mode to be diagnostic/experimental and have a name + [backport] 8242227: Shenandoah: transit regions to cset state when adding to collection set + [backport] 8242228: Shenandoah: remove unused ShenandoahCollectionSet methods + [backport] 8242229: Shenandoah: inline ShenandoahHeapRegion liveness-related methods + [backport] 8242267: Shenandoah: regions space needs to be aligned by os::vm_allocation_granularity() + [backport] 8242271: Shenandoah: add test to verify GC mode unlock + [backport] 8242273: Shenandoah: accept either SATB or IU barriers, but not both + [backport] 8242301: Shenandoah: Inline LRB runtime call + [backport] 8242316: Shenandoah: Turn NULL-check into assert in SATB slow-path entry + [backport] 8242353: Shenandoah: micro-optimize region liveness handling + [backport] 8242365: Shenandoah: use uint16_t instead of jushort for liveness cache + [backport] 8242375: Shenandoah: Remove ShenandoahHeuristic::record_gc_start/end methods + [backport] 8242641: Shenandoah: clear live data and update TAMS optimistically + [backport] 8243238: Shenandoah: explicit GC request should wait for a complete GC cycle + [backport] 8243301: Shenandoah: ditch ShenandoahAllowMixedAllocs + [backport] 8243307: Shenandoah: remove ShCollectionSet::live_data + [backport] 8243395: Shenandoah: demote guarantee in ShenandoahPhaseTimings::record_workers_end + [backport] 8243463: Shenandoah: ditch total_pause counters + [backport] 8243464: Shenandoah: print statistic counters in time order + [backport] 8243465: Shenandoah: ditch unused pause_other, conc_other counters + [backport] 8243487: Shenandoah: make _num_phases illegal phase type + [backport] 8243494: Shenandoah: set counters once per cycle + [backport] 8243573: Shenandoah: rename GCParPhases and related code + [backport] 8243848: Shenandoah: Windows build fails after JDK-8239786 + [backport] 8244180: Shenandoah: carry Phase to ShWorkerTimingsTracker explicitly + [backport] 8244200: Shenandoah: build breakages after JDK-8241743 + [backport] 8244226: Shenandoah: per-cycle statistics contain worker data from previous cycles + [backport] 8244326: Shenandoah: global statistics should not accept bogus samples + [backport] 8244509: Shenandoah: refactor ShenandoahBarrierC2Support::test_* methods + [backport] 8244551: Shenandoah: Fix racy update of update_watermark + [backport] 8244667: Shenandoah: SBC2Support::test_gc_state takes loop for wrong control + [backport] 8244730: Shenandoah: gc/shenandoah/options/ /TestHeuristicsUnlock.java should only verify the heuristics + [backport] 8244732: Shenandoah: move heuristics code to gc/shenandoah/heuristics + [backport] 8244737: Shenandoah: move mode code to gc/shenandoah/mode + [backport] 8244739: Shenandoah: break superclass dependency on ShenandoahNormalMode + [backport] 8244740: Shenandoah: rename ShenandoahNormalMode to ShenandoahSATBMode + [backport] 8245461: Shenandoah: refine mode name()-s + [backport] 8245463: Shenandoah: refine ShenandoahPhaseTimings constructor arguments + [backport] 8245464: Shenandoah: allocate collection set bitmap at lower addresses + [backport] 8245465: Shenandoah: test_in_cset can use more efficient encoding + [backport] 8245726: Shenandoah: lift/cleanup ShenandoahHeuristics names and properties + [backport] 8245754: Shenandoah: ditch ShenandoahAlwaysPreTouch + [backport] 8245757: Shenandoah: AlwaysPreTouch should not disable heap resizing or uncommits + [backport] 8245773: Shenandoah: Windows assertion failure after JDK-8245464 + [backport] 8245812: Shenandoah: compute root phase parallelism + [backport] 8245814: Shenandoah: reconsider format specifiers for stats + [backport] 8245825: Shenandoah: Remove diagnostic flag ShenandoahConcurrentScanCodeRoots + [backport] 8246162: Shenandoah: full GC does not mark code roots when class unloading is off + [backport] 8247310: Shenandoah: pacer should not affect interrupt status + [backport] 8247358: Shenandoah: reconsider free budget slice for marking + [backport] 8247367: Shenandoah: pacer should wait on lock instead of exponential backoff + [backport] 8247474: Shenandoah: Windows build warning after JDK-8247310 + [backport] 8247560: Shenandoah: heap iteration holds root locks all the time + [backport] 8247593: Shenandoah: should not block pacing reporters + [backport] 8247751: Shenandoah: options tests should run with smaller heaps + [backport] 8247754: Shenandoah: mxbeans tests can be shorter + [backport] 8247757: Shenandoah: split heavy tests by heuristics to improve parallelism + [backport] 8247860: Shenandoah: add update watermark line in rich assert failure message + [backport] 8248041: Shenandoah: pre-Full GC root updates may miss some roots + [backport] 8248652: Shenandoah: SATB buffer handling may assume no forwarded objects + [backport] 8249560: Shenandoah: Fix racy GC request handling + [backport] 8249649: Shenandoah: provide per-cycle pacing stats + [backport] 8249801: Shenandoah: Clear soft-refs on requested GC cycle + [backport] 8249953: Shenandoah: gc/shenandoah/mxbeans tests should account for corner cases + Fix slowdebug build after JDK-8230853 backport + JDK-8252096: Shenandoah: adjust SerialPageShiftCount for x86_32 and JFR + JDK-8252366: Shenandoah: revert/cleanup changes in graphKit.cpp + Shenandoah: add JFR roots to root processor after JFR integration + Shenandoah: add root statistics for string dedup table/queues + Shenandoah: enable low-frequency STW class unloading + Shenandoah: fix build failures after JDK-8244737 backport + Shenandoah: Fix build failure with +JFR -PCH + Shenandoah: fix forceful pacer claim + Shenandoah: fix formats in ShenandoahStringSymbolTableUnlinkTask + Shenandoah: fix runtime linking failure due to non-compiled shenandoahBarrierSetC1 + Shenandoah: hook statistics printing to PrintGCDetails, not PrintGC + Shenandoah: JNI weak roots are always cleared before Full GC mark + Shenandoah: missing SystemDictionary roots in ShenandoahHeapIterationRootScanner + Shenandoah: move barrier sets to their proper locations + Shenandoah: move parallelCleaning.* to shenandoah/ + Shenandoah: pacer should use proper Atomics for intptr_t + Shenandoah: properly deallocates class loader metadata + Shenandoah: specialize String Table scans for better pause performance + Shenandoah: Zero build fails after recent Atomic cleanup in Pacer * AArch64 port + JDK-8161072, PR3797: AArch64: jtreg compiler/uncommontrap/TestDeoptOOM failure + JDK-8171537, PR3797: aarch64: compiler/c1/Test6849574.java generates guarantee failure in C1 + JDK-8183925, PR3797: [AArch64] Decouple crash protection from watcher thread + JDK-8199712, PR3797: [AArch64] Flight Recorder + JDK-8203481, PR3797: Incorrect constraint for unextended_sp in frame:safe_for_sender + JDK-8203699, PR3797: java/lang/invoke/SpecialInterfaceCall fails with SIGILL on aarch64 + JDK-8209413, PR3797: AArch64: NPE in clhsdb jstack command + JDK-8215961, PR3797: jdk/jfr/event/os/TestCPUInformation.java fails on AArch64 + JDK-8216989, PR3797: CardTableBarrierSetAssembler::gen_write_ref_array_post_barrier() does not check for zero length on AARCH64 + JDK-8217368, PR3797: AArch64: C2 recursive stack locking optimisation not triggered + JDK-8221658, PR3797: aarch64: add necessary predicate for ubfx patterns + JDK-8237512, PR3797: AArch64: aarch64TestHook leaks a BufferBlob + JDK-8246482, PR3797: Build failures with +JFR -PCH + JDK-8247979, PR3797: aarch64: missing side effect of killing flags for clearArray_reg_reg + JDK-8248219, PR3797: aarch64: missing memory barrier in fast_storefield and fast_accessfield - Ignore whitespaces after the header or footer in PEM X.509 cert (bsc#1171352) Important SUSE bug 1171352 SUSE bug 1174157 SUSE bug 1177943 CVE-2020-14556 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for u-boot fixes the following issues: Fix CVE-2019-13106 (bsc#1144656), CVE-2019-13104 (bsc#1144675), CVE-2019-14192 (bsc#1143777), CVE-2019-14193 (bsc#1143817), CVE-2019-14199 (bsc#1143824), CVE-2019-14197 (bsc#1143821), CVE-2019-14200 (bsc#1143825), CVE-2019-14201 (bsc#1143827), CVE-2019-14202 (bsc#1143828), CVE-2019-14203 (bsc#1143830), CVE-2019-14204 (bsc#1143831), CVE-2019-14194 (bsc#1143818), CVE-2019-14198 (bsc#1143823), CVE-2019-14195 (bsc#1143819), CVE-2019-14196 (bsc#1143820), CVE-2019-13103 (bsc#1143463), CVE-2020-8432 (bsc#1162198), CVE-2019-11059 (bsc#1134853), CVE-2019-11690 (bsc#1134157) and CVE-2020-10648 (bsc#1167209) Important SUSE bug 1134157 SUSE bug 1134853 SUSE bug 1143463 SUSE bug 1143777 SUSE bug 1143817 SUSE bug 1143818 SUSE bug 1143819 SUSE bug 1143820 SUSE bug 1143821 SUSE bug 1143823 SUSE bug 1143824 SUSE bug 1143825 SUSE bug 1143827 SUSE bug 1143828 SUSE bug 1143830 SUSE bug 1143831 SUSE bug 1144656 SUSE bug 1144675 SUSE bug 1162198 SUSE bug 1167209 CVE-2019-11059 CVE-2019-11690 CVE-2019-13103 CVE-2019-13104 CVE-2019-13106 CVE-2019-14192 CVE-2019-14193 CVE-2019-14194 CVE-2019-14195 CVE-2019-14196 CVE-2019-14197 CVE-2019-14198 CVE-2019-14199 CVE-2019-14200 CVE-2019-14201 CVE-2019-14202 CVE-2019-14203 CVE-2019-14204 CVE-2020-10648 CVE-2020-8432 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for gcc10 fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Moderate SUSE bug 1172798 SUSE bug 1172846 SUSE bug 1173972 SUSE bug 1174753 SUSE bug 1174817 SUSE bug 1175168 CVE-2020-13844 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for ucode-intel fixes the following issues: - Intel CPU Microcode updated to 20201027 prerelease - CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446) - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) # New Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile | CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3 | CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile | CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10 | CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10 | CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile # Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5 | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3 | SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2 | ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile | AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile | CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8 | CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9 | CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile | CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile Moderate SUSE bug 1170446 SUSE bug 1173594 CVE-2020-8695 CVE-2020-8698 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for java-1_7_0-openjdk fixes the following issues: - Update to 2.6.24 - OpenJDK 7u281 (October 2020 CPU, bsc#1177943) * Security fixes + JDK-8233624: Enhance JNI linkage + JDK-8236862, CVE-2020-14779: Enhance support of Proxy class + JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts + JDK-8237995, CVE-2020-14782: Enhance certificate processing + JDK-8240124: Better VM Interning + JDK-8241114, CVE-2020-14792: Better range handling + JDK-8242680, CVE-2020-14796: Improved URI Support + JDK-8242685, CVE-2020-14797: Better Path Validation + JDK-8242695, CVE-2020-14798: Enhanced buffer support + JDK-8243302: Advanced class supports + JDK-8244136, CVE-2020-14803: Improved Buffer supports + JDK-8244479: Further constrain certificates + JDK-8244955: Additional Fix for JDK-8240124 + JDK-8245407: Enhance zoning of times + JDK-8245412: Better class definitions + JDK-8245417: Improve certificate chain handling + JDK-8248574: Improve jpeg processing + JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit + JDK-8253019: Enhanced JPEG decoding * Import of OpenJDK 7 u281 build 1 + JDK-8145096: Undefined behaviour in HotSpot + JDK-8215265: C2: range check elimination may allow illegal out of bound access * Backports + JDK-8250861, PR3812: Crash in MinINode::Ideal(PhaseGVN*, bool) Important SUSE bug 1177943 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). Important SUSE bug 1178387 CVE-2020-25692 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.4.1 ESR * Fixed: Security fix MFSA 2020-49 (bsc#1178588) * CVE-2020-26950 (bmo#1675905) Write side effects in MCallGetProperty opcode not accounted for Important SUSE bug 1178588 CVE-2020-26950 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update changes the internal packaging for postgresql, and so contains all currently maintained postgresql versions across our SUSE Linux Enterprise 12 products. * postgresql12 is shipped new in version 12.3 (bsc#1171924). The server and client packages only on SUSE Linux Enterprise Server 12 SP5, the libraries on SUSE Linux Enterprise Server 12 SP2 LTSS up to 12 SP5. + https://www.postgresql.org/about/news/2038/ + https://www.postgresql.org/docs/12/release-12-3.html * postgresql10 is updated to 10.13 (bsc#1171924). On SUSE Linux Enterprise Server 12 SP2 LTSS up to 12 SP5. + https://www.postgresql.org/about/news/2038/ + https://www.postgresql.org/docs/10/release-10-13.html * postgresql96 is updated to 9.6.18 (bsc#1171924): + https://www.postgresql.org/about/news/2038/ + https://www.postgresql.org/docs/9.6/release-9-6-18.html On SUSE Linux Enterprise Server 12-SP2 and 12-SP3 LTSS only. * postgresql 9.4 is updated to 9.4.26: + https://www.postgresql.org/about/news/2011/ + https://www.postgresql.org/docs/9.4/release-9-4-26.html + https://www.postgresql.org/about/news/1994/ + https://www.postgresql.org/docs/9.4/release-9-4-25.html Moderate SUSE bug 1171924 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for raptor fixes the following issues: - Fixed a heap overflow vulnerability (bsc#1178593, CVE-2017-18926). - Update raptor to version 2.0.15 * Made several fixes to Turtle / N-Triples family of parsers and serializers * Added utility functions for re-entrant sorting of objects and sequences. * Made other fixes and improvements including fixing reported issues: 0000574, 0000575, 0000576, 0000577, 0000579, 0000581 and 0000584. Important SUSE bug 1178593 CVE-2017-18926 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for kernel-firmware fixes the following issue: - CVE-2020-12321: Updated the Intel Bluetooth firmware for buffer overflow security bugs (bsc#1178671). Important SUSE bug 1178671 CVE-2020-12321 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for krb5 fixes the following security issue: - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512). Moderate SUSE bug 1178512 CVE-2020-28196 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for xen fixes the following issues: Security issue fixed: - CVE-2020-28368: Fixed the Intel RAPL sidechannel attack, aka PLATYPUS attack, aka XSA-351 (bsc#1178591). Non-security issue fixed: - Adjusted help for --max_iters, default is 5 (bsc#1177950). Important SUSE bug 1177950 SUSE bug 1178591 CVE-2020-28368 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for postgresql10 fixes the following issues: Upgrade to version 10.15: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/10/release-10-15.html Update to 10.14: * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers * CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure. * https://www.postgresql.org/docs/10/release-10-14.html Important SUSE bug 1175193 SUSE bug 1175194 SUSE bug 1178666 SUSE bug 1178667 SUSE bug 1178668 CVE-2020-14349 CVE-2020-14350 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for mariadb and mariadb-connector-c fixes the following issues: - Update mariadb to 10.2.36 GA [bsc#1177472, bsc#1178428] fixing for the following security vulnerabilities: CVE-2020-14812, CVE-2020-14765, CVE-2020-14776, CVE-2020-14789 CVE-2020-15180 - Update mariadb-connector-c to 3.1.11 [bsc#1177472 and bsc#1178428] Moderate SUSE bug 1172399 SUSE bug 1175596 SUSE bug 1177472 SUSE bug 1178428 CVE-2020-14765 CVE-2020-14776 CVE-2020-14789 CVE-2020-14812 CVE-2020-15180 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for ucode-intel fixes the following issues: - Updated Intel CPU Microcode to 20201118 official release. (bsc#1178971) - Removed TGL/06-8c-01/80 due to functional issues with some OEM platforms. - CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) INTEL-SA-00389 (bsc#1170446) - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) - CVE-2020-8696: Vector Register Sampling Active INTEL-SA-00381 (bsc#1173592) - Release notes: - Security updates for [INTEL-SA-00381](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html). - Security updates for [INTEL-SA-00389](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html). - Update for functional issues. Refer to [Second Generation Intel? Xeon? Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details. - Update for functional issues. Refer to [Intel? Xeon? Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details. - Update for functional issues. Refer to [Intel? Xeon? Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details. - Update for functional issues. Refer to [10th Gen Intel? Core™ Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details. - Update for functional issues. Refer to [8th and 9th Gen Intel? Core™ Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details. - Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel? Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details. - Update for functional issues. Refer to [6th Gen Intel? Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details. - Update for functional issues. Refer to [Intel? Xeon? E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details. - Update for functional issues. Refer to [Intel? Xeon? E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details. ### New Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3 | LKF | B2/B3 | 06-8a-01/10 | | 00000028 | Core w/Hybrid Technology | TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile | CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile | CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10 | CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10 | CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile ### Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3 | SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2 | APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5 | GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile | AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile | CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8 | CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9 | CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile | CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile Moderate SUSE bug 1170446 SUSE bug 1173592 SUSE bug 1173594 SUSE bug 1178971 CVE-2020-8695 CVE-2020-8696 CVE-2020-8698 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for bluez fixes the following issues: - CVE-2020-0556: Fixed improper access control which may lead to escalation of privilege and denial of service by an unauthenticated user (bsc#1166751). Important SUSE bug 1166751 CVE-2020-0556 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bug fixes. The following security bugs were fixed: - CVE-2020-25705: A flaw in the way reply ICMP packets are limited in was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software and services that rely on UDP source port randomization (like DNS) are indirectly affected as well. Kernel versions may be vulnerable to this issue (bsc#1175721, bsc#1178782). - CVE-2020-25704: Fixed a memory leak in perf_event_parse_addr_filter() (bsc#1178393). - CVE-2020-25668: Fixed a use-after-free in con_font_op() (bnc#1178123). - CVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl (bnc#1177766). - CVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in mm/hugetlb.c (bnc#1176485). - CVE-2020-0430: Fixed an OOB read in skb_headlen of /include/linux/skbuff.h (bnc#1176723). - CVE-2020-14351: Fixed a race in the perf_mmap_close() function (bsc#1177086). - CVE-2020-16120: Fixed a permissions issue in ovl_path_open() (bsc#1177470). - CVE-2020-8694: Restricted energy meter to root access (bsc#1170415). - CVE-2020-12351: Implemented a kABI workaround for bluetooth l2cap_ops filter addition (bsc#1177724). - CVE-2020-12352: Fixed an information leak when processing certain AMP packets aka 'BleedingTooth' (bsc#1177725). - CVE-2020-25212: Fixed a TOCTOU mismatch in the NFS client code (bnc#1176381). - CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177511). - CVE-2020-14381: Fixed a UAF in the fast user mutex (futex) wait operation (bsc#1176011). - CVE-2020-25643: Fixed an improper input validation in the ppp_cp_parse_cr function of the HDLC_PPP module (bnc#1177206). - CVE-2020-25641: Fixed a zero-length biovec request issued by the block subsystem could have caused the kernel to enter an infinite loop, causing a denial of service (bsc#1177121). - CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990). - CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235). - CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721). - CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725). - CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722). - CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423). - CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482). - CVE-2020-27673: Fixed an issue where rogue guests could have caused denial of service of Dom0 via high frequency events (XSA-332 bsc#1177411) - CVE-2020-27675: Fixed a race condition in event handler which may crash dom0 (XSA-331 bsc#1177410). The following non-security bugs were fixed: - btrfs: remove root usage from can_overcommit (bsc#1131277). - hv: vmbus: Add timeout to vmbus_wait_for_unload (bsc#1177816). - hyperv_fb: disable superfluous VERSION_WIN10_V5 case (bsc#1175306). - hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306). - livepatch: Add -fdump-ipa-clones to build (). Add support for -fdump-ipa-clones GCC option. Update config files accordingly. - livepatch: Test if -fdump-ipa-clones is really available As of now we add -fdump-ipa-clones unconditionally. It does not cause a trouble if the kernel is build with the supported toolchain. Otherwise it could fail easily. Do the correct thing and test for the availability. - NFS: On fatal writeback errors, we need to call nfs_inode_remove_request() (bsc#1177340). - NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139). - NFS: Revalidate the file mapping on all fatal writeback errors (bsc#1177340). - NFSv4: do not mark all open state for recovery when handling recallable state revoked flag (bsc#1176935). - obsolete_kmp: provide newer version than the obsoleted one (boo#1170232). - ocfs2: give applications more IO opportunities during fstrim (bsc#1175228). - powerpc/pseries/cpuidle: add polling idle for shared processor guests (bsc#1178765 ltc#188968). - rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules (bsc#1176869 ltc#188243). - scsi: fnic: Do not call 'scsi_done()' for unhandled commands (bsc#1168468, bsc#1171675). - scsi: qla2xxx: Do not consume srb greedily (bsc#1173233). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1173233). - video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306). - video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306). - video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306). - x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306). - xen/blkback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/events: add a new 'late EOI' evtchn framework (XSA-332 bsc#1177411). - xen/events: add a proper barrier to 2-level uevent unmasking (XSA-332 bsc#1177411). - xen/events: avoid removing an event channel while handling it (XSA-331 bsc#1177410). - xen/events: block rogue events for some time (XSA-332 bsc#1177411). - xen/events: defer eoi in case of excessive number of events (XSA-332 bsc#1177411). - xen/events: do not use chip_data for legacy IRQs (XSA-332 bsc#1065600). - xen/events: fix race in evtchn_fifo_unmask() (XSA-332 bsc#1177411). - xen/events: switch user event channels to lateeoi model (XSA-332 bsc#1177411). - xen/events: use a common cpu hotplug hook for event channels (XSA-332 bsc#1177411). - xen/netback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/pciback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/scsiback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (XSA-332 bsc#1065600). Important SUSE bug 1051510 SUSE bug 1058115 SUSE bug 1065600 SUSE bug 1131277 SUSE bug 1160947 SUSE bug 1163524 SUSE bug 1166965 SUSE bug 1168468 SUSE bug 1170139 SUSE bug 1170232 SUSE bug 1170415 SUSE bug 1171417 SUSE bug 1171675 SUSE bug 1172073 SUSE bug 1172366 SUSE bug 1173115 SUSE bug 1173233 SUSE bug 1175228 SUSE bug 1175306 SUSE bug 1175721 SUSE bug 1175882 SUSE bug 1176011 SUSE bug 1176235 SUSE bug 1176278 SUSE bug 1176381 SUSE bug 1176423 SUSE bug 1176482 SUSE bug 1176485 SUSE bug 1176698 SUSE bug 1176721 SUSE bug 1176722 SUSE bug 1176723 SUSE bug 1176725 SUSE bug 1176732 SUSE bug 1176869 SUSE bug 1176907 SUSE bug 1176922 SUSE bug 1176935 SUSE bug 1176950 SUSE bug 1176990 SUSE bug 1177027 SUSE bug 1177086 SUSE bug 1177121 SUSE bug 1177206 SUSE bug 1177340 SUSE bug 1177410 SUSE bug 1177411 SUSE bug 1177470 SUSE bug 1177511 SUSE bug 1177724 SUSE bug 1177725 SUSE bug 1177766 SUSE bug 1177816 SUSE bug 1178123 SUSE bug 1178330 SUSE bug 1178393 SUSE bug 1178669 SUSE bug 1178765 SUSE bug 1178782 SUSE bug 1178838 CVE-2020-0404 CVE-2020-0427 CVE-2020-0430 CVE-2020-0431 CVE-2020-0432 CVE-2020-12351 CVE-2020-12352 CVE-2020-14351 CVE-2020-14381 CVE-2020-14390 CVE-2020-16120 CVE-2020-25212 CVE-2020-25284 CVE-2020-25285 CVE-2020-25641 CVE-2020-25643 CVE-2020-25645 CVE-2020-25656 CVE-2020-25668 CVE-2020-25704 CVE-2020-25705 CVE-2020-26088 CVE-2020-27673 CVE-2020-27675 CVE-2020-8694 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.5.0 ESR (bsc#1178824) * CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code * CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls * CVE-2020-26953: Fullscreen could be enabled without displaying the security UI * CVE-2020-26956: XSS through paste (manual and clipboard API) * CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions * CVE-2020-26959: Use-after-free in WebRequestService * CVE-2020-26960: Potential use-after-free in uses of nsTArray * CVE-2020-15999: Heap buffer overflow in freetype * CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses * CVE-2020-26965: Software keyboards may have remembered typed passwords * CVE-2020-26966: Single-word search queries were also broadcast to local network * CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 Important SUSE bug 1178824 CVE-2020-15999 CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26966 CVE-2020-26968 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for LibVNCServer fixes the following issues: - CVE-2020-25708 [bsc#1178682], libvncserver/rfbserver.c has a divide by zero which could result in DoS Important SUSE bug 1178682 CVE-2020-25708 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for xorg-x11-server fixes the following issues: - CVE-2020-25712: Fixed a heap-based buffer overflow which could have led to privilege escalation (bsc#1177596). - CVE-2020-14360: Fixed an out of bounds memory accesses on too short request which could lead to denial of service (bsc#1174908). Important SUSE bug 1174908 SUSE bug 1177596 CVE-2020-14360 CVE-2020-25712 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for python-setuptools fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) Important SUSE bug 1176262 CVE-2019-20916 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for python3 fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) Important SUSE bug 1176262 CVE-2019-20916 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for gdm fixes the following issues: - CVE-2020-16125: Fixed a privilege escalation (bsc#1178150). Important SUSE bug 1178150 CVE-2020-16125 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for python-cryptography fixes the following issues: - CVE-2020-25659: Attempted to mitigate Bleichenbacher attacks on RSA decryption (bsc#1178168). Moderate SUSE bug 1178168 CVE-2020-25659 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for postgresql12 fixes the following issues: Upgrade to version 12.5: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. (obsoletes postgresql-timetz.patch) * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/12/release-12-5.html The previous postgresql12 update already addressed: Update to 12.4: * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers * CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure. * https://www.postgresql.org/docs/12/release-12-4.html Important SUSE bug 1175193 SUSE bug 1175194 SUSE bug 1178666 SUSE bug 1178667 SUSE bug 1178668 CVE-2020-14349 CVE-2020-14350 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for mutt fixes the following issues: - Find and display the content of messages properly. (bsc#1179461) - CVE-2020-28896: incomplete connection termination could send credentials over unencrypted connections. (bsc#1179035) - Avoid that message with a million tiny parts can freeze MUA for several minutes. (bsc#1179113) Important SUSE bug 1179035 SUSE bug 1179113 SUSE bug 1179461 CVE-2020-28896 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for xen fixes the following issues: - bsc#1178963 - VUL-0: xen: stack corruption from XSA-346 change (XSA-355) Important SUSE bug 1177409 SUSE bug 1177412 SUSE bug 1177413 SUSE bug 1177414 SUSE bug 1178591 SUSE bug 1178963 CVE-2020-27670 CVE-2020-27671 CVE-2020-27672 CVE-2020-27674 CVE-2020-28368 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for openssl-1_0_0 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). Important SUSE bug 1179491 CVE-2020-1971 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). Important SUSE bug 1179491 CVE-2020-1971 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for python fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) Important SUSE bug 1176262 CVE-2019-20916 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for openssh fixes the following issues: - CVE-2020-14145: Fixed an observable discrepancy leading to an information leak in the algorithm negotiation (bsc#1173513). - Fixed an issue where AuthorizedKeysCommand produced a lot of output (bsc#1161684). - Fixed an issue where oracle cluster with cluvfy using 'scp' failing/missinterpreted (bsc#1148566). Moderate SUSE bug 1148566 SUSE bug 1161684 SUSE bug 1173513 CVE-2020-14145 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.6.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2020-55 (bsc#1180039) * CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused uninitialized memory to be exposed * CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL * CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect sanitization * CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free * CVE-2020-26978 (bmo#1677047) Internal network hosts could have been probed by a malicious webpage * CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did not catch view-source URLs * CVE-2020-35112 (bmo#1661365) Opening an extension-less download may have inadvertently launched an executable instead * CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 Critical SUSE bug 1180039 CVE-2020-16042 CVE-2020-26971 CVE-2020-26973 CVE-2020-26974 CVE-2020-26978 CVE-2020-35111 CVE-2020-35112 CVE-2020-35113 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for xen fixes the following issues: - CVE-2020-29480: Fixed an issue which could have allowed leak of non-sensitive data to administrator guests (bsc#117949 XSA-115). - CVE-2020-29481: Fixed an issue which could have allowd to new domains to inherit existing node permissions (bsc#1179498 XSA-322). - CVE-2020-29483: Fixed an issue where guests could disturb domain cleanup (bsc#1179502 XSA-325). - CVE-2020-29484: Fixed an issue where guests could crash xenstored via watchs (bsc#1179501 XSA-324). - CVE-2020-29566: Fixed an undue recursion in x86 HVM context switch code (bsc#1179506 XSA-348). - CVE-2020-29570: Fixed an issue where FIFO event channels control block related ordering (bsc#1179514 XSA-358). - CVE-2020-29571: Fixed an issue where FIFO event channels control structure ordering (bsc#1179516 XSA-359). - CVE-2020-29130: Fixed an out-of-bounds access while processing ARP packets (bsc#1179477). - Fixed an issue where dump-core shows missing nr_pages during core (bsc#1176782). - Multiple other bugs (bsc#1027519) Moderate SUSE bug 1027519 SUSE bug 1176782 SUSE bug 1179477 SUSE bug 1179496 SUSE bug 1179498 SUSE bug 1179501 SUSE bug 1179502 SUSE bug 1179506 SUSE bug 1179514 SUSE bug 1179516 CVE-2020-29130 CVE-2020-29480 CVE-2020-29481 CVE-2020-29483 CVE-2020-29484 CVE-2020-29566 CVE-2020-29570 CVE-2020-29571 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for clamav fixes the following issues: clamav was updated to 0.103.0 to implement jsc#ECO-3010 and bsc#1118459. * clamd can now reload the signature database without blocking scanning. This multi-threaded database reload improvement was made possible thanks to a community effort. - Non-blocking database reloads are now the default behavior. Some systems that are more constrained on RAM may need to disable non-blocking reloads as it will temporarily consume two times as much memory. We added a new clamd config option ConcurrentDatabaseReload, which may be set to no. * Fix clamav-milter.service (requires clamd.service to run) * bsc#1119353, clamav-fips.patch: Fix freshclam crash in FIPS mode. * Partial sync with SLE15. Update to version 0.102.4 Accumulated security fixes: * CVE-2020-3350: Fix a vulnerability wherein a malicious user could replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (eg. a critical system file). The issue would affect users that use the --move or --remove options for clamscan, clamdscan, and clamonacc. (bsc#1174255) * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.3 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking results in an out-of-bounds read which could cause a crash. The previous fix for this CVE in 0.102.3 was incomplete. This fix correctly resolves the issue. * CVE-2020-3481: Fix a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 could cause a Denial-of-Service (DoS) condition. Improper error handling may result in a crash due to a NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive parser in versions affected by the vulnerability. (bsc#1174250) * CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read which may cause a crash. (bsc#1171981) * CVE-2020-3123: A denial-of-service (DoS) condition may occur when using the optional credit card data-loss-prevention (DLP) feature. Improper bounds checking of an unsigned variable resulted in an out-of-bounds read, which causes a crash. * CVE-2019-15961: A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation. (bsc#1157763). * CVE-2019-12900: An out of bounds write in the NSIS bzip2 (bsc#1149458) * CVE-2019-12625: Introduce a configurable time limit to mitigate zip bomb vulnerability completely. Default is 2 minutes, configurable useing the clamscan --max-scantime and for clamd using the MaxScanTime config option (bsc#1144504) Update to version 0.101.3: * ZIP bomb causes extreme CPU spikes (bsc#1144504) Update to version 0.101.2 (bsc#1118459): * Support for RAR v5 archive extraction. * Incompatible changes to the arguments of cl_scandesc, cl_scandesc_callback, and cl_scanmap_callback. * Scanning options have been converted from a single flag bit-field into a structure of multiple categorized flag bit-fields. * The CL_SCAN_HEURISTIC_ENCRYPTED scan option was replaced by 2 new scan options: CL_SCAN_HEURISTIC_ENCRYPTED_ARCHIVE, and CL_SCAN_HEURISTIC_ENCRYPTED_DOC * Incompatible clamd.conf and command line interface changes. * Heuristic Alerts' (aka 'Algorithmic Detection') options have been changed to make the names more consistent. The original options are deprecated in 0.101, and will be removed in a future feature release. * For details, see https://blog.clamav.net/2018/12/clamav-01010-has-been-released.html Important SUSE bug 1118459 SUSE bug 1119353 SUSE bug 1144504 SUSE bug 1149458 SUSE bug 1157763 SUSE bug 1171981 SUSE bug 1174250 SUSE bug 1174255 CVE-2019-12900 CVE-2019-15961 CVE-2020-3123 CVE-2020-3327 CVE-2020-3341 CVE-2020-3350 CVE-2020-3481 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for cyrus-sasl fixes the following issues: - CVE-2019-19906: Fixed an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet (bsc#1159635). Important SUSE bug 1159635 CVE-2019-19906 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for libzypp fixes the following issues: Security issue fixed: - CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763). Moderate SUSE bug 1158763 CVE-2019-18900 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for fwupdate fixes the following issues: - Add SBAT section to EFI images (bsc#1182057) Important SUSE bug 1182057 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for spamassassin fixes the following issues: - spamassassin was updated to version 3.4.5 - CVE-2019-12420: memory leak via crafted messages (bsc#1159133) - CVE-2020-1946: security update (bsc#1184221) Important SUSE bug 1159133 SUSE bug 1184221 CVE-2019-12420 CVE-2020-1946 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for glibc fixes the following issues: - CVE-2020-27618: Accept redundant shift sequences in IBM1364 (bsc#1178386) - CVE-2020-29562: Fix incorrect UCS4 inner loop bounds (bsc#1179694) - CVE-2020-29573: Harden printf against non-normal long double values (bsc#1179721) - Check vector support in memmove ifunc-selector (bsc#1184034) Important SUSE bug 1178386 SUSE bug 1179694 SUSE bug 1179721 SUSE bug 1184034 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for xorg-x11-server fixes the following issues: - CVE-2021-3472: XChangeFeedbackControl Integer Underflow Privilege Escalation (bsc#1180128) Important SUSE bug 1180128 CVE-2021-3472 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for clamav fixes the following issues: - CVE-2021-1252: Fix for Excel XLM parser infinite loop. (bsc#1184532) - CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash. (bsc#1184533) - CVE-2021-1405: Fix for mail parser NULL-dereference crash. (bsc#1184534) - Fix errors when scanning files > 4G (bsc#1181256) - Update clamav.keyring - Update to 0.103.2 Important SUSE bug 1181256 SUSE bug 1184532 SUSE bug 1184533 SUSE bug 1184534 CVE-2021-1252 CVE-2021-1404 CVE-2021-1405 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for qemu fixes the following issues: - Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385) - Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362, bsc#1172383) - Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934) - Fix use-after-free in usb ehci packet handling (CVE-2020-25084, bsc#1176673) - Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682) - Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684) - Fix guest triggerable assert in shared network handling code (CVE-2020-27617, bsc#1178174) - Fix infinite loop (DoS) in e1000e device emulation (CVE-2020-28916, bsc#1179468) - Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108) - Fix null pointer deref. (DoS) in mmio ops (CVE-2020-15469, bsc#1173612) - Fix infinite loop (DoS) in e1000 device emulation (CVE-2021-20257, bsc#1182577) - Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968) - Fix OOB access (stack overflow) in other NIC emulations (CVE-2021-3416) - Fix OOB access in SLIRP ARP/NCSI packet processing (CVE-2020-29129, bsc#1179466, CVE-2020-29130, bsc#1179467) - Fix null pointer dereference possibility (DoS) in MegaRAID SAS 8708EM2 emulation (CVE-2020-13659, bsc#1172386) - Fix OOB access in iscsi (CVE-2020-11947, bsc#1180523) - Fix OOB access in vmxnet3 emulation (CVE-2021-20203, bsc#1181639) - Fix buffer overflow in the XGMAC device (CVE-2020-15863, bsc#1174386) - Fix DoS in packet processing of various emulated NICs (CVE-2020-16092, bsc#1174641) - Fix OOB access while processing USB packets (CVE-2020-14364, bsc#1175441) - Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425) - Fix potential privilege escalation in virtfs (CVE-2021-20181, bsc#1182137) - Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361, bsc#1172384) - Fix OOB access in ROM loading (CVE-2020-13765, bsc#1172478) - Fix qemu-testsuite failure - Fix vm migration is failing with input/output error when nfs server is disconnected (bsc#1119115) - Fix OOB access in ARM interrupt handling (CVE-2021-20221, bsc#1181933) - Fix slowness in arm32 emulation (bsc#1112499) - Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385) - Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362, bsc#1172383) - Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934) - Fix use-after-free in usb ehci packet handling (CVE-2020-25084, bsc#1176673) - Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682) - Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684) - Fix guest triggerable assert in shared network handling code (CVE-2020-27617, bsc#1178174) - Fix infinite loop (DoS) in e1000e device emulation (CVE-2020-28916, bsc#1179468) - Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108) - Fix null pointer deref. (DoS) in mmio ops (CVE-2020-15469, bsc#1173612) - Fix infinite loop (DoS) in e1000 device emulation (CVE-2021-20257, bsc#1182577) - Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968) - Fix OOB access (stack overflow) in other NIC emulations (CVE-2021-3416) - Fix OOB access in SLIRP ARP/NCSI packet processing (CVE-2020-29129, bsc#1179466, CVE-2020-29130, bsc#1179467) - Fix null pointer dereference possibility (DoS) in MegaRAID SAS 8708EM2 emulation (CVE-2020-13659, bsc#1172386) - Fix OOB access in iscsi (CVE-2020-11947, bsc#1180523) - Fix OOB access in vmxnet3 emulation (CVE-2021-20203, bsc#1181639) - Fix buffer overflow in the XGMAC device (CVE-2020-15863, bsc#1174386) - Fix DoS in packet processing of various emulated NICs (CVE-2020-16092, bsc#1174641) - Fix OOB access while processing USB packets (CVE-2020-14364, bsc#1175441) - Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425) - Fix potential privilege escalation in virtfs (CVE-2021-20181, bsc#1182137) - Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361, bsc#1172384) - Fix OOB access in ROM loading (CVE-2020-13765, bsc#1172478) - Fix qemu-testsuite failure - Fix vm migration is failing with input/output error when nfs server is disconnected (bsc#1119115) - Fix OOB access in ARM interrupt handling (CVE-2021-20221, bsc#1181933) - Fix slowness in arm32 emulation (bsc#1112499) Important SUSE bug 1112499 SUSE bug 1119115 SUSE bug 1172383 SUSE bug 1172384 SUSE bug 1172385 SUSE bug 1172386 SUSE bug 1172478 SUSE bug 1173612 SUSE bug 1174386 SUSE bug 1174641 SUSE bug 1175441 SUSE bug 1176673 SUSE bug 1176682 SUSE bug 1176684 SUSE bug 1178174 SUSE bug 1178934 SUSE bug 1179466 SUSE bug 1179467 SUSE bug 1179468 SUSE bug 1180523 SUSE bug 1181108 SUSE bug 1181639 SUSE bug 1181933 SUSE bug 1182137 SUSE bug 1182425 SUSE bug 1182577 SUSE bug 1182968 CVE-2020-11947 CVE-2020-12829 CVE-2020-13361 CVE-2020-13362 CVE-2020-13659 CVE-2020-13765 CVE-2020-14364 CVE-2020-15469 CVE-2020-15863 CVE-2020-16092 CVE-2020-25084 CVE-2020-25624 CVE-2020-25625 CVE-2020-25723 CVE-2020-27617 CVE-2020-28916 CVE-2020-29129 CVE-2020-29130 CVE-2020-29443 CVE-2021-20181 CVE-2021-20203 CVE-2021-20221 CVE-2021-20257 CVE-2021-3416 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for xen fixes the following issues: - CVE-2021-27379: Fixed an issue where entries in the IOMMU were not being updated under certain circumstances due to improper backport of XSA-321 (XSA-366, bsc#1182431) - CVE-2021-20257: Fixed an infinite loop in the e1000 NIC emulator (bsc#1182846) Important SUSE bug 1178591 SUSE bug 1182431 SUSE bug 1182846 CVE-2021-20257 CVE-2021-27379 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for sudo fixes the following issues: - L3: Tenable Scan reports sudo is vulnerable to CVE-2021-3156 (bsc#1183936) Important SUSE bug 1183936 CVE-2021-3156 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.10.0 ESR (bsc#1184960) * CVE-2021-23994: Out of bound write due to lazy initialization * CVE-2021-23995: Use-after-free in Responsive Design Mode * CVE-2021-23998: Secure Lock icon could have been spoofed * CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage * CVE-2021-23999: Blob URLs may have been granted additional privileges * CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL * CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads * CVE-2021-29946: Port blocking could be bypassed Important SUSE bug 1184960 CVE-2021-23961 CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401, bsc#1183835). Important SUSE bug 1183835 SUSE bug 1184401 CVE-2021-20305 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for gdm fixes the following issues: - Avoid the signal SIGTRAP when gdm exits (bsc#1184456). Important SUSE bug 1184456 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for permissions fixes the following issues: - Update to version 20170707: * make btmp root:utmp (bsc#1050467, bsc#1182899) Important SUSE bug 1050467 SUSE bug 1182899 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for java-1_7_0-openjdk fixes the following issues: - Update to 2.6.25 - OpenJDK 7u291 (January 2021 CPU, bsc#1181239) * Security fixes + JDK-8247619: Improve Direct Buffering of Characters * Import of OpenJDK 7 u291 build 1 + JDK-8254177: (tz) Upgrade time-zone data to tzdata2020b + JDK-8254982: (tz) Upgrade time-zone data to tzdata2020c + JDK-8255226: (tz) Upgrade time-zone data to tzdata2020d Moderate SUSE bug 1181239 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for cups fixes the following issues: - CVE-2021-25317: ownership of /var/log/cups could allow privilege escalation from lp user to root via symlink attacks (bsc#1184161) Important SUSE bug 1184161 CVE-2021-25317 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for bind fixes the following issues: - CVE-2021-25214: Fixed a broken inbound incremental zone update (IXFR) which could have caused named to terminate unexpectedly (bsc#1185345). - CVE-2021-25215: Fixed an assertion check which could have failed while answering queries for DNAME records that required the DNAME to be processed to resolve itself (bsc#1185345). - MD5 warning message using host, dig, nslookup (bind-utils) on SLES 12 SP5 with FIPS enabled (bsc#1181495). Important SUSE bug 1181495 SUSE bug 1185345 CVE-2021-25214 CVE-2021-25215 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for samba fixes the following issues: - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677). - Avoid free'ing our own pointer in memcache when memcache_trim attempts to reduce cache size (bsc#1179156). - Adjust smbcacls '--propagate-inheritance' feature to align with upstream (bsc#1178469). Important SUSE bug 1178469 SUSE bug 1179156 SUSE bug 1184677 CVE-2021-20254 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for avahi fixes the following issues: - CVE-2021-3468: avoid infinite loop by handling HUP event in client_work (bsc#1184521). Important SUSE bug 1184521 CVE-2021-3468 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bnc#1184509). - CVE-2021-29650: Fixed an issue inside the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208). - CVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations (bnc#1184942). - CVE-2020-36310: Fixed an issue in arch/x86/kvm/svm/svm.c that allowed a set_memory_region_test infinite loop for certain nested page faults (bnc#1184512). - CVE-2020-27673: Fixed an issue in Xen where a guest OS users could have caused a denial of service (host OS hang) via a high rate of events to dom0 (bnc#1177411, bnc#1184583). - CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bnc#1184391). - CVE-2020-25673: Fixed NFC endless loops caused by repeated llcp_sock_connect() (bsc#1178181). - CVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect() (bsc#1178181). - CVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect() (bsc#1178181). - CVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind() (bsc#1178181). - CVE-2020-36311: Fixed an issue in arch/x86/kvm/svm/sev.c that allowed attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions) (bnc#1184511). - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a 'stall on CPU' could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211). - CVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211). - CVE-2021-30002: Fixed a memory leak issue when a webcam device exists (bnc#1184120). - CVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl() (bsc#1184393). - CVE-2021-20219: Fixed a denial of service vulnerability in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could have delayed the loop and cause a threat to the system availability (bnc#1184397). - CVE-2021-28964: Fixed a race condition in fs/btrfs/ctree.c that could have caused a denial of service because of a lack of locking on an extent buffer before a cloning operation (bnc#1184193). - CVE-2021-3444: Fixed the bpf verifier as it did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution (bnc#1184170). - CVE-2021-28971: Fixed a potential local denial of service in intel_pmu_drain_pebs_nhm where userspace applications can cause a system crash because the PEBS status in a PEBS record is mishandled (bnc#1184196). - CVE-2021-28688: Fixed XSA-365 that includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains (bnc#1183646). - CVE-2021-29265: Fixed an issue in usbip_sockfd_store in drivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status (bnc#1184167). - CVE-2021-29264: Fixed an issue in drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver that allowed attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled (bnc#1184168). - CVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c where the RPA PCI Hotplug driver had a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination (bnc#1184198). - CVE-2021-29647: Fixed an issue in kernel qrtr_recvmsg in net/qrtr/qrtr.c that allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bnc#1184192). - CVE-2020-27171: Fixed an issue in kernel/bpf/verifier.c that had an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bnc#1183686, bnc#1183775). - CVE-2020-27170: Fixed an issue in kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. This affects pointer types that do not define a ptr_limit (bnc#1183686 bnc#1183775). - CVE-2021-28660: Fixed rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing beyond the end of the ssid array (bnc#1183593). - CVE-2020-35519: Update patch reference for x25 fix (bsc#1183696). - CVE-2021-3428: Fixed ext4 integer overflow in ext4_es_cache_extent (bsc#1173485, bsc#1183509). - CVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where a possible use after free due to improper locking could have happened. This could have led to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176720). - CVE-2021-28038: Fixed an issue with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931 (bnc#1183022, bnc#1183069). - CVE-2020-27815: Fixed jfs array index bounds check in dbAdjTree (bsc#1179454). - CVE-2021-27365: Fixed an issue inside the iSCSI data structures that does not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bnc#1182715). - CVE-2021-27363: Fixed an issue with a kernel pointer leak that could have been used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables (bnc#1182716). - CVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c where an unprivileged user can craft Netlink messages (bnc#1182717). The following non-security bugs were fixed: - Revert 'rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514)' This turned out to be a bad idea: the kernel-$flavor-devel package must be usable without kernel-$flavor, e.g. at the build of a KMP. And this change brought superfluous installation of kernel-preempt when a system had kernel-syms (bsc#1185113). - Xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367). - bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775). - bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775). - coredump: fix crash when umh is disabled (bsc#1177753, bsc#1182194). - dm: fix redundant IO accounting for bios that need splitting (bsc#1183738). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - handle also the opposite type of race condition - hv: clear ring_buffer pointer during cleanup (part of ae6935ed) (bsc#1181032). - hv_netvsc: remove ndo_poll_controller (bsc#1185248). - ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922). - ibmvnic: Clear failover_pending if unable to schedule (bsc#1181960 ltc#190997). - ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140). - ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: continue fatal error reset after passive init (bsc#1171078 ltc#184239 git-fixes). - ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098 git-fixes). - ibmvnic: enhance resetting status check during module exit (bsc#1065729). - ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues (bsc#1040855 ltc#155067 git-fixes). - ibmvnic: fix a race between open and reset (bsc#1176855 ltc#187293). - ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432 git-fixes). - macros.kernel-source: Use spec_install_pre for certificate installation (boo#1182672). - post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388). - powerpc/vnic: Extend 'failover pending' window (bsc#1176855 ltc#187293). - rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063). - rpm/kernel-subpackage-build: Workaround broken bot (https://github.com/openSUSE/openSUSE-release-tools/issues/2439) - rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244) - rpm/mkspec: Use tilde instead of dot for version string with rc (bsc#1184650) - xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367). Important SUSE bug 1040855 SUSE bug 1044767 SUSE bug 1047233 SUSE bug 1065729 SUSE bug 1094840 SUSE bug 1152457 SUSE bug 1171078 SUSE bug 1173485 SUSE bug 1175873 SUSE bug 1176700 SUSE bug 1176720 SUSE bug 1176855 SUSE bug 1177411 SUSE bug 1177753 SUSE bug 1178181 SUSE bug 1179454 SUSE bug 1181032 SUSE bug 1181960 SUSE bug 1182194 SUSE bug 1182672 SUSE bug 1182715 SUSE bug 1182716 SUSE bug 1182717 SUSE bug 1183022 SUSE bug 1183063 SUSE bug 1183069 SUSE bug 1183509 SUSE bug 1183593 SUSE bug 1183646 SUSE bug 1183686 SUSE bug 1183696 SUSE bug 1183738 SUSE bug 1183775 SUSE bug 1184120 SUSE bug 1184167 SUSE bug 1184168 SUSE bug 1184170 SUSE bug 1184192 SUSE bug 1184193 SUSE bug 1184194 SUSE bug 1184196 SUSE bug 1184198 SUSE bug 1184208 SUSE bug 1184211 SUSE bug 1184388 SUSE bug 1184391 SUSE bug 1184393 SUSE bug 1184397 SUSE bug 1184509 SUSE bug 1184511 SUSE bug 1184512 SUSE bug 1184514 SUSE bug 1184583 SUSE bug 1184650 SUSE bug 1184942 SUSE bug 1185113 SUSE bug 1185244 SUSE bug 1185248 CVE-2020-0433 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-27170 CVE-2020-27171 CVE-2020-27673 CVE-2020-27815 CVE-2020-35519 CVE-2020-36310 CVE-2020-36311 CVE-2020-36312 CVE-2020-36322 CVE-2021-20219 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28660 CVE-2021-28688 CVE-2021-28950 CVE-2021-28964 CVE-2021-28971 CVE-2021-28972 CVE-2021-29154 CVE-2021-29155 CVE-2021-29264 CVE-2021-29265 CVE-2021-29647 CVE-2021-29650 CVE-2021-30002 CVE-2021-3428 CVE-2021-3444 CVE-2021-3483 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for python3 fixes the following issues: Security issues fixed: - CVE-2020-27619: where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP. (bsc#1178009) Other fixes: - Make sure to close the 'import_failed.map' file after the exception has been raised in order to avoid ResourceWarnings when the failing import is part of a try...except block Important CVE-2020-27619 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for djvulibre fixes the following issues: Security issues fixed: - CVE-2021-32491 [bsc#1185900]: Integer overflow in function render() in tools/ddjvu via crafted djvu file - CVE-2021-32492 [bsc#1185904]: Out of bounds read in function DJVU:DataPool:has_data() via crafted djvu file - CVE-2021-32493 [bsc#1185905]: Heap buffer overflow in function DJVU:GBitmap:decode() via crafted djvu file Important SUSE bug 1185900 SUSE bug 1185904 SUSE bug 1185905 CVE-2019-18804 CVE-2021-32491 CVE-2021-32492 CVE-2021-32493 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for graphviz fixes the following issues: - CVE-2020-18032: Fixed possible remote code execution via buffer overflow (bsc#1185833). Critical SUSE bug 1185833 CVE-2020-18032 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for xen fixes the following issues: Security issue fixed: - CVE-2021-28689: Fixed some x86 speculative vulnerabilities with bare (non-shim) 32-bit PV guests (XSA-370) (bsc#1185104) - Make sure xencommons is in a format as expected by fillup. (bsc#1185682) Each comment needs to be followed by an enabled key. Otherwise fillup will remove manually enabled key=value pairs, along with everything that looks like a stale comment, during next pkg update - A recent systemd update caused a regression in xenstored.service systemd now fails to track units that use systemd-notify (bsc#1183790) - Added a delay between the call to systemd-notify and the final exit of the wrapper script (bsc#1185021, bsc#1185196) Important SUSE bug 1183790 SUSE bug 1185021 SUSE bug 1185104 SUSE bug 1185196 SUSE bug 1185682 CVE-2021-28689 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for libxml2 fixes the following issues: Security issues fixed: CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). Important SUSE bug 1185408 SUSE bug 1185409 SUSE bug 1185410 SUSE bug 1185698 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3537 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for dnsmasq fixes the following issues: - bsc#1177077: Fixed DNSpooq vulnerabilities - CVE-2020-25684, CVE-2020-25685, CVE-2020-25686: Fixed multiple Cache Poisoning attacks. - CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687: Fixed multiple potential Heap-based overflows when DNSSEC is enabled. - Retry query to other servers on receipt of SERVFAIL rcode (bsc#1176076) Important SUSE bug 1176076 SUSE bug 1177077 CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for flac fixes the following issues: - CVE-2020-0499: Fixed an out-of-bounds access (bsc#1180099). Moderate SUSE bug 1180099 CVE-2020-0499 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for curl fixes the following issues: - CVE-2021-22898: TELNET stack contents disclosure (bsc#1186114) - CVE-2021-22876: The automatic referer leaks credentials (bsc#1183933) - CVE-2020-8286: Inferior OCSP verification (bsc#1179593) - CVE-2020-8285: FTP wildcard stack overflow (bsc#1179399) - CVE-2020-8284: Trusting FTP PASV responses (bsc#1179398) - CVE-2020-8231: libcurl will pick and use the wrong connection with multiple requests with libcurl's multi API and the 'CURLOPT_CONNECT_ONLY' option (bsc#1175109) - Fix: SFTP uploads result in empty uploaded files (bsc#1177976) Moderate SUSE bug 1175109 SUSE bug 1177976 SUSE bug 1179398 SUSE bug 1179399 SUSE bug 1179593 SUSE bug 1183933 SUSE bug 1186114 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2021-22876 CVE-2021-22898 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for dovecot22 fixes the following issues: - CVE-2020-24386: Fixed an issue with IMAP hibernation that allowed users to access other users' emails (bsc#1180405). Important SUSE bug 1180405 CVE-2020-24386 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for djvulibre fixes the following issues: - CVE-2021-3500: Stack overflow in function DJVU:DjVuDocument:get_djvu_file() via crafted djvu file (bsc#1186253) Important SUSE bug 1186253 CVE-2021-3500 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for dhcp fixes the following issues: - CVE-2021-25217: A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient (bsc#1186382) Important SUSE bug 1186382 CVE-2021-25217 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for libwebp fixes the following issues: - CVE-2018-25010: Fixed heap-based buffer overflow in ApplyFilter() (bsc#1185685). - CVE-2020-36330: Fixed heap-based buffer overflow in ChunkVerifyAndAssign() (bsc#1185691). - CVE-2020-36332: Fixed extreme memory allocation when reading a file (bsc#1185674). - CVE-2020-36329: Fixed use-after-free in EmitFancyRGB() (bsc#1185652). - CVE-2018-25012: Fixed heap-based buffer overflow in GetLE24() (bsc#1185690). - CVE-2018-25013: Fixed heap-based buffer overflow in ShiftBytes() (bsc#1185654). - CVE-2020-36331: Fixed heap-based buffer overflow in ChunkAssignData() (bsc#1185686). - CVE-2018-25009: Fixed heap-based buffer overflow in GetLE16() (bsc#1185673). - CVE-2018-25011: Fixed fail on multiple image chunks (bsc#1186247). Critical SUSE bug 1185652 SUSE bug 1185654 SUSE bug 1185673 SUSE bug 1185674 SUSE bug 1185685 SUSE bug 1185686 SUSE bug 1185690 SUSE bug 1185691 SUSE bug 1186247 CVE-2018-25009 CVE-2018-25010 CVE-2018-25011 CVE-2018-25012 CVE-2018-25013 CVE-2020-36329 CVE-2020-36330 CVE-2020-36331 CVE-2020-36332 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for polkit fixes the following issues: - CVE-2021-3560: Fixed a local privilege escalation using polkit_system_bus_name_get_creds_sync() (bsc#1186497). Important SUSE bug 1186497 CVE-2021-3560 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for gstreamer-plugins-bad fixes the following issues: - CVE-2021-3185: Fixed buffer overflow in gst_h264_slice_parse_dec_ref_pic_marking (bsc#1181255). Important SUSE bug 1181255 CVE-2021-3185 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.11.0 ESR (bsc#1186696) * CVE-2021-29964: Out of bounds-read when parsing a `WM_COPYDATA` message * CVE-2021-29967: Memory safety bugs fixed in Firefox Important SUSE bug 1185633 SUSE bug 1186696 CVE-2021-29951 CVE-2021-29964 CVE-2021-29967 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bounds reads and writes in kernel memory (bsc#1186484). - CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values. (bsc#1186111) - CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. (bnc#1186062) - CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local attackers to elevate their privileges. (bnc#1186060) - CVE-2021-23133: Fixed a race condition in SCTP sockets, which could lead to privilege escalation from the context of a network service or an unprivileged process. (bnc#1184675) - CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This vulnerability is related to the PROVIDE_BUFFERS operation, which allowed the MAX_RW_COUNT limit to be bypassed (bsc#1185642). - CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611). - CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances this can be abused to inject arbitrary network packets and/or exfiltrate user data (bnc#1185859). - CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed (bnc#1185859 bnc#1185862). - CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments, even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used (bnc#1185859). - CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (bnc#1185860) - CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H, where the Message Integrity Check (authenticity) of fragmented TKIP frames was not verified. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. (bnc#1185987) The following non-security bugs were fixed: - Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185724). - Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185724). - af_packet: fix the tx skb protocol in raw sockets with ETH_P_ALL (bsc#1176081). - ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938 ltc#192043). - ibmvfc: Handle move login failure (bsc#1185938 ltc#192043). - ibmvfc: Reinit target retries (bsc#1185938 ltc#192043). - kABI: Fix kABI after modifying struct __call_single_data (bsc#1180846). - kabi: preserve struct header_ops after bsc#1176081 fix (bsc#1176081). - kernel/smp: Provide CSD lock timeout diagnostics (bsc#1180846). - kernel/smp: add boot parameter for controlling CSD lock debugging (bsc#1180846). - kernel/smp: add more data to CSD lock debugging (bsc#1180846). - kernel/smp: make csdlock timeout depend on boot parameter (bsc#1180846). - kernel/smp: prepare more CSD lock debugging (bsc#1180846). - md/raid1: properly indicate failure when ending a failed write request (bsc#1185680). - net/ethernet: Add parse_protocol header_ops support (bsc#1176081). - net/mlx5e: Remove the wrong assumption about transport offset (bsc#1176081). - net/mlx5e: Trust kernel regarding transport offset (bsc#1176081). - net/packet: Ask driver for protocol if not provided by user (bsc#1176081). - net/packet: Remove redundant skb->protocol set (bsc#1176081). - net: Do not set transport offset to invalid value (bsc#1176081). - net: Introduce parse_protocol header_ops callback (bsc#1176081). - netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947 bsc#1185950). - netfilter: conntrack: avoid misleading 'invalid' in log message (bsc#1183947 bsc#1185950). - netfilter: conntrack: improve RST handling when tuple is re-used (bsc#1183947 bsc#1185950). - netfilter: conntrack: tcp: only close if RST matches exact sequence (bsc#1183947 bsc#1185950). - s390/entry: save the caller of psw_idle (bsc#1185677). - smp: Add source and destination CPUs to __call_single_data (bsc#1180846). - video: hyperv_fb: Add ratelimit on error message (bsc#1185724). Important SUSE bug 1176081 SUSE bug 1180846 SUSE bug 1183947 SUSE bug 1184611 SUSE bug 1184675 SUSE bug 1185642 SUSE bug 1185677 SUSE bug 1185680 SUSE bug 1185724 SUSE bug 1185859 SUSE bug 1185860 SUSE bug 1185862 SUSE bug 1185863 SUSE bug 1185898 SUSE bug 1185899 SUSE bug 1185901 SUSE bug 1185938 SUSE bug 1185950 SUSE bug 1185987 SUSE bug 1186060 SUSE bug 1186061 SUSE bug 1186062 SUSE bug 1186111 SUSE bug 1186285 SUSE bug 1186390 SUSE bug 1186484 SUSE bug 1186498 CVE-2020-24586 CVE-2020-24587 CVE-2020-26139 CVE-2020-26141 CVE-2020-26145 CVE-2020-26147 CVE-2021-23133 CVE-2021-23134 CVE-2021-32399 CVE-2021-33034 CVE-2021-33200 CVE-2021-3491 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for libX11 fixes the following issues: - Regression in the fix for CVE-2021-31535, causing segfaults for xforms applications like fdesign (bsc#1186643) Important SUSE bug 1186643 CVE-2021-31535 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 4 Fix Pack 75 [bsc#1180063, bsc#1177943] CVE-2020-14792 CVE-2020-14797 CVE-2020-14782 CVE-2020-14781 CVE-2020-14779 CVE-2020-14798 CVE-2020-14796 CVE-2020-14803 * Class Libraries: - Z/OS specific C function send_file is changing the file pointer position * Security: - Add the new oracle signer certificate - Certificate parsing error - JVM memory growth can be caused by the IBMPKCS11IMPL crypto provider - Remove check for websphere signed jars - sessionid.hashcode generates too many collisions - The Java 8 IBM certpath provider does not honor the user specified system property for CLR connect timeout Moderate SUSE bug 1177943 SUSE bug 1180063 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for apache2-mod_auth_openidc fixes the following issues: - CVE-2021-20718: Fixed possible remote denial-of-service (DoS) via unspecified vectors (bsc#1186291). Important SUSE bug 1186291 CVE-2021-20718 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for spice fixes the following issues: - CVE-2021-20201: client initiated renegotiation causing denial of service (bsc#1181686) Important SUSE bug 1181686 CVE-2021-20201 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20210608 release. - CVE-2020-24513: A domain bypass transient execution vulnerability was discovered on some Intel Atom processors that use a micro-architectural incident channel. (INTEL-SA-00465 bsc#1179833) See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html - CVE-2020-24511: The IBRS feature to mitigate Spectre variant 2 transient execution side channel vulnerabilities may not fully prevent non-root (guest) branches from controlling the branch predictions of the root (host) (INTEL-SA-00464 bsc#1179836) See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html) - CVE-2020-24512: Fixed trivial data value cache-lines such as all-zero value cache-lines may lead to changes in cache-allocation or write-back behavior for such cache-lines (bsc#1179837 INTEL-SA-00464) See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html) - CVE-2020-24489: Fixed Intel VT-d device pass through potential local privilege escalation (INTEL-SA-00442 bsc#1179839) See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html Other fixes: - Update for functional issues. Refer to [Third Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780)for details. - Update for functional issues. Refer to [Second Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details. - Update for functional issues. Refer to [Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details. - Update for functional issues. Refer to [Intel Xeon Processor D-1500, D-1500 NS and D-1600 NS Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-d-1500-specification-update.html) for details. - Update for functional issues. Refer to [Intel Xeon E7-8800 and E7-4800 v3 Processor Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e7-v3-spec-update.html) for details. - Update for functional issues. Refer to [Intel Xeon Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details. - Update for functional issues. Refer to [10th Gen Intel Core Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details. - Update for functional issues. Refer to [8th and 9th Gen Intel Core Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details. - Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details. - Update for functional issues. Refer to [6th Gen Intel Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details. - Update for functional issues. Refer to [Intel Xeon E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details. - Update for functional issues. Refer to [Intel Xeon E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details. - New platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | CLX-SP | A0 | 06-55-05/b7 | | 03000010 | Xeon Scalable Gen2 | ICX-SP | C0 | 06-6a-05/87 | | 0c0002f0 | Xeon Scalable Gen3 | ICX-SP | D0 | 06-6a-06/87 | | 0d0002a0 | Xeon Scalable Gen3 | SNR | B0 | 06-86-04/01 | | 0b00000f | Atom P59xxB | SNR | B1 | 06-86-05/01 | | 0b00000f | Atom P59xxB | TGL | B1 | 06-8c-01/80 | | 00000088 | Core Gen11 Mobile | TGL-R | C0 | 06-8c-02/c2 | | 00000016 | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | | 0000002c | Core Gen11 Mobile | EHL | B1 | 06-96-01/01 | | 00000011 | Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E | JSL | A0/A1 | 06-9c-00/01 | | 0000001d | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105 | RKL-S | B0 | 06-a7-01/02 | | 00000040 | Core Gen11 - Updated platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000044 | 00000046 | Core Gen4 X series; Xeon E5 v3 | HSX-EX | E0 | 06-3f-04/80 | 00000016 | 00000019 | Xeon E7 v3 | SKL-U/Y | D0 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile | SKL-U23e | K1 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile | BDX-ML | B0/M0/R0 | 06-4f-01/ef | 0b000038 | 0b00003e | Xeon E5/E7 v4; Core i7-69xx/68xx | SKX-SP | B1 | 06-55-03/97 | 01000159 | 0100015b | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04003006 | 04003102 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003006 | 05003102 | Xeon Scalable Gen2 | CPX-SP | A1 | 06-55-0b/bf | 0700001e | 07002302 | Xeon Scalable Gen3 | BDX-DE | V2/V3 | 06-56-03/10 | 07000019 | 0700001b | Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 | BDX-DE | Y0 | 06-56-04/10 | 0f000017 | 0f000019 | Xeon D-1557/59/67/71/77/81/87 | BDX-NS | A0 | 06-56-05/10 | 0e00000f | 0e000012 | Xeon D-1513N/23/33/43/53 | APL | D0 | 06-5c-09/03 | 00000040 | 00000044 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | APL | E0 | 06-5c-0a/03 | 0000001e | 00000020 | Atom x5-E39xx | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000e2 | 000000ea | Core Gen6; Xeon E3 v5 | DNV | B0 | 06-5f-01/01 | 0000002e | 00000034 | Atom C Series | GLK | B0 | 06-7a-01/01 | 00000034 | 00000036 | Pentium Silver N/J5xxx, Celeron N/J4xxx | GKL-R | R0 | 06-7a-08/01 | 00000018 | 0000001a | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 000000a0 | 000000a6 | Core Gen10 Mobile | LKF | B2/B3 | 06-8a-01/10 | 00000028 | 0000002a | Core w/Hybrid Technology | AML-Y22 | H0 | 06-8e-09/10 | 000000de | 000000ea | Core Gen8 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000de | 000000ea | Core Gen7 Mobile | CFL-U43e | D0 | 06-8e-0a/c0 | 000000e0 | 000000ea | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000de | 000000ea | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen8 Mobile | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000de | 000000ea | Core Gen7; Xeon E3 v6 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000de | 000000ea | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000de | 000000ea | Core Gen8 | CFL-H/S | P0 | 06-9e-0c/22 | 000000de | 000000ea | Core Gen9 | CFL-H | R0 | 06-9e-0d/22 | 000000de | 000000ea | Core Gen9 Mobile | CML-H | R1 | 06-a5-02/20 | 000000e0 | 000000ea | Core Gen10 Mobile | CML-S62 | G1 | 06-a5-03/22 | 000000e0 | 000000ea | Core Gen10 | CML-S102 | Q0 | 06-a5-05/22 | 000000e0 | 000000ec | Core Gen10 | CML-U62 | A0 | 06-a6-00/80 | 000000e0 | 000000e8 | Core Gen10 Mobile | CML-U62 V2 | K0 | 06-a6-01/80 | 000000e0 | 000000ea | Core Gen10 Mobile Important SUSE bug 1179833 SUSE bug 1179836 SUSE bug 1179837 SUSE bug 1179839 CVE-2020-24489 CVE-2020-24511 CVE-2020-24512 CVE-2020-24513 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for caribou fixes the following issues: Security issue fixed: - CVE-2021-3567: Fixed a segfault when attempting to use shifted characters (bsc#1186617). Important SUSE bug 1186617 CVE-2021-3567 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for qemu fixes the following issues: - Fix OOB access during mmio operations (CVE-2020-13754, bsc#1172382) - Fix out-of-bounds read information disclosure in icmp6_send_echoreply (CVE-2020-10756, bsc#1172380) - For the record, these issues are fixed in this package already. Most are alternate references to previously mentioned issues: (CVE-2019-15890, bsc#1149813, CVE-2020-8608, bsc#1163019, CVE-2020-14364, bsc#1175534, CVE-2020-25707, bsc#1178683, CVE-2020-25723, bsc#1178935, CVE-2020-29130, bsc#1179477, CVE-2020-29129, bsc#1179484, CVE-2021-20257, bsc#1182846, CVE-2021-3419, bsc#1182975) Important SUSE bug 1149813 SUSE bug 1163019 SUSE bug 1172380 SUSE bug 1172382 SUSE bug 1175534 SUSE bug 1178683 SUSE bug 1178935 SUSE bug 1179477 SUSE bug 1179484 SUSE bug 1182846 SUSE bug 1182975 CVE-2019-15890 CVE-2020-10756 CVE-2020-13754 CVE-2020-14364 CVE-2020-25707 CVE-2020-25723 CVE-2020-29129 CVE-2020-29130 CVE-2020-8608 CVE-2021-20257 CVE-2021-3419 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for freeradius-server fixes the following issues: - Do not log passwords in logfiles (bsc#1184016) Moderate SUSE bug 1184016 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for java-1_8_0-openjdk fixes the following issues: - Update to version jdk8u292 (icedtea 3.19.0). - CVE-2021-2161: Fixed incomplete enforcement of JAR signing disabled algorithms (bsc#1185055). Moderate SUSE bug 1185055 CVE-2021-2163 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for ImageMagick fixes the following issues: - CVE-2020-19667: Fixed a stack buffer overflow in XPM coder could result in a crash (bsc#1179103). - CVE-2020-25664: Fixed a heap-based buffer overflow in PopShortPixel (bsc#1179202). - CVE-2020-25665: Fixed a heap-based buffer overflow in WritePALMImage (bsc#1179208). - CVE-2020-25666: Fixed an outside the range of representable values of type 'int' and signed integer overflow (bsc#1179212). - CVE-2020-25674: Fixed a heap-based buffer overflow in WriteOnePNGImage (bsc#1179223). - CVE-2020-25675: Fixed an outside the range of representable values of type 'long' and integer overflow (bsc#1179240). - CVE-2020-25676: Fixed an outside the range of representable values of type 'long' and integer overflow at MagickCore/pixel.c (bsc#1179244). - CVE-2020-27750: Fixed an division by zero in MagickCore/colorspace-private.h (bsc#1179260). - CVE-2020-27751: Fixed an integer overflow in MagickCore/quantum-export.c (bsc#1179269). - CVE-2020-27752: Fixed a heap-based buffer overflow in PopShortPixel in MagickCore/quantum-private.h (bsc#1179346). - CVE-2020-27753: Fixed memory leaks in AcquireMagickMemory function (bsc#1179397). - CVE-2020-27754: Fixed an outside the range of representable values of type 'long' and signed integer overflow at MagickCore/quantize.c (bsc#1179336). - CVE-2020-27755: Fixed memory leaks in ResizeMagickMemory function in ImageMagick/MagickCore/memory.c (bsc#1179345). - CVE-2020-27757: Fixed an outside the range of representable values of type 'unsigned long long' at MagickCore/quantum-private.h (bsc#1179268). - CVE-2020-27759: Fixed an outside the range of representable values of type 'int' at MagickCore/quantize.c (bsc#1179313). - CVE-2020-27760: Fixed a division by zero at MagickCore/enhance.c (bsc#1179281). - CVE-2020-27761: Fixed an outside the range of representable values of type 'unsigned long' at coders/palm.c (bsc#1179315). - CVE-2020-27762: Fixed an outside the range of representable values of type 'unsigned char' (bsc#1179278). - CVE-2020-27763: Fixed a division by zero at MagickCore/resize.c (bsc#1179312). - CVE-2020-27764: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179317). - CVE-2020-27765: Fixed a division by zero at MagickCore/segment.c (bsc#1179311). - CVE-2020-27766: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179361). - CVE-2020-27767: Fixed an outside the range of representable values of type 'float' at MagickCore/quantum.h (bsc#1179322). - CVE-2020-27768: Fixed an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h (bsc#1179339). - CVE-2020-27769: Fixed an outside the range of representable values of type 'float' at MagickCore/quantize.c (bsc#1179321). - CVE-2020-27770: Fixed an unsigned offset overflowed at MagickCore/string.c (bsc#1179343). - CVE-2020-27771: Fixed an outside the range of representable values of type 'unsigned char' at coders/pdf.c (bsc#1179327). - CVE-2020-27772: Fixed an outside the range of representable values of type 'unsigned int' at coders/bmp.c (bsc#1179347). - CVE-2020-27773: Fixed a division by zero at MagickCore/gem-private.h (bsc#1179285). - CVE-2020-27774: Fixed an integer overflow at MagickCore/statistic.c (bsc#1179333). - CVE-2020-27775: Fixed an outside the range of representable values of type 'unsigned char' at MagickCore/quantum.h (bsc#1179338). - CVE-2020-27776: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179362). Important SUSE bug 1179103 SUSE bug 1179202 SUSE bug 1179208 SUSE bug 1179212 SUSE bug 1179223 SUSE bug 1179240 SUSE bug 1179244 SUSE bug 1179260 SUSE bug 1179268 SUSE bug 1179269 SUSE bug 1179278 SUSE bug 1179281 SUSE bug 1179285 SUSE bug 1179311 SUSE bug 1179312 SUSE bug 1179313 SUSE bug 1179315 SUSE bug 1179317 SUSE bug 1179321 SUSE bug 1179322 SUSE bug 1179327 SUSE bug 1179333 SUSE bug 1179336 SUSE bug 1179338 SUSE bug 1179339 SUSE bug 1179343 SUSE bug 1179345 SUSE bug 1179346 SUSE bug 1179347 SUSE bug 1179361 SUSE bug 1179362 SUSE bug 1179397 CVE-2020-19667 CVE-2020-25664 CVE-2020-25665 CVE-2020-25666 CVE-2020-25674 CVE-2020-25675 CVE-2020-25676 CVE-2020-27750 CVE-2020-27751 CVE-2020-27752 CVE-2020-27753 CVE-2020-27754 CVE-2020-27755 CVE-2020-27757 CVE-2020-27759 CVE-2020-27760 CVE-2020-27761 CVE-2020-27762 CVE-2020-27763 CVE-2020-27764 CVE-2020-27765 CVE-2020-27766 CVE-2020-27767 CVE-2020-27768 CVE-2020-27769 CVE-2020-27770 CVE-2020-27771 CVE-2020-27772 CVE-2020-27773 CVE-2020-27774 CVE-2020-27775 CVE-2020-27776 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for webkit2gtk3 fixes the following issues: - Update to version 2.32.1: + Improve handling of Media Capture devices. + Improve WebAudio playback. + Improve video orientation handling. + Improve seeking support for MSE playback. + Improve flush support in EME decryptors. + Fix HTTP status codes for requests done through a custom URI handler. + Fix the Bubblewrap sandbox in certain 32-bit systems. + Fix inconsistencies between the WebKitWebView.is-muted property state and values returned by webkit_web_view_is_playing_audio(). + Fix the build with ENABLE_VIDEO=OFF. + Fix wrong timestamps for long-lived cookies. + Fix UI process crash when failing to load favicons. + Fix several crashes and rendering issues. - Including Security fixes for: CVE-2021-1788, CVE-2021-1844, CVE-2021-1871, CVE-2020-27918, CVE-2020-29623, CVE-2021-1765, CVE-2021-1789, CVE-2021-1799, CVE-2021-1801, CVE-2021-1870, CVE-2020-13558, CVE-2020-13584, CVE-2020-9983, CVE-2020-13543, CVE-2020-9947, CVE-2020-9948, CVE-2020-9951. Important SUSE bug 1177087 SUSE bug 1179122 SUSE bug 1179451 SUSE bug 1182286 SUSE bug 1184155 SUSE bug 1184262 CVE-2020-13543 CVE-2020-13558 CVE-2020-13584 CVE-2020-27918 CVE-2020-29623 CVE-2020-9947 CVE-2020-9948 CVE-2020-9951 CVE-2020-9983 CVE-2021-1765 CVE-2021-1788 CVE-2021-1789 CVE-2021-1799 CVE-2021-1801 CVE-2021-1844 CVE-2021-1870 CVE-2021-1871 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for apache2 fixes the following issues: - fixed CVE-2021-30641 [bsc#1187174]: MergeSlashes regression - fixed CVE-2021-31618 [bsc#1186924]: NULL pointer dereference on specially crafted HTTP/2 request - fixed CVE-2020-35452 [bsc#1186922]: Single zero byte stack overflow in mod_auth_digest - fixed CVE-2021-26690 [bsc#1186923]: mod_session NULL pointer dereference in parser - fixed CVE-2021-26691 [bsc#1187017]: Heap overflow in mod_session Important SUSE bug 1186922 SUSE bug 1186923 SUSE bug 1186924 SUSE bug 1187017 SUSE bug 1187174 CVE-2020-35452 CVE-2021-26690 CVE-2021-26691 CVE-2021-30641 CVE-2021-31618 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for xterm fixes the following issues: - CVE-2021-27135: Fixed buffer-overflow when clicking on selected utf8 text. (bsc#1182091) Important SUSE bug 1182091 CVE-2021-27135 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for libnettle fixes the following issues: - CVE-2021-3580: Fixed a remote denial of service in the RSA decryption via manipulated ciphertext (bsc#1187060). Important SUSE bug 1187060 CVE-2021-3580 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for ovmf fixes the following issues: - Fixed a possible buffer overflow in IScsiDxe (bsc#1186151) Important SUSE bug 1186151 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212). Important SUSE bug 1187212 CVE-2021-33560 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for openexr fixes the following issues: - Fixed CVE-2021-3479 [bsc#1184354]: Out-of-memory caused by allocation of a very large buffer - Fixed CVE-2021-3605 [bsc#1187395]: Heap buffer overflow in the rleUncompress function - Fixed CVE-2021-3598 [bsc#1187310]: Heap buffer overflow in Imf_3_1:CharPtrIO:readChars Important SUSE bug 1184354 SUSE bug 1187310 SUSE bug 1187395 CVE-2021-3479 CVE-2021-3598 CVE-2021-3605 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for postgresql, postgresql12, postgresql13 fixes the following issues: Initial packaging of PostgreSQL 13: * https://www.postgresql.org/about/news/2077/ * https://www.postgresql.org/docs/13/release-13.html Changes in postgresql: - Bump postgresql major version to 13. Changes in postgresql12: - %ghost the symlinks to pg_config and ecpg. (bsc#1178961) - BuildRequire libpq5 and libecpg6 when not building them to avoid dangling symlinks in the devel package. (bsc#1179765) - Fix a DST problem in the test suite. Changes in postgresql13: - Add postgresql-icu68.patch: fix build with ICU 68 - %ghost the symlinks to pg_config and ecpg. (bsc#1178961) - BuildRequire libpq5 and libecpg6 when not building them to avoid dangling symlinks in the devel package. (bsc#1179765) Upgrade to version 13.1: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. (obsoletes postgresql-timetz.patch) * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/13/release-13-1.html - Fix a DST problem in the test suite. Important SUSE bug 1178666 SUSE bug 1178667 SUSE bug 1178668 SUSE bug 1178961 SUSE bug 1179765 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for arpwatch fixes the following issues: - CVE-2021-25321: Fixed local privilege escalation from runtime user to root (bsc#1186240). Important SUSE bug 1186240 CVE-2021-25321 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for libsolv fixes the following issues: Security issues fixed: - CVE-2019-20387: Fixed heap-buffer-overflow in repodata_schema2id (bsc#1161510) - CVE-2021-3200: testcase_read: error out if repos are added or the system is changed too late (bsc#1186229) Other issues fixed: - backport support for blacklisted packages to support ptf packages and retracted patches - fix ruleinfo of complex dependencies returning the wrong origin - fix SOLVER_FLAG_FOCUS_BEST updateing packages without reason - fix add_complex_recommends() selecting conflicted packages in rare cases - fix potential segfault in resolve_jobrules - fix solv_zchunk decoding error if large chunks are used Important SUSE bug 1161510 SUSE bug 1186229 CVE-2019-20387 CVE-2021-3200 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for sudo fixes the following issues: - A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges [bsc#1181090,CVE-2021-3156] - It was possible for a user to test for the existence of a directory due to a Race Condition in `sudoedit` [bsc#1180684,CVE-2021-23239] - A Possible Symlink Attack vector existed in `sudoedit` if SELinux was running in permissive mode [bsc#1180685, CVE-2021-23240] - It was possible for a User to enable Debug Settings not Intended for them [bsc#1180687] Important SUSE bug 1180684 SUSE bug 1180685 SUSE bug 1180687 SUSE bug 1181090 CVE-2021-23239 CVE-2021-23240 CVE-2021-3156 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.12.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-29 (bsc#1188275) * CVE-2021-29970: Use-after-free in accessibility features of a document * CVE-2021-30547: Out of bounds write in ANGLE * CVE-2021-29976: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 Important SUSE bug 1188275 CVE-2021-29970 CVE-2021-29976 CVE-2021-30547 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.7.0 ESR (MFSA 2021-04, bsc#1181414) * CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests * CVE-2021-23954: Fixed a type confusion when using logical assignment operators in JavaScript switch statements * CVE-2020-26976: Fixed an issue where HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2021-23960: Fixed a use-after-poison for incorrectly redeclared JavaScript variables during GC * CVE-2021-23964: Fixed Memory safety bugs Important SUSE bug 1181414 CVE-2020-26976 CVE-2021-23953 CVE-2021-23954 CVE-2021-23960 CVE-2021-23964 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-22555: A heap out-of-bounds write was discovered in net/netfilter/x_tables.c (bnc#1188116). - CVE-2021-33909: Extremely large seq buffer allocations in seq_file could lead to buffer underruns and code execution (bsc#1188062). - CVE-2021-3609: A use-after-free in can/bcm could have led to privilege escalation (bsc#1187215). - CVE-2021-33624: In kernel/bpf/verifier.c a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db (bnc#1187554). - CVE-2021-0605: In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation (bnc#1187601). - CVE-2021-0512: In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1187595). - CVE-2020-26558: Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time (bnc#1179610 bnc#1186463). - CVE-2021-34693: net/can/bcm.c allowed local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized (bnc#1187452). - CVE-2020-36385: An issue was discovered in drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c (bnc#1187050). - CVE-2021-0129: Improper access control in BlueZ may have allowed an authenticated user to potentially enable information disclosure via adjacent access (bnc#1186463). - CVE-2020-36386: An issue was discovered net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf (bnc#1187038). - CVE-2020-24588: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets (bnc#1185861). - CVE-2021-33200: kernel/bpf/verifier.c enforced incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit (bnc#1186484). The following non-security bugs were fixed: - block: do not use blocking queue entered for recursive bio (bsc#1104967). - s390/stack: fix possible register corruption with stack switch helper (git-fixes). - scsi: scsi_dh_alua: Retry RTPG on a different path after failure (bsc#1174978 bsc#1185701). Important SUSE bug 1104967 SUSE bug 1174978 SUSE bug 1179610 SUSE bug 1185701 SUSE bug 1185861 SUSE bug 1186463 SUSE bug 1186484 SUSE bug 1187038 SUSE bug 1187050 SUSE bug 1187215 SUSE bug 1187452 SUSE bug 1187554 SUSE bug 1187595 SUSE bug 1187601 SUSE bug 1187934 SUSE bug 1188062 SUSE bug 1188116 CVE-2020-24588 CVE-2020-26558 CVE-2020-36385 CVE-2020-36386 CVE-2021-0129 CVE-2021-0512 CVE-2021-0605 CVE-2021-22555 CVE-2021-33200 CVE-2021-33624 CVE-2021-33909 CVE-2021-34693 CVE-2021-3609 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for systemd fixes the following issues: Security issues fixed: - CVE-2021-33910: Fixed a denial of service (stack exhaustion) in systemd (PID 1) (bsc#1188063) Other fixes: - mount-util: shorten the loop a bit (#7545) - mount-util: do not use the official MAX_HANDLE_SZ (#7523) - mount-util: tape over name_to_handle_at() flakiness (#7517) (bsc#1184761) - mount-util: fix bad indenting - mount-util: EOVERFLOW might have other causes than buffer size issues - mount-util: fix error propagation in fd_fdinfo_mnt_id() - mount-util: drop exponential buffer growing in name_to_handle_at_loop() - udev: port udev_has_devtmpfs() to use path_get_mnt_id() - mount-util: add new path_get_mnt_id() call that queries the mnt ID of a path - mount-util: add name_to_handle_at_loop() wrapper around name_to_handle_at() - mount-util: accept that name_to_handle_at() might fail with EPERM (#5499) - basic: fallback to the fstat if we don't have access to the /proc/self/fdinfo - sysusers: use the usual comment style - test/TEST-21-SYSUSERS: add tests for new functionality - sysusers: allow admin/runtime overrides to command-line config - basic/strv: add function to insert items at position - sysusers: allow the shell to be specified - sysusers: move various user credential validity checks to src/basic/ - man: reformat table in sysusers.d(5) - sysusers: take configuration as positional arguments - sysusers: emit a bit more info at debug level when locking fails - sysusers: allow force reusing existing user/group IDs (#8037) - sysusers: ensure GID in uid:gid syntax exists - sysusers: make ADD_GROUP always create a group - test: add TEST-21-SYSUSERS test - sysuser: use OrderedHashmap - sysusers: allow uid:gid in sysusers.conf files - sysusers: fix memleak (#4430) - These commits implement the option '--replace' for systemd-sysusers so %sysusers_create_package can be introduced in SLE and packages can rely on this rpm macro without wondering whether the macro is available on the different target the package is submitted to. - Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807) - systemctl: add --value option - execute: make sure to call into PAM after initializing resource limits (bsc#1184967) - rlimit-util: introduce setrlimit_closest_all() - system-conf: drop reference to ShutdownWatchdogUsec= - core: rename ShutdownWatchdogSec to RebootWatchdogSec (bsc#1185331) - Return -EAGAIN instead of -EALREADY from unit_reload (bsc#1185046) - rules: don't ignore Xen virtual interfaces anymore (bsc#1178561) - write_net_rules: set execute bits (bsc#1178561) - udev: rework network device renaming - Revert 'Revert 'udev: network device renaming - immediately give up if the target name isn't available'' Important SUSE bug 1178561 SUSE bug 1184761 SUSE bug 1184967 SUSE bug 1185046 SUSE bug 1185331 SUSE bug 1185807 SUSE bug 1188063 CVE-2021-33910 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) Moderate SUSE bug 1188217 SUSE bug 1188218 SUSE bug 1188219 SUSE bug 1188220 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for linuxptp fixes the following issues: - CVE-2021-3570: Validate the messageLength field of incoming messages. (bsc#1187646) Important SUSE bug 1187646 CVE-2021-3570 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for qemu fixes the following issues: Security issues fixed: - CVE-2021-3595: Fixed slirp: invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366) - CVE-2021-3592: Fix for slirp: invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364) - CVE-2021-3594: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367) - CVE-2021-3593: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365) - CVE-2021-3611: Fix intel-hda segmentation fault due to stack overflow (bsc#1187529) Important SUSE bug 1187364 SUSE bug 1187365 SUSE bug 1187366 SUSE bug 1187367 SUSE bug 1187529 CVE-2021-3592 CVE-2021-3593 CVE-2021-3594 CVE-2021-3595 CVE-2021-3611 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for dbus-1 fixes the following issues: - CVE-2020-35512: Fixed a bug where users with the same numeric UID could lead to use-after-free and undefined behaviour. (bsc#1187105) - CVE-2020-12049: Fixed a bug where a truncated messages lead to resource exhaustion. (bsc#1172505) Important SUSE bug 1172505 SUSE bug 1187105 CVE-2020-12049 CVE-2020-35512 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for webkit2gtk3 fixes the following issues: Update to version 2.32.3: - CVE-2021-21775: Fixed a use-after-free vulnerability in the way certain events are processed for ImageLoader objects. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (bsc#1188697) - CVE-2021-21779: Fixed a use-after-free vulnerability in the way that WebKit GraphicsContext handles certain events. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (bsc#1188697) - CVE-2021-30663: An integer overflow was addressed with improved input validation. (bsc#1188697) - CVE-2021-30665: A memory corruption issue was addressed with improved state management. (bsc#1188697) - CVE-2021-30689: A logic issue was addressed with improved state management. (bsc#1188697) - CVE-2021-30720: A logic issue was addressed with improved restrictions. (bsc#1188697) - CVE-2021-30734: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697) - CVE-2021-30744: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. (bsc#1188697) - CVE-2021-30749: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697) - CVE-2021-30758: A type confusion issue was addressed with improved state handling. (bsc#1188697) - CVE-2021-30795: A use after free issue was addressed with improved memory management. (bsc#1188697) - CVE-2021-30797: This issue was addressed with improved checks. (bsc#1188697) - CVE-2021-30799: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697) Important SUSE bug 1188697 CVE-2021-21775 CVE-2021-21779 CVE-2021-30663 CVE-2021-30665 CVE-2021-30689 CVE-2021-30720 CVE-2021-30734 CVE-2021-30744 CVE-2021-30749 CVE-2021-30758 CVE-2021-30795 CVE-2021-30797 CVE-2021-30799 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for libsndfile fixes the following issues: - CVE-2018-13139: Fixed a stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. (bsc#1100167) - CVE-2018-19432: Fixed a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service. (bsc#1116993) - CVE-2021-3246: Fixed a heap buffer overflow vulnerability in msadpcm_decode_block. (bsc#1188540) - CVE-2018-19758: Fixed a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. (bsc#1117954) Critical SUSE bug 1100167 SUSE bug 1116993 SUSE bug 1117954 SUSE bug 1188540 CVE-2018-13139 CVE-2018-19432 CVE-2018-19758 CVE-2021-3246 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for djvulibre fixes the following issues: - CVE-2021-3630: out-of-bounds write in DJVU:DjVuTXT:decode() in DjVuText.cpp (bsc#1187869) Important SUSE bug 1187869 CVE-2021-3630 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for mariadb fixes the following issues: - Update to 10.2.39 (bsc#1182739) - CVE-2021-2166: DML unspecified vulnerability lead to complete DOS. (bsc#1185870) - CVE-2021-2154: DML unspecified vulnerability can lead to complete DOS. (bsc#1185872) - CVE-2021-2180: InnoDB unspecified vulnerability lead to complete DOS. (bsc#1185868) - CVE-2021-27928: Fixed a remote code execution issue. (bsc#1183770) Important SUSE bug 1182739 SUSE bug 1183770 SUSE bug 1185868 SUSE bug 1185870 SUSE bug 1185872 SUSE bug 1188300 CVE-2021-2154 CVE-2021-2166 CVE-2021-2180 CVE-2021-27928 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) Important SUSE bug 1189206 CVE-2021-38185 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for libcares2 fixes the following issues: - CVE-2021-3672: Fixed input validation on hostnames (bsc#1188881). Important SUSE bug 1188881 CVE-2021-3672 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.13.0 ESR (MFSA 2021-34, bsc#1188891): - CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption - CVE-2021-29988: Memory corruption as a result of incorrect style treatment - CVE-2021-29984: Incorrect instruction reordering during JIT optimization - CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption - CVE-2021-29985: Use-after-free media channels - CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 Important SUSE bug 1188891 CVE-2021-29980 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29988 CVE-2021-29989 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for fetchmail fixes the following issues: - CVE-2021-36386: DoS or information disclosure in some configurations (bsc#1188875) - Change PASSWORDLEN from 64 to 256 [bsc#1188034] - Set the hostname for SNI when using TLS [bsc#1182807] - Allow --syslog option in daemon mode. (bsc#1033081) - Set the hostname for SNI when using TLS. (bsc#1182807) - Change PASSWORDLEN from 64 to 256 (bsc#1188034) Moderate SUSE bug 1033081 SUSE bug 1182807 SUSE bug 1188034 SUSE bug 1188875 CVE-2021-36386 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for java-1_8_0-openjdk fixes the following issues: - Update to version jdk8u302 (icedtea 3.20.0) - CVE-2021-2341: Improve file transfers. (bsc#1188564) - CVE-2021-2369: Better jar file validation. (bsc#1188565) - CVE-2021-2388: Enhance compiler validation. (bsc#1188566) - CVE-2021-2161: Less ambiguous processing. (bsc#1185056) Important SUSE bug 1185056 SUSE bug 1188564 SUSE bug 1188565 SUSE bug 1188566 CVE-2021-2161 CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for cpio fixes the following issues: - A patch previously applied to remedy CVE-2021-38185 introduced a regression that had the potential to cause a segmentation fault in cpio. [bsc#1189465] Important SUSE bug 1189465 CVE-2021-38185 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for python-PyYAML fixes the following issues: - Update to 5.3.1. - CVE-2020-14343: A vulnerability was discovered in the PyYAML library, where it was susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. Important SUSE bug 1174514 CVE-2020-14343 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for openssl-1_0_0 fixes the following issues: - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] Important SUSE bug 1189521 CVE-2021-3712 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for openssl-1_1 fixes the following security issues: - CVE-2021-3711: A bug in the implementation of the SM2 decryption code could lead to buffer overflows. [bsc#1189520] - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] Important SUSE bug 1189520 SUSE bug 1189521 CVE-2021-3711 CVE-2021-3712 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for unrar to version 5.6.1 fixes several issues. These security issues were fixed: - CVE-2017-12938: Prevent remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file (bsc#1054038). - CVE-2017-12940: Prevent out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function (bsc#1054038). - CVE-2017-12941: Prevent an out-of-bounds read in the Unpack::Unpack20 function (bsc#1054038). - CVE-2017-12942: Prevent a buffer overflow in the Unpack::LongLZ function (bsc#1054038). - CVE-2017-20006: Fixed heap-based buffer overflow in Unpack:CopyString (bsc#1187974). These non-security issues were fixed: - Added extraction support for .LZ archives created by Lzip compressor - Enable unpacking of files in ZIP archives compressed with XZ algorithm and encrypted with AES - Added support for PAX extended headers inside of TAR archive - If RAR recovery volumes (.rev files) are present in the same folder as usual RAR volumes, archive test command verifies .rev contents after completing testing .rar files - By default unrar skips symbolic links with absolute paths in link target when extracting unless -ola command line switch is specified - Added support for AES-NI CPU instructions - Support for a new RAR 5.0 archiving format - Wildcard exclusion mask for folders - Prevent conditional jumps depending on uninitialised values (bsc#1046882) Moderate SUSE bug 1046882 SUSE bug 1054038 SUSE bug 1187974 CVE-2012-6706 CVE-2017-12938 CVE-2017-12940 CVE-2017-12941 CVE-2017-12942 CVE-2017-20006 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for aspell fixes the following issues: - CVE-2019-25051: Fixed heap-buffer-overflow in acommon:ObjStack:dup_top (bsc#1188576). Important SUSE bug 1188576 CVE-2019-25051 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for openexr fixes the following issues: - CVE-2021-20298 [bsc#1188460]: Fixed Out-of-memory in B44Compressor - CVE-2021-20299 [bsc#1188459]: Fixed Null-dereference READ in Imf_2_5:Header:operator - CVE-2021-20300 [bsc#1188458]: Fixed Integer-overflow in Imf_2_5:hufUncompress - CVE-2021-20302 [bsc#1188462]: Fixed Floating-point-exception in Imf_2_5:precalculateTileInfot - CVE-2021-20303 [bsc#1188457]: Fixed Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer - CVE-2021-20304 [bsc#1188461]: Fixed Undefined-shift in Imf_2_5:hufDecode Important SUSE bug 1188457 SUSE bug 1188458 SUSE bug 1188459 SUSE bug 1188460 SUSE bug 1188461 SUSE bug 1188462 CVE-2021-20298 CVE-2021-20299 CVE-2021-20300 CVE-2021-20302 CVE-2021-20303 CVE-2021-20304 CVE-2021-3476 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for libesmtp fixes the following issues: - CVE-2019-19977: Fix stack-based buffer over-read in ntlm/ntlmstruct.c (bsc#1160462). Important SUSE bug 1160462 SUSE bug 1189097 CVE-2019-19977 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for file fixes the following issues: - CVE-2019-18218: Fixed heap-based buffer overflow in cdf_read_property_info in cdf.c (bsc#1154661). Important SUSE bug 1154661 CVE-2019-18218 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for xen fixes the following issues: Security issues fixed: - CVE-2021-28698: long running loops in grant table handling (XSA-380)(bsc#1189378). - CVE-2021-28697: grant table v2 status pages may remain accessible after de-allocation (XSA-379)(bsc#1189376). - CVE-2021-28694,CVE-2021-28695,CVE-2021-28696: IOMMU page mapping issues on x86 (XSA-378)(bsc#1189373). - CVE-2021-28699: inadequate grant-v2 status frames array bounds check (XSA-382)(bsc#1189380). - CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling (bsc#1186429) - CVE-2021-28690: xen: x86: TSX Async Abort protections not restored after S3 (bsc#1186434) - CVE-2021-0089: xen: Speculative Code Store Bypass (bsc#1186433) - CVE-2021-20255: Fixed stack overflow via infinite recursion in eepro100 (bsc#1182654) - CVE-2021-3592: slirp: invalid pointer initialization may lead to information disclosure (bootp)(bsc#1187369). - CVE-2021-3594: slirp: invalid pointer initialization may lead to information disclosure (udp)(bsc#1187378). - CVE-2021-3595: slirp: invalid pointer initialization may lead to information disclosure (tftp)(bsc#1187376). - CVE-2021-3308: Fixed IRQ vector leak on x86 (XSA-360)(bsc#1181254). - Prevent superpage allocation in the LAPIC and ACPI_INFO range (bsc#1189882). Important SUSE bug 1181254 SUSE bug 1182654 SUSE bug 1186429 SUSE bug 1186433 SUSE bug 1186434 SUSE bug 1187369 SUSE bug 1187376 SUSE bug 1187378 SUSE bug 1189373 SUSE bug 1189376 SUSE bug 1189378 SUSE bug 1189380 SUSE bug 1189882 CVE-2021-0089 CVE-2021-20255 CVE-2021-28690 CVE-2021-28692 CVE-2021-28694 CVE-2021-28695 CVE-2021-28696 CVE-2021-28697 CVE-2021-28698 CVE-2021-28699 CVE-2021-3308 CVE-2021-3592 CVE-2021-3594 CVE-2021-3595 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for openvswitch fixes the following issues: - openvswitch was updated to 2.8.10 - CVE-2020-27827: Fixed a memory leak when parsing lldp packets (bsc#1181345) A lot more minor bugs have been fixed with this openvswitch version. Please refer to the changelog of the openvswitch.rpm file in order to obtain a list of all changes. Important SUSE bug 1117483 SUSE bug 1181345 CVE-2020-27827 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for openssl-1_0_0 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). Low SUSE bug 1189521 CVE-2021-3712 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). Low SUSE bug 1189521 CVE-2021-3712 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for mariadb fixes the following issues: Update to version 10.2.40 [bsc#1189320]: - fixes for the following security vulnerabilities: CVE-2021-2372 and CVE-2021-2389 Moderate SUSE bug 1182255 SUSE bug 1189320 CVE-2021-2372 CVE-2021-2389 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for tomcat fixes the following issue: - CVE-2020-17527: Fixed a HTTP/2 request header mix-up (bsc#1179602). Moderate SUSE bug 1179602 CVE-2020-17527 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for transfig fixes the following issues: Update to version 3.2.8, including fixes for - CVE-2021-3561: overflow in fig2dev/read.c in function read_colordef() (bsc#1186329). - CVE-2020-21683: Fixed buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c (bsc#1189325). - CVE-2020-21682: Fixed buffer overflow in the set_fill component in genge.c (bsc#1189346). - CVE-2020-21681: Fixed buffer overflow in the set_color component in genge.c (bsc#1189345). - CVE-2020-21680: Fixed stack-based buffer overflow in the put_arrow() component in genpict2e.c (bsc#1189343). - CVE-2019-19797: out-of-bounds write in read_colordef in read.c (bsc#1159293). - CVE-2019-19555: stack-based buffer overflow because of an incorrect sscanf (bsc#1161698). - CVE-2019-19746: segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type (bsc#1159130). Moderate SUSE bug 1136882 SUSE bug 1159130 SUSE bug 1159293 SUSE bug 1161698 SUSE bug 1186329 SUSE bug 1189325 SUSE bug 1189343 SUSE bug 1189345 SUSE bug 1189346 CVE-2019-19555 CVE-2019-19746 CVE-2019-19797 CVE-2020-21680 CVE-2020-21681 CVE-2020-21682 CVE-2020-21683 CVE-2021-3561 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for gtk-vnc fixes the following issues: - CVE-2017-5885: Correctly validate color map range indexes (bsc#1024268). - CVE-2017-5884: Fix bounds checking for RRE, hextile & copyrect encodings (bsc#1024266). - Fix crash when opening connection from a GSocketAddress (bsc#1046782). - Fix possible crash on connection failure (bsc#1188292). Moderate SUSE bug 1024266 SUSE bug 1024268 SUSE bug 1046782 SUSE bug 1188292 CVE-2017-5884 CVE-2017-5885 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for ghostscript fixes the following issues: - CVE-2021-3781: Fixed a trivial -dSAFER bypass command injection (bsc#1190381) Critical SUSE bug 1190381 CVE-2021-3781 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: This update contains the Firefox Extended Support Release 91.1.0 ESR. * Fixed: Various stability, functionality, and security fixes MFSA 2021-40 (bsc#1190269, bsc#1190274): * CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer * CVE-2021-38495: Memory safety bugs fixed in Firefox 92 and Firefox ESR 91.1 Firefox 91.0.1esr ESR * Fixed: Fixed an issue causing buttons on the tab bar to be resized when loading certain websites (bug 1704404) * Fixed: Fixed an issue which caused tabs from private windows to be visible in non-private windows when viewing switch-to- tab results in the address bar panel (bug 1720369) * Fixed: Various stability fixes * Fixed: Security fix MFSA 2021-37 (bsc#1189547) * CVE-2021-29991 (bmo#1724896) Header Splitting possible with HTTP/3 Responses Firefox Extended Support Release 91.0 ESR * New: Some of the highlights of the new Extended Support Release are: - A number of user interface changes. For more information, see the Firefox 89 release notes. - Firefox now supports logging into Microsoft, work, and school accounts using Windows single sign-on. Learn more - On Windows, updates can now be applied in the background while Firefox is not running. - Firefox for Windows now offers a new page about:third-party to help identify compatibility issues caused by third-party applications - Version 2 of Firefox's SmartBlock feature further improves private browsing. Third party Facebook scripts are blocked to prevent you from being tracked, but are now automatically loaded 'just in time' if you decide to 'Log in with Facebook' on any website. - Enhanced the privacy of the Firefox Browser's Private Browsing mode with Total Cookie Protection, which confines cookies to the site where they were created, preventing companis from using cookies to track your browsing across sites. This feature was originally launched in Firefox's ETP Strict mode. - PDF forms now support JavaScript embedded in PDF files. Some PDF forms use JavaScript for validation and other interactive features. - You'll encounter less website breakage in Private Browsing and Strict Enhanced Tracking Protection with SmartBlock, which provides stand-in scripts so that websites load properly. - Improved Print functionality with a cleaner design and better integration with your computer's printer settings. - Firefox now protects you from supercookies, a type of tracker that can stay hidden in your browser and track you online, even after you clear cookies. By isolating supercookies, Firefox prevents them from tracking your web browsing from one site to the next. - Firefox now remembers your preferred location for saved bookmarks, displays the bookmarks toolbar by default on new tabs, and gives you easy access to all of your bookmarks via a toolbar folder. - Native support for macOS devices built with Apple Silicon CPUs brings dramatic performance improvements over the non- native build that was shipped in Firefox 83: Firefox launches over 2.5 times faster and web apps are now twice as responsive (per the SpeedoMeter 2.0 test). If you are on a new Apple device, follow these steps to upgrade to the latest Firefox. - Pinch zooming will now be supported for our users with Windows touchscreen devices and touchpads on Mac devices. Firefox users may now use pinch to zoom on touch-capable devices to zoom in and out of webpages. - We’ve improved functionality and design for a number of Firefox search features: * Selecting a search engine at the bottom of the search panel now enters search mode for that engine, allowing you to see suggestions (if available) for your search terms. The old behavior (immediately performing a search) is available with a shift-click. * When Firefox autocompletes the URL of one of your search engines, you can now search with that engine directly in the address bar by selecting the shortcut in the address bar results. * We’ve added buttons at the bottom of the search panel to allow you to search your bookmarks, open tabs, and history. - Firefox supports AcroForm, which will allow you to fill in, print, and save supported PDF forms and the PDF viewer also has a new fresh look. - For our users in the US and Canada, Firefox can now save, manage, and auto-fill credit card information for you, making shopping on Firefox ever more convenient. - In addition to our default, dark and light themes, with this release, Firefox introduces the Alpenglow theme: a colorful appearance for buttons, menus, and windows. You can update your Firefox themes under settings or preferences. * Changed: Firefox no longer supports Adobe Flash. There is no setting available to re-enable Flash support. * Enterprise: Various bug fixes and new policies have been implemented in the latest version of Firefox. See more details in the Firefox for Enterprise 91 Release Notes. MFSA 2021-33 (bsc#1188891): * CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption * CVE-2021-29981: Live range splitting could have led to conflicting assignments in the JIT * CVE-2021-29988: Memory corruption as a result of incorrect style treatment * CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode * CVE-2021-29984: Incorrect instruction reordering during JIT optimization * CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption * CVE-2021-29987: Users could have been tricked into accepting unwanted permissions on Linux * CVE-2021-29985: Use-after-free media channels * CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and type confusion * CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 * CVE-2021-29990: Memory safety bugs fixed in Firefox 91 Important SUSE bug 1188891 SUSE bug 1189547 SUSE bug 1190269 SUSE bug 1190274 CVE-2021-29980 CVE-2021-29981 CVE-2021-29982 CVE-2021-29983 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29987 CVE-2021-29988 CVE-2021-29989 CVE-2021-29990 CVE-2021-29991 CVE-2021-38492 CVE-2021-38495 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 20 [bsc#1180063,bsc#1177943] CVE-2020-14792 CVE-2020-14797 CVE-2020-14781 CVE-2020-14779 CVE-2020-14798 CVE-2020-14796 CVE-2020-14803 * Class libraries: - SOCKETADAPTOR$SOCKETINPUTSTREAM.READ is blocking for more time that the set timeout - Z/OS specific C function send_file is changing the file pointer position * Java Virtual Machine: - Crash on iterate java stack - Java process hang on SIGTERM * JIT Compiler: - JMS performance regression from JDK8 SR5 FP40 TO FP41 * Class Libraries: - z15 high utilization following Z/VM and Linux migration from z14 To z15 * Java Virtual Machine: - Assertion failed when trying to write a class file - Assertion failure at modronapi.cpp - Improve the performance of defining and finding classes * JIT Compiler: - An assert in ppcbinaryencoding.cpp may trigger when running with traps disabled on power - AOT field offset off by n bytes - Segmentation fault in jit module on ibm z platform Moderate SUSE bug 1177943 SUSE bug 1180063 CVE-2020-14779 CVE-2020-14781 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for sqlite3 fixes the following issues: sqlite3 is sync version 3.36.0 from Factory (jsc#SLE-16032). The following CVEs have been fixed in upstream releases up to this point, but were not mentioned in the change log so far: * bsc#1173641, CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization * bsc#1164719, CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator * bsc#1160439, CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error * bsc#1160438, CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input * bsc#1160309, CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference * bsc#1159850, CVE-2019-19924: improper error handling in sqlite3WindowRewrite() * bsc#1159847, CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive * bsc#1159715, CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c * bsc#1159491, CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference * bsc#1158960, CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name * bsc#1158959, CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns * bsc#1158958, CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements * bsc#1158812, CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service * bsc#1157818, CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage * bsc#928701, CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability * bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names * CVE-2020-13434 bsc#1172115: integer overflow in sqlite3_str_vappendf * CVE-2020-13630 bsc#1172234: use-after-free in fts3EvalNextRow * CVE-2020-13631 bsc#1172236: virtual table allowed to be renamed to one of its shadow tables * CVE-2020-13632 bsc#1172240: NULL pointer dereference via crafted matchinfo() query * CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091) Important SUSE bug 1157818 SUSE bug 1158812 SUSE bug 1158958 SUSE bug 1158959 SUSE bug 1158960 SUSE bug 1159491 SUSE bug 1159715 SUSE bug 1159847 SUSE bug 1159850 SUSE bug 1160309 SUSE bug 1160438 SUSE bug 1160439 SUSE bug 1164719 SUSE bug 1172091 SUSE bug 1172115 SUSE bug 1172234 SUSE bug 1172236 SUSE bug 1172240 SUSE bug 1173641 SUSE bug 928700 SUSE bug 928701 CVE-2015-3414 CVE-2015-3415 CVE-2016-6153 CVE-2017-10989 CVE-2017-2518 CVE-2018-20346 CVE-2018-8740 CVE-2019-16168 CVE-2019-19244 CVE-2019-19317 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646 CVE-2019-19880 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926 CVE-2019-19959 CVE-2019-20218 CVE-2019-8457 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-15358 CVE-2020-9327 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for python-urllib3 fixes the following security issue: - CVE-2020-26137: A CRLF injection via HTTP request method was fixed (bsc#1177120) Note that this was fixed in a previous version update to 1.25.9, this update just complements the tracking. Moderate SUSE bug 1177120 CVE-2020-26137 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for glibc fixes the following issues: - CVE-2021-33574: Fixed a use-after-free possibility in mq_notify() (bsc#1186489) Moderate SUSE bug 1186489 CVE-2021-33574 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for webkit2gtk3 fixes the following issues: - Update to version 2.32.4 - CVE-2021-30858: Fixed a security bug that could allow maliciously crafted web content to achieve arbitrary code execution. (bsc#1190701) - CVE-2021-21806: Fixed an exploitable use-after-free vulnerability via specially crafted HTML web page. (bsc#1188697) Important SUSE bug 1188697 SUSE bug 1190701 CVE-2021-21806 CVE-2021-30858 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for apache2 fixes the following issues: - CVE-2021-40438: Fixed a SRF via a crafted request uri-path. (bsc#1190703) - CVE-2021-39275: Fixed an out-of-bounds write in ap_escape_quotes() via malicious input. (bsc#1190666) - CVE-2021-34798: Fixed a NULL pointer dereference via malformed requests. (bsc#1190669) Important SUSE bug 1190666 SUSE bug 1190669 SUSE bug 1190703 CVE-2021-34798 CVE-2021-39275 CVE-2021-40438 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374). - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373). Moderate SUSE bug 1190373 SUSE bug 1190374 CVE-2021-22946 CVE-2021-22947 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for python3 fixes the following issues: - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). Important SUSE bug 1176262 SUSE bug 1180686 CVE-2019-20916 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.2.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-45 (bsc#1191332) * CVE-2021-38496: Use-after-free in MessageTask * CVE-2021-38497: Validation message could have been overlaid on another origin * CVE-2021-38498: Use-after-free of nsLanguageAtomService object * CVE-2021-32810: Fixed Data race in crossbeam-deque * CVE-2021-38500: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 * CVE-2021-38501: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 - Fixed crash in FIPS mode (bsc#1190710) Important SUSE bug 1190710 SUSE bug 1191332 CVE-2021-32810 CVE-2021-38496 CVE-2021-38497 CVE-2021-38498 CVE-2021-38500 CVE-2021-38501 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for strongswan fixes the following issues: - CVE-2021-41991: Fixed an integer overflow when replacing certificates in cache. (bsc#1191435) Important SUSE bug 1191435 CVE-2021-41991 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for postgresql10 fixes the following issues: - Fix for build with llvm12 on s390x. (bsc#1185952) - Re-enable 'icu' for PostgreSQL 10. (bsc#1179945) - Add postgresqlXX-server-devel as a dependency for postgresql13-server-devel. (bsc#1187751) - Upgrade to version 10.18. (bsc#1190177) Upgrade to version 10.17 (already released for SUSE Linux Enterprise 12 SP5): - CVE-2021-32027: Fixed integer overflows in array subscripting calculations (bsc#1185924). - CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists (bsc#1185925). - Don't use %_stop_on_removal, because it was meant to be private and got removed from openSUSE. %_restart_on_update is also private, but still supported and needed for now (bsc#1183168). - Re-enable build of the llvmjit subpackage on SLE, but it will only be delivered on PackageHub for now (bsc#1183118). - Disable icu for PostgreSQL 10 (and older) on TW (bsc#1179945). - Fixed an issue droping irregular warning messages by removing the package. (bsc#1178961) - Fixed an issue when build does not build the requiements to avoid dangling symlinks in the devel package. (bsc#1179765) - Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. Important SUSE bug 1178961 SUSE bug 1179765 SUSE bug 1179945 SUSE bug 1183118 SUSE bug 1183168 SUSE bug 1185924 SUSE bug 1185925 SUSE bug 1185952 SUSE bug 1187751 SUSE bug 1190177 CVE-2021-32027 CVE-2021-32028 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for opensc fixes the following issues: - CVE-2021-42780: Fixed use after return in insert_pin() (bsc#1192005). - CVE-2021-42779: Fixed use after free in sc_file_valid() (bsc#1191992). - CVE-2021-42781: Fixed multiple heap buffer overflows in pkcs15-oberthur.c (bsc#1192000). - CVE-2021-42782: Stack buffer overflow issues in various places (bsc#1191957). Important SUSE bug 1191957 SUSE bug 1191992 SUSE bug 1192000 SUSE bug 1192005 CVE-2021-42779 CVE-2021-42780 CVE-2021-42781 CVE-2021-42782 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for transfig fixes the following issues: Update to fig2dev version 3.2.8 Patchlevel 8b (Aug 2021) - bsc#1190618, CVE-2020-21529: stack buffer overflow in the bezier_spline function in genepic.c. - bsc#1190615, CVE-2020-21530: segmentation fault in the read_objects function in read.c. - bsc#1190617, CVE-2020-21531: global buffer overflow in the conv_pattern_index function in gencgm.c. - bsc#1190616, CVE-2020-21532: global buffer overflow in the setfigfont function in genepic.c. - bsc#1190612, CVE-2020-21533: stack buffer overflow in the read_textobject function in read.c. - bsc#1190611, CVE-2020-21534: global buffer overflow in the get_line function in read.c. - bsc#1190607, CVE-2020-21535: segmentation fault in the gencgm_start function in gencgm.c. - bsc#1192019, CVE-2021-32280: NULL pointer dereference in compute_closed_spline() in trans_spline.c Important SUSE bug 1190607 SUSE bug 1190611 SUSE bug 1190612 SUSE bug 1190615 SUSE bug 1190616 SUSE bug 1190617 SUSE bug 1190618 SUSE bug 1192019 CVE-2020-21529 CVE-2020-21530 CVE-2020-21531 CVE-2020-21532 CVE-2020-21533 CVE-2020-21534 CVE-2020-21535 CVE-2021-32280 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for binutils fixes the following issues: Update to binutils 2.37: * The GNU Binutils sources now requires a C99 compiler and library to build. * Support for the arm-symbianelf format has been removed. * Support for Realm Management Extension (RME) for AArch64 has been added. * A new linker option '-z report-relative-reloc' for x86 ELF targets has been added to report dynamic relative relocations. * A new linker option '-z start-stop-gc' has been added to disable special treatment of __start_*/__stop_* references when --gc-sections. * A new linker options '-Bno-symbolic' has been added which will cancel the '-Bsymbolic' and '-Bsymbolic-functions' options. * The readelf tool has a new command line option which can be used to specify how the numeric values of symbols are reported. --sym-base=0|8|10|16 tells readelf to display the values in base 8, base 10 or base 16. A sym base of 0 represents the default action of displaying values under 10000 in base 10 and values above that in base 16. * A new format has been added to the nm program. Specifying '--format=just-symbols' (or just using -j) will tell the program to only display symbol names and nothing else. * A new command line option '--keep-section-symbols' has been added to objcopy and strip. This stops the removal of unused section symbols when the file is copied. Removing these symbols saves space, but sometimes they are needed by other tools. * The '--weaken', '--weaken-symbol' and '--weaken-symbols' options supported by objcopy now make undefined symbols weak on targets that support weak symbols. * Readelf and objdump can now display and use the contents of .debug_sup sections. * Readelf and objdump will now follow links to separate debug info files by default. This behaviour can be stopped via the use of the new '-wN' or '--debug-dump=no-follow-links' options for readelf and the '-WN' or '--dwarf=no-follow-links' options for objdump. Also the old behaviour can be restored by the use of the '--enable-follow-debug-links=no' configure time option. The semantics of the =follow-links option have also been slightly changed. When enabled, the option allows for the loading of symbol tables and string tables from the separate files which can be used to enhance the information displayed when dumping other sections, but it does not automatically imply that information from the separate files should be displayed. If other debug section display options are also enabled (eg '--debug-dump=info') then the contents of matching sections in both the main file and the separate debuginfo file *will* be displayed. This is because in most cases the debug section will only be present in one of the files. If however non-debug section display options are enabled (eg '--sections') then the contents of matching parts of the separate debuginfo file will *not* be displayed. This is because in most cases the user probably only wanted to load the symbol information from the separate debuginfo file. In order to change this behaviour a new command line option --process-links can be used. This will allow di0pslay options to applied to both the main file and any separate debuginfo files. * Nm has a new command line option: '--quiet'. This suppresses 'no symbols' diagnostic. Update to binutils 2.36: New features in the Assembler: General: * When setting the link order attribute of ELF sections, it is now possible to use a numeric section index instead of symbol name. * Added a .nop directive to generate a single no-op instruction in a target neutral manner. This instruction does have an effect on DWARF line number generation, if that is active. * Removed --reduce-memory-overheads and --hash-size as gas now uses hash tables that can be expand and shrink automatically. X86/x86_64: * Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key Locker instructions. * Support non-absolute segment values for lcall and ljmp. * Add {disp16} pseudo prefix to x86 assembler. * Configure with --enable-x86-used-note by default for Linux/x86. ARM/AArch64: * Add support for Cortex-A78, Cortex-A78AE and Cortex-X1, Cortex-R82, Neoverse V1, and Neoverse N2 cores. * Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded Trace Extension), TRBE (Trace Buffer Extension), CSRE (Call Stack Recorder Extension) and BRBE (Branch Record Buffer Extension) system registers. * Add support for Armv8-R and Armv8.7-A ISA extensions. * Add support for DSB memory nXS barrier, WFET and WFIT instruction for Armv8.7. * Add support for +csre feature for -march. Add CSR PDEC instruction for CSRE feature in AArch64. * Add support for +flagm feature for -march in Armv8.4 AArch64. * Add support for +ls64 feature for -march in Armv8.7 AArch64. Add atomic 64-byte load/store instructions for this feature. * Add support for +pauth (Pointer Authentication) feature for -march in AArch64. New features in the Linker: * Add --error-handling-script=<NAME> command line option to allow a helper script to be invoked when an undefined symbol or a missing library is encountered. This option can be suppressed via the configure time switch: --enable-error-handling-script=no. * Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark x86-64-{baseline|v[234]} ISA level as needed. * Add -z unique-symbol to avoid duplicated local symbol names. * The creation of PE format DLLs now defaults to using a more secure set of DLL characteristics. * The linker now deduplicates the types in .ctf sections. The new command-line option --ctf-share-types describes how to do this: its default value, share-unconflicted, produces the most compact output. * The linker now omits the 'variable section' from .ctf sections by default, saving space. This is almost certainly what you want unless you are working on a project that has its own analogue of symbol tables that are not reflected in the ELF symtabs. New features in other binary tools: * The ar tool's previously unused l modifier is now used for specifying dependencies of a static library. The arguments of this option (or --record-libdeps long form option) will be stored verbatim in the __.LIBDEP member of the archive, which the linker may read at link time. * Readelf can now display the contents of LTO symbol table sections when asked to do so via the --lto-syms command line option. * Readelf now accepts the -C command line option to enable the demangling of symbol names. In addition the --demangle=<style>, --no-demangle, --recurse-limit and --no-recurse-limit options are also now availale. Update to binutils 2.35.1: * This is a point release over the previous 2.35 version, containing bug fixes, and as an exception to the usual rule, one new feature. The new feature is the support for a new directive in the assembler: '.nop'. This directive creates a single no-op instruction in whatever encoding is correct for the target architecture. Unlike the .space or .fill this is a real instruction, and it does affect the generation of DWARF line number tables, should they be enabled. Update to binutils 2.35: * The assembler can now produce DWARF-5 format line number tables. * Readelf now has a 'lint' mode to enable extra checks of the files it is processing. * Readelf will now display '[...]' when it has to truncate a symbol name. The old behaviour - of displaying as many characters as possible, up to the 80 column limit - can be restored by the use of the --silent-truncation option. * The linker can now produce a dependency file listing the inputs that it has processed, much like the -M -MP option supported by the compiler. Update to binutils 2.34: * The disassembler (objdump --disassemble) now has an option to generate ascii art thats show the arcs between that start and end points of control flow instructions. * The binutils tools now have support for debuginfod. Debuginfod is a HTTP service for distributing ELF/DWARF debugging information as well as source code. The tools can now connect to debuginfod servers in order to download debug information about the files that they are processing. * The assembler and linker now support the generation of ELF format files for the Z80 architecture. Update to binutils 2.33.1: * Adds support for the Arm Scalable Vector Extension version 2 (SVE2) instructions, the Arm Transactional Memory Extension (TME) instructions and the Armv8.1-M Mainline and M-profile Vector Extension (MVE) instructions. * Adds support for the Arm Cortex-A76AE, Cortex-A77 and Cortex-M35P processors and the AArch64 Cortex-A34, Cortex-A65, Cortex-A65AE, Cortex-A76AE, and Cortex-A77 processors. * Adds a .float16 directive for both Arm and AArch64 to allow encoding of 16-bit floating point literals. * For MIPS, Add -m[no-]fix-loongson3-llsc option to fix (or not) Loongson3 LLSC Errata. Add a --enable-mips-fix-loongson3-llsc=[yes|no] configure time option to set the default behavior. Set the default if the configure option is not used to 'no'. * The Cortex-A53 Erratum 843419 workaround now supports a choice of which workaround to use. The option --fix-cortex-a53-843419 now takes an optional argument --fix-cortex-a53-843419[=full|adr|adrp] which can be used to force a particular workaround to be used. See --help for AArch64 for more details. * Add support for GNU_PROPERTY_AARCH64_FEATURE_1_BTI and GNU_PROPERTY_AARCH64_FEATURE_1_PAC in ELF GNU program properties in the AArch64 ELF linker. * Add -z force-bti for AArch64 to enable GNU_PROPERTY_AARCH64_FEATURE_1_BTI on output while warning about missing GNU_PROPERTY_AARCH64_FEATURE_1_BTI on inputs and use PLTs protected with BTI. * Add -z pac-plt for AArch64 to pick PAC enabled PLTs. * Add --source-comment[=<txt>] option to objdump which if present, provides a prefix to source code lines displayed in a disassembly. * Add --set-section-alignment <section-name>=<power-of-2-align> option to objcopy to allow the changing of section alignments. * Add --verilog-data-width option to objcopy for verilog targets to control width of data elements in verilog hex format. * The separate debug info file options of readelf (--debug-dump=links and --debug-dump=follow) and objdump (--dwarf=links and --dwarf=follow-links) will now display and/or follow multiple links if more than one are present in a file. (This usually happens when gcc's -gsplit-dwarf option is used). In addition objdump's --dwarf=follow-links now also affects its other display options, so that for example, when combined with --syms it will cause the symbol tables in any linked debug info files to also be displayed. In addition when combined with --disassemble the --dwarf= follow-links option will ensure that any symbol tables in the linked files are read and used when disassembling code in the main file. * Add support for dumping types encoded in the Compact Type Format to objdump and readelf. The following security fixes are addressed by the update: - CVE-2021-20197: Fixed a race condition which allows users to own arbitrary files (bsc#1181452). - CVE-2021-20284: Fixed a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c (bsc#1183511). - CVE-2021-3487: Fixed a denial of service via excessive debug section size causing excessive memory consumption in bfd's dwarf2.c read_section() (bsc#1184620). - CVE-2020-35448: Fixed a heap-based buffer over-read in bfd_getl_signed_32() in libbfd.c (bsc#1184794). - CVE-2020-16590: Fixed a double free vulnerability in process_symbol_table() (bsc#1179898). - CVE-2020-16591: Fixed an invalid read in process_symbol_table() (bsc#1179899). - CVE-2020-16592: Fixed an use-after-free in bfd_hash_lookup() (bsc#1179900). - CVE-2020-16593: Fixed a null pointer dereference in scan_unit_for_symbols() (bsc#1179901). - CVE-2020-16598: Fixed a null pointer dereference in debug_get_real_type() (bsc#1179902). - CVE-2020-16599: Fixed a null pointer dereference in _bfd_elf_get_symbol_version_string() (bsc#1179903) - CVE-2020-35493: Fixed heap-based buffer overflow in bfd_pef_parse_function_stubs function in bfd/pef.c via crafted PEF file (bsc#1180451). - CVE-2020-35496: Fixed multiple null pointer dereferences in bfd module due to not checking return value of bfd_malloc (bsc#1180454). - CVE-2020-35507: Fixed a null pointer dereference in bfd_pef_parse_function_stubs() (bsc#1180461). - CVE-2019-17451: Fixed an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line() in dwarf2.c (bsc#1153768). - CVE-2019-17450: Fixed a potential denial of service in find_abstract_instance() in dwarf2.c (bsc#1153770). - CVE-2019-9077: Fixed a heap-based buffer overflow in process_mips_specific() in readelf.c via a malformed MIPS option section (bsc#1126826). - CVE-2019-9075: Fixed a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap() in archive64.c (bsc#1126829). - CVE-2019-9074: Fixed a out-of-bounds read leading to a SEGV in bfd_getl32() in libbfd.c (bsc#1126831). - CVE-2019-12972: Fixed a heap-based buffer over-read in _bfd_doprnt() in bfd.c (bsc#1140126). - CVE-2019-14444: Fixed an integer overflow apply_relocations() in readelf.c (bsc#1143609). - CVE-2019-14250: Fixed an integer overflow in simple_object_elf_match() in simple-object-elf.c (bsc#1142649). Moderate SUSE bug 1126826 SUSE bug 1126829 SUSE bug 1126831 SUSE bug 1140126 SUSE bug 1142649 SUSE bug 1143609 SUSE bug 1153768 SUSE bug 1153770 SUSE bug 1157755 SUSE bug 1160254 SUSE bug 1160590 SUSE bug 1163333 SUSE bug 1163744 SUSE bug 1179036 SUSE bug 1179341 SUSE bug 1179898 SUSE bug 1179899 SUSE bug 1179900 SUSE bug 1179901 SUSE bug 1179902 SUSE bug 1179903 SUSE bug 1180451 SUSE bug 1180454 SUSE bug 1180461 SUSE bug 1181452 SUSE bug 1182252 SUSE bug 1183511 SUSE bug 1184620 SUSE bug 1184794 CVE-2019-12972 CVE-2019-14250 CVE-2019-14444 CVE-2019-17450 CVE-2019-17451 CVE-2019-9074 CVE-2019-9075 CVE-2019-9077 CVE-2020-16590 CVE-2020-16591 CVE-2020-16592 CVE-2020-16593 CVE-2020-16598 CVE-2020-16599 CVE-2020-35448 CVE-2020-35493 CVE-2020-35496 CVE-2020-35507 CVE-2021-20197 CVE-2021-20284 CVE-2021-3487 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for tomcat, javapackages-tools fixes the following issue: Security issue fixed: - CVE-2021-30640: Escape parameters in JNDI Realm queries (bsc#1188279). - CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients (bsc#1188278). - CVE-2021-41079: Fixed a denial of service caused by an unexpected TLS packet (bsc#1190558). Non-security issues fixed: - Add requires and conflicts to avoid the usage of the incompatible 'Java 11' with 'Tomcat'. (bsc#1185476) - Rebuild javapackages-tools to fix a missing package on s390. Important SUSE bug 1185476 SUSE bug 1188278 SUSE bug 1188279 SUSE bug 1190558 CVE-2021-30640 CVE-2021-33037 CVE-2021-41079 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for qemu fixes the following issues: Security issues fixed: - Fix heap use-after-free in virtio_net_receive_rcu (bsc#1189938, CVE-2021-3748) - Fix out-of-bounds write in UAS (USB Attached SCSI) device emulation (bsc#1189702, CVE-2021-3713) - usbredir: free call on invalid pointer in bufp_alloc (bsc#1189145, CVE-2021-3682) - NULL pointer dereference in ESP (bsc#1180433, CVE-2020-35504) (bsc#1180434, CVE-2020-35505) (bsc#1180435, CVE-2020-35506) - NULL pointer dereference issue in megasas-gen2 host bus adapter (bsc#1180432, CVE-2020-35503) - eepro100: stack overflow via infinite recursion (bsc#1182651, CVE-2021-20255) - usb: unbounded stack allocation in usbredir (bsc#1186012, CVE-2021-3527) Important SUSE bug 1180432 SUSE bug 1180433 SUSE bug 1180434 SUSE bug 1180435 SUSE bug 1182651 SUSE bug 1186012 SUSE bug 1189145 SUSE bug 1189702 SUSE bug 1189938 CVE-2020-35503 CVE-2020-35504 CVE-2020-35505 CVE-2020-35506 CVE-2021-20255 CVE-2021-3527 CVE-2021-3682 CVE-2021-3713 CVE-2021-3748 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for binutils fixes the following issues: - For compatibility on old code stream that expect 'brcl 0,label' to not be disassembled as 'jgnop label' on s390x. (bsc#1192267) This reverts IBM zSeries HLASM support for now. - Fixed that ppc64 optflags did not enable LTO (bsc#1188941). - Fix empty man-pages from broken release tarball - Fixed a memory corruption with rpath option (bsc#1191473). - Fixed slow performance of stripping some binaries (bsc#1183909). Security issue fixed: - CVE-2021-20294: Fixed out-of-bounds write in print_dynamic_symbol in readelf (bnc#1184519) Moderate SUSE bug 1183909 SUSE bug 1184519 SUSE bug 1188941 SUSE bug 1191473 SUSE bug 1192267 CVE-2021-20294 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973). - CVE-2017-7244: Fixed invalid read in _pcre32_xclass() (bsc#1030807). - CVE-2017-7245: Fixed buffer overflow in the pcre32_copy_substring (bsc#1030805). - CVE-2017-7246: Fixed another buffer overflow in the pcre32_copy_substring (bsc#1030803). - CVE-2017-7186: Fixed denial of service caused by an invalid Unicode property lookup (bsc#1030066). - CVE-2017-6004: Fixed denial of service via crafted regular expression (bsc#1025709). Moderate SUSE bug 1025709 SUSE bug 1030066 SUSE bug 1030803 SUSE bug 1030805 SUSE bug 1030807 SUSE bug 1172973 SUSE bug 1172974 CVE-2017-6004 CVE-2017-7186 CVE-2017-7244 CVE-2017-7245 CVE-2017-7246 CVE-2019-20838 CVE-2020-14155 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: MozillaFirefox was updated to Extended Support Release 91.3.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-49 (bsc#1192250) * CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets * CVE-2021-38504: Use-after-free in file picker dialog * CVE-2021-38505: Windows 10 Cloud Clipboard may have recorded sensitive user data * CVE-2021-38506: Firefox could be coaxed into going into fullscreen mode without notification or warning * CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports * CVE-2021-38508: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing * CVE-2021-38509: Javascript alert box could have been spoofed onto an arbitrary domain * CVE-2021-38510: Download Protections were bypassed by .inetloc files on Mac OS * MOZ-2021-0008: Use-after-free in HTTP2 Session object * MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3 Important SUSE bug 1192250 CVE-2021-38503 CVE-2021-38504 CVE-2021-38505 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509 CVE-2021-38510 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for samba fixes the following issues: - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos (bsc#1014440). - CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members (bsc#1192284). Important SUSE bug 1014440 SUSE bug 1192284 CVE-2016-2124 CVE-2020-25717 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for postgresql, postgresql13 and postgresql14 fixes the following issues: Security issues fixed: - CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). This update also ships postgresql14 to SUSE Linux Enterprise 12 SP5. (jsc#SLE-22673) On older service packs only libpq5 and libecpg6 are being replaced by the postgresql14 variants. Feature changes in postgresql14: - https://www.postgresql.org/about/news/postgresql-14-released-2318/ - https://www.postgresql.org/docs/14/release-14.html Important SUSE bug 1192516 CVE-2021-23214 CVE-2021-23222 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for postgresql10 fixes the following issues: - CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). Important SUSE bug 1192516 CVE-2021-23214 CVE-2021-23222 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for webkit2gtk3 fixes the following issues: - CVE-2021-42762: Updated seccomp rules with latest changes from flatpak (bsc#1191937). Important SUSE bug 1191937 CVE-2021-42762 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for java-1_8_0-openjdk fixes the following issues: Update to version OpenJDK 8u312 (October 2021 CPU): - CVE-2021-35550: Fixed weak ciphers preferred over stronger ones for TLS (bsc#1191901). - CVE-2021-35556: Fixed excessive memory allocation in RTFParser (bsc#1191910). - CVE-2021-35559: Fixed excessive memory allocation in RTFReader (bsc#1191911). - CVE-2021-35561: Fixed excessive memory allocation in HashMap and HashSet (bsc#1191912). - CVE-2021-35564: Fixed certificates with end dates too far in the future can corrupt keystore (bsc#1191913). - CVE-2021-35565: Fixed loop in HttpsServer triggered during TLS session close (bsc#1191909). - CVE-2021-35567: Fixed incorrect principal selection when using Kerberos Constrained Delegation (bsc#1191903). - CVE-2021-35578: Fixed unexpected exception raised during TLS handshake (bsc#1191904). - CVE-2021-35586: Fixed excessive memory allocation in BMPImageReader (bsc#1191914). - CVE-2021-35588: Fixed incomplete validation of inner class references in ClassFileParser (bsc#1191905) - CVE-2021-35603: Fixed non-constant comparison during TLS handshakes (bsc#1191906). Important SUSE bug 1191901 SUSE bug 1191903 SUSE bug 1191904 SUSE bug 1191905 SUSE bug 1191906 SUSE bug 1191909 SUSE bug 1191910 SUSE bug 1191911 SUSE bug 1191912 SUSE bug 1191913 SUSE bug 1191914 CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35567 CVE-2021-35578 CVE-2021-35586 CVE-2021-35588 CVE-2021-35603 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for java-1_7_0-openjdk fixes the following issues: Update to OpenJDK 7u321 (October 2021 CPU): - CVE-2021-35550: Fixed weak ciphers preferred over stronger ones for TLS (bsc#1191901). - CVE-2021-35556: Fixed excessive memory allocation in RTFParser (bsc#1191910). - CVE-2021-35559: Fixed excessive memory allocation in RTFReader (bsc#1191911). - CVE-2021-35561: Fixed excessive memory allocation in HashMap and HashSet (bsc#1191912). - CVE-2021-35564: Fixed certificates with end dates too far in the future can corrupt keystore (bsc#1191913). - CVE-2021-35565: Fixed loop in HttpsServer triggered during TLS session close (bsc#1191909). - CVE-2021-35586: Fixed excessive memory allocation in BMPImageReader (bsc#1191914). - CVE-2021-35588: Fixed incomplete validation of inner class references in ClassFileParser (bsc#1191905) - CVE-2021-35603: Fixed non-constant comparison during TLS handshakes (bsc#1191906). Important SUSE bug 1191901 SUSE bug 1191905 SUSE bug 1191906 SUSE bug 1191909 SUSE bug 1191910 SUSE bug 1191911 SUSE bug 1191912 SUSE bug 1191913 SUSE bug 1191914 CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35586 CVE-2021-35588 CVE-2021-35603 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for ruby2.1 fixes the following issues: - CVE-2020-25613: Fixed potential HTTP request smuggling in WEBrick (bsc#1177125). - CVE-2021-31799: Fixed Command injection vulnerability in RDoc (bsc#1190375). - CVE-2021-31810: Fixed trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161). - CVE-2021-32066: Fixed StartTLS stripping vulnerability in Net:IMAP (bsc#1188160). Important SUSE bug 1177125 SUSE bug 1188160 SUSE bug 1188161 SUSE bug 1190375 CVE-2020-25613 CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for xen fixes the following issues: - CVE-2021-28701: Fixed race condition in XENMAPSPACE_grant_table handling (XSA-384) (bsc#1189632). - CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs (XSA-388) (bsc#1192557). - CVE-2021-28705, CVE-2021-28709: Fixed issues with partially successful P2M updates on x86 (XSA-389) (bsc#1192559). - CVE-2021-28706: Fixed guests may exceed their designated memory limit (XSA-385) (bsc#1192554). - Integrate bugfixes (bsc#1189373, bsc#1189378) Moderate SUSE bug 1189373 SUSE bug 1189378 SUSE bug 1189632 SUSE bug 1192554 SUSE bug 1192557 SUSE bug 1192559 CVE-2021-28701 CVE-2021-28704 CVE-2021-28705 CVE-2021-28706 CVE-2021-28707 CVE-2021-28708 CVE-2021-28709 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for clamav fixes the following issues: - CVE-2018-14679: Fixed off-by-one issue in embedded libmspack that could lead to denial of service (bsc#1103032). - Update to 0.103.4 (bsc#1192346). - Update to 0.103.3 (bsc#1188284). Moderate SUSE bug 1103032 SUSE bug 1188284 SUSE bug 1192346 CVE-2018-14679 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for webkit2gtk3 fixes the following issues: - CVE-2021-30846: Fixed memory corruption issue that could lead to arbitrary code execution when processing maliciously crafted web content (bsc#1192063). - CVE-2021-30851: Fixed memory corruption vulnerability that could lead to arbitrary code execution when processing maliciously crafted web content (bsc#1192063). Important SUSE bug 1192063 CVE-2021-30846 CVE-2021-30851 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for openssh fixes the following issues: - CVE-2021-41617: Fixed privilege escalation when AuthorizedKeysCommand/AuthorizedPrincipalsCommand are configured (bsc#1190975). Important SUSE bug 1190975 CVE-2021-41617 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for mozilla-nss fixes the following issues: Update to version 3.68.1: - CVE-2021-43527: Fixed a Heap overflow in NSS when verifying DER-encoded DSA or RSA-PSS signatures (bsc#1193170). Important SUSE bug 1193170 CVE-2021-43527 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) The following security bugs were fixed: - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045). - CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) - CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails. (bsc#1191961) - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563). - CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349). - CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063). - CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479). - CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317). - CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access (bsc#1191315). - CVE-2021-37159: Fixed use-after-free and a double free inside hso_free_net_device in drivers/net/usb/hso.c when unregister_netdev is called without checking for the NETREG_REGISTERED state (bnc#1188601). - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193) - CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023) - CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159) - CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884) - CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534) - CVE-2021-3772: Fixed a remote denial of service in the SCTP stack, if the attacker can spoof IP addresses and knows the IP-addresses and port numbers being used (bnc#1190351). - CVE-2018-9517: Fixed possible memory corruption due to a use after free in pppol2tp_connect (bsc#1108488). - CVE-2019-3874: Fixed possible denial of service attack via SCTP socket buffer used by a userspace applications (bnc#1129898). - CVE-2019-3900: Fixed an infinite loop issue while handling incoming packets in handle_rx() (bnc#1133374). - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172). - CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399). - CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400). - CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057). - CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706). - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). - CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115). - CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) - CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262). - CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291). - CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983). - CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985). - CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases (bsc#1171420). - CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876). - CVE-2021-22543: Fixed improper handling of VM_IO|VM_PFNMAP vmas in KVM, which could bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allowed users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation (bsc#1186482). - CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM guest OS user could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). - CVE-2020-0429: In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. (bsc#1176724). The following non-security bugs were fixed: - Add arch-dependent support markers in supported.conf (bsc#1186672) - Add the support for kernel-FLAVOR-optional subpackage (jsc#SLE-11796) - NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628). - PCI: hv: Use expected affinity when unmasking IRQ (bsc#1185973). - Use /usr/lib/modules as module dir when usermerge is active in the target distro. - UsrMerge the kernel (boo#1184804) - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22913) - bpf: Disallow unprivileged bpf by default (jsc#SLE-22913). - cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (bsc#1185758,bsc#1192400). - drm: fix spectre issue in vmw_execbuf_ioctl (bsc#1192802). - drop debugging statements - ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267). - gigaset: fix spectre issue in do_data_b3_req (bsc#1192802). - handle also race conditions in /proc/net/tcp code - hisax: fix spectre issues (bsc#1192802). - hv: adjust mana_select_queue to old ndo_select_queue API - hv: mana: adjust mana_select_queue to old API (jsc#SLE-18779, bsc#1185727). - hv: mana: fake bitmap API (jsc#SLE-18779, bsc#1185726). - hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185727). - hysdn: fix spectre issue in hycapi_send_message (bsc#1192802). - infiniband: fix spectre issue in ib_uverbs_write (bsc#1192802). - ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115). - iwlwifi: fix spectre issue in iwl_dbgfs_update_pm (bsc#1192802). - media: dvb_ca_en50221: prevent using slot_info for Spectre attacs (bsc#1192802). - media: dvb_ca_en50221: sanity check slot number from userspace (bsc#1192802). - media: wl128x: get rid of a potential spectre issue (bsc#1192802). - memcg: enable accounting for file lock caches (bsc#1190115). - mm: vmscan: scan anonymous pages on file refaults (VM Performance, bsc#1183050). - mpt3sas: fix spectre issues (bsc#1192802). - net/mlx4_en: Avoid scheduling restart task if it is already running (bsc#1181854 bsc#1181855). - net/mlx4_en: Handle TX error CQE (bsc#1181854 bsc#1181855). - net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185727). - net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185727). - net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185727). - net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185727). - net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191801). - net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185727). - net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185727). - net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185727). - net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185727). - net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185727). - net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185727). - net: sched: sch_teql: fix null-pointer dereference (bsc#1190717). - net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd() (bsc#1192802). - net_sched: cls_route: remove the right filter from hashtable (networking-stable-20_03_28). - objtool: Do not fail on missing symbol table (bsc#1192379). - osst: fix spectre issue in osst_verify_frame (bsc#1192802). - ovl: check whiteout in ovl_create_over_whiteout() (bsc#1189846). - ovl: filter of trusted xattr results in audit (bsc#1189846). - ovl: fix dentry leak in ovl_get_redirect (bsc#1189846). - ovl: initialize error in ovl_copy_xattr (bsc#1189846). - ovl: relax WARN_ON() on rename to self (bsc#1189846). - s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (bsc#1190601). - s390/bpf: Fix branch shortening during codegen pass (bsc#1190601). - s390/bpf: Fix optimizing out zero-extensions (bsc#1190601). - s390/bpf: Wrap JIT macro parameter usages in parentheses (bsc#1190601). - s390/unwind: use current_frame_address() to unwind current task (bsc#1185677). - s390/vtime: fix increased steal time accounting (bsc#1183861). - s390: bpf: implement jitting of BPF_ALU | BPF_ARSH | BPF_* (bsc#1190601). - scripts/git_sort/git_sort.py: add bpf git repo - sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351). - sctp: fully initialize v4 addr in some functions (bsc#1188563). - sysvipc/sem: mitigate semnum index against spectre v1 (bsc#1192802). - x86/CPU: Add more Icelake model numbers (bsc#1185758,bsc#1192400). - x86/debug: Extend the lower bound of crash kernel low reservations (bsc#1153720). - xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377). Important SUSE bug 1087082 SUSE bug 1100416 SUSE bug 1108488 SUSE bug 1129735 SUSE bug 1129898 SUSE bug 1133374 SUSE bug 1153720 SUSE bug 1171420 SUSE bug 1176724 SUSE bug 1176931 SUSE bug 1180624 SUSE bug 1181854 SUSE bug 1181855 SUSE bug 1183050 SUSE bug 1183861 SUSE bug 1184673 SUSE bug 1184804 SUSE bug 1185377 SUSE bug 1185677 SUSE bug 1185726 SUSE bug 1185727 SUSE bug 1185758 SUSE bug 1185973 SUSE bug 1186063 SUSE bug 1186482 SUSE bug 1186483 SUSE bug 1186672 SUSE bug 1188026 SUSE bug 1188172 SUSE bug 1188563 SUSE bug 1188601 SUSE bug 1188613 SUSE bug 1188838 SUSE bug 1188842 SUSE bug 1188876 SUSE bug 1188983 SUSE bug 1188985 SUSE bug 1189057 SUSE bug 1189262 SUSE bug 1189278 SUSE bug 1189291 SUSE bug 1189399 SUSE bug 1189400 SUSE bug 1189418 SUSE bug 1189420 SUSE bug 1189706 SUSE bug 1189846 SUSE bug 1189884 SUSE bug 1190023 SUSE bug 1190025 SUSE bug 1190067 SUSE bug 1190115 SUSE bug 1190117 SUSE bug 1190118 SUSE bug 1190159 SUSE bug 1190276 SUSE bug 1190349 SUSE bug 1190350 SUSE bug 1190351 SUSE bug 1190432 SUSE bug 1190479 SUSE bug 1190534 SUSE bug 1190601 SUSE bug 1190717 SUSE bug 1191193 SUSE bug 1191315 SUSE bug 1191317 SUSE bug 1191318 SUSE bug 1191529 SUSE bug 1191530 SUSE bug 1191628 SUSE bug 1191660 SUSE bug 1191790 SUSE bug 1191801 SUSE bug 1191813 SUSE bug 1191961 SUSE bug 1192036 SUSE bug 1192045 SUSE bug 1192048 SUSE bug 1192267 SUSE bug 1192379 SUSE bug 1192400 SUSE bug 1192444 SUSE bug 1192549 SUSE bug 1192775 SUSE bug 1192781 SUSE bug 1192802 CVE-2018-13405 CVE-2018-9517 CVE-2019-3874 CVE-2019-3900 CVE-2020-0429 CVE-2020-12770 CVE-2020-3702 CVE-2021-0941 CVE-2021-20322 CVE-2021-22543 CVE-2021-31916 CVE-2021-34556 CVE-2021-34981 CVE-2021-3542 CVE-2021-35477 CVE-2021-3640 CVE-2021-3653 CVE-2021-3655 CVE-2021-3656 CVE-2021-3659 CVE-2021-3679 CVE-2021-3715 CVE-2021-37159 CVE-2021-3732 CVE-2021-3744 CVE-2021-3752 CVE-2021-3753 CVE-2021-37576 CVE-2021-3759 CVE-2021-3760 CVE-2021-3764 CVE-2021-3772 CVE-2021-38160 CVE-2021-38198 CVE-2021-38204 CVE-2021-40490 CVE-2021-41864 CVE-2021-42008 CVE-2021-42252 CVE-2021-42739 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: Update to Extended Support Release 91.4.0 (bsc#1193485): - CVE-2021-43536: URL leakage when navigating while executing asynchronous function - CVE-2021-43537: Heap buffer overflow when using structured clone - CVE-2021-43538: Missing fullscreen and pointer lock notification when requesting both - CVE-2021-43539: GC rooting failure when calling wasm instance methods - CVE-2021-43541: External protocol handler parameters were unescaped - CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence of an external protocol handler - CVE-2021-43543: Bypass of CSP sandbox directive when embedding - CVE-2021-43545: Denial of Service when using the Location API in a loop - CVE-2021-43546: Cursor spoofing could overlay user interface when native cursor is zoomed - Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 - Removed x-scheme-handler/ftp from MozillaFirefox.desktop (bsc#1193321) Important SUSE bug 1193321 SUSE bug 1193485 CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for bcm43xx-firmware fixes the following issues: - CVE-2019-15126: Fixed a bug which could have allowed unauthorized decryption of some WPA2-encrypted traffic (bsc#1167162). Important SUSE bug 1167162 CVE-2019-15126 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for glib-networking fixes the following issues: - CVE-2020-13645: Fixed a connection failure when the server identity is unset (bsc#1172460). Important SUSE bug 1172460 CVE-2020-13645 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for xorg-x11-server fixes the following issues: - CVE-2021-4008: Fixed Privilege Escalation Vulnerability via Out-Of-Bounds Access in SProcRenderCompositeGlyphs (bsc#1193030). Important SUSE bug 1193030 CVE-2021-4008 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for log4j fixes the following issue: - CVE-2021-4104: Disable the JMSAppender class from log4j to protect against the log4jshell vulnerability. [bsc#1193662] Important SUSE bug 1193662 CVE-2021-4104 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for xorg-x11-server fixes the following issues: - CVE-2021-4009: The handler for the CreatePointerBarrier request of the XFixes extension does not properly validate the request length leading to out of bounds memory write. (bsc#1190487) - CVE-2021-4011: The handlers for the RecordCreateContext and RecordRegisterClients requests of the Record extension do not properly validate the request length leading to out of bounds memory write. (bsc#1190489) Important SUSE bug 1190487 SUSE bug 1190489 CVE-2021-4009 CVE-2021-4011 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for chrony fixes the following issues: Chrony was updated to 4.1: * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Update clknetsim to snapshot f89702d. - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Enable syscallfilter unconditionally (bsc#1181826). Chrony was updated to 4.0: Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don’t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don’t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Chrony was updated to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Add chrony-pool-suse and chrony-pool-openSUSE subpackages that preconfigure chrony to use NTP servers from the respective pools for SUSE and openSUSE (bsc#1156884, SLE-11424). - Add chrony-pool-empty to still allow installing chrony without preconfigured servers. - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). - Update clknetsim to version 79ffe44 (fixes bsc#1162964). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv@.service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers (bsc#1099272) - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. - Remove discrepancies between spec file and chrony-tmpfiles (bsc#1115529) Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step - Added /etc/chrony.d/ directory to the package (bsc#1083597) Modifed default chrony.conf to add 'include /etc/chrony.d/*' - Enable pps support Upgraded to version 3.2: Enhancements * Improve stability with NTP sources and reference clocks * Improve stability with hardware timestamping * Improve support for NTP interleaved modes * Control frequency of system clock on macOS 10.13 and later * Set TAI-UTC offset of system clock with leapsectz directive * Minimise data in client requests to improve privacy * Allow transmit-only hardware timestamping * Add support for new timestamping options introduced in Linux 4.13 * Add root delay, root dispersion and maximum error to tracking log * Add mindelay and asymmetry options to server/peer/pool directive * Add extpps option to PHC refclock to timestamp external PPS signal * Add pps option to refclock directive to treat any refclock as PPS * Add width option to refclock directive to filter wrong pulse edges * Add rxfilter option to hwtimestamp directive * Add -x option to disable control of system clock * Add -l option to log to specified file instead of syslog * Allow multiple command-line options to be specified together * Allow starting without root privileges with -Q option * Update seccomp filter for new glibc versions * Dump history on exit by default with dumpdir directive * Use hardening compiler options by default Bug fixes * Don't drop PHC samples with low-resolution system clock * Ignore outliers in PHC tracking, RTC tracking, manual input * Increase polling interval when peer is not responding * Exit with error message when include directive fails * Don't allow slash after hostname in allow/deny directive/command * Try to connect to all addresses in chronyc before giving up Upgraded to version 3.1: - Enhancements - Add support for precise cross timestamping of PHC on Linux - Add minpoll, precision, nocrossts options to hwtimestamp directive - Add rawmeasurements option to log directive and modify measurements option to log only valid measurements from synchronised sources - Allow sub-second polling interval with NTP sources - Bug fixes - Fix time smoothing in interleaved mode Upgraded to version 3.0: - Enhancements - Add support for software and hardware timestamping on Linux - Add support for client/server and symmetric interleaved modes - Add support for MS-SNTP authentication in Samba - Add support for truncated MACs in NTPv4 packets - Estimate and correct for asymmetric network jitter - Increase default minsamples and polltarget to improve stability with very low jitter - Add maxjitter directive to limit source selection by jitter - Add offset option to server/pool/peer directive - Add maxlockage option to refclock directive - Add -t option to chronyd to exit after specified time - Add partial protection against replay attacks on symmetric mode - Don't reset polling interval when switching sources to online state - Allow rate limiting with very short intervals - Improve maximum server throughput on Linux and NetBSD - Remove dump files after start - Add tab-completion to chronyc with libedit/readline - Add ntpdata command to print details about NTP measurements - Allow all source options to be set in add server/peer command - Indicate truncated addresses/hostnames in chronyc output - Print reference IDs as hexadecimal numbers to avoid confusion with IPv4 addresses - Bug fixes - Fix crash with disabled asynchronous name resolving Upgraded to version 2.4.1: - Bug fixes - Fix processing of kernel timestamps on non-Linux systems - Fix crash with smoothtime directive - Fix validation of refclock sample times - Fix parsing of refclock directive update to 2.4: - Enhancements - Add orphan option to local directive for orphan mode compatible with ntpd - Add distance option to local directive to set activation threshold (1 second by default) - Add maxdrift directive to set maximum allowed drift of system clock - Try to replace NTP sources exceeding maximum distance - Randomise source replacement to avoid getting stuck with bad sources - Randomise selection of sources from pools on start - Ignore reference timestamp as ntpd doesn't always set it correctly - Modify tracking report to use same values as seen by NTP clients - Add -c option to chronyc to write reports in CSV format - Provide detailed manual pages - Bug fixes - Fix SOCK refclock to work correctly when not specified as last refclock - Fix initstepslew and -q/-Q options to accept time from own NTP clients - Fix authentication with keys using 512-bit hash functions - Fix crash on exit when multiple signals are received - Fix conversion of very small floating-point numbers in command packets Moderate SUSE bug 1063704 SUSE bug 1069468 SUSE bug 1082318 SUSE bug 1083597 SUSE bug 1099272 SUSE bug 1115529 SUSE bug 1128846 SUSE bug 1156884 SUSE bug 1159840 SUSE bug 1161119 SUSE bug 1162964 SUSE bug 1171806 SUSE bug 1172113 SUSE bug 1173277 SUSE bug 1173760 SUSE bug 1174075 SUSE bug 1174911 SUSE bug 1180689 SUSE bug 1181826 SUSE bug 1183783 SUSE bug 1184400 SUSE bug 1187906 SUSE bug 1190926 CVE-2020-14367 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for mariadb fixes the following issues: Update to 10.2.41: - CVE-2021-35604: Fixed InnoDB vulnerability that allowed an high privileged attacker with network access via multiple protocols to compromise MySQL (bsc#1192497). Moderate SUSE bug 1192497 CVE-2021-35604 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for python fixes the following issues: - buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution (bsc#1181126, CVE-2021-3177). - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). Important SUSE bug 1176262 SUSE bug 1180686 SUSE bug 1181126 CVE-2019-20916 CVE-2021-3177 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3348: Fixed a use-after-free in nbd_add_socket() that could be triggered by local attackers (with access to the nbd device) via an I/O request (bnc#1181504). - CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349). - CVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found, specifically in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878). - CVE-2020-25211: Fixed a buffer overflow in ctnetlink_parse_tuple_filter() which could be triggered by a local attackers by injecting conntrack netlink configuration (bnc#1176395). - CVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl (bnc#1176846). - CVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509). - CVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508). - CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031). - CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666). - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141). - CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086). - CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107). - CVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601). - CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960). - CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745). - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589). - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886). - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182). - CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140). - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559). - CVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372). - CVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed (bsc#1179663). The following non-security bugs were fixed: - blk-mq: improve heavily contended tag case (bsc#1178198). - debugfs_lookup(): switch to lookup_one_len_unlocked() (bsc#1171979). - epoll: Keep a reference on files added to the check list (bsc#1180031). - fix regression in 'epoll: Keep a reference on files added to the check list' (bsc#1180031, git-fixes). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032). - futex: Ensure the correct return value from futex_lock_pi() (bsc#1181349 bsc#1149032). - futex: Fix incorrect should_fail_futex() handling (bsc#1181349). - futex: Handle faults correctly for PI futexes (bsc#1181349 bsc#1149032). - futex: Provide and use pi_state_update_owner() (bsc#1181349 bsc#1149032). - futex: Replace pointless printk in fixup_owner() (bsc#1181349 bsc#1149032). - futex: Simplify fixup_pi_state_owner() (bsc#1181349 bsc#1149032). - futex: Use pi_state_update_owner() in put_pi_state() (bsc#1181349 bsc#1149032). - HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052). - iommu/vt-d: Do not dereference iommu_device if IOMMU_API is not built (bsc#1181001, jsc#ECO-3191). - iommu/vt-d: Gracefully handle DMAR units with no supported address widths (bsc#1181001, jsc#ECO-3191). - kABI: Fix kABI for extended APIC-ID support (bsc#1181001, jsc#ECO-3191). - locking/futex: Allow low-level atomic operations to return -EAGAIN (bsc#1149032). - md/bitmap: fix memory leak of temporary bitmap (bsc#1163727). - md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727). - md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727). - md/cluster: block reshape with remote resync job (bsc#1163727). - md/cluster: fix deadlock when node is doing resync job (bsc#1163727). - md-cluster: Fix potential error pointer dereference in resize_bitmaps() (bsc#1163727). - md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc#1163727). - md-cluster: fix safemode_delay value when converting to clustered bitmap (bsc#1163727). - md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727). - Move upstreamed bt fixes into sorted section - nbd: Fix memory leak in nbd_add_socket (bsc#1181504). - net/x25: prevent a couple of overflows (bsc#1178590). - NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304). - rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (bsc#1181349 bsc#1149032). - s390/dasd: fix hanging device offline processing (bsc#1144912). - scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#188304). - scsi: ibmvfc: Use compiler attribute defines instead of __attribute__() (bsc#1176962 ltc#188304). - SUNRPC: cache: ignore timestamp written to 'flush' file (bsc#1178036). - x86/apic: Fix x2apic enablement without interrupt remapping (bsc#1181001, jsc#ECO-3191). - x86/apic: Support 15 bits of APIC ID in IOAPIC/MSI where available (bsc#1181001, jsc#ECO-3191). - x86/ioapic: Handle Extended Destination ID field in RTE (bsc#1181001, jsc#ECO-3191). - x86/kvm: Add KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191). - x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191). - x86/msi: Only use high bits of MSI address for DMAR unit (bsc#1181001, jsc#ECO-3191). - x86/tracing: Introduce a static key for exception tracing (bsc#1179895). - x86/traps: Simplify pagefault tracing logic (bsc#1179895). - xfrm: Fix memleak on xfrm state destroy (bsc#1158775). Important SUSE bug 1144912 SUSE bug 1149032 SUSE bug 1158775 SUSE bug 1163727 SUSE bug 1171979 SUSE bug 1176395 SUSE bug 1176846 SUSE bug 1176962 SUSE bug 1177304 SUSE bug 1177666 SUSE bug 1178036 SUSE bug 1178182 SUSE bug 1178198 SUSE bug 1178372 SUSE bug 1178589 SUSE bug 1178590 SUSE bug 1178684 SUSE bug 1178886 SUSE bug 1179107 SUSE bug 1179140 SUSE bug 1179141 SUSE bug 1179419 SUSE bug 1179429 SUSE bug 1179508 SUSE bug 1179509 SUSE bug 1179601 SUSE bug 1179616 SUSE bug 1179663 SUSE bug 1179666 SUSE bug 1179745 SUSE bug 1179877 SUSE bug 1179878 SUSE bug 1179895 SUSE bug 1179960 SUSE bug 1179961 SUSE bug 1180008 SUSE bug 1180027 SUSE bug 1180028 SUSE bug 1180029 SUSE bug 1180030 SUSE bug 1180031 SUSE bug 1180032 SUSE bug 1180052 SUSE bug 1180086 SUSE bug 1180559 SUSE bug 1180562 SUSE bug 1180676 SUSE bug 1181001 SUSE bug 1181158 SUSE bug 1181349 SUSE bug 1181504 SUSE bug 1181553 SUSE bug 1181645 CVE-2019-20934 CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-15436 CVE-2020-15437 CVE-2020-25211 CVE-2020-25639 CVE-2020-25669 CVE-2020-27068 CVE-2020-27777 CVE-2020-27786 CVE-2020-27825 CVE-2020-27835 CVE-2020-28374 CVE-2020-28915 CVE-2020-28974 CVE-2020-29371 CVE-2020-29568 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2020-4788 CVE-2021-3347 CVE-2021-3348 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for wpa_supplicant fixes the following issues: - CVE-2021-0326: P2P group information processing vulnerability (bsc#1181777). - CVE-2019-16275: AP mode PMF disconnection protection bypass (bsc#1150934) Important SUSE bug 1150934 SUSE bug 1181777 CVE-2019-16275 CVE-2021-0326 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for openvswitch fixes the following issues: - CVE-2020-35498: Fixed a denial of service related to the handling of Ethernet padding (bsc#1181742). Important SUSE bug 1181742 CVE-2020-35498 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for jasper fixes the following issues: - bsc#1179748 CVE-2020-27828: Fix heap overflow by checking maxrlvls - bsc#1181483 CVE-2021-3272: Fix buffer over-read in jp2_decode Important SUSE bug 1179748 SUSE bug 1181483 CVE-2020-27828 CVE-2021-3272 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for screen fixes the following issues: - CVE-2021-26937: Fixed double width combining char handling that could lead to a denial of service or code execution (bsc#1182092). Important SUSE bug 1182092 CVE-2021-26937 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for bind fixes the following issues: - CVE-2020-8625: A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack [bsc#1182246, CVE-2020-8625] Important SUSE bug 1182246 CVE-2020-8625 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 4 Fix Pack 80 [bsc#1182186, bsc#1181239, CVE-2020-27221, CVE-2020-14803] * CVE-2020-27221: Potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. * CVE-2020-14803: Unauthenticated attacker with network access via multiple protocols allows to compromise Java SE. Important SUSE bug 1181239 SUSE bug 1182186 CVE-2020-14803 CVE-2020-27221 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for krb5-appl fixes the following issues: - CVE-2019-25017: Check the filenames sent by the server match those requested by the client (bsc#1131109). - CVE-2019-25018: Disallow empty incoming filename or ones that refer to the current directory (bsc#1131109). Important SUSE bug 1131109 CVE-2019-25017 CVE-2019-25018 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for java-1_8_0-openjdk fixes the following issues: - Update to version jdk8u282 (icedtea 3.18.0) * January 2021 CPU (bsc#1181239) * Security fixes + JDK-8247619: Improve Direct Buffering of Characters (CVE-2020-14803) * Import of OpenJDK 8 u282 build 01 + JDK-6962725: Regtest javax/swing/JFileChooser/6738668/ /bug6738668.java fails under Linux + JDK-8025936: Windows .pdb and .map files does not have proper dependencies setup + JDK-8030350: Enable additional compiler warnings for GCC + JDK-8031423: Test java/awt/dnd/DisposeFrameOnDragCrash/ /DisposeFrameOnDragTest.java fails by Timeout on Windows + JDK-8036122: Fix warning 'format not a string literal' + JDK-8051853: new URI('x/').resolve('..').getSchemeSpecificPart() returns null! + JDK-8132664: closed/javax/swing/DataTransfer/DefaultNoDrop/ /DefaultNoDrop.java locks on Windows + JDK-8134632: Mark javax/sound/midi/Devices/ /InitializationHang.java as headful + JDK-8148854: Class names 'SomeClass' and 'LSomeClass;' treated by JVM as an equivalent + JDK-8148916: Mark bug6400879.java as intermittently failing + JDK-8148983: Fix extra comma in changes for JDK-8148916 + JDK-8160438: javax/swing/plaf/nimbus/8057791/bug8057791.java fails + JDK-8165808: Add release barriers when allocating objects with concurrent collection + JDK-8185003: JMX: Add a version of ThreadMXBean.dumpAllThreads with a maxDepth argument + JDK-8202076: test/jdk/java/io/File/WinSpecialFiles.java on windows with VS2017 + JDK-8207766: [testbug] Adapt tests for Aix. + JDK-8212070: Introduce diagnostic flag to abort VM on failed JIT compilation + JDK-8213448: [TESTBUG] enhance jfr/jvm/TestDumpOnCrash + JDK-8215727: Restore JFR thread sampler loop to old / previous behavior + JDK-8220657: JFR.dump does not work when filename is set + JDK-8221342: [TESTBUG] Generate Dockerfile for docker testing + JDK-8224502: [TESTBUG] JDK docker test TestSystemMetrics.java fails with access issues and OOM + JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread + JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes + JDK-8232114: JVM crashed at imjpapi.dll in native code + JDK-8234270: [REDO] JDK-8204128 NMT might report incorrect numbers for Compiler area + JDK-8234339: replace JLI_StrTok in java_md_solinux.c + JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes + JDK-8242335: Additional Tests for RSASSA-PSS + JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in + JDK-8245400: Upgrade to LittleCMS 2.11 + JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention + JDK-8249176: Update GlobalSignR6CA test certificates + JDK-8250665: Wrong translation for the month name of May in ar_JO,LB,SY + JDK-8250928: JFR: Improve hash algorithm for stack traces + JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java + JDK-8251840: Java_sun_awt_X11_XToolkit_getDefaultScreenData should not be in make/mapfiles/libawt_xawt/mapfile-vers + JDK-8252384: [TESTBUG] Some tests refer to COMPAT provider rather than JRE + JDK-8252395: [8u] --with-native-debug-symbols=external doesn't include debuginfo files for binaries + JDK-8252497: Incorrect numeric currency code for ROL + JDK-8252754: Hash code calculation of JfrStackTrace is inconsistent + JDK-8252904: VM crashes when JFR is used and JFR event class is transformed + JDK-8252975: [8u] JDK-8252395 breaks the build for --with-native-debug-symbols=internal + JDK-8253284: Zero OrderAccess barrier mappings are incorrect + JDK-8253550: [8u] JDK-8252395 breaks the build for make STRIP_POLICY=no_strip + JDK-8253752: test/sun/management/jmxremote/bootstrap/ /RmiBootstrapTest.java fails randomly + JDK-8254081: java/security/cert/PolicyNode/ /GetPolicyQualifiers.java fails due to an expired certificate + JDK-8254144: Non-x86 Zero builds fail with return-type warning in os_linux_zero.cpp + JDK-8254166: Zero: return-type warning in zeroInterpreter_zero.cpp + JDK-8254683: [TEST_BUG] jdk/test/sun/tools/jconsole/ /WorkerDeadlockTest.java fails + JDK-8255003: Build failures on Solaris Moderate SUSE bug 1181239 CVE-2020-14803 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 25 [bsc#1182186, bsc#1181239, CVE-2020-27221, CVE-2020-14803] * CVE-2020-27221: Potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. * CVE-2020-14803: Unauthenticated attacker with network access via multiple protocols allows to compromise Java SE. Important SUSE bug 1181239 SUSE bug 1182186 CVE-2020-14803 CVE-2020-27221 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for open-iscsi fixes the following issues: Fixes for CVE-2019-17437, CVE-2020-17438, CVE-2020-13987 and CVE-2020-13988 (bsc#1179908): - check for TCP urgent pointer past end of frame - check for u8 overflow when processing TCP options - check for header length underflow during checksum calculation Important SUSE bug 1179908 CVE-2020-13987 CVE-2020-13988 CVE-2020-17437 CVE-2020-17438 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for perl-XML-Twig fixes the following issues: - Security fix [bsc#1008644, CVE-2016-9180] * Added: the no_xxe option to XML::Twig::new, which causes the parse to fail if external entities are used (to prevent malicious XML to access the filesystem). * Setting expand_external_ents to 0 or -1 currently doesn't work as expected; To completely turn off expanding external entities use no_xxe. * Update documentation for XML::Twig to mention problems with expand_external_ents and add information about new no_xxe argument Moderate SUSE bug 1008644 CVE-2016-9180 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.8.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-08 (bsc#1182614) * CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources * CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 Important SUSE bug 1182357 SUSE bug 1182614 CVE-2021-23968 CVE-2021-23969 CVE-2021-23973 CVE-2021-23978 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for python-cryptography fixes the following issues: - CVE-2020-36242: Using the Fernet class to symmetrically encrypt multi gigabyte values could result in an integer overflow and buffer overflow (bsc#1182066). Important SUSE bug 1182066 CVE-2020-36242 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for grub2 fixes the following issues: grub2 now implements the new 'SBAT' method for SHIM based secure boot revocation. (bsc#1182057) Following security issues are fixed that can violate secure boot constraints: - CVE-2020-25632: Fixed a use-after-free in rmmod command (bsc#1176711) - CVE-2020-25647: Fixed an out-of-bound write in grub_usb_device_initialize() (bsc#1177883) - CVE-2020-27749: Fixed a stack buffer overflow in grub_parser_split_cmdline (bsc#1179264) - CVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi commands in secure boot mode (bsc#1179265 bsc#1175970) - CVE-2021-20225: Fixed a heap out-of-bounds write in short form option parser (bsc#1182262) - CVE-2021-20233: Fixed a heap out-of-bound write due to mis-calculation of space required for quoting (bsc#1182263) Important SUSE bug 1175970 SUSE bug 1176711 SUSE bug 1177883 SUSE bug 1179264 SUSE bug 1179265 SUSE bug 1182057 SUSE bug 1182262 SUSE bug 1182263 CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. Important SUSE bug 1182279 SUSE bug 1182408 SUSE bug 1182411 SUSE bug 1182412 SUSE bug 1182413 SUSE bug 1182415 SUSE bug 1182416 SUSE bug 1182417 SUSE bug 1182418 SUSE bug 1182419 SUSE bug 1182420 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2021-27212 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for openssl-1_0_0 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) Moderate SUSE bug 1182331 SUSE bug 1182333 CVE-2021-23840 CVE-2021-23841 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843). - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753). - CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747). by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372). - CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428). The following non-security bugs were fixed: - cifs: check all path components in resolved dfs target (bsc#1180906). - cifs: fix check of tcon dfs in smb1 (bsc#1180906). - cifs: fix nodfs mount option (bsc#1180906). - cifs: introduce helper for finding referral server (bsc#1180906). - kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082) - kernel-binary.spec: Add back initrd and image symlink ghosts to filelist (bsc#1182140). Fixes: 76a9256314c3 ('rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082).') - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). RPM_BUILD_ROOT is cleared before %%install. Do the unpack into RPM_BUILD_ROOT in %%install - rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014) - rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014) %split_extra still contained two. - rpm/kernel-binary.spec.in: Fix compressed module handling for in-tree KMP (jsc#SLE-10886) - rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045) egrep is only a deprecated bash wrapper for 'grep -E'. So use the latter instead. - rpm/kernel-module-subpackage: make Group tag optional (bsc#1163592) - rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls (bsc#1178401) - rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082). - rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit kernel due to various bugs (bsc#1178762 to name one). There is: ExportFilter: ^kernel-obs-build.*\.x86_64.rpm$ . i586 in Factory's prjconf now. No other actively maintained distro (i.e. merging packaging branch) builds a x86_32 kernel, hence pushing to packaging directly. - rpm/post.sh: Avoid purge-kernel for the first installed kernel (bsc#1180058) - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section - scsi: fc: add FPIN ELS definition (bsc#1181441). - scsi/fc: kABI fixes for new ELS_FPIN definition (bsc#1181441) - scsi: fc: Update Descriptor definition and add RDF and Link Integrity FPINs (bsc#1181441). - scsi: Fix trivial spelling (bsc#1181441). - scsi: qla2xxx: Add IOCB resource tracking (bsc#1181441). - scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1181441). - scsi: qla2xxx: Address a set of sparse warnings (bsc#1181441). - scsi: qla2xxx: Add rport fields in debugfs (bsc#1181441). - scsi: qla2xxx: Add SLER and PI control support (bsc#1181441). - scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (bsc#1181441). - scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (bsc#1181441). - scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (bsc#1181441). - scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (bsc#1181441). - scsi: qla2xxx: Change post del message from debug level to log level (bsc#1181441). - scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (bsc#1181441). - scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (bsc#1181441). - scsi: qla2xxx: Check if FW supports MQ before enabling (bsc#1181441). - scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (bsc#1181441). - scsi: qla2xxx: Correct the check for sscanf() return value (bsc#1181441). - scsi: qla2xxx: Do not check for fw_started while posting NVMe command (bsc#1181441). - scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (bsc#1181441). - scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1181441). - scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (bsc#1181441). - scsi: qla2xxx: Fix buffer-buffer credit extraction error (bsc#1181441). - scsi: qla2xxx: Fix compilation issue in PPC systems (bsc#1181441). - scsi: qla2xxx: Fix crash during driver load on big endian machines (bsc#1181441). - scsi: qla2xxx: Fix crash on session cleanup with unload (bsc#1181441). - scsi: qla2xxx: Fix description for parameter ql2xenforce_iocb_limit (bsc#1181441). - scsi: qla2xxx: Fix device loss on 4G and older HBAs (bsc#1181441). - scsi: qla2xxx: Fix endianness annotations in header files (bsc#1181441). - scsi: qla2xxx: Fix endianness annotations in source files (bsc#1181441). - scsi: qla2xxx: Fix failure message in qlt_disable_vha() (bsc#1181441). - scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines (bsc#1181441). - scsi: qla2xxx: Fix FW initialization error on big endian machines (bsc#1181441). - scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (bsc#1181441). - scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (bsc#1181441). - scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (bsc#1181441). - scsi: qla2xxx: Fix I/O errors during LIP reset tests (bsc#1181441). - scsi: qla2xxx: Fix I/O failures during remote port toggle testing (bsc#1181441). - scsi: qla2xxx: Fix issue with adapter's stopping state (bsc#1181441). - scsi: qla2xxx: Fix login timeout (bsc#1181441). - scsi: qla2xxx: Fix memory size truncation (bsc#1181441). - scsi: qla2xxx: Fix MPI failure AEN (8200) handling (bsc#1181441). - scsi: qla2xxx: Fix MPI reset needed message (bsc#1181441). - scsi: qla2xxx: Fix N2N and NVMe connect retry failure (bsc#1181441). - scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (bsc#1181441). - scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (bsc#1181441). - scsi: qla2xxx: Fix regression on sparc64 (bsc#1181441). - scsi: qla2xxx: Fix reset of MPI firmware (bsc#1181441). - scsi: qla2xxx: Fix return of uninitialized value in rval (bsc#1181441). - scsi: qla2xxx: Fix spelling of a variable name (bsc#1181441). - scsi: qla2xxx: Fix the call trace for flush workqueue (bsc#1181441). - scsi: qla2xxx: Fix the code that reads from mailbox registers (bsc#1181441). - scsi: qla2xxx: Fix the return value (bsc#1181441). - scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (bsc#1181441). - scsi: qla2xxx: Fix warning after FC target reset (bsc#1181441). - scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (bsc#1181441). - scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (bsc#1181441). - scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (bsc#1181441). - scsi: qla2xxx: Flush all sessions on zone disable (bsc#1181441). - scsi: qla2xxx: Flush I/O on zone disable (bsc#1181441). - scsi: qla2xxx: Handle aborts correctly for port undergoing deletion (bsc#1181441). - scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (bsc#1181441). - scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry (bsc#1181441). - scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (bsc#1181441). - scsi: qla2xxx: Indicate correct supported speeds for Mezz card (bsc#1181441). - scsi: qla2xxx: Initialize 'n' before using it (bsc#1181441). - scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (bsc#1181441). - scsi: qla2xxx: Introduce a function for computing the debug message prefix (bsc#1181441). - scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1181441). - scsi: qla2xxx: Limit interrupt vectors to number of CPUs (bsc#1181441). - scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (bsc#1181441). - scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1181441). - scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (bsc#1181441). - scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (bsc#1181441). - scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (bsc#1181441). - scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (bsc#1181441). - scsi: qla2xxx: Make qlafx00_process_aen() return void (bsc#1181441). - scsi: qla2xxx: Make qla_set_ini_mode() return void (bsc#1181441). - scsi: qla2xxx: Make tgt_port_database available in initiator mode (bsc#1181441). - scsi: qla2xxx: Move sess cmd list/lock to driver (bsc#1181441). - scsi: qla2xxx: Performance tweak (bsc#1181441). - scsi: qla2xxx: Reduce duplicate code in reporting speed (bsc#1181441). - scsi: qla2xxx: Reduce noisy debug message (bsc#1181441). - scsi: qla2xxx: Remove an unused function (bsc#1181441). - scsi: qla2xxx: Remove a superfluous cast (bsc#1181441). - scsi: qla2xxx: remove incorrect sparse #ifdef (bsc#1181441). - scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code (bsc#1181441). - scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code (bsc#1181441). - scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1181441). - scsi: qla2xxx: Remove redundant variable initialization (bsc#1181441). - scsi: qla2xxx: Remove return value from qla_nvme_ls() (bsc#1181441). - scsi: qla2xxx: Remove superfluous memset() (bsc#1181441). - scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (bsc#1181441). - scsi: qla2xxx: Remove trailing semicolon in macro definition (bsc#1181441). - scsi: qla2xxx: Remove unneeded variable 'rval' (bsc#1181441). - scsi: qla2xxx: Return EBUSY on fcport deletion (bsc#1181441). - scsi: qla2xxx: SAN congestion management implementation (bsc#1181441). - scsi: qla2xxx: Setup debugfs entries for remote ports (bsc#1181441). - scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (bsc#1181441). - scsi: qla2xxx: Simplify the functions for dumping firmware (bsc#1181441). - scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (bsc#1181441). - scsi: qla2xxx: Split qla2x00_configure_local_loop() (bsc#1181441). - scsi: qla2xxx: Tear down session if FW say it is down (bsc#1181441). - scsi: qla2xxx: Update version to 10.02.00.102-k (bsc#1181441). - scsi: qla2xxx: Update version to 10.02.00.103-k (bsc#1181441). - scsi: qla2xxx: Update version to 10.02.00.104-k (bsc#1181441). - scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (bsc#1181441). - scsi: qla2xxx: Use constant when it is known (bsc#1181441). - scsi: qla2xxx: Use make_handle() instead of open-coding it (bsc#1181441). - scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (bsc#1181441). - scsi: qla2xxx: Use register names instead of register offsets (bsc#1181441). - scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1181441). - scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1181441). - scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (bsc#1181441). - scsi: scsi_transport_fc: Add FPIN fc event codes (bsc#1181441). - scsi: scsi_transport_fc: refactor event posting routines (bsc#1181441). - scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (bsc#1181441). - x86/hyperv: Fix kexec panic/hang issues (bsc#1176831). - xen/netback: avoid race in xenvif_rx_ring_slots_available() (bsc#1065600). - xen/netback: fix spurious event detection for common event case (bsc#1182175). Important SUSE bug 1065600 SUSE bug 1163592 SUSE bug 1176831 SUSE bug 1178401 SUSE bug 1178762 SUSE bug 1179014 SUSE bug 1179015 SUSE bug 1179045 SUSE bug 1179082 SUSE bug 1179428 SUSE bug 1179660 SUSE bug 1180058 SUSE bug 1180906 SUSE bug 1181441 SUSE bug 1181747 SUSE bug 1181753 SUSE bug 1181843 SUSE bug 1182140 SUSE bug 1182175 CVE-2020-29368 CVE-2020-29374 CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for wpa_supplicant fixes the following issues: - CVE-2021-27803: P2P provision discovery processing vulnerability (bsc#1182805) Important SUSE bug 1182805 CVE-2021-27803 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) Moderate SUSE bug 1182331 SUSE bug 1182333 CVE-2021-23840 CVE-2021-23841 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for git fixes the following issues: - On case-insensitive filesystems, with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters (such as Git LFS), Git could be fooled into running remote code during a clone. (bsc#1183026, CVE-2021-21300) Important SUSE bug 1183026 CVE-2021-21300 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for python fixes the following issues: - python27 was upgraded to 2.7.18 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator (bsc#1182379). Moderate SUSE bug 1182379 CVE-2019-18348 CVE-2021-23336 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.6.1 ESR * Fixed: Critical security issue MFSA 2021-01 (bsc#1180623) * CVE-2020-16044 Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk Important SUSE bug 1180623 CVE-2020-16044 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) Important SUSE bug 1182328 SUSE bug 1182362 CVE-2021-27218 CVE-2021-27219 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for wavpack fixes the following issues: - CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414). Important SUSE bug 1180414 CVE-2020-35738 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for nghttp2 fixes the following issues: Security issues fixed: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358). - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184). - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146182). - CVE-2018-1000168: Fixed ALTSVC frame client side denial of service (bsc#1088639). - CVE-2016-1544: Fixed out of memory due to unlimited incoming HTTP header fields (bsc#966514). Bug fixes and enhancements: - Packages must not mark license files as %doc (bsc#1082318) - Typo in description of libnghttp2_asio1 (bsc#962914) - Fixed mistake in spec file (bsc#1125689) - Fixed build issue with boost 1.70.0 (bsc#1134616) - Fixed build issue with GCC 6 (bsc#964140) - Feature: Add W&S module (FATE#326776, bsc#1112438) Important SUSE bug 1082318 SUSE bug 1088639 SUSE bug 1112438 SUSE bug 1125689 SUSE bug 1134616 SUSE bug 1146182 SUSE bug 1146184 SUSE bug 1181358 SUSE bug 962914 SUSE bug 964140 SUSE bug 966514 CVE-2016-1544 CVE-2018-1000168 CVE-2019-9511 CVE-2019-9513 CVE-2020-11080 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for openssl-1_1 fixes the following security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] Important SUSE bug 1183852 CVE-2021-3449 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for tomcat fixes the following issues: - CVE-2021-25122: Apache Tomcat h2c request mix-up (bsc#1182912) - CVE-2021-25329: Complete fix for CVE-2020-9484 (bsc#1182909) Important SUSE bug 1182909 SUSE bug 1182912 CVE-2021-25122 CVE-2021-25329 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.9.0 ESR (MFSA 2021-11, bsc#1183942) * CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read * CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage * CVE-2021-23984: Malicious extensions could have spoofed popup information * CVE-2021-23987: Memory safety bugs Important SUSE bug 1183942 CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for openvpn fixes the following issues: - CVE-2022-0547: Fixed possible authentication bypass in external authentication plug-in (bsc#1197341). Important SUSE bug 1197341 CVE-2022-0547 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for java-1_7_1-ibm fixes the following issues: Update Java 7.1 to Service Refresh 7 Fix Pack 5 (bsc#1197126). Including fixes for the following vulnerabilities: CVE-2022-21366, CVE-2022-21365, CVE-2022-21360, CVE-2022-21349, CVE-2022-21341, CVE-2022-21340, CVE-2022-21305, CVE-2022-21277, CVE-2022-21299, CVE-2022-21296, CVE-2022-21282, CVE-2022-21294, CVE-2022-21293, CVE-2022-21291, CVE-2022-21283, CVE-2022-21248, CVE-2022-21271. Important SUSE bug 1194925 SUSE bug 1194926 SUSE bug 1194927 SUSE bug 1194928 SUSE bug 1194929 SUSE bug 1194930 SUSE bug 1194931 SUSE bug 1194932 SUSE bug 1194933 SUSE bug 1194934 SUSE bug 1194935 SUSE bug 1194937 SUSE bug 1194939 SUSE bug 1194940 SUSE bug 1194941 SUSE bug 1196500 SUSE bug 1197126 CVE-2022-21248 CVE-2022-21271 CVE-2022-21277 CVE-2022-21282 CVE-2022-21283 CVE-2022-21291 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21349 CVE-2022-21360 CVE-2022-21365 CVE-2022-21366 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for java-1_8_0-ibm fixes the following issues: Update Java 8.0 to Service Refresh 7 Fix Pack 5 (bsc#1197126). Including fixes for the following vulnerabilities: CVE-2022-21366, CVE-2022-21365, CVE-2022-21360, CVE-2022-21349, CVE-2022-21341, CVE-2022-21340, CVE-2022-21305, CVE-2022-21277, CVE-2022-21299, CVE-2022-21296, CVE-2022-21282, CVE-2022-21294, CVE-2022-21293, CVE-2022-21291, CVE-2022-21283, CVE-2022-21248, CVE-2022-21271. Non-securtiy fix: - Fixed a broken symlink for javaws (bsc#1195146). Important SUSE bug 1194925 SUSE bug 1194926 SUSE bug 1194927 SUSE bug 1194928 SUSE bug 1194929 SUSE bug 1194930 SUSE bug 1194931 SUSE bug 1194932 SUSE bug 1194933 SUSE bug 1194934 SUSE bug 1194935 SUSE bug 1194937 SUSE bug 1194939 SUSE bug 1194940 SUSE bug 1194941 SUSE bug 1195146 SUSE bug 1196500 SUSE bug 1197126 CVE-2022-21248 CVE-2022-21271 CVE-2022-21277 CVE-2022-21282 CVE-2022-21283 CVE-2022-21291 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21349 CVE-2022-21360 CVE-2022-21365 CVE-2022-21366 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). Important SUSE bug 1197459 CVE-2018-25032 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 7 Fix Pack 0 - CVE-2021-41035: before version 0.29.0, the openj9 JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. (bsc#1194198, bsc#1192052) - CVE-2021-35586: Excessive memory allocation in BMPImageReader. (bsc#1191914) - CVE-2021-35564: Certificates with end dates too far in the future can corrupt keystore. (bsc#1191913) - CVE-2021-35559: Excessive memory allocation in RTFReader. (bsc#1191911) - CVE-2021-35556: Excessive memory allocation in RTFParser. (bsc#1191910) - CVE-2021-35565: Loop in HttpsServer triggered during TLS session close. (bsc#1191909) - CVE-2021-35588: Incomplete validation of inner class references in ClassFileParser. (bsc#1191905) - CVE-2021-2341: Fixed a flaw inside the FtpClient. (bsc#1188564) - CVE-2021-2369: JAR file handling problem containing multiple MANIFEST.MF files. (bsc#1188565) - CVE-2021-2163: Incomplete enforcement of JAR signing disabled algorithms. (bsc#1185055) - CVE-2021-35560: Fixed a vulnerability in the component Deployment. (bsc#1191902) - CVE-2021-35578: Fixed unexpected exception raised during TLS handshake. (bsc#1191904) Important SUSE bug 1185055 SUSE bug 1188564 SUSE bug 1188565 SUSE bug 1191902 SUSE bug 1191904 SUSE bug 1191905 SUSE bug 1191909 SUSE bug 1191910 SUSE bug 1191911 SUSE bug 1191913 SUSE bug 1191914 SUSE bug 1192052 SUSE bug 1194198 SUSE bug 1194232 CVE-2021-2163 CVE-2021-2341 CVE-2021-2369 CVE-2021-35556 CVE-2021-35559 CVE-2021-35560 CVE-2021-35564 CVE-2021-35565 CVE-2021-35578 CVE-2021-35586 CVE-2021-35588 CVE-2021-41035 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Warn if uuidd lock state is not usable. (bsc#1194642) - Fix 'su -s' bash completion. (bsc#1172427) - CVE-2021-37600: Fixed an integer overflow which could lead to buffer overflow in get_sem_elements. (bsc#1188921) - Prevent outdated pam files (bsc#1082293, bsc#1081947#c68). - Do not trim read-only volumes (bsc#1106214). - libmount: To prevent incorrect behavior, recognize more pseudofs and netfs (bsc#1122417). - raw.service: Add `RemainAfterExit=yes` (bsc#1135534). - agetty: Reload issue only if it is really needed (bsc#1085196) - agetty: Return previous response of agetty for special characters (bsc#1085196, bsc#1125886) - blockdev: Do not fail `--report` on kpartx-style partitions on multipath. (bsc#1168235) - nologin: Add support for `-c` to prevent error from `su -c`. (bsc#1151708) - Avoid triggering autofs in lookup_umount_fs_by_statfs. (bsc#1168389) - libblkid: Do not trigger CDROM autoclose. (bsc#1084671) - Avoid sulogin failing on not existing or not functional console devices. (bsc#1175514) - Build with libudev support to support non-root users. (bsc#1169006) - lscpu: avoid segfault on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to CIFS with mount –a. (bsc#1174942) Important SUSE bug 1081947 SUSE bug 1082293 SUSE bug 1084671 SUSE bug 1085196 SUSE bug 1106214 SUSE bug 1122417 SUSE bug 1125886 SUSE bug 1135534 SUSE bug 1135708 SUSE bug 1151708 SUSE bug 1168235 SUSE bug 1168389 SUSE bug 1169006 SUSE bug 1172427 SUSE bug 1174942 SUSE bug 1175514 SUSE bug 1175623 SUSE bug 1178236 SUSE bug 1178554 SUSE bug 1178825 SUSE bug 1188921 SUSE bug 1194642 CVE-2021-37600 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for mozilla-nss fixes the following issues: Mozilla NSS 3.68.3 (bsc#1197903): - CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use. Important SUSE bug 1197903 CVE-2022-1097 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.8.0 ESR (bsc#1197903): MFSA 2022-14 (bsc#1197903) * CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use * CVE-2022-28281: Fixed an out of bounds write due to unexpected WebAuthN Extensions * CVE-2022-1196: Fixed a use-after-free after VR Process destruction * CVE-2022-28282: Fixed a use-after-free in DocumentL10n::TranslateDocument * CVE-2022-28285: Fixed incorrect AliasSet used in JIT Codegen * CVE-2022-28286: Fixed that iframe contents could be rendered outside the border * CVE-2022-24713: Fixed a denial of service via complex regular expressions * CVE-2022-28289: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8 Important SUSE bug 1197903 CVE-2022-1097 CVE-2022-1196 CVE-2022-24713 CVE-2022-28281 CVE-2022-28282 CVE-2022-28285 CVE-2022-28286 CVE-2022-28289 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for openjpeg2 fixes the following issues: - CVE-2016-1924: Fixed heap buffer overflow (bsc#980504). - CVE-2016-3183: Fixed out-of-bounds read in sycc422_to_rgb function (bsc#971617). - CVE-2016-4797: Fixed heap buffer overflow (bsc#980504). - CVE-2018-14423: Fixed division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl,and pi_next_rpcl in lib/openjp3d/pi.c (bsc#1102016). - CVE-2018-16375: Fixed missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c (bsc#1106882). - CVE-2018-16376: Fixed heap-based buffer overflow function t2_encode_packet in lib/openmj2/t2.c (bsc#1106881). - CVE-2018-20845: Fixed division-by-zero in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c (bsc#1140130). - CVE-2018-20846: Fixed out-of-bounds accesses in pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c (bsc#1140205). - CVE-2020-8112: Fixed heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c (bsc#1162090). - CVE-2020-15389: Fixed use-after-free if t a mix of valid and invalid files in a directory operated on by the decompressor (bsc#1173578). - CVE-2020-27823: Fixed heap buffer over-write in opj_tcd_dc_level_shift_encode() (bsc#1180457). - CVE-2021-29338: Fixed integer overflow that allows remote attackers to crash the application (bsc#1184774). - CVE-2022-1122: Fixed segmentation fault in opj2_decompress due to uninitialized pointer (bsc#1197738). Important SUSE bug 1102016 SUSE bug 1106881 SUSE bug 1106882 SUSE bug 1140130 SUSE bug 1140205 SUSE bug 1162090 SUSE bug 1173578 SUSE bug 1180457 SUSE bug 1184774 SUSE bug 1197738 SUSE bug 971617 SUSE bug 980504 CVE-2016-1924 CVE-2016-3183 CVE-2016-4797 CVE-2018-14423 CVE-2018-16375 CVE-2018-16376 CVE-2018-20845 CVE-2018-20846 CVE-2020-15389 CVE-2020-27823 CVE-2020-8112 CVE-2021-29338 CVE-2022-1122 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for python rebuilds python against a symbol versioned openssl 1.0.2 to allow usage with openssl 1.1.1. Also the following security issues are fixed: - CVE-2022-0391: Fixed sanitizing URLs containing ASCII newline and tabs in urlparse (bsc#1195396). - CVE-2021-4189: Make ftplib not trust the PASV response (bsc#1194146). Moderate SUSE bug 1187784 SUSE bug 1194146 SUSE bug 1195396 CVE-2021-4189 CVE-2022-0391 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: - CVE-2021-4140: Fixed iframe sandbox bypass with XSLT (bsc#1194547). - CVE-2022-22737: Fixed race condition when playing audio files (bsc#1194547). - CVE-2022-22738: Fixed heap-buffer-overflow in blendGaussianBlur (bsc#1194547). - CVE-2022-22739: Fixed missing throttling on external protocol launch dialog (bsc#1194547). - CVE-2022-22740: Fixed use-after-free of ChannelEventQueue::mOwner (bsc#1194547). - CVE-2022-22741: Fixed browser window spoof using fullscreen mode (bsc#1194547). - CVE-2022-22742: Fixed out-of-bounds memory access when inserting text in edit mode (bsc#1194547). - CVE-2022-22743: Fixed browser window spoof using fullscreen mode (bsc#1194547). - CVE-2022-22744: Fixed possible command injection via the 'Copy as curl' feature in DevTools (bsc#1194547). - CVE-2022-22745: Fixed leaking cross-origin URLs through securitypolicyviolation event (bsc#1194547). - CVE-2022-22746: Fixed calling into reportValidity could have lead to fullscreen window spoof (bsc#1194547). - CVE-2022-22747: Fixed crash when handling empty pkcs7 sequence(bsc#1194547). - CVE-2022-22748: Fixed spoofed origin on external protocol launch dialog (bsc#1194547). - CVE-2022-22751: Fixed memory safety bugs (bsc#1194547). Important SUSE bug 1194547 CVE-2021-4140 CVE-2022-22737 CVE-2022-22738 CVE-2022-22739 CVE-2022-22740 CVE-2022-22741 CVE-2022-22742 CVE-2022-22743 CVE-2022-22744 CVE-2022-22745 CVE-2022-22746 CVE-2022-22747 CVE-2022-22748 CVE-2022-22751 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) Important SUSE bug 1198062 CVE-2022-1271 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for libexif fixes the following issues: - CVE-2020-0181: Fixed an integer overflow that could lead to denial of service (bsc#1172802). - CVE-2020-0198: Fixed and unsigned integer overflow that could lead to denial of service (bsc#1172768). - CVE-2020-0452: Fixed a buffer overflow check that could be optimized away by the compiler (bsc#1178479). Important SUSE bug 1172768 SUSE bug 1172802 SUSE bug 1178479 CVE-2020-0181 CVE-2020-0198 CVE-2020-0452 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for tomcat fixes the following issues: Security hardening, related to Spring Framework vulnerabilities: - Deprecate getResources() and always return null (bsc#1198136). Important SUSE bug 1198136 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for sssd fixes the following issues: - CVE-2021-3621: Fixed shell command injection in sssctl via the logs-fetch and cache-expire subcommands (bsc#1189492). - Add LDAPS support for the AD provider (bsc#1183735)(jsc#SLE-17773). Non-security fixes: - Fixed a crash caused by calling dbus_watch_handle with a corrupted memory value (bsc#1196564). Important SUSE bug 1183735 SUSE bug 1189492 SUSE bug 1196564 CVE-2021-3621 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS The SUSE Linux Enterprise 12 SP4 kernel was updated. The following security bugs were fixed: - CVE-2022-0812: Fixed an incorrect header size calculations which could lead to a memory leak. (bsc#1196639) - CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free. (bnc#1196973) - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227) - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-28356: Fixed a refcount bug in llc_ui_bind and llc_ui_autobind which could allow an unprivileged user to execute a DoS. (bnc#1197391) - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032) - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031) - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331) - CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761) - CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device. (bsc#1196836) - CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366) - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) The following non-security bugs were fixed: - ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018). - genirq: Use rcu in kstat_irqs_usr() (bsc#1193738). - llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes). - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - net: usb: ax88179_178a: fix packet alignment padding (bsc#1196018). - net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). - sr9700: sanity check for packet length (bsc#1196836). - tcp: add some entropy in __inet_hash_connect() (bsc#1180153). - tcp: change source port randomizarion at connect() time (bsc#1180153). - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - x86/tsc: Make calibration refinement more robust (bsc#1196573). - xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). Important SUSE bug 1180153 SUSE bug 1189562 SUSE bug 1193738 SUSE bug 1194943 SUSE bug 1195051 SUSE bug 1195353 SUSE bug 1196018 SUSE bug 1196114 SUSE bug 1196468 SUSE bug 1196488 SUSE bug 1196514 SUSE bug 1196573 SUSE bug 1196639 SUSE bug 1196761 SUSE bug 1196830 SUSE bug 1196836 SUSE bug 1196942 SUSE bug 1196973 SUSE bug 1197211 SUSE bug 1197227 SUSE bug 1197331 SUSE bug 1197366 SUSE bug 1197391 SUSE bug 1197462 SUSE bug 1198031 SUSE bug 1198032 SUSE bug 1198033 CVE-2021-39713 CVE-2021-45868 CVE-2022-0812 CVE-2022-0850 CVE-2022-1016 CVE-2022-1048 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-26490 CVE-2022-26966 CVE-2022-27666 CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for gzip fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) Important SUSE bug 1198062 CVE-2022-1271 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for xen fixes the following issues: - CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that could cause a denial of service in the host (bsc#1197423). - CVE-2022-26357: Fixed a potential race condition in memory cleanup for hosts using VT-d IOMMU hardware, which could lead to a denial of service in the host (bsc#1197425). - CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361: Fixed various memory corruption issues for hosts using VT-d or AMD-Vi IOMMU hardware. These could be leveraged by an attacker to cause a denial of service in the host (bsc#1197426). - CVE-2022-0001, CVE-2022-0002, CVE-2021-26401: Added BHB speculation issue mitigations (bsc#1196915). Important SUSE bug 1196915 SUSE bug 1197423 SUSE bug 1197425 SUSE bug 1197426 CVE-2021-26401 CVE-2022-0001 CVE-2022-0002 CVE-2022-26356 CVE-2022-26357 CVE-2022-26358 CVE-2022-26359 CVE-2022-26360 CVE-2022-26361 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for dnsmasq fixes the following issues: - CVE-2021-3448: Fixed a potential DNS cache poisoning issue due to a constant outgoing port being used when for certain use cases of the --server option (bsc#1183709). - CVE-2022-0934: Fixed an invalid memory access that could lead to remote denial of service via crafted packet (bsc#1197872). Important SUSE bug 1183709 SUSE bug 1197872 CVE-2021-3448 CVE-2022-0934 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for git fixes the following issues: - CVE-2022-24765: Fixed a potential command injection via git worktree (bsc#1198234). Important SUSE bug 1198234 CVE-2022-24765 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed use-after-free of ID and IDREF attributes. (bsc#1196490) Important SUSE bug 1196490 CVE-2022-23308 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for SDL fixes the following issues: - CVE-2020-14409: Fixed an integer overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c. (bsc#1181202) - CVE-2020-14410: Fixed a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c. (bsc#1181201) - CVE-2021-33657: Fixed a Heap overflow problem in video/SDL_pixels.c. (bsc#1198001) Important SUSE bug 1181201 SUSE bug 1181202 SUSE bug 1198001 CVE-2020-14409 CVE-2020-14410 CVE-2021-33657 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for webkit2gtk3 fixes the following issues: - Update to version 2.34.3 (bsc#1194019). - CVE-2021-30887: Fixed logic issue allowing unexpectedly unenforced Content Security Policy when processing maliciously crafted web content. - CVE-2021-30890: Fixed logic issue allowing universal cross site scripting when processing maliciously crafted web content. Important SUSE bug 1194019 CVE-2018-8518 CVE-2018-8523 CVE-2019-8551 CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 CVE-2019-8674 CVE-2019-8681 CVE-2019-8684 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 CVE-2019-8707 CVE-2019-8719 CVE-2019-8726 CVE-2019-8733 CVE-2019-8763 CVE-2019-8765 CVE-2019-8766 CVE-2019-8768 CVE-2019-8782 CVE-2019-8808 CVE-2019-8815 CVE-2019-8821 CVE-2019-8822 CVE-2020-10018 CVE-2020-13753 CVE-2020-27918 CVE-2020-29623 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9947 CVE-2020-9948 CVE-2020-9951 CVE-2020-9952 CVE-2021-1765 CVE-2021-1788 CVE-2021-1817 CVE-2021-1820 CVE-2021-1825 CVE-2021-1826 CVE-2021-1844 CVE-2021-1871 CVE-2021-30661 CVE-2021-30666 CVE-2021-30682 CVE-2021-30761 CVE-2021-30762 CVE-2021-30809 CVE-2021-30818 CVE-2021-30823 CVE-2021-30836 CVE-2021-30846 CVE-2021-30848 CVE-2021-30849 CVE-2021-30851 CVE-2021-30858 CVE-2021-30884 CVE-2021-30887 CVE-2021-30888 CVE-2021-30889 CVE-2021-30890 CVE-2021-30897 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for cifs-utils fixes the following issues: - CVE-2022-27239: Fixed a buffer overflow in the command line ip option (bsc#1197216). Important SUSE bug 1197216 CVE-2022-27239 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for aide fixes the following issues: - CVE-2021-45417: Fix a bufferoverflow in base64 functions (bsc#1194735) Important SUSE bug 1194735 CVE-2021-45417 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: This update contains the Firefox Extended Support Release 91.1.0 ESR. * Fixed: Various stability, functionality, and security fixes MFSA 2021-40 (bsc#1190269, bsc#1190274): * CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer * CVE-2021-38495: Memory safety bugs fixed in Firefox 92 and Firefox ESR 91.1 Firefox 91.0.1esr ESR * Fixed: Fixed an issue causing buttons on the tab bar to be resized when loading certain websites (bug 1704404) * Fixed: Fixed an issue which caused tabs from private windows to be visible in non-private windows when viewing switch-to- tab results in the address bar panel (bug 1720369) * Fixed: Various stability fixes * Fixed: Security fix MFSA 2021-37 (bsc#1189547) * CVE-2021-29991 (bmo#1724896) Header Splitting possible with HTTP/3 Responses Firefox Extended Support Release 91.0 ESR * New: Some of the highlights of the new Extended Support Release are: - A number of user interface changes. For more information, see the Firefox 89 release notes. - Firefox now supports logging into Microsoft, work, and school accounts using Windows single sign-on. Learn more - On Windows, updates can now be applied in the background while Firefox is not running. - Firefox for Windows now offers a new page about:third-party to help identify compatibility issues caused by third-party applications - Version 2 of Firefox's SmartBlock feature further improves private browsing. Third party Facebook scripts are blocked to prevent you from being tracked, but are now automatically loaded 'just in time' if you decide to 'Log in with Facebook' on any website. - Enhanced the privacy of the Firefox Browser's Private Browsing mode with Total Cookie Protection, which confines cookies to the site where they were created, preventing companis from using cookies to track your browsing across sites. This feature was originally launched in Firefox's ETP Strict mode. - PDF forms now support JavaScript embedded in PDF files. Some PDF forms use JavaScript for validation and other interactive features. - You'll encounter less website breakage in Private Browsing and Strict Enhanced Tracking Protection with SmartBlock, which provides stand-in scripts so that websites load properly. - Improved Print functionality with a cleaner design and better integration with your computer's printer settings. - Firefox now protects you from supercookies, a type of tracker that can stay hidden in your browser and track you online, even after you clear cookies. By isolating supercookies, Firefox prevents them from tracking your web browsing from one site to the next. - Firefox now remembers your preferred location for saved bookmarks, displays the bookmarks toolbar by default on new tabs, and gives you easy access to all of your bookmarks via a toolbar folder. - Native support for macOS devices built with Apple Silicon CPUs brings dramatic performance improvements over the non- native build that was shipped in Firefox 83: Firefox launches over 2.5 times faster and web apps are now twice as responsive (per the SpeedoMeter 2.0 test). If you are on a new Apple device, follow these steps to upgrade to the latest Firefox. - Pinch zooming will now be supported for our users with Windows touchscreen devices and touchpads on Mac devices. Firefox users may now use pinch to zoom on touch-capable devices to zoom in and out of webpages. - We’ve improved functionality and design for a number of Firefox search features: * Selecting a search engine at the bottom of the search panel now enters search mode for that engine, allowing you to see suggestions (if available) for your search terms. The old behavior (immediately performing a search) is available with a shift-click. * When Firefox autocompletes the URL of one of your search engines, you can now search with that engine directly in the address bar by selecting the shortcut in the address bar results. * We’ve added buttons at the bottom of the search panel to allow you to search your bookmarks, open tabs, and history. - Firefox supports AcroForm, which will allow you to fill in, print, and save supported PDF forms and the PDF viewer also has a new fresh look. - For our users in the US and Canada, Firefox can now save, manage, and auto-fill credit card information for you, making shopping on Firefox ever more convenient. - In addition to our default, dark and light themes, with this release, Firefox introduces the Alpenglow theme: a colorful appearance for buttons, menus, and windows. You can update your Firefox themes under settings or preferences. * Changed: Firefox no longer supports Adobe Flash. There is no setting available to re-enable Flash support. * Enterprise: Various bug fixes and new policies have been implemented in the latest version of Firefox. See more details in the Firefox for Enterprise 91 Release Notes. MFSA 2021-33 (bsc#1188891): * CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption * CVE-2021-29981: Live range splitting could have led to conflicting assignments in the JIT * CVE-2021-29988: Memory corruption as a result of incorrect style treatment * CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode * CVE-2021-29984: Incorrect instruction reordering during JIT optimization * CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption * CVE-2021-29987: Users could have been tricked into accepting unwanted permissions on Linux * CVE-2021-29985: Use-after-free media channels * CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and type confusion * CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 * CVE-2021-29990: Memory safety bugs fixed in Firefox 91 Important SUSE bug 1188891 SUSE bug 1189547 SUSE bug 1190269 SUSE bug 1190274 CVE-2021-29980 CVE-2021-29981 CVE-2021-29982 CVE-2021-29983 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29987 CVE-2021-29988 CVE-2021-29989 CVE-2021-29990 CVE-2021-29991 CVE-2021-38492 CVE-2021-38495 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for zsh fixes the following issues: - CVE-2018-0502: Fixed execve call vulnerability to program named on the second line when the beginning of a #! script file was mishandled. (bsc#1107296, bsc#1107294) - CVE-2018-13259: Fixed execve call vulnerability to program name that is a substring of the intended one. (bsc#1107296, bsc#1107294) Important SUSE bug 1107294 SUSE bug 1107296 CVE-2018-0502 CVE-2018-13259 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 5 Fix Pack 0 - CVE-2021-41035: before version 0.29.0, the openj9 JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. (bsc#1194198, bsc#1192052) - CVE-2021-35586: Excessive memory allocation in BMPImageReader. (bsc#1191914) - CVE-2021-35564: Certificates with end dates too far in the future can corrupt keystore. (bsc#1191913) - CVE-2021-35559: Excessive memory allocation in RTFReader. (bsc#1191911) - CVE-2021-35556: Excessive memory allocation in RTFParser. (bsc#1191910) - CVE-2021-35565: Loop in HttpsServer triggered during TLS session close. (bsc#1191909) - CVE-2021-35588: Incomplete validation of inner class references in ClassFileParser. (bsc#1191905) - CVE-2021-2341: Fixed a flaw inside the FtpClient. (bsc#1188564) - CVE-2021-2369: JAR file handling problem containing multiple MANIFEST.MF files. (bsc#1188565) - CVE-2021-2432: Fixed a vulnerability in the omponent JNDI. (bsc#1188568) - CVE-2021-2163: Incomplete enforcement of JAR signing disabled algorithms. (bsc#1185055) Moderate SUSE bug 1185055 SUSE bug 1188564 SUSE bug 1188565 SUSE bug 1188568 SUSE bug 1191905 SUSE bug 1191909 SUSE bug 1191910 SUSE bug 1191911 SUSE bug 1191913 SUSE bug 1191914 SUSE bug 1192052 SUSE bug 1194198 SUSE bug 1194232 CVE-2021-2163 CVE-2021-2341 CVE-2021-2369 CVE-2021-2432 CVE-2021-35556 CVE-2021-35559 CVE-2021-35564 CVE-2021-35565 CVE-2021-35586 CVE-2021-35588 CVE-2021-41035 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for gzip fixes the following issues: - CVE-2022-1271: Add hardening for zgrep. (bsc#1198062) Important CVE-2022-1271 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for webkit2gtk3 fixes the following issues: Update to version 2.36.0 (bsc#1198290): - CVE-2022-22624: Fixed use after free that may lead to arbitrary code execution. - CVE-2022-22628: Fixed use after free that may lead to arbitrary code execution. - CVE-2022-22629: Fixed a buffer overflow that may lead to arbitrary code execution. - CVE-2022-22637: Fixed an unexpected cross-origin behavior due to a logic error. Missing CVE reference for the update to 2.34.6 (bsc#1196133): - CVE-2022-22594: Fixed a cross-origin issue in the IndexDB API. Important SUSE bug 1196133 SUSE bug 1198290 CVE-2022-22594 CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22637 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) Important SUSE bug 1198446 CVE-2022-1304 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220510 release. (bsc#1199423) Updated to Intel CPU Microcode 20220419 release. (bsc#1198717) - CVE-2022-21151: Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access (bsc#1199423). Moderate SUSE bug 1198717 SUSE bug 1199423 CVE-2022-21151 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.9.0 ESR (MFSA 2022-17)(bsc#1198970): - CVE-2022-29914: Fullscreen notification bypass using popups - CVE-2022-29909: Bypassing permission prompt in nested browsing contexts - CVE-2022-29916: Leaking browser history with CSS variables - CVE-2022-29911: iframe Sandbox bypass - CVE-2022-29912: Reader mode bypassed SameSite cookies - CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9 Important SUSE bug 1198970 CVE-2022-29909 CVE-2022-29911 CVE-2022-29912 CVE-2022-29914 CVE-2022-29916 CVE-2022-29917 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed a dangling symlink when g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION (bsc#1183533). Low SUSE bug 1183533 CVE-2021-28153 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). - Fixed issue with SASL init that crashed slapd at startup under certain conditions (bsc#1198383). Important SUSE bug 1198383 SUSE bug 1199240 CVE-2022-29155 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251). - CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362). - CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474). - CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476). - CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477). - CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478). - CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479). - CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480). Important SUSE bug 1194251 SUSE bug 1194362 SUSE bug 1194474 SUSE bug 1194476 SUSE bug 1194477 SUSE bug 1194478 SUSE bug 1194479 SUSE bug 1194480 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for postgresql10 fixes the following issues: - CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes (bsc#1199475). Important SUSE bug 1199475 CVE-2022-1552 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.9.1 ESR - MFSA 2022-19 (bsc#1199768): - CVE-2022-1802: Prototype pollution in Top-Level Await implementation - CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution Important SUSE bug 1199768 CVE-2022-1529 CVE-2022-1802 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for python-requests fixes the following issues: - CVE-2018-18074: Fixed to prevent the package to send an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect. (bsc#1111622) Moderate SUSE bug 1111622 CVE-2018-18074 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for libxml2 fixes the following issues: - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c and tree.c (bsc#1199132). - CVE-2017-16932: Prevent infinite recursion in parameter entities (bsc#1069689). Important SUSE bug 1069689 SUSE bug 1199132 CVE-2017-16932 CVE-2022-29824 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed out-of-bounds read via missing Unicode property matching issue in JIT compiled regular expressions (bsc#1199232). Important SUSE bug 1199232 CVE-2022-1586 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for kernel-firmware fixes the following issues: Update AMD ucode and SEV firmware - (CVE-2021-26339, CVE-2021-26373, CVE-2021-26347, CVE-2021-26376, CVE-2021-26375, CVE-2021-26378, CVE-2021-26372, CVE-2021-26339, CVE-2021-26348, CVE-2021-26342, CVE-2021-26388, CVE-2021-26349, CVE-2021-26364, CVE-2021-26312, CVE-2021-26350, CVE-2021-46744, bsc#1199459, bsc#1199470) Moderate SUSE bug 1199459 SUSE bug 1199470 CVE-2021-26312 CVE-2021-26339 CVE-2021-26342 CVE-2021-26347 CVE-2021-26348 CVE-2021-26349 CVE-2021-26350 CVE-2021-26364 CVE-2021-26372 CVE-2021-26373 CVE-2021-26375 CVE-2021-26376 CVE-2021-26378 CVE-2021-26388 CVE-2021-46744 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for wpa_supplicant fixes the following issues: - CVE-2022-23303, CVE-2022-23304: Fixed SAE/EAP-pwd side-channel attacks (bsc#1194732, bsc#1194733) - CVE-2021-0326: Fixed P2P group information processing vulnerability (bsc#1181777) - Fix systemd device ready dependencies in wpa_supplicant@.service file. (bsc#1182805) - Limit P2P_DEVICE name to appropriate ifname size - Enable SAE support(jsc#SLE-14992). - Fix wicked wlan (bsc#1156920) - Change wpa_supplicant.service to ensure wpa_supplicant gets started before network. Fix WLAN config on boot with wicked. (bsc#1166933) - Adjust the service to start after network.target wrt bsc#1165266 Update to 2.9 release: * SAE changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * EAP-pwd changes - disable use of groups using Brainpool curves - allow the set of groups to be configured (eap_pwd_groups) - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * fixed FT-EAP initial mobility domain association using PMKSA caching (disabled by default for backwards compatibility; can be enabled with ft_eap_pmksa_caching=1) * fixed a regression in OpenSSL 1.1+ engine loading * added validation of RSNE in (Re)Association Response frames * fixed DPP bootstrapping URI parser of channel list * extended EAP-SIM/AKA fast re-authentication to allow use with FILS * extended ca_cert_blob to support PEM format * improved robustness of P2P Action frame scheduling * added support for EAP-SIM/AKA using anonymous@realm identity * fixed Hotspot 2.0 credential selection based on roaming consortium to ignore credentials without a specific EAP method * added experimental support for EAP-TEAP peer (RFC 7170) * added experimental support for EAP-TLS peer with TLS v1.3 * fixed a regression in WMM parameter configuration for a TDLS peer * fixed a regression in operation with drivers that offload 802.1X 4-way handshake * fixed an ECDH operation corner case with OpenSSL * SAE changes - added support for SAE Password Identifier - changed default configuration to enable only groups 19, 20, 21 (i.e., disable groups 25 and 26) and disable all unsuitable groups completely based on REVmd changes - do not regenerate PWE unnecessarily when the AP uses the anti-clogging token mechanisms - fixed some association cases where both SAE and FT-SAE were enabled on both the station and the selected AP - started to prefer FT-SAE over SAE AKM if both are enabled - started to prefer FT-SAE over FT-PSK if both are enabled - fixed FT-SAE when SAE PMKSA caching is used - reject use of unsuitable groups based on new implementation guidance in REVmd (allow only FFC groups with prime >= 3072 bits and ECC groups with prime >= 256) - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-1/] (CVE-2019-9494, bsc#1131868) * EAP-pwd changes - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-2/] (CVE-2019-9495, bsc#1131870) - verify server scalar/element [https://w1.fi/security/2019-4/] (CVE-2019-9497, CVE-2019-9498, CVE-2019-9499, bsc#1131874, bsc#1131872, bsc#1131871, bsc#1131644) - fix message reassembly issue with unexpected fragment [https://w1.fi/security/2019-5/] (CVE-2019-11555, bsc#1133640) - enforce rand,mask generation rules more strictly - fix a memory leak in PWE derivation - disallow ECC groups with a prime under 256 bits (groups 25, 26, and 27) - SAE/EAP-pwd side-channel attack update [https://w1.fi/security/2019-6/] (CVE-2019-13377, bsc#1144443) * fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y * Hotspot 2.0 changes - do not indicate release number that is higher than the one AP supports - added support for release number 3 - enable PMF automatically for network profiles created from credentials * fixed OWE network profile saving * fixed DPP network profile saving * added support for RSN operating channel validation (CONFIG_OCV=y and network profile parameter ocv=1) * added Multi-AP backhaul STA support * fixed build with LibreSSL * number of MKA/MACsec fixes and extensions * extended domain_match and domain_suffix_match to allow list of values * fixed dNSName matching in domain_match and domain_suffix_match when using wolfSSL * started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both are enabled * extended nl80211 Connect and external authentication to support SAE, FT-SAE, FT-EAP-SHA384 * fixed KEK2 derivation for FILS+FT * extended client_cert file to allow loading of a chain of PEM encoded certificates * extended beacon reporting functionality * extended D-Bus interface with number of new properties * fixed a regression in FT-over-DS with mac80211-based drivers * OpenSSL: allow systemwide policies to be overridden * extended driver flags indication for separate 802.1X and PSK 4-way handshake offload capability * added support for random P2P Device/Interface Address use * extended PEAP to derive EMSK to enable use with ERP/FILS * extended WPS to allow SAE configuration to be added automatically for PSK (wps_cred_add_sae=1) * removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS) * extended domain_match and domain_suffix_match to allow list of values * added a RSN workaround for misbehaving PMF APs that advertise IGTK/BIP KeyID using incorrect byte order * fixed PTK rekeying with FILS and FT * fixed WPA packet number reuse with replayed messages and key reinstallation [https://w1.fi/security/2017-1/] (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) * fixed unauthenticated EAPOL-Key decryption in wpa_supplicant [https://w1.fi/security/2018-1/] (CVE-2018-14526) * added support for FILS (IEEE 802.11ai) shared key authentication * added support for OWE (Opportunistic Wireless Encryption, RFC 8110; and transition mode defined by WFA) * added support for DPP (Wi-Fi Device Provisioning Protocol) * added support for RSA 3k key case with Suite B 192-bit level * fixed Suite B PMKSA caching not to update PMKID during each 4-way handshake * fixed EAP-pwd pre-processing with PasswordHashHash * added EAP-pwd client support for salted passwords * fixed a regression in TDLS prohibited bit validation * started to use estimated throughput to avoid undesired signal strength based roaming decision * MACsec/MKA: - new macsec_linux driver interface support for the Linux kernel macsec module - number of fixes and extensions * added support for external persistent storage of PMKSA cache (PMKSA_GET/PMKSA_ADD control interface commands; and MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case) * fixed mesh channel configuration pri/sec switch case * added support for beacon report * large number of other fixes, cleanup, and extensions * added support for randomizing local address for GAS queries (gas_rand_mac_addr parameter) * fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel * added option for using random WPS UUID (auto_uuid=1) * added SHA256-hash support for OCSP certificate matching * fixed EAP-AKA' to add AT_KDF into Synchronization-Failure * fixed a regression in RSN pre-authentication candidate selection * added option to configure allowed group management cipher suites (group_mgmt network profile parameter) * removed all PeerKey functionality * fixed nl80211 AP and mesh mode configuration regression with Linux 4.15 and newer * added ap_isolate configuration option for AP mode * added support for nl80211 to offload 4-way handshake into the driver * added support for using wolfSSL cryptographic library * SAE - added support for configuring SAE password separately of the WPA2 PSK/passphrase - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection for SAE; note: this is not backwards compatible, i.e., both the AP and station side implementations will need to be update at the same time to maintain interoperability - added support for Password Identifier - fixed FT-SAE PMKID matching * Hotspot 2.0 - added support for fetching of Operator Icon Metadata ANQP-element - added support for Roaming Consortium Selection element - added support for Terms and Conditions - added support for OSEN connection in a shared RSN BSS - added support for fetching Venue URL information * added support for using OpenSSL 1.1.1 * FT - disabled PMKSA caching with FT since it is not fully functional - added support for SHA384 based AKM - added support for BIP ciphers BIP-CMAC-256, BIP-GMAC-128, BIP-GMAC-256 in addition to previously supported BIP-CMAC-128 - fixed additional IE inclusion in Reassociation Request frame when using FT protocol - CVE-2015-8041: Using O_WRONLY flag [http://w1.fi/security/2015-5/] Important SUSE bug 1131644 SUSE bug 1131868 SUSE bug 1131870 SUSE bug 1131871 SUSE bug 1131872 SUSE bug 1131874 SUSE bug 1133640 SUSE bug 1144443 SUSE bug 1156920 SUSE bug 1165266 SUSE bug 1166933 SUSE bug 1167331 SUSE bug 1182805 SUSE bug 1194732 SUSE bug 1194733 CVE-2015-8041 CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 CVE-2018-14526 CVE-2019-11555 CVE-2019-13377 CVE-2019-9494 CVE-2019-9495 CVE-2019-9497 CVE-2019-9498 CVE-2019-9499 CVE-2022-23303 CVE-2022-23304 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for postgresql14 fixes the following issues: - CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes (bsc#1199475). Important SUSE bug 1199475 CVE-2022-1552 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for ImageMagick fixes the following issues: - CVE-2022-1270: Fixed a memory corruption issue when parsing MIFF files (bsc#1198351). - CVE-2022-28463: Fixed buffer overflow in coders/cin.c (bsc#1199350). Important SUSE bug 1198351 SUSE bug 1199350 CVE-2022-1270 CVE-2022-28463 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for mailman fixes the following issues: - CVE-2021-44227: Preventing list moderator or list member accessing the admin UI (bsc#1193316). - CVE-2021-43332: Preventing list moderator from cracking the list admin password encrypted in a CSRF token (bsc#1192741). - CVE-2021-43331: Fixed XSS in Cgi/options.py (bsc#1192735). - CVE-2021-42096: Add protection against remote privilege escalation via csrf_token derived from admin password (bsc#1191959). Important SUSE bug 1191959 SUSE bug 1192735 SUSE bug 1192741 SUSE bug 1193316 CVE-2021-42096 CVE-2021-43331 CVE-2021-43332 CVE-2021-44227 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for polkit fixes the following issues: - CVE-2021-4034: Fixed a local privilege escalation in pkexec (bsc#1194568). Important SUSE bug 1194568 CVE-2021-4034 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for librelp fixes the following issues: - CVE-2018-1000140: Fixed remote attack via specially crafted x509 certificates when connecting to rsyslog to trigger a stack buffer overflow and run arbitrary code (bsc#1086730). Moderate SUSE bug 1086730 CVE-2018-1000140 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.10.0 ESR (MFSA 2022-21)(bsc#1200027) - CVE-2022-31736: Cross-Origin resource's length leaked - CVE-2022-31737: Heap buffer overflow in WebGL - CVE-2022-31738: Browser window spoof using fullscreen mode - CVE-2022-31739: Attacker-influenced path traversal when saving downloaded files - CVE-2022-31740: Register allocation problem in WASM on arm64 - CVE-2022-31741: Uninitialized variable leads to invalid memory read - CVE-2022-31742: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information - CVE-2022-31747: Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10 Important SUSE bug 1200027 CVE-2022-31736 CVE-2022-31737 CVE-2022-31738 CVE-2022-31739 CVE-2022-31740 CVE-2022-31741 CVE-2022-31742 CVE-2022-31747 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for strongswan fixes the following issues: - CVE-2021-45079: Fixed authentication bypass in EAP authentication. (bsc#1194471) Important SUSE bug 1194471 CVE-2021-45079 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for mozilla-nss fixes the following issues: Mozilla NSS 3.68.4 (bsc#1200027) * CVE-2022-31741: Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590) Important SUSE bug 1200027 CVE-2022-31741 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for grub2 fixes the following issues: Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581) - CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184) - CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185) - CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186) - CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460) - CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493) - CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496) - Update SBAT security contact (bsc#1193282) - Bump grub's SBAT generation to 2 - Use boot disks in OpenFirmware, fixing regression caused when the root LV is completely in the boot LUN (bsc#1197948) Important SUSE bug 1191184 SUSE bug 1191185 SUSE bug 1191186 SUSE bug 1193282 SUSE bug 1197948 SUSE bug 1198460 SUSE bug 1198493 SUSE bug 1198496 SUSE bug 1198581 CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2022-28733 CVE-2022-28734 CVE-2022-28736 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for u-boot fixes the following issues: - A large buffer overflow could have lead to a denial of service in the IP Packet deframentation code. (CVE-2022-30552, bsc#1200363) - A Hole Descriptor Overwrite could have lead to an arbitrary out of bounds write primitive. (CVE-2022-30790, bsc#1200364) Important SUSE bug 1200363 SUSE bug 1200364 CVE-2022-30552 CVE-2022-30790 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS The SUSE Linux Enterprise 12 SP4 kernel was updated. The following security bugs were fixed: - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) - CVE-2021-39711: Fixed a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1197219). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012). - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647). - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2021-43389: Fixed an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958). - CVE-2019-20811: Fixed issue in rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, where a reference count is mishandled (bnc#1172456). - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055). - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c. (bnc#1198516) - CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723). - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343) The following non-security bugs were fixed: - btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399). - btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399). - debug: Lock down kgdb (bsc#1199426). - dimlib: make DIMLIB a hidden symbol (bsc#1197099 jsc#SLE-24124). - lib/dim: Fix -Wunused-const-variable warnings (bsc#1197099 jsc#SLE-24124). - lib/dim: fix help text typos (bsc#1197099 jsc#SLE-24124). - linux/dim: Add completions count to dim_sample (bsc#1197099 jsc#SLE-24124). - linux/dim: Fix overflow in dim calculation (bsc#1197099 jsc#SLE-24124). - linux/dim: Implement RDMA adaptive moderation (DIM) (bsc#1197099 jsc#SLE-24124). - linux/dim: Move implementation to .c files (bsc#1197099 jsc#SLE-24124). - linux/dim: Move logic to dim.h (bsc#1197099 jsc#SLE-24124). - linux/dim: Remove 'net' prefix from internal DIM members (bsc#1197099 jsc#SLE-24124). - linux/dim: Rename externally exposed macros (bsc#1197099 jsc#SLE-24124). - linux/dim: Rename externally used net_dim members (bsc#1197099 jsc#SLE-24124). - linux/dim: Rename net_dim_sample() to net_dim_update_sample() (bsc#1197099 jsc#SLE-24124). - net: ena: A typo fix in the file ena_com.h (bsc#1197099 jsc#SLE-24124). - net: ena: Add capabilities field with support for ENI stats capability (bsc#1197099 jsc#SLE-24124). - net: ena: add device distinct log prefix to files (bsc#1197099 jsc#SLE-24124). - net: ena: Add first_interrupt field to napi struct (bsc#1197099 jsc#SLE-24124). - net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it (bsc#1197099 jsc#SLE-24124). - net: ena: add jiffies of last napi call to stats (bsc#1197099 jsc#SLE-24124). - net: ena: add missing ethtool TX timestamping indication (bsc#1197099 jsc#SLE-24124). - net: ena: add reserved PCI device ID (bsc#1197099 jsc#SLE-24124). - net: ena: add support for reporting of packet drops (bsc#1197099 jsc#SLE-24124). - net: ena: add support for the rx offset feature (bsc#1197099 jsc#SLE-24124). - net: ena: add support for traffic mirroring (bsc#1197099 jsc#SLE-24124). - net: ena: add unmask interrupts statistics to ethtool (bsc#1197099 jsc#SLE-24124). - net: ena: aggregate stats increase into a function (bsc#1197099 jsc#SLE-24124). - net: ena: allow setting the hash function without changing the key (bsc#1197099 jsc#SLE-24124). - net: ena: avoid memory access violation by validating req_id properly (bsc#1197099 jsc#SLE-24124). - net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1197099 jsc#SLE-24124). - net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1197099 jsc#SLE-24124). - net: ena: Capitalize all log strings and improve code readability (bsc#1197099 jsc#SLE-24124). - net: ena: change default RSS hash function to Toeplitz (bsc#1197099 jsc#SLE-24124). - net: ena: Change ENI stats support check to use capabilities field (bsc#1197099 jsc#SLE-24124). - net: ena: Change license into format to SPDX in all files (bsc#1197099 jsc#SLE-24124). - net: ena: Change log message to netif/dev function (bsc#1197099 jsc#SLE-24124). - net: ena: change num_queues to num_io_queues for clarity and consistency (bsc#1197099 jsc#SLE-24124). - net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1197099 jsc#SLE-24124). - net: ena: Change RSS related macros and variables names (bsc#1197099 jsc#SLE-24124). - net: ena: Change the name of bad_csum variable (bsc#1197099 jsc#SLE-24124). - net: ena: changes to RSS hash key allocation (bsc#1197099 jsc#SLE-24124). - net: ena: clean up indentation issue (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: code reorderings (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: fix line break issues (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: fix spacing issues (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: minor code changes (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: remove unnecessary code (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1197099 jsc#SLE-24124). - net: ena: do not wake up tx queue when down (bsc#1197099 jsc#SLE-24124). - net: ena: drop superfluous prototype (bsc#1197099 jsc#SLE-24124). - net: ena: ena-com.c: prevent NULL pointer dereference (bsc#1197099 jsc#SLE-24124). - net: ena: enable support of rss hash key and function changes (bsc#1197099 jsc#SLE-24124). - net: ena: enable the interrupt_moderation in driver_supported_features (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: Add new device statistics (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: clean up minor indentation issue (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: get_channels: use combined only (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: remove redundant non-zero check on rc (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: support set_channels callback (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: use correct value for crc32 hash (bsc#1197099 jsc#SLE-24124). - net: ena: Fix all static chekers' warnings (bsc#1197099 jsc#SLE-24124). - net: ena: Fix build warning in ena_xdp_set() (bsc#1197099 jsc#SLE-24124). - net: ena: fix coding style nits (bsc#1197099 jsc#SLE-24124). - net: ena: fix continuous keep-alive resets (bsc#1197099 jsc#SLE-24124). - net: ena: fix corruption of dev_idx_to_host_tbl (bsc#1197099 jsc#SLE-24124). - net: ena: fix default tx interrupt moderation interval (bsc#1197099 jsc#SLE-24124). - net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1197099 jsc#SLE-24124). - net: ena: Fix error handling when calculating max IO queues number (bsc#1197099 jsc#SLE-24124). - net: ena: fix error returning in ena_com_get_hash_function() (bsc#1197099 jsc#SLE-24124). - net: ena: fix inaccurate print type (bsc#1197099 jsc#SLE-24124). - net: ena: fix incorrect default RSS key (bsc#1197099 jsc#SLE-24124). - net: ena: fix incorrect setting of the number of msix vectors (bsc#1197099 jsc#SLE-24124). - net: ena: fix incorrect update of intr_delay_resolution (bsc#1197099 jsc#SLE-24124). - net: ena: fix incorrectly saving queue numbers when setting RSS indirection table (bsc#1197099 jsc#SLE-24124). - net: ena: fix issues in setting interrupt moderation params in ethtool (bsc#1197099 jsc#SLE-24124). - net: ena: fix packet's addresses for rx_offset feature (bsc#1197099 jsc#SLE-24124). - net: ena: fix potential crash when rxfh key is NULL (bsc#1197099 jsc#SLE-24124). - net: ena: fix request of incorrect number of IRQ vectors (bsc#1197099 jsc#SLE-24124). - net: ena: fix retrieval of nonadaptive interrupt moderation intervals (bsc#1197099 jsc#SLE-24124). - net: ena: fix update of interrupt moderation register (bsc#1197099 jsc#SLE-24124). - net: ena: fix uses of round_jiffies() (bsc#1197099 jsc#SLE-24124). - net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1197099 jsc#SLE-24124). - net: ena: Fix wrong rx request id by resetting device (bsc#1197099 jsc#SLE-24124). - net: ena: handle bad request id in ena_netdev (bsc#1197099 jsc#SLE-24124). - net: ena: Improve error logging in driver (bsc#1197099 jsc#SLE-24124). - net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE (bsc#1197099 jsc#SLE-24124). - net: ena: make ethtool -l show correct max number of queues (bsc#1197099 jsc#SLE-24124). - net: ena: Make missed_tx stat incremental (bsc#1197099 jsc#SLE-24124). - net: ena: make symbol 'ena_alloc_map_page' static (bsc#1197099 jsc#SLE-24124). - net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1197099 jsc#SLE-24124). - net: ena: Move reset completion print to the reset function (bsc#1197099 jsc#SLE-24124). - net: ena: multiple queue creation related cleanups (bsc#1197099 jsc#SLE-24124). - net: ena: Prevent reset after device destruction (bsc#1197099 jsc#SLE-24124). - net: ena: re-organize code to improve readability (bsc#1197099 jsc#SLE-24124). - net: ena: reduce driver load time (bsc#1197099 jsc#SLE-24124). - net: ena: reimplement set/get_coalesce() (bsc#1197099 jsc#SLE-24124). - net: ena: remove all old adaptive rx interrupt moderation code from ena_com (bsc#1197099 jsc#SLE-24124). - net: ena: remove code duplication in ena_com_update_nonadaptive_moderation_interval _*() (bsc#1197099 jsc#SLE-24124). - net: ena: remove code that does nothing (bsc#1197099 jsc#SLE-24124). - net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1197099 jsc#SLE-24124). - net: ena: remove ena_restore_ethtool_params() and relevant fields (bsc#1197099 jsc#SLE-24124). - net: ena: remove extra words from comments (bsc#1197099 jsc#SLE-24124). - net: ena: Remove module param and change message severity (bsc#1197099 jsc#SLE-24124). - net: ena: remove old adaptive interrupt moderation code from ena_netdev (bsc#1197099 jsc#SLE-24124). - net: ena: remove redundant print of number of queues (bsc#1197099 jsc#SLE-24124). - net: ena: Remove redundant print of placement policy (bsc#1197099 jsc#SLE-24124). - net: ena: Remove redundant return code check (bsc#1197099 jsc#SLE-24124). - net: ena: remove set but not used variable 'hash_key' (bsc#1197099 jsc#SLE-24124). - net: ena: Remove unused code (bsc#1197099 jsc#SLE-24124). - net: ena: rename ena_com_free_desc to make API more uniform (bsc#1197099 jsc#SLE-24124). - net: ena: rss: do not allocate key when not supported (bsc#1197099 jsc#SLE-24124). - net: ena: rss: fix failure to get indirection table (bsc#1197099 jsc#SLE-24124). - net: ena: rss: store hash function as values and not bits (bsc#1197099 jsc#SLE-24124). - net: ena: Select DIMLIB for ENA_ETHERNET (bsc#1197099 jsc#SLE-24124). - net: ena: set initial DMA width to avoid intel iommu issue (bsc#1197099 jsc#SLE-24124). - net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1197099 jsc#SLE-24124). - net: ena: store values in their appropriate variables types (bsc#1197099 jsc#SLE-24124). - net: ena: support new LLQ acceleration mode (bsc#1197099 jsc#SLE-24124). - net: ena: switch to dim algorithm for rx adaptive interrupt moderation (bsc#1197099 jsc#SLE-24124). - net: ena: use constant value for net_device allocation (bsc#1197099 jsc#SLE-24124). - net: ena: Use dev_alloc() in RX buffer allocation (bsc#1197099 jsc#SLE-24124). - net: ena: use explicit variable size for clarity (bsc#1197099 jsc#SLE-24124). - net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1197099 jsc#SLE-24124). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - net: update net_dim documentation after rename (bsc#1197099 jsc#SLE-24124). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - powerpc/pseries: extract host bridge from pci_bus prior to bus removal (bsc#1182171 ltc#190900 bsc#1198660 ltc#197803). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729 bsc#1198660 ltc#197803). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825). - x86/pm: Save the MSR validity status at context setup (bsc#1114648). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1114648). Important SUSE bug 1028340 SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1114648 SUSE bug 1172456 SUSE bug 1182171 SUSE bug 1183723 SUSE bug 1187055 SUSE bug 1191647 SUSE bug 1191958 SUSE bug 1195651 SUSE bug 1196426 SUSE bug 1197099 SUSE bug 1197219 SUSE bug 1197343 SUSE bug 1198400 SUSE bug 1198516 SUSE bug 1198660 SUSE bug 1198687 SUSE bug 1198742 SUSE bug 1198825 SUSE bug 1199012 SUSE bug 1199063 SUSE bug 1199314 SUSE bug 1199399 SUSE bug 1199426 SUSE bug 1199505 SUSE bug 1199605 SUSE bug 1199650 CVE-2019-20811 CVE-2021-20292 CVE-2021-20321 CVE-2021-33061 CVE-2021-38208 CVE-2021-39711 CVE-2021-43389 CVE-2022-1011 CVE-2022-1353 CVE-2022-1419 CVE-2022-1516 CVE-2022-1652 CVE-2022-1734 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-30594 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for webkit2gtk3 fixes the following issues: Update to version 2.36.3 (bsc#1200106) - CVE-2022-30293: Fixed heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer (bsc#1199287). - CVE-2022-26700: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26709: Fixed use after free issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26716: Fixed use after free issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26717: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26719: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). Important SUSE bug 1199287 SUSE bug 1200106 CVE-2022-26700 CVE-2022-26709 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-30293 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for apache2 fixes the following issues: - CVE-2022-26377: Fixed possible request smuggling in mod_proxy_ajp (bsc#1200338) - CVE-2022-28614: Fixed read beyond bounds via ap_rwrite() (bsc#1200340) - CVE-2022-28615: Fixed read beyond bounds in ap_strcmp_match() (bsc#1200341) - CVE-2022-29404: Fixed denial of service in mod_lua r:parsebody (bsc#1200345) - CVE-2022-30556: Fixed information disclosure in mod_lua with websockets (bsc#1200350) - CVE-2022-30522: Fixed mod_sed denial of service (bsc#1200352) - CVE-2022-31813: Fixed mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism (bsc#1200348) Important SUSE bug 1200338 SUSE bug 1200340 SUSE bug 1200341 SUSE bug 1200345 SUSE bug 1200348 SUSE bug 1200350 SUSE bug 1200352 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 CVE-2022-31813 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for openssl-1_0_0 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). Important SUSE bug 1199166 CVE-2022-1292 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for log4j fixes the following issues: - CVE-2022-23307: Fix deserialization issue by removing the chainsaw sub-package. (bsc#1194844) - CVE-2022-23305: Fix SQL injection by removing src/main/java/org/apache/log4j/jdbc/JDBCAppender.java. (bsc#1194843) - CVE-2022-23302: Fix remote code execution by removing src/main/java/org/apache/log4j/net/JMSSink.java. (bsc#1194842) Important SUSE bug 1194842 SUSE bug 1194843 SUSE bug 1194844 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update fixes the following issues: golang-github-QubitProducts-exporter_exporter: - Adapted to build on Enterprise Linux. - Fix build for RedHat 7 - Require Go >= 1.14 also for CentOS - Add support for CentOS - Replace %{?systemd_requires} with %{?systemd_ordering} golang-github-prometheus-alertmanager: - CVE-2022-21698: Denial of service using InstrumentHandlerCounter. * Update vendor tarball with prometheus/client_golang 1.11.1 (bsc#1196338, jsc#SLE-24077) - Update required Go version to 1.16 - Update to version 0.23.0: * amtool: Detect version drift and warn users (#2672) * Add ability to skip TLS verification for amtool (#2663) * Fix empty isEqual in amtool. (#2668) * Fix main tests (#2670) * cli: add new template render command (#2538) * OpsGenie: refer to alert instead of incident (#2609) * Docs: target_match and source_match are DEPRECATED (#2665) * Fix test not waiting for cluster member to be ready - Added hardening to systemd service(s) (bsc#1181400) golang-github-prometheus-node_exporter: - CVE-2022-21698: Denial of service using InstrumentHandlerCounter. * Update vendor tarball with prometheus/client_golang 1.11.1 (bsc#1196338, jsc#SLE-24238, jsc#SLE-24239) - Update to 1.3.0 * [CHANGE] Add path label to rapl collector #2146 * [CHANGE] Exclude filesystems under /run/credentials #2157 * [CHANGE] Add TCPTimeouts to netstat default filter #2189 * [FEATURE] Add lnstat collector for metrics from /proc/net/stat/ #1771 * [FEATURE] Add darwin powersupply collector #1777 * [FEATURE] Add support for monitoring GPUs on Linux #1998 * [FEATURE] Add Darwin thermal collector #2032 * [FEATURE] Add os release collector #2094 * [FEATURE] Add netdev.address-info collector #2105 * [FEATURE] Add clocksource metrics to time collector #2197 * [ENHANCEMENT] Support glob textfile collector directories #1985 * [ENHANCEMENT] ethtool: Expose node_ethtool_info metric #2080 * [ENHANCEMENT] Use include/exclude flags for ethtool filtering #2165 * [ENHANCEMENT] Add flag to disable guest CPU metrics #2123 * [ENHANCEMENT] Add DMI collector #2131 * [ENHANCEMENT] Add threads metrics to processes collector #2164 * [ENHANCMMENT] Reduce timer GC delays in the Linux filesystem collector #2169 * [ENHANCMMENT] Add TCPTimeouts to netstat default filter #2189 * [ENHANCMMENT] Use SysctlTimeval for boottime collector on BSD #2208 * [BUGFIX] ethtool: Sanitize metric names #2093 * [BUGFIX] Fix ethtool collector for multiple interfaces #2126 * [BUGFIX] Fix possible panic on macOS #2133 * [BUGFIX] Collect flag_info and bug_info only for one core #2156 * [BUGFIX] Prevent duplicate ethtool metric names #2187 - Update to 1.2.2 * Bug fixes Fix processes collector long int parsing #2112 - Update to 1.2.1 * Removed Remove obsolete capture permission denied error patch that is already included upstream Fix zoneinfo parsing prometheus/procfs#386 Fix nvme collector log noise #2091 Fix rapl collector log noise #2092 - Update to 1.2.0 * Changes Rename filesystem collector flags to match other collectors #2012 Make node_exporter print usage to STDOUT #203 * Features Add conntrack statistics metrics #1155 Add ethtool stats collector #1832 Add flag to ignore network speed if it is unknown #1989 Add tapestats collector for Linux #2044 Add nvme collector #2062 * Enhancements Add ErrorLog plumbing to promhttp #1887 Add more Infiniband counters #2019 netclass: retrieve interface names and filter before parsing #2033 Add time zone offset metric #2060 Handle errors from disabled PSI subsystem #1983 Fix panic when using backwards compatible flags #2000 Fix wrong value for OpenBSD memory buffer cache #2015 Only initiate collectors once #2048 Handle small backwards jumps in CPU idle #2067 - Apply patch to capture permission denied error for 'energy_uj' file (bsc#1190535) grafana: - Update to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422) + Security: * Fixes XSS vulnerability in handling data sources (bsc#1195726, CVE-2022-21702) * Fixes cross-origin request forgery vulnerability (bsc#1195727, CVE-2022-21703) * Fixes Insecure Direct Object Reference vulnerability in Teams API (bsc#1195728, CVE-2022-21713) - Update to Go 1.17. - Add build-time dependency on `wire`. - Update license to GNU Affero General Public License v3.0. - Update to version 8.3.4 * GetUserInfo: return an error if no user was found (bsc#1194873, CVE-2022-21673) + Features and enhancements: * Alerting: Allow configuration of non-ready alertmanagers. * Alerting: Allow customization of Google chat message. * AppPlugins: Support app plugins with only default nav. * InfluxDB: query editor: skip fields in metadata queries. * Postgres/MySQL/MSSQL: Cancel in-flight SQL query if user cancels query in grafana. * Prometheus: Forward oauth tokens after prometheus datasource migration. + Bug fixes: * Azure Monitor: Bug fix for variable interpolations in metrics dropdowns. * Azure Monitor: Improved error messages for variable queries. * CloudMonitoring: Fixes broken variable queries that use group bys. * Configuration: You can now see your expired API keys if you have no active ones. * Elasticsearch: Fix handling multiple datalinks for a single field. * Export: Fix error being thrown when exporting dashboards using query variables that reference the default datasource. * ImportDashboard: Fixes issue with importing dashboard and name ending up in uid. * Login: Page no longer overflows on mobile. * Plugins: Set backend metadata property for core plugins. * Prometheus: Fill missing steps with null values. * Prometheus: Fix interpolation of $__rate_interval variable. * Prometheus: Interpolate variables with curly brackets syntax. * Prometheus: Respect the http-method data source setting. * Table: Fixes issue with field config applied to wrong fields when hiding columns. * Toolkit: Fix bug with rootUrls not being properly parsed when signing a private plugin. * Variables: Fix so data source variables are added to adhoc configuration. + Plugin development fixes & changes: * Toolkit: Revert build config so tslib is bundled with plugins to prevent plugins from crashing. - Update to version 8.3.3: * BarChart: Use new data error view component to show actions in panel edit. * CloudMonitor: Iterate over pageToken for resources. * Macaron: Prevent WriteHeader invalid HTTP status code panic. * AnnoListPanel: Fix interpolation of variables in tags. * CloudWatch: Allow queries to have no dimensions specified. * CloudWatch: Fix broken queries for users migrating from 8.2.4/8.2.5 to 8.3.0. * CloudWatch: Make sure MatchExact flag gets the right value. * Dashboards: Fix so that empty folders can be deleted from the manage dashboards/folders page. * InfluxDB: Improve handling of metadata query errors in InfluxQL. * Loki: Fix adding of ad hoc filters for queries with parser and line_format expressions. * Prometheus: Fix running of exemplar queries for non-histogram metrics. * Prometheus: Interpolate template variables in interval. * StateTimeline: Fix toolitp not showing when for frames with multiple fields. * TraceView: Fix virtualized scrolling when trace view is opened in right pane in Explore. * Variables: Fix repeating panels for on time range changed variables. * Variables: Fix so queryparam option works for scoped - Update to version 8.3.2 + Security: Fixes CVE-2021-43813 and CVE-2021-43815. - Update to version 8.3.1 + Security: Fixes CVE-2021-43798. - Update to version 8.3.0 * Alerting: Prevent folders from being deleted when they contain alerts. * Alerting: Show full preview value in tooltip. * BarGauge: Limit title width when name is really long. * CloudMonitoring: Avoid to escape regexps in filters. * CloudWatch: Add support for AWS Metric Insights. * TooltipPlugin: Remove other panels' shared tooltip in edit panel. * Visualizations: Limit y label width to 40% of visualization width. * Alerting: Clear alerting rule evaluation errors after intermittent failures. * Alerting: Fix refresh on legacy Alert List panel. * Dashboard: Fix queries for panels with non-integer widths. * Explore: Fix url update inconsistency. * Prometheus: Fix range variables interpolation for time ranges smaller than 1 second. * ValueMappings: Fixes issue with regex value mapping that only sets color. - Update to version 8.3.0-beta2 + Breaking changes: * Grafana 8 Alerting enabled by default for installations that do not use legacy alerting. * Keep Last State for 'If execution error or timeout' when upgrading to Grafana 8 alerting. * Alerting: Create DatasourceError alert if evaluation returns error. * Alerting: Make Unified Alerting enabled by default for those who do not use legacy alerting. * Alerting: Support mute timings configuration through the api for the embedded alert manager. * CloudWatch: Add missing AWS/Events metrics. * Docs: Add easier to find deprecation notices to certain data sources and to the changelog. * Plugins Catalog: Enable install controls based on the pluginAdminEnabled flag. * Table: Add space between values for the DefaultCell and JSONViewCell. * Tracing: Make query editors available in dashboard for Tempo and Zipkin. * AccessControl: Renamed orgs roles, removed fixed:orgs:reader introduced in beta1. * Azure Monitor: Add trap focus for modals in grafana/ui and other small a11y fixes for Azure Monitor. * CodeEditor: Prevent suggestions from being clipped. * Dashboard: Fix cache timeout persistence. * Datasource: Fix stable sort order of query responses. * Explore: Fix error in query history when removing last item. * Logs: Fix requesting of older logs when flipped order. * Prometheus: Fix running of health check query based on access mode. * TextPanel: Fix suggestions for existing panels. * Tracing: Fix incorrect indentations due to reoccurring spanIDs. * Tracing: Show start time of trace with milliseconds precision. * Variables: Make renamed or missing variable section expandable. * Select: Select menus now properly scroll during keyboard navigation. - Update to version 8.3.0-beta1 * Alerting: Add UI for contact point testing with custom annotations and labels. * Alerting: Make alert state indicator in panel header work with Grafana 8 alerts. * Alerting: Option for Discord notifier to use webhook name. * Annotations: Deprecate AnnotationsSrv. * Auth: Omit all base64 paddings in JWT tokens for the JWT auth. * Azure Monitor: Clean up fields when editing Metrics. * AzureMonitor: Add new starter dashboards. * AzureMonitor: Add starter dashboard for app monitoring with Application Insights. * Barchart/Time series: Allow x axis label. * CLI: Improve error handling for installing plugins. * CloudMonitoring: Migrate to use backend plugin SDK contracts. * CloudWatch Logs: Add retry strategy for hitting max concurrent queries. * CloudWatch: Add AWS RoboMaker metrics and dimension. * CloudWatch: Add AWS Transfer metrics and dimension. * Dashboard: replace datasource name with a reference object. * Dashboards: Show logs on time series when hovering. * Elasticsearch: Add support for Elasticsearch 8.0 (Beta). * Elasticsearch: Add time zone setting to Date Histogram aggregation. * Elasticsearch: Enable full range log volume histogram. * Elasticsearch: Full range logs volume. * Explore: Allow changing the graph type. * Explore: Show ANSI colors when highlighting matched words in the logs panel. * Graph(old) panel: Listen to events from Time series panel. * Import: Load gcom dashboards from URL. * LibraryPanels: Improves export and import of library panels between orgs. * OAuth: Support PKCE. * Panel edit: Overrides now highlight correctly when searching. * PanelEdit: Display drag indicators on draggable sections. * Plugins: Refactor Plugin Management. * Prometheus: Add custom query parameters when creating PromLink url. * Prometheus: Remove limits on metrics, labels, and values in Metrics Browser. * StateTimeline: Share cursor with rest of the panels. * Tempo: Add error details when json upload fails. * Tempo: Add filtering for service graph query. * Tempo: Add links to nodes in Service Graph pointing to Prometheus metrics. * Time series/Bar chart panel: Add ability to sort series via legend. * TimeSeries: Allow multiple axes for the same unit. * TraceView: Allow span links defined on dataFrame. * Transformations: Support a rows mode in labels to fields. * ValueMappings: Don't apply field config defaults to time fields. * Variables: Only update panels that are impacted by variable change. * API: Fix dashboard quota limit for imports. * Alerting: Fix rule editor issues with Azure Monitor data source. * Azure monitor: Make sure alert rule editor is not enabled when template variables are being used. * CloudMonitoring: Fix annotation queries. * CodeEditor: Trigger the latest getSuggestions() passed to CodeEditor. * Dashboard: Remove the current panel from the list of options in the Dashboard datasource. * Encryption: Fix decrypting secrets in alerting migration. * InfluxDB: Fix corner case where index is too large in ALIAS * NavBar: Order App plugins alphabetically. * NodeGraph: Fix zooming sensitivity on touchpads. * Plugins: Add OAuth pass-through logic to api/ds/query endpoint. * Snapshots: Fix panel inspector for snapshot data. * Tempo: Fix basic auth password reset on adding tag. * ValueMapping: Fixes issue with regex mappings. * grafana/ui: Enable slider marks display. - Update to version 8.2.7 - Update to version 8.2.6 * Security: Upgrade Docker base image to Alpine 3.14.3. * Security: Upgrade Go to 1.17.2. * TimeSeries: Fix fillBelowTo wrongly affecting fills of unrelated series. - Update to version 8.2.5 * Fix No Data behaviour in Legacy Alerting. * Alerting: Fix a bug where the metric in the evaluation string was not correctly populated. * Alerting: Fix no data behaviour in Legacy Alerting for alert rules using the AND operator. * CloudMonitoring: Ignore min and max aggregation in MQL queries. * Dashboards: 'Copy' is no longer added to new dashboard titles. * DataProxy: Fix overriding response body when response is a WebSocket upgrade. * Elasticsearch: Use field configured in query editor as field for date_histogram aggregations. * Explore: Fix running queries without a datasource property set. * InfluxDB: Fix numeric aliases in queries. * Plugins: Ensure consistent plugin settings list response. * Tempo: Fix validation of float durations. * Tracing: Correct tags for each span are shown. - Update to version 8.2.4 + Security: Fixes CVE-2021-41244. - Update to version 8.2.3 + Security: Fixes CVE-2021-41174. - Update to version 8.2.2 * Annotations: We have improved tag search performance. * Application: You can now configure an error-template title. * AzureMonitor: We removed a restriction from the resource filter query. * Packaging: We removed the ProcSubset option in systemd. This option prevented Grafana from starting in LXC environments. * Prometheus: We removed the autocomplete limit for metrics. * Table: We improved the styling of the type icons to make them more distinct from column / field name. * ValueMappings: You can now use value mapping in stat, gauge, bar gauge, and pie chart visualizations. * Alerting: Fix panic when Slack's API sends unexpected response. * Alerting: The Create Alert button now appears on the dashboard panel when you are working with a default datasource. * Explore: We fixed the problem where the Explore log panel disappears when an Elasticsearch logs query returns no results. * Graph: You can now see annotation descriptions on hover. * Logs: The system now uses the JSON parser only if the line is parsed to an object. * Prometheus: We fixed the issue where the system did not reuse TCP connections when querying from Grafana alerting. * Prometheus: We fixed the problem that resulted in an error when a user created a query with a $__interval min step. * RowsToFields: We fixed the issue where the system was not properly interpreting number values. * Scale: We fixed how the system handles NaN percent when data min = data max. * Table panel: You can now create a filter that includes special characters. - Update to version 8.2.1 * Dashboard: Fix rendering of repeating panels. * Datasources: Fix deletion of data source if plugin is not found. * Packaging: Remove systemcallfilters sections from systemd unit files. * Prometheus: Add Headers to HTTP client options. - Update to version 8.2.0 * AWS: Updated AWS authentication documentation. * Alerting: Added support Alertmanager data source for upstream Prometheus AM implementation. * Alerting: Allows more characters in label names so notifications are sent. * Alerting: Get alert rules for a dashboard or a panel using /api/v1/rules endpoints. * Annotations: Improved rendering performance of event markers. * CloudWatch Logs: Skip caching for log queries. * Explore: Added an opt-in configuration for Node Graph in Jaeger, Zipkin, and Tempo. * Packaging: Add stricter systemd unit options. * Prometheus: Metrics browser can now handle label values with * CodeEditor: Ensure that we trigger the latest onSave callback provided to the component. * DashboardList/AlertList: Fix for missing All folder value. * Plugins: Create a mock icon component to prevent console errors. - Update to version 8.2.0-beta2 * AccessControl: Document new permissions restricting data source access. * TimePicker: Add fiscal years and search to time picker. * Alerting: Added support for Unified Alerting with Grafana HA. * Alerting: Added support for tune rule evaluation using configuration options. * Alerting: Cleanups alertmanager namespace from key-value store when disabling Grafana 8 alerts. * Alerting: Remove ngalert feature toggle and introduce two new settings for enabling Grafana 8 alerts and disabling them for specific organisations. * CloudWatch: Introduced new math expression where it is necessary to specify the period field. * InfluxDB: Added support for $__interval and $__interval_ms in Flux queries for alerting. * InfluxDB: Flux queries can use more precise start and end timestamps with nanosecond-precision. * Plugins Catalog: Make the catalog the default way to interact with plugins. * Prometheus: Removed autocomplete limit for metrics. * Alerting: Fixed an issue where the edit page crashes if you tried to preview an alert without a condition set. * Alerting: Fixed rules migration to keep existing Grafana 8 alert rules. * Alerting: Fixed the silence file content generated during * Analytics: Fixed an issue related to interaction event propagation in Azure Application Insights. * BarGauge: Fixed an issue where the cell color was lit even though there was no data. * BarGauge: Improved handling of streaming data. * CloudMonitoring: Fixed INT64 label unmarshal error. * ConfirmModal: Fixes confirm button focus on modal open. * Dashboard: Add option to generate short URL for variables with values containing spaces. * Explore: No longer hides errors containing refId property. * Fixed an issue that produced State timeline panel tooltip error when data was not in sync. * InfluxDB: InfluxQL query editor is set to always use resultFormat. * Loki: Fixed creating context query for logs with parsed labels. * PageToolbar: Fixed alignment of titles. * Plugins Catalog: Update to the list of available panels after an install, update or uninstall. * TimeSeries: Fixed an issue where the shared cursor was not showing when hovering over in old Graph panel. * Variables: Fixed issues related to change of focus or refresh pages when pressing enter in a text box variable input. * Variables: Panel no longer crash when using the adhoc variable in data links. - Update to version 8.2.0-beta1 * AccessControl: Introduce new permissions to restrict access for reloading provisioning configuration. * Alerting: Add UI to edit Cortex/Loki namespace, group names, and group evaluation interval. * Alerting: Add a Test button to test contact point. * Alerting: Allow creating/editing recording rules for Loki and Cortex. * Alerting: Metrics should have the label org instead of user. * Alerting: Sort notification channels by name to make them easier to locate. * Alerting: Support org level isolation of notification * AzureMonitor: Add data links to deep link to Azure Portal Azure Resource Graph. * AzureMonitor: Add support for annotations from Azure Monitor Metrics and Azure Resource Graph services. * AzureMonitor: Show error message when subscriptions request fails in ConfigEditor. * Chore: Update to Golang 1.16.7. * CloudWatch Logs: Add link to X-Ray data source for trace IDs in logs. * CloudWatch Logs: Disable query path using websockets (Live) feature. * CloudWatch/Logs: Don't group dataframes for non time series * Cloudwatch: Migrate queries that use multiple stats to one query per stat. * Dashboard: Keep live timeseries moving left (v2). * Datasources: Introduce response_limit for datasource responses. * Explore: Add filter by trace or span ID to trace to logs * Explore: Download traces as JSON in Explore Inspector. * Explore: Reuse Dashboard's QueryRows component. * Explore: Support custom display label for derived fields buttons for Loki datasource. * Grafana UI: Update monaco-related dependencies. * Graphite: Deprecate browser access mode. * InfluxDB: Improve handling of intervals in alerting. * InfluxDB: InfluxQL query editor: Handle unusual characters in tag values better. * Jaeger: Add ability to upload JSON file for trace data. * LibraryElements: Enable specifying UID for new and existing library elements. * LibraryPanels: Remove library panel icon from the panel header so you can no longer tell that a panel is a library panel from the dashboard view. * Logs panel: Scroll to the bottom on page refresh when sorting in ascending order. * Loki: Add fuzzy search to label browser. * Navigation: Implement active state for items in the Sidemenu. * Packaging: Update PID file location from /var/run to /run. * Plugins: Add Hide OAuth Forward config option. * Postgres/MySQL/MSSQL: Add setting to limit the maximum number of rows processed. * Prometheus: Add browser access mode deprecation warning. * Prometheus: Add interpolation for built-in-time variables to backend. * Tempo: Add ability to upload trace data in JSON format. * TimeSeries/XYChart: Allow grid lines visibility control in XYChart and TimeSeries panels. * Transformations: Convert field types to time string number or boolean. * Value mappings: Add regular-expression based value mapping. * Zipkin: Add ability to upload trace JSON. * Admin: Prevent user from deleting user's current/active organization. * LibraryPanels: Fix library panel getting saved in the dashboard's folder. * OAuth: Make generic teams URL and JMES path configurable. * QueryEditor: Fix broken copy-paste for mouse middle-click * Thresholds: Fix undefined color in 'Add threshold'. * Timeseries: Add wide-to-long, and fix multi-frame output. * TooltipPlugin: Fix behavior of Shared Crosshair when Tooltip is set to All. * Grafana UI: Fix TS error property css is missing in type. - Update to version 8.1.8 - Update to version 8.1.7 * Alerting: Fix alerts with evaluation interval more than 30 seconds resolving before notification. * Elasticsearch/Prometheus: Fix usage of proper SigV4 service namespace. - Update to version 8.1.6 + Security: Fixes CVE-2021-39226. - Update to version 8.1.5 * BarChart: Fixes panel error that happens on second refresh. - Update to version 8.1.4 + Features and enhancements * Explore: Ensure logs volume bar colors match legend colors. * LDAP: Search all DNs for users. * Alerting: Fix notification channel migration. * Annotations: Fix blank panels for queries with unknown data sources. * BarChart: Fix stale values and x axis labels. * Graph: Make old graph panel thresholds work even if ngalert is enabled. * InfluxDB: Fix regex to identify / as separator. * LibraryPanels: Fix update issues related to library panels in rows. * Variables: Fix variables not updating inside a Panel when the preceding Row uses 'Repeat For'. - Update to version 8.1.3 + Bug fixes * Alerting: Fix alert flapping in the internal alertmanager. * Alerting: Fix request handler failed to convert dataframe 'results' to plugins.DataTimeSeriesSlice: input frame is not recognized as a time series. * Dashboard: Fix UIDs are not preserved when importing/creating dashboards thru importing .json file. * Dashboard: Forces panel re-render when exiting panel edit. * Dashboard: Prevent folder from changing when navigating to general settings. * Docker: Force use of libcrypto1.1 and libssl1.1 versions to fix CVE-2021-3711. * Elasticsearch: Fix metric names for alert queries. * Elasticsearch: Limit Histogram field parameter to numeric values. * Elasticsearch: Prevent pipeline aggregations to show up in terms order by options. * LibraryPanels: Prevent duplicate repeated panels from being created. * Loki: Fix ad-hoc filter in dashboard when used with parser. * Plugins: Track signed files + add warn log for plugin assets which are not signed. * Postgres/MySQL/MSSQL: Fix region annotations not displayed correctly. * Prometheus: Fix validate selector in metrics browser. * Security: Fix stylesheet injection vulnerability. * Security: Fix short URL vulnerability. - Update to version 8.1.2 * AzureMonitor: Add support for PostgreSQL and MySQL Flexible Servers. * Datasource: Change HTTP status code for failed datasource health check to 400. * Explore: Add span duration to left panel in trace viewer. * Plugins: Use file extension allowlist when serving plugin assets instead of checking for UNIX executable. * Profiling: Add support for binding pprof server to custom network interfaces. * Search: Make search icon keyboard navigable. * Template variables: Keyboard navigation improvements. * Tooltip: Display ms within minute time range. * Alerting: Fix saving LINE contact point. * Annotations: Fix alerting annotation coloring. * Annotations: Alert annotations are now visible in the correct Panel. * Auth: Hide SigV4 config UI and disable middleware when its config flag is disabled. * Dashboard: Prevent incorrect panel layout by comparing window width against theme breakpoints. * Explore: Fix showing of full log context. * PanelEdit: Fix 'Actual' size by passing the correct panel size to Dashboard. * Plugins: Fix TLS datasource settings. * Variables: Fix issue with empty drop downs on navigation. * Variables: Fix URL util converting false into true. * Toolkit: Fix matchMedia not found error. - Update to version 8.1.1 * CloudWatch Logs: Fix crash when no region is selected. - Update to version 8.1.0 * Alerting: Deduplicate receivers during migration. * ColorPicker: Display colors as RGBA. * Select: Make portalling the menu opt-in, but opt-in everywhere. * TimeRangePicker: Improve accessibility. * Annotations: Correct annotations that are displayed upon page refresh. * Annotations: Fix Enabled button that disappeared from Grafana v8.0.6. * Annotations: Fix data source template variable that was not available for annotations. * AzureMonitor: Fix annotations query editor that does not load. * Geomap: Fix scale calculations. * GraphNG: Fix y-axis autosizing. * Live: Display stream rate and fix duplicate channels in list * Loki: Update labels in log browser when time range changes in dashboard. * NGAlert: Send resolve signal to alertmanager on alerting -> Normal. * PasswordField: Prevent a password from being displayed when you click the Enter button. * Renderer: Remove debug.log file when Grafana is stopped. * Security: Update dependencies to fix CVE-2021-36222. - Update to version 8.1.0-beta3 * Alerting: Support label matcher syntax in alert rule list filter. * IconButton: Put tooltip text as aria-label. * Live: Experimental HA with Redis. * UI: FileDropzone component. * CloudWatch: Add AWS LookoutMetrics. * Docker: Fix builds by delaying go mod verify until all required files are copied over. * Exemplars: Fix disable exemplars only on the query that failed. * SQL: Fix SQL dataframe resampling (fill mode + time intervals). - Update to version 8.1.0-beta2 * Alerting: Expand the value string in alert annotations and * Auth: Add Azure HTTP authentication middleware. * Auth: Auth: Pass user role when using the authentication proxy. * Gazetteer: Update countries.json file to allow for linking to 3-letter country codes. * Config: Fix Docker builds by correcting formatting in sample.ini. * Explore: Fix encoding of internal URLs. - Update to version 8.1.0-beta1 * Alerting: Add Alertmanager notifications tab. * Alerting: Add button to deactivate current Alertmanager * Alerting: Add toggle in Loki/Prometheus data source configuration to opt out of alerting UI. * Alerting: Allow any 'evaluate for' value >=0 in the alert rule form. * Alerting: Load default configuration from status endpoint, if Cortex Alertmanager returns empty user configuration. * Alerting: view to display alert rule and its underlying data. * Annotation panel: Release the annotation panel. * Annotations: Add typeahead support for tags in built-in annotations. * AzureMonitor: Add curated dashboards for Azure services. * AzureMonitor: Add support for deep links to Microsoft Azure portal for Metrics. * AzureMonitor: Remove support for different credentials for Azure Monitor Logs. * AzureMonitor: Support querying any Resource for Logs queries. * Elasticsearch: Add frozen indices search support. * Elasticsearch: Name fields after template variables values instead of their name. * Elasticsearch: add rate aggregation. * Email: Allow configuration of content types for email notifications. * Explore: Add more meta information when line limit is hit. * Explore: UI improvements to trace view. * FieldOverrides: Added support to change display name in an override field and have it be matched by a later rule. * HTTP Client: Introduce dataproxy_max_idle_connections config variable. * InfluxDB: InfluxQL: adds tags to timeseries data. * InfluxDB: InfluxQL: make measurement search case insensitive. Legacy Alerting: Replace simplejson with a struct in webhook notification channel. * Legend: Updates display name for Last (not null) to just Last*. * Logs panel: Add option to show common labels. * Loki: Add $__range variable. * Loki: Add support for 'label_values(log stream selector, label)' in templating. * Loki: Add support for ad-hoc filtering in dashboard. * MySQL Datasource: Add timezone parameter. * NodeGraph: Show gradient fields in legend. * PanelOptions: Don't mutate panel options/field config object when updating. * PieChart: Make pie gradient more subtle to match other charts. * Prometheus: Update PromQL typeahead and highlighting. * Prometheus: interpolate variable for step field. * Provisioning: Improve validation by validating across all dashboard providers. * SQL Datasources: Allow multiple string/labels columns with time series. * Select: Portal select menu to document.body. * Team Sync: Add group mapping to support team sync in the Generic OAuth provider. * Tooltip: Make active series more noticeable. * Tracing: Add support to configure trace to logs start and end time. * Transformations: Skip merge when there is only a single data frame. * ValueMapping: Added support for mapping text to color, boolean values, NaN and Null. Improved UI for value mapping. * Visualizations: Dynamically set any config (min, max, unit, color, thresholds) from query results. * live: Add support to handle origin without a value for the port when matching with root_url. * Alerting: Handle marshaling Inf values. * AzureMonitor: Fix macro resolution for template variables. * AzureMonitor: Fix queries with Microsoft.NetApp/../../volumes resources. * AzureMonitor: Request and concat subsequent resource pages. * Bug: Fix parse duration for day. * Datasources: Improve error handling for error messages. * Explore: Correct the functionality of shift-enter shortcut across all uses. * Explore: Show all dataFrames in data tab in Inspector. * GraphNG: Fix Tooltip mode 'All' for XYChart. * Loki: Fix highlight of logs when using filter expressions with backticks. * Modal: Force modal content to overflow with scroll. * Plugins: Ignore symlinked folders when verifying plugin signature. * Toolkit: Improve error messages when tasks fail. - Update to version 8.0.7 - Update to version 8.0.6 * Alerting: Add annotation upon alert state change. * Alerting: Allow space in label and annotation names. * InfluxDB: Improve legend labels for InfluxDB query results. * Alerting: Fix improper alert by changing the handling of empty labels. * CloudWatch/Logs: Reestablish Cloud Watch alert behavior. * Dashboard: Avoid migration breaking on fieldConfig without defaults field in folded panel. * DashboardList: Fix issue not re-fetching dashboard list after variable change. * Database: Fix incorrect format of isolation level configuration parameter for MySQL. * InfluxDB: Correct tag filtering on InfluxDB data. * Links: Fix links that caused a full page reload. * Live: Fix HTTP error when InfluxDB metrics have an incomplete or asymmetrical field set. * Postgres/MySQL/MSSQL: Change time field to 'Time' for time series queries. * Postgres: Fix the handling of a null return value in query * Tempo: Show hex strings instead of uints for IDs. * TimeSeries: Improve tooltip positioning when tooltip overflows. * Transformations: Add 'prepare time series' transformer. - Update to version 8.0.5 * Cloudwatch Logs: Send error down to client. * Folders: Return 409 Conflict status when folder already exists. * TimeSeries: Do not show series in tooltip if it's hidden in the viz. * AzureMonitor: Fix issue where resource group name is missing on the resource picker button. * Chore: Fix AWS auth assuming role with workspace IAM. * DashboardQueryRunner: Fixes unrestrained subscriptions being * DateFormats: Fix reading correct setting key for use_browser_locale. * Links: Fix links to other apps outside Grafana when under sub path. * Snapshots: Fix snapshot absolute time range issue. * Table: Fix data link color. * Time Series: Fix X-axis time format when tick increment is larger than a year. * Tooltip Plugin: Prevent tooltip render if field is undefined. - Update to version 8.0.4 * Live: Rely on app url for origin check. * PieChart: Sort legend descending, update placeholder. * TimeSeries panel: Do not reinitialize plot when thresholds mode change. * Elasticsearch: Allow case sensitive custom options in date_histogram interval. * Elasticsearch: Restore previous field naming strategy when using variables. * Explore: Fix import of queries between SQL data sources. * InfluxDB: InfluxQL query editor: fix retention policy handling. * Loki: Send correct time range in template variable queries. * TimeSeries: Preserve RegExp series overrides when migrating from old graph panel. - Update to version 8.0.3 * Alerting: Increase alertmanager_conf column if MySQL. * Time series/Bar chart panel: Handle infinite numbers as nulls when converting to plot array. * TimeSeries: Ensure series overrides that contain color are migrated, and migrate the previous fieldConfig when changing the panel type. * ValueMappings: Improve singlestat value mappings migration. * Annotations: Fix annotation line and marker colors. * AzureMonitor: Fix KQL template variable queries without default workspace. * CloudWatch/Logs: Fix missing response data for log queries. * LibraryPanels: Fix crash in library panels list when panel plugin is not found. * LogsPanel: Fix performance drop when moving logs panel in * Loki: Parse log levels when ANSI coloring is enabled. * MSSQL: Fix issue with hidden queries still being executed. * PanelEdit: Display the VisualizationPicker that was not displayed if a panel has an unknown panel plugin. * Plugins: Fix loading symbolically linked plugins. * Prometheus: Fix issue where legend name was replaced with name Value in stat and gauge panels. * State Timeline: Fix crash when hovering over panel. - Update to version 8.0.2 * Datasource: Add support for max_conns_per_host in dataproxy settings. * Configuration: Fix changing org preferences in FireFox. * PieChart: Fix legend dimension limits. * Postgres/MySQL/MSSQL: Fix panic in concurrent map writes. * Variables: Hide default data source if missing from regex. - Update to version 8.0.1 * Alerting/SSE: Fix 'count_non_null' reducer validation. * Cloudwatch: Fix duplicated time series. * Cloudwatch: Fix missing defaultRegion. * Dashboard: Fix Dashboard init failed error on dashboards with old singlestat panels in collapsed rows. * Datasource: Fix storing timeout option as numeric. * Postgres/MySQL/MSSQL: Fix annotation parsing for empty * Postgres/MySQL/MSSQL: Numeric/non-string values are now returned from query variables. * Postgres: Fix an error that was thrown when the annotation query did not return any results. * StatPanel: Fix an issue with the appearance of the graph when switching color mode. * Visualizations: Fix an issue in the Stat/BarGauge/Gauge/PieChart panels where all values mode were showing the same name if they had the same value. * Toolkit: Resolve external fonts when Grafana is served from a sub path. - Update to version 8.0.0 * The following endpoints were deprecated for Grafana v5.0 and support for them has now been removed: GET /dashboards/db/:slug GET /dashboard-solo/db/:slug GET /api/dashboard/db/:slug DELETE /api/dashboards/db/:slug * AzureMonitor: Require default subscription for workspaces() template variable query. * AzureMonitor: Use resource type display names in the UI. * Dashboard: Remove support for loading and deleting dashboard by slug. * InfluxDB: Deprecate direct browser access in data source. * VizLegend: Add a read-only property. * AzureMonitor: Fix Azure Resource Graph queries in Azure China. * Checkbox: Fix vertical layout issue with checkboxes due to fixed height. * Dashboard: Fix Table view when editing causes the panel data to not update. * Dashboard: Fix issues where unsaved-changes warning is not displayed. * Login: Fixes Unauthorized message showing when on login page or snapshot page. * NodeGraph: Fix sorting markers in grid view. * Short URL: Include orgId in generated short URLs. * Variables: Support raw values of boolean type. - Update to version 8.0.0-beta3 * The default HTTP method for Prometheus data source is now POST. * API: Support folder UID in dashboards API. * Alerting: Add support for configuring avatar URL for the Discord notifier. * Alerting: Clarify that Threema Gateway Alerts support only Basic IDs. * Azure: Expose Azure settings to external plugins. * AzureMonitor: Deprecate using separate credentials for Azure Monitor Logs. * AzureMonitor: Display variables in resource picker for Azure * AzureMonitor: Hide application insights for data sources not using it. * AzureMonitor: Support querying subscriptions and resource groups in Azure Monitor Logs. * AzureMonitor: remove requirement for default subscription. * CloudWatch: Add Lambda@Edge Amazon CloudFront metrics. * CloudWatch: Add missing AWS AppSync metrics. * ConfirmModal: Auto focus delete button. * Explore: Add caching for queries that are run from logs * Loki: Add formatting for annotations. * Loki: Bring back processed bytes as meta information. * NodeGraph: Display node graph collapsed by default with trace view. * Overrides: Include a manual override option to hide something from visualization. * PieChart: Support row data in pie charts. * Prometheus: Update default HTTP method to POST for existing data sources. * Time series panel: Position tooltip correctly when window is scrolled or resized. * Admin: Fix infinite loading edit on the profile page. * Color: Fix issues with random colors in string and date * Dashboard: Fix issue with title or folder change has no effect after exiting settings view. * DataLinks: Fix an issue __series.name is not working in data link. * Datasource: Fix dataproxy timeout should always be applied for outgoing data source HTTP requests. * Elasticsearch: Fix NewClient not passing httpClientProvider to client impl. * Explore: Fix Browser title not updated on Navigation to Explore. * GraphNG: Remove fieldName and hideInLegend properties from UPlotSeriesBuilder. * OAuth: Fix fallback to auto_assign_org_role setting for Azure AD OAuth when no role claims exists. * PanelChrome: Fix issue with empty panel after adding a non data panel and coming back from panel edit. * StatPanel: Fix data link tooltip not showing for single value. * Table: Fix sorting for number fields. * Table: Have text underline for datalink, and add support for image datalink. * Transformations: Prevent FilterByValue transform from crashing panel edit. - Update to version 8.0.0-beta2 * AppPlugins: Expose react-router to apps. * AzureMonitor: Add Azure Resource Graph. * AzureMonitor: Managed Identity configuration UI. * AzureMonitor: Token provider with support for Managed Identities. * AzureMonitor: Update Logs workspace() template variable query to return resource URIs. * BarChart: Value label sizing. * CloudMonitoring: Add support for preprocessing. * CloudWatch: Add AWS/EFS StorageBytes metric. * CloudWatch: Allow use of missing AWS namespaces using custom * Datasource: Shared HTTP client provider for core backend data sources and any data source using the data source proxy. * InfluxDB: InfluxQL: allow empty tag values in the query editor. * Instrumentation: Instrument incoming HTTP request with histograms by default. * Library Panels: Add name endpoint & unique name validation to AddLibraryPanelModal. * Logs panel: Support details view. * PieChart: Always show the calculation options dropdown in the * PieChart: Remove beta flag. * Plugins: Enforce signing for all plugins. * Plugins: Remove support for deprecated backend plugin protocol version. * Tempo/Jaeger: Add better display name to legend. * Timeline: Add time range zoom. * Timeline: Adds opacity & line width option. * Timeline: Value text alignment option. * ValueMappings: Add duplicate action, and disable dismiss on backdrop click. * Zipkin: Add node graph view to trace response. * Annotations panel: Remove subpath from dashboard links. * Content Security Policy: Allow all image sources by default. * Content Security Policy: Relax default template wrt. loading of scripts, due to nonces not working. * Datasource: Fix tracing propagation for alert execution by introducing HTTP client outgoing tracing middleware. * InfluxDB: InfluxQL always apply time interval end. * Library Panels: Fixes 'error while loading library panels'. * NewsPanel: Fixes rendering issue in Safari. * PanelChrome: Fix queries being issued again when scrolling in and out of view. * Plugins: Fix Azure token provider cache panic and auth param nil value. * Snapshots: Fix key and deleteKey being ignored when creating an external snapshot. * Table: Fix issue with cell border not showing with colored background cells. * Table: Makes tooltip scrollable for long JSON values. * TimeSeries: Fix for Connected null values threshold toggle during panel editing. * Variables: Fixes inconsistent selected states on dashboard * Variables: Refreshes all panels even if panel is full screen. * QueryField: Remove carriage return character from pasted text. - Update to version 8.0.0-beta1 + License update: * AGPL License: Update license from Apache 2.0 to the GNU Affero General Public License (AGPL). * Removes the never refresh option for Query variables. * Removes the experimental Tags feature for Variables. + Deprecations: * The InfoBox & FeatureInfoBox are now deprecated please use the Alert component instead with severity info. * API: Add org users with pagination. * API: Return 404 when deleting nonexistent API key. * API: Return query results as JSON rather than base64 encoded Arrow. * Alerting: Allow sending notification tags to Opsgenie as extra properties. * Alerts: Replaces all uses of InfoBox & FeatureInfoBox with Alert. * Auth: Add support for JWT Authentication. * AzureMonitor: Add support for Microsoft.SignalRService/SignalR metrics. * AzureMonitor: Azure settings in Grafana server config. * AzureMonitor: Migrate Metrics query editor to React. * BarChart panel: enable series toggling via legend. * BarChart panel: Adds support for Tooltip in BarChartPanel. * PieChart panel: Change look of highlighted pie slices. * CloudMonitoring: Migrate config editor from angular to react. * CloudWatch: Add Amplify Console metrics and dimensions. * CloudWatch: Add missing Redshift metrics to CloudWatch data * CloudWatch: Add metrics for managed RabbitMQ service. * DashboardList: Enable templating on search tag input. * Datasource config: correctly remove single custom http header. * Elasticsearch: Add generic support for template variables. * Elasticsearch: Allow omitting field when metric supports inline script. * Elasticsearch: Allow setting a custom limit for log queries. * Elasticsearch: Guess field type from first non-empty value. * Elasticsearch: Use application/x-ndjson content type for multisearch requests. * Elasticsearch: Use semver strings to identify ES version. * Explore: Add logs navigation to request more logs. * Explore: Map Graphite queries to Loki. * Explore: Scroll split panes in Explore independently. * Explore: Wrap each panel in separate error boundary. * FieldDisplay: Smarter naming of stat values when visualising row values (all values) in stat panels. * Graphite: Expand metric names for variables. * Graphite: Handle unknown Graphite functions without breaking the visual editor. * Graphite: Show graphite functions descriptions. * Graphite: Support request cancellation properly (Uses new backendSrv.fetch Observable request API). * InfluxDB: Flux: Improve handling of complex response-structures. * InfluxDB: Support region annotations. * Inspector: Download logs for manual processing. * Jaeger: Add node graph view for trace. * Jaeger: Search traces. * Loki: Use data source settings for alerting queries. * NodeGraph: Exploration mode. * OAuth: Add support for empty scopes. * PanelChrome: New logic-less emotion based component with no dependency on PanelModel or DashboardModel. * PanelEdit: Adds a table view toggle to quickly view data in table form. * PanelEdit: Highlight matched words when searching options. * PanelEdit: UX improvements. * Plugins: PanelRenderer and simplified QueryRunner to be used from plugins. * Plugins: AuthType in route configuration and params interpolation. * Plugins: Enable plugin runtime install/uninstall capabilities. * Plugins: Support set body content in plugin routes. * Plugins: Introduce marketplace app. * Plugins: Moving the DataSourcePicker to grafana/runtime so it can be reused in plugins. * Prometheus: Add custom query params for alert and exemplars * Prometheus: Use fuzzy string matching to autocomplete metric names and label. * Routing: Replace Angular routing with react-router. * Slack: Use chat.postMessage API by default. * Tempo: Search for Traces by querying Loki directly from Tempo. * Tempo: Show graph view of the trace. * Themes: Switch theme without reload using global shortcut. * TimeSeries panel: Add support for shared cursor. * TimeSeries panel: Do not crash the panel if there is no time series data in the response. * Variables: Do not save repeated panels, rows and scopedVars. * Variables: Removes experimental Tags feature. * Variables: Removes the never refresh option. * Visualizations: Unify tooltip options across visualizations. * Visualizations: Refactor and unify option creation between new visualizations. * Visualizations: Remove singlestat panel. * APIKeys: Fixes issue with adding first api key. * Alerting: Add checks for non supported units - disable defaulting to seconds. * Alerting: Fix issue where Slack notifications won't link to user IDs. * Alerting: Omit empty message in PagerDuty notifier. * AzureMonitor: Fix migration error from older versions of App Insights queries. * CloudWatch: Fix AWS/Connect dimensions. * CloudWatch: Fix broken AWS/MediaTailor dimension name. * Dashboards: Allow string manipulation as advanced variable format option. * DataLinks: Includes harmless extended characters like Cyrillic characters. * Drawer: Fixes title overflowing its container. * Explore: Fix issue when some query errors were not shown. * Generic OAuth: Prevent adding duplicated users. * Graphite: Handle invalid annotations. * Graphite: Fix autocomplete when tags are not available. * InfluxDB: Fix Cannot read property 'length' of undefined in when parsing response. * Instrumentation: Enable tracing when Jaeger host and port are * Instrumentation: Prefix metrics with grafana. * MSSQL: By default let driver choose port. * OAuth: Add optional strict parsing of role_attribute_path. * Panel: Fixes description markdown with inline code being rendered on newlines and full width. * PanelChrome: Ignore data updates & errors for non data panels. * Permissions: Fix inherited folder permissions can prevent new permissions being added to a dashboard. * Plugins: Remove pre-existing plugin installs when installing with grafana-cli. * Plugins: Support installing to folders with whitespace and fix pluginUrl trailing and leading whitespace failures. * Postgres/MySQL/MSSQL: Don't return connection failure details to the client. * Postgres: Fix ms precision of interval in time group macro when TimescaleDB is enabled. * Provisioning: Use dashboard checksum field as change indicator. * SQL: Fix so that all captured errors are returned from sql engine. * Shortcuts: Fixes panel shortcuts so they always work. * Table: Fixes so border is visible for cells with links. * Variables: Clear query when data source type changes. * Variables: Filters out builtin variables from unknown list. * Button: Introduce buttonStyle prop. * DataQueryRequest: Remove deprecated props showingGraph and showingTabel and exploreMode. * grafana/ui: Update React Hook Form to v7. * IconButton: Introduce variant for red and blue icon buttons. * Plugins: Expose the getTimeZone function to be able to get the current selected timeZone. * TagsInput: Add className to TagsInput. * VizLegend: Move onSeriesColorChanged to PanelContext (breaking change). - Update to version 7.5.13 * Alerting: Fix NoDataFound for alert rules using AND operator. mgr-cfg: - Version 4.3.6-1 * Corrected source URL in spec file * Fix installation problem for SLE15SP4 due missing python-selinux * Fix python selinux package name depending on build target (bsc#1193600) * Do not build python 2 package for SLE15SP4 and higher * Remove unused legacy code mgr-custom-info: - Version 4.3.3-1 * Remove unused legacy code mgr-daemon: - Version 4.3.4-1 * Corrected source URLs in spec file * Update translation strings mgr-osad: - Version 4.3.6-1 * Corrected source URL in spec file. * Do not build python 2 package for SLE15SP4 and higher * Removed spacewalk-selinux dependencies. * Updated source url. mgr-push: - Version 4.3.4-1 * Corrected source URLs in spec file mgr-virtualization: - Version 4.3.5-1 * Corrected source URLs in spec file. * Do not build python 2 package for SLE15SP4 and higher prometheus-blackbox_exporter: - Enhanced to build on Enterprise Linux 8 prometheus-postgres_exporter: - Updated for RHEL8. python-hwdata: - Require python macros for building rhnlib: - Version 4.3.4-1 * Reorganize python files spacecmd: - Version 4.3.11-1 * on full system update call schedulePackageUpdate API (bsc#1197507) * parse boolean paramaters correctly (bsc#1197689) * Add parameter to set containerized proxy SSH port * Add proxy config generation subcommand * Option 'org_createfirst' added to perform initial organization and user creation * Added gettext build requirement for RHEL. * Removed RHEL 5 references. * Include group formulas configuration in spacecmd group_backup and spacecmd group_restore. This changes backup format to json, previously used plain text is still supported for reading (bsc#1190462) * Update translation strings * Improved event history listing and added new system_eventdetails command to retrieve the details of an event * Make schedule_deletearchived to get all actions without display limit * Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223) spacewalk-client-tools: - Version 4.3.9-1 * Corrected source URLs in spec file. * do not build python 2 package for SLE15 * Remove unused legacy code * Update translation strings spacewalk-koan: - Version 4.3.5-1 * Corrected source URLs in spec file. spacewalk-oscap: - Version 4.3.5-1 * Corrected source URLs in spec file. * Do not build python 2 package for SLE15SP4 and higher spacewalk-remote-utils: - Version 4.3.3-1 * Adapt the package for changes in rhnlib supportutils-plugin-susemanager-client: - Version 4.3.2-1 * Add proxy containers config and logs suseRegisterInfo: - Version 4.3.3-1 * Bump version to 4.3.0 supportutils-plugin-salt: - Add support for Salt Bundle uyuni-common-libs: - Version 4.3.4-1 * implement more decompression algorithms for reposync (bsc#1196704) * Reorganize python files * Add decompression of zck files to fileutils Important SUSE bug 1181223 SUSE bug 1181400 SUSE bug 1190462 SUSE bug 1190535 SUSE bug 1193600 SUSE bug 1194873 SUSE bug 1195726 SUSE bug 1195727 SUSE bug 1195728 SUSE bug 1196338 SUSE bug 1196704 SUSE bug 1197507 SUSE bug 1197689 CVE-2021-36222 CVE-2021-3711 CVE-2021-39226 CVE-2021-41174 CVE-2021-41244 CVE-2021-43798 CVE-2021-43813 CVE-2021-43815 CVE-2022-21673 CVE-2022-21698 CVE-2022-21702 CVE-2022-21703 CVE-2022-21713 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update of fwupdate fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Important SUSE bug 1198581 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for mariadb fixes the following issues: - CVE-2021-46669 (bsc#1199928) - CVE-2022-21427 (bsc#1199928) - CVE-2022-27377 (bsc#1198603) - CVE-2022-27378 (bsc#1198604) - CVE-2022-27380 (bsc#1198606) - CVE-2022-27381 (bsc#1198607) - CVE-2022-27383 (bsc#1198610) - CVE-2022-27384 (bsc#1198611) - CVE-2022-27386 (bsc#1198612) - CVE-2022-27387 (bsc#1198613) - CVE-2022-27445 (bsc#1198629) Important SUSE bug 1198603 SUSE bug 1198604 SUSE bug 1198606 SUSE bug 1198607 SUSE bug 1198610 SUSE bug 1198611 SUSE bug 1198612 SUSE bug 1198613 SUSE bug 1198629 SUSE bug 1199928 CVE-2021-46669 CVE-2022-21427 CVE-2022-27377 CVE-2022-27378 CVE-2022-27380 CVE-2022-27381 CVE-2022-27383 CVE-2022-27384 CVE-2022-27386 CVE-2022-27387 CVE-2022-27445 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for python3 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). Important SUSE bug 1070738 SUSE bug 1198511 SUSE bug 1199441 CVE-2015-20107 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for openssl fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) Moderate SUSE bug 1200550 CVE-2022-2068 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) Moderate SUSE bug 1185637 SUSE bug 1199166 SUSE bug 1200550 CVE-2022-1292 CVE-2022-2068 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update of oracleasm fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Important SUSE bug 1198581 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for python fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). Important SUSE bug 1198511 CVE-2015-20107 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update of dpdk fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Important SUSE bug 1198581 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 91.11.0 ESR (MFSA 2022-25) (bsc#1200793): - CVE-2022-2200: Undesired attributes could be set as part of prototype pollution (bmo#1771381) - CVE-2022-31744: CSP bypass enabling stylesheet injection (bmo#1757604) - CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI (bmo#1768537) - CVE-2022-34470: Use-after-free in nsSHistory (bmo#1765951) - CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being blocked (bmo#1770123) - CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a prompt (bmo#1773717) - CVE-2022-34479: A popup window could be resized in a way to overlay the address bar with web content (bmo#1745595) - CVE-2022-34481: Potential integer overflow in ReplaceElementsAt (bmo#1497246) - CVE-2022-34484: Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11 (bmo#1763634, bmo#1772651) Important SUSE bug 1200793 CVE-2022-2200 CVE-2022-31744 CVE-2022-34468 CVE-2022-34470 CVE-2022-34472 CVE-2022-34478 CVE-2022-34479 CVE-2022-34481 CVE-2022-34484 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). Important SUSE bug 1201099 CVE-2022-2097 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update of crash fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Important SUSE bug 1198581 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for rsyslog fixes the following issues: - CVE-2022-24903: fix potential heap buffer overflow in modules for TCP syslog reception (bsc#1199061) Important SUSE bug 1199061 CVE-2022-24903 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) Important SUSE bug 1199232 CVE-2022-1586 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for xorg-x11-server fixes the following issues: - CVE-2022-2319: Fixed out-of-bounds access in _CheckSetSections() (ZDI-CAN-16062) (bsc#1194179). - CVE-2022-2320: Fixed out-of-bounds access in CheckSetDeviceIndicators() (ZDI-CAN-16070) (bsc#1194181). Important SUSE bug 1194179 SUSE bug 1194181 CVE-2022-2319 CVE-2022-2320 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for squid fixes the following issues: - CVE-2020-25097: Fixed HTTP Request Smuggling (bsc#1183436) - CVE-2021-28651: Fixed DoS in URN processing (bsc#1185921) - CVE-2021-46784: Fixed DoS when processing gopher server responses (bsc#1200907) Important SUSE bug 1183436 SUSE bug 1185921 SUSE bug 1200907 CVE-2020-25097 CVE-2021-28651 CVE-2021-46784 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bsc#1177282) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space (bsc#1200144). - CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux kernel by simulating nfc device from user-space (bsc#1200143). - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1184: Fixed a use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (bsc#1198577). - CVE-2022-21499: Lock down kgdb to prohibit secure-boot bypass (bsc#1199426). - CVE-2019-19377: Fixed a user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image (bsc#1158266). The following non-security bugs were fixed: - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - exec: Force single empty string when argv is empty (bsc#1200571). Important SUSE bug 1158266 SUSE bug 1162338 SUSE bug 1162369 SUSE bug 1173871 SUSE bug 1177282 SUSE bug 1194013 SUSE bug 1196901 SUSE bug 1198577 SUSE bug 1199426 SUSE bug 1199487 SUSE bug 1199507 SUSE bug 1199657 SUSE bug 1200059 SUSE bug 1200143 SUSE bug 1200144 SUSE bug 1200249 SUSE bug 1200571 SUSE bug 1200599 SUSE bug 1200604 SUSE bug 1200605 SUSE bug 1200608 SUSE bug 1200619 SUSE bug 1200692 SUSE bug 1200762 SUSE bug 1201050 SUSE bug 1201080 SUSE bug 1201251 CVE-2019-19377 CVE-2020-26541 CVE-2021-26341 CVE-2021-4157 CVE-2022-1184 CVE-2022-1679 CVE-2022-1729 CVE-2022-1974 CVE-2022-1975 CVE-2022-20132 CVE-2022-20141 CVE-2022-20154 CVE-2022-21499 CVE-2022-2318 CVE-2022-26365 CVE-2022-29900 CVE-2022-29901 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33981 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for webkit2gtk3 fixes the following issues: Update to version 2.36.4 (bsc#1201221): - CVE-2022-22662: Processing maliciously crafted web content may disclose sensitive user information. - CVE-2022-22677: The video in a webRTC call may be interrupted if the audio capture gets interrupted. - CVE-2022-26710: Processing maliciously crafted web content may lead to arbitrary code execution. Important SUSE bug 1201221 CVE-2022-22662 CVE-2022-22677 CVE-2022-26710 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for python-M2Crypto fixes the following issues: - CVE-2020-25657: Fixed Bleichenbacher timing attacks in the RSA decryption API (bsc#1178829). Important SUSE bug 1178829 CVE-2020-25657 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225). Important SUSE bug 1201225 CVE-2022-34903 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u332 - April 2022 CPU (icedtea-3.23.0) - CVE-2022-21426: Better XPath expression handling (bsc#1198672) - CVE-2022-21443: Improved Object Identification (bsc#1198675) - CVE-2022-21434: Better invocation handler handling (bsc#1198674) - CVE-2022-21476: Improve Santuario processing (bsc#1198671) - CVE-2022-21496: Improve URL supports (bsc#1198673) And further Security fixes, Import of OpenJDK 8 u332, Backports and Bug fixes. Important SUSE bug 1198671 SUSE bug 1198672 SUSE bug 1198673 SUSE bug 1198674 SUSE bug 1198675 CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21476 CVE-2022-21496 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to fix various issues: FIPS 140-3 enablement patches were backported from SUSE Linux Enterprise 15. - FIPS: add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980). - FIPS: mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298). - FISP: remove hard disabling of unapproved algorithms. This requirement is now fulfilled by the service level indicator (bsc#1200325). Version update to NSS 3.79 - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls. - Update mercurial in clang-format docker image. - Use of uninitialized pointer in lg_init after alloc fail. - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo. - Add SECMOD_LockedModuleHasRemovableSlots. - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP. - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts. - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version. - Correct invalid record inner and outer content type alerts. - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding. - improve error handling after nssCKFWInstance_CreateObjectHandle. - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. - NSS 3.79 should depend on NSPR 4.34 Update to NSS 3.78.1 - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple update to NSS 3.78 - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests. - Reworked overlong record size checks and added TLS1.3 specific boundaries. - Add ECH Grease Support to tstclnt - Add a strict variant of moz::pkix::CheckCertHostname. - Change SSL_REUSE_SERVER_ECDHE_KEY default to false. - Make SEC_PKCS12EnableCipher succeed - Update zlib in NSS to 1.2.12. Update to NSS 3.77: - resolve mpitests build failure on Windows. - Fix link to TLS page on wireshark wiki - Add two D-TRUST 2020 root certificates. - Add Telia Root CA v2 root certificate. - Remove expired explicitly distrusted certificates from certdata.txt. - support specific RSA-PSS parameters in mozilla::pkix - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. - Remove token member from NSSSlot struct. - Provide secure variants of mpp_pprime and mpp_make_prime. - Support UTF-8 library path in the module spec string. - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. - Add a CI Target for gcc-11. - Change to makefiles for gcc-4.8. - Update googletest to 1.11.0 - Add SetTls13GreaseEchSize to experimental API. - TLS 1.3 Illegal legacy_version handling/alerts. - Fix calculation of ECH HRR Transcript. - Allow ld path to be set as environment variable. - Ensure we don't read uninitialized memory in ssl gtests. - Fix DataBuffer Move Assignment. - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 - rework signature verification in mozilla::pkix update to NSS 3.76.1 - Remove token member from NSSSlot struct. NSS 3.76 - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. - Check return value of PK11Slot_GetNSSToken. - Use Wycheproof JSON for RSASSA-PSS - Add SHA256 fingerprint comments to old certdata.txt entries. - Avoid truncating files in nss-release-helper.py. - Throw illegal_parameter alert for illegal extensions in handshake message. update to NSS 3.75 - Make DottedOIDToCode.py compatible with python3. - Avoid undefined shift in SSL_CERT_IS while fuzzing. - Remove redundant key type check. - Update ABI expectations to match ECH changes. - Enable CKM_CHACHA20. - check return on NSS_NoDB_Init and NSS_Shutdown. - real move assignment operator. - Run ECDSA test vectors from bltest as part of the CI tests. - Add ECDSA test vectors to the bltest command line tool. - Allow to build using clang's integrated assembler. - Allow to override python for the build. - test HKDF output rather than input. - Use ASSERT macros to end failed tests early. - move assignment operator for DataBuffer. - Add test cases for ECH compression and unexpected extensions in SH. - Update tests for ECH-13. - Tidy up error handling. - Add tests for ECH HRR Changes. - Server only sends GREASE HRR extension if enabled by preference. - Update generation of the Associated Data for ECH-13. - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello. - Allow for compressed, non-contiguous, extensions. - Scramble the PSK extension in CHOuter. - Split custom extension handling for ECH. - Add ECH-13 HRR Handling. - Client side ECH padding. - Stricter ClientHelloInner Decompression. - Remove ECH_inner extension, use new enum format. - Update the version number for ECH-13 and adjust the ECHConfig size. Update to NSS 3.74: - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses - Ensure clients offer consistent ciphersuites after HRR - NSS does not properly restrict server keys based on policy - Set nssckbi version number to 2.54 - Replace Google Trust Services LLC (GTS) R4 root certificate - Replace Google Trust Services LLC (GTS) R3 root certificate - Replace Google Trust Services LLC (GTS) R2 root certificate - Replace Google Trust Services LLC (GTS) R1 root certificate - Replace GlobalSign ECC Root CA R4 - Remove Expired Root Certificates - DST Root CA X3 - Remove Expiring Cybertrust Global Root and GlobalSign root certificates - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate - Add iTrusChina ECC root certificate - Add iTrusChina RSA root certificate - Add ISRG Root X2 root certificate - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate - Avoid a clang 13 unused variable warning in opt build - Check for missing signedData field - Ensure DER encoded signatures are within size limits - enable key logging option (bsc#1195040) Update to NSS 3.73.1: - Add SHA-2 support to mozilla::pkix's OSCP implementation Update to NSS 3.73 - check for missing signedData field. - Ensure DER encoded signatures are within size limits. - NSS needs FiPS 140-3 version indicators. - pkix_CacheCert_Lookup doesn't return cached certs - sunset Coverity from NSS MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures Update to NSS 3.72 - Fix nsinstall parallel failure. - Increase KDF cache size to mitigate perf regression in about:logins Update to NSS 3.71 - Set nssckbi version number to 2.52. - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py - Import of PKCS#12 files with Camellia encryption is not supported - Add HARICA Client ECC Root CA 2021. - Add HARICA Client RSA Root CA 2021. - Add HARICA TLS ECC Root CA 2021. - Add HARICA TLS RSA Root CA 2021. - Add TunTrust Root CA certificate to NSS. update to NSS 3.70 - Update test case to verify fix. - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback - Avoid using a lookup table in nssb64d. - Use HW accelerated SHA2 on AArch64 Big Endian. - Change default value of enableHelloDowngradeCheck to true. - Cache additional PBE entries. - Read HPKE vectors from official JSON. Update to NSS 3.69.1 - Disable DTLS 1.0 and 1.1 by default - integrity checks in key4.db not happening on private components with AES_CBC NSS 3.69 - Disable DTLS 1.0 and 1.1 by default (backed out again) - integrity checks in key4.db not happening on private components with AES_CBC (backed out again) - SSL handling of signature algorithms ignores environmental invalid algorithms. - sqlite 3.34 changed it's open semantics, causing nss failures. - Gtest update changed the gtest reports, losing gtest details in all.sh reports. - NSS incorrectly accepting 1536 bit DH primes in FIPS mode - SQLite calls could timeout in starvation situations. - Coverity/cpp scanner errors found in nss 3.67 - Import the NSS documentation from MDN in nss/doc. - NSS using a tempdir to measure sql performance not active - FIPS: scan LD_LIBRARY_PATH for external libraries to be checksummed. - Run test suite at build time, and make it pass (bsc#1198486). - Enable FIPS during test certificate creation and disables the library checksum validation during same. - FIPS: allow checksumming to be disabled, but only if we entered FIPS mode due to NSS_FIPS being set, not if it came from /proc. - FIPS: This makes the PBKDF known answer test compliant with NIST SP800-132. - FIPS: update validation string to version-release format. (bsc#1192079). - FIPS: remove XCBC MAC from list of FIPS approved algorithms. - Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build. - FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080). - FIPS: allow testing of unapproved algorithms (bsc#1192228). - FIPS: adds FIPS version indicators. (bmo#1729550, bsc#1192086). - FIPS: Add CSP clearing (bmo#1697303, bsc#1192087). mozilla-nspr was updated to version 4.34: * add an API that returns a preferred loopback IP on hosts that have two IP stacks available. update to 4.33: * fixes to build system and export of private symbols Moderate SUSE bug 1191546 SUSE bug 1192079 SUSE bug 1192080 SUSE bug 1192086 SUSE bug 1192087 SUSE bug 1192228 SUSE bug 1193170 SUSE bug 1195040 SUSE bug 1198486 SUSE bug 1198980 SUSE bug 1200325 SUSE bug 1201298 CVE-2021-43527 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for git fixes the following issues: - CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree (bsc#1201431). - Allow to opt-out from the check added in the security fix for CVE-2022-24765 (bsc#1200119) Important SUSE bug 1200119 SUSE bug 1201431 CVE-2022-29187 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for java-1_7_1-ibm fixes the following issues: Update to Java 7.1 Service Refresh 5 Fix Pack 10 (bsc#1201643), including fixes for: - CVE-2022-21476 (bsc#1198671), CVE-2022-21449 (bsc#1198670), CVE-2022-21496 (bsc#1198673), CVE-2022-21434 (bsc#1198674), CVE-2022-21426 (bsc#1198672), CVE-2022-21443 (bsc#1198675), CVE-2021-35561 (bsc#1191912), CVE-2022-21299 (bsc#1194931). Important SUSE bug 1191912 SUSE bug 1194931 SUSE bug 1198670 SUSE bug 1198671 SUSE bug 1198672 SUSE bug 1198673 SUSE bug 1198674 SUSE bug 1198675 SUSE bug 1201643 CVE-2021-35561 CVE-2022-21299 CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21449 CVE-2022-21476 CVE-2022-21496 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 7 Fix Pack 10 (bsc#1201643), including fixes for: - CVE-2022-21476 (bsc#1198671), CVE-2022-21449 (bsc#1198670), CVE-2022-21496 (bsc#1198673), CVE-2022-21434 (bsc#1198674), CVE-2022-21426 (bsc#1198672), CVE-2022-21443 (bsc#1198675), CVE-2021-35561 (bsc#1191912), CVE-2022-21299 (bsc#1194931). Important SUSE bug 1191912 SUSE bug 1194931 SUSE bug 1198670 SUSE bug 1198671 SUSE bug 1198672 SUSE bug 1198673 SUSE bug 1198674 SUSE bug 1198675 SUSE bug 1201643 CVE-2021-35561 CVE-2022-21299 CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21449 CVE-2022-21476 CVE-2022-21496 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for xen fixes the following issues: - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966). - CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549). - CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965). - CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394). - CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469). Important SUSE bug 1199965 SUSE bug 1199966 SUSE bug 1200549 SUSE bug 1201394 SUSE bug 1201469 CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-23816 CVE-2022-23825 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVE-2022-29900 CVE-2022-33745 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for pcre2 fixes the following issues: - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). Important SUSE bug 1199235 CVE-2022-1587 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for samba fixes the following issues: - CVE-2022-32742: Fixed incorrect length check in SMB1write, SMB1write_and_close, SMB1write_and_unlock (bsc#1201496). Moderate SUSE bug 1201496 CVE-2022-32742 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.12.0 ESR (bsc#1201758): - CVE-2022-36319: Mouse Position spoofing with CSS transforms - CVE-2022-36318: Directory indexes for bundled resources reflected URL parameters Important SUSE bug 1201758 CVE-2022-36318 CVE-2022-36319 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for dovecot22 fixes the following issues: - CVE-2022-30550: Fixed privilege escalation in dovecot when similar master and non-master passdbs are used (bsc#1201267). Important SUSE bug 1201267 CVE-2022-30550 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for qpdf fixes the following issues: - CVE-2022-34503: Fixed a heap buffer overflow via the function QPDF::processXRefStream (bsc#1201830). - CVE-2021-36978: Fixed heap-based buffer overflow in Pl_ASCII85Decoder::write (bsc#1188514). Important SUSE bug 1188514 SUSE bug 1201830 CVE-2021-36978 CVE-2022-34503 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for samba fixes the following issues: - CVE-2021-44142: Fixed out-of-Bound Read/Write on Samba vfs_fruit module. (bsc#1194859) Critical SUSE bug 1194859 CVE-2021-44142 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for u-boot fixes the following issues: - CVE-2022-34835: Fixed stack buffer overflow vulnerability in i2c md command (bsc#1201214). Important SUSE bug 1201214 CVE-2022-34835 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for mokutil fixes the following issues: - Adds SBAT revocation support to mokutil. (bsc#1198458) New options added (see manpage): - mokutil --sbat List all entries in SBAT. - mokutil --set-sbat-policy (latest | previous | delete) To set the SBAT acceptance policy. - mokutil --list-sbat-revocations To list the current SBAT revocations. Moderate SUSE bug 1198458 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT (bnc#1201636). - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829). The following non-security bugs were fixed: - Add missing recommends of kernel-install-tools to kernel-source-vanilla (bsc#1200442) - cifs: On cifs_reconnect, resolve the hostname again (bsc#1201926). - cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1201926). - cifs: To match file servers, make sure the server hostname matches (bsc#1201926). - cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1201926). - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1201926). - cifs: set a minimum of 120s for next dns resolution (bsc#1201926). - cifs: use the expiry output of dns_query to schedule next resolution (bsc#1201926). - kernel-binary.spec: Support radio selection for debuginfo. To disable debuginfo on 5.18 kernel a radio selection needs to be switched to a different selection. This requires disabling the currently active option and selecting NONE as debuginfo type. - kvm: emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - pahole 1.22 required for full BTF features. also recommend pahole for kernel-source to make the kernel buildable with standard config - rpm/*.spec.in: remove backtick usage - rpm/constraints.in: skip SLOW_DISK workers for kernel-source - rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775) - rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut module (bsc#1195775) - rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484). Important SUSE bug 1195775 SUSE bug 1195926 SUSE bug 1198484 SUSE bug 1198829 SUSE bug 1200442 SUSE bug 1201050 SUSE bug 1201635 SUSE bug 1201636 SUSE bug 1201926 SUSE bug 1201930 CVE-2021-26341 CVE-2021-33655 CVE-2021-33656 CVE-2022-1462 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for curl fixes the following issues: - CVE-2022-27781: Fixed an issue where curl will get stuck in an infinite loop when trying to retrieve details about a TLS server's certificate chain (bnc#1199223). - CVE-2022-27782: Fixed an issue where TLS and SSH connections would be reused even when a related option had been changed (bsc#1199224). - CVE-2022-32206: Fixed an uncontrolled memory consumption issue caused by an unbounded number of compression layers (bsc#1200735). - CVE-2022-32208: Fixed an incorrect message verification issue when performing FTP transfers using krb5 (bsc#1200737). Important SUSE bug 1199223 SUSE bug 1199224 SUSE bug 1200735 SUSE bug 1200737 CVE-2022-27781 CVE-2022-27782 CVE-2022-32206 CVE-2022-32208 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for java-1_8_0-openjdk fixes the following issues: - Updated to version jdk8u345 (icedtea-3.24.0) - CVE-2022-21540: Fixed a potential Java sandbox bypass (bsc#1201694). - CVE-2022-21541: Fixed a potential Java sandbox bypass (bsc#1201692). - CVE-2022-34169: Fixed an issue where arbitrary bytecode could be executed via a malicious stylesheet (bsc#1201684). - Non-security fixes: - Allowed for customization of PKCS12 keystores (bsc#1195163). Important SUSE bug 1195163 SUSE bug 1201684 SUSE bug 1201692 SUSE bug 1201694 CVE-2022-21540 CVE-2022-21541 CVE-2022-34169 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220809 release (bsc#1201727): - CVE-2022-21233: Fixed an issue where stale data may have been leaked from the legacy xAPIC MMIO region, which could be used to compromise an SGX enclave (INTEL-SA-00657). See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html Other fixes: - Update for functional issues. See also: https://www.intel.com/content/www/us/en/processors/xeon/scalable/xeon-scalable-spec-update.html?wapkw=processor+specification+update - Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | SKX-SP | B1 | 06-55-03/97 | 0100015d | 0100015e | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon D-21xx | ICX-SP | D0 | 06-6a-06/87 | 0d000363 | 0d000375 | Xeon Scalable Gen3 | GLK | B0 | 06-7a-01/01 | 0000003a | 0000003c | Pentium Silver N/J5xxx, Celeron N/J4xxx | GLK-R | R0 | 06-7a-08/01 | 0000001e | 00000020 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 000000b0 | 000000b2 | Core Gen10 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000026 | 00000028 | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 0000003e | 00000040 | Core Gen11 Mobile | RKL-S | B0 | 06-a7-01/02 | 00000053 | 00000054 | Core Gen11 | ADL | C0 | 06-97-02/03 | 0000001f | 00000022 | Core Gen12 | ADL | C0 | 06-97-05/03 | 0000001f | 00000022 | Core Gen12 | ADL | L0 | 06-9a-03/80 | 0000041c | 00000421 | Core Gen12 | ADL | L0 | 06-9a-04/80 | 0000041c | 00000421 | Core Gen12 | ADL | C0 | 06-bf-02/03 | 0000001f | 00000022 | Core Gen12 | ADL | C0 | 06-bf-05/03 | 0000001f | 00000022 | Core Gen12 ------------------------------------------------------------------ Moderate SUSE bug 1201727 CVE-2022-21233 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). Important SUSE bug 1202175 CVE-2022-37434 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for rsync fixes the following issues: - CVE-2022-29154: Fixed an arbitrary file write issue that could be triggered by a malicious remote server (bsc#1201840). Important SUSE bug 1201840 CVE-2022-29154 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for java-1_7_1-ibm fixes the following issues: - Updated to Java 7.1 Service Refresh 5 Fix Pack 15 (bsc#1202427): - CVE-2022-34169: Fixed an integer truncation issue in the Xalan Java XSLT library that occurred when processing malicious stylesheets (bsc#1201684). - CVE-2022-21549: Fixed an issue that could lead to computing negative random exponentials (bsc#1201685). - CVE-2022-21541: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201692). - CVE-2022-21540: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201694). Important SUSE bug 1201684 SUSE bug 1201685 SUSE bug 1201692 SUSE bug 1201694 SUSE bug 1202427 CVE-2022-21540 CVE-2022-21541 CVE-2022-21549 CVE-2022-34169 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 7 Fix Pack 11 (bsc#1202427): - CVE-2022-34169: Fixed an integer truncation issue in the Xalan Java XSLT library that occurred when processing malicious stylesheets (bsc#1201684). - CVE-2022-21549: Fixed an issue that could lead to computing negative random exponentials (bsc#1201685). - CVE-2022-21541: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201692). - CVE-2022-21540: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201694). Important SUSE bug 1201684 SUSE bug 1201685 SUSE bug 1201692 SUSE bug 1201694 SUSE bug 1202427 CVE-2022-21540 CVE-2022-21541 CVE-2022-21549 CVE-2022-34169 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for bluez fixes the following issues: - CVE-2019-8922: Fixed a buffer overflow in the implementation of the Service Discovery Protocol (bsc#1193227). Important SUSE bug 1193227 CVE-2019-8922 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for libcroco fixes the following issues: - CVE-2020-12825: Fixed an uncontrolled recursion issue (bsc#1171685). Important SUSE bug 1171685 CVE-2020-12825 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for gstreamer-plugins-good fixes the following issues: - CVE-2022-1920: Fixed integer overflow in WavPack header handling code (bsc#1201688). - CVE-2022-1921: Fixed integer overflow resulting in heap corruption in avidemux element (bsc#1201693). - CVE-2022-1922: Fixed integer overflows in mkv demuxing (bsc#1201702). - CVE-2022-1923: Fixed integer overflows in mkv demuxing using bzip (bsc#1201704). - CVE-2022-1924: Fixed integer overflows in mkv demuxing using lzo (bsc#1201706). - CVE-2022-1925: Fixed integer overflows in mkv demuxing using HEADERSTRIP (bsc#1201707). - CVE-2022-2122: Fixed integer overflows in qtdemux using zlib (bsc#1201708). Important SUSE bug 1201688 SUSE bug 1201693 SUSE bug 1201702 SUSE bug 1201704 SUSE bug 1201706 SUSE bug 1201707 SUSE bug 1201708 CVE-2022-1920 CVE-2022-1921 CVE-2022-1922 CVE-2022-1923 CVE-2022-1924 CVE-2022-1925 CVE-2022-2122 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for postgresql10 fixes the following issues: - Upgrade to 10.22: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368). Important SUSE bug 1202368 CVE-2022-2625 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for webkit2gtk3 fixes the following issues: - Update to version 2.36.5 (bsc#1201980): - Add support for PAC proxy in the WebDriver implementation. - Fix video playback when loaded through custom URIs, this fixes video playback in the Yelp documentation browser. - Fix WebKitWebView::context-menu when using GTK4. - Fix LTO builds with GCC. - Fix several crashes and rendering issues. - Security fixes: - CVE-2022-32792: Fixed processing maliciously crafted web content may lead to arbitrary code execution. - CVE-2022-32816: Fixed visiting a website that frames malicious content may lead to UI spoofing. Important SUSE bug 1201980 CVE-2022-32792 CVE-2022-32816 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for open-vm-tools fixes the following issues: - Updated to version 12.1.0 (build 20219665) (bsc#1202733): - CVE-2022-31676: Fixed an issue that could allow unprivileged users inside a virtual machine to escalate privileges (bsc#1202657). Important SUSE bug 1202657 SUSE bug 1202733 CVE-2022-31676 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for net-snmp fixes the following issues: - CVE-2020-15862: Make extended MIB read-only (bsc#1174961) Important SUSE bug 1100146 SUSE bug 1145864 SUSE bug 1152968 SUSE bug 1174961 SUSE bug 1178021 SUSE bug 1178351 SUSE bug 1179009 SUSE bug 1179699 SUSE bug 1184839 CVE-2020-15862 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for json-c fixes the following issues: - CVE-2020-12762: Fixed an integer overflow that could lead to memory corruption via a large JSON file (bsc#1171479). Non-security fixes: - Updated to version 0.12.1 (jsc#PED-1778). Important SUSE bug 1171479 CVE-2020-12762 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.13.0 ESR (bsc#1202645): - CVE-2022-38472: Fixed a potential address bar spoofing via XSLT error handling. - CVE-2022-38473: Fixed an issue where cross-origin XSLT documents could inherit the parent's permissions. - CVE-2022-38478: Fixed various memory safety issues. Important SUSE bug 1202645 CVE-2022-38472 CVE-2022-38473 CVE-2022-38478 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for libgda fixes the following issues: - CVE-2021-39359: Enabled TLS certificate verification (bsc#1189849). Important SUSE bug 1189849 CVE-2021-39359 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for webkit2gtk3 fixes the following issues: - Updated to version 2.36.7 (bsc#1202807): - CVE-2022-32893: Fixed an issue that would be triggered when processing malicious web content and that could lead to arbitrary code execution. - Fixed several crashes and rendering issues. - Updated to version 2.36.6: - Fixed handling of touchpad scrolling on GTK4 builds - Fixed WebKitGTK not allowing to be used from non-main threads (bsc#1202169). - Fixed several crashes and rendering issues Important SUSE bug 1202169 SUSE bug 1202807 CVE-2022-32893 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for clamav fixes the following issues: clamav was updated to 0.103.7 (bsc#1202986) * Upgrade the vendored UnRAR library to version 6.1.7. * Fix logical signature 'Intermediates' feature. * Relax constraints on slightly malformed zip archives that contain overlapping file entries. Important SUSE bug 1202986 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for java-1_8_0-ibm fixes the following issues: Note: the issues listed below were NOT fixed with the previous update (8.0-7.11). - Update to Java 8.0 Service Refresh 7 Fix Pack 15 (bsc#1202427): - CVE-2022-34169: Fixed an integer truncation issue in the Xalan Java XSLT library that occurred when processing malicious stylesheets (bsc#1201684). - CVE-2022-21549: Fixed an issue that could lead to computing negative random exponentials (bsc#1201685). - CVE-2022-21541: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201692). - CVE-2022-21540: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201694).. Important SUSE bug 1201684 SUSE bug 1201685 SUSE bug 1201692 SUSE bug 1201694 SUSE bug 1202427 CVE-2022-21540 CVE-2022-21541 CVE-2022-21549 CVE-2022-34169 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for udisks2 fixes the following issues: - CVE-2021-3802: Fixed insecure defaults in user-accessible mount helpers (bsc#1190606). - Fixed vulnerability that allowed mounting ext4 devices over existing entries in fstab (bsc#1098797). Moderate SUSE bug 1098797 SUSE bug 1190606 CVE-2021-3802 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for postgresql12 fixes the following issues: - Update to 12.12: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368). Important SUSE bug 1198166 SUSE bug 1202368 CVE-2022-2625 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for postgresql14 fixes the following issues: - Upgrade to version 14.5: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368). - Upgrade to version 14.4 (bsc#1200437) - Release notes: https://www.postgresql.org/docs/release/14.4/ - Release announcement: https://www.postgresql.org/about/news/p-2470/ - Prevent possible corruption of indexes created or rebuilt with the CONCURRENTLY option (bsc#1200437) - Pin to llvm13 until the next patchlevel update (bsc#1198166) Important SUSE bug 1198166 SUSE bug 1200437 SUSE bug 1202368 CVE-2022-2625 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: Mozilla Firefox was updated to 102.2.0esr ESR: * Fixed: Various stability, functionality, and security fixes. - MFSA 2022-34 (bsc#1202645) * CVE-2022-38472 (bmo#1769155) Address bar spoofing via XSLT error handling * CVE-2022-38473 (bmo#1771685) Cross-origin XSLT Documents would have inherited the parent's permissions * CVE-2022-38476 (bmo#1760998) Data race and potential use-after-free in PK11_ChangePW * CVE-2022-38477 (bmo#1760611, bmo#1770219, bmo#1771159, bmo#1773363) Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2 * CVE-2022-38478 (bmo#1770630, bmo#1776658) Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2, and Firefox ESR 91.13 Firefox Extended Support Release 102.1 ESR * Fixed: Various stability, functionality, and security fixes. - MFSA 2022-30 (bsc#1201758) * CVE-2022-36319 (bmo#1737722) Mouse Position spoofing with CSS transforms * CVE-2022-36318 (bmo#1771774) Directory indexes for bundled resources reflected URL parameters * CVE-2022-36314 (bmo#1773894) Opening local <code>.lnk</code> files could cause unexpected network loads * CVE-2022-2505 (bmo#1769739, bmo#1772824) Memory safety bugs fixed in Firefox 103 and 102.1 - Firefox Extended Support Release 102.0.1 ESR * Fixed: Fixed bookmark shortcut creation by dragging to Windows File Explorer and dropping partially broken (bmo#1774683) * Fixed: Fixed bookmarks sidebar flashing white when opened in dark mode (bmo#1776157) * Fixed: Fixed multilingual spell checking not working with content in both English and a non-Latin alphabet (bmo#1773802) * Fixed: Developer tools: Fixed an issue where the console output keep getting scrolled to the bottom when the last visible message is an evaluation result (bmo#1776262) * Fixed: Fixed *Delete cookies and site data when Firefox is closed* checkbox getting disabled on startup (bmo#1777419) * Fixed: Various stability fixes Firefox 102.0 ESR: * New: - We now provide more secure connections: Firefox can now automatically upgrade to HTTPS using HTTPS RR as Alt-Svc headers. - For added viewing pleasure, full-range color levels are now supported for video playback on many systems. - Find it easier now! Mac users can now access the macOS share options from the Firefox File menu. - Voil?! Support for images containing ICC v4 profiles is enabled on macOS. - Firefox now supports the new AVIF image format, which is based on the modern and royalty-free AV1 video codec. It offers significant bandwidth savings for sites compared to existing image formats. It also supports transparency and other advanced features. - Firefox PDF viewer now supports filling more forms (e.g., XFA-based forms, used by multiple governments and banks). Learn more. - When available system memory is critically low, Firefox on Windows will automatically unload tabs based on their last access time, memory usage, and other attributes. This helps to reduce Firefox out-of-memory crashes. Forgot something? Switching to an unloaded tab automatically reloads it. - To prevent session loss for macOS users who are running Firefox from a mounted .dmg file, they’ll now be prompted to finish installation. Bear in mind, this permission prompt only appears the first time these users run Firefox on their computer. - For your safety, Firefox now blocks downloads that rely on insecure connections, protecting against potentially malicious or unsafe downloads. Learn more and see where to find downloads in Firefox. - Improved web compatibility for privacy protections with SmartBlock 3.0: In Private Browsing and Strict Tracking Protection, Firefox goes to great lengths to protect your web browsing activity from trackers. As part of this, the built- in content blocking will automatically block third-party scripts, images, and other content from being loaded from cross-site tracking companies reported by Disconnect. Learn more. - Introducing a new referrer tracking protection in Strict Tracking Protection and Private Browsing. This feature prevents sites from unknowingly leaking private information to trackers. Learn more. - Introducing Firefox Suggest, a feature that provides website suggestions as you type into the address bar. Learn more about this faster way to navigate the web and locale- specific features. - Firefox macOS now uses Apple's low-power mode for fullscreen video on sites such as YouTube and Twitch. This meaningfully extends battery life in long viewing sessions. Now your kids can find out what the fox says on a loop without you ever missing a beat… - With this release, power users can use about:unloads to release system resources by manually unloading tabs without closing them. - On Windows, there will now be fewer interruptions because Firefox won’t prompt you for updates. Instead, a background agent will download and install updates even if Firefox is closed. - On Linux, we’ve improved WebGL performance and reduced power consumption for many users. - To better protect all Firefox users against side-channel attacks, such as Spectre, we introduced Site Isolation. - Firefox no longer warns you by default when you exit the browser or close a window using a menu, button, or three-key command. This should cut back on unwelcome notifications, which is always nice—however, if you prefer a bit of notice, you’ll still have full control over the quit/close modal behavior. All warnings can be managed within Firefox Settings. No worries! More details here. - Firefox supports the new Snap Layouts menus when running on Windows 11. - RLBox—a new technology that hardens Firefox against potential security vulnerabilities in third-party libraries—is now enabled on all platforms. - We’ve reduced CPU usage on macOS in Firefox and WindowServer during event processing. - We’ve also reduced the power usage of software decoded video on macOS, especially in fullscreen. This includes streaming sites such as Netflix and Amazon Prime Video. - You can now move the Picture-in-Picture toggle button to the opposite side of the video. Simply look for the new context menu option Move Picture-in-Picture Toggle to Left (Right) Side. - We’ve made significant improvements in noise suppression and auto-gain-control, as well as slight improvements in echo-cancellation to provide you with a better overall experience. - We’ve also significantly reduced main-thread load. - When printing, you can now choose to print only the odd/even pages. - Firefox now supports and displays the new style of scrollbars on Windows 11. - Firefox has a new optimized download flow. Instead of prompting every time, files will download automatically. However, they can still be opened from the downloads panel with just one click. Easy! More information - Firefox no longer asks what to do for each file by default. You won’t be prompted to choose a helper application or save to disk before downloading a file unless you have changed your download action setting for that type of file. - Any files you download will be immediately saved on your disk. Depending on the current configuration, they’ll be saved in your preferred download folder, or you’ll be asked to select a location for each download. Windows and Linux users will find their downloaded files in the destination folder. They’ll no longer be put in the Temp folder. - Firefox allows users to choose from a number of built-in search engines to set as their default. In this release, some users who had previously configured a default engine might notice their default search engine has changed since Mozilla was unable to secure formal permission to continue including certain search engines in Firefox. - You can now toggle Narrate in ReaderMode with the keyboard shortcut 'n.' - You can find added support for search—with or without diacritics—in the PDF viewer. - The Linux sandbox has been strengthened: processes exposed to web content no longer have access to the X Window system (X11). - Firefox now supports credit card autofill and capture in Germany, France, and the United Kingdom. - We now support captions/subtitles display on YouTube, Prime Video, and Netflix videos you watch in Picture-in-Picture. Just turn on the subtitles on the in-page video player, and they will appear in PiP. - Picture-in-Picture now also supports video captions on websites that use Web Video Text Track (WebVTT) format (e.g., Coursera.org, Canadian Broadcasting Corporation, and many more). - On the first run after install, Firefox detects when its language does not match the operating system language and offers the user a choice between the two languages. - Firefox spell checking now checks spelling in multiple languages. To enable additional languages, select them in the text field’s context menu. - HDR video is now supported in Firefox on Mac—starting with YouTube! Firefox users on macOS 11+ (with HDR-compatible screens) can enjoy higher-fidelity video content. No need to manually flip any preferences to turn HDR video support on—just make sure battery preferences are NOT set to “optimize video streaming while on battery”. - Hardware-accelerated AV1 video decoding is enabled on Windows with supported GPUs (Intel Gen 11+, AMD RDNA 2 Excluding Navi 24, GeForce 30). Installing the AV1 Video Extension from the Microsoft Store may also be required. - Video overlay is enabled on Windows for Intel GPUs, reducing power usage during video playback. - Improved fairness between painting and handling other events. This noticeably improves the performance of the volume slider on Twitch. - Scrollbars on Linux and Windows 11 won't take space by default. On Linux, users can change this in Settings. On Windows, Firefox follows the system setting (System Settings > Accessibility > Visual Effects > Always show scrollbars). - Firefox now ignores less restricted referrer policies—including unsafe-url, no-referrer-when-downgrade, and origin-when-cross-origin—for cross-site subresource/iframe requests to prevent privacy leaks from the referrer. - Reading is now easier with the prefers-contrast media query, which allows sites to detect if the user has requested that web content is presented with a higher (or lower) contrast. - All non-configured MIME types can now be assigned a custom action upon download completion. - Firefox now allows users to use as many microphones as they want, at the same time, during video conferencing. The most exciting benefit is that you can easily switch your microphones at any time (if your conferencing service provider enables this flexibility). - Print preview has been updated. * Fixed: Various security fixes. - MFSA 2022-24 (bsc#1200793) * CVE-2022-34479 (bmo#1745595) A popup window could be resized in a way to overlay the address bar with web content * CVE-2022-34470 (bmo#1765951) Use-after-free in nsSHistory * CVE-2022-34468 (bmo#1768537) CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI * CVE-2022-34482 (bmo#845880) Drag and drop of malicious image could have led to malicious executable and potential code execution * CVE-2022-34483 (bmo#1335845) Drag and drop of malicious image could have led to malicious executable and potential code execution * CVE-2022-34476 (bmo#1387919) ASN.1 parser could have been tricked into accepting malformed ASN.1 * CVE-2022-34481 (bmo#1483699, bmo#1497246) Potential integer overflow in ReplaceElementsAt * CVE-2022-34474 (bmo#1677138) Sandboxed iframes could redirect to external schemes * CVE-2022-34469 (bmo#1721220) TLS certificate errors on HSTS-protected domains could be bypassed by the user on Firefox for Android * CVE-2022-34471 (bmo#1766047) Compromised server could trick a browser into an addon downgrade * CVE-2022-34472 (bmo#1770123) Unavailable PAC file resulted in OCSP requests being blocked * CVE-2022-34478 (bmo#1773717) Microsoft protocols can be attacked if a user accepts a prompt * CVE-2022-2200 (bmo#1771381) Undesired attributes could be set as part of prototype pollution * CVE-2022-34480 (bmo#1454072) Free of uninitialized pointer in lg_init * CVE-2022-34477 (bmo#1731614) MediaError message property leaked information on cross- origin same-site pages * CVE-2022-34475 (bmo#1757210) HTML Sanitizer could have been bypassed via same-origin script via use tags * CVE-2022-34473 (bmo#1770888) HTML Sanitizer could have been bypassed via use tags * CVE-2022-34484 (bmo#1763634, bmo#1772651) Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11 * CVE-2022-34485 (bmo#1768409, bmo#1768578) Memory safety bugs fixed in Firefox 102 Important SUSE bug 1200793 SUSE bug 1201758 SUSE bug 1202645 CVE-2022-2200 CVE-2022-2505 CVE-2022-34468 CVE-2022-34469 CVE-2022-34470 CVE-2022-34471 CVE-2022-34472 CVE-2022-34473 CVE-2022-34474 CVE-2022-34475 CVE-2022-34476 CVE-2022-34477 CVE-2022-34478 CVE-2022-34479 CVE-2022-34480 CVE-2022-34481 CVE-2022-34482 CVE-2022-34483 CVE-2022-34484 CVE-2022-34485 CVE-2022-36314 CVE-2022-36318 CVE-2022-36319 CVE-2022-38472 CVE-2022-38473 CVE-2022-38476 CVE-2022-38477 CVE-2022-38478 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-36946: Fixed a denial of service (panic) inside nfqnl_mangle in net/netfilter/nfnetlink_queue.c (bnc#1201940). - CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948). - CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898). - CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672). - CVE-2022-2639: Fixed an integer coercion error that was found in the openvswitch kernel module (bnc#1202154). - CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-21385: Fixed a flaw in net_rds_alloc_sgs() that allowed unprivileged local users to crash the machine (bnc#1202897). - CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347). - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346). - CVE-2022-20166: Fixed possible out of bounds write due to a heap buffer overflow in various methods of kernel base drivers (bnc#1200598). - CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535). - CVE-2020-36558: Fixed a race condition involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault (bnc#1200910). - CVE-2020-36557: Fixed a race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys that could have led to a use-after-free (bnc#1201429). - CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616). The following non-security bugs were fixed: - cifs: fix error paths in cifs_tree_connect() (bsc#1177440). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1188944). - cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440). - cifs: skip trailing separators of prefix paths (bsc#1188944). - kernel-obs-build: include qemu_fw_cfg (boo#1201705) - lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325). - mm/rmap.c: do not reuse anon_vma if we just want a copy (git-fixes, bsc#1203098). - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098). - net_sched: cls_route: disallow handle of 0 (bsc#1202393). - objtool: Add --backtrace support (bsc#1202396). - objtool: Add support for intra-function calls (bsc#1202396). - objtool: Allow no-op CFI ops in alternatives (bsc#1202396). - objtool: Convert insn type to enum (bsc#1202396). - objtool: Do not use ignore flag for fake jumps (bsc#1202396). - objtool: Fix !CFI insn_state propagation (bsc#1202396). - objtool: Fix ORC vs alternatives (bsc#1202396). - objtool: Fix sibling call detection (bsc#1202396). - objtool: Make handle_insn_ops() unconditional (bsc#1202396). - objtool: Remove INSN_STACK (bsc#1202396). - objtool: Remove check preventing branches within alternative (bsc#1202396). - objtool: Rename elf_open() to prevent conflict with libelf from elftoolchain (bsc#1202396). - objtool: Rename struct cfi_state (bsc#1202396). - objtool: Rework allocating stack_ops on decode (bsc#1202396). - objtool: Rewrite alt->skip_orig (bsc#1202396). - objtool: Set insn->func for alternatives (bsc#1202396). - objtool: Support conditional retpolines (bsc#1202396). - objtool: Support multiple stack_op per instruction (bsc#1202396). - objtool: Track original function across branches (bsc#1202396). - objtool: Uniquely identify alternative instruction groups (bsc#1202396). - objtool: Use Elf_Scn typedef instead of assuming struct name (bsc#1202396). - powerpc/pci: Fix broken INTx configuration via OF (bsc#1172145 ltc#184630 bsc#1200770 ltc#198666). - powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145 ltc#184630 bsc#1200770 ltc#198666). - powerpc/pci: Use of_irq_parse_and_map_pci() helper (bsc#1172145 ltc#184630 bsc#1200770 ltc#198666). - rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019). Important SUSE bug 1172145 SUSE bug 1177440 SUSE bug 1188944 SUSE bug 1191881 SUSE bug 1194535 SUSE bug 1196616 SUSE bug 1200598 SUSE bug 1200770 SUSE bug 1200910 SUSE bug 1201019 SUSE bug 1201420 SUSE bug 1201429 SUSE bug 1201705 SUSE bug 1201726 SUSE bug 1201940 SUSE bug 1201948 SUSE bug 1202096 SUSE bug 1202154 SUSE bug 1202346 SUSE bug 1202347 SUSE bug 1202393 SUSE bug 1202396 SUSE bug 1202672 SUSE bug 1202897 SUSE bug 1202898 SUSE bug 1203098 CVE-2020-36516 CVE-2020-36557 CVE-2020-36558 CVE-2021-4203 CVE-2022-20166 CVE-2022-20368 CVE-2022-20369 CVE-2022-21385 CVE-2022-2588 CVE-2022-26373 CVE-2022-2639 CVE-2022-2977 CVE-2022-3028 CVE-2022-36879 CVE-2022-36946 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for xen fixes the following issues: - CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. (XSA-394) (bsc#1194581) - CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. (XSA-395) (bsc#1194588) Important SUSE bug 1194581 SUSE bug 1194588 CVE-2022-23034 CVE-2022-23035 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for libsndfile fixes the following issues: - CVE-2021-4156: Fixed heap buffer overflow in flac_buffer_copy that could potentially lead to heap exploitation (bsc#1194006). Important SUSE bug 1194006 CVE-2021-4156 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for sqlite3 fixes the following issues: Security issues fixed: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). sqlite3 was update to 3.39.3: * Use a statement journal on DML statement affecting two or more database rows if the statement makes use of a SQL functions that might abort. * Use a mutex to protect the PRAGMA temp_store_directory and PRAGMA data_store_directory statements, even though they are decremented and documented as not being threadsafe. Update to 3.39.2: * Fix a performance regression in the query planner associated with rearranging the order of FROM clause terms in the presences of a LEFT JOIN. * Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and 1345947, forum post 3607259d3c, and other minor problems discovered by internal testing. [boo#1201783] Update to 3.39.1: * Fix an incorrect result from a query that uses a view that contains a compound SELECT in which only one arm contains a RIGHT JOIN and where the view is not the first FROM clause term of the query that contains the view * Fix a long-standing problem with ALTER TABLE RENAME that can only arise if the sqlite3_limit(SQLITE_LIMIT_SQL_LENGTH) is set to a very small value. * Fix a long-standing problem in FTS3 that can only arise when compiled with the SQLITE_ENABLE_FTS3_PARENTHESIS compile-time option. * Fix the initial-prefix optimization for the REGEXP extension so that it works correctly even if the prefix contains characters that require a 3-byte UTF8 encoding. * Enhance the sqlite_stmt virtual table so that it buffers all of its output. Update to 3.39.0: * Add (long overdue) support for RIGHT and FULL OUTER JOIN * Add new binary comparison operators IS NOT DISTINCT FROM and IS DISTINCT FROM that are equivalent to IS and IS NOT, respective, for compatibility with PostgreSQL and SQL standards * Add a new return code (value '3') from the sqlite3_vtab_distinct() interface that indicates a query that has both DISTINCT and ORDER BY clauses * Added the sqlite3_db_name() interface * The unix os interface resolves all symbolic links in database filenames to create a canonical name for the database before the file is opened * Defer materializing views until the materialization is actually needed, thus avoiding unnecessary work if the materialization turns out to never be used * The HAVING clause of a SELECT statement is now allowed on any aggregate query, even queries that do not have a GROUP BY clause * Many microoptimizations collectively reduce CPU cycles by about 2.3%. Update to 3.38.5: * Fix a blunder in the CLI of the 3.38.4 release Update to 3.38.4: * fix a byte-code problem in the Bloom filter pull-down optimization added by release 3.38.0 in which an error in the byte code causes the byte code engine to enter an infinite loop when the pull-down optimization encounters a NULL key Update to 3.38.3: * Fix a case of the query planner be overly aggressive with optimizing automatic-index and Bloom-filter construction, using inappropriate ON clause terms to restrict the size of the automatic-index or Bloom filter, and resulting in missing rows in the output. * Other minor patches. See the timeline for details. Update to 3.38.2: * Fix a problem with the Bloom filter optimization that might cause an incorrect answer when doing a LEFT JOIN with a WHERE clause constraint that says that one of the columns on the right table of the LEFT JOIN is NULL. * Other minor patches. - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). Update to 3.38.1: * Fix problems with the new Bloom filter optimization that might cause some obscure queries to get an incorrect answer. * Fix the localtime modifier of the date and time functions so that it preserves fractional seconds. * Fix the sqlite_offset SQL function so that it works correctly even in corner cases such as when the argument is a virtual column or the column of a view. * Fix row value IN operator constraints on virtual tables so that they work correctly even if the virtual table implementation relies on bytecode to filter rows that do not satisfy the constraint. * Other minor fixes to assert() statements, test cases, and documentation. See the source code timeline for details. Update to 3.38.0 * Add the -> and ->> operators for easier processing of JSON * The JSON functions are now built-ins * Enhancements to date and time functions * Rename the printf() SQL function to format() for better compatibility, with alias for backwards compatibility. * Add the sqlite3_error_offset() interface for helping localize an SQL error to a specific character in the input SQL text * Enhance the interface to virtual tables * CLI columnar output modes are enhanced to correctly handle tabs and newlines embedded in text, and add options like '--wrap N', '--wordwrap on', and '--quote' to the columnar output modes. * Query planner enhancements using a Bloom filter to speed up large analytic queries, and a balanced merge tree to evaluate UNION or UNION ALL compound SELECT statements that have an ORDER BY clause. * The ALTER TABLE statement is changed to silently ignores entries in the sqlite_schema table that do not parse when PRAGMA writable_schema=ON Update to 3.37.2: * Fix a bug introduced in version 3.35.0 (2021-03-12) that can cause database corruption if a SAVEPOINT is rolled back while in PRAGMA temp_store=MEMORY mode, and other changes are made, and then the outer transaction commits * Fix a long-standing problem with ON DELETE CASCADE and ON UPDATE CASCADE in which a cache of the bytecode used to implement the cascading change was not being reset following a local DDL change Update to 3.37.1: * Fix a bug introduced by the UPSERT enhancements of version 3.35.0 that can cause incorrect byte-code to be generated for some obscure but valid SQL, possibly resulting in a NULL- pointer dereference. * Fix an OOB read that can occur in FTS5 when reading corrupt database files. * Improved robustness of the --safe option in the CLI. * Other minor fixes to assert() statements and test cases. Update to 3.37.0: * STRICT tables provide a prescriptive style of data type management, for developers who prefer that kind of thing. * When adding columns that contain a CHECK constraint or a generated column containing a NOT NULL constraint, the ALTER TABLE ADD COLUMN now checks new constraints against preexisting rows in the database and will only proceed if no constraints are violated. * Added the PRAGMA table_list statement. * Add the .connection command, allowing the CLI to keep multiple database connections open at the same time. * Add the --safe command-line option that disables dot-commands and SQL statements that might cause side-effects that extend beyond the single database file named on the command-line. * CLI: Performance improvements when reading SQL statements that span many lines. * Added the sqlite3_autovacuum_pages() interface. * The sqlite3_deserialize() does not and has never worked for the TEMP database. That limitation is now noted in the documentation. * The query planner now omits ORDER BY clauses on subqueries and views if removing those clauses does not change the semantics of the query. * The generate_series table-valued function extension is modified so that the first parameter ('START') is now required. This is done as a way to demonstrate how to write table-valued functions with required parameters. The legacy behavior is available using the -DZERO_ARGUMENT_GENERATE_SERIES compile-time option. * Added new sqlite3_changes64() and sqlite3_total_changes64() interfaces. * Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2(). * Use less memory to hold the database schema. * bsc#1189802, CVE-2021-36690: Fix an issue with the SQLite Expert extension when a column has no collating sequence. Moderate SUSE bug 1189802 SUSE bug 1195773 SUSE bug 1201783 CVE-2021-36690 CVE-2022-35737 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: Mozilla Firefox was updated from 102.2.0esr to 102.3.0esr (bsc#1203477): - CVE-2022-40959: Fixed bypassing FeaturePolicy restrictions on transient pages. - CVE-2022-40960: Fixed data-race when parsing non-UTF-8 URLs in threads. - CVE-2022-40958: Fixed bypassing secure context restriction for cookies with __Host and __Secure prefix. - CVE-2022-40956: Fixed content-security-policy base-uri bypass. - CVE-2022-40957: Fixed incoherent instruction cache when building WASM on ARM64. - CVE-2022-40962: Fixed memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3. Important SUSE bug 1203477 CVE-2022-40956 CVE-2022-40957 CVE-2022-40958 CVE-2022-40959 CVE-2022-40960 CVE-2022-40962 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). Important SUSE bug 1203438 CVE-2022-40674 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for krb5-appl fixes the following issues: - CVE-2022-39028: Fixed NULL pointer dereference in krb5-appl telnetd (bsc#1203759). Important SUSE bug 1203759 CVE-2022-39028 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for webkit2gtk3 fixes the following issues: Updated to version 2.36.8 (bsc#1203530): - CVE-2022-32886: Fixed a buffer overflow issue that could potentially lead to code execution. - CVE-2022-32912: Fixed an out-of-bounds read that could potentially lead to code execution. Important SUSE bug 1203530 CVE-2022-32886 CVE-2022-32912 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for bind fixes the following issues: - CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations (bsc#1203614). - CVE-2022-38177: Fixed a memory leak that could be externally triggered in the DNSSEC verification code for the ECDSA algorithm (bsc#1203619). - CVE-2022-38178: Fixed memory leaks that could be externally triggered in the DNSSEC verification code for the EdDSA algorithm (bsc#1203620). Important SUSE bug 1203614 SUSE bug 1203619 SUSE bug 1203620 CVE-2022-2795 CVE-2022-38177 CVE-2022-38178 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for python3 fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). Important SUSE bug 1202624 CVE-2021-28861 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for squid fixes the following issues: - CVE-2022-41317: Fixed exposure of sensitive information in cache manager (bsc#1203677). - CVE-2022-41318: Fixed buffer overread in SSPI and SMB Authentication (bsc#1203680). Important SUSE bug 1203677 SUSE bug 1203680 CVE-2022-41317 CVE-2022-41318 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for postgresql-jdbc fixes the following issues: - CVE-2022-31197: Fixed SQL injection vulnerability (bsc#1202170). Important SUSE bug 1202170 CVE-2022-31197 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for python fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). Important SUSE bug 1202624 CVE-2021-28861 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for clamav fixes the following issues: - CVE-2022-20698: Fixed invalid pointer read allowing denial of service crash. (bsc#1194731) Important SUSE bug 1194731 CVE-2022-20698 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS The SUSE Linux Enterprise 12 SP4 kernel was updated The following security bugs were fixed: - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-2503: Fixed a bug in dm-verity, device-mapper table reloads allowed users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allowed root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates (bnc#1202677). - CVE-2022-39188: Fixed a race condition where a device driver can free a page while it still has stale TLB entries. (bnc#1203107). - CVE-2022-2663: Fixed an issue which allowed a firewall to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured (bnc#1202097). The following non-security bugs were fixed: - dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages. - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still be possible to do so that the mitigation can still be disabled on Intel who do not use the return thunks but IBRS. Important SUSE bug 1201309 SUSE bug 1202097 SUSE bug 1202385 SUSE bug 1202677 SUSE bug 1202960 SUSE bug 1203107 SUSE bug 1203552 CVE-2022-2503 CVE-2022-2663 CVE-2022-3239 CVE-2022-39188 CVE-2022-41218 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for tiff fixes the following issues: - CVE-2022-2519: Fixed a double free in rotateImage() (bsc#1202968). - CVE-2022-2520: Fixed a assertion failure in rotateImage() (bsc#1202973). - CVE-2022-2521: Fixed invalid free in TIFFClose() (bsc#1202971). - CVE-2022-2867: Fixed out of bounds read and write in tiffcrop.c (bsc#1202466). - CVE-2022-2868: Fixed out of bounds read in reverseSamples16bits() (bsc#1202467). - CVE-2022-2869: Fixed out of bounds read and write in extractContigSamples8bits() (bsc#1202468). - CVE-2022-34526: Fixed stack overflow in the _TIFFVGetField function of Tiffsplit (bsc#1202026). Important SUSE bug 1201723 SUSE bug 1201971 SUSE bug 1202026 SUSE bug 1202466 SUSE bug 1202467 SUSE bug 1202468 SUSE bug 1202968 SUSE bug 1202971 SUSE bug 1202973 CVE-2022-0561 CVE-2022-2519 CVE-2022-2520 CVE-2022-2521 CVE-2022-2867 CVE-2022-2868 CVE-2022-2869 CVE-2022-34266 CVE-2022-34526 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). Critical SUSE bug 1204357 CVE-2022-3515 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). - CVE-2022-0322: Fixed SCTP issue with account stream padding length for reconf chunk (bsc#1194985). - CVE-2021-45486: Fixed information leak inside the IPv4 implementation caused by very small hash table (bnc#1194087). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767). - CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bnc#1192847) - CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bsc#1192845) - CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194529). - CVE-2021-4197: Use cgroup open-time credentials for process migraton perm checks (bsc#1194302). - CVE-2021-4159: Fixed kernel ptr leak vulnerability via BPF in coerce_reg_to_size (bsc#1194227). - CVE-2021-4149: Fixed btrfs unlock newly allocated extent buffer after error (bsc#1194001). - CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1193727). - CVE-2021-4002: Fixed a missing TLB flush that could lead to leak or corruption of data in hugetlbfs. (bsc#1192946) - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2021-3564: Fixed double-free memory corruption in the Linux kernel HCI device initialization subsystem that could have been used by attaching malicious HCI TTY Bluetooth devices. A local user could use this flaw to crash the system (bnc#1186207). - CVE-2021-33098: Fixed a potential denial of service in Intel(R) Ethernet ixgbe driver due to improper input validation. (bsc#1192877) - CVE-2021-28715: Fixed issue with xen/netback to do not queue unlimited number of packages (XSA-392) (bsc#1193442). - CVE-2021-28714: Fixed issue with xen/netback to add rx queue stall detection (XSA-392) (bsc#1193442). - CVE-2021-28713: Fixed issue with xen/console to harden hvc_xen against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-28712: Fixed issue with xen/netfront to harden netfront against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-28711: Fixed issue with xen/blkfront to harden blkfront against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-0935: Fixed possible out of bounds write in ip6_xmit of ip6_output.c due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192032). - CVE-2021-0920: Fixed use after free bug due to a race condition in unix_scm_to_skb of af_unix.c. This could have led to local escalation of privilege with System execution privileges needed (bnc#1193731). - CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device. (bsc#1179599) - CVE-2019-15126: Fixed a vulnerability in Broadcom and Cypress Wi-Fi chips, used in RPi family of devices aka 'Kr00k'. (bsc#1167162) - CVE-2018-25020: Fixed an overflow in the BPF subsystem due to a mishandling of a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions. This affects kernel/bpf/core.c and net/core/filter.c (bnc#1193575). The following non-security bugs were fixed: - Bluetooth: fix the erroneous flush_work() order (git-fixes). - Build: Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731). - elfcore: fix building with clang (bsc#1169514). - fget: clarify and improve __fget_files() implementation (bsc#1193727). - hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (bsc#1193507). - hv_netvsc: Set needed_headroom according to VF (bsc#1193507). - kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740). - kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable. - kernel-binary.spec: Define $image as rpm macro (bsc#1189841). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167). - kernel-binary.spec: Fix kernel-default-base scriptlets after packaging merge. - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well (bsc#1189841). - kernel-cert-subpackage: Fix certificate location in scriptlets (bsc#1189841). - kernel-source.spec: install-kernel-tools also required on 15.4 - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229). - kprobes: Limit max data_size of the kretprobe instances (bsc#1193669). - livepatch: Avoid CPU hogging with cond_resched (bsc#1071995). - memstick: rtsx_usb_ms: fix UAF (bsc#1194516). - moxart: fix potential use-after-free on remove path (bsc#1194516). - net: Using proper atomic helper (bsc#1186222). - net: mana: Add RX fencing (bsc#1193507). - net: mana: Add XDP support (bsc#1193507). - net: mana: Allow setting the number of queues while the NIC is down (bsc#1193507). - net: mana: Fix spelling mistake 'calledd' -> 'called' (bsc#1193507). - net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (bsc#1193507). - net: mana: Improve the HWC error handling (bsc#1193507). - net: mana: Support hibernation and kexec (bsc#1193507). - net: mana: Use kcalloc() instead of kzalloc() (bsc#1193507). - objtool: Support Clang non-section symbols in ORC generation (bsc#1169514). - post.sh: detect /usr mountpoint too - recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267). - recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267). - rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to use kmod with ZSTD support on non-Tumbleweed. - rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804). - rpm/kernel-binary.spec.in: do not strip vmlinux again (bsc#1193306) After usrmerge, vmlinux file is not named vmlinux-&lt;version>, but simply vmlinux. And this is not reflected in STRIP_KEEP_SYMTAB we set. So fix this by removing the dash... - rpm/kernel-binary.spec: Use only non-empty certificates. - rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305) - rpm/kernel-source.rpmlintrc: ignore new include/config files In 5.13, since 0e0345b77ac4, config files have no longer .h suffix. Adapt the zero-length check. Based on Martin Liska's change. - rpm/kernel-source.spec.in: do some more for vanilla_only Make sure: * sources are NOT executable * env is not used as interpreter * timestamps are correct We do all this for normal kernel builds, but not for vanilla_only kernels (linux-next and vanilla). - rpm: fixup support gz and zst compression methods (bsc#1190428, bsc#1190358). - rpm: use _rpmmacrodir (boo#1191384) - tty: hvc: replace BUG_ON() with negative return value (git-fixes). - vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888). - watchdog: iTCO_wdt: Export vendorsupport (bsc#1177101). - watchdog: iTCO_wdt: Make ICH_RES_IO_SMI optional (bsc#1177101). - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (bsc#1169514). - xen/blkfront: do not take local copy of a request from the ring page (git-fixes). - xen/blkfront: do not trust the backend response data blindly (git-fixes). - xen/blkfront: read response from backend only once (git-fixes). - xen/netfront: disentangle tx_skb_freelist (git-fixes). - xen/netfront: do not read data from request on the ring page (git-fixes). - xen/netfront: do not trust the backend response data blindly (git-fixes). - xen/netfront: read response from backend only once (git-fixes). - xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). Important SUSE bug 1071995 SUSE bug 1124431 SUSE bug 1167162 SUSE bug 1169514 SUSE bug 1172073 SUSE bug 1177101 SUSE bug 1179599 SUSE bug 1184804 SUSE bug 1185377 SUSE bug 1186207 SUSE bug 1186222 SUSE bug 1187167 SUSE bug 1189305 SUSE bug 1189841 SUSE bug 1190358 SUSE bug 1190428 SUSE bug 1191229 SUSE bug 1191384 SUSE bug 1191731 SUSE bug 1192032 SUSE bug 1192267 SUSE bug 1192740 SUSE bug 1192845 SUSE bug 1192847 SUSE bug 1192877 SUSE bug 1192946 SUSE bug 1193306 SUSE bug 1193440 SUSE bug 1193442 SUSE bug 1193507 SUSE bug 1193575 SUSE bug 1193669 SUSE bug 1193727 SUSE bug 1193731 SUSE bug 1193767 SUSE bug 1193861 SUSE bug 1193864 SUSE bug 1193867 SUSE bug 1194001 SUSE bug 1194048 SUSE bug 1194087 SUSE bug 1194227 SUSE bug 1194302 SUSE bug 1194516 SUSE bug 1194529 SUSE bug 1194880 SUSE bug 1194888 SUSE bug 1194985 SUSE bug 1195254 CVE-2018-25020 CVE-2019-15126 CVE-2020-27820 CVE-2021-0920 CVE-2021-0935 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-33098 CVE-2021-3564 CVE-2021-39648 CVE-2021-39657 CVE-2021-4002 CVE-2021-4083 CVE-2021-4149 CVE-2021-4197 CVE-2021-4202 CVE-2021-43975 CVE-2021-43976 CVE-2021-44733 CVE-2021-45095 CVE-2021-45486 CVE-2022-0322 CVE-2022-0330 CVE-2022-0435 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for multipath-tools fixes the following issues: - CVE-2022-41974: Fixed an authorization bypass issue in multipathd. (bsc#1202739) - Avoid linking to libreadline to avoid licensing issue (bsc#1202616) Important SUSE bug 1202616 SUSE bug 1202739 SUSE bug 1204325 CVE-2022-41974 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). Important SUSE bug 1201978 SUSE bug 1204366 SUSE bug 1204367 CVE-2016-3709 CVE-2022-40303 CVE-2022-40304 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for bluez fixes the following issues: - CVE-2019-8921: Fixed heap-based buffer overflow via crafted request (bsc#1193237). - CVE-2016-9803: Fixed memory leak (bsc#1013885). Important SUSE bug 1013885 SUSE bug 1193237 CVE-2016-9803 CVE-2019-8921 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: Updated to version 102.4.0 ESR (bsc#1204421): - CVE-2022-42927: Fixed same-origin policy violation that could have leaked cross-origin URLs. - CVE-2022-42928: Fixed memory Corruption in JS Engine. - CVE-2022-42929: Fixed denial of Service via window.print. - CVE-2022-42932: Fixed memory safety bugs. Important SUSE bug 1204421 CVE-2022-42927 CVE-2022-42928 CVE-2022-42929 CVE-2022-42932 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for telnet fixes the following issues: - CVE-2022-39028: Fixed NULL pointer dereference in telnetd (bsc#1203759). Important SUSE bug 1203759 CVE-2022-39028 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update fixes the following issues: golang-github-lusitaniae-apache_exporter: - Update to upstream release 0.11.0 (jsc#SLE-24791) * Add TLS support * Switch to logger, please check --log.level and --log.format flags - Update to version 0.10.1 * Bugfix: Reset ProxyBalancer metrics on each scrape to remove stale data - Update to version 0.10.0 * Add Apache Proxy and other metrics - Update to version 0.8.0 * Change commandline flags * Add metrics: Apache version, request duration total - Adapted to build on Enterprise Linux 8 - Require building with Go 1.15 - Add %license macro for LICENSE file golang-github-prometheus-alertmanager: - Do not include sources (bsc#1200725) golang-github-prometheus-node_exporter: - CVE-2022-21698: Denial of service using InstrumentHandlerCounter. (bsc#1196338, jsc#SLE-24243, jsc#SUMA-114) grafana: - Update to version 8.3.10 + Security: * CVE-2022-31097: Cross Site Scripting vulnerability in the Unified Alerting (bsc#1201535) * CVE-2022-31107: OAuth account takeover vulnerability (bsc#1201539) - Update to version 8.3.9 + Bug fixes: * Geomap: Display legend * Prometheus: Fix timestamp truncation - Update to version 8.3.7 + Bug fix: * Provisioning: Ensure that the default value for orgID is set when provisioning datasources to be deleted. - Update to version 8.3.6 + Features and enhancements: * Cloud Monitoring: Reduce request size when listing labels. * Explore: Show scalar data result in a table instead of graph. * Snapshots: Updates the default external snapshot server URL. * Table: Makes footer not overlap table content. * Tempo: Add request histogram to service graph datalink. * Tempo: Add time range to tempo search query behind a feature flag. * Tempo: Auto-clear results when changing query type. * Tempo: Display start time in search results as relative time. * CloudMonitoring: Fix resource labels in query editor. * Cursor sync: Apply the settings without saving the dashboard. * LibraryPanels: Fix for Error while cleaning library panels. * Logs Panel: Fix timestamp parsing for string dates without timezone. * Prometheus: Fix some of the alerting queries that use reduce/math operation. * TablePanel: Fix ad-hoc variables not working on default datasources. * Text Panel: Fix alignment of elements. * Variables: Fix for constant variables in self referencing links. - Update to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422, jsc#SLE-24565) kiwi-desc-saltboot: - Update to version 0.1.1661440542.6cbe0da * Use standard susemanager.conf * Use salt bundle * Add support fo VirtIO disks mgr-daemon: - Version 4.3.6-1 * Update translation strings spacecmd: - Version 4.3.15-1 * Process date values in spacecmd api calls (bsc#1198903) spacewalk-client-tools: - Version 4.3.12-1 * Update translation strings uyuni-common-libs: - Version 4.3.6-1 * Do not allow creating path if nonexistent user or group in fileutils. Moderate SUSE bug 1196338 SUSE bug 1198903 SUSE bug 1200725 SUSE bug 1201535 SUSE bug 1201539 CVE-2022-21698 CVE-2022-31097 CVE-2022-31107 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies (bsc#1202593). - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). Important SUSE bug 1202593 SUSE bug 1204383 CVE-2022-32221 CVE-2022-35252 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) Important SUSE bug 1200800 SUSE bug 1201680 CVE-2021-46828 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for openjpeg2 fixes the following issues: - CVE-2018-21010: Fixed heap buffer overflow in color_apply_icc_profile in bin/common/color.c (bsc#1149789). - CVE-2020-27824: Fixed OOB read in opj_dwt_calc_explicit_stepsizes() (bsc#1179821). - CVE-2020-27842: Fixed null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c (bsc#1180043). - CVE-2020-27843: Fixed out-of-bounds read in opj_t2_encode_packet function in openjp2/t2.c (bsc#1180044). - CVE-2020-27845: Fixed heap-based buffer over-read in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c (bsc#1180046). Important SUSE bug 1149789 SUSE bug 1179821 SUSE bug 1180043 SUSE bug 1180044 SUSE bug 1180046 CVE-2018-21010 CVE-2020-27824 CVE-2020-27842 CVE-2020-27843 CVE-2020-27845 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). Important SUSE bug 1087072 SUSE bug 1204111 SUSE bug 1204112 SUSE bug 1204113 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690). Critical SUSE bug 1204690 CVE-2021-46848 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for xorg-x11-server fixes the following issues: - CVE-2022-3550: Fixed out of bounds read/write in _GetCountedString() (bsc#1204412). - CVE-2022-3551: Fixed various leaks of the return value of GetComponentSpec() (bsc#1204416). Important SUSE bug 1204412 SUSE bug 1204416 CVE-2022-3550 CVE-2022-3551 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). Important SUSE bug 1204708 CVE-2022-43680 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for glibc fixes the following issues: - CVE-2015-8985: Fixed assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625) - x86: fix stack alignment in pthread_cond_[timed]wait (bsc#1196852) - Recognize ppc64p7 arch to build for power7 Moderate SUSE bug 1193625 SUSE bug 1196852 CVE-2015-8985 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for libvirt fixes the following issues: - CVE-2021-4147: libxl: Fix libvirtd deadlocks and segfaults. (bsc#1194041) - CVE-2021-3975: Add missing lock in qemuProcessHandleMonitorEOF. (bsc#1192876) Important SUSE bug 1192876 SUSE bug 1193981 SUSE bug 1194041 CVE-2021-3975 CVE-2021-4147 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for sudo fixes the following issues: Security fixes: - CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a password of seven characters or fewer and using the crypt() password backend (bsc#1204986). Other: - Make sure SIGCHLD is not ignored when sudo is executed; fixes race condition (bsc#1203201). - Change sudo-ldap schema from ASCII to UTF8 (bsc#1197998). Important SUSE bug 1197998 SUSE bug 1203201 SUSE bug 1204986 CVE-2022-43995 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for xen fixes the following issues: - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806). - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807). - CVE-2021-28689: Fixed speculative vulnerabilities with bare (non-shim) 32-bit PV guests (bsc#1185104). - CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory (bsc#1204482) - CVE-2022-42309: xen: Xenstore: Guests can crash xenstored (bsc#1204485) - CVE-2022-42310: xen: Xenstore: Guests can create orphaned Xenstore nodes (bsc#1204487) - CVE-2022-42319: xen: Xenstore: Guests can cause Xenstore to not free temporary memory (bsc#1204488) - CVE-2022-42320: xen: Xenstore: Guests can get access to Xenstore nodes of deleted domains (bsc#1204489) - CVE-2022-42321: xen: Xenstore: Guests can crash xenstored via exhausting the stack (bsc#1204490) - CVE-2022-42322,CVE-2022-42323: xen: Xenstore: cooperating guests can create arbitrary numbers of nodes (bsc#1204494) - CVE-2022-42325,CVE-2022-42326: xen: Xenstore: Guests can create arbitrary number of nodes via transactions (bsc#1204496) - xen: Frontends vulnerable to backends (bsc#1193923) Important SUSE bug 1185104 SUSE bug 1193923 SUSE bug 1203806 SUSE bug 1203807 SUSE bug 1204482 SUSE bug 1204485 SUSE bug 1204487 SUSE bug 1204488 SUSE bug 1204489 SUSE bug 1204490 SUSE bug 1204494 SUSE bug 1204496 CVE-2021-28689 CVE-2022-33746 CVE-2022-33748 CVE-2022-42309 CVE-2022-42310 CVE-2022-42311 CVE-2022-42312 CVE-2022-42313 CVE-2022-42314 CVE-2022-42315 CVE-2022-42316 CVE-2022-42317 CVE-2022-42318 CVE-2022-42319 CVE-2022-42320 CVE-2022-42321 CVE-2022-42322 CVE-2022-42323 CVE-2022-42325 CVE-2022-42326 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 102.5.0 ESR (MFSA 2022-48, bsc#1205270): - CVE-2022-45403: Service Workers might have learned size of cross-origin media files - CVE-2022-45404: Fullscreen notification bypass - CVE-2022-45405: Use-after-free in InputStream implementation - CVE-2022-45406: Use-after-free of a JavaScript Realm - CVE-2022-45408: Fullscreen notification bypass via windowName - CVE-2022-45409: Use-after-free in Garbage Collection - CVE-2022-45410: ServiceWorker-intercepted requests bypassed SameSite cookie policy - CVE-2022-45411: Cross-Site Tracing was possible via non-standard override headers - CVE-2022-45412: Symlinks may resolve to partially uninitialized buffers - CVE-2022-45416: Keystroke Side-Channel Leakage - CVE-2022-45418: Custom mouse cursor could have been drawn over browser UI - CVE-2022-45420: Iframe contents could be rendered outside the iframe - CVE-2022-45421: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5 Important SUSE bug 1205270 CVE-2022-45403 CVE-2022-45404 CVE-2022-45405 CVE-2022-45406 CVE-2022-45408 CVE-2022-45409 CVE-2022-45410 CVE-2022-45411 CVE-2022-45412 CVE-2022-45416 CVE-2022-45418 CVE-2022-45420 CVE-2022-45421 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for tiff fixes the following issues: - CVE-2022-3597: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204641). - CVE-2022-3599: Fixed out-of-bounds read in writeSingleSection in tools/tiffcrop.c (bnc#1204643). - CVE-2022-3626: Fixed out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c (bnc#1204644) - CVE-2022-3627: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204645). - CVE-2022-3970: Fixed unsigned integer overflow in TIFFReadRGBATileExt() (bnc#1205392). Important SUSE bug 1204641 SUSE bug 1204643 SUSE bug 1204644 SUSE bug 1204645 SUSE bug 1205392 CVE-2022-3597 CVE-2022-3599 CVE-2022-3626 CVE-2022-3627 CVE-2022-3970 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for pixman fixes the following issues: - CVE-2022-44638: Fixed an integer overflow in pixman_sample_floor_y leading to heap out-of-bounds write (bsc#1205033). Important SUSE bug 1205033 CVE-2022-44638 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for python3 fixes the following issues: - CVE-2020-10735: Fixed possible DoS when converting text to int and vice versa (bsc#1203125). - CVE-2022-45061: Fixed possible DoS when IDNA decoding extremely long domain names (bsc#1205244). Important SUSE bug 1203125 SUSE bug 1205244 CVE-2020-10735 CVE-2022-45061 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for exiv2 fixes the following issues: - CVE-2019-13112: Fixed an uncontrolled memory allocation in PngChunk:parseChunkContent causing denial of service. (bsc#1142681) - CVE-2021-37620: Fixed out-of-bounds read in XmpTextValue:read(). (bsc#1189332) - CVE-2021-34334: Fixed a DoS due to integer overflow in loop counter. (bsc#1189338) - CVE-2021-31291: Fixed a heap-based buffer overflow vulnerability in jp2image.cpp may lead to a denial of service via crafted metadata (bsc#1188733). - CVE-2021-32815: Fixed a deny-of-service due to assertion failure in crwimage_int.cpp (bsc#1189337). - CVE-2018-20097: Fixed SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroupsu (bsc#1119562). - CVE-2021-29457: Fixed a heap buffer overflow when write metadata into a crafted image file (bsc#1185002). - CVE-2021-29473: Fixed out-of-bounds read in Exiv2::Jp2Image:doWriteMetadata (bsc#1186231). Important SUSE bug 1119562 SUSE bug 1142681 SUSE bug 1185002 SUSE bug 1186231 SUSE bug 1188733 SUSE bug 1189332 SUSE bug 1189337 SUSE bug 1189338 CVE-2018-20097 CVE-2019-13112 CVE-2021-29457 CVE-2021-29473 CVE-2021-31291 CVE-2021-32815 CVE-2021-34334 CVE-2021-37620 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for busybox fixes the following issues: - CVE-2014-9645: Fixed loading of unwanted modules with / (bsc#914660). - CVE-2017-16544: Fixed insufficient sanitization of filenames when autocompleting (bsc#1069412). - CVE-2015-9261: Fixed huft_build misuses a pointer, causing segfaults (bsc#1102912). - CVE-2016-2147: Fixed out of bounds write (heap) due to integer underflow in udhcpc (bsc#970663). - CVE-2016-2148: Fixed heap-based buffer overflow in OPTION_6RD parsing (bsc#970662). - CVE-2016-6301: Fixed NTP server denial of service flaw (bsc#991940). - CVE-2017-15873: Fixed integer overflow in get_next_block function in archival/libarchive/decompress_bunzip2.c (bsc#1064976). - CVE-2017-15874: Fixed integer overflow in archival/libarchive/decompress_unlzma (bsc#1064978). - CVE-2019-5747: Fixed out of bounds read in udhcp components (bsc#1121428). - CVE-2021-42373, CVE-2021-42374, CVE-2021-42375, CVE-2021-42376, CVE-2021-42377, CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386: v1.34.0 bugfixes (bsc#1192869). - CVE-2021-28831: Fixed invalid free or segmentation fault via malformed gzip data (bsc#1184522). - CVE-2018-20679: Fixed out of bounds read in udhcp (bsc#1121426). - CVE-2018-1000517: Fixed heap-based buffer overflow in the retrieve_file_data() (bsc#1099260). - CVE-2011-5325: Fixed tar directory traversal (bsc#951562). - CVE-2018-1000500: Fixed missing SSL certificate validation in wget (bsc#1099263). - Update to 1.35.0 - awk: fix printf %%, fix read beyond end of buffer - chrt: silence analyzer warning - libarchive: remove duplicate forward declaration - mount: 'mount -o rw ....' should not fall back to RO mount - ps: fix -o pid=PID,args interpreting entire 'PID,args' as header - tar: prevent malicious archives with long name sizes causing OOM - udhcpc6: fix udhcp_find_option to actually find DHCP6 options - xxd: fix -p -r - support for new optoins added to basename, cpio, date, find, mktemp, wget and others - Enable fdisk (jsc#CAR-16) - Update to 1.34.1: * build system: use SOURCE_DATE_EPOCH for timestamp if available * many bug fixes and new features * touch: make FEATURE_TOUCH_NODEREF unconditional - update to 1.33.1: * httpd: fix sendfile * ash: fix HISTFILE corruptio * ash: fix unset variable pattern expansion * traceroute: fix option parsing * gunzip: fix for archive corruption - Update to version 1.33.0 - many bug fixes and new features - Update to version 1.32.1 - fixes a case where in ash, 'wait' never finishes. - prepare usrmerge (bsc#1029961) - Enable testsuite and package it for later rerun (for QA, jsc#CAR-15) - Update to version 1.31.1: + Bug fix release. 1.30.1 has fixes for dc, ash (PS1 expansion fix), hush, dpkg-deb, telnet and wget. - Changes from version 1.31.0: + many bugfixes and new features. - Add busybox-no-stime.patch: stime() has been deprecated in glibc 2.31 and replaced with clock_settime(). - update to 1.25.1: * fixes for hush, gunzip, ip route, ntpd - includes changes from 1.25.0: * many added and expanded implementations of command options - includes changes from 1.24.2: * fixes for build system (static build with glibc fixed), truncate, gunzip and unzip. - Update to version 1.24.1 * for a full list of changes see http://www.busybox.net/news.html - Refresh busybox.install.patch - Update to 1.23.2 * for a full list of changes see http://www.busybox.net/news.html - Cleaned up spec file with spec-cleaner - Refreshed patches - update to 1.22.1: Many updates and fixes for most included tools, see see http://www.busybox.net/news.html Important SUSE bug 1029961 SUSE bug 1064976 SUSE bug 1064978 SUSE bug 1069412 SUSE bug 1099260 SUSE bug 1099263 SUSE bug 1102912 SUSE bug 1121426 SUSE bug 1121428 SUSE bug 1184522 SUSE bug 1191514 SUSE bug 1192869 SUSE bug 914660 SUSE bug 951562 SUSE bug 970662 SUSE bug 970663 SUSE bug 991940 CVE-2011-5325 CVE-2014-9645 CVE-2015-9261 CVE-2016-2147 CVE-2016-2148 CVE-2016-6301 CVE-2017-15873 CVE-2017-15874 CVE-2017-16544 CVE-2018-1000500 CVE-2018-1000517 CVE-2018-20679 CVE-2019-5747 CVE-2021-28831 CVE-2021-42373 CVE-2021-42374 CVE-2021-42375 CVE-2021-42376 CVE-2021-42377 CVE-2021-42378 CVE-2021-42379 CVE-2021-42380 CVE-2021-42381 CVE-2021-42382 CVE-2021-42383 CVE-2021-42384 CVE-2021-42385 CVE-2021-42386 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for python fixes the following issues: - CVE-2022-45061: Fixed a quadratic IDNA decoding time (bsc#1205244). The following non-security bug was fixed: - Making compileall.py compliant with year 2038, backport of fix to Python 2.7 (bsc#1202666, gh#python/cpython#79171). Important SUSE bug 1202666 SUSE bug 1205244 CVE-2022-45061 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for binutils fixes the following issues: The following security bugs were fixed: - CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcpp_file.h (bsc#1142579). - CVE-2021-3530: Fixed stack-based buffer overflow in demangle_path() in rust-demangle.c (bsc#1185597). - CVE-2021-3648: Fixed infinite loop while demangling rust symbols (bsc#1188374). - CVE-2021-3826: Fixed heap/stack buffer overflow in the dlang_lname function in d-demangle.c (bsc#1202969). - CVE-2021-45078: Fixed out-of-bounds write in stab_xcoff_builtin_type() in stabs.c (bsc#1193929). - CVE-2021-46195: Fixed uncontrolled recursion in libiberty/rust-demangle.c (bsc#1194783). - CVE-2022-27943: Fixed stack exhaustion in demangle_const in (bsc#1197592). - CVE-2022-38126: Fixed assertion fail in the display_debug_names() function in binutils/dwarf.c (bsc#1202966). - CVE-2022-38127: Fixed NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c (bsc#1202967). - CVE-2022-38533: Fixed heap out-of-bounds read in bfd_getl32 (bsc#1202816). The following non-security bugs were fixed: - SLE toolchain update of binutils, update to 2.39 from 2.37. - Update to 2.39: * The ELF linker will now generate a warning message if the stack is made executable. Similarly it will warn if the output binary contains a segment with all three of the read, write and execute permission bits set. These warnings are intended to help developers identify programs which might be vulnerable to attack via these executable memory regions. The warnings are enabled by default but can be disabled via a command line option. It is also possible to build a linker with the warnings disabled, should that be necessary. * The ELF linker now supports a --package-metadata option that allows embedding a JSON payload in accordance to the Package Metadata specification. * In linker scripts it is now possible to use TYPE=<type> in an output section description to set the section type value. * The objdump program now supports coloured/colored syntax highlighting of its disassembler output for some architectures. (Currently: AVR, RiscV, s390, x86, x86_64). * The nm program now supports a --no-weak/-W option to make it ignore weak symbols. * The readelf and objdump programs now support a -wE option to prevent them from attempting to access debuginfod servers when following links. * The objcopy program's --weaken, --weaken-symbol, and --weaken-symbols options now works with unique symbols as well. - Update to 2.38: * elfedit: Add --output-abiversion option to update ABIVERSION. * Add support for the LoongArch instruction set. * Tools which display symbols or strings (readelf, strings, nm, objdump) have a new command line option which controls how unicode characters are handled. By default they are treated as normal for the tool. Using --unicode=locale will display them according to the current locale. Using --unicode=hex will display them as hex byte values, whilst --unicode=escape will display them as escape sequences. In addition using --unicode=highlight will display them as unicode escape sequences highlighted in red (if supported by the output device). * readelf -r dumps RELR relative relocations now. * Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been added to objcopy in order to enable UEFI development using binutils (bsc#1198458). * ar: Add --thin for creating thin archives. -T is a deprecated alias without diagnostics. In many ar implementations -T has a different meaning, as specified by X/Open System Interface. * Add support for AArch64 system registers that were missing in previous releases. * Add support for the LoongArch instruction set. * Add a command-line option, -muse-unaligned-vector-move, for x86 target to encode aligned vector move as unaligned vector move. * Add support for Cortex-R52+ for Arm. * Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64. * Add support for Cortex-A710 for Arm. * Add support for Scalable Matrix Extension (SME) for AArch64. * The --multibyte-handling=[allow|warn|warn-sym-only] option tells the assembler what to when it encoutners multibyte characters in the input. The default is to allow them. Setting the option to 'warn' will generate a warning message whenever any multibyte character is encountered. Using the option to 'warn-sym-only' will make the assembler generate a warning whenever a symbol is defined containing multibyte characters. (References to undefined symbols will not generate warnings). * Outputs of .ds.x directive and .tfloat directive with hex input from x86 assembler have been reduced from 12 bytes to 10 bytes to match the output of .tfloat directive. * Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in AArch64 GAS. * Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS. * Add support for Intel AVX512_FP16 instructions. * Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF linker to pack relative relocations in the DT_RELR section. * Add support for the LoongArch architecture. * Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF linker to control canonical function pointers and copy relocation. * Add --max-cache-size=SIZE to set the the maximum cache size to SIZE bytes. - Fixed regression that prevented .ko.debug to be loaded in crash tool (bsc#1191908). - Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes. - Add gprofng subpackage. - Include recognition of 'z16' name for 'arch14' on s390. (bsc#1198237). - Add back fix for bsc#1191473, which got lost in the update to 2.38. - Install symlinks for all target specific tools on arm-eabi-none (bsc#1185712). - Enable PRU architecture for AM335x CPU (Beagle Bone Black board) Important SUSE bug 1142579 SUSE bug 1185597 SUSE bug 1185712 SUSE bug 1188374 SUSE bug 1191473 SUSE bug 1191908 SUSE bug 1193929 SUSE bug 1194783 SUSE bug 1197592 SUSE bug 1198237 SUSE bug 1198458 SUSE bug 1202816 SUSE bug 1202966 SUSE bug 1202967 SUSE bug 1202969 CVE-2019-1010204 CVE-2021-3530 CVE-2021-3648 CVE-2021-3826 CVE-2021-45078 CVE-2021-46195 CVE-2022-27943 CVE-2022-38126 CVE-2022-38127 CVE-2022-38533 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS Security fixes: - CVE-2022-32888: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205121). - CVE-2022-32923: Fixed possible information leak via maliciously crafted web content (bsc#1205122). - CVE-2022-42799: Fixed user interface spoofing when visiting a malicious website (bsc#1205123). - CVE-2022-42823: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205120). - CVE-2022-42824: Fixed possible sensitive user information leak via maliciously crafted web content (bsc#1205124). Update to version 2.38.2: - Fix scrolling issues in some sites having fixed background. - Fix prolonged buffering during progressive live playback. - Fix the build with accessibility disabled. - Fix several crashes and rendering issues. Update to version 2.38.1: - Make xdg-dbus-proxy work if host session bus address is an abstract socket. - Use a single xdg-dbus-proxy process when sandbox is enabled. - Fix high resolution video playback due to unimplemented changeType operation. - Ensure GSubprocess uses posix_spawn() again and inherit file descriptors. - Fix player stucking in buffering (paused) state for progressive streaming. - Do not try to preconnect on link click when link preconnect setting is disabled. - Fix close status code returned when the client closes a WebSocket in some cases. - Fix media player duration calculation. - Fix several crashes and rendering issues. Update to version 2.38.0: - New media controls UI style. - Add new API to set WebView's Content-Security-Policy for web extensions support. - Make it possible to use the remote inspector from other browsers using WEBKIT_INSPECTOR_HTTP_SERVER env var. - MediaSession is enabled by default, allowing remote media control using MPRIS. - Add support for PDF documents using PDF.js. Important SUSE bug 1205120 SUSE bug 1205121 SUSE bug 1205122 SUSE bug 1205123 SUSE bug 1205124 CVE-2022-32888 CVE-2022-32923 CVE-2022-42799 CVE-2022-42823 CVE-2022-42824 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for java-1_8_0-ibm fixes the following issues: - CVE-2022-21626: An unauthenticated attacker with network access via HTTPS can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204471). - CVE-2022-21618: An unauthenticated attacker with network access via Kerberos can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204468). - CVE-2022-21619: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE (bsc#1204473). - CVE-2022-21628: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204472). - CVE-2022-21624: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise (bsc#1204475). - CVE-2022-39399: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204480). - Update to Java 8.0 Service Refresh 7 Fix Pack 20 [bsc#1205302] * Security: - The IBM ORB Does Not Support Object-Serialisation Data Filtering - Large Allocation In CipherSuite - Avoid Evaluating Sslalgorithmconstraints Twice - Cache The Results Of Constraint Checks - An incorrect ShortBufferException is thrown by IBMJCEPlus, IBMJCEPlusFIPS during cipher update operation - Disable SHA-1 Signed Jars For Ea - JSSE Performance Improvement - Oracle Road Map Kerberos Deprecation Of 3DES And RC4 Encryption * Java 8/Orb: - Upgrade ibmcfw.jar To Version o2228.02 * Class Libraries: - Crash In Libjsor.So During An Rdma Failover - High CPU Consumption Observed In ZosEventPort$EventHandlerTask.run - Update Timezone Information To The Latest tzdata2022c * Jit Compiler: - Crash During JIT Compilation - Incorrect JIT Optimization Of Java Code - Incorrect Return From Class.isArray() - Unexpected ClassCastException - Performance Regression When Calling VM Helper Code On X86 * X/Os Extentions: - Add RSA-OAEP Cipher Function To IBMJCECCA - Update to Java 8.0 Service Refresh 7 Fix Pack 16 * Java Virtual Machine - Assertion failure at ClassLoaderRememberedSet.cpp - Assertion failure at StandardAccessBarrier.cpp when -Xgc:concurrentScavenge is set. - GC can have unflushed ownable synchronizer objects which can eventually lead to heap corruption and failure when -Xgc:concurrentScavenge is set. * JIT Compiler: - Incorrect JIT optimization of Java code - JAVA JIT Power: JIT compile time assert on AIX or LINUXPPC * Reliability and Serviceability: - javacore with 'kill -3' SIGQUIT signal freezes Java process Moderate SUSE bug 1204468 SUSE bug 1204471 SUSE bug 1204472 SUSE bug 1204473 SUSE bug 1204475 SUSE bug 1204480 SUSE bug 1205302 CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-39399 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for supportutils fixes the following issues: Security issues fixed: - Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818) Moderate SUSE bug 1203818 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for grub2 fixes the following issues: Security Fixes: - CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178). - CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182). Other: - Bump upstream SBAT generation to 3 - Fix unreadable filesystem with xfs v4 superblock (bsc#1205520). - Remove zfs modules (bsc#1205554). Important SUSE bug 1205178 SUSE bug 1205182 SUSE bug 1205520 SUSE bug 1205554 CVE-2022-2601 CVE-2022-3775 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for tomcat fixes the following issues: - CVE-2022-42252: Fixed a request smuggling (bsc#1204918). Important SUSE bug 1204918 CVE-2022-42252 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for emacs fixes the following issues: - CVE-2022-45939: Fixed shell command injection via source code files when using ctags (bsc#1205822). Important SUSE bug 1205822 CVE-2022-45939 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). Important SUSE bug 1205126 CVE-2022-42898 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u352 (icedtea-3.25.0): - CVE-2022-21619,CVE-2022-21624: Fixed difficult to exploit vulnerability allows unauthenticated attacker with network access and can cause unauthorized update, insert or delete access via multiple protocols (bsc#1204473,bsc#1204475). - CVE-2022-21626: Fixed easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to cause partial denial of service (bsc#1204471). - CVE-2022-21628: Fixed easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to cause partial denial of service (bsc#1204472). Moderate SUSE bug 1204471 SUSE bug 1204472 SUSE bug 1204473 SUSE bug 1204475 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS glibc was updated to fix the following issues: Security issues fixed: - CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640) - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770) Bugs fixed: - Make endian-conversion macros always return correct types (bsc#1193478, BZ #16458) - Allow dlopen of filter object to work (bsc#1192620, BZ #16272) - x86: fix stack alignment in cancelable syscall stub (bsc#1191835) Important SUSE bug 1191835 SUSE bug 1192620 SUSE bug 1193478 SUSE bug 1194640 SUSE bug 1194768 SUSE bug 1194770 CVE-2021-3999 CVE-2022-23218 CVE-2022-23219 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 102.6.0 ESR (bsc#1206242): - CVE-2022-46880: Use-after-free in WebGL - CVE-2022-46872: Arbitrary file read from a compromised content process - CVE-2022-46881: Memory corruption in WebGL - CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions - CVE-2022-46875: Download Protections were bypassed by .atloc and .ftploc files on Mac OS - CVE-2022-46882: Use-after-free in WebGL - CVE-2022-46878: Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6 Important SUSE bug 1206242 CVE-2022-46872 CVE-2022-46874 CVE-2022-46875 CVE-2022-46878 CVE-2022-46880 CVE-2022-46881 CVE-2022-46882 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for zabbix fixes the following issues: - CVE-2022-43515: X-Forwarded-For header is active by default causes access to Zabbix sites in maintenance mode (bsc#1206083). Moderate SUSE bug 1206083 CVE-2022-43515 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for xorg-x11-server fixes the following issues: - CVE-2022-46340: Server XTestSwapFakeInput stack overflow (bsc#1205874) - CVE-2022-46341: Server XIPassiveUngrabDevice out-of-bounds access (bsc#1205877) - CVE-2022-46342: Server XvdiSelectVideoNotify use-after-free (bsc#1205879) - CVE-2022-46343: Server ScreenSaverSetAttributes use-after-free (bsc#1205878) - CVE-2022-46344: Server XIChangeProperty out-of-bounds access (bsc#1205876) - CVE-2022-4283: Reset the radio_groups pointer to NULL after freeing it (bsc#1206017) - Xi: return an error from XI property changes if verification failed (bsc#1205875) Important SUSE bug 1205874 SUSE bug 1205875 SUSE bug 1205876 SUSE bug 1205877 SUSE bug 1205878 SUSE bug 1205879 SUSE bug 1206017 CVE-2022-4283 CVE-2022-46340 CVE-2022-46341 CVE-2022-46342 CVE-2022-46343 CVE-2022-46344 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for java-1_7_1-ibm fixes the following issues: IBM Security Update November 2022: (bsc#1205302, bsc#1204703) - CVE-2022-3676: A security vulnerability was fixed in version 7.1.5.15, adding the reference here. Moderate SUSE bug 1204703 SUSE bug 1205302 CVE-2022-3676 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for java-1_8_0-ibm fixes the following issues: IBM Security Update November 2022: (bsc#1205302, bsc#1204703) - CVE-2022-3676: A security vulnerability was fixed in version 8.0.7.20, adding the reference here. Moderate SUSE bug 1204703 SUSE bug 1205302 CVE-2022-3676 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-42328: Guests could trigger denial of service via the netback driver (bsc#1206114). - CVE-2022-42329: Guests could trigger denial of service via the netback driver (bsc#1206113). - CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bsc#1206113). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bsc#1202686). - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bsc#1198702). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bsc#1204653). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bsc#1204402). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bsc#1204635). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bsc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bsc#1204647). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bsc#1204574). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bsc#1204479). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204431). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bsc#1204354). - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory (bsc#1203514). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bsc#1204168). - CVE-2022-3169: Fixed an denial of service though request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290). - CVE-2022-40307: Fixed a race condition that could had been exploited to trigger a use-after-free in the efi firmware capsule-loader.c (bsc#1203322). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-3521: Fixed a race condition in kcm_tx_work() of the file net/kcm/kcmsock.c (bsc#1204355). - CVE-2022-2153: Fixed a NULL pointer dereference in the KVM subsystem, when attempting to set a SynIC IRQ (bsc#1200788). - CVE-2022-41848: Fixed a race condition in drivers/char/pcmcia/synclink_cs.c mgslpc_ioctl and mgslpc_detach (bsc#1203987). The following non-security bugs were fixed: - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - sunrpc: Re-purpose trace_svc_process (bsc#1205006). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - x86/hyperv: Set pv_info.name to 'Hyper-V' (git-fixes). Important SUSE bug 1196018 SUSE bug 1198702 SUSE bug 1200788 SUSE bug 1201455 SUSE bug 1202686 SUSE bug 1203008 SUSE bug 1203183 SUSE bug 1203290 SUSE bug 1203322 SUSE bug 1203514 SUSE bug 1203960 SUSE bug 1203987 SUSE bug 1204166 SUSE bug 1204168 SUSE bug 1204170 SUSE bug 1204354 SUSE bug 1204355 SUSE bug 1204402 SUSE bug 1204414 SUSE bug 1204415 SUSE bug 1204424 SUSE bug 1204431 SUSE bug 1204432 SUSE bug 1204439 SUSE bug 1204479 SUSE bug 1204574 SUSE bug 1204576 SUSE bug 1204631 SUSE bug 1204635 SUSE bug 1204636 SUSE bug 1204646 SUSE bug 1204647 SUSE bug 1204653 SUSE bug 1204868 SUSE bug 1205006 SUSE bug 1205128 SUSE bug 1205130 SUSE bug 1205220 SUSE bug 1205473 SUSE bug 1205514 SUSE bug 1205671 SUSE bug 1205705 SUSE bug 1205709 SUSE bug 1205796 SUSE bug 1206113 SUSE bug 1206114 SUSE bug 1206207 CVE-2021-4037 CVE-2022-2153 CVE-2022-28693 CVE-2022-28748 CVE-2022-2964 CVE-2022-3169 CVE-2022-3424 CVE-2022-3521 CVE-2022-3524 CVE-2022-3542 CVE-2022-3545 CVE-2022-3565 CVE-2022-3567 CVE-2022-3586 CVE-2022-3594 CVE-2022-3621 CVE-2022-3628 CVE-2022-3629 CVE-2022-3635 CVE-2022-3643 CVE-2022-3646 CVE-2022-3649 CVE-2022-3903 CVE-2022-40307 CVE-2022-40768 CVE-2022-4095 CVE-2022-41848 CVE-2022-41850 CVE-2022-41858 CVE-2022-42328 CVE-2022-42329 CVE-2022-42703 CVE-2022-42895 CVE-2022-42896 CVE-2022-43750 CVE-2022-4378 CVE-2022-43945 CVE-2022-45934 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for vim fixes the following issues: Updated to version 9.0.0814: * Fixing bsc#1192478 VUL-1: CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow * Fixing bsc#1203508 VUL-0: CVE-2022-3234: vim: Heap-based Buffer Overflow prior to 9.0.0483. * Fixing bsc#1203509 VUL-1: CVE-2022-3235: vim: Use After Free in GitHub prior to 9.0.0490. * Fixing bsc#1203820 VUL-0: CVE-2022-3324: vim: Stack-based Buffer Overflow in prior to 9.0.0598. * Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c * Fixing bsc#1203152 VUL-1: CVE-2022-2982: vim: use after free in qf_fill_buffer() * Fixing bsc#1203796 VUL-1: CVE-2022-3296: vim: stack out of bounds read in ex_finally() in ex_eval.c * Fixing bsc#1203797 VUL-1: CVE-2022-3297: vim: use-after-free in process_next_cpt_value() at insexpand.c * Fixing bsc#1203110 VUL-1: CVE-2022-3099: vim: Use After Free in ex_docmd.c * Fixing bsc#1203194 VUL-1: CVE-2022-3134: vim: use after free in do_tag() * Fixing bsc#1203272 VUL-1: CVE-2022-3153: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404. * Fixing bsc#1203799 VUL-1: CVE-2022-3278: vim: NULL pointer dereference in eval_next_non_blank() in eval.c * Fixing bsc#1203924 VUL-1: CVE-2022-3352: vim: vim: use after free * Fixing bsc#1203155 VUL-1: CVE-2022-2980: vim: null pointer dereference in do_mouse() * Fixing bsc#1202962 VUL-1: CVE-2022-3037: vim: Use After Free in vim prior to 9.0.0321 * Fixing bsc#1200884 Vim: Error on startup * Fixing bsc#1200902 VUL-0: CVE-2022-2183: vim: Out-of-bounds Read through get_lisp_indent() Mon 13:32 * Fixing bsc#1200903 VUL-0: CVE-2022-2182: vim: Heap-based Buffer Overflow through parse_cmd_address() Tue 08:37 * Fixing bsc#1200904 VUL-0: CVE-2022-2175: vim: Buffer Over-read through cmdline_insert_reg() Tue 08:37 * Fixing bsc#1201249 VUL-0: CVE-2022-2304: vim: stack buffer overflow in spell_dump_compl() * Fixing bsc#1201356 VUL-1: CVE-2022-2343: vim: Heap-based Buffer Overflow in GitHub repository vim prior to 9.0.0044 * Fixing bsc#1201359 VUL-1: CVE-2022-2344: vim: Another Heap-based Buffer Overflow vim prior to 9.0.0045 * Fixing bsc#1201363 VUL-1: CVE-2022-2345: vim: Use After Free in GitHub repository vim prior to 9.0.0046. * Fixing bsc#1201620 vim: SLE-15-SP4-Full-x86_64-GM-Media1 and vim-plugin-tlib-1.27-bp154.2.18.noarch issue * Fixing bsc#1202414 VUL-1: CVE-2022-2819: vim: Heap-based Buffer Overflow in compile_lock_unlock() * Fixing bsc#1202552 VUL-1: CVE-2022-2874: vim: NULL Pointer Dereference in generate_loadvar() * Fixing bsc#1200270 VUL-1: CVE-2022-1968: vim: use after free in utf_ptr2char * Fixing bsc#1200697 VUL-1: CVE-2022-2124: vim: out of bounds read in current_quote() * Fixing bsc#1200698 VUL-1: CVE-2022-2125: vim: out of bounds read in get_lisp_indent() * Fixing bsc#1200700 VUL-1: CVE-2022-2126: vim: out of bounds read in suggest_trie_walk() * Fixing bsc#1200701 VUL-1: CVE-2022-2129: vim: out of bounds write in vim_regsub_both() * Fixing bsc#1200732 VUL-1: CVE-2022-1720: vim: out of bounds read in grab_file_name() * Fixing bsc#1201132 VUL-1: CVE-2022-2264: vim: out of bounds read in inc() * Fixing bsc#1201133 VUL-1: CVE-2022-2284: vim: out of bounds read in utfc_ptr2len() * Fixing bsc#1201134 VUL-1: CVE-2022-2285: vim: negative size passed to memmove() due to integer overflow * Fixing bsc#1201135 VUL-1: CVE-2022-2286: vim: out of bounds read in ins_bytes() * Fixing bsc#1201136 VUL-1: CVE-2022-2287: vim: out of bounds read in suggest_trie_walk() * Fixing bsc#1201150 VUL-1: CVE-2022-2231: vim: null pointer dereference skipwhite() * Fixing bsc#1201151 VUL-1: CVE-2022-2210: vim: out of bounds read in ml_append_int() * Fixing bsc#1201152 VUL-1: CVE-2022-2208: vim: null pointer dereference in diff_check() * Fixing bsc#1201153 VUL-1: CVE-2022-2207: vim: out of bounds read in ins_bs() * Fixing bsc#1201154 VUL-1: CVE-2022-2257: vim: out of bounds read in msg_outtrans_special() * Fixing bsc#1201155 VUL-1: CVE-2022-2206: vim: out of bounds read in msg_outtrans_attr() * Fixing bsc#1201863 VUL-1: CVE-2022-2522: vim: out of bounds read via nested autocommand * Fixing bsc#1202046 VUL-1: CVE-2022-2571: vim: Heap-based Buffer Overflow related to ins_comp_get_next_word_or_line() * Fixing bsc#1202049 VUL-1: CVE-2022-2580: vim: Heap-based Buffer Overflow related to eval_string() * Fixing bsc#1202050 VUL-1: CVE-2022-2581: vim: Out-of-bounds Read related to cstrchr() * Fixing bsc#1202051 VUL-1: CVE-2022-2598: vim: Undefined Behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput() * Fixing bsc#1202420 VUL-1: CVE-2022-2817: vim: Use After Free in f_assert_fails() * Fixing bsc#1202421 VUL-1: CVE-2022-2816: vim: Out-of-bounds Read in check_vim9_unlet() * Fixing bsc#1202511 VUL-1: CVE-2022-2862: vim: use-after-free in compile_nested_function() * Fixing bsc#1202512 VUL-1: CVE-2022-2849: vim: Invalid memory access related to mb_ptr2len() * Fixing bsc#1202515 VUL-1: CVE-2022-2845: vim: Buffer Over-read related to display_dollar() * Fixing bsc#1202599 VUL-1: CVE-2022-2889: vim: use-after-free in find_var_also_in_script() in evalvars.c * Fixing bsc#1202687 VUL-1: CVE-2022-2923: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240 * Fixing bsc#1202689 VUL-1: CVE-2022-2946: vim: use after free in function vim_vsnprintf_typval * Fixing bsc#1202862 VUL-1: CVE-2022-3016: vim: Use After Free in vim prior to 9.0.0285 Mon 12:00 * Fixing bsc#1191770 VUL-0: CVE-2021-3875: vim: heap-based buffer overflow * Fixing bsc#1192167 VUL-0: CVE-2021-3903: vim: heap-based buffer overflow * Fixing bsc#1192902 VUL-0: CVE-2021-3968: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1192903 VUL-0: CVE-2021-3973: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1192904 VUL-0: CVE-2021-3974: vim: vim is vulnerable to Use After Free * Fixing bsc#1193466 VUL-1: CVE-2021-4069: vim: use-after-free in ex_open() in src/ex_docmd.c * Fixing bsc#1193905 VUL-0: CVE-2021-4136: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1194093 VUL-1: CVE-2021-4166: vim: vim is vulnerable to Out-of-bounds Read * Fixing bsc#1194216 VUL-1: CVE-2021-4193: vim: vulnerable to Out-of-bounds Read * Fixing bsc#1194217 VUL-0: CVE-2021-4192: vim: vulnerable to Use After Free * Fixing bsc#1194872 VUL-0: CVE-2022-0261: vim: Heap-based Buffer Overflow in vim prior to 8.2. * Fixing bsc#1194885 VUL-0: CVE-2022-0213: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1195004 VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in vim prior to 8.2. * Fixing bsc#1195203 VUL-0: CVE-2022-0359: vim: heap-based buffer overflow in init_ccline() in ex_getln.c * Fixing bsc#1195354 VUL-0: CVE-2022-0407: vim: Heap-based Buffer Overflow in Conda vim prior to 8.2. * Fixing bsc#1198596 VUL-0: CVE-2022-1381: vim: global heap buffer overflow in skip_range * Fixing bsc#1199331 VUL-0: CVE-2022-1616: vim: Use after free in append_command * Fixing bsc#1199333 VUL-0: CVE-2022-1619: vim: Heap-based Buffer Overflow in function cmdline_erase_chars * Fixing bsc#1199334 VUL-0: CVE-2022-1620: vim: NULL Pointer Dereference in function vim_regexec_string * Fixing bsc#1199747 VUL-0: CVE-2022-1796: vim: Use After in find_pattern_in_path * Fixing bsc#1200010 VUL-0: CVE-2022-1897: vim: Out-of-bounds Write in vim * Fixing bsc#1200011 VUL-0: CVE-2022-1898: vim: Use After Free in vim prior to 8.2 * Fixing bsc#1200012 VUL-0: CVE-2022-1927: vim: Buffer Over-read in vim prior to 8.2 * Fixing bsc#1070955 VUL-1: CVE-2017-17087: vim: Sets the group ownership of a .swp file to the editor's primary group, which allows local users to obtain sensitive information * Fixing bsc#1194388 VUL-1: CVE-2022-0128: vim: vim is vulnerable to Out-of-bounds Read * Fixing bsc#1195332 VUL-1: CVE-2022-0392: vim: Heap-based Buffer Overflow in vim prior to 8.2 * Fixing bsc#1196361 VUL-1: CVE-2022-0696: vim: NULL Pointer Dereference in vim prior to 8.2 * Fixing bsc#1198748 VUL-1: CVE-2022-1420: vim: Out-of-range Pointer Offset * Fixing bsc#1199651 VUL-1: CVE-2022-1735: vim: heap buffer overflow * Fixing bsc#1199655 VUL-1: CVE-2022-1733: vim: Heap-based Buffer Overflow in cindent.c * Fixing bsc#1199693 VUL-1: CVE-2022-1771: vim: stack exhaustion in vim prior to 8.2. * Fixing bsc#1199745 VUL-1: CVE-2022-1785: vim: Out-of-bounds Write * Fixing bsc#1199936 VUL-1: CVE-2022-1851: vim: out of bounds read * Fixing bsc#1195004 - (CVE-2022-0318) VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in vim prior to 8.2. * Fixing bsc#1190570 CVE-2021-3796: vim: use-after-free in nv_replace() in normal.c * Fixing bsc#1191893 CVE-2021-3872: vim: heap-based buffer overflow in win_redr_status() drawscreen.c * Fixing bsc#1192481 CVE-2021-3927: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1192478 CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow * Fixing bsc#1193294 CVE-2021-4019: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1193298 CVE-2021-3984: vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow * Fixing bsc#1190533 CVE-2021-3778: vim: Heap-based Buffer Overflow in regexp_nfa.c * Fixing bsc#1194216 CVE-2021-4193: vim: vulnerable to Out-of-bounds Read * Fixing bsc#1194556 CVE-2021-46059: vim: A Pointer Dereference vulnerability exists in Vim 8.2.3883 via the vim_regexec_multi function at regexp.c, which causes a denial of service. * Fixing bsc#1195066 CVE-2022-0319: vim: Out-of-bounds Read in vim/vim prior to 8.2. * Fixing bsc#1195126 CVE-2022-0351: vim: uncontrolled recursion in eval7() * Fixing bsc#1195202 CVE-2022-0361: vim: Heap-based Buffer Overflow in vim prior to 8.2. * Fixing bsc#1195356 CVE-2022-0413: vim: use after free in src/ex_cmds.c Moderate SUSE bug 1070955 SUSE bug 1173256 SUSE bug 1174564 SUSE bug 1176549 SUSE bug 1182324 SUSE bug 1190533 SUSE bug 1190570 SUSE bug 1191770 SUSE bug 1191893 SUSE bug 1192167 SUSE bug 1192478 SUSE bug 1192481 SUSE bug 1192902 SUSE bug 1192903 SUSE bug 1192904 SUSE bug 1193294 SUSE bug 1193298 SUSE bug 1193466 SUSE bug 1193905 SUSE bug 1194093 SUSE bug 1194216 SUSE bug 1194217 SUSE bug 1194388 SUSE bug 1194556 SUSE bug 1194872 SUSE bug 1194885 SUSE bug 1195004 SUSE bug 1195066 SUSE bug 1195126 SUSE bug 1195202 SUSE bug 1195203 SUSE bug 1195332 SUSE bug 1195354 SUSE bug 1195356 SUSE bug 1196361 SUSE bug 1198596 SUSE bug 1198748 SUSE bug 1199331 SUSE bug 1199333 SUSE bug 1199334 SUSE bug 1199651 SUSE bug 1199655 SUSE bug 1199693 SUSE bug 1199745 SUSE bug 1199747 SUSE bug 1199936 SUSE bug 1200010 SUSE bug 1200011 SUSE bug 1200012 SUSE bug 1200270 SUSE bug 1200697 SUSE bug 1200698 SUSE bug 1200700 SUSE bug 1200701 SUSE bug 1200732 SUSE bug 1200884 SUSE bug 1200902 SUSE bug 1200903 SUSE bug 1200904 SUSE bug 1201132 SUSE bug 1201133 SUSE bug 1201134 SUSE bug 1201135 SUSE bug 1201136 SUSE bug 1201150 SUSE bug 1201151 SUSE bug 1201152 SUSE bug 1201153 SUSE bug 1201154 SUSE bug 1201155 SUSE bug 1201249 SUSE bug 1201356 SUSE bug 1201359 SUSE bug 1201363 SUSE bug 1201620 SUSE bug 1201863 SUSE bug 1202046 SUSE bug 1202049 SUSE bug 1202050 SUSE bug 1202051 SUSE bug 1202414 SUSE bug 1202420 SUSE bug 1202421 SUSE bug 1202511 SUSE bug 1202512 SUSE bug 1202515 SUSE bug 1202552 SUSE bug 1202599 SUSE bug 1202687 SUSE bug 1202689 SUSE bug 1202862 SUSE bug 1202962 SUSE bug 1203110 SUSE bug 1203152 SUSE bug 1203155 SUSE bug 1203194 SUSE bug 1203272 SUSE bug 1203508 SUSE bug 1203509 SUSE bug 1203796 SUSE bug 1203797 SUSE bug 1203799 SUSE bug 1203820 SUSE bug 1203924 SUSE bug 1204779 CVE-2009-0316 CVE-2016-1248 CVE-2017-17087 CVE-2017-5953 CVE-2017-6349 CVE-2017-6350 CVE-2021-3778 CVE-2021-3796 CVE-2021-3872 CVE-2021-3875 CVE-2021-3903 CVE-2021-3927 CVE-2021-3928 CVE-2021-3968 CVE-2021-3973 CVE-2021-3974 CVE-2021-3984 CVE-2021-4019 CVE-2021-4069 CVE-2021-4136 CVE-2021-4166 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 CVE-2022-0213 CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0392 CVE-2022-0407 CVE-2022-0413 CVE-2022-0696 CVE-2022-1381 CVE-2022-1420 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1720 CVE-2022-1733 CVE-2022-1735 CVE-2022-1771 CVE-2022-1785 CVE-2022-1796 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1927 CVE-2022-1968 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2175 CVE-2022-2182 CVE-2022-2183 CVE-2022-2206 CVE-2022-2207 CVE-2022-2208 CVE-2022-2210 CVE-2022-2231 CVE-2022-2257 CVE-2022-2264 CVE-2022-2284 CVE-2022-2285 CVE-2022-2286 CVE-2022-2287 CVE-2022-2304 CVE-2022-2343 CVE-2022-2344 CVE-2022-2345 CVE-2022-2522 CVE-2022-2571 CVE-2022-2580 CVE-2022-2581 CVE-2022-2598 CVE-2022-2816 CVE-2022-2817 CVE-2022-2819 CVE-2022-2845 CVE-2022-2849 CVE-2022-2862 CVE-2022-2874 CVE-2022-2889 CVE-2022-2923 CVE-2022-2946 CVE-2022-2980 CVE-2022-2982 CVE-2022-3016 CVE-2022-3037 CVE-2022-3099 CVE-2022-3134 CVE-2022-3153 CVE-2022-3234 CVE-2022-3235 CVE-2022-3278 CVE-2022-3296 CVE-2022-3297 CVE-2022-3324 CVE-2022-3352 CVE-2022-3705 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 Important SUSE bug 1206212 SUSE bug 1206622 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for virglrenderer fixes the following issues: - CVE-2022-0135: Fixed out-of-bonds write in read_transfer_data() (bsc#1195389). Important SUSE bug 1195389 CVE-2022-0135 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). Important SUSE bug 1195054 SUSE bug 1195217 CVE-2022-23852 CVE-2022-23990 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for tiff fixes the following issues: - CVE-2017-17095: Fixed DoS in tools/pal2rgb.c in pal2rgb (bsc#1071031). - CVE-2019-17546: Fixed integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image (bsc#1154365). - CVE-2020-19131: Fixed buffer overflow in tiffcrop that may cause DoS via the invertImage() function (bsc#1190312). - CVE-2020-35521: Fixed memory allocation failure in tif_read.c (bsc#1182808). - CVE-2020-35522: Fixed memory allocation failure in tif_pixarlog.c (bsc#1182809). - CVE-2020-35523: Fixed integer overflow in tif_getimage.c (bsc#1182811). - CVE-2020-35524: Fixed heap-based buffer overflow in TIFF2PDF tool (bsc#1182812). - CVE-2022-22844: Fixed out-of-bounds read in _TIFFmemcpy in tif_unix.c (bsc#1194539). Important SUSE bug 1071031 SUSE bug 1154365 SUSE bug 1182808 SUSE bug 1182809 SUSE bug 1182811 SUSE bug 1182812 SUSE bug 1190312 SUSE bug 1194539 CVE-2017-17095 CVE-2019-17546 CVE-2020-19131 CVE-2020-35521 CVE-2020-35522 CVE-2020-35523 CVE-2020-35524 CVE-2022-22844 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for tcpdump fixes the following issues: - CVE-2018-16301: Fixed segfault when handling large files (bsc#1195825). Moderate SUSE bug 1195825 CVE-2018-16301 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for xerces-j2 fixes the following issues: - CVE-2022-23437: Fixed infinite loop within Apache XercesJ xml parser (bsc#1195108). Important SUSE bug 1195108 CVE-2022-23437 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.6.0 ESR / MFSA 2022-05 (bsc#1195682) - CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance Service - CVE-2022-22754: Extensions could have bypassed permission confirmation during update - CVE-2022-22756: Drag and dropping an image could have resulted in the dropped object being an executable - CVE-2022-22759: Sandboxed iframes could have executed script if the parent appended elements - CVE-2022-22760: Cross-Origin responses could be distinguished between script and non-script content-types - CVE-2022-22761: frame-ancestors Content Security Policy directive was not enforced for framed extension pages - CVE-2022-22763: Script Execution during invalid object state - CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6 Firefox Extended Support Release 91.5.1 ESR (bsc#1195230) - Fixed an issue that allowed unexpected data to be submitted in some of our search telemetry Important SUSE bug 1195230 SUSE bug 1195682 CVE-2022-22753 CVE-2022-22754 CVE-2022-22756 CVE-2022-22759 CVE-2022-22760 CVE-2022-22761 CVE-2022-22763 CVE-2022-22764 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220207 release. - CVE-2021-0146: Fixed a potential security vulnerability in some Intel Processors may allow escalation of privilege (bsc#1192615) - CVE-2021-0127: Intel Processor Breakpoint Control Flow (bsc#1195779) - CVE-2021-0145: Fast store forward predictor - Cross Domain Training (bsc#1195780) - CVE-2021-33120: Out of bounds read for some Intel Atom processors (bsc#1195781) - Security updates for [INTEL-SA-00528](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html) - Security updates for [INTEL-SA-00532](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00532.html) Important SUSE bug 1192615 SUSE bug 1195779 SUSE bug 1195780 SUSE bug 1195781 CVE-2021-0127 CVE-2021-0145 CVE-2021-0146 CVE-2021-33120 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for apache2 fixes the following issues: - CVE-2021-44224: Fixed NULL dereference or SSRF in forward proxy configurations. (bsc#1193943) - CVE-2021-44790: Fixed buffer overflow when parsing multipart content in mod_lua. (bsc#1193942) Important SUSE bug 1193942 SUSE bug 1193943 CVE-2021-44224 CVE-2021-44790 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for webkit2gtk3 fixes the following issues: Update to version 2.34.5 (bsc#1195735): - CVE-2022-22589: A validation issue was addressed with improved input sanitization. - CVE-2022-22590: A use after free issue was addressed with improved memory management. - CVE-2022-22592: A logic issue was addressed with improved state management. Update to version 2.34.4 (bsc#1195064): - CVE-2021-30934: A buffer overflow issue was addressed with improved memory handling. - CVE-2021-30936: A use after free issue was addressed with improved memory management. - CVE-2021-30951: A use after free issue was addressed with improved memory management. - CVE-2021-30952: An integer overflow was addressed with improved input validation. - CVE-2021-30953: An out-of-bounds read was addressed with improved bounds checking. - CVE-2021-30954: A type confusion issue was addressed with improved memory handling. - CVE-2021-30984: A race condition was addressed with improved state handling. - CVE-2022-22594: A cross-origin issue in the IndexDB API was addressed with improved input validation. The following CVEs were addressed in a previous update: - CVE-2021-45481: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create. - CVE-2021-45482: A use-after-free in WebCore::ContainerNode::firstChild. - CVE-2021-45483: A use-after-free in WebCore::Frame::page. Important SUSE bug 1195064 SUSE bug 1195735 CVE-2021-30934 CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 CVE-2021-45481 CVE-2021-45482 CVE-2021-45483 CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 CVE-2022-22594 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). Important SUSE bug 1196036 CVE-2022-24407 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). Important SUSE bug 1196025 SUSE bug 1196026 SUSE bug 1196168 SUSE bug 1196169 SUSE bug 1196171 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for zsh fixes the following issues: - CVE-2021-45444: Fixed a vulnerability where arbitrary shell commands could be executed related to prompt expansion (bsc#1196435). - CVE-2019-20044: Fixed a vulnerability where shell privileges would not be properly dropped when unsetting the PRIVILEGED option (bsc#1163882). - CVE-2018-1100: Fixed a potential code execution via a stack-based buffer overflow in utils.c:checkmailpath() (bsc#1089030). Important SUSE bug 1089030 SUSE bug 1163882 SUSE bug 1196435 CVE-2018-1100 CVE-2019-20044 CVE-2021-45444 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155). - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897). - CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516). - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). - CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). The following non-security bugs were fixed: - NFSv4.x: by default serialize open/close operations (bsc#1114893 bsc#1195934). - crypto: af_alg - get_page upon reassignment to TX SGL (bsc#1195840). - hv_netvsc: fix network namespace issues with VF support (bsc#1107207). - hv_netvsc: move VF to same namespace as netvsc device (bsc#1107207). - lib/iov_iter: initialize 'flags' in new pipe_buffer (bsc#1196584). Important SUSE bug 1107207 SUSE bug 1114893 SUSE bug 1185973 SUSE bug 1191580 SUSE bug 1194516 SUSE bug 1195536 SUSE bug 1195543 SUSE bug 1195612 SUSE bug 1195840 SUSE bug 1195897 SUSE bug 1195908 SUSE bug 1195934 SUSE bug 1195949 SUSE bug 1195987 SUSE bug 1196079 SUSE bug 1196155 SUSE bug 1196584 SUSE bug 1196601 SUSE bug 1196612 CVE-2021-44879 CVE-2022-0001 CVE-2022-0002 CVE-2022-0487 CVE-2022-0492 CVE-2022-0617 CVE-2022-0644 CVE-2022-0847 CVE-2022-24448 CVE-2022-24959 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.6.1 ESR (bsc#1196809): - CVE-2022-26485: Use-after-free in XSLT parameter processing - CVE-2022-26486: Use-after-free in WebGPU IPC Framework Important SUSE bug 1196809 CVE-2022-26485 CVE-2022-26486 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for mariadb fixes the following issues: - Update to 10.2.43 (bsc#1196016): * 10.2.43: CVE-2021-46665 CVE-2021-46664 CVE-2021-46661 CVE-2021-46668 CVE-2021-46663 * 10.2.42: CVE-2022-24052 CVE-2022-24051 CVE-2022-24050 CVE-2022-24048 CVE-2021-46659, bsc#1195339 - The following issues have already been fixed in this package but weren't previously mentioned in the changes file: CVE-2021-46658, bsc#1195334 CVE-2021-46657, bsc#1195325 Important SUSE bug 1195325 SUSE bug 1195334 SUSE bug 1195339 SUSE bug 1196016 CVE-2021-46657 CVE-2021-46658 CVE-2021-46659 CVE-2021-46661 CVE-2021-46663 CVE-2021-46664 CVE-2021-46665 CVE-2021-46668 CVE-2022-24048 CVE-2022-24050 CVE-2022-24051 CVE-2022-24052 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for tomcat fixes the following issues: Security issues fixed: - CVE-2022-23181: Fixed time of check, time of use vulnerability that allowed local privilege escalation. (bsc#1195255) - Remove log4j dependency, which is currently directly in use (bsc#1196137) - Make the package RPM conflict even more specific to conflict with java-openjdk-headless >= 9 (bsc#1196091) Important SUSE bug 1195255 SUSE bug 1196091 SUSE bug 1196137 CVE-2022-23181 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for webkit2gtk3 fixes the following issues: Update to version 2.34.6 (bsc#1196133): - CVE-2022-22620: Processing maliciously crafted web content may have lead to arbitrary code execution. Important SUSE bug 1196133 CVE-2022-22620 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for libcaca fixes the following issues: - CVE-2021-30498, CVE-2021-30499: If an image has a size of 0x0, when exporting, no data is written and space is allocated for the header only, not taking into account that sprintf appends a NUL byte (bsc#1184751, bsc#1184752). Important SUSE bug 1184751 SUSE bug 1184752 CVE-2021-30498 CVE-2021-30499 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.7.0 ESR (bsc#1196900): - CVE-2022-26383: Browser window spoof using fullscreen mode - CVE-2022-26384: iframe allow-scripts sandbox bypass - CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on signatures - CVE-2022-26381: Use-after-free in text reflows - CVE-2022-26386: Temporary files downloaded to /tmp and accessible by other local users Important SUSE bug 1196900 CVE-2022-26381 CVE-2022-26383 CVE-2022-26384 CVE-2022-26386 CVE-2022-26387 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). Important SUSE bug 1196025 SUSE bug 1196784 CVE-2022-25236 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for openssl-1_0_0 fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). - Allow CRYPTO_THREADID_set_callback to be called with NULL parameter (bsc#1196249). Important SUSE bug 1196249 SUSE bug 1196877 CVE-2022-0778 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for openssl-1_1 fixes the following issues: Security issue fixed: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). Non-security issues fixed: - Fix PAC pointer authentication in ARM. (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version. (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) - Fix BIO_f_zlib: Properly handle BIO_CTRL_PENDING and BIO_CTRL_WPENDING calls. Important SUSE bug 1182959 SUSE bug 1195149 SUSE bug 1195792 SUSE bug 1195856 SUSE bug 1196877 CVE-2022-0778 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u322 (icedtea-3.22.0) Including the following security fixes: - CVE-2022-21248, bsc#1194926: Enhance cross VM serialization - CVE-2022-21283, bsc#1194937: Better String matching - CVE-2022-21293, bsc#1194935: Improve String constructions - CVE-2022-21294, bsc#1194934: Enhance construction of Identity maps - CVE-2022-21282, bsc#1194933: Better resolution of URIs - CVE-2022-21296, bsc#1194932: Improve SAX Parser configuration management - CVE-2022-21299, bsc#1194931: Improved scanning of XML entities - CVE-2022-21305, bsc#1194939: Better array indexing - CVE-2022-21340, bsc#1194940: Verify Jar Verification - CVE-2022-21341, bsc#1194941: Improve serial forms for transport - CVE-2022-21349: Improve Solaris font rendering - CVE-2022-21360, bsc#1194929: Enhance BMP image support - CVE-2022-21365, bsc#1194928: Enhanced BMP processing Important SUSE bug 1193314 SUSE bug 1193444 SUSE bug 1193491 SUSE bug 1194926 SUSE bug 1194928 SUSE bug 1194929 SUSE bug 1194931 SUSE bug 1194932 SUSE bug 1194933 SUSE bug 1194934 SUSE bug 1194935 SUSE bug 1194937 SUSE bug 1194939 SUSE bug 1194940 SUSE bug 1194941 SUSE bug 1195163 CVE-2022-21248 CVE-2022-21282 CVE-2022-21283 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21349 CVE-2022-21360 CVE-2022-21365 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for bind fixes the following issues: - CVE-2021-25220: Fixed a DNS cache poisoning vulnerability due to loose caching rules (bsc#1197135). Important SUSE bug 1197135 CVE-2021-25220 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for kernel-firmware fixes the following issues: Update Intel Bluetooth firmware (INTEL-SA-00604, bsc#1195786): - CVE-2021-33139, CVE-2021-33155: Improper conditions check in the firmware for some Intel Wireless Bluetooth and Killer Bluetooth products may allow an authenticated user to potentially cause denial of service via adjacent access. Moderate SUSE bug 1195786 CVE-2021-33139 CVE-2021-33155 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for apache2 fixes the following issues: - CVE-2022-23943: heap out-of-bounds write in mod_sed (bsc#1197098). - CVE-2022-22720: HTTP request smuggling due to incorrect error handling (bsc#1197095). - CVE-2022-22719: use of uninitialized value of in r:parsebody in mod_lua (bsc#1197091). - CVE-2022-22721: possible buffer overflow with very large or unlimited LimitXMLRequestBody (bsc#1197096). Important SUSE bug 1197091 SUSE bug 1197095 SUSE bug 1197096 SUSE bug 1197098 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 CVE-2022-23943 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions (bsc#1207082). Important SUSE bug 1207082 CVE-2023-22809 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for git fixes the following issues: - CVE-2022-41903: Fixed a heap overflow in the 'git archive' and 'git log --format' commands (bsc#1207033). - CVE-2022-23521: Fixed an integer overflow that could be triggered when parsing a gitattributes file (bsc#1207032). Important SUSE bug 1207032 SUSE bug 1207033 CVE-2022-23521 CVE-2022-41903 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: - Updated to version 102.7.0 ESR (bsc#1207119): - CVE-2022-46871: Updated an out of date library (libusrsctp) which contained several vulnerabilities. - CVE-2023-23598: Fixed an arbitrary file read from GTK drag and drop on Linux. - CVE-2023-23601: Fixed a potential spoofing attack when dragging a URL from a cross-origin iframe into the same tab. - CVE-2023-23602: Fixed a mishandled security check, which caused the Content Security Policy header to be ignored for WebSockets in WebWorkers. - CVE-2022-46877: Fixed a fullscreen notification bypass which could be leveraged in spoofing attacks. - CVE-2023-23603: Fixed a Content Security Policy bypass via format directives. - CVE-2023-23605: Fixed several memory safety bugs. Important SUSE bug 1207119 CVE-2022-46871 CVE-2022-46877 CVE-2023-23598 CVE-2023-23601 CVE-2023-23602 CVE-2023-23603 CVE-2023-23605 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for mozilla-nss fixes the following issues: - CVE-2022-3479: Fixed a potential crash that could be triggered when a server requested a client authentication certificate, but the client had no certificates stored (bsc#1204272). - Updated to version 3.79.3 (bsc#1207038): - CVE-2022-23491: Removed trust for 3 root certificates from TrustCor. Important SUSE bug 1204272 SUSE bug 1207038 CVE-2022-23491 CVE-2022-3479 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for freeradius-server fixes the following issues: - CVE-2022-41859: Fixed an issue in EAP-PWD that could leak information about the password, which could facilitate dictionary attacks (bsc#1206204). - CVE-2022-41860: Fixed a crash in servers with EAP_SIM manually configured, which could be triggered via a malformed SIM option (bsc#1206205). - CVE-2022-41861: Fixed a server crash that could be triggered by sending malformed data from a system in the RADIUS circle of trust (bsc#1206206). Important SUSE bug 1206204 SUSE bug 1206205 SUSE bug 1206206 CVE-2022-41859 CVE-2022-41860 CVE-2022-41861 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for samba fixes the following issues: - CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user's password (bsc#1206546). - CVE-2022-38023: Disabled weak ciphers by default in the Netlogon Secure channel (bsc#1206504). - CVE-2022-37966: Fixed an issue where a weak cipher would be selected to encrypt session keys, which could lead to privilege escalation (bsc#1205385). Important SUSE bug 1205385 SUSE bug 1206504 SUSE bug 1206546 CVE-2021-20251 CVE-2022-37966 CVE-2022-38023 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for xen fixes the following issues: - CVE-2022-23824: Fixed multiple speculative execution issues (bnc#1205209). Important SUSE bug 1027519 SUSE bug 1205209 CVE-2022-23824 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update of dpdk fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). Moderate SUSE bug 1209188 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for libXpm fixes the following issues: - CVE-2022-46285: Fixed an infinite loop that could be triggered when reading a XPM image with a C-style comment that is never closed (bsc#1207029). - CVE-2022-44617: Fixed an excessive resource consumption that could be triggered when reading small crafted XPM image (bsc#1207030). - CVE-2022-4883: Fixed an issue that made decompression commands susceptible to PATH environment variable manipulation attacks (bsc#1207031). Important SUSE bug 1207029 SUSE bug 1207030 SUSE bug 1207031 CVE-2022-44617 CVE-2022-46285 CVE-2022-4883 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for bluez fixes the following issues: - CVE-2022-39176: Fixed a memory safety issue that could allow physically proximate attackers to obtain sensitive information (bsc#1203121). - CVE-2022-39177: Fixed a memory safety issue that could allow physically proximate attackers to cause a denial of service (bsc#1203120). Important SUSE bug 1203120 SUSE bug 1203121 CVE-2022-39176 CVE-2022-39177 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for tomcat fixes the following issues: - CVE-2023-28708: Fixed information disclosure by not including the secure attribute (bsc#1209622). Important SUSE bug 1209622 CVE-2023-28708 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for xorg-x11-server fixes the following issues: - CVE-2023-1393: Fixed use-after-free overlay window (ZDI-CAN-19866) (bsc#1209543). Important SUSE bug 1209543 CVE-2023-1393 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for webkit2gtk3 fixes the following issues: Update to version 2.38.5 (boo#1208328): - CVE-2023-23529: Fixed possible arbitrary code execution via maliciously crafted web content. - CVE-2023-23518: Processing maliciously crafted web content may lead to Previously fixed inside update to version 2.38.4 (boo#1207997): - CVE-2022-42826: Fixed a use-after-free issue that was caused by improper memory management. Important SUSE bug 1207997 SUSE bug 1208328 CVE-2022-42826 CVE-2023-23518 CVE-2023-23529 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for sudo fixes the following issues: - CVE-2023-28486: Fixed missing control characters escaping in log messages (bsc#1209362). - CVE-2023-28487: Fixed missing control characters escaping in sudoreplay output (bsc#1209361). Moderate SUSE bug 1209361 SUSE bug 1209362 CVE-2023-28486 CVE-2023-28487 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for openssl-1_0_0 fixes the following issues: Security fixes: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). Other fixes: - Fix DH key generation in FIPS mode, add support for constant BN for DH parameters (bsc#1202062) Moderate SUSE bug 1202062 SUSE bug 1209624 CVE-2023-0464 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). Moderate SUSE bug 1209624 CVE-2023-0464 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for systemd fixes the following issues: - CVE-2023-26604: Fixed a privilege escalation via the less pager. (bsc#1208958) - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). Bug fixes: - Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423). - Fixed 'systemd --user' call pam_loginuid when creating user@.service (bsc#1198507). - Fixed 'systemd-detect-virt' refine hypervisor detection (bsc#1197244). - Fixed 'udev' 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529). - Fixed 'man' tweak description of auto/noauto (bsc#1191502). Important SUSE bug 1191502 SUSE bug 1195529 SUSE bug 1197244 SUSE bug 1198507 SUSE bug 1204423 SUSE bug 1204968 SUSE bug 1205000 SUSE bug 1206985 SUSE bug 1208958 CVE-2022-3821 CVE-2022-4415 CVE-2023-26604 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). Moderate SUSE bug 1209873 SUSE bug 1209878 CVE-2023-0465 CVE-2023-0466 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for ghostscript fixes the following issues: - CVE-2023-28879: Fixed buffer Overflow in s_xBCPE_process (bsc#1210062). Important SUSE bug 1210062 CVE-2023-28879 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 102.10.0 ESR (bsc#1210212) - CVE-2023-29531: Out-of-bound memory access in WebGL on macOS - CVE-2023-29532: Mozilla Maintenance Service Write-lock bypass - CVE-2023-29533: Fullscreen notification obscured - MFSA-TMP-2023-0001: Double-free in libwebp - CVE-2023-29535: Potential Memory Corruption following Garbage Collector compaction - CVE-2023-29536: Invalid free from JavaScript code - CVE-2023-29539: Content-Disposition filename truncation leads to Reflected File Download - CVE-2023-29541: Files with malicious extensions could have been downloaded unsafely on Linux - CVE-2023-29542: Bypass of file download extension restrictions - CVE-2023-29545: Windows Save As dialog resolved environment variables - CVE-2023-1945: Memory Corruption in Safe Browsing Code - CVE-2023-29548: Incorrect optimization result on ARM64 - CVE-2023-29550: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10 Important SUSE bug 1210212 CVE-2023-1945 CVE-2023-29531 CVE-2023-29532 CVE-2023-29533 CVE-2023-29535 CVE-2023-29536 CVE-2023-29539 CVE-2023-29541 CVE-2023-29542 CVE-2023-29545 CVE-2023-29548 CVE-2023-29550 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for harfbuzz fixes the following issues: - CVE-2023-25193: Fixed vulnerability that allowed attackers to trigger O(n^2) growth via consecutive marks (bsc#1207922). Important SUSE bug 1207922 CVE-2023-25193 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 8 (bsc#1208480): * Security fixes: - CVE-2023-21830: Fixed improper restrictions in CORBA deserialization (bsc#1207249). - CVE-2023-21835: Fixed handshake DoS attack against DTLS connections (bsc#1207246). - CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248). * New Features/Enhancements: - Add RSA-PSS signature to IBMJCECCA. * Defect Fixes: - IJ45437 Service, Build, Packaging and Deliver: Getting FIPSRUNTIMEEXCEPTION when calling java code: MESSAGEDIGEST.GETINSTANCE('SHA256', 'IBMJCEFIPS'); in MAC - IJ45272 Class Libraries: Fix security vulnerability CVE-2023-21843 - IJ45280 Class Libraries: Update timezone information to the latest TZDATA2022F - IJ44896 Class Libraries: Update timezone information to the latest TZDATA2022G - IJ45436 Java Virtual Machine: Stack walking code gets into endless loop, hanging the application - IJ44079 Java Virtual Machine: When -DFILE.ENCODING is specified multiple times on the same command line the first option takes precedence instead of the last - IJ44532 JIT Compiler: Java JIT: Crash in DECREFERENCECOUNT() due to a NULL pointer - IJ44596 JIT Compiler: Java JIT: Invalid hard-coding of static final field object properties - IJ44107 JIT Compiler: JIT publishes new object reference to other threads without executing a memory flush - IX90193 ORB: Fix security vulnerability CVE-2023-21830 - IJ44267 Security: 8273553: SSLENGINEIMPL.CLOSEINBOUND also has similar error of JDK-8253368 - IJ45148 Security: code changes for tech preview - IJ44621 Security: Computing Diffie-Hellman secret repeatedly, using IBMJCEPLUS, causes a small memory leak - IJ44172 Security: Disable SHA-1 signed jars for EA - IJ44040 Security: Generating Diffie-Hellman key pairs repeatedly, using IBMJCEPLUS, Causes a small memory leak - IJ45200 Security: IBMJCEPLUS provider, during CHACHA20-POLY1305 crypto operations, incorrectly throws an ILLEGALSTATEEXCEPTION - IJ45182 Security: IBMJCEPLUS provider fails in RSAPSS and ECDSA during signature operations resulting in Java cores - IJ45201 Security: IBMJCEPLUS provider failures (two) with AESGCM algorithm - IJ45202 Security: KEYTOOL NPE if signing certificate does not contain a SUBJECTKEYIDENTIFIER extension - IJ44075 Security: PKCS11KEYSTORE.JAVA - DOESPUBLICKEYMATCHPRIVATEKEY() method uses SHA1XXXX signature algorithms to match private and public keys - IJ45203 Security: RSAPSS multiple names for KEYTYPE - IJ43920 Security: The PKCS12 keystore update and the PBES2 support - IJ40002 XML: Fix security vulnerability CVE-2022-21426 Moderate SUSE bug 1207246 SUSE bug 1207248 SUSE bug 1207249 SUSE bug 1208480 CVE-2022-21426 CVE-2023-21830 CVE-2023-21835 CVE-2023-21843 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for liblouis fixes the following issues: - CVE-2023-26767: Fixed buffer overflow vulnerability in lou_logFile function (bsc#1209429). - CVE-2023-26768: Fixed buffer overflow in lou_logFile() (bsc#1209431). - CVE-2023-26769: Fixed buffer Overflow vulnerability in resolveSubtable function (bsc#1209432). Important SUSE bug 1209429 SUSE bug 1209431 SUSE bug 1209432 SUSE bug 1209855 CVE-2023-26767 CVE-2023-26768 CVE-2023-26769 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for apache2 fixes the following issues: - CVE-2022-37436: Fixed an issue in mod_proxy where a malicious backend could cause the response headers to be truncated early, resulting in some headers being incorporated into the response body (bsc#1207251). - CVE-2022-36760: Fixed an issue in mod_proxy_ajp that could allow request smuggling attacks (bsc#1207250). - CVE-2006-20001: Fixed an issue in mod_proxy_ajp where a request header could cause memory corruption (bsc#1207247). Important SUSE bug 1207247 SUSE bug 1207250 SUSE bug 1207251 CVE-2006-20001 CVE-2022-36760 CVE-2022-37436 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for apache2-mod_auth_openidc fixes the following issues: - CVE-2022-23527: Fixed open redirect in oidc_validate_redirect_url() using tab character (bsc#1206441). - CVE-2023-28625: Fixed NULL pointer dereference when OIDCStripCookies was set and a crafted Cookie header was supplied (bsc#1210073). Important SUSE bug 1190855 SUSE bug 1206441 SUSE bug 1210073 CVE-2022-23527 CVE-2023-28625 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for shim fixes the following issues: - Updated shim signature after shim 15.7 be signed back: signature-sles.x86_64.asc, signature-sles.aarch64.asc (bsc#1198458) - Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to disable the NX compatibility flag when using post-process-pe because grub2 is not ready. (bsc#1205588) - Enable the NX compatibility flag by default. (jsc#PED-127) Update to 15.7 (bsc#1198458) (jsc#PED-127): - Make SBAT variable payload introspectable - Reference MokListRT instead of MokList - Add a link to the test plan in the readme. - [V3] Enable TDX measurement to RTMR register - Discard load-options that start with a NUL - Fixed load_cert_file bugs - Add -malign-double to IA32 compiler flags - pe: Fix image section entry-point validation - make-archive: Build reproducible tarball - mok: remove MokListTrusted from PCR 7 Other fixes: - Support enhance shim measurement to TD RTMR. (jsc#PED-1273) - shim-install: ensure grub.cfg created is not overwritten after installing grub related files - Add logic to shim.spec to only set sbat policy when efivarfs is writeable. (bsc#1201066) - Add logic to shim.spec for detecting --set-sbat-policy option before using mokutil to set sbat policy. (bsc#1202120) - Change the URL in SBAT section to mail:security@suse.de. (bsc#1193282) Update to 15.6 (bsc#1198458): - MokManager: removed Locate graphic output protocol fail error message - shim: implement SBAT verification for the shim_lock protocol - post-process-pe: Fix a missing return code check - Update github actions matrix to be more useful - post-process-pe: Fix format string warnings on 32-bit platforms - Allow MokListTrusted to be enabled by default - Re-add ARM AArch64 support - Use ASCII as fallback if Unicode Box Drawing characters fail - make: don't treat cert.S specially - shim: use SHIM_DEVEL_VERBOSE when built in devel mode - Break out of the inner sbat loop if we find the entry. - Support loading additional certificates - Add support for NX (W^X) mitigations. - Fix preserve_sbat_uefi_variable() logic - SBAT Policy latest should be a one-shot - pe: Fix a buffer overflow when SizeOfRawData > VirtualSize - pe: Perform image verification earlier when loading grub - Update advertised sbat generation number for shim - Update SBAT generation requirements for 05/24/22 - Also avoid CVE-2022-28737 in verify_image() by @vathpela Update to 15.5 (bsc#1198458): - Broken ia32 relocs and an unimportant submodule change. - mok: allocate MOK config table as BootServicesData - Don't call QueryVariableInfo() on EFI 1.10 machines (bsc#1187260) - Relax the check for import_mok_state() (bsc#1185261) - SBAT.md: trivial changes - shim: another attempt to fix load options handling - Add tests for our load options parsing. - arm/aa64: fix the size of .rela* sections - mok: fix potential buffer overrun in import_mok_state - mok: relax the maximum variable size check - Don't unhook ExitBootServices when EBS protection is disabled - fallback: find_boot_option() needs to return the index for the boot entry in optnum - httpboot: Ignore case when checking HTTP headers - Fallback allocation errors - shim: avoid BOOTx64.EFI in message on other architectures - str: remove duplicate parameter check - fallback: add compile option FALLBACK_NONINTERACTIVE - Test mok mirror - Modify sbat.md to help with readability. - csv: detect end of csv file correctly - Specify that the .sbat section is ASCII not UTF-8 - tests: add 'include-fixed' GCC directory to include directories - pe: simplify generate_hash() - Don't make shim abort when TPM log event fails (RHBZ #2002265) - Fallback to default loader if parsed one does not exist - fallback: Fix for BootOrder crash when index returned - Better console checks - docs: update SBAT UEFI variable name - Don't parse load options if invoked from removable media path - fallback: fix fallback not passing arguments of the first boot option - shim: Don't stop forever at 'Secure Boot not enabled' notification - Allocate mokvar table in runtime memory. - Remove post-process-pe on 'make clean' - pe: missing perror argument - CVE-2022-28737: Fixed a buffer overflow when SizeOfRawData > VirtualSize (bsc#1198458) - Add mokutil command to post script for setting sbat policy to latest mode when the SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23 is not created. (bsc#1198458) - Updated vendor dbx binary and script (bsc#1198458) - Updated dbx-cert.tar.xz and vendor-dbx-sles.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list. - Updated dbx-cert.tar.xz and vendor-dbx-opensuse.bin for adding openSUSE-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list. - Updated vendor-dbx.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt and openSUSE-UEFI-SIGN-Certificate-2021-05.crt for testing environment. - Updated generate-vendor-dbx.sh script for generating a vendor-dbx.bin file which includes all .der for testing environment. - avoid buffer overflow when copying data to the MOK config table (bsc#1185232) - Disable exporting vendor-dbx to MokListXRT since writing a large RT variable could crash some machines (bsc#1185261) - ignore the odd LoadOptions length (bsc#1185232) - shim-install: reset def_shim_efi to 'shim.efi' if the given file doesn't exist - relax the maximum variable size check for u-boot (bsc#1185621) - handle ignore_db and user_insecure_mode correctly (bsc#1185441, bsc#1187071) - Split the keys in vendor-dbx.bin to vendor-dbx-sles and vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce the size of MokListXRT (bsc#1185261) + Also update generate-vendor-dbx.sh in dbx-cert.tar.xz Important SUSE bug 1185232 SUSE bug 1185261 SUSE bug 1185441 SUSE bug 1185621 SUSE bug 1187071 SUSE bug 1187260 SUSE bug 1193282 SUSE bug 1193315 SUSE bug 1198458 SUSE bug 1201066 SUSE bug 1202120 SUSE bug 1205588 CVE-2022-28737 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for openssl-1_0_0 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). Moderate SUSE bug 1209873 SUSE bug 1209878 CVE-2023-0465 CVE-2023-0466 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for ovmf fixes the following issues: - CVE-2019-14560: Fixed potential secure boot bypass via an improper check of GetEfiGlobalVariable2 (bsc#1174246). - CVE-2021-38578: Fixed underflow in MdeModulePkg/PiSmmCore SmmEntryPointAdd (bsc#1196741). Important SUSE bug 1174246 SUSE bug 1196741 CVE-2019-14560 CVE-2021-38578 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for tiff fixes the following issues: - CVE-2022-48281: Fixed a buffer overflow that could be triggered via a crafted image (bsc#1207413). Important SUSE bug 1207413 CVE-2022-48281 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for sssd fixes the following issues: - CVE-2022-4254: Fixed a bug in libsss_certmap which could allow an attacker to gain control of the admin account and perform a full domain takeover. (bsc#1207474) Important SUSE bug 1207474 CVE-2022-4254 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for dmidecode fixes the following issues: - CVE-2023-30630: Fixed potential privilege escalation vulnerability via file overwrite (bsc#1210418). Moderate SUSE bug 1210418 CVE-2023-30630 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for webkit2gtk3 fixes the following issues: Update to version 2.38.6 (bsc#1210731): - CVE-2022-0108: Fixed information leak. - CVE-2022-32885: Fixed arbitrary code execution. - CVE-2023-25358: Fixed use-after-free vulnerability in WebCore::RenderLayer. - CVE-2023-27932: Fixed Same Origin Policy bypass. - CVE-2023-27954: Fixed sensitive user information tracking. - CVE-2023-28205: Fixed arbitrary code execution (bsc#1210295). Already fixed in version 2.38.5: - CVE-2022-32886, CVE-2022-32912, CVE-2023-25360, CVE-2023-25361, CVE-2023-25362, CVE-2023-25363. Important SUSE bug 1210295 SUSE bug 1210731 CVE-2022-0108 CVE-2022-32885 CVE-2022-32886 CVE-2022-32912 CVE-2023-25358 CVE-2023-25360 CVE-2023-25361 CVE-2023-25362 CVE-2023-25363 CVE-2023-27932 CVE-2023-27954 CVE-2023-28205 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for git fixes the following issues: - CVE-2023-25652: Fixed partial overwrite of paths outside the working tree (bsc#1210686). - CVE-2023-25815: Fixed malicious placemtn of crafted message (bsc#1210686). - CVE-2023-29007: Fixed arbitrary configuration injection (bsc#1210686). Moderate SUSE bug 1210686 CVE-2023-25652 CVE-2023-25815 CVE-2023-29007 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). Moderate SUSE bug 1210507 CVE-2023-29383 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for vim fixes the following issues: - Updated to version 9.0.1234: - CVE-2023-0433: Fixed an out of bounds memory access that could cause a crash (bsc#1207396). - CVE-2023-0288: Fixed an out of bounds memory access that could cause a crash (bsc#1207162). - CVE-2023-0054: Fixed an out of bounds memory write that could cause a crash or memory corruption (bsc#1206868). - CVE-2023-0051: Fixed an out of bounds memory access that could cause a crash (bsc#1206867). - CVE-2023-0049: Fixed an out of bounds memory access that could cause a crash (bsc#1206866). - CVE-2022-3491: Fixed an out of bounds memory access that could cause a crash (bsc#1206028). - CVE-2022-3520: Fixed an out of bounds memory access that could cause a crash (bsc#1206071). - CVE-2022-3591: Fixed a use-after-free issue that could cause memory corruption or undefined behavior (bsc#1206072). - CVE-2022-4292: Fixed a use-after-free issue that could cause memory corruption or undefined behavior (bsc#1206075). - CVE-2022-4293: Fixed a floating point exception that could cause a crash (bsc#1206077). - CVE-2022-4141: Fixed an out of bounds memory write that could cause a crash or memory corruption (bsc#1205797). - CVE-2022-3705: Fixed an use-after-free issue that could cause a crash or memory corruption (bsc#1204779). Important SUSE bug 1204779 SUSE bug 1205797 SUSE bug 1206028 SUSE bug 1206071 SUSE bug 1206072 SUSE bug 1206075 SUSE bug 1206077 SUSE bug 1206866 SUSE bug 1206867 SUSE bug 1206868 SUSE bug 1207162 SUSE bug 1207396 CVE-2022-3491 CVE-2022-3520 CVE-2022-3591 CVE-2022-3705 CVE-2022-4141 CVE-2022-4292 CVE-2022-4293 CVE-2023-0049 CVE-2023-0051 CVE-2023-0054 CVE-2023-0288 CVE-2023-0433 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for shim fixes the following issues: - Update only adds the CVE reference to the previously released update (bsc#1198458, CVE-2022-28737) Important SUSE bug 1198458 CVE-2022-28737 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: Extended Support Release 102.11.0 ESR (bsc#1211175): - CVE-2023-32205: Browser prompts could have been obscured by popups - CVE-2023-32206: Crash in RLBox Expat driver - CVE-2023-32207: Potential permissions request bypass via clickjacking - CVE-2023-32211: Content process crash due to invalid wasm code - CVE-2023-32212: Potential spoof due to obscured address bar - CVE-2023-32213: Potential memory corruption in FileReader::DoReadData() - CVE-2023-32214: Potential DoS via exposed protocol handlers - CVE-2023-32215: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11 Important SUSE bug 1211175 CVE-2023-32205 CVE-2023-32206 CVE-2023-32207 CVE-2023-32211 CVE-2023-32212 CVE-2023-32213 CVE-2023-32214 CVE-2023-32215 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update fixes the following issues: golang-github-prometheus-alertmanager: - Security issues fixed: * CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208051) prometheus-blackbox_exporter: - Security issues fixed: * CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208062) - Other non-security bugs fixed and changes: * Add `min_version` parameter of `tls_config` to allow enabling TLS 1.0 and 1.1 (bsc#1209113) * On SUSE Linux Enterprise build always with Go >= 1.19 (bsc#1203599) prometheus-postgres_exporter: - Security issues fixed: * CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208060) - Other non-security issues fixed: * Adapt the systemd service security configuration to be able to start it on for Red Hat Linux Enterprise systems and clones * Create the prometheus user for Red Hat Linux Enterprise systems and clones * Fix broken log-level for values other than debug (bsc#1208965) golang-github-prometheus-node_exporter: - Security issues fixed in this version update to version 1.5.0 (jsc#PED-3578): * CVE-2022-27191: Update go/x/crypto (bsc#1197284) * CVE-2022-27664: Update go/x/net (bsc#1203185) * CVE-2022-46146: Update exporter-toolkit (bsc#1208064) - Other non-security bug fixes and changes in this version update to 1.5.0 (jsc#PED-3578): * NOTE: This changes the Go runtime 'GOMAXPROCS' to 1. This is done to limit the concurrency of the exporter to 1 CPU thread at a time in order to avoid a race condition problem in the Linux kernel and parallel IO issues on nodes with high numbers of CPUs/CPU threads. * [BUGFIX] Fix hwmon label sanitizer * [BUGFIX] Use native endianness when encoding InetDiagMsg * [BUGFIX] Fix btrfs device stats always being zero * [BUGFIX] Fix diskstats exclude flags * [BUGFIX] [node-mixin] Fix fsSpaceAvailableCriticalThreshold and fsSpaceAvailableWarning * [BUGFIX] Fix concurrency issue in ethtool collector * [BUGFIX] Fix concurrency issue in netdev collector * [BUGFIX] Fix diskstat reads and write metrics for disks with different sector sizes * [BUGFIX] Fix iostat on macos broken by deprecation warning * [BUGFIX] Fix NodeFileDescriptorLimit alerts * [BUGFIX] Sanitize rapl zone names * [BUGFIX] Add file descriptor close safely in test * [BUGFIX] Fix race condition in os_release.go * [BUGFIX] Skip ZFS IO metrics if their paths are missing * [BUGFIX] Handle nil CPU thermal power status on M1 * [BUGFIX] bsd: Ignore filesystems flagged as MNT_IGNORE * [BUGFIX] Sanitize UTF-8 in dmi collector * [CHANGE] Merge metrics descriptions in textfile collector * [FEATURE] Add multiple listeners and systemd socket listener activation * [FEATURE] [node-mixin] Add darwin dashboard to mixin * [FEATURE] Add 'isolated' metric on cpu collector on linux * [FEATURE] Add cgroup summary collector * [FEATURE] Add selinux collector * [FEATURE] Add slab info collector * [FEATURE] Add sysctl collector * [FEATURE] Also track the CPU Spin time for OpenBSD systems * [FEATURE] Add support for MacOS version * [ENHANCEMENT] Add RTNL version of netclass collector * [ENHANCEMENT] [node-mixin] Add missing selectors * [ENHANCEMENT] [node-mixin] Change current datasource to grafana's default * [ENHANCEMENT] [node-mixin] Change disk graph to disk table * [ENHANCEMENT] [node-mixin] Change io time units to %util * [ENHANCEMENT] Ad user_wired_bytes and laundry_bytes on *bsd * [ENHANCEMENT] Add additional vm_stat memory metrics for darwin * [ENHANCEMENT] Add device filter flags to arp collector * [ENHANCEMENT] Add diskstats include and exclude device flags * [ENHANCEMENT] Add node_softirqs_total metric * [ENHANCEMENT] Add rapl zone name label option * [ENHANCEMENT] Add slabinfo collector * [ENHANCEMENT] Allow user to select port on NTP server to query * [ENHANCEMENT] collector/diskstats: Add labels and metrics from udev * [ENHANCEMENT] Enable builds against older macOS SDK * [ENHANCEMENT] qdisk-linux: Add exclude and include flags for interface name * [ENHANCEMENT] systemd: Expose systemd minor version * [ENHANCEMENT] Use netlink for tcpstat collector * [ENHANCEMENT] Use netlink to get netdev stats * [ENHANCEMENT] Add additional perf counters for stalled frontend/backend cycles * [ENHANCEMENT] Add btrfs device error stats golang-github-prometheus-prometheus: - Security issues fixed in this version update to 2.37.6 (jsc#PED-3576): * CVE-2022-46146: Fix basic authentication bypass vulnerability (bsc#1208049, jsc#PED-3576) * CVE-2022-41715: Update our regexp library to fix upstream (bsc#1204023) - Other non-security bug fixes and changes in this version update to 2.37.6 (jsc#PED-3576): * [BUGFIX] TSDB: Turn off isolation for Head compaction to fix a memory leak. * [BUGFIX] TSDB: Fix 'invalid magic number 0' error on Prometheus startup. * [BUGFIX] Agent: Fix validation of flag options and prevent WAL from growing more than desired. * [BUGFIX] Properly close file descriptor when logging unfinished queries. * [BUGFIX] TSDB: In the WAL watcher metrics, expose the type='exemplar' label instead of type='unknown' for exemplar records. * [BUGFIX] Alerting: Fix Alertmanager targets not being updated when alerts were queued. * [BUGFIX] Hetzner SD: Make authentication files relative to Prometheus config file. * [BUGFIX] Promtool: Fix promtool check config not erroring properly on failures. * [BUGFIX] Scrape: Keep relabeled scrape interval and timeout on reloads. * [BUGFIX] TSDB: Don't increment prometheus_tsdb_compactions_failed_total when context is canceled. * [BUGFIX] TSDB: Fix panic if series is not found when deleting series. * [BUGFIX] TSDB: Increase prometheus_tsdb_mmap_chunk_corruptions_total on out of sequence errors. * [BUGFIX] Uyuni SD: Make authentication files relative to Prometheus configuration file and fix default configuration values. * [BUGFIX] Fix serving of static assets like fonts and favicon. * [BUGFIX] promtool: Add --lint-fatal option. * [BUGFIX] Changing TotalQueryableSamples from int to int64. * [BUGFIX] tsdb/agent: Ignore duplicate exemplars. * [BUGFIX] TSDB: Fix chunk overflow appending samples at a variable rate. * [BUGFIX] Stop rule manager before TSDB is stopped. * [BUGFIX] Kubernetes SD: Explicitly include gcp auth from k8s.io. * [BUGFIX] Fix OpenMetrics parser to sort uppercase labels correctly. * [BUGFIX] UI: Fix scrape interval and duration tooltip not showing on target page. * [BUGFIX] Tracing/GRPC: Set TLS credentials only when insecure is false. * [BUGFIX] Agent: Fix ID collision when loading a WAL with multiple segments. * [BUGFIX] Remote-write: Fix a deadlock between Batch and flushing the queue. * [BUGFIX] PromQL: Properly return an error from histogram_quantile when metrics have the same labelset. * [BUGFIX] UI: Fix bug that sets the range input to the resolution. * [BUGFIX] TSDB: Fix a query panic when memory-snapshot-on-shutdown is enabled. * [BUGFIX] Parser: Specify type in metadata parser errors. * [BUGFIX] Scrape: Fix label limit changes not applying. * [BUGFIX] Remote-write: Fix deadlock between adding to queue and getting batch. * [BUGFIX] TSDB: Fix panic when m-mapping head chunks onto the disk. * [BUGFIX] Azure SD: Fix a regression when public IP Address isn't set. * [BUGFIX] Azure SD: Fix panic when public IP Address isn't set. * [BUGFIX] Remote-write: Fix deadlock when stopping a shard. * [BUGFIX] SD: Fix no such file or directory in K8s SD when not running inside K8s. * [BUGFIX] Promtool: Make exit codes more consistent. * [BUGFIX] Promtool: Fix flakiness of rule testing. * [BUGFIX] Remote-write: Update prometheus_remote_storage_queue_highest_sent_timestamp_seconds metric when write irrecoverably fails. * [BUGFIX] Storage: Avoid panic in BufferedSeriesIterator. * [BUGFIX] TSDB: CompactBlockMetas should produce correct mint/maxt for overlapping blocks. * [BUGFIX] TSDB: Fix logging of exemplar storage size. * [BUGFIX] UI: Fix overlapping click targets for the alert state checkboxes. * [BUGFIX] UI: Fix Unhealthy filter on target page to actually display only Unhealthy targets. * [BUGFIX] UI: Fix autocompletion when expression is empty. * [BUGFIX] TSDB: Fix deadlock from simultaneous GC and write. * [CHANGE] TSDB: Delete *.tmp WAL files when Prometheus starts. * [CHANGE] promtool: Add new flag --lint (enabled by default) for the commands check rules and check config, resulting in a new exit code (3) for linter errors. * [CHANGE] UI: Classic UI removed. * [CHANGE] Tracing: Migrate from Jaeger to OpenTelemetry based tracing. * [CHANGE] PromQL: Promote negative offset and @ modifer to stable features. * [CHANGE] Web: Promote remote-write-receiver to stable. * [FEATURE] Nomad SD: New service discovery for Nomad built-in service discovery. * [FEATURE] Add lowercase and uppercase relabel action. * [FEATURE] SD: Add IONOS Cloud integration. * [FEATURE] SD: Add Vultr integration. * [FEATURE] SD: Add Linode SD failure count metric. * [FEATURE] Add prometheus_ready metric. * [FEATURE] Support for automatically setting the variable GOMAXPROCS to the container CPU limit. Enable with the flag `--enable-feature=auto-gomaxprocs`. * [FEATURE] PromQL: Extend statistics with total and peak number of samples in a query. Additionally, per-step statistics are available with --enable-feature=promql-per-step-stats and using stats=all in the query API. Enable with the flag `--enable-feature=per-step-stats`. * [FEATURE] Config: Add stripPort template function. * [FEATURE] Promtool: Add cardinality analysis to check metrics, enabled by flag --extended. * [FEATURE] SD: Enable target discovery in own K8s namespace. * [FEATURE] SD: Add provider ID label in K8s SD. * [FEATURE] Web: Add limit field to the rules API. * [ENHANCEMENT] Kubernetes SD: Allow attaching node labels for endpoint role. * [ENHANCEMENT] PromQL: Optimise creation of signature with/without labels. * [ENHANCEMENT] TSDB: Memory optimizations. * [ENHANCEMENT] TSDB: Reduce sleep time when reading WAL. * [ENHANCEMENT] OAuth2: Add appropriate timeouts and User-Agent header. * [ENHANCEMENT] Add stripDomain to template function. * [ENHANCEMENT] UI: Enable active search through dropped targets. * [ENHANCEMENT] promtool: support matchers when querying label * [ENHANCEMENT] Add agent mode identifier. * [ENHANCEMENT] TSDB: more efficient sorting of postings read from WAL at startup. * [ENHANCEMENT] Azure SD: Add metric to track Azure SD failures. * [ENHANCEMENT] Azure SD: Add an optional resource_group configuration. * [ENHANCEMENT] Kubernetes SD: Support discovery.k8s.io/v1 EndpointSlice (previously only discovery.k8s.io/v1beta1 EndpointSlice was supported). * [ENHANCEMENT] Kubernetes SD: Allow attaching node metadata to discovered pods. * [ENHANCEMENT] OAuth2: Support for using a proxy URL to fetch OAuth2 tokens. * [ENHANCEMENT] Configuration: Add the ability to disable HTTP2. * [ENHANCEMENT] Config: Support overriding minimum TLS version. * [ENHANCEMENT] TSDB: Disable the chunk write queue by default and allow configuration with the experimental flag `--storage.tsdb.head-chunks-write-queue-size`. * [ENHANCEMENT] HTTP SD: Add a failure counter. * [ENHANCEMENT] Azure SD: Set Prometheus User-Agent on requests. * [ENHANCEMENT] Uyuni SD: Reduce the number of logins to Uyuni. * [ENHANCEMENT] Scrape: Log when an invalid media type is encountered during a scrape. * [ENHANCEMENT] Scrape: Accept application/openmetrics-text;version=1.0.0 in addition to version=0.0.1. * [ENHANCEMENT] Remote-read: Add an option to not use external labels as selectors for remote read. * [ENHANCEMENT] UI: Optimize the alerts page and add a search bar. * [ENHANCEMENT] UI: Improve graph colors that were hard to see. * [ENHANCEMENT] Config: Allow escaping of $ with $$ when using environment variables with external labels. * [ENHANCEMENT] Remote-write: Avoid allocations by buffering concrete structs instead of interfaces. * [ENHANCEMENT] Remote-write: Log time series details for out-of-order samples in remote write receiver. * [ENHANCEMENT] Remote-write: Shard up more when backlogged. * [ENHANCEMENT] TSDB: Use simpler map key to improve exemplar ingest performance. * [ENHANCEMENT] TSDB: Avoid allocations when popping from the intersected postings heap. * [ENHANCEMENT] TSDB: Make chunk writing non-blocking, avoiding latency spikes in remote-write. * [ENHANCEMENT] TSDB: Improve label matching performance. * [ENHANCEMENT] UI: Optimize the service discovery page and add a search bar. * [ENHANCEMENT] UI: Optimize the target page and add a search bar. golang-github-prometheus-promu: - Non-security bug fixes and changes in this version update to 0.14.0 (jsc#PED-3576): * [BUGFIX] Set build date from last changelog modification (bsc#1047218) * [BUGFIX] Validate environment variable value * [BUGFIX]Set build date from SOURCE_DATE_EPOCH * [BUGFIX]Make extldflags extensible by configuration. * [BUGFIX] Avoid bind-mounting to allow building with a remote docker engine * [BUGFIX] Fix build on SmartOS by not setting gcc's -static flag * [BUGFIX] Fix git repository url parsing * [CHANGE] Remove ioutil * [CHANGE] Update common Prometheus files * [FEATURE] Add the ability to override tags per GOOS * [FEATURE] Adding changes to support s390x * [FEATURE] Added check_licenses Command to Promu * [ENHANCEMENT] Allow to customize nested options via env variables * [ENHANCEMENT] Add warning if promu info is unable to determine repo info Important SUSE bug 1047218 SUSE bug 1197284 SUSE bug 1203185 SUSE bug 1203599 SUSE bug 1204023 SUSE bug 1208049 SUSE bug 1208051 SUSE bug 1208060 SUSE bug 1208062 SUSE bug 1208064 SUSE bug 1208965 SUSE bug 1209113 CVE-2022-27191 CVE-2022-27664 CVE-2022-41715 CVE-2022-46146 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for postgresql15 fixes the following issues: Updated to version 15.3: - CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script (bsc#1211228). - CVE-2023-2455: Fixed an issue that could allow a user to see or modify rows that should have been invisible (bsc#1211229). - Internal fixes (bsc#1210303). Important SUSE bug 1210303 SUSE bug 1211228 SUSE bug 1211229 CVE-2023-2454 CVE-2023-2455 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231). - CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232). - CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233). - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). Important SUSE bug 1206309 SUSE bug 1207992 SUSE bug 1209209 SUSE bug 1209210 SUSE bug 1209211 SUSE bug 1209212 SUSE bug 1209214 SUSE bug 1211231 SUSE bug 1211232 SUSE bug 1211233 SUSE bug 1211339 CVE-2022-43552 CVE-2023-23916 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2483: Fixed a use after free bug in emac_remove due caused by a race condition (bsc#1211037). - CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). - CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). - CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). - CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). - CVE-2020-36691: Fixed a denial of service (unbounded recursion) vulnerability via a nested Netlink policy with a back reference (bsc#1209613 bsc#1209777). - CVE-2023-0394: Fixed a null pointer dereference flaw in the network subcomponent in the Linux kernel which could lead to system crash (bsc#1207168). - CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA (bsc#1209778). - CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bsc#1194535). - CVE-2022-20567: Fixed use after free that could lead to a local privilege escalation in pppol2tp_create of l2tp_ppp.c (bsc#1208850). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). - CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599). - CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777). - CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). - CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289). - CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). - CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). - CVE-2023-1855: Fixed an use-after-free flaw in xgene_hwmon_remove (bsc#1210202). - CVE-2023-1989: Fixed an use-after-free flaw in btsdio_remove (bsc#1210336). - CVE-2023-1990: Fixed an use-after-free flaw in ndlc_remove (bsc#1210337). - CVE-2023-1998: Fixed an use-after-free flaw during login when accessing the shost ipaddress (bsc#1210506). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). - CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036). - CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125). - CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291). - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1209052). - CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549). - CVE-2023-30772: Fixed race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). The following non-security bugs were fixed: - Do not sign the vanilla kernel (bsc#1209008). - Fix kABI breakage (bsc#1208333) - PCI: hv: Add a per-bus mutex state_lock (bsc#1207185). - PCI: hv: Fix a race condition bug in hv_pci_query_relations() (bsc#1207185). - PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185). - PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185). - Remove obsolete KMP obsoletes (bsc#1210469). - Replace mkinitrd dependency with dracut (bsc#1202353). - cifs: fix double free in dfs mounts (bsc#1209845). - cifs: fix negotiate context parsing (bsc#1210301). - cifs: handle reconnect of tcon when there is no cached dfs referral (bsc#1209845). - cifs: missing null pointer check in cifs_mount (bsc#1209845). - cifs: serialize all mount attempts (bsc#1209845). - cred: allow get_cred() and put_cred() to be given NULL (bsc#1209887). - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168). - k-m-s: Drop Linux 2.6 support - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). Important SUSE bug 1076830 SUSE bug 1194535 SUSE bug 1202353 SUSE bug 1205128 SUSE bug 1207036 SUSE bug 1207125 SUSE bug 1207168 SUSE bug 1207185 SUSE bug 1207795 SUSE bug 1207845 SUSE bug 1208179 SUSE bug 1208333 SUSE bug 1208599 SUSE bug 1208777 SUSE bug 1208837 SUSE bug 1208850 SUSE bug 1209008 SUSE bug 1209052 SUSE bug 1209256 SUSE bug 1209289 SUSE bug 1209291 SUSE bug 1209532 SUSE bug 1209547 SUSE bug 1209549 SUSE bug 1209613 SUSE bug 1209687 SUSE bug 1209777 SUSE bug 1209778 SUSE bug 1209845 SUSE bug 1209871 SUSE bug 1209887 SUSE bug 1210124 SUSE bug 1210202 SUSE bug 1210301 SUSE bug 1210329 SUSE bug 1210336 SUSE bug 1210337 SUSE bug 1210469 SUSE bug 1210498 SUSE bug 1210506 SUSE bug 1210647 SUSE bug 1211037 CVE-2017-5753 CVE-2020-36691 CVE-2021-3923 CVE-2021-4203 CVE-2022-20567 CVE-2022-43945 CVE-2023-0394 CVE-2023-0590 CVE-2023-0597 CVE-2023-1076 CVE-2023-1095 CVE-2023-1118 CVE-2023-1390 CVE-2023-1513 CVE-2023-1611 CVE-2023-1670 CVE-2023-1855 CVE-2023-1989 CVE-2023-1990 CVE-2023-1998 CVE-2023-2124 CVE-2023-2162 CVE-2023-23454 CVE-2023-23455 CVE-2023-2483 CVE-2023-28328 CVE-2023-28464 CVE-2023-28772 CVE-2023-30772 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for java-1_8_0-openjdk fixes the following issues: - Updated to version jdk8u372 (icedtea-3.27.0): - CVE-2023-21930: Fixed an issue in the JSSE component that could allow an attacker to access critical data without authorization (bsc#1210628). - CVE-2023-21937: Fixed an issue in the Networking component that could allow an attacker to update, insert or delete some data without authorization (bsc#1210631). - CVE-2023-21938: Fixed an issue in the Libraries component that could allow an attacker to update, insert or delete some data without authorization (bsc#1210632). - CVE-2023-21939: Fixed an issue in the Swing component that could allow an attacker to update, insert or delete some data without authorization (bsc#1210634). - CVE-2023-21954: Fixed an issue in the Hotspot component that could allow an attacker to access critical data without authorization (bsc#1210635). - CVE-2023-21967: Fixed an issue in the JSSE component that could allow an attacker to cause a hang or frequently repeatable crash without authorization (bsc#1210636). - CVE-2023-21968: Fixed an issue in the Libraries component that could allow an attacker to update, insert or delete some data without authorization (bsc#1210637). Important SUSE bug 1210628 SUSE bug 1210631 SUSE bug 1210632 SUSE bug 1210634 SUSE bug 1210635 SUSE bug 1210636 SUSE bug 1210637 CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for ctags fixes the following issues: - CVE-2022-4515: Fixed a command injection issue via a tag file wih a crafted filename (bsc#1206543). Important SUSE bug 1206543 CVE-2022-4515 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for ucode-intel fixes the following issues: - Updated to Intel CPU Microcode 20230512 release. (bsc#1211382) - New Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL-N | A0 | 06-be-00/01 | | 00000010 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E | AZB | A0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100 | AZB | R0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100 - Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | L0 | 06-9a-03/80 | 00000429 | 0000042a | Core Gen12 | ADL | L0 | 06-9a-04/80 | 00000429 | 0000042a | Core Gen12 | AML-Y22 | H0 | 06-8e-09/10 | | 000000f2 | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile | CFL-H | R0 | 06-9e-0d/22 | 000000f4 | 000000f8 | Core Gen9 Mobile | CFL-H/S | P0 | 06-9e-0c/22 | 000000f0 | 000000f2 | Core Gen9 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f0 | 000000f2 | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000f0 | 000000f2 | Core Gen8 | CFL-U43e | D0 | 06-8e-0a/c0 | 000000f0 | 000000f2 | Core Gen8 Mobile | CLX-SP | B0 | 06-55-06/bf | 04003303 | 04003501 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003303 | 05003501 | Xeon Scalable Gen2 | CML-H | R1 | 06-a5-02/20 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-S102 | Q0 | 06-a5-05/22 | 000000f4 | 000000f6 | Core Gen10 | CML-S62 | G1 | 06-a5-03/22 | 000000f4 | 000000f6 | Core Gen10 | CML-U62 V1 | A0 | 06-a6-00/80 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-U62 V2 | K1 | 06-a6-01/80 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile | CPX-SP | A1 | 06-55-0b/bf | 07002503 | 07002601 | Xeon Scalable Gen3 | ICL-D | B0 | 06-6c-01/10 | 01000211 | 01000230 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000b8 | 000000ba | Core Gen10 Mobile | ICX-SP | D0 | 06-6a-06/87 | 0d000389 | 0d000390 | Xeon Scalable Gen3 | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000f0 | 000000f2 | Core Gen7; Xeon E3 v6 | KBL-U/Y | H0 | 06-8e-09/c0 | | 000000f2 | Core Gen7 Mobile | LKF | B2/B3 | 06-8a-01/10 | 00000032 | 00000033 | Core w/Hybrid Technology | RKL-S | B0 | 06-a7-01/02 | 00000057 | 00000058 | Core Gen11 | RPL-H 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13 | RPL-P 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13 | RPL-S | S0 | 06-b7-01/32 | 00000112 | 00000113 | Core Gen13 | RPL-U 2+8 | Q0 | 06-ba-03/07 | 0000410e | 00004112 | Core Gen13 | SKX-D | H0 | 06-55-04/b7 | | 02006f05 | Xeon D-21xx | SKX-SP | B1 | 06-55-03/97 | 01000161 | 01000171 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | | 02006f05 | Xeon Scalable | SPR-HBM | B3 | 06-8f-08/10 | 2c000170 | 2c0001d1 | Xeon Max | SPR-SP | E0 | 06-8f-04/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E2 | 06-8f-05/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E3 | 06-8f-06/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E4 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E5 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | S2 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | S3 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | TGL | B1 | 06-8c-01/80 | 000000a6 | 000000aa | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 00000042 | 00000044 | Core Gen11 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000028 | 0000002a | Core Gen11 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | | 000000f2 | Core Gen8 Mobile Important SUSE bug 1208479 SUSE bug 1211382 CVE-2022-33972 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for tomcat fixes the following issues: - CVE-2023-28709: Mended an incomplete fix for CVE-2023-24998 (bsc#1211608). Important SUSE bug 1211608 CVE-2023-28709 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). Important SUSE bug 1211430 CVE-2023-2650 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for openssl-1_0_0 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). Important SUSE bug 1211430 CVE-2023-2650 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for cups fixes the following issues: - CVE-2023-32324: Fixed a buffer overflow in format_log_line() which could cause a denial-of-service (bsc#1211643). Important SUSE bug 1211643 CVE-2023-32324 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for openvswitch fixes the following issues: - CVE-2022-4338: Fixed Integer Underflow in Organization Specific TLV (bsc#1206580). - CVE-2022-4337: Fixed Out-of-Bounds Read in Organization Specific TLV (bsc#1206581). - CVE-2022-32166: Fixed a out of bounds read in minimask_equal() (bsc#1203865). - CVE-2021-36980: Fixed a use-after-free issue during the decoding of a RAW_ENCAP action (bsc#1188524). Important SUSE bug 1188524 SUSE bug 1203865 SUSE bug 1206580 SUSE bug 1206581 CVE-2021-36980 CVE-2022-32166 CVE-2022-4337 CVE-2022-4338 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: Extended Support Release 102.12.0 ESR (bsc#1211922): - CVE-2023-34414: Click-jacking certificate exceptions through rendering lag - CVE-2023-34416: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12 Important SUSE bug 1211922 CVE-2023-34414 CVE-2023-34416 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for java-1_8_0-ibm fixes the following issues: - CVE-2023-21930: Fixed possible compromise from unauthenticated attacker with network access via TLS (bsc#1210628). - CVE-2023-21937: Fixed vulnerability inside the networking component (bsc#1210631). - CVE-2023-21938: Fixed vulnerability inside the library component (bsc#1210632). - CVE-2023-21939: Fixed vulnerability inside the swing component (bsc#1210634). - CVE-2023-21968: Fixed vulnerability inside the library component (bsc#1210637). - CVE-2023-2597: Fixed buffer overflow in shared cache implementation (bsc#1211615). - CVE-2023-21967: Fixed vulnerability inside the JSSE component (bsc#1210636). - CVE-2023-21954: Fixed vulnerability inside the hotspot component (bsc#1210635). Additional reference fixed already in 8.0.7.15: - CVE-2023-30441: Fixed components that could have exposed sensitive information using a combination of flaws and configurations (bsc#1210711). Important SUSE bug 1210628 SUSE bug 1210631 SUSE bug 1210632 SUSE bug 1210634 SUSE bug 1210635 SUSE bug 1210636 SUSE bug 1210637 SUSE bug 1210711 SUSE bug 1210826 SUSE bug 1211615 CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968 CVE-2023-2597 CVE-2023-30441 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for libcares2 fixes the following issues: - CVE-2023-32067: Fixed a denial of service that could be triggered by a 0-byte UDP payload (bsc#1211604). - CVE-2023-31147: Fixed an insufficient randomness in generation of DNS query IDs (bsc#1211605). - CVE-2023-31130: Fixed a buffer underflow when configuring specific IPv6 addresses (bsc#1211606). - CVE-2023-31124: Fixed a build issue when cross-compiling that could lead to insufficient randomness (bsc#1211607). Important SUSE bug 1211604 SUSE bug 1211605 SUSE bug 1211606 SUSE bug 1211607 CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for libX11 fixes the following issues: - CVE-2023-3138: Fixed buffer overflows in InitExt.c (bsc#1212102). Important SUSE bug 1212102 CVE-2023-3138 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405). - CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). - CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). - CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). - CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). - CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). - CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783). - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940 bsc#1211260). - CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715). - CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186). - CVE-2023-1380: A slab-out-of-bound read problem was fixed in brcmf_get_assoc_ies(), that could lead to a denial of service (bsc#1209287). - CVE-2023-2513: A use-after-free vulnerability was fixed in the ext4 filesystem, related to the way it handled the extra inode size for extended attributes (bsc#1211105). - CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629). The following non-security bugs were fixed: - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). - ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). Important SUSE bug 1204405 SUSE bug 1205756 SUSE bug 1205758 SUSE bug 1205760 SUSE bug 1205762 SUSE bug 1205803 SUSE bug 1206878 SUSE bug 1209287 SUSE bug 1210629 SUSE bug 1210715 SUSE bug 1210783 SUSE bug 1210940 SUSE bug 1211105 SUSE bug 1211186 SUSE bug 1211260 SUSE bug 1211592 CVE-2022-3566 CVE-2022-45884 CVE-2022-45885 CVE-2022-45886 CVE-2022-45887 CVE-2022-45919 CVE-2023-1380 CVE-2023-2176 CVE-2023-2194 CVE-2023-2513 CVE-2023-31084 CVE-2023-31436 CVE-2023-32269 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for libwebp fixes the following issues: - CVE-2023-1999: Fixed double free (bsc#1210212). Important SUSE bug 1210212 CVE-2023-1999 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for bluez fixes the following issues: - CVE-2023-27349: Fixed crash while handling unsupported events (bsc#1210398). Important SUSE bug 1210398 CVE-2023-27349 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for webkit2gtk3 fixes the following issues: Add security patches (bsc#1211846): - CVE-2023-28204: Fixed processing of web content that may disclose sensitive information (bsc#1211659). - CVE-2023-32373: Fixed processing of maliciously crafted web content that may lead to arbitrary code execution (bsc#1211658). Important SUSE bug 1211658 SUSE bug 1211659 SUSE bug 1211846 CVE-2023-28204 CVE-2023-32373 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect tests [bsc#1201627] Moderate SUSE bug 1201627 SUSE bug 1207534 CVE-2022-4304 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for openssl-1_0_0 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). Moderate SUSE bug 1207534 CVE-2022-4304 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for python fixes the following issues: - CVE-2023-24329: Fixed urllib.parse bypass when supplying a URL that starts with blank characters (bsc#1208471). Important SUSE bug 1208471 CVE-2023-24329 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). Moderate SUSE bug 1206337 CVE-2022-46908 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for bind fixes the following issues: - CVE-2023-2828: Fixed denial-of-service against recursive resolvers related to cache-cleaning algorithm (bsc#1212544). Important SUSE bug 1212544 CVE-2023-2828 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update of installation-images fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). Moderate SUSE bug 1209188 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for libqt5-qtbase fixes the following issues: - CVE-2020-24741: Fixed a bug that allow QLibrary to load libraries relative to CWD which could result in arbitrary code execution (bsc#1189408). - CVE-2023-32763: Fixed buffer overflow in QTextLayout (bsc#1211798). Important SUSE bug 1189408 SUSE bug 1211798 CVE-2020-24741 CVE-2023-32763 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for xorg-x11-server fixes the following issues: - CVE-2023-0494: Fixed a use-after-free in DeepCopyPointerClasses (bsc#1207783). Important SUSE bug 1207783 CVE-2023-0494 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for ghostscript fixes the following issues: - CVE-2023-36664: Fixed permission validation mishandling for pipe devices with the %pipe% prefix or the | pipe character prefix (bsc#1212711). Important SUSE bug 1212711 CVE-2023-36664 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues: Changes in MozillaFirefox and MozillaFirefox-branding-SLE: This update provides Firefox Extended Support Release 115.0 ESR * New: - Required fields are now highlighted in PDF forms. - Improved performance on high-refresh rate monitors (120Hz+). - Buttons in the Tabs toolbar can now be reached with Tab, Shift+Tab, and Arrow keys. View this article for additional details. - Windows' 'Make text bigger' accessibility setting now affects all the UI and content pages, rather than only applying to system font sizes. - Non-breaking spaces are now preserved—preventing automatic line breaks—when copying text from a form control. - Fixed WebGL performance issues on NVIDIA binary drivers via DMA-Buf on Linux. - Fixed an issue in which Firefox startup could be significantly slowed down by the processing of Web content local storage. This had the greatest impact on users with platter hard drives and significant local storage. - Removed a configuration option to allow SHA-1 signatures in certificates: SHA-1 signatures in certificates—long since determined to no longer be secure enough—are now not supported. - Highlight color is preserved correctly after typing `Enter` in the mail composer of Yahoo Mail and Outlook. After bypassing the https only error page navigating back would take you to the error page that was previously dismissed. Back now takes you to the previous site that was visited. - Paste unformatted shortcut (shift+ctrl/cmd+v) now works in plain text contexts, such as input and text area. - Added an option to print only the current page from the print preview dialog. - Swipe to navigate (two fingers on a touchpad swiped left or right to perform history back or forward) on Windows is now enabled. - Stability on Windows is significantly improved as Firefox handles low-memory situations much better. - Touchpad scrolling on macOS was made more accessible by reducing unintended diagonal scrolling opposite of the intended scroll axis. - Firefox is less likely to run out of memory on Linux and performs more efficiently for the rest of the system when memory runs low. - It is now possible to edit PDFs: including writing text, drawing, and adding signatures. - Setting Firefox as your default browser now also makes it the default PDF application on Windows systems. - Swipe-to-navigate (two fingers on a touchpad swiped left or right to perform history back or forward) now works for Linux users on Wayland. - Text Recognition in images allows users on macOS 10.15 and higher to extract text from the selected image (such as a meme or screenshot). - Firefox View helps you get back to content you previously discovered. A pinned tab allows you to find and open recently closed tabs on your current device and access tabs from other devices (via our “Tab Pickup” feature). - Import maps, which allow web pages to control the behavior of JavaScript imports, are now enabled by default. - Processes used for background tabs now use efficiency mode on Windows 11 to limit resource use. - The shift+esc keyboard shortcut now opens the Process Manager, offering a way to quickly identify processes that are using too many resources. - Firefox now supports properly color correcting images tagged with ICCv4 profiles. - Support for non-English characters when saving and printing PDF forms. - The bookmarks toolbar's default 'Only show on New Tab' state works correctly for blank new tabs. As before, you can change the bookmark toolbar's behavior using the toolbar context menu. - Manifest Version 3 (MV3) extension support is now enabled by default (MV2 remains enabled/supported). This major update also ushers an exciting user interface change in the form of the new extensions button. - The Arbitrary Code Guard exploit protection has been enabled in the media playback utility processes, improving security for Windows users. - The native HTML date picker for date and datetime inputs can now be used with a keyboard alone, improving its accessibility for screen reader users. Users with limited mobility can also now use common keyboard shortcuts to navigate the calendar grid and month selection spinners. - Firefox builds in the Spanish from Spain (es-ES) and Spanish from Argentina (es-AR) locales now come with a built- in dictionary for the Firefox spellchecker. - On macOS, Ctrl or Cmd + trackpad or mouse wheel now scrolls the page instead of zooming. This avoids accidental zooming and matches the behavior of other web browsers on macOS. - It's now possible to import bookmarks, history and passwords not only from Edge, Chrome or Safari but also from Opera, Opera GX, and Vivaldi. - GPU sandboxing has been enabled on Windows. - On Windows, third-party modules can now be blocked from injecting themselves into Firefox, which can be helpful if they are causing crashes or other undesirable behavior. - Date, time, and datetime-local input fields can now be cleared with `Cmd+Backspace` and `Cmd+Delete` shortcut on macOS and `Ctrl+Backspace` and `Ctrl+Delete` on Windows and Linux. - GPU-accelerated Canvas2D is enabled by default on macOS and Linux. - WebGL performance improvement on Windows, MacOS and Linux. - Enables overlay of hardware-decoded video with non-Intel GPUs on Windows 10/11, improving video playback performance and video scaling quality. - Windows native notifications are now enabled. - Firefox Relay users can now opt-in to create Relay email masks directly from the Firefox credential manager. You must be signed in with your Firefox Account. - We’ve added two new locales: Silhe Friulian (fur) and Sardinian (sc). - Right-clicking on password fields now shows an option to reveal the password. - Private windows and ETP set to strict will now include email tracking protection. This will make it harder for email trackers to learn the browsing habits of Firefox users. You can check the Tracking Content in the sub-panel on the shield icon panel. - The deprecated U2F Javascript API is now disabled by default. The U2F protocol remains usable through the WebAuthn API. The U2F API can be re-enabled using the `security.webauth.u2f` preference. - Say hello to enhanced Picture-in-Picture! Rewind, check video duration, and effortlessly switch to full-screen mode on the web's most popular video websites. - Firefox's address bar is already a great place to search for what you're looking for. Now you'll always be able to see your web search terms and refine them while viewing your search's results - no additional scrolling needed! Also, a new result menu has been added making it easier to remove history results and dismiss sponsored Firefox Suggest entries. - Private windows now protect users even better by blocking third-party cookies and storage of content trackers. - Passwords automatically generated by Firefox now include special characters, giving users more secure passwords by default. - Firefox 115 introduces a redesigned accessibility engine which significantly improves the speed, responsiveness, and stability of Firefox when used with: - Screen readers, as well as certain other accessibility software; - East Asian input methods; - Enterprise single sign-on software; and - Other applications which use accessibility frameworks to access information. - Firefox 115 now supports AV1 Image Format files containing animations (AVIS), improving support for AVIF images across the web. - The Windows GPU sandbox first shipped in the Firefox 110 release has been tightened to enhance the security benefits it provides. - A 13-year-old feature request was fulfilled and Firefox now supports files being drag-and-dropped directly from Microsoft Outlook. A special thanks to volunteer contributor Marco Spiess for helping to get this across the finish line! - Users on macOS can now access the Services sub-menu directly from Firefox context menus. - On Windows, the elastic overscroll effect has been enabled by default. When two-finger scrolling on the touchpad or scrolling on the touchscreen, you will now see a bouncing animation when scrolling past the edge of a scroll container. - Firefox is now available in the Tajik (tg) language. - Added UI to manage the DNS over HTTPS exception list. - Bookmarks can now be searched from the Bookmarks menu. The Bookmarks menu is accessible by adding the Bookmarks menu button to the toolbar. - Restrict searches to your local browsing history by selecting Search history from the History, Library or Application menu buttons. - Mac users can now capture video from their cameras in all supported native resolutions. This enables resolutions higher than 1280x720. - It is now possible to reorder the extensions listed in the extensions panel. - Users on macOS, Linux, and Windows 7 can now use FIDO2 / WebAuthn authenticators over USB. Some advanced features, such as fully passwordless logins, require a PIN to be set on the authenticator. - Pocket Recommended content can now be seen in France, Italy, and Spain. - DNS over HTTPS settings are now part of the Privacy & Security section of the Settings page and allow the user to choose from all the supported modes. - Migrating from another browser? Now you can bring over payment methods you've saved in Chrome-based browsers to Firefox. - Hardware video decoding enabled for Intel GPUs on Linux. - The Tab Manager dropdown now features close buttons, so you can close tabs more quickly. - Windows Magnifier now follows the text cursor correctly when the Firefox title bar is visible. - Undo and redo are now available in Password fields. [1]:https://support.mozilla.org/kb/access-toolbar-functions- using-keyboard?_gl=1*16it7nj*_ga*MTEzNjg4MjY5NC4xNjQ1MjAxMDU3 *_ga_MQ7767QQQW*MTY1Njk2MzExMS43LjEuMTY1Njk2MzIzMy4w [2]:https://support.mozilla.org/kb/how-set-tab-pickup-firefox-view [3]:https://support.mozilla.org/kb/task-manager-tabs-or-extensions-are-slowing-firefox [4]:https://blog.mozilla.org/addons/2022/11/17/manifest-v3-signing-available-november-21-on-firefox-nightly/ [5]:https://blog.mozilla.org/addons/2022/05/18/manifest-v3-in-firefox-recap-next-steps/ [6]:https://support.mozilla.org/kb/unified-extensions [7]:https://support.mozilla.org/kb/import-data-another-browser [8]:https://support.mozilla.org/kb/identify-problems-third-party-modules-firefox-windows [9]:https://support.mozilla.org/kb/how-generate-secure-password-firefox [10]:https://blog.mozilla.org/accessibility/firefox-113-accessibility-performance/ * Fixed: Various security fixes. MFSA 2023-22 (bsc#1212438) * CVE-2023-3482 (bmo#1839464) Block all cookies bypass for localstorage * CVE-2023-37201 (bmo#1826002) Use-after-free in WebRTC certificate generation * CVE-2023-37202 (bmo#1834711) Potential use-after-free from compartment mismatch in SpiderMonkey * CVE-2023-37203 (bmo#291640) Drag and Drop API may provide access to local system files * CVE-2023-37204 (bmo#1832195) Fullscreen notification obscured via option element * CVE-2023-37205 (bmo#1704420) URL spoofing in address bar using RTL characters * CVE-2023-37206 (bmo#1813299) Insufficient validation of symlinks in the FileSystem API * CVE-2023-37207 (bmo#1816287) Fullscreen notification obscured * CVE-2023-37208 (bmo#1837675) Lack of warning when opening Diagcab files * CVE-2023-37209 (bmo#1837993) Use-after-free in `NotifyOnHistoryReload` * CVE-2023-37210 (bmo#1821886) Full-screen mode exit prevention * CVE-2023-37211 (bmo#1832306, bmo#1834862, bmo#1835886, bmo#1836550, bmo#1837450) Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 * CVE-2023-37212 (bmo#1750870, bmo#1825552, bmo#1826206, bmo#1827076, bmo#1828690, bmo#1833503, bmo#1835710, bmo#1838587) Memory safety bugs fixed in Firefox 115 - Fixed potential SIGILL on older CPUs (bsc#1212101) * Fixed: Various security fixes and other quality Important SUSE bug 1212101 SUSE bug 1212438 CVE-2023-3482 CVE-2023-37201 CVE-2023-37202 CVE-2023-37203 CVE-2023-37204 CVE-2023-37205 CVE-2023-37206 CVE-2023-37207 CVE-2023-37208 CVE-2023-37209 CVE-2023-37210 CVE-2023-37211 CVE-2023-37212 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for java-1_8_0-ibm fixes the following issues: Updated to Java 8.0 Service Refresh 8 Fix Pack 6 (bsc#1213000): - Fixed issue in Java Virtual Machine where outofmemory (OOM) killer terminates the jvm due to failure in control groups detection. Important SUSE bug 1213000 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). Important SUSE bug 1210999 CVE-2023-31484 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for samba fixes the following issues: - CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send (bsc#1213174). Bugfixes: - Fixed trust relationship failure (bsc#1213384). Moderate SUSE bug 1213174 SUSE bug 1213384 CVE-2022-2127 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 115.0.2 ESR (MFSA 2023-26, bsc#1213230) Security fixes: - CVE-2023-3600: Fixed use-after-free in workers (bmo#1839703) Other fixes: - Fixed a startup crash experienced by some Windows users by blocking instances of a malicious injected DLL (bmo#1841751) - Fixed a bug with displaying a caret in the text editor on some websites (bmo#1840804) - Fixed a bug with broken audio rendering on some websites (bmo#1841982) - Fixed a bug with patternTransform translate using the wrong units (bmo#1840746) - Fixed a crash affecting Windows 7 users related to the DLL blocklist. Firefox Extended Support Release 115.0.1 ESR - Fixed a startup crash for Windows users with Kingsoft Antivirus software installed (bmo#1837242) Important SUSE bug 1213230 CVE-2023-3600 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for cjose fixes the following issues: - CVE-2023-37464: Fixed AES GCM decryption uses the Tag length from the actual Authentication Tag (bsc#1213385). Important SUSE bug 1213385 CVE-2023-37464 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for openssl-1_0_0 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). - testsuite: Update further expiring certificates that affect tests [bsc#1201627] Important SUSE bug 1201627 SUSE bug 1207533 SUSE bug 1207534 SUSE bug 1207536 CVE-2022-4304 CVE-2023-0215 CVE-2023-0286 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). Important SUSE bug 1207533 SUSE bug 1207534 SUSE bug 1207536 SUSE bug 1207538 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). Important SUSE bug 1206579 CVE-2022-47629 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for mariadb fixes the following issues: - CVE-2022-32084: Fixed segmentation fault via the component sub_select (bsc#1201164). Moderate SUSE bug 1201164 CVE-2022-32084 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for apache2-mod_security2 fixes the following issues: - CVE-2022-48279: Fixed a potential firewall bypass due to an incorrect parsing of HTTP multipart requests (bsc#1207378). Important SUSE bug 1207378 CVE-2022-48279 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for tomcat fixes the following issues: - Remove the log4j dependency as it is not used by the tomcat package (bsc#1196137) Security hardening, related to Spring Framework vulnerabilities: - Deprecate getResources() and always return null (bsc#1198136). Important SUSE bug 1196137 SUSE bug 1198136 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for libapr-util1 fixes the following issues: - CVE-2022-25147: Fixed a buffer overflow possible with specially crafted input during base64 encoding (bsc#1207866) Critical SUSE bug 1207866 CVE-2022-25147 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for xrdp fixes the following issues: - CVE-2022-23468: Fixed a buffer overflow in xrdp_login_wnd_create() (bsc#1206300). - CVE-2022-23479: Fixed a buffer overflow in xrdp_mm_chan_data_in() (bsc#1206303). - CVE-2022-23480: Fixed a buffer overflow in devredir_proc_client_devlist_announce_req() (bsc#1206306). - CVE-2022-23481: Fixed an out of bound read in xrdp_caps_process_confirm_active() (bsc#1206307). - CVE-2022-23482: Fixed an out of bound read in xrdp_sec_process_mcs_data_CS_CORE() (bsc#1206310). - CVE-2022-23483: Fixed an out of bound read in libxrdp_send_to_channel() (bsc#1206311). - CVE-2022-23484: Fixed a integer overflow in xrdp_mm_process_rail_update_window_text() (bsc#1206312). Important SUSE bug 1206300 SUSE bug 1206303 SUSE bug 1206306 SUSE bug 1206307 SUSE bug 1206310 SUSE bug 1206311 SUSE bug 1206312 CVE-2022-23468 CVE-2022-23479 CVE-2022-23480 CVE-2022-23481 CVE-2022-23482 CVE-2022-23483 CVE-2022-23484 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for cups fixes the following issues: - CVE-2023-4504: Fixed heap overflow in OpenPrinting CUPS Postscript Parsing (bsc#1215204). - CVE-2023-34241: Fixed a use-after-free problem in cupsdAcceptClient() (bsc#1212230). - CVE-2023-32360: Fixed information leak through Cups-Get-Document operation (bsc#1214254). Important SUSE bug 1212230 SUSE bug 1214254 SUSE bug 1215204 CVE-2023-32360 CVE-2023-34241 CVE-2023-4504 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for postgresql15 fixes the following issues: Update to 15.2: - CVE-2022-41862: Fixed memory leak in libpq (bsc#1208102). Important SUSE bug 1208102 CVE-2022-41862 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bnc#1207237). - CVE-2023-23454: Fixed denial or service in cbq_classify in net/sched/sch_cbq.c (bnc#1207036). - CVE-2022-4662: Fixed incorrect access control in the USB core subsystem that could lead a local user to crash the system (bnc#1206664). - CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bnc#1206073). The following non-security bugs were fixed: - Added support for enabling livepatching related packages on -RT (jsc#PED-1706). - Added suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149). - Reverted 'constraints: increase disk space for all architectures' (bsc#1203693). - HID: betop: check shape of output reports (bsc#1207186). - HID: betop: fix slab-out-of-bounds Write in betop_probe (bsc#1207186). - HID: check empty report_list in hid_validate_values() (bsc#1206784). - net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036). - net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036). - sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). Important SUSE bug 1203693 SUSE bug 1205149 SUSE bug 1206073 SUSE bug 1206664 SUSE bug 1206677 SUSE bug 1206784 SUSE bug 1207036 SUSE bug 1207186 SUSE bug 1207237 CVE-2022-3564 CVE-2022-4662 CVE-2022-47929 CVE-2023-23454 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for ImageMagick fixes the following issues: - CVE-2022-44267: Fixed a denial of service when parsing a PNG image (bsc#1207982). - CVE-2022-44268: Fixed arbitrary file disclosure when parsing a PNG image (bsc#1207983). Important SUSE bug 1207982 SUSE bug 1207983 CVE-2022-44267 CVE-2022-44268 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for git fixes the following issues: - CVE-2023-22490: Fixed incorrectly usable local clone optimization even when using a non-local transport (bsc#1208027). - CVE-2023-23946: Fixed issue where a path outside the working tree can be overwritten as the user who is running 'git apply' (bsc#1208028). Important SUSE bug 1208027 SUSE bug 1208028 CVE-2023-22490 CVE-2023-23946 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for java-1_8_0-openjdk fixes the following issues: Updated to version jdk8u362 (icedtea-3.26.0): - CVE-2023-21830: Fixed improper restrictions in CORBA deserialization (bsc#1207249). - CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248). Moderate SUSE bug 1207248 SUSE bug 1207249 CVE-2023-21830 CVE-2023-21843 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for clamav fixes the following issues: - CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser (bsc#1208363). - CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser (bsc#1208365). Critical SUSE bug 1208363 SUSE bug 1208365 CVE-2023-20032 CVE-2023-20052 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20230214 release. Security issues fixed: - CVE-2022-38090: Security updates for [INTEL-SA-00767](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00767.html) (bsc#1208275) - CVE-2022-33196: Security updates for [INTEL-SA-00738](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00738.html) (bsc#1208276) - CVE-2022-21216: Security updates for [INTEL-SA-00700](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00700.html) (bsc#1208277) - New Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | SPR-SP | E2 | 06-8f-05/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E3 | 06-8f-06/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E4 | 06-8f-07/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E5 | 06-8f-08/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-HBM | B3 | 06-8f-08/10 | | 2c000170 | Xeon Max | RPL-P 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13 | RPL-H 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13 | RPL-U 2+8 | Q0 | 06-ba-02/07 | | 0000410e | Core Gen13 - Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | C0 | 06-97-02/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-97-05/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-bf-02/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-bf-05/07 | 00000026 | 0000002c | Core Gen12 | ADL | L0 | 06-9a-03/80 | 00000424 | 00000429 | Core Gen12 | ADL | L0 | 06-9a-04/80 | 00000424 | 00000429 | Core Gen12 | CLX-SP | B0 | 06-55-06/bf | 04003302 | 04003303 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003302 | 05003303 | Xeon Scalable Gen2 | CPX-SP | A1 | 06-55-0b/bf | 07002501 | 07002503 | Xeon Scalable Gen3 | GLK | B0 | 06-7a-01/01 | 0000003c | 0000003e | Pentium Silver N/J5xxx, Celeron N/J4xxx | GLK-R | R0 | 06-7a-08/01 | 00000020 | 00000022 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-D | B0 | 06-6c-01/10 | 01000201 | 01000211 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000b6 | 000000b8 | Core Gen10 Mobile | ICX-SP | D0 | 06-6a-06/87 | 0d000375 | 0d000389 | Xeon Scalable Gen3 | JSL | A0/A1 | 06-9c-00/01 | 24000023 | 24000024 | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105 | LKF | B2/B3 | 06-8a-01/10 | 00000031 | 00000032 | Core w/Hybrid Technology | RKL-S | B0 | 06-a7-01/02 | 00000056 | 00000057 | Core Gen11 | RPL-S | S0 | 06-b7-01/32 | 0000010e | 00000112 | Core Gen13 | SKX-SP | B1 | 06-55-03/97 | 0100015e | 01000161 | Xeon Scalable Important SUSE bug 1208275 SUSE bug 1208276 SUSE bug 1208277 CVE-2022-21216 CVE-2022-33196 CVE-2022-38090 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: Updated to version 102.8.0 ESR (bsc#1208144): - CVE-2023-25728: Fixed content security policy leak in violation reports using iframes. - CVE-2023-25730: Fixed screen hijack via browser fullscreen mode. - CVE-2023-25743: Fixed Fullscreen notification not being shown in Firefox Focus. - CVE-2023-0767: Fixed arbitrary memory write via PKCS 12 in NSS. - CVE-2023-25735: Fixed potential use-after-free from compartment mismatch in SpiderMonkey. - CVE-2023-25737: Fixed invalid downcast in SVGUtils::SetupStrokeGeometry. - CVE-2023-25738: Fixed printing on Windows which could potentially crash Firefox with some device drivers. - CVE-2023-25739: Fixed use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext. - CVE-2023-25729: Fixed extensions opening external schemes without user knowledge. - CVE-2023-25732: Fixed out of bounds memory write from EncodeInputStream. - CVE-2023-25734: Fixed opening local .url files that causes unexpected network loads. - CVE-2023-25742: Fixed tab crash by Web Crypto ImportKey. - CVE-2023-25744: Fixed Memory safety bugs. - CVE-2023-25746: Fixed Memory safety bugs. Important SUSE bug 1208138 SUSE bug 1208144 CVE-2023-0767 CVE-2023-25728 CVE-2023-25729 CVE-2023-25730 CVE-2023-25732 CVE-2023-25734 CVE-2023-25735 CVE-2023-25737 CVE-2023-25738 CVE-2023-25739 CVE-2023-25742 CVE-2023-25743 CVE-2023-25744 CVE-2023-25746 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for mozilla-nss fixes the following issues: Updated to NSS 3.79.4 (bsc#1208138): - CVE-2023-0767: Fixed handling of unknown PKCS#12 safe bag types. Important SUSE bug 1208138 CVE-2023-0767 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for poppler fixes the following issues: - CVE-2022-38784: Fixed integer overflow in the JBIG2 decoder (bsc#1202692). - CVE-2019-13283: Fixed heap-based buffer over-read that could be triggered by sending a crafted PDF document to the pdftotext tool (bsc#1140877). Important SUSE bug 1140877 SUSE bug 1202692 CVE-2019-13283 CVE-2022-38784 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for libxslt fixes the following issues: - CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574). Important SUSE bug 1208574 CVE-2021-30560 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for xterm fixes the following issues: - CVE-2022-45063: Fixed command injection in ESC 50 fontoperation by disabling the change font functionality (bsc#1205305). Important SUSE bug 1205305 CVE-2022-45063 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for nrpe fixes the following issues: - CVE-2015-4000: Fixed Logjam Attack by increasing the standard size of 512 bit dh parameters to 2048 (bsc#931600, bsc#938906). Moderate SUSE bug 931600 SUSE bug 938906 CVE-2015-4000 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for emacs fixes the following issues: - CVE-2022-48337: Fixed etags local command injection vulnerability (bsc#1208515). - CVE-2022-48339: Fixed htmlfontify.el command injection vulnerability (bsc#1208512). Important SUSE bug 1208512 SUSE bug 1208515 CVE-2022-48337 CVE-2022-48339 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for webkit2gtk3 fixes the following issues: Update to version 2.38.3 (bnc#1206750): - CVE-2022-42852: Fixed disclosure of process memory by improved memory handling. - CVE-2022-42856: Fixed a potential arbitrary code execution when processing maliciously crafted web content (bsc#1206474). - CVE-2022-42863: Fixed a potential arbitrary code execution when processing maliciously crafted web content. - CVE-2022-42867: Fixed a use after free issue was addressed with improved memory management. - CVE-2022-46691: Fixed a potential arbitrary code execution when processing maliciously crafted web content. - CVE-2022-46692: Fixed bypass of Same Origin Policy through improved state management. - CVE-2022-46698: Fixed disclosure of sensitive user information with improved checks. - CVE-2022-46699: Fixed an arbitrary code execution caused by memory corruption. - CVE-2022-46700: Fixed a potential arbitrary code execution when processing maliciously crafted web content. Important SUSE bug 1206474 SUSE bug 1206750 CVE-2022-42852 CVE-2022-42856 CVE-2022-42863 CVE-2022-42867 CVE-2022-46691 CVE-2022-46692 CVE-2022-46698 CVE-2022-46699 CVE-2022-46700 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for xorg-x11-server fixes the following issues: - Fixed a regression introduced with security update for CVE-2022-46340 (bsc#1205874). Important SUSE bug 1205874 CVE-2022-46340 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for python3 fixes the following issues: - CVE-2023-24329: Fixed blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). - CVE-2022-40899: Fixed REDoS in http.cookiejar (gh#python/cpython#17157) (bsc#1206673). Important SUSE bug 1206673 SUSE bug 1208471 CVE-2022-40899 CVE-2023-24329 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for tomcat fixes the following issues: - CVE-2023-24998: Fixed FileUpload DoS with excessive parts (bsc#1208513). Important SUSE bug 1208513 CVE-2023-24998 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for jakarta-commons-fileupload fixes the following issues: - CVE-2016-3092: Fixed a usage of vulnerable FileUpload package can result in denial of service (bsc#986359). - CVE-2023-24998: Fixed a FileUpload deny of service with excessive parts (bsc#1208513). Important SUSE bug 1208513 SUSE bug 986359 CVE-2016-3092 CVE-2023-24998 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for vim fixes the following issues: - CVE-2023-0512: Fixed a divide By Zero (bsc#1207780). - CVE-2023-1175: vim: an incorrect calculation of buffer size (bsc#1208957). - CVE-2023-1170: Fixed a heap-based Buffer Overflow (bsc#1208959). - CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). Updated to version 9.0 with patch level 1386. - https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386 Important SUSE bug 1207780 SUSE bug 1208828 SUSE bug 1208957 SUSE bug 1208959 CVE-2023-0512 CVE-2023-1127 CVE-2023-1170 CVE-2023-1175 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for MozillaFirefox fixes the following issues: Update to version 102.9.0 ESR (bsc#1209173): - CVE-2023-28159: Fullscreen Notification could have been hidden by download popups on Android - CVE-2023-25748: Fullscreen Notification could have been hidden by window prompts on Android - CVE-2023-25749: Firefox for Android may have opened third-party apps without a prompt - CVE-2023-25750: Potential ServiceWorker cache leak during private browsing mode - CVE-2023-25751: Incorrect code generation during JIT compilation - CVE-2023-28160: Redirect to Web Extension files may have leaked local path - CVE-2023-28164: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation - CVE-2023-28161: One-time permissions granted to a local file were extended to other local files loaded in the same tab - CVE-2023-28162: Invalid downcast in Worklets - CVE-2023-25752: Potential out-of-bounds when accessing throttled streams - CVE-2023-28163: Windows Save As dialog resolved environment variables - CVE-2023-28176: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9 - CVE-2023-28177: Memory safety bugs fixed in Firefox 111 Important SUSE bug 1209173 CVE-2023-25748 CVE-2023-25749 CVE-2023-25750 CVE-2023-25751 CVE-2023-25752 CVE-2023-28159 CVE-2023-28160 CVE-2023-28161 CVE-2023-28162 CVE-2023-28163 CVE-2023-28164 CVE-2023-28176 CVE-2023-28177 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for apache2 fixes the following issues: - CVE-2023-25690: Fixed HTTP request splitting with mod_rewrite and mod_proxy (bsc#1209047). The following non-security bugs were fixed: - Fixed passing health check does not recover worker from its error state (bsc#1208708). Important SUSE bug 1208708 SUSE bug 1209047 CVE-2023-25690 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) - CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bsc#1194535). - CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051). - CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). - CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). - CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332). - CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773). - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2022-2991: Fixed an heap-based overflow in the lightnvm implemenation (bsc#1201420). The following non-security bugs were fixed: - kabi/severities: add l2tp local symbols Important SUSE bug 1191881 SUSE bug 1194535 SUSE bug 1201420 SUSE bug 1203331 SUSE bug 1203332 SUSE bug 1205711 SUSE bug 1207051 SUSE bug 1207773 SUSE bug 1207795 SUSE bug 1208700 SUSE bug 1209188 CVE-2021-4203 CVE-2022-2991 CVE-2022-36280 CVE-2022-38096 CVE-2022-4129 CVE-2023-0045 CVE-2023-0590 CVE-2023-23559 CVE-2023-26545 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update of oracleasm fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). Moderate SUSE bug 1209188 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update for xen fixes the following issues: - CVE-2022-42332: Fixed use-after-free in x86 shadow plus log-dirty mode (bsc#1209017). - CVE-2022-42333,CVE-2022-42334: Fixed x86/HVM pinned cache attributes mis-handling (bsc#1209018). - CVE-2022-42331: Fixed speculative vulnerability in 32bit SYSCALL path on x86 (bsc#1209019). Important SUSE bug 1209017 SUSE bug 1209018 SUSE bug 1209019 SUSE bug 1209188 CVE-2022-42331 CVE-2022-42332 CVE-2022-42333 CVE-2022-42334 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-ESPOS This update of grub2 fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). Moderate SUSE bug 1209188 cpe:/o:suse:sles-espos:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53.1 - CVE-2020-12402: Fixed a potential side channel attack during RSA key generation (bsc#1173032). - CVE-2020-12399: Fixed a timing attack on DSA signature generation (bsc#1171978). - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). - Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony (bsc#1168669). - Fixed an issue where Firefox tab was crashing (bsc#1170908). Release notes: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53_release_notes mozilla-nspr to version 4.25 Important SUSE bug 1159819 SUSE bug 1168669 SUSE bug 1169746 SUSE bug 1170908 SUSE bug 1171978 SUSE bug 1173022 CVE-2019-17006 CVE-2020-12399 CVE-2020-12402 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for xen fixes the following issues: - CVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking (bsc#1173377). - CVE-2020-15565: Fixed insufficient cache write-back under VT-d (bsc#1173378). - CVE-2020-15566: Fixed incorrect error handling in event channel port allocation (bsc#1173376). - CVE-2020-15567: Fixed non-atomic modification of live EPT PTE (bsc#1173380). Important SUSE bug 1173376 SUSE bug 1173377 SUSE bug 1173378 SUSE bug 1173380 CVE-2020-15563 CVE-2020-15565 CVE-2020-15566 CVE-2020-15567 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox to version 78.0.1 ESR fixes the following issues: Security issues fixed: - CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing (bsc#1173576). - CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster (bsc#1173576). - CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 (bsc#1173576). - CVE-2020-12418: Information disclosure due to manipulated URL object (bsc#1173576). - CVE-2020-12419: Use-after-free in nsGlobalWindowInner (bsc#1173576). - CVE-2020-12420: Use-After-Free when trying to connect to a STUN server (bsc#1173576). - CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack (bsc#1173576). - CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates (bsc#1173576). - CVE-2020-12422: Integer overflow in nsJPEGEncoder::emptyOutputBuffer (bsc#1173576). - CVE-2020-12423: DLL Hijacking due to searching %PATH% for a library (bsc#1173576). - CVE-2020-12424: WebRTC permission prompt could have been bypassed by a compromised content process (bsc#1173576). - CVE-2020-12425: Out of bound read in Date.parse() (bsc#1173576). - CVE-2020-12426: Memory safety bugs fixed in Firefox 78 (bsc#1173576). - FIPS: MozillaFirefox: allow /proc/sys/crypto/fips_enabled (bsc#1167231). Non-security issues fixed: - Fixed interaction with freetype6 (bsc#1173613). Important SUSE bug 1167231 SUSE bug 1173576 SUSE bug 1173613 CVE-2020-12402 CVE-2020-12415 CVE-2020-12416 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 CVE-2020-12422 CVE-2020-12423 CVE-2020-12424 CVE-2020-12425 CVE-2020-12426 CVE-2020-6813 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for squid fixes the following issues: - CVE-2020-15049.patch: fixes a Cache Poisoning and Request Smuggling attack (CVE-2020-15049, bsc#1173455) Important SUSE bug 1173455 CVE-2020-15049 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for tomcat fixes the following issues: Tomcat was updated to 9.0.36 See changelog at - CVE-2020-11996: Fixed an issue which by sending a specially crafted sequence of HTTP/2 requests could have triggered high CPU usage for several seconds making potentially the server unresponsive (bsc#1173389). Important SUSE bug 1173389 CVE-2020-11996 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update fixes the following issues: cobbler: - Calculate relative path for kernel and inited when generating grub entry (bsc#1170231) Added: fix-grub2-entry-paths.diff - Fix os-release version detection for SUSE Modified: sles15.patch - Jinja2 template library fix (bsc#1141661) - Removes string replace for textmode fix (bsc#1134195) golang-github-prometheus-node_exporter: - Update to 0.18.1 * [BUGFIX] Fix incorrect sysctl call in BSD meminfo collector, resulting in broken swap metrics on FreeBSD #1345 * [BUGFIX] Fix rollover bug in mountstats collector #1364 * Renamed interface label to device in netclass collector for consistency with * other network metrics #1224 * The cpufreq metrics now separate the cpufreq and scaling data based on what the driver provides. #1248 * The labels for the network_up metric have changed, see issue #1236 * Bonding collector now uses mii_status instead of operstatus #1124 * Several systemd metrics have been turned off by default to improve performance #1254 * These include unit_tasks_current, unit_tasks_max, service_restart_total, and unit_start_time_seconds * The systemd collector blacklist now includes automount, device, mount, and slice units by default. #1255 * [CHANGE] Bonding state uses mii_status #1124 * [CHANGE] Add a limit to the number of in-flight requests #1166 * [CHANGE] Renamed interface label to device in netclass collector #1224 * [CHANGE] Add separate cpufreq and scaling metrics #1248 * [CHANGE] Several systemd metrics have been turned off by default to improve performance #1254 * [CHANGE] Expand systemd collector blacklist #1255 * [CHANGE] Split cpufreq metrics into a separate collector #1253 * [FEATURE] Add a flag to disable exporter metrics #1148 * [FEATURE] Add kstat-based Solaris metrics for boottime, cpu and zfs collectors #1197 * [FEATURE] Add uname collector for FreeBSD #1239 * [FEATURE] Add diskstats collector for OpenBSD #1250 * [FEATURE] Add pressure collector exposing pressure stall information for Linux #1174 * [FEATURE] Add perf exporter for Linux #1274 * [ENHANCEMENT] Add Infiniband counters #1120 * [ENHANCEMENT] Add TCPSynRetrans to netstat default filter #1143 * [ENHANCEMENT] Move network_up labels into new metric network_info #1236 * [ENHANCEMENT] Use 64-bit counters for Darwin netstat * [BUGFIX] Add fallback for missing /proc/1/mounts #1172 * [BUGFIX] Fix node_textfile_mtime_seconds to work properly on symlinks #1326 - Add network-online (Wants and After) dependency to systemd unit bsc#1143913 golang-github-prometheus-prometheus: - Update change log and spec file + Modified spec file: default to golang 1.14 to avoid 'have choice' build issues in OBS. + Rebase and update patches for version 2.18.0 + Changed: * 0002-Default-settings.patch Changed - Update to 2.18.0 + Features * Tracing: Added experimental Jaeger support #7148 + Changes * Federation: Only use local TSDB for federation (ignore remote read). #7096 * Rules: `rule_evaluations_total` and `rule_evaluation_failures_total` have a `rule_group` label now. #7094 + Enhancements * TSDB: Significantly reduce WAL size kept around after a block cut. #7098 * Discovery: Add `architecture` meta label for EC2. #7000 + Bug fixes * UI: Fixed wrong MinTime reported by /status. #7182 * React UI: Fixed multiselect legend on OSX. #6880 * Remote Write: Fixed blocked resharding edge case. #7122 * Remote Write: Fixed remote write not updating on relabel configs change. #7073 - Changes from 2.17.2 + Bug fixes * Federation: Register federation metrics #7081 * PromQL: Fix panic in parser error handling #7132 * Rules: Fix reloads hanging when deleting a rule group that is being evaluated #7138 * TSDB: Fix a memory leak when prometheus starts with an empty TSDB WAL #7135 * TSDB: Make isolation more robust to panics in web handlers #7129 #7136 - Changes from 2.17.1 + Bug fixes * TSDB: Fix query performance regression that increased memory and CPU usage #7051 - Changes from 2.17.0 + Features * TSDB: Support isolation #6841 * This release implements isolation in TSDB. API queries and recording rules are guaranteed to only see full scrapes and full recording rules. This comes with a certain overhead in resource usage. Depending on the situation, there might be some increase in memory usage, CPU usage, or query latency. + Enhancements * PromQL: Allow more keywords as metric names #6933 * React UI: Add normalization of localhost URLs in targets page #6794 * Remote read: Read from remote storage concurrently #6770 * Rules: Mark deleted rule series as stale after a reload #6745 * Scrape: Log scrape append failures as debug rather than warn #6852 * TSDB: Improve query performance for queries that partially hit the head #6676 * Consul SD: Expose service health as meta label #5313 * EC2 SD: Expose EC2 instance lifecycle as meta label #6914 * Kubernetes SD: Expose service type as meta label for K8s service role #6684 * Kubernetes SD: Expose label_selector and field_selector #6807 * Openstack SD: Expose hypervisor id as meta label #6962 + Bug fixes * PromQL: Do not escape HTML-like chars in query log #6834 #6795 * React UI: Fix data table matrix values #6896 * React UI: Fix new targets page not loading when using non-ASCII characters #6892 * Remote read: Fix duplication of metrics read from remote storage with external labels #6967 #7018 * Remote write: Register WAL watcher and live reader metrics for all remotes, not just the first one #6998 * Scrape: Prevent removal of metric names upon relabeling #6891 * Scrape: Fix 'superfluous response.WriteHeader call' errors when scrape fails under some circonstances #6986 * Scrape: Fix crash when reloads are separated by two scrape intervals #7011 - Changes from 2.16.0 + Features * React UI: Support local timezone on /graph #6692 * PromQL: add absent_over_time query function #6490 * Adding optional logging of queries to their own file #6520 + Enhancements * React UI: Add support for rules page and 'Xs ago' duration displays #6503 * React UI: alerts page, replace filtering togglers tabs with checkboxes #6543 * TSDB: Export metric for WAL write errors #6647 * TSDB: Improve query performance for queries that only touch the most recent 2h of data. #6651 * PromQL: Refactoring in parser errors to improve error messages #6634 * PromQL: Support trailing commas in grouping opts #6480 * Scrape: Reduce memory usage on reloads by reusing scrape cache #6670 * Scrape: Add metrics to track bytes and entries in the metadata cache #6675 * promtool: Add support for line-column numbers for invalid rules output #6533 * Avoid restarting rule groups when it is unnecessary #6450 + Bug fixes * React UI: Send cookies on fetch() on older browsers #6553 * React UI: adopt grafana flot fix for stacked graphs #6603 * React UI: broken graph page browser history so that back button works as expected #6659 * TSDB: ensure compactionsSkipped metric is registered, and log proper error if one is returned from head.Init #6616 * TSDB: return an error on ingesting series with duplicate labels #6664 * PromQL: Fix unary operator precedence #6579 * PromQL: Respect query.timeout even when we reach query.max-concurrency #6712 * PromQL: Fix string and parentheses handling in engine, which affected React UI #6612 * PromQL: Remove output labels returned by absent() if they are produced by multiple identical label matchers #6493 * Scrape: Validate that OpenMetrics input ends with `# EOF` #6505 * Remote read: return the correct error if configs can't be marshal'd to JSON #6622 * Remote write: Make remote client `Store` use passed context, which can affect shutdown timing #6673 * Remote write: Improve sharding calculation in cases where we would always be consistently behind by tracking pendingSamples #6511 * Ensure prometheus_rule_group metrics are deleted when a rule group is removed #6693 - Changes from 2.15.2 + Bug fixes * TSDB: Fixed support for TSDB blocks built with Prometheus before 2.1.0. #6564 * TSDB: Fixed block compaction issues on Windows. #6547 - Changes from 2.15.1 + Bug fixes * TSDB: Fixed race on concurrent queries against same data. #6512 - Changes from 2.15.0 + Features * API: Added new endpoint for exposing per metric metadata `/metadata`. #6420 #6442 + Changes * Discovery: Removed `prometheus_sd_kubernetes_cache_*` metrics. Additionally `prometheus_sd_kubernetes_workqueue_latency_seconds` and `prometheus_sd_kubernetes_workqueue_work_duration_seconds` metrics now show correct values in seconds. #6393 * Remote write: Changed `query` label on `prometheus_remote_storage_*` metrics to `remote_name` and `url`. #6043 + Enhancements * TSDB: Significantly reduced memory footprint of loaded TSDB blocks. #6418 #6461 * TSDB: Significantly optimized what we buffer during compaction which should result in lower memory footprint during compaction. #6422 #6452 #6468 #6475 * TSDB: Improve replay latency. #6230 * TSDB: WAL size is now used for size based retention calculation. #5886 * Remote read: Added query grouping and range hints to the remote read request #6401 * Remote write: Added `prometheus_remote_storage_sent_bytes_total` counter per queue. #6344 * promql: Improved PromQL parser performance. #6356 * React UI: Implemented missing pages like `/targets` #6276, TSDB status page #6281 #6267 and many other fixes and performance improvements. * promql: Prometheus now accepts spaces between time range and square bracket. e.g `[ 5m]` #6065 + Bug fixes * Config: Fixed alertmanager configuration to not miss targets when configurations are similar. #6455 * Remote write: Value of `prometheus_remote_storage_shards_desired` gauge shows raw value of desired shards and it's updated correctly. #6378 * Rules: Prometheus now fails the evaluation of rules and alerts where metric results collide with labels specified in `labels` field. #6469 * API: Targets Metadata API `/targets/metadata` now accepts empty `match_targets` parameter as in the spec. #6303 - Changes from 2.14.0 + Features * API: `/api/v1/status/runtimeinfo` and `/api/v1/status/buildinfo` endpoints added for use by the React UI. #6243 * React UI: implement the new experimental React based UI. #5694 and many more * Can be found by under `/new`. * Not all pages are implemented yet. * Status: Cardinality statistics added to the Runtime & Build Information page. #6125 + Enhancements * Remote write: fix delays in remote write after a compaction. #6021 * UI: Alerts can be filtered by state. #5758 + Bug fixes * Ensure warnings from the API are escaped. #6279 * API: lifecycle endpoints return 403 when not enabled. #6057 * Build: Fix Solaris build. #6149 * Promtool: Remove false duplicate rule warnings when checking rule files with alerts. #6270 * Remote write: restore use of deduplicating logger in remote write. #6113 * Remote write: do not reshard when unable to send samples. #6111 * Service discovery: errors are no longer logged on context cancellation. #6116, #6133 * UI: handle null response from API properly. #6071 - Changes from 2.13.1 + Bug fixes * Fix panic in ARM builds of Prometheus. #6110 * promql: fix potential panic in the query logger. #6094 * Multiple errors of http: superfluous response.WriteHeader call in the logs. #6145 - Changes from 2.13.0 + Enhancements * Metrics: renamed prometheus_sd_configs_failed_total to prometheus_sd_failed_configs and changed to Gauge #5254 * Include the tsdb tool in builds. #6089 * Service discovery: add new node address types for kubernetes. #5902 * UI: show warnings if query have returned some warnings. #5964 * Remote write: reduce memory usage of the series cache. #5849 * Remote read: use remote read streaming to reduce memory usage. #5703 * Metrics: added metrics for remote write max/min/desired shards to queue manager. #5787 * Promtool: show the warnings during label query. #5924 * Promtool: improve error messages when parsing bad rules. #5965 * Promtool: more promlint rules. #5515 + Bug fixes * UI: Fix a Stored DOM XSS vulnerability with query history [CVE-2019-10215](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10215). #6098 * Promtool: fix recording inconsistency due to duplicate labels. #6026 * UI: fixes service-discovery view when accessed from unhealthy targets. #5915 * Metrics format: OpenMetrics parser crashes on short input. #5939 * UI: avoid truncated Y-axis values. #6014 - Changes from 2.12.0 + Features * Track currently active PromQL queries in a log file. #5794 * Enable and provide binaries for `mips64` / `mips64le` architectures. #5792 + Enhancements * Improve responsiveness of targets web UI and API endpoint. #5740 * Improve remote write desired shards calculation. #5763 * Flush TSDB pages more precisely. tsdb#660 * Add `prometheus_tsdb_retention_limit_bytes` metric. tsdb#667 * Add logging during TSDB WAL replay on startup. tsdb#662 * Improve TSDB memory usage. tsdb#653, tsdb#643, tsdb#654, tsdb#642, tsdb#627 + Bug fixes * Check for duplicate label names in remote read. #5829 * Mark deleted rules' series as stale on next evaluation. #5759 * Fix JavaScript error when showing warning about out-of-sync server time. #5833 * Fix `promtool test rules` panic when providing empty `exp_labels`. #5774 * Only check last directory when discovering checkpoint number. #5756 * Fix error propagation in WAL watcher helper functions. #5741 * Correctly handle empty labels from alert templates. #5845 - Update Uyuni/SUSE Manager service discovery patch + Modified 0003-Add-Uyuni-service-discovery.patch: + Adapt service discovery to the new Uyuni API endpoints + Modified spec file: force golang 1.12 to fix build issues in SLE15SP2 - Update to Prometheus 2.11.2 grafana: - Update to version 7.0.3 * Features / Enhancements - Stats: include all fields. #24829, @ryantxu - Variables: change VariableEditorList row action Icon to IconButton. #25217, @hshoff * Bug fixes - Cloudwatch: Fix dimensions of DDoSProtection. #25317, @papagian - Configuration: Fix env var override of sections containing hyphen. #25178, @marefr - Dashboard: Get panels in collapsed rows. #25079, @peterholmberg - Do not show alerts tab when alerting is disabled. #25285, @dprokop - Jaeger: fixes cascader option label duration value. #25129, @Estrax - Transformations: Fixed Transform tab crash & no update after adding first transform. #25152, @torkelo - Update to version 7.0.2 * Bug fixes - Security: Urgent security patch release to fix CVE-2020-13379 - Update to version 7.0.1 * Features / Enhancements - Datasource/CloudWatch: Makes CloudWatch Logs query history more readable. #24795, @kaydelaney - Download CSV: Add date and time formatting. #24992, @ryantxu - Table: Make last cell value visible when right aligned. #24921, @peterholmberg - TablePanel: Adding sort order persistance. #24705, @torkelo - Transformations: Display correct field name when using reduce transformation. #25068, @peterholmberg - Transformations: Allow custom number input for binary operations. #24752, @ryantxu * Bug fixes - Dashboard/Links: Fixes dashboard links by tags not working. #24773, @KamalGalrani - Dashboard/Links: Fixes open in new window for dashboard link. #24772, @KamalGalrani - Dashboard/Links: Variables are resolved and limits to 100. #25076, @hugohaggmark - DataLinks: Bring back variables interpolation in title. #24970, @dprokop - Datasource/CloudWatch: Field suggestions no longer limited to prefix-only. #24855, @kaydelaney - Explore/Table: Keep existing field types if possible. #24944, @kaydelaney - Explore: Fix wrap lines toggle for results of queries with filter expression. #24915, @ivanahuckova - Explore: fix undo in query editor. #24797, @zoltanbedi - Explore: fix word break in type head info. #25014, @zoltanbedi - Graph: Legend decimals now work as expected. #24931, @torkelo - LoginPage: Fix hover color for service buttons. #25009, @tskarhed - LogsPanel: Fix scrollbar. #24850, @ivanahuckova - MoveDashboard: Fix for moving dashboard caused all variables to be lost. #25005, @torkelo - Organize transformer: Use display name in field order comparer. #24984, @dprokop - Panel: shows correct panel menu items in view mode. #24912, @hugohaggmark - PanelEditor Fix missing labels and description if there is only single option in category. #24905, @dprokop - PanelEditor: Overrides name matcher still show all original field names even after Field default display name is specified. #24933, @torkelo - PanelInspector: Makes sure Data display options are visible. #24902, @hugohaggmark - PanelInspector: Hides unsupported data display options for Panel type. #24918, @hugohaggmark - PanelMenu: Make menu disappear on button press. #25015, @tskarhed - Postgres: Fix add button. #25087, @phemmer - Prometheus: Fix recording rules expansion. #24977, @ivanahuckova - Stackdriver: Fix creating Service Level Objectives (SLO) datasource query variable. #25023, @papagian - Update to version 7.0.0 * Breaking changes - Removed PhantomJS: PhantomJS was deprecated in Grafana v6.4 and starting from Grafana v7.0.0, all PhantomJS support has been removed. This means that Grafana no longer ships with a built-in image renderer, and we advise you to install the Grafana Image Renderer plugin. - Dashboard: A global minimum dashboard refresh interval is now enforced and defaults to 5 seconds. - Interval calculation: There is now a new option Max data points that controls the auto interval $__interval calculation. Interval was previously calculated by dividing the panel width by the time range. With the new max data points option it is now easy to set $__interval to a dynamic value that is time range agnostic. For example if you set Max data points to 10 Grafana will dynamically set $__interval by dividing the current time range by 10. - Datasource/Loki: Support for deprecated Loki endpoints has been removed. - Backend plugins: Grafana now requires backend plugins to be signed, otherwise Grafana will not load/start them. This is an additional security measure to make sure backend plugin binaries and files haven't been tampered with. Refer to Upgrade Grafana for more information. - @grafana/ui: Forms migration notice, see @grafana/ui changelog - @grafana/ui: Select API change for creating custom values, see @grafana/ui changelog + Deprecation warnings - Scripted dashboards is now deprecated. The feature is not removed but will be in a future release. We hope to address the underlying requirement of dynamic dashboards in a different way. #24059 - The unofficial first version of backend plugins together with usage of grafana/grafana-plugin-model is now deprecated and support for that will be removed in a future release. Please refer to backend plugins documentation for information about the new officially supported backend plugins. * Features / Enhancements - Backend plugins: Log deprecation warning when using the unofficial first version of backend plugins. #24675, @marefr - Editor: New line on Enter, run query on Shift+Enter. #24654, @davkal - Loki: Allow multiple derived fields with the same name. #24437, @aocenas - Orgs: Add future deprecation notice. #24502, @torkelo * Bug Fixes - @grafana/toolkit: Use process.cwd() instead of PWD to get directory. #24677, @zoltanbedi - Admin: Makes long settings values line break in settings page. #24559, @hugohaggmark - Dashboard: Allow editing provisioned dashboard JSON and add confirmation when JSON is copied to dashboard. #24680, @dprokop - Dashboard: Fix for strange 'dashboard not found' errors when opening links in dashboard settings. #24416, @torkelo - Dashboard: Fix so default data source is selected when data source can't be found in panel editor. #24526, @mckn - Dashboard: Fixed issue changing a panel from transparent back to normal in panel editor. #24483, @torkelo - Dashboard: Make header names reflect the field name when exporting to CSV file from the the panel inspector. #24624, @peterholmberg - Dashboard: Make sure side pane is displayed with tabs by default in panel editor. #24636, @dprokop - Data source: Fix query/annotation help content formatting. #24687, @AgnesToulet - Data source: Fixes async mount errors. #24579, @Estrax - Data source: Fixes saving a data source without failure when URL doesn't specify a protocol. #24497, @aknuds1 - Explore/Prometheus: Show results of instant queries only in table. #24508, @ivanahuckova - Explore: Fix rendering of react query editors. #24593, @ivanahuckova - Explore: Fixes loading more logs in logs context view. #24135, @Estrax - Graphite: Fix schema and dedupe strategy in rollup indicators for Metrictank queries. #24685, @torkelo - Graphite: Makes query annotations work again. #24556, @hugohaggmark - Logs: Clicking 'Load more' from context overlay doesn't expand log row. #24299, @kaydelaney - Logs: Fix total bytes process calculation. #24691, @davkal - Org/user/team preferences: Fixes so UI Theme can be set back to Default. #24628, @AgnesToulet - Plugins: Fix manifest validation. #24573, @aknuds1 - Provisioning: Use proxy as default access mode in provisioning. #24669, @bergquist - Search: Fix select item when pressing enter and Grafana is served using a sub path. #24634, @tskarhed - Search: Save folder expanded state. #24496, @Clarity-89 - Security: Tag value sanitization fix in OpenTSDB data source. #24539, @rotemreiss - Table: Do not include angular options in options when switching from angular panel. #24684, @torkelo - Table: Fixed persisting column resize for time series fields. #24505, @torkelo - Table: Fixes Cannot read property subRows of null. #24578, @hugohaggmark - Time picker: Fixed so you can enter a relative range in the time picker without being converted to absolute range. #24534, @mckn - Transformations: Make transform dropdowns not cropped. #24615, @dprokop - Transformations: Sort order should be preserved as entered by user when using the reduce transformation. #24494, @hugohaggmark - Units: Adds scale symbol for currencies with suffixed symbol. #24678, @hugohaggmark - Variables: Fixes filtering options with more than 1000 entries. #24614, @hugohaggmark - Variables: Fixes so Textbox variables read value from url. #24623, @hugohaggmark - Zipkin: Fix error when span contains remoteEndpoint. #24524, @aocenas - SAML: Switch from email to login for user login attribute mapping (Enterprise) - Update Makefile and spec file * Remove phantomJS patch from Makefile * Fix multiline strings in Makefile * Exclude s390 from SLE12 builds, golang 1.14 is not built for s390 - Add instructions for patching the Grafana javascript frontend. - BuildRequires golang(API) instead of go metapackage version range * BuildRequires: golang(API) >= 1.14 from BuildRequires: ( go >= 1.14 with go < 1.15 ) - Update to version 6.7.3 - This version fixes bsc#1170557 and its corresponding CVE-2020-12245 - Admin: Fix Synced via LDAP message for non-LDAP external users. #23477, @alexanderzobnin - Alerting: Fixes notifications for alerts with empty message in Google Hangouts notifier. #23559, @hugohaggmark - AuthProxy: Fixes bug where long username could not be cached.. #22926, @jcmcken - Dashboard: Fix saving dashboard when editing raw dashboard JSON model. #23314, @peterholmberg - Dashboard: Try to parse 8 and 15 digit numbers as timestamps if parsing of time range as date fails. #21694, @jessetan - DashboardListPanel: Fixed problem with empty panel after going into edit mode (General folder filter being automatically added) . #23426, @torkelo - Data source: Handle datasource withCredentials option properly. #23380, @hvtuananh - Security: Fix annotation popup XSS vulnerability. #23813, @torkelo - Server: Exit Grafana with status code 0 if no error. #23312, @aknuds1 - TablePanel: Fix XSS issue in header column rename (backport). #23814, @torkelo - Variables: Fixes error when setting adhoc variable values. #23580, @hugohaggmark - Update to version 6.7.2: (see installed changelog for the full list of changes) - BackendSrv: Adds config to response to fix issue for external plugins that used this property . #23032, @torkelo - Dashboard: Fixed issue with saving new dashboard after changing title . #23104, @dprokop - DataLinks: make sure we use the correct datapoint when dataset contains null value.. #22981, @mckn - Plugins: Fixed issue for plugins that imported dateMath util . #23069, @mckn - Security: Fix for dashboard snapshot original dashboard link could contain XSS vulnerability in url. #23254, @torkelo - Variables: Fixes issue with too many queries being issued for nested template variables after value change. #23220, @torkelo - Plugins: Expose promiseToDigest. #23249, @torkelo - Reporting (Enterprise): Fixes issue updating a report created by someone else - Update to 6.7.1: (see installed changelog for the full list of changes) Bug Fixes - Azure: Fixed dropdowns not showing current value. #22914, @torkelo - BackendSrv: only add content-type on POST, PUT requests. #22910, @hugohaggmark - Panels: Fixed size issue with panel internal size when exiting panel edit mode. #22912, @torkelo - Reporting: fixes migrations compatibility with mysql (Enterprise) - Reporting: Reduce default concurrency limit to 4 (Enterprise) - Update to 6.7.0: (see installed changelog for the full list of changes) Bug Fixes - AngularPanels: Fixed inner height calculation for angular panels . #22796, @torkelo - BackendSrv: makes sure provided headers are correctly recognized and set. #22778, @hugohaggmark - Forms: Fix input suffix position (caret-down in Select) . #22780, @torkelo - Graphite: Fixed issue with query editor and next select metric now showing after selecting metric node . #22856, @torkelo - Rich History: UX adjustments and fixes. #22729, @ivanahuckova - Update to 6.7.0-beta1: Breaking changes - Slack: Removed Mention setting and instead introduce Mention Users, Mention Groups, and Mention Channel. The first two settings require user and group IDs, respectively. This change was necessary because the way of mentioning via the Slack API changed and mentions in Slack notifications no longer worked. - Alerting: Reverts the behavior of diff and percent_diff to not always be absolute. Something we introduced by mistake in 6.1.0. Alerting now support diff(), diff_abs(), percent_diff() and percent_diff_abs(). #21338 - Notice about changes in backendSrv for plugin authors In our mission to migrate away from AngularJS to React we have removed all AngularJS dependencies in the core data retrieval service backendSrv. Removing the AngularJS dependencies in backendSrv has the unfortunate side effect of AngularJS digest no longer being triggered for any request made with backendSrv. Because of this, external plugins using backendSrv directly may suffer from strange behaviour in the UI. To remedy this issue, as a plugin author you need to trigger the digest after a direct call to backendSrv. Bug Fixes API: Fix redirect issues. #22285, @papagian Alerting: Don't include image_url field with Slack message if empty. #22372, @aknuds1 Alerting: Fixed bad background color for default notifications in alert tab . #22660, @krvajal Annotations: In table panel when setting transform to annotation, they will now show up right away without a manual refresh. #22323, @krvajal Azure Monitor: Fix app insights source to allow for new __timeFrom and __timeTo. #21879, @ChadNedzlek BackendSrv: Fixes POST body for form data. gmark CloudWatch: Credentials cache invalidation fix. #22473, @sunker CloudWatch: Expand alias variables when query yields no result. #22695, @sunker Dashboard: Fix bug with NaN in alerting. #22053, @a-melnyk Explore: Fix display of multiline logs in log panel and explore. #22057, @thomasdraebing Heatmap: Legend color range is incorrect when using custom min/max. #21748, @sv5d Security: Fixed XSS issue in dashboard history diff . #22680, @torkelo StatPanel: Fixes base color is being used for null values . #22646, @torkelo - Update to version 6.6.2: (see installed changelog for the full list of changes) - Update to version 6.6.1: (see installed changelog for the full list of changes) - Update to version 6.6.0: (see installed changelog for the full list of changes) - Update to version 6.5.3: (see installed changelog for the full list of changes) - Update to version 6.5.2: (see installed changelog for the full list of changes) - Update to version 6.5.1: (see installed changelog for the full list of changes) - Update to version 6.5.0 (see installed changelog for the full list of changes) - Update to version 6.4.5: * Create version 6.4.5 * CloudWatch: Fix high CPU load (#20579) - Add obs-service-go_modules to download required modules into vendor.tar.gz - Adjusted spec file to use vendor.tar.gz - Adjusted Makefile to work with new filenames - BuildRequire go1.14 - Update to version 6.4.4: * DataLinks: Fix blur issues. #19883, @aocenas * Docker: Makes it possible to parse timezones in the docker image. #20081, @xlson * LDAP: All LDAP servers should be tried even if one of them returns a connection error. #20077, @jongyllen * LDAP: No longer shows incorrectly matching groups based on role in debug page. #20018, @xlson * Singlestat: Fix no data / null value mapping . #19951, @ryantxu - Revert the spec file and make script - Remove PhantomJS dependency - Update to 6.4.3 * Bug Fixes - Alerting: All notification channels should send even if one fails to send. #19807, @jan25 - AzureMonitor: Fix slate interference with dropdowns. #19799, @aocenas - ContextMenu: make ContextMenu positioning aware of the viewport width. #19699, @krvajal - DataLinks: Fix context menu not showing in singlestat-ish visualisations. #19809, @dprokop - DataLinks: Fix url field not releasing focus. #19804, @aocenas - Datasource: Fixes clicking outside of some query editors required 2 clicks. #19822, @aocenas - Panels: Fixes default tab for visualizations without Queries Tab. #19803, @hugohaggmark - Singlestat: Fixed issue with mapping null to text. #19689, @torkelo - @grafana/toolkit: Don't fail plugin creation when git user.name config is not set. #19821, @dprokop - @grafana/toolkit: TSLint line number off by 1. #19782, @fredwangwang - Update to 6.4.2 * Bug Fixes - CloudWatch: Changes incorrect dimension wmlid to wlmid . #19679, @ATTron - Grafana Image Renderer: Fixes plugin page. #19664, @hugohaggmark - Graph: Fixes auto decimals logic for y axis ticks that results in too many decimals for high values. #19618, @torkelo - Graph: Switching to series mode should re-render graph. #19623, @torkelo - Loki: Fix autocomplete on label values. #19579, @aocenas - Loki: Removes live option for logs panel. #19533, @davkal - Profile: Fix issue with user profile not showing more than sessions sessions in some cases. #19578, @huynhsamha - Prometheus: Fixes so results in Panel always are sorted by query order. #19597, @hugohaggmark - sted keys in YAML provisioning caused a server crash, #19547 - ImageRendering: Fixed issue with image rendering in enterprise build (Enterprise) - Reporting: Fixed issue with reporting service when STMP was disabled (Enterprise). - Changes from 6.4.0 * Features / Enhancements - Build: Upgrade go to 1.12.10. #19499, @marefr - DataLinks: Suggestions menu improvements. #19396, @dprokop - Explore: Take root_url setting into account when redirecting from dashboard to explore. #19447, @ivanahuckova - Explore: Update broken link to logql docs. #19510, @ivanahuckova - Logs: Adds Logs Panel as a visualization. #19504, @davkal * Bug Fixes - CLI: Fix version selection for plugin install. #19498, @aocenas - Graph: Fixes minor issue with series override color picker and custom color . #19516, @torkelo - Changes from 6.4.0 Beta 2 * Features / Enhancements - Azure Monitor: Remove support for cross resource queries (#19115)'. #19346, @sunker - Docker: Upgrade packages to resolve reported vulnerabilities. #19188, @marefr - Graphite: Time range expansion reduced from 1 minute to 1 second. #19246, @torkelo - grafana/toolkit: Add plugin creation task. #19207, @dprokop * Bug Fixes - Alerting: Prevents creating alerts from unsupported queries. #19250, @hugohaggmark - Alerting: Truncate PagerDuty summary when greater than 1024 characters. #18730, @nvllsvm - Cloudwatch: Fix autocomplete for Gamelift dimensions. #19146, @kevinpz - Dashboard: Fix export for sharing when panels use default data source. #19315, @torkelo - Database: Rewrite system statistics query to perform better. #19178, @papagian - Gauge/BarGauge: Fix issue with [object Object] in titles . #19217, @ryantxu - MSSQL: Revert usage of new connectionstring format introduced by #18384. #19203, @marefr - Multi-LDAP: Do not fail-fast on invalid credentials. #19261, @gotjosh - MySQL, Postgres, MSSQL: Fix validating query with template variables in alert . #19237, @marefr - MySQL, Postgres: Update raw sql when query builder updates. #19209, @marefr - MySQL: Limit datasource error details returned from the backend. #19373, @marefr - Changes from 6.4.0 Beta 1 * Features / Enhancements - API: Readonly datasources should not be created via the API. #19006, @papagian - Alerting: Include configured AlertRuleTags in Webhooks notifier. #18233, @dominic-miglar - Annotations: Add annotations support to Loki. #18949, @aocenas - Annotations: Use a single row to represent a region. #17673, @ryantxu - Auth: Allow inviting existing users when login form is disabled. #19048, @548017 - Azure Monitor: Add support for cross resource queries. #19115, @sunker - CLI: Allow installing custom binary plugins. #17551, @aocenas - Dashboard: Adds Logs Panel (alpha) as visualization option for Dashboards. #18641, @hugohaggmark - Dashboard: Reuse query results between panels . #16660, @ryantxu - Dashboard: Set time to to 23:59:59 when setting To time using calendar. #18595, @simPod - DataLinks: Add DataLinks support to Gauge, BarGauge and SingleStat2 panel. #18605, @ryantxu - DataLinks: Enable access to labels & field names. #18918, @torkelo - DataLinks: Enable multiple data links per panel. #18434, @dprokop - Docker: switch docker image to alpine base with phantomjs support. #18468, @DanCech - Elasticsearch: allow templating queries to order by doc_count. #18870, @hackery - Explore: Add throttling when doing live queries. #19085, @aocenas - Explore: Adds ability to go back to dashboard, optionally with query changes. #17982, @kaydelaney - Explore: Reduce default time range to last hour. #18212, @davkal - Gauge/BarGauge: Support decimals for min/max. #18368, @ryantxu - Graph: New series override transform constant that renders a single point as a line across the whole graph. #19102, @davkal - Image rendering: Add deprecation warning when PhantomJS is used for rendering images. #18933, @papagian - InfluxDB: Enable interpolation within ad-hoc filter values. #18077, @kvc-code - LDAP: Allow an user to be synchronized against LDAP. #18976, @gotjosh - Ldap: Add ldap debug page. #18759, @peterholmberg - Loki: Remove prefetching of default label values. #18213, @davkal - Metrics: Add failed alert notifications metric. #18089, @koorgoo - OAuth: Support JMES path lookup when retrieving user email. #14683, @bobmshannon - OAuth: return GitLab groups as a part of user info (enable team sync). #18388, @alexanderzobnin - Panels: Add unit for electrical charge - ampere-hour. #18950, @anirudh-ramesh - Plugin: AzureMonitor - Reapply MetricNamespace support. #17282, @raphaelquati - Plugins: better warning when plugins fail to load. #18671, @ryantxu - Postgres: Add support for scram sha 256 authentication. #18397, @nonamef - RemoteCache: Support SSL with Redis. #18511, @kylebrandt - SingleStat: The gauge option in now disabled/hidden (unless it's an old panel with it already enabled) . #18610, @ryantxu - Stackdriver: Add extra alignment period options. #18909, @sunker - Units: Add South African Rand (ZAR) to currencies. #18893, @jeteon - Units: Adding T,P,E,Z,and Y bytes. #18706, @chiqomar * Bug Fixes - Alerting: Notification is sent when state changes from no_data to ok. #18920, @papagian - Alerting: fix duplicate alert states when the alert fails to save to the database. #18216, @kylebrandt - Alerting: fix response popover prompt when add notification channels. #18967, @lzdw - CloudWatch: Fix alerting for queries with Id (using GetMetricData). #17899, @alex-berger - Explore: Fix auto completion on label values for Loki. #18988, @aocenas - Explore: Fixes crash using back button with a zoomed in graph. #19122, @hugohaggmark - Explore: Fixes so queries in Explore are only run if Graph/Table is shown. #19000, @hugohaggmark - MSSQL: Change connectionstring to URL format to fix using passwords with semicolon. #18384, @Russiancold - MSSQL: Fix memory leak when debug enabled. #19049, @briangann - Provisioning: Allow escaping literal '$' with '$$' in configs to avoid interpolation. #18045, @kylebrandt - TimePicker: Fixes hiding time picker dropdown in FireFox. #19154, @hugohaggmark * Breaking changes + Annotations There are some breaking changes in the annotations HTTP API for region annotations. Region annotations are now represented using a single event instead of two seperate events. Check breaking changes in HTTP API below and HTTP API documentation for more details. + Docker Grafana is now using Alpine 3.10 as docker base image. + HTTP API - GET /api/alert-notifications now requires at least editor access. New /api/alert-notifications/lookup returns less information than /api/alert-notifications and can be access by any authenticated user. - GET /api/alert-notifiers now requires at least editor access - GET /api/org/users now requires org admin role. New /api/org/users/lookup returns less information than /api/org/users and can be access by users that are org admins, admin in any folder or admin of any team. - GET /api/annotations no longer returns regionId property. - POST /api/annotations no longer supports isRegion property. - PUT /api/annotations/:id no longer supports isRegion property. - PATCH /api/annotations/:id no longer supports isRegion property. - DELETE /api/annotations/region/:id has been removed. * Deprecation notes + PhantomJS - PhantomJS, which is used for rendering images of dashboards and panels, is deprecated and will be removed in a future Grafana release. A deprecation warning will from now on be logged when Grafana starts up if PhantomJS is in use. Please consider migrating from PhantomJS to the Grafana Image Renderer plugin. - Changes from 6.3.6 * Features / Enhancements - Metrics: Adds setting for turning off total stats metrics. #19142, @marefr * Bug Fixes - Database: Rewrite system statistics query to perform better. #19178, @papagian - Explore: Fixes error when switching from prometheus to loki data sources. #18599, @kaydelaney - Rebase package spec. Use mostly from fedora, fix suse specified things and fix some errors. - Add missing directories provisioning/datasources and provisioning/notifiers and sample.yaml as described in packaging/rpm/control from upstream. Missing directories are shown in logfiles. - Version 6.3.5 * Upgrades + Build: Upgrade to go 1.12.9. * Bug Fixes + Dashboard: Fixes dashboards init failed loading error for dashboards with panel links that had missing properties. + Editor: Fixes issue where only entire lines were being copied. + Explore: Fixes query field layout in splitted view for Safari browsers. + LDAP: multildap + ldap integration. + Profile/UserAdmin: Fix for user agent parser crashes grafana-server on 32-bit builds. + Prometheus: Prevents panel editor crash when switching to Prometheus datasource. + Prometheus: Changes brace-insertion behavior to be less annoying. - Version 6.3.4 * Security: CVE-2019-15043 - Parts of the HTTP API allow unauthenticated use. - Version 6.3.3 * Bug Fixes + Annotations: Fix failing annotation query when time series query is cancelled. #18532 1, @dprokop 1 + Auth: Do not set SameSite cookie attribute if cookie_samesite is none. #18462 1, @papagian 3 + DataLinks: Apply scoped variables to data links correctly. #18454 1, @dprokop 1 + DataLinks: Respect timezone when displaying datapoint’s timestamp in graph context menu. #18461 2, @dprokop 1 + DataLinks: Use datapoint timestamp correctly when interpolating variables. #18459 1, @dprokop 1 + Explore: Fix loading error for empty queries. #18488 1, @davkal + Graph: Fixes legend issue clicking on series line icon and issue with horizontal scrollbar being visible on windows. #18563 1, @torkelo 2 + Graphite: Avoid glob of single-value array variables . #18420, @gotjosh + Prometheus: Fix queries with label_replace remove the $1 match when loading query editor. #18480 5, @hugohaggmark 3 + Prometheus: More consistently allows for multi-line queries in editor. #18362 2, @kaydelaney 2 + TimeSeries: Assume values are all numbers. #18540 4, @ryantxu - Version 6.3.2 * Bug Fixes + Gauge/BarGauge: Fixes issue with losts thresholds and issue loading Gauge with avg stat. #18375 12 - Version 6.3.1 * Bug Fixes + PanelLinks: Fix crash issue Gauge & Bar Gauge for panels with panel links (drill down links). #18430 2 - Version 6.3.0 * Features / Enhancements + OAuth: Do not set SameSite OAuth cookie if cookie_samesite is None. #18392 4, @papagian 3 + Auth Proxy: Include additional headers as part of the cache key. #18298 6, @gotjosh + Build grafana images consistently. #18224 12, @hassanfarid + Docs: SAML. #18069 11, @gotjosh + Permissions: Show plugins in nav for non admin users but hide plugin configuration. #18234 1, @aocenas + TimePicker: Increase max height of quick range dropdown. #18247 2, @torkelo 2 + Alerting: Add tags to alert rules. #10989 13, @Thib17 1 + Alerting: Attempt to send email notifications to all given email addresses. #16881 1, @zhulongcheng + Alerting: Improve alert rule testing. #16286 2, @marefr + Alerting: Support for configuring content field for Discord alert notifier. #17017 2, @jan25 + Alertmanager: Replace illegal chars with underscore in label names. #17002 5, @bergquist 1 + Auth: Allow expiration of API keys. #17678, @papagian 3 + Auth: Return device, os and browser when listing user auth tokens in HTTP API. #17504, @shavonn 1 + Auth: Support list and revoke of user auth tokens in UI. #17434 2, @shavonn 1 + AzureMonitor: change clashing built-in Grafana variables/macro names for Azure Logs. #17140, @shavonn 1 + CloudWatch: Made region visible for AWS Cloudwatch Expressions. #17243 2, @utkarshcmu + Cloudwatch: Add AWS DocDB metrics. #17241, @utkarshcmu + Dashboard: Use timezone dashboard setting when exporting to CSV. #18002 1, @dehrax + Data links. #17267 11, @torkelo 2 + Docker: Switch base image to ubuntu:latest from debian:stretch to avoid security issues… #17066 5, @bergquist 1 + Elasticsearch: Support for visualizing logs in Explore . #17605 7, @marefr + Explore: Adds Live option for supported datasources. #17062 1, @hugohaggmark 3 + Explore: Adds orgId to URL for sharing purposes. #17895 1, @kaydelaney 2 + Explore: Adds support for new loki ‘start’ and ‘end’ params for labels endpoint. #17512, @kaydelaney 2 + Explore: Adds support for toggling raw query mode in explore. #17870, @kaydelaney 2 + Explore: Allow switching between metrics and logs . #16959 2, @marefr + Explore: Combines the timestamp and local time columns into one. #17775, @hugohaggmark 3 + Explore: Display log lines context . #17097, @dprokop 1 + Explore: Don’t parse log levels if provided by field or label. #17180 1, @marefr + Explore: Improves performance of Logs element by limiting re-rendering. #17685, @kaydelaney 2 + Explore: Support for new LogQL filtering syntax. #16674 4, @davkal + Explore: Use new TimePicker from Grafana/UI. #17793, @hugohaggmark 3 + Explore: handle newlines in LogRow Highlighter. #17425, @rrfeng 1 + Graph: Added new fill gradient option. #17528 3, @torkelo 2 + GraphPanel: Don’t sort series when legend table & sort column is not visible . #17095, @shavonn 1 + InfluxDB: Support for visualizing logs in Explore. #17450 9, @hugohaggmark 3 + Logging: Login and Logout actions (#17760). #17883 1, @ATTron + Logging: Move log package to pkg/infra. #17023, @zhulongcheng + Metrics: Expose stats about roles as metrics. #17469 2, @bergquist 1 + MySQL/Postgres/MSSQL: Add parsing for day, weeks and year intervals in macros. #13086 6, @bernardd + MySQL: Add support for periodically reloading client certs. #14892, @tpetr + Plugins: replace dataFormats list with skipDataQuery flag in plugin.json. #16984, @ryantxu + Prometheus: Take timezone into account for step alignment. #17477, @fxmiii + Prometheus: Use overridden panel range for $__range instead of dashboard range. #17352, @patrick246 + Prometheus: added time range filter to series labels query. #16851 3, @FUSAKLA + Provisioning: Support folder that doesn’t exist yet in dashboard provisioning. #17407 1, @Nexucis + Refresh picker: Handle empty intervals. #17585 1, @dehrax + Singlestat: Add y min/max config to singlestat sparklines. #17527 4, @pitr + Snapshot: use given key and deleteKey. #16876, @zhulongcheng + Templating: Correctly display __text in multi-value variable after page reload. #17840 1, @EduardSergeev + Templating: Support selecting all filtered values of a multi-value variable. #16873 2, @r66ad + Tracing: allow propagation with Zipkin headers. #17009 4, @jrockway + Users: Disable users removed from LDAP. #16820 2, @alexanderzobnin * Bug Fixes + PanelLinks: Fix render issue when there is no panel description. #18408 3, @dehrax + OAuth: Fix “missing saved state” OAuth login failure due to SameSite cookie policy. #18332 1, @papagian 3 + cli: fix for recognizing when in dev mode… #18334, @xlson + DataLinks: Fixes incorrect interpolation of ${__series_name} . #18251 1, @torkelo 2 + Loki: Display live tailed logs in correct order in Explore. #18031 3, @kaydelaney 2 + PhantomJS: Fixes rendering on Debian Buster. #18162 2, @xlson + TimePicker: Fixed style issue for custom range popover. #18244, @torkelo 2 + Timerange: Fixes a bug where custom time ranges didn’t respect UTC. #18248 1, @kaydelaney 2 + remote_cache: Fix redis connstr parsing. #18204 1, @mblaschke + AddPanel: Fix issue when removing moved add panel widget . #17659 2, @dehrax + CLI: Fix encrypt-datasource-passwords fails with sql error. #18014, @marefr + Elasticsearch: Fix default max concurrent shard requests. #17770 4, @marefr + Explore: Fix browsing back to dashboard panel. #17061, @jschill + Explore: Fix filter by series level in logs graph. #17798, @marefr + Explore: Fix issues when loading and both graph/table are collapsed. #17113, @marefr + Explore: Fix selection/copy of log lines. #17121, @marefr + Fix: Wrap value of multi variable in array when coming from URL. #16992 1, @aocenas + Frontend: Fix for Json tree component not working. #17608, @srid12 + Graphite: Fix for issue with alias function being moved last. #17791, @torkelo 2 + Graphite: Fixes issue with seriesByTag & function with variable param. #17795, @torkelo 2 + Graphite: use POST for /metrics/find requests. #17814 2, @papagian 3 + HTTP Server: Serve Grafana with a custom URL path prefix. #17048 6, @jan25 + InfluxDB: Fixes single quotes are not escaped in label value filters. #17398 1, @Panzki + Prometheus: Correctly escape ‘|’ literals in interpolated PromQL variables. #16932, @Limess + Prometheus: Fix when adding label for metrics which contains colons in Explore. #16760, @tolwi + SinglestatPanel: Remove background color when value turns null. #17552 1, @druggieri - Make phantomjs dependency configurable - Create plugin directory and clean up (create in %install, add to %files) handling of /var/lib/grafana/* and mgr-cfg: - Remove commented code in test files - Replace spacewalk-usix with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) - Add mgr manpage links mgr-custom-info: - Bump version to 4.1.0 (bsc#1154940) mgr-daemon: - Bump version to 4.1.0 (bsc#1154940) - Fix systemd timer configuration on SLE12 (bsc#1142038) mgr-osad: - Separate osa-dispatcher and jabberd so it can be disabled independently - Replace spacewalk-usix with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) - Move /usr/share/rhn/config-defaults to uyuni-base-common - Require uyuni-base-common for /etc/rhn (for osa-dispatcher) - Ensure bytes type when using hashlib to avoid traceback (bsc#1138822) mgr-push: - Replace spacewalk-usix and spacewalk-backend-libs with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) mgr-virtualization: - Replace spacewalk-usix with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) - Fix mgr-virtualization timer rhnlib: - Fix building - Fix malformed XML response when data contains non-ASCII chars (bsc#1154968) - Bump version to 4.1.0 (bsc#1154940) - Fix bootstrapping SLE11SP4 trad client with SSL enabled (bsc#1148177) spacecmd: - Only report real error, not result (bsc#1171687) - Use defined return values for spacecmd methods so scripts can check for failure (bsc#1171687) - Disable globbing for api subcommand to allow wildcards in filter settings (bsc#1163871) - Bugfix: attempt to purge SSM when it is empty (bsc#1155372) - Bump version to 4.1.0 (bsc#1154940) - Prevent error when piping stdout in Python 2 (bsc#1153090) - Java api expects content as encoded string instead of encoded bytes like before (bsc#1153277) - Enable building and installing for Ubuntu 16.04 and Ubuntu 18.04 - Add unit test for schedule, errata, user, utils, misc, configchannel and kickstart modules - Multiple minor bugfixes alongside the unit tests - Bugfix: referenced variable before assignment. - Add unit test for report, package, org, repo and group spacewalk-client-tools: - Add workaround for uptime overflow to spacewalk-update-status as well (bsc#1165921) - Spell correctly 'successful' and 'successfully' - Skip dmidecode data on aarch64 to prevent coredump (bsc#1113160) - Replace spacewalk-usix with uyuni-common-libs - Return a non-zero exit status on errors in rhn_check - Bump version to 4.1.0 (bsc#1154940) - Make a explicit requirement to systemd for spacewalk-client-tools when rhnsd timer is installed spacewalk-koan: - Bump version to 4.1.0 (bsc#1154940) - Require commands we use in merge-rd.sh spacewalk-oscap: - Bump version to 4.1.0 (bsc#1154940) spacewalk-remote-utils: - Update spacewalk-create-channel with RHEL 7.7 channel definitions - Bump version to 4.1.0 (bsc#1154940) supportutils-plugin-susemanager-client: - Bump version to 4.1.0 (bsc#1154940) suseRegisterInfo: - SuseRegisterInfo only needs perl-base, not full perl (bsc#1168310) - Bump version to 4.1.0 (bsc#1154940) zypp-plugin-spacewalk: - Prevent issue with non-ASCII characters in Python 2 systems (bsc#1172462) Moderate SUSE bug 1113160 SUSE bug 1134195 SUSE bug 1138822 SUSE bug 1141661 SUSE bug 1142038 SUSE bug 1143913 SUSE bug 1148177 SUSE bug 1153090 SUSE bug 1153277 SUSE bug 1154940 SUSE bug 1154968 SUSE bug 1155372 SUSE bug 1163871 SUSE bug 1165921 SUSE bug 1168310 SUSE bug 1170231 SUSE bug 1170557 SUSE bug 1171687 SUSE bug 1172462 CVE-2019-10215 CVE-2019-15043 CVE-2020-12245 CVE-2020-13379 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for xrdp fixes the following issues: - Security fixes (bsc#1173580, CVE-2020-4044): + Add patches: * xrdp-cve-2020-4044-fix-0.patch * xrdp-cve-2020-4044-fix-1.patch + Rebase SLE patch: * xrdp-fate318398-change-expired-password.patch - Update patch: + xrdp-Allow-sessions-with-32-bpp.patch.patch Important SUSE bug 1173580 CVE-2020-4044 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for tomcat fixes the following issues: - Fixed CVEs: * CVE-2020-13934 (bsc#1174121) * CVE-2020-13935 (bsc#1174117) Important SUSE bug 1174117 SUSE bug 1174121 CVE-2020-13934 CVE-2020-13935 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for mailman fixes the following issues: - CVE-2020-15011: Fixed a possible Arbitrary Content Injection via the private archive login page (bsc#1173369). Important SUSE bug 1173369 CVE-2020-15011 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for samba fixes the following issues: - CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU (bsc#1173160). Moderate SUSE bug 1173160 CVE-2020-10745 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for webkit2gtk3 fixes the following issues: - Update to version 2.28.3 (bsc#1173998): + Enable kinetic scrolling with async scrolling. + Fix web process hangs on large GitHub pages. + Bubblewrap sandbox should not attempt to bind empty paths. + Fix threading issues in the media player. + Fix several crashes and rendering issues. + Security fixes: CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-13753. Important SUSE bug 1173998 CVE-2020-13753 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for grub2 fixes the following issues: - Fix for CVE-2020-10713 (bsc#1168994) - Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812) - Fix for CVE-2020-15706 (bsc#1174463) - Fix for CVE-2020-15707 (bsc#1174570) - Use overflow checking primitives where the arithmetic expression for buffer allocations may include unvalidated data - Use grub_calloc for overflow check and return NULL when it would occur - Use gcc-9 compiler for overflow check builtins - Backport gcc-9 build fixes Important SUSE bug 1168994 SUSE bug 1173812 SUSE bug 1174463 SUSE bug 1174570 CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15706 CVE-2020-15707 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for ghostscript fixes the following issues: - fixed CVE-2020-15900 Memory Corruption (SAFER Sandbox Breakout) cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582 (bsc#1174415) Important SUSE bug 1174415 CVE-2020-15900 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.1.0 ESR * Fixed: Various stability, functionality, and security fixes (bsc#1174538) * CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker * CVE-2020-6514: WebRTC data channel leaks internal address to peer * CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy * CVE-2020-15653: Bypassing iframe sandbox when allowing popups * CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture * CVE-2020-15656: Type confusion for special arguments in IonMonkey * CVE-2020-15658: Overriding file type when saving to disk * CVE-2020-15657: DLL hijacking due to incorrect loading path * CVE-2020-15654: Custom cursor can overlay user interface * CVE-2020-15659: Memory safety bugs fixed in Firefox 79 and Firefox ESR 78.1 Moderate SUSE bug 1173948 SUSE bug 1174538 CVE-2020-15652 CVE-2020-15653 CVE-2020-15654 CVE-2020-15655 CVE-2020-15656 CVE-2020-15657 CVE-2020-15658 CVE-2020-15659 CVE-2020-6463 CVE-2020-6514 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628) Important SUSE bug 1174628 CVE-2020-14344 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c where incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bnc#1173567). - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573). - CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770 (bnc#1173514). - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c had a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2019-16746: net/wireless/nl80211.c did not check the length of variable elements in a beacon head, leading to a buffer overflow (bnc#1152107). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265). - CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999). - CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-10768: Indirect branch speculation could have been enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (bnc#1172783). - CVE-2020-10766: Fixed Rogue cross-process SSBD shutdown, where a Linux scheduler logical bug allows an attacker to turn off the SSBD protection. (bnc#1172781). - CVE-2020-10767: Indirect Branch Prediction Barrier was force-disabled when STIBP is unavailable or enhanced IBRS is available. (bnc#1172782). - CVE-2020-13974: drivers/tty/vt/keyboard.c had an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. (bnc#1172775). - CVE-2019-20810: go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel did not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586 (bnc#1172458). The following non-security bugs were fixed: - ACPI: PM: Avoid using power resources if there are none for D0 (bsc#1051510). - ALSA: es1688: Add the missed snd_card_free() (bsc#1051510). - bcache: Fix an error code in bch_dump_read() (git fixes (block drivers)). - block, bfq: add requeue-request hook (bsc#1104967 bsc#1171673). - block, bfq: postpone rq preparation to insert or merge (bsc#1104967 bsc#1171673). - block: remove QUEUE_FLAG_STACKABLE (git fixes (block drivers)). - block: sed-opal: fix sparse warning: convert __be64 data (git fixes (block drivers)). - btrfs: always wait on ordered extents at fsync time (bsc#1171761). - btrfs: clean up the left over logged_list usage (bsc#1171761). - btrfs: do not zero f_bavail if we have available space (bsc#1168081). - btrfs: fix list_add corruption and soft lockups in fsync (bsc#1171761). - btrfs: fix missing data checksums after a ranged fsync (msync) (bsc#1171761). - btrfs: fix missing file extent item for hole after ranged fsync (bsc#1171761). - btrfs: fix missing hole after hole punching and fsync when using NO_HOLES (bsc#1171761). - btrfs: fix missing semaphore unlock in btrfs_sync_file (bsc#1171761). - btrfs: fix rare chances for data loss when doing a fast fsync (bsc#1171761). - btrfs: Remove extra parentheses from condition in copy_items() (bsc#1171761). - btrfs: remove no longer used io_err from btrfs_log_ctx (bsc#1171761). - btrfs: remove no longer used logged range variables when logging extents (bsc#1171761). - btrfs: remove no longer used 'sync' member from transaction handle (bsc#1171761). - btrfs: remove remaing full_sync logic from btrfs_sync_file (bsc#1171761). - btrfs: remove the logged extents infrastructure (bsc#1171761). - btrfs: remove the wait ordered logic in the log_one_extent path (bsc#1171761). - btrfs: volumes: Remove ENOSPC-prone btrfs_can_relocate() (bsc#1171124). - CDC-ACM: heed quirk also in error handling (git-fixes). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1144333). - cifs: handle hostnames that resolve to same ip in failover (bsc#1144333 bsc#1161016). - cifs: set up next DFS target before generic_ip_connect() (bsc#1144333 bsc#1161016). - clk: bcm2835: Fix return type of bcm2835_register_gate (bsc#1051510). - clk: clk-flexgen: fix clock-critical handling (bsc#1051510). - clk: sunxi: Fix incorrect usage of round_down() (bsc#1051510). - compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE (git fixes (block drivers)). - compat_ioctl: block: handle Persistent Reservations (git fixes (block drivers)). - copy_{to,from}_user(): consolidate object size checks (git fixes). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes). - dm btree: increase rebalance threshold in __rebalance2() (git fixes (block drivers)). - dm cache: fix a crash due to incorrect work item cancelling (git fixes (block drivers)). - dm crypt: fix benbi IV constructor crash if used in authenticated mode (git fixes (block drivers)). - dm: fix potential for q->make_request_fn NULL pointer (git fixes (block drivers)). - dm space map common: fix to ensure new block isn't already in use (git fixes (block drivers)). - dm: various cleanups to md->queue initialization code (git fixes). - dm verity fec: fix hash block number in verity_fec_decode (git fixes (block drivers)). - dm verity fec: fix memory leak in verity_fec_dtr (git fixes (block drivers)). - Drivers: hv: Change flag to write log level in panic msg to false (bsc#1170618). - drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static (bsc#1051510). - drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1152472) * context changes - drm: encoder_slave: fix refcouting error for modules (bsc#1114279) - drm/mediatek: Check plane visibility in atomic_update (bsc#1152472) * context changes - drm/qxl: Use correct notify port address when creating cursor ring (bsc#1152472) - drm/radeon: fix double free (bsc#1152472) - drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1152472) - e1000e: Disable TSO for buffer overrun workaround (bsc#1051510). - e1000e: Do not wake up the system via WOL if device wakeup is disabled (bsc#1051510). - EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1114279). - evm: Check also if *tfm is an error pointer in init_desc() (bsc#1051510). - evm: Fix a small race in init_desc() (bsc#1051510). - extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' (bsc#1051510). - gpiolib: Document that GPIO line names are not globally unique (bsc#1051510). - HID: sony: Fix for broken buttons on DS3 USB dongles (bsc#1051510). - ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - iio: buffer: Do not allow buffers without any channels enabled to be activated (bsc#1051510). - iio: pressure: bmp280: Tolerate IRQ before registering (bsc#1051510). - ima: Directly assign the ima_default_policy pointer to ima_rules (bsc#1051510). - ima: Fix ima digest hash table key calculation (bsc#1051510). - include/asm-generic/topology.h: guard cpumask_of_node() macro argument (bsc#1148868). - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - KVM: nVMX: Do not reread VMCS-agnostic state when switching VMCS (bsc#1114279). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1114279). - kvm: x86: Fix L1TF mitigation for shadow MMU (bsc#1171904). - KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated (bsc#1171904). - KVM: x86: only do L1TF workaround on affected processors (bsc#1171904). - libceph: do not omit recovery_deletes in target_copy() (bsc#1173462). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - md: Avoid namespace collision with bitmap API (git fixes (block drivers)). - md: use memalloc scope APIs in mddev_suspend()/mddev_resume() (git fixes (block drivers)). - mmc: fix compilation of user API (bsc#1051510). - netfilter: connlabels: prefer static lock initialiser (git-fixes). - netfilter: ctnetlink: netns exit must wait for callbacks (bsc#1169795). - netfilter: not mark a spinlock as __read_mostly (git-fixes). - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484). - NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid() (bsc#1170592). - NFSv4: Retry CLOSE and DELEGRETURN on NFS4ERR_OLD_STATEID (bsc#1170592). - nvme: check for NVME_CTRL_LIVE in nvme_report_ns_ids() (bcs#1171558 bsc#1159058). - nvme: do not update multipath disk information if the controller is down (bcs#1171558 bsc#1159058). - objtool: Clean instruction state before each function validation (bsc#1169514). - objtool: Ignore empty alternatives (bsc#1169514). - overflow: Fix -Wtype-limits compilation warnings (git fixes). - overflow.h: Add arithmetic shift helper (git fixes). - p54usb: add AirVasT USB stick device-id (bsc#1051510). - PCI: Allow pci_resize_resource() for devices on root bus (bsc#1051510). - PCI: Fix pci_register_host_bridge() device_register() error handling (bsc#1051510). - PCI: Program MPS for RCiEP devices (bsc#1051510). - PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port (bsc#1051510). - perf: Allocate context task_ctx_data for child event (git-fixes). - perf/cgroup: Fix perf cgroup hierarchy support (git-fixes). - perf: Copy parent's address filter offsets on clone (git-fixes). - perf/core: Add sanity check to deal with pinned event failure (git-fixes). - perf/core: Avoid freeing static PMU contexts when PMU is unregistered (git-fixes). - perf/core: Correct event creation with PERF_FORMAT_GROUP (git-fixes). - perf/core: Do not WARN() for impossible ring-buffer sizes (git-fixes). - perf/core: Fix bad use of igrab() (git fixes (dependent patch)). - perf/core: Fix crash when using HW tracing kernel filters (git-fixes). - perf/core: Fix ctx_event_type in ctx_resched() (git-fixes). - perf/core: Fix error handling in perf_event_alloc() (git-fixes). - perf/core: Fix exclusive events' grouping (git-fixes). - perf/core: Fix group scheduling with mixed hw and sw events (git-fixes). - perf/core: Fix impossible ring-buffer sizes warning (git-fixes). - perf/core: Fix locking for children siblings group read (git-fixes). - perf/core: Fix lock inversion between perf,trace,cpuhp (git-fixes (dependent patch for 18736eef1213)). - perf/core: Fix perf_event_read_value() locking (git-fixes). - perf/core: Fix perf_pmu_unregister() locking (git-fixes). - perf/core: Fix __perf_read_group_add() locking (git-fixes (dependent patch)). - perf/core: Fix perf_sample_regs_user() mm check (git-fixes). - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages (git-fixes). - perf/core: Fix race between close() and fork() (git-fixes). - perf/core: Fix the address filtering fix (git-fixes). - perf/core: Fix use-after-free in uprobe_perf_close() (git-fixes). - perf/core: Force USER_DS when recording user stack data (git-fixes). - perf/core: Restore mmap record type correctly (git-fixes). - perf: Fix header.size for namespace events (git-fixes). - perf/ioctl: Add check for the sample_period value (git-fixes). - perf, pt, coresight: Fix address filters for vmas with non-zero offset (git-fixes). - perf: Return proper values for user stack errors (git-fixes). - perf/x86/amd: Constrain Large Increment per Cycle events (git-fixes). - perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity (git-fixes). - perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops (git-fixes). - perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) (git-fixes). - perf/x86/amd/iommu: Make the 'amd_iommu_attr_groups' symbol static (git-fixes). - perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs (git-fixes stable). - perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs (git-fixes). - perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events (git-fixes stable). - perf/x86: Enable free running PEBS for REGS_USER/INTR (git-fixes). - perf/x86: Fix incorrect PEBS_REGS (git-fixes). - perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts() (git-fixes). - perf/x86/intel: Add proper condition to run sched_task callbacks (git-fixes). - perf/x86/intel/bts: Fix the use of page_private() (git-fixes). - perf/x86/intel: Fix PT PMI handling (git-fixes). - perf/x86/intel: Move branch tracing setup to the Intel-specific source file (git-fixes). - perf/x86/intel/uncore: Add Node ID mask (git-fixes). - perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX (git-fixes). - perf/x86/pt, coresight: Clean up address filter structure (git fixes (dependent patch)). - perf/x86/uncore: Fix event group support (git-fixes). - pid: Improve the comment about waiting in zap_pid_ns_processes (git fixes)). - pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' (bsc#1051510). - pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' (bsc#1051510). - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs (bsc#1051510). - pnp: Use list_for_each_entry() instead of open coding (git fixes). - powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729). - powerpc/64s: Save FSCR to init_task.thread.fscr after feature init (bsc#1065729). - powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030). - power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select (bsc#1051510). - power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' (bsc#1051510). - power: supply: smb347-charger: IRQSTAT_D is volatile (bsc#1051510). - raid5: remove gfp flags from scribble_alloc() (git fixes (block drivers)). - resolve KABI warning for perf-pt-coresight (git-fixes). - Revert 'bcache: ignore pending signals when creating gc and allocator thread' (git fixes (block drivers)). - Revert 'dm crypt: use WQ_HIGHPRI for the IO and crypt workqueues' (git fixes (block drivers)). - Revert 'tools lib traceevent: Remove unneeded qsort and uses memmove' - rpm/kernel-docs.spec.in: Require python-packaging for build. - s390/bpf: Maintain 8-byte stack alignment (bsc#1169194). - s390: fix syscall_get_error for compat processes (git-fixes). - s390/qdio: consistently restore the IRQ handler (git-fixes). - s390/qdio: lock device while installing IRQ handler (git-fixes). - s390/qdio: put thinint indicator after early error (git-fixes). - s390/qdio: tear down thinint indicator after early error (git-fixes). - s390/qeth: fix error handling for isolation mode cmds (git-fixes). - scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM (bsc#1172759 ltc#184814). - scsi: qedf: Add port_id getter (bsc#1150660). - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983). - spi: dw: use 'smp_mb()' to avoid sending spi data error (bsc#1051510). - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (bsc#1051510). - staging: sm750fb: add missing case while setting FB_VISUAL (bsc#1051510). - SUNRPC: The TCP back channel mustn't disappear while requests are outstanding (bsc#1152624). - tracing: Fix event trigger to accept redundant spaces (git-fixes). - tty: n_gsm: Fix bogus i++ in gsm_data_kick (bsc#1051510). - tty: n_gsm: Fix SOF skipping (bsc#1051510). - tty: n_gsm: Fix waking up upper tty layer when room available (bsc#1051510). - usb: dwc2: gadget: move gadget resume after the core is in L0 state (bsc#1051510). - usb: gadget: lpc32xx_udc: do not dereference ep pointer before null check (bsc#1051510). - usb: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke (bsc#1051510). - usb: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() (bsc#1051510). - usb: musb: Fix runtime PM imbalance on error (bsc#1051510). - usb: musb: start session in resume for host port (bsc#1051510). - usb: serial: option: add Telit LE910C1-EUX compositions (bsc#1051510). - usb: serial: qcserial: add DW5816e QDL support (bsc#1051510). - usb: serial: usb_wwan: do not resubmit rx urb on fatal errors (bsc#1051510). - usb: serial: usb_wwan: do not resubmit rx urb on fatal errors (git-fixes). - virtio-blk: handle block_device_operations callbacks after hot unplug (git fixes (block drivers)). - vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484). - vmxnet3: add support to get/set rx flow hash (bsc#1172484). - vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484). - vmxnet3: avoid format strint overflow warning (bsc#1172484). - vmxnet3: prepare for version 4 changes (bsc#1172484). - vmxnet3: Remove always false conditional statement (bsc#1172484). - vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1172484). - vmxnet3: remove unused flag 'rxcsum' from struct vmxnet3_adapter (bsc#1172484). - vmxnet3: Replace msleep(1) with usleep_range() (bsc#1172484). - vmxnet3: update to version 4 (bsc#1172484). - vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484). - w1: omap-hdq: cleanup to add missing newline for some dev_dbg (bsc#1051510). - work around mvfs bug (bsc#1162063). - x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1114279). - x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS (git-fixes). - x86: Fix early boot crash on gcc-10, third try (bsc#1114279). - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1172257). - x86/reboot/quirks: Add MacBook6,1 reboot quirk (bsc#1114279). - xfrm: fix error in comment (git fixes). Important SUSE bug 1051510 SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1085030 SUSE bug 1104967 SUSE bug 1114279 SUSE bug 1144333 SUSE bug 1148868 SUSE bug 1150660 SUSE bug 1152107 SUSE bug 1152472 SUSE bug 1152624 SUSE bug 1158983 SUSE bug 1159058 SUSE bug 1161016 SUSE bug 1162002 SUSE bug 1162063 SUSE bug 1168081 SUSE bug 1169194 SUSE bug 1169514 SUSE bug 1169795 SUSE bug 1170011 SUSE bug 1170592 SUSE bug 1170618 SUSE bug 1171124 SUSE bug 1171424 SUSE bug 1171558 SUSE bug 1171673 SUSE bug 1171732 SUSE bug 1171761 SUSE bug 1171868 SUSE bug 1171904 SUSE bug 1172257 SUSE bug 1172344 SUSE bug 1172458 SUSE bug 1172484 SUSE bug 1172759 SUSE bug 1172775 SUSE bug 1172781 SUSE bug 1172782 SUSE bug 1172783 SUSE bug 1172999 SUSE bug 1173265 SUSE bug 1173280 SUSE bug 1173428 SUSE bug 1173462 SUSE bug 1173514 SUSE bug 1173567 SUSE bug 1173573 SUSE bug 1174115 SUSE bug 1174462 SUSE bug 1174543 CVE-2019-16746 CVE-2019-20810 CVE-2019-20908 CVE-2020-0305 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10769 CVE-2020-10773 CVE-2020-12771 CVE-2020-12888 CVE-2020-13974 CVE-2020-14416 CVE-2020-15393 CVE-2020-15780 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for xen fixes the following issues: - bsc#1174543 - secure boot related fixes - bsc#1163019 - CVE-2020-8608: Potential OOB access due to unsafe snprintf() usages Important SUSE bug 1163019 SUSE bug 1174543 CVE-2020-8608 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for python-ipaddress fixes the following issues: - Add CVE-2020-14422-ipaddress-hash-collision.patch fixing CVE-2020-14422 (bsc#1173274, bpo#41004), where hash collisions in IPv4Interface and IPv6Interface could lead to DOS. Important SUSE bug 1173274 CVE-2020-14422 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for LibVNCServer fixes the following issues: - security update fix CVE-2018-21247 [bsc#1173874], uninitialized memory contents are vulnerable to Information leak fix CVE-2019-20839 [bsc#1173875], buffer overflow in ConnectClientToUnixSock() fix CVE-2019-20840 [bsc#1173876], unaligned accesses in hybiReadAndDecode can lead to denial of service fix CVE-2020-14398 [bsc#1173880], improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c fix CVE-2020-14397 [bsc#1173700], NULL pointer dereference in libvncserver/rfbregion.c fix CVE-2020-14399 [bsc#1173743], Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. fix CVE-2020-14400 [bsc#1173691], Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. fix CVE-2020-14401 [bsc#1173694], potential integer overflows in libvncserver/scale.c fix CVE-2020-14402 [bsc#1173701], out-of-bounds access via encodings. fix CVE-2020-14403 [bsc#1173701], out-of-bounds access via encodings. fix CVE-2020-14404 [bsc#1173701], out-of-bounds access via encodings. fix CVE-2017-18922 [bsc#1173477], preauth buffer overwrite Important SUSE bug 1173477 SUSE bug 1173691 SUSE bug 1173694 SUSE bug 1173700 SUSE bug 1173701 SUSE bug 1173743 SUSE bug 1173874 SUSE bug 1173875 SUSE bug 1173876 SUSE bug 1173880 CVE-2017-18922 CVE-2018-21247 CVE-2019-20839 CVE-2019-20840 CVE-2020-14397 CVE-2020-14398 CVE-2020-14399 CVE-2020-14400 CVE-2020-14401 CVE-2020-14402 CVE-2020-14403 CVE-2020-14404 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628). Important SUSE bug 1174628 CVE-2020-14344 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for xerces-c fixes the following issues: - CVE-2017-12627: Processing of external DTD paths could have resulted in a null pointer dereference under certain conditions (bsc#1083630) Moderate SUSE bug 1083630 CVE-2017-12627 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for webkit2gtk3 fixes the following issues: - Update to version 2.28.4 (bsc#1174662): + Fix several crashes and rendering issues. + Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925. Important SUSE bug 1174662 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for dovecot22 fixes the following issues: - CVE-2020-12673: improper implementation of NTLM does not check message buffer size (bsc#1174922). - CVE-2020-12674: improper implementation of RPA mechanism (bsc#1174923). Important SUSE bug 1174922 SUSE bug 1174923 CVE-2020-12673 CVE-2020-12674 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for grub2 fixes the following issues: - CVE-2020-15705: Fail kernel validation without shim protocol (bsc#1174421). - Add fibre channel device's ofpath support to grub-ofpathname and search hint to speed up root device discovery (bsc#1172745). Important SUSE bug 1172745 SUSE bug 1174421 CVE-2020-15705 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for xorg-x11-server fixes the following issues: - CVE-2020-14347: Leak of uninitialized heap memory from the X server to clients on pixmap allocation (bsc#1174633, ZDI-CAN-11426). - CVE-2020-14346: XIChangeHierarchy Integer Underflow Privilege Escalation Vulnerability (bsc#1174638, ZDI-CAN-11429). - CVE-2020-14345: XKB out-of-bounds access privilege escalation vulnerability (bsc#1174635, ZDI-CAN-11428). Important SUSE bug 1174633 SUSE bug 1174635 SUSE bug 1174638 CVE-2020-14345 CVE-2020-14346 CVE-2020-14347 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for xorg-x11-server fixes the following issues: - CVE-2020-14361: Fix XkbSelectEvents() integer underflow (bsc#1174910 ZDI-CAN-11573). - CVE-2020-14362: Fix XRecordRegisterClients() Integer underflow (bsc#1174913 ZDI-CAN-11574). Important SUSE bug 1174910 SUSE bug 1174913 CVE-2020-14361 CVE-2020-14362 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for apache2 fixes the following issues: - CVE-2020-9490: Fixed a crash caused by a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request (bsc#1175071). - CVE-2020-11985: IP address spoofing when proxying using mod_remoteip and mod_rewrite (bsc#1175072). - CVE-2020-11993: When trace/debug was enabled for the HTTP/2 module logging statements were made on the wrong connection (bsc#1175070). Moderate SUSE bug 1175070 SUSE bug 1175071 SUSE bug 1175072 CVE-2020-11985 CVE-2020-11993 CVE-2020-9490 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 15 [bsc#1175259, bsc#1174157] CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14556 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583 CVE-2019-17639 * Class Libraries: - JAVA.UTIL.ZIP.DEFLATER OPERATIONS THROW JAVA.LANG.INTERNALERROR - JAVA 8 DECODER OBJECTS CONSUME A LARGE AMOUNT OF JAVA HEAP - TRANSLATION MESSAGES UPDATE FOR JCL - UPDATE TIMEZONE INFORMATION TO TZDATA2020A * Java Virtual Machine: - IBM JAVA REGISTERS A HANDLER BY DEFAULT FOR SIGABRT - LARGE MEMORY FOOTPRINT HELD BY TRACECONTEXT OBJECT * JIT Compiler: - CRASH IN THE INTERPRETER AFTER OSR FROM INLINED SYNCHRONIZED METHOD IN DEBUGGING MODE - INTERMITTENT ASSERTION FAILURE REPORTED - CRASH IN RESOLVECLASSREF() DURING AOT LOAD - JIT CRASH DURING CLASS UNLOADING IN J9METHOD_HT::ONCLASSUNLOADING() - SEGMENTATION FAULT WHILE COMPILING A METHOD - UNEXPECTED CLASSCASTEXCEPTION THROWN IN HIGH LEVEL PARALLEL APPLICATION ON IBM Z PLATFORM * Security: - CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO NON DEFAULT VALUE - CHANGES TO IBMJCE AND IBMJCEPLUS PROVIDERS - IBMJCEPLUS FAILS, WHEN THE SECURITY MANAGER IS ENABLED, WITH DEFAULT PERMISSIONS, SPECIFIED IN JAVA.POLICY FILE - IN CERTAIN INSTANCES, IBMJCEPLUS PROVIDER THROWS EXCEPTION FROM KEYFACTORY CLASS Moderate SUSE bug 1174157 SUSE bug 1175259 CVE-2019-17639 CVE-2020-14556 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for squid fixes the following issues: - CVE-2020-24606: Fix livelocking in peerDigestHandleReply (bsc#1175671). - CVE-2020-15811: Improve Transfer-Encoding handling (bsc#1175665). - CVE-2020-15810: Enforce token characters for field-name (bsc#1175664). Critical SUSE bug 1175664 SUSE bug 1175665 SUSE bug 1175671 CVE-2020-15810 CVE-2020-15811 CVE-2020-24606 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for libX11 fixes the following issues: - CVE-2020-14363: Fix an integer overflow in init_om() (bsc#1175239). Moderate SUSE bug 1175239 CVE-2020-14363 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 4 Fix Pack 70 [bsc#1175259, bsc#1174157] CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583 CVE-2019-17639 * Class Libraries: - UPDATE TIMEZONE INFORMATION TO TZDATA2020A * Security: - CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO NON DEFAULT VALUE Moderate SUSE bug 1174157 SUSE bug 1175259 CVE-2019-17639 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.2.0 ESR * Fixed: Various stability, functionality, and security fixes - Mozilla Firefox ESR 78.2 MFSA 2020-38 (bsc#1175686) * CVE-2020-15663 (bmo#1643199) Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege * CVE-2020-15664 (bmo#1658214) Attacker-induced prompt for extension installation * CVE-2020-15670 (bmo#1651001, bmo#1651449, bmo#1653626, bmo#1656957) Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2 - Fixed Firefox tab crash in FIPS mode (bsc#1174284). - Fix broken translation-loading. (bsc#1173991) * allow addon sideloading * mark signatures for langpacks non-mandatory * do not autodisable user profile scopes - Google API key is not usable for geolocation service any more Moderate SUSE bug 1173991 SUSE bug 1174284 SUSE bug 1175686 CVE-2020-15663 CVE-2020-15664 CVE-2020-15670 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165629). - CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798). - CVE-2020-14356: Fixed a null pointer dereference in cgroupv2 subsystem which could have led to privilege escalation (bsc#1175213). - CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205). - CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757). - CVE-2020-24394: Fixed an issue which could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support (bsc#1175518). - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication Bluetooth might have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access (bsc#1171988). - CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069). The following non-security bugs were fixed: - btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1174784). - cifs: document and cleanup dfs mount (bsc#1144333 bsc#1172428). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1144333 bsc#1172428). - cifs: fix double free error on share and prefix (bsc#1144333 bsc#1172428). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1144333 bsc#1172428). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1144333 bsc#1172428). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: reduce number of referral requests in DFS link lookups (bsc#1144333 bsc#1172428). - cifs: rename reconn_inval_dfs_target() (bsc#1144333 bsc#1172428). - Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175127). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL (bsc#1175515). - ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL (bsc#1175515). - ipvs: fix the connection sync failed in some cases (bsc#1174699). - kabi: hide new parameter of ip6_dst_lookup_flow() (bsc#1165629). - kabi: mask changes to struct ipv6_stub (bsc#1165629). - mm: Avoid calling build_all_zonelists_init under hotplug context (bsc#1154366). - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). - ocfs2: add trimfs dlm lock resource (bsc#1175228). - ocfs2: add trimfs lock to avoid duplicated trims in cluster (bsc#1175228). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix remounting needed after setfacl command (bsc#1173954). - ocfs2: fix the application IO timeout when fstrim is running (bsc#1175228). - ocfs2: load global_inode_alloc (bsc#1172963). - ocfs2: load global_inode_alloc (bsc#1172963). - powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689). - powerpc/pseries: PCIE PHB reset (bsc#1174689). - Revert 'ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963).' This reverts commit 2638f62c6bc33d4c10ce0dddbf240aa80d366d7b. - Revert 'ocfs2: load global_inode_alloc (bsc#1172963).' This reverts commit f04f670651f505cb354f26601ec5f5e4428f2f47. - scsi: scsi_dh_alua: skip RTPG for devices only supporting active/optimized (bsc#1174978). - selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995). - Update patch reference for a tipc fix patch (bsc#1175515) - x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115). - xen: do not reschedule in preemption off sections (bsc#1175749). Important SUSE bug 1058115 SUSE bug 1071995 SUSE bug 1144333 SUSE bug 1154366 SUSE bug 1165629 SUSE bug 1171988 SUSE bug 1172428 SUSE bug 1172963 SUSE bug 1173798 SUSE bug 1173954 SUSE bug 1174205 SUSE bug 1174689 SUSE bug 1174699 SUSE bug 1174757 SUSE bug 1174784 SUSE bug 1174978 SUSE bug 1175112 SUSE bug 1175127 SUSE bug 1175213 SUSE bug 1175228 SUSE bug 1175515 SUSE bug 1175518 SUSE bug 1175691 SUSE bug 1175749 SUSE bug 1176069 CVE-2020-10135 CVE-2020-14314 CVE-2020-14331 CVE-2020-14356 CVE-2020-14386 CVE-2020-16166 CVE-2020-1749 CVE-2020-24394 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for shim fixes the following issues: - Update to the unified shim binary from SUSE Linux Enterprise 15-SP1 (bsc#1168994) This update addresses the 'BootHole' security issue (master CVE CVE-2020-10713), by disallowing binaries signed by the previous SUSE UEFI signing key from booting. This update should only be installed after updates of grub2, the Linux kernel and (if used) Xen from July / August 2020 are applied. Additional fixes: + shim-install: install MokManager to \EFI\boot to process the pending MOK request (bsc#1175626, bsc#1175656) Moderate SUSE bug 1168994 SUSE bug 1175626 SUSE bug 1175656 CVE-2020-10713 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for libsolv fixes the following issues: This is a reissue of an existing libsolv update that also included libsolv-devel for LTSS products. libsolv was updated to version 0.6.36 fixes the following issues: Security issues fixed: - CVE-2018-20532: Fixed a NULL pointer dereference in testcase_read() (bsc#1120629). - CVE-2018-20533: Fixed a NULL pointer dereference in testcase_str2dep_complex() (bsc#1120630). - CVE-2018-20534: Fixed a NULL pointer dereference in pool_whatprovides() (bsc#1120631). Non-security issues fixed: - Made cleandeps jobs on patterns work (bsc#1137977). - Fixed an issue multiversion packages that obsolete their own name (bsc#1127155). - Keep consistent package name if there are multiple alternatives (bsc#1131823). Moderate SUSE bug 1120629 SUSE bug 1120630 SUSE bug 1120631 SUSE bug 1127155 SUSE bug 1131823 SUSE bug 1137977 CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for perl-DBI fixes the following issues: Security issues fixed: - CVE-2020-14392: Memory corruption in XS functions when Perl stack is reallocated (bsc#1176412). - CVE-2020-14393: Fixed a buffer overflow on an overlong DBD class name (bsc#1176409). Important SUSE bug 1176409 SUSE bug 1176412 CVE-2020-14392 CVE-2020-14393 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for python3 fixes the following issues: - CVE-2019-20907: Fixed denial of service by avoiding possible infinite loop in specifically crafted tarball (bsc#1174091). - CVE-2020-14422: Fixed an improper computation of hash values in the IPv4Interface and IPv6Interface could have led to denial of service (bsc#1173274). - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238). - CVE-2019-9947: Fixed an issue in urllib2 which allowed CRLF injection if the attacker controls a url parameter (bsc#1130840). - If the locale is 'C', coerce it to C.UTF-8 (bsc#1162423). Important SUSE bug 1088004 SUSE bug 1088009 SUSE bug 1130840 SUSE bug 1141853 SUSE bug 1149955 SUSE bug 1153238 SUSE bug 1162423 SUSE bug 1173274 SUSE bug 1174091 SUSE bug 1174701 CVE-2018-14647 CVE-2018-20852 CVE-2019-16056 CVE-2019-16935 CVE-2019-20907 CVE-2019-9947 CVE-2020-14422 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for ovmf fixes the following issues: - CVE-2019-14562: Fixed an overflow in DxeImageVerificationHandler (bsc#1175476). - Use openSUSE CA for the opensuse flavor (bsc#1175674) Moderate SUSE bug 1175476 SUSE bug 1175674 CVE-2019-14562 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for samba fixes the following issues: - ZeroLogon: An elevation of privilege was possible with some configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579). - Fixed an issue where multiple home folders were created(bsc#1174316, bso#13369). - Fixed an issue where the net command was unable to negotiate SMB2 (bsc#1174120); Important SUSE bug 1174120 SUSE bug 1174316 SUSE bug 1176579 CVE-2020-1472 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for libqt5-qtbase fixes the following issues: - CVE-2020-17507: Fixed a buffer overflow in XBM parser (bsc#1176315) - Made handling of XDG_RUNTIME_DIR more secure (bsc#1172515) Important SUSE bug 1172515 SUSE bug 1176315 CVE-2020-17507 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: -Firefox was updated to 78.3.0 ESR (bsc#1176756, MFSA 2020-43) - CVE-2020-15677: Download origin spoofing via redirect - CVE-2020-15676: Fixed an XSS when pasting attacker-controlled data into a contenteditable element - CVE-2020-15678: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario - CVE-2020-15673: Fixed memory safety bugs - Enhance fix for wayland-detection (bsc#1174420) - Attempt to fix langpack-parallelization by introducing separate obj-dirs for each lang (bsc#1173986, bsc#1167976) Important SUSE bug 1167976 SUSE bug 1173986 SUSE bug 1174420 SUSE bug 1176756 CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for xen fixes the following issues: - CVE-2020-25602: Fixed an issue where there was a crash when handling guest access to MSR_MISC_ENABLE was thrown (bsc#1176339,XSA-333) - CVE-2020-25598: Added a missing unlock in XENMEM_acquire_resource error path (bsc#1176341,XSA-334) - CVE-2020-25604: Fixed a race condition when migrating timers between x86 HVM vCPU-s (bsc#1176343,XSA-336) - CVE-2020-25595: Fixed an issue where PCI passthrough code was reading back hardware registers (bsc#1176344,XSA-337) - CVE-2020-25597: Fixed an issue where a valid event channels may not turn invalid (bsc#1176346,XSA-338) - CVE-2020-25596: Fixed a potential denial of service in x86 pv guest kernel via SYSENTER (bsc#1176345,XSA-339) - CVE-2020-25603: Fixed an issue due to missing barriers when accessing/allocating an event channel (bsc#1176347,XSA-340) - CVE-2020-25600: Fixed out of bounds event channels available to 32-bit x86 domains (bsc#1176348,XSA-342) - CVE-2020-25599: Fixed race conditions with evtchn_reset() (bsc#1176349,XSA-343) - CVE-2020-25601: Fixed an issue due to lack of preemption in evtchn_reset() / evtchn_destroy() (bsc#1176350,XSA-344) - CVE-2020-14364: Fixed an out-of-bounds read/write access while processing usb packets (bsc#1175534). - Various bug fixes (bsc#1027519) Important SUSE bug 1027519 SUSE bug 1175534 SUSE bug 1176339 SUSE bug 1176343 SUSE bug 1176344 SUSE bug 1176345 SUSE bug 1176346 SUSE bug 1176347 SUSE bug 1176348 SUSE bug 1176349 SUSE bug 1176350 CVE-2020-14364 CVE-2020-25595 CVE-2020-25596 CVE-2020-25597 CVE-2020-25599 CVE-2020-25600 CVE-2020-25601 CVE-2020-25602 CVE-2020-25603 CVE-2020-25604 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for perl-DBI fixes the following issues: - CVE-2019-20919: Fixed a NULL profile dereference in dbi_profile (bsc#1176764). - CVE-2013-7490: Fixed memory corruption when using many arguments to methods for CallbacksUsing (bsc#1176496). Important SUSE bug 1176496 SUSE bug 1176764 CVE-2013-7490 CVE-2019-20919 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for java-1_7_0-openjdk fixes the following issues: - java-1_7_0-openjdk was updated to 2.6.23 (July 2020 CPU, bsc#1174157) - JDK-8028431, CVE-2020-14579: NullPointerException in - DerValue.equals(DerValue) - JDK-8028591, CVE-2020-14578: NegativeArraySizeException in - sun.security.util.DerInputStream.getUnalignedBitString() - JDK-8230613: Better ASCII conversions - JDK-8231800: Better listing of arrays - JDK-8232014: Expand DTD support - JDK-8233255: Better Swing Buttons - JDK-8234032: Improve basic calendar services - JDK-8234042: Better factory production of certificates - JDK-8234418: Better parsing with CertificateFactory - JDK-8234836: Improve serialization handling - JDK-8236191: Enhance OID processing - JDK-8237592, CVE-2020-14577: Enhance certificate verification - JDK-8238002, CVE-2020-14581: Better matrix operations - JDK-8238804: Enhance key handling process - JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable - JDK-8238843: Enhanced font handing - JDK-8238920, CVE-2020-14583: Better Buffer support - JDK-8238925: Enhance WAV file playback - JDK-8240119, CVE-2020-14593: Less Affine Transformations - JDK-8240482: Improved WAV file playback - JDK-8241379: Update JCEKS support - JDK-8241522: Manifest improved jar headers redux - JDK-8242136, CVE-2020-14621: Better XML namespace handling - JDK-8040113: File not initialized in src/share/native/sun/awt/giflib/dgif_lib.c - JDK-8054446: Repeated offer and remove on ConcurrentLinkedQueue lead to an OutOfMemoryError - JDK-8077982: GIFLIB upgrade - JDK-8081315: 8077982 giflib upgrade breaks system giflib builds with earlier versions - JDK-8147087: Race when reusing PerRegionTable bitmaps may result in dropped remembered set entries - JDK-8151582: (ch) test java/nio/channels/AsyncCloseAndInterrupt.java failing due to 'Connection succeeded' - JDK-8155691: Update GIFlib library to the latest up-to-date - JDK-8181841: A TSA server returns timestamp with precision higher than milliseconds - JDK-8203190: SessionId.hashCode generates too many collisions - JDK-8217676: Upgrade libpng to 1.6.37 - JDK-8220495: Update GIFlib library to the 5.1.8 - JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys - JDK-8229899: Make java.io.File.isInvalid() less racy - JDK-8230597: Update GIFlib library to the 5.2.1 - JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return - JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a - JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result Important SUSE bug 1174157 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for tigervnc fixes the following issues: - CVE-2020-26117: Server certificates were stored as certiticate authorities, allowing malicious owners of these certificates to impersonate any server after a client had added an exception (bsc#1176733) Critical SUSE bug 1176733 CVE-2020-26117 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). Important SUSE bug 1176410 SUSE bug 1177143 CVE-2020-25219 CVE-2020-26154 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for bcm43xx-firmware fixes the following issues: - Update bluetooth firmware to address Sweyntooth and Spectra issues (bsc#1176631): Moderate SUSE bug 1176631 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for freetype2 fixes the following issues: - CVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps (bsc#1177914). Important SUSE bug 1177914 CVE-2020-15999 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for libvirt fixes the following issues: - CVE-2020-15708: Added a note to libvirtd.conf about polkit auth in SUSE distros (bsc#1174955). - CVE-2020-25637: Fixed a double free in qemuAgentGetInterfaces() (bsc#1177155). - libxl: Fixed lock manager lock ordering (bsc#1171701). Important SUSE bug 1171701 SUSE bug 1174955 SUSE bug 1177155 CVE-2020-15708 CVE-2020-25637 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.4.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2020-46 (bsc#1177872, bsc#1176756) * CVE-2020-15969 Use-after-free in usersctp * CVE-2020-15683 Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 * Fixed: Fixed legacy preferences not being properly applied when set via GPO Important SUSE bug 1176756 SUSE bug 1177872 CVE-2020-15683 CVE-2020-15969 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for spice fixes the following issues: - CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC image decoding (bsc#1177158). Moderate SUSE bug 1177158 CVE-2020-14355 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for spice-gtk fixes the following issues: - CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC image decoding (bsc#1177158). Moderate SUSE bug 1177158 CVE-2020-14355 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for xen fixes the following issues: - bsc#1177409 - VUL-0: CVE-2020-27673: xen: x86 PV guest INVLPG-like flushes may leave stale TLB entries (XSA-286) - bsc#1177412 - VUL-0: CVE-2020-27672: xen: Race condition in Xen mapping code (XSA-345) - bsc#1177413 - VUL-0: CVE-2020-27671: xen: undue deferral of IOMMU TLB flushes (XSA-346) - bsc#1177414 - VUL-0: CVE-2020-27670: xen: unsafe AMD IOMMU page table updates (XSA-347) Important SUSE bug 1177409 SUSE bug 1177412 SUSE bug 1177413 SUSE bug 1177414 CVE-2020-27670 CVE-2020-27671 CVE-2020-27672 CVE-2020-27673 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for samba fixes the following issues: - CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records (bsc#1177613). - CVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994). - CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify (bsc#1173902). Important SUSE bug 1173902 SUSE bug 1173994 SUSE bug 1177613 CVE-2020-14318 CVE-2020-14323 CVE-2020-14383 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for sane-backends fixes the following issues: - sane-backends version upgrade to 1.0.31: * sane-backends version upgrade to 1.0.30 fixes memory corruption bugs CVE-2020-12861, CVE-2020-12862, CVE-2020-12863, CVE-2020-12864, CVE-2020-12865, CVE-2020-12866, CVE-2020-12867 (bsc#1172524) * sane-backends version upgrade to 1.0.31 to further improve hardware enablement for scanner devices (jsc#SLE-15561 and jsc#SLE-15560 with jsc#ECO-2418) * The new escl backend cannot be provided for SLE12 because it requires more additional software (avahi-client, libcurl, and libpoppler-glib-devel) where in particular for libcurl the one that is in SLE12 (via libcurl-devel-7.37.0) is likely too old because with that building the escl backend fails with 'escl/escl.c:1267:34: error: 'CURLOPT_UNIX_SOCKET_PATH' undeclared curl_easy_setopt(handle, CURLOPT_UNIX_SOCKET_PATH' Important SUSE bug 1172524 CVE-2017-6318 CVE-2020-12861 CVE-2020-12862 CVE-2020-12863 CVE-2020-12864 CVE-2020-12865 CVE-2020-12866 CVE-2020-12867 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for apache-commons-httpclient fixes the following issues: - http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. [bsc#945190, CVE-2015-5262] - org.apache.http.conn.ssl.AbstractVerifier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows MITM attackers to spoof SSL servers via a 'CN=' string in a field in the distinguished name (DN) of a certificate. [bsc#1178171, CVE-2014-3577] Important SUSE bug 1178171 SUSE bug 945190 CVE-2014-3577 CVE-2015-5262 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for java-1_8_0-openjdk fixes the following issues: - Fix regression '8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)', introduced in October 2020 CPU. - Update to version jdk8u272 (icedtea 3.17.0) (July 2020 CPU, bsc#1174157, and October 2020 CPU, bsc#1177943) * New features + JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7 + PR3796: Allow the number of curves supported to be specified * Security fixes + JDK-8028431, CVE-2020-14579: NullPointerException in DerValue.equals(DerValue) + JDK-8028591, CVE-2020-14578: NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString() + JDK-8230613: Better ASCII conversions + JDK-8231800: Better listing of arrays + JDK-8232014: Expand DTD support + JDK-8233255: Better Swing Buttons + JDK-8233624: Enhance JNI linkage + JDK-8234032: Improve basic calendar services + JDK-8234042: Better factory production of certificates + JDK-8234418: Better parsing with CertificateFactory + JDK-8234836: Improve serialization handling + JDK-8236191: Enhance OID processing + JDK-8236196: Improve string pooling + JDK-8236862, CVE-2020-14779: Enhance support of Proxy class + JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior + JDK-8237592, CVE-2020-14577: Enhance certificate verification + JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts + JDK-8237995, CVE-2020-14782: Enhance certificate processing + JDK-8238002, CVE-2020-14581: Better matrix operations + JDK-8238804: Enhance key handling process + JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable + JDK-8238843: Enhanced font handing + JDK-8238920, CVE-2020-14583: Better Buffer support + JDK-8238925: Enhance WAV file playback + JDK-8240119, CVE-2020-14593: Less Affine Transformations + JDK-8240124: Better VM Interning + JDK-8240482: Improved WAV file playback + JDK-8241114, CVE-2020-14792: Better range handling + JDK-8241379: Update JCEKS support + JDK-8241522: Manifest improved jar headers redux + JDK-8242136, CVE-2020-14621: Better XML namespace handling + JDK-8242680, CVE-2020-14796: Improved URI Support + JDK-8242685, CVE-2020-14797: Better Path Validation + JDK-8242695, CVE-2020-14798: Enhanced buffer support + JDK-8243302: Advanced class supports + JDK-8244136, CVE-2020-14803: Improved Buffer supports + JDK-8244479: Further constrain certificates + JDK-8244955: Additional Fix for JDK-8240124 + JDK-8245407: Enhance zoning of times + JDK-8245412: Better class definitions + JDK-8245417: Improve certificate chain handling + JDK-8248574: Improve jpeg processing + JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit + JDK-8253019: Enhanced JPEG decoding * Import of OpenJDK 8 u262 build 01 + JDK-4949105: Access Bridge lacks html tags parsing + JDK-8003209: JFR events for network utilization + JDK-8030680: 292 cleanup from default method code assessment + JDK-8035633: TEST_BUG: java/net/NetworkInterface/Equals.java and some tests failed on windows intermittently + JDK-8041626: Shutdown tracing event + JDK-8141056: Erroneous assignment in HeapRegionSet.cpp + JDK-8149338: JVM Crash caused by Marlin renderer not handling NaN coordinates + JDK-8151582: (ch) test java/nio/channels/ /AsyncCloseAndInterrupt.java failing due to 'Connection succeeded' + JDK-8165675: Trace event for thread park has incorrect unit for timeout + JDK-8176182: 4 security tests are not run + JDK-8178910: Problemlist sample tests + JDK-8183925: Decouple crash protection from watcher thread + JDK-8191393: Random crashes during cfree+0x1c + JDK-8195817: JFR.stop should require name of recording + JDK-8195818: JFR.start should increase autogenerated name by one + JDK-8195819: Remove recording=x from jcmd JFR.check output + JDK-8199712: Flight Recorder + JDK-8202578: Revisit location for class unload events + JDK-8202835: jfr/event/os/TestSystemProcess.java fails on missing events + JDK-8203287: Zero fails to build after JDK-8199712 (Flight Recorder) + JDK-8203346: JFR: Inconsistent signature of jfr_add_string_constant + JDK-8203664: JFR start failure after AppCDS archive created with JFR StartFlightRecording + JDK-8203921: JFR thread sampling is missing fixes from JDK-8194552 + JDK-8203929: Limit amount of data for JFR.dump + JDK-8205516: JFR tool + JDK-8207392: [PPC64] Implement JFR profiling + JDK-8207829: FlightRecorderMXBeanImpl is leaking the first classloader which calls it + JDK-8209960: -Xlog:jfr* doesn't work with the JFR + JDK-8210024: JFR calls virtual is_Java_thread from ~Thread() + JDK-8210776: Upgrade X Window System 6.8.2 to the latest XWD 1.0.7 + JDK-8211239: Build fails without JFR: empty JFR events signatures mismatch + JDK-8212232: Wrong metadata for the configuration of the cutoff for old object sample events + JDK-8213015: Inconsistent settings between JFR.configure and -XX:FlightRecorderOptions + JDK-8213421: Line number information for execution samples always 0 + JDK-8213617: JFR should record the PID of the recorded process + JDK-8213734: SAXParser.parse(File, ..) does not close resources when Exception occurs. + JDK-8213914: [TESTBUG] Several JFR VM events are not covered by tests + JDK-8213917: [TESTBUG] Shutdown JFR event is not covered by test + JDK-8213966: The ZGC JFR events should be marked as experimental + JDK-8214542: JFR: Old Object Sample event slow on a deep heap in debug builds + JDK-8214750: Unnecessary <p> tags in jfr classes + JDK-8214896: JFR Tool left files behind + JDK-8214906: [TESTBUG] jfr/event/sampling/TestNative.java fails with UnsatisfiedLinkError + JDK-8214925: JFR tool fails to execute + JDK-8215175: Inconsistencies in JFR event metadata + JDK-8215237: jdk.jfr.Recording javadoc does not compile + JDK-8215284: Reduce noise induced by periodic task getFileSize() + JDK-8215355: Object monitor deadlock with no threads holding the monitor (using jemalloc 5.1) + JDK-8215362: JFR GTest JfrTestNetworkUtilization fails + JDK-8215771: The jfr tool should pretty print reference chains + JDK-8216064: -XX:StartFlightRecording:settings= doesn't work properly + JDK-8216486: Possibility of integer overflow in JfrThreadSampler::run() + JDK-8216528: test/jdk/java/rmi/transport/ /runtimeThreadInheritanceLeak/ /RuntimeThreadInheritanceLeak.java failing with Xcomp + JDK-8216559: [JFR] Native libraries not correctly parsed from /proc/self/maps + JDK-8216578: Remove unused/obsolete method in JFR code + JDK-8216995: Clean up JFR command line processing + JDK-8217744: [TESTBUG] JFR TestShutdownEvent fails on some systems due to process surviving SIGINT + JDK-8217748: [TESTBUG] Exclude TestSig test case from JFR TestShutdownEvent + JDK-8218935: Make jfr strncpy uses GCC 8.x friendly + JDK-8223147: JFR Backport + JDK-8223689: Add JFR Thread Sampling Support + JDK-8223690: Add JFR BiasedLock Event Support + JDK-8223691: Add JFR G1 Region Type Change Event Support + JDK-8223692: Add JFR G1 Heap Summary Event Support + JDK-8224172: assert(jfr_is_event_enabled(id)) failed: invariant + JDK-8224475: JTextPane does not show images in HTML rendering + JDK-8226253: JAWS reports wrong number of radio buttons when buttons are hidden. + JDK-8226779: [TESTBUG] Test JFR API from Java agent + JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys + JDK-8227011: Starting a JFR recording in response to JVMTI VMInit and / or Java agent premain corrupts memory + JDK-8227605: Kitchensink fails 'assert((((klass)->trace_id() & (JfrTraceIdEpoch::leakp_in_use_this_epoch_bit())) != 0)) failed: invariant' + JDK-8229366: JFR backport allows unchecked writing to memory + JDK-8229401: Fix JFR code cache test failures + JDK-8229708: JFR backport code does not initialize + JDK-8229873: 8229401 broke jdk8u-jfr-incubator + JDK-8230448: [test] JFRSecurityTestSuite.java is failing on Windows + JDK-8230707: JFR related tests are failing + JDK-8230782: Robot.createScreenCapture() fails if 'awt.robot.gtk' is set to false + JDK-8230856: Java_java_net_NetworkInterface_getByName0 on unix misses ReleaseStringUTFChars in early return + JDK-8230947: TestLookForUntestedEvents.java is failing after JDK-8230707 + JDK-8231995: two jtreg tests failed after 8229366 is fixed + JDK-8233623: Add classpath exception to copyright in EventHandlerProxyCreator.java file + JDK-8236002: CSR for JFR backport suggests not leaving out the package-info + JDK-8236008: Some backup files were accidentally left in the hotspot tree + JDK-8236074: Missed package-info + JDK-8236174: Should update javadoc since tags + JDK-8238076: Fix OpenJDK 7 Bootstrap Broken by JFR Backport + JDK-8238452: Keytool generates wrong expiration date if validity is set to 2050/01/01 + JDK-8238555: Allow Initialization of SunPKCS11 with NSS when there are external FIPS modules in the NSSDB + JDK-8238589: Necessary code cleanup in JFR for JDK8u + JDK-8238590: Enable JFR by default during compilation in 8u + JDK-8239055: Wrong implementation of VMState.hasListener + JDK-8239476: JDK-8238589 broke windows build by moving OrderedPair + JDK-8239479: minimal1 and zero builds are failing + JDK-8239867: correct over use of INCLUDE_JFR macro + JDK-8240375: Disable JFR by default for July 2020 release + JDK-8241444: Metaspace::_class_vsm not initialized if compressed class pointers are disabled + JDK-8241902: AIX Build broken after integration of JDK-8223147 (JFR Backport) + JDK-8242788: Non-PCH build is broken after JDK-8191393 * Import of OpenJDK 8 u262 build 02 + JDK-8130737: AffineTransformOp can't handle child raster with non-zero x-offset + JDK-8172559: [PIT][TEST_BUG] Move @test to be 1st annotation in java/awt/image/Raster/TestChildRasterOp.java + JDK-8230926: [macosx] Two apostrophes are entered instead of one with 'U.S. International - PC' layout + JDK-8240576: JVM crashes after transformation in C2 IdealLoopTree::merge_many_backedges + JDK-8242883: Incomplete backport of JDK-8078268: backport test part * Import of OpenJDK 8 u262 build 03 + JDK-8037866: Replace the Fun class in tests with lambdas + JDK-8146612: C2: Precedence edges specification violated + JDK-8150986: serviceability/sa/jmap-hprof/ /JMapHProfLargeHeapTest.java failing because expects HPROF JAVA PROFILE 1.0.1 file format + JDK-8229888: (zipfs) Updating an existing zip file does not preserve original permissions + JDK-8230597: Update GIFlib library to the 5.2.1 + JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return + JDK-8233880, PR3798: Support compilers with multi-digit major version numbers + JDK-8239852: java/util/concurrent tests fail with -XX:+VerifyGraphEdges: assert(!VerifyGraphEdges) failed: verification should have failed + JDK-8241638: launcher time metrics always report 1 on Linux when _JAVA_LAUNCHER_DEBUG set + JDK-8243059: Build fails when --with-vendor-name contains a comma + JDK-8243474: [TESTBUG] removed three tests of 0 bytes + JDK-8244461: [JDK 8u] Build fails with glibc 2.32 + JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result * Import of OpenJDK 8 u262 build 04 + JDK-8067796: (process) Process.waitFor(timeout, unit) doesn't throw NPE if timeout is less than, or equal to zero when unit == null + JDK-8148886: SEGV in sun.java2d.marlin.Renderer._endRendering + JDK-8171934: ObjectSizeCalculator.getEffectiveMemoryLayoutSpecification() does not recognize OpenJDK's HotSpot VM + JDK-8196969: JTreg Failure: serviceability/sa/ClhsdbJstack.java causes NPE + JDK-8243539: Copyright info (Year) should be updated for fix of 8241638 + JDK-8244777: ClassLoaderStats VM Op uses constant hash value * Import of OpenJDK 8 u262 build 05 + JDK-7147060: com/sun/org/apache/xml/internal/security/ /transforms/ClassLoaderTest.java doesn't run in agentvm mode + JDK-8178374: Problematic ByteBuffer handling in CipherSpi.bufferCrypt method + JDK-8181841: A TSA server returns timestamp with precision higher than milliseconds + JDK-8227269: Slow class loading when running with JDWP + JDK-8229899: Make java.io.File.isInvalid() less racy + JDK-8236996: Incorrect Roboto font rendering on Windows with subpixel antialiasing + JDK-8241750: x86_32 build failure after JDK-8227269 + JDK-8244407: JVM crashes after transformation in C2 IdealLoopTree::split_fall_in + JDK-8244843: JapanEraNameCompatTest fails * Import of OpenJDK 8 u262 build 06 + JDK-8246223: Windows build fails after JDK-8227269 * Import of OpenJDK 8 u262 build 07 + JDK-8233197: Invert JvmtiExport::post_vm_initialized() and Jfr:on_vm_start() start-up order for correct option parsing + JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a + JDK-8245167: Top package in method profiling shows null in JMC + JDK-8246703: [TESTBUG] Add test for JDK-8233197 * Import of OpenJDK 8 u262 build 08 + JDK-8220293: Deadlock in JFR string pool + JDK-8225068: Remove DocuSign root certificate that is expiring in May 2020 + JDK-8225069: Remove Comodo root certificate that is expiring in May 2020 * Import of OpenJDK 8 u262 build 09 + JDK-8248399: Build installs jfr binary when JFR is disabled * Import of OpenJDK 8 u262 build 10 + JDK-8248715: New JavaTimeSupplementary localisation for 'in' installed in wrong package * Import of OpenJDK 8 u265 build 01 + JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior + JDK-8250546: Expect changed behaviour reported in JDK-8249846 * Import of OpenJDK 8 u272 build 01 + JDK-8006205: [TESTBUG] NEED_TEST: please JTREGIFY test/compiler/7177917/Test7177917.java + JDK-8035493: JVMTI PopFrame capability must instruct compilers not to prune locals + JDK-8036088: Replace strtok() with its safe equivalent strtok_s() in DefaultProxySelector.c + JDK-8039082: [TEST_BUG] Test java/awt/dnd/ /BadSerializationTest/BadSerializationTest.java fails + JDK-8075774: Small readability and performance improvements for zipfs + JDK-8132206: move ScanTest.java into OpenJDK + JDK-8132376: Add @requires os.family to the client tests with access to internal OS-specific API + JDK-8132745: minor cleanup of java/util/Scanner/ScanTest.java + JDK-8137087: [TEST_BUG] Cygwin failure of java/awt/ /appletviewer/IOExceptionIfEncodedURLTest/ /IOExceptionIfEncodedURLTest.sh + JDK-8145808: java/awt/Graphics2D/MTGraphicsAccessTest/ /MTGraphicsAccessTest.java hangs on Win. 8 + JDK-8151788: NullPointerException from ntlm.Client.type3 + JDK-8151834: Test SmallPrimeExponentP.java times out intermittently + JDK-8153430: jdk regression test MletParserLocaleTest, ParserInfiniteLoopTest reduce default timeout + JDK-8153583: Make OutputAnalyzer.reportDiagnosticSummary public + JDK-8156169: Some sound tests rarely hangs because of incorrect synchronization + JDK-8165936: Potential Heap buffer overflow when seaching timezone info files + JDK-8166148: Fix for JDK-8165936 broke solaris builds + JDK-8167300: Scheduling failures during gcm should be fatal + JDK-8167615: Opensource unit/regression tests for JavaSound + JDK-8172012: [TEST_BUG] delays needed in javax/swing/JTree/4633594/bug4633594.java + JDK-8177628: Opensource unit/regression tests for ImageIO + JDK-8183341: Better cleanup for javax/imageio/AllowSearch.java + JDK-8183351: Better cleanup for jdk/test/javax/imageio/spi/ /AppletContextTest/BadPluginConfigurationTest.sh + JDK-8193137: Nashorn crashes when given an empty script file + JDK-8194298: Add support for per Socket configuration of TCP keepalive + JDK-8198004: javax/swing/JFileChooser/6868611/bug6868611.java throws error + JDK-8200313: java/awt/Gtk/GtkVersionTest/GtkVersionTest.java fails + JDK-8210147: adjust some WSAGetLastError usages in windows network coding + JDK-8211714: Need to update vm_version.cpp to recognise VS2017 minor versions + JDK-8214862: assert(proj != __null) at compile.cpp:3251 + JDK-8217606: LdapContext#reconnect always opens a new connection + JDK-8217647: JFR: recordings on 32-bit systems unreadable + JDK-8226697: Several tests which need the @key headful keyword are missing it. + JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow + JDK-8230303: JDB hangs when running monitor command + JDK-8230711: ConnectionGraph::unique_java_object(Node* N) return NULL if n is not in the CG + JDK-8234617: C1: Incorrect result of field load due to missing narrowing conversion + JDK-8235243: handle VS2017 15.9 and VS2019 in abstract_vm_version + JDK-8235325: build failure on Linux after 8235243 + JDK-8235687: Contents/MacOS/libjli.dylib cannot be a symlink + JDK-8237951: CTW: C2 compilation fails with 'malformed control flow' + JDK-8238225: Issues reported after replacing symlink at Contents/MacOS/libjli.dylib with binary + JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD + JDK-8239819: XToolkit: Misread of screen information memory + JDK-8240295: hs_err elapsed time in seconds is not accurate enough + JDK-8241888: Mirror jdk.security.allowNonCaAnchor system property with a security one + JDK-8242498: Invalid 'sun.awt.TimedWindowEvent' object leads to JVM crash + JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions + JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor + JDK-8246310: Clean commented-out code about ModuleEntry and PackageEntry in JFR + JDK-8246384: Enable JFR by default on supported architectures for October 2020 release + JDK-8248643: Remove extra leading space in JDK-8240295 8u backport + JDK-8249610: Make sun.security.krb5.Config.getBooleanObject(String... keys) method public * Import of OpenJDK 8 u272 build 02 + JDK-8023697: failed class resolution reports different class name in detail message for the first and subsequent times + JDK-8025886: replace [[ and == bash extensions in regtest + JDK-8046274: Removing dependency on jakarta-regexp + JDK-8048933: -XX:+TraceExceptions output should include the message + JDK-8076151: [TESTBUG] Test java/awt/FontClass/CreateFont/ /fileaccess/FontFile.java fails + JDK-8148854: Class names 'SomeClass' and 'LSomeClass;' treated by JVM as an equivalent + JDK-8154313: Generated javadoc scattered all over the place + JDK-8163251: Hard coded loop limit prevents reading of smart card data greater than 8k + JDK-8173300: [TESTBUG]compiler/tiered/NonTieredLevelsTest.java fails with compiler.whitebox.SimpleTestCaseHelper(int) must be compiled + JDK-8183349: Better cleanup for jdk/test/javax/imageio/ /plugins/shared/CanWriteSequence.java and WriteAfterAbort.java + JDK-8191678: [TESTBUG] Add keyword headful in java/awt FocusTransitionTest test. + JDK-8201633: Problems with AES-GCM native acceleration + JDK-8211049: Second parameter of 'initialize' method is not used + JDK-8219566: JFR did not collect call stacks when MaxJavaStackTraceDepth is set to zero + JDK-8220165: Encryption using GCM results in RuntimeException- input length out of bound + JDK-8220555: JFR tool shows potentially misleading message when it cannot access a file + JDK-8224217: RecordingInfo should use textual representation of path + JDK-8231779: crash HeapWord*ParallelScavengeHeap::failed_mem_allocate + JDK-8238380, PR3798: java.base/unix/native/libjava/childproc.c 'multiple definition' link errors with GCC10 + JDK-8238386, PR3798: (sctp) jdk.sctp/unix/native/libsctp/ /SctpNet.c 'multiple definition' link errors with GCC10 + JDK-8238388, PR3798: libj2gss/NativeFunc.o 'multiple definition' link errors with GCC10 + JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array + JDK-8250755: Better cleanup for jdk/test/javax/imageio/ /plugins/shared/CanWriteSequence.java * Import of OpenJDK 8 u272 build 03 + JDK-6574989: TEST_BUG: javax/sound/sampled/Clip/bug5070081.java fails sometimes + JDK-8148754: C2 loop unrolling fails due to unexpected graph shape + JDK-8192953: sun/management/jmxremote/bootstrap/*.sh tests fail with error : revokeall.exe: Permission denied + JDK-8203357: Container Metrics + JDK-8209113: Use WeakReference for lastFontStrike for created Fonts + JDK-8216283: Allow shorter method sampling interval than 10 ms + JDK-8221569: JFR tool produces incorrect output when both --categories and --events are specified + JDK-8233097: Fontmetrics for large Fonts has zero width + JDK-8248851: CMS: Missing memory fences between free chunk check and klass read + JDK-8250875: Incorrect parameter type for update_number in JDK_Version::jdk_update * Import of OpenJDK 8 u272 build 04 + JDK-8061616: HotspotDiagnosticMXBean.getVMOption() throws IllegalArgumentException for flags of type double + JDK-8177334: Update xmldsig implementation to Apache Santuario 2.1.1 + JDK-8217878: ENVELOPING XML signature no longer works in JDK 11 + JDK-8218629: XML Digital Signature throws NAMESPACE_ERR exception on OpenJDK 11, works 8/9/10 + JDK-8243138: Enhance BaseLdapServer to support starttls extended request * Import of OpenJDK 8 u272 build 05 + JDK-8026236: Add PrimeTest for BigInteger + JDK-8057003: Large reference arrays cause extremely long synchronization times + JDK-8060721: Test runtime/SharedArchiveFile/ /LimitSharedSizes.java fails in jdk 9 fcs new platforms/compiler + JDK-8152077: (cal) Calendar.roll does not always roll the hours during daylight savings + JDK-8168517: java/lang/ProcessBuilder/Basic.java failed + JDK-8211163: UNIX version of Java_java_io_Console_echo does not return a clean boolean + JDK-8220674: [TESTBUG] MetricsMemoryTester failcount test in docker container only works with debug JVMs + JDK-8231213: Migrate SimpleDateFormatConstTest to JDK Repo + JDK-8236645: JDK 8u231 introduces a regression with incompatible handling of XML messages + JDK-8240676: Meet not symmetric failure when running lucene on jdk8 + JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program + JDK-8249158: THREAD_START and THREAD_END event posted in primordial phase + JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics + JDK-8251546: 8u backport of JDK-8194298 breaks AIX and Solaris builds + JDK-8252084: Minimal VM fails to bootcycle: undefined symbol: AgeTableTracer::is_tenuring_distribution_event_enabled * Import of OpenJDK 8 u272 build 06 + JDK-8064319: Need to enable -XX:+TraceExceptions in release builds + JDK-8080462, PR3801: Update SunPKCS11 provider with PKCS11 v2.40 support + JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider + JDK-8161973: PKIXRevocationChecker.getSoftFailExceptions() not working + JDK-8169925, PR3801: PKCS #11 Cryptographic Token Interface license + JDK-8184762: ZapStackSegments should use optimized memset + JDK-8193234: When using -Xcheck:jni an internally allocated buffer can leak + JDK-8219919: RuntimeStub name lost with PrintFrameConverterAssembly + JDK-8220313: [TESTBUG] Update base image for Docker testing to OL 7.6 + JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp + JDK-8225695: 32-bit build failures after JDK-8080462 (Update SunPKCS11 provider with PKCS11 v2.40 support) + JDK-8226575: OperatingSystemMXBean should be made container aware + JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous + JDK-8228835: Memory leak in PKCS11 provider when using AES GCM + JDK-8233621: Mismatch in jsse.enableMFLNExtension property name + JDK-8238898, PR3801: Missing hash characters for header on license file + JDK-8243320: Add SSL root certificates to Oracle Root CA program + JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26 + JDK-8245467: Remove 8u TLSv1.2 implementation files + JDK-8245469: Remove DTLS protocol implementation + JDK-8245470: Fix JDK8 compatibility issues + JDK-8245471: Revert JDK-8148188 + JDK-8245472: Backport JDK-8038893 to JDK8 + JDK-8245473: OCSP stapling support + JDK-8245474: Add TLS_KRB5 cipher suites support according to RFC-2712 + JDK-8245476: Disable TLSv1.3 protocol in the ClientHello message by default + JDK-8245477: Adjust TLS tests location + JDK-8245653: Remove 8u TLS tests + JDK-8245681: Add TLSv1.3 regression test from 11.0.7 + JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher + JDK-8251120, PR3793: [8u] HotSpot build assumes ENABLE_JFR is set to either true or false + JDK-8251341: Minimal Java specification change + JDK-8251478: Backport TLSv1.3 regression tests to JDK8u * Import of OpenJDK 8 u272 build 07 + JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ * Import of OpenJDK 8 u272 build 08 + JDK-8062947: Fix exception message to correctly represent LDAP connection failure + JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect + JDK-8252573: 8u: Windows build failed after 8222079 backport * Import of OpenJDK 8 u272 build 09 + JDK-8252886: [TESTBUG] sun/security/ec/TestEC.java : Compilation failed * Import of OpenJDK 8 u272 build 10 + JDK-8254673: Call to JvmtiExport::post_vm_start() was removed by the fix for JDK-8249158 + JDK-8254937: Revert JDK-8148854 for 8u272 * Backports + JDK-8038723, PR3806: Openup some PrinterJob tests + JDK-8041480, PR3806: ArrayIndexOutOfBoundsException when JTable contains certain string + JDK-8058779, PR3805: Faster implementation of String.replace(CharSequence, CharSequence) + JDK-8130125, PR3806: [TEST_BUG] add @modules to the several client tests unaffected by the automated bulk update + JDK-8144015, PR3806: [PIT] failures of text layout font tests + JDK-8144023, PR3806: [PIT] failure of text measurements in javax/swing/text/html/parser/Parser/6836089/bug6836089.java + JDK-8144240, PR3806: [macosx][PIT] AIOOB in closed/javax/swing/text/GlyphPainter2/6427244/bug6427244.java + JDK-8145542, PR3806: The case failed automatically and thrown java.lang.ArrayIndexOutOfBoundsException exception + JDK-8151725, PR3806: [macosx] ArrayIndexOOB exception when displaying Devanagari text in JEditorPane + JDK-8152358, PR3800: code and comment cleanups found during the hunt for 8077392 + JDK-8152545, PR3804: Use preprocessor instead of compiling a program to generate native nio constants + JDK-8152680, PR3806: Regression in GlyphVector.getGlyphCharIndex behaviour + JDK-8158924, PR3806: Incorrect i18n text document layout + JDK-8166003, PR3806: [PIT][TEST_BUG] missing helper for javax/swing/text/GlyphPainter2/6427244/bug6427244.java + JDK-8166068, PR3806: test/java/awt/font/GlyphVector/ /GetGlyphCharIndexTest.java does not compile + JDK-8169879, PR3806: [TEST_BUG] javax/swing/text/ /GlyphPainter2/6427244/bug6427244.java - compilation failed + JDK-8191512, PR3806: T2K font rasterizer code removal + JDK-8191522, PR3806: Remove Bigelow&Holmes Lucida fonts from JDK sources + JDK-8236512, PR3801: PKCS11 Connection closed after Cipher.doFinal and NoPadding + JDK-8254177, PR3809: (tz) Upgrade time-zone data to tzdata2020b * Bug fixes + PR3798: Fix format-overflow error on GCC 10, caused by passing NULL to a '%s' directive + PR3795: ECDSAUtils for XML digital signatures should support the same curve set as the rest of the JDK + PR3799: Adapt elliptic curve patches to JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7 + PR3808: IcedTea does not install the JFR *.jfc files + PR3810: Enable JFR on x86 (32-bit) now that JDK-8252096 has fixed its use with Shenandoah + PR3811: Don't attempt to install JFR files when JFR is disabled * Shenandoah + [backport] 8221435: Shenandoah should not mark through weak roots + [backport] 8221629: Shenandoah: Cleanup class unloading logic + [backport] 8222992: Shenandoah: Pre-evacuate all roots + [backport] 8223215: Shenandoah: Support verifying subset of roots + [backport] 8223774: Shenandoah: Refactor ShenandoahRootProcessor and family + [backport] 8224210: Shenandoah: Refactor ShenandoahRootScanner to support scanning CSet codecache roots + [backport] 8224508: Shenandoah: Need to update thread roots in final mark for piggyback ref update cycle + [backport] 8224579: ResourceMark not declared in shenandoahRootProcessor.inline.hpp with --disable-precompiled-headers + [backport] 8224679: Shenandoah: Make ShenandoahParallelCodeCacheIterator noncopyable + [backport] 8224751: Shenandoah: Shenandoah Verifier should select proper roots according to current GC cycle + [backport] 8225014: Separate ShenandoahRootScanner method for object_iterate + [backport] 8225216: gc/logging/TestMetaSpaceLog.java doesn't work for Shenandoah + [backport] 8225573: Shenandoah: Enhance ShenandoahVerifier to ensure roots to-space invariant + [backport] 8225590: Shenandoah: Refactor ShenandoahClassLoaderDataRoots API + [backport] 8226413: Shenandoah: Separate root scanner for SH::object_iterate() + [backport] 8230853: Shenandoah: replace leftover assert(is_in(...)) with rich asserts + [backport] 8231198: Shenandoah: heap walking should visit all roots most of the time + [backport] 8231244: Shenandoah: all-roots heap walking misses some weak roots + [backport] 8237632: Shenandoah: accept NULL fwdptr to cooperate with JVMTI and JFR + [backport] 8239786: Shenandoah: print per-cycle statistics + [backport] 8239926: Shenandoah: Shenandoah needs to mark nmethod's metadata + [backport] 8240671: Shenandoah: refactor ShenandoahPhaseTimings + [backport] 8240749: Shenandoah: refactor ShenandoahUtils + [backport] 8240750: Shenandoah: remove leftover files and mentions of ShenandoahAllocTracker + [backport] 8240868: Shenandoah: remove CM-with-UR piggybacking cycles + [backport] 8240872: Shenandoah: Avoid updating new regions from start of evacuation + [backport] 8240873: Shenandoah: Short-cut arraycopy barriers + [backport] 8240915: Shenandoah: Remove unused fields in init mark tasks + [backport] 8240948: Shenandoah: cleanup not-forwarded-objects paths after JDK-8240868 + [backport] 8241007: Shenandoah: remove ShenandoahCriticalControlThreadPriority support + [backport] 8241062: Shenandoah: rich asserts trigger 'empty statement' inspection + [backport] 8241081: Shenandoah: Do not modify update-watermark concurrently + [backport] 8241093: Shenandoah: editorial changes in flag descriptions + [backport] 8241139: Shenandoah: distribute mark-compact work exactly to minimize fragmentation + [backport] 8241142: Shenandoah: should not use parallel reference processing with single GC thread + [backport] 8241351: Shenandoah: fragmentation metrics overhaul + [backport] 8241435: Shenandoah: avoid disabling pacing with 'aggressive' + [backport] 8241520: Shenandoah: simplify region sequence numbers handling + [backport] 8241534: Shenandoah: region status should include update watermark + [backport] 8241574: Shenandoah: remove ShenandoahAssertToSpaceClosure + [backport] 8241583: Shenandoah: turn heap lock asserts into macros + [backport] 8241668: Shenandoah: make ShenandoahHeapRegion not derive from ContiguousSpace + [backport] 8241673: Shenandoah: refactor anti-false-sharing padding + [backport] 8241675: Shenandoah: assert(n->outcnt() > 0) at shenandoahSupport.cpp:2858 with java/util/Collections/FindSubList.java + [backport] 8241692: Shenandoah: remove ShenandoahHeapRegion::_reserved + [backport] 8241700: Shenandoah: Fold ShenandoahKeepAliveBarrier flag into ShenandoahSATBBarrier + [backport] 8241740: Shenandoah: remove ShenandoahHeapRegion::_heap + [backport] 8241743: Shenandoah: refactor and inline ShenandoahHeap::heap() + [backport] 8241748: Shenandoah: inline MarkingContext TAMS methods + [backport] 8241838: Shenandoah: no need to trash cset during final mark + [backport] 8241841: Shenandoah: ditch one of allocation type counters in ShenandoahHeapRegion + [backport] 8241842: Shenandoah: inline ShenandoahHeapRegion::region_number + [backport] 8241844: Shenandoah: rename ShenandoahHeapRegion::region_number + [backport] 8241845: Shenandoah: align ShenandoahHeapRegions to cache lines + [backport] 8241926: Shenandoah: only print heap changes for operations that directly affect it + [backport] 8241983: Shenandoah: simplify FreeSet logging + [backport] 8241985: Shenandoah: simplify collectable garbage logging + [backport] 8242040: Shenandoah: print allocation failure type + [backport] 8242041: Shenandoah: adaptive heuristics should account evac reserve in free target + [backport] 8242042: Shenandoah: tune down ShenandoahGarbageThreshold + [backport] 8242054: Shenandoah: New incremental-update mode + [backport] 8242075: Shenandoah: rename ShenandoahHeapRegionSize flag + [backport] 8242082: Shenandoah: Purge Traversal mode + [backport] 8242083: Shenandoah: split 'Prepare Evacuation' tracking into cset/freeset counters + [backport] 8242089: Shenandoah: per-worker stats should be summed up, not averaged + [backport] 8242101: Shenandoah: coalesce and parallelise heap region walks during the pauses + [backport] 8242114: Shenandoah: remove ShenandoahHeapRegion::reset_alloc_metadata_to_shared + [backport] 8242130: Shenandoah: Simplify arraycopy-barrier dispatching + [backport] 8242211: Shenandoah: remove ShenandoahHeuristics::RegionData::_seqnum_last_alloc + [backport] 8242212: Shenandoah: initialize ShenandoahHeuristics::_region_data eagerly + [backport] 8242213: Shenandoah: remove ShenandoahHeuristics::_bytes_in_cset + [backport] 8242217: Shenandoah: Enable GC mode to be diagnostic/experimental and have a name + [backport] 8242227: Shenandoah: transit regions to cset state when adding to collection set + [backport] 8242228: Shenandoah: remove unused ShenandoahCollectionSet methods + [backport] 8242229: Shenandoah: inline ShenandoahHeapRegion liveness-related methods + [backport] 8242267: Shenandoah: regions space needs to be aligned by os::vm_allocation_granularity() + [backport] 8242271: Shenandoah: add test to verify GC mode unlock + [backport] 8242273: Shenandoah: accept either SATB or IU barriers, but not both + [backport] 8242301: Shenandoah: Inline LRB runtime call + [backport] 8242316: Shenandoah: Turn NULL-check into assert in SATB slow-path entry + [backport] 8242353: Shenandoah: micro-optimize region liveness handling + [backport] 8242365: Shenandoah: use uint16_t instead of jushort for liveness cache + [backport] 8242375: Shenandoah: Remove ShenandoahHeuristic::record_gc_start/end methods + [backport] 8242641: Shenandoah: clear live data and update TAMS optimistically + [backport] 8243238: Shenandoah: explicit GC request should wait for a complete GC cycle + [backport] 8243301: Shenandoah: ditch ShenandoahAllowMixedAllocs + [backport] 8243307: Shenandoah: remove ShCollectionSet::live_data + [backport] 8243395: Shenandoah: demote guarantee in ShenandoahPhaseTimings::record_workers_end + [backport] 8243463: Shenandoah: ditch total_pause counters + [backport] 8243464: Shenandoah: print statistic counters in time order + [backport] 8243465: Shenandoah: ditch unused pause_other, conc_other counters + [backport] 8243487: Shenandoah: make _num_phases illegal phase type + [backport] 8243494: Shenandoah: set counters once per cycle + [backport] 8243573: Shenandoah: rename GCParPhases and related code + [backport] 8243848: Shenandoah: Windows build fails after JDK-8239786 + [backport] 8244180: Shenandoah: carry Phase to ShWorkerTimingsTracker explicitly + [backport] 8244200: Shenandoah: build breakages after JDK-8241743 + [backport] 8244226: Shenandoah: per-cycle statistics contain worker data from previous cycles + [backport] 8244326: Shenandoah: global statistics should not accept bogus samples + [backport] 8244509: Shenandoah: refactor ShenandoahBarrierC2Support::test_* methods + [backport] 8244551: Shenandoah: Fix racy update of update_watermark + [backport] 8244667: Shenandoah: SBC2Support::test_gc_state takes loop for wrong control + [backport] 8244730: Shenandoah: gc/shenandoah/options/ /TestHeuristicsUnlock.java should only verify the heuristics + [backport] 8244732: Shenandoah: move heuristics code to gc/shenandoah/heuristics + [backport] 8244737: Shenandoah: move mode code to gc/shenandoah/mode + [backport] 8244739: Shenandoah: break superclass dependency on ShenandoahNormalMode + [backport] 8244740: Shenandoah: rename ShenandoahNormalMode to ShenandoahSATBMode + [backport] 8245461: Shenandoah: refine mode name()-s + [backport] 8245463: Shenandoah: refine ShenandoahPhaseTimings constructor arguments + [backport] 8245464: Shenandoah: allocate collection set bitmap at lower addresses + [backport] 8245465: Shenandoah: test_in_cset can use more efficient encoding + [backport] 8245726: Shenandoah: lift/cleanup ShenandoahHeuristics names and properties + [backport] 8245754: Shenandoah: ditch ShenandoahAlwaysPreTouch + [backport] 8245757: Shenandoah: AlwaysPreTouch should not disable heap resizing or uncommits + [backport] 8245773: Shenandoah: Windows assertion failure after JDK-8245464 + [backport] 8245812: Shenandoah: compute root phase parallelism + [backport] 8245814: Shenandoah: reconsider format specifiers for stats + [backport] 8245825: Shenandoah: Remove diagnostic flag ShenandoahConcurrentScanCodeRoots + [backport] 8246162: Shenandoah: full GC does not mark code roots when class unloading is off + [backport] 8247310: Shenandoah: pacer should not affect interrupt status + [backport] 8247358: Shenandoah: reconsider free budget slice for marking + [backport] 8247367: Shenandoah: pacer should wait on lock instead of exponential backoff + [backport] 8247474: Shenandoah: Windows build warning after JDK-8247310 + [backport] 8247560: Shenandoah: heap iteration holds root locks all the time + [backport] 8247593: Shenandoah: should not block pacing reporters + [backport] 8247751: Shenandoah: options tests should run with smaller heaps + [backport] 8247754: Shenandoah: mxbeans tests can be shorter + [backport] 8247757: Shenandoah: split heavy tests by heuristics to improve parallelism + [backport] 8247860: Shenandoah: add update watermark line in rich assert failure message + [backport] 8248041: Shenandoah: pre-Full GC root updates may miss some roots + [backport] 8248652: Shenandoah: SATB buffer handling may assume no forwarded objects + [backport] 8249560: Shenandoah: Fix racy GC request handling + [backport] 8249649: Shenandoah: provide per-cycle pacing stats + [backport] 8249801: Shenandoah: Clear soft-refs on requested GC cycle + [backport] 8249953: Shenandoah: gc/shenandoah/mxbeans tests should account for corner cases + Fix slowdebug build after JDK-8230853 backport + JDK-8252096: Shenandoah: adjust SerialPageShiftCount for x86_32 and JFR + JDK-8252366: Shenandoah: revert/cleanup changes in graphKit.cpp + Shenandoah: add JFR roots to root processor after JFR integration + Shenandoah: add root statistics for string dedup table/queues + Shenandoah: enable low-frequency STW class unloading + Shenandoah: fix build failures after JDK-8244737 backport + Shenandoah: Fix build failure with +JFR -PCH + Shenandoah: fix forceful pacer claim + Shenandoah: fix formats in ShenandoahStringSymbolTableUnlinkTask + Shenandoah: fix runtime linking failure due to non-compiled shenandoahBarrierSetC1 + Shenandoah: hook statistics printing to PrintGCDetails, not PrintGC + Shenandoah: JNI weak roots are always cleared before Full GC mark + Shenandoah: missing SystemDictionary roots in ShenandoahHeapIterationRootScanner + Shenandoah: move barrier sets to their proper locations + Shenandoah: move parallelCleaning.* to shenandoah/ + Shenandoah: pacer should use proper Atomics for intptr_t + Shenandoah: properly deallocates class loader metadata + Shenandoah: specialize String Table scans for better pause performance + Shenandoah: Zero build fails after recent Atomic cleanup in Pacer * AArch64 port + JDK-8161072, PR3797: AArch64: jtreg compiler/uncommontrap/TestDeoptOOM failure + JDK-8171537, PR3797: aarch64: compiler/c1/Test6849574.java generates guarantee failure in C1 + JDK-8183925, PR3797: [AArch64] Decouple crash protection from watcher thread + JDK-8199712, PR3797: [AArch64] Flight Recorder + JDK-8203481, PR3797: Incorrect constraint for unextended_sp in frame:safe_for_sender + JDK-8203699, PR3797: java/lang/invoke/SpecialInterfaceCall fails with SIGILL on aarch64 + JDK-8209413, PR3797: AArch64: NPE in clhsdb jstack command + JDK-8215961, PR3797: jdk/jfr/event/os/TestCPUInformation.java fails on AArch64 + JDK-8216989, PR3797: CardTableBarrierSetAssembler::gen_write_ref_array_post_barrier() does not check for zero length on AARCH64 + JDK-8217368, PR3797: AArch64: C2 recursive stack locking optimisation not triggered + JDK-8221658, PR3797: aarch64: add necessary predicate for ubfx patterns + JDK-8237512, PR3797: AArch64: aarch64TestHook leaks a BufferBlob + JDK-8246482, PR3797: Build failures with +JFR -PCH + JDK-8247979, PR3797: aarch64: missing side effect of killing flags for clearArray_reg_reg + JDK-8248219, PR3797: aarch64: missing memory barrier in fast_storefield and fast_accessfield - Ignore whitespaces after the header or footer in PEM X.509 cert (bsc#1171352) Important SUSE bug 1171352 SUSE bug 1174157 SUSE bug 1177943 CVE-2020-14556 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for u-boot fixes the following issues: Fix CVE-2019-13106 (bsc#1144656), CVE-2019-13104 (bsc#1144675), CVE-2019-14192 (bsc#1143777), CVE-2019-14193 (bsc#1143817), CVE-2019-14199 (bsc#1143824), CVE-2019-14197 (bsc#1143821), CVE-2019-14200 (bsc#1143825), CVE-2019-14201 (bsc#1143827), CVE-2019-14202 (bsc#1143828), CVE-2019-14203 (bsc#1143830), CVE-2019-14204 (bsc#1143831), CVE-2019-14194 (bsc#1143818), CVE-2019-14198 (bsc#1143823), CVE-2019-14195 (bsc#1143819), CVE-2019-14196 (bsc#1143820), CVE-2019-13103 (bsc#1143463), CVE-2020-8432 (bsc#1162198), CVE-2019-11059 (bsc#1134853), CVE-2019-11690 (bsc#1134157) and CVE-2020-10648 (bsc#1167209) Important SUSE bug 1134157 SUSE bug 1134853 SUSE bug 1143463 SUSE bug 1143777 SUSE bug 1143817 SUSE bug 1143818 SUSE bug 1143819 SUSE bug 1143820 SUSE bug 1143821 SUSE bug 1143823 SUSE bug 1143824 SUSE bug 1143825 SUSE bug 1143827 SUSE bug 1143828 SUSE bug 1143830 SUSE bug 1143831 SUSE bug 1144656 SUSE bug 1144675 SUSE bug 1162198 SUSE bug 1167209 CVE-2019-11059 CVE-2019-11690 CVE-2019-13103 CVE-2019-13104 CVE-2019-13106 CVE-2019-14192 CVE-2019-14193 CVE-2019-14194 CVE-2019-14195 CVE-2019-14196 CVE-2019-14197 CVE-2019-14198 CVE-2019-14199 CVE-2019-14200 CVE-2019-14201 CVE-2019-14202 CVE-2019-14203 CVE-2019-14204 CVE-2020-10648 CVE-2020-8432 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for gcc10 fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Moderate SUSE bug 1172798 SUSE bug 1172846 SUSE bug 1173972 SUSE bug 1174753 SUSE bug 1174817 SUSE bug 1175168 CVE-2020-13844 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for ucode-intel fixes the following issues: - Intel CPU Microcode updated to 20201027 prerelease - CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446) - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) # New Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile | CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3 | CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile | CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10 | CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10 | CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile # Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5 | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3 | SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2 | ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile | AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile | CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8 | CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9 | CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile | CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile Moderate SUSE bug 1170446 SUSE bug 1173594 CVE-2020-8695 CVE-2020-8698 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for java-1_7_0-openjdk fixes the following issues: - Update to 2.6.24 - OpenJDK 7u281 (October 2020 CPU, bsc#1177943) * Security fixes + JDK-8233624: Enhance JNI linkage + JDK-8236862, CVE-2020-14779: Enhance support of Proxy class + JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts + JDK-8237995, CVE-2020-14782: Enhance certificate processing + JDK-8240124: Better VM Interning + JDK-8241114, CVE-2020-14792: Better range handling + JDK-8242680, CVE-2020-14796: Improved URI Support + JDK-8242685, CVE-2020-14797: Better Path Validation + JDK-8242695, CVE-2020-14798: Enhanced buffer support + JDK-8243302: Advanced class supports + JDK-8244136, CVE-2020-14803: Improved Buffer supports + JDK-8244479: Further constrain certificates + JDK-8244955: Additional Fix for JDK-8240124 + JDK-8245407: Enhance zoning of times + JDK-8245412: Better class definitions + JDK-8245417: Improve certificate chain handling + JDK-8248574: Improve jpeg processing + JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit + JDK-8253019: Enhanced JPEG decoding * Import of OpenJDK 7 u281 build 1 + JDK-8145096: Undefined behaviour in HotSpot + JDK-8215265: C2: range check elimination may allow illegal out of bound access * Backports + JDK-8250861, PR3812: Crash in MinINode::Ideal(PhaseGVN*, bool) Important SUSE bug 1177943 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). Important SUSE bug 1178387 CVE-2020-25692 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.4.1 ESR * Fixed: Security fix MFSA 2020-49 (bsc#1178588) * CVE-2020-26950 (bmo#1675905) Write side effects in MCallGetProperty opcode not accounted for Important SUSE bug 1178588 CVE-2020-26950 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update changes the internal packaging for postgresql, and so contains all currently maintained postgresql versions across our SUSE Linux Enterprise 12 products. * postgresql12 is shipped new in version 12.3 (bsc#1171924). The server and client packages only on SUSE Linux Enterprise Server 12 SP5, the libraries on SUSE Linux Enterprise Server 12 SP2 LTSS up to 12 SP5. + https://www.postgresql.org/about/news/2038/ + https://www.postgresql.org/docs/12/release-12-3.html * postgresql10 is updated to 10.13 (bsc#1171924). On SUSE Linux Enterprise Server 12 SP2 LTSS up to 12 SP5. + https://www.postgresql.org/about/news/2038/ + https://www.postgresql.org/docs/10/release-10-13.html * postgresql96 is updated to 9.6.18 (bsc#1171924): + https://www.postgresql.org/about/news/2038/ + https://www.postgresql.org/docs/9.6/release-9-6-18.html On SUSE Linux Enterprise Server 12-SP2 and 12-SP3 LTSS only. * postgresql 9.4 is updated to 9.4.26: + https://www.postgresql.org/about/news/2011/ + https://www.postgresql.org/docs/9.4/release-9-4-26.html + https://www.postgresql.org/about/news/1994/ + https://www.postgresql.org/docs/9.4/release-9-4-25.html Moderate SUSE bug 1171924 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for raptor fixes the following issues: - Fixed a heap overflow vulnerability (bsc#1178593, CVE-2017-18926). - Update raptor to version 2.0.15 * Made several fixes to Turtle / N-Triples family of parsers and serializers * Added utility functions for re-entrant sorting of objects and sequences. * Made other fixes and improvements including fixing reported issues: 0000574, 0000575, 0000576, 0000577, 0000579, 0000581 and 0000584. Important SUSE bug 1178593 CVE-2017-18926 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for kernel-firmware fixes the following issue: - CVE-2020-12321: Updated the Intel Bluetooth firmware for buffer overflow security bugs (bsc#1178671). Important SUSE bug 1178671 CVE-2020-12321 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for krb5 fixes the following security issue: - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512). Moderate SUSE bug 1178512 CVE-2020-28196 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for xen fixes the following issues: Security issue fixed: - CVE-2020-28368: Fixed the Intel RAPL sidechannel attack, aka PLATYPUS attack, aka XSA-351 (bsc#1178591). Non-security issue fixed: - Adjusted help for --max_iters, default is 5 (bsc#1177950). Important SUSE bug 1177950 SUSE bug 1178591 CVE-2020-28368 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for postgresql10 fixes the following issues: Upgrade to version 10.15: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/10/release-10-15.html Update to 10.14: * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers * CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure. * https://www.postgresql.org/docs/10/release-10-14.html Important SUSE bug 1175193 SUSE bug 1175194 SUSE bug 1178666 SUSE bug 1178667 SUSE bug 1178668 CVE-2020-14349 CVE-2020-14350 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for mariadb and mariadb-connector-c fixes the following issues: - Update mariadb to 10.2.36 GA [bsc#1177472, bsc#1178428] fixing for the following security vulnerabilities: CVE-2020-14812, CVE-2020-14765, CVE-2020-14776, CVE-2020-14789 CVE-2020-15180 - Update mariadb-connector-c to 3.1.11 [bsc#1177472 and bsc#1178428] Moderate SUSE bug 1172399 SUSE bug 1175596 SUSE bug 1177472 SUSE bug 1178428 CVE-2020-14765 CVE-2020-14776 CVE-2020-14789 CVE-2020-14812 CVE-2020-15180 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for ucode-intel fixes the following issues: - Updated Intel CPU Microcode to 20201118 official release. (bsc#1178971) - Removed TGL/06-8c-01/80 due to functional issues with some OEM platforms. - CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) INTEL-SA-00389 (bsc#1170446) - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) - CVE-2020-8696: Vector Register Sampling Active INTEL-SA-00381 (bsc#1173592) - Release notes: - Security updates for [INTEL-SA-00381](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html). - Security updates for [INTEL-SA-00389](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html). - Update for functional issues. Refer to [Second Generation Intel? Xeon? Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details. - Update for functional issues. Refer to [Intel? Xeon? Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details. - Update for functional issues. Refer to [Intel? Xeon? Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details. - Update for functional issues. Refer to [10th Gen Intel? Core™ Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details. - Update for functional issues. Refer to [8th and 9th Gen Intel? Core™ Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details. - Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel? Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details. - Update for functional issues. Refer to [6th Gen Intel? Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details. - Update for functional issues. Refer to [Intel? Xeon? E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details. - Update for functional issues. Refer to [Intel? Xeon? E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details. ### New Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3 | LKF | B2/B3 | 06-8a-01/10 | | 00000028 | Core w/Hybrid Technology | TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile | CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile | CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10 | CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10 | CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile ### Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3 | SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2 | APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5 | GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile | AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile | CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8 | CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9 | CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile | CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile Moderate SUSE bug 1170446 SUSE bug 1173592 SUSE bug 1173594 SUSE bug 1178971 CVE-2020-8695 CVE-2020-8696 CVE-2020-8698 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for bluez fixes the following issues: - CVE-2020-0556: Fixed improper access control which may lead to escalation of privilege and denial of service by an unauthenticated user (bsc#1166751). Important SUSE bug 1166751 CVE-2020-0556 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bug fixes. The following security bugs were fixed: - CVE-2020-25705: A flaw in the way reply ICMP packets are limited in was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software and services that rely on UDP source port randomization (like DNS) are indirectly affected as well. Kernel versions may be vulnerable to this issue (bsc#1175721, bsc#1178782). - CVE-2020-25704: Fixed a memory leak in perf_event_parse_addr_filter() (bsc#1178393). - CVE-2020-25668: Fixed a use-after-free in con_font_op() (bnc#1178123). - CVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl (bnc#1177766). - CVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in mm/hugetlb.c (bnc#1176485). - CVE-2020-0430: Fixed an OOB read in skb_headlen of /include/linux/skbuff.h (bnc#1176723). - CVE-2020-14351: Fixed a race in the perf_mmap_close() function (bsc#1177086). - CVE-2020-16120: Fixed a permissions issue in ovl_path_open() (bsc#1177470). - CVE-2020-8694: Restricted energy meter to root access (bsc#1170415). - CVE-2020-12351: Implemented a kABI workaround for bluetooth l2cap_ops filter addition (bsc#1177724). - CVE-2020-12352: Fixed an information leak when processing certain AMP packets aka 'BleedingTooth' (bsc#1177725). - CVE-2020-25212: Fixed a TOCTOU mismatch in the NFS client code (bnc#1176381). - CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177511). - CVE-2020-14381: Fixed a UAF in the fast user mutex (futex) wait operation (bsc#1176011). - CVE-2020-25643: Fixed an improper input validation in the ppp_cp_parse_cr function of the HDLC_PPP module (bnc#1177206). - CVE-2020-25641: Fixed a zero-length biovec request issued by the block subsystem could have caused the kernel to enter an infinite loop, causing a denial of service (bsc#1177121). - CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990). - CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235). - CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721). - CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725). - CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722). - CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423). - CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482). - CVE-2020-27673: Fixed an issue where rogue guests could have caused denial of service of Dom0 via high frequency events (XSA-332 bsc#1177411) - CVE-2020-27675: Fixed a race condition in event handler which may crash dom0 (XSA-331 bsc#1177410). The following non-security bugs were fixed: - btrfs: remove root usage from can_overcommit (bsc#1131277). - hv: vmbus: Add timeout to vmbus_wait_for_unload (bsc#1177816). - hyperv_fb: disable superfluous VERSION_WIN10_V5 case (bsc#1175306). - hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306). - livepatch: Add -fdump-ipa-clones to build (). Add support for -fdump-ipa-clones GCC option. Update config files accordingly. - livepatch: Test if -fdump-ipa-clones is really available As of now we add -fdump-ipa-clones unconditionally. It does not cause a trouble if the kernel is build with the supported toolchain. Otherwise it could fail easily. Do the correct thing and test for the availability. - NFS: On fatal writeback errors, we need to call nfs_inode_remove_request() (bsc#1177340). - NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139). - NFS: Revalidate the file mapping on all fatal writeback errors (bsc#1177340). - NFSv4: do not mark all open state for recovery when handling recallable state revoked flag (bsc#1176935). - obsolete_kmp: provide newer version than the obsoleted one (boo#1170232). - ocfs2: give applications more IO opportunities during fstrim (bsc#1175228). - powerpc/pseries/cpuidle: add polling idle for shared processor guests (bsc#1178765 ltc#188968). - rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules (bsc#1176869 ltc#188243). - scsi: fnic: Do not call 'scsi_done()' for unhandled commands (bsc#1168468, bsc#1171675). - scsi: qla2xxx: Do not consume srb greedily (bsc#1173233). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1173233). - video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306). - video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306). - video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306). - x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306). - xen/blkback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/events: add a new 'late EOI' evtchn framework (XSA-332 bsc#1177411). - xen/events: add a proper barrier to 2-level uevent unmasking (XSA-332 bsc#1177411). - xen/events: avoid removing an event channel while handling it (XSA-331 bsc#1177410). - xen/events: block rogue events for some time (XSA-332 bsc#1177411). - xen/events: defer eoi in case of excessive number of events (XSA-332 bsc#1177411). - xen/events: do not use chip_data for legacy IRQs (XSA-332 bsc#1065600). - xen/events: fix race in evtchn_fifo_unmask() (XSA-332 bsc#1177411). - xen/events: switch user event channels to lateeoi model (XSA-332 bsc#1177411). - xen/events: use a common cpu hotplug hook for event channels (XSA-332 bsc#1177411). - xen/netback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/pciback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/scsiback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (XSA-332 bsc#1065600). Important SUSE bug 1051510 SUSE bug 1058115 SUSE bug 1065600 SUSE bug 1131277 SUSE bug 1160947 SUSE bug 1163524 SUSE bug 1166965 SUSE bug 1168468 SUSE bug 1170139 SUSE bug 1170232 SUSE bug 1170415 SUSE bug 1171417 SUSE bug 1171675 SUSE bug 1172073 SUSE bug 1172366 SUSE bug 1173115 SUSE bug 1173233 SUSE bug 1175228 SUSE bug 1175306 SUSE bug 1175721 SUSE bug 1175882 SUSE bug 1176011 SUSE bug 1176235 SUSE bug 1176278 SUSE bug 1176381 SUSE bug 1176423 SUSE bug 1176482 SUSE bug 1176485 SUSE bug 1176698 SUSE bug 1176721 SUSE bug 1176722 SUSE bug 1176723 SUSE bug 1176725 SUSE bug 1176732 SUSE bug 1176869 SUSE bug 1176907 SUSE bug 1176922 SUSE bug 1176935 SUSE bug 1176950 SUSE bug 1176990 SUSE bug 1177027 SUSE bug 1177086 SUSE bug 1177121 SUSE bug 1177206 SUSE bug 1177340 SUSE bug 1177410 SUSE bug 1177411 SUSE bug 1177470 SUSE bug 1177511 SUSE bug 1177724 SUSE bug 1177725 SUSE bug 1177766 SUSE bug 1177816 SUSE bug 1178123 SUSE bug 1178330 SUSE bug 1178393 SUSE bug 1178669 SUSE bug 1178765 SUSE bug 1178782 SUSE bug 1178838 CVE-2020-0404 CVE-2020-0427 CVE-2020-0430 CVE-2020-0431 CVE-2020-0432 CVE-2020-12351 CVE-2020-12352 CVE-2020-14351 CVE-2020-14381 CVE-2020-14390 CVE-2020-16120 CVE-2020-25212 CVE-2020-25284 CVE-2020-25285 CVE-2020-25641 CVE-2020-25643 CVE-2020-25645 CVE-2020-25656 CVE-2020-25668 CVE-2020-25704 CVE-2020-25705 CVE-2020-26088 CVE-2020-27673 CVE-2020-27675 CVE-2020-8694 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.5.0 ESR (bsc#1178824) * CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code * CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls * CVE-2020-26953: Fullscreen could be enabled without displaying the security UI * CVE-2020-26956: XSS through paste (manual and clipboard API) * CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions * CVE-2020-26959: Use-after-free in WebRequestService * CVE-2020-26960: Potential use-after-free in uses of nsTArray * CVE-2020-15999: Heap buffer overflow in freetype * CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses * CVE-2020-26965: Software keyboards may have remembered typed passwords * CVE-2020-26966: Single-word search queries were also broadcast to local network * CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 Important SUSE bug 1178824 CVE-2020-15999 CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26966 CVE-2020-26968 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for LibVNCServer fixes the following issues: - CVE-2020-25708 [bsc#1178682], libvncserver/rfbserver.c has a divide by zero which could result in DoS Important SUSE bug 1178682 CVE-2020-25708 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for xorg-x11-server fixes the following issues: - CVE-2020-25712: Fixed a heap-based buffer overflow which could have led to privilege escalation (bsc#1177596). - CVE-2020-14360: Fixed an out of bounds memory accesses on too short request which could lead to denial of service (bsc#1174908). Important SUSE bug 1174908 SUSE bug 1177596 CVE-2020-14360 CVE-2020-25712 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for python-setuptools fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) Important SUSE bug 1176262 CVE-2019-20916 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for python3 fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) Important SUSE bug 1176262 CVE-2019-20916 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for gdm fixes the following issues: - CVE-2020-16125: Fixed a privilege escalation (bsc#1178150). Important SUSE bug 1178150 CVE-2020-16125 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for python-cryptography fixes the following issues: - CVE-2020-25659: Attempted to mitigate Bleichenbacher attacks on RSA decryption (bsc#1178168). Moderate SUSE bug 1178168 CVE-2020-25659 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for postgresql12 fixes the following issues: Upgrade to version 12.5: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. (obsoletes postgresql-timetz.patch) * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/12/release-12-5.html The previous postgresql12 update already addressed: Update to 12.4: * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers * CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure. * https://www.postgresql.org/docs/12/release-12-4.html Important SUSE bug 1175193 SUSE bug 1175194 SUSE bug 1178666 SUSE bug 1178667 SUSE bug 1178668 CVE-2020-14349 CVE-2020-14350 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for mutt fixes the following issues: - Find and display the content of messages properly. (bsc#1179461) - CVE-2020-28896: incomplete connection termination could send credentials over unencrypted connections. (bsc#1179035) - Avoid that message with a million tiny parts can freeze MUA for several minutes. (bsc#1179113) Important SUSE bug 1179035 SUSE bug 1179113 SUSE bug 1179461 CVE-2020-28896 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for xen fixes the following issues: - bsc#1178963 - VUL-0: xen: stack corruption from XSA-346 change (XSA-355) Important SUSE bug 1177409 SUSE bug 1177412 SUSE bug 1177413 SUSE bug 1177414 SUSE bug 1178591 SUSE bug 1178963 CVE-2020-27670 CVE-2020-27671 CVE-2020-27672 CVE-2020-27674 CVE-2020-28368 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for openssl-1_0_0 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). Important SUSE bug 1179491 CVE-2020-1971 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). Important SUSE bug 1179491 CVE-2020-1971 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for python fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) Important SUSE bug 1176262 CVE-2019-20916 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for openssh fixes the following issues: - CVE-2020-14145: Fixed an observable discrepancy leading to an information leak in the algorithm negotiation (bsc#1173513). - Fixed an issue where AuthorizedKeysCommand produced a lot of output (bsc#1161684). - Fixed an issue where oracle cluster with cluvfy using 'scp' failing/missinterpreted (bsc#1148566). Moderate SUSE bug 1148566 SUSE bug 1161684 SUSE bug 1173513 CVE-2020-14145 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.6.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2020-55 (bsc#1180039) * CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused uninitialized memory to be exposed * CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL * CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect sanitization * CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free * CVE-2020-26978 (bmo#1677047) Internal network hosts could have been probed by a malicious webpage * CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did not catch view-source URLs * CVE-2020-35112 (bmo#1661365) Opening an extension-less download may have inadvertently launched an executable instead * CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 Critical SUSE bug 1180039 CVE-2020-16042 CVE-2020-26971 CVE-2020-26973 CVE-2020-26974 CVE-2020-26978 CVE-2020-35111 CVE-2020-35112 CVE-2020-35113 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for xen fixes the following issues: - CVE-2020-29480: Fixed an issue which could have allowed leak of non-sensitive data to administrator guests (bsc#117949 XSA-115). - CVE-2020-29481: Fixed an issue which could have allowd to new domains to inherit existing node permissions (bsc#1179498 XSA-322). - CVE-2020-29483: Fixed an issue where guests could disturb domain cleanup (bsc#1179502 XSA-325). - CVE-2020-29484: Fixed an issue where guests could crash xenstored via watchs (bsc#1179501 XSA-324). - CVE-2020-29566: Fixed an undue recursion in x86 HVM context switch code (bsc#1179506 XSA-348). - CVE-2020-29570: Fixed an issue where FIFO event channels control block related ordering (bsc#1179514 XSA-358). - CVE-2020-29571: Fixed an issue where FIFO event channels control structure ordering (bsc#1179516 XSA-359). - CVE-2020-29130: Fixed an out-of-bounds access while processing ARP packets (bsc#1179477). - Fixed an issue where dump-core shows missing nr_pages during core (bsc#1176782). - Multiple other bugs (bsc#1027519) Moderate SUSE bug 1027519 SUSE bug 1176782 SUSE bug 1179477 SUSE bug 1179496 SUSE bug 1179498 SUSE bug 1179501 SUSE bug 1179502 SUSE bug 1179506 SUSE bug 1179514 SUSE bug 1179516 CVE-2020-29130 CVE-2020-29480 CVE-2020-29481 CVE-2020-29483 CVE-2020-29484 CVE-2020-29566 CVE-2020-29570 CVE-2020-29571 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for clamav fixes the following issues: clamav was updated to 0.103.0 to implement jsc#ECO-3010 and bsc#1118459. * clamd can now reload the signature database without blocking scanning. This multi-threaded database reload improvement was made possible thanks to a community effort. - Non-blocking database reloads are now the default behavior. Some systems that are more constrained on RAM may need to disable non-blocking reloads as it will temporarily consume two times as much memory. We added a new clamd config option ConcurrentDatabaseReload, which may be set to no. * Fix clamav-milter.service (requires clamd.service to run) * bsc#1119353, clamav-fips.patch: Fix freshclam crash in FIPS mode. * Partial sync with SLE15. Update to version 0.102.4 Accumulated security fixes: * CVE-2020-3350: Fix a vulnerability wherein a malicious user could replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (eg. a critical system file). The issue would affect users that use the --move or --remove options for clamscan, clamdscan, and clamonacc. (bsc#1174255) * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.3 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking results in an out-of-bounds read which could cause a crash. The previous fix for this CVE in 0.102.3 was incomplete. This fix correctly resolves the issue. * CVE-2020-3481: Fix a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 could cause a Denial-of-Service (DoS) condition. Improper error handling may result in a crash due to a NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive parser in versions affected by the vulnerability. (bsc#1174250) * CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read which may cause a crash. (bsc#1171981) * CVE-2020-3123: A denial-of-service (DoS) condition may occur when using the optional credit card data-loss-prevention (DLP) feature. Improper bounds checking of an unsigned variable resulted in an out-of-bounds read, which causes a crash. * CVE-2019-15961: A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation. (bsc#1157763). * CVE-2019-12900: An out of bounds write in the NSIS bzip2 (bsc#1149458) * CVE-2019-12625: Introduce a configurable time limit to mitigate zip bomb vulnerability completely. Default is 2 minutes, configurable useing the clamscan --max-scantime and for clamd using the MaxScanTime config option (bsc#1144504) Update to version 0.101.3: * ZIP bomb causes extreme CPU spikes (bsc#1144504) Update to version 0.101.2 (bsc#1118459): * Support for RAR v5 archive extraction. * Incompatible changes to the arguments of cl_scandesc, cl_scandesc_callback, and cl_scanmap_callback. * Scanning options have been converted from a single flag bit-field into a structure of multiple categorized flag bit-fields. * The CL_SCAN_HEURISTIC_ENCRYPTED scan option was replaced by 2 new scan options: CL_SCAN_HEURISTIC_ENCRYPTED_ARCHIVE, and CL_SCAN_HEURISTIC_ENCRYPTED_DOC * Incompatible clamd.conf and command line interface changes. * Heuristic Alerts' (aka 'Algorithmic Detection') options have been changed to make the names more consistent. The original options are deprecated in 0.101, and will be removed in a future feature release. * For details, see https://blog.clamav.net/2018/12/clamav-01010-has-been-released.html Important SUSE bug 1118459 SUSE bug 1119353 SUSE bug 1144504 SUSE bug 1149458 SUSE bug 1157763 SUSE bug 1171981 SUSE bug 1174250 SUSE bug 1174255 CVE-2019-12900 CVE-2019-15961 CVE-2020-3123 CVE-2020-3327 CVE-2020-3341 CVE-2020-3350 CVE-2020-3481 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for cyrus-sasl fixes the following issues: - CVE-2019-19906: Fixed an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet (bsc#1159635). Important SUSE bug 1159635 CVE-2019-19906 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for libzypp fixes the following issues: Security issue fixed: - CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763). Moderate SUSE bug 1158763 CVE-2019-18900 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for fwupdate fixes the following issues: - Add SBAT section to EFI images (bsc#1182057) Important SUSE bug 1182057 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for spamassassin fixes the following issues: - spamassassin was updated to version 3.4.5 - CVE-2019-12420: memory leak via crafted messages (bsc#1159133) - CVE-2020-1946: security update (bsc#1184221) Important SUSE bug 1159133 SUSE bug 1184221 CVE-2019-12420 CVE-2020-1946 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for glibc fixes the following issues: - CVE-2020-27618: Accept redundant shift sequences in IBM1364 (bsc#1178386) - CVE-2020-29562: Fix incorrect UCS4 inner loop bounds (bsc#1179694) - CVE-2020-29573: Harden printf against non-normal long double values (bsc#1179721) - Check vector support in memmove ifunc-selector (bsc#1184034) Important SUSE bug 1178386 SUSE bug 1179694 SUSE bug 1179721 SUSE bug 1184034 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for xorg-x11-server fixes the following issues: - CVE-2021-3472: XChangeFeedbackControl Integer Underflow Privilege Escalation (bsc#1180128) Important SUSE bug 1180128 CVE-2021-3472 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for clamav fixes the following issues: - CVE-2021-1252: Fix for Excel XLM parser infinite loop. (bsc#1184532) - CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash. (bsc#1184533) - CVE-2021-1405: Fix for mail parser NULL-dereference crash. (bsc#1184534) - Fix errors when scanning files > 4G (bsc#1181256) - Update clamav.keyring - Update to 0.103.2 Important SUSE bug 1181256 SUSE bug 1184532 SUSE bug 1184533 SUSE bug 1184534 CVE-2021-1252 CVE-2021-1404 CVE-2021-1405 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for qemu fixes the following issues: - Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385) - Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362, bsc#1172383) - Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934) - Fix use-after-free in usb ehci packet handling (CVE-2020-25084, bsc#1176673) - Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682) - Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684) - Fix guest triggerable assert in shared network handling code (CVE-2020-27617, bsc#1178174) - Fix infinite loop (DoS) in e1000e device emulation (CVE-2020-28916, bsc#1179468) - Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108) - Fix null pointer deref. (DoS) in mmio ops (CVE-2020-15469, bsc#1173612) - Fix infinite loop (DoS) in e1000 device emulation (CVE-2021-20257, bsc#1182577) - Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968) - Fix OOB access (stack overflow) in other NIC emulations (CVE-2021-3416) - Fix OOB access in SLIRP ARP/NCSI packet processing (CVE-2020-29129, bsc#1179466, CVE-2020-29130, bsc#1179467) - Fix null pointer dereference possibility (DoS) in MegaRAID SAS 8708EM2 emulation (CVE-2020-13659, bsc#1172386) - Fix OOB access in iscsi (CVE-2020-11947, bsc#1180523) - Fix OOB access in vmxnet3 emulation (CVE-2021-20203, bsc#1181639) - Fix buffer overflow in the XGMAC device (CVE-2020-15863, bsc#1174386) - Fix DoS in packet processing of various emulated NICs (CVE-2020-16092, bsc#1174641) - Fix OOB access while processing USB packets (CVE-2020-14364, bsc#1175441) - Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425) - Fix potential privilege escalation in virtfs (CVE-2021-20181, bsc#1182137) - Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361, bsc#1172384) - Fix OOB access in ROM loading (CVE-2020-13765, bsc#1172478) - Fix qemu-testsuite failure - Fix vm migration is failing with input/output error when nfs server is disconnected (bsc#1119115) - Fix OOB access in ARM interrupt handling (CVE-2021-20221, bsc#1181933) - Fix slowness in arm32 emulation (bsc#1112499) - Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385) - Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362, bsc#1172383) - Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934) - Fix use-after-free in usb ehci packet handling (CVE-2020-25084, bsc#1176673) - Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682) - Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684) - Fix guest triggerable assert in shared network handling code (CVE-2020-27617, bsc#1178174) - Fix infinite loop (DoS) in e1000e device emulation (CVE-2020-28916, bsc#1179468) - Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108) - Fix null pointer deref. (DoS) in mmio ops (CVE-2020-15469, bsc#1173612) - Fix infinite loop (DoS) in e1000 device emulation (CVE-2021-20257, bsc#1182577) - Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968) - Fix OOB access (stack overflow) in other NIC emulations (CVE-2021-3416) - Fix OOB access in SLIRP ARP/NCSI packet processing (CVE-2020-29129, bsc#1179466, CVE-2020-29130, bsc#1179467) - Fix null pointer dereference possibility (DoS) in MegaRAID SAS 8708EM2 emulation (CVE-2020-13659, bsc#1172386) - Fix OOB access in iscsi (CVE-2020-11947, bsc#1180523) - Fix OOB access in vmxnet3 emulation (CVE-2021-20203, bsc#1181639) - Fix buffer overflow in the XGMAC device (CVE-2020-15863, bsc#1174386) - Fix DoS in packet processing of various emulated NICs (CVE-2020-16092, bsc#1174641) - Fix OOB access while processing USB packets (CVE-2020-14364, bsc#1175441) - Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425) - Fix potential privilege escalation in virtfs (CVE-2021-20181, bsc#1182137) - Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361, bsc#1172384) - Fix OOB access in ROM loading (CVE-2020-13765, bsc#1172478) - Fix qemu-testsuite failure - Fix vm migration is failing with input/output error when nfs server is disconnected (bsc#1119115) - Fix OOB access in ARM interrupt handling (CVE-2021-20221, bsc#1181933) - Fix slowness in arm32 emulation (bsc#1112499) Important SUSE bug 1112499 SUSE bug 1119115 SUSE bug 1172383 SUSE bug 1172384 SUSE bug 1172385 SUSE bug 1172386 SUSE bug 1172478 SUSE bug 1173612 SUSE bug 1174386 SUSE bug 1174641 SUSE bug 1175441 SUSE bug 1176673 SUSE bug 1176682 SUSE bug 1176684 SUSE bug 1178174 SUSE bug 1178934 SUSE bug 1179466 SUSE bug 1179467 SUSE bug 1179468 SUSE bug 1180523 SUSE bug 1181108 SUSE bug 1181639 SUSE bug 1181933 SUSE bug 1182137 SUSE bug 1182425 SUSE bug 1182577 SUSE bug 1182968 CVE-2020-11947 CVE-2020-12829 CVE-2020-13361 CVE-2020-13362 CVE-2020-13659 CVE-2020-13765 CVE-2020-14364 CVE-2020-15469 CVE-2020-15863 CVE-2020-16092 CVE-2020-25084 CVE-2020-25624 CVE-2020-25625 CVE-2020-25723 CVE-2020-27617 CVE-2020-28916 CVE-2020-29129 CVE-2020-29130 CVE-2020-29443 CVE-2021-20181 CVE-2021-20203 CVE-2021-20221 CVE-2021-20257 CVE-2021-3416 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for xen fixes the following issues: - CVE-2021-27379: Fixed an issue where entries in the IOMMU were not being updated under certain circumstances due to improper backport of XSA-321 (XSA-366, bsc#1182431) - CVE-2021-20257: Fixed an infinite loop in the e1000 NIC emulator (bsc#1182846) Important SUSE bug 1178591 SUSE bug 1182431 SUSE bug 1182846 CVE-2021-20257 CVE-2021-27379 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for sudo fixes the following issues: - L3: Tenable Scan reports sudo is vulnerable to CVE-2021-3156 (bsc#1183936) Important SUSE bug 1183936 CVE-2021-3156 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.10.0 ESR (bsc#1184960) * CVE-2021-23994: Out of bound write due to lazy initialization * CVE-2021-23995: Use-after-free in Responsive Design Mode * CVE-2021-23998: Secure Lock icon could have been spoofed * CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage * CVE-2021-23999: Blob URLs may have been granted additional privileges * CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL * CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads * CVE-2021-29946: Port blocking could be bypassed Important SUSE bug 1184960 CVE-2021-23961 CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401, bsc#1183835). Important SUSE bug 1183835 SUSE bug 1184401 CVE-2021-20305 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for gdm fixes the following issues: - Avoid the signal SIGTRAP when gdm exits (bsc#1184456). Important SUSE bug 1184456 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for permissions fixes the following issues: - Update to version 20170707: * make btmp root:utmp (bsc#1050467, bsc#1182899) Important SUSE bug 1050467 SUSE bug 1182899 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for java-1_7_0-openjdk fixes the following issues: - Update to 2.6.25 - OpenJDK 7u291 (January 2021 CPU, bsc#1181239) * Security fixes + JDK-8247619: Improve Direct Buffering of Characters * Import of OpenJDK 7 u291 build 1 + JDK-8254177: (tz) Upgrade time-zone data to tzdata2020b + JDK-8254982: (tz) Upgrade time-zone data to tzdata2020c + JDK-8255226: (tz) Upgrade time-zone data to tzdata2020d Moderate SUSE bug 1181239 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for cups fixes the following issues: - CVE-2021-25317: ownership of /var/log/cups could allow privilege escalation from lp user to root via symlink attacks (bsc#1184161) Important SUSE bug 1184161 CVE-2021-25317 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for bind fixes the following issues: - CVE-2021-25214: Fixed a broken inbound incremental zone update (IXFR) which could have caused named to terminate unexpectedly (bsc#1185345). - CVE-2021-25215: Fixed an assertion check which could have failed while answering queries for DNAME records that required the DNAME to be processed to resolve itself (bsc#1185345). - MD5 warning message using host, dig, nslookup (bind-utils) on SLES 12 SP5 with FIPS enabled (bsc#1181495). Important SUSE bug 1181495 SUSE bug 1185345 CVE-2021-25214 CVE-2021-25215 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for samba fixes the following issues: - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677). - Avoid free'ing our own pointer in memcache when memcache_trim attempts to reduce cache size (bsc#1179156). - Adjust smbcacls '--propagate-inheritance' feature to align with upstream (bsc#1178469). Important SUSE bug 1178469 SUSE bug 1179156 SUSE bug 1184677 CVE-2021-20254 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for avahi fixes the following issues: - CVE-2021-3468: avoid infinite loop by handling HUP event in client_work (bsc#1184521). Important SUSE bug 1184521 CVE-2021-3468 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bnc#1184509). - CVE-2021-29650: Fixed an issue inside the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208). - CVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations (bnc#1184942). - CVE-2020-36310: Fixed an issue in arch/x86/kvm/svm/svm.c that allowed a set_memory_region_test infinite loop for certain nested page faults (bnc#1184512). - CVE-2020-27673: Fixed an issue in Xen where a guest OS users could have caused a denial of service (host OS hang) via a high rate of events to dom0 (bnc#1177411, bnc#1184583). - CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bnc#1184391). - CVE-2020-25673: Fixed NFC endless loops caused by repeated llcp_sock_connect() (bsc#1178181). - CVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect() (bsc#1178181). - CVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect() (bsc#1178181). - CVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind() (bsc#1178181). - CVE-2020-36311: Fixed an issue in arch/x86/kvm/svm/sev.c that allowed attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions) (bnc#1184511). - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a 'stall on CPU' could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211). - CVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211). - CVE-2021-30002: Fixed a memory leak issue when a webcam device exists (bnc#1184120). - CVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl() (bsc#1184393). - CVE-2021-20219: Fixed a denial of service vulnerability in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could have delayed the loop and cause a threat to the system availability (bnc#1184397). - CVE-2021-28964: Fixed a race condition in fs/btrfs/ctree.c that could have caused a denial of service because of a lack of locking on an extent buffer before a cloning operation (bnc#1184193). - CVE-2021-3444: Fixed the bpf verifier as it did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution (bnc#1184170). - CVE-2021-28971: Fixed a potential local denial of service in intel_pmu_drain_pebs_nhm where userspace applications can cause a system crash because the PEBS status in a PEBS record is mishandled (bnc#1184196). - CVE-2021-28688: Fixed XSA-365 that includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains (bnc#1183646). - CVE-2021-29265: Fixed an issue in usbip_sockfd_store in drivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status (bnc#1184167). - CVE-2021-29264: Fixed an issue in drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver that allowed attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled (bnc#1184168). - CVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c where the RPA PCI Hotplug driver had a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination (bnc#1184198). - CVE-2021-29647: Fixed an issue in kernel qrtr_recvmsg in net/qrtr/qrtr.c that allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bnc#1184192). - CVE-2020-27171: Fixed an issue in kernel/bpf/verifier.c that had an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bnc#1183686, bnc#1183775). - CVE-2020-27170: Fixed an issue in kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. This affects pointer types that do not define a ptr_limit (bnc#1183686 bnc#1183775). - CVE-2021-28660: Fixed rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing beyond the end of the ssid array (bnc#1183593). - CVE-2020-35519: Update patch reference for x25 fix (bsc#1183696). - CVE-2021-3428: Fixed ext4 integer overflow in ext4_es_cache_extent (bsc#1173485, bsc#1183509). - CVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where a possible use after free due to improper locking could have happened. This could have led to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176720). - CVE-2021-28038: Fixed an issue with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931 (bnc#1183022, bnc#1183069). - CVE-2020-27815: Fixed jfs array index bounds check in dbAdjTree (bsc#1179454). - CVE-2021-27365: Fixed an issue inside the iSCSI data structures that does not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bnc#1182715). - CVE-2021-27363: Fixed an issue with a kernel pointer leak that could have been used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables (bnc#1182716). - CVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c where an unprivileged user can craft Netlink messages (bnc#1182717). The following non-security bugs were fixed: - Revert 'rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514)' This turned out to be a bad idea: the kernel-$flavor-devel package must be usable without kernel-$flavor, e.g. at the build of a KMP. And this change brought superfluous installation of kernel-preempt when a system had kernel-syms (bsc#1185113). - Xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367). - bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775). - bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775). - coredump: fix crash when umh is disabled (bsc#1177753, bsc#1182194). - dm: fix redundant IO accounting for bios that need splitting (bsc#1183738). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - handle also the opposite type of race condition - hv: clear ring_buffer pointer during cleanup (part of ae6935ed) (bsc#1181032). - hv_netvsc: remove ndo_poll_controller (bsc#1185248). - ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922). - ibmvnic: Clear failover_pending if unable to schedule (bsc#1181960 ltc#190997). - ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140). - ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: continue fatal error reset after passive init (bsc#1171078 ltc#184239 git-fixes). - ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098 git-fixes). - ibmvnic: enhance resetting status check during module exit (bsc#1065729). - ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues (bsc#1040855 ltc#155067 git-fixes). - ibmvnic: fix a race between open and reset (bsc#1176855 ltc#187293). - ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432 git-fixes). - macros.kernel-source: Use spec_install_pre for certificate installation (boo#1182672). - post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388). - powerpc/vnic: Extend 'failover pending' window (bsc#1176855 ltc#187293). - rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063). - rpm/kernel-subpackage-build: Workaround broken bot (https://github.com/openSUSE/openSUSE-release-tools/issues/2439) - rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244) - rpm/mkspec: Use tilde instead of dot for version string with rc (bsc#1184650) - xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367). Important SUSE bug 1040855 SUSE bug 1044767 SUSE bug 1047233 SUSE bug 1065729 SUSE bug 1094840 SUSE bug 1152457 SUSE bug 1171078 SUSE bug 1173485 SUSE bug 1175873 SUSE bug 1176700 SUSE bug 1176720 SUSE bug 1176855 SUSE bug 1177411 SUSE bug 1177753 SUSE bug 1178181 SUSE bug 1179454 SUSE bug 1181032 SUSE bug 1181960 SUSE bug 1182194 SUSE bug 1182672 SUSE bug 1182715 SUSE bug 1182716 SUSE bug 1182717 SUSE bug 1183022 SUSE bug 1183063 SUSE bug 1183069 SUSE bug 1183509 SUSE bug 1183593 SUSE bug 1183646 SUSE bug 1183686 SUSE bug 1183696 SUSE bug 1183738 SUSE bug 1183775 SUSE bug 1184120 SUSE bug 1184167 SUSE bug 1184168 SUSE bug 1184170 SUSE bug 1184192 SUSE bug 1184193 SUSE bug 1184194 SUSE bug 1184196 SUSE bug 1184198 SUSE bug 1184208 SUSE bug 1184211 SUSE bug 1184388 SUSE bug 1184391 SUSE bug 1184393 SUSE bug 1184397 SUSE bug 1184509 SUSE bug 1184511 SUSE bug 1184512 SUSE bug 1184514 SUSE bug 1184583 SUSE bug 1184650 SUSE bug 1184942 SUSE bug 1185113 SUSE bug 1185244 SUSE bug 1185248 CVE-2020-0433 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-27170 CVE-2020-27171 CVE-2020-27673 CVE-2020-27815 CVE-2020-35519 CVE-2020-36310 CVE-2020-36311 CVE-2020-36312 CVE-2020-36322 CVE-2021-20219 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28660 CVE-2021-28688 CVE-2021-28950 CVE-2021-28964 CVE-2021-28971 CVE-2021-28972 CVE-2021-29154 CVE-2021-29155 CVE-2021-29264 CVE-2021-29265 CVE-2021-29647 CVE-2021-29650 CVE-2021-30002 CVE-2021-3428 CVE-2021-3444 CVE-2021-3483 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for python3 fixes the following issues: Security issues fixed: - CVE-2020-27619: where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP. (bsc#1178009) Other fixes: - Make sure to close the 'import_failed.map' file after the exception has been raised in order to avoid ResourceWarnings when the failing import is part of a try...except block Important CVE-2020-27619 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for djvulibre fixes the following issues: Security issues fixed: - CVE-2021-32491 [bsc#1185900]: Integer overflow in function render() in tools/ddjvu via crafted djvu file - CVE-2021-32492 [bsc#1185904]: Out of bounds read in function DJVU:DataPool:has_data() via crafted djvu file - CVE-2021-32493 [bsc#1185905]: Heap buffer overflow in function DJVU:GBitmap:decode() via crafted djvu file Important SUSE bug 1185900 SUSE bug 1185904 SUSE bug 1185905 CVE-2019-18804 CVE-2021-32491 CVE-2021-32492 CVE-2021-32493 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for graphviz fixes the following issues: - CVE-2020-18032: Fixed possible remote code execution via buffer overflow (bsc#1185833). Critical SUSE bug 1185833 CVE-2020-18032 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for xen fixes the following issues: Security issue fixed: - CVE-2021-28689: Fixed some x86 speculative vulnerabilities with bare (non-shim) 32-bit PV guests (XSA-370) (bsc#1185104) - Make sure xencommons is in a format as expected by fillup. (bsc#1185682) Each comment needs to be followed by an enabled key. Otherwise fillup will remove manually enabled key=value pairs, along with everything that looks like a stale comment, during next pkg update - A recent systemd update caused a regression in xenstored.service systemd now fails to track units that use systemd-notify (bsc#1183790) - Added a delay between the call to systemd-notify and the final exit of the wrapper script (bsc#1185021, bsc#1185196) Important SUSE bug 1183790 SUSE bug 1185021 SUSE bug 1185104 SUSE bug 1185196 SUSE bug 1185682 CVE-2021-28689 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for libxml2 fixes the following issues: Security issues fixed: CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). Important SUSE bug 1185408 SUSE bug 1185409 SUSE bug 1185410 SUSE bug 1185698 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3537 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for dnsmasq fixes the following issues: - bsc#1177077: Fixed DNSpooq vulnerabilities - CVE-2020-25684, CVE-2020-25685, CVE-2020-25686: Fixed multiple Cache Poisoning attacks. - CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687: Fixed multiple potential Heap-based overflows when DNSSEC is enabled. - Retry query to other servers on receipt of SERVFAIL rcode (bsc#1176076) Important SUSE bug 1176076 SUSE bug 1177077 CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for flac fixes the following issues: - CVE-2020-0499: Fixed an out-of-bounds access (bsc#1180099). Moderate SUSE bug 1180099 CVE-2020-0499 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for curl fixes the following issues: - CVE-2021-22898: TELNET stack contents disclosure (bsc#1186114) - CVE-2021-22876: The automatic referer leaks credentials (bsc#1183933) - CVE-2020-8286: Inferior OCSP verification (bsc#1179593) - CVE-2020-8285: FTP wildcard stack overflow (bsc#1179399) - CVE-2020-8284: Trusting FTP PASV responses (bsc#1179398) - CVE-2020-8231: libcurl will pick and use the wrong connection with multiple requests with libcurl's multi API and the 'CURLOPT_CONNECT_ONLY' option (bsc#1175109) - Fix: SFTP uploads result in empty uploaded files (bsc#1177976) Moderate SUSE bug 1175109 SUSE bug 1177976 SUSE bug 1179398 SUSE bug 1179399 SUSE bug 1179593 SUSE bug 1183933 SUSE bug 1186114 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2021-22876 CVE-2021-22898 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for dovecot22 fixes the following issues: - CVE-2020-24386: Fixed an issue with IMAP hibernation that allowed users to access other users' emails (bsc#1180405). Important SUSE bug 1180405 CVE-2020-24386 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for djvulibre fixes the following issues: - CVE-2021-3500: Stack overflow in function DJVU:DjVuDocument:get_djvu_file() via crafted djvu file (bsc#1186253) Important SUSE bug 1186253 CVE-2021-3500 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for dhcp fixes the following issues: - CVE-2021-25217: A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient (bsc#1186382) Important SUSE bug 1186382 CVE-2021-25217 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for libwebp fixes the following issues: - CVE-2018-25010: Fixed heap-based buffer overflow in ApplyFilter() (bsc#1185685). - CVE-2020-36330: Fixed heap-based buffer overflow in ChunkVerifyAndAssign() (bsc#1185691). - CVE-2020-36332: Fixed extreme memory allocation when reading a file (bsc#1185674). - CVE-2020-36329: Fixed use-after-free in EmitFancyRGB() (bsc#1185652). - CVE-2018-25012: Fixed heap-based buffer overflow in GetLE24() (bsc#1185690). - CVE-2018-25013: Fixed heap-based buffer overflow in ShiftBytes() (bsc#1185654). - CVE-2020-36331: Fixed heap-based buffer overflow in ChunkAssignData() (bsc#1185686). - CVE-2018-25009: Fixed heap-based buffer overflow in GetLE16() (bsc#1185673). - CVE-2018-25011: Fixed fail on multiple image chunks (bsc#1186247). Critical SUSE bug 1185652 SUSE bug 1185654 SUSE bug 1185673 SUSE bug 1185674 SUSE bug 1185685 SUSE bug 1185686 SUSE bug 1185690 SUSE bug 1185691 SUSE bug 1186247 CVE-2018-25009 CVE-2018-25010 CVE-2018-25011 CVE-2018-25012 CVE-2018-25013 CVE-2020-36329 CVE-2020-36330 CVE-2020-36331 CVE-2020-36332 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for polkit fixes the following issues: - CVE-2021-3560: Fixed a local privilege escalation using polkit_system_bus_name_get_creds_sync() (bsc#1186497). Important SUSE bug 1186497 CVE-2021-3560 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for gstreamer-plugins-bad fixes the following issues: - CVE-2021-3185: Fixed buffer overflow in gst_h264_slice_parse_dec_ref_pic_marking (bsc#1181255). Important SUSE bug 1181255 CVE-2021-3185 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.11.0 ESR (bsc#1186696) * CVE-2021-29964: Out of bounds-read when parsing a `WM_COPYDATA` message * CVE-2021-29967: Memory safety bugs fixed in Firefox Important SUSE bug 1185633 SUSE bug 1186696 CVE-2021-29951 CVE-2021-29964 CVE-2021-29967 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bounds reads and writes in kernel memory (bsc#1186484). - CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values. (bsc#1186111) - CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. (bnc#1186062) - CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local attackers to elevate their privileges. (bnc#1186060) - CVE-2021-23133: Fixed a race condition in SCTP sockets, which could lead to privilege escalation from the context of a network service or an unprivileged process. (bnc#1184675) - CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This vulnerability is related to the PROVIDE_BUFFERS operation, which allowed the MAX_RW_COUNT limit to be bypassed (bsc#1185642). - CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611). - CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances this can be abused to inject arbitrary network packets and/or exfiltrate user data (bnc#1185859). - CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed (bnc#1185859 bnc#1185862). - CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments, even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used (bnc#1185859). - CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (bnc#1185860) - CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H, where the Message Integrity Check (authenticity) of fragmented TKIP frames was not verified. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. (bnc#1185987) The following non-security bugs were fixed: - Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185724). - Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185724). - af_packet: fix the tx skb protocol in raw sockets with ETH_P_ALL (bsc#1176081). - ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938 ltc#192043). - ibmvfc: Handle move login failure (bsc#1185938 ltc#192043). - ibmvfc: Reinit target retries (bsc#1185938 ltc#192043). - kABI: Fix kABI after modifying struct __call_single_data (bsc#1180846). - kabi: preserve struct header_ops after bsc#1176081 fix (bsc#1176081). - kernel/smp: Provide CSD lock timeout diagnostics (bsc#1180846). - kernel/smp: add boot parameter for controlling CSD lock debugging (bsc#1180846). - kernel/smp: add more data to CSD lock debugging (bsc#1180846). - kernel/smp: make csdlock timeout depend on boot parameter (bsc#1180846). - kernel/smp: prepare more CSD lock debugging (bsc#1180846). - md/raid1: properly indicate failure when ending a failed write request (bsc#1185680). - net/ethernet: Add parse_protocol header_ops support (bsc#1176081). - net/mlx5e: Remove the wrong assumption about transport offset (bsc#1176081). - net/mlx5e: Trust kernel regarding transport offset (bsc#1176081). - net/packet: Ask driver for protocol if not provided by user (bsc#1176081). - net/packet: Remove redundant skb->protocol set (bsc#1176081). - net: Do not set transport offset to invalid value (bsc#1176081). - net: Introduce parse_protocol header_ops callback (bsc#1176081). - netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947 bsc#1185950). - netfilter: conntrack: avoid misleading 'invalid' in log message (bsc#1183947 bsc#1185950). - netfilter: conntrack: improve RST handling when tuple is re-used (bsc#1183947 bsc#1185950). - netfilter: conntrack: tcp: only close if RST matches exact sequence (bsc#1183947 bsc#1185950). - s390/entry: save the caller of psw_idle (bsc#1185677). - smp: Add source and destination CPUs to __call_single_data (bsc#1180846). - video: hyperv_fb: Add ratelimit on error message (bsc#1185724). Important SUSE bug 1176081 SUSE bug 1180846 SUSE bug 1183947 SUSE bug 1184611 SUSE bug 1184675 SUSE bug 1185642 SUSE bug 1185677 SUSE bug 1185680 SUSE bug 1185724 SUSE bug 1185859 SUSE bug 1185860 SUSE bug 1185862 SUSE bug 1185863 SUSE bug 1185898 SUSE bug 1185899 SUSE bug 1185901 SUSE bug 1185938 SUSE bug 1185950 SUSE bug 1185987 SUSE bug 1186060 SUSE bug 1186061 SUSE bug 1186062 SUSE bug 1186111 SUSE bug 1186285 SUSE bug 1186390 SUSE bug 1186484 SUSE bug 1186498 CVE-2020-24586 CVE-2020-24587 CVE-2020-26139 CVE-2020-26141 CVE-2020-26145 CVE-2020-26147 CVE-2021-23133 CVE-2021-23134 CVE-2021-32399 CVE-2021-33034 CVE-2021-33200 CVE-2021-3491 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for libX11 fixes the following issues: - Regression in the fix for CVE-2021-31535, causing segfaults for xforms applications like fdesign (bsc#1186643) Important SUSE bug 1186643 CVE-2021-31535 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 4 Fix Pack 75 [bsc#1180063, bsc#1177943] CVE-2020-14792 CVE-2020-14797 CVE-2020-14782 CVE-2020-14781 CVE-2020-14779 CVE-2020-14798 CVE-2020-14796 CVE-2020-14803 * Class Libraries: - Z/OS specific C function send_file is changing the file pointer position * Security: - Add the new oracle signer certificate - Certificate parsing error - JVM memory growth can be caused by the IBMPKCS11IMPL crypto provider - Remove check for websphere signed jars - sessionid.hashcode generates too many collisions - The Java 8 IBM certpath provider does not honor the user specified system property for CLR connect timeout Moderate SUSE bug 1177943 SUSE bug 1180063 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for apache2-mod_auth_openidc fixes the following issues: - CVE-2021-20718: Fixed possible remote denial-of-service (DoS) via unspecified vectors (bsc#1186291). Important SUSE bug 1186291 CVE-2021-20718 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for spice fixes the following issues: - CVE-2021-20201: client initiated renegotiation causing denial of service (bsc#1181686) Important SUSE bug 1181686 CVE-2021-20201 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20210608 release. - CVE-2020-24513: A domain bypass transient execution vulnerability was discovered on some Intel Atom processors that use a micro-architectural incident channel. (INTEL-SA-00465 bsc#1179833) See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html - CVE-2020-24511: The IBRS feature to mitigate Spectre variant 2 transient execution side channel vulnerabilities may not fully prevent non-root (guest) branches from controlling the branch predictions of the root (host) (INTEL-SA-00464 bsc#1179836) See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html) - CVE-2020-24512: Fixed trivial data value cache-lines such as all-zero value cache-lines may lead to changes in cache-allocation or write-back behavior for such cache-lines (bsc#1179837 INTEL-SA-00464) See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html) - CVE-2020-24489: Fixed Intel VT-d device pass through potential local privilege escalation (INTEL-SA-00442 bsc#1179839) See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html Other fixes: - Update for functional issues. Refer to [Third Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780)for details. - Update for functional issues. Refer to [Second Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details. - Update for functional issues. Refer to [Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details. - Update for functional issues. Refer to [Intel Xeon Processor D-1500, D-1500 NS and D-1600 NS Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-d-1500-specification-update.html) for details. - Update for functional issues. Refer to [Intel Xeon E7-8800 and E7-4800 v3 Processor Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e7-v3-spec-update.html) for details. - Update for functional issues. Refer to [Intel Xeon Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details. - Update for functional issues. Refer to [10th Gen Intel Core Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details. - Update for functional issues. Refer to [8th and 9th Gen Intel Core Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details. - Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details. - Update for functional issues. Refer to [6th Gen Intel Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details. - Update for functional issues. Refer to [Intel Xeon E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details. - Update for functional issues. Refer to [Intel Xeon E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details. - New platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | CLX-SP | A0 | 06-55-05/b7 | | 03000010 | Xeon Scalable Gen2 | ICX-SP | C0 | 06-6a-05/87 | | 0c0002f0 | Xeon Scalable Gen3 | ICX-SP | D0 | 06-6a-06/87 | | 0d0002a0 | Xeon Scalable Gen3 | SNR | B0 | 06-86-04/01 | | 0b00000f | Atom P59xxB | SNR | B1 | 06-86-05/01 | | 0b00000f | Atom P59xxB | TGL | B1 | 06-8c-01/80 | | 00000088 | Core Gen11 Mobile | TGL-R | C0 | 06-8c-02/c2 | | 00000016 | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | | 0000002c | Core Gen11 Mobile | EHL | B1 | 06-96-01/01 | | 00000011 | Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E | JSL | A0/A1 | 06-9c-00/01 | | 0000001d | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105 | RKL-S | B0 | 06-a7-01/02 | | 00000040 | Core Gen11 - Updated platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000044 | 00000046 | Core Gen4 X series; Xeon E5 v3 | HSX-EX | E0 | 06-3f-04/80 | 00000016 | 00000019 | Xeon E7 v3 | SKL-U/Y | D0 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile | SKL-U23e | K1 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile | BDX-ML | B0/M0/R0 | 06-4f-01/ef | 0b000038 | 0b00003e | Xeon E5/E7 v4; Core i7-69xx/68xx | SKX-SP | B1 | 06-55-03/97 | 01000159 | 0100015b | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04003006 | 04003102 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003006 | 05003102 | Xeon Scalable Gen2 | CPX-SP | A1 | 06-55-0b/bf | 0700001e | 07002302 | Xeon Scalable Gen3 | BDX-DE | V2/V3 | 06-56-03/10 | 07000019 | 0700001b | Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 | BDX-DE | Y0 | 06-56-04/10 | 0f000017 | 0f000019 | Xeon D-1557/59/67/71/77/81/87 | BDX-NS | A0 | 06-56-05/10 | 0e00000f | 0e000012 | Xeon D-1513N/23/33/43/53 | APL | D0 | 06-5c-09/03 | 00000040 | 00000044 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | APL | E0 | 06-5c-0a/03 | 0000001e | 00000020 | Atom x5-E39xx | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000e2 | 000000ea | Core Gen6; Xeon E3 v5 | DNV | B0 | 06-5f-01/01 | 0000002e | 00000034 | Atom C Series | GLK | B0 | 06-7a-01/01 | 00000034 | 00000036 | Pentium Silver N/J5xxx, Celeron N/J4xxx | GKL-R | R0 | 06-7a-08/01 | 00000018 | 0000001a | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 000000a0 | 000000a6 | Core Gen10 Mobile | LKF | B2/B3 | 06-8a-01/10 | 00000028 | 0000002a | Core w/Hybrid Technology | AML-Y22 | H0 | 06-8e-09/10 | 000000de | 000000ea | Core Gen8 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000de | 000000ea | Core Gen7 Mobile | CFL-U43e | D0 | 06-8e-0a/c0 | 000000e0 | 000000ea | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000de | 000000ea | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen8 Mobile | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000de | 000000ea | Core Gen7; Xeon E3 v6 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000de | 000000ea | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000de | 000000ea | Core Gen8 | CFL-H/S | P0 | 06-9e-0c/22 | 000000de | 000000ea | Core Gen9 | CFL-H | R0 | 06-9e-0d/22 | 000000de | 000000ea | Core Gen9 Mobile | CML-H | R1 | 06-a5-02/20 | 000000e0 | 000000ea | Core Gen10 Mobile | CML-S62 | G1 | 06-a5-03/22 | 000000e0 | 000000ea | Core Gen10 | CML-S102 | Q0 | 06-a5-05/22 | 000000e0 | 000000ec | Core Gen10 | CML-U62 | A0 | 06-a6-00/80 | 000000e0 | 000000e8 | Core Gen10 Mobile | CML-U62 V2 | K0 | 06-a6-01/80 | 000000e0 | 000000ea | Core Gen10 Mobile Important SUSE bug 1179833 SUSE bug 1179836 SUSE bug 1179837 SUSE bug 1179839 CVE-2020-24489 CVE-2020-24511 CVE-2020-24512 CVE-2020-24513 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for caribou fixes the following issues: Security issue fixed: - CVE-2021-3567: Fixed a segfault when attempting to use shifted characters (bsc#1186617). Important SUSE bug 1186617 CVE-2021-3567 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for qemu fixes the following issues: - Fix OOB access during mmio operations (CVE-2020-13754, bsc#1172382) - Fix out-of-bounds read information disclosure in icmp6_send_echoreply (CVE-2020-10756, bsc#1172380) - For the record, these issues are fixed in this package already. Most are alternate references to previously mentioned issues: (CVE-2019-15890, bsc#1149813, CVE-2020-8608, bsc#1163019, CVE-2020-14364, bsc#1175534, CVE-2020-25707, bsc#1178683, CVE-2020-25723, bsc#1178935, CVE-2020-29130, bsc#1179477, CVE-2020-29129, bsc#1179484, CVE-2021-20257, bsc#1182846, CVE-2021-3419, bsc#1182975) Important SUSE bug 1149813 SUSE bug 1163019 SUSE bug 1172380 SUSE bug 1172382 SUSE bug 1175534 SUSE bug 1178683 SUSE bug 1178935 SUSE bug 1179477 SUSE bug 1179484 SUSE bug 1182846 SUSE bug 1182975 CVE-2019-15890 CVE-2020-10756 CVE-2020-13754 CVE-2020-14364 CVE-2020-25707 CVE-2020-25723 CVE-2020-29129 CVE-2020-29130 CVE-2020-8608 CVE-2021-20257 CVE-2021-3419 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for freeradius-server fixes the following issues: - Do not log passwords in logfiles (bsc#1184016) Moderate SUSE bug 1184016 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for java-1_8_0-openjdk fixes the following issues: - Update to version jdk8u292 (icedtea 3.19.0). - CVE-2021-2161: Fixed incomplete enforcement of JAR signing disabled algorithms (bsc#1185055). Moderate SUSE bug 1185055 CVE-2021-2163 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for ImageMagick fixes the following issues: - CVE-2020-19667: Fixed a stack buffer overflow in XPM coder could result in a crash (bsc#1179103). - CVE-2020-25664: Fixed a heap-based buffer overflow in PopShortPixel (bsc#1179202). - CVE-2020-25665: Fixed a heap-based buffer overflow in WritePALMImage (bsc#1179208). - CVE-2020-25666: Fixed an outside the range of representable values of type 'int' and signed integer overflow (bsc#1179212). - CVE-2020-25674: Fixed a heap-based buffer overflow in WriteOnePNGImage (bsc#1179223). - CVE-2020-25675: Fixed an outside the range of representable values of type 'long' and integer overflow (bsc#1179240). - CVE-2020-25676: Fixed an outside the range of representable values of type 'long' and integer overflow at MagickCore/pixel.c (bsc#1179244). - CVE-2020-27750: Fixed an division by zero in MagickCore/colorspace-private.h (bsc#1179260). - CVE-2020-27751: Fixed an integer overflow in MagickCore/quantum-export.c (bsc#1179269). - CVE-2020-27752: Fixed a heap-based buffer overflow in PopShortPixel in MagickCore/quantum-private.h (bsc#1179346). - CVE-2020-27753: Fixed memory leaks in AcquireMagickMemory function (bsc#1179397). - CVE-2020-27754: Fixed an outside the range of representable values of type 'long' and signed integer overflow at MagickCore/quantize.c (bsc#1179336). - CVE-2020-27755: Fixed memory leaks in ResizeMagickMemory function in ImageMagick/MagickCore/memory.c (bsc#1179345). - CVE-2020-27757: Fixed an outside the range of representable values of type 'unsigned long long' at MagickCore/quantum-private.h (bsc#1179268). - CVE-2020-27759: Fixed an outside the range of representable values of type 'int' at MagickCore/quantize.c (bsc#1179313). - CVE-2020-27760: Fixed a division by zero at MagickCore/enhance.c (bsc#1179281). - CVE-2020-27761: Fixed an outside the range of representable values of type 'unsigned long' at coders/palm.c (bsc#1179315). - CVE-2020-27762: Fixed an outside the range of representable values of type 'unsigned char' (bsc#1179278). - CVE-2020-27763: Fixed a division by zero at MagickCore/resize.c (bsc#1179312). - CVE-2020-27764: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179317). - CVE-2020-27765: Fixed a division by zero at MagickCore/segment.c (bsc#1179311). - CVE-2020-27766: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179361). - CVE-2020-27767: Fixed an outside the range of representable values of type 'float' at MagickCore/quantum.h (bsc#1179322). - CVE-2020-27768: Fixed an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h (bsc#1179339). - CVE-2020-27769: Fixed an outside the range of representable values of type 'float' at MagickCore/quantize.c (bsc#1179321). - CVE-2020-27770: Fixed an unsigned offset overflowed at MagickCore/string.c (bsc#1179343). - CVE-2020-27771: Fixed an outside the range of representable values of type 'unsigned char' at coders/pdf.c (bsc#1179327). - CVE-2020-27772: Fixed an outside the range of representable values of type 'unsigned int' at coders/bmp.c (bsc#1179347). - CVE-2020-27773: Fixed a division by zero at MagickCore/gem-private.h (bsc#1179285). - CVE-2020-27774: Fixed an integer overflow at MagickCore/statistic.c (bsc#1179333). - CVE-2020-27775: Fixed an outside the range of representable values of type 'unsigned char' at MagickCore/quantum.h (bsc#1179338). - CVE-2020-27776: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179362). Important SUSE bug 1179103 SUSE bug 1179202 SUSE bug 1179208 SUSE bug 1179212 SUSE bug 1179223 SUSE bug 1179240 SUSE bug 1179244 SUSE bug 1179260 SUSE bug 1179268 SUSE bug 1179269 SUSE bug 1179278 SUSE bug 1179281 SUSE bug 1179285 SUSE bug 1179311 SUSE bug 1179312 SUSE bug 1179313 SUSE bug 1179315 SUSE bug 1179317 SUSE bug 1179321 SUSE bug 1179322 SUSE bug 1179327 SUSE bug 1179333 SUSE bug 1179336 SUSE bug 1179338 SUSE bug 1179339 SUSE bug 1179343 SUSE bug 1179345 SUSE bug 1179346 SUSE bug 1179347 SUSE bug 1179361 SUSE bug 1179362 SUSE bug 1179397 CVE-2020-19667 CVE-2020-25664 CVE-2020-25665 CVE-2020-25666 CVE-2020-25674 CVE-2020-25675 CVE-2020-25676 CVE-2020-27750 CVE-2020-27751 CVE-2020-27752 CVE-2020-27753 CVE-2020-27754 CVE-2020-27755 CVE-2020-27757 CVE-2020-27759 CVE-2020-27760 CVE-2020-27761 CVE-2020-27762 CVE-2020-27763 CVE-2020-27764 CVE-2020-27765 CVE-2020-27766 CVE-2020-27767 CVE-2020-27768 CVE-2020-27769 CVE-2020-27770 CVE-2020-27771 CVE-2020-27772 CVE-2020-27773 CVE-2020-27774 CVE-2020-27775 CVE-2020-27776 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for webkit2gtk3 fixes the following issues: - Update to version 2.32.1: + Improve handling of Media Capture devices. + Improve WebAudio playback. + Improve video orientation handling. + Improve seeking support for MSE playback. + Improve flush support in EME decryptors. + Fix HTTP status codes for requests done through a custom URI handler. + Fix the Bubblewrap sandbox in certain 32-bit systems. + Fix inconsistencies between the WebKitWebView.is-muted property state and values returned by webkit_web_view_is_playing_audio(). + Fix the build with ENABLE_VIDEO=OFF. + Fix wrong timestamps for long-lived cookies. + Fix UI process crash when failing to load favicons. + Fix several crashes and rendering issues. - Including Security fixes for: CVE-2021-1788, CVE-2021-1844, CVE-2021-1871, CVE-2020-27918, CVE-2020-29623, CVE-2021-1765, CVE-2021-1789, CVE-2021-1799, CVE-2021-1801, CVE-2021-1870, CVE-2020-13558, CVE-2020-13584, CVE-2020-9983, CVE-2020-13543, CVE-2020-9947, CVE-2020-9948, CVE-2020-9951. Important SUSE bug 1177087 SUSE bug 1179122 SUSE bug 1179451 SUSE bug 1182286 SUSE bug 1184155 SUSE bug 1184262 CVE-2020-13543 CVE-2020-13558 CVE-2020-13584 CVE-2020-27918 CVE-2020-29623 CVE-2020-9947 CVE-2020-9948 CVE-2020-9951 CVE-2020-9983 CVE-2021-1765 CVE-2021-1788 CVE-2021-1789 CVE-2021-1799 CVE-2021-1801 CVE-2021-1844 CVE-2021-1870 CVE-2021-1871 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for apache2 fixes the following issues: - fixed CVE-2021-30641 [bsc#1187174]: MergeSlashes regression - fixed CVE-2021-31618 [bsc#1186924]: NULL pointer dereference on specially crafted HTTP/2 request - fixed CVE-2020-35452 [bsc#1186922]: Single zero byte stack overflow in mod_auth_digest - fixed CVE-2021-26690 [bsc#1186923]: mod_session NULL pointer dereference in parser - fixed CVE-2021-26691 [bsc#1187017]: Heap overflow in mod_session Important SUSE bug 1186922 SUSE bug 1186923 SUSE bug 1186924 SUSE bug 1187017 SUSE bug 1187174 CVE-2020-35452 CVE-2021-26690 CVE-2021-26691 CVE-2021-30641 CVE-2021-31618 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for xterm fixes the following issues: - CVE-2021-27135: Fixed buffer-overflow when clicking on selected utf8 text. (bsc#1182091) Important SUSE bug 1182091 CVE-2021-27135 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for libnettle fixes the following issues: - CVE-2021-3580: Fixed a remote denial of service in the RSA decryption via manipulated ciphertext (bsc#1187060). Important SUSE bug 1187060 CVE-2021-3580 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for ovmf fixes the following issues: - Fixed a possible buffer overflow in IScsiDxe (bsc#1186151) Important SUSE bug 1186151 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212). Important SUSE bug 1187212 CVE-2021-33560 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for openexr fixes the following issues: - Fixed CVE-2021-3479 [bsc#1184354]: Out-of-memory caused by allocation of a very large buffer - Fixed CVE-2021-3605 [bsc#1187395]: Heap buffer overflow in the rleUncompress function - Fixed CVE-2021-3598 [bsc#1187310]: Heap buffer overflow in Imf_3_1:CharPtrIO:readChars Important SUSE bug 1184354 SUSE bug 1187310 SUSE bug 1187395 CVE-2021-3479 CVE-2021-3598 CVE-2021-3605 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for postgresql, postgresql12, postgresql13 fixes the following issues: Initial packaging of PostgreSQL 13: * https://www.postgresql.org/about/news/2077/ * https://www.postgresql.org/docs/13/release-13.html Changes in postgresql: - Bump postgresql major version to 13. Changes in postgresql12: - %ghost the symlinks to pg_config and ecpg. (bsc#1178961) - BuildRequire libpq5 and libecpg6 when not building them to avoid dangling symlinks in the devel package. (bsc#1179765) - Fix a DST problem in the test suite. Changes in postgresql13: - Add postgresql-icu68.patch: fix build with ICU 68 - %ghost the symlinks to pg_config and ecpg. (bsc#1178961) - BuildRequire libpq5 and libecpg6 when not building them to avoid dangling symlinks in the devel package. (bsc#1179765) Upgrade to version 13.1: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. (obsoletes postgresql-timetz.patch) * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/13/release-13-1.html - Fix a DST problem in the test suite. Important SUSE bug 1178666 SUSE bug 1178667 SUSE bug 1178668 SUSE bug 1178961 SUSE bug 1179765 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for arpwatch fixes the following issues: - CVE-2021-25321: Fixed local privilege escalation from runtime user to root (bsc#1186240). Important SUSE bug 1186240 CVE-2021-25321 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for libsolv fixes the following issues: Security issues fixed: - CVE-2019-20387: Fixed heap-buffer-overflow in repodata_schema2id (bsc#1161510) - CVE-2021-3200: testcase_read: error out if repos are added or the system is changed too late (bsc#1186229) Other issues fixed: - backport support for blacklisted packages to support ptf packages and retracted patches - fix ruleinfo of complex dependencies returning the wrong origin - fix SOLVER_FLAG_FOCUS_BEST updateing packages without reason - fix add_complex_recommends() selecting conflicted packages in rare cases - fix potential segfault in resolve_jobrules - fix solv_zchunk decoding error if large chunks are used Important SUSE bug 1161510 SUSE bug 1186229 CVE-2019-20387 CVE-2021-3200 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for sudo fixes the following issues: - A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges [bsc#1181090,CVE-2021-3156] - It was possible for a user to test for the existence of a directory due to a Race Condition in `sudoedit` [bsc#1180684,CVE-2021-23239] - A Possible Symlink Attack vector existed in `sudoedit` if SELinux was running in permissive mode [bsc#1180685, CVE-2021-23240] - It was possible for a User to enable Debug Settings not Intended for them [bsc#1180687] Important SUSE bug 1180684 SUSE bug 1180685 SUSE bug 1180687 SUSE bug 1181090 CVE-2021-23239 CVE-2021-23240 CVE-2021-3156 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.12.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-29 (bsc#1188275) * CVE-2021-29970: Use-after-free in accessibility features of a document * CVE-2021-30547: Out of bounds write in ANGLE * CVE-2021-29976: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 Important SUSE bug 1188275 CVE-2021-29970 CVE-2021-29976 CVE-2021-30547 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.7.0 ESR (MFSA 2021-04, bsc#1181414) * CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests * CVE-2021-23954: Fixed a type confusion when using logical assignment operators in JavaScript switch statements * CVE-2020-26976: Fixed an issue where HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2021-23960: Fixed a use-after-poison for incorrectly redeclared JavaScript variables during GC * CVE-2021-23964: Fixed Memory safety bugs Important SUSE bug 1181414 CVE-2020-26976 CVE-2021-23953 CVE-2021-23954 CVE-2021-23960 CVE-2021-23964 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-22555: A heap out-of-bounds write was discovered in net/netfilter/x_tables.c (bnc#1188116). - CVE-2021-33909: Extremely large seq buffer allocations in seq_file could lead to buffer underruns and code execution (bsc#1188062). - CVE-2021-3609: A use-after-free in can/bcm could have led to privilege escalation (bsc#1187215). - CVE-2021-33624: In kernel/bpf/verifier.c a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db (bnc#1187554). - CVE-2021-0605: In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation (bnc#1187601). - CVE-2021-0512: In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1187595). - CVE-2020-26558: Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time (bnc#1179610 bnc#1186463). - CVE-2021-34693: net/can/bcm.c allowed local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized (bnc#1187452). - CVE-2020-36385: An issue was discovered in drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c (bnc#1187050). - CVE-2021-0129: Improper access control in BlueZ may have allowed an authenticated user to potentially enable information disclosure via adjacent access (bnc#1186463). - CVE-2020-36386: An issue was discovered net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf (bnc#1187038). - CVE-2020-24588: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets (bnc#1185861). - CVE-2021-33200: kernel/bpf/verifier.c enforced incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit (bnc#1186484). The following non-security bugs were fixed: - block: do not use blocking queue entered for recursive bio (bsc#1104967). - s390/stack: fix possible register corruption with stack switch helper (git-fixes). - scsi: scsi_dh_alua: Retry RTPG on a different path after failure (bsc#1174978 bsc#1185701). Important SUSE bug 1104967 SUSE bug 1174978 SUSE bug 1179610 SUSE bug 1185701 SUSE bug 1185861 SUSE bug 1186463 SUSE bug 1186484 SUSE bug 1187038 SUSE bug 1187050 SUSE bug 1187215 SUSE bug 1187452 SUSE bug 1187554 SUSE bug 1187595 SUSE bug 1187601 SUSE bug 1187934 SUSE bug 1188062 SUSE bug 1188116 CVE-2020-24588 CVE-2020-26558 CVE-2020-36385 CVE-2020-36386 CVE-2021-0129 CVE-2021-0512 CVE-2021-0605 CVE-2021-22555 CVE-2021-33200 CVE-2021-33624 CVE-2021-33909 CVE-2021-34693 CVE-2021-3609 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for systemd fixes the following issues: Security issues fixed: - CVE-2021-33910: Fixed a denial of service (stack exhaustion) in systemd (PID 1) (bsc#1188063) Other fixes: - mount-util: shorten the loop a bit (#7545) - mount-util: do not use the official MAX_HANDLE_SZ (#7523) - mount-util: tape over name_to_handle_at() flakiness (#7517) (bsc#1184761) - mount-util: fix bad indenting - mount-util: EOVERFLOW might have other causes than buffer size issues - mount-util: fix error propagation in fd_fdinfo_mnt_id() - mount-util: drop exponential buffer growing in name_to_handle_at_loop() - udev: port udev_has_devtmpfs() to use path_get_mnt_id() - mount-util: add new path_get_mnt_id() call that queries the mnt ID of a path - mount-util: add name_to_handle_at_loop() wrapper around name_to_handle_at() - mount-util: accept that name_to_handle_at() might fail with EPERM (#5499) - basic: fallback to the fstat if we don't have access to the /proc/self/fdinfo - sysusers: use the usual comment style - test/TEST-21-SYSUSERS: add tests for new functionality - sysusers: allow admin/runtime overrides to command-line config - basic/strv: add function to insert items at position - sysusers: allow the shell to be specified - sysusers: move various user credential validity checks to src/basic/ - man: reformat table in sysusers.d(5) - sysusers: take configuration as positional arguments - sysusers: emit a bit more info at debug level when locking fails - sysusers: allow force reusing existing user/group IDs (#8037) - sysusers: ensure GID in uid:gid syntax exists - sysusers: make ADD_GROUP always create a group - test: add TEST-21-SYSUSERS test - sysuser: use OrderedHashmap - sysusers: allow uid:gid in sysusers.conf files - sysusers: fix memleak (#4430) - These commits implement the option '--replace' for systemd-sysusers so %sysusers_create_package can be introduced in SLE and packages can rely on this rpm macro without wondering whether the macro is available on the different target the package is submitted to. - Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807) - systemctl: add --value option - execute: make sure to call into PAM after initializing resource limits (bsc#1184967) - rlimit-util: introduce setrlimit_closest_all() - system-conf: drop reference to ShutdownWatchdogUsec= - core: rename ShutdownWatchdogSec to RebootWatchdogSec (bsc#1185331) - Return -EAGAIN instead of -EALREADY from unit_reload (bsc#1185046) - rules: don't ignore Xen virtual interfaces anymore (bsc#1178561) - write_net_rules: set execute bits (bsc#1178561) - udev: rework network device renaming - Revert 'Revert 'udev: network device renaming - immediately give up if the target name isn't available'' Important SUSE bug 1178561 SUSE bug 1184761 SUSE bug 1184967 SUSE bug 1185046 SUSE bug 1185331 SUSE bug 1185807 SUSE bug 1188063 CVE-2021-33910 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) Moderate SUSE bug 1188217 SUSE bug 1188218 SUSE bug 1188219 SUSE bug 1188220 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for linuxptp fixes the following issues: - CVE-2021-3570: Validate the messageLength field of incoming messages. (bsc#1187646) Important SUSE bug 1187646 CVE-2021-3570 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for qemu fixes the following issues: Security issues fixed: - CVE-2021-3595: Fixed slirp: invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366) - CVE-2021-3592: Fix for slirp: invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364) - CVE-2021-3594: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367) - CVE-2021-3593: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365) - CVE-2021-3611: Fix intel-hda segmentation fault due to stack overflow (bsc#1187529) Important SUSE bug 1187364 SUSE bug 1187365 SUSE bug 1187366 SUSE bug 1187367 SUSE bug 1187529 CVE-2021-3592 CVE-2021-3593 CVE-2021-3594 CVE-2021-3595 CVE-2021-3611 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for dbus-1 fixes the following issues: - CVE-2020-35512: Fixed a bug where users with the same numeric UID could lead to use-after-free and undefined behaviour. (bsc#1187105) - CVE-2020-12049: Fixed a bug where a truncated messages lead to resource exhaustion. (bsc#1172505) Important SUSE bug 1172505 SUSE bug 1187105 CVE-2020-12049 CVE-2020-35512 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for webkit2gtk3 fixes the following issues: Update to version 2.32.3: - CVE-2021-21775: Fixed a use-after-free vulnerability in the way certain events are processed for ImageLoader objects. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (bsc#1188697) - CVE-2021-21779: Fixed a use-after-free vulnerability in the way that WebKit GraphicsContext handles certain events. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (bsc#1188697) - CVE-2021-30663: An integer overflow was addressed with improved input validation. (bsc#1188697) - CVE-2021-30665: A memory corruption issue was addressed with improved state management. (bsc#1188697) - CVE-2021-30689: A logic issue was addressed with improved state management. (bsc#1188697) - CVE-2021-30720: A logic issue was addressed with improved restrictions. (bsc#1188697) - CVE-2021-30734: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697) - CVE-2021-30744: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. (bsc#1188697) - CVE-2021-30749: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697) - CVE-2021-30758: A type confusion issue was addressed with improved state handling. (bsc#1188697) - CVE-2021-30795: A use after free issue was addressed with improved memory management. (bsc#1188697) - CVE-2021-30797: This issue was addressed with improved checks. (bsc#1188697) - CVE-2021-30799: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697) Important SUSE bug 1188697 CVE-2021-21775 CVE-2021-21779 CVE-2021-30663 CVE-2021-30665 CVE-2021-30689 CVE-2021-30720 CVE-2021-30734 CVE-2021-30744 CVE-2021-30749 CVE-2021-30758 CVE-2021-30795 CVE-2021-30797 CVE-2021-30799 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for libsndfile fixes the following issues: - CVE-2018-13139: Fixed a stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. (bsc#1100167) - CVE-2018-19432: Fixed a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service. (bsc#1116993) - CVE-2021-3246: Fixed a heap buffer overflow vulnerability in msadpcm_decode_block. (bsc#1188540) - CVE-2018-19758: Fixed a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. (bsc#1117954) Critical SUSE bug 1100167 SUSE bug 1116993 SUSE bug 1117954 SUSE bug 1188540 CVE-2018-13139 CVE-2018-19432 CVE-2018-19758 CVE-2021-3246 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for djvulibre fixes the following issues: - CVE-2021-3630: out-of-bounds write in DJVU:DjVuTXT:decode() in DjVuText.cpp (bsc#1187869) Important SUSE bug 1187869 CVE-2021-3630 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for mariadb fixes the following issues: - Update to 10.2.39 (bsc#1182739) - CVE-2021-2166: DML unspecified vulnerability lead to complete DOS. (bsc#1185870) - CVE-2021-2154: DML unspecified vulnerability can lead to complete DOS. (bsc#1185872) - CVE-2021-2180: InnoDB unspecified vulnerability lead to complete DOS. (bsc#1185868) - CVE-2021-27928: Fixed a remote code execution issue. (bsc#1183770) Important SUSE bug 1182739 SUSE bug 1183770 SUSE bug 1185868 SUSE bug 1185870 SUSE bug 1185872 SUSE bug 1188300 CVE-2021-2154 CVE-2021-2166 CVE-2021-2180 CVE-2021-27928 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) Important SUSE bug 1189206 CVE-2021-38185 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for libcares2 fixes the following issues: - CVE-2021-3672: Fixed input validation on hostnames (bsc#1188881). Important SUSE bug 1188881 CVE-2021-3672 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.13.0 ESR (MFSA 2021-34, bsc#1188891): - CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption - CVE-2021-29988: Memory corruption as a result of incorrect style treatment - CVE-2021-29984: Incorrect instruction reordering during JIT optimization - CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption - CVE-2021-29985: Use-after-free media channels - CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 Important SUSE bug 1188891 CVE-2021-29980 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29988 CVE-2021-29989 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for fetchmail fixes the following issues: - CVE-2021-36386: DoS or information disclosure in some configurations (bsc#1188875) - Change PASSWORDLEN from 64 to 256 [bsc#1188034] - Set the hostname for SNI when using TLS [bsc#1182807] - Allow --syslog option in daemon mode. (bsc#1033081) - Set the hostname for SNI when using TLS. (bsc#1182807) - Change PASSWORDLEN from 64 to 256 (bsc#1188034) Moderate SUSE bug 1033081 SUSE bug 1182807 SUSE bug 1188034 SUSE bug 1188875 CVE-2021-36386 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for java-1_8_0-openjdk fixes the following issues: - Update to version jdk8u302 (icedtea 3.20.0) - CVE-2021-2341: Improve file transfers. (bsc#1188564) - CVE-2021-2369: Better jar file validation. (bsc#1188565) - CVE-2021-2388: Enhance compiler validation. (bsc#1188566) - CVE-2021-2161: Less ambiguous processing. (bsc#1185056) Important SUSE bug 1185056 SUSE bug 1188564 SUSE bug 1188565 SUSE bug 1188566 CVE-2021-2161 CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for cpio fixes the following issues: - A patch previously applied to remedy CVE-2021-38185 introduced a regression that had the potential to cause a segmentation fault in cpio. [bsc#1189465] Important SUSE bug 1189465 CVE-2021-38185 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for python-PyYAML fixes the following issues: - Update to 5.3.1. - CVE-2020-14343: A vulnerability was discovered in the PyYAML library, where it was susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. Important SUSE bug 1174514 CVE-2020-14343 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for openssl-1_0_0 fixes the following issues: - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] Important SUSE bug 1189521 CVE-2021-3712 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for openssl-1_1 fixes the following security issues: - CVE-2021-3711: A bug in the implementation of the SM2 decryption code could lead to buffer overflows. [bsc#1189520] - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] Important SUSE bug 1189520 SUSE bug 1189521 CVE-2021-3711 CVE-2021-3712 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for unrar to version 5.6.1 fixes several issues. These security issues were fixed: - CVE-2017-12938: Prevent remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file (bsc#1054038). - CVE-2017-12940: Prevent out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function (bsc#1054038). - CVE-2017-12941: Prevent an out-of-bounds read in the Unpack::Unpack20 function (bsc#1054038). - CVE-2017-12942: Prevent a buffer overflow in the Unpack::LongLZ function (bsc#1054038). - CVE-2017-20006: Fixed heap-based buffer overflow in Unpack:CopyString (bsc#1187974). These non-security issues were fixed: - Added extraction support for .LZ archives created by Lzip compressor - Enable unpacking of files in ZIP archives compressed with XZ algorithm and encrypted with AES - Added support for PAX extended headers inside of TAR archive - If RAR recovery volumes (.rev files) are present in the same folder as usual RAR volumes, archive test command verifies .rev contents after completing testing .rar files - By default unrar skips symbolic links with absolute paths in link target when extracting unless -ola command line switch is specified - Added support for AES-NI CPU instructions - Support for a new RAR 5.0 archiving format - Wildcard exclusion mask for folders - Prevent conditional jumps depending on uninitialised values (bsc#1046882) Moderate SUSE bug 1046882 SUSE bug 1054038 SUSE bug 1187974 CVE-2012-6706 CVE-2017-12938 CVE-2017-12940 CVE-2017-12941 CVE-2017-12942 CVE-2017-20006 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for aspell fixes the following issues: - CVE-2019-25051: Fixed heap-buffer-overflow in acommon:ObjStack:dup_top (bsc#1188576). Important SUSE bug 1188576 CVE-2019-25051 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for openexr fixes the following issues: - CVE-2021-20298 [bsc#1188460]: Fixed Out-of-memory in B44Compressor - CVE-2021-20299 [bsc#1188459]: Fixed Null-dereference READ in Imf_2_5:Header:operator - CVE-2021-20300 [bsc#1188458]: Fixed Integer-overflow in Imf_2_5:hufUncompress - CVE-2021-20302 [bsc#1188462]: Fixed Floating-point-exception in Imf_2_5:precalculateTileInfot - CVE-2021-20303 [bsc#1188457]: Fixed Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer - CVE-2021-20304 [bsc#1188461]: Fixed Undefined-shift in Imf_2_5:hufDecode Important SUSE bug 1188457 SUSE bug 1188458 SUSE bug 1188459 SUSE bug 1188460 SUSE bug 1188461 SUSE bug 1188462 CVE-2021-20298 CVE-2021-20299 CVE-2021-20300 CVE-2021-20302 CVE-2021-20303 CVE-2021-20304 CVE-2021-3476 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for libesmtp fixes the following issues: - CVE-2019-19977: Fix stack-based buffer over-read in ntlm/ntlmstruct.c (bsc#1160462). Important SUSE bug 1160462 SUSE bug 1189097 CVE-2019-19977 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for file fixes the following issues: - CVE-2019-18218: Fixed heap-based buffer overflow in cdf_read_property_info in cdf.c (bsc#1154661). Important SUSE bug 1154661 CVE-2019-18218 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for xen fixes the following issues: Security issues fixed: - CVE-2021-28698: long running loops in grant table handling (XSA-380)(bsc#1189378). - CVE-2021-28697: grant table v2 status pages may remain accessible after de-allocation (XSA-379)(bsc#1189376). - CVE-2021-28694,CVE-2021-28695,CVE-2021-28696: IOMMU page mapping issues on x86 (XSA-378)(bsc#1189373). - CVE-2021-28699: inadequate grant-v2 status frames array bounds check (XSA-382)(bsc#1189380). - CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling (bsc#1186429) - CVE-2021-28690: xen: x86: TSX Async Abort protections not restored after S3 (bsc#1186434) - CVE-2021-0089: xen: Speculative Code Store Bypass (bsc#1186433) - CVE-2021-20255: Fixed stack overflow via infinite recursion in eepro100 (bsc#1182654) - CVE-2021-3592: slirp: invalid pointer initialization may lead to information disclosure (bootp)(bsc#1187369). - CVE-2021-3594: slirp: invalid pointer initialization may lead to information disclosure (udp)(bsc#1187378). - CVE-2021-3595: slirp: invalid pointer initialization may lead to information disclosure (tftp)(bsc#1187376). - CVE-2021-3308: Fixed IRQ vector leak on x86 (XSA-360)(bsc#1181254). - Prevent superpage allocation in the LAPIC and ACPI_INFO range (bsc#1189882). Important SUSE bug 1181254 SUSE bug 1182654 SUSE bug 1186429 SUSE bug 1186433 SUSE bug 1186434 SUSE bug 1187369 SUSE bug 1187376 SUSE bug 1187378 SUSE bug 1189373 SUSE bug 1189376 SUSE bug 1189378 SUSE bug 1189380 SUSE bug 1189882 CVE-2021-0089 CVE-2021-20255 CVE-2021-28690 CVE-2021-28692 CVE-2021-28694 CVE-2021-28695 CVE-2021-28696 CVE-2021-28697 CVE-2021-28698 CVE-2021-28699 CVE-2021-3308 CVE-2021-3592 CVE-2021-3594 CVE-2021-3595 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for openvswitch fixes the following issues: - openvswitch was updated to 2.8.10 - CVE-2020-27827: Fixed a memory leak when parsing lldp packets (bsc#1181345) A lot more minor bugs have been fixed with this openvswitch version. Please refer to the changelog of the openvswitch.rpm file in order to obtain a list of all changes. Important SUSE bug 1117483 SUSE bug 1181345 CVE-2020-27827 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for openssl-1_0_0 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). Low SUSE bug 1189521 CVE-2021-3712 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). Low SUSE bug 1189521 CVE-2021-3712 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for mariadb fixes the following issues: Update to version 10.2.40 [bsc#1189320]: - fixes for the following security vulnerabilities: CVE-2021-2372 and CVE-2021-2389 Moderate SUSE bug 1182255 SUSE bug 1189320 CVE-2021-2372 CVE-2021-2389 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for tomcat fixes the following issue: - CVE-2020-17527: Fixed a HTTP/2 request header mix-up (bsc#1179602). Moderate SUSE bug 1179602 CVE-2020-17527 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for transfig fixes the following issues: Update to version 3.2.8, including fixes for - CVE-2021-3561: overflow in fig2dev/read.c in function read_colordef() (bsc#1186329). - CVE-2020-21683: Fixed buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c (bsc#1189325). - CVE-2020-21682: Fixed buffer overflow in the set_fill component in genge.c (bsc#1189346). - CVE-2020-21681: Fixed buffer overflow in the set_color component in genge.c (bsc#1189345). - CVE-2020-21680: Fixed stack-based buffer overflow in the put_arrow() component in genpict2e.c (bsc#1189343). - CVE-2019-19797: out-of-bounds write in read_colordef in read.c (bsc#1159293). - CVE-2019-19555: stack-based buffer overflow because of an incorrect sscanf (bsc#1161698). - CVE-2019-19746: segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type (bsc#1159130). Moderate SUSE bug 1136882 SUSE bug 1159130 SUSE bug 1159293 SUSE bug 1161698 SUSE bug 1186329 SUSE bug 1189325 SUSE bug 1189343 SUSE bug 1189345 SUSE bug 1189346 CVE-2019-19555 CVE-2019-19746 CVE-2019-19797 CVE-2020-21680 CVE-2020-21681 CVE-2020-21682 CVE-2020-21683 CVE-2021-3561 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for gtk-vnc fixes the following issues: - CVE-2017-5885: Correctly validate color map range indexes (bsc#1024268). - CVE-2017-5884: Fix bounds checking for RRE, hextile & copyrect encodings (bsc#1024266). - Fix crash when opening connection from a GSocketAddress (bsc#1046782). - Fix possible crash on connection failure (bsc#1188292). Moderate SUSE bug 1024266 SUSE bug 1024268 SUSE bug 1046782 SUSE bug 1188292 CVE-2017-5884 CVE-2017-5885 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for ghostscript fixes the following issues: - CVE-2021-3781: Fixed a trivial -dSAFER bypass command injection (bsc#1190381) Critical SUSE bug 1190381 CVE-2021-3781 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: This update contains the Firefox Extended Support Release 91.1.0 ESR. * Fixed: Various stability, functionality, and security fixes MFSA 2021-40 (bsc#1190269, bsc#1190274): * CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer * CVE-2021-38495: Memory safety bugs fixed in Firefox 92 and Firefox ESR 91.1 Firefox 91.0.1esr ESR * Fixed: Fixed an issue causing buttons on the tab bar to be resized when loading certain websites (bug 1704404) * Fixed: Fixed an issue which caused tabs from private windows to be visible in non-private windows when viewing switch-to- tab results in the address bar panel (bug 1720369) * Fixed: Various stability fixes * Fixed: Security fix MFSA 2021-37 (bsc#1189547) * CVE-2021-29991 (bmo#1724896) Header Splitting possible with HTTP/3 Responses Firefox Extended Support Release 91.0 ESR * New: Some of the highlights of the new Extended Support Release are: - A number of user interface changes. For more information, see the Firefox 89 release notes. - Firefox now supports logging into Microsoft, work, and school accounts using Windows single sign-on. Learn more - On Windows, updates can now be applied in the background while Firefox is not running. - Firefox for Windows now offers a new page about:third-party to help identify compatibility issues caused by third-party applications - Version 2 of Firefox's SmartBlock feature further improves private browsing. Third party Facebook scripts are blocked to prevent you from being tracked, but are now automatically loaded 'just in time' if you decide to 'Log in with Facebook' on any website. - Enhanced the privacy of the Firefox Browser's Private Browsing mode with Total Cookie Protection, which confines cookies to the site where they were created, preventing companis from using cookies to track your browsing across sites. This feature was originally launched in Firefox's ETP Strict mode. - PDF forms now support JavaScript embedded in PDF files. Some PDF forms use JavaScript for validation and other interactive features. - You'll encounter less website breakage in Private Browsing and Strict Enhanced Tracking Protection with SmartBlock, which provides stand-in scripts so that websites load properly. - Improved Print functionality with a cleaner design and better integration with your computer's printer settings. - Firefox now protects you from supercookies, a type of tracker that can stay hidden in your browser and track you online, even after you clear cookies. By isolating supercookies, Firefox prevents them from tracking your web browsing from one site to the next. - Firefox now remembers your preferred location for saved bookmarks, displays the bookmarks toolbar by default on new tabs, and gives you easy access to all of your bookmarks via a toolbar folder. - Native support for macOS devices built with Apple Silicon CPUs brings dramatic performance improvements over the non- native build that was shipped in Firefox 83: Firefox launches over 2.5 times faster and web apps are now twice as responsive (per the SpeedoMeter 2.0 test). If you are on a new Apple device, follow these steps to upgrade to the latest Firefox. - Pinch zooming will now be supported for our users with Windows touchscreen devices and touchpads on Mac devices. Firefox users may now use pinch to zoom on touch-capable devices to zoom in and out of webpages. - We’ve improved functionality and design for a number of Firefox search features: * Selecting a search engine at the bottom of the search panel now enters search mode for that engine, allowing you to see suggestions (if available) for your search terms. The old behavior (immediately performing a search) is available with a shift-click. * When Firefox autocompletes the URL of one of your search engines, you can now search with that engine directly in the address bar by selecting the shortcut in the address bar results. * We’ve added buttons at the bottom of the search panel to allow you to search your bookmarks, open tabs, and history. - Firefox supports AcroForm, which will allow you to fill in, print, and save supported PDF forms and the PDF viewer also has a new fresh look. - For our users in the US and Canada, Firefox can now save, manage, and auto-fill credit card information for you, making shopping on Firefox ever more convenient. - In addition to our default, dark and light themes, with this release, Firefox introduces the Alpenglow theme: a colorful appearance for buttons, menus, and windows. You can update your Firefox themes under settings or preferences. * Changed: Firefox no longer supports Adobe Flash. There is no setting available to re-enable Flash support. * Enterprise: Various bug fixes and new policies have been implemented in the latest version of Firefox. See more details in the Firefox for Enterprise 91 Release Notes. MFSA 2021-33 (bsc#1188891): * CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption * CVE-2021-29981: Live range splitting could have led to conflicting assignments in the JIT * CVE-2021-29988: Memory corruption as a result of incorrect style treatment * CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode * CVE-2021-29984: Incorrect instruction reordering during JIT optimization * CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption * CVE-2021-29987: Users could have been tricked into accepting unwanted permissions on Linux * CVE-2021-29985: Use-after-free media channels * CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and type confusion * CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 * CVE-2021-29990: Memory safety bugs fixed in Firefox 91 Important SUSE bug 1188891 SUSE bug 1189547 SUSE bug 1190269 SUSE bug 1190274 CVE-2021-29980 CVE-2021-29981 CVE-2021-29982 CVE-2021-29983 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29987 CVE-2021-29988 CVE-2021-29989 CVE-2021-29990 CVE-2021-29991 CVE-2021-38492 CVE-2021-38495 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 20 [bsc#1180063,bsc#1177943] CVE-2020-14792 CVE-2020-14797 CVE-2020-14781 CVE-2020-14779 CVE-2020-14798 CVE-2020-14796 CVE-2020-14803 * Class libraries: - SOCKETADAPTOR$SOCKETINPUTSTREAM.READ is blocking for more time that the set timeout - Z/OS specific C function send_file is changing the file pointer position * Java Virtual Machine: - Crash on iterate java stack - Java process hang on SIGTERM * JIT Compiler: - JMS performance regression from JDK8 SR5 FP40 TO FP41 * Class Libraries: - z15 high utilization following Z/VM and Linux migration from z14 To z15 * Java Virtual Machine: - Assertion failed when trying to write a class file - Assertion failure at modronapi.cpp - Improve the performance of defining and finding classes * JIT Compiler: - An assert in ppcbinaryencoding.cpp may trigger when running with traps disabled on power - AOT field offset off by n bytes - Segmentation fault in jit module on ibm z platform Moderate SUSE bug 1177943 SUSE bug 1180063 CVE-2020-14779 CVE-2020-14781 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for sqlite3 fixes the following issues: sqlite3 is sync version 3.36.0 from Factory (jsc#SLE-16032). The following CVEs have been fixed in upstream releases up to this point, but were not mentioned in the change log so far: * bsc#1173641, CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization * bsc#1164719, CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator * bsc#1160439, CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error * bsc#1160438, CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input * bsc#1160309, CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference * bsc#1159850, CVE-2019-19924: improper error handling in sqlite3WindowRewrite() * bsc#1159847, CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive * bsc#1159715, CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c * bsc#1159491, CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference * bsc#1158960, CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name * bsc#1158959, CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns * bsc#1158958, CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements * bsc#1158812, CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service * bsc#1157818, CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage * bsc#928701, CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability * bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names * CVE-2020-13434 bsc#1172115: integer overflow in sqlite3_str_vappendf * CVE-2020-13630 bsc#1172234: use-after-free in fts3EvalNextRow * CVE-2020-13631 bsc#1172236: virtual table allowed to be renamed to one of its shadow tables * CVE-2020-13632 bsc#1172240: NULL pointer dereference via crafted matchinfo() query * CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091) Important SUSE bug 1157818 SUSE bug 1158812 SUSE bug 1158958 SUSE bug 1158959 SUSE bug 1158960 SUSE bug 1159491 SUSE bug 1159715 SUSE bug 1159847 SUSE bug 1159850 SUSE bug 1160309 SUSE bug 1160438 SUSE bug 1160439 SUSE bug 1164719 SUSE bug 1172091 SUSE bug 1172115 SUSE bug 1172234 SUSE bug 1172236 SUSE bug 1172240 SUSE bug 1173641 SUSE bug 928700 SUSE bug 928701 CVE-2015-3414 CVE-2015-3415 CVE-2016-6153 CVE-2017-10989 CVE-2017-2518 CVE-2018-20346 CVE-2018-8740 CVE-2019-16168 CVE-2019-19244 CVE-2019-19317 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646 CVE-2019-19880 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926 CVE-2019-19959 CVE-2019-20218 CVE-2019-8457 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-15358 CVE-2020-9327 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for python-urllib3 fixes the following security issue: - CVE-2020-26137: A CRLF injection via HTTP request method was fixed (bsc#1177120) Note that this was fixed in a previous version update to 1.25.9, this update just complements the tracking. Moderate SUSE bug 1177120 CVE-2020-26137 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for glibc fixes the following issues: - CVE-2021-33574: Fixed a use-after-free possibility in mq_notify() (bsc#1186489) Moderate SUSE bug 1186489 CVE-2021-33574 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for webkit2gtk3 fixes the following issues: - Update to version 2.32.4 - CVE-2021-30858: Fixed a security bug that could allow maliciously crafted web content to achieve arbitrary code execution. (bsc#1190701) - CVE-2021-21806: Fixed an exploitable use-after-free vulnerability via specially crafted HTML web page. (bsc#1188697) Important SUSE bug 1188697 SUSE bug 1190701 CVE-2021-21806 CVE-2021-30858 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for apache2 fixes the following issues: - CVE-2021-40438: Fixed a SRF via a crafted request uri-path. (bsc#1190703) - CVE-2021-39275: Fixed an out-of-bounds write in ap_escape_quotes() via malicious input. (bsc#1190666) - CVE-2021-34798: Fixed a NULL pointer dereference via malformed requests. (bsc#1190669) Important SUSE bug 1190666 SUSE bug 1190669 SUSE bug 1190703 CVE-2021-34798 CVE-2021-39275 CVE-2021-40438 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374). - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373). Moderate SUSE bug 1190373 SUSE bug 1190374 CVE-2021-22946 CVE-2021-22947 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for python3 fixes the following issues: - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). Important SUSE bug 1176262 SUSE bug 1180686 CVE-2019-20916 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.2.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-45 (bsc#1191332) * CVE-2021-38496: Use-after-free in MessageTask * CVE-2021-38497: Validation message could have been overlaid on another origin * CVE-2021-38498: Use-after-free of nsLanguageAtomService object * CVE-2021-32810: Fixed Data race in crossbeam-deque * CVE-2021-38500: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 * CVE-2021-38501: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 - Fixed crash in FIPS mode (bsc#1190710) Important SUSE bug 1190710 SUSE bug 1191332 CVE-2021-32810 CVE-2021-38496 CVE-2021-38497 CVE-2021-38498 CVE-2021-38500 CVE-2021-38501 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for strongswan fixes the following issues: - CVE-2021-41991: Fixed an integer overflow when replacing certificates in cache. (bsc#1191435) Important SUSE bug 1191435 CVE-2021-41991 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for postgresql10 fixes the following issues: - Fix for build with llvm12 on s390x. (bsc#1185952) - Re-enable 'icu' for PostgreSQL 10. (bsc#1179945) - Add postgresqlXX-server-devel as a dependency for postgresql13-server-devel. (bsc#1187751) - Upgrade to version 10.18. (bsc#1190177) Upgrade to version 10.17 (already released for SUSE Linux Enterprise 12 SP5): - CVE-2021-32027: Fixed integer overflows in array subscripting calculations (bsc#1185924). - CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists (bsc#1185925). - Don't use %_stop_on_removal, because it was meant to be private and got removed from openSUSE. %_restart_on_update is also private, but still supported and needed for now (bsc#1183168). - Re-enable build of the llvmjit subpackage on SLE, but it will only be delivered on PackageHub for now (bsc#1183118). - Disable icu for PostgreSQL 10 (and older) on TW (bsc#1179945). - Fixed an issue droping irregular warning messages by removing the package. (bsc#1178961) - Fixed an issue when build does not build the requiements to avoid dangling symlinks in the devel package. (bsc#1179765) - Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. Important SUSE bug 1178961 SUSE bug 1179765 SUSE bug 1179945 SUSE bug 1183118 SUSE bug 1183168 SUSE bug 1185924 SUSE bug 1185925 SUSE bug 1185952 SUSE bug 1187751 SUSE bug 1190177 CVE-2021-32027 CVE-2021-32028 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for opensc fixes the following issues: - CVE-2021-42780: Fixed use after return in insert_pin() (bsc#1192005). - CVE-2021-42779: Fixed use after free in sc_file_valid() (bsc#1191992). - CVE-2021-42781: Fixed multiple heap buffer overflows in pkcs15-oberthur.c (bsc#1192000). - CVE-2021-42782: Stack buffer overflow issues in various places (bsc#1191957). Important SUSE bug 1191957 SUSE bug 1191992 SUSE bug 1192000 SUSE bug 1192005 CVE-2021-42779 CVE-2021-42780 CVE-2021-42781 CVE-2021-42782 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for transfig fixes the following issues: Update to fig2dev version 3.2.8 Patchlevel 8b (Aug 2021) - bsc#1190618, CVE-2020-21529: stack buffer overflow in the bezier_spline function in genepic.c. - bsc#1190615, CVE-2020-21530: segmentation fault in the read_objects function in read.c. - bsc#1190617, CVE-2020-21531: global buffer overflow in the conv_pattern_index function in gencgm.c. - bsc#1190616, CVE-2020-21532: global buffer overflow in the setfigfont function in genepic.c. - bsc#1190612, CVE-2020-21533: stack buffer overflow in the read_textobject function in read.c. - bsc#1190611, CVE-2020-21534: global buffer overflow in the get_line function in read.c. - bsc#1190607, CVE-2020-21535: segmentation fault in the gencgm_start function in gencgm.c. - bsc#1192019, CVE-2021-32280: NULL pointer dereference in compute_closed_spline() in trans_spline.c Important SUSE bug 1190607 SUSE bug 1190611 SUSE bug 1190612 SUSE bug 1190615 SUSE bug 1190616 SUSE bug 1190617 SUSE bug 1190618 SUSE bug 1192019 CVE-2020-21529 CVE-2020-21530 CVE-2020-21531 CVE-2020-21532 CVE-2020-21533 CVE-2020-21534 CVE-2020-21535 CVE-2021-32280 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for binutils fixes the following issues: Update to binutils 2.37: * The GNU Binutils sources now requires a C99 compiler and library to build. * Support for the arm-symbianelf format has been removed. * Support for Realm Management Extension (RME) for AArch64 has been added. * A new linker option '-z report-relative-reloc' for x86 ELF targets has been added to report dynamic relative relocations. * A new linker option '-z start-stop-gc' has been added to disable special treatment of __start_*/__stop_* references when --gc-sections. * A new linker options '-Bno-symbolic' has been added which will cancel the '-Bsymbolic' and '-Bsymbolic-functions' options. * The readelf tool has a new command line option which can be used to specify how the numeric values of symbols are reported. --sym-base=0|8|10|16 tells readelf to display the values in base 8, base 10 or base 16. A sym base of 0 represents the default action of displaying values under 10000 in base 10 and values above that in base 16. * A new format has been added to the nm program. Specifying '--format=just-symbols' (or just using -j) will tell the program to only display symbol names and nothing else. * A new command line option '--keep-section-symbols' has been added to objcopy and strip. This stops the removal of unused section symbols when the file is copied. Removing these symbols saves space, but sometimes they are needed by other tools. * The '--weaken', '--weaken-symbol' and '--weaken-symbols' options supported by objcopy now make undefined symbols weak on targets that support weak symbols. * Readelf and objdump can now display and use the contents of .debug_sup sections. * Readelf and objdump will now follow links to separate debug info files by default. This behaviour can be stopped via the use of the new '-wN' or '--debug-dump=no-follow-links' options for readelf and the '-WN' or '--dwarf=no-follow-links' options for objdump. Also the old behaviour can be restored by the use of the '--enable-follow-debug-links=no' configure time option. The semantics of the =follow-links option have also been slightly changed. When enabled, the option allows for the loading of symbol tables and string tables from the separate files which can be used to enhance the information displayed when dumping other sections, but it does not automatically imply that information from the separate files should be displayed. If other debug section display options are also enabled (eg '--debug-dump=info') then the contents of matching sections in both the main file and the separate debuginfo file *will* be displayed. This is because in most cases the debug section will only be present in one of the files. If however non-debug section display options are enabled (eg '--sections') then the contents of matching parts of the separate debuginfo file will *not* be displayed. This is because in most cases the user probably only wanted to load the symbol information from the separate debuginfo file. In order to change this behaviour a new command line option --process-links can be used. This will allow di0pslay options to applied to both the main file and any separate debuginfo files. * Nm has a new command line option: '--quiet'. This suppresses 'no symbols' diagnostic. Update to binutils 2.36: New features in the Assembler: General: * When setting the link order attribute of ELF sections, it is now possible to use a numeric section index instead of symbol name. * Added a .nop directive to generate a single no-op instruction in a target neutral manner. This instruction does have an effect on DWARF line number generation, if that is active. * Removed --reduce-memory-overheads and --hash-size as gas now uses hash tables that can be expand and shrink automatically. X86/x86_64: * Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key Locker instructions. * Support non-absolute segment values for lcall and ljmp. * Add {disp16} pseudo prefix to x86 assembler. * Configure with --enable-x86-used-note by default for Linux/x86. ARM/AArch64: * Add support for Cortex-A78, Cortex-A78AE and Cortex-X1, Cortex-R82, Neoverse V1, and Neoverse N2 cores. * Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded Trace Extension), TRBE (Trace Buffer Extension), CSRE (Call Stack Recorder Extension) and BRBE (Branch Record Buffer Extension) system registers. * Add support for Armv8-R and Armv8.7-A ISA extensions. * Add support for DSB memory nXS barrier, WFET and WFIT instruction for Armv8.7. * Add support for +csre feature for -march. Add CSR PDEC instruction for CSRE feature in AArch64. * Add support for +flagm feature for -march in Armv8.4 AArch64. * Add support for +ls64 feature for -march in Armv8.7 AArch64. Add atomic 64-byte load/store instructions for this feature. * Add support for +pauth (Pointer Authentication) feature for -march in AArch64. New features in the Linker: * Add --error-handling-script=<NAME> command line option to allow a helper script to be invoked when an undefined symbol or a missing library is encountered. This option can be suppressed via the configure time switch: --enable-error-handling-script=no. * Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark x86-64-{baseline|v[234]} ISA level as needed. * Add -z unique-symbol to avoid duplicated local symbol names. * The creation of PE format DLLs now defaults to using a more secure set of DLL characteristics. * The linker now deduplicates the types in .ctf sections. The new command-line option --ctf-share-types describes how to do this: its default value, share-unconflicted, produces the most compact output. * The linker now omits the 'variable section' from .ctf sections by default, saving space. This is almost certainly what you want unless you are working on a project that has its own analogue of symbol tables that are not reflected in the ELF symtabs. New features in other binary tools: * The ar tool's previously unused l modifier is now used for specifying dependencies of a static library. The arguments of this option (or --record-libdeps long form option) will be stored verbatim in the __.LIBDEP member of the archive, which the linker may read at link time. * Readelf can now display the contents of LTO symbol table sections when asked to do so via the --lto-syms command line option. * Readelf now accepts the -C command line option to enable the demangling of symbol names. In addition the --demangle=<style>, --no-demangle, --recurse-limit and --no-recurse-limit options are also now availale. Update to binutils 2.35.1: * This is a point release over the previous 2.35 version, containing bug fixes, and as an exception to the usual rule, one new feature. The new feature is the support for a new directive in the assembler: '.nop'. This directive creates a single no-op instruction in whatever encoding is correct for the target architecture. Unlike the .space or .fill this is a real instruction, and it does affect the generation of DWARF line number tables, should they be enabled. Update to binutils 2.35: * The assembler can now produce DWARF-5 format line number tables. * Readelf now has a 'lint' mode to enable extra checks of the files it is processing. * Readelf will now display '[...]' when it has to truncate a symbol name. The old behaviour - of displaying as many characters as possible, up to the 80 column limit - can be restored by the use of the --silent-truncation option. * The linker can now produce a dependency file listing the inputs that it has processed, much like the -M -MP option supported by the compiler. Update to binutils 2.34: * The disassembler (objdump --disassemble) now has an option to generate ascii art thats show the arcs between that start and end points of control flow instructions. * The binutils tools now have support for debuginfod. Debuginfod is a HTTP service for distributing ELF/DWARF debugging information as well as source code. The tools can now connect to debuginfod servers in order to download debug information about the files that they are processing. * The assembler and linker now support the generation of ELF format files for the Z80 architecture. Update to binutils 2.33.1: * Adds support for the Arm Scalable Vector Extension version 2 (SVE2) instructions, the Arm Transactional Memory Extension (TME) instructions and the Armv8.1-M Mainline and M-profile Vector Extension (MVE) instructions. * Adds support for the Arm Cortex-A76AE, Cortex-A77 and Cortex-M35P processors and the AArch64 Cortex-A34, Cortex-A65, Cortex-A65AE, Cortex-A76AE, and Cortex-A77 processors. * Adds a .float16 directive for both Arm and AArch64 to allow encoding of 16-bit floating point literals. * For MIPS, Add -m[no-]fix-loongson3-llsc option to fix (or not) Loongson3 LLSC Errata. Add a --enable-mips-fix-loongson3-llsc=[yes|no] configure time option to set the default behavior. Set the default if the configure option is not used to 'no'. * The Cortex-A53 Erratum 843419 workaround now supports a choice of which workaround to use. The option --fix-cortex-a53-843419 now takes an optional argument --fix-cortex-a53-843419[=full|adr|adrp] which can be used to force a particular workaround to be used. See --help for AArch64 for more details. * Add support for GNU_PROPERTY_AARCH64_FEATURE_1_BTI and GNU_PROPERTY_AARCH64_FEATURE_1_PAC in ELF GNU program properties in the AArch64 ELF linker. * Add -z force-bti for AArch64 to enable GNU_PROPERTY_AARCH64_FEATURE_1_BTI on output while warning about missing GNU_PROPERTY_AARCH64_FEATURE_1_BTI on inputs and use PLTs protected with BTI. * Add -z pac-plt for AArch64 to pick PAC enabled PLTs. * Add --source-comment[=<txt>] option to objdump which if present, provides a prefix to source code lines displayed in a disassembly. * Add --set-section-alignment <section-name>=<power-of-2-align> option to objcopy to allow the changing of section alignments. * Add --verilog-data-width option to objcopy for verilog targets to control width of data elements in verilog hex format. * The separate debug info file options of readelf (--debug-dump=links and --debug-dump=follow) and objdump (--dwarf=links and --dwarf=follow-links) will now display and/or follow multiple links if more than one are present in a file. (This usually happens when gcc's -gsplit-dwarf option is used). In addition objdump's --dwarf=follow-links now also affects its other display options, so that for example, when combined with --syms it will cause the symbol tables in any linked debug info files to also be displayed. In addition when combined with --disassemble the --dwarf= follow-links option will ensure that any symbol tables in the linked files are read and used when disassembling code in the main file. * Add support for dumping types encoded in the Compact Type Format to objdump and readelf. The following security fixes are addressed by the update: - CVE-2021-20197: Fixed a race condition which allows users to own arbitrary files (bsc#1181452). - CVE-2021-20284: Fixed a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c (bsc#1183511). - CVE-2021-3487: Fixed a denial of service via excessive debug section size causing excessive memory consumption in bfd's dwarf2.c read_section() (bsc#1184620). - CVE-2020-35448: Fixed a heap-based buffer over-read in bfd_getl_signed_32() in libbfd.c (bsc#1184794). - CVE-2020-16590: Fixed a double free vulnerability in process_symbol_table() (bsc#1179898). - CVE-2020-16591: Fixed an invalid read in process_symbol_table() (bsc#1179899). - CVE-2020-16592: Fixed an use-after-free in bfd_hash_lookup() (bsc#1179900). - CVE-2020-16593: Fixed a null pointer dereference in scan_unit_for_symbols() (bsc#1179901). - CVE-2020-16598: Fixed a null pointer dereference in debug_get_real_type() (bsc#1179902). - CVE-2020-16599: Fixed a null pointer dereference in _bfd_elf_get_symbol_version_string() (bsc#1179903) - CVE-2020-35493: Fixed heap-based buffer overflow in bfd_pef_parse_function_stubs function in bfd/pef.c via crafted PEF file (bsc#1180451). - CVE-2020-35496: Fixed multiple null pointer dereferences in bfd module due to not checking return value of bfd_malloc (bsc#1180454). - CVE-2020-35507: Fixed a null pointer dereference in bfd_pef_parse_function_stubs() (bsc#1180461). - CVE-2019-17451: Fixed an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line() in dwarf2.c (bsc#1153768). - CVE-2019-17450: Fixed a potential denial of service in find_abstract_instance() in dwarf2.c (bsc#1153770). - CVE-2019-9077: Fixed a heap-based buffer overflow in process_mips_specific() in readelf.c via a malformed MIPS option section (bsc#1126826). - CVE-2019-9075: Fixed a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap() in archive64.c (bsc#1126829). - CVE-2019-9074: Fixed a out-of-bounds read leading to a SEGV in bfd_getl32() in libbfd.c (bsc#1126831). - CVE-2019-12972: Fixed a heap-based buffer over-read in _bfd_doprnt() in bfd.c (bsc#1140126). - CVE-2019-14444: Fixed an integer overflow apply_relocations() in readelf.c (bsc#1143609). - CVE-2019-14250: Fixed an integer overflow in simple_object_elf_match() in simple-object-elf.c (bsc#1142649). Moderate SUSE bug 1126826 SUSE bug 1126829 SUSE bug 1126831 SUSE bug 1140126 SUSE bug 1142649 SUSE bug 1143609 SUSE bug 1153768 SUSE bug 1153770 SUSE bug 1157755 SUSE bug 1160254 SUSE bug 1160590 SUSE bug 1163333 SUSE bug 1163744 SUSE bug 1179036 SUSE bug 1179341 SUSE bug 1179898 SUSE bug 1179899 SUSE bug 1179900 SUSE bug 1179901 SUSE bug 1179902 SUSE bug 1179903 SUSE bug 1180451 SUSE bug 1180454 SUSE bug 1180461 SUSE bug 1181452 SUSE bug 1182252 SUSE bug 1183511 SUSE bug 1184620 SUSE bug 1184794 CVE-2019-12972 CVE-2019-14250 CVE-2019-14444 CVE-2019-17450 CVE-2019-17451 CVE-2019-9074 CVE-2019-9075 CVE-2019-9077 CVE-2020-16590 CVE-2020-16591 CVE-2020-16592 CVE-2020-16593 CVE-2020-16598 CVE-2020-16599 CVE-2020-35448 CVE-2020-35493 CVE-2020-35496 CVE-2020-35507 CVE-2021-20197 CVE-2021-20284 CVE-2021-3487 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for tomcat, javapackages-tools fixes the following issue: Security issue fixed: - CVE-2021-30640: Escape parameters in JNDI Realm queries (bsc#1188279). - CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients (bsc#1188278). - CVE-2021-41079: Fixed a denial of service caused by an unexpected TLS packet (bsc#1190558). Non-security issues fixed: - Add requires and conflicts to avoid the usage of the incompatible 'Java 11' with 'Tomcat'. (bsc#1185476) - Rebuild javapackages-tools to fix a missing package on s390. Important SUSE bug 1185476 SUSE bug 1188278 SUSE bug 1188279 SUSE bug 1190558 CVE-2021-30640 CVE-2021-33037 CVE-2021-41079 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for qemu fixes the following issues: Security issues fixed: - Fix heap use-after-free in virtio_net_receive_rcu (bsc#1189938, CVE-2021-3748) - Fix out-of-bounds write in UAS (USB Attached SCSI) device emulation (bsc#1189702, CVE-2021-3713) - usbredir: free call on invalid pointer in bufp_alloc (bsc#1189145, CVE-2021-3682) - NULL pointer dereference in ESP (bsc#1180433, CVE-2020-35504) (bsc#1180434, CVE-2020-35505) (bsc#1180435, CVE-2020-35506) - NULL pointer dereference issue in megasas-gen2 host bus adapter (bsc#1180432, CVE-2020-35503) - eepro100: stack overflow via infinite recursion (bsc#1182651, CVE-2021-20255) - usb: unbounded stack allocation in usbredir (bsc#1186012, CVE-2021-3527) Important SUSE bug 1180432 SUSE bug 1180433 SUSE bug 1180434 SUSE bug 1180435 SUSE bug 1182651 SUSE bug 1186012 SUSE bug 1189145 SUSE bug 1189702 SUSE bug 1189938 CVE-2020-35503 CVE-2020-35504 CVE-2020-35505 CVE-2020-35506 CVE-2021-20255 CVE-2021-3527 CVE-2021-3682 CVE-2021-3713 CVE-2021-3748 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for binutils fixes the following issues: - For compatibility on old code stream that expect 'brcl 0,label' to not be disassembled as 'jgnop label' on s390x. (bsc#1192267) This reverts IBM zSeries HLASM support for now. - Fixed that ppc64 optflags did not enable LTO (bsc#1188941). - Fix empty man-pages from broken release tarball - Fixed a memory corruption with rpath option (bsc#1191473). - Fixed slow performance of stripping some binaries (bsc#1183909). Security issue fixed: - CVE-2021-20294: Fixed out-of-bounds write in print_dynamic_symbol in readelf (bnc#1184519) Moderate SUSE bug 1183909 SUSE bug 1184519 SUSE bug 1188941 SUSE bug 1191473 SUSE bug 1192267 CVE-2021-20294 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973). - CVE-2017-7244: Fixed invalid read in _pcre32_xclass() (bsc#1030807). - CVE-2017-7245: Fixed buffer overflow in the pcre32_copy_substring (bsc#1030805). - CVE-2017-7246: Fixed another buffer overflow in the pcre32_copy_substring (bsc#1030803). - CVE-2017-7186: Fixed denial of service caused by an invalid Unicode property lookup (bsc#1030066). - CVE-2017-6004: Fixed denial of service via crafted regular expression (bsc#1025709). Moderate SUSE bug 1025709 SUSE bug 1030066 SUSE bug 1030803 SUSE bug 1030805 SUSE bug 1030807 SUSE bug 1172973 SUSE bug 1172974 CVE-2017-6004 CVE-2017-7186 CVE-2017-7244 CVE-2017-7245 CVE-2017-7246 CVE-2019-20838 CVE-2020-14155 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: MozillaFirefox was updated to Extended Support Release 91.3.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-49 (bsc#1192250) * CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets * CVE-2021-38504: Use-after-free in file picker dialog * CVE-2021-38505: Windows 10 Cloud Clipboard may have recorded sensitive user data * CVE-2021-38506: Firefox could be coaxed into going into fullscreen mode without notification or warning * CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports * CVE-2021-38508: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing * CVE-2021-38509: Javascript alert box could have been spoofed onto an arbitrary domain * CVE-2021-38510: Download Protections were bypassed by .inetloc files on Mac OS * MOZ-2021-0008: Use-after-free in HTTP2 Session object * MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3 Important SUSE bug 1192250 CVE-2021-38503 CVE-2021-38504 CVE-2021-38505 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509 CVE-2021-38510 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for samba fixes the following issues: - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos (bsc#1014440). - CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members (bsc#1192284). Important SUSE bug 1014440 SUSE bug 1192284 CVE-2016-2124 CVE-2020-25717 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for postgresql, postgresql13 and postgresql14 fixes the following issues: Security issues fixed: - CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). This update also ships postgresql14 to SUSE Linux Enterprise 12 SP5. (jsc#SLE-22673) On older service packs only libpq5 and libecpg6 are being replaced by the postgresql14 variants. Feature changes in postgresql14: - https://www.postgresql.org/about/news/postgresql-14-released-2318/ - https://www.postgresql.org/docs/14/release-14.html Important SUSE bug 1192516 CVE-2021-23214 CVE-2021-23222 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for postgresql10 fixes the following issues: - CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). Important SUSE bug 1192516 CVE-2021-23214 CVE-2021-23222 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for webkit2gtk3 fixes the following issues: - CVE-2021-42762: Updated seccomp rules with latest changes from flatpak (bsc#1191937). Important SUSE bug 1191937 CVE-2021-42762 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for java-1_8_0-openjdk fixes the following issues: Update to version OpenJDK 8u312 (October 2021 CPU): - CVE-2021-35550: Fixed weak ciphers preferred over stronger ones for TLS (bsc#1191901). - CVE-2021-35556: Fixed excessive memory allocation in RTFParser (bsc#1191910). - CVE-2021-35559: Fixed excessive memory allocation in RTFReader (bsc#1191911). - CVE-2021-35561: Fixed excessive memory allocation in HashMap and HashSet (bsc#1191912). - CVE-2021-35564: Fixed certificates with end dates too far in the future can corrupt keystore (bsc#1191913). - CVE-2021-35565: Fixed loop in HttpsServer triggered during TLS session close (bsc#1191909). - CVE-2021-35567: Fixed incorrect principal selection when using Kerberos Constrained Delegation (bsc#1191903). - CVE-2021-35578: Fixed unexpected exception raised during TLS handshake (bsc#1191904). - CVE-2021-35586: Fixed excessive memory allocation in BMPImageReader (bsc#1191914). - CVE-2021-35588: Fixed incomplete validation of inner class references in ClassFileParser (bsc#1191905) - CVE-2021-35603: Fixed non-constant comparison during TLS handshakes (bsc#1191906). Important SUSE bug 1191901 SUSE bug 1191903 SUSE bug 1191904 SUSE bug 1191905 SUSE bug 1191906 SUSE bug 1191909 SUSE bug 1191910 SUSE bug 1191911 SUSE bug 1191912 SUSE bug 1191913 SUSE bug 1191914 CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35567 CVE-2021-35578 CVE-2021-35586 CVE-2021-35588 CVE-2021-35603 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for java-1_7_0-openjdk fixes the following issues: Update to OpenJDK 7u321 (October 2021 CPU): - CVE-2021-35550: Fixed weak ciphers preferred over stronger ones for TLS (bsc#1191901). - CVE-2021-35556: Fixed excessive memory allocation in RTFParser (bsc#1191910). - CVE-2021-35559: Fixed excessive memory allocation in RTFReader (bsc#1191911). - CVE-2021-35561: Fixed excessive memory allocation in HashMap and HashSet (bsc#1191912). - CVE-2021-35564: Fixed certificates with end dates too far in the future can corrupt keystore (bsc#1191913). - CVE-2021-35565: Fixed loop in HttpsServer triggered during TLS session close (bsc#1191909). - CVE-2021-35586: Fixed excessive memory allocation in BMPImageReader (bsc#1191914). - CVE-2021-35588: Fixed incomplete validation of inner class references in ClassFileParser (bsc#1191905) - CVE-2021-35603: Fixed non-constant comparison during TLS handshakes (bsc#1191906). Important SUSE bug 1191901 SUSE bug 1191905 SUSE bug 1191906 SUSE bug 1191909 SUSE bug 1191910 SUSE bug 1191911 SUSE bug 1191912 SUSE bug 1191913 SUSE bug 1191914 CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35586 CVE-2021-35588 CVE-2021-35603 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for ruby2.1 fixes the following issues: - CVE-2020-25613: Fixed potential HTTP request smuggling in WEBrick (bsc#1177125). - CVE-2021-31799: Fixed Command injection vulnerability in RDoc (bsc#1190375). - CVE-2021-31810: Fixed trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161). - CVE-2021-32066: Fixed StartTLS stripping vulnerability in Net:IMAP (bsc#1188160). Important SUSE bug 1177125 SUSE bug 1188160 SUSE bug 1188161 SUSE bug 1190375 CVE-2020-25613 CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for xen fixes the following issues: - CVE-2021-28701: Fixed race condition in XENMAPSPACE_grant_table handling (XSA-384) (bsc#1189632). - CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs (XSA-388) (bsc#1192557). - CVE-2021-28705, CVE-2021-28709: Fixed issues with partially successful P2M updates on x86 (XSA-389) (bsc#1192559). - CVE-2021-28706: Fixed guests may exceed their designated memory limit (XSA-385) (bsc#1192554). - Integrate bugfixes (bsc#1189373, bsc#1189378) Moderate SUSE bug 1189373 SUSE bug 1189378 SUSE bug 1189632 SUSE bug 1192554 SUSE bug 1192557 SUSE bug 1192559 CVE-2021-28701 CVE-2021-28704 CVE-2021-28705 CVE-2021-28706 CVE-2021-28707 CVE-2021-28708 CVE-2021-28709 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for clamav fixes the following issues: - CVE-2018-14679: Fixed off-by-one issue in embedded libmspack that could lead to denial of service (bsc#1103032). - Update to 0.103.4 (bsc#1192346). - Update to 0.103.3 (bsc#1188284). Moderate SUSE bug 1103032 SUSE bug 1188284 SUSE bug 1192346 CVE-2018-14679 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for webkit2gtk3 fixes the following issues: - CVE-2021-30846: Fixed memory corruption issue that could lead to arbitrary code execution when processing maliciously crafted web content (bsc#1192063). - CVE-2021-30851: Fixed memory corruption vulnerability that could lead to arbitrary code execution when processing maliciously crafted web content (bsc#1192063). Important SUSE bug 1192063 CVE-2021-30846 CVE-2021-30851 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for openssh fixes the following issues: - CVE-2021-41617: Fixed privilege escalation when AuthorizedKeysCommand/AuthorizedPrincipalsCommand are configured (bsc#1190975). Important SUSE bug 1190975 CVE-2021-41617 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for mozilla-nss fixes the following issues: Update to version 3.68.1: - CVE-2021-43527: Fixed a Heap overflow in NSS when verifying DER-encoded DSA or RSA-PSS signatures (bsc#1193170). Important SUSE bug 1193170 CVE-2021-43527 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) The following security bugs were fixed: - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045). - CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) - CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails. (bsc#1191961) - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563). - CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349). - CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063). - CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479). - CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317). - CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access (bsc#1191315). - CVE-2021-37159: Fixed use-after-free and a double free inside hso_free_net_device in drivers/net/usb/hso.c when unregister_netdev is called without checking for the NETREG_REGISTERED state (bnc#1188601). - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193) - CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023) - CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159) - CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884) - CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534) - CVE-2021-3772: Fixed a remote denial of service in the SCTP stack, if the attacker can spoof IP addresses and knows the IP-addresses and port numbers being used (bnc#1190351). - CVE-2018-9517: Fixed possible memory corruption due to a use after free in pppol2tp_connect (bsc#1108488). - CVE-2019-3874: Fixed possible denial of service attack via SCTP socket buffer used by a userspace applications (bnc#1129898). - CVE-2019-3900: Fixed an infinite loop issue while handling incoming packets in handle_rx() (bnc#1133374). - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172). - CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399). - CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400). - CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057). - CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706). - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). - CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115). - CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) - CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262). - CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291). - CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983). - CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985). - CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases (bsc#1171420). - CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876). - CVE-2021-22543: Fixed improper handling of VM_IO|VM_PFNMAP vmas in KVM, which could bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allowed users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation (bsc#1186482). - CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM guest OS user could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). - CVE-2020-0429: In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. (bsc#1176724). The following non-security bugs were fixed: - Add arch-dependent support markers in supported.conf (bsc#1186672) - Add the support for kernel-FLAVOR-optional subpackage (jsc#SLE-11796) - NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628). - PCI: hv: Use expected affinity when unmasking IRQ (bsc#1185973). - Use /usr/lib/modules as module dir when usermerge is active in the target distro. - UsrMerge the kernel (boo#1184804) - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22913) - bpf: Disallow unprivileged bpf by default (jsc#SLE-22913). - cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (bsc#1185758,bsc#1192400). - drm: fix spectre issue in vmw_execbuf_ioctl (bsc#1192802). - drop debugging statements - ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267). - gigaset: fix spectre issue in do_data_b3_req (bsc#1192802). - handle also race conditions in /proc/net/tcp code - hisax: fix spectre issues (bsc#1192802). - hv: adjust mana_select_queue to old ndo_select_queue API - hv: mana: adjust mana_select_queue to old API (jsc#SLE-18779, bsc#1185727). - hv: mana: fake bitmap API (jsc#SLE-18779, bsc#1185726). - hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185727). - hysdn: fix spectre issue in hycapi_send_message (bsc#1192802). - infiniband: fix spectre issue in ib_uverbs_write (bsc#1192802). - ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115). - iwlwifi: fix spectre issue in iwl_dbgfs_update_pm (bsc#1192802). - media: dvb_ca_en50221: prevent using slot_info for Spectre attacs (bsc#1192802). - media: dvb_ca_en50221: sanity check slot number from userspace (bsc#1192802). - media: wl128x: get rid of a potential spectre issue (bsc#1192802). - memcg: enable accounting for file lock caches (bsc#1190115). - mm: vmscan: scan anonymous pages on file refaults (VM Performance, bsc#1183050). - mpt3sas: fix spectre issues (bsc#1192802). - net/mlx4_en: Avoid scheduling restart task if it is already running (bsc#1181854 bsc#1181855). - net/mlx4_en: Handle TX error CQE (bsc#1181854 bsc#1181855). - net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185727). - net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185727). - net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185727). - net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185727). - net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191801). - net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185727). - net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185727). - net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185727). - net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185727). - net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185727). - net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185727). - net: sched: sch_teql: fix null-pointer dereference (bsc#1190717). - net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd() (bsc#1192802). - net_sched: cls_route: remove the right filter from hashtable (networking-stable-20_03_28). - objtool: Do not fail on missing symbol table (bsc#1192379). - osst: fix spectre issue in osst_verify_frame (bsc#1192802). - ovl: check whiteout in ovl_create_over_whiteout() (bsc#1189846). - ovl: filter of trusted xattr results in audit (bsc#1189846). - ovl: fix dentry leak in ovl_get_redirect (bsc#1189846). - ovl: initialize error in ovl_copy_xattr (bsc#1189846). - ovl: relax WARN_ON() on rename to self (bsc#1189846). - s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (bsc#1190601). - s390/bpf: Fix branch shortening during codegen pass (bsc#1190601). - s390/bpf: Fix optimizing out zero-extensions (bsc#1190601). - s390/bpf: Wrap JIT macro parameter usages in parentheses (bsc#1190601). - s390/unwind: use current_frame_address() to unwind current task (bsc#1185677). - s390/vtime: fix increased steal time accounting (bsc#1183861). - s390: bpf: implement jitting of BPF_ALU | BPF_ARSH | BPF_* (bsc#1190601). - scripts/git_sort/git_sort.py: add bpf git repo - sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351). - sctp: fully initialize v4 addr in some functions (bsc#1188563). - sysvipc/sem: mitigate semnum index against spectre v1 (bsc#1192802). - x86/CPU: Add more Icelake model numbers (bsc#1185758,bsc#1192400). - x86/debug: Extend the lower bound of crash kernel low reservations (bsc#1153720). - xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377). Important SUSE bug 1087082 SUSE bug 1100416 SUSE bug 1108488 SUSE bug 1129735 SUSE bug 1129898 SUSE bug 1133374 SUSE bug 1153720 SUSE bug 1171420 SUSE bug 1176724 SUSE bug 1176931 SUSE bug 1180624 SUSE bug 1181854 SUSE bug 1181855 SUSE bug 1183050 SUSE bug 1183861 SUSE bug 1184673 SUSE bug 1184804 SUSE bug 1185377 SUSE bug 1185677 SUSE bug 1185726 SUSE bug 1185727 SUSE bug 1185758 SUSE bug 1185973 SUSE bug 1186063 SUSE bug 1186482 SUSE bug 1186483 SUSE bug 1186672 SUSE bug 1188026 SUSE bug 1188172 SUSE bug 1188563 SUSE bug 1188601 SUSE bug 1188613 SUSE bug 1188838 SUSE bug 1188842 SUSE bug 1188876 SUSE bug 1188983 SUSE bug 1188985 SUSE bug 1189057 SUSE bug 1189262 SUSE bug 1189278 SUSE bug 1189291 SUSE bug 1189399 SUSE bug 1189400 SUSE bug 1189418 SUSE bug 1189420 SUSE bug 1189706 SUSE bug 1189846 SUSE bug 1189884 SUSE bug 1190023 SUSE bug 1190025 SUSE bug 1190067 SUSE bug 1190115 SUSE bug 1190117 SUSE bug 1190118 SUSE bug 1190159 SUSE bug 1190276 SUSE bug 1190349 SUSE bug 1190350 SUSE bug 1190351 SUSE bug 1190432 SUSE bug 1190479 SUSE bug 1190534 SUSE bug 1190601 SUSE bug 1190717 SUSE bug 1191193 SUSE bug 1191315 SUSE bug 1191317 SUSE bug 1191318 SUSE bug 1191529 SUSE bug 1191530 SUSE bug 1191628 SUSE bug 1191660 SUSE bug 1191790 SUSE bug 1191801 SUSE bug 1191813 SUSE bug 1191961 SUSE bug 1192036 SUSE bug 1192045 SUSE bug 1192048 SUSE bug 1192267 SUSE bug 1192379 SUSE bug 1192400 SUSE bug 1192444 SUSE bug 1192549 SUSE bug 1192775 SUSE bug 1192781 SUSE bug 1192802 CVE-2018-13405 CVE-2018-9517 CVE-2019-3874 CVE-2019-3900 CVE-2020-0429 CVE-2020-12770 CVE-2020-3702 CVE-2021-0941 CVE-2021-20322 CVE-2021-22543 CVE-2021-31916 CVE-2021-34556 CVE-2021-34981 CVE-2021-3542 CVE-2021-35477 CVE-2021-3640 CVE-2021-3653 CVE-2021-3655 CVE-2021-3656 CVE-2021-3659 CVE-2021-3679 CVE-2021-3715 CVE-2021-37159 CVE-2021-3732 CVE-2021-3744 CVE-2021-3752 CVE-2021-3753 CVE-2021-37576 CVE-2021-3759 CVE-2021-3760 CVE-2021-3764 CVE-2021-3772 CVE-2021-38160 CVE-2021-38198 CVE-2021-38204 CVE-2021-40490 CVE-2021-41864 CVE-2021-42008 CVE-2021-42252 CVE-2021-42739 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: Update to Extended Support Release 91.4.0 (bsc#1193485): - CVE-2021-43536: URL leakage when navigating while executing asynchronous function - CVE-2021-43537: Heap buffer overflow when using structured clone - CVE-2021-43538: Missing fullscreen and pointer lock notification when requesting both - CVE-2021-43539: GC rooting failure when calling wasm instance methods - CVE-2021-43541: External protocol handler parameters were unescaped - CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence of an external protocol handler - CVE-2021-43543: Bypass of CSP sandbox directive when embedding - CVE-2021-43545: Denial of Service when using the Location API in a loop - CVE-2021-43546: Cursor spoofing could overlay user interface when native cursor is zoomed - Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 - Removed x-scheme-handler/ftp from MozillaFirefox.desktop (bsc#1193321) Important SUSE bug 1193321 SUSE bug 1193485 CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for bcm43xx-firmware fixes the following issues: - CVE-2019-15126: Fixed a bug which could have allowed unauthorized decryption of some WPA2-encrypted traffic (bsc#1167162). Important SUSE bug 1167162 CVE-2019-15126 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for glib-networking fixes the following issues: - CVE-2020-13645: Fixed a connection failure when the server identity is unset (bsc#1172460). Important SUSE bug 1172460 CVE-2020-13645 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for xorg-x11-server fixes the following issues: - CVE-2021-4008: Fixed Privilege Escalation Vulnerability via Out-Of-Bounds Access in SProcRenderCompositeGlyphs (bsc#1193030). Important SUSE bug 1193030 CVE-2021-4008 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for log4j fixes the following issue: - CVE-2021-4104: Disable the JMSAppender class from log4j to protect against the log4jshell vulnerability. [bsc#1193662] Important SUSE bug 1193662 CVE-2021-4104 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for xorg-x11-server fixes the following issues: - CVE-2021-4009: The handler for the CreatePointerBarrier request of the XFixes extension does not properly validate the request length leading to out of bounds memory write. (bsc#1190487) - CVE-2021-4011: The handlers for the RecordCreateContext and RecordRegisterClients requests of the Record extension do not properly validate the request length leading to out of bounds memory write. (bsc#1190489) Important SUSE bug 1190487 SUSE bug 1190489 CVE-2021-4009 CVE-2021-4011 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for chrony fixes the following issues: Chrony was updated to 4.1: * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Update clknetsim to snapshot f89702d. - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Enable syscallfilter unconditionally (bsc#1181826). Chrony was updated to 4.0: Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don’t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don’t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Chrony was updated to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Add chrony-pool-suse and chrony-pool-openSUSE subpackages that preconfigure chrony to use NTP servers from the respective pools for SUSE and openSUSE (bsc#1156884, SLE-11424). - Add chrony-pool-empty to still allow installing chrony without preconfigured servers. - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). - Update clknetsim to version 79ffe44 (fixes bsc#1162964). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv@.service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers (bsc#1099272) - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. - Remove discrepancies between spec file and chrony-tmpfiles (bsc#1115529) Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step - Added /etc/chrony.d/ directory to the package (bsc#1083597) Modifed default chrony.conf to add 'include /etc/chrony.d/*' - Enable pps support Upgraded to version 3.2: Enhancements * Improve stability with NTP sources and reference clocks * Improve stability with hardware timestamping * Improve support for NTP interleaved modes * Control frequency of system clock on macOS 10.13 and later * Set TAI-UTC offset of system clock with leapsectz directive * Minimise data in client requests to improve privacy * Allow transmit-only hardware timestamping * Add support for new timestamping options introduced in Linux 4.13 * Add root delay, root dispersion and maximum error to tracking log * Add mindelay and asymmetry options to server/peer/pool directive * Add extpps option to PHC refclock to timestamp external PPS signal * Add pps option to refclock directive to treat any refclock as PPS * Add width option to refclock directive to filter wrong pulse edges * Add rxfilter option to hwtimestamp directive * Add -x option to disable control of system clock * Add -l option to log to specified file instead of syslog * Allow multiple command-line options to be specified together * Allow starting without root privileges with -Q option * Update seccomp filter for new glibc versions * Dump history on exit by default with dumpdir directive * Use hardening compiler options by default Bug fixes * Don't drop PHC samples with low-resolution system clock * Ignore outliers in PHC tracking, RTC tracking, manual input * Increase polling interval when peer is not responding * Exit with error message when include directive fails * Don't allow slash after hostname in allow/deny directive/command * Try to connect to all addresses in chronyc before giving up Upgraded to version 3.1: - Enhancements - Add support for precise cross timestamping of PHC on Linux - Add minpoll, precision, nocrossts options to hwtimestamp directive - Add rawmeasurements option to log directive and modify measurements option to log only valid measurements from synchronised sources - Allow sub-second polling interval with NTP sources - Bug fixes - Fix time smoothing in interleaved mode Upgraded to version 3.0: - Enhancements - Add support for software and hardware timestamping on Linux - Add support for client/server and symmetric interleaved modes - Add support for MS-SNTP authentication in Samba - Add support for truncated MACs in NTPv4 packets - Estimate and correct for asymmetric network jitter - Increase default minsamples and polltarget to improve stability with very low jitter - Add maxjitter directive to limit source selection by jitter - Add offset option to server/pool/peer directive - Add maxlockage option to refclock directive - Add -t option to chronyd to exit after specified time - Add partial protection against replay attacks on symmetric mode - Don't reset polling interval when switching sources to online state - Allow rate limiting with very short intervals - Improve maximum server throughput on Linux and NetBSD - Remove dump files after start - Add tab-completion to chronyc with libedit/readline - Add ntpdata command to print details about NTP measurements - Allow all source options to be set in add server/peer command - Indicate truncated addresses/hostnames in chronyc output - Print reference IDs as hexadecimal numbers to avoid confusion with IPv4 addresses - Bug fixes - Fix crash with disabled asynchronous name resolving Upgraded to version 2.4.1: - Bug fixes - Fix processing of kernel timestamps on non-Linux systems - Fix crash with smoothtime directive - Fix validation of refclock sample times - Fix parsing of refclock directive update to 2.4: - Enhancements - Add orphan option to local directive for orphan mode compatible with ntpd - Add distance option to local directive to set activation threshold (1 second by default) - Add maxdrift directive to set maximum allowed drift of system clock - Try to replace NTP sources exceeding maximum distance - Randomise source replacement to avoid getting stuck with bad sources - Randomise selection of sources from pools on start - Ignore reference timestamp as ntpd doesn't always set it correctly - Modify tracking report to use same values as seen by NTP clients - Add -c option to chronyc to write reports in CSV format - Provide detailed manual pages - Bug fixes - Fix SOCK refclock to work correctly when not specified as last refclock - Fix initstepslew and -q/-Q options to accept time from own NTP clients - Fix authentication with keys using 512-bit hash functions - Fix crash on exit when multiple signals are received - Fix conversion of very small floating-point numbers in command packets Moderate SUSE bug 1063704 SUSE bug 1069468 SUSE bug 1082318 SUSE bug 1083597 SUSE bug 1099272 SUSE bug 1115529 SUSE bug 1128846 SUSE bug 1156884 SUSE bug 1159840 SUSE bug 1161119 SUSE bug 1162964 SUSE bug 1171806 SUSE bug 1172113 SUSE bug 1173277 SUSE bug 1173760 SUSE bug 1174075 SUSE bug 1174911 SUSE bug 1180689 SUSE bug 1181826 SUSE bug 1183783 SUSE bug 1184400 SUSE bug 1187906 SUSE bug 1190926 CVE-2020-14367 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for mariadb fixes the following issues: Update to 10.2.41: - CVE-2021-35604: Fixed InnoDB vulnerability that allowed an high privileged attacker with network access via multiple protocols to compromise MySQL (bsc#1192497). Moderate SUSE bug 1192497 CVE-2021-35604 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for python fixes the following issues: - buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution (bsc#1181126, CVE-2021-3177). - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). Important SUSE bug 1176262 SUSE bug 1180686 SUSE bug 1181126 CVE-2019-20916 CVE-2021-3177 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3348: Fixed a use-after-free in nbd_add_socket() that could be triggered by local attackers (with access to the nbd device) via an I/O request (bnc#1181504). - CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349). - CVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found, specifically in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878). - CVE-2020-25211: Fixed a buffer overflow in ctnetlink_parse_tuple_filter() which could be triggered by a local attackers by injecting conntrack netlink configuration (bnc#1176395). - CVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl (bnc#1176846). - CVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509). - CVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508). - CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031). - CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666). - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141). - CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086). - CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107). - CVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601). - CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960). - CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745). - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589). - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886). - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182). - CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140). - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559). - CVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372). - CVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed (bsc#1179663). The following non-security bugs were fixed: - blk-mq: improve heavily contended tag case (bsc#1178198). - debugfs_lookup(): switch to lookup_one_len_unlocked() (bsc#1171979). - epoll: Keep a reference on files added to the check list (bsc#1180031). - fix regression in 'epoll: Keep a reference on files added to the check list' (bsc#1180031, git-fixes). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032). - futex: Ensure the correct return value from futex_lock_pi() (bsc#1181349 bsc#1149032). - futex: Fix incorrect should_fail_futex() handling (bsc#1181349). - futex: Handle faults correctly for PI futexes (bsc#1181349 bsc#1149032). - futex: Provide and use pi_state_update_owner() (bsc#1181349 bsc#1149032). - futex: Replace pointless printk in fixup_owner() (bsc#1181349 bsc#1149032). - futex: Simplify fixup_pi_state_owner() (bsc#1181349 bsc#1149032). - futex: Use pi_state_update_owner() in put_pi_state() (bsc#1181349 bsc#1149032). - HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052). - iommu/vt-d: Do not dereference iommu_device if IOMMU_API is not built (bsc#1181001, jsc#ECO-3191). - iommu/vt-d: Gracefully handle DMAR units with no supported address widths (bsc#1181001, jsc#ECO-3191). - kABI: Fix kABI for extended APIC-ID support (bsc#1181001, jsc#ECO-3191). - locking/futex: Allow low-level atomic operations to return -EAGAIN (bsc#1149032). - md/bitmap: fix memory leak of temporary bitmap (bsc#1163727). - md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727). - md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727). - md/cluster: block reshape with remote resync job (bsc#1163727). - md/cluster: fix deadlock when node is doing resync job (bsc#1163727). - md-cluster: Fix potential error pointer dereference in resize_bitmaps() (bsc#1163727). - md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc#1163727). - md-cluster: fix safemode_delay value when converting to clustered bitmap (bsc#1163727). - md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727). - Move upstreamed bt fixes into sorted section - nbd: Fix memory leak in nbd_add_socket (bsc#1181504). - net/x25: prevent a couple of overflows (bsc#1178590). - NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304). - rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (bsc#1181349 bsc#1149032). - s390/dasd: fix hanging device offline processing (bsc#1144912). - scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#188304). - scsi: ibmvfc: Use compiler attribute defines instead of __attribute__() (bsc#1176962 ltc#188304). - SUNRPC: cache: ignore timestamp written to 'flush' file (bsc#1178036). - x86/apic: Fix x2apic enablement without interrupt remapping (bsc#1181001, jsc#ECO-3191). - x86/apic: Support 15 bits of APIC ID in IOAPIC/MSI where available (bsc#1181001, jsc#ECO-3191). - x86/ioapic: Handle Extended Destination ID field in RTE (bsc#1181001, jsc#ECO-3191). - x86/kvm: Add KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191). - x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001, jsc#ECO-3191). - x86/msi: Only use high bits of MSI address for DMAR unit (bsc#1181001, jsc#ECO-3191). - x86/tracing: Introduce a static key for exception tracing (bsc#1179895). - x86/traps: Simplify pagefault tracing logic (bsc#1179895). - xfrm: Fix memleak on xfrm state destroy (bsc#1158775). Important SUSE bug 1144912 SUSE bug 1149032 SUSE bug 1158775 SUSE bug 1163727 SUSE bug 1171979 SUSE bug 1176395 SUSE bug 1176846 SUSE bug 1176962 SUSE bug 1177304 SUSE bug 1177666 SUSE bug 1178036 SUSE bug 1178182 SUSE bug 1178198 SUSE bug 1178372 SUSE bug 1178589 SUSE bug 1178590 SUSE bug 1178684 SUSE bug 1178886 SUSE bug 1179107 SUSE bug 1179140 SUSE bug 1179141 SUSE bug 1179419 SUSE bug 1179429 SUSE bug 1179508 SUSE bug 1179509 SUSE bug 1179601 SUSE bug 1179616 SUSE bug 1179663 SUSE bug 1179666 SUSE bug 1179745 SUSE bug 1179877 SUSE bug 1179878 SUSE bug 1179895 SUSE bug 1179960 SUSE bug 1179961 SUSE bug 1180008 SUSE bug 1180027 SUSE bug 1180028 SUSE bug 1180029 SUSE bug 1180030 SUSE bug 1180031 SUSE bug 1180032 SUSE bug 1180052 SUSE bug 1180086 SUSE bug 1180559 SUSE bug 1180562 SUSE bug 1180676 SUSE bug 1181001 SUSE bug 1181158 SUSE bug 1181349 SUSE bug 1181504 SUSE bug 1181553 SUSE bug 1181645 CVE-2019-20934 CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-15436 CVE-2020-15437 CVE-2020-25211 CVE-2020-25639 CVE-2020-25669 CVE-2020-27068 CVE-2020-27777 CVE-2020-27786 CVE-2020-27825 CVE-2020-27835 CVE-2020-28374 CVE-2020-28915 CVE-2020-28974 CVE-2020-29371 CVE-2020-29568 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2020-4788 CVE-2021-3347 CVE-2021-3348 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for wpa_supplicant fixes the following issues: - CVE-2021-0326: P2P group information processing vulnerability (bsc#1181777). - CVE-2019-16275: AP mode PMF disconnection protection bypass (bsc#1150934) Important SUSE bug 1150934 SUSE bug 1181777 CVE-2019-16275 CVE-2021-0326 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for openvswitch fixes the following issues: - CVE-2020-35498: Fixed a denial of service related to the handling of Ethernet padding (bsc#1181742). Important SUSE bug 1181742 CVE-2020-35498 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for jasper fixes the following issues: - bsc#1179748 CVE-2020-27828: Fix heap overflow by checking maxrlvls - bsc#1181483 CVE-2021-3272: Fix buffer over-read in jp2_decode Important SUSE bug 1179748 SUSE bug 1181483 CVE-2020-27828 CVE-2021-3272 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for screen fixes the following issues: - CVE-2021-26937: Fixed double width combining char handling that could lead to a denial of service or code execution (bsc#1182092). Important SUSE bug 1182092 CVE-2021-26937 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for bind fixes the following issues: - CVE-2020-8625: A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack [bsc#1182246, CVE-2020-8625] Important SUSE bug 1182246 CVE-2020-8625 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 4 Fix Pack 80 [bsc#1182186, bsc#1181239, CVE-2020-27221, CVE-2020-14803] * CVE-2020-27221: Potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. * CVE-2020-14803: Unauthenticated attacker with network access via multiple protocols allows to compromise Java SE. Important SUSE bug 1181239 SUSE bug 1182186 CVE-2020-14803 CVE-2020-27221 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for krb5-appl fixes the following issues: - CVE-2019-25017: Check the filenames sent by the server match those requested by the client (bsc#1131109). - CVE-2019-25018: Disallow empty incoming filename or ones that refer to the current directory (bsc#1131109). Important SUSE bug 1131109 CVE-2019-25017 CVE-2019-25018 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for java-1_8_0-openjdk fixes the following issues: - Update to version jdk8u282 (icedtea 3.18.0) * January 2021 CPU (bsc#1181239) * Security fixes + JDK-8247619: Improve Direct Buffering of Characters (CVE-2020-14803) * Import of OpenJDK 8 u282 build 01 + JDK-6962725: Regtest javax/swing/JFileChooser/6738668/ /bug6738668.java fails under Linux + JDK-8025936: Windows .pdb and .map files does not have proper dependencies setup + JDK-8030350: Enable additional compiler warnings for GCC + JDK-8031423: Test java/awt/dnd/DisposeFrameOnDragCrash/ /DisposeFrameOnDragTest.java fails by Timeout on Windows + JDK-8036122: Fix warning 'format not a string literal' + JDK-8051853: new URI('x/').resolve('..').getSchemeSpecificPart() returns null! + JDK-8132664: closed/javax/swing/DataTransfer/DefaultNoDrop/ /DefaultNoDrop.java locks on Windows + JDK-8134632: Mark javax/sound/midi/Devices/ /InitializationHang.java as headful + JDK-8148854: Class names 'SomeClass' and 'LSomeClass;' treated by JVM as an equivalent + JDK-8148916: Mark bug6400879.java as intermittently failing + JDK-8148983: Fix extra comma in changes for JDK-8148916 + JDK-8160438: javax/swing/plaf/nimbus/8057791/bug8057791.java fails + JDK-8165808: Add release barriers when allocating objects with concurrent collection + JDK-8185003: JMX: Add a version of ThreadMXBean.dumpAllThreads with a maxDepth argument + JDK-8202076: test/jdk/java/io/File/WinSpecialFiles.java on windows with VS2017 + JDK-8207766: [testbug] Adapt tests for Aix. + JDK-8212070: Introduce diagnostic flag to abort VM on failed JIT compilation + JDK-8213448: [TESTBUG] enhance jfr/jvm/TestDumpOnCrash + JDK-8215727: Restore JFR thread sampler loop to old / previous behavior + JDK-8220657: JFR.dump does not work when filename is set + JDK-8221342: [TESTBUG] Generate Dockerfile for docker testing + JDK-8224502: [TESTBUG] JDK docker test TestSystemMetrics.java fails with access issues and OOM + JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread + JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes + JDK-8232114: JVM crashed at imjpapi.dll in native code + JDK-8234270: [REDO] JDK-8204128 NMT might report incorrect numbers for Compiler area + JDK-8234339: replace JLI_StrTok in java_md_solinux.c + JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes + JDK-8242335: Additional Tests for RSASSA-PSS + JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in + JDK-8245400: Upgrade to LittleCMS 2.11 + JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention + JDK-8249176: Update GlobalSignR6CA test certificates + JDK-8250665: Wrong translation for the month name of May in ar_JO,LB,SY + JDK-8250928: JFR: Improve hash algorithm for stack traces + JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java + JDK-8251840: Java_sun_awt_X11_XToolkit_getDefaultScreenData should not be in make/mapfiles/libawt_xawt/mapfile-vers + JDK-8252384: [TESTBUG] Some tests refer to COMPAT provider rather than JRE + JDK-8252395: [8u] --with-native-debug-symbols=external doesn't include debuginfo files for binaries + JDK-8252497: Incorrect numeric currency code for ROL + JDK-8252754: Hash code calculation of JfrStackTrace is inconsistent + JDK-8252904: VM crashes when JFR is used and JFR event class is transformed + JDK-8252975: [8u] JDK-8252395 breaks the build for --with-native-debug-symbols=internal + JDK-8253284: Zero OrderAccess barrier mappings are incorrect + JDK-8253550: [8u] JDK-8252395 breaks the build for make STRIP_POLICY=no_strip + JDK-8253752: test/sun/management/jmxremote/bootstrap/ /RmiBootstrapTest.java fails randomly + JDK-8254081: java/security/cert/PolicyNode/ /GetPolicyQualifiers.java fails due to an expired certificate + JDK-8254144: Non-x86 Zero builds fail with return-type warning in os_linux_zero.cpp + JDK-8254166: Zero: return-type warning in zeroInterpreter_zero.cpp + JDK-8254683: [TEST_BUG] jdk/test/sun/tools/jconsole/ /WorkerDeadlockTest.java fails + JDK-8255003: Build failures on Solaris Moderate SUSE bug 1181239 CVE-2020-14803 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 25 [bsc#1182186, bsc#1181239, CVE-2020-27221, CVE-2020-14803] * CVE-2020-27221: Potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. * CVE-2020-14803: Unauthenticated attacker with network access via multiple protocols allows to compromise Java SE. Important SUSE bug 1181239 SUSE bug 1182186 CVE-2020-14803 CVE-2020-27221 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for open-iscsi fixes the following issues: Fixes for CVE-2019-17437, CVE-2020-17438, CVE-2020-13987 and CVE-2020-13988 (bsc#1179908): - check for TCP urgent pointer past end of frame - check for u8 overflow when processing TCP options - check for header length underflow during checksum calculation Important SUSE bug 1179908 CVE-2020-13987 CVE-2020-13988 CVE-2020-17437 CVE-2020-17438 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for perl-XML-Twig fixes the following issues: - Security fix [bsc#1008644, CVE-2016-9180] * Added: the no_xxe option to XML::Twig::new, which causes the parse to fail if external entities are used (to prevent malicious XML to access the filesystem). * Setting expand_external_ents to 0 or -1 currently doesn't work as expected; To completely turn off expanding external entities use no_xxe. * Update documentation for XML::Twig to mention problems with expand_external_ents and add information about new no_xxe argument Moderate SUSE bug 1008644 CVE-2016-9180 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.8.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-08 (bsc#1182614) * CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources * CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 Important SUSE bug 1182357 SUSE bug 1182614 CVE-2021-23968 CVE-2021-23969 CVE-2021-23973 CVE-2021-23978 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for python-cryptography fixes the following issues: - CVE-2020-36242: Using the Fernet class to symmetrically encrypt multi gigabyte values could result in an integer overflow and buffer overflow (bsc#1182066). Important SUSE bug 1182066 CVE-2020-36242 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for grub2 fixes the following issues: grub2 now implements the new 'SBAT' method for SHIM based secure boot revocation. (bsc#1182057) Following security issues are fixed that can violate secure boot constraints: - CVE-2020-25632: Fixed a use-after-free in rmmod command (bsc#1176711) - CVE-2020-25647: Fixed an out-of-bound write in grub_usb_device_initialize() (bsc#1177883) - CVE-2020-27749: Fixed a stack buffer overflow in grub_parser_split_cmdline (bsc#1179264) - CVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi commands in secure boot mode (bsc#1179265 bsc#1175970) - CVE-2021-20225: Fixed a heap out-of-bounds write in short form option parser (bsc#1182262) - CVE-2021-20233: Fixed a heap out-of-bound write due to mis-calculation of space required for quoting (bsc#1182263) Important SUSE bug 1175970 SUSE bug 1176711 SUSE bug 1177883 SUSE bug 1179264 SUSE bug 1179265 SUSE bug 1182057 SUSE bug 1182262 SUSE bug 1182263 CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. Important SUSE bug 1182279 SUSE bug 1182408 SUSE bug 1182411 SUSE bug 1182412 SUSE bug 1182413 SUSE bug 1182415 SUSE bug 1182416 SUSE bug 1182417 SUSE bug 1182418 SUSE bug 1182419 SUSE bug 1182420 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2021-27212 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for openssl-1_0_0 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) Moderate SUSE bug 1182331 SUSE bug 1182333 CVE-2021-23840 CVE-2021-23841 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843). - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753). - CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747). by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372). - CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428). The following non-security bugs were fixed: - cifs: check all path components in resolved dfs target (bsc#1180906). - cifs: fix check of tcon dfs in smb1 (bsc#1180906). - cifs: fix nodfs mount option (bsc#1180906). - cifs: introduce helper for finding referral server (bsc#1180906). - kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082) - kernel-binary.spec: Add back initrd and image symlink ghosts to filelist (bsc#1182140). Fixes: 76a9256314c3 ('rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082).') - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). RPM_BUILD_ROOT is cleared before %%install. Do the unpack into RPM_BUILD_ROOT in %%install - rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014) - rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014) %split_extra still contained two. - rpm/kernel-binary.spec.in: Fix compressed module handling for in-tree KMP (jsc#SLE-10886) - rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045) egrep is only a deprecated bash wrapper for 'grep -E'. So use the latter instead. - rpm/kernel-module-subpackage: make Group tag optional (bsc#1163592) - rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls (bsc#1178401) - rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082). - rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit kernel due to various bugs (bsc#1178762 to name one). There is: ExportFilter: ^kernel-obs-build.*\.x86_64.rpm$ . i586 in Factory's prjconf now. No other actively maintained distro (i.e. merging packaging branch) builds a x86_32 kernel, hence pushing to packaging directly. - rpm/post.sh: Avoid purge-kernel for the first installed kernel (bsc#1180058) - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section - scsi: fc: add FPIN ELS definition (bsc#1181441). - scsi/fc: kABI fixes for new ELS_FPIN definition (bsc#1181441) - scsi: fc: Update Descriptor definition and add RDF and Link Integrity FPINs (bsc#1181441). - scsi: Fix trivial spelling (bsc#1181441). - scsi: qla2xxx: Add IOCB resource tracking (bsc#1181441). - scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1181441). - scsi: qla2xxx: Address a set of sparse warnings (bsc#1181441). - scsi: qla2xxx: Add rport fields in debugfs (bsc#1181441). - scsi: qla2xxx: Add SLER and PI control support (bsc#1181441). - scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (bsc#1181441). - scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (bsc#1181441). - scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (bsc#1181441). - scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (bsc#1181441). - scsi: qla2xxx: Change post del message from debug level to log level (bsc#1181441). - scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (bsc#1181441). - scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (bsc#1181441). - scsi: qla2xxx: Check if FW supports MQ before enabling (bsc#1181441). - scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (bsc#1181441). - scsi: qla2xxx: Correct the check for sscanf() return value (bsc#1181441). - scsi: qla2xxx: Do not check for fw_started while posting NVMe command (bsc#1181441). - scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (bsc#1181441). - scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1181441). - scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (bsc#1181441). - scsi: qla2xxx: Fix buffer-buffer credit extraction error (bsc#1181441). - scsi: qla2xxx: Fix compilation issue in PPC systems (bsc#1181441). - scsi: qla2xxx: Fix crash during driver load on big endian machines (bsc#1181441). - scsi: qla2xxx: Fix crash on session cleanup with unload (bsc#1181441). - scsi: qla2xxx: Fix description for parameter ql2xenforce_iocb_limit (bsc#1181441). - scsi: qla2xxx: Fix device loss on 4G and older HBAs (bsc#1181441). - scsi: qla2xxx: Fix endianness annotations in header files (bsc#1181441). - scsi: qla2xxx: Fix endianness annotations in source files (bsc#1181441). - scsi: qla2xxx: Fix failure message in qlt_disable_vha() (bsc#1181441). - scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines (bsc#1181441). - scsi: qla2xxx: Fix FW initialization error on big endian machines (bsc#1181441). - scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (bsc#1181441). - scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (bsc#1181441). - scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (bsc#1181441). - scsi: qla2xxx: Fix I/O errors during LIP reset tests (bsc#1181441). - scsi: qla2xxx: Fix I/O failures during remote port toggle testing (bsc#1181441). - scsi: qla2xxx: Fix issue with adapter's stopping state (bsc#1181441). - scsi: qla2xxx: Fix login timeout (bsc#1181441). - scsi: qla2xxx: Fix memory size truncation (bsc#1181441). - scsi: qla2xxx: Fix MPI failure AEN (8200) handling (bsc#1181441). - scsi: qla2xxx: Fix MPI reset needed message (bsc#1181441). - scsi: qla2xxx: Fix N2N and NVMe connect retry failure (bsc#1181441). - scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (bsc#1181441). - scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (bsc#1181441). - scsi: qla2xxx: Fix regression on sparc64 (bsc#1181441). - scsi: qla2xxx: Fix reset of MPI firmware (bsc#1181441). - scsi: qla2xxx: Fix return of uninitialized value in rval (bsc#1181441). - scsi: qla2xxx: Fix spelling of a variable name (bsc#1181441). - scsi: qla2xxx: Fix the call trace for flush workqueue (bsc#1181441). - scsi: qla2xxx: Fix the code that reads from mailbox registers (bsc#1181441). - scsi: qla2xxx: Fix the return value (bsc#1181441). - scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (bsc#1181441). - scsi: qla2xxx: Fix warning after FC target reset (bsc#1181441). - scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (bsc#1181441). - scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (bsc#1181441). - scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (bsc#1181441). - scsi: qla2xxx: Flush all sessions on zone disable (bsc#1181441). - scsi: qla2xxx: Flush I/O on zone disable (bsc#1181441). - scsi: qla2xxx: Handle aborts correctly for port undergoing deletion (bsc#1181441). - scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (bsc#1181441). - scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry (bsc#1181441). - scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (bsc#1181441). - scsi: qla2xxx: Indicate correct supported speeds for Mezz card (bsc#1181441). - scsi: qla2xxx: Initialize 'n' before using it (bsc#1181441). - scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (bsc#1181441). - scsi: qla2xxx: Introduce a function for computing the debug message prefix (bsc#1181441). - scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1181441). - scsi: qla2xxx: Limit interrupt vectors to number of CPUs (bsc#1181441). - scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (bsc#1181441). - scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1181441). - scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (bsc#1181441). - scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (bsc#1181441). - scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (bsc#1181441). - scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (bsc#1181441). - scsi: qla2xxx: Make qlafx00_process_aen() return void (bsc#1181441). - scsi: qla2xxx: Make qla_set_ini_mode() return void (bsc#1181441). - scsi: qla2xxx: Make tgt_port_database available in initiator mode (bsc#1181441). - scsi: qla2xxx: Move sess cmd list/lock to driver (bsc#1181441). - scsi: qla2xxx: Performance tweak (bsc#1181441). - scsi: qla2xxx: Reduce duplicate code in reporting speed (bsc#1181441). - scsi: qla2xxx: Reduce noisy debug message (bsc#1181441). - scsi: qla2xxx: Remove an unused function (bsc#1181441). - scsi: qla2xxx: Remove a superfluous cast (bsc#1181441). - scsi: qla2xxx: remove incorrect sparse #ifdef (bsc#1181441). - scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code (bsc#1181441). - scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code (bsc#1181441). - scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1181441). - scsi: qla2xxx: Remove redundant variable initialization (bsc#1181441). - scsi: qla2xxx: Remove return value from qla_nvme_ls() (bsc#1181441). - scsi: qla2xxx: Remove superfluous memset() (bsc#1181441). - scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (bsc#1181441). - scsi: qla2xxx: Remove trailing semicolon in macro definition (bsc#1181441). - scsi: qla2xxx: Remove unneeded variable 'rval' (bsc#1181441). - scsi: qla2xxx: Return EBUSY on fcport deletion (bsc#1181441). - scsi: qla2xxx: SAN congestion management implementation (bsc#1181441). - scsi: qla2xxx: Setup debugfs entries for remote ports (bsc#1181441). - scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (bsc#1181441). - scsi: qla2xxx: Simplify the functions for dumping firmware (bsc#1181441). - scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (bsc#1181441). - scsi: qla2xxx: Split qla2x00_configure_local_loop() (bsc#1181441). - scsi: qla2xxx: Tear down session if FW say it is down (bsc#1181441). - scsi: qla2xxx: Update version to 10.02.00.102-k (bsc#1181441). - scsi: qla2xxx: Update version to 10.02.00.103-k (bsc#1181441). - scsi: qla2xxx: Update version to 10.02.00.104-k (bsc#1181441). - scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (bsc#1181441). - scsi: qla2xxx: Use constant when it is known (bsc#1181441). - scsi: qla2xxx: Use make_handle() instead of open-coding it (bsc#1181441). - scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (bsc#1181441). - scsi: qla2xxx: Use register names instead of register offsets (bsc#1181441). - scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1181441). - scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1181441). - scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (bsc#1181441). - scsi: scsi_transport_fc: Add FPIN fc event codes (bsc#1181441). - scsi: scsi_transport_fc: refactor event posting routines (bsc#1181441). - scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (bsc#1181441). - x86/hyperv: Fix kexec panic/hang issues (bsc#1176831). - xen/netback: avoid race in xenvif_rx_ring_slots_available() (bsc#1065600). - xen/netback: fix spurious event detection for common event case (bsc#1182175). Important SUSE bug 1065600 SUSE bug 1163592 SUSE bug 1176831 SUSE bug 1178401 SUSE bug 1178762 SUSE bug 1179014 SUSE bug 1179015 SUSE bug 1179045 SUSE bug 1179082 SUSE bug 1179428 SUSE bug 1179660 SUSE bug 1180058 SUSE bug 1180906 SUSE bug 1181441 SUSE bug 1181747 SUSE bug 1181753 SUSE bug 1181843 SUSE bug 1182140 SUSE bug 1182175 CVE-2020-29368 CVE-2020-29374 CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for wpa_supplicant fixes the following issues: - CVE-2021-27803: P2P provision discovery processing vulnerability (bsc#1182805) Important SUSE bug 1182805 CVE-2021-27803 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) Moderate SUSE bug 1182331 SUSE bug 1182333 CVE-2021-23840 CVE-2021-23841 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for git fixes the following issues: - On case-insensitive filesystems, with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters (such as Git LFS), Git could be fooled into running remote code during a clone. (bsc#1183026, CVE-2021-21300) Important SUSE bug 1183026 CVE-2021-21300 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for python fixes the following issues: - python27 was upgraded to 2.7.18 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator (bsc#1182379). Moderate SUSE bug 1182379 CVE-2019-18348 CVE-2021-23336 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.6.1 ESR * Fixed: Critical security issue MFSA 2021-01 (bsc#1180623) * CVE-2020-16044 Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk Important SUSE bug 1180623 CVE-2020-16044 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) Important SUSE bug 1182328 SUSE bug 1182362 CVE-2021-27218 CVE-2021-27219 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for wavpack fixes the following issues: - CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414). Important SUSE bug 1180414 CVE-2020-35738 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for nghttp2 fixes the following issues: Security issues fixed: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358). - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184). - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146182). - CVE-2018-1000168: Fixed ALTSVC frame client side denial of service (bsc#1088639). - CVE-2016-1544: Fixed out of memory due to unlimited incoming HTTP header fields (bsc#966514). Bug fixes and enhancements: - Packages must not mark license files as %doc (bsc#1082318) - Typo in description of libnghttp2_asio1 (bsc#962914) - Fixed mistake in spec file (bsc#1125689) - Fixed build issue with boost 1.70.0 (bsc#1134616) - Fixed build issue with GCC 6 (bsc#964140) - Feature: Add W&S module (FATE#326776, bsc#1112438) Important SUSE bug 1082318 SUSE bug 1088639 SUSE bug 1112438 SUSE bug 1125689 SUSE bug 1134616 SUSE bug 1146182 SUSE bug 1146184 SUSE bug 1181358 SUSE bug 962914 SUSE bug 964140 SUSE bug 966514 CVE-2016-1544 CVE-2018-1000168 CVE-2019-9511 CVE-2019-9513 CVE-2020-11080 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for openssl-1_1 fixes the following security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] Important SUSE bug 1183852 CVE-2021-3449 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for tomcat fixes the following issues: - CVE-2021-25122: Apache Tomcat h2c request mix-up (bsc#1182912) - CVE-2021-25329: Complete fix for CVE-2020-9484 (bsc#1182909) Important SUSE bug 1182909 SUSE bug 1182912 CVE-2021-25122 CVE-2021-25329 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.9.0 ESR (MFSA 2021-11, bsc#1183942) * CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read * CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage * CVE-2021-23984: Malicious extensions could have spoofed popup information * CVE-2021-23987: Memory safety bugs Important SUSE bug 1183942 CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for openvpn fixes the following issues: - CVE-2022-0547: Fixed possible authentication bypass in external authentication plug-in (bsc#1197341). Important SUSE bug 1197341 CVE-2022-0547 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for java-1_7_1-ibm fixes the following issues: Update Java 7.1 to Service Refresh 7 Fix Pack 5 (bsc#1197126). Including fixes for the following vulnerabilities: CVE-2022-21366, CVE-2022-21365, CVE-2022-21360, CVE-2022-21349, CVE-2022-21341, CVE-2022-21340, CVE-2022-21305, CVE-2022-21277, CVE-2022-21299, CVE-2022-21296, CVE-2022-21282, CVE-2022-21294, CVE-2022-21293, CVE-2022-21291, CVE-2022-21283, CVE-2022-21248, CVE-2022-21271. Important SUSE bug 1194925 SUSE bug 1194926 SUSE bug 1194927 SUSE bug 1194928 SUSE bug 1194929 SUSE bug 1194930 SUSE bug 1194931 SUSE bug 1194932 SUSE bug 1194933 SUSE bug 1194934 SUSE bug 1194935 SUSE bug 1194937 SUSE bug 1194939 SUSE bug 1194940 SUSE bug 1194941 SUSE bug 1196500 SUSE bug 1197126 CVE-2022-21248 CVE-2022-21271 CVE-2022-21277 CVE-2022-21282 CVE-2022-21283 CVE-2022-21291 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21349 CVE-2022-21360 CVE-2022-21365 CVE-2022-21366 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for java-1_8_0-ibm fixes the following issues: Update Java 8.0 to Service Refresh 7 Fix Pack 5 (bsc#1197126). Including fixes for the following vulnerabilities: CVE-2022-21366, CVE-2022-21365, CVE-2022-21360, CVE-2022-21349, CVE-2022-21341, CVE-2022-21340, CVE-2022-21305, CVE-2022-21277, CVE-2022-21299, CVE-2022-21296, CVE-2022-21282, CVE-2022-21294, CVE-2022-21293, CVE-2022-21291, CVE-2022-21283, CVE-2022-21248, CVE-2022-21271. Non-securtiy fix: - Fixed a broken symlink for javaws (bsc#1195146). Important SUSE bug 1194925 SUSE bug 1194926 SUSE bug 1194927 SUSE bug 1194928 SUSE bug 1194929 SUSE bug 1194930 SUSE bug 1194931 SUSE bug 1194932 SUSE bug 1194933 SUSE bug 1194934 SUSE bug 1194935 SUSE bug 1194937 SUSE bug 1194939 SUSE bug 1194940 SUSE bug 1194941 SUSE bug 1195146 SUSE bug 1196500 SUSE bug 1197126 CVE-2022-21248 CVE-2022-21271 CVE-2022-21277 CVE-2022-21282 CVE-2022-21283 CVE-2022-21291 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21349 CVE-2022-21360 CVE-2022-21365 CVE-2022-21366 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). Important SUSE bug 1197459 CVE-2018-25032 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 7 Fix Pack 0 - CVE-2021-41035: before version 0.29.0, the openj9 JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. (bsc#1194198, bsc#1192052) - CVE-2021-35586: Excessive memory allocation in BMPImageReader. (bsc#1191914) - CVE-2021-35564: Certificates with end dates too far in the future can corrupt keystore. (bsc#1191913) - CVE-2021-35559: Excessive memory allocation in RTFReader. (bsc#1191911) - CVE-2021-35556: Excessive memory allocation in RTFParser. (bsc#1191910) - CVE-2021-35565: Loop in HttpsServer triggered during TLS session close. (bsc#1191909) - CVE-2021-35588: Incomplete validation of inner class references in ClassFileParser. (bsc#1191905) - CVE-2021-2341: Fixed a flaw inside the FtpClient. (bsc#1188564) - CVE-2021-2369: JAR file handling problem containing multiple MANIFEST.MF files. (bsc#1188565) - CVE-2021-2163: Incomplete enforcement of JAR signing disabled algorithms. (bsc#1185055) - CVE-2021-35560: Fixed a vulnerability in the component Deployment. (bsc#1191902) - CVE-2021-35578: Fixed unexpected exception raised during TLS handshake. (bsc#1191904) Important SUSE bug 1185055 SUSE bug 1188564 SUSE bug 1188565 SUSE bug 1191902 SUSE bug 1191904 SUSE bug 1191905 SUSE bug 1191909 SUSE bug 1191910 SUSE bug 1191911 SUSE bug 1191913 SUSE bug 1191914 SUSE bug 1192052 SUSE bug 1194198 SUSE bug 1194232 CVE-2021-2163 CVE-2021-2341 CVE-2021-2369 CVE-2021-35556 CVE-2021-35559 CVE-2021-35560 CVE-2021-35564 CVE-2021-35565 CVE-2021-35578 CVE-2021-35586 CVE-2021-35588 CVE-2021-41035 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Warn if uuidd lock state is not usable. (bsc#1194642) - Fix 'su -s' bash completion. (bsc#1172427) - CVE-2021-37600: Fixed an integer overflow which could lead to buffer overflow in get_sem_elements. (bsc#1188921) - Prevent outdated pam files (bsc#1082293, bsc#1081947#c68). - Do not trim read-only volumes (bsc#1106214). - libmount: To prevent incorrect behavior, recognize more pseudofs and netfs (bsc#1122417). - raw.service: Add `RemainAfterExit=yes` (bsc#1135534). - agetty: Reload issue only if it is really needed (bsc#1085196) - agetty: Return previous response of agetty for special characters (bsc#1085196, bsc#1125886) - blockdev: Do not fail `--report` on kpartx-style partitions on multipath. (bsc#1168235) - nologin: Add support for `-c` to prevent error from `su -c`. (bsc#1151708) - Avoid triggering autofs in lookup_umount_fs_by_statfs. (bsc#1168389) - libblkid: Do not trigger CDROM autoclose. (bsc#1084671) - Avoid sulogin failing on not existing or not functional console devices. (bsc#1175514) - Build with libudev support to support non-root users. (bsc#1169006) - lscpu: avoid segfault on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to CIFS with mount –a. (bsc#1174942) Important SUSE bug 1081947 SUSE bug 1082293 SUSE bug 1084671 SUSE bug 1085196 SUSE bug 1106214 SUSE bug 1122417 SUSE bug 1125886 SUSE bug 1135534 SUSE bug 1135708 SUSE bug 1151708 SUSE bug 1168235 SUSE bug 1168389 SUSE bug 1169006 SUSE bug 1172427 SUSE bug 1174942 SUSE bug 1175514 SUSE bug 1175623 SUSE bug 1178236 SUSE bug 1178554 SUSE bug 1178825 SUSE bug 1188921 SUSE bug 1194642 CVE-2021-37600 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for mozilla-nss fixes the following issues: Mozilla NSS 3.68.3 (bsc#1197903): - CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use. Important SUSE bug 1197903 CVE-2022-1097 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.8.0 ESR (bsc#1197903): MFSA 2022-14 (bsc#1197903) * CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use * CVE-2022-28281: Fixed an out of bounds write due to unexpected WebAuthN Extensions * CVE-2022-1196: Fixed a use-after-free after VR Process destruction * CVE-2022-28282: Fixed a use-after-free in DocumentL10n::TranslateDocument * CVE-2022-28285: Fixed incorrect AliasSet used in JIT Codegen * CVE-2022-28286: Fixed that iframe contents could be rendered outside the border * CVE-2022-24713: Fixed a denial of service via complex regular expressions * CVE-2022-28289: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8 Important SUSE bug 1197903 CVE-2022-1097 CVE-2022-1196 CVE-2022-24713 CVE-2022-28281 CVE-2022-28282 CVE-2022-28285 CVE-2022-28286 CVE-2022-28289 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for openjpeg2 fixes the following issues: - CVE-2016-1924: Fixed heap buffer overflow (bsc#980504). - CVE-2016-3183: Fixed out-of-bounds read in sycc422_to_rgb function (bsc#971617). - CVE-2016-4797: Fixed heap buffer overflow (bsc#980504). - CVE-2018-14423: Fixed division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl,and pi_next_rpcl in lib/openjp3d/pi.c (bsc#1102016). - CVE-2018-16375: Fixed missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c (bsc#1106882). - CVE-2018-16376: Fixed heap-based buffer overflow function t2_encode_packet in lib/openmj2/t2.c (bsc#1106881). - CVE-2018-20845: Fixed division-by-zero in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c (bsc#1140130). - CVE-2018-20846: Fixed out-of-bounds accesses in pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c (bsc#1140205). - CVE-2020-8112: Fixed heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c (bsc#1162090). - CVE-2020-15389: Fixed use-after-free if t a mix of valid and invalid files in a directory operated on by the decompressor (bsc#1173578). - CVE-2020-27823: Fixed heap buffer over-write in opj_tcd_dc_level_shift_encode() (bsc#1180457). - CVE-2021-29338: Fixed integer overflow that allows remote attackers to crash the application (bsc#1184774). - CVE-2022-1122: Fixed segmentation fault in opj2_decompress due to uninitialized pointer (bsc#1197738). Important SUSE bug 1102016 SUSE bug 1106881 SUSE bug 1106882 SUSE bug 1140130 SUSE bug 1140205 SUSE bug 1162090 SUSE bug 1173578 SUSE bug 1180457 SUSE bug 1184774 SUSE bug 1197738 SUSE bug 971617 SUSE bug 980504 CVE-2016-1924 CVE-2016-3183 CVE-2016-4797 CVE-2018-14423 CVE-2018-16375 CVE-2018-16376 CVE-2018-20845 CVE-2018-20846 CVE-2020-15389 CVE-2020-27823 CVE-2020-8112 CVE-2021-29338 CVE-2022-1122 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for python rebuilds python against a symbol versioned openssl 1.0.2 to allow usage with openssl 1.1.1. Also the following security issues are fixed: - CVE-2022-0391: Fixed sanitizing URLs containing ASCII newline and tabs in urlparse (bsc#1195396). - CVE-2021-4189: Make ftplib not trust the PASV response (bsc#1194146). Moderate SUSE bug 1187784 SUSE bug 1194146 SUSE bug 1195396 CVE-2021-4189 CVE-2022-0391 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: - CVE-2021-4140: Fixed iframe sandbox bypass with XSLT (bsc#1194547). - CVE-2022-22737: Fixed race condition when playing audio files (bsc#1194547). - CVE-2022-22738: Fixed heap-buffer-overflow in blendGaussianBlur (bsc#1194547). - CVE-2022-22739: Fixed missing throttling on external protocol launch dialog (bsc#1194547). - CVE-2022-22740: Fixed use-after-free of ChannelEventQueue::mOwner (bsc#1194547). - CVE-2022-22741: Fixed browser window spoof using fullscreen mode (bsc#1194547). - CVE-2022-22742: Fixed out-of-bounds memory access when inserting text in edit mode (bsc#1194547). - CVE-2022-22743: Fixed browser window spoof using fullscreen mode (bsc#1194547). - CVE-2022-22744: Fixed possible command injection via the 'Copy as curl' feature in DevTools (bsc#1194547). - CVE-2022-22745: Fixed leaking cross-origin URLs through securitypolicyviolation event (bsc#1194547). - CVE-2022-22746: Fixed calling into reportValidity could have lead to fullscreen window spoof (bsc#1194547). - CVE-2022-22747: Fixed crash when handling empty pkcs7 sequence(bsc#1194547). - CVE-2022-22748: Fixed spoofed origin on external protocol launch dialog (bsc#1194547). - CVE-2022-22751: Fixed memory safety bugs (bsc#1194547). Important SUSE bug 1194547 CVE-2021-4140 CVE-2022-22737 CVE-2022-22738 CVE-2022-22739 CVE-2022-22740 CVE-2022-22741 CVE-2022-22742 CVE-2022-22743 CVE-2022-22744 CVE-2022-22745 CVE-2022-22746 CVE-2022-22747 CVE-2022-22748 CVE-2022-22751 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) Important SUSE bug 1198062 CVE-2022-1271 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for libexif fixes the following issues: - CVE-2020-0181: Fixed an integer overflow that could lead to denial of service (bsc#1172802). - CVE-2020-0198: Fixed and unsigned integer overflow that could lead to denial of service (bsc#1172768). - CVE-2020-0452: Fixed a buffer overflow check that could be optimized away by the compiler (bsc#1178479). Important SUSE bug 1172768 SUSE bug 1172802 SUSE bug 1178479 CVE-2020-0181 CVE-2020-0198 CVE-2020-0452 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for tomcat fixes the following issues: Security hardening, related to Spring Framework vulnerabilities: - Deprecate getResources() and always return null (bsc#1198136). Important SUSE bug 1198136 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for sssd fixes the following issues: - CVE-2021-3621: Fixed shell command injection in sssctl via the logs-fetch and cache-expire subcommands (bsc#1189492). - Add LDAPS support for the AD provider (bsc#1183735)(jsc#SLE-17773). Non-security fixes: - Fixed a crash caused by calling dbus_watch_handle with a corrupted memory value (bsc#1196564). Important SUSE bug 1183735 SUSE bug 1189492 SUSE bug 1196564 CVE-2021-3621 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS The SUSE Linux Enterprise 12 SP4 kernel was updated. The following security bugs were fixed: - CVE-2022-0812: Fixed an incorrect header size calculations which could lead to a memory leak. (bsc#1196639) - CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free. (bnc#1196973) - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227) - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-28356: Fixed a refcount bug in llc_ui_bind and llc_ui_autobind which could allow an unprivileged user to execute a DoS. (bnc#1197391) - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032) - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031) - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331) - CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761) - CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device. (bsc#1196836) - CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366) - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) The following non-security bugs were fixed: - ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018). - genirq: Use rcu in kstat_irqs_usr() (bsc#1193738). - llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes). - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - net: usb: ax88179_178a: fix packet alignment padding (bsc#1196018). - net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). - sr9700: sanity check for packet length (bsc#1196836). - tcp: add some entropy in __inet_hash_connect() (bsc#1180153). - tcp: change source port randomizarion at connect() time (bsc#1180153). - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - x86/tsc: Make calibration refinement more robust (bsc#1196573). - xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). Important SUSE bug 1180153 SUSE bug 1189562 SUSE bug 1193738 SUSE bug 1194943 SUSE bug 1195051 SUSE bug 1195353 SUSE bug 1196018 SUSE bug 1196114 SUSE bug 1196468 SUSE bug 1196488 SUSE bug 1196514 SUSE bug 1196573 SUSE bug 1196639 SUSE bug 1196761 SUSE bug 1196830 SUSE bug 1196836 SUSE bug 1196942 SUSE bug 1196973 SUSE bug 1197211 SUSE bug 1197227 SUSE bug 1197331 SUSE bug 1197366 SUSE bug 1197391 SUSE bug 1197462 SUSE bug 1198031 SUSE bug 1198032 SUSE bug 1198033 CVE-2021-39713 CVE-2021-45868 CVE-2022-0812 CVE-2022-0850 CVE-2022-1016 CVE-2022-1048 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-26490 CVE-2022-26966 CVE-2022-27666 CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for gzip fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) Important SUSE bug 1198062 CVE-2022-1271 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for xen fixes the following issues: - CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that could cause a denial of service in the host (bsc#1197423). - CVE-2022-26357: Fixed a potential race condition in memory cleanup for hosts using VT-d IOMMU hardware, which could lead to a denial of service in the host (bsc#1197425). - CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361: Fixed various memory corruption issues for hosts using VT-d or AMD-Vi IOMMU hardware. These could be leveraged by an attacker to cause a denial of service in the host (bsc#1197426). - CVE-2022-0001, CVE-2022-0002, CVE-2021-26401: Added BHB speculation issue mitigations (bsc#1196915). Important SUSE bug 1196915 SUSE bug 1197423 SUSE bug 1197425 SUSE bug 1197426 CVE-2021-26401 CVE-2022-0001 CVE-2022-0002 CVE-2022-26356 CVE-2022-26357 CVE-2022-26358 CVE-2022-26359 CVE-2022-26360 CVE-2022-26361 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for dnsmasq fixes the following issues: - CVE-2021-3448: Fixed a potential DNS cache poisoning issue due to a constant outgoing port being used when for certain use cases of the --server option (bsc#1183709). - CVE-2022-0934: Fixed an invalid memory access that could lead to remote denial of service via crafted packet (bsc#1197872). Important SUSE bug 1183709 SUSE bug 1197872 CVE-2021-3448 CVE-2022-0934 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for git fixes the following issues: - CVE-2022-24765: Fixed a potential command injection via git worktree (bsc#1198234). Important SUSE bug 1198234 CVE-2022-24765 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed use-after-free of ID and IDREF attributes. (bsc#1196490) Important SUSE bug 1196490 CVE-2022-23308 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for SDL fixes the following issues: - CVE-2020-14409: Fixed an integer overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c. (bsc#1181202) - CVE-2020-14410: Fixed a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c. (bsc#1181201) - CVE-2021-33657: Fixed a Heap overflow problem in video/SDL_pixels.c. (bsc#1198001) Important SUSE bug 1181201 SUSE bug 1181202 SUSE bug 1198001 CVE-2020-14409 CVE-2020-14410 CVE-2021-33657 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for webkit2gtk3 fixes the following issues: - Update to version 2.34.3 (bsc#1194019). - CVE-2021-30887: Fixed logic issue allowing unexpectedly unenforced Content Security Policy when processing maliciously crafted web content. - CVE-2021-30890: Fixed logic issue allowing universal cross site scripting when processing maliciously crafted web content. Important SUSE bug 1194019 CVE-2018-8518 CVE-2018-8523 CVE-2019-8551 CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 CVE-2019-8674 CVE-2019-8681 CVE-2019-8684 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 CVE-2019-8707 CVE-2019-8719 CVE-2019-8726 CVE-2019-8733 CVE-2019-8763 CVE-2019-8765 CVE-2019-8766 CVE-2019-8768 CVE-2019-8782 CVE-2019-8808 CVE-2019-8815 CVE-2019-8821 CVE-2019-8822 CVE-2020-10018 CVE-2020-13753 CVE-2020-27918 CVE-2020-29623 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9947 CVE-2020-9948 CVE-2020-9951 CVE-2020-9952 CVE-2021-1765 CVE-2021-1788 CVE-2021-1817 CVE-2021-1820 CVE-2021-1825 CVE-2021-1826 CVE-2021-1844 CVE-2021-1871 CVE-2021-30661 CVE-2021-30666 CVE-2021-30682 CVE-2021-30761 CVE-2021-30762 CVE-2021-30809 CVE-2021-30818 CVE-2021-30823 CVE-2021-30836 CVE-2021-30846 CVE-2021-30848 CVE-2021-30849 CVE-2021-30851 CVE-2021-30858 CVE-2021-30884 CVE-2021-30887 CVE-2021-30888 CVE-2021-30889 CVE-2021-30890 CVE-2021-30897 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for cifs-utils fixes the following issues: - CVE-2022-27239: Fixed a buffer overflow in the command line ip option (bsc#1197216). Important SUSE bug 1197216 CVE-2022-27239 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for aide fixes the following issues: - CVE-2021-45417: Fix a bufferoverflow in base64 functions (bsc#1194735) Important SUSE bug 1194735 CVE-2021-45417 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: This update contains the Firefox Extended Support Release 91.1.0 ESR. * Fixed: Various stability, functionality, and security fixes MFSA 2021-40 (bsc#1190269, bsc#1190274): * CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer * CVE-2021-38495: Memory safety bugs fixed in Firefox 92 and Firefox ESR 91.1 Firefox 91.0.1esr ESR * Fixed: Fixed an issue causing buttons on the tab bar to be resized when loading certain websites (bug 1704404) * Fixed: Fixed an issue which caused tabs from private windows to be visible in non-private windows when viewing switch-to- tab results in the address bar panel (bug 1720369) * Fixed: Various stability fixes * Fixed: Security fix MFSA 2021-37 (bsc#1189547) * CVE-2021-29991 (bmo#1724896) Header Splitting possible with HTTP/3 Responses Firefox Extended Support Release 91.0 ESR * New: Some of the highlights of the new Extended Support Release are: - A number of user interface changes. For more information, see the Firefox 89 release notes. - Firefox now supports logging into Microsoft, work, and school accounts using Windows single sign-on. Learn more - On Windows, updates can now be applied in the background while Firefox is not running. - Firefox for Windows now offers a new page about:third-party to help identify compatibility issues caused by third-party applications - Version 2 of Firefox's SmartBlock feature further improves private browsing. Third party Facebook scripts are blocked to prevent you from being tracked, but are now automatically loaded 'just in time' if you decide to 'Log in with Facebook' on any website. - Enhanced the privacy of the Firefox Browser's Private Browsing mode with Total Cookie Protection, which confines cookies to the site where they were created, preventing companis from using cookies to track your browsing across sites. This feature was originally launched in Firefox's ETP Strict mode. - PDF forms now support JavaScript embedded in PDF files. Some PDF forms use JavaScript for validation and other interactive features. - You'll encounter less website breakage in Private Browsing and Strict Enhanced Tracking Protection with SmartBlock, which provides stand-in scripts so that websites load properly. - Improved Print functionality with a cleaner design and better integration with your computer's printer settings. - Firefox now protects you from supercookies, a type of tracker that can stay hidden in your browser and track you online, even after you clear cookies. By isolating supercookies, Firefox prevents them from tracking your web browsing from one site to the next. - Firefox now remembers your preferred location for saved bookmarks, displays the bookmarks toolbar by default on new tabs, and gives you easy access to all of your bookmarks via a toolbar folder. - Native support for macOS devices built with Apple Silicon CPUs brings dramatic performance improvements over the non- native build that was shipped in Firefox 83: Firefox launches over 2.5 times faster and web apps are now twice as responsive (per the SpeedoMeter 2.0 test). If you are on a new Apple device, follow these steps to upgrade to the latest Firefox. - Pinch zooming will now be supported for our users with Windows touchscreen devices and touchpads on Mac devices. Firefox users may now use pinch to zoom on touch-capable devices to zoom in and out of webpages. - We’ve improved functionality and design for a number of Firefox search features: * Selecting a search engine at the bottom of the search panel now enters search mode for that engine, allowing you to see suggestions (if available) for your search terms. The old behavior (immediately performing a search) is available with a shift-click. * When Firefox autocompletes the URL of one of your search engines, you can now search with that engine directly in the address bar by selecting the shortcut in the address bar results. * We’ve added buttons at the bottom of the search panel to allow you to search your bookmarks, open tabs, and history. - Firefox supports AcroForm, which will allow you to fill in, print, and save supported PDF forms and the PDF viewer also has a new fresh look. - For our users in the US and Canada, Firefox can now save, manage, and auto-fill credit card information for you, making shopping on Firefox ever more convenient. - In addition to our default, dark and light themes, with this release, Firefox introduces the Alpenglow theme: a colorful appearance for buttons, menus, and windows. You can update your Firefox themes under settings or preferences. * Changed: Firefox no longer supports Adobe Flash. There is no setting available to re-enable Flash support. * Enterprise: Various bug fixes and new policies have been implemented in the latest version of Firefox. See more details in the Firefox for Enterprise 91 Release Notes. MFSA 2021-33 (bsc#1188891): * CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption * CVE-2021-29981: Live range splitting could have led to conflicting assignments in the JIT * CVE-2021-29988: Memory corruption as a result of incorrect style treatment * CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode * CVE-2021-29984: Incorrect instruction reordering during JIT optimization * CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption * CVE-2021-29987: Users could have been tricked into accepting unwanted permissions on Linux * CVE-2021-29985: Use-after-free media channels * CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and type confusion * CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 * CVE-2021-29990: Memory safety bugs fixed in Firefox 91 Important SUSE bug 1188891 SUSE bug 1189547 SUSE bug 1190269 SUSE bug 1190274 CVE-2021-29980 CVE-2021-29981 CVE-2021-29982 CVE-2021-29983 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29987 CVE-2021-29988 CVE-2021-29989 CVE-2021-29990 CVE-2021-29991 CVE-2021-38492 CVE-2021-38495 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for zsh fixes the following issues: - CVE-2018-0502: Fixed execve call vulnerability to program named on the second line when the beginning of a #! script file was mishandled. (bsc#1107296, bsc#1107294) - CVE-2018-13259: Fixed execve call vulnerability to program name that is a substring of the intended one. (bsc#1107296, bsc#1107294) Important SUSE bug 1107294 SUSE bug 1107296 CVE-2018-0502 CVE-2018-13259 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 5 Fix Pack 0 - CVE-2021-41035: before version 0.29.0, the openj9 JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. (bsc#1194198, bsc#1192052) - CVE-2021-35586: Excessive memory allocation in BMPImageReader. (bsc#1191914) - CVE-2021-35564: Certificates with end dates too far in the future can corrupt keystore. (bsc#1191913) - CVE-2021-35559: Excessive memory allocation in RTFReader. (bsc#1191911) - CVE-2021-35556: Excessive memory allocation in RTFParser. (bsc#1191910) - CVE-2021-35565: Loop in HttpsServer triggered during TLS session close. (bsc#1191909) - CVE-2021-35588: Incomplete validation of inner class references in ClassFileParser. (bsc#1191905) - CVE-2021-2341: Fixed a flaw inside the FtpClient. (bsc#1188564) - CVE-2021-2369: JAR file handling problem containing multiple MANIFEST.MF files. (bsc#1188565) - CVE-2021-2432: Fixed a vulnerability in the omponent JNDI. (bsc#1188568) - CVE-2021-2163: Incomplete enforcement of JAR signing disabled algorithms. (bsc#1185055) Moderate SUSE bug 1185055 SUSE bug 1188564 SUSE bug 1188565 SUSE bug 1188568 SUSE bug 1191905 SUSE bug 1191909 SUSE bug 1191910 SUSE bug 1191911 SUSE bug 1191913 SUSE bug 1191914 SUSE bug 1192052 SUSE bug 1194198 SUSE bug 1194232 CVE-2021-2163 CVE-2021-2341 CVE-2021-2369 CVE-2021-2432 CVE-2021-35556 CVE-2021-35559 CVE-2021-35564 CVE-2021-35565 CVE-2021-35586 CVE-2021-35588 CVE-2021-41035 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for gzip fixes the following issues: - CVE-2022-1271: Add hardening for zgrep. (bsc#1198062) Important CVE-2022-1271 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for webkit2gtk3 fixes the following issues: Update to version 2.36.0 (bsc#1198290): - CVE-2022-22624: Fixed use after free that may lead to arbitrary code execution. - CVE-2022-22628: Fixed use after free that may lead to arbitrary code execution. - CVE-2022-22629: Fixed a buffer overflow that may lead to arbitrary code execution. - CVE-2022-22637: Fixed an unexpected cross-origin behavior due to a logic error. Missing CVE reference for the update to 2.34.6 (bsc#1196133): - CVE-2022-22594: Fixed a cross-origin issue in the IndexDB API. Important SUSE bug 1196133 SUSE bug 1198290 CVE-2022-22594 CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22637 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) Important SUSE bug 1198446 CVE-2022-1304 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220510 release. (bsc#1199423) Updated to Intel CPU Microcode 20220419 release. (bsc#1198717) - CVE-2022-21151: Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access (bsc#1199423). Moderate SUSE bug 1198717 SUSE bug 1199423 CVE-2022-21151 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.9.0 ESR (MFSA 2022-17)(bsc#1198970): - CVE-2022-29914: Fullscreen notification bypass using popups - CVE-2022-29909: Bypassing permission prompt in nested browsing contexts - CVE-2022-29916: Leaking browser history with CSS variables - CVE-2022-29911: iframe Sandbox bypass - CVE-2022-29912: Reader mode bypassed SameSite cookies - CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9 Important SUSE bug 1198970 CVE-2022-29909 CVE-2022-29911 CVE-2022-29912 CVE-2022-29914 CVE-2022-29916 CVE-2022-29917 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed a dangling symlink when g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION (bsc#1183533). Low SUSE bug 1183533 CVE-2021-28153 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). - Fixed issue with SASL init that crashed slapd at startup under certain conditions (bsc#1198383). Important SUSE bug 1198383 SUSE bug 1199240 CVE-2022-29155 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251). - CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362). - CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474). - CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476). - CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477). - CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478). - CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479). - CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480). Important SUSE bug 1194251 SUSE bug 1194362 SUSE bug 1194474 SUSE bug 1194476 SUSE bug 1194477 SUSE bug 1194478 SUSE bug 1194479 SUSE bug 1194480 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for postgresql10 fixes the following issues: - CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes (bsc#1199475). Important SUSE bug 1199475 CVE-2022-1552 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.9.1 ESR - MFSA 2022-19 (bsc#1199768): - CVE-2022-1802: Prototype pollution in Top-Level Await implementation - CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution Important SUSE bug 1199768 CVE-2022-1529 CVE-2022-1802 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for python-requests fixes the following issues: - CVE-2018-18074: Fixed to prevent the package to send an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect. (bsc#1111622) Moderate SUSE bug 1111622 CVE-2018-18074 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for libxml2 fixes the following issues: - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c and tree.c (bsc#1199132). - CVE-2017-16932: Prevent infinite recursion in parameter entities (bsc#1069689). Important SUSE bug 1069689 SUSE bug 1199132 CVE-2017-16932 CVE-2022-29824 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed out-of-bounds read via missing Unicode property matching issue in JIT compiled regular expressions (bsc#1199232). Important SUSE bug 1199232 CVE-2022-1586 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for kernel-firmware fixes the following issues: Update AMD ucode and SEV firmware - (CVE-2021-26339, CVE-2021-26373, CVE-2021-26347, CVE-2021-26376, CVE-2021-26375, CVE-2021-26378, CVE-2021-26372, CVE-2021-26339, CVE-2021-26348, CVE-2021-26342, CVE-2021-26388, CVE-2021-26349, CVE-2021-26364, CVE-2021-26312, CVE-2021-26350, CVE-2021-46744, bsc#1199459, bsc#1199470) Moderate SUSE bug 1199459 SUSE bug 1199470 CVE-2021-26312 CVE-2021-26339 CVE-2021-26342 CVE-2021-26347 CVE-2021-26348 CVE-2021-26349 CVE-2021-26350 CVE-2021-26364 CVE-2021-26372 CVE-2021-26373 CVE-2021-26375 CVE-2021-26376 CVE-2021-26378 CVE-2021-26388 CVE-2021-46744 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for wpa_supplicant fixes the following issues: - CVE-2022-23303, CVE-2022-23304: Fixed SAE/EAP-pwd side-channel attacks (bsc#1194732, bsc#1194733) - CVE-2021-0326: Fixed P2P group information processing vulnerability (bsc#1181777) - Fix systemd device ready dependencies in wpa_supplicant@.service file. (bsc#1182805) - Limit P2P_DEVICE name to appropriate ifname size - Enable SAE support(jsc#SLE-14992). - Fix wicked wlan (bsc#1156920) - Change wpa_supplicant.service to ensure wpa_supplicant gets started before network. Fix WLAN config on boot with wicked. (bsc#1166933) - Adjust the service to start after network.target wrt bsc#1165266 Update to 2.9 release: * SAE changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * EAP-pwd changes - disable use of groups using Brainpool curves - allow the set of groups to be configured (eap_pwd_groups) - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * fixed FT-EAP initial mobility domain association using PMKSA caching (disabled by default for backwards compatibility; can be enabled with ft_eap_pmksa_caching=1) * fixed a regression in OpenSSL 1.1+ engine loading * added validation of RSNE in (Re)Association Response frames * fixed DPP bootstrapping URI parser of channel list * extended EAP-SIM/AKA fast re-authentication to allow use with FILS * extended ca_cert_blob to support PEM format * improved robustness of P2P Action frame scheduling * added support for EAP-SIM/AKA using anonymous@realm identity * fixed Hotspot 2.0 credential selection based on roaming consortium to ignore credentials without a specific EAP method * added experimental support for EAP-TEAP peer (RFC 7170) * added experimental support for EAP-TLS peer with TLS v1.3 * fixed a regression in WMM parameter configuration for a TDLS peer * fixed a regression in operation with drivers that offload 802.1X 4-way handshake * fixed an ECDH operation corner case with OpenSSL * SAE changes - added support for SAE Password Identifier - changed default configuration to enable only groups 19, 20, 21 (i.e., disable groups 25 and 26) and disable all unsuitable groups completely based on REVmd changes - do not regenerate PWE unnecessarily when the AP uses the anti-clogging token mechanisms - fixed some association cases where both SAE and FT-SAE were enabled on both the station and the selected AP - started to prefer FT-SAE over SAE AKM if both are enabled - started to prefer FT-SAE over FT-PSK if both are enabled - fixed FT-SAE when SAE PMKSA caching is used - reject use of unsuitable groups based on new implementation guidance in REVmd (allow only FFC groups with prime >= 3072 bits and ECC groups with prime >= 256) - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-1/] (CVE-2019-9494, bsc#1131868) * EAP-pwd changes - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-2/] (CVE-2019-9495, bsc#1131870) - verify server scalar/element [https://w1.fi/security/2019-4/] (CVE-2019-9497, CVE-2019-9498, CVE-2019-9499, bsc#1131874, bsc#1131872, bsc#1131871, bsc#1131644) - fix message reassembly issue with unexpected fragment [https://w1.fi/security/2019-5/] (CVE-2019-11555, bsc#1133640) - enforce rand,mask generation rules more strictly - fix a memory leak in PWE derivation - disallow ECC groups with a prime under 256 bits (groups 25, 26, and 27) - SAE/EAP-pwd side-channel attack update [https://w1.fi/security/2019-6/] (CVE-2019-13377, bsc#1144443) * fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y * Hotspot 2.0 changes - do not indicate release number that is higher than the one AP supports - added support for release number 3 - enable PMF automatically for network profiles created from credentials * fixed OWE network profile saving * fixed DPP network profile saving * added support for RSN operating channel validation (CONFIG_OCV=y and network profile parameter ocv=1) * added Multi-AP backhaul STA support * fixed build with LibreSSL * number of MKA/MACsec fixes and extensions * extended domain_match and domain_suffix_match to allow list of values * fixed dNSName matching in domain_match and domain_suffix_match when using wolfSSL * started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both are enabled * extended nl80211 Connect and external authentication to support SAE, FT-SAE, FT-EAP-SHA384 * fixed KEK2 derivation for FILS+FT * extended client_cert file to allow loading of a chain of PEM encoded certificates * extended beacon reporting functionality * extended D-Bus interface with number of new properties * fixed a regression in FT-over-DS with mac80211-based drivers * OpenSSL: allow systemwide policies to be overridden * extended driver flags indication for separate 802.1X and PSK 4-way handshake offload capability * added support for random P2P Device/Interface Address use * extended PEAP to derive EMSK to enable use with ERP/FILS * extended WPS to allow SAE configuration to be added automatically for PSK (wps_cred_add_sae=1) * removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS) * extended domain_match and domain_suffix_match to allow list of values * added a RSN workaround for misbehaving PMF APs that advertise IGTK/BIP KeyID using incorrect byte order * fixed PTK rekeying with FILS and FT * fixed WPA packet number reuse with replayed messages and key reinstallation [https://w1.fi/security/2017-1/] (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) * fixed unauthenticated EAPOL-Key decryption in wpa_supplicant [https://w1.fi/security/2018-1/] (CVE-2018-14526) * added support for FILS (IEEE 802.11ai) shared key authentication * added support for OWE (Opportunistic Wireless Encryption, RFC 8110; and transition mode defined by WFA) * added support for DPP (Wi-Fi Device Provisioning Protocol) * added support for RSA 3k key case with Suite B 192-bit level * fixed Suite B PMKSA caching not to update PMKID during each 4-way handshake * fixed EAP-pwd pre-processing with PasswordHashHash * added EAP-pwd client support for salted passwords * fixed a regression in TDLS prohibited bit validation * started to use estimated throughput to avoid undesired signal strength based roaming decision * MACsec/MKA: - new macsec_linux driver interface support for the Linux kernel macsec module - number of fixes and extensions * added support for external persistent storage of PMKSA cache (PMKSA_GET/PMKSA_ADD control interface commands; and MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case) * fixed mesh channel configuration pri/sec switch case * added support for beacon report * large number of other fixes, cleanup, and extensions * added support for randomizing local address for GAS queries (gas_rand_mac_addr parameter) * fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel * added option for using random WPS UUID (auto_uuid=1) * added SHA256-hash support for OCSP certificate matching * fixed EAP-AKA' to add AT_KDF into Synchronization-Failure * fixed a regression in RSN pre-authentication candidate selection * added option to configure allowed group management cipher suites (group_mgmt network profile parameter) * removed all PeerKey functionality * fixed nl80211 AP and mesh mode configuration regression with Linux 4.15 and newer * added ap_isolate configuration option for AP mode * added support for nl80211 to offload 4-way handshake into the driver * added support for using wolfSSL cryptographic library * SAE - added support for configuring SAE password separately of the WPA2 PSK/passphrase - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection for SAE; note: this is not backwards compatible, i.e., both the AP and station side implementations will need to be update at the same time to maintain interoperability - added support for Password Identifier - fixed FT-SAE PMKID matching * Hotspot 2.0 - added support for fetching of Operator Icon Metadata ANQP-element - added support for Roaming Consortium Selection element - added support for Terms and Conditions - added support for OSEN connection in a shared RSN BSS - added support for fetching Venue URL information * added support for using OpenSSL 1.1.1 * FT - disabled PMKSA caching with FT since it is not fully functional - added support for SHA384 based AKM - added support for BIP ciphers BIP-CMAC-256, BIP-GMAC-128, BIP-GMAC-256 in addition to previously supported BIP-CMAC-128 - fixed additional IE inclusion in Reassociation Request frame when using FT protocol - CVE-2015-8041: Using O_WRONLY flag [http://w1.fi/security/2015-5/] Important SUSE bug 1131644 SUSE bug 1131868 SUSE bug 1131870 SUSE bug 1131871 SUSE bug 1131872 SUSE bug 1131874 SUSE bug 1133640 SUSE bug 1144443 SUSE bug 1156920 SUSE bug 1165266 SUSE bug 1166933 SUSE bug 1167331 SUSE bug 1182805 SUSE bug 1194732 SUSE bug 1194733 CVE-2015-8041 CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 CVE-2018-14526 CVE-2019-11555 CVE-2019-13377 CVE-2019-9494 CVE-2019-9495 CVE-2019-9497 CVE-2019-9498 CVE-2019-9499 CVE-2022-23303 CVE-2022-23304 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for postgresql14 fixes the following issues: - CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes (bsc#1199475). Important SUSE bug 1199475 CVE-2022-1552 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for ImageMagick fixes the following issues: - CVE-2022-1270: Fixed a memory corruption issue when parsing MIFF files (bsc#1198351). - CVE-2022-28463: Fixed buffer overflow in coders/cin.c (bsc#1199350). Important SUSE bug 1198351 SUSE bug 1199350 CVE-2022-1270 CVE-2022-28463 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for mailman fixes the following issues: - CVE-2021-44227: Preventing list moderator or list member accessing the admin UI (bsc#1193316). - CVE-2021-43332: Preventing list moderator from cracking the list admin password encrypted in a CSRF token (bsc#1192741). - CVE-2021-43331: Fixed XSS in Cgi/options.py (bsc#1192735). - CVE-2021-42096: Add protection against remote privilege escalation via csrf_token derived from admin password (bsc#1191959). Important SUSE bug 1191959 SUSE bug 1192735 SUSE bug 1192741 SUSE bug 1193316 CVE-2021-42096 CVE-2021-43331 CVE-2021-43332 CVE-2021-44227 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for polkit fixes the following issues: - CVE-2021-4034: Fixed a local privilege escalation in pkexec (bsc#1194568). Important SUSE bug 1194568 CVE-2021-4034 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for librelp fixes the following issues: - CVE-2018-1000140: Fixed remote attack via specially crafted x509 certificates when connecting to rsyslog to trigger a stack buffer overflow and run arbitrary code (bsc#1086730). Moderate SUSE bug 1086730 CVE-2018-1000140 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.10.0 ESR (MFSA 2022-21)(bsc#1200027) - CVE-2022-31736: Cross-Origin resource's length leaked - CVE-2022-31737: Heap buffer overflow in WebGL - CVE-2022-31738: Browser window spoof using fullscreen mode - CVE-2022-31739: Attacker-influenced path traversal when saving downloaded files - CVE-2022-31740: Register allocation problem in WASM on arm64 - CVE-2022-31741: Uninitialized variable leads to invalid memory read - CVE-2022-31742: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information - CVE-2022-31747: Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10 Important SUSE bug 1200027 CVE-2022-31736 CVE-2022-31737 CVE-2022-31738 CVE-2022-31739 CVE-2022-31740 CVE-2022-31741 CVE-2022-31742 CVE-2022-31747 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for strongswan fixes the following issues: - CVE-2021-45079: Fixed authentication bypass in EAP authentication. (bsc#1194471) Important SUSE bug 1194471 CVE-2021-45079 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for mozilla-nss fixes the following issues: Mozilla NSS 3.68.4 (bsc#1200027) * CVE-2022-31741: Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590) Important SUSE bug 1200027 CVE-2022-31741 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for grub2 fixes the following issues: Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581) - CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184) - CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185) - CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186) - CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460) - CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493) - CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496) - Update SBAT security contact (bsc#1193282) - Bump grub's SBAT generation to 2 - Use boot disks in OpenFirmware, fixing regression caused when the root LV is completely in the boot LUN (bsc#1197948) Important SUSE bug 1191184 SUSE bug 1191185 SUSE bug 1191186 SUSE bug 1193282 SUSE bug 1197948 SUSE bug 1198460 SUSE bug 1198493 SUSE bug 1198496 SUSE bug 1198581 CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2022-28733 CVE-2022-28734 CVE-2022-28736 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for u-boot fixes the following issues: - A large buffer overflow could have lead to a denial of service in the IP Packet deframentation code. (CVE-2022-30552, bsc#1200363) - A Hole Descriptor Overwrite could have lead to an arbitrary out of bounds write primitive. (CVE-2022-30790, bsc#1200364) Important SUSE bug 1200363 SUSE bug 1200364 CVE-2022-30552 CVE-2022-30790 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS The SUSE Linux Enterprise 12 SP4 kernel was updated. The following security bugs were fixed: - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) - CVE-2021-39711: Fixed a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1197219). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012). - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647). - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2021-43389: Fixed an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958). - CVE-2019-20811: Fixed issue in rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, where a reference count is mishandled (bnc#1172456). - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055). - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c. (bnc#1198516) - CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723). - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343) The following non-security bugs were fixed: - btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399). - btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399). - debug: Lock down kgdb (bsc#1199426). - dimlib: make DIMLIB a hidden symbol (bsc#1197099 jsc#SLE-24124). - lib/dim: Fix -Wunused-const-variable warnings (bsc#1197099 jsc#SLE-24124). - lib/dim: fix help text typos (bsc#1197099 jsc#SLE-24124). - linux/dim: Add completions count to dim_sample (bsc#1197099 jsc#SLE-24124). - linux/dim: Fix overflow in dim calculation (bsc#1197099 jsc#SLE-24124). - linux/dim: Implement RDMA adaptive moderation (DIM) (bsc#1197099 jsc#SLE-24124). - linux/dim: Move implementation to .c files (bsc#1197099 jsc#SLE-24124). - linux/dim: Move logic to dim.h (bsc#1197099 jsc#SLE-24124). - linux/dim: Remove 'net' prefix from internal DIM members (bsc#1197099 jsc#SLE-24124). - linux/dim: Rename externally exposed macros (bsc#1197099 jsc#SLE-24124). - linux/dim: Rename externally used net_dim members (bsc#1197099 jsc#SLE-24124). - linux/dim: Rename net_dim_sample() to net_dim_update_sample() (bsc#1197099 jsc#SLE-24124). - net: ena: A typo fix in the file ena_com.h (bsc#1197099 jsc#SLE-24124). - net: ena: Add capabilities field with support for ENI stats capability (bsc#1197099 jsc#SLE-24124). - net: ena: add device distinct log prefix to files (bsc#1197099 jsc#SLE-24124). - net: ena: Add first_interrupt field to napi struct (bsc#1197099 jsc#SLE-24124). - net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it (bsc#1197099 jsc#SLE-24124). - net: ena: add jiffies of last napi call to stats (bsc#1197099 jsc#SLE-24124). - net: ena: add missing ethtool TX timestamping indication (bsc#1197099 jsc#SLE-24124). - net: ena: add reserved PCI device ID (bsc#1197099 jsc#SLE-24124). - net: ena: add support for reporting of packet drops (bsc#1197099 jsc#SLE-24124). - net: ena: add support for the rx offset feature (bsc#1197099 jsc#SLE-24124). - net: ena: add support for traffic mirroring (bsc#1197099 jsc#SLE-24124). - net: ena: add unmask interrupts statistics to ethtool (bsc#1197099 jsc#SLE-24124). - net: ena: aggregate stats increase into a function (bsc#1197099 jsc#SLE-24124). - net: ena: allow setting the hash function without changing the key (bsc#1197099 jsc#SLE-24124). - net: ena: avoid memory access violation by validating req_id properly (bsc#1197099 jsc#SLE-24124). - net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1197099 jsc#SLE-24124). - net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1197099 jsc#SLE-24124). - net: ena: Capitalize all log strings and improve code readability (bsc#1197099 jsc#SLE-24124). - net: ena: change default RSS hash function to Toeplitz (bsc#1197099 jsc#SLE-24124). - net: ena: Change ENI stats support check to use capabilities field (bsc#1197099 jsc#SLE-24124). - net: ena: Change license into format to SPDX in all files (bsc#1197099 jsc#SLE-24124). - net: ena: Change log message to netif/dev function (bsc#1197099 jsc#SLE-24124). - net: ena: change num_queues to num_io_queues for clarity and consistency (bsc#1197099 jsc#SLE-24124). - net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1197099 jsc#SLE-24124). - net: ena: Change RSS related macros and variables names (bsc#1197099 jsc#SLE-24124). - net: ena: Change the name of bad_csum variable (bsc#1197099 jsc#SLE-24124). - net: ena: changes to RSS hash key allocation (bsc#1197099 jsc#SLE-24124). - net: ena: clean up indentation issue (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: code reorderings (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: fix line break issues (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: fix spacing issues (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: minor code changes (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: remove unnecessary code (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1197099 jsc#SLE-24124). - net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1197099 jsc#SLE-24124). - net: ena: do not wake up tx queue when down (bsc#1197099 jsc#SLE-24124). - net: ena: drop superfluous prototype (bsc#1197099 jsc#SLE-24124). - net: ena: ena-com.c: prevent NULL pointer dereference (bsc#1197099 jsc#SLE-24124). - net: ena: enable support of rss hash key and function changes (bsc#1197099 jsc#SLE-24124). - net: ena: enable the interrupt_moderation in driver_supported_features (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: Add new device statistics (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: clean up minor indentation issue (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: get_channels: use combined only (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: remove redundant non-zero check on rc (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: support set_channels callback (bsc#1197099 jsc#SLE-24124). - net: ena: ethtool: use correct value for crc32 hash (bsc#1197099 jsc#SLE-24124). - net: ena: Fix all static chekers' warnings (bsc#1197099 jsc#SLE-24124). - net: ena: Fix build warning in ena_xdp_set() (bsc#1197099 jsc#SLE-24124). - net: ena: fix coding style nits (bsc#1197099 jsc#SLE-24124). - net: ena: fix continuous keep-alive resets (bsc#1197099 jsc#SLE-24124). - net: ena: fix corruption of dev_idx_to_host_tbl (bsc#1197099 jsc#SLE-24124). - net: ena: fix default tx interrupt moderation interval (bsc#1197099 jsc#SLE-24124). - net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1197099 jsc#SLE-24124). - net: ena: Fix error handling when calculating max IO queues number (bsc#1197099 jsc#SLE-24124). - net: ena: fix error returning in ena_com_get_hash_function() (bsc#1197099 jsc#SLE-24124). - net: ena: fix inaccurate print type (bsc#1197099 jsc#SLE-24124). - net: ena: fix incorrect default RSS key (bsc#1197099 jsc#SLE-24124). - net: ena: fix incorrect setting of the number of msix vectors (bsc#1197099 jsc#SLE-24124). - net: ena: fix incorrect update of intr_delay_resolution (bsc#1197099 jsc#SLE-24124). - net: ena: fix incorrectly saving queue numbers when setting RSS indirection table (bsc#1197099 jsc#SLE-24124). - net: ena: fix issues in setting interrupt moderation params in ethtool (bsc#1197099 jsc#SLE-24124). - net: ena: fix packet's addresses for rx_offset feature (bsc#1197099 jsc#SLE-24124). - net: ena: fix potential crash when rxfh key is NULL (bsc#1197099 jsc#SLE-24124). - net: ena: fix request of incorrect number of IRQ vectors (bsc#1197099 jsc#SLE-24124). - net: ena: fix retrieval of nonadaptive interrupt moderation intervals (bsc#1197099 jsc#SLE-24124). - net: ena: fix update of interrupt moderation register (bsc#1197099 jsc#SLE-24124). - net: ena: fix uses of round_jiffies() (bsc#1197099 jsc#SLE-24124). - net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1197099 jsc#SLE-24124). - net: ena: Fix wrong rx request id by resetting device (bsc#1197099 jsc#SLE-24124). - net: ena: handle bad request id in ena_netdev (bsc#1197099 jsc#SLE-24124). - net: ena: Improve error logging in driver (bsc#1197099 jsc#SLE-24124). - net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE (bsc#1197099 jsc#SLE-24124). - net: ena: make ethtool -l show correct max number of queues (bsc#1197099 jsc#SLE-24124). - net: ena: Make missed_tx stat incremental (bsc#1197099 jsc#SLE-24124). - net: ena: make symbol 'ena_alloc_map_page' static (bsc#1197099 jsc#SLE-24124). - net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1197099 jsc#SLE-24124). - net: ena: Move reset completion print to the reset function (bsc#1197099 jsc#SLE-24124). - net: ena: multiple queue creation related cleanups (bsc#1197099 jsc#SLE-24124). - net: ena: Prevent reset after device destruction (bsc#1197099 jsc#SLE-24124). - net: ena: re-organize code to improve readability (bsc#1197099 jsc#SLE-24124). - net: ena: reduce driver load time (bsc#1197099 jsc#SLE-24124). - net: ena: reimplement set/get_coalesce() (bsc#1197099 jsc#SLE-24124). - net: ena: remove all old adaptive rx interrupt moderation code from ena_com (bsc#1197099 jsc#SLE-24124). - net: ena: remove code duplication in ena_com_update_nonadaptive_moderation_interval _*() (bsc#1197099 jsc#SLE-24124). - net: ena: remove code that does nothing (bsc#1197099 jsc#SLE-24124). - net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1197099 jsc#SLE-24124). - net: ena: remove ena_restore_ethtool_params() and relevant fields (bsc#1197099 jsc#SLE-24124). - net: ena: remove extra words from comments (bsc#1197099 jsc#SLE-24124). - net: ena: Remove module param and change message severity (bsc#1197099 jsc#SLE-24124). - net: ena: remove old adaptive interrupt moderation code from ena_netdev (bsc#1197099 jsc#SLE-24124). - net: ena: remove redundant print of number of queues (bsc#1197099 jsc#SLE-24124). - net: ena: Remove redundant print of placement policy (bsc#1197099 jsc#SLE-24124). - net: ena: Remove redundant return code check (bsc#1197099 jsc#SLE-24124). - net: ena: remove set but not used variable 'hash_key' (bsc#1197099 jsc#SLE-24124). - net: ena: Remove unused code (bsc#1197099 jsc#SLE-24124). - net: ena: rename ena_com_free_desc to make API more uniform (bsc#1197099 jsc#SLE-24124). - net: ena: rss: do not allocate key when not supported (bsc#1197099 jsc#SLE-24124). - net: ena: rss: fix failure to get indirection table (bsc#1197099 jsc#SLE-24124). - net: ena: rss: store hash function as values and not bits (bsc#1197099 jsc#SLE-24124). - net: ena: Select DIMLIB for ENA_ETHERNET (bsc#1197099 jsc#SLE-24124). - net: ena: set initial DMA width to avoid intel iommu issue (bsc#1197099 jsc#SLE-24124). - net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1197099 jsc#SLE-24124). - net: ena: store values in their appropriate variables types (bsc#1197099 jsc#SLE-24124). - net: ena: support new LLQ acceleration mode (bsc#1197099 jsc#SLE-24124). - net: ena: switch to dim algorithm for rx adaptive interrupt moderation (bsc#1197099 jsc#SLE-24124). - net: ena: use constant value for net_device allocation (bsc#1197099 jsc#SLE-24124). - net: ena: Use dev_alloc() in RX buffer allocation (bsc#1197099 jsc#SLE-24124). - net: ena: use explicit variable size for clarity (bsc#1197099 jsc#SLE-24124). - net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1197099 jsc#SLE-24124). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - net: update net_dim documentation after rename (bsc#1197099 jsc#SLE-24124). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - powerpc/pseries: extract host bridge from pci_bus prior to bus removal (bsc#1182171 ltc#190900 bsc#1198660 ltc#197803). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729 bsc#1198660 ltc#197803). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825). - x86/pm: Save the MSR validity status at context setup (bsc#1114648). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1114648). Important SUSE bug 1028340 SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1114648 SUSE bug 1172456 SUSE bug 1182171 SUSE bug 1183723 SUSE bug 1187055 SUSE bug 1191647 SUSE bug 1191958 SUSE bug 1195651 SUSE bug 1196426 SUSE bug 1197099 SUSE bug 1197219 SUSE bug 1197343 SUSE bug 1198400 SUSE bug 1198516 SUSE bug 1198660 SUSE bug 1198687 SUSE bug 1198742 SUSE bug 1198825 SUSE bug 1199012 SUSE bug 1199063 SUSE bug 1199314 SUSE bug 1199399 SUSE bug 1199426 SUSE bug 1199505 SUSE bug 1199605 SUSE bug 1199650 CVE-2019-20811 CVE-2021-20292 CVE-2021-20321 CVE-2021-33061 CVE-2021-38208 CVE-2021-39711 CVE-2021-43389 CVE-2022-1011 CVE-2022-1353 CVE-2022-1419 CVE-2022-1516 CVE-2022-1652 CVE-2022-1734 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-30594 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for webkit2gtk3 fixes the following issues: Update to version 2.36.3 (bsc#1200106) - CVE-2022-30293: Fixed heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer (bsc#1199287). - CVE-2022-26700: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26709: Fixed use after free issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26716: Fixed use after free issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26717: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26719: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). Important SUSE bug 1199287 SUSE bug 1200106 CVE-2022-26700 CVE-2022-26709 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-30293 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for apache2 fixes the following issues: - CVE-2022-26377: Fixed possible request smuggling in mod_proxy_ajp (bsc#1200338) - CVE-2022-28614: Fixed read beyond bounds via ap_rwrite() (bsc#1200340) - CVE-2022-28615: Fixed read beyond bounds in ap_strcmp_match() (bsc#1200341) - CVE-2022-29404: Fixed denial of service in mod_lua r:parsebody (bsc#1200345) - CVE-2022-30556: Fixed information disclosure in mod_lua with websockets (bsc#1200350) - CVE-2022-30522: Fixed mod_sed denial of service (bsc#1200352) - CVE-2022-31813: Fixed mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism (bsc#1200348) Important SUSE bug 1200338 SUSE bug 1200340 SUSE bug 1200341 SUSE bug 1200345 SUSE bug 1200348 SUSE bug 1200350 SUSE bug 1200352 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 CVE-2022-31813 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for openssl-1_0_0 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). Important SUSE bug 1199166 CVE-2022-1292 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for log4j fixes the following issues: - CVE-2022-23307: Fix deserialization issue by removing the chainsaw sub-package. (bsc#1194844) - CVE-2022-23305: Fix SQL injection by removing src/main/java/org/apache/log4j/jdbc/JDBCAppender.java. (bsc#1194843) - CVE-2022-23302: Fix remote code execution by removing src/main/java/org/apache/log4j/net/JMSSink.java. (bsc#1194842) Important SUSE bug 1194842 SUSE bug 1194843 SUSE bug 1194844 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update fixes the following issues: golang-github-QubitProducts-exporter_exporter: - Adapted to build on Enterprise Linux. - Fix build for RedHat 7 - Require Go >= 1.14 also for CentOS - Add support for CentOS - Replace %{?systemd_requires} with %{?systemd_ordering} golang-github-prometheus-alertmanager: - CVE-2022-21698: Denial of service using InstrumentHandlerCounter. * Update vendor tarball with prometheus/client_golang 1.11.1 (bsc#1196338, jsc#SLE-24077) - Update required Go version to 1.16 - Update to version 0.23.0: * amtool: Detect version drift and warn users (#2672) * Add ability to skip TLS verification for amtool (#2663) * Fix empty isEqual in amtool. (#2668) * Fix main tests (#2670) * cli: add new template render command (#2538) * OpsGenie: refer to alert instead of incident (#2609) * Docs: target_match and source_match are DEPRECATED (#2665) * Fix test not waiting for cluster member to be ready - Added hardening to systemd service(s) (bsc#1181400) golang-github-prometheus-node_exporter: - CVE-2022-21698: Denial of service using InstrumentHandlerCounter. * Update vendor tarball with prometheus/client_golang 1.11.1 (bsc#1196338, jsc#SLE-24238, jsc#SLE-24239) - Update to 1.3.0 * [CHANGE] Add path label to rapl collector #2146 * [CHANGE] Exclude filesystems under /run/credentials #2157 * [CHANGE] Add TCPTimeouts to netstat default filter #2189 * [FEATURE] Add lnstat collector for metrics from /proc/net/stat/ #1771 * [FEATURE] Add darwin powersupply collector #1777 * [FEATURE] Add support for monitoring GPUs on Linux #1998 * [FEATURE] Add Darwin thermal collector #2032 * [FEATURE] Add os release collector #2094 * [FEATURE] Add netdev.address-info collector #2105 * [FEATURE] Add clocksource metrics to time collector #2197 * [ENHANCEMENT] Support glob textfile collector directories #1985 * [ENHANCEMENT] ethtool: Expose node_ethtool_info metric #2080 * [ENHANCEMENT] Use include/exclude flags for ethtool filtering #2165 * [ENHANCEMENT] Add flag to disable guest CPU metrics #2123 * [ENHANCEMENT] Add DMI collector #2131 * [ENHANCEMENT] Add threads metrics to processes collector #2164 * [ENHANCMMENT] Reduce timer GC delays in the Linux filesystem collector #2169 * [ENHANCMMENT] Add TCPTimeouts to netstat default filter #2189 * [ENHANCMMENT] Use SysctlTimeval for boottime collector on BSD #2208 * [BUGFIX] ethtool: Sanitize metric names #2093 * [BUGFIX] Fix ethtool collector for multiple interfaces #2126 * [BUGFIX] Fix possible panic on macOS #2133 * [BUGFIX] Collect flag_info and bug_info only for one core #2156 * [BUGFIX] Prevent duplicate ethtool metric names #2187 - Update to 1.2.2 * Bug fixes Fix processes collector long int parsing #2112 - Update to 1.2.1 * Removed Remove obsolete capture permission denied error patch that is already included upstream Fix zoneinfo parsing prometheus/procfs#386 Fix nvme collector log noise #2091 Fix rapl collector log noise #2092 - Update to 1.2.0 * Changes Rename filesystem collector flags to match other collectors #2012 Make node_exporter print usage to STDOUT #203 * Features Add conntrack statistics metrics #1155 Add ethtool stats collector #1832 Add flag to ignore network speed if it is unknown #1989 Add tapestats collector for Linux #2044 Add nvme collector #2062 * Enhancements Add ErrorLog plumbing to promhttp #1887 Add more Infiniband counters #2019 netclass: retrieve interface names and filter before parsing #2033 Add time zone offset metric #2060 Handle errors from disabled PSI subsystem #1983 Fix panic when using backwards compatible flags #2000 Fix wrong value for OpenBSD memory buffer cache #2015 Only initiate collectors once #2048 Handle small backwards jumps in CPU idle #2067 - Apply patch to capture permission denied error for 'energy_uj' file (bsc#1190535) grafana: - Update to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422) + Security: * Fixes XSS vulnerability in handling data sources (bsc#1195726, CVE-2022-21702) * Fixes cross-origin request forgery vulnerability (bsc#1195727, CVE-2022-21703) * Fixes Insecure Direct Object Reference vulnerability in Teams API (bsc#1195728, CVE-2022-21713) - Update to Go 1.17. - Add build-time dependency on `wire`. - Update license to GNU Affero General Public License v3.0. - Update to version 8.3.4 * GetUserInfo: return an error if no user was found (bsc#1194873, CVE-2022-21673) + Features and enhancements: * Alerting: Allow configuration of non-ready alertmanagers. * Alerting: Allow customization of Google chat message. * AppPlugins: Support app plugins with only default nav. * InfluxDB: query editor: skip fields in metadata queries. * Postgres/MySQL/MSSQL: Cancel in-flight SQL query if user cancels query in grafana. * Prometheus: Forward oauth tokens after prometheus datasource migration. + Bug fixes: * Azure Monitor: Bug fix for variable interpolations in metrics dropdowns. * Azure Monitor: Improved error messages for variable queries. * CloudMonitoring: Fixes broken variable queries that use group bys. * Configuration: You can now see your expired API keys if you have no active ones. * Elasticsearch: Fix handling multiple datalinks for a single field. * Export: Fix error being thrown when exporting dashboards using query variables that reference the default datasource. * ImportDashboard: Fixes issue with importing dashboard and name ending up in uid. * Login: Page no longer overflows on mobile. * Plugins: Set backend metadata property for core plugins. * Prometheus: Fill missing steps with null values. * Prometheus: Fix interpolation of $__rate_interval variable. * Prometheus: Interpolate variables with curly brackets syntax. * Prometheus: Respect the http-method data source setting. * Table: Fixes issue with field config applied to wrong fields when hiding columns. * Toolkit: Fix bug with rootUrls not being properly parsed when signing a private plugin. * Variables: Fix so data source variables are added to adhoc configuration. + Plugin development fixes & changes: * Toolkit: Revert build config so tslib is bundled with plugins to prevent plugins from crashing. - Update to version 8.3.3: * BarChart: Use new data error view component to show actions in panel edit. * CloudMonitor: Iterate over pageToken for resources. * Macaron: Prevent WriteHeader invalid HTTP status code panic. * AnnoListPanel: Fix interpolation of variables in tags. * CloudWatch: Allow queries to have no dimensions specified. * CloudWatch: Fix broken queries for users migrating from 8.2.4/8.2.5 to 8.3.0. * CloudWatch: Make sure MatchExact flag gets the right value. * Dashboards: Fix so that empty folders can be deleted from the manage dashboards/folders page. * InfluxDB: Improve handling of metadata query errors in InfluxQL. * Loki: Fix adding of ad hoc filters for queries with parser and line_format expressions. * Prometheus: Fix running of exemplar queries for non-histogram metrics. * Prometheus: Interpolate template variables in interval. * StateTimeline: Fix toolitp not showing when for frames with multiple fields. * TraceView: Fix virtualized scrolling when trace view is opened in right pane in Explore. * Variables: Fix repeating panels for on time range changed variables. * Variables: Fix so queryparam option works for scoped - Update to version 8.3.2 + Security: Fixes CVE-2021-43813 and CVE-2021-43815. - Update to version 8.3.1 + Security: Fixes CVE-2021-43798. - Update to version 8.3.0 * Alerting: Prevent folders from being deleted when they contain alerts. * Alerting: Show full preview value in tooltip. * BarGauge: Limit title width when name is really long. * CloudMonitoring: Avoid to escape regexps in filters. * CloudWatch: Add support for AWS Metric Insights. * TooltipPlugin: Remove other panels' shared tooltip in edit panel. * Visualizations: Limit y label width to 40% of visualization width. * Alerting: Clear alerting rule evaluation errors after intermittent failures. * Alerting: Fix refresh on legacy Alert List panel. * Dashboard: Fix queries for panels with non-integer widths. * Explore: Fix url update inconsistency. * Prometheus: Fix range variables interpolation for time ranges smaller than 1 second. * ValueMappings: Fixes issue with regex value mapping that only sets color. - Update to version 8.3.0-beta2 + Breaking changes: * Grafana 8 Alerting enabled by default for installations that do not use legacy alerting. * Keep Last State for 'If execution error or timeout' when upgrading to Grafana 8 alerting. * Alerting: Create DatasourceError alert if evaluation returns error. * Alerting: Make Unified Alerting enabled by default for those who do not use legacy alerting. * Alerting: Support mute timings configuration through the api for the embedded alert manager. * CloudWatch: Add missing AWS/Events metrics. * Docs: Add easier to find deprecation notices to certain data sources and to the changelog. * Plugins Catalog: Enable install controls based on the pluginAdminEnabled flag. * Table: Add space between values for the DefaultCell and JSONViewCell. * Tracing: Make query editors available in dashboard for Tempo and Zipkin. * AccessControl: Renamed orgs roles, removed fixed:orgs:reader introduced in beta1. * Azure Monitor: Add trap focus for modals in grafana/ui and other small a11y fixes for Azure Monitor. * CodeEditor: Prevent suggestions from being clipped. * Dashboard: Fix cache timeout persistence. * Datasource: Fix stable sort order of query responses. * Explore: Fix error in query history when removing last item. * Logs: Fix requesting of older logs when flipped order. * Prometheus: Fix running of health check query based on access mode. * TextPanel: Fix suggestions for existing panels. * Tracing: Fix incorrect indentations due to reoccurring spanIDs. * Tracing: Show start time of trace with milliseconds precision. * Variables: Make renamed or missing variable section expandable. * Select: Select menus now properly scroll during keyboard navigation. - Update to version 8.3.0-beta1 * Alerting: Add UI for contact point testing with custom annotations and labels. * Alerting: Make alert state indicator in panel header work with Grafana 8 alerts. * Alerting: Option for Discord notifier to use webhook name. * Annotations: Deprecate AnnotationsSrv. * Auth: Omit all base64 paddings in JWT tokens for the JWT auth. * Azure Monitor: Clean up fields when editing Metrics. * AzureMonitor: Add new starter dashboards. * AzureMonitor: Add starter dashboard for app monitoring with Application Insights. * Barchart/Time series: Allow x axis label. * CLI: Improve error handling for installing plugins. * CloudMonitoring: Migrate to use backend plugin SDK contracts. * CloudWatch Logs: Add retry strategy for hitting max concurrent queries. * CloudWatch: Add AWS RoboMaker metrics and dimension. * CloudWatch: Add AWS Transfer metrics and dimension. * Dashboard: replace datasource name with a reference object. * Dashboards: Show logs on time series when hovering. * Elasticsearch: Add support for Elasticsearch 8.0 (Beta). * Elasticsearch: Add time zone setting to Date Histogram aggregation. * Elasticsearch: Enable full range log volume histogram. * Elasticsearch: Full range logs volume. * Explore: Allow changing the graph type. * Explore: Show ANSI colors when highlighting matched words in the logs panel. * Graph(old) panel: Listen to events from Time series panel. * Import: Load gcom dashboards from URL. * LibraryPanels: Improves export and import of library panels between orgs. * OAuth: Support PKCE. * Panel edit: Overrides now highlight correctly when searching. * PanelEdit: Display drag indicators on draggable sections. * Plugins: Refactor Plugin Management. * Prometheus: Add custom query parameters when creating PromLink url. * Prometheus: Remove limits on metrics, labels, and values in Metrics Browser. * StateTimeline: Share cursor with rest of the panels. * Tempo: Add error details when json upload fails. * Tempo: Add filtering for service graph query. * Tempo: Add links to nodes in Service Graph pointing to Prometheus metrics. * Time series/Bar chart panel: Add ability to sort series via legend. * TimeSeries: Allow multiple axes for the same unit. * TraceView: Allow span links defined on dataFrame. * Transformations: Support a rows mode in labels to fields. * ValueMappings: Don't apply field config defaults to time fields. * Variables: Only update panels that are impacted by variable change. * API: Fix dashboard quota limit for imports. * Alerting: Fix rule editor issues with Azure Monitor data source. * Azure monitor: Make sure alert rule editor is not enabled when template variables are being used. * CloudMonitoring: Fix annotation queries. * CodeEditor: Trigger the latest getSuggestions() passed to CodeEditor. * Dashboard: Remove the current panel from the list of options in the Dashboard datasource. * Encryption: Fix decrypting secrets in alerting migration. * InfluxDB: Fix corner case where index is too large in ALIAS * NavBar: Order App plugins alphabetically. * NodeGraph: Fix zooming sensitivity on touchpads. * Plugins: Add OAuth pass-through logic to api/ds/query endpoint. * Snapshots: Fix panel inspector for snapshot data. * Tempo: Fix basic auth password reset on adding tag. * ValueMapping: Fixes issue with regex mappings. * grafana/ui: Enable slider marks display. - Update to version 8.2.7 - Update to version 8.2.6 * Security: Upgrade Docker base image to Alpine 3.14.3. * Security: Upgrade Go to 1.17.2. * TimeSeries: Fix fillBelowTo wrongly affecting fills of unrelated series. - Update to version 8.2.5 * Fix No Data behaviour in Legacy Alerting. * Alerting: Fix a bug where the metric in the evaluation string was not correctly populated. * Alerting: Fix no data behaviour in Legacy Alerting for alert rules using the AND operator. * CloudMonitoring: Ignore min and max aggregation in MQL queries. * Dashboards: 'Copy' is no longer added to new dashboard titles. * DataProxy: Fix overriding response body when response is a WebSocket upgrade. * Elasticsearch: Use field configured in query editor as field for date_histogram aggregations. * Explore: Fix running queries without a datasource property set. * InfluxDB: Fix numeric aliases in queries. * Plugins: Ensure consistent plugin settings list response. * Tempo: Fix validation of float durations. * Tracing: Correct tags for each span are shown. - Update to version 8.2.4 + Security: Fixes CVE-2021-41244. - Update to version 8.2.3 + Security: Fixes CVE-2021-41174. - Update to version 8.2.2 * Annotations: We have improved tag search performance. * Application: You can now configure an error-template title. * AzureMonitor: We removed a restriction from the resource filter query. * Packaging: We removed the ProcSubset option in systemd. This option prevented Grafana from starting in LXC environments. * Prometheus: We removed the autocomplete limit for metrics. * Table: We improved the styling of the type icons to make them more distinct from column / field name. * ValueMappings: You can now use value mapping in stat, gauge, bar gauge, and pie chart visualizations. * Alerting: Fix panic when Slack's API sends unexpected response. * Alerting: The Create Alert button now appears on the dashboard panel when you are working with a default datasource. * Explore: We fixed the problem where the Explore log panel disappears when an Elasticsearch logs query returns no results. * Graph: You can now see annotation descriptions on hover. * Logs: The system now uses the JSON parser only if the line is parsed to an object. * Prometheus: We fixed the issue where the system did not reuse TCP connections when querying from Grafana alerting. * Prometheus: We fixed the problem that resulted in an error when a user created a query with a $__interval min step. * RowsToFields: We fixed the issue where the system was not properly interpreting number values. * Scale: We fixed how the system handles NaN percent when data min = data max. * Table panel: You can now create a filter that includes special characters. - Update to version 8.2.1 * Dashboard: Fix rendering of repeating panels. * Datasources: Fix deletion of data source if plugin is not found. * Packaging: Remove systemcallfilters sections from systemd unit files. * Prometheus: Add Headers to HTTP client options. - Update to version 8.2.0 * AWS: Updated AWS authentication documentation. * Alerting: Added support Alertmanager data source for upstream Prometheus AM implementation. * Alerting: Allows more characters in label names so notifications are sent. * Alerting: Get alert rules for a dashboard or a panel using /api/v1/rules endpoints. * Annotations: Improved rendering performance of event markers. * CloudWatch Logs: Skip caching for log queries. * Explore: Added an opt-in configuration for Node Graph in Jaeger, Zipkin, and Tempo. * Packaging: Add stricter systemd unit options. * Prometheus: Metrics browser can now handle label values with * CodeEditor: Ensure that we trigger the latest onSave callback provided to the component. * DashboardList/AlertList: Fix for missing All folder value. * Plugins: Create a mock icon component to prevent console errors. - Update to version 8.2.0-beta2 * AccessControl: Document new permissions restricting data source access. * TimePicker: Add fiscal years and search to time picker. * Alerting: Added support for Unified Alerting with Grafana HA. * Alerting: Added support for tune rule evaluation using configuration options. * Alerting: Cleanups alertmanager namespace from key-value store when disabling Grafana 8 alerts. * Alerting: Remove ngalert feature toggle and introduce two new settings for enabling Grafana 8 alerts and disabling them for specific organisations. * CloudWatch: Introduced new math expression where it is necessary to specify the period field. * InfluxDB: Added support for $__interval and $__interval_ms in Flux queries for alerting. * InfluxDB: Flux queries can use more precise start and end timestamps with nanosecond-precision. * Plugins Catalog: Make the catalog the default way to interact with plugins. * Prometheus: Removed autocomplete limit for metrics. * Alerting: Fixed an issue where the edit page crashes if you tried to preview an alert without a condition set. * Alerting: Fixed rules migration to keep existing Grafana 8 alert rules. * Alerting: Fixed the silence file content generated during * Analytics: Fixed an issue related to interaction event propagation in Azure Application Insights. * BarGauge: Fixed an issue where the cell color was lit even though there was no data. * BarGauge: Improved handling of streaming data. * CloudMonitoring: Fixed INT64 label unmarshal error. * ConfirmModal: Fixes confirm button focus on modal open. * Dashboard: Add option to generate short URL for variables with values containing spaces. * Explore: No longer hides errors containing refId property. * Fixed an issue that produced State timeline panel tooltip error when data was not in sync. * InfluxDB: InfluxQL query editor is set to always use resultFormat. * Loki: Fixed creating context query for logs with parsed labels. * PageToolbar: Fixed alignment of titles. * Plugins Catalog: Update to the list of available panels after an install, update or uninstall. * TimeSeries: Fixed an issue where the shared cursor was not showing when hovering over in old Graph panel. * Variables: Fixed issues related to change of focus or refresh pages when pressing enter in a text box variable input. * Variables: Panel no longer crash when using the adhoc variable in data links. - Update to version 8.2.0-beta1 * AccessControl: Introduce new permissions to restrict access for reloading provisioning configuration. * Alerting: Add UI to edit Cortex/Loki namespace, group names, and group evaluation interval. * Alerting: Add a Test button to test contact point. * Alerting: Allow creating/editing recording rules for Loki and Cortex. * Alerting: Metrics should have the label org instead of user. * Alerting: Sort notification channels by name to make them easier to locate. * Alerting: Support org level isolation of notification * AzureMonitor: Add data links to deep link to Azure Portal Azure Resource Graph. * AzureMonitor: Add support for annotations from Azure Monitor Metrics and Azure Resource Graph services. * AzureMonitor: Show error message when subscriptions request fails in ConfigEditor. * Chore: Update to Golang 1.16.7. * CloudWatch Logs: Add link to X-Ray data source for trace IDs in logs. * CloudWatch Logs: Disable query path using websockets (Live) feature. * CloudWatch/Logs: Don't group dataframes for non time series * Cloudwatch: Migrate queries that use multiple stats to one query per stat. * Dashboard: Keep live timeseries moving left (v2). * Datasources: Introduce response_limit for datasource responses. * Explore: Add filter by trace or span ID to trace to logs * Explore: Download traces as JSON in Explore Inspector. * Explore: Reuse Dashboard's QueryRows component. * Explore: Support custom display label for derived fields buttons for Loki datasource. * Grafana UI: Update monaco-related dependencies. * Graphite: Deprecate browser access mode. * InfluxDB: Improve handling of intervals in alerting. * InfluxDB: InfluxQL query editor: Handle unusual characters in tag values better. * Jaeger: Add ability to upload JSON file for trace data. * LibraryElements: Enable specifying UID for new and existing library elements. * LibraryPanels: Remove library panel icon from the panel header so you can no longer tell that a panel is a library panel from the dashboard view. * Logs panel: Scroll to the bottom on page refresh when sorting in ascending order. * Loki: Add fuzzy search to label browser. * Navigation: Implement active state for items in the Sidemenu. * Packaging: Update PID file location from /var/run to /run. * Plugins: Add Hide OAuth Forward config option. * Postgres/MySQL/MSSQL: Add setting to limit the maximum number of rows processed. * Prometheus: Add browser access mode deprecation warning. * Prometheus: Add interpolation for built-in-time variables to backend. * Tempo: Add ability to upload trace data in JSON format. * TimeSeries/XYChart: Allow grid lines visibility control in XYChart and TimeSeries panels. * Transformations: Convert field types to time string number or boolean. * Value mappings: Add regular-expression based value mapping. * Zipkin: Add ability to upload trace JSON. * Admin: Prevent user from deleting user's current/active organization. * LibraryPanels: Fix library panel getting saved in the dashboard's folder. * OAuth: Make generic teams URL and JMES path configurable. * QueryEditor: Fix broken copy-paste for mouse middle-click * Thresholds: Fix undefined color in 'Add threshold'. * Timeseries: Add wide-to-long, and fix multi-frame output. * TooltipPlugin: Fix behavior of Shared Crosshair when Tooltip is set to All. * Grafana UI: Fix TS error property css is missing in type. - Update to version 8.1.8 - Update to version 8.1.7 * Alerting: Fix alerts with evaluation interval more than 30 seconds resolving before notification. * Elasticsearch/Prometheus: Fix usage of proper SigV4 service namespace. - Update to version 8.1.6 + Security: Fixes CVE-2021-39226. - Update to version 8.1.5 * BarChart: Fixes panel error that happens on second refresh. - Update to version 8.1.4 + Features and enhancements * Explore: Ensure logs volume bar colors match legend colors. * LDAP: Search all DNs for users. * Alerting: Fix notification channel migration. * Annotations: Fix blank panels for queries with unknown data sources. * BarChart: Fix stale values and x axis labels. * Graph: Make old graph panel thresholds work even if ngalert is enabled. * InfluxDB: Fix regex to identify / as separator. * LibraryPanels: Fix update issues related to library panels in rows. * Variables: Fix variables not updating inside a Panel when the preceding Row uses 'Repeat For'. - Update to version 8.1.3 + Bug fixes * Alerting: Fix alert flapping in the internal alertmanager. * Alerting: Fix request handler failed to convert dataframe 'results' to plugins.DataTimeSeriesSlice: input frame is not recognized as a time series. * Dashboard: Fix UIDs are not preserved when importing/creating dashboards thru importing .json file. * Dashboard: Forces panel re-render when exiting panel edit. * Dashboard: Prevent folder from changing when navigating to general settings. * Docker: Force use of libcrypto1.1 and libssl1.1 versions to fix CVE-2021-3711. * Elasticsearch: Fix metric names for alert queries. * Elasticsearch: Limit Histogram field parameter to numeric values. * Elasticsearch: Prevent pipeline aggregations to show up in terms order by options. * LibraryPanels: Prevent duplicate repeated panels from being created. * Loki: Fix ad-hoc filter in dashboard when used with parser. * Plugins: Track signed files + add warn log for plugin assets which are not signed. * Postgres/MySQL/MSSQL: Fix region annotations not displayed correctly. * Prometheus: Fix validate selector in metrics browser. * Security: Fix stylesheet injection vulnerability. * Security: Fix short URL vulnerability. - Update to version 8.1.2 * AzureMonitor: Add support for PostgreSQL and MySQL Flexible Servers. * Datasource: Change HTTP status code for failed datasource health check to 400. * Explore: Add span duration to left panel in trace viewer. * Plugins: Use file extension allowlist when serving plugin assets instead of checking for UNIX executable. * Profiling: Add support for binding pprof server to custom network interfaces. * Search: Make search icon keyboard navigable. * Template variables: Keyboard navigation improvements. * Tooltip: Display ms within minute time range. * Alerting: Fix saving LINE contact point. * Annotations: Fix alerting annotation coloring. * Annotations: Alert annotations are now visible in the correct Panel. * Auth: Hide SigV4 config UI and disable middleware when its config flag is disabled. * Dashboard: Prevent incorrect panel layout by comparing window width against theme breakpoints. * Explore: Fix showing of full log context. * PanelEdit: Fix 'Actual' size by passing the correct panel size to Dashboard. * Plugins: Fix TLS datasource settings. * Variables: Fix issue with empty drop downs on navigation. * Variables: Fix URL util converting false into true. * Toolkit: Fix matchMedia not found error. - Update to version 8.1.1 * CloudWatch Logs: Fix crash when no region is selected. - Update to version 8.1.0 * Alerting: Deduplicate receivers during migration. * ColorPicker: Display colors as RGBA. * Select: Make portalling the menu opt-in, but opt-in everywhere. * TimeRangePicker: Improve accessibility. * Annotations: Correct annotations that are displayed upon page refresh. * Annotations: Fix Enabled button that disappeared from Grafana v8.0.6. * Annotations: Fix data source template variable that was not available for annotations. * AzureMonitor: Fix annotations query editor that does not load. * Geomap: Fix scale calculations. * GraphNG: Fix y-axis autosizing. * Live: Display stream rate and fix duplicate channels in list * Loki: Update labels in log browser when time range changes in dashboard. * NGAlert: Send resolve signal to alertmanager on alerting -> Normal. * PasswordField: Prevent a password from being displayed when you click the Enter button. * Renderer: Remove debug.log file when Grafana is stopped. * Security: Update dependencies to fix CVE-2021-36222. - Update to version 8.1.0-beta3 * Alerting: Support label matcher syntax in alert rule list filter. * IconButton: Put tooltip text as aria-label. * Live: Experimental HA with Redis. * UI: FileDropzone component. * CloudWatch: Add AWS LookoutMetrics. * Docker: Fix builds by delaying go mod verify until all required files are copied over. * Exemplars: Fix disable exemplars only on the query that failed. * SQL: Fix SQL dataframe resampling (fill mode + time intervals). - Update to version 8.1.0-beta2 * Alerting: Expand the value string in alert annotations and * Auth: Add Azure HTTP authentication middleware. * Auth: Auth: Pass user role when using the authentication proxy. * Gazetteer: Update countries.json file to allow for linking to 3-letter country codes. * Config: Fix Docker builds by correcting formatting in sample.ini. * Explore: Fix encoding of internal URLs. - Update to version 8.1.0-beta1 * Alerting: Add Alertmanager notifications tab. * Alerting: Add button to deactivate current Alertmanager * Alerting: Add toggle in Loki/Prometheus data source configuration to opt out of alerting UI. * Alerting: Allow any 'evaluate for' value >=0 in the alert rule form. * Alerting: Load default configuration from status endpoint, if Cortex Alertmanager returns empty user configuration. * Alerting: view to display alert rule and its underlying data. * Annotation panel: Release the annotation panel. * Annotations: Add typeahead support for tags in built-in annotations. * AzureMonitor: Add curated dashboards for Azure services. * AzureMonitor: Add support for deep links to Microsoft Azure portal for Metrics. * AzureMonitor: Remove support for different credentials for Azure Monitor Logs. * AzureMonitor: Support querying any Resource for Logs queries. * Elasticsearch: Add frozen indices search support. * Elasticsearch: Name fields after template variables values instead of their name. * Elasticsearch: add rate aggregation. * Email: Allow configuration of content types for email notifications. * Explore: Add more meta information when line limit is hit. * Explore: UI improvements to trace view. * FieldOverrides: Added support to change display name in an override field and have it be matched by a later rule. * HTTP Client: Introduce dataproxy_max_idle_connections config variable. * InfluxDB: InfluxQL: adds tags to timeseries data. * InfluxDB: InfluxQL: make measurement search case insensitive. Legacy Alerting: Replace simplejson with a struct in webhook notification channel. * Legend: Updates display name for Last (not null) to just Last*. * Logs panel: Add option to show common labels. * Loki: Add $__range variable. * Loki: Add support for 'label_values(log stream selector, label)' in templating. * Loki: Add support for ad-hoc filtering in dashboard. * MySQL Datasource: Add timezone parameter. * NodeGraph: Show gradient fields in legend. * PanelOptions: Don't mutate panel options/field config object when updating. * PieChart: Make pie gradient more subtle to match other charts. * Prometheus: Update PromQL typeahead and highlighting. * Prometheus: interpolate variable for step field. * Provisioning: Improve validation by validating across all dashboard providers. * SQL Datasources: Allow multiple string/labels columns with time series. * Select: Portal select menu to document.body. * Team Sync: Add group mapping to support team sync in the Generic OAuth provider. * Tooltip: Make active series more noticeable. * Tracing: Add support to configure trace to logs start and end time. * Transformations: Skip merge when there is only a single data frame. * ValueMapping: Added support for mapping text to color, boolean values, NaN and Null. Improved UI for value mapping. * Visualizations: Dynamically set any config (min, max, unit, color, thresholds) from query results. * live: Add support to handle origin without a value for the port when matching with root_url. * Alerting: Handle marshaling Inf values. * AzureMonitor: Fix macro resolution for template variables. * AzureMonitor: Fix queries with Microsoft.NetApp/../../volumes resources. * AzureMonitor: Request and concat subsequent resource pages. * Bug: Fix parse duration for day. * Datasources: Improve error handling for error messages. * Explore: Correct the functionality of shift-enter shortcut across all uses. * Explore: Show all dataFrames in data tab in Inspector. * GraphNG: Fix Tooltip mode 'All' for XYChart. * Loki: Fix highlight of logs when using filter expressions with backticks. * Modal: Force modal content to overflow with scroll. * Plugins: Ignore symlinked folders when verifying plugin signature. * Toolkit: Improve error messages when tasks fail. - Update to version 8.0.7 - Update to version 8.0.6 * Alerting: Add annotation upon alert state change. * Alerting: Allow space in label and annotation names. * InfluxDB: Improve legend labels for InfluxDB query results. * Alerting: Fix improper alert by changing the handling of empty labels. * CloudWatch/Logs: Reestablish Cloud Watch alert behavior. * Dashboard: Avoid migration breaking on fieldConfig without defaults field in folded panel. * DashboardList: Fix issue not re-fetching dashboard list after variable change. * Database: Fix incorrect format of isolation level configuration parameter for MySQL. * InfluxDB: Correct tag filtering on InfluxDB data. * Links: Fix links that caused a full page reload. * Live: Fix HTTP error when InfluxDB metrics have an incomplete or asymmetrical field set. * Postgres/MySQL/MSSQL: Change time field to 'Time' for time series queries. * Postgres: Fix the handling of a null return value in query * Tempo: Show hex strings instead of uints for IDs. * TimeSeries: Improve tooltip positioning when tooltip overflows. * Transformations: Add 'prepare time series' transformer. - Update to version 8.0.5 * Cloudwatch Logs: Send error down to client. * Folders: Return 409 Conflict status when folder already exists. * TimeSeries: Do not show series in tooltip if it's hidden in the viz. * AzureMonitor: Fix issue where resource group name is missing on the resource picker button. * Chore: Fix AWS auth assuming role with workspace IAM. * DashboardQueryRunner: Fixes unrestrained subscriptions being * DateFormats: Fix reading correct setting key for use_browser_locale. * Links: Fix links to other apps outside Grafana when under sub path. * Snapshots: Fix snapshot absolute time range issue. * Table: Fix data link color. * Time Series: Fix X-axis time format when tick increment is larger than a year. * Tooltip Plugin: Prevent tooltip render if field is undefined. - Update to version 8.0.4 * Live: Rely on app url for origin check. * PieChart: Sort legend descending, update placeholder. * TimeSeries panel: Do not reinitialize plot when thresholds mode change. * Elasticsearch: Allow case sensitive custom options in date_histogram interval. * Elasticsearch: Restore previous field naming strategy when using variables. * Explore: Fix import of queries between SQL data sources. * InfluxDB: InfluxQL query editor: fix retention policy handling. * Loki: Send correct time range in template variable queries. * TimeSeries: Preserve RegExp series overrides when migrating from old graph panel. - Update to version 8.0.3 * Alerting: Increase alertmanager_conf column if MySQL. * Time series/Bar chart panel: Handle infinite numbers as nulls when converting to plot array. * TimeSeries: Ensure series overrides that contain color are migrated, and migrate the previous fieldConfig when changing the panel type. * ValueMappings: Improve singlestat value mappings migration. * Annotations: Fix annotation line and marker colors. * AzureMonitor: Fix KQL template variable queries without default workspace. * CloudWatch/Logs: Fix missing response data for log queries. * LibraryPanels: Fix crash in library panels list when panel plugin is not found. * LogsPanel: Fix performance drop when moving logs panel in * Loki: Parse log levels when ANSI coloring is enabled. * MSSQL: Fix issue with hidden queries still being executed. * PanelEdit: Display the VisualizationPicker that was not displayed if a panel has an unknown panel plugin. * Plugins: Fix loading symbolically linked plugins. * Prometheus: Fix issue where legend name was replaced with name Value in stat and gauge panels. * State Timeline: Fix crash when hovering over panel. - Update to version 8.0.2 * Datasource: Add support for max_conns_per_host in dataproxy settings. * Configuration: Fix changing org preferences in FireFox. * PieChart: Fix legend dimension limits. * Postgres/MySQL/MSSQL: Fix panic in concurrent map writes. * Variables: Hide default data source if missing from regex. - Update to version 8.0.1 * Alerting/SSE: Fix 'count_non_null' reducer validation. * Cloudwatch: Fix duplicated time series. * Cloudwatch: Fix missing defaultRegion. * Dashboard: Fix Dashboard init failed error on dashboards with old singlestat panels in collapsed rows. * Datasource: Fix storing timeout option as numeric. * Postgres/MySQL/MSSQL: Fix annotation parsing for empty * Postgres/MySQL/MSSQL: Numeric/non-string values are now returned from query variables. * Postgres: Fix an error that was thrown when the annotation query did not return any results. * StatPanel: Fix an issue with the appearance of the graph when switching color mode. * Visualizations: Fix an issue in the Stat/BarGauge/Gauge/PieChart panels where all values mode were showing the same name if they had the same value. * Toolkit: Resolve external fonts when Grafana is served from a sub path. - Update to version 8.0.0 * The following endpoints were deprecated for Grafana v5.0 and support for them has now been removed: GET /dashboards/db/:slug GET /dashboard-solo/db/:slug GET /api/dashboard/db/:slug DELETE /api/dashboards/db/:slug * AzureMonitor: Require default subscription for workspaces() template variable query. * AzureMonitor: Use resource type display names in the UI. * Dashboard: Remove support for loading and deleting dashboard by slug. * InfluxDB: Deprecate direct browser access in data source. * VizLegend: Add a read-only property. * AzureMonitor: Fix Azure Resource Graph queries in Azure China. * Checkbox: Fix vertical layout issue with checkboxes due to fixed height. * Dashboard: Fix Table view when editing causes the panel data to not update. * Dashboard: Fix issues where unsaved-changes warning is not displayed. * Login: Fixes Unauthorized message showing when on login page or snapshot page. * NodeGraph: Fix sorting markers in grid view. * Short URL: Include orgId in generated short URLs. * Variables: Support raw values of boolean type. - Update to version 8.0.0-beta3 * The default HTTP method for Prometheus data source is now POST. * API: Support folder UID in dashboards API. * Alerting: Add support for configuring avatar URL for the Discord notifier. * Alerting: Clarify that Threema Gateway Alerts support only Basic IDs. * Azure: Expose Azure settings to external plugins. * AzureMonitor: Deprecate using separate credentials for Azure Monitor Logs. * AzureMonitor: Display variables in resource picker for Azure * AzureMonitor: Hide application insights for data sources not using it. * AzureMonitor: Support querying subscriptions and resource groups in Azure Monitor Logs. * AzureMonitor: remove requirement for default subscription. * CloudWatch: Add Lambda@Edge Amazon CloudFront metrics. * CloudWatch: Add missing AWS AppSync metrics. * ConfirmModal: Auto focus delete button. * Explore: Add caching for queries that are run from logs * Loki: Add formatting for annotations. * Loki: Bring back processed bytes as meta information. * NodeGraph: Display node graph collapsed by default with trace view. * Overrides: Include a manual override option to hide something from visualization. * PieChart: Support row data in pie charts. * Prometheus: Update default HTTP method to POST for existing data sources. * Time series panel: Position tooltip correctly when window is scrolled or resized. * Admin: Fix infinite loading edit on the profile page. * Color: Fix issues with random colors in string and date * Dashboard: Fix issue with title or folder change has no effect after exiting settings view. * DataLinks: Fix an issue __series.name is not working in data link. * Datasource: Fix dataproxy timeout should always be applied for outgoing data source HTTP requests. * Elasticsearch: Fix NewClient not passing httpClientProvider to client impl. * Explore: Fix Browser title not updated on Navigation to Explore. * GraphNG: Remove fieldName and hideInLegend properties from UPlotSeriesBuilder. * OAuth: Fix fallback to auto_assign_org_role setting for Azure AD OAuth when no role claims exists. * PanelChrome: Fix issue with empty panel after adding a non data panel and coming back from panel edit. * StatPanel: Fix data link tooltip not showing for single value. * Table: Fix sorting for number fields. * Table: Have text underline for datalink, and add support for image datalink. * Transformations: Prevent FilterByValue transform from crashing panel edit. - Update to version 8.0.0-beta2 * AppPlugins: Expose react-router to apps. * AzureMonitor: Add Azure Resource Graph. * AzureMonitor: Managed Identity configuration UI. * AzureMonitor: Token provider with support for Managed Identities. * AzureMonitor: Update Logs workspace() template variable query to return resource URIs. * BarChart: Value label sizing. * CloudMonitoring: Add support for preprocessing. * CloudWatch: Add AWS/EFS StorageBytes metric. * CloudWatch: Allow use of missing AWS namespaces using custom * Datasource: Shared HTTP client provider for core backend data sources and any data source using the data source proxy. * InfluxDB: InfluxQL: allow empty tag values in the query editor. * Instrumentation: Instrument incoming HTTP request with histograms by default. * Library Panels: Add name endpoint & unique name validation to AddLibraryPanelModal. * Logs panel: Support details view. * PieChart: Always show the calculation options dropdown in the * PieChart: Remove beta flag. * Plugins: Enforce signing for all plugins. * Plugins: Remove support for deprecated backend plugin protocol version. * Tempo/Jaeger: Add better display name to legend. * Timeline: Add time range zoom. * Timeline: Adds opacity & line width option. * Timeline: Value text alignment option. * ValueMappings: Add duplicate action, and disable dismiss on backdrop click. * Zipkin: Add node graph view to trace response. * Annotations panel: Remove subpath from dashboard links. * Content Security Policy: Allow all image sources by default. * Content Security Policy: Relax default template wrt. loading of scripts, due to nonces not working. * Datasource: Fix tracing propagation for alert execution by introducing HTTP client outgoing tracing middleware. * InfluxDB: InfluxQL always apply time interval end. * Library Panels: Fixes 'error while loading library panels'. * NewsPanel: Fixes rendering issue in Safari. * PanelChrome: Fix queries being issued again when scrolling in and out of view. * Plugins: Fix Azure token provider cache panic and auth param nil value. * Snapshots: Fix key and deleteKey being ignored when creating an external snapshot. * Table: Fix issue with cell border not showing with colored background cells. * Table: Makes tooltip scrollable for long JSON values. * TimeSeries: Fix for Connected null values threshold toggle during panel editing. * Variables: Fixes inconsistent selected states on dashboard * Variables: Refreshes all panels even if panel is full screen. * QueryField: Remove carriage return character from pasted text. - Update to version 8.0.0-beta1 + License update: * AGPL License: Update license from Apache 2.0 to the GNU Affero General Public License (AGPL). * Removes the never refresh option for Query variables. * Removes the experimental Tags feature for Variables. + Deprecations: * The InfoBox & FeatureInfoBox are now deprecated please use the Alert component instead with severity info. * API: Add org users with pagination. * API: Return 404 when deleting nonexistent API key. * API: Return query results as JSON rather than base64 encoded Arrow. * Alerting: Allow sending notification tags to Opsgenie as extra properties. * Alerts: Replaces all uses of InfoBox & FeatureInfoBox with Alert. * Auth: Add support for JWT Authentication. * AzureMonitor: Add support for Microsoft.SignalRService/SignalR metrics. * AzureMonitor: Azure settings in Grafana server config. * AzureMonitor: Migrate Metrics query editor to React. * BarChart panel: enable series toggling via legend. * BarChart panel: Adds support for Tooltip in BarChartPanel. * PieChart panel: Change look of highlighted pie slices. * CloudMonitoring: Migrate config editor from angular to react. * CloudWatch: Add Amplify Console metrics and dimensions. * CloudWatch: Add missing Redshift metrics to CloudWatch data * CloudWatch: Add metrics for managed RabbitMQ service. * DashboardList: Enable templating on search tag input. * Datasource config: correctly remove single custom http header. * Elasticsearch: Add generic support for template variables. * Elasticsearch: Allow omitting field when metric supports inline script. * Elasticsearch: Allow setting a custom limit for log queries. * Elasticsearch: Guess field type from first non-empty value. * Elasticsearch: Use application/x-ndjson content type for multisearch requests. * Elasticsearch: Use semver strings to identify ES version. * Explore: Add logs navigation to request more logs. * Explore: Map Graphite queries to Loki. * Explore: Scroll split panes in Explore independently. * Explore: Wrap each panel in separate error boundary. * FieldDisplay: Smarter naming of stat values when visualising row values (all values) in stat panels. * Graphite: Expand metric names for variables. * Graphite: Handle unknown Graphite functions without breaking the visual editor. * Graphite: Show graphite functions descriptions. * Graphite: Support request cancellation properly (Uses new backendSrv.fetch Observable request API). * InfluxDB: Flux: Improve handling of complex response-structures. * InfluxDB: Support region annotations. * Inspector: Download logs for manual processing. * Jaeger: Add node graph view for trace. * Jaeger: Search traces. * Loki: Use data source settings for alerting queries. * NodeGraph: Exploration mode. * OAuth: Add support for empty scopes. * PanelChrome: New logic-less emotion based component with no dependency on PanelModel or DashboardModel. * PanelEdit: Adds a table view toggle to quickly view data in table form. * PanelEdit: Highlight matched words when searching options. * PanelEdit: UX improvements. * Plugins: PanelRenderer and simplified QueryRunner to be used from plugins. * Plugins: AuthType in route configuration and params interpolation. * Plugins: Enable plugin runtime install/uninstall capabilities. * Plugins: Support set body content in plugin routes. * Plugins: Introduce marketplace app. * Plugins: Moving the DataSourcePicker to grafana/runtime so it can be reused in plugins. * Prometheus: Add custom query params for alert and exemplars * Prometheus: Use fuzzy string matching to autocomplete metric names and label. * Routing: Replace Angular routing with react-router. * Slack: Use chat.postMessage API by default. * Tempo: Search for Traces by querying Loki directly from Tempo. * Tempo: Show graph view of the trace. * Themes: Switch theme without reload using global shortcut. * TimeSeries panel: Add support for shared cursor. * TimeSeries panel: Do not crash the panel if there is no time series data in the response. * Variables: Do not save repeated panels, rows and scopedVars. * Variables: Removes experimental Tags feature. * Variables: Removes the never refresh option. * Visualizations: Unify tooltip options across visualizations. * Visualizations: Refactor and unify option creation between new visualizations. * Visualizations: Remove singlestat panel. * APIKeys: Fixes issue with adding first api key. * Alerting: Add checks for non supported units - disable defaulting to seconds. * Alerting: Fix issue where Slack notifications won't link to user IDs. * Alerting: Omit empty message in PagerDuty notifier. * AzureMonitor: Fix migration error from older versions of App Insights queries. * CloudWatch: Fix AWS/Connect dimensions. * CloudWatch: Fix broken AWS/MediaTailor dimension name. * Dashboards: Allow string manipulation as advanced variable format option. * DataLinks: Includes harmless extended characters like Cyrillic characters. * Drawer: Fixes title overflowing its container. * Explore: Fix issue when some query errors were not shown. * Generic OAuth: Prevent adding duplicated users. * Graphite: Handle invalid annotations. * Graphite: Fix autocomplete when tags are not available. * InfluxDB: Fix Cannot read property 'length' of undefined in when parsing response. * Instrumentation: Enable tracing when Jaeger host and port are * Instrumentation: Prefix metrics with grafana. * MSSQL: By default let driver choose port. * OAuth: Add optional strict parsing of role_attribute_path. * Panel: Fixes description markdown with inline code being rendered on newlines and full width. * PanelChrome: Ignore data updates & errors for non data panels. * Permissions: Fix inherited folder permissions can prevent new permissions being added to a dashboard. * Plugins: Remove pre-existing plugin installs when installing with grafana-cli. * Plugins: Support installing to folders with whitespace and fix pluginUrl trailing and leading whitespace failures. * Postgres/MySQL/MSSQL: Don't return connection failure details to the client. * Postgres: Fix ms precision of interval in time group macro when TimescaleDB is enabled. * Provisioning: Use dashboard checksum field as change indicator. * SQL: Fix so that all captured errors are returned from sql engine. * Shortcuts: Fixes panel shortcuts so they always work. * Table: Fixes so border is visible for cells with links. * Variables: Clear query when data source type changes. * Variables: Filters out builtin variables from unknown list. * Button: Introduce buttonStyle prop. * DataQueryRequest: Remove deprecated props showingGraph and showingTabel and exploreMode. * grafana/ui: Update React Hook Form to v7. * IconButton: Introduce variant for red and blue icon buttons. * Plugins: Expose the getTimeZone function to be able to get the current selected timeZone. * TagsInput: Add className to TagsInput. * VizLegend: Move onSeriesColorChanged to PanelContext (breaking change). - Update to version 7.5.13 * Alerting: Fix NoDataFound for alert rules using AND operator. mgr-cfg: - Version 4.3.6-1 * Corrected source URL in spec file * Fix installation problem for SLE15SP4 due missing python-selinux * Fix python selinux package name depending on build target (bsc#1193600) * Do not build python 2 package for SLE15SP4 and higher * Remove unused legacy code mgr-custom-info: - Version 4.3.3-1 * Remove unused legacy code mgr-daemon: - Version 4.3.4-1 * Corrected source URLs in spec file * Update translation strings mgr-osad: - Version 4.3.6-1 * Corrected source URL in spec file. * Do not build python 2 package for SLE15SP4 and higher * Removed spacewalk-selinux dependencies. * Updated source url. mgr-push: - Version 4.3.4-1 * Corrected source URLs in spec file mgr-virtualization: - Version 4.3.5-1 * Corrected source URLs in spec file. * Do not build python 2 package for SLE15SP4 and higher prometheus-blackbox_exporter: - Enhanced to build on Enterprise Linux 8 prometheus-postgres_exporter: - Updated for RHEL8. python-hwdata: - Require python macros for building rhnlib: - Version 4.3.4-1 * Reorganize python files spacecmd: - Version 4.3.11-1 * on full system update call schedulePackageUpdate API (bsc#1197507) * parse boolean paramaters correctly (bsc#1197689) * Add parameter to set containerized proxy SSH port * Add proxy config generation subcommand * Option 'org_createfirst' added to perform initial organization and user creation * Added gettext build requirement for RHEL. * Removed RHEL 5 references. * Include group formulas configuration in spacecmd group_backup and spacecmd group_restore. This changes backup format to json, previously used plain text is still supported for reading (bsc#1190462) * Update translation strings * Improved event history listing and added new system_eventdetails command to retrieve the details of an event * Make schedule_deletearchived to get all actions without display limit * Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223) spacewalk-client-tools: - Version 4.3.9-1 * Corrected source URLs in spec file. * do not build python 2 package for SLE15 * Remove unused legacy code * Update translation strings spacewalk-koan: - Version 4.3.5-1 * Corrected source URLs in spec file. spacewalk-oscap: - Version 4.3.5-1 * Corrected source URLs in spec file. * Do not build python 2 package for SLE15SP4 and higher spacewalk-remote-utils: - Version 4.3.3-1 * Adapt the package for changes in rhnlib supportutils-plugin-susemanager-client: - Version 4.3.2-1 * Add proxy containers config and logs suseRegisterInfo: - Version 4.3.3-1 * Bump version to 4.3.0 supportutils-plugin-salt: - Add support for Salt Bundle uyuni-common-libs: - Version 4.3.4-1 * implement more decompression algorithms for reposync (bsc#1196704) * Reorganize python files * Add decompression of zck files to fileutils Important SUSE bug 1181223 SUSE bug 1181400 SUSE bug 1190462 SUSE bug 1190535 SUSE bug 1193600 SUSE bug 1194873 SUSE bug 1195726 SUSE bug 1195727 SUSE bug 1195728 SUSE bug 1196338 SUSE bug 1196704 SUSE bug 1197507 SUSE bug 1197689 CVE-2021-36222 CVE-2021-3711 CVE-2021-39226 CVE-2021-41174 CVE-2021-41244 CVE-2021-43798 CVE-2021-43813 CVE-2021-43815 CVE-2022-21673 CVE-2022-21698 CVE-2022-21702 CVE-2022-21703 CVE-2022-21713 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update of fwupdate fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Important SUSE bug 1198581 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for mariadb fixes the following issues: - CVE-2021-46669 (bsc#1199928) - CVE-2022-21427 (bsc#1199928) - CVE-2022-27377 (bsc#1198603) - CVE-2022-27378 (bsc#1198604) - CVE-2022-27380 (bsc#1198606) - CVE-2022-27381 (bsc#1198607) - CVE-2022-27383 (bsc#1198610) - CVE-2022-27384 (bsc#1198611) - CVE-2022-27386 (bsc#1198612) - CVE-2022-27387 (bsc#1198613) - CVE-2022-27445 (bsc#1198629) Important SUSE bug 1198603 SUSE bug 1198604 SUSE bug 1198606 SUSE bug 1198607 SUSE bug 1198610 SUSE bug 1198611 SUSE bug 1198612 SUSE bug 1198613 SUSE bug 1198629 SUSE bug 1199928 CVE-2021-46669 CVE-2022-21427 CVE-2022-27377 CVE-2022-27378 CVE-2022-27380 CVE-2022-27381 CVE-2022-27383 CVE-2022-27384 CVE-2022-27386 CVE-2022-27387 CVE-2022-27445 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for python3 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). Important SUSE bug 1070738 SUSE bug 1198511 SUSE bug 1199441 CVE-2015-20107 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for openssl fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) Moderate SUSE bug 1200550 CVE-2022-2068 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) Moderate SUSE bug 1185637 SUSE bug 1199166 SUSE bug 1200550 CVE-2022-1292 CVE-2022-2068 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update of oracleasm fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Important SUSE bug 1198581 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for python fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). Important SUSE bug 1198511 CVE-2015-20107 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update of dpdk fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Important SUSE bug 1198581 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 91.11.0 ESR (MFSA 2022-25) (bsc#1200793): - CVE-2022-2200: Undesired attributes could be set as part of prototype pollution (bmo#1771381) - CVE-2022-31744: CSP bypass enabling stylesheet injection (bmo#1757604) - CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI (bmo#1768537) - CVE-2022-34470: Use-after-free in nsSHistory (bmo#1765951) - CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being blocked (bmo#1770123) - CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a prompt (bmo#1773717) - CVE-2022-34479: A popup window could be resized in a way to overlay the address bar with web content (bmo#1745595) - CVE-2022-34481: Potential integer overflow in ReplaceElementsAt (bmo#1497246) - CVE-2022-34484: Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11 (bmo#1763634, bmo#1772651) Important SUSE bug 1200793 CVE-2022-2200 CVE-2022-31744 CVE-2022-34468 CVE-2022-34470 CVE-2022-34472 CVE-2022-34478 CVE-2022-34479 CVE-2022-34481 CVE-2022-34484 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). Important SUSE bug 1201099 CVE-2022-2097 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update of crash fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Important SUSE bug 1198581 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for rsyslog fixes the following issues: - CVE-2022-24903: fix potential heap buffer overflow in modules for TCP syslog reception (bsc#1199061) Important SUSE bug 1199061 CVE-2022-24903 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) Important SUSE bug 1199232 CVE-2022-1586 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for xorg-x11-server fixes the following issues: - CVE-2022-2319: Fixed out-of-bounds access in _CheckSetSections() (ZDI-CAN-16062) (bsc#1194179). - CVE-2022-2320: Fixed out-of-bounds access in CheckSetDeviceIndicators() (ZDI-CAN-16070) (bsc#1194181). Important SUSE bug 1194179 SUSE bug 1194181 CVE-2022-2319 CVE-2022-2320 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for squid fixes the following issues: - CVE-2020-25097: Fixed HTTP Request Smuggling (bsc#1183436) - CVE-2021-28651: Fixed DoS in URN processing (bsc#1185921) - CVE-2021-46784: Fixed DoS when processing gopher server responses (bsc#1200907) Important SUSE bug 1183436 SUSE bug 1185921 SUSE bug 1200907 CVE-2020-25097 CVE-2021-28651 CVE-2021-46784 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bsc#1177282) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space (bsc#1200144). - CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux kernel by simulating nfc device from user-space (bsc#1200143). - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1184: Fixed a use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (bsc#1198577). - CVE-2022-21499: Lock down kgdb to prohibit secure-boot bypass (bsc#1199426). - CVE-2019-19377: Fixed a user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image (bsc#1158266). The following non-security bugs were fixed: - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - exec: Force single empty string when argv is empty (bsc#1200571). Important SUSE bug 1158266 SUSE bug 1162338 SUSE bug 1162369 SUSE bug 1173871 SUSE bug 1177282 SUSE bug 1194013 SUSE bug 1196901 SUSE bug 1198577 SUSE bug 1199426 SUSE bug 1199487 SUSE bug 1199507 SUSE bug 1199657 SUSE bug 1200059 SUSE bug 1200143 SUSE bug 1200144 SUSE bug 1200249 SUSE bug 1200571 SUSE bug 1200599 SUSE bug 1200604 SUSE bug 1200605 SUSE bug 1200608 SUSE bug 1200619 SUSE bug 1200692 SUSE bug 1200762 SUSE bug 1201050 SUSE bug 1201080 SUSE bug 1201251 CVE-2019-19377 CVE-2020-26541 CVE-2021-26341 CVE-2021-4157 CVE-2022-1184 CVE-2022-1679 CVE-2022-1729 CVE-2022-1974 CVE-2022-1975 CVE-2022-20132 CVE-2022-20141 CVE-2022-20154 CVE-2022-21499 CVE-2022-2318 CVE-2022-26365 CVE-2022-29900 CVE-2022-29901 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33981 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for webkit2gtk3 fixes the following issues: Update to version 2.36.4 (bsc#1201221): - CVE-2022-22662: Processing maliciously crafted web content may disclose sensitive user information. - CVE-2022-22677: The video in a webRTC call may be interrupted if the audio capture gets interrupted. - CVE-2022-26710: Processing maliciously crafted web content may lead to arbitrary code execution. Important SUSE bug 1201221 CVE-2022-22662 CVE-2022-22677 CVE-2022-26710 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for python-M2Crypto fixes the following issues: - CVE-2020-25657: Fixed Bleichenbacher timing attacks in the RSA decryption API (bsc#1178829). Important SUSE bug 1178829 CVE-2020-25657 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225). Important SUSE bug 1201225 CVE-2022-34903 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u332 - April 2022 CPU (icedtea-3.23.0) - CVE-2022-21426: Better XPath expression handling (bsc#1198672) - CVE-2022-21443: Improved Object Identification (bsc#1198675) - CVE-2022-21434: Better invocation handler handling (bsc#1198674) - CVE-2022-21476: Improve Santuario processing (bsc#1198671) - CVE-2022-21496: Improve URL supports (bsc#1198673) And further Security fixes, Import of OpenJDK 8 u332, Backports and Bug fixes. Important SUSE bug 1198671 SUSE bug 1198672 SUSE bug 1198673 SUSE bug 1198674 SUSE bug 1198675 CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21476 CVE-2022-21496 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to fix various issues: FIPS 140-3 enablement patches were backported from SUSE Linux Enterprise 15. - FIPS: add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980). - FIPS: mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298). - FISP: remove hard disabling of unapproved algorithms. This requirement is now fulfilled by the service level indicator (bsc#1200325). Version update to NSS 3.79 - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls. - Update mercurial in clang-format docker image. - Use of uninitialized pointer in lg_init after alloc fail. - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo. - Add SECMOD_LockedModuleHasRemovableSlots. - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP. - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts. - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version. - Correct invalid record inner and outer content type alerts. - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding. - improve error handling after nssCKFWInstance_CreateObjectHandle. - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. - NSS 3.79 should depend on NSPR 4.34 Update to NSS 3.78.1 - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple update to NSS 3.78 - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests. - Reworked overlong record size checks and added TLS1.3 specific boundaries. - Add ECH Grease Support to tstclnt - Add a strict variant of moz::pkix::CheckCertHostname. - Change SSL_REUSE_SERVER_ECDHE_KEY default to false. - Make SEC_PKCS12EnableCipher succeed - Update zlib in NSS to 1.2.12. Update to NSS 3.77: - resolve mpitests build failure on Windows. - Fix link to TLS page on wireshark wiki - Add two D-TRUST 2020 root certificates. - Add Telia Root CA v2 root certificate. - Remove expired explicitly distrusted certificates from certdata.txt. - support specific RSA-PSS parameters in mozilla::pkix - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. - Remove token member from NSSSlot struct. - Provide secure variants of mpp_pprime and mpp_make_prime. - Support UTF-8 library path in the module spec string. - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. - Add a CI Target for gcc-11. - Change to makefiles for gcc-4.8. - Update googletest to 1.11.0 - Add SetTls13GreaseEchSize to experimental API. - TLS 1.3 Illegal legacy_version handling/alerts. - Fix calculation of ECH HRR Transcript. - Allow ld path to be set as environment variable. - Ensure we don't read uninitialized memory in ssl gtests. - Fix DataBuffer Move Assignment. - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 - rework signature verification in mozilla::pkix update to NSS 3.76.1 - Remove token member from NSSSlot struct. NSS 3.76 - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. - Check return value of PK11Slot_GetNSSToken. - Use Wycheproof JSON for RSASSA-PSS - Add SHA256 fingerprint comments to old certdata.txt entries. - Avoid truncating files in nss-release-helper.py. - Throw illegal_parameter alert for illegal extensions in handshake message. update to NSS 3.75 - Make DottedOIDToCode.py compatible with python3. - Avoid undefined shift in SSL_CERT_IS while fuzzing. - Remove redundant key type check. - Update ABI expectations to match ECH changes. - Enable CKM_CHACHA20. - check return on NSS_NoDB_Init and NSS_Shutdown. - real move assignment operator. - Run ECDSA test vectors from bltest as part of the CI tests. - Add ECDSA test vectors to the bltest command line tool. - Allow to build using clang's integrated assembler. - Allow to override python for the build. - test HKDF output rather than input. - Use ASSERT macros to end failed tests early. - move assignment operator for DataBuffer. - Add test cases for ECH compression and unexpected extensions in SH. - Update tests for ECH-13. - Tidy up error handling. - Add tests for ECH HRR Changes. - Server only sends GREASE HRR extension if enabled by preference. - Update generation of the Associated Data for ECH-13. - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello. - Allow for compressed, non-contiguous, extensions. - Scramble the PSK extension in CHOuter. - Split custom extension handling for ECH. - Add ECH-13 HRR Handling. - Client side ECH padding. - Stricter ClientHelloInner Decompression. - Remove ECH_inner extension, use new enum format. - Update the version number for ECH-13 and adjust the ECHConfig size. Update to NSS 3.74: - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses - Ensure clients offer consistent ciphersuites after HRR - NSS does not properly restrict server keys based on policy - Set nssckbi version number to 2.54 - Replace Google Trust Services LLC (GTS) R4 root certificate - Replace Google Trust Services LLC (GTS) R3 root certificate - Replace Google Trust Services LLC (GTS) R2 root certificate - Replace Google Trust Services LLC (GTS) R1 root certificate - Replace GlobalSign ECC Root CA R4 - Remove Expired Root Certificates - DST Root CA X3 - Remove Expiring Cybertrust Global Root and GlobalSign root certificates - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate - Add iTrusChina ECC root certificate - Add iTrusChina RSA root certificate - Add ISRG Root X2 root certificate - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate - Avoid a clang 13 unused variable warning in opt build - Check for missing signedData field - Ensure DER encoded signatures are within size limits - enable key logging option (bsc#1195040) Update to NSS 3.73.1: - Add SHA-2 support to mozilla::pkix's OSCP implementation Update to NSS 3.73 - check for missing signedData field. - Ensure DER encoded signatures are within size limits. - NSS needs FiPS 140-3 version indicators. - pkix_CacheCert_Lookup doesn't return cached certs - sunset Coverity from NSS MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures Update to NSS 3.72 - Fix nsinstall parallel failure. - Increase KDF cache size to mitigate perf regression in about:logins Update to NSS 3.71 - Set nssckbi version number to 2.52. - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py - Import of PKCS#12 files with Camellia encryption is not supported - Add HARICA Client ECC Root CA 2021. - Add HARICA Client RSA Root CA 2021. - Add HARICA TLS ECC Root CA 2021. - Add HARICA TLS RSA Root CA 2021. - Add TunTrust Root CA certificate to NSS. update to NSS 3.70 - Update test case to verify fix. - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback - Avoid using a lookup table in nssb64d. - Use HW accelerated SHA2 on AArch64 Big Endian. - Change default value of enableHelloDowngradeCheck to true. - Cache additional PBE entries. - Read HPKE vectors from official JSON. Update to NSS 3.69.1 - Disable DTLS 1.0 and 1.1 by default - integrity checks in key4.db not happening on private components with AES_CBC NSS 3.69 - Disable DTLS 1.0 and 1.1 by default (backed out again) - integrity checks in key4.db not happening on private components with AES_CBC (backed out again) - SSL handling of signature algorithms ignores environmental invalid algorithms. - sqlite 3.34 changed it's open semantics, causing nss failures. - Gtest update changed the gtest reports, losing gtest details in all.sh reports. - NSS incorrectly accepting 1536 bit DH primes in FIPS mode - SQLite calls could timeout in starvation situations. - Coverity/cpp scanner errors found in nss 3.67 - Import the NSS documentation from MDN in nss/doc. - NSS using a tempdir to measure sql performance not active - FIPS: scan LD_LIBRARY_PATH for external libraries to be checksummed. - Run test suite at build time, and make it pass (bsc#1198486). - Enable FIPS during test certificate creation and disables the library checksum validation during same. - FIPS: allow checksumming to be disabled, but only if we entered FIPS mode due to NSS_FIPS being set, not if it came from /proc. - FIPS: This makes the PBKDF known answer test compliant with NIST SP800-132. - FIPS: update validation string to version-release format. (bsc#1192079). - FIPS: remove XCBC MAC from list of FIPS approved algorithms. - Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build. - FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080). - FIPS: allow testing of unapproved algorithms (bsc#1192228). - FIPS: adds FIPS version indicators. (bmo#1729550, bsc#1192086). - FIPS: Add CSP clearing (bmo#1697303, bsc#1192087). mozilla-nspr was updated to version 4.34: * add an API that returns a preferred loopback IP on hosts that have two IP stacks available. update to 4.33: * fixes to build system and export of private symbols Moderate SUSE bug 1191546 SUSE bug 1192079 SUSE bug 1192080 SUSE bug 1192086 SUSE bug 1192087 SUSE bug 1192228 SUSE bug 1193170 SUSE bug 1195040 SUSE bug 1198486 SUSE bug 1198980 SUSE bug 1200325 SUSE bug 1201298 CVE-2021-43527 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for git fixes the following issues: - CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree (bsc#1201431). - Allow to opt-out from the check added in the security fix for CVE-2022-24765 (bsc#1200119) Important SUSE bug 1200119 SUSE bug 1201431 CVE-2022-29187 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for java-1_7_1-ibm fixes the following issues: Update to Java 7.1 Service Refresh 5 Fix Pack 10 (bsc#1201643), including fixes for: - CVE-2022-21476 (bsc#1198671), CVE-2022-21449 (bsc#1198670), CVE-2022-21496 (bsc#1198673), CVE-2022-21434 (bsc#1198674), CVE-2022-21426 (bsc#1198672), CVE-2022-21443 (bsc#1198675), CVE-2021-35561 (bsc#1191912), CVE-2022-21299 (bsc#1194931). Important SUSE bug 1191912 SUSE bug 1194931 SUSE bug 1198670 SUSE bug 1198671 SUSE bug 1198672 SUSE bug 1198673 SUSE bug 1198674 SUSE bug 1198675 SUSE bug 1201643 CVE-2021-35561 CVE-2022-21299 CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21449 CVE-2022-21476 CVE-2022-21496 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 7 Fix Pack 10 (bsc#1201643), including fixes for: - CVE-2022-21476 (bsc#1198671), CVE-2022-21449 (bsc#1198670), CVE-2022-21496 (bsc#1198673), CVE-2022-21434 (bsc#1198674), CVE-2022-21426 (bsc#1198672), CVE-2022-21443 (bsc#1198675), CVE-2021-35561 (bsc#1191912), CVE-2022-21299 (bsc#1194931). Important SUSE bug 1191912 SUSE bug 1194931 SUSE bug 1198670 SUSE bug 1198671 SUSE bug 1198672 SUSE bug 1198673 SUSE bug 1198674 SUSE bug 1198675 SUSE bug 1201643 CVE-2021-35561 CVE-2022-21299 CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21449 CVE-2022-21476 CVE-2022-21496 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for xen fixes the following issues: - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966). - CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549). - CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965). - CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394). - CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469). Important SUSE bug 1199965 SUSE bug 1199966 SUSE bug 1200549 SUSE bug 1201394 SUSE bug 1201469 CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-23816 CVE-2022-23825 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVE-2022-29900 CVE-2022-33745 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for pcre2 fixes the following issues: - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). Important SUSE bug 1199235 CVE-2022-1587 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for samba fixes the following issues: - CVE-2022-32742: Fixed incorrect length check in SMB1write, SMB1write_and_close, SMB1write_and_unlock (bsc#1201496). Moderate SUSE bug 1201496 CVE-2022-32742 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.12.0 ESR (bsc#1201758): - CVE-2022-36319: Mouse Position spoofing with CSS transforms - CVE-2022-36318: Directory indexes for bundled resources reflected URL parameters Important SUSE bug 1201758 CVE-2022-36318 CVE-2022-36319 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for dovecot22 fixes the following issues: - CVE-2022-30550: Fixed privilege escalation in dovecot when similar master and non-master passdbs are used (bsc#1201267). Important SUSE bug 1201267 CVE-2022-30550 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for qpdf fixes the following issues: - CVE-2022-34503: Fixed a heap buffer overflow via the function QPDF::processXRefStream (bsc#1201830). - CVE-2021-36978: Fixed heap-based buffer overflow in Pl_ASCII85Decoder::write (bsc#1188514). Important SUSE bug 1188514 SUSE bug 1201830 CVE-2021-36978 CVE-2022-34503 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for samba fixes the following issues: - CVE-2021-44142: Fixed out-of-Bound Read/Write on Samba vfs_fruit module. (bsc#1194859) Critical SUSE bug 1194859 CVE-2021-44142 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for u-boot fixes the following issues: - CVE-2022-34835: Fixed stack buffer overflow vulnerability in i2c md command (bsc#1201214). Important SUSE bug 1201214 CVE-2022-34835 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for mokutil fixes the following issues: - Adds SBAT revocation support to mokutil. (bsc#1198458) New options added (see manpage): - mokutil --sbat List all entries in SBAT. - mokutil --set-sbat-policy (latest | previous | delete) To set the SBAT acceptance policy. - mokutil --list-sbat-revocations To list the current SBAT revocations. Moderate SUSE bug 1198458 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT (bnc#1201636). - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829). The following non-security bugs were fixed: - Add missing recommends of kernel-install-tools to kernel-source-vanilla (bsc#1200442) - cifs: On cifs_reconnect, resolve the hostname again (bsc#1201926). - cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1201926). - cifs: To match file servers, make sure the server hostname matches (bsc#1201926). - cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1201926). - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1201926). - cifs: set a minimum of 120s for next dns resolution (bsc#1201926). - cifs: use the expiry output of dns_query to schedule next resolution (bsc#1201926). - kernel-binary.spec: Support radio selection for debuginfo. To disable debuginfo on 5.18 kernel a radio selection needs to be switched to a different selection. This requires disabling the currently active option and selecting NONE as debuginfo type. - kvm: emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - pahole 1.22 required for full BTF features. also recommend pahole for kernel-source to make the kernel buildable with standard config - rpm/*.spec.in: remove backtick usage - rpm/constraints.in: skip SLOW_DISK workers for kernel-source - rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775) - rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut module (bsc#1195775) - rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484). Important SUSE bug 1195775 SUSE bug 1195926 SUSE bug 1198484 SUSE bug 1198829 SUSE bug 1200442 SUSE bug 1201050 SUSE bug 1201635 SUSE bug 1201636 SUSE bug 1201926 SUSE bug 1201930 CVE-2021-26341 CVE-2021-33655 CVE-2021-33656 CVE-2022-1462 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for curl fixes the following issues: - CVE-2022-27781: Fixed an issue where curl will get stuck in an infinite loop when trying to retrieve details about a TLS server's certificate chain (bnc#1199223). - CVE-2022-27782: Fixed an issue where TLS and SSH connections would be reused even when a related option had been changed (bsc#1199224). - CVE-2022-32206: Fixed an uncontrolled memory consumption issue caused by an unbounded number of compression layers (bsc#1200735). - CVE-2022-32208: Fixed an incorrect message verification issue when performing FTP transfers using krb5 (bsc#1200737). Important SUSE bug 1199223 SUSE bug 1199224 SUSE bug 1200735 SUSE bug 1200737 CVE-2022-27781 CVE-2022-27782 CVE-2022-32206 CVE-2022-32208 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for java-1_8_0-openjdk fixes the following issues: - Updated to version jdk8u345 (icedtea-3.24.0) - CVE-2022-21540: Fixed a potential Java sandbox bypass (bsc#1201694). - CVE-2022-21541: Fixed a potential Java sandbox bypass (bsc#1201692). - CVE-2022-34169: Fixed an issue where arbitrary bytecode could be executed via a malicious stylesheet (bsc#1201684). - Non-security fixes: - Allowed for customization of PKCS12 keystores (bsc#1195163). Important SUSE bug 1195163 SUSE bug 1201684 SUSE bug 1201692 SUSE bug 1201694 CVE-2022-21540 CVE-2022-21541 CVE-2022-34169 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220809 release (bsc#1201727): - CVE-2022-21233: Fixed an issue where stale data may have been leaked from the legacy xAPIC MMIO region, which could be used to compromise an SGX enclave (INTEL-SA-00657). See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html Other fixes: - Update for functional issues. See also: https://www.intel.com/content/www/us/en/processors/xeon/scalable/xeon-scalable-spec-update.html?wapkw=processor+specification+update - Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | SKX-SP | B1 | 06-55-03/97 | 0100015d | 0100015e | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon D-21xx | ICX-SP | D0 | 06-6a-06/87 | 0d000363 | 0d000375 | Xeon Scalable Gen3 | GLK | B0 | 06-7a-01/01 | 0000003a | 0000003c | Pentium Silver N/J5xxx, Celeron N/J4xxx | GLK-R | R0 | 06-7a-08/01 | 0000001e | 00000020 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 000000b0 | 000000b2 | Core Gen10 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000026 | 00000028 | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 0000003e | 00000040 | Core Gen11 Mobile | RKL-S | B0 | 06-a7-01/02 | 00000053 | 00000054 | Core Gen11 | ADL | C0 | 06-97-02/03 | 0000001f | 00000022 | Core Gen12 | ADL | C0 | 06-97-05/03 | 0000001f | 00000022 | Core Gen12 | ADL | L0 | 06-9a-03/80 | 0000041c | 00000421 | Core Gen12 | ADL | L0 | 06-9a-04/80 | 0000041c | 00000421 | Core Gen12 | ADL | C0 | 06-bf-02/03 | 0000001f | 00000022 | Core Gen12 | ADL | C0 | 06-bf-05/03 | 0000001f | 00000022 | Core Gen12 ------------------------------------------------------------------ Moderate SUSE bug 1201727 CVE-2022-21233 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). Important SUSE bug 1202175 CVE-2022-37434 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for rsync fixes the following issues: - CVE-2022-29154: Fixed an arbitrary file write issue that could be triggered by a malicious remote server (bsc#1201840). Important SUSE bug 1201840 CVE-2022-29154 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for java-1_7_1-ibm fixes the following issues: - Updated to Java 7.1 Service Refresh 5 Fix Pack 15 (bsc#1202427): - CVE-2022-34169: Fixed an integer truncation issue in the Xalan Java XSLT library that occurred when processing malicious stylesheets (bsc#1201684). - CVE-2022-21549: Fixed an issue that could lead to computing negative random exponentials (bsc#1201685). - CVE-2022-21541: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201692). - CVE-2022-21540: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201694). Important SUSE bug 1201684 SUSE bug 1201685 SUSE bug 1201692 SUSE bug 1201694 SUSE bug 1202427 CVE-2022-21540 CVE-2022-21541 CVE-2022-21549 CVE-2022-34169 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 7 Fix Pack 11 (bsc#1202427): - CVE-2022-34169: Fixed an integer truncation issue in the Xalan Java XSLT library that occurred when processing malicious stylesheets (bsc#1201684). - CVE-2022-21549: Fixed an issue that could lead to computing negative random exponentials (bsc#1201685). - CVE-2022-21541: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201692). - CVE-2022-21540: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201694). Important SUSE bug 1201684 SUSE bug 1201685 SUSE bug 1201692 SUSE bug 1201694 SUSE bug 1202427 CVE-2022-21540 CVE-2022-21541 CVE-2022-21549 CVE-2022-34169 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for bluez fixes the following issues: - CVE-2019-8922: Fixed a buffer overflow in the implementation of the Service Discovery Protocol (bsc#1193227). Important SUSE bug 1193227 CVE-2019-8922 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for libcroco fixes the following issues: - CVE-2020-12825: Fixed an uncontrolled recursion issue (bsc#1171685). Important SUSE bug 1171685 CVE-2020-12825 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for gstreamer-plugins-good fixes the following issues: - CVE-2022-1920: Fixed integer overflow in WavPack header handling code (bsc#1201688). - CVE-2022-1921: Fixed integer overflow resulting in heap corruption in avidemux element (bsc#1201693). - CVE-2022-1922: Fixed integer overflows in mkv demuxing (bsc#1201702). - CVE-2022-1923: Fixed integer overflows in mkv demuxing using bzip (bsc#1201704). - CVE-2022-1924: Fixed integer overflows in mkv demuxing using lzo (bsc#1201706). - CVE-2022-1925: Fixed integer overflows in mkv demuxing using HEADERSTRIP (bsc#1201707). - CVE-2022-2122: Fixed integer overflows in qtdemux using zlib (bsc#1201708). Important SUSE bug 1201688 SUSE bug 1201693 SUSE bug 1201702 SUSE bug 1201704 SUSE bug 1201706 SUSE bug 1201707 SUSE bug 1201708 CVE-2022-1920 CVE-2022-1921 CVE-2022-1922 CVE-2022-1923 CVE-2022-1924 CVE-2022-1925 CVE-2022-2122 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for postgresql10 fixes the following issues: - Upgrade to 10.22: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368). Important SUSE bug 1202368 CVE-2022-2625 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for webkit2gtk3 fixes the following issues: - Update to version 2.36.5 (bsc#1201980): - Add support for PAC proxy in the WebDriver implementation. - Fix video playback when loaded through custom URIs, this fixes video playback in the Yelp documentation browser. - Fix WebKitWebView::context-menu when using GTK4. - Fix LTO builds with GCC. - Fix several crashes and rendering issues. - Security fixes: - CVE-2022-32792: Fixed processing maliciously crafted web content may lead to arbitrary code execution. - CVE-2022-32816: Fixed visiting a website that frames malicious content may lead to UI spoofing. Important SUSE bug 1201980 CVE-2022-32792 CVE-2022-32816 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for open-vm-tools fixes the following issues: - Updated to version 12.1.0 (build 20219665) (bsc#1202733): - CVE-2022-31676: Fixed an issue that could allow unprivileged users inside a virtual machine to escalate privileges (bsc#1202657). Important SUSE bug 1202657 SUSE bug 1202733 CVE-2022-31676 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for net-snmp fixes the following issues: - CVE-2020-15862: Make extended MIB read-only (bsc#1174961) Important SUSE bug 1100146 SUSE bug 1145864 SUSE bug 1152968 SUSE bug 1174961 SUSE bug 1178021 SUSE bug 1178351 SUSE bug 1179009 SUSE bug 1179699 SUSE bug 1184839 CVE-2020-15862 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for json-c fixes the following issues: - CVE-2020-12762: Fixed an integer overflow that could lead to memory corruption via a large JSON file (bsc#1171479). Non-security fixes: - Updated to version 0.12.1 (jsc#PED-1778). Important SUSE bug 1171479 CVE-2020-12762 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.13.0 ESR (bsc#1202645): - CVE-2022-38472: Fixed a potential address bar spoofing via XSLT error handling. - CVE-2022-38473: Fixed an issue where cross-origin XSLT documents could inherit the parent's permissions. - CVE-2022-38478: Fixed various memory safety issues. Important SUSE bug 1202645 CVE-2022-38472 CVE-2022-38473 CVE-2022-38478 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for libgda fixes the following issues: - CVE-2021-39359: Enabled TLS certificate verification (bsc#1189849). Important SUSE bug 1189849 CVE-2021-39359 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for webkit2gtk3 fixes the following issues: - Updated to version 2.36.7 (bsc#1202807): - CVE-2022-32893: Fixed an issue that would be triggered when processing malicious web content and that could lead to arbitrary code execution. - Fixed several crashes and rendering issues. - Updated to version 2.36.6: - Fixed handling of touchpad scrolling on GTK4 builds - Fixed WebKitGTK not allowing to be used from non-main threads (bsc#1202169). - Fixed several crashes and rendering issues Important SUSE bug 1202169 SUSE bug 1202807 CVE-2022-32893 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for clamav fixes the following issues: clamav was updated to 0.103.7 (bsc#1202986) * Upgrade the vendored UnRAR library to version 6.1.7. * Fix logical signature 'Intermediates' feature. * Relax constraints on slightly malformed zip archives that contain overlapping file entries. Important SUSE bug 1202986 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for java-1_8_0-ibm fixes the following issues: Note: the issues listed below were NOT fixed with the previous update (8.0-7.11). - Update to Java 8.0 Service Refresh 7 Fix Pack 15 (bsc#1202427): - CVE-2022-34169: Fixed an integer truncation issue in the Xalan Java XSLT library that occurred when processing malicious stylesheets (bsc#1201684). - CVE-2022-21549: Fixed an issue that could lead to computing negative random exponentials (bsc#1201685). - CVE-2022-21541: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201692). - CVE-2022-21540: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201694).. Important SUSE bug 1201684 SUSE bug 1201685 SUSE bug 1201692 SUSE bug 1201694 SUSE bug 1202427 CVE-2022-21540 CVE-2022-21541 CVE-2022-21549 CVE-2022-34169 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for udisks2 fixes the following issues: - CVE-2021-3802: Fixed insecure defaults in user-accessible mount helpers (bsc#1190606). - Fixed vulnerability that allowed mounting ext4 devices over existing entries in fstab (bsc#1098797). Moderate SUSE bug 1098797 SUSE bug 1190606 CVE-2021-3802 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for postgresql12 fixes the following issues: - Update to 12.12: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368). Important SUSE bug 1198166 SUSE bug 1202368 CVE-2022-2625 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for postgresql14 fixes the following issues: - Upgrade to version 14.5: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368). - Upgrade to version 14.4 (bsc#1200437) - Release notes: https://www.postgresql.org/docs/release/14.4/ - Release announcement: https://www.postgresql.org/about/news/p-2470/ - Prevent possible corruption of indexes created or rebuilt with the CONCURRENTLY option (bsc#1200437) - Pin to llvm13 until the next patchlevel update (bsc#1198166) Important SUSE bug 1198166 SUSE bug 1200437 SUSE bug 1202368 CVE-2022-2625 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: Mozilla Firefox was updated to 102.2.0esr ESR: * Fixed: Various stability, functionality, and security fixes. - MFSA 2022-34 (bsc#1202645) * CVE-2022-38472 (bmo#1769155) Address bar spoofing via XSLT error handling * CVE-2022-38473 (bmo#1771685) Cross-origin XSLT Documents would have inherited the parent's permissions * CVE-2022-38476 (bmo#1760998) Data race and potential use-after-free in PK11_ChangePW * CVE-2022-38477 (bmo#1760611, bmo#1770219, bmo#1771159, bmo#1773363) Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2 * CVE-2022-38478 (bmo#1770630, bmo#1776658) Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2, and Firefox ESR 91.13 Firefox Extended Support Release 102.1 ESR * Fixed: Various stability, functionality, and security fixes. - MFSA 2022-30 (bsc#1201758) * CVE-2022-36319 (bmo#1737722) Mouse Position spoofing with CSS transforms * CVE-2022-36318 (bmo#1771774) Directory indexes for bundled resources reflected URL parameters * CVE-2022-36314 (bmo#1773894) Opening local <code>.lnk</code> files could cause unexpected network loads * CVE-2022-2505 (bmo#1769739, bmo#1772824) Memory safety bugs fixed in Firefox 103 and 102.1 - Firefox Extended Support Release 102.0.1 ESR * Fixed: Fixed bookmark shortcut creation by dragging to Windows File Explorer and dropping partially broken (bmo#1774683) * Fixed: Fixed bookmarks sidebar flashing white when opened in dark mode (bmo#1776157) * Fixed: Fixed multilingual spell checking not working with content in both English and a non-Latin alphabet (bmo#1773802) * Fixed: Developer tools: Fixed an issue where the console output keep getting scrolled to the bottom when the last visible message is an evaluation result (bmo#1776262) * Fixed: Fixed *Delete cookies and site data when Firefox is closed* checkbox getting disabled on startup (bmo#1777419) * Fixed: Various stability fixes Firefox 102.0 ESR: * New: - We now provide more secure connections: Firefox can now automatically upgrade to HTTPS using HTTPS RR as Alt-Svc headers. - For added viewing pleasure, full-range color levels are now supported for video playback on many systems. - Find it easier now! Mac users can now access the macOS share options from the Firefox File menu. - Voil?! Support for images containing ICC v4 profiles is enabled on macOS. - Firefox now supports the new AVIF image format, which is based on the modern and royalty-free AV1 video codec. It offers significant bandwidth savings for sites compared to existing image formats. It also supports transparency and other advanced features. - Firefox PDF viewer now supports filling more forms (e.g., XFA-based forms, used by multiple governments and banks). Learn more. - When available system memory is critically low, Firefox on Windows will automatically unload tabs based on their last access time, memory usage, and other attributes. This helps to reduce Firefox out-of-memory crashes. Forgot something? Switching to an unloaded tab automatically reloads it. - To prevent session loss for macOS users who are running Firefox from a mounted .dmg file, they’ll now be prompted to finish installation. Bear in mind, this permission prompt only appears the first time these users run Firefox on their computer. - For your safety, Firefox now blocks downloads that rely on insecure connections, protecting against potentially malicious or unsafe downloads. Learn more and see where to find downloads in Firefox. - Improved web compatibility for privacy protections with SmartBlock 3.0: In Private Browsing and Strict Tracking Protection, Firefox goes to great lengths to protect your web browsing activity from trackers. As part of this, the built- in content blocking will automatically block third-party scripts, images, and other content from being loaded from cross-site tracking companies reported by Disconnect. Learn more. - Introducing a new referrer tracking protection in Strict Tracking Protection and Private Browsing. This feature prevents sites from unknowingly leaking private information to trackers. Learn more. - Introducing Firefox Suggest, a feature that provides website suggestions as you type into the address bar. Learn more about this faster way to navigate the web and locale- specific features. - Firefox macOS now uses Apple's low-power mode for fullscreen video on sites such as YouTube and Twitch. This meaningfully extends battery life in long viewing sessions. Now your kids can find out what the fox says on a loop without you ever missing a beat… - With this release, power users can use about:unloads to release system resources by manually unloading tabs without closing them. - On Windows, there will now be fewer interruptions because Firefox won’t prompt you for updates. Instead, a background agent will download and install updates even if Firefox is closed. - On Linux, we’ve improved WebGL performance and reduced power consumption for many users. - To better protect all Firefox users against side-channel attacks, such as Spectre, we introduced Site Isolation. - Firefox no longer warns you by default when you exit the browser or close a window using a menu, button, or three-key command. This should cut back on unwelcome notifications, which is always nice—however, if you prefer a bit of notice, you’ll still have full control over the quit/close modal behavior. All warnings can be managed within Firefox Settings. No worries! More details here. - Firefox supports the new Snap Layouts menus when running on Windows 11. - RLBox—a new technology that hardens Firefox against potential security vulnerabilities in third-party libraries—is now enabled on all platforms. - We’ve reduced CPU usage on macOS in Firefox and WindowServer during event processing. - We’ve also reduced the power usage of software decoded video on macOS, especially in fullscreen. This includes streaming sites such as Netflix and Amazon Prime Video. - You can now move the Picture-in-Picture toggle button to the opposite side of the video. Simply look for the new context menu option Move Picture-in-Picture Toggle to Left (Right) Side. - We’ve made significant improvements in noise suppression and auto-gain-control, as well as slight improvements in echo-cancellation to provide you with a better overall experience. - We’ve also significantly reduced main-thread load. - When printing, you can now choose to print only the odd/even pages. - Firefox now supports and displays the new style of scrollbars on Windows 11. - Firefox has a new optimized download flow. Instead of prompting every time, files will download automatically. However, they can still be opened from the downloads panel with just one click. Easy! More information - Firefox no longer asks what to do for each file by default. You won’t be prompted to choose a helper application or save to disk before downloading a file unless you have changed your download action setting for that type of file. - Any files you download will be immediately saved on your disk. Depending on the current configuration, they’ll be saved in your preferred download folder, or you’ll be asked to select a location for each download. Windows and Linux users will find their downloaded files in the destination folder. They’ll no longer be put in the Temp folder. - Firefox allows users to choose from a number of built-in search engines to set as their default. In this release, some users who had previously configured a default engine might notice their default search engine has changed since Mozilla was unable to secure formal permission to continue including certain search engines in Firefox. - You can now toggle Narrate in ReaderMode with the keyboard shortcut 'n.' - You can find added support for search—with or without diacritics—in the PDF viewer. - The Linux sandbox has been strengthened: processes exposed to web content no longer have access to the X Window system (X11). - Firefox now supports credit card autofill and capture in Germany, France, and the United Kingdom. - We now support captions/subtitles display on YouTube, Prime Video, and Netflix videos you watch in Picture-in-Picture. Just turn on the subtitles on the in-page video player, and they will appear in PiP. - Picture-in-Picture now also supports video captions on websites that use Web Video Text Track (WebVTT) format (e.g., Coursera.org, Canadian Broadcasting Corporation, and many more). - On the first run after install, Firefox detects when its language does not match the operating system language and offers the user a choice between the two languages. - Firefox spell checking now checks spelling in multiple languages. To enable additional languages, select them in the text field’s context menu. - HDR video is now supported in Firefox on Mac—starting with YouTube! Firefox users on macOS 11+ (with HDR-compatible screens) can enjoy higher-fidelity video content. No need to manually flip any preferences to turn HDR video support on—just make sure battery preferences are NOT set to “optimize video streaming while on battery”. - Hardware-accelerated AV1 video decoding is enabled on Windows with supported GPUs (Intel Gen 11+, AMD RDNA 2 Excluding Navi 24, GeForce 30). Installing the AV1 Video Extension from the Microsoft Store may also be required. - Video overlay is enabled on Windows for Intel GPUs, reducing power usage during video playback. - Improved fairness between painting and handling other events. This noticeably improves the performance of the volume slider on Twitch. - Scrollbars on Linux and Windows 11 won't take space by default. On Linux, users can change this in Settings. On Windows, Firefox follows the system setting (System Settings > Accessibility > Visual Effects > Always show scrollbars). - Firefox now ignores less restricted referrer policies—including unsafe-url, no-referrer-when-downgrade, and origin-when-cross-origin—for cross-site subresource/iframe requests to prevent privacy leaks from the referrer. - Reading is now easier with the prefers-contrast media query, which allows sites to detect if the user has requested that web content is presented with a higher (or lower) contrast. - All non-configured MIME types can now be assigned a custom action upon download completion. - Firefox now allows users to use as many microphones as they want, at the same time, during video conferencing. The most exciting benefit is that you can easily switch your microphones at any time (if your conferencing service provider enables this flexibility). - Print preview has been updated. * Fixed: Various security fixes. - MFSA 2022-24 (bsc#1200793) * CVE-2022-34479 (bmo#1745595) A popup window could be resized in a way to overlay the address bar with web content * CVE-2022-34470 (bmo#1765951) Use-after-free in nsSHistory * CVE-2022-34468 (bmo#1768537) CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI * CVE-2022-34482 (bmo#845880) Drag and drop of malicious image could have led to malicious executable and potential code execution * CVE-2022-34483 (bmo#1335845) Drag and drop of malicious image could have led to malicious executable and potential code execution * CVE-2022-34476 (bmo#1387919) ASN.1 parser could have been tricked into accepting malformed ASN.1 * CVE-2022-34481 (bmo#1483699, bmo#1497246) Potential integer overflow in ReplaceElementsAt * CVE-2022-34474 (bmo#1677138) Sandboxed iframes could redirect to external schemes * CVE-2022-34469 (bmo#1721220) TLS certificate errors on HSTS-protected domains could be bypassed by the user on Firefox for Android * CVE-2022-34471 (bmo#1766047) Compromised server could trick a browser into an addon downgrade * CVE-2022-34472 (bmo#1770123) Unavailable PAC file resulted in OCSP requests being blocked * CVE-2022-34478 (bmo#1773717) Microsoft protocols can be attacked if a user accepts a prompt * CVE-2022-2200 (bmo#1771381) Undesired attributes could be set as part of prototype pollution * CVE-2022-34480 (bmo#1454072) Free of uninitialized pointer in lg_init * CVE-2022-34477 (bmo#1731614) MediaError message property leaked information on cross- origin same-site pages * CVE-2022-34475 (bmo#1757210) HTML Sanitizer could have been bypassed via same-origin script via use tags * CVE-2022-34473 (bmo#1770888) HTML Sanitizer could have been bypassed via use tags * CVE-2022-34484 (bmo#1763634, bmo#1772651) Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11 * CVE-2022-34485 (bmo#1768409, bmo#1768578) Memory safety bugs fixed in Firefox 102 Important SUSE bug 1200793 SUSE bug 1201758 SUSE bug 1202645 CVE-2022-2200 CVE-2022-2505 CVE-2022-34468 CVE-2022-34469 CVE-2022-34470 CVE-2022-34471 CVE-2022-34472 CVE-2022-34473 CVE-2022-34474 CVE-2022-34475 CVE-2022-34476 CVE-2022-34477 CVE-2022-34478 CVE-2022-34479 CVE-2022-34480 CVE-2022-34481 CVE-2022-34482 CVE-2022-34483 CVE-2022-34484 CVE-2022-34485 CVE-2022-36314 CVE-2022-36318 CVE-2022-36319 CVE-2022-38472 CVE-2022-38473 CVE-2022-38476 CVE-2022-38477 CVE-2022-38478 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-36946: Fixed a denial of service (panic) inside nfqnl_mangle in net/netfilter/nfnetlink_queue.c (bnc#1201940). - CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948). - CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898). - CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672). - CVE-2022-2639: Fixed an integer coercion error that was found in the openvswitch kernel module (bnc#1202154). - CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-21385: Fixed a flaw in net_rds_alloc_sgs() that allowed unprivileged local users to crash the machine (bnc#1202897). - CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347). - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346). - CVE-2022-20166: Fixed possible out of bounds write due to a heap buffer overflow in various methods of kernel base drivers (bnc#1200598). - CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535). - CVE-2020-36558: Fixed a race condition involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault (bnc#1200910). - CVE-2020-36557: Fixed a race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys that could have led to a use-after-free (bnc#1201429). - CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616). The following non-security bugs were fixed: - cifs: fix error paths in cifs_tree_connect() (bsc#1177440). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1188944). - cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440). - cifs: skip trailing separators of prefix paths (bsc#1188944). - kernel-obs-build: include qemu_fw_cfg (boo#1201705) - lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325). - mm/rmap.c: do not reuse anon_vma if we just want a copy (git-fixes, bsc#1203098). - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098). - net_sched: cls_route: disallow handle of 0 (bsc#1202393). - objtool: Add --backtrace support (bsc#1202396). - objtool: Add support for intra-function calls (bsc#1202396). - objtool: Allow no-op CFI ops in alternatives (bsc#1202396). - objtool: Convert insn type to enum (bsc#1202396). - objtool: Do not use ignore flag for fake jumps (bsc#1202396). - objtool: Fix !CFI insn_state propagation (bsc#1202396). - objtool: Fix ORC vs alternatives (bsc#1202396). - objtool: Fix sibling call detection (bsc#1202396). - objtool: Make handle_insn_ops() unconditional (bsc#1202396). - objtool: Remove INSN_STACK (bsc#1202396). - objtool: Remove check preventing branches within alternative (bsc#1202396). - objtool: Rename elf_open() to prevent conflict with libelf from elftoolchain (bsc#1202396). - objtool: Rename struct cfi_state (bsc#1202396). - objtool: Rework allocating stack_ops on decode (bsc#1202396). - objtool: Rewrite alt->skip_orig (bsc#1202396). - objtool: Set insn->func for alternatives (bsc#1202396). - objtool: Support conditional retpolines (bsc#1202396). - objtool: Support multiple stack_op per instruction (bsc#1202396). - objtool: Track original function across branches (bsc#1202396). - objtool: Uniquely identify alternative instruction groups (bsc#1202396). - objtool: Use Elf_Scn typedef instead of assuming struct name (bsc#1202396). - powerpc/pci: Fix broken INTx configuration via OF (bsc#1172145 ltc#184630 bsc#1200770 ltc#198666). - powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145 ltc#184630 bsc#1200770 ltc#198666). - powerpc/pci: Use of_irq_parse_and_map_pci() helper (bsc#1172145 ltc#184630 bsc#1200770 ltc#198666). - rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019). Important SUSE bug 1172145 SUSE bug 1177440 SUSE bug 1188944 SUSE bug 1191881 SUSE bug 1194535 SUSE bug 1196616 SUSE bug 1200598 SUSE bug 1200770 SUSE bug 1200910 SUSE bug 1201019 SUSE bug 1201420 SUSE bug 1201429 SUSE bug 1201705 SUSE bug 1201726 SUSE bug 1201940 SUSE bug 1201948 SUSE bug 1202096 SUSE bug 1202154 SUSE bug 1202346 SUSE bug 1202347 SUSE bug 1202393 SUSE bug 1202396 SUSE bug 1202672 SUSE bug 1202897 SUSE bug 1202898 SUSE bug 1203098 CVE-2020-36516 CVE-2020-36557 CVE-2020-36558 CVE-2021-4203 CVE-2022-20166 CVE-2022-20368 CVE-2022-20369 CVE-2022-21385 CVE-2022-2588 CVE-2022-26373 CVE-2022-2639 CVE-2022-2977 CVE-2022-3028 CVE-2022-36879 CVE-2022-36946 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for xen fixes the following issues: - CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. (XSA-394) (bsc#1194581) - CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. (XSA-395) (bsc#1194588) Important SUSE bug 1194581 SUSE bug 1194588 CVE-2022-23034 CVE-2022-23035 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for libsndfile fixes the following issues: - CVE-2021-4156: Fixed heap buffer overflow in flac_buffer_copy that could potentially lead to heap exploitation (bsc#1194006). Important SUSE bug 1194006 CVE-2021-4156 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for sqlite3 fixes the following issues: Security issues fixed: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). sqlite3 was update to 3.39.3: * Use a statement journal on DML statement affecting two or more database rows if the statement makes use of a SQL functions that might abort. * Use a mutex to protect the PRAGMA temp_store_directory and PRAGMA data_store_directory statements, even though they are decremented and documented as not being threadsafe. Update to 3.39.2: * Fix a performance regression in the query planner associated with rearranging the order of FROM clause terms in the presences of a LEFT JOIN. * Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and 1345947, forum post 3607259d3c, and other minor problems discovered by internal testing. [boo#1201783] Update to 3.39.1: * Fix an incorrect result from a query that uses a view that contains a compound SELECT in which only one arm contains a RIGHT JOIN and where the view is not the first FROM clause term of the query that contains the view * Fix a long-standing problem with ALTER TABLE RENAME that can only arise if the sqlite3_limit(SQLITE_LIMIT_SQL_LENGTH) is set to a very small value. * Fix a long-standing problem in FTS3 that can only arise when compiled with the SQLITE_ENABLE_FTS3_PARENTHESIS compile-time option. * Fix the initial-prefix optimization for the REGEXP extension so that it works correctly even if the prefix contains characters that require a 3-byte UTF8 encoding. * Enhance the sqlite_stmt virtual table so that it buffers all of its output. Update to 3.39.0: * Add (long overdue) support for RIGHT and FULL OUTER JOIN * Add new binary comparison operators IS NOT DISTINCT FROM and IS DISTINCT FROM that are equivalent to IS and IS NOT, respective, for compatibility with PostgreSQL and SQL standards * Add a new return code (value '3') from the sqlite3_vtab_distinct() interface that indicates a query that has both DISTINCT and ORDER BY clauses * Added the sqlite3_db_name() interface * The unix os interface resolves all symbolic links in database filenames to create a canonical name for the database before the file is opened * Defer materializing views until the materialization is actually needed, thus avoiding unnecessary work if the materialization turns out to never be used * The HAVING clause of a SELECT statement is now allowed on any aggregate query, even queries that do not have a GROUP BY clause * Many microoptimizations collectively reduce CPU cycles by about 2.3%. Update to 3.38.5: * Fix a blunder in the CLI of the 3.38.4 release Update to 3.38.4: * fix a byte-code problem in the Bloom filter pull-down optimization added by release 3.38.0 in which an error in the byte code causes the byte code engine to enter an infinite loop when the pull-down optimization encounters a NULL key Update to 3.38.3: * Fix a case of the query planner be overly aggressive with optimizing automatic-index and Bloom-filter construction, using inappropriate ON clause terms to restrict the size of the automatic-index or Bloom filter, and resulting in missing rows in the output. * Other minor patches. See the timeline for details. Update to 3.38.2: * Fix a problem with the Bloom filter optimization that might cause an incorrect answer when doing a LEFT JOIN with a WHERE clause constraint that says that one of the columns on the right table of the LEFT JOIN is NULL. * Other minor patches. - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). Update to 3.38.1: * Fix problems with the new Bloom filter optimization that might cause some obscure queries to get an incorrect answer. * Fix the localtime modifier of the date and time functions so that it preserves fractional seconds. * Fix the sqlite_offset SQL function so that it works correctly even in corner cases such as when the argument is a virtual column or the column of a view. * Fix row value IN operator constraints on virtual tables so that they work correctly even if the virtual table implementation relies on bytecode to filter rows that do not satisfy the constraint. * Other minor fixes to assert() statements, test cases, and documentation. See the source code timeline for details. Update to 3.38.0 * Add the -> and ->> operators for easier processing of JSON * The JSON functions are now built-ins * Enhancements to date and time functions * Rename the printf() SQL function to format() for better compatibility, with alias for backwards compatibility. * Add the sqlite3_error_offset() interface for helping localize an SQL error to a specific character in the input SQL text * Enhance the interface to virtual tables * CLI columnar output modes are enhanced to correctly handle tabs and newlines embedded in text, and add options like '--wrap N', '--wordwrap on', and '--quote' to the columnar output modes. * Query planner enhancements using a Bloom filter to speed up large analytic queries, and a balanced merge tree to evaluate UNION or UNION ALL compound SELECT statements that have an ORDER BY clause. * The ALTER TABLE statement is changed to silently ignores entries in the sqlite_schema table that do not parse when PRAGMA writable_schema=ON Update to 3.37.2: * Fix a bug introduced in version 3.35.0 (2021-03-12) that can cause database corruption if a SAVEPOINT is rolled back while in PRAGMA temp_store=MEMORY mode, and other changes are made, and then the outer transaction commits * Fix a long-standing problem with ON DELETE CASCADE and ON UPDATE CASCADE in which a cache of the bytecode used to implement the cascading change was not being reset following a local DDL change Update to 3.37.1: * Fix a bug introduced by the UPSERT enhancements of version 3.35.0 that can cause incorrect byte-code to be generated for some obscure but valid SQL, possibly resulting in a NULL- pointer dereference. * Fix an OOB read that can occur in FTS5 when reading corrupt database files. * Improved robustness of the --safe option in the CLI. * Other minor fixes to assert() statements and test cases. Update to 3.37.0: * STRICT tables provide a prescriptive style of data type management, for developers who prefer that kind of thing. * When adding columns that contain a CHECK constraint or a generated column containing a NOT NULL constraint, the ALTER TABLE ADD COLUMN now checks new constraints against preexisting rows in the database and will only proceed if no constraints are violated. * Added the PRAGMA table_list statement. * Add the .connection command, allowing the CLI to keep multiple database connections open at the same time. * Add the --safe command-line option that disables dot-commands and SQL statements that might cause side-effects that extend beyond the single database file named on the command-line. * CLI: Performance improvements when reading SQL statements that span many lines. * Added the sqlite3_autovacuum_pages() interface. * The sqlite3_deserialize() does not and has never worked for the TEMP database. That limitation is now noted in the documentation. * The query planner now omits ORDER BY clauses on subqueries and views if removing those clauses does not change the semantics of the query. * The generate_series table-valued function extension is modified so that the first parameter ('START') is now required. This is done as a way to demonstrate how to write table-valued functions with required parameters. The legacy behavior is available using the -DZERO_ARGUMENT_GENERATE_SERIES compile-time option. * Added new sqlite3_changes64() and sqlite3_total_changes64() interfaces. * Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2(). * Use less memory to hold the database schema. * bsc#1189802, CVE-2021-36690: Fix an issue with the SQLite Expert extension when a column has no collating sequence. Moderate SUSE bug 1189802 SUSE bug 1195773 SUSE bug 1201783 CVE-2021-36690 CVE-2022-35737 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: Mozilla Firefox was updated from 102.2.0esr to 102.3.0esr (bsc#1203477): - CVE-2022-40959: Fixed bypassing FeaturePolicy restrictions on transient pages. - CVE-2022-40960: Fixed data-race when parsing non-UTF-8 URLs in threads. - CVE-2022-40958: Fixed bypassing secure context restriction for cookies with __Host and __Secure prefix. - CVE-2022-40956: Fixed content-security-policy base-uri bypass. - CVE-2022-40957: Fixed incoherent instruction cache when building WASM on ARM64. - CVE-2022-40962: Fixed memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3. Important SUSE bug 1203477 CVE-2022-40956 CVE-2022-40957 CVE-2022-40958 CVE-2022-40959 CVE-2022-40960 CVE-2022-40962 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). Important SUSE bug 1203438 CVE-2022-40674 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for krb5-appl fixes the following issues: - CVE-2022-39028: Fixed NULL pointer dereference in krb5-appl telnetd (bsc#1203759). Important SUSE bug 1203759 CVE-2022-39028 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for webkit2gtk3 fixes the following issues: Updated to version 2.36.8 (bsc#1203530): - CVE-2022-32886: Fixed a buffer overflow issue that could potentially lead to code execution. - CVE-2022-32912: Fixed an out-of-bounds read that could potentially lead to code execution. Important SUSE bug 1203530 CVE-2022-32886 CVE-2022-32912 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for bind fixes the following issues: - CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations (bsc#1203614). - CVE-2022-38177: Fixed a memory leak that could be externally triggered in the DNSSEC verification code for the ECDSA algorithm (bsc#1203619). - CVE-2022-38178: Fixed memory leaks that could be externally triggered in the DNSSEC verification code for the EdDSA algorithm (bsc#1203620). Important SUSE bug 1203614 SUSE bug 1203619 SUSE bug 1203620 CVE-2022-2795 CVE-2022-38177 CVE-2022-38178 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for python3 fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). Important SUSE bug 1202624 CVE-2021-28861 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for squid fixes the following issues: - CVE-2022-41317: Fixed exposure of sensitive information in cache manager (bsc#1203677). - CVE-2022-41318: Fixed buffer overread in SSPI and SMB Authentication (bsc#1203680). Important SUSE bug 1203677 SUSE bug 1203680 CVE-2022-41317 CVE-2022-41318 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for postgresql-jdbc fixes the following issues: - CVE-2022-31197: Fixed SQL injection vulnerability (bsc#1202170). Important SUSE bug 1202170 CVE-2022-31197 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for python fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). Important SUSE bug 1202624 CVE-2021-28861 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for clamav fixes the following issues: - CVE-2022-20698: Fixed invalid pointer read allowing denial of service crash. (bsc#1194731) Important SUSE bug 1194731 CVE-2022-20698 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS The SUSE Linux Enterprise 12 SP4 kernel was updated The following security bugs were fixed: - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-2503: Fixed a bug in dm-verity, device-mapper table reloads allowed users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allowed root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates (bnc#1202677). - CVE-2022-39188: Fixed a race condition where a device driver can free a page while it still has stale TLB entries. (bnc#1203107). - CVE-2022-2663: Fixed an issue which allowed a firewall to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured (bnc#1202097). The following non-security bugs were fixed: - dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages. - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still be possible to do so that the mitigation can still be disabled on Intel who do not use the return thunks but IBRS. Important SUSE bug 1201309 SUSE bug 1202097 SUSE bug 1202385 SUSE bug 1202677 SUSE bug 1202960 SUSE bug 1203107 SUSE bug 1203552 CVE-2022-2503 CVE-2022-2663 CVE-2022-3239 CVE-2022-39188 CVE-2022-41218 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for tiff fixes the following issues: - CVE-2022-2519: Fixed a double free in rotateImage() (bsc#1202968). - CVE-2022-2520: Fixed a assertion failure in rotateImage() (bsc#1202973). - CVE-2022-2521: Fixed invalid free in TIFFClose() (bsc#1202971). - CVE-2022-2867: Fixed out of bounds read and write in tiffcrop.c (bsc#1202466). - CVE-2022-2868: Fixed out of bounds read in reverseSamples16bits() (bsc#1202467). - CVE-2022-2869: Fixed out of bounds read and write in extractContigSamples8bits() (bsc#1202468). - CVE-2022-34526: Fixed stack overflow in the _TIFFVGetField function of Tiffsplit (bsc#1202026). Important SUSE bug 1201723 SUSE bug 1201971 SUSE bug 1202026 SUSE bug 1202466 SUSE bug 1202467 SUSE bug 1202468 SUSE bug 1202968 SUSE bug 1202971 SUSE bug 1202973 CVE-2022-0561 CVE-2022-2519 CVE-2022-2520 CVE-2022-2521 CVE-2022-2867 CVE-2022-2868 CVE-2022-2869 CVE-2022-34266 CVE-2022-34526 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). Critical SUSE bug 1204357 CVE-2022-3515 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). - CVE-2022-0322: Fixed SCTP issue with account stream padding length for reconf chunk (bsc#1194985). - CVE-2021-45486: Fixed information leak inside the IPv4 implementation caused by very small hash table (bnc#1194087). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767). - CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bnc#1192847) - CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bsc#1192845) - CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194529). - CVE-2021-4197: Use cgroup open-time credentials for process migraton perm checks (bsc#1194302). - CVE-2021-4159: Fixed kernel ptr leak vulnerability via BPF in coerce_reg_to_size (bsc#1194227). - CVE-2021-4149: Fixed btrfs unlock newly allocated extent buffer after error (bsc#1194001). - CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1193727). - CVE-2021-4002: Fixed a missing TLB flush that could lead to leak or corruption of data in hugetlbfs. (bsc#1192946) - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2021-3564: Fixed double-free memory corruption in the Linux kernel HCI device initialization subsystem that could have been used by attaching malicious HCI TTY Bluetooth devices. A local user could use this flaw to crash the system (bnc#1186207). - CVE-2021-33098: Fixed a potential denial of service in Intel(R) Ethernet ixgbe driver due to improper input validation. (bsc#1192877) - CVE-2021-28715: Fixed issue with xen/netback to do not queue unlimited number of packages (XSA-392) (bsc#1193442). - CVE-2021-28714: Fixed issue with xen/netback to add rx queue stall detection (XSA-392) (bsc#1193442). - CVE-2021-28713: Fixed issue with xen/console to harden hvc_xen against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-28712: Fixed issue with xen/netfront to harden netfront against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-28711: Fixed issue with xen/blkfront to harden blkfront against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-0935: Fixed possible out of bounds write in ip6_xmit of ip6_output.c due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192032). - CVE-2021-0920: Fixed use after free bug due to a race condition in unix_scm_to_skb of af_unix.c. This could have led to local escalation of privilege with System execution privileges needed (bnc#1193731). - CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device. (bsc#1179599) - CVE-2019-15126: Fixed a vulnerability in Broadcom and Cypress Wi-Fi chips, used in RPi family of devices aka 'Kr00k'. (bsc#1167162) - CVE-2018-25020: Fixed an overflow in the BPF subsystem due to a mishandling of a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions. This affects kernel/bpf/core.c and net/core/filter.c (bnc#1193575). The following non-security bugs were fixed: - Bluetooth: fix the erroneous flush_work() order (git-fixes). - Build: Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731). - elfcore: fix building with clang (bsc#1169514). - fget: clarify and improve __fget_files() implementation (bsc#1193727). - hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (bsc#1193507). - hv_netvsc: Set needed_headroom according to VF (bsc#1193507). - kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740). - kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable. - kernel-binary.spec: Define $image as rpm macro (bsc#1189841). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167). - kernel-binary.spec: Fix kernel-default-base scriptlets after packaging merge. - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well (bsc#1189841). - kernel-cert-subpackage: Fix certificate location in scriptlets (bsc#1189841). - kernel-source.spec: install-kernel-tools also required on 15.4 - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229). - kprobes: Limit max data_size of the kretprobe instances (bsc#1193669). - livepatch: Avoid CPU hogging with cond_resched (bsc#1071995). - memstick: rtsx_usb_ms: fix UAF (bsc#1194516). - moxart: fix potential use-after-free on remove path (bsc#1194516). - net: Using proper atomic helper (bsc#1186222). - net: mana: Add RX fencing (bsc#1193507). - net: mana: Add XDP support (bsc#1193507). - net: mana: Allow setting the number of queues while the NIC is down (bsc#1193507). - net: mana: Fix spelling mistake 'calledd' -> 'called' (bsc#1193507). - net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (bsc#1193507). - net: mana: Improve the HWC error handling (bsc#1193507). - net: mana: Support hibernation and kexec (bsc#1193507). - net: mana: Use kcalloc() instead of kzalloc() (bsc#1193507). - objtool: Support Clang non-section symbols in ORC generation (bsc#1169514). - post.sh: detect /usr mountpoint too - recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267). - recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267). - rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to use kmod with ZSTD support on non-Tumbleweed. - rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804). - rpm/kernel-binary.spec.in: do not strip vmlinux again (bsc#1193306) After usrmerge, vmlinux file is not named vmlinux-&lt;version>, but simply vmlinux. And this is not reflected in STRIP_KEEP_SYMTAB we set. So fix this by removing the dash... - rpm/kernel-binary.spec: Use only non-empty certificates. - rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305) - rpm/kernel-source.rpmlintrc: ignore new include/config files In 5.13, since 0e0345b77ac4, config files have no longer .h suffix. Adapt the zero-length check. Based on Martin Liska's change. - rpm/kernel-source.spec.in: do some more for vanilla_only Make sure: * sources are NOT executable * env is not used as interpreter * timestamps are correct We do all this for normal kernel builds, but not for vanilla_only kernels (linux-next and vanilla). - rpm: fixup support gz and zst compression methods (bsc#1190428, bsc#1190358). - rpm: use _rpmmacrodir (boo#1191384) - tty: hvc: replace BUG_ON() with negative return value (git-fixes). - vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888). - watchdog: iTCO_wdt: Export vendorsupport (bsc#1177101). - watchdog: iTCO_wdt: Make ICH_RES_IO_SMI optional (bsc#1177101). - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (bsc#1169514). - xen/blkfront: do not take local copy of a request from the ring page (git-fixes). - xen/blkfront: do not trust the backend response data blindly (git-fixes). - xen/blkfront: read response from backend only once (git-fixes). - xen/netfront: disentangle tx_skb_freelist (git-fixes). - xen/netfront: do not read data from request on the ring page (git-fixes). - xen/netfront: do not trust the backend response data blindly (git-fixes). - xen/netfront: read response from backend only once (git-fixes). - xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). Important SUSE bug 1071995 SUSE bug 1124431 SUSE bug 1167162 SUSE bug 1169514 SUSE bug 1172073 SUSE bug 1177101 SUSE bug 1179599 SUSE bug 1184804 SUSE bug 1185377 SUSE bug 1186207 SUSE bug 1186222 SUSE bug 1187167 SUSE bug 1189305 SUSE bug 1189841 SUSE bug 1190358 SUSE bug 1190428 SUSE bug 1191229 SUSE bug 1191384 SUSE bug 1191731 SUSE bug 1192032 SUSE bug 1192267 SUSE bug 1192740 SUSE bug 1192845 SUSE bug 1192847 SUSE bug 1192877 SUSE bug 1192946 SUSE bug 1193306 SUSE bug 1193440 SUSE bug 1193442 SUSE bug 1193507 SUSE bug 1193575 SUSE bug 1193669 SUSE bug 1193727 SUSE bug 1193731 SUSE bug 1193767 SUSE bug 1193861 SUSE bug 1193864 SUSE bug 1193867 SUSE bug 1194001 SUSE bug 1194048 SUSE bug 1194087 SUSE bug 1194227 SUSE bug 1194302 SUSE bug 1194516 SUSE bug 1194529 SUSE bug 1194880 SUSE bug 1194888 SUSE bug 1194985 SUSE bug 1195254 CVE-2018-25020 CVE-2019-15126 CVE-2020-27820 CVE-2021-0920 CVE-2021-0935 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-33098 CVE-2021-3564 CVE-2021-39648 CVE-2021-39657 CVE-2021-4002 CVE-2021-4083 CVE-2021-4149 CVE-2021-4197 CVE-2021-4202 CVE-2021-43975 CVE-2021-43976 CVE-2021-44733 CVE-2021-45095 CVE-2021-45486 CVE-2022-0322 CVE-2022-0330 CVE-2022-0435 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for multipath-tools fixes the following issues: - CVE-2022-41974: Fixed an authorization bypass issue in multipathd. (bsc#1202739) - Avoid linking to libreadline to avoid licensing issue (bsc#1202616) Important SUSE bug 1202616 SUSE bug 1202739 SUSE bug 1204325 CVE-2022-41974 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). Important SUSE bug 1201978 SUSE bug 1204366 SUSE bug 1204367 CVE-2016-3709 CVE-2022-40303 CVE-2022-40304 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for bluez fixes the following issues: - CVE-2019-8921: Fixed heap-based buffer overflow via crafted request (bsc#1193237). - CVE-2016-9803: Fixed memory leak (bsc#1013885). Important SUSE bug 1013885 SUSE bug 1193237 CVE-2016-9803 CVE-2019-8921 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: Updated to version 102.4.0 ESR (bsc#1204421): - CVE-2022-42927: Fixed same-origin policy violation that could have leaked cross-origin URLs. - CVE-2022-42928: Fixed memory Corruption in JS Engine. - CVE-2022-42929: Fixed denial of Service via window.print. - CVE-2022-42932: Fixed memory safety bugs. Important SUSE bug 1204421 CVE-2022-42927 CVE-2022-42928 CVE-2022-42929 CVE-2022-42932 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for telnet fixes the following issues: - CVE-2022-39028: Fixed NULL pointer dereference in telnetd (bsc#1203759). Important SUSE bug 1203759 CVE-2022-39028 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update fixes the following issues: golang-github-lusitaniae-apache_exporter: - Update to upstream release 0.11.0 (jsc#SLE-24791) * Add TLS support * Switch to logger, please check --log.level and --log.format flags - Update to version 0.10.1 * Bugfix: Reset ProxyBalancer metrics on each scrape to remove stale data - Update to version 0.10.0 * Add Apache Proxy and other metrics - Update to version 0.8.0 * Change commandline flags * Add metrics: Apache version, request duration total - Adapted to build on Enterprise Linux 8 - Require building with Go 1.15 - Add %license macro for LICENSE file golang-github-prometheus-alertmanager: - Do not include sources (bsc#1200725) golang-github-prometheus-node_exporter: - CVE-2022-21698: Denial of service using InstrumentHandlerCounter. (bsc#1196338, jsc#SLE-24243, jsc#SUMA-114) grafana: - Update to version 8.3.10 + Security: * CVE-2022-31097: Cross Site Scripting vulnerability in the Unified Alerting (bsc#1201535) * CVE-2022-31107: OAuth account takeover vulnerability (bsc#1201539) - Update to version 8.3.9 + Bug fixes: * Geomap: Display legend * Prometheus: Fix timestamp truncation - Update to version 8.3.7 + Bug fix: * Provisioning: Ensure that the default value for orgID is set when provisioning datasources to be deleted. - Update to version 8.3.6 + Features and enhancements: * Cloud Monitoring: Reduce request size when listing labels. * Explore: Show scalar data result in a table instead of graph. * Snapshots: Updates the default external snapshot server URL. * Table: Makes footer not overlap table content. * Tempo: Add request histogram to service graph datalink. * Tempo: Add time range to tempo search query behind a feature flag. * Tempo: Auto-clear results when changing query type. * Tempo: Display start time in search results as relative time. * CloudMonitoring: Fix resource labels in query editor. * Cursor sync: Apply the settings without saving the dashboard. * LibraryPanels: Fix for Error while cleaning library panels. * Logs Panel: Fix timestamp parsing for string dates without timezone. * Prometheus: Fix some of the alerting queries that use reduce/math operation. * TablePanel: Fix ad-hoc variables not working on default datasources. * Text Panel: Fix alignment of elements. * Variables: Fix for constant variables in self referencing links. - Update to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422, jsc#SLE-24565) kiwi-desc-saltboot: - Update to version 0.1.1661440542.6cbe0da * Use standard susemanager.conf * Use salt bundle * Add support fo VirtIO disks mgr-daemon: - Version 4.3.6-1 * Update translation strings spacecmd: - Version 4.3.15-1 * Process date values in spacecmd api calls (bsc#1198903) spacewalk-client-tools: - Version 4.3.12-1 * Update translation strings uyuni-common-libs: - Version 4.3.6-1 * Do not allow creating path if nonexistent user or group in fileutils. Moderate SUSE bug 1196338 SUSE bug 1198903 SUSE bug 1200725 SUSE bug 1201535 SUSE bug 1201539 CVE-2022-21698 CVE-2022-31097 CVE-2022-31107 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies (bsc#1202593). - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). Important SUSE bug 1202593 SUSE bug 1204383 CVE-2022-32221 CVE-2022-35252 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) Important SUSE bug 1200800 SUSE bug 1201680 CVE-2021-46828 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for openjpeg2 fixes the following issues: - CVE-2018-21010: Fixed heap buffer overflow in color_apply_icc_profile in bin/common/color.c (bsc#1149789). - CVE-2020-27824: Fixed OOB read in opj_dwt_calc_explicit_stepsizes() (bsc#1179821). - CVE-2020-27842: Fixed null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c (bsc#1180043). - CVE-2020-27843: Fixed out-of-bounds read in opj_t2_encode_packet function in openjp2/t2.c (bsc#1180044). - CVE-2020-27845: Fixed heap-based buffer over-read in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c (bsc#1180046). Important SUSE bug 1149789 SUSE bug 1179821 SUSE bug 1180043 SUSE bug 1180044 SUSE bug 1180046 CVE-2018-21010 CVE-2020-27824 CVE-2020-27842 CVE-2020-27843 CVE-2020-27845 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). Important SUSE bug 1087072 SUSE bug 1204111 SUSE bug 1204112 SUSE bug 1204113 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690). Critical SUSE bug 1204690 CVE-2021-46848 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for xorg-x11-server fixes the following issues: - CVE-2022-3550: Fixed out of bounds read/write in _GetCountedString() (bsc#1204412). - CVE-2022-3551: Fixed various leaks of the return value of GetComponentSpec() (bsc#1204416). Important SUSE bug 1204412 SUSE bug 1204416 CVE-2022-3550 CVE-2022-3551 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). Important SUSE bug 1204708 CVE-2022-43680 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for glibc fixes the following issues: - CVE-2015-8985: Fixed assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625) - x86: fix stack alignment in pthread_cond_[timed]wait (bsc#1196852) - Recognize ppc64p7 arch to build for power7 Moderate SUSE bug 1193625 SUSE bug 1196852 CVE-2015-8985 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for libvirt fixes the following issues: - CVE-2021-4147: libxl: Fix libvirtd deadlocks and segfaults. (bsc#1194041) - CVE-2021-3975: Add missing lock in qemuProcessHandleMonitorEOF. (bsc#1192876) Important SUSE bug 1192876 SUSE bug 1193981 SUSE bug 1194041 CVE-2021-3975 CVE-2021-4147 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for sudo fixes the following issues: Security fixes: - CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a password of seven characters or fewer and using the crypt() password backend (bsc#1204986). Other: - Make sure SIGCHLD is not ignored when sudo is executed; fixes race condition (bsc#1203201). - Change sudo-ldap schema from ASCII to UTF8 (bsc#1197998). Important SUSE bug 1197998 SUSE bug 1203201 SUSE bug 1204986 CVE-2022-43995 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for xen fixes the following issues: - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806). - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807). - CVE-2021-28689: Fixed speculative vulnerabilities with bare (non-shim) 32-bit PV guests (bsc#1185104). - CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory (bsc#1204482) - CVE-2022-42309: xen: Xenstore: Guests can crash xenstored (bsc#1204485) - CVE-2022-42310: xen: Xenstore: Guests can create orphaned Xenstore nodes (bsc#1204487) - CVE-2022-42319: xen: Xenstore: Guests can cause Xenstore to not free temporary memory (bsc#1204488) - CVE-2022-42320: xen: Xenstore: Guests can get access to Xenstore nodes of deleted domains (bsc#1204489) - CVE-2022-42321: xen: Xenstore: Guests can crash xenstored via exhausting the stack (bsc#1204490) - CVE-2022-42322,CVE-2022-42323: xen: Xenstore: cooperating guests can create arbitrary numbers of nodes (bsc#1204494) - CVE-2022-42325,CVE-2022-42326: xen: Xenstore: Guests can create arbitrary number of nodes via transactions (bsc#1204496) - xen: Frontends vulnerable to backends (bsc#1193923) Important SUSE bug 1185104 SUSE bug 1193923 SUSE bug 1203806 SUSE bug 1203807 SUSE bug 1204482 SUSE bug 1204485 SUSE bug 1204487 SUSE bug 1204488 SUSE bug 1204489 SUSE bug 1204490 SUSE bug 1204494 SUSE bug 1204496 CVE-2021-28689 CVE-2022-33746 CVE-2022-33748 CVE-2022-42309 CVE-2022-42310 CVE-2022-42311 CVE-2022-42312 CVE-2022-42313 CVE-2022-42314 CVE-2022-42315 CVE-2022-42316 CVE-2022-42317 CVE-2022-42318 CVE-2022-42319 CVE-2022-42320 CVE-2022-42321 CVE-2022-42322 CVE-2022-42323 CVE-2022-42325 CVE-2022-42326 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 102.5.0 ESR (MFSA 2022-48, bsc#1205270): - CVE-2022-45403: Service Workers might have learned size of cross-origin media files - CVE-2022-45404: Fullscreen notification bypass - CVE-2022-45405: Use-after-free in InputStream implementation - CVE-2022-45406: Use-after-free of a JavaScript Realm - CVE-2022-45408: Fullscreen notification bypass via windowName - CVE-2022-45409: Use-after-free in Garbage Collection - CVE-2022-45410: ServiceWorker-intercepted requests bypassed SameSite cookie policy - CVE-2022-45411: Cross-Site Tracing was possible via non-standard override headers - CVE-2022-45412: Symlinks may resolve to partially uninitialized buffers - CVE-2022-45416: Keystroke Side-Channel Leakage - CVE-2022-45418: Custom mouse cursor could have been drawn over browser UI - CVE-2022-45420: Iframe contents could be rendered outside the iframe - CVE-2022-45421: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5 Important SUSE bug 1205270 CVE-2022-45403 CVE-2022-45404 CVE-2022-45405 CVE-2022-45406 CVE-2022-45408 CVE-2022-45409 CVE-2022-45410 CVE-2022-45411 CVE-2022-45412 CVE-2022-45416 CVE-2022-45418 CVE-2022-45420 CVE-2022-45421 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for tiff fixes the following issues: - CVE-2022-3597: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204641). - CVE-2022-3599: Fixed out-of-bounds read in writeSingleSection in tools/tiffcrop.c (bnc#1204643). - CVE-2022-3626: Fixed out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c (bnc#1204644) - CVE-2022-3627: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204645). - CVE-2022-3970: Fixed unsigned integer overflow in TIFFReadRGBATileExt() (bnc#1205392). Important SUSE bug 1204641 SUSE bug 1204643 SUSE bug 1204644 SUSE bug 1204645 SUSE bug 1205392 CVE-2022-3597 CVE-2022-3599 CVE-2022-3626 CVE-2022-3627 CVE-2022-3970 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for pixman fixes the following issues: - CVE-2022-44638: Fixed an integer overflow in pixman_sample_floor_y leading to heap out-of-bounds write (bsc#1205033). Important SUSE bug 1205033 CVE-2022-44638 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for python3 fixes the following issues: - CVE-2020-10735: Fixed possible DoS when converting text to int and vice versa (bsc#1203125). - CVE-2022-45061: Fixed possible DoS when IDNA decoding extremely long domain names (bsc#1205244). Important SUSE bug 1203125 SUSE bug 1205244 CVE-2020-10735 CVE-2022-45061 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for exiv2 fixes the following issues: - CVE-2019-13112: Fixed an uncontrolled memory allocation in PngChunk:parseChunkContent causing denial of service. (bsc#1142681) - CVE-2021-37620: Fixed out-of-bounds read in XmpTextValue:read(). (bsc#1189332) - CVE-2021-34334: Fixed a DoS due to integer overflow in loop counter. (bsc#1189338) - CVE-2021-31291: Fixed a heap-based buffer overflow vulnerability in jp2image.cpp may lead to a denial of service via crafted metadata (bsc#1188733). - CVE-2021-32815: Fixed a deny-of-service due to assertion failure in crwimage_int.cpp (bsc#1189337). - CVE-2018-20097: Fixed SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroupsu (bsc#1119562). - CVE-2021-29457: Fixed a heap buffer overflow when write metadata into a crafted image file (bsc#1185002). - CVE-2021-29473: Fixed out-of-bounds read in Exiv2::Jp2Image:doWriteMetadata (bsc#1186231). Important SUSE bug 1119562 SUSE bug 1142681 SUSE bug 1185002 SUSE bug 1186231 SUSE bug 1188733 SUSE bug 1189332 SUSE bug 1189337 SUSE bug 1189338 CVE-2018-20097 CVE-2019-13112 CVE-2021-29457 CVE-2021-29473 CVE-2021-31291 CVE-2021-32815 CVE-2021-34334 CVE-2021-37620 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for busybox fixes the following issues: - CVE-2014-9645: Fixed loading of unwanted modules with / (bsc#914660). - CVE-2017-16544: Fixed insufficient sanitization of filenames when autocompleting (bsc#1069412). - CVE-2015-9261: Fixed huft_build misuses a pointer, causing segfaults (bsc#1102912). - CVE-2016-2147: Fixed out of bounds write (heap) due to integer underflow in udhcpc (bsc#970663). - CVE-2016-2148: Fixed heap-based buffer overflow in OPTION_6RD parsing (bsc#970662). - CVE-2016-6301: Fixed NTP server denial of service flaw (bsc#991940). - CVE-2017-15873: Fixed integer overflow in get_next_block function in archival/libarchive/decompress_bunzip2.c (bsc#1064976). - CVE-2017-15874: Fixed integer overflow in archival/libarchive/decompress_unlzma (bsc#1064978). - CVE-2019-5747: Fixed out of bounds read in udhcp components (bsc#1121428). - CVE-2021-42373, CVE-2021-42374, CVE-2021-42375, CVE-2021-42376, CVE-2021-42377, CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386: v1.34.0 bugfixes (bsc#1192869). - CVE-2021-28831: Fixed invalid free or segmentation fault via malformed gzip data (bsc#1184522). - CVE-2018-20679: Fixed out of bounds read in udhcp (bsc#1121426). - CVE-2018-1000517: Fixed heap-based buffer overflow in the retrieve_file_data() (bsc#1099260). - CVE-2011-5325: Fixed tar directory traversal (bsc#951562). - CVE-2018-1000500: Fixed missing SSL certificate validation in wget (bsc#1099263). - Update to 1.35.0 - awk: fix printf %%, fix read beyond end of buffer - chrt: silence analyzer warning - libarchive: remove duplicate forward declaration - mount: 'mount -o rw ....' should not fall back to RO mount - ps: fix -o pid=PID,args interpreting entire 'PID,args' as header - tar: prevent malicious archives with long name sizes causing OOM - udhcpc6: fix udhcp_find_option to actually find DHCP6 options - xxd: fix -p -r - support for new optoins added to basename, cpio, date, find, mktemp, wget and others - Enable fdisk (jsc#CAR-16) - Update to 1.34.1: * build system: use SOURCE_DATE_EPOCH for timestamp if available * many bug fixes and new features * touch: make FEATURE_TOUCH_NODEREF unconditional - update to 1.33.1: * httpd: fix sendfile * ash: fix HISTFILE corruptio * ash: fix unset variable pattern expansion * traceroute: fix option parsing * gunzip: fix for archive corruption - Update to version 1.33.0 - many bug fixes and new features - Update to version 1.32.1 - fixes a case where in ash, 'wait' never finishes. - prepare usrmerge (bsc#1029961) - Enable testsuite and package it for later rerun (for QA, jsc#CAR-15) - Update to version 1.31.1: + Bug fix release. 1.30.1 has fixes for dc, ash (PS1 expansion fix), hush, dpkg-deb, telnet and wget. - Changes from version 1.31.0: + many bugfixes and new features. - Add busybox-no-stime.patch: stime() has been deprecated in glibc 2.31 and replaced with clock_settime(). - update to 1.25.1: * fixes for hush, gunzip, ip route, ntpd - includes changes from 1.25.0: * many added and expanded implementations of command options - includes changes from 1.24.2: * fixes for build system (static build with glibc fixed), truncate, gunzip and unzip. - Update to version 1.24.1 * for a full list of changes see http://www.busybox.net/news.html - Refresh busybox.install.patch - Update to 1.23.2 * for a full list of changes see http://www.busybox.net/news.html - Cleaned up spec file with spec-cleaner - Refreshed patches - update to 1.22.1: Many updates and fixes for most included tools, see see http://www.busybox.net/news.html Important SUSE bug 1029961 SUSE bug 1064976 SUSE bug 1064978 SUSE bug 1069412 SUSE bug 1099260 SUSE bug 1099263 SUSE bug 1102912 SUSE bug 1121426 SUSE bug 1121428 SUSE bug 1184522 SUSE bug 1191514 SUSE bug 1192869 SUSE bug 914660 SUSE bug 951562 SUSE bug 970662 SUSE bug 970663 SUSE bug 991940 CVE-2011-5325 CVE-2014-9645 CVE-2015-9261 CVE-2016-2147 CVE-2016-2148 CVE-2016-6301 CVE-2017-15873 CVE-2017-15874 CVE-2017-16544 CVE-2018-1000500 CVE-2018-1000517 CVE-2018-20679 CVE-2019-5747 CVE-2021-28831 CVE-2021-42373 CVE-2021-42374 CVE-2021-42375 CVE-2021-42376 CVE-2021-42377 CVE-2021-42378 CVE-2021-42379 CVE-2021-42380 CVE-2021-42381 CVE-2021-42382 CVE-2021-42383 CVE-2021-42384 CVE-2021-42385 CVE-2021-42386 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for python fixes the following issues: - CVE-2022-45061: Fixed a quadratic IDNA decoding time (bsc#1205244). The following non-security bug was fixed: - Making compileall.py compliant with year 2038, backport of fix to Python 2.7 (bsc#1202666, gh#python/cpython#79171). Important SUSE bug 1202666 SUSE bug 1205244 CVE-2022-45061 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for binutils fixes the following issues: The following security bugs were fixed: - CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcpp_file.h (bsc#1142579). - CVE-2021-3530: Fixed stack-based buffer overflow in demangle_path() in rust-demangle.c (bsc#1185597). - CVE-2021-3648: Fixed infinite loop while demangling rust symbols (bsc#1188374). - CVE-2021-3826: Fixed heap/stack buffer overflow in the dlang_lname function in d-demangle.c (bsc#1202969). - CVE-2021-45078: Fixed out-of-bounds write in stab_xcoff_builtin_type() in stabs.c (bsc#1193929). - CVE-2021-46195: Fixed uncontrolled recursion in libiberty/rust-demangle.c (bsc#1194783). - CVE-2022-27943: Fixed stack exhaustion in demangle_const in (bsc#1197592). - CVE-2022-38126: Fixed assertion fail in the display_debug_names() function in binutils/dwarf.c (bsc#1202966). - CVE-2022-38127: Fixed NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c (bsc#1202967). - CVE-2022-38533: Fixed heap out-of-bounds read in bfd_getl32 (bsc#1202816). The following non-security bugs were fixed: - SLE toolchain update of binutils, update to 2.39 from 2.37. - Update to 2.39: * The ELF linker will now generate a warning message if the stack is made executable. Similarly it will warn if the output binary contains a segment with all three of the read, write and execute permission bits set. These warnings are intended to help developers identify programs which might be vulnerable to attack via these executable memory regions. The warnings are enabled by default but can be disabled via a command line option. It is also possible to build a linker with the warnings disabled, should that be necessary. * The ELF linker now supports a --package-metadata option that allows embedding a JSON payload in accordance to the Package Metadata specification. * In linker scripts it is now possible to use TYPE=<type> in an output section description to set the section type value. * The objdump program now supports coloured/colored syntax highlighting of its disassembler output for some architectures. (Currently: AVR, RiscV, s390, x86, x86_64). * The nm program now supports a --no-weak/-W option to make it ignore weak symbols. * The readelf and objdump programs now support a -wE option to prevent them from attempting to access debuginfod servers when following links. * The objcopy program's --weaken, --weaken-symbol, and --weaken-symbols options now works with unique symbols as well. - Update to 2.38: * elfedit: Add --output-abiversion option to update ABIVERSION. * Add support for the LoongArch instruction set. * Tools which display symbols or strings (readelf, strings, nm, objdump) have a new command line option which controls how unicode characters are handled. By default they are treated as normal for the tool. Using --unicode=locale will display them according to the current locale. Using --unicode=hex will display them as hex byte values, whilst --unicode=escape will display them as escape sequences. In addition using --unicode=highlight will display them as unicode escape sequences highlighted in red (if supported by the output device). * readelf -r dumps RELR relative relocations now. * Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been added to objcopy in order to enable UEFI development using binutils (bsc#1198458). * ar: Add --thin for creating thin archives. -T is a deprecated alias without diagnostics. In many ar implementations -T has a different meaning, as specified by X/Open System Interface. * Add support for AArch64 system registers that were missing in previous releases. * Add support for the LoongArch instruction set. * Add a command-line option, -muse-unaligned-vector-move, for x86 target to encode aligned vector move as unaligned vector move. * Add support for Cortex-R52+ for Arm. * Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64. * Add support for Cortex-A710 for Arm. * Add support for Scalable Matrix Extension (SME) for AArch64. * The --multibyte-handling=[allow|warn|warn-sym-only] option tells the assembler what to when it encoutners multibyte characters in the input. The default is to allow them. Setting the option to 'warn' will generate a warning message whenever any multibyte character is encountered. Using the option to 'warn-sym-only' will make the assembler generate a warning whenever a symbol is defined containing multibyte characters. (References to undefined symbols will not generate warnings). * Outputs of .ds.x directive and .tfloat directive with hex input from x86 assembler have been reduced from 12 bytes to 10 bytes to match the output of .tfloat directive. * Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in AArch64 GAS. * Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS. * Add support for Intel AVX512_FP16 instructions. * Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF linker to pack relative relocations in the DT_RELR section. * Add support for the LoongArch architecture. * Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF linker to control canonical function pointers and copy relocation. * Add --max-cache-size=SIZE to set the the maximum cache size to SIZE bytes. - Fixed regression that prevented .ko.debug to be loaded in crash tool (bsc#1191908). - Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes. - Add gprofng subpackage. - Include recognition of 'z16' name for 'arch14' on s390. (bsc#1198237). - Add back fix for bsc#1191473, which got lost in the update to 2.38. - Install symlinks for all target specific tools on arm-eabi-none (bsc#1185712). - Enable PRU architecture for AM335x CPU (Beagle Bone Black board) Important SUSE bug 1142579 SUSE bug 1185597 SUSE bug 1185712 SUSE bug 1188374 SUSE bug 1191473 SUSE bug 1191908 SUSE bug 1193929 SUSE bug 1194783 SUSE bug 1197592 SUSE bug 1198237 SUSE bug 1198458 SUSE bug 1202816 SUSE bug 1202966 SUSE bug 1202967 SUSE bug 1202969 CVE-2019-1010204 CVE-2021-3530 CVE-2021-3648 CVE-2021-3826 CVE-2021-45078 CVE-2021-46195 CVE-2022-27943 CVE-2022-38126 CVE-2022-38127 CVE-2022-38533 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS Security fixes: - CVE-2022-32888: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205121). - CVE-2022-32923: Fixed possible information leak via maliciously crafted web content (bsc#1205122). - CVE-2022-42799: Fixed user interface spoofing when visiting a malicious website (bsc#1205123). - CVE-2022-42823: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205120). - CVE-2022-42824: Fixed possible sensitive user information leak via maliciously crafted web content (bsc#1205124). Update to version 2.38.2: - Fix scrolling issues in some sites having fixed background. - Fix prolonged buffering during progressive live playback. - Fix the build with accessibility disabled. - Fix several crashes and rendering issues. Update to version 2.38.1: - Make xdg-dbus-proxy work if host session bus address is an abstract socket. - Use a single xdg-dbus-proxy process when sandbox is enabled. - Fix high resolution video playback due to unimplemented changeType operation. - Ensure GSubprocess uses posix_spawn() again and inherit file descriptors. - Fix player stucking in buffering (paused) state for progressive streaming. - Do not try to preconnect on link click when link preconnect setting is disabled. - Fix close status code returned when the client closes a WebSocket in some cases. - Fix media player duration calculation. - Fix several crashes and rendering issues. Update to version 2.38.0: - New media controls UI style. - Add new API to set WebView's Content-Security-Policy for web extensions support. - Make it possible to use the remote inspector from other browsers using WEBKIT_INSPECTOR_HTTP_SERVER env var. - MediaSession is enabled by default, allowing remote media control using MPRIS. - Add support for PDF documents using PDF.js. Important SUSE bug 1205120 SUSE bug 1205121 SUSE bug 1205122 SUSE bug 1205123 SUSE bug 1205124 CVE-2022-32888 CVE-2022-32923 CVE-2022-42799 CVE-2022-42823 CVE-2022-42824 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for java-1_8_0-ibm fixes the following issues: - CVE-2022-21626: An unauthenticated attacker with network access via HTTPS can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204471). - CVE-2022-21618: An unauthenticated attacker with network access via Kerberos can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204468). - CVE-2022-21619: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE (bsc#1204473). - CVE-2022-21628: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204472). - CVE-2022-21624: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise (bsc#1204475). - CVE-2022-39399: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204480). - Update to Java 8.0 Service Refresh 7 Fix Pack 20 [bsc#1205302] * Security: - The IBM ORB Does Not Support Object-Serialisation Data Filtering - Large Allocation In CipherSuite - Avoid Evaluating Sslalgorithmconstraints Twice - Cache The Results Of Constraint Checks - An incorrect ShortBufferException is thrown by IBMJCEPlus, IBMJCEPlusFIPS during cipher update operation - Disable SHA-1 Signed Jars For Ea - JSSE Performance Improvement - Oracle Road Map Kerberos Deprecation Of 3DES And RC4 Encryption * Java 8/Orb: - Upgrade ibmcfw.jar To Version o2228.02 * Class Libraries: - Crash In Libjsor.So During An Rdma Failover - High CPU Consumption Observed In ZosEventPort$EventHandlerTask.run - Update Timezone Information To The Latest tzdata2022c * Jit Compiler: - Crash During JIT Compilation - Incorrect JIT Optimization Of Java Code - Incorrect Return From Class.isArray() - Unexpected ClassCastException - Performance Regression When Calling VM Helper Code On X86 * X/Os Extentions: - Add RSA-OAEP Cipher Function To IBMJCECCA - Update to Java 8.0 Service Refresh 7 Fix Pack 16 * Java Virtual Machine - Assertion failure at ClassLoaderRememberedSet.cpp - Assertion failure at StandardAccessBarrier.cpp when -Xgc:concurrentScavenge is set. - GC can have unflushed ownable synchronizer objects which can eventually lead to heap corruption and failure when -Xgc:concurrentScavenge is set. * JIT Compiler: - Incorrect JIT optimization of Java code - JAVA JIT Power: JIT compile time assert on AIX or LINUXPPC * Reliability and Serviceability: - javacore with 'kill -3' SIGQUIT signal freezes Java process Moderate SUSE bug 1204468 SUSE bug 1204471 SUSE bug 1204472 SUSE bug 1204473 SUSE bug 1204475 SUSE bug 1204480 SUSE bug 1205302 CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-39399 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for supportutils fixes the following issues: Security issues fixed: - Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818) Moderate SUSE bug 1203818 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for grub2 fixes the following issues: Security Fixes: - CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178). - CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182). Other: - Bump upstream SBAT generation to 3 - Fix unreadable filesystem with xfs v4 superblock (bsc#1205520). - Remove zfs modules (bsc#1205554). Important SUSE bug 1205178 SUSE bug 1205182 SUSE bug 1205520 SUSE bug 1205554 CVE-2022-2601 CVE-2022-3775 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for tomcat fixes the following issues: - CVE-2022-42252: Fixed a request smuggling (bsc#1204918). Important SUSE bug 1204918 CVE-2022-42252 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for emacs fixes the following issues: - CVE-2022-45939: Fixed shell command injection via source code files when using ctags (bsc#1205822). Important SUSE bug 1205822 CVE-2022-45939 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). Important SUSE bug 1205126 CVE-2022-42898 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u352 (icedtea-3.25.0): - CVE-2022-21619,CVE-2022-21624: Fixed difficult to exploit vulnerability allows unauthenticated attacker with network access and can cause unauthorized update, insert or delete access via multiple protocols (bsc#1204473,bsc#1204475). - CVE-2022-21626: Fixed easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to cause partial denial of service (bsc#1204471). - CVE-2022-21628: Fixed easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to cause partial denial of service (bsc#1204472). Moderate SUSE bug 1204471 SUSE bug 1204472 SUSE bug 1204473 SUSE bug 1204475 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS glibc was updated to fix the following issues: Security issues fixed: - CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640) - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770) Bugs fixed: - Make endian-conversion macros always return correct types (bsc#1193478, BZ #16458) - Allow dlopen of filter object to work (bsc#1192620, BZ #16272) - x86: fix stack alignment in cancelable syscall stub (bsc#1191835) Important SUSE bug 1191835 SUSE bug 1192620 SUSE bug 1193478 SUSE bug 1194640 SUSE bug 1194768 SUSE bug 1194770 CVE-2021-3999 CVE-2022-23218 CVE-2022-23219 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 102.6.0 ESR (bsc#1206242): - CVE-2022-46880: Use-after-free in WebGL - CVE-2022-46872: Arbitrary file read from a compromised content process - CVE-2022-46881: Memory corruption in WebGL - CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions - CVE-2022-46875: Download Protections were bypassed by .atloc and .ftploc files on Mac OS - CVE-2022-46882: Use-after-free in WebGL - CVE-2022-46878: Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6 Important SUSE bug 1206242 CVE-2022-46872 CVE-2022-46874 CVE-2022-46875 CVE-2022-46878 CVE-2022-46880 CVE-2022-46881 CVE-2022-46882 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for zabbix fixes the following issues: - CVE-2022-43515: X-Forwarded-For header is active by default causes access to Zabbix sites in maintenance mode (bsc#1206083). Moderate SUSE bug 1206083 CVE-2022-43515 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for xorg-x11-server fixes the following issues: - CVE-2022-46340: Server XTestSwapFakeInput stack overflow (bsc#1205874) - CVE-2022-46341: Server XIPassiveUngrabDevice out-of-bounds access (bsc#1205877) - CVE-2022-46342: Server XvdiSelectVideoNotify use-after-free (bsc#1205879) - CVE-2022-46343: Server ScreenSaverSetAttributes use-after-free (bsc#1205878) - CVE-2022-46344: Server XIChangeProperty out-of-bounds access (bsc#1205876) - CVE-2022-4283: Reset the radio_groups pointer to NULL after freeing it (bsc#1206017) - Xi: return an error from XI property changes if verification failed (bsc#1205875) Important SUSE bug 1205874 SUSE bug 1205875 SUSE bug 1205876 SUSE bug 1205877 SUSE bug 1205878 SUSE bug 1205879 SUSE bug 1206017 CVE-2022-4283 CVE-2022-46340 CVE-2022-46341 CVE-2022-46342 CVE-2022-46343 CVE-2022-46344 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for java-1_7_1-ibm fixes the following issues: IBM Security Update November 2022: (bsc#1205302, bsc#1204703) - CVE-2022-3676: A security vulnerability was fixed in version 7.1.5.15, adding the reference here. Moderate SUSE bug 1204703 SUSE bug 1205302 CVE-2022-3676 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for java-1_8_0-ibm fixes the following issues: IBM Security Update November 2022: (bsc#1205302, bsc#1204703) - CVE-2022-3676: A security vulnerability was fixed in version 8.0.7.20, adding the reference here. Moderate SUSE bug 1204703 SUSE bug 1205302 CVE-2022-3676 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-42328: Guests could trigger denial of service via the netback driver (bsc#1206114). - CVE-2022-42329: Guests could trigger denial of service via the netback driver (bsc#1206113). - CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bsc#1206113). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bsc#1202686). - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bsc#1198702). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bsc#1204653). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bsc#1204402). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bsc#1204635). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bsc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bsc#1204647). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bsc#1204574). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bsc#1204479). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204431). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bsc#1204354). - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory (bsc#1203514). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bsc#1204168). - CVE-2022-3169: Fixed an denial of service though request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290). - CVE-2022-40307: Fixed a race condition that could had been exploited to trigger a use-after-free in the efi firmware capsule-loader.c (bsc#1203322). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-3521: Fixed a race condition in kcm_tx_work() of the file net/kcm/kcmsock.c (bsc#1204355). - CVE-2022-2153: Fixed a NULL pointer dereference in the KVM subsystem, when attempting to set a SynIC IRQ (bsc#1200788). - CVE-2022-41848: Fixed a race condition in drivers/char/pcmcia/synclink_cs.c mgslpc_ioctl and mgslpc_detach (bsc#1203987). The following non-security bugs were fixed: - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - sunrpc: Re-purpose trace_svc_process (bsc#1205006). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - x86/hyperv: Set pv_info.name to 'Hyper-V' (git-fixes). Important SUSE bug 1196018 SUSE bug 1198702 SUSE bug 1200788 SUSE bug 1201455 SUSE bug 1202686 SUSE bug 1203008 SUSE bug 1203183 SUSE bug 1203290 SUSE bug 1203322 SUSE bug 1203514 SUSE bug 1203960 SUSE bug 1203987 SUSE bug 1204166 SUSE bug 1204168 SUSE bug 1204170 SUSE bug 1204354 SUSE bug 1204355 SUSE bug 1204402 SUSE bug 1204414 SUSE bug 1204415 SUSE bug 1204424 SUSE bug 1204431 SUSE bug 1204432 SUSE bug 1204439 SUSE bug 1204479 SUSE bug 1204574 SUSE bug 1204576 SUSE bug 1204631 SUSE bug 1204635 SUSE bug 1204636 SUSE bug 1204646 SUSE bug 1204647 SUSE bug 1204653 SUSE bug 1204868 SUSE bug 1205006 SUSE bug 1205128 SUSE bug 1205130 SUSE bug 1205220 SUSE bug 1205473 SUSE bug 1205514 SUSE bug 1205671 SUSE bug 1205705 SUSE bug 1205709 SUSE bug 1205796 SUSE bug 1206113 SUSE bug 1206114 SUSE bug 1206207 CVE-2021-4037 CVE-2022-2153 CVE-2022-28693 CVE-2022-28748 CVE-2022-2964 CVE-2022-3169 CVE-2022-3424 CVE-2022-3521 CVE-2022-3524 CVE-2022-3542 CVE-2022-3545 CVE-2022-3565 CVE-2022-3567 CVE-2022-3586 CVE-2022-3594 CVE-2022-3621 CVE-2022-3628 CVE-2022-3629 CVE-2022-3635 CVE-2022-3643 CVE-2022-3646 CVE-2022-3649 CVE-2022-3903 CVE-2022-40307 CVE-2022-40768 CVE-2022-4095 CVE-2022-41848 CVE-2022-41850 CVE-2022-41858 CVE-2022-42328 CVE-2022-42329 CVE-2022-42703 CVE-2022-42895 CVE-2022-42896 CVE-2022-43750 CVE-2022-4378 CVE-2022-43945 CVE-2022-45934 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for vim fixes the following issues: Updated to version 9.0.0814: * Fixing bsc#1192478 VUL-1: CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow * Fixing bsc#1203508 VUL-0: CVE-2022-3234: vim: Heap-based Buffer Overflow prior to 9.0.0483. * Fixing bsc#1203509 VUL-1: CVE-2022-3235: vim: Use After Free in GitHub prior to 9.0.0490. * Fixing bsc#1203820 VUL-0: CVE-2022-3324: vim: Stack-based Buffer Overflow in prior to 9.0.0598. * Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c * Fixing bsc#1203152 VUL-1: CVE-2022-2982: vim: use after free in qf_fill_buffer() * Fixing bsc#1203796 VUL-1: CVE-2022-3296: vim: stack out of bounds read in ex_finally() in ex_eval.c * Fixing bsc#1203797 VUL-1: CVE-2022-3297: vim: use-after-free in process_next_cpt_value() at insexpand.c * Fixing bsc#1203110 VUL-1: CVE-2022-3099: vim: Use After Free in ex_docmd.c * Fixing bsc#1203194 VUL-1: CVE-2022-3134: vim: use after free in do_tag() * Fixing bsc#1203272 VUL-1: CVE-2022-3153: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404. * Fixing bsc#1203799 VUL-1: CVE-2022-3278: vim: NULL pointer dereference in eval_next_non_blank() in eval.c * Fixing bsc#1203924 VUL-1: CVE-2022-3352: vim: vim: use after free * Fixing bsc#1203155 VUL-1: CVE-2022-2980: vim: null pointer dereference in do_mouse() * Fixing bsc#1202962 VUL-1: CVE-2022-3037: vim: Use After Free in vim prior to 9.0.0321 * Fixing bsc#1200884 Vim: Error on startup * Fixing bsc#1200902 VUL-0: CVE-2022-2183: vim: Out-of-bounds Read through get_lisp_indent() Mon 13:32 * Fixing bsc#1200903 VUL-0: CVE-2022-2182: vim: Heap-based Buffer Overflow through parse_cmd_address() Tue 08:37 * Fixing bsc#1200904 VUL-0: CVE-2022-2175: vim: Buffer Over-read through cmdline_insert_reg() Tue 08:37 * Fixing bsc#1201249 VUL-0: CVE-2022-2304: vim: stack buffer overflow in spell_dump_compl() * Fixing bsc#1201356 VUL-1: CVE-2022-2343: vim: Heap-based Buffer Overflow in GitHub repository vim prior to 9.0.0044 * Fixing bsc#1201359 VUL-1: CVE-2022-2344: vim: Another Heap-based Buffer Overflow vim prior to 9.0.0045 * Fixing bsc#1201363 VUL-1: CVE-2022-2345: vim: Use After Free in GitHub repository vim prior to 9.0.0046. * Fixing bsc#1201620 vim: SLE-15-SP4-Full-x86_64-GM-Media1 and vim-plugin-tlib-1.27-bp154.2.18.noarch issue * Fixing bsc#1202414 VUL-1: CVE-2022-2819: vim: Heap-based Buffer Overflow in compile_lock_unlock() * Fixing bsc#1202552 VUL-1: CVE-2022-2874: vim: NULL Pointer Dereference in generate_loadvar() * Fixing bsc#1200270 VUL-1: CVE-2022-1968: vim: use after free in utf_ptr2char * Fixing bsc#1200697 VUL-1: CVE-2022-2124: vim: out of bounds read in current_quote() * Fixing bsc#1200698 VUL-1: CVE-2022-2125: vim: out of bounds read in get_lisp_indent() * Fixing bsc#1200700 VUL-1: CVE-2022-2126: vim: out of bounds read in suggest_trie_walk() * Fixing bsc#1200701 VUL-1: CVE-2022-2129: vim: out of bounds write in vim_regsub_both() * Fixing bsc#1200732 VUL-1: CVE-2022-1720: vim: out of bounds read in grab_file_name() * Fixing bsc#1201132 VUL-1: CVE-2022-2264: vim: out of bounds read in inc() * Fixing bsc#1201133 VUL-1: CVE-2022-2284: vim: out of bounds read in utfc_ptr2len() * Fixing bsc#1201134 VUL-1: CVE-2022-2285: vim: negative size passed to memmove() due to integer overflow * Fixing bsc#1201135 VUL-1: CVE-2022-2286: vim: out of bounds read in ins_bytes() * Fixing bsc#1201136 VUL-1: CVE-2022-2287: vim: out of bounds read in suggest_trie_walk() * Fixing bsc#1201150 VUL-1: CVE-2022-2231: vim: null pointer dereference skipwhite() * Fixing bsc#1201151 VUL-1: CVE-2022-2210: vim: out of bounds read in ml_append_int() * Fixing bsc#1201152 VUL-1: CVE-2022-2208: vim: null pointer dereference in diff_check() * Fixing bsc#1201153 VUL-1: CVE-2022-2207: vim: out of bounds read in ins_bs() * Fixing bsc#1201154 VUL-1: CVE-2022-2257: vim: out of bounds read in msg_outtrans_special() * Fixing bsc#1201155 VUL-1: CVE-2022-2206: vim: out of bounds read in msg_outtrans_attr() * Fixing bsc#1201863 VUL-1: CVE-2022-2522: vim: out of bounds read via nested autocommand * Fixing bsc#1202046 VUL-1: CVE-2022-2571: vim: Heap-based Buffer Overflow related to ins_comp_get_next_word_or_line() * Fixing bsc#1202049 VUL-1: CVE-2022-2580: vim: Heap-based Buffer Overflow related to eval_string() * Fixing bsc#1202050 VUL-1: CVE-2022-2581: vim: Out-of-bounds Read related to cstrchr() * Fixing bsc#1202051 VUL-1: CVE-2022-2598: vim: Undefined Behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput() * Fixing bsc#1202420 VUL-1: CVE-2022-2817: vim: Use After Free in f_assert_fails() * Fixing bsc#1202421 VUL-1: CVE-2022-2816: vim: Out-of-bounds Read in check_vim9_unlet() * Fixing bsc#1202511 VUL-1: CVE-2022-2862: vim: use-after-free in compile_nested_function() * Fixing bsc#1202512 VUL-1: CVE-2022-2849: vim: Invalid memory access related to mb_ptr2len() * Fixing bsc#1202515 VUL-1: CVE-2022-2845: vim: Buffer Over-read related to display_dollar() * Fixing bsc#1202599 VUL-1: CVE-2022-2889: vim: use-after-free in find_var_also_in_script() in evalvars.c * Fixing bsc#1202687 VUL-1: CVE-2022-2923: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240 * Fixing bsc#1202689 VUL-1: CVE-2022-2946: vim: use after free in function vim_vsnprintf_typval * Fixing bsc#1202862 VUL-1: CVE-2022-3016: vim: Use After Free in vim prior to 9.0.0285 Mon 12:00 * Fixing bsc#1191770 VUL-0: CVE-2021-3875: vim: heap-based buffer overflow * Fixing bsc#1192167 VUL-0: CVE-2021-3903: vim: heap-based buffer overflow * Fixing bsc#1192902 VUL-0: CVE-2021-3968: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1192903 VUL-0: CVE-2021-3973: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1192904 VUL-0: CVE-2021-3974: vim: vim is vulnerable to Use After Free * Fixing bsc#1193466 VUL-1: CVE-2021-4069: vim: use-after-free in ex_open() in src/ex_docmd.c * Fixing bsc#1193905 VUL-0: CVE-2021-4136: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1194093 VUL-1: CVE-2021-4166: vim: vim is vulnerable to Out-of-bounds Read * Fixing bsc#1194216 VUL-1: CVE-2021-4193: vim: vulnerable to Out-of-bounds Read * Fixing bsc#1194217 VUL-0: CVE-2021-4192: vim: vulnerable to Use After Free * Fixing bsc#1194872 VUL-0: CVE-2022-0261: vim: Heap-based Buffer Overflow in vim prior to 8.2. * Fixing bsc#1194885 VUL-0: CVE-2022-0213: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1195004 VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in vim prior to 8.2. * Fixing bsc#1195203 VUL-0: CVE-2022-0359: vim: heap-based buffer overflow in init_ccline() in ex_getln.c * Fixing bsc#1195354 VUL-0: CVE-2022-0407: vim: Heap-based Buffer Overflow in Conda vim prior to 8.2. * Fixing bsc#1198596 VUL-0: CVE-2022-1381: vim: global heap buffer overflow in skip_range * Fixing bsc#1199331 VUL-0: CVE-2022-1616: vim: Use after free in append_command * Fixing bsc#1199333 VUL-0: CVE-2022-1619: vim: Heap-based Buffer Overflow in function cmdline_erase_chars * Fixing bsc#1199334 VUL-0: CVE-2022-1620: vim: NULL Pointer Dereference in function vim_regexec_string * Fixing bsc#1199747 VUL-0: CVE-2022-1796: vim: Use After in find_pattern_in_path * Fixing bsc#1200010 VUL-0: CVE-2022-1897: vim: Out-of-bounds Write in vim * Fixing bsc#1200011 VUL-0: CVE-2022-1898: vim: Use After Free in vim prior to 8.2 * Fixing bsc#1200012 VUL-0: CVE-2022-1927: vim: Buffer Over-read in vim prior to 8.2 * Fixing bsc#1070955 VUL-1: CVE-2017-17087: vim: Sets the group ownership of a .swp file to the editor's primary group, which allows local users to obtain sensitive information * Fixing bsc#1194388 VUL-1: CVE-2022-0128: vim: vim is vulnerable to Out-of-bounds Read * Fixing bsc#1195332 VUL-1: CVE-2022-0392: vim: Heap-based Buffer Overflow in vim prior to 8.2 * Fixing bsc#1196361 VUL-1: CVE-2022-0696: vim: NULL Pointer Dereference in vim prior to 8.2 * Fixing bsc#1198748 VUL-1: CVE-2022-1420: vim: Out-of-range Pointer Offset * Fixing bsc#1199651 VUL-1: CVE-2022-1735: vim: heap buffer overflow * Fixing bsc#1199655 VUL-1: CVE-2022-1733: vim: Heap-based Buffer Overflow in cindent.c * Fixing bsc#1199693 VUL-1: CVE-2022-1771: vim: stack exhaustion in vim prior to 8.2. * Fixing bsc#1199745 VUL-1: CVE-2022-1785: vim: Out-of-bounds Write * Fixing bsc#1199936 VUL-1: CVE-2022-1851: vim: out of bounds read * Fixing bsc#1195004 - (CVE-2022-0318) VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in vim prior to 8.2. * Fixing bsc#1190570 CVE-2021-3796: vim: use-after-free in nv_replace() in normal.c * Fixing bsc#1191893 CVE-2021-3872: vim: heap-based buffer overflow in win_redr_status() drawscreen.c * Fixing bsc#1192481 CVE-2021-3927: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1192478 CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow * Fixing bsc#1193294 CVE-2021-4019: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1193298 CVE-2021-3984: vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow * Fixing bsc#1190533 CVE-2021-3778: vim: Heap-based Buffer Overflow in regexp_nfa.c * Fixing bsc#1194216 CVE-2021-4193: vim: vulnerable to Out-of-bounds Read * Fixing bsc#1194556 CVE-2021-46059: vim: A Pointer Dereference vulnerability exists in Vim 8.2.3883 via the vim_regexec_multi function at regexp.c, which causes a denial of service. * Fixing bsc#1195066 CVE-2022-0319: vim: Out-of-bounds Read in vim/vim prior to 8.2. * Fixing bsc#1195126 CVE-2022-0351: vim: uncontrolled recursion in eval7() * Fixing bsc#1195202 CVE-2022-0361: vim: Heap-based Buffer Overflow in vim prior to 8.2. * Fixing bsc#1195356 CVE-2022-0413: vim: use after free in src/ex_cmds.c Moderate SUSE bug 1070955 SUSE bug 1173256 SUSE bug 1174564 SUSE bug 1176549 SUSE bug 1182324 SUSE bug 1190533 SUSE bug 1190570 SUSE bug 1191770 SUSE bug 1191893 SUSE bug 1192167 SUSE bug 1192478 SUSE bug 1192481 SUSE bug 1192902 SUSE bug 1192903 SUSE bug 1192904 SUSE bug 1193294 SUSE bug 1193298 SUSE bug 1193466 SUSE bug 1193905 SUSE bug 1194093 SUSE bug 1194216 SUSE bug 1194217 SUSE bug 1194388 SUSE bug 1194556 SUSE bug 1194872 SUSE bug 1194885 SUSE bug 1195004 SUSE bug 1195066 SUSE bug 1195126 SUSE bug 1195202 SUSE bug 1195203 SUSE bug 1195332 SUSE bug 1195354 SUSE bug 1195356 SUSE bug 1196361 SUSE bug 1198596 SUSE bug 1198748 SUSE bug 1199331 SUSE bug 1199333 SUSE bug 1199334 SUSE bug 1199651 SUSE bug 1199655 SUSE bug 1199693 SUSE bug 1199745 SUSE bug 1199747 SUSE bug 1199936 SUSE bug 1200010 SUSE bug 1200011 SUSE bug 1200012 SUSE bug 1200270 SUSE bug 1200697 SUSE bug 1200698 SUSE bug 1200700 SUSE bug 1200701 SUSE bug 1200732 SUSE bug 1200884 SUSE bug 1200902 SUSE bug 1200903 SUSE bug 1200904 SUSE bug 1201132 SUSE bug 1201133 SUSE bug 1201134 SUSE bug 1201135 SUSE bug 1201136 SUSE bug 1201150 SUSE bug 1201151 SUSE bug 1201152 SUSE bug 1201153 SUSE bug 1201154 SUSE bug 1201155 SUSE bug 1201249 SUSE bug 1201356 SUSE bug 1201359 SUSE bug 1201363 SUSE bug 1201620 SUSE bug 1201863 SUSE bug 1202046 SUSE bug 1202049 SUSE bug 1202050 SUSE bug 1202051 SUSE bug 1202414 SUSE bug 1202420 SUSE bug 1202421 SUSE bug 1202511 SUSE bug 1202512 SUSE bug 1202515 SUSE bug 1202552 SUSE bug 1202599 SUSE bug 1202687 SUSE bug 1202689 SUSE bug 1202862 SUSE bug 1202962 SUSE bug 1203110 SUSE bug 1203152 SUSE bug 1203155 SUSE bug 1203194 SUSE bug 1203272 SUSE bug 1203508 SUSE bug 1203509 SUSE bug 1203796 SUSE bug 1203797 SUSE bug 1203799 SUSE bug 1203820 SUSE bug 1203924 SUSE bug 1204779 CVE-2009-0316 CVE-2016-1248 CVE-2017-17087 CVE-2017-5953 CVE-2017-6349 CVE-2017-6350 CVE-2021-3778 CVE-2021-3796 CVE-2021-3872 CVE-2021-3875 CVE-2021-3903 CVE-2021-3927 CVE-2021-3928 CVE-2021-3968 CVE-2021-3973 CVE-2021-3974 CVE-2021-3984 CVE-2021-4019 CVE-2021-4069 CVE-2021-4136 CVE-2021-4166 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 CVE-2022-0213 CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0392 CVE-2022-0407 CVE-2022-0413 CVE-2022-0696 CVE-2022-1381 CVE-2022-1420 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1720 CVE-2022-1733 CVE-2022-1735 CVE-2022-1771 CVE-2022-1785 CVE-2022-1796 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1927 CVE-2022-1968 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2175 CVE-2022-2182 CVE-2022-2183 CVE-2022-2206 CVE-2022-2207 CVE-2022-2208 CVE-2022-2210 CVE-2022-2231 CVE-2022-2257 CVE-2022-2264 CVE-2022-2284 CVE-2022-2285 CVE-2022-2286 CVE-2022-2287 CVE-2022-2304 CVE-2022-2343 CVE-2022-2344 CVE-2022-2345 CVE-2022-2522 CVE-2022-2571 CVE-2022-2580 CVE-2022-2581 CVE-2022-2598 CVE-2022-2816 CVE-2022-2817 CVE-2022-2819 CVE-2022-2845 CVE-2022-2849 CVE-2022-2862 CVE-2022-2874 CVE-2022-2889 CVE-2022-2923 CVE-2022-2946 CVE-2022-2980 CVE-2022-2982 CVE-2022-3016 CVE-2022-3037 CVE-2022-3099 CVE-2022-3134 CVE-2022-3153 CVE-2022-3234 CVE-2022-3235 CVE-2022-3278 CVE-2022-3296 CVE-2022-3297 CVE-2022-3324 CVE-2022-3352 CVE-2022-3705 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 Important SUSE bug 1206212 SUSE bug 1206622 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for virglrenderer fixes the following issues: - CVE-2022-0135: Fixed out-of-bonds write in read_transfer_data() (bsc#1195389). Important SUSE bug 1195389 CVE-2022-0135 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). Important SUSE bug 1195054 SUSE bug 1195217 CVE-2022-23852 CVE-2022-23990 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for tiff fixes the following issues: - CVE-2017-17095: Fixed DoS in tools/pal2rgb.c in pal2rgb (bsc#1071031). - CVE-2019-17546: Fixed integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image (bsc#1154365). - CVE-2020-19131: Fixed buffer overflow in tiffcrop that may cause DoS via the invertImage() function (bsc#1190312). - CVE-2020-35521: Fixed memory allocation failure in tif_read.c (bsc#1182808). - CVE-2020-35522: Fixed memory allocation failure in tif_pixarlog.c (bsc#1182809). - CVE-2020-35523: Fixed integer overflow in tif_getimage.c (bsc#1182811). - CVE-2020-35524: Fixed heap-based buffer overflow in TIFF2PDF tool (bsc#1182812). - CVE-2022-22844: Fixed out-of-bounds read in _TIFFmemcpy in tif_unix.c (bsc#1194539). Important SUSE bug 1071031 SUSE bug 1154365 SUSE bug 1182808 SUSE bug 1182809 SUSE bug 1182811 SUSE bug 1182812 SUSE bug 1190312 SUSE bug 1194539 CVE-2017-17095 CVE-2019-17546 CVE-2020-19131 CVE-2020-35521 CVE-2020-35522 CVE-2020-35523 CVE-2020-35524 CVE-2022-22844 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for tcpdump fixes the following issues: - CVE-2018-16301: Fixed segfault when handling large files (bsc#1195825). Moderate SUSE bug 1195825 CVE-2018-16301 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for xerces-j2 fixes the following issues: - CVE-2022-23437: Fixed infinite loop within Apache XercesJ xml parser (bsc#1195108). Important SUSE bug 1195108 CVE-2022-23437 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.6.0 ESR / MFSA 2022-05 (bsc#1195682) - CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance Service - CVE-2022-22754: Extensions could have bypassed permission confirmation during update - CVE-2022-22756: Drag and dropping an image could have resulted in the dropped object being an executable - CVE-2022-22759: Sandboxed iframes could have executed script if the parent appended elements - CVE-2022-22760: Cross-Origin responses could be distinguished between script and non-script content-types - CVE-2022-22761: frame-ancestors Content Security Policy directive was not enforced for framed extension pages - CVE-2022-22763: Script Execution during invalid object state - CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6 Firefox Extended Support Release 91.5.1 ESR (bsc#1195230) - Fixed an issue that allowed unexpected data to be submitted in some of our search telemetry Important SUSE bug 1195230 SUSE bug 1195682 CVE-2022-22753 CVE-2022-22754 CVE-2022-22756 CVE-2022-22759 CVE-2022-22760 CVE-2022-22761 CVE-2022-22763 CVE-2022-22764 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220207 release. - CVE-2021-0146: Fixed a potential security vulnerability in some Intel Processors may allow escalation of privilege (bsc#1192615) - CVE-2021-0127: Intel Processor Breakpoint Control Flow (bsc#1195779) - CVE-2021-0145: Fast store forward predictor - Cross Domain Training (bsc#1195780) - CVE-2021-33120: Out of bounds read for some Intel Atom processors (bsc#1195781) - Security updates for [INTEL-SA-00528](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html) - Security updates for [INTEL-SA-00532](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00532.html) Important SUSE bug 1192615 SUSE bug 1195779 SUSE bug 1195780 SUSE bug 1195781 CVE-2021-0127 CVE-2021-0145 CVE-2021-0146 CVE-2021-33120 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for apache2 fixes the following issues: - CVE-2021-44224: Fixed NULL dereference or SSRF in forward proxy configurations. (bsc#1193943) - CVE-2021-44790: Fixed buffer overflow when parsing multipart content in mod_lua. (bsc#1193942) Important SUSE bug 1193942 SUSE bug 1193943 CVE-2021-44224 CVE-2021-44790 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for webkit2gtk3 fixes the following issues: Update to version 2.34.5 (bsc#1195735): - CVE-2022-22589: A validation issue was addressed with improved input sanitization. - CVE-2022-22590: A use after free issue was addressed with improved memory management. - CVE-2022-22592: A logic issue was addressed with improved state management. Update to version 2.34.4 (bsc#1195064): - CVE-2021-30934: A buffer overflow issue was addressed with improved memory handling. - CVE-2021-30936: A use after free issue was addressed with improved memory management. - CVE-2021-30951: A use after free issue was addressed with improved memory management. - CVE-2021-30952: An integer overflow was addressed with improved input validation. - CVE-2021-30953: An out-of-bounds read was addressed with improved bounds checking. - CVE-2021-30954: A type confusion issue was addressed with improved memory handling. - CVE-2021-30984: A race condition was addressed with improved state handling. - CVE-2022-22594: A cross-origin issue in the IndexDB API was addressed with improved input validation. The following CVEs were addressed in a previous update: - CVE-2021-45481: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create. - CVE-2021-45482: A use-after-free in WebCore::ContainerNode::firstChild. - CVE-2021-45483: A use-after-free in WebCore::Frame::page. Important SUSE bug 1195064 SUSE bug 1195735 CVE-2021-30934 CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 CVE-2021-45481 CVE-2021-45482 CVE-2021-45483 CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 CVE-2022-22594 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). Important SUSE bug 1196036 CVE-2022-24407 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). Important SUSE bug 1196025 SUSE bug 1196026 SUSE bug 1196168 SUSE bug 1196169 SUSE bug 1196171 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for zsh fixes the following issues: - CVE-2021-45444: Fixed a vulnerability where arbitrary shell commands could be executed related to prompt expansion (bsc#1196435). - CVE-2019-20044: Fixed a vulnerability where shell privileges would not be properly dropped when unsetting the PRIVILEGED option (bsc#1163882). - CVE-2018-1100: Fixed a potential code execution via a stack-based buffer overflow in utils.c:checkmailpath() (bsc#1089030). Important SUSE bug 1089030 SUSE bug 1163882 SUSE bug 1196435 CVE-2018-1100 CVE-2019-20044 CVE-2021-45444 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155). - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897). - CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516). - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). - CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). The following non-security bugs were fixed: - NFSv4.x: by default serialize open/close operations (bsc#1114893 bsc#1195934). - crypto: af_alg - get_page upon reassignment to TX SGL (bsc#1195840). - hv_netvsc: fix network namespace issues with VF support (bsc#1107207). - hv_netvsc: move VF to same namespace as netvsc device (bsc#1107207). - lib/iov_iter: initialize 'flags' in new pipe_buffer (bsc#1196584). Important SUSE bug 1107207 SUSE bug 1114893 SUSE bug 1185973 SUSE bug 1191580 SUSE bug 1194516 SUSE bug 1195536 SUSE bug 1195543 SUSE bug 1195612 SUSE bug 1195840 SUSE bug 1195897 SUSE bug 1195908 SUSE bug 1195934 SUSE bug 1195949 SUSE bug 1195987 SUSE bug 1196079 SUSE bug 1196155 SUSE bug 1196584 SUSE bug 1196601 SUSE bug 1196612 CVE-2021-44879 CVE-2022-0001 CVE-2022-0002 CVE-2022-0487 CVE-2022-0492 CVE-2022-0617 CVE-2022-0644 CVE-2022-0847 CVE-2022-24448 CVE-2022-24959 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.6.1 ESR (bsc#1196809): - CVE-2022-26485: Use-after-free in XSLT parameter processing - CVE-2022-26486: Use-after-free in WebGPU IPC Framework Important SUSE bug 1196809 CVE-2022-26485 CVE-2022-26486 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for mariadb fixes the following issues: - Update to 10.2.43 (bsc#1196016): * 10.2.43: CVE-2021-46665 CVE-2021-46664 CVE-2021-46661 CVE-2021-46668 CVE-2021-46663 * 10.2.42: CVE-2022-24052 CVE-2022-24051 CVE-2022-24050 CVE-2022-24048 CVE-2021-46659, bsc#1195339 - The following issues have already been fixed in this package but weren't previously mentioned in the changes file: CVE-2021-46658, bsc#1195334 CVE-2021-46657, bsc#1195325 Important SUSE bug 1195325 SUSE bug 1195334 SUSE bug 1195339 SUSE bug 1196016 CVE-2021-46657 CVE-2021-46658 CVE-2021-46659 CVE-2021-46661 CVE-2021-46663 CVE-2021-46664 CVE-2021-46665 CVE-2021-46668 CVE-2022-24048 CVE-2022-24050 CVE-2022-24051 CVE-2022-24052 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for tomcat fixes the following issues: Security issues fixed: - CVE-2022-23181: Fixed time of check, time of use vulnerability that allowed local privilege escalation. (bsc#1195255) - Remove log4j dependency, which is currently directly in use (bsc#1196137) - Make the package RPM conflict even more specific to conflict with java-openjdk-headless >= 9 (bsc#1196091) Important SUSE bug 1195255 SUSE bug 1196091 SUSE bug 1196137 CVE-2022-23181 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for webkit2gtk3 fixes the following issues: Update to version 2.34.6 (bsc#1196133): - CVE-2022-22620: Processing maliciously crafted web content may have lead to arbitrary code execution. Important SUSE bug 1196133 CVE-2022-22620 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for libcaca fixes the following issues: - CVE-2021-30498, CVE-2021-30499: If an image has a size of 0x0, when exporting, no data is written and space is allocated for the header only, not taking into account that sprintf appends a NUL byte (bsc#1184751, bsc#1184752). Important SUSE bug 1184751 SUSE bug 1184752 CVE-2021-30498 CVE-2021-30499 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.7.0 ESR (bsc#1196900): - CVE-2022-26383: Browser window spoof using fullscreen mode - CVE-2022-26384: iframe allow-scripts sandbox bypass - CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on signatures - CVE-2022-26381: Use-after-free in text reflows - CVE-2022-26386: Temporary files downloaded to /tmp and accessible by other local users Important SUSE bug 1196900 CVE-2022-26381 CVE-2022-26383 CVE-2022-26384 CVE-2022-26386 CVE-2022-26387 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). Important SUSE bug 1196025 SUSE bug 1196784 CVE-2022-25236 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for openssl-1_0_0 fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). - Allow CRYPTO_THREADID_set_callback to be called with NULL parameter (bsc#1196249). Important SUSE bug 1196249 SUSE bug 1196877 CVE-2022-0778 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for openssl-1_1 fixes the following issues: Security issue fixed: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). Non-security issues fixed: - Fix PAC pointer authentication in ARM. (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version. (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) - Fix BIO_f_zlib: Properly handle BIO_CTRL_PENDING and BIO_CTRL_WPENDING calls. Important SUSE bug 1182959 SUSE bug 1195149 SUSE bug 1195792 SUSE bug 1195856 SUSE bug 1196877 CVE-2022-0778 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u322 (icedtea-3.22.0) Including the following security fixes: - CVE-2022-21248, bsc#1194926: Enhance cross VM serialization - CVE-2022-21283, bsc#1194937: Better String matching - CVE-2022-21293, bsc#1194935: Improve String constructions - CVE-2022-21294, bsc#1194934: Enhance construction of Identity maps - CVE-2022-21282, bsc#1194933: Better resolution of URIs - CVE-2022-21296, bsc#1194932: Improve SAX Parser configuration management - CVE-2022-21299, bsc#1194931: Improved scanning of XML entities - CVE-2022-21305, bsc#1194939: Better array indexing - CVE-2022-21340, bsc#1194940: Verify Jar Verification - CVE-2022-21341, bsc#1194941: Improve serial forms for transport - CVE-2022-21349: Improve Solaris font rendering - CVE-2022-21360, bsc#1194929: Enhance BMP image support - CVE-2022-21365, bsc#1194928: Enhanced BMP processing Important SUSE bug 1193314 SUSE bug 1193444 SUSE bug 1193491 SUSE bug 1194926 SUSE bug 1194928 SUSE bug 1194929 SUSE bug 1194931 SUSE bug 1194932 SUSE bug 1194933 SUSE bug 1194934 SUSE bug 1194935 SUSE bug 1194937 SUSE bug 1194939 SUSE bug 1194940 SUSE bug 1194941 SUSE bug 1195163 CVE-2022-21248 CVE-2022-21282 CVE-2022-21283 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21349 CVE-2022-21360 CVE-2022-21365 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for bind fixes the following issues: - CVE-2021-25220: Fixed a DNS cache poisoning vulnerability due to loose caching rules (bsc#1197135). Important SUSE bug 1197135 CVE-2021-25220 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for kernel-firmware fixes the following issues: Update Intel Bluetooth firmware (INTEL-SA-00604, bsc#1195786): - CVE-2021-33139, CVE-2021-33155: Improper conditions check in the firmware for some Intel Wireless Bluetooth and Killer Bluetooth products may allow an authenticated user to potentially cause denial of service via adjacent access. Moderate SUSE bug 1195786 CVE-2021-33139 CVE-2021-33155 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for apache2 fixes the following issues: - CVE-2022-23943: heap out-of-bounds write in mod_sed (bsc#1197098). - CVE-2022-22720: HTTP request smuggling due to incorrect error handling (bsc#1197095). - CVE-2022-22719: use of uninitialized value of in r:parsebody in mod_lua (bsc#1197091). - CVE-2022-22721: possible buffer overflow with very large or unlimited LimitXMLRequestBody (bsc#1197096). Important SUSE bug 1197091 SUSE bug 1197095 SUSE bug 1197096 SUSE bug 1197098 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 CVE-2022-23943 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions (bsc#1207082). Important SUSE bug 1207082 CVE-2023-22809 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for git fixes the following issues: - CVE-2022-41903: Fixed a heap overflow in the 'git archive' and 'git log --format' commands (bsc#1207033). - CVE-2022-23521: Fixed an integer overflow that could be triggered when parsing a gitattributes file (bsc#1207032). Important SUSE bug 1207032 SUSE bug 1207033 CVE-2022-23521 CVE-2022-41903 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: - Updated to version 102.7.0 ESR (bsc#1207119): - CVE-2022-46871: Updated an out of date library (libusrsctp) which contained several vulnerabilities. - CVE-2023-23598: Fixed an arbitrary file read from GTK drag and drop on Linux. - CVE-2023-23601: Fixed a potential spoofing attack when dragging a URL from a cross-origin iframe into the same tab. - CVE-2023-23602: Fixed a mishandled security check, which caused the Content Security Policy header to be ignored for WebSockets in WebWorkers. - CVE-2022-46877: Fixed a fullscreen notification bypass which could be leveraged in spoofing attacks. - CVE-2023-23603: Fixed a Content Security Policy bypass via format directives. - CVE-2023-23605: Fixed several memory safety bugs. Important SUSE bug 1207119 CVE-2022-46871 CVE-2022-46877 CVE-2023-23598 CVE-2023-23601 CVE-2023-23602 CVE-2023-23603 CVE-2023-23605 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for mozilla-nss fixes the following issues: - CVE-2022-3479: Fixed a potential crash that could be triggered when a server requested a client authentication certificate, but the client had no certificates stored (bsc#1204272). - Updated to version 3.79.3 (bsc#1207038): - CVE-2022-23491: Removed trust for 3 root certificates from TrustCor. Important SUSE bug 1204272 SUSE bug 1207038 CVE-2022-23491 CVE-2022-3479 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for freeradius-server fixes the following issues: - CVE-2022-41859: Fixed an issue in EAP-PWD that could leak information about the password, which could facilitate dictionary attacks (bsc#1206204). - CVE-2022-41860: Fixed a crash in servers with EAP_SIM manually configured, which could be triggered via a malformed SIM option (bsc#1206205). - CVE-2022-41861: Fixed a server crash that could be triggered by sending malformed data from a system in the RADIUS circle of trust (bsc#1206206). Important SUSE bug 1206204 SUSE bug 1206205 SUSE bug 1206206 CVE-2022-41859 CVE-2022-41860 CVE-2022-41861 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for samba fixes the following issues: - CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user's password (bsc#1206546). - CVE-2022-38023: Disabled weak ciphers by default in the Netlogon Secure channel (bsc#1206504). - CVE-2022-37966: Fixed an issue where a weak cipher would be selected to encrypt session keys, which could lead to privilege escalation (bsc#1205385). Important SUSE bug 1205385 SUSE bug 1206504 SUSE bug 1206546 CVE-2021-20251 CVE-2022-37966 CVE-2022-38023 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for xen fixes the following issues: - CVE-2022-23824: Fixed multiple speculative execution issues (bnc#1205209). Important SUSE bug 1027519 SUSE bug 1205209 CVE-2022-23824 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update of dpdk fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). Moderate SUSE bug 1209188 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for libXpm fixes the following issues: - CVE-2022-46285: Fixed an infinite loop that could be triggered when reading a XPM image with a C-style comment that is never closed (bsc#1207029). - CVE-2022-44617: Fixed an excessive resource consumption that could be triggered when reading small crafted XPM image (bsc#1207030). - CVE-2022-4883: Fixed an issue that made decompression commands susceptible to PATH environment variable manipulation attacks (bsc#1207031). Important SUSE bug 1207029 SUSE bug 1207030 SUSE bug 1207031 CVE-2022-44617 CVE-2022-46285 CVE-2022-4883 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for bluez fixes the following issues: - CVE-2022-39176: Fixed a memory safety issue that could allow physically proximate attackers to obtain sensitive information (bsc#1203121). - CVE-2022-39177: Fixed a memory safety issue that could allow physically proximate attackers to cause a denial of service (bsc#1203120). Important SUSE bug 1203120 SUSE bug 1203121 CVE-2022-39176 CVE-2022-39177 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for tomcat fixes the following issues: - CVE-2023-28708: Fixed information disclosure by not including the secure attribute (bsc#1209622). Important SUSE bug 1209622 CVE-2023-28708 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for xorg-x11-server fixes the following issues: - CVE-2023-1393: Fixed use-after-free overlay window (ZDI-CAN-19866) (bsc#1209543). Important SUSE bug 1209543 CVE-2023-1393 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for webkit2gtk3 fixes the following issues: Update to version 2.38.5 (boo#1208328): - CVE-2023-23529: Fixed possible arbitrary code execution via maliciously crafted web content. - CVE-2023-23518: Processing maliciously crafted web content may lead to Previously fixed inside update to version 2.38.4 (boo#1207997): - CVE-2022-42826: Fixed a use-after-free issue that was caused by improper memory management. Important SUSE bug 1207997 SUSE bug 1208328 CVE-2022-42826 CVE-2023-23518 CVE-2023-23529 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for sudo fixes the following issues: - CVE-2023-28486: Fixed missing control characters escaping in log messages (bsc#1209362). - CVE-2023-28487: Fixed missing control characters escaping in sudoreplay output (bsc#1209361). Moderate SUSE bug 1209361 SUSE bug 1209362 CVE-2023-28486 CVE-2023-28487 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for openssl-1_0_0 fixes the following issues: Security fixes: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). Other fixes: - Fix DH key generation in FIPS mode, add support for constant BN for DH parameters (bsc#1202062) Moderate SUSE bug 1202062 SUSE bug 1209624 CVE-2023-0464 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). Moderate SUSE bug 1209624 CVE-2023-0464 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for systemd fixes the following issues: - CVE-2023-26604: Fixed a privilege escalation via the less pager. (bsc#1208958) - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). Bug fixes: - Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423). - Fixed 'systemd --user' call pam_loginuid when creating user@.service (bsc#1198507). - Fixed 'systemd-detect-virt' refine hypervisor detection (bsc#1197244). - Fixed 'udev' 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529). - Fixed 'man' tweak description of auto/noauto (bsc#1191502). Important SUSE bug 1191502 SUSE bug 1195529 SUSE bug 1197244 SUSE bug 1198507 SUSE bug 1204423 SUSE bug 1204968 SUSE bug 1205000 SUSE bug 1206985 SUSE bug 1208958 CVE-2022-3821 CVE-2022-4415 CVE-2023-26604 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). Moderate SUSE bug 1209873 SUSE bug 1209878 CVE-2023-0465 CVE-2023-0466 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for ghostscript fixes the following issues: - CVE-2023-28879: Fixed buffer Overflow in s_xBCPE_process (bsc#1210062). Important SUSE bug 1210062 CVE-2023-28879 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 102.10.0 ESR (bsc#1210212) - CVE-2023-29531: Out-of-bound memory access in WebGL on macOS - CVE-2023-29532: Mozilla Maintenance Service Write-lock bypass - CVE-2023-29533: Fullscreen notification obscured - MFSA-TMP-2023-0001: Double-free in libwebp - CVE-2023-29535: Potential Memory Corruption following Garbage Collector compaction - CVE-2023-29536: Invalid free from JavaScript code - CVE-2023-29539: Content-Disposition filename truncation leads to Reflected File Download - CVE-2023-29541: Files with malicious extensions could have been downloaded unsafely on Linux - CVE-2023-29542: Bypass of file download extension restrictions - CVE-2023-29545: Windows Save As dialog resolved environment variables - CVE-2023-1945: Memory Corruption in Safe Browsing Code - CVE-2023-29548: Incorrect optimization result on ARM64 - CVE-2023-29550: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10 Important SUSE bug 1210212 CVE-2023-1945 CVE-2023-29531 CVE-2023-29532 CVE-2023-29533 CVE-2023-29535 CVE-2023-29536 CVE-2023-29539 CVE-2023-29541 CVE-2023-29542 CVE-2023-29545 CVE-2023-29548 CVE-2023-29550 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for harfbuzz fixes the following issues: - CVE-2023-25193: Fixed vulnerability that allowed attackers to trigger O(n^2) growth via consecutive marks (bsc#1207922). Important SUSE bug 1207922 CVE-2023-25193 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 8 (bsc#1208480): * Security fixes: - CVE-2023-21830: Fixed improper restrictions in CORBA deserialization (bsc#1207249). - CVE-2023-21835: Fixed handshake DoS attack against DTLS connections (bsc#1207246). - CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248). * New Features/Enhancements: - Add RSA-PSS signature to IBMJCECCA. * Defect Fixes: - IJ45437 Service, Build, Packaging and Deliver: Getting FIPSRUNTIMEEXCEPTION when calling java code: MESSAGEDIGEST.GETINSTANCE('SHA256', 'IBMJCEFIPS'); in MAC - IJ45272 Class Libraries: Fix security vulnerability CVE-2023-21843 - IJ45280 Class Libraries: Update timezone information to the latest TZDATA2022F - IJ44896 Class Libraries: Update timezone information to the latest TZDATA2022G - IJ45436 Java Virtual Machine: Stack walking code gets into endless loop, hanging the application - IJ44079 Java Virtual Machine: When -DFILE.ENCODING is specified multiple times on the same command line the first option takes precedence instead of the last - IJ44532 JIT Compiler: Java JIT: Crash in DECREFERENCECOUNT() due to a NULL pointer - IJ44596 JIT Compiler: Java JIT: Invalid hard-coding of static final field object properties - IJ44107 JIT Compiler: JIT publishes new object reference to other threads without executing a memory flush - IX90193 ORB: Fix security vulnerability CVE-2023-21830 - IJ44267 Security: 8273553: SSLENGINEIMPL.CLOSEINBOUND also has similar error of JDK-8253368 - IJ45148 Security: code changes for tech preview - IJ44621 Security: Computing Diffie-Hellman secret repeatedly, using IBMJCEPLUS, causes a small memory leak - IJ44172 Security: Disable SHA-1 signed jars for EA - IJ44040 Security: Generating Diffie-Hellman key pairs repeatedly, using IBMJCEPLUS, Causes a small memory leak - IJ45200 Security: IBMJCEPLUS provider, during CHACHA20-POLY1305 crypto operations, incorrectly throws an ILLEGALSTATEEXCEPTION - IJ45182 Security: IBMJCEPLUS provider fails in RSAPSS and ECDSA during signature operations resulting in Java cores - IJ45201 Security: IBMJCEPLUS provider failures (two) with AESGCM algorithm - IJ45202 Security: KEYTOOL NPE if signing certificate does not contain a SUBJECTKEYIDENTIFIER extension - IJ44075 Security: PKCS11KEYSTORE.JAVA - DOESPUBLICKEYMATCHPRIVATEKEY() method uses SHA1XXXX signature algorithms to match private and public keys - IJ45203 Security: RSAPSS multiple names for KEYTYPE - IJ43920 Security: The PKCS12 keystore update and the PBES2 support - IJ40002 XML: Fix security vulnerability CVE-2022-21426 Moderate SUSE bug 1207246 SUSE bug 1207248 SUSE bug 1207249 SUSE bug 1208480 CVE-2022-21426 CVE-2023-21830 CVE-2023-21835 CVE-2023-21843 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for liblouis fixes the following issues: - CVE-2023-26767: Fixed buffer overflow vulnerability in lou_logFile function (bsc#1209429). - CVE-2023-26768: Fixed buffer overflow in lou_logFile() (bsc#1209431). - CVE-2023-26769: Fixed buffer Overflow vulnerability in resolveSubtable function (bsc#1209432). Important SUSE bug 1209429 SUSE bug 1209431 SUSE bug 1209432 SUSE bug 1209855 CVE-2023-26767 CVE-2023-26768 CVE-2023-26769 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for apache2 fixes the following issues: - CVE-2022-37436: Fixed an issue in mod_proxy where a malicious backend could cause the response headers to be truncated early, resulting in some headers being incorporated into the response body (bsc#1207251). - CVE-2022-36760: Fixed an issue in mod_proxy_ajp that could allow request smuggling attacks (bsc#1207250). - CVE-2006-20001: Fixed an issue in mod_proxy_ajp where a request header could cause memory corruption (bsc#1207247). Important SUSE bug 1207247 SUSE bug 1207250 SUSE bug 1207251 CVE-2006-20001 CVE-2022-36760 CVE-2022-37436 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for apache2-mod_auth_openidc fixes the following issues: - CVE-2022-23527: Fixed open redirect in oidc_validate_redirect_url() using tab character (bsc#1206441). - CVE-2023-28625: Fixed NULL pointer dereference when OIDCStripCookies was set and a crafted Cookie header was supplied (bsc#1210073). Important SUSE bug 1190855 SUSE bug 1206441 SUSE bug 1210073 CVE-2022-23527 CVE-2023-28625 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for shim fixes the following issues: - Updated shim signature after shim 15.7 be signed back: signature-sles.x86_64.asc, signature-sles.aarch64.asc (bsc#1198458) - Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to disable the NX compatibility flag when using post-process-pe because grub2 is not ready. (bsc#1205588) - Enable the NX compatibility flag by default. (jsc#PED-127) Update to 15.7 (bsc#1198458) (jsc#PED-127): - Make SBAT variable payload introspectable - Reference MokListRT instead of MokList - Add a link to the test plan in the readme. - [V3] Enable TDX measurement to RTMR register - Discard load-options that start with a NUL - Fixed load_cert_file bugs - Add -malign-double to IA32 compiler flags - pe: Fix image section entry-point validation - make-archive: Build reproducible tarball - mok: remove MokListTrusted from PCR 7 Other fixes: - Support enhance shim measurement to TD RTMR. (jsc#PED-1273) - shim-install: ensure grub.cfg created is not overwritten after installing grub related files - Add logic to shim.spec to only set sbat policy when efivarfs is writeable. (bsc#1201066) - Add logic to shim.spec for detecting --set-sbat-policy option before using mokutil to set sbat policy. (bsc#1202120) - Change the URL in SBAT section to mail:security@suse.de. (bsc#1193282) Update to 15.6 (bsc#1198458): - MokManager: removed Locate graphic output protocol fail error message - shim: implement SBAT verification for the shim_lock protocol - post-process-pe: Fix a missing return code check - Update github actions matrix to be more useful - post-process-pe: Fix format string warnings on 32-bit platforms - Allow MokListTrusted to be enabled by default - Re-add ARM AArch64 support - Use ASCII as fallback if Unicode Box Drawing characters fail - make: don't treat cert.S specially - shim: use SHIM_DEVEL_VERBOSE when built in devel mode - Break out of the inner sbat loop if we find the entry. - Support loading additional certificates - Add support for NX (W^X) mitigations. - Fix preserve_sbat_uefi_variable() logic - SBAT Policy latest should be a one-shot - pe: Fix a buffer overflow when SizeOfRawData > VirtualSize - pe: Perform image verification earlier when loading grub - Update advertised sbat generation number for shim - Update SBAT generation requirements for 05/24/22 - Also avoid CVE-2022-28737 in verify_image() by @vathpela Update to 15.5 (bsc#1198458): - Broken ia32 relocs and an unimportant submodule change. - mok: allocate MOK config table as BootServicesData - Don't call QueryVariableInfo() on EFI 1.10 machines (bsc#1187260) - Relax the check for import_mok_state() (bsc#1185261) - SBAT.md: trivial changes - shim: another attempt to fix load options handling - Add tests for our load options parsing. - arm/aa64: fix the size of .rela* sections - mok: fix potential buffer overrun in import_mok_state - mok: relax the maximum variable size check - Don't unhook ExitBootServices when EBS protection is disabled - fallback: find_boot_option() needs to return the index for the boot entry in optnum - httpboot: Ignore case when checking HTTP headers - Fallback allocation errors - shim: avoid BOOTx64.EFI in message on other architectures - str: remove duplicate parameter check - fallback: add compile option FALLBACK_NONINTERACTIVE - Test mok mirror - Modify sbat.md to help with readability. - csv: detect end of csv file correctly - Specify that the .sbat section is ASCII not UTF-8 - tests: add 'include-fixed' GCC directory to include directories - pe: simplify generate_hash() - Don't make shim abort when TPM log event fails (RHBZ #2002265) - Fallback to default loader if parsed one does not exist - fallback: Fix for BootOrder crash when index returned - Better console checks - docs: update SBAT UEFI variable name - Don't parse load options if invoked from removable media path - fallback: fix fallback not passing arguments of the first boot option - shim: Don't stop forever at 'Secure Boot not enabled' notification - Allocate mokvar table in runtime memory. - Remove post-process-pe on 'make clean' - pe: missing perror argument - CVE-2022-28737: Fixed a buffer overflow when SizeOfRawData > VirtualSize (bsc#1198458) - Add mokutil command to post script for setting sbat policy to latest mode when the SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23 is not created. (bsc#1198458) - Updated vendor dbx binary and script (bsc#1198458) - Updated dbx-cert.tar.xz and vendor-dbx-sles.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list. - Updated dbx-cert.tar.xz and vendor-dbx-opensuse.bin for adding openSUSE-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list. - Updated vendor-dbx.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt and openSUSE-UEFI-SIGN-Certificate-2021-05.crt for testing environment. - Updated generate-vendor-dbx.sh script for generating a vendor-dbx.bin file which includes all .der for testing environment. - avoid buffer overflow when copying data to the MOK config table (bsc#1185232) - Disable exporting vendor-dbx to MokListXRT since writing a large RT variable could crash some machines (bsc#1185261) - ignore the odd LoadOptions length (bsc#1185232) - shim-install: reset def_shim_efi to 'shim.efi' if the given file doesn't exist - relax the maximum variable size check for u-boot (bsc#1185621) - handle ignore_db and user_insecure_mode correctly (bsc#1185441, bsc#1187071) - Split the keys in vendor-dbx.bin to vendor-dbx-sles and vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce the size of MokListXRT (bsc#1185261) + Also update generate-vendor-dbx.sh in dbx-cert.tar.xz Important SUSE bug 1185232 SUSE bug 1185261 SUSE bug 1185441 SUSE bug 1185621 SUSE bug 1187071 SUSE bug 1187260 SUSE bug 1193282 SUSE bug 1193315 SUSE bug 1198458 SUSE bug 1201066 SUSE bug 1202120 SUSE bug 1205588 CVE-2022-28737 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for openssl-1_0_0 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). Moderate SUSE bug 1209873 SUSE bug 1209878 CVE-2023-0465 CVE-2023-0466 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for ovmf fixes the following issues: - CVE-2019-14560: Fixed potential secure boot bypass via an improper check of GetEfiGlobalVariable2 (bsc#1174246). - CVE-2021-38578: Fixed underflow in MdeModulePkg/PiSmmCore SmmEntryPointAdd (bsc#1196741). Important SUSE bug 1174246 SUSE bug 1196741 CVE-2019-14560 CVE-2021-38578 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for tiff fixes the following issues: - CVE-2022-48281: Fixed a buffer overflow that could be triggered via a crafted image (bsc#1207413). Important SUSE bug 1207413 CVE-2022-48281 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for sssd fixes the following issues: - CVE-2022-4254: Fixed a bug in libsss_certmap which could allow an attacker to gain control of the admin account and perform a full domain takeover. (bsc#1207474) Important SUSE bug 1207474 CVE-2022-4254 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for dmidecode fixes the following issues: - CVE-2023-30630: Fixed potential privilege escalation vulnerability via file overwrite (bsc#1210418). Moderate SUSE bug 1210418 CVE-2023-30630 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for webkit2gtk3 fixes the following issues: Update to version 2.38.6 (bsc#1210731): - CVE-2022-0108: Fixed information leak. - CVE-2022-32885: Fixed arbitrary code execution. - CVE-2023-25358: Fixed use-after-free vulnerability in WebCore::RenderLayer. - CVE-2023-27932: Fixed Same Origin Policy bypass. - CVE-2023-27954: Fixed sensitive user information tracking. - CVE-2023-28205: Fixed arbitrary code execution (bsc#1210295). Already fixed in version 2.38.5: - CVE-2022-32886, CVE-2022-32912, CVE-2023-25360, CVE-2023-25361, CVE-2023-25362, CVE-2023-25363. Important SUSE bug 1210295 SUSE bug 1210731 CVE-2022-0108 CVE-2022-32885 CVE-2022-32886 CVE-2022-32912 CVE-2023-25358 CVE-2023-25360 CVE-2023-25361 CVE-2023-25362 CVE-2023-25363 CVE-2023-27932 CVE-2023-27954 CVE-2023-28205 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for git fixes the following issues: - CVE-2023-25652: Fixed partial overwrite of paths outside the working tree (bsc#1210686). - CVE-2023-25815: Fixed malicious placemtn of crafted message (bsc#1210686). - CVE-2023-29007: Fixed arbitrary configuration injection (bsc#1210686). Moderate SUSE bug 1210686 CVE-2023-25652 CVE-2023-25815 CVE-2023-29007 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). Moderate SUSE bug 1210507 CVE-2023-29383 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for vim fixes the following issues: - Updated to version 9.0.1234: - CVE-2023-0433: Fixed an out of bounds memory access that could cause a crash (bsc#1207396). - CVE-2023-0288: Fixed an out of bounds memory access that could cause a crash (bsc#1207162). - CVE-2023-0054: Fixed an out of bounds memory write that could cause a crash or memory corruption (bsc#1206868). - CVE-2023-0051: Fixed an out of bounds memory access that could cause a crash (bsc#1206867). - CVE-2023-0049: Fixed an out of bounds memory access that could cause a crash (bsc#1206866). - CVE-2022-3491: Fixed an out of bounds memory access that could cause a crash (bsc#1206028). - CVE-2022-3520: Fixed an out of bounds memory access that could cause a crash (bsc#1206071). - CVE-2022-3591: Fixed a use-after-free issue that could cause memory corruption or undefined behavior (bsc#1206072). - CVE-2022-4292: Fixed a use-after-free issue that could cause memory corruption or undefined behavior (bsc#1206075). - CVE-2022-4293: Fixed a floating point exception that could cause a crash (bsc#1206077). - CVE-2022-4141: Fixed an out of bounds memory write that could cause a crash or memory corruption (bsc#1205797). - CVE-2022-3705: Fixed an use-after-free issue that could cause a crash or memory corruption (bsc#1204779). Important SUSE bug 1204779 SUSE bug 1205797 SUSE bug 1206028 SUSE bug 1206071 SUSE bug 1206072 SUSE bug 1206075 SUSE bug 1206077 SUSE bug 1206866 SUSE bug 1206867 SUSE bug 1206868 SUSE bug 1207162 SUSE bug 1207396 CVE-2022-3491 CVE-2022-3520 CVE-2022-3591 CVE-2022-3705 CVE-2022-4141 CVE-2022-4292 CVE-2022-4293 CVE-2023-0049 CVE-2023-0051 CVE-2023-0054 CVE-2023-0288 CVE-2023-0433 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for shim fixes the following issues: - Update only adds the CVE reference to the previously released update (bsc#1198458, CVE-2022-28737) Important SUSE bug 1198458 CVE-2022-28737 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: Extended Support Release 102.11.0 ESR (bsc#1211175): - CVE-2023-32205: Browser prompts could have been obscured by popups - CVE-2023-32206: Crash in RLBox Expat driver - CVE-2023-32207: Potential permissions request bypass via clickjacking - CVE-2023-32211: Content process crash due to invalid wasm code - CVE-2023-32212: Potential spoof due to obscured address bar - CVE-2023-32213: Potential memory corruption in FileReader::DoReadData() - CVE-2023-32214: Potential DoS via exposed protocol handlers - CVE-2023-32215: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11 Important SUSE bug 1211175 CVE-2023-32205 CVE-2023-32206 CVE-2023-32207 CVE-2023-32211 CVE-2023-32212 CVE-2023-32213 CVE-2023-32214 CVE-2023-32215 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update fixes the following issues: golang-github-prometheus-alertmanager: - Security issues fixed: * CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208051) prometheus-blackbox_exporter: - Security issues fixed: * CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208062) - Other non-security bugs fixed and changes: * Add `min_version` parameter of `tls_config` to allow enabling TLS 1.0 and 1.1 (bsc#1209113) * On SUSE Linux Enterprise build always with Go >= 1.19 (bsc#1203599) prometheus-postgres_exporter: - Security issues fixed: * CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208060) - Other non-security issues fixed: * Adapt the systemd service security configuration to be able to start it on for Red Hat Linux Enterprise systems and clones * Create the prometheus user for Red Hat Linux Enterprise systems and clones * Fix broken log-level for values other than debug (bsc#1208965) golang-github-prometheus-node_exporter: - Security issues fixed in this version update to version 1.5.0 (jsc#PED-3578): * CVE-2022-27191: Update go/x/crypto (bsc#1197284) * CVE-2022-27664: Update go/x/net (bsc#1203185) * CVE-2022-46146: Update exporter-toolkit (bsc#1208064) - Other non-security bug fixes and changes in this version update to 1.5.0 (jsc#PED-3578): * NOTE: This changes the Go runtime 'GOMAXPROCS' to 1. This is done to limit the concurrency of the exporter to 1 CPU thread at a time in order to avoid a race condition problem in the Linux kernel and parallel IO issues on nodes with high numbers of CPUs/CPU threads. * [BUGFIX] Fix hwmon label sanitizer * [BUGFIX] Use native endianness when encoding InetDiagMsg * [BUGFIX] Fix btrfs device stats always being zero * [BUGFIX] Fix diskstats exclude flags * [BUGFIX] [node-mixin] Fix fsSpaceAvailableCriticalThreshold and fsSpaceAvailableWarning * [BUGFIX] Fix concurrency issue in ethtool collector * [BUGFIX] Fix concurrency issue in netdev collector * [BUGFIX] Fix diskstat reads and write metrics for disks with different sector sizes * [BUGFIX] Fix iostat on macos broken by deprecation warning * [BUGFIX] Fix NodeFileDescriptorLimit alerts * [BUGFIX] Sanitize rapl zone names * [BUGFIX] Add file descriptor close safely in test * [BUGFIX] Fix race condition in os_release.go * [BUGFIX] Skip ZFS IO metrics if their paths are missing * [BUGFIX] Handle nil CPU thermal power status on M1 * [BUGFIX] bsd: Ignore filesystems flagged as MNT_IGNORE * [BUGFIX] Sanitize UTF-8 in dmi collector * [CHANGE] Merge metrics descriptions in textfile collector * [FEATURE] Add multiple listeners and systemd socket listener activation * [FEATURE] [node-mixin] Add darwin dashboard to mixin * [FEATURE] Add 'isolated' metric on cpu collector on linux * [FEATURE] Add cgroup summary collector * [FEATURE] Add selinux collector * [FEATURE] Add slab info collector * [FEATURE] Add sysctl collector * [FEATURE] Also track the CPU Spin time for OpenBSD systems * [FEATURE] Add support for MacOS version * [ENHANCEMENT] Add RTNL version of netclass collector * [ENHANCEMENT] [node-mixin] Add missing selectors * [ENHANCEMENT] [node-mixin] Change current datasource to grafana's default * [ENHANCEMENT] [node-mixin] Change disk graph to disk table * [ENHANCEMENT] [node-mixin] Change io time units to %util * [ENHANCEMENT] Ad user_wired_bytes and laundry_bytes on *bsd * [ENHANCEMENT] Add additional vm_stat memory metrics for darwin * [ENHANCEMENT] Add device filter flags to arp collector * [ENHANCEMENT] Add diskstats include and exclude device flags * [ENHANCEMENT] Add node_softirqs_total metric * [ENHANCEMENT] Add rapl zone name label option * [ENHANCEMENT] Add slabinfo collector * [ENHANCEMENT] Allow user to select port on NTP server to query * [ENHANCEMENT] collector/diskstats: Add labels and metrics from udev * [ENHANCEMENT] Enable builds against older macOS SDK * [ENHANCEMENT] qdisk-linux: Add exclude and include flags for interface name * [ENHANCEMENT] systemd: Expose systemd minor version * [ENHANCEMENT] Use netlink for tcpstat collector * [ENHANCEMENT] Use netlink to get netdev stats * [ENHANCEMENT] Add additional perf counters for stalled frontend/backend cycles * [ENHANCEMENT] Add btrfs device error stats golang-github-prometheus-prometheus: - Security issues fixed in this version update to 2.37.6 (jsc#PED-3576): * CVE-2022-46146: Fix basic authentication bypass vulnerability (bsc#1208049, jsc#PED-3576) * CVE-2022-41715: Update our regexp library to fix upstream (bsc#1204023) - Other non-security bug fixes and changes in this version update to 2.37.6 (jsc#PED-3576): * [BUGFIX] TSDB: Turn off isolation for Head compaction to fix a memory leak. * [BUGFIX] TSDB: Fix 'invalid magic number 0' error on Prometheus startup. * [BUGFIX] Agent: Fix validation of flag options and prevent WAL from growing more than desired. * [BUGFIX] Properly close file descriptor when logging unfinished queries. * [BUGFIX] TSDB: In the WAL watcher metrics, expose the type='exemplar' label instead of type='unknown' for exemplar records. * [BUGFIX] Alerting: Fix Alertmanager targets not being updated when alerts were queued. * [BUGFIX] Hetzner SD: Make authentication files relative to Prometheus config file. * [BUGFIX] Promtool: Fix promtool check config not erroring properly on failures. * [BUGFIX] Scrape: Keep relabeled scrape interval and timeout on reloads. * [BUGFIX] TSDB: Don't increment prometheus_tsdb_compactions_failed_total when context is canceled. * [BUGFIX] TSDB: Fix panic if series is not found when deleting series. * [BUGFIX] TSDB: Increase prometheus_tsdb_mmap_chunk_corruptions_total on out of sequence errors. * [BUGFIX] Uyuni SD: Make authentication files relative to Prometheus configuration file and fix default configuration values. * [BUGFIX] Fix serving of static assets like fonts and favicon. * [BUGFIX] promtool: Add --lint-fatal option. * [BUGFIX] Changing TotalQueryableSamples from int to int64. * [BUGFIX] tsdb/agent: Ignore duplicate exemplars. * [BUGFIX] TSDB: Fix chunk overflow appending samples at a variable rate. * [BUGFIX] Stop rule manager before TSDB is stopped. * [BUGFIX] Kubernetes SD: Explicitly include gcp auth from k8s.io. * [BUGFIX] Fix OpenMetrics parser to sort uppercase labels correctly. * [BUGFIX] UI: Fix scrape interval and duration tooltip not showing on target page. * [BUGFIX] Tracing/GRPC: Set TLS credentials only when insecure is false. * [BUGFIX] Agent: Fix ID collision when loading a WAL with multiple segments. * [BUGFIX] Remote-write: Fix a deadlock between Batch and flushing the queue. * [BUGFIX] PromQL: Properly return an error from histogram_quantile when metrics have the same labelset. * [BUGFIX] UI: Fix bug that sets the range input to the resolution. * [BUGFIX] TSDB: Fix a query panic when memory-snapshot-on-shutdown is enabled. * [BUGFIX] Parser: Specify type in metadata parser errors. * [BUGFIX] Scrape: Fix label limit changes not applying. * [BUGFIX] Remote-write: Fix deadlock between adding to queue and getting batch. * [BUGFIX] TSDB: Fix panic when m-mapping head chunks onto the disk. * [BUGFIX] Azure SD: Fix a regression when public IP Address isn't set. * [BUGFIX] Azure SD: Fix panic when public IP Address isn't set. * [BUGFIX] Remote-write: Fix deadlock when stopping a shard. * [BUGFIX] SD: Fix no such file or directory in K8s SD when not running inside K8s. * [BUGFIX] Promtool: Make exit codes more consistent. * [BUGFIX] Promtool: Fix flakiness of rule testing. * [BUGFIX] Remote-write: Update prometheus_remote_storage_queue_highest_sent_timestamp_seconds metric when write irrecoverably fails. * [BUGFIX] Storage: Avoid panic in BufferedSeriesIterator. * [BUGFIX] TSDB: CompactBlockMetas should produce correct mint/maxt for overlapping blocks. * [BUGFIX] TSDB: Fix logging of exemplar storage size. * [BUGFIX] UI: Fix overlapping click targets for the alert state checkboxes. * [BUGFIX] UI: Fix Unhealthy filter on target page to actually display only Unhealthy targets. * [BUGFIX] UI: Fix autocompletion when expression is empty. * [BUGFIX] TSDB: Fix deadlock from simultaneous GC and write. * [CHANGE] TSDB: Delete *.tmp WAL files when Prometheus starts. * [CHANGE] promtool: Add new flag --lint (enabled by default) for the commands check rules and check config, resulting in a new exit code (3) for linter errors. * [CHANGE] UI: Classic UI removed. * [CHANGE] Tracing: Migrate from Jaeger to OpenTelemetry based tracing. * [CHANGE] PromQL: Promote negative offset and @ modifer to stable features. * [CHANGE] Web: Promote remote-write-receiver to stable. * [FEATURE] Nomad SD: New service discovery for Nomad built-in service discovery. * [FEATURE] Add lowercase and uppercase relabel action. * [FEATURE] SD: Add IONOS Cloud integration. * [FEATURE] SD: Add Vultr integration. * [FEATURE] SD: Add Linode SD failure count metric. * [FEATURE] Add prometheus_ready metric. * [FEATURE] Support for automatically setting the variable GOMAXPROCS to the container CPU limit. Enable with the flag `--enable-feature=auto-gomaxprocs`. * [FEATURE] PromQL: Extend statistics with total and peak number of samples in a query. Additionally, per-step statistics are available with --enable-feature=promql-per-step-stats and using stats=all in the query API. Enable with the flag `--enable-feature=per-step-stats`. * [FEATURE] Config: Add stripPort template function. * [FEATURE] Promtool: Add cardinality analysis to check metrics, enabled by flag --extended. * [FEATURE] SD: Enable target discovery in own K8s namespace. * [FEATURE] SD: Add provider ID label in K8s SD. * [FEATURE] Web: Add limit field to the rules API. * [ENHANCEMENT] Kubernetes SD: Allow attaching node labels for endpoint role. * [ENHANCEMENT] PromQL: Optimise creation of signature with/without labels. * [ENHANCEMENT] TSDB: Memory optimizations. * [ENHANCEMENT] TSDB: Reduce sleep time when reading WAL. * [ENHANCEMENT] OAuth2: Add appropriate timeouts and User-Agent header. * [ENHANCEMENT] Add stripDomain to template function. * [ENHANCEMENT] UI: Enable active search through dropped targets. * [ENHANCEMENT] promtool: support matchers when querying label * [ENHANCEMENT] Add agent mode identifier. * [ENHANCEMENT] TSDB: more efficient sorting of postings read from WAL at startup. * [ENHANCEMENT] Azure SD: Add metric to track Azure SD failures. * [ENHANCEMENT] Azure SD: Add an optional resource_group configuration. * [ENHANCEMENT] Kubernetes SD: Support discovery.k8s.io/v1 EndpointSlice (previously only discovery.k8s.io/v1beta1 EndpointSlice was supported). * [ENHANCEMENT] Kubernetes SD: Allow attaching node metadata to discovered pods. * [ENHANCEMENT] OAuth2: Support for using a proxy URL to fetch OAuth2 tokens. * [ENHANCEMENT] Configuration: Add the ability to disable HTTP2. * [ENHANCEMENT] Config: Support overriding minimum TLS version. * [ENHANCEMENT] TSDB: Disable the chunk write queue by default and allow configuration with the experimental flag `--storage.tsdb.head-chunks-write-queue-size`. * [ENHANCEMENT] HTTP SD: Add a failure counter. * [ENHANCEMENT] Azure SD: Set Prometheus User-Agent on requests. * [ENHANCEMENT] Uyuni SD: Reduce the number of logins to Uyuni. * [ENHANCEMENT] Scrape: Log when an invalid media type is encountered during a scrape. * [ENHANCEMENT] Scrape: Accept application/openmetrics-text;version=1.0.0 in addition to version=0.0.1. * [ENHANCEMENT] Remote-read: Add an option to not use external labels as selectors for remote read. * [ENHANCEMENT] UI: Optimize the alerts page and add a search bar. * [ENHANCEMENT] UI: Improve graph colors that were hard to see. * [ENHANCEMENT] Config: Allow escaping of $ with $$ when using environment variables with external labels. * [ENHANCEMENT] Remote-write: Avoid allocations by buffering concrete structs instead of interfaces. * [ENHANCEMENT] Remote-write: Log time series details for out-of-order samples in remote write receiver. * [ENHANCEMENT] Remote-write: Shard up more when backlogged. * [ENHANCEMENT] TSDB: Use simpler map key to improve exemplar ingest performance. * [ENHANCEMENT] TSDB: Avoid allocations when popping from the intersected postings heap. * [ENHANCEMENT] TSDB: Make chunk writing non-blocking, avoiding latency spikes in remote-write. * [ENHANCEMENT] TSDB: Improve label matching performance. * [ENHANCEMENT] UI: Optimize the service discovery page and add a search bar. * [ENHANCEMENT] UI: Optimize the target page and add a search bar. golang-github-prometheus-promu: - Non-security bug fixes and changes in this version update to 0.14.0 (jsc#PED-3576): * [BUGFIX] Set build date from last changelog modification (bsc#1047218) * [BUGFIX] Validate environment variable value * [BUGFIX]Set build date from SOURCE_DATE_EPOCH * [BUGFIX]Make extldflags extensible by configuration. * [BUGFIX] Avoid bind-mounting to allow building with a remote docker engine * [BUGFIX] Fix build on SmartOS by not setting gcc's -static flag * [BUGFIX] Fix git repository url parsing * [CHANGE] Remove ioutil * [CHANGE] Update common Prometheus files * [FEATURE] Add the ability to override tags per GOOS * [FEATURE] Adding changes to support s390x * [FEATURE] Added check_licenses Command to Promu * [ENHANCEMENT] Allow to customize nested options via env variables * [ENHANCEMENT] Add warning if promu info is unable to determine repo info Important SUSE bug 1047218 SUSE bug 1197284 SUSE bug 1203185 SUSE bug 1203599 SUSE bug 1204023 SUSE bug 1208049 SUSE bug 1208051 SUSE bug 1208060 SUSE bug 1208062 SUSE bug 1208064 SUSE bug 1208965 SUSE bug 1209113 CVE-2022-27191 CVE-2022-27664 CVE-2022-41715 CVE-2022-46146 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for postgresql15 fixes the following issues: Updated to version 15.3: - CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script (bsc#1211228). - CVE-2023-2455: Fixed an issue that could allow a user to see or modify rows that should have been invisible (bsc#1211229). - Internal fixes (bsc#1210303). Important SUSE bug 1210303 SUSE bug 1211228 SUSE bug 1211229 CVE-2023-2454 CVE-2023-2455 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231). - CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232). - CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233). - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). Important SUSE bug 1206309 SUSE bug 1207992 SUSE bug 1209209 SUSE bug 1209210 SUSE bug 1209211 SUSE bug 1209212 SUSE bug 1209214 SUSE bug 1211231 SUSE bug 1211232 SUSE bug 1211233 SUSE bug 1211339 CVE-2022-43552 CVE-2023-23916 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2483: Fixed a use after free bug in emac_remove due caused by a race condition (bsc#1211037). - CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). - CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). - CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). - CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). - CVE-2020-36691: Fixed a denial of service (unbounded recursion) vulnerability via a nested Netlink policy with a back reference (bsc#1209613 bsc#1209777). - CVE-2023-0394: Fixed a null pointer dereference flaw in the network subcomponent in the Linux kernel which could lead to system crash (bsc#1207168). - CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA (bsc#1209778). - CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bsc#1194535). - CVE-2022-20567: Fixed use after free that could lead to a local privilege escalation in pppol2tp_create of l2tp_ppp.c (bsc#1208850). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). - CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599). - CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777). - CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). - CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289). - CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). - CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). - CVE-2023-1855: Fixed an use-after-free flaw in xgene_hwmon_remove (bsc#1210202). - CVE-2023-1989: Fixed an use-after-free flaw in btsdio_remove (bsc#1210336). - CVE-2023-1990: Fixed an use-after-free flaw in ndlc_remove (bsc#1210337). - CVE-2023-1998: Fixed an use-after-free flaw during login when accessing the shost ipaddress (bsc#1210506). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). - CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036). - CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125). - CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291). - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1209052). - CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549). - CVE-2023-30772: Fixed race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). The following non-security bugs were fixed: - Do not sign the vanilla kernel (bsc#1209008). - Fix kABI breakage (bsc#1208333) - PCI: hv: Add a per-bus mutex state_lock (bsc#1207185). - PCI: hv: Fix a race condition bug in hv_pci_query_relations() (bsc#1207185). - PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185). - PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185). - Remove obsolete KMP obsoletes (bsc#1210469). - Replace mkinitrd dependency with dracut (bsc#1202353). - cifs: fix double free in dfs mounts (bsc#1209845). - cifs: fix negotiate context parsing (bsc#1210301). - cifs: handle reconnect of tcon when there is no cached dfs referral (bsc#1209845). - cifs: missing null pointer check in cifs_mount (bsc#1209845). - cifs: serialize all mount attempts (bsc#1209845). - cred: allow get_cred() and put_cred() to be given NULL (bsc#1209887). - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168). - k-m-s: Drop Linux 2.6 support - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). Important SUSE bug 1076830 SUSE bug 1194535 SUSE bug 1202353 SUSE bug 1205128 SUSE bug 1207036 SUSE bug 1207125 SUSE bug 1207168 SUSE bug 1207185 SUSE bug 1207795 SUSE bug 1207845 SUSE bug 1208179 SUSE bug 1208333 SUSE bug 1208599 SUSE bug 1208777 SUSE bug 1208837 SUSE bug 1208850 SUSE bug 1209008 SUSE bug 1209052 SUSE bug 1209256 SUSE bug 1209289 SUSE bug 1209291 SUSE bug 1209532 SUSE bug 1209547 SUSE bug 1209549 SUSE bug 1209613 SUSE bug 1209687 SUSE bug 1209777 SUSE bug 1209778 SUSE bug 1209845 SUSE bug 1209871 SUSE bug 1209887 SUSE bug 1210124 SUSE bug 1210202 SUSE bug 1210301 SUSE bug 1210329 SUSE bug 1210336 SUSE bug 1210337 SUSE bug 1210469 SUSE bug 1210498 SUSE bug 1210506 SUSE bug 1210647 SUSE bug 1211037 CVE-2017-5753 CVE-2020-36691 CVE-2021-3923 CVE-2021-4203 CVE-2022-20567 CVE-2022-43945 CVE-2023-0394 CVE-2023-0590 CVE-2023-0597 CVE-2023-1076 CVE-2023-1095 CVE-2023-1118 CVE-2023-1390 CVE-2023-1513 CVE-2023-1611 CVE-2023-1670 CVE-2023-1855 CVE-2023-1989 CVE-2023-1990 CVE-2023-1998 CVE-2023-2124 CVE-2023-2162 CVE-2023-23454 CVE-2023-23455 CVE-2023-2483 CVE-2023-28328 CVE-2023-28464 CVE-2023-28772 CVE-2023-30772 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for java-1_8_0-openjdk fixes the following issues: - Updated to version jdk8u372 (icedtea-3.27.0): - CVE-2023-21930: Fixed an issue in the JSSE component that could allow an attacker to access critical data without authorization (bsc#1210628). - CVE-2023-21937: Fixed an issue in the Networking component that could allow an attacker to update, insert or delete some data without authorization (bsc#1210631). - CVE-2023-21938: Fixed an issue in the Libraries component that could allow an attacker to update, insert or delete some data without authorization (bsc#1210632). - CVE-2023-21939: Fixed an issue in the Swing component that could allow an attacker to update, insert or delete some data without authorization (bsc#1210634). - CVE-2023-21954: Fixed an issue in the Hotspot component that could allow an attacker to access critical data without authorization (bsc#1210635). - CVE-2023-21967: Fixed an issue in the JSSE component that could allow an attacker to cause a hang or frequently repeatable crash without authorization (bsc#1210636). - CVE-2023-21968: Fixed an issue in the Libraries component that could allow an attacker to update, insert or delete some data without authorization (bsc#1210637). Important SUSE bug 1210628 SUSE bug 1210631 SUSE bug 1210632 SUSE bug 1210634 SUSE bug 1210635 SUSE bug 1210636 SUSE bug 1210637 CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for ctags fixes the following issues: - CVE-2022-4515: Fixed a command injection issue via a tag file wih a crafted filename (bsc#1206543). Important SUSE bug 1206543 CVE-2022-4515 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for ucode-intel fixes the following issues: - Updated to Intel CPU Microcode 20230512 release. (bsc#1211382) - New Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL-N | A0 | 06-be-00/01 | | 00000010 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E | AZB | A0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100 | AZB | R0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100 - Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | L0 | 06-9a-03/80 | 00000429 | 0000042a | Core Gen12 | ADL | L0 | 06-9a-04/80 | 00000429 | 0000042a | Core Gen12 | AML-Y22 | H0 | 06-8e-09/10 | | 000000f2 | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile | CFL-H | R0 | 06-9e-0d/22 | 000000f4 | 000000f8 | Core Gen9 Mobile | CFL-H/S | P0 | 06-9e-0c/22 | 000000f0 | 000000f2 | Core Gen9 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f0 | 000000f2 | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000f0 | 000000f2 | Core Gen8 | CFL-U43e | D0 | 06-8e-0a/c0 | 000000f0 | 000000f2 | Core Gen8 Mobile | CLX-SP | B0 | 06-55-06/bf | 04003303 | 04003501 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003303 | 05003501 | Xeon Scalable Gen2 | CML-H | R1 | 06-a5-02/20 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-S102 | Q0 | 06-a5-05/22 | 000000f4 | 000000f6 | Core Gen10 | CML-S62 | G1 | 06-a5-03/22 | 000000f4 | 000000f6 | Core Gen10 | CML-U62 V1 | A0 | 06-a6-00/80 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-U62 V2 | K1 | 06-a6-01/80 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile | CPX-SP | A1 | 06-55-0b/bf | 07002503 | 07002601 | Xeon Scalable Gen3 | ICL-D | B0 | 06-6c-01/10 | 01000211 | 01000230 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000b8 | 000000ba | Core Gen10 Mobile | ICX-SP | D0 | 06-6a-06/87 | 0d000389 | 0d000390 | Xeon Scalable Gen3 | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000f0 | 000000f2 | Core Gen7; Xeon E3 v6 | KBL-U/Y | H0 | 06-8e-09/c0 | | 000000f2 | Core Gen7 Mobile | LKF | B2/B3 | 06-8a-01/10 | 00000032 | 00000033 | Core w/Hybrid Technology | RKL-S | B0 | 06-a7-01/02 | 00000057 | 00000058 | Core Gen11 | RPL-H 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13 | RPL-P 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13 | RPL-S | S0 | 06-b7-01/32 | 00000112 | 00000113 | Core Gen13 | RPL-U 2+8 | Q0 | 06-ba-03/07 | 0000410e | 00004112 | Core Gen13 | SKX-D | H0 | 06-55-04/b7 | | 02006f05 | Xeon D-21xx | SKX-SP | B1 | 06-55-03/97 | 01000161 | 01000171 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | | 02006f05 | Xeon Scalable | SPR-HBM | B3 | 06-8f-08/10 | 2c000170 | 2c0001d1 | Xeon Max | SPR-SP | E0 | 06-8f-04/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E2 | 06-8f-05/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E3 | 06-8f-06/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E4 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E5 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | S2 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | S3 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | TGL | B1 | 06-8c-01/80 | 000000a6 | 000000aa | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 00000042 | 00000044 | Core Gen11 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000028 | 0000002a | Core Gen11 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | | 000000f2 | Core Gen8 Mobile Important SUSE bug 1208479 SUSE bug 1211382 CVE-2022-33972 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for tomcat fixes the following issues: - CVE-2023-28709: Mended an incomplete fix for CVE-2023-24998 (bsc#1211608). Important SUSE bug 1211608 CVE-2023-28709 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). Important SUSE bug 1211430 CVE-2023-2650 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for openssl-1_0_0 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). Important SUSE bug 1211430 CVE-2023-2650 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for cups fixes the following issues: - CVE-2023-32324: Fixed a buffer overflow in format_log_line() which could cause a denial-of-service (bsc#1211643). Important SUSE bug 1211643 CVE-2023-32324 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for openvswitch fixes the following issues: - CVE-2022-4338: Fixed Integer Underflow in Organization Specific TLV (bsc#1206580). - CVE-2022-4337: Fixed Out-of-Bounds Read in Organization Specific TLV (bsc#1206581). - CVE-2022-32166: Fixed a out of bounds read in minimask_equal() (bsc#1203865). - CVE-2021-36980: Fixed a use-after-free issue during the decoding of a RAW_ENCAP action (bsc#1188524). Important SUSE bug 1188524 SUSE bug 1203865 SUSE bug 1206580 SUSE bug 1206581 CVE-2021-36980 CVE-2022-32166 CVE-2022-4337 CVE-2022-4338 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: Extended Support Release 102.12.0 ESR (bsc#1211922): - CVE-2023-34414: Click-jacking certificate exceptions through rendering lag - CVE-2023-34416: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12 Important SUSE bug 1211922 CVE-2023-34414 CVE-2023-34416 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for java-1_8_0-ibm fixes the following issues: - CVE-2023-21930: Fixed possible compromise from unauthenticated attacker with network access via TLS (bsc#1210628). - CVE-2023-21937: Fixed vulnerability inside the networking component (bsc#1210631). - CVE-2023-21938: Fixed vulnerability inside the library component (bsc#1210632). - CVE-2023-21939: Fixed vulnerability inside the swing component (bsc#1210634). - CVE-2023-21968: Fixed vulnerability inside the library component (bsc#1210637). - CVE-2023-2597: Fixed buffer overflow in shared cache implementation (bsc#1211615). - CVE-2023-21967: Fixed vulnerability inside the JSSE component (bsc#1210636). - CVE-2023-21954: Fixed vulnerability inside the hotspot component (bsc#1210635). Additional reference fixed already in 8.0.7.15: - CVE-2023-30441: Fixed components that could have exposed sensitive information using a combination of flaws and configurations (bsc#1210711). Important SUSE bug 1210628 SUSE bug 1210631 SUSE bug 1210632 SUSE bug 1210634 SUSE bug 1210635 SUSE bug 1210636 SUSE bug 1210637 SUSE bug 1210711 SUSE bug 1210826 SUSE bug 1211615 CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968 CVE-2023-2597 CVE-2023-30441 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for libcares2 fixes the following issues: - CVE-2023-32067: Fixed a denial of service that could be triggered by a 0-byte UDP payload (bsc#1211604). - CVE-2023-31147: Fixed an insufficient randomness in generation of DNS query IDs (bsc#1211605). - CVE-2023-31130: Fixed a buffer underflow when configuring specific IPv6 addresses (bsc#1211606). - CVE-2023-31124: Fixed a build issue when cross-compiling that could lead to insufficient randomness (bsc#1211607). Important SUSE bug 1211604 SUSE bug 1211605 SUSE bug 1211606 SUSE bug 1211607 CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for libX11 fixes the following issues: - CVE-2023-3138: Fixed buffer overflows in InitExt.c (bsc#1212102). Important SUSE bug 1212102 CVE-2023-3138 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405). - CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). - CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). - CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). - CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). - CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). - CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783). - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940 bsc#1211260). - CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715). - CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186). - CVE-2023-1380: A slab-out-of-bound read problem was fixed in brcmf_get_assoc_ies(), that could lead to a denial of service (bsc#1209287). - CVE-2023-2513: A use-after-free vulnerability was fixed in the ext4 filesystem, related to the way it handled the extra inode size for extended attributes (bsc#1211105). - CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629). The following non-security bugs were fixed: - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). - ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). Important SUSE bug 1204405 SUSE bug 1205756 SUSE bug 1205758 SUSE bug 1205760 SUSE bug 1205762 SUSE bug 1205803 SUSE bug 1206878 SUSE bug 1209287 SUSE bug 1210629 SUSE bug 1210715 SUSE bug 1210783 SUSE bug 1210940 SUSE bug 1211105 SUSE bug 1211186 SUSE bug 1211260 SUSE bug 1211592 CVE-2022-3566 CVE-2022-45884 CVE-2022-45885 CVE-2022-45886 CVE-2022-45887 CVE-2022-45919 CVE-2023-1380 CVE-2023-2176 CVE-2023-2194 CVE-2023-2513 CVE-2023-31084 CVE-2023-31436 CVE-2023-32269 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for libwebp fixes the following issues: - CVE-2023-1999: Fixed double free (bsc#1210212). Important SUSE bug 1210212 CVE-2023-1999 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for bluez fixes the following issues: - CVE-2023-27349: Fixed crash while handling unsupported events (bsc#1210398). Important SUSE bug 1210398 CVE-2023-27349 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for webkit2gtk3 fixes the following issues: Add security patches (bsc#1211846): - CVE-2023-28204: Fixed processing of web content that may disclose sensitive information (bsc#1211659). - CVE-2023-32373: Fixed processing of maliciously crafted web content that may lead to arbitrary code execution (bsc#1211658). Important SUSE bug 1211658 SUSE bug 1211659 SUSE bug 1211846 CVE-2023-28204 CVE-2023-32373 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect tests [bsc#1201627] Moderate SUSE bug 1201627 SUSE bug 1207534 CVE-2022-4304 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for openssl-1_0_0 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). Moderate SUSE bug 1207534 CVE-2022-4304 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for python fixes the following issues: - CVE-2023-24329: Fixed urllib.parse bypass when supplying a URL that starts with blank characters (bsc#1208471). Important SUSE bug 1208471 CVE-2023-24329 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). Moderate SUSE bug 1206337 CVE-2022-46908 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for bind fixes the following issues: - CVE-2023-2828: Fixed denial-of-service against recursive resolvers related to cache-cleaning algorithm (bsc#1212544). Important SUSE bug 1212544 CVE-2023-2828 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update of installation-images fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). Moderate SUSE bug 1209188 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for libqt5-qtbase fixes the following issues: - CVE-2020-24741: Fixed a bug that allow QLibrary to load libraries relative to CWD which could result in arbitrary code execution (bsc#1189408). - CVE-2023-32763: Fixed buffer overflow in QTextLayout (bsc#1211798). Important SUSE bug 1189408 SUSE bug 1211798 CVE-2020-24741 CVE-2023-32763 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for xorg-x11-server fixes the following issues: - CVE-2023-0494: Fixed a use-after-free in DeepCopyPointerClasses (bsc#1207783). Important SUSE bug 1207783 CVE-2023-0494 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for ghostscript fixes the following issues: - CVE-2023-36664: Fixed permission validation mishandling for pipe devices with the %pipe% prefix or the | pipe character prefix (bsc#1212711). Important SUSE bug 1212711 CVE-2023-36664 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues: Changes in MozillaFirefox and MozillaFirefox-branding-SLE: This update provides Firefox Extended Support Release 115.0 ESR * New: - Required fields are now highlighted in PDF forms. - Improved performance on high-refresh rate monitors (120Hz+). - Buttons in the Tabs toolbar can now be reached with Tab, Shift+Tab, and Arrow keys. View this article for additional details. - Windows' 'Make text bigger' accessibility setting now affects all the UI and content pages, rather than only applying to system font sizes. - Non-breaking spaces are now preserved—preventing automatic line breaks—when copying text from a form control. - Fixed WebGL performance issues on NVIDIA binary drivers via DMA-Buf on Linux. - Fixed an issue in which Firefox startup could be significantly slowed down by the processing of Web content local storage. This had the greatest impact on users with platter hard drives and significant local storage. - Removed a configuration option to allow SHA-1 signatures in certificates: SHA-1 signatures in certificates—long since determined to no longer be secure enough—are now not supported. - Highlight color is preserved correctly after typing `Enter` in the mail composer of Yahoo Mail and Outlook. After bypassing the https only error page navigating back would take you to the error page that was previously dismissed. Back now takes you to the previous site that was visited. - Paste unformatted shortcut (shift+ctrl/cmd+v) now works in plain text contexts, such as input and text area. - Added an option to print only the current page from the print preview dialog. - Swipe to navigate (two fingers on a touchpad swiped left or right to perform history back or forward) on Windows is now enabled. - Stability on Windows is significantly improved as Firefox handles low-memory situations much better. - Touchpad scrolling on macOS was made more accessible by reducing unintended diagonal scrolling opposite of the intended scroll axis. - Firefox is less likely to run out of memory on Linux and performs more efficiently for the rest of the system when memory runs low. - It is now possible to edit PDFs: including writing text, drawing, and adding signatures. - Setting Firefox as your default browser now also makes it the default PDF application on Windows systems. - Swipe-to-navigate (two fingers on a touchpad swiped left or right to perform history back or forward) now works for Linux users on Wayland. - Text Recognition in images allows users on macOS 10.15 and higher to extract text from the selected image (such as a meme or screenshot). - Firefox View helps you get back to content you previously discovered. A pinned tab allows you to find and open recently closed tabs on your current device and access tabs from other devices (via our “Tab Pickup” feature). - Import maps, which allow web pages to control the behavior of JavaScript imports, are now enabled by default. - Processes used for background tabs now use efficiency mode on Windows 11 to limit resource use. - The shift+esc keyboard shortcut now opens the Process Manager, offering a way to quickly identify processes that are using too many resources. - Firefox now supports properly color correcting images tagged with ICCv4 profiles. - Support for non-English characters when saving and printing PDF forms. - The bookmarks toolbar's default 'Only show on New Tab' state works correctly for blank new tabs. As before, you can change the bookmark toolbar's behavior using the toolbar context menu. - Manifest Version 3 (MV3) extension support is now enabled by default (MV2 remains enabled/supported). This major update also ushers an exciting user interface change in the form of the new extensions button. - The Arbitrary Code Guard exploit protection has been enabled in the media playback utility processes, improving security for Windows users. - The native HTML date picker for date and datetime inputs can now be used with a keyboard alone, improving its accessibility for screen reader users. Users with limited mobility can also now use common keyboard shortcuts to navigate the calendar grid and month selection spinners. - Firefox builds in the Spanish from Spain (es-ES) and Spanish from Argentina (es-AR) locales now come with a built- in dictionary for the Firefox spellchecker. - On macOS, Ctrl or Cmd + trackpad or mouse wheel now scrolls the page instead of zooming. This avoids accidental zooming and matches the behavior of other web browsers on macOS. - It's now possible to import bookmarks, history and passwords not only from Edge, Chrome or Safari but also from Opera, Opera GX, and Vivaldi. - GPU sandboxing has been enabled on Windows. - On Windows, third-party modules can now be blocked from injecting themselves into Firefox, which can be helpful if they are causing crashes or other undesirable behavior. - Date, time, and datetime-local input fields can now be cleared with `Cmd+Backspace` and `Cmd+Delete` shortcut on macOS and `Ctrl+Backspace` and `Ctrl+Delete` on Windows and Linux. - GPU-accelerated Canvas2D is enabled by default on macOS and Linux. - WebGL performance improvement on Windows, MacOS and Linux. - Enables overlay of hardware-decoded video with non-Intel GPUs on Windows 10/11, improving video playback performance and video scaling quality. - Windows native notifications are now enabled. - Firefox Relay users can now opt-in to create Relay email masks directly from the Firefox credential manager. You must be signed in with your Firefox Account. - We’ve added two new locales: Silhe Friulian (fur) and Sardinian (sc). - Right-clicking on password fields now shows an option to reveal the password. - Private windows and ETP set to strict will now include email tracking protection. This will make it harder for email trackers to learn the browsing habits of Firefox users. You can check the Tracking Content in the sub-panel on the shield icon panel. - The deprecated U2F Javascript API is now disabled by default. The U2F protocol remains usable through the WebAuthn API. The U2F API can be re-enabled using the `security.webauth.u2f` preference. - Say hello to enhanced Picture-in-Picture! Rewind, check video duration, and effortlessly switch to full-screen mode on the web's most popular video websites. - Firefox's address bar is already a great place to search for what you're looking for. Now you'll always be able to see your web search terms and refine them while viewing your search's results - no additional scrolling needed! Also, a new result menu has been added making it easier to remove history results and dismiss sponsored Firefox Suggest entries. - Private windows now protect users even better by blocking third-party cookies and storage of content trackers. - Passwords automatically generated by Firefox now include special characters, giving users more secure passwords by default. - Firefox 115 introduces a redesigned accessibility engine which significantly improves the speed, responsiveness, and stability of Firefox when used with: - Screen readers, as well as certain other accessibility software; - East Asian input methods; - Enterprise single sign-on software; and - Other applications which use accessibility frameworks to access information. - Firefox 115 now supports AV1 Image Format files containing animations (AVIS), improving support for AVIF images across the web. - The Windows GPU sandbox first shipped in the Firefox 110 release has been tightened to enhance the security benefits it provides. - A 13-year-old feature request was fulfilled and Firefox now supports files being drag-and-dropped directly from Microsoft Outlook. A special thanks to volunteer contributor Marco Spiess for helping to get this across the finish line! - Users on macOS can now access the Services sub-menu directly from Firefox context menus. - On Windows, the elastic overscroll effect has been enabled by default. When two-finger scrolling on the touchpad or scrolling on the touchscreen, you will now see a bouncing animation when scrolling past the edge of a scroll container. - Firefox is now available in the Tajik (tg) language. - Added UI to manage the DNS over HTTPS exception list. - Bookmarks can now be searched from the Bookmarks menu. The Bookmarks menu is accessible by adding the Bookmarks menu button to the toolbar. - Restrict searches to your local browsing history by selecting Search history from the History, Library or Application menu buttons. - Mac users can now capture video from their cameras in all supported native resolutions. This enables resolutions higher than 1280x720. - It is now possible to reorder the extensions listed in the extensions panel. - Users on macOS, Linux, and Windows 7 can now use FIDO2 / WebAuthn authenticators over USB. Some advanced features, such as fully passwordless logins, require a PIN to be set on the authenticator. - Pocket Recommended content can now be seen in France, Italy, and Spain. - DNS over HTTPS settings are now part of the Privacy & Security section of the Settings page and allow the user to choose from all the supported modes. - Migrating from another browser? Now you can bring over payment methods you've saved in Chrome-based browsers to Firefox. - Hardware video decoding enabled for Intel GPUs on Linux. - The Tab Manager dropdown now features close buttons, so you can close tabs more quickly. - Windows Magnifier now follows the text cursor correctly when the Firefox title bar is visible. - Undo and redo are now available in Password fields. [1]:https://support.mozilla.org/kb/access-toolbar-functions- using-keyboard?_gl=1*16it7nj*_ga*MTEzNjg4MjY5NC4xNjQ1MjAxMDU3 *_ga_MQ7767QQQW*MTY1Njk2MzExMS43LjEuMTY1Njk2MzIzMy4w [2]:https://support.mozilla.org/kb/how-set-tab-pickup-firefox-view [3]:https://support.mozilla.org/kb/task-manager-tabs-or-extensions-are-slowing-firefox [4]:https://blog.mozilla.org/addons/2022/11/17/manifest-v3-signing-available-november-21-on-firefox-nightly/ [5]:https://blog.mozilla.org/addons/2022/05/18/manifest-v3-in-firefox-recap-next-steps/ [6]:https://support.mozilla.org/kb/unified-extensions [7]:https://support.mozilla.org/kb/import-data-another-browser [8]:https://support.mozilla.org/kb/identify-problems-third-party-modules-firefox-windows [9]:https://support.mozilla.org/kb/how-generate-secure-password-firefox [10]:https://blog.mozilla.org/accessibility/firefox-113-accessibility-performance/ * Fixed: Various security fixes. MFSA 2023-22 (bsc#1212438) * CVE-2023-3482 (bmo#1839464) Block all cookies bypass for localstorage * CVE-2023-37201 (bmo#1826002) Use-after-free in WebRTC certificate generation * CVE-2023-37202 (bmo#1834711) Potential use-after-free from compartment mismatch in SpiderMonkey * CVE-2023-37203 (bmo#291640) Drag and Drop API may provide access to local system files * CVE-2023-37204 (bmo#1832195) Fullscreen notification obscured via option element * CVE-2023-37205 (bmo#1704420) URL spoofing in address bar using RTL characters * CVE-2023-37206 (bmo#1813299) Insufficient validation of symlinks in the FileSystem API * CVE-2023-37207 (bmo#1816287) Fullscreen notification obscured * CVE-2023-37208 (bmo#1837675) Lack of warning when opening Diagcab files * CVE-2023-37209 (bmo#1837993) Use-after-free in `NotifyOnHistoryReload` * CVE-2023-37210 (bmo#1821886) Full-screen mode exit prevention * CVE-2023-37211 (bmo#1832306, bmo#1834862, bmo#1835886, bmo#1836550, bmo#1837450) Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 * CVE-2023-37212 (bmo#1750870, bmo#1825552, bmo#1826206, bmo#1827076, bmo#1828690, bmo#1833503, bmo#1835710, bmo#1838587) Memory safety bugs fixed in Firefox 115 - Fixed potential SIGILL on older CPUs (bsc#1212101) * Fixed: Various security fixes and other quality Important SUSE bug 1212101 SUSE bug 1212438 CVE-2023-3482 CVE-2023-37201 CVE-2023-37202 CVE-2023-37203 CVE-2023-37204 CVE-2023-37205 CVE-2023-37206 CVE-2023-37207 CVE-2023-37208 CVE-2023-37209 CVE-2023-37210 CVE-2023-37211 CVE-2023-37212 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for java-1_8_0-ibm fixes the following issues: Updated to Java 8.0 Service Refresh 8 Fix Pack 6 (bsc#1213000): - Fixed issue in Java Virtual Machine where outofmemory (OOM) killer terminates the jvm due to failure in control groups detection. Important SUSE bug 1213000 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). Important SUSE bug 1210999 CVE-2023-31484 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for samba fixes the following issues: - CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send (bsc#1213174). Bugfixes: - Fixed trust relationship failure (bsc#1213384). Moderate SUSE bug 1213174 SUSE bug 1213384 CVE-2022-2127 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 115.0.2 ESR (MFSA 2023-26, bsc#1213230) Security fixes: - CVE-2023-3600: Fixed use-after-free in workers (bmo#1839703) Other fixes: - Fixed a startup crash experienced by some Windows users by blocking instances of a malicious injected DLL (bmo#1841751) - Fixed a bug with displaying a caret in the text editor on some websites (bmo#1840804) - Fixed a bug with broken audio rendering on some websites (bmo#1841982) - Fixed a bug with patternTransform translate using the wrong units (bmo#1840746) - Fixed a crash affecting Windows 7 users related to the DLL blocklist. Firefox Extended Support Release 115.0.1 ESR - Fixed a startup crash for Windows users with Kingsoft Antivirus software installed (bmo#1837242) Important SUSE bug 1213230 CVE-2023-3600 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for cjose fixes the following issues: - CVE-2023-37464: Fixed AES GCM decryption uses the Tag length from the actual Authentication Tag (bsc#1213385). Important SUSE bug 1213385 CVE-2023-37464 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for openssl-1_0_0 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). - testsuite: Update further expiring certificates that affect tests [bsc#1201627] Important SUSE bug 1201627 SUSE bug 1207533 SUSE bug 1207534 SUSE bug 1207536 CVE-2022-4304 CVE-2023-0215 CVE-2023-0286 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). Important SUSE bug 1207533 SUSE bug 1207534 SUSE bug 1207536 SUSE bug 1207538 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). Important SUSE bug 1206579 CVE-2022-47629 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for mariadb fixes the following issues: - CVE-2022-32084: Fixed segmentation fault via the component sub_select (bsc#1201164). Moderate SUSE bug 1201164 CVE-2022-32084 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for apache2-mod_security2 fixes the following issues: - CVE-2022-48279: Fixed a potential firewall bypass due to an incorrect parsing of HTTP multipart requests (bsc#1207378). Important SUSE bug 1207378 CVE-2022-48279 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for tomcat fixes the following issues: - Remove the log4j dependency as it is not used by the tomcat package (bsc#1196137) Security hardening, related to Spring Framework vulnerabilities: - Deprecate getResources() and always return null (bsc#1198136). Important SUSE bug 1196137 SUSE bug 1198136 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for libapr-util1 fixes the following issues: - CVE-2022-25147: Fixed a buffer overflow possible with specially crafted input during base64 encoding (bsc#1207866) Critical SUSE bug 1207866 CVE-2022-25147 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for xrdp fixes the following issues: - CVE-2022-23468: Fixed a buffer overflow in xrdp_login_wnd_create() (bsc#1206300). - CVE-2022-23479: Fixed a buffer overflow in xrdp_mm_chan_data_in() (bsc#1206303). - CVE-2022-23480: Fixed a buffer overflow in devredir_proc_client_devlist_announce_req() (bsc#1206306). - CVE-2022-23481: Fixed an out of bound read in xrdp_caps_process_confirm_active() (bsc#1206307). - CVE-2022-23482: Fixed an out of bound read in xrdp_sec_process_mcs_data_CS_CORE() (bsc#1206310). - CVE-2022-23483: Fixed an out of bound read in libxrdp_send_to_channel() (bsc#1206311). - CVE-2022-23484: Fixed a integer overflow in xrdp_mm_process_rail_update_window_text() (bsc#1206312). Important SUSE bug 1206300 SUSE bug 1206303 SUSE bug 1206306 SUSE bug 1206307 SUSE bug 1206310 SUSE bug 1206311 SUSE bug 1206312 CVE-2022-23468 CVE-2022-23479 CVE-2022-23480 CVE-2022-23481 CVE-2022-23482 CVE-2022-23483 CVE-2022-23484 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for cups fixes the following issues: - CVE-2023-4504: Fixed heap overflow in OpenPrinting CUPS Postscript Parsing (bsc#1215204). - CVE-2023-34241: Fixed a use-after-free problem in cupsdAcceptClient() (bsc#1212230). - CVE-2023-32360: Fixed information leak through Cups-Get-Document operation (bsc#1214254). Important SUSE bug 1212230 SUSE bug 1214254 SUSE bug 1215204 CVE-2023-32360 CVE-2023-34241 CVE-2023-4504 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for postgresql15 fixes the following issues: Update to 15.2: - CVE-2022-41862: Fixed memory leak in libpq (bsc#1208102). Important SUSE bug 1208102 CVE-2022-41862 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bnc#1207237). - CVE-2023-23454: Fixed denial or service in cbq_classify in net/sched/sch_cbq.c (bnc#1207036). - CVE-2022-4662: Fixed incorrect access control in the USB core subsystem that could lead a local user to crash the system (bnc#1206664). - CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bnc#1206073). The following non-security bugs were fixed: - Added support for enabling livepatching related packages on -RT (jsc#PED-1706). - Added suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149). - Reverted 'constraints: increase disk space for all architectures' (bsc#1203693). - HID: betop: check shape of output reports (bsc#1207186). - HID: betop: fix slab-out-of-bounds Write in betop_probe (bsc#1207186). - HID: check empty report_list in hid_validate_values() (bsc#1206784). - net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036). - net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036). - sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). Important SUSE bug 1203693 SUSE bug 1205149 SUSE bug 1206073 SUSE bug 1206664 SUSE bug 1206677 SUSE bug 1206784 SUSE bug 1207036 SUSE bug 1207186 SUSE bug 1207237 CVE-2022-3564 CVE-2022-4662 CVE-2022-47929 CVE-2023-23454 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for ImageMagick fixes the following issues: - CVE-2022-44267: Fixed a denial of service when parsing a PNG image (bsc#1207982). - CVE-2022-44268: Fixed arbitrary file disclosure when parsing a PNG image (bsc#1207983). Important SUSE bug 1207982 SUSE bug 1207983 CVE-2022-44267 CVE-2022-44268 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for git fixes the following issues: - CVE-2023-22490: Fixed incorrectly usable local clone optimization even when using a non-local transport (bsc#1208027). - CVE-2023-23946: Fixed issue where a path outside the working tree can be overwritten as the user who is running 'git apply' (bsc#1208028). Important SUSE bug 1208027 SUSE bug 1208028 CVE-2023-22490 CVE-2023-23946 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for java-1_8_0-openjdk fixes the following issues: Updated to version jdk8u362 (icedtea-3.26.0): - CVE-2023-21830: Fixed improper restrictions in CORBA deserialization (bsc#1207249). - CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248). Moderate SUSE bug 1207248 SUSE bug 1207249 CVE-2023-21830 CVE-2023-21843 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for clamav fixes the following issues: - CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser (bsc#1208363). - CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser (bsc#1208365). Critical SUSE bug 1208363 SUSE bug 1208365 CVE-2023-20032 CVE-2023-20052 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20230214 release. Security issues fixed: - CVE-2022-38090: Security updates for [INTEL-SA-00767](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00767.html) (bsc#1208275) - CVE-2022-33196: Security updates for [INTEL-SA-00738](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00738.html) (bsc#1208276) - CVE-2022-21216: Security updates for [INTEL-SA-00700](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00700.html) (bsc#1208277) - New Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | SPR-SP | E2 | 06-8f-05/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E3 | 06-8f-06/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E4 | 06-8f-07/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E5 | 06-8f-08/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-HBM | B3 | 06-8f-08/10 | | 2c000170 | Xeon Max | RPL-P 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13 | RPL-H 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13 | RPL-U 2+8 | Q0 | 06-ba-02/07 | | 0000410e | Core Gen13 - Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | C0 | 06-97-02/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-97-05/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-bf-02/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-bf-05/07 | 00000026 | 0000002c | Core Gen12 | ADL | L0 | 06-9a-03/80 | 00000424 | 00000429 | Core Gen12 | ADL | L0 | 06-9a-04/80 | 00000424 | 00000429 | Core Gen12 | CLX-SP | B0 | 06-55-06/bf | 04003302 | 04003303 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003302 | 05003303 | Xeon Scalable Gen2 | CPX-SP | A1 | 06-55-0b/bf | 07002501 | 07002503 | Xeon Scalable Gen3 | GLK | B0 | 06-7a-01/01 | 0000003c | 0000003e | Pentium Silver N/J5xxx, Celeron N/J4xxx | GLK-R | R0 | 06-7a-08/01 | 00000020 | 00000022 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-D | B0 | 06-6c-01/10 | 01000201 | 01000211 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000b6 | 000000b8 | Core Gen10 Mobile | ICX-SP | D0 | 06-6a-06/87 | 0d000375 | 0d000389 | Xeon Scalable Gen3 | JSL | A0/A1 | 06-9c-00/01 | 24000023 | 24000024 | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105 | LKF | B2/B3 | 06-8a-01/10 | 00000031 | 00000032 | Core w/Hybrid Technology | RKL-S | B0 | 06-a7-01/02 | 00000056 | 00000057 | Core Gen11 | RPL-S | S0 | 06-b7-01/32 | 0000010e | 00000112 | Core Gen13 | SKX-SP | B1 | 06-55-03/97 | 0100015e | 01000161 | Xeon Scalable Important SUSE bug 1208275 SUSE bug 1208276 SUSE bug 1208277 CVE-2022-21216 CVE-2022-33196 CVE-2022-38090 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: Updated to version 102.8.0 ESR (bsc#1208144): - CVE-2023-25728: Fixed content security policy leak in violation reports using iframes. - CVE-2023-25730: Fixed screen hijack via browser fullscreen mode. - CVE-2023-25743: Fixed Fullscreen notification not being shown in Firefox Focus. - CVE-2023-0767: Fixed arbitrary memory write via PKCS 12 in NSS. - CVE-2023-25735: Fixed potential use-after-free from compartment mismatch in SpiderMonkey. - CVE-2023-25737: Fixed invalid downcast in SVGUtils::SetupStrokeGeometry. - CVE-2023-25738: Fixed printing on Windows which could potentially crash Firefox with some device drivers. - CVE-2023-25739: Fixed use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext. - CVE-2023-25729: Fixed extensions opening external schemes without user knowledge. - CVE-2023-25732: Fixed out of bounds memory write from EncodeInputStream. - CVE-2023-25734: Fixed opening local .url files that causes unexpected network loads. - CVE-2023-25742: Fixed tab crash by Web Crypto ImportKey. - CVE-2023-25744: Fixed Memory safety bugs. - CVE-2023-25746: Fixed Memory safety bugs. Important SUSE bug 1208138 SUSE bug 1208144 CVE-2023-0767 CVE-2023-25728 CVE-2023-25729 CVE-2023-25730 CVE-2023-25732 CVE-2023-25734 CVE-2023-25735 CVE-2023-25737 CVE-2023-25738 CVE-2023-25739 CVE-2023-25742 CVE-2023-25743 CVE-2023-25744 CVE-2023-25746 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for mozilla-nss fixes the following issues: Updated to NSS 3.79.4 (bsc#1208138): - CVE-2023-0767: Fixed handling of unknown PKCS#12 safe bag types. Important SUSE bug 1208138 CVE-2023-0767 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for poppler fixes the following issues: - CVE-2022-38784: Fixed integer overflow in the JBIG2 decoder (bsc#1202692). - CVE-2019-13283: Fixed heap-based buffer over-read that could be triggered by sending a crafted PDF document to the pdftotext tool (bsc#1140877). Important SUSE bug 1140877 SUSE bug 1202692 CVE-2019-13283 CVE-2022-38784 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for libxslt fixes the following issues: - CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574). Important SUSE bug 1208574 CVE-2021-30560 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for xterm fixes the following issues: - CVE-2022-45063: Fixed command injection in ESC 50 fontoperation by disabling the change font functionality (bsc#1205305). Important SUSE bug 1205305 CVE-2022-45063 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for nrpe fixes the following issues: - CVE-2015-4000: Fixed Logjam Attack by increasing the standard size of 512 bit dh parameters to 2048 (bsc#931600, bsc#938906). Moderate SUSE bug 931600 SUSE bug 938906 CVE-2015-4000 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for emacs fixes the following issues: - CVE-2022-48337: Fixed etags local command injection vulnerability (bsc#1208515). - CVE-2022-48339: Fixed htmlfontify.el command injection vulnerability (bsc#1208512). Important SUSE bug 1208512 SUSE bug 1208515 CVE-2022-48337 CVE-2022-48339 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for webkit2gtk3 fixes the following issues: Update to version 2.38.3 (bnc#1206750): - CVE-2022-42852: Fixed disclosure of process memory by improved memory handling. - CVE-2022-42856: Fixed a potential arbitrary code execution when processing maliciously crafted web content (bsc#1206474). - CVE-2022-42863: Fixed a potential arbitrary code execution when processing maliciously crafted web content. - CVE-2022-42867: Fixed a use after free issue was addressed with improved memory management. - CVE-2022-46691: Fixed a potential arbitrary code execution when processing maliciously crafted web content. - CVE-2022-46692: Fixed bypass of Same Origin Policy through improved state management. - CVE-2022-46698: Fixed disclosure of sensitive user information with improved checks. - CVE-2022-46699: Fixed an arbitrary code execution caused by memory corruption. - CVE-2022-46700: Fixed a potential arbitrary code execution when processing maliciously crafted web content. Important SUSE bug 1206474 SUSE bug 1206750 CVE-2022-42852 CVE-2022-42856 CVE-2022-42863 CVE-2022-42867 CVE-2022-46691 CVE-2022-46692 CVE-2022-46698 CVE-2022-46699 CVE-2022-46700 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for xorg-x11-server fixes the following issues: - Fixed a regression introduced with security update for CVE-2022-46340 (bsc#1205874). Important SUSE bug 1205874 CVE-2022-46340 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for python3 fixes the following issues: - CVE-2023-24329: Fixed blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). - CVE-2022-40899: Fixed REDoS in http.cookiejar (gh#python/cpython#17157) (bsc#1206673). Important SUSE bug 1206673 SUSE bug 1208471 CVE-2022-40899 CVE-2023-24329 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for tomcat fixes the following issues: - CVE-2023-24998: Fixed FileUpload DoS with excessive parts (bsc#1208513). Important SUSE bug 1208513 CVE-2023-24998 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for jakarta-commons-fileupload fixes the following issues: - CVE-2016-3092: Fixed a usage of vulnerable FileUpload package can result in denial of service (bsc#986359). - CVE-2023-24998: Fixed a FileUpload deny of service with excessive parts (bsc#1208513). Important SUSE bug 1208513 SUSE bug 986359 CVE-2016-3092 CVE-2023-24998 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for vim fixes the following issues: - CVE-2023-0512: Fixed a divide By Zero (bsc#1207780). - CVE-2023-1175: vim: an incorrect calculation of buffer size (bsc#1208957). - CVE-2023-1170: Fixed a heap-based Buffer Overflow (bsc#1208959). - CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). Updated to version 9.0 with patch level 1386. - https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386 Important SUSE bug 1207780 SUSE bug 1208828 SUSE bug 1208957 SUSE bug 1208959 CVE-2023-0512 CVE-2023-1127 CVE-2023-1170 CVE-2023-1175 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for MozillaFirefox fixes the following issues: Update to version 102.9.0 ESR (bsc#1209173): - CVE-2023-28159: Fullscreen Notification could have been hidden by download popups on Android - CVE-2023-25748: Fullscreen Notification could have been hidden by window prompts on Android - CVE-2023-25749: Firefox for Android may have opened third-party apps without a prompt - CVE-2023-25750: Potential ServiceWorker cache leak during private browsing mode - CVE-2023-25751: Incorrect code generation during JIT compilation - CVE-2023-28160: Redirect to Web Extension files may have leaked local path - CVE-2023-28164: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation - CVE-2023-28161: One-time permissions granted to a local file were extended to other local files loaded in the same tab - CVE-2023-28162: Invalid downcast in Worklets - CVE-2023-25752: Potential out-of-bounds when accessing throttled streams - CVE-2023-28163: Windows Save As dialog resolved environment variables - CVE-2023-28176: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9 - CVE-2023-28177: Memory safety bugs fixed in Firefox 111 Important SUSE bug 1209173 CVE-2023-25748 CVE-2023-25749 CVE-2023-25750 CVE-2023-25751 CVE-2023-25752 CVE-2023-28159 CVE-2023-28160 CVE-2023-28161 CVE-2023-28162 CVE-2023-28163 CVE-2023-28164 CVE-2023-28176 CVE-2023-28177 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for apache2 fixes the following issues: - CVE-2023-25690: Fixed HTTP request splitting with mod_rewrite and mod_proxy (bsc#1209047). The following non-security bugs were fixed: - Fixed passing health check does not recover worker from its error state (bsc#1208708). Important SUSE bug 1208708 SUSE bug 1209047 CVE-2023-25690 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) - CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bsc#1194535). - CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051). - CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). - CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). - CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332). - CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773). - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2022-2991: Fixed an heap-based overflow in the lightnvm implemenation (bsc#1201420). The following non-security bugs were fixed: - kabi/severities: add l2tp local symbols Important SUSE bug 1191881 SUSE bug 1194535 SUSE bug 1201420 SUSE bug 1203331 SUSE bug 1203332 SUSE bug 1205711 SUSE bug 1207051 SUSE bug 1207773 SUSE bug 1207795 SUSE bug 1208700 SUSE bug 1209188 CVE-2021-4203 CVE-2022-2991 CVE-2022-36280 CVE-2022-38096 CVE-2022-4129 CVE-2023-0045 CVE-2023-0590 CVE-2023-23559 CVE-2023-26545 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update of oracleasm fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). Moderate SUSE bug 1209188 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update for xen fixes the following issues: - CVE-2022-42332: Fixed use-after-free in x86 shadow plus log-dirty mode (bsc#1209017). - CVE-2022-42333,CVE-2022-42334: Fixed x86/HVM pinned cache attributes mis-handling (bsc#1209018). - CVE-2022-42331: Fixed speculative vulnerability in 32bit SYSCALL path on x86 (bsc#1209019). Important SUSE bug 1209017 SUSE bug 1209018 SUSE bug 1209019 SUSE bug 1209188 CVE-2022-42331 CVE-2022-42332 CVE-2022-42333 CVE-2022-42334 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Server 12 SP4-LTSS This update of grub2 fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). Moderate SUSE bug 1209188 cpe:/o:suse:sles-ltss:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for libreoffice to 6.0.5.2 fixes the following issues: Security issues fixed: - CVE-2018-10583: An information disclosure vulnerability occurs during automatic processing and initiating an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document. (bsc#1091606) Non security issues fixed: - Bugfix: Table borders appear black in LibreOffice (while white in PowerPoint) (bsc#1088262) - Bugfix: LibreOffice extension 'Language Tool' fails after Tumbleweed update (bsc#1050305) - Bugfix: libreoffice-gnome can no longer be installed in parallel to libreoffice-gtk3 as there is a potential file conflict (bsc#1096673) - Bugfix: LibreOffice Writer: Text in boxes were not visible (bsc#1094359) - Use libreoffice-gtk3 if xfce is present (bsc#1092699) - Various other bug fixes - Exporting to PPTX results in vertical labels being shown horizontally (bsc#1095639) - Table in PPTX misplaced and partly blue (bsc#1098891) - Labels in chart change (from white and other colors) to black when saving as PPTX (bsc#1088263) - Exporting to PPTX shifts arrow shapes quite a bit bsc#1095601 Moderate SUSE bug 1050305 SUSE bug 1088262 SUSE bug 1088263 SUSE bug 1091606 SUSE bug 1091772 SUSE bug 1092699 SUSE bug 1094359 SUSE bug 1095601 SUSE bug 1095639 SUSE bug 1096673 SUSE bug 1098891 CVE-2018-10583 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for python, python-base fixes the following issues: Security issues fixed: - CVE-2018-1000802: Prevent command injection in shutil module (make_archive function) via passage of unfiltered user input (bsc#1109663). - CVE-2018-1061: Fixed DoS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (bsc#1088004). - CVE-2018-1060: Fixed DoS via regular expression catastrophic backtracking in apop() method in pop3lib (bsc#1088009). Bug fixes: - bsc#1086001: python tarfile uses random order. Moderate SUSE bug 1086001 SUSE bug 1088004 SUSE bug 1088009 SUSE bug 1109663 CVE-2018-1000802 CVE-2018-1060 CVE-2018-1061 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for ntfs-3g_ntfsprogs fixes the following issues: - CVE-2017-0358: Missing sanitization of the environment during a call to modprobe allowed local users to escalate fo root privilege (bsc#1022500) Low SUSE bug 1022500 CVE-2017-0358 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for soundtouch fixes the following issues: - CVE-2018-17098: The WavFileBase class allowed remote attackers to cause a denial of service (heap corruption from size inconsistency) or possibly have unspecified other impact, as demonstrated by SoundStretch. (bsc#1108632) - CVE-2018-17097: The WavFileBase class allowed remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch. (double free) (bsc#1108631) - CVE-2018-17096: The BPMDetect class allowed remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch. (bsc#1108630) Moderate SUSE bug 1108630 SUSE bug 1108631 SUSE bug 1108632 CVE-2018-17096 CVE-2018-17097 CVE-2018-17098 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for libwpd fixes the following issues: Security issue fixed: - CVE-2018-19208: Fixed illegal address access inside libwpd at function WP6ContentListener:defineTable (bsc#1115713). Important SUSE bug 1115713 CVE-2018-19208 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2018-18544: Fixed memory leak in the function WriteMSLImage (bsc#1113064). Non-security issues fixed: - Improve import documentation (bsc#1057246). - Allow override system security policy (bsc#1117463). - asan_build: build ASAN included - debug_build: build more suitable for debugging Moderate SUSE bug 1057246 SUSE bug 1113064 SUSE bug 1117463 CVE-2018-18544 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removed entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry could remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769). - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751). - CVE-2018-18445: Faulty computation of numeric bounds in the BPF verifier permitted out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandled 32-bit right shifts (bnc#1112372). - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). - CVE-2017-18224: fs/ocfs2/aops.c omitted use of a semaphore and consequently had a race condition for access to the extent tree during read operations in DIRECT mode, which allowed local users to cause a denial of service (BUG) by modifying a certain e_cpos field (bnc#1084831). - CVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674). The following non-security bugs were fixed: - ACPI/APEI: Handle GSIV and GPIO notification types (bsc#1115567). - ACPICA: Tables: Add WSMT support (bsc#1089350). - ACPI/IORT: Fix iort_get_platform_device_domain() uninitialized pointer value (bsc#1051510). - ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers (bsc#1051510). - ACPI, nfit: Fix ARS overflow continuation (bsc#1116895). - ACPI, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#1112128). - ACPI/nfit, x86/mce: Handle only uncorrectable machine checks (bsc#1114279). - ACPI/nfit, x86/mce: Validate a MCE's address before using it (bsc#1114279). - ACPI / platform: Add SMB0001 HID to forbidden_id_list (bsc#1051510). - ACPI / processor: Fix the return value of acpi_processor_ids_walk() (bsc#1051510). - ACPI / watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM (bsc#1051510). - act_ife: fix a potential use-after-free (networking-stable-18_09_11). - Add the cherry-picked dup id for PCI dwc fix - Add version information to KLP_SYMBOLS file - ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write (bsc#1051510). - ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bsc#1051510). - ALSA: control: Fix race between adding and removing a user element (bsc#1051510). - ALSA: hda: Add 2 more models to the power_save blacklist (bsc#1051510). - ALSA: hda: Add ASRock N68C-S UCC the power_save blacklist (bsc#1051510). - ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905) (bsc#1051510). - ALSA: hda - Add quirk for ASUS G751 laptop (bsc#1051510). - ALSA: hda/ca0132 - Call pci_iounmap() instead of iounmap() (bsc#1051510). - ALSA: hda - Fix headphone pin config for ASUS G751 (bsc#1051510). - ALSA: hda: fix unused variable warning (bsc#1051510). - ALSA: hda/realtek - Add auto-mute quirk for HP Spectre x360 laptop (bsc#1051510). - ALSA: hda/realtek - Add GPIO data update helper (bsc#1051510). - ALSA: hda/realtek - Allow skipping spec->init_amp detection (bsc#1051510). - ALSA: hda/realtek - fix headset mic detection for MSI MS-B171 (bsc#1051510). - ALSA: hda/realtek - Fix HP Headset Mic can't record (bsc#1051510). - ALSA: hda/realtek - fix the pop noise on headphone for lenovo laptops (bsc#1051510). - ALSA: hda/realtek - Fix the problem of the front MIC on the Lenovo M715 (bsc#1051510). - ALSA: hda/realtek - Manage GPIO bits commonly (bsc#1051510). - ALSA: hda/realtek - Simplify Dell XPS13 GPIO handling (bsc#1051510). - ALSA: hda/realtek - Support ALC300 (bsc#1051510). - ALSA: oss: Use kvzalloc() for local buffer allocations (bsc#1051510). - ALSA: sparc: Fix invalid snd_free_pages() at error path (bsc#1051510). - ALSA: usb-audio: Add vendor and product name for Dell WD19 Dock (bsc#1051510). - ALSA: usb-audio: update quirk for B&W PX to remove microphone (bsc#1051510). - ALSA: wss: Fix invalid snd_free_pages() at error path (bsc#1051510). - amd/iommu: Fix Guest Virtual APIC Log Tail Address Register (bsc#1106105). - arm64: KVM: Move CPU ID reg trap setup off the world switch path (bsc#1110998). - arm64: KVM: Sanitize PSTATE.M when being set from userspace (bsc#1110998). - arm64: KVM: Tighten guest core register access from userspace (bsc#1110998). - ARM: dts: at91: add new compatibility string for macb on sama5d3 (bsc#1051510). - ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE to dwc (bsc#1085535) - ASoC: Intel: cht_bsw_max98090: add support for Baytrail (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0 (bsc#1051510). - ASoC: intel: skylake: Add missing break in skl_tplg_get_token() (bsc#1051510). - ASoC: Intel: Skylake: Reset the controller in probe (bsc#1051510). - ASoC: rsnd: adg: care clock-frequency size (bsc#1051510). - ASoC: rsnd: do not fallback to PIO mode when -EPROBE_DEFER (bsc#1051510). - ASoC: rt5514: Fix the issue of the delay volume applied again (bsc#1051510). - ASoC: sigmadsp: safeload should not have lower byte limit (bsc#1051510). - ASoC: sun8i-codec: fix crash on module removal (bsc#1051510). - ASoC: wm8804: Add ACPI support (bsc#1051510). - ata: Fix racy link clearance (bsc#1107866). - ataflop: fix error handling during setup (bsc#1051510). - ath10k: fix kernel panic issue during pci probe (bsc#1051510). - ath10k: fix scan crash due to incorrect length calculation (bsc#1051510). - ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait (bsc#1051510). - ath10k: schedule hardware restart if WMI command times out (bsc#1051510). - autofs: fix autofs_sbi() does not check super block type (git-fixes). - autofs: fix slab out of bounds read in getname_kernel() (git-fixes). - autofs: mount point create should honour passed in mode (git-fixes). - badblocks: fix wrong return value in badblocks_set if badblocks are disabled (git-fixes). - batman-adv: Avoid probe ELP information leak (bsc#1051510). - batman-adv: Expand merged fragment buffer for full packet (bsc#1051510). - batman-adv: fix backbone_gw refcount on queue_work() failure (bsc#1051510). - batman-adv: fix hardif_neigh refcount on queue_work() failure (bsc#1051510). - batman-adv: Use explicit tvlv padding for ELP packets (bsc#1051510). - bdi: Fix another oops in wb_workfn() (bsc#1112746). - bdi: Preserve kabi when adding cgwb_release_mutex (bsc#1112746). - bitops: protect variables in bit_clear_unless() macro (bsc#1051510). - bitops: protect variables in set_mask_bits() macro (bsc#1051510). - Blacklist commit that modifies Scsi_Host/kabi (bsc#1114579) - Blacklist sd_zbc patch that is too invasive (bsc#1114583) - Blacklist virtio patch that uses bio_integrity_bytes() (bsc#1114585) - blk-mq: I/O and timer unplugs are inverted in blktrace (bsc#1112713). - block, bfq: fix wrong init of saved start time for weight raising (bsc#1112708). - block: bfq: swap puts in bfqg_and_blkg_put (bsc#1112712). - block: copy ioprio in __bio_clone_fast() (bsc#1082653). - block: respect virtual boundary mask in bvecs (bsc#1113412). - Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bsc#1051510). - Bluetooth: SMP: fix crash in unpairing (bsc#1051510). - bnxt_en: Fix TX timeout during netpoll (networking-stable-18_10_16). - bnxt_en: free hwrm resources, if driver probe fails (networking-stable-18_10_16). - bonding: avoid possible dead-lock (networking-stable-18_10_16). - bonding: fix length of actor system (networking-stable-18_11_02). - bonding: fix warning message (networking-stable-18_10_16). - bonding: pass link-local packets to bonding master also (networking-stable-18_10_16). - bpf: fix partial copy of map_ptr when dst is scalar (bsc#1083647). - bpf, net: add skb_mac_header_len helper (networking-stable-18_09_24). - bpf/verifier: disallow pointer subtraction (bsc#1083647). - bpf: wait for running BPF programs when updating map-in-map (bsc#1083647). - brcmfmac: fix for proper support of 160MHz bandwidth (bsc#1051510). - brcmfmac: fix reporting support for 160 MHz channels (bsc#1051510). - brcmutil: really fix decoding channel info for 160 MHz bandwidth (bsc#1051510). - bridge: do not add port to router list when receives query with source 0.0.0.0 (networking-stable-18_11_02). - Btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency for bsc#1113667). - Btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667). - Btrfs: fix assertion failure during fsync in no-holes mode (bsc#1118136). - Btrfs: fix assertion on fsync of regular file when using no-holes feature (bsc#1118137). - Btrfs: fix cur_offset in the error case for nocow (bsc#1118140). - Btrfs: fix data corruption due to cloning of eof block (bsc#1116878). - Btrfs: fix deadlock on tree root leaf when finding free extent (bsc#1116876). - Btrfs: fix deadlock when writing out free space caches (bsc#1116700). - Btrfs: fix infinite loop on inode eviction after deduplication of eof block (bsc#1116877). - Btrfs: fix missing error return in btrfs_drop_snapshot (Git-fixes bsc#1109919). - Btrfs: fix null pointer dereference on compressed write path error (bsc#1116698). - Btrfs: fix use-after-free during inode eviction (bsc#1116701). - Btrfs: fix use-after-free when dumping free space (bsc#1116862). - Btrfs: fix warning when replaying log after fsync of a tmpfile (bsc#1116692). - Btrfs: fix wrong dentries after fsync of file that got its parent replaced (bsc#1116693). - Btrfs: handle errors while updating refcounts in update_ref_for_cow (Git-fixes bsc#1109915). - Btrfs: make sure we create all new block groups (bsc#1116699). - Btrfs: protect space cache inode alloc with GFP_NOFS (bsc#1116863). - Btrfs: send, fix infinite loop due to directory rename dependencies (bsc#1118138). - cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) (bsc#1051510). - can: dev: __can_get_echo_skb(): Do not crash the kernel if can_priv::echo_skb is accessed out of bounds (bsc#1051510). - can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() (bsc#1051510). - can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb (bsc#1051510). - can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length (bsc#1051510). - can: hi311x: Use level-triggered interrupt (bsc#1051510). - can: raw: check for CAN FD capable netdev in raw_sendmsg() (bsc#1051510). - can: rcar_can: Fix erroneous registration (bsc#1051510). - can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions (bsc#1051510). - cdc-acm: correct counting of UART states in serial state notification (bsc#1051510). - cdc-acm: do not reset notification buffer index upon urb unlinking (bsc#1051510). - cdc-acm: fix race between reset and control messaging (bsc#1051510). - ceph: avoid a use-after-free in ceph_destroy_options() (bsc#1111983). - ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839). - ceph: quota: fix null pointer dereference in quota check (bsc#1114839). - cfg80211: Address some corner cases in scan result channel updating (bsc#1051510). - cfg80211: fix use-after-free in reg_process_hint() (bsc#1051510). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902). - cifs: fix memory leak in SMB2_open() (bsc#1112894). - cifs: Fix use after free of a mid_q_entry (bsc#1112903). - clk: at91: Fix division by zero in PLL recalc_rate() (bsc#1051510). - clk: fixed-factor: fix of_node_get-put imbalance (bsc#1051510). - clk: fixed-rate: fix of_node_get-put imbalance (bsc#1051510). - clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk (bsc#1051510). - clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call (bsc#1051510). - clk: s2mps11: Add used attribute to s2mps11_dt_match (bsc#1051510). - clk: s2mps11: Fix matching when built as module and DT node contains compatible (bsc#1051510). - clk: samsung: exynos5420: Enable PERIS clocks for suspend (bsc#1051510). - clk: x86: add 'ether_clk' alias for Bay Trail / Cherry Trail (bsc#1051510). - clk: x86: Stop marking clocks as CLK_IS_CRITICAL (bsc#1051510). - clockevents/drivers/i8253: Add support for PIT shutdown quirk (bsc#1051510). - clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs (bsc#1051510). - clocksource/drivers/timer-atmel-pit: Properly handle error cases (bsc#1051510). - coda: fix 'kernel memory exposure attempt' in fsync (bsc#1051510). - configfs: replace strncpy with memcpy (bsc#1051510). - crypto: caam - fix implicit casts in endianness helpers (bsc#1051510). - crypto: chelsio - Fix memory corruption in DMA Mapped buffers (bsc#1051510). - crypto: lrw - Fix out-of bounds access on counter overflow (bsc#1051510). - crypto: simd - correctly take reqsize of wrapped skcipher into account (bsc#1051510). - crypto: tcrypt - fix ghash-generic speed test (bsc#1051510). - dax: Fix deadlock in dax_lock_mapping_entry() (bsc#1109951). - debugobjects: Make stack check warning more informative (bsc#1051510). - Documentation/l1tf: Fix small spelling typo (bsc#1051510). - Documentation/l1tf: Fix typos (bsc#1051510). - Documentation/l1tf: Remove Yonah processors from not vulnerable list (bsc#1051510). - do d_instantiate/unlock_new_inode combinations safely (git-fixes). - Do not leak MNT_INTERNAL away from internal mounts (git-fixes). - driver/dma/ioat: Call del_timer_sync() without holding prep_lock (bsc#1051510). - drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type (bsc#1051510). - drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 (bsc#1051510). - drm/amdgpu: Fix vce work queue was not cancelled when suspend (bsc#1106110) - drm/amdgpu/powerplay: fix missing break in switch statements (bsc#1113722) - drm/ast: change resolution may cause screen blurred (boo#1112963). - drm/ast: fixed cursor may disappear sometimes (bsc#1051510). - drm/ast: Fix incorrect free on ioregs (bsc#1051510). - drm/ast: Remove existing framebuffers before loading driver (boo#1112963) - drm/dp_mst: Check if primary mstb is null (bsc#1051510). - drm/dp_mst: Skip validating ports during destruction, just ref (bsc#1051510). - drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510). - drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl (bsc#1113722) - drm/edid: VSDB yCBCr420 Deep Color mode bit definitions (bsc#1051510). - drm: fb-helper: Reject all pixel format changing requests (bsc#1113722) - drm/hisilicon: hibmc: Do not carry error code in HiBMC framebuffer (bsc#1113722) - drm/hisilicon: hibmc: Do not overwrite fb helper surface depth (bsc#1113722) - drm/i915/audio: Hook up component bindings even if displays are (bsc#1113722) - drm/i915: Do not oops during modeset shutdown after lpe audio deinit (bsc#1051510). - drm/i915: Do not unset intel_connector->mst_port (bsc#1051510). - drm/i915/dp: Link train Fallback on eDP only if fallback link BW can fit panel's native mode (bsc#1051510). - drm/i915/execlists: Force write serialisation into context image vs execution (bsc#1051510). - drm/i915: Fix ilk+ watermarks when disabling pipes (bsc#1051510). - drm/i915/gen9+: Fix initial readout for Y tiled framebuffers (bsc#1113722) - drm/i915/glk: Add Quirk for GLK NUC HDMI port issues (bsc#1051510). - drm/i915/glk: Remove 99% limitation (bsc#1051510). - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bsc#1051510). - drm/i915: Large page offsets for pread/pwrite (bsc#1051510). - drm/i915: Mark pin flags as u64 (bsc#1051510). - drm/i915: Restore vblank interrupts earlier (bsc#1051510). - drm/i915: Skip vcpi allocation for MSTB ports that are gone (bsc#1051510). - drm/i915: Write GPU relocs harder with gen3 (bsc#1051510). - drm: mali-dp: Call drm_crtc_vblank_reset on device init (bsc#1051510). - drm/mediatek: fix OF sibling-node lookup (bsc#1106110) - drm/meson: add support for 1080p25 mode (bsc#1051510). - drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config (bsc#1051510). - drm/meson: Fix OOB memory accesses in meson_viu_set_osd_lut() (bsc#1051510). - drm/msm: fix OF child-node lookup (bsc#1106110) - drm/nouveau: Check backlight IDs are >= 0, not > 0 (bsc#1051510). - drm/nouveau: Do not disable polling in fallback mode (bsc#1103356). - drm/omap: fix memory barrier bug in DMM driver (bsc#1051510). - drm/rockchip: Allow driver to be shutdown on reboot/kexec (bsc#1051510). - drm/sti: do not remove the drm_bridge that was never added (bsc#1100132) - drm/sun4i: Fix an ulong overflow in the dotclock driver (bsc#1106110) - drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset() (bsc#1113722) - e1000: check on netif_running() before calling e1000_up() (bsc#1051510). - e1000: ensure to free old tx/rx rings in set_ringparam() (bsc#1051510). - EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting (bsc#1114279). - EDAC: Raise the maximum number of memory controllers (bsc#1113780). - EDAC, skx_edac: Fix logical channel intermediate decoding (bsc#1114279). - EDAC, thunderx: Fix memory leak in thunderx_l2c_threaded_isr() (bsc#1114279). - eeprom: at24: change nvmem stride to 1 (bsc#1051510). - eeprom: at24: check at24_read/write arguments (bsc#1051510). - eeprom: at24: correctly set the size for at24mac402 (bsc#1051510). - Enable LSPCON instead of blindly disabling HDMI - enic: do not call enic_change_mtu in enic_probe (bsc#1051510). - enic: handle mtu change for vf properly (bsc#1051510). - enic: initialize enic->rfs_h.lock in enic_probe (bsc#1051510). - ethtool: fix a privilege escalation bug (bsc#1076830). - ext2, dax: set ext2_dax_aops for dax files (bsc#1112554). - ext4: add missing brelse() add_new_gdb_meta_bg()'s error path (bsc#1117795). - ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path (bsc#1117794). - ext4: add missing brelse() update_backups()'s error path (bsc#1117796). - ext4: avoid arithemetic overflow that can trigger a BUG (bsc#1112736). - ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802). - ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty() (bsc#1117801). - ext4: avoid divide by zero fault when deleting corrupted inline directories (bsc#1112735). - ext4: avoid potential extra brelse in setup_new_flex_group_blocks() (bsc#1117792). - ext4: check for NUL characters in extended attribute's name (bsc#1112732). - ext4: check to make sure the rename(2)'s destination is not freed (bsc#1112734). - ext4: do not mark mmp buffer head dirty (bsc#1112743). - ext4: fix buffer leak in __ext4_read_dirblock() on error path (bsc#1117807). - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806). - ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing (bsc#1117798). - ext4: fix online resize's handling of a too-small final block group (bsc#1112739). - ext4: fix online resizing for bigalloc file systems with a 1k block size (bsc#1112740). - ext4: fix possible inode leak in the retry loop of ext4_resize_fs() (bsc#1117799). - ext4: fix possible leak of sbi->s_group_desc_leak in error path (bsc#1117803). - ext4: fix possible leak of s_journal_flag_rwsem in error path (bsc#1117804). - ext4: fix setattr project check in fssetxattr ioctl (bsc#1117789). - ext4: fix spectre gadget in ext4_mb_regular_allocator() (bsc#1112733). - ext4: fix use-after-free race in ext4_remount()'s error path (bsc#1117791). - ext4: initialize retries variable in ext4_da_write_inline_data_begin() (bsc#1117788). - ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR (bsc#1117790). - ext4: recalucate superblock checksum after updating free blocks/inodes (bsc#1112738). - ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805). - ext4: reset error code in ext4_find_entry in fallback (bsc#1112731). - ext4: show test_dummy_encryption mount option in /proc/mounts (bsc#1112741). - fbdev: fix broken menu dependencies (bsc#1113722) - fbdev/omapfb: fix omapfb_memory_read infoleak (bsc#1051510). - firmware: dcdbas: Add support for WSMT ACPI table (bsc#1089350 ). - firmware: dcdbas: include linux/io.h (bsc#1089350). - Fix kABI for 'Ensure we commit after writeback is complete' (bsc#1111809). - floppy: fix race condition in __floppy_read_block_0() (bsc#1051510). - flow_dissector: do not dissect l4 ports for fragments (networking-stable-18_11_21). - fscache: fix race between enablement and dropping of object (bsc#1107385). - fs: dcache: Avoid livelock between d_alloc_parallel and __d_add (git-fixes). - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() (git-fixes). - fs: dcache: Use READ_ONCE when accessing i_dir_seq (git-fixes). - fs: Make extension of struct super_block transparent (bsc#1117822). - fsnotify: Fix busy inodes during unmount (bsc#1117822). - fsnotify: fix ignore mask logic in fsnotify() (bsc#1115074). - fs/quota: Fix spectre gadget in do_quotactl (bsc#1112745). - ftrace: Fix debug preempt config name in stack_tracer_{en,dis}able (bsc#1117172). - ftrace: Fix kmemleak in unregister_ftrace_graph (bsc#1117181). - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bsc#1117174). - ftrace: Remove incorrect setting of glob search field (bsc#1117184). - genirq: Fix race on spurious interrupt detection (bsc#1051510). - getname_kernel() needs to make sure that ->name != ->iname in long case (git-fixes). - gpio: do not free unallocated ida on gpiochip_add_data_with_key() error path (bsc#1051510). - grace: replace BUG_ON by WARN_ONCE in exit_net hook (git-fixes). - gso_segment: Reset skb->mac_len after modifying network header (networking-stable-18_09_24). - hfsplus: do not return 0 when fill_super() failed (bsc#1051510). - hfsplus: stop workqueue when fill_super() failed (bsc#1051510). - hfs: prevent crash on exit from failed search (bsc#1051510). - HID: hiddev: fix potential Spectre v1 (bsc#1051510). - HID: hid-sensor-hub: Force logical minimum to 1 for power and report state (bsc#1051510). - HID: quirks: fix support for Apple Magic Keyboards (bsc#1051510). - HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report (bsc#1051510). - HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges (bsc#1051510). - hv: avoid crash in vmbus sysfs files (bnc#1108377). - hv_netvsc: fix schedule in RCU context (). - hv_netvsc: ignore devices that are not PCI (networking-stable-18_09_11). - hwmon: (core) Fix double-free in __hwmon_device_register() (bsc#1051510). - hwmon: (ibmpowernv) Remove bogus __init annotations (bsc#1051510). - hwmon: (ina2xx) Fix current value calculation (bsc#1051510). - hwmon (ina2xx) Fix NULL id pointer in probe() (bsc#1051510). - hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510). - hwmon: (pmbus) Fix page count auto-detection (bsc#1051510). - hwmon: (pwm-fan) Set fan speed to 0 on suspend (bsc#1051510). - hwmon: (raspberrypi) Fix initial notify (bsc#1051510). - hwmon: (w83795) temp4_type has writable permission (bsc#1051510). - hwrng: core - document the quality field (bsc#1051510). - hypfs_kill_super(): deal with failed allocations (bsc#1051510). - i2c: i2c-scmi: fix for i2c_smbus_write_block_data (bsc#1051510). - i2c: rcar: cleanup DMA for all kinds of failure (bsc#1051510). - ibmvnic: fix accelerated VLAN handling (). - ibmvnic: fix index in release_rx_pools (bsc#1115440, bsc#1115433). - ibmvnic: remove ndo_poll_controller (). - ibmvnic: Update driver queues after change in ring size support (). - iio: accel: adxl345: convert address field usage in iio_chan_spec (bsc#1051510). - iio: ad5064: Fix regulator handling (bsc#1051510). - iio: adc: at91: fix acking DRDY irq on simple conversions (bsc#1051510). - iio: adc: at91: fix wrong channel number in triggered buffer mode (bsc#1051510). - iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs() (bsc#1051510). - iio:st_magn: Fix enable device after trigger (bsc#1051510). - ima: fix showing large 'violations' or 'runtime_measurements_count' (bsc#1051510). - include/linux/pfn_t.h: force '~' to be parsed as an unary operator (bsc#1051510). - inet: make sure to grab rcu_read_lock before using ireq->ireq_opt (networking-stable-18_10_16). - Input: atakbd - fix Atari CapsLock behaviour (bsc#1051510). - Input: atakbd - fix Atari keymap (bsc#1051510). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bsc#1051510). - Input: synaptics - avoid using uninitialized variable when probing (bsc#1051510). - Input: xpad - add PDP device id 0x02a4 (bsc#1051510). - Input: xpad - add support for Xbox1 PDP Camo series gamepad (bsc#1051510). - Input: xpad - avoid using __set_bit() for capabilities (bsc#1051510). - Input: xpad - fix some coding style issues (bsc#1051510). - intel_th: pci: Add Ice Lake PCH support (bsc#1051510). - iommu/arm-smmu: Ensure that page-table updates are visible before TLBI (bsc#1106237). - iommu/arm-smmu: Error out only if not enough context interrupts (bsc#1106237). - iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105). - iommu/vt-d: Add definitions for PFSID (bsc#1106237). - iommu/vt-d: Fix dev iotlb pfsid use (bsc#1106237). - iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() (bsc#1106105). - iommu/vt-d: Fix scatterlist offset handling (bsc#1106237). - iommu/vt-d: Use memunmap to free memremap (bsc#1106105). - ip6_tunnel: be careful when accessing the inner header (networking-stable-18_10_16). - ip6_tunnel: Fix encapsulation layout (networking-stable-18_11_02). - ip6_vti: fix a null pointer deference when destroy vti6 tunnel (networking-stable-18_09_11). - ipmi: Fix timer race with module unload (bsc#1051510). - ip_tunnel: be careful when accessing the inner header (networking-stable-18_10_16). - ip_tunnel: do not force DF when MTU is locked (networking-stable-18_11_21). - ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu (networking-stable-18_11_21). - ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state (networking-stable-18_09_11). - ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF (networking-stable-18_11_21). - ipv6: fix possible use-after-free in ip6_xmit() (networking-stable-18_09_24). - ipv6: mcast: fix a use-after-free in inet6_mc_check (networking-stable-18_11_02). - ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called (networking-stable-18_11_02). - ipv6: take rcu lock in rawv6_send_hdrinc() (networking-stable-18_10_16). - iwlwifi: dbg: allow wrt collection before ALIVE (bsc#1051510). - iwlwifi: dbg: do not crash if the firmware crashes in the middle of a debug dump (bsc#1051510). - iwlwifi: do not WARN on trying to dump dead firmware (bsc#1051510). - iwlwifi: mvm: Allow TKIP for AP mode (bsc#1051510). - iwlwifi: mvm: check for n_profiles validity in EWRD ACPI (bsc#1051510). - iwlwifi: mvm: check for short GI only for OFDM (bsc#1051510). - iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() (bsc#1051510). - iwlwifi: mvm: clear HW_RESTART_REQUESTED when stopping the interface (bsc#1051510). - iwlwifi: mvm: do not use SAR Geo if basic SAR is not used (bsc#1051510). - iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510). - iwlwifi: mvm: fix regulatory domain update when the firmware starts (bsc#1051510). - iwlwifi: mvm: open BA session only when sta is authorized (bsc#1051510). - iwlwifi: mvm: send BCAST management frames to the right station (bsc#1051510). - iwlwifi: mvm: support sta_statistics() even on older firmware (bsc#1051510). - iwlwifi: pcie: avoid empty free RB queue (bsc#1051510). - iwlwifi: pcie: gen2: build A-MSDU only for GSO (bsc#1051510). - iwlwifi: pcie gen2: check iwl_pcie_gen2_set_tb() return value (bsc#1051510). - jbd2: fix use after free in jbd2_log_do_checkpoint() (bsc#1113257). - KABI fix for 'NFSv4.1: Fix up replays of interrupted requests' (git-fixes). - kABI: Hide get_msr_feature() in kvm_x86_ops (bsc#1106240). - KABI: hide new member in struct iommu_table from genksyms (bsc#1061840). - KABI: mask raw in struct bpf_reg_state (bsc#1083647). - KABI: powerpc: export __find_linux_pte as __find_linux_pte_or_hugepte (bsc#1061840). - KABI: powerpc: Revert npu callback signature change (bsc#1055120). - KABI: protect struct fib_nh_exception (kabi). - KABI: protect struct rtable (kabi). - KABI/severities: ignore __xive_vm_h_* KVM internal symbols. - Kbuild: fix # escaping in .cmd files for future Make (git-fixes). - kbuild: fix kernel/bounds.c 'W=1' warning (bsc#1051510). - kbuild: move '_all' target out of $(KBUILD_SRC) conditional (bsc#1114279). - kernfs: update comment about kernfs_path() return value (bsc#1051510). - kgdboc: Passing ekgdboc to command line causes panic (bsc#1051510). - kprobes/x86: Fix %p uses in error messages (bsc#1110006). - KVM: arm/arm64: Introduce vcpu_el1_is_32bit (bsc#1110998). - KVM: Make VM ioctl do valloc for some archs (bsc#1111506). - KVM: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240). - KVM: nVMX: move check_vmentry_postreqs() call to nested_vmx_enter_non_root_mode() (bsc#1106240). - KVM: PPC: Add pt_regs into kvm_vcpu_arch and move vcpu->arch.gpr[] into it (bsc#1061840). - KVM: PPC: Avoid marking DMA-mapped pages dirty in real mode (bsc#1061840). - KVM: PPC: Book3S: Add MMIO emulation for VMX instructions (bsc#1061840). - KVM: PPC: Book3S: Allow backing bigger guest IOMMU pages with smaller physical pages (bsc#1061840). - KVM: PPC: Book3S: Check KVM_CREATE_SPAPR_TCE_64 parameters (bsc#1061840). - KVM: PPC: Book3S: Eliminate some unnecessary checks (bsc#1061840). - KVM: PPC: Book3S: Fix compile error that occurs with some gcc versions (bsc#1061840). - KVM: PPC: Book3S: Fix matching of hardware and emulated TCE tables (bsc#1061840). - KVM: PPC: Book3S HV: Add of_node_put() in success path (bsc#1061840). - KVM: PPC: Book3S HV: Add 'online' register to ONE_REG interface (bsc#1061840). - KVM: PPC: Book3S HV: Allow creating max number of VCPUs on POWER9 (bsc#1061840). - KVM: PPC: Book3S HV: Allow HPT and radix on the same core for POWER9 v2.2 (bsc#1061840). - KVM: PPC: Book3S HV: Avoid crash from THP collapse during radix page fault (bsc#1061840). - KVM: PPC: Book3S HV: Avoid shifts by negative amounts (bsc#1061840). - KVM: PPC: Book3S HV: Check DR not IR to chose real vs virt mode MMIOs (bsc#1061840). - KVM: PPC: Book3S HV: Do not truncate HPTE index in xlate function (bsc#1061840). - KVM: PPC: Book3S HV: Do not use compound_order to determine host mapping size (bsc#1061840). - KVM: PPC: Book3S HV: Do not use existing 'prodded' flag for XIVE escalations (bsc#1061840). - KVM: PPC: Book 3S HV: Do ptesync in radix guest exit path (bsc#1061840). - KVM: PPC: Book3S HV: Do SLB load/unload with guest LPCR value loaded (bsc#1061840). - KVM: PPC: Book3S HV: Enable migration of decrementer register (bsc#1061840). - KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm (bsc#1061840). - KVM: PPC: Book3S HV: Fix conditions for starting vcpu (bsc#1061840). - KVM: PPC: Book3S HV: Fix constant size warning (bsc#1061840). - KVM: PPC: Book3S HV: Fix duplication of host SLB entries (bsc#1061840). - KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds (bsc#1061840). - KVM: PPC: Book3S HV: Fix handling of large pages in radix page fault handler (bsc#1061840). - KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing code (bsc#1061840). - KVM: PPC: Book3S HV: Fix inaccurate comment (bsc#1061840). - KVM: PPC: Book3S HV: Fix kvmppc_bad_host_intr for real mode interrupts (bsc#1061840). - KVM: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry (bsc#1061840). - KVM: PPC: Book3S HV: Fix typo in kvmppc_hv_get_dirty_log_radix() (bsc#1061840). - KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing (bsc#1061840). - KVM: PPC: Book3S HV: Handle 1GB pages in radix page fault handler (bsc#1061840). - KVM: PPC: Book3S HV: Improve handling of debug-trigger HMIs on POWER9 (bsc#1061840). - KVM: PPC: Book3S HV: Keep XIVE escalation interrupt masked unless ceded (bsc#1061840). - KVM: PPC: Book3S HV: Lockless tlbie for HPT hcalls (bsc#1061840). - KVM: PPC: Book3S HV: Make HPT resizing work on POWER9 (bsc#1061840). - KVM: PPC: Book3S HV: Make radix clear pte when unmapping (bsc#1061840). - KVM: PPC: Book3S HV: Make radix use correct tlbie sequence in kvmppc_radix_tlbie_page (bsc#1061840). - KVM: PPC: Book3S HV: Make xive_pushed a byte, not a word (bsc#1061840). - KVM: PPC: Book3S HV: Pack VCORE IDs to access full VCPU ID space (bsc#1061840). - KVM: PPC: Book3S HV: radix: Do not clear partition PTE when RC or write bits do not match (bsc#1061840). - KVM: PPC: Book3S HV: Radix page fault handler optimizations (bsc#1061840). - KVM: PPC: Book3S HV: radix: Refine IO region partition scope attributes (bsc#1061840). - KVM: PPC: Book3S HV: Read kvm->arch.emul_smt_mode under kvm->lock (bsc#1061840). - KVM: PPC: Book3S HV: Recursively unmap all page table entries when unmapping (bsc#1061840). - KVM: PPC: Book3S HV: Remove useless statement (bsc#1061840). - KVM: PPC: Book3S HV: Remove vcpu->arch.dec usage (bsc#1061840). - KVM: PPC: Book3S HV: Send kvmppc_bad_interrupt NMIs to Linux handlers (bsc#1061840). - KVM: PPC: Book3S HV: Set RWMR on POWER8 so PURR/SPURR count correctly (bsc#1061840). - KVM: PPC: Book3S HV: Snapshot timebase offset on guest entry (bsc#1061840). - KVM: PPC: Book3S HV: Streamline setting of reference and change bits (bsc#1061840). - KVM: PPC: Book3S HV: Use a helper to unmap ptes in the radix fault path (bsc#1061840). - KVM: PPC: Book3S HV: Use __gfn_to_pfn_memslot() in page fault handler (bsc#1061840). - KVM: PPC: Book3S HV: XIVE: Resend re-routed interrupts on CPU priority change (bsc#1061840). - KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm() (bsc#1061840). - KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file (bsc#1061840). - KVM: PPC: Book3S: Use correct page shift in H_STUFF_TCE (bsc#1061840). - KVM: PPC: Fix a mmio_host_swabbed uninitialized usage issue (bsc#1061840). - KVM: PPC: Make iommu_table::it_userspace big endian (bsc#1061840). - KVM: PPC: Move nip/ctr/lr/xer registers to pt_regs in kvm_vcpu_arch (bsc#1061840). - KVM: PPC: Use seq_puts() in kvmppc_exit_timing_show() (bsc#1061840). - KVM: s390: vsie: copy wrapping keys to right place (git-fixes). - KVM: SVM: Add MSR-based feature support for serializing LFENCE (bsc#1106240). - KVM: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb (bsc#1114279). - KVM: VMX: re-add ple_gap module parameter (bsc#1106240). - KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR (bsc#1106240). - KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry (bsc#1106240). - KVM: x86: Add a framework for supporting MSR-based features (bsc#1106240). - KVM: x86: define SVM/VMX specific kvm_arch_[alloc|free]_vm (bsc#1111506). - KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall (bsc#1106240). - KVM: X86: Introduce kvm_get_msr_feature() (bsc#1106240). - KVM/x86: kABI fix for vm_alloc/vm_free changes (bsc#1111506). - KVM: x86: Set highest physical address bits in non-present/reserved SPTEs (bsc#1106240). - libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839). - libceph: fall back to sendmsg for slab pages (bsc#1118316). - libertas: call into generic suspend code before turning off power (bsc#1051510). - libertas: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510). - libnvdimm, badrange: remove a WARN for list_empty (bsc#1112128). - libnvdimm, dimm: Maximize label transfer size (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm: Hold reference on parent while scheduling async init (bsc#1116891). - libnvdimm: Introduce locked DIMM capacity support (bsc#1112128). - libnvdimm, label: change nvdimm_num_label_slots per UEFI 2.7 (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm, label: Fix sparse warning (bsc#1111921, bsc#1113408, bsc#1113972). - libnvdimm: move poison list functions to a new 'badrange' file (bsc#1112128). - libnvdimm/nfit_test: add firmware download emulation (bsc#1112128). - libnvdimm/nfit_test: adding support for unit testing enable LSS status (bsc#1112128). - libnvdimm, region: Fail badblocks listing for inactive regions (bsc#1116899). - libnvdimm, testing: Add emulation for smart injection commands (bsc#1112128). - libnvdimm, testing: update the default smart ctrl_temperature (bsc#1112128). - lib/ubsan: add type mismatch handler for new GCC/Clang (bsc#1051510). - lib/ubsan.c: s/missaligned/misaligned/ (bsc#1051510). - livepatch: create and include UAPI headers (). - llc: set SOCK_RCU_FREE in llc_sap_add_socket() (networking-stable-18_11_02). - lockd: fix 'list_add double add' caused by legacy signal interface (git-fixes). - loop: add recursion validation to LOOP_CHANGE_FD (bsc#1112711). - loop: do not call into filesystem while holding lo_ctl_mutex (bsc#1112710). - loop: fix LOOP_GET_STATUS lock imbalance (bsc#1113284). - mac80211: Always report TX status (bsc#1051510). - mac80211: fix TX status reporting for ieee80211s (bsc#1051510). - mac80211_hwsim: do not omit multicast announce of first added radio (bsc#1051510). - mac80211: minstrel: fix using short preamble CCK rates on HT clients (bsc#1051510). - mac80211: TDLS: fix skb queue/priority assignment (bsc#1051510). - mach64: detect the dot clock divider correctly on sparc (bsc#1051510). - mach64: fix display corruption on big endian machines (bsc#1113722) - mach64: fix image corruption due to reading accelerator registers (bsc#1113722) - mailbox: PCC: handle parse error (bsc#1051510). - make sure that __dentry_kill() always invalidates d_seq, unhashed or not (git-fixes). - md: allow metadata updates while suspending an array - fix (git-fixes). - MD: fix invalid stored role for a disk - try2 (git-fixes). - md: fix NULL dereference of mddev->pers in remove_and_add_spares() (git-fixes). - md/raid10: fix that replacement cannot complete recovery after reassemble (git-fixes). - md/raid1: add error handling of read error from FailFast device (git-fixes). - md/raid5-cache: disable reshape completely (git-fixes). - md/raid5: fix data corruption of replacements after originals dropped (git-fixes). - media: af9035: prevent buffer overflow on write (bsc#1051510). - media: cx231xx: fix potential sign-extension overflow on large shift (bsc#1051510). - media: dvb: fix compat ioctl translation (bsc#1051510). - media: em28xx: fix input name for Terratec AV 350 (bsc#1051510). - media: em28xx: use a default format if TRY_FMT fails (bsc#1051510). - media: pci: cx23885: handle adding to list failure (bsc#1051510). - media: tvp5150: avoid going past array on v4l2_querymenu() (bsc#1051510). - media: tvp5150: fix switch exit in set control handler (bsc#1051510). - media: tvp5150: fix width alignment during set_selection() (bsc#1051510). - media: uvcvideo: Fix uvc_alloc_entity() allocation alignment (bsc#1051510). - media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD (bsc#1051510). - media: vsp1: Fix YCbCr planar formats pitch calculation (bsc#1051510). - memory_hotplug: cond_resched in __remove_pages (bnc#1114178). - mfd: arizona: Correct calling of runtime_put_sync (bsc#1051510). - mfd: menelaus: Fix possible race condition and leak (bsc#1051510). - mfd: omap-usb-host: Fix dts probe of children (bsc#1051510). - mlxsw: spectrum: Fix IP2ME CPU policer configuration (networking-stable-18_11_21). - mmc: block: avoid multiblock reads for the last sector in SPI mode (bsc#1051510). - mmc: dw_mmc-rockchip: correct property names in debug (bsc#1051510). - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 (bsc#1051510). - mm: handle no memcg case in memcg_kmem_charge() properly (bnc#1113677). - mm/migrate: Use spin_trylock() while resetting rate limit (). - mm: /proc/pid/pagemap: hide swap entries from unprivileged users (Git-fixes bsc#1109907). - mm: rework memcg kernel stack accounting (bnc#1113677). - modpost: ignore livepatch unresolved relocations (). - mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts (bsc#1117819). - mount: Prevent MNT_DETACH from disconnecting locked mounts (bsc#1117820). - mount: Retest MNT_LOCKED in do_umount (bsc#1117818). - move changes without Git-commit out of sorted section - neighbour: confirm neigh entries when ARP packet is received (networking-stable-18_09_24). - net/af_iucv: drop inbound packets with invalid flags (bnc#1113501, LTC#172679). - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1113501, LTC#172679). - net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT (networking-stable-18_09_24). - net: aquantia: memory corruption on jumbo frames (networking-stable-18_10_16). - net: bcmgenet: Poll internal PHY for GENETv5 (networking-stable-18_11_02). - net: bcmgenet: protect stop from timeout (networking-stable-18_11_21). - net: bcmgenet: use MAC link status for fixed phy (networking-stable-18_09_11). - net: bridge: remove ipv6 zero address check in mcast queries (git-fixes). - net: dsa: bcm_sf2: Call setup during switch resume (networking-stable-18_10_16). - net: dsa: bcm_sf2: Fix unbind ordering (networking-stable-18_10_16). - net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1111696 bsc#1117561). - net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1111696 bsc#1117561). - net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1111696 bsc#1117561). - net: ena: complete host info to match latest ENA spec (bsc#1111696 bsc#1117561). - net: ena: enable Low Latency Queues (bsc#1111696 bsc#1117561). - net: ena: explicit casting and initialization, and clearer error handling (bsc#1111696 bsc#1117561). - net: ena: fix auto casting to boolean (bsc#1111696 bsc#1117561). - net: ena: fix compilation error in xtensa architecture (bsc#1111696 bsc#1117561). - net: ena: fix crash during failed resume from hibernation (bsc#1111696 bsc#1117561). - net: ena: fix indentations in ena_defs for better readability (bsc#1111696 bsc#1117561). - net: ena: Fix Kconfig dependency on X86 (bsc#1111696 bsc#1117561). - net: ena: fix NULL dereference due to untimely napi initialization (bsc#1111696 bsc#1117561). - net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1111696 bsc#1117561). - net: ena: fix warning in rmmod caused by double iounmap (bsc#1111696 bsc#1117561). - net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1111696 bsc#1117561). - net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1111696 bsc#1117561). - net: ena: minor performance improvement (bsc#1111696 bsc#1117561). - net: ena: remove ndo_poll_controller (bsc#1111696 bsc#1117561). - net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1111696 bsc#1117561). - net: ena: update driver version to 2.0.1 (bsc#1111696 bsc#1117561). - net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1111696 bsc#1117561). - net: fec: do not dump RX FIFO register when not available (networking-stable-18_11_02). - net-gro: reset skb->pkt_type in napi_reuse_skb() (networking-stable-18_11_21). - net: hns: fix for unmapping problem when SMMU is on (networking-stable-18_10_16). - net: hp100: fix always-true check for link up state (networking-stable-18_09_24). - net: ibm: fix return type of ndo_start_xmit function (). - net/ibmnvic: Fix deadlock problem in reset (). - net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431). - net: ipmr: fix unresolved entry dumps (networking-stable-18_11_02). - net: ipv4: do not let PMTU updates increase route MTU (git-fixes). - net/ipv6: Display all addresses in output of /proc/net/if_inet6 (networking-stable-18_10_16). - net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs (networking-stable-18_11_02). - netlabel: check for IPV4MASK in addrinfo_get (networking-stable-18_10_16). - net: macb: do not disable MDIO bus at open/close time (networking-stable-18_09_11). - net/mlx5: Check for error in mlx5_attach_interface (networking-stable-18_09_18). - net/mlx5e: Fix selftest for small MTUs (networking-stable-18_11_21). - net/mlx5e: Set vlan masks for all offloaded TC rules (networking-stable-18_10_16). - net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables (networking-stable-18_09_18). - net/mlx5: E-Switch, Fix out of bound access when setting vport rate (networking-stable-18_10_16). - net/mlx5: Fix debugfs cleanup in the device init/remove flow (networking-stable-18_09_18). - net/mlx5: Fix use-after-free in self-healing flow (networking-stable-18_09_18). - net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type (networking-stable-18_11_02). - net: mvpp2: Extract the correct ethtype from the skb for tx csum offload (networking-stable-18_10_16). - net: mvpp2: fix a txq_done race condition (networking-stable-18_10_16). - net/packet: fix packet drop as of virtio gso (networking-stable-18_10_16). - net: phy: mdio-gpio: Fix working over slow can_sleep GPIOs (networking-stable-18_11_21). - net: qca_spi: Fix race condition in spi transfers (networking-stable-18_09_18). - net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510). - net: sched: action_ife: take reference to meta module (networking-stable-18_09_11). - net/sched: act_pedit: fix dump of extended layered op (networking-stable-18_09_11). - net/sched: act_sample: fix NULL dereference in the data path (networking-stable-18_09_24). - net: sched: Fix for duplicate class dump (networking-stable-18_11_02). - net: sched: Fix memory exposure from short TCA_U32_SEL (networking-stable-18_09_11). - net: sched: gred: pass the right attribute to gred_change_table_def() (networking-stable-18_11_02). - net: smsc95xx: Fix MTU range (networking-stable-18_11_21). - net: socket: fix a missing-check bug (networking-stable-18_11_02). - net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules (networking-stable-18_11_02). - net: stmmac: Fixup the tail addr setting in xmit path (networking-stable-18_10_16). - net: systemport: Fix wake-up interrupt race during resume (networking-stable-18_10_16). - net: systemport: Protect stop from timeout (networking-stable-18_11_21). - net: udp: fix handling of CHECKSUM_COMPLETE packets (networking-stable-18_11_02). - net/usb: cancel pending work when unbinding smsc75xx (networking-stable-18_10_16). - NFC: nfcmrvl_uart: fix OF child-node lookup (bsc#1051510). - nfit_test: add error injection DSMs (bsc#1112128). - nfit_test: fix buffer overrun, add sanity check (bsc#1112128). - nfit_test: improve structure offset handling (bsc#1112128). - nfit_test: prevent parsing error of nfit_test.0 (bsc#1112128). - nfit_test: when clearing poison, also remove badrange entries (bsc#1112128). - nfp: wait for posted reconfigs when disabling the device (networking-stable-18_09_11). - NFS: Avoid quadratic search when freeing delegations (bsc#1084760). - NFS: Avoid RCU usage in tracepoints (git-fixes). - NFS: commit direct writes even if they fail partially (git-fixes). - nfsd4: permit layoutget of executable-only files (git-fixes). - nfsd: check for use of the closed special stateid (git-fixes). - nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0) (git-fixes). - nfsd: deal with revoked delegations appropriately (git-fixes). - nfsd: Ensure we check stateid validity in the seqid operation checks (git-fixes). - nfsd: Fix another OPEN stateid race (git-fixes). - nfsd: fix corrupted reply to badly ordered compound (git-fixes). - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (git-fixes). - nfsd: Fix stateid races between OPEN and CLOSE (git-fixes). - NFS: do not wait on commit in nfs_commit_inode() if there were no commit requests (git-fixes). - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir (git-fixes). - NFS: Ensure we commit after writeback is complete (bsc#1111809). - NFS: Fix an incorrect type in struct nfs_direct_req (git-fixes). - NFS: Fix a typo in nfs_rename() (git-fixes). - NFS: Fix typo in nomigration mount option (git-fixes). - NFS: Fix unstable write completion (git-fixes). - NFSv4.0 fix client reference leak in callback (git-fixes). - NFSv4.1: Fix a potential layoutget/layoutrecall deadlock (git-fixes). - NFSv4.1 fix infinite loop on I/O (git-fixes). - NFSv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY (git-fixes). - NFSv4.1: Fix up replays of interrupted requests (git-fixes). - NFSv4: Fix a typo in nfs41_sequence_process (git-fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT (bsc#1051510). - nospec: Include <asm/barrier.h> dependency (bsc#1114279). - nvdimm: Clarify comment in sizeof_namespace_index (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Remove empty if statement (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Sanity check labeloff (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Split label init out from the logic for getting config data (bsc#1111921, bsc#1113408, bsc#1113972). - nvdimm: Use namespace index data to reduce number of label reads needed (bsc#1111921, bsc#1113408, bsc#1113972). - nvme: Free ctrl device name on init failure (). - ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry (bsc#1117817). - ocfs2: fix locking for res->tracking and dlm->tracking_list (bsc#1117816). - ocfs2: fix ocfs2 read block panic (bsc#1117815). - ocfs2: free up write context when direct IO failed (bsc#1117821). - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (bsc#1117808). - of: add helper to lookup compatible child node (bsc#1106110) - openvswitch: Fix push/pop ethernet validation (networking-stable-18_11_02). - orangefs: fix deadlock; do not write i_size in read_iter (bsc#1051510). - orangefs: initialize op on loop restart in orangefs_devreq_read (bsc#1051510). - orangefs_kill_sb(): deal with allocation failures (bsc#1051510). - orangefs: use list_for_each_entry_safe in purge_waiting_ops (bsc#1051510). - PCI: Add Device IDs for Intel GPU 'spurious interrupt' quirk (bsc#1051510). - PCI/ASPM: Do not initialize link state when aspm_disabled is set (bsc#1051510). - PCI/ASPM: Fix link_state teardown on device removal (bsc#1051510). - PCI: dwc: remove duplicate fix References: bsc#1115269 Patch has been already applied by the following commit: 9f73db8b7c PCI: dwc: Fix enumeration end when reaching root subordinate (bsc#1051510) - PCI: hv: Do not wait forever on a device that has disappeared (bsc#1109806). - PCI: hv: Use effective affinity mask (bsc#1109772). - PCI: imx6: Fix link training status detection in link up check (bsc#1109806). - PCI: iproc: Remove PAXC slot check to allow VF support (bsc#1109806). - PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice (bsc#1051510). - PCI: Reprogram bridge prefetch registers on resume (bsc#1051510). - PCI: vmd: Assign vector zero to all bridges (bsc#1109806). - PCI: vmd: Detach resources after stopping root bus (bsc#1109806). - PCI: vmd: White list for fast interrupt handlers (bsc#1109806). - pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges (bsc#1051510). - percpu: make this_cpu_generic_read() atomic w.r.t. interrupts (bsc#1114279). - perf: fix invalid bit in diagnostic entry (git-fixes). - pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() (bsc#1051510). - pinctrl: meson: fix pinconf bias disable (bsc#1051510). - pinctrl: qcom: spmi-mpp: Fix drive strength setting (bsc#1051510). - pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux (bsc#1051510). - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant (bsc#1051510). - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant (bsc#1051510). - pipe: match pipe_max_size data type with procfs (git-fixes). - platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 (bsc#1051510). - platform/x86: intel_telemetry: report debugfs failure (bsc#1051510). - pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception (git-fixes). - pNFS: Do not release the sequence slot until we've processed layoutget on open (git-fixes). - pNFS: Prevent the layout header refcount going to zero in pnfs_roc() (git-fixes). - powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9 (bsc#1065729). - powerpc/boot: Fix opal console in boot wrapper (bsc#1065729). - powerpc/kvm/booke: Fix altivec related build break (bsc#1061840). - powerpc/kvm: Switch kvm pmd allocator to custom allocator (bsc#1061840). - powerpc/mm: Fix typo in comments (bsc#1065729). - powerpc/mm/hugetlb: initialize the pagetable cache correctly for hugetlb (bsc#1091800). - powerpc/mm/keys: Move pte bits to correct headers (bsc#1078248). - powerpc/mm: Rename find_linux_pte_or_hugepte() (bsc#1061840). - powerpc/npu-dma.c: Fix crash after __mmu_notifier_register failure (bsc#1055120). - powerpc/perf: Update raw-event code encoding comment for power8 (bsc#1065729). - powerpc/powernv: Add indirect levels to it_userspace (bsc#1061840). - powerpc/powernv: Do not select the cpufreq governors (bsc#1065729). - powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage (bsc#1055120). - powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled (bsc#1065729). - powerpc/powernv/ioda2: Reduce upper limit for DMA window size (bsc#1055120). - powerpc/powernv/ioda: Allocate indirect TCE levels on demand (bsc#1061840). - powerpc/powernv/ioda: Finish removing explicit max window size check (bsc#1061840). - powerpc/powernv/ioda: Remove explicit max window size check (bsc#1061840). - powerpc/powernv: Move TCE manupulation code to its own file (bsc#1061840). - powerpc/powernv/npu: Add lock to prevent race in concurrent context init/destroy (bsc#1055120). - powerpc/powernv/npu: Do not explicitly flush nmmu tlb (bsc#1055120). - powerpc/powernv/npu: Fix deadlock in mmio_invalidate() (bsc#1055120). - powerpc/powernv/npu: Prevent overwriting of pnv_npu2_init_contex() callback parameters (bsc#1055120). - powerpc/powernv/npu: Use flush_all_mm() instead of flush_tlb_mm() (bsc#1055120). - powerpc/powernv/pci: Work around races in PCI bridge enabling (bsc#1055120). - powerpc/powernv: Rework TCE level allocation (bsc#1061840). - powerpc/pseries: Fix build break for SPLPAR=n and CPU hotplug (bsc#1079524, git-fixes). - powerpc/pseries: Fix CONFIG_NUMA=n build (bsc#1067906, git-fixes). - powerpc/pseries: Fix DTL buffer registration (bsc#1065729). - powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1065729). - powerpc/pseries: Fix 'OF: ERROR: Bad of_node_put() on /cpus' during DLPAR (bsc#1113295). - powerpc/pseries/mobility: Extend start/stop topology update scope (bsc#1116950, bsc#1115709). - powerpc: pseries: remove dlpar_attach_node dependency on full path (bsc#1113295). - powerpc/xive: Move definition of ESB bits (bsc#1061840). - powerpc/xmon: Add ISA v3.0 SPRs to SPR dump (bsc#1061840). - power: supply: max8998-charger: Fix platform data retrieval (bsc#1051510). - pppoe: fix reception of frames with no mac header (networking-stable-18_09_24). - printk: drop in_nmi check from printk_safe_flush_on_panic() (bsc#1112170). - printk: Fix panic caused by passing log_buf_len to command line (bsc#1117168). - printk/tracing: Do not trace printk_nmi_enter() (bsc#1112208). - provide linux/set_memory.h (bsc#1113295). - ptp: fix Spectre v1 vulnerability (bsc#1051510). - pwm: lpss: Release runtime-pm reference from the driver's remove callback (bsc#1051510). - pxa168fb: prepare the clock (bsc#1051510). - qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface (bsc#1051510). - qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID (bsc#1051510). - qmi_wwan: Support dynamic config on Quectel EP06 (bsc#1051510). - qrtr: add MODULE_ALIAS macro to smd (bsc#1051510). - r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED (bsc#1051510). - r8169: fix NAPI handling under high load (networking-stable-18_11_02). - race of lockd inetaddr notifiers vs nlmsvc_rqst change (git-fixes). - RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 (git-fixes). - random: rate limit unseeded randomness warnings (git-fixes). - rculist: add list_for_each_entry_from_rcu() (bsc#1084760). - rculist: Improve documentation for list_for_each_entry_from_rcu() (bsc#1084760). - rds: fix two RCU related problems (networking-stable-18_09_18). - README: Clean-up trailing whitespace - reiserfs: add check to detect corrupted directory entry (bsc#1109818). - reiserfs: do not panic on bad directory entries (bsc#1109818). - remoteproc: qcom: Fix potential device node leaks (bsc#1051510). - rename a hv patch to reduce conflicts in -AZURE - reset: hisilicon: fix potential NULL pointer dereference (bsc#1051510). - reset: imx7: Fix always writing bits as 0 (bsc#1051510). - resource: Include resource end in walk_*() interfaces (bsc#1114279). - Revert 'ceph: fix dentry leak in splice_dentry()' (bsc#1114839). - Revert 'powerpc/64: Fix checksum folding in csum_add()' (bsc#1065729). - Revert 'rpm/kernel-binary.spec.in: allow unsupported modules for -extra' - Revert 'usb: dwc3: gadget: skip Set/Clear Halt when invalid' (bsc#1051510). - rpmsg: Correct support for MODULE_DEVICE_TABLE() (git-fixes). - rtnetlink: Disallow FDB configuration for non-Ethernet device (networking-stable-18_11_02). - rtnetlink: fix rtnl_fdb_dump() for ndmsg header (networking-stable-18_10_16). - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 (networking-stable-18_10_16). - s390/cpum_sf: Add data entry sizes to sampling trailer entry (git-fixes). - s390/kvm: fix deadlock when killed by oom (bnc#1113501, LTC#172235). - s390/mm: Check for valid vma before zapping in gmap_discard (git-fixes). - s390/mm: correct allocate_pgste proc_handler callback (git-fixes). - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1113501, LTC#172682). - s390/qeth: fix HiperSockets sniffer (bnc#1113501, LTC#172953). - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1113501, LTC#172682). - s390/qeth: handle failure on workqueue creation (git-fixes). - s390/qeth: report 25Gbit link speed (bnc#1113501, LTC#172959). - s390: revert ELF_ET_DYN_BASE base changes (git-fixes). - s390/sclp_tty: enable line mode tty even if there is an ascii console (git-fixes). - s390/sthyi: add cache to store hypervisor info (LTC#160415, bsc#1068273). - s390/sthyi: add s390_sthyi system call (LTC#160415, bsc#1068273). - s390/sthyi: reorganize sthyi implementation (LTC#160415, bsc#1068273). - sched/numa: Limit the conditions where scan period is reset (). - scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246). - scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246). - scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bsc#1114578). - scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1104731). - scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1104731). - scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731). - scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731). - scsi: libsas: remove irq save in sas_ata_qc_issue() (bsc#1114580). - scsi: lpfc: add support to retrieve firmware logs (bsc#1114015). - scsi: lpfc: add Trunking support (bsc#1114015). - scsi: lpfc: Correct errors accessing fw log (bsc#1114015). - scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 (bsc#1114015). - scsi: lpfc: Correct irq handling via locks when taking adapter offline (bsc#1114015). - scsi: lpfc: Correct LCB RJT handling (bsc#1114015). - scsi: lpfc: Correct loss of fc4 type on remote port address change (bsc#1114015). - scsi: lpfc: Correct race with abort on completion path (bsc#1114015). - scsi: lpfc: Correct soft lockup when running mds diagnostics (bsc#1114015). - scsi: lpfc: Correct speeds on SFP swap (bsc#1114015). - scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces (bsc#1114015). - scsi: lpfc: Fix errors in log messages (bsc#1114015). - scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN (bsc#1114015). - scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event (bsc#1114015). - scsi: lpfc: Fix lpfc_sli4_read_config return value check (bsc#1114015). - scsi: lpfc: Fix odd recovery in duplicate FLOGIs in point-to-point (bsc#1114015). - scsi: lpfc: Implement GID_PT on Nameserver query to support faster failover (bsc#1114015). - scsi: lpfc: Raise nvme defaults to support a larger io and more connectivity (bsc#1114015). - scsi: lpfc: raise sg count for nvme to use available sg resources (bsc#1114015). - scsi: lpfc: reduce locking when updating statistics (bsc#1114015). - scsi: lpfc: Remove set but not used variable 'sgl_size' (bsc#1114015). - scsi: lpfc: Reset link or adapter instead of doing infinite nameserver PLOGI retry (bsc#1114015). - scsi: lpfc: Synchronize access to remoteport via rport (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.7 (bsc#1114015). - scsi: lpfc: update driver version to 12.0.0.8 (bsc#1114015). - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1114581). - scsi: scsi_transport_srp: Fix shost to rport translation (bsc#1114582). - scsi: sg: fix minor memory leak in error path (bsc#1114584). - scsi: sysfs: Introduce sysfs_{un,}break_active_protection() (bsc#1114578). - scsi: target: Fix fortify_panic kernel exception (bsc#1114576). - scsi: target/tcm_loop: Avoid that static checkers warn about dead code (bsc#1114577). - scsi: target: tcmu: add read length support (bsc#1097755). - sctp: fix race on sctp_id2asoc (networking-stable-18_11_02). - sctp: fix strchange_flags name for Stream Change Event (networking-stable-18_11_21). - sctp: hold transport before accessing its asoc in sctp_transport_get_next (networking-stable-18_09_11). - sctp: not allow to set asoc prsctp_enable by sockopt (networking-stable-18_11_21). - sctp: not increase stream's incnt before sending addstrm_in request (networking-stable-18_11_21). - sctp: update dst pmtu with the correct daddr (networking-stable-18_10_16). - serial: 8250: Fix clearing FIFOs in RS485 mode again (bsc#1051510). - signal: Properly deliver SIGSEGV from x86 uprobes (bsc#1110006). - skip LAYOUTRETURN if layout is invalid (git-fixes). - smb2: fix missing files in root share directory listing (bsc#1112907). - smb2: fix missing files in root share directory listing (bsc#1112907). - smb3: fill in statfs fsid and correct namelen (bsc#1112905). - smb3: fill in statfs fsid and correct namelen (bsc#1112905). - smb3: fix reset of bytes read and written stats (bsc#1112906). - smb3: fix reset of bytes read and written stats (bsc#1112906). - smb3: on reconnect set PreviousSessionId field (bsc#1112899). - smb3: on reconnect set PreviousSessionId field (bsc#1112899). - soc: fsl: qbman: qman: avoid allocating from non existing gen_pool (bsc#1051510). - soc/tegra: pmc: Fix child-node lookup (bsc#1051510). - soc: ti: QMSS: Fix usage of irq_set_affinity_hint (bsc#1051510). - sound: do not call skl_init_chip() to reset intel skl soc (bsc#1051510). - sound: enable interrupt after dma buffer initialization (bsc#1051510). - spi/bcm63xx-hsspi: keep pll clk enabled (bsc#1051510). - spi: bcm-qspi: switch back to reading flash using smaller chunks (bsc#1051510). - spi: sh-msiof: fix deferred probing (bsc#1051510). - staging: comedi: ni_mio_common: protect register write overflow (bsc#1051510). - staging:iio:ad7606: fix voltage scales (bsc#1051510). - staging: rtl8723bs: Fix the return value in case of error in 'rtw_wx_read32()' (bsc#1051510). - staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510). - sunrpc: Allow connect to return EHOSTUNREACH (git-fixes). - sunrpc: Do not use stack buffer with scatterlist (git-fixes). - sunrpc: Fix rpc_task_begin trace point (git-fixes). - sunrpc: Fix tracepoint storage issues with svc_recv and svc_rqst_status (git-fixes). - target: fix buffer offset in core_scsi3_pri_read_full_status (bsc1117349). - target: log Data-Out timeouts as errors (bsc#1095805). - target: log NOP ping timeouts as errors (bsc#1095805). - target: split out helper for cxn timeout error stashing (bsc#1095805). - target: stash sess_err_stats on Data-Out timeout (bsc#1095805). - target: use ISCSI_IQN_LEN in iscsi_target_stat (bsc#1095805). - tcp: do not restart timewait timer on rst reception (networking-stable-18_09_11). - test_firmware: fix error return getting clobbered (bsc#1051510). - tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths (networking-stable-18_11_21). - thermal: bcm2835: enable hwmon explicitly (bsc#1108468). - thermal: da9062/61: Prevent hardware access during system suspend (bsc#1051510). - thermal: rcar_thermal: Prevent hardware access during system suspend (bsc#1051510). - tipc: do not assume linear buffer when reading ancillary data (networking-stable-18_11_21). - tipc: fix a missing rhashtable_walk_exit() (networking-stable-18_09_11). - tipc: fix flow control accounting for implicit connect (networking-stable-18_10_16). - tools build: fix # escaping in .cmd files for future Make (git-fixes). - tools/testing/nvdimm: advertise a write cache for nfit_test (bsc#1112128). - tools/testing/nvdimm: allow custom error code injection (bsc#1112128). - tools/testing/nvdimm: disable labels for nfit_test.1 (bsc#1112128). - tools/testing/nvdimm: enable labels for nfit_test.1 dimms (bsc#1112128). - tools/testing/nvdimm: fix missing newline in nfit_test_dimm 'handle' attribute (bsc#1112128). - tools/testing/nvdimm: Fix support for emulating controller temperature (bsc#1112128). - tools/testing/nvdimm: force nfit_test to depend on instrumented modules (bsc#1112128). - tools/testing/nvdimm: improve emulation of smart injection (bsc#1112128). - tools/testing/nvdimm: kaddr and pfn can be NULL to ->direct_access() (bsc#1112128). - tools/testing/nvdimm: Make DSM failure code injection an override (bsc#1112128). - tools/testing/nvdimm: smart alarm/threshold control (bsc#1112128). - tools/testing/nvdimm: stricter bounds checking for error injection commands (bsc#1112128). - tools/testing/nvdimm: support nfit_test_dimm attributes under nfit_test.1 (bsc#1112128). - tools/testing/nvdimm: unit test clear-error commands (bsc#1112128). - tools/vm/page-types.c: fix 'defined but not used' warning (bsc#1051510). - tools/vm/slabinfo.c: fix sign-compare warning (bsc#1051510). - tpm2-cmd: allow more attempts for selftest execution (bsc#1082555). - tpm: add retry logic (bsc#1082555). - tpm: consolidate the TPM startup code (bsc#1082555). - tpm: do not suspend/resume if power stays on (bsc#1082555). - tpm: fix intermittent failure with self tests (bsc#1082555). - tpm: fix response size validation in tpm_get_random() (bsc#1082555). - tpm: move endianness conversion of ordinals to tpm_input_header (bsc#1082555). - tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to tpm_input_header (bsc#1082555). - tpm: move the delay_msec increment after sleep in tpm_transmit() (bsc#1082555). - tpm: React correctly to RC_TESTING from TPM 2.0 self tests (bsc#1082555). - tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers (bsc#1082555). - tpm: Restore functionality to xen vtpm driver (bsc#1082555). - tpm: self test failure should not cause suspend to fail (bsc#1082555). - tpm: tpm-interface: fix tpm_transmit/_cmd kdoc (bsc#1082555). - tpm: Trigger only missing TPM 2.0 self tests (bsc#1082555). - tpm: Use dynamic delay to wait for TPM 2.0 self test result (bsc#1082555). - tpm: use tpm2_pcr_read() in tpm2_do_selftest() (bsc#1082555). - tpm: use tpm_buf functions in tpm2_pcr_read() (bsc#1082555). - tracing: Add barrier to trace_printk() buffer nesting modification (bsc#1112219). - tracing: Apply trace_clock changes to instance max buffer (bsc#1117188). - tracing: Erase irqsoff trace with empty write (bsc#1117189). - tty: check name length in tty_find_polling_driver() (bsc#1051510). - tty: Do not block on IO when ldisc change is pending (bnc#1105428). - tty: fix data race between tty_init_dev and flush of buf (bnc#1105428). - tty: Hold tty_ldisc_lock() during tty_reopen() (bnc#1105428). - tty/ldsem: Add lockdep asserts for ldisc_sem (bnc#1105428). - tty/ldsem: Convert to regular lockdep annotations (bnc#1105428). - tty/ldsem: Decrement wait_readers on timeouted down_read() (bnc#1105428). - tty/ldsem: Wake up readers after timed out down_write() (bnc#1105428). - tty: Simplify tty->count math in tty_reopen() (bnc#1105428). - tty: wipe buffer (bsc#1051510). - tty: wipe buffer if not echoing data (bsc#1051510). - tun: Consistently configure generic netdev params via rtnetlink (bsc#1051510). - tuntap: fix multiqueue rx (networking-stable-18_11_21). - udp4: fix IP_CMSG_CHECKSUM for connected sockets (networking-stable-18_09_24). - udp6: add missing checks on edumux packet processing (networking-stable-18_09_24). - udp6: fix encap return code for resubmitting (git-fixes). - uio: ensure class is registered before devices (bsc#1051510). - uio: Fix an Oops on load (bsc#1051510). - uio: make symbol 'uio_class_registered' static (bsc#1051510). - Update config files. Enabled ENA (Amazon network driver) for arm64. - usb: cdc-acm: add entry for Hiro (Conexant) modem (bsc#1051510). - usb: chipidea: Prevent unbalanced IRQ disable (bsc#1051510). - usb: core: Fix hub port connection events lost (bsc#1051510). - usb: dwc2: host: do not delay retries for CONTROL IN transfers (bsc#1114385). - usb: dwc2: host: Do not retry NAKed transactions right away (bsc#1114385). - usb: dwc3: core: Clean up ULPI device (bsc#1051510). - usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers (bsc#1051510). - usb: dwc3: gadget: Properly check last unaligned/zero chain TRB (bsc#1051510). - usb: gadget: fsl_udc_core: check allocation return value and cleanup on failure (bsc#1051510). - usb: gadget: fsl_udc_core: fixup struct_udc_setup documentation (bsc#1051510). - usb: gadget: storage: Fix Spectre v1 vulnerability (bsc#1051510). - usb: gadget: udc: atmel: handle at91sam9rl PMC (bsc#1051510). - usb: gadget: u_ether: fix unsafe list iteration (bsc#1051510). - usb: host: ohci-at91: fix request of irq for optional gpio (bsc#1051510). - usbip: tools: fix atoi() on non-null terminated string (bsc#1051510). - usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten (bsc#1051510). - usb: misc: appledisplay: add 20' Apple Cinema Display (bsc#1051510). - usbnet: smsc95xx: disable carrier check while suspending (bsc#1051510). - usb: omap_udc: fix rejection of out transfers when DMA is used (bsc#1051510). - usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bsc#1051510). - usb: quirks: Add no-lpm quirk for Raydium touchscreens (bsc#1051510). - usb: remove LPM management from usb_driver_claim_interface() (bsc#1051510). - usb: serial: cypress_m8: fix interrupt-out transfer length (bsc#1051510). - usb: serial: option: add two-endpoints device-id flag (bsc#1051510). - usb: serial: option: drop redundant interface-class test (bsc#1051510). - usb: serial: option: improve Quectel EP06 detection (bsc#1051510). - usb: xhci: fix timeout for transition from RExit to U0 (bsc#1051510). - userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access (bsc#1109739). - Use upstream version of pci-hyperv patch (35a88a1) - VFS: close race between getcwd() and d_move() (git-fixes). - VFS: fix freeze protection in mnt_want_write_file() for overlayfs (git-fixes). - vhost: Fix Spectre V1 vulnerability (bsc#1051510). - vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bsc#1051510). - virtio_net: avoid using netif_tx_disable() for serializing tx routine (networking-stable-18_11_02). - VMCI: Resource wildcard match fixed (bsc#1051510). - w1: omap-hdq: fix missing bus unregister at removal (bsc#1051510). - Workaround for mysterious NVMe breakage with i915 CFL (bsc#1111040). - x86/acpi: Prevent X2APIC id 0xffffffff from being accounted (bsc#1110006). - x86/boot/KASLR: Work around firmware bugs by excluding EFI_BOOT_SERVICES_* and EFI_LOADER_* from KASLR's choice (bnc#1112878). - x86/boot: Move EISA setup to a separate file (bsc#1110006). - x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided (bsc#1110006). - x86/cpufeature: Add User-Mode Instruction Prevention definitions (bsc#1110006). - x86/cpufeatures: Add Intel Total Memory Encryption cpufeature (bsc#1110006). - x86/cpu/vmware: Do not trace vmware_sched_clock() (bsc#1114279). - x86/eisa: Add missing include (bsc#1110006). - x86/EISA: Do not probe EISA bus for Xen PV guests (bsc#1110006). - x86/fpu: Remove second definition of fpu in __fpu__restore_sig() (bsc#1110006). - x86, hibernate: Fix nosave_regions setup for hibernation (bsc#1110006). - x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772). - x86/kasan: Panic if there is not enough memory to boot (bsc#1110006). - x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error (bsc#1114279). - x86/ldt: Remove unused variable in map_ldt_struct() (bsc#1114279). - x86/ldt: Split out sanity check in map_ldt_struct() (bsc#1114279). - x86/ldt: Unmap PTEs for the slot before freeing LDT pages (bsc#1114279). - x86/MCE/AMD: Fix the thresholding machinery initialization order (bsc#1114279). - x86/MCE: Fix stack out-of-bounds write in mce-inject.c: Flags_read() (bsc#1110006). - x86/MCE: Make correctable error detection look at the Deferred bit (bsc#1114279). - x86/mm/pat: Disable preemption around __flush_tlb_all() (bsc#1114279). - x86, nfit_test: Add unit test for memcpy_mcsafe() (bsc#1112128). - x86/paravirt: Fix some warning messages (bnc#1065600). - x86/percpu: Fix this_cpu_read() (bsc#1110006). - x86/speculation: Support Enhanced IBRS on future CPUs (). - x86/time: Correct the attribute on jiffies' definition (bsc#1110006). - x86/xen: Fix boot loader version reported for PVH guests (bnc#1065600). - xen/balloon: Support xend-based toolstack (bnc#1065600). - xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062). - xen: fix race in xen_qlock_wait() (bnc#1107256). - xen: fix xen_qlock_wait() (bnc#1107256). - xen/gntdev: avoid out of bounds access in case of partial gntdev_mmap() (bnc#1065600). - xen: make xen_qlock_wait() nestable (bnc#1107256). - xen/netfront: do not bug in case of too many frags (bnc#1104824). - xen/pvh: do not try to unplug emulated devices (bnc#1065600). - xen/pvh: increase early stack size (bnc#1065600). - xen: Remove unnecessary BUG_ON from __unbind_from_irq() (bnc#1065600). - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent (bnc#1065600). - xen-swiotlb: use actually allocated size on check physical continuous (bnc#1065600). - xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfs: do not fail when converting shortform attr to long form during ATTR_REPLACE (bsc#1105025). - xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes). - xfs: Properly detect when DAX won't be used on any device (bsc#1115976). - xhci: Add check for invalid byte size error when UAS devices are connected (bsc#1051510). - xhci: Do not print a warning when setting link state for disabled ports (bsc#1051510). - xhci: Fix leaking USB3 shared_hcd at xhci removal (bsc#1051510). - xprtrdma: Do not defer fencing an async RPC's chunks (git-fixes). Important SUSE bug 1051510 SUSE bug 1055120 SUSE bug 1061840 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1066674 SUSE bug 1067906 SUSE bug 1068273 SUSE bug 1076830 SUSE bug 1078248 SUSE bug 1079524 SUSE bug 1082555 SUSE bug 1082653 SUSE bug 1083647 SUSE bug 1084760 SUSE bug 1084831 SUSE bug 1085535 SUSE bug 1086196 SUSE bug 1089350 SUSE bug 1091800 SUSE bug 1094825 SUSE bug 1095805 SUSE bug 1097755 SUSE bug 1100132 SUSE bug 1103356 SUSE bug 1103925 SUSE bug 1104124 SUSE bug 1104731 SUSE bug 1104824 SUSE bug 1105025 SUSE bug 1105428 SUSE bug 1106105 SUSE bug 1106110 SUSE bug 1106237 SUSE bug 1106240 SUSE bug 1107256 SUSE bug 1107385 SUSE bug 1107866 SUSE bug 1108377 SUSE bug 1108468 SUSE bug 1109330 SUSE bug 1109739 SUSE bug 1109772 SUSE bug 1109806 SUSE bug 1109818 SUSE bug 1109907 SUSE bug 1109911 SUSE bug 1109915 SUSE bug 1109919 SUSE bug 1109951 SUSE bug 1110006 SUSE bug 1110998 SUSE bug 1111040 SUSE bug 1111062 SUSE bug 1111174 SUSE bug 1111506 SUSE bug 1111696 SUSE bug 1111809 SUSE bug 1111921 SUSE bug 1111983 SUSE bug 1112128 SUSE bug 1112170 SUSE bug 1112173 SUSE bug 1112208 SUSE bug 1112219 SUSE bug 1112221 SUSE bug 1112246 SUSE bug 1112372 SUSE bug 1112514 SUSE bug 1112554 SUSE bug 1112708 SUSE bug 1112710 SUSE bug 1112711 SUSE bug 1112712 SUSE bug 1112713 SUSE bug 1112731 SUSE bug 1112732 SUSE bug 1112733 SUSE bug 1112734 SUSE bug 1112735 SUSE bug 1112736 SUSE bug 1112738 SUSE bug 1112739 SUSE bug 1112740 SUSE bug 1112741 SUSE bug 1112743 SUSE bug 1112745 SUSE bug 1112746 SUSE bug 1112878 SUSE bug 1112894 SUSE bug 1112899 SUSE bug 1112902 SUSE bug 1112903 SUSE bug 1112905 SUSE bug 1112906 SUSE bug 1112907 SUSE bug 1112963 SUSE bug 1113257 SUSE bug 1113284 SUSE bug 1113295 SUSE bug 1113408 SUSE bug 1113412 SUSE bug 1113501 SUSE bug 1113667 SUSE bug 1113677 SUSE bug 1113722 SUSE bug 1113751 SUSE bug 1113769 SUSE bug 1113780 SUSE bug 1113972 SUSE bug 1114015 SUSE bug 1114178 SUSE bug 1114279 SUSE bug 1114385 SUSE bug 1114576 SUSE bug 1114577 SUSE bug 1114578 SUSE bug 1114579 SUSE bug 1114580 SUSE bug 1114581 SUSE bug 1114582 SUSE bug 1114583 SUSE bug 1114584 SUSE bug 1114585 SUSE bug 1114839 SUSE bug 1115074 SUSE bug 1115269 SUSE bug 1115431 SUSE bug 1115433 SUSE bug 1115440 SUSE bug 1115567 SUSE bug 1115709 SUSE bug 1115976 SUSE bug 1116183 SUSE bug 1116692 SUSE bug 1116693 SUSE bug 1116698 SUSE bug 1116699 SUSE bug 1116700 SUSE bug 1116701 SUSE bug 1116862 SUSE bug 1116863 SUSE bug 1116876 SUSE bug 1116877 SUSE bug 1116878 SUSE bug 1116891 SUSE bug 1116895 SUSE bug 1116899 SUSE bug 1116950 SUSE bug 1117168 SUSE bug 1117172 SUSE bug 1117174 SUSE bug 1117181 SUSE bug 1117184 SUSE bug 1117188 SUSE bug 1117189 SUSE bug 1117349 SUSE bug 1117561 SUSE bug 1117788 SUSE bug 1117789 SUSE bug 1117790 SUSE bug 1117791 SUSE bug 1117792 SUSE bug 1117794 SUSE bug 1117795 SUSE bug 1117796 SUSE bug 1117798 SUSE bug 1117799 SUSE bug 1117801 SUSE bug 1117802 SUSE bug 1117803 SUSE bug 1117804 SUSE bug 1117805 SUSE bug 1117806 SUSE bug 1117807 SUSE bug 1117808 SUSE bug 1117815 SUSE bug 1117816 SUSE bug 1117817 SUSE bug 1117818 SUSE bug 1117819 SUSE bug 1117820 SUSE bug 1117821 SUSE bug 1117822 SUSE bug 1118102 SUSE bug 1118136 SUSE bug 1118137 SUSE bug 1118138 SUSE bug 1118140 SUSE bug 1118152 SUSE bug 1118316 CVE-2017-16533 CVE-2017-18224 CVE-2018-18281 CVE-2018-18386 CVE-2018-18445 CVE-2018-18710 CVE-2018-19824 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for bluez fixes the following issues: Security issues fixed: - CVE-2016-9800: Fixed a buffer overflow in the pin_code_reply_dump function (bsc#1013721) - CVE-2016-9801: Fixed a buffer overflow in the set_ext_ctrl function (bsc#1013732) Moderate SUSE bug 1013721 SUSE bug 1013732 CVE-2016-9800 CVE-2016-9801 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for mariadb fixes the following issues: Update to MariaDB 10.0.37 GA (bsc#1116686). Security issues fixed: - CVE-2018-3282: Server Storage Engines unspecified vulnerability (CPU Oct 2018) (bsc#1112432) - CVE-2018-3251: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112397) - CVE-2018-3174: Client programs unspecified vulnerability (CPU Oct 2018) (bsc#1112368) - CVE-2018-3156: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112417) - CVE-2018-3143: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112421) - CVE-2018-3066: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Options). (bsc#1101678) - CVE-2018-3064: InnoDB unspecified vulnerability (CPU Jul 2018) (bsc#1103342) - CVE-2018-3063: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Security Privileges). (bsc#1101677) - CVE-2018-3058: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent MyISAM). (bsc#1101676) - CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) Non-security changes: - Remove PerconaFT from the package as it has AGPL licence (bsc#1118754) - do not just remove tokudb plugin but don't build it at all (missing jemalloc dependency) Release notes and changelog: - https://kb.askmonty.org/en/mariadb-10037-release-notes - https://kb.askmonty.org/en/mariadb-10037-changelog - https://kb.askmonty.org/en/mariadb-10036-release-notes - https://kb.askmonty.org/en/mariadb-10036-changelog Important SUSE bug 1013882 SUSE bug 1101676 SUSE bug 1101677 SUSE bug 1101678 SUSE bug 1103342 SUSE bug 1112368 SUSE bug 1112397 SUSE bug 1112417 SUSE bug 1112421 SUSE bug 1112432 SUSE bug 1116686 SUSE bug 1118754 CVE-2016-9843 CVE-2018-3058 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066 CVE-2018-3143 CVE-2018-3156 CVE-2018-3174 CVE-2018-3251 CVE-2018-3282 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for netatalk fixes the following issues: Security issue fixed: - CVE-2018-1160 Fixed a missing bounds check in the handling of the DSI OPEN SESSION request, which allowed an unauthenticated to overwrite memory with data of their choice leading to arbitrary code execution with root privileges. (bsc#1119540) Important SUSE bug 1119540 CVE-2018-1160 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for ntfs-3g_ntfsprogs fixes the following issues: Security issues fixed: - CVE-2019-9755: Fixed a heap-based buffer overflow which could lead to local privilege escalation (bsc#1130165). Moderate SUSE bug 1130165 CVE-2019-9755 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for webkit2gtk3 fixes the following issues: Security issue fixed: - CVE-2019-8375: Fixed an issue in UIProcess subsystem which could allow the script dialog size to exceed the web view size leading to Buffer Overflow or other unspecified impact (bsc#1126768). Moderate SUSE bug 1126768 CVE-2019-8375 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel() (bsc#1130330). - CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage() (bsc#1131317). - CVE-2019-7175: Fixed multiple memory leaks in DecodeImage function (bsc#1128649). - CVE-2018-20467: Fixed infinite loop in coders/bmp.c (bsc#1120381). - CVE-2019-7398: Fixed a memory leak in the function WriteDIBImage (bsc#1124365). - CVE-2019-7397: Fixed a memory leak in the function WritePDFImage (bsc#1124366). - CVE-2019-7395: Fixed a memory leak in the function WritePSDChannel (bsc#1124368). - CVE-2018-16413: Fixed a heap-based buffer over-read in PushShortPixel() (bsc#1106989). - CVE-2018-16412: Fixed a heap-based buffer over-read in ParseImageResourceBlocks() (bsc#1106996). - CVE-2018-16644: Fixed a regression in dcm coder (bsc#1107609). - CVE-2019-11007: Fixed a heap-based buffer overflow in ReadMNGImage() (bsc#1132060). - CVE-2019-11008: Fixed a heap-based buffer overflow in WriteXWDImage() (bsc#1132054). - CVE-2019-11009: Fixed a heap-based buffer over-read in ReadXWDImage() (bsc#1132053). - Added extra -config- packages with Postscript/EPS/PDF readers still enabled. Removing the PS decoders is used to harden ImageMagick against security issues within ghostscript. Enabling them might impact security. (bsc#1122033) These are two packages that can be selected: - ImageMagick-config-6-SUSE: This has the PS decoders disabled. - ImageMagick-config-6-upstream: This has the PS decoders enabled. Depending on your local needs install either one of them. The default is the -SUSE configuration. Moderate SUSE bug 1106989 SUSE bug 1106996 SUSE bug 1107609 SUSE bug 1120381 SUSE bug 1122033 SUSE bug 1124365 SUSE bug 1124366 SUSE bug 1124368 SUSE bug 1128649 SUSE bug 1130330 SUSE bug 1131317 SUSE bug 1132053 SUSE bug 1132054 SUSE bug 1132060 CVE-2018-16412 CVE-2018-16413 CVE-2018-16644 CVE-2018-20467 CVE-2019-10650 CVE-2019-11007 CVE-2019-11008 CVE-2019-11009 CVE-2019-7175 CVE-2019-7395 CVE-2019-7397 CVE-2019-7398 CVE-2019-9956 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for webkit2gtk3 to version 2.24.1 fixes the following issues: Security issues fixed: - CVE-2019-6201, CVE-2019-6251, CVE-2019-7285, CVE-2019-7292, CVE-2019-8503, CVE-2019-8506, CVE-2019-8515, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-11070 (bsc#1132256). Important SUSE bug 1132256 CVE-2019-11070 CVE-2019-6201 CVE-2019-6251 CVE-2019-7285 CVE-2019-7292 CVE-2019-8503 CVE-2019-8506 CVE-2019-8515 CVE-2019-8524 CVE-2019-8535 CVE-2019-8536 CVE-2019-8544 CVE-2019-8551 CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) This kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 The following security bugs were fixed: - CVE-2018-16880: A flaw was found in the handle_rx() function in the vhost_net driver. A malicious virtual guest, under specific conditions, could trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (bnc#1122767). - CVE-2019-3882: A flaw was found in the vfio interface implementation that permitted violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). (bnc#1131416 bnc#1131427). - CVE-2019-9003: Attackers could trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a 'service ipmievd restart' loop (bnc#1126704). - CVE-2019-9500: A brcmfmac heap buffer overflow in brcmf_wowl_nd_results was fixed. (bnc#1132681). - CVE-2019-9503: A brcmfmac frame validation bypass was fixed. (bnc#1132828). The following non-security bugs were fixed: - 9p: do not trust pdu content for stat item size (bsc#1051510). - ACPI: acpi_pad: Do not launch acpi_pad threads on idle cpus (bsc#1113399). - acpi, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#1112128) (bsc#1132426). - ACPI / SBS: Fix GPE storm on recent MacBookPro's (bsc#1051510). - alsa: core: Fix card races between register and disconnect (bsc#1051510). - alsa: echoaudio: add a check for ioremap_nocache (bsc#1051510). - alsa: firewire: add const qualifier to identifiers for read-only symbols (bsc#1051510). - alsa: firewire-motu: add a flag for AES/EBU on XLR interface (bsc#1051510). - alsa: firewire-motu: add specification flag for position of flag for MIDI messages (bsc#1051510). - alsa: firewire-motu: add support for MOTU Audio Express (bsc#1051510). - alsa: firewire-motu: add support for Motu Traveler (bsc#1051510). - alsa: firewire-motu: use 'version' field of unit directory to identify model (bsc#1051510). - alsa: hda - add Lenovo IdeaCentre B550 to the power_save_blacklist (bsc#1051510). - alsa: hda - Add two more machines to the power_save_blacklist (bsc#1051510). - alsa: hda - Enforces runtime_resume after S3 and S4 for each codec (bsc#1051510). - alsa: hda: Initialize power_state field properly (bsc#1051510). - alsa: hda/realtek - Add new Dell platform for headset mode (bsc#1051510). - alsa: hda/realtek - Add quirk for Tuxedo XC 1509 (bsc#1131442). - alsa: hda/realtek - Add support for Acer Aspire E5-523G/ES1-432 headset mic (bsc#1051510). - alsa: hda/realtek - Add support headset mode for DELL WYSE AIO (bsc#1051510). - alsa: hda/realtek - Add support headset mode for New DELL WYSE NB (bsc#1051510). - alsa: hda/realtek - add two more pin configuration sets to quirk table (bsc#1051510). - alsa: hda/realtek - Apply the fixup for ASUS Q325UAR (bsc#1051510). - alsa: hda/realtek: Enable ASUS X441MB and X705FD headset MIC with ALC256 (bsc#1051510). - alsa: hda/realtek: Enable headset MIC of Acer AIO with ALC286 (bsc#1051510). - alsa: hda/realtek: Enable headset MIC of Acer Aspire Z24-890 with ALC286 (bsc#1051510). - alsa: hda/realtek: Enable headset mic of ASUS P5440FF with ALC256 (bsc#1051510). - alsa: hda/realtek - Fixed Dell AIO speaker noise (bsc#1051510). - alsa: hda - Record the current power state before suspend/resume calls (bsc#1051510). - alsa: info: Fix racy addition/deletion of nodes (bsc#1051510). - alsa: line6: use dynamic buffers (bsc#1051510). - alsa: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration (bsc#1051510). - alsa: PCM: check if ops are defined before suspending PCM (bsc#1051510). - alsa: pcm: Do not suspend stream in unrecoverable PCM state (bsc#1051510). - alsa: pcm: Fix possible OOB access in PCM oss plugins (bsc#1051510). - alsa: rawmidi: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: sb8: add a check for request_region (bsc#1051510). - alsa: seq: Fix OOB-reads from strlcpy (bsc#1051510). - alsa: seq: oss: Fix Spectre v1 vulnerability (bsc#1051510). - ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe (bsc#1051510). - ASoC: fsl_esai: fix channel swap issue when stream starts (bsc#1051510). - ASoC: topology: free created components in tplg load error (bsc#1051510). - assume flash part size to be 4MB, if it can't be determined (bsc#1127371). - ath10k: avoid possible string overflow (bsc#1051510). - auxdisplay: hd44780: Fix memory leak on ->remove() (bsc#1051510). - auxdisplay: ht16k33: fix potential user-after-free on module unload (bsc#1051510). - batman-adv: Reduce claim hash refcnt only for removed entry (bsc#1051510). - batman-adv: Reduce tt_global hash refcnt only for removed entry (bsc#1051510). - batman-adv: Reduce tt_local hash refcnt only for removed entry (bsc#1051510). - bcm2835 MMC issues (bsc#1070872). - blkcg: Introduce blkg_root_lookup() (bsc#1131673). - blkcg: Make blkg_root_lookup() work for queues in bypass mode (bsc#1131673). - blk-mq: adjust debugfs and sysfs register when updating nr_hw_queues (bsc#1131673). - blk-mq: Avoid that submitting a bio concurrently with device removal triggers a crash (bsc#1131673). - blk-mq: change gfp flags to GFP_NOIO in blk_mq_realloc_hw_ctxs (bsc#1131673). - blk-mq: fallback to previous nr_hw_queues when updating fails (bsc#1131673). - blk-mq: init hctx sched after update ctx and hctx mapping (bsc#1131673). - blk-mq: realloc hctx when hw queue is mapped to another node (bsc#1131673). - blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter (bsc#1131673). - block: Ensure that a request queue is dissociated from the cgroup controller (bsc#1131673). - block: Fix a race between request queue removal and the block cgroup controller (bsc#1131673). - block: Introduce blk_exit_queue() (bsc#1131673). - block: kABI fixes for bio_rewind_iter() removal (bsc#1131673). - block: remove bio_rewind_iter() (bsc#1131673). - bluetooth: btusb: request wake pin with NOAUTOEN (bsc#1051510). - bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt (bsc#1051510). - bluetooth: Fix decrementing reference count twice in releasing socket (bsc#1051510). - bluetooth: hci_ldisc: Initialize hci_dev before open() (bsc#1051510). - bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto() (bsc#1051510). - bluetooth: hci_uart: Check if socket buffer is ERR_PTR in h4_recv_buf() (bsc#1133731). - bnxt_en: Drop oversize TX packets to prevent errors (networking-stable-19_03_07). - bonding: fix PACKET_ORIGDEV regression (git-fixes). - bpf: fix use after free in bpf_evict_inode (bsc#1083647). - btrfs: Avoid possible qgroup_rsv_size overflow in btrfs_calculate_inode_block_rsv_size (git-fixes). - btrfs: check for refs on snapshot delete resume (bsc#1131335). - btrfs: fix assertion failure on fsync with NO_HOLES enabled (bsc#1131848). - btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks (git-fixes). - btrfs: fix deadlock between clone/dedupe and rename (bsc#1130518). - btrfs: fix incorrect file size after shrinking truncate and fsync (bsc#1130195). - btrfs: remove WARN_ON in log_dir_items (bsc#1131847). - btrfs: save drop_progress if we drop refs at all (bsc#1131336). - cdrom: Fix race condition in cdrom_sysctl_register (bsc#1051510). - cgroup: fix parsing empty mount option string (bsc#1133094). - cifs: allow guest mounts to work for smb3.11 (bsc#1051510). - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510). - cifs: do not dereference smb_file_target before null check (bsc#1051510). - cifs: Do not hide EINTR after sending network packets (bsc#1051510). - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510). - cifs: Do not reset lease state to NONE on lease break (bsc#1051510). - cifs: Fix adjustment of credits for MTU requests (bsc#1051510). - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510). - cifs: Fix credits calculations for reads with errors (bsc#1051510). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542). - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510). - cifs: Fix potential OOB access of lock element array (bsc#1051510). - cifs: Fix read after write for files with read caching (bsc#1051510). - clk: clk-twl6040: Fix imprecise external abort for pdmclk (bsc#1051510). - clk: fractional-divider: check parent rate only if flag is set (bsc#1051510). - clk: ingenic: Fix doc of ingenic_cgu_div_info (bsc#1051510). - clk: ingenic: Fix round_rate misbehaving with non-integer dividers (bsc#1051510). - clk: rockchip: fix frac settings of GPLL clock for rk3328 (bsc#1051510). - clk: sunxi-ng: v3s: Fix TCON reset de-assert bit (bsc#1051510). - clk: vc5: Abort clock configuration without upstream clock (bsc#1051510). - clk: x86: Add system specific quirk to mark clocks as critical (bsc#1051510). - clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown (bsc#1051510). - clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR (bsc#1051510). - cpcap-charger: generate events for userspace (bsc#1051510). - cpufreq: pxa2xx: remove incorrect __init annotation (bsc#1051510). - cpufreq: tegra124: add missing of_node_put() (bsc#1051510). - cpupowerutils: bench - Fix cpu online check (bsc#1051510). - cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178). - crypto: caam - add missing put_device() call (bsc#1129770). - crypto: crypto4xx - properly set IV after de- and encrypt (bsc#1051510). - crypto: pcbc - remove bogus memcpy()s with src == dest (bsc#1051510). - crypto: sha256/arm - fix crash bug in Thumb2 build (bsc#1051510). - crypto: sha512/arm - fix crash bug in Thumb2 build (bsc#1051510). - crypto: x86/poly1305 - fix overflow during partial reduction (bsc#1051510). - cxgb4: Add capability to get/set SGE Doorbell Queue Timer Tick (bsc#1127371). - cxgb4: Added missing break in ndo_udp_tunnel_{add/del} (bsc#1127371). - cxgb4: Add flag tc_flower_initialized (bsc#1127371). - cxgb4: Add new T5 PCI device id 0x50ae (bsc#1127371). - cxgb4: Add new T5 PCI device ids 0x50af and 0x50b0 (bsc#1127371). - cxgb4: Add new T6 PCI device ids 0x608a (bsc#1127371). - cxgb4: add per rx-queue counter for packet errors (bsc#1127371). - cxgb4: Add support for FW_ETH_TX_PKT_VM_WR (bsc#1127371). - cxgb4: add support to display DCB info (bsc#1127371). - cxgb4: Add support to read actual provisioned resources (bsc#1127371). - cxgb4: collect ASIC LA dumps from ULP TX (bsc#1127371). - cxgb4: collect hardware queue descriptors (bsc#1127371). - cxgb4: collect number of free PSTRUCT page pointers (bsc#1127371). - cxgb4: convert flower table to use rhashtable (bsc#1127371). - cxgb4: cxgb4: use FW_PORT_ACTION_L1_CFG32 for 32 bit capability (bsc#1127371). - cxgb4/cxgb4vf: Add support for SGE doorbell queue timer (bsc#1127371). - cxgb4/cxgb4vf: Fix mac_hlist initialization and free (bsc#1127374). - cxgb4/cxgb4vf: Link management changes (bsc#1127371). - cxgb4/cxgb4vf: Program hash region for {t4/t4vf}_change_mac() (bsc#1127371). - cxgb4: display number of rx and tx pages free (bsc#1127371). - cxgb4: do not return DUPLEX_UNKNOWN when link is down (bsc#1127371). - cxgb4: Export sge_host_page_size to ulds (bsc#1127371). - cxgb4: fix the error path of cxgb4_uld_register() (bsc#1127371). - cxgb4: impose mandatory VLAN usage when non-zero TAG ID (bsc#1127371). - cxgb4: Mask out interrupts that are not enabled (bsc#1127175). - cxgb4: move Tx/Rx free pages collection to common code (bsc#1127371). - cxgb4: remove redundant assignment to vlan_cmd.dropnovlan_fm (bsc#1127371). - cxgb4: Remove SGE_HOST_PAGE_SIZE dependency on page size (bsc#1127371). - cxgb4: remove the unneeded locks (bsc#1127371). - cxgb4: specify IQTYPE in fw_iq_cmd (bsc#1127371). - cxgb4: Support ethtool private flags (bsc#1127371). - cxgb4: update supported DCB version (bsc#1127371). - cxgb4: use new fw interface to get the VIN and smt index (bsc#1127371). - cxgb4vf: Few more link management changes (bsc#1127374). - cxgb4vf: fix memleak in mac_hlist initialization (bsc#1127374). - cxgb4vf: Update port information in cxgb4vf_open() (bsc#1127374). - device_cgroup: fix RCU imbalance in error case (bsc#1051510). - device property: Fix the length used in PROPERTY_ENTRY_STRING() (bsc#1051510). - Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc (bsc#1051510). - dmaengine: imx-dma: fix warning comparison of distinct pointer types (bsc#1051510). - dmaengine: qcom_hidma: assign channel cookie correctly (bsc#1051510). - dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid (bsc#1051510). - dmaengine: tegra: avoid overflow of byte tracking (bsc#1051510). - dm: disable DISCARD if the underlying storage no longer supports it (bsc#1114638). - Drivers: hv: vmbus: Offload the handling of channels to two workqueues (bsc#1130567). - Drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() (bsc#1130567). - drm: Auto-set allow_fb_modifiers when given modifiers at plane init (bsc#1051510). - drm: bridge: dw-hdmi: Fix overflow workaround for Rockchip SoCs (bsc#1113722) - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers (bsc#1051510). - drm/i915/bios: assume eDP is present on port A when there is no VBT (bsc#1051510). - drm/i915/gvt: Add in context mmio 0x20D8 to gen9 mmio list (bsc#1113722) - drm/i915/gvt: Annotate iomem usage (bsc#1051510). - drm/i915/gvt: do not deliver a workload if its creation fails (bsc#1051510). - drm/i915/gvt: do not let pin count of shadow mm go negative (bsc#1113722) - drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check (bsc#1051510). - drm/i915: Relax mmap VMA check (bsc#1051510). - drm/imx: ignore plane updates on disabled crtcs (bsc#1051510). - drm/imx: imx-ldb: add missing of_node_puts (bsc#1051510). - drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata() (bsc#1113722) - drm/meson: Fix invalid pointer in meson_drv_unbind() (bsc#1051510). - drm/meson: Uninstall IRQ handler (bsc#1051510). - drm/nouveau/debugfs: Fix check of pm_runtime_get_sync failure (bsc#1051510). - drm/nouveau: Stop using drm_crtc_force_disable (bsc#1051510). - drm/nouveau/volt/gf117: fix speedo readout register (bsc#1051510). - drm/rockchip: vop: reset scale mode when win is disabled (bsc#1113722) - drm/sun4i: Add missing drm_atomic_helper_shutdown at driver unbind (bsc#1113722) - drm/sun4i: Fix component unbinding and component master deletion (bsc#1113722) - drm/sun4i: Set device driver data at bind time for use in unbind (bsc#1113722) - drm/sun4i: Unbind components before releasing DRM and memory (bsc#1113722) - drm/udl: add a release method and delay modeset teardown (bsc#1085536) - drm/vc4: Fix memory leak during gpu reset. (bsc#1113722) - dsa: mv88e6xxx: Ensure all pending interrupts are handled prior to exit (networking-stable-19_02_20). - e1000e: fix cyclic resets at link up with active tx (bsc#1051510). - e1000e: Fix -Wformat-truncation warnings (bsc#1051510). - ext2: Fix underflow in ext2_max_size() (bsc#1131174). - ext4: add mask of ext4 flags to swap (bsc#1131170). - ext4: add missing brelse() in add_new_gdb_meta_bg() (bsc#1131176). - ext4: Avoid panic during forced reboot (bsc#1126356). - ext4: brelse all indirect buffer in ext4_ind_remove_space() (bsc#1131173). - ext4: cleanup bh release code in ext4_ind_remove_space() (bsc#1131851). - ext4: cleanup pagecache before swap i_data (bsc#1131178). - ext4: fix check of inode in swap_inode_boot_loader (bsc#1131177). - ext4: fix data corruption caused by unaligned direct AIO (bsc#1131172). - ext4: fix EXT4_IOC_SWAP_BOOT (bsc#1131180). - ext4: fix NULL pointer dereference while journal is aborted (bsc#1131171). - ext4: update quota information while swapping boot loader inode (bsc#1131179). - fbdev: fbmem: fix memory access if logo is bigger than the screen (bsc#1051510). - fix cgroup_do_mount() handling of failure exits (bsc#1133095). - Fix kabi after 'md: batch flush requests.' (bsc#1119680). - Fix struct page kABI after adding atomic for ppc (bsc#1131326, bsc#1108937). - fm10k: Fix a potential NULL pointer dereference (bsc#1051510). - fs: avoid fdput() after failed fdget() in vfs_dedupe_file_range() (bsc#1132384, bsc#1132219). - fs/dax: deposit pagetable even when installing zero page (bsc#1126740). - fs/nfs: Fix nfs_parse_devname to not modify it's argument (git-fixes). - futex: Cure exit race (bsc#1050549). - futex: Ensure that futex address is aligned in handle_futex_death() (bsc#1050549). - futex: Handle early deadlock return correctly (bsc#1050549). - gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input (bsc#1051510). - gpio: gpio-omap: fix level interrupt idling (bsc#1051510). - gpio: of: Fix of_gpiochip_add() error path (bsc#1051510). - gre6: use log_ecn_error module parameter in ip6_tnl_rcv() (git-fixes). - hid: i2c-hid: Ignore input report if there's no data present on Elan touchpanels (bsc#1133486). - hid: intel-ish-hid: avoid binding wrong ishtp_cl_device (bsc#1051510). - hid: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR busy_clear bit (bsc#1051510). - hv_netvsc: Fix IP header checksum for coalesced packets (networking-stable-19_03_07). - hv: reduce storvsc_ringbuffer_size from 1M to 128K to simplify booting with 1k vcpus (). - hv: reduce storvsc_ringbuffer_size from 1M to 128K to simplify booting with 1k vcpus (fate#323887). - hwrng: virtio - Avoid repeated init of completion (bsc#1051510). - i2c: Make i2c_unregister_device() NULL-aware (bsc#1108193). - i2c: tegra: fix maximum transfer size (bsc#1051510). - ibmvnic: Enable GRO (bsc#1132227). - ibmvnic: Fix completion structure initialization (bsc#1131659). - ibmvnic: Fix netdev feature clobbering during a reset (bsc#1132227). - iio: adc: at91: disable adc channel interrupt in timeout case (bsc#1051510). - iio: adc: fix warning in Qualcomm PM8xxx HK/XOADC driver (bsc#1051510). - iio: ad_sigma_delta: select channel when reading register (bsc#1051510). - iio: core: fix a possible circular locking dependency (bsc#1051510). - iio: cros_ec: Fix the maths for gyro scale calculation (bsc#1051510). - iio: dac: mcp4725: add missing powerdown bits in store eeprom (bsc#1051510). - iio: Fix scan mask selection (bsc#1051510). - iio/gyro/bmg160: Use millidegrees for temperature scale (bsc#1051510). - iio: gyro: mpu3050: fix chip ID reading (bsc#1051510). - input: cap11xx - switch to using set_brightness_blocking() (bsc#1051510). - input: matrix_keypad - use flush_delayed_work() (bsc#1051510). - input: snvs_pwrkey - initialize necessary driver data before enabling IRQ (bsc#1051510). - input: st-keyscan - fix potential zalloc NULL dereference (bsc#1051510). - input: synaptics-rmi4 - write config register values to the right offset (bsc#1051510). - input: uinput - fix undefined behavior in uinput_validate_absinfo() (bsc#1120902). - intel_idle: add support for Jacobsville (jsc#SLE-5394). - io: accel: kxcjk1013: restore the range after resume (bsc#1051510). - iommu/amd: Fix NULL dereference bug in match_hid_uid (bsc#1130336). - iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE (bsc#1130337). - iommu/amd: Reserve exclusion range in iova-domain (bsc#1130425). - iommu/amd: Set exclusion range correctly (bsc#1130425). - iommu: Do not print warning when IOMMU driver only supports unmanaged domains (bsc#1130130). - iommu/vt-d: Check capability before disabling protected memory (bsc#1130338). - ip6: fix PMTU discovery when using /127 subnets (git-fixes). - ip6mr: Do not call __IP6_INC_STATS() from preemptible context (git-fixes). - ip6_tunnel: fix ip6 tunnel lookup in collect_md mode (git-fixes). - ipmi: Fix I2C client removal in the SSIF driver (bsc#1108193). - ipmi_ssif: Remove duplicate NULL check (bsc#1108193). - ipv4: Return error for RTA_VIA attribute (networking-stable-19_03_07). - ipv4/route: fail early when inet dev is missing (git-fixes). - ipv6: Fix dangling pointer when ipv6 fragment (git-fixes). - ipv6: propagate genlmsg_reply return code (networking-stable-19_02_24). - ipv6: Return error for RTA_VIA attribute (networking-stable-19_03_07). - ipv6: sit: reset ip header pointer in ipip6_rcv (git-fixes). - ipvlan: disallow userns cap_net_admin to change global mode/flags (networking-stable-19_03_15). - ipvs: remove IPS_NAT_MASK check to fix passive FTP (git-fixes). - irqchip/gic-v3-its: Avoid parsing _indirect_ twice for Device table (bsc#1051510). - irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable (bsc#1051510). - iscsi_ibft: Fix missing break in switch statement (bsc#1051510). - iw_cxgb4: cq/qp mask depends on bar2 pages in a host page (bsc#1127371). - iwiwifi: fix bad monitor buffer register addresses (bsc#1129770). - iwlwifi: fix send hcmd timeout recovery flow (bsc#1129770). - iwlwifi: mvm: fix firmware statistics usage (bsc#1129770). - jbd2: clear dirty flag when revoking a buffer from an older transaction (bsc#1131167). - jbd2: fix compile warning when using JBUFFER_TRACE (bsc#1131168). - kABI: restore icmp_send (kabi). - kabi/severities: add cxgb4 and cxgb4vf shared data to the whitelis (bsc#1127372) - kabi/severities: add libcxgb to cxgb intra module symbols as well - kabi/severities: exclude cxgb4 inter-module symbols - kasan: fix shadow_size calculation error in kasan_module_alloc (bsc#1051510). - kbuild: fix false positive warning/error about missing libelf (bsc#1051510). - kbuild: modversions: Fix relative CRC byte order interpretation (bsc#1131290). - kbuild: strip whitespace in cmd_record_mcount findstring (bsc#1065729). - kcm: switch order of device registration to fix a crash (bnc#1130527). - kernfs: do not set dentry->d_fsdata (boo#1133115). - keys: always initialize keyring_index_key::desc_len (bsc#1051510). - keys: user: Align the payload buffer (bsc#1051510). - kvm: Call kvm_arch_memslots_updated() before updating memslots (bsc#1132563). - kvm: Fix kABI for AMD SMAP Errata workaround (bsc#1133149). - kvm: nVMX: Apply addr size mask to effective address for VMX instructions (bsc#1132561). - kvm: nVMX: Ignore limit checks on VMX instructions using flat segments (bsc#1132564). - kvm: nVMX: Sign extend displacements of VMX instr's mem operands (bsc#1132562). - kvm: PPC: Book3S HV: Fix race between kvm_unmap_hva_range and MMU mode switch (bsc#1061840). - kvm: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP violation) (bsc#1133149). - kvm: VMX: Compare only a single byte for VMCS' 'launched' in vCPU-run (bsc#1132555). - kvm: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts (bsc#1114279). - kvm: x86/mmu: Detect MMIO generation wrap in any address space (bsc#1132570). - kvm: x86/mmu: Do not cache MMIO accesses while memslots are in flux (bsc#1132571). - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID (bsc#1111331). - leds: pca9532: fix a potential NULL pointer dereference (bsc#1051510). - libceph: wait for latest osdmap in ceph_monc_blacklist_add() (bsc#1130427). - libertas_tf: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510). - lightnvm: if LUNs are already allocated fix return (bsc#1085535). - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a new <linux/bits.h> file (bsc#1111331). - mac80211: do not call driver wake_tx_queue op during reconfig (bsc#1051510). - mac80211: Fix Tx aggregation session tear down with ITXQs (bsc#1051510). - mac80211_hwsim: propagate genlmsg_reply return code (bsc#1051510). - md: batch flush requests (bsc#1119680). - md: Fix failed allocation of md_register_thread (git-fixes). - md/raid1: do not clear bitmap bits on interrupted recovery (git-fixes). - md/raid5: fix 'out of memory' during raid cache recovery (git-fixes). - media: mt9m111: set initial frame size other than 0x0 (bsc#1051510). - media: mtk-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: mx2_emmaprp: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: rc: mce_kbd decoder: fix stuck keys (bsc#1100132). - media: s5p-g2d: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: s5p-jpeg: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: sh_veu: Correct return type for mem2mem buffer helpers (bsc#1051510). - media: v4l2-ctrls.c/uvc: zero v4l2_event (bsc#1051510). - media: vb2: do not call __vb2_queue_cancel if vb2_start_streaming failed (bsc#1119086). - memremap: fix softlockup reports at teardown (bnc#1130154). - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S (bsc#1051510). - missing barriers in some of unix_sock ->addr and ->path accesses (networking-stable-19_03_15). - mmc: davinci: remove extraneous __init annotation (bsc#1051510). - mmc: pxamci: fix enum type confusion (bsc#1051510). - mmc: sdhci: Fix data command CRC error handling (bsc#1051510). - mmc: sdhci: Handle auto-command errors (bsc#1051510). - mmc: sdhci: Rename SDHCI_ACMD12_ERR and SDHCI_INT_ACMD12ERR (bsc#1051510). - mmc: tmio_mmc_core: do not claim spurious interrupts (bsc#1051510). - mm/debug.c: fix __dump_page when mapping->host is not set (bsc#1131934). - mm: Fix modifying of page protection by insert_pfn() (bsc#1126740). - mm: Fix warning in insert_pfn() (bsc#1126740). - mm/huge_memory.c: fix modifying of page protection by insert_pfn_pmd() (bsc#1126740). - mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate() (bsc#1131935). - mm/vmalloc: fix size check for remap_vmalloc_range_partial() (bsc#1133825). - mpls: Return error for RTA_GATEWAY attribute (networking-stable-19_03_07). - mt7601u: bump supported EEPROM version (bsc#1051510). - mwifiex: do not advertise IBSS features without FW support (bsc#1129770). - net: Add header for usage of fls64() (networking-stable-19_02_20). - net: Add __icmp_send helper (networking-stable-19_03_07). - net: avoid false positives in untrusted gso validation (git-fixes). - net: avoid use IPCB in cipso_v4_error (networking-stable-19_03_07). - net: bridge: add vlan_tunnel to bridge port policies (git-fixes). - net: bridge: fix per-port af_packet sockets (git-fixes). - net: bridge: multicast: use rcu to access port list from br_multicast_start_querier (git-fixes). - net: datagram: fix unbounded loop in __skb_try_recv_datagram() (git-fixes). - net: Do not allocate page fragments that are not skb aligned (networking-stable-19_02_20). - net: dsa: mv88e6xxx: Fix u64 statistics (networking-stable-19_03_07). - net: ena: update driver version from 2.0.2 to 2.0.3 (bsc#1129276 bsc#1125342). - netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING (git-fixes). - netfilter: check for seqadj ext existence before adding it in nf_nat_setup_info (git-fixes). - netfilter: ip6t_MASQUERADE: add dependency on conntrack module (git-fixes). - netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit() (git-fixes). - netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt (git-fixes). - netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target} (git-fixes). - netfilter: x_tables: fix int overflow in xt_alloc_table_info() (git-fixes). - net: Fix for_each_netdev_feature on Big endian (networking-stable-19_02_20). - net: fix IPv6 prefix route residue (networking-stable-19_02_20). - net: Fix untag for vlan packets without ethernet header (git-fixes). - net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off (git-fixes). - net/hsr: Check skb_put_padto() return value (git-fixes). - net: hsr: fix memory leak in hsr_dev_finalize() (networking-stable-19_03_15). - net/hsr: fix possible crash in add_timer() (networking-stable-19_03_15). - netlabel: fix out-of-bounds memory accesses (networking-stable-19_03_07). - netlink: fix nla_put_{u8,u16,u32} for KASAN (git-fixes). - net/mlx5e: Do not overwrite pedit action when multiple pedit used (networking-stable-19_02_24). - net/ncsi: Fix AEN HNCDSC packet length (git-fixes). - net/ncsi: Stop monitor if channel times out or is inactive (git-fixes). - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails (networking-stable-19_03_07). - net/packet: fix 4gb buffer limit due to overflow check (networking-stable-19_02_24). - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec (git-fixes). - net_sched: acquire RTNL in tc_action_net_exit() (git-fixes). - net_sched: fix two more memory leaks in cls_tcindex (networking-stable-19_02_24). - net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255 (networking-stable-19_03_15). - net: sit: fix memory leak in sit_init_net() (networking-stable-19_03_07). - net: sit: fix UBSAN Undefined behaviour in check_6rd (networking-stable-19_03_15). - net: socket: set sock->sk to NULL after calling proto_ops::release() (networking-stable-19_03_07). - net-sysfs: Fix mem leak in netdev_register_kobject (git-fixes). - net: validate untrusted gso packets without csum offload (networking-stable-19_02_20). - net/x25: fix a race in x25_bind() (networking-stable-19_03_15). - net/x25: fix use-after-free in x25_device_event() (networking-stable-19_03_15). - net/x25: reset state in x25_connect() (networking-stable-19_03_15). - net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() (git-fixes). - nfc: nci: Add some bounds checking in nci_hci_cmd_received() (bsc#1051510). - nfs: Add missing encode / decode sequence_maxsz to v4.2 operations (git-fixes). - nfsd4: catch some false session retries (git-fixes). - nfsd4: fix cached replies to solo SEQUENCE compounds (git-fixes). - nfsd: fix memory corruption caused by readdir (bsc#1127445). - nfsd: fix memory corruption caused by readdir (bsc#1127445). - nfs: Do not recoalesce on error in nfs_pageio_complete_mirror() (git-fixes). - nfs: Do not use page_file_mapping after removing the page (git-fixes). - nfs: Fix an I/O request leakage in nfs_do_recoalesce (git-fixes). - nfs: Fix a soft lockup in the delegation recovery code (git-fixes). - nfs: Fix a typo in nfs_init_timeout_values() (git-fixes). - nfs: Fix dentry revalidation on NFSv4 lookup (bsc#1132618). - nfs: Fix I/O request leakages (git-fixes). - nfs: fix mount/umount race in nlmclnt (git-fixes). - nfs/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount (git-fixes). - nfsv4.1 do not free interrupted slot on open (git-fixes). - nfsv4.1: Reinitialise sequence results before retransmitting a request (git-fixes). - nfsv4/flexfiles: Fix invalid deref in FF_LAYOUT_DEVID_NODE() (git-fixes). - nvme: add proper discard setup for the multipath device (bsc#1114638). - nvme: fix the dangerous reference of namespaces list (bsc#1131673). - nvme: make sure ns head inherits underlying device limits (bsc#1131673). - nvme-multipath: avoid crash on invalid subsystem cntlid enumeration (bsc#1129273). - nvme-multipath: split bios with the ns_head bio_set before submitting (bsc#1103259, bsc#1131673). - nvme: only reconfigure discard if necessary (bsc#1114638). - nvme: schedule requeue whenever a LIVE state is entered (bsc#1123105). - ocfs2: fix inode bh swapping mixup in ocfs2_reflink_inodes_lock (bsc#1131169). - pci: Add function 1 DMA alias quirk for Marvell 9170 SATA controller (bsc#1051510). - pci: designware-ep: dw_pcie_ep_set_msi() should only set MMC bits (bsc#1051510). - pci: designware-ep: Read-only registers need DBI_RO_WR_EN to be writable (bsc#1051510). - pci: pciehp: Convert to threaded IRQ (bsc#1133005). - pci: pciehp: Ignore Link State Changes after powering off a slot (bsc#1133005). - phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs (bsc#1051510). - pM / wakeup: Rework wakeup source timer cancellation (bsc#1051510). - powercap: intel_rapl: add support for Jacobsville (). - powercap: intel_rapl: add support for Jacobsville (FATE#327454). - powerpc/64: Call setup_barrier_nospec() from setup_arch() (bsc#1131107). - powerpc/64: Disable the speculation barrier from the command line (bsc#1131107). - powerpc64/ftrace: Include ftrace.h needed for enable/disable calls (bsc#1088804, git-fixes). - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (bsc#1131107). - powerpc/64s: Add new security feature flags for count cache flush (bsc#1131107). - powerpc/64s: Add support for software count cache flush (bsc#1131107). - powerpc/64s: Fix logic when handling unknown CPU features (bsc#1055117). - powerpc/64s: Fix page table fragment refcount race vs speculative references (bsc#1131326, bsc#1108937). - powerpc/asm: Add a patch_site macro & helpers for patching instructions (bsc#1131107). - powerpc: avoid -mno-sched-epilog on GCC 4.9 and newer (bsc#1065729). - powerpc: consolidate -mno-sched-epilog into FTRACE flags (bsc#1065729). - powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest (bsc#1061840). - powerpc/fsl: Fix spectre_v2 mitigations reporting (bsc#1131107). - powerpc/hugetlb: Handle mmap_min_addr correctly in get_unmapped_area callback (bsc#1131900). - powerpc/kvm: Save and restore host AMR/IAMR/UAMOR (bsc#1061840). - powerpc/mm: Add missing tracepoint for tlbie (bsc#1055117, git-fixes). - powerpc/mm: Check secondary hash page table (bsc#1065729). - powerpc/mm: Fix page table dump to work on Radix (bsc#1055186, fate#323286, git-fixes). - powerpc/mm: Fix page table dump to work on Radix (bsc#1055186, git-fixes). - powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown search (bsc#1131900). - powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186, fate#323286, git-fixes). - powerpc/mm/radix: Display if mappings are exec or not (bsc#1055186, git-fixes). - powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186, fate#323286, git-fixes). - powerpc/mm/radix: Prettify mapped memory range print out (bsc#1055186, git-fixes). - powerpc/numa: document topology_updates_enabled, disable by default (bsc#1133584). - powerpc/numa: improve control of topology updates (bsc#1133584). - powerpc/perf: Fix unit_sel/cache_sel checks (bsc#1053043). - powerpc/perf: Remove l2 bus events from HW cache event array (bsc#1053043). - powerpc/powernv/cpuidle: Init all present cpus for deep states (bsc#1055121). - powerpc/powernv: Do not reprogram SLW image on every KVM guest entry/exit (bsc#1061840). - powerpc/powernv/ioda2: Remove redundant free of TCE pages (bsc#1061840). - powerpc/powernv/ioda: Allocate indirect TCE levels of cached userspace addresses on demand (bsc#1061840). - powerpc/powernv/ioda: Fix locked_vm counting for memory used by IOMMU tables (bsc#1061840). - powerpc/powernv: Make opal log only readable by root (bsc#1065729). - powerpc/powernv: Query firmware for count cache flush settings (bsc#1131107). - powerpc/powernv: Remove never used pnv_power9_force_smt4 (bsc#1061840). - powerpc/pseries/mce: Fix misleading print for TLB mutlihit (bsc#1094244, git-fixes). - powerpc/pseries: Query hypervisor for count cache flush settings (bsc#1131107). - powerpc/security: Fix spectre_v2 reporting (bsc#1131107). - powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587). - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#1131587). - power: supply: charger-manager: Fix incorrect return value (bsc#1051510). - pwm-backlight: Enable/disable the PWM before/after LCD enable toggle (bsc#1051510). - qmi_wwan: Add support for Quectel EG12/EM12 (networking-stable-19_03_07). - qmi_wwan: apply SET_DTR quirk to Sierra WP7607 (bsc#1051510). - qmi_wwan: Fix qmap header retrieval in qmimux_rx_fixup (bsc#1051510). - raid10: It's wrong to add len to sector_nr in raid10 reshape twice (git-fixes). - ras/cec: Check the correct variable in the debugfs error handling (bsc#1085535). - ravb: Decrease TxFIFO depth of Q3 and Q2 to one (networking-stable-19_03_15). - rdma/cxgb4: Add support for 64Byte cqes (bsc#1127371). - rdma/cxgb4: Add support for kernel mode SRQ's (bsc#1127371). - rdma/cxgb4: Add support for srq functions & structs (bsc#1127371). - rdma/cxgb4: fix some info leaks (bsc#1127371). - rdma/cxgb4: Make c4iw_poll_cq_one() easier to analyze (bsc#1127371). - rdma/cxgb4: Remove a set-but-not-used variable (bsc#1127371). - rdma/iw_cxgb4: Drop __GFP_NOFAIL (bsc#1127371). - rds: fix refcount bug in rds_sock_addref (git-fixes). - rds: tcp: atomically purge entries from rds_tcp_conn_list during netns delete (git-fixes). - regulator: max77620: Initialize values for DT properties (bsc#1051510). - regulator: s2mpa01: Fix step values for some LDOs (bsc#1051510). - Revert drm/i915 patches that caused regressions (bsc#1131062) - Revert 'ipv4: keep skb->dst around in presence of IP options' (git-fixes). - rhashtable: Still do rehash when we get EEXIST (bsc#1051510). - ring-buffer: Check if memory is available before allocation (bsc#1132531). - rpm/config.sh: Fix build project and bugzilla product. - rtc: 88pm80x: fix unintended sign extension (bsc#1051510). - rtc: 88pm860x: fix unintended sign extension (bsc#1051510). - rtc: cmos: ignore bogus century byte (bsc#1051510). - rtc: ds1672: fix unintended sign extension (bsc#1051510). - rtc: Fix overflow when converting time64_t to rtc_time (bsc#1051510). - rtc: pm8xxx: fix unintended sign extension (bsc#1051510). - rtnetlink: bring NETDEV_CHANGE_TX_QUEUE_LEN event process back in rtnetlink_event (git-fixes). - rtnetlink: bring NETDEV_CHANGEUPPER event process back in rtnetlink_event (git-fixes). - rtnetlink: bring NETDEV_POST_TYPE_CHANGE event process back in rtnetlink_event (git-fixes). - rtnetlink: check DO_SETLINK_NOTIFY correctly in do_setlink (git-fixes). - rxrpc: Do not release call mutex on error pointer (git-fixes). - rxrpc: Do not treat call aborts as conn aborts (git-fixes). - rxrpc: Fix client call queueing, waiting for channel (networking-stable-19_03_15). - rxrpc: Fix Tx ring annotation after initial Tx failure (git-fixes). - s390/dasd: fix panic for failed online processing (bsc#1132589). - s390/pkey: move pckmo subfunction available checks away from module init (bsc#1128544). - s390/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - scsi: libiscsi: fix possible NULL pointer dereference in case of TMF (bsc#1127378). - scsi: libsas: allocate sense buffer for bsg queue (bsc#1131467). - scsi: qla2xxx: Add new FC-NVMe enable BIT to enable FC-NVMe feature (bsc#1130579). - sctp: call gso_reset_checksum when computing checksum in sctp_gso_segment (networking-stable-19_02_24). - serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart (bsc#1051510). - serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling (bsc#1051510). - serial: imx: Update cached mctrl value when changing RTS (bsc#1051510). - serial: max310x: Fix to avoid potential NULL pointer dereference (bsc#1051510). - serial: sh-sci: Fix setting SCSCR_TIE while transferring data (bsc#1051510). - sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach() (networking-stable-19_02_24). - smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510). - soc: fsl: qbman: avoid race in clearing QMan interrupt (bsc#1051510). - SoC: imx-sgtl5000: add missing put_device() (bsc#1051510). - soc: qcom: gsbi: Fix error handling in gsbi_probe() (bsc#1051510). - soc/tegra: fuse: Fix illegal free of IO base address (bsc#1051510). - spi: pxa2xx: Setup maximum supported DMA transfer length (bsc#1051510). - spi: ti-qspi: Fix mmap read when more than one CS in use (bsc#1051510). - spi/topcliff_pch: Fix potential NULL dereference on allocation error (bsc#1051510). - staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf (bsc#1051510). - staging: comedi: ni_usb6501: Fix use of uninitialized mutex (bsc#1051510). - staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf (bsc#1051510). - staging: comedi: vmk80xx: Fix use of uninitialized semaphore (bsc#1051510). - staging: iio: ad7192: Fix ad7193 channel address (bsc#1051510). - staging: rtl8712: uninitialized memory in read_bbreg_hdl() (bsc#1051510). - staging: vt6655: Fix interrupt race condition on device start up (bsc#1051510). - staging: vt6655: Remove vif check from vnt_interrupt (bsc#1051510). - sunrpc/cache: handle missing listeners better (bsc#1126221). - sunrpc: fix 4 more call sites that were using stack memory with a scatterlist (git-fixes). - supported.conf: Add vxlan to kernel-default-base (bsc#1132083). - supported.conf: dw_mmc-bluefield is not needed in kernel-default-base (bsc#1131574). - svm/avic: Fix invalidate logical APIC id entry (bsc#1132726). - svm: Fix AVIC DFR and LDR handling (bsc#1132558). - svm: Fix improper check when deactivate AVIC (bsc#1130335). - sysctl: handle overflow for file-max (bsc#1051510). - tcp: fix TCP_REPAIR_QUEUE bound checking (git-fixes). - tcp: tcp_v4_err() should be more careful (networking-stable-19_02_20). - thermal: bcm2835: Fix crash in bcm2835_thermal_debugfs (bsc#1051510). - thermal/intel_powerclamp: fix truncated kthread name (). - thermal/intel_powerclamp: fix truncated kthread name (FATE#326597). - tipc: fix race condition causing hung sendto (networking-stable-19_03_07). - tpm: Fix some name collisions with drivers/char/tpm.h (bsc#1051510). - tpm: Fix the type of the return value in calc_tpm2_event_size() (bsc#1082555). - tpm_tis_spi: Pass the SPI IRQ down to the driver (bsc#1051510). - tpm/tpm_crb: Avoid unaligned reads in crb_recv() (bsc#1051510). - tracing: Fix a memory leak by early error exit in trace_pid_write() (bsc#1133702). - tracing: Fix buffer_ref pipe ops (bsc#1133698). - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account (bsc#1132527). - tty: atmel_serial: fix a potential NULL pointer dereference (bsc#1051510). - tun: fix blocking read (networking-stable-19_03_07). - tun: remove unnecessary memory barrier (networking-stable-19_03_07). - udf: Fix crash on IO error during truncate (bsc#1131175). - uio: Reduce return paths from uio_write() (bsc#1051510). - Update patches.kabi/kabi-cxgb4-MU.patch (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584 bsc#1127371). - usb: cdc-acm: fix race during wakeup blocking TX traffic (bsc#1129770). - usb: chipidea: Grab the (legacy) USB PHY by phandle first (bsc#1051510). - usb: common: Consider only available nodes for dr_mode (bsc#1129770). - usb: core: only clean up what we allocated (bsc#1051510). - usb: dwc3: gadget: Fix the uninitialized link_state when udc starts (bsc#1051510). - usb: dwc3: gadget: synchronize_irq dwc irq in suspend (bsc#1051510). - usb: f_fs: Avoid crash due to out-of-scope stack ptr access (bsc#1051510). - usb: gadget: f_hid: fix deadlock in f_hidg_write() (bsc#1129770). - usb: gadget: Potential NULL dereference on allocation error (bsc#1051510). - usb: host: xhci-rcar: Add XHCI_TRUST_TX_LENGTH quirk (bsc#1051510). - usb: mtu3: fix EXTCON dependency (bsc#1051510). - usb: phy: fix link errors (bsc#1051510). - usb: phy: twl6030-usb: fix possible use-after-free on remove (bsc#1051510). - usb: serial: cp210x: add ID for Ingenico 3070 (bsc#1129770). - usb: serial: cp210x: add new device id (bsc#1051510). - usb: serial: cp210x: fix GPIO in autosuspend (bsc#1120902). - usb: serial: ftdi_sio: add additional NovaTech products (bsc#1051510). - usb: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485 (bsc#1129770). - usb: serial: mos7720: fix mos_parport refcount imbalance on error path (bsc#1129770). - usb: serial: option: add Olicard 600 (bsc#1051510). - usb: serial: option: add support for Quectel EM12 (bsc#1051510). - usb: serial: option: add Telit ME910 ECM composition (bsc#1129770). - usb: serial: option: set driver_info for SIM5218 and compatibles (bsc#1129770). - vfs: allow dedupe of user owned read-only files (bsc#1133778, bsc#1132219). - vfs: avoid problematic remapping requests into partial EOF block (bsc#1133850, bsc#1132219). - vfs: dedupe: extract helper for a single dedup (bsc#1133769, bsc#1132219). - vfs: dedupe should return EPERM if permission is not granted (bsc#1133779, bsc#1132219). - vfs: exit early from zero length remap operations (bsc#1132411, bsc#1132219). - vfs: export vfs_dedupe_file_range_one() to modules (bsc#1133772, bsc#1132219). - vfs: limit size of dedupe (bsc#1132397, bsc#1132219). - vfs: rename clone_verify_area to remap_verify_area (bsc#1133852, bsc#1132219). - vfs: skip zero-length dedupe requests (bsc#1133851, bsc#1132219). - vfs: swap names of {do,vfs}_clone_file_range() (bsc#1133774, bsc#1132219). - vfs: vfs_clone_file_prep_inodes should return EINVAL for a clone from beyond EOF (bsc#1133780, bsc#1132219). - video: fbdev: Set pixclock = 0 in goldfishfb (bsc#1051510). - vxlan: test dev->flags & IFF_UP before calling netif_rx() (networking-stable-19_02_20). - wil6210: check null pointer in _wil_cfg80211_merge_extra_ies (bsc#1051510). - wlcore: Fix memory leak in case wl12xx_fetch_firmware failure (bsc#1051510). - x86/cpu: Add Atom Tremont (Jacobsville) (). - x86/cpu: Add Atom Tremont (Jacobsville) (FATE#327454). - x86/CPU/AMD: Set the CPB bit unconditionally on F17h (bsc#1114279). - x86/cpu: Sanitize FAM6_ATOM naming (bsc#1111331). - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (bsc#1111331). - x86/kvm/hyper-v: avoid spurious pending stimer on vCPU init (bsc#1132572). - x86/kvm/vmx: Add MDS protection when L1D Flush is not active (bsc#1111331). - x86/MCE/AMD, EDAC/mce_amd: Add new error descriptions for some SMCA bank types (bsc#1128415). - x86/MCE/AMD, EDAC/mce_amd: Add new McaTypes for CS, PSP, and SMU units (bsc#1128415). - x86/MCE/AMD, EDAC/mce_amd: Add new MP5, NBIO, and PCIE SMCA bank types (bsc#1128415). - x86/mce/AMD, EDAC/mce_amd: Enumerate Reserved SMCA bank type (bsc#1128415). - x86/mce/AMD: Pass the bank number to smca_get_bank_type() (bsc#1128415). - x86/MCE: Fix kABI for new AMD bank names (bsc#1128415). - x86/mce: Handle varying MCA bank counts (bsc#1128415). - x86/mce: Improve error message when kernel cannot recover, p2 (bsc#1114279). - x86/msr-index: Cleanup bit defines (bsc#1111331). - x86/PCI: Fixup RTIT_BAR of Intel Denverton Trace Hub (bsc#1120318). - x86/speculation: Consolidate CPU whitelists (bsc#1111331). - x86/speculation/mds: Add basic bug infrastructure for MDS (bsc#1111331). - x86/speculation/mds: Add BUG_MSBDS_ONLY (bsc#1111331). - x86/speculation/mds: Add mds_clear_cpu_buffers() (bsc#1111331). - x86/speculation/mds: Add mds=full,nosmt cmdline option (bsc#1111331). - x86/speculation/mds: Add mitigation control for MDS (bsc#1111331). - x86/speculation/mds: Add mitigation mode VMWERV (bsc#1111331). - x86/speculation/mds: Add 'mitigations=' support for MDS (bsc#1111331). - x86/speculation/mds: Add SMT warning message (bsc#1111331). - x86/speculation/mds: Add sysfs reporting for MDS (bsc#1111331). - x86/speculation/mds: Clear CPU buffers on exit to user (bsc#1111331). - x86/speculation/mds: Conditionally clear CPU buffers on idle entry (bsc#1111331). - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (bsc#1111331). - x86/speculation: Move arch_smt_update() call to after mitigation decisions (bsc#1111331). - x86/speculation: Prevent deadlock on ssb_state::lock (bsc#1114279). - x86/speculation: Simplify the CPU bug detection logic (bsc#1111331). - x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - x86/tsc: Force inlining of cyc2ns bits (bsc#1052904). - x86/uaccess: Do not leak the AC flag into __put_user() value evaluation (bsc#1114279). - xen-netback: do not populate the hash cache on XenBus disconnect (networking-stable-19_03_07). - xen-netback: fix occasional leak of grant ref mappings under memory pressure (networking-stable-19_03_07). - xen: Prevent buffer overflow in privcmd ioctl (bsc#1065600). - xfrm: do not call rcu_read_unlock when afinfo is NULL in xfrm_get_tos (git-fixes). - xfrm: Fix ESN sequence number handling for IPsec GSO packets (git-fixes). - xfrm: fix rcu_read_unlock usage in xfrm_local_error (git-fixes). - xfs: add the ability to join a held buffer to a defer_ops (bsc#1133674). - xfs: allow xfs_lock_two_inodes to take different EXCL/SHARED modes (bsc#1132370, bsc#1132219). - xfs: call xfs_qm_dqattach before performing reflink operations (bsc#1132368, bsc#1132219). - xfs: cap the length of deduplication requests (bsc#1132373, bsc#1132219). - xfs: clean up xfs_reflink_remap_blocks call site (bsc#1132413, bsc#1132219). - xfs: fix data corruption w/ unaligned dedupe ranges (bsc#1132405, bsc#1132219). - xfs: fix data corruption w/ unaligned reflink ranges (bsc#1132407, bsc#1132219). - xfs: fix pagecache truncation prior to reflink (bsc#1132412, bsc#1132219). - xfs: fix reporting supported extra file attributes for statx() (bsc#1133529). - xfs: flush removing page cache in xfs_reflink_remap_prep (bsc#1132414, bsc#1132219). - xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute (bsc#1133675). - xfs: only grab shared inode locks for source file during reflink (bsc#1132372, bsc#1132219). - xfs: refactor clonerange preparation into a separate helper (bsc#1132402, bsc#1132219). - xfs: refactor xfs_trans_roll (bsc#1133667). - xfs: reflink find shared should take a transaction (bsc#1132226, bsc#1132219). - xfs: reflink should break pnfs leases before sharing blocks (bsc#1132369, bsc#1132219). - xfs: remove dest file's post-eof preallocations before reflinking (bsc#1132365, bsc#1132219). - xfs: remove the ip argument to xfs_defer_finish (bsc#1133672). - xfs: rename xfs_defer_join to xfs_defer_ijoin (bsc#1133668). - xfs: update ctime and remove suid before cloning files (bsc#1132404, bsc#1132219). - xfs: zero posteof blocks when cloning above eof (bsc#1132403, bsc#1132219). - xhci: Do not let USB3 ports stuck in polling state prevent suspend (bsc#1051510). - xhci: Fix port resume done detection for SS ports with LPM enabled (bsc#1051510). Important SUSE bug 1050549 SUSE bug 1051510 SUSE bug 1052904 SUSE bug 1053043 SUSE bug 1055117 SUSE bug 1055121 SUSE bug 1055186 SUSE bug 1061840 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1070872 SUSE bug 1082555 SUSE bug 1083647 SUSE bug 1085535 SUSE bug 1085536 SUSE bug 1088804 SUSE bug 1094244 SUSE bug 1097583 SUSE bug 1097584 SUSE bug 1097585 SUSE bug 1097586 SUSE bug 1097587 SUSE bug 1097588 SUSE bug 1100132 SUSE bug 1103186 SUSE bug 1103259 SUSE bug 1108193 SUSE bug 1108937 SUSE bug 1111331 SUSE bug 1112128 SUSE bug 1112178 SUSE bug 1113399 SUSE bug 1113722 SUSE bug 1114279 SUSE bug 1114542 SUSE bug 1114638 SUSE bug 1119086 SUSE bug 1119680 SUSE bug 1120318 SUSE bug 1120902 SUSE bug 1122767 SUSE bug 1123105 SUSE bug 1125342 SUSE bug 1126221 SUSE bug 1126356 SUSE bug 1126704 SUSE bug 1126740 SUSE bug 1127175 SUSE bug 1127371 SUSE bug 1127372 SUSE bug 1127374 SUSE bug 1127378 SUSE bug 1127445 SUSE bug 1128415 SUSE bug 1128544 SUSE bug 1129273 SUSE bug 1129276 SUSE bug 1129770 SUSE bug 1130130 SUSE bug 1130154 SUSE bug 1130195 SUSE bug 1130335 SUSE bug 1130336 SUSE bug 1130337 SUSE bug 1130338 SUSE bug 1130425 SUSE bug 1130427 SUSE bug 1130518 SUSE bug 1130527 SUSE bug 1130567 SUSE bug 1130579 SUSE bug 1131062 SUSE bug 1131107 SUSE bug 1131167 SUSE bug 1131168 SUSE bug 1131169 SUSE bug 1131170 SUSE bug 1131171 SUSE bug 1131172 SUSE bug 1131173 SUSE bug 1131174 SUSE bug 1131175 SUSE bug 1131176 SUSE bug 1131177 SUSE bug 1131178 SUSE bug 1131179 SUSE bug 1131180 SUSE bug 1131290 SUSE bug 1131326 SUSE bug 1131335 SUSE bug 1131336 SUSE bug 1131416 SUSE bug 1131427 SUSE bug 1131442 SUSE bug 1131467 SUSE bug 1131574 SUSE bug 1131587 SUSE bug 1131659 SUSE bug 1131673 SUSE bug 1131847 SUSE bug 1131848 SUSE bug 1131851 SUSE bug 1131900 SUSE bug 1131934 SUSE bug 1131935 SUSE bug 1132083 SUSE bug 1132219 SUSE bug 1132226 SUSE bug 1132227 SUSE bug 1132365 SUSE bug 1132368 SUSE bug 1132369 SUSE bug 1132370 SUSE bug 1132372 SUSE bug 1132373 SUSE bug 1132384 SUSE bug 1132397 SUSE bug 1132402 SUSE bug 1132403 SUSE bug 1132404 SUSE bug 1132405 SUSE bug 1132407 SUSE bug 1132411 SUSE bug 1132412 SUSE bug 1132413 SUSE bug 1132414 SUSE bug 1132426 SUSE bug 1132527 SUSE bug 1132531 SUSE bug 1132555 SUSE bug 1132558 SUSE bug 1132561 SUSE bug 1132562 SUSE bug 1132563 SUSE bug 1132564 SUSE bug 1132570 SUSE bug 1132571 SUSE bug 1132572 SUSE bug 1132589 SUSE bug 1132618 SUSE bug 1132681 SUSE bug 1132726 SUSE bug 1132828 SUSE bug 1132943 SUSE bug 1133005 SUSE bug 1133094 SUSE bug 1133095 SUSE bug 1133115 SUSE bug 1133149 SUSE bug 1133486 SUSE bug 1133529 SUSE bug 1133584 SUSE bug 1133667 SUSE bug 1133668 SUSE bug 1133672 SUSE bug 1133674 SUSE bug 1133675 SUSE bug 1133698 SUSE bug 1133702 SUSE bug 1133731 SUSE bug 1133769 SUSE bug 1133772 SUSE bug 1133774 SUSE bug 1133778 SUSE bug 1133779 SUSE bug 1133780 SUSE bug 1133825 SUSE bug 1133850 SUSE bug 1133851 SUSE bug 1133852 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-16880 CVE-2019-11091 CVE-2019-3882 CVE-2019-9003 CVE-2019-9500 CVE-2019-9503 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for libraw fixes the following issues: Security issues fixed: - CVE-2018-20365: Fixed a heap-based buffer overflow in the raw2image function of libraw_cxx.cpp (bsc#1120500) - CVE-2018-20364: Fixed a NULL pointer dereference in the copy_bayer function of libraw_cxx.cpp (bsc#1120499) - CVE-2018-20363: Fixed a NULL pointer dereference in the raw2image function of libraw_cxx.cpp (bsc#1120498) - CVE-2018-5817: Fixed an infinite loop in the unpacked_load_raw function of dcraw_common.cpp (bsc#1120515) - CVE-2018-5818: Fixed an infinite loop in the parse_rollei function of dcraw_common.cpp (bsc#1120516) - CVE-2018-5819: Fixed a denial of service in the parse_sinar_ia function of dcraw_common.cpp (bsc#1120517) Moderate SUSE bug 1120498 SUSE bug 1120499 SUSE bug 1120500 SUSE bug 1120515 SUSE bug 1120516 SUSE bug 1120517 CVE-2018-20363 CVE-2018-20364 CVE-2018-20365 CVE-2018-5817 CVE-2018-5818 CVE-2018-5819 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for PackageKit fixes the following issues: - Fixed displaying the license agreement pop up window during package update (bsc#1038425). Moderate SUSE bug 1038425 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for bluez fixes the following issues: Security vulnerability addressed: - CVE-2016-9797: Fixed a buffer over-read in l2cap_dump() (bsc#1013708). - CVE-2016-9798: Fixed a use-after-free in conf_opt() (bsc#1013712). - CVE-2016-9917: Fixed a heap-based buffer overflow in read_n() (bsc#1015171). - CVE-2016-9802: Fixed a buffer over-read in l2cap_packet() (bsc#1013893). - CVE-2016-9918: Fixed an out-of-bounds stack read in packet_hexdump(), which could be triggered by processing a corrupted dump file and will result in a crash of the hcidump tool (bsc#1015173) Moderate SUSE bug 1013708 SUSE bug 1013712 SUSE bug 1013893 SUSE bug 1015171 SUSE bug 1015173 CVE-2016-9797 CVE-2016-9798 CVE-2016-9802 CVE-2016-9917 CVE-2016-9918 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for freerdp fixes the following issues: Security issues fixed: - CVE-2018-0886: Fix a remote code execution vulnerability (CredSSP) (bsc#1085416, bsc#1087240, bsc#1104918) - CVE-2018-8789: Fix several denial of service vulnerabilities in the in the NTLM Authentication module (bsc#1117965) - CVE-2018-8785: Fix a potential remote code execution vulnerability in the zgfx_decompress function (bsc#1117967) - CVE-2018-8786: Fix a potential remote code execution vulnerability in the update_read_bitmap_update function (bsc#1117966) - CVE-2018-8787: Fix a potential remote code execution vulnerability in the gdi_Bitmap_Decompress function (bsc#1117964) - CVE-2018-8788: Fix a potential remote code execution vulnerability in the nsc_rle_decode function (bsc#1117963) - CVE-2018-8784: Fix a potential remote code execution vulnerability in the zgfx_decompress_segment function (bsc#1116708) - CVE-2018-1000852: Fixed a remote memory access in the drdynvc_process_capability_request function (bsc#1120507) Important SUSE bug 1085416 SUSE bug 1087240 SUSE bug 1104918 SUSE bug 1116708 SUSE bug 1117963 SUSE bug 1117964 SUSE bug 1117965 SUSE bug 1117966 SUSE bug 1117967 SUSE bug 1120507 CVE-2018-0886 CVE-2018-1000852 CVE-2018-8784 CVE-2018-8785 CVE-2018-8786 CVE-2018-8787 CVE-2018-8788 CVE-2018-8789 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for gnome-shell fixes the following issues: Security issue fixed: - CVE-2019-3820: Fixed a partial lock screen bypass (bsc#1124493). Fixed bugs: - Remove sessionList of endSessionDialog for security reasons (jsc#SLE-6660). Moderate SUSE bug 1124493 CVE-2019-3820 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for evolution fixes the following issue: Security issue fixed: - CVE-2018-15587: Fixed OpenPGP signatures spoofing via specially crafted email that contains a valid signature (bsc#1125230). Moderate SUSE bug 1125230 CVE-2018-15587 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for python fixes the following issues: Security issues fixed: - CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead (bsc#1130847). - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). Important SUSE bug 1129346 SUSE bug 1130847 CVE-2019-9636 CVE-2019-9948 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for libreoffice and libraries fixes the following issues: LibreOffice was updated to 6.2.3.2 (fate#327121 bsc#1128845 bsc#1123455), bringing lots of bug and stability fixes. Additional bugfixes: - If there is no firebird engine we still need java to run hsqldb (bsc#1135189) - PPTX: Rectangle turns from green to blue and loses transparency when transparency is set (bsc#1135228) - Slide deck compression doesn't, hmm, compress too much (bsc#1127760) - Psychedelic graphics in LibreOffice (but not PowerPoint) (bsc#1124869) - Image from PPTX shown in a square, not a circle (bsc#1121874) libixion was updated to 0.14.1: * Updated for new orcus liborcus was updated to 0.14.1: * Boost 1.67 support * Various cell handling issues fixed libwps was updated to 0.4.10: * QuattroPro: add parser of .qwp files * all: support complex encoding mdds was updated to 1.4.3: * Api change to 1.4 * More multivector opreations and tweaks * Various multi vector fixes * flat_segment_tree: add segment iterator and functions * fix to handle out-of-range insertions on flat_segment_tree * Another api version -> rename to mdds-1_2 myspell-dictionaries was updated to 20190423: * Serbian dictionary updated * Update af_ZA hunspell * Update Spanish dictionary * Update Slovenian dictionary * Update Breton dictionary * Update Galician dictionary Moderate SUSE bug 1089811 SUSE bug 1116451 SUSE bug 1121874 SUSE bug 1123131 SUSE bug 1123455 SUSE bug 1124062 SUSE bug 1124869 SUSE bug 1127760 SUSE bug 1127857 SUSE bug 1128845 SUSE bug 1135189 SUSE bug 1135228 CVE-2018-16858 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for webkit2gtk3 to version 2.22.5 fixes the following issues: Security issues fixed: - CVE-2018-4438: Fixed a logic issue which lead to memory corruption (bsc#1119554) - CVE-2018-4437, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464: Fixed multiple memory corruption issues with improved memory handling (bsc#1119553, bsc#1119555, bsc#1119556, bsc#1119557, bsc#1119558) Important SUSE bug 1119553 SUSE bug 1119554 SUSE bug 1119555 SUSE bug 1119556 SUSE bug 1119557 SUSE bug 1119558 CVE-2018-4437 CVE-2018-4438 CVE-2018-4441 CVE-2018-4442 CVE-2018-4443 CVE-2018-4464 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. - CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power. - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) - CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) - CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) - CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM existed. It could have occured with FUSE requests. (bnc#1133190) - CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) - CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603) - CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access. (bnc#1135278) - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a hidPCONNADD command, because a name field may not end with a '\0' character. (bnc#1134848) - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions. (bnc#1133188) The following non-security bugs were fixed: - 9p locks: add mount option for lock retry interval (bsc#1051510). - Update config files. Debug kernel is not supported (bsc#1135492). - acpi / utils: Drop reference in test for device presence (bsc#1051510). - acpi: button: reinitialize button state upon resume (bsc#1051510). - acpi: fix menuconfig presentation of acpi submenu (bsc#1117158). - acpica: AML interpreter: add region addresses in global list during initialization (bsc#1051510). - acpica: Namespace: remove address node from global list after method termination (bsc#1051510). - alsa: core: Do not refer to snd_cards array directly (bsc#1051510). - alsa: emu10k1: Drop superfluous id-uniquification behavior (bsc#1051510). - alsa: hda - Register irq handler after the chip initialization (bsc#1051510). - alsa: hda - Use a macro for snd_array iteration loops (bsc#1051510). - alsa: hda/hdmi - Consider eld_valid when reporting jack event (bsc#1051510). - alsa: hda/hdmi - Read the pin sense from register when repolling (bsc#1051510). - alsa: hda/realtek - Avoid superfluous COEF EAPD setups (bsc#1051510). - alsa: hda/realtek - Corrected fixup for System76 Gazelle (gaze14) (bsc#1051510). - alsa: hda/realtek - EAPD turn on later (bsc#1051510). - alsa: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug (bsc#1051510). - alsa: hda/realtek - Fixup headphone noise via runtime suspend (bsc#1051510). - alsa: hda/realtek - Improve the headset mic for Acer Aspire laptops (bsc#1051510). - alsa: hdea/realtek - Headset fixup for System76 Gazelle (gaze14) (bsc#1051510). - alsa: line6: Avoid polluting led_* namespace (bsc#1051510). - alsa: seq: Align temporary re-locking with irqsave version (bsc#1051510). - alsa: seq: Correct unlock sequence at snd_seq_client_ioctl_unlock() (bsc#1051510). - alsa: seq: Cover unsubscribe_port() in list_mutex (bsc#1051510). - alsa: seq: Fix race of get-subscription call vs port-delete ioctls (bsc#1051510). - alsa: seq: Protect in-kernel ioctl calls with mutex (bsc#1051510). - alsa: seq: Protect racy pool manipulation from OSS sequencer (bsc#1051510). - alsa: seq: Remove superfluous irqsave flags (bsc#1051510). - alsa: seq: Simplify snd_seq_kernel_client_enqueue() helper (bsc#1051510). - alsa: timer: Check ack_list emptiness instead of bit flag (bsc#1051510). - alsa: timer: Coding style fixes (bsc#1051510). - alsa: timer: Make snd_timer_close() really kill pending actions (bsc#1051510). - alsa: timer: Make sure to clear pending ack list (bsc#1051510). - alsa: timer: Revert active callback sync check at close (bsc#1051510). - alsa: timer: Simplify error path in snd_timer_open() (bsc#1051510). - alsa: timer: Unify timer callback process code (bsc#1051510). - alsa: usb-audio: Fix a memory leak bug (bsc#1051510). - alsa: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk() (bsc#1051510). - alsa: usx2y: fix a double free bug (bsc#1051510). - appletalk: Fix compile regression (bsc#1051510). - appletalk: Fix use-after-free in atalk_proc_exit (bsc#1051510). - arch: arm64: acpi: KABI ginore includes (bsc#1117158 bsc#1134671). - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table (bsc#1117158). - arm64/x86: Update config files. Use CONFIG_ARCH_SUPPORTS_acpi - arm64: Export save_stack_trace_tsk() (jsc#SLE-4214). - arm64: acpi: fix alignment fault in accessing acpi (bsc#1117158). - arm64: fix acpi dependencies (bsc#1117158). - arm: 8824/1: fix a migrating irq bug when hotplug cpu (bsc#1051510). - arm: 8833/1: Ensure that NEON code always compiles with Clang (bsc#1051510). - arm: 8839/1: kprobe: make patch_lock a raw_spinlock_t (bsc#1051510). - arm: 8840/1: use a raw_spinlock_t in unwind (bsc#1051510). - arm: OMAP2+: Variable 'reg' in function omap4_dsi_mux_pads() could be uninitialized (bsc#1051510). - arm: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug (bsc#1051510). - arm: avoid Cortex-A9 livelock on tight dmb loops (bsc#1051510). - arm: imx6q: cpuidle: fix bug that CPU might not wake up at expected time (bsc#1051510). - arm: iop: do not use using 64-bit DMA masks (bsc#1051510). - arm: orion: do not use using 64-bit DMA masks (bsc#1051510). - arm: pxa: ssp: unneeded to free devm_ allocated data (bsc#1051510). - arm: s3c24xx: Fix boolean expressions in osiris_dvs_notify (bsc#1051510). - arm: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms (bsc#1051510). - asoc: Intel: avoid Oops if DMA setup fails (bsc#1051510). - asoc: RT5677-SPI: Disable 16Bit SPI Transfers (bsc#1051510). - asoc: cs4270: Set auto-increment bit for register writes (bsc#1051510). - asoc: fix valid stream condition (bsc#1051510). - asoc: fsl_esai: Fix missing break in switch statement (bsc#1051510). - asoc: hdmi-codec: fix S/PDIF DAI (bsc#1051510). - asoc: max98090: Fix restore of DAPM Muxes (bsc#1051510). - asoc: nau8810: fix the issue of widget with prefixed name (bsc#1051510). - asoc: nau8824: fix the issue of the widget with prefix name (bsc#1051510). - asoc: samsung: odroid: Fix clock configuration for 44100 sample rate (bsc#1051510). - asoc: stm32: fix sai driver name initialisation (bsc#1051510). - asoc: tlv320aic32x4: Fix Common Pins (bsc#1051510). - asoc: wm_adsp: Add locking to wm_adsp2_bus_error (bsc#1051510). - asoc:soc-pcm:fix a codec fixup issue in TDM case (bsc#1051510). - at76c50x-usb: Do not register led_trigger if usb_register_driver failed (bsc#1051510). - audit: fix a memleak caused by auditing load module (bsc#1051510). - b43: shut up clang -Wuninitialized variable warning (bsc#1051510). - backlight: lm3630a: Return 0 on success in update_status functions (bsc#1051510). - bcache: Move couple of functions to sysfs.c (bsc#1130972). - bcache: Move couple of string arrays to sysfs.c (bsc#1130972). - bcache: Populate writeback_rate_minimum attribute (bsc#1130972). - bcache: Replace bch_read_string_list() by __sysfs_match_string() (bsc#1130972). - bcache: account size of buckets used in uuid write to ca->meta_sectors_written (bsc#1130972). - bcache: add MODULE_DESCRIPTION information (bsc#1130972). - bcache: add a comment in super.c (bsc#1130972). - bcache: add code comments for bset.c (bsc#1130972). - bcache: add comment for cache_set->fill_iter (bsc#1130972). - bcache: add identifier names to arguments of function definitions (bsc#1130972). - bcache: add missing SPDX header (bsc#1130972). - bcache: add separate workqueue for journal_write to avoid deadlock (bsc#1130972). - bcache: add static const prefix to char * array declarations (bsc#1130972). - bcache: add sysfs_strtoul_bool() for setting bit-field variables (bsc#1130972). - bcache: add the missing comments for smp_mb()/smp_wmb() (bsc#1130972). - bcache: cannot set writeback_running via sysfs if no writeback kthread created (bsc#1130972). - bcache: correct dirty data statistics (bsc#1130972). - bcache: do not assign in if condition in bcache_init() (bsc#1130972). - bcache: do not assign in if condition register_bcache() (bsc#1130972). - bcache: do not check NULL pointer before calling kmem_cache_destroy (bsc#1130972). - bcache: do not check if debug dentry is ERR or NULL explicitly on remove (bsc#1130972). - bcache: do not clone bio in bch_data_verify (bsc#1130972). - bcache: do not mark writeback_running too early (bsc#1130972). - bcache: export backing_dev_name via sysfs (bsc#1130972). - bcache: export backing_dev_uuid via sysfs (bsc#1130972). - bcache: fix code comments style (bsc#1130972). - bcache: fix indent by replacing blank by tabs (bsc#1130972). - bcache: fix indentation issue, remove tabs on a hunk of code (bsc#1130972). - bcache: fix input integer overflow of congested threshold (bsc#1130972). - bcache: fix input overflow to cache set io_error_limit (bsc#1130972). - bcache: fix input overflow to cache set sysfs file io_error_halflife (bsc#1130972). - bcache: fix input overflow to journal_delay_ms (bsc#1130972). - bcache: fix input overflow to sequential_cutoff (bsc#1130972). - bcache: fix input overflow to writeback_delay (bsc#1130972). - bcache: fix input overflow to writeback_rate_minimum (bsc#1130972). - bcache: fix ioctl in flash device (bsc#1130972). - bcache: fix mistaken code comments in bcache.h (bsc#1130972). - bcache: fix mistaken comments in request.c (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_i_term_inverse (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_p_term_inverse (bsc#1130972). - bcache: fix typo 'succesfully' to 'successfully' (bsc#1130972). - bcache: fix typo in code comments of closure_return_with_destructor() (bsc#1130972). - bcache: improve sysfs_strtoul_clamp() (bsc#1130972). - bcache: introduce force_wake_up_gc() (bsc#1130972). - bcache: make cutoff_writeback and cutoff_writeback_sync tunable (bsc#1130972). - bcache: move open brace at end of function definitions to next line (bsc#1130972). - bcache: never writeback a discard operation (bsc#1130972). - bcache: not use hard coded memset size in bch_cache_accounting_clear() (bsc#1130972). - bcache: option to automatically run gc thread after writeback (bsc#1130972). - bcache: panic fix for making cache device (bsc#1130972). - bcache: prefer 'help' in Kconfig (bsc#1130972). - bcache: print number of keys in trace_bcache_journal_write (bsc#1130972). - bcache: recal cached_dev_sectors on detach (bsc#1130972). - bcache: remove unnecessary space before ioctl function pointer arguments (bsc#1130972). - bcache: remove unused bch_passthrough_cache (bsc#1130972). - bcache: remove useless parameter of bch_debug_init() (bsc#1130972). - bcache: replace '%pF' by '%pS' in seq_printf() (bsc#1130972). - bcache: replace Symbolic permissions by octal permission numbers (bsc#1130972). - bcache: replace hard coded number with BUCKET_GC_GEN_MAX (bsc#1130972). - bcache: replace printk() by pr_*() routines (bsc#1130972). - bcache: set writeback_percent in a flexible range (bsc#1130972). - bcache: split combined if-condition code into separate ones (bsc#1130972). - bcache: stop bcache device when backing device is offline (bsc#1130972). - bcache: stop using the deprecated get_seconds() (bsc#1130972). - bcache: style fix to add a blank line after declarations (bsc#1130972). - bcache: style fix to replace 'unsigned' by 'unsigned int' (bsc#1130972). - bcache: style fixes for lines over 80 characters (bsc#1130972). - bcache: treat stale and dirty keys as bad keys (bsc#1130972). - bcache: trivial - remove tailing backslash in macro BTREE_FLAG (bsc#1130972). - bcache: update comment for bch_data_insert (bsc#1130972). - bcache: update comment in sysfs.c (bsc#1130972). - bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata (bsc#1130972). - bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set (bsc#1130972). - bcache: use REQ_PRIO to indicate bio for metadata (bsc#1130972). - bcache: use routines from lib/crc64.c for CRC64 calculation (bsc#1130972). - bcache: use sysfs_strtoul_bool() to set bit-field variables (bsc#1130972). - block: Do not revalidate bdev of hidden gendisk (bsc#1120091). - block: check_events: do not bother with events if unsupported (bsc#1110946, bsc#1119843). - block: disk_events: introduce event flags (bsc#1110946, bsc#1119843). - block: do not leak memory in bio_copy_user_iov() (bsc#1135309). - block: fix the return errno for direct IO (bsc#1135320). - block: fix use-after-free on gendisk (bsc#1135312). - bluetooth: Align minimum encryption key size for LE and BR/EDR connections (bsc#1051510). - bluetooth: Check key sizes only when Secure Simple Pairing is enabled (bsc#1135556). - bluetooth: hidp: fix buffer overflow (bsc#1051510). - bnxt_en: Free short FW command HWRM memory in error path in bnxt_init_one() (bsc#1050242). - bnxt_en: Improve RX consumer index validity check (networking-stable-19_04_10). - bnxt_en: Improve multicast address setup logic (networking-stable-19_05_04). - bnxt_en: Reset device on RX buffer errors (networking-stable-19_04_10). - bonding: fix event handling for stacked bonds (networking-stable-19_04_19). - bpf, lru: avoid messing with eviction heuristics upon syscall lookup (bsc#1083647). - bpf: Add missed newline in verifier verbose log (bsc#1056787). - bpf: add map_lookup_elem_sys_only for lookups from syscall side (bsc#1083647). - brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() (bsc#1051510). - btrfs: Do not panic when we can't find a root key (bsc#1112063). - btrfs: Factor out common delayed refs init code (bsc#1134813). - btrfs: Introduce init_delayed_ref_head (bsc#1134813). - btrfs: Open-code add_delayed_data_ref (bsc#1134813). - btrfs: Open-code add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_data_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_head in add_delayed_ref_head (bsc#1134813). - btrfs: add a helper to return a head ref (bsc#1134813). - btrfs: breakout empty head cleanup to a helper (bsc#1134813). - btrfs: delayed-ref: Introduce better documented delayed ref structures (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: do not allow trimming when a fs is mounted with the nologreplay option (bsc#1135758). - btrfs: do not double unlock on error in btrfs_punch_hole (bsc#1136881). - btrfs: extent-tree: Fix a bug that btrfs is unable to add pinned bytes (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Open-code process_func in __btrfs_mod_ref (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor add_pinned_bytes() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_free_extent() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_inc_extent_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: fix fsync not persisting changed attributes of a directory (bsc#1137151). - btrfs: fix race between ranged fsync and writeback of adjacent ranges (bsc#1136477). - btrfs: fix race updating log root item during fsync (bsc#1137153). - btrfs: fix wrong ctime and mtime of a directory after log replay (bsc#1137152). - btrfs: improve performance on fsync of files with multiple hardlinks (bsc#1123454). - btrfs: move all ref head cleanup to the helper function (bsc#1134813). - btrfs: move extent_op cleanup to a helper (bsc#1134813). - btrfs: move ref_mod modification into the if (ref) logic (bsc#1134813). - btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer dereference (bsc#1134806). - btrfs: qgroup: Do not scan leaf if we're modifying reloc tree (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: qgroup: Move reserved data accounting from btrfs_delayed_ref_head to btrfs_qgroup_extent_record (bsc#1134162). - btrfs: qgroup: Remove duplicated trace points for qgroup_rsv_add/release (bsc#1134160). - btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON() (bsc#1133612). - btrfs: remove delayed_ref_node from ref_head (bsc#1134813). - btrfs: send, flush dellaloc in order to avoid data loss (bsc#1133320). - btrfs: split delayed ref head initialization and addition (bsc#1134813). - btrfs: track refs in a rb_tree instead of a list (bsc#1134813). - btrfs: tree-checker: detect file extent items with overlapping ranges (bsc#1136478). - ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134461). - ceph: fix ci->i_head_snapc leak (bsc#1122776). - ceph: fix use-after-free on symlink traversal (bsc#1134459). - ceph: only use d_name directly when parent is locked (bsc#1134460). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565). - clk: rockchip: Fix video codec clocks on rk3288 (bsc#1051510). - clk: rockchip: fix wrong clock definitions for rk3328 (bsc#1051510). - configfs: Fix use-after-free when accessing sd->s_dentry (bsc#1051510). - configfs: fix possible use-after-free in configfs_register_group (bsc#1051510). - crypto: arm/aes-neonbs - do not access already-freed walk.iv (bsc#1051510). - crypto: caam - fix caam_dump_sg that iterates through scatterlist (bsc#1051510). - crypto: ccm - fix incompatibility between 'ccm' and 'ccm_base' (bsc#1051510). - crypto: ccp - Do not free psp_master when PLATFORM_INIT fails (bsc#1051510). - crypto: chacha20poly1305 - set cra_name correctly (bsc#1051510). - crypto: crct10dif-generic - fix use via crypto_shash_digest() (bsc#1051510). - crypto: fips - Grammar s/options/option/, s/to/the/ (bsc#1051510). - crypto: gcm - fix incompatibility between 'gcm' and 'gcm_base' (bsc#1051510). - crypto: skcipher - do not WARN on unprocessed data after slow walk step (bsc#1051510). - crypto: sun4i-ss - Fix invalid calculation of hash end (bsc#1051510). - crypto: vmx - CTR: always increment IV as quadword (bsc#1051510). - crypto: vmx - fix copy-paste error in CTR mode (bsc#1051510). - crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661, bsc#1137162). - crypto: vmx - return correct error code on failed setkey (bsc#1135661, bsc#1137162). - crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest() (bsc#1051510). - dccp: Fix memleak in __feat_register_sp (bsc#1051510). - dccp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28). - debugfs: fix use-after-free on symlink traversal (bsc#1051510). - devres: Align data[] to ARCH_KMALLOC_MINALIGN (bsc#1051510). - dmaengine: axi-dmac: Do not check the number of frames for alignment (bsc#1051510). - dmaengine: tegra210-dma: free dma controller in remove() (bsc#1051510). - documentation: Add MDS vulnerability documentation (bsc#1135642). - drivers: acpi: add dependency of EFI for arm64 (bsc#1117158). - drm/bridge: adv7511: Fix low refresh rate selection (bsc#1051510). - drm/etnaviv: lock MMU while dumping core (bsc#1113722) - drm/fb-helper: dpms_legacy(): Only set on connectors in use (bsc#1051510). - drm/i915/fbc: disable framebuffer compression on GeminiLake (bsc#1051510). - drm/i915/gvt: Fix cmd length of VEB_DI_IECP (bsc#1113722) - drm/i915/gvt: Fix incorrect mask of mmio 0x22028 in gen8/9 mmio list (bnc#1113722) - drm/i915/gvt: Tiled Resources mmios are in-context mmios for gen9+ (bsc#1113722) - drm/i915/gvt: add 0x4dfc to gen9 save-restore list (bsc#1113722) - drm/i915/gvt: do not let TRTTE and 0x4dfc write passthrough to hardware (bsc#1051510). - drm/i915/gvt: refine ggtt range validation (bsc#1113722) - drm/i915: Disable LP3 watermarks on all SNB machines (bsc#1051510). - drm/i915: Downgrade Gen9 Plane WM latency error (bsc#1051510). - drm/i915: Fix I915_EXEC_RING_MASK (bsc#1051510). - drm/imx: do not skip DP channel disable for background plane (bsc#1051510). - drm/mediatek: fix possible object reference leak (bsc#1051510). - drm/meson: add size and alignment requirements for dumb buffers (bnc#1113722) - drm/nouveau/i2c: Disable i2c bus access after ->fini() (bsc#1113722) - drm/rockchip: fix for mailbox read validation (bsc#1051510). - drm/rockchip: shutdown drm subsystem on shutdown (bsc#1051510). - drm/sun4i: rgb: Change the pixel clock validation check (bnc#1113722) - drm/ttm: Remove warning about inconsistent mapping information (bnc#1131488) - drm/vmwgfx: Do not send drm sysfs hotplug events on initial master set (bsc#1051510). - drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() (bsc#1113722) - drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read (bsc#1051510). - dt-bindings: clock: r8a7795: Remove CSIREF clock (bsc#1120902). - dt-bindings: clock: r8a7796: Remove CSIREF clock (bsc#1120902). - dt-bindings: net: Add binding for the external clock for TI WiLink (bsc#1085535). - dt-bindings: net: Fix a typo in the phy-mode list for ethernet bindings (bsc#1129770). - dt-bindings: rtc: sun6i-rtc: Fix register range in example (bsc#1120902). - dwc2: gadget: Fix completed transfer size calculation in DDMA (bsc#1051510). - efi/arm: Defer persistent reservations until after paging_init() (bsc#1117158). - efi/arm: Do not mark acpi reclaim memory as MEMBLOCK_NOMAP (bsc#1117158 bsc#1115688 bsc#1120566). - efi/arm: Revert 'Defer persistent reservations until after paging_init()' (bsc#1117158). - efi/arm: Revert deferred unmap of early memmap mapping (bsc#1117158). - efi/arm: libstub: add a root memreserve config table (bsc#1117158). - efi/arm: map UEFI memory map even w/o runtime services enabled (bsc#1117158). - efi/arm: preserve early mapping of UEFI memory map longer for BGRT (bsc#1117158). - efi: Permit calling efi_mem_reserve_persistent() from atomic context (bsc#1117158). - efi: Permit multiple entries in persistent memreserve data structure (bsc#1117158). - efi: Prevent GICv3 WARN() by mapping the memreserve table before first use (bsc#1117158). - efi: Reduce the amount of memblock reservations for persistent allocations (bsc#1117158). - efi: add API to reserve memory persistently across kexec reboot (bsc#1117158). - efi: honour memory reservations passed via a linux specific config table (bsc#1117158). - ext4: Do not warn when enabling DAX (bsc#1132894). - ext4: actually request zeroing of inode table after grow (bsc#1135315). - ext4: avoid panic during forced reboot due to aborted journal (bsc#1126356). - ext4: fix data corruption caused by overlapping unaligned and aligned IO (bsc#1136428). - ext4: fix ext4_show_options for file systems w/o journal (bsc#1135316). - ext4: fix use-after-free race with debug_want_extra_isize (bsc#1135314). - ext4: make sanity check in mballoc more strict (bsc#1136439). - ext4: wait for outstanding dio during truncate in nojournal mode (bsc#1136438). - fbdev: fix WARNING in __alloc_pages_nodemask bug (bsc#1113722) - fbdev: fix divide error in fb_var_to_videomode (bsc#1113722) - firmware: efi: factor out mem_reserve (bsc#1117158 bsc#1134671). - fix rtnh_ok() (git-fixes). - fs/sync.c: sync_file_range(2) may use WB_SYNC_ALL writeback (bsc#1136432). - fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount (bsc#1136435). - ftrace/x86_64: Emulate call function while updating in breakpoint handler (bsc#1099658). - genetlink: Fix a memory leak on error path (networking-stable-19_03_28). - ghes, EDAC: Fix ghes_edac registration (bsc#1133176). - gpio: aspeed: fix a potential NULL pointer dereference (bsc#1051510). - gpu: ipu-v3: dp: fix CSC handling (bsc#1051510). - hid: debug: fix race condition with between rdesc_show() and device removal (bsc#1051510). - hid: input: add mapping for 'Toggle Display' key (bsc#1051510). - hid: input: add mapping for Assistant key (bsc#1051510). - hid: input: add mapping for Expose/Overview key (bsc#1051510). - hid: input: add mapping for keyboard Brightness Up/Down/Toggle keys (bsc#1051510). - hid: logitech: check the return value of create_singlethread_workqueue (bsc#1051510). - hwmon: (f71805f) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (pc87427) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (vt1211) Use request_muxed_region for Super-IO accesses (bsc#1051510). - hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses (bsc#1051510). - ibmvnic: Add device identification to requested IRQs (bsc#1137739). - ibmvnic: Do not close unopened driver during reset (bsc#1137752). - ibmvnic: Fix unchecked return codes of memory allocations (bsc#1137752). - ibmvnic: Refresh device multicast list after reset (bsc#1137752). - ibmvnic: remove set but not used variable 'netdev' (bsc#1137739). - igmp: fix incorrect unsolicit report count when join group (git-fixes). - iio: adc: xilinx: fix potential use-after-free on remove (bsc#1051510). - indirect call wrappers: helpers to speed-up indirect calls of builtin (bsc#1124503). - inetpeer: fix uninit-value in inet_getpeer (git-fixes). - input: elan_i2c - add hardware ID for multiple Lenovo laptops (bsc#1051510). - input: introduce KEY_ASSISTANT (bsc#1051510). - input: synaptics-rmi4 - fix possible double free (bsc#1051510). - intel_th: msu: Fix single mode with IOMMU (bsc#1051510). - intel_th: pci: Add Comet Lake support (bsc#1051510). - iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel (bsc#1117158). - iommu/arm-smmu-v3: Do not disable SMMU in kdump kernel (bsc#1117158 bsc#1134671). - iommu/vt-d: Do not request page request irq under dmar_global_lock (bsc#1135006). - iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU (bsc#1135007). - iommu/vt-d: Set intel_iommu_gfx_mapped correctly (bsc#1135008). - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type (networking-stable-19_04_10). - ip6_tunnel: collect_md xmit: Use ip_tunnel_key's provided src address (git-fixes). - ip_gre: fix parsing gre header in ipgre_err (git-fixes). - ip_tunnel: Fix name string concatenate in __ip_tunnel_create() (git-fixes). - ipconfig: Correctly initialise ic_nameservers (bsc#1051510). - ipmi:ssif: compare block number correctly for multi-part return messages (bsc#1051510). - ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled (git-fixes). - ipv4: add sanity checks in ipv4_link_failure() (git-fixes). - ipv4: ensure rcu_read_lock() in ipv4_link_failure() (networking-stable-19_04_19). - ipv4: ip_do_fragment: Preserve skb_iif during fragmentation (networking-stable-19_05_04). - ipv4: recompile ip options in ipv4_link_failure (networking-stable-19_04_19). - ipv4: set the tcp_min_rtt_wlen range from 0 to one day (networking-stable-19_04_30). - ipv6/flowlabel: wait rcu grace period before put_pid() (git-fixes). - ipv6: fix cleanup ordering for ip6_mr failure (git-fixes). - ipv6: fix cleanup ordering for pingv6 registration (git-fixes). - ipv6: invert flowlabel sharing check in process and user mode (git-fixes). - ipv6: mcast: fix unsolicited report interval after receiving querys (git-fixes). - ipvlan: Add the skb->mark as flow4's member to lookup route (bsc#1051510). - ipvlan: fix ipv6 outbound device (bsc#1051510). - ipvlan: use ETH_MAX_MTU as max mtu (bsc#1051510). - ipvs: Fix signed integer overflow when setsockopt timeout (bsc#1051510). - ipvs: call ip_vs_dst_notifier earlier than ipv6_dev_notf (git-fixes). - ipvs: fix buffer overflow with sync daemon and service (git-fixes). - ipvs: fix check on xmit to non-local addresses (git-fixes). - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() (bsc#1051510). - ipvs: fix rtnl_lock lockups caused by start_sync_thread (git-fixes). - ipvs: fix stats update from local clients (git-fixes). - iw_cxgb4: only allow 1 flush on user qps (bsc#1051510). - jbd2: check superblock mapped prior to committing (bsc#1136430). - kABI workaround for removed usb_interface.pm_usage_cnt field (bsc#1051510). - kABI workaround for snd_seq_kernel_client_enqueue() API changes (bsc#1051510). - kABI: protect dma-mapping.h include (kabi). - kABI: protect functions using struct net_generic (bsc#1130409 LTC#176346). - kABI: protect ip_options_rcv_srr (kabi). - kABI: protect struct mlx5_td (kabi). - kABI: protect struct pci_dev (kabi). - kABI: protect struct smc_ib_device (bsc#1130409 LTC#176346). - kABI: protect struct smc_link (bsc#1129857 LTC#176247). - kABI: protect struct smcd_dev (bsc#1130409 LTC#176346). - kabi: drop LINUX_Mib_TCPWQUEUETOOBIG snmp counter (bsc#1137586). - kabi: implement map_lookup_elem_sys_only in another way (bsc#1083647). - kabi: move sysctl_tcp_min_snd_mss to preserve struct net layout (bsc#1137586). - kernel/signal.c: trace_signal_deliver when signal_group_exit (git-fixes). - kernel/sys.c: prctl: fix false positive in validate_prctl_map() (git-fixes). - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv (bsc#1051510). - kernel/sysctl.c: fix out-of-bounds access when setting file-max (bsc#1051510). - keys: safe concurrent user->{session,uid}_keyring access (bsc#1135642). - kmsg: Update message catalog to latest ibM level (2019/03/08) (bsc#1128904 LTC#176078). - kmsg: Update message catalog to latest ibM level (2019/03/08) (bsc#1128905 LTC#176077). - kvm: Fix UAF in nested posted interrupt processing (bsc#1134199). - kvm: VMX: Zero out *all* general purpose registers after VM-Exit (bsc#1134202). - kvm: nVMX: Clear reserved bits of #DB exit qualification (bsc#1134200). - kvm: nVMX: restore host state in nested_vmx_vmexit for VMFail (bsc#1134201). - kvm: s390: fix memory overwrites when not using SCA entries (bsc#1136206). - kvm: s390: provide io interrupt kvm_stat (bsc#1136206). - kvm: s390: use created_vcpus in more places (bsc#1136206). - kvm: s390: vsie: fix 8k check for the itdba (bsc#1136206). - kvm: x86: Always use 32-bit SMRAM save state for 32-bit kernels (bsc#1134203). - kvm: x86: Do not clear EFER during SMM transitions for 32-bit vCPU (bsc#1134204). - kvm: x86: svm: make sure NMI is injected after nmi_singlestep (bsc#1134205). - l2tp: cleanup l2tp_tunnel_delete calls (bsc#1051510). - l2tp: filter out non-PPP sessions in pppol2tp_tunnel_ioctl() (git-fixes). - l2tp: fix missing refcount drop in pppol2tp_tunnel_ioctl() (git-fixes). - l2tp: only accept PPP sessions in pppol2tp_connect() (git-fixes). - l2tp: prevent pppol2tp_connect() from creating kernel sockets (git-fixes). - l2tp: revert 'l2tp: fix missing print session offset info' (bsc#1051510). - leds: avoid races with workqueue (bsc#1051510). - leds: pwm: silently error out on EPROBE_DEFER (bsc#1051510). - lib: add crc64 calculation routines (bsc#1130972). - lib: do not depend on linux headers being installed (bsc#1130972). - libata: fix using DMA buffers on stack (bsc#1051510). - linux/kernel.h: Use parentheses around argument in u64_to_user_ptr() (bsc#1051510). - livepatch: Convert error about unsupported reliable stacktrace into a warning (bsc#1071995). - livepatch: Remove custom kobject state handling (bsc#1071995). - livepatch: Remove duplicated code for early initialization (bsc#1071995). - lpfc: validate command in lpfc_sli4_scmd_to_wqidx_distr() (bsc#1129138). - mISDN: Check address length before reading address family (bsc#1051510). - mac80211: fix memory accounting with A-MSDU aggregation (bsc#1051510). - mac80211: fix unaligned access in mesh table hash function (bsc#1051510). - mac8390: Fix mmio access size probe (bsc#1051510). - md: fix invalid stored role for a disk (bsc#1051510). - media: atmel: atmel-isc: fix INIT_WORK misplacement (bsc#1051510). - media: cx18: update *pos correctly in cx18_read_pos() (bsc#1051510). - media: cx23885: check allocation return (bsc#1051510). - media: davinci-isif: avoid uninitialized variable use (bsc#1051510). - media: davinci/vpbe: array underflow in vpbe_enum_outputs() (bsc#1051510). - media: ivtv: update *pos correctly in ivtv_read_pos() (bsc#1051510). - media: omap_vout: potential buffer overflow in vidioc_dqbuf() (bsc#1051510). - media: ov2659: fix unbalanced mutex_lock/unlock (bsc#1051510). - media: pvrusb2: Prevent a buffer overflow (bsc#1129770). - media: serial_ir: Fix use-after-free in serial_ir_init_module (bsc#1051510). - media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame (bsc#1051510). - media: vivid: use vfree() instead of kfree() for dev->bitmap_cap (bsc#1051510). - media: wl128x: Fix an error code in fm_download_firmware() (bsc#1051510). - media: wl128x: prevent two potential buffer overflows (bsc#1051510). - memcg: make it work on sparse non-0-node systems (bnc#1133616). - memcg: make it work on sparse non-0-node systems kabi (bnc#1133616). - mlxsw: spectrum: Fix autoneg status in ethtool (networking-stable-19_04_30). - mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned addresses (bsc#1135330). - mm: Fix buggy backport leading to MAP_SYNC failures (bsc#1137372) - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (bnc#1012382). - mmc: block: Delete gendisk before cleaning up the request queue (bsc#1127616). - mmc: core: fix possible use after free of host (bsc#1051510). - mount: copy the port field into the cloned nfs_server structure (bsc#1136990). - mtd: docg3: Fix passing zero to 'PTR_ERR' warning in doc_probe_device (bsc#1051510). - mtd: docg3: fix a possible memory leak of mtd->name (bsc#1051510). - mtd: nand: omap: Fix comment in platform data using wrong Kconfig symbol (bsc#1051510). - mtd: part: fix incorrect format specifier for an unsigned long long (bsc#1051510). - mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary on read/write (bsc#1129770). - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935). - mwifiex: Fix mem leak in mwifiex_tm_cmd (bsc#1051510). - mwifiex: Fix possible buffer overflows at parsing bss descriptor - mwifiex: prevent an array overflow (bsc#1051510). - mwl8k: Fix rate_idx underflow (bsc#1051510). - neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit (git-fixes). - net-gro: Fix GRO flush when receiving a GSO packet (networking-stable-19_04_10). - net/ibmvnic: Remove tests of member address (bsc#1137739). - net/ibmvnic: Update MAC address settings after adapter reset (bsc#1134760). - net/ibmvnic: Update carrier state after link state change (bsc#1135100). - net/ipv4: defensive cipso option parsing (git-fixes). - net/ipv6: do not reinitialize ndev->cnf.addr_gen_mode on new inet6_dev (git-fixes). - net/ipv6: fix addrconf_sysctl_addr_gen_mode (git-fixes). - net/ipv6: propagate net.ipv6.conf.all.addr_gen_mode to devices (git-fixes). - net/ipv6: reserve room for IFLA_INET6_ADDR_GEN_MODE (git-fixes). - net/mlx5: Decrease default mr cache size (networking-stable-19_04_10). - net/mlx5e: Add a lock on tir list (networking-stable-19_04_10). - net/mlx5e: Fix error handling when refreshing TIRs (networking-stable-19_04_10). - net/mlx5e: Fix trailing semicolon (bsc#1075020). - net/mlx5e: IPoib, Reset QP after channels are closed (bsc#1075020). - net/mlx5e: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_04_30). - net/rose: fix unbound loop in rose_loopback_timer() (networking-stable-19_04_30). - net/sched: act_sample: fix divide by zero in the traffic path (networking-stable-19_04_10). - net/sched: do not dereference a->goto_chain to read the chain index (bsc#1064802 bsc#1066129). - net/sched: fix ->get helper of the matchall cls (networking-stable-19_04_10). - net/smc: add pnet table namespace support (bsc#1130409 LTC#176346). - net/smc: add smcd support to the pnet table (bsc#1130409 LTC#176346). - net/smc: allow 16 byte pnetids in netlink policy (bsc#1129857 LTC#176247). - net/smc: allow pci IDs as ib device names in the pnet table (bsc#1130409 LTC#176346). - net/smc: allow pnetid-less configuration (bsc#1130409 LTC#176346). - net/smc: call smc_cdc_msg_send() under send_lock (bsc#1129857 LTC#176247). - net/smc: check connections in smc_lgr_free_work (bsc#1129857 LTC#176247). - net/smc: check for ip prefix and subnet (bsc#1134607 LTC#177518). - net/smc: check port_idx of ib event (bsc#1129857 LTC#176247). - net/smc: cleanup for smcr_tx_sndbuf_nonempty (bsc#1130409 LTC#176346). - net/smc: cleanup of get vlan id (bsc#1134607 LTC#177518). - net/smc: code cleanup smc_listen_work (bsc#1134607 LTC#177518). - net/smc: consolidate function parameters (bsc#1134607 LTC#177518). - net/smc: correct state change for peer closing (bsc#1129857 LTC#176247). - net/smc: delete rkey first before switching to unused (bsc#1129857 LTC#176247). - net/smc: do not wait for send buffer space when data was already sent (bsc#1129857 LTC#176247). - net/smc: do not wait under send_lock (bsc#1129857 LTC#176247). - net/smc: fallback to TCP after connect problems (bsc#1134607 LTC#177518). - net/smc: fix a NULL pointer dereference (bsc#1134607 LTC#177518). - net/smc: fix another sizeof to int comparison (bsc#1129857 LTC#176247). - net/smc: fix byte_order for rx_curs_confirmed (bsc#1129848 LTC#176249). - net/smc: fix return code from FLUSH command (bsc#1134607 LTC#177518). - net/smc: fix sender_free computation (bsc#1129857 LTC#176247). - net/smc: fix smc_poll in SMC_INIT state (bsc#1129848 LTC#176249). - net/smc: fix use of variable in cleared area (bsc#1129857 LTC#176247). - net/smc: improve smc_conn_create reason codes (bsc#1134607 LTC#177518). - net/smc: improve smc_listen_work reason codes (bsc#1134607 LTC#177518). - net/smc: move code to clear the conn->lgr field (bsc#1129857 LTC#176247). - net/smc: move unhash before release of clcsock (bsc#1134607 LTC#177518). - net/smc: move wake up of close waiter (bsc#1129857 LTC#176247). - net/smc: no delay for free tx buffer wait (bsc#1129857 LTC#176247). - net/smc: nonblocking connect rework (bsc#1134607 LTC#177518). - net/smc: postpone release of clcsock (bsc#1129857 LTC#176247). - net/smc: preallocated memory for rdma work requests (bsc#1129857 LTC#176247). - net/smc: prevent races between smc_lgr_terminate() and smc_conn_free() (bsc#1129857 LTC#176247). - net/smc: propagate file from SMC to TCP socket (bsc#1134607 LTC#177518). - net/smc: recvmsg and splice_read should return 0 after shutdown (bsc#1129857 LTC#176247). - net/smc: reduce amount of status updates to peer (bsc#1129857 LTC#176247). - net/smc: reset cursor update required flag (bsc#1129857 LTC#176247). - net/smc: rework pnet table (bsc#1130409 LTC#176346). - net/smc: unlock LGR pending lock earlier for SMC-D (bsc#1129857 LTC#176247). - net/smc: use client and server LGR pending locks for SMC-R (bsc#1129857 LTC#176247). - net/smc: use device link provided in qp_context (bsc#1129857 LTC#176247). - net/smc: use smc_curs_copy() for SMC-D (bsc#1129857 LTC#176247). - net/smc: wait for pending work before clcsock release_sock (bsc#1134607 LTC#177518). - net: Fix a bug in removing queues from XPS map (git-fixes). - net: aquantia: fix rx checksum offload for UDP/TCP over IPv6 (networking-stable-19_03_28). - net: atm: Fix potential Spectre v1 vulnerabilities (networking-stable-19_04_19). - net: avoid skb_warn_bad_offload on IS_ERR (git-fixes). - net: do not keep lonely packets forever in the gro hash (git-fixes). - net: dsa: bcm_sf2: fix buffer overflow doing set_rxnfc (networking-stable-19_05_04). - net: dsa: legacy: do not unmask port bitmaps (git-fixes). - net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT (git-fixes). - net: ena: fix return value of ena_com_config_llq_info() (bsc#1111696 bsc#1117561). - net: ethtool: not call vzalloc for zero sized memory request (networking-stable-19_04_10). - net: fix uninit-value in __hw_addr_add_ex() (git-fixes). - net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv (networking-stable-19_04_19). - net: hns3: remove resetting check in hclgevf_reset_task_schedule (bsc#1104353 bsc#1135056). - net: initialize skb->peeked when cloning (git-fixes). - net: make skb_partial_csum_set() more robust against overflows (git-fixes). - net: phy: marvell: Fix buffer overrun with stats counters (networking-stable-19_05_04). - net: rds: exchange of 8K and 1M pool (networking-stable-19_04_30). - net: rose: fix a possible stack overflow (networking-stable-19_03_28). - net: socket: fix potential spectre v1 gadget in socketcall (git-fixes). - net: stmmac: fix memory corruption with large MTUs (networking-stable-19_03_28). - net: stmmac: move stmmac_check_ether_addr() to driver probe (networking-stable-19_04_30). - net: test tailroom before appending to linear skb (git-fixes). - net: thunderx: do not allow jumbo frames with XDP (networking-stable-19_04_19). - net: thunderx: raise XDP MTU to 1508 (networking-stable-19_04_19). - net: unbreak CONFIG_RETPOLINE=n builds (bsc#1124503). - net: use indirect call wrappers at GRO network layer (bsc#1124503). - net: use indirect call wrappers at GRO transport layer (bsc#1124503). - netfilter: bridge: Do not sabotage nf_hook calls from an l3mdev (git-fixes). - netfilter: bridge: ebt_among: add missing match size checks (git-fixes). - netfilter: bridge: ebt_among: add more missing match size checks (git-fixes). - netfilter: drop template ct when conntrack is skipped (git-fixes). - netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule (git-fixes). - netfilter: ebtables: handle string from userspace with care (git-fixes). - netfilter: ebtables: reject non-bridge targets (git-fixes). - netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel (git-fixes). - netfilter: nf_log: do not hold nf_log_mutex during user access (git-fixes). - netfilter: nf_log: fix uninit read in nf_log_proc_dostring (git-fixes). - netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v{4,6} (git-fixes). - netfilter: nf_tables: can't fail after linking rule into active rule list (git-fixes). - netfilter: nf_tables: check msg_type before nft_trans_set(trans) (git-fixes). - netfilter: nf_tables: fix NULL pointer dereference on nft_ct_helper_obj_dump() (git-fixes). - netfilter: nf_tables: fix leaking object reference count (git-fixes). - netfilter: nf_tables: release chain in flushing set (git-fixes). - netfilter: nft_compat: do not dump private area (git-fixes). - netfilter: x_tables: initialise match/target check parameter struct (git-fixes). - netlink: fix uninit-value in netlink_sendmsg (git-fixes). - nfs add module option to limit nfsv4 minor version (jsc#PM-231). - nfs: Enable nfsv4.2 support - jsc@PM-231 This requires a module parameter for nfsv4.2 to actually be available on SLE12 and SLE15-SP0 - nfsv4.x: always serialize open/close operations (bsc#1114893). - nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands (bsc#1051510). - nvme-rdma: fix possible free of a non-allocated async event buffer (bsc#1120423). - nvme: Do not remove namespaces during reset (bsc#1131673). - nvme: flush scan_work when resetting controller (bsc#1131673). - objtool: Fix function fallthrough detection (bsc#1058115). - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget (bsc#1136434). - ocfs2: turn on OCFS2_FS_STATS setting(bsc#1134393) We need to turn on OCFS2_FS_STATS kernel configuration setting, to fix bsc#1134393. - of: fix clang -Wunsequenced for be32_to_cpu() (bsc#1135642). - omapfb: add missing of_node_put after of_device_is_available (bsc#1051510). - openvswitch: add seqadj extension when NAT is used (bsc#1051510). - openvswitch: fix flow actions reallocation (bsc#1051510). - p54: drop device reference count if fails to enable device (bsc#1135642). - packet: fix reserve calculation (git-fixes). - packet: in packet_snd start writing at link layer allocation (git-fixes). - packet: refine ring v3 block size test to hold one frame (git-fixes). - packet: reset network header if packet shorter than ll reserved space (git-fixes). - packet: validate msg_namelen in send directly (git-fixes). - packets: Always register packet sk in the same order (networking-stable-19_03_28). - pci: Factor out pcie_retrain_link() function (git-fixes). - pci: Mark AMD Stoney Radeon R7 GPU ATS as broken (bsc#1051510). - pci: Mark Atheros AR9462 to avoid bus reset (bsc#1051510). - pci: Work around Pericom pcie-to-pci bridge Retrain Link erratum (git-fixes). - pci: endpoint: Use EPC's device in dma_alloc_coherent()/dma_free_coherent() (git-fixes). - phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode (bsc#1051510). - platform/x86: alienware-wmi: printing the wrong error code (bsc#1051510). - platform/x86: dell-rbtn: Add missing #include (bsc#1051510). - platform/x86: intel_pmc_ipc: adding error handling (bsc#1051510). - platform/x86: intel_punit_ipc: Revert 'Fix resource ioremap warning' (bsc#1051510). - platform/x86: pmc_atom: Add Lex 3I380D industrial PC to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Add several Beckhoff Automation boards to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Drop __initconst on dmi table (bsc#1051510). - platform/x86: sony-laptop: Fix unintentional fall-through (bsc#1051510). - power: supply: axp20x_usb_power: Fix typo in VBUS current limit macros (bsc#1051510). - power: supply: axp288_charger: Fix unchecked return value (bsc#1051510). - powerpc/eeh: Fix race with driver un/bind (bsc#1065729). - powerpc/msi: Fix NULL pointer access in teardown code (bsc#1065729). - powerpc/perf: Fix MMCRA corruption by bhrb_filter (bsc#1053043). - powerpc/powernv/idle: Restore IAMR after idle (bsc#1065729). - powerpc/process: Fix sparse address space warnings (bsc#1065729). - powerpc: Always initialize input array when calling epapr_hypercall() (bsc#1065729). - powerpc: Fix HMIs on big-endian with CONFIG_RELOCATABLE=y (bsc#1065729). - proc/kcore: do not bounds check against address 0 (bsc#1051510). - proc/sysctl: fix return error for proc_doulongvec_minmax() (bsc#1051510). - proc: revalidate kernel thread inodes to root:root (bsc#1051510). - ptrace: take into account saved_sigmask in PTRACE{GET,SET}SIGMASK (git-fixes). - pwm: Fix deadlock warning when removing PWM device (bsc#1051510). - pwm: meson: Consider 128 a valid pre-divider (bsc#1051510). - pwm: meson: Do not disable PWM when setting duty repeatedly (bsc#1051510). - pwm: meson: Use the spin-lock only to protect register modifications (bsc#1051510). - pwm: tiehrpwm: Update shadow register for disabling PWMs (bsc#1051510). - qla2xxx: allow irqbalance control in non-MQ mode (bsc#1128979). - qla2xxx: always allocate qla_tgt_wq (bsc#1131451). - qmi_wwan: add Olicard 600 (bsc#1051510). - rdma/hns: Fix bug that caused srq creation to fail (bsc#1104427 ). - rdma/rxe: Consider skb reserve space based on netdev of GID (bsc#1082387, bsc#1103992). - regulator: tps65086: Fix tps65086_ldoa1_ranges for selector 0xB (bsc#1051510). - rt2x00: do not increment sequence number while re-transmitting (bsc#1051510). - rtc: da9063: set uie_unsupported when relevant (bsc#1051510). - rtc: sh: Fix invalid alarm warning for non-enabled alarm (bsc#1051510). - rtlwifi: rtl8723ae: Fix missing break in switch statement (bsc#1051510). - rxrpc: Fix error reception on AF_INET6 sockets (git-fixes). - rxrpc: Fix transport sockopts to get IPv4 errors on an IPv6 socket (git-fixes). - s390/ism: ignore some errors during deregistration (bsc#1129857 LTC#176247). - s390/qdio: clear intparm during shutdown (bsc#1134597 LTC#177516). - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() (bsc#1051510). - sc16is7xx: move label 'err_spi' to correct section (bsc#1051510). - sc16is7xx: put err_spi and err_i2c into correct #ifdef (bsc#1051510). - scripts: override locale from environment when running recordmcount.pl (bsc#1134354). - scsi: qedf: fixup bit operations (bsc#1135542). - scsi: qedf: fixup locking in qedf_restart_rport() (bsc#1135542). - scsi: qedf: missing kref_put in qedf_xmit() (bsc#1135542). - scsi: qla2xxx: Declare local functions 'static' (bsc#1137444). - scsi: qla2xxx: Fix function argument descriptions (bsc#1118139). - scsi: qla2xxx: Fix memory corruption during hba reset test (bsc#1118139). - scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show (bsc#1132044). - scsi: qla2xxx: Improve several kernel-doc headers (bsc#1137444). - scsi: qla2xxx: Introduce a switch/case statement in qlt_xmit_tm_rsp() (bsc#1137444). - scsi: qla2xxx: Make qla2x00_sysfs_write_nvram() easier to analyze (bsc#1137444). - scsi: qla2xxx: Make sure that qlafx00_ioctl_iosb_entry() initializes 'res' (bsc#1137444). - scsi: qla2xxx: NULL check before some freeing functions is not needed (bsc#1137444). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1137444). - scsi: qla2xxx: Remove two arguments from qlafx00_error_entry() (bsc#1137444). - scsi: qla2xxx: Remove unused symbols (bsc#1118139). - scsi: qla2xxx: Split the __qla2x00_abort_all_cmds() function (bsc#1137444). - scsi: qla2xxx: Use %p for printing pointers (bsc#1118139). - scsi: qla2xxx: fix error message on qla2400 (bsc#1118139). - scsi: qla2xxx: fix spelling mistake: 'existant' -> 'existent' (bsc#1118139). - scsi: qla2xxx: fully convert to the generic DMA API (bsc#1137444). - scsi: qla2xxx: fx00 copypaste typo (bsc#1118139). - scsi: qla2xxx: remove the unused tcm_qla2xxx_cmd_wq (bsc#1118139). - scsi: qla2xxx: use lower_32_bits and upper_32_bits instead of reinventing them (bsc#1137444). - sctp: avoid running the sctp state machine recursively (networking-stable-19_05_04). - sctp: fix identification of new acks for SFR-CACC (git-fixes). - sctp: get sctphdr by offset in sctp_compute_cksum (networking-stable-19_03_28). - sctp: initialize _pad of sockaddr_in before copying to user memory (networking-stable-19_04_10). - sctp: only update outstanding_bytes for transmitted queue when doing prsctp_prune (git-fixes). - sctp: set frag_point in sctp_setsockopt_maxseg correctly` (git-fixes). - selinux: use kernel linux/socket.h for genheaders and mdp (bsc#1134810). - serial: 8250_pxa: honor the port number from devicetree (bsc#1051510). - serial: ar933x_uart: Fix build failure with disabled console (bsc#1051510). - serial: uartps: console_setup() can't be placed to init section (bsc#1051510). - signal: Always notice exiting tasks (git-fixes). - signal: Better detection of synchronous signals (git-fixes). - signal: Restore the stop PTRACE_EVENT_EXIT (git-fixes). - smc: move unhash as early as possible in smc_release() (bsc#1129857 LTC#176247). - soc/fsl/qe: Fix an error code in qe_pin_request() (bsc#1051510). - soc/tegra: pmc: Drop locking from tegra_powergate_is_powered() (bsc#1051510). - spi: Micrel eth switch: declare missing of table (bsc#1051510). - spi: ST ST95HF NFC: declare missing of table (bsc#1051510). - spi: a3700: Clear DATA_OUT when performing a read (bsc#1051510). - spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios (bsc#1051510). - spi: bcm2835aux: setup gpio-cs to output and correct level during setup (bsc#1051510). - spi: bcm2835aux: warn in dmesg that native cs is not really supported (bsc#1051510). - spi: rspi: Fix sequencer reset during initialization (bsc#1051510). - ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit (bsc#1051510). - staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc (bsc#1051510). - stm class: Fix an endless loop in channel allocation (bsc#1051510). - stm class: Fix channel free in stm output free path (bsc#1051510). - stm class: Prevent division by zero (bsc#1051510). - stmmac: pci: Adjust IOT2000 matching (networking-stable-19_04_30). - supported.conf: Add openvswitch to kernel-default-base (bsc#1124839). - supported.conf: Add openvswitch to kernel-default-base (bsc#1124839). - switchtec: Fix unintended mask of MRPC event (git-fixes). - tcp: Ensure DCTCP reacts to losses (networking-stable-19_04_10). - tcp: add tcp_min_snd_mss sysctl (bsc#1137586). - tcp: do not use ipv6 header for ipv4 flow (networking-stable-19_03_28). - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586). - tcp: limit payload size of sacked skbs (bsc#1137586). - tcp: purge write queue in tcp_connect_init() (git-fixes). - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586). - tcp: tcp_grow_window() needs to respect tcp_space() (networking-stable-19_04_19). - team: fix possible recursive locking when add slaves (networking-stable-19_04_30). - team: set slave to promisc if team is already in promisc mode (bsc#1051510). - thermal/int340x_thermal: Add additional UUIDs (bsc#1051510). - thermal/int340x_thermal: fix mode setting (bsc#1051510). - thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power (bsc#1051510). - thunderx: eliminate extra calls to put_page() for pages held for recycling (networking-stable-19_03_28). - thunderx: enable page recycling for non-XDP case (networking-stable-19_03_28). - tipc: fix hanging clients using poll with EPOLLOUT flag (git-fixes). - tipc: missing entries in name table of publications (networking-stable-19_04_19). - tools lib traceevent: Fix missing equality check for strcmp (bsc#1129770). - tracing: Fix partial reading of trace event's id file (bsc#1136573). - treewide: Use DEVICE_ATTR_WO (bsc#1137739). - tty: increase the default flip buffer limit to 2*640K (bsc#1051510). - tty: pty: Fix race condition between release_one_tty and pty_write (bsc#1051510). - tty: serial_core, add ->install (bnc#1129693). - tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if blankinterval == 0 (bsc#1051510). - tun: add a missing rcu_read_unlock() in error path (networking-stable-19_03_28). - tun: properly test for IFF_UP (networking-stable-19_03_28). - uas: fix alignment of scatter/gather segments (bsc#1129770). - udp: use indirect call wrappers for GRO socket lookup (bsc#1124503). - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour (bsc#1135323). - usb-storage: Set virt_boundary_mask to avoid SG overflows (bsc#1051510). - usb: cdc-acm: fix unthrottle races (bsc#1051510). - usb: core: Fix bug caused by duplicate interface PM usage counter (bsc#1051510). - usb: core: Fix unterminated string returned by usb_string() (bsc#1051510). - usb: dwc3: Fix default lpm_nyet_threshold value (bsc#1051510). - usb: gadget: net2272: Fix net2272_dequeue() (bsc#1051510). - usb: gadget: net2280: Fix net2280_dequeue() (bsc#1051510). - usb: gadget: net2280: Fix overrun of OUT messages (bsc#1051510). - usb: serial: f81232: fix interrupt worker not stop (bsc#1051510). - usb: serial: fix unthrottle races (bsc#1051510). - usb: u132-hcd: fix resource leak (bsc#1051510). - usb: usb251xb: fix to avoid potential NULL pointer dereference (bsc#1051510). - usb: usbip: fix isoc packet num validation in get_pipe (bsc#1051510). - usb: w1 ds2490: Fix bug caused by improper use of altsetting array (bsc#1051510). - usb: yurex: Fix protection fault after device removal (bsc#1051510). - userfaultfd: use RCU to free the task struct when fork fails (git-fixes). - vfio/mdev: Avoid release parent reference during error path (bsc#1051510). - vfio/mdev: Fix aborting mdev child device removal if one fails (bsc#1051510). - vfio/pci: use correct format characters (bsc#1051510). - vfio_pci: Enable memory accesses before calling pci_map_rom (bsc#1051510). - vhost/vsock: fix reset orphans race with close timeout (bsc#1051510). - vhost: reject zero size iova range (networking-stable-19_04_19). - virtio-blk: limit number of hw queues by nr_cpu_ids (bsc#1051510). - virtio: Honour 'may_reduce_num' in vring_create_virtqueue (bsc#1051510). - virtio_pci: fix a NULL pointer reference in vp_del_vqs (bsc#1051510). - vrf: check accept_source_route on the original netdevice (networking-stable-19_04_10). - vsock/virtio: Initialize core virtio vsock before registering the driver (bsc#1051510). - vsock/virtio: fix kernel panic after device hot-unplug (bsc#1051510). - vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock (bsc#1051510). - vsock/virtio: reset connected sockets on device removal (bsc#1051510). - vt: always call notifier with the console lock held (bsc#1051510). - vxlan: Do not call gro_cells_destroy() before device is unregistered (networking-stable-19_03_28). - x86/speculation/mds: Fix documentation typo (bsc#1135642). - x86_64: Add gap to int3 to allow for call emulation (bsc#1099658). - x86_64: Allow breakpoints to emulate call instructions (bsc#1099658). - xenbus: drop useless LIST_HEAD in xenbus_write_watch() and xenbus_file_write() (bsc#1065600). - xfrm6: avoid potential infinite loop in _decode_session6() (git-fixes). - xfrm6: call kfree_skb when skb is toobig (git-fixes). - xfrm: Fix stack-out-of-bounds read on socket policy lookup (git-fixes). - xfrm: Return error on unknown encap_type in init_state (git-fixes). - xfrm: Validate address prefix lengths in the xfrm selector (git-fixes). - xfrm: fix 'passing zero to ERR_PTR()' warning (git-fixes). - xfrm: fix missing dst_release() after policy blocking lbcast and multicast (git-fixes). - xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) (git-fixes). - xfrm: reset crypto_done when iterating over multiple input xfrms (git-fixes). - xfrm: reset transport header back to network header after all input transforms ahave been applied (git-fixes). - xfrm_user: prevent leaking 2 bytes of kernel memory (git-fixes). - xfs: add log item pinning error injection tag (bsc#1114427). - xfs: buffer lru reference count error injection tag (bsc#1114427). - xfs: check _btree_check_block value (bsc#1123663). - xfs: convert drop_writes to use the errortag mechanism (bsc#1114427). - xfs: create block pointer check functions (bsc#1123663). - xfs: create inode pointer verifiers (bsc#1114427). - xfs: detect and fix bad summary counts at mount (bsc#1114427). - xfs: export _inobt_btrec_to_irec and _ialloc_cluster_alignment for scrub (bsc#1114427). - xfs: export various function for the online scrubber (bsc#1123663). - xfs: expose errortag knobs via sysfs (bsc#1114427). - xfs: fix unused variable warning in xfs_buf_set_ref() (bsc#1114427). - xfs: force summary counter recalc at next mount (bsc#1114427). - xfs: kill meaningless variable 'zero' (bsc#1106011). - xfs: make errortag a per-mountpoint structure (bsc#1123663). - xfs: move error injection tags into their own file (bsc#1114427). - xfs: prepare xfs_break_layouts() for another layout type (bsc#1106011). - xfs: prepare xfs_break_layouts() to be called with XFS_MMAPLOCK_EXCL (bsc#1106011). - xfs: refactor btree block header checking functions (bsc#1123663). - xfs: refactor btree pointer checks (bsc#1123663). - xfs: refactor unmount record write (bsc#1114427). - xfs: remove unneeded parameter from XFS_TEST_ERROR (bsc#1123663). - xfs: remove xfs_zero_range (bsc#1106011). - xfs: rename MAXPATHLEN to XFS_SYMLINK_MAXLEN (bsc#1123663). - xfs: replace log_badcrc_factor knob with error injection tag (bsc#1114427). - xfs: sanity-check the unused space before trying to use it (bsc#1123663). - xfs: serialize unaligned dio writes against all other dio writes (bsc#1134936). Important SUSE bug 1012382 SUSE bug 1050242 SUSE bug 1051510 SUSE bug 1053043 SUSE bug 1056787 SUSE bug 1058115 SUSE bug 1063638 SUSE bug 1064802 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1066129 SUSE bug 1068546 SUSE bug 1071995 SUSE bug 1075020 SUSE bug 1082387 SUSE bug 1083647 SUSE bug 1085535 SUSE bug 1099658 SUSE bug 1103992 SUSE bug 1104353 SUSE bug 1104427 SUSE bug 1106011 SUSE bug 1106284 SUSE bug 1108838 SUSE bug 1110946 SUSE bug 1111696 SUSE bug 1112063 SUSE bug 1113722 SUSE bug 1114427 SUSE bug 1114893 SUSE bug 1115688 SUSE bug 1117158 SUSE bug 1117561 SUSE bug 1118139 SUSE bug 1119843 SUSE bug 1120091 SUSE bug 1120423 SUSE bug 1120566 SUSE bug 1120843 SUSE bug 1120902 SUSE bug 1122776 SUSE bug 1123454 SUSE bug 1123663 SUSE bug 1124503 SUSE bug 1124839 SUSE bug 1126356 SUSE bug 1127616 SUSE bug 1128052 SUSE bug 1128904 SUSE bug 1128905 SUSE bug 1128979 SUSE bug 1129138 SUSE bug 1129497 SUSE bug 1129693 SUSE bug 1129770 SUSE bug 1129848 SUSE bug 1129857 SUSE bug 1130409 SUSE bug 1130699 SUSE bug 1130972 SUSE bug 1131451 SUSE bug 1131488 SUSE bug 1131565 SUSE bug 1131673 SUSE bug 1132044 SUSE bug 1132894 SUSE bug 1133176 SUSE bug 1133188 SUSE bug 1133190 SUSE bug 1133320 SUSE bug 1133612 SUSE bug 1133616 SUSE bug 1134160 SUSE bug 1134162 SUSE bug 1134199 SUSE bug 1134200 SUSE bug 1134201 SUSE bug 1134202 SUSE bug 1134203 SUSE bug 1134204 SUSE bug 1134205 SUSE bug 1134354 SUSE bug 1134393 SUSE bug 1134459 SUSE bug 1134460 SUSE bug 1134461 SUSE bug 1134537 SUSE bug 1134591 SUSE bug 1134597 SUSE bug 1134607 SUSE bug 1134651 SUSE bug 1134671 SUSE bug 1134760 SUSE bug 1134806 SUSE bug 1134810 SUSE bug 1134813 SUSE bug 1134848 SUSE bug 1134936 SUSE bug 1135006 SUSE bug 1135007 SUSE bug 1135008 SUSE bug 1135056 SUSE bug 1135100 SUSE bug 1135120 SUSE bug 1135278 SUSE bug 1135281 SUSE bug 1135309 SUSE bug 1135312 SUSE bug 1135314 SUSE bug 1135315 SUSE bug 1135316 SUSE bug 1135320 SUSE bug 1135323 SUSE bug 1135330 SUSE bug 1135492 SUSE bug 1135542 SUSE bug 1135556 SUSE bug 1135603 SUSE bug 1135642 SUSE bug 1135661 SUSE bug 1135758 SUSE bug 1136206 SUSE bug 1136424 SUSE bug 1136428 SUSE bug 1136430 SUSE bug 1136432 SUSE bug 1136434 SUSE bug 1136435 SUSE bug 1136438 SUSE bug 1136439 SUSE bug 1136477 SUSE bug 1136478 SUSE bug 1136573 SUSE bug 1136586 SUSE bug 1136881 SUSE bug 1136935 SUSE bug 1136990 SUSE bug 1137151 SUSE bug 1137152 SUSE bug 1137153 SUSE bug 1137162 SUSE bug 1137372 SUSE bug 1137444 SUSE bug 1137586 SUSE bug 1137739 SUSE bug 1137752 CVE-2018-7191 CVE-2019-10124 CVE-2019-11085 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11486 CVE-2019-11487 CVE-2019-11815 CVE-2019-11833 CVE-2019-11884 CVE-2019-12382 CVE-2019-3846 CVE-2019-5489 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for doxygen fixes the following issues: - CVE-2016-10245: XSS was possible via insufficient sanitization of the query parameter in templates/html/search_opensearch.php (bsc#1136364) Moderate SUSE bug 1136364 CVE-2016-10245 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for gstreamer-plugins-base fixes the following issue: Security issue fixed: - CVE-2019-9928: Fixed a heap-based overflow in the rtsp connection parser (bsc#1133375). Important SUSE bug 1133375 CVE-2019-9928 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for gstreamer-0_10-plugins-base fixes the following issues: Security issue fixed: - CVE-2019-9928: Fixed a heap-based overflow in the rtsp connection parser (bsc#1133375). Important SUSE bug 1133375 CVE-2019-9928 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-11597: Fixed a heap-based buffer over-read in the WriteTIFFImage() (bsc#1138464). - Fixed a file content disclosure via SVG and WMF decoding (bsc#1138425).- CVE-2019-11472: Fixed a denial of service in ReadXWDImage() (bsc#1133204). - CVE-2019-11470: Fixed a denial of service in ReadCINImage() (bsc#1133205). - CVE-2019-11506: Fixed a heap-based buffer overflow in the WriteMATLABImage() (bsc#1133498). - CVE-2019-11505: Fixed a heap-based buffer overflow in the WritePDBImage() (bsc#1133501). - CVE-2019-10131: Fixed a off-by-one read in formatIPTCfromBuffer function in coders/meta.c (bsc#1134075). - CVE-2017-12806: Fixed a denial of service through memory exhaustion in format8BIM() (bsc#1135232). - CVE-2017-12805: Fixed a denial of service through memory exhaustion in ReadTIFFImage() (bsc#1135236). - CVE-2019-11598: Fixed a heap-based buffer over-read in WritePNMImage() (bsc#1136732) We also now disable PCL in the -SUSE configuration, as it also uses ghostscript for decoding (bsc#1136183) Moderate SUSE bug 1133204 SUSE bug 1133205 SUSE bug 1133498 SUSE bug 1133501 SUSE bug 1134075 SUSE bug 1135232 SUSE bug 1135236 SUSE bug 1136183 SUSE bug 1136732 SUSE bug 1138425 SUSE bug 1138464 CVE-2017-12805 CVE-2017-12806 CVE-2019-10131 CVE-2019-11470 CVE-2019-11472 CVE-2019-11505 CVE-2019-11506 CVE-2019-11597 CVE-2019-11598 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for glib2 provides the following fix: Security issues fixed: - CVE-2019-12450: Fixed an improper file permission when copy operation takes place (bsc#1137001). - CVE-2018-16428: Avoid a null pointer dereference that could crash glib2 users in markup processing (bnc#1107121). - CVE-2018-16429: Fixed out-of-bounds read vulnerability ing_markup_parse_context_parse() (bsc#1107116). Non-security issues fixed: - Install dummy *-mimeapps.list files to prevent dead symlinks. (bsc#1061599) Important SUSE bug 1061599 SUSE bug 1107116 SUSE bug 1107121 SUSE bug 1137001 CVE-2018-16428 CVE-2018-16429 CVE-2019-12450 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for zeromq fixes the following issues: - CVE-2019-13132: An unauthenticated remote attacker could have exploited a stack overflow vulnerability on a server that is supposed to be protected by encryption and authentication to potentially gain a remote code execution. (bsc#1140255) Important SUSE bug 1140255 CVE-2019-13132 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for avahi fixes the following issues: Security issue fixed: - CVE-2018-1000845: Fixed DNS amplification and reflection to spoofed addresses (DOS) (bsc#1120281) Moderate SUSE bug 1120281 CVE-2018-1000845 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-13012: Fixed improper restriction of file permissions when creating directories (bsc#1139959). Non-security issue fixed: - Added explicit requires between libglib2 and libgio2 (bsc#1140122). Important SUSE bug 1139959 SUSE bug 1140122 CVE-2019-13012 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for podofo fixes the following issues: Security issues fixed: - CVE-2017-8054: Fixed a vulnerability in PdfPagesTree::GetPageNodeFromArray function which could allow remote attackers to cause Denial of Service (bsc#1035596). - CVE-2018-5783: Fixed an uncontrolled memory allocation in PdfVecObjects::Reserve function (bsc#1076962). - CVE-2018-11255: Fixed a null pointer dereference in PdfPage::GetPageNumber() function which could lead to Denial of Service (bsc#1096890). - CVE-2018-20751: Fixed a null pointer dereference in crop_page function (bsc#1124357). - CVE-2018-12982: Fixed an invalid memory read in PdfVariant::DelayedLoad() function which could allow remote attackers to cause Denial of Service (bsc#1099720). - Fixed a buffer overflow in TestEncrypt function. - Fixed a null pointer dereference in PdfTranslator-setTarget function. - Fixed a heap based buffer overflow PdfVariant:DelayedLoad function. Moderate SUSE bug 1035596 SUSE bug 1076962 SUSE bug 1096890 SUSE bug 1099720 SUSE bug 1124357 CVE-2017-8054 CVE-2018-11255 CVE-2018-12982 CVE-2018-20751 CVE-2018-5783 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for webkit2gtk3 to version 2.24.2 fixes the following issues: Security issues fixed: - CVE-2019-6237, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8615, CVE-2019-8611, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623 (bsc#1135715). Important SUSE bug 1133291 SUSE bug 1135715 CVE-2019-6237 CVE-2019-8571 CVE-2019-8583 CVE-2019-8584 CVE-2019-8586 CVE-2019-8587 CVE-2019-8594 CVE-2019-8595 CVE-2019-8596 CVE-2019-8597 CVE-2019-8601 CVE-2019-8607 CVE-2019-8608 CVE-2019-8609 CVE-2019-8610 CVE-2019-8611 CVE-2019-8615 CVE-2019-8619 CVE-2019-8622 CVE-2019-8623 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-10638: A device could have been tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. (bnc#1140575) - CVE-2019-10639: Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image was exposed. This attack could have been carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic was trivial if the server answered ICMP Echo requests (ping). For client targets, if the target visited the attacker's web page, then WebRTC or gQUIC could be used to force UDP traffic to attacker-controlled IP addresses. (bnc#1140577) - CVE-2018-20836: A race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, could have lead to a use-after-free. (bnc#1134395) - CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (bnc#1133738) - CVE-2019-12614: An unchecked kstrdup might have allowed an attacker to cause denial of service (a NULL pointer dereference and system crash). (bnc#1137194) - CVE-2019-12819: The function __mdiobus_register() in drivers/net/phy/mdio_bus.c called put_device() which would trigger a fixed_mdio_bus_init use-after-free. This would cause a denial of service. (bnc#1138291) - CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may have returned NULL. If the caller did not check for this, it would trigger a NULL pointer dereference. This would cause denial of service. (bnc#1138293) The following non-security bugs were fixed: - 6lowpan: Off by one handling ->nexthdr (bsc#1051510). - acpi / property: fix handling of data_nodes in acpi_get_next_subnode() (bsc#1051510). - acpi: Add Hygon Dhyana support - af_key: unconditionally clone on broadcast (bsc#1051510). - alsa: firewire-lib/fireworks: fix miss detection of received MIDI messages (bsc#1051510). - alsa: firewire-motu: fix destruction of data for isochronous resources (bsc#1051510). - alsa: hda - Force polling mode on CNL for fixing codec communication (bsc#1051510). - alsa: hda/realtek - Change front mic location for Lenovo M710q (bsc#1051510). - alsa: hda/realtek - Set default power save node to 0 (bsc#1051510). - alsa: hda/realtek - Update headset mode for ALC256 (bsc#1051510). - alsa: hda/realtek: Add quirks for several Clevo notebook barebones (bsc#1051510). - alsa: line6: Fix write on zero-sized buffer (bsc#1051510). - alsa: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510). - alsa: seq: fix incorrect order of dest_client/dest_ports arguments (bsc#1051510). - alsa: usb-audio: fix sign unintended sign extension on left shifts (bsc#1051510). - apparmor: enforce nullbyte at end of tag string (bsc#1051510). - asoc: cs42xx8: Add regcache mask dirty (bsc#1051510). - asoc: eukrea-tlv320: fix a leaked reference by adding missing of_node_put (bsc#1051510). - asoc: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510). - asoc: fsl_sai: Update is_slave_mode with correct value (bsc#1051510). - asoc: fsl_utils: fix a leaked reference by adding missing of_node_put (bsc#1051510). - asoc: hdmi-codec: unlock the device on startup errors (bsc#1051510). - audit: fix a memory leak bug (bsc#1051510). - ax25: fix inconsistent lock state in ax25_destroy_timer (bsc#1051510). - batman-adv: allow updating DAT entry timeouts on incoming ARP Replies (bsc#1051510). - blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432). - blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637). - block: Fix a NULL pointer dereference in generic_make_request() (bsc#1139771). - bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328). - bluetooth: Replace the bluetooth fix with the upstream commit (bsc#1135556) - brcmfmac: convert dev_init_lock mutex to completion (bsc#1051510). - brcmfmac: fix Oops when bringing up interface during USB disconnect (bsc#1051510). - brcmfmac: fix WARNING during USB disconnect in case of unempty psq (bsc#1051510). - brcmfmac: fix missing checks for kmemdup (bsc#1051510). - brcmfmac: fix race during disconnect when USB completion is in progress (bsc#1051510). - can: af_can: Fix error path of can_init() (bsc#1051510). - can: flexcan: fix timeout when set small bitrate (bsc#1051510). - can: purge socket error queue on sock destruct (bsc#1051510). - ceph: flush dirty inodes before proceeding with remount (bsc#1140405). - cfg80211: fix memory leak of wiphy device name (bsc#1051510). - chardev: add additional check for minor range overlap (bsc#1051510). - clk: rockchip: Turn on 'aclk_dmac1' for suspend on rk3288 (bsc#1051510). - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider (bsc#1051510). - coresight: etb10: Fix handling of perf mode (bsc#1051510). - coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510). - cpu/topology: Export die_id (jsc#SLE-5454). - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ (). - cpufreq: Add Hygon Dhyana support (). - crypto: algapi - guard against uninitialized spawn list in crypto_remove_spawns (bsc#1133401). - crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510). - crypto: user - prevent operating on larval algorithms (bsc#1133401). - device core: Consolidate locking and unlocking of parent and device (bsc#1106383). - dm, dax: Fix detection of DAX support (bsc#1139782). - dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510). - doc: Cope with the deprecation of AutoReporter (bsc#1051510). - docs: Fix conf.py for Sphinx 2.0 (bsc#1135642). - documentation: Correct the possible MDS sysfs values (bsc#1135642). - drbd: Avoid Clang warning about pointless switch statment (bsc#1051510). - drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bsc#1051510). - drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510). - drbd: skip spurious timeout (ping-timeo) when failing promote (bsc#1051510). - driver core: Establish order of operations for device_add and device_del via bitflag (bsc#1106383). - driver core: Probe devices asynchronously instead of the driver (bsc#1106383). - drivers/base: Introduce kill_device() (bsc#1139865). - drivers/base: kABI fixes for struct device_private (bsc#1106383). - drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' (bsc#1051510). - drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() (bsc#1051510). - drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var (bsc#1051510). - drivers: thermal: tsens: Do not print error message on -EPROBE_DEFER (bsc#1051510). - drm/amdgpu: fix old fence check in amdgpu_fence_emit (bsc#1051510). - drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510). - drm/drv: Hold ref on parent device during drm_device lifetime (bsc#1051510). - drm/gma500/cdv: Check vbt config bits when detecting lvds panels (bsc#1051510). - drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510). - drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510). - drm/i915/sdvo: Implement proper HDMI audio support for SDVO (bsc#1051510). - drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration (bsc#1051510). - drm/radeon: prefer lower reference dividers (bsc#1051510). - drm: Wake up next in drm_read() chain if we are forced to putback the event (bsc#1051510). - edac, amd64: Add Hygon Dhyana support (). - edac/mc: Fix edac_mc_find() in case no device is found (bsc#1114279). - extcon: arizona: Disable mic detect if running when driver is removed (bsc#1051510). - ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995). - fuse: fallocate: fix return with locked inode (bsc#1051510). - fuse: fix writepages on 32bit (bsc#1051510). - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate (bsc#1051510). - genirq: Prevent use-after-free and work list corruption (bsc#1051510). - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bsc#1051510). - genwqe: Prevent an integer overflow in the ioctl (bsc#1051510). - gpio: Remove obsolete comment about gpiochip_free_hogs() usage (bsc#1051510). - gpio: fix gpio-adp5588 build errors (bsc#1051510). - hid: Wacom: switch Dell canvas into highres mode (bsc#1051510). - hid: input: fix a4tech horizontal wheel custom usage (bsc#1137429). - hid: logitech-hidpp: change low battery level threshold from 31 to 30 percent (bsc#1051510). - hid: logitech-hidpp: use RAP instead of FAP to get the protocol version (bsc#1051510). - hid: wacom: Add ability to provide explicit battery status info (bsc#1051510). - hid: wacom: Add support for 3rd generation Intuos BT (bsc#1051510). - hid: wacom: Add support for Pro Pen slim (bsc#1051510). - hid: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth (bsc#1051510). - hid: wacom: Do not report anything prior to the tool entering range (bsc#1051510). - hid: wacom: Do not set tool type until we're in range (bsc#1051510). - hid: wacom: Mark expected switch fall-through (bsc#1051510). - hid: wacom: Move HID fix for AES serial number into wacom_hid_usage_quirk (bsc#1051510). - hid: wacom: Move handling of HID quirks into a dedicated function (bsc#1051510). - hid: wacom: Properly handle AES serial number and tool type (bsc#1051510). - hid: wacom: Queue events with missing type/serial data for later processing (bsc#1051510). - hid: wacom: Remove comparison of u8 mode with zero and simplify (bsc#1051510). - hid: wacom: Replace touch_max fixup code with static touch_max definitions (bsc#1051510). - hid: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact (bsc#1051510). - hid: wacom: Support 'in range' for Intuos/Bamboo tablets where possible (bsc#1051510). - hid: wacom: Sync INTUOSP2_BT touch state after each frame if necessary (bsc#1051510). - hid: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 (bsc#1051510). - hid: wacom: convert Wacom custom usages to standard HID usages (bsc#1051510). - hid: wacom: fix mistake in printk (bsc#1051510). - hid: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0 (bsc#1051510). - hid: wacom: generic: Leave tool in prox until it completely leaves sense (bsc#1051510). - hid: wacom: generic: Refactor generic battery handling (bsc#1051510). - hid: wacom: generic: Report AES battery information (bsc#1051510). - hid: wacom: generic: Reset events back to zero when pen leaves (bsc#1051510). - hid: wacom: generic: Scale battery capacity measurements to percentages (bsc#1051510). - hid: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set (bsc#1051510). - hid: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range (bsc#1051510). - hid: wacom: generic: Support multiple tools per report (bsc#1051510). - hid: wacom: generic: Use generic codepath terminology in wacom_wac_pen_report (bsc#1051510). - hid: wacom: generic: add the 'Report Valid' usage (bsc#1051510). - hid: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510). - hwmon/coretemp: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - hwmon/coretemp: Support multi-die/package (jsc#SLE-5454). - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (). - hwmon: (core) add thermal sensors only if dev->of_node is present (bsc#1051510). - hwmon: (k10temp) 27C Offset needed for Threadripper2 (). - hwmon: (k10temp) Add Hygon Dhyana support (). - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics (). - hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs (). - hwmon: (k10temp) Add support for family 17h (). - hwmon: (k10temp) Add support for temperature offsets (). - hwmon: (k10temp) Add temperature offset for Ryzen 1900X (). - hwmon: (k10temp) Add temperature offset for Ryzen 2700X (). - hwmon: (k10temp) Correct model name for Ryzen 1600X (). - hwmon: (k10temp) Display both Tctl and Tdie (). - hwmon: (k10temp) Fix reading critical temperature register (). - hwmon: (k10temp) Make function get_raw_temp static (). - hwmon: (k10temp) Move chip specific code into probe function (). - hwmon: (k10temp) Only apply temperature offset if result is positive (). - hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh processors (). - hwmon: (k10temp) Use API function to access System Management Network (). - hwmon: (pmbus/core) Treat parameters as paged if on multiple pages (bsc#1051510). - hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify offset table (). - hwrng: omap - Set default quality (bsc#1051510). - i2c-piix4: Add Hygon Dhyana SMBus support (). - i2c: acorn: fix i2c warning (bsc#1135642). - i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr (bsc#1051510). - i2c: i801: Add support for Intel Comet Lake (jsc#SLE-5331). - ibmveth: Update ethtool settings to reflect virtual properties (bsc#1136157, LTC#177197). - iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion (bsc#1051510). - iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data (bsc#1051510). - iio: hmc5843: fix potential NULL pointer dereferences (bsc#1051510). - input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510). - input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD (bsc#1051510). - iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb() (bsc#1051510). - iwlwifi: pcie: do not crash on invalid RX interrupt (bsc#1051510). - kABI workaround for the new pci_dev.skip_bus_pm field addition (bsc#1051510). - kabi: x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - kabi: x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - kernel-binary: Use -c grep option in klp project detection. - kernel-binary: fix missing \ - kernel-binary: rpm does not support multiline condition - kernel-subpackage-spec: Add dummy package to ensure subpackages are rebuilt with kernel update (bsc#1106751). In factory packages are not rebuilt automatically so a dependency is needed on the old kernel to get a rebuild with the new kernel. THe subpackage itself cannot depend on the kernel so add another empty pacakge that does depend on it. - kmps: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137). - kmps: provide and conflict a kernel version specific KMP name (bsc#1127155, bsc#1109137). - kvm: PPC: Book3S HV: Avoid lockdep debugging in TCE realmode handlers (bsc#1061840). - kvm: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough interrupts (bsc#1061840). - kvm: PPC: Book3S: Protect memslots while validating user address (bsc#1061840). - kvm: PPC: Release all hardware TCE tables attached to a group (bsc#1061840). - kvm: PPC: Remove redundand permission bits removal (bsc#1061840). - kvm: PPC: Validate TCEs against preregistered memory page sizes (bsc#1061840). - kvm: PPC: Validate all tces before updating tables (bsc#1061840). - kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID (bsc#1114279). - kvm: x86: Include multiple indices with CPUID leaf 0x8000001d (bsc#1114279). - leds: avoid flush_work in atomic context (bsc#1051510). - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk (bsc#1051510). - libnvdimm, pfn: Fix over-trim in trim_pfn_device() (bsc#1140719). - libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865). - mISDN: make sure device name is NUL terminated (bsc#1051510). - mac80211/cfg80211: update bss channel on channel switch (bsc#1051510). - mac80211: Do not use stack memory with scatterlist for GMAC (bsc#1051510). - mac80211: Fix kernel panic due to use of txq after free (bsc#1051510). - mac80211: drop robust management frames from unknown TA (bsc#1051510). - mac80211: handle deauthentication/disassociation from TDLS peer (bsc#1051510). - media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() (bsc#1051510). - media: au0828: stop video streaming only when last user stops (bsc#1051510). - media: coda: clear error return value before picture run (bsc#1051510). - media: cpia2: Fix use-after-free in cpia2_exit (bsc#1051510). - media: go7007: avoid clang frame overflow warning with KASAN (bsc#1051510). - media: m88ds3103: serialize reset messages in m88ds3103_set_frontend (bsc#1051510). - media: ov2659: make S_FMT succeed even if requested format does not match (bsc#1051510). - media: saa7146: avoid high stack usage with clang (bsc#1051510). - media: smsusb: better handle optional alignment (bsc#1051510). - media: usb: siano: Fix false-positive 'uninitialized variable' warning (bsc#1051510). - media: usb: siano: Fix general protection fault in smsusb (bsc#1051510). - media: v4l2-ioctl: clear fields in s_parm (bsc#1051510). - mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L (bsc#1051510). - mfd: intel-lpss: Set the device in reset state when init (bsc#1051510). - mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values (bsc#1051510). - mfd: tps65912-spi: Add missing of table registration (bsc#1051510). - mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510). - mm: pagechage-limit: Calculate pagecache-limit based on node state (bsc#1136811) - mmc: core: Prevent processing SDIO IRQs when the card is suspended (bsc#1051510). - mmc: core: Verify SD bus width (bsc#1051510). - mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers (bsc#1051510). - mmc: mmci: Prevent polling for busy detection in IRQ context (bsc#1051510). - mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum A-009204 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support (bsc#1051510). - mmc: sdhci-of-esdhc: add erratum eSDHC5 support (bsc#1051510). - mmc_spi: add a status check for spi_sync_locked (bsc#1051510). - module: Fix livepatch/ftrace module text permissions race (bsc#1071995). - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633). - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633). - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633). - nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814). - nfit/ars: Avoid stale ARS results (jsc#SLE-5433). - nfit/ars: Introduce scrub_flags (jsc#SLE-5433). - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642). - nvme-rdma: fix double freeing of async event data (bsc#1120423). - nvme-rdma: fix possible double free of controller async event buffer (bsc#1120423). - nvme: copy MTFA field from identify controller (bsc#1140715). - nvme: skip nvme_update_disk_info() if the controller is not live (bsc#1128432). - nvmem: Do not let a NULL cell_id for nvmem_cell_get() crash us (bsc#1051510). - nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510). - nvmem: core: fix read buffer in place (bsc#1051510). - nvmem: correct Broadcom OTP controller driver writes (bsc#1051510). - nvmem: imx-ocotp: Add i.MX7D timing write clock setup support (bsc#1051510). - nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510). - nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510). - nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function (bsc#1051510). - nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510). - nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510). - nvmem: imx-ocotp: Update module description (bsc#1051510). - nvmem: properly handle returned value nvmem_reg_read (bsc#1051510). - ocfs2: try to reuse extent block in dealloc without meta_alloc (bsc#1128902). - parport: Fix mem leak in parport_register_dev_model (bsc#1051510). - pci: PM: Avoid possible suspend-to-idle issue (bsc#1051510). - pci: PM: Skip devices in D0 for suspend-to-idle (bsc#1051510). - pci: rpadlpar: Fix leaked device_node references in add/remove paths (bsc#1051510). - perf tools: Add Hygon Dhyana support (). - perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/rapl: Cosmetic rename internal variables in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454). - perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg support (jsc#SLE-5454). - perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454). - platform/chrome: cros_ec_proto: check for NULL transfer function (bsc#1051510). - platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration (bsc#1051510). - pm/core: Propagate dev->power.wakeup_path when no callbacks (bsc#1051510). - power: supply: max14656: fix potential use-before-alloc (bsc#1051510). - power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510). - powercap/intel_rapl: Simplify rapl_find_package() (jsc#SLE-5454). - powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454). - powercap/intel_rapl: Update RAPL domain name and debug messages (jsc#SLE-5454). - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374, LTC#178199). - powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list (bsc#1137728, LTC#178106). - powerpc/perf: Add POWER9 alternate PM_RUN_CYC and PM_RUN_INST_CMPL events (bsc#1137728, LTC#178106). - powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199). - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199). - powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375, LTC#178204). - powerpc/rtas: retry when cpu offline races with suspend/migration (bsc#1140428, LTC#178808). - ppp: mppe: Add softdep to arc4 (bsc#1088047). - qlcnic: Avoid potential NULL pointer dereference (bsc#1051510). - qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510). - qmi_wwan: add network device usage statistics for qmimux devices (bsc#1051510). - qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510). - qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode (bsc#1051510). - qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510). - rapidio: fix a NULL pointer dereference when create_workqueue() fails (bsc#1051510). - ras/cec: Convert the timer callback to a workqueue (bsc#1114279). - ras/cec: Fix binary search function (bsc#1114279). - rpm/dtb.spec.in.in: Fix new include path Commit 89de3db69113d58cdab14d2c777de6080eac49dc ('rpm/dtb.spec.in.in: Update include path for dt-bindings') introduced an additional include path for 4.12. The commit message had it correct, but the spec file template lacked a path component, breaking the aarch64 build while succeeding on armv7hl. Fix that. - rpm/dtb.spec.in.in: Update include path for dt-bindings Kernels before 4.12 had arch/{arm,arm64}/boot/dts/include/ directories with a symlink to include/dt-bindings/. In 4.12 those include/ directories were dropped. Therefore use include/ directly. Additionally some cross-architecture .dtsi reuse was introduced, which requires scripts/dtc/include-prefixes/ that didn't exist on older kernels. - rpm/kernel-binary.spec.in: Add back kernel-binary-base subpackage (jsc#SLE-3853). - rpm/kernel-binary.spec.in: Build livepatch support in SUSE release projects (bsc#1124167). - rpm/kernel-subpackage-build: handle arm kernel zImage. - rpm/kernel-subpackage-spec: only provide firmware actually present in subpackage. - rpm/package-descriptions: fix typo in kernel-azure - rpm/post.sh: correct typo in err msg (bsc#1137625) - rpm: Add arm64 dtb-allwinner subpackage 4.10 added arch/arm64/boot/dts/allwinner/. - rpm: Add arm64 dtb-zte subpackage 4.9 added arch/arm64/boot/dts/zte/. - rtc: 88pm860x: prevent use-after-free on device remove (bsc#1051510). - rtc: do not reference bogus function pointer in kdoc (bsc#1051510). - rtlwifi: fix a potential NULL pointer dereference (bsc#1051510). - s390: fix booting problem (bsc#1140948). - s390/dasd: fix using offset into zero size array error (bsc#1051510). - s390/jump_label: Use 'jdd' constraint on gcc9 (bsc#1138589). - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event (bsc#1051510). - s390/qeth: fix race when initializing the IP address table (bsc#1051510). - s390/setup: fix early warning messages (bsc#1051510). - s390/virtio: handle find on invalid queue gracefully (bsc#1051510). - sbitmap: fix improper use of smp_mb__before_atomic() (bsc#1140658). - sched/topology: Improve load balancing on AMD EPYC (bsc#1137366). - scripts/git_sort/git_sort.py: add djbw/nvdimm nvdimm-pending. - scripts/git_sort/git_sort.py: add nvdimm/libnvdimm-fixes - scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390). - scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555). - scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555). - scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() (bsc#1140727). - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bsc#1140728). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296). - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove (bsc#1051510). - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bsc#1051510). - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bsc#1051510). - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) (bsc#1051510). - serial: sh-sci: disable DMA for uart_console (bsc#1051510). - smb3: Fix endian warning (bsc#1137884). - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher (bsc#1051510). - soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510). - spi : spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510). - spi: Fix zero length xfer bug (bsc#1051510). - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master (bsc#1051510). - spi: pxa2xx: Add support for Intel Comet Lake (jsc#SLE-5331). - spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510). - spi: spi-fsl-spi: call spi_finalize_current_message() at the end (bsc#1051510). - spi: tegra114: reset controller on probe (bsc#1051510). - staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest (bsc#1051510). - staging: vc04_services: prevent integer overflow in create_pagelist() (bsc#1051510). - staging: wlan-ng: fix adapter initialization failure (bsc#1051510). - svm: Add warning message for AVIC IPI invalid target (bsc#1140133). - svm: Fix AVIC incomplete IPI emulation (bsc#1140133). - sysctl: handle overflow in proc_get_long (bsc#1051510). - test_firmware: Use correct snprintf() limit (bsc#1135642). - thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454). - thermal/x86_pkg_temp_thermal: Support multi-die/package (jsc#SLE-5454). - thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510). - thunderbolt: Fix to check for kmemdup failure (bsc#1051510). - tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510). - tmpfs: fix uninitialized return value in shmem_link (bsc#1051510). - tools/cpupower: Add Hygon Dhyana support (). - topology: Create core_cpus and die_cpus sysfs attributes (jsc#SLE-5454). - topology: Create package_cpus sysfs attribute (jsc#SLE-5454). - tracing/snapshot: Resize spare buffer if size changed (bsc#1140726). - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler (bsc#1051510). - tty: ipwireless: fix missing checks for ioremap (bsc#1051510). - tty: max310x: Fix external crystal register setup (bsc#1051510). - tty: serial: msm_serial: Fix XON/XOFF (bsc#1051510). - usb: Add LPM quirk for Surface Dock GigE adapter (bsc#1051510). - usb: Fix chipmunk-like voice when using Logitech C270 for recording audio (bsc#1051510). - usb: Fix slab-out-of-bounds write in usb_get_bos_descriptor (bsc#1051510). - usb: chipidea: udc: workaround for endpoint conflict issue (bsc#1135642). - usb: core: Add PM runtime calls to usb_hcd_platform_shutdown (bsc#1051510). - usb: core: Do not unbind interfaces following device reset failure (bsc#1051510). - usb: dwc2: Fix DMA cache alignment issues (bsc#1051510). - usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression) (bsc#1135642). - usb: rio500: fix memory leak in close after disconnect (bsc#1051510). - usb: rio500: refuse more than one device at a time (bsc#1051510). - usb: serial: fix initial-termios handling (bsc#1135642). - usb: serial: option: add Telit 0x1260 and 0x1261 compositions (bsc#1051510). - usb: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode (bsc#1051510). - usb: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510). - usb: serial: pl2303: fix tranceiver suspend mode (bsc#1135642). - usb: sisusbvga: fix oops in error path of sisusb_probe (bsc#1051510). - usb: usb-storage: Add new ID to ums-realtek (bsc#1051510). - usb: xhci: avoid null pointer deref when bos field is NULL (bsc#1135642). - usbip: usbip_host: fix BUG: sleeping function called from invalid context (bsc#1051510). - usbip: usbip_host: fix stub_dev lock context imbalance regression (bsc#1051510). - usbnet: fix kernel crash after disconnect (bsc#1051510). - usbnet: ipheth: fix racing condition (bsc#1051510). - vfio: ccw: only free cp on final interrupt (bsc#1051510). - video: hgafb: fix potential NULL pointer dereference (bsc#1051510). - video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510). - virtio_console: initialize vtermno value for ports (bsc#1051510). - vlan: disable SIOCSHWTSTAMP in container (bsc#1051510). - vxlan: trivial indenting fix (bsc#1051510). - vxlan: use __be32 type for the param vni in __vxlan_fdb_delete (bsc#1051510). - w1: fix the resume command API (bsc#1051510). - watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510). - x86/CPU/AMD: Do not force the CPB cap when running under a hypervisor (bsc#1114279). - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors (). - x86/alternative: Init ideal_nops for Hygon Dhyana (). - x86/amd_nb: Add support for Raven Ridge CPUs (). - x86/amd_nb: Check vendor in AMD-only functions (). - x86/apic: Add Hygon Dhyana support (). - x86/bugs: Add Hygon Dhyana to the respective mitigation machinery (). - x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number (). - x86/cpu: Create Hygon Dhyana architecture support file (). - x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana (). - x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382). - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (jsc#SLE-5382). This changes definitions of some bits, but they are intended to be used only by the core, so hopefully, no KMP uses the definitions. - x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions (jsc#SLE-5382). - x86/events: Add Hygon Dhyana support to PMU infrastructure (). - x86/kvm: Add Hygon Dhyana support to KVM (). - x86/mce: Add Hygon Dhyana support to the MCA infrastructure (). - x86/mce: Do not disable MCA banks when offlining a CPU on AMD (). - x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279). - x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback (bsc#1114279). - x86/microcode: Fix microcode hotplug state (bsc#1114279). - x86/microcode: Fix the ancient deprecated microcode loading method (bsc#1114279). - x86/mm/mem_encrypt: Disable all instrumentation for early SME setup (bsc#1114279). - x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and northbridge (). - x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana (). - x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454). - x86/speculation/mds: Revert CPU buffer clear on double fault exit (bsc#1114279). - x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454). - x86/topology: Create topology_max_die_per_package() (jsc#SLE-5454). - x86/topology: Define topology_die_id() (jsc#SLE-5454). - x86/topology: Define topology_logical_die_id() (jsc#SLE-5454). - x86/xen: Add Hygon Dhyana support to Xen (). - xen/pciback: Do not disable PCI_COMMAND on PCI device reset (bsc#1065600). - xfs: do not clear imap_valid for a non-uptodate buffers (bsc#1138018). - xfs: do not look at buffer heads in xfs_add_to_ioend (bsc#1138013). - xfs: do not set the page uptodate in xfs_writepage_map (bsc#1138003). - xfs: do not use XFS_BMAPI_ENTRIRE in xfs_get_blocks (bsc#1137999). - xfs: do not use XFS_BMAPI_IGSTATE in xfs_map_blocks (bsc#1138005). - xfs: eof trim writeback mapping as soon as it is cached (bsc#1138019). - xfs: fix s_maxbytes overflow problems (bsc#1137996). - xfs: make xfs_writepage_map extent map centric (bsc#1138009). - xfs: minor cleanup for xfs_get_blocks (bsc#1138000). - xfs: move all writeback buffer_head manipulation into xfs_map_at_offset (bsc#1138014). - xfs: refactor the tail of xfs_writepage_map (bsc#1138016). - xfs: remove XFS_IO_INVALID (bsc#1138017). - xfs: remove the imap_valid flag (bsc#1138012). - xfs: remove unused parameter from xfs_writepage_map (bsc#1137995). - xfs: remove xfs_map_cow (bsc#1138007). - xfs: remove xfs_reflink_find_cow_mapping (bsc#1138010). - xfs: remove xfs_reflink_trim_irec_to_next_cow (bsc#1138006). - xfs: remove xfs_start_page_writeback (bsc#1138015). - xfs: rename the offset variable in xfs_writepage_map (bsc#1138008). - xfs: simplify xfs_map_blocks by using xfs_iext_lookup_extent directly (bsc#1138011). - xfs: skip CoW writes past EOF when writeback races with truncate (bsc#1137998). - xfs: xfs_reflink_convert_cow() memory allocation deadlock (bsc#1138002). - xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic() (bsc#1051510). - xhci: Use %zu for printing size_t type (bsc#1051510). - xhci: update bounce buffer with correct sg num (bsc#1051510). Important SUSE bug 1051510 SUSE bug 1061840 SUSE bug 1065600 SUSE bug 1071995 SUSE bug 1088047 SUSE bug 1094555 SUSE bug 1098633 SUSE bug 1106383 SUSE bug 1106751 SUSE bug 1109137 SUSE bug 1114279 SUSE bug 1119532 SUSE bug 1120423 SUSE bug 1124167 SUSE bug 1127155 SUSE bug 1128432 SUSE bug 1128902 SUSE bug 1128910 SUSE bug 1132154 SUSE bug 1132390 SUSE bug 1133401 SUSE bug 1133738 SUSE bug 1134303 SUSE bug 1134395 SUSE bug 1135296 SUSE bug 1135556 SUSE bug 1135642 SUSE bug 1136157 SUSE bug 1136811 SUSE bug 1136922 SUSE bug 1137103 SUSE bug 1137194 SUSE bug 1137221 SUSE bug 1137366 SUSE bug 1137429 SUSE bug 1137625 SUSE bug 1137728 SUSE bug 1137884 SUSE bug 1137995 SUSE bug 1137996 SUSE bug 1137998 SUSE bug 1137999 SUSE bug 1138000 SUSE bug 1138002 SUSE bug 1138003 SUSE bug 1138005 SUSE bug 1138006 SUSE bug 1138007 SUSE bug 1138008 SUSE bug 1138009 SUSE bug 1138010 SUSE bug 1138011 SUSE bug 1138012 SUSE bug 1138013 SUSE bug 1138014 SUSE bug 1138015 SUSE bug 1138016 SUSE bug 1138017 SUSE bug 1138018 SUSE bug 1138019 SUSE bug 1138291 SUSE bug 1138293 SUSE bug 1138374 SUSE bug 1138375 SUSE bug 1138589 SUSE bug 1138719 SUSE bug 1139751 SUSE bug 1139771 SUSE bug 1139782 SUSE bug 1139865 SUSE bug 1140133 SUSE bug 1140328 SUSE bug 1140405 SUSE bug 1140424 SUSE bug 1140428 SUSE bug 1140575 SUSE bug 1140577 SUSE bug 1140637 SUSE bug 1140658 SUSE bug 1140715 SUSE bug 1140719 SUSE bug 1140726 SUSE bug 1140727 SUSE bug 1140728 SUSE bug 1140814 SUSE bug 1140948 SUSE bug 821419 SUSE bug 945811 CVE-2018-16871 CVE-2018-20836 CVE-2019-10126 CVE-2019-10638 CVE-2019-10639 CVE-2019-11478 CVE-2019-11599 CVE-2019-12456 CVE-2019-12614 CVE-2019-12818 CVE-2019-12819 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for polkit fixes the following issues: Security issue fixed: - CVE-2018-19788: Fixed handling of UIDs over MAX_UINT (bsc#1118277) Moderate SUSE bug 1118277 CVE-2018-19788 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319). - CVE-2018-12232: In net/socket.c in the there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash (bnc#1097593). - CVE-2018-14625: A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (bnc#1106615). - CVE-2018-16862: A security flaw was found in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186). - CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946). - CVE-2018-18397: The userfaultfd implementation mishandled access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656). - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841). - CVE-2018-19854: An issue was discovered in the crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker did not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option) (bnc#1118428). - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). The following non-security bugs were fixed: - acpi / CPPC: Check for valid PCC subspace only if PCC is used (bsc#1117115). - acpi / CPPC: Update all pr_(debug/err) messages to log the susbspace id (bsc#1117115). - aio: fix spectre gadget in lookup_ioctx (bsc#1120594). - alsa: cs46xx: Potential NULL dereference in probe (bsc#1051510). - alsa: emu10k1: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - alsa: emux: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - alsa: fireface: fix for state to fetch PCM frames (bsc#1051510). - alsa: fireface: fix reference to wrong register for clock configuration (bsc#1051510). - alsa: firewire-lib: fix wrong assignment for 'out_packet_without_header' tracepoint (bsc#1051510). - alsa: firewire-lib: fix wrong handling payload_length as payload_quadlet (bsc#1051510). - alsa: firewire-lib: use the same print format for 'without_header' tracepoints (bsc#1051510). - alsa: hda: add mute LED support for HP EliteBook 840 G4 (bsc#1051510). - alsa: hda: Add support for AMD Stoney Ridge (bsc#1051510). - alsa: hda/ca0132 - make pci_iounmap() call conditional (bsc#1051510). - alsa: hda: fix front speakers on Huawei MBXP (bsc#1051510). - alsa: hda/realtek - Add support for Acer Aspire C24-860 headset mic (bsc#1051510). - alsa: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225 (bsc#1051510). - alsa: hda/realtek: ALC286 mic and headset-mode fixups for Acer Aspire U27-880 (bsc#1051510). - alsa: hda/realtek: ALC294 mic and headset-mode fixups for ASUS X542UN (bsc#1051510). - alsa: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX391UA with ALC294 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX433FN/UX333FA with ALC294 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX533FD with ALC294 (bsc#1051510). - alsa: hda/realtek: Enable the headset mic auto detection for ASUS laptops (bsc#1051510). - alsa: hda/realtek - Fixed headphone issue for ALC700 (bsc#1051510). - alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4660G (bsc#1051510). - alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4860G/Z6860G (bsc#1051510). - alsa: hda/realtek - Fix speaker output regression on Thinkpad T570 (bsc#1051510). - alsa: hda/realtek - Fix the mute LED regresion on Lenovo X1 Carbon (bsc#1051510). - alsa: hda/realtek - Support Dell headset mode for New AIO platform (bsc#1051510). - alsa: hda/tegra: clear pending irq handlers (bsc#1051510). - alsa: pcm: Call snd_pcm_unlink() conditionally at closing (bsc#1051510). - alsa: pcm: Fix interval evaluation with openmin/max (bsc#1051510). - alsa: pcm: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: pcm: Fix starvation on down_write_nonblock() (bsc#1051510). - alsa: rme9652: Fix potential Spectre v1 vulnerability (bsc#1051510). - alsa: trident: Suppress gcc string warning (bsc#1051510). - alsa: usb-audio: Add SMSL D1 to quirks for native DSD support (bsc#1051510). - alsa: usb-audio: Add support for Encore mDSD USB DAC (bsc#1051510). - alsa: usb-audio: Avoid access before bLength check in build_audio_procunit() (bsc#1051510). - alsa: usb-audio: Fix an out-of-bound read in create_composite_quirks (bsc#1051510). - alsa: x86: Fix runtime PM for hdmi-lpe-audio (bsc#1051510). - apparmor: do not try to replace stale label in ptrace access check (git-fixes). - apparmor: do not try to replace stale label in ptraceme check (git-fixes). - apparmor: Fix uninitialized value in aa_split_fqname (git-fixes). - arm64: Add work around for Arm Cortex-A55 Erratum 1024718 (bsc#1120612). - arm64: atomics: Remove '&' from '+&' asm constraint in lse atomics (bsc#1120613). - arm64: cpu_errata: include required headers (bsc#1120615). - arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing (bsc#1120633). - arm64: Fix /proc/iomem for reserved but not memory regions (bsc#1120632). - arm64: lse: Add early clobbers to some input/output asm operands (bsc#1120614). - arm64: lse: remove -fcall-used-x0 flag (bsc#1120618). - arm64: mm: always enable CONFIG_HOLES_IN_ZONE (bsc#1120617). - arm64/numa: Report correct memblock range for the dummy node (bsc#1120620). - arm64/numa: Unify common error path in numa_init() (bsc#1120621). - arm64: remove no-op -p linker flag (bsc#1120616). - ASoC: dapm: Recalculate audio map forcely when card instantiated (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Clapper (bsc#1051510). - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Gnawty (bsc#1051510). - ASoC: Intel: mrfld: fix uninitialized variable access (bsc#1051510). - ASoC: omap-abe-twl6040: Fix missing audio card caused by deferred probing (bsc#1051510). - ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE (bsc#1051510). - ASoC: omap-mcbsp: Fix latency value calculation for pm_qos (bsc#1051510). - ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE (bsc#1051510). - ASoC: rsnd: fixup clock start checker (bsc#1051510). - ASoC: wm_adsp: Fix dma-unsafe read of scratch registers (bsc#1051510). - ath10k: do not assume this is a PCI dev in generic code (bsc#1051510). - ath6kl: Only use match sets when firmware supports it (bsc#1051510). - b43: Fix error in cordic routine (bsc#1051510). - bcache: fix miss key refill->end in writeback (Git-fixes). - bcache: trace missed reading by cache_missed (Git-fixes). - Blacklist 5182f26f6f74 crypto: ccp - Make function sev_get_firmware() static - blk-mq: remove synchronize_rcu() from blk_mq_del_queue_tag_set() (Git-fixes). - block: allow max_discard_segments to be stacked (Git-fixes). - block: blk_init_allocated_queue() set q->fq as NULL in the fail case (Git-fixes). - block: really disable runtime-pm for blk-mq (Git-fixes). - block: reset bi_iter.bi_done after splitting bio (Git-fixes). - block/swim: Fix array bounds check (Git-fixes). - bnxt_en: do not try to offload VLAN 'modify' action (bsc#1050242 ). - bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request (bsc#1086282). - bnxt_en: Fix VNIC reservations on the PF (bsc#1086282 ). - bnxt_en: get the reduced max_irqs by the ones used by RDMA (bsc#1050242). - bpf: fix check of allowed specifiers in bpf_trace_printk (bsc#1083647). - bpf: use per htab salt for bucket hash (git-fixes). - btrfs: Always try all copies when reading extent buffers (git-fixes). - btrfs: delete dead code in btrfs_orphan_add() (bsc#1111469). - btrfs: delete dead code in btrfs_orphan_commit_root() (bsc#1111469). - btrfs: do not BUG_ON() in btrfs_truncate_inode_items() (bsc#1111469). - btrfs: do not check inode's runtime flags under root->orphan_lock (bsc#1111469). - btrfs: do not return ino to ino cache if inode item removal fails (bsc#1111469). - btrfs: fix ENOSPC caused by orphan items reservations (bsc#1111469). - btrfs: Fix error handling in btrfs_cleanup_ordered_extents (git-fixes). - btrfs: fix error handling in btrfs_truncate() (bsc#1111469). - btrfs: fix error handling in btrfs_truncate_inode_items() (bsc#1111469). - btrfs: fix fsync of files with multiple hard links in new directories (1120173). - btrfs: Fix memory barriers usage with device stats counters (git-fixes). - btrfs: fix use-after-free on root->orphan_block_rsv (bsc#1111469). - btrfs: get rid of BTRFS_INODE_HAS_ORPHAN_ITEM (bsc#1111469). - btrfs: get rid of unused orphan infrastructure (bsc#1111469). - btrfs: move btrfs_truncate_block out of trans handle (bsc#1111469). - btrfs: qgroup: Dirty all qgroups before rescan (bsc#1120036). - btrfs: refactor btrfs_evict_inode() reserve refill dance (bsc#1111469). - btrfs: renumber BTRFS_INODE_ runtime flags and switch to enums (bsc#1111469). - btrfs: reserve space for O_TMPFILE orphan item deletion (bsc#1111469). - btrfs: run delayed items before dropping the snapshot (bsc#1121263, bsc#1111188). - btrfs: stop creating orphan items for truncate (bsc#1111469). - btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875). - btrfs: update stale comments referencing vmtruncate() (bsc#1111469). - can: flexcan: flexcan_irq(): fix indention (bsc#1051510). - cdrom: do not attempt to fiddle with cdo->capability (bsc#1051510). - ceph: do not update importing cap's mseq when handing cap export (bsc#1121273). - char_dev: extend dynamic allocation of majors into a higher range (bsc#1121058). - char_dev: Fix off-by-one bugs in find_dynamic_major() (bsc#1121058). - clk: mmp: Off by one in mmp_clk_add() (bsc#1051510). - clk: mvebu: Off by one bugs in cp110_of_clk_get() (bsc#1051510). - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations (git-fixes). - config: arm64: enable erratum 1024718 - cpufeature: avoid warning when compiling with clang (Git-fixes). - cpufreq / CPPC: Add cpuinfo_cur_freq support for CPPC (bsc#1117115). - cpufreq: CPPC: fix build in absence of v3 support (bsc#1117115). - cpupower: remove stringop-truncation waring (git-fixes). - crypto: bcm - fix normal/non key hash algorithm failure (bsc#1051510). - crypto: ccp - Add DOWNLOAD_FIRMWARE SEV command (). - crypto: ccp - Add GET_ID SEV command (). - crypto: ccp - Add psp enabled message when initialization succeeds (). - crypto: ccp - Add support for new CCP/PSP device ID (). - crypto: ccp - Allow SEV firmware to be chosen based on Family and Model (). - crypto: ccp - Fix static checker warning (). - crypto: ccp - Remove unused #defines (). - crypto: ccp - Support register differences between PSP devices (). - dasd: fix deadlock in dasd_times_out (bsc#1121477, LTC#174111). - dax: Check page->mapping isn't NULL (bsc#1120054). - dax: Do not access a freed inode (bsc#1120055). - device property: Define type of PROPERTY_ENRTY_*() macros (bsc#1051510). - device property: fix fwnode_graph_get_next_endpoint() documentation (bsc#1051510). - disable stringop truncation warnings for now (git-fixes). - dm: allocate struct mapped_device with kvzalloc (Git-fixes). - dm cache: destroy migration_cache if cache target registration failed (Git-fixes). - dm cache: fix resize crash if user does not reload cache table (Git-fixes). - dm cache metadata: ignore hints array being too small during resize (Git-fixes). - dm cache metadata: save in-core policy_hint_size to on-disk superblock (Git-fixes). - dm cache metadata: set dirty on all cache blocks after a crash (Git-fixes). - dm cache: only allow a single io_mode cache feature to be requested (Git-fixes). - dm crypt: do not decrease device limits (Git-fixes). - dm: fix report zone remapping to account for partition offset (Git-fixes). - dm integrity: change 'suspending' variable from bool to int (Git-fixes). - dm ioctl: harden copy_params()'s copy_from_user() from malicious users (Git-fixes). - dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled (Git-fixes). - dm linear: fix linear_end_io conditional definition (Git-fixes). - dm thin: handle running out of data space vs concurrent discard (Git-fixes). - dm thin metadata: remove needless work from __commit_transaction (Git-fixes). - dm thin: stop no_space_timeout worker when switching to write-mode (Git-fixes). - dm writecache: fix a crash due to reading past end of dirty_bitmap (Git-fixes). - dm writecache: report start_sector in status line (Git-fixes). - dm zoned: fix metadata block ref counting (Git-fixes). - dm zoned: fix various dmz_get_mblock() issues (Git-fixes). - doc/README.SUSE: correct GIT url No more gitorious, github we use. - drivers/net/usb: add device id for TP-LINK UE300 USB 3.0 Ethernet (bsc#1119749). - drivers/net/usb/r8152: remove the unneeded variable 'ret' in rtl8152_system_suspend (bsc#1119749). - drivers/tty: add missing of_node_put() (bsc#1051510). - drm/amdgpu/gmc8: update MC firmware for polaris (bsc#1113722) - drm/amdgpu: update mc firmware image for polaris12 variants (bsc#1113722) - drm/amdgpu: update SMC firmware image for polaris10 variants (bsc#1113722) - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1113722) - drm/i915/execlists: Apply a full mb before execution for Braswell (bsc#1113722) - drm/ioctl: Fix Spectre v1 vulnerabilities (bsc#1113722) - drm/nouveau/kms: Fix memory leak in nv50_mstm_del() (bsc#1113722) - drm: rcar-du: Fix external clock error checks (bsc#1113722) - drm: rcar-du: Fix vblank initialization (bsc#1113722) - drm/rockchip: psr: do not dereference encoder before it is null (bsc#1113722) - drm: set is_master to 0 upon drm_new_set_master() failure (bsc#1113722) - drm/vc4: Set ->is_yuv to false when num_planes == 1 (bsc#1113722) - drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE (bsc#1113722) - dt-bindings: add compatible string for Allwinner V3s SoC (git-fixes). - dt-bindings: arm: Document SoC compatible value for Armadillo-800 EVA (git-fixes). - dt-bindings: clock: add rk3399 DDR3 standard speed bins (git-fixes). - dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4 (git-fixes). - dt-bindings: iio: update STM32 timers clock names (git-fixes). - dt-bindings: mfd: axp20x: Add AXP806 to supported list of chips (git-fixes). - dt-bindings: net: Remove duplicate NSP Ethernet MAC binding document (git-fixes). - dt-bindings: panel: lvds: Fix path to display timing bindings (git-fixes). - dt-bindings: phy: sun4i-usb-phy: Add property descriptions for H3 (git-fixes). - dt-bindings: pwm: renesas: tpu: Fix 'compatible' prop description (git-fixes). - dt-bindings: pwm: Update STM32 timers clock names (git-fixes). - dt-bindings: rcar-dmac: Document missing error interrupt (git-fixes). - efi: Move some sysfs files to be read-only by root (bsc#1051510). - ethernet: fman: fix wrong of_node_put() in probe function (bsc#1119017). - exportfs: fix 'passing zero to ERR_PTR()' warning (bsc#1118773). - ext2: fix potential use after free (bsc#1118775). - ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#1118760). - ext4: fix EXT4_IOC_GROUP_ADD ioctl (bsc#1120604). - ext4: fix possible use after free in ext4_quota_enable (bsc#1120602). - ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() (bsc#1120603). - extable: Consolidate *kernel_text_address() functions (bsc#1120092). - extable: Enable RCU if it is not watching in kernel_text_address() (bsc#1120092). - fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1113722) - fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1113722) - filesystem-dax: Fix dax_layout_busy_page() livelock (bsc#1118787). - firmware: add firmware_request_nowarn() - load firmware without warnings (). - Fix tracing sample code warning (git-fixes). - fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (Git-fixes). - fscache: Pass the correct cancelled indications to fscache_op_complete() (Git-fixes). - fs: fix lost error code in dio_complete (bsc#1118762). - fs/xfs: Use %pS printk format for direct addresses (git-fixes). - fuse: fix blocked_waitq wakeup (git-fixes). - fuse: fix leaked notify reply (git-fixes). - fuse: fix possibly missed wake-up after abort (git-fixes). - fuse: Fix use-after-free in fuse_dev_do_read() (git-fixes). - fuse: Fix use-after-free in fuse_dev_do_write() (git-fixes). - fuse: fix use-after-free in fuse_direct_IO() (git-fixes). - fuse: set FR_SENT while locked (git-fixes). - gcc-plugins: Add include required by GCC release 8 (git-fixes). - gcc-plugins: Use dynamic initializers (git-fixes). - gfs2: Do not leave s_fs_info pointing to freed memory in init_sbd (bsc#1118769). - gfs2: Fix loop in gfs2_rbm_find (bsc#1120601). - gfs2: Get rid of potential double-freeing in gfs2_create_inode (bsc#1120600). - gfs2_meta: ->mount() can get NULL dev_name (bsc#1118768). - gfs2: Put bitmap buffers in put_super (bsc#1118772). - gpio: davinci: Remove unused member of davinci_gpio_controller (git-fixes). - gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers (bsc#1051510). - gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (bsc#1051510). - gpio: max7301: fix driver for use with CONFIG_VMAP_STACK (bsc#1051510). - gpio: mvebu: only fail on missing clk if pwm is actually to be used (bsc#1051510). - hid: Add quirk for Primax PIXART OEM mice (bsc#1119410). - hid: input: Ignore battery reported by Symbol DS4308 (bsc#1051510). - hid: multitouch: Add pointstick support for Cirque Touchpad (bsc#1051510). - hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - i2c: axxia: properly handle master timeout (bsc#1051510). - i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node (bsc#1051510). - ib/hfi1: Add mtu check for operational data VLs (bsc#1060463 ). - ibmvnic: Convert reset work item mutex to spin lock (). - ibmvnic: Fix non-atomic memory allocation in IRQ context (). - ib/rxe: support for 802.1q VLAN on the listener (bsc#1082387). - ieee802154: 6lowpan: set IFLA_LINK (bsc#1051510). - ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510). - ieee802154: at86rf230: use __func__ macro for debug messages (bsc#1051510). - ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510). - Include modules.fips in kernel-binary as well as kernel-binary-base (). - initramfs: fix initramfs rebuilds w/ compression after disabling (git-fixes). - Input: add official Raspberry Pi's touchscreen driver (). - Input: cros_ec_keyb - fix button/switch capability reports (bsc#1051510). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR (bsc#1051510). - Input: elan_i2c - add ELAN0620 to the ACPI table (bsc#1051510). - Input: elan_i2c - add support for ELAN0621 touchpad (bsc#1051510). - Input: hyper-v - fix wakeup from suspend-to-idle (bsc#1051510). - Input: matrix_keypad - check for errors from of_get_named_gpio() (bsc#1051510). - Input: nomadik-ske-keypad - fix a loop timeout test (bsc#1051510). - Input: omap-keypad - fix keyboard debounce configuration (bsc#1051510). - Input: synaptics - add PNP ID for ThinkPad P50 to SMBus (bsc#1051510). - Input: synaptics - enable SMBus for HP 15-ay000 (bsc#1051510). - Input: xpad - quirk all PDP Xbox One gamepads (bsc#1051510). - integrity/security: fix digsig.c build error with header file (bsc#1051510). - intel_th: msu: Fix an off-by-one in attribute store (bsc#1051510). - iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105). - iommu/vt-d: Handle domain agaw being less than iommu agaw (bsc#1106105). - iwlwifi: add new cards for 9560, 9462, 9461 and killer series (bsc#1051510). - iwlwifi: fix LED command capability bit (bsc#1119086). - iwlwifi: fix non_shared_ant for 22000 devices (bsc#1119086). - iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE (bsc#1119086). - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT to old firmwares (bsc#1119086). - iwlwifi: nvm: get num of hw addresses from firmware (bsc#1119086). - iwlwifi: pcie: do not reset TXQ write pointer (bsc#1051510). - jffs2: free jffs2_sb_info through jffs2_kill_sb() (bsc#1118767). - jump_label: Split out code under the hotplug lock (bsc#1106913). - kabi: hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - kabi protect hnae_ae_ops (bsc#1104353). - kbuild: allow to use GCC toolchain not in Clang search path (git-fixes). - kbuild: fix linker feature test macros when cross compiling with Clang (git-fixes). - kbuild: make missing $DEPMOD a Warning instead of an Error (git-fixes). - kbuild: rpm-pkg: keep spec file until make mrproper (git-fixes). - kbuild: suppress packed-not-aligned warning for default setting only (git-fixes). - kbuild: verify that $DEPMOD is installed (git-fixes). - kdb: use memmove instead of overlapping memcpy (bsc#1120954). - kernfs: Replace strncpy with memcpy (bsc#1120053). - keys: Fix the use of the C++ keyword 'private' in uapi/linux/keyctl.h (Git-fixes). - kobject: Replace strncpy with memcpy (git-fixes). - kprobes: Make list and blacklist root user read only (git-fixes). - kvm: PPC: Book3S PR: Enable use on POWER9 inside HPT-mode guests (bsc#1118484). - libata: whitelist all SAMSUNG MZ7KM* solid-state disks (bsc#1051510). - libertas_tf: prevent underflow in process_cmdrequest() (bsc#1119086). - libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1118962). - libnvdimm, pmem: Fix badblocks population for 'raw' namespaces (bsc#1118788). - lib/raid6: Fix arm64 test build (bsc#1051510). - lib/ubsan.c: do not mark __ubsan_handle_builtin_unreachable as noreturn (bsc#1051510). - Limit max FW API version for QCA9377 (bsc#1121714, bsc#1121715). - linux/bitmap.h: fix type of nbits in bitmap_shift_right() (bsc#1051510). - locking/barriers: Convert users of lockless_dereference() to READ_ONCE() (Git-fixes). - locking/static_keys: Improve uninitialized key warning (bsc#1106913). - mac80211: Clear beacon_int in ieee80211_do_stop (bsc#1051510). - mac80211: fix reordering of buffered broadcast packets (bsc#1051510). - mac80211_hwsim: fix module init error paths for netlink (bsc#1051510). - mac80211_hwsim: Timer should be initialized before device registered (bsc#1051510). - mac80211: ignore NullFunc frames in the duplicate detection (bsc#1051510). - mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext (bsc#1051510). - Mark HI and TASKLET softirq synchronous (git-fixes). - md: fix raid10 hang issue caused by barrier (git-fixes). - media: em28xx: Fix use-after-free when disconnecting (bsc#1051510). - media: em28xx: make v4l2-compliance happier by starting sequence on zero (bsc#1051510). - media: omap3isp: Unregister media device as first (bsc#1051510). - mmc: bcm2835: reset host on timeout (bsc#1051510). - mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support (bsc#1051510). - mmc: core: Reset HPI enabled state during re-init and in case of errors (bsc#1051510). - mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl (bsc#1051510). - mmc: dw_mmc-bluefield: Add driver extension (bsc#1118752). - mmc: dw_mmc-k3: add sd support for hi3660 (bsc#1118752). - MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 (bsc#1051510). - mmc: omap_hsmmc: fix DMA API warning (bsc#1051510). - mmc: sdhci: fix the timeout check window for clock and reset (bsc#1051510). - mm: do not miss the last page because of round-off error (bnc#1118798). - mm: do not warn about large allocations for slab (git fixes (slab)). - mm/huge_memory.c: reorder operations in __split_huge_page_tail() (VM Functionality bsc#1119962). - mm/huge_memory: fix lockdep complaint on 32-bit i_size_read() (VM Functionality, bsc#1121599). - mm/huge_memory: rename freeze_page() to unmap_page() (VM Functionality, bsc#1121599). - mm/huge_memory: splitting set mapping+index before unfreeze (VM Functionality, bsc#1121599). - mm: hugetlb: yield when prepping struct pages (git fixes (memory initialisation)). - mm/khugepaged: collapse_shmem() do not crash on Compound (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() remember to clear holes (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() stop if punched or truncated (VM Functionality, bsc#1121599). - mm/khugepaged: collapse_shmem() without freezing new_page (VM Functionality, bsc#1121599). - mm/khugepaged: fix crashes due to misaccounted holes (VM Functionality, bsc#1121599). - mm/khugepaged: minor reorderings in collapse_shmem() (VM Functionality, bsc#1121599). - mm: lower the printk loglevel for __dump_page messages (generic hotplug debugability). - mm, memory_hotplug: be more verbose for memory offline failures (generic hotplug debugability). - mm, memory_hotplug: drop pointless block alignment checks from __offline_pages (generic hotplug debugability). - mm, memory_hotplug: print reason for the offlining failure (generic hotplug debugability). - mm: migration: fix migration of huge PMD shared pages (bnc#1086423). - mm: only report isolation failures when offlining memory (generic hotplug debugability). - mm: print more information about mapping in __dump_page (generic hotplug debugability). - mm: put_and_wait_on_page_locked() while page is migrated (bnc#1109272). - mm: sections are not offlined during memory hotremove (bnc#1119968). - mm: shmem.c: Correctly annotate new inodes for lockdep (Git fixes: shmem). - mm/vmstat.c: fix NUMA statistics updates (git fixes). - Move dell_rbu fix to sorted section (bsc#1087978). - mtd: cfi: convert inline functions to macros (git-fixes). - mtd: Fix comparison in map_word_andequal() (git-fixes). - namei: allow restricted O_CREAT of FIFOs and regular files (bsc#1118766). - nbd: do not allow invalid blocksize settings (Git-fixes). - net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() (bsc#1051510). - net: dsa: mv88e6xxx: Fix binding documentation for MDIO busses (git-fixes). - net: dsa: qca8k: Add QCA8334 binding documentation (git-fixes). - net: ena: fix crash during ena_remove() (bsc#1111696 bsc#1117561). - net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1111696 bsc#1117561). - net: hns3: Add nic state check before calling netif_tx_wake_queue (bsc#1104353). - net: hns3: Add support for hns3_nic_netdev_ops.ndo_do_ioctl (bsc#1104353). - net: hns3: bugfix for buffer not free problem during resetting (bsc#1104353). - net: hns3: bugfix for handling mailbox while the command queue reinitialized (bsc#1104353). - net: hns3: bugfix for hclge_mdio_write and hclge_mdio_read (bsc#1104353). - net: hns3: bugfix for is_valid_csq_clean_head() (bsc#1104353 ). - net: hns3: bugfix for reporting unknown vector0 interrupt repeatly problem (bsc#1104353). - net: hns3: bugfix for rtnl_lock's range in the hclgevf_reset() (bsc#1104353). - net: hns3: bugfix for the initialization of command queue's spin lock (bsc#1104353). - net: hns3: Check hdev state when getting link status (bsc#1104353). - net: hns3: Clear client pointer when initialize client failed or unintialize finished (bsc#1104353). - net: hns3: Fix cmdq registers initialization issue for vf (bsc#1104353). - net: hns3: Fix error of checking used vlan id (bsc#1104353 ). - net: hns3: Fix ets validate issue (bsc#1104353). - net: hns3: Fix for netdev not up problem when setting mtu (bsc#1104353). - net: hns3: Fix for out-of-bounds access when setting pfc back pressure (bsc#1104353). - net: hns3: Fix for packet buffer setting bug (bsc#1104353 ). - net: hns3: Fix for rx vlan id handle to support Rev 0x21 hardware (bsc#1104353). - net: hns3: Fix for setting speed for phy failed problem (bsc#1104353). - net: hns3: Fix for vf vlan delete failed problem (bsc#1104353 ). - net: hns3: Fix loss of coal configuration while doing reset (bsc#1104353). - net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg() (bsc#1104353). - net: hns3: Fix ping exited problem when doing lp selftest (bsc#1104353). - net: hns3: Preserve vlan 0 in hardware table (bsc#1104353 ). - net: hns3: remove unnecessary queue reset in the hns3_uninit_all_ring() (bsc#1104353). - net: hns3: Set STATE_DOWN bit of hdev state when stopping net (bsc#1104353). - net/mlx4_core: Correctly set PFC param if global pause is turned off (bsc#1046299). - net: usb: r8152: constify usb_device_id (bsc#1119749). - net: usb: r8152: use irqsave() in USB's complete callback (bsc#1119749). - nospec: Allow index argument to have const-qualified type (git-fixes) - nospec: Kill array_index_nospec_mask_check() (git-fixes). - nvme-fc: resolve io failures during connect (bsc#1116803). - nvme-multipath: zero out ANA log buffer (bsc#1105168). - nvme: validate controller state before rescheduling keep alive (bsc#1103257). - objtool: Detect RIP-relative switch table references (bsc#1058115). - objtool: Detect RIP-relative switch table references, part 2 (bsc#1058115). - objtool: Fix another switch table detection issue (bsc#1058115). - objtool: Fix double-free in .cold detection error path (bsc#1058115). - objtool: Fix GCC 8 cold subfunction detection for aliased functions (bsc#1058115). - objtool: Fix 'noreturn' detection for recursive sibling calls (bsc#1058115). - objtool: Fix segfault in .cold detection with -ffunction-sections (bsc#1058115). - objtool: Support GCC 8's cold subfunctions (bsc#1058115). - objtool: Support GCC 8 switch tables (bsc#1058115). - panic: avoid deadlocks in re-entrant console drivers (bsc#1088386). - pci: Add ACS quirk for Ampere root ports (bsc#1120058). - pci: Add ACS quirk for APM X-Gene devices (bsc#1120058). - pci: Convert device-specific ACS quirks from NULL termination to ARRAY_SIZE (bsc#1120058). - pci: Delay after FLR of Intel DC P3700 NVMe (bsc#1120058). - pci: Disable Samsung SM961/PM961 NVMe before FLR (bsc#1120058). - pci: Export pcie_has_flr() (bsc#1120058). - pci: iproc: Activate PAXC bridge quirk for more devices (bsc#1120058). - pci: Mark Ceton InfiniTV4 INTx masking as broken (bsc#1120058). - pci: Mark fall-through switch cases before enabling -Wimplicit-fallthrough (bsc#1120058). - pci: Mark Intel XXV710 NIC INTx masking as broken (bsc#1120058). - perf tools: Fix tracing_path_mount proper path (git-fixes). - platform-msi: Free descriptors in platform_msi_domain_free() (bsc#1051510). - powerpc/64s: consolidate MCE counter increment (bsc#1094244). - powerpc/64s/radix: Fix process table entry cache invalidation (bsc#1055186, git-fixes). - powerpc/boot: Expose Kconfig symbols to wrapper (bsc#1065729). - powerpc/boot: Fix build failures with -j 1 (bsc#1065729). - powerpc/pkeys: Fix handling of pkey state across fork() (bsc#1078248, git-fixes). - powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle) (bsc#1055121). - powerpc/pseries: Track LMB nid instead of using device tree (bsc#1108270). - powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244). - power: supply: olpc_battery: correct the temperature units (bsc#1051510). - ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS (bsc#1106913). - qed: Add driver support for 20G link speed (bsc#1110558). - qed: Add support for virtual link (bsc#1111795). - qede: Add driver support for 20G link speed (bsc#1110558). - r8152: add byte_enable for ocp_read_word function (bsc#1119749). - r8152: add Linksys USB3GIGV1 id (bsc#1119749). - r8152: add r8153_phy_status function (bsc#1119749). - r8152: adjust lpm settings for RTL8153 (bsc#1119749). - r8152: adjust rtl8153_runtime_enable function (bsc#1119749). - r8152: adjust the settings about MAC clock speed down for RTL8153 (bsc#1119749). - r8152: adjust U2P3 for RTL8153 (bsc#1119749). - r8152: avoid rx queue more than 1000 packets (bsc#1119749). - r8152: check if disabling ALDPS is finished (bsc#1119749). - r8152: correct the definition (bsc#1119749). - r8152: disable RX aggregation on Dell TB16 dock (bsc#1119749). - r8152: disable RX aggregation on new Dell TB16 dock (bsc#1119749). - r8152: fix wrong checksum status for received IPv4 packets (bsc#1119749). - r8152: move calling delay_autosuspend function (bsc#1119749). - r8152: move the default coalesce setting for RTL8153 (bsc#1119749). - r8152: move the initialization to reset_resume function (bsc#1119749). - r8152: move the setting of rx aggregation (bsc#1119749). - r8152: replace napi_complete with napi_complete_done (bsc#1119749). - r8152: set rx mode early when linking on (bsc#1119749). - r8152: split rtl8152_resume function (bsc#1119749). - r8152: support new chip 8050 (bsc#1119749). - r8152: support RTL8153B (bsc#1119749). - rbd: whitelist RBD_FEATURE_OPERATIONS feature bit (Git-fixes). - rcu: Allow for page faults in NMI handlers (bsc#1120092). - rdma/bnxt_re: Add missing spin lock initialization (bsc#1050244 ). - rdma/bnxt_re: Avoid accessing the device structure after it is freed (bsc#1050244). - rdma/bnxt_re: Avoid NULL check after accessing the pointer (bsc#1086283). - rdma/bnxt_re: Fix system hang when registration with L2 driver fails (bsc#1086283). - rdma/hns: Bugfix pbl configuration for rereg mr (bsc#1104427 ). - rdma_rxe: make rxe work over 802.1q VLAN devices (bsc#1082387). - reset: remove remaining WARN_ON() in <linux/reset.h> (Git-fixes). - Revert commit ef9209b642f 'staging: rtl8723bs: Fix indenting errors and an off-by-one mistake in core/rtw_mlme_ext.c' (bsc#1051510). - Revert 'iommu/io-pgtable-arm: Check for v7s-incapable systems' (bsc#1106105). - Revert 'PCI/ASPM: Do not initialize link state when aspm_disabled is set' (bsc#1051510). - Revert 'scsi: lpfc: ls_rjt erroneus FLOGIs' (bsc#1119322). - ring-buffer: Allow for rescheduling when removing pages (bsc#1120238). - ring-buffer: Do no reuse reader page if still in use (bsc#1120096). - ring-buffer: Mask out the info bits when returning buffer page length (bsc#1120094). - rtc: hctosys: Add missing range error reporting (bsc#1051510). - rtc: m41t80: Correct alarm month range with RTC reads (bsc#1051510). - rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write (bsc#1051510). - rtc: snvs: Add timeouts to avoid kernel lockups (bsc#1051510). - rtl8xxxu: Fix missing break in switch (bsc#1051510). - s390/dasd: simplify locking in dasd_times_out (bsc#1104967,). - s390/kdump: Fix elfcorehdr size calculation (bsc#1117953, LTC#171112). - s390/kdump: Make elfcorehdr size calculation ABI compliant (bsc#1117953, LTC#171112). - s390/qeth: fix length check in SNMP processing (bsc#1117953, LTC#173657). - s390/qeth: remove outdated portname debug msg (bsc#1117953, LTC#172960). - s390/qeth: sanitize strings in debug messages (bsc#1117953, LTC#172960). - sbitmap: fix race in wait batch accounting (Git-fixes). - sched/core: Fix cpu.max vs. cpuhotplug deadlock (bsc#1106913). - sched/smt: Expose sched_smt_present static key (bsc#1106913). - sched/smt: Make sched_smt_present track topology (bsc#1106913). - sched, tracing: Fix trace_sched_pi_setprio() for deboosting (bsc#1120228). - scsi: lpfc: Cap NPIV vports to 256 (bsc#1118215). - scsi: lpfc: Correct code setting non existent bits in sli4 ABORT WQE (bsc#1118215). - scsi: lpfc: Correct topology type reporting on G7 adapters (bsc#1118215). - scsi: lpfc: Defer LS_ACC to FLOGI on point to point logins (bsc#1118215). - scsi: lpfc: Enable Management features for IF_TYPE=6 (bsc#1119322). - scsi: lpfc: Fix a duplicate 0711 log message number (bsc#1118215). - scsi: lpfc: fix block guard enablement on SLI3 adapters (bsc#1079935). - scsi: lpfc: Fix dif and first burst use in write commands (bsc#1118215). - scsi: lpfc: Fix discovery failures during port failovers with lots of vports (bsc#1118215). - scsi: lpfc: Fix driver release of fw-logging buffers (bsc#1118215). - scsi: lpfc: Fix kernel Oops due to null pring pointers (bsc#1118215). - scsi: lpfc: Fix panic when FW-log buffsize is not initialized (bsc#1118215). - scsi: lpfc: ls_rjt erroneus FLOGIs (bsc#1118215). - scsi: lpfc: refactor mailbox structure context fields (bsc#1118215). - scsi: lpfc: rport port swap discovery issue (bsc#1118215). - scsi: lpfc: update driver version to 12.0.0.9 (bsc#1118215). - scsi: lpfc: update manufacturer attribute to reflect Broadcom (bsc#1118215). - scsi: target: add emulate_pr backstore attr to toggle PR support (bsc#1091405). - scsi: target: drop unused pi_prot_format attribute storage (bsc#1091405). - scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bsc#1121483, LTC#174588). - shmem: introduce shmem_inode_acct_block (VM Functionality, bsc#1121599). - shmem: shmem_charge: verify max_block is not exceeded before inode update (VM Functionality, bsc#1121599). - skd: Avoid that module unloading triggers a use-after-free (Git-fixes). - skd: Submit requests to firmware before triggering the doorbell (Git-fixes). - soc: bcm2835: sync firmware properties with downstream () - spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode (bsc#1051510). - spi: bcm2835: Fix book-keeping of DMA termination (bsc#1051510). - spi: bcm2835: Fix race on DMA termination (bsc#1051510). - spi: bcm2835: Unbreak the build of esoteric configs (bsc#1051510). - splice: do not read more than available pipe space (bsc#1119212). - staging: bcm2835-camera: Abort probe if there is no camera (bsc#1051510). - staging: rtl8712: Fix possible buffer overrun (bsc#1051510). - staging: rtl8723bs: Add missing return for cfg80211_rtw_get_station (bsc#1051510). - staging: rts5208: fix gcc-8 logic error warning (bsc#1051510). - staging: wilc1000: fix missing read_write setting when reading data (bsc#1051510). - supported.conf: add raspberrypi-ts driver - supported.conf: whitelist bluefield eMMC driver - target/iscsi: avoid NULL dereference in CHAP auth error path (bsc#1117165). - target: se_dev_attrib.emulate_pr ABI stability (bsc#1091405). - team: no need to do team_notify_peers or team_mcast_rejoin when disabling port (bsc#1051510). - termios, tty/tty_baudrate.c: fix buffer overrun (bsc#1051510). - test_hexdump: use memcpy instead of strncpy (bsc#1051510). - tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset (bsc#1051510). - tools: hv: fcopy: set 'error' in case an unknown operation was requested (git-fixes). - Tools: hv: Fix a bug in the key delete code (git-fixes). - tools: hv: include string.h in hv_fcopy_daemon (git-fixes). - tools/lib/lockdep: Rename 'trywlock' into 'trywrlock' (bsc#1121973). - tools/power/cpupower: fix compilation with STATIC=true (git-fixes). - tools/power turbostat: fix possible sprintf buffer overflow (git-fixes). - tracing/blktrace: Fix to allow setting same value (Git-fixes). - tracing: Fix bad use of igrab in trace_uprobe.c (bsc#1120046). - tracing: Fix crash when freeing instances with event triggers (bsc#1120230). - tracing: Fix crash when it fails to alloc ring buffer (bsc#1120097). - tracing: Fix double free of event_trigger_data (bsc#1120234). - tracing: Fix missing return symbol in function_graph output (bsc#1120232). - tracing: Fix possible double free in event_enable_trigger_func() (bsc#1120235). - tracing: Fix possible double free on failure of allocating trace buffer (bsc#1120214). - tracing: Fix regex_match_front() to not over compare the test string (bsc#1120223). - tracing: Fix trace_pipe behavior for instance traces (bsc#1120088). - tracing: Remove RCU work arounds from stack tracer (bsc#1120092). - tracing/samples: Fix creation and deletion of simple_thread_fn creation (git-fixes). - tty: Do not hold ldisc lock in tty_reopen() if ldisc present (bsc#1051510). - tty: Do not return -EAGAIN in blocking read (bsc#1116040). - tty: do not set TTY_IO_ERROR flag if console port (bsc#1051510). - tty: serial: 8250_mtk: always resume the device in probe (bsc#1051510). - ubifs: Handle re-linking of inodes correctly while recovery (bsc#1120598). - ubifs-Handle-re-linking-of-inodes-correctly-while-re.patch: Fixup compilation failure due to different ubifs_assert() prototype. - udf: Allow mounting volumes with incorrect identification strings (bsc#1118774). - unifdef: use memcpy instead of strncpy (bsc#1051510). - usb: appledisplay: Add 27' Apple Cinema Display (bsc#1051510). - usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series (bsc#1051510). - usb: dwc2: host: use hrtimer for NAK retries (git-fixes). - usb: hso: Fix OOB memory access in hso_probe/hso_get_config_data (bsc#1051510). - usbip: vhci_hcd: check rhport before using in vhci_hub_control() (bsc#1090888). - usb: omap_udc: fix crashes on probe error and module removal (bsc#1051510). - usb: omap_udc: fix omap_udc_start() on 15xx machines (bsc#1051510). - usb: omap_udc: fix USB gadget functionality on Palm Tungsten E (bsc#1051510). - usb: omap_udc: use devm_request_irq() (bsc#1051510). - usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device (bsc#1051510). - usb: serial: option: add Fibocom NL668 series (bsc#1051510). - usb: serial: option: add GosunCn ZTE WeLink ME3630 (bsc#1051510). - usb: serial: option: add HP lt4132 (bsc#1051510). - usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) (bsc#1051510). - usb: serial: option: add Telit LN940 series (bsc#1051510). - usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() (bsc#1106110). - usb: usb-storage: Add new IDs to ums-realtek (bsc#1051510). - usb: xhci: fix uninitialized completion when USB3 port got wrong status (bsc#1051510). - usb: xhci: Prevent bus suspend if a port connect change or polling state is detected (bsc#1051510). - userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails (bsc#1118761). - userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (bsc#1118809). - v9fs_dir_readdir: fix double-free on p9stat_read error (bsc#1118771). - vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505). - watchdog/core: Add missing prototypes for weak functions (git-fixes). - wireless: airo: potential buffer overflow in sprintf() (bsc#1051510). - wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()' (bsc#1051510). - x86/bugs: Add AMD's SPEC_CTRL MSR usage (bsc#1106913). - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bsc#1106913). - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features (bsc#1106913). - x86/decoder: Fix and update the opcodes map (bsc#1058115). - x86/kabi: Fix cpu_tlbstate issue (bsc#1106913). - x86/l1tf: Show actual SMT state (bsc#1106913). - x86/mm: Fix decoy address handling vs 32-bit builds (bsc#1120606). - x86/pci: Add additional VMD device root ports to VMD AER quirk (bsc#1120058). - x86/pci: Add 'pci=big_root_window' option for AMD 64-bit windows (bsc#1120058). - x86/pci: Apply VMD's AERSID fixup generically (bsc#1120058). - x86/pci: Avoid AMD SB7xx EHCI USB wakeup defect (bsc#1120058). - x86/pci: Enable a 64bit BAR on AMD Family 15h (Models 00-1f, 30-3f, 60-7f) (bsc#1120058). - x86/pci: Enable AMD 64-bit window on resume (bsc#1120058). - x86/pci: Fix infinite loop in search for 64bit BAR placement (bsc#1120058). - x86/pci: Move and shrink AMD 64-bit window to avoid conflict (bsc#1120058). - x86/pci: Move VMD quirk to x86 fixups (bsc#1120058). - x86/pci: Only enable a 64bit BAR on single-socket AMD Family 15h (bsc#1120058). - x86/pci: Use is_vmd() rather than relying on the domain number (bsc#1120058). - x86/process: Consolidate and simplify switch_to_xtra() code (bsc#1106913). - x86/pti: Document fix wrong index (git-fixes). - x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support (bsc#1106913). - x86/retpoline: Remove minimal retpoline support (bsc#1106913). - x86/speculataion: Mark command line parser data __initdata (bsc#1106913). - x86/speculation: Add command line control for indirect branch speculation (bsc#1106913). - x86/speculation: Add prctl() control for indirect branch speculation (bsc#1106913). - x86/speculation: Add seccomp Spectre v2 user space protection mode (bsc#1106913). - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak (bsc#1106913). - x86/speculation: Avoid __switch_to_xtra() calls (bsc#1106913). - x86/speculation: Clean up spectre_v2_parse_cmdline() (bsc#1106913). - x86/speculation: Disable STIBP when enhanced IBRS is in use (bsc#1106913). - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1106913). - x86/speculation: Enable prctl mode for spectre_v2_user (bsc#1106913). - x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off (bnc#1114871). - x86/speculation: Mark string arrays const correctly (bsc#1106913). - x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (bsc#1106913). - x86/speculation: Prepare arch_smt_update() for PRCTL mode (bsc#1106913). - x86/speculation: Prepare for conditional IBPB in switch_mm() (bsc#1106913). - x86/speculation: Prepare for per task indirect branch speculation control (bsc#1106913). - x86/speculation: Prevent stale SPEC_CTRL msr content (bsc#1106913). - x86/speculation: Propagate information about RSB filling mitigation to sysfs (bsc#1106913). - x86/speculation: Provide IBPB always command line options (bsc#1106913). - x86/speculation: Remove unnecessary ret variable in cpu_show_common() (bsc#1106913). - x86/speculation: Rename SSBD update functions (bsc#1106913). - x86/speculation: Reorder the spec_v2 code (bsc#1106913). - x86/speculation: Reorganize speculation control MSRs update (bsc#1106913). - x86/speculation: Rework SMT state change (bsc#1106913). - x86/speculation: Split out TIF update (bsc#1106913). - x86/speculation: Unify conditional spectre v2 print functions (bsc#1106913). - x86/speculation: Update the TIF_SSBD comment (bsc#1106913). - xen/netfront: tolerate frags with no data (bnc#1119804). - xfs: Align compat attrlist_by_handle with native implementation (git-fixes). - xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621). - xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat (git-fixes). - xfs: xfs_buf: drop useless LIST_HEAD (git-fixes). - xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc (bsc#1117162). - xhci: Do not prevent USB2 bus suspend in state check intended for USB3 only (bsc#1051510). - xhci: Prevent U1/U2 link pm states if exit latency is too long (bsc#1051510). Important SUSE bug 1024718 SUSE bug 1046299 SUSE bug 1050242 SUSE bug 1050244 SUSE bug 1051510 SUSE bug 1055121 SUSE bug 1055186 SUSE bug 1058115 SUSE bug 1060463 SUSE bug 1065729 SUSE bug 1078248 SUSE bug 1079935 SUSE bug 1082387 SUSE bug 1083647 SUSE bug 1086282 SUSE bug 1086283 SUSE bug 1086423 SUSE bug 1087084 SUSE bug 1087978 SUSE bug 1088386 SUSE bug 1090888 SUSE bug 1091405 SUSE bug 1094244 SUSE bug 1097593 SUSE bug 1102875 SUSE bug 1102877 SUSE bug 1102879 SUSE bug 1102882 SUSE bug 1102896 SUSE bug 1103257 SUSE bug 1104353 SUSE bug 1104427 SUSE bug 1104967 SUSE bug 1105168 SUSE bug 1106105 SUSE bug 1106110 SUSE bug 1106615 SUSE bug 1106913 SUSE bug 1108270 SUSE bug 1109272 SUSE bug 1110558 SUSE bug 1111188 SUSE bug 1111469 SUSE bug 1111696 SUSE bug 1111795 SUSE bug 1112128 SUSE bug 1113722 SUSE bug 1114648 SUSE bug 1114871 SUSE bug 1116040 SUSE bug 1116336 SUSE bug 1116803 SUSE bug 1116841 SUSE bug 1117115 SUSE bug 1117162 SUSE bug 1117165 SUSE bug 1117186 SUSE bug 1117561 SUSE bug 1117656 SUSE bug 1117953 SUSE bug 1118215 SUSE bug 1118319 SUSE bug 1118428 SUSE bug 1118484 SUSE bug 1118505 SUSE bug 1118752 SUSE bug 1118760 SUSE bug 1118761 SUSE bug 1118762 SUSE bug 1118766 SUSE bug 1118767 SUSE bug 1118768 SUSE bug 1118769 SUSE bug 1118771 SUSE bug 1118772 SUSE bug 1118773 SUSE bug 1118774 SUSE bug 1118775 SUSE bug 1118787 SUSE bug 1118788 SUSE bug 1118798 SUSE bug 1118809 SUSE bug 1118962 SUSE bug 1119017 SUSE bug 1119086 SUSE bug 1119212 SUSE bug 1119322 SUSE bug 1119410 SUSE bug 1119714 SUSE bug 1119749 SUSE bug 1119804 SUSE bug 1119946 SUSE bug 1119962 SUSE bug 1119968 SUSE bug 1120036 SUSE bug 1120046 SUSE bug 1120053 SUSE bug 1120054 SUSE bug 1120055 SUSE bug 1120058 SUSE bug 1120088 SUSE bug 1120092 SUSE bug 1120094 SUSE bug 1120096 SUSE bug 1120097 SUSE bug 1120173 SUSE bug 1120214 SUSE bug 1120223 SUSE bug 1120228 SUSE bug 1120230 SUSE bug 1120232 SUSE bug 1120234 SUSE bug 1120235 SUSE bug 1120238 SUSE bug 1120594 SUSE bug 1120598 SUSE bug 1120600 SUSE bug 1120601 SUSE bug 1120602 SUSE bug 1120603 SUSE bug 1120604 SUSE bug 1120606 SUSE bug 1120612 SUSE bug 1120613 SUSE bug 1120614 SUSE bug 1120615 SUSE bug 1120616 SUSE bug 1120617 SUSE bug 1120618 SUSE bug 1120620 SUSE bug 1120621 SUSE bug 1120632 SUSE bug 1120633 SUSE bug 1120743 SUSE bug 1120954 SUSE bug 1121017 SUSE bug 1121058 SUSE bug 1121263 SUSE bug 1121273 SUSE bug 1121477 SUSE bug 1121483 SUSE bug 1121599 SUSE bug 1121621 SUSE bug 1121714 SUSE bug 1121715 SUSE bug 1121973 CVE-2018-12232 CVE-2018-14625 CVE-2018-16862 CVE-2018-16884 CVE-2018-18397 CVE-2018-19407 CVE-2018-19854 CVE-2018-19985 CVE-2018-20169 CVE-2018-9568 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for openexr fixes the following issues: Security issue fixed: - CVE-2017-9111: Fixed an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h (bsc#1040109). - CVE-2017-9113: Fixed an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp (bsc#1040113). - CVE-2017-9115: Fixed an invalid write of size 2 in the = operator function inhalf.h (bsc#1040115). - CVE-2018-18444: Fixed Out-of-bounds write in makeMultiView.cpp (bsc#1113455). - CVE-2017-9112: Fixed invalid read of size 1 in the getBits function in ImfHuf.cpp (bsc#1040112). Moderate SUSE bug 1040109 SUSE bug 1040112 SUSE bug 1040113 SUSE bug 1040115 SUSE bug 1113455 CVE-2017-9111 CVE-2017-9112 CVE-2017-9113 CVE-2017-9115 CVE-2018-18444 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for libraw fixes the following issues: Security issues fixed: - CVE-2018-5808: Fixed a stack-based buffer overflow and code execution vulnerability in find_green() function internal/dcraw_common.cpp (bsc#1118894). - CVE-2018-5805: Fixed a boundary error within the quicktake_100_load_raw function (bsc#1097973) - CVE-2018-5806: Fixed a a NULL pointer dereference in the leaf_hdr_load_raw function (bsc#1097974) Moderate SUSE bug 1097973 SUSE bug 1097974 SUSE bug 1118894 CVE-2018-5805 CVE-2018-5806 CVE-2018-5808 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for ImageMagick fixes the following issues: - CVE-2019-13301: Fixed a memory leak in AcquireMagickMemory() (bsc#1140554). - CVE-2019-13310: Fixed a memory leak at AcquireMagickMemory because of an error in MagickWand/mogrify.c (bsc#1140501). - CVE-2019-13311: Fixed a memory leak at AcquireMagickMemory because of a wand/mogrify.c error (bsc#1140513). - CVE-2019-13454: Fixed a division by zero in RemoveDuplicateLayers in MagickCore/layer.c (bsc#1141171). - CVE-2019-13295: Fixed a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage (bsc#1140664). - CVE-2019-13297: Fixed a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage (bsc#1140666). - CVE-2019-12979: Fixed the use of uninitialized values in SyncImageSettings() (bsc#1139886). - CVE-2019-13391: Fixed a heap-based buffer over-read in MagickCore/fourier.c (bsc#1140673). - CVE-2019-13308: Fixed a heap-based buffer overflow in MagickCore/fourier.c (bsc#1140534). - CVE-2019-13300: Fixed a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages (bsc#1140669). - CVE-2019-13307: Fixed a heap-based buffer overflow at MagickCore/statistic.c (bsc#1140538). - CVE-2019-12975: Fixed a memory leak in the WriteDPXImage() in coders/dpx.c (bsc#1140106). - CVE-2019-13135: Fixed the use of uninitialized values in ReadCUTImage() (bsc#1140103). - CVE-2019-12978: Fixed the use of uninitialized values in ReadPANGOImage() (bsc#1139885). - CVE-2019-12974: Fixed a NULL pointer dereference in the ReadPANGOImage() (bsc#1140111). - CVE-2019-13133: Fixed a memory leak in the ReadBMPImage() (bsc#1140100). - CVE-2019-13134: Fixed a memory leak in the ReadVIFFImage() (bsc#1140102). - CVE-2019-12976: Fixed a memory leak in the ReadPCLImage() in coders/pcl.c(bsc#1140110). Moderate SUSE bug 1139885 SUSE bug 1139886 SUSE bug 1140100 SUSE bug 1140102 SUSE bug 1140103 SUSE bug 1140106 SUSE bug 1140110 SUSE bug 1140111 SUSE bug 1140501 SUSE bug 1140513 SUSE bug 1140534 SUSE bug 1140538 SUSE bug 1140554 SUSE bug 1140664 SUSE bug 1140666 SUSE bug 1140669 SUSE bug 1140673 SUSE bug 1141171 CVE-2019-12974 CVE-2019-12975 CVE-2019-12976 CVE-2019-12978 CVE-2019-12979 CVE-2019-13133 CVE-2019-13134 CVE-2019-13135 CVE-2019-13295 CVE-2019-13297 CVE-2019-13300 CVE-2019-13301 CVE-2019-13307 CVE-2019-13308 CVE-2019-13310 CVE-2019-13311 CVE-2019-13391 CVE-2019-13454 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for openexr fixes the following issues: - CVE-2017-14988: Fixed a denial of service in Header::readfrom() (bsc#1061305). Moderate SUSE bug 1061305 CVE-2017-14988 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for polkit fixes the following issues: Security issue fixed: - CVE-2019-6133: Fixed improper caching of auth decisions, which could bypass uid checking in the interactive backend (bsc#1121826). Important SUSE bug 1121826 CVE-2019-6133 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 The SUSE Linux Enterprise 12 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-20855: An issue was discovered in the Linux kernel In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace(bsc#1143045). - CVE-2019-1125: Exclude ATOMs from speculation through SWAPGS (bsc#1139358). - CVE-2019-14283: In the Linux kernel, set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It could be triggered by an unprivileged local user when a floppy disk was inserted. NOTE: QEMU creates the floppy device by default. (bnc#1143191) - CVE-2019-11810: An issue was discovered in the Linux kernel A NULL pointer dereference could occur when megasas_create_frame_pool() failed in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This caused a Denial of Service, related to a use-after-free (bnc#1134399). - CVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory was disabled, a local user could cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sent a crafted signal frame. (bnc#1142254) - CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel, a malicious USB device could send an HID report that triggered an out-of-bounds write during generation of debugging messages. (bnc#1142023) The following non-security bugs were fixed: - Correct the CVE and bug reference for a floppy security fix (CVE-2019-14284,bsc#1143189) A dedicated CVE was already assigned - acpi/nfit: Always dump _DSM output payload (bsc#1142351). - Add back sibling paca poiter to paca (bsc#1055117). - Add support for crct10dif-vpmsum (). - af_unix: remove redundant lockdep class (git-fixes). - alsa: compress: Be more restrictive about when a drain is allowed (bsc#1051510). - alsa: compress: Do not allow paritial drain operations on capture streams (bsc#1051510). - alsa: compress: Fix regression on compressed capture streams (bsc#1051510). - alsa: compress: Prevent bypasses of set_params (bsc#1051510). - alsa: hda - Add a conexant codec entry to let mute led work (bsc#1051510). - alsa: hda/realtek: apply ALC891 headset fixup to one Dell machine (bsc#1051510). - alsa: hda/realtek - Fixed Headphone Mic can't record on Dell platform (bsc#1051510). - alsa: hda/realtek - Headphone Mic can't record after S3 (bsc#1051510). - alsa: line6: Fix a typo (bsc#1051510). - alsa: line6: Fix wrong altsetting for LINE6_PODHD500_1 (bsc#1051510). - alsa: seq: Break too long mutex context in the write loop (bsc#1051510). - alsa: usb-audio: Add quirk for Focusrite Scarlett Solo (bsc#1051510). - alsa: usb-audio: Add quirk for MOTU MicroBook II (bsc#1051510). - alsa: usb-audio: Cleanup DSD whitelist (bsc#1051510). - alsa: usb-audio: Enable .product_name override for Emagic, Unitor 8 (bsc#1051510). - alsa: usb-audio: Sanity checks for each pipe and EP types (bsc#1051510). - asoc : cs4265 : readable register too low (bsc#1051510). - asoc: max98090: remove 24-bit format support if RJ is 0 (bsc#1051510). - asoc: soc-pcm: BE dai needs prepare when pause release after resume (bsc#1051510). - ath6kl: add some bounds checking (bsc#1051510). - batman-adv: fix for leaked TVLV handler (bsc#1051510). - bcache: acquire bch_register_lock later in cached_dev_detach_finish() (bsc#1140652). - bcache: acquire bch_register_lock later in cached_dev_free() (bsc#1140652). - bcache: add code comments for journal_read_bucket() (bsc#1140652). - bcache: Add comments for blkdev_put() in registration code path (bsc#1140652). - bcache: add comments for closure_fn to be called in closure_queue() (bsc#1140652). - bcache: add comments for kobj release callback routine (bsc#1140652). - bcache: add comments for mutex_lock(&b->write_lock) (bsc#1140652). - bcache: add error check for calling register_bdev() (bsc#1140652). - bcache: add failure check to run_cache_set() for journal replay (bsc#1140652). - bcache: add io error counting in write_bdev_super_endio() (bsc#1140652). - bcache: add more error message in bch_cached_dev_attach() (bsc#1140652). - bcache: add pendings_cleanup to stop pending bcache device (bsc#1140652). - bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652). - bcache: add return value check to bch_cached_dev_run() (bsc#1140652). - bcache: avoid a deadlock in bcache_reboot() (bsc#1140652). - bcache: avoid clang -Wunintialized warning (bsc#1140652). - bcache: avoid flushing btree node in cache_set_flush() if io disabled (bsc#1140652). - bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE bit in bch_journal() (bsc#1140652). - bcache: check CACHE_SET_IO_DISABLE in allocator code (bsc#1140652). - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush() (bsc#1140652). - bcache: Clean up bch_get_congested() (bsc#1140652). - bcache: destroy dc->writeback_write_wq if failed to create dc->writeback_thread (bsc#1140652). - bcache: do not assign in if condition in bcache_device_init() (bsc#1140652). - bcache: do not set max writeback rate if gc is running (bsc#1140652). - bcache: fix a race between cache register and cacheset unregister (bsc#1140652). - bcache: fix crashes stopping bcache device before read miss done (bsc#1140652). - bcache: fix failure in journal relplay (bsc#1140652). - bcache: fix inaccurate result of unused buckets (bsc#1140652). - bcache: fix mistaken sysfs entry for io_error counter (bsc#1140652). - bcache: fix potential deadlock in cached_def_free() (bsc#1140652). - bcache: fix race in btree_flush_write() (bsc#1140652). - bcache: fix return value error in bch_journal_read() (bsc#1140652). - bcache: fix stack corruption by PRECEDING_KEY() (bsc#1140652). - bcache: fix wrong usage use-after-freed on keylist in out_nocoalesce branch of btree_gc_coalesce (bsc#1140652). - bcache: ignore read-ahead request failure on backing device (bsc#1140652). - bcache: improve bcache_reboot() (bsc#1140652). - bcache: improve error message in bch_cached_dev_run() (bsc#1140652). - bcache: make bset_search_tree() be more understandable (bsc#1140652). - bcache: make is_discard_enabled() static (bsc#1140652). - bcache: more detailed error message to bcache_device_link() (bsc#1140652). - bcache: move definition of 'int ret' out of macro read_bucket() (bsc#1140652). - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() (bsc#1140652). - bcache: only clear BTREE_NODE_dirty bit when it is set (bsc#1140652). - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1140652). - bcache: performance improvement for btree_flush_write() (bsc#1140652). - bcache: remove redundant LIST_HEAD(journal) from run_cache_set() (bsc#1140652). - bcache: remove retry_flush_write from struct cache_set (bsc#1140652). - bcache: remove unncessary code in bch_btree_keys_init() (bsc#1140652). - bcache: remove unnecessary prefetch() in bset_search_tree() (bsc#1140652). - bcache: remove 'XXX:' comment line from run_cache_set() (bsc#1140652). - bcache: return error immediately in bch_journal_replay() (bsc#1140652). - bcache: Revert 'bcache: fix high CPU occupancy during journal' (bsc#1140652). - bcache: Revert 'bcache: free heap cache_set->flush_btree in bch_journal_free' (bsc#1140652). - bcache: set largest seq to ja->seq[bucket_index] in journal_read_bucket() (bsc#1140652). - bcache: shrink btree node cache after bch_btree_check() (bsc#1140652). - bcache: stop writeback kthread and kworker when bch_cached_dev_run() failed (bsc#1140652). - bcache: use sysfs_match_string() instead of __sysfs_match_string() (bsc#1140652). - be2net: Fix number of Rx queues used for flow hashing (networking-stable-19_06_18). - be2net: Signal that the device cannot transmit during reconfiguration (bsc#1127315). - be2net: Synchronize be_update_queues with dev_watchdog (bsc#1127315). - block, bfq: NULL out the bic when it's no longer valid (bsc#1142359). - bnx2x: Prevent load reordering in tx completion processing (bsc#1142868). - bnxt_en: Fix aggregation buffer leak under OOM condition (networking-stable-19_05_31). - bonding: fix arp_validate toggling in active-backup mode (networking-stable-19_05_14). - bonding: Force slave speed check after link state recovery for 802.3ad (bsc#1137584). - bpf, x64: fix stack layout of JITed bpf code (bsc#1083647). - bpf, x64: save 5 bytes in prologue when ebpf insns came from cbpf (bsc#1083647). - bridge: Fix error path for kobject_init_and_add() (networking-stable-19_05_14). - btrfs: fix race between block group removal and block group allocation (bsc#1143003). - cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() (bsc#1141478). - clk: qcom: Fix -Wunused-const-variable (bsc#1051510). - clk: rockchip: Do not yell about bad mmc phases when getting (bsc#1051510). - clk: tegra210: fix PLLU and PLLU_OUT1 (bsc#1051510). - cpufreq: acpi-cpufreq: Report if CPU does not support boost technologies (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix initial command check (bsc#1051510). - cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency (bsc#1051510). - cpufreq: check if policy is inactive early in __cpufreq_get() (bsc#1051510). - cpufreq: kirkwood: fix possible object reference leak (bsc#1051510). - cpufreq/pasemi: fix possible object reference leak (bsc#1051510). - cpufreq: pmac32: fix possible object reference leak (bsc#1051510). - cpufreq: ppc_cbe: fix possible object reference leak (bsc#1051510). - cpufreq: Use struct kobj_attribute instead of struct global_attr (bsc#1051510). - crypto: arm64/sha1-ce - correct digest for empty data in finup (bsc#1051510). - crypto: arm64/sha2-ce - correct digest for empty data in finup (bsc#1051510). - crypto: ccp - Fix 3DES complaint from ccp-crypto module (bsc#1051510). - crypto: ccp - fix AES CFB error exposed by new test vectors (bsc#1051510). - crypto: ccp - Fix SEV_VERSION_GREATER_OR_EQUAL (bsc#1051510). - crypto: ccp/gcm - use const time tag comparison (bsc#1051510). - crypto: ccp - memset structure fields to zero before reuse (bsc#1051510). - crypto: ccp - Validate the the error value used to index error messages (bsc#1051510). - crypto: chacha20poly1305 - fix atomic sleep when using async algorithm (bsc#1051510). - crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe (bsc#1051510). - crypto: ghash - fix unaligned memory access in ghash_setkey() (bsc#1051510). - crypto: talitos - Align SEC1 accesses to 32 bits boundaries (bsc#1051510). - crypto: talitos - check data blocksize in ablkcipher (bsc#1051510). - crypto: talitos - fix CTR alg blocksize (bsc#1051510). - crypto: talitos - fix max key size for sha384 and sha512 (bsc#1051510). - crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking (bsc#1051510). - crypto: talitos - properly handle split ICV (bsc#1051510). - crypto: talitos - reduce max key size for SEC1 (bsc#1051510). - crypto: talitos - rename alternative AEAD algos (bsc#1051510). - dasd_fba: Display '00000000' for zero page when dumping sense (bsc#1123080). - dmaengine: hsu: Revert 'set HSU_CH_MTSR to memory width' (bsc#1051510). - dpaa_eth: fix SG frame cleanup (networking-stable-19_05_14). - drm/meson: Add support for XBGR8888 & ABGR8888 formats (bsc#1051510). - drm/msm/a3xx: remove TPL1 regs from snapshot (bsc#1051510). - drm/nouveau/i2c: Enable i2c pads & busses during preinit (bsc#1051510). - drm/rockchip: Properly adjust to a true clock in adjusted_mode (bsc#1051510). - e1000e: start network tx queue only when link is up (bsc#1051510). - ethtool: check the return value of get_regs_len (git-fixes). - ethtool: fix potential userspace buffer overflow (networking-stable-19_06_09). - Fix kABI for asus-wmi quirk_entry field addition (bsc#1051510). - Fix memory leak in sctp_process_init (networking-stable-19_06_09). - fork, memcg: fix cached_stacks case (bsc#1134097). - fork, memcg: fix crash in free_thread_stack on memcg charge fail (bsc#1134097). - hid: wacom: correct touch resolution x/y typo (bsc#1051510). - hid: wacom: generic: Correct pad syncing (bsc#1051510). - hid: wacom: generic: only switch the mode on devices with LEDs (bsc#1051510). - hid: wacom: generic: read HID_DG_CONTACTMAX from any feature report (bsc#1051510). - input: elantech - enable middle button support on 2 ThinkPads (bsc#1051510). - input: imx_keypad - make sure keyboard can always wake up system (bsc#1051510). - input: psmouse - fix build error of multiple definition (bsc#1051510). - input: synaptics - enable SMBUS on T480 thinkpad trackpad (bsc#1051510). - input: tm2-touchkey - acknowledge that setting brightness is a blocking call (bsc#1129770). - intel_th: msu: Fix single mode with disabled IOMMU (bsc#1051510). - ipv4: Fix raw socket lookup for local traffic (networking-stable-19_05_14). - ipv4/igmp: fix another memory leak in igmpv3_del_delrec() (networking-stable-19_05_31). - ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST (networking-stable-19_05_31). - ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop (git-fixes). - ipv6: Consider sk_bound_dev_if when binding a raw socket to an address (networking-stable-19_05_31). - ipv6: fix EFAULT on sendto with icmpv6 and hdrincl (networking-stable-19_06_09). - ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero (networking-stable-19_06_18). - ipv6: use READ_ONCE() for inet->hdrincl as in ipv4 (networking-stable-19_06_09). - kbuild: use -flive-patching when CONFIG_LIVEPATCH is enabled (bsc#1071995). - kernel: jump label transformation performance (bsc#1137534 bsc#1137535 LTC#178058 LTC#178059). - kvm: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots (bsc#1133021). - kvm: arm/arm64: vgic-its: Take the srcu lock when writing to guest memory (bsc#1133021). - kvm: fix Guest installation fails by 'Invalid value '0-31' for 'cpuset.cpus': Invalid argument' (bsc#1143507) - kvm: mmu: Fix overflow on kvm mmu page limit calculation (bsc#1135335). - kvm/mmu: kABI fix for *_mmu_pages changes in struct kvm_arch (bsc#1135335). - kvm: polling: add architecture backend to disable polling (bsc#1119222). - kvm: s390: change default halt poll time to 50us (bsc#1119222). - kvm: s390: enable CONFIG_HAVE_KVM_NO_POLL (bsc#1119222) We need to enable CONFIG_HAVE_KVM_NO_POLL for bsc#1119222 - kvm: s390: fix typo in parameter description (bsc#1119222). - kvm: s390: kABI Workaround for 'kvm_vcpu_stat' Add halt_no_poll_steal to kvm_vcpu_stat. Hide it from the kABI checker. - kvm: s390: kABI Workaround for 'lowcore' (bsc#1119222). - kvm: s390: provide kvm_arch_no_poll function (bsc#1119222). - kvm: svm/avic: Do not send AVIC doorbell to self (bsc#1140133). - kvm: SVM: Fix detection of AMD Errata 1096 (bsc#1142354). - lapb: fixed leak of control-blocks (networking-stable-19_06_18). - lib: fix stall in __bitmap_parselist() (bsc#1051510). - libnvdimm/namespace: Fix label tracking error (bsc#1142350). - lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE (bsc#1051510). - livepatch: Remove duplicate warning about missing reliable stacktrace support (bsc#1071995). - livepatch: Use static buffer for debugging messages under rq lock (bsc#1071995). - llc: fix skb leak in llc_build_and_send_ui_pkt() (networking-stable-19_05_31). - media: cpia2_usb: first wake up, then free in disconnect (bsc#1135642). - media: marvell-ccic: fix DMA s/g desc number calculation (bsc#1051510). - media: s5p-mfc: Make additional clocks optional (bsc#1051510). - media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom() (bsc#1051510). - media: vivid: fix incorrect assignment operation when setting video mode (bsc#1051510). - mei: bus: need to unlink client before freeing (bsc#1051510). - mei: me: add denverton innovation engine device IDs (bsc#1051510). - mei: me: add gemini lake devices id (bsc#1051510). - memory: tegra: Fix integer overflow on tick value calculation (bsc#1051510). - memstick: Fix error cleanup path of memstick_init (bsc#1051510). - mfd: intel-lpss: Release IDA resources (bsc#1051510). - mmc: sdhci-pci: Try 'cd' for card-detect lookup before using NULL (bsc#1051510). - mm: migrate: Fix reference check race between __find_get_block() and migration (bnc#1137609). - mm/nvdimm: add is_ioremap_addr and use that to check ioremap address (bsc#1140322 LTC#176270). - mm, page_alloc: fix has_unmovable_pages for HugePages (bsc#1127034). - mm: replace all open encodings for NUMA_NO_NODE (bsc#1140322 LTC#176270). - neigh: fix use-after-free read in pneigh_get_next (networking-stable-19_06_18). - net/af_iucv: remove GFP_DMA restriction for HiperTransport (bsc#1142112 bsc#1142221 LTC#179334 LTC#179332). - net: avoid weird emergency message (networking-stable-19_05_21). - net: fec: fix the clk mismatch in failed_reset path (networking-stable-19_05_31). - netfilter: conntrack: fix calculation of next bucket number in early_drop (git-fixes). - net-gro: fix use-after-free read in napi_gro_frags() (networking-stable-19_05_31). - net/mlx4_core: Change the error print to info print (networking-stable-19_05_21). - net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query (networking-stable-19_06_09). - net/mlx5: Allocate root ns memory using kzalloc to match kfree (networking-stable-19_05_31). - net/mlx5: Avoid double free in fs init error unwinding path (networking-stable-19_05_31). - net: mvneta: Fix err code path of probe (networking-stable-19_05_31). - net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value (networking-stable-19_05_31). - net: openvswitch: do not free vport if register_netdevice() is failed (networking-stable-19_06_18). - net/packet: fix memory leak in packet_set_ring() (git-fixes). - net: rds: fix memory leak in rds_ib_flush_mr_pool (networking-stable-19_06_09). - net: seeq: fix crash caused by not set dev.parent (networking-stable-19_05_14). - net: stmmac: fix reset gpio free missing (networking-stable-19_05_31). - net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions (networking-stable-19_05_21). - nvme: fix memory leak caused by incorrect subsystem free (bsc#1143185). - ocfs2: add first lock wait time in locking_state (bsc#1134390). - ocfs2: add last unlock times in locking_state (bsc#1134390). - ocfs2: add locking filter debugfs file (bsc#1134390). - packet: Fix error path in packet_init (networking-stable-19_05_14). - packet: in recvmsg msg_name return at least sizeof sockaddr_ll (git-fixes). - pci: Always allow probing with driver_override (bsc#1051510). - pci: hv: Add hv_pci_remove_slots() when we unload the driver (bsc#1142701). - pci: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary (bsc#1142701). - pci: hv: Fix a memory leak in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix a use-after-free bug in hv_eject_device_work() (bsc#1142701). - pci: hv: Fix return value check in hv_pci_assign_slots() (bsc#1142701). - pci: hv: Remove unused reason for refcount handler (bsc#1142701). - pci: hv: support reporting serial number as slot information (bsc#1142701). - pci: Return error if cannot probe VF (bsc#1051510). - pkey: Indicate old mkvp only if old and current mkvp are different (bsc#1137827 LTC#178090). - pktgen: do not sleep with the thread lock held (git-fixes). - platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ (bsc#1051510). - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510). - platform/x86: intel_turbo_max_3: Remove restriction for HWP platforms (jsc#SLE-5439). - platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to critclk_systems DMI table (bsc#1051510). - powerpc/64s: Remove POWER9 DD1 support (bsc#1055117, LTC#159753, git-fixes). - powerpc/crypto: Use cheaper random numbers for crc-vpmsum self-test (). - powerpc/mm: Change function prototype (bsc#1055117). - powerpc/mm: Consolidate numa_enable check and min_common_depth check (bsc#1140322 LTC#176270). - powerpc/mm/drconf: Use NUMA_NO_NODE on failures instead of node 0 (bsc#1140322 LTC#176270). - powerpc/mm: Fix node look up with numa=off boot (bsc#1140322 LTC#176270). - powerpc/mm/hugetlb: Update huge_ptep_set_access_flags to call __ptep_set_access_flags directly (bsc#1055117). - powerpc/mm/radix: Change pte relax sequence to handle nest MMU hang (bsc#1055117). - powerpc/mm/radix: Move function from radix.h to pgtable-radix.c (bsc#1055117). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945 bsc#1141401 bsc#1141402 bsc#1141452 bsc#1141453 bsc#1141454 LTC#178983 LTC#179191 LTC#179192 LTC#179193 LTC#179194 LTC#179195). - ppp: deflate: Fix possible crash in deflate_init (networking-stable-19_05_21). - rds: ib: fix 'passing zero to ERR_PTR()' warning (git-fixes). - Revert 'bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error()' (bsc#1140652). - Revert 'e1000e: fix cyclic resets at link up with active tx' (bsc#1051510). - Revert 'livepatch: Remove reliable stacktrace check in klp_try_switch_task()' (bsc#1071995). - Revert 'serial: 8250: Do not service RX FIFO if interrupts are disabled' (bsc#1051510). - rtnetlink: always put IFLA_LINK for links with a link-netnsid (networking-stable-19_05_21). - s390/qeth: be drop monitor friendly (bsc#1142220 LTC#179335). - s390/vtime: steal time exponential moving average (bsc#1119222). - scripts/git_sort/git_sort.py: Add mmots tree. - scsi: ibmvfc: fix WARN_ON during event pool release (bsc#1137458 LTC#178093). - sctp: Free cookie before we memdup a new one (networking-stable-19_06_18). - sctp: silence warns on sctp_stream_init allocations (bsc#1083710). - serial: uartps: Do not add a trailing semicolon to macro (bsc#1051510). - serial: uartps: Fix long line over 80 chars (bsc#1051510). - serial: uartps: Fix multiple line dereference (bsc#1051510). - serial: uartps: Remove useless return from cdns_uart_poll_put_char (bsc#1051510). - staging: comedi: amplc_pci230: fix null pointer deref on interrupt (bsc#1051510). - staging: comedi: dt282x: fix a null pointer deref on interrupt (bsc#1051510). - staging: rtl8712: reduce stack usage, again (bsc#1051510). - sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg (networking-stable-19_06_18). - tcp: reduce tcp_fastretrans_alert() verbosity (git-fixes). - team: Always enable vlan tx offload (bsc#1051510). - tty: rocket: fix incorrect forward declaration of 'rp_init()' (bsc#1051510). - tty: serial_core: Set port active bit in uart_port_activate (bsc#1051510). - tty: serial: cpm_uart - fix init when SMC is relocated (bsc#1051510). - tuntap: synchronize through tfiles array instead of tun->numqueues (networking-stable-19_05_14). - usb: gadget: ether: Fix race between gether_disconnect and rx_submit (bsc#1051510). - usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i] (bsc#1051510). - usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC (bsc#1051510). - usb: pci-quirks: Correct AMD PLL quirk detection (bsc#1051510). - usb: serial: ftdi_sio: add ID for isodebug v1 (bsc#1051510). - usb: serial: option: add support for GosunCn ME3630 RNDIS mode (bsc#1051510). - vmci: Fix integer overflow in VMCI handle arrays (bsc#1051510). - vsock/virtio: free packets during the socket release (networking-stable-19_05_21). - vsock/virtio: set SOCK_DONE on peer shutdown (networking-stable-19_06_18). - wil6210: fix potential out-of-bounds read (bsc#1051510). - x86, mm: fix fast GUP with hyper-based TLB flushing (VM Functionality, bsc#1140903). - xen: let alloc_xenballooned_pages() fail if not enough memory free (bsc#1142450 XSA-300). - xfs: do not overflow xattr listent buffer (bsc#1143105). Important SUSE bug 1051510 SUSE bug 1055117 SUSE bug 1071995 SUSE bug 1083647 SUSE bug 1083710 SUSE bug 1102247 SUSE bug 1111666 SUSE bug 1119222 SUSE bug 1123080 SUSE bug 1127034 SUSE bug 1127315 SUSE bug 1129770 SUSE bug 1130972 SUSE bug 1133021 SUSE bug 1134097 SUSE bug 1134390 SUSE bug 1134399 SUSE bug 1135335 SUSE bug 1135642 SUSE bug 1136896 SUSE bug 1137458 SUSE bug 1137534 SUSE bug 1137535 SUSE bug 1137584 SUSE bug 1137609 SUSE bug 1137811 SUSE bug 1137827 SUSE bug 1139358 SUSE bug 1140133 SUSE bug 1140139 SUSE bug 1140322 SUSE bug 1140652 SUSE bug 1140887 SUSE bug 1140888 SUSE bug 1140889 SUSE bug 1140891 SUSE bug 1140893 SUSE bug 1140903 SUSE bug 1140945 SUSE bug 1140954 SUSE bug 1140955 SUSE bug 1140956 SUSE bug 1140957 SUSE bug 1140958 SUSE bug 1140959 SUSE bug 1140960 SUSE bug 1140961 SUSE bug 1140962 SUSE bug 1140964 SUSE bug 1140971 SUSE bug 1140972 SUSE bug 1140992 SUSE bug 1141401 SUSE bug 1141402 SUSE bug 1141452 SUSE bug 1141453 SUSE bug 1141454 SUSE bug 1141478 SUSE bug 1142023 SUSE bug 1142112 SUSE bug 1142220 SUSE bug 1142221 SUSE bug 1142254 SUSE bug 1142350 SUSE bug 1142351 SUSE bug 1142354 SUSE bug 1142359 SUSE bug 1142450 SUSE bug 1142701 SUSE bug 1142868 SUSE bug 1143003 SUSE bug 1143045 SUSE bug 1143105 SUSE bug 1143185 SUSE bug 1143189 SUSE bug 1143191 SUSE bug 1143507 CVE-2018-20855 CVE-2019-1125 CVE-2019-11810 CVE-2019-13631 CVE-2019-13648 CVE-2019-14283 CVE-2019-14284 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for evince fixes the following issues: Security issues fixed: - CVE-2019-11459: Fixed an improper error handling in which could have led to use of uninitialized use of memory (bsc#1133037). - CVE-2019-1010006: Fixed a buffer overflow in backend/tiff/tiff-document.c (bsc#1141619). Important SUSE bug 1133037 SUSE bug 1141619 CVE-2019-1010006 CVE-2019-11459 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for python fixes the following issues: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853). Important SUSE bug 1138459 SUSE bug 1141853 CVE-2018-20852 CVE-2019-10160 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for mariadb-100 to version 10.0.38 fixes the following issues: - CVE-2019-2537: Fixed a denial of service vulnerability which can lead to MySQL compromise (bsc#1136037). - CVE-2019-2529: Fixed a denial of service vulnerability by an privileged attacker via a protocol compromise (bsc#1136037). Important SUSE bug 1136037 CVE-2019-2529 CVE-2019-2537 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for NetworkManager fixes the following issues: Security issue fixed: - Fixed that passwords are not echoed on terminal when asking for them (bsc#990204). Low SUSE bug 990204 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for webkit2gtk3 fixes the following issues: Updated to version 2.24.4 (bsc#1148931). Security issues fixed: - CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8669, CVE-2019-8678, CVE-2019-8680, CVE-2019-8683, CVE-2019-8684, CVE-2019-8688, CVE-2019-8595, CVE-2019-8607, CVE-2019-8615, CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690 Non-security issues fixed: - Improved loading of multimedia streams to avoid memory exhaustion due to excessive caching. - Updated the user agent string to make happy certain websites which would claim that the browser being used was unsupported. Important SUSE bug 1135715 SUSE bug 1148931 CVE-2019-8595 CVE-2019-8607 CVE-2019-8615 CVE-2019-8644 CVE-2019-8649 CVE-2019-8658 CVE-2019-8666 CVE-2019-8669 CVE-2019-8671 CVE-2019-8672 CVE-2019-8673 CVE-2019-8676 CVE-2019-8677 CVE-2019-8678 CVE-2019-8679 CVE-2019-8680 CVE-2019-8681 CVE-2019-8683 CVE-2019-8684 CVE-2019-8686 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for ibus fixes the following issues: Security issue fixed: - CVE-2019-14822: Fixed a misconfiguration of the DBus server that allowed an unprivileged user to monitor and send method calls to the ibus bus of another user. (bsc#1150011) Important SUSE bug 1150011 CVE-2019-14822 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for libreoffice to version 6.2.7.1 fixes the following issues: Security issues fixed: - CVE-2019-9849: Disabled fetching remote bullet graphics in 'stealth mode' (bsc#1141861). - CVE-2019-9848: Fixed an arbitrary script execution via LibreLogo (bsc#1141862). - CVE-2019-9851: Fixed LibreLogo global-event script execution issue (bsc#1146105). - CVE-2019-9852: Fixed insufficient URL encoding flaw in allowed script location check (bsc#1146107). - CVE-2019-9850: Fixed insufficient URL validation that allowed LibreLogo script execution (bsc#1146098). - CVE-2019-9854: Fixed unsafe URL assembly flaw (bsc#1149944). - CVE-2019-9855: Fixed path equivalence handling flaw (bsc#1149943) Non-security issue fixed: - SmartArt: Basic rendering of Trapezoid List (bsc#1133534) Moderate SUSE bug 1133534 SUSE bug 1141861 SUSE bug 1141862 SUSE bug 1146098 SUSE bug 1146105 SUSE bug 1146107 SUSE bug 1149943 SUSE bug 1149944 CVE-2019-9848 CVE-2019-9849 CVE-2019-9850 CVE-2019-9851 CVE-2019-9852 CVE-2019-9854 CVE-2019-9855 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following new features were implemented: - jsc#SLE-4875: [CML] New device IDs for CML - jsc#SLE-7294: Add cpufreq driver for Raspberry Pi - fate#322438: Integrate P9 XIVE support (on PowerVM only) - fate#322447: Add memory protection keys (MPK) support on POWER (on PowerVM only) - fate#322448, fate#321438: P9 hardware counter (performance counters) support (on PowerVM only) - fate#325306, fate#321840: Reduce memory required to boot capture kernel while using fadump - fate#326869: perf: pmu mem_load/store event support The following security bugs were fixed: - CVE-2017-18551: There was an out of bounds write in the function i2c_smbus_xfer_emulated. (bsc#1146163). - CVE-2018-20976: A use after free existed, related to xfs_fs_fill_super failure. (bsc#1146285) - CVE-2018-21008: A use-after-free can be caused by the function rsi_mac80211_detach (bsc#1149591). - CVE-2019-9456: In Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could have lead to local escalation of privilege with System execution privileges needed. (bsc#1150025 CVE-2019-9456). - CVE-2019-10207: Fix a NULL pointer dereference in hci_uart bluetooth driver (bsc#1142857 bsc#1123959). - CVE-2019-14814, CVE-2019-14815, CVE-2019-14816: Fix three heap-based buffer overflows in marvell wifi chip driver kernel, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code. (bnc#1146516) - CVE-2019-14835: Fix QEMU-KVM Guest to Host Kernel Escape. (bsc#1150112). - CVE-2019-15030, CVE-2019-15031: On the powerpc platform, a local user could read vector registers of other users' processes via an interrupt. (bsc#1149713) - CVE-2019-15090: In the qedi_dbg_* family of functions, there was an out-of-bounds read. (bsc#1146399) - CVE-2019-15098: USB driver net/wireless/ath/ath6kl/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor. (bsc#1146378). - CVE-2019-15099: drivers/net/wireless/ath/ath10k/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor. (bsc#1146368) - CVE-2019-15117: parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel mishandled a short descriptor, leading to out-of-bounds memory access. (bsc#1145920). - CVE-2019-15118: check_input_term in sound/usb/mixer.c in the Linux kernel mishandled recursion, leading to kernel stack exhaustion. (bsc#1145922). - CVE-2019-15211: There was a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c did not properly allocate memory. (bsc#1146519). - CVE-2019-15212: There was a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver. (bsc#1051510 bsc#1146391). - CVE-2019-15214: There was a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. (bsc#1146550) - CVE-2019-15215: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver. (bsc#1135642 bsc#1146425) - CVE-2019-15216: Fix a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. (bsc#1146361). - CVE-2019-15217: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. (bsc#1146547). - CVE-2019-15218: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver. (bsc#1051510 bsc#1146413) - CVE-2019-15219: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. (bsc#1146524) - CVE-2019-15220: There was a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver. (bsc#1146526) - CVE-2019-15221, CVE-2019-15222: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver. (bsc#1146529, bsc#1146531) - CVE-2019-15239: An incorrect backport of a certain net/ipv4/tcp_output.c fix allowed a local attacker to trigger multiple use-after-free conditions. This could result in a kernel crash, or potentially in privilege escalation. (bsc#1146589) - CVE-2019-15290: There was a NULL pointer dereference caused by a malicious USB device in the ath6kl_usb_alloc_urb_from_pipe function (bsc#1146543). - CVE-2019-15292: There was a use-after-free in atalk_proc_exit (bsc#1146678) - CVE-2019-15538: XFS partially wedged when a chgrp failed on account of being out of disk quota. This was primarily a local DoS attack vector, but it could result as well in remote DoS if the XFS filesystem was exported for instance via NFS. (bsc#1148032, bsc#1148093) - CVE-2019-15666: There was an out-of-bounds array access in __xfrm_policy_unlink, which would cause denial of service, because verify_newpolicy_info mishandled directory validation. (bsc#1148394). - CVE-2019-15902: A backporting error reintroduced the Spectre vulnerability that it aimed to eliminate. (bnc#1149376) - CVE-2019-15917: There was a use-after-free issue when hci_uart_register_dev() failed in hci_uart_set_proto() (bsc#1149539) - CVE-2019-15919: SMB2_write in fs/cifs/smb2pdu.c had a use-after-free. (bsc#1149552) - CVE-2019-15920: SMB2_read in fs/cifs/smb2pdu.c had a use-after-free. (bsc#1149626) - CVE-2019-15921: There was a memory leak issue when idr_alloc() failed (bsc#1149602) - CVE-2019-15924: Fix a NULL pointer dereference because there was no -ENOMEM upon an alloc_workqueue failure. (bsc#1149612). - CVE-2019-15926: Out of bounds access existed in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx (bsc#1149527) - CVE-2019-15927: An out-of-bounds access existed in the function build_audio_procunit (bsc#1149522) The following non-security bugs were fixed: - 9p/rdma: do not disconnect on down_interruptible EAGAIN (bsc#1051510). - 9p/rdma: remove useless check in cm_event_handler (bsc#1051510). - 9p/virtio: Add cleanup path in p9_virtio_init (bsc#1051510). - 9p/xen: Add cleanup path in p9_trans_xen_init (bsc#1051510). - 9p/xen: fix check for xenbus_read error in front_probe (bsc#1051510). - 9p: acl: fix uninitialized iattr access (bsc#1051510). - 9p: p9dirent_read: check network-provided name length (bsc#1051510). - 9p: pass the correct prototype to read_cache_page (bsc#1051510). - acpi/arm64: ignore 5.1 FADTs that are reported as 5.0 (bsc#1051510). - acpi/iort: Fix off-by-one check in iort_dev_find_its_id() (bsc#1051510). - acpi: PM: Fix regression in acpi_device_set_power() (bsc#1051510). - acpi: fix false-positive -Wuninitialized warning (bsc#1051510). - acpica: Increase total number of possible Owner IDs (bsc#1148859). - acpica: Increase total number of possible Owner IDs (bsc#1148859). - add some missing definitions (bsc#1144333). - address lock imbalance warnings in smbdirect.c (bsc#1144333). - af_key: fix leaks in key_pol_get_resp and dump_sp (bsc#1051510). - af_packet: Block execution of tasks waiting for transmit to complete in AF_PACKET (networking-stable-19_07_02). - alsa: firewire: fix a memory leak bug (bsc#1051510). - alsa: hda - Add a generic reboot_notify (bsc#1051510). - alsa: hda - Apply workaround for another AMD chip 1022:1487 (bsc#1051510). - alsa: hda - Do not override global PCM hw info flag (bsc#1051510). - alsa: hda - Fix a memory leak bug (bsc#1051510). - alsa: hda - Fix potential endless loop at applying quirks (bsc#1051510). - alsa: hda - Let all conexant codec enter D3 when rebooting (bsc#1051510). - alsa: hda - Workaround for crackled sound on AMD controller (1022:1457) (bsc#1051510). - alsa: hda/realtek - Fix overridden device-specific initialization (bsc#1051510). - alsa: hda/realtek - Fix the problem of two front mics on a ThinkCentre (bsc#1051510). - alsa: hda: kabi workaround for generic parser flag (bsc#1051510). - alsa: hiface: fix multiple memory leak bugs (bsc#1051510). - alsa: line6: Fix memory leak at line6_init_pcm() error path (bsc#1051510). - alsa: pcm: fix lost wakeup event scenarios in snd_pcm_drain (bsc#1051510). - alsa: seq: Fix potential concurrent access to the deleted pool (bsc#1051510). - alsa: usb-audio: Fix gpf in snd_usb_pipe_sanity_check (bsc#1051510). - arm64: KVM: Fix architecturally invalid reset value for FPEXC32_EL2 (bsc#1133021). - arm: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling (bsc#1133021). - arm: KVM: report support for SMCCC_ARCH_WORKAROUND_1 (bsc#1133021). - asoc: Fail card instantiation if DAI format setup fails (bsc#1051510). - asoc: dapm: Fix handling of custom_stop_condition on DAPM graph walks (bsc#1051510). - ata: libahci: do not complain in case of deferred probe (bsc#1051510). - batman-adv: Only read OGM tvlv_len after buffer len check (bsc#1051510). - batman-adv: Only read OGM2 tvlv_len after buffer len check (bsc#1051510). - batman-adv: fix uninit-value in batadv_netlink_get_ifindex() (bsc#1051510). - bcache: fix possible memory leak in bch_cached_dev_run() (git fixes). - bio: fix improper use of smp_mb__before_atomic() (git fixes). - blk-mq: Fix spelling in a source code comment (git fixes). - blk-mq: backport fixes for blk_mq_complete_e_request_sync() (bsc#1145661). - blk-mq: introduce blk_mq_complete_request_sync() (bsc#1145661). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (bsc#1141543). - block, documentation: Fix wbt_lat_usec documentation (git fixes). - bluetooth: 6lowpan: search for destination address in all peers (bsc#1051510). - bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug (bsc#1051510). - bluetooth: Check state in l2cap_disconnect_rsp (bsc#1051510). - bluetooth: btqca: Add a short delay before downloading the NVM (bsc#1051510). - bluetooth: hci_bcsp: Fix memory leak in rx_skb (bsc#1051510). - bluetooth: revert 'validate BLE connection interval updates' (bsc#1051510). - bluetooth: validate BLE connection interval updates (bsc#1051510). - bnx2x: Prevent ptp_task to be rescheduled indefinitely (networking-stable-19_07_25). - bonding/802.3ad: fix link_failure_count tracking (bsc#1137069 bsc#1141013). - bonding/802.3ad: fix slave link initialization transition states (bsc#1137069 bsc#1141013). - bonding: Always enable vlan tx offload (networking-stable-19_07_02). - bonding: set default miimon value for non-arp modes if not set (bsc#1137069 bsc#1141013). - bonding: speed/duplex update at NETDEV_UP event (bsc#1137069 bsc#1141013). - bonding: validate ip header before check IPPROTO_IGMP (networking-stable-19_07_25). - btrfs: Fix delalloc inodes invalidation during transaction abort (bsc#1050911). - btrfs: Split btrfs_del_delalloc_inode into 2 functions (bsc#1050911). - btrfs: add a helper to retrive extent inline ref type (bsc#1149325). - btrfs: add cleanup_ref_head_accounting helper (bsc#1050911). - btrfs: add missing inode version, ctime and mtime updates when punching hole (bsc#1140487). - btrfs: add one more sanity check for shared ref type (bsc#1149325). - btrfs: clean up pending block groups when transaction commit aborts (bsc#1050911). - btrfs: convert to use btrfs_get_extent_inline_ref_type (bsc#1149325). - btrfs: do not abort transaction at btrfs_update_root() after failure to COW path (bsc#1150933). - btrfs: fix assertion failure during fsync and use of stale transaction (bsc#1150562). - btrfs: fix data loss after inode eviction, renaming it, and fsync it (bsc#1145941). - btrfs: fix fsync not persisting dentry deletions due to inode evictions (bsc#1145942). - btrfs: fix incremental send failure after deduplication (bsc#1145940). - btrfs: fix pinned underflow after transaction aborted (bsc#1050911). - btrfs: fix race between send and deduplication that lead to failures and crashes (bsc#1145059). - btrfs: fix race leading to fs corruption after transaction abort (bsc#1145937). - btrfs: handle delayed ref head accounting cleanup in abort (bsc#1050911). - btrfs: prevent send failures and crashes due to concurrent relocation (bsc#1145059). - btrfs: remove BUG() in add_data_reference (bsc#1149325). - btrfs: remove BUG() in btrfs_extent_inline_ref_size (bsc#1149325). - btrfs: remove BUG() in print_extent_item (bsc#1149325). - btrfs: remove BUG_ON in __add_tree_block (bsc#1149325). - btrfs: scrub: add memalloc_nofs protection around init_ipath (bsc#1086103). - btrfs: start readahead also in seed devices (bsc#1144886). - btrfs: track running balance in a simpler way (bsc#1145059). - btrfs: use GFP_KERNEL in init_ipath (bsc#1086103). - caif-hsi: fix possible deadlock in cfhsi_exit_module() (networking-stable-19_07_25). - can: m_can: implement errata 'Needless activation of MRAF irq' (bsc#1051510). - can: mcp251x: add support for mcp25625 (bsc#1051510). - can: peak_usb: fix potential double kfree_skb() (bsc#1051510). - can: peak_usb: force the string buffer NULL-terminated (bsc#1051510). - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (bsc#1051510). - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices (bsc#1051510). - can: rcar_canfd: fix possible IRQ storm on high load (bsc#1051510). - can: sja1000: force the string buffer NULL-terminated (bsc#1051510). - carl9170: fix misuse of device driver API (bsc#1142635). - ceph: always get rstat from auth mds (bsc#1146346). - ceph: clean up ceph.dir.pin vxattr name sizeof() (bsc#1146346). - ceph: decode feature bits in session message (bsc#1146346). - ceph: do not blindly unregister session that is in opening state (bsc#1148133). - ceph: do not try fill file_lock on unsuccessful GETFILELOCK reply (bsc#1148133). - ceph: fix 'ceph.dir.rctime' vxattr value (bsc#1148133 bsc#1135219). - ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr() (bsc#1148133). - ceph: fix buffer free while holding i_ceph_lock in fill_inode() (bsc#1148133). - ceph: fix improper use of smp_mb__before_atomic() (bsc#1148133). - ceph: fix iov_iter issues in ceph_direct_read_write() (bsc#1141450). - ceph: hold i_ceph_lock when removing caps for freeing inode (bsc#1148133). - ceph: remove request from waiting list before unregister (bsc#1148133). - ceph: silence a checker warning in mdsc_show() (bsc#1148133). - ceph: support cephfs' own feature bits (bsc#1146346). - ceph: support getting ceph.dir.pin vxattr (bsc#1146346). - ceph: support versioned reply (bsc#1146346). - ceph: use bit flags to define vxattr attributes (bsc#1146346). - cfg80211: revert 'fix processing world regdomain when non modular' (bsc#1051510). - cifs: Accept validate negotiate if server return NT_STATUS_NOT_SUPPORTED (bsc#1144333). - cifs: Add DFS cache routines (bsc#1144333). - cifs: Add direct I/O functions to file_operations (bsc#1144333). - cifs: Add minor debug message during negprot (bsc#1144333). - cifs: Add smb2_send_recv (bsc#1144333). - cifs: Add support for FSCTL passthrough that write data to the server (bsc#1144333). - cifs: Add support for direct I/O read (bsc#1144333). - cifs: Add support for direct I/O write (bsc#1144333). - cifs: Add support for direct pages in rdata (bsc#1144333). - cifs: Add support for direct pages in wdata (bsc#1144333). - cifs: Add support for failover in cifs_mount() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect() (bsc#1144333). - cifs: Add support for failover in cifs_reconnect_tcon() (bsc#1144333). - cifs: Add support for failover in smb2_reconnect() (bsc#1144333). - cifs: Add support for reading attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: Add support for writing attributes on SMB2+ (bsc#1051510, bsc#1144333). - cifs: Adds information-level logging function (bsc#1144333). - cifs: Adjust MTU credits before reopening a file (bsc#1144333). - cifs: Allocate memory for all iovs in smb2_ioctl (bsc#1144333). - cifs: Allocate validate negotiation request through kmalloc (bsc#1144333). - cifs: Always reset read error to -EIO if no response (bsc#1144333). - cifs: Always resolve hostname before reconnecting (bsc#1051510, bsc#1144333). - cifs: Avoid returning EBUSY to upper layer VFS (bsc#1144333). - cifs: Calculate the correct request length based on page offset and tail size (bsc#1144333). - cifs: Call MID callback before destroying transport (bsc#1144333). - cifs: Change SMB2_open to return an iov for the error parameter (bsc#1144333). - cifs: Check for reconnects before sending async requests (bsc#1144333). - cifs: Check for reconnects before sending compound requests (bsc#1144333). - cifs: Check for timeout on Negotiate stage (bsc#1091171, bsc#1144333). - cifs: Count SMB3 credits for malformed pending responses (bsc#1144333). - cifs: Display SMB2 error codes in the hex format (bsc#1144333). - cifs: Do not assume one credit for async responses (bsc#1144333). - cifs: Do not consider -ENODATA as stat failure for reads (bsc#1144333). - cifs: Do not count -ENODATA as failure for query directory (bsc#1051510, bsc#1144333). - cifs: Do not hide EINTR after sending network packets (bsc#1051510, bsc#1144333). - cifs: Do not log credits when unmounting a share (bsc#1144333). - cifs: Do not match port on SMBDirect transport (bsc#1144333). - cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510, bsc#1144333). - cifs: Do not reconnect TCP session in add_credits() (bsc#1051510, bsc#1144333). - cifs: Do not reset lease state to NONE on lease break (bsc#1051510, bsc#1144333). - cifs: Do not set credits to 1 if the server didn't grant anything (bsc#1144333). - cifs: Do not skip SMB2 message IDs on send failures (bsc#1144333). - cifs: Find and reopen a file before get MTU credits in writepages (bsc#1144333). - cifs: Fix DFS cache refresher for DFS links (bsc#1144333). - cifs: Fix NULL pointer deref on SMB2_tcon() failure (bsc#1071009, bsc#1144333). - cifs: Fix NULL pointer dereference of devname (bnc#1129519). - cifs: Fix NULL ptr deref (bsc#1144333). - cifs: Fix a debug message (bsc#1144333). - cifs: Fix a race condition with cifs_echo_request (bsc#1144333). - cifs: Fix a tiny potential memory leak (bsc#1144333). - cifs: Fix adjustment of credits for MTU requests (bsc#1051510, bsc#1144333). - cifs: Fix an issue with re-sending rdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix an issue with re-sending wdata when transport returning -EAGAIN (bsc#1144333). - cifs: Fix autonegotiate security settings mismatch (bsc#1087092, bsc#1144333). - cifs: Fix check for matching with existing mount (bsc#1144333). - cifs: Fix credit calculation for encrypted reads with errors (bsc#1051510, bsc#1144333). - cifs: Fix credit calculations in compound mid callback (bsc#1144333). - cifs: Fix credit computation for compounded requests (bsc#1144333). - cifs: Fix credits calculation for cancelled requests (bsc#1144333). - cifs: Fix credits calculations for reads with errors (bsc#1051510, bsc#1144333). - cifs: Fix encryption/signing (bsc#1144333). - cifs: Fix error mapping for SMB2_LOCK command which caused OFD lock problem (bsc#1051510, bsc#1144333). - cifs: Fix error paths in writeback code (bsc#1144333). - cifs: Fix infinite loop when using hard mount option (bsc#1091171, bsc#1144333). - cifs: Fix invalid check in __cifs_calc_signature() (bsc#1144333). - cifs: Fix kernel oops when traceSMB is enabled (bsc#1144333). - cifs: Fix leaking locked VFS cache pages in writeback retry (bsc#1144333). - cifs: Fix lease buffer length error (bsc#1144333). - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510, bsc#1144333). - cifs: Fix missing put_xid in cifs_file_strict_mmap (bsc#1087092, bsc#1144333). - cifs: Fix module dependency (bsc#1144333). - cifs: Fix mounts if the client is low on credits (bsc#1144333). - cifs: Fix possible hang during async MTU reads and writes (bsc#1051510, bsc#1144333). - cifs: Fix possible oops and memory leaks in async IO (bsc#1144333). - cifs: Fix potential OOB access of lock element array (bsc#1051510, bsc#1144333). - cifs: Fix read after write for files with read caching (bsc#1051510, bsc#1144333). - cifs: Fix separator when building path from dentry (bsc#1051510, bsc#1144333). - cifs: Fix signing for SMB2/3 (bsc#1144333). - cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting (bsc#1144333). - cifs: Fix slab-out-of-bounds when tracing SMB tcon (bsc#1144333). - cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1051510, bsc#1144333). - cifs: Fix to use kmem_cache_free() instead of kfree() (bsc#1144333). - cifs: Fix trace command logging for SMB2 reads and writes (bsc#1144333). - cifs: Fix use after free of a mid_q_entry (bsc#1112903, bsc#1144333). - cifs: Fix use-after-free in SMB2_read (bsc#1144333). - cifs: Fix use-after-free in SMB2_write (bsc#1144333). - cifs: Fix validation of signed data in smb2 (bsc#1144333). - cifs: Fix validation of signed data in smb3+ (bsc#1144333). - cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510, bsc#1144333). - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs) (bsc#1144333). - cifs: Introduce helper function to get page offset and length in smb_rqst (bsc#1144333). - cifs: Introduce offset for the 1st page in data transfer structures (bsc#1144333). - cifs: Limit memory used by lock request calls to a page (bsc#1144333). - cifs: Make devname param optional in cifs_compose_mount_options() (bsc#1144333). - cifs: Make sure all data pages are signed correctly (bsc#1144333). - cifs: Make use of DFS cache to get new DFS referrals (bsc#1144333). - cifs: Mask off signals when sending SMB packets (bsc#1144333). - cifs: Minor Kconfig clarification (bsc#1144333). - cifs: Move credit processing to mid callbacks for SMB3 (bsc#1144333). - cifs: Move open file handling to writepages (bsc#1144333). - cifs: Move unlocking pages from wdata_send_pages() (bsc#1144333). - cifs: OFD locks do not conflict with eachothers (bsc#1051510, bsc#1144333). - cifs: Only free DFS target list if we actually got one (bsc#1144333). - cifs: Only send SMB2_NEGOTIATE command on new TCP connections (bsc#1144333). - cifs: Pass page offset for calculating signature (bsc#1144333). - cifs: Pass page offset for encrypting (bsc#1144333). - cifs: Print message when attempting a mount (bsc#1144333). - cifs: Properly handle auto disabling of serverino option (bsc#1144333). - cifs: Reconnect expired SMB sessions (bnc#1060662). - cifs: Refactor out cifs_mount() (bsc#1144333). - cifs: Remove custom credit adjustments for SMB2 async IO (bsc#1144333). - cifs: Reopen file before get SMB2 MTU credits for async IO (bsc#1144333). - cifs: Respect SMB2 hdr preamble size in read responses (bsc#1144333). - cifs: Respect reconnect in MTU credits calculations (bsc#1144333). - cifs: Respect reconnect in non-MTU credits calculations (bsc#1144333). - cifs: Return -EAGAIN instead of -ENOTSOCK (bsc#1144333). - cifs: Return error code when getting file handle for writeback (bsc#1144333). - cifs: SMBD: Add SMB Direct debug counters (bsc#1144333). - cifs: SMBD: Add SMB Direct protocol initial values and constants (bsc#1144333). - cifs: SMBD: Add parameter rdata to smb2_new_read_req (bsc#1144333). - cifs: SMBD: Add rdma mount option (bsc#1144333). - cifs: SMBD: Disable signing on SMB direct transport (bsc#1144333). - cifs: SMBD: Do not call ib_dereg_mr on invalidated memory registration (bsc#1144333). - cifs: SMBD: Establish SMB Direct connection (bsc#1144333). - cifs: SMBD: Fix the definition for SMB2_CHANNEL_RDMA_V1_INVALIDATE (bsc#1144333). - cifs: SMBD: Implement RDMA memory registration (bsc#1144333). - cifs: SMBD: Implement function to create a SMB Direct connection (bsc#1144333). - cifs: SMBD: Implement function to destroy a SMB Direct connection (bsc#1144333). - cifs: SMBD: Implement function to receive data via RDMA receive (bsc#1144333). - cifs: SMBD: Implement function to reconnect to a SMB Direct transport (bsc#1144333). - cifs: SMBD: Implement function to send data via RDMA send (bsc#1144333). - cifs: SMBD: Read correct returned data length for RDMA write (SMB read) I/O (bsc#1144333). - cifs: SMBD: Set SMB Direct maximum read or write size for I/O (bsc#1144333). - cifs: SMBD: Support page offset in RDMA recv (bsc#1144333). - cifs: SMBD: Support page offset in RDMA send (bsc#1144333). - cifs: SMBD: Support page offset in memory registration (bsc#1144333). - cifs: SMBD: Upper layer connects to SMBDirect session (bsc#1144333). - cifs: SMBD: Upper layer destroys SMB Direct session on shutdown or umount (bsc#1144333). - cifs: SMBD: Upper layer performs SMB read via RDMA write through memory registration (bsc#1144333). - cifs: SMBD: Upper layer performs SMB write via RDMA read through memory registration (bsc#1144333). - cifs: SMBD: Upper layer receives data via RDMA receive (bsc#1144333). - cifs: SMBD: Upper layer reconnects to SMB Direct session (bsc#1144333). - cifs: SMBD: Upper layer sends data via RDMA send (bsc#1144333). - cifs: SMBD: _smbd_get_connection() can be static (bsc#1144333). - cifs: SMBD: export protocol initial values (bsc#1144333). - cifs: SMBD: fix spelling mistake: faield and legnth (bsc#1144333). - cifs: SMBD: work around gcc -Wmaybe-uninitialized warning (bsc#1144333). - cifs: Save TTL value when parsing DFS referrals (bsc#1144333). - cifs: Select all required crypto modules (bsc#1085536, bsc#1144333). - cifs: Set reconnect instance to one initially (bsc#1144333). - cifs: Show locallease in /proc/mounts for cifs shares mounted with locallease feature (bsc#1144333). - cifs: Silence uninitialized variable warning (bsc#1144333). - cifs: Skip any trailing backslashes from UNC (bsc#1144333). - cifs: Try to acquire credits at once for compound requests (bsc#1144333). - cifs: Use GFP_ATOMIC when a lock is held in cifs_mount() (bsc#1144333). - cifs: Use ULL suffix for 64-bit constant (bsc#1051510, bsc#1144333). - cifs: Use correct packet length in SMB2_TRANSFORM header (bsc#1144333). - cifs: Use kmemdup in SMB2_ioctl_init() (bsc#1144333). - cifs: Use kmemdup rather than duplicating its implementation in smb311_posix_mkdir() (bsc#1144333). - cifs: Use kzfree() to free password (bsc#1144333). - cifs: Use offset when reading pages (bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510, bsc#1144333). - cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510, bsc#1144333). - cifs: When sending data on socket, pass the correct page offset (bsc#1144333). - cifs: a smb2_validate_and_copy_iov failure does not mean the handle is invalid (bsc#1144333). - cifs: add .splice_write (bsc#1144333). - cifs: add IOCTL for QUERY_INFO passthrough to userspace (bsc#1144333). - cifs: add ONCE flag for cifs_dbg type (bsc#1144333). - cifs: add SFM mapping for 0x01-0x1F (bsc#1144333). - cifs: add SMB2_close_init()/SMB2_close_free() (bsc#1144333). - cifs: add SMB2_ioctl_init/free helpers to be used with compounding (bsc#1144333). - cifs: add SMB2_query_info_[init|free]() (bsc#1144333). - cifs: add a new SMB2_close_flags function (bsc#1144333). - cifs: add a smb2_compound_op and change QUERY_INFO to use it (bsc#1144333). - cifs: add a timeout argument to wait_for_free_credits (bsc#1144333). - cifs: add a warning if we try to to dequeue a deleted mid (bsc#1144333). - cifs: add compound_send_recv() (bsc#1144333). - cifs: add credits from unmatched responses/messages (bsc#1144333). - cifs: add debug output to show nocase mount option (bsc#1144333). - cifs: add fiemap support (bsc#1144333). - cifs: add iface info to struct cifs_ses (bsc#1144333). - cifs: add lease tracking to the cached root fid (bsc#1144333). - cifs: add missing GCM module dependency (bsc#1144333). - cifs: add missing debug entries for kconfig options (bsc#1051510, bsc#1144333). - cifs: add missing support for ACLs in SMB 3.11 (bsc#1051510, bsc#1144333). - cifs: add pdu_size to the TCP_Server_Info structure (bsc#1144333). - cifs: add resp_buf_size to the mid_q_entry structure (bsc#1144333). - cifs: add server argument to the dump_detail method (bsc#1144333). - cifs: add server->vals->header_preamble_size (bsc#1144333). - cifs: add sha512 secmech (bsc#1051510, bsc#1144333). - cifs: add spinlock for the openFileList to cifsInodeInfo (bsc#1144333). - cifs: add support for SEEK_DATA and SEEK_HOLE (bsc#1144333). - cifs: add support for ioctl on directories (bsc#1144333). - cifs: address trivial coverity warning (bsc#1144333). - cifs: allow calling SMB2_xxx_free(NULL) (bsc#1144333). - cifs: allow disabling less secure legacy dialects (bsc#1144333). - cifs: allow guest mounts to work for smb3.11 (bsc#1051510, bsc#1144333). - cifs: always add credits back for unsolicited PDUs (bsc#1144333). - cifs: auto disable 'serverino' in dfs mounts (bsc#1144333). - cifs: avoid a kmalloc in smb2_send_recv/SendReceive2 for the common case (bsc#1144333). - cifs: cache FILE_ALL_INFO for the shared root handle (bsc#1144333). - cifs: change SMB2_OP_RENAME and SMB2_OP_HARDLINK to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_EOF to use compounding (bsc#1144333). - cifs: change SMB2_OP_SET_INFO to use compounding (bsc#1144333). - cifs: change mkdir to use a compound (bsc#1144333). - cifs: change smb2_get_data_area_len to take a smb2_sync_hdr as argument (bsc#1144333). - cifs: change smb2_query_eas to use the compound query-info helper (bsc#1144333). - cifs: change unlink to use a compound (bsc#1144333). - cifs: change validate_buf to validate_iov (bsc#1144333). - cifs: change wait_for_free_request() to take flags as argument (bsc#1144333). - cifs: check CIFS_MOUNT_NO_DFS when trying to reuse existing sb (bsc#1144333). - cifs: check MaxPathNameComponentLength != 0 before using it (bsc#1085536, bsc#1144333). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902, bsc#1144333). - cifs: check if SMB2 PDU size has been padded and suppress the warning (bsc#1144333). - cifs: check kmalloc before use (bsc#1051510, bsc#1144333). - cifs: check kzalloc return (bsc#1144333). - cifs: check ntwrk_buf_start for NULL before dereferencing it (bsc#1144333). - cifs: check rsp for NULL before dereferencing in SMB2_open (bsc#1085536, bsc#1144333). - cifs: cifs_read_allocate_pages: do not iterate through whole page array on ENOMEM (bsc#1144333). - cifs: clean up indentation, replace spaces with tab (bsc#1144333). - cifs: cleanup smb2ops.c and normalize strings (bsc#1144333). - cifs: complete PDU definitions for interface queries (bsc#1144333). - cifs: connect to servername instead of IP for IPC$ share (bsc#1051510, bsc#1144333). - cifs: create SMB2_open_init()/SMB2_open_free() helpers (bsc#1144333). - cifs: create a define for how many iovs we need for an SMB2_open() (bsc#1144333). - cifs: create a define for the max number of iov we need for a SMB2 set_info (bsc#1144333). - cifs: create a helper function for compound query_info (bsc#1144333). - cifs: create helpers for SMB2_set_info_init/free() (bsc#1144333). - cifs: do not allow creating sockets except with SMB1 posix exensions (bsc#1102097, bsc#1144333). - cifs: do not attempt cifs operation on smb2+ rename error (bsc#1144333). - cifs: do not dereference smb_file_target before null check (bsc#1051510, bsc#1144333). - cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510, bsc#1144333). - cifs: do not return atime less than mtime (bsc#1144333). - cifs: do not send invalid input buffer on QUERY_INFO requests (bsc#1144333). - cifs: do not show domain= in mount output when domain is empty (bsc#1144333). - cifs: do not use __constant_cpu_to_le32() (bsc#1144333). - cifs: document tcon/ses/server refcount dance (bsc#1144333). - cifs: dump IPC tcon in debug proc file (bsc#1071306, bsc#1144333). - cifs: dump every session iface info (bsc#1144333). - cifs: fallback to older infolevels on findfirst queryinfo retry (bsc#1144333). - cifs: fix GlobalMid_Lock bug in cifs_reconnect (bsc#1144333). - cifs: fix NULL deref in SMB2_read (bsc#1085539, bsc#1144333). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542, bsc#1144333). - cifs: fix SMB1 breakage (bsc#1144333). - cifs: fix a buffer leak in smb2_query_symlink (bsc#1144333). - cifs: fix a credits leak for compund commands (bsc#1144333). - cifs: fix bi-directional fsctl passthrough calls (bsc#1144333). - cifs: fix build break when CONFIG_CIFS_DEBUG2 enabled (bsc#1144333). - cifs: fix build errors for SMB_DIRECT (bsc#1144333). - cifs: fix circular locking dependency (bsc#1064701, bsc#1144333). - cifs: fix computation for MAX_SMB2_HDR_SIZE (bsc#1144333). - cifs: fix confusing warning message on reconnect (bsc#1144333). - cifs: fix crash in cifs_dfs_do_automount (bsc#1144333). - cifs: fix crash in smb2_compound_op()/smb2_set_next_command() (bsc#1144333). - cifs: fix crash querying symlinks stored as reparse-points (bsc#1144333). - cifs: fix credits leak for SMB1 oplock breaks (bsc#1144333). - cifs: fix deadlock in cached root handling (bsc#1144333). - cifs: fix encryption in SMB3.1.1 (bsc#1144333). - cifs: fix handle leak in smb2_query_symlink() (bsc#1144333). - cifs: fix incorrect handling of smb2_set_sparse() return in smb3_simple_falloc (bsc#1144333). - cifs: fix kref underflow in close_shroot() (bsc#1144333). - cifs: fix memory leak and remove dead code (bsc#1144333). - cifs: fix memory leak in SMB2_open() (bsc#1112894, bsc#1144333). - cifs: fix memory leak in SMB2_read (bsc#1144333). - cifs: fix memory leak of an allocated cifs_ntsd structure (bsc#1144333). - cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl case (bsc#1144333). - cifs: fix page reference leak with readv/writev (bsc#1144333). - cifs: fix panic in smb2_reconnect (bsc#1144333). - cifs: fix parsing of symbolic link error response (bsc#1144333). - cifs: fix return value for cifs_listxattr (bsc#1051510, bsc#1144333). - cifs: fix rmmod regression in cifs.ko caused by force_sig changes (bsc#1144333). - cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510, bsc#1144333). - cifs: fix signed/unsigned mismatch on aio_read patch (bsc#1144333). - cifs: fix smb3_zero_range for Azure (bsc#1144333). - cifs: fix smb3_zero_range so it can expand the file-size when required (bsc#1144333). - cifs: fix sparse warning on previous patch in a few printks (bsc#1144333). - cifs: fix spelling mistake, EACCESS -> EACCES (bsc#1144333). - cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() (bsc#1144333). - cifs: fix typo in cifs_dbg (bsc#1144333). - cifs: fix typo in debug message with struct field ia_valid (bsc#1144333). - cifs: fix uninitialized ptr deref in smb2 signing (bsc#1144333). - cifs: fix use-after-free of the lease keys (bsc#1144333). - cifs: fix wrapping bugs in num_entries() (bsc#1051510, bsc#1144333). - cifs: flush before set-info if we have writeable handles (bsc#1144333). - cifs: handle large EA requests more gracefully in smb2+ (bsc#1144333). - cifs: handle netapp error codes (bsc#1136261). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: hide unused functions (bsc#1051510, bsc#1144333). - cifs: implement v3.11 preauth integrity (bsc#1051510, bsc#1144333). - cifs: integer overflow in in SMB2_ioctl() (bsc#1051510, bsc#1144333). - cifs: invalidate cache when we truncate a file (bsc#1051510, bsc#1144333). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565, bsc#1144333). - cifs: limit amount of data we request for xattrs to CIFSMaxBufSize (bsc#1144333). - cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510, bsc#1144333). - cifs: make IPC a regular tcon (bsc#1071306, bsc#1144333). - cifs: make arrays static const, reduces object code size (bsc#1144333). - cifs: make minor clarifications to module params for cifs.ko (bsc#1144333). - cifs: make mknod() an smb_version_op (bsc#1144333). - cifs: make rmdir() use compounding (bsc#1144333). - cifs: make smb_send_rqst take an array of requests (bsc#1144333). - cifs: minor clarification in comments (bsc#1144333). - cifs: minor updates to module description for cifs.ko (bsc#1144333). - cifs: move default port definitions to cifsglob.h (bsc#1144333). - cifs: move large array from stack to heap (bsc#1144333). - cifs: only wake the thread for the very last PDU in a compound (bsc#1144333). - cifs: parse and store info on iface queries (bsc#1144333). - cifs: pass flags down into wait_for_free_credits() (bsc#1144333). - cifs: pass page offsets on SMB1 read/write (bsc#1144333). - cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510, bsc#1144333). - cifs: prevent starvation in wait_for_free_credits for multi-credit requests (bsc#1144333). - cifs: print CIFSMaxBufSize as part of /proc/fs/cifs/DebugData (bsc#1144333). - cifs: protect against server returning invalid file system block size (bsc#1144333). - cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510, bsc#1144333). - cifs: push rfc1002 generation down the stack (bsc#1144333). - cifs: read overflow in is_valid_oplock_break() (bsc#1144333). - cifs: refactor and clean up arguments in the reparse point parsing (bsc#1144333). - cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510, bsc#1144333). - cifs: release auth_key.response for reconnect (bsc#1085536, bsc#1144333). - cifs: release cifs root_cred after exit_cifs (bsc#1085536, bsc#1144333). - cifs: remove coverity warning in calc_lanman_hash (bsc#1144333). - cifs: remove header_preamble_size where it is always 0 (bsc#1144333). - cifs: remove redundant duplicated assignment of pointer 'node' (bsc#1144333). - cifs: remove rfc1002 hardcoded constants from cifs_discard_remaining_data() (bsc#1144333). - cifs: remove rfc1002 header from all SMB2 response structures (bsc#1144333). - cifs: remove rfc1002 header from smb2 read/write requests (bsc#1144333). - cifs: remove rfc1002 header from smb2_close_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_create_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_echo_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_flush_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_ioctl_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_lease_ack (bsc#1144333). - cifs: remove rfc1002 header from smb2_lock_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_logoff_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_negotiate_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_oplock_break we get from server (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_directory_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_query_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_sess_setup_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_set_info_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_connect_req (bsc#1144333). - cifs: remove rfc1002 header from smb2_tree_disconnect_req (bsc#1144333). - cifs: remove set but not used variable 'cifs_sb' (bsc#1144333). - cifs: remove set but not used variable 'sep' (bsc#1144333). - cifs: remove set but not used variable 'server' (bsc#1144333). - cifs: remove set but not used variable 'smb_buf' (bsc#1144333). - cifs: remove small_smb2_init (bsc#1144333). - cifs: remove smb2_send_recv() (bsc#1144333). - cifs: remove struct smb2_hdr (bsc#1144333). - cifs: remove struct smb2_oplock_break_rsp (bsc#1144333). - cifs: remove the is_falloc argument to SMB2_set_eof (bsc#1144333). - cifs: remove unused stats (bsc#1144333). - cifs: remove unused value pointed out by Coverity (bsc#1144333). - cifs: remove unused variable from SMB2_read (bsc#1144333). - cifs: rename and clarify CIFS_ASYNC_OP and CIFS_NO_RESP (bsc#1144333). - cifs: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - cifs: replace snprintf with scnprintf (bsc#1144333). - cifs: return -ENODATA when deleting an xattr that does not exist (bsc#1144333). - cifs: return correct errors when pinning memory failed for direct I/O (bsc#1144333). - cifs: return error on invalid value written to cifsFYI (bsc#1144333). - cifs: set *resp_buf_type to NO_BUFFER on error (bsc#1144333). - cifs: set mapping error when page writeback fails in writepage or launder_pages (bsc#1144333). - cifs: set oparms.create_options rather than or'ing in CREATE_OPEN_BACKUP_INTENT (bsc#1144333). - cifs: show 'soft' in the mount options for hard mounts (bsc#1144333). - cifs: show the w bit for writeable /proc/fs/cifs/* files (bsc#1144333). - cifs: silence compiler warnings showing up with gcc-8.0.0 (bsc#1090734, bsc#1144333). - cifs: simple stats should always be enabled (bsc#1144333). - cifs: simplify code by removing CONFIG_CIFS_ACL ifdef (bsc#1144333). - Update config files. - cifs: simplify how we handle credits in compound_send_recv() (bsc#1144333). - cifs: smb2 commands can not be negative, remove confusing check (bsc#1144333). - cifs: smb2ops: Fix NULL check in smb2_query_symlink (bsc#1144333). - cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510, bsc#1144333). - cifs: smb2pdu: Fix potential NULL pointer dereference (bsc#1144333). - cifs: smbd: Avoid allocating iov on the stack (bsc#1144333). - cifs: smbd: Check for iov length on sending the last iov (bsc#1144333). - cifs: smbd: Do not destroy transport on RDMA disconnect (bsc#1144333). - cifs: smbd: Do not use RDMA read/write when signing is used (bsc#1144333). - cifs: smbd: Dump SMB packet when configured (bsc#1144333). - cifs: smbd: Enable signing with smbdirect (bsc#1144333). - cifs: smbd: Indicate to retry on transport sending failure (bsc#1144333). - cifs: smbd: Retry on memory registration failure (bsc#1144333). - cifs: smbd: Return EINTR when interrupted (bsc#1144333). - cifs: smbd: avoid reconnect lockup (bsc#1144333). - cifs: smbd: depend on INFINIBAND_ADDR_TRANS (bsc#1144333). - cifs: smbd: disconnect transport on RDMA errors (bsc#1144333). - cifs: smbd: take an array of reqeusts when sending upper layer data (bsc#1144333). - cifs: start DFS cache refresher in cifs_mount() (bsc#1144333). - cifs: store the leaseKey in the fid on SMB2_open (bsc#1051510, bsc#1144333). - cifs: suppress some implicit-fallthrough warnings (bsc#1144333). - cifs: track writepages in vfs operation counters (bsc#1144333). - cifs: update __smb_send_rqst() to take an array of requests (bsc#1144333). - cifs: update calc_size to take a server argument (bsc#1144333). - cifs: update init_sg, crypt_message to take an array of rqst (bsc#1144333). - cifs: update internal module number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.12 (bsc#1144333). - cifs: update internal module version number for cifs.ko to 2.14 (bsc#1144333). - cifs: update module internal version number (bsc#1144333). - cifs: update multiplex loop to handle compounded responses (bsc#1144333). - cifs: update receive_encrypted_standard to handle compounded responses (bsc#1144333). - cifs: update smb2_calc_size to use smb2_sync_hdr instead of smb2_hdr (bsc#1144333). - cifs: update smb2_check_message to handle PDUs without a 4 byte length header (bsc#1144333). - cifs: update smb2_queryfs() to use compounding (bsc#1144333). - cifs: use a compound for setting an xattr (bsc#1144333). - cifs: use a refcount to protect open/closing the cached file handle (bsc#1144333). - cifs: use correct format characters (bsc#1144333). - cifs: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl (bsc#1071306, bsc#1144333). - cifs: use the correct length when pinning memory for direct I/O for write (bsc#1144333). - cifs: wait_for_free_credits() make it possible to wait for >=1 credits (bsc#1144333). - cifs: we can not use small padding iovs together with encryption (bsc#1144333). - cifs: zero sensitive data when freeing (bsc#1087092, bsc#1144333). - cifs: zero-range does not require the file is sparse (bsc#1144333). - cifs:smbd Use the correct DMA direction when sending data (bsc#1144333). - cifs:smbd When reconnecting to server, call smbd_destroy() after all MIDs have been called (bsc#1144333). - cifs_lookup(): cifs_get_inode_...() never returns 0 with *inode left NULL (bsc#1144333). - cifs_lookup(): switch to d_splice_alias() (bsc#1144333). - clk: Export clk_bulk_prepare() (bsc#1144813). - clk: add clk_bulk_get accessories (bsc#1144813). - clk: bcm2835: remove pllb (jsc#SLE-7294). - clk: bcm283x: add driver interfacing with Raspberry Pi's firmware (jsc#SLE-7294). - clk: bulk: silently error out on EPROBE_DEFER (bsc#1144718,bsc#1144813). - clk: raspberrypi: register platform device for raspberrypi-cpufreq (jsc#SLE-7294). - clk: renesas: cpg-mssr: Fix reset control race condition (bsc#1051510). - clk: rockchip: Add 1.6GHz PLL rate for rk3399 (bsc#1144718,bsc#1144813). - clk: rockchip: assign correct id for pclk_ddr and hclk_sd in rk3399 (bsc#1144718,bsc#1144813). - compat_ioctl: pppoe: fix PPPOEIOCSFWD handling (bsc#1051510). - coredump: split pipe command whitespace before expanding template (bsc#1051510). - cpu/speculation: Warn on unsupported mitigations= parameter (bsc#1114279). - cpufreq: dt: Try freeing static OPPs only if we have added them (jsc#SLE-7294). - crypto: ccp - Add support for valid authsize values less than 16 (bsc#1051510). - crypto: ccp - Fix oops by properly managing allocated structures (bsc#1051510). - crypto: ccp - Ignore tag length when decrypting GCM ciphertext (bsc#1051510). - crypto: ccp - Ignore unconfigured CCP device on suspend/resume (bnc#1145934). - crypto: ccp - Validate buffer lengths for copy operations (bsc#1051510). - crypto: talitos - fix skcipher failure due to wrong output IV (bsc#1051510). - cx82310_eth: fix a memory leak bug (bsc#1051510). - dax: dax_layout_busy_page() should not unmap cow pages (bsc#1148698). - devres: always use dev_name() in devm_ioremap_resource() (git fixes). - dfs_cache: fix a wrong use of kfree in flush_cache_ent() (bsc#1144333). - dm btree: fix order of block initialization in btree_split_beneath (git fixes). - dm bufio: fix deadlock with loop device (git fixes). - dm cache metadata: Fix loading discard bitset (git fixes). - dm crypt: do not overallocate the integrity tag space (git fixes). - dm crypt: fix parsing of extended IV arguments (git fixes). - dm delay: fix a crash when invalid device is specified (git fixes). - dm integrity: change memcmp to strncmp in dm_integrity_ctr (git fixes). - dm integrity: limit the rate of error messages (git fixes). - dm kcopyd: always complete failed jobs (git fixes). - dm raid: add missing cleanup in raid_ctr() (git fixes). - dm space map metadata: fix missing store of apply_bops() return value (git fixes). - dm table: fix invalid memory accesses with too high sector number (git fixes). - dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors (git fixes). - dm thin: fix bug where bio that overwrites thin block ignores FUA (git fixes). - dm thin: fix passdown_double_checking_shared_status() (git fixes). - dm zoned: Fix zone report handling (git fixes). - dm zoned: Silence a static checker warning (git fixes). - dm zoned: fix potential NULL dereference in dmz_do_reclaim() (git fixes). - dm zoned: fix zone state management race (git fixes). - dm zoned: improve error handling in i/o map code (git fixes). - dm zoned: improve error handling in reclaim (git fixes). - dm zoned: properly handle backing device failure (git fixes). - dm: bufio: revert: 'fix deadlock with loop device' (git fixes). - dm: fix to_sector() for 32bit (git fixes). - dm: revert 8f50e358153d ('dm: limit the max bio size as BIO_MAX_PAGES * PAGE_SIZE') (git fixes). - dma-buf: balance refcount inbalance (bsc#1051510). - dmaengine: rcar-dmac: Reject zero-length slave DMA requests (bsc#1051510). - documentation/networking: fix default_ttl typo in mpls-sysctl (bsc#1051510). - documentation: Add nospectre_v1 parameter (bsc#1051510). - driver core: Fix use-after-free and double free on glue directory (bsc#1131281). - drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl (bsc#1051510). - drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings (bsc#1051510). - drm/amdgpu/psp: move psp version specific function pointers to (bsc#1135642) - drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz (bsc#1051510). - drm/bridge: tc358767: read display_props in get_modes() (bsc#1051510). - drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry (bsc#1051510). - drm/etnaviv: add missing failure path to destroy suballoc (bsc#1135642) - drm/i915/perf: ensure we keep a reference on the driver (bsc#1142635) - drm/i915/userptr: Acquire the page lock around set_page_dirty() (bsc#1051510). - drm/i915: Do not deballoon unused ggtt drm_mm_node in linux guest (bsc#1142635) - drm/i915: Fix wrong escape clock divisor init for GLK (bsc#1142635) - drm/i915: Restore relaxed padding (OCL_OOB_SUPPRES_ENABLE) for skl+ (bsc#1142635) - drm/imx: notify drm core before sending event during crtc disable (bsc#1135642) - drm/imx: only send event on crtc disable if kept disabled (bsc#1135642) - drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver (bsc#1135642) - drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable() (bsc#1135642) - drm/mediatek: clear num_pipes when unbind driver (bsc#1135642) - drm/mediatek: fix unbind functions (bsc#1135642) - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto (bsc#1142635) - drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1135642) - drm/mediatek: use correct device to import PRIME buffers (bsc#1142635) - drm/msm/mdp5: Fix mdp5_cfg_init error return (bsc#1142635) - drm/msm: Depopulate platform on probe failure (bsc#1051510). - drm/nouveau: Do not retry infinitely when receiving no data on i2c (bsc#1142635) - drm/nouveau: fix memory leak in nouveau_conn_reset() (bsc#1051510). - drm/panel: simple: Fix panel_simple_dsi_probe (bsc#1051510). - drm/rockchip: Suspend DP late (bsc#1142635) - drm/udl: introduce a macro to convert dev to udl. (bsc#1113722) - drm/udl: move to embedding drm device inside udl device. (bsc#1113722) - drm/virtio: Add memory barriers for capset cache (bsc#1051510). - drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1135642) - drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1135642) - drm/vmwgfx: fix memory leak when too many retries have occurred (bsc#1051510). - drm: msm: Fix add_gpu_components (bsc#1051510). - drm: silence variable 'conn' set but not used (bsc#1051510). - ecryptfs: fix a couple type promotion bugs (bsc#1051510). - edac, amd64: Add Family 17h, models 10h-2fh support (bsc#1112178). - edac/amd64: Add Family 17h Model 30h PCI IDs (bsc#1112178). - edac: Fix global-out-of-bounds write when setting edac_mc_poll_msec (bsc#1114279). - efi/bgrt: Drop BGRT status field reserved bits check (bsc#1051510). - ehea: Fix a copy-paste err in ehea_init_port_res (bsc#1051510). - ext4: use jbd2_inode dirty range scoping (bsc#1148616). - firmware: raspberrypi: register clk device (jsc#SLE-7294). - firmware: ti_sci: Always request response from firmware (bsc#1051510). - fix incorrect error code mapping for OBJECTID_NOT_FOUND (bsc#1144333). - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510, bsc#1144333). - fix struct ufs_req removal of unused field (git-fixes). - fixed https://bugzilla.kernel.org/show_bug.cgi?id=202935 allow write on the same file (bsc#1144333). - fs/*/kconfig: drop links to 404-compliant http://acl.bestbits.at (bsc#1144333). - fs/cifs/cifsacl.c Fixes typo in a comment (bsc#1144333). - fs/cifs/smb2pdu.c: fix buffer free in SMB2_ioctl_free (bsc#1144333). - fs/cifs: Simplify ib_post_(send|recv|srq_recv)() calls (bsc#1144333). - fs/cifs: do not translate SFM_SLASH (U+F026) to backslash (bsc#1144333). - fs/cifs: fix uninitialised variable warnings (bsc#1144333). - fs/cifs: require sha512 (bsc#1051510, bsc#1144333). - fs/cifs: suppress a string overflow warning (bsc#1144333). - fs/xfs: Fix return code of xfs_break_leased_layouts() (bsc#1148031). - fs: cifs: Drop unlikely before IS_ERR(_OR_NULL) (bsc#1144333). - fs: cifs: Kconfig: pedantic formatting (bsc#1144333). - fs: cifs: Replace _free_xid call in cifs_root_iget function (bsc#1144333). - fs: cifs: cifsssmb: Change return type of convert_ace_to_cifs_ace (bsc#1144333). - fs: xfs: xfs_log: Do not use KM_MAYFAIL at xfs_log_reserve() (bsc#1148033). - fsl/fman: Use GFP_ATOMIC in {memac,tgec}_add_hash_mac_address() (bsc#1051510). - ftrace: Check for empty hash and comment the race with registering probes (bsc#1149418). - ftrace: Check for successful allocation of hash (bsc#1149424). - ftrace: Fix NULL pointer dereference in t_probe_next() (bsc#1149413). - gpio: Fix build error of function redefinition (bsc#1051510). - gpio: gpio-omap: add check for off wake capable gpios (bsc#1051510). - gpio: mxs: Get rid of external API call (bsc#1051510). - gpio: omap: ensure irq is enabled before wakeup (bsc#1051510). - gpio: pxa: handle corner case of unprobed device (bsc#1051510). - gpiolib: fix incorrect IRQ requesting of an active-low lineevent (bsc#1051510). - gpiolib: never report open-drain/source lines as 'input' to user-space (bsc#1051510). - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM (bsc#1142635) - hid: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT (bsc#1051510). - hid: Add quirk for HP X1200 PIXART OEM mouse (bsc#1051510). - hid: cp2112: prevent sleeping function called from invalid context (bsc#1051510). - hid: hiddev: avoid opening a disconnected device (bsc#1051510). - hid: hiddev: do cleanup in failure of opening a device (bsc#1051510). - hid: holtek: test for sanity of intfdata (bsc#1051510). - hid: sony: Fix race condition between rumble and device remove (bsc#1051510). - hid: wacom: Correct distance scale for 2nd-gen Intuos devices (bsc#1142635). - hid: wacom: correct misreported EKR ring values (bsc#1142635). - hid: wacom: fix bit shift for Cintiq Companion 2 (bsc#1051510). - hpet: Fix division by zero in hpet_time_div() (bsc#1051510). - hwmon: (nct6775) Fix register address and added missed tolerance for nct6106 (bsc#1051510). - hwmon: (nct7802) Fix wrong detection of in4 presence (bsc#1051510). - i2c: emev2: avoid race when unregistering slave client (bsc#1051510). - i2c: piix4: Fix port selection for AMD Family 16h Model 30h (bsc#1051510). - i2c: qup: fixed releasing dma without flush operation completion (bsc#1051510). - ib/mlx5: Fix MR registration flow to use UMR properly (bsc#1093205 bsc#1145678). - ibmveth: Convert multicast list size for little-endian system (bsc#1061843). - ibmvnic: Do not process reset during or after device removal (bsc#1149652 ltc#179635). - ibmvnic: Unmap DMA address of TX descriptor buffers after use (bsc#1146351 ltc#180726). - igmp: fix memory leak in igmpv3_del_delrec() (networking-stable-19_07_25). - iio: adc: max9611: Fix misuse of GENMASK macro (bsc#1051510). - iio: adc: max9611: Fix temperature reading in probe (bsc#1051510). - iio: iio-utils: Fix possible incorrect mask calculation (bsc#1051510). - include/linux/bitops.h: sanitize rotate primitives (git fixes). - input: alps - do not handle ALPS cs19 trackpoint-only device (bsc#1051510). - input: alps - fix a mismatch between a condition check and its comment (bsc#1051510). - input: iforce - add sanity checks (bsc#1051510). - input: kbtab - sanity check for endpoint type (bsc#1051510). - input: synaptics - enable RMI mode for HP Spectre X360 (bsc#1051510). - input: synaptics - whitelist Lenovo T580 SMBus intertouch (bsc#1051510). - input: trackpoint - only expose supported controls for Elan, ALPS and NXP (bsc#1051510). - intel_th: pci: Add Ice Lake NNPI support (bsc#1051510). - intel_th: pci: Add Tiger Lake support (bsc#1051510). - intel_th: pci: Add support for another Lewisburg PCH (bsc#1051510). - iommu/amd: Add support for X2APIC IOMMU interrupts (bsc#1145010). - iommu/amd: Fix race in increase_address_space() (bsc#1150860). - iommu/amd: Flush old domains in kdump kernel (bsc#1150861). - iommu/amd: Move iommu_init_pci() to .init section (bsc#1149105). - iommu/dma: Handle SG length overflow better (bsc#1146084). - iommu/iova: Fix compilation error with !CONFIG_IOMMU_IOVA (bsc#1145024). - iommu/vt-d: Do not queue_iova() if there is no flush queue (bsc#1145024). - ipip: validate header length in ipip_tunnel_xmit (git-fixes). - ipv4: do not set IPv6 only flags to IPv4 addresses (networking-stable-19_07_25). - irqchip/gic-v3-its: fix build warnings (bsc#1144880). - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack (bsc#1051510). - isdn: hfcsusb: checking idx of ep configuration (bsc#1051510). - isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain() (bsc#1051510). - iwlwifi: dbg: split iwl_fw_error_dump to two functions (bsc#1119086). - iwlwifi: do not unmap as page memory that was mapped as single (bsc#1051510). - iwlwifi: fix bad dma handling in page_mem dumping flow (bsc#1120902). - iwlwifi: fw: use helper to determine whether to dump paging (bsc#1106434). Patch needed to be adjusted, because our tree does not have the global variable IWL_FW_ERROR_DUMP_PAGING - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT on version &< 41 (bsc#1142635). - iwlwifi: mvm: fix an out-of-bound access (bsc#1051510). - iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT support (bsc#1142635). - iwlwifi: pcie: do not service an interrupt that was masked (bsc#1142635). - iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X (bsc#1142635). - jbd2: flush_descriptor(): Do not decrease buffer head's ref count (bsc#1143843). - jbd2: introduce jbd2_inode dirty range scoping (bsc#1148616). - kabi: Fix kABI for 'struct amd_iommu' (bsc#1145010). - kasan: remove redundant initialization of variable 'real_size' (git fixes). - kconfig/[mn]conf: handle backspace (^H) key (bsc#1051510). - keys: Fix missing null pointer check in request_key_auth_describe() (bsc#1051510). - kvm/eventfd: Avoid crash when assign and deassign specific eventfd in parallel (bsc#1133021). - kvm/x86: Move MSR_IA32_ARCH_CAPABILITIES to array emulated_msrs (bsc#1134881 bsc#1134882). - kvm: Disallow wraparound in kvm_gfn_to_hva_cache_init (bsc#1133021). - kvm: Fix leak vCPU's VMCS value into other pCPU (bsc#1145388). - kvm: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC (bsc#1145408). - kvm: PPC: Book3S HV: Fix CR0 setting in TM emulation (bsc#1061840). - kvm: Reject device ioctls from processes other than the VM's creator (bsc#1133021). - kvm: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT with bad value (bsc#1145393). - kvm: VMX: Fix handling of #MC that occurs during VM-Entry (bsc#1145395). - kvm: VMX: check CPUID before allowing read/write of IA32_XSS (bsc#1145394). - kvm: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083). - kvm: X86: Reduce the overhead when lapic_timer_advance is disabled (bsc#1149083). - kvm: arm/arm64: Close VMID generation race (bsc#1133021). - kvm: arm/arm64: Convert kvm_host_cpu_state to a static per-cpu allocation (bsc#1133021). - kvm: arm/arm64: Drop resource size check for GICV window (bsc#1133021). - kvm: arm/arm64: Fix VMID alloc race by reverting to lock-less (bsc#1133021). - kvm: arm/arm64: Fix lost IRQs from emulated physcial timer when blocked (bsc#1133021). - kvm: arm/arm64: Handle CPU_PM_ENTER_FAILED (bsc#1133021). - kvm: arm/arm64: Reduce verbosity of KVM init log (bsc#1133021). - kvm: arm/arm64: Set dist->spis to NULL after kfree (bsc#1133021). - kvm: arm/arm64: Skip updating PMD entry if no change (bsc#1133021). - kvm: arm/arm64: Skip updating PTE entry if no change (bsc#1133021). - kvm: arm/arm64: vgic-its: Fix potential overrun in vgic_copy_lpi_list (bsc#1133021). - kvm: arm/arm64: vgic-v3: Tighten synchronization for guests using v2 on v3 (bsc#1133021). - kvm: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending (bsc#1133021). - kvm: arm/arm64: vgic: Fix kvm_device leak in vgic_its_destroy (bsc#1133021). - kvm: arm64: Fix caching of host MDCR_EL2 value (bsc#1133021). - kvm: mmu: Fix overlap between public and private memslots (bsc#1133021). - kvm: nVMX: Remove unnecessary sync_roots from handle_invept (bsc#1145391). - kvm: nVMX: Use adjusted pin controls for vmcs02 (bsc#1145392). - kvm: nVMX: allow setting the VMFUNC controls MSR (bsc#1145389). - kvm: nVMX: do not use dangling shadow VMCS after guest reset (bsc#1145390). - kvm: x86/vPMU: refine kvm_pmu err msg when event creation failed (bsc#1145397). - kvm: x86: Do not update RIP or do single-step on faulting emulation (bsc#1149104). - kvm: x86: Unconditionally enable irqs in guest context (bsc#1145396). - kvm: x86: degrade WARN to pr_warn_ratelimited (bsc#1145409). - kvm: x86: fix backward migration with async_PF (bsc#1146074). - lan78xx: Fix memory leaks (bsc#1051510). - libata: add SG safety checks in SFF pio transfers (bsc#1051510). - libata: do not request sense data on !ZAC ATA devices (bsc#1051510). - libata: have ata_scsi_rw_xlat() fail invalid passthrough requests (bsc#1051510). - libata: zpodd: Fix small read overflow in zpodd_get_mech_type() (bsc#1051510). - libceph, rbd, ceph: move ceph_osdc_alloc_messages() calls (bsc#1135897). - libceph, rbd: add error handling for osd_req_op_cls_init() (bsc#1135897). - libceph, rbd: new bio handling code (aka do not clone bios) (bsc#1141450). - libceph: add osd_req_op_extent_osd_data_bvecs() (bsc#1141450). - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer (bsc#1148133). - libceph: assign cookies in linger_submit() (bsc#1135897). - libceph: check reply num_data_items in setup_request_data() (bsc#1135897). - libceph: do not consume a ref on pagelist in ceph_msg_data_add_pagelist() (bsc#1135897). - libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() (bsc#1135897). - libceph: fix PG split vs OSD (re)connect race (bsc#1148133). - libceph: handle zero-length data items (bsc#1141450). - libceph: introduce BVECS data type (bsc#1141450). - libceph: introduce alloc_watch_request() (bsc#1135897). - libceph: introduce ceph_pagelist_alloc() (bsc#1135897). - libceph: preallocate message data items (bsc#1135897). - libceph: use single request data item for cmp/setxattr (bsc#1139101). - libnvdimm/pfn: Store correct value of npfns in namespace superblock (bsc#1146381 ltc#180720). - liquidio: add cleanup in octeon_setup_iq() (bsc#1051510). - loop: set PF_MEMALLOC_NOIO for the worker thread (git fixes). - mac80211: do not WARN on short WMM parameters from AP (bsc#1051510). - mac80211: do not warn about CW params when not using them (bsc#1051510). - mac80211: fix possible memory leak in ieee80211_assign_beacon (bsc#1142635). - mac80211: fix possible sta leak (bsc#1051510). - macsec: fix checksumming after decryption (bsc#1051510). - macsec: fix use-after-free of skb during RX (bsc#1051510). - macsec: let the administrator set UP state even if lowerdev is down (bsc#1051510). - macsec: update operstate when lower device changes (bsc#1051510). - mailbox: handle failed named mailbox channel request (bsc#1051510). - md/raid: raid5 preserve the writeback action after the parity check (git fixes). - md: add mddev->pers to avoid potential NULL pointer dereference (git fixes). - media: au0828: fix null dereference in error path (bsc#1051510). - media: coda: Remove unbalanced and unneeded mutex unlock (bsc#1051510). - media: coda: fix last buffer handling in V4L2_ENC_CMD_STOP (bsc#1051510). - media: coda: fix mpeg2 sequence number handling (bsc#1051510). - media: coda: increment sequence offset for the last returned frame (bsc#1051510). - media: dvb: usb: fix use after free in dvb_usb_device_exit (bsc#1051510). - media: hdpvr: fix locking and a missing msleep (bsc#1051510). - media: media_device_enum_links32: clean a reserved field (bsc#1051510). - media: pvrusb2: use a different format for warnings (bsc#1051510). - media: spi: IR LED: add missing of table registration (bsc#1051510). - media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails (bsc#1051510). - media: vpss: fix a potential NULL pointer dereference (bsc#1051510). - media: wl128x: Fix some error handling in fm_v4l2_init_video_device() (bsc#1051510). - mfd: arizona: Fix undefined behavior (bsc#1051510). - mfd: core: Set fwnode for created devices (bsc#1051510). - mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk (bsc#1051510). - mfd: intel-lpss: Add Intel Comet Lake PCI IDs (jsc#SLE-4875). - mm, page_owner: handle THP splits correctly (bsc#1149197, VM Debugging Functionality). - mm/hmm: fix bad subpage pointer in try_to_unmap_one (bsc#1148202, HMM, VM Functionality). - mm/hotplug: fix offline undo_isolate_page_range() (bsc#1148196, VM Functionality). - mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node (bsc#1148379, VM Functionality). - mm/memcontrol.c: fix use after free in mem_cgroup_iter() (bsc#1149224, VM Functionality). - mm/memory.c: recheck page table entry with page table lock held (bsc#1148363, VM Functionality). - mm/migrate.c: initialize pud_entry in migrate_vma() (bsc#1148198, HMM, VM Functionality). - mm/mlock.c: change count_mm_mlocked_page_nr return type (bsc#1148527, VM Functionality). - mm/mlock.c: mlockall error for flag MCL_ONFAULT (bsc#1148527, VM Functionality). - mm/page_alloc.c: fix calculation of pgdat->nr_zones (bsc#1148192, VM Functionality). - mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy() (bsc#1118689). - mm/vmscan.c: fix trying to reclaim unevictable LRU page (bsc#1149214, VM Functionality). - mm: add filemap_fdatawait_range_keep_errors() (bsc#1148616). - mm: do not stall register_shrinker() (bsc#1104902, VM Performance). - mm: page_mapped: do not assume compound page is huge or THP (bsc#1148574, VM Functionality). - mmc: cavium: Add the missing dma unmap when the dma has finished (bsc#1051510). - mmc: cavium: Set the correct dma max segment size for mmc_host (bsc#1051510). - mmc: core: Fix init of SD cards reporting an invalid VDD range (bsc#1051510). - mmc: dw_mmc: Fix occasional hang after tuning on eMMC (bsc#1051510). - mmc: sdhci-of-at91: add quirk for broken HS200 (bsc#1051510). - mmc: sdhci-pci: Add support for Intel CML (jsc#SLE-4875). - mmc: sdhci-pci: Add support for Intel ICP (jsc#SLE-4875). - move a few externs to smbdirect.h to eliminate warning (bsc#1144333). - move core networking kabi patches to the end of the section - move irq_data_get_effective_affinity_mask prior the sorted section - mpls: fix warning with multi-label encap (bsc#1051510). - nbd: replace kill_bdev() with __invalidate_device() again (git fixes). - net/9p: include trans_common.h to fix missing prototype warning (bsc#1051510). - net/ibmvnic: Fix missing { in __ibmvnic_reset (bsc#1149652 ltc#179635). - net/ibmvnic: free reset work of removed device from queue (bsc#1149652 ltc#179635). - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command (bsc#1145678). - net/mlx5e: IPoIB, Add error path in mlx5_rdma_setup_rn (networking-stable-19_07_25). - net/smc: do not schedule tx_work in SMC_CLOSED state (bsc#1149963). - net/smc: original socket family in inet_sock_diag (bsc#1149959). - net: Fix netdev_WARN_ONCE macro (git-fixes). - net: Introduce netdev_*_once functions (networking-stable-19_07_25). - net: bcmgenet: use promisc for unsupported filters (networking-stable-19_07_25). - net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query (networking-stable-19_07_25). - net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling (networking-stable-19_07_25). - net: bridge: stp: do not cache eth dest pointer before skb pull (networking-stable-19_07_25). - net: dsa: mv88e6xxx: wait after reset deactivation (networking-stable-19_07_25). - net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1139020 bsc#1139021). - net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1139020 bsc#1139021). - net: ena: add ethtool function for changing io queue sizes (bsc#1139020 bsc#1139021). - net: ena: add good checksum counter (bsc#1139020 bsc#1139021). - net: ena: add handling of llq max tx burst size (bsc#1139020 bsc#1139021). - net: ena: add newline at the end of pr_err prints (bsc#1139020 bsc#1139021). - net: ena: add support for changing max_header_size in LLQ mode (bsc#1139020 bsc#1139021). - net: ena: allow automatic fallback to polling mode (bsc#1139020 bsc#1139021). - net: ena: allow queue allocation backoff when low on memory (bsc#1139020 bsc#1139021). - net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1139020 bsc#1139021). - net: ena: enable negotiating larger Rx ring size (bsc#1139020 bsc#1139021). - net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1139020 bsc#1139021). - net: ena: ethtool: revert 'add extra properties retrieval via get_priv_flags' (bsc#1139020 bsc#1139021). - net: ena: fix ena_com_fill_hash_function() implementation (bsc#1139020 bsc#1139021). - net: ena: fix incorrect test of supported hash function (bsc#1139020 bsc#1139021). - net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1139020 bsc#1139021). - net: ena: fix: Free napi resources when ena_up() fails (bsc#1139020 bsc#1139021). - net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1139020 bsc#1139021). - net: ena: gcc 8: fix compilation warning (bsc#1139020 bsc#1139021). - net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1139020 bsc#1139021). - net: ena: make ethtool show correct current and max queue sizes (bsc#1139020 bsc#1139021). - net: ena: optimise calculations for CQ doorbell (bsc#1139020 bsc#1139021). - net: ena: remove inline keyword from functions in *.c (bsc#1139020 bsc#1139021). - net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1139020 bsc#1139021). - net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1139020 bsc#1139021). - net: ena: use dev_info_once instead of static variable (bsc#1139020 bsc#1139021). - net: make skb_dst_force return true when dst is refcounted (networking-stable-19_07_25). - net: neigh: fix multiple neigh timer scheduling (networking-stable-19_07_25). - net: remove duplicate fetch in sock_getsockopt (networking-stable-19_07_02). - net: sched: verify that q!=NULL before setting q->flags (git-fixes). - net: stmmac: fixed new system time seconds value calculation (networking-stable-19_07_02). - net: stmmac: set IC bit when transmitting frames with HW timestamp (networking-stable-19_07_02). - net: usb: pegasus: fix improper read if get_registers() fail (bsc#1051510). - net_sched: unset TCQ_F_CAN_BYPASS when adding filters (networking-stable-19_07_25). - netrom: fix a memory leak in nr_rx_frame() (networking-stable-19_07_25). - netrom: hold sock when setting skb->destructor (networking-stable-19_07_25). - nfc: fix potential illegal memory access (bsc#1051510). - nfs: Cleanup if nfs_match_client is interrupted (bsc#1134291). - nfs: Fix a double unlock from nfs_match,get_client (bsc#1134291). - nfs: Fix the inode request accounting when pages have subrequests (bsc#1140012). - nfs: make nfs_match_client killable (bsc#1134291). - nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header (git fixes). - nvme-core: Fix extra device_put() call on error path (bsc#1142541). - nvme-fc: fix module unloads while lports still pending (bsc#1150033). - nvme-multipath: fix ana log nsid lookup when nsid is not found (bsc#1141554). - nvme-multipath: relax ANA state check (bsc#1123105). - nvme-multipath: revalidate nvme_ns_head gendisk in nvme_validate_ns (bsc#1120876). - nvme: Return BLK_STS_TARGET if the DNR bit is set (bsc#1142076). - nvme: cancel request synchronously (bsc#1145661). - nvme: change locking for the per-subsystem controller list (bsc#1142541). - nvme: fix possible use-after-free in connect error flow (bsc#1139500, bsc#1140426) - nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN (bsc#1146938). - objtool: Add rewind_stack_do_exit() to the noreturn list (bsc#1145302). - objtool: Support GCC 9 cold subfunction naming scheme (bsc#1145300). - octeon_mgmt: Fix MIX registers configuration on MTU setup (bsc#1051510). - pci: PM/ACPI: Refresh all stale power state data in pci_pm_complete() (bsc#1149106). - pci: Restore Resizable BAR size bits correctly for 1MB BARs (bsc#1143841). - pci: hv: Fix panic by calling hv_pci_remove_slots() earlier (bsc#1142701). - pci: qcom: Ensure that PERST is asserted for at least 100 ms (bsc#1142635). - pci: xilinx-nwl: Fix Multi MSI data programming (bsc#1142635). - phy: qcom-qusb2: Fix crash if nvmem cell not specified (bsc#1051510). - phy: renesas: rcar-gen2: Fix memory leak at error paths (bsc#1051510). - pinctrl: pistachio: fix leaked of_node references (bsc#1051510). - pinctrl: rockchip: fix leaked of_node references (bsc#1051510). - pm / devfreq: rk3399_dmc: Pass ODT and auto power down parameters to TF-A (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: do not print error when get supply and clk defer (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: fix spelling mistakes (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: remove unneeded semicolon (bsc#1144718,bsc#1144813). - pm / devfreq: rk3399_dmc: remove wait for dcf irq event (bsc#1144718,bsc#1144813). - pm / devfreq: rockchip-dfi: Move GRF definitions to a common place (bsc#1144718,bsc#1144813). - pm / opp: OF: Use pr_debug() instead of pr_err() while adding OPP table (jsc#SLE-7294). - powerpc/64s: Include cpu header (bsc#1065729). - powerpc/64s: support nospectre_v2 cmdline option (bsc#1131107). - powerpc/book3s/64: check for NULL pointer in pgd_alloc() (bsc#1078248, git-fixes). - powerpc/fadump: Do not allow hot-remove memory from fadump reserved area (bsc#1120937). - powerpc/fadump: Reservationless firmware assisted dump (bsc#1120937). - powerpc/fadump: Throw proper error message on fadump registration failure (bsc#1120937). - powerpc/fadump: use kstrtoint to handle sysfs store (bsc#1146376). - powerpc/fadump: when fadump is supported register the fadump sysfs files (bsc#1146352). - powerpc/fsl: Add nospectre_v2 command line argument (bsc#1131107). - powerpc/fsl: Update Spectre v2 reporting (bsc#1131107). - powerpc/kdump: Handle crashkernel memory reservation failure (bsc#1143466 LTC#179600). - powerpc/lib: Fix feature fixup test of external branch (bsc#1065729). - powerpc/mm/hash/4k: Do not use 64K page size for vmemmap with 4K pagesize (bsc#1142685 LTC#179509). - powerpc/mm/radix: Use the right page size for vmemmap mapping (bsc#1055117 bsc#1142685 LTC#179509). - powerpc/mm: Handle page table allocation failures (bsc#1065729). - powerpc/perf: Add constraints for power9 l2/l3 bus events (bsc#1056686). - powerpc/perf: Add mem access events to sysfs (bsc#1124370). - powerpc/perf: Cleanup cache_sel bits comment (bsc#1056686). - powerpc/perf: Fix thresholding counter data for unknown type (bsc#1056686). - powerpc/perf: Remove PM_BR_CMPL_ALT from power9 event list (bsc#1047238, bsc#1056686). - powerpc/perf: Update perf_regs structure to include SIER (bsc#1056686). - powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler (bsc#1065729). - powerpc/powernv: Flush console before platform error reboot (bsc#1149940 ltc#179958). - powerpc/powernv: Return for invalid IMC domain (bsc1054914, git-fixes). - powerpc/powernv: Use kernel crash path for machine checks (bsc#1149940 ltc#179958). - powerpc/pseries, ps3: panic flush kernel messages before halting system (bsc#1149940 ltc#179958). - powerpc/pseries: Fix xive=off command line (bsc#1085030, git-fixes). - powerpc/pseries: add missing cpumask.h include file (bsc#1065729). - powerpc/pseries: correctly track irq state in default idle (bsc#1150727 ltc#178925). - powerpc/rtas: use device model APIs and serialization during LPM (bsc#1144123 ltc#178840). - powerpc/security: Show powerpc_security_features in debugfs (bsc#1131107). - powerpc/xive: Fix dump of XIVE interrupt under pseries (bsc#1142019). - powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask() (bsc#1085030, bsc#1145189, LTC#179762). - powerpc/xmon: Add a dump of all XIVE interrupts (bsc#1142019). - powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL (bsc#1142019). - powerpc: Allow flush_(inval_)dcache_range to work across ranges >4GB (bsc#1146575 ltc#180764). - powerpc: dump kernel log before carrying out fadump or kdump (bsc#1149940 ltc#179958). - qede: fix write to free'd pointer error and double free of ptp (bsc#1051510). - qlge: Deduplicate lbq_buf_size (bsc#1106061). - qlge: Deduplicate rx buffer queue management (bsc#1106061). - qlge: Factor out duplicated expression (bsc#1106061). - qlge: Fix dma_sync_single calls (bsc#1106061). - qlge: Fix irq masking in INTx mode (bsc#1106061). - qlge: Refill empty buffer queues from wq (bsc#1106061). - qlge: Refill rx buffers up to multiple of 16 (bsc#1106061). - qlge: Remove bq_desc.maplen (bsc#1106061). - qlge: Remove irq_cnt (bsc#1106061). - qlge: Remove page_chunk.last_flag (bsc#1106061). - qlge: Remove qlge_bq.len & size (bsc#1106061). - qlge: Remove rx_ring.sbq_buf_size (bsc#1106061). - qlge: Remove rx_ring.type (bsc#1106061). - qlge: Remove useless dma synchronization calls (bsc#1106061). - qlge: Remove useless memset (bsc#1106061). - qlge: Replace memset with assignment (bsc#1106061). - qlge: Update buffer queue prod index despite oom (bsc#1106061). - rbd: do not (ab)use obj_req->pages for stat requests (bsc#1141450). - rbd: do not NULL out ->obj_request in rbd_img_obj_parent_read_full() (bsc#1141450). - rbd: get rid of img_req->copyup_pages (bsc#1141450). - rbd: move from raw pages to bvec data descriptors (bsc#1141450). - rbd: remove bio cloning helpers (bsc#1141450). - rbd: start enums at 1 instead of 0 (bsc#1141450). - rbd: use kmem_cache_zalloc() in rbd_img_request_create() (bsc#1141450). - regmap: fix bulk writes on paged registers (bsc#1051510). - regulator: qcom_spmi: Fix math of spmi_regulator_set_voltage_time_sel (bsc#1051510). - rename patches according to their names in SLE15-SP1. - rpm/kernel-binary.spec.in: Enable missing modules check. - rpm/kernel-binary.spec.in: Enable missing modules check. - rpmsg: added MODULE_ALIAS for rpmsg_char (bsc#1051510). - rpmsg: smd: do not use mananged resources for endpoints and channels (bsc#1051510). - rpmsg: smd: fix memory leak on channel create (bsc#1051510). - rsi: improve kernel thread handling to fix kernel panic (bsc#1051510). - rslib: Fix decoding of shortened codes (bsc#1051510). - rslib: Fix handling of of caller provided syndrome (bsc#1051510). - rtc: pcf8523: do not return invalid date when battery is low (bsc#1051510). - rxrpc: Fix send on a connected, but unbound socket (networking-stable-19_07_25). - s390/cio: fix ccw_device_start_timeout API (bsc#1142109 LTC#179339). - s390/dasd: fix endless loop after read unit address configuration (bsc#1144912 LTC#179907). - s390/qdio: handle PENDING state for QEBSM devices (bsc#1142117 bsc#1142118 bsc#1142119 LTC#179329 LTC#179330 LTC#179331). - s390/qeth: avoid control IO completion stalls (bsc#1142109 LTC#179339). - s390/qeth: cancel cmd on early error (bsc#1142109 LTC#179339). - s390/qeth: fix request-side race during cmd IO timeout (bsc#1142109 LTC#179339). - s390/qeth: release cmd buffer in error paths (bsc#1142109 LTC#179339). - s390/qeth: simplify reply object handling (bsc#1142109 LTC#179339). - samples, bpf: fix to change the buffer size for read() (bsc#1051510). - samples: mei: use /dev/mei0 instead of /dev/mei (bsc#1051510). - sched/fair: Do not free p->numa_faults with concurrent readers (bsc#1144920). - sched/fair: Use RCU accessors consistently for ->numa_group (bsc#1144920). - scripts/checkstack.pl: Fix arm64 wrong or unknown architecture (bsc#1051510). - scripts/decode_stacktrace.sh: prefix addr2line with $CROSS_COMPILE (bsc#1051510). - scripts/decode_stacktrace: only strip base path when a prefix of the path (bsc#1051510). - scripts/gdb: fix lx-version string output (bsc#1051510). - scripts/git_sort/git_sort.py: - scsi: NCR5380: Always re-enable reselection interrupt (git-fixes). - scsi: aacraid: Fix missing break in switch statement (git-fixes). - scsi: aacraid: Fix performance issue on logical drives (git-fixes). - scsi: aic94xx: fix an error code in aic94xx_init() (git-fixes). - scsi: aic94xx: fix module loading (git-fixes). - scsi: bfa: convert to strlcpy/strlcat (git-fixes). - scsi: bnx2fc: Fix NULL dereference in error handling (git-fixes). - scsi: bnx2fc: fix incorrect cast to u64 on shift operation (git-fixes). - scsi: core: Fix race on creating sense cache (git-fixes). - scsi: core: Synchronize request queue PM status only on successful resume (git-fixes). - scsi: core: set result when the command cannot be dispatched (git-fixes). - scsi: cxlflash: Mark expected switch fall-throughs (bsc#1148868). - scsi: cxlflash: Prevent deadlock when adapter probe fails (git-fixes). - scsi: esp_scsi: Track residual for PIO transfers (git-fixes) Also, mitigate kABI changes. - scsi: fas216: fix sense buffer initialization (git-fixes). - scsi: isci: initialize shost fully before calling scsi_add_host() (git-fixes). - scsi: libfc: fix null pointer dereference on a null lport (git-fixes). - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached (git-fixes). - scsi: mac_scsi: Fix pseudo DMA implementation, take 2 (git-fixes). - scsi: mac_scsi: Increase PIO/PDMA transfer length threshold (git-fixes). - scsi: megaraid: fix out-of-bound array accesses (git-fixes). - scsi: megaraid_sas: Fix calculation of target ID (git-fixes). - scsi: ncr5380: revert 'Increase register polling limit' (git-fixes). - scsi: qedf: Add debug information for unsolicited processing (bsc#1149976). - scsi: qedf: Add shutdown callback handler (bsc#1149976). - scsi: qedf: Add support for 20 Gbps speed (bsc#1149976). - scsi: qedf: Check both the FCF and fabric ID before servicing clear virtual link (bsc#1149976). - scsi: qedf: Check for link state before processing LL2 packets and send fipvlan retries (bsc#1149976). - scsi: qedf: Check for module unloading bit before processing link update AEN (bsc#1149976). - scsi: qedf: Decrease the LL2 MTU size to 2500 (bsc#1149976). - scsi: qedf: Fix race betwen fipvlan request and response path (bsc#1149976). - scsi: qedf: Initiator fails to re-login to switch after link down (bsc#1149976). - scsi: qedf: Print message during bailout conditions (bsc#1149976). - scsi: qedf: Stop sending fipvlan request on unload (bsc#1149976). - scsi: qedf: Update module description string (bsc#1149976). - scsi: qedf: Update the driver version to 8.37.25.20 (bsc#1149976). - scsi: qedf: Update the version to 8.42.3.0 (bsc#1149976). - scsi: qedf: Use discovery list to traverse rports (bsc#1149976). - scsi: qedf: remove memset/memcpy to nfunc and use func instead (git-fixes). - scsi: qedf: remove set but not used variables (bsc#1149976). - scsi: qedi: remove declaration of nvm_image from stack (git-fixes). - scsi: qla2xxx: Add cleanup for PCI EEH recovery (bsc#1129424). - scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory (git-fixes). - scsi: qla2xxx: Fix a format specifier (git-fixes). - scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() (git-fixes). - scsi: qla2xxx: Fix device staying in blocked state (git-fixes). - scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() (git-fixes). - scsi: qla2xxx: Unregister chrdev if module initialization fails (git-fixes). - scsi: qla4xxx: avoid freeing unallocated dma memory (git-fixes). - scsi: raid_attrs: fix unused variable warning (git-fixes). - scsi: scsi_dh_alua: Fix possible null-ptr-deref (git-fixes). - scsi: sd: Defer spinning up drive while SANITIZE is in progress (git-fixes). - scsi: sd: Fix a race between closing an sd device and sd I/O (git-fixes). - scsi: sd: Fix cache_type_store() (git-fixes). - scsi: sd: Optimal I/O size should be a multiple of physical block size (git-fixes). - scsi: sd: Quiesce warning if device does not report optimal I/O size (git-fixes). - scsi: sd: use mempool for discard special page (git-fixes). - scsi: sd_zbc: Fix potential memory leak (git-fixes). - scsi: smartpqi: unlock on error in pqi_submit_raid_request_synchronous() (git-fixes). - scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled (git-fixes). - scsi: ufs: Avoid runtime suspend possibly being blocked forever (git-fixes). - scsi: ufs: Check that space was properly alloced in copy_query_response (git-fixes). - scsi: ufs: Fix NULL pointer dereference in ufshcd_config_vreg_hpm() (git-fixes). - scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value (git-fixes). - scsi: ufs: fix wrong command type of UTRD for UFSHCI v2.1 (git-fixes). - scsi: ufs: revert 'disable vccq if it's not needed by UFS device' (git-fixes). - scsi: use dma_get_cache_alignment() as minimum DMA alignment (git-fixes). - scsi: virtio_scsi: do not send sc payload with tmfs (git-fixes). - sctp: change to hold sk after auth shkey is created successfully (networking-stable-19_07_02). - serial: 8250: Fix TX interrupt handling condition (bsc#1051510). - signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig (bsc#1144333). - sis900: fix TX completion (bsc#1051510). - sky2: Disable MSI on ASUS P6T (bsc#1142496). - smb2: fix missing files in root share directory listing (bsc#1112907, bsc#1144333). - smb2: fix typo in definition of a few error flags (bsc#1144333). - smb2: fix uninitialized variable bug in smb2_ioctl_query_info (bsc#1144333). - smb3 - clean up debug output displaying network interfaces (bsc#1144333). - smb3.1.1: Add GCM crypto to the encrypt and decrypt functions (bsc#1144333). - smb3.11: replace a 4 with server->vals->header_preamble_size (bsc#1144333). - smb311: Fix reconnect (bsc#1051510, bsc#1144333). - smb311: Improve checking of negotiate security contexts (bsc#1051510, bsc#1144333). - smb3: Add SMB3.1.1 GCM to negotiated crypto algorigthms (bsc#1144333). - smb3: Add debug message later in smb2/smb3 reconnect path (bsc#1144333). - smb3: Add defines for new negotiate contexts (bsc#1144333). - smb3: Add dynamic trace points for various compounded smb3 ops (bsc#1144333). - smb3: Add ftrace tracepoints for improved SMB3 debugging (bsc#1144333). - smb3: Add handling for different FSCTL access flags (bsc#1144333). - smb3: Add posix create context for smb3.11 posix mounts (bsc#1144333). - smb3: Add protocol structs for change notify support (bsc#1144333). - smb3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510, bsc#1144333). - smb3: Add tracepoints for read, write and query_dir enter (bsc#1144333). - smb3: Allow SMB3 FSCTL queries to be sent to server from tools (bsc#1144333). - smb3: Allow persistent handle timeout to be configurable on mount (bsc#1144333). - smb3: Allow query of symlinks stored as reparse points (bsc#1144333). - smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510, bsc#1144333). - smb3: Backup intent flag missing from compounded ops (bsc#1144333). - smb3: Clean up query symlink when reparse point (bsc#1144333). - smb3: Cleanup license mess (bsc#1144333). - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bsc#1085536, bsc#1144333). - smb3: Do not send SMB3 SET_INFO if nothing changed (bsc#1051510, bsc#1144333). - smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510, bsc#1144333). - smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510, bsc#1144333). - smb3: Fix deadlock in validate negotiate hits reconnect (bsc#1144333). - smb3: Fix endian warning (bsc#1144333, bsc#1137884). - smb3: Fix enumerating snapshots to Azure (bsc#1144333). - smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510, bsc#1144333). - smb3: Fix mode on mkdir on smb311 mounts (bsc#1144333). - smb3: Fix potential memory leak when processing compound chain (bsc#1144333). - smb3: Fix rmdir compounding regression to strict servers (bsc#1144333). - smb3: Fix root directory when server returns inode number of zero (bsc#1051510, bsc#1144333). - smb3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL (bsc#1144333). - smb3: Log at least once if tree connect fails during reconnect (bsc#1144333). - smb3: Number of requests sent should be displayed for SMB3 not just CIFS (bsc#1144333). - smb3: Send netname context during negotiate protocol (bsc#1144333). - smb3: Track total time spent on roundtrips for each SMB3 command (bsc#1144333). - smb3: Update POSIX negotiate context with POSIX ctxt GUID (bsc#1144333). - smb3: Validate negotiate request must always be signed (bsc#1064597, bsc#1144333). - smb3: Warn user if trying to sign connection that authenticated as guest (bsc#1085536, bsc#1144333). - smb3: add additional ftrace entry points for entry/exit to cifs.ko (bsc#1144333). - smb3: add credits we receive from oplock/break PDUs (bsc#1144333). - smb3: add debug for unexpected mid cancellation (bsc#1144333). - smb3: add define for id for posix create context and corresponding struct (bsc#1144333). - smb3: add dynamic trace point for query_info_enter/done (bsc#1144333). - smb3: add dynamic trace point for smb3_cmd_enter (bsc#1144333). - smb3: add dynamic tracepoint for timeout waiting for credits (bsc#1144333). - smb3: add dynamic tracepoints for simple fallocate and zero range (bsc#1144333). - smb3: add missing read completion trace point (bsc#1144333). - smb3: add module alias for smb3 to cifs.ko (bsc#1144333). - smb3: add new mount option to retrieve mode from special ACE (bsc#1144333). - smb3: add reconnect tracepoints (bsc#1144333). - smb3: add smb3.1.1 to default dialect list (bsc#1144333). - smb3: add support for posix negotiate context (bsc#1144333). - smb3: add support for statfs for smb3.1.1 posix extensions (bsc#1144333). - smb3: add trace point for tree connection (bsc#1144333). - smb3: add tracepoint for sending lease break responses to server (bsc#1144333). - smb3: add tracepoint for session expired or deleted (bsc#1144333). - smb3: add tracepoint for slow responses (bsc#1144333). - smb3: add tracepoint to catch cases where credit refund of failed op overlaps reconnect (bsc#1144333). - smb3: add tracepoints for query dir (bsc#1144333). - smb3: add tracepoints for smb2/smb3 open (bsc#1144333). - smb3: add way to control slow response threshold for logging and stats (bsc#1144333). - smb3: allow more detailed protocol info on open files for debugging (bsc#1144333). - smb3: allow posix mount option to enable new SMB311 protocol extensions (bsc#1144333). - smb3: allow previous versions to be mounted with snapshot= mount parm (bsc#1144333). - smb3: allow stats which track session and share reconnects to be reset (bsc#1051510, bsc#1144333). - smb3: check for and properly advertise directory lease support (bsc#1051510, bsc#1144333). - smb3: create smb3 equivalent alias for cifs pseudo-xattrs (bsc#1144333). - smb3: directory sync should not return an error (bsc#1051510, bsc#1144333). - smb3: display bytes_read and bytes_written in smb3 stats (bsc#1144333). - smb3: display security information in /proc/fs/cifs/DebugData more accurately (bsc#1144333). - smb3: display session id in debug data (bsc#1144333). - smb3: display stats counters for number of slow commands (bsc#1144333). - smb3: display volume serial number for shares in /proc/fs/cifs/DebugData (bsc#1144333). - smb3: do not allow insecure cifs mounts when using smb3 (bsc#1144333). - smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510, bsc#1144333). - smb3: do not display confusing message on mount to Azure servers (bsc#1144333). - smb3: do not display empty interface list (bsc#1144333). - smb3: do not request leases in symlink creation and query (bsc#1051510, bsc#1144333). - smb3: do not send compression info by default (bsc#1144333). - smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510, bsc#1144333). - smb3: fill in statfs fsid and correct namelen (bsc#1112905, bsc#1144333). - smb3: fix bytes_read statistics (bsc#1144333). - smb3: fix corrupt path in subdirs on smb311 with posix (bsc#1144333). - smb3: fix large reads on encrypted connections (bsc#1144333). - smb3: fix lease break problem introduced by compounding (bsc#1144333). - smb3: fix minor debug output for CONFIG_CIFS_STATS (bsc#1144333). - smb3: fix redundant opens on root (bsc#1144333). - smb3: fix reset of bytes read and written stats (bsc#1112906, bsc#1144333). - smb3: fix various xid leaks (bsc#1051510, bsc#1144333). - smb3: for kerberos mounts display the credential uid used (bsc#1144333). - smb3: handle new statx fields (bsc#1085536, bsc#1144333). - smb3: if max_credits is specified then display it in /proc/mounts (bsc#1144333). - smb3: if server does not support posix do not allow posix mount option (bsc#1144333). - smb3: improve dynamic tracing of open and posix mkdir (bsc#1144333). - smb3: increase initial number of credits requested to allow write (bsc#1144333). - smb3: make default i/o size for smb3 mounts larger (bsc#1144333). - smb3: minor cleanup of compound_send_recv (bsc#1144333). - smb3: minor debugging clarifications in rfc1001 len processing (bsc#1144333). - smb3: minor missing defines relating to reparse points (bsc#1144333). - smb3: missing defines and structs for reparse point handling (bsc#1144333). - smb3: note that smb3.11 posix extensions mount option is experimental (bsc#1144333). - smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510, bsc#1144333). - smb3: on reconnect set PreviousSessionId field (bsc#1112899, bsc#1144333). - smb3: optimize open to not send query file internal info (bsc#1144333). - smb3: passthru query info does not check for SMB3 FSCTL passthru (bsc#1144333). - smb3: print tree id in debugdata in proc to be able to help logging (bsc#1144333). - smb3: query inode number on open via create context (bsc#1144333). - smb3: remove noisy warning message on mount (bsc#1129664, bsc#1144333). - smb3: remove per-session operations from per-tree connection stats (bsc#1144333). - smb3: rename encryption_required to smb3_encryption_required (bsc#1144333). - smb3: request more credits on normal (non-large read/write) ops (bsc#1144333). - smb3: request more credits on tree connect (bsc#1144333). - smb3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write (bsc#1144333). - smb3: send CAP_DFS capability during session setup (bsc#1144333). - smb3: send backup intent on compounded query info (bsc#1144333). - smb3: show number of current open files in /proc/fs/cifs/Stats (bsc#1144333). - smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510, bsc#1144333). - smb3: smbdirect no longer experimental (bsc#1144333). - smb3: snapshot mounts are read-only and make sure info is displayable about the mount (bsc#1144333). - smb3: track the instance of each session for debugging (bsc#1144333). - smb3: trivial cleanup to smb2ops.c (bsc#1144333). - smb3: update comment to clarify enumerating snapshots (bsc#1144333). - smb3: update default requested iosize to 4MB from 1MB for recent dialects (bsc#1144333). - smb: Validate negotiate (to protect against downgrade) even if signing off (bsc#1085536, bsc#1144333). - smb: fix leak of validate negotiate info response buffer (bsc#1064597, bsc#1144333). - smb: fix validate negotiate info uninitialised memory use (bsc#1064597, bsc#1144333). - smbd: Make upper layer decide when to destroy the transport (bsc#1144333). - smpboot: Place the __percpu annotation correctly (git fixes). - soc: rockchip: power-domain: Add a sanity check on pd->num_clks (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: Use of_clk_get_parent_count() instead of open coding (bsc#1144718,bsc#1144813). - soc: rockchip: power-domain: use clk_bulk APIs (bsc#1144718,bsc#1144813). - sound: fix a memory leak bug (bsc#1051510). - spi: bcm2835aux: fix corruptions for longer spi transfers (bsc#1051510). - spi: bcm2835aux: remove dangerous uncontrolled read of fifo (bsc#1051510). - spi: bcm2835aux: unifying code between polling and interrupt driven code (bsc#1051510). - st21nfca_connectivity_event_received: null check the allocation (bsc#1051510). - st_nci_hci_connectivity_event_received: null check the allocation (bsc#1051510). - staging: comedi: dt3000: Fix rounding up of timer divisor (bsc#1051510). - staging: comedi: dt3000: Fix signed integer overflow 'divider * base' (bsc#1051510). - supported.conf: Add missing modules (bsc#1066369). - supported.conf: Add missing modules (bsc#1066369). - supported.conf: Add raspberrypi-cpufreq (jsc#SLE-7294). - supported.conf: Remove duplicate drivers/ata/libahci_platform - supported.conf: Sort alphabetically, align comments. - supported.conf: Sort alphabetically, align comments. - tcp: Reset bytes_acked and bytes_received when disconnecting (networking-stable-19_07_25). - test_firmware: fix a memory leak bug (bsc#1051510). - tipc: change to use register_pernet_device (networking-stable-19_07_02). - tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete (bsc#1082555). - tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations (bsc#1082555). - tpm: Fix off-by-one when reading binary_bios_measurements (bsc#1082555). - tpm: Unify the send callback behaviour (bsc#1082555). - tpm: vtpm_proxy: Suppress error logging when in closed state (bsc#1082555). - tracing: Fix header include guards in trace event headers (bsc#1144474). - treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 231 (bsc#1144333). - tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop (bsc#1051510). - tty/serial: digicolor: Fix digicolor-usart already registered warning (bsc#1051510). - tty: max310x: Fix invalid baudrate divisors calculator (bsc#1051510). - tty: serial: msm_serial: avoid system lockup condition (bsc#1051510). - tua6100: Avoid build warnings (bsc#1051510). - tun: wake up waitqueues after IFF_UP is set (networking-stable-19_07_02). - udf: Fix incorrect final NOT_ALLOCATED (hole) extent length (bsc#1148617). - update internal version number for cifs.ko (bsc#1144333). - usb-storage: Add new JMS567 revision to unusual_devs (bsc#1051510). - usb: CDC: fix sanity checks in CDC union parser (bsc#1142635). - usb: Handle USB3 remote wakeup for LPM enabled devices correctly (bsc#1051510). - usb: cdc-acm: make sure a refcount is taken early enough (bsc#1142635). - usb: cdc-wdm: fix race between write and disconnect due to flag abuse (bsc#1051510). - usb: chipidea: udc: do not do hardware access if gadget has stopped (bsc#1051510). - usb: core: Fix races in character device registration and deregistraion (bsc#1051510). - usb: core: hub: Disable hub-initiated U1/U2 (bsc#1051510). - usb: gadget: composite: Clear 'suspended' on reset/disconnect (bsc#1051510). - usb: gadget: udc: renesas_usb3: Fix sysfs interface of 'role' (bsc#1142635). - usb: host: fotg2: restart hcd after port reset (bsc#1051510). - usb: host: ohci: fix a race condition between shutdown and irq (bsc#1051510). - usb: host: xhci-rcar: Fix timeout in xhci_suspend() (bsc#1051510). - usb: host: xhci: rcar: Fix typo in compatible string matching (bsc#1051510). - usb: iowarrior: fix deadlock on disconnect (bsc#1051510). - usb: serial: option: Add Motorola modem UARTs (bsc#1051510). - usb: serial: option: Add support for ZTE MF871A (bsc#1051510). - usb: serial: option: add D-Link DWM-222 device ID (bsc#1051510). - usb: serial: option: add the BroadMobi BM818 card (bsc#1051510). - usb: storage: ums-realtek: Update module parameter description for auto_delink_en (bsc#1051510). - usb: storage: ums-realtek: Whitelist auto-delink support (bsc#1051510). - usb: usbfs: fix double-free of usb memory upon submiturb error (bsc#1051510). - usb: wusbcore: fix unbalanced get/put cluster_id (bsc#1051510). - usb: yurex: Fix use-after-free in yurex_delete (bsc#1051510). - vfs: fix page locking deadlocks when deduping files (bsc#1148619). - vmci: Release resource if the work is already queued (bsc#1051510). - vrf: make sure skb->data contains ip header to make routing (networking-stable-19_07_25). - watchdog: bcm2835_wdt: Fix module autoload (bsc#1051510). - watchdog: core: fix null pointer dereference when releasing cdev (bsc#1051510). - watchdog: f71808e_wdt: fix F81866 bit operation (bsc#1051510). - watchdog: fix compile time error of pretimeout governors (bsc#1051510). - wimax/i2400m: fix a memory leak bug (bsc#1051510). - x86/boot: Fix memory leak in default_get_smp_config() (bsc#1114279). - x86/entry/64/compat: Fix stack switching for XEN PV (bsc#1108382). - x86/microcode: Fix the microcode load on CPU hotplug for real (bsc#1114279). - x86/mm: Check for pfn instead of page in vmalloc_sync_one() (bsc#1118689). - x86/mm: Sync also unmappings in vmalloc_sync_all() (bsc#1118689). - x86/speculation/mds: Apply more accurate check on hypervisor platform (bsc#1114279). - x86/speculation: Allow guests to use SSBD even if host does not (bsc#1114279). - x86/unwind: Add hardcoded ORC entry for NULL (bsc#1114279). - x86/unwind: Handle NULL pointer calls better in frame unwinder (bsc#1114279). - xen/swiotlb: fix condition for calling xen_destroy_contiguous_region() (bsc#1065600). - xfrm: Fix NULL pointer dereference in xfrm_input when skb_dst_force clears the dst_entry (bsc#1143300). - xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry (bsc#1143300). - xfrm: Fix bucket count reported to userspace (bsc#1143300). - xfrm: Fix error return code in xfrm_output_one() (bsc#1143300). - xfs: do not crash on null attr fork xfs_bmapi_read (bsc#1148035). - xfs: do not trip over uninitialized buffer on extent read of corrupted inode (bsc#1149053). - xfs: dump transaction usage details on log reservation overrun (bsc#1145235). - xfs: eliminate duplicate icreate tx reservation functions (bsc#1145235). - xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT (bsc#1148032). - xfs: fix semicolon.cocci warnings (bsc#1145235). - xfs: fix up agi unlinked list reservations (bsc#1145235). - xfs: include an allocfree res for inobt modifications (bsc#1145235). - xfs: include inobt buffers in ifree tx log reservation (bsc#1145235). - xfs: print transaction log reservation on overrun (bsc#1145235). - xfs: refactor inode chunk alloc/free tx reservation (bsc#1145235). - xfs: refactor xlog_cil_insert_items() to facilitate transaction dump (bsc#1145235). - xfs: remove more ondisk directory corruption asserts (bsc#1148034). - xfs: separate shutdown from ticket reservation print helper (bsc#1145235). - xfs: truncate transaction does not modify the inobt (bsc#1145235). Important SUSE bug 1047238 SUSE bug 1050911 SUSE bug 1051510 SUSE bug 1054914 SUSE bug 1055117 SUSE bug 1056686 SUSE bug 1060662 SUSE bug 1061840 SUSE bug 1061843 SUSE bug 1064597 SUSE bug 1064701 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1066369 SUSE bug 1071009 SUSE bug 1071306 SUSE bug 1078248 SUSE bug 1082555 SUSE bug 1085030 SUSE bug 1085536 SUSE bug 1085539 SUSE bug 1086103 SUSE bug 1087092 SUSE bug 1090734 SUSE bug 1091171 SUSE bug 1093205 SUSE bug 1102097 SUSE bug 1104902 SUSE bug 1106061 SUSE bug 1106284 SUSE bug 1106434 SUSE bug 1108382 SUSE bug 1112178 SUSE bug 1112894 SUSE bug 1112899 SUSE bug 1112902 SUSE bug 1112903 SUSE bug 1112905 SUSE bug 1112906 SUSE bug 1112907 SUSE bug 1113722 SUSE bug 1114279 SUSE bug 1114542 SUSE bug 1118689 SUSE bug 1119086 SUSE bug 1120876 SUSE bug 1120902 SUSE bug 1120937 SUSE bug 1123105 SUSE bug 1123959 SUSE bug 1124370 SUSE bug 1129424 SUSE bug 1129519 SUSE bug 1129664 SUSE bug 1131107 SUSE bug 1131281 SUSE bug 1131565 SUSE bug 1133021 SUSE bug 1134291 SUSE bug 1134881 SUSE bug 1134882 SUSE bug 1135219 SUSE bug 1135642 SUSE bug 1135897 SUSE bug 1136261 SUSE bug 1137069 SUSE bug 1137884 SUSE bug 1138539 SUSE bug 1139020 SUSE bug 1139021 SUSE bug 1139101 SUSE bug 1139500 SUSE bug 1140012 SUSE bug 1140426 SUSE bug 1140487 SUSE bug 1141013 SUSE bug 1141450 SUSE bug 1141543 SUSE bug 1141554 SUSE bug 1142019 SUSE bug 1142076 SUSE bug 1142109 SUSE bug 1142117 SUSE bug 1142118 SUSE bug 1142119 SUSE bug 1142496 SUSE bug 1142541 SUSE bug 1142635 SUSE bug 1142685 SUSE bug 1142701 SUSE bug 1142857 SUSE bug 1143300 SUSE bug 1143466 SUSE bug 1143765 SUSE bug 1143841 SUSE bug 1143843 SUSE bug 1144123 SUSE bug 1144333 SUSE bug 1144474 SUSE bug 1144518 SUSE bug 1144718 SUSE bug 1144813 SUSE bug 1144880 SUSE bug 1144886 SUSE bug 1144912 SUSE bug 1144920 SUSE bug 1144979 SUSE bug 1145010 SUSE bug 1145024 SUSE bug 1145051 SUSE bug 1145059 SUSE bug 1145189 SUSE bug 1145235 SUSE bug 1145300 SUSE bug 1145302 SUSE bug 1145388 SUSE bug 1145389 SUSE bug 1145390 SUSE bug 1145391 SUSE bug 1145392 SUSE bug 1145393 SUSE bug 1145394 SUSE bug 1145395 SUSE bug 1145396 SUSE bug 1145397 SUSE bug 1145408 SUSE bug 1145409 SUSE bug 1145661 SUSE bug 1145678 SUSE bug 1145687 SUSE bug 1145920 SUSE bug 1145922 SUSE bug 1145934 SUSE bug 1145937 SUSE bug 1145940 SUSE bug 1145941 SUSE bug 1145942 SUSE bug 1146074 SUSE bug 1146084 SUSE bug 1146163 SUSE bug 1146285 SUSE bug 1146346 SUSE bug 1146351 SUSE bug 1146352 SUSE bug 1146361 SUSE bug 1146368 SUSE bug 1146376 SUSE bug 1146378 SUSE bug 1146381 SUSE bug 1146391 SUSE bug 1146399 SUSE bug 1146413 SUSE bug 1146425 SUSE bug 1146516 SUSE bug 1146519 SUSE bug 1146524 SUSE bug 1146526 SUSE bug 1146529 SUSE bug 1146531 SUSE bug 1146543 SUSE bug 1146547 SUSE bug 1146550 SUSE bug 1146575 SUSE bug 1146589 SUSE bug 1146678 SUSE bug 1146938 SUSE bug 1148031 SUSE bug 1148032 SUSE bug 1148033 SUSE bug 1148034 SUSE bug 1148035 SUSE bug 1148093 SUSE bug 1148133 SUSE bug 1148192 SUSE bug 1148196 SUSE bug 1148198 SUSE bug 1148202 SUSE bug 1148303 SUSE bug 1148363 SUSE bug 1148379 SUSE bug 1148394 SUSE bug 1148527 SUSE bug 1148574 SUSE bug 1148616 SUSE bug 1148617 SUSE bug 1148619 SUSE bug 1148698 SUSE bug 1148859 SUSE bug 1148868 SUSE bug 1149053 SUSE bug 1149083 SUSE bug 1149104 SUSE bug 1149105 SUSE bug 1149106 SUSE bug 1149197 SUSE bug 1149214 SUSE bug 1149224 SUSE bug 1149325 SUSE bug 1149376 SUSE bug 1149413 SUSE bug 1149418 SUSE bug 1149424 SUSE bug 1149522 SUSE bug 1149527 SUSE bug 1149539 SUSE bug 1149552 SUSE bug 1149591 SUSE bug 1149602 SUSE bug 1149612 SUSE bug 1149626 SUSE bug 1149652 SUSE bug 1149713 SUSE bug 1149940 SUSE bug 1149959 SUSE bug 1149963 SUSE bug 1149976 SUSE bug 1150025 SUSE bug 1150033 SUSE bug 1150112 SUSE bug 1150562 SUSE bug 1150727 SUSE bug 1150860 SUSE bug 1150861 SUSE bug 1150933 CVE-2017-18551 CVE-2018-20976 CVE-2018-21008 CVE-2019-10207 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14835 CVE-2019-15030 CVE-2019-15031 CVE-2019-15090 CVE-2019-15098 CVE-2019-15099 CVE-2019-15117 CVE-2019-15118 CVE-2019-15211 CVE-2019-15212 CVE-2019-15214 CVE-2019-15215 CVE-2019-15216 CVE-2019-15217 CVE-2019-15218 CVE-2019-15219 CVE-2019-15220 CVE-2019-15221 CVE-2019-15222 CVE-2019-15239 CVE-2019-15290 CVE-2019-15292 CVE-2019-15538 CVE-2019-15666 CVE-2019-15902 CVE-2019-15917 CVE-2019-15919 CVE-2019-15920 CVE-2019-15921 CVE-2019-15924 CVE-2019-15926 CVE-2019-15927 CVE-2019-9456 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for libpcap fixes the following issues: - CVE-2019-15165: Added sanity checks for PHB header length before allocating memory (bsc#1153332). - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332). Important SUSE bug 1153332 CVE-2018-16301 CVE-2019-15165 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for mariadb-100 fixes the following issues: Updated to MariaDB 10.0.40-1. Security issues fixed: - CVE-2019-2805, CVE-2019-2740, CVE-2019-2739, CVE-2019-2737, CVE-2019-2614, CVE-2019-2627. (bsc#1132826) (bsc#1141798). Moderate SUSE bug 1132826 SUSE bug 1141798 CVE-2019-2614 CVE-2019-2627 CVE-2019-2737 CVE-2019-2739 CVE-2019-2740 CVE-2019-2805 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for openconnect fixes the following issues: - CVE-2019-16239: Fixed a buffer overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. (bsc#1151178) Moderate SUSE bug 1151178 CVE-2019-16239 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for python fixes the following issues: Security issue fixed: - CVE-2019-16056: Fixed a parser issue in the email module (bsc#1149955). - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238). Moderate SUSE bug 1149955 SUSE bug 1153238 CVE-2019-16056 CVE-2019-16935 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-15139: Fixed a denial-of-service vulnerability in ReadXWDImage. (bsc#1146213) - CVE-2019-15140: Fixed a use-after-free bug in the Matlab image parser. (bsc#1146212) - CVE-2019-15141: Fixed a divide-by-zero vulnerability in the MeanShiftImage function. (bsc#1146211) - CVE-2019-14980: Fixed an application crash resulting from a heap-based buffer over-read in WriteTIFFImage. (bsc#1146068) - CVE-2019-16708: Fixed a memory leak in magick/xwindow.c (bsc#1151781). - CVE-2019-16709: Fixed a memory leak in coders/dps.c (bsc#1151782). - CVE-2019-16710: Fixed a memory leak in coders/dot.c (bsc#1151783). - CVE-2019-16711: Fixed a memory leak in Huffman2DEncodeImage in coders/ps2.c (bsc#1151784). - CVE-2019-16712: Fixed a memory leak in Huffman2DEncodeImage in coders/ps3.c (bsc#1151785). - CVE-2019-16713: Fixed a memory leak in coders/dot.c (bsc#1151786). Moderate SUSE bug 1146068 SUSE bug 1146211 SUSE bug 1146212 SUSE bug 1146213 SUSE bug 1151781 SUSE bug 1151782 SUSE bug 1151783 SUSE bug 1151784 SUSE bug 1151785 SUSE bug 1151786 CVE-2019-14980 CVE-2019-15139 CVE-2019-15140 CVE-2019-15141 CVE-2019-16708 CVE-2019-16709 CVE-2019-16710 CVE-2019-16711 CVE-2019-16712 CVE-2019-16713 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-18595: A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (bnc#1149555). - CVE-2019-14821: An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350). - CVE-2019-15291: There was a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver (bnc#1146540). - CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permitted sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation. This allowed practical brute-force attacks (aka 'KNOB') that could decrypt traffic and injected arbitrary ciphertext without the victim noticing (bnc#1137865 bnc#1146042). - CVE-2019-16232: Fixed a NULL pointer dereference in drivers/net/wireless/marvell/libertas/if_sdio.c, which did not check the alloc_workqueue return value (bnc#1150465). - CVE-2019-16234: Fixed a NULL pointer dereference in drivers/net/wireless/intel/iwlwifi/pcie/trans.c, which did not check the alloc_workqueue return value (bnc#1150452). - CVE-2019-17056: Added enforcement of CAP_NET_RAW in llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module, the lack of which allowed unprivileged users to create a raw socket, aka CID-3a359798b176 (bnc#1152788). - CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158). - CVE-2019-17666: Added an upper-bound check in rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c, the lack of which could have led to a buffer overflow (bnc#1154372). The following non-security bugs were fixed: - 9p: avoid attaching writeback_fid on mmap with type PRIVATE (bsc#1051510). - ACPI / CPPC: do not require the _PSD method (bsc#1051510). - ACPI: CPPC: Set pcc_data[pcc_ss_id] to NULL in acpi_cppc_processor_exit() (bsc#1051510). - ACPI: custom_method: fix memory leaks (bsc#1051510). - ACPI / PCI: fix acpi_pci_irq_enable() memory leak (bsc#1051510). - ACPI / processor: do not print errors for processorIDs == 0xff (bsc#1051510). - ACPI / property: Fix acpi_graph_get_remote_endpoint() name in kerneldoc (bsc#1051510). - act_mirred: Fix mirred_init_module error handling (bsc#1051510). - Add kernel module compression support (bsc#1135854) For enabling the kernel module compress, add the item COMPRESS_MODULES='xz' in config.sh, then mkspec will pass it to the spec file. - alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP (bsc#1151680). - ALSA: aoa: onyx: always initialize register read value (bsc#1051510). - ALSA: firewire-tascam: check intermediate state of clock status and retry (bsc#1051510). - ALSA: firewire-tascam: handle error code when getting current source of clock (bsc#1051510). - ALSA: hda - Add laptop imic fixup for ASUS M9V laptop (bsc#1051510). - ALSA: hda: Add support of Zhaoxin controller (bsc#1051510). - ALSA: hda - Apply AMD controller workaround for Raven platform (bsc#1051510). - ALSA: hda - Define a fallback_pin_fixup_tbl for alc269 family (bsc#1051510). - ALSA: hda - Drop unsol event handler for Intel HDMI codecs (bsc#1051510). - ALSA: hda - Expand pin_match function to match upcoming new tbls (bsc#1051510). - ALSA: hda: Flush interrupts on disabling (bsc#1051510). - ALSA: hda/hdmi: remove redundant assignment to variable pcm_idx (bsc#1051510). - ALSA: hda - Inform too slow responses (bsc#1051510). - ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93 (bsc#1051510). - ALSA: hda/realtek - Check beep whitelist before assigning in all codecs (bsc#1051510). - ALSA: hda/realtek - Fix alienware headset mic (bsc#1051510). - ALSA: hda/realtek: Reduce the Headphone static noise on XPS 9350/9360 (bsc#1051510). - ALSA: hda: Set fifo_size for both playback and capture streams (bsc#1051510). - ALSA: hda - Show the fatal CORB/RIRB error more clearly (bsc#1051510). - ALSA: hda/sigmatel - remove unused variable 'stac9200_core_init' (bsc#1051510). - ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls() (bsc#1051510). - ALSA: line6: sizeof (byte) is always 1, use that fact (bsc#1051510). - ALSA: usb-audio: Add Pioneer DDJ-SX3 PCM quirck (bsc#1051510). - ALSA: usb-audio: Disable quirks for BOSS Katana amplifiers (bsc#1051510). - ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid (bsc#1051510). - appletalk: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - ASoC: Define a set of DAPM pre/post-up events (bsc#1051510). - ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set (bsc#1051510). - ASoC: es8328: Fix copy-paste error in es8328_right_line_controls (bsc#1051510). - ASoC: Intel: Baytrail: Fix implicit fallthrough warning (bsc#1051510). - ASoC: Intel: Fix use of potentially uninitialized variable (bsc#1051510). - ASoC: Intel: NHLT: Fix debug print format (bsc#1051510). - ASoC: sgtl5000: Fix charge pump source assignment (bsc#1051510). - ASoC: sun4i-i2s: RX and TX counter registers are swapped (bsc#1051510). - ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls (bsc#1051510). - ASoC: wm8988: fix typo in wm8988_right_line_controls (bsc#1051510). - ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init (bsc#1051510). - atm: iphase: Fix Spectre v1 vulnerability (networking-stable-19_08_08). - auxdisplay: panel: need to delete scan_timer when misc_register fails in panel_attach (bsc#1051510). - ax25: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA (bsc#1051510). - blk-flush: do not run queue for requests bypassing flush (bsc#1137959). - blk-flush: use blk_mq_request_bypass_insert() (bsc#1137959). - blk-mq: do not allocate driver tag upfront for flush rq (bsc#1137959). - blk-mq: Fix memory leak in blk_mq_init_allocated_queue error handling (bsc#1151610). - blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue (bsc#1137959). - blk-mq: kABI fixes for blk-mq.h (bsc#1137959). - blk-mq: move blk_mq_put_driver_tag*() into blk-mq.h (bsc#1137959). - blk-mq: punt failed direct issue to dispatch list (bsc#1137959). - blk-mq: put the driver tag of nxt rq before first one is requeued (bsc#1137959). - blk-mq-sched: decide how to handle flush rq via RQF_FLUSH_SEQ (bsc#1137959). - blk-wbt: abstract out end IO completion handler (bsc#1135873). - blk-wbt: fix has-sleeper queueing check (bsc#1135873). - blk-wbt: improve waking of tasks (bsc#1135873). - blk-wbt: move disable check into get_limit() (bsc#1135873). - blk-wbt: use wq_has_sleeper() for wq active check (bsc#1135873). - block: add io timeout to sysfs (bsc#1148410). - block: do not show io_timeout if driver has no timeout handler (bsc#1148410). - block: fix timeout changes for legacy request drivers (bsc#1149446). - block: kABI fixes for BLK_EH_DONE renaming (bsc#1142076). - block: rename BLK_EH_NOT_HANDLED to BLK_EH_DONE (bsc#1142076). - Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices (bsc#1051510). - bnx2x: Disable multi-cos feature (networking-stable-19_08_08). - bnx2x: Fix VF's VLAN reconfiguration in reload (bsc#1086323 ). - bonding: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - bridge/mdb: remove wrong use of NLM_F_MULTI (networking-stable-19_09_15). - btrfs: bail out gracefully rather than BUG_ON (bsc#1153646). - btrfs: check for the full sync flag while holding the inode lock during fsync (bsc#1153713). - btrfs: Ensure btrfs_init_dev_replace_tgtdev sees up to date values (bsc#1154651). - btrfs: Ensure replaced device does not have pending chunk allocation (bsc#1154607). - btrfs: fix use-after-free when using the tree modification log (bsc#1151891). - btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls (bsc#1152975). - btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space (bsc#1152974). - btrfs: relocation: fix use-after-free on dead relocation roots (bsc#1152972). - btrfs: remove wrong use of volume_mutex from btrfs_dev_replace_start (bsc#1154651). - can: mcp251x: mcp251x_hw_reset(): allow more time after a reset (bsc#1051510). - can: xilinx_can: xcan_probe(): skip error message on deferred probe (bsc#1051510). - cdc_ether: fix rndis support for Mediatek based smartphones (networking-stable-19_09_15). - cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize (bsc#1051510). - ceph: fix directories inode i_blkbits initialization (bsc#1153717). - ceph: reconnect connection if session hang in opening state (bsc#1153718). - ceph: update the mtime when truncating up (bsc#1153719). - ceph: use ceph_evict_inode to cleanup inode's resource (bsc#1148133). - cfg80211: add and use strongly typed element iteration macros (bsc#1051510). - cfg80211: Purge frame registrations on iftype change (bsc#1051510). - clk: at91: fix update bit maps on CFG_MOR write (bsc#1051510). - clk: at91: select parent if main oscillator or bypass is enabled (bsc#1051510). - clk: qoriq: Fix -Wunused-const-variable (bsc#1051510). - clk: sirf: Do not reference clk_init_data after registration (bsc#1051510). - clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks (bsc#1051510). - clk: sunxi-ng: v3s: add the missing PLL_DDR1 (bsc#1051510). - clk: zx296718: Do not reference clk_init_data after registration (bsc#1051510). - crypto: caam - fix concurrency issue in givencrypt descriptor (bsc#1051510). - crypto: caam - free resources in case caam_rng registration failed (bsc#1051510). - crypto: cavium/zip - Add missing single_release() (bsc#1051510). - crypto: ccp - Reduce maximum stack usage (bsc#1051510). - crypto: qat - Silence smp_processor_id() warning (bsc#1051510). - crypto: skcipher - Unmap pages after an external error (bsc#1051510). - crypto: talitos - fix missing break in switch statement (bsc#1142635). - cxgb4: fix endianness for vlan value in cxgb4_tc_flower (bsc#1064802 bsc#1066129). - cxgb4: offload VLAN flows regardless of VLAN ethtype (bsc#1064802 bsc#1066129). - cxgb4: reduce kernel stack usage in cudbg_collect_mem_region() (bsc#1073513). - cxgb4: Signedness bug in init_one() (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: smt: Add lock for atomic_dec_and_test (bsc#1064802 bsc#1066129). - dasd_fba: Display '00000000' for zero page when dumping sense (bsc#1123080). - /dev/mem: Bail out upon SIGKILL (git-fixes). - dmaengine: dw: platform: Switch to acpi_dma_controller_register() (bsc#1051510). - dmaengine: iop-adma.c: fix printk format warning (bsc#1051510). - drivers: thermal: int340x_thermal: Fix sysfs race condition (bsc#1051510). - drm/amdgpu: Check for valid number of registers to read (bsc#1051510). - drm/amdgpu/si: fix ASIC tests (git-fixes). - drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2) (bsc#1051510). - drm/ast: Fixed reboot test may cause system hanged (bsc#1051510). - drm/bridge: tc358767: Increase AUX transfer length limit (bsc#1051510). - drm: Flush output polling on shutdown (bsc#1051510). - drm/i915: Fix various tracepoints for gen2 (bsc#1113722) - drm/imx: Drop unused imx-ipuv3-crtc.o build (bsc#1113722) - drm/msm/dsi: Implement reset correctly (bsc#1051510). - drm/panel: simple: fix AUO g185han01 horizontal blanking (bsc#1051510). - drm/radeon: Fix EEH during kexec (bsc#1051510). - drm/tilcdc: Register cpufreq notifier after we have initialized crtc (bsc#1051510). - drm/vmwgfx: Fix double free in vmw_recv_msg() (bsc#1051510). - Drop multiversion(kernel) from the KMP template (bsc#1127155). - e1000e: add workaround for possible stalled packet (bsc#1051510). - EDAC/amd64: Decode syndrome before translating address (bsc#1114279). - eeprom: at24: make spd world-readable again (git-fixes). - ext4: fix warning inside ext4_convert_unwritten_extents_endio (bsc#1152025). - ext4: set error return correctly when ext4_htree_store_dirent fails (bsc#1152024). - firmware: dmi: Fix unlikely out-of-bounds read in save_mem_devices (git-fixes). - Fix AMD IOMMU kABI (bsc#1154610). - Fix kabi for: NFSv4: Fix OPEN / CLOSE race (git-fixes). - Fix KVM kABI after x86 mmu backports (bsc#1117665). - gpio: fix line flag validation in lineevent_create (bsc#1051510). - gpio: fix line flag validation in linehandle_create (bsc#1051510). - gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist (bsc#1051510). - gpiolib: only check line handle flags once (bsc#1051510). - gpio: Move gpiochip_lock/unlock_as_irq to gpio/driver.h (bsc#1051510). - gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property() (bsc#1051510). - HID: apple: Fix stuck function keys when using FN (bsc#1051510). - HID: hidraw: Fix invalid read in hidraw_ioctl (bsc#1051510). - HID: logitech: Fix general protection fault caused by Logitech driver (bsc#1051510). - HID: prodikeys: Fix general protection fault during probe (bsc#1051510). - HID: sony: Fix memory corruption issue on cleanup (bsc#1051510). - hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap' (bsc#1051510). - hwmon: (lm75) Fix write operations for negative temperatures (bsc#1051510). - hwmon: (shtc1) fix shtc1 and shtw1 id mask (bsc#1051510). - hwrng: core - do not wait on add_early_randomness() (git-fixes). - i2c: riic: Clear NACK in tend isr (bsc#1051510). - IB/core, ipoib: Do not overreact to SM LID change event (bsc#1154108) - IB/hfi1: Remove overly conservative VM_EXEC flag check (bsc#1144449). - IB/mlx5: Consolidate use_umr checks into single function (bsc#1093205). - IB/mlx5: Fix MR re-registration flow to use UMR properly (bsc#1093205). - IB/mlx5: Report correctly tag matching rendezvous capability (bsc#1046305). - ieee802154: atusb: fix use-after-free at disconnect (bsc#1051510). - ieee802154: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - ife: error out when nla attributes are empty (networking-stable-19_08_08). - iio: adc: ad799x: fix probe error handling (bsc#1051510). - iio: dac: ad5380: fix incorrect assignment to val (bsc#1051510). - iio: light: opt3001: fix mutex unlock race (bsc#1051510). - ima: always return negative code for error (bsc#1051510). - Input: da9063 - fix capability and drop KEY_SLEEP (bsc#1051510). - Input: elan_i2c - remove Lenovo Legion Y7000 PnpID (bsc#1051510). - iommu/amd: Apply the same IVRS IOAPIC workaround to Acer Aspire A315-41 (bsc#1137799). - iommu/amd: Check PM_LEVEL_SIZE() condition in locked section (bsc#1154608). - iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge systems (bsc#1137799). - iommu/amd: Remove domain->updated (bsc#1154610). - iommu/amd: Wait for completion of IOTLB flush in attach_device (bsc#1154611). - iommu/dma: Fix for dereferencing before null checking (bsc#1151667). - iommu/iova: Avoid false sharing on fq_timer_on (bsc#1151671). - ip6_tunnel: fix possible use-after-free on xmit (networking-stable-19_08_08). - ipmi_si: Only schedule continuously in the thread in maintenance mode (bsc#1051510). - ipv6/addrconf: allow adding multicast addr if IFA_F_MCAUTOJOIN is set (networking-stable-19_08_28). - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()' (networking-stable-19_09_15). - isdn/capi: check message length in capi_write() (bsc#1051510). - ixgbe: Prevent u8 wrapping of ITR value to something less than 10us (bsc#1101674). - ixgbe: sync the first fragment unconditionally (bsc#1133140). - kABI: media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). fixes kABI - kABI: media: em28xx: stop rewriting device's struct (bsc#1051510). fixes kABI - kABI: net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05). - kABI/severities: Whitelist functions internal to radix mm. To call these functions you have to first detect if you are running in radix mm mode which can't be expected of OOT code. - kABI workaround for snd_hda_pick_pin_fixup() changes (bsc#1051510). - kernel-subpackage-build: create zero size ghost for uncompressed vmlinux (bsc#1154354). It is not strictly necessary to uncompress it so maybe the ghost file can be 0 size in this case. - kernel/sysctl.c: do not override max_threads provided by userspace (bnc#1150875). - KVM: Convert kvm_lock to a mutex (bsc#1117665). - KVM: MMU: drop vcpu param in gpte_access (bsc#1117665). - KVM: PPC: Book3S: Fix incorrect guest-to-user-translation error handling (bsc#1061840). - KVM: PPC: Book3S HV: Check for MMU ready on piggybacked virtual cores (bsc#1061840). - KVM: PPC: Book3S HV: Do not lose pending doorbell request on migration on P9 (bsc#1061840). - KVM: PPC: Book3S HV: Do not push XIVE context when not using XIVE device (bsc#1061840). - KVM: PPC: Book3S HV: Fix lockdep warning when entering the guest (bsc#1061840). - KVM: PPC: Book3S HV: Fix race in re-enabling XIVE escalation interrupts (bsc#1061840). - KVM: PPC: Book3S HV: Handle virtual mode in XIVE VCPU push code (bsc#1061840). - KVM: PPC: Book3S HV: use smp_mb() when setting/clearing host_ipi flag (bsc#1061840). - KVM: PPC: Book3S HV: XIVE: Free escalation interrupts before disabling the VP (bsc#1061840). - KVM: x86: add tracepoints around __direct_map and FNAME(fetch) (bsc#1117665). - KVM: x86: adjust kvm_mmu_page member to save 8 bytes (bsc#1117665). - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (bsc#1117665). - KVM: x86: Do not release the page inside mmu_set_spte() (bsc#1117665). - KVM: x86: make FNAME(fetch) and __direct_map more similar (bsc#1117665). - KVM: x86, powerpc: do not allow clearing largepages debugfs entry (bsc#1117665). - KVM: x86: remove now unneeded hugepage gfn adjustment (bsc#1117665). - leds: leds-lp5562 allow firmware files up to the maximum length (bsc#1051510). - leds: trigger: gpio: GPIO 0 is valid (bsc#1051510). - libertas: Add missing sentinel at end of if_usb.c fw_table (bsc#1051510). - libertas_tf: Use correct channel range in lbtf_geo_init (bsc#1051510). - libiscsi: do not try to bypass SCSI EH (bsc#1142076). - lib/mpi: Fix karactx leak in mpi_powm (bsc#1051510). - livepatch: Nullify obj->mod in klp_module_coming()'s error path (bsc#1071995). - mac80211: accept deauth frames in IBSS mode (bsc#1051510). - mac80211: minstrel_ht: fix per-group max throughput rate initialization (bsc#1051510). - macsec: drop skb sk before calling gro_cells_receive (bsc#1051510). - md: do not report active array_state until after revalidate_disk() completes (git-fixes). - md: only call set_in_sync() when it is expected to succeed (git-fixes). - md/raid6: Set R5_ReadError when there is read failure on parity disk (git-fixes). - media: atmel: atmel-isc: fix asd memory allocation (bsc#1135642). - media: atmel: atmel-isi: fix timeout value for stop streaming (bsc#1051510). - media: cpia2_usb: fix memory leaks (bsc#1051510). - media: dib0700: fix link error for dibx000_i2c_set_speed (bsc#1051510). - media: dvb-core: fix a memory leak bug (bsc#1051510). - media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). - media: em28xx: stop rewriting device's struct (bsc#1051510). - media: exynos4-is: fix leaked of_node references (bsc#1051510). - media: fdp1: Reduce FCP not found message level to debug (bsc#1051510). - media: gspca: zero usb_buf on error (bsc#1051510). - media: hdpvr: Add device num check and handling (bsc#1051510). - media: hdpvr: add terminating 0 at end of string (bsc#1051510). - media: i2c: ov5645: Fix power sequence (bsc#1051510). - media: iguanair: add sanity checks (bsc#1051510). - media: marvell-ccic: do not generate EOF on parallel bus (bsc#1051510). - media: mc-device.c: do not memset __user pointer contents (bsc#1051510). - media: omap3isp: Do not set streaming state on random subdevs (bsc#1051510). - media: omap3isp: Set device on omap3isp subdevs (bsc#1051510). - media: ov6650: Fix sensor possibly not detected on probe (bsc#1051510). - media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper (bsc#1051510). - media: ov9650: add a sanity check (bsc#1051510). - media: radio/si470x: kill urb on error (bsc#1051510). - media: replace strcpy() by strscpy() (bsc#1051510). - media: Revert '[media] marvell-ccic: reset ccic phy when stop streaming for stability' (bsc#1051510). - media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate() (bsc#1051510). - media: saa7146: add cleanup in hexium_attach() (bsc#1051510). - media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table (bsc#1051510). - media: stkwebcam: fix runtime PM after driver unbind (bsc#1051510). - media: technisat-usb2: break out of loop at end of buffer (bsc#1051510). - media: tm6000: double free if usb disconnect while streaming (bsc#1051510). - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() (bsc#1051510). - media: vb2: Fix videobuf2 to map correct area (bsc#1051510). - memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()' (bsc#1051510). - mfd: intel-lpss: Remove D3cold delay (bsc#1051510). - mic: avoid statically declaring a 'struct device' (bsc#1051510). - mISDN: enforce CAP_NET_RAW for raw sockets (bsc#1051510). - mld: fix memory leak in mld_del_delrec() (networking-stable-19_09_05). - mmc: sdhci: Fix incorrect switch to HS mode (bsc#1051510). - mmc: sdhci: improve ADMA error reporting (bsc#1051510). - mmc: sdhci-msm: fix mutex while in spinlock (bsc#1142635). - mmc: sdhci-of-arasan: Do now show error message in case of deffered probe (bsc#1119086). - mmc: sdhci-of-esdhc: set DMA snooping based on DMA coherence (bsc#1051510). - mtd: spi-nor: Fix Cadence QSPI RCU Schedule Stall (bsc#1051510). - mvpp2: refactor MTU change code (networking-stable-19_08_08). - net: bridge: delete local fdb on device init failure (networking-stable-19_08_08). - net: bridge: mcast: do not delete permanent entries when fast leave is enabled (networking-stable-19_08_08). - net: fix ifindex collision during namespace removal (networking-stable-19_08_08). - net: Fix null de-reference of device refcount (networking-stable-19_09_15). - net: fix skb use after free in netpoll (networking-stable-19_09_05). - net: gso: Fix skb_segment splat when splitting gso_size mangled skb having linear-headed frag_list (networking-stable-19_09_15). - net/ibmvnic: Fix EOI when running in XIVE mode (bsc#1089644, ltc#166495, ltc#165544, git-fixes). - net/ibmvnic: prevent more than one thread from running in reset (bsc#1152457 ltc#174432). - net/ibmvnic: unlock rtnl_lock in reset so linkwatch_event can run (bsc#1152457 ltc#174432). - net/mlx4_en: fix a memory leak bug (bsc#1046299). - net/mlx5: Add device ID of upcoming BlueField-2 (bsc#1046303 ). - net/mlx5e: Only support tx/rx pause setting for port owner (networking-stable-19_08_21). - net/mlx5e: Prevent encap flow counter update async to user query (networking-stable-19_08_08). - net/mlx5e: Use flow keys dissector to parse packets for ARFS (networking-stable-19_08_21). - net/mlx5: Fix error handling in mlx5_load() (bsc#1046305 ). - net/mlx5: Use reversed order when unregister devices (networking-stable-19_08_08). - net/packet: fix race in tpacket_snd() (networking-stable-19_08_21). - net: sched: act_sample: fix psample group handling on overwrite (networking-stable-19_09_05). - net: sched: Fix a possible null-pointer dereference in dequeue_func() (networking-stable-19_08_08). - net/smc: make sure EPOLLOUT is raised (networking-stable-19_08_28). - net: stmmac: dwmac-rk: Do not fail if phy regulator is absent (networking-stable-19_09_05). - nfc: fix attrs checks in netlink interface (bsc#1051510). - nfc: fix memory leak in llcp_sock_bind() (bsc#1051510). - nfc: pn533: fix use-after-free and memleaks (bsc#1051510). - NFS4: Fix v4.0 client state corruption when mount (git-fixes). - nfsd: degraded slot-count more gracefully as allocation nears exhaustion (bsc#1150381). - nfsd: Do not release the callback slot unless it was actually held (git-fixes). - nfsd: Fix overflow causing non-working mounts on 1 TB machines (bsc#1150381). - nfsd: fix performance-limiting session calculation (bsc#1150381). - nfsd: give out fewer session slots as limit approaches (bsc#1150381). - nfsd: handle drc over-allocation gracefully (bsc#1150381). - nfsd: increase DRC cache limit (bsc#1150381). - NFS: Do not interrupt file writeout due to fatal errors (git-fixes). - NFS: Do not open code clearing of delegation state (git-fixes). - NFS: Ensure O_DIRECT reports an error if the bytes read/written is 0 (git-fixes). - NFS: Fix regression whereby fscache errors are appearing on 'nofsc' mounts (git-fixes). - NFS: Forbid setting AF_INET6 to 'struct sockaddr_in'->sin_family (git-fixes). - NFS: Refactor nfs_lookup_revalidate() (git-fixes). - NFS: Remove redundant semicolon (git-fixes). - NFSv4.1: Again fix a race where CB_NOTIFY_LOCK fails to wake a waiter (git-fixes). - NFSv4.1: Fix open stateid recovery (git-fixes). - NFSv4.1: Only reap expired delegations (git-fixes). - NFSv4: Check the return value of update_open_stateid() (git-fixes). - NFSv4: Fix an Oops in nfs4_do_setattr (git-fixes). - NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim() (git-fixes). - NFSv4: Fix delegation state recovery (git-fixes). - NFSv4: Fix lookup revalidate of regular files (git-fixes). - NFSv4: Fix OPEN / CLOSE race (git-fixes). - NFSv4: Handle the special Linux file open access mode (git-fixes). - NFSv4: Only pass the delegation to setattr if we're sending a truncate (git-fixes). - NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend() (git-fixes). - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510). - null_blk: complete requests from ->timeout (bsc#1149446). - null_blk: wire up timeouts (bsc#1149446). - nvme: fix multipath crash when ANA is deactivated (bsc#1149446). - nvmem: Use the same permissions for eeprom as for nvmem (git-fixes). - nvme-rdma: Allow DELETING state change failure in (bsc#1104967,). - nvme-rdma: centralize admin/io queue teardown sequence (bsc#1142076). - nvme-rdma: centralize controller setup sequence (bsc#1142076). - nvme-rdma: fix a NULL deref when an admin connect times out (bsc#1149446). - nvme-rdma: fix timeout handler (bsc#1149446). - nvme-rdma: stop admin queue before freeing it (bsc#1140155). - nvme-rdma: support up to 4 segments of inline data (bsc#1142076). - nvme-rdma: unquiesce queues when deleting the controller (bsc#1142076). - nvme: remove ns sibling before clearing path (bsc#1140155). - nvme: return BLK_EH_DONE from ->timeout (bsc#1142076). - objtool: Clobber user CFLAGS variable (bsc#1153236). - PCI: Correct pci=resource_alignment parameter example (bsc#1051510). - PCI: dra7xx: Fix legacy INTD IRQ handling (bsc#1087092). - PCI: hv: Detect and fix Hyper-V PCI domain number collision (bsc#1150423). - PCI: hv: Use bytes 4 and 5 from instance ID as the PCI domain numbers (bsc#1153263). - PCI: PM: Fix pci_power_up() (bsc#1051510). - phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current (bsc#1051510). - pinctrl: tegra: Fix write barrier placement in pmx_writel (bsc#1051510). - platform/x86: classmate-laptop: remove unused variable (bsc#1051510). - platform/x86: pmc_atom: Add Siemens SIMATIC IPC227E to critclk_systems DMI table (bsc#1051510). - platform/x86: pmc_atom: Add Siemens SIMATIC IPC277E to critclk_systems DMI table (bsc#1051510). - PM: sleep: Fix possible overflow in pm_system_cancel_wakeup() (bsc#1051510). - PNFS fallback to MDS if no deviceid found (git-fixes). - pNFS/flexfiles: Fix PTR_ERR() dereferences in ff_layout_track_ds_error (git-fixes). - pNFS/flexfiles: Turn off soft RPC calls (git-fixes). - powerpc/64: Make sys_switch_endian() traceable (bsc#1065729). - powerpc/64s/pseries: radix flush translations before MMU is enabled at boot (bsc#1055186). - powerpc/64s/radix: Fix MADV_[FREE|DONTNEED] TLB flush miss problem with THP (bsc#1152161 ltc#181664). - powerpc/64s/radix: Fix memory hotplug section page table creation (bsc#1065729). - powerpc/64s/radix: Fix memory hot-unplug page table split (bsc#1065729). - powerpc/64s/radix: Implement _tlbie(l)_va_range flush functions (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve preempt handling in TLB code (bsc#1152161 ltc#181664). - powerpc/64s/radix: Improve TLB flushing for page table freeing (bsc#1152161 ltc#181664). - powerpc/64s/radix: Introduce local single page ceiling for TLB range flush (bsc#1055117 bsc#1152161 ltc#181664). - powerpc/64s/radix: keep kernel ERAT over local process/guest invalidates (bsc#1055186). - powerpc/64s/radix: Optimize flush_tlb_range (bsc#1152161 ltc#181664). - powerpc/64s/radix: tidy up TLB flushing code (bsc#1055186). - powerpc/64s: Rename PPC_INVALIDATE_ERAT to PPC_ISA_3_0_INVALIDATE_ERAT (bsc#1055186). - powerpc/book3s64/mm: Do not do tlbie fixup for some hardware revisions (bsc#1152161 ltc#181664). - powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG feature flag (bsc#1152161 ltc#181664). - powerpc: bpf: Fix generation of load/store DW instructions (bsc#1065729). - powerpc/bpf: use unsigned division instruction for 64-bit operations (bsc#1065729). - powerpc: Drop page_is_ram() and walk_system_ram_range() (bsc#1065729). - powerpc/irq: Do not WARN continuously in arch_local_irq_restore() (bsc#1065729). - powerpc/irq: drop arch_early_irq_init() (bsc#1065729). - powerpc/mm/book3s64: Move book3s64 code to pgtable-book3s64 (bsc#1055186). - powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue on POWER9 (bsc#1152161 ltc#181664). - powerpc/mm: mark more tlb functions as __always_inline (bsc#1055186). - powerpc/mm: Properly invalidate when setting process table base (bsc#1055186). - powerpc/mm/radix: Drop unneeded NULL check (bsc#1152161 ltc#181664). - powerpc/mm/radix: implement LPID based TLB flushes to be used by KVM (bsc#1152161 ltc#181664). - powerpc/mm/radix: mark as __tlbie_pid() and friends as__always_inline (bsc#1055186). - powerpc/mm/radix: mark __radix__flush_tlb_range_psize() as __always_inline (bsc#1055186). - powerpc/mm: Simplify page_is_ram by using memblock_is_memory (bsc#1065729). - powerpc/mm: Use memblock API for PPC32 page_is_ram (bsc#1065729). - powerpc/module64: Fix comment in R_PPC64_ENTRY handling (bsc#1065729). - powerpc/powernv: Fix compile without CONFIG_TRACEPOINTS (bsc#1065729). - powerpc/powernv/ioda2: Allocate TCE table levels on demand for default DMA window (bsc#1061840). - powerpc/powernv/ioda: Fix race in TCE level allocation (bsc#1061840). - powerpc/powernv: move OPAL call wrapper tracing and interrupt handling to C (bsc#1065729). - powerpc/powernv/npu: Remove obsolete comment about TCE_KILL_INVAL_ALL (bsc#1065729). - powerpc/pseries: Call H_BLOCK_REMOVE when supported (bsc#1109158). - powerpc/pseries: Export maximum memory value (bsc#1122363). - powerpc/pseries: Export raw per-CPU VPA data via debugfs (). - powerpc/pseries: Fix cpu_hotplug_lock acquisition in resize_hpt() (bsc#1065729). - powerpc/pseries/memory-hotplug: Fix return value type of find_aa_index (bsc#1065729). - powerpc/pseries/mobility: use cond_resched when updating device tree (bsc#1153112 ltc#181778). - powerpc/pseries: Read TLB Block Invalidate Characteristics (bsc#1109158). - powerpc/pseries: Remove confusing warning message (bsc#1109158). - powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning (bsc#1148868). - powerpc/rtas: allow rescheduling while changing cpu states (bsc#1153112 ltc#181778). - powerpc/xive: Fix bogus error code returned by OPAL (bsc#1065729). - powerpc/xive: Implement get_irqchip_state method for XIVE to fix shutdown race (bsc#1065729). - powerpc/xmon: Fix opcode being uninitialized in print_insn_powerpc (bsc#1065729). - power: reset: gpio-restart: Fix typo when gpio reset is not found (bsc#1051510). - power: supply: Init device wakeup after device_add() (bsc#1051510). - power: supply: sysfs: ratelimit property read error message (bsc#1051510). - ppp: Fix memory leak in ppp_write (git-fixes). - printk: Do not lose last line in kmsg buffer dump (bsc#1152460). - printk: fix printk_time race (bsc#1152466). - printk/panic: Avoid deadlock in printk() after stopping CPUs by NMI (bsc#1148712). - qed: iWARP - Fix default window size to be based on chip (bsc#1050536 bsc#1050545). - qed: iWARP - Fix tc for MPA ll2 connection (bsc#1050536 bsc#1050545). - qed: iWARP - fix uninitialized callback (bsc#1050536 bsc#1050545). - qed: iWARP - Use READ_ONCE and smp_store_release to access ep->state (bsc#1050536 bsc#1050545). - qla2xxx: kABI fixes for v10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - qla2xxx: remove SGI SN2 support (bsc#1123034 bsc#1131304 bsc#1127988). - quota: fix wrong condition in is_quota_modification() (bsc#1152026). - r8152: Set memory to all 0xFFs on failed reg reads (bsc#1051510). - RDMA/bnxt_re: Fix spelling mistake 'missin_resp' -> 'missing_resp' (bsc#1050244). - RDMA: Fix goto target to release the allocated memory (bsc#1050244). - regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg (bsc#1051510). - Revert 'mwifiex: fix system hang problem after resume' (bsc#1051510). - Revert 'Revert 'rpm/kernel-binary.spec.in: rename kGraft to KLP ()'' This reverts commit 468af43c8fd8509820798b6d8ed363fc417ca939 Should get this rename again with next SLE15 merge. - rtlwifi: rtl8192cu: Fix value set in descriptor (bsc#1142635). - s390/crypto: fix gcm-aes-s390 selftest failures (bsc#1137861 LTC#178091). - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero (networking-stable-19_09_15). - scsi: lpfc: Fix null ptr oops updating lpfc_devloss_tmo via sysfs attribute (bsc#1140845). - scsi: lpfc: Fix propagation of devloss_tmo setting to nvme transport (bsc#1140883). - scsi: lpfc: Remove bg debugfs buffers (bsc#1144375). - scsi: qedf: fc_rport_priv reference counting fixes (bsc#1098291). - scsi: qedf: Modify abort and tmf handler to handle edge condition and flush (bsc#1098291). - scsi: qla2xxx: Add 28xx flash primary/secondary status/image mechanism (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add Device ID for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add First Burst support for FC-NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add fw_attr and port_no SysFS node (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add new FW dump template entry types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add pci function reset support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add protection mask module parameters (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add Serdes support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for multiple fwdump templates/segments (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Add support for setting port speed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Allow NVMe IO to resume with short cable pull (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: allow session delete to finish before create (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid PCI IRQ affinity mapping when multiqueue is not supported (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: avoid printf format warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that Coverity complains about dereferencing a NULL rport pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if called twice (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change abort wait_loop from msleep to wait_event_timeout (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change data_dsd into an array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change default ZIO threshold (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla24xx_read_flash_data() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Change the return type of qla2x00_update_ms_fdmi_iocb() into void (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for FW started flag before aborting (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: check for kstrtol() failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check secondary image if reading the primary image fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the PCI info string output buffer size (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Check the size of firmware data structures at compile time (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup fcport memory to prevent leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds during unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: cleanup trace buffer initialization (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a command is released that is owned by the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a mailbox command times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if a soft reset fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if parsing the version string fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if sp->done() is not called from the completion path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain if waiting for pending commands times out (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Complain loudly about reference count underflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correct error handling during initialization failures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correction and improvement to fwdt processing (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Correctly report max/min supported speeds (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: deadlock by configfs_depend_item (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare fourth qla2x00_set_model_info() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare local symbols static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare qla_tgt_cmd.cdb const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Declare the fourth ql_dump_buffer() argument const (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Do not corrupt vha->plogi_ack_list (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Downgrade driver to 10.01.00.19-k There are upstream bug reports against 10.01.00.19-k which haven't been resolved. Also the newer version failed to get a proper review. For time being it's better to got with the older version and do not introduce new bugs. - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Enable type checking for the SRB free and done callback functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix abort timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a NULL pointer dereference (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a qla24xx_enable_msix() error path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a recently introduced kernel warning (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix a small typo in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix code indentation for qla27xx_fwdt_entry (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment alignment in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix comment in MODULE_PARM_DESC in qla2xxx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix different size DMA Alloc/Unmap (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA error when the DIF sg buffer crosses 4GB boundary (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix DMA unmap leak (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver reload for ISP82xx (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are connected (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix fcport null pointer access (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix flash read for Qlogic ISPs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix formatting of pointer types (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw dump corruption (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix fw options handle eh_bus_reset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hang in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardirq-unsafe locking (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix hardlockup in abort command during driver remove (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix kernel crash after disconnecting NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix message indicating vectors used by driver (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link reset (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix N2N link up fail (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Nport ID display value (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix NVMe port discovery after a short device port loss (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix possible fcport null-pointer dereferences (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix premature timer expiration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix read offset in qla24xx_load_risc_flash() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix routine qla27xx_dump_{mpi|ram}() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session cleanup hang (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix session lookup in qlt_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake 'alredy' -> 'already' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: fix spelling mistake 'initializatin' -> 'initialization' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix SRB allocation flag to avoid sleeping in IRQ context (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stale session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix stuck login session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix unload when NVMe devices are configured (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Fix use-after-free issues in qla2xxx_qpair_sp_free_dma() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: flush IO on chip reset or sess delete (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Further limit FLASH region write access from SysFS (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve Linux kernel coding style conformance (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Improve logging for scan thread (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Include the <asm/unaligned.h> header file from qla_dsd.h (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the max_sgl_segments to 1024 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Increase the size of the mailbox arrays from 4 to 8 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Insert spaces where required (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce qla2xxx_get_next_handle() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the be_id_t and le_id_t data types for FC src/dst IDs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the dsd32 and dsd64 data structures (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Leave a blank line after declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Let the compiler check the type of the SCSI command context pointer (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Log the status code if a firmware command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make it explicit that ELS pass-through IOCBs use little endian (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_mem_free() easier to verify (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qla2x00_process_response_queue() easier to read (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make qlt_handle_abts_completion() more robust (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Make sure that aborted commands are freed (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Modify NVMe include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move debug messages before sending srb preventing panic (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: move IO flush to the front of NVME rport unregistration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move marker request behind QPair (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_clear_loop_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_is_reserved_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids() definition (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the <linux/io-64-nonatomic-lo-hi.h> include directive (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Move the port_state_str definition from a .h to a .c file (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: no need to check return value of debugfs_create functions (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: on session delete, return nvme cmd (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Pass little-endian values to the firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent memory leak for CT req/rsp allocation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent multiple ADISC commands per session (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Prevent SysFS access when chip is down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Really fix qla2xxx_eh_abort() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of casts in GID list code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the number of forward declarations (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reduce the scope of three local variables in qla2xxx_queuecommand() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reject EH_{abort|device_reset|target_request} (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a comment that refers to the SCSI host lock (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove an include directive from qla_mr.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous forward declaration (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove a superfluous pointer check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove dead code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove double assignment in qla2x00_update_fcport (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove FW default template (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove qla_tgt_cmd.released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: remove redundant null check on pointer sess (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove set but not used variable 'ptr_dma' (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove superfluous sts_entry_* casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove the fcport test from qla_nvme_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous casts (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous if-tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove two superfluous tests (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary locking from the target code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unnecessary null check (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove unreachable code from qla83xx_idc_lock() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove useless set memory to zero use memset() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Remove WARN_ON_ONCE in qla2x00_status_cont_entry() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Replace vmalloc + memset with vzalloc (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report invalid mailbox status codes (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Report the firmware status code if a mailbox command fails (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Restore FAWWPN of Physical Port only for loop down (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Retry fabric Scan on IOCB queue full (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Rework key encoding in qlt_find_host_by_d_id() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Secure flash update support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remote port devloss timeout to 0 (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set remove flag for all VP (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is released (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the responder mode if appropriate for ELS pass-through IOCBs (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Set the SCSI command result before calling the command done (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence fwdump template message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Silence Successful ELS IOCB message (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplification of register address used in qla_tmpl.c (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify a debug statement (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify conditional check again (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_abort_sp_done() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qla24xx_async_abort_cmd() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_lport_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Simplify qlt_send_term_imm_notif() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Skip FW dump on LOOP initialization error (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress a Coveritiy complaint about integer overflow (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Suppress multiple Coverity complaint about out-of-bounds accesses (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: target: Fix offline port handling and host reset handling (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Uninline qla2x00_init_timer() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Unregister resources in the opposite order of the registration order (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.13-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.00.00.14-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.15-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.16-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.19-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Update flash read/write routine (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use an on-stack completion in qla24xx_control_vp() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use ARRAY_SIZE() in the definition of QLA_LAST_SPEED (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use common update-firmware-options routine for ISP27xx+ (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use complete switch scan for RSCN events (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use Correct index for Q-Pair array (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use get/put_unaligned where appropriate (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use __le64 instead of uint32_t for sending DMA addresses to firmware (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use memcpy() and strlcpy() instead of strcpy() and strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use mutex protection during qla2x00_sysfs_read_fw_dump() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use strlcpy() instead of strncpy() (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs instead of spaces for indentation (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Use tabs to indent code (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: qla2xxx: Verify locking assumptions at runtime (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: scsi_dh_rdac: zero cdb in send_mode_select() (bsc#1149313). - scsi: scsi_transport_fc: nvme: display FC-NVMe port roles (bsc#1123034 bsc#1131304 bsc#1127988). - scsi: storvsc: setup 1:1 mapping between hardware queue and CPU queue (bsc#1140729). - scsi: tcm_qla2xxx: Minimize #include directives (bsc#1123034 bsc#1131304 bsc#1127988). - scsi_transport_fc: complete requests from ->timeout (bsc#1142076). - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()' (networking-stable-19_09_15). - sctp: fix the transport error_count check (networking-stable-19_08_21). - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike (networking-stable-19_09_15). - secure boot lockdown: Fix-up backport of /dev/mem access restriction The upstream-submitted patch set has evolved over time, align our patches (contents and description) to reflect the current status as far as /dev/mem access is concerned. - Sign non-x86 kernels when possible (boo#1134303) - sky2: Disable MSI on yet another ASUS boards (P6Xxxx) (bsc#1051510). - slip: make slhc_free() silently accept an error pointer (bsc#1051510). - slip: sl_alloc(): remove unused parameter 'dev_t line' (bsc#1051510). - sock_diag: fix autoloading of the raw_diag module (bsc#1152791). - sock_diag: request _diag module only when the family or proto has been registered (bsc#1152791). - staging: vt6655: Fix memory leak in vt6655_probe (bsc#1051510). - SUNRPC fix regression in umount of a secure mount (git-fixes). - SUNRPC: Handle connection breakages correctly in call_status() (git-fixes). - SUNRPC/nfs: Fix return value for nfs4_callback_compound() (git-fixes). - tcp: Do not dequeue SYN/FIN-segments from write-queue (git-gixes). - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR (networking-stable-19_09_15). - tcp: inherit timestamp on mtu probe (networking-stable-19_09_05). - tcp: make sure EPOLLOUT wont be missed (networking-stable-19_08_28). - tcp: remove empty skb from write queue in error cases (networking-stable-19_09_05). - team: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21). - thermal: Fix use-after-free when unregistering thermal zone device (bsc#1051510). - thermal_hwmon: Sanitize thermal_zone type (bsc#1051510). - tipc: add NULL pointer check before calling kfree_rcu (networking-stable-19_09_15). - tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts (bsc#1082555). - tracing: Initialize iter->seq after zeroing in tracing_read_pipe() (bsc#1151508). - tun: fix use-after-free when register netdev failed (networking-stable-19_09_15). - tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (bsc#1145099). - tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (bsc#1145099). - usb: adutux: fix NULL-derefs on disconnect (bsc#1142635). - usb: adutux: fix use-after-free on disconnect (bsc#1142635). - usb: adutux: fix use-after-free on release (bsc#1051510). - usb: chaoskey: fix use-after-free on release (bsc#1051510). - usb: dummy-hcd: fix power budget for SuperSpeed mode (bsc#1051510). - usb: iowarrior: fix use-after-free after driver unbind (bsc#1051510). - usb: iowarrior: fix use-after-free on disconnect (bsc#1051510). - usb: iowarrior: fix use-after-free on release (bsc#1051510). - usb: legousbtower: fix deadlock on disconnect (bsc#1142635). - usb: legousbtower: fix open after failed reset request (bsc#1142635). - usb: legousbtower: fix potential NULL-deref on disconnect (bsc#1142635). - usb: legousbtower: fix slab info leak at probe (bsc#1142635). - usb: legousbtower: fix use-after-free on release (bsc#1051510). - usb: microtek: fix info-leak at probe (bsc#1142635). - usbnet: ignore endpoints with invalid wMaxPacketSize (bsc#1051510). - usbnet: sanity checking of packet sizes and device mtu (bsc#1051510). - usb: serial: fix runtime PM after driver unbind (bsc#1051510). - usb: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20 (bsc#1051510). - usb: serial: keyspan: fix NULL-derefs on open() and write() (bsc#1051510). - usb: serial: option: add support for Cinterion CLS8 devices (bsc#1051510). - usb: serial: option: add Telit FN980 compositions (bsc#1051510). - usb: usbcore: Fix slab-out-of-bounds bug during device reset (bsc#1051510). - usb: usblcd: fix I/O after disconnect (bsc#1142635). - usb: usblp: fix runtime PM after driver unbind (bsc#1051510). - usb: usb-skeleton: fix NULL-deref on disconnect (bsc#1051510). - usb: usb-skeleton: fix runtime PM after driver unbind (bsc#1051510). - usb: usb-skeleton: fix use-after-free after driver unbind (bsc#1051510). - usb: xhci: wait for CNR controller not ready bit in xhci resume (bsc#1051510). - usb: yurex: Do not retry on unexpected errors (bsc#1051510). - usb: yurex: fix NULL-derefs on disconnect (bsc#1051510). - vfio_pci: Restore original state on release (bsc#1051510). - vhost_net: conditionally enable tx polling (bsc#1145099). - vhost_net: conditionally enable tx polling (bsc#1145099). - video: of: display_timing: Add of_node_put() in of_get_display_timing() (bsc#1051510). - video: ssd1307fb: Start page range at page_offset (bsc#1113722) - watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout (bsc#1051510). - x86/asm: Fix MWAITX C-state hint value (bsc#1114279). - x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h (bsc#1114279). - x86/fpu: Add FPU state copying quirk to handle XRSTOR failure on Intel Skylake CPUs (bsc#1151955). - x86/mm: Use WRITE_ONCE() when setting PTEs (bsc#1114279). - x86/tls: Fix possible spectre-v1 in do_get_thread_area() (bsc#1114279). - xen/netback: fix error path of xenvif_connect_data() (bsc#1065600). - xen/netback: Reset nr_frags before freeing skb (networking-stable-19_08_21). - xen-netfront: do not assume sk_buff_head list is empty in error handling (bsc#1065600). - xen-netfront: do not use ~0U as error return value for xennet_fill_frags() (bsc#1065600). - xen/pv: Fix Xen PV guest int3 handling (bsc#1153811). - xen/xenbus: fix self-deadlock after killing user process (bsc#1065600). - xhci: Check all endpoints for LPM timeout (bsc#1051510). - xhci: Fix false warning message about wrong bounce buffer write length (bsc#1051510). - xhci: Increase STS_SAVE timeout in xhci_suspend() (bsc#1051510). - xhci: Prevent device initiated U1/U2 link pm if exit latency is too long (bsc#1051510). Important SUSE bug 1046299 SUSE bug 1046303 SUSE bug 1046305 SUSE bug 1050244 SUSE bug 1050536 SUSE bug 1050545 SUSE bug 1051510 SUSE bug 1054914 SUSE bug 1055117 SUSE bug 1055186 SUSE bug 1061840 SUSE bug 1064802 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1066129 SUSE bug 1071995 SUSE bug 1073513 SUSE bug 1082555 SUSE bug 1086323 SUSE bug 1087092 SUSE bug 1089644 SUSE bug 1093205 SUSE bug 1097583 SUSE bug 1097584 SUSE bug 1097585 SUSE bug 1097586 SUSE bug 1097587 SUSE bug 1097588 SUSE bug 1098291 SUSE bug 1101674 SUSE bug 1104967 SUSE bug 1109158 SUSE bug 1113722 SUSE bug 1114279 SUSE bug 1117665 SUSE bug 1119086 SUSE bug 1122363 SUSE bug 1123034 SUSE bug 1123080 SUSE bug 1127155 SUSE bug 1127988 SUSE bug 1131304 SUSE bug 1133140 SUSE bug 1134303 SUSE bug 1135642 SUSE bug 1135854 SUSE bug 1135873 SUSE bug 1137799 SUSE bug 1137861 SUSE bug 1137865 SUSE bug 1137959 SUSE bug 1140155 SUSE bug 1140729 SUSE bug 1140845 SUSE bug 1140883 SUSE bug 1141600 SUSE bug 1142076 SUSE bug 1142635 SUSE bug 1142667 SUSE bug 1144375 SUSE bug 1144449 SUSE bug 1145099 SUSE bug 1146042 SUSE bug 1146519 SUSE bug 1146540 SUSE bug 1146664 SUSE bug 1148133 SUSE bug 1148410 SUSE bug 1148712 SUSE bug 1148868 SUSE bug 1149313 SUSE bug 1149446 SUSE bug 1149555 SUSE bug 1149651 SUSE bug 1150381 SUSE bug 1150423 SUSE bug 1150452 SUSE bug 1150465 SUSE bug 1150875 SUSE bug 1151350 SUSE bug 1151508 SUSE bug 1151610 SUSE bug 1151667 SUSE bug 1151671 SUSE bug 1151680 SUSE bug 1151891 SUSE bug 1151955 SUSE bug 1152024 SUSE bug 1152025 SUSE bug 1152026 SUSE bug 1152161 SUSE bug 1152325 SUSE bug 1152457 SUSE bug 1152460 SUSE bug 1152466 SUSE bug 1152788 SUSE bug 1152791 SUSE bug 1152972 SUSE bug 1152974 SUSE bug 1152975 SUSE bug 1153112 SUSE bug 1153158 SUSE bug 1153236 SUSE bug 1153263 SUSE bug 1153646 SUSE bug 1153713 SUSE bug 1153717 SUSE bug 1153718 SUSE bug 1153719 SUSE bug 1153811 SUSE bug 1154108 SUSE bug 1154189 SUSE bug 1154354 SUSE bug 1154372 SUSE bug 1154578 SUSE bug 1154607 SUSE bug 1154608 SUSE bug 1154610 SUSE bug 1154611 SUSE bug 1154651 SUSE bug 1154747 CVE-2017-18595 CVE-2019-14821 CVE-2019-15291 CVE-2019-16232 CVE-2019-16234 CVE-2019-17056 CVE-2019-17133 CVE-2019-17666 CVE-2019-9506 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for bluez fixes the following issue: - CVE-2016-9798: Fixed a use-after-free in conf_opt (bsc#1013712). Moderate SUSE bug 1013712 CVE-2016-9798 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. The Linux Kernel KVM hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack. The Linux kernel was supplemented with the option to disable TSX operation altogether (requiring CPU Microcode updates on older systems) and better flushing of microarchitectural buffers (VERW). The set of options available is described in our TID at https://www.suse.com/support/kb/doc/?id=7024251 Other security fixes: - CVE-2019-0154: Fixed a local denial of service via read of unprotected i915 registers. (bsc#1135966) - CVE-2019-0155: Fixed privilege escalation in the i915 driver. Batch buffers from usermode could have escalated privileges via blitter command stream. (bsc#1135967) - CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150457). - CVE-2019-10220: Added sanity checks on the pathnames passed to the user space. (bsc#1144903). The following non-security bugs were fixed: - alsa: bebob: Fix prototype of helper function to return negative value (bsc#1051510). - alsa: hda/realtek - Add support for ALC623 (bsc#1051510). - alsa: hda/realtek - Add support for ALC711 (bsc#1051510). - alsa: hda/realtek - Fix 2 front mics of codec 0x623 (bsc#1051510). - alsa: hda: Add Elkhart Lake PCI ID (bsc#1051510). - alsa: hda: Add Tigerlake/Jasperlake PCI ID (bsc#1051510). - alsa: timer: Fix mutex deadlock at releasing card (bsc#1051510). - arcnet: provide a buffer big enough to actually receive packets (networking-stable-19_09_30). - asoc: rockchip: i2s: Fix RPM imbalance (bsc#1051510). - asoc: rsnd: Reinitialize bit clock inversion flag for every format setting (bsc#1051510). - bpf: fix use after free in prog symbol exposure (bsc#1083647). - btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group() (bsc#1155178). - btrfs: qgroup: Always free PREALLOC META reserve in btrfs_delalloc_release_extents() (bsc#1155179). - btrfs: tracepoints: Fix bad entry members of qgroup events (bsc#1155186). - btrfs: tracepoints: Fix wrong parameter order for qgroup events (bsc#1155184). - crypto: af_alg - Fix race around ctx->rcvused by making it atomic_t (bsc#1154737). - crypto: af_alg - Initialize sg_num_bytes in error code path (bsc#1051510). - crypto: af_alg - consolidation of duplicate code (bsc#1154737). - crypto: af_alg - fix race accessing cipher request (bsc#1154737). - crypto: af_alg - remove locking in async callback (bsc#1154737). - crypto: af_alg - update correct dst SGL entry (bsc#1051510). - crypto: af_alg - wait for data at beginning of recvmsg (bsc#1154737). - crypto: algif - return error code when no data was processed (bsc#1154737). - crypto: algif_aead - copy AAD from src to dst (bsc#1154737). - crypto: algif_aead - fix reference counting of null skcipher (bsc#1154737). - crypto: algif_aead - overhaul memory management (bsc#1154737). - crypto: algif_aead - skip SGL entries with NULL page (bsc#1154737). - crypto: algif_skcipher - overhaul memory management (bsc#1154737). - cxgb4:Fix out-of-bounds MSI-X info array access (networking-stable-19_10_05). - drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50 (bsc#1051510). - drm/i915/cmdparser: Add support for backward jumps (bsc#1135967) - drm/i915/cmdparser: Ignore Length operands during command matching (bsc#1135967) - drm/i915/cmdparser: Use explicit goto for error paths (bsc#1135967) - drm/i915/gen8+: Add RC6 CTX corruption WA (bsc#1135967) - drm/i915/gtt: Add read only pages to gen8_pte_encode (bsc#1135967) - drm/i915/gtt: Disable read-only support under GVT (bsc#1135967) - drm/i915/gtt: Read-only pages for insert_entries on bdw (bsc#1135967) - drm/i915: Add gen9 BCS cmdparsing (bsc#1135967) - drm/i915: Add support for mandatory cmdparsing (bsc#1135967) - drm/i915: Allow parsing of unsized batches (bsc#1135967) - drm/i915: Disable Secure Batches for gen6+ - drm/i915: Lower RM timeout to avoid DSI hard hangs (bsc#1135967) - drm/i915: Prevent writing into a read-only object via a GGTT mmap (bsc#1135967) - drm/i915: Remove Master tables from cmdparser - drm/i915: Rename gen7 cmdparser tables (bsc#1135967) - drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (bsc#1135967) - efi/memattr: Do not bail on zero VA if it equals the region's PA (bsc#1051510). - efi: cper: print AER info of PCIe fatal error (bsc#1051510). - efivar/ssdt: Do not iterate over EFI vars if no SSDT override was specified (bsc#1051510). - hid: fix error message in hid_open_report() (bsc#1051510). - hid: logitech-hidpp: do all FF cleanup in hidpp_ff_destroy() (bsc#1051510). - hso: fix NULL-deref on tty open (bsc#1051510). - hyperv: set nvme msi interrupts to unmanaged (jsc#SLE-8953, jsc#SLE-9221, jsc#SLE-4941, bsc#1119461, bsc#1119465, bsc#1138190, bsc#1154905). - ib/core: Add mitigation for Spectre V1 (bsc#1155671) - ieee802154: ca8210: prevent memory leak (bsc#1051510). - input: synaptics-rmi4 - avoid processing unknown IRQs (bsc#1051510). - integrity: prevent deadlock during digsig verification (bsc#1090631). - ipv6: Handle missing host route in __ipv6_ifa_notify (networking-stable-19_10_05). - ipv6: drop incoming packets having a v4mapped source address (networking-stable-19_10_05). - kABI workaround for crypto/af_alg changes (bsc#1154737). - kABI workaround for drm_vma_offset_node readonly field addition (bsc#1135967) - ksm: cleanup stable_node chain collapse case (bnc#1144338). - ksm: fix use after free with merge_across_nodes = 0 (bnc#1144338). - ksm: introduce ksm_max_page_sharing per page deduplication limit (bnc#1144338). - ksm: optimize refile of stable_node_dup at the head of the chain (bnc#1144338). - ksm: swap the two output parameters of chain/chain_prune (bnc#1144338). - kvm: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (bsc#1117665). - kvm: x86: mmu: Recovery of shattered NX large pages (bsc#1117665, CVE-2018-12207). - mac80211: Reject malformed SSID elements (bsc#1051510). - mac80211: fix txq null pointer dereference (bsc#1051510). - md/raid0: avoid RAID0 data corruption due to layout confusion (bsc#1140090). - md/raid0: fix warning message for parameter default_layout (bsc#1140090). - net/phy: fix DP83865 10 Mbps HDX loopback disable function (networking-stable-19_09_30). - net/rds: Fix error handling in rds_ib_add_one() (networking-stable-19_10_05). - net/rds: fix warn in rds_message_alloc_sgs (bsc#1154848). - net/rds: remove user triggered WARN_ON in rds_sendmsg (bsc#1154848). - net/sched: act_sample: do not push mac header on ip6gre ingress (networking-stable-19_09_30). - net/smc: fix SMCD link group creation with VLAN id (bsc#1154959). - net: Replace NF_CT_ASSERT() with WARN_ON() (bsc#1146612). - net: Unpublish sk from sk_reuseport_cb before call_rcu (networking-stable-19_10_05). - net: openvswitch: free vport unless register_netdevice() succeeds (git-fixes). - net: qlogic: Fix memory leak in ql_alloc_large_buffers (networking-stable-19_10_05). - net: qrtr: Stop rx_worker before freeing node (networking-stable-19_09_30). - net_sched: add policy validation for action attributes (networking-stable-19_09_30). - net_sched: fix backward compatibility for TCA_ACT_KIND (git-fixes). - netfilter: nf_nat: do not bug when mapping already exists (bsc#1146612). - nfsv4.1 - backchannel request should hold ref on xprt (bsc#1152624). - nl80211: fix null pointer dereference (bsc#1051510). - openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC (networking-stable-19_09_30). - qmi_wwan: add support for Cinterion CLS8 devices (networking-stable-19_10_05). - r8152: Set macpassthru in reset_resume callback (bsc#1051510). - rds: Fix warning (bsc#1154848). - reiserfs: fix extended attributes on the root directory (bsc#1151225). - rpm/kernel-subpackage-spec: Mention debuginfo in the subpackage description (bsc#1149119). - s390/cmf: set_schib_wait add timeout (bsc#1153509, bsc#1153476). - sch_cbq: validate TCA_CBQ_WRROPT to avoid crash (networking-stable-19_10_05). - sch_dsmark: fix potential NULL deref in dsmark_init() (networking-stable-19_10_05). - sch_netem: fix a divide by zero in tabledist() (networking-stable-19_09_30). - sched/fair: Avoid divide by zero when rebalancing domains (bsc#1096254). - scsi: lpfc: Fix devices that do not return after devloss followed by rediscovery (bsc#1137040). - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix N2N link reset (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix N2N link up fail (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix partial flash write of MBI (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Fix wait condition in loop (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Improve logging for scan thread (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Initialized mailbox to prevent driver load failure (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Set remove flag for all VP (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Silence fwdump template message (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: fix a potential NULL pointer dereference (bsc#1150457 CVE-2019-16233). - scsi: qla2xxx: fixup incorrect usage of host_byte (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: remove redundant assignment to pointer host (bsc#1143706 bsc#1082635 bsc#1123034). - scsi: qla2xxx: stop timer in shutdown path (bsc#1143706 bsc#1082635 bsc#1123034). - skge: fix checksum byte order (networking-stable-19_09_30). - staging: wlan-ng: fix exit return when sme->key_idx >= NUM_WEPKEYS (bsc#1051510). - supporte.conf: add efivarfs to kernel-default-base (bsc#1154858). - tipc: fix unlimited bundling of small messages (networking-stable-19_10_05). - usb: ldusb: fix NULL-derefs on driver unbind (bsc#1051510). - usb: ldusb: fix memleak on disconnect (bsc#1051510). - usb: ldusb: fix read info leaks (bsc#1051510). - usb: legousbtower: fix a signedness bug in tower_probe() (bsc#1051510). - usb: legousbtower: fix memleak on disconnect (bsc#1051510). - usb: serial: ti_usb_3410_5052: fix port-close races (bsc#1051510). - usb: udc: lpc32xx: fix bad bit shift operation (bsc#1051510). - usb: usblp: fix use-after-free on disconnect (bsc#1051510). - vfs: Make filldir[64]() verify the directory entry filename is valid (bsc#1144903, CVE-2019-10220). - vsock: Fix a lockdep warning in __vsock_release() (networking-stable-19_10_05). - x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area (bnc#1153969). - x86/boot/64: Round memory hole size up to next PMD page (bnc#1153969). - x86/tsx: Add config options to set tsx=on|off|auto (bsc#1139073, CVE-2019-11135). Important SUSE bug 1051510 SUSE bug 1082635 SUSE bug 1083647 SUSE bug 1090631 SUSE bug 1096254 SUSE bug 1117665 SUSE bug 1119461 SUSE bug 1119465 SUSE bug 1123034 SUSE bug 1135966 SUSE bug 1135967 SUSE bug 1137040 SUSE bug 1138190 SUSE bug 1139073 SUSE bug 1140090 SUSE bug 1143706 SUSE bug 1144338 SUSE bug 1144903 SUSE bug 1146612 SUSE bug 1149119 SUSE bug 1150457 SUSE bug 1151225 SUSE bug 1152624 SUSE bug 1153476 SUSE bug 1153509 SUSE bug 1153969 SUSE bug 1154737 SUSE bug 1154848 SUSE bug 1154858 SUSE bug 1154905 SUSE bug 1154959 SUSE bug 1155178 SUSE bug 1155179 SUSE bug 1155184 SUSE bug 1155186 SUSE bug 1155671 CVE-2018-12207 CVE-2019-0154 CVE-2019-0155 CVE-2019-10220 CVE-2019-11135 CVE-2019-16233 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for freerdp fixes the following issues: - CVE-2019-17177: Fixed multiple memory leaks in libfreerdp/codec/region.c (bsc#1153163). - CVE-2019-17178: Fixed a memory leak in HuffmanTree_makeFromFrequencies (bsc#1153164). Moderate SUSE bug 1153163 SUSE bug 1153164 CVE-2019-17177 CVE-2019-17178 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for libtomcrypt fixes the following issues: - CVE-2019-17362: Fixed an improper detection of invalid UTF-8 sequences that could have led to DoS or information disclosure via crafted DER-encoded data (bsc#1153433). Moderate SUSE bug 1153433 CVE-2019-17362 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for zziplib fixes the following issues: Security issues fixed: - CVE-2018-16548: Avoid a memory leak from __zzip_parse_root_directory() which could lead to denial of service. (bsc#1107424) - CVE-2018-7727: Fixed a memory leak in unzzip_cat() (bsc#1084515). Non-security issue fixed: - Prevented division by zero by first checking if uncompressed size is 0. This may happen with directories which have a compressed and uncompressed size of 0. (bsc#1129403) Moderate SUSE bug 1084515 SUSE bug 1107424 SUSE bug 1129403 CVE-2018-16548 CVE-2018-7727 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for mariadb-100 fixes the following issues: Security issue fixed: - CVE-2019-2974: Fixed Server Optimizer (bsc#1154162). Moderate SUSE bug 1154162 CVE-2019-2974 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-14895: A heap-based buffer overflow was discovered in the Linux kernel in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could have allowed the remote device to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1157158). - CVE-2019-18660: The Linux kernel on powerpc allowed Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c (bnc#1157038). - CVE-2019-18683: An issue was discovered in drivers/media/platform/vivid in the Linux kernel. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free (bnc#1155897). - CVE-2019-18809: A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1156258). - CVE-2019-19062: A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures (bnc#1157333). - CVE-2019-19057: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197). - CVE-2019-19056: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197). - CVE-2019-19068: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157307). - CVE-2019-19063: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157298). - CVE-2019-19227: In the AppleTalk subsystem in the Linux kernel there was a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client (bnc#1157678). - CVE-2019-19065: A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures (bnc#1157191). - CVE-2019-19077: A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering copy to udata failures (bnc#1157171). - CVE-2019-19052: A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157324). - CVE-2019-19067: Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures (bsc#1157180). - CVE-2019-19060: A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157178). - CVE-2019-19049: A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures (bsc#1157173). - CVE-2019-19075: A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures (bnc#1157162). - CVE-2019-19058: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures (bnc#1157145). - CVE-2019-19074: A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157143). - CVE-2019-19073: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function (bnc#1157070). - CVE-2019-15916: An issue was discovered in the Linux kernel There was a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service (bnc#1149448). - CVE-2019-16231: drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150466). - CVE-2019-18805: An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel There was a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact (bnc#1156187). - CVE-2019-17055: base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel did not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket (bnc#1152782). The following non-security bugs were fixed: - ACPI / LPSS: Exclude I2C busses shared with PUNIT from pmc_atom_d3_mask (bsc#1051510). - ACPI / SBS: Fix rare oops when removing modules (bsc#1051510). - ACPICA: Never run _REG on system_memory and system_IO (bsc#1051510). - ACPICA: Use %d for signed int print formatting instead of %u (bsc#1051510). - ALSA: 6fire: Drop the dead code (git-fixes). - ALSA: bebob: fix to detect configured source of sampling clock for Focusrite Saffire Pro i/o series (git-fixes). - ALSA: cs4236: fix error return comparison of an unsigned integer (git-fixes). - ALSA: firewire-motu: Correct a typo in the clock proc string (git-fixes). - ALSA: hda - Add mute led support for HP ProBook 645 G4 (git-fixes). - ALSA: hda - Fix pending unsol events at shutdown (git-fixes). - ALSA: hda/ca0132 - Fix possible workqueue stall (bsc#1155836). - ALSA: hda/intel: add CometLake PCI IDs (bsc#1156729). - ALSA: hda/realtek - Move some alc236 pintbls to fallback table (git-fixes). - ALSA: hda/realtek - Move some alc256 pintbls to fallback table (git-fixes). - ALSA: hda: Add Cometlake-S PCI ID (git-fixes). - ALSA: i2c/cs8427: Fix int to char conversion (bsc#1051510). - ALSA: intel8x0m: Register irq handler after register initializations (bsc#1051510). - ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed() (git-fixes). - ALSA: pcm: signedness bug in snd_pcm_plug_alloc() (bsc#1051510). - ALSA: seq: Do error checks at creating system ports (bsc#1051510). - ALSA: timer: Fix incorrectly assigned timer instance (git-fixes). - ALSA: usb-audio: Fix Focusrite Scarlett 6i6 gen1 - input handling (git-fixes). - ALSA: usb-audio: Fix missing error check at mixer resolution test (git-fixes). - ALSA: usb-audio: not submit urb for stopped endpoint (git-fixes). - ASoC: Intel: hdac_hdmi: Limit sampling rates at dai creation (bsc#1051510). - ASoC: davinci-mcasp: Handle return value of devm_kasprintf (stable 4.14.y). - ASoC: davinci: Kill BUG_ON() usage (stable 4.14.y). - ASoC: dpcm: Properly initialise hw->rate_max (bsc#1051510). - ASoC: kirkwood: fix external clock probe defer (git-fixes). - ASoC: msm8916-wcd-analog: Fix RX1 selection in RDAC2 MUX (git-fixes). - ASoC: sgtl5000: avoid division by zero if lo_vag is zero (bsc#1051510). - ASoC: tegra_sgtl5000: fix device_node refcounting (bsc#1051510). - ASoC: tlv320aic31xx: Handle inverted BCLK in non-DSP modes (stable 4.14.y). - ASoC: tlv320dac31xx: mark expected switch fall-through (stable 4.14.y). - Bluetooth: Fix invalid-free in bcsp_close() (git-fixes). - Bluetooth: Fix memory leak in hci_connect_le_scan (bsc#1051510). - Bluetooth: L2CAP: Detect if remote is not able to use the whole MPS (bsc#1051510). - Bluetooth: btusb: fix PM leak in error case of setup (bsc#1051510). - Bluetooth: delete a stray unlock (bsc#1051510). - Bluetooth: hci_core: fix init for HCI_USER_CHANNEL (bsc#1051510). - Btrfs: fix log context list corruption after rename exchange operation (bsc#1156494). - CIFS: Fix SMB2 oplock break processing (bsc#1144333, bsc#1154355). - CIFS: Fix oplock handling for SMB 2.1+ protocols (bsc#1144333, bsc#1154355). - CIFS: Fix retry mid list corruption on reconnects (bsc#1144333, bsc#1154355). - CIFS: Fix use after free of file info structures (bsc#1144333, bsc#1154355). - CIFS: Force reval dentry if LOOKUP_REVAL flag is set (bsc#1144333, bsc#1154355). - CIFS: Force revalidate inode when dentry is stale (bsc#1144333, bsc#1154355). - CIFS: Gracefully handle QueryInfo errors during open (bsc#1144333, bsc#1154355). - CIFS: avoid using MID 0xFFFF (bsc#1144333, bsc#1154355). - CIFS: fix max ea value size (bsc#1144333, bsc#1154355). - Documentation: debugfs: Document debugfs helper for unsigned long values (git-fixes). - Documentation: x86: convert protection-keys.txt to reST (bsc#1078248). - EDAC/ghes: Fix Use after free in ghes_edac remove path (bsc#1114279). - HID: Add ASUS T100CHI keyboard dock battery quirks (bsc#1051510). - HID: Add quirk for Microsoft PIXART OEM mouse (bsc#1051510). - HID: Fix assumption that devices have inputs (git-fixes). - HID: asus: Add T100CHI bluetooth keyboard dock special keys mapping (bsc#1051510). - HID: wacom: generic: Treat serial number and related fields as unsigned (git-fixes). - Input: ff-memless - kill timer in destroy() (bsc#1051510). - Input: silead - try firmware reload after unsuccessful resume (bsc#1051510). - Input: st1232 - set INPUT_PROP_DIRECT property (bsc#1051510). - Input: synaptics-rmi4 - clear IRQ enables for F54 (bsc#1051510). - Input: synaptics-rmi4 - destroy F54 poller workqueue when removing (bsc#1051510). - Input: synaptics-rmi4 - disable the relative position IRQ in the F12 driver (bsc#1051510). - Input: synaptics-rmi4 - do not consume more data than we have (F11, F12) (bsc#1051510). - Input: synaptics-rmi4 - fix video buffer size (git-fixes). - KVM: VMX: Consider PID.PIR to determine if vCPU has pending interrupts (bsc#1158064). - KVM: VMX: Fix conditions for guest IA32_XSS support (bsc#1158065). - KVM: x86/mmu: Take slots_lock when using kvm_mmu_zap_all_fast() (bsc#1158067). - KVM: x86: Introduce vcpu->arch.xsaves_enabled (bsc#1158066). - NFC: nxp-nci: Fix NULL pointer dereference after I2C communication error (git-fixes). - PCI/ACPI: Correct error message for ASPM disabling (bsc#1051510). - PCI/PME: Fix possible use-after-free on remove (git-fixes). - PCI: sysfs: Ignore lockdep for remove attribute (git-fixes). - PM / devfreq: Check NULL governor in available_governors_show (git-fixes). - PM / devfreq: Lock devfreq in trans_stat_show (git-fixes). - PM / devfreq: exynos-bus: Correct clock enable sequence (bsc#1051510). - PM / devfreq: passive: Use non-devm notifiers (bsc#1051510). - PM / devfreq: passive: fix compiler warning (bsc#1051510). - PM / hibernate: Check the success of generating md5 digest before hibernation (bsc#1051510). - README.BRANCH: Add Denis as branch maintainer - Revert synaptics-rmi4 patch due to regression (bsc#1155982) Also blacklisting it - UAS: Revert commit 3ae62a42090f ('UAS: fix alignment of scatter/gather segments'). - USB: chaoskey: fix error case of a timeout (git-fixes). - USB: gadget: Reject endpoints with 0 maxpacket value (bsc#1051510). - USB: ldusb: fix control-message timeout (bsc#1051510). - USB: ldusb: fix ring-buffer locking (bsc#1051510). - USB: serial: mos7720: fix remote wakeup (git-fixes). - USB: serial: mos7840: add USB ID to support Moxa UPort 2210 (bsc#1051510). - USB: serial: mos7840: fix remote wakeup (git-fixes). - USB: serial: option: add support for DW5821e with eSIM support (bsc#1051510). - USB: serial: option: add support for Foxconn T77W968 LTE modules (bsc#1051510). - USB: serial: whiteheat: fix line-speed endianness (bsc#1051510). - USB: serial: whiteheat: fix potential slab corruption (bsc#1051510). - USBIP: add config dependency for SGL_ALLOC (git-fixes). - appledisplay: fix error handling in the scheduled work (git-fixes). - arm64: Update config files. (bsc#1156466) Enable HW_RANDOM_OMAP driver and mark driver omap-rng as supported. - ata: ep93xx: Use proper enums for directions (bsc#1051510). - ath10k: fix kernel panic by moving pci flush after napi_disable (bsc#1051510). - ath10k: fix vdev-start timeout on error (bsc#1051510). - ath10k: limit available channels via DT ieee80211-freq-limit (bsc#1051510). - ath10k: wmi: disable softirq's while calling ieee80211_rx (bsc#1051510). - ath9k: Fix a locking bug in ath9k_add_interface() (bsc#1051510). - ath9k: add back support for using active monitor interfaces for tx99 (bsc#1051510). - ath9k: fix reporting calculated new FFT upper max (bsc#1051510). - ath9k: fix tx99 with monitor mode interface (bsc#1051510). - ath9k_hw: fix uninitialized variable data (bsc#1051510). - ax88172a: fix information leak on short answers (bsc#1051510). - backlight: lm3639: Unconditionally call led_classdev_unregister (bsc#1051510). - brcmfmac: fix full timeout waiting for action frame on-channel tx (bsc#1051510). - brcmfmac: reduce timeout for action frame scan (bsc#1051510). - brcmsmac: AP mode: update beacon when TIM changes (bsc#1051510). - brcmsmac: never log 'tid x is not agg'able' by default (bsc#1051510). - can: c_can: c_can_poll(): only read status register after status IRQ (git-fixes). - can: dev: call netif_carrier_off() in register_candev() (bsc#1051510). - can: mcba_usb: fix use-after-free on disconnect (git-fixes). - can: peak_usb: fix a potential out-of-sync while decoding packets (git-fixes). - can: peak_usb: fix slab info leak (git-fixes). - can: rx-offload: can_rx_offload_offload_one(): do not increase the skb_queue beyond skb_queue_len_max (git-fixes). - can: rx-offload: can_rx_offload_queue_sorted(): fix error handling, avoid skb mem leak (git-fixes). - can: rx-offload: can_rx_offload_queue_tail(): fix error handling, avoid skb mem leak (git-fixes). - can: usb_8dev: fix use-after-free on disconnect (git-fixes). - ceph: add missing check in d_revalidate snapdir handling (bsc#1157183). - ceph: do not try to handle hashed dentries in non-O_CREAT atomic_open (bsc#1157184). - ceph: fix use-after-free in __ceph_remove_cap() (bsc#1154058). - ceph: just skip unrecognized info in ceph_reply_info_extra (bsc#1157182). - cfg80211: Avoid regulatory restore when COUNTRY_IE_IGNORE is set (bsc#1051510). - cfg80211: Prevent regulatory restore during STA disconnect in concurrent interfaces (bsc#1051510). - cfg80211: call disconnect_wk when AP stops (bsc#1051510). - cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (bsc#1144333, bsc#1154355). - cifs: Fix missed free operations (bsc#1144333, bsc#1154355). - cifs: Use kzfree() to zero out the password (bsc#1144333, bsc#1154355). - cifs: add a helper to find an existing readable handle to a file (bsc#1144333, bsc#1154355). - cifs: create a helper to find a writeable handle by path name (bsc#1144333, bsc#1154355). - cifs: move cifsFileInfo_put logic into a work-queue (bsc#1144333, bsc#1154355). - cifs: prepare SMB2_Flush to be usable in compounds (bsc#1144333, bsc#1154355). - cifs: set domainName when a domain-key is used in multiuser (bsc#1144333, bsc#1154355). - cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic (bsc#1144333, bsc#1154355). - cifs: use existing handle for compound_op(OP_SET_INFO) when possible (bsc#1144333, bsc#1154355). - clk: at91: avoid sleeping early (git-fixes). - clk: pxa: fix one of the pxa RTC clocks (bsc#1051510). - clk: samsung: Use clk_hw API for calling clk framework from clk notifiers (bsc#1051510). - clk: samsung: exynos5420: Preserve CPU clocks configuration during suspend/resume (bsc#1051510). - clk: samsung: exynos5420: Preserve PLL configuration during suspend/resume (git-fixes). - clk: sunxi-ng: a80: fix the zero'ing of bits 16 and 18 (git-fixes). - clocksource/drivers/sh_cmt: Fix clocksource width for 32-bit machines (bsc#1051510). - clocksource/drivers/sh_cmt: Fixup for 64-bit machines (bsc#1051510). - component: fix loop condition to call unbind() if bind() fails (bsc#1051510). - cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init() (bsc#1051510). - cpufreq: Skip cpufreq resume if it's not suspended (bsc#1051510). - cpufreq: intel_pstate: Register when ACPI PCCH is present (bsc#1051510). - cpufreq: powernv: fix stack bloat and hard limit on number of CPUs (bsc#1051510). - cpufreq: ti-cpufreq: add missing of_node_put() (bsc#1051510). - cpupower : Fix cpupower working when cpu0 is offline (bsc#1051510). - cpupower : frequency-set -r option misses the last cpu in related cpu list (bsc#1051510). - cpupower: Fix coredump on VMWare (bsc#1051510). - crypto: af_alg - cast ki_complete ternary op to int (bsc#1051510). - crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr (bsc#1051510). - crypto: ecdh - fix big endian bug in ECC library (bsc#1051510). - crypto: fix a memory leak in rsa-kcs1pad's encryption mode (bsc#1051510). - crypto: geode-aes - switch to skcipher for cbc(aes) fallback (bsc#1051510). - crypto: mxs-dcp - Fix AES issues (bsc#1051510). - crypto: mxs-dcp - Fix SHA null hashes and output length (bsc#1051510). - crypto: mxs-dcp - make symbols 'sha1_null_hash' and 'sha256_null_hash' static (bsc#1051510). - crypto: s5p-sss: Fix Fix argument list alignment (bsc#1051510). - crypto: tgr192 - remove unneeded semicolon (bsc#1051510). - cw1200: Fix a signedness bug in cw1200_load_firmware() (bsc#1051510). - cxgb4: fix panic when attaching to ULD fail (networking-stable-19_11_05). - dccp: do not leak jiffies on the wire (networking-stable-19_11_05). - dlm: do not leak kernel pointer to userspace (bsc#1051510). - dlm: fix invalid free (bsc#1051510). - dmaengine: bcm2835: Print error in case setting DMA mask fails (bsc#1051510). - dmaengine: dma-jz4780: Do not depend on MACH_JZ4780 (bsc#1051510). - dmaengine: dma-jz4780: Further residue status fix (bsc#1051510). - dmaengine: ep93xx: Return proper enum in ep93xx_dma_chan_direction (bsc#1051510). - dmaengine: imx-sdma: fix size check for sdma script_number (bsc#1051510). - dmaengine: imx-sdma: fix use-after-free on probe error path (bsc#1051510). - dmaengine: rcar-dmac: set scatter/gather max segment size (bsc#1051510). - dmaengine: timb_dma: Use proper enum in td_prep_slave_sg (bsc#1051510). - docs: move protection-keys.rst to the core-api book (bsc#1078248). - drm/etnaviv: fix dumping of iommuv2 (bsc#1113722) - drm/omap: fix max fclk divider for omap36xx (bsc#1113722) - drm/radeon: fix bad DMA from INTERRUPT_CNTL2 (git-fixes). - drm/radeon: fix si_enable_smc_cac() failed issue (bsc#1113722) - e1000e: Drop unnecessary __E1000_DOWN bit twiddling (bsc#1158049). - e1000e: Use dev_get_drvdata where possible (bsc#1158049). - e1000e: Use rtnl_lock to prevent race conditions between net and pci/pm (bsc#1158049). - extcon: cht-wc: Return from default case to avoid warnings (bsc#1051510). - fbdev: sbuslib: integer overflow in sbusfb_ioctl_helper() (bsc#1051510). - fbdev: sbuslib: use checked version of put_user() (bsc#1051510). - gpio: mpc8xxx: Do not overwrite default irq_set_type callback (bsc#1051510). - gpio: syscon: Fix possible NULL ptr usage (bsc#1051510). - gpiolib: acpi: Add Terra Pad 1061 to the run_edge_events_on_boot_blacklist (bsc#1051510). - gsmi: Fix bug in append_to_eventlog sysfs handler (bsc#1051510). - hwmon: (ina3221) Fix INA3221_CONFIG_MODE macros (bsc#1051510). - hwmon: (pwm-fan) Silence error on probe deferral (bsc#1051510). - hwrng: omap - Fix RNG wait loop timeout (bsc#1051510). - hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if not idled (bsc#1051510). - hypfs: Fix error number left in struct pointer member (bsc#1051510). - ibmvnic: Bound waits for device queries (bsc#1155689 ltc#182047). - ibmvnic: Fix completion structure initialization (bsc#1155689 ltc#182047). - ibmvnic: Serialize device queries (bsc#1155689 ltc#182047). - ibmvnic: Terminate waiting device threads after loss of service (bsc#1155689 ltc#182047). - iio: adc: max9611: explicitly cast gain_selectors (bsc#1051510). - iio: adc: stm32-adc: fix stopping dma (git-fixes). - iio: dac: mcp4922: fix error handling in mcp4922_write_raw (bsc#1051510). - iio: imu: adis16480: assign bias value only if operation succeeded (git-fixes). - iio: imu: adis16480: make sure provided frequency is positive (git-fixes). - iio: imu: adis: assign read val in debugfs hook only if op successful (git-fixes). - iio: imu: adis: assign value only if return code zero in read funcs (git-fixes). - include/linux/bitrev.h: fix constant bitrev (bsc#1114279). - inet: stop leaking jiffies on the wire (networking-stable-19_11_05). - intel_th: Fix a double put_device() in error path (git-fixes). - iommu/vt-d: Fix QI_DEV_IOTLB_PFSID and QI_DEV_EIOTLB_PFSID macros (bsc#1158063). - ipmi:dmi: Ignore IPMI SMBIOS entries with a zero base address (bsc#1051510). - ipv4: Return -ENETUNREACH if we can't create route but saddr is valid (networking-stable-19_10_24). - iwlwifi: api: annotate compressed BA notif array sizes (bsc#1051510). - iwlwifi: check kasprintf() return value (bsc#1051510). - iwlwifi: do not panic in error path on non-msix systems (bsc#1155692). - iwlwifi: exclude GEO SAR support for 3168 (git-fixes). - iwlwifi: mvm: avoid sending too many BARs (bsc#1051510). - iwlwifi: mvm: do not send keys when entering D3 (bsc#1051510). - kABI workaround for ath10k last_wmi_vdev_start_status field (bsc#1051510). - kABI workaround for struct mwifiex_power_cfg change (bsc#1051510). - kABI: Fix for 'KVM: x86: Introduce vcpu->arch.xsaves_enabled' (bsc#1158066). - lib/scatterlist: Fix chaining support in sgl_alloc_order() (git-fixes). - lib/scatterlist: Introduce sgl_alloc() and sgl_free() (git-fixes). - liquidio: fix race condition in instruction completion processing (bsc#1051510). - loop: add ioctl for changing logical block size (bsc#1108043). - mISDN: Fix type of switch control variable in ctrl_teimanager (bsc#1051510). - mac80211: consider QoS Null frames for STA_NULLFUNC_ACKED (bsc#1051510). - mac80211: minstrel: fix CCK rate group streams value (bsc#1051510). - mac80211: minstrel: fix sampling/reporting of CCK rates in HT mode (bsc#1051510). - macvlan: schedule bc_work even if error (bsc#1051510). - mailbox: reset txdone_method TXDONE_BY_POLL if client knows_txdone (git-fixes). - media: au0828: Fix incorrect error messages (bsc#1051510). - media: bdisp: fix memleak on release (git-fixes). - media: cxusb: detect cxusb_ctrl_msg error in query (bsc#1051510). - media: davinci: Fix implicit enum conversion warning (bsc#1051510). - media: exynos4-is: Fix recursive locking in isp_video_release() (git-fixes). - media: fix: media: pci: meye: validate offset to avoid arbitrary access (bsc#1051510). - media: flexcop-usb: ensure -EIO is returned on error condition (git-fixes). - media: imon: invalid dereference in imon_touch_event (bsc#1051510). - media: isif: fix a NULL pointer dereference bug (bsc#1051510). - media: pci: ivtv: Fix a sleep-in-atomic-context bug in ivtv_yuv_init() (bsc#1051510). - media: pxa_camera: Fix check for pdev->dev.of_node (bsc#1051510). - media: radio: wl1273: fix interrupt masking on release (git-fixes). - media: ti-vpe: vpe: Fix Motion Vector vpdma stride (git-fixes). - media: usbvision: Fix races among open, close, and disconnect (bsc#1051510). - media: vim2m: Fix abort issue (git-fixes). - media: vivid: Set vid_cap_streaming and vid_out_streaming to true (bsc#1051510). - mei: fix modalias documentation (git-fixes). - mei: samples: fix a signedness bug in amt_host_if_call() (bsc#1051510). - mfd: intel-lpss: Add default I2C device properties for Gemini Lake (bsc#1051510). - mfd: max8997: Enale irq-wakeup unconditionally (bsc#1051510). - mfd: mc13xxx-core: Fix PMIC shutdown when reading ADC values (bsc#1051510). - mfd: palmas: Assign the right powerhold mask for tps65917 (git-fixes). - mfd: ti_am335x_tscadc: Keep ADC interface on if child is wakeup capable (bsc#1051510). - mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d() (git fixes (mm/gup)). - mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new zone (git fixes (mm/compaction)). - mm/debug.c: PageAnon() is true for PageKsm() pages (git fixes (mm/debug)). - mmc: core: fix wl1251 sdio quirks (git-fixes). - mmc: host: omap_hsmmc: add code for special init of wl1251 to get rid of pandora_wl1251_init_card (git-fixes). - mmc: mediatek: fix cannot receive new request when msdc_cmd_is_ready fail (bsc#1051510). - mmc: sdhci-esdhc-imx: correct the fix of ERR004536 (git-fixes). - mmc: sdhci-of-at91: fix quirk2 overwrite (git-fixes). - mmc: sdio: fix wl1251 vendor id (git-fixes). - mt7601u: fix bbp version check in mt7601u_wait_bbp_ready (bsc#1051510). - mtd: nand: mtk: fix incorrect register setting order about ecc irq. - mtd: spear_smi: Fix Write Burst mode (bsc#1051510). - mtd: spi-nor: fix silent truncation in spi_nor_read() (bsc#1051510). - mwifiex: Fix NL80211_TX_POWER_LIMITED (bsc#1051510). - net/ibmvnic: Ignore H_FUNCTION return from H_EOI to tolerate XIVE mode (bsc#1089644, ltc#166495, ltc#165544, git-fixes). - net/mlx4_core: Dynamically set guaranteed amount of counters per VF (networking-stable-19_11_05). - net/mlx5e: Fix handling of compressed CQEs in case of low NAPI budget (networking-stable-19_11_05). - net/smc: Fix error path in smc_init (git-fixes). - net/smc: avoid fallback in case of non-blocking connect (git-fixes). - net/smc: fix closing of fallback SMC sockets (git-fixes). - net/smc: fix ethernet interface refcounting (git-fixes). - net/smc: fix refcounting for non-blocking connect() (git-fixes). - net/smc: keep vlan_id for SMC-R in smc_listen_work() (git-fixes). - net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol() (networking-stable-19_11_05). - net: add READ_ONCE() annotation in __skb_wait_for_more_packets() (networking-stable-19_11_05). - net: add skb_queue_empty_lockless() (networking-stable-19_11_05). - net: annotate accesses to sk->sk_incoming_cpu (networking-stable-19_11_05). - net: annotate lockless accesses to sk->sk_napi_id (networking-stable-19_11_05). - net: avoid potential infinite loop in tc_ctl_action() (networking-stable-19_10_24). - net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3 (networking-stable-19_10_24). - net: bcmgenet: Set phydev->dev_flags only for internal PHYs (networking-stable-19_10_24). - net: bcmgenet: reset 40nm EPHY on energy detect (networking-stable-19_11_05). - net: dsa: b53: Do not clear existing mirrored port mask (networking-stable-19_11_05). - net: dsa: bcm_sf2: Fix IMP setup for port different than 8 (networking-stable-19_11_05). - net: dsa: fix switch tree list (networking-stable-19_11_05). - net: ethernet: ftgmac100: Fix DMA coherency issue with SW checksum (networking-stable-19_11_05). - net: fix sk_page_frag() recursion from memory reclaim (networking-stable-19_11_05). - net: hisilicon: Fix ping latency when deal with high throughput (networking-stable-19_11_05). - net: stmmac: disable/enable ptp_ref_clk in suspend/resume flow (networking-stable-19_10_24). - net: use skb_queue_empty_lockless() in busy poll contexts (networking-stable-19_11_05). - net: use skb_queue_empty_lockless() in poll() handlers (networking-stable-19_11_05). - net: wireless: ti: remove local VENDOR_ID and DEVICE_ID definitions (git-fixes). - net: wireless: ti: wl1251 use new SDIO_VENDOR_ID_TI_WL1251 definition (git-fixes). - netns: fix GFP flags in rtnl_net_notifyid() (networking-stable-19_11_05). - nfc: netlink: fix double device reference drop (git-fixes). - nfc: port100: handle command failure cleanly (git-fixes). - nl80211: Fix a GET_KEY reply attribute (bsc#1051510). - openvswitch: fix flow command message size (git-fixes). - padata: use smp_mb in padata_reorder to avoid orphaned padata jobs (git-fixes). - phy: phy-twl4030-usb: fix denied runtime access (git-fixes). - pinctl: ti: iodelay: fix error checking on pinctrl_count_index_with_args call (git-fixes). - pinctrl: at91: do not use the same irqchip with multiple gpiochips (git-fixes). - pinctrl: cherryview: Allocate IRQ chip dynamic (git-fixes). - pinctrl: lewisburg: Update pin list according to v1.1v6 (bsc#1051510). - pinctrl: lpc18xx: Use define directive for PIN_CONFIG_GPIO_PIN_INT (bsc#1051510). - pinctrl: qcom: spmi-gpio: fix gpio-hog related boot issues (bsc#1051510). - pinctrl: samsung: Fix device node refcount leaks in S3C24xx wakeup controller init (bsc#1051510). - pinctrl: samsung: Fix device node refcount leaks in S3C64xx wakeup controller init (bsc#1051510). - pinctrl: samsung: Fix device node refcount leaks in init code (bsc#1051510). - pinctrl: sunxi: Fix a memory leak in 'sunxi_pinctrl_build_state()' (bsc#1051510). - pinctrl: zynq: Use define directive for PIN_CONFIG_IO_STANDARD (bsc#1051510). - power: reset: at91-poweroff: do not procede if at91_shdwc is allocated (bsc#1051510). - power: supply: ab8500_fg: silence uninitialized variable warnings (bsc#1051510). - power: supply: max14656: fix potential use-after-free (bsc#1051510). - power: supply: twl4030_charger: disable eoc interrupt on linear charge (bsc#1051510). - power: supply: twl4030_charger: fix charging current out-of-bounds (bsc#1051510). - powerpc/64: Make meltdown reporting Book3S 64 specific (bsc#1091041). - powerpc/book3s64/hash: Use secondary hash for bolted mapping if the primary is full (bsc#1157778 ltc#182520). - powerpc/bpf: Fix tail call implementation (bsc#1157698). - powerpc/pseries: Do not fail hash page table insert for bolted mapping (bsc#1157778 ltc#182520). - powerpc/pseries: Do not opencode HPTE_V_BOLTED (bsc#1157778 ltc#182520). - powerpc/pseries: address checkpatch warnings in dlpar_offline_cpu (bsc#1156700 ltc#182459). - powerpc/pseries: safely roll back failed DLPAR cpu add (bsc#1156700 ltc#182459). - powerpc/security/book3s64: Report L1TF status in sysfs (bsc#1091041). - powerpc/security: Fix wrong message when RFI Flush is disable (bsc#1131107). - powerpc/xive: Prevent page fault issues in the machine crash handler (bsc#1156882 ltc#182435). - ppdev: fix PPGETTIME/PPSETTIME ioctls (bsc#1051510). - pwm: bcm-iproc: Prevent unloading the driver module while in use (git-fixes). - pwm: lpss: Only set update bit if we are actually changing the settings (bsc#1051510). - r8152: add device id for Lenovo ThinkPad USB-C Dock Gen 2 (networking-stable-19_11_05). - regulator: ab8500: Remove AB8505 USB regulator (bsc#1051510). - regulator: ab8500: Remove SYSCLKREQ from enum ab8505_regulator_id (bsc#1051510). - remoteproc: Check for NULL firmwares in sysfs interface (git-fixes). - reset: Fix potential use-after-free in __of_reset_control_get() (bsc#1051510). - reset: fix of_reset_simple_xlate kerneldoc comment (bsc#1051510). - reset: fix reset_control_get_exclusive kerneldoc comment (bsc#1051510). - rpm/kernel-binary.spec.in: add COMPRESS_VMLINUX (bnc#1155921) Let COMPRESS_VMLINUX determine the compression used for vmlinux. By default (historically), it is gz. - rpm/kernel-source.spec.in: Fix dependency of kernel-devel (bsc#1154043) - rtl8187: Fix warning generated when strncpy() destination length matches the sixe argument (bsc#1051510). - rtlwifi: Remove unnecessary NULL check in rtl_regd_init (bsc#1051510). - rtlwifi: rtl8192de: Fix misleading REG_MCUFWDL information (bsc#1051510). - rtlwifi: rtl8192de: Fix missing code to retrieve RX buffer address (bsc#1051510). - rtlwifi: rtl8192de: Fix missing enable interrupt flag (bsc#1051510). - s390/bpf: fix lcgr instruction encoding (bsc#1051510). - s390/bpf: use 32-bit index for tail calls (bsc#1051510). - s390/cio: avoid calling strlen on null pointer (bsc#1051510). - s390/cio: exclude subchannels with no parent from pseudo check (bsc#1051510). - s390/cmm: fix information leak in cmm_timeout_handler() (bsc#1051510). - s390/cpumsf: Check for CPU Measurement sampling (bsc#1153681 LTC#181855). - s390/idle: fix cpu idle time calculation (bsc#1051510). - s390/process: avoid potential reading of freed stack (bsc#1051510). - s390/qdio: (re-)initialize tiqdio list entries (bsc#1051510). - s390/qdio: do not touch the dsci in tiqdio_add_input_queues() (bsc#1051510). - s390/qeth: return proper errno on IO error (bsc#1051510). - s390/setup: fix boot crash for machine without EDAT-1 (bsc#1051510 bsc#1140948). - s390/setup: fix early warning messages (bsc#1051510 bsc#1140948). - s390/topology: avoid firing events before kobjs are created (bsc#1051510). - s390: fix stfle zero padding (bsc#1051510). - sc16is7xx: Fix for 'Unexpected interrupt: 8' (bsc#1051510). - scsi: lpfc: Fix Oops in nvme_register with target logout/login (bsc#1151900). - scsi: lpfc: Honor module parameter lpfc_use_adisc (bsc#1153628). - scsi: lpfc: Limit xri count for kdump environment (bsc#1154124). - scsi: qla2xxx: Add debug dump of LOGO payload and ELS IOCB (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Allow PLOGI in target mode (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Change discovery state before PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Configure local loop for N2N target (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Do command completion on abort timeout (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Do not call qlt_async_event twice (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Do not defer relogin unconditonally (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Drop superfluous INIT_WORK of del_work (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Fix PLOGI payload and ELS IOCB dump length (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Fix SRB leak on switch command timeout (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix a dma_pool_free() call (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix device connect issues in P2P configuration (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix double scsi_done for abort path (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix driver unload hang (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix memory leak when sending I/O fails (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Fix qla2x00_request_irqs() for MSI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Ignore NULL pointer in tcm_qla2xxx_free_mcmd (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Ignore PORT UPDATE after N2N PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Initialize free_work before flushing it (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Remove an include directive (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Retry PLOGI on FC-NVMe PRLI failure (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Send Notify ACK after N2N PLOGI (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: Update driver version to 10.01.00.21-k (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: Use explicit LOGO in target mode (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548). - scsi: qla2xxx: do not use zero for FC4_PRIORITY_NVME (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: fix rports not being mark as lost in sync fabric scan (bsc#1138039). - scsi: qla2xxx: initialize fc4_type_priority (bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942). - scsi: qla2xxx: unregister ports after GPN_FT failure (bsc#1138039). - scsi: sd: Ignore a failure to sync cache due to lack of authorization (git-fixes). - scsi: storvsc: Add ability to change scsi queue depth (bsc#1155021). - scsi: zfcp: fix reaction on bit error threshold notification (bsc#1154956 LTC#182054). - scsi: zfcp: fix request object use-after-free in send path causing wrong traces (bsc#1051510). - sctp: change sctp_prot .no_autobind with true (networking-stable-19_10_24). - sctp: Fixed a regression (bsc#1158082). - selftests: net: reuseport_dualstack: fix uninitalized parameter (networking-stable-19_11_05). - serial: fix kernel-doc warning in comments (bsc#1051510). - serial: mctrl_gpio: Check for NULL pointer (bsc#1051510). - serial: mxs-auart: Fix potential infinite loop (bsc#1051510). - serial: samsung: Enable baud clock for UART reset procedure in resume (bsc#1051510). - serial: uartlite: fix exit path null pointer (bsc#1051510). - serial: uartps: Fix suspend functionality (bsc#1051510). - signal: Properly set TRACE_SIGNAL_LOSE_INFO in __send_signal (bsc#1157463). - slcan: Fix memory leak in error path (bsc#1051510). - slip: Fix memory leak in slip_open error path (bsc#1051510). - slip: Fix use-after-free Read in slip_open (bsc#1051510). - smb3: Incorrect size for netname negotiate context (bsc#1144333, bsc#1154355). - smb3: fix leak in 'open on server' perf counter (bsc#1144333, bsc#1154355). - smb3: fix signing verification of large reads (bsc#1144333, bsc#1154355). - smb3: fix unmount hang in open_shroot (bsc#1144333, bsc#1154355). - smb3: improve handling of share deleted (and share recreated) (bsc#1144333, bsc#1154355). - soc: imx: gpc: fix PDN delay (bsc#1051510). - soc: qcom: wcnss_ctrl: Avoid string overflow (bsc#1051510). - spi: atmel: Fix CS high support (bsc#1051510). - spi: atmel: fix handling of cs_change set on non-last xfer (bsc#1051510). - spi: fsl-lpspi: Prevent FIFO under/overrun by default (bsc#1051510). - spi: mediatek: Do not modify spi_transfer when transfer (bsc#1051510). - spi: mediatek: use correct mata->xfer_len when in fifo transfer (bsc#1051510). - spi: pic32: Use proper enum in dmaengine_prep_slave_rg (bsc#1051510). - spi: rockchip: initialize dma_slave_config properly (bsc#1051510). - spi: spidev: Fix OF tree warning logic (bsc#1051510). - staging: rtl8188eu: fix null dereference when kzalloc fails (bsc#1051510). - thunderbolt: Fix lockdep circular locking depedency warning (git-fixes). - tpm: add check after commands attribs tab allocation (bsc#1051510). - tracing: Get trace_array reference for available_tracers files (bsc#1156429). - udp: use skb_queue_empty_lockless() (networking-stable-19_11_05). - usb-serial: cp201x: support Mark-10 digital force gauge (bsc#1051510). - usb-storage: Revert commit 747668dbc061 ('usb-storage: Set virt_boundary_mask to avoid SG overflows') (bsc#1051510). - usb: chipidea: Fix otg event handler (bsc#1051510). - usb: chipidea: imx: enable OTG overcurrent in case USB subsystem is already started (bsc#1051510). - usb: dwc3: gadget: Check ENBLSLPM before sending ep command (bsc#1051510). - usb: gadget: udc: atmel: Fix interrupt storm in FIFO mode (bsc#1051510). - usb: gadget: udc: fotg210-udc: Fix a sleep-in-atomic-context bug in fotg210_get_status() (bsc#1051510). - usb: gadget: uvc: Factor out video USB request queueing (bsc#1051510). - usb: gadget: uvc: Only halt video streaming endpoint in bulk mode (bsc#1051510). - usb: gadget: uvc: configfs: Drop leaked references to config items (bsc#1051510). - usb: gadget: uvc: configfs: Prevent format changes after linking header (bsc#1051510). - usb: handle warm-reset port requests on hub resume (bsc#1051510). - usb: xhci-mtk: fix ISOC error when interval is zero (bsc#1051510). - usbip: Fix free of unallocated memory in vhci tx (git-fixes). - usbip: Fix vhci_urb_enqueue() URB null transfer buffer error path (git-fixes). - usbip: Implement SG support to vhci-hcd and stub driver (git-fixes). - usbip: tools: fix fd leakage in the function of read_attr_usbip_status (git-fixes). - vfio-ccw: Fix misleading comment when setting orb.cmd.c64 (bsc#1051510). - vfio-ccw: Set pa_nr to 0 if memory allocation fails for pa_iova_pfn (bsc#1051510). - vfio: ccw: push down unsupported IDA check (bsc#1156471 LTC#182362). - video/hdmi: Fix AVI bar unpack (git-fixes). - virtio/s390: fix race on airq_areas (bsc#1051510). - virtio_console: allocate inbufs in add_port() only if it is needed (git-fixes). - virtio_ring: fix return code on DMA mapping fails (git-fixes). - vmxnet3: turn off lro when rxcsum is disabled (bsc#1157499). - watchdog: meson: Fix the wrong value of left time (bsc#1051510). - x86/alternatives: Add int3_emulate_call() selftest (bsc#1153811). - x86/alternatives: Fix int3_emulate_call() selftest stack corruption (bsc#1153811). - x86/mm/pkeys: Fix typo in Documentation/x86/protection-keys.txt (bsc#1078248). - x86/pkeys: Update documentation about availability (bsc#1078248). - x86/resctrl: Fix potential lockdep warning (bsc#1114279). - x86/resctrl: Prevent NULL pointer dereference when reading mondata (bsc#1114279). - x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs (bsc#1158068). - xfrm: Fix xfrm sel prefix length validation (git-fixes). - xfrm: fix sa selector validation (bsc#1156609). Important SUSE bug 1048942 SUSE bug 1051510 SUSE bug 1078248 SUSE bug 1082635 SUSE bug 1089644 SUSE bug 1091041 SUSE bug 1108043 SUSE bug 1113722 SUSE bug 1114279 SUSE bug 1117169 SUSE bug 1131107 SUSE bug 1138039 SUSE bug 1140948 SUSE bug 1143706 SUSE bug 1144333 SUSE bug 1149448 SUSE bug 1150466 SUSE bug 1151548 SUSE bug 1151900 SUSE bug 1152782 SUSE bug 1153628 SUSE bug 1153681 SUSE bug 1153811 SUSE bug 1154043 SUSE bug 1154058 SUSE bug 1154124 SUSE bug 1154355 SUSE bug 1154526 SUSE bug 1154956 SUSE bug 1155021 SUSE bug 1155689 SUSE bug 1155692 SUSE bug 1155836 SUSE bug 1155897 SUSE bug 1155921 SUSE bug 1155982 SUSE bug 1156187 SUSE bug 1156258 SUSE bug 1156429 SUSE bug 1156466 SUSE bug 1156471 SUSE bug 1156494 SUSE bug 1156609 SUSE bug 1156700 SUSE bug 1156729 SUSE bug 1156882 SUSE bug 1157038 SUSE bug 1157042 SUSE bug 1157070 SUSE bug 1157143 SUSE bug 1157145 SUSE bug 1157158 SUSE bug 1157162 SUSE bug 1157171 SUSE bug 1157173 SUSE bug 1157178 SUSE bug 1157180 SUSE bug 1157182 SUSE bug 1157183 SUSE bug 1157184 SUSE bug 1157191 SUSE bug 1157193 SUSE bug 1157197 SUSE bug 1157298 SUSE bug 1157307 SUSE bug 1157324 SUSE bug 1157333 SUSE bug 1157424 SUSE bug 1157463 SUSE bug 1157499 SUSE bug 1157678 SUSE bug 1157698 SUSE bug 1157778 SUSE bug 1157908 SUSE bug 1158049 SUSE bug 1158063 SUSE bug 1158064 SUSE bug 1158065 SUSE bug 1158066 SUSE bug 1158067 SUSE bug 1158068 SUSE bug 1158082 CVE-2019-14895 CVE-2019-15916 CVE-2019-16231 CVE-2019-17055 CVE-2019-18660 CVE-2019-18683 CVE-2019-18805 CVE-2019-18809 CVE-2019-19049 CVE-2019-19052 CVE-2019-19056 CVE-2019-19057 CVE-2019-19058 CVE-2019-19060 CVE-2019-19062 CVE-2019-19063 CVE-2019-19065 CVE-2019-19067 CVE-2019-19068 CVE-2019-19073 CVE-2019-19074 CVE-2019-19075 CVE-2019-19077 CVE-2019-19227 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for dia fixes the following issue: - CVE-2019-19451: Fixed an endless loop on filenames with invalid encoding (bsc#1158194). Moderate SUSE bug 1158194 CVE-2019-19451 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for podofo fixes the following issues: These security issues were fixed: - CVE-2017-6845: The PoDoFo::PdfColor::operator function allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1027779). - CVE-2018-5308: Properly validate memcpy arguments in the PdfMemoryOutputStream::Write function to prevent remote attackers from causing a denial-of-service or possibly have unspecified other impact via a crafted pdf file (bsc#1075772) - CVE-2018-5295: Prevent integer overflow in the PdfXRefStreamParserObject::ParseStream function that allowed remote attackers to cause a denial-of-service via a crafted pdf file (bsc#1075026). - CVE-2017-6845: The PoDoFo::PdfColor::operator function allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1027779). - CVE-2018-5309: Prevent integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function that allowed remote attackers to cause a denial-of-service via a crafted pdf file (bsc#1075322). - CVE-2018-5296: Prevent uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function that allowed remote attackers to cause a denial-of-service via a crafted pdf file (bsc#1075021). - CVE-2017-7381: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1032020). - CVE-2017-7382: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1032021). - CVE-2017-7383: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1032022). - CVE-2018-11256: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1096889). - CVE-2018-5783: Prevent uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function that allowed remote attackers to cause a denial of service via a crafted pdf file (bsc#1076962). These non-security issues were fixed: - Prevent regression caused by the fix for CVE-2017-8054. - Prevent NULL dereferences when 'Kids' array is missing (bsc#1096890) - Added to detect cycles and recursions in XRef tables Moderate SUSE bug 1027779 SUSE bug 1032020 SUSE bug 1032021 SUSE bug 1032022 SUSE bug 1075021 SUSE bug 1075026 SUSE bug 1075322 SUSE bug 1075772 SUSE bug 1076962 SUSE bug 1096889 SUSE bug 1096890 CVE-2017-6845 CVE-2017-7381 CVE-2017-7382 CVE-2017-7383 CVE-2017-8054 CVE-2018-11256 CVE-2018-5295 CVE-2018-5296 CVE-2018-5308 CVE-2018-5309 CVE-2018-5783 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for python fixes the following issues: Security issues fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191). - CVE-2018-14647: Fixed a denial-of-service vulnerability in Expat (bsc#1109847). Non-security issue fixed: - Fixed a bug where PyWeakReference struct was not initialized correctly leading to a crash (bsc#1073748). Important SUSE bug 1073748 SUSE bug 1109847 SUSE bug 1122191 CVE-2018-14647 CVE-2019-5010 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for webkit2gtk3 to version 2.22.6 fixes the following issues: Security issues fixed: - CVE-2019-6212: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6215: Fixed a type confusion vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6216: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6217: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6226: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6227: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6229: Fixed a logic issue by improving validation which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6233: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6234: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. Other issues addressed: - Update to version 2.22.6 (bsc#1124937). - Kinetic scrolling slow down smoothly when reaching the ends of pages, instead of abruptly, to better match the GTK+ behaviour. - Fixed Web inspector magnifier under Wayland. - Fixed garbled rendering of some websites (e.g. YouTube) while scrolling under X11. - Fixed several crashes, race conditions, and rendering issues. Important SUSE bug 1124937 CVE-2019-6212 CVE-2019-6215 CVE-2019-6216 CVE-2019-6217 CVE-2019-6226 CVE-2019-6227 CVE-2019-6229 CVE-2019-6233 CVE-2019-6234 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for webkit2gtk3 to version 2.22.4 fixes the following issues: Security issues fixed: CVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4392, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361, CVE-2018-4345, CVE-2018-4372, CVE-2018-4373, CVE-2018-4375, CVE-2018-4376, CVE-2018-4416, CVE-2018-4378, CVE-2018-4382, CVE-2018-4386 (bsc#1110279, bsc#1116998). Important SUSE bug 1110279 SUSE bug 1116998 CVE-2018-4191 CVE-2018-4197 CVE-2018-4207 CVE-2018-4208 CVE-2018-4209 CVE-2018-4210 CVE-2018-4212 CVE-2018-4213 CVE-2018-4261 CVE-2018-4262 CVE-2018-4263 CVE-2018-4264 CVE-2018-4265 CVE-2018-4266 CVE-2018-4267 CVE-2018-4270 CVE-2018-4272 CVE-2018-4273 CVE-2018-4278 CVE-2018-4284 CVE-2018-4299 CVE-2018-4306 CVE-2018-4309 CVE-2018-4312 CVE-2018-4314 CVE-2018-4315 CVE-2018-4316 CVE-2018-4317 CVE-2018-4318 CVE-2018-4319 CVE-2018-4323 CVE-2018-4328 CVE-2018-4345 CVE-2018-4358 CVE-2018-4359 CVE-2018-4361 CVE-2018-4372 CVE-2018-4373 CVE-2018-4375 CVE-2018-4376 CVE-2018-4378 CVE-2018-4382 CVE-2018-4386 CVE-2018-4392 CVE-2018-4416 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for gd fixes the following issues: Security issues fixed: - CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function (bsc#1123361). - CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions (bsc#1123522). Moderate SUSE bug 1123361 SUSE bug 1123522 CVE-2019-6977 CVE-2019-6978 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-20669: Missing access control checks in ioctl of gpu/drm/i915 driver were fixed which might have lead to information leaks. (bnc#1122971). - CVE-2019-3459, CVE-2019-3460: The Bluetooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758). - CVE-2019-3819: A flaw was found in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ('root') can cause a system lock up and a denial of service. (bnc#1123161). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bnc#1124728 ). - CVE-2019-7221: Fixed a use-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124732). - CVE-2019-7222: Fixed an information leakage in the KVM hypervisor related to handling page fault exceptions, which allowed a guest user/process to use this flaw to leak the host's stack memory contents to a guest (bsc#1124735). - CVE-2019-7308: kernel/bpf/verifier.c performed undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks (bnc#1124055). - CVE-2019-8912: af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr (bnc#1125907). - CVE-2019-8980: A memory leak in the kernel_read_file function in fs/exec.c allowed attackers to cause a denial of service (memory consumption) by triggering vfs_read failures (bnc#1126209). - CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166). - CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179). The following non-security bugs were fixed: - 6lowpan: iphc: reset mac_header after decompress to fix panic (bsc#1051510). - 9p: clear dangling pointers in p9stat_free (bsc#1051510). - 9p locks: fix glock.client_id leak in do_lock (bsc#1051510). - 9p/net: fix memory leak in p9_client_create (bsc#1051510). - 9p/net: put a lower bound on msize (bsc#1051510). - 9p: use inode->i_lock to protect i_size_write() under 32-bit (bsc#1051510). - acpi/APEI: Clear GHES block_status before panic() (bsc#1051510). - acpi/device_sysfs: Avoid OF modalias creation for removed device (bsc#1051510). - acpi/nfit: Block function zero DSMs (bsc#1051510). - acpi, nfit: Fix Address Range Scrub completion tracking (bsc#1124969). - acpi/nfit: Fix bus command validation (bsc#1051510). - acpi/nfit: Fix command-supported detection (bsc#1051510). - acpi/nfit: Fix race accessing memdev in nfit_get_smbios_id() (bsc#1122662). - acpi/nfit: Fix user-initiated ARS to be 'ARS-long' rather than 'ARS-short' (bsc#1124969). - acpi: NUMA: Use correct type for printing addresses on i386-PAE (bsc#1051510). - acpi: power: Skip duplicate power resource references in _PRx (bsc#1051510). - acpi / video: Extend chassis-type detection with a 'Lunch Box' check (bsc#1051510). - acpi / video: Refactor and fix dmi_is_desktop() (bsc#1051510). - add 1 entry 2bcbd406715dca256912b9c5ae449c7968f15705 - Add delay-init quirk for Corsair K70 RGB keyboards (bsc#1087092). - af_iucv: Move sockaddr length checks to before accessing sa_family in bind and connect handlers (bsc#1051510). - alsa: bebob: fix model-id of unit for Apogee Ensemble (bsc#1051510). - alsa: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56 (bsc#1051510). - alsa: compress: Fix stop handling on compressed capture streams (bsc#1051510). - alsa: compress: prevent potential divide by zero bugs (bsc#1051510). - alsa: firewire-motu: fix construction of PCM frame for capture direction (bsc#1051510). - alsa: hda - Add mute LED support for HP ProBook 470 G5 (bsc#1051510). - alsa: hda - Add quirk for HP EliteBook 840 G5 (bsc#1051510). - alsa: hda/ca0132 - Fix build error without CONFIG_PCI (bsc#1051510). - alsa: hda/realtek: Disable PC beep in passthrough on alc285 (bsc#1051510). - alsa: hda/realtek: Enable audio jacks of ASUS UX362FA with ALC294 (bsc#1051510). - alsa: hda/realtek - Fixed hp_pin no value (bsc#1051510). - alsa: hda/realtek - Fix lose hp_pins for disable auto mute (bsc#1051510). - alsa: hda/realtek - Headset microphone and internal speaker support for System76 oryp5 (bsc#1051510). - alsa: hda/realtek - Headset microphone support for System76 darp5 (bsc#1051510). - alsa: hda/realtek - Reduce click noise on Dell Precision 5820 headphone (bsc#1126131). - alsa: hda/realtek - Use a common helper for hp pin reference (bsc#1051510). - alsa: hda - Serialize codec registrations (bsc#1122944). - alsa: hda - Use standard device registration for beep (bsc#1122944). - alsa: oxfw: add support for APOGEE duet FireWire (bsc#1051510). - alsa: usb-audio: Add Opus #3 to quirks for native DSD support (bsc#1051510). - alsa: usb-audio: Add support for new T+A USB DAC (bsc#1051510). - alsa: usb-audio: Fix implicit fb endpoint setup by quirk (bsc#1051510). - altera-stapl: check for a null key before strcasecmp'ing it (bsc#1051510). - amd-xgbe: Fix mdio access for non-zero ports and clause 45 PHYs (bsc#1122927). - apparmor: Fix aa_label_build() error handling for failed merges (bsc#1051510). - applicom: Fix potential Spectre v1 vulnerabilities (bsc#1051510). - aquantia: Setup max_mtu in ndev to enable jumbo frames (bsc#1051510). - arm64: fault: avoid send SIGBUS two times (bsc#1126393). - arm: 8802/1: Call syscall_trace_exit even when system call skipped (bsc#1051510). - arm: 8808/1: kexec:offline panic_smp_self_stop CPU (bsc#1051510). - arm: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling (bsc#1051510). - arm: 8815/1: V7M: align v7m_dma_inv_range() with v7 counterpart (bsc#1051510). - arm/arm64: kvm: Rename function kvm_arch_dev_ioctl_check_extension() (bsc#1126393). - arm/arm64: kvm: vgic: Force VM halt when changing the active state of GICv3 PPIs/SGIs (bsc#1051510). - arm: cns3xxx: Fix writing to wrong PCI config registers after alignment (bsc#1051510). - arm: cns3xxx: Use actual size reads for PCIe (bsc#1051510). - arm: imx: update the cpu power up timing setting on i.mx6sx (bsc#1051510). - arm: iop32x/n2100: fix PCI IRQ mapping (bsc#1051510). - arm: kvm: Fix VTTBR_BADDR_MASK BUG_ON off-by-one (bsc#1051510). - arm: mmp/mmp2: fix cpu_is_mmp2() on mmp2-dt (bsc#1051510). - arm: OMAP1: ams-delta: Fix possible use of uninitialized field (bsc#1051510). - arm: OMAP2+: hwmod: Fix some section annotations (bsc#1051510). - arm: OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup (bsc#1051510). - arm: pxa: avoid section mismatch warning (bsc#1051510). - arm: tango: Improve ARCH_MULTIPLATFORM compatibility (bsc#1051510). - ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages (bsc#1051510). - ASoC: dapm: change snprintf to scnprintf for possible overflow (bsc#1051510). - ASoC: dma-sh7760: cleanup a debug printk (bsc#1051510). - ASoC: fsl_esai: fix register setting issue in RIGHT_J mode (bsc#1051510). - ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M (bsc#1051510). - ASoC: imx-audmux: change snprintf to scnprintf for possible overflow (bsc#1051510). - ASoC: imx-sgtl5000: put of nodes if finding codec fails (bsc#1051510). - ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field (bsc#1051510). - ASoC: msm8916-wcd-analog: add missing license information (bsc#1051510). - ASoC: qcom: Fix of-node refcount unbalance in apq8016_sbc_parse_of() (bsc#1051510). - ASoC: rsnd: fixup rsnd_ssi_master_clk_start() user count check (bsc#1051510). - ASoC: rt5514-spi: Fix potential NULL pointer dereference (bsc#1051510). - assoc_array: Fix shortcut creation (bsc#1051510). - ata: ahci: mvebu: remove stale comment (bsc#1051510). - ath9k: Avoid OF no-EEPROM quirks without qca,no-eeprom (bsc#1051510). - ath9k: dynack: check da->enabled first in sampling routines (bsc#1051510). - ath9k: dynack: make ewma estimation faster (bsc#1051510). - ath9k: dynack: use authentication messages for 'late' ack (bsc#1051510). - atm: he: fix sign-extension overflow on large shift (bsc#1051510). - ax25: fix a use-after-free in ax25_fillin_cb() (networking-stable-19_01_04). - ax25: fix possible use-after-free (bsc#1051510). - backlight: pwm_bl: Use gpiod_get_value_cansleep() to get initial (bsc#1113722) - batman-adv: Avoid WARN on net_device without parent in netns (bsc#1051510). - batman-adv: fix uninit-value in batadv_interface_tx() (bsc#1051510). - batman-adv: Force mac header to start of data on xmit (bsc#1051510). - be2net: do not flip hw_features when VXLANs are added/deleted (bsc#1050252). - bio: Introduce BIO_ALLOCED flag and check it in bio_free (bsc#1128094). - blkdev: avoid migration stalls for blkdev pages (bsc#1084216). - blk-mq: fix a hung issue when fsync (bsc#1125252). - blk-mq: fix kernel oops in blk_mq_tag_idle() (bsc#1051510). - block: break discard submissions into the user defined size (git-fixes). - block: cleanup __blkdev_issue_discard() (git-fixes). - block_dev: fix crash on chained bios with O_DIRECT (bsc#1128094). - blockdev: Fix livelocks on loop device (bsc#1124984). - block: do not deal with discard limit in blkdev_issue_discard() (git-fixes). - block: do not use bio->bi_vcnt to figure out segment number (bsc#1128895). - block: do not warn when doing fsync on read-only devices (bsc#1125252). - block: fix 32 bit overflow in __blkdev_issue_discard() (git-fixes). - block: fix infinite loop if the device loses discard capability (git-fixes). - block/loop: Use global lock for ioctl() operation (bsc#1124974). - block: make sure discard bio is aligned with logical block size (git-fixes). - block: make sure writesame bio is aligned with logical block size (git-fixes). - block: move bio_integrity_{intervals,bytes} into blkdev.h (bsc#1114585). - block/swim3: Fix -EBUSY error when re-opening device after unmount (git-fixes). - bluetooth: Fix locking in bt_accept_enqueue() for BH context (bsc#1051510). - bluetooth: Fix unnecessary error message for HCI request completion (bsc#1051510). - bnx2x: Assign unique DMAE channel number for FW DMAE transactions (bsc#1086323). - bnx2x: Clear fip MAC when fcoe offload support is disabled (bsc#1086323). - bnx2x: Fix NULL pointer dereference in bnx2x_del_all_vlans() on some hw (bsc#1086323). - bnx2x: Remove configured vlans as part of unload sequence (bsc#1086323). - bnx2x: Send update-svid ramrod with retry/poll flags enabled (bsc#1086323). - bnxt_en: Fix typo in firmware message timeout logic (bsc#1086282 ). - bnxt_en: Wait longer for the firmware message response to complete (bsc#1086282). - bonding: update nest level on unlink (git-fixes). - bpf: decrease usercnt if bpf_map_new_fd() fails in bpf_map_get_fd_by_id() (bsc#1083647). - bpf: drop refcount if bpf_map_new_fd() fails in map_create() (bsc#1083647). - bpf: fix lockdep false positive in percpu_freelist (bsc#1083647). - bpf: fix replace_map_fd_with_map_ptr's ldimm64 second imm field (bsc#1083647). - bpf: fix sanitation rewrite in case of non-pointers (bsc#1083647). - bpf: Fix syscall's stackmap lookup potential deadlock (bsc#1083647). - bpf, lpm: fix lookup bug in map_delete_elem (bsc#1083647). - bpf/verifier: fix verifier instability (bsc#1056787). - bsg: allocate sense buffer if requested (bsc#1106811). - bsg: Do not copy sense if no response buffer is allocated (bsc#1106811,bsc#1126555). - btrfs: dedupe_file_range ioctl: remove 16MiB restriction (bsc#1127494). - btrfs: do not unnecessarily pass write_lock_level when processing leaf (bsc#1126802). - btrfs: ensure that a DUP or RAID1 block group has exactly two stripes (bsc#1128451). - btrfs: fix clone vs chattr NODATASUM race (bsc#1127497). - btrfs: fix corruption reading shared and compressed extents after hole punching (bsc#1126476). - btrfs: fix deadlock when allocating tree block during leaf/node split (bsc#1126806). - btrfs: fix deadlock when using free space tree due to block group creation (bsc#1126804). - btrfs: fix fsync after succession of renames and unlink/rmdir (bsc#1126488). - btrfs: fix fsync after succession of renames of different files (bsc#1126481). - btrfs: fix invalid-free in btrfs_extent_same (bsc#1127498). - btrfs: fix reading stale metadata blocks after degraded raid1 mounts (bsc#1126803). - btrfs: fix use-after-free of cmp workspace pages (bsc#1127603). - btrfs: grab write lock directly if write_lock_level is the max level (bsc#1126802). - btrfs: Improve btrfs_search_slot description (bsc#1126802). - btrfs: move get root out of btrfs_search_slot to a helper (bsc#1126802). - btrfs: qgroup: Cleanup old subtree swap code (bsc#1063638). - btrfs: qgroup: Do not trace subtree if we're dropping reloc tree (bsc#1063638). - btrfs: qgroup: Finish rescan when hit the last leaf of extent tree (bsc#1129327). - btrfs: qgroup: Fix root item corruption when multiple same source snapshots are created with quota enabled (bsc#1122324). - btrfs: qgroup: Introduce function to find all new tree blocks of reloc tree (bsc#1063638). - btrfs: qgroup: Introduce function to trace two swaped extents (bsc#1063638). - btrfs: qgroup: Introduce per-root swapped blocks infrastructure (bsc#1063638). - btrfs: qgroup: Introduce trace event to analyse the number of dirty extents accounted (bsc#1063638 dependency). - btrfs: qgroup: Make qgroup async transaction commit more aggressive (bsc#1113042). - btrfs: qgroup: Only trace data extents in leaves if we're relocating data block group (bsc#1063638). - btrfs: qgroup: Refactor btrfs_qgroup_trace_subtree_swap (bsc#1063638). - btrfs: qgroup: Search commit root for rescan to avoid missing extent (bsc#1129326). - btrfs: qgroup: Use delayed subtree rescan for balance (bsc#1063638). - btrfs: qgroup: Use generation-aware subtree swap to mark dirty extents (bsc#1063638). - btrfs: quota: Set rescan progress to (u64)-1 if we hit last leaf (bsc#1129327). - btrfs: relocation: Delay reloc tree deletion after merge_reloc_roots (bsc#1063638). - btrfs: reloc: Fix NULL pointer dereference due to expanded reloc_root lifespan (bsc#1129497). - btrfs: remove always true check in unlock_up (bsc#1126802). - btrfs: remove superfluous free_extent_buffer in read_block_for_search (bsc#1126802). - btrfs: remove unnecessary level check in balance_level (bsc#1126802). - btrfs: remove unused check of skip_locking (bsc#1126802). - btrfs: reuse cmp workspace in EXTENT_SAME ioctl (bsc#1127495). - btrfs: send, fix race with transaction commits that create snapshots (bsc#1126802). - btrfs: simplify IS_ERR/PTR_ERR checks (bsc#1126481). - btrfs: split btrfs_extent_same (bsc#1127493). - btrfs: use kvzalloc for EXTENT_SAME temporary data (bsc#1127496). - btrfs: use more straightforward extent_buffer_uptodate check (bsc#1126802). - can: bcm: check timer values before ktime conversion (bsc#1051510). - can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it (bsc#1051510). - can: gw: ensure DLC boundaries after CAN frame modification (bsc#1051510). - cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader (bsc#1051510). - cdc-wdm: pass return value of recover_from_urb_loss (bsc#1051510). - ceph: avoid repeatedly adding inode to mdsc->snap_flush_list (bsc#1126790). - ceph: clear inode pointer when snap realm gets dropped by its inode (bsc#1125799). - cfg80211: extend range deviation for DMG (bsc#1051510). - ch: add missing mutex_lock()/mutex_unlock() in ch_release() (bsc#1124235). - char/mwave: fix potential Spectre v1 vulnerability (bsc#1051510). - checkstack.pl: fix for aarch64 (bsc#1051510). - ch: fixup refcounting imbalance for SCSI devices (bsc#1124235). - cifs: add missing debug entries for kconfig options (bsc#1051510). - cifs: add missing support for ACLs in smb 3.11 (bsc#1051510). - cifs: add sha512 secmech (bsc#1051510). - cifs: Add support for reading attributes on smb2+ (bsc#1051510). - cifs: Add support for writing attributes on smb2+ (bsc#1051510). - cifs: Always resolve hostname before reconnecting (bsc#1051510). - cifs: connect to servername instead of IP for IPC$ share (bsc#1051510). - cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510). - cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510). - cifs: Fix error mapping for smb2_LOCK command which caused OFD lock problem (bsc#1051510). - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510). - cifs: Fix NULL pointer dereference of devname (bnc#1129519). - cifs: fix return value for cifs_listxattr (bsc#1051510). - cifs: Fix separator when building path from dentry (bsc#1051510). - cifs: fix set info (bsc#1051510). - cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510). - cifs: fix wrapping bugs in num_entries() (bsc#1051510). - cifs: For smb2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510). - cifs: hide unused functions (bsc#1051510). - cifs: hide unused functions (bsc#1051510). - cifs: implement v3.11 preauth integrity (bsc#1051510). - cifs: invalidate cache when we truncate a file (bsc#1051510). - cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510). - cifs: OFD locks do not conflict with eachothers (bsc#1051510). - cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510). - cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510). - cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510). - cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510). - cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510). - cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510). - cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510). - cifs: Use ULL suffix for 64-bit constant (bsc#1051510). - clk: armada-370: fix refcount leak in a370_clk_init() (bsc#1051510). - clk: armada-xp: fix refcount leak in axp_clk_init() (bsc#1051510). - clk: dove: fix refcount leak in dove_clk_init() (bsc#1051510). - clk: highbank: fix refcount leak in hb_clk_init() (bsc#1051510). - clk: imx6q: fix refcount leak in imx6q_clocks_init() (bsc#1051510). - clk: imx6q: reset exclusive gates on init (bsc#1051510). - clk: imx6sl: ensure MMDC CH0 handshake is bypassed (bsc#1051510). - clk: imx6sx: fix refcount leak in imx6sx_clocks_init() (bsc#1051510). - clk: imx7d: fix refcount leak in imx7d_clocks_init() (bsc#1051510). - clk: kirkwood: fix refcount leak in kirkwood_clk_init() (bsc#1051510). - clk: mv98dx3236: fix refcount leak in mv98dx3236_clk_init() (bsc#1051510). - clk: qoriq: fix refcount leak in clockgen_init() (bsc#1051510). - clk: rockchip: fix typo in rk3188 spdif_frac parent (bsc#1051510). - clk: samsung: exynos4: fix refcount leak in exynos4_get_xom() (bsc#1051510). - clk: socfpga: fix refcount leak (bsc#1051510). - clk: sunxi: A31: Fix wrong AHB gate number (bsc#1051510). - clk: sunxi-ng: a33: Set CLK_SET_RATE_PARENT for all audio module clocks (bsc#1051510). - clk: sunxi-ng: enable so-said LDOs for A64 SoC's pll-mipi clock (bsc#1051510). - clk: sunxi-ng: h3/h5: Fix CSI_MCLK parent (bsc#1051510). - clk: sunxi-ng: sun8i-a23: Enable PLL-MIPI LDOs when ungating it (bsc#1051510). - clk: uniphier: Fix update register for CPU-gear (bsc#1051510). - clk: vf610: fix refcount leak in vf610_clocks_init() (bsc#1051510). - clocksource/drivers/exynos_mct: Fix error path in timer resources initialization (bsc#1051510). - clocksource/drivers/integrator-ap: Add missing of_node_put() (bsc#1051510). - clocksource/drivers/sun5i: Fail gracefully when clock rate is unavailable (bsc#1051510). - configfs: fix registered group removal (bsc#1051510). - copy_mount_string: Limit string length to PATH_MAX (bsc#1082943). - cpufreq: Cap the default transition delay value to 10 ms (bsc#1127042). - cpufreq: conservative: Take limits changes into account properly (bsc#1051510). - cpufreq: governor: Avoid accessing invalid governor_data (bsc#1051510). - cpufreq: governor: Drop min_sampling_rate (bsc#1127042). - cpufreq: governor: Ensure sufficiently large sampling intervals (bsc#1127042). - cpufreq: imx6q: add return value check for voltage scale (bsc#1051510). - cpufreq: Use transition_delay_us for legacy governors as well (bsc#1127042). - cpuidle: big.LITTLE: fix refcount leak (bsc#1051510). - cramfs: fix abad comparison when wrap-arounds occur (bsc#1051510). - crypto: aes_ti - disable interrupts while accessing S-box (bsc#1051510). - crypto: ahash - fix another early termination in hash walk (bsc#1051510). - crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling (bsc#1051510). - crypto: arm/crct10dif - revert to C code for short inputs (bsc#1051510). - crypto: authencesn - Avoid twice completion call in decrypt path (bsc#1051510). - crypto: authenc - fix parsing key with misaligned rta_len (bsc#1051510). - crypto: bcm - convert to use crypto_authenc_extractkeys() (bsc#1051510). - crypto: brcm - Fix some set-but-not-used warning (bsc#1051510). - crypto: caam - fixed handling of sg list (bsc#1051510). - crypto: caam - fix zero-length buffer DMA mapping (bsc#1051510). - crypto: cavium/zip - fix collision with generic cra_driver_name (bsc#1051510). - crypto: crypto4xx - add missing of_node_put after of_device_is_available (bsc#1051510). - crypto: crypto4xx - Fix wrong ppc4xx_trng_probe()/ppc4xx_trng_remove() arguments (bsc#1051510). - crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails (bsc#1051510). - crypto: testmgr - skip crc32c context test for ahash algorithms (bsc#1051510). - crypto: tgr192 - fix unaligned memory access (bsc#1051510). - crypto: user - support incremental algorithm dumps (bsc#1120902). - crypto: ux500 - Use proper enum in cryp_set_dma_transfer (bsc#1051510). - crypto: ux500 - Use proper enum in hash_set_dma_transfer (bsc#1051510). - cw1200: drop useless LIST_HEAD (bsc#1051510). - cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan() (bsc#1051510). - cw1200: fix missing unlock on error in cw1200_hw_scan() (bsc#1051510). - dccp: fool proof ccid_hc_[rt]x_parse_options() (bsc#1051510). - debugfs: fix debugfs_rename parameter checking (bsc#1051510). - dlm: Do not swamp the CPU with callbacks queued during recovery (bsc#1051510). - dlm: fixed memory leaks after failed ls_remove_names allocation (bsc#1051510). - dlm: lost put_lkb on error path in receive_convert() and receive_unlock() (bsc#1051510). - dlm: memory leaks on error path in dlm_user_request() (bsc#1051510). - dlm: possible memory leak on error path in create_lkb() (bsc#1051510). - dmaengine: at_hdmac: drop useless LIST_HEAD (bsc#1051510). - dmaengine: at_hdmac: fix memory leak in at_dma_xlate() (bsc#1051510). - dmaengine: at_hdmac: fix module unloading (bsc#1051510). - dmaengine: at_xdmac: Fix wrongfull report of a channel as in use (bsc#1051510). - dmaengine: bcm2835: Fix abort of transactions (bsc#1051510). - dmaengine: bcm2835: Fix interrupt race on RT (bsc#1051510). - dmaengine: dma-jz4780: Return error if not probed from DT (bsc#1051510). - dmaengine: dmatest: Abort test in case of mapping error (bsc#1051510). - dmaengine: dw: drop useless LIST_HEAD (bsc#1051510). - dmaengine: dw: Fix FIFO size for Intel Merrifield (bsc#1051510). - dmaengine: imx-dma: fix wrong callback invoke (bsc#1051510). - dmaengine: mv_xor: Use correct device for DMA API (bsc#1051510). - dmaengine: pl330: drop useless LIST_HEAD (bsc#1051510). - dmaengine: sa11x0: drop useless LIST_HEAD (bsc#1051510). - dmaengine: st_fdma: drop useless LIST_HEAD (bsc#1051510). - dmaengine: stm32-dma: fix incomplete configuration in cyclic mode (bsc#1051510). - dmaengine: xilinx_dma: Remove __aligned attribute on zynqmp_dma_desc_ll (bsc#1051510). - dma: Introduce dma_max_mapping_size() (bsc#1120008). - dm cache metadata: verify cache has blocks in blocks_are_clean_separate_dirty() (git-fixes). - dm: call blk_queue_split() to impose device limits on bios (git-fixes). - dm: do not allow readahead to limit IO size (git-fixes). - dm thin: send event about thin-pool state change _after_ making it (git-fixes). - dm zoned: Fix target BIO completion handling (git-fixes). - doc: rcu: Suspicious RCU usage is a warning (bsc#1051510). - doc/README.SUSE: Correct description for building a kernel (bsc#1123348) - Do not log confusing message on reconnect by default (bsc#1129664). - Do not log expected error on DFS referral request (bsc#1051510). - driver core: Do not resume suppliers under device_links_write_lock() (bsc#1051510). - driver core: Move async_synchronize_full call (bsc#1051510). - drivers: core: Remove glue dirs from sysfs earlier (bsc#1051510). - drivers: hv: vmbus: Check for ring when getting debug info (bsc#1126389, bsc#1126579). - drivers: hv: vmbus: preserve hv_ringbuffer_get_debuginfo kABI (bsc#1126389, bsc#1126579). - drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels (bsc#1126389, bsc#1126579). - drivers/misc/sgi-gru: fix Spectre v1 vulnerability (bsc#1051510). - drivers/net/ethernet/qlogic/qed/qed_rdma.h: fix typo (bsc#1086314 bsc#1086313 bsc#1086301 ). - drivers/sbus/char: add of_node_put() (bsc#1051510). - drm/amdgpu: Add delay after enable RLC ucode (bsc#1051510). - drm/ast: Fix connector leak during driver unload (bsc#1051510). - drm/ast: fixed reading monitor EDID not stable issue (bsc#1051510). - drm/atomic-helper: Complete fake_commit->flip_done potentially earlier (bsc#1051510). - drm: Block fb changes for async plane updates (bsc#1051510). - drm/bridge: tc358767: add defines for DP1_SRCCTRL & PHY_2LANE (bsc#1051510). - drm/bridge: tc358767: fix initial DP0/1_SRCCTRL value (bsc#1051510). - drm/bridge: tc358767: fix output H/V syncs (bsc#1051510). - drm/bridge: tc358767: fix single lane configuration (bsc#1051510). - drm/bridge: tc358767: reject modes which require too much BW (bsc#1051510). - drm/bufs: Fix Spectre v1 vulnerability (bsc#1051510). - drm: Clear state->acquire_ctx before leaving drm_atomic_helper_commit_duplicated_state() (bsc#1051510). - drm: disable uncached DMA optimization for ARM and arm64 (bsc#1051510). - drm/etnaviv: NULL vs IS_ERR() buf in etnaviv_core_dump() (bsc#1113722) - drm/etnaviv: potential NULL dereference (bsc#1113722) - drm/fb-helper: Partially bring back workaround for bugs of SDL 1.2 (bsc#1113722) - drm: Fix error handling in drm_legacy_addctx (bsc#1113722) - drm/i915: Block fbdev HPD processing during suspend (bsc#1113722) - drm/i915/fbdev: Actually configure untiled displays (bsc#1113722) - drm/i915: Flush GPU relocs harder for gen3 (bsc#1113722) - drm/i915/gvt: Fix mmap range check (bsc#1120902) - drm/i915/gvt: free VFIO region space in vgpu detach (bsc#1113722) - drm/i915/gvt: release shadow batch buffer and wa_ctx before destroy one workload (bsc#1051510). - drm/i915/opregion: fix version check (bsc#1113722) - drm/i915/opregion: rvda is relative from opregion base in opregion (bsc#1113722) - drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set (bsc#1113722) - drm/i915: Redefine some Whiskey Lake SKUs (bsc#1051510). - drm/i915: Use the correct crtc when sanitizing plane mapping (bsc#1113722) - drm/meson: add missing of_node_put (bsc#1051510). - drm/modes: Prevent division by zero htotal (bsc#1051510). - drm/msm: Fix error return checking (bsc#1051510). - drm/msm: Grab a vblank reference when waiting for commit_done (bsc#1051510). - drm/msm: Unblock writer if reader closes file (bsc#1051510). - drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON (bsc#1113722) - drm/nouveau: Do not spew kernel WARNING for each timeout (bsc#1126480). - drm/nouveau: Do not WARN_ON VCPI allocation failures (bsc#1113722) - drm/nouveau/falcon: avoid touching registers if engine is off (bsc#1051510). - drm/nouveau/pmu: do not print reply values if exec is false (bsc#1113722) - drm/nouveau/tmr: detect stalled gpu timer and break out of waits (bsc#1123538). - drm/radeon/evergreen_cs: fix missing break in switch statement (bsc#1113722) - drm: Reorder set_property_atomic to avoid returning with an active ww_ctx (bsc#1051510). - drm/rockchip: fix for mailbox read size (bsc#1051510). - drm/shmob: Fix return value check in shmob_drm_probe (bsc#1113722) - drm/sun4i: tcon: Prepare and enable TCON channel 0 clock at init (bsc#1051510). - drm/vmwgfx: Do not double-free the mode stored in par->set_mode (bsc#1103429) - drm/vmwgfx: Fix setting of dma masks (bsc#1120902) - drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user (bsc#1120902) - e1000e: allow non-monotonic SYSTIM readings (bsc#1051510). - earlycon: Initialize port->uartclk based on clock-frequency property (bsc#1051510). - earlycon: Remove hardcoded port->uartclk initialization in of_setup_earlycon (bsc#1051510). - Enable CONFIG_RDMA_RXE=m also for ppc64le (bsc#1107665,) - enic: fix build warning without CONFIG_CPUMASK_OFFSTACK (bsc#1051510). - enic: fix checksum validation for IPv6 (bsc#1051510). - esp6: fix memleak on error path in esp6_input (bsc#1051510). - esp: Fix locking on page fragment allocation (bsc#1051510). - esp: Fix memleaks on error paths (bsc#1051510). - esp: Fix skb tailroom calculation (bsc#1051510). - exportfs: do not read dentry after free (bsc#1051510). - ext4: avoid kernel warning when writing the superblock to a dead device (bsc#1124981). - ext4: check for shutdown and r/o file system in ext4_write_inode() (bsc#1124978). - ext4: fix a potential fiemap/page fault deadlock w/ inline_data (bsc#1124980). - ext4: Fix crash during online resizing (bsc#1122779). - ext4: force inode writes when nfsd calls commit_metadata() (bsc#1125125). - ext4: include terminating u32 in size of xattr entries when expanding inodes (bsc#1124976). - ext4: make sure enough credits are reserved for dioread_nolock writes (bsc#1124979). - ext4: track writeback errors using the generic tracking infrastructure (bsc#1124982). - fanotify: fix handling of events on child sub-directory (bsc#1122019). - fat: validate ->i_start before using (bsc#1051510). - fbdev: chipsfb: remove set but not used variable 'size' (bsc#1113722) - firmware/efi: Add NULL pointer checks in efivars API functions (bsc#1051510). - Fix kabi issues with new transport sharing code (bsc#1114893). - Fix problem with sharetransport= and NFSv4 (bsc#1114893). - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510). - floppy: check_events callback should not return a negative number (bsc#1051510). - fork: do not copy inconsistent signal handler state to child (bsc#1051510). - fork: record start_time late (git-fixes). - fork: unconditionally clear stack on fork (git-fixes). - fs/cifs: require sha512 (bsc#1051510). - fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() (git-fixes). - fs/devpts: always delete dcache dentry-s in dput() (git-fixes). - fuse: call pipe_buf_release() under pipe lock (bsc#1051510). - fuse: continue to send FUSE_RELEASEDIR when FUSE_OPEN returns ENOSYS (bsc#1051510). - fuse: decrement NR_WRITEBACK_TEMP on the right page (bsc#1051510). - fuse: handle zero sized retrieve correctly (bsc#1051510). - futex: Fix (possible) missed wakeup (bsc#1050549). - gdrom: fix a memory leak bug (bsc#1051510). - geneve: cleanup hard coded value for Ethernet header length (bsc#1123456). - geneve: correctly handle ipv6.disable module parameter (bsc#1051510). - geneve, vxlan: Do not check skb_dst() twice (bsc#1123456). - geneve, vxlan: Do not set exceptions if skb->len < mtu (bsc#1123456). - genwqe: Fix size check (bsc#1051510). - gfs2: Revert 'Fix loop in gfs2_rbm_find' (bsc#1120601). - gianfar: fix a flooded alignment reports because of padding issue (bsc#1051510). - gianfar: Fix Rx byte accounting for ndev stats (bsc#1051510). - gianfar: prevent integer wrapping in the rx handler (bsc#1051510). - gpio: altera-a10sr: Set proper output level for direction_output (bsc#1051510). - gpio: pcf857x: Fix interrupts on multiple instances (bsc#1051510). - gpio: pl061: handle failed allocations (bsc#1051510). - gpio: pl061: Move irq_chip definition inside struct pl061 (bsc#1051510). - gpio: vf610: Mask all GPIO interrupts (bsc#1051510). - gpu: ipu-v3: Fix CSI offsets for imx53 (bsc#1113722) - gpu: ipu-v3: Fix i.MX51 CSI control registers offset (bsc#1113722) - gpu: ipu-v3: image-convert: Prevent race between run and unprepare (bsc#1051510). - gro_cell: add napi_disable in gro_cells_destroy (networking-stable-19_01_04). - gro_cells: make sure device is up in gro_cells_receive() (git-fixes). - hfs: do not free node before using (bsc#1051510). - hfsplus: do not free node before using (bsc#1051510). - hfsplus: prevent btree data loss on root split (bsc#1051510). - hfs: prevent btree data loss on root split (bsc#1051510). - hid: lenovo: Add checks to fix of_led_classdev_register (bsc#1051510). - hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable (git-fixes). - hvc_opal: do not set tb_ticks_per_usec in udbg_init_opal_common() (bsc#1051510). - hv: v4.12 API for hyperv-iommu (bsc#1122822). - hwmon/k10temp: Add support for AMD family 17h, model 30h CPUs (). - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (). - hwmon: (lm80) fix a missing check of bus read in lm80 probe (bsc#1051510). - hwmon: (lm80) fix a missing check of the status of smbus read (bsc#1051510). - hwmon: (lm80) Fix missing unlock on error in set_fan_div() (bsc#1051510). - hwmon: (tmp421) Correct the misspelling of the tmp442 compatible attribute in OF device ID table (bsc#1051510). - HYPERV/IOMMU: Add Hyper-V stub IOMMU driver (bsc#1122822). - i2c-axxia: check for error conditions first (bsc#1051510). - i2c: bcm2835: Clear current buffer pointers and counts after a transfer (bsc#1051510). - i2c: cadence: Fix the hold bit setting (bsc#1051510). - i2c: dev: prevent adapter retries and timeout being set as minus value (bsc#1051510). - i2c: omap: Use noirq system sleep pm ops to idle device for suspend (bsc#1051510). - i2c: sh_mobile: add support for r8a77990 (R-Car E3) (bsc#1051510). - i40e: fix mac filter delete when setting mac address (bsc#1056658 bsc#1056662). - i40e: report correct statistics when XDP is enabled (bsc#1056658 bsc#1056662). - i40e: restore NETIF_F_GSO_IPXIP to netdev features (bsc#1056658 bsc#1056662). - IB/core: Destroy QP if XRC QP fails (bsc#1046306). - IB/core: Fix potential memory leak while creating MAD agents (bsc#1046306). - IB/core: Unregister notifier before freeing MAD security (bsc#1046306). - IB/hfi1: Close race condition on user context disable and close (bsc#1060463). - IB/mlx5: Unmap DMA addr from HCA before IOMMU (bsc#1046305 ). - ibmveth: Do not process frames after calling napi_reschedule (bcs#1123357). - ibmveth: fix DMA unmap error in ibmveth_xmit_start error path (networking-stable-19_01_04). - ibmvnic: Add ethtool private flag for driver-defined queue limits (bsc#1121726). - ibmvnic: Increase maximum queue size limit (bsc#1121726). - ibmvnic: Introduce driver limits for ring sizes (bsc#1121726). - ibmvnic: Report actual backing device speed and duplex values (bsc#1129923). - ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton (bsc#1119019). - ide: pmac: add of_node_put() (bsc#1051510). - ieee802154: ca8210: fix possible u8 overflow in ca8210_rx_done (bsc#1051510). - ieee802154: lowpan_header_create check must check daddr (networking-stable-19_01_04). - igb: Fix an issue that PME is not enabled during runtime suspend (bsc#1051510). - iio: accel: kxcjk1013: Add KIOX010A acpi Hardware-ID (bsc#1051510). - iio: adc: exynos-adc: Fix NULL pointer exception on unbind (bsc#1051510). - iio: chemical: atlas-ph-sensor: correct IIO_TEMP values to millicelsius (bsc#1051510). - input: bma150 - register input device after setting private data (bsc#1051510). - input: elan_i2c - add acpi ID for touchpad in ASUS Aspire F5-573G (bsc#1051510). - input: elan_i2c - add acpi ID for touchpad in Lenovo V330-15ISK (bsc#1051510). - input: elan_i2c - add id for touchpad found in Lenovo s21e-20 (bsc#1051510). - input: elantech - enable 3rd button support on Fujitsu CELSIUS H780 (bsc#1051510). - input: omap-keypad - fix idle configuration to not block SoC idle states (bsc#1051510). - input: raspberrypi-ts - fix link error (git-fixes). - input: raspberrypi-ts - select CONFIG_INPUT_POLLDEV (git-fixes). - input: restore EV_ABS ABS_RESERVED (bsc#1051510). - input: synaptics - enable RMI on ThinkPad T560 (bsc#1051510). - input: synaptics - enable smbus for HP EliteBook 840 G4 (bsc#1051510). - input: wacom_serial4 - add support for Wacom ArtPad II tablet (bsc#1051510). - input: xpad - add support for SteelSeries Stratus Duo (bsc#1111666). - intel_th: Do not reference unassigned outputs (bsc#1051510). - intel_th: gth: Fix an off-by-one in output unassigning (bsc#1051510). - iomap: fix integer truncation issues in the zeroing and dirtying helpers (bsc#1125947). - iomap: warn on zero-length mappings (bsc#1127062). - iommu/amd: Call free_iova_fast with pfn in map_sg (bsc#1106105). - iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#1106105). - iommu/amd: Unmap all mapped pages in error path of map_sg (bsc#1106105). - iommu/dmar: Fix buffer overflow during PCI bus notification (bsc#1129181). - iommu: Document iommu_ops.is_attach_deferred() (bsc#1129182). - iommu/io-pgtable-arm-v7s: Only kmemleak_ignore L2 tables (bsc#1129205). - iommu/vt-d: Check identity map for hot-added devices (bsc#1129183). - iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions() (bsc#1106105). - iommu/vt-d: Fix NULL pointer reference in intel_svm_bind_mm() (bsc#1129184). - ip6mr: Fix potential Spectre v1 vulnerability (networking-stable-19_01_04). - ip6_tunnel: get the min mtu properly in ip6_tnl_xmit (bsc#1123456). - ip6_tunnel: use the right value for ipv4 min mtu check in ip6_tnl_xmit (bsc#1123456). - ipmi:pci: Blacklist a Realtek 'IPMI' device (git-fixes). - ipmi:ssif: Fix handling of multi-part return messages (bsc#1051510). - ip: on queued skb use skb_header_pointer instead of pskb_may_pull (git-fixes). - ipsec: check return value of skb_to_sgvec always (bsc#1051510). - ipv4: Fix potential Spectre v1 vulnerability (networking-stable-19_01_04). - ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes (networking-stable-18_12_12). - ipv4: speedup ipv6 tunnels dismantle (bsc#1122982). - ipv6: addrlabel: per netns list (bsc#1122982). - ipv6: Check available headroom in ip6_xmit() even without options (networking-stable-18_12_12). - ipv6: Consider sk_bound_dev_if when binding a socket to an address (networking-stable-19_02_01). - ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address (networking-stable-19_01_22). - ipv6: explicitly initialize udp6_addr in udp_sock_create6() (networking-stable-19_01_04). - ipv6: fix kernel-infoleak in ipv6_local_error() (networking-stable-19_01_20). - ipv6: speedup ipv6 tunnels dismantle (bsc#1122982). Refresh patches.suse/ip6_vti-fix-a-null-pointer-deference-when-destroy-vt.patch - ipv6: sr: properly initialize flowi6 prior passing to ip6_route_output (networking-stable-18_12_12). - ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses (networking-stable-19_01_22). - ipv6: tunnels: fix two use-after-free (networking-stable-19_01_04). - ip: validate header length on virtual device xmit (networking-stable-19_01_04). - ipvlan, l3mdev: fix broken l3s mode wrt local routes (networking-stable-19_02_01). - irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size (bsc#1051510). - irqchip/gic-v3-its: Do not bind LPI to unavailable NUMA node (bsc#1051510). - irqchip/gic-v3-its: Fix ITT_entry_size accessor (bsc#1051510). - iscsi target: fix session creation failure handling (bsc#1051510). - isdn: avm: Fix string plus integer warning from Clang (bsc#1051510). - isdn: fix kernel-infoleak in capi_unlocked_ioctl (bsc#1051510). - isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw() (bsc#1051510). - isdn: i4l: isdn_tty: Fix some concurrency double-free bugs (bsc#1051510). - iser: set sector for ambiguous mr status errors (bsc#1051510). - iwlwifi: mvm: avoid possible access out of array (bsc#1051510). - iwlwifi: mvm: fix A-MPDU reference assignment (bsc#1051510). - iwlwifi: mvm: fix RSS config command (bsc#1051510). - iwlwifi: pcie: fix emergency path (bsc#1051510). - iwlwifi: pcie: fix TX while flushing (bsc#1120902). - ixgbe: Be more careful when modifying MAC filters (bsc#1051510). - ixgbe: check return value of napi_complete_done() (bsc#1051510). - ixgbe: recognize 1000BaseLX SFP modules as 1Gbps (bsc#1051510). - jffs2: Fix use of uninitialized delayed_work, lockdep breakage (bsc#1051510). - kabi: cpufreq: keep min_sampling_rate in struct dbs_data (bsc#1127042). - kabi: fix xhci kABI stability (bsc#1119086). - kabi: handle addition of ip6addrlbl_table into struct netns_ipv6 (bsc#1122982). - kabi: handle addition of uevent_sock into struct net (bsc#1122982). - kabi: Preserve kABI for dma_max_mapping_size() (bsc#1120008). - kabi: protect struct sctp_association (kabi). - kabi: protect struct smc_buf_desc (bnc#1117947, LTC#173662). - kabi: protect struct smc_link (bnc#1117947, LTC#173662). - kabi: protect vhost_log_write (kabi). - kabi: restore ip_tunnel_delete_net() (bsc#1122982). - kABI workaroudn for ath9k ath_node.ackto type change (bsc#1051510). - kABI workaround for bt_accept_enqueue() change (bsc#1051510). - kABI workaround for deleted snd_hda_register_beep_device() (bsc#1122944). - kABI workaround for snd_hda_bus.bus_probing addition (bsc#1122944). - kallsyms: Handle too long symbols in kallsyms.c (bsc#1126805). - kconfig: fix file name and line number of warn_ignored_character() (bsc#1051510). - kconfig: fix line numbers for if-entries in menu tree (bsc#1051510). - kconfig: fix memory leak when EOF is encountered in quotation (bsc#1051510). - kconfig: fix the rule of mainmenu_stmt symbol (bsc#1051510). - kernel/exit.c: release ptraced tasks before zap_pid_ns_processes (git-fixes). - keys: allow reaching the keys quotas exactly (bsc#1051510). - keys: Timestamp new keys (bsc#1051510). - kgdboc: fix KASAN global-out-of-bounds bug in param_set_kgdboc_var() (bsc#1051510). - kgdboc: Fix restrict error (bsc#1051510). - kgdboc: Fix warning with module build (bsc#1051510). - kobject: add kobject_uevent_net_broadcast() (bsc#1122982). - kobject: copy env blob in one go (bsc#1122982). - kobject: factorize skb setup in kobject_uevent_net_broadcast() (bsc#1122982). - kprobes: Return error if we fail to reuse kprobe instead of BUG_ON() (bsc#1051510). - kvm: arm/arm64: Properly protect VGIC locks from IRQs (bsc#1117155). - kvm: arm/arm64: VGIC/ITS: Promote irq_lock() in update_affinity (bsc#1117155). - kvm: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock (bsc#1117155). - kvm: arm/arm64: VGIC/ITS save/restore: protect kvm_read_guest() calls (bsc#1117155). - kvm: mmu: Fix race in emulated page table writes (bsc#1129284). - kvm: nVMX: Free the VMREAD/VMWRITE bitmaps if alloc_kvm_area() fails (bsc#1129291). - kvm: nVMX: NMI-window and interrupt-window exiting should wake L2 from HLT (bsc#1129292). - kvm: nVMX: Set VM instruction error for VMPTRLD of unbacked page (bsc#1129293). - kvm: PPC: Book3S PR: Set hflag to indicate that POWER9 supports 1T segments (bsc#1124589). - kvm: sev: Fail KVM_SEV_INIT if already initialized (bsc#1114279). - kvm: vmx: Set IA32_TSC_AUX for legacy mode guests (bsc#1129294). - kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs (bsc#1127082). - kvm: x86: fix L1TF's MMIO GFN calculation (bsc#1124204). - kvm: x86: Fix single-step debugging (bsc#1129295). - kvm: x86: Use jmp to invoke kvm_spurious_fault() from .fixup (bsc#1129296). - l2tp: copy 4 more bytes to linear part if necessary (networking-stable-19_02_01). - l2tp: fix infoleak in l2tp_ip6_recvmsg() (git-fixes). - l2tp: fix reading optional fields of L2TPv3 (networking-stable-19_02_01). - lan78xx: Resolve issue with changing MAC address (bsc#1051510). - leds: lp5523: fix a missing check of return value of lp55xx_read (bsc#1051510). - leds: lp55xx: fix null deref on firmware load failure (bsc#1051510). - libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive() (bsc#1125800). - libceph: handle an empty authorize reply (bsc#1126789). - lib/div64.c: off by one in shift (bsc#1051510). - libnvdimm: Fix altmap reservation size calculation (bsc#1127682). - libnvdimm/label: Clear 'updating' flag after label-set update (bsc#1129543). - libnvdimm/pmem: Honor force_raw for legacy pmem regions (bsc#1129551). - lib/rbtree-test: lower default params (git-fixes). - lightnvm: fail fast on passthrough commands (bsc#1125780). - livepatch: Change unsigned long old_addr -> void *old_func in struct klp_func (bsc#1071995). - livepatch: Consolidate klp_free functions (bsc#1071995 ). - livepatch: core: Return EOPNOTSUPP instead of ENOSYS (bsc#1071995). - livepatch: Define a macro for new API identification (bsc#1071995). - livepatch: Do not block the removal of patches loaded after a forced transition (bsc#1071995). - livepatch: Introduce klp_for_each_patch macro (bsc#1071995 ). - livepatch: Module coming and going callbacks can proceed with all listed patches (bsc#1071995). - livepatch: Proper error handling in the shadow variables selftest (bsc#1071995). - livepatch: Remove ordering (stacking) of the livepatches (bsc#1071995). - livepatch: Remove signal sysfs attribute (bsc#1071995 ). - livepatch: return -ENOMEM on ptr_id() allocation failure (bsc#1071995). - livepatch: Send a fake signal periodically (bsc#1071995 ). - livepatch: Shuffle klp_enable_patch()/klp_disable_patch() code (bsc#1071995). - livepatch: Simplify API by removing registration step (bsc#1071995). - llc: do not use sk_eat_skb() (bsc#1051510). - lockd: fix access beyond unterminated strings in prints (git-fixes). - locking/rwsem: Fix (possible) missed wakeup (bsc#1050549). - loop: drop caches if offset or block_size are changed (bsc#1124975). - loop: Reintroduce lo_ctl_mutex removed by commit 310ca162d (bsc#1124974). - LSM: Check for NULL cred-security on free (bsc#1051510). - mac80211: Add attribute aligned(2) to struct 'action' (bsc#1051510). - mac80211: do not initiate TDLS connection if station is not associated to AP (bsc#1051510). - mac80211: ensure that mgmt tx skbs have tailroom for encryption (bsc#1051510). - mac80211: fix miscounting of ttl-dropped frames (bsc#1051510). - mac80211: fix radiotap vendor presence bitmap handling (bsc#1051510). - mac80211: Free mpath object when rhashtable insertion fails (bsc#1051510). - mac80211: Restore vif beacon interval if start ap fails (bsc#1051510). - macvlan: Only deliver one copy of the frame to the macvlan interface (bsc#1051510). - mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush timeout issue (bsc#1051510). - mdio_bus: Fix use-after-free on device_register fails (bsc#1051510). - media: adv*/tc358743/ths8200: fill in min width/height/pixelclock (bsc#1051510). - media: DaVinci-VPBE: fix error handling in vpbe_initialize() (bsc#1051510). - media: dt-bindings: media: i2c: Fix i2c address for OV5645 camera sensor (bsc#1051510). - media: firewire: Fix app_info parameter type in avc_ca{,_app}_info (bsc#1051510). - media: mtk-vcodec: Release device nodes in mtk_vcodec_init_enc_pm() (bsc#1051510). - media: s5k4ecgx: delete a bogus error message (bsc#1051510). - media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration (bsc#1051510). - media: s5p-jpeg: Correct step and max values for V4L2_CID_JPEG_RESTART_INTERVAL (bsc#1051510). - media: s5p-mfc: fix incorrect bus assignment in virtual child device (bsc#1051510). - media: usb: pwc: Do not use coherent DMA buffers for ISO transfer (bsc#1054610). - media: uvcvideo: Avoid NULL pointer dereference at the end of streaming (bsc#1051510). - media: uvcvideo: Fix 'type' check leading to overflow (bsc#1051510). - media: v4l2: i2c: ov7670: Fix PLL bypass register values (bsc#1051510). - media: v4l2-tpg: array index could become negative (bsc#1051510). - media: v4l: ioctl: Validate num_planes for debug messages (bsc#1051510). - media: vb2: be sure to unlock mutex on errors (bsc#1051510). - media: vb2: vb2_mmap: move lock up (bsc#1051510). - media: vivid: fix error handling of kthread_run (bsc#1051510). - media: vivid: free bitmap_cap when updating std/timings/etc (bsc#1051510). - media: vivid: set min width/height to a value > 0 (bsc#1051510). - memstick: Prevent memstick host from getting runtime suspended during card detection (bsc#1051510). - mfd: ab8500-core: Return zero in get_register_interruptible() (bsc#1051510). - mfd: db8500-prcmu: Fix some section annotations (bsc#1051510). - mfd: mc13xxx: Fix a missing check of a register-read failure (bsc#1051510). - mfd: mt6397: Do not call irq_domain_remove if PMIC unsupported (bsc#1051510). - mfd: qcom_rpm: write fw_version to CTRL_REG (bsc#1051510). - mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells (bsc#1051510). - mfd: tps65218: Use devm_regmap_add_irq_chip and clean up error path in probe() (bsc#1051510). - mfd: tps6586x: Handle interrupts on suspend (bsc#1051510). - mfd: twl-core: Fix section annotations on {,un}protect_pm_master (bsc#1051510). - mfd: wm5110: Add missing ASRC rate register (bsc#1051510). - misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data (bsc#1051510). - misc: hmc6352: fix potential Spectre v1 (bsc#1051510). - misc: hpilo: Do not claim unsupported hardware (bsc#1129330). - misc: hpilo: Exclude unsupported device via blacklist (bsc#1129330). - misc: mic/scif: fix copy-paste error in scif_create_remote_lookup (bsc#1051510). - misc: mic: SCIF Fix scif_get_new_port() error handling (bsc#1051510). - misc: sram: enable clock before registering regions (bsc#1051510). - misc: sram: fix resource leaks in probe error path (bsc#1051510). - misc: ti-st: Fix memory leak in the error path of probe() (bsc#1051510). - misc: vexpress: Off by one in vexpress_syscfg_exec() (bsc#1051510). - mISDN: fix a race in dev_expire_timer() (bsc#1051510). - mlx4: trigger IB events needed by SMC (bnc#1117947, LTC#173662). - mlxsw: __mlxsw_sp_port_headroom_set(): Fix a use of local variable (git-fixes). - mlxsw: spectrum: Disable lag port TX before removing it (networking-stable-19_01_22). - mmap: introduce sane default mmap limits (git fixes (mm/mmap)). - mmap: relax file size limit for regular files (git fixes (mm/mmap)). - mmc: atmel-mci: do not assume idle after atmci_request_end (bsc#1051510). - mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1051510). - mmc: bcm2835: Recover from MMC_SEND_EXT_CSD (bsc#1051510). - mmc: dw_mmc-bluefield: : Fix the license information (bsc#1051510). - mmc: Kconfig: Enable CONFIG_MMC_SDHCI_IO_ACCESSORS (bsc#1051510). - mmc: omap: fix the maximum timeout setting (bsc#1051510). - mmc: sdhci-brcmstb: handle mmc_of_parse() errors during probe (bsc#1051510). - mmc: sdhci-esdhc-imx: fix HS400 timing issue (bsc#1051510). - mmc: sdhci-iproc: handle mmc_of_parse() errors during probe (bsc#1051510). - mmc: sdhci-of-esdhc: Fix timeout checks (bsc#1051510). - mmc: sdhci-xenon: Fix timeout checks (bsc#1051510). - mmc: spi: Fix card detection during probe (bsc#1051510). - mm: do not drop unused pages when userfaultd is running (git fixes (mm/userfaultfd)). - mm/hmm: hmm_pfns_bad() was accessing wrong struct (git fixes (mm/hmm)). - mm: hwpoison: use do_send_sig_info() instead of force_sig() (git fixes (mm/hwpoison)). - mm/ksm.c: ignore STABLE_FLAG of rmap_item->address in rmap_walk_ksm() (git fixes (mm/ksm)). - mm: madvise(MADV_DODUMP): allow hugetlbfs pages (git fixes (mm/madvise)). - mm,memory_hotplug: fix scan_movable_pages() for gigantic hugepages (bsc#1127731). - mm: migrate: do not rely on __PageMovable() of newpage after unlocking it (git fixes (mm/migrate)). - mm: migrate: lock buffers before migrate_page_move_mapping() (bsc#1084216). - mm: migrate: Make buffer_migrate_page_norefs() actually succeed (bsc#1084216) - mm: migrate: provide buffer_migrate_page_norefs() (bsc#1084216). - mm: migration: factor out code to compute expected number of page references (bsc#1084216). - mm, oom: fix use-after-free in oom_kill_process (git fixes (mm/oom)). - mm: use swp_offset as key in shmem_replace_page() (git fixes (mm/shmem)). - mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed (git fixes (mm/vmscan)). - Moved patches.fixes/x86-add-tsx-force-abort-cpuid-msr.patch to patches.arch/ and added upstream tags (bsc#1129363) patches.arch/x86-add-tsx-force-abort-cpuid-msr - Move the upstreamed HD-audio fix into sorted section - mpt3sas: check sense buffer before copying sense data (bsc#1106811). - mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking (bsc#1051510). - mtd: cfi_cmdset_0002: Change write buffer to check correct value (bsc#1051510). - mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips (bsc#1051510). - mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary (bsc#1051510). - mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() (bsc#1051510). - mtdchar: fix overflows in adjustment of `count` (bsc#1051510). - mtdchar: fix usage of mtd_ooblayout_ecc() (bsc#1051510). - mtd: docg3: do not set conflicting BCH_CONST_PARAMS option (bsc#1051510). - mtd/maps: fix solutionengine.c printk format warnings (bsc#1051510). - mtd: mtd_oobtest: Handle bitflips during reads (bsc#1051510). - mtd: nand: atmel: fix buffer overflow in atmel_pmecc_user (bsc#1051510). - mtd: nand: atmel: Fix get_sectorsize() function (bsc#1051510). - mtd: nand: atmel: fix of_irq_get() error check (bsc#1051510). - mtd: nand: brcmnand: Disable prefetch by default (bsc#1051510). - mtd: nand: brcmnand: Zero bitflip is not an error (bsc#1051510). - mtd: nand: denali_pci: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bsc#1051510). - mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]() (bsc#1051510). - mtd: nand: Fix nand_do_read_oob() return value (bsc#1051510). - mtd: nand: Fix writing mtdoops to nand flash (bsc#1051510). - mtd: nand: fsl_ifc: Fix nand waitfunc return value (bsc#1051510). - mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM (bsc#1051510). - mtd: nand: ifc: update bufnum mask for ver >= 2.0.0 (bsc#1051510). - mtd: nand: mtk: fix infinite ECC decode IRQ issue (bsc#1051510). - mtd: nand: omap2: Fix subpage write (bsc#1051510). - mtd: nand: pxa3xx: Fix READOOB implementation (bsc#1051510). - mtd: nand: qcom: Add a NULL check for devm_kasprintf() (bsc#1051510). - mtd: nandsim: remove debugfs entries in error path (bsc#1051510). - mtd: nand: sunxi: Fix ECC strength choice (bsc#1051510). - mtd: nand: sunxi: fix potential divide-by-zero error (bsc#1051510). - mtd: nand: vf610: set correct ooblayout (bsc#1051510). - mtd: spi-nor: cadence-quadspi: Fix page fault kernel panic (bsc#1051510). - mtd: spi-nor: Fix Cadence QSPI page fault kernel panic (bsc#1051510). - mtd: spi-nor: fsl-quadspi: fix read error for flash size larger than 16MB (bsc#1051510). - mtd: spi-nor: stm32-quadspi: Fix uninitialized error return code (bsc#1051510). - mv88e6060: disable hardware level MAC learning (bsc#1051510). - nbd: Use set_blocksize() to set device blocksize (bsc#1124984). - neighbour: Avoid writing before skb->head in neigh_hh_output() (networking-stable-18_12_12). - net: 8139cp: fix a BUG triggered by changing mtu with network traffic (networking-stable-18_12_12). - net: add uevent socket member (bsc#1122982). - net: aquantia: driver should correctly declare vlan_features bits (bsc#1051510). - net: aquantia: fixed instack structure overflow (git-fixes). - net: aquantia: Fix hardware DMA stream overload on large MRRS (bsc#1051510). - net: bcmgenet: abort suspend on error (bsc#1051510). - net: bcmgenet: code movement (bsc#1051510). - net: bcmgenet: fix OF child-node lookup (bsc#1051510). - net: bcmgenet: remove HFB_CTRL access (bsc#1051510). - net: bcmgenet: return correct value 'ret' from bcmgenet_power_down (bsc#1051510). - net: bridge: fix a bug on using a neighbour cache entry without checking its state (networking-stable-19_01_20). - net: bridge: Fix ethernet header pointer before check skb forwardable (networking-stable-19_01_26). - net: core: Fix Spectre v1 vulnerability (networking-stable-19_01_04). - net: do not call update_pmtu unconditionally (bsc#1123456). - net: Do not default Cavium PTP driver to 'y' (bsc#1110096). - net: dp83640: expire old TX-skb (networking-stable-19_02_10). - net: dsa: mv88e6xxx: handle unknown duplex modes gracefully in mv88e6xxx_port_set_duplex (git-fixes). - net: dsa: mv88x6xxx: mv88e6390 errata (networking-stable-19_01_22). - net: dsa: slave: Do not propagate flag changes on down slave interfaces (networking-stable-19_02_10). - net: ena: fix race between link up and device initalization (bsc#1083548). - netfilter: nf_tables: check the result of dereferencing base_chain->stats (git-fixes). - net: Fix usage of pskb_trim_rcsum (networking-stable-19_01_26). - net/hamradio/6pack: use mod_timer() to rearm timers (networking-stable-19_01_04). - net: hns3: add error handler for hns3_nic_init_vector_data() (bsc#1104353). - net: hns3: add handling for big TX fragment (bsc#1104353 ). - net: hns3: Fix client initialize state issue when roce client initialize failed (bsc#1104353). - net: hns3: Fix for loopback selftest failed problem (bsc#1104353 ). - net: hns3: fix for multiple unmapping DMA problem (bsc#1104353 ). - net: hns3: Fix tc setup when netdev is first up (bsc#1104353 ). - net: hns3: Fix tqp array traversal condition for vf (bsc#1104353 ). - net: hns3: move DMA map into hns3_fill_desc (bsc#1104353 ). - net: hns3: remove hns3_fill_desc_tso (bsc#1104353). - net: hns3: rename hns_nic_dma_unmap (bsc#1104353). - net: hns3: rename the interface for init_client_instance and uninit_client_instance (bsc#1104353). - net: ipv4: Fix memory leak in network namespace dismantle (networking-stable-19_01_26). - net: macb: restart tx after tx used bit read (networking-stable-19_01_04). - net/mlx4_core: Add masking for a few queries on HCA caps (networking-stable-19_02_01). - net/mlx4_core: Fix locking in SRIOV mode when switching between events and polling (git-fixes). - net/mlx4_core: Fix qp mtt size calculation (git-fixes). - net/mlx4_core: Fix reset flow when in command polling mode (git-fixes). - net/mlx4_en: Change min MTU size to ETH_MIN_MTU (networking-stable-18_12_12). - net/mlx5e: Allow MAC invalidation while spoofchk is ON (networking-stable-19_02_01). - net/mlx5e: IPoIB, Fix RX checksum statistics update (git-fixes). - net/mlx5e: Remove the false indication of software timestamping support (networking-stable-19_01_04). - net/mlx5e: RX, Fix wrong early return in receive queue poll (bsc#1046305). - net/mlx5: fix uaccess beyond 'count' in debugfs read/write handlers (git-fixes). - net/mlx5: Release resource on error flow (git-fixes). - net/mlx5: Return success for PAGE_FAULT_RESUME in internal error state (git-fixes). - net/mlx5: Typo fix in del_sw_hw_rule (networking-stable-19_01_04). - net/mlx5: Use multi threaded workqueue for page fault handling (git-fixes). - net: netem: fix skb length BUG_ON in __skb_to_sgvec (git-fixes). - netns: restrict uevents (bsc#1122982). - net: phy: do not allow __set_phy_supported to add unsupported modes (networking-stable-18_12_12). - net: phy: Fix the issue that netif always links up after resuming (networking-stable-19_01_04). - net: phy: marvell: Errata for mv88e6390 internal PHYs (networking-stable-19_01_26). - net: phy: mdio_bus: add missing device_del() in mdiobus_register() error handling (networking-stable-19_01_26). - net: phy: Micrel KSZ8061: link failure after cable connect (git-fixes). - netrom: fix locking in nr_find_socket() (networking-stable-19_01_04). - netrom: switch to sock timer API (bsc#1051510). - net/rose: fix NULL ax25_cb kernel panic (networking-stable-19_02_01). - net/sched: act_tunnel_key: fix memory leak in case of action replace (networking-stable-19_01_26). - net_sched: refetch skb protocol for each filter (networking-stable-19_01_26). - net: set default network namespace in init_dummy_netdev() (networking-stable-19_02_01). - net: skb_scrub_packet(): Scrub offload_fwd_mark (networking-stable-18_12_03). - net/smc: abort CLC connection in smc_release (bnc#1117947, LTC#173662). - net/smc: add infrastructure to send delete rkey messages (bnc#1117947, LTC#173662). - net/smc: add SMC-D shutdown signal (bnc#1117947, LTC#173662). - net/smc: allow fallback after clc timeouts (bnc#1117947, LTC#173662). - net/smc: atomic SMCD cursor handling (bnc#1117947, LTC#173662). - net/smc: avoid a delay by waiting for nothing (bnc#1117947, LTC#173662). - net/smc: cleanup listen worker mutex unlocking (bnc#1117947, LTC#173662). - net/smc: cleanup tcp_listen_worker initialization (bnc#1117947, LTC#173662). - net/smc: enable fallback for connection abort in state INIT (bnc#1117947, LTC#173662). - net/smc: fix non-blocking connect problem (bnc#1117947, LTC#173662). - net/smc: fix sizeof to int comparison (bnc#1117947, LTC#173662). - net/smc: fix smc_buf_unuse to use the lgr pointer (bnc#1117947, LTC#173662). - net/smc: fix TCP fallback socket release (networking-stable-19_01_04). - net/smc: make smc_lgr_free() static (bnc#1117947, LTC#173662). - net/smc: no link delete for a never active link (bnc#1117947, LTC#173662). - net/smc: no urgent data check for listen sockets (bnc#1117947, LTC#173662). - net/smc: remove duplicate mutex_unlock (bnc#1117947, LTC#173662). - net/smc: remove sock_error detour in clc-functions (bnc#1117947, LTC#173662). - net/smc: short wait for late smc_clc_wait_msg (bnc#1117947, LTC#173662). - net/smc: unregister rkeys of unused buffer (bnc#1117947, LTC#173662). - net/smc: use after free fix in smc_wr_tx_put_slot() (bnc#1117947, LTC#173662). - net/smc: use queue pair number when matching link group (bnc#1117947, LTC#173662). - net: stmmac: Fix a race in EEE enable callback (git-fixes). - net: stmmac: fix broken dma_interrupt handling for multi-queues (git-fixes). - net: stmmac: Fix PCI module removal leak (git-fixes). - net: stmmac: handle endianness in dwmac4_get_timestamp (git-fixes). - net: stmmac: Use mutex instead of spinlock (git-fixes). - net: systemport: Fix WoL with password after deep sleep (networking-stable-19_02_10). - net: thunderx: fix NULL pointer dereference in nic_remove (git-fixes). - net: thunderx: set tso_hdrs pointer to NULL in nicvf_free_snd_queue (networking-stable-18_12_03). - net: thunderx: set xdp_prog to NULL if bpf_prog_add fails (networking-stable-18_12_03). - net/wan: fix a double free in x25_asy_open_tty() (networking-stable-19_01_04). - nfit: acpi_nfit_ctl(): Check out_obj->type in the right place (bsc#1129547). - nfit/ars: Attempt a short-ARS whenever the ARS state is idle at boot (bsc#1051510). - nfit/ars: Attempt short-ARS even in the no_init_ars case (bsc#1051510). - nfp: bpf: fix ALU32 high bits clearance bug (git-fixes). - nfs: Allow NFSv4 mounts to not share transports (). - nfsd: COPY and CLONE operations require the saved filehandle to be set (git-fixes). - nfsd: Fix an Oops in free_session() (git-fixes). - nfs: Fix a missed page unlock after pg_doio() (git-fixes). - nfs: Fix up return value on fatal errors in nfs_page_async_flush() (git-fixes). - nfs: support 'nosharetransport' option (bnc#807502, bnc#828192, ). - nfsv4.1: Fix the r/wsize checking (git-fixes). - nfsv4: Do not exit the state manager without clearing NFS4CLNT_MANAGER_RUNNING (git-fixes). - niu: fix missing checks of niu_pci_eeprom_read (bsc#1051510). - ntb_transport: Fix bug with max_mw_size parameter (bsc#1051510). - nvme-fc: reject reconnect if io queue count is reduced to zero (bsc#1128351). - nvme: flush namespace scanning work just before removing namespaces (bsc#1108101). - nvme: kABI fix for scan_lock (bsc#1123882). - nvme: lock NS list changes while handling command effects (bsc#1123882). - nvme-loop: fix kernel oops in case of unhandled command (bsc#1126807). - nvme-multipath: drop optimization for static ANA group IDs (bsc#1113939). - nvme-multipath: round-robin I/O policy (bsc#1110705). - nvme-pci: fix out of bounds access in nvme_cqe_pending (bsc#1127595). - of, numa: Validate some distance map rules (bsc#1051510). - of: unittest: Disable interrupt node tests for old world MAC systems (bsc#1051510). - omap2fb: Fix stack memory disclosure (bsc#1120902) - openvswitch: Avoid OOB read when parsing flow nlattrs (bsc#1051510). - openvswitch: fix the incorrect flow action alloc size (bsc#1051510). - openvswitch: Remove padding from packet before L3+ conntrack processing (bsc#1051510). - packet: Do not leak dev refcounts on error exit (git-fixes). - packet: validate address length if non-zero (networking-stable-19_01_04). - packet: validate address length (networking-stable-19_01_04). - parport_pc: fix find_superio io compare code, should use equal test (bsc#1051510). - Partially revert 'block: fail op_is_write() requests to (bsc#1125252). - PCI: add USR vendor id and use it in r8169 and w6692 driver (networking-stable-19_01_22). - PCI: Disable broken RTIT_BAR of Intel TH (bsc#1120318). - pci: endpoint: functions: Use memcpy_fromio()/memcpy_toio() (bsc#1051510). - pci-hyperv: increase HV_VP_SET_BANK_COUNT_MAX to handle 1792 vcpus (bsc#1122822). - pci/PME: Fix hotplug/sysfs remove deadlock in pcie_pme_remove() (bsc#1051510). - pci: qcom: Do not deassert reset GPIO during probe (bsc#1129281). - pcrypt: use format specifier in kobject_add (bsc#1051510). - perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805). - perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805). - perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805). - perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805). - perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805). - perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805). - perf/x86/intel: Fix memory corruption (bsc#1121805). - perf/x86/intel: Fix memory corruption (bsc#1121805). - perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805). - perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805). - perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805). - perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805). - perf/x86/intel: Make cpuc allocations consistent (bsc#1121805). - perf/x86/intel: Make cpuc allocations consistent (bsc#1121805). - phonet: af_phonet: Fix Spectre v1 vulnerability (networking-stable-19_01_04). - phy: allwinner: sun4i-usb: poll vbus changes on A23/A33 when driving VBUS (bsc#1051510). - phy: qcom-qmp: Fix failure path in phy_init functions (bsc#1051510). - phy: qcom-qmp: Fix phy pipe clock gating (bsc#1051510). - phy: renesas: rcar-gen3-usb2: fix vbus_ctrl for role sysfs (bsc#1051510). - phy: rockchip-emmc: retry calpad busy trimming (bsc#1051510). - phy: sun4i-usb: add support for missing USB PHY index (bsc#1051510). - phy: tegra: remove redundant self assignment of 'map' (bsc#1051510). - phy: work around 'phys' references to usb-nop-xceiv devices (bsc#1051510). - pinctrl: max77620: Use define directive for max77620_pinconf_param values (bsc#1051510). - pinctrl: meson: fix pull enable register calculation (bsc#1051510). - pinctrl: meson: meson8b: fix the GPIO function for the GPIOAO pins (bsc#1051510). - pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins (bsc#1051510). - pinctrl: meson: meson8: fix the GPIO function for the GPIOAO pins (bsc#1051510). - pinctrl: msm: fix gpio-hog related boot issues (bsc#1051510). - pinctrl: sh-pfc: emev2: Add missing pinmux functions (bsc#1051510). - pinctrl: sh-pfc: r8a7740: Add missing LCD0 marks to lcd0_data24_1 group (bsc#1051510). - pinctrl: sh-pfc: r8a7740: Add missing REF125CK pin to gether_gmii group (bsc#1051510). - pinctrl: sh-pfc: r8a7778: Fix HSPI pin numbers and names (bsc#1051510). - pinctrl: sh-pfc: r8a7791: Fix scifb2_data_c pin group (bsc#1051510). - pinctrl: sh-pfc: r8a7791: Remove bogus ctrl marks from qspi_data4_b group (bsc#1051510). - pinctrl: sh-pfc: r8a7791: Remove bogus marks from vin1_b_data18 group (bsc#1051510). - pinctrl: sh-pfc: r8a7792: Fix vin1_data18_b pin group (bsc#1051510). - pinctrl: sh-pfc: r8a7794: Remove bogus IPSR9 field (bsc#1051510). - pinctrl: sh-pfc: sh7264: Fix PFCR3 and PFCR0 register configuration (bsc#1051510). - pinctrl: sh-pfc: sh7269: Add missing PCIOR0 field (bsc#1051510). - pinctrl: sh-pfc: sh73a0: Add missing TO pin to tpu4_to3 group (bsc#1051510). - pinctrl: sh-pfc: sh73a0: Fix fsic_spdif pin groups (bsc#1051510). - pinctrl: sh-pfc: sh7734: Add missing IPSR11 field (bsc#1051510). - pinctrl: sh-pfc: sh7734: Fix shifted values in IPSR10 (bsc#1051510). - pinctrl: sh-pfc: sh7734: Remove bogus IPSR10 value (bsc#1051510). - pinctrl: sunxi: a64: Rename function csi0 to csi (bsc#1051510). - pinctrl: sunxi: a64: Rename function ts0 to ts (bsc#1051510). - pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11 (bsc#1051510). - pinctrl: sx150x: handle failure case of devm_kstrdup (bsc#1051510). - pktcdvd: Fix possible Spectre-v1 for pkt_devs (bsc#1051510). - platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes (bsc#1051510). - platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK (bsc#1051510). - platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey (bsc#1051510). - platform/x86: Fix unmet dependency warning for SAMSUNG_Q10 (bsc#1051510). - powerpc/64s: Clear on-stack exception marker upon exception return (bsc#1071995). - powerpc: Add an option to disable static PCI bus numbering (bsc#1122159). - powerpc: Always save/restore checkpointed regs during treclaim/trecheckpoint (bsc#1118338). - powerpc/cacheinfo: Report the correct shared_cpu_map on big-cores (bsc#1109695). - powerpc: Detect the presence of big-cores via 'ibm, thread-groups' (bsc#1109695). - powerpc/livepatch: relax reliable stack tracer checks for first-frame (bsc#1071995). - powerpc/livepatch: small cleanups in save_stack_trace_tsk_reliable() (bsc#1071995). - powerpc: make use of for_each_node_by_type() instead of open-coding it (bsc#1109695). - powerpc/powernv: Clear LPCR[PECE1] via stop-api only for deep state offline (bsc#1119766, bsc#1055121). - powerpc/powernv: Clear PECE1 in LPCR via stop-api only on Hotplug (bsc#1119766, bsc#1055121). - powerpc/pseries: export timebase register sample in lparcfg (bsc#1127750). - powerpc/pseries: Perform full re-add of CPU for topology update post-migration (bsc#1125728). - powerpc: Remove facility loadups on transactional {fp, vec, vsx} unavailable (bsc#1118338). - powerpc: Remove redundant FP/Altivec giveup code (bsc#1118338). - powerpc/setup: Add cpu_to_phys_id array (bsc#1109695). - powerpc/smp: Add cpu_l2_cache_map (bsc#1109695). - powerpc/smp: Add Power9 scheduler topology (bsc#1109695). - powerpc/smp: Rework CPU topology construction (bsc#1109695). - powerpc/smp: Use cpu_to_chip_id() to find core siblings (bsc#1109695). - powerpc/tm: Avoid machine crash on rt_sigreturn (bsc#1118338). - powerpc/tm: Do not check for WARN in TM Bad Thing handling (bsc#1118338). - powerpc/tm: Fix comment (bsc#1118338). - powerpc/tm: Fix endianness flip on trap (bsc#1118338). - powerpc/tm: Fix HFSCR bit for no suspend case (bsc#1118338). - powerpc/tm: Fix HTM documentation (bsc#1118338). - powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM (bsc#1118338). - powerpc/tm: P9 disable transactionally suspended sigcontexts (bsc#1118338). - powerpc/tm: Print 64-bits MSR (bsc#1118338). - powerpc/tm: Print scratch value (bsc#1118338). - powerpc/tm: Reformat comments (bsc#1118338). - powerpc/tm: Remove msr_tm_active() (bsc#1118338). - powerpc/tm: Remove struct thread_info param from tm_reclaim_thread() (bsc#1118338). - powerpc/tm: Save MSR to PACA before RFID (bsc#1118338). - powerpc/tm: Set MSR[TS] just prior to recheckpoint (bsc#1118338, bsc#1120955). - powerpc/tm: Unset MSR[TS] if not recheckpointing (bsc#1118338). - powerpc/tm: Update function prototype comment (bsc#1118338). - powerpc: Use cpu_smallcore_sibling_mask at SMT level on bigcores (bsc#1109695). - powerpc/xmon: Fix invocation inside lock region (bsc#1122885). - pptp: dst_release sk_dst_cache in pptp_sock_destruct (git-fixes). - proc/sysctl: do not return ENOMEM on lookup when a table is unregistering (git-fixes). - pseries/energy: Use OF accessor function to read ibm,drc-indexes (bsc#1129080). - pstore/ram: Avoid allocation and leak of platform data (bsc#1051510). - pstore/ram: Avoid NULL deref in ftrace merging failure path (bsc#1051510). - pstore/ram: Correctly calculate usable PRZ bytes (bsc#1051510). - pstore/ram: Do not treat empty buffers as valid (bsc#1051510). - ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl (bsc#1051510). - ptp: Fix pass zero to ERR_PTR() in ptp_clock_register (bsc#1051510). - ptp_kvm: probe for kvm guest availability (bsc#1098382). - ptr_ring: wrap back ->producer in __ptr_ring_swap_queue() (networking-stable-19_01_04). - Put the xhci fix patch to the right place in the sorted section - qed: Avoid constant logical operation warning in qed_vf_pf_acquire (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Avoid implicit enum conversion in qed_iwarp_parse_rx_pkt (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Avoid implicit enum conversion in qed_roce_mode_to_flavor (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Avoid implicit enum conversion in qed_set_tunn_cls_info (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Fix an error code qed_ll2_start_xmit() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix bitmap_weight() check (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix blocking/unlimited SPQ entries leak (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix command number mismatch between driver and the mfw (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Fix mask parameter in qed_vf_prep_tunn_req_tlv (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix memory/entry leak in qed_init_sp_request() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix potential memory corruption (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix PTT leak in qed_drain() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix QM getters to always return a valid pq (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix rdma_info structure allocation (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix reading wrong value in loop condition (bsc#1086314 bsc#1086313 bsc#1086301). - qla2xxx: Fixup dual-protocol FCP connections (bsc#1108870). - qmi_wwan: Added support for Fibocom NL668 series (networking-stable-19_01_04). - qmi_wwan: Added support for Telit LN940 series (networking-stable-19_01_04). - qmi_wwan: add MTU default to qmap network interface (networking-stable-19_01_22). - qmi_wwan: Add support for Fibocom NL678 series (networking-stable-19_01_04). - r8169: Add support for new Realtek Ethernet (networking-stable-19_01_22). - r8169: use PCI_VDEVICE macro (networking-stable-19_01_22). - rapidio/rionet: do not free skb before reading its length (networking-stable-18_12_03). - rbd: do not return 0 on unmap if RBD_DEV_FLAG_REMOVING is set (bsc#1125797). - rcu: Fix up pending cbs check in rcu_prepare_for_idle (git fixes (kernel/rcu)). - rcu: Make need_resched() respond to urgent RCU-QS needs (git fixes (kernel/rcu)). - rdma/core: Fix unwinding flow in case of error to register device (bsc#1046306). - rdma/vmw_pvrdma: Support upto 64-bit PFNs (bsc#1127285). - Refresh patches.suse/scsi-do-not-print-reservation-conflict-for-TEST-UNIT.patch (bsc#1119843) - regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting (bsc#1051510). - regulator: pv88060: Fix array out-of-bounds access (bsc#1051510). - regulator: pv88080: Fix array out-of-bounds access (bsc#1051510). - regulator: pv88090: Fix array out-of-bounds access (bsc#1051510). - regulator: s2mps11: Fix steps for buck7, buck8 and LDO35 (bsc#1051510). - regulator: wm831x-dcdc: Fix list of wm831x_dcdc_ilim from mA to uA (bsc#1051510). - Remove blacklist of virtio patch so we can install it (bsc#1114585) - Revert 'drm/rockchip: Allow driver to be shutdown on reboot/kexec' (bsc#1051510). - Revert 'input: elan_i2c - add acpi ID for touchpad in ASUS Aspire F5-573G' (bsc#1051510). - Revert 'openvswitch: Fix template leak in error cases.' (bsc#1051510). - Revert 'scsi: qla2xxx: Fix NVMe Target discovery' (bsc#1125252). - Revert 'serial: 8250: Fix clearing FIFOs in RS485 mode again' (bsc#1051510). - Revert the previous merge of drm fixes The branch was merged mistakenly and breaks the build. Revert it. - Revert 'xhci: Reset Renesas uPD72020x USB controller for 32-bit DMA issue' (bsc#1120854). - rocker: fix rocker_tlv_put_* functions for KASAN (bsc#1051510). - rpm/kernel-binary.spec.in: fix initrd permissions (bsc#1123697) dracut has been using permissions 0600 for the initrd for a long time. - rpm/kernel-source.changes.old: Really drop old changelogs (bsc#1098995) - rt2800: enable TX_PIN_CFG_RFRX_EN only for MT7620 (bsc#1120902). - rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices (networking-stable-18_12_12). - rxrpc: bad unlock balance in rxrpc_recvmsg (networking-stable-19_02_10). - s390/cio: Fix how vfio-ccw checks pinned pages (git-fixes). - s390/cpum_cf: Reject request for sampling in event initialization (git-fixes). - s390/early: improve machine detection (git-fixes). - s390/ism: clear dmbe_mask bit before SMC IRQ handling (bnc#1117947, LTC#173662). - s390/mm: always force a load of the primary ASCE on context switch (git-fixes). - s390/mm: fix addressing exception after suspend/resume (bsc#1125252). - s390/qeth: cancel close_dev work before removing a card (LTC#175898, bsc#1127561). - s390/qeth: conclude all event processing before offlining a card (LTC#175901, bsc#1127567). - s390/qeth: fix use-after-free in error path (bsc#1127534). - s390/qeth: invoke softirqs after napi_schedule() (git-fixes). - s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU (git-fixes). - s390/smp: fix CPU hotplug deadlock with CPU rescan (git-fixes). - s390/sthyi: Fix machine name validity indication (git-fixes). - s390/zcrypt: fix specification exception on z196 during ap probe (LTC#174936, bsc#1123061). - sata_rcar: fix deferred probing (bsc#1051510). - sbus: char: add of_node_put() (bsc#1051510). - sc16is7xx: Fix for multi-channel stall (bsc#1051510). - sched: Do not re-read h_load_next during hierarchical load calculation (bnc#1120909). - sched/wait: Fix rcuwait_wake_up() ordering (git-fixes). - sched/wake_q: Document wake_q_add() (bsc#1050549). - sched/wake_q: Fix wakeup ordering for wake_q (bsc#1050549). - sched/wake_q: Reduce reference counting for special users (bsc#1050549). - sch_multiq: fix double free on init failure (bsc#1051510). - scsi: core: reset host byte in DID_NEXUS_FAILURE case (bsc#1122764). - scsi: csiostor: remove flush_scheduled_work() (bsc#1127363). - scsi: fix queue cleanup race before queue initialization is done (bsc#1125252). - scsi: ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - scsi: ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton (bsc#1119019). - scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task (bsc#1122192). - scsi: lpfc: Add log messages to aid in debugging fc4type discovery issues (bsc#1121317). - scsi: lpfc: Correct MDS loopback diagnostics support (bsc#1121317). - scsi: lpfc: do not set queue->page_count to 0 if pc_sli4_params.wqpcnt is invalid (bsc#1121317). - scsi: lpfc: Fix discovery failure when PLOGI is defered (bsc#1121317). - scsi: lpfc: Fix link state reporting for trunking when adapter is offline (bsc#1121317). - scsi: lpfc: fix remoteport access (bsc#1125252). - scsi: lpfc: remove an unnecessary NULL check (bsc#1121317). - scsi: lpfc: update fault value on successful trunk events (bsc#1121317). - scsi: lpfc: Update lpfc version to 12.0.0.10 (bsc#1121317). - scsi: mpt3sas: Add ioc_<level> logging macros (bsc#1117108). - scsi: mpt3sas: Annotate switch/case fall-through (bsc#1117108). - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT and reply_q_name to %s: (bsc#1117108). - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT without logging levels (bsc#1117108). - scsi: mpt3sas: Convert mlsleading uses of pr_<level> with MPT3SAS_FMT (bsc#1117108). - scsi: mpt3sas: Convert uses of pr_<level> with MPT3SAS_FMT to ioc_<level> (bsc#1117108). - scsi: mpt3sas: Fix a race condition in mpt3sas_base_hard_reset_handler() (bsc#1117108). - scsi: mpt3sas: Fix indentation (bsc#1117108). - scsi: mpt3sas: Improve kernel-doc headers (bsc#1117108). - scsi: mpt3sas: Introduce struct mpt3sas_nvme_cmd (bsc#1117108). - scsi: mpt3sas: Remove KERN_WARNING from panic uses (bsc#1117108). - scsi: mpt3sas: Remove set-but-not-used variables (bsc#1117108). - scsi: mpt3sas: Remove unnecessary parentheses and simplify null checks (bsc#1117108). - scsi: mpt3sas: Remove unused macro MPT3SAS_FMT (bsc#1117108). - scsi: mpt3sas: Split _base_reset_handler(), mpt3sas_scsih_reset_handler() and mpt3sas_ctl_reset_handler() (bsc#1117108). - scsi: mpt3sas: Swap I/O memory read value back to cpu endianness (bsc#1117108). - scsi: mpt3sas: switch to generic DMA API (bsc#1117108). - scsi: mpt3sas: Use dma_pool_zalloc (bsc#1117108). - scsi: mptsas: Fixup device hotplug for VMWare ESXi (bsc#1129046). - scsi: qedi: Add ep_state for login completion on un-reachable targets (bsc#1113712). - scsi: qla2xxx: Enable FC-NVME on NPIV ports (bsc#1094555). - scsi: qla2xxx: Fix a typo in MODULE_PARM_DESC (bsc#1094555). - scsi: qla2xxx: Fix for FC-NVMe discovery for NPIV port (bsc#1094555). - scsi: qla2xxx: Fix NPIV handling for FC-NVMe (bsc#1094555). - scsi: qla2xxx: Initialize port speed to avoid setting lower speed (bsc#1094555). - scsi: qla2xxx: Modify fall-through annotations (bsc#1094555). - scsi: qla2xxx: Remove unnecessary self assignment (bsc#1094555). - scsi: qla2xxx: Simplify conditional check (bsc#1094555). - scsi: qla2xxx: Timeouts occur on surprise removal of QLogic adapter (bsc#1124985). - scsi: qla2xxx: Update driver version to 10.00.00.12-k (bsc#1094555). - scsi: storvsc: Fix a race in sub-channel creation that can cause panic (). - scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315). - scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315). - scsi: target: make the pi_prot_format ConfigFS path readable (bsc#1123933). - scsi: virtio_scsi: fix pi_bytes{out,in} on 4 KiB block size devices (bsc#1114585). - sctp: add a ceiling to optlen in some sockopts (bnc#1129163). - sctp: improve the events for sctp stream adding (networking-stable-19_02_01). - sctp: improve the events for sctp stream reset (networking-stable-19_02_01). - sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event (networking-stable-19_01_04). - sctp: kfree_rcu asoc (networking-stable-18_12_12). - sd: disable logical block provisioning if 'lbpme' is not set (bsc#1086095 bsc#1078355). - selftests/livepatch: add DYNAMIC_DEBUG config dependency (bsc#1071995). - selftests/livepatch: introduce tests (bsc#1071995). - selftests/powerpc: Use snprintf to construct DSCR sysfs interface paths (bsc#1124579). - selinux: Add __GFP_NOWARN to allocation at str_read() (bsc#1051510). - selinux: always allow mounting submounts (bsc#1051510). - selinux: fix GPF on invalid policy (bsc#1051510). - seq_buf: Make seq_buf_puts() null-terminate the buffer (bsc#1051510). - serial: 8250_pci: Fix number of ports for ACCES serial cards (bsc#1051510). - serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup() (bsc#1051510). - serial: fix race between flush_to_ldisc and tty_open (bsc#1051510). - serial: fsl_lpuart: clear parity enable bit when disable parity (bsc#1051510). - serial: imx: fix error handling in console_setup (bsc#1051510). - serial: set suppress_bind_attrs flag only if builtin (bsc#1051510). - serial/sunsu: fix refcount leak (bsc#1051510). - serial: uartps: Fix interrupt mask issue to handle the RX interrupts properly (bsc#1051510). - serial: uartps: Fix stuck ISR if RX disabled with non-empty FIFO (bsc#1051510). - signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init (git-fixes). - skge: potential memory corruption in skge_get_regs() (bsc#1051510). - sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79 (bsc#1051510). - sky2: Increase D3 delay again (bsc#1051510). - slab: alien caches must not be initialized if the allocation of the alien cache failed (git fixes (mm/slab)). - smb3.1.1 dialect is no longer experimental (bsc#1051510). - smb311: Fix reconnect (bsc#1051510). - smb311: Improve checking of negotiate security contexts (bsc#1051510). - smb3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510). - smb3: allow stats which track session and share reconnects to be reset (bsc#1051510). - smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510). - smb3: check for and properly advertise directory lease support (bsc#1051510). - smb3: directory sync should not return an error (bsc#1051510). - smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510). - smb3: do not request leases in symlink creation and query (bsc#1051510). - smb3: Do not send smb3 SET_INFO if nothing changed (bsc#1051510). - smb3: Enable encryption for SMB3.1.1 (bsc#1051510). - smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510). - smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510). - smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510). - smb3: Fix root directory when server returns inode number of zero (bsc#1051510). - smb3: fix various xid leaks (bsc#1051510). - smb3: Improve security, move default dialect to smb3 from old CIFS (bsc#1051510). - smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510). - smb3: Remove ifdef since smb3 (and later) now STRONGLY preferred (bsc#1051510). - smb3: remove noisy warning message on mount (bsc#1129664). - smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510). - soc: bcm: brcmstb: Do not leak device tree node reference (bsc#1051510). - soc/tegra: Do not leak device tree node reference (bsc#1051510). - splice: do not merge into linked buffers (git-fixes). - staging: comedi: ni_660x: fix missing break in switch statement (bsc#1051510). - staging:iio:ad2s90: Make probe handle spi_setup failure (bsc#1051510). - staging: iio: ad7780: update voltage on read (bsc#1051510). - staging: iio: adc: ad7280a: handle error from __ad7280_read32() (bsc#1051510). - staging: iio: adt7316: allow adt751x to use internal vref for all dacs (bsc#1051510). - staging: iio: adt7316: fix register and bit definitions (bsc#1051510). - staging: iio: adt7316: fix the dac read calculation (bsc#1051510). - staging: iio: adt7316: fix the dac write calculation (bsc#1051510). - staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1 (bsc#1051510). - staging: rtl8723bs: Fix build error with Clang when inlining is disabled (bsc#1051510). - staging: speakup: Replace strncpy with memcpy (bsc#1051510). - staging: wilc1000: fix to set correct value for 'vif_num' (bsc#1051510). - sunrpc: correct the computation for page_ptr when truncating (git-fixes). - sunrpc: Fix a potential race in xprt_connect() (git-fixes). - sunrpc: Fix leak of krb5p encode pages (git-fixes). - sunrpc: handle ENOMEM in rpcb_getport_async (git-fixes). - sunrpc: safely reallow resvport min/max inversion (git-fixes). - svm: Add mutex_lock to protect apic_access_page_done on AMD systems (bsc#1129285). - swiotlb: Add is_swiotlb_active() function (bsc#1120008). - swiotlb: Introduce swiotlb_max_mapping_size() (bsc#1120008). - switchtec: Fix SWITCHTEC_IOCTL_EVENT_IDX_ALL flags overwrite (bsc#1051510). - switchtec: Remove immediate status check after submitting MRPC command (bsc#1051510). - sysfs: Disable lockdep for driver bind/unbind files (bsc#1051510). - tcp: batch tcp_net_metrics_exit (bsc#1122982). - tcp: change txhash on SYN-data timeout (networking-stable-19_01_20). - tcp: Do not underestimate rwnd_limited (networking-stable-18_12_12). - tcp: fix a race in inet_diag_dump_icsk() (networking-stable-19_01_04). - tcp: fix NULL ref in tail loss probe (networking-stable-18_12_12). - tcp: handle inet_csk_reqsk_queue_add() failures (git-fixes). - tcp: lack of available data can also cause TSO defer (git-fixes). - team: avoid complex list operations in team_nl_cmd_options_set() (bsc#1051510). - team: Free BPF filter when unregistering netdev (bsc#1051510). - thermal: do not clear passive state during system sleep (bsc#1051510). - thermal/drivers/hisi: Encapsulate register writes into helpers (bsc#1051510). - thermal/drivers/hisi: Fix configuration register setting (bsc#1051510). - thermal: generic-adc: Fix adc to temp interpolation (bsc#1051510). - thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set (bsc#1051510). - thermal: int340x_thermal: Fix a NULL vs IS_ERR() check (bsc#1051510). - thermal: mediatek: fix register index error (bsc#1051510). - timekeeping: Use proper seqcount initializer (bsc#1051510). - tipc: compare remote and local protocols in tipc_udp_enable() (networking-stable-19_01_04). - tipc: eliminate KMSAN uninit-value in strcmp complaint (bsc#1051510). - tipc: error path leak fixes in tipc_enable_bearer() (bsc#1051510). - tipc: fix a double kfree_skb() (networking-stable-19_01_04). - tipc: fix a race condition of releasing subscriber object (bsc#1051510). - tipc: fix bug in function tipc_nl_node_dump_monitor (bsc#1051510). - tipc: fix infinite loop when dumping link monitor summary (bsc#1051510). - tipc: fix RDM/DGRAM connect() regression (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_bearer_enable (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_doit (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_link_reset_stats (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_link_set (bsc#1051510). - tipc: fix uninit-value in tipc_nl_compat_name_table_dump (bsc#1051510). - tipc: use lock_sock() in tipc_sk_reinit() (networking-stable-19_01_04). - tpm: fix kdoc for tpm2_flush_context_cmd() (bsc#1051510). - tpm: return a TPM_RC_COMMAND_CODE response if command is not implemented (bsc#1051510). - tpm: Return the actual size when receiving an unsupported command (bsc#1051510). - tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated (bsc#1051510). - tpm/tpm_i2c_infineon: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) (bsc#1051510). - tpm: tpm_i2c_nuvoton: use correct command duration for TPM 2.x (bsc#1051510). - tpm: tpm_try_transmit() refactor error flow (bsc#1051510). - tracing: Do not free iter->trace in fail path of tracing_open_pipe() (bsc#1129581). - tracing/uprobes: Fix output for multiple string arguments (bsc#1126495). - tracing: Use strncpy instead of memcpy for string keys in hist triggers (bsc#1129625). - Tree connect for smb3.1.1 must be signed for non-encrypted shares (bsc#1051510). - tty: Handle problem if line discipline does not have receive_buf (bsc#1051510). - tty: ipwireless: Fix potential NULL pointer dereference (bsc#1051510). - tty/n_hdlc: fix __might_sleep warning (bsc#1051510). - tty/serial: do not free trasnmit buffer page under port lock (bsc#1051510). - tty: serial: samsung: Properly set flags in autoCTS mode (bsc#1051510). - tun: forbid iface creation with rtnl ops (networking-stable-18_12_12). - uart: Fix crash in uart_write and uart_put_char (bsc#1051510). - ucc_geth: Reset BQL queue when stopping device (networking-stable-19_02_01). - ucma: fix a use-after-free in ucma_resolve_ip() (bsc#1051510). - uevent: add alloc_uevent_skb() helper (bsc#1122982). - Update config files. Remove conditional support for smb2 and SMB3: - Update patches.arch/s390-sles15-zcrypt-fix-specification-exception.patch (LTC#174936, bsc#1123060, bsc#1123061). - Update patches.fixes/acpi-nfit-Block-function-zero-DSMs.patch (bsc#1051510, bsc#1121789). - Update patches.fixes/acpi-nfit-Fix-command-supported-detection.patch (bsc#1051510, bsc#1121789). Add more detailed bugzilla reference. - Update patches.kabi/bpf-prevent-memory-disambiguation-attack.patch (bsc#1087082). - Update patches.kabi/bpf-properly-enforce-index-mask-to-prevent-out-of-bo.patch (bsc#1098425). - uprobes: Fix handle_swbp() vs. unregister() + register() race once more (bsc#1051510). - usb: Add new USB LPM helpers (bsc#1120902). - usb: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB (bsc#1120902). - usb: cdc-acm: send ZLP for Telit 3G Intel based modems (bsc#1120902). - usb: Consolidate LPM checks to avoid enabling LPM twice (bsc#1120902). - usb: dwc3: Correct the logic for checking TRB full in __dwc3_prepare_one_trb() (bsc#1051510). - usb: dwc3: gadget: Clear req->needs_extra_trb flag on cleanup (bsc#1120902). - usb: dwc3: gadget: Disable CSP for stream OUT ep (bsc#1051510). - usb: dwc3: gadget: Handle 0 xfer length for OUT EP (bsc#1051510). - usb: dwc3: trace: add missing break statement to make compiler happy (bsc#1120902). - usb: gadget: musb: fix short isoc packets with inventra dma (bsc#1051510). - usb: gadget: udc: net2272: Fix bitwise and boolean operations (bsc#1051510). - usb: hub: delay hub autosuspend if USB3 port is still link training (bsc#1051510). - usb: mtu3: fix the issue about SetFeature(U1/U2_Enable) (bsc#1051510). - usb: musb: dsps: fix otg state machine (bsc#1051510). - usb: musb: dsps: fix runtime pm for peripheral mode (bsc#1120902). - usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2 (networking-stable-18_12_03). - usbnet: smsc95xx: fix rx packet alignment (bsc#1051510). - usb: phy: am335x: fix race condition in _probe (bsc#1051510). - usb: serial: option: add Fibocom NL678 series (bsc#1120902). - usb: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays (bsc#1120902). - usb: serial: pl2303: add new PID to support PL2303TB (bsc#1051510). - usb: serial: simple: add Motorola Tetra TPG2200 device id (bsc#1051510). - usb: storage: add quirk for SMI SM3350 (bsc#1120902). - usb: storage: do not insert sane sense for SPC3+ when bad sense specified (bsc#1120902). - usb: xhci: fix 'broken_suspend' placement in struct xchi_hcd (bsc#1119086). - veth: set peer GSO values (bsc#1051510). - vfio: ccw: fix cleanup if cp_prefetch fails (git-fixes). - vfio: ccw: process ssch with interrupts disabled (git-fixes). - vfs: Add iomap_seek_hole and iomap_seek_data helpers (bsc#1070995). - vfs: Add page_cache_seek_hole_data helper (bsc#1070995). - vfs: in iomap seek_{hole,data}, return -ENXIO for negative offsets (bsc#1070995). - vhost: correctly check the return value of translate_desc() in log_used() (bsc#1051510). - vhost: log dirty page correctly (networking-stable-19_01_26). - vhost: make sure used idx is seen before log in vhost_add_used_n() (networking-stable-19_01_04). - vhost/vsock: fix uninitialized vhost_vsock->guest_cid (bsc#1051510). - video: clps711x-fb: release disp device node in probe() (bsc#1051510). - virtio-blk: Consider virtio_max_dma_size() for maximum segment size (bsc#1120008). - virtio: Introduce virtio_max_dma_size() (bsc#1120008). - virtio_net: Do not call free_old_xmit_skbs for xdp_frames (networking-stable-19_02_01). - virtio-net: fail XDP set if guest csum is negotiated (networking-stable-18_12_03). - virtio-net: keep vnet header zeroed after processing XDP (networking-stable-18_12_12). - virtio/s390: avoid race on vcdev->config (git-fixes). - virtio/s390: fix race in ccw_io_helper() (git-fixes). - vmci: Support upto 64-bit PPNs (bsc#1127286). - vsock: cope with memory allocation failure at socket creation time (bsc#1051510). - vsock: Send reset control packet when socket is partially bound (networking-stable-19_01_04). - vt: invoke notifier on screen size change (bsc#1051510). - vxge: ensure data0 is initialized in when fetching firmware version information (bsc#1051510). - vxlan: Fix GRO cells race condition between receive and link delete (git-fixes). - vxlan: test dev->flags & IFF_UP before calling gro_cells_receive() (git-fixes). - vxlan: update skb dst pmtu on tx path (bsc#1123456). - w90p910_ether: remove incorrect __init annotation (bsc#1051510). - watchdog: docs: kernel-api: do not reference removed functions (bsc#1051510). - watchdog: w83627hf_wdt: Add quirk for Inves system (bsc#1106434). - writeback: do not decrement wb->refcnt if !wb->bdi (git fixes (writeback)). - x86: Add TSX Force Abort CPUID/MSR (bsc#1121805). - x86: Add TSX Force Abort CPUID/MSR (bsc#1121805). - x86/amd_nb: Add PCI device IDs for family 17h, model 30h (). - x86/amd_nb: Add support for newer PCI topologies (). - x86/a.out: Clear the dump structure initially (bsc#1114279). - x86/apic: Provide apic_ack_irq() (bsc#1122822). - x86/boot/e820: Avoid overwriting e820_table_firmware (bsc#1127154). - x86/boot/e820: Introduce the bootloader provided e820_table_firmware[] table (bsc#1127154). - x86/boot/e820: Rename the e820_table_firmware to e820_table_kexec (bsc#1127154). - x86/bugs: Add AMD's variant of SSB_NO (bsc#1114279). - x86/bugs: Update when to check for the LS_CFG SSBD mitigation (bsc#1114279). - x86/efi: Allocate e820 buffer before calling efi_exit_boot_service (bsc#1127307). - x86/efi: Allocate e820 buffer before calling efi_exit_boot_service (bsc#1127307). - x86/Hyper-V: Set x2apic destination mode to physical when x2apic is available (bsc#1122822). - x86/kaslr: Fix incorrect i8254 outb() parameters (bsc#1114279). - x86/kvmclock: set pvti_cpu0_va after enabling kvmclock (bsc#1098382). - x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out() (bsc#1114279). - x86/microcode/amd: Do not falsely trick the late loading mechanism (bsc#1114279). - x86/mm: Drop usage of __flush_tlb_all() in kernel_physical_mapping_init() (bsc#1114279). - x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE (bsc#1114279). - x86/mtrr: Do not copy uninitialized gentry fields back to userspace (bsc#1114279). - x86/pkeys: Properly copy pkey state at fork() (bsc#1129366). - x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls (bsc#1125614). - x86/pvclock: add setter for pvclock_pvti_cpu0_va (bsc#1098382). - x86/resctrl: Fix rdt_find_domain() return value and checks (bsc#1114279). - x86: respect memory size limiting via mem= parameter (bsc#1117645). - x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC variant (bsc#1114279). - x86/speculation: Remove redundant arch_smt_update() invocation (bsc#1114279). - x86/vdso: Remove obsolete 'fake section table' reservation (bsc#1114279). - x86/xen: dont add memory above max allowed allocation (bsc#1117645). - x86/xen/time: Output xen sched_clock time from 0 (bsc#1098382). - x86/xen/time: set pvclock flags on xen_time_init() (bsc#1098382). - x86/xen/time: setup vcpu 0 time info page (bsc#1098382). - xen, cpu_hotplug: Prevent an out of bounds access (bsc#1065600). - xen: fix dom0 boot on huge systems (bsc#1127836). - xen: Fix x86 sched_clock() interface for xen (bsc#1098382). - xen/manage: do not complain about an empty value in control/sysrq node (bsc#1065600). - xen: remove pre-xen3 fallback handlers (bsc#1065600). - xfs: add option to mount with barrier=0 or barrier=1 (bsc#1088133). - xfs: fix contiguous dquot chunk iteration livelock (bsc#1070995). - xfs: remove filestream item xfs_inode reference (bsc#1127961). - xfs: rewrite xfs_dq_get_next_id using xfs_iext_lookup_extent (bsc#1070995). - xhci: Add quirk to zero 64bit registers on Renesas PCIe controllers (bsc#1120854). - xhci: workaround CSS timeout on AMD SNPS 3.0 xHC (bsc#1119086). - xprtrdma: Reset credit grant properly after a disconnect (git-fixes). - Yama: Check for pid death before checking ancestry (bsc#1051510). - yam: fix a missing-check bug (bsc#1051510). - zswap: re-check zswap_is_full() after do zswap_shrink() (bsc#1051510). - xfs: Switch to iomap for SEEK_HOLE / SEEK_DATA (bsc#1070995). Important SUSE bug 1046305 SUSE bug 1046306 SUSE bug 1050252 SUSE bug 1050549 SUSE bug 1051510 SUSE bug 1054610 SUSE bug 1055121 SUSE bug 1056658 SUSE bug 1056662 SUSE bug 1056787 SUSE bug 1060463 SUSE bug 1063638 SUSE bug 1065600 SUSE bug 1068032 SUSE bug 1070995 SUSE bug 1071995 SUSE bug 1074562 SUSE bug 1074578 SUSE bug 1074701 SUSE bug 1075006 SUSE bug 1075419 SUSE bug 1075748 SUSE bug 1078355 SUSE bug 1080039 SUSE bug 1082943 SUSE bug 1083548 SUSE bug 1083647 SUSE bug 1084216 SUSE bug 1086095 SUSE bug 1086282 SUSE bug 1086301 SUSE bug 1086313 SUSE bug 1086314 SUSE bug 1086323 SUSE bug 1087082 SUSE bug 1087084 SUSE bug 1087092 SUSE bug 1087939 SUSE bug 1088133 SUSE bug 1094555 SUSE bug 1098382 SUSE bug 1098425 SUSE bug 1098995 SUSE bug 1102055 SUSE bug 1103429 SUSE bug 1104353 SUSE bug 1106105 SUSE bug 1106434 SUSE bug 1106811 SUSE bug 1107078 SUSE bug 1107665 SUSE bug 1108101 SUSE bug 1108870 SUSE bug 1109695 SUSE bug 1110096 SUSE bug 1110705 SUSE bug 1111666 SUSE bug 1113042 SUSE bug 1113712 SUSE bug 1113722 SUSE bug 1113769 SUSE bug 1113939 SUSE bug 1114279 SUSE bug 1114585 SUSE bug 1114893 SUSE bug 1117108 SUSE bug 1117155 SUSE bug 1117645 SUSE bug 1117947 SUSE bug 1118338 SUSE bug 1119019 SUSE bug 1119086 SUSE bug 1119766 SUSE bug 1119843 SUSE bug 1120008 SUSE bug 1120318 SUSE bug 1120601 SUSE bug 1120758 SUSE bug 1120854 SUSE bug 1120902 SUSE bug 1120909 SUSE bug 1120955 SUSE bug 1121317 SUSE bug 1121726 SUSE bug 1121789 SUSE bug 1121805 SUSE bug 1122019 SUSE bug 1122159 SUSE bug 1122192 SUSE bug 1122292 SUSE bug 1122324 SUSE bug 1122554 SUSE bug 1122662 SUSE bug 1122764 SUSE bug 1122779 SUSE bug 1122822 SUSE bug 1122885 SUSE bug 1122927 SUSE bug 1122944 SUSE bug 1122971 SUSE bug 1122982 SUSE bug 1123060 SUSE bug 1123061 SUSE bug 1123161 SUSE bug 1123317 SUSE bug 1123348 SUSE bug 1123357 SUSE bug 1123456 SUSE bug 1123538 SUSE bug 1123697 SUSE bug 1123882 SUSE bug 1123933 SUSE bug 1124055 SUSE bug 1124204 SUSE bug 1124235 SUSE bug 1124579 SUSE bug 1124589 SUSE bug 1124728 SUSE bug 1124732 SUSE bug 1124735 SUSE bug 1124969 SUSE bug 1124974 SUSE bug 1124975 SUSE bug 1124976 SUSE bug 1124978 SUSE bug 1124979 SUSE bug 1124980 SUSE bug 1124981 SUSE bug 1124982 SUSE bug 1124984 SUSE bug 1124985 SUSE bug 1125109 SUSE bug 1125125 SUSE bug 1125252 SUSE bug 1125315 SUSE bug 1125614 SUSE bug 1125728 SUSE bug 1125780 SUSE bug 1125797 SUSE bug 1125799 SUSE bug 1125800 SUSE bug 1125907 SUSE bug 1125947 SUSE bug 1126131 SUSE bug 1126209 SUSE bug 1126389 SUSE bug 1126393 SUSE bug 1126476 SUSE bug 1126480 SUSE bug 1126481 SUSE bug 1126488 SUSE bug 1126495 SUSE bug 1126555 SUSE bug 1126579 SUSE bug 1126789 SUSE bug 1126790 SUSE bug 1126802 SUSE bug 1126803 SUSE bug 1126804 SUSE bug 1126805 SUSE bug 1126806 SUSE bug 1126807 SUSE bug 1127042 SUSE bug 1127062 SUSE bug 1127082 SUSE bug 1127154 SUSE bug 1127285 SUSE bug 1127286 SUSE bug 1127307 SUSE bug 1127363 SUSE bug 1127493 SUSE bug 1127494 SUSE bug 1127495 SUSE bug 1127496 SUSE bug 1127497 SUSE bug 1127498 SUSE bug 1127534 SUSE bug 1127561 SUSE bug 1127567 SUSE bug 1127595 SUSE bug 1127603 SUSE bug 1127682 SUSE bug 1127731 SUSE bug 1127750 SUSE bug 1127836 SUSE bug 1127961 SUSE bug 1128094 SUSE bug 1128166 SUSE bug 1128351 SUSE bug 1128451 SUSE bug 1128895 SUSE bug 1129046 SUSE bug 1129080 SUSE bug 1129163 SUSE bug 1129179 SUSE bug 1129181 SUSE bug 1129182 SUSE bug 1129183 SUSE bug 1129184 SUSE bug 1129205 SUSE bug 1129281 SUSE bug 1129284 SUSE bug 1129285 SUSE bug 1129291 SUSE bug 1129292 SUSE bug 1129293 SUSE bug 1129294 SUSE bug 1129295 SUSE bug 1129296 SUSE bug 1129326 SUSE bug 1129327 SUSE bug 1129330 SUSE bug 1129363 SUSE bug 1129366 SUSE bug 1129497 SUSE bug 1129519 SUSE bug 1129543 SUSE bug 1129547 SUSE bug 1129551 SUSE bug 1129581 SUSE bug 1129625 SUSE bug 1129664 SUSE bug 1129739 SUSE bug 1129923 SUSE bug 807502 SUSE bug 824948 SUSE bug 828192 SUSE bug 925178 CVE-2017-5753 CVE-2018-20669 CVE-2019-2024 CVE-2019-3459 CVE-2019-3460 CVE-2019-3819 CVE-2019-6974 CVE-2019-7221 CVE-2019-7222 CVE-2019-7308 CVE-2019-8912 CVE-2019-8980 CVE-2019-9213 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for bash fixes the following issues: Security issue fixed: - CVE-2019-9924: Fixed a vulnerability in which shell did not prevent user BASH_CMDS allowing the user to execute any command with the permissions of the shell (bsc#1130324). Important SUSE bug 1130324 CVE-2019-9924 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for soundtouch fixes the following issues: Security issues fixed: - CVE-2018-17098: Fixed a heap corruption from size inconsistency, which allowed remote attackers to cause a denial of service or possibly have other unspecified impact (bsc#1108632) - CVE-2018-17097: Fixed a double free, which allowed remote attackers to cause a denial of service or possibly have other unspecified impact (bsc#1108631) Moderate SUSE bug 1108631 SUSE bug 1108632 CVE-2018-17097 CVE-2018-17098 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for libqt4 fixes the following issues: - CVE-2018-15518: Fixed a double free in QXmlStreamReader (bsc#1118595) - CVE-2018-19873: Fixed a segmantation fault via a malformed BMP file (bsc#1118596). - CVE-2018-19869: Fixed an improper checking which might lead to a crach via a malformed url reference (bsc#1118599). - Added stricter toplevel asm parsing by dropping volatile qualification that has no effect (bsc#1121214). Moderate SUSE bug 1118595 SUSE bug 1118596 SUSE bug 1118599 SUSE bug 1121214 CVE-2018-15518 CVE-2018-19869 CVE-2018-19873 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for webkit2gtk3 to version 2.28.1 fixes the following issues: Security issues fixed: - CVE-2020-10018: Fixed a denial of service because the m_deferredFocusedNodeChange data structure was mishandled (bsc#1165528). - CVE-2020-11793: Fixed a potential arbitrary code execution caused by a use-after-free vulnerability (bsc#1169658). - CVE-2019-8835: Fixed multiple memory corruption issues (bsc#1161719). - CVE-2019-8844: Fixed multiple memory corruption issues (bsc#1161719). - CVE-2019-8846: Fixed a use-after-free issue (bsc#1161719). - CVE-2020-3862: Fixed a memory handling issue (bsc#1163809). - CVE-2020-3867: Fixed an XSS issue (bsc#1163809). - CVE-2020-3868: Fixed multiple memory corruption issues that could have lead to arbitrary code execution (bsc#1163809). - CVE-2020-3864,CVE-2020-3865: Fixed logic issues in the DOM object context handling (bsc#1163809). Non-security issues fixed: - Add API to enable Process Swap on (Cross-site) Navigation. - Add user messages API for the communication with the web extension. - Add support for same-site cookies. - Service workers are enabled by default. - Add support for Pointer Lock API. - Add flatpak sandbox support. - Make ondemand hardware acceleration policy never leave accelerated compositing mode. - Always use a light theme for rendering form controls. - Add about:gpu to show information about the graphics stack. - Fixed issues while trying to play a video on NextCloud. - Fixed vertical alignment of text containing arabic diacritics. - Fixed build with icu 65.1. - Fixed page loading errors with websites using HSTS. - Fixed web process crash when displaying a KaTeX formula. - Fixed several crashes and rendering issues. - Switched to a single web process for Evolution and geary (bsc#1159329). Important SUSE bug 1155321 SUSE bug 1156318 SUSE bug 1159329 SUSE bug 1161719 SUSE bug 1163809 SUSE bug 1165528 SUSE bug 1169658 CVE-2019-8625 CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2020-10018 CVE-2020-11793 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-8834: KVM on Power8 processors had a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability to run code in kernel space of a guest VM can cause the host kernel to panic (bnc#1168276). - CVE-2020-11494: An issue was discovered in slc_bump in drivers/net/can/slcan.c, which allowed attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL (bnc#1168424). - CVE-2020-10942: In get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls (bnc#1167629). - CVE-2019-9458: In the video driver there was a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed (bnc#1168295). - CVE-2019-3701: Fixed an issue in can_can_gw_rcv, which could cause a system crash (bnc#1120386). - CVE-2019-19770: Fixed a use-after-free in the debugfs_remove function (bsc#1159198). - CVE-2020-11669: Fixed an issue where arch/powerpc/kernel/idle_book3s.S did not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR (bnc#1169390). - CVE-2020-8647: There was a use-after-free vulnerability in the vc_do_resize function in drivers/tty/vt/vt.c (bnc#1162929). - CVE-2020-8649: There was a use-after-free vulnerability in the vgacon_invert_region function in drivers/video/console/vgacon.c (bnc#1162931). - CVE-2020-9383: An issue was discovered set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it (bnc#1165111). - CVE-2019-19768: Fixed a use-after-free in the __blk_add_trace function in kernel/trace/blktrace.c (bnc#1159285). The following non-security bugs were fixed: - ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro (bsc#1051510). - ACPI: watchdog: Fix gas->access_width usage (bsc#1051510). - ALSA: ali5451: remove redundant variable capture_flag (bsc#1051510). - ALSA: core: Replace zero-length array with flexible-array member (bsc#1051510). - ALSA: emu10k1: Fix endianness annotations (bsc#1051510). - ALSA: hda/ca0132 - Replace zero-length array with flexible-array member (bsc#1051510). - ALSA: hda_codec: Replace zero-length array with flexible-array member (bsc#1051510). - ALSA: hda: Fix potential access overflow in beep helper (bsc#1051510). - ALSA: hda/realtek: Fix pop noise on ALC225 (git-fixes). - ALSA: hda/realtek - Set principled PC Beep configuration for ALC256 (bsc#1051510). - ALSA: hda: remove redundant assignment to variable timeout (bsc#1051510). - ALSA: hda: Use scnprintf() for string truncation (bsc#1051510). - ALSA: hdsp: remove redundant assignment to variable err (bsc#1051510). - ALSA: ice1724: Fix invalid access for enumerated ctl items (bsc#1051510). - ALSA: info: remove redundant assignment to variable c (bsc#1051510). - ALSA: korg1212: fix if-statement empty body warnings (bsc#1051510). - ALSA: line6: Fix endless MIDI read loop (git-fixes). - ALSA: pcm: oss: Avoid plugin buffer overflow (git-fixes). - ALSA: pcm: oss: Fix regression by buffer overflow fix (bsc#1051510). - ALSA: pcm: oss: Remove WARNING from snd_pcm_plug_alloc() checks (git-fixes). - ALSA: seq: oss: Fix running status after receiving sysex (git-fixes). - ALSA: seq: virmidi: Fix running status after receiving sysex (git-fixes). - ALSA: usx2y: Adjust indentation in snd_usX2Y_hwdep_dsp_status (bsc#1051510). - ALSA: via82xx: Fix endianness annotations (bsc#1051510). - ASoC: dapm: Correct DAPM handling of active widgets during shutdown (bsc#1051510). - ASoC: Intel: atom: Take the drv->lock mutex before calling sst_send_slot_map() (bsc#1051510). - ASoC: Intel: mrfld: fix incorrect check on p->sink (bsc#1051510). - ASoC: Intel: mrfld: return error codes when an error occurs (bsc#1051510). - ASoC: jz4740-i2s: Fix divider written at incorrect offset in register (bsc#1051510). - ASoC: pcm512x: Fix unbalanced regulator enable call in probe error path (bsc#1051510). - ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output (bsc#1051510). - ASoC: pcm: update FE/BE trigger order based on the command (bsc#1051510). - ASoC: sun8i-codec: Remove unused dev from codec struct (bsc#1051510). - ASoC: topology: Fix memleak in soc_tplg_link_elems_load() (bsc#1051510). - ath9k: Handle txpower changes even when TPC is disabled (bsc#1051510). - atm: zatm: Fix empty body Clang warnings (bsc#1051510). - atomic: Add irqsave variant of atomic_dec_and_lock() (bsc#1166003). - b43legacy: Fix -Wcast-function-type (bsc#1051510). - batman-adv: Avoid spurious warnings from bat_v neigh_cmp implementation (bsc#1051510). - batman-adv: Do not schedule OGM for disabled interface (bsc#1051510). - batman-adv: prevent TT request storms by not sending inconsistent TT TLVLs (bsc#1051510). - blk: Fix kabi due to blk_trace_mutex addition (bsc#1159285). - blk-mq: Allow blocking queue tag iter callbacks (bsc#1167316). - blktrace: fix dereference after null check (bsc#1159285). - blktrace: fix trace mutex deadlock (bsc#1159285). - block: allow gendisk's request_queue registration to be (bsc#1104967,bsc#1159142). - block, bfq: fix use-after-free in bfq_idle_slice_timer_body (bsc#1168760). - block: keep bdi->io_pages in sync with max_sectors_kb for stacked devices (bsc#1168762). - Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl (bsc#1051510). - bnxt_en: Fix TC queue mapping (networking-stable-20_02_05). - bonding/alb: properly access headers in bond_alb_xmit() (networking-stable-20_02_09). - bpf: Explicitly memset some bpf info structures declared on the stack (bsc#1083647). - bpf: Explicitly memset the bpf_attr structure (bsc#1083647). - bpf: fix ldx in ld_abs rewrite for large offsets (bsc#1154385). - bpf: implement ld_abs/ld_ind in native bpf (bsc#1154385). - bpf: make unknown opcode handling more robust (bsc#1154385). - bpf: prefix cbpf internal helpers with bpf_ (bsc#1154385). - bpf, x64: remove ld_abs/ld_ind (bsc#1154385). - bpf, x64: save several bytes by using mov over movabsq when possible (bsc#1154385). - btrfs: Account for trans_block_rsv in may_commit_transaction (bsc#1165949). - btrfs: add a flush step for delayed iputs (bsc#1165949). - btrfs: add assertions for releasing trans handle reservations (bsc#1165949). - btrfs: add btrfs_delete_ref_head helper (bsc#1165949). - btrfs: add enospc debug messages for ticket failure (bsc#1165949). - btrfs: Add enospc_debug printing in metadata_reserve_bytes (bsc#1165949). - btrfs: add new flushing states for the delayed refs rsv (bsc#1165949). - btrfs: add space reservation tracepoint for reserved bytes (bsc#1165949). - btrfs: allow us to use up to 90% of the global rsv for unlink (bsc#1165949). - btrfs: always reserve our entire size for the global reserve (bsc#1165949). - btrfs: assert on non-empty delayed iputs (bsc##1165949). - btrfs: be more explicit about allowed flush states (bsc#1165949). - btrfs: call btrfs_create_pending_block_groups unconditionally (bsc#1165949). - btrfs: catch cow on deleting snapshots (bsc#1165949). - btrfs: change the minimum global reserve size (bsc#1165949). - btrfs: check if there are free block groups for commit (bsc#1165949). - btrfs: clean up error handling in btrfs_truncate() (bsc#1165949). - btrfs: cleanup extent_op handling (bsc#1165949). - btrfs: cleanup root usage by btrfs_get_alloc_profile (bsc#1165949). - btrfs: cleanup the target logic in __btrfs_block_rsv_release (bsc#1165949). - btrfs: clear space cache inode generation always (bsc#1165949). - btrfs: delayed-ref: pass delayed_refs directly to btrfs_delayed_ref_lock (bsc#1165949). - btrfs: do not account global reserve in can_overcommit (bsc#1165949). - btrfs: do not allow reservations if we have pending tickets (bsc#1165949). - btrfs: do not call btrfs_start_delalloc_roots in flushoncommit (bsc#1165949). - btrfs: do not end the transaction for delayed refs in throttle (bsc#1165949). - btrfs: do not enospc all tickets on flush failure (bsc#1165949). - btrfs: do not run delayed_iputs in commit (bsc##1165949). - btrfs: do not run delayed refs in the end transaction logic (bsc#1165949). - btrfs: do not use ctl->free_space for max_extent_size (bsc##1165949). - btrfs: do not use global reserve for chunk allocation (bsc#1165949). - btrfs: drop min_size from evict_refill_and_join (bsc##1165949). - btrfs: drop unused space_info parameter from create_space_info (bsc#1165949). - btrfs: dump block_rsv details when dumping space info (bsc#1165949). - btrfs: export block group accounting helpers (bsc#1165949). - btrfs: export block_rsv_use_bytes (bsc#1165949). - btrfs: export btrfs_block_rsv_add_bytes (bsc#1165949). - btrfs: export __btrfs_block_rsv_release (bsc#1165949). - btrfs: export space_info_add_*_bytes (bsc#1165949). - btrfs: export the block group caching helpers (bsc#1165949). - btrfs: export the caching control helpers (bsc#1165949). - btrfs: export the excluded extents helpers (bsc#1165949). - btrfs: extent-tree: Add lockdep assert when updating space info (bsc#1165949). - btrfs: extent-tree: Add trace events for space info numbers update (bsc#1165949). - btrfs: extent-tree: Detect bytes_may_use underflow earlier (bsc#1165949). - btrfs: extent-tree: Detect bytes_pinned underflow earlier (bsc#1165949). - btrfs: factor out the ticket flush handling (bsc#1165949). - btrfs: fix btrfs_wait_ordered_range() so that it waits for all ordered extents (bsc#1163508). - btrfs: fix insert_reserved error handling (bsc##1165949). - btrfs: fix may_commit_transaction to deal with no partial filling (bsc#1165949). - btrfs: fix missing delayed iputs on unmount (bsc#1165949). - btrfs: fix panic during relocation after ENOSPC before writeback happens (bsc#1163508). - btrfs: fix qgroup double free after failure to reserve metadata for delalloc (bsc#1165949). - btrfs: fix race leading to metadata space leak after task received signal (bsc#1165949). - btrfs: fix truncate throttling (bsc#1165949). - btrfs: force chunk allocation if our global rsv is larger than metadata (bsc#1165949). - btrfs: Improve global reserve stealing logic (bsc#1165949). - btrfs: introduce an evict flushing state (bsc#1165949). - btrfs: introduce delayed_refs_rsv (bsc#1165949). - btrfs: loop in inode_rsv_refill (bsc#1165949). - btrfs: make btrfs_destroy_delayed_refs use btrfs_delayed_ref_lock (bsc#1165949). - btrfs: make btrfs_destroy_delayed_refs use btrfs_delete_ref_head (bsc#1165949). - btrfs: make caching_thread use btrfs_find_next_key (bsc#1165949). - btrfs: migrate btrfs_trans_release_chunk_metadata (bsc#1165949). - btrfs: migrate inc/dec_block_group_ro code (bsc#1165949). - btrfs: migrate nocow and reservation helpers (bsc#1165949). - btrfs: migrate the alloc_profile helpers (bsc#1165949). - btrfs: migrate the block group caching code (bsc#1165949). - btrfs: migrate the block group cleanup code (bsc#1165949). - btrfs: migrate the block group lookup code (bsc#1165949). - btrfs: migrate the block group read/creation code (bsc#1165949). - btrfs: migrate the block group ref counting stuff (bsc#1165949). - btrfs: migrate the block group removal code (bsc#1165949). - btrfs: migrate the block group space accounting helpers (bsc#1165949). - btrfs: migrate the block-rsv code to block-rsv.c (bsc#1165949). - btrfs: migrate the chunk allocation code (bsc#1165949). - btrfs: migrate the delalloc space stuff to it's own home (bsc#1165949). - btrfs: migrate the delayed refs rsv code (bsc#1165949). - btrfs: migrate the dirty bg writeout code (bsc#1165949). - btrfs: migrate the global_block_rsv helpers to block-rsv.c (bsc#1165949). - btrfs: move and export can_overcommit (bsc#1165949). - btrfs: move basic block_group definitions to their own header (bsc#1165949). - btrfs: move btrfs_add_free_space out of a header file (bsc#1165949). - btrfs: move btrfs_block_rsv definitions into it's own header (bsc#1165949). - btrfs: move btrfs_raid_group values to btrfs_raid_attr table (bsc#1165949). - btrfs: move btrfs_space_info_add_*_bytes to space-info.c (bsc#1165949). - btrfs: move dump_space_info to space-info.c (bsc#1165949). - btrfs: move reserve_metadata_bytes and supporting code to space-info.c (bsc#1165949). - btrfs: move space_info to space-info.h (bsc#1165949). - btrfs: move the space_info handling code to space-info.c (bsc#1165949). - btrfs: move the space info update macro to space-info.h (bsc#1165949). - btrfs: move the subvolume reservation stuff out of extent-tree.c (bsc#1165949). - btrfs: only check delayed ref usage in should_end_transaction (bsc#1165949). - btrfs: only check priority tickets for priority flushing (bsc#1165949). - btrfs: only free reserved extent if we didn't insert it (bsc##1165949). - btrfs: only reserve metadata_size for inodes (bsc#1165949). - btrfs: only track ref_heads in delayed_ref_updates (bsc#1165949). - btrfs: Output ENOSPC debug info in inc_block_group_ro (bsc#1165949). - btrfs: pass root to various extent ref mod functions (bsc#1165949). - btrfs: refactor block group replication factor calculation to a helper (bsc#1165949). - btrfs: refactor priority_reclaim_metadata_space (bsc#1165949). - btrfs: refactor the ticket wakeup code (bsc#1165949). - btrfs: release metadata before running delayed refs (bsc##1165949). - btrfs: Remove btrfs_inode::delayed_iput_count (bsc#1165949). - btrfs: Remove fs_info from do_chunk_alloc (bsc#1165949). - btrfs: remove orig_bytes from reserve_ticket (bsc#1165949). - btrfs: Remove redundant argument of flush_space (bsc#1165949). - btrfs: rename btrfs_space_info_add_old_bytes (bsc#1165949). - btrfs: rename do_chunk_alloc to btrfs_chunk_alloc (bsc#1165949). - btrfs: rename the btrfs_calc_*_metadata_size helpers (bsc#1165949). - btrfs: replace cleaner_delayed_iput_mutex with a waitqueue (bsc#1165949). - btrfs: reserve delalloc metadata differently (bsc#1165949). - btrfs: reserve extra space during evict (bsc#1165949). - btrfs: reset max_extent_size on clear in a bitmap (bsc##1165949). - btrfs: reset max_extent_size properly (bsc##1165949). - btrfs: rework btrfs_check_space_for_delayed_refs (bsc#1165949). - btrfs: rework wake_all_tickets (bsc#1165949). - btrfs: roll tracepoint into btrfs_space_info_update helper (bsc#1165949). - btrfs: run btrfs_try_granting_tickets if a priority ticket fails (bsc#1165949). - btrfs: run delayed iput at unlink time (bsc#1165949). - btrfs: run delayed iputs before committing (bsc#1165949). - btrfs: set max_extent_size properly (bsc##1165949). - btrfs: stop partially refilling tickets when releasing space (bsc#1165949). - btrfs: stop using block_rsv_release_bytes everywhere (bsc#1165949). - btrfs: temporarily export btrfs_get_restripe_target (bsc#1165949). - btrfs: temporarily export fragment_free_space (bsc#1165949). - btrfs: temporarily export inc_block_group_ro (bsc#1165949). - btrfs: track DIO bytes in flight (bsc#1165949). - btrfs: unexport can_overcommit (bsc#1165949). - btrfs: unexport the temporary exported functions (bsc#1165949). - btrfs: unify error handling for ticket flushing (bsc#1165949). - btrfs: update may_commit_transaction to use the delayed refs rsv (bsc#1165949). - btrfs: use btrfs_try_granting_tickets in update_global_rsv (bsc#1165949). - btrfs: wait on caching when putting the bg cache (bsc#1165949). - btrfs: wait on ordered extents on abort cleanup (bsc#1165949). - btrfs: wakeup cleaner thread when adding delayed iput (bsc#1165949). - ceph: canonicalize server path in place (bsc#1168443). - ceph: remove the extra slashes in the server path (bsc#1168443). - cfg80211: check reg_rule for NULL in handle_channel_custom() (bsc#1051510). - cfg80211: check wiphy driver existence for drvinfo report (bsc#1051510). - cgroup: memcg: net: do not associate sock with unrelated cgroup (bsc#1167290). - cifs: add a debug macro that prints \\server\share for errors (bsc#1144333). - cifs: add missing mount option to /proc/mounts (bsc#1144333). - cifs: add new debugging macro cifs_server_dbg (bsc#1144333). - cifs: add passthrough for smb2 setinfo (bsc#1144333). - cifs: add SMB2_open() arg to return POSIX data (bsc#1144333). - cifs: add smb2 POSIX info level (bsc#1144333). - cifs: add SMB3 change notification support (bsc#1144333). - cifs: add support for fallocate mode 0 for non-sparse files (bsc#1144333). - cifs: Add support for setting owner info, dos attributes, and create time (bsc#1144333). - cifs: Add tracepoints for errors on flush or fsync (bsc#1144333). - cifs: Adjust indentation in smb2_open_file (bsc#1144333). - cifs: allow chmod to set mode bits using special sid (bsc#1144333). - cifs: Avoid doing network I/O while holding cache lock (bsc#1144333). - cifs: call wake_up(&server->response_q) inside of cifs_reconnect() (bsc#1144333). - cifs: Clean up DFS referral cache (bsc#1144333). - cifs: create a helper function to parse the query-directory response buffer (bsc#1144333). - cifs: do d_move in rename (bsc#1144333). - cifs: Do not display RDMA transport on reconnect (bsc#1144333). - cifs: do not ignore the SYNC flags in getattr (bsc#1144333). - cifs: do not leak -EAGAIN for stat() during reconnect (bsc#1144333). - cifs: do not use 'pre:' for MODULE_SOFTDEP (bsc#1144333). - cifs: enable change notification for SMB2.1 dialect (bsc#1144333). - cifs: fail i/o on soft mounts if sessionsetup errors out (bsc#1144333). - cifs: fix a comment for the timeouts when sending echos (bsc#1144333). - cifs: fix a white space issue in cifs_get_inode_info() (bsc#1144333). - cifs: fix dereference on ses before it is null checked (bsc#1144333). - cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1144333). - cifs: fix mode bits from dir listing when mounted with modefromsid (bsc#1144333). - cifs: Fix mode output in debugging statements (bsc#1144333). - cifs: Fix mount options set in automount (bsc#1144333). - cifs: fix NULL dereference in match_prepath (bsc#1144333). - cifs: Fix potential deadlock when updating vol in cifs_reconnect() (bsc#1144333). - cifs: fix potential mismatch of UNC paths (bsc#1144333). - cifs: fix rename() by ensuring source handle opened with DELETE bit (bsc#1144333). - cifs: Fix return value in __update_cache_entry (bsc#1144333). - cifs: fix soft mounts hanging in the reconnect code (bsc#1144333). - cifs: fix soft mounts hanging in the reconnect code (bsc#1144333). - cifs: Fix task struct use-after-free on reconnect (bsc#1144333). - cifs: fix unitialized variable poential problem with network I/O cache lock patch (bsc#1144333). - cifs: get mode bits from special sid on stat (bsc#1144333). - cifs: Get rid of kstrdup_const()'d paths (bsc#1144333). - cifs: handle prefix paths in reconnect (bsc#1144333). - cifs: ignore cached share root handle closing errors (bsc#1166780). - cifs: Introduce helpers for finding TCP connection (bsc#1144333). - cifs: log warning message (once) if out of disk space (bsc#1144333). - cifs: make sure we do not overflow the max EA buffer size (bsc#1144333). - cifs: make use of cap_unix(ses) in cifs_reconnect_tcon() (bsc#1144333). - cifs: Merge is_path_valid() into get_normalized_path() (bsc#1144333). - cifs: modefromsid: make room for 4 ACE (bsc#1144333). - cifs: modefromsid: write mode ACE first (bsc#1144333). - cifs: Optimize readdir on reparse points (bsc#1144333). - cifs: plumb smb2 POSIX dir enumeration (bsc#1144333). - cifs: potential unintitliazed error code in cifs_getattr() (bsc#1144333). - cifs: prepare SMB2_query_directory to be used with compounding (bsc#1144333). - cifs: print warning once if mounting with vers=1.0 (bsc#1144333). - cifs: refactor cifs_get_inode_info() (bsc#1144333). - cifs: remove redundant assignment to pointer pneg_ctxt (bsc#1144333). - cifs: remove redundant assignment to variable rc (bsc#1144333). - cifs: remove set but not used variables (bsc#1144333). - cifs: remove set but not used variable 'server' (bsc#1144333). - cifs: remove unused variable (bsc#1144333). - cifs: remove unused variable 'sid_user' (bsc#1144333). - cifs: rename a variable in SendReceive() (bsc#1144333). - cifs: rename posix create rsp (bsc#1144333). - cifs: replace various strncpy with strscpy and similar (bsc#1144333). - cifs: Return directly after a failed build_path_from_dentry() in cifs_do_create() (bsc#1144333). - cifs: set correct max-buffer-size for smb2_ioctl_init() (bsc#1144333). - cifs: smbd: Add messages on RDMA session destroy and reconnection (bsc#1144333). - cifs: smbd: Invalidate and deregister memory registration on re-send for direct I/O (bsc#1144333). - cifs: smbd: Only queue work for error recovery on memory registration (bsc#1144333). - cifs: smbd: Return -EAGAIN when transport is reconnecting (bsc#1144333). - cifs: smbd: Return -ECONNABORTED when trasnport is not in connected state (bsc#1144333). - cifs: smbd: Return -EINVAL when the number of iovs exceeds SMBDIRECT_MAX_SGE (bsc#1144333). - cifs: Use common error handling code in smb2_ioctl_query_info() (bsc#1144333). - cifs: use compounding for open and first query-dir for readdir() (bsc#1144333). - cifs: Use #define in cifs_dbg (bsc#1144333). - cifs: Use memdup_user() rather than duplicating its implementation (bsc#1144333). - cifs: use mod_delayed_work() for &server->reconnect if already queued (bsc#1144333). - cifs: use PTR_ERR_OR_ZERO() to simplify code (bsc#1144333). - clk: qcom: rcg: Return failure for RCG update (bsc#1051510). - cls_rsvp: fix rsvp_policy (networking-stable-20_02_05). - configfs: Fix bool initialization/comparison (bsc#1051510). - cpufreq: powernv: Fix unsafe notifiers (bsc#1065729). - cpufreq: powernv: Fix use-after-free (bsc#1065729). - cpufreq: Register drivers only after CPU devices have been registered (bsc#1051510). - cpuidle: Do not unset the driver if it is there already (bsc#1051510). - crypto: arm64/sha-ce - implement export/import (bsc#1051510). - crypto: mxs-dcp - fix scatterlist linearization for hash (bsc#1051510). - crypto: pcrypt - Fix user-after-free on module unload (git-fixes). - crypto: tcrypt - fix printed skcipher [a]sync mode (bsc#1051510). - debugfs: add support for more elaborate ->d_fsdata (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: call debugfs_real_fops() only after debugfs_file_get() (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: convert to debugfs_file_get() and -put() (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: debugfs_real_fops(): drop __must_hold sparse annotation (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: debugfs_use_start/finish do not exist anymore (bsc#1159198). Prerequisite for bsc#1159198. - debugfs: defer debugfs_fsdata allocation to first usage (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: fix debugfs_real_fops() build error (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: implement per-file removal protection (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: purge obsolete SRCU based removal protection (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - debugfs: simplify __debugfs_remove_file() (bsc#1159198). Prerequisite for bsc#1159198. - Delete patches which cause regression (bsc#1165527 ltc#184149). - Deprecate NR_UNSTABLE_NFS, use NR_WRITEBACK (bsc#1163403). - device: Use overflow helpers for devm_kmalloc() (bsc#1166003). - dmaengine: coh901318: Fix a double lock bug in dma_tc_handle() (bsc#1051510). - dmaengine: ste_dma40: fix unneeded variable warning (bsc#1051510). - dm: fix incomplete request_queue initialization (bsc#1104967,bsc#1159142). - driver core: platform: fix u32 greater or equal to zero comparison (bsc#1051510). - driver core: platform: Prevent resouce overflow from causing infinite loops (bsc#1051510). - driver core: Print device when resources present in really_probe() (bsc#1051510). - drivers/md/raid5.c: use the new spelling of RWH_WRITE_LIFE_NOT_SET (bsc#1166003). - drivers/md/raid5: Do not disable irq on release_inactive_stripe_list() call (bsc#1166003). - drivers/md/raid5-ppl.c: use the new spelling of RWH_WRITE_LIFE_NOT_SET (bsc#1166003). - drivers/md/raid5: Use irqsave variant of atomic_dec_and_lock() (bsc#1166003). - drm/amd/display: remove duplicated assignment to grph_obj_type (bsc#1051510). - drm/amdkfd: fix a use after free race with mmu_notifer unregister (bsc#1114279) - drm: atmel-hlcdc: enable clock before configuring timing engine (bsc#1114279) - drm/bochs: downgrade pci_request_region failure from error to warning (bsc#1051510). - drm/bridge: dw-hdmi: fix AVI frame colorimetry (bsc#1051510). - drm_dp_mst_topology: fix broken drm_dp_sideband_parse_remote_dpcd_read() (bsc#1051510). - drm/drm_dp_mst:remove set but not used variable 'origlen' (bsc#1051510). - drm/etnaviv: fix dumping of iommuv2 (bsc#1114279) - drm/gma500: Fixup fbdev stolen size usage evaluation (bsc#1051510). - drm/i915/gvt: Separate display reset from ALL_ENGINES reset (bsc#1114279) - drm/i915/userptr: fix size calculation (bsc#1114279) - drm/i915/userptr: Try to acquire the page lock around (bsc#1114279) - drm/i915: Wean off drm_pci_alloc/drm_pci_free (bsc#1114279) - drm/mediatek: Add gamma property according to hardware capability (bsc#1114279) - drm/mediatek: disable all the planes in atomic_disable (bsc#1114279) - drm/mediatek: handle events when enabling/disabling crtc (bsc#1051510). - drm/mipi_dbi: Fix off-by-one bugs in mipi_dbi_blank() (bsc#1114279) - drm: msm: mdp4: Adjust indentation in mdp4_dsi_encoder_enable (bsc#1114279) - drm/msm: Set dma maximum segment size for mdss (bsc#1051510). - drm/msm: stop abusing dma_map/unmap for cache (bsc#1051510). - drm/msm: Use the correct dma_sync calls harder (bsc#1051510). - drm/msm: Use the correct dma_sync calls in msm_gem (bsc#1051510). - drm/nouveau/disp/nv50-: prevent oops when no channel method map provided (bsc#1051510). - drm/nouveau/gr/gk20a,gm200-: add terminators to method lists read from fw (bsc#1051510). - drm: rcar-du: Recognize 'renesas,vsps' in addition to 'vsps' (bsc#1114279) - drm: remove the newline for CRC source name (bsc#1051510). - dt-bindings: allow up to four clocks for orion-mdio (bsc#1051510). - EDAC/mc: Fix use-after-free and memleaks during device removal (bsc#1114279). - efi: Fix a race and a buffer overflow while reading efivars via sysfs (bsc#1164893). - ethtool: Factored out similar ethtool link settings for virtual devices to core (bsc#1136157 ltc#177197). - ext4: add cond_resched() to __ext4_find_entry() (bsc#1166862). - ext4: Avoid ENOSPC when avoiding to reuse recently deleted inodes (bsc#1165019). - ext4: Check for non-zero journal inum in ext4_calculate_overhead (bsc#1167288). - ext4: do not assume that mmp_nodename/bdevname have NUL (bsc#1166860). - ext4: fix a data race in EXT4_I(inode)->i_disksize (bsc#1166861). - ext4: fix incorrect group count in ext4_fill_super error message (bsc#1168765). - ext4: fix incorrect inodes per group in error message (bsc#1168764). - ext4: fix potential race between online resizing and write operations (bsc#1166864). - ext4: fix potential race between s_flex_groups online resizing and access (bsc#1166867). - ext4: fix potential race between s_group_info online resizing and access (bsc#1166866). - ext4: fix race between writepages and enabling EXT4_EXTENTS_FL (bsc#1166870). - ext4: fix support for inode sizes > 1024 bytes (bsc#1164284). - ext4: potential crash on allocation error in ext4_alloc_flex_bg_array() (bsc#1166940). - ext4: rename s_journal_flag_rwsem to s_writepages_rwsem (bsc#1166868). - ext4: validate the debug_want_extra_isize mount option at parse time (bsc#1163897). - fat: fix uninit-memory access for partial initialized inode (bsc#1051510). - fat: work around race with userspace's read via blockdev while mounting (bsc#1051510). - fbdev/g364fb: Fix build failure (bsc#1051510). - fbdev: potential information leak in do_fb_ioctl() (bsc#1114279) - fbmem: Adjust indentation in fb_prepare_logo and fb_blank (bsc#1114279) - fcntl: fix typo in RWH_WRITE_LIFE_NOT_SET r/w hint name (bsc#1166003). - fix memory leak in large read decrypt offload (bsc#1144333). - fs/cifs/cifssmb.c: use true,false for bool variable (bsc#1144333). - fs: cifs: cifsssmb: remove redundant assignment to variable ret (bsc#1144333). - fs: cifs: Initialize filesystem timestamp ranges (bsc#1144333). - fs: cifs: mute -Wunused-const-variable message (bsc#1144333). - fs/cifs/sess.c: Remove set but not used variable 'capabilities' (bsc#1144333). - fs/cifs/smb2ops.c: use true,false for bool variable (bsc#1144333). - fs/cifs/smb2pdu.c: Make SMB2_notify_init static (bsc#1144333). - fs/xfs: fix f_ffree value for statfs when project quota is set (bsc#1165985). - ftrace/kprobe: Show the maxactive number on kprobe_events (git-fixes). - gtp: make sure only SOCK_DGRAM UDP sockets are accepted (networking-stable-20_01_27). - gtp: use __GFP_NOWARN to avoid memalloc warning (networking-stable-20_02_05). - HID: apple: Add support for recent firmware on Magic Keyboards (bsc#1051510). - HID: core: fix off-by-one memset in hid_report_raw_event() (bsc#1051510). - HID: hiddev: Fix race in in hiddev_disconnect() (git-fixes). - hv_netvsc: Fix memory leak when removing rndis device (networking-stable-20_01_20). - hv_netvsc: pass netvsc_device to rndis halt - hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT() (bsc#1051510). - i2c: hix5hd2: add missed clk_disable_unprepare in remove (bsc#1051510). - i2c: jz4780: silence log flood on txabrt (bsc#1051510). - IB/hfi1: Close window for pq and request coliding (bsc#1060463 ). - IB/hfi1: convert to debugfs_file_get() and -put() (bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198. - ibmvfc: do not send implicit logouts prior to NPIV login (bsc#1169625 ltc#184611). - ibmvfc: Fix NULL return compiler warning (bsc#1161951 ltc#183551). - ibmvnic: Do not process device remove during device reset (bsc#1065729). - ibmvnic: Warn unknown speed message only when carrier is present (bsc#1065729). - iio: gyro: adis16136: check ret val for non-zero vs less-than-zero (bsc#1051510). - iio: imu: adis16400: check ret val for non-zero vs less-than-zero (bsc#1051510). - iio: imu: adis: check ret val for non-zero vs less-than-zero (bsc#1051510). - iio: magnetometer: ak8974: Fix negative raw values in sysfs (bsc#1051510). - iio: potentiostat: lmp9100: fix iio_triggered_buffer_{predisable,postenable} positions (bsc#1051510). - Input: add safety guards to input_set_keycode() (bsc#1168075). - Input: avoid BIT() macro usage in the serio.h UAPI header (bsc#1051510). - Input: edt-ft5x06 - work around first register access error (bsc#1051510). - Input: raydium_i2c_ts - fix error codes in raydium_i2c_boot_trigger() (bsc#1051510). - Input: synaptics - enable RMI on HP Envy 13-ad105ng (bsc#1051510). - Input: synaptics - enable SMBus on ThinkPad L470 (bsc#1051510). - Input: synaptics - remove the LEN0049 dmi id from topbuttonpad list (bsc#1051510). - Input: synaptics - switch T470s to RMI4 by default (bsc#1051510). - intel_th: Fix user-visible error codes (bsc#1051510). - intel_th: pci: Add Elkhart Lake CPU support (bsc#1051510). - iommu/amd: Check feature support bit before accessing MSI capability registers (bsc#1166101). - iommu/amd: Fix the configuration of GCR3 table root pointer (bsc#1169057). - iommu/amd: Only support x2APIC with IVHD type 11h/40h (bsc#1166102). - iommu/dma: Fix MSI reservation allocation (bsc#1166730). - iommu/vt-d: dmar: replace WARN_TAINT with pr_warn + add_taint (bsc#1166731). - iommu/vt-d: Fix a bug in intel_iommu_iova_to_phys() for huge page (bsc#1166732). - iommu/vt-d: Fix compile warning from intel-svm.h (bsc#1166103). - iommu/vt-d: Fix the wrong printing in RHSA parsing (bsc#1166733). - iommu/vt-d: Ignore devices with out-of-spec domain number (bsc#1166734). - iommu/vt-d: quirk_ioat_snb_local_iommu: replace WARN_TAINT with pr_warn + add_taint (bsc#1166735). - ipmi:ssif: Handle a possible NULL pointer reference (bsc#1051510). - ipv4: ensure rcu_read_lock() in cipso_v4_error() (git-fixes). - ipvlan: do not add hardware address of master to its unicast filter list (bsc#1137325). - irqchip/bcm2835: Quiesce IRQs left enabled by bootloader (bsc#1051510). - irqdomain: Fix a memory leak in irq_domain_push_irq() (bsc#1051510). - iwlegacy: Fix -Wcast-function-type (bsc#1051510). - iwlwifi: mvm: Do not require PHY_SKU NVM section for 3168 devices (bsc#1166632). - iwlwifi: mvm: Fix thermal zone registration (bsc#1051510). - kABI: fixes for debugfs per-file removal protection backports (bsc#1159198 bsc#1109911). - kabi: invoke bpf_gen_ld_abs() directly (bsc#1158552). - kABI: restore debugfs_remove_recursive() (bsc#1159198). - kernel/module.c: Only return -EEXIST for modules that have finished loading (bsc#1165488). - kernel/module.c: wakeup processes in module_wq on module unload (bsc#1165488). - KVM: arm64: Store vcpu on the stack during __guest_enter() (bsc#1133021). - KVM: s390: do not clobber registers during guest reset/store status (bsc#1133021). - KVM: s390: ENOTSUPP -> EOPNOTSUPP fixups (bsc#1133021). - KVM: VMX: check descriptor table exits on instruction emulation (bsc#1166104). - l2tp: Allow duplicate session creation with UDP (networking-stable-20_02_05). - lcoking/rwsem: Add missing ACQUIRE to read_slowpath sleep loop (bsc#1050549). - libfs: fix infoleak in simple_attr_read() (bsc#1168881). - lib/raid6: add missing include for raid6test (bsc#1166003). - lib/raid6: add option to skip algo benchmarking (bsc#1166003). - lib/raid6/altivec: Add vpermxor implementation for raid6 Q syndrome (bsc#1166003). - lib/raid6: avoid __attribute_const__ redefinition (bsc#1166003). - locking/rwsem: Prevent decrement of reader count before increment (bsc#1050549). - mac80211: consider more elements in parsing CRC (bsc#1051510). - mac80211: Do not send mesh HWMP PREQ if HWMP is disabled (bsc#1051510). - mac80211: free peer keys before vif down in mesh (bsc#1051510). - mac80211: mesh: fix RCU warning (bsc#1051510). - mac80211: only warn once on chanctx_conf being NULL (bsc#1051510). - mac80211: rx: avoid RCU list traversal under mutex (bsc#1051510). - macsec: add missing attribute validation for port (bsc#1051510). - macsec: fix refcnt leak in module exit routine (bsc#1051510). - md: add __acquires/__releases annotations to handle_active_stripes (bsc#1166003). - md: add __acquires/__releases annotations to (un)lock_two_stripes (bsc#1166003). - md: add a missing endianness conversion in check_sb_changes (bsc#1166003). - md: add bitmap_abort label in md_run (bsc#1166003). - md: add feature flag MD_FEATURE_RAID0_LAYOUT (bsc#1166003). - md: allow last device to be forcibly removed from RAID1/RAID10 (bsc#1166003). - md: avoid invalid memory access for array sb->dev_roles (bsc#1166003). - md/bitmap: avoid race window between md_bitmap_resize and bitmap_file_clear_bit (bsc#1166003). - md-bitmap: create and destroy wb_info_pool with the change of backlog (bsc#1166003). - md-bitmap: create and destroy wb_info_pool with the change of bitmap (bsc#1166003). - md-bitmap: small cleanups (bsc#1166003). - md/bitmap: use mddev_suspend/resume instead of ->quiesce() (bsc#1166003). - md-cluster/bitmap: do not call md_bitmap_sync_with_cluster during reshaping stage (bsc#1166003). - md-cluster: introduce resync_info_get interface for sanity check (bsc#1166003). - md-cluster/raid10: call update_size in md_reap_sync_thread (bsc#1166003). - md-cluster/raid10: do not call remove_and_add_spares during reshaping stage (bsc#1166003). - md-cluster/raid10: resize all the bitmaps before start reshape (bsc#1166003). - md-cluster/raid10: support add disk under grow mode (bsc#1166003). - md-cluster: remove suspend_info (bsc#1166003). - md-cluster: send BITMAP_NEEDS_SYNC message if reshaping is interrupted (bsc#1166003). - md: convert to kvmalloc (bsc#1166003). - md: do not call spare_active in md_reap_sync_thread if all member devices can't work (bsc#1166003). - md: do not set In_sync if array is frozen (bsc#1166003). - md: fix an error code format and remove unsed bio_sector (bsc#1166003). - md: fix a typo s/creat/create (bsc#1166003). - md: fix for divide error in status_resync (bsc#1166003). - md: fix spelling typo and add necessary space (bsc#1166003). - md: introduce mddev_create/destroy_wb_pool for the change of member device (bsc#1166003). - md: introduce new personality funciton start() (bsc#1166003). - md-linear: use struct_size() in kzalloc() (bsc#1166003). - md: Make bio_alloc_mddev use bio_alloc_bioset (bsc#1166003). - md: make sure desc_nr less than MD_SB_DISKS (bsc#1166003). - md: md.c: Return -ENODEV when mddev is NULL in rdev_attr_show (bsc#1166003). - md: no longer compare spare disk superblock events in super_load (bsc#1166003). - md/r5cache: remove redundant pointer bio (bsc#1166003). - md/raid0: Fix an error message in raid0_make_request() (bsc#1166003). - md raid0/linear: Mark array as 'broken' and fail BIOs if a member is gone (bsc#1166003). - md/raid10: end bio when the device faulty (bsc#1166003). - md/raid10: Fix raid10 replace hang when new added disk faulty (bsc#1166003). - md/raid10: prevent access of uninitialized resync_pages offset (bsc#1166003). - md/raid10: read balance chooses idlest disk for SSD (bsc#1166003). - md: raid10: Use struct_size() in kmalloc() (bsc#1166003). - md/raid1: avoid soft lockup under high load (bsc#1166003). - md: raid1: check rdev before reference in raid1_sync_request func (bsc#1166003). - md/raid1: end bio when the device faulty (bsc#1166003). - md/raid1: fail run raid1 array when active disk less than one (bsc#1166003). - md/raid1: Fix a warning message in remove_wb() (bsc#1166003). - md/raid1: fix potential data inconsistency issue with write behind device (bsc#1166003). - md/raid1: get rid of extra blank line and space (bsc#1166003). - md/raid5: Assigning NULL to sh->batch_head before testing bit R5_Overlap of a stripe (bsc#1166003). - md/raid5: use bio_end_sector to calculate last_sector (bsc#1166003). - md/raid6: fix algorithm choice under larger PAGE_SIZE (bsc#1166003). - md/raid6: implement recovery using ARM NEON intrinsics (bsc#1166003). - md: remove a bogus comment (bsc#1166003). - md: remove redundant code that is no longer reachable (bsc#1166003). - md: remove set but not used variable 'bi_rdev' (bsc#1166003). - md: rename wb stuffs (bsc#1166003). - md: return -ENODEV if rdev has no mddev assigned (bsc#1166003). - md: use correct type in super_1_load (bsc#1166003). - md: use correct type in super_1_sync (bsc#1166003). - md: use correct types in md_bitmap_print_sb (bsc#1166003). - media: dib0700: fix rc endpoint lookup (bsc#1051510). - media: flexcop-usb: fix endpoint sanity check (git-fixes). - media: go7007: Fix URB type for interrupt handling (bsc#1051510). - media: ov519: add missing endpoint sanity checks (bsc#1168829). - media: ov6650: Fix .get_fmt() V4L2_SUBDEV_FORMAT_TRY support (bsc#1051510). - media: ov6650: Fix some format attributes not under control (bsc#1051510). - media: ov6650: Fix stored crop rectangle not in sync with hardware (bsc#1051510). - media: ov6650: Fix stored frame format not in sync with hardware (bsc#1051510). - media: stv06xx: add missing descriptor sanity checks (bsc#1168854). - media: tda10071: fix unsigned sign extension overflow (bsc#1051510). - media: usbtv: fix control-message timeouts (bsc#1051510). - media: uvcvideo: Refactor teardown of uvc on USB disconnect (bsc#1164507). - media: v4l2-core: fix entity initialization in device_register_subdev (bsc#1051510). - media: vsp1: tidyup VI6_HGT_LBn_H() macro (bsc#1051510). - media: xirlink_cit: add missing descriptor sanity checks (bsc#1051510). - mfd: dln2: Fix sanity checking for endpoints (bsc#1051510). - misc: pci_endpoint_test: Fix to support > 10 pci-endpoint-test devices (bsc#1051510). - mmc: sdhci-of-at91: fix cd-gpios for SAMA5D2 (bsc#1051510). - mm/filemap.c: do not initiate writeback if mapping has no dirty pages (bsc#1168884). - mm/memory_hotplug.c: only respect mem= parameter during boot stage (bsc#1065600). - MM: replace PF_LESS_THROTTLE with PF_LOCAL_THROTTLE (bsc#1163403). - mm: Use overflow helpers in kvmalloc() (bsc#1166003). - mwifiex: set needed_headroom, not hard_header_len (bsc#1051510). - net: core: another layer of lists, around PF_MEMALLOC skb handling (bsc#1050549). - net: cxgb3_main: Add CAP_NET_ADMIN check to CHELSIO_GET_MEM (networking-stable-20_01_27). - net: dsa: mv88e6xxx: Preserve priority when setting CPU port (networking-stable-20_01_11). - net: dsa: tag_qca: fix doubled Tx statistics (networking-stable-20_01_20). - net: dsa: tag_qca: Make sure there is headroom for tag (networking-stable-20_02_19). - net: ena: Add PCI shutdown handler to allow safe kexec (bsc#1167421, bsc#1167423). - net/ethtool: Introduce link_ksettings API for virtual network devices (bsc#1136157 ltc#177197). - netfilter: conntrack: sctp: use distinct states for new SCTP connections (bsc#1159199). - net: hns: fix soft lockup when there is not enough memory (networking-stable-20_01_20). - net: hsr: fix possible NULL deref in hsr_handle_frame() (networking-stable-20_02_05). - net: ip6_gre: fix moving ip6gre between namespaces (networking-stable-20_01_27). - net, ip6_tunnel: fix namespaces move (networking-stable-20_01_27). - net, ip_tunnel: fix namespaces move (networking-stable-20_01_27). - net: macb: Limit maximum GEM TX length in TSO (networking-stable-20_02_09). - net: macb: Remove unnecessary alignment check for TSO (networking-stable-20_02_09). - net/mlxfw: Verify FSM error code translation does not exceed array size (bsc#1051858). - net: mvneta: move rx_dropped and rx_errors in per-cpu stats (networking-stable-20_02_09). - net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL (bsc#1051510). - net: nfc: fix bounds checking bugs on 'pipe' (bsc#1051510). - net: phy: micrel: kszphy_resume(): add delay after genphy_resume() before accessing PHY registers (bsc#1051510). - net: rtnetlink: validate IFLA_MTU attribute in rtnl_create_link() (networking-stable-20_01_27). - net_sched: ematch: reject invalid TCF_EM_SIMPLE (networking-stable-20_01_30). - net_sched: fix an OOB access in cls_tcindex (networking-stable-20_02_05). - net_sched: fix a resource leak in tcindex_set_parms() (networking-stable-20_02_09). - net_sched: fix datalen for ematch (networking-stable-20_01_27). - net/sched: flower: add missing validation of TCA_FLOWER_FLAGS (networking-stable-20_02_19). - net_sched: keep alloc_hash updated after hash allocation (git-fixes). - net/sched: matchall: add missing validation of TCA_MATCHALL_FLAGS (networking-stable-20_02_19). - net: sch_prio: When ungrafting, replace with FIFO (networking-stable-20_01_11). - net/smc: add fallback check to connect() (git-fixes). - net/smc: fix leak of kernel memory to user space (networking-stable-20_02_19). - net/smc: fix refcount non-blocking connect() -part 2 (git-fixes). - net: stmmac: Delete txtimer in suspend() (networking-stable-20_02_05). - net: stmmac: dwmac-sunxi: Allow all RGMII modes (networking-stable-20_01_11). - net-sysfs: Fix reference count leak (networking-stable-20_01_27). - net: systemport: Avoid RBUF stuck in Wake-on-LAN mode (networking-stable-20_02_09). - net: usb: lan78xx: Add .ndo_features_check (networking-stable-20_01_27). - net: usb: lan78xx: fix possible skb leak (networking-stable-20_01_11). - net/wan/fsl_ucc_hdlc: fix out of bounds write on array utdm_info (networking-stable-20_01_20). - NFC: fdp: Fix a signedness bug in fdp_nci_send_patch() (bsc#1051510). - NFC: pn544: Fix a typo in a debug message (bsc#1051510). - NFC: port100: Convert cpu_to_le16(le16_to_cpu(E1) + E2) to use le16_add_cpu() (bsc#1051510). - NFS: send state management on a single connection (bsc#1167005). - nvme-multipath: fix possible I/O hang when paths are updated (bsc#1158983). - objtool: Add is_static_jump() helper (bsc#1169514). - objtool: Add relocation check for alternative sections (bsc#1169514). - OMAP: DSS2: remove non-zero check on variable r (bsc#1114279) - orinoco: avoid assertion in case of NULL pointer (bsc#1051510). - padata: always acquire cpu_hotplug_lock before pinst->lock (git-fixes). - partitions/efi: Fix partition name parsing in GUID partition entry (bsc#1168763). - PCI/ASPM: Clear the correct bits when enabling L1 substates (bsc#1051510). - PCI: endpoint: Fix clearing start entry in configfs (bsc#1051510). - PCI: pciehp: Fix MSI interrupt race (bsc#1159037). - PCI/switchtec: Fix init_completion race condition with poll_wait() (bsc#1051510). - perf/amd/uncore: Replace manual sampling check with CAP_NO_INTERRUPT flag (bsc#1114279). - perf: qcom_l2: fix column exclusion check (git-fixes). - pinctrl: baytrail: Do not clear IRQ flags on direct-irq enabled pins (bsc#1051510). - pinctrl: core: Remove extra kref_get which blocks hogs being freed (bsc#1051510). - pinctrl: sh-pfc: sh7264: Fix CAN function GPIOs (bsc#1051510). - pinctrl: sh-pfc: sh7269: Fix CAN function GPIOs (bsc#1051510). - pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM (networking-stable-20_01_11). - platform/x86: pmc_atom: Add Lex 2I385SW to critclk_systems DMI table (bsc#1051510). - PM: core: Fix handling of devices deleted during system-wide resume (git-fixes). - powerpc/64: mark start_here_multiplatform as __ref (bsc#1148868). - powerpc/64s: Fix section mismatch warnings from boot code (bsc#1148868). - powerpc/64/tm: Do not let userspace set regs->trap via sigreturn (bsc#1118338 ltc#173734). - powerpc: fix hardware PMU exception bug on PowerVM compatibility mode systems (bsc#1056686). - powerpc/hash64/devmap: Use H_PAGE_THP_HUGE when setting up huge devmap PTE entries (bsc#1065729). - powerpc/kprobes: Ignore traps that happened in real mode (bsc#1065729). - powerpc/mm: Fix section mismatch warning in stop_machine_change_mapping() (bsc#1148868). - powerpc/pseries: Avoid NULL pointer dereference when drmem is unavailable (bsc#1160659). - powerpc/pseries: group lmb operation and memblock's (bsc#1165404 ltc#183498). - powerpc/pseries/memory-hotplug: Only update DT once per memory DLPAR request (bsc#1165404 ltc#183498). - powerpc/pseries: update device tree before ejecting hotplug uevents (bsc#1165404 ltc#183498). - powerpc/smp: Use nid as fallback for package_id (bsc#1165813 ltc#184091). - powerpc/vmlinux.lds: Explicitly retain .gnu.hash (bsc#1148868). - powerpc/xive: Replace msleep(x) with msleep(OPAL_BUSY_DELAY_MS) (bsc#1085030). - powerpc/xive: Use XIVE_BAD_IRQ instead of zero to catch non configured IPIs (bsc#1085030). - pwm: bcm2835: Dynamically allocate base (bsc#1051510). - pwm: meson: Fix confusing indentation (bsc#1051510). - pwm: pca9685: Fix PWM/GPIO inter-operation (bsc#1051510). - pwm: rcar: Fix late Runtime PM enablement (bsc#1051510). - pwm: renesas-tpu: Fix late Runtime PM enablement (bsc#1051510). - pxa168fb: fix release function mismatch in probe failure (bsc#1051510). - qmi_wwan: re-add DW5821e pre-production variant (bsc#1051510). - qmi_wwan: unconditionally reject 2 ep interfaces (bsc#1051510). - raid10: refactor common wait code from regular read/write request (bsc#1166003). - raid1: factor out a common routine to handle the completion of sync write (bsc#1166003). - raid1: simplify raid1_error function (bsc#1166003). - raid1: use an int as the return value of raise_barrier() (bsc#1166003). - raid5: block failing device if raid will be failed (bsc#1166003). - raid5-cache: Need to do start() part job after adding journal device (bsc#1166003). - raid5: copy write hint from origin bio to stripe (bsc#1166003). - raid5: do not increment read_errors on EILSEQ return (bsc#1166003). - raid5: do not set STRIPE_HANDLE to stripe which is in batch list (bsc#1166003). - raid5 improve too many read errors msg by adding limits (bsc#1166003). - raid5: need to set STRIPE_HANDLE for batch head (bsc#1166003). - raid5: remove STRIPE_OPS_REQ_PENDING (bsc#1166003). - raid5: remove worker_cnt_per_group argument from alloc_thread_groups (bsc#1166003). - raid5: set write hint for PPL (bsc#1166003). - raid5: use bio_end_sector in r5_next_bio (bsc#1166003). - raid6/test: fix a compilation error (bsc#1166003). - raid6/test: fix a compilation warning (bsc#1166003). - remoteproc: Initialize rproc_class before use (bsc#1051510). - rtlwifi: rtl8192de: Fix missing callback that tests for hw release of buffer (git-fixes). - rtlwifi: rtl_pci: Fix -Wcast-function-type (bsc#1051510). - rxrpc: Fix insufficient receive notification generation (networking-stable-20_02_05). - s390/mm: fix dynamic pagetable upgrade for hugetlbfs (bsc#1165182 LTC#184102). - scsi: core: avoid repetitive logging of device offline messages (bsc#1145929). - scsi: core: kABI fix offline_already (bsc#1145929). - scsi: fnic: do not queue commands during fwreset (bsc#1146539). - scsi: ibmvfc: Add failed PRLI to cmd_status lookup array (bsc#1161951 ltc#183551). - scsi: ibmvfc: Avoid loss of all paths during SVC node reboot (bsc#1161951 ltc#183551). - scsi: ibmvfc: Byte swap status and error codes when logging (bsc#1161951 ltc#183551). - scsi: ibmvfc: Clean up transport events (bsc#1161951 ltc#183551). - scsi: ibmvfc: constify dev_pm_ops structures (bsc#1161951 ltc#183551). - scsi: ibmvfc: Do not call fc_block_scsi_eh() on host reset (bsc#1161951 ltc#183551). - scsi: ibmvfc: Fix NULL return compiler warning (bsc#1161951 ltc#183551). Refresh sorted patches. - scsi: ibmvfc: ibmvscsi: ibmvscsi_tgt: constify vio_device_id (bsc#1161951 ltc#183551). - scsi: ibmvfc: Mark expected switch fall-throughs (bsc#1161951 ltc#183551). - scsi: ibmvfc: Remove 'failed' from logged errors (bsc#1161951 ltc#183551). - scsi: ibmvfc: Remove unneeded semicolons (bsc#1161951 ltc#183551). - scsi: ibmvscsi: change strncpy+truncation to strlcpy (bsc#1161951 ltc#183551). - scsi: ibmvscsi: constify dev_pm_ops structures (bsc#1161951 ltc#183551). - scsi: ibmvscsi: Do not use rc uninitialized in ibmvscsi_do_work (bsc#1161951 ltc#183551). - scsi: ibmvscsi: fix tripping of blk_mq_run_hw_queue WARN_ON (bsc#1161951 ltc#183551). - scsi: ibmvscsi: Improve strings handling (bsc#1161951 ltc#183551). - scsi: ibmvscsi: redo driver work thread to use enum action states (bsc#1161951 ltc#183551). - scsi: ibmvscsi: Wire up host_reset() in the driver's scsi_host_template (bsc#1161951 ltc#183551). - scsi: qla2xxx: Add 16.0GT for PCI String (bsc#1157424). - scsi: qla2xxx: Add beacon LED config sysfs interface (bsc#1157424). - scsi: qla2xxx: Add changes in preparation for vendor extended FDMI/RDP (bsc#1157424). - scsi: qla2xxx: Add deferred queue for processing ABTS and RDP (bsc#1157424). - scsi: qla2xxx: Add endianizer macro calls to fc host stats (bsc#1157424). - scsi: qla2xxx: Add fixes for mailbox command (bsc#1157424). - scsi: qla2xxx: add more FW debug information (bsc#1157424). - scsi: qla2xxx: Add ql2xrdpenable module parameter for RDP (bsc#1157424). - scsi: qla2xxx: Add sysfs node for D-Port Diagnostics AEN data (bsc#1157424). - scsi: qla2xxx: Add vendor extended FDMI commands (bsc#1157424). - scsi: qla2xxx: Add vendor extended RDP additions and amendments (bsc#1157424). - scsi: qla2xxx: Avoid setting firmware options twice in 24xx_update_fw_options (bsc#1157424). - scsi: qla2xxx: Check locking assumptions at runtime in qla2x00_abort_srb() (bsc#1157424). - scsi: qla2xxx: Cleanup ELS/PUREX iocb fields (bsc#1157424). - scsi: qla2xxx: Convert MAKE_HANDLE() from a define into an inline function (bsc#1157424). - scsi: qla2xxx: Correction to selection of loopback/echo test (bsc#1157424). - scsi: qla2xxx: Display message for FCE enabled (bsc#1157424). - scsi: qla2xxx: Fix control flags for login/logout IOCB (bsc#1157424). - scsi: qla2xxx: Fix FCP-SCSI FC4 flag passing error (bsc#1157424). - scsi: qla2xxx: fix FW resource count values (bsc#1157424). - scsi: qla2xxx: Fix I/Os being passed down when FC device is being deleted (bsc#1157424). - scsi: qla2xxx: Fix NPIV instantiation after FW dump (bsc#1157424). - scsi: qla2xxx: Fix qla2x00_echo_test() based on ISP type (bsc#1157424). - scsi: qla2xxx: Fix RDP respond data format (bsc#1157424). - scsi: qla2xxx: Fix RDP response size (bsc#1157424). - scsi: qla2xxx: Fix sparse warning reported by kbuild bot (bsc#1157424). - scsi: qla2xxx: Fix sparse warnings triggered by the PCI state checking code (bsc#1157424). - scsi: qla2xxx: Force semaphore on flash validation failure (bsc#1157424). - scsi: qla2xxx: Handle cases for limiting RDP response payload length (bsc#1157424). - scsi: qla2xxx: Handle NVME status iocb correctly (bsc#1157424). - scsi: qla2xxx: Improved secure flash support messages (bsc#1157424). - scsi: qla2xxx: Move free of fcport out of interrupt context (bsc#1157424). - scsi: qla2xxx: Print portname for logging in qla24xx_logio_entry() (bsc#1157424). - scsi: qla2xxx: Remove restriction of FC T10-PI and FC-NVMe (bsc#1157424). - scsi: qla2xxx: Return appropriate failure through BSG Interface (bsc#1157424). - scsi: qla2xxx: Save rscn_gen for new fcport (bsc#1157424). - scsi: qla2xxx: Serialize fc_port alloc in N2N (bsc#1157424). - scsi: qla2xxx: Set Nport ID for N2N (bsc#1157424). - scsi: qla2xxx: Show correct port speed capabilities for RDP command (bsc#1157424). - scsi: qla2xxx: Simplify the code for aborting SCSI commands (bsc#1157424). - scsi: qla2xxx: Suppress endianness complaints in qla2x00_configure_local_loop() (bsc#1157424). - scsi: qla2xxx: Update BPM enablement semantics (bsc#1157424). - scsi: qla2xxx: Update driver version to 10.01.00.24-k (bsc#1157424). - scsi: qla2xxx: Update driver version to 10.01.00.25-k (bsc#1157424). - scsi: qla2xxx: Use a dedicated interrupt handler for 'handshake-required' ISPs (bsc#1157424). - scsi: qla2xxx: Use correct ISP28xx active FW region (bsc#1157424). - scsi: qla2xxx: Use endian macros to assign static fields in fwdump header (bsc#1157424). - scsi: qla2xxx: Use FC generic update firmware options routine for ISP27xx (bsc#1157424). - scsi: qla2xxx: Use QLA_FW_STOPPED macro to propagate flag (bsc#1157424). - scsi: tcm_qla2xxx: Make qlt_alloc_qfull_cmd() set cmd->se_cmd.map_tag (bsc#1157424). - sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY (networking-stable-20_01_11). - serdev: ttyport: restore client ops on deregistration (bsc#1051510). - smb3: add debug messages for closing unmatched open (bsc#1144333). - smb3: Add defines for new information level, FileIdInformation (bsc#1144333). - smb3: add dynamic tracepoints for flush and close (bsc#1144333). - smb3: add missing flag definitions (bsc#1144333). - smb3: Add missing reparse tags (bsc#1144333). - smb3: add missing worker function for SMB3 change notify (bsc#1144333). - smb3: add mount option to allow forced caching of read only share (bsc#1144333). - smb3: add mount option to allow RW caching of share accessed by only 1 client (bsc#1144333). - smb3: add one more dynamic tracepoint missing from strict fsync path (bsc#1144333). - smb3: add some more descriptive messages about share when mounting cache=ro (bsc#1144333). - smb3: allow decryption keys to be dumped by admin for debugging (bsc#1144333). - smb3: allow disabling requesting leases (bsc#1144333). - smb3: allow parallelizing decryption of reads (bsc#1144333). - smb3: allow skipping signature verification for perf sensitive configurations (bsc#1144333). - SMB3: Backup intent flag missing from some more ops (bsc#1144333). - smb3: cleanup some recent endian errors spotted by updated sparse (bsc#1144333). - smb3: display max smb3 requests in flight at any one time (bsc#1144333). - smb3: dump in_send and num_waiters stats counters by default (bsc#1144333). - smb3: enable offload of decryption of large reads via mount option (bsc#1144333). - smb3: fix default permissions on new files when mounting with modefromsid (bsc#1144333). - smb3: fix mode passed in on create for modetosid mount option (bsc#1144333). - smb3: fix performance regression with setting mtime (bsc#1144333). - smb3: fix potential null dereference in decrypt offload (bsc#1144333). - smb3: fix problem with null cifs super block with previous patch (bsc#1144333). - smb3: Fix regression in time handling (bsc#1144333). - smb3: improve check for when we send the security descriptor context on create (bsc#1144333). - smb3: log warning if CSC policy conflicts with cache mount option (bsc#1144333). - smb3: missing ACL related flags (bsc#1144333). - smb3: only offload decryption of read responses if multiple requests (bsc#1144333). - smb3: pass mode bits into create calls (bsc#1144333). - smb3: print warning once if posix context returned on open (bsc#1144333). - smb3: query attributes on file close (bsc#1144333). - smb3: remove noisy debug message and minor cleanup (bsc#1144333). - smb3: remove unused flag passed into close functions (bsc#1144333). - staging: ccree: use signal safe completion wait (git-fixes). - staging: rtl8188eu: Add ASUS USB-N10 Nano B1 to device table (bsc#1051510). - staging: rtl8188eu: Fix potential overuse of kernel memory (bsc#1051510). - staging: rtl8188eu: Fix potential security hole (bsc#1051510). - staging: rtl8723bs: Fix potential overuse of kernel memory (bsc#1051510). - staging: rtl8723bs: Fix potential security hole (bsc#1051510). - staging: vt6656: fix sign of rx_dbm to bb_pre_ed_rssi (bsc#1051510). - staging: wlan-ng: fix ODEBUG bug in prism2sta_disconnect_usb (bsc#1051510). - staging: wlan-ng: fix use-after-free Read in hfa384x_usbin_callback (bsc#1051510). - SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202). - tcp_bbr: improve arithmetic division in bbr_update_bw() (networking-stable-20_01_27). - tcp: clear tp->data_segs{in|out} in tcp_disconnect() (networking-stable-20_02_05). - tcp: clear tp->delivered in tcp_disconnect() (networking-stable-20_02_05). - tcp: clear tp->segs_{in|out} in tcp_disconnect() (networking-stable-20_02_05). - tcp: clear tp->total_retrans in tcp_disconnect() (networking-stable-20_02_05). - tcp: fix marked lost packets not being retransmitted (networking-stable-20_01_20). - tcp: fix 'old stuff' D-SACK causing SACK to be treated as D-SACK (networking-stable-20_01_11). - thermal: devfreq_cooling: inline all stubs for CONFIG_DEVFREQ_THERMAL=n (bsc#1051510). - thunderbolt: Prevent crash if non-active NVMem file is read (git-fixes). - tick: broadcast-hrtimer: Fix a race in bc_set_next (bsc#1044231). - tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure (git-fixes). - tools: Update include/uapi/linux/fcntl.h copy from the kernel (bsc#1166003). - tpm: ibmvtpm: Wait for buffer to be set before proceeding (bsc#1065729). - tty: evh_bytechan: Fix out of bounds accesses (bsc#1051510). - ttyprintk: fix a potential deadlock in interrupt context issue (git-fixes). - tty/serial: atmel: manage shutdown in case of RS485 or ISO7816 mode (bsc#1051510). - tty: serial: imx: setup the correct sg entry for tx dma (bsc#1051510). - USB: cdc-acm: fix rounding error in TIOCSSERIAL (git-fixes). - USB: core: add endpoint-blacklist quirk (git-fixes). - USB: core: hub: do error out if usb_autopm_get_interface() fails (git-fixes). - USB: core: port: do error out if usb_autopm_get_interface() fails (git-fixes). - USB: Disable LPM on WD19's Realtek Hub (git-fixes). - USB: dwc2: Fix in ISOC request length checking (git-fixes). - USB: Fix novation SourceControl XL after suspend (git-fixes). - USB: gadget: composite: Fix bMaxPower for SuperSpeedPlus (git-fixes). - USB: gadget: f_fs: Fix use after free issue as part of queue failure (bsc#1051510). - USB: host: xhci-plat: add a shutdown (git-fixes). - USB: host: xhci: update event ring dequeue pointer on purpose (git-fixes). - USB: hub: Do not record a connect-change event during reset-resume (git-fixes). - usbip: Fix uninitialized symbol 'nents' in stub_recv_cmd_submit() (git-fixes). - USB: misc: iowarrior: add support for 2 OEMed devices (git-fixes). - USB: misc: iowarrior: add support for the 100 device (git-fixes). - USB: misc: iowarrior: add support for the 28 and 28L devices (git-fixes). - USB: musb: Disable pullup at init (git-fixes). - USB: musb: fix crash with highmen PIO and usbmon (bsc#1051510). - USB: quirks: add NO_LPM quirk for Logitech Screen Share (git-fixes). - USB: quirks: add NO_LPM quirk for RTL8153 based ethernet adapters (git-fixes). - USB: quirks: blacklist duplicate ep on Sound Devices USBPre2 (git-fixes). - USB: serial: io_edgeport: fix slab-out-of-bounds read in edge_interrupt_callback (bsc#1051510). - USB: serial: option: add ME910G1 ECM composition 0x110b (git-fixes). - USB: serial: pl2303: add device-id for HP LD381 (git-fixes). - USB: storage: Add quirk for Samsung Fit flash (git-fixes). - USB: uas: fix a plug & unplug racing (git-fixes). - USB: xhci: apply XHCI_SUSPEND_DELAY to AMD XHCI controller 1022:145c (git-fixes). - uvcvideo: Refactor teardown of uvc on USB disconnect (bsc#1164507) - vgacon: Fix a UAF in vgacon_invert_region (bsc#1114279) - virtio-blk: fix hw_queue stopped on arbitrary error (git-fixes). - vlan: fix memory leak in vlan_dev_set_egress_priority (networking-stable-20_01_11). - vlan: vlan_changelink() should propagate errors (networking-stable-20_01_11). - vxlan: fix tos value before xmit (networking-stable-20_01_11). - x86/cpu/amd: Enable the fixed Instructions Retired counter IRPERF (bsc#1114279). - x86/mce/amd: Fix kobject lifetime (bsc#1114279). - x86/mce/amd: Publish the bank pointer only after setup has succeeded (bsc#1114279). - x86/mce: Fix logic and comments around MSR_PPIN_CTL (bsc#1114279). - x86/mm: Split vmalloc_sync_all() (bsc#1165741). - x86/pkeys: Manually set X86_FEATURE_OSPKE to preserve existing changes (bsc#1114279). - xen/blkfront: fix memory allocation flags in blkfront_setup_indirect() (bsc#1168486). - xfs: also remove cached ACLs when removing the underlying attr (bsc#1165873). - xfs: bulkstat should copy lastip whenever userspace supplies one (bsc#1165984). - xhci: apply XHCI_PME_STUCK_QUIRK to Intel Comet Lake platforms (git-fixes). - xhci: Do not open code __print_symbolic() in xhci trace events (git-fixes). - xhci: fix runtime pm enabling for quirky Intel hosts (bsc#1051510). - xhci: Force Maximum Packet size for Full-speed bulk devices to valid range (bsc#1051510). Important SUSE bug 1044231 SUSE bug 1050549 SUSE bug 1051510 SUSE bug 1051858 SUSE bug 1056686 SUSE bug 1060463 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1083647 SUSE bug 1085030 SUSE bug 1104967 SUSE bug 1109911 SUSE bug 1114279 SUSE bug 1118338 SUSE bug 1120386 SUSE bug 1133021 SUSE bug 1136157 SUSE bug 1137325 SUSE bug 1144333 SUSE bug 1145051 SUSE bug 1145929 SUSE bug 1146539 SUSE bug 1148868 SUSE bug 1154385 SUSE bug 1157424 SUSE bug 1158552 SUSE bug 1158983 SUSE bug 1159037 SUSE bug 1159142 SUSE bug 1159198 SUSE bug 1159199 SUSE bug 1159285 SUSE bug 1160659 SUSE bug 1161951 SUSE bug 1162929 SUSE bug 1162931 SUSE bug 1163403 SUSE bug 1163508 SUSE bug 1163897 SUSE bug 1164078 SUSE bug 1164284 SUSE bug 1164507 SUSE bug 1164893 SUSE bug 1165019 SUSE bug 1165111 SUSE bug 1165182 SUSE bug 1165404 SUSE bug 1165488 SUSE bug 1165527 SUSE bug 1165741 SUSE bug 1165813 SUSE bug 1165873 SUSE bug 1165949 SUSE bug 1165984 SUSE bug 1165985 SUSE bug 1166003 SUSE bug 1166101 SUSE bug 1166102 SUSE bug 1166103 SUSE bug 1166104 SUSE bug 1166632 SUSE bug 1166730 SUSE bug 1166731 SUSE bug 1166732 SUSE bug 1166733 SUSE bug 1166734 SUSE bug 1166735 SUSE bug 1166780 SUSE bug 1166860 SUSE bug 1166861 SUSE bug 1166862 SUSE bug 1166864 SUSE bug 1166866 SUSE bug 1166867 SUSE bug 1166868 SUSE bug 1166870 SUSE bug 1166940 SUSE bug 1167005 SUSE bug 1167288 SUSE bug 1167290 SUSE bug 1167316 SUSE bug 1167421 SUSE bug 1167423 SUSE bug 1167629 SUSE bug 1168075 SUSE bug 1168202 SUSE bug 1168276 SUSE bug 1168295 SUSE bug 1168424 SUSE bug 1168443 SUSE bug 1168486 SUSE bug 1168760 SUSE bug 1168762 SUSE bug 1168763 SUSE bug 1168764 SUSE bug 1168765 SUSE bug 1168829 SUSE bug 1168854 SUSE bug 1168881 SUSE bug 1168884 SUSE bug 1168952 SUSE bug 1169057 SUSE bug 1169390 SUSE bug 1169514 SUSE bug 1169625 CVE-2019-19768 CVE-2019-19770 CVE-2019-3701 CVE-2019-9458 CVE-2020-10942 CVE-2020-11494 CVE-2020-11669 CVE-2020-8647 CVE-2020-8649 CVE-2020-8834 CVE-2020-9383 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for icu fixes the following issues: - CVE-2020-10531: Fixed integer overflow in UnicodeString:doAppend() (bsc#1166844). Moderate SUSE bug 1166844 CVE-2020-10531 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for webkit2gtk3 fixes the following issues: Security issue fixed: - CVE-2020-3899: Fixed a memory consumption issue that could have led to remote code execution (bsc#1170643). Non-security issues fixed: - Update to version 2.28.2 (bsc#1170643): + Fix excessive CPU usage due to GdkFrameClock not being stopped. + Fix UI process crash when EGL_WL_bind_wayland_display extension is not available. + Fix position of select popup menus in X11. + Fix playing of Youtube 'live stream'/H264 URLs. + Fix a crash under X11 when cairo uses xcb. + Fix the build in MIPS64. + Fix several crashes and rendering issues. Important SUSE bug 1170643 CVE-2020-3899 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for openconnect fixes the following issue: Security issue fixed: - CVE-2020-12105: Fixed the improper handling of negative return values from X509_check_ function calls that might have allowed MITM attacks (bsc#1170452). Non-security issue fixed: - This is a rebuild to have a higher version than openconnect on Packagehub, to avoid having a vpnc dependency. (bsc#1142093) - A vpnc-script is included in this openconnect package. Moderate SUSE bug 1142093 SUSE bug 1170452 CVE-2020-12105 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for openexr provides the following fix: Security issues fixed: - CVE-2020-11764: Fixed an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp (bsc#1169574). - CVE-2020-11763: Fixed an out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp (bsc#1169576). - CVE-2020-11758: Fixed an out-of-bounds read in ImfOptimizedPixelReading.h (bsc#1169573). - CVE-2020-11760: Fixed an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp (bsc#1169580). Non-security issue fixed: - Enable tests when building the package on x86_64. (bsc#1146648) Moderate SUSE bug 1146648 SUSE bug 1169573 SUSE bug 1169574 SUSE bug 1169576 SUSE bug 1169580 CVE-2020-11758 CVE-2020-11760 CVE-2020-11763 CVE-2020-11764 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for Mesa fixes the following issues: Security issue fixed: - CVE-2019-5068: Fixed exploitable shared memory permissions vulnerability (bsc#1156015). Moderate SUSE bug 1156015 CVE-2019-5068 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for python to version 2.7.17 fixes the following issues: Syncing with lots of upstream bug fixes and security fixes. Bug fixes: - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825). - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen(). Now an InvalidURL exception is raised (bsc#1155094). - CVE-2020-8492: Fixed a regular expression in urllib that was prone to denial of service via HTTP (bsc#1162367). - Fixed mismatches between libpython and python-base versions (bsc#1162224). - Fixed segfault in libpython2.7.so.1 (bsc#1073748). - Unified packages among openSUSE:Factory and SLE versions (bsc#1159035). - Added idle.desktop and idle.appdata.xml to provide IDLE in menus (bsc#1153830). - Excluded tsl_check files from python-base to prevent file conflict with python-strict-tls-checks package (bsc#945401). - Changed the name of idle3 icons to idle3.png to avoid collision with Python 2 version (bsc#1165894). Additionally a new 'shared-python-startup' package is provided containing startup files. python-rpm-macros was updated to fix: - Do not write .pyc files for tests (bsc#1171561) Moderate SUSE bug 1027282 SUSE bug 1041090 SUSE bug 1042670 SUSE bug 1073269 SUSE bug 1073748 SUSE bug 1078326 SUSE bug 1078485 SUSE bug 1081750 SUSE bug 1084650 SUSE bug 1086001 SUSE bug 1149792 SUSE bug 1153830 SUSE bug 1155094 SUSE bug 1159035 SUSE bug 1162224 SUSE bug 1162367 SUSE bug 1162825 SUSE bug 1165894 SUSE bug 1170411 SUSE bug 1171561 SUSE bug 945401 CVE-2019-18348 CVE-2019-9674 CVE-2020-8492 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824). - CVE-2020-13143: Fixed an out-of-bounds read in gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c (bsc#1171982). - CVE-2020-12769: Fixed an issue which could have allowed attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one (bsc#1171983). - CVE-2020-12768: Fixed a memory leak in svm_cpu_uninit in arch/x86/kvm/svm.c (bsc#1171736). - CVE-2020-12657: An a use-after-free in block/bfq-iosched.c (bsc#1171205). - CVE-2020-12656: Fixed an improper handling of certain domain_release calls leadingch could have led to a memory leak (bsc#1171219). - CVE-2020-12655: Fixed an issue which could have allowed attackers to trigger a sync of excessive duration via an XFS v5 image with crafted metadata (bsc#1171217). - CVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171202). - CVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171195). - CVE-2020-12652: Fixed an issue which could have allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition (bsc#1171218). - CVE-2020-12464: Fixed a use-after-free due to a transfer without a reference (bsc#1170901). - CVE-2020-12114: Fixed a pivot_root race condition which could have allowed local users to cause a denial of service (panic) by corrupting a mountpoint reference counter (bsc#1171098). - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172317). - CVE-2020-10751: Fixed an improper implementation in SELinux LSM hook where it was assumed that an skb would only contain a single netlink message (bsc#1171189). - CVE-2020-10732: Fixed kernel data leak in userspace coredumps due to uninitialized data (bsc#1171220). - CVE-2020-10720: Fixed a use-after-free read in napi_gro_frags() (bsc#1170778). - CVE-2020-10711: Fixed a null pointer dereference in SELinux subsystem which could have allowed a remote network user to crash the kernel resulting in a denial of service (bsc#1171191). - CVE-2020-10690: Fixed the race between the release of ptp_clock and cdev (bsc#1170056). - CVE-2019-9455: Fixed a pointer leak due to a WARN_ON statement in a video driver. This could lead to local information disclosure with System execution privileges needed (bsc#1170345). - CVE-2019-20812: Fixed an issue in prb_calc_retire_blk_tmo() which could have resulted in a denial of service (bsc#1172453). - CVE-2019-20806: Fixed a null pointer dereference which may had lead to denial of service (bsc#1172199). - CVE-2019-19462: Fixed an issue which could have allowed local user to cause denial of service (bsc#1158265). - CVE-2018-1000199: Fixed a potential local code execution via ptrace (bsc#1089895). The following non-security bugs were fixed: - ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() (bsc#1051510). - ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() (bsc#1051510). - acpi/x86: ignore unspecified bit positions in the ACPI global lock field (bsc#1051510). - Add commit for git-fix that's not a fix This commit cleans up debug code but does not fix anything, and it relies on a new kernel function that isn't yet in this version of SLE. - agp/intel: Reinforce the barrier after GTT updates (bsc#1051510). - ALSA: ctxfi: Remove unnecessary cast in kfree (bsc#1051510). - ALSA: dummy: Fix PCM format loop in proc output (bsc#1111666). - ALSA: hda: Do not release card at firmware loading error (bsc#1051510). - ALSA: hda/hdmi: fix race in monitor detection during probe (bsc#1051510). - ALSA: hda/hdmi: fix without unlocked before return (bsc#1051510). - ALSA: hda: Keep the controller initialization even if no codecs found (bsc#1051510). - ALSA: hda/realtek - Add more fixup entries for Clevo machines (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC245 (bsc#1051510). - ALSA: hda/realtek - Add new codec supported for ALC287 (git-fixes). - ALSA: hda/realtek - Fix S3 pop noise on Dell Wyse (git-fixes). - ALSA: hda/realtek - Fix unexpected init_amp override (bsc#1051510). - ALSA: hda/realtek - Limit int mic boost for Thinkpad T530 (git-fixes bsc#1171293). - ALSA: hda/realtek - Two front mics on a Lenovo ThinkCenter (bsc#1051510). - ALSA: hwdep: fix a left shifting 1 by 31 UB bug (git-fixes). - ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option (git-fixes). - ALSA: opti9xx: shut up gcc-10 range warning (bsc#1051510). - ALSA: pcm: fix incorrect hw_base increase (git-fixes). - ALSA: pcm: oss: Place the plugin buffer overflow checks correctly (bsc#1170522). - ALSA-pcm-oss-Place-the-plugin-buffer-overflow-checks.patch - ALSA: rawmidi: Fix racy buffer resize under concurrent accesses (git-fixes). - ALSA: usb-audio: Add control message quirk delay for Kingston HyperX headset (git-fixes). - ALSA: usb-audio: Correct a typo of NuPrime DAC-10 USB ID (bsc#1051510). - ALSA: usb-audio: Do not override ignore_ctl_error value from the map (bsc#1051510). - ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif (bsc#1051510). - ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC (git-fixes). - ALSA: usx2y: Fix potential NULL dereference (bsc#1051510). - ASoC: codecs: hdac_hdmi: Fix incorrect use of list_for_each_entry (bsc#1051510). - ASoC: dapm: connect virtual mux with default value (bsc#1051510). - ASoC: dapm: fixup dapm kcontrol widget (bsc#1051510). - ASoC: dpcm: allow start or stop during pause for backend (bsc#1051510). - ASoC: fix regwmask (bsc#1051510). - ASoC: msm8916-wcd-digital: Reset RX interpolation path after use (bsc#1051510). - ASoC: samsung: Prevent clk_get_rate() calls in atomic context (bsc#1111666). - ASoC: topology: Check return value of pcm_new_ver (bsc#1051510). - ASoC: topology: use name_prefix for new kcontrol (bsc#1051510). - b43legacy: Fix case where channel status is corrupted (bsc#1051510). - batman-adv: fix batadv_nc_random_weight_tq (git-fixes). - batman-adv: Fix refcnt leak in batadv_show_throughput_override (git-fixes). - batman-adv: Fix refcnt leak in batadv_store_throughput_override (git-fixes). - batman-adv: Fix refcnt leak in batadv_v_ogm_process (git-fixes). - bcache: avoid unnecessary btree nodes flushing in btree_flush_write() (git fixes (block drivers)). - bcache: fix incorrect data type usage in btree_flush_write() (git fixes (block drivers)). - bcache: Revert 'bcache: shrink btree node cache after bch_btree_check()' (git fixes (block drivers)). - block/drbd: delete invalid function drbd_md_mark_dirty_ (bsc#1171527). - block: drbd: remove a stray unlock in __drbd_send_protocol() (bsc#1171599). - block: fix busy device checking in blk_drop_partitions again (bsc#1171948). - block: fix busy device checking in blk_drop_partitions (bsc#1171948). - block: fix memleak of bio integrity data (git fixes (block drivers)). - block: remove the bd_openers checks in blk_drop_partitions (bsc#1171948). - bnxt_en: fix memory leaks in bnxt_dcbnl_ieee_getets() (networking-stable-20_03_28). - bnxt_en: reinitialize IRQs when MTU is modified (networking-stable-20_03_14). - bonding/alb: make sure arp header is pulled before accessing it (networking-stable-20_03_14). - brcmfmac: abort and release host after error (bsc#1051510). - Btrfs: fix deadlock with memory reclaim during scrub (bsc#1172127). - btrfs: fix log context list corruption after rename whiteout error (bsc#1172342). - btrfs: fix partial loss of prealloc extent past i_size after fsync (bsc#1172343). - btrfs: move the dio_sem higher up the callchain (bsc#1171761). - btrfs: reloc: clear DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: reloc: fix reloc root leak and NULL pointer dereference (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: setup a nofs context for memory allocation at btrfs_create_tree() (bsc#1172127). - btrfs: setup a nofs context for memory allocation at __btrfs_set_acl (bsc#1172127). - btrfs: use nofs context when initializing security xattrs to avoid deadlock (bsc#1172127). - can: add missing attribute validation for termination (networking-stable-20_03_14). - cdc-acm: close race betrween suspend() and acm_softint (git-fixes). - cdc-acm: introduce a cool down (git-fixes). - ceph: fix double unlock in handle_cap_export() (bsc#1171694). - ceph: fix endianness bug when handling MDS session feature bits (bsc#1171695). - cgroup, netclassid: periodically release file_lock on classid updating (networking-stable-20_03_14). - CIFS: Allocate crypto structures on the fly for calculating signatures of incoming packets (bsc#1144333). - CIFS: Allocate encryption header through kmalloc (bsc#1144333). - CIFS: allow unlock flock and OFD lock across fork (bsc#1144333). - CIFS: check new file size when extending file by fallocate (bsc#1144333). - CIFS: cifspdu.h: Replace zero-length array with flexible-array member (bsc#1144333). - CIFS: clear PF_MEMALLOC before exiting demultiplex thread (bsc#1144333). - CIFS: do not share tcons with DFS (bsc#1144333). - CIFS: dump the session id and keys also for SMB2 sessions (bsc#1144333). - CIFS: ensure correct super block for DFS reconnect (bsc#1144333). - CIFS: Fix bug which the return value by asynchronous read is error (bsc#1144333). - CIFS: fix uninitialised lease_key in open_shroot() (bsc#1144333). - CIFS: improve read performance for page size 64KB & cache=strict & vers=2.1+ (bsc#1144333). - CIFS: Increment num_remote_opens stats counter even in case of smb2_query_dir_first (bsc#1144333). - CIFS: minor update to comments around the cifs_tcp_ses_lock mutex (bsc#1144333). - CIFS: protect updating server->dstaddr with a spinlock (bsc#1144333). - CIFS: smb2pdu.h: Replace zero-length array with flexible-array member (bsc#1144333). - CIFS: smbd: Calculate the correct maximum packet size for segmented SMBDirect send/receive (bsc#1144333). - CIFS: smbd: Check and extend sender credits in interrupt context (bsc#1144333). - CIFS: smbd: Check send queue size before posting a send (bsc#1144333). - CIFS: smbd: Do not schedule work to send immediate packet on every receive (bsc#1144333). - CIFS: smbd: Merge code to track pending packets (bsc#1144333). - CIFS: smbd: Properly process errors on ib_post_send (bsc#1144333). - CIFS: smbd: Update receive credits before sending and deal with credits roll back on failure before sending (bsc#1144333). - CIFS: Warn less noisily on default mount (bsc#1144333). - clk: Add clk_hw_unregister_composite helper function definition (bsc#1051510). - clk: imx6ull: use OSC clock during AXI rate change (bsc#1051510). - clk: imx: make mux parent strings const (bsc#1051510). - clk: mediatek: correct the clocks for MT2701 HDMI PHY module (bsc#1051510). - clk: sunxi-ng: a64: Fix gate bit of DSI DPHY (bsc#1051510). - clocksource/drivers/hyper-v: Set TSC clocksource as default w/ InvariantTSC (bsc#1170620). - clocksource: dw_apb_timer_of: Fix missing clockevent timers (bsc#1051510). - component: Silence bind error on -EPROBE_DEFER (bsc#1051510). - coresight: do not use the BIT() macro in the UAPI header (git fixes (block drivers)). - cpufreq: s3c64xx: Remove pointless NULL check in s3c64xx_cpufreq_driver_init (bsc#1051510). - crypto: ccp - AES CFB mode is a stream cipher (git-fixes). - crypto: ccp - Clean up and exit correctly on allocation failure (git-fixes). - crypto: ccp - Cleanup misc_dev on sev_exit() (bsc#1114279). - crypto: ccp - Cleanup sp_dev_master in psp_dev_destroy() (bsc#1114279). - debugfs: Add debugfs_create_xul() for hexadecimal unsigned long (git-fixes). - dmaengine: dmatest: Fix iteration non-stop logic (bsc#1051510). - dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574). - dm writecache: fix data corruption when reloading the target (git fixes (block drivers)). - dm writecache: fix incorrect flush sequence when doing SSD mode commit (git fixes (block drivers)). - dm writecache: verify watermark during resume (git fixes (block drivers)). - dm zoned: fix invalid memory access (git fixes (block drivers)). - dm zoned: reduce overhead of backing device checks (git fixes (block drivers)). - dm zoned: remove duplicate nr_rnd_zones increase in dmz_init_zone() (git fixes (block drivers)). - dm zoned: support zone sizes smaller than 128MiB (git fixes (block drivers)). - dp83640: reverse arguments to list_add_tail (git-fixes). - drivers: hv: Add a module description line to the hv_vmbus driver (bsc#1172253). - Drivers: HV: Send one page worth of kmsg dump over Hyper-V during panic (bsc#1170618). - Drivers: hv: vmbus: Fix the issue with freeing up hv_ctl_table_hdr (bsc#1170618). - Drivers: hv: vmbus: Get rid of MSR access from vmbus_drv.c (bsc#1170618). - Drivers: hv: vmus: Fix the check for return value from kmsg get dump buffer (bsc#1170618). - drivers/net/ibmvnic: Update VNIC protocol version reporting (bsc#1065729). - drm: amd/acp: fix broken menu structure (bsc#1114279) * context changes - drm/crc: Actually allow to change the crc source (bsc#1114279) * offset changes - drm/dp_mst: Fix clearing payload state on topology disable (bsc#1051510). - drm/dp_mst: Reformat drm_dp_check_act_status() a bit (bsc#1051510). - drm/edid: Fix off-by-one in DispID DTD pixel clock (bsc#1114279) - drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of (bsc#1114279) - drm/i915: properly sanity check batch_start_offset (bsc#1114279) * renamed display/intel_fbc.c -> intel_fb.c * renamed gt/intel_rc6.c -> intel_pm.c * context changes - drm/meson: Delete an error message in meson_dw_hdmi_bind() (bsc#1051510). - drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem (bsc#1114279) - drm/qxl: qxl_release leak in qxl_draw_dirty_fb() (bsc#1051510). - drm/qxl: qxl_release leak in qxl_hw_surface_alloc() (bsc#1051510). - drm/qxl: qxl_release use after free (bsc#1051510). - drm: Remove PageReserved manipulation from drm_pci_alloc (bsc#1114279) * offset changes - dump_stack: avoid the livelock of the dump_lock (git fixes (block drivers)). - EDAC, sb_edac: Add support for systems with segmented PCI buses (bsc#1169525). - ext4: do not zeroout extents beyond i_disksize (bsc#1167851). - ext4: fix extent_status fragmentation for plain files (bsc#1171949). - ext4: use non-movable memory for superblock readahead (bsc#1171952). - fanotify: fix merging marks masks with FAN_ONDIR (bsc#1171679). - fbcon: fix null-ptr-deref in fbcon_switch (bsc#1114279) * rename drivers/video/fbdev/core to drivers/video/console * context changes - fib: add missing attribute validation for tun_id (networking-stable-20_03_14). - firmware: qcom: scm: fix compilation error when disabled (bsc#1051510). - fs/cifs: fix gcc warning in sid_to_id (bsc#1144333). - fs/seq_file.c: simplify seq_file iteration code and interface (bsc#1170125). - gpio: tegra: mask GPIO IRQs during IRQ shutdown (bsc#1051510). - gre: fix uninit-value in __iptunnel_pull_header (networking-stable-20_03_14). - HID: hid-input: clear unmapped usages (git-fixes). - HID: hyperv: Add a module description line (bsc#1172253). - HID: i2c-hid: add Trekstor Primebook C11B to descriptor override (git-fixes). - HID: i2c-hid: override HID descriptors for certain devices (git-fixes). - HID: multitouch: add eGalaxTouch P80H84 support (bsc#1051510). - HID: wacom: Read HID_DG_CONTACTMAX directly for non-generic devices (git-fixes). - hrtimer: Annotate lockless access to timer->state (git fixes (block drivers)). - hsr: add restart routine into hsr_get_node_list() (networking-stable-20_03_28). - hsr: check protocol version in hsr_newlink() (networking-stable-20_04_17). - hsr: fix general protection fault in hsr_addr_is_self() (networking-stable-20_03_28). - hsr: set .netnsok flag (networking-stable-20_03_28). - hsr: use rcu_read_lock() in hsr_get_node_{list/status}() (networking-stable-20_03_28). - i2c: acpi: Force bus speed to 400KHz if a Silead touchscreen is present (git-fixes). - i2c: acpi: put device when verifying client fails (git-fixes). - i2c: brcmstb: remove unused struct member (git-fixes). - i2c: core: Allow empty id_table in ACPI case as well (git-fixes). - i2c: core: decrease reference count of device node in i2c_unregister_device (git-fixes). - i2c: dev: Fix the race between the release of i2c_dev and cdev (bsc#1051510). - i2c: fix missing pm_runtime_put_sync in i2c_device_probe (git-fixes). - i2c-hid: properly terminate i2c_hid_dmi_desc_override_table array (git-fixes). - i2c: i801: Do not add ICH_RES_IO_SMI for the iTCO_wdt device (git-fixes). - i2c: iproc: Stop advertising support of SMBUS quick cmd (git-fixes). - i2c: isch: Remove unnecessary acpi.h include (git-fixes). - i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()' (bsc#1051510). - i2c: st: fix missing struct parameter description (bsc#1051510). - IB/ipoib: Add child to parent list only if device initialized (bsc#1168503). - IB/ipoib: Consolidate checking of the proposed child interface (bsc#1168503). - IB/ipoib: Do not remove child devices from within the ndo_uninit (bsc#1168503). - IB/ipoib: Get rid of IPOIB_FLAG_GOING_DOWN (bsc#1168503). - IB/ipoib: Get rid of the sysfs_mutex (bsc#1168503). - IB/ipoib: Maintain the child_intfs list from ndo_init/uninit (bsc#1168503). - IB/ipoib: Move all uninit code into ndo_uninit (bsc#1168503). - IB/ipoib: Move init code to ndo_init (bsc#1168503). - IB/ipoib: Replace printk with pr_warn (bsc#1168503). - IB/ipoib: Use cancel_delayed_work_sync for neigh-clean task (bsc#1168503). - IB/ipoib: Warn when one port fails to initialize (bsc#1168503). - ibmvnic: Skip fatal error reset after passive init (bsc#1171078 ltc#184239). - iio:ad7797: Use correct attribute_group (bsc#1051510). - iio: adc: stm32-adc: fix device used to request dma (bsc#1051510). - iio: adc: stm32-adc: fix sleep in atomic context (git-fixes). - iio: adc: stm32-adc: Use dma_request_chan() instead dma_request_slave_channel() (bsc#1051510). - iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()' (bsc#1051510). - iio: sca3000: Remove an erroneous 'get_device()' (bsc#1051510). - iio: xilinx-xadc: Fix ADC-B powerdown (bsc#1051510). - iio: xilinx-xadc: Fix clearing interrupt when enabling trigger (bsc#1051510). - iio: xilinx-xadc: Fix sequencer configuration for aux channels in simultaneous mode (bsc#1051510). - ima: Fix return value of ima_write_policy() (git-fixes). - Input: evdev - call input_flush_device() on release(), not flush() (bsc#1051510). - Input: hyperv-keyboard - add module description (bsc#1172253). - Input: i8042 - add Acer Aspire 5738z to nomux list (bsc#1051510). - Input: i8042 - add ThinkPad S230u to i8042 reset list (bsc#1051510). - Input: raydium_i2c_ts - use true and false for boolean values (bsc#1051510). - Input: synaptics-rmi4 - fix error return code in rmi_driver_probe() (bsc#1051510). - Input: synaptics-rmi4 - really fix attn_data use-after-free (git-fixes). - Input: usbtouchscreen - add support for BonXeon TP (bsc#1051510). - Input: xpad - add custom init packet for Xbox One S controllers (bsc#1051510). - iommu/amd: Call domain_flush_complete() in update_domain() (bsc#1172096). - iommu/amd: Do not flush Device Table in iommu_map_page() (bsc#1172097). - iommu/amd: Do not loop forever when trying to increase address space (bsc#1172098). - iommu/amd: Fix legacy interrupt remapping for x2APIC-enabled system (bsc#1172099). - iommu/amd: Fix over-read of ACPI UID from IVRS table (bsc#1172101). - iommu/amd: Fix race in increase_address_space()/fetch_pte() (bsc#1172102). - iommu/amd: Update Device Table in increase_address_space() (bsc#1172103). - iommu: Fix reference count leak in iommu_group_alloc (bsc#1172397). - ipmi: fix hung processes in __get_guid() (git-fixes). - ipv4: fix a RCU-list lock in fib_triestat_seq_show (networking-stable-20_04_02). - ipv6/addrconf: call ipv6_mc_up() for non-Ethernet interface (networking-stable-20_03_14). - ipv6: do not auto-add link-local address to lag ports (networking-stable-20_04_09). - ipv6: Fix nlmsg_flags when splitting a multipath route (networking-stable-20_03_01). - ipv6: Fix route replacement with dev-only route (networking-stable-20_03_01). - ipvlan: add cond_resched_rcu() while processing muticast backlog (networking-stable-20_03_14). - ipvlan: do not deref eth hdr before checking it's set (networking-stable-20_03_14). - ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast() (networking-stable-20_03_14). - iwlwifi: pcie: actually release queue memory in TVQM (bsc#1051510). - kabi fix for early XHCI debug (git-fixes). - kabi for for md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (git-fixes). - kabi, protect struct ib_device (bsc#1168503). - kabi/severities: Do not track KVM internal symbols. - kabi/severities: Ingnore get_dev_data() The function is internal to the AMD IOMMU driver and must not be called by any third party. - kabi workaround for snd_rawmidi buffer_ref field addition (git-fixes). - KEYS: reaching the keys quotas correctly (bsc#1051510). - KVM: arm64: Change hyp_panic()s dependency on tpidr_el2 (bsc#1133021). - KVM: arm64: Stop save/restoring host tpidr_el1 on VHE (bsc#1133021). - KVM: Check validity of resolved slot when searching memslots (bsc#1172104). - KVM: s390: vsie: Fix delivery of addressing exceptions (git-fixes). - KVM: s390: vsie: Fix possible race when shadowing region 3 tables (git-fixes). - KVM: s390: vsie: Fix region 1 ASCE sanity shadow address checks (git-fixes). - KVM: SVM: Fix potential memory leak in svm_cpu_init() (bsc#1171736). - KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1152489). - l2tp: Allow management of tunnels and session in user namespace (networking-stable-20_04_17). - libata: Remove extra scsi_host_put() in ata_scsi_add_hosts() (bsc#1051510). - libata: Return correct status in sata_pmp_eh_recover_pm() when ATA_DFLAG_DETACH is set (bsc#1051510). - lib: raid6: fix awk build warnings (git fixes (block drivers)). - lib/raid6/test: fix build on distros whose /bin/sh is not bash (git fixes (block drivers)). - lib/stackdepot.c: fix global out-of-bounds in stack_slabs (git fixes (block drivers)). - locks: print unsigned ino in /proc/locks (bsc#1171951). - mac80211: add ieee80211_is_any_nullfunc() (bsc#1051510). - mac80211_hwsim: Use kstrndup() in place of kasprintf() (bsc#1051510). - mac80211: mesh: fix discovery timer re-arming issue / crash (bsc#1051510). - macsec: avoid to set wrong mtu (bsc#1051510). - macsec: restrict to ethernet devices (networking-stable-20_03_28). - macvlan: add cond_resched() during multicast processing (networking-stable-20_03_14). - macvlan: fix null dereference in macvlan_device_event() (bsc#1051510). - md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (git-fixes). - md/raid0: Fix an error message in raid0_make_request() (git fixes (block drivers)). - md/raid10: prevent access of uninitialized resync_pages offset (git-fixes). - media: dvb: return -EREMOTEIO on i2c transfer failure (bsc#1051510). - media: platform: fcp: Set appropriate DMA parameters (bsc#1051510). - media: ti-vpe: cal: fix disable_irqs to only the intended target (git-fixes). - mei: release me_cl object reference (bsc#1051510). - mlxsw: Fix some IS_ERR() vs NULL bugs (networking-stable-20_04_27). - mlxsw: spectrum_flower: Do not stop at FLOW_ACTION_VLAN_MANGLE (networking-stable-20_04_09). - mmc: atmel-mci: Fix debugfs on 64-bit platforms (git-fixes). - mmc: dw_mmc: Fix debugfs on 64-bit platforms (git-fixes). - mmc: meson-gx: make sure the descriptor is stopped on errors (git-fixes). - mmc: meson-gx: simplify interrupt handler (git-fixes). - mmc: renesas_sdhi: limit block count to 16 bit for old revisions (git-fixes). - mmc: sdhci-esdhc-imx: fix the mask for tuning start point (bsc#1051510). - mmc: sdhci-msm: Clear tuning done flag while hs400 tuning (bsc#1051510). - mmc: sdhci-of-at91: fix memleak on clk_get failure (git-fixes). - mmc: sdhci-pci: Fix eMMC driver strength for BYT-based controllers (bsc#1051510). - mmc: sdhci-xenon: fix annoying 1.8V regulator warning (bsc#1051510). - mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() (bsc#1051510). - mmc: tmio: fix access width of Block Count Register (git-fixes). - mm: thp: handle page cache THP correctly in PageTransCompoundMap (git fixes (block drivers)). - mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer (bsc#1051510). - mtd: spi-nor: cadence-quadspi: add a delay in write sequence (git-fixes). - mtd: spi-nor: enable 4B opcodes for mx66l51235l (git-fixes). - mtd: spi-nor: fsl-quadspi: Do not let -EINVAL on the bus (git-fixes). - mwifiex: avoid -Wstringop-overflow warning (bsc#1051510). - mwifiex: Fix memory corruption in dump_station (bsc#1051510). - net: bcmgenet: correct per TX/RX ring statistics (networking-stable-20_04_27). - net: dsa: b53: Fix ARL register definitions (networking-stable-20_04_27). - net: dsa: b53: Rework ARL bin logic (networking-stable-20_04_27). - net: dsa: bcm_sf2: Do not register slave MDIO bus with OF (networking-stable-20_04_09). - net: dsa: bcm_sf2: Ensure correct sub-node is parsed (networking-stable-20_04_09). - net: dsa: bcm_sf2: Fix overflow checks (git-fixes). - net: dsa: Fix duplicate frames flooded by learning (networking-stable-20_03_28). - net: dsa: mv88e6xxx: fix lockup on warm boot (networking-stable-20_03_14). - net: fec: validate the new settings in fec_enet_set_coalesce() (networking-stable-20_03_14). - net: fib_rules: Correctly set table field when table number exceeds 8 bits (networking-stable-20_03_01). - net: fix race condition in __inet_lookup_established() (bsc#1151794). - net: fq: add missing attribute validation for orphan mask (networking-stable-20_03_14). - net, ip_tunnel: fix interface lookup with no key (networking-stable-20_04_02). - net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin (networking-stable-20_04_17). - net: ipv6: do not consider routes via gateways for anycast address check (networking-stable-20_04_17). - netlink: Use netlink header as base to calculate bad attribute offset (networking-stable-20_03_14). - net: macsec: update SCI upon MAC address change (networking-stable-20_03_14). - net: memcg: fix lockdep splat in inet_csk_accept() (networking-stable-20_03_14). - net: memcg: late association of sock to memcg (networking-stable-20_03_14). - net/mlx4_en: avoid indirect call in TX completion (networking-stable-20_04_27). - net/mlx5: Add new fields to Port Type and Speed register (bsc#1171118). - net/mlx5: Add RoCE RX ICRC encapsulated counter (bsc#1171118). - net/mlx5e: Fix ethtool self test: link speed (bsc#1171118). - net/mlx5e: Move port speed code from en_ethtool.c to en/port.c (bsc#1171118). - net/mlx5: Expose link speed directly (bsc#1171118). - net/mlx5: Expose port speed when possible (bsc#1171118). - net: mvneta: Fix the case where the last poll did not process all rx (networking-stable-20_03_28). - net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node (networking-stable-20_04_27). - net/packet: tpacket_rcv: do not increment ring index on drop (networking-stable-20_03_14). - net: phy: restore mdio regs in the iproc mdio driver (networking-stable-20_03_01). - net: qmi_wwan: add support for ASKEY WWHC050 (networking-stable-20_03_28). - net: revert default NAPI poll timeout to 2 jiffies (networking-stable-20_04_17). - net_sched: cls_route: remove the right filter from hashtable (networking-stable-20_03_28). - net/x25: Fix x25_neigh refcnt leak when receiving frame (networking-stable-20_04_27). - nfc: add missing attribute validation for SE API (networking-stable-20_03_14). - nfc: add missing attribute validation for vendor subcommand (networking-stable-20_03_14). - nfc: pn544: Fix occasional HW initialization failure (networking-stable-20_03_01). - NFC: st21nfca: add missed kfree_skb() in an error path (bsc#1051510). - nfsd4: fix up replay_matches_cache() (git-fixes). - nfsd: Ensure CLONE persists data and metadata changes to the target file (git-fixes). - nfsd: fix delay timer on 32-bit architectures (git-fixes). - nfsd: fix jiffies/time_t mixup in LRU list (git-fixes). - NFS: Directory page cache pages need to be locked when read (git-fixes). - nfsd: memory corruption in nfsd4_lock() (git-fixes). - NFS: Do not call generic_error_remove_page() while holding locks (bsc#1170457). - NFS: Fix memory leaks and corruption in readdir (git-fixes). - NFS: Fix O_DIRECT accounting of number of bytes read/written (git-fixes). - NFS: Fix potential posix_acl refcnt leak in nfs3_set_acl (git-fixes). - NFS: fix racey wait in nfs_set_open_stateid_locked (bsc#1170592). - NFS/flexfiles: Use the correct TCP timeout for flexfiles I/O (git-fixes). - NFS/pnfs: Fix pnfs_generic_prepare_to_resend_writes() (git-fixes). - NFS: Revalidate the file size on a fatal write error (git-fixes). - NFSv4.0: nfs4_do_fsinfo() should not do implicit lease renewals (git-fixes). - NFSv4: Do not allow a cached open with a revoked delegation (git-fixes). - NFSv4: Fix leak of clp->cl_acceptor string (git-fixes). - NFSv4/pnfs: Return valid stateids in nfs_layout_find_inode_by_stateid() (git-fixes). - NFSv4: try lease recovery on NFS4ERR_EXPIRED (git-fixes). - NFSv4.x: Drop the slot if nfs4_delegreturn_prepare waits for layoutreturn (git-fixes). - nl802154: add missing attribute validation for dev_type (networking-stable-20_03_14). - nl802154: add missing attribute validation (networking-stable-20_03_14). - nvme-fc: print proper nvme-fc devloss_tmo value (bsc#1172391). - objtool: Fix stack offset tracking for indirect CFAs (bsc#1169514). - objtool: Fix switch table detection in .text.unlikely (bsc#1169514). - objtool: Make BP scratch register warning more robust (bsc#1169514). - padata: Remove broken queue flushing (git-fixes). - Partially revert 'kfifo: fix kfifo_alloc() and kfifo_init()' (git fixes (block drivers)). - pinctrl: baytrail: Enable pin configuration setting for GPIO chip (git-fixes). - pinctrl: cherryview: Add missing spinlock usage in chv_gpio_irq_handler (git-fixes). - platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA (bsc#1051510). - pNFS: Ensure we do clear the return-on-close layout stateid on fatal errors (git-fixes). - powerpc: Add attributes for setjmp/longjmp (bsc#1065729). - powerpc/pci/of: Parse unassigned resources (bsc#1065729). - powerpc/setup_64: Set cache-line-size based on cache-block-size (bsc#1065729). - powerpc/sstep: Fix DS operand in ld encoding to appropriate value (bsc#1065729). - qede: Fix race between rdma destroy workqueue and link change event (networking-stable-20_03_01). - r8152: check disconnect status after long sleep (networking-stable-20_03_14). - raid6/ppc: Fix build for clang (git fixes (block drivers)). - rcu: locking and unlocking need to always be at least barriers (git fixes (block drivers)). - RDMA/ipoib: Fix use of sizeof() (bsc#1168503). - RDMA/netdev: Fix netlink support in IPoIB (bsc#1168503). - RDMA/netdev: Hoist alloc_netdev_mqs out of the driver (bsc#1168503). - RDMA/netdev: Use priv_destructor for netdev cleanup (bsc#1168503). - Remove 2 git-fixes that cause build issues. (bsc#1171691) - Revert 'ALSA: hda/realtek: Fix pop noise on ALC225' (git-fixes). - Revert 'drm/panel: simple: Add support for Sharp LQ150X1LG11 panels' (bsc#1114279) * offset changes - Revert 'HID: i2c-hid: add Trekstor Primebook C11B to descriptor override' Depends on 9b5c747685982d22efffeafc5ec601bd28f6d78b, which was also reverted. - Revert 'HID: i2c-hid: override HID descriptors for certain devices' This broke i2c-hid.ko's build, there is no way around it without a big file rename or renaming the kernel module. - Revert 'i2c-hid: properly terminate i2c_hid_dmi_desc_override_table' Fixed 9b5c747685982d22efffeafc5ec601bd28f6d78b, which was also reverted. - Revert 'ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()' (bsc#1172221). - rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup() (bsc#1051510). - s390/cio: avoid duplicated 'ADD' uevents (git-fixes). - s390/cio: generate delayed uevent for vfio-ccw subchannels (git-fixes). - s390/cpuinfo: fix wrong output when CPU0 is offline (git-fixes). - s390/diag: fix display of diagnose call statistics (git-fixes). - s390/ftrace: fix potential crashes when switching tracers (git-fixes). - s390/gmap: return proper error code on ksm unsharing (git-fixes). - s390/ism: fix error return code in ism_probe() (git-fixes). - s390/pci: Fix possible deadlock in recover_store() (bsc#1165183 LTC#184103). - s390/pci: Recover handle in clp_set_pci_fn() (bsc#1165183 LTC#184103). - s390/qeth: cancel RX reclaim work earlier (git-fixes). - s390/qeth: do not return -ENOTSUPP to userspace (git-fixes). - s390/qeth: do not warn for napi with 0 budget (git-fixes). - s390/qeth: fix off-by-one in RX copybreak check (git-fixes). - s390/qeth: fix promiscuous mode after reset (git-fixes). - s390/qeth: fix qdio teardown after early init error (git-fixes). - s390/qeth: handle error due to unsupported transport mode (git-fixes). - s390/qeth: handle error when backing RX buffer (git-fixes). - s390/qeth: lock the card while changing its hsuid (git-fixes). - s390/qeth: support net namespaces for L3 devices (git-fixes). - s390/time: Fix clk type in get_tod_clock (git-fixes). - scripts/decodecode: fix trapping instruction formatting (bsc#1065729). - scripts/dtc: Remove redundant YYLOC global declaration (bsc#1160388). - scsi: bnx2i: fix potential use after free (bsc#1171600). - scsi: core: Handle drivers which set sg_tablesize to zero (bsc#1171601) This commit also required: > scsi: core: avoid preallocating big SGL for data - scsi: core: save/restore command resid for error handling (bsc#1171602). - scsi: core: scsi_trace: Use get_unaligned_be*() (bsc#1171604). - scsi: core: try to get module before removing device (bsc#1171605). - scsi: csiostor: Adjust indentation in csio_device_reset (bsc#1171606). - scsi: csiostor: Do not enable IRQs too early (bsc#1171607). - scsi: esas2r: unlock on error in esas2r_nvram_read_direct() (bsc#1171608). - scsi: fnic: fix invalid stack access (bsc#1171609). - scsi: fnic: fix msix interrupt allocation (bsc#1171610). - scsi: ibmvscsi: Fix WARN_ON during event pool release (bsc#1170791 ltc#185128). - scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func (bsc#1171611). - scsi: iscsi: Fix a potential deadlock in the timeout handler (bsc#1171612). - scsi: iscsi: qla4xxx: fix double free in probe (bsc#1171613). - scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences (bsc#1171614). - scsi: lpfc: Fix crash in target side cable pulls hitting WAIT_FOR_UNREG (bsc#1171615). - scsi: megaraid_sas: Do not initiate OCR if controller is not in ready state (bsc#1171616). - scsi: qla2xxx: add ring buffer for tracing debug logs (bsc#1157169). - scsi: qla2xxx: check UNLOADING before posting async work (bsc#1157169). - scsi: qla2xxx: Delete all sessions before unregister local nvme port (bsc#1157169). - scsi: qla2xxx: Do not log message when reading port speed via sysfs (bsc#1157169). - scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV (bsc#1157169). - scsi: qla2xxx: Fix regression warnings (bsc#1157169). - scsi: qla2xxx: Remove non functional code (bsc#1157169). - scsi: qla2xxx: set UNLOADING before waiting for session deletion (bsc#1157169). - scsi: qla4xxx: Adjust indentation in qla4xxx_mem_free (bsc#1171617). - scsi: qla4xxx: fix double free bug (bsc#1171618). - scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI (bsc#1171619). - scsi: sg: add sg_remove_request in sg_common_write (bsc#1171620). - scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6) (bsc#1171621). - scsi: ufs: change msleep to usleep_range (bsc#1171622). - scsi: ufs: Clean up ufshcd_scale_clks() and clock scaling error out path (bsc#1171623). - scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic (bsc#1171624). - scsi: ufs: Fix ufshcd_probe_hba() reture value in case ufshcd_scsi_add_wlus() fails (bsc#1171625). - scsi: ufs: Recheck bkops level if bkops is disabled (bsc#1171626). - scsi: zfcp: fix missing erp_lock in port recovery trigger for point-to-point (git-fixes). - sctp: fix possibly using a bad saddr with a given dst (networking-stable-20_04_02). - sctp: fix refcount bug in sctp_wfree (networking-stable-20_04_02). - sctp: move the format error check out of __sctp_sf_do_9_1_abort (networking-stable-20_03_01). - seq_file: fix problem when seeking mid-record (bsc#1170125). - serial: uartps: Move the spinlock after the read of the tx empty (git-fixes). - sfc: detach from cb_page in efx_copy_channel() (networking-stable-20_03_14). - signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig (bsc#1172185). - slcan: not call free_netdev before rtnl_unlock in slcan_open (networking-stable-20_03_28). - slip: make slhc_compress() more robust against malicious packets (networking-stable-20_03_14). - smb3: Additional compression structures (bsc#1144333). - smb3: Add new compression flags (bsc#1144333). - smb3: change noisy error message to FYI (bsc#1144333). - smb3: enable swap on SMB3 mounts (bsc#1144333). - smb3: Minor cleanup of protocol definitions (bsc#1144333). - smb3: remove overly noisy debug line in signing errors (bsc#1144333). - smb3: smbdirect support can be configured by default (bsc#1144333). - smb3: use SMB2_SIGNATURE_SIZE define (bsc#1144333). - spi: bcm2835: Fix 3-wire mode if DMA is enabled (git-fixes). - spi: bcm63xx-hsspi: Really keep pll clk enabled (bsc#1051510). - spi: bcm-qspi: when tx/rx buffer is NULL set to 0 (bsc#1051510). - spi: dw: Add SPI Rx-done wait method to DMA-based transfer (bsc#1051510). - spi: dw: Add SPI Tx-done wait method to DMA-based transfer (bsc#1051510). - spi: dw: Zero DMA Tx and Rx configurations on stack (bsc#1051510). - spi: fsl: do not map irq during probe (git-fixes). - spi: fsl: use platform_get_irq() instead of of_irq_to_resource() (git-fixes). - spi: pxa2xx: Add CS control clock quirk (bsc#1051510). - spi: qup: call spi_qup_pm_resume_runtime before suspending (bsc#1051510). - spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (git-fixes). - spi: spi-s3c64xx: Fix system resume support (git-fixes). - spi/zynqmp: remove entry that causes a cs glitch (bsc#1051510). - staging: comedi: dt2815: fix writing hi byte of analog output (bsc#1051510). - staging: comedi: Fix comedi_device refcnt leak in comedi_open (bsc#1051510). - staging: iio: ad2s1210: Fix SPI reading (bsc#1051510). - staging: vt6656: Do not set RCR_MULTICAST or RCR_BROADCAST by default (git-fixes). - staging: vt6656: Fix drivers TBTT timing counter (git-fixes). - staging: vt6656: Fix pairwise key entry save (git-fixes). - sunrpc: expiry_time should be seconds not timeval (git-fixes). - SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()' (git-fixes). - supported.conf: Add br_netfilter to base (bsc#1169020). - svcrdma: Fix leak of transport addresses (git-fixes). - taskstats: fix data-race (bsc#1172188). - tcp: cache line align MAX_TCP_HEADER (networking-stable-20_04_27). - tcp: repair: fix TCP_QUEUE_SEQ implementation (networking-stable-20_03_28). - team: add missing attribute validation for array index (networking-stable-20_03_14). - team: add missing attribute validation for port ifindex (networking-stable-20_03_14). - team: fix hang in team_mode_get() (networking-stable-20_04_27). - tools lib traceevent: Remove unneeded qsort and uses memmove instead (git-fixes). - tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send() (bsc#1065729). - tpm/tpm_tis: Free IRQ if probing fails (bsc#1082555). - tpm/tpm_tis: Free IRQ if probing fails (git-fixes). - tracing: Add a vmalloc_sync_mappings() for safe measure (git-fixes). - tracing: Disable trace_printk() on post poned tests (git-fixes). - tracing: Fix the race between registering 'snapshot' event trigger and triggering 'snapshot' operation (git-fixes). - tty: rocket, avoid OOB access (git-fixes). - UAS: fix deadlock in error handling and PM flushing work (git-fixes). - UAS: no use logging any details in case of ENODEV (git-fixes). - USB: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair K70 RGB RAPIDFIRE (git-fixes). - USB: cdc-acm: restore capability check order (git-fixes). - USB: core: Fix misleading driver bug report (bsc#1051510). - USB: dwc3: do not set gadget->is_otg flag (git-fixes). - USB: dwc3: gadget: Do link recovery for SS and SSP (git-fixes). - USB: early: Handle AMD's spec-compliant identifiers, too (git-fixes). - USB: f_fs: Clear OS Extended descriptor counts to zero in ffs_data_reset() (git-fixes). - USB: gadget: audio: Fix a missing error return value in audio_bind() (git-fixes). - USB: gadget: composite: Inform controller driver of self-powered (git-fixes). - USB: gadget: legacy: fix error return code in cdc_bind() (git-fixes). - USB: gadget: legacy: fix error return code in gncm_bind() (git-fixes). - USB: gadget: legacy: fix redundant initialization warnings (bsc#1051510). - USB: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()' (git-fixes). - USB: gadget: udc: atmel: Fix vbus disconnect handling (git-fixes). - USB: gadget: udc: atmel: Make some symbols static (git-fixes). - USB: gadget: udc: bdc: Remove unnecessary NULL checks in bdc_req_complete (git-fixes). - USB: host: xhci-plat: keep runtime active when removing host (git-fixes). - USB: hub: Fix handling of connect changes during sleep (git-fixes). - usbnet: silence an unnecessary warning (bsc#1170770). - USB: serial: garmin_gps: add sanity checking for data length (git-fixes). - USB: serial: option: add BroadMobi BM806U (git-fixes). - USB: serial: option: add support for ASKEY WWHC050 (git-fixes). - USB: serial: option: add Wistron Neweb D19Q1 (git-fixes). - USB: serial: qcserial: Add DW5816e support (git-fixes). - USB: sisusbvga: Change port variable from signed to unsigned (git-fixes). - usb-storage: Add unusual_devs entry for JMicron JMS566 (git-fixes). - USB: uas: add quirk for LaCie 2Big Quadra (git-fixes). - USB: xhci: Fix NULL pointer dereference when enqueuing trbs from urb sg list (git-fixes). - video: fbdev: sis: Remove unnecessary parentheses and commented code (bsc#1114279) - video: fbdev: w100fb: Fix a potential double free (bsc#1051510). - vrf: Check skb for XFRM_TRANSFORMED flag (networking-stable-20_04_27). - vt: ioctl, switch VT_IS_IN_USE and VT_BUSY to inlines (git-fixes). - vt: selection, introduce vc_is_sel (git-fixes). - vt: vt_ioctl: fix race in VT_RESIZEX (git-fixes). - vt: vt_ioctl: fix use-after-free in vt_in_use() (git-fixes). - vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (git-fixes). - vxlan: check return value of gro_cells_init() (networking-stable-20_03_28). - watchdog: reset last_hw_keepalive time at start (git-fixes). - wcn36xx: Fix error handling path in 'wcn36xx_probe()' (bsc#1051510). - wil6210: remove reset file from debugfs (git-fixes). - wimax/i2400m: Fix potential urb refcnt leak (bsc#1051510). - workqueue: do not use wq_select_unbound_cpu() for bound works (bsc#1172130). - x86/entry/64: Fix unwind hints in kernel exit path (bsc#1058115). - x86/entry/64: Fix unwind hints in register clearing code (bsc#1058115). - x86/entry/64: Fix unwind hints in rewind_stack_do_exit() (bsc#1058115). - x86/entry/64: Fix unwind hints in __switch_to_asm() (bsc#1058115). - x86/Hyper-V: Allow guests to enable InvariantTSC (bsc#1170620). - x86/Hyper-V: Free hv_panic_page when fail to register kmsg dump (bsc#1170618). - x86/Hyper-V: Report crash data in die() when panic_on_oops is set (bsc#1170618). - x86/Hyper-V: Report crash register data or kmsg before running crash kernel (bsc#1170618). - x86/Hyper-V: Report crash register data when sysctl_record_panic_msg is not set (bsc#1170618). - x86:Hyper-V: report value of misc_features (git-fixes). - x86/Hyper-V: Trigger crash enlightenment only once during system crash (bsc#1170618). - x86/Hyper-V: Unload vmbus channel in hv panic callback (bsc#1170618). - x86/kprobes: Avoid kretprobe recursion bug (bsc#1114279). - x86/resctrl: Fix invalid attempt at removing the default resource group (git-fixes). - x86/resctrl: Preserve CDP enable over CPU hotplug (bsc#1114279). - x86/unwind/orc: Do not skip the first frame for inactive tasks (bsc#1058115). - x86/unwind/orc: Fix error handling in __unwind_start() (bsc#1058115). - x86/unwind/orc: Fix error path for bad ORC entry type (bsc#1058115). - x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks (bsc#1058115). - x86/unwind/orc: Prevent unwinding before ORC initialization (bsc#1058115). - x86/unwind: Prevent false warnings for non-current tasks (bsc#1058115). - x86/xen: fix booting 32-bit pv guest (bsc#1071995). - x86/xen: Make the boot CPU idle task reliable (bsc#1071995). - x86/xen: Make the secondary CPU idle tasks reliable (bsc#1071995). - xen/pci: reserve MCFG areas earlier (bsc#1170145). - xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish (networking-stable-20_04_27). - xfs: Correctly invert xfs_buftarg LRU isolation logic (git-fixes). - xfs: do not ever return a stale pointer from __xfs_dir3_free_read (git-fixes). - xprtrdma: Fix completion wait during device removal (git-fixes). Important SUSE bug 1051510 SUSE bug 1058115 SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1082555 SUSE bug 1089895 SUSE bug 1111666 SUSE bug 1114279 SUSE bug 1133021 SUSE bug 1144333 SUSE bug 1151794 SUSE bug 1152489 SUSE bug 1154824 SUSE bug 1157169 SUSE bug 1158265 SUSE bug 1160388 SUSE bug 1160947 SUSE bug 1165183 SUSE bug 1165741 SUSE bug 1166969 SUSE bug 1167574 SUSE bug 1167851 SUSE bug 1168503 SUSE bug 1168670 SUSE bug 1169020 SUSE bug 1169514 SUSE bug 1169525 SUSE bug 1170056 SUSE bug 1170125 SUSE bug 1170145 SUSE bug 1170345 SUSE bug 1170457 SUSE bug 1170522 SUSE bug 1170592 SUSE bug 1170618 SUSE bug 1170620 SUSE bug 1170770 SUSE bug 1170778 SUSE bug 1170791 SUSE bug 1170901 SUSE bug 1171078 SUSE bug 1171098 SUSE bug 1171118 SUSE bug 1171189 SUSE bug 1171191 SUSE bug 1171195 SUSE bug 1171202 SUSE bug 1171205 SUSE bug 1171217 SUSE bug 1171218 SUSE bug 1171219 SUSE bug 1171220 SUSE bug 1171293 SUSE bug 1171417 SUSE bug 1171527 SUSE bug 1171599 SUSE bug 1171600 SUSE bug 1171601 SUSE bug 1171602 SUSE bug 1171604 SUSE bug 1171605 SUSE bug 1171606 SUSE bug 1171607 SUSE bug 1171608 SUSE bug 1171609 SUSE bug 1171610 SUSE bug 1171611 SUSE bug 1171612 SUSE bug 1171613 SUSE bug 1171614 SUSE bug 1171615 SUSE bug 1171616 SUSE bug 1171617 SUSE bug 1171618 SUSE bug 1171619 SUSE bug 1171620 SUSE bug 1171621 SUSE bug 1171622 SUSE bug 1171623 SUSE bug 1171624 SUSE bug 1171625 SUSE bug 1171626 SUSE bug 1171679 SUSE bug 1171691 SUSE bug 1171694 SUSE bug 1171695 SUSE bug 1171736 SUSE bug 1171761 SUSE bug 1171948 SUSE bug 1171949 SUSE bug 1171951 SUSE bug 1171952 SUSE bug 1171982 SUSE bug 1171983 SUSE bug 1172096 SUSE bug 1172097 SUSE bug 1172098 SUSE bug 1172099 SUSE bug 1172101 SUSE bug 1172102 SUSE bug 1172103 SUSE bug 1172104 SUSE bug 1172127 SUSE bug 1172130 SUSE bug 1172185 SUSE bug 1172188 SUSE bug 1172199 SUSE bug 1172221 SUSE bug 1172253 SUSE bug 1172317 SUSE bug 1172342 SUSE bug 1172343 SUSE bug 1172344 SUSE bug 1172366 SUSE bug 1172391 SUSE bug 1172397 SUSE bug 1172453 CVE-2018-1000199 CVE-2019-19462 CVE-2019-20806 CVE-2019-20812 CVE-2019-9455 CVE-2020-0543 CVE-2020-10690 CVE-2020-10711 CVE-2020-10720 CVE-2020-10732 CVE-2020-10751 CVE-2020-10757 CVE-2020-12114 CVE-2020-12464 CVE-2020-12652 CVE-2020-12653 CVE-2020-12654 CVE-2020-12655 CVE-2020-12656 CVE-2020-12657 CVE-2020-12768 CVE-2020-12769 CVE-2020-13143 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for libEMF fixes the following issues: - CVE-2020-11863: Fixed an issue which could have led to denial of service (bsc#1171496). - CVE-2020-11864: Fixed an issue which could have led to denial of service (bsc#1171499). - CVE-2020-11865: Fixed an out of bounds memory access (bsc#1171497). - CVE-2020-11866: Fixed a use after free (bsc#1171498). Important SUSE bug 1171496 SUSE bug 1171497 SUSE bug 1171498 SUSE bug 1171499 CVE-2020-11863 CVE-2020-11864 CVE-2020-11865 CVE-2020-11866 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for gegl fixes the following issues: - CVE-2018-10113: The process function in operations/external/ppm-load.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure. (bsc#1089731) Moderate SUSE bug 1089731 CVE-2018-10113 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for guile fixes the following issues: - CVE-2016-8605: Fixed thread-unsafe umask modification (bsc#1004221). Low SUSE bug 1004221 CVE-2016-8605 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for xawtv fixes the following issues: - CVE-2020-13696: Fixed an issue in setuid-root program that which could have allowed arbitrary file existence tests and open() with O_RDWR (bsc#1171655). Moderate SUSE bug 1171655 CVE-2020-13696 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for libreoffice to 6.4.4.2 fixes the following issues: Security issue fixed: - CVE-2020-12801: Fixed an issue with encrypted MSOffice documents that could be accidentally saved unencrypted (bsc#1171997). Non-security issues fixed: - Elements on title page mixed up (bsc#1160687). - Image shadow that should be invisible shown as extraneous line below (bsc#1165870). Moderate SUSE bug 1160687 SUSE bug 1165870 SUSE bug 1167463 SUSE bug 1171997 CVE-2020-12801 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for mariadb-100 fixes the following issues: mariadb-100 was updated to version 10.0.44 (bsc#1171550) - CVE-2020-2752: Fixed an issue which could have resulted in unauthorized ability to cause denial of service. - CVE-2020-2812: Fixed an issue which could have resulted in unauthorized ability to cause denial of service. - Fixed some test failures Moderate SUSE bug 1171550 CVE-2020-2752 CVE-2020-2812 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for openconnect fixes the following issues: - CVE-2020-12823: Fixed a buffer overflow via crafted certificate data which could have led to denial of service (bsc#1171862). Moderate SUSE bug 1171862 CVE-2020-12823 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for python-reportlab fixes the following issues: - CVE-2019-17626: Fixed a potential remote code execution because of the lack of input sanitization in toColor() (bsc#1154370). Important SUSE bug 1154370 CVE-2019-17626 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update libreoffice and libraries fixes the following issues: LibreOffice was updated to 6.3.3 (jsc#SLE-8705), bringing many bug and stability fixes. More information for the 6.3 release at: https://wiki.documentfoundation.org/ReleaseNotes/6.3 Security issue fixed: - CVE-2019-9853: Fixed an issue where by executing macros, the security settings could have been bypassed (bsc#1152684). Other issues addressed: - Dropped disable-kde4 switch, since it is no longer known by configure - Disabled gtk2 because it will be removed in future releases - librelogo is now a standalone sub-package (bsc#1144522). - Partial fixes for an issue where Table(s) from DOCX showed wrong position or color (bsc#1061210). cmis-client was updated to 0.5.2: * Removed header for Uuid's sha1 header(bsc#1105173). * Fixed Google Drive login * Added support for Google Drive two-factor authentication * Fixed access to SharePoint root folder * Limited the maximal number of redirections to 20 * Switched library implementation to C++11 (the API remains C++98-compatible) * Fixed encoding of OAuth2 credentials * Dropped cppcheck run from 'make check'. A new 'make cppcheck' target was created for it * Added proper API symbol exporting * Speeded up building of tests a bit * Fixed a few issues found by coverity and cppcheck libixion was updated to 0.15.0: * Updated for new liborcus * Switched to spdlog for compile-time debug log outputs * Fixed various issues libmwaw was updated 0.3.15: * Fixed fuzzing issues liborcus was updated to 0.15.3: * Fixed various xml related bugs * Improved performance * Fixed multiple parser issues * Added map and structure mode to orcus-json * Other improvements and fixes mdds was updated to 1.5.0: * API changed to 1.5 * Moved the API incompatibility notes from README to the rst doc. * Added the overview section for flat_segment_tree. myspell-dictionaries was updated to 20191016: * Updated Slovenian thesaurus * Updated the da_DK dictionary * Removed the abbreviations from Thai hunspell dictionary * Updated the English dictionaries * Fixed the logo management for 'ca' spdlog was updated to 0.16.3: * Fixed sleep issue under MSVC that happens when changing the clock backwards * Ensured that macros always expand to expressions * Added global flush_on function bluez changes: * lib: Changed bluetooth.h to compile in strict C gperf was updated to 3.1: * The generated C code is now in ANSI-C by default. * Added option --constants-prefix. * Added declaration %define constants-prefix. Moderate SUSE bug 1061210 SUSE bug 1105173 SUSE bug 1144522 SUSE bug 1152684 CVE-2019-9853 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for ImageMagick fixes the following issues: Security issue fixed: - CVE-2019-19948: Fixed a heap-based buffer overflow in WriteSGIImage() (bsc#1159861). - CVE-2019-19949: Fixed a heap-based buffer over-read in WritePNGImage() (bsc#1160369). Non-security issue fixed: - Fixed an issue where converting tiff to png would lead to unviewable files (bsc#1161194). Moderate SUSE bug 1159861 SUSE bug 1160369 SUSE bug 1161194 CVE-2019-19948 CVE-2019-19949 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for libvpx fixes the following issues: - CVE-2019-9232: Fixed an out of bound memory access (bsc#1160613). - CVE-2019-9433: Fixdd a use-after-free in vp8_deblock() (bsc#1160614). Moderate SUSE bug 1160613 SUSE bug 1160614 CVE-2019-9232 CVE-2019-9433 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for mariadb-100 fixes the following issues: MariaDB was updated to version 10.0.40-3 (bsc#1162388). Security issue fixed: - CVE-2020-2574: Fixed a difficult to exploit vulnerability that allowed an attacker to crash the client (bsc#1162388). Moderate SUSE bug 1162388 CVE-2020-2574 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-2732: Fixed an issue affecting Intel CPUs where an L2 guest may trick the L0 hypervisor into accessing sensitive L1 resources (bsc#1163971). - CVE-2019-19338: There was an incomplete fix for an issue with Transactional Synchronisation Extensions in the KVM code (bsc#1158954). - CVE-2019-14615: An information disclosure vulnerability existed due to insufficient control flow in certain data structures for some Intel(R) Processors (bnc#1160195). - CVE-2019-14896: A heap overflow was found in the add_ie_rates() function of the Marvell Wifi Driver (bsc#1157157). - CVE-2019-14897: A stack overflow was found in the lbs_ibss_join_existing() function of the Marvell Wifi Driver (bsc#1157155). - CVE-2019-15213: A use-after-free bug caused by a malicious USB device was found in drivers/media/usb/dvb-usb/dvb-usb-init.c (bsc#1146544). - CVE-2019-16994: A memory leak existed in sit_init_net() in net/ipv6/sit.c which might have caused denial of service, aka CID-07f12b26e21a (bnc#1161523). - CVE-2019-18808: A memory leak in drivers/crypto/ccp/ccp-ops.c allowed attackers to cause a denial of service (memory consumption), aka CID-128c66429247 (bnc#1156259). - CVE-2019-19036: An issue discovered in btrfs_root_node in fs/btrfs/ctree.c allowed a NULL pointer dereference because rcu_dereference(root->node) can be zero (bnc#1157692). - CVE-2019-19045: A memory leak in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c allowed attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7 (bnc#1161522). - CVE-2019-19051: A memory leak in drivers/net/wimax/i2400m/op-rfkill.c allowed attackers to cause a denial of service (memory consumption), aka CID-6f3ef5c25cc7 (bnc#1159024). - CVE-2019-19054: A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c allowed attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b (bnc#1161518). - CVE-2019-19066: A memory leak in drivers/scsi/bfa/bfad_attr.c allowed attackers to cause a denial of service (memory consumption), aka CID-0e62395da2bd (bnc#1157303). - CVE-2019-19318: Mounting a crafted btrfs image twice could have caused a use-after-free (bnc#1158026). - CVE-2019-19319: A slab-out-of-bounds write access could have occured when setxattr was called after mounting of a specially crafted ext4 image (bnc#1158021). - CVE-2019-19332: An out-of-bounds memory write issue was found in the way the KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could have used this flaw to crash the system (bnc#1158827). - CVE-2019-19447: Mounting a crafted ext4 filesystem image, performing some operations, and unmounting could have led to a use-after-free in fs/ext4/super.c (bnc#1158819). - CVE-2019-19523: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79 (bsc#1158823). - CVE-2019-19524: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9 (bsc#1158413). - CVE-2019-19525: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035 (bsc#1158417). - CVE-2019-19526: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098 (bsc#1158893). - CVE-2019-19527: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e (bsc#1158900). - CVE-2019-19528: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d (bsc#1158407). - CVE-2019-19529: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41 (bnc#1158381). - CVE-2019-19530: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef (bsc#1158410). - CVE-2019-19531: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca (bsc#1158445). - CVE-2019-19532: There were multiple out-of-bounds write bugs that can be caused by a malicious USB HID device, aka CID-d9d4b1e46d95 (bsc#1158824). - CVE-2019-19533: There was an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464 (bsc#1158834). - CVE-2019-19534: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29 (bsc#1158398). - CVE-2019-19535: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042 (bsc#1158903). - CVE-2019-19536: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0 (bsc#1158394). - CVE-2019-19537: There was a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9 (bsc#1158904). - CVE-2019-19543: There was a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (bnc#1158427). - CVE-2019-19767: There were multiple use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163 (bnc#1159297). - CVE-2019-19965: There was a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5 (bnc#1159911). - CVE-2019-19966: There was a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that could have caused a denial of service, aka CID-dea37a972655 (bnc#1159841). - CVE-2019-20054: There was a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e (bnc#1159910). - CVE-2019-20095: Several memory leaks were found in drivers/net/wireless/marvell/mwifiex/cfg80211.c, aka CID-003b686ace82 (bnc#1159909). - CVE-2019-20096: There was a memory leak in __feat_register_sp() in net/dccp/feat.c, aka CID-1d3ff0950e2b (bnc#1159908). - CVE-2020-7053: There was a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c (bnc#1160966). - CVE-2020-8428: There was a use-after-free bug in fs/namei.c, which allowed local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9 (bnc#1162109). - CVE-2020-8648: There was a use-after-free vulnerability in the n_tty_receive_buf_common function in drivers/tty/n_tty.c (bnc#1162928). - CVE-2020-8992: An issue was discovered in ext4_protect_reserved_inode in fs/ext4/block_validity.c that allowed attackers to cause a soft lockup via a crafted journal size (bnc#1164069). The following non-security bugs were fixed: - 6pack,mkiss: fix possible deadlock (bsc#1051510). - ACPI / APEI: Do not wait to serialise with oops messages when panic()ing (bsc#1051510). - ACPI / APEI: Switch estatus pool to use vmalloc memory (bsc#1051510). - ACPI / LPSS: Ignore acpi_device_fix_up_power() return value (bsc#1051510). - ACPI / video: Add force_none quirk for Dell OptiPlex 9020M (bsc#1051510). - ACPI / watchdog: Fix init failure with overlapping register regions (bsc#1162557). - ACPI / watchdog: Set default timeout in probe (bsc#1162557). - ACPI: bus: Fix NULL pointer check in acpi_bus_get_private_data() (bsc#1051510). - ACPI: fix acpi_find_child_device() invocation in acpi_preset_companion() (bsc#1051510). - ACPI: OSL: only free map once in osl.c (bsc#1051510). - ACPI: PM: Avoid attaching ACPI PM domain to certain devices (bsc#1051510). - ACPI: sysfs: Change ACPI_MASKABLE_GPE_MAX to 0x100 (bsc#1051510). - ACPI: video: Do not export a non working backlight interface on MSI MS-7721 boards (bsc#1051510). - ACPI: watchdog: Allow disabling WDAT at boot (bsc#1162557). - af_packet: set defaule value for tmo (bsc#1051510). - ALSA: control: remove useless assignment in .info callback of PCM chmap element (git-fixes). - ALSA: echoaudio: simplify get_audio_levels (bsc#1051510). - ALSA: fireface: fix return value in error path of isochronous resources reservation (bsc#1051510). - ALSA: hda - Add docking station support for Lenovo Thinkpad T420s (git-fixes). - ALSA: hda - Downgrade error message for single-cmd fallback (git-fixes). - ALSA: hda/analog - Minor optimization for SPDIF mux connections (git-fixes). - ALSA: hda/ca0132 - Avoid endless loop (git-fixes). - ALSA: hda/ca0132 - Fix work handling in delayed HP detection (git-fixes). - ALSA: hda/ca0132 - Keep power on during processing DSP response (git-fixes). - ALSA: hda/hdmi - Add new pci ids for AMD GPU display audio (git-fixes). - ALSA: hda/hdmi - add retry logic to parse_intel_hdmi() (git-fixes). - ALSA: hda/hdmi - fix atpx_present when CLASS is not VGA (bsc#1051510). - ALSA: hda/hdmi - Fix duplicate unref of pci_dev (bsc#1051510). - ALSA: hda/hdmi - fix vgaswitcheroo detection for AMD (git-fixes). - ALSA: hda/realtek - Add headset Mic no shutup for ALC283 (bsc#1051510). - ALSA: hda/realtek - Dell headphone has noise on unmute for ALC236 (git-fixes). - ALSA: hda/realtek - Fix silent output on MSI-GL73 (git-fixes). - ALSA: hda/realtek - Line-out jack does not work on a Dell AIO (bsc#1051510). - ALSA: hda: Add Clevo W65_67SB the power_save blacklist (git-fixes). - ALSA: hda: Reset stream if DMA RUN bit not cleared (bsc#1111666). - ALSA: hda: Use scnprintf() for printing texts for sysfs/procfs (git-fixes). - ALSA: ice1724: Fix sleep-in-atomic in Infrasonic Quartet support code (bsc#1051510). - ALSA: oxfw: fix return value in error path of isochronous resources reservation (bsc#1051510). - ALSA: pcm: Avoid possible info leaks from PCM stream buffers (git-fixes). - ALSA: pcm: oss: Avoid potential buffer overflows (git-fixes). - ALSA: seq: Avoid concurrent access to queue flags (git-fixes). - ALSA: seq: Fix concurrent access to queue current tick/time (git-fixes). - ALSA: seq: Fix racy access for queue timer in proc read (bsc#1051510). - ALSA: sh: Fix compile warning wrt const (git-fixes). - ALSA: usb-audio: Apply sample rate quirk for Audioengine D1 (git-fixes). - ALSA: usb-audio: fix set_format altsetting sanity check (bsc#1051510). - ALSA: usb-audio: fix sync-ep altsetting sanity check (bsc#1051510). - apparmor: fix unsigned len comparison with less than zero (git-fixes). - ar5523: check NULL before memcpy() in ar5523_cmd() (bsc#1051510). - arm64: Revert support for execute-only user mappings (bsc#1160218). - ASoC: au8540: use 64-bit arithmetic instead of 32-bit (bsc#1051510). - ASoC: compress: fix unsigned integer overflow check (bsc#1051510). - ASoC: cs4349: Use PM ops 'cs4349_runtime_pm' (bsc#1051510). - ASoC: Jack: Fix NULL pointer dereference in snd_soc_jack_report (bsc#1051510). - ASoC: msm8916-wcd-analog: Fix selected events for MIC BIAS External1 (bsc#1051510). - ASoC: sun8i-codec: Fix setting DAI data format (git-fixes). - ASoC: wm8962: fix lambda value (git-fixes). - ata: ahci: Add shutdown to freeze hardware resources of ahci (bsc#1164388). - ath10k: fix fw crash by moving chip reset after napi disabled (bsc#1051510). - ath6kl: Fix off by one error in scan completion (bsc#1051510). - ath9k: fix storage endpoint lookup (git-fixes). - atl1e: checking the status of atl1e_write_phy_reg (bsc#1051510). - audit: Allow auditd to set pid to 0 to end auditing (bsc#1158094). - batman-adv: Fix DAT candidate selection on little endian systems (bsc#1051510). - bcache: add code comment bch_keylist_pop() and bch_keylist_pop_front() (bsc#1163762). - bcache: add code comments for state->pool in __btree_sort() (bsc#1163762). - bcache: add code comments in bch_btree_leaf_dirty() (bsc#1163762). - bcache: add cond_resched() in __bch_cache_cmp() (bsc#1163762). - bcache: add idle_max_writeback_rate sysfs interface (bsc#1163762). - bcache: add more accurate error messages in read_super() (bsc#1163762). - bcache: add readahead cache policy options via sysfs interface (bsc#1163762). - bcache: at least try to shrink 1 node in bch_mca_scan() (bsc#1163762). - bcache: avoid unnecessary btree nodes flushing in btree_flush_write() (bsc#1163762). - bcache: check return value of prio_read() (bsc#1163762). - bcache: deleted code comments for dead code in bch_data_insert_keys() (bsc#1163762). - bcache: do not export symbols (bsc#1163762). - bcache: explicity type cast in bset_bkey_last() (bsc#1163762). - bcache: fix a lost wake-up problem caused by mca_cannibalize_lock (bsc#1163762). - bcache: Fix an error code in bch_dump_read() (bsc#1163762). - bcache: fix deadlock in bcache_allocator (bsc#1163762). - bcache: fix incorrect data type usage in btree_flush_write() (bsc#1163762). - bcache: fix memory corruption in bch_cache_accounting_clear() (bsc#1163762). - bcache: fix static checker warning in bcache_device_free() (bsc#1163762). - bcache: ignore pending signals when creating gc and allocator thread (bsc#1163762, bsc#1112504). - bcache: print written and keys in trace_bcache_btree_write (bsc#1163762). - bcache: reap c->btree_cache_freeable from the tail in bch_mca_scan() (bsc#1163762). - bcache: reap from tail of c->btree_cache in bch_mca_scan() (bsc#1163762). - bcache: remove macro nr_to_fifo_front() (bsc#1163762). - bcache: remove member accessed from struct btree (bsc#1163762). - bcache: remove the extra cflags for request.o (bsc#1163762). - bcache: Revert 'bcache: shrink btree node cache after bch_btree_check()' (bsc#1163762, bsc#1112504). - bcma: remove set but not used variable 'sizel' (git-fixes). - blk-mq: avoid sysfs buffer overflow with too many CPU cores (bsc#1163840). - blk-mq: make sure that line break can be printed (bsc#1164098). - Bluetooth: Fix race condition in hci_release_sock() (bsc#1051510). - Bluetooth: hci_bcm: Handle specific unknown packets after firmware loading (bsc#1051510). - bonding: fix active-backup transition after link failure (git-fixes). - bonding: fix potential NULL deref in bond_update_slave_arr (bsc#1051510). - bonding: fix slave stuck in BOND_LINK_FAIL state (networking-stable-19_11_10). - bonding: fix state transition issue in link monitoring (networking-stable-19_11_10). - bonding: fix unexpected IFF_BONDING bit unset (bsc#1051510). - bpf: Make use of probe_user_write in probe write helper (bsc#1083647). - brcmfmac: fix interface sanity check (git-fixes). - brcmfmac: Fix memory leak in brcmf_usbdev_qinit (git-fixes). - brcmfmac: Fix use after free in brcmf_sdio_readframes() (git-fixes). - btrfs: abort transaction after failed inode updates in create_subvol (bsc#1161936). - btrfs: add missing extents release on file extent cluster relocation error (bsc#1159483). - btrfs: avoid fallback to transaction commit during fsync of files with holes (bsc#1159569). - btrfs: dev-replace: remove warning for unknown return codes when finished (dependency for bsc#1162067). - btrfs: do not call synchronize_srcu() in inode_tree_del (bsc#1161934). - btrfs: do not double lock the subvol_sem for rename exchange (bsc#1162943). - btrfs: Ensure we trim ranges across block group boundary (bsc#1151910). - btrfs: fix block group remaining RO forever after error during device replace (bsc#1160442). - btrfs: fix btrfs_write_inode vs delayed iput deadlock (bsc#1154243). - btrfs: fix infinite loop during fsync after rename operations (bsc#1163383). - btrfs: fix infinite loop during nocow writeback due to race (bsc#1160804). - btrfs: fix integer overflow in calc_reclaim_items_nr (bsc#1160433). - btrfs: fix missing data checksums after replaying a log tree (bsc#1161931). - btrfs: fix negative subv_writers counter and data space leak after buffered write (bsc#1160802). - btrfs: fix race between adding and putting tree mod seq elements and nodes (bsc#1163384). - btrfs: fix removal logic of the tree mod log that leads to use-after-free issues (bsc#1160803). - btrfs: fix selftests failure due to uninitialized i_mode in test inodes (Fix for dependency of bsc#1157692). - btrfs: handle ENOENT in btrfs_uuid_tree_iterate (bsc#1161937). - btrfs: harden agaist duplicate fsid on scanned devices (bsc#1134973). - btrfs: inode: Verify inode mode to avoid NULL pointer dereference (dependency for bsc#1157692). - btrfs: make tree checker detect checksum items with overlapping ranges (bsc#1161931). - btrfs: Move btrfs_check_chunk_valid() to tree-check.[ch] and export it (dependency for bsc#1157692). - btrfs: record all roots for rename exchange on a subvol (bsc#1161933). - btrfs: relocation: fix reloc_root lifespan and access (bsc#1159588). - btrfs: scrub: Require mandatory block group RO for dev-replace (bsc#1162067). - btrfs: send, skip backreference walking for extents with many references (bsc#1162139). - btrfs: simplify inode locking for RWF_NOWAIT (git-fixes). - btrfs: skip log replay on orphaned roots (bsc#1161935). - btrfs: tree-checker: Check chunk item at tree block read time (dependency for bsc#1157692). - btrfs: tree-checker: Check level for leaves and nodes (dependency for bsc#1157692). - btrfs: tree-checker: Enhance chunk checker to validate chunk profile (dependency for bsc#1157692). - btrfs: tree-checker: Fix wrong check on max devid (fixes for dependency of bsc#1157692). - btrfs: tree-checker: get fs_info from eb in block_group_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_block_group_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_csum_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_dev_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_dir_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_extent_data_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_inode_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_leaf (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in check_leaf_item (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in chunk_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in dev_item_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in dir_item_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in file_extent_err (dependency for bsc#1157692). - btrfs: tree-checker: get fs_info from eb in generic_err (dependency for bsc#1157692). - btrfs: tree-checker: Make btrfs_check_chunk_valid() return EUCLEAN instead of EIO (dependency for bsc#1157692). - btrfs: tree-checker: Make chunk item checker messages more readable (dependency for bsc#1157692). - btrfs: tree-checker: Verify dev item (dependency for bsc#1157692). - btrfs: tree-checker: Verify inode item (dependency for bsc#1157692). - btrfs: volumes: Use more straightforward way to calculate map length (bsc#1151910). - can, slip: Protect tty->disc_data in write_wakeup and close with RCU (bsc#1051510). - can: can_dropped_invalid_skb(): ensure an initialized headroom in outgoing CAN sk_buffs (bsc#1051510). - can: c_can: D_CAN: c_can_chip_config(): perform a sofware reset on open (bsc#1051510). - can: gs_usb: gs_usb_probe(): use descriptors of current altsetting (bsc#1051510). - can: mscan: mscan_rx_poll(): fix rx path lockup when returning from polling to irq mode (bsc#1051510). - can: peak_usb: report bus recovery as well (bsc#1051510). - can: rx-offload: can_rx_offload_irq_offload_fifo(): continue on error (bsc#1051510). - can: rx-offload: can_rx_offload_irq_offload_timestamp(): continue on error (bsc#1051510). - can: rx-offload: can_rx_offload_offload_one(): increment rx_fifo_errors on queue overflow or OOM (bsc#1051510). - can: rx-offload: can_rx_offload_offload_one(): use ERR_PTR() to propagate error value in case of errors (bsc#1051510). - can: slcan: Fix use-after-free Read in slcan_open (bsc#1051510). - CDC-NCM: handle incomplete transfer of MTU (networking-stable-19_11_10). - cdrom: respect device capabilities during opening action (boo#1164632). - cfg80211/mac80211: make ieee80211_send_layer2_update a public function (bsc#1051510). - cfg80211: check for set_wiphy_params (bsc#1051510). - cfg80211: fix page refcount issue in A-MSDU decap (bsc#1051510). - cgroup,writeback: do not switch wbs immediately on dead wbs if the memcg is dead (bsc#1158645). - cgroup: pids: use atomic64_t for pids->limit (bsc#1161514). - chardev: Avoid potential use-after-free in 'chrdev_open()' (bsc#1163849). - cifs: add support for flock (bsc#1144333). - cifs: Close cached root handle only if it had a lease (bsc#1144333). - cifs: Close open handle after interrupted close (bsc#1144333). - cifs: close the shared root handle on tree disconnect (bsc#1144333). - cifs: Do not miss cancelled OPEN responses (bsc#1144333). - cifs: Fix lookup of root ses in DFS referral cache (bsc#1144333). - cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1144333). - cifs: fix mount option display for sec=krb5i (bsc#1161907). - cifs: Fix mount options set in automount (bsc#1144333). - cifs: Fix NULL pointer dereference in mid callback (bsc#1144333). - cifs: Fix NULL-pointer dereference in smb2_push_mandatory_locks (bsc#1144333). - cifs: Fix potential softlockups while refreshing DFS cache (bsc#1144333). - cifs: Fix retrieval of DFS referrals in cifs_mount() (bsc#1144333). - cifs: Fix use-after-free bug in cifs_reconnect() (bsc#1144333). - cifs: Properly process SMB3 lease breaks (bsc#1144333). - cifs: remove set but not used variables 'cinode' and 'netfid' (bsc#1144333). - cifs: Respect O_SYNC and O_DIRECT flags during reconnect (bsc#1144333). - clk: Do not try to enable critical clocks if prepare failed (bsc#1051510). - clk: mmp2: Fix the order of timer mux parents (bsc#1051510). - clk: qcom: rcg2: Do not crash if our parent can't be found; return an error (bsc#1051510). - clk: rockchip: fix I2S1 clock gate register for rk3328 (bsc#1051510). - clk: rockchip: fix ID of 8ch clock of I2S1 for rk3328 (bsc#1051510). - clk: rockchip: fix rk3188 sclk_mac_lbtest parameter ordering (bsc#1051510). - clk: rockchip: fix rk3188 sclk_smc gate data (bsc#1051510). - clk: sunxi-ng: add mux and pll notifiers for A64 CPU clock (bsc#1051510). - clk: sunxi: sun9i-mmc: Implement reset callback for reset controls (bsc#1051510). - clk: tegra: Mark fuse clock as critical (bsc#1051510). - clocksource/drivers/bcm2835_timer: Fix memory leak of timer (bsc#1051510). - clocksource: Prevent double add_timer_on() for watchdog_timer (bsc#1051510). - closures: fix a race on wakeup from closure_sync (bsc#1163762). - compat_ioctl: handle SIOCOUTQNSD (bsc#1051510). - configfs_register_group() shouldn't be (and isn't) called in rmdirable parts (bsc#1051510). - copy/pasted 'Recommends:' instead of 'Provides:', 'Obsoletes:' and 'Conflicts: - Cover up kABI breakage due to DH key verification (bsc#1155331). - crypto: af_alg - Use bh_lock_sock in sk_destruct (bsc#1051510). - crypto: api - Check spawn->alg under lock in crypto_drop_spawn (bsc#1051510). - crypto: api - Fix race condition in crypto_spawn_alg (bsc#1051510). - crypto: atmel-sha - fix error handling when setting hmac key (bsc#1051510). - crypto: ccp - fix uninitialized list head (bsc#1051510). - crypto: chelsio - fix writing tfm flags to wrong place (bsc#1051510). - crypto: dh - add public key verification test (bsc#1155331). - crypto: dh - fix calculating encoded key size (bsc#1155331). - crypto: dh - fix memory leak (bsc#1155331). - crypto: dh - update test for public key verification (bsc#1155331). - crypto: DRBG - add FIPS 140-2 CTRNG for noise source (bsc#1155334). - crypto: ecdh - add public key verification test (bsc#1155331). - crypto: ecdh - fix typo of P-192 b value (bsc#1155331). - crypto: mxc-scc - fix build warnings on ARM64 (bsc#1051510). - crypto: pcrypt - Do not clear MAY_SLEEP flag in original request (bsc#1051510). - crypto: picoxcell - adjust the position of tasklet_init and fix missed tasklet_kill (bsc#1051510). - crypto: reexport crypto_shoot_alg() (bsc#1051510, kABI fix). - cxgb4: request the TX CIDX updates to status page (bsc#1127371). - dma-buf: Fix memory leak in sync_file_merge() (git-fixes). - dma-mapping: fix return type of dma_set_max_seg_size() (bsc#1051510). - dmaengine: coh901318: Fix a double-lock bug (bsc#1051510). - dmaengine: coh901318: Remove unused variable (bsc#1051510). - dmaengine: Fix access to uninitialized dma_slave_caps (bsc#1051510). - Documentation: Document arm64 kpti control (bsc#1162623). - drivers/base/memory.c: cache blocks in radix tree to accelerate lookup (bsc#1159955 ltc#182993). - drivers/base/memory.c: do not access uninitialized memmaps in soft_offline_page_store() (bsc#1051510). - drivers/base/platform.c: kmemleak ignore a known leak (bsc#1051510). - drivers/regulator: fix a missing check of return value (bsc#1051510). - drm/amdgpu: add function parameter description in 'amdgpu_gart_bind' (bsc#1051510). - drm/amdgpu: fix bad DMA from INTERRUPT_CNTL2 (bsc#1114279) - drm/amdgpu: remove 4 set but not used variable in amdgpu_atombios_get_connector_info_from_object_table (bsc#1051510). - drm/amdgpu: remove always false comparison in 'amdgpu_atombios_i2c_process_i2c_ch' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'amdgpu_connector' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'dig' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'dig_connector' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'mc_shared_chmap' (bsc#1051510). - drm/amdgpu: remove set but not used variable 'mc_shared_chmap' from 'gfx_v6_0.c' and 'gfx_v7_0.c' (bsc#1051510). - drm/dp_mst: correct the shifting in DP_REMOTE_I2C_READ (bsc#1051510). - drm/fb-helper: Round up bits_per_pixel if possible (bsc#1051510). - drm/i810: Prevent underflow in ioctl (bsc#1114279) - drm/i915: Add missing include file <linux/math64.h> (bsc#1051510). - drm/i915: Fix pid leak with banned clients (bsc#1114279) - drm/mst: Fix MST sideband up-reply failure handling (bsc#1051510). - drm/nouveau/secboot/gm20b: initialize pointer in gm20b_secboot_new() (bsc#1051510). - drm/nouveau: Fix copy-paste error in nouveau_fence_wait_uevent_handler (bsc#1051510). - drm/qxl: Return error if fbdev is not 32 bpp (bsc#1159028) - drm/radeon: fix r1xx/r2xx register checker for POT textures (bsc#1114279) - drm/rockchip: lvds: Fix indentation of a #define (bsc#1051510). - drm/rockchip: Round up _before_ giving to the clock framework (bsc#1114279) - drm/vmwgfx: prevent memory leak in vmw_cmdbuf_res_add (bsc#1051510). - drm: bridge: dw-hdmi: constify copied structure (bsc#1051510). - drm: limit to INT_MAX in create_blob ioctl (bsc#1051510). - drm: meson: venc: cvbs: fix CVBS mode matching (bsc#1051510). - drm: panel-lvds: Potential Oops in probe error handling (bsc#1114279) - e1000e: Add support for Comet Lake (bsc#1158533). - e1000e: Add support for Tiger Lake (bsc#1158533). - e1000e: Increase pause and refresh time (bsc#1158533). - e100: Fix passing zero to 'PTR_ERR' warning in e100_load_ucode_wait (bsc#1051510). - ecryptfs_lookup_interpose(): lower_dentry->d_inode is not stable (bsc#1158646). - ecryptfs_lookup_interpose(): lower_dentry->d_parent is not stable either (bsc#1158647). - EDAC/ghes: Fix locking and memory barrier issues (bsc#1114279). EDAC/ghes: Do not warn when incrementing refcount on 0 (bsc#1114279). - Enable CONFIG_BLK_DEV_SR_VENDOR (boo#1164632). - enic: prevent waking up stopped tx queues over watchdog reset (bsc#1133147). - exit: panic before exit_mm() on global init exit (bsc#1161549). - ext2: check err when partial != NULL (bsc#1163859). - ext4, jbd2: ensure panic when aborting with zero errno (bsc#1163853). - ext4: check for directory entries too close to block end (bsc#1163861). - ext4: fix a bug in ext4_wait_for_tail_page_commit (bsc#1163841). - ext4: fix checksum errors with indexed dirs (bsc#1160979). - ext4: fix deadlock allocating crypto bounce page from mempool (bsc#1163842). - ext4: Fix mount failure with quota configured as module (bsc#1164471). - ext4: fix punch hole for inline_data file systems (bsc#1158640). - ext4: improve explanation of a mount failure caused by a misconfigured kernel (bsc#1163843). - ext4: update direct I/O read lock pattern for IOCB_NOWAIT (bsc#1158639). - extcon: max8997: Fix lack of path setting in USB device mode (bsc#1051510). - firestream: fix memory leaks (bsc#1051510). - fix autofs regression caused by follow_managed() changes (bsc#1159271). - fix dget_parent() fastpath race (bsc#1159271). - Fix partial checked out tree build ... so that bisection does not break. - Fix the locking in dcache_readdir() and friends (bsc#1123328). - fjes: fix missed check in fjes_acpi_add (bsc#1051510). - fs/namei.c: fix missing barriers when checking positivity (bsc#1159271). - fs/namei.c: pull positivity check into follow_managed() (bsc#1159271). - fs/open.c: allow opening only regular files during execve() (bsc#1163845). - fs: cifs: Fix atime update check vs mtime (bsc#1144333). - fscrypt: do not set policy for a dead directory (bsc#1163846). - ftrace: Add comment to why rcu_dereference_sched() is open coded (git-fixes). - ftrace: Avoid potential division by zero in function profiler (bsc#1160784). - ftrace: Introduce PERMANENT ftrace_ops flag (bsc#1120853). - ftrace: Protect ftrace_graph_hash with ftrace_sync (git-fixes). - genirq/proc: Return proper error code when irq_set_affinity() fails (bnc#1105392). - genirq: Prevent NULL pointer dereference in resend_irqs() (bsc#1051510). - genirq: Properly pair kobject_del() with kobject_add() (bsc#1051510). - gpio: Fix error message on out-of-range GPIO in lookup table (bsc#1051510). - gtp: avoid zero size hashtable (networking-stable-20_01_01). - gtp: do not allow adding duplicate tid and ms_addr pdp context (networking-stable-20_01_01). - gtp: fix an use-after-free in ipv4_pdp_find() (networking-stable-20_01_01). - gtp: fix wrong condition in gtp_genl_dump_pdp() (networking-stable-20_01_01). - HID: doc: fix wrong data structure reference for UHID_OUTPUT (bsc#1051510). - HID: hidraw, uhid: Always report EPOLLOUT (bsc#1051510). - HID: hidraw: Fix returning EPOLLOUT from hidraw_poll (bsc#1051510). - HID: intel-ish-hid: fixes incorrect error handling (bsc#1051510). - HID: uhid: Fix returning EPOLLOUT from uhid_char_poll (bsc#1051510). - hidraw: Return EPOLLOUT from hidraw_poll (bsc#1051510). - hwmon: (adt7475) Make volt2reg return same reg as reg2volt input (bsc#1051510). - hwmon: (core) Do not use device managed functions for memory allocations (bsc#1051510). - hwmon: (nct7802) Fix voltage limits to wrong registers (bsc#1051510). - hwmon: (pmbus/ltc2978) Fix PMBus polling of MFR_COMMON definitions (bsc#1051510). - hwrng: stm32 - fix unbalanced pm_runtime_enable (bsc#1051510). - i2c: imx: do not print error message on probe defer (bsc#1051510). - ibmveth: Detect unsupported packets before sending to the hypervisor (bsc#1159484 ltc#182983). - ibmvnic: Bound waits for device queries (bsc#1155689 ltc#182047). - ibmvnic: Fix completion structure initialization (bsc#1155689 ltc#182047). - ibmvnic: Serialize device queries (bsc#1155689 ltc#182047). - ibmvnic: Terminate waiting device threads after loss of service (bsc#1155689 ltc#182047). - idr: Fix idr_alloc_u32 on 32-bit systems (bsc#1051510). - iio: adc: max9611: Fix too short conversion time delay (bsc#1051510). - iio: buffer: align the size of scan bytes to size of the largest element (bsc#1051510). - inet: protect against too small mtu values (networking-stable-19_12_16). - init: add arch_call_rest_init to allow stack switching (jsc#SLE-11179). - Input: aiptek - fix endpoint sanity check (bsc#1051510). - Input: cyttsp4_core - fix use after free bug (bsc#1051510). - Input: goodix - add upside-down quirk for Teclast X89 tablet (bsc#1051510). - Input: gtco - fix endpoint sanity check (bsc#1051510). - Input: keyspan-remote - fix control-message timeouts (bsc#1051510). - Input: pegasus_notetaker - fix endpoint sanity check (bsc#1051510). - Input: pm8xxx-vib - fix handling of separate enable register (bsc#1051510). - Input: rmi_f54 - read from FIFO in 32 byte blocks (bsc#1051510). - Input: sun4i-ts - add a check for devm_thermal_zone_of_sensor_register (bsc#1051510). - Input: sur40 - fix interface sanity checks (bsc#1051510). - Input: synaptics - switch another X1 Carbon 6 to RMI/SMbus (bsc#1051510). - Input: synaptics-rmi4 - do not increment rmiaddr for SMBus transfers (bsc#1051510). - Input: synaptics-rmi4 - simplify data read in rmi_f54_work (bsc#1051510). - iomap: Fix pipe page leakage during splicing (bsc#1158651). - iommu/amd: Fix IOMMU perf counter clobbering during init (bsc#1162617). - iommu/arm-smmu-v3: Populate VMID field for CMDQ_OP_TLBI_NH_VA (bsc#1164314). - iommu/io-pgtable-arm: Fix race handling in split_blk_unmap() (bsc#1164115). - iommu/vt-d: Unlink device if failed to add to group (bsc#1160756). - iommu: Remove device link to group on failure (bsc#1160755). - ipv4: Fix table id reference in fib_sync_down_addr (networking-stable-19_11_10). - iwlegacy: ensure loop counter addr does not wrap and cause an infinite loop (git-fixes). - iwlwifi: do not throw error when trying to remove IGTK (bsc#1051510). - iwlwifi: mvm: fix NVM check for 3168 devices (bsc#1051510). - iwlwifi: mvm: Send non offchannel traffic via AP sta (bsc#1051510). - iwlwifi: mvm: synchronize TID queue removal (bsc#1051510). - jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info when load journal (bsc#1163862). - jbd2: do not clear the BH_Mapped flag when forgetting a metadata buffer (bsc#1163836). - jbd2: Fix possible overflow in jbd2_log_space_left() (bsc#1163860). - jbd2: make sure ESHUTDOWN to be recorded in the journal superblock (bsc#1163863). - jbd2: move the clearing of b_modified flag to the journal_unmap_buffer() (bsc#1163880). - jbd2: switch to use jbd2_journal_abort() when failed to submit the commit record (bsc#1163852). - kABI workaround for can/skb.h inclusion (bsc#1051510). - kABI: add _q suffix to exports that take struct dh (bsc#1155331). - kABI: protect struct sctp_ep_common (kabi). - kconfig: fix broken dependency in randconfig-generated .config (bsc#1051510). - kernel-binary.spec.in: do not recommend firmware for kvmsmall and azure flavor (boo#1161360). - kernel/trace: Fix do not unregister tracepoints when register sched_migrate_task fail (bsc#1160787). - kernfs: Fix range checks in kernfs_get_target_path (bsc#1051510). - kexec: bail out upon SIGKILL when allocating memory (git-fixes). - KVM: Clean up __kvm_gfn_to_hva_cache_init() and its callers (bsc#1133021). - KVM: fix spectrev1 gadgets (bsc#1164705). - KVM: PPC: Book3S HV: Uninit vCPU if vcore creation fails (bsc#1061840). - KVM: PPC: Book3S PR: Fix -Werror=return-type build failure (bsc#1061840). - KVM: PPC: Book3S PR: Free shared page if mmu initialization fails (bsc#1061840). - KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl (git-fixes). - KVM: s390: Test for bad access register and size at the start of S390_MEM_OP (git-fixes). - KVM: SVM: Guard against DEACTIVATE when performing WBINVD/DF_FLUSH (bsc#1114279). - KVM: SVM: Override default MMIO mask if memory encryption is enabled (bsc#1162618). - KVM: SVM: Serialize access to the SEV ASID bitmap (bsc#1114279). - KVM: x86: Host feature SSBD does not imply guest feature SPEC_CTRL_SSBD (bsc#1160476). - KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks (bsc#1164734). - KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks (bsc#1164728). - KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks (bsc#1164729). - KVM: x86: Protect kvm_hv_msr_[get|set]_crash_data() from Spectre-v1/L1TF attacks (bsc#1164712). - KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks (bsc#1164730). - KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks in x86.c (bsc#1164733). - KVM: x86: Protect MSR-based index computations in fixed_msr_to_seg_unit() from Spectre-v1/L1TF attacks (bsc#1164731). - KVM: x86: Protect MSR-based index computations in pmu.h from Spectre-v1/L1TF attacks (bsc#1164732). - KVM: x86: Protect pmu_intel.c from Spectre-v1/L1TF attacks (bsc#1164735). - KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks (bsc#1164705). - KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks (bsc#1164727). - KVM: x86: Remove a spurious export of a static function (bsc#1158954). - leds: Allow to call led_classdev_unregister() unconditionally (bsc#1161674). - leds: class: ensure workqueue is initialized before setting brightness (bsc#1161674). - lib/scatterlist.c: adjust indentation in __sg_alloc_table (bsc#1051510). - lib/test_kasan.c: fix memory leak in kmalloc_oob_krealloc_more() (bsc#1051510). - lib: crc64: include <linux/crc64.h> for 'crc64_be' (bsc#1163762). - livepatch/samples/selftest: Use klp_shadow_alloc() API correctly (bsc#1071995). - livepatch/selftest: Clean up shadow variable names and type (bsc#1071995). - livepatch: Allow to distinguish different version of system state changes (bsc#1071995). - livepatch: Basic API to track system state changes (bsc#1071995 ). - livepatch: Keep replaced patches until post_patch callback is called (bsc#1071995). - livepatch: Selftests of the API for tracking system state changes (bsc#1071995). - livepatch: Simplify stack trace retrieval (jsc#SLE-11179). - loop: fix no-unmap write-zeroes request behavior (bsc#1158637). - mac80211: Do not send Layer 2 Update frame before authorization (bsc#1051510). - mac80211: fix station inactive_time shortly after boot (bsc#1051510). - mac80211: Fix TKIP replay protection immediately after key setup (bsc#1051510). - mac80211: mesh: restrict airtime metric to peered established plinks (bsc#1051510). - macvlan: do not assume mac_header is set in macvlan_broadcast() (bsc#1051510). - macvlan: use skb_reset_mac_header() in macvlan_queue_xmit() (bsc#1051510). - mailbox: mailbox-test: fix null pointer if no mmio (bsc#1051510). - media/v4l2-core: set pages dirty upon releasing DMA buffers (bsc#1051510). - media: af9005: uninitialized variable printked (bsc#1051510). - media: cec.h: CEC_OP_REC_FLAG_ values were swapped (bsc#1051510). - media: cec: CEC 2.0-only bcast messages were ignored (git-fixes). - media: cec: report Vendor ID after initialization (bsc#1051510). - media: digitv: do not continue if remote control state can't be read (bsc#1051510). - media: dvb-usb/dvb-usb-urb.c: initialize actlen to 0 (bsc#1051510). - media: exynos4-is: fix wrong mdev and v4l2 dev order in error path (git-fixes). - media: gspca: zero usb_buf (bsc#1051510). - media: iguanair: fix endpoint sanity check (bsc#1051510). - media: ov6650: Fix control handler not freed on init error (git-fixes). - media: ov6650: Fix crop rectangle alignment not passed back (git-fixes). - media: ov6650: Fix incorrect use of JPEG colorspace (git-fixes). - media: pulse8-cec: fix lost cec_transmit_attempt_done() call. - media: pulse8-cec: return 0 when invalidating the logical address (bsc#1051510). - media: stkwebcam: Bugfix for wrong return values (bsc#1051510). - media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors (bsc#1051510). - media: uvcvideo: Fix error path in control parsing failure (git-fixes). - media: v4l2-ctrl: fix flags for DO_WHITE_BALANCE (bsc#1051510). - media: v4l2-ioctl.c: zero reserved fields for S/TRY_FMT (bsc#1051510). - media: v4l2-rect.h: fix v4l2_rect_map_inside() top/left adjustments (bsc#1051510). - mei: bus: prefix device names on bus with the bus name (bsc#1051510). - mfd: da9062: Fix watchdog compatible string (bsc#1051510). - mfd: dln2: More sanity checking for endpoints (bsc#1051510). - mfd: rn5t618: Mark ADC control register volatile (bsc#1051510). - missing escaping of backslashes in macro expansions Fixes: f3b74b0ae86b ('rpm/kernel-subpackage-spec: Unify dependency handling.') Fixes: 3fd22e219f77 ('rpm/kernel-subpackage-spec: Fix empty Recommends tag (bsc#1143959)') - mlx5: add parameter to disable enhanced IPoIB (bsc#1142095) - mm, memory_hotplug: do not clear numa_node association after hot_remove (bnc#1115026). - mm/page-writeback.c: fix range_cyclic writeback vs writepages deadlock (bsc#1159394). - mm: memory_hotplug: use put_device() if device_register fail (bsc#1159955 ltc#182993). - mmc: mediatek: fix CMD_TA to 2 for MT8173 HS200/HS400 mode (bsc#1051510). - mmc: sdhci-of-esdhc: fix P2020 errata handling (bsc#1051510). - mmc: sdhci-of-esdhc: Revert 'mmc: sdhci-of-esdhc: add erratum A-009204 support' (bsc#1051510). - mmc: sdhci: fix minimum clock rate for v3 controller (bsc#1051510). - mmc: spi: Toggle SPI polarity, do not hardcode it (bsc#1051510). - mmc: tegra: fix SDR50 tuning override (bsc#1051510). - moduleparam: fix parameter description mismatch (bsc#1051510). - mod_devicetable: fix PHY module format (networking-stable-19_12_28). - mtd: fix mtd_oobavail() incoherent returned value (bsc#1051510). - mwifiex: debugfs: correct histogram spacing, formatting (bsc#1051510). - mwifiex: drop most magic numbers from mwifiex_process_tdls_action_frame() (git-fixes). - mwifiex: fix potential NULL dereference and use after free (bsc#1051510). - namei: only return -ECHILD from follow_dotdot_rcu() (bsc#1163851). - nbd: prevent memory leak (bsc#1158638). - net/ibmvnic: Fix typo in retry check (bsc#1155689 ltc#182047). - net/mlx4_en: fix mlx4 ethtool -N insertion (networking-stable-19_11_25). - net/mlx5: prevent memory leak in mlx5_fpga_conn_create_cq (bsc#1046303). - net/mlx5e: Fix set vf link state error flow (networking-stable-19_11_25). - net/mlx5e: Fix SFF 8472 eeprom length (git-fixes). - net/mlxfw: Fix out-of-memory error in mfa2 flash burning (bsc#1051858). - net/sched: act_pedit: fix WARN() in the traffic path (networking-stable-19_11_25). - net: bridge: deny dev_set_mac_address() when unregistering (networking-stable-19_12_16). - net: cdc_ncm: Signedness bug in cdc_ncm_set_dgram_size() (git-fixes). - net: dst: Force 4-byte alignment of dst_metrics (networking-stable-19_12_28). - net: ena: fix napi handler misbehavior when the napi budget is zero (networking-stable-20_01_01). - net: ethernet: octeon_mgmt: Account for second possible VLAN header (networking-stable-19_11_10). - net: ethernet: ti: cpsw: fix extra rx interrupt (networking-stable-19_12_16). - net: fix data-race in neigh_event_send() (networking-stable-19_11_10). - net: hisilicon: Fix a BUG trigered by wrong bytes_compl (networking-stable-19_12_28). - net: nfc: nci: fix a possible sleep-in-atomic-context bug in nci_uart_tty_receive() (networking-stable-19_12_28). - net: phy: at803x: Change error to EINVAL for invalid MAC (bsc#1051510). - net: phy: broadcom: Use strlcpy() for ethtool::get_strings (bsc#1051510). - net: phy: Check against net_device being NULL (bsc#1051510). - net: phy: dp83867: Set up RGMII TX delay (bsc#1051510). - net: phy: Fix not to call phy_resume() if PHY is not attached (bsc#1051510). - net: phy: Fix the register offsets in Broadcom iProc mdio mux driver (bsc#1051510). - net: phy: fixed_phy: Fix fixed_phy not checking GPIO (bsc#1051510). - net: phy: marvell: clear wol event before setting it (bsc#1051510). - net: phy: marvell: Use strlcpy() for ethtool::get_strings (bsc#1051510). - net: phy: meson-gxl: check phy_write return value (bsc#1051510). - net: phy: micrel: Use strlcpy() for ethtool::get_strings (bsc#1051510). - net: phy: mscc: read 'vsc8531, edge-slowdown' as an u32 (bsc#1051510). - net: phy: mscc: read 'vsc8531,vddmac' as an u32 (bsc#1051510). - net: phy: xgene: disable clk on error paths (bsc#1051510). - net: phy: xgmiitorgmii: Check phy_driver ready before accessing (bsc#1051510). - net: phy: xgmiitorgmii: Check read_status results (bsc#1051510). - net: phy: xgmiitorgmii: Support generic PHY status read (bsc#1051510). - net: psample: fix skb_over_panic (networking-stable-19_12_03). - net: qlogic: Fix error paths in ql_alloc_large_buffers() (networking-stable-19_12_28). - net: rtnetlink: prevent underflows in do_setvfinfo() (networking-stable-19_11_25). - net: sched: correct flower port blocking (git-fixes). - net: sched: fix `tc -s class show` no bstats on class with nolock subqueues (networking-stable-19_12_03). - net: usb: lan78xx: Fix suspend/resume PHY register access error (networking-stable-19_12_28). - net: usb: lan78xx: limit size of local TSO packets (bsc#1051510). - net: usb: qmi_wwan: add support for DW5821e with eSIM support (networking-stable-19_11_10). - net: usb: qmi_wwan: add support for Foxconn T77W968 LTE modules (networking-stable-19_11_18). - netfilter: nf_queue: enqueue skbs with NULL dst (git-fixes). - new helper: lookup_positive_unlocked() (bsc#1159271). - NFC: fdp: fix incorrect free object (networking-stable-19_11_10). - NFC: pn533: fix bulk-message timeout (bsc#1051510). - NFC: pn544: Adjust indentation in pn544_hci_check_presence (git-fixes). - NFC: st21nfca: fix double free (networking-stable-19_11_10). - nvme: fix the parameter order for nvme_get_log in nvme_get_fw_slot_info (bsc#1163774). - ocfs2: fix panic due to ocfs2_wq is null (bsc#1158644). - ocfs2: fix passing zero to 'PTR_ERR' warning (bsc#1158649). - openvswitch: drop unneeded BUG_ON() in ovs_flow_cmd_build_info() (networking-stable-19_12_03). - openvswitch: remove another BUG_ON() (networking-stable-19_12_03). - openvswitch: support asymmetric conntrack (networking-stable-19_12_16). - orinoco_usb: fix interface sanity check (git-fixes). - PCI/IOV: Fix memory leak in pci_iov_add_virtfn() (git-fixes). - PCI/MSI: Fix incorrect MSI-X masking on resume (bsc#1051510). - PCI/MSI: Return -ENOSPC from pci_alloc_irq_vectors_affinity() (bsc#1051510). - PCI/PTM: Remove spurious 'd' from granularity message (bsc#1051510). - PCI/switchtec: Fix vep_vector_number ioread width (bsc#1051510). - PCI: Add DMA alias quirk for Intel VCA NTB (bsc#1051510). - PCI: Apply Cavium ACS quirk to ThunderX2 and ThunderX3 (bsc#1051510). - PCI: Do not disable bridge BARs when assigning bus resources (bsc#1051510). - PCI: dwc: Fix find_next_bit() usage (bsc#1051510). - PCI: Fix Intel ACS quirk UPDCR register address (bsc#1051510). - PCI: rcar: Fix missing MACCTLR register setting in initialization sequence (bsc#1051510). - PCI: tegra: Enable Relaxed Ordering only for Tegra20 & Tegra30 (git-fixes). - percpu: Separate decrypted varaibles anytime encryption can be enabled (bsc#1114279). - perf/x86/intel: Fix inaccurate period in context switch for auto-reload (bsc#1164315). - phy: qualcomm: Adjust indentation in read_poll_timeout (bsc#1051510). - pinctrl: qcom: ssbi-gpio: fix gpio-hog related boot issues (bsc#1051510). - pinctrl: sh-pfc: r8a7778: Fix duplicate SDSELF_B and SD1_CLK_B (bsc#1051510). - pinctrl: xway: fix gpio-hog related boot issues (bsc#1051510). - pktcdvd: remove warning on attempting to register non-passthrough dev (bsc#1051510). - platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0 (bsc#1051510). - platform/x86: hp-wmi: Fix ACPI errors caused by passing 0 as input size (bsc#1051510). - platform/x86: hp-wmi: Fix ACPI errors caused by too small buffer (bsc#1051510). - platform/x86: hp-wmi: Make buffer for HPWMI_FEATURE2_QUERY 128 bytes (bsc#1051510). - platform/x86: pmc_atom: Add Siemens CONNECT X300 to critclk_systems DMI table (bsc#1051510). - PM / AVS: SmartReflex: NULL check before some freeing functions is not needed (bsc#1051510). - PM / Domains: Deal with multiple states but no governor in genpd (bsc#1051510). - power: supply: ltc2941-battery-gauge: fix use-after-free (bsc#1051510). - powerpc/archrandom: fix arch_get_random_seed_int() (bsc#1065729). - powerpc/irq: fix stack overflow verification (bsc#1065729). - powerpc/livepatch: return -ERRNO values in save_stack_trace_tsk_reliable() (bsc#1071995 bsc#1161875). - powerpc/mm: drop #ifdef CONFIG_MMU in is_ioremap_addr() (bsc#1065729). - powerpc/mm: Remove kvm radix prefetch workaround for Power9 DD2.2 (bsc#1061840). - powerpc/pkeys: remove unused pkey_allows_readwrite (bsc#1065729). - powerpc/powernv: Disable native PCIe port management (bsc#1065729). - powerpc/pseries/hotplug-memory: Change rc variable to bool (bsc#1065729). - powerpc/pseries/lparcfg: Fix display of Maximum Memory (bsc#1162028 ltc#181740). - powerpc/pseries/mobility: notify network peers after migration (bsc#1152631 ltc#181798). - powerpc/pseries/vio: Fix iommu_table use-after-free refcount warning (bsc#1065729). - powerpc/pseries: Advance pfn if section is not present in lmb_is_removable() (bsc#1065729). - powerpc/pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce for DDW (bsc#1065729). - powerpc/pseries: Drop pointless static qualifier in vpa_debugfs_init() (git-fixes). - powerpc/security: Fix debugfs data leak on 32-bit (bsc#1065729). - powerpc/tm: Fix clearing MSR[TS] in current when reclaiming on signal delivery (bsc#1118338 ltc#173734). - powerpc/tools: Do not quote $objdump in scripts (bsc#1065729). - powerpc/xive: Discard ESB load value when interrupt is invalid (bsc#1085030). - powerpc/xive: Skip ioremap() of ESB pages for LSI interrupts (bsc#1085030). - powerpc/xmon: do not access ASDR in VMs (bsc#1065729). - powerpc: Allow 64bit VDSO __kernel_sync_dicache to work across ranges >4GB (bnc#1151927 5.3.17). - powerpc: Allow flush_icache_range to work across ranges >4GB (bnc#1151927 5.3.17). - powerpc: avoid adjusting memory_limit for capture kernel memory reservation (bsc#1140025 ltc#176086). - powerpc: Fix vDSO clock_getres() (bsc#1065729). - powerpc: reserve memory for capture kernel after hugepages init (bsc#1140025 ltc#176086). - ppp: Adjust indentation into ppp_async_input (git-fixes). - prevent active file list thrashing due to refault detection (VM Performance, bsc#1156286). - printk: Export console_printk (bsc#1071995). - pstore/ram: Write new dumps to start of recycled zones (bsc#1051510). - pwm: Clear chip_data in pwm_put() (bsc#1051510). - pwm: clps711x: Fix period calculation (bsc#1051510). - pwm: omap-dmtimer: Remove PWM chip in .remove before making it unfunctional (git-fixes). - pwm: Remove set but not set variable 'pwm' (git-fixes). - pxa168fb: Fix the function used to release some memory in an error (bsc#1114279) - qede: Disable hardware gro when xdp prog is installed (bsc#1086314 bsc#1086313 bsc#1086301 ). - qede: Fix multicast mac configuration (networking-stable-19_12_28). - qede: fix NULL pointer deref in __qede_remove() (networking-stable-19_11_10). - qmi_wwan: Add support for Quectel RM500Q (bsc#1051510). - quota: Check that quota is not dirty before release (bsc#1163858). - quota: fix livelock in dquot_writeback_dquots (bsc#1163857). - r8152: add missing endpoint sanity check (bsc#1051510). - r8152: get default setting of WOL before initializing (bsc#1051510). - random: move FIPS continuous test to output functions (bsc#1155334). - RDMA/bnxt_re: Avoid freeing MR resources if dereg fails (bsc#1050244). - RDMA/hns: Prevent memory leaks of eq->buf_list (bsc#1104427 ). - regulator: Fix return value of _set_load() stub (bsc#1051510). - regulator: rk808: Lower log level on optional GPIOs being not available (bsc#1051510). - regulator: rn5t618: fix module aliases (bsc#1051510). - regulator: tps65910: fix a missing check of return value (bsc#1051510). - reiserfs: Fix memory leak of journal device string (bsc#1163867). - reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling (bsc#1163869). - reset: fix reset_control_ops kerneldoc comment (bsc#1051510). - resource: fix locking in find_next_iomem_res() (bsc#1114279). - rpm/kabi.pl: support new (>=5.4) Module.symvers format (new symbol namespace field) - rpm/kernel-binary.spec.in: Replace Novell with SUSE - rpm/kernel-subpackage-spec: Exclude kernel-firmware recommends (bsc#1143959) For reducing the dependency on kernel-firmware in sub packages - rpm/kernel-subpackage-spec: Fix empty Recommends tag (bsc#1143959) - rpm/kernel-subpackage-spec: fix kernel-default-base build There were some issues with recent changes to subpackage dependencies handling: - rpm/kernel-subpackage-spec: Unify dependency handling. - rpm/modules.fips: update module list (bsc#1157853) - rsi_91x_usb: fix interface sanity check (git-fixes). - rt2800: remove errornous duplicate condition (git-fixes). - rtc: cmos: Stop using shared IRQ (bsc#1051510). - rtc: dt-binding: abx80x: fix resistance scale (bsc#1051510). - rtc: hym8563: Return -EINVAL if the time is known to be invalid (bsc#1051510). - rtc: max8997: Fix the returned value in case of error in 'max8997_rtc_read_alarm()' (bsc#1051510). - rtc: msm6242: Fix reading of 10-hour digit (bsc#1051510). - rtc: pcf8523: set xtal load capacitance from DT (bsc#1051510). - rtc: s35390a: Change buf's type to u8 in s35390a_init (bsc#1051510). - rtl818x: fix potential use after free (bsc#1051510). - rtl8xxxu: fix interface sanity check (git-fixes). - rtlwifi: Fix MAX MPDU of VHT capability (git-fixes). - rtlwifi: Remove redundant semicolon in wifi.h (git-fixes). - s390/ftrace: generate traced function stack frame (jsc#SLE-11178 jsc#SLE-11179). - s390/ftrace: save traced function caller (jsc#SLE-11179). - s390/ftrace: use HAVE_FUNCTION_GRAPH_RET_ADDR_PTR (jsc#SLE-11179). - s390/head64: correct init_task stack setup (jsc#SLE-11179). - s390/kasan: avoid false positives during stack unwind (jsc#SLE-11179). - s390/kasan: avoid report in get_wchan (jsc#SLE-11179). - s390/livepatch: Implement reliable stack tracing for the consistency model (jsc#SLE-11179). - s390/mm: properly clear _PAGE_NOEXEC bit when it is not supported (bsc#1051510). - s390/process: avoid custom stack unwinding in get_wchan (jsc#SLE-11179). - s390/qeth: clean up page frag creation (git-fixes). - s390/qeth: consolidate skb allocation (git-fixes). - s390/qeth: ensure linear access to packet headers (git-fixes). - s390/qeth: guard against runt packets (git-fixes). - s390/stacktrace: use common arch_stack_walk infrastructure (jsc#SLE-11179). - s390/suspend: fix stack setup in swsusp_arch_suspend (jsc#SLE-11179). - s390/test_unwind: print verbose unwinding results (jsc#SLE-11179). - s390/unwind: add stack pointer alignment sanity checks (jsc#SLE-11179). - s390/unwind: always inline get_stack_pointer (jsc#SLE-11179). - s390/unwind: avoid int overflow in outside_of_stack (jsc#SLE-11179). - s390/unwind: cleanup unused READ_ONCE_TASK_STACK (jsc#SLE-11179). - s390/unwind: correct stack switching during unwind (jsc#SLE-11179). - s390/unwind: drop unnecessary code around calling ftrace_graph_ret_addr() (jsc#SLE-11179). - s390/unwind: filter out unreliable bogus %r14 (jsc#SLE-11179). - s390/unwind: fix get_stack_pointer(NULL, NULL) (jsc#SLE-11179). - s390/unwind: fix mixing regs and sp (jsc#SLE-11179). - s390/unwind: introduce stack unwind API (jsc#SLE-11179). - s390/unwind: make reuse_sp default when unwinding pt_regs (jsc#SLE-11179). - s390/unwind: remove stack recursion warning (jsc#SLE-11179). - s390/unwind: report an error if pt_regs are not on stack (jsc#SLE-11179). - s390/unwind: start unwinding from reliable state (jsc#SLE-11179). - s390/unwind: stop gracefully at task pt_regs (jsc#SLE-11179). - s390/unwind: stop gracefully at user mode pt_regs in irq stack (jsc#SLE-11179). - s390/unwind: unify task is current checks (jsc#SLE-11179). - s390: add stack switch helper (jsc#SLE-11179). - s390: add support for virtually mapped kernel stacks (jsc#SLE-11179). - s390: always inline current_stack_pointer() (jsc#SLE-11179). - s390: always inline disabled_wait (jsc#SLE-11179). - s390: avoid misusing CALL_ON_STACK for task stack setup (jsc#SLE-11179). - s390: clean up stacks setup (jsc#SLE-11179). - s390: correct CALL_ON_STACK back_chain saving (jsc#SLE-11179). - s390: disable preemption when switching to nodat stack with CALL_ON_STACK (jsc#SLE-11179). - s390: fine-tune stack switch helper (jsc#SLE-11179). - s390: fix register clobbering in CALL_ON_STACK (jsc#SLE-11179). - s390: kabi workaround for ftrace_ret_stack (jsc#SLE-11179). - s390: kabi workaround for lowcore changes due to vmap stack (jsc#SLE-11179). - s390: kabi workaround for reliable stack tracing (jsc#SLE-11179). - s390: preserve kabi for stack unwind API (jsc#SLE-11179). - s390: unify stack size definitions (jsc#SLE-11179). - sched/fair: Add tmp_alone_branch assertion (bnc#1156462). - sched/fair: Fix insertion in rq->leaf_cfs_rq_list (bnc#1156462). - sched/fair: Fix O(nr_cgroups) in the load balancing path (bnc#1156462). - sched/fair: Optimize update_blocked_averages() (bnc#1156462). - sched/fair: WARN() and refuse to set buddy when !se->on_rq (bsc#1158132). - scsi: qla2xxx: Add a shadow variable to hold disc_state history of fcport (bsc#1158013). - scsi: qla2xxx: Add D-Port Diagnostic reason explanation logs (bsc#1158013). - scsi: qla2xxx: Added support for MPI and PEP regions for ISP28XX (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548). - scsi: qla2xxx: Cleanup unused async_logout_done (bsc#1158013). - scsi: qla2xxx: Consolidate fabric scan (bsc#1158013). - scsi: qla2xxx: Correct fcport flags handling (bsc#1158013). - scsi: qla2xxx: Correctly retrieve and interpret active flash region (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548). - scsi: qla2xxx: Fix a NULL pointer dereference in an error path (bsc#1157966 bsc#1158013 bsc#1157424). - scsi: qla2xxx: Fix fabric scan hang (bsc#1158013). - scsi: qla2xxx: Fix incorrect SFUB length used for Secure Flash Update MB Cmd (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548). - scsi: qla2xxx: Fix mtcp dump collection failure (bsc#1158013). - scsi: qla2xxx: Fix RIDA Format-2 (bsc#1158013). - scsi: qla2xxx: Fix stuck login session using prli_pend_timer (bsc#1158013). - scsi: qla2xxx: Fix stuck session in GNL (bsc#1158013). - scsi: qla2xxx: Fix the endianness of the qla82xx_get_fw_size() return type (bsc#1158013). - scsi: qla2xxx: Fix unbound NVME response length (bsc#1157966 bsc#1158013 bsc#1157424). - scsi: qla2xxx: Fix update_fcport for current_topology (bsc#1158013). - scsi: qla2xxx: Improve readability of the code that handles qla_flt_header (bsc#1158013). - scsi: qla2xxx: Remove defer flag to indicate immeadiate port loss (bsc#1158013). - scsi: qla2xxx: Update driver version to 10.01.00.22-k (bsc#1158013). - scsi: qla2xxx: Use common routine to free fcport struct (bsc#1158013). - scsi: qla2xxx: Use get_unaligned_*() instead of open-coding these functions (bsc#1158013). - scsi: zfcp: trace channel log even for FCP command responses (git-fixes). - sctp: cache netns in sctp_ep_common (networking-stable-19_12_03). - sctp: fully initialize v4 addr in some functions (networking-stable-19_12_28). - serial: 8250_bcm2835aux: Fix line mismatch on driver unbind (bsc#1051510). - serial: ifx6x60: add missed pm_runtime_disable (bsc#1051510). - serial: max310x: Fix tx_empty() callback (bsc#1051510). - serial: pl011: Fix DMA ->flush_buffer() (bsc#1051510). - serial: serial_core: Perform NULL checks for break_ctl ops (bsc#1051510). - serial: stm32: fix transmit_chars when tx is stopped (bsc#1051510). - sfc: Only cancel the PPS workqueue if it exists (networking-stable-19_11_25). - sh_eth: check sh_eth_cpu_data::dual_port when dumping registers (bsc#1051510). - sh_eth: fix dumping ARSTR (bsc#1051510). - sh_eth: fix invalid context bug while calling auto-negotiation by ethtool (bsc#1051510). - sh_eth: fix invalid context bug while changing link options by ethtool (bsc#1051510). - sh_eth: fix TSU init on SH7734/R8A7740 (bsc#1051510). - sh_eth: fix TXALCR1 offsets (bsc#1051510). - sh_eth: TSU_QTAG0/1 registers the same as TSU_QTAGM0/1 (bsc#1051510). - smb3: Fix crash in SMB2_open_init due to uninitialized field in compounding path (bsc#1144333). - smb3: Fix persistent handles reconnect (bsc#1144333). - smb3: fix refcount underflow warning on unmount when no directory leases (bsc#1144333). - smb3: remove confusing dmesg when mounting with encryption ('seal') (bsc#1144333). - soc/tegra: fuse: Correct straps' address for older Tegra124 device trees (bsc#1051510). - soc: renesas: rcar-sysc: Add goto to of_node_put() before return (bsc#1051510). - soc: ti: wkup_m3_ipc: Fix race condition with rproc_boot (bsc#1051510). - spi: omap2-mcspi: Fix DMA and FIFO event trigger size mismatch (bsc#1051510). - spi: omap2-mcspi: Set FIFO DMA trigger level to word length (bsc#1051510). - spi: tegra114: clear packed bit for unpacked mode (bsc#1051510). - spi: tegra114: configure dma burst size to fifo trig level (bsc#1051510). - spi: tegra114: fix for unpacked mode transfers (bsc#1051510). - spi: tegra114: flush fifos (bsc#1051510). - spi: tegra114: terminate dma and reset on transfer timeout (bsc#1051510). - sr_vendor: support Beurer GL50 evo CD-on-a-chip devices (boo#1164632). - stacktrace: Do not skip first entry on noncurrent tasks (jsc#SLE-11179). - stacktrace: Force USER_DS for stack_trace_save_user() (jsc#SLE-11179). - stacktrace: Get rid of unneeded '!!' pattern (jsc#SLE-11179). - stacktrace: Provide common infrastructure (jsc#SLE-11179). - stacktrace: Provide helpers for common stack trace operations (jsc#SLE-11179). - stacktrace: Unbreak stack_trace_save_tsk_reliable() (jsc#SLE-11179). - stacktrace: Use PF_KTHREAD to check for kernel threads (jsc#SLE-11179). - staging: comedi: adv_pci1710: fix AI channels 16-31 for PCI-1713 (bsc#1051510). - staging: iio: adt7316: Fix i2c data reading, set the data field (bsc#1051510). - staging: rtl8188eu: fix interface sanity check (bsc#1051510). - staging: rtl8192e: fix potential use after free (bsc#1051510). - staging: rtl8723bs: Add 024c:0525 to the list of SDIO device-ids (bsc#1051510). - staging: rtl8723bs: Drop ACPI device ids (bsc#1051510). - staging: vt6656: correct packet types for CTS protect, mode (bsc#1051510). - staging: vt6656: Fix false Tx excessive retries reporting (bsc#1051510). - staging: vt6656: use NULLFUCTION stack on mac80211 (bsc#1051510). - staging: wlan-ng: ensure error return is actually returned (bsc#1051510). - stm class: Fix a double free of stm_source_device (bsc#1051510). - stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock (bsc#1088810, bsc#1161702). - stop_machine: Atomically queue and wake stopper threads (bsc#1088810, bsc#1161702). - stop_machine: Disable preemption after queueing stopper threads (bsc#1088810, bsc#1161702). - stop_machine: Disable preemption when waking two stopper threads (bsc#1088810, bsc#1161702). - supported.conf: - synclink_gt(): fix compat_ioctl() (bsc#1051510). - tcp: clear tp->packets_out when purging write queue (bsc#1160560). - tcp: do not send empty skb from tcp_write_xmit() (networking-stable-20_01_01). - tcp: exit if nothing to retransmit on RTO timeout (bsc#1160560, stable 4.14.159). - tcp: md5: fix potential overestimation of TCP option space (networking-stable-19_12_16). - tcp_nv: fix potential integer overflow in tcpnv_acked (bsc#1051510). - thermal: Fix deadlock in thermal thermal_zone_device_check (bsc#1051510). - tipc: Avoid copying bytes beyond the supplied data (bsc#1051510). - tipc: check bearer name with right length in tipc_nl_compat_bearer_enable (bsc#1051510). - tipc: check link name with right length in tipc_nl_compat_link_set (bsc#1051510). - tipc: check msg->req data len in tipc_nl_compat_bearer_disable (bsc#1051510). - tipc: compat: allow tipc commands without arguments (bsc#1051510). - tipc: fix a missing check of genlmsg_put (bsc#1051510). - tipc: fix link name length check (bsc#1051510). - tipc: fix memory leak in tipc_nl_compat_publ_dump (bsc#1051510). - tipc: fix skb may be leaky in tipc_link_input (bsc#1051510). - tipc: fix tipc_mon_delete() oops in tipc_enable_bearer() error path (bsc#1051510). - tipc: fix wrong timeout input for tipc_wait_for_cond() (bsc#1051510). - tipc: handle the err returned from cmd header function (bsc#1051510). - tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb (bsc#1051510). - tipc: tipc clang warning (bsc#1051510). - tracing: Annotate ftrace_graph_hash pointer with __rcu (git-fixes). - tracing: Annotate ftrace_graph_notrace_hash pointer with __rcu (git-fixes). - tracing: Cleanup stack trace code (jsc#SLE-11179). - tracing: Fix tracing_stat return values in error handling paths (git-fixes). - tracing: Fix very unlikely race of registering two stat tracers (git-fixes). - tracing: Have the histogram compare functions convert to u64 first (bsc#1160210). - tracing: xen: Ordered comparison of function pointers (git-fixes). - tty/serial: atmel: Add is_half_duplex helper (bsc#1051510). - tty: n_hdlc: fix build on SPARC (bsc#1051510). - tty: serial: fsl_lpuart: use the sg count from dma_map_sg (bsc#1051510). - tty: serial: imx: use the sg count from dma_map_sg (bsc#1051510). - tty: serial: msm_serial: Fix flow control (bsc#1051510). - tty: serial: msm_serial: Fix lockup for sysrq and oops (bsc#1051510). - tty: serial: pch_uart: correct usage of dma_unmap_sg (bsc#1051510). - tty: vt: keyboard: reject invalid keycodes (bsc#1051510). - uaccess: Add non-pagefault user-space write function (bsc#1083647). - ubifs: Correctly initialize c->min_log_bytes (bsc#1158641). - ubifs: do not trigger assertion on invalid no-key filename (bsc#1163850). - ubifs: Fix deadlock in concurrent bulk-read and writepage (bsc#1163856). - ubifs: Fix FS_IOC_SETFLAGS unexpectedly clearing encrypt flag (bsc#1163855). - ubifs: Limit the number of pages in shrink_liability (bsc#1158643). - ubifs: Reject unsupported ioctl flags explicitly (bsc#1163844). - udp: fix integer overflow while computing available space in sk_rcvbuf (networking-stable-20_01_01). - usb-storage: Disable UAS on JMicron SATA enclosure (bsc#1051510). - usb: adutux: fix interface sanity check (bsc#1051510). - usb: Allow USB device to be warm reset in suspended state (bsc#1051510). - usb: atm: ueagle-atm: add missing endpoint check (bsc#1051510). - usb: chipidea: host: Disable port power only if previously enabled (bsc#1051510). - usb: core: fix check for duplicate endpoints (git-fixes). - usb: core: hub: Improved device recognition on remote wakeup (bsc#1051510). - usb: core: urb: fix URB structure initialization function (bsc#1051510). - usb: documentation: flags on usb-storage versus UAS (bsc#1051510). - usb: dwc3: debugfs: Properly print/set link state for HS (bsc#1051510). - usb: dwc3: do not log probe deferrals; but do log other error codes (bsc#1051510). - usb: dwc3: ep0: Clear started flag on completion (bsc#1051510). - usb: dwc3: turn off VBUS when leaving host mode (bsc#1051510). - usb: EHCI: Do not return -EPIPE when hub is disconnected (git-fixes). - usb: gadget: f_ecm: Use atomic_t to track in-flight request (bsc#1051510). - usb: gadget: f_ncm: Use atomic_t to track in-flight request (bsc#1051510). - usb: gadget: legacy: set max_speed to super-speed (bsc#1051510). - usb: gadget: pch_udc: fix use after free (bsc#1051510). - usb: gadget: u_serial: add missing port entry locking (bsc#1051510). - usb: gadget: Zero ffs_io_data (bsc#1051510). - usb: host: xhci-hub: fix extra endianness conversion (bsc#1051510). - usb: idmouse: fix interface sanity checks (bsc#1051510). - usb: misc: appledisplay: fix backlight update_status return code (bsc#1051510). - usb: mon: Fix a deadlock in usbmon between mmap and read (bsc#1051510). - usb: mtu3: fix dbginfo in qmu_tx_zlp_error_handler (bsc#1051510). - usb: musb: dma: Correct parameter passed to IRQ handler (bsc#1051510). - usb: musb: fix idling for suspend after disconnect interrupt (bsc#1051510). - usb: serial: ch341: handle unbound port at reset_resume (bsc#1051510). - usb: serial: ftdi_sio: add device IDs for U-Blox C099-F9P (bsc#1051510). - usb: serial: io_edgeport: add missing active-port sanity check (bsc#1051510). - usb: serial: io_edgeport: fix epic endpoint lookup (bsc#1051510). - usb: serial: io_edgeport: handle unbound ports on URB completion (bsc#1051510). - usb: serial: io_edgeport: use irqsave() in USB's complete callback (bsc#1051510). - usb: serial: ir-usb: add missing endpoint sanity check (bsc#1051510). - usb: serial: ir-usb: fix IrLAP framing (bsc#1051510). - usb: serial: ir-usb: fix link-speed handling (bsc#1051510). - usb: serial: keyspan: handle unbound ports (bsc#1051510). - usb: serial: opticon: fix control-message timeouts (bsc#1051510). - usb: serial: option: Add support for Quectel RM500Q (bsc#1051510). - usb: serial: option: add support for Quectel RM500Q in QDL mode (git-fixes). - usb: serial: option: add Telit ME910G1 0x110a composition (git-fixes). - usb: serial: option: add ZLP support for 0x1bc7/0x9010 (git-fixes). - usb: serial: quatech2: handle unbound ports (bsc#1051510). - usb: serial: simple: Add Motorola Solutions TETRA MTP3xxx and MTP85xx (bsc#1051510). - usb: serial: suppress driver bind attributes (bsc#1051510). - usb: typec: tcpci: mask event interrupts when remove driver (bsc#1051510). - usb: uas: heed CAPACITY_HEURISTICS (bsc#1051510). - usb: uas: honor flag to avoid CAPACITY16 (bsc#1051510). - usb: xhci: Fix build warning seen with CONFIG_PM=n (bsc#1051510). - usb: xhci: only set D3hot for pci device (bsc#1051510). - usbip: Fix error path of vhci_recv_ret_submit() (git-fixes). - usbip: Fix receive error in vhci-hcd when using scatter-gather (bsc#1051510). - vfs: fix preadv64v2 and pwritev64v2 compat syscalls with offset == -1 (bsc#1051510). - vhost/vsock: accept only packets with the right dst_cid (networking-stable-20_01_01). - video: backlight: Add devres versions of of_find_backlight (bsc#1090888) Taken for 6010831dde5. - video: backlight: Add of_find_backlight helper in backlight.c (bsc#1090888) Taken for 6010831dde5. - vsock/virtio: fix sock refcnt holding during the shutdown (git-fixes). - watchdog: max77620_wdt: fix potential build errors (bsc#1051510). - watchdog: rn5t618_wdt: fix module aliases (bsc#1051510). - watchdog: sama5d4: fix WDD value to be always set to max (bsc#1051510). - watchdog: wdat_wdt: fix get_timeleft call for wdat_wdt (bsc#1162557). - wireless: fix enabling channel 12 for custom regulatory domain (bsc#1051510). - wireless: wext: avoid gcc -O3 warning (bsc#1051510). - workqueue: Fix pwq ref leak in rescuer_thread() (bsc#1160211). - x86/cpu: Update cached HLE state on write to TSX_CTRL_CPUID_CLEAR (bsc#1162619). - x86/intel_rdt: Split resource group removal in two (bsc#1112178). - x86/kgbd: Use NMI_VECTOR not APIC_DM_NMI (bsc#1114279). - x86/mce/AMD: Allow any CPU to initialize the smca_banks array (bsc#1114279). - x86/MCE/AMD: Allow Reserved types to be overwritten in smca_banks (bsc#1114279). - x86/MCE/AMD: Do not use rdmsr_safe_on_cpu() in smca_configure() (bsc#1114279). - x86/mce: Fix possibly incorrect severity calculation on AMD (bsc#1114279). - x86/resctrl: Check monitoring static key in the MBM overflow handler (bsc#1114279). - x86/resctrl: Fix a deadlock due to inaccurate reference (bsc#1112178). - x86/resctrl: Fix an imbalance in domain_remove_cpu() (bsc#1114279). - x86/resctrl: Fix potential memory leak (bsc#1114279). - x86/resctrl: Fix use-after-free due to inaccurate refcount of rdtgroup (bsc#1112178). - x86/resctrl: Fix use-after-free when deleting resource groups (bsc#1114279). - x86/speculation: Fix incorrect MDS/TAA mitigation status (bsc#1114279). - x86/speculation: Fix redundant MDS mitigation message (bsc#1114279). - xen-blkfront: switch kcalloc to kvcalloc for large array allocation (bsc#1160917). - xen/balloon: Support xend-based toolstack take two (bsc#1065600). - xen/blkback: Avoid unmapping unmapped grant pages (bsc#1065600). - xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk (bsc#1065600). - xen: Enable interrupts when calling _cond_resched() (bsc#1065600). - xfrm: Fix transport mode skb control buffer usage (bsc#1161552). - xfs: Fix tail rounding in xfs_alloc_file_space() (bsc#1161087, bsc#1153917). - xfs: Sanity check flags of Q_XQUOTARM call (bsc#1158652). - xhci: Fix memory leak in xhci_add_in_port() (bsc#1051510). - xhci: fix USB3 device initiated resume race with roothub autosuspend (bsc#1051510). - xhci: handle some XHCI_TRUST_TX_LENGTH quirks cases as default behaviour (bsc#1051510). - xhci: Increase STS_HALT timeout in xhci_suspend() (bsc#1051510). - xhci: make sure interrupts are restored to correct state (bsc#1051510). - zd1211rw: fix storage endpoint lookup (git-fixes). Important SUSE bug 1046303 SUSE bug 1050244 SUSE bug 1051510 SUSE bug 1051858 SUSE bug 1061840 SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1071995 SUSE bug 1083647 SUSE bug 1085030 SUSE bug 1086301 SUSE bug 1086313 SUSE bug 1086314 SUSE bug 1088810 SUSE bug 1090888 SUSE bug 1104427 SUSE bug 1105392 SUSE bug 1111666 SUSE bug 1112178 SUSE bug 1112504 SUSE bug 1114279 SUSE bug 1115026 SUSE bug 1118338 SUSE bug 1120853 SUSE bug 1123328 SUSE bug 1127371 SUSE bug 1133021 SUSE bug 1133147 SUSE bug 1134973 SUSE bug 1140025 SUSE bug 1141054 SUSE bug 1142095 SUSE bug 1143959 SUSE bug 1144333 SUSE bug 1146519 SUSE bug 1146544 SUSE bug 1151548 SUSE bug 1151910 SUSE bug 1151927 SUSE bug 1152631 SUSE bug 1153917 SUSE bug 1154243 SUSE bug 1155331 SUSE bug 1155334 SUSE bug 1155689 SUSE bug 1156259 SUSE bug 1156286 SUSE bug 1156462 SUSE bug 1157155 SUSE bug 1157157 SUSE bug 1157169 SUSE bug 1157303 SUSE bug 1157424 SUSE bug 1157692 SUSE bug 1157853 SUSE bug 1157908 SUSE bug 1157966 SUSE bug 1158013 SUSE bug 1158021 SUSE bug 1158026 SUSE bug 1158094 SUSE bug 1158132 SUSE bug 1158381 SUSE bug 1158394 SUSE bug 1158398 SUSE bug 1158407 SUSE bug 1158410 SUSE bug 1158413 SUSE bug 1158417 SUSE bug 1158427 SUSE bug 1158445 SUSE bug 1158533 SUSE bug 1158637 SUSE bug 1158638 SUSE bug 1158639 SUSE bug 1158640 SUSE bug 1158641 SUSE bug 1158643 SUSE bug 1158644 SUSE bug 1158645 SUSE bug 1158646 SUSE bug 1158647 SUSE bug 1158649 SUSE bug 1158651 SUSE bug 1158652 SUSE bug 1158819 SUSE bug 1158823 SUSE bug 1158824 SUSE bug 1158827 SUSE bug 1158834 SUSE bug 1158893 SUSE bug 1158900 SUSE bug 1158903 SUSE bug 1158904 SUSE bug 1158954 SUSE bug 1159024 SUSE bug 1159028 SUSE bug 1159271 SUSE bug 1159297 SUSE bug 1159394 SUSE bug 1159483 SUSE bug 1159484 SUSE bug 1159569 SUSE bug 1159588 SUSE bug 1159841 SUSE bug 1159908 SUSE bug 1159909 SUSE bug 1159910 SUSE bug 1159911 SUSE bug 1159955 SUSE bug 1160195 SUSE bug 1160210 SUSE bug 1160211 SUSE bug 1160218 SUSE bug 1160433 SUSE bug 1160442 SUSE bug 1160476 SUSE bug 1160560 SUSE bug 1160755 SUSE bug 1160756 SUSE bug 1160784 SUSE bug 1160787 SUSE bug 1160802 SUSE bug 1160803 SUSE bug 1160804 SUSE bug 1160917 SUSE bug 1160966 SUSE bug 1160979 SUSE bug 1161087 SUSE bug 1161360 SUSE bug 1161514 SUSE bug 1161518 SUSE bug 1161522 SUSE bug 1161523 SUSE bug 1161549 SUSE bug 1161552 SUSE bug 1161674 SUSE bug 1161702 SUSE bug 1161875 SUSE bug 1161907 SUSE bug 1161931 SUSE bug 1161933 SUSE bug 1161934 SUSE bug 1161935 SUSE bug 1161936 SUSE bug 1161937 SUSE bug 1162028 SUSE bug 1162067 SUSE bug 1162109 SUSE bug 1162139 SUSE bug 1162557 SUSE bug 1162617 SUSE bug 1162618 SUSE bug 1162619 SUSE bug 1162623 SUSE bug 1162928 SUSE bug 1162943 SUSE bug 1163383 SUSE bug 1163384 SUSE bug 1163762 SUSE bug 1163774 SUSE bug 1163836 SUSE bug 1163840 SUSE bug 1163841 SUSE bug 1163842 SUSE bug 1163843 SUSE bug 1163844 SUSE bug 1163845 SUSE bug 1163846 SUSE bug 1163849 SUSE bug 1163850 SUSE bug 1163851 SUSE bug 1163852 SUSE bug 1163853 SUSE bug 1163855 SUSE bug 1163856 SUSE bug 1163857 SUSE bug 1163858 SUSE bug 1163859 SUSE bug 1163860 SUSE bug 1163861 SUSE bug 1163862 SUSE bug 1163863 SUSE bug 1163867 SUSE bug 1163869 SUSE bug 1163880 SUSE bug 1163971 SUSE bug 1164069 SUSE bug 1164098 SUSE bug 1164115 SUSE bug 1164314 SUSE bug 1164315 SUSE bug 1164388 SUSE bug 1164471 SUSE bug 1164632 SUSE bug 1164705 SUSE bug 1164712 SUSE bug 1164727 SUSE bug 1164728 SUSE bug 1164729 SUSE bug 1164730 SUSE bug 1164731 SUSE bug 1164732 SUSE bug 1164733 SUSE bug 1164734 SUSE bug 1164735 CVE-2019-14615 CVE-2019-14896 CVE-2019-14897 CVE-2019-15213 CVE-2019-16994 CVE-2019-18808 CVE-2019-19036 CVE-2019-19045 CVE-2019-19051 CVE-2019-19054 CVE-2019-19066 CVE-2019-19318 CVE-2019-19319 CVE-2019-19332 CVE-2019-19338 CVE-2019-19447 CVE-2019-19523 CVE-2019-19524 CVE-2019-19525 CVE-2019-19526 CVE-2019-19527 CVE-2019-19528 CVE-2019-19529 CVE-2019-19530 CVE-2019-19531 CVE-2019-19532 CVE-2019-19533 CVE-2019-19534 CVE-2019-19535 CVE-2019-19536 CVE-2019-19537 CVE-2019-19543 CVE-2019-19767 CVE-2019-19965 CVE-2019-19966 CVE-2019-20054 CVE-2019-20095 CVE-2019-20096 CVE-2020-2732 CVE-2020-7053 CVE-2020-8428 CVE-2020-8648 CVE-2020-8992 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for gimp fixes the following issues: - Fix for crashing due to segmentation fault caused by importing ghostscript files. (bsc#1161998) Security issues fixed: - CVE-2017-17785: Fixed an heap-based buffer overflow in FLI import (bsc#1073625) - CVE-2017-17786: Fixed an out-of-bounds read in TGA (bsc#1073626) - CVE-2017-17788: Fixed an out-of-bounds read in XCF (bsc#1073629) Moderate SUSE bug 1073625 SUSE bug 1073626 SUSE bug 1073629 SUSE bug 1161998 CVE-2017-17785 CVE-2017-17786 CVE-2017-17788 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SP4 This update for gd fixes the following issues: - CVE-2017-7890: Fixed a buffer over-read into uninitialized memory (bsc#1050241). - CVE-2018-14553: Fixed a null pointer dereference in gdImageClone() (bsc#1165471). - CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm() (bsc#1140120). Moderate SUSE bug 1050241 SUSE bug 1140120 SUSE bug 1165471 CVE-2017-7890 CVE-2018-14553 CVE-2019-11038 cpe:/o:suse:sle-we:12:sp4 cpe:/o:suse:sled:12:sp4 cpe:/o:suse:sles:12:sp4 cpe:/o:suse:sles_sap:12:sp4